From bb649180be12fbf874f1e4861da6cd8bcc6e0081 Mon Sep 17 00:00:00 2001 From: Niels Hofmans Date: Tue, 26 May 2020 10:36:56 +0200 Subject: [PATCH] fix: ran make update --- filebeat/docs/fields.asciidoc | 44938 ++++++++++++---- filebeat/docs/inputs/input-aws-s3.asciidoc | 152 + .../docs/inputs/input-azure-eventhub.asciidoc | 74 + .../docs/inputs/input-cloudfoundry.asciidoc | 93 + .../docs/inputs/input-google-pubsub.asciidoc | 98 + filebeat/docs/inputs/input-httpjson.asciidoc | 167 + filebeat/docs/inputs/input-netflow.asciidoc | 126 + filebeat/docs/inputs/input-o365audit.asciidoc | 138 + filebeat/docs/modules/cef.asciidoc | 6 - filebeat/docs/modules/googlecloud.asciidoc | 6 +- filebeat/filebeat.reference.yml | 663 + filebeat/include/list.go | 28 + .../azureeventhub_integration_test.go | 119 + filebeat/input/azureeventhub/config.go | 41 + filebeat/input/azureeventhub/eph.go | 100 + filebeat/input/azureeventhub/eph_test.go | 44 + .../azureeventhub/file_persister_test.go | 46 + filebeat/input/azureeventhub/input.go | 223 + filebeat/input/azureeventhub/input_test.go | 120 + filebeat/input/cloudfoundry/input.go | 120 + filebeat/input/googlepubsub/_meta/Dockerfile | 32 + .../googlepubsub/_meta/docker-compose.yml | 7 + filebeat/input/googlepubsub/config.go | 69 + filebeat/input/googlepubsub/config_test.go | 34 + filebeat/input/googlepubsub/input.go | 240 + filebeat/input/googlepubsub/pubsub_test.go | 470 + .../input/googlepubsub/testdata/fake.json | 12 + filebeat/input/httpjson/config.go | 95 + filebeat/input/httpjson/httpjson_test.go | 488 + filebeat/input/httpjson/input.go | 469 + .../input/netflow/_meta/fields.header.yml | 44 + filebeat/input/netflow/_meta/fields.yml | 1383 + .../filebeat-network-flows-top-n.json | 869 + filebeat/input/netflow/case.go | 93 + filebeat/input/netflow/case_test.go | 36 + filebeat/input/netflow/config.go | 39 + filebeat/input/netflow/convert.go | 482 + filebeat/input/netflow/decoder/atomic/bool.go | 30 + .../input/netflow/decoder/config/config.go | 111 + filebeat/input/netflow/decoder/decoder.go | 110 + filebeat/input/netflow/decoder/doc.go | 61 + .../decoder/examples/go-netflow-example.go | 71 + .../input/netflow/decoder/fields/assorted.csv | 514 + .../netflow/decoder/fields/cert_pen6871.csv | 98 + .../input/netflow/decoder/fields/cisco.csv | 292 + filebeat/input/netflow/decoder/fields/doc.go | 11 + .../input/netflow/decoder/fields/field.go | 39 + .../netflow/decoder/fields/field_test.go | 58 + filebeat/input/netflow/decoder/fields/gen.go | 185 + .../fields/ipfix-information-elements.csv | 3661 ++ .../input/netflow/decoder/fields/types.go | 382 + .../netflow/decoder/fields/types_test.go | 1129 + .../decoder/fields/zfields_assorted.go | 518 + .../netflow/decoder/fields/zfields_cert.go | 115 + .../netflow/decoder/fields/zfields_cisco.go | 309 + .../netflow/decoder/fields/zfields_ipfix.go | 475 + filebeat/input/netflow/decoder/include.go | 18 + .../input/netflow/decoder/ipfix/decoder.go | 115 + .../netflow/decoder/ipfix/decoder_test.go | 348 + filebeat/input/netflow/decoder/ipfix/ipfix.go | 44 + .../input/netflow/decoder/ipfix/ipfix_test.go | 235 + .../netflow/decoder/protocol/protocol.go | 34 + .../netflow/decoder/protocol/registry.go | 52 + .../netflow/decoder/protocol/registry_test.go | 104 + .../input/netflow/decoder/record/record.go | 103 + .../netflow/decoder/template/template.go | 135 + .../netflow/decoder/template/template_test.go | 645 + .../netflow/decoder/template/test_helpers.go | 83 + filebeat/input/netflow/decoder/test/helper.go | 86 + filebeat/input/netflow/decoder/v1/v1.go | 143 + filebeat/input/netflow/decoder/v1/v1_test.go | 122 + filebeat/input/netflow/decoder/v5/v5.go | 110 + filebeat/input/netflow/decoder/v5/v5_test.go | 136 + filebeat/input/netflow/decoder/v6/v6.go | 57 + filebeat/input/netflow/decoder/v6/v6_test.go | 138 + filebeat/input/netflow/decoder/v7/v7.go | 103 + filebeat/input/netflow/decoder/v7/v7_test.go | 136 + filebeat/input/netflow/decoder/v8/v8.go | 400 + filebeat/input/netflow/decoder/v8/v8_test.go | 635 + filebeat/input/netflow/decoder/v9/decoder.go | 232 + .../input/netflow/decoder/v9/decoder_test.go | 358 + filebeat/input/netflow/decoder/v9/session.go | 198 + .../input/netflow/decoder/v9/session_test.go | 274 + filebeat/input/netflow/decoder/v9/v9.go | 142 + filebeat/input/netflow/decoder/v9/v9_test.go | 251 + filebeat/input/netflow/definitions.go | 217 + filebeat/input/netflow/definitions_test.go | 110 + filebeat/input/netflow/doc.go | 7 + filebeat/input/netflow/fields.go | 23 + filebeat/input/netflow/fields_gen.go | 187 + filebeat/input/netflow/input.go | 255 + filebeat/input/netflow/netflow_test.go | 359 + filebeat/input/netflow/testdata/dat/ipfix.dat | Bin 0 -> 788 bytes .../dat/ipfix_test_barracuda_data256.dat | Bin 0 -> 596 bytes ...est_barracuda_extended_uniflow_data256.dat | Bin 0 -> 300 bytes ...test_barracuda_extended_uniflow_tpl256.dat | Bin 0 -> 184 bytes .../testdata/dat/ipfix_test_barracuda_tpl.dat | Bin 0 -> 88 bytes ...est_juniper_mx240_junos151r6s3_data512.dat | Bin 0 -> 80 bytes ...t_juniper_mx240_junos151r6s3_opttpl512.dat | Bin 0 -> 72 bytes .../dat/ipfix_test_mikrotik_data258.dat | Bin 0 -> 1448 bytes .../dat/ipfix_test_mikrotik_data259.dat | Bin 0 -> 1444 bytes .../testdata/dat/ipfix_test_mikrotik_tpl.dat | Bin 0 -> 148 bytes .../dat/ipfix_test_netscaler_data.dat | Bin 0 -> 1409 bytes .../testdata/dat/ipfix_test_netscaler_tpl.dat | Bin 0 -> 1356 bytes .../dat/ipfix_test_nokia_bras_data256.dat | Bin 0 -> 80 bytes .../dat/ipfix_test_nokia_bras_tpl.dat | Bin 0 -> 152 bytes .../dat/ipfix_test_openbsd_pflow_data.dat | Bin 0 -> 1424 bytes .../dat/ipfix_test_openbsd_pflow_tpl.dat | Bin 0 -> 124 bytes .../dat/ipfix_test_procera_data52935.dat | Bin 0 -> 1355 bytes .../dat/ipfix_test_procera_tpl52935.dat | Bin 0 -> 164 bytes .../dat/ipfix_test_viptela_data257.dat | Bin 0 -> 124 bytes .../dat/ipfix_test_viptela_tpl257.dat | Bin 0 -> 124 bytes .../dat/ipfix_test_vmware_vds_data264.dat | Bin 0 -> 92 bytes .../dat/ipfix_test_vmware_vds_data266.dat | Bin 0 -> 164 bytes .../dat/ipfix_test_vmware_vds_data266_267.dat | Bin 0 -> 192 bytes .../dat/ipfix_test_vmware_vds_tpl.dat | Bin 0 -> 1408 bytes .../testdata/dat/ipfix_test_yaf_data45841.dat | Bin 0 -> 102 bytes .../testdata/dat/ipfix_test_yaf_data45873.dat | Bin 0 -> 114 bytes .../testdata/dat/ipfix_test_yaf_data53248.dat | Bin 0 -> 100 bytes .../testdata/dat/ipfix_test_yaf_tpl45841.dat | Bin 0 -> 140 bytes .../dat/ipfix_test_yaf_tpls_option_tpl.dat | Bin 0 -> 1138 bytes .../input/netflow/testdata/dat/netflow5.dat | Bin 0 -> 1728 bytes .../testdata/dat/netflow5_test_invalid01.dat | Bin 0 -> 1464 bytes .../testdata/dat/netflow5_test_invalid02.dat | Bin 0 -> 1464 bytes .../dat/netflow5_test_juniper_mx80.dat | Bin 0 -> 1416 bytes .../testdata/dat/netflow5_test_microtik.dat | Bin 0 -> 1464 bytes .../dat/netflow9_cisco_asr1001x_tpl259.dat | Bin 0 -> 1468 bytes .../netflow9_test_0length_fields_tpl_data.dat | Bin 0 -> 664 bytes .../dat/netflow9_test_cisco_1941K9.dat | Bin 0 -> 1368 bytes .../dat/netflow9_test_cisco_asa_1_data.dat | Bin 0 -> 1452 bytes .../dat/netflow9_test_cisco_asa_1_tpl.dat | Bin 0 -> 1012 bytes .../dat/netflow9_test_cisco_asa_2_data.dat | Bin 0 -> 1388 bytes .../dat/netflow9_test_cisco_asa_2_tpl_26x.dat | Bin 0 -> 1388 bytes .../dat/netflow9_test_cisco_asa_2_tpl_27x.dat | Bin 0 -> 1212 bytes .../dat/netflow9_test_cisco_asr9k_data256.dat | Bin 0 -> 1392 bytes .../dat/netflow9_test_cisco_asr9k_data260.dat | Bin 0 -> 1392 bytes .../netflow9_test_cisco_asr9k_opttpl256.dat | Bin 0 -> 44 bytes .../netflow9_test_cisco_asr9k_opttpl257.dat | Bin 0 -> 52 bytes .../netflow9_test_cisco_asr9k_opttpl334.dat | Bin 0 -> 44 bytes .../dat/netflow9_test_cisco_asr9k_tpl260.dat | Bin 0 -> 120 bytes .../dat/netflow9_test_cisco_asr9k_tpl266.dat | Bin 0 -> 128 bytes .../dat/netflow9_test_cisco_nbar_data262.dat | Bin 0 -> 429 bytes .../netflow9_test_cisco_nbar_opttpl260.dat | Bin 0 -> 1355 bytes .../dat/netflow9_test_cisco_nbar_tpl262.dat | Bin 0 -> 132 bytes .../netflow9_test_cisco_wlc_8510_tpl_262.dat | Bin 0 -> 168 bytes .../dat/netflow9_test_cisco_wlc_data261.dat | Bin 0 -> 1392 bytes .../dat/netflow9_test_cisco_wlc_tpl.dat | Bin 0 -> 92 bytes ...tflow9_test_field_layer2segmentid_data.dat | Bin 0 -> 84 bytes ...etflow9_test_field_layer2segmentid_tpl.dat | Bin 0 -> 96 bytes ...ow9_test_fortigate_fortios_521_data256.dat | Bin 0 -> 60 bytes ...ow9_test_fortigate_fortios_521_data257.dat | Bin 0 -> 76 bytes ...etflow9_test_fortigate_fortios_521_tpl.dat | Bin 0 -> 284 bytes ...ortigate_fortios_542_appid_data258_262.dat | Bin 0 -> 1284 bytes ...fortigate_fortios_542_appid_tpl258-269.dat | Bin 0 -> 1068 bytes .../dat/netflow9_test_h3c_data3281.dat | Bin 0 -> 1364 bytes ..._test_h3c_netstream_varstring_data3281.dat | Bin 0 -> 108 bytes ...9_test_h3c_netstream_varstring_tpl3281.dat | Bin 0 -> 140 bytes .../dat/netflow9_test_h3c_tpl3281.dat | Bin 0 -> 136 bytes .../netflow9_test_huawei_netstream_data.dat | Bin 0 -> 84 bytes .../netflow9_test_huawei_netstream_tpl.dat | Bin 0 -> 128 bytes .../testdata/dat/netflow9_test_invalid01.dat | Bin 0 -> 292 bytes ...tflow_reduced_size_encoding_tpldata260.dat | Bin 0 -> 1364 bytes .../dat/netflow9_test_juniper_srx_tplopt.dat | Bin 0 -> 148 bytes .../dat/netflow9_test_macaddr_data.dat | Bin 0 -> 752 bytes .../dat/netflow9_test_macaddr_tpl.dat | Bin 0 -> 128 bytes .../dat/netflow9_test_nprobe_data.dat | Bin 0 -> 76 bytes .../testdata/dat/netflow9_test_nprobe_dpi.dat | Bin 0 -> 184 bytes .../testdata/dat/netflow9_test_nprobe_tpl.dat | Bin 0 -> 216 bytes ...57_1flowset_in_large_zerofilled_packet.dat | Bin 0 -> 1400 bytes .../netflow9_test_paloalto_81_tpl256-263.dat | Bin 0 -> 712 bytes .../dat/netflow9_test_paloalto_panos_data.dat | Bin 0 -> 1292 bytes .../dat/netflow9_test_paloalto_panos_tpl.dat | Bin 0 -> 740 bytes .../dat/netflow9_test_softflowd_tpl_data.dat | Bin 0 -> 460 bytes .../netflow9_test_streamcore_tpl_data256.dat | Bin 0 -> 896 bytes .../netflow9_test_streamcore_tpl_data260.dat | Bin 0 -> 1316 bytes ...netflow9_test_ubnt_edgerouter_data1024.dat | Bin 0 -> 496 bytes ...netflow9_test_ubnt_edgerouter_data1025.dat | Bin 0 -> 496 bytes .../dat/netflow9_test_ubnt_edgerouter_tpl.dat | Bin 0 -> 372 bytes .../netflow9_test_unknown_tpl266_292_data.dat | Bin 0 -> 320 bytes .../testdata/dat/netflow9_test_valid01.dat | Bin 0 -> 460 bytes .../input/netflow/testdata/dat_tests.yaml | 182 + .../fields/netflow9_cisco_asa_custom.yaml | 28 + ...-extended-uniflow-template-256.golden.json | 167 + .../IPFIX-Barracuda-firewall.golden.json | 557 + ...IPFIX-Mikrotik-RouterOS-6.39.2.golden.json | 2979 + ...ength-fields-missing-templates.golden.json | 3 + ...er-with-variable-length-fields.golden.json | 263 + .../golden/IPFIX-Nokia-BRAS.golden.json | 63 + .../golden/IPFIX-OpenBSD-pflow.golden.json | 1643 + .../testdata/golden/IPFIX-Procera.golden.json | 565 + ...are-virtual-distributed-switch.golden.json | 361 + .../IPFIX-YAF-basic-with-applabel.golden.json | 202 + ...igured-with-include_flowset_id.golden.json | 263 + ...Juniper-MX240-JunOS-15.1-R6-S3.golden.json | 47 + .../IPFIX-vIPtela-with-VPN-id.golden.json | 80 + .../netflow/testdata/golden/IPFIX.golden.json | 845 + ...w-9-Cisco-1941-K9-release-15.1.golden.json | 1948 + .../golden/Netflow-9-Cisco-ASA-2.golden.json | 1327 + .../golden/Netflow-9-Cisco-ASA.golden.json | 999 + ...00-series-options-template-256.golden.json | 651 + ...o-ASR-9000-series-template-260.golden.json | 1601 + .../Netflow-9-Cisco-ASR1001--X.golden.json | 1655 + ...tflow-9-Cisco-NBAR-flowset-262.golden.json | 410 + ...isco-NBAR-options-template-260.golden.json | 530 + ...w-9-Cisco-WLC-8500-release-8.2.golden.json | 3 + .../golden/Netflow-9-Cisco-WLC.golden.json | 1107 + ...flow-9-Fortigate-FortiOS-5.2.1.golden.json | 108 + ...-9-Fortigate-FortiOS-54x-appid.golden.json | 1231 + ...9-H3C-Netstream-with-varstring.golden.json | 85 + .../testdata/golden/Netflow-9-H3C.golden.json | 1269 + .../Netflow-9-Huawei-Netstream.golden.json | 85 + .../golden/Netflow-9-IE150-IE151.golden.json | 137 + ...et-in-large-zero-filled-packet.golden.json | 77 + ...Palo-Alto-PAN--OS-with-app--id.golden.json | 581 + .../golden/Netflow-9-Streamcore.golden.json | 273 + ...ti-Edgerouter-with-MPLS-labels.golden.json | 1205 + ...etflow-9-field-layer2segmentid.golden.json | 76 + .../golden/Netflow-9-invalid-01.golden.json | 3 + ..._netflow-reduced-size-encoding.golden.json | 917 + .../golden/Netflow-9-macaddress.golden.json | 1663 + ...w-9-multiple-netflow-exporters.golden.json | 583 + .../Netflow-9-nprobe-DPI-L7.golden.json | 67 + ...ons-template-with-scope-fields.golden.json | 39 + ...-template-with-0-length-fields.golden.json | 725 + .../golden/Netflow-9-valid-01.golden.json | 477 + ...late-with-0-scope-field-length.golden.json | 37 + .../golden/ipfix_cisco.pcap.golden.json | 2470 + ...flow9_ubiquiti_edgerouter.pcap.golden.json | 745 + .../golden/ssl_local_example.pcap.golden.json | 4 + .../netflow/testdata/pcap/ipfix_cisco.pcap | Bin 0 -> 4358 bytes .../pcap/netflow9_ubiquiti_edgerouter.pcap | Bin 0 -> 1132 bytes filebeat/input/o365audit/auth/auth.go | 41 + filebeat/input/o365audit/auth/cert.go | 66 + filebeat/input/o365audit/auth/secret.go | 25 + filebeat/input/o365audit/config.go | 221 + filebeat/input/o365audit/contentblob.go | 146 + filebeat/input/o365audit/contentblob_test.go | 149 + filebeat/input/o365audit/dates.go | 107 + filebeat/input/o365audit/input.go | 303 + filebeat/input/o365audit/listblobs.go | 297 + filebeat/input/o365audit/listblobs_test.go | 413 + filebeat/input/o365audit/pagination.go | 65 + filebeat/input/o365audit/poll/poll.go | 268 + filebeat/input/o365audit/schema.go | 66 + filebeat/input/o365audit/state.go | 158 + filebeat/input/o365audit/state_test.go | 105 + filebeat/input/o365audit/subscribe.go | 81 + filebeat/input/s3/_meta/fields.yml | 14 + filebeat/input/s3/_meta/s3-input.asciidoc | 62 + filebeat/input/s3/config.go | 44 + filebeat/input/s3/fields.go | 23 + filebeat/input/s3/ftest/sample1.txt | 2 + filebeat/input/s3/input.go | 661 + filebeat/input/s3/input_test.go | 305 + filebeat/input/s3/s3_integration_test.go | 394 + filebeat/module/activemq/_meta/config.yml | 16 + filebeat/module/activemq/_meta/docs.asciidoc | 73 + filebeat/module/activemq/_meta/fields.yml | 22 + .../Filebeat-activemq-application-events.json | 548 + .../Filebeat-activemq-audit-events.json | 507 + .../module/activemq/audit/_meta/fields.yml | 5 + .../module/activemq/audit/config/audit.yml | 6 + .../module/activemq/audit/ingest/pipeline.yml | 32 + filebeat/module/activemq/audit/manifest.yml | 13 + filebeat/module/activemq/audit/test/audit.log | 4 + .../audit/test/audit.log-expected.json | 62 + filebeat/module/activemq/fields.go | 36 + filebeat/module/activemq/log/_meta/fields.yml | 7 + filebeat/module/activemq/log/config/log.yml | 12 + .../module/activemq/log/ingest/pipeline.yml | 43 + filebeat/module/activemq/log/manifest.yml | 13 + .../module/activemq/log/test/activemq.log | 30 + .../log/test/activemq.log-expected.json | 277 + filebeat/module/activemq/module.yml | 5 + filebeat/module/aws/_meta/config.yml | 204 + filebeat/module/aws/_meta/docs.asciidoc | 233 + filebeat/module/aws/_meta/fields.yml | 11 + .../dashboard/Filebeat-aws-elb-overview.json | 949 + .../Filebeat-aws-s3access-overview.json | 458 + .../Filebeat-aws-vpcflow-overview.json | 659 + .../7/dashboard/filebeat-aws-cloudtrail.json | 876 + filebeat/module/aws/cloudtrail/README.md | 39 + .../aws/cloudtrail/_meta/fields.epr.yml | 45 + .../module/aws/cloudtrail/_meta/fields.yml | 185 + .../module/aws/cloudtrail/config/file.yml | 6 + filebeat/module/aws/cloudtrail/config/s3.yml | 39 + .../module/aws/cloudtrail/ingest/pipeline.yml | 273 + filebeat/module/aws/cloudtrail/manifest.yml | 18 + .../test/add-user-to-group-json.log | 1 + .../add-user-to-group-json.log-expected.json | 36 + .../aws/cloudtrail/test/assume-role-json.log | 1 + .../test/assume-role-json.log-expected.json | 46 + .../cloudtrail/test/change-password-json.log | 2 + .../change-password-json.log-expected.json | 68 + .../cloudtrail/test/console-login-json.log | 3 + .../test/console-login-json.log-expected.json | 124 + .../test/create-access-key-json.log | 1 + .../create-access-key-json.log-expected.json | 41 + .../aws/cloudtrail/test/create-group-json.log | 2 + .../test/create-group-json.log-expected.json | 73 + .../cloudtrail/test/create-key-pair-json.log | 1 + .../create-key-pair-json.log-expected.json | 42 + .../aws/cloudtrail/test/create-trail-json.log | 1 + .../test/create-trail-json.log-expected.json | 39 + .../aws/cloudtrail/test/create-user-json.log | 1 + .../test/create-user-json.log-expected.json | 37 + .../test/create-virtual-mfa-device-json.log | 1 + ...-virtual-mfa-device-json.log-expected.json | 37 + .../test/deactivate-mfa-device-json.log | 1 + ...activate-mfa-device-json.log-expected.json | 40 + .../test/delete-access-key-json.log | 1 + .../delete-access-key-json.log-expected.json | 40 + .../cloudtrail/test/delete-bucket-json.log | 1 + .../test/delete-bucket-json.log-expected.json | 39 + .../aws/cloudtrail/test/delete-group-json.log | 2 + .../test/delete-group-json.log-expected.json | 72 + .../test/delete-ssh-public-key-json.log | 1 + ...lete-ssh-public-key-json.log-expected.json | 40 + .../aws/cloudtrail/test/delete-trail-json.log | 1 + .../test/delete-trail-json.log-expected.json | 36 + .../aws/cloudtrail/test/delete-user-json.log | 1 + .../test/delete-user-json.log-expected.json | 40 + .../test/delete-virtual-mfa-device-json.log | 1 + ...-virtual-mfa-device-json.log-expected.json | 37 + .../test/enable-mfa-device-json.log | 1 + .../enable-mfa-device-json.log-expected.json | 39 + .../test/remove-user-from-group-json.log | 1 + ...ove-user-from-group-json.log-expected.json | 40 + .../cloudtrail/test/start-logging-json.log | 1 + .../test/start-logging-json.log-expected.json | 38 + .../aws/cloudtrail/test/stop-logging-json.log | 1 + .../test/stop-logging-json.log-expected.json | 38 + .../test/update-access-key-json.log | 1 + .../update-access-key-json.log-expected.json | 40 + .../update-accout-password-policy-json.log | 1 + ...out-password-policy-json.log-expected.json | 37 + .../aws/cloudtrail/test/update-group-json.log | 2 + .../test/update-group-json.log-expected.json | 70 + .../test/update-login-profile-json.log | 1 + ...pdate-login-profile-json.log-expected.json | 40 + .../test/update-ssh-public-key-json.log | 2 + ...date-ssh-public-key-json.log-expected.json | 78 + .../aws/cloudtrail/test/update-trail-json.log | 2 + .../test/update-trail-json.log-expected.json | 82 + .../aws/cloudtrail/test/update-user-json.log | 2 + .../test/update-user-json.log-expected.json | 39 + .../test/upload-ssh-public-key-json.log | 1 + ...load-ssh-public-key-json.log-expected.json | 41 + .../module/aws/cloudwatch/_meta/fields.yml | 11 + .../module/aws/cloudwatch/config/file.yml | 6 + filebeat/module/aws/cloudwatch/config/s3.yml | 38 + .../module/aws/cloudwatch/ingest/pipeline.yml | 25 + filebeat/module/aws/cloudwatch/manifest.yml | 18 + .../aws/cloudwatch/test/cloudwatch_ec2.log | 6 + .../test/cloudwatch_ec2.log-expected.json | 68 + filebeat/module/aws/ec2/_meta/fields.epr.yml | 3 + filebeat/module/aws/ec2/_meta/fields.yml | 11 + filebeat/module/aws/ec2/config/file.yml | 6 + filebeat/module/aws/ec2/config/s3.yml | 38 + filebeat/module/aws/ec2/ingest/pipeline.yml | 24 + filebeat/module/aws/ec2/manifest.yml | 18 + filebeat/module/aws/ec2/test/ec2.log | 6 + .../module/aws/ec2/test/ec2.log-expected.json | 78 + filebeat/module/aws/elb/README.md | 64 + filebeat/module/aws/elb/_meta/fields.epr.yml | 78 + filebeat/module/aws/elb/_meta/fields.yml | 102 + .../module/aws/elb/_meta/terraform/.gitignore | 2 + .../module/aws/elb/_meta/terraform/aws.tf | 8 + .../module/aws/elb/_meta/terraform/bucket.tf | 104 + .../module/aws/elb/_meta/terraform/elb.tf | 44 + .../elb/_meta/terraform/install_webserver.sh | 5 + .../aws/elb/_meta/terraform/instance.tf | 37 + filebeat/module/aws/elb/_meta/terraform/lb.tf | 48 + .../aws/elb/_meta/terraform/securitygroup.tf | 21 + .../module/aws/elb/_meta/terraform/tcplb.tf | 48 + .../module/aws/elb/_meta/terraform/vars.tf | 29 + .../module/aws/elb/_meta/terraform/vpc.tf | 31 + filebeat/module/aws/elb/config/file.yml | 6 + filebeat/module/aws/elb/config/s3.yml | 38 + filebeat/module/aws/elb/ingest/pipeline.yml | 207 + filebeat/module/aws/elb/manifest.yml | 22 + .../aws/elb/test/application-lb-http.log | 11 + .../application-lb-http.log-expected.json | 464 + filebeat/module/aws/elb/test/elb-http.log | 6 + .../aws/elb/test/elb-http.log-expected.json | 202 + filebeat/module/aws/elb/test/elb-tcp.log | 6 + .../aws/elb/test/elb-tcp.log-expected.json | 200 + .../module/aws/elb/test/example-alb-http.log | 10 + .../test/example-alb-http.log-expected.json | 345 + filebeat/module/aws/elb/test/example-http.log | 4 + .../elb/test/example-http.log-expected.json | 82 + .../module/aws/elb/test/example-https.log | 2 + .../elb/test/example-https.log-expected.json | 38 + .../module/aws/elb/test/example-nlb-tcp.log | 2 + .../test/example-nlb-tcp.log-expected.json | 43 + filebeat/module/aws/elb/test/example-ssl.log | 2 + .../elb/test/example-ssl.log-expected.json | 31 + filebeat/module/aws/elb/test/example-tcp.log | 3 + .../elb/test/example-tcp.log-expected.json | 45 + filebeat/module/aws/fields.go | 36 + filebeat/module/aws/module.yml | 2 + .../module/aws/s3access/_meta/fields.epr.yml | 90 + filebeat/module/aws/s3access/_meta/fields.yml | 98 + filebeat/module/aws/s3access/config/file.yml | 6 + filebeat/module/aws/s3access/config/s3.yml | 38 + .../module/aws/s3access/ingest/pipeline.yml | 149 + filebeat/module/aws/s3access/manifest.yml | 18 + .../aws/s3access/test/s3_server_access.log | 6 + .../test/s3_server_access.log-expected.json | 337 + filebeat/module/aws/s3access/test/test.log | 5 + .../aws/s3access/test/test.log-expected.json | 246 + filebeat/module/aws/vpcflow/README.md | 42 + .../module/aws/vpcflow/_meta/fields.epr.yml | 123 + filebeat/module/aws/vpcflow/_meta/fields.yml | 54 + filebeat/module/aws/vpcflow/config/input.yml | 169 + .../module/aws/vpcflow/ingest/pipeline.yml | 103 + filebeat/module/aws/vpcflow/manifest.yml | 18 + .../vpcflow/test/accept-reject-traffic.log | 5 + .../accept-reject-traffic.log-expected.json | 194 + .../aws/vpcflow/test/custom-nat-gateway.log | 3 + .../test/custom-nat-gateway.log-expected.json | 55 + .../vpcflow/test/custom-transit-gateway.log | 2 + .../custom-transit-gateway.log-expected.json | 44 + filebeat/module/aws/vpcflow/test/ipv6.log | 1 + .../aws/vpcflow/test/ipv6.log-expected.json | 43 + .../aws/vpcflow/test/no-data-skip-data.log | 2 + .../test/no-data-skip-data.log-expected.json | 46 + .../aws/vpcflow/test/tcp-flag-sequence.log | 2 + .../test/tcp-flag-sequence.log-expected.json | 60 + filebeat/module/azure/_meta/config.yml | 32 + filebeat/module/azure/_meta/docs.asciidoc | 121 + filebeat/module/azure/_meta/fields.yml | 51 + .../Filebeat-azure-alerts-overview.json | 592 + .../7/dashboard/Filebeat-azure-overview.json | 1925 + .../Filebeat-azure-user-activity.json | 1675 + .../azure/activitylogs/_meta/fields.yml | 110 + .../activitylogs/config/azure-eventhub.yml | 7 + .../module/azure/activitylogs/config/file.yml | 6 + .../azure/activitylogs/ingest/pipeline.json | 249 + .../module/azure/activitylogs/manifest.yml | 18 + .../azure/activitylogs/test/activitylogs.log | 1 + .../test/activitylogs.log-expected.json | 53 + .../module/azure/auditlogs/_meta/fields.yml | 162 + .../azure/auditlogs/config/azure-eventhub.yml | 8 + .../module/azure/auditlogs/config/file.yml | 6 + .../azure/auditlogs/ingest/pipeline.json | 194 + filebeat/module/azure/auditlogs/manifest.yml | 18 + .../module/azure/auditlogs/test/auditlogs.log | 1 + .../test/auditlogs.log-expected.json | 42 + .../module/azure/azure-shared-pipeline.json | 69 + filebeat/module/azure/fields.go | 36 + filebeat/module/azure/module.yml | 1 + .../module/azure/signinlogs/_meta/fields.yml | 157 + .../signinlogs/config/azure-eventhub.yml | 7 + .../module/azure/signinlogs/config/file.yml | 6 + .../azure/signinlogs/ingest/pipeline.json | 431 + filebeat/module/azure/signinlogs/manifest.yml | 18 + .../azure/signinlogs/test/signinlogs.log | 1 + .../test/signinlogs.log-expected.json | 57 + filebeat/module/cef/_meta/config.yml | 6 + filebeat/module/cef/_meta/docs.asciidoc | 140 + filebeat/module/cef/_meta/fields.yml | 7 + .../filebeat-cef-endpoint-os-activity.json | 1998 + .../filebeat-cef-endpoint-overview.json | 1765 + .../dashboard/filebeat-cef-microsoft-dns.json | 1796 + .../filebeat-cef-network-overview.json | 2354 + ...ebeat-cef-network-suspicious-activity.json | 1614 + filebeat/module/cef/fields.go | 36 + filebeat/module/cef/log/_meta/fields.yml | 293 + filebeat/module/cef/log/config/input.yml | 26 + .../module/cef/log/ingest/cp-pipeline.yml | 339 + .../module/cef/log/ingest/fp-pipeline.yml | 27 + filebeat/module/cef/log/ingest/pipeline.yml | 89 + filebeat/module/cef/log/manifest.yml | 25 + filebeat/module/cef/log/test/cef.log | 4 + .../module/cef/log/test/cef.log-expected.json | 188 + filebeat/module/cef/log/test/checkpoint.log | 3 + .../cef/log/test/checkpoint.log-expected.json | 197 + filebeat/module/cef/log/test/fp-ngfw-smc.log | 13 + .../log/test/fp-ngfw-smc.log-expected.json | 431 + filebeat/module/checkpoint/_meta/config.yml | 18 + .../module/checkpoint/_meta/docs.asciidoc | 162 + filebeat/module/checkpoint/_meta/fields.yml | 5 + filebeat/module/checkpoint/fields.go | 36 + .../checkpoint/firewall/_meta/fields.yml | 2418 + .../checkpoint/firewall/config/firewall.yml | 36 + .../checkpoint/firewall/ingest/pipeline.json | 1115 + .../module/checkpoint/firewall/manifest.yml | 25 + .../checkpoint/firewall/test/checkpoint.log | 10039 ++++ .../test/checkpoint.log-expected.json | 5509 ++ filebeat/module/checkpoint/module.yml | 1 + filebeat/module/cisco/README.md | 2 + filebeat/module/cisco/_meta/config.yml | 53 + filebeat/module/cisco/_meta/docs.asciidoc | 303 + filebeat/module/cisco/_meta/fields.yml | 10 + .../7/dashboard/Filebeat-Cisco-ASA.json | 1045 + filebeat/module/cisco/asa/_meta/fields.yml | 99 + filebeat/module/cisco/asa/config/input.yml | 21 + filebeat/module/cisco/asa/manifest.yml | 33 + filebeat/module/cisco/asa/test/asa-fix.log | 5 + .../cisco/asa/test/asa-fix.log-expected.json | 152 + filebeat/module/cisco/asa/test/asa.log | 268 + .../cisco/asa/test/asa.log-expected.json | 2953 + .../module/cisco/asa/test/dap_records.log | 1 + .../asa/test/dap_records.log-expected.json | 35 + filebeat/module/cisco/asa/test/filtered.log | 3 + .../cisco/asa/test/filtered.log-expected.json | 55 + filebeat/module/cisco/asa/test/hostnames.log | 2 + .../asa/test/hostnames.log-expected.json | 58 + filebeat/module/cisco/asa/test/not-ip.log | 1 + .../cisco/asa/test/not-ip.log-expected.json | 35 + filebeat/module/cisco/asa/test/sample.log | 72 + .../cisco/asa/test/sample.log-expected.json | 2131 + filebeat/module/cisco/fields.go | 36 + filebeat/module/cisco/ftd/_meta/fields.yml | 104 + filebeat/module/cisco/ftd/config/input.yml | 20 + filebeat/module/cisco/ftd/manifest.yml | 32 + filebeat/module/cisco/ftd/test/asa-fix.log | 5 + .../cisco/ftd/test/asa-fix.log-expected.json | 157 + filebeat/module/cisco/ftd/test/asa.log | 268 + .../cisco/ftd/test/asa.log-expected.json | 2853 + filebeat/module/cisco/ftd/test/dns.log | 21 + .../cisco/ftd/test/dns.log-expected.json | 1696 + filebeat/module/cisco/ftd/test/filtered.log | 2 + .../cisco/ftd/test/filtered.log-expected.json | 24 + .../cisco/ftd/test/firepower-management.log | Bin 0 -> 5064 bytes .../firepower-management.log-expected.json | 615 + filebeat/module/cisco/ftd/test/intrusion.log | 4 + .../ftd/test/intrusion.log-expected.json | 238 + filebeat/module/cisco/ftd/test/no-type-id.log | 4 + .../ftd/test/no-type-id.log-expected.json | 130 + filebeat/module/cisco/ftd/test/sample.log | 72 + .../cisco/ftd/test/sample.log-expected.json | 2063 + .../cisco/ftd/test/security-connection.log | 10 + .../security-connection.log-expected.json | 737 + .../cisco/ftd/test/security-file-malware.log | 10 + .../security-file-malware.log-expected.json | 590 + .../cisco/ftd/test/security-malware-site.log | 1 + .../security-malware-site.log-expected.json | 96 + filebeat/module/cisco/ios/_meta/fields.yml | 18 + filebeat/module/cisco/ios/config/input.yml | 25 + filebeat/module/cisco/ios/config/pipeline.js | 222 + filebeat/module/cisco/ios/ingest/pipeline.yml | 51 + filebeat/module/cisco/ios/manifest.yml | 21 + filebeat/module/cisco/ios/pipeline_test.go | 261 + .../cisco/ios/test/cisco-ios-syslog.log | 34 + .../test/cisco-ios-syslog.log-expected.json | 1327 + filebeat/module/cisco/module.yml | 3 + .../cisco/shared/gen-ecs-mapping-docs.go | 143 + .../cisco/shared/gen-ftd-ecs-mapping.go | 249 + filebeat/module/cisco/shared/gen.go | 17 + .../cisco/shared/ingest/asa-ftd-pipeline.yml | 1282 + .../module/cisco/shared/security-mappings.csv | 215 + filebeat/module/cisco/shared/stringset.go | 56 + filebeat/module/coredns/README.md | 161 + filebeat/module/coredns/_meta/config.yml | 8 + filebeat/module/coredns/_meta/docs.asciidoc | 51 + filebeat/module/coredns/_meta/fields.yml | 57 + .../coredns/_meta/images/kibana-coredns.jpg | Bin 0 -> 256863 bytes .../dashboard/Coredns-Overview-Dashboard.json | 464 + filebeat/module/coredns/fields.go | 36 + .../module/coredns/log/config/coredns.yml | 7 + .../coredns/log/ingest/pipeline-entry.yml | 113 + .../coredns/log/ingest/pipeline-json.yml | 32 + .../coredns/log/ingest/pipeline-plaintext.yml | 13 + filebeat/module/coredns/log/manifest.yml | 15 + .../module/coredns/log/test/coredns-json.log | 3 + .../log/test/coredns-json.log-expected.json | 155 + filebeat/module/coredns/log/test/coredns.log | 2 + .../log/test/coredns.log-expected.json | 86 + filebeat/module/coredns/module.yml | 3 + filebeat/module/crowdstrike/_meta/config.yml | 8 + .../module/crowdstrike/_meta/docs.asciidoc | 61 + filebeat/module/crowdstrike/_meta/fields.yml | 11 + .../_meta/images/siem-alerts-cs.jpg | Bin 0 -> 399141 bytes .../_meta/images/siem-events-cs.jpg | Bin 0 -> 523409 bytes .../crowdstrike/falcon/_meta/fields.yml | 248 + .../crowdstrike/falcon/config/falcon.yml | 19 + .../crowdstrike/falcon/config/pipeline.js | 187 + .../module/crowdstrike/falcon/manifest.yml | 8 + .../falcon/test/falcon-audit-events.log | 277 + .../falcon-audit-events.log-expected.json | 497 + .../crowdstrike/falcon/test/falcon-events.log | 68 + .../test/falcon-events.log-expected.json | 113 + filebeat/module/crowdstrike/fields.go | 36 + filebeat/module/crowdstrike/module.yml | 3 + filebeat/module/envoyproxy/README.md | 125 + filebeat/module/envoyproxy/_meta/config.yml | 8 + .../module/envoyproxy/_meta/docs.asciidoc | 24 + filebeat/module/envoyproxy/_meta/fields.yml | 45 + .../_meta/images/kibana-envoyproxy.jpg | Bin 0 -> 482070 bytes .../Filebeat-Envoyproxy-Overview.json | 910 + filebeat/module/envoyproxy/fields.go | 36 + .../envoyproxy/log/config/envoyproxy.yml | 7 + .../envoyproxy/log/ingest/pipeline-entry.json | 47 + .../envoyproxy/log/ingest/pipeline-geo-as.yml | 51 + .../envoyproxy/log/ingest/pipeline-http.json | 94 + .../envoyproxy/log/ingest/pipeline-json.json | 47 + .../log/ingest/pipeline-plaintext.json | 117 + .../envoyproxy/log/ingest/pipeline-tcp.json | 46 + filebeat/module/envoyproxy/log/manifest.yml | 18 + .../module/envoyproxy/log/test/envoy-json.log | 2 + .../log/test/envoy-json.log-expected.json | 85 + filebeat/module/envoyproxy/log/test/envoy.log | 4 + .../log/test/envoy.log-expected.json | 133 + filebeat/module/envoyproxy/module.yml | 3 + filebeat/module/googlecloud/_meta/config.yml | 54 + .../module/googlecloud/_meta/docs.asciidoc | 161 + filebeat/module/googlecloud/_meta/fields.yml | 99 + .../dashboard/filebeat-googlecloud-audit.json | 741 + .../module/googlecloud/audit/_meta/fields.yml | 133 + .../module/googlecloud/audit/config/input.yml | 31 + .../googlecloud/audit/config/pipeline.js | 180 + .../googlecloud/audit/ingest/pipeline.yml | 33 + .../module/googlecloud/audit/manifest.yml | 21 + .../audit/test/audit-log-entries.json.log | 4 + .../audit-log-entries.json.log-expected.json | 181 + filebeat/module/googlecloud/fields.go | 36 + .../googlecloud/firewall/_meta/fields.yml | 48 + .../googlecloud/firewall/config/input.yml | 32 + .../googlecloud/firewall/config/pipeline.js | 331 + .../googlecloud/firewall/ingest/pipeline.yml | 50 + .../module/googlecloud/firewall/manifest.yml | 23 + .../module/googlecloud/firewall/test/rare.log | 2 + .../firewall/test/rare.log-expected.json | 130 + .../module/googlecloud/firewall/test/test.log | 20 + .../firewall/test/test.log-expected.json | 1287 + .../googlecloud/vpcflow/_meta/fields.yml | 16 + .../googlecloud/vpcflow/config/input.yml | 31 + .../googlecloud/vpcflow/config/pipeline.js | 259 + .../googlecloud/vpcflow/ingest/pipeline.yml | 51 + .../module/googlecloud/vpcflow/manifest.yml | 21 + .../test/vpc-flow-log-entries.json.log | 296 + ...pc-flow-log-entries.json.log-expected.json | 5500 ++ filebeat/module/ibmmq/_meta/config.yml | 8 + filebeat/module/ibmmq/_meta/docs.asciidoc | 50 + filebeat/module/ibmmq/_meta/fields.yml | 10 + .../7/dashboard/Filebeat-IBMMQ-Overview.json | 931 + .../module/ibmmq/errorlog/_meta/fields.yml | 34 + .../module/ibmmq/errorlog/config/errorlog.yml | 10 + .../module/ibmmq/errorlog/ingest/pipeline.yml | 76 + filebeat/module/ibmmq/errorlog/manifest.yml | 13 + .../module/ibmmq/errorlog/test/AMQERR01.log | 356 + .../errorlog/test/AMQERR01.log-expected.json | 662 + .../ibmmq/errorlog/test/AMQERR01_QM1.log | 36942 +++++++++++++ .../test/AMQERR01_QM1.log-expected.json | 3272 ++ .../ibmmq/errorlog/test/AMQERR01_QM2.log | 33354 ++++++++++++ .../test/AMQERR01_QM2.log-expected.json | 3402 ++ filebeat/module/ibmmq/fields.go | 36 + filebeat/module/ibmmq/module.yml | 3 + filebeat/module/iptables/README.md | 3 + filebeat/module/iptables/_meta/config.yml | 10 + filebeat/module/iptables/_meta/docs.asciidoc | 79 + filebeat/module/iptables/_meta/fields.yml | 10 + .../dashboard/Filebeat-Iptables-Overview.json | 759 + ...t-Iptables-Ubiquiti-Firewall-Overview.json | 848 + filebeat/module/iptables/fields.go | 36 + filebeat/module/iptables/log/_meta/fields.yml | 163 + filebeat/module/iptables/log/config/input.yml | 53 + .../module/iptables/log/ingest/pipeline.yml | 259 + filebeat/module/iptables/log/manifest.yml | 23 + filebeat/module/iptables/log/test/geo.log | 1 + .../iptables/log/test/geo.log-expected.json | 67 + filebeat/module/iptables/log/test/icmp.log | 1 + .../iptables/log/test/icmp.log-expected.json | 43 + .../module/iptables/log/test/iptables.log | 10 + .../log/test/iptables.log-expected.json | 480 + filebeat/module/iptables/log/test/ipv6.log | 11 + .../iptables/log/test/ipv6.log-expected.json | 422 + .../module/iptables/log/test/ubiquiti.log | 5 + .../log/test/ubiquiti.log-expected.json | 275 + filebeat/module/iptables/module.yml | 5 + filebeat/module/misp/README.md | 27 + filebeat/module/misp/_meta/config.yml | 17 + filebeat/module/misp/_meta/docs.asciidoc | 30 + filebeat/module/misp/_meta/fields.yml | 10 + .../module/misp/_meta/images/kibana-misp.png | Bin 0 -> 1893360 bytes .../7/dashboard/Filebeat-MISP-Overview.json | 417 + filebeat/module/misp/fields.go | 36 + filebeat/module/misp/module.yml | 3 + filebeat/module/misp/threat/_meta/fields.yml | 710 + filebeat/module/misp/threat/config/input.yml | 36 + .../module/misp/threat/config/pipeline.js | 214 + .../module/misp/threat/ingest/pipeline.json | 26 + filebeat/module/misp/threat/manifest.yml | 42 + .../misp/threat/test/misp-test.json.log | 4 + .../test/misp-test.json.log-expected.json | 108 + filebeat/module/mssql/_meta/config.yml | 8 + filebeat/module/mssql/_meta/docs.asciidoc | 52 + filebeat/module/mssql/_meta/fields.yml | 8 + filebeat/module/mssql/fields.go | 36 + filebeat/module/mssql/log/_meta/fields.yml | 7 + filebeat/module/mssql/log/config/config.yml | 13 + filebeat/module/mssql/log/ingest/pipeline.yml | 50 + filebeat/module/mssql/log/manifest.yml | 15 + filebeat/module/mssql/log/test/test.log | 21 + .../mssql/log/test/test.log-expected.json | 308 + filebeat/module/netflow/_meta/config.yml | 6 + filebeat/module/netflow/_meta/docs.asciidoc | 74 + filebeat/module/netflow/_meta/fields.yml | 6 + .../filebeat-netflow-autonomous-systems.json | 597 + ...ilebeat-netflow-conversation-partners.json | 599 + .../filebeat-netflow-flow-exporters.json | 554 + .../filebeat-netflow-flow-records.json | 476 + .../filebeat-netflow-geo-location.json | 515 + .../dashboard/filebeat-netflow-overview.json | 1219 + .../7/dashboard/filebeat-netflow-top-n.json | 1138 + .../filebeat-netflow-traffic-analysis.json | 3096 ++ filebeat/module/netflow/dashboards.yml | 26 + filebeat/module/netflow/fields.go | 36 + .../module/netflow/log/config/netflow.yml | 25 + .../module/netflow/log/ingest/pipeline.yml | 54 + filebeat/module/netflow/log/manifest.yml | 23 + filebeat/module/o365/_meta/config.yml | 45 + filebeat/module/o365/_meta/docs.asciidoc | 213 + filebeat/module/o365/_meta/fields.yml | 5 + .../7/dashboard/Filebeat-O365-Audit.json | 1051 + filebeat/module/o365/audit/_meta/fields.yml | 294 + filebeat/module/o365/audit/config/input.yml | 62 + filebeat/module/o365/audit/config/pipeline.js | 852 + .../module/o365/audit/ingest/pipeline.yml | 33 + filebeat/module/o365/audit/manifest.yml | 21 + .../o365/audit/test/01-exchange-admin.log | 100 + .../test/01-exchange-admin.log-expected.json | 5010 ++ .../o365/audit/test/02-exchange-item.log | 9 + .../test/02-exchange-item.log-expected.json | 533 + .../module/o365/audit/test/04-sharepoint.log | 4 + .../test/04-sharepoint.log-expected.json | 258 + .../o365/audit/test/06-sharepointfileop.log | 11 + .../06-sharepointfileop.log-expected.json | 796 + .../module/o365/audit/test/08-azuread.log | 100 + .../audit/test/08-azuread.log-expected.json | 15239 ++++++ .../o365/audit/test/11-dlp-sharepoint.log | 7 + .../test/11-dlp-sharepoint.log-expected.json | 626 + .../o365/audit/test/13-dlp-exchange.log | 6 + .../test/13-dlp-exchange.log-expected.json | 780 + .../o365/audit/test/14-sp-sharing-op.log | 10 + .../test/14-sp-sharing-op.log-expected.json | 586 + .../o365/audit/test/15-azuread-sts-logon.log | 69 + .../15-azuread-sts-logon.log-expected.json | 6350 +++ filebeat/module/o365/audit/test/22-yammer.log | 2 + .../audit/test/22-yammer.log-expected.json | 109 + .../module/o365/audit/test/25-ms-teams.log | 4 + .../audit/test/25-ms-teams.log-expected.json | 169 + .../o365/audit/test/40-sec-comp-alerts.log | 3 + .../test/40-sec-comp-alerts.log-expected.json | 165 + .../o365/audit/test/52-data-insights-api.log | 9 + .../52-data-insights-api.log-expected.json | 281 + filebeat/module/o365/fields.go | 36 + filebeat/module/o365/module.yml | 3 + filebeat/module/okta/README.md | 24 + filebeat/module/okta/_meta/config.yml | 14 + filebeat/module/okta/_meta/docs.asciidoc | 19 + filebeat/module/okta/_meta/fields.yml | 11 + .../_meta/images/filebeat-okta-dashboard.png | Bin 0 -> 443571 bytes .../749203a0-67b1-11ea-a76f-bf44814e437d.json | 677 + filebeat/module/okta/fields.go | 36 + filebeat/module/okta/module.yml | 3 + filebeat/module/okta/system/_meta/fields.yml | 369 + filebeat/module/okta/system/config/input.yml | 35 + .../module/okta/system/config/pipeline.js | 206 + .../module/okta/system/ingest/pipeline.yml | 51 + filebeat/module/okta/system/manifest.yml | 55 + .../system/test/okta-system-test.json.log | 3 + .../okta-system-test.json.log-expected.json | 232 + filebeat/module/panw/README.md | 2 + filebeat/module/panw/_meta/config.yml | 10 + filebeat/module/panw/_meta/docs.asciidoc | 179 + filebeat/module/panw/_meta/fields.yml | 10 + .../Filebeat-panw-network-overview.json | 1107 + .../Filebeat-panw-threat-overview.json | 796 + filebeat/module/panw/fields.go | 36 + filebeat/module/panw/module.yml | 5 + filebeat/module/panw/panos/_meta/fields.yml | 133 + filebeat/module/panw/panos/config/input.yml | 168 + .../module/panw/panos/ingest/pipeline.yml | 485 + filebeat/module/panw/panos/manifest.yml | 23 + .../module/panw/panos/test/pan_inc_other.log | 34 + .../test/pan_inc_other.log-expected.json | 97 + .../module/panw/panos/test/pan_inc_threat.log | 100 + .../test/pan_inc_threat.log-expected.json | 8600 +++ .../panw/panos/test/pan_inc_traffic.log | 100 + .../test/pan_inc_traffic.log-expected.json | 9301 ++++ filebeat/module/panw/panos/test/threat.log | 76 + .../panw/panos/test/threat.log-expected.json | 6476 +++ filebeat/module/panw/panos/test/traffic.log | 100 + .../panw/panos/test/traffic.log-expected.json | 9158 ++++ filebeat/module/rabbitmq/_meta/config.yml | 8 + filebeat/module/rabbitmq/_meta/docs.asciidoc | 56 + filebeat/module/rabbitmq/_meta/fields.yml | 9 + filebeat/module/rabbitmq/fields.go | 36 + filebeat/module/rabbitmq/log/_meta/fields.yml | 9 + filebeat/module/rabbitmq/log/config/log.yml | 17 + .../module/rabbitmq/log/ingest/pipeline.yml | 35 + filebeat/module/rabbitmq/log/manifest.yml | 12 + filebeat/module/rabbitmq/log/test/test.log | 78 + .../rabbitmq/log/test/test.log-expected.json | 370 + filebeat/module/suricata/README.md | 43 + filebeat/module/suricata/_meta/config.yml | 8 + filebeat/module/suricata/_meta/docs.asciidoc | 59 + filebeat/module/suricata/_meta/fields.yml | 10 + .../Filebeat-Suricata-Alert-Overview.json | 786 + .../dashboard/Filebeat-Suricata-Overview.json | 919 + filebeat/module/suricata/eve/_meta/fields.yml | 736 + filebeat/module/suricata/eve/config/eve.yml | 405 + .../module/suricata/eve/ingest/pipeline.yml | 244 + filebeat/module/suricata/eve/manifest.yml | 25 + .../module/suricata/eve/test/eve-alerts.log | 20 + .../eve/test/eve-alerts.log-expected.json | 1540 + .../suricata/eve/test/eve-dns-4.1.4.log | 24 + .../eve/test/eve-dns-4.1.4.log-expected.json | 1404 + .../module/suricata/eve/test/eve-small.log | 8 + .../eve/test/eve-small.log-expected.json | 511 + filebeat/module/suricata/fields.go | 36 + filebeat/module/suricata/module.yml | 5 + filebeat/module/zeek/README-developer.md | 66 + filebeat/module/zeek/README.md | 58 + filebeat/module/zeek/_meta/config.yml | 81 + filebeat/module/zeek/_meta/docs.asciidoc | 33 + filebeat/module/zeek/_meta/fields.yml | 14 + .../module/zeek/_meta/images/kibana-zeek.png | Bin 0 -> 451430 bytes .../7/dashboard/Filebeat-Zeek-Overview.json | 859 + .../module/zeek/capture_loss/_meta/fields.yml | 29 + .../zeek/capture_loss/config/capture_loss.yml | 20 + .../zeek/capture_loss/ingest/pipeline.yml | 21 + .../module/zeek/capture_loss/manifest.yml | 15 + .../capture_loss/test/capture_loss-json.log | 1 + .../test/capture_loss-json.log-expected.json | 21 + .../module/zeek/connection/_meta/fields.yml | 59 + .../zeek/connection/config/connection.yml | 101 + .../zeek/connection/ingest/pipeline.yml | 187 + filebeat/module/zeek/connection/manifest.yml | 21 + .../zeek/connection/test/connection-json.log | 4 + .../test/connection-json.log-expected.json | 223 + filebeat/module/zeek/dce_rpc/_meta/fields.yml | 25 + .../module/zeek/dce_rpc/config/dce_rpc.yml | 58 + .../module/zeek/dce_rpc/ingest/pipeline.yml | 63 + filebeat/module/zeek/dce_rpc/manifest.yml | 17 + .../module/zeek/dce_rpc/test/dce_rpc-json.log | 1 + .../test/dce_rpc-json.log-expected.json | 43 + filebeat/module/zeek/dhcp/_meta/fields.yml | 133 + filebeat/module/zeek/dhcp/config/dhcp.yml | 120 + filebeat/module/zeek/dhcp/ingest/pipeline.yml | 27 + filebeat/module/zeek/dhcp/manifest.yml | 17 + filebeat/module/zeek/dhcp/test/dhcp-json.log | 1 + .../dhcp/test/dhcp-json.log-expected.json | 58 + filebeat/module/zeek/dnp3/_meta/fields.yml | 24 + filebeat/module/zeek/dnp3/config/dnp3.yml | 68 + filebeat/module/zeek/dnp3/ingest/pipeline.yml | 64 + filebeat/module/zeek/dnp3/manifest.yml | 17 + filebeat/module/zeek/dnp3/test/dnp3-json.log | 1 + .../dnp3/test/dnp3-json.log-expected.json | 35 + filebeat/module/zeek/dns/_meta/fields.yml | 107 + filebeat/module/zeek/dns/config/dns.yml | 210 + filebeat/module/zeek/dns/ingest/pipeline.yml | 52 + filebeat/module/zeek/dns/manifest.yml | 21 + filebeat/module/zeek/dns/test/dns-json.log | 3 + .../zeek/dns/test/dns-json.log-expected.json | 212 + filebeat/module/zeek/dpd/_meta/fields.yml | 21 + filebeat/module/zeek/dpd/config/dpd.yml | 57 + filebeat/module/zeek/dpd/ingest/pipeline.yml | 63 + filebeat/module/zeek/dpd/manifest.yml | 17 + filebeat/module/zeek/dpd/test/dpd-json.log | 1 + .../zeek/dpd/test/dpd-json.log-expected.json | 38 + filebeat/module/zeek/fields.go | 36 + filebeat/module/zeek/files/_meta/fields.yml | 138 + filebeat/module/zeek/files/config/files.yml | 39 + .../module/zeek/files/ingest/pipeline.yml | 66 + filebeat/module/zeek/files/manifest.yml | 19 + .../module/zeek/files/test/files-json.log | 3 + .../files/test/files-json.log-expected.json | 116 + filebeat/module/zeek/ftp/_meta/fields.yml | 128 + filebeat/module/zeek/ftp/config/ftp.yml | 86 + filebeat/module/zeek/ftp/ingest/pipeline.yml | 68 + filebeat/module/zeek/ftp/manifest.yml | 17 + filebeat/module/zeek/ftp/test/ftp.log | 3 + .../zeek/ftp/test/ftp.log-expected.json | 148 + filebeat/module/zeek/http/_meta/fields.yml | 102 + filebeat/module/zeek/http/config/http.yml | 93 + filebeat/module/zeek/http/ingest/pipeline.yml | 82 + filebeat/module/zeek/http/manifest.yml | 23 + filebeat/module/zeek/http/test/http-json.log | 2 + .../http/test/http-json.log-expected.json | 69 + filebeat/module/zeek/intel/_meta/fields.yml | 80 + filebeat/module/zeek/intel/config/intel.yml | 72 + .../module/zeek/intel/ingest/pipeline.yml | 81 + filebeat/module/zeek/intel/manifest.yml | 21 + .../module/zeek/intel/test/intel-json.log | 1 + .../intel/test/intel-json.log-expected.json | 47 + filebeat/module/zeek/irc/_meta/fields.yml | 60 + filebeat/module/zeek/irc/config/irc.yml | 72 + filebeat/module/zeek/irc/ingest/pipeline.yml | 65 + filebeat/module/zeek/irc/manifest.yml | 17 + filebeat/module/zeek/irc/test/irc-json.log | 3 + .../zeek/irc/test/irc-json.log-expected.json | 151 + .../module/zeek/kerberos/_meta/fields.yml | 123 + .../module/zeek/kerberos/config/kerberos.yml | 104 + .../module/zeek/kerberos/ingest/pipeline.yml | 90 + filebeat/module/zeek/kerberos/manifest.yml | 20 + .../zeek/kerberos/test/kerberos-json.log | 1 + .../test/kerberos-json.log-expected.json | 55 + filebeat/module/zeek/modbus/_meta/fields.yml | 21 + filebeat/module/zeek/modbus/config/modbus.yml | 73 + .../module/zeek/modbus/ingest/pipeline.yml | 63 + filebeat/module/zeek/modbus/manifest.yml | 17 + .../module/zeek/modbus/test/modbus-json.log | 1 + .../modbus/test/modbus-json.log-expected.json | 40 + filebeat/module/zeek/module.yml | 3 + filebeat/module/zeek/mysql/_meta/fields.yml | 30 + filebeat/module/zeek/mysql/config/mysql.yml | 72 + .../module/zeek/mysql/ingest/pipeline.yml | 83 + filebeat/module/zeek/mysql/manifest.yml | 17 + .../module/zeek/mysql/test/mysql-json.log | 1 + .../mysql/test/mysql-json.log-expected.json | 45 + filebeat/module/zeek/notice/_meta/fields.yml | 133 + filebeat/module/zeek/notice/config/notice.yml | 102 + .../module/zeek/notice/ingest/pipeline.yml | 71 + filebeat/module/zeek/notice/manifest.yml | 21 + .../module/zeek/notice/test/notice-json.log | 2 + .../notice/test/notice-json.log-expected.json | 89 + filebeat/module/zeek/ntlm/_meta/fields.yml | 46 + filebeat/module/zeek/ntlm/config/ntlm.yml | 86 + filebeat/module/zeek/ntlm/ingest/pipeline.yml | 67 + filebeat/module/zeek/ntlm/manifest.yml | 17 + filebeat/module/zeek/ntlm/test/ntlm-json.log | 1 + .../ntlm/test/ntlm-json.log-expected.json | 49 + filebeat/module/zeek/ocsp/_meta/fields.yml | 68 + filebeat/module/zeek/ocsp/config/ocsp.yml | 62 + filebeat/module/zeek/ocsp/ingest/pipeline.yml | 41 + filebeat/module/zeek/ocsp/manifest.yml | 15 + filebeat/module/zeek/pe/_meta/fields.yml | 91 + filebeat/module/zeek/pe/config/pe.yml | 31 + filebeat/module/zeek/pe/ingest/pipeline.yml | 21 + filebeat/module/zeek/pe/manifest.yml | 17 + filebeat/module/zeek/pe/test/pe-json.log | 1 + .../zeek/pe/test/pe-json.log-expected.json | 43 + filebeat/module/zeek/radius/_meta/fields.yml | 50 + filebeat/module/zeek/radius/config/radius.yml | 58 + .../module/zeek/radius/ingest/pipeline.yml | 67 + filebeat/module/zeek/radius/manifest.yml | 17 + .../module/zeek/radius/test/radius-json.log | 1 + .../radius/test/radius-json.log-expected.json | 46 + filebeat/module/zeek/rdp/_meta/fields.yml | 103 + filebeat/module/zeek/rdp/config/rdp.yml | 88 + filebeat/module/zeek/rdp/ingest/pipeline.yml | 68 + filebeat/module/zeek/rdp/manifest.yml | 17 + filebeat/module/zeek/rdp/test/rdp-json.log | 1 + .../zeek/rdp/test/rdp-json.log-expected.json | 42 + filebeat/module/zeek/rfb/_meta/fields.yml | 67 + filebeat/module/zeek/rfb/config/rfb.yml | 73 + filebeat/module/zeek/rfb/ingest/pipeline.yml | 63 + filebeat/module/zeek/rfb/manifest.yml | 17 + filebeat/module/zeek/rfb/test/rfb-json.log | 1 + .../zeek/rfb/test/rfb-json.log-expected.json | 47 + filebeat/module/zeek/sip/_meta/fields.yml | 122 + filebeat/module/zeek/sip/config/sip.yml | 95 + filebeat/module/zeek/sip/ingest/pipeline.yml | 83 + filebeat/module/zeek/sip/manifest.yml | 17 + filebeat/module/zeek/sip/test/sip-json.log | 3 + .../zeek/sip/test/sip-json.log-expected.json | 222 + filebeat/module/zeek/smb_cmd/_meta/fields.yml | 95 + .../module/zeek/smb_cmd/config/smb_cmd.yml | 101 + .../module/zeek/smb_cmd/ingest/pipeline.yml | 82 + filebeat/module/zeek/smb_cmd/manifest.yml | 17 + .../module/zeek/smb_cmd/test/smb_cmd-json.log | 1 + .../test/smb_cmd-json.log-expected.json | 51 + .../module/zeek/smb_files/_meta/fields.yml | 65 + .../zeek/smb_files/config/smb_files.yml | 61 + .../module/zeek/smb_files/ingest/pipeline.yml | 135 + filebeat/module/zeek/smb_files/manifest.yml | 17 + .../zeek/smb_files/test/smb_files-json.log | 1 + .../test/smb_files-json.log-expected.json | 55 + .../module/zeek/smb_mapping/_meta/fields.yml | 26 + .../zeek/smb_mapping/config/smb_mapping.yml | 57 + .../zeek/smb_mapping/ingest/pipeline.yml | 63 + filebeat/module/zeek/smb_mapping/manifest.yml | 17 + .../smb_mapping/test/smb_mapping-json.log | 1 + .../test/smb_mapping-json.log-expected.json | 39 + filebeat/module/zeek/smtp/_meta/fields.yml | 121 + filebeat/module/zeek/smtp/config/smtp.yml | 67 + filebeat/module/zeek/smtp/ingest/pipeline.yml | 69 + filebeat/module/zeek/smtp/manifest.yml | 17 + filebeat/module/zeek/smtp/test/smtp-json.log | 1 + .../smtp/test/smtp-json.log-expected.json | 47 + filebeat/module/zeek/snmp/_meta/fields.yml | 56 + filebeat/module/zeek/snmp/config/snmp.yml | 69 + filebeat/module/zeek/snmp/ingest/pipeline.yml | 69 + filebeat/module/zeek/snmp/manifest.yml | 17 + filebeat/module/zeek/snmp/test/snmp-json.log | 1 + .../snmp/test/snmp-json.log-expected.json | 44 + filebeat/module/zeek/socks/_meta/fields.yml | 56 + filebeat/module/zeek/socks/config/socks.yml | 67 + .../module/zeek/socks/ingest/pipeline.yml | 82 + filebeat/module/zeek/socks/manifest.yml | 17 + .../module/zeek/socks/test/socks-json.log | 1 + .../socks/test/socks-json.log-expected.json | 46 + filebeat/module/zeek/ssh/_meta/fields.yml | 78 + filebeat/module/zeek/ssh/config/ssh.yml | 76 + filebeat/module/zeek/ssh/ingest/pipeline.yml | 71 + filebeat/module/zeek/ssh/manifest.yml | 17 + filebeat/module/zeek/ssh/test/ssh-json.log | 1 + .../zeek/ssh/test/ssh-json.log-expected.json | 49 + filebeat/module/zeek/ssl/_meta/fields.yml | 226 + filebeat/module/zeek/ssl/config/ssl.yml | 79 + filebeat/module/zeek/ssl/ingest/pipeline.yml | 254 + filebeat/module/zeek/ssl/manifest.yml | 21 + filebeat/module/zeek/ssl/test/ssl-json.log | 3 + .../zeek/ssl/test/ssl-json.log-expected.json | 144 + filebeat/module/zeek/stats/_meta/fields.yml | 163 + filebeat/module/zeek/stats/config/stats.yml | 95 + .../module/zeek/stats/ingest/pipeline.yml | 18 + filebeat/module/zeek/stats/manifest.yml | 15 + .../module/zeek/stats/test/stats-json.log | 1 + .../stats/test/stats-json.log-expected.json | 37 + filebeat/module/zeek/syslog/_meta/fields.yml | 20 + filebeat/module/zeek/syslog/config/syslog.yml | 57 + .../module/zeek/syslog/ingest/pipeline.yml | 63 + filebeat/module/zeek/syslog/manifest.yml | 17 + .../zeek/traceroute/config/traceroute.yml | 43 + .../zeek/traceroute/ingest/pipeline.yml | 63 + filebeat/module/zeek/traceroute/manifest.yml | 15 + .../zeek/traceroute/test/traceroute-json.log | 1 + .../test/traceroute-json.log-expected.json | 36 + filebeat/module/zeek/tunnel/_meta/fields.yml | 15 + filebeat/module/zeek/tunnel/config/tunnel.yml | 54 + .../module/zeek/tunnel/ingest/pipeline.yml | 63 + filebeat/module/zeek/tunnel/manifest.yml | 15 + .../module/zeek/tunnel/test/tunnel-json.log | 1 + .../tunnel/test/tunnel-json.log-expected.json | 46 + filebeat/module/zeek/weird/_meta/fields.yml | 30 + filebeat/module/zeek/weird/config/weird.yml | 54 + .../module/zeek/weird/ingest/pipeline.yml | 63 + filebeat/module/zeek/weird/manifest.yml | 15 + .../module/zeek/weird/test/weird-json.log | 2 + .../weird/test/weird-json.log-expected.json | 60 + filebeat/module/zeek/x509/_meta/fields.yml | 199 + filebeat/module/zeek/x509/config/x509.yml | 65 + .../module/zeek/x509/ingest/pipeline.json | 231 + filebeat/module/zeek/x509/manifest.yml | 17 + filebeat/module/zeek/x509/test/x509-json.log | 1 + .../x509/test/x509-json.log-expected.json | 110 + filebeat/modules.d/activemq.yml.disabled | 19 + filebeat/modules.d/aws.yml.disabled | 207 + filebeat/modules.d/azure.yml.disabled | 35 + filebeat/modules.d/cef.yml.disabled | 9 + filebeat/modules.d/checkpoint.yml.disabled | 21 + filebeat/modules.d/cisco.yml.disabled | 56 + filebeat/modules.d/coredns.yml.disabled | 11 + filebeat/modules.d/crowdstrike.yml.disabled | 11 + filebeat/modules.d/envoyproxy.yml.disabled | 11 + filebeat/modules.d/googlecloud.yml.disabled | 57 + filebeat/modules.d/ibmmq.yml.disabled | 11 + filebeat/modules.d/iptables.yml.disabled | 13 + filebeat/modules.d/misp.yml.disabled | 20 + filebeat/modules.d/mssql.yml.disabled | 11 + filebeat/modules.d/netflow.yml.disabled | 9 + filebeat/modules.d/o365.yml.disabled | 48 + filebeat/modules.d/okta.yml.disabled | 17 + filebeat/modules.d/panw.yml.disabled | 13 + filebeat/modules.d/rabbitmq.yml.disabled | 11 + filebeat/modules.d/suricata.yml.disabled | 11 + filebeat/modules.d/zeek.yml.disabled | 84 + .../processors/decode_cef/_meta/fields.yml | 758 + filebeat/processors/decode_cef/cef/.gitignore | 2 + filebeat/processors/decode_cef/cef/cef.go | 183 + filebeat/processors/decode_cef/cef/cef.rl | 159 + .../processors/decode_cef/cef/cef_test.go | 419 + .../decode_cef/cef/cmd/cef2json/.gitignore | 2 + .../decode_cef/cef/cmd/cef2json/cef2json.go | 64 + .../processors/decode_cef/cef/fuzz/.gitignore | 4 + .../processors/decode_cef/cef/fuzz/Makefile | 7 + .../processors/decode_cef/cef/fuzz/fuzz.go | 18 + filebeat/processors/decode_cef/cef/keys.go | 699 + filebeat/processors/decode_cef/cef/option.go | 27 + filebeat/processors/decode_cef/cef/parser.go | 1043 + filebeat/processors/decode_cef/cef/types.go | 141 + filebeat/processors/decode_cef/config.go | 22 + filebeat/processors/decode_cef/decode_cef.go | 257 + .../processors/decode_cef/decode_cef_test.go | 337 + .../decode_cef/docs/decode_cef.asciidoc | 41 + filebeat/processors/decode_cef/fields.go | 23 + filebeat/processors/decode_cef/keys.ecs.go | 120 + .../decode_cef/testdata/samples.log | 23 + .../testdata/samples.log.golden.json | 1313 + filebeat/tests/system/test_xpack_modules.py | 20 + .../module/checkpoint/_meta/config.yml | 5 + x-pack/filebeat/module/checkpoint/fields.go | 19 +- 1087 files changed, 367406 insertions(+), 11745 deletions(-) create mode 100644 filebeat/docs/inputs/input-aws-s3.asciidoc create mode 100644 filebeat/docs/inputs/input-azure-eventhub.asciidoc create mode 100644 filebeat/docs/inputs/input-cloudfoundry.asciidoc create mode 100644 filebeat/docs/inputs/input-google-pubsub.asciidoc create mode 100644 filebeat/docs/inputs/input-httpjson.asciidoc create mode 100644 filebeat/docs/inputs/input-netflow.asciidoc create mode 100644 filebeat/docs/inputs/input-o365audit.asciidoc create mode 100644 filebeat/input/azureeventhub/azureeventhub_integration_test.go create mode 100644 filebeat/input/azureeventhub/config.go create mode 100644 filebeat/input/azureeventhub/eph.go create mode 100644 filebeat/input/azureeventhub/eph_test.go create mode 100644 filebeat/input/azureeventhub/file_persister_test.go create mode 100644 filebeat/input/azureeventhub/input.go create mode 100644 filebeat/input/azureeventhub/input_test.go create mode 100644 filebeat/input/cloudfoundry/input.go create mode 100644 filebeat/input/googlepubsub/_meta/Dockerfile create mode 100644 filebeat/input/googlepubsub/_meta/docker-compose.yml create mode 100644 filebeat/input/googlepubsub/config.go create mode 100644 filebeat/input/googlepubsub/config_test.go create mode 100644 filebeat/input/googlepubsub/input.go create mode 100644 filebeat/input/googlepubsub/pubsub_test.go create mode 100644 filebeat/input/googlepubsub/testdata/fake.json create mode 100644 filebeat/input/httpjson/config.go create mode 100644 filebeat/input/httpjson/httpjson_test.go create mode 100644 filebeat/input/httpjson/input.go create mode 100644 filebeat/input/netflow/_meta/fields.header.yml create mode 100644 filebeat/input/netflow/_meta/fields.yml create mode 100644 filebeat/input/netflow/_meta/kibana/7/dashboard/filebeat-network-flows-top-n.json create mode 100644 filebeat/input/netflow/case.go create mode 100644 filebeat/input/netflow/case_test.go create mode 100644 filebeat/input/netflow/config.go create mode 100644 filebeat/input/netflow/convert.go create mode 100644 filebeat/input/netflow/decoder/atomic/bool.go create mode 100644 filebeat/input/netflow/decoder/config/config.go create mode 100644 filebeat/input/netflow/decoder/decoder.go create mode 100644 filebeat/input/netflow/decoder/doc.go create mode 100644 filebeat/input/netflow/decoder/examples/go-netflow-example.go create mode 100644 filebeat/input/netflow/decoder/fields/assorted.csv create mode 100644 filebeat/input/netflow/decoder/fields/cert_pen6871.csv create mode 100644 filebeat/input/netflow/decoder/fields/cisco.csv create mode 100644 filebeat/input/netflow/decoder/fields/doc.go create mode 100644 filebeat/input/netflow/decoder/fields/field.go create mode 100644 filebeat/input/netflow/decoder/fields/field_test.go create mode 100644 filebeat/input/netflow/decoder/fields/gen.go create mode 100644 filebeat/input/netflow/decoder/fields/ipfix-information-elements.csv create mode 100644 filebeat/input/netflow/decoder/fields/types.go create mode 100644 filebeat/input/netflow/decoder/fields/types_test.go create mode 100644 filebeat/input/netflow/decoder/fields/zfields_assorted.go create mode 100644 filebeat/input/netflow/decoder/fields/zfields_cert.go create mode 100644 filebeat/input/netflow/decoder/fields/zfields_cisco.go create mode 100644 filebeat/input/netflow/decoder/fields/zfields_ipfix.go create mode 100644 filebeat/input/netflow/decoder/include.go create mode 100644 filebeat/input/netflow/decoder/ipfix/decoder.go create mode 100644 filebeat/input/netflow/decoder/ipfix/decoder_test.go create mode 100644 filebeat/input/netflow/decoder/ipfix/ipfix.go create mode 100644 filebeat/input/netflow/decoder/ipfix/ipfix_test.go create mode 100644 filebeat/input/netflow/decoder/protocol/protocol.go create mode 100644 filebeat/input/netflow/decoder/protocol/registry.go create mode 100644 filebeat/input/netflow/decoder/protocol/registry_test.go create mode 100644 filebeat/input/netflow/decoder/record/record.go create mode 100644 filebeat/input/netflow/decoder/template/template.go create mode 100644 filebeat/input/netflow/decoder/template/template_test.go create mode 100644 filebeat/input/netflow/decoder/template/test_helpers.go create mode 100644 filebeat/input/netflow/decoder/test/helper.go create mode 100644 filebeat/input/netflow/decoder/v1/v1.go create mode 100644 filebeat/input/netflow/decoder/v1/v1_test.go create mode 100644 filebeat/input/netflow/decoder/v5/v5.go create mode 100644 filebeat/input/netflow/decoder/v5/v5_test.go create mode 100644 filebeat/input/netflow/decoder/v6/v6.go create mode 100644 filebeat/input/netflow/decoder/v6/v6_test.go create mode 100644 filebeat/input/netflow/decoder/v7/v7.go create mode 100644 filebeat/input/netflow/decoder/v7/v7_test.go create mode 100644 filebeat/input/netflow/decoder/v8/v8.go create mode 100644 filebeat/input/netflow/decoder/v8/v8_test.go create mode 100644 filebeat/input/netflow/decoder/v9/decoder.go create mode 100644 filebeat/input/netflow/decoder/v9/decoder_test.go create mode 100644 filebeat/input/netflow/decoder/v9/session.go create mode 100644 filebeat/input/netflow/decoder/v9/session_test.go create mode 100644 filebeat/input/netflow/decoder/v9/v9.go create mode 100644 filebeat/input/netflow/decoder/v9/v9_test.go create mode 100644 filebeat/input/netflow/definitions.go create mode 100644 filebeat/input/netflow/definitions_test.go create mode 100644 filebeat/input/netflow/doc.go create mode 100644 filebeat/input/netflow/fields.go create mode 100644 filebeat/input/netflow/fields_gen.go create mode 100644 filebeat/input/netflow/input.go create mode 100644 filebeat/input/netflow/netflow_test.go create mode 100755 filebeat/input/netflow/testdata/dat/ipfix.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_barracuda_data256.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_barracuda_extended_uniflow_data256.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_barracuda_extended_uniflow_tpl256.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_barracuda_tpl.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_juniper_mx240_junos151r6s3_data512.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_juniper_mx240_junos151r6s3_opttpl512.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_mikrotik_data258.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_mikrotik_data259.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_mikrotik_tpl.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_netscaler_data.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_netscaler_tpl.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_nokia_bras_data256.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_nokia_bras_tpl.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_openbsd_pflow_data.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_openbsd_pflow_tpl.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_procera_data52935.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_procera_tpl52935.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_viptela_data257.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_viptela_tpl257.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_vmware_vds_data264.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_vmware_vds_data266.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_vmware_vds_data266_267.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_vmware_vds_tpl.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_yaf_data45841.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_yaf_data45873.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_yaf_data53248.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_yaf_tpl45841.dat create mode 100755 filebeat/input/netflow/testdata/dat/ipfix_test_yaf_tpls_option_tpl.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow5.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow5_test_invalid01.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow5_test_invalid02.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow5_test_juniper_mx80.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow5_test_microtik.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_cisco_asr1001x_tpl259.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_0length_fields_tpl_data.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_cisco_1941K9.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_cisco_asa_1_data.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_cisco_asa_1_tpl.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_cisco_asa_2_data.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_cisco_asa_2_tpl_26x.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_cisco_asa_2_tpl_27x.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_cisco_asr9k_data256.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_cisco_asr9k_data260.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_cisco_asr9k_opttpl256.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_cisco_asr9k_opttpl257.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_cisco_asr9k_opttpl334.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_cisco_asr9k_tpl260.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_cisco_asr9k_tpl266.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_cisco_nbar_data262.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_cisco_nbar_opttpl260.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_cisco_nbar_tpl262.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_cisco_wlc_8510_tpl_262.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_cisco_wlc_data261.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_cisco_wlc_tpl.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_field_layer2segmentid_data.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_field_layer2segmentid_tpl.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_fortigate_fortios_521_data256.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_fortigate_fortios_521_data257.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_fortigate_fortios_521_tpl.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_fortigate_fortios_542_appid_data258_262.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_fortigate_fortios_542_appid_tpl258-269.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_h3c_data3281.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_h3c_netstream_varstring_data3281.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_h3c_netstream_varstring_tpl3281.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_h3c_tpl3281.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_huawei_netstream_data.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_huawei_netstream_tpl.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_invalid01.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_iptnetflow_reduced_size_encoding_tpldata260.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_juniper_srx_tplopt.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_macaddr_data.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_macaddr_tpl.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_nprobe_data.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_nprobe_dpi.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_nprobe_tpl.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_paloalto_81_data257_1flowset_in_large_zerofilled_packet.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_paloalto_81_tpl256-263.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_paloalto_panos_data.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_paloalto_panos_tpl.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_softflowd_tpl_data.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_streamcore_tpl_data256.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_streamcore_tpl_data260.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_ubnt_edgerouter_data1024.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_ubnt_edgerouter_data1025.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_ubnt_edgerouter_tpl.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_unknown_tpl266_292_data.dat create mode 100755 filebeat/input/netflow/testdata/dat/netflow9_test_valid01.dat create mode 100644 filebeat/input/netflow/testdata/dat_tests.yaml create mode 100644 filebeat/input/netflow/testdata/fields/netflow9_cisco_asa_custom.yaml create mode 100644 filebeat/input/netflow/testdata/golden/IPFIX-Barracuda-extended-uniflow-template-256.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/IPFIX-Barracuda-firewall.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/IPFIX-Mikrotik-RouterOS-6.39.2.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/IPFIX-Netscaler-with-variable-length-fields-missing-templates.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/IPFIX-Netscaler-with-variable-length-fields.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/IPFIX-Nokia-BRAS.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/IPFIX-OpenBSD-pflow.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/IPFIX-Procera.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/IPFIX-VMware-virtual-distributed-switch.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/IPFIX-YAF-basic-with-applabel.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/IPFIX-configured-with-include_flowset_id.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/IPFIX-options-template-from-Juniper-MX240-JunOS-15.1-R6-S3.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/IPFIX-vIPtela-with-VPN-id.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/IPFIX.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-1941-K9-release-15.1.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-ASA-2.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-ASA.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-ASR-9000-series-options-template-256.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-ASR-9000-series-template-260.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-ASR1001--X.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-NBAR-flowset-262.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-NBAR-options-template-260.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-WLC-8500-release-8.2.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-WLC.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-Fortigate-FortiOS-5.2.1.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-Fortigate-FortiOS-54x-appid.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-H3C-Netstream-with-varstring.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-H3C.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-Huawei-Netstream.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-IE150-IE151.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-Palo-Alto-1-flowset-in-large-zero-filled-packet.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-Palo-Alto-PAN--OS-with-app--id.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-Streamcore.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-Ubiquiti-Edgerouter-with-MPLS-labels.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-field-layer2segmentid.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-invalid-01.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-ipt_netflow-reduced-size-encoding.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-macaddress.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-multiple-netflow-exporters.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-nprobe-DPI-L7.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-options-template-with-scope-fields.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-template-with-0-length-fields.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow-9-valid-01.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/Netflow9-Juniper-SRX-options-template-with-0-scope-field-length.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/ipfix_cisco.pcap.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/netflow9_ubiquiti_edgerouter.pcap.golden.json create mode 100644 filebeat/input/netflow/testdata/golden/ssl_local_example.pcap.golden.json create mode 100644 filebeat/input/netflow/testdata/pcap/ipfix_cisco.pcap create mode 100644 filebeat/input/netflow/testdata/pcap/netflow9_ubiquiti_edgerouter.pcap create mode 100644 filebeat/input/o365audit/auth/auth.go create mode 100644 filebeat/input/o365audit/auth/cert.go create mode 100644 filebeat/input/o365audit/auth/secret.go create mode 100644 filebeat/input/o365audit/config.go create mode 100644 filebeat/input/o365audit/contentblob.go create mode 100644 filebeat/input/o365audit/contentblob_test.go create mode 100644 filebeat/input/o365audit/dates.go create mode 100644 filebeat/input/o365audit/input.go create mode 100644 filebeat/input/o365audit/listblobs.go create mode 100644 filebeat/input/o365audit/listblobs_test.go create mode 100644 filebeat/input/o365audit/pagination.go create mode 100644 filebeat/input/o365audit/poll/poll.go create mode 100644 filebeat/input/o365audit/schema.go create mode 100644 filebeat/input/o365audit/state.go create mode 100644 filebeat/input/o365audit/state_test.go create mode 100644 filebeat/input/o365audit/subscribe.go create mode 100644 filebeat/input/s3/_meta/fields.yml create mode 100644 filebeat/input/s3/_meta/s3-input.asciidoc create mode 100644 filebeat/input/s3/config.go create mode 100644 filebeat/input/s3/fields.go create mode 100644 filebeat/input/s3/ftest/sample1.txt create mode 100644 filebeat/input/s3/input.go create mode 100644 filebeat/input/s3/input_test.go create mode 100644 filebeat/input/s3/s3_integration_test.go create mode 100644 filebeat/module/activemq/_meta/config.yml create mode 100644 filebeat/module/activemq/_meta/docs.asciidoc create mode 100644 filebeat/module/activemq/_meta/fields.yml create mode 100644 filebeat/module/activemq/_meta/kibana/7/dashboard/Filebeat-activemq-application-events.json create mode 100644 filebeat/module/activemq/_meta/kibana/7/dashboard/Filebeat-activemq-audit-events.json create mode 100644 filebeat/module/activemq/audit/_meta/fields.yml create mode 100644 filebeat/module/activemq/audit/config/audit.yml create mode 100644 filebeat/module/activemq/audit/ingest/pipeline.yml create mode 100644 filebeat/module/activemq/audit/manifest.yml create mode 100644 filebeat/module/activemq/audit/test/audit.log create mode 100644 filebeat/module/activemq/audit/test/audit.log-expected.json create mode 100644 filebeat/module/activemq/fields.go create mode 100644 filebeat/module/activemq/log/_meta/fields.yml create mode 100644 filebeat/module/activemq/log/config/log.yml create mode 100644 filebeat/module/activemq/log/ingest/pipeline.yml create mode 100644 filebeat/module/activemq/log/manifest.yml create mode 100644 filebeat/module/activemq/log/test/activemq.log create mode 100644 filebeat/module/activemq/log/test/activemq.log-expected.json create mode 100644 filebeat/module/activemq/module.yml create mode 100644 filebeat/module/aws/_meta/config.yml create mode 100644 filebeat/module/aws/_meta/docs.asciidoc create mode 100644 filebeat/module/aws/_meta/fields.yml create mode 100644 filebeat/module/aws/_meta/kibana/7/dashboard/Filebeat-aws-elb-overview.json create mode 100644 filebeat/module/aws/_meta/kibana/7/dashboard/Filebeat-aws-s3access-overview.json create mode 100644 filebeat/module/aws/_meta/kibana/7/dashboard/Filebeat-aws-vpcflow-overview.json create mode 100644 filebeat/module/aws/_meta/kibana/7/dashboard/filebeat-aws-cloudtrail.json create mode 100644 filebeat/module/aws/cloudtrail/README.md create mode 100644 filebeat/module/aws/cloudtrail/_meta/fields.epr.yml create mode 100644 filebeat/module/aws/cloudtrail/_meta/fields.yml create mode 100644 filebeat/module/aws/cloudtrail/config/file.yml create mode 100644 filebeat/module/aws/cloudtrail/config/s3.yml create mode 100644 filebeat/module/aws/cloudtrail/ingest/pipeline.yml create mode 100644 filebeat/module/aws/cloudtrail/manifest.yml create mode 100644 filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/assume-role-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/assume-role-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/change-password-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/change-password-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/console-login-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/create-access-key-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/create-access-key-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/create-group-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/create-group-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/create-key-pair-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/create-trail-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/create-trail-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/create-user-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/create-user-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/delete-access-key-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/delete-access-key-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/delete-bucket-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/delete-bucket-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/delete-group-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/delete-group-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/delete-trail-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/delete-trail-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/delete-user-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/delete-user-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/start-logging-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/start-logging-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/stop-logging-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/stop-logging-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/update-access-key-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/update-access-key-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/update-group-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/update-group-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/update-login-profile-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/update-login-profile-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/update-trail-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/update-user-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/update-user-json.log-expected.json create mode 100644 filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log create mode 100644 filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log-expected.json create mode 100644 filebeat/module/aws/cloudwatch/_meta/fields.yml create mode 100644 filebeat/module/aws/cloudwatch/config/file.yml create mode 100644 filebeat/module/aws/cloudwatch/config/s3.yml create mode 100644 filebeat/module/aws/cloudwatch/ingest/pipeline.yml create mode 100644 filebeat/module/aws/cloudwatch/manifest.yml create mode 100644 filebeat/module/aws/cloudwatch/test/cloudwatch_ec2.log create mode 100644 filebeat/module/aws/cloudwatch/test/cloudwatch_ec2.log-expected.json create mode 100644 filebeat/module/aws/ec2/_meta/fields.epr.yml create mode 100644 filebeat/module/aws/ec2/_meta/fields.yml create mode 100644 filebeat/module/aws/ec2/config/file.yml create mode 100644 filebeat/module/aws/ec2/config/s3.yml create mode 100644 filebeat/module/aws/ec2/ingest/pipeline.yml create mode 100644 filebeat/module/aws/ec2/manifest.yml create mode 100644 filebeat/module/aws/ec2/test/ec2.log create mode 100644 filebeat/module/aws/ec2/test/ec2.log-expected.json create mode 100644 filebeat/module/aws/elb/README.md create mode 100644 filebeat/module/aws/elb/_meta/fields.epr.yml create mode 100644 filebeat/module/aws/elb/_meta/fields.yml create mode 100644 filebeat/module/aws/elb/_meta/terraform/.gitignore create mode 100644 filebeat/module/aws/elb/_meta/terraform/aws.tf create mode 100644 filebeat/module/aws/elb/_meta/terraform/bucket.tf create mode 100644 filebeat/module/aws/elb/_meta/terraform/elb.tf create mode 100644 filebeat/module/aws/elb/_meta/terraform/install_webserver.sh create mode 100644 filebeat/module/aws/elb/_meta/terraform/instance.tf create mode 100644 filebeat/module/aws/elb/_meta/terraform/lb.tf create mode 100644 filebeat/module/aws/elb/_meta/terraform/securitygroup.tf create mode 100644 filebeat/module/aws/elb/_meta/terraform/tcplb.tf create mode 100644 filebeat/module/aws/elb/_meta/terraform/vars.tf create mode 100644 filebeat/module/aws/elb/_meta/terraform/vpc.tf create mode 100644 filebeat/module/aws/elb/config/file.yml create mode 100644 filebeat/module/aws/elb/config/s3.yml create mode 100644 filebeat/module/aws/elb/ingest/pipeline.yml create mode 100644 filebeat/module/aws/elb/manifest.yml create mode 100644 filebeat/module/aws/elb/test/application-lb-http.log create mode 100644 filebeat/module/aws/elb/test/application-lb-http.log-expected.json create mode 100644 filebeat/module/aws/elb/test/elb-http.log create mode 100644 filebeat/module/aws/elb/test/elb-http.log-expected.json create mode 100644 filebeat/module/aws/elb/test/elb-tcp.log create mode 100644 filebeat/module/aws/elb/test/elb-tcp.log-expected.json create mode 100644 filebeat/module/aws/elb/test/example-alb-http.log create mode 100644 filebeat/module/aws/elb/test/example-alb-http.log-expected.json create mode 100644 filebeat/module/aws/elb/test/example-http.log create mode 100644 filebeat/module/aws/elb/test/example-http.log-expected.json create mode 100644 filebeat/module/aws/elb/test/example-https.log create mode 100644 filebeat/module/aws/elb/test/example-https.log-expected.json create mode 100644 filebeat/module/aws/elb/test/example-nlb-tcp.log create mode 100644 filebeat/module/aws/elb/test/example-nlb-tcp.log-expected.json create mode 100644 filebeat/module/aws/elb/test/example-ssl.log create mode 100644 filebeat/module/aws/elb/test/example-ssl.log-expected.json create mode 100644 filebeat/module/aws/elb/test/example-tcp.log create mode 100644 filebeat/module/aws/elb/test/example-tcp.log-expected.json create mode 100644 filebeat/module/aws/fields.go create mode 100644 filebeat/module/aws/module.yml create mode 100644 filebeat/module/aws/s3access/_meta/fields.epr.yml create mode 100644 filebeat/module/aws/s3access/_meta/fields.yml create mode 100644 filebeat/module/aws/s3access/config/file.yml create mode 100644 filebeat/module/aws/s3access/config/s3.yml create mode 100644 filebeat/module/aws/s3access/ingest/pipeline.yml create mode 100644 filebeat/module/aws/s3access/manifest.yml create mode 100644 filebeat/module/aws/s3access/test/s3_server_access.log create mode 100644 filebeat/module/aws/s3access/test/s3_server_access.log-expected.json create mode 100644 filebeat/module/aws/s3access/test/test.log create mode 100644 filebeat/module/aws/s3access/test/test.log-expected.json create mode 100644 filebeat/module/aws/vpcflow/README.md create mode 100644 filebeat/module/aws/vpcflow/_meta/fields.epr.yml create mode 100644 filebeat/module/aws/vpcflow/_meta/fields.yml create mode 100644 filebeat/module/aws/vpcflow/config/input.yml create mode 100644 filebeat/module/aws/vpcflow/ingest/pipeline.yml create mode 100644 filebeat/module/aws/vpcflow/manifest.yml create mode 100644 filebeat/module/aws/vpcflow/test/accept-reject-traffic.log create mode 100644 filebeat/module/aws/vpcflow/test/accept-reject-traffic.log-expected.json create mode 100644 filebeat/module/aws/vpcflow/test/custom-nat-gateway.log create mode 100644 filebeat/module/aws/vpcflow/test/custom-nat-gateway.log-expected.json create mode 100644 filebeat/module/aws/vpcflow/test/custom-transit-gateway.log create mode 100644 filebeat/module/aws/vpcflow/test/custom-transit-gateway.log-expected.json create mode 100644 filebeat/module/aws/vpcflow/test/ipv6.log create mode 100644 filebeat/module/aws/vpcflow/test/ipv6.log-expected.json create mode 100644 filebeat/module/aws/vpcflow/test/no-data-skip-data.log create mode 100644 filebeat/module/aws/vpcflow/test/no-data-skip-data.log-expected.json create mode 100644 filebeat/module/aws/vpcflow/test/tcp-flag-sequence.log create mode 100644 filebeat/module/aws/vpcflow/test/tcp-flag-sequence.log-expected.json create mode 100644 filebeat/module/azure/_meta/config.yml create mode 100644 filebeat/module/azure/_meta/docs.asciidoc create mode 100644 filebeat/module/azure/_meta/fields.yml create mode 100644 filebeat/module/azure/_meta/kibana/7/dashboard/Filebeat-azure-alerts-overview.json create mode 100644 filebeat/module/azure/_meta/kibana/7/dashboard/Filebeat-azure-overview.json create mode 100644 filebeat/module/azure/_meta/kibana/7/dashboard/Filebeat-azure-user-activity.json create mode 100644 filebeat/module/azure/activitylogs/_meta/fields.yml create mode 100644 filebeat/module/azure/activitylogs/config/azure-eventhub.yml create mode 100644 filebeat/module/azure/activitylogs/config/file.yml create mode 100644 filebeat/module/azure/activitylogs/ingest/pipeline.json create mode 100644 filebeat/module/azure/activitylogs/manifest.yml create mode 100644 filebeat/module/azure/activitylogs/test/activitylogs.log create mode 100644 filebeat/module/azure/activitylogs/test/activitylogs.log-expected.json create mode 100644 filebeat/module/azure/auditlogs/_meta/fields.yml create mode 100644 filebeat/module/azure/auditlogs/config/azure-eventhub.yml create mode 100644 filebeat/module/azure/auditlogs/config/file.yml create mode 100644 filebeat/module/azure/auditlogs/ingest/pipeline.json create mode 100644 filebeat/module/azure/auditlogs/manifest.yml create mode 100644 filebeat/module/azure/auditlogs/test/auditlogs.log create mode 100644 filebeat/module/azure/auditlogs/test/auditlogs.log-expected.json create mode 100644 filebeat/module/azure/azure-shared-pipeline.json create mode 100644 filebeat/module/azure/fields.go create mode 100644 filebeat/module/azure/module.yml create mode 100644 filebeat/module/azure/signinlogs/_meta/fields.yml create mode 100644 filebeat/module/azure/signinlogs/config/azure-eventhub.yml create mode 100644 filebeat/module/azure/signinlogs/config/file.yml create mode 100644 filebeat/module/azure/signinlogs/ingest/pipeline.json create mode 100644 filebeat/module/azure/signinlogs/manifest.yml create mode 100644 filebeat/module/azure/signinlogs/test/signinlogs.log create mode 100644 filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json create mode 100644 filebeat/module/cef/_meta/config.yml create mode 100644 filebeat/module/cef/_meta/docs.asciidoc create mode 100644 filebeat/module/cef/_meta/fields.yml create mode 100644 filebeat/module/cef/_meta/kibana/7/dashboard/filebeat-cef-endpoint-os-activity.json create mode 100644 filebeat/module/cef/_meta/kibana/7/dashboard/filebeat-cef-endpoint-overview.json create mode 100644 filebeat/module/cef/_meta/kibana/7/dashboard/filebeat-cef-microsoft-dns.json create mode 100644 filebeat/module/cef/_meta/kibana/7/dashboard/filebeat-cef-network-overview.json create mode 100644 filebeat/module/cef/_meta/kibana/7/dashboard/filebeat-cef-network-suspicious-activity.json create mode 100644 filebeat/module/cef/fields.go create mode 100644 filebeat/module/cef/log/_meta/fields.yml create mode 100644 filebeat/module/cef/log/config/input.yml create mode 100644 filebeat/module/cef/log/ingest/cp-pipeline.yml create mode 100644 filebeat/module/cef/log/ingest/fp-pipeline.yml create mode 100644 filebeat/module/cef/log/ingest/pipeline.yml create mode 100644 filebeat/module/cef/log/manifest.yml create mode 100644 filebeat/module/cef/log/test/cef.log create mode 100644 filebeat/module/cef/log/test/cef.log-expected.json create mode 100644 filebeat/module/cef/log/test/checkpoint.log create mode 100644 filebeat/module/cef/log/test/checkpoint.log-expected.json create mode 100644 filebeat/module/cef/log/test/fp-ngfw-smc.log create mode 100644 filebeat/module/cef/log/test/fp-ngfw-smc.log-expected.json create mode 100644 filebeat/module/checkpoint/_meta/config.yml create mode 100644 filebeat/module/checkpoint/_meta/docs.asciidoc create mode 100644 filebeat/module/checkpoint/_meta/fields.yml create mode 100644 filebeat/module/checkpoint/fields.go create mode 100644 filebeat/module/checkpoint/firewall/_meta/fields.yml create mode 100644 filebeat/module/checkpoint/firewall/config/firewall.yml create mode 100644 filebeat/module/checkpoint/firewall/ingest/pipeline.json create mode 100644 filebeat/module/checkpoint/firewall/manifest.yml create mode 100644 filebeat/module/checkpoint/firewall/test/checkpoint.log create mode 100644 filebeat/module/checkpoint/firewall/test/checkpoint.log-expected.json create mode 100644 filebeat/module/checkpoint/module.yml create mode 100644 filebeat/module/cisco/README.md create mode 100644 filebeat/module/cisco/_meta/config.yml create mode 100644 filebeat/module/cisco/_meta/docs.asciidoc create mode 100644 filebeat/module/cisco/_meta/fields.yml create mode 100644 filebeat/module/cisco/_meta/kibana/7/dashboard/Filebeat-Cisco-ASA.json create mode 100644 filebeat/module/cisco/asa/_meta/fields.yml create mode 100644 filebeat/module/cisco/asa/config/input.yml create mode 100644 filebeat/module/cisco/asa/manifest.yml create mode 100644 filebeat/module/cisco/asa/test/asa-fix.log create mode 100644 filebeat/module/cisco/asa/test/asa-fix.log-expected.json create mode 100644 filebeat/module/cisco/asa/test/asa.log create mode 100644 filebeat/module/cisco/asa/test/asa.log-expected.json create mode 100644 filebeat/module/cisco/asa/test/dap_records.log create mode 100644 filebeat/module/cisco/asa/test/dap_records.log-expected.json create mode 100644 filebeat/module/cisco/asa/test/filtered.log create mode 100644 filebeat/module/cisco/asa/test/filtered.log-expected.json create mode 100644 filebeat/module/cisco/asa/test/hostnames.log create mode 100644 filebeat/module/cisco/asa/test/hostnames.log-expected.json create mode 100644 filebeat/module/cisco/asa/test/not-ip.log create mode 100644 filebeat/module/cisco/asa/test/not-ip.log-expected.json create mode 100644 filebeat/module/cisco/asa/test/sample.log create mode 100644 filebeat/module/cisco/asa/test/sample.log-expected.json create mode 100644 filebeat/module/cisco/fields.go create mode 100644 filebeat/module/cisco/ftd/_meta/fields.yml create mode 100644 filebeat/module/cisco/ftd/config/input.yml create mode 100644 filebeat/module/cisco/ftd/manifest.yml create mode 100644 filebeat/module/cisco/ftd/test/asa-fix.log create mode 100644 filebeat/module/cisco/ftd/test/asa-fix.log-expected.json create mode 100644 filebeat/module/cisco/ftd/test/asa.log create mode 100644 filebeat/module/cisco/ftd/test/asa.log-expected.json create mode 100644 filebeat/module/cisco/ftd/test/dns.log create mode 100644 filebeat/module/cisco/ftd/test/dns.log-expected.json create mode 100644 filebeat/module/cisco/ftd/test/filtered.log create mode 100644 filebeat/module/cisco/ftd/test/filtered.log-expected.json create mode 100644 filebeat/module/cisco/ftd/test/firepower-management.log create mode 100644 filebeat/module/cisco/ftd/test/firepower-management.log-expected.json create mode 100644 filebeat/module/cisco/ftd/test/intrusion.log create mode 100644 filebeat/module/cisco/ftd/test/intrusion.log-expected.json create mode 100644 filebeat/module/cisco/ftd/test/no-type-id.log create mode 100644 filebeat/module/cisco/ftd/test/no-type-id.log-expected.json create mode 100644 filebeat/module/cisco/ftd/test/sample.log create mode 100644 filebeat/module/cisco/ftd/test/sample.log-expected.json create mode 100644 filebeat/module/cisco/ftd/test/security-connection.log create mode 100644 filebeat/module/cisco/ftd/test/security-connection.log-expected.json create mode 100644 filebeat/module/cisco/ftd/test/security-file-malware.log create mode 100644 filebeat/module/cisco/ftd/test/security-file-malware.log-expected.json create mode 100644 filebeat/module/cisco/ftd/test/security-malware-site.log create mode 100644 filebeat/module/cisco/ftd/test/security-malware-site.log-expected.json create mode 100644 filebeat/module/cisco/ios/_meta/fields.yml create mode 100644 filebeat/module/cisco/ios/config/input.yml create mode 100644 filebeat/module/cisco/ios/config/pipeline.js create mode 100644 filebeat/module/cisco/ios/ingest/pipeline.yml create mode 100644 filebeat/module/cisco/ios/manifest.yml create mode 100644 filebeat/module/cisco/ios/pipeline_test.go create mode 100644 filebeat/module/cisco/ios/test/cisco-ios-syslog.log create mode 100644 filebeat/module/cisco/ios/test/cisco-ios-syslog.log-expected.json create mode 100644 filebeat/module/cisco/module.yml create mode 100644 filebeat/module/cisco/shared/gen-ecs-mapping-docs.go create mode 100644 filebeat/module/cisco/shared/gen-ftd-ecs-mapping.go create mode 100644 filebeat/module/cisco/shared/gen.go create mode 100644 filebeat/module/cisco/shared/ingest/asa-ftd-pipeline.yml create mode 100644 filebeat/module/cisco/shared/security-mappings.csv create mode 100644 filebeat/module/cisco/shared/stringset.go create mode 100644 filebeat/module/coredns/README.md create mode 100644 filebeat/module/coredns/_meta/config.yml create mode 100644 filebeat/module/coredns/_meta/docs.asciidoc create mode 100644 filebeat/module/coredns/_meta/fields.yml create mode 100644 filebeat/module/coredns/_meta/images/kibana-coredns.jpg create mode 100644 filebeat/module/coredns/_meta/kibana/7/dashboard/Coredns-Overview-Dashboard.json create mode 100644 filebeat/module/coredns/fields.go create mode 100644 filebeat/module/coredns/log/config/coredns.yml create mode 100644 filebeat/module/coredns/log/ingest/pipeline-entry.yml create mode 100644 filebeat/module/coredns/log/ingest/pipeline-json.yml create mode 100644 filebeat/module/coredns/log/ingest/pipeline-plaintext.yml create mode 100644 filebeat/module/coredns/log/manifest.yml create mode 100644 filebeat/module/coredns/log/test/coredns-json.log create mode 100644 filebeat/module/coredns/log/test/coredns-json.log-expected.json create mode 100644 filebeat/module/coredns/log/test/coredns.log create mode 100644 filebeat/module/coredns/log/test/coredns.log-expected.json create mode 100644 filebeat/module/coredns/module.yml create mode 100644 filebeat/module/crowdstrike/_meta/config.yml create mode 100644 filebeat/module/crowdstrike/_meta/docs.asciidoc create mode 100644 filebeat/module/crowdstrike/_meta/fields.yml create mode 100644 filebeat/module/crowdstrike/_meta/images/siem-alerts-cs.jpg create mode 100644 filebeat/module/crowdstrike/_meta/images/siem-events-cs.jpg create mode 100644 filebeat/module/crowdstrike/falcon/_meta/fields.yml create mode 100644 filebeat/module/crowdstrike/falcon/config/falcon.yml create mode 100644 filebeat/module/crowdstrike/falcon/config/pipeline.js create mode 100644 filebeat/module/crowdstrike/falcon/manifest.yml create mode 100644 filebeat/module/crowdstrike/falcon/test/falcon-audit-events.log create mode 100644 filebeat/module/crowdstrike/falcon/test/falcon-audit-events.log-expected.json create mode 100644 filebeat/module/crowdstrike/falcon/test/falcon-events.log create mode 100644 filebeat/module/crowdstrike/falcon/test/falcon-events.log-expected.json create mode 100644 filebeat/module/crowdstrike/fields.go create mode 100644 filebeat/module/crowdstrike/module.yml create mode 100644 filebeat/module/envoyproxy/README.md create mode 100644 filebeat/module/envoyproxy/_meta/config.yml create mode 100644 filebeat/module/envoyproxy/_meta/docs.asciidoc create mode 100644 filebeat/module/envoyproxy/_meta/fields.yml create mode 100644 filebeat/module/envoyproxy/_meta/images/kibana-envoyproxy.jpg create mode 100644 filebeat/module/envoyproxy/_meta/kibana/7/dashboard/Filebeat-Envoyproxy-Overview.json create mode 100644 filebeat/module/envoyproxy/fields.go create mode 100644 filebeat/module/envoyproxy/log/config/envoyproxy.yml create mode 100644 filebeat/module/envoyproxy/log/ingest/pipeline-entry.json create mode 100644 filebeat/module/envoyproxy/log/ingest/pipeline-geo-as.yml create mode 100644 filebeat/module/envoyproxy/log/ingest/pipeline-http.json create mode 100644 filebeat/module/envoyproxy/log/ingest/pipeline-json.json create mode 100644 filebeat/module/envoyproxy/log/ingest/pipeline-plaintext.json create mode 100644 filebeat/module/envoyproxy/log/ingest/pipeline-tcp.json create mode 100644 filebeat/module/envoyproxy/log/manifest.yml create mode 100644 filebeat/module/envoyproxy/log/test/envoy-json.log create mode 100644 filebeat/module/envoyproxy/log/test/envoy-json.log-expected.json create mode 100644 filebeat/module/envoyproxy/log/test/envoy.log create mode 100644 filebeat/module/envoyproxy/log/test/envoy.log-expected.json create mode 100644 filebeat/module/envoyproxy/module.yml create mode 100644 filebeat/module/googlecloud/_meta/config.yml create mode 100644 filebeat/module/googlecloud/_meta/docs.asciidoc create mode 100644 filebeat/module/googlecloud/_meta/fields.yml create mode 100644 filebeat/module/googlecloud/_meta/kibana/7/dashboard/filebeat-googlecloud-audit.json create mode 100644 filebeat/module/googlecloud/audit/_meta/fields.yml create mode 100644 filebeat/module/googlecloud/audit/config/input.yml create mode 100644 filebeat/module/googlecloud/audit/config/pipeline.js create mode 100644 filebeat/module/googlecloud/audit/ingest/pipeline.yml create mode 100644 filebeat/module/googlecloud/audit/manifest.yml create mode 100644 filebeat/module/googlecloud/audit/test/audit-log-entries.json.log create mode 100644 filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json create mode 100644 filebeat/module/googlecloud/fields.go create mode 100644 filebeat/module/googlecloud/firewall/_meta/fields.yml create mode 100644 filebeat/module/googlecloud/firewall/config/input.yml create mode 100644 filebeat/module/googlecloud/firewall/config/pipeline.js create mode 100644 filebeat/module/googlecloud/firewall/ingest/pipeline.yml create mode 100644 filebeat/module/googlecloud/firewall/manifest.yml create mode 100644 filebeat/module/googlecloud/firewall/test/rare.log create mode 100644 filebeat/module/googlecloud/firewall/test/rare.log-expected.json create mode 100644 filebeat/module/googlecloud/firewall/test/test.log create mode 100644 filebeat/module/googlecloud/firewall/test/test.log-expected.json create mode 100644 filebeat/module/googlecloud/vpcflow/_meta/fields.yml create mode 100644 filebeat/module/googlecloud/vpcflow/config/input.yml create mode 100644 filebeat/module/googlecloud/vpcflow/config/pipeline.js create mode 100644 filebeat/module/googlecloud/vpcflow/ingest/pipeline.yml create mode 100644 filebeat/module/googlecloud/vpcflow/manifest.yml create mode 100644 filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log create mode 100644 filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json create mode 100644 filebeat/module/ibmmq/_meta/config.yml create mode 100644 filebeat/module/ibmmq/_meta/docs.asciidoc create mode 100644 filebeat/module/ibmmq/_meta/fields.yml create mode 100644 filebeat/module/ibmmq/_meta/kibana/7/dashboard/Filebeat-IBMMQ-Overview.json create mode 100644 filebeat/module/ibmmq/errorlog/_meta/fields.yml create mode 100644 filebeat/module/ibmmq/errorlog/config/errorlog.yml create mode 100644 filebeat/module/ibmmq/errorlog/ingest/pipeline.yml create mode 100644 filebeat/module/ibmmq/errorlog/manifest.yml create mode 100644 filebeat/module/ibmmq/errorlog/test/AMQERR01.log create mode 100644 filebeat/module/ibmmq/errorlog/test/AMQERR01.log-expected.json create mode 100644 filebeat/module/ibmmq/errorlog/test/AMQERR01_QM1.log create mode 100644 filebeat/module/ibmmq/errorlog/test/AMQERR01_QM1.log-expected.json create mode 100644 filebeat/module/ibmmq/errorlog/test/AMQERR01_QM2.log create mode 100644 filebeat/module/ibmmq/errorlog/test/AMQERR01_QM2.log-expected.json create mode 100644 filebeat/module/ibmmq/fields.go create mode 100644 filebeat/module/ibmmq/module.yml create mode 100644 filebeat/module/iptables/README.md create mode 100644 filebeat/module/iptables/_meta/config.yml create mode 100644 filebeat/module/iptables/_meta/docs.asciidoc create mode 100644 filebeat/module/iptables/_meta/fields.yml create mode 100644 filebeat/module/iptables/_meta/kibana/7/dashboard/Filebeat-Iptables-Overview.json create mode 100644 filebeat/module/iptables/_meta/kibana/7/dashboard/Filebeat-Iptables-Ubiquiti-Firewall-Overview.json create mode 100644 filebeat/module/iptables/fields.go create mode 100644 filebeat/module/iptables/log/_meta/fields.yml create mode 100644 filebeat/module/iptables/log/config/input.yml create mode 100644 filebeat/module/iptables/log/ingest/pipeline.yml create mode 100644 filebeat/module/iptables/log/manifest.yml create mode 100644 filebeat/module/iptables/log/test/geo.log create mode 100644 filebeat/module/iptables/log/test/geo.log-expected.json create mode 100644 filebeat/module/iptables/log/test/icmp.log create mode 100644 filebeat/module/iptables/log/test/icmp.log-expected.json create mode 100644 filebeat/module/iptables/log/test/iptables.log create mode 100644 filebeat/module/iptables/log/test/iptables.log-expected.json create mode 100644 filebeat/module/iptables/log/test/ipv6.log create mode 100644 filebeat/module/iptables/log/test/ipv6.log-expected.json create mode 100644 filebeat/module/iptables/log/test/ubiquiti.log create mode 100644 filebeat/module/iptables/log/test/ubiquiti.log-expected.json create mode 100644 filebeat/module/iptables/module.yml create mode 100644 filebeat/module/misp/README.md create mode 100644 filebeat/module/misp/_meta/config.yml create mode 100644 filebeat/module/misp/_meta/docs.asciidoc create mode 100644 filebeat/module/misp/_meta/fields.yml create mode 100644 filebeat/module/misp/_meta/images/kibana-misp.png create mode 100644 filebeat/module/misp/_meta/kibana/7/dashboard/Filebeat-MISP-Overview.json create mode 100644 filebeat/module/misp/fields.go create mode 100644 filebeat/module/misp/module.yml create mode 100644 filebeat/module/misp/threat/_meta/fields.yml create mode 100644 filebeat/module/misp/threat/config/input.yml create mode 100644 filebeat/module/misp/threat/config/pipeline.js create mode 100644 filebeat/module/misp/threat/ingest/pipeline.json create mode 100644 filebeat/module/misp/threat/manifest.yml create mode 100644 filebeat/module/misp/threat/test/misp-test.json.log create mode 100644 filebeat/module/misp/threat/test/misp-test.json.log-expected.json create mode 100644 filebeat/module/mssql/_meta/config.yml create mode 100644 filebeat/module/mssql/_meta/docs.asciidoc create mode 100644 filebeat/module/mssql/_meta/fields.yml create mode 100644 filebeat/module/mssql/fields.go create mode 100644 filebeat/module/mssql/log/_meta/fields.yml create mode 100644 filebeat/module/mssql/log/config/config.yml create mode 100644 filebeat/module/mssql/log/ingest/pipeline.yml create mode 100644 filebeat/module/mssql/log/manifest.yml create mode 100644 filebeat/module/mssql/log/test/test.log create mode 100644 filebeat/module/mssql/log/test/test.log-expected.json create mode 100644 filebeat/module/netflow/_meta/config.yml create mode 100644 filebeat/module/netflow/_meta/docs.asciidoc create mode 100644 filebeat/module/netflow/_meta/fields.yml create mode 100644 filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-autonomous-systems.json create mode 100644 filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-conversation-partners.json create mode 100644 filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-flow-exporters.json create mode 100644 filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-flow-records.json create mode 100644 filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-geo-location.json create mode 100644 filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-overview.json create mode 100644 filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-top-n.json create mode 100644 filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-traffic-analysis.json create mode 100644 filebeat/module/netflow/dashboards.yml create mode 100644 filebeat/module/netflow/fields.go create mode 100644 filebeat/module/netflow/log/config/netflow.yml create mode 100644 filebeat/module/netflow/log/ingest/pipeline.yml create mode 100644 filebeat/module/netflow/log/manifest.yml create mode 100644 filebeat/module/o365/_meta/config.yml create mode 100644 filebeat/module/o365/_meta/docs.asciidoc create mode 100644 filebeat/module/o365/_meta/fields.yml create mode 100644 filebeat/module/o365/_meta/kibana/7/dashboard/Filebeat-O365-Audit.json create mode 100644 filebeat/module/o365/audit/_meta/fields.yml create mode 100644 filebeat/module/o365/audit/config/input.yml create mode 100644 filebeat/module/o365/audit/config/pipeline.js create mode 100644 filebeat/module/o365/audit/ingest/pipeline.yml create mode 100644 filebeat/module/o365/audit/manifest.yml create mode 100644 filebeat/module/o365/audit/test/01-exchange-admin.log create mode 100644 filebeat/module/o365/audit/test/01-exchange-admin.log-expected.json create mode 100644 filebeat/module/o365/audit/test/02-exchange-item.log create mode 100644 filebeat/module/o365/audit/test/02-exchange-item.log-expected.json create mode 100644 filebeat/module/o365/audit/test/04-sharepoint.log create mode 100644 filebeat/module/o365/audit/test/04-sharepoint.log-expected.json create mode 100644 filebeat/module/o365/audit/test/06-sharepointfileop.log create mode 100644 filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json create mode 100644 filebeat/module/o365/audit/test/08-azuread.log create mode 100644 filebeat/module/o365/audit/test/08-azuread.log-expected.json create mode 100644 filebeat/module/o365/audit/test/11-dlp-sharepoint.log create mode 100644 filebeat/module/o365/audit/test/11-dlp-sharepoint.log-expected.json create mode 100644 filebeat/module/o365/audit/test/13-dlp-exchange.log create mode 100644 filebeat/module/o365/audit/test/13-dlp-exchange.log-expected.json create mode 100644 filebeat/module/o365/audit/test/14-sp-sharing-op.log create mode 100644 filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json create mode 100644 filebeat/module/o365/audit/test/15-azuread-sts-logon.log create mode 100644 filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json create mode 100644 filebeat/module/o365/audit/test/22-yammer.log create mode 100644 filebeat/module/o365/audit/test/22-yammer.log-expected.json create mode 100644 filebeat/module/o365/audit/test/25-ms-teams.log create mode 100644 filebeat/module/o365/audit/test/25-ms-teams.log-expected.json create mode 100644 filebeat/module/o365/audit/test/40-sec-comp-alerts.log create mode 100644 filebeat/module/o365/audit/test/40-sec-comp-alerts.log-expected.json create mode 100644 filebeat/module/o365/audit/test/52-data-insights-api.log create mode 100644 filebeat/module/o365/audit/test/52-data-insights-api.log-expected.json create mode 100644 filebeat/module/o365/fields.go create mode 100644 filebeat/module/o365/module.yml create mode 100644 filebeat/module/okta/README.md create mode 100644 filebeat/module/okta/_meta/config.yml create mode 100644 filebeat/module/okta/_meta/docs.asciidoc create mode 100644 filebeat/module/okta/_meta/fields.yml create mode 100644 filebeat/module/okta/_meta/images/filebeat-okta-dashboard.png create mode 100644 filebeat/module/okta/_meta/kibana/7/dashboard/749203a0-67b1-11ea-a76f-bf44814e437d.json create mode 100644 filebeat/module/okta/fields.go create mode 100644 filebeat/module/okta/module.yml create mode 100644 filebeat/module/okta/system/_meta/fields.yml create mode 100644 filebeat/module/okta/system/config/input.yml create mode 100644 filebeat/module/okta/system/config/pipeline.js create mode 100644 filebeat/module/okta/system/ingest/pipeline.yml create mode 100644 filebeat/module/okta/system/manifest.yml create mode 100644 filebeat/module/okta/system/test/okta-system-test.json.log create mode 100644 filebeat/module/okta/system/test/okta-system-test.json.log-expected.json create mode 100644 filebeat/module/panw/README.md create mode 100644 filebeat/module/panw/_meta/config.yml create mode 100644 filebeat/module/panw/_meta/docs.asciidoc create mode 100644 filebeat/module/panw/_meta/fields.yml create mode 100644 filebeat/module/panw/_meta/kibana/7/dashboard/Filebeat-panw-network-overview.json create mode 100644 filebeat/module/panw/_meta/kibana/7/dashboard/Filebeat-panw-threat-overview.json create mode 100644 filebeat/module/panw/fields.go create mode 100644 filebeat/module/panw/module.yml create mode 100644 filebeat/module/panw/panos/_meta/fields.yml create mode 100644 filebeat/module/panw/panos/config/input.yml create mode 100644 filebeat/module/panw/panos/ingest/pipeline.yml create mode 100644 filebeat/module/panw/panos/manifest.yml create mode 100644 filebeat/module/panw/panos/test/pan_inc_other.log create mode 100644 filebeat/module/panw/panos/test/pan_inc_other.log-expected.json create mode 100644 filebeat/module/panw/panos/test/pan_inc_threat.log create mode 100644 filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json create mode 100644 filebeat/module/panw/panos/test/pan_inc_traffic.log create mode 100644 filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json create mode 100644 filebeat/module/panw/panos/test/threat.log create mode 100644 filebeat/module/panw/panos/test/threat.log-expected.json create mode 100644 filebeat/module/panw/panos/test/traffic.log create mode 100644 filebeat/module/panw/panos/test/traffic.log-expected.json create mode 100644 filebeat/module/rabbitmq/_meta/config.yml create mode 100644 filebeat/module/rabbitmq/_meta/docs.asciidoc create mode 100644 filebeat/module/rabbitmq/_meta/fields.yml create mode 100644 filebeat/module/rabbitmq/fields.go create mode 100644 filebeat/module/rabbitmq/log/_meta/fields.yml create mode 100644 filebeat/module/rabbitmq/log/config/log.yml create mode 100644 filebeat/module/rabbitmq/log/ingest/pipeline.yml create mode 100644 filebeat/module/rabbitmq/log/manifest.yml create mode 100644 filebeat/module/rabbitmq/log/test/test.log create mode 100644 filebeat/module/rabbitmq/log/test/test.log-expected.json create mode 100644 filebeat/module/suricata/README.md create mode 100644 filebeat/module/suricata/_meta/config.yml create mode 100644 filebeat/module/suricata/_meta/docs.asciidoc create mode 100644 filebeat/module/suricata/_meta/fields.yml create mode 100644 filebeat/module/suricata/_meta/kibana/7/dashboard/Filebeat-Suricata-Alert-Overview.json create mode 100644 filebeat/module/suricata/_meta/kibana/7/dashboard/Filebeat-Suricata-Overview.json create mode 100644 filebeat/module/suricata/eve/_meta/fields.yml create mode 100644 filebeat/module/suricata/eve/config/eve.yml create mode 100644 filebeat/module/suricata/eve/ingest/pipeline.yml create mode 100644 filebeat/module/suricata/eve/manifest.yml create mode 100644 filebeat/module/suricata/eve/test/eve-alerts.log create mode 100644 filebeat/module/suricata/eve/test/eve-alerts.log-expected.json create mode 100644 filebeat/module/suricata/eve/test/eve-dns-4.1.4.log create mode 100644 filebeat/module/suricata/eve/test/eve-dns-4.1.4.log-expected.json create mode 100644 filebeat/module/suricata/eve/test/eve-small.log create mode 100644 filebeat/module/suricata/eve/test/eve-small.log-expected.json create mode 100644 filebeat/module/suricata/fields.go create mode 100644 filebeat/module/suricata/module.yml create mode 100644 filebeat/module/zeek/README-developer.md create mode 100644 filebeat/module/zeek/README.md create mode 100644 filebeat/module/zeek/_meta/config.yml create mode 100644 filebeat/module/zeek/_meta/docs.asciidoc create mode 100644 filebeat/module/zeek/_meta/fields.yml create mode 100644 filebeat/module/zeek/_meta/images/kibana-zeek.png create mode 100644 filebeat/module/zeek/_meta/kibana/7/dashboard/Filebeat-Zeek-Overview.json create mode 100644 filebeat/module/zeek/capture_loss/_meta/fields.yml create mode 100644 filebeat/module/zeek/capture_loss/config/capture_loss.yml create mode 100644 filebeat/module/zeek/capture_loss/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/capture_loss/manifest.yml create mode 100644 filebeat/module/zeek/capture_loss/test/capture_loss-json.log create mode 100644 filebeat/module/zeek/capture_loss/test/capture_loss-json.log-expected.json create mode 100644 filebeat/module/zeek/connection/_meta/fields.yml create mode 100644 filebeat/module/zeek/connection/config/connection.yml create mode 100644 filebeat/module/zeek/connection/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/connection/manifest.yml create mode 100644 filebeat/module/zeek/connection/test/connection-json.log create mode 100644 filebeat/module/zeek/connection/test/connection-json.log-expected.json create mode 100644 filebeat/module/zeek/dce_rpc/_meta/fields.yml create mode 100644 filebeat/module/zeek/dce_rpc/config/dce_rpc.yml create mode 100644 filebeat/module/zeek/dce_rpc/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/dce_rpc/manifest.yml create mode 100644 filebeat/module/zeek/dce_rpc/test/dce_rpc-json.log create mode 100644 filebeat/module/zeek/dce_rpc/test/dce_rpc-json.log-expected.json create mode 100644 filebeat/module/zeek/dhcp/_meta/fields.yml create mode 100644 filebeat/module/zeek/dhcp/config/dhcp.yml create mode 100644 filebeat/module/zeek/dhcp/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/dhcp/manifest.yml create mode 100644 filebeat/module/zeek/dhcp/test/dhcp-json.log create mode 100644 filebeat/module/zeek/dhcp/test/dhcp-json.log-expected.json create mode 100644 filebeat/module/zeek/dnp3/_meta/fields.yml create mode 100644 filebeat/module/zeek/dnp3/config/dnp3.yml create mode 100644 filebeat/module/zeek/dnp3/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/dnp3/manifest.yml create mode 100644 filebeat/module/zeek/dnp3/test/dnp3-json.log create mode 100644 filebeat/module/zeek/dnp3/test/dnp3-json.log-expected.json create mode 100644 filebeat/module/zeek/dns/_meta/fields.yml create mode 100644 filebeat/module/zeek/dns/config/dns.yml create mode 100644 filebeat/module/zeek/dns/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/dns/manifest.yml create mode 100644 filebeat/module/zeek/dns/test/dns-json.log create mode 100644 filebeat/module/zeek/dns/test/dns-json.log-expected.json create mode 100644 filebeat/module/zeek/dpd/_meta/fields.yml create mode 100644 filebeat/module/zeek/dpd/config/dpd.yml create mode 100644 filebeat/module/zeek/dpd/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/dpd/manifest.yml create mode 100644 filebeat/module/zeek/dpd/test/dpd-json.log create mode 100644 filebeat/module/zeek/dpd/test/dpd-json.log-expected.json create mode 100644 filebeat/module/zeek/fields.go create mode 100644 filebeat/module/zeek/files/_meta/fields.yml create mode 100644 filebeat/module/zeek/files/config/files.yml create mode 100644 filebeat/module/zeek/files/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/files/manifest.yml create mode 100644 filebeat/module/zeek/files/test/files-json.log create mode 100644 filebeat/module/zeek/files/test/files-json.log-expected.json create mode 100644 filebeat/module/zeek/ftp/_meta/fields.yml create mode 100644 filebeat/module/zeek/ftp/config/ftp.yml create mode 100644 filebeat/module/zeek/ftp/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/ftp/manifest.yml create mode 100644 filebeat/module/zeek/ftp/test/ftp.log create mode 100644 filebeat/module/zeek/ftp/test/ftp.log-expected.json create mode 100644 filebeat/module/zeek/http/_meta/fields.yml create mode 100644 filebeat/module/zeek/http/config/http.yml create mode 100644 filebeat/module/zeek/http/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/http/manifest.yml create mode 100644 filebeat/module/zeek/http/test/http-json.log create mode 100644 filebeat/module/zeek/http/test/http-json.log-expected.json create mode 100644 filebeat/module/zeek/intel/_meta/fields.yml create mode 100644 filebeat/module/zeek/intel/config/intel.yml create mode 100644 filebeat/module/zeek/intel/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/intel/manifest.yml create mode 100644 filebeat/module/zeek/intel/test/intel-json.log create mode 100644 filebeat/module/zeek/intel/test/intel-json.log-expected.json create mode 100644 filebeat/module/zeek/irc/_meta/fields.yml create mode 100644 filebeat/module/zeek/irc/config/irc.yml create mode 100644 filebeat/module/zeek/irc/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/irc/manifest.yml create mode 100644 filebeat/module/zeek/irc/test/irc-json.log create mode 100644 filebeat/module/zeek/irc/test/irc-json.log-expected.json create mode 100644 filebeat/module/zeek/kerberos/_meta/fields.yml create mode 100644 filebeat/module/zeek/kerberos/config/kerberos.yml create mode 100644 filebeat/module/zeek/kerberos/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/kerberos/manifest.yml create mode 100644 filebeat/module/zeek/kerberos/test/kerberos-json.log create mode 100644 filebeat/module/zeek/kerberos/test/kerberos-json.log-expected.json create mode 100644 filebeat/module/zeek/modbus/_meta/fields.yml create mode 100644 filebeat/module/zeek/modbus/config/modbus.yml create mode 100644 filebeat/module/zeek/modbus/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/modbus/manifest.yml create mode 100644 filebeat/module/zeek/modbus/test/modbus-json.log create mode 100644 filebeat/module/zeek/modbus/test/modbus-json.log-expected.json create mode 100644 filebeat/module/zeek/module.yml create mode 100644 filebeat/module/zeek/mysql/_meta/fields.yml create mode 100644 filebeat/module/zeek/mysql/config/mysql.yml create mode 100644 filebeat/module/zeek/mysql/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/mysql/manifest.yml create mode 100644 filebeat/module/zeek/mysql/test/mysql-json.log create mode 100644 filebeat/module/zeek/mysql/test/mysql-json.log-expected.json create mode 100644 filebeat/module/zeek/notice/_meta/fields.yml create mode 100644 filebeat/module/zeek/notice/config/notice.yml create mode 100644 filebeat/module/zeek/notice/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/notice/manifest.yml create mode 100644 filebeat/module/zeek/notice/test/notice-json.log create mode 100644 filebeat/module/zeek/notice/test/notice-json.log-expected.json create mode 100644 filebeat/module/zeek/ntlm/_meta/fields.yml create mode 100644 filebeat/module/zeek/ntlm/config/ntlm.yml create mode 100644 filebeat/module/zeek/ntlm/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/ntlm/manifest.yml create mode 100644 filebeat/module/zeek/ntlm/test/ntlm-json.log create mode 100644 filebeat/module/zeek/ntlm/test/ntlm-json.log-expected.json create mode 100644 filebeat/module/zeek/ocsp/_meta/fields.yml create mode 100644 filebeat/module/zeek/ocsp/config/ocsp.yml create mode 100644 filebeat/module/zeek/ocsp/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/ocsp/manifest.yml create mode 100644 filebeat/module/zeek/pe/_meta/fields.yml create mode 100644 filebeat/module/zeek/pe/config/pe.yml create mode 100644 filebeat/module/zeek/pe/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/pe/manifest.yml create mode 100644 filebeat/module/zeek/pe/test/pe-json.log create mode 100644 filebeat/module/zeek/pe/test/pe-json.log-expected.json create mode 100644 filebeat/module/zeek/radius/_meta/fields.yml create mode 100644 filebeat/module/zeek/radius/config/radius.yml create mode 100644 filebeat/module/zeek/radius/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/radius/manifest.yml create mode 100644 filebeat/module/zeek/radius/test/radius-json.log create mode 100644 filebeat/module/zeek/radius/test/radius-json.log-expected.json create mode 100644 filebeat/module/zeek/rdp/_meta/fields.yml create mode 100644 filebeat/module/zeek/rdp/config/rdp.yml create mode 100644 filebeat/module/zeek/rdp/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/rdp/manifest.yml create mode 100644 filebeat/module/zeek/rdp/test/rdp-json.log create mode 100644 filebeat/module/zeek/rdp/test/rdp-json.log-expected.json create mode 100644 filebeat/module/zeek/rfb/_meta/fields.yml create mode 100644 filebeat/module/zeek/rfb/config/rfb.yml create mode 100644 filebeat/module/zeek/rfb/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/rfb/manifest.yml create mode 100644 filebeat/module/zeek/rfb/test/rfb-json.log create mode 100644 filebeat/module/zeek/rfb/test/rfb-json.log-expected.json create mode 100644 filebeat/module/zeek/sip/_meta/fields.yml create mode 100644 filebeat/module/zeek/sip/config/sip.yml create mode 100644 filebeat/module/zeek/sip/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/sip/manifest.yml create mode 100644 filebeat/module/zeek/sip/test/sip-json.log create mode 100644 filebeat/module/zeek/sip/test/sip-json.log-expected.json create mode 100644 filebeat/module/zeek/smb_cmd/_meta/fields.yml create mode 100644 filebeat/module/zeek/smb_cmd/config/smb_cmd.yml create mode 100644 filebeat/module/zeek/smb_cmd/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/smb_cmd/manifest.yml create mode 100644 filebeat/module/zeek/smb_cmd/test/smb_cmd-json.log create mode 100644 filebeat/module/zeek/smb_cmd/test/smb_cmd-json.log-expected.json create mode 100644 filebeat/module/zeek/smb_files/_meta/fields.yml create mode 100644 filebeat/module/zeek/smb_files/config/smb_files.yml create mode 100644 filebeat/module/zeek/smb_files/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/smb_files/manifest.yml create mode 100644 filebeat/module/zeek/smb_files/test/smb_files-json.log create mode 100644 filebeat/module/zeek/smb_files/test/smb_files-json.log-expected.json create mode 100644 filebeat/module/zeek/smb_mapping/_meta/fields.yml create mode 100644 filebeat/module/zeek/smb_mapping/config/smb_mapping.yml create mode 100644 filebeat/module/zeek/smb_mapping/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/smb_mapping/manifest.yml create mode 100644 filebeat/module/zeek/smb_mapping/test/smb_mapping-json.log create mode 100644 filebeat/module/zeek/smb_mapping/test/smb_mapping-json.log-expected.json create mode 100644 filebeat/module/zeek/smtp/_meta/fields.yml create mode 100644 filebeat/module/zeek/smtp/config/smtp.yml create mode 100644 filebeat/module/zeek/smtp/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/smtp/manifest.yml create mode 100644 filebeat/module/zeek/smtp/test/smtp-json.log create mode 100644 filebeat/module/zeek/smtp/test/smtp-json.log-expected.json create mode 100644 filebeat/module/zeek/snmp/_meta/fields.yml create mode 100644 filebeat/module/zeek/snmp/config/snmp.yml create mode 100644 filebeat/module/zeek/snmp/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/snmp/manifest.yml create mode 100644 filebeat/module/zeek/snmp/test/snmp-json.log create mode 100644 filebeat/module/zeek/snmp/test/snmp-json.log-expected.json create mode 100644 filebeat/module/zeek/socks/_meta/fields.yml create mode 100644 filebeat/module/zeek/socks/config/socks.yml create mode 100644 filebeat/module/zeek/socks/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/socks/manifest.yml create mode 100644 filebeat/module/zeek/socks/test/socks-json.log create mode 100644 filebeat/module/zeek/socks/test/socks-json.log-expected.json create mode 100644 filebeat/module/zeek/ssh/_meta/fields.yml create mode 100644 filebeat/module/zeek/ssh/config/ssh.yml create mode 100644 filebeat/module/zeek/ssh/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/ssh/manifest.yml create mode 100644 filebeat/module/zeek/ssh/test/ssh-json.log create mode 100644 filebeat/module/zeek/ssh/test/ssh-json.log-expected.json create mode 100644 filebeat/module/zeek/ssl/_meta/fields.yml create mode 100644 filebeat/module/zeek/ssl/config/ssl.yml create mode 100644 filebeat/module/zeek/ssl/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/ssl/manifest.yml create mode 100644 filebeat/module/zeek/ssl/test/ssl-json.log create mode 100644 filebeat/module/zeek/ssl/test/ssl-json.log-expected.json create mode 100644 filebeat/module/zeek/stats/_meta/fields.yml create mode 100644 filebeat/module/zeek/stats/config/stats.yml create mode 100644 filebeat/module/zeek/stats/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/stats/manifest.yml create mode 100644 filebeat/module/zeek/stats/test/stats-json.log create mode 100644 filebeat/module/zeek/stats/test/stats-json.log-expected.json create mode 100644 filebeat/module/zeek/syslog/_meta/fields.yml create mode 100644 filebeat/module/zeek/syslog/config/syslog.yml create mode 100644 filebeat/module/zeek/syslog/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/syslog/manifest.yml create mode 100644 filebeat/module/zeek/traceroute/config/traceroute.yml create mode 100644 filebeat/module/zeek/traceroute/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/traceroute/manifest.yml create mode 100644 filebeat/module/zeek/traceroute/test/traceroute-json.log create mode 100644 filebeat/module/zeek/traceroute/test/traceroute-json.log-expected.json create mode 100644 filebeat/module/zeek/tunnel/_meta/fields.yml create mode 100644 filebeat/module/zeek/tunnel/config/tunnel.yml create mode 100644 filebeat/module/zeek/tunnel/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/tunnel/manifest.yml create mode 100644 filebeat/module/zeek/tunnel/test/tunnel-json.log create mode 100644 filebeat/module/zeek/tunnel/test/tunnel-json.log-expected.json create mode 100644 filebeat/module/zeek/weird/_meta/fields.yml create mode 100644 filebeat/module/zeek/weird/config/weird.yml create mode 100644 filebeat/module/zeek/weird/ingest/pipeline.yml create mode 100644 filebeat/module/zeek/weird/manifest.yml create mode 100644 filebeat/module/zeek/weird/test/weird-json.log create mode 100644 filebeat/module/zeek/weird/test/weird-json.log-expected.json create mode 100644 filebeat/module/zeek/x509/_meta/fields.yml create mode 100644 filebeat/module/zeek/x509/config/x509.yml create mode 100644 filebeat/module/zeek/x509/ingest/pipeline.json create mode 100644 filebeat/module/zeek/x509/manifest.yml create mode 100644 filebeat/module/zeek/x509/test/x509-json.log create mode 100644 filebeat/module/zeek/x509/test/x509-json.log-expected.json create mode 100644 filebeat/modules.d/activemq.yml.disabled create mode 100644 filebeat/modules.d/aws.yml.disabled create mode 100644 filebeat/modules.d/azure.yml.disabled create mode 100644 filebeat/modules.d/cef.yml.disabled create mode 100644 filebeat/modules.d/checkpoint.yml.disabled create mode 100644 filebeat/modules.d/cisco.yml.disabled create mode 100644 filebeat/modules.d/coredns.yml.disabled create mode 100644 filebeat/modules.d/crowdstrike.yml.disabled create mode 100644 filebeat/modules.d/envoyproxy.yml.disabled create mode 100644 filebeat/modules.d/googlecloud.yml.disabled create mode 100644 filebeat/modules.d/ibmmq.yml.disabled create mode 100644 filebeat/modules.d/iptables.yml.disabled create mode 100644 filebeat/modules.d/misp.yml.disabled create mode 100644 filebeat/modules.d/mssql.yml.disabled create mode 100644 filebeat/modules.d/netflow.yml.disabled create mode 100644 filebeat/modules.d/o365.yml.disabled create mode 100644 filebeat/modules.d/okta.yml.disabled create mode 100644 filebeat/modules.d/panw.yml.disabled create mode 100644 filebeat/modules.d/rabbitmq.yml.disabled create mode 100644 filebeat/modules.d/suricata.yml.disabled create mode 100644 filebeat/modules.d/zeek.yml.disabled create mode 100644 filebeat/processors/decode_cef/_meta/fields.yml create mode 100644 filebeat/processors/decode_cef/cef/.gitignore create mode 100644 filebeat/processors/decode_cef/cef/cef.go create mode 100644 filebeat/processors/decode_cef/cef/cef.rl create mode 100644 filebeat/processors/decode_cef/cef/cef_test.go create mode 100644 filebeat/processors/decode_cef/cef/cmd/cef2json/.gitignore create mode 100644 filebeat/processors/decode_cef/cef/cmd/cef2json/cef2json.go create mode 100644 filebeat/processors/decode_cef/cef/fuzz/.gitignore create mode 100644 filebeat/processors/decode_cef/cef/fuzz/Makefile create mode 100644 filebeat/processors/decode_cef/cef/fuzz/fuzz.go create mode 100644 filebeat/processors/decode_cef/cef/keys.go create mode 100644 filebeat/processors/decode_cef/cef/option.go create mode 100644 filebeat/processors/decode_cef/cef/parser.go create mode 100644 filebeat/processors/decode_cef/cef/types.go create mode 100644 filebeat/processors/decode_cef/config.go create mode 100644 filebeat/processors/decode_cef/decode_cef.go create mode 100644 filebeat/processors/decode_cef/decode_cef_test.go create mode 100644 filebeat/processors/decode_cef/docs/decode_cef.asciidoc create mode 100644 filebeat/processors/decode_cef/fields.go create mode 100644 filebeat/processors/decode_cef/keys.ecs.go create mode 100644 filebeat/processors/decode_cef/testdata/samples.log create mode 100644 filebeat/processors/decode_cef/testdata/samples.log.golden.json create mode 100644 filebeat/tests/system/test_xpack_modules.py diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 8d514ecc0db..dc4b4610861 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -12,31 +12,43 @@ This file is generated! See _meta/fields.yml and scripts/generate_fields_docs.py This document describes the fields that are exported by Filebeat. They are grouped in the following categories: +* <> * <> * <> * <> * <> +* <> +* <> * <> * <> * <> * <> +* <> * <> +* <> +* <> * <> * <> * <> +* <> +* <> * <> * <> * <> * <> * <> +* <> * <> * <> +* <> * <> * <> * <> +* <> * <> * <> * <> +* <> * <> * <> * <> @@ -44,28 +56,102 @@ grouped in the following categories: * <> * <> * <> +* <> * <> * <> +* <> * <> * <> * <> +* <> +* <> * <> * <> +* <> +* <> * <> * <> * <> +* <> * <> * <> * <> +* <> * <> * <> +* <> * <> * <> +* <> * <> * <> * <> +* <> + +-- +[[exported-fields-activemq]] +== activemq fields + +Module for parsing ActiveMQ log files. + + + +[float] +=== activemq + + + + +*`activemq.caller`*:: ++ +-- +Name of the caller issuing the logging request (class or resource). + + +type: keyword + +-- + +*`activemq.thread`*:: ++ +-- +Thread that generated the logging event. + + +type: keyword + +-- + +*`activemq.user`*:: ++ +-- +User that generated the logging event. + + +type: keyword + +-- + +[float] +=== audit + +Fields from ActiveMQ audit logs. + + +[float] +=== log + +Fields from ActiveMQ application logs. + + + +*`activemq.log.stack_trace`*:: ++ +-- +type: keyword -- + [[exported-fields-activemq]] == ActiveMQ fields @@ -2044,43 +2130,31 @@ type: keyword -- -[[exported-fields-azure]] -== Azure fields +[[exported-fields-aws]] +== AWS fields -Azure Module +Module for handling logs from AWS. [float] -=== azure - - - - -*`azure.subscription_id`*:: -+ --- -Azure subscription ID +=== aws +Fields from AWS logs. -type: keyword --- -*`azure.correlation_id`*:: -+ --- -Correlation ID +[float] +=== cloudtrail +Fields for AWS CloudTrail logs. -type: keyword --- -*`azure.tenant_id`*:: +*`aws.cloudtrail.event_version`*:: + -- -tenant ID +The CloudTrail version of the log event format. type: keyword @@ -2088,600 +2162,588 @@ type: keyword -- [float] -=== resource - -Resource +=== user_identity +The userIdentity element contains details about the type of IAM identity that made the request, and which credentials were used. If temporary credentials were used, the element shows how the credentials were obtained. -*`azure.resource.id`*:: +*`aws.cloudtrail.user_identity.type`*:: + -- -Resource ID +The type of the identity type: keyword -- -*`azure.resource.group`*:: +*`aws.cloudtrail.user_identity.arn`*:: + -- -Resource group - +The Amazon Resource Name (ARN) of the principal that made the call. type: keyword -- -*`azure.resource.provider`*:: +*`aws.cloudtrail.user_identity.access_key_id`*:: + -- -Resource type/namespace - +The access key ID that was used to sign the request. type: keyword -- -*`azure.resource.namespace`*:: +[float] +=== session_context + +If the request was made with temporary security credentials, an element that provides information about the session that was created for those credentials + + +*`aws.cloudtrail.user_identity.session_context.mfa_authenticated`*:: + -- -Resource type/namespace - +The value is true if the root user or IAM user whose credentials were used for the request also was authenticated with an MFA device; otherwise, false. type: keyword -- -*`azure.resource.name`*:: +*`aws.cloudtrail.user_identity.session_context.creation_date`*:: + -- -Name - +The date and time when the temporary security credentials were issued. -type: keyword +type: date -- -*`azure.resource.authorization_rule`*:: +*`aws.cloudtrail.user_identity.invoked_by`*:: + -- -Authorization rule - +The name of the AWS service that made the request, such as Amazon EC2 Auto Scaling or AWS Elastic Beanstalk. type: keyword -- [float] -=== activitylogs - -Fields for Azure activity logs. - - - -[float] -=== identity - -Identity - - - -[float] -=== claims_initiated_by_user - -Claims initiated by user +=== session_issuer +If the request was made with temporary security credentials, an element that provides information about how the credentials were obtained. -*`azure.activitylogs.identity.claims_initiated_by_user.name`*:: +*`aws.cloudtrail.user_identity.session_issuer.type`*:: + -- -Name - +The source of the temporary security credentials, such as Root, IAMUser, or Role. type: keyword -- -*`azure.activitylogs.identity.claims_initiated_by_user.givenname`*:: +*`aws.cloudtrail.user_identity.session_issuer.principal_id`*:: + -- -Givenname - +The internal ID of the entity that was used to get credentials. type: keyword -- -*`azure.activitylogs.identity.claims_initiated_by_user.surname`*:: +*`aws.cloudtrail.user_identity.session_issuer.arn`*:: + -- -Surname - +The ARN of the source (account, IAM user, or role) that was used to get temporary security credentials. type: keyword -- -*`azure.activitylogs.identity.claims_initiated_by_user.fullname`*:: +*`aws.cloudtrail.user_identity.session_issuer.account_id`*:: + -- -Fullname - +The account that owns the entity that was used to get credentials. type: keyword -- -*`azure.activitylogs.identity.claims_initiated_by_user.schema`*:: +*`aws.cloudtrail.error_code`*:: + -- -Schema - +The AWS service error if the request returns an error. type: keyword -- -*`azure.activitylogs.identity.claims.*`*:: +*`aws.cloudtrail.error_message`*:: + -- -Claims - +If the request returns an error, the description of the error. -type: object +type: keyword -- -[float] -=== authorization - -Authorization - - - -*`azure.activitylogs.identity.authorization.scope`*:: +*`aws.cloudtrail.request_parameters`*:: + -- -Scope - +The parameters, if any, that were sent with the request. type: keyword -- -*`azure.activitylogs.identity.authorization.action`*:: +*`aws.cloudtrail.response_elements`*:: + -- -Action - +The response element for actions that make changes (create, update, or delete actions). type: keyword -- -[float] -=== evidence - -Evidence +*`aws.cloudtrail.additional_eventdata`*:: ++ +-- +Additional data about the event that was not part of the request or response. +type: keyword +-- -*`azure.activitylogs.identity.authorization.evidence.role_assignment_scope`*:: +*`aws.cloudtrail.request_id`*:: + -- -Role assignment scope - +The value that identifies the request. The service being called generates this value. type: keyword -- -*`azure.activitylogs.identity.authorization.evidence.role_definition_id`*:: +*`aws.cloudtrail.event_type`*:: + -- -Role definition ID - +Identifies the type of event that generated the event record. type: keyword -- -*`azure.activitylogs.identity.authorization.evidence.role`*:: +*`aws.cloudtrail.api_version`*:: + -- -Role - +Identifies the API version associated with the AwsApiCall eventType value. type: keyword -- -*`azure.activitylogs.identity.authorization.evidence.role_assignment_id`*:: +*`aws.cloudtrail.management_event`*:: + -- -Role assignment ID - +A Boolean value that identifies whether the event is a management event. type: keyword -- -*`azure.activitylogs.identity.authorization.evidence.principal_id`*:: +*`aws.cloudtrail.read_only`*:: + -- -Principal ID - +Identifies whether this operation is a read-only operation. type: keyword -- -*`azure.activitylogs.identity.authorization.evidence.principal_type`*:: +[float] +=== resources + +A list of resources accessed in the event. + + +*`aws.cloudtrail.resources.arn`*:: + -- -Principal type - +Resource ARNs type: keyword -- -*`azure.activitylogs.operation_name`*:: +*`aws.cloudtrail.resources.account_id`*:: + -- -Operation name - +Account ID of the resource owner type: keyword -- -*`azure.activitylogs.result_signature`*:: +*`aws.cloudtrail.resources.type`*:: + -- -Result signature - +Resource type identifier in the format: AWS::aws-service-name::data-type-name type: keyword -- -*`azure.activitylogs.category`*:: +*`aws.cloudtrail.recipient_account_id`*:: + -- -Category - +Represents the account ID that received this event. type: keyword -- -[float] -=== properties - -Properties +*`aws.cloudtrail.service_event_details`*:: ++ +-- +Identifies the service event, including what triggered the event and the result. +type: keyword +-- -*`azure.activitylogs.properties.service_request_id`*:: +*`aws.cloudtrail.shared_event_id`*:: + -- -Service Request Id - +GUID generated by CloudTrail to uniquely identify CloudTrail events from the same AWS action that is sent to different AWS accounts. type: keyword -- -*`azure.activitylogs.properties.status_code`*:: +*`aws.cloudtrail.vpc_endpoint_id`*:: + -- -Status code - +Identifies the VPC endpoint in which requests were made from a VPC to another AWS service, such as Amazon S3. type: keyword -- [float] -=== auditlogs +=== console_login + +Fields specific to ConsoleLogin events -Fields for Azure audit logs. +[float] +=== additional_eventdata +Additional Event Data for ConsoleLogin events -*`azure.auditlogs.operation_name`*:: + + +*`aws.cloudtrail.console_login.additional_eventdata.mobile_version`*:: + -- -The operation name - +Identifies whether ConsoleLogin was from mobile version -type: keyword +type: boolean -- -*`azure.auditlogs.operation_version`*:: +*`aws.cloudtrail.console_login.additional_eventdata.login_to`*:: + -- -The operation version - +URL for ConsoleLogin type: keyword -- -*`azure.auditlogs.identity`*:: +*`aws.cloudtrail.console_login.additional_eventdata.mfa_used`*:: + -- -Identity - +Identifies whether multi factor authentication was used during ConsoleLogin -type: keyword +type: boolean -- -*`azure.auditlogs.tenant_id`*:: -+ --- -Tenant ID +[float] +=== cloudwatch +Fields for AWS CloudWatch logs. -type: keyword --- -*`azure.auditlogs.result_signature`*:: +*`aws.cloudwatch.message`*:: + -- -Result signature +CloudWatch log message. -type: keyword +type: text -- [float] -=== properties +=== ec2 -The audit log properties +Fields for AWS EC2 logs in CloudWatch. -*`azure.auditlogs.properties.result`*:: +*`aws.ec2.ip_address`*:: + -- -Log result +The internet address of the requester. type: keyword -- -*`azure.auditlogs.properties.activity_display_name`*:: +[float] +=== elb + +Fields for AWS ELB logs. + + + +*`aws.elb.name`*:: + -- -Activity display name +The name of the load balancer. type: keyword -- -*`azure.auditlogs.properties.result_reason`*:: +*`aws.elb.type`*:: + -- -Reason for the log result +The type of the load balancer for v2 Load Balancers. type: keyword -- -*`azure.auditlogs.properties.correlation_id`*:: +*`aws.elb.target_group.arn`*:: + -- -Correlation ID +The ARN of the target group handling the request. type: keyword -- -*`azure.auditlogs.properties.logged_by_service`*:: +*`aws.elb.listener`*:: + -- -Logged by service +The ELB listener that received the connection. type: keyword -- -*`azure.auditlogs.properties.operation_type`*:: +*`aws.elb.protocol`*:: + -- -Operation type +The protocol of the load balancer (http or tcp). type: keyword -- -*`azure.auditlogs.properties.id`*:: +*`aws.elb.request_processing_time.sec`*:: + -- -ID +The total time in seconds since the connection or request is received until it is sent to a registered backend. -type: keyword +type: float -- -*`azure.auditlogs.properties.activity_datetime`*:: +*`aws.elb.backend_processing_time.sec`*:: + -- -Activity timestamp +The total time in seconds since the connection is sent to the backend till the backend starts responding. -type: date +type: float -- -*`azure.auditlogs.properties.category`*:: +*`aws.elb.response_processing_time.sec`*:: + -- -category +The total time in seconds since the response is received from the backend till it is sent to the client. -type: keyword +type: float -- -[float] -=== target_resources.* +*`aws.elb.connection_time.ms`*:: ++ +-- +The total time of the connection in milliseconds, since it is opened till it is closed. -Target resources +type: long +-- -*`azure.auditlogs.properties.target_resources.*.display_name`*:: +*`aws.elb.tls_handshake_time.ms`*:: + -- -Display name +The total time for the TLS handshake to complete in milliseconds once the connection has been established. -type: keyword +type: long -- -*`azure.auditlogs.properties.target_resources.*.id`*:: +*`aws.elb.backend.ip`*:: + -- -ID +The IP address of the backend processing this connection. type: keyword -- -*`azure.auditlogs.properties.target_resources.*.type`*:: +*`aws.elb.backend.port`*:: + -- -Type +The port in the backend processing this connection. type: keyword -- -*`azure.auditlogs.properties.target_resources.*.ip_address`*:: +*`aws.elb.backend.http.response.status_code`*:: + -- -ip Address +The status code from the backend (status code sent to the client from ELB is stored in `http.response.status_code` type: keyword -- -*`azure.auditlogs.properties.target_resources.*.user_principal_name`*:: +*`aws.elb.ssl_cipher`*:: + -- -User principal name +The SSL cipher used in TLS/SSL connections. type: keyword -- -[float] -=== modified_properties.* +*`aws.elb.ssl_protocol`*:: ++ +-- +The SSL protocol used in TLS/SSL connections. -Modified properties +type: keyword +-- -*`azure.auditlogs.properties.target_resources.*.modified_properties.*.new_value`*:: +*`aws.elb.chosen_cert.arn`*:: + -- -New value +The ARN of the chosen certificate presented to the client in TLS/SSL connections. type: keyword -- -*`azure.auditlogs.properties.target_resources.*.modified_properties.*.display_name`*:: +*`aws.elb.chosen_cert.serial`*:: + -- -Display value +The serial number of the chosen certificate presented to the client in TLS/SSL connections. type: keyword -- -*`azure.auditlogs.properties.target_resources.*.modified_properties.*.old_value`*:: +*`aws.elb.incoming_tls_alert`*:: + -- -Old value +The integer value of TLS alerts received by the load balancer from the client, if present. type: keyword -- -[float] -=== initiated_by +*`aws.elb.tls_named_group`*:: ++ +-- +The TLS named group. -Information regarding the initiator +type: keyword +-- -[float] -=== app +*`aws.elb.trace_id`*:: ++ +-- +The contents of the `X-Amzn-Trace-Id` header. -App +type: keyword +-- -*`azure.auditlogs.properties.initiated_by.app.servicePrincipalName`*:: +*`aws.elb.matched_rule_priority`*:: + -- -Service principal name +The priority value of the rule that matched the request, if a rule matched. type: keyword -- -*`azure.auditlogs.properties.initiated_by.app.displayName`*:: +*`aws.elb.action_executed`*:: + -- -Display name +The action executed when processing the request (forward, fixed-response, authenticate...). It can contain several values. type: keyword -- -*`azure.auditlogs.properties.initiated_by.app.appId`*:: +*`aws.elb.redirect_url`*:: + -- -App ID +The URL used if a redirection action was executed. type: keyword -- -*`azure.auditlogs.properties.initiated_by.app.servicePrincipalId`*:: +*`aws.elb.error.reason`*:: + -- -Service principal ID +The error reason if the executed action failed. type: keyword @@ -2689,2165 +2751,2414 @@ type: keyword -- [float] -=== user +=== s3access -User +Fields for AWS S3 server access logs. -*`azure.auditlogs.properties.initiated_by.user.userPrincipalName`*:: +*`aws.s3access.bucket_owner`*:: + -- -User principal name +The canonical user ID of the owner of the source bucket. type: keyword -- -*`azure.auditlogs.properties.initiated_by.user.displayName`*:: +*`aws.s3access.bucket`*:: + -- -Display name +The name of the bucket that the request was processed against. type: keyword -- -*`azure.auditlogs.properties.initiated_by.user.id`*:: +*`aws.s3access.remote_ip`*:: + -- -ID +The apparent internet address of the requester. -type: keyword +type: ip -- -*`azure.auditlogs.properties.initiated_by.user.ipAddress`*:: +*`aws.s3access.requester`*:: + -- -ip Address +The canonical user ID of the requester, or a - for unauthenticated requests. type: keyword -- -[float] -=== signinlogs - -Fields for Azure sign-in logs. - - - -*`azure.signinlogs.operation_name`*:: +*`aws.s3access.request_id`*:: + -- -The operation name +A string generated by Amazon S3 to uniquely identify each request. type: keyword -- -*`azure.signinlogs.operation_version`*:: +*`aws.s3access.operation`*:: + -- -The operation version +The operation listed here is declared as SOAP.operation, REST.HTTP_method.resource_type, WEBSITE.HTTP_method.resource_type, or BATCH.DELETE.OBJECT. type: keyword -- -*`azure.signinlogs.tenant_id`*:: +*`aws.s3access.key`*:: + -- -Tenant ID +The "key" part of the request, URL encoded, or "-" if the operation does not take a key parameter. type: keyword -- -*`azure.signinlogs.result_signature`*:: +*`aws.s3access.request_uri`*:: + -- -Result signature +The Request-URI part of the HTTP request message. type: keyword -- -*`azure.signinlogs.result_description`*:: +*`aws.s3access.http_status`*:: + -- -Result description +The numeric HTTP status code of the response. -type: keyword +type: long -- -*`azure.signinlogs.identity`*:: +*`aws.s3access.error_code`*:: + -- -Identity +The Amazon S3 Error Code, or "-" if no error occurred. type: keyword -- -[float] -=== properties - -The signin log properties - - - -*`azure.signinlogs.properties.id`*:: +*`aws.s3access.bytes_sent`*:: + -- -ID +The number of response bytes sent, excluding HTTP protocol overhead, or "-" if zero. -type: keyword +type: long -- -*`azure.signinlogs.properties.created_at`*:: +*`aws.s3access.object_size`*:: + -- -Created date time +The total size of the object in question. -type: date +type: long -- -*`azure.signinlogs.properties.user_display_name`*:: +*`aws.s3access.total_time`*:: + -- -User display name +The number of milliseconds the request was in flight from the server's perspective. -type: keyword +type: long -- -*`azure.signinlogs.properties.correlation_id`*:: +*`aws.s3access.turn_around_time`*:: + -- -Correlation ID +The number of milliseconds that Amazon S3 spent processing your request. -type: keyword +type: long -- -*`azure.signinlogs.properties.user_principal_name`*:: +*`aws.s3access.referrer`*:: + -- -User principal name +The value of the HTTP Referrer header, if present. type: keyword -- -*`azure.signinlogs.properties.user_id`*:: +*`aws.s3access.user_agent`*:: + -- -User ID +The value of the HTTP User-Agent header. type: keyword -- -*`azure.signinlogs.properties.app_id`*:: +*`aws.s3access.version_id`*:: + -- -App ID +The version ID in the request, or "-" if the operation does not take a versionId parameter. type: keyword -- -*`azure.signinlogs.properties.app_display_name`*:: +*`aws.s3access.host_id`*:: + -- -App display name +The x-amz-id-2 or Amazon S3 extended request ID. type: keyword -- -*`azure.signinlogs.properties.ip_address`*:: +*`aws.s3access.signature_version`*:: + -- -Ip address +The signature version, SigV2 or SigV4, that was used to authenticate the request or a - for unauthenticated requests. type: keyword -- -*`azure.signinlogs.properties.client_app_used`*:: +*`aws.s3access.cipher_suite`*:: + -- -Client app used +The Secure Sockets Layer (SSL) cipher that was negotiated for HTTPS request or a - for HTTP. type: keyword -- -*`azure.signinlogs.properties.conditional_access_status`*:: +*`aws.s3access.authentication_type`*:: + -- -Conditional access status +The type of request authentication used, AuthHeader for authentication headers, QueryString for query string (pre-signed URL) or a - for unauthenticated requests. type: keyword -- -*`azure.signinlogs.properties.original_request_id`*:: +*`aws.s3access.host_header`*:: + -- -Original request ID +The endpoint used to connect to Amazon S3. type: keyword -- -*`azure.signinlogs.properties.is_interactive`*:: +*`aws.s3access.tls_version`*:: + -- -Is interactive +The Transport Layer Security (TLS) version negotiated by the client. type: keyword -- -*`azure.signinlogs.properties.token_issuer_name`*:: -+ --- -Token issuer name +[float] +=== vpcflow +Fields for AWS VPC flow logs. -type: keyword --- -*`azure.signinlogs.properties.token_issuer_type`*:: +*`aws.vpcflow.version`*:: + -- -Token issuer type +The VPC Flow Logs version. If you use the default format, the version is 2. If you specify a custom format, the version is 3. type: keyword -- -*`azure.signinlogs.properties.processing_time_ms`*:: +*`aws.vpcflow.account_id`*:: + -- -Processing time in milliseconds +The AWS account ID for the flow log. -type: float +type: keyword -- -*`azure.signinlogs.properties.risk_detail`*:: +*`aws.vpcflow.interface_id`*:: + -- -Risk detail +The ID of the network interface for which the traffic is recorded. type: keyword -- -*`azure.signinlogs.properties.risk_level_aggregated`*:: +*`aws.vpcflow.action`*:: + -- -Risk level aggregated +The action that is associated with the traffic, ACCEPT or REJECT. type: keyword -- -*`azure.signinlogs.properties.risk_level_during_signin`*:: +*`aws.vpcflow.log_status`*:: + -- -Risk level during signIn +The logging status of the flow log, OK, NODATA or SKIPDATA. type: keyword -- -*`azure.signinlogs.properties.risk_state`*:: +*`aws.vpcflow.instance_id`*:: + -- -Risk state +The ID of the instance that's associated with network interface for which the traffic is recorded, if the instance is owned by you. type: keyword -- -*`azure.signinlogs.properties.resource_display_name`*:: +*`aws.vpcflow.pkt_srcaddr`*:: + -- -Resource display name +The packet-level (original) source IP address of the traffic. -type: keyword +type: ip -- -[float] -=== status +*`aws.vpcflow.pkt_dstaddr`*:: ++ +-- +The packet-level (original) destination IP address for the traffic. -Status +type: ip +-- -*`azure.signinlogs.properties.status.error_code`*:: +*`aws.vpcflow.vpc_id`*:: + -- -Error code +The ID of the VPC that contains the network interface for which the traffic is recorded. type: keyword -- -[float] -=== device_detail - -Status - - - -*`azure.signinlogs.properties.device_detail.device_id`*:: +*`aws.vpcflow.subnet_id`*:: + -- -Device ID +The ID of the subnet that contains the network interface for which the traffic is recorded. type: keyword -- -*`azure.signinlogs.properties.device_detail.operating_system`*:: +*`aws.vpcflow.tcp_flags`*:: + -- -Operating system +The bitmask value for the following TCP flags: 2=SYN,18=SYN-ACK,1=FIN,4=RST type: keyword -- -*`azure.signinlogs.properties.device_detail.browser`*:: +*`aws.vpcflow.type`*:: + -- -Browser +The type of traffic: IPv4, IPv6, or EFA. type: keyword -- -*`azure.signinlogs.properties.device_detail.display_name`*:: +[[exported-fields-azure]] +== Azure fields + +Azure Module + + + +[float] +=== azure + + + + +*`azure.subscription_id`*:: + -- -Display name +Azure subscription ID type: keyword -- -*`azure.signinlogs.properties.device_detail.trust_type`*:: +*`azure.correlation_id`*:: + -- -Trust type +Correlation ID type: keyword -- -*`azure.signinlogs.properties.service_principal_id`*:: +*`azure.tenant_id`*:: + -- -Status +tenant ID type: keyword -- -[[exported-fields-beat-common]] -== Beat fields +[float] +=== resource -Contains common beat fields available in all event types. +Resource -*`agent.hostname`*:: +*`azure.resource.id`*:: + -- -Deprecated - use agent.name or agent.id to identify an agent. - +Resource ID -type: alias -alias to: agent.name +type: keyword -- -*`beat.timezone`*:: +*`azure.resource.group`*:: + -- -type: alias +Resource group -alias to: event.timezone + +type: keyword -- -*`fields`*:: +*`azure.resource.provider`*:: + -- -Contains user configurable fields. +Resource type/namespace -type: object +type: keyword -- -*`beat.name`*:: +*`azure.resource.namespace`*:: + -- -type: alias +Resource type/namespace -alias to: host.name + +type: keyword -- -*`beat.hostname`*:: +*`azure.resource.name`*:: + -- -type: alias +Name -alias to: agent.name + +type: keyword -- -*`timeseries.instance`*:: +*`azure.resource.authorization_rule`*:: + -- -Time series instance id +Authorization rule + type: keyword -- -[[exported-fields-cef]] -== Decode CEF processor fields fields +[float] +=== activitylogs -Common Event Format (CEF) data. +Fields for Azure activity logs. [float] -=== cef +=== identity -By default the `decode_cef` processor writes all data from the CEF message to this `cef` object. It contains the CEF header fields and the extension data. +Identity -*`cef.version`*:: -+ --- -Version of the CEF specification used by the message. +[float] +=== claims_initiated_by_user +Claims initiated by user -type: keyword --- -*`cef.device.vendor`*:: +*`azure.activitylogs.identity.claims_initiated_by_user.name`*:: + -- -Vendor of the device that produced the message. +Name type: keyword -- -*`cef.device.product`*:: +*`azure.activitylogs.identity.claims_initiated_by_user.givenname`*:: + -- -Product of the device that produced the message. +Givenname type: keyword -- -*`cef.device.version`*:: +*`azure.activitylogs.identity.claims_initiated_by_user.surname`*:: + -- -Version of the product that produced the message. +Surname type: keyword -- -*`cef.device.event_class_id`*:: +*`azure.activitylogs.identity.claims_initiated_by_user.fullname`*:: + -- -Unique identifier of the event type. +Fullname type: keyword -- -*`cef.severity`*:: +*`azure.activitylogs.identity.claims_initiated_by_user.schema`*:: + -- -Importance of the event. The valid string values are Unknown, Low, Medium, High, and Very-High. The valid integer values are 0-3=Low, 4-6=Medium, 7- 8=High, and 9-10=Very-High. +Schema type: keyword -example: Very-High - -- -*`cef.name`*:: +*`azure.activitylogs.identity.claims.*`*:: + -- -Short description of the event. +Claims -type: keyword +type: object -- [float] -=== extensions +=== authorization -Collection of key-value pairs carried in the CEF extension field. +Authorization -*`cef.extensions.agentAddress`*:: +*`azure.activitylogs.identity.authorization.scope`*:: + -- -The IP address of the ArcSight connector that processed the event. +Scope -type: ip + +type: keyword -- -*`cef.extensions.agentDnsDomain`*:: +*`azure.activitylogs.identity.authorization.action`*:: + -- -The DNS domain name of the ArcSight connector that processed the event. +Action + type: keyword -- -*`cef.extensions.agentHostName`*:: +[float] +=== evidence + +Evidence + + + +*`azure.activitylogs.identity.authorization.evidence.role_assignment_scope`*:: + -- -The hostname of the ArcSight connector that processed the event. +Role assignment scope + type: keyword -- -*`cef.extensions.agentId`*:: +*`azure.activitylogs.identity.authorization.evidence.role_definition_id`*:: + -- -The agent ID of the ArcSight connector that processed the event. +Role definition ID + type: keyword -- -*`cef.extensions.agentMacAddress`*:: +*`azure.activitylogs.identity.authorization.evidence.role`*:: + -- -The MAC address of the ArcSight connector that processed the event. +Role + type: keyword -- -*`cef.extensions.agentNtDomain`*:: +*`azure.activitylogs.identity.authorization.evidence.role_assignment_id`*:: + -- -None +Role assignment ID + type: keyword -- -*`cef.extensions.agentReceiptTime`*:: +*`azure.activitylogs.identity.authorization.evidence.principal_id`*:: + -- -The time at which information about the event was received by the ArcSight connector. +Principal ID -type: date + +type: keyword -- -*`cef.extensions.agentTimeZone`*:: +*`azure.activitylogs.identity.authorization.evidence.principal_type`*:: + -- -The agent time zone of the ArcSight connector that processed the event. +Principal type + type: keyword -- -*`cef.extensions.agentTranslatedAddress`*:: +*`azure.activitylogs.operation_name`*:: + -- -None +Operation name -type: ip + +type: keyword -- -*`cef.extensions.agentTranslatedZoneExternalID`*:: +*`azure.activitylogs.result_signature`*:: + -- -None +Result signature + type: keyword -- -*`cef.extensions.agentTranslatedZoneURI`*:: +*`azure.activitylogs.category`*:: + -- -None +Category + type: keyword -- -*`cef.extensions.agentType`*:: +[float] +=== properties + +Properties + + + +*`azure.activitylogs.properties.service_request_id`*:: + -- -The agent type of the ArcSight connector that processed the event +Service Request Id + type: keyword -- -*`cef.extensions.agentVersion`*:: +*`azure.activitylogs.properties.status_code`*:: + -- -The version of the ArcSight connector that processed the event. +Status code + type: keyword -- -*`cef.extensions.agentZoneExternalID`*:: +[float] +=== auditlogs + +Fields for Azure audit logs. + + + +*`azure.auditlogs.operation_name`*:: + -- -None +The operation name + type: keyword -- -*`cef.extensions.agentZoneURI`*:: +*`azure.auditlogs.operation_version`*:: + -- -None +The operation version + type: keyword -- -*`cef.extensions.applicationProtocol`*:: +*`azure.auditlogs.identity`*:: + -- -Application level protocol, example values are HTTP, HTTPS, SSHv2, Telnet, POP, IMPA, IMAPS, and so on. +Identity + type: keyword -- -*`cef.extensions.baseEventCount`*:: +*`azure.auditlogs.tenant_id`*:: + -- -A count associated with this event. How many times was this same event observed? Count can be omitted if it is 1. +Tenant ID -type: long + +type: keyword -- -*`cef.extensions.bytesIn`*:: +*`azure.auditlogs.result_signature`*:: + -- -Number of bytes transferred inbound, relative to the source to destination relationship, meaning that data was flowing from source to destination. +Result signature -type: long --- +type: keyword -*`cef.extensions.bytesOut`*:: -+ -- -Number of bytes transferred outbound relative to the source to destination relationship. For example, the byte number of data flowing from the destination to the source. -type: long +[float] +=== properties --- +The audit log properties -*`cef.extensions.customerExternalID`*:: + + +*`azure.auditlogs.properties.result`*:: + -- -None +Log result + type: keyword -- -*`cef.extensions.customerURI`*:: +*`azure.auditlogs.properties.activity_display_name`*:: + -- -None +Activity display name + type: keyword -- -*`cef.extensions.destinationAddress`*:: +*`azure.auditlogs.properties.result_reason`*:: + -- -Identifies the destination address that the event refers to in an IP network. The format is an IPv4 address. +Reason for the log result -type: ip + +type: keyword -- -*`cef.extensions.destinationDnsDomain`*:: +*`azure.auditlogs.properties.correlation_id`*:: + -- -The DNS domain part of the complete fully qualified domain name (FQDN). +Correlation ID + type: keyword -- -*`cef.extensions.destinationGeoLatitude`*:: +*`azure.auditlogs.properties.logged_by_service`*:: + -- -The latitudinal value from which the destination's IP address belongs. +Logged by service -type: double + +type: keyword -- -*`cef.extensions.destinationGeoLongitude`*:: +*`azure.auditlogs.properties.operation_type`*:: + -- -The longitudinal value from which the destination's IP address belongs. +Operation type -type: double + +type: keyword -- -*`cef.extensions.destinationHostName`*:: +*`azure.auditlogs.properties.id`*:: + -- -Identifies the destination that an event refers to in an IP network. The format should be a fully qualified domain name (FQDN) associated with the destination node, when a node is available. +ID + type: keyword -- -*`cef.extensions.destinationMacAddress`*:: +*`azure.auditlogs.properties.activity_datetime`*:: + -- -Six colon-seperated hexadecimal numbers. +Activity timestamp -type: keyword + +type: date -- -*`cef.extensions.destinationNtDomain`*:: +*`azure.auditlogs.properties.category`*:: + -- -The Windows domain name of the destination address. +category + type: keyword -- -*`cef.extensions.destinationPort`*:: +[float] +=== target_resources.* + +Target resources + + + +*`azure.auditlogs.properties.target_resources.*.display_name`*:: + -- -The valid port numbers are between 0 and 65535. +Display name -type: long + +type: keyword -- -*`cef.extensions.destinationProcessId`*:: +*`azure.auditlogs.properties.target_resources.*.id`*:: + -- -Provides the ID of the destination process associated with the event. For example, if an event contains process ID 105, "105" is the process ID. +ID -type: long + +type: keyword -- -*`cef.extensions.destinationProcessName`*:: +*`azure.auditlogs.properties.target_resources.*.type`*:: + -- -The name of the event's destination process. +Type + type: keyword -- -*`cef.extensions.destinationServiceName`*:: +*`azure.auditlogs.properties.target_resources.*.ip_address`*:: + -- -The service targeted by this event. +ip Address + type: keyword -- -*`cef.extensions.destinationTranslatedAddress`*:: +*`azure.auditlogs.properties.target_resources.*.user_principal_name`*:: + -- -Identifies the translated destination that the event refers to in an IP network. +User principal name -type: ip --- +type: keyword -*`cef.extensions.destinationTranslatedPort`*:: -+ -- -Port after it was translated; for example, a firewall. Valid port numbers are 0 to 65535. -type: long +[float] +=== modified_properties.* --- +Modified properties -*`cef.extensions.destinationTranslatedZoneExternalID`*:: + + +*`azure.auditlogs.properties.target_resources.*.modified_properties.*.new_value`*:: + -- -None +New value + type: keyword -- -*`cef.extensions.destinationTranslatedZoneURI`*:: +*`azure.auditlogs.properties.target_resources.*.modified_properties.*.display_name`*:: + -- -The URI for the Translated Zone that the destination asset has been assigned to in ArcSight. +Display value + type: keyword -- -*`cef.extensions.destinationUserId`*:: +*`azure.auditlogs.properties.target_resources.*.modified_properties.*.old_value`*:: + -- -Identifies the destination user by ID. For example, in UNIX, the root user is generally associated with user ID 0. +Old value + type: keyword -- -*`cef.extensions.destinationUserName`*:: +[float] +=== initiated_by + +Information regarding the initiator + + + +[float] +=== app + +App + + + +*`azure.auditlogs.properties.initiated_by.app.servicePrincipalName`*:: + -- -Identifies the destination user by name. This is the user associated with the event's destination. Email addresses are often mapped into the UserName fields. The recipient is a candidate to put into this field. +Service principal name + type: keyword -- -*`cef.extensions.destinationUserPrivileges`*:: +*`azure.auditlogs.properties.initiated_by.app.displayName`*:: + -- -The typical values are "Administrator", "User", and "Guest". This identifies the destination user's privileges. In UNIX, for example, activity executed on the root user would be identified with destinationUser Privileges of "Administrator". +Display name + type: keyword -- -*`cef.extensions.destinationZoneExternalID`*:: +*`azure.auditlogs.properties.initiated_by.app.appId`*:: + -- -None +App ID + type: keyword -- -*`cef.extensions.destinationZoneURI`*:: +*`azure.auditlogs.properties.initiated_by.app.servicePrincipalId`*:: + -- -The URI for the Zone that the destination asset has been assigned to in ArcSight. +Service principal ID + type: keyword -- -*`cef.extensions.deviceAction`*:: +[float] +=== user + +User + + + +*`azure.auditlogs.properties.initiated_by.user.userPrincipalName`*:: + -- -Action taken by the device. +User principal name + type: keyword -- -*`cef.extensions.deviceAddress`*:: +*`azure.auditlogs.properties.initiated_by.user.displayName`*:: + -- -Identifies the device address that an event refers to in an IP network. +Display name -type: ip + +type: keyword -- -*`cef.extensions.deviceCustomFloatingPoint1Label`*:: +*`azure.auditlogs.properties.initiated_by.user.id`*:: + -- -All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. +ID + type: keyword -- -*`cef.extensions.deviceCustomFloatingPoint3Label`*:: +*`azure.auditlogs.properties.initiated_by.user.ipAddress`*:: + -- -All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. +ip Address + type: keyword -- -*`cef.extensions.deviceCustomFloatingPoint4Label`*:: +[float] +=== signinlogs + +Fields for Azure sign-in logs. + + + +*`azure.signinlogs.operation_name`*:: + -- -All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. +The operation name + type: keyword -- -*`cef.extensions.deviceCustomDate1`*:: +*`azure.signinlogs.operation_version`*:: + -- -One of two timestamp fields available to map fields that do not apply to any other in this dictionary. +The operation version -type: date + +type: keyword -- -*`cef.extensions.deviceCustomDate1Label`*:: +*`azure.signinlogs.tenant_id`*:: + -- -All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. +Tenant ID + type: keyword -- -*`cef.extensions.deviceCustomDate2`*:: +*`azure.signinlogs.result_signature`*:: + -- -One of two timestamp fields available to map fields that do not apply to any other in this dictionary. +Result signature -type: date + +type: keyword -- -*`cef.extensions.deviceCustomDate2Label`*:: +*`azure.signinlogs.result_description`*:: + -- -All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. +Result description + type: keyword -- -*`cef.extensions.deviceCustomFloatingPoint1`*:: +*`azure.signinlogs.identity`*:: + -- -One of four floating point fields available to map fields that do not apply to any other in this dictionary. +Identity -type: double --- +type: keyword -*`cef.extensions.deviceCustomFloatingPoint2`*:: -+ -- -One of four floating point fields available to map fields that do not apply to any other in this dictionary. -type: double +[float] +=== properties --- +The signin log properties -*`cef.extensions.deviceCustomFloatingPoint2Label`*:: + + +*`azure.signinlogs.properties.id`*:: + -- -All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. +ID + type: keyword -- -*`cef.extensions.deviceCustomFloatingPoint3`*:: +*`azure.signinlogs.properties.created_at`*:: + -- -One of four floating point fields available to map fields that do not apply to any other in this dictionary. +Created date time -type: double + +type: date -- -*`cef.extensions.deviceCustomFloatingPoint4`*:: +*`azure.signinlogs.properties.user_display_name`*:: + -- -One of four floating point fields available to map fields that do not apply to any other in this dictionary. +User display name -type: double + +type: keyword -- -*`cef.extensions.deviceCustomIPv6Address1`*:: +*`azure.signinlogs.properties.correlation_id`*:: + -- -One of four IPv6 address fields available to map fields that do not apply to any other in this dictionary. +Correlation ID -type: ip + +type: keyword -- -*`cef.extensions.deviceCustomIPv6Address1Label`*:: +*`azure.signinlogs.properties.user_principal_name`*:: + -- -All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. +User principal name + type: keyword -- -*`cef.extensions.deviceCustomIPv6Address2`*:: +*`azure.signinlogs.properties.user_id`*:: + -- -One of four IPv6 address fields available to map fields that do not apply to any other in this dictionary. +User ID -type: ip + +type: keyword -- -*`cef.extensions.deviceCustomIPv6Address2Label`*:: +*`azure.signinlogs.properties.app_id`*:: + -- -All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. +App ID + type: keyword -- -*`cef.extensions.deviceCustomIPv6Address3`*:: +*`azure.signinlogs.properties.app_display_name`*:: + -- -One of four IPv6 address fields available to map fields that do not apply to any other in this dictionary. +App display name -type: ip + +type: keyword -- -*`cef.extensions.deviceCustomIPv6Address3Label`*:: +*`azure.signinlogs.properties.ip_address`*:: + -- -All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. +Ip address + type: keyword -- -*`cef.extensions.deviceCustomIPv6Address4`*:: +*`azure.signinlogs.properties.client_app_used`*:: + -- -One of four IPv6 address fields available to map fields that do not apply to any other in this dictionary. +Client app used -type: ip + +type: keyword -- -*`cef.extensions.deviceCustomIPv6Address4Label`*:: +*`azure.signinlogs.properties.conditional_access_status`*:: + -- -All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. +Conditional access status + type: keyword -- -*`cef.extensions.deviceCustomNumber1`*:: +*`azure.signinlogs.properties.original_request_id`*:: + -- -One of three number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. +Original request ID -type: long + +type: keyword -- -*`cef.extensions.deviceCustomNumber1Label`*:: +*`azure.signinlogs.properties.is_interactive`*:: + -- -All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. +Is interactive + type: keyword -- -*`cef.extensions.deviceCustomNumber2`*:: +*`azure.signinlogs.properties.token_issuer_name`*:: + -- -One of three number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. +Token issuer name -type: long + +type: keyword -- -*`cef.extensions.deviceCustomNumber2Label`*:: +*`azure.signinlogs.properties.token_issuer_type`*:: + -- -All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. +Token issuer type + type: keyword -- -*`cef.extensions.deviceCustomNumber3`*:: +*`azure.signinlogs.properties.processing_time_ms`*:: + -- -One of three number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. +Processing time in milliseconds -type: long + +type: float -- -*`cef.extensions.deviceCustomNumber3Label`*:: +*`azure.signinlogs.properties.risk_detail`*:: + -- -All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. +Risk detail + type: keyword -- -*`cef.extensions.deviceCustomString1`*:: +*`azure.signinlogs.properties.risk_level_aggregated`*:: + -- -One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. +Risk level aggregated + type: keyword -- -*`cef.extensions.deviceCustomString1Label`*:: +*`azure.signinlogs.properties.risk_level_during_signin`*:: + -- -All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. +Risk level during signIn + type: keyword -- -*`cef.extensions.deviceCustomString2`*:: +*`azure.signinlogs.properties.risk_state`*:: + -- -One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. +Risk state + type: keyword -- -*`cef.extensions.deviceCustomString2Label`*:: +*`azure.signinlogs.properties.resource_display_name`*:: + -- -All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. +Resource display name + type: keyword -- -*`cef.extensions.deviceCustomString3`*:: -+ --- -One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. +[float] +=== status -type: keyword +Status --- -*`cef.extensions.deviceCustomString3Label`*:: + +*`azure.signinlogs.properties.status.error_code`*:: + -- -All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. +Error code + type: keyword -- -*`cef.extensions.deviceCustomString4`*:: +[float] +=== device_detail + +Status + + + +*`azure.signinlogs.properties.device_detail.device_id`*:: + -- -One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. +Device ID + type: keyword -- -*`cef.extensions.deviceCustomString4Label`*:: +*`azure.signinlogs.properties.device_detail.operating_system`*:: + -- -All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. +Operating system + type: keyword -- -*`cef.extensions.deviceCustomString5`*:: +*`azure.signinlogs.properties.device_detail.browser`*:: + -- -One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. +Browser + type: keyword -- -*`cef.extensions.deviceCustomString5Label`*:: +*`azure.signinlogs.properties.device_detail.display_name`*:: + -- -All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. +Display name + type: keyword -- -*`cef.extensions.deviceCustomString6`*:: +*`azure.signinlogs.properties.device_detail.trust_type`*:: + -- -One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. +Trust type + type: keyword -- -*`cef.extensions.deviceCustomString6Label`*:: +*`azure.signinlogs.properties.service_principal_id`*:: + -- -All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. +Status + type: keyword -- -*`cef.extensions.deviceDirection`*:: -+ --- -Any information about what direction the observed communication has taken. The following values are supported - "0" for inbound or "1" for outbound. +[[exported-fields-azure]] +== Azure fields -type: long +Azure Module --- -*`cef.extensions.deviceDnsDomain`*:: + +[float] +=== azure + + + + +*`azure.subscription_id`*:: + -- -The DNS domain part of the complete fully qualified domain name (FQDN). +Azure subscription ID + type: keyword -- -*`cef.extensions.deviceEventCategory`*:: +*`azure.correlation_id`*:: + -- -Represents the category assigned by the originating device. Devices often use their own categorization schema to classify event. Example "/Monitor/Disk/Read". +Correlation ID + type: keyword -- -*`cef.extensions.deviceExternalId`*:: +*`azure.tenant_id`*:: + -- -A name that uniquely identifies the device generating this event. +tenant ID + type: keyword -- -*`cef.extensions.deviceFacility`*:: +[float] +=== resource + +Resource + + + +*`azure.resource.id`*:: + -- -The facility generating this event. For example, Syslog has an explicit facility associated with every event. +Resource ID + type: keyword -- -*`cef.extensions.deviceFlexNumber1`*:: +*`azure.resource.group`*:: + -- -One of two alternative number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. +Resource group -type: long + +type: keyword -- -*`cef.extensions.deviceFlexNumber1Label`*:: +*`azure.resource.provider`*:: + -- -All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. +Resource type/namespace + type: keyword -- -*`cef.extensions.deviceFlexNumber2`*:: +*`azure.resource.namespace`*:: + -- -One of two alternative number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. +Resource type/namespace -type: long + +type: keyword -- -*`cef.extensions.deviceFlexNumber2Label`*:: +*`azure.resource.name`*:: + -- -All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. +Name + type: keyword -- -*`cef.extensions.deviceHostName`*:: +*`azure.resource.authorization_rule`*:: + -- -The format should be a fully qualified domain name (FQDN) associated with the device node, when a node is available. +Authorization rule + type: keyword -- -*`cef.extensions.deviceInboundInterface`*:: +[float] +=== activitylogs + +Fields for Azure activity logs. + + + +[float] +=== identity + +Identity + + + +[float] +=== claims_initiated_by_user + +Claims initiated by user + + + +*`azure.activitylogs.identity.claims_initiated_by_user.name`*:: + -- -Interface on which the packet or data entered the device. +Name + type: keyword -- -*`cef.extensions.deviceMacAddress`*:: +*`azure.activitylogs.identity.claims_initiated_by_user.givenname`*:: + -- -Six colon-separated hexadecimal numbers. +Givenname + type: keyword -- -*`cef.extensions.deviceNtDomain`*:: +*`azure.activitylogs.identity.claims_initiated_by_user.surname`*:: + -- -The Windows domain name of the device address. +Surname + type: keyword -- -*`cef.extensions.deviceOutboundInterface`*:: +*`azure.activitylogs.identity.claims_initiated_by_user.fullname`*:: + -- -Interface on which the packet or data left the device. +Fullname + type: keyword -- -*`cef.extensions.devicePayloadId`*:: +*`azure.activitylogs.identity.claims_initiated_by_user.schema`*:: + -- -Unique identifier for the payload associated with the event. +Schema + type: keyword -- -*`cef.extensions.deviceProcessId`*:: +*`azure.activitylogs.identity.claims.*`*:: + -- -Provides the ID of the process on the device generating the event. +Claims -type: long + +type: object -- -*`cef.extensions.deviceProcessName`*:: +[float] +=== authorization + +Authorization + + + +*`azure.activitylogs.identity.authorization.scope`*:: + -- -Process name associated with the event. An example might be the process generating the syslog entry in UNIX. +Scope + type: keyword -- -*`cef.extensions.deviceReceiptTime`*:: +*`azure.activitylogs.identity.authorization.action`*:: + -- -The time at which the event related to the activity was received. The format is MMM dd yyyy HH:mm:ss or milliseconds since epoch (Jan 1st 1970) +Action -type: date + +type: keyword -- -*`cef.extensions.deviceTimeZone`*:: +[float] +=== evidence + +Evidence + + + +*`azure.activitylogs.identity.authorization.evidence.role_assignment_scope`*:: + -- -The time zone for the device generating the event. +Role assignment scope + type: keyword -- -*`cef.extensions.deviceTranslatedAddress`*:: +*`azure.activitylogs.identity.authorization.evidence.role_definition_id`*:: + -- -Identifies the translated device address that the event refers to in an IP network. +Role definition ID -type: ip + +type: keyword -- -*`cef.extensions.deviceTranslatedZoneExternalID`*:: +*`azure.activitylogs.identity.authorization.evidence.role`*:: + -- -None +Role + type: keyword -- -*`cef.extensions.deviceTranslatedZoneURI`*:: +*`azure.activitylogs.identity.authorization.evidence.role_assignment_id`*:: + -- -The URI for the Translated Zone that the device asset has been assigned to in ArcSight. +Role assignment ID + type: keyword -- -*`cef.extensions.deviceZoneExternalID`*:: +*`azure.activitylogs.identity.authorization.evidence.principal_id`*:: + -- -None +Principal ID + type: keyword -- -*`cef.extensions.deviceZoneURI`*:: +*`azure.activitylogs.identity.authorization.evidence.principal_type`*:: + -- -Thee URI for the Zone that the device asset has been assigned to in ArcSight. +Principal type + type: keyword -- -*`cef.extensions.endTime`*:: +*`azure.activitylogs.operation_name`*:: + -- -The time at which the activity related to the event ended. The format is MMM dd yyyy HH:mm:ss or milliseconds since epoch (Jan 1st1970). An example would be reporting the end of a session. +Operation name -type: date + +type: keyword -- -*`cef.extensions.eventId`*:: +*`azure.activitylogs.result_signature`*:: + -- -This is a unique ID that ArcSight assigns to each event. - -type: long - --- +Result signature -*`cef.extensions.eventOutcome`*:: -+ --- -Displays the outcome, usually as 'success' or 'failure'. type: keyword -- -*`cef.extensions.externalId`*:: +*`azure.activitylogs.category`*:: + -- -The ID used by an originating device. They are usually increasing numbers, associated with events. +Category + type: keyword -- -*`cef.extensions.fileCreateTime`*:: -+ --- -Time when the file was created. +[float] +=== properties -type: date +Properties --- -*`cef.extensions.fileHash`*:: + +*`azure.activitylogs.properties.service_request_id`*:: + -- -Hash of a file. +Service Request Id + type: keyword -- -*`cef.extensions.fileId`*:: +*`azure.activitylogs.properties.status_code`*:: + -- -An ID associated with a file could be the inode. +Status code + type: keyword -- -*`cef.extensions.fileModificationTime`*:: -+ --- -Time when the file was last modified. +[float] +=== auditlogs -type: date +Fields for Azure audit logs. --- -*`cef.extensions.filename`*:: + +*`azure.auditlogs.operation_name`*:: + -- -Name of the file only (without its path). +The operation name + type: keyword -- -*`cef.extensions.filePath`*:: +*`azure.auditlogs.operation_version`*:: + -- -Full path to the file, including file name itself. +The operation version + type: keyword -- -*`cef.extensions.filePermission`*:: +*`azure.auditlogs.identity`*:: + -- -Permissions of the file. +Identity + type: keyword -- -*`cef.extensions.fileSize`*:: +*`azure.auditlogs.tenant_id`*:: + -- -Size of the file. +Tenant ID -type: long + +type: keyword -- -*`cef.extensions.fileType`*:: +*`azure.auditlogs.result_signature`*:: + -- -Type of file (pipe, socket, etc.) +Result signature + type: keyword -- -*`cef.extensions.flexDate1`*:: +[float] +=== properties + +The audit log properties + + + +*`azure.auditlogs.properties.result`*:: + -- -A timestamp field available to map a timestamp that does not apply to any other defined timestamp field in this dictionary. Use all flex fields sparingly and seek a more specific, dictionary supplied field when possible. These fields are typically reserved for customer use and should not be set by vendors unless necessary. +Log result -type: date + +type: keyword -- -*`cef.extensions.flexDate1Label`*:: +*`azure.auditlogs.properties.activity_display_name`*:: + -- -The label field is a string and describes the purpose of the flex field. +Activity display name + type: keyword -- -*`cef.extensions.flexString1`*:: +*`azure.auditlogs.properties.result_reason`*:: + -- -One of four floating point fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. These fields are typically reserved for customer use and should not be set by vendors unless necessary. +Reason for the log result + type: keyword -- -*`cef.extensions.flexString2`*:: +*`azure.auditlogs.properties.correlation_id`*:: + -- -One of four floating point fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. These fields are typically reserved for customer use and should not be set by vendors unless necessary. +Correlation ID + type: keyword -- -*`cef.extensions.flexString1Label`*:: +*`azure.auditlogs.properties.logged_by_service`*:: + -- -The label field is a string and describes the purpose of the flex field. +Logged by service + type: keyword -- -*`cef.extensions.flexString2Label`*:: +*`azure.auditlogs.properties.operation_type`*:: + -- -The label field is a string and describes the purpose of the flex field. +Operation type + type: keyword -- -*`cef.extensions.message`*:: +*`azure.auditlogs.properties.id`*:: + -- -An arbitrary message giving more details about the event. Multi-line entries can be produced by using \n as the new line separator. +ID + type: keyword -- -*`cef.extensions.oldFileCreateTime`*:: +*`azure.auditlogs.properties.activity_datetime`*:: + -- -Time when old file was created. +Activity timestamp + type: date -- -*`cef.extensions.oldFileHash`*:: +*`azure.auditlogs.properties.category`*:: + -- -Hash of the old file. +category + type: keyword -- -*`cef.extensions.oldFileId`*:: +[float] +=== target_resources.* + +Target resources + + + +*`azure.auditlogs.properties.target_resources.*.display_name`*:: + -- -An ID associated with the old file could be the inode. +Display name + type: keyword -- -*`cef.extensions.oldFileModificationTime`*:: +*`azure.auditlogs.properties.target_resources.*.id`*:: + -- -Time when old file was last modified. +ID -type: date + +type: keyword -- -*`cef.extensions.oldFileName`*:: +*`azure.auditlogs.properties.target_resources.*.type`*:: + -- -Name of the old file. +Type + type: keyword -- -*`cef.extensions.oldFilePath`*:: +*`azure.auditlogs.properties.target_resources.*.ip_address`*:: + -- -Full path to the old file, including the file name itself. +ip Address + type: keyword -- -*`cef.extensions.oldFilePermission`*:: +*`azure.auditlogs.properties.target_resources.*.user_principal_name`*:: + -- -Permissions of the old file. +User principal name + type: keyword -- -*`cef.extensions.oldFileSize`*:: -+ --- -Size of the old file. +[float] +=== modified_properties.* -type: long +Modified properties --- -*`cef.extensions.oldFileType`*:: + +*`azure.auditlogs.properties.target_resources.*.modified_properties.*.new_value`*:: + -- -Type of the old file (pipe, socket, etc.) +New value + type: keyword -- -*`cef.extensions.rawEvent`*:: +*`azure.auditlogs.properties.target_resources.*.modified_properties.*.display_name`*:: + -- -None +Display value + type: keyword -- -*`cef.extensions.Reason`*:: +*`azure.auditlogs.properties.target_resources.*.modified_properties.*.old_value`*:: + -- -The reason an audit event was generated. For example "bad password" or "unknown user". This could also be an error or return code. Example "0x1234". +Old value + type: keyword -- -*`cef.extensions.requestClientApplication`*:: -+ --- -The User-Agent associated with the request. +[float] +=== initiated_by -type: keyword +Information regarding the initiator --- -*`cef.extensions.requestContext`*:: + +[float] +=== app + +App + + + +*`azure.auditlogs.properties.initiated_by.app.servicePrincipalName`*:: + -- -Description of the content from which the request originated (for example, HTTP Referrer) +Service principal name + type: keyword -- -*`cef.extensions.requestCookies`*:: +*`azure.auditlogs.properties.initiated_by.app.displayName`*:: + -- -Cookies associated with the request. +Display name + type: keyword -- -*`cef.extensions.requestMethod`*:: +*`azure.auditlogs.properties.initiated_by.app.appId`*:: + -- -The HTTP method used to access a URL. +App ID + type: keyword -- -*`cef.extensions.requestUrl`*:: +*`azure.auditlogs.properties.initiated_by.app.servicePrincipalId`*:: + -- -In the case of an HTTP request, this field contains the URL accessed. The URL should contain the protocol as well. +Service principal ID + type: keyword -- -*`cef.extensions.sourceAddress`*:: -+ --- -Identifies the source that an event refers to in an IP network. +[float] +=== user -type: ip +User --- -*`cef.extensions.sourceDnsDomain`*:: + +*`azure.auditlogs.properties.initiated_by.user.userPrincipalName`*:: + -- -The DNS domain part of the complete fully qualified domain name (FQDN). +User principal name + type: keyword -- -*`cef.extensions.sourceGeoLatitude`*:: +*`azure.auditlogs.properties.initiated_by.user.displayName`*:: + -- -None +Display name -type: double + +type: keyword -- -*`cef.extensions.sourceGeoLongitude`*:: +*`azure.auditlogs.properties.initiated_by.user.id`*:: + -- -None +ID -type: double + +type: keyword -- -*`cef.extensions.sourceHostName`*:: +*`azure.auditlogs.properties.initiated_by.user.ipAddress`*:: + -- -Identifies the source that an event refers to in an IP network. The format should be a fully qualified domain name (FQDN) associated with the source node, when a mode is available. Examples: 'host' or 'host.domain.com'. +ip Address type: keyword -- -*`cef.extensions.sourceMacAddress`*:: -+ --- -Six colon-separated hexadecimal numbers. +[float] +=== signinlogs -type: keyword +Fields for Azure sign-in logs. -example: 00:0d:60:af:1b:61 --- -*`cef.extensions.sourceNtDomain`*:: +*`azure.signinlogs.operation_name`*:: + -- -The Windows domain name for the source address. +The operation name + type: keyword -- -*`cef.extensions.sourcePort`*:: +*`azure.signinlogs.operation_version`*:: + -- -The valid port numbers are 0 to 65535. +The operation version -type: long + +type: keyword -- -*`cef.extensions.sourceProcessId`*:: +*`azure.signinlogs.tenant_id`*:: + -- -The ID of the source process associated with the event. +Tenant ID -type: long + +type: keyword -- -*`cef.extensions.sourceProcessName`*:: +*`azure.signinlogs.result_signature`*:: + -- -The name of the event's source process. +Result signature + type: keyword -- -*`cef.extensions.sourceServiceName`*:: +*`azure.signinlogs.result_description`*:: + -- -The service that is responsible for generating this event. +Result description + type: keyword -- -*`cef.extensions.sourceTranslatedAddress`*:: +*`azure.signinlogs.identity`*:: + -- -Identifies the translated source that the event refers to in an IP network. +Identity -type: ip --- +type: keyword -*`cef.extensions.sourceTranslatedPort`*:: -+ -- -A port number after being translated by, for example, a firewall. Valid port numbers are 0 to 65535. -type: long +[float] +=== properties --- +The signin log properties -*`cef.extensions.sourceTranslatedZoneExternalID`*:: + + +*`azure.signinlogs.properties.id`*:: + -- -None +ID + type: keyword -- -*`cef.extensions.sourceTranslatedZoneURI`*:: +*`azure.signinlogs.properties.created_at`*:: + -- -The URI for the Translated Zone that the destination asset has been assigned to in ArcSight. +Created date time -type: keyword + +type: date -- -*`cef.extensions.sourceUserId`*:: +*`azure.signinlogs.properties.user_display_name`*:: + -- -Identifies the source user by ID. This is the user associated with the source of the event. For example, in UNIX, the root user is generally associated with user ID 0. +User display name + type: keyword -- -*`cef.extensions.sourceUserName`*:: +*`azure.signinlogs.properties.correlation_id`*:: + -- -Identifies the source user by name. Email addresses are also mapped into the UserName fields. The sender is a candidate to put into this field. +Correlation ID + type: keyword -- -*`cef.extensions.sourceUserPrivileges`*:: +*`azure.signinlogs.properties.user_principal_name`*:: + -- -The typical values are "Administrator", "User", and "Guest". It identifies the source user's privileges. In UNIX, for example, activity executed by the root user would be identified with "Administrator". +User principal name + type: keyword -- -*`cef.extensions.sourceZoneExternalID`*:: +*`azure.signinlogs.properties.user_id`*:: + -- -None +User ID + type: keyword -- -*`cef.extensions.sourceZoneURI`*:: +*`azure.signinlogs.properties.app_id`*:: + -- -The URI for the Zone that the source asset has been assigned to in ArcSight. +App ID + type: keyword -- -*`cef.extensions.startTime`*:: +*`azure.signinlogs.properties.app_display_name`*:: + -- -The time when the activity the event referred to started. The format is MMM dd yyyy HH:mm:ss or milliseconds since epoch (Jan 1st 1970) +App display name -type: date + +type: keyword -- -*`cef.extensions.transportProtocol`*:: +*`azure.signinlogs.properties.ip_address`*:: + -- -Identifies the Layer-4 protocol used. The possible values are protocols such as TCP or UDP. +Ip address + type: keyword -- -*`cef.extensions.type`*:: +*`azure.signinlogs.properties.client_app_used`*:: + -- -0 means base event, 1 means aggregated, 2 means correlation, and 3 means action. This field can be omitted for base events (type 0). +Client app used -type: long + +type: keyword -- -*`cef.extensions.categoryDeviceType`*:: +*`azure.signinlogs.properties.conditional_access_status`*:: + -- -Device type. Examples - Proxy, IDS, Web Server +Conditional access status + type: keyword -- -*`cef.extensions.categoryObject`*:: +*`azure.signinlogs.properties.original_request_id`*:: + -- -Object that the event is about. For example it can be an operating sytem, database, file, etc. +Original request ID + type: keyword -- -*`cef.extensions.categoryBehavior`*:: +*`azure.signinlogs.properties.is_interactive`*:: + -- -Action or a behavior associated with an event. It's what is being done to the object. +Is interactive + type: keyword -- -*`cef.extensions.categoryTechnique`*:: +*`azure.signinlogs.properties.token_issuer_name`*:: + -- -Technique being used (e.g. /DoS). +Token issuer name + type: keyword -- -*`cef.extensions.categoryDeviceGroup`*:: +*`azure.signinlogs.properties.token_issuer_type`*:: + -- -General device group like Firewall. +Token issuer type + type: keyword -- -*`cef.extensions.categorySignificance`*:: +*`azure.signinlogs.properties.processing_time_ms`*:: + -- -Characterization of the importance of the event. +Processing time in milliseconds -type: keyword + +type: float -- -*`cef.extensions.categoryOutcome`*:: +*`azure.signinlogs.properties.risk_detail`*:: + -- -Outcome of the event (e.g. sucess, failure, or attempt). +Risk detail + type: keyword -- -*`cef.extensions.managerReceiptTime`*:: +*`azure.signinlogs.properties.risk_level_aggregated`*:: + -- -When the Arcsight ESM received the event. +Risk level aggregated -type: date + +type: keyword -- -*`source.service.name`*:: +*`azure.signinlogs.properties.risk_level_during_signin`*:: + -- -Service that is the source of the event. +Risk level during signIn + type: keyword -- -*`destination.service.name`*:: +*`azure.signinlogs.properties.risk_state`*:: + -- -Service that is the target of the event. +Risk state + type: keyword -- -[[exported-fields-cef-module]] -== CEF fields +*`azure.signinlogs.properties.resource_display_name`*:: ++ +-- +Resource display name -Module for receiving CEF logs over Syslog. The module adds vendor specific fields in addition to the fields the decode_cef processor provides. +type: keyword +-- [float] -=== forcepoint +=== status -Fields for Forcepoint Custom String mappings +Status -*`forcepoint.virus_id`*:: +*`azure.signinlogs.properties.status.error_code`*:: + -- -Virus ID +Error code type: keyword @@ -4855,30435 +5166,51596 @@ type: keyword -- [float] -=== checkpoint +=== device_detail -Fields for Check Point custom string mappings. +Status -*`checkpoint.app_risk`*:: +*`azure.signinlogs.properties.device_detail.device_id`*:: + -- -Application risk. +Device ID + type: keyword -- -*`checkpoint.app_severity`*:: +*`azure.signinlogs.properties.device_detail.operating_system`*:: + -- -Application threat severity. +Operating system + type: keyword -- -*`checkpoint.app_sig_id`*:: +*`azure.signinlogs.properties.device_detail.browser`*:: + -- -The signature ID which the application was detected by. +Browser + type: keyword -- -*`checkpoint.auth_method`*:: +*`azure.signinlogs.properties.device_detail.display_name`*:: + -- -Password authentication protocol used. +Display name + type: keyword -- -*`checkpoint.category`*:: +*`azure.signinlogs.properties.device_detail.trust_type`*:: + -- -Category. +Trust type + type: keyword -- -*`checkpoint.confidence_level`*:: +*`azure.signinlogs.properties.service_principal_id`*:: + -- -Confidence level determined. +Status -type: integer + +type: keyword -- -*`checkpoint.connectivity_state`*:: +[[exported-fields-beat-common]] +== Beat fields + +Contains common beat fields available in all event types. + + + +*`agent.hostname`*:: + -- -Connectivity state. +Deprecated - use agent.name or agent.id to identify an agent. -type: keyword + +type: alias + +alias to: agent.name -- -*`checkpoint.cookie`*:: +*`beat.timezone`*:: + -- -IKE cookie. +type: alias -type: keyword +alias to: event.timezone -- -*`checkpoint.dst_phone_number`*:: +*`fields`*:: + -- -Destination IP-Phone. +Contains user configurable fields. -type: keyword + +type: object -- -*`checkpoint.email_control`*:: +*`beat.name`*:: + -- -Engine name. +type: alias -type: keyword +alias to: host.name -- -*`checkpoint.email_id`*:: +*`beat.hostname`*:: + -- -Internal email ID. +type: alias + +alias to: agent.name + +-- + +*`timeseries.instance`*:: ++ +-- +Time series instance id type: keyword -- -*`checkpoint.email_recipients_num`*:: +[[exported-fields-cef]] +== Decode CEF processor fields fields + +Common Event Format (CEF) data. + + + +[float] +=== cef + +By default the `decode_cef` processor writes all data from the CEF message to this `cef` object. It contains the CEF header fields and the extension data. + + + +*`cef.version`*:: + -- -Number of recipients. +Version of the CEF specification used by the message. -type: long + +type: keyword -- -*`checkpoint.email_session_id`*:: +*`cef.device.vendor`*:: + -- -Internal email session ID. +Vendor of the device that produced the message. + type: keyword -- -*`checkpoint.email_spool_id`*:: +*`cef.device.product`*:: + -- -Internal email spool ID. +Product of the device that produced the message. + type: keyword -- -*`checkpoint.email_subject`*:: +*`cef.device.version`*:: + -- -Email subject. +Version of the product that produced the message. + type: keyword -- -*`checkpoint.event_count`*:: +*`cef.device.event_class_id`*:: + -- -Number of events associated with the log. +Unique identifier of the event type. -type: long + +type: keyword -- -*`checkpoint.frequency`*:: +*`cef.severity`*:: + -- -Scan frequency. +Importance of the event. The valid string values are Unknown, Low, Medium, High, and Very-High. The valid integer values are 0-3=Low, 4-6=Medium, 7- 8=High, and 9-10=Very-High. + type: keyword +example: Very-High + -- -*`checkpoint.icmp_type`*:: +*`cef.name`*:: + -- -ICMP type. +Short description of the event. -type: long + +type: keyword -- -*`checkpoint.icmp_code`*:: +[float] +=== extensions + +Collection of key-value pairs carried in the CEF extension field. + + + +*`cef.extensions.agentAddress`*:: + -- -ICMP code. +The IP address of the ArcSight connector that processed the event. -type: long +type: ip -- -*`checkpoint.identity_type`*:: +*`cef.extensions.agentDnsDomain`*:: + -- -Identity type. +The DNS domain name of the ArcSight connector that processed the event. type: keyword -- -*`checkpoint.incident_extension`*:: +*`cef.extensions.agentHostName`*:: + -- -Format of original data. +The hostname of the ArcSight connector that processed the event. type: keyword -- -*`checkpoint.integrity_av_invoke_type`*:: +*`cef.extensions.agentId`*:: + -- -Scan invoke type. +The agent ID of the ArcSight connector that processed the event. type: keyword -- -*`checkpoint.malware_family`*:: +*`cef.extensions.agentMacAddress`*:: + -- -Malware family. +The MAC address of the ArcSight connector that processed the event. type: keyword -- -*`checkpoint.peer_gateway`*:: +*`cef.extensions.agentNtDomain`*:: + -- -Main IP of the peer Security Gateway. +None -type: ip +type: keyword -- -*`checkpoint.performance_impact`*:: +*`cef.extensions.agentReceiptTime`*:: + -- -Protection performance impact. +The time at which information about the event was received by the ArcSight connector. -type: integer +type: date -- -*`checkpoint.protection_id`*:: +*`cef.extensions.agentTimeZone`*:: + -- -Protection malware ID. +The agent time zone of the ArcSight connector that processed the event. type: keyword -- -*`checkpoint.protection_name`*:: +*`cef.extensions.agentTranslatedAddress`*:: + -- -Specific signature name of the attack. +None -type: keyword +type: ip -- -*`checkpoint.protection_type`*:: +*`cef.extensions.agentTranslatedZoneExternalID`*:: + -- -Type of protection used to detect the attack. +None type: keyword -- -*`checkpoint.scan_result`*:: +*`cef.extensions.agentTranslatedZoneURI`*:: + -- -Scan result. +None type: keyword -- -*`checkpoint.sensor_mode`*:: +*`cef.extensions.agentType`*:: + -- -Sensor mode. +The agent type of the ArcSight connector that processed the event type: keyword -- -*`checkpoint.severity`*:: +*`cef.extensions.agentVersion`*:: + -- -Threat severity. +The version of the ArcSight connector that processed the event. type: keyword -- -*`checkpoint.spyware_name`*:: +*`cef.extensions.agentZoneExternalID`*:: + -- -Spyware name. +None type: keyword -- -*`checkpoint.spyware_status`*:: +*`cef.extensions.agentZoneURI`*:: + -- -Spyware status. +None type: keyword -- -*`checkpoint.subs_exp`*:: +*`cef.extensions.applicationProtocol`*:: + -- -The expiration date of the subscription. +Application level protocol, example values are HTTP, HTTPS, SSHv2, Telnet, POP, IMPA, IMAPS, and so on. -type: date +type: keyword -- -*`checkpoint.tcp_flags`*:: +*`cef.extensions.baseEventCount`*:: + -- -TCP packet flags. +A count associated with this event. How many times was this same event observed? Count can be omitted if it is 1. -type: keyword +type: long -- -*`checkpoint.termination_reason`*:: +*`cef.extensions.bytesIn`*:: + -- -Termination reason. +Number of bytes transferred inbound, relative to the source to destination relationship, meaning that data was flowing from source to destination. -type: keyword +type: long -- -*`checkpoint.update_status`*:: +*`cef.extensions.bytesOut`*:: + -- -Update status. +Number of bytes transferred outbound relative to the source to destination relationship. For example, the byte number of data flowing from the destination to the source. -type: keyword +type: long -- -*`checkpoint.user_status`*:: +*`cef.extensions.customerExternalID`*:: + -- -User response. +None type: keyword -- -*`checkpoint.uuid`*:: +*`cef.extensions.customerURI`*:: + -- -External ID. +None type: keyword -- -*`checkpoint.virus_name`*:: +*`cef.extensions.destinationAddress`*:: + -- -Virus name. +Identifies the destination address that the event refers to in an IP network. The format is an IPv4 address. -type: keyword +type: ip -- -*`checkpoint.voip_log_type`*:: +*`cef.extensions.destinationDnsDomain`*:: + -- -VoIP log types. +The DNS domain part of the complete fully qualified domain name (FQDN). type: keyword -- -[float] -=== cef.extensions - -Extra vendor-specific extensions. +*`cef.extensions.destinationGeoLatitude`*:: ++ +-- +The latitudinal value from which the destination's IP address belongs. +type: double +-- -*`cef.extensions.cp_app_risk`*:: +*`cef.extensions.destinationGeoLongitude`*:: + -- -type: keyword +The longitudinal value from which the destination's IP address belongs. + +type: double -- -*`cef.extensions.cp_severity`*:: +*`cef.extensions.destinationHostName`*:: + -- +Identifies the destination that an event refers to in an IP network. The format should be a fully qualified domain name (FQDN) associated with the destination node, when a node is available. + type: keyword -- -*`cef.extensions.ifname`*:: +*`cef.extensions.destinationMacAddress`*:: + -- +Six colon-seperated hexadecimal numbers. + type: keyword -- -*`cef.extensions.inzone`*:: +*`cef.extensions.destinationNtDomain`*:: + -- +The Windows domain name of the destination address. + type: keyword -- -*`cef.extensions.layer_uuid`*:: +*`cef.extensions.destinationPort`*:: + -- -type: keyword +The valid port numbers are between 0 and 65535. + +type: long -- -*`cef.extensions.layer_name`*:: +*`cef.extensions.destinationProcessId`*:: + -- -type: keyword +Provides the ID of the destination process associated with the event. For example, if an event contains process ID 105, "105" is the process ID. + +type: long -- -*`cef.extensions.logid`*:: +*`cef.extensions.destinationProcessName`*:: + -- +The name of the event's destination process. + type: keyword -- -*`cef.extensions.loguid`*:: +*`cef.extensions.destinationServiceName`*:: + -- +The service targeted by this event. + type: keyword -- -*`cef.extensions.match_id`*:: +*`cef.extensions.destinationTranslatedAddress`*:: + -- -type: keyword +Identifies the translated destination that the event refers to in an IP network. + +type: ip -- -*`cef.extensions.nat_addtnl_rulenum`*:: +*`cef.extensions.destinationTranslatedPort`*:: + -- -type: keyword +Port after it was translated; for example, a firewall. Valid port numbers are 0 to 65535. + +type: long -- -*`cef.extensions.nat_rulenum`*:: +*`cef.extensions.destinationTranslatedZoneExternalID`*:: + -- +None + type: keyword -- -*`cef.extensions.origin`*:: +*`cef.extensions.destinationTranslatedZoneURI`*:: + -- +The URI for the Translated Zone that the destination asset has been assigned to in ArcSight. + type: keyword -- -*`cef.extensions.originsicname`*:: +*`cef.extensions.destinationUserId`*:: + -- +Identifies the destination user by ID. For example, in UNIX, the root user is generally associated with user ID 0. + type: keyword -- -*`cef.extensions.outzone`*:: +*`cef.extensions.destinationUserName`*:: + -- +Identifies the destination user by name. This is the user associated with the event's destination. Email addresses are often mapped into the UserName fields. The recipient is a candidate to put into this field. + type: keyword -- -*`cef.extensions.parent_rule`*:: +*`cef.extensions.destinationUserPrivileges`*:: + -- +The typical values are "Administrator", "User", and "Guest". This identifies the destination user's privileges. In UNIX, for example, activity executed on the root user would be identified with destinationUser Privileges of "Administrator". + type: keyword -- -*`cef.extensions.product`*:: +*`cef.extensions.destinationZoneExternalID`*:: + -- +None + type: keyword -- -*`cef.extensions.rule_action`*:: +*`cef.extensions.destinationZoneURI`*:: + -- +The URI for the Zone that the destination asset has been assigned to in ArcSight. + type: keyword -- -*`cef.extensions.rule_uid`*:: +*`cef.extensions.deviceAction`*:: + -- +Action taken by the device. + type: keyword -- -*`cef.extensions.sequencenum`*:: +*`cef.extensions.deviceAddress`*:: + -- -type: keyword +Identifies the device address that an event refers to in an IP network. + +type: ip -- -*`cef.extensions.service_id`*:: +*`cef.extensions.deviceCustomFloatingPoint1Label`*:: + -- +All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. + type: keyword -- -*`cef.extensions.version`*:: +*`cef.extensions.deviceCustomFloatingPoint3Label`*:: + -- +All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. + type: keyword -- -[[exported-fields-checkpoint]] -== Checkpoint fields - -Some checkpoint module - - - -[float] -=== checkpoint - -Module for parsing Checkpoint syslog. +*`cef.extensions.deviceCustomFloatingPoint4Label`*:: ++ +-- +All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. +type: keyword +-- -*`checkpoint.confidence_level`*:: +*`cef.extensions.deviceCustomDate1`*:: + -- -Confidence level determined by ThreatCloud. - +One of two timestamp fields available to map fields that do not apply to any other in this dictionary. -type: integer +type: date -- -*`checkpoint.calc_desc`*:: +*`cef.extensions.deviceCustomDate1Label`*:: + -- -Log description. - +All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. type: keyword -- -*`checkpoint.dst_country`*:: +*`cef.extensions.deviceCustomDate2`*:: + -- -Destination country. - +One of two timestamp fields available to map fields that do not apply to any other in this dictionary. -type: keyword +type: date -- -*`checkpoint.dst_user_name`*:: +*`cef.extensions.deviceCustomDate2Label`*:: + -- -Connected user name on the destination IP. - +All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. type: keyword -- -*`checkpoint.email_id`*:: +*`cef.extensions.deviceCustomFloatingPoint1`*:: + -- -Email number in smtp connection. - +One of four floating point fields available to map fields that do not apply to any other in this dictionary. -type: keyword +type: double -- -*`checkpoint.email_subject`*:: +*`cef.extensions.deviceCustomFloatingPoint2`*:: + -- -Original email subject. - +One of four floating point fields available to map fields that do not apply to any other in this dictionary. -type: keyword +type: double -- -*`checkpoint.email_session_id`*:: +*`cef.extensions.deviceCustomFloatingPoint2Label`*:: + -- -Connection uuid. - +All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. type: keyword -- -*`checkpoint.event_count`*:: +*`cef.extensions.deviceCustomFloatingPoint3`*:: + -- -Number of events associated with the log. - +One of four floating point fields available to map fields that do not apply to any other in this dictionary. -type: long +type: double -- -*`checkpoint.sys_message`*:: +*`cef.extensions.deviceCustomFloatingPoint4`*:: + -- -System messages - +One of four floating point fields available to map fields that do not apply to any other in this dictionary. -type: keyword +type: double -- -*`checkpoint.logid`*:: +*`cef.extensions.deviceCustomIPv6Address1`*:: + -- -System messages - +One of four IPv6 address fields available to map fields that do not apply to any other in this dictionary. -type: keyword +type: ip -- -*`checkpoint.failure_impact`*:: +*`cef.extensions.deviceCustomIPv6Address1Label`*:: + -- -The impact of update service failure. - +All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. type: keyword -- -*`checkpoint.id`*:: +*`cef.extensions.deviceCustomIPv6Address2`*:: + -- -Override application ID. - +One of four IPv6 address fields available to map fields that do not apply to any other in this dictionary. -type: integer +type: ip -- -*`checkpoint.information`*:: +*`cef.extensions.deviceCustomIPv6Address2Label`*:: + -- -Policy installation status for a specific blade. - +All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. type: keyword -- -*`checkpoint.layer_name`*:: +*`cef.extensions.deviceCustomIPv6Address3`*:: + -- -Layer name. - +One of four IPv6 address fields available to map fields that do not apply to any other in this dictionary. -type: keyword +type: ip -- -*`checkpoint.layer_uuid`*:: +*`cef.extensions.deviceCustomIPv6Address3Label`*:: + -- -Layer UUID. - +All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. type: keyword -- -*`checkpoint.log_id`*:: +*`cef.extensions.deviceCustomIPv6Address4`*:: + -- -Unique identity for logs. - +One of four IPv6 address fields available to map fields that do not apply to any other in this dictionary. -type: integer +type: ip -- -*`checkpoint.malware_family`*:: +*`cef.extensions.deviceCustomIPv6Address4Label`*:: + -- -Additional information on protection. - +All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. type: keyword -- -*`checkpoint.origin_sic_name`*:: +*`cef.extensions.deviceCustomNumber1`*:: + -- -Machine SIC. - +One of three number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. -type: keyword +type: long -- -*`checkpoint.policy_mgmt`*:: +*`cef.extensions.deviceCustomNumber1Label`*:: + -- -Name of the Management Server that manages this Security Gateway. - +All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. type: keyword -- -*`checkpoint.policy_name`*:: +*`cef.extensions.deviceCustomNumber2`*:: + -- -Name of the last policy that this Security Gateway fetched. - +One of three number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. -type: keyword +type: long -- -*`checkpoint.protection_id`*:: +*`cef.extensions.deviceCustomNumber2Label`*:: + -- -Protection malware id. - +All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. type: keyword -- -*`checkpoint.protection_name`*:: +*`cef.extensions.deviceCustomNumber3`*:: + -- -Specific signature name of the attack. - +One of three number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. -type: keyword +type: long -- -*`checkpoint.protection_type`*:: +*`cef.extensions.deviceCustomNumber3Label`*:: + -- -Type of protection used to detect the attack. - +All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. type: keyword -- -*`checkpoint.protocol`*:: +*`cef.extensions.deviceCustomString1`*:: + -- -Protocol detected on the connection. - +One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. type: keyword -- -*`checkpoint.proxy_src_ip`*:: +*`cef.extensions.deviceCustomString1Label`*:: + -- -Sender source IP (even when using proxy). - +All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. -type: ip +type: keyword -- -*`checkpoint.rule`*:: +*`cef.extensions.deviceCustomString2`*:: + -- -Matched rule number. - +One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. -type: integer +type: keyword -- -*`checkpoint.rule_action`*:: +*`cef.extensions.deviceCustomString2Label`*:: + -- -Action of the matched rule in the access policy. - +All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. type: keyword -- -*`checkpoint.scan_direction`*:: +*`cef.extensions.deviceCustomString3`*:: + -- -Scan direction. - +One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. type: keyword -- -*`checkpoint.session_id`*:: +*`cef.extensions.deviceCustomString3Label`*:: + -- -Log uuid. - +All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. type: keyword -- -*`checkpoint.source_os`*:: +*`cef.extensions.deviceCustomString4`*:: + -- -OS which generated the attack. - +One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. type: keyword -- -*`checkpoint.src_country`*:: +*`cef.extensions.deviceCustomString4Label`*:: + -- -Country name, derived from connection source IP address. - +All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. type: keyword -- -*`checkpoint.src_user_name`*:: +*`cef.extensions.deviceCustomString5`*:: + -- -User name connected to source IP - +One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. type: keyword -- -*`checkpoint.ticket_id`*:: +*`cef.extensions.deviceCustomString5Label`*:: + -- -Unique ID per file. - +All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. type: keyword -- -*`checkpoint.tls_server_host_name`*:: +*`cef.extensions.deviceCustomString6`*:: + -- -SNI/CN from encrypted TLS connection used by URLF for categorization. - +One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. type: keyword -- -*`checkpoint.verdict`*:: +*`cef.extensions.deviceCustomString6Label`*:: + -- -TE engine verdict Possible values: Malicious/Benign/Error. - +All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. type: keyword -- -*`checkpoint.user`*:: +*`cef.extensions.deviceDirection`*:: + -- -Source user name. - +Any information about what direction the observed communication has taken. The following values are supported - "0" for inbound or "1" for outbound. -type: keyword +type: long -- -*`checkpoint.vendor_list`*:: +*`cef.extensions.deviceDnsDomain`*:: + -- -The vendor name that provided the verdict for a malicious URL. - +The DNS domain part of the complete fully qualified domain name (FQDN). type: keyword -- -*`checkpoint.web_server_type`*:: +*`cef.extensions.deviceEventCategory`*:: + -- -Web server detected in the HTTP response. - +Represents the category assigned by the originating device. Devices often use their own categorization schema to classify event. Example "/Monitor/Disk/Read". type: keyword -- -*`checkpoint.client_name`*:: +*`cef.extensions.deviceExternalId`*:: + -- -Client Application or Software Blade that detected the event. - +A name that uniquely identifies the device generating this event. type: keyword -- -*`checkpoint.client_version`*:: +*`cef.extensions.deviceFacility`*:: + -- -Build version of SandBlast Agent client installed on the computer. - +The facility generating this event. For example, Syslog has an explicit facility associated with every event. type: keyword -- -*`checkpoint.extension_version`*:: +*`cef.extensions.deviceFlexNumber1`*:: + -- -Build version of the SandBlast Agent browser extension. - +One of two alternative number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. -type: keyword +type: long -- -*`checkpoint.host_time`*:: +*`cef.extensions.deviceFlexNumber1Label`*:: + -- -Local time on the endpoint computer. - +All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. type: keyword -- -*`checkpoint.installed_products`*:: +*`cef.extensions.deviceFlexNumber2`*:: + -- -List of installed Endpoint Software Blades. - +One of two alternative number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. -type: keyword +type: long -- -*`checkpoint.cc`*:: +*`cef.extensions.deviceFlexNumber2Label`*:: + -- -The Carbon Copy address of the email. - +All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. type: keyword -- -*`checkpoint.parent_process_username`*:: +*`cef.extensions.deviceHostName`*:: + -- -Owner username of the parent process of the process that triggered the attack. - +The format should be a fully qualified domain name (FQDN) associated with the device node, when a node is available. type: keyword -- -*`checkpoint.process_username`*:: +*`cef.extensions.deviceInboundInterface`*:: + -- -Owner username of the process that triggered the attack. - +Interface on which the packet or data entered the device. type: keyword -- -*`checkpoint.audit_status`*:: +*`cef.extensions.deviceMacAddress`*:: + -- -Audit Status. Can be Success or Failure. - +Six colon-separated hexadecimal numbers. type: keyword -- -*`checkpoint.objecttable`*:: +*`cef.extensions.deviceNtDomain`*:: + -- -Table of affected objects. - +The Windows domain name of the device address. type: keyword -- -*`checkpoint.objecttype`*:: +*`cef.extensions.deviceOutboundInterface`*:: + -- -The type of the affected object. - +Interface on which the packet or data left the device. type: keyword -- -*`checkpoint.operation_number`*:: +*`cef.extensions.devicePayloadId`*:: + -- -The operation nuber. - +Unique identifier for the payload associated with the event. type: keyword -- -*`checkpoint.email_recipients_num`*:: +*`cef.extensions.deviceProcessId`*:: + -- -Amount of recipients whom the mail was sent to. - +Provides the ID of the process on the device generating the event. -type: integer +type: long -- -*`checkpoint.suppressed_logs`*:: +*`cef.extensions.deviceProcessName`*:: + -- -Aggregated connections for five minutes on the same source, destination and port. - +Process name associated with the event. An example might be the process generating the syslog entry in UNIX. -type: integer +type: keyword -- -*`checkpoint.blade_name`*:: +*`cef.extensions.deviceReceiptTime`*:: + -- -Blade name. - +The time at which the event related to the activity was received. The format is MMM dd yyyy HH:mm:ss or milliseconds since epoch (Jan 1st 1970) -type: keyword +type: date -- -*`checkpoint.status`*:: +*`cef.extensions.deviceTimeZone`*:: + -- -Ok/Warning/Error. - +The time zone for the device generating the event. type: keyword -- -*`checkpoint.short_desc`*:: +*`cef.extensions.deviceTranslatedAddress`*:: + -- -Short description of the process that was executed. +Identifies the translated device address that the event refers to in an IP network. +type: ip + +-- + +*`cef.extensions.deviceTranslatedZoneExternalID`*:: ++ +-- +None type: keyword -- -*`checkpoint.long_desc`*:: +*`cef.extensions.deviceTranslatedZoneURI`*:: + -- -More information on the process (usually describing error reason in failure). - +The URI for the Translated Zone that the device asset has been assigned to in ArcSight. type: keyword -- -*`checkpoint.scan_hosts_hour`*:: +*`cef.extensions.deviceZoneExternalID`*:: + -- -Number of unique hosts during the last hour. - +None -type: integer +type: keyword -- -*`checkpoint.scan_hosts_day`*:: +*`cef.extensions.deviceZoneURI`*:: + -- -Number of unique hosts during the last day. - +Thee URI for the Zone that the device asset has been assigned to in ArcSight. -type: integer +type: keyword -- -*`checkpoint.scan_hosts_week`*:: +*`cef.extensions.endTime`*:: + -- -Number of unique hosts during the last week. - +The time at which the activity related to the event ended. The format is MMM dd yyyy HH:mm:ss or milliseconds since epoch (Jan 1st1970). An example would be reporting the end of a session. -type: integer +type: date -- -*`checkpoint.unique_detected_hour`*:: +*`cef.extensions.eventId`*:: + -- -Detected virus for a specific host during the last hour. - +This is a unique ID that ArcSight assigns to each event. -type: integer +type: long -- -*`checkpoint.unique_detected_day`*:: +*`cef.extensions.eventOutcome`*:: + -- -Detected virus for a specific host during the last day. - +Displays the outcome, usually as 'success' or 'failure'. -type: integer +type: keyword -- -*`checkpoint.unique_detected_week`*:: +*`cef.extensions.externalId`*:: + -- -Detected virus for a specific host during the last week. - +The ID used by an originating device. They are usually increasing numbers, associated with events. -type: integer +type: keyword -- -*`checkpoint.scan_mail`*:: +*`cef.extensions.fileCreateTime`*:: + -- -Number of emails that were scanned by "AB malicious activity" engine. - +Time when the file was created. -type: integer +type: date -- -*`checkpoint.additional_ip`*:: +*`cef.extensions.fileHash`*:: + -- -DNS host name. - +Hash of a file. type: keyword -- -*`checkpoint.description`*:: +*`cef.extensions.fileId`*:: + -- -Additional explanation how the security gateway enforced the connection. - +An ID associated with a file could be the inode. type: keyword -- -*`checkpoint.email_spam_category`*:: +*`cef.extensions.fileModificationTime`*:: + -- -Email categories. Possible values: spam/not spam/phishing. - +Time when the file was last modified. -type: keyword +type: date -- -*`checkpoint.email_control_analysis`*:: +*`cef.extensions.filename`*:: + -- -Message classification, received from spam vendor engine. - +Name of the file only (without its path). type: keyword -- -*`checkpoint.scan_results`*:: +*`cef.extensions.filePath`*:: + -- -"Infected"/description of a failure. - +Full path to the file, including file name itself. type: keyword -- -*`checkpoint.original_queue_id`*:: +*`cef.extensions.filePermission`*:: + -- -Original postfix email queue id. - +Permissions of the file. type: keyword -- -*`checkpoint.risk`*:: +*`cef.extensions.fileSize`*:: + -- -Risk level we got from the engine. - +Size of the file. -type: keyword +type: long -- -*`checkpoint.observable_name`*:: +*`cef.extensions.fileType`*:: + -- -IOC observable signature name. - +Type of file (pipe, socket, etc.) type: keyword -- -*`checkpoint.observable_id`*:: +*`cef.extensions.flexDate1`*:: + -- -IOC observable signature id. - +A timestamp field available to map a timestamp that does not apply to any other defined timestamp field in this dictionary. Use all flex fields sparingly and seek a more specific, dictionary supplied field when possible. These fields are typically reserved for customer use and should not be set by vendors unless necessary. -type: keyword +type: date -- -*`checkpoint.observable_comment`*:: +*`cef.extensions.flexDate1Label`*:: + -- -IOC observable signature description. - +The label field is a string and describes the purpose of the flex field. type: keyword -- -*`checkpoint.indicator_name`*:: +*`cef.extensions.flexString1`*:: + -- -IOC indicator name. - +One of four floating point fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. These fields are typically reserved for customer use and should not be set by vendors unless necessary. type: keyword -- -*`checkpoint.indicator_description`*:: +*`cef.extensions.flexString2`*:: + -- -IOC indicator description. - +One of four floating point fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. These fields are typically reserved for customer use and should not be set by vendors unless necessary. type: keyword -- -*`checkpoint.indicator_reference`*:: +*`cef.extensions.flexString1Label`*:: + -- -IOC indicator reference. - +The label field is a string and describes the purpose of the flex field. type: keyword -- -*`checkpoint.indicator_uuid`*:: +*`cef.extensions.flexString2Label`*:: + -- -IOC indicator uuid. - +The label field is a string and describes the purpose of the flex field. type: keyword -- -*`checkpoint.app_desc`*:: +*`cef.extensions.message`*:: + -- -Application description. - +An arbitrary message giving more details about the event. Multi-line entries can be produced by using \n as the new line separator. type: keyword -- -*`checkpoint.app_id`*:: +*`cef.extensions.oldFileCreateTime`*:: + -- -Application ID. - +Time when old file was created. -type: integer +type: date -- -*`checkpoint.app_sig_id`*:: +*`cef.extensions.oldFileHash`*:: + -- -IOC indicator description. - +Hash of the old file. type: keyword -- -*`checkpoint.certificate_resource`*:: +*`cef.extensions.oldFileId`*:: + -- -HTTPS resource Possible values: SNI or domain name (DN). - +An ID associated with the old file could be the inode. type: keyword -- -*`checkpoint.certificate_validation`*:: +*`cef.extensions.oldFileModificationTime`*:: + -- -Precise error, describing HTTPS certificate failure under "HTTPS categorize websites" feature. - +Time when old file was last modified. -type: keyword +type: date -- -*`checkpoint.browse_time`*:: +*`cef.extensions.oldFileName`*:: + -- -Application session browse time. - +Name of the old file. type: keyword -- -*`checkpoint.limit_requested`*:: +*`cef.extensions.oldFilePath`*:: + -- -Indicates whether data limit was requested for the session. - +Full path to the old file, including the file name itself. -type: integer +type: keyword -- -*`checkpoint.limit_applied`*:: +*`cef.extensions.oldFilePermission`*:: + -- -Indicates whether the session was actually date limited. - +Permissions of the old file. -type: integer +type: keyword -- -*`checkpoint.dropped_total`*:: +*`cef.extensions.oldFileSize`*:: + -- -Amount of dropped packets (both incoming and outgoing). - +Size of the old file. -type: integer +type: long -- -*`checkpoint.client_type_os`*:: +*`cef.extensions.oldFileType`*:: + -- -Client OS detected in the HTTP request. - +Type of the old file (pipe, socket, etc.) type: keyword -- -*`checkpoint.name`*:: +*`cef.extensions.rawEvent`*:: + -- -Application name. - +None type: keyword -- -*`checkpoint.properties`*:: +*`cef.extensions.Reason`*:: + -- -Application categories. - +The reason an audit event was generated. For example "bad password" or "unknown user". This could also be an error or return code. Example "0x1234". type: keyword -- -*`checkpoint.sig_id`*:: +*`cef.extensions.requestClientApplication`*:: + -- -Application's signature ID which how it was detected by. - +The User-Agent associated with the request. type: keyword -- -*`checkpoint.desc`*:: +*`cef.extensions.requestContext`*:: + -- -Override application description. - +Description of the content from which the request originated (for example, HTTP Referrer) type: keyword -- -*`checkpoint.referrer_self_uid`*:: +*`cef.extensions.requestCookies`*:: + -- -UUID of the current log. - +Cookies associated with the request. type: keyword -- -*`checkpoint.referrer_parent_uid`*:: +*`cef.extensions.requestMethod`*:: + -- -Log UUID of the referring application. - +The HTTP method used to access a URL. type: keyword -- -*`checkpoint.needs_browse_time`*:: +*`cef.extensions.requestUrl`*:: + -- -Browse time required for the connection. - +In the case of an HTTP request, this field contains the URL accessed. The URL should contain the protocol as well. -type: integer +type: keyword -- -*`checkpoint.cluster_info`*:: +*`cef.extensions.sourceAddress`*:: + -- -Cluster information. Possible options: Failover reason/cluster state changes/CP cluster or 3rd party. - +Identifies the source that an event refers to in an IP network. -type: keyword +type: ip -- -*`checkpoint.sync`*:: +*`cef.extensions.sourceDnsDomain`*:: + -- -Sync status and the reason (stable, at risk). - +The DNS domain part of the complete fully qualified domain name (FQDN). type: keyword -- -*`checkpoint.file_direction`*:: +*`cef.extensions.sourceGeoLatitude`*:: + -- -File direction. Possible options: upload/download. - +None -type: keyword +type: double -- -*`checkpoint.invalid_file_size`*:: +*`cef.extensions.sourceGeoLongitude`*:: + -- -File_size field is valid only if this field is set to 0. - +None -type: integer +type: double -- -*`checkpoint.top_archive_file_name`*:: +*`cef.extensions.sourceHostName`*:: + -- -In case of archive file: the file that was sent/received. +Identifies the source that an event refers to in an IP network. The format should be a fully qualified domain name (FQDN) associated with the source node, when a mode is available. Examples: 'host' or 'host.domain.com'. type: keyword -- -*`checkpoint.data_type_name`*:: +*`cef.extensions.sourceMacAddress`*:: + -- -Data type in rulebase that was matched. - +Six colon-separated hexadecimal numbers. type: keyword +example: 00:0d:60:af:1b:61 + -- -*`checkpoint.specific_data_type_name`*:: +*`cef.extensions.sourceNtDomain`*:: + -- -Compound/Group scenario, data type that was matched. - +The Windows domain name for the source address. type: keyword -- -*`checkpoint.word_list`*:: +*`cef.extensions.sourcePort`*:: + -- -Words matched by data type. - +The valid port numbers are 0 to 65535. -type: keyword +type: long -- -*`checkpoint.info`*:: +*`cef.extensions.sourceProcessId`*:: + -- -Special log message. - +The ID of the source process associated with the event. -type: keyword +type: long -- -*`checkpoint.outgoing_url`*:: +*`cef.extensions.sourceProcessName`*:: + -- -URL related to this log (for HTTP). - +The name of the event's source process. type: keyword -- -*`checkpoint.dlp_rule_name`*:: +*`cef.extensions.sourceServiceName`*:: + -- -Matched rule name. - +The service that is responsible for generating this event. type: keyword -- -*`checkpoint.dlp_recipients`*:: +*`cef.extensions.sourceTranslatedAddress`*:: + -- -Mail recipients. - +Identifies the translated source that the event refers to in an IP network. -type: keyword +type: ip -- -*`checkpoint.dlp_subject`*:: +*`cef.extensions.sourceTranslatedPort`*:: + -- -Mail subject. - +A port number after being translated by, for example, a firewall. Valid port numbers are 0 to 65535. -type: keyword +type: long -- -*`checkpoint.dlp_word_list`*:: +*`cef.extensions.sourceTranslatedZoneExternalID`*:: + -- -Phrases matched by data type. - +None type: keyword -- -*`checkpoint.dlp_template_score`*:: +*`cef.extensions.sourceTranslatedZoneURI`*:: + -- -Template data type match score. - +The URI for the Translated Zone that the destination asset has been assigned to in ArcSight. type: keyword -- -*`checkpoint.message_size`*:: +*`cef.extensions.sourceUserId`*:: + -- -Mail/post size. - +Identifies the source user by ID. This is the user associated with the source of the event. For example, in UNIX, the root user is generally associated with user ID 0. -type: integer +type: keyword -- -*`checkpoint.dlp_incident_uid`*:: +*`cef.extensions.sourceUserName`*:: + -- -Unique ID of the matched rule. - +Identifies the source user by name. Email addresses are also mapped into the UserName fields. The sender is a candidate to put into this field. type: keyword -- -*`checkpoint.dlp_related_incident_uid`*:: +*`cef.extensions.sourceUserPrivileges`*:: + -- -Other ID related to this one. - +The typical values are "Administrator", "User", and "Guest". It identifies the source user's privileges. In UNIX, for example, activity executed by the root user would be identified with "Administrator". type: keyword -- -*`checkpoint.dlp_data_type_name`*:: +*`cef.extensions.sourceZoneExternalID`*:: + -- -Matched data type. - +None type: keyword -- -*`checkpoint.dlp_data_type_uid`*:: +*`cef.extensions.sourceZoneURI`*:: + -- -Unique ID of the matched data type. - +The URI for the Zone that the source asset has been assigned to in ArcSight. type: keyword -- -*`checkpoint.dlp_violation_description`*:: +*`cef.extensions.startTime`*:: + -- -Violation descriptions described in the rulebase. - +The time when the activity the event referred to started. The format is MMM dd yyyy HH:mm:ss or milliseconds since epoch (Jan 1st 1970) -type: keyword +type: date -- -*`checkpoint.dlp_relevant_data_types`*:: +*`cef.extensions.transportProtocol`*:: + -- -In case of Compound/Group: the inner data types that were matched. - +Identifies the Layer-4 protocol used. The possible values are protocols such as TCP or UDP. type: keyword -- -*`checkpoint.dlp_action_reason`*:: +*`cef.extensions.type`*:: + -- -Action chosen reason. - +0 means base event, 1 means aggregated, 2 means correlation, and 3 means action. This field can be omitted for base events (type 0). -type: keyword +type: long -- -*`checkpoint.dlp_categories`*:: +*`cef.extensions.categoryDeviceType`*:: + -- -Data type category. - +Device type. Examples - Proxy, IDS, Web Server type: keyword -- -*`checkpoint.dlp_transint`*:: +*`cef.extensions.categoryObject`*:: + -- -HTTP/SMTP/FTP. - +Object that the event is about. For example it can be an operating sytem, database, file, etc. type: keyword -- -*`checkpoint.duplicate`*:: +*`cef.extensions.categoryBehavior`*:: + -- -Log marked as duplicated, when mail is split and the Security Gateway sees it twice. - +Action or a behavior associated with an event. It's what is being done to the object. type: keyword -- -*`checkpoint.incident_extension`*:: +*`cef.extensions.categoryTechnique`*:: + -- -Matched data type. - +Technique being used (e.g. /DoS). type: keyword -- -*`checkpoint.matched_file`*:: +*`cef.extensions.categoryDeviceGroup`*:: + -- -Unique ID of the matched data type. - +General device group like Firewall. type: keyword -- -*`checkpoint.matched_file_text_segments`*:: +*`cef.extensions.categorySignificance`*:: + -- -Fingerprint: number of text segments matched by this traffic. +Characterization of the importance of the event. - -type: integer +type: keyword -- -*`checkpoint.matched_file_percentage`*:: +*`cef.extensions.categoryOutcome`*:: + -- -Fingerprint: match percentage of the traffic. - +Outcome of the event (e.g. sucess, failure, or attempt). -type: integer +type: keyword -- -*`checkpoint.dlp_additional_action`*:: +*`cef.extensions.managerReceiptTime`*:: + -- -Watermark/None. - +When the Arcsight ESM received the event. -type: keyword +type: date -- -*`checkpoint.dlp_watermark_profile`*:: +*`source.service.name`*:: + -- -Watermark which was applied. - +Service that is the source of the event. type: keyword -- -*`checkpoint.dlp_repository_id`*:: +*`destination.service.name`*:: + -- -ID of scanned repository. - +Service that is the target of the event. type: keyword -- -*`checkpoint.dlp_repository_root_path`*:: -+ --- -Repository path. +[[exported-fields-cef-module]] +== CEF fields +Module for receiving CEF logs over Syslog. The module adds vendor specific fields in addition to the fields the decode_cef processor provides. -type: keyword --- -*`checkpoint.scan_id`*:: -+ --- -Sequential number of scan. +[float] +=== forcepoint +Fields for Forcepoint Custom String mappings -type: keyword --- -*`checkpoint.special_properties`*:: +*`forcepoint.virus_id`*:: + -- -If this field is set to '1' the log will not be shown (in use for monitoring scan progress). +Virus ID -type: integer +type: keyword -- -*`checkpoint.dlp_repository_total_size`*:: -+ --- -Repository size. +[float] +=== checkpoint +Fields for Check Point custom string mappings. -type: integer --- -*`checkpoint.dlp_repository_files_number`*:: +*`checkpoint.app_risk`*:: + -- -Number of files in repository. - +Application risk. -type: integer +type: keyword -- -*`checkpoint.dlp_repository_scanned_files_number`*:: +*`checkpoint.app_severity`*:: + -- -Number of scanned files in repository. - +Application threat severity. -type: integer +type: keyword -- -*`checkpoint.duration`*:: +*`checkpoint.app_sig_id`*:: + -- -Scan duration. - +The signature ID which the application was detected by. type: keyword -- -*`checkpoint.dlp_fingerprint_long_status`*:: +*`checkpoint.auth_method`*:: + -- -Scan status - long format. - +Password authentication protocol used. type: keyword -- -*`checkpoint.dlp_fingerprint_short_status`*:: +*`checkpoint.category`*:: + -- -Scan status - short format. - +Category. type: keyword -- -*`checkpoint.dlp_repository_directories_number`*:: +*`checkpoint.confidence_level`*:: + -- -Number of directories in repository. - +Confidence level determined. type: integer -- -*`checkpoint.dlp_repository_unreachable_directories_number`*:: +*`checkpoint.connectivity_state`*:: + -- -Number of directories the Security Gateway was unable to read. - +Connectivity state. -type: integer +type: keyword -- -*`checkpoint.dlp_fingerprint_files_number`*:: +*`checkpoint.cookie`*:: + -- -Number of successfully scanned files in repository. - +IKE cookie. -type: integer +type: keyword -- -*`checkpoint.dlp_repository_skipped_files_number`*:: +*`checkpoint.dst_phone_number`*:: + -- -Skipped number of files because of configuration. - +Destination IP-Phone. -type: integer +type: keyword -- -*`checkpoint.dlp_repository_scanned_directories_number`*:: +*`checkpoint.email_control`*:: + -- -Amount of directories scanned. - +Engine name. -type: integer +type: keyword -- -*`checkpoint.number_of_errors`*:: +*`checkpoint.email_id`*:: + -- -Number of files that were not scanned due to an error. - +Internal email ID. -type: integer +type: keyword -- -*`checkpoint.next_scheduled_scan_date`*:: +*`checkpoint.email_recipients_num`*:: + -- -Next scan scheduled time according to time object. +Number of recipients. + +type: long + +-- +*`checkpoint.email_session_id`*:: ++ +-- +Internal email session ID. type: keyword -- -*`checkpoint.dlp_repository_scanned_total_size`*:: +*`checkpoint.email_spool_id`*:: + -- -Size scanned. - +Internal email spool ID. -type: integer +type: keyword -- -*`checkpoint.dlp_repository_reached_directories_number`*:: +*`checkpoint.email_subject`*:: + -- -Number of scanned directories in repository. - +Email subject. -type: integer +type: keyword -- -*`checkpoint.dlp_repository_not_scanned_directories_percentage`*:: +*`checkpoint.event_count`*:: + -- -Percentage of directories the Security Gateway was unable to read. - +Number of events associated with the log. -type: integer +type: long -- -*`checkpoint.speed`*:: +*`checkpoint.frequency`*:: + -- -Current scan speed. - +Scan frequency. -type: integer +type: keyword -- -*`checkpoint.dlp_repository_scan_progress`*:: +*`checkpoint.icmp_type`*:: + -- -Scan percentage. - +ICMP type. -type: integer +type: long -- -*`checkpoint.sub_policy_name`*:: +*`checkpoint.icmp_code`*:: + -- -Layer name. - +ICMP code. -type: keyword +type: long -- -*`checkpoint.sub_policy_uid`*:: +*`checkpoint.identity_type`*:: + -- -Layer uid. - +Identity type. type: keyword -- -*`checkpoint.fw_message`*:: +*`checkpoint.incident_extension`*:: + -- -Used for various firewall errors. - +Format of original data. type: keyword -- -*`checkpoint.message`*:: +*`checkpoint.integrity_av_invoke_type`*:: + -- -ISP link has failed. - +Scan invoke type. type: keyword -- -*`checkpoint.isp_link`*:: +*`checkpoint.malware_family`*:: + -- -Name of ISP link. - +Malware family. type: keyword -- -*`checkpoint.fw_subproduct`*:: +*`checkpoint.peer_gateway`*:: + -- -Can be vpn/non vpn. - +Main IP of the peer Security Gateway. -type: keyword +type: ip -- -*`checkpoint.sctp_error`*:: +*`checkpoint.performance_impact`*:: + -- -Error information, what caused sctp to fail on out_of_state. - +Protection performance impact. -type: keyword +type: integer -- -*`checkpoint.chunk_type`*:: +*`checkpoint.protection_id`*:: + -- -Chunck of the sctp stream. - +Protection malware ID. type: keyword -- -*`checkpoint.sctp_association_state`*:: +*`checkpoint.protection_name`*:: + -- -The bad state you were trying to update to. - +Specific signature name of the attack. type: keyword -- -*`checkpoint.tcp_packet_out_of_state`*:: +*`checkpoint.protection_type`*:: + -- -State violation. - +Type of protection used to detect the attack. type: keyword -- -*`checkpoint.tcp_flags`*:: +*`checkpoint.scan_result`*:: + -- -TCP packet flags (SYN, ACK, etc.,). - +Scan result. type: keyword -- -*`checkpoint.connectivity_level`*:: +*`checkpoint.sensor_mode`*:: + -- -Log for a new connection in wire mode. - +Sensor mode. type: keyword -- -*`checkpoint.ip_option`*:: +*`checkpoint.severity`*:: + -- -IP option that was dropped. - +Threat severity. -type: integer +type: keyword -- -*`checkpoint.tcp_state`*:: +*`checkpoint.spyware_name`*:: + -- -Log reinting a tcp state change. - +Spyware name. type: keyword -- -*`checkpoint.expire_time`*:: +*`checkpoint.spyware_status`*:: + -- -Connection closing time. - +Spyware status. type: keyword -- -*`checkpoint.icmp_type`*:: +*`checkpoint.subs_exp`*:: + -- -In case a connection is ICMP, type info will be added to the log. - +The expiration date of the subscription. -type: integer +type: date -- -*`checkpoint.icmp_code`*:: +*`checkpoint.tcp_flags`*:: + -- -In case a connection is ICMP, code info will be added to the log. - +TCP packet flags. -type: integer +type: keyword -- -*`checkpoint.rpc_prog`*:: +*`checkpoint.termination_reason`*:: + -- -Log for new RPC state - prog values. - +Termination reason. -type: integer +type: keyword -- -*`checkpoint.dce-rpc_interface_uuid`*:: +*`checkpoint.update_status`*:: + -- -Log for new RPC state - UUID values - +Update status. type: keyword -- -*`checkpoint.elapsed`*:: +*`checkpoint.user_status`*:: + -- -Time passed since start time. - +User response. type: keyword -- -*`checkpoint.icmp`*:: +*`checkpoint.uuid`*:: + -- -Number of packets, received by the client. - +External ID. type: keyword -- -*`checkpoint.capture_uuid`*:: +*`checkpoint.virus_name`*:: + -- -UUID generated for the capture. Used when enabling the capture when logging. - +Virus name. type: keyword -- -*`checkpoint.diameter_app_ID`*:: +*`checkpoint.voip_log_type`*:: + -- -The ID of diameter application. - +VoIP log types. -type: integer +type: keyword -- -*`checkpoint.diameter_cmd_code`*:: -+ --- -Diameter not allowed application command id. +[float] +=== cef.extensions +Extra vendor-specific extensions. -type: integer --- -*`checkpoint.diameter_msg_type`*:: +*`cef.extensions.cp_app_risk`*:: + -- -Diameter message type. - - type: keyword -- -*`checkpoint.cp_message`*:: +*`cef.extensions.cp_severity`*:: + -- -Used to log a general message. - - -type: integer +type: keyword -- -*`checkpoint.log_delay`*:: +*`cef.extensions.ifname`*:: + -- -Time left before deleting template. - - -type: integer +type: keyword -- -*`checkpoint.attack_status`*:: +*`cef.extensions.inzone`*:: + -- -In case of a malicious event on an endpoint computer, the status of the attack. - - type: keyword -- -*`checkpoint.impacted_files`*:: +*`cef.extensions.layer_uuid`*:: + -- -In case of an infection on an endpoint computer, the list of files that the malware impacted. - - type: keyword -- -*`checkpoint.remediated_files`*:: +*`cef.extensions.layer_name`*:: + -- -In case of an infection and a successful cleaning of that infection, this is a list of remediated files on the computer. - - type: keyword -- -*`checkpoint.triggered_by`*:: +*`cef.extensions.logid`*:: + -- -The name of the mechanism that triggered the Software Blade to enforce a protection. - - type: keyword -- -*`checkpoint.https_inspection_rule_id`*:: +*`cef.extensions.loguid`*:: + -- -ID of the matched rule. - - type: keyword -- -*`checkpoint.https_inspection_rule_name`*:: +*`cef.extensions.match_id`*:: + -- -Name of the matched rule. - - type: keyword -- -*`checkpoint.app_properties`*:: +*`cef.extensions.nat_addtnl_rulenum`*:: + -- -List of all found categories. - - type: keyword -- -*`checkpoint.https_validation`*:: +*`cef.extensions.nat_rulenum`*:: + -- -Precise error, describing HTTPS inspection failure. - - type: keyword -- -*`checkpoint.https_inspection_action`*:: +*`cef.extensions.origin`*:: + -- -HTTPS inspection action (Inspect/Bypass/Error). - - type: keyword -- -*`checkpoint.icap_service_id`*:: +*`cef.extensions.originsicname`*:: + -- -Service ID, can work with multiple servers, treated as services. - - -type: integer +type: keyword -- -*`checkpoint.icap_server_name`*:: +*`cef.extensions.outzone`*:: + -- -Server name. - - type: keyword -- -*`checkpoint.internal_error`*:: +*`cef.extensions.parent_rule`*:: + -- -Internal error, for troubleshooting - - type: keyword -- -*`checkpoint.icap_more_info`*:: +*`cef.extensions.product`*:: + -- -Free text for verdict. - - -type: integer +type: keyword -- -*`checkpoint.reply_status`*:: +*`cef.extensions.rule_action`*:: + -- -ICAP reply status code, e.g. 200 or 204. - - -type: integer +type: keyword -- -*`checkpoint.icap_server_service`*:: +*`cef.extensions.rule_uid`*:: + -- -Service name, as given in the ICAP URI - - type: keyword -- -*`checkpoint.mirror_and_decrypt_type`*:: +*`cef.extensions.sequencenum`*:: + -- -Information about decrypt and forward. Possible values: Mirror only, Decrypt and mirror, Partial mirroring (HTTPS inspection Bypass). - - type: keyword -- -*`checkpoint.interface_name`*:: +*`cef.extensions.service_id`*:: + -- -Designated interface for mirror And decrypt. - - type: keyword -- -*`checkpoint.session_uid`*:: +*`cef.extensions.version`*:: + -- -HTTP session-id. - - type: keyword -- -*`checkpoint.broker_publisher`*:: -+ --- -IP address of the broker publisher who shared the session information. +[[exported-fields-cef-module]] +== CEF fields +Module for receiving CEF logs over Syslog. The module adds vendor specific fields in addition to the fields the decode_cef processor provides. -type: ip --- -*`checkpoint.src_user_dn`*:: -+ --- -User distinguished name connected to source IP. +[float] +=== forcepoint +Fields for Forcepoint Custom String mappings -type: keyword --- -*`checkpoint.proxy_user_name`*:: +*`forcepoint.virus_id`*:: + -- -User name connected to proxy IP. +Virus ID type: keyword -- -*`checkpoint.proxy_machine_name`*:: +[float] +=== checkpoint + +Fields for Check Point custom string mappings. + + + +*`checkpoint.app_risk`*:: + -- -Machine name connected to proxy IP. - +Application risk. -type: integer +type: keyword -- -*`checkpoint.proxy_user_dn`*:: +*`checkpoint.app_severity`*:: + -- -User distinguished name connected to proxy IP. - +Application threat severity. type: keyword -- -*`checkpoint.query`*:: +*`checkpoint.app_sig_id`*:: + -- -DNS query. - +The signature ID which the application was detected by. type: keyword -- -*`checkpoint.dns_query`*:: +*`checkpoint.auth_method`*:: + -- -DNS query. - +Password authentication protocol used. type: keyword -- -*`checkpoint.inspection_item`*:: +*`checkpoint.category`*:: + -- -Blade element performed inspection. - +Category. type: keyword -- -*`checkpoint.performance_impact`*:: +*`checkpoint.confidence_level`*:: + -- -Protection performance impact. - +Confidence level determined. type: integer -- -*`checkpoint.inspection_category`*:: +*`checkpoint.connectivity_state`*:: + -- -Inspection category: protocol anomaly, signature etc. - +Connectivity state. type: keyword -- -*`checkpoint.inspection_profile`*:: +*`checkpoint.cookie`*:: + -- -Profile which the activated protection belongs to. - +IKE cookie. type: keyword -- -*`checkpoint.summary`*:: +*`checkpoint.dst_phone_number`*:: + -- -Summary message of a non-compliant DNS traffic drops or detects. - +Destination IP-Phone. type: keyword -- -*`checkpoint.question_rdata`*:: +*`checkpoint.email_control`*:: + -- -List of question records domains. - +Engine name. type: keyword -- -*`checkpoint.answer_rdata`*:: +*`checkpoint.email_id`*:: + -- -List of answer resource records to the questioned domains. - +Internal email ID. type: keyword -- -*`checkpoint.authority_rdata`*:: +*`checkpoint.email_recipients_num`*:: + -- -List of authoritative servers. - +Number of recipients. -type: keyword +type: long -- -*`checkpoint.additional_rdata`*:: +*`checkpoint.email_session_id`*:: + -- -List of additional resource records. - +Internal email session ID. type: keyword -- -*`checkpoint.files_names`*:: +*`checkpoint.email_spool_id`*:: + -- -List of files requested by FTP. - +Internal email spool ID. type: keyword -- -*`checkpoint.ftp_user`*:: +*`checkpoint.email_subject`*:: + -- -FTP username. - +Email subject. type: keyword -- -*`checkpoint.mime_from`*:: +*`checkpoint.event_count`*:: + -- -Sender's address. - +Number of events associated with the log. -type: keyword +type: long -- -*`checkpoint.mime_to`*:: +*`checkpoint.frequency`*:: + -- -List of receiver address. - +Scan frequency. type: keyword -- -*`checkpoint.bcc`*:: +*`checkpoint.icmp_type`*:: + -- -List of BCC addresses. - +ICMP type. -type: keyword +type: long -- -*`checkpoint.content_type`*:: +*`checkpoint.icmp_code`*:: + -- -Mail content type. Possible values: application/msword, text/html, image/gif etc. - +ICMP code. -type: keyword +type: long -- -*`checkpoint.user_agent`*:: +*`checkpoint.identity_type`*:: + -- -String identifying requesting software user agent. - +Identity type. type: keyword -- -*`checkpoint.referrer`*:: +*`checkpoint.incident_extension`*:: + -- -Referrer HTTP request header, previous web page address. - +Format of original data. type: keyword -- -*`checkpoint.http_location`*:: +*`checkpoint.integrity_av_invoke_type`*:: + -- -Response header, indicates the URL to redirect a page to. - +Scan invoke type. type: keyword -- -*`checkpoint.content_disposition`*:: +*`checkpoint.malware_family`*:: + -- -Indicates how the content is expected to be displayed inline in the browser. - +Malware family. type: keyword -- -*`checkpoint.via`*:: +*`checkpoint.peer_gateway`*:: + -- -Via header is added by proxies for tracking purposes to avoid sending reqests in loop. - +Main IP of the peer Security Gateway. -type: keyword +type: ip -- -*`checkpoint.http_server`*:: +*`checkpoint.performance_impact`*:: + -- -Server HTTP header value, contains information about the software used by the origin server, which handles the request. - +Protection performance impact. -type: keyword +type: integer -- -*`checkpoint.content_length`*:: +*`checkpoint.protection_id`*:: + -- -Indicates the size of the entity-body of the HTTP header. - +Protection malware ID. type: keyword -- -*`checkpoint.authorization`*:: +*`checkpoint.protection_name`*:: + -- -Authorization HTTP header value. - +Specific signature name of the attack. type: keyword -- -*`checkpoint.http_host`*:: +*`checkpoint.protection_type`*:: + -- -Domain name of the server that the HTTP request is sent to. - +Type of protection used to detect the attack. type: keyword -- -*`checkpoint.inspection_settings_log`*:: +*`checkpoint.scan_result`*:: + -- -Indicats that the log was released by inspection settings. - +Scan result. type: keyword -- -*`checkpoint.cvpn_resource`*:: +*`checkpoint.sensor_mode`*:: + -- -Mobile Access application. - +Sensor mode. type: keyword -- -*`checkpoint.cvpn_category`*:: +*`checkpoint.severity`*:: + -- -Mobile Access application type. - +Threat severity. type: keyword -- -*`checkpoint.url`*:: +*`checkpoint.spyware_name`*:: + -- -Translated URL. - +Spyware name. type: keyword -- -*`checkpoint.reject_id`*:: +*`checkpoint.spyware_status`*:: + -- -A reject ID that corresponds to the one presented in the Mobile Access error page. - +Spyware status. type: keyword -- -*`checkpoint.fs-proto`*:: +*`checkpoint.subs_exp`*:: + -- -The file share protocol used in mobile acess file share application. - +The expiration date of the subscription. -type: keyword +type: date -- -*`checkpoint.app_package`*:: +*`checkpoint.tcp_flags`*:: + -- -Unique identifier of the application on the protected mobile device. - +TCP packet flags. type: keyword -- -*`checkpoint.appi_name`*:: +*`checkpoint.termination_reason`*:: + -- -Name of application downloaded on the protected mobile device. - +Termination reason. type: keyword -- -*`checkpoint.app_repackaged`*:: +*`checkpoint.update_status`*:: + -- -Indicates whether the original application was repackage not by the official developer. - +Update status. type: keyword -- -*`checkpoint.app_sid_id`*:: +*`checkpoint.user_status`*:: + -- -Unique SHA identifier of a mobile application. - +User response. type: keyword -- -*`checkpoint.app_version`*:: +*`checkpoint.uuid`*:: + -- -Version of the application downloaded on the protected mobile device. - +External ID. type: keyword -- -*`checkpoint.developer_certificate_name`*:: +*`checkpoint.virus_name`*:: + -- -Name of the developer's certificate that was used to sign the mobile application. - +Virus name. type: keyword -- -*`checkpoint.email_control`*:: +*`checkpoint.voip_log_type`*:: + -- -Engine name. - +VoIP log types. type: keyword -- -*`checkpoint.email_message_id`*:: -+ --- -Email session id (uniqe ID of the mail). +[float] +=== cef.extensions +Extra vendor-specific extensions. -type: keyword --- -*`checkpoint.email_queue_id`*:: +*`cef.extensions.cp_app_risk`*:: + -- -Postfix email queue id. - - type: keyword -- -*`checkpoint.email_queue_name`*:: +*`cef.extensions.cp_severity`*:: + -- -Postfix email queue name. - - type: keyword -- -*`checkpoint.file_name`*:: +*`cef.extensions.ifname`*:: + -- -Malicious file name. - - type: keyword -- -*`checkpoint.failure_reason`*:: +*`cef.extensions.inzone`*:: + -- -MTA failure description. - - type: keyword -- -*`checkpoint.email_headers`*:: +*`cef.extensions.layer_uuid`*:: + -- -String containing all the email headers. - - type: keyword -- -*`checkpoint.arrival_time`*:: +*`cef.extensions.layer_name`*:: + -- -Email arrival timestamp. - - type: keyword -- -*`checkpoint.email_status`*:: +*`cef.extensions.logid`*:: + -- -Describes the email's state. Possible options: delivered, deferred, skipped, bounced, hold, new, scan_started, scan_ended - - type: keyword -- -*`checkpoint.status_update`*:: +*`cef.extensions.loguid`*:: + -- -Last time log was updated. - - type: keyword -- -*`checkpoint.delivery_time`*:: +*`cef.extensions.match_id`*:: + -- -Timestamp of when email was delivered (MTA finished handling the email. +type: keyword +-- +*`cef.extensions.nat_addtnl_rulenum`*:: ++ +-- type: keyword -- -*`checkpoint.links_num`*:: +*`cef.extensions.nat_rulenum`*:: + -- -Number of links in the mail. +type: keyword +-- -type: integer +*`cef.extensions.origin`*:: ++ +-- +type: keyword -- -*`checkpoint.attachments_num`*:: +*`cef.extensions.originsicname`*:: + -- -Number of attachments in the mail. +type: keyword +-- -type: integer +*`cef.extensions.outzone`*:: ++ +-- +type: keyword -- -*`checkpoint.email_content`*:: +*`cef.extensions.parent_rule`*:: + -- -Mail contents. Possible options: attachments/links & attachments/links/text only. +type: keyword +-- +*`cef.extensions.product`*:: ++ +-- type: keyword -- -*`checkpoint.allocated_ports`*:: +*`cef.extensions.rule_action`*:: + -- -Amount of allocated ports. +type: keyword +-- -type: integer +*`cef.extensions.rule_uid`*:: ++ +-- +type: keyword -- -*`checkpoint.capacity`*:: +*`cef.extensions.sequencenum`*:: + -- -Capacity of the ports. +type: keyword +-- -type: integer +*`cef.extensions.service_id`*:: ++ +-- +type: keyword -- -*`checkpoint.ports_usage`*:: +*`cef.extensions.version`*:: + -- -Percentage of allocated ports. +type: keyword +-- -type: integer +[[exported-fields-checkpoint]] +== Checkpoint fields --- +Some checkpoint module -*`checkpoint.nat_exhausted_pool`*:: -+ --- -4-tuple of an exhausted pool. -type: keyword +[float] +=== checkpoint --- +Module for parsing Checkpoint syslog. -*`checkpoint.nat_rulenum`*:: + + +*`checkpoint.confidence_level`*:: + -- -NAT rulebase first matched rule. +Confidence level determined by ThreatCloud. type: integer -- -*`checkpoint.nat_addtnl_rulenum`*:: +*`checkpoint.calc_desc`*:: + -- -When matching 2 automatic rules , second rule match will be shown otherwise field will be 0. +Log description. -type: integer +type: keyword -- -*`checkpoint.message_info`*:: +*`checkpoint.dst_country`*:: + -- -Used for information messages, for example:NAT connection has ended. +Destination country. type: keyword -- -*`checkpoint.nat46`*:: +*`checkpoint.dst_user_name`*:: + -- -NAT 46 status, in most cases "enabled". +Connected user name on the destination IP. type: keyword -- -*`checkpoint.end_time`*:: +*`checkpoint.email_id`*:: + -- -TCP connection end time. +Email number in smtp connection. type: keyword -- -*`checkpoint.tcp_end_reason`*:: +*`checkpoint.email_subject`*:: + -- -Reason for TCP connection closure. +Original email subject. type: keyword -- -*`checkpoint.cgnet`*:: +*`checkpoint.email_session_id`*:: + -- -Describes NAT allocation for specific subscriber. +Connection uuid. type: keyword -- -*`checkpoint.subscriber`*:: +*`checkpoint.event_count`*:: + -- -Source IP before CGNAT. +Number of events associated with the log. -type: ip +type: long -- -*`checkpoint.hide_ip`*:: +*`checkpoint.sys_message`*:: + -- -Source IP which will be used after CGNAT. +System messages -type: ip +type: keyword -- -*`checkpoint.int_start`*:: +*`checkpoint.logid`*:: + -- -Subscriber start int which will be used for NAT. +System messages -type: integer +type: keyword -- -*`checkpoint.int_end`*:: +*`checkpoint.failure_impact`*:: + -- -Subscriber end int which will be used for NAT. +The impact of update service failure. -type: integer +type: keyword -- -*`checkpoint.packet_amount`*:: +*`checkpoint.id`*:: + -- -Amount of packets dropped. +Override application ID. type: integer -- -*`checkpoint.monitor_reason`*:: +*`checkpoint.information`*:: + -- -Aggregated logs of monitored packets. +Policy installation status for a specific blade. type: keyword -- -*`checkpoint.drops_amount`*:: +*`checkpoint.layer_name`*:: + -- -Amount of multicast packets dropped. +Layer name. -type: integer +type: keyword -- -*`checkpoint.securexl_message`*:: +*`checkpoint.layer_uuid`*:: + -- -Two options for a SecureXL message: 1. Missed accounting records after heavy load on logging system. 2. FW log message regarding a packet drop. +Layer UUID. type: keyword -- -*`checkpoint.conns_amount`*:: +*`checkpoint.log_id`*:: + -- -Connections amount of aggregated log info. +Unique identity for logs. type: integer -- -*`checkpoint.scope`*:: +*`checkpoint.malware_family`*:: + -- -IP related to the attack. +Additional information on protection. type: keyword -- -*`checkpoint.analyzed_on`*:: +*`checkpoint.origin_sic_name`*:: + -- -Check Point ThreatCloud / emulator name. +Machine SIC. type: keyword -- -*`checkpoint.detected_on`*:: +*`checkpoint.policy_mgmt`*:: + -- -System and applications version the file was emulated on. +Name of the Management Server that manages this Security Gateway. type: keyword -- -*`checkpoint.dropped_file_name`*:: +*`checkpoint.policy_name`*:: + -- -List of names dropped from the original file. +Name of the last policy that this Security Gateway fetched. type: keyword -- -*`checkpoint.dropped_file_type`*:: +*`checkpoint.protection_id`*:: + -- -List of file types dropped from the original file. +Protection malware id. type: keyword -- -*`checkpoint.dropped_file_hash`*:: +*`checkpoint.protection_name`*:: + -- -List of file hashes dropped from the original file. +Specific signature name of the attack. type: keyword -- -*`checkpoint.dropped_file_verdict`*:: +*`checkpoint.protection_type`*:: + -- -List of file verdics dropped from the original file. +Type of protection used to detect the attack. type: keyword -- -*`checkpoint.emulated_on`*:: +*`checkpoint.protocol`*:: + -- -Images the files were emulated on. +Protocol detected on the connection. type: keyword -- -*`checkpoint.extracted_file_type`*:: +*`checkpoint.proxy_src_ip`*:: + -- -Types of extracted files in case of an archive. +Sender source IP (even when using proxy). -type: keyword +type: ip -- -*`checkpoint.extracted_file_names`*:: +*`checkpoint.rule`*:: + -- -Names of extracted files in case of an archive. +Matched rule number. -type: keyword +type: integer -- -*`checkpoint.extracted_file_hash`*:: +*`checkpoint.rule_action`*:: + -- -Archive hash in case of extracted files. +Action of the matched rule in the access policy. type: keyword -- -*`checkpoint.extracted_file_verdict`*:: +*`checkpoint.scan_direction`*:: + -- -Verdict of extracted files in case of an archive. +Scan direction. type: keyword -- -*`checkpoint.extracted_file_uid`*:: +*`checkpoint.session_id`*:: + -- -UID of extracted files in case of an archive. +Log uuid. type: keyword -- -*`checkpoint.mitre_initial_access`*:: +*`checkpoint.source_os`*:: + -- -The adversary is trying to break into your network. +OS which generated the attack. type: keyword -- -*`checkpoint.mitre_execution`*:: +*`checkpoint.src_country`*:: + -- -The adversary is trying to run malicious code. +Country name, derived from connection source IP address. type: keyword -- -*`checkpoint.mitre_persistence`*:: +*`checkpoint.src_user_name`*:: + -- -The adversary is trying to maintain his foothold. +User name connected to source IP type: keyword -- -*`checkpoint.mitre_privilege_escalation`*:: +*`checkpoint.ticket_id`*:: + -- -The adversary is trying to gain higher-level permissions. +Unique ID per file. type: keyword -- -*`checkpoint.mitre_defense_evasion`*:: +*`checkpoint.tls_server_host_name`*:: + -- -The adversary is trying to avoid being detected. +SNI/CN from encrypted TLS connection used by URLF for categorization. type: keyword -- -*`checkpoint.mitre_credential_access`*:: +*`checkpoint.verdict`*:: + -- -The adversary is trying to steal account names and passwords. +TE engine verdict Possible values: Malicious/Benign/Error. type: keyword -- -*`checkpoint.mitre_discovery`*:: +*`checkpoint.user`*:: + -- -The adversary is trying to expose information about your environment. +Source user name. type: keyword -- -*`checkpoint.mitre_lateral_movement`*:: +*`checkpoint.vendor_list`*:: + -- -The adversary is trying to explore your environment. +The vendor name that provided the verdict for a malicious URL. type: keyword -- -*`checkpoint.mitre_collection`*:: +*`checkpoint.web_server_type`*:: + -- -The adversary is trying to collect data of interest to achieve his goal. +Web server detected in the HTTP response. type: keyword -- -*`checkpoint.mitre_command_and_control`*:: +*`checkpoint.client_name`*:: + -- -The adversary is trying to communicate with compromised systems in order to control them. +Client Application or Software Blade that detected the event. type: keyword -- -*`checkpoint.mitre_exfiltration`*:: +*`checkpoint.client_version`*:: + -- -The adversary is trying to steal data. +Build version of SandBlast Agent client installed on the computer. type: keyword -- -*`checkpoint.mitre_impact`*:: +*`checkpoint.extension_version`*:: + -- -The adversary is trying to manipulate, interrupt, or destroy your systems and data. +Build version of the SandBlast Agent browser extension. type: keyword -- -*`checkpoint.parent_file_hash`*:: +*`checkpoint.host_time`*:: + -- -Archive's hash in case of extracted files. +Local time on the endpoint computer. type: keyword -- -*`checkpoint.parent_file_name`*:: +*`checkpoint.installed_products`*:: + -- -Archive's name in case of extracted files. +List of installed Endpoint Software Blades. type: keyword -- -*`checkpoint.parent_file_uid`*:: +*`checkpoint.cc`*:: + -- -Archive's UID in case of extracted files. +The Carbon Copy address of the email. type: keyword -- -*`checkpoint.similiar_iocs`*:: +*`checkpoint.parent_process_username`*:: + -- -Other IoCs similar to the ones found, related to the malicious file. +Owner username of the parent process of the process that triggered the attack. type: keyword -- -*`checkpoint.similar_hashes`*:: +*`checkpoint.process_username`*:: + -- -Hashes found similar to the malicious file. +Owner username of the process that triggered the attack. type: keyword -- -*`checkpoint.similar_strings`*:: +*`checkpoint.audit_status`*:: + -- -Strings found similar to the malicious file. +Audit Status. Can be Success or Failure. type: keyword -- -*`checkpoint.similar_communication`*:: +*`checkpoint.objecttable`*:: + -- -Network action found similar to the malicious file. +Table of affected objects. type: keyword -- -*`checkpoint.te_verdict_determined_by`*:: +*`checkpoint.objecttype`*:: + -- -Emulators determined file verdict. +The type of the affected object. type: keyword -- -*`checkpoint.packet_capture_unique_id`*:: +*`checkpoint.operation_number`*:: + -- -Identifier of the packet capture files. +The operation nuber. type: keyword -- -*`checkpoint.total_attachments`*:: +*`checkpoint.email_recipients_num`*:: + -- -The number of attachments in an email. +Amount of recipients whom the mail was sent to. type: integer -- -*`checkpoint.additional_info`*:: -+ --- -ID of original file/mail which are sent by admin. - - -type: keyword - --- - -*`checkpoint.content_risk`*:: +*`checkpoint.suppressed_logs`*:: + -- -File risk. +Aggregated connections for five minutes on the same source, destination and port. type: integer -- -*`checkpoint.operation`*:: +*`checkpoint.blade_name`*:: + -- -Operation made by Threat Extraction. +Blade name. type: keyword -- -*`checkpoint.scrubbed_content`*:: +*`checkpoint.status`*:: + -- -Active content that was found. +Ok/Warning/Error. type: keyword -- -*`checkpoint.scrub_time`*:: +*`checkpoint.short_desc`*:: + -- -Extraction process duration. +Short description of the process that was executed. type: keyword -- -*`checkpoint.scrub_download_time`*:: +*`checkpoint.long_desc`*:: + -- -File download time from resource. +More information on the process (usually describing error reason in failure). type: keyword -- -*`checkpoint.scrub_total_time`*:: +*`checkpoint.scan_hosts_hour`*:: + -- -Threat extraction total file handling time. +Number of unique hosts during the last hour. -type: keyword +type: integer -- -*`checkpoint.scrub_activity`*:: +*`checkpoint.scan_hosts_day`*:: + -- -The result of the extraction +Number of unique hosts during the last day. -type: keyword +type: integer -- -*`checkpoint.watermark`*:: +*`checkpoint.scan_hosts_week`*:: + -- -Reports whether watermark is added to the cleaned file. +Number of unique hosts during the last week. -type: keyword +type: integer -- -*`checkpoint.source_object`*:: +*`checkpoint.unique_detected_hour`*:: + -- -Matched object name on source column. +Detected virus for a specific host during the last hour. type: integer -- -*`checkpoint.destination_object`*:: +*`checkpoint.unique_detected_day`*:: + -- -Matched object name on destination column. +Detected virus for a specific host during the last day. -type: keyword +type: integer -- -*`checkpoint.drop_reason`*:: +*`checkpoint.unique_detected_week`*:: + -- -Drop reason description. +Detected virus for a specific host during the last week. -type: keyword +type: integer -- -*`checkpoint.hit`*:: +*`checkpoint.scan_mail`*:: + -- -Number of hits on a rule. +Number of emails that were scanned by "AB malicious activity" engine. type: integer -- -*`checkpoint.rulebase_id`*:: +*`checkpoint.additional_ip`*:: + -- -Layer number. +DNS host name. -type: integer +type: keyword -- -*`checkpoint.first_hit_time`*:: +*`checkpoint.description`*:: + -- -First hit time in current interval. +Additional explanation how the security gateway enforced the connection. -type: integer +type: keyword -- -*`checkpoint.last_hit_time`*:: +*`checkpoint.email_spam_category`*:: + -- -Last hit time in current interval. +Email categories. Possible values: spam/not spam/phishing. -type: integer +type: keyword -- -*`checkpoint.rematch_info`*:: +*`checkpoint.email_control_analysis`*:: + -- -Information sent when old connections cannot be matched during policy installation. +Message classification, received from spam vendor engine. type: keyword -- -*`checkpoint.last_rematch_time`*:: +*`checkpoint.scan_results`*:: + -- -Connection rematched time. +"Infected"/description of a failure. type: keyword -- -*`checkpoint.action_reason`*:: +*`checkpoint.original_queue_id`*:: + -- -Connection drop reason. +Original postfix email queue id. -type: integer +type: keyword -- -*`checkpoint.c_bytes`*:: +*`checkpoint.risk`*:: + -- -Boolean value indicates whether bytes sent from the client side are used. +Risk level we got from the engine. -type: integer +type: keyword -- -*`checkpoint.context_num`*:: +*`checkpoint.observable_name`*:: + -- -Serial number of the log for a specific connection. +IOC observable signature name. -type: integer +type: keyword -- -*`checkpoint.match_id`*:: +*`checkpoint.observable_id`*:: + -- -Private key of the rule +IOC observable signature id. -type: integer +type: keyword -- -*`checkpoint.alert`*:: +*`checkpoint.observable_comment`*:: + -- -Alert level of matched rule (for connection logs). +IOC observable signature description. type: keyword -- -*`checkpoint.parent_rule`*:: +*`checkpoint.indicator_name`*:: + -- -Parent rule number, in case of inline layer. +IOC indicator name. -type: integer +type: keyword -- -*`checkpoint.match_fk`*:: +*`checkpoint.indicator_description`*:: + -- -Rule number. +IOC indicator description. -type: integer +type: keyword -- -*`checkpoint.dropped_outgoing`*:: +*`checkpoint.indicator_reference`*:: + -- -Number of outgoing bytes dropped when using UP-limit feature. +IOC indicator reference. -type: integer +type: keyword -- -*`checkpoint.dropped_incoming`*:: +*`checkpoint.indicator_uuid`*:: + -- -Number of incoming bytes dropped when using UP-limit feature. +IOC indicator uuid. -type: integer +type: keyword -- -*`checkpoint.media_type`*:: +*`checkpoint.app_desc`*:: + -- -Media used (audio, video, etc.) +Application description. type: keyword -- -*`checkpoint.sip_reason`*:: +*`checkpoint.app_id`*:: + -- -Explains why 'source_ip' isn't allowed to redirect (handover). +Application ID. -type: keyword +type: integer -- -*`checkpoint.voip_method`*:: +*`checkpoint.app_sig_id`*:: + -- -Registration request. +IOC indicator description. type: keyword -- -*`checkpoint.registered_ip-phones`*:: +*`checkpoint.certificate_resource`*:: + -- -Registered IP-Phones. +HTTPS resource Possible values: SNI or domain name (DN). type: keyword -- -*`checkpoint.voip_reg_user_type`*:: +*`checkpoint.certificate_validation`*:: + -- -Registered IP-Phone type. +Precise error, describing HTTPS certificate failure under "HTTPS categorize websites" feature. type: keyword -- -*`checkpoint.voip_call_id`*:: +*`checkpoint.browse_time`*:: + -- -Call-ID. +Application session browse time. type: keyword -- -*`checkpoint.voip_reg_int`*:: +*`checkpoint.limit_requested`*:: + -- -Registration port. +Indicates whether data limit was requested for the session. type: integer -- -*`checkpoint.voip_reg_ipp`*:: +*`checkpoint.limit_applied`*:: + -- -Registration IP protocol. +Indicates whether the session was actually date limited. type: integer -- -*`checkpoint.voip_reg_period`*:: +*`checkpoint.dropped_total`*:: + -- -Registration period. +Amount of dropped packets (both incoming and outgoing). type: integer -- -*`checkpoint.voip_log_type`*:: +*`checkpoint.client_type_os`*:: + -- -VoIP log types. Possible values: reject, call, registration. +Client OS detected in the HTTP request. type: keyword -- -*`checkpoint.src_phone_number`*:: +*`checkpoint.name`*:: + -- -Source IP-Phone. +Application name. type: keyword -- -*`checkpoint.voip_from_user_type`*:: +*`checkpoint.properties`*:: + -- -Source IP-Phone type. +Application categories. type: keyword -- -*`checkpoint.dst_phone_number`*:: +*`checkpoint.sig_id`*:: + -- -Destination IP-Phone. +Application's signature ID which how it was detected by. type: keyword -- -*`checkpoint.voip_to_user_type`*:: +*`checkpoint.desc`*:: + -- -Destination IP-Phone type. +Override application description. type: keyword -- -*`checkpoint.voip_call_dir`*:: +*`checkpoint.referrer_self_uid`*:: + -- -Call direction: in/out. +UUID of the current log. type: keyword -- -*`checkpoint.voip_call_state`*:: +*`checkpoint.referrer_parent_uid`*:: + -- -Call state. Possible values: in/out. +Log UUID of the referring application. type: keyword -- -*`checkpoint.voip_call_term_time`*:: +*`checkpoint.needs_browse_time`*:: + -- -Call termination time stamp. +Browse time required for the connection. -type: keyword +type: integer -- -*`checkpoint.voip_duration`*:: +*`checkpoint.cluster_info`*:: + -- -Call duration (seconds). +Cluster information. Possible options: Failover reason/cluster state changes/CP cluster or 3rd party. type: keyword -- -*`checkpoint.voip_media_port`*:: +*`checkpoint.sync`*:: + -- -Media int. +Sync status and the reason (stable, at risk). type: keyword -- -*`checkpoint.voip_media_ipp`*:: +*`checkpoint.file_direction`*:: + -- -Media IP protocol. +File direction. Possible options: upload/download. type: keyword -- -*`checkpoint.voip_est_codec`*:: +*`checkpoint.invalid_file_size`*:: + -- -Estimated codec. +File_size field is valid only if this field is set to 0. -type: keyword +type: integer -- -*`checkpoint.voip_exp`*:: +*`checkpoint.top_archive_file_name`*:: + -- -Expiration. +In case of archive file: the file that was sent/received. -type: integer +type: keyword -- -*`checkpoint.voip_attach_sz`*:: +*`checkpoint.data_type_name`*:: + -- -Attachment size. +Data type in rulebase that was matched. -type: integer +type: keyword -- -*`checkpoint.voip_attach_action_info`*:: +*`checkpoint.specific_data_type_name`*:: + -- -Attachment action Info. +Compound/Group scenario, data type that was matched. type: keyword -- -*`checkpoint.voip_media_codec`*:: +*`checkpoint.word_list`*:: + -- -Estimated codec. +Words matched by data type. type: keyword -- -*`checkpoint.voip_reject_reason`*:: +*`checkpoint.info`*:: + -- -Reject reason. +Special log message. type: keyword -- -*`checkpoint.voip_reason_info`*:: +*`checkpoint.outgoing_url`*:: + -- -Information. +URL related to this log (for HTTP). type: keyword -- -*`checkpoint.voip_config`*:: +*`checkpoint.dlp_rule_name`*:: + -- -Configuration. +Matched rule name. type: keyword -- -*`checkpoint.voip_reg_server`*:: +*`checkpoint.dlp_recipients`*:: + -- -Registrar server IP address. +Mail recipients. -type: ip +type: keyword -- -*`checkpoint.scv_user`*:: +*`checkpoint.dlp_subject`*:: + -- -Username whose packets are dropped on SCV. +Mail subject. type: keyword -- -*`checkpoint.scv_message_info`*:: +*`checkpoint.dlp_word_list`*:: + -- -Drop reason. +Phrases matched by data type. type: keyword -- -*`checkpoint.ppp`*:: +*`checkpoint.dlp_template_score`*:: + -- -Authentication status. +Template data type match score. type: keyword -- -*`checkpoint.scheme`*:: +*`checkpoint.message_size`*:: + -- -Describes the scheme used for the log. +Mail/post size. -type: keyword +type: integer -- -*`checkpoint.auth_method`*:: +*`checkpoint.dlp_incident_uid`*:: + -- -Password authentication protocol used (PAP or EAP). +Unique ID of the matched rule. type: keyword -- -*`checkpoint.machine`*:: +*`checkpoint.dlp_related_incident_uid`*:: + -- -L2TP machine which triggered the log and the log refers to it. +Other ID related to this one. type: keyword -- -*`checkpoint.vpn_feature_name`*:: +*`checkpoint.dlp_data_type_name`*:: + -- -L2TP /IKE / Link Selection. +Matched data type. type: keyword -- -*`checkpoint.reject_category`*:: +*`checkpoint.dlp_data_type_uid`*:: + -- -Authentication failure reason. +Unique ID of the matched data type. type: keyword -- -*`checkpoint.peer_ip_probing_status_update`*:: +*`checkpoint.dlp_violation_description`*:: + -- -IP address response status. +Violation descriptions described in the rulebase. type: keyword -- -*`checkpoint.peer_ip`*:: +*`checkpoint.dlp_relevant_data_types`*:: + -- -IP address which the client connects to. +In case of Compound/Group: the inner data types that were matched. type: keyword -- -*`checkpoint.peer_gateway`*:: +*`checkpoint.dlp_action_reason`*:: + -- -Main IP of the peer Security Gateway. +Action chosen reason. -type: ip +type: keyword -- -*`checkpoint.link_probing_status_update`*:: +*`checkpoint.dlp_categories`*:: + -- -IP address response status. +Data type category. type: keyword -- -*`checkpoint.source_interface`*:: +*`checkpoint.dlp_transint`*:: + -- -External Interface name for source interface or Null if not found. +HTTP/SMTP/FTP. type: keyword -- -*`checkpoint.next_hop_ip`*:: +*`checkpoint.duplicate`*:: + -- -Next hop IP address. +Log marked as duplicated, when mail is split and the Security Gateway sees it twice. type: keyword -- -*`checkpoint.srckeyid`*:: +*`checkpoint.incident_extension`*:: + -- -Initiator Spi ID. +Matched data type. type: keyword -- -*`checkpoint.dstkeyid`*:: +*`checkpoint.matched_file`*:: + -- -Responder Spi ID. +Unique ID of the matched data type. type: keyword -- -*`checkpoint.encryption_failure`*:: +*`checkpoint.matched_file_text_segments`*:: + -- -Message indicating why the encryption failed. +Fingerprint: number of text segments matched by this traffic. -type: keyword +type: integer -- -*`checkpoint.ike_ids`*:: +*`checkpoint.matched_file_percentage`*:: + -- -All QM ids. +Fingerprint: match percentage of the traffic. -type: keyword +type: integer -- -*`checkpoint.community`*:: +*`checkpoint.dlp_additional_action`*:: + -- -Community name for the IPSec key and the use of the IKEv. +Watermark/None. type: keyword -- -*`checkpoint.ike`*:: +*`checkpoint.dlp_watermark_profile`*:: + -- -IKEMode (PHASE1, PHASE2, etc..). +Watermark which was applied. type: keyword -- -*`checkpoint.cookieI`*:: +*`checkpoint.dlp_repository_id`*:: + -- -Initiator cookie. +ID of scanned repository. type: keyword -- -*`checkpoint.cookieR`*:: +*`checkpoint.dlp_repository_root_path`*:: + -- -Responder cookie. +Repository path. type: keyword -- -*`checkpoint.msgid`*:: +*`checkpoint.scan_id`*:: + -- -Message ID. +Sequential number of scan. type: keyword -- -*`checkpoint.methods`*:: +*`checkpoint.special_properties`*:: + -- -IPSEc methods. +If this field is set to '1' the log will not be shown (in use for monitoring scan progress). -type: keyword +type: integer -- -*`checkpoint.connection_uid`*:: +*`checkpoint.dlp_repository_total_size`*:: + -- -Calculation of md5 of the IP and user name as UID. +Repository size. -type: keyword +type: integer -- -*`checkpoint.site_name`*:: +*`checkpoint.dlp_repository_files_number`*:: + -- -Site name. +Number of files in repository. -type: keyword +type: integer -- -*`checkpoint.esod_rule_name`*:: +*`checkpoint.dlp_repository_scanned_files_number`*:: + -- -Unknown rule name. +Number of scanned files in repository. -type: keyword +type: integer -- -*`checkpoint.esod_rule_action`*:: +*`checkpoint.duration`*:: + -- -Unknown rule action. +Scan duration. type: keyword -- -*`checkpoint.esod_rule_type`*:: +*`checkpoint.dlp_fingerprint_long_status`*:: + -- -Unknown rule type. +Scan status - long format. type: keyword -- -*`checkpoint.esod_noncompliance_reason`*:: +*`checkpoint.dlp_fingerprint_short_status`*:: + -- -Non-compliance reason. +Scan status - short format. type: keyword -- -*`checkpoint.esod_associated_policies`*:: +*`checkpoint.dlp_repository_directories_number`*:: + -- -Associated policies. +Number of directories in repository. -type: keyword +type: integer -- -*`checkpoint.spyware_name`*:: +*`checkpoint.dlp_repository_unreachable_directories_number`*:: + -- -Spyware name. +Number of directories the Security Gateway was unable to read. -type: keyword +type: integer -- -*`checkpoint.spyware_type`*:: +*`checkpoint.dlp_fingerprint_files_number`*:: + -- -Spyware type. +Number of successfully scanned files in repository. -type: keyword +type: integer -- -*`checkpoint.anti_virus_type`*:: +*`checkpoint.dlp_repository_skipped_files_number`*:: + -- -Anti virus type. +Skipped number of files because of configuration. -type: keyword +type: integer -- -*`checkpoint.end_user_firewall_type`*:: +*`checkpoint.dlp_repository_scanned_directories_number`*:: + -- -End user firewall type. +Amount of directories scanned. -type: keyword +type: integer -- -*`checkpoint.esod_scan_status`*:: +*`checkpoint.number_of_errors`*:: + -- -Scan failed. +Number of files that were not scanned due to an error. -type: keyword +type: integer -- -*`checkpoint.esod_access_status`*:: +*`checkpoint.next_scheduled_scan_date`*:: + -- -Access denied. +Next scan scheduled time according to time object. type: keyword -- -*`checkpoint.client_type`*:: +*`checkpoint.dlp_repository_scanned_total_size`*:: + -- -Endpoint Connect. +Size scanned. -type: keyword +type: integer -- -*`checkpoint.precise_error`*:: +*`checkpoint.dlp_repository_reached_directories_number`*:: + -- -HTTP parser error. +Number of scanned directories in repository. -type: keyword +type: integer -- -*`checkpoint.method`*:: +*`checkpoint.dlp_repository_not_scanned_directories_percentage`*:: + -- -HTTP method. +Percentage of directories the Security Gateway was unable to read. -type: keyword +type: integer -- -*`checkpoint.trusted_domain`*:: +*`checkpoint.speed`*:: + -- -In case of phishing event, the domain, which the attacker was impersonating. +Current scan speed. -type: keyword +type: integer -- -[[exported-fields-cisco]] -== Cisco fields +*`checkpoint.dlp_repository_scan_progress`*:: ++ +-- +Scan percentage. -Module for handling Cisco network device logs. +type: integer +-- -[float] -=== cisco +*`checkpoint.sub_policy_name`*:: ++ +-- +Layer name. -Fields from Cisco logs. +type: keyword +-- -[float] -=== asa +*`checkpoint.sub_policy_uid`*:: ++ +-- +Layer uid. -Fields for Cisco ASA Firewall. +type: keyword +-- -*`cisco.asa.message_id`*:: +*`checkpoint.fw_message`*:: + -- -The Cisco ASA message identifier. +Used for various firewall errors. type: keyword -- -*`cisco.asa.suffix`*:: +*`checkpoint.message`*:: + -- -Optional suffix after %ASA identifier. +ISP link has failed. type: keyword -example: session - -- -*`cisco.asa.source_interface`*:: +*`checkpoint.isp_link`*:: + -- -Source interface for the flow or event. +Name of ISP link. type: keyword -- -*`cisco.asa.destination_interface`*:: +*`checkpoint.fw_subproduct`*:: + -- -Destination interface for the flow or event. +Can be vpn/non vpn. type: keyword -- -*`cisco.asa.rule_name`*:: +*`checkpoint.sctp_error`*:: + -- -Name of the Access Control List rule that matched this event. +Error information, what caused sctp to fail on out_of_state. type: keyword -- -*`cisco.asa.source_username`*:: +*`checkpoint.chunk_type`*:: + -- -Name of the user that is the source for this event. +Chunck of the sctp stream. type: keyword -- -*`cisco.asa.destination_username`*:: +*`checkpoint.sctp_association_state`*:: + -- -Name of the user that is the destination for this event. +The bad state you were trying to update to. type: keyword -- -*`cisco.asa.mapped_source_ip`*:: +*`checkpoint.tcp_packet_out_of_state`*:: + -- -The translated source IP address. +State violation. -type: ip +type: keyword -- -*`cisco.asa.mapped_source_host`*:: +*`checkpoint.tcp_flags`*:: + -- -The translated source host. +TCP packet flags (SYN, ACK, etc.,). type: keyword -- -*`cisco.asa.mapped_source_port`*:: +*`checkpoint.connectivity_level`*:: + -- -The translated source port. +Log for a new connection in wire mode. -type: long +type: keyword -- -*`cisco.asa.mapped_destination_ip`*:: +*`checkpoint.ip_option`*:: + -- -The translated destination IP address. +IP option that was dropped. -type: ip +type: integer -- -*`cisco.asa.mapped_destination_host`*:: +*`checkpoint.tcp_state`*:: + -- -The translated destination host. +Log reinting a tcp state change. type: keyword -- -*`cisco.asa.mapped_destination_port`*:: +*`checkpoint.expire_time`*:: + -- -The translated destination port. +Connection closing time. -type: long +type: keyword -- -*`cisco.asa.threat_level`*:: +*`checkpoint.icmp_type`*:: + -- -Threat level for malware / botnet traffic. One of very-low, low, moderate, high or very-high. +In case a connection is ICMP, type info will be added to the log. -type: keyword +type: integer -- -*`cisco.asa.threat_category`*:: +*`checkpoint.icmp_code`*:: + -- -Category for the malware / botnet traffic. For example: virus, botnet, trojan, etc. +In case a connection is ICMP, code info will be added to the log. -type: keyword +type: integer -- -*`cisco.asa.connection_id`*:: +*`checkpoint.rpc_prog`*:: + -- -Unique identifier for a flow. +Log for new RPC state - prog values. -type: keyword +type: integer -- -*`cisco.asa.icmp_type`*:: +*`checkpoint.dce-rpc_interface_uuid`*:: + -- -ICMP type. +Log for new RPC state - UUID values -type: short +type: keyword -- -*`cisco.asa.icmp_code`*:: +*`checkpoint.elapsed`*:: + -- -ICMP code. +Time passed since start time. -type: short +type: keyword -- -*`cisco.asa.connection_type`*:: +*`checkpoint.icmp`*:: + -- -The VPN connection type +Number of packets, received by the client. type: keyword -- -*`cisco.asa.dap_records`*:: +*`checkpoint.capture_uuid`*:: + -- -The assigned DAP records +UUID generated for the capture. Used when enabling the capture when logging. type: keyword -- -[float] -=== ftd - -Fields for Cisco Firepower Threat Defense Firewall. - - - -*`cisco.ftd.message_id`*:: +*`checkpoint.diameter_app_ID`*:: + -- -The Cisco FTD message identifier. +The ID of diameter application. -type: keyword +type: integer -- -*`cisco.ftd.suffix`*:: +*`checkpoint.diameter_cmd_code`*:: + -- -Optional suffix after %FTD identifier. - +Diameter not allowed application command id. -type: keyword -example: session +type: integer -- -*`cisco.ftd.source_interface`*:: +*`checkpoint.diameter_msg_type`*:: + -- -Source interface for the flow or event. +Diameter message type. type: keyword -- -*`cisco.ftd.destination_interface`*:: +*`checkpoint.cp_message`*:: + -- -Destination interface for the flow or event. +Used to log a general message. -type: keyword +type: integer -- -*`cisco.ftd.rule_name`*:: +*`checkpoint.log_delay`*:: + -- -Name of the Access Control List rule that matched this event. +Time left before deleting template. -type: keyword +type: integer -- -*`cisco.ftd.source_username`*:: +*`checkpoint.attack_status`*:: + -- -Name of the user that is the source for this event. +In case of a malicious event on an endpoint computer, the status of the attack. type: keyword -- -*`cisco.ftd.destination_username`*:: +*`checkpoint.impacted_files`*:: + -- -Name of the user that is the destination for this event. +In case of an infection on an endpoint computer, the list of files that the malware impacted. type: keyword -- -*`cisco.ftd.mapped_source_ip`*:: +*`checkpoint.remediated_files`*:: + -- -The translated source IP address. Use ECS source.nat.ip. +In case of an infection and a successful cleaning of that infection, this is a list of remediated files on the computer. -type: ip +type: keyword -- -*`cisco.ftd.mapped_source_host`*:: +*`checkpoint.triggered_by`*:: + -- -The translated source host. +The name of the mechanism that triggered the Software Blade to enforce a protection. type: keyword -- -*`cisco.ftd.mapped_source_port`*:: +*`checkpoint.https_inspection_rule_id`*:: + -- -The translated source port. Use ECS source.nat.port. +ID of the matched rule. -type: long +type: keyword -- -*`cisco.ftd.mapped_destination_ip`*:: +*`checkpoint.https_inspection_rule_name`*:: + -- -The translated destination IP address. Use ECS destination.nat.ip. +Name of the matched rule. -type: ip +type: keyword -- -*`cisco.ftd.mapped_destination_host`*:: +*`checkpoint.app_properties`*:: + -- -The translated destination host. +List of all found categories. type: keyword -- -*`cisco.ftd.mapped_destination_port`*:: +*`checkpoint.https_validation`*:: + -- -The translated destination port. Use ECS destination.nat.port. +Precise error, describing HTTPS inspection failure. -type: long +type: keyword -- -*`cisco.ftd.threat_level`*:: +*`checkpoint.https_inspection_action`*:: + -- -Threat level for malware / botnet traffic. One of very-low, low, moderate, high or very-high. +HTTPS inspection action (Inspect/Bypass/Error). type: keyword -- -*`cisco.ftd.threat_category`*:: +*`checkpoint.icap_service_id`*:: + -- -Category for the malware / botnet traffic. For example: virus, botnet, trojan, etc. +Service ID, can work with multiple servers, treated as services. -type: keyword +type: integer -- -*`cisco.ftd.connection_id`*:: +*`checkpoint.icap_server_name`*:: + -- -Unique identifier for a flow. +Server name. type: keyword -- -*`cisco.ftd.icmp_type`*:: +*`checkpoint.internal_error`*:: + -- -ICMP type. +Internal error, for troubleshooting -type: short +type: keyword -- -*`cisco.ftd.icmp_code`*:: +*`checkpoint.icap_more_info`*:: + -- -ICMP code. +Free text for verdict. -type: short +type: integer -- -*`cisco.ftd.security`*:: +*`checkpoint.reply_status`*:: + -- -Raw fields for Security Events. +ICAP reply status code, e.g. 200 or 204. -type: object + +type: integer -- -*`cisco.ftd.connection_type`*:: +*`checkpoint.icap_server_service`*:: + -- -The VPN connection type +Service name, as given in the ICAP URI type: keyword -- -*`cisco.ftd.dap_records`*:: +*`checkpoint.mirror_and_decrypt_type`*:: + -- -The assigned DAP records +Information about decrypt and forward. Possible values: Mirror only, Decrypt and mirror, Partial mirroring (HTTPS inspection Bypass). type: keyword -- -[float] -=== ios - -Fields for Cisco IOS logs. - - - -*`cisco.ios.access_list`*:: +*`checkpoint.interface_name`*:: + -- -Name of the IP access list. +Designated interface for mirror And decrypt. type: keyword -- -*`cisco.ios.facility`*:: +*`checkpoint.session_uid`*:: + -- -The facility to which the message refers (for example, SNMP, SYS, and so forth). A facility can be a hardware device, a protocol, or a module of the system software. It denotes the source or the cause of the system message. +HTTP session-id. type: keyword -example: SEC - -- -[[exported-fields-cloud]] -== Cloud provider metadata fields - -Metadata from cloud providers added by the add_cloud_metadata processor. - - - -*`cloud.project.id`*:: +*`checkpoint.broker_publisher`*:: + -- -Name of the project in Google Cloud. +IP address of the broker publisher who shared the session information. -example: project-x +type: ip -- -*`cloud.image.id`*:: +*`checkpoint.src_user_dn`*:: + -- -Image ID for the cloud instance. +User distinguished name connected to source IP. -example: ami-abcd1234 +type: keyword -- -*`meta.cloud.provider`*:: +*`checkpoint.proxy_user_name`*:: + -- -type: alias +User name connected to proxy IP. -alias to: cloud.provider + +type: keyword -- -*`meta.cloud.instance_id`*:: +*`checkpoint.proxy_machine_name`*:: + -- -type: alias +Machine name connected to proxy IP. -alias to: cloud.instance.id + +type: integer -- -*`meta.cloud.instance_name`*:: +*`checkpoint.proxy_user_dn`*:: + -- -type: alias +User distinguished name connected to proxy IP. -alias to: cloud.instance.name + +type: keyword -- -*`meta.cloud.machine_type`*:: +*`checkpoint.query`*:: + -- -type: alias +DNS query. -alias to: cloud.machine.type + +type: keyword -- -*`meta.cloud.availability_zone`*:: +*`checkpoint.dns_query`*:: + -- -type: alias +DNS query. -alias to: cloud.availability_zone + +type: keyword -- -*`meta.cloud.project_id`*:: +*`checkpoint.inspection_item`*:: + -- -type: alias +Blade element performed inspection. -alias to: cloud.project.id --- +type: keyword -*`meta.cloud.region`*:: -+ -- -type: alias - -alias to: cloud.region +*`checkpoint.performance_impact`*:: ++ -- +Protection performance impact. -[[exported-fields-coredns]] -== Coredns fields - -Module for handling logs produced by coredns - - - -[float] -=== coredns - -coredns fields after normalization +type: integer +-- -*`coredns.id`*:: +*`checkpoint.inspection_category`*:: + -- -id of the DNS transaction +Inspection category: protocol anomaly, signature etc. type: keyword -- -*`coredns.query.size`*:: +*`checkpoint.inspection_profile`*:: + -- -size of the DNS query - +Profile which the activated protection belongs to. -type: integer -format: bytes +type: keyword -- -*`coredns.query.class`*:: +*`checkpoint.summary`*:: + -- -DNS query class +Summary message of a non-compliant DNS traffic drops or detects. type: keyword -- -*`coredns.query.name`*:: +*`checkpoint.question_rdata`*:: + -- -DNS query name +List of question records domains. type: keyword -- -*`coredns.query.type`*:: +*`checkpoint.answer_rdata`*:: + -- -DNS query type +List of answer resource records to the questioned domains. type: keyword -- -*`coredns.response.code`*:: +*`checkpoint.authority_rdata`*:: + -- -DNS response code +List of authoritative servers. type: keyword -- -*`coredns.response.flags`*:: +*`checkpoint.additional_rdata`*:: + -- -DNS response flags +List of additional resource records. type: keyword -- -*`coredns.response.size`*:: +*`checkpoint.files_names`*:: + -- -size of the DNS response - +List of files requested by FTP. -type: integer -format: bytes +type: keyword -- -*`coredns.dnssec_ok`*:: +*`checkpoint.ftp_user`*:: + -- -dnssec flag +FTP username. -type: boolean +type: keyword -- -[[exported-fields-crowdstrike]] -== Crowdstrike fields - -Module for collecting Crowdstrike events. - - - -[float] -=== crowdstrike - -Fields for Crowdstrike Falcon event and alert data. - - - -[float] -=== metadata - -Meta data fields for each event that include type and timestamp. - - - -*`crowdstrike.metadata.eventType`*:: +*`checkpoint.mime_from`*:: + -- -DetectionSummaryEvent, IncidentSummaryEvent, RemoteResponseSessionStartEvent, RemoteResponseSessionEndEvent, AuthActivityAuditEvent, or UserActivityAuditEvent +Sender's address. type: keyword -- -*`crowdstrike.metadata.eventCreationTime`*:: +*`checkpoint.mime_to`*:: + -- -The time this event occurred on the endpoint in UTC UNIX_MS format. +List of receiver address. -type: date +type: keyword -- -*`crowdstrike.metadata.offset`*:: +*`checkpoint.bcc`*:: + -- -Offset number that tracks the location of the event in stream. This is used to identify unique detection events. +List of BCC addresses. -type: integer +type: keyword -- -*`crowdstrike.metadata.customerIDString`*:: +*`checkpoint.content_type`*:: + -- -Customer identifier +Mail content type. Possible values: application/msword, text/html, image/gif etc. type: keyword -- -*`crowdstrike.metadata.version`*:: +*`checkpoint.user_agent`*:: + -- -Schema version +String identifying requesting software user agent. type: keyword -- -[float] -=== event +*`checkpoint.referrer`*:: ++ +-- +Referrer HTTP request header, previous web page address. -Event data fields for each event and alert. +type: keyword +-- -*`crowdstrike.event.ProcessStartTime`*:: +*`checkpoint.http_location`*:: + -- -The process start time in UTC UNIX_MS format. +Response header, indicates the URL to redirect a page to. -type: date +type: keyword -- -*`crowdstrike.event.ProcessEndTime`*:: +*`checkpoint.content_disposition`*:: + -- -The process termination time in UTC UNIX_MS format. +Indicates how the content is expected to be displayed inline in the browser. -type: date +type: keyword -- -*`crowdstrike.event.ProcessId`*:: +*`checkpoint.via`*:: + -- -Process ID related to the detection. +Via header is added by proxies for tracking purposes to avoid sending reqests in loop. -type: integer +type: keyword -- -*`crowdstrike.event.ParentProcessId`*:: +*`checkpoint.http_server`*:: + -- -Parent process ID related to the detection. +Server HTTP header value, contains information about the software used by the origin server, which handles the request. -type: integer +type: keyword -- -*`crowdstrike.event.ComputerName`*:: +*`checkpoint.content_length`*:: + -- -Name of the computer where the detection occurred. +Indicates the size of the entity-body of the HTTP header. type: keyword -- -*`crowdstrike.event.UserName`*:: +*`checkpoint.authorization`*:: + -- -User name associated with the detection. +Authorization HTTP header value. type: keyword -- -*`crowdstrike.event.DetectName`*:: +*`checkpoint.http_host`*:: + -- -Name of the detection. +Domain name of the server that the HTTP request is sent to. type: keyword -- -*`crowdstrike.event.DetectDescription`*:: +*`checkpoint.inspection_settings_log`*:: + -- -Description of the detection. +Indicats that the log was released by inspection settings. type: keyword -- -*`crowdstrike.event.Severity`*:: +*`checkpoint.cvpn_resource`*:: + -- -Severity score of the detection. +Mobile Access application. -type: integer +type: keyword -- -*`crowdstrike.event.SeverityName`*:: +*`checkpoint.cvpn_category`*:: + -- -Severity score text. +Mobile Access application type. type: keyword -- -*`crowdstrike.event.FileName`*:: +*`checkpoint.url`*:: + -- -File name of the associated process for the detection. +Translated URL. type: keyword -- -*`crowdstrike.event.FilePath`*:: +*`checkpoint.reject_id`*:: + -- -Path of the executable associated with the detection. +A reject ID that corresponds to the one presented in the Mobile Access error page. type: keyword -- -*`crowdstrike.event.CommandLine`*:: +*`checkpoint.fs-proto`*:: + -- -Executable path with command line arguments. +The file share protocol used in mobile acess file share application. type: keyword -- -*`crowdstrike.event.SHA256String`*:: +*`checkpoint.app_package`*:: + -- -SHA256 sum of the executable associated with the detection. +Unique identifier of the application on the protected mobile device. type: keyword -- -*`crowdstrike.event.MD5String`*:: +*`checkpoint.appi_name`*:: + -- -MD5 sum of the executable associated with the detection. +Name of application downloaded on the protected mobile device. type: keyword -- -*`crowdstrike.event.MachineDomain`*:: +*`checkpoint.app_repackaged`*:: + -- -Domain for the machine associated with the detection. +Indicates whether the original application was repackage not by the official developer. type: keyword -- -*`crowdstrike.event.FalconHostLink`*:: +*`checkpoint.app_sid_id`*:: + -- -URL to view the detection in Falcon. +Unique SHA identifier of a mobile application. type: keyword -- -*`crowdstrike.event.SensorId`*:: +*`checkpoint.app_version`*:: + -- -Unique ID associated with the Falcon sensor. +Version of the application downloaded on the protected mobile device. type: keyword -- -*`crowdstrike.event.DetectId`*:: +*`checkpoint.developer_certificate_name`*:: + -- -Unique ID associated with the detection. +Name of the developer's certificate that was used to sign the mobile application. type: keyword -- -*`crowdstrike.event.LocalIP`*:: +*`checkpoint.email_control`*:: + -- -IP address of the host associated with the detection. +Engine name. type: keyword -- -*`crowdstrike.event.MACAddress`*:: +*`checkpoint.email_message_id`*:: + -- -MAC address of the host associated with the detection. +Email session id (uniqe ID of the mail). type: keyword -- -*`crowdstrike.event.Tactic`*:: +*`checkpoint.email_queue_id`*:: + -- -MITRE tactic category of the detection. +Postfix email queue id. type: keyword -- -*`crowdstrike.event.Technique`*:: +*`checkpoint.email_queue_name`*:: + -- -MITRE technique category of the detection. +Postfix email queue name. type: keyword -- -*`crowdstrike.event.Objective`*:: +*`checkpoint.file_name`*:: + -- -Method of detection. +Malicious file name. type: keyword -- -*`crowdstrike.event.PatternDispositionDescription`*:: +*`checkpoint.failure_reason`*:: + -- -Action taken by Falcon. +MTA failure description. type: keyword -- -*`crowdstrike.event.PatternDispositionValue`*:: +*`checkpoint.email_headers`*:: + -- -Unique ID associated with action taken. +String containing all the email headers. -type: integer +type: keyword -- -*`crowdstrike.event.PatternDispositionFlags`*:: +*`checkpoint.arrival_time`*:: + -- -Flags indicating actions taken. +Email arrival timestamp. -type: object +type: keyword -- -*`crowdstrike.event.State`*:: +*`checkpoint.email_status`*:: + -- -Whether the incident summary is open and ongoing or closed. +Describes the email's state. Possible options: delivered, deferred, skipped, bounced, hold, new, scan_started, scan_ended type: keyword -- -*`crowdstrike.event.IncidentStartTime`*:: +*`checkpoint.status_update`*:: + -- -Start time for the incident in UTC UNIX format. +Last time log was updated. -type: date +type: keyword -- -*`crowdstrike.event.IncidentEndTime`*:: +*`checkpoint.delivery_time`*:: + -- -End time for the incident in UTC UNIX format. +Timestamp of when email was delivered (MTA finished handling the email. -type: date +type: keyword -- -*`crowdstrike.event.FineScore`*:: +*`checkpoint.links_num`*:: + -- -Score for incident. +Number of links in the mail. -type: float +type: integer -- -*`crowdstrike.event.UserId`*:: +*`checkpoint.attachments_num`*:: + -- -Email address or user ID associated with the event. +Number of attachments in the mail. -type: keyword +type: integer -- -*`crowdstrike.event.UserIp`*:: +*`checkpoint.email_content`*:: + -- -IP address associated with the user. +Mail contents. Possible options: attachments/links & attachments/links/text only. type: keyword -- -*`crowdstrike.event.OperationName`*:: +*`checkpoint.allocated_ports`*:: + -- -Event subtype. +Amount of allocated ports. -type: keyword +type: integer -- -*`crowdstrike.event.ServiceName`*:: +*`checkpoint.capacity`*:: + -- -Service associated with this event. +Capacity of the ports. -type: keyword +type: integer -- -*`crowdstrike.event.Success`*:: +*`checkpoint.ports_usage`*:: + -- -Indicator of whether or not this event was successful. +Percentage of allocated ports. -type: boolean +type: integer -- -*`crowdstrike.event.UTCTimestamp`*:: +*`checkpoint.nat_exhausted_pool`*:: + -- -Timestamp associated with this event in UTC UNIX format. +4-tuple of an exhausted pool. -type: date +type: keyword -- -*`crowdstrike.event.AuditKeyValues`*:: +*`checkpoint.nat_rulenum`*:: + -- -Fields that were changed in this event. +NAT rulebase first matched rule. -type: nested +type: integer -- -*`crowdstrike.event.SessionId`*:: +*`checkpoint.nat_addtnl_rulenum`*:: + -- -Session ID of the remote response session. +When matching 2 automatic rules , second rule match will be shown otherwise field will be 0. -type: keyword +type: integer -- -*`crowdstrike.event.HostnameField`*:: +*`checkpoint.message_info`*:: + -- -Host name of the machine for the remote session. +Used for information messages, for example:NAT connection has ended. type: keyword -- -*`crowdstrike.event.StartTimestamp`*:: +*`checkpoint.nat46`*:: + -- -Start time for the remote session in UTC UNIX format. +NAT 46 status, in most cases "enabled". -type: date +type: keyword -- -*`crowdstrike.event.EndTimestamp`*:: +*`checkpoint.end_time`*:: + -- -End time for the remote session in UTC UNIX format. +TCP connection end time. -type: date +type: keyword -- -[[exported-fields-docker-processor]] -== Docker fields - -Docker stats collected from Docker. +*`checkpoint.tcp_end_reason`*:: ++ +-- +Reason for TCP connection closure. +type: keyword +-- -*`docker.container.id`*:: +*`checkpoint.cgnet`*:: + -- -type: alias +Describes NAT allocation for specific subscriber. -alias to: container.id + +type: keyword -- -*`docker.container.image`*:: +*`checkpoint.subscriber`*:: + -- -type: alias +Source IP before CGNAT. -alias to: container.image.name + +type: ip -- -*`docker.container.name`*:: +*`checkpoint.hide_ip`*:: + -- -type: alias +Source IP which will be used after CGNAT. -alias to: container.name + +type: ip -- -*`docker.container.labels`*:: +*`checkpoint.int_start`*:: + -- -Image labels. +Subscriber start int which will be used for NAT. -type: object +type: integer -- -[[exported-fields-ecs]] -== ECS fields +*`checkpoint.int_end`*:: ++ +-- +Subscriber end int which will be used for NAT. -ECS Fields. +type: integer -*`@timestamp`*:: -+ -- -Date/time when the event originated. -This is the date/time extracted from the event, typically representing when the event was generated by the source. -If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. -Required field for all events. -type: date +*`checkpoint.packet_amount`*:: ++ +-- +Amount of packets dropped. -example: 2016-05-23T08:05:34.853Z -required: True +type: integer -- -*`labels`*:: +*`checkpoint.monitor_reason`*:: + -- -Custom key/value pairs. -Can be used to add meta information to events. Should not contain nested objects. All values are stored as keyword. -Example: `docker` and `k8s` labels. +Aggregated logs of monitored packets. -type: object -example: {"application": "foo-bar", "env": "production"} +type: keyword -- -*`message`*:: +*`checkpoint.drops_amount`*:: + -- -For log events the message field contains the log message, optimized for viewing in a log viewer. -For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. -If multiple messages exist, they can be combined into one message. +Amount of multicast packets dropped. -type: text -example: Hello World +type: integer -- -*`tags`*:: +*`checkpoint.securexl_message`*:: + -- -List of keywords used to tag each event. +Two options for a SecureXL message: 1. Missed accounting records after heavy load on logging system. 2. FW log message regarding a packet drop. + type: keyword -example: ["production", "env2"] +-- +*`checkpoint.conns_amount`*:: ++ -- +Connections amount of aggregated log info. -[float] -=== agent -The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host. -Examples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken. +type: integer +-- -*`agent.ephemeral_id`*:: +*`checkpoint.scope`*:: + -- -Ephemeral identifier of this agent (if one exists). -This id normally changes across restarts, but `agent.id` does not. +IP related to the attack. -type: keyword -example: 8a4f500f +type: keyword -- -*`agent.id`*:: +*`checkpoint.analyzed_on`*:: + -- -Unique identifier of this agent (if one exists). -Example: For Beats this would be beat.id. +Check Point ThreatCloud / emulator name. -type: keyword -example: 8a4f500d +type: keyword -- -*`agent.name`*:: +*`checkpoint.detected_on`*:: + -- -Custom name of the agent. -This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. -If no name is given, the name is often left empty. +System and applications version the file was emulated on. -type: keyword -example: foo +type: keyword -- -*`agent.type`*:: +*`checkpoint.dropped_file_name`*:: + -- -Type of the agent. -The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine. +List of names dropped from the original file. -type: keyword -example: filebeat +type: keyword -- -*`agent.version`*:: +*`checkpoint.dropped_file_type`*:: + -- -Version of the agent. +List of file types dropped from the original file. + type: keyword -example: 6.0.0-rc2 +-- +*`checkpoint.dropped_file_hash`*:: ++ -- +List of file hashes dropped from the original file. -[float] -=== as -An autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain that presents a common, clearly defined routing policy to the internet. +type: keyword +-- -*`as.number`*:: +*`checkpoint.dropped_file_verdict`*:: + -- -Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. +List of file verdics dropped from the original file. -type: long -example: 15169 +type: keyword -- -*`as.organization.name`*:: +*`checkpoint.emulated_on`*:: + -- -Organization name. +Images the files were emulated on. -type: keyword -example: Google LLC +type: keyword -- -*`as.organization.name.text`*:: +*`checkpoint.extracted_file_type`*:: + -- -type: text - --- +Types of extracted files in case of an archive. -[float] -=== client -A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records. -For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjunction with server fields. Client fields are generally not populated for packet-level events. -Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately. +type: keyword +-- -*`client.address`*:: +*`checkpoint.extracted_file_names`*:: + -- -Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. -Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. +Names of extracted files in case of an archive. + type: keyword -- -*`client.as.number`*:: +*`checkpoint.extracted_file_hash`*:: + -- -Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. +Archive hash in case of extracted files. -type: long -example: 15169 +type: keyword -- -*`client.as.organization.name`*:: +*`checkpoint.extracted_file_verdict`*:: + -- -Organization name. +Verdict of extracted files in case of an archive. -type: keyword -example: Google LLC +type: keyword -- -*`client.as.organization.name.text`*:: +*`checkpoint.extracted_file_uid`*:: + -- -type: text +UID of extracted files in case of an archive. + + +type: keyword -- -*`client.bytes`*:: +*`checkpoint.mitre_initial_access`*:: + -- -Bytes sent from the client to the server. - -type: long +The adversary is trying to break into your network. -example: 184 -format: bytes +type: keyword -- -*`client.domain`*:: +*`checkpoint.mitre_execution`*:: + -- -Client domain. +The adversary is trying to run malicious code. + type: keyword -- -*`client.geo.city_name`*:: +*`checkpoint.mitre_persistence`*:: + -- -City name. +The adversary is trying to maintain his foothold. -type: keyword -example: Montreal +type: keyword -- -*`client.geo.continent_name`*:: +*`checkpoint.mitre_privilege_escalation`*:: + -- -Name of the continent. +The adversary is trying to gain higher-level permissions. -type: keyword -example: North America +type: keyword -- -*`client.geo.country_iso_code`*:: +*`checkpoint.mitre_defense_evasion`*:: + -- -Country ISO code. +The adversary is trying to avoid being detected. -type: keyword -example: CA +type: keyword -- -*`client.geo.country_name`*:: +*`checkpoint.mitre_credential_access`*:: + -- -Country name. +The adversary is trying to steal account names and passwords. -type: keyword -example: Canada +type: keyword -- -*`client.geo.location`*:: +*`checkpoint.mitre_discovery`*:: + -- -Longitude and latitude. +The adversary is trying to expose information about your environment. -type: geo_point -example: { "lon": -73.614830, "lat": 45.505918 } +type: keyword -- -*`client.geo.name`*:: +*`checkpoint.mitre_lateral_movement`*:: + -- -User-defined description of a location, at the level of granularity they care about. -Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. -Not typically used in automated geolocation. +The adversary is trying to explore your environment. -type: keyword -example: boston-dc +type: keyword -- -*`client.geo.region_iso_code`*:: +*`checkpoint.mitre_collection`*:: + -- -Region ISO code. +The adversary is trying to collect data of interest to achieve his goal. -type: keyword -example: CA-QC +type: keyword -- -*`client.geo.region_name`*:: +*`checkpoint.mitre_command_and_control`*:: + -- -Region name. +The adversary is trying to communicate with compromised systems in order to control them. -type: keyword -example: Quebec +type: keyword -- -*`client.ip`*:: +*`checkpoint.mitre_exfiltration`*:: + -- -IP address of the client. -Can be one or multiple IPv4 or IPv6 addresses. +The adversary is trying to steal data. -type: ip + +type: keyword -- -*`client.mac`*:: +*`checkpoint.mitre_impact`*:: + -- -MAC address of the client. +The adversary is trying to manipulate, interrupt, or destroy your systems and data. + type: keyword -- -*`client.nat.ip`*:: +*`checkpoint.parent_file_hash`*:: + -- -Translated IP of source based NAT sessions (e.g. internal client to internet). -Typically connections traversing load balancers, firewalls, or routers. +Archive's hash in case of extracted files. -type: ip + +type: keyword -- -*`client.nat.port`*:: +*`checkpoint.parent_file_name`*:: + -- -Translated port of source based NAT sessions (e.g. internal client to internet). -Typically connections traversing load balancers, firewalls, or routers. +Archive's name in case of extracted files. -type: long -format: string +type: keyword -- -*`client.packets`*:: +*`checkpoint.parent_file_uid`*:: + -- -Packets sent from the client to the server. +Archive's UID in case of extracted files. -type: long -example: 12 +type: keyword -- -*`client.port`*:: +*`checkpoint.similiar_iocs`*:: + -- -Port of the client. +Other IoCs similar to the ones found, related to the malicious file. -type: long -format: string +type: keyword -- -*`client.registered_domain`*:: +*`checkpoint.similar_hashes`*:: + -- -The highest registered client domain, stripped of the subdomain. -For example, the registered domain for "foo.google.com" is "google.com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". +Hashes found similar to the malicious file. -type: keyword -example: google.com +type: keyword -- -*`client.top_level_domain`*:: +*`checkpoint.similar_strings`*:: + -- -The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". +Strings found similar to the malicious file. -type: keyword -example: co.uk +type: keyword -- -*`client.user.domain`*:: +*`checkpoint.similar_communication`*:: + -- -Name of the directory the user is a member of. -For example, an LDAP or Active Directory domain name. +Network action found similar to the malicious file. + type: keyword -- -*`client.user.email`*:: +*`checkpoint.te_verdict_determined_by`*:: + -- -User email address. +Emulators determined file verdict. + type: keyword -- -*`client.user.full_name`*:: +*`checkpoint.packet_capture_unique_id`*:: + -- -User's full name, if available. +Identifier of the packet capture files. -type: keyword -example: Albert Einstein +type: keyword -- -*`client.user.full_name.text`*:: +*`checkpoint.total_attachments`*:: + -- -type: text +The number of attachments in an email. + + +type: integer -- -*`client.user.group.domain`*:: +*`checkpoint.additional_info`*:: + -- -Name of the directory the group is a member of. -For example, an LDAP or Active Directory domain name. +ID of original file/mail which are sent by admin. + type: keyword -- -*`client.user.group.id`*:: +*`checkpoint.content_risk`*:: + -- -Unique identifier for the group on the system/platform. +File risk. -type: keyword + +type: integer -- -*`client.user.group.name`*:: +*`checkpoint.operation`*:: + -- -Name of the group. +Operation made by Threat Extraction. + type: keyword -- -*`client.user.hash`*:: +*`checkpoint.scrubbed_content`*:: + -- -Unique user hash to correlate information for a user in anonymized form. -Useful if `user.id` or `user.name` contain confidential information and cannot be used. +Active content that was found. + type: keyword -- -*`client.user.id`*:: +*`checkpoint.scrub_time`*:: + -- -Unique identifiers of the user. +Extraction process duration. + type: keyword -- -*`client.user.name`*:: +*`checkpoint.scrub_download_time`*:: + -- -Short name or login of the user. +File download time from resource. -type: keyword -example: albert +type: keyword -- -*`client.user.name.text`*:: +*`checkpoint.scrub_total_time`*:: + -- -type: text - --- +Threat extraction total file handling time. -[float] -=== cloud -Fields related to the cloud or infrastructure the events are coming from. +type: keyword +-- -*`cloud.account.id`*:: +*`checkpoint.scrub_activity`*:: + -- -The cloud account or organization id used to identify different entities in a multi-tenant environment. -Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. +The result of the extraction -type: keyword -example: 666777888999 +type: keyword -- -*`cloud.availability_zone`*:: +*`checkpoint.watermark`*:: + -- -Availability zone in which this host is running. +Reports whether watermark is added to the cleaned file. -type: keyword -example: us-east-1c +type: keyword -- -*`cloud.instance.id`*:: +*`checkpoint.source_object`*:: + -- -Instance ID of the host machine. +Matched object name on source column. -type: keyword -example: i-1234567890abcdef0 +type: integer -- -*`cloud.instance.name`*:: +*`checkpoint.destination_object`*:: + -- -Instance name of the host machine. +Matched object name on destination column. + type: keyword -- -*`cloud.machine.type`*:: +*`checkpoint.drop_reason`*:: + -- -Machine type of the host machine. +Drop reason description. -type: keyword -example: t2.medium +type: keyword -- -*`cloud.provider`*:: +*`checkpoint.hit`*:: + -- -Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. +Number of hits on a rule. -type: keyword -example: aws +type: integer -- -*`cloud.region`*:: +*`checkpoint.rulebase_id`*:: + -- -Region in which this host is running. +Layer number. -type: keyword -example: us-east-1 +type: integer -- -[float] -=== code_signature - -These fields contain information about binary code signatures. - - -*`code_signature.exists`*:: +*`checkpoint.first_hit_time`*:: + -- -Boolean to capture if a signature is present. +First hit time in current interval. -type: boolean -example: true +type: integer -- -*`code_signature.status`*:: +*`checkpoint.last_hit_time`*:: + -- -Additional information about the certificate status. -This is useful for logging cryptographic errors with the certificate validity or trust status. Leave unpopulated if the validity or trust of the certificate was unchecked. +Last hit time in current interval. -type: keyword -example: ERROR_UNTRUSTED_ROOT +type: integer -- -*`code_signature.subject_name`*:: +*`checkpoint.rematch_info`*:: + -- -Subject name of the code signer +Information sent when old connections cannot be matched during policy installation. -type: keyword -example: Microsoft Corporation +type: keyword -- -*`code_signature.trusted`*:: +*`checkpoint.last_rematch_time`*:: + -- -Stores the trust status of the certificate chain. -Validating the trust of the certificate chain may be complicated, and this field should only be populated by tools that actively check the status. +Connection rematched time. -type: boolean -example: true +type: keyword -- -*`code_signature.valid`*:: +*`checkpoint.action_reason`*:: + -- -Boolean to capture if the digital signature is verified against the binary content. -Leave unpopulated if a certificate was unchecked. +Connection drop reason. -type: boolean -example: true +type: integer -- -[float] -=== container - -Container fields are used for meta information about the specific container that is the source of information. -These fields help correlate data based containers from any runtime. - - -*`container.id`*:: +*`checkpoint.c_bytes`*:: + -- -Unique container id. - -type: keyword - --- +Boolean value indicates whether bytes sent from the client side are used. -*`container.image.name`*:: -+ --- -Name of the image the container was built on. -type: keyword +type: integer -- -*`container.image.tag`*:: +*`checkpoint.context_num`*:: + -- -Container image tags. +Serial number of the log for a specific connection. -type: keyword + +type: integer -- -*`container.labels`*:: +*`checkpoint.match_id`*:: + -- -Image labels. +Private key of the rule -type: object + +type: integer -- -*`container.name`*:: +*`checkpoint.alert`*:: + -- -Container name. +Alert level of matched rule (for connection logs). + type: keyword -- -*`container.runtime`*:: +*`checkpoint.parent_rule`*:: + -- -Runtime managing this container. +Parent rule number, in case of inline layer. -type: keyword -example: docker +type: integer -- -[float] -=== destination - -Destination fields describe details about the destination of a packet/event. -Destination fields are usually populated in conjunction with source fields. - - -*`destination.address`*:: +*`checkpoint.match_fk`*:: + -- -Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. -Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. +Rule number. -type: keyword + +type: integer -- -*`destination.as.number`*:: +*`checkpoint.dropped_outgoing`*:: + -- -Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. +Number of outgoing bytes dropped when using UP-limit feature. -type: long -example: 15169 +type: integer -- -*`destination.as.organization.name`*:: +*`checkpoint.dropped_incoming`*:: + -- -Organization name. +Number of incoming bytes dropped when using UP-limit feature. -type: keyword -example: Google LLC +type: integer -- -*`destination.as.organization.name.text`*:: +*`checkpoint.media_type`*:: + -- -type: text +Media used (audio, video, etc.) + + +type: keyword -- -*`destination.bytes`*:: +*`checkpoint.sip_reason`*:: + -- -Bytes sent from the destination to the source. - -type: long +Explains why 'source_ip' isn't allowed to redirect (handover). -example: 184 -format: bytes +type: keyword -- -*`destination.domain`*:: +*`checkpoint.voip_method`*:: + -- -Destination domain. +Registration request. + type: keyword -- -*`destination.geo.city_name`*:: +*`checkpoint.registered_ip-phones`*:: + -- -City name. +Registered IP-Phones. -type: keyword -example: Montreal +type: keyword -- -*`destination.geo.continent_name`*:: +*`checkpoint.voip_reg_user_type`*:: + -- -Name of the continent. +Registered IP-Phone type. -type: keyword -example: North America +type: keyword -- -*`destination.geo.country_iso_code`*:: +*`checkpoint.voip_call_id`*:: + -- -Country ISO code. +Call-ID. -type: keyword -example: CA +type: keyword -- -*`destination.geo.country_name`*:: +*`checkpoint.voip_reg_int`*:: + -- -Country name. +Registration port. -type: keyword -example: Canada +type: integer -- -*`destination.geo.location`*:: +*`checkpoint.voip_reg_ipp`*:: + -- -Longitude and latitude. +Registration IP protocol. -type: geo_point -example: { "lon": -73.614830, "lat": 45.505918 } +type: integer -- -*`destination.geo.name`*:: +*`checkpoint.voip_reg_period`*:: + -- -User-defined description of a location, at the level of granularity they care about. -Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. -Not typically used in automated geolocation. +Registration period. -type: keyword -example: boston-dc +type: integer -- -*`destination.geo.region_iso_code`*:: +*`checkpoint.voip_log_type`*:: + -- -Region ISO code. +VoIP log types. Possible values: reject, call, registration. -type: keyword -example: CA-QC +type: keyword -- -*`destination.geo.region_name`*:: +*`checkpoint.src_phone_number`*:: + -- -Region name. +Source IP-Phone. -type: keyword -example: Quebec +type: keyword -- -*`destination.ip`*:: +*`checkpoint.voip_from_user_type`*:: + -- -IP address of the destination. -Can be one or multiple IPv4 or IPv6 addresses. +Source IP-Phone type. -type: ip + +type: keyword -- -*`destination.mac`*:: +*`checkpoint.dst_phone_number`*:: + -- -MAC address of the destination. +Destination IP-Phone. + type: keyword -- -*`destination.nat.ip`*:: +*`checkpoint.voip_to_user_type`*:: + -- -Translated ip of destination based NAT sessions (e.g. internet to private DMZ) -Typically used with load balancers, firewalls, or routers. +Destination IP-Phone type. -type: ip + +type: keyword -- -*`destination.nat.port`*:: +*`checkpoint.voip_call_dir`*:: + -- -Port the source session is translated to by NAT Device. -Typically used with load balancers, firewalls, or routers. +Call direction: in/out. -type: long -format: string +type: keyword -- -*`destination.packets`*:: +*`checkpoint.voip_call_state`*:: + -- -Packets sent from the destination to the source. +Call state. Possible values: in/out. -type: long -example: 12 +type: keyword -- -*`destination.port`*:: +*`checkpoint.voip_call_term_time`*:: + -- -Port of the destination. +Call termination time stamp. -type: long -format: string +type: keyword -- -*`destination.registered_domain`*:: +*`checkpoint.voip_duration`*:: + -- -The highest registered destination domain, stripped of the subdomain. -For example, the registered domain for "foo.google.com" is "google.com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". +Call duration (seconds). -type: keyword -example: google.com +type: keyword -- -*`destination.top_level_domain`*:: +*`checkpoint.voip_media_port`*:: + -- -The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". +Media int. -type: keyword -example: co.uk +type: keyword -- -*`destination.user.domain`*:: +*`checkpoint.voip_media_ipp`*:: + -- -Name of the directory the user is a member of. -For example, an LDAP or Active Directory domain name. +Media IP protocol. + type: keyword -- -*`destination.user.email`*:: +*`checkpoint.voip_est_codec`*:: + -- -User email address. +Estimated codec. + type: keyword -- -*`destination.user.full_name`*:: +*`checkpoint.voip_exp`*:: + -- -User's full name, if available. +Expiration. -type: keyword -example: Albert Einstein +type: integer -- -*`destination.user.full_name.text`*:: +*`checkpoint.voip_attach_sz`*:: + -- -type: text +Attachment size. + + +type: integer -- -*`destination.user.group.domain`*:: +*`checkpoint.voip_attach_action_info`*:: + -- -Name of the directory the group is a member of. -For example, an LDAP or Active Directory domain name. +Attachment action Info. + type: keyword -- -*`destination.user.group.id`*:: +*`checkpoint.voip_media_codec`*:: + -- -Unique identifier for the group on the system/platform. +Estimated codec. + type: keyword -- -*`destination.user.group.name`*:: +*`checkpoint.voip_reject_reason`*:: + -- -Name of the group. +Reject reason. + type: keyword -- -*`destination.user.hash`*:: +*`checkpoint.voip_reason_info`*:: + -- -Unique user hash to correlate information for a user in anonymized form. -Useful if `user.id` or `user.name` contain confidential information and cannot be used. +Information. + type: keyword -- -*`destination.user.id`*:: +*`checkpoint.voip_config`*:: + -- -Unique identifiers of the user. +Configuration. + type: keyword -- -*`destination.user.name`*:: +*`checkpoint.voip_reg_server`*:: + -- -Short name or login of the user. +Registrar server IP address. -type: keyword -example: albert +type: ip -- -*`destination.user.name.text`*:: +*`checkpoint.scv_user`*:: + -- -type: text - --- - -[float] -=== dll +Username whose packets are dropped on SCV. -These fields contain information about code libraries dynamically loaded into processes. -Many operating systems refer to "shared code libraries" with different names, but this field set refers to all of the following: -* Dynamic-link library (`.dll`) commonly used on Windows -* Shared Object (`.so`) commonly used on Unix-like operating systems -* Dynamic library (`.dylib`) commonly used on macOS +type: keyword +-- -*`dll.code_signature.exists`*:: +*`checkpoint.scv_message_info`*:: + -- -Boolean to capture if a signature is present. +Drop reason. -type: boolean -example: true +type: keyword -- -*`dll.code_signature.status`*:: +*`checkpoint.ppp`*:: + -- -Additional information about the certificate status. -This is useful for logging cryptographic errors with the certificate validity or trust status. Leave unpopulated if the validity or trust of the certificate was unchecked. +Authentication status. -type: keyword -example: ERROR_UNTRUSTED_ROOT +type: keyword -- -*`dll.code_signature.subject_name`*:: +*`checkpoint.scheme`*:: + -- -Subject name of the code signer +Describes the scheme used for the log. -type: keyword -example: Microsoft Corporation +type: keyword -- -*`dll.code_signature.trusted`*:: +*`checkpoint.auth_method`*:: + -- -Stores the trust status of the certificate chain. -Validating the trust of the certificate chain may be complicated, and this field should only be populated by tools that actively check the status. +Password authentication protocol used (PAP or EAP). -type: boolean -example: true +type: keyword -- -*`dll.code_signature.valid`*:: +*`checkpoint.machine`*:: + -- -Boolean to capture if the digital signature is verified against the binary content. -Leave unpopulated if a certificate was unchecked. +L2TP machine which triggered the log and the log refers to it. -type: boolean -example: true +type: keyword -- -*`dll.hash.md5`*:: +*`checkpoint.vpn_feature_name`*:: + -- -MD5 hash. +L2TP /IKE / Link Selection. + type: keyword -- -*`dll.hash.sha1`*:: +*`checkpoint.reject_category`*:: + -- -SHA1 hash. +Authentication failure reason. + type: keyword -- -*`dll.hash.sha256`*:: +*`checkpoint.peer_ip_probing_status_update`*:: + -- -SHA256 hash. +IP address response status. + type: keyword -- -*`dll.hash.sha512`*:: +*`checkpoint.peer_ip`*:: + -- -SHA512 hash. +IP address which the client connects to. + type: keyword -- -*`dll.name`*:: +*`checkpoint.peer_gateway`*:: + -- -Name of the library. -This generally maps to the name of the file on disk. +Main IP of the peer Security Gateway. -type: keyword -example: kernel32.dll +type: ip -- -*`dll.path`*:: +*`checkpoint.link_probing_status_update`*:: + -- -Full file path of the library. +IP address response status. -type: keyword -example: C:\Windows\System32\kernel32.dll +type: keyword -- -*`dll.pe.company`*:: +*`checkpoint.source_interface`*:: + -- -Internal company name of the file, provided at compile-time. +External Interface name for source interface or Null if not found. -type: keyword -example: Microsoft Corporation +type: keyword -- -*`dll.pe.description`*:: +*`checkpoint.next_hop_ip`*:: + -- -Internal description of the file, provided at compile-time. +Next hop IP address. -type: keyword -example: Paint +type: keyword -- -*`dll.pe.file_version`*:: +*`checkpoint.srckeyid`*:: + -- -Internal version of the file, provided at compile-time. +Initiator Spi ID. -type: keyword -example: 6.3.9600.17415 +type: keyword -- -*`dll.pe.original_file_name`*:: +*`checkpoint.dstkeyid`*:: + -- -Internal name of the file, provided at compile-time. +Responder Spi ID. -type: keyword -example: MSPAINT.EXE +type: keyword -- -*`dll.pe.product`*:: +*`checkpoint.encryption_failure`*:: + -- -Internal product name of the file, provided at compile-time. +Message indicating why the encryption failed. + type: keyword -example: Microsoft® Windows® Operating System +-- +*`checkpoint.ike_ids`*:: ++ -- +All QM ids. -[float] -=== dns -Fields describing DNS queries and answers. -DNS events should either represent a single DNS query prior to getting answers (`dns.type:query`) or they should represent a full exchange and contain the query details as well as all of the answers that were provided for this query (`dns.type:answer`). +type: keyword +-- -*`dns.answers`*:: +*`checkpoint.community`*:: + -- -An array containing an object for each answer section returned by the server. -The main keys that should be present in these objects are defined by ECS. Records that have more information may contain more keys than what ECS defines. -Not all DNS data sources give all details about DNS answers. At minimum, answer objects must contain the `data` key. If more information is available, map as much of it to ECS as possible, and add any additional fields to the answer objects as custom fields. +Community name for the IPSec key and the use of the IKEv. -type: object + +type: keyword -- -*`dns.answers.class`*:: +*`checkpoint.ike`*:: + -- -The class of DNS data contained in this resource record. +IKEMode (PHASE1, PHASE2, etc..). -type: keyword -example: IN +type: keyword -- -*`dns.answers.data`*:: +*`checkpoint.cookieI`*:: + -- -The data describing the resource. -The meaning of this data depends on the type and class of the resource record. +Initiator cookie. + type: keyword -example: 10.10.10.10 - -- -*`dns.answers.name`*:: +*`checkpoint.cookieR`*:: + -- -The domain name to which this resource record pertains. -If a chain of CNAME is being resolved, each answer's `name` should be the one that corresponds with the answer's `data`. It should not simply be the original `question.name` repeated. +Responder cookie. -type: keyword -example: www.google.com +type: keyword -- -*`dns.answers.ttl`*:: +*`checkpoint.msgid`*:: + -- -The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached. +Message ID. -type: long -example: 180 +type: keyword -- -*`dns.answers.type`*:: +*`checkpoint.methods`*:: + -- -The type of data contained in this resource record. +IPSEc methods. -type: keyword -example: CNAME +type: keyword -- -*`dns.header_flags`*:: +*`checkpoint.connection_uid`*:: + -- -Array of 2 letter DNS header flags. -Expected values are: AA, TC, RD, RA, AD, CD, DO. +Calculation of md5 of the IP and user name as UID. -type: keyword -example: ['RD', 'RA'] +type: keyword -- -*`dns.id`*:: +*`checkpoint.site_name`*:: + -- -The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response. +Site name. -type: keyword -example: 62111 +type: keyword -- -*`dns.op_code`*:: +*`checkpoint.esod_rule_name`*:: + -- -The DNS operation code that specifies the kind of query in the message. This value is set by the originator of a query and copied into the response. +Unknown rule name. -type: keyword -example: QUERY +type: keyword -- -*`dns.question.class`*:: +*`checkpoint.esod_rule_action`*:: + -- -The class of records being queried. +Unknown rule action. -type: keyword -example: IN +type: keyword -- -*`dns.question.name`*:: +*`checkpoint.esod_rule_type`*:: + -- -The name being queried. -If the name field contains non-printable characters (below 32 or above 126), those characters should be represented as escaped base 10 integers (\DDD). Back slashes and quotes should be escaped. Tabs, carriage returns, and line feeds should be converted to \t, \r, and \n respectively. +Unknown rule type. -type: keyword -example: www.google.com +type: keyword -- -*`dns.question.registered_domain`*:: +*`checkpoint.esod_noncompliance_reason`*:: + -- -The highest registered domain, stripped of the subdomain. -For example, the registered domain for "foo.google.com" is "google.com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". +Non-compliance reason. -type: keyword -example: google.com +type: keyword -- -*`dns.question.subdomain`*:: +*`checkpoint.esod_associated_policies`*:: + -- -The subdomain is all of the labels under the registered_domain. -If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. +Associated policies. -type: keyword -example: www +type: keyword -- -*`dns.question.top_level_domain`*:: +*`checkpoint.spyware_name`*:: + -- -The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". +Spyware name. -type: keyword -example: co.uk +type: keyword -- -*`dns.question.type`*:: +*`checkpoint.spyware_type`*:: + -- -The type of record being queried. +Spyware type. -type: keyword -example: AAAA +type: keyword -- -*`dns.resolved_ip`*:: +*`checkpoint.anti_virus_type`*:: + -- -Array containing all IPs seen in `answers.data`. -The `answers` array can be difficult to use, because of the variety of data formats it can contain. Extracting all IP addresses seen in there to `dns.resolved_ip` makes it possible to index them as IP addresses, and makes them easier to visualize and query for. +Anti virus type. -type: ip -example: ['10.10.10.10', '10.10.10.11'] +type: keyword -- -*`dns.response_code`*:: +*`checkpoint.end_user_firewall_type`*:: + -- -The DNS response code. +End user firewall type. -type: keyword -example: NOERROR +type: keyword -- -*`dns.type`*:: +*`checkpoint.esod_scan_status`*:: + -- -The type of DNS event captured, query or answer. -If your source of DNS events only gives you DNS queries, you should only create dns events of type `dns.type:query`. -If your source of DNS events gives you answers as well, you should create one event per query (optionally as soon as the query is seen). And a second event containing all query details as well as an array of answers. +Scan failed. -type: keyword -example: answer +type: keyword -- -[float] -=== ecs - -Meta-information specific to ECS. - - -*`ecs.version`*:: +*`checkpoint.esod_access_status`*:: + -- -ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. -When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. - -type: keyword +Access denied. -example: 1.0.0 -required: True +type: keyword -- -[float] -=== error - -These fields can represent errors of any kind. -Use them for errors that happen while fetching events or in cases where the event itself contains an error. - - -*`error.code`*:: +*`checkpoint.client_type`*:: + -- -Error code describing the error. +Endpoint Connect. + type: keyword -- -*`error.id`*:: +*`checkpoint.precise_error`*:: + -- -Unique identifier for the error. +HTTP parser error. + type: keyword -- -*`error.message`*:: +*`checkpoint.method`*:: + -- -Error message. - -type: text - --- +HTTP method. -*`error.stack_trace`*:: -+ --- -The stack trace of this error in plain text. type: keyword -- -*`error.stack_trace.text`*:: +*`checkpoint.trusted_domain`*:: + -- -type: text +In case of phishing event, the domain, which the attacker was impersonating. --- -*`error.type`*:: -+ +type: keyword + -- -The type of the error, for example the class name of the exception. -type: keyword +[[exported-fields-checkpoint]] +== Checkpoint fields + +Some checkpoint module -example: java.lang.NullPointerException --- [float] -=== event +=== checkpoint -The event fields are used for context information about the log or metric event itself. -A log is defined as an event containing details of something that happened. Log events must include the time at which the thing happened. Examples of log events include a process starting on a host, a network packet being sent from a source to a destination, or a network connection between a client and a server being initiated or closed. A metric is defined as an event containing one or more numerical measurements and the time at which the measurement was taken. Examples of metric events include memory pressure measured on a host and device temperature. See the `event.kind` definition in this section for additional details about metric and state events. +Module for parsing Checkpoint syslog. -*`event.action`*:: + +*`checkpoint.confidence_level`*:: + -- -The action captured by the event. -This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. +Confidence level determined by ThreatCloud. -type: keyword -example: user-password-change +type: integer -- -*`event.category`*:: +*`checkpoint.calc_desc`*:: + -- -This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. -`event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. -This field is an array. This will allow proper categorization of some events that fall in multiple categories. +Log description. -type: keyword -example: authentication +type: keyword -- -*`event.code`*:: +*`checkpoint.dst_country`*:: + -- -Identification code for this event, if one exists. -Some event sources use event codes to identify messages unambiguously, regardless of message language or wording adjustments over time. An example of this is the Windows Event ID. +Destination country. -type: keyword -example: 4648 +type: keyword -- -*`event.created`*:: +*`checkpoint.dst_user_name`*:: + -- -event.created contains the date/time when the event was first read by an agent, or by your pipeline. -This field is distinct from @timestamp in that @timestamp typically contain the time extracted from the original event. -In most situations, these two timestamps will be slightly different. The difference can be used to calculate the delay between your source generating an event, and the time when your agent first processed it. This can be used to monitor your agent's or pipeline's ability to keep up with your event source. -In case the two timestamps are identical, @timestamp should be used. +Connected user name on the destination IP. -type: date -example: 2016-05-23T08:05:34.857Z +type: keyword -- -*`event.dataset`*:: +*`checkpoint.email_id`*:: + -- -Name of the dataset. -If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. -It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. +Email number in smtp connection. -type: keyword -example: apache.access +type: keyword -- -*`event.duration`*:: +*`checkpoint.email_subject`*:: + -- -Duration of the event in nanoseconds. -If event.start and event.end are known this value should be the difference between the end and start time. +Original email subject. -type: long -format: duration +type: keyword -- -*`event.end`*:: +*`checkpoint.email_session_id`*:: + -- -event.end contains the date when the event ended or when the activity was last observed. +Connection uuid. -type: date + +type: keyword -- -*`event.hash`*:: +*`checkpoint.event_count`*:: + -- -Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log integrity. +Number of events associated with the log. -type: keyword -example: 123456789012345678901234567890ABCD +type: long -- -*`event.id`*:: +*`checkpoint.sys_message`*:: + -- -Unique ID to describe the event. +System messages -type: keyword -example: 8a4f500d +type: keyword -- -*`event.ingested`*:: +*`checkpoint.logid`*:: + -- -Timestamp when an event arrived in the central data store. -This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. -In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` < `event.created` < `event.ingested`. +System messages -type: date -example: 2016-05-23T08:05:35.101Z +type: keyword -- -*`event.kind`*:: +*`checkpoint.failure_impact`*:: + -- -This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. -`event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. -The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. +The impact of update service failure. -type: keyword -example: alert +type: keyword -- -*`event.module`*:: +*`checkpoint.id`*:: + -- -Name of the module this data is coming from. -If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. +Override application ID. -type: keyword -example: apache +type: integer -- -*`event.original`*:: +*`checkpoint.information`*:: + -- -Raw text message of entire event. Used to demonstrate log integrity. -This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. +Policy installation status for a specific blade. -type: keyword -example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232 +type: keyword -- -*`event.outcome`*:: +*`checkpoint.layer_name`*:: + -- -This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. -`event.outcome` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event. -Note that when a single transaction is described in multiple events, each event may populate different values of `event.outcome`, according to their perspective. -Also note that in the case of a compound event (a single event that contains multiple logical events), this field should be populated with the value that best captures the overall success or failure from the perspective of the event producer. -Further note that not all events will have an associated outcome. For example, this field is generally not populated for metric events, events with `event.type:info`, or any events for which an outcome does not make logical sense. +Layer name. -type: keyword -example: success +type: keyword -- -*`event.provider`*:: +*`checkpoint.layer_uuid`*:: + -- -Source of the event. -Event transports such as Syslog or the Windows Event Log typically mention the source of an event. It can be the name of the software that generated the event (e.g. Sysmon, httpd), or of a subsystem of the operating system (kernel, Microsoft-Windows-Security-Auditing). +Layer UUID. -type: keyword -example: kernel +type: keyword -- -*`event.reference`*:: +*`checkpoint.log_id`*:: + -- -Reference URL linking to additional information about this event. -This URL links to a static definition of the this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. +Unique identity for logs. -type: keyword -example: https://system.vendor.com/event/#0001234 +type: integer -- -*`event.risk_score`*:: +*`checkpoint.malware_family`*:: + -- -Risk score or priority of the event (e.g. security solutions). Use your system's original value here. +Additional information on protection. -type: float + +type: keyword -- -*`event.risk_score_norm`*:: +*`checkpoint.origin_sic_name`*:: + -- -Normalized risk score or priority of the event, on a scale of 0 to 100. -This is mainly useful if you use more than one system that assigns risk scores, and you want to see a normalized value across all systems. +Machine SIC. -type: float + +type: keyword -- -*`event.sequence`*:: +*`checkpoint.policy_mgmt`*:: + -- -Sequence number of the event. -The sequence number is a value published by some event sources, to make the exact ordering of events unambiguous, regardless of the timestamp precision. +Name of the Management Server that manages this Security Gateway. -type: long -format: string +type: keyword -- -*`event.severity`*:: +*`checkpoint.policy_name`*:: + -- -The numeric severity of the event according to your event source. -What the different severity values mean can be different between sources and use cases. It's up to the implementer to make sure severities are consistent across events from the same source. -The Syslog severity belongs in `log.syslog.severity.code`. `event.severity` is meant to represent the severity according to the event source (e.g. firewall, IDS). If the event source does not publish its own severity, you may optionally copy the `log.syslog.severity.code` to `event.severity`. - -type: long +Name of the last policy that this Security Gateway fetched. -example: 7 -format: string +type: keyword -- -*`event.start`*:: +*`checkpoint.protection_id`*:: + -- -event.start contains the date when the event started or when the activity was first observed. +Protection malware id. -type: date + +type: keyword -- -*`event.timezone`*:: +*`checkpoint.protection_name`*:: + -- -This field should be populated when the event's timestamp does not include timezone information already (e.g. default Syslog timestamps). It's optional otherwise. -Acceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00"). +Specific signature name of the attack. + type: keyword -- -*`event.type`*:: +*`checkpoint.protection_type`*:: + -- -This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. -`event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. -This field is an array. This will allow proper categorization of some events that fall in multiple event types. +Type of protection used to detect the attack. + type: keyword -- -*`event.url`*:: +*`checkpoint.protocol`*:: + -- -URL linking to an external system to continue investigation of this event. -This URL links to another system where in-depth investigation of the specific occurence of this event can take place. Alert events, indicated by `event.kind:alert`, are a common use case for this field. +Protocol detected on the connection. + type: keyword -example: https://mysystem.mydomain.com/alert/5271dedb-f5b0-4218-87f0-4ac4870a38fe +-- +*`checkpoint.proxy_src_ip`*:: ++ -- +Sender source IP (even when using proxy). -[float] -=== file -A file is defined as a set of information that has been created on, or has existed on a filesystem. -File objects can be associated with host events, network events, and/or file events (e.g., those produced by File Integrity Monitoring [FIM] products or services). File fields provide details about the affected file associated with the event or metric. +type: ip +-- -*`file.accessed`*:: +*`checkpoint.rule`*:: + -- -Last time the file was accessed. -Note that not all filesystems keep track of access time. +Matched rule number. -type: date + +type: integer -- -*`file.attributes`*:: +*`checkpoint.rule_action`*:: + -- -Array of file attributes. -Attributes names will vary by platform. Here's a non-exhaustive list of values that are expected in this field: archive, compressed, directory, encrypted, execute, hidden, read, readonly, system, write. +Action of the matched rule in the access policy. -type: keyword -example: ["readonly", "system"] +type: keyword -- -*`file.code_signature.exists`*:: +*`checkpoint.scan_direction`*:: + -- -Boolean to capture if a signature is present. +Scan direction. -type: boolean -example: true +type: keyword -- -*`file.code_signature.status`*:: +*`checkpoint.session_id`*:: + -- -Additional information about the certificate status. -This is useful for logging cryptographic errors with the certificate validity or trust status. Leave unpopulated if the validity or trust of the certificate was unchecked. +Log uuid. -type: keyword -example: ERROR_UNTRUSTED_ROOT +type: keyword -- -*`file.code_signature.subject_name`*:: +*`checkpoint.source_os`*:: + -- -Subject name of the code signer +OS which generated the attack. -type: keyword -example: Microsoft Corporation +type: keyword -- -*`file.code_signature.trusted`*:: +*`checkpoint.src_country`*:: + -- -Stores the trust status of the certificate chain. -Validating the trust of the certificate chain may be complicated, and this field should only be populated by tools that actively check the status. +Country name, derived from connection source IP address. -type: boolean -example: true +type: keyword -- -*`file.code_signature.valid`*:: +*`checkpoint.src_user_name`*:: + -- -Boolean to capture if the digital signature is verified against the binary content. -Leave unpopulated if a certificate was unchecked. +User name connected to source IP -type: boolean -example: true +type: keyword -- -*`file.created`*:: +*`checkpoint.ticket_id`*:: + -- -File creation time. -Note that not all filesystems store the creation time. +Unique ID per file. -type: date + +type: keyword -- -*`file.ctime`*:: +*`checkpoint.tls_server_host_name`*:: + -- -Last time the file attributes or metadata changed. -Note that changes to the file content will update `mtime`. This implies `ctime` will be adjusted at the same time, since `mtime` is an attribute of the file. +SNI/CN from encrypted TLS connection used by URLF for categorization. -type: date + +type: keyword -- -*`file.device`*:: +*`checkpoint.verdict`*:: + -- -Device that is the source of the file. +TE engine verdict Possible values: Malicious/Benign/Error. -type: keyword -example: sda +type: keyword -- -*`file.directory`*:: +*`checkpoint.user`*:: + -- -Directory where the file is located. It should include the drive letter, when appropriate. +Source user name. -type: keyword -example: /home/alice +type: keyword -- -*`file.drive_letter`*:: +*`checkpoint.vendor_list`*:: + -- -Drive letter where the file is located. This field is only relevant on Windows. -The value should be uppercase, and not include the colon. +The vendor name that provided the verdict for a malicious URL. -type: keyword -example: C +type: keyword -- -*`file.extension`*:: +*`checkpoint.web_server_type`*:: + -- -File extension. +Web server detected in the HTTP response. -type: keyword -example: png +type: keyword -- -*`file.gid`*:: +*`checkpoint.client_name`*:: + -- -Primary group ID (GID) of the file. +Client Application or Software Blade that detected the event. -type: keyword -example: 1001 +type: keyword -- -*`file.group`*:: +*`checkpoint.client_version`*:: + -- -Primary group name of the file. +Build version of SandBlast Agent client installed on the computer. -type: keyword -example: alice +type: keyword -- -*`file.hash.md5`*:: +*`checkpoint.extension_version`*:: + -- -MD5 hash. +Build version of the SandBlast Agent browser extension. + type: keyword -- -*`file.hash.sha1`*:: +*`checkpoint.host_time`*:: + -- -SHA1 hash. +Local time on the endpoint computer. + type: keyword -- -*`file.hash.sha256`*:: +*`checkpoint.installed_products`*:: + -- -SHA256 hash. +List of installed Endpoint Software Blades. + type: keyword -- -*`file.hash.sha512`*:: +*`checkpoint.cc`*:: + -- -SHA512 hash. +The Carbon Copy address of the email. + type: keyword -- -*`file.inode`*:: +*`checkpoint.parent_process_username`*:: + -- -Inode representing the file in the filesystem. +Owner username of the parent process of the process that triggered the attack. -type: keyword -example: 256383 +type: keyword -- -*`file.mime_type`*:: +*`checkpoint.process_username`*:: + -- -MIME type should identify the format of the file or stream of bytes using https://www.iana.org/assignments/media-types/media-types.xhtml[IANA official types], where possible. When more than one type is applicable, the most specific type should be used. +Owner username of the process that triggered the attack. + type: keyword -- -*`file.mode`*:: +*`checkpoint.audit_status`*:: + -- -Mode of the file in octal representation. +Audit Status. Can be Success or Failure. -type: keyword -example: 0640 +type: keyword -- -*`file.mtime`*:: +*`checkpoint.objecttable`*:: + -- -Last time the file content was modified. +Table of affected objects. -type: date + +type: keyword -- -*`file.name`*:: +*`checkpoint.objecttype`*:: + -- -Name of the file including the extension, without the directory. +The type of the affected object. -type: keyword -example: example.png +type: keyword -- -*`file.owner`*:: +*`checkpoint.operation_number`*:: + -- -File owner's username. +The operation nuber. -type: keyword -example: alice +type: keyword -- -*`file.path`*:: +*`checkpoint.email_recipients_num`*:: + -- -Full path to the file, including the file name. It should include the drive letter, when appropriate. +Amount of recipients whom the mail was sent to. -type: keyword -example: /home/alice/example.png +type: integer -- -*`file.path.text`*:: +*`checkpoint.suppressed_logs`*:: + -- -type: text +Aggregated connections for five minutes on the same source, destination and port. + + +type: integer -- -*`file.pe.company`*:: +*`checkpoint.blade_name`*:: + -- -Internal company name of the file, provided at compile-time. +Blade name. -type: keyword -example: Microsoft Corporation +type: keyword -- -*`file.pe.description`*:: +*`checkpoint.status`*:: + -- -Internal description of the file, provided at compile-time. +Ok/Warning/Error. -type: keyword -example: Paint +type: keyword -- -*`file.pe.file_version`*:: +*`checkpoint.short_desc`*:: + -- -Internal version of the file, provided at compile-time. +Short description of the process that was executed. -type: keyword -example: 6.3.9600.17415 +type: keyword -- -*`file.pe.original_file_name`*:: +*`checkpoint.long_desc`*:: + -- -Internal name of the file, provided at compile-time. +More information on the process (usually describing error reason in failure). -type: keyword -example: MSPAINT.EXE +type: keyword -- -*`file.pe.product`*:: +*`checkpoint.scan_hosts_hour`*:: + -- -Internal product name of the file, provided at compile-time. +Number of unique hosts during the last hour. -type: keyword -example: Microsoft® Windows® Operating System +type: integer -- -*`file.size`*:: +*`checkpoint.scan_hosts_day`*:: + -- -File size in bytes. -Only relevant when `file.type` is "file". +Number of unique hosts during the last day. -type: long -example: 16384 +type: integer -- -*`file.target_path`*:: +*`checkpoint.scan_hosts_week`*:: + -- -Target path for symlinks. +Number of unique hosts during the last week. -type: keyword + +type: integer -- -*`file.target_path.text`*:: +*`checkpoint.unique_detected_hour`*:: + -- -type: text +Detected virus for a specific host during the last hour. + + +type: integer -- -*`file.type`*:: +*`checkpoint.unique_detected_day`*:: + -- -File type (file, dir, or symlink). +Detected virus for a specific host during the last day. -type: keyword -example: file +type: integer -- -*`file.uid`*:: +*`checkpoint.unique_detected_week`*:: + -- -The user ID (UID) or security identifier (SID) of the file owner. +Detected virus for a specific host during the last week. -type: keyword -example: 1001 +type: integer -- -[float] -=== geo +*`checkpoint.scan_mail`*:: ++ +-- +Number of emails that were scanned by "AB malicious activity" engine. -Geo fields can carry data about a specific location related to an event. -This geolocation information can be derived from techniques such as Geo IP, or be user-supplied. +type: integer + +-- -*`geo.city_name`*:: +*`checkpoint.additional_ip`*:: + -- -City name. +DNS host name. -type: keyword -example: Montreal +type: keyword -- -*`geo.continent_name`*:: +*`checkpoint.description`*:: + -- -Name of the continent. +Additional explanation how the security gateway enforced the connection. -type: keyword -example: North America +type: keyword -- -*`geo.country_iso_code`*:: +*`checkpoint.email_spam_category`*:: + -- -Country ISO code. +Email categories. Possible values: spam/not spam/phishing. -type: keyword -example: CA +type: keyword -- -*`geo.country_name`*:: +*`checkpoint.email_control_analysis`*:: + -- -Country name. +Message classification, received from spam vendor engine. -type: keyword -example: Canada +type: keyword -- -*`geo.location`*:: +*`checkpoint.scan_results`*:: + -- -Longitude and latitude. +"Infected"/description of a failure. -type: geo_point -example: { "lon": -73.614830, "lat": 45.505918 } +type: keyword -- -*`geo.name`*:: +*`checkpoint.original_queue_id`*:: + -- -User-defined description of a location, at the level of granularity they care about. -Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. -Not typically used in automated geolocation. +Original postfix email queue id. -type: keyword -example: boston-dc +type: keyword -- -*`geo.region_iso_code`*:: +*`checkpoint.risk`*:: + -- -Region ISO code. +Risk level we got from the engine. -type: keyword -example: CA-QC +type: keyword -- -*`geo.region_name`*:: +*`checkpoint.observable_name`*:: + -- -Region name. +IOC observable signature name. + type: keyword -example: Quebec +-- +*`checkpoint.observable_id`*:: ++ -- +IOC observable signature id. -[float] -=== group -The group fields are meant to represent groups that are relevant to the event. +type: keyword +-- -*`group.domain`*:: +*`checkpoint.observable_comment`*:: + -- -Name of the directory the group is a member of. -For example, an LDAP or Active Directory domain name. +IOC observable signature description. + type: keyword -- -*`group.id`*:: +*`checkpoint.indicator_name`*:: + -- -Unique identifier for the group on the system/platform. +IOC indicator name. + type: keyword -- -*`group.name`*:: +*`checkpoint.indicator_description`*:: + -- -Name of the group. +IOC indicator description. + type: keyword -- -[float] -=== hash +*`checkpoint.indicator_reference`*:: ++ +-- +IOC indicator reference. -The hash fields represent different hash algorithms and their values. -Field names for common hashes (e.g. MD5, SHA1) are predefined. Add fields for other hashes by lowercasing the hash algorithm name and using underscore separators as appropriate (snake case, e.g. sha3_512). +type: keyword -*`hash.md5`*:: +-- + +*`checkpoint.indicator_uuid`*:: + -- -MD5 hash. +IOC indicator uuid. + type: keyword -- -*`hash.sha1`*:: +*`checkpoint.app_desc`*:: + -- -SHA1 hash. +Application description. + type: keyword -- -*`hash.sha256`*:: +*`checkpoint.app_id`*:: + -- -SHA256 hash. +Application ID. -type: keyword + +type: integer -- -*`hash.sha512`*:: +*`checkpoint.app_sig_id`*:: + -- -SHA512 hash. +IOC indicator description. + type: keyword -- -[float] -=== host +*`checkpoint.certificate_resource`*:: ++ +-- +HTTPS resource Possible values: SNI or domain name (DN). -A host is defined as a general computing instance. -ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes. +type: keyword -*`host.architecture`*:: +-- + +*`checkpoint.certificate_validation`*:: + -- -Operating system architecture. +Precise error, describing HTTPS certificate failure under "HTTPS categorize websites" feature. -type: keyword -example: x86_64 +type: keyword -- -*`host.domain`*:: +*`checkpoint.browse_time`*:: + -- -Name of the domain of which the host is a member. -For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. +Application session browse time. -type: keyword -example: CONTOSO +type: keyword -- -*`host.geo.city_name`*:: +*`checkpoint.limit_requested`*:: + -- -City name. +Indicates whether data limit was requested for the session. -type: keyword -example: Montreal +type: integer -- -*`host.geo.continent_name`*:: +*`checkpoint.limit_applied`*:: + -- -Name of the continent. +Indicates whether the session was actually date limited. -type: keyword -example: North America +type: integer -- -*`host.geo.country_iso_code`*:: +*`checkpoint.dropped_total`*:: + -- -Country ISO code. +Amount of dropped packets (both incoming and outgoing). -type: keyword -example: CA +type: integer -- -*`host.geo.country_name`*:: +*`checkpoint.client_type_os`*:: + -- -Country name. +Client OS detected in the HTTP request. -type: keyword -example: Canada +type: keyword -- -*`host.geo.location`*:: +*`checkpoint.name`*:: + -- -Longitude and latitude. +Application name. -type: geo_point -example: { "lon": -73.614830, "lat": 45.505918 } +type: keyword -- -*`host.geo.name`*:: +*`checkpoint.properties`*:: + -- -User-defined description of a location, at the level of granularity they care about. -Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. -Not typically used in automated geolocation. +Application categories. -type: keyword -example: boston-dc +type: keyword -- -*`host.geo.region_iso_code`*:: +*`checkpoint.sig_id`*:: + -- -Region ISO code. +Application's signature ID which how it was detected by. -type: keyword -example: CA-QC +type: keyword -- -*`host.geo.region_name`*:: +*`checkpoint.desc`*:: + -- -Region name. +Override application description. -type: keyword -example: Quebec +type: keyword -- -*`host.hostname`*:: +*`checkpoint.referrer_self_uid`*:: + -- -Hostname of the host. -It normally contains what the `hostname` command returns on the host machine. +UUID of the current log. + type: keyword -- -*`host.id`*:: +*`checkpoint.referrer_parent_uid`*:: + -- -Unique host id. -As hostname is not always unique, use values that are meaningful in your environment. -Example: The current usage of `beat.name`. +Log UUID of the referring application. + type: keyword -- -*`host.ip`*:: +*`checkpoint.needs_browse_time`*:: + -- -Host ip addresses. +Browse time required for the connection. -type: ip + +type: integer -- -*`host.mac`*:: +*`checkpoint.cluster_info`*:: + -- -Host mac addresses. +Cluster information. Possible options: Failover reason/cluster state changes/CP cluster or 3rd party. + type: keyword -- -*`host.name`*:: +*`checkpoint.sync`*:: + -- -Name of the host. -It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. +Sync status and the reason (stable, at risk). + type: keyword -- -*`host.os.family`*:: +*`checkpoint.file_direction`*:: + -- -OS family (such as redhat, debian, freebsd, windows). +File direction. Possible options: upload/download. -type: keyword -example: debian +type: keyword -- -*`host.os.full`*:: +*`checkpoint.invalid_file_size`*:: + -- -Operating system name, including the version or code name. +File_size field is valid only if this field is set to 0. -type: keyword -example: Mac OS Mojave +type: integer -- -*`host.os.full.text`*:: +*`checkpoint.top_archive_file_name`*:: + -- -type: text +In case of archive file: the file that was sent/received. + + +type: keyword -- -*`host.os.kernel`*:: +*`checkpoint.data_type_name`*:: + -- -Operating system kernel version as a raw string. +Data type in rulebase that was matched. -type: keyword -example: 4.4.0-112-generic +type: keyword -- -*`host.os.name`*:: +*`checkpoint.specific_data_type_name`*:: + -- -Operating system name, without the version. +Compound/Group scenario, data type that was matched. -type: keyword -example: Mac OS X +type: keyword -- -*`host.os.name.text`*:: +*`checkpoint.word_list`*:: + -- -type: text +Words matched by data type. + + +type: keyword -- -*`host.os.platform`*:: +*`checkpoint.info`*:: + -- -Operating system platform (such centos, ubuntu, windows). +Special log message. -type: keyword -example: darwin +type: keyword -- -*`host.os.version`*:: +*`checkpoint.outgoing_url`*:: + -- -Operating system version as a raw string. +URL related to this log (for HTTP). -type: keyword -example: 10.14.1 +type: keyword -- -*`host.type`*:: +*`checkpoint.dlp_rule_name`*:: + -- -Type of host. -For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. +Matched rule name. + type: keyword -- -*`host.uptime`*:: +*`checkpoint.dlp_recipients`*:: + -- -Seconds the host has been up. +Mail recipients. -type: long -example: 1325 +type: keyword -- -*`host.user.domain`*:: +*`checkpoint.dlp_subject`*:: + -- -Name of the directory the user is a member of. -For example, an LDAP or Active Directory domain name. +Mail subject. + type: keyword -- -*`host.user.email`*:: +*`checkpoint.dlp_word_list`*:: + -- -User email address. +Phrases matched by data type. + type: keyword -- -*`host.user.full_name`*:: +*`checkpoint.dlp_template_score`*:: + -- -User's full name, if available. +Template data type match score. -type: keyword -example: Albert Einstein +type: keyword -- -*`host.user.full_name.text`*:: +*`checkpoint.message_size`*:: + -- -type: text +Mail/post size. + + +type: integer -- -*`host.user.group.domain`*:: +*`checkpoint.dlp_incident_uid`*:: + -- -Name of the directory the group is a member of. -For example, an LDAP or Active Directory domain name. +Unique ID of the matched rule. + type: keyword -- -*`host.user.group.id`*:: +*`checkpoint.dlp_related_incident_uid`*:: + -- -Unique identifier for the group on the system/platform. +Other ID related to this one. + type: keyword -- -*`host.user.group.name`*:: +*`checkpoint.dlp_data_type_name`*:: + -- -Name of the group. +Matched data type. + type: keyword -- -*`host.user.hash`*:: +*`checkpoint.dlp_data_type_uid`*:: + -- -Unique user hash to correlate information for a user in anonymized form. -Useful if `user.id` or `user.name` contain confidential information and cannot be used. +Unique ID of the matched data type. + type: keyword -- -*`host.user.id`*:: +*`checkpoint.dlp_violation_description`*:: + -- -Unique identifiers of the user. +Violation descriptions described in the rulebase. + type: keyword -- -*`host.user.name`*:: +*`checkpoint.dlp_relevant_data_types`*:: + -- -Short name or login of the user. +In case of Compound/Group: the inner data types that were matched. -type: keyword -example: albert +type: keyword -- -*`host.user.name.text`*:: +*`checkpoint.dlp_action_reason`*:: + -- -type: text +Action chosen reason. --- -[float] -=== http - -Fields related to HTTP activity. Use the `url` field set to store the url of the request. +type: keyword +-- -*`http.request.body.bytes`*:: +*`checkpoint.dlp_categories`*:: + -- -Size in bytes of the request body. - -type: long +Data type category. -example: 887 -format: bytes +type: keyword -- -*`http.request.body.content`*:: +*`checkpoint.dlp_transint`*:: + -- -The full HTTP request body. +HTTP/SMTP/FTP. -type: keyword -example: Hello world +type: keyword -- -*`http.request.body.content.text`*:: +*`checkpoint.duplicate`*:: + -- -type: text +Log marked as duplicated, when mail is split and the Security Gateway sees it twice. + + +type: keyword -- -*`http.request.bytes`*:: +*`checkpoint.incident_extension`*:: + -- -Total size in bytes of the request (body and headers). - -type: long +Matched data type. -example: 1437 -format: bytes +type: keyword -- -*`http.request.method`*:: +*`checkpoint.matched_file`*:: + -- -HTTP request method. -The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". +Unique ID of the matched data type. -type: keyword -example: get, post, put +type: keyword -- -*`http.request.referrer`*:: +*`checkpoint.matched_file_text_segments`*:: + -- -Referrer for this HTTP request. +Fingerprint: number of text segments matched by this traffic. -type: keyword -example: https://blog.example.com/ +type: integer -- -*`http.response.body.bytes`*:: +*`checkpoint.matched_file_percentage`*:: + -- -Size in bytes of the response body. - -type: long +Fingerprint: match percentage of the traffic. -example: 887 -format: bytes +type: integer -- -*`http.response.body.content`*:: +*`checkpoint.dlp_additional_action`*:: + -- -The full HTTP response body. +Watermark/None. -type: keyword -example: Hello world +type: keyword -- -*`http.response.body.content.text`*:: +*`checkpoint.dlp_watermark_profile`*:: + -- -type: text +Watermark which was applied. + + +type: keyword -- -*`http.response.bytes`*:: +*`checkpoint.dlp_repository_id`*:: + -- -Total size in bytes of the response (body and headers). - -type: long +ID of scanned repository. -example: 1437 -format: bytes +type: keyword -- -*`http.response.status_code`*:: +*`checkpoint.dlp_repository_root_path`*:: + -- -HTTP response status code. - -type: long +Repository path. -example: 404 -format: string +type: keyword -- -*`http.version`*:: +*`checkpoint.scan_id`*:: + -- -HTTP version. +Sequential number of scan. + type: keyword -example: 1.1 +-- +*`checkpoint.special_properties`*:: ++ -- +If this field is set to '1' the log will not be shown (in use for monitoring scan progress). -[float] -=== interface -The interface fields are used to record ingress and egress interface information when reported by an observer (e.g. firewall, router, load balancer) in the context of the observer handling a network connection. In the case of a single observer interface (e.g. network sensor on a span port) only the observer.ingress information should be populated. +type: integer +-- -*`interface.alias`*:: +*`checkpoint.dlp_repository_total_size`*:: + -- -Interface alias as reported by the system, typically used in firewall implementations for e.g. inside, outside, or dmz logical interface naming. +Repository size. -type: keyword -example: outside +type: integer -- -*`interface.id`*:: +*`checkpoint.dlp_repository_files_number`*:: + -- -Interface ID as reported by an observer (typically SNMP interface ID). +Number of files in repository. -type: keyword -example: 10 +type: integer -- -*`interface.name`*:: +*`checkpoint.dlp_repository_scanned_files_number`*:: + -- -Interface name as reported by the system. +Number of scanned files in repository. -type: keyword -example: eth0 +type: integer -- -[float] -=== log - -Details about the event's logging mechanism or logging transport. -The log.* fields are typically populated with details about the logging mechanism used to create and/or transport the event. For example, syslog details belong under `log.syslog.*`. -The details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields. - - -*`log.level`*:: +*`checkpoint.duration`*:: + -- -Original log level of the log event. -If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). -Some examples are `warn`, `err`, `i`, `informational`. +Scan duration. -type: keyword -example: error +type: keyword -- -*`log.logger`*:: +*`checkpoint.dlp_fingerprint_long_status`*:: + -- -The name of the logger inside an application. This is usually the name of the class which initialized the logger, or can be a custom name. +Scan status - long format. -type: keyword -example: org.elasticsearch.bootstrap.Bootstrap +type: keyword -- -*`log.origin.file.line`*:: +*`checkpoint.dlp_fingerprint_short_status`*:: + -- -The line number of the file containing the source code which originated the log event. +Scan status - short format. -type: integer -example: 42 +type: keyword -- -*`log.origin.file.name`*:: +*`checkpoint.dlp_repository_directories_number`*:: + -- -The name of the file containing the source code which originated the log event. Note that this is not the name of the log file. +Number of directories in repository. -type: keyword -example: Bootstrap.java +type: integer -- -*`log.origin.function`*:: +*`checkpoint.dlp_repository_unreachable_directories_number`*:: + -- -The name of the function or method which originated the log event. +Number of directories the Security Gateway was unable to read. -type: keyword -example: init +type: integer -- -*`log.original`*:: +*`checkpoint.dlp_fingerprint_files_number`*:: + -- -This is the original log message and contains the full log message before splitting it up in multiple parts. -In contrast to the `message` field which can contain an extracted part of the log message, this field contains the original, full log message. It can have already some modifications applied like encoding or new lines removed to clean up the log message. -This field is not indexed and doc_values are disabled so it can't be queried but the value can be retrieved from `_source`. +Number of successfully scanned files in repository. -type: keyword -example: Sep 19 08:26:10 localhost My log +type: integer -- -*`log.syslog`*:: +*`checkpoint.dlp_repository_skipped_files_number`*:: + -- -The Syslog metadata of the event, if the event was transmitted via Syslog. Please see RFCs 5424 or 3164. +Skipped number of files because of configuration. -type: object + +type: integer -- -*`log.syslog.facility.code`*:: +*`checkpoint.dlp_repository_scanned_directories_number`*:: + -- -The Syslog numeric facility of the log event, if available. -According to RFCs 5424 and 3164, this value should be an integer between 0 and 23. - -type: long +Amount of directories scanned. -example: 23 -format: string +type: integer -- -*`log.syslog.facility.name`*:: +*`checkpoint.number_of_errors`*:: + -- -The Syslog text-based facility of the log event, if available. +Number of files that were not scanned due to an error. -type: keyword -example: local7 +type: integer -- -*`log.syslog.priority`*:: +*`checkpoint.next_scheduled_scan_date`*:: + -- -Syslog numeric priority of the event, if available. -According to RFCs 5424 and 3164, the priority is 8 * facility + severity. This number is therefore expected to contain a value between 0 and 191. - -type: long +Next scan scheduled time according to time object. -example: 135 -format: string +type: keyword -- -*`log.syslog.severity.code`*:: +*`checkpoint.dlp_repository_scanned_total_size`*:: + -- -The Syslog numeric severity of the log event, if available. -If the event source publishing via Syslog provides a different numeric severity value (e.g. firewall, IDS), your source's numeric severity should go to `event.severity`. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `event.severity`. +Size scanned. -type: long -example: 3 +type: integer -- -*`log.syslog.severity.name`*:: +*`checkpoint.dlp_repository_reached_directories_number`*:: + -- -The Syslog numeric severity of the log event, if available. -If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source's text severity should go to `log.level`. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `log.level`. +Number of scanned directories in repository. -type: keyword -example: Error +type: integer -- -[float] -=== network +*`checkpoint.dlp_repository_not_scanned_directories_percentage`*:: ++ +-- +Percentage of directories the Security Gateway was unable to read. -The network is defined as the communication path over which a host or network event happens. -The network.* fields should be populated with details about the network activity associated with an event. +type: integer + +-- -*`network.application`*:: +*`checkpoint.speed`*:: + -- -A name given to an application level protocol. This can be arbitrarily assigned for things like microservices, but also apply to things like skype, icq, facebook, twitter. This would be used in situations where the vendor or service can be decoded such as from the source/dest IP owners, ports, or wire format. -The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". +Current scan speed. -type: keyword -example: aim +type: integer -- -*`network.bytes`*:: +*`checkpoint.dlp_repository_scan_progress`*:: + -- -Total bytes transferred in both directions. -If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. - -type: long +Scan percentage. -example: 368 -format: bytes +type: integer -- -*`network.community_id`*:: +*`checkpoint.sub_policy_name`*:: + -- -A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. -Learn more at https://github.com/corelight/community-id-spec. +Layer name. -type: keyword -example: 1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0= +type: keyword -- -*`network.direction`*:: +*`checkpoint.sub_policy_uid`*:: + -- -Direction of the network traffic. -Recommended values are: - * inbound - * outbound - * internal - * external - * unknown +Layer uid. -When mapping events from a host-based monitoring context, populate this field from the host's point of view. -When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of your network perimeter. type: keyword -example: inbound - -- -*`network.forwarded_ip`*:: +*`checkpoint.fw_message`*:: + -- -Host IP address when the source IP address is the proxy. +Used for various firewall errors. -type: ip -example: 192.1.1.2 +type: keyword -- -*`network.iana_number`*:: +*`checkpoint.message`*:: + -- -IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. +ISP link has failed. -type: keyword -example: 6 +type: keyword -- -*`network.inner`*:: +*`checkpoint.isp_link`*:: + -- -Network.inner fields are added in addition to network.vlan fields to describe the innermost VLAN when q-in-q VLAN tagging is present. Allowed fields include vlan.id and vlan.name. Inner vlan fields are typically used when sending traffic with multiple 802.1q encapsulations to a network sensor (e.g. Zeek, Wireshark.) +Name of ISP link. -type: object + +type: keyword -- -*`network.inner.vlan.id`*:: +*`checkpoint.fw_subproduct`*:: + -- -VLAN ID as reported by the observer. +Can be vpn/non vpn. -type: keyword -example: 10 +type: keyword -- -*`network.inner.vlan.name`*:: +*`checkpoint.sctp_error`*:: + -- -Optional VLAN name as reported by the observer. +Error information, what caused sctp to fail on out_of_state. -type: keyword -example: outside +type: keyword -- -*`network.name`*:: +*`checkpoint.chunk_type`*:: + -- -Name given by operators to sections of their network. +Chunck of the sctp stream. -type: keyword -example: Guest Wifi +type: keyword -- -*`network.packets`*:: +*`checkpoint.sctp_association_state`*:: + -- -Total packets transferred in both directions. -If `source.packets` and `destination.packets` are known, `network.packets` is their sum. +The bad state you were trying to update to. -type: long -example: 24 +type: keyword -- -*`network.protocol`*:: +*`checkpoint.tcp_packet_out_of_state`*:: + -- -L7 Network protocol name. ex. http, lumberjack, transport protocol. -The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". +State violation. -type: keyword -example: http +type: keyword -- -*`network.transport`*:: +*`checkpoint.tcp_flags`*:: + -- -Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) -The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". +TCP packet flags (SYN, ACK, etc.,). -type: keyword -example: tcp +type: keyword -- -*`network.type`*:: +*`checkpoint.connectivity_level`*:: + -- -In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc -The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". +Log for a new connection in wire mode. -type: keyword -example: ipv4 +type: keyword -- -*`network.vlan.id`*:: +*`checkpoint.ip_option`*:: + -- -VLAN ID as reported by the observer. +IP option that was dropped. -type: keyword -example: 10 +type: integer -- -*`network.vlan.name`*:: +*`checkpoint.tcp_state`*:: + -- -Optional VLAN name as reported by the observer. +Log reinting a tcp state change. + type: keyword -example: outside +-- +*`checkpoint.expire_time`*:: ++ -- +Connection closing time. -[float] -=== observer -An observer is defined as a special network, security, or application device used to detect, observe, or create network, security, or application-related events and metrics. -This could be a custom hardware appliance or a server that has been configured to run special network, security, or application software. Examples include firewalls, web proxies, intrusion detection/prevention systems, network monitoring sensors, web application firewalls, data loss prevention systems, and APM servers. The observer.* fields shall be populated with details of the system, if any, that detects, observes and/or creates a network, security, or application event or metric. Message queues and ETL components used in processing events or metrics are not considered observers in ECS. +type: keyword +-- -*`observer.egress`*:: +*`checkpoint.icmp_type`*:: + -- -Observer.egress holds information like interface number and name, vlan, and zone information to classify egress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. +In case a connection is ICMP, type info will be added to the log. -type: object + +type: integer -- -*`observer.egress.interface.alias`*:: +*`checkpoint.icmp_code`*:: + -- -Interface alias as reported by the system, typically used in firewall implementations for e.g. inside, outside, or dmz logical interface naming. +In case a connection is ICMP, code info will be added to the log. -type: keyword -example: outside +type: integer -- -*`observer.egress.interface.id`*:: +*`checkpoint.rpc_prog`*:: + -- -Interface ID as reported by an observer (typically SNMP interface ID). +Log for new RPC state - prog values. -type: keyword -example: 10 +type: integer -- -*`observer.egress.interface.name`*:: +*`checkpoint.dce-rpc_interface_uuid`*:: + -- -Interface name as reported by the system. +Log for new RPC state - UUID values -type: keyword -example: eth0 +type: keyword -- -*`observer.egress.vlan.id`*:: +*`checkpoint.elapsed`*:: + -- -VLAN ID as reported by the observer. +Time passed since start time. -type: keyword -example: 10 +type: keyword -- -*`observer.egress.vlan.name`*:: +*`checkpoint.icmp`*:: + -- -Optional VLAN name as reported by the observer. +Number of packets, received by the client. -type: keyword -example: outside +type: keyword -- -*`observer.egress.zone`*:: +*`checkpoint.capture_uuid`*:: + -- -Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. +UUID generated for the capture. Used when enabling the capture when logging. -type: keyword -example: Public_Internet +type: keyword -- -*`observer.geo.city_name`*:: +*`checkpoint.diameter_app_ID`*:: + -- -City name. +The ID of diameter application. -type: keyword -example: Montreal +type: integer -- -*`observer.geo.continent_name`*:: +*`checkpoint.diameter_cmd_code`*:: + -- -Name of the continent. +Diameter not allowed application command id. -type: keyword -example: North America +type: integer -- -*`observer.geo.country_iso_code`*:: +*`checkpoint.diameter_msg_type`*:: + -- -Country ISO code. +Diameter message type. -type: keyword -example: CA +type: keyword -- -*`observer.geo.country_name`*:: +*`checkpoint.cp_message`*:: + -- -Country name. +Used to log a general message. -type: keyword -example: Canada +type: integer -- -*`observer.geo.location`*:: +*`checkpoint.log_delay`*:: + -- -Longitude and latitude. +Time left before deleting template. -type: geo_point -example: { "lon": -73.614830, "lat": 45.505918 } +type: integer -- -*`observer.geo.name`*:: +*`checkpoint.attack_status`*:: + -- -User-defined description of a location, at the level of granularity they care about. -Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. -Not typically used in automated geolocation. +In case of a malicious event on an endpoint computer, the status of the attack. -type: keyword -example: boston-dc +type: keyword -- -*`observer.geo.region_iso_code`*:: +*`checkpoint.impacted_files`*:: + -- -Region ISO code. +In case of an infection on an endpoint computer, the list of files that the malware impacted. -type: keyword -example: CA-QC +type: keyword -- -*`observer.geo.region_name`*:: +*`checkpoint.remediated_files`*:: + -- -Region name. +In case of an infection and a successful cleaning of that infection, this is a list of remediated files on the computer. -type: keyword -example: Quebec +type: keyword -- -*`observer.hostname`*:: +*`checkpoint.triggered_by`*:: + -- -Hostname of the observer. +The name of the mechanism that triggered the Software Blade to enforce a protection. + type: keyword -- -*`observer.ingress`*:: +*`checkpoint.https_inspection_rule_id`*:: + -- -Observer.ingress holds information like interface number and name, vlan, and zone information to classify ingress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. +ID of the matched rule. -type: object + +type: keyword -- -*`observer.ingress.interface.alias`*:: +*`checkpoint.https_inspection_rule_name`*:: + -- -Interface alias as reported by the system, typically used in firewall implementations for e.g. inside, outside, or dmz logical interface naming. +Name of the matched rule. -type: keyword -example: outside +type: keyword -- -*`observer.ingress.interface.id`*:: +*`checkpoint.app_properties`*:: + -- -Interface ID as reported by an observer (typically SNMP interface ID). +List of all found categories. -type: keyword -example: 10 +type: keyword -- -*`observer.ingress.interface.name`*:: +*`checkpoint.https_validation`*:: + -- -Interface name as reported by the system. +Precise error, describing HTTPS inspection failure. -type: keyword -example: eth0 +type: keyword -- -*`observer.ingress.vlan.id`*:: +*`checkpoint.https_inspection_action`*:: + -- -VLAN ID as reported by the observer. +HTTPS inspection action (Inspect/Bypass/Error). -type: keyword -example: 10 +type: keyword -- -*`observer.ingress.vlan.name`*:: +*`checkpoint.icap_service_id`*:: + -- -Optional VLAN name as reported by the observer. +Service ID, can work with multiple servers, treated as services. -type: keyword -example: outside +type: integer -- -*`observer.ingress.zone`*:: +*`checkpoint.icap_server_name`*:: + -- -Network zone of incoming traffic as reported by the observer to categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc. +Server name. -type: keyword -example: DMZ +type: keyword -- -*`observer.ip`*:: +*`checkpoint.internal_error`*:: + -- -IP addresses of the observer. - -type: ip - --- +Internal error, for troubleshooting -*`observer.mac`*:: -+ --- -MAC addresses of the observer type: keyword -- -*`observer.name`*:: +*`checkpoint.icap_more_info`*:: + -- -Custom name of the observer. -This is a name that can be given to an observer. This can be helpful for example if multiple firewalls of the same model are used in an organization. -If no custom name is needed, the field can be left empty. +Free text for verdict. -type: keyword -example: 1_proxySG +type: integer -- -*`observer.os.family`*:: +*`checkpoint.reply_status`*:: + -- -OS family (such as redhat, debian, freebsd, windows). +ICAP reply status code, e.g. 200 or 204. -type: keyword -example: debian +type: integer -- -*`observer.os.full`*:: +*`checkpoint.icap_server_service`*:: + -- -Operating system name, including the version or code name. +Service name, as given in the ICAP URI -type: keyword -example: Mac OS Mojave +type: keyword -- -*`observer.os.full.text`*:: +*`checkpoint.mirror_and_decrypt_type`*:: + -- -type: text - --- +Information about decrypt and forward. Possible values: Mirror only, Decrypt and mirror, Partial mirroring (HTTPS inspection Bypass). -*`observer.os.kernel`*:: -+ --- -Operating system kernel version as a raw string. type: keyword -example: 4.4.0-112-generic - -- -*`observer.os.name`*:: +*`checkpoint.interface_name`*:: + -- -Operating system name, without the version. +Designated interface for mirror And decrypt. -type: keyword -example: Mac OS X +type: keyword -- -*`observer.os.name.text`*:: +*`checkpoint.session_uid`*:: + -- -type: text - --- +HTTP session-id. -*`observer.os.platform`*:: -+ --- -Operating system platform (such centos, ubuntu, windows). type: keyword -example: darwin - -- -*`observer.os.version`*:: +*`checkpoint.broker_publisher`*:: + -- -Operating system version as a raw string. +IP address of the broker publisher who shared the session information. -type: keyword -example: 10.14.1 +type: ip -- -*`observer.product`*:: +*`checkpoint.src_user_dn`*:: + -- -The product name of the observer. +User distinguished name connected to source IP. -type: keyword -example: s200 +type: keyword -- -*`observer.serial_number`*:: +*`checkpoint.proxy_user_name`*:: + -- -Observer serial number. +User name connected to proxy IP. + type: keyword -- -*`observer.type`*:: +*`checkpoint.proxy_machine_name`*:: + -- -The type of the observer the data is coming from. -There is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`. +Machine name connected to proxy IP. -type: keyword -example: firewall +type: integer -- -*`observer.vendor`*:: +*`checkpoint.proxy_user_dn`*:: + -- -Vendor name of the observer. +User distinguished name connected to proxy IP. -type: keyword -example: Symantec +type: keyword -- -*`observer.version`*:: +*`checkpoint.query`*:: + -- -Observer version. +DNS query. + type: keyword -- -[float] -=== organization - -The organization fields enrich data with information about the company or entity the data is associated with. -These fields help you arrange or filter data stored in an index by one or multiple organizations. - - -*`organization.id`*:: +*`checkpoint.dns_query`*:: + -- -Unique identifier for the organization. +DNS query. + type: keyword -- -*`organization.name`*:: +*`checkpoint.inspection_item`*:: + -- -Organization name. +Blade element performed inspection. + type: keyword -- -*`organization.name.text`*:: +*`checkpoint.performance_impact`*:: + -- -type: text - --- +Protection performance impact. -[float] -=== os -The OS fields contain information about the operating system. +type: integer +-- -*`os.family`*:: +*`checkpoint.inspection_category`*:: + -- -OS family (such as redhat, debian, freebsd, windows). +Inspection category: protocol anomaly, signature etc. -type: keyword -example: debian +type: keyword -- -*`os.full`*:: +*`checkpoint.inspection_profile`*:: + -- -Operating system name, including the version or code name. +Profile which the activated protection belongs to. -type: keyword -example: Mac OS Mojave +type: keyword -- -*`os.full.text`*:: +*`checkpoint.summary`*:: + -- -type: text - --- +Summary message of a non-compliant DNS traffic drops or detects. -*`os.kernel`*:: -+ --- -Operating system kernel version as a raw string. type: keyword -example: 4.4.0-112-generic - -- -*`os.name`*:: +*`checkpoint.question_rdata`*:: + -- -Operating system name, without the version. +List of question records domains. -type: keyword -example: Mac OS X +type: keyword -- -*`os.name.text`*:: +*`checkpoint.answer_rdata`*:: + -- -type: text +List of answer resource records to the questioned domains. + + +type: keyword -- -*`os.platform`*:: +*`checkpoint.authority_rdata`*:: + -- -Operating system platform (such centos, ubuntu, windows). +List of authoritative servers. -type: keyword -example: darwin +type: keyword -- -*`os.version`*:: +*`checkpoint.additional_rdata`*:: + -- -Operating system version as a raw string. +List of additional resource records. + type: keyword -example: 10.14.1 +-- +*`checkpoint.files_names`*:: ++ -- +List of files requested by FTP. -[float] -=== package -These fields contain information about an installed software package. It contains general information about a package, such as name, version or size. It also contains installation details, such as time or location. +type: keyword +-- -*`package.architecture`*:: +*`checkpoint.ftp_user`*:: + -- -Package architecture. +FTP username. -type: keyword -example: x86_64 +type: keyword -- -*`package.build_version`*:: +*`checkpoint.mime_from`*:: + -- -Additional information about the build version of the installed package. -For example use the commit SHA of a non-released package. +Sender's address. -type: keyword -example: 36f4f7e89dd61b0988b12ee000b98966867710cd +type: keyword -- -*`package.checksum`*:: +*`checkpoint.mime_to`*:: + -- -Checksum of the installed package for verification. +List of receiver address. -type: keyword -example: 68b329da9893e34099c7d8ad5cb9c940 +type: keyword -- -*`package.description`*:: +*`checkpoint.bcc`*:: + -- -Description of the package. +List of BCC addresses. -type: keyword -example: Open source programming language to build simple/reliable/efficient software. +type: keyword -- -*`package.install_scope`*:: +*`checkpoint.content_type`*:: + -- -Indicating how the package was installed, e.g. user-local, global. +Mail content type. Possible values: application/msword, text/html, image/gif etc. -type: keyword -example: global +type: keyword -- -*`package.installed`*:: +*`checkpoint.user_agent`*:: + -- -Time when package was installed. +String identifying requesting software user agent. -type: date + +type: keyword -- -*`package.license`*:: +*`checkpoint.referrer`*:: + -- -License under which the package was released. -Use a short name, e.g. the license identifier from SPDX License List where possible (https://spdx.org/licenses/). +Referrer HTTP request header, previous web page address. -type: keyword -example: Apache License 2.0 +type: keyword -- -*`package.name`*:: +*`checkpoint.http_location`*:: + -- -Package name +Response header, indicates the URL to redirect a page to. -type: keyword -example: go +type: keyword -- -*`package.path`*:: +*`checkpoint.content_disposition`*:: + -- -Path where the package is installed. +Indicates how the content is expected to be displayed inline in the browser. -type: keyword -example: /usr/local/Cellar/go/1.12.9/ +type: keyword -- -*`package.reference`*:: +*`checkpoint.via`*:: + -- -Home page or reference URL of the software in this package, if available. +Via header is added by proxies for tracking purposes to avoid sending reqests in loop. -type: keyword -example: https://golang.org +type: keyword -- -*`package.size`*:: +*`checkpoint.http_server`*:: + -- -Package size in bytes. - -type: long +Server HTTP header value, contains information about the software used by the origin server, which handles the request. -example: 62231 -format: string +type: keyword -- -*`package.type`*:: +*`checkpoint.content_length`*:: + -- -Type of package. -This should contain the package file type, rather than the package manager name. Examples: rpm, dpkg, brew, npm, gem, nupkg, jar. +Indicates the size of the entity-body of the HTTP header. -type: keyword -example: rpm +type: keyword -- -*`package.version`*:: +*`checkpoint.authorization`*:: + -- -Package version +Authorization HTTP header value. + type: keyword -example: 1.12.9 +-- +*`checkpoint.http_host`*:: ++ -- +Domain name of the server that the HTTP request is sent to. -[float] -=== pe -These fields contain Windows Portable Executable (PE) metadata. +type: keyword +-- -*`pe.company`*:: +*`checkpoint.inspection_settings_log`*:: + -- -Internal company name of the file, provided at compile-time. +Indicats that the log was released by inspection settings. -type: keyword -example: Microsoft Corporation +type: keyword -- -*`pe.description`*:: +*`checkpoint.cvpn_resource`*:: + -- -Internal description of the file, provided at compile-time. +Mobile Access application. -type: keyword -example: Paint +type: keyword -- -*`pe.file_version`*:: +*`checkpoint.cvpn_category`*:: + -- -Internal version of the file, provided at compile-time. +Mobile Access application type. -type: keyword -example: 6.3.9600.17415 +type: keyword -- -*`pe.original_file_name`*:: +*`checkpoint.url`*:: + -- -Internal name of the file, provided at compile-time. +Translated URL. -type: keyword -example: MSPAINT.EXE +type: keyword -- -*`pe.product`*:: +*`checkpoint.reject_id`*:: + -- -Internal product name of the file, provided at compile-time. +A reject ID that corresponds to the one presented in the Mobile Access error page. + type: keyword -example: Microsoft® Windows® Operating System +-- +*`checkpoint.fs-proto`*:: ++ -- +The file share protocol used in mobile acess file share application. -[float] -=== process -These fields contain information about a process. -These fields can help you correlate metrics information with a process id/name from a log message. The `process.pid` often stays in the metric itself and is copied to the global field for correlation. +type: keyword +-- -*`process.args`*:: +*`checkpoint.app_package`*:: + -- -Array of process arguments, starting with the absolute path to the executable. -May be filtered to protect sensitive information. +Unique identifier of the application on the protected mobile device. -type: keyword -example: ['/usr/bin/ssh', '-l', 'user', '10.0.0.16'] +type: keyword -- -*`process.args_count`*:: +*`checkpoint.appi_name`*:: + -- -Length of the process.args array. -This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. +Name of application downloaded on the protected mobile device. -type: long -example: 4 +type: keyword -- -*`process.code_signature.exists`*:: +*`checkpoint.app_repackaged`*:: + -- -Boolean to capture if a signature is present. +Indicates whether the original application was repackage not by the official developer. -type: boolean -example: true +type: keyword -- -*`process.code_signature.status`*:: +*`checkpoint.app_sid_id`*:: + -- -Additional information about the certificate status. -This is useful for logging cryptographic errors with the certificate validity or trust status. Leave unpopulated if the validity or trust of the certificate was unchecked. +Unique SHA identifier of a mobile application. -type: keyword -example: ERROR_UNTRUSTED_ROOT +type: keyword -- -*`process.code_signature.subject_name`*:: +*`checkpoint.app_version`*:: + -- -Subject name of the code signer +Version of the application downloaded on the protected mobile device. -type: keyword -example: Microsoft Corporation +type: keyword -- -*`process.code_signature.trusted`*:: +*`checkpoint.developer_certificate_name`*:: + -- -Stores the trust status of the certificate chain. -Validating the trust of the certificate chain may be complicated, and this field should only be populated by tools that actively check the status. +Name of the developer's certificate that was used to sign the mobile application. -type: boolean -example: true +type: keyword -- -*`process.code_signature.valid`*:: +*`checkpoint.email_control`*:: + -- -Boolean to capture if the digital signature is verified against the binary content. -Leave unpopulated if a certificate was unchecked. +Engine name. -type: boolean -example: true +type: keyword -- -*`process.command_line`*:: +*`checkpoint.email_message_id`*:: + -- -Full command line that started the process, including the absolute path to the executable, and all arguments. -Some arguments may be filtered to protect sensitive information. +Email session id (uniqe ID of the mail). -type: keyword -example: /usr/bin/ssh -l user 10.0.0.16 +type: keyword -- -*`process.command_line.text`*:: +*`checkpoint.email_queue_id`*:: + -- -type: text +Postfix email queue id. + + +type: keyword -- -*`process.entity_id`*:: +*`checkpoint.email_queue_name`*:: + -- -Unique identifier for the process. -The implementation of this is specified by the data source, but some examples of what could be used here are a process-generated UUID, Sysmon Process GUIDs, or a hash of some uniquely identifying components of a process. -Constructing a globally unique identifier is a common practice to mitigate PID reuse as well as to identify a specific process over time, across multiple monitored hosts. +Postfix email queue name. -type: keyword -example: c2c455d9f99375d +type: keyword -- -*`process.executable`*:: +*`checkpoint.file_name`*:: + -- -Absolute path to the process executable. +Malicious file name. -type: keyword -example: /usr/bin/ssh +type: keyword -- -*`process.executable.text`*:: +*`checkpoint.failure_reason`*:: + -- -type: text +MTA failure description. + + +type: keyword -- -*`process.exit_code`*:: +*`checkpoint.email_headers`*:: + -- -The exit code of the process, if this is a termination event. -The field should be absent if there is no exit code for the event (e.g. process start). +String containing all the email headers. -type: long -example: 137 +type: keyword -- -*`process.hash.md5`*:: +*`checkpoint.arrival_time`*:: + -- -MD5 hash. +Email arrival timestamp. + type: keyword -- -*`process.hash.sha1`*:: +*`checkpoint.email_status`*:: + -- -SHA1 hash. +Describes the email's state. Possible options: delivered, deferred, skipped, bounced, hold, new, scan_started, scan_ended + type: keyword -- -*`process.hash.sha256`*:: +*`checkpoint.status_update`*:: + -- -SHA256 hash. +Last time log was updated. + type: keyword -- -*`process.hash.sha512`*:: +*`checkpoint.delivery_time`*:: + -- -SHA512 hash. +Timestamp of when email was delivered (MTA finished handling the email. + type: keyword -- -*`process.name`*:: +*`checkpoint.links_num`*:: + -- -Process name. -Sometimes called program name or similar. +Number of links in the mail. -type: keyword -example: ssh +type: integer -- -*`process.name.text`*:: +*`checkpoint.attachments_num`*:: + -- -type: text +Number of attachments in the mail. + + +type: integer -- -*`process.parent.args`*:: +*`checkpoint.email_content`*:: + -- -Array of process arguments. -May be filtered to protect sensitive information. +Mail contents. Possible options: attachments/links & attachments/links/text only. + type: keyword -example: ['ssh', '-l', 'user', '10.0.0.16'] - -- -*`process.parent.args_count`*:: +*`checkpoint.allocated_ports`*:: + -- -Length of the process.args array. -This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. +Amount of allocated ports. -type: long -example: 4 +type: integer -- -*`process.parent.code_signature.exists`*:: +*`checkpoint.capacity`*:: + -- -Boolean to capture if a signature is present. +Capacity of the ports. -type: boolean -example: true +type: integer -- -*`process.parent.code_signature.status`*:: +*`checkpoint.ports_usage`*:: + -- -Additional information about the certificate status. -This is useful for logging cryptographic errors with the certificate validity or trust status. Leave unpopulated if the validity or trust of the certificate was unchecked. +Percentage of allocated ports. -type: keyword -example: ERROR_UNTRUSTED_ROOT +type: integer -- -*`process.parent.code_signature.subject_name`*:: +*`checkpoint.nat_exhausted_pool`*:: + -- -Subject name of the code signer +4-tuple of an exhausted pool. -type: keyword -example: Microsoft Corporation +type: keyword -- -*`process.parent.code_signature.trusted`*:: +*`checkpoint.nat_rulenum`*:: + -- -Stores the trust status of the certificate chain. -Validating the trust of the certificate chain may be complicated, and this field should only be populated by tools that actively check the status. +NAT rulebase first matched rule. -type: boolean -example: true +type: integer -- -*`process.parent.code_signature.valid`*:: +*`checkpoint.nat_addtnl_rulenum`*:: + -- -Boolean to capture if the digital signature is verified against the binary content. -Leave unpopulated if a certificate was unchecked. +When matching 2 automatic rules , second rule match will be shown otherwise field will be 0. -type: boolean -example: true +type: integer -- -*`process.parent.command_line`*:: +*`checkpoint.message_info`*:: + -- -Full command line that started the process, including the absolute path to the executable, and all arguments. -Some arguments may be filtered to protect sensitive information. +Used for information messages, for example:NAT connection has ended. -type: keyword -example: /usr/bin/ssh -l user 10.0.0.16 +type: keyword -- -*`process.parent.command_line.text`*:: +*`checkpoint.nat46`*:: + -- -type: text +NAT 46 status, in most cases "enabled". + + +type: keyword -- -*`process.parent.entity_id`*:: +*`checkpoint.end_time`*:: + -- -Unique identifier for the process. -The implementation of this is specified by the data source, but some examples of what could be used here are a process-generated UUID, Sysmon Process GUIDs, or a hash of some uniquely identifying components of a process. -Constructing a globally unique identifier is a common practice to mitigate PID reuse as well as to identify a specific process over time, across multiple monitored hosts. +TCP connection end time. -type: keyword -example: c2c455d9f99375d +type: keyword -- -*`process.parent.executable`*:: +*`checkpoint.tcp_end_reason`*:: + -- -Absolute path to the process executable. +Reason for TCP connection closure. -type: keyword -example: /usr/bin/ssh +type: keyword -- -*`process.parent.executable.text`*:: +*`checkpoint.cgnet`*:: + -- -type: text +Describes NAT allocation for specific subscriber. + + +type: keyword -- -*`process.parent.exit_code`*:: +*`checkpoint.subscriber`*:: + -- -The exit code of the process, if this is a termination event. -The field should be absent if there is no exit code for the event (e.g. process start). +Source IP before CGNAT. -type: long -example: 137 +type: ip -- -*`process.parent.hash.md5`*:: +*`checkpoint.hide_ip`*:: + -- -MD5 hash. +Source IP which will be used after CGNAT. -type: keyword + +type: ip -- -*`process.parent.hash.sha1`*:: +*`checkpoint.int_start`*:: + -- -SHA1 hash. +Subscriber start int which will be used for NAT. -type: keyword + +type: integer -- -*`process.parent.hash.sha256`*:: +*`checkpoint.int_end`*:: + -- -SHA256 hash. +Subscriber end int which will be used for NAT. -type: keyword + +type: integer -- -*`process.parent.hash.sha512`*:: +*`checkpoint.packet_amount`*:: + -- -SHA512 hash. +Amount of packets dropped. -type: keyword + +type: integer -- -*`process.parent.name`*:: +*`checkpoint.monitor_reason`*:: + -- -Process name. -Sometimes called program name or similar. +Aggregated logs of monitored packets. -type: keyword -example: ssh +type: keyword -- -*`process.parent.name.text`*:: +*`checkpoint.drops_amount`*:: + -- -type: text +Amount of multicast packets dropped. + + +type: integer -- -*`process.parent.pgid`*:: +*`checkpoint.securexl_message`*:: + -- -Identifier of the group of processes the process belongs to. +Two options for a SecureXL message: 1. Missed accounting records after heavy load on logging system. 2. FW log message regarding a packet drop. -type: long -format: string +type: keyword -- -*`process.parent.pid`*:: +*`checkpoint.conns_amount`*:: + -- -Process id. - -type: long +Connections amount of aggregated log info. -example: 4242 -format: string +type: integer -- -*`process.parent.ppid`*:: +*`checkpoint.scope`*:: + -- -Parent process' pid. - -type: long +IP related to the attack. -example: 4241 -format: string +type: keyword -- -*`process.parent.start`*:: +*`checkpoint.analyzed_on`*:: + -- -The time the process started. +Check Point ThreatCloud / emulator name. -type: date -example: 2016-05-23T08:05:34.853Z +type: keyword -- -*`process.parent.thread.id`*:: +*`checkpoint.detected_on`*:: + -- -Thread ID. - -type: long +System and applications version the file was emulated on. -example: 4242 -format: string +type: keyword -- -*`process.parent.thread.name`*:: +*`checkpoint.dropped_file_name`*:: + -- -Thread name. +List of names dropped from the original file. -type: keyword -example: thread-0 +type: keyword -- -*`process.parent.title`*:: +*`checkpoint.dropped_file_type`*:: + -- -Process title. -The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. +List of file types dropped from the original file. + type: keyword -- -*`process.parent.title.text`*:: +*`checkpoint.dropped_file_hash`*:: + -- -type: text +List of file hashes dropped from the original file. + + +type: keyword -- -*`process.parent.uptime`*:: +*`checkpoint.dropped_file_verdict`*:: + -- -Seconds the process has been up. +List of file verdics dropped from the original file. -type: long -example: 1325 +type: keyword -- -*`process.parent.working_directory`*:: +*`checkpoint.emulated_on`*:: + -- -The working directory of the process. +Images the files were emulated on. -type: keyword -example: /home/alice +type: keyword -- -*`process.parent.working_directory.text`*:: +*`checkpoint.extracted_file_type`*:: + -- -type: text +Types of extracted files in case of an archive. + + +type: keyword -- -*`process.pe.company`*:: +*`checkpoint.extracted_file_names`*:: + -- -Internal company name of the file, provided at compile-time. +Names of extracted files in case of an archive. -type: keyword -example: Microsoft Corporation +type: keyword -- -*`process.pe.description`*:: +*`checkpoint.extracted_file_hash`*:: + -- -Internal description of the file, provided at compile-time. +Archive hash in case of extracted files. -type: keyword -example: Paint +type: keyword -- -*`process.pe.file_version`*:: +*`checkpoint.extracted_file_verdict`*:: + -- -Internal version of the file, provided at compile-time. +Verdict of extracted files in case of an archive. -type: keyword -example: 6.3.9600.17415 +type: keyword -- -*`process.pe.original_file_name`*:: +*`checkpoint.extracted_file_uid`*:: + -- -Internal name of the file, provided at compile-time. +UID of extracted files in case of an archive. -type: keyword -example: MSPAINT.EXE +type: keyword -- -*`process.pe.product`*:: +*`checkpoint.mitre_initial_access`*:: + -- -Internal product name of the file, provided at compile-time. +The adversary is trying to break into your network. -type: keyword -example: Microsoft® Windows® Operating System +type: keyword -- -*`process.pgid`*:: +*`checkpoint.mitre_execution`*:: + -- -Identifier of the group of processes the process belongs to. +The adversary is trying to run malicious code. -type: long -format: string +type: keyword -- -*`process.pid`*:: +*`checkpoint.mitre_persistence`*:: + -- -Process id. - -type: long +The adversary is trying to maintain his foothold. -example: 4242 -format: string +type: keyword -- -*`process.ppid`*:: +*`checkpoint.mitre_privilege_escalation`*:: + -- -Parent process' pid. - -type: long +The adversary is trying to gain higher-level permissions. -example: 4241 -format: string +type: keyword -- -*`process.start`*:: +*`checkpoint.mitre_defense_evasion`*:: + -- -The time the process started. +The adversary is trying to avoid being detected. -type: date -example: 2016-05-23T08:05:34.853Z +type: keyword -- -*`process.thread.id`*:: +*`checkpoint.mitre_credential_access`*:: + -- -Thread ID. - -type: long +The adversary is trying to steal account names and passwords. -example: 4242 -format: string +type: keyword -- -*`process.thread.name`*:: +*`checkpoint.mitre_discovery`*:: + -- -Thread name. +The adversary is trying to expose information about your environment. -type: keyword -example: thread-0 +type: keyword -- -*`process.title`*:: +*`checkpoint.mitre_lateral_movement`*:: + -- -Process title. -The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. +The adversary is trying to explore your environment. + type: keyword -- -*`process.title.text`*:: +*`checkpoint.mitre_collection`*:: + -- -type: text +The adversary is trying to collect data of interest to achieve his goal. + + +type: keyword -- -*`process.uptime`*:: +*`checkpoint.mitre_command_and_control`*:: + -- -Seconds the process has been up. +The adversary is trying to communicate with compromised systems in order to control them. -type: long -example: 1325 +type: keyword -- -*`process.working_directory`*:: +*`checkpoint.mitre_exfiltration`*:: + -- -The working directory of the process. +The adversary is trying to steal data. -type: keyword -example: /home/alice +type: keyword -- -*`process.working_directory.text`*:: +*`checkpoint.mitre_impact`*:: + -- -type: text - --- +The adversary is trying to manipulate, interrupt, or destroy your systems and data. -[float] -=== registry -Fields related to Windows Registry operations. +type: keyword +-- -*`registry.data.bytes`*:: +*`checkpoint.parent_file_hash`*:: + -- -Original bytes written with base64 encoding. -For Windows registry operations, such as SetValueEx and RegQueryValueEx, this corresponds to the data pointed by `lp_data`. This is optional but provides better recoverability and should be populated for REG_BINARY encoded values. +Archive's hash in case of extracted files. -type: keyword -example: ZQBuAC0AVQBTAAAAZQBuAAAAAAA= +type: keyword -- -*`registry.data.strings`*:: +*`checkpoint.parent_file_name`*:: + -- -Content when writing string types. -Populated as an array when writing string data to the registry. For single string registry types (REG_SZ, REG_EXPAND_SZ), this should be an array with one string. For sequences of string with REG_MULTI_SZ, this array will be variable length. For numeric data, such as REG_DWORD and REG_QWORD, this should be populated with the decimal representation (e.g `"1"`). +Archive's name in case of extracted files. -type: keyword -example: ["C:\rta\red_ttp\bin\myapp.exe"] +type: keyword -- -*`registry.data.type`*:: +*`checkpoint.parent_file_uid`*:: + -- -Standard registry type for encoding contents +Archive's UID in case of extracted files. -type: keyword -example: REG_SZ +type: keyword -- -*`registry.hive`*:: +*`checkpoint.similiar_iocs`*:: + -- -Abbreviated name for the hive. +Other IoCs similar to the ones found, related to the malicious file. -type: keyword -example: HKLM +type: keyword -- -*`registry.key`*:: +*`checkpoint.similar_hashes`*:: + -- -Hive-relative path of keys. +Hashes found similar to the malicious file. -type: keyword -example: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe +type: keyword -- -*`registry.path`*:: +*`checkpoint.similar_strings`*:: + -- -Full path, including hive, key and value +Strings found similar to the malicious file. -type: keyword -example: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger +type: keyword -- -*`registry.value`*:: +*`checkpoint.similar_communication`*:: + -- -Name of the value written. +Network action found similar to the malicious file. + type: keyword -example: Debugger +-- +*`checkpoint.te_verdict_determined_by`*:: ++ -- +Emulators determined file verdict. -[float] -=== related -This field set is meant to facilitate pivoting around a piece of data. -Some pieces of information can be seen in many places in an ECS event. To facilitate searching for them, store an array of all seen values to their corresponding field in `related.`. -A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:192.0.2.15`. +type: keyword +-- -*`related.hash`*:: +*`checkpoint.packet_capture_unique_id`*:: + -- -All the hashes seen on your event. Populating this field, then using it to search for hashes can help in situations where you're unsure what the hash algorithm is (and therefore which key name to search). +Identifier of the packet capture files. + type: keyword -- -*`related.ip`*:: +*`checkpoint.total_attachments`*:: + -- -All of the IPs seen on your event. +The number of attachments in an email. -type: ip + +type: integer -- -*`related.user`*:: +*`checkpoint.additional_info`*:: + -- -All the user names seen on your event. +ID of original file/mail which are sent by admin. + type: keyword -- -[float] -=== rule - -Rule fields are used to capture the specifics of any observer or agent rules that generate alerts or other notable events. -Examples of data sources that would populate the rule fields include: network admission control platforms, network or host IDS/IPS, network firewalls, web application firewalls, url filters, endpoint detection and response (EDR) systems, etc. - - -*`rule.author`*:: +*`checkpoint.content_risk`*:: + -- -Name, organization, or pseudonym of the author or authors who created the rule used to generate this event. +File risk. -type: keyword -example: ['Star-Lord'] +type: integer -- -*`rule.category`*:: +*`checkpoint.operation`*:: + -- -A categorization value keyword used by the entity using the rule for detection of this event. +Operation made by Threat Extraction. -type: keyword -example: Attempted Information Leak +type: keyword -- -*`rule.description`*:: +*`checkpoint.scrubbed_content`*:: + -- -The description of the rule generating the event. +Active content that was found. -type: keyword -example: Block requests to public DNS over HTTPS / TLS protocols +type: keyword -- -*`rule.id`*:: +*`checkpoint.scrub_time`*:: + -- -A rule ID that is unique within the scope of an agent, observer, or other entity using the rule for detection of this event. +Extraction process duration. -type: keyword -example: 101 +type: keyword -- -*`rule.license`*:: +*`checkpoint.scrub_download_time`*:: + -- -Name of the license under which the rule used to generate this event is made available. +File download time from resource. -type: keyword -example: Apache 2.0 +type: keyword -- -*`rule.name`*:: +*`checkpoint.scrub_total_time`*:: + -- -The name of the rule or signature generating the event. +Threat extraction total file handling time. -type: keyword -example: BLOCK_DNS_over_TLS +type: keyword -- -*`rule.reference`*:: +*`checkpoint.scrub_activity`*:: + -- -Reference URL to additional information about the rule used to generate this event. -The URL can point to the vendor's documentation about the rule. If that's not available, it can also be a link to a more general page describing this type of alert. +The result of the extraction -type: keyword -example: https://en.wikipedia.org/wiki/DNS_over_TLS +type: keyword -- -*`rule.ruleset`*:: +*`checkpoint.watermark`*:: + -- -Name of the ruleset, policy, group, or parent category in which the rule used to generate this event is a member. +Reports whether watermark is added to the cleaned file. -type: keyword -example: Standard_Protocol_Filters +type: keyword -- -*`rule.uuid`*:: +*`checkpoint.source_object`*:: + -- -A rule ID that is unique within the scope of a set or group of agents, observers, or other entities using the rule for detection of this event. +Matched object name on source column. -type: keyword -example: 1100110011 +type: integer -- -*`rule.version`*:: +*`checkpoint.destination_object`*:: + -- -The version / revision of the rule being used for analysis. +Matched object name on destination column. -type: keyword -example: 1.1 +type: keyword -- -[float] -=== server - -A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. -For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. -Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately. - - -*`server.address`*:: +*`checkpoint.drop_reason`*:: + -- -Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. -Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. +Drop reason description. + type: keyword -- -*`server.as.number`*:: +*`checkpoint.hit`*:: + -- -Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. +Number of hits on a rule. -type: long -example: 15169 +type: integer -- -*`server.as.organization.name`*:: +*`checkpoint.rulebase_id`*:: + -- -Organization name. +Layer number. -type: keyword -example: Google LLC +type: integer -- -*`server.as.organization.name.text`*:: +*`checkpoint.first_hit_time`*:: + -- -type: text +First hit time in current interval. + + +type: integer -- -*`server.bytes`*:: +*`checkpoint.last_hit_time`*:: + -- -Bytes sent from the server to the client. - -type: long +Last hit time in current interval. -example: 184 -format: bytes +type: integer -- -*`server.domain`*:: +*`checkpoint.rematch_info`*:: + -- -Server domain. +Information sent when old connections cannot be matched during policy installation. + type: keyword -- -*`server.geo.city_name`*:: +*`checkpoint.last_rematch_time`*:: + -- -City name. +Connection rematched time. -type: keyword -example: Montreal +type: keyword -- -*`server.geo.continent_name`*:: +*`checkpoint.action_reason`*:: + -- -Name of the continent. +Connection drop reason. -type: keyword -example: North America +type: integer -- -*`server.geo.country_iso_code`*:: +*`checkpoint.c_bytes`*:: + -- -Country ISO code. +Boolean value indicates whether bytes sent from the client side are used. -type: keyword -example: CA +type: integer -- -*`server.geo.country_name`*:: +*`checkpoint.context_num`*:: + -- -Country name. +Serial number of the log for a specific connection. -type: keyword -example: Canada +type: integer -- -*`server.geo.location`*:: +*`checkpoint.match_id`*:: + -- -Longitude and latitude. +Private key of the rule -type: geo_point -example: { "lon": -73.614830, "lat": 45.505918 } +type: integer -- -*`server.geo.name`*:: +*`checkpoint.alert`*:: + -- -User-defined description of a location, at the level of granularity they care about. -Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. -Not typically used in automated geolocation. +Alert level of matched rule (for connection logs). -type: keyword -example: boston-dc +type: keyword -- -*`server.geo.region_iso_code`*:: +*`checkpoint.parent_rule`*:: + -- -Region ISO code. +Parent rule number, in case of inline layer. -type: keyword -example: CA-QC +type: integer -- -*`server.geo.region_name`*:: +*`checkpoint.match_fk`*:: + -- -Region name. +Rule number. -type: keyword -example: Quebec +type: integer -- -*`server.ip`*:: +*`checkpoint.dropped_outgoing`*:: + -- -IP address of the server. -Can be one or multiple IPv4 or IPv6 addresses. +Number of outgoing bytes dropped when using UP-limit feature. -type: ip + +type: integer -- -*`server.mac`*:: +*`checkpoint.dropped_incoming`*:: + -- -MAC address of the server. +Number of incoming bytes dropped when using UP-limit feature. -type: keyword + +type: integer -- -*`server.nat.ip`*:: +*`checkpoint.media_type`*:: + -- -Translated ip of destination based NAT sessions (e.g. internet to private DMZ) -Typically used with load balancers, firewalls, or routers. +Media used (audio, video, etc.) -type: ip + +type: keyword -- -*`server.nat.port`*:: +*`checkpoint.sip_reason`*:: + -- -Translated port of destination based NAT sessions (e.g. internet to private DMZ) -Typically used with load balancers, firewalls, or routers. +Explains why 'source_ip' isn't allowed to redirect (handover). -type: long -format: string +type: keyword -- -*`server.packets`*:: +*`checkpoint.voip_method`*:: + -- -Packets sent from the server to the client. +Registration request. -type: long -example: 12 +type: keyword -- -*`server.port`*:: +*`checkpoint.registered_ip-phones`*:: + -- -Port of the server. +Registered IP-Phones. -type: long -format: string +type: keyword -- -*`server.registered_domain`*:: +*`checkpoint.voip_reg_user_type`*:: + -- -The highest registered server domain, stripped of the subdomain. -For example, the registered domain for "foo.google.com" is "google.com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". +Registered IP-Phone type. -type: keyword -example: google.com +type: keyword -- -*`server.top_level_domain`*:: +*`checkpoint.voip_call_id`*:: + -- -The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". +Call-ID. -type: keyword -example: co.uk +type: keyword -- -*`server.user.domain`*:: +*`checkpoint.voip_reg_int`*:: + -- -Name of the directory the user is a member of. -For example, an LDAP or Active Directory domain name. +Registration port. -type: keyword + +type: integer -- -*`server.user.email`*:: +*`checkpoint.voip_reg_ipp`*:: + -- -User email address. +Registration IP protocol. -type: keyword + +type: integer -- -*`server.user.full_name`*:: +*`checkpoint.voip_reg_period`*:: + -- -User's full name, if available. +Registration period. -type: keyword -example: Albert Einstein +type: integer -- -*`server.user.full_name.text`*:: +*`checkpoint.voip_log_type`*:: + -- -type: text +VoIP log types. Possible values: reject, call, registration. + + +type: keyword -- -*`server.user.group.domain`*:: +*`checkpoint.src_phone_number`*:: + -- -Name of the directory the group is a member of. -For example, an LDAP or Active Directory domain name. +Source IP-Phone. + type: keyword -- -*`server.user.group.id`*:: +*`checkpoint.voip_from_user_type`*:: + -- -Unique identifier for the group on the system/platform. +Source IP-Phone type. + type: keyword -- -*`server.user.group.name`*:: +*`checkpoint.dst_phone_number`*:: + -- -Name of the group. +Destination IP-Phone. + type: keyword -- -*`server.user.hash`*:: +*`checkpoint.voip_to_user_type`*:: + -- -Unique user hash to correlate information for a user in anonymized form. -Useful if `user.id` or `user.name` contain confidential information and cannot be used. +Destination IP-Phone type. + type: keyword -- -*`server.user.id`*:: +*`checkpoint.voip_call_dir`*:: + -- -Unique identifiers of the user. +Call direction: in/out. + type: keyword -- -*`server.user.name`*:: +*`checkpoint.voip_call_state`*:: + -- -Short name or login of the user. +Call state. Possible values: in/out. -type: keyword -example: albert +type: keyword -- -*`server.user.name.text`*:: +*`checkpoint.voip_call_term_time`*:: + -- -type: text - --- +Call termination time stamp. -[float] -=== service -The service fields describe the service for or from which the data was collected. -These fields help you find and correlate logs for a specific service and version. +type: keyword +-- -*`service.ephemeral_id`*:: +*`checkpoint.voip_duration`*:: + -- -Ephemeral identifier of this service (if one exists). -This id normally changes across restarts, but `service.id` does not. +Call duration (seconds). -type: keyword -example: 8a4f500f +type: keyword -- -*`service.id`*:: +*`checkpoint.voip_media_port`*:: + -- -Unique identifier of the running service. If the service is comprised of many nodes, the `service.id` should be the same for all nodes. -This id should uniquely identify the service. This makes it possible to correlate logs and metrics for one specific service, no matter which particular node emitted the event. -Note that if you need to see the events from one specific host of the service, you should filter on that `host.name` or `host.id` instead. +Media int. -type: keyword -example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6 +type: keyword -- -*`service.name`*:: +*`checkpoint.voip_media_ipp`*:: + -- -Name of the service data is collected from. -The name of the service is normally user given. This allows for distributed services that run on multiple hosts to correlate the related instances based on the name. -In the case of Elasticsearch the `service.name` could contain the cluster name. For Beats the `service.name` is by default a copy of the `service.type` field if no name is specified. +Media IP protocol. -type: keyword -example: elasticsearch-metrics +type: keyword -- -*`service.node.name`*:: +*`checkpoint.voip_est_codec`*:: + -- -Name of a service node. -This allows for two nodes of the same service running on the same host to be differentiated. Therefore, `service.node.name` should typically be unique across nodes of a given service. -In the case of Elasticsearch, the `service.node.name` could contain the unique node name within the Elasticsearch cluster. In cases where the service doesn't have the concept of a node name, the host name or container name can be used to distinguish running instances that make up this service. If those do not provide uniqueness (e.g. multiple instances of the service running on the same host) - the node name can be manually set. +Estimated codec. -type: keyword -example: instance-0000000016 +type: keyword -- -*`service.state`*:: +*`checkpoint.voip_exp`*:: + -- -Current state of the service. +Expiration. -type: keyword + +type: integer -- -*`service.type`*:: +*`checkpoint.voip_attach_sz`*:: + -- -The type of the service data is collected from. -The type can be used to group and correlate logs and metrics from one service type. -Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. +Attachment size. -type: keyword -example: elasticsearch +type: integer -- -*`service.version`*:: +*`checkpoint.voip_attach_action_info`*:: + -- -Version of the service the data was collected from. -This allows to look at a data set only for a specific version of a service. +Attachment action Info. + type: keyword -example: 3.2.4 +-- +*`checkpoint.voip_media_codec`*:: ++ -- +Estimated codec. -[float] -=== source -Source fields describe details about the source of a packet/event. -Source fields are usually populated in conjunction with destination fields. +type: keyword +-- -*`source.address`*:: +*`checkpoint.voip_reject_reason`*:: + -- -Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. -Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. +Reject reason. + type: keyword -- -*`source.as.number`*:: +*`checkpoint.voip_reason_info`*:: + -- -Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. +Information. -type: long -example: 15169 +type: keyword -- -*`source.as.organization.name`*:: +*`checkpoint.voip_config`*:: + -- -Organization name. +Configuration. -type: keyword -example: Google LLC +type: keyword -- -*`source.as.organization.name.text`*:: +*`checkpoint.voip_reg_server`*:: + -- -type: text +Registrar server IP address. + + +type: ip -- -*`source.bytes`*:: +*`checkpoint.scv_user`*:: + -- -Bytes sent from the source to the destination. - -type: long +Username whose packets are dropped on SCV. -example: 184 -format: bytes +type: keyword -- -*`source.domain`*:: +*`checkpoint.scv_message_info`*:: + -- -Source domain. +Drop reason. + type: keyword -- -*`source.geo.city_name`*:: +*`checkpoint.ppp`*:: + -- -City name. +Authentication status. -type: keyword -example: Montreal +type: keyword -- -*`source.geo.continent_name`*:: +*`checkpoint.scheme`*:: + -- -Name of the continent. +Describes the scheme used for the log. -type: keyword -example: North America +type: keyword -- -*`source.geo.country_iso_code`*:: +*`checkpoint.auth_method`*:: + -- -Country ISO code. +Password authentication protocol used (PAP or EAP). -type: keyword -example: CA +type: keyword -- -*`source.geo.country_name`*:: +*`checkpoint.machine`*:: + -- -Country name. +L2TP machine which triggered the log and the log refers to it. -type: keyword -example: Canada +type: keyword -- -*`source.geo.location`*:: +*`checkpoint.vpn_feature_name`*:: + -- -Longitude and latitude. +L2TP /IKE / Link Selection. -type: geo_point -example: { "lon": -73.614830, "lat": 45.505918 } +type: keyword -- -*`source.geo.name`*:: +*`checkpoint.reject_category`*:: + -- -User-defined description of a location, at the level of granularity they care about. -Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. -Not typically used in automated geolocation. +Authentication failure reason. -type: keyword -example: boston-dc +type: keyword -- -*`source.geo.region_iso_code`*:: +*`checkpoint.peer_ip_probing_status_update`*:: + -- -Region ISO code. +IP address response status. -type: keyword -example: CA-QC +type: keyword -- -*`source.geo.region_name`*:: +*`checkpoint.peer_ip`*:: + -- -Region name. +IP address which the client connects to. -type: keyword -example: Quebec +type: keyword -- -*`source.ip`*:: +*`checkpoint.peer_gateway`*:: + -- -IP address of the source. -Can be one or multiple IPv4 or IPv6 addresses. +Main IP of the peer Security Gateway. + type: ip -- -*`source.mac`*:: +*`checkpoint.link_probing_status_update`*:: + -- -MAC address of the source. +IP address response status. + type: keyword -- -*`source.nat.ip`*:: +*`checkpoint.source_interface`*:: + -- -Translated ip of source based NAT sessions (e.g. internal client to internet) -Typically connections traversing load balancers, firewalls, or routers. +External Interface name for source interface or Null if not found. -type: ip + +type: keyword -- -*`source.nat.port`*:: +*`checkpoint.next_hop_ip`*:: + -- -Translated port of source based NAT sessions. (e.g. internal client to internet) -Typically used with load balancers, firewalls, or routers. +Next hop IP address. -type: long -format: string +type: keyword -- -*`source.packets`*:: +*`checkpoint.srckeyid`*:: + -- -Packets sent from the source to the destination. +Initiator Spi ID. -type: long -example: 12 +type: keyword -- -*`source.port`*:: +*`checkpoint.dstkeyid`*:: + -- -Port of the source. +Responder Spi ID. -type: long -format: string +type: keyword -- -*`source.registered_domain`*:: +*`checkpoint.encryption_failure`*:: + -- -The highest registered source domain, stripped of the subdomain. -For example, the registered domain for "foo.google.com" is "google.com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". +Message indicating why the encryption failed. -type: keyword -example: google.com +type: keyword -- -*`source.top_level_domain`*:: +*`checkpoint.ike_ids`*:: + -- -The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". +All QM ids. -type: keyword -example: co.uk +type: keyword -- -*`source.user.domain`*:: +*`checkpoint.community`*:: + -- -Name of the directory the user is a member of. -For example, an LDAP or Active Directory domain name. +Community name for the IPSec key and the use of the IKEv. + type: keyword -- -*`source.user.email`*:: +*`checkpoint.ike`*:: + -- -User email address. +IKEMode (PHASE1, PHASE2, etc..). + type: keyword -- -*`source.user.full_name`*:: +*`checkpoint.cookieI`*:: + -- -User's full name, if available. +Initiator cookie. -type: keyword -example: Albert Einstein +type: keyword -- -*`source.user.full_name.text`*:: +*`checkpoint.cookieR`*:: + -- -type: text +Responder cookie. + + +type: keyword -- -*`source.user.group.domain`*:: +*`checkpoint.msgid`*:: + -- -Name of the directory the group is a member of. -For example, an LDAP or Active Directory domain name. +Message ID. + type: keyword -- -*`source.user.group.id`*:: +*`checkpoint.methods`*:: + -- -Unique identifier for the group on the system/platform. +IPSEc methods. + type: keyword -- -*`source.user.group.name`*:: +*`checkpoint.connection_uid`*:: + -- -Name of the group. +Calculation of md5 of the IP and user name as UID. + type: keyword -- -*`source.user.hash`*:: +*`checkpoint.site_name`*:: + -- -Unique user hash to correlate information for a user in anonymized form. -Useful if `user.id` or `user.name` contain confidential information and cannot be used. +Site name. + type: keyword -- -*`source.user.id`*:: +*`checkpoint.esod_rule_name`*:: + -- -Unique identifiers of the user. +Unknown rule name. + type: keyword -- -*`source.user.name`*:: +*`checkpoint.esod_rule_action`*:: + -- -Short name or login of the user. +Unknown rule action. -type: keyword -example: albert +type: keyword -- -*`source.user.name.text`*:: +*`checkpoint.esod_rule_type`*:: + -- -type: text - --- +Unknown rule type. -[float] -=== threat -Fields to classify events and alerts according to a threat taxonomy such as the Mitre ATT&CK framework. -These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to capture the high level category of the threat (e.g. "impact"). The threat.technique.* fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. "endpoint denial of service"). +type: keyword +-- -*`threat.framework`*:: +*`checkpoint.esod_noncompliance_reason`*:: + -- -Name of the threat framework used to further categorize and classify the tactic and technique of the reported threat. Framework classification can be provided by detecting systems, evaluated at ingest time, or retrospectively tagged to events. +Non-compliance reason. -type: keyword -example: MITRE ATT&CK +type: keyword -- -*`threat.tactic.id`*:: +*`checkpoint.esod_associated_policies`*:: + -- -The id of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +Associated policies. -type: keyword -example: TA0040 +type: keyword -- -*`threat.tactic.name`*:: +*`checkpoint.spyware_name`*:: + -- -Name of the type of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +Spyware name. -type: keyword -example: impact +type: keyword -- -*`threat.tactic.reference`*:: +*`checkpoint.spyware_type`*:: + -- -The reference url of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +Spyware type. -type: keyword -example: https://attack.mitre.org/tactics/TA0040/ +type: keyword -- -*`threat.technique.id`*:: +*`checkpoint.anti_virus_type`*:: + -- -The id of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Anti virus type. -type: keyword -example: T1499 +type: keyword -- -*`threat.technique.name`*:: +*`checkpoint.end_user_firewall_type`*:: + -- -The name of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +End user firewall type. -type: keyword -example: endpoint denial of service +type: keyword -- -*`threat.technique.name.text`*:: +*`checkpoint.esod_scan_status`*:: + -- -type: text +Scan failed. + + +type: keyword -- -*`threat.technique.reference`*:: +*`checkpoint.esod_access_status`*:: + -- -The reference url of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Access denied. + type: keyword -example: https://attack.mitre.org/techniques/T1499/ +-- +*`checkpoint.client_type`*:: ++ -- +Endpoint Connect. -[float] -=== tls -Fields related to a TLS connection. These fields focus on the TLS protocol itself and intentionally avoids in-depth analysis of the related x.509 certificate files. +type: keyword +-- -*`tls.cipher`*:: +*`checkpoint.precise_error`*:: + -- -String indicating the cipher used during the current connection. +HTTP parser error. -type: keyword -example: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +type: keyword -- -*`tls.client.certificate`*:: +*`checkpoint.method`*:: + -- -PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list. +HTTP method. -type: keyword -example: MII... +type: keyword -- -*`tls.client.certificate_chain`*:: +*`checkpoint.trusted_domain`*:: + -- -Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain. +In case of phishing event, the domain, which the attacker was impersonating. -type: keyword -example: ['MII...', 'MII...'] +type: keyword -- -*`tls.client.hash.md5`*:: -+ --- -Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. +[[exported-fields-cisco]] +== Cisco fields -type: keyword +Module for handling Cisco network device logs. -example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC --- -*`tls.client.hash.sha1`*:: -+ --- -Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. +[float] +=== cisco -type: keyword +Fields from Cisco logs. -example: 9E393D93138888D288266C2D915214D1D1CCEB2A --- -*`tls.client.hash.sha256`*:: -+ --- -Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. +[float] +=== asa -type: keyword +Fields for Cisco ASA Firewall. -example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 --- -*`tls.client.issuer`*:: +*`cisco.asa.message_id`*:: + -- -Distinguished name of subject of the issuer of the x.509 certificate presented by the client. +The Cisco ASA message identifier. -type: keyword -example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com +type: keyword -- -*`tls.client.ja3`*:: +*`cisco.asa.suffix`*:: + -- -A hash that identifies clients based on how they perform an SSL/TLS handshake. +Optional suffix after %ASA identifier. + type: keyword -example: d4e5b18d6b55c71272893221c96ba240 +example: session -- -*`tls.client.not_after`*:: +*`cisco.asa.source_interface`*:: + -- -Date/Time indicating when client certificate is no longer considered valid. +Source interface for the flow or event. -type: date -example: 2021-01-01T00:00:00.000Z +type: keyword -- -*`tls.client.not_before`*:: +*`cisco.asa.destination_interface`*:: + -- -Date/Time indicating when client certificate is first considered valid. +Destination interface for the flow or event. -type: date -example: 1970-01-01T00:00:00.000Z +type: keyword -- -*`tls.client.server_name`*:: +*`cisco.asa.rule_name`*:: + -- -Also called an SNI, this tells the server which hostname to which the client is attempting to connect. When this value is available, it should get copied to `destination.domain`. +Name of the Access Control List rule that matched this event. -type: keyword -example: www.elastic.co +type: keyword -- -*`tls.client.subject`*:: +*`cisco.asa.source_username`*:: + -- -Distinguished name of subject of the x.509 certificate presented by the client. +Name of the user that is the source for this event. -type: keyword -example: CN=myclient, OU=Documentation Team, DC=mydomain, DC=com +type: keyword -- -*`tls.client.supported_ciphers`*:: +*`cisco.asa.destination_username`*:: + -- -Array of ciphers offered by the client during the client hello. +Name of the user that is the destination for this event. -type: keyword -example: ['TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', '...'] +type: keyword -- -*`tls.curve`*:: +*`cisco.asa.mapped_source_ip`*:: + -- -String indicating the curve used for the given cipher, when applicable. +The translated source IP address. -type: keyword -example: secp256r1 +type: ip -- -*`tls.established`*:: +*`cisco.asa.mapped_source_port`*:: + -- -Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel. +The translated source port. -type: boolean + +type: long -- -*`tls.next_protocol`*:: +*`cisco.asa.mapped_destination_ip`*:: + -- -String indicating the protocol being tunneled. Per the values in the IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case. +The translated destination IP address. -type: keyword -example: http/1.1 +type: ip -- -*`tls.resumed`*:: +*`cisco.asa.mapped_destination_port`*:: + -- -Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation. +The translated destination port. -type: boolean + +type: long -- -*`tls.server.certificate`*:: +*`cisco.asa.threat_level`*:: + -- -PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list. +Threat level for malware / botnet traffic. One of very-low, low, moderate, high or very-high. -type: keyword -example: MII... +type: keyword -- -*`tls.server.certificate_chain`*:: +*`cisco.asa.threat_category`*:: + -- -Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain. +Category for the malware / botnet traffic. For example: virus, botnet, trojan, etc. -type: keyword -example: ['MII...', 'MII...'] +type: keyword -- -*`tls.server.hash.md5`*:: +*`cisco.asa.connection_id`*:: + -- -Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. +Unique identifier for a flow. -type: keyword -example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC +type: keyword -- -*`tls.server.hash.sha1`*:: +*`cisco.asa.icmp_type`*:: + -- -Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. +ICMP type. -type: keyword -example: 9E393D93138888D288266C2D915214D1D1CCEB2A +type: short -- -*`tls.server.hash.sha256`*:: +*`cisco.asa.icmp_code`*:: + -- -Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. +ICMP code. -type: keyword -example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 +type: short -- -*`tls.server.issuer`*:: +*`cisco.asa.connection_type`*:: + -- -Subject of the issuer of the x.509 certificate presented by the server. +The VPN connection type -type: keyword -example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com +type: keyword -- -*`tls.server.ja3s`*:: +*`cisco.asa.dap_records`*:: + -- -A hash that identifies servers based on how they perform an SSL/TLS handshake. +The assigned DAP records -type: keyword -example: 394441ab65754e2207b1e1b457b3641d +type: keyword -- -*`tls.server.not_after`*:: -+ --- -Timestamp indicating when server certificate is no longer considered valid. +[float] +=== ftd -type: date +Fields for Cisco Firepower Threat Defense Firewall. -example: 2021-01-01T00:00:00.000Z --- -*`tls.server.not_before`*:: +*`cisco.ftd.message_id`*:: + -- -Timestamp indicating when server certificate is first considered valid. +The Cisco FTD message identifier. -type: date -example: 1970-01-01T00:00:00.000Z +type: keyword -- -*`tls.server.subject`*:: +*`cisco.ftd.suffix`*:: + -- -Subject of the x.509 certificate presented by the server. +Optional suffix after %FTD identifier. + type: keyword -example: CN=www.mydomain.com, OU=Infrastructure Team, DC=mydomain, DC=com +example: session -- -*`tls.version`*:: +*`cisco.ftd.source_interface`*:: + -- -Numeric part of the version parsed from the original string. +Source interface for the flow or event. -type: keyword -example: 1.2 +type: keyword -- -*`tls.version_protocol`*:: +*`cisco.ftd.destination_interface`*:: + -- -Normalized lowercase protocol name parsed from original string. +Destination interface for the flow or event. + type: keyword -example: tls +-- +*`cisco.ftd.rule_name`*:: ++ -- +Name of the Access Control List rule that matched this event. -[float] -=== tracing -Distributed tracing makes it possible to analyze performance throughout a microservice architecture all in one view. This is accomplished by tracing all of the requests - from the initial web request in the front-end service - to queries made through multiple back-end services. +type: keyword +-- -*`tracing.trace.id`*:: +*`cisco.ftd.source_username`*:: + -- -Unique identifier of the trace. -A trace groups multiple events like transactions that belong together. For example, a user request handled by multiple inter-connected services. +Name of the user that is the source for this event. -type: keyword -example: 4bf92f3577b34da6a3ce929d0e0e4736 +type: keyword -- -*`tracing.transaction.id`*:: +*`cisco.ftd.destination_username`*:: + -- -Unique identifier of the transaction. -A transaction is the highest level of work measured within a service, such as a request to a server. +Name of the user that is the destination for this event. + type: keyword -example: 00f067aa0ba902b7 +-- +*`cisco.ftd.mapped_source_ip`*:: ++ -- +The translated source IP address. Use ECS source.nat.ip. -[float] -=== url -URL fields provide support for complete or partial URLs, and supports the breaking down into scheme, domain, path, and so on. +type: ip +-- -*`url.domain`*:: +*`cisco.ftd.mapped_source_port`*:: + -- -Domain of the url, such as "www.elastic.co". -In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. +The translated source port. Use ECS source.nat.port. -type: keyword -example: www.elastic.co +type: long -- -*`url.extension`*:: +*`cisco.ftd.mapped_destination_ip`*:: + -- -The field contains the file extension from the original request url. -The file extension is only set if it exists, as not every url has a file extension. -The leading period must not be included. For example, the value must be "png", not ".png". +The translated destination IP address. Use ECS destination.nat.ip. -type: keyword -example: png +type: ip -- -*`url.fragment`*:: +*`cisco.ftd.mapped_destination_port`*:: + -- -Portion of the url after the `#`, such as "top". -The `#` is not part of the fragment. +The translated destination port. Use ECS destination.nat.port. -type: keyword + +type: long -- -*`url.full`*:: +*`cisco.ftd.threat_level`*:: + -- -If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. +Threat level for malware / botnet traffic. One of very-low, low, moderate, high or very-high. -type: keyword -example: https://www.elastic.co:443/search?q=elasticsearch#top +type: keyword -- -*`url.full.text`*:: +*`cisco.ftd.threat_category`*:: + -- -type: text +Category for the malware / botnet traffic. For example: virus, botnet, trojan, etc. + + +type: keyword -- -*`url.original`*:: +*`cisco.ftd.connection_id`*:: + -- -Unmodified original url as seen in the event source. -Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. -This field is meant to represent the URL as it was observed, complete or not. +Unique identifier for a flow. -type: keyword -example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch +type: keyword -- -*`url.original.text`*:: +*`cisco.ftd.icmp_type`*:: + -- -type: text +ICMP type. + + +type: short -- -*`url.password`*:: +*`cisco.ftd.icmp_code`*:: + -- -Password of the request. +ICMP code. -type: keyword + +type: short -- -*`url.path`*:: +*`cisco.ftd.security`*:: + -- -Path of the request, such as "/search". +Raw fields for Security Events. -type: keyword +type: object -- -*`url.port`*:: +*`cisco.ftd.connection_type`*:: + -- -Port of the request, such as 443. - -type: long +The VPN connection type -example: 443 -format: string +type: keyword -- -*`url.query`*:: +*`cisco.ftd.dap_records`*:: + -- -The query field describes the query string of the request, such as "q=elasticsearch". -The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases. +The assigned DAP records + type: keyword -- -*`url.registered_domain`*:: -+ --- -The highest registered url domain, stripped of the subdomain. -For example, the registered domain for "foo.google.com" is "google.com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". +[float] +=== ios -type: keyword +Fields for Cisco IOS logs. -example: google.com --- -*`url.scheme`*:: +*`cisco.ios.access_list`*:: + -- -Scheme of the request, such as "https". -Note: The `:` is not part of the scheme. +Name of the IP access list. -type: keyword -example: https +type: keyword -- -*`url.top_level_domain`*:: +*`cisco.ios.facility`*:: + -- -The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". +The facility to which the message refers (for example, SNMP, SYS, and so forth). A facility can be a hardware device, a protocol, or a module of the system software. It denotes the source or the cause of the system message. + type: keyword -example: co.uk +example: SEC -- -*`url.username`*:: -+ --- -Username of the request. +[[exported-fields-cisco]] +== Cisco fields + +Module for handling Cisco network device logs. -type: keyword --- [float] -=== user +=== cisco -The user fields describe information about the user that is relevant to the event. -Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. +Fields from Cisco logs. -*`user.domain`*:: -+ --- -Name of the directory the user is a member of. -For example, an LDAP or Active Directory domain name. -type: keyword +[float] +=== asa --- +Fields for Cisco ASA Firewall. -*`user.email`*:: + + +*`cisco.asa.message_id`*:: + -- -User email address. +The Cisco ASA message identifier. + type: keyword -- -*`user.full_name`*:: +*`cisco.asa.suffix`*:: + -- -User's full name, if available. +Optional suffix after %ASA identifier. + type: keyword -example: Albert Einstein +example: session -- -*`user.full_name.text`*:: +*`cisco.asa.source_interface`*:: + -- -type: text - --- +Source interface for the flow or event. -*`user.group.domain`*:: -+ --- -Name of the directory the group is a member of. -For example, an LDAP or Active Directory domain name. type: keyword -- -*`user.group.id`*:: +*`cisco.asa.destination_interface`*:: + -- -Unique identifier for the group on the system/platform. +Destination interface for the flow or event. + type: keyword -- -*`user.group.name`*:: +*`cisco.asa.rule_name`*:: + -- -Name of the group. +Name of the Access Control List rule that matched this event. + type: keyword -- -*`user.hash`*:: +*`cisco.asa.source_username`*:: + -- -Unique user hash to correlate information for a user in anonymized form. -Useful if `user.id` or `user.name` contain confidential information and cannot be used. +Name of the user that is the source for this event. + type: keyword -- -*`user.id`*:: +*`cisco.asa.destination_username`*:: + -- -Unique identifiers of the user. +Name of the user that is the destination for this event. + type: keyword -- -*`user.name`*:: +*`cisco.asa.mapped_source_ip`*:: + -- -Short name or login of the user. +The translated source IP address. -type: keyword -example: albert +type: ip -- -*`user.name.text`*:: +*`cisco.asa.mapped_source_host`*:: + -- -type: text - --- - -[float] -=== user_agent - -The user_agent fields normally come from a browser request. -They often show up in web service logs coming from the parsed user agent string. - +The translated source host. -*`user_agent.device.name`*:: -+ --- -Name of the device. type: keyword -example: iPhone - -- -*`user_agent.name`*:: +*`cisco.asa.mapped_source_port`*:: + -- -Name of the user agent. +The translated source port. -type: keyword -example: Safari +type: long -- -*`user_agent.original`*:: +*`cisco.asa.mapped_destination_ip`*:: + -- -Unparsed user_agent string. +The translated destination IP address. -type: keyword -example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1 +type: ip -- -*`user_agent.original.text`*:: +*`cisco.asa.mapped_destination_host`*:: + -- -type: text - --- +The translated destination host. -*`user_agent.os.family`*:: -+ --- -OS family (such as redhat, debian, freebsd, windows). type: keyword -example: debian - -- -*`user_agent.os.full`*:: +*`cisco.asa.mapped_destination_port`*:: + -- -Operating system name, including the version or code name. +The translated destination port. -type: keyword -example: Mac OS Mojave +type: long -- -*`user_agent.os.full.text`*:: +*`cisco.asa.threat_level`*:: + -- -type: text - --- +Threat level for malware / botnet traffic. One of very-low, low, moderate, high or very-high. -*`user_agent.os.kernel`*:: -+ --- -Operating system kernel version as a raw string. type: keyword -example: 4.4.0-112-generic - -- -*`user_agent.os.name`*:: +*`cisco.asa.threat_category`*:: + -- -Operating system name, without the version. +Category for the malware / botnet traffic. For example: virus, botnet, trojan, etc. -type: keyword -example: Mac OS X +type: keyword -- -*`user_agent.os.name.text`*:: +*`cisco.asa.connection_id`*:: + -- -type: text - --- +Unique identifier for a flow. -*`user_agent.os.platform`*:: -+ --- -Operating system platform (such centos, ubuntu, windows). type: keyword -example: darwin - -- -*`user_agent.os.version`*:: +*`cisco.asa.icmp_type`*:: + -- -Operating system version as a raw string. +ICMP type. -type: keyword -example: 10.14.1 +type: short -- -*`user_agent.version`*:: +*`cisco.asa.icmp_code`*:: + -- -Version of the user agent. +ICMP code. -type: keyword -example: 12.0 +type: short -- -[float] -=== vlan - -The VLAN fields are used to identify 802.1q tag(s) of a packet, as well as ingress and egress VLAN associations of an observer in relation to a specific packet or connection. -Network.vlan fields are used to record a single VLAN tag, or the outer tag in the case of q-in-q encapsulations, for a packet or connection as observed, typically provided by a network sensor (e.g. Zeek, Wireshark) passively reporting on traffic. -Network.inner VLAN fields are used to report inner q-in-q 802.1q tags (multiple 802.1q encapsulations) as observed, typically provided by a network sensor (e.g. Zeek, Wireshark) passively reporting on traffic. Network.inner VLAN fields should only be used in addition to network.vlan fields to indicate q-in-q tagging. -Observer.ingress and observer.egress VLAN values are used to record observer specific information when observer events contain discrete ingress and egress VLAN information, typically provided by firewalls, routers, or load balancers. - - -*`vlan.id`*:: +*`cisco.asa.connection_type`*:: + -- -VLAN ID as reported by the observer. +The VPN connection type -type: keyword -example: 10 +type: keyword -- -*`vlan.name`*:: +*`cisco.asa.dap_records`*:: + -- -Optional VLAN name as reported by the observer. +The assigned DAP records -type: keyword -example: outside +type: keyword -- [float] -=== vulnerability +=== ftd -The vulnerability fields describe information about a vulnerability that is relevant to an event. +Fields for Cisco Firepower Threat Defense Firewall. -*`vulnerability.category`*:: + +*`cisco.ftd.message_id`*:: + -- -The type of system or architecture that the vulnerability affects. These may be platform-specific (for example, Debian or SUSE) or general (for example, Database or Firewall). For example (https://qualysguard.qualys.com/qwebhelp/fo_portal/knowledgebase/vulnerability_categories.htm[Qualys vulnerability categories]) -This field must be an array. +The Cisco FTD message identifier. -type: keyword -example: ["Firewall"] +type: keyword -- -*`vulnerability.classification`*:: +*`cisco.ftd.suffix`*:: + -- -The classification of the vulnerability scoring system. For example (https://www.first.org/cvss/) +Optional suffix after %FTD identifier. + type: keyword -example: CVSS +example: session -- -*`vulnerability.description`*:: +*`cisco.ftd.source_interface`*:: + -- -The description of the vulnerability that provides additional context of the vulnerability. For example (https://cve.mitre.org/about/faqs.html#cve_entry_descriptions_created[Common Vulnerabilities and Exposure CVE description]) +Source interface for the flow or event. -type: keyword -example: In macOS before 2.12.6, there is a vulnerability in the RPC... +type: keyword -- -*`vulnerability.description.text`*:: +*`cisco.ftd.destination_interface`*:: + -- -type: text - --- +Destination interface for the flow or event. -*`vulnerability.enumeration`*:: -+ --- -The type of identifier used for this vulnerability. For example (https://cve.mitre.org/about/) type: keyword -example: CVE - -- -*`vulnerability.id`*:: +*`cisco.ftd.rule_name`*:: + -- -The identification (ID) is the number portion of a vulnerability entry. It includes a unique identification number for the vulnerability. For example (https://cve.mitre.org/about/faqs.html#what_is_cve_id)[Common Vulnerabilities and Exposure CVE ID] +Name of the Access Control List rule that matched this event. -type: keyword -example: CVE-2019-00001 +type: keyword -- -*`vulnerability.reference`*:: +*`cisco.ftd.source_username`*:: + -- -A resource that provides additional information, context, and mitigations for the identified vulnerability. +Name of the user that is the source for this event. -type: keyword -example: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111 +type: keyword -- -*`vulnerability.report_id`*:: +*`cisco.ftd.destination_username`*:: + -- -The report or scan identification number. +Name of the user that is the destination for this event. -type: keyword -example: 20191018.0001 +type: keyword -- -*`vulnerability.scanner.vendor`*:: +*`cisco.ftd.mapped_source_ip`*:: + -- -The name of the vulnerability scanner vendor. +The translated source IP address. Use ECS source.nat.ip. -type: keyword -example: Tenable +type: ip -- -*`vulnerability.score.base`*:: +*`cisco.ftd.mapped_source_host`*:: + -- -Scores can range from 0.0 to 10.0, with 10.0 being the most severe. -Base scores cover an assessment for exploitability metrics (attack vector, complexity, privileges, and user interaction), impact metrics (confidentiality, integrity, and availability), and scope. For example (https://www.first.org/cvss/specification-document) +The translated source host. -type: float -example: 5.5 +type: keyword -- -*`vulnerability.score.environmental`*:: +*`cisco.ftd.mapped_source_port`*:: + -- -Scores can range from 0.0 to 10.0, with 10.0 being the most severe. -Environmental scores cover an assessment for any modified Base metrics, confidentiality, integrity, and availability requirements. For example (https://www.first.org/cvss/specification-document) +The translated source port. Use ECS source.nat.port. -type: float -example: 5.5 +type: long -- -*`vulnerability.score.temporal`*:: +*`cisco.ftd.mapped_destination_ip`*:: + -- -Scores can range from 0.0 to 10.0, with 10.0 being the most severe. -Temporal scores cover an assessment for code maturity, remediation level, and confidence. For example (https://www.first.org/cvss/specification-document) +The translated destination IP address. Use ECS destination.nat.ip. -type: float + +type: ip -- -*`vulnerability.score.version`*:: +*`cisco.ftd.mapped_destination_host`*:: + -- -The National Vulnerability Database (NVD) provides qualitative severity rankings of "Low", "Medium", and "High" for CVSS v2.0 base score ranges in addition to the severity ratings for CVSS v3.0 as they are defined in the CVSS v3.0 specification. -CVSS is owned and managed by FIRST.Org, Inc. (FIRST), a US-based non-profit organization, whose mission is to help computer security incident response teams across the world. For example (https://nvd.nist.gov/vuln-metrics/cvss) +The translated destination host. -type: keyword -example: 2.0 +type: keyword -- -*`vulnerability.severity`*:: +*`cisco.ftd.mapped_destination_port`*:: + -- -The severity of the vulnerability can help with metrics and internal prioritization regarding remediation. For example (https://nvd.nist.gov/vuln-metrics/cvss) +The translated destination port. Use ECS destination.nat.port. -type: keyword -example: Critical +type: long -- -[[exported-fields-elasticsearch]] -== Elasticsearch fields - -elasticsearch Module - - - -[float] -=== elasticsearch - - - - -*`elasticsearch.component`*:: +*`cisco.ftd.threat_level`*:: + -- -Elasticsearch component from where the log event originated +Threat level for malware / botnet traffic. One of very-low, low, moderate, high or very-high. -type: keyword -example: o.e.c.m.MetaDataCreateIndexService +type: keyword -- -*`elasticsearch.cluster.uuid`*:: +*`cisco.ftd.threat_category`*:: + -- -UUID of the cluster +Category for the malware / botnet traffic. For example: virus, botnet, trojan, etc. -type: keyword -example: GmvrbHlNTiSVYiPf8kxg9g +type: keyword -- -*`elasticsearch.cluster.name`*:: +*`cisco.ftd.connection_id`*:: + -- -Name of the cluster +Unique identifier for a flow. -type: keyword -example: docker-cluster +type: keyword -- -*`elasticsearch.node.id`*:: +*`cisco.ftd.icmp_type`*:: + -- -ID of the node +ICMP type. -type: keyword -example: DSiWcTyeThWtUXLB9J0BMw +type: short -- -*`elasticsearch.node.name`*:: +*`cisco.ftd.icmp_code`*:: + -- -Name of the node +ICMP code. -type: keyword -example: vWNJsZ3 +type: short -- -*`elasticsearch.index.name`*:: +*`cisco.ftd.security`*:: + -- -Index name - -type: keyword +Raw fields for Security Events. -example: filebeat-test-input +type: object -- -*`elasticsearch.index.id`*:: +*`cisco.ftd.connection_type`*:: + -- -Index id +The VPN connection type -type: keyword -example: aOGgDwbURfCV57AScqbCgw +type: keyword -- -*`elasticsearch.shard.id`*:: +*`cisco.ftd.dap_records`*:: + -- -Id of the shard +The assigned DAP records -type: keyword -example: 0 +type: keyword -- [float] -=== audit +=== ios +Fields for Cisco IOS logs. -*`elasticsearch.audit.layer`*:: +*`cisco.ios.access_list`*:: + -- -The layer from which this event originated: rest, transport or ip_filter - -type: keyword - -example: rest - --- +Name of the IP access list. -*`elasticsearch.audit.event_type`*:: -+ --- -The type of event that occurred: anonymous_access_denied, authentication_failed, access_denied, access_granted, connection_granted, connection_denied, tampered_request, run_as_granted, run_as_denied type: keyword -example: access_granted - -- -*`elasticsearch.audit.origin.type`*:: +*`cisco.ios.facility`*:: + -- -Where the request originated: rest (request originated from a REST API request), transport (request was received on the transport channel), local_node (the local node issued the request) +The facility to which the message refers (for example, SNMP, SYS, and so forth). A facility can be a hardware device, a protocol, or a module of the system software. It denotes the source or the cause of the system message. -type: keyword -example: local_node +type: keyword --- +example: SEC -*`elasticsearch.audit.realm`*:: -+ -- -The authentication realm the authentication was validated against - -type: keyword --- +[[exported-fields-cloud]] +== Cloud provider metadata fields -*`elasticsearch.audit.user.realm`*:: -+ --- -The user's authentication realm, if authenticated +Metadata from cloud providers added by the add_cloud_metadata processor. -type: keyword --- -*`elasticsearch.audit.user.roles`*:: +*`cloud.project.id`*:: + -- -Roles to which the principal belongs +Name of the project in Google Cloud. -type: keyword -example: ['kibana_user', 'beats_admin'] +example: project-x -- -*`elasticsearch.audit.action`*:: +*`cloud.image.id`*:: + -- -The name of the action that was executed +Image ID for the cloud instance. -type: keyword -example: cluster:monitor/main +example: ami-abcd1234 -- -*`elasticsearch.audit.url.params`*:: +*`meta.cloud.provider`*:: + -- -REST URI parameters +type: alias -example: {username=jacknich2} +alias to: cloud.provider -- -*`elasticsearch.audit.indices`*:: +*`meta.cloud.instance_id`*:: + -- -Indices accessed by action - -type: keyword +type: alias -example: ['foo-2019.01.04', 'foo-2019.01.03', 'foo-2019.01.06'] +alias to: cloud.instance.id -- -*`elasticsearch.audit.request.id`*:: +*`meta.cloud.instance_name`*:: + -- -Unique ID of request - -type: keyword +type: alias -example: WzL_kb6VSvOhAq0twPvHOQ +alias to: cloud.instance.name -- -*`elasticsearch.audit.request.name`*:: +*`meta.cloud.machine_type`*:: + -- -The type of request that was executed - -type: keyword +type: alias -example: ClearScrollRequest +alias to: cloud.machine.type -- -*`elasticsearch.audit.request_body`*:: +*`meta.cloud.availability_zone`*:: + -- type: alias -alias to: http.request.body.content +alias to: cloud.availability_zone -- -*`elasticsearch.audit.origin_address`*:: +*`meta.cloud.project_id`*:: + -- type: alias -alias to: source.ip +alias to: cloud.project.id -- -*`elasticsearch.audit.uri`*:: +*`meta.cloud.region`*:: + -- type: alias -alias to: url.original - --- +alias to: cloud.region -*`elasticsearch.audit.principal`*:: -+ -- -type: alias -alias to: user.name +[[exported-fields-coredns]] +== Coredns fields --- +Module for handling logs produced by coredns -*`elasticsearch.audit.message`*:: -+ --- -type: text --- [float] -=== deprecation +=== coredns +coredns fields after normalization -[float] -=== gc -GC fileset fields. +*`coredns.id`*:: ++ +-- +id of the DNS transaction +type: keyword -[float] -=== phase +-- -Fields specific to GC phase. +*`coredns.query.size`*:: ++ +-- +size of the DNS query +type: integer -*`elasticsearch.gc.phase.name`*:: +format: bytes + +-- + +*`coredns.query.class`*:: + -- -Name of the GC collection phase. +DNS query class type: keyword -- -*`elasticsearch.gc.phase.duration_sec`*:: +*`coredns.query.name`*:: + -- -Collection phase duration according to the Java virtual machine. +DNS query name -type: float +type: keyword -- -*`elasticsearch.gc.phase.scrub_symbol_table_time_sec`*:: +*`coredns.query.type`*:: + -- -Pause time in seconds cleaning up symbol tables. +DNS query type -type: float +type: keyword -- -*`elasticsearch.gc.phase.scrub_string_table_time_sec`*:: +*`coredns.response.code`*:: + -- -Pause time in seconds cleaning up string tables. +DNS response code -type: float +type: keyword -- -*`elasticsearch.gc.phase.weak_refs_processing_time_sec`*:: +*`coredns.response.flags`*:: + -- -Time spent processing weak references in seconds. +DNS response flags -type: float +type: keyword -- -*`elasticsearch.gc.phase.parallel_rescan_time_sec`*:: +*`coredns.response.size`*:: + -- -Time spent in seconds marking live objects while application is stopped. +size of the DNS response -type: float +type: integer + +format: bytes -- -*`elasticsearch.gc.phase.class_unload_time_sec`*:: +*`coredns.dnssec_ok`*:: + -- -Time spent unloading unused classes in seconds. +dnssec flag -type: float +type: boolean -- +[[exported-fields-coredns]] +== Coredns fields + +Module for handling logs produced by coredns + + + [float] -=== cpu_time +=== coredns -Process CPU time spent performing collections. +coredns fields after normalization -*`elasticsearch.gc.phase.cpu_time.user_sec`*:: +*`coredns.id`*:: + -- -CPU time spent outside the kernel. +id of the DNS transaction -type: float +type: keyword -- -*`elasticsearch.gc.phase.cpu_time.sys_sec`*:: +*`coredns.query.size`*:: + -- -CPU time spent inside the kernel. +size of the DNS query -type: float +type: integer + +format: bytes -- -*`elasticsearch.gc.phase.cpu_time.real_sec`*:: +*`coredns.query.class`*:: + -- -Total elapsed CPU time spent to complete the collection from start to finish. +DNS query class -type: float +type: keyword -- -*`elasticsearch.gc.jvm_runtime_sec`*:: +*`coredns.query.name`*:: + -- -The time from JVM start up in seconds, as a floating point number. +DNS query name -type: float +type: keyword -- -*`elasticsearch.gc.threads_total_stop_time_sec`*:: +*`coredns.query.type`*:: + -- -Garbage collection threads total stop time seconds. +DNS query type -type: float +type: keyword -- -*`elasticsearch.gc.stopping_threads_time_sec`*:: +*`coredns.response.code`*:: + -- -Time took to stop threads seconds. +DNS response code -type: float +type: keyword -- -*`elasticsearch.gc.tags`*:: +*`coredns.response.flags`*:: + -- -GC logging tags. +DNS response flags type: keyword -- -[float] -=== heap - -Heap allocation and total size. - - - -*`elasticsearch.gc.heap.size_kb`*:: +*`coredns.response.size`*:: + -- -Total heap size in kilobytes. +size of the DNS response type: integer +format: bytes + -- -*`elasticsearch.gc.heap.used_kb`*:: +*`coredns.dnssec_ok`*:: + -- -Used heap in kilobytes. +dnssec flag -type: integer +type: boolean -- -[float] -=== old_gen +[[exported-fields-crowdstrike]] +== Crowdstrike fields -Old generation occupancy and total size. +Module for collecting Crowdstrike events. -*`elasticsearch.gc.old_gen.size_kb`*:: -+ --- -Total size of old generation in kilobytes. +[float] +=== crowdstrike +Fields for Crowdstrike Falcon event and alert data. -type: integer --- -*`elasticsearch.gc.old_gen.used_kb`*:: -+ --- -Old generation occupancy in kilobytes. +[float] +=== metadata +Meta data fields for each event that include type and timestamp. -type: integer --- -[float] -=== young_gen +*`crowdstrike.metadata.eventType`*:: ++ +-- +DetectionSummaryEvent, IncidentSummaryEvent, RemoteResponseSessionStartEvent, RemoteResponseSessionEndEvent, AuthActivityAuditEvent, or UserActivityAuditEvent -Young generation occupancy and total size. +type: keyword +-- -*`elasticsearch.gc.young_gen.size_kb`*:: +*`crowdstrike.metadata.eventCreationTime`*:: + -- -Total size of young generation in kilobytes. +The time this event occurred on the endpoint in UTC UNIX_MS format. -type: integer +type: date -- -*`elasticsearch.gc.young_gen.used_kb`*:: +*`crowdstrike.metadata.offset`*:: + -- -Young generation occupancy in kilobytes. +Offset number that tracks the location of the event in stream. This is used to identify unique detection events. type: integer -- -[float] -=== server +*`crowdstrike.metadata.customerIDString`*:: ++ +-- +Customer identifier -Server log file +type: keyword -*`elasticsearch.server.stacktrace`*:: -+ -- -Field is not indexed. +*`crowdstrike.metadata.version`*:: ++ -- +Schema version -[float] -=== gc -GC log +type: keyword +-- [float] -=== young +=== event -Young GC +Event data fields for each event and alert. -*`elasticsearch.server.gc.young.one`*:: + +*`crowdstrike.event.ProcessStartTime`*:: + -- +The process start time in UTC UNIX_MS format. -type: long - -example: +type: date -- -*`elasticsearch.server.gc.young.two`*:: +*`crowdstrike.event.ProcessEndTime`*:: + -- +The process termination time in UTC UNIX_MS format. -type: long - -example: +type: date -- -*`elasticsearch.server.gc.overhead_seq`*:: +*`crowdstrike.event.ProcessId`*:: + -- -Sequence number +Process ID related to the detection. -type: long -example: 3449992 +type: integer -- -*`elasticsearch.server.gc.collection_duration.ms`*:: +*`crowdstrike.event.ParentProcessId`*:: + -- -Time spent in GC, in milliseconds +Parent process ID related to the detection. -type: float -example: 1600 +type: integer -- -*`elasticsearch.server.gc.observation_duration.ms`*:: +*`crowdstrike.event.ComputerName`*:: + -- -Total time over which collection was observed, in milliseconds +Name of the computer where the detection occurred. -type: float -example: 1800 +type: keyword -- -[float] -=== slowlog - -Slowlog events from Elasticsearch - - -*`elasticsearch.slowlog.logger`*:: +*`crowdstrike.event.UserName`*:: + -- -Logger name +User name associated with the detection. -type: keyword -example: index.search.slowlog.fetch +type: keyword -- -*`elasticsearch.slowlog.took`*:: +*`crowdstrike.event.DetectName`*:: + -- -Time it took to execute the query +Name of the detection. -type: keyword -example: 300ms +type: keyword -- -*`elasticsearch.slowlog.types`*:: +*`crowdstrike.event.DetectDescription`*:: + -- -Types +Description of the detection. -type: keyword -example: +type: keyword -- -*`elasticsearch.slowlog.stats`*:: +*`crowdstrike.event.Severity`*:: + -- -Stats groups +Severity score of the detection. -type: keyword -example: group1 +type: integer -- -*`elasticsearch.slowlog.search_type`*:: +*`crowdstrike.event.SeverityName`*:: + -- -Search type +Severity score text. -type: keyword -example: QUERY_THEN_FETCH +type: keyword -- -*`elasticsearch.slowlog.source_query`*:: +*`crowdstrike.event.FileName`*:: + -- -Slow query +File name of the associated process for the detection. -type: keyword -example: {"query":{"match_all":{"boost":1.0}}} +type: keyword -- -*`elasticsearch.slowlog.extra_source`*:: +*`crowdstrike.event.FilePath`*:: + -- -Extra source information +Path of the executable associated with the detection. -type: keyword -example: +type: keyword -- -*`elasticsearch.slowlog.total_hits`*:: +*`crowdstrike.event.CommandLine`*:: + -- -Total hits +Executable path with command line arguments. -type: keyword -example: 42 +type: keyword -- -*`elasticsearch.slowlog.total_shards`*:: +*`crowdstrike.event.SHA256String`*:: + -- -Total queried shards +SHA256 sum of the executable associated with the detection. -type: keyword -example: 22 +type: keyword -- -*`elasticsearch.slowlog.routing`*:: +*`crowdstrike.event.MD5String`*:: + -- -Routing +MD5 sum of the executable associated with the detection. -type: keyword -example: s01HZ2QBk9jw4gtgaFtn +type: keyword -- -*`elasticsearch.slowlog.id`*:: +*`crowdstrike.event.MachineDomain`*:: + -- -Id +Domain for the machine associated with the detection. -type: keyword -example: +type: keyword -- -*`elasticsearch.slowlog.type`*:: +*`crowdstrike.event.FalconHostLink`*:: + -- -Type +URL to view the detection in Falcon. -type: keyword -example: doc +type: keyword -- -*`elasticsearch.slowlog.source`*:: +*`crowdstrike.event.SensorId`*:: + -- -Source of document that was indexed +Unique ID associated with the Falcon sensor. + type: keyword -- -[[exported-fields-envoyproxy]] -== Envoyproxy fields - -Module for handling logs produced by envoy - - - -[float] -=== envoyproxy - -Fields from envoy proxy logs after normalization - - - -*`envoyproxy.log_type`*:: +*`crowdstrike.event.DetectId`*:: + -- -Envoy log type, normally ACCESS +Unique ID associated with the detection. type: keyword -- -*`envoyproxy.response_flags`*:: +*`crowdstrike.event.LocalIP`*:: + -- -Response flags +IP address of the host associated with the detection. type: keyword -- -*`envoyproxy.upstream_service_time`*:: +*`crowdstrike.event.MACAddress`*:: + -- -Upstream service time in nanoseconds - +MAC address of the host associated with the detection. -type: long -format: duration +type: keyword -- -*`envoyproxy.request_id`*:: +*`crowdstrike.event.Tactic`*:: + -- -ID of the request +MITRE tactic category of the detection. type: keyword -- -*`envoyproxy.authority`*:: +*`crowdstrike.event.Technique`*:: + -- -Envoy proxy authority field +MITRE technique category of the detection. type: keyword -- -*`envoyproxy.proxy_type`*:: +*`crowdstrike.event.Objective`*:: + -- -Envoy proxy type, tcp or http +Method of detection. type: keyword -- -[[exported-fields-fortinet]] -== Fortinet fields - -fortinet Module - - - -[float] -=== fortinet - -Fields from fortinet FortiOS - - - -*`fortinet.file.hash.crc32`*:: +*`crowdstrike.event.PatternDispositionDescription`*:: + -- -CRC32 Hash of file +Action taken by Falcon. type: keyword -- -[float] -=== firewall - -Module for parsing Fortinet syslog. - - - -*`fortinet.firewall.acct_stat`*:: +*`crowdstrike.event.PatternDispositionValue`*:: + -- -Accounting state (RADIUS) +Unique ID associated with action taken. -type: keyword +type: integer -- -*`fortinet.firewall.acktime`*:: +*`crowdstrike.event.PatternDispositionFlags`*:: + -- -Alarm Acknowledge Time +Flags indicating actions taken. -type: keyword +type: object -- -*`fortinet.firewall.act`*:: +*`crowdstrike.event.State`*:: + -- -Action +Whether the incident summary is open and ongoing or closed. type: keyword -- -*`fortinet.firewall.action`*:: +*`crowdstrike.event.IncidentStartTime`*:: + -- -Status of the session +Start time for the incident in UTC UNIX format. -type: keyword +type: date -- -*`fortinet.firewall.activity`*:: +*`crowdstrike.event.IncidentEndTime`*:: + -- -HA activity message +End time for the incident in UTC UNIX format. -type: keyword +type: date -- -*`fortinet.firewall.addr`*:: +*`crowdstrike.event.FineScore`*:: + -- -IP Address +Score for incident. -type: ip +type: float -- -*`fortinet.firewall.addr_type`*:: +*`crowdstrike.event.UserId`*:: + -- -Address Type +Email address or user ID associated with the event. type: keyword -- -*`fortinet.firewall.addrgrp`*:: +*`crowdstrike.event.UserIp`*:: + -- -Address Group +IP address associated with the user. type: keyword -- -*`fortinet.firewall.adgroup`*:: +*`crowdstrike.event.OperationName`*:: + -- -AD Group Name +Event subtype. type: keyword -- -*`fortinet.firewall.admin`*:: +*`crowdstrike.event.ServiceName`*:: + -- -Admin User +Service associated with this event. type: keyword -- -*`fortinet.firewall.age`*:: +*`crowdstrike.event.Success`*:: + -- -Time in seconds - time passed since last seen +Indicator of whether or not this event was successful. -type: integer +type: boolean -- -*`fortinet.firewall.agent`*:: +*`crowdstrike.event.UTCTimestamp`*:: + -- -User agent - eg. agent="Mozilla/5.0" +Timestamp associated with this event in UTC UNIX format. -type: keyword +type: date -- -*`fortinet.firewall.alarmid`*:: +*`crowdstrike.event.AuditKeyValues`*:: + -- -Alarm ID +Fields that were changed in this event. -type: integer +type: nested -- -*`fortinet.firewall.alert`*:: +*`crowdstrike.event.SessionId`*:: + -- -Alert +Session ID of the remote response session. type: keyword -- -*`fortinet.firewall.analyticscksum`*:: +*`crowdstrike.event.HostnameField`*:: + -- -The checksum of the file submitted for analytics +Host name of the machine for the remote session. type: keyword -- -*`fortinet.firewall.analyticssubmit`*:: +*`crowdstrike.event.StartTimestamp`*:: + -- -The flag for analytics submission +Start time for the remote session in UTC UNIX format. -type: keyword +type: date -- -*`fortinet.firewall.ap`*:: +*`crowdstrike.event.EndTimestamp`*:: + -- -Access Point +End time for the remote session in UTC UNIX format. -type: keyword +type: date -- -*`fortinet.firewall.app-type`*:: -+ --- -Address Type +[[exported-fields-crowdstrike]] +== Crowdstrike fields +Module for collecting Crowdstrike events. -type: keyword --- -*`fortinet.firewall.appact`*:: +[float] +=== crowdstrike + +Fields for Crowdstrike Falcon event and alert data. + + + +[float] +=== metadata + +Meta data fields for each event that include type and timestamp. + + + +*`crowdstrike.metadata.eventType`*:: + -- -The security action from app control +DetectionSummaryEvent, IncidentSummaryEvent, RemoteResponseSessionStartEvent, RemoteResponseSessionEndEvent, AuthActivityAuditEvent, or UserActivityAuditEvent type: keyword -- -*`fortinet.firewall.appid`*:: +*`crowdstrike.metadata.eventCreationTime`*:: + -- -Application ID +The time this event occurred on the endpoint in UTC UNIX_MS format. -type: integer +type: date -- -*`fortinet.firewall.applist`*:: +*`crowdstrike.metadata.offset`*:: + -- -Application Control profile +Offset number that tracks the location of the event in stream. This is used to identify unique detection events. -type: keyword +type: integer -- -*`fortinet.firewall.apprisk`*:: +*`crowdstrike.metadata.customerIDString`*:: + -- -Application Risk Level +Customer identifier type: keyword -- -*`fortinet.firewall.apscan`*:: +*`crowdstrike.metadata.version`*:: + -- -The name of the AP, which scanned and detected the rogue AP +Schema version type: keyword -- -*`fortinet.firewall.apsn`*:: -+ --- -Access Point +[float] +=== event +Event data fields for each event and alert. -type: keyword --- -*`fortinet.firewall.apstatus`*:: +*`crowdstrike.event.ProcessStartTime`*:: + -- -Access Point status +The process start time in UTC UNIX_MS format. -type: keyword +type: date -- -*`fortinet.firewall.aptype`*:: +*`crowdstrike.event.ProcessEndTime`*:: + -- -Access Point type +The process termination time in UTC UNIX_MS format. -type: keyword +type: date -- -*`fortinet.firewall.assigned`*:: +*`crowdstrike.event.ProcessId`*:: + -- -Assigned IP Address +Process ID related to the detection. -type: ip +type: integer -- -*`fortinet.firewall.assignip`*:: +*`crowdstrike.event.ParentProcessId`*:: + -- -Assigned IP Address +Parent process ID related to the detection. -type: ip +type: integer -- -*`fortinet.firewall.attachment`*:: +*`crowdstrike.event.ComputerName`*:: + -- -The flag for email attachement +Name of the computer where the detection occurred. type: keyword -- -*`fortinet.firewall.attack`*:: +*`crowdstrike.event.UserName`*:: + -- -Attack Name +User name associated with the detection. type: keyword -- -*`fortinet.firewall.attackcontext`*:: +*`crowdstrike.event.DetectName`*:: + -- -The trigger patterns and the packetdata with base64 encoding +Name of the detection. type: keyword -- -*`fortinet.firewall.attackcontextid`*:: +*`crowdstrike.event.DetectDescription`*:: + -- -Attack context id / total +Description of the detection. type: keyword -- -*`fortinet.firewall.attackid`*:: +*`crowdstrike.event.Severity`*:: + -- -Attack ID +Severity score of the detection. type: integer -- -*`fortinet.firewall.auditid`*:: +*`crowdstrike.event.SeverityName`*:: + -- -Audit ID +Severity score text. -type: long +type: keyword -- -*`fortinet.firewall.auditscore`*:: +*`crowdstrike.event.FileName`*:: + -- -The Audit Score +File name of the associated process for the detection. type: keyword -- -*`fortinet.firewall.audittime`*:: +*`crowdstrike.event.FilePath`*:: + -- -The time of the audit +Path of the executable associated with the detection. -type: long +type: keyword -- -*`fortinet.firewall.authgrp`*:: +*`crowdstrike.event.CommandLine`*:: + -- -Authorization Group +Executable path with command line arguments. type: keyword -- -*`fortinet.firewall.authid`*:: +*`crowdstrike.event.SHA256String`*:: + -- -Authentication ID +SHA256 sum of the executable associated with the detection. type: keyword -- -*`fortinet.firewall.authproto`*:: +*`crowdstrike.event.MD5String`*:: + -- -The protocol that initiated the authentication +MD5 sum of the executable associated with the detection. type: keyword -- -*`fortinet.firewall.authserver`*:: +*`crowdstrike.event.MachineDomain`*:: + -- -Authentication server +Domain for the machine associated with the detection. type: keyword -- -*`fortinet.firewall.bandwidth`*:: +*`crowdstrike.event.FalconHostLink`*:: + -- -Bandwidth +URL to view the detection in Falcon. type: keyword -- -*`fortinet.firewall.banned_rule`*:: +*`crowdstrike.event.SensorId`*:: + -- -NAC quarantine Banned Rule Name +Unique ID associated with the Falcon sensor. type: keyword -- -*`fortinet.firewall.banned_src`*:: +*`crowdstrike.event.DetectId`*:: + -- -NAC quarantine Banned Source IP +Unique ID associated with the detection. type: keyword -- -*`fortinet.firewall.banword`*:: +*`crowdstrike.event.LocalIP`*:: + -- -Banned word +IP address of the host associated with the detection. type: keyword -- -*`fortinet.firewall.botnetdomain`*:: +*`crowdstrike.event.MACAddress`*:: + -- -Botnet Domain Name +MAC address of the host associated with the detection. type: keyword -- -*`fortinet.firewall.botnetip`*:: +*`crowdstrike.event.Tactic`*:: + -- -Botnet IP Address +MITRE tactic category of the detection. -type: ip +type: keyword -- -*`fortinet.firewall.bssid`*:: +*`crowdstrike.event.Technique`*:: + -- -Service Set ID +MITRE technique category of the detection. type: keyword -- -*`fortinet.firewall.call_id`*:: +*`crowdstrike.event.Objective`*:: + -- -Caller ID +Method of detection. type: keyword -- -*`fortinet.firewall.carrier_ep`*:: +*`crowdstrike.event.PatternDispositionDescription`*:: + -- -The FortiOS Carrier end-point identification +Action taken by Falcon. type: keyword -- -*`fortinet.firewall.cat`*:: +*`crowdstrike.event.PatternDispositionValue`*:: + -- -DNS category ID +Unique ID associated with action taken. type: integer -- -*`fortinet.firewall.category`*:: +*`crowdstrike.event.PatternDispositionFlags`*:: + -- -Authentication category +Flags indicating actions taken. -type: keyword +type: object -- -*`fortinet.firewall.cc`*:: +*`crowdstrike.event.State`*:: + -- -CC Email Address +Whether the incident summary is open and ongoing or closed. type: keyword -- -*`fortinet.firewall.cdrcontent`*:: +*`crowdstrike.event.IncidentStartTime`*:: + -- -Cdrcontent +Start time for the incident in UTC UNIX format. -type: keyword +type: date -- -*`fortinet.firewall.centralnatid`*:: +*`crowdstrike.event.IncidentEndTime`*:: + -- -Central NAT ID +End time for the incident in UTC UNIX format. -type: integer +type: date -- -*`fortinet.firewall.cert`*:: +*`crowdstrike.event.FineScore`*:: + -- -Certificate +Score for incident. -type: keyword +type: float -- -*`fortinet.firewall.cert-type`*:: +*`crowdstrike.event.UserId`*:: + -- -Certificate type +Email address or user ID associated with the event. type: keyword -- -*`fortinet.firewall.certhash`*:: +*`crowdstrike.event.UserIp`*:: + -- -Certificate hash +IP address associated with the user. type: keyword -- -*`fortinet.firewall.cfgattr`*:: +*`crowdstrike.event.OperationName`*:: + -- -Configuration attribute +Event subtype. type: keyword -- -*`fortinet.firewall.cfgobj`*:: +*`crowdstrike.event.ServiceName`*:: + -- -Configuration object +Service associated with this event. type: keyword -- -*`fortinet.firewall.cfgpath`*:: +*`crowdstrike.event.Success`*:: + -- -Configuration path +Indicator of whether or not this event was successful. -type: keyword +type: boolean -- -*`fortinet.firewall.cfgtid`*:: +*`crowdstrike.event.UTCTimestamp`*:: + -- -Configuration transaction ID +Timestamp associated with this event in UTC UNIX format. -type: keyword +type: date -- -*`fortinet.firewall.cfgtxpower`*:: +*`crowdstrike.event.AuditKeyValues`*:: + -- -Configuration TX power +Fields that were changed in this event. -type: integer +type: nested -- -*`fortinet.firewall.channel`*:: +*`crowdstrike.event.SessionId`*:: + -- -Wireless Channel +Session ID of the remote response session. -type: integer +type: keyword -- -*`fortinet.firewall.channeltype`*:: +*`crowdstrike.event.HostnameField`*:: + -- -SSH channel type +Host name of the machine for the remote session. type: keyword -- -*`fortinet.firewall.chassisid`*:: +*`crowdstrike.event.StartTimestamp`*:: + -- -Chassis ID +Start time for the remote session in UTC UNIX format. -type: integer +type: date -- -*`fortinet.firewall.checksum`*:: +*`crowdstrike.event.EndTimestamp`*:: + -- -The checksum of the scanned file +End time for the remote session in UTC UNIX format. -type: keyword +type: date -- -*`fortinet.firewall.chgheaders`*:: -+ --- -HTTP Headers +[[exported-fields-docker-processor]] +== Docker fields +Docker stats collected from Docker. -type: keyword --- -*`fortinet.firewall.cldobjid`*:: + +*`docker.container.id`*:: + -- -Connector object ID - +type: alias -type: keyword +alias to: container.id -- -*`fortinet.firewall.client_addr`*:: +*`docker.container.image`*:: + -- -Wifi client address - +type: alias -type: keyword +alias to: container.image.name -- -*`fortinet.firewall.cloudaction`*:: +*`docker.container.name`*:: + -- -Cloud Action - +type: alias -type: keyword +alias to: container.name -- -*`fortinet.firewall.clouduser`*:: +*`docker.container.labels`*:: + -- -Cloud User +Image labels. -type: keyword +type: object -- -*`fortinet.firewall.column`*:: +[[exported-fields-ecs]] +== ECS fields + +ECS Fields. + + +*`@timestamp`*:: + -- -VOIP Column +Date/time when the event originated. +This is the date/time extracted from the event, typically representing when the event was generated by the source. +If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. +Required field for all events. +type: date -type: integer +example: 2016-05-23T08:05:34.853Z + +required: True -- -*`fortinet.firewall.command`*:: +*`labels`*:: + -- -CLI Command +Custom key/value pairs. +Can be used to add meta information to events. Should not contain nested objects. All values are stored as keyword. +Example: `docker` and `k8s` labels. +type: object -type: keyword +example: {"application": "foo-bar", "env": "production"} -- -*`fortinet.firewall.community`*:: +*`message`*:: + -- -SNMP Community +For log events the message field contains the log message, optimized for viewing in a log viewer. +For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. +If multiple messages exist, they can be combined into one message. +type: text -type: keyword +example: Hello World -- -*`fortinet.firewall.configcountry`*:: +*`tags`*:: + -- -Configuration country - +List of keywords used to tag each event. type: keyword --- +example: ["production", "env2"] -*`fortinet.firewall.connection_type`*:: -+ -- -FortiClient Connection Type +[float] +=== agent -type: keyword +The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host. +Examples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken. --- -*`fortinet.firewall.conserve`*:: +*`agent.ephemeral_id`*:: + -- -Flag for conserve mode - +Ephemeral identifier of this agent (if one exists). +This id normally changes across restarts, but `agent.id` does not. type: keyword +example: 8a4f500f + -- -*`fortinet.firewall.constraint`*:: +*`agent.id`*:: + -- -WAF http protocol restrictions - +Unique identifier of this agent (if one exists). +Example: For Beats this would be beat.id. type: keyword +example: 8a4f500d + -- -*`fortinet.firewall.contentdisarmed`*:: +*`agent.name`*:: + -- -Email scanned content - +Custom name of the agent. +This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. +If no name is given, the name is often left empty. type: keyword +example: foo + -- -*`fortinet.firewall.contenttype`*:: +*`agent.type`*:: + -- -Content Type from HTTP header - +Type of the agent. +The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine. type: keyword +example: filebeat + -- -*`fortinet.firewall.cookies`*:: +*`agent.version`*:: + -- -VPN Cookie - +Version of the agent. type: keyword --- +example: 6.0.0-rc2 -*`fortinet.firewall.count`*:: -+ -- -Counts of action type +[float] +=== as -type: integer +An autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain that presents a common, clearly defined routing policy to the internet. --- -*`fortinet.firewall.countapp`*:: +*`as.number`*:: + -- -Number of App Ctrl logs associated with the session +Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. +type: long -type: integer +example: 15169 -- -*`fortinet.firewall.countav`*:: +*`as.organization.name`*:: + -- -Number of AV logs associated with the session +Organization name. +type: keyword -type: integer +example: Google LLC -- -*`fortinet.firewall.countcifs`*:: +*`as.organization.name.text`*:: + -- -Number of CIFS logs associated with the session +type: text +-- -type: integer +[float] +=== client --- +A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records. +For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjunction with server fields. Client fields are generally not populated for packet-level events. +Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately. -*`fortinet.firewall.countdlp`*:: + +*`client.address`*:: + -- -Number of DLP logs associated with the session - +Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. -type: integer +type: keyword -- -*`fortinet.firewall.countdns`*:: +*`client.as.number`*:: + -- -Number of DNS logs associated with the session +Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. +type: long -type: integer +example: 15169 -- -*`fortinet.firewall.countemail`*:: +*`client.as.organization.name`*:: + -- -Number of email logs associated with the session +Organization name. +type: keyword -type: integer +example: Google LLC -- -*`fortinet.firewall.countff`*:: +*`client.as.organization.name.text`*:: + -- -Number of ff logs associated with the session - - -type: integer +type: text -- -*`fortinet.firewall.countips`*:: +*`client.bytes`*:: + -- -Number of IPS logs associated with the session +Bytes sent from the client to the server. + +type: long +example: 184 -type: integer +format: bytes -- -*`fortinet.firewall.countssh`*:: +*`client.domain`*:: + -- -Number of SSH logs associated with the session - +Client domain. -type: integer +type: keyword -- -*`fortinet.firewall.countssl`*:: +*`client.geo.city_name`*:: + -- -Number of SSL logs associated with the session +City name. +type: keyword -type: integer +example: Montreal -- -*`fortinet.firewall.countwaf`*:: +*`client.geo.continent_name`*:: + -- -Number of WAF logs associated with the session +Name of the continent. +type: keyword -type: integer +example: North America -- -*`fortinet.firewall.countweb`*:: +*`client.geo.country_iso_code`*:: + -- -Number of Web filter logs associated with the session +Country ISO code. +type: keyword -type: integer +example: CA -- -*`fortinet.firewall.cpu`*:: +*`client.geo.country_name`*:: + -- -CPU Usage +Country name. +type: keyword -type: integer +example: Canada -- -*`fortinet.firewall.craction`*:: +*`client.geo.location`*:: + -- -Client Reputation Action +Longitude and latitude. +type: geo_point -type: integer +example: { "lon": -73.614830, "lat": 45.505918 } -- -*`fortinet.firewall.criticalcount`*:: +*`client.geo.name`*:: + -- -Number of critical ratings +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. +type: keyword -type: integer +example: boston-dc -- -*`fortinet.firewall.crl`*:: +*`client.geo.region_iso_code`*:: + -- -Client Reputation Level - +Region ISO code. type: keyword +example: CA-QC + -- -*`fortinet.firewall.crlevel`*:: +*`client.geo.region_name`*:: + -- -Client Reputation Level - +Region name. type: keyword +example: Quebec + -- -*`fortinet.firewall.crscore`*:: +*`client.ip`*:: + -- -Some description - +IP address of the client. +Can be one or multiple IPv4 or IPv6 addresses. -type: integer +type: ip -- -*`fortinet.firewall.cveid`*:: +*`client.mac`*:: + -- -CVE ID - +MAC address of the client. type: keyword -- -*`fortinet.firewall.daemon`*:: +*`client.nat.ip`*:: + -- -Daemon name - +Translated IP of source based NAT sessions (e.g. internal client to internet). +Typically connections traversing load balancers, firewalls, or routers. -type: keyword +type: ip -- -*`fortinet.firewall.datarange`*:: +*`client.nat.port`*:: + -- -Data range for reports +Translated port of source based NAT sessions (e.g. internal client to internet). +Typically connections traversing load balancers, firewalls, or routers. +type: long -type: keyword +format: string -- -*`fortinet.firewall.date`*:: +*`client.packets`*:: + -- -Date +Packets sent from the client to the server. +type: long -type: keyword +example: 12 -- -*`fortinet.firewall.ddnsserver`*:: +*`client.port`*:: + -- -DDNS server +Port of the client. +type: long -type: ip +format: string -- -*`fortinet.firewall.desc`*:: +*`client.registered_domain`*:: + -- -Description - +The highest registered client domain, stripped of the subdomain. +For example, the registered domain for "foo.google.com" is "google.com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". type: keyword +example: google.com + -- -*`fortinet.firewall.detectionmethod`*:: +*`client.top_level_domain`*:: + -- -Detection method - +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". type: keyword +example: co.uk + -- -*`fortinet.firewall.devcategory`*:: +*`client.user.domain`*:: + -- -Device category - +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. type: keyword -- -*`fortinet.firewall.devintfname`*:: +*`client.user.email`*:: + -- -HA device Interface Name - +User email address. type: keyword -- -*`fortinet.firewall.devtype`*:: +*`client.user.full_name`*:: + -- -Device type - +User's full name, if available. type: keyword +example: Albert Einstein + -- -*`fortinet.firewall.dhcp_msg`*:: +*`client.user.full_name.text`*:: + -- -DHCP Message - - -type: keyword +type: text -- -*`fortinet.firewall.dintf`*:: +*`client.user.group.domain`*:: + -- -Destination interface - +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. type: keyword -- -*`fortinet.firewall.disk`*:: +*`client.user.group.id`*:: + -- -Assosciated disk - +Unique identifier for the group on the system/platform. type: keyword -- -*`fortinet.firewall.disklograte`*:: +*`client.user.group.name`*:: + -- -Disk logging rate - +Name of the group. -type: long +type: keyword -- -*`fortinet.firewall.dlpextra`*:: +*`client.user.hash`*:: + -- -DLP extra information - +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. type: keyword -- -*`fortinet.firewall.docsource`*:: +*`client.user.id`*:: + -- -DLP fingerprint document source - +Unique identifiers of the user. type: keyword -- -*`fortinet.firewall.domainctrlauthstate`*:: +*`client.user.name`*:: + -- -CIFS domain auth state +Short name or login of the user. +type: keyword -type: integer +example: albert -- -*`fortinet.firewall.domainctrlauthtype`*:: +*`client.user.name.text`*:: + -- -CIFS domain auth type +type: text +-- -type: integer +[float] +=== cloud --- +Fields related to the cloud or infrastructure the events are coming from. -*`fortinet.firewall.domainctrldomain`*:: + +*`cloud.account.id`*:: + -- -CIFS domain auth domain - +The cloud account or organization id used to identify different entities in a multi-tenant environment. +Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. type: keyword +example: 666777888999 + -- -*`fortinet.firewall.domainctrlip`*:: +*`cloud.availability_zone`*:: + -- -CIFS Domain IP +Availability zone in which this host is running. +type: keyword -type: ip +example: us-east-1c -- -*`fortinet.firewall.domainctrlname`*:: +*`cloud.instance.id`*:: + -- -CIFS Domain name - +Instance ID of the host machine. type: keyword +example: i-1234567890abcdef0 + -- -*`fortinet.firewall.domainctrlprotocoltype`*:: +*`cloud.instance.name`*:: + -- -CIFS Domain connection protocol - +Instance name of the host machine. -type: integer +type: keyword -- -*`fortinet.firewall.domainctrlusername`*:: +*`cloud.machine.type`*:: + -- -CIFS Domain username - +Machine type of the host machine. type: keyword +example: t2.medium + -- -*`fortinet.firewall.domainfilteridx`*:: +*`cloud.provider`*:: + -- -Domain filter ID +Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. +type: keyword -type: integer +example: aws -- -*`fortinet.firewall.domainfilterlist`*:: +*`cloud.region`*:: + -- -Domain filter name - +Region in which this host is running. type: keyword --- +example: us-east-1 -*`fortinet.firewall.ds`*:: -+ -- -Direction with distribution system +[float] +=== code_signature -type: keyword +These fields contain information about binary code signatures. --- -*`fortinet.firewall.dst_int`*:: +*`code_signature.exists`*:: + -- -Destination interface +Boolean to capture if a signature is present. +type: boolean -type: keyword +example: true -- -*`fortinet.firewall.dstintfrole`*:: +*`code_signature.status`*:: + -- -Destination interface role - +Additional information about the certificate status. +This is useful for logging cryptographic errors with the certificate validity or trust status. Leave unpopulated if the validity or trust of the certificate was unchecked. type: keyword +example: ERROR_UNTRUSTED_ROOT + -- -*`fortinet.firewall.dstcountry`*:: +*`code_signature.subject_name`*:: + -- -Destination country - +Subject name of the code signer type: keyword +example: Microsoft Corporation + -- -*`fortinet.firewall.dstdevcategory`*:: +*`code_signature.trusted`*:: + -- -Destination device category +Stores the trust status of the certificate chain. +Validating the trust of the certificate chain may be complicated, and this field should only be populated by tools that actively check the status. +type: boolean -type: keyword +example: true -- -*`fortinet.firewall.dstdevtype`*:: +*`code_signature.valid`*:: + -- -Destination device type +Boolean to capture if the digital signature is verified against the binary content. +Leave unpopulated if a certificate was unchecked. +type: boolean -type: keyword +example: true -- -*`fortinet.firewall.dstfamily`*:: +[float] +=== container + +Container fields are used for meta information about the specific container that is the source of information. +These fields help correlate data based containers from any runtime. + + +*`container.id`*:: + -- -Destination OS family - +Unique container id. type: keyword -- -*`fortinet.firewall.dsthwvendor`*:: +*`container.image.name`*:: + -- -Destination HW vendor - +Name of the image the container was built on. type: keyword -- -*`fortinet.firewall.dsthwversion`*:: +*`container.image.tag`*:: + -- -Destination HW version - +Container image tags. type: keyword -- -*`fortinet.firewall.dstinetsvc`*:: +*`container.labels`*:: + -- -Destination interface service - +Image labels. -type: keyword +type: object -- -*`fortinet.firewall.dstosname`*:: +*`container.name`*:: + -- -Destination OS name - +Container name. type: keyword -- -*`fortinet.firewall.dstosversion`*:: +*`container.runtime`*:: + -- -Destination OS version - +Runtime managing this container. type: keyword --- +example: docker -*`fortinet.firewall.dstserver`*:: -+ -- -Destination server +[float] +=== destination -type: integer +Destination fields describe details about the destination of a packet/event. +Destination fields are usually populated in conjunction with source fields. --- -*`fortinet.firewall.dstssid`*:: +*`destination.address`*:: + -- -Destination SSID - +Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. type: keyword -- -*`fortinet.firewall.dstswversion`*:: +*`destination.as.number`*:: + -- -Destination software version +Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. +type: long -type: keyword +example: 15169 -- -*`fortinet.firewall.dstunauthusersource`*:: +*`destination.as.organization.name`*:: + -- -Destination unauthenticated source - +Organization name. type: keyword +example: Google LLC + -- -*`fortinet.firewall.dstuuid`*:: +*`destination.as.organization.name.text`*:: + -- -UUID of the Destination IP address - - -type: keyword +type: text -- -*`fortinet.firewall.duid`*:: +*`destination.bytes`*:: + -- -DHCP UID +Bytes sent from the destination to the source. +type: long -type: keyword +example: 184 + +format: bytes -- -*`fortinet.firewall.eapolcnt`*:: +*`destination.domain`*:: + -- -EAPOL packet count - +Destination domain. -type: integer +type: keyword -- -*`fortinet.firewall.eapoltype`*:: +*`destination.geo.city_name`*:: + -- -EAPOL packet type - +City name. type: keyword +example: Montreal + -- -*`fortinet.firewall.encrypt`*:: +*`destination.geo.continent_name`*:: + -- -Whether the packet is encrypted or not +Name of the continent. +type: keyword -type: integer +example: North America -- -*`fortinet.firewall.encryption`*:: +*`destination.geo.country_iso_code`*:: + -- -Encryption method - +Country ISO code. type: keyword +example: CA + -- -*`fortinet.firewall.epoch`*:: +*`destination.geo.country_name`*:: + -- -Epoch used for locating file +Country name. +type: keyword -type: integer +example: Canada -- -*`fortinet.firewall.espauth`*:: +*`destination.geo.location`*:: + -- -ESP Authentication +Longitude and latitude. +type: geo_point -type: keyword +example: { "lon": -73.614830, "lat": 45.505918 } -- -*`fortinet.firewall.esptransform`*:: +*`destination.geo.name`*:: + -- -ESP Transform - +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. type: keyword +example: boston-dc + -- -*`fortinet.firewall.exch`*:: +*`destination.geo.region_iso_code`*:: + -- -Mail Exchanges from DNS response answer section - +Region ISO code. type: keyword +example: CA-QC + -- -*`fortinet.firewall.exchange`*:: +*`destination.geo.region_name`*:: + -- -Mail Exchanges from DNS response answer section - +Region name. type: keyword +example: Quebec + -- -*`fortinet.firewall.expectedsignature`*:: +*`destination.ip`*:: + -- -Expected SSL signature - +IP address of the destination. +Can be one or multiple IPv4 or IPv6 addresses. -type: keyword +type: ip -- -*`fortinet.firewall.expiry`*:: +*`destination.mac`*:: + -- -FortiGuard override expiry timestamp - +MAC address of the destination. type: keyword -- -*`fortinet.firewall.fams_pause`*:: +*`destination.nat.ip`*:: + -- -Fortinet Analysis and Management Service Pause - +Translated ip of destination based NAT sessions (e.g. internet to private DMZ) +Typically used with load balancers, firewalls, or routers. -type: integer +type: ip -- -*`fortinet.firewall.fazlograte`*:: +*`destination.nat.port`*:: + -- -FortiAnalyzer Logging Rate - +Port the source session is translated to by NAT Device. +Typically used with load balancers, firewalls, or routers. type: long +format: string + -- -*`fortinet.firewall.fctemssn`*:: +*`destination.packets`*:: + -- -FortiClient Endpoint SSN +Packets sent from the destination to the source. +type: long -type: keyword +example: 12 -- -*`fortinet.firewall.fctuid`*:: +*`destination.port`*:: + -- -FortiClient UID +Port of the destination. +type: long -type: keyword +format: string -- -*`fortinet.firewall.field`*:: +*`destination.registered_domain`*:: + -- -NTP status field - +The highest registered destination domain, stripped of the subdomain. +For example, the registered domain for "foo.google.com" is "google.com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". type: keyword +example: google.com + -- -*`fortinet.firewall.filefilter`*:: +*`destination.top_level_domain`*:: + -- -The filter used to identify the affected file - +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". type: keyword +example: co.uk + -- -*`fortinet.firewall.filehashsrc`*:: +*`destination.user.domain`*:: + -- -Filehash source - +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. type: keyword -- -*`fortinet.firewall.filtercat`*:: +*`destination.user.email`*:: + -- -DLP filter category - +User email address. type: keyword -- -*`fortinet.firewall.filteridx`*:: +*`destination.user.full_name`*:: + -- -DLP filter ID +User's full name, if available. +type: keyword -type: integer +example: Albert Einstein -- -*`fortinet.firewall.filtername`*:: +*`destination.user.full_name.text`*:: + -- -DLP rule name - - -type: keyword +type: text -- -*`fortinet.firewall.filtertype`*:: +*`destination.user.group.domain`*:: + -- -DLP filter type - +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. type: keyword -- -*`fortinet.firewall.fortiguardresp`*:: +*`destination.user.group.id`*:: + -- -Antispam ESP value - +Unique identifier for the group on the system/platform. type: keyword -- -*`fortinet.firewall.forwardedfor`*:: +*`destination.user.group.name`*:: + -- -Email address forwarded - +Name of the group. type: keyword -- -*`fortinet.firewall.fqdn`*:: +*`destination.user.hash`*:: + -- -FQDN - +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. type: keyword -- -*`fortinet.firewall.frametype`*:: +*`destination.user.id`*:: + -- -Wireless frametype - +Unique identifiers of the user. type: keyword -- -*`fortinet.firewall.freediskstorage`*:: +*`destination.user.name`*:: + -- -Free disk integer +Short name or login of the user. +type: keyword -type: integer +example: albert -- -*`fortinet.firewall.from`*:: +*`destination.user.name.text`*:: + -- -From email address - - -type: keyword +type: text -- -*`fortinet.firewall.from_vcluster`*:: -+ --- -Source virtual cluster number +[float] +=== dll +These fields contain information about code libraries dynamically loaded into processes. -type: integer +Many operating systems refer to "shared code libraries" with different names, but this field set refers to all of the following: +* Dynamic-link library (`.dll`) commonly used on Windows +* Shared Object (`.so`) commonly used on Unix-like operating systems +* Dynamic library (`.dylib`) commonly used on macOS --- -*`fortinet.firewall.fsaverdict`*:: +*`dll.code_signature.exists`*:: + -- -FSA verdict +Boolean to capture if a signature is present. +type: boolean -type: keyword +example: true -- -*`fortinet.firewall.fwserver_name`*:: +*`dll.code_signature.status`*:: + -- -Web proxy server name - +Additional information about the certificate status. +This is useful for logging cryptographic errors with the certificate validity or trust status. Leave unpopulated if the validity or trust of the certificate was unchecked. type: keyword +example: ERROR_UNTRUSTED_ROOT + -- -*`fortinet.firewall.gateway`*:: +*`dll.code_signature.subject_name`*:: + -- -Gateway ip address for PPPoE status report +Subject name of the code signer +type: keyword -type: ip +example: Microsoft Corporation -- -*`fortinet.firewall.green`*:: +*`dll.code_signature.trusted`*:: + -- -Memory status +Stores the trust status of the certificate chain. +Validating the trust of the certificate chain may be complicated, and this field should only be populated by tools that actively check the status. +type: boolean -type: keyword +example: true -- -*`fortinet.firewall.groupid`*:: +*`dll.code_signature.valid`*:: + -- -User Group ID +Boolean to capture if the digital signature is verified against the binary content. +Leave unpopulated if a certificate was unchecked. +type: boolean -type: integer +example: true -- -*`fortinet.firewall.ha-prio`*:: +*`dll.hash.md5`*:: + -- -HA Priority - +MD5 hash. -type: integer +type: keyword -- -*`fortinet.firewall.ha_group`*:: +*`dll.hash.sha1`*:: + -- -HA Group - +SHA1 hash. type: keyword -- -*`fortinet.firewall.ha_role`*:: +*`dll.hash.sha256`*:: + -- -HA Role - +SHA256 hash. type: keyword -- -*`fortinet.firewall.handshake`*:: +*`dll.hash.sha512`*:: + -- -SSL Handshake - +SHA512 hash. type: keyword -- -*`fortinet.firewall.hash`*:: +*`dll.name`*:: + -- -Hash value of downloaded file - +Name of the library. +This generally maps to the name of the file on disk. type: keyword +example: kernel32.dll + -- -*`fortinet.firewall.hbdn_reason`*:: +*`dll.path`*:: + -- -Heartbeat down reason - +Full file path of the library. type: keyword +example: C:\Windows\System32\kernel32.dll + -- -*`fortinet.firewall.highcount`*:: +*`dll.pe.company`*:: + -- -Highcount fabric summary +Internal company name of the file, provided at compile-time. +type: keyword -type: integer +example: Microsoft Corporation -- -*`fortinet.firewall.host`*:: +*`dll.pe.description`*:: + -- -Hostname - +Internal description of the file, provided at compile-time. type: keyword +example: Paint + -- -*`fortinet.firewall.iaid`*:: +*`dll.pe.file_version`*:: + -- -DHCPv6 id - +Internal version of the file, provided at compile-time. type: keyword +example: 6.3.9600.17415 + -- -*`fortinet.firewall.icmpcode`*:: +*`dll.pe.original_file_name`*:: + -- -Destination Port of the ICMP message - +Internal name of the file, provided at compile-time. type: keyword +example: MSPAINT.EXE + -- -*`fortinet.firewall.icmpid`*:: +*`dll.pe.product`*:: + -- -Source port of the ICMP message - +Internal product name of the file, provided at compile-time. type: keyword --- +example: Microsoft® Windows® Operating System -*`fortinet.firewall.icmptype`*:: -+ -- -The type of ICMP message +[float] +=== dns -type: keyword +Fields describing DNS queries and answers. +DNS events should either represent a single DNS query prior to getting answers (`dns.type:query`) or they should represent a full exchange and contain the query details as well as all of the answers that were provided for this query (`dns.type:answer`). --- -*`fortinet.firewall.identifier`*:: +*`dns.answers`*:: + -- -Network traffic identifier - +An array containing an object for each answer section returned by the server. +The main keys that should be present in these objects are defined by ECS. Records that have more information may contain more keys than what ECS defines. +Not all DNS data sources give all details about DNS answers. At minimum, answer objects must contain the `data` key. If more information is available, map as much of it to ECS as possible, and add any additional fields to the answer objects as custom fields. -type: integer +type: object -- -*`fortinet.firewall.in_spi`*:: +*`dns.answers.class`*:: + -- -IPSEC inbound SPI - +The class of DNS data contained in this resource record. type: keyword +example: IN + -- -*`fortinet.firewall.incidentserialno`*:: +*`dns.answers.data`*:: + -- -Incident serial number +The data describing the resource. +The meaning of this data depends on the type and class of the resource record. +type: keyword -type: integer +example: 10.10.10.10 -- -*`fortinet.firewall.infected`*:: +*`dns.answers.name`*:: + -- -Infected MMS +The domain name to which this resource record pertains. +If a chain of CNAME is being resolved, each answer's `name` should be the one that corresponds with the answer's `data`. It should not simply be the original `question.name` repeated. +type: keyword -type: integer +example: www.google.com -- -*`fortinet.firewall.infectedfilelevel`*:: +*`dns.answers.ttl`*:: + -- -DLP infected file level +The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached. +type: long -type: integer +example: 180 -- -*`fortinet.firewall.informationsource`*:: +*`dns.answers.type`*:: + -- -Information source - +The type of data contained in this resource record. type: keyword +example: CNAME + -- -*`fortinet.firewall.init`*:: +*`dns.header_flags`*:: + -- -IPSEC init stage - +Array of 2 letter DNS header flags. +Expected values are: AA, TC, RD, RA, AD, CD, DO. type: keyword +example: ['RD', 'RA'] + -- -*`fortinet.firewall.initiator`*:: +*`dns.id`*:: + -- -Original login user name for Fortiguard override - +The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response. type: keyword +example: 62111 + -- -*`fortinet.firewall.interface`*:: +*`dns.op_code`*:: + -- -Related interface - +The DNS operation code that specifies the kind of query in the message. This value is set by the originator of a query and copied into the response. type: keyword +example: QUERY + -- -*`fortinet.firewall.intf`*:: +*`dns.question.class`*:: + -- -Related interface - +The class of records being queried. type: keyword +example: IN + -- -*`fortinet.firewall.invalidmac`*:: +*`dns.question.name`*:: + -- -The MAC address with invalid OUI - +The name being queried. +If the name field contains non-printable characters (below 32 or above 126), those characters should be represented as escaped base 10 integers (\DDD). Back slashes and quotes should be escaped. Tabs, carriage returns, and line feeds should be converted to \t, \r, and \n respectively. type: keyword +example: www.google.com + -- -*`fortinet.firewall.ip`*:: +*`dns.question.registered_domain`*:: + -- -Related IP +The highest registered domain, stripped of the subdomain. +For example, the registered domain for "foo.google.com" is "google.com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". +type: keyword -type: ip +example: google.com -- -*`fortinet.firewall.iptype`*:: +*`dns.question.subdomain`*:: + -- -Related IP type - +The subdomain is all of the labels under the registered_domain. +If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. type: keyword +example: www + -- -*`fortinet.firewall.keyword`*:: +*`dns.question.top_level_domain`*:: + -- -Keyword used for search - +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". type: keyword +example: co.uk + -- -*`fortinet.firewall.kind`*:: +*`dns.question.type`*:: + -- -VOIP kind - +The type of record being queried. type: keyword +example: AAAA + -- -*`fortinet.firewall.lanin`*:: +*`dns.resolved_ip`*:: + -- -LAN incoming traffic in bytes +Array containing all IPs seen in `answers.data`. +The `answers` array can be difficult to use, because of the variety of data formats it can contain. Extracting all IP addresses seen in there to `dns.resolved_ip` makes it possible to index them as IP addresses, and makes them easier to visualize and query for. +type: ip -type: long +example: ['10.10.10.10', '10.10.10.11'] -- -*`fortinet.firewall.lanout`*:: +*`dns.response_code`*:: + -- -LAN outbound traffic in bytes +The DNS response code. +type: keyword -type: long +example: NOERROR -- -*`fortinet.firewall.lease`*:: +*`dns.type`*:: + -- -DHCP lease +The type of DNS event captured, query or answer. +If your source of DNS events only gives you DNS queries, you should only create dns events of type `dns.type:query`. +If your source of DNS events gives you answers as well, you should create one event per query (optionally as soon as the query is seen). And a second event containing all query details as well as an array of answers. +type: keyword -type: integer +example: answer -- -*`fortinet.firewall.license_limit`*:: +[float] +=== ecs + +Meta-information specific to ECS. + + +*`ecs.version`*:: + -- -Maximum Number of FortiClients for the License - +ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. +When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. type: keyword --- +example: 1.0.0 + +required: True -*`fortinet.firewall.limit`*:: -+ -- -Virtual Domain Resource Limit +[float] +=== error -type: integer +These fields can represent errors of any kind. +Use them for errors that happen while fetching events or in cases where the event itself contains an error. --- -*`fortinet.firewall.line`*:: +*`error.code`*:: + -- -VOIP line - +Error code describing the error. type: keyword -- -*`fortinet.firewall.live`*:: +*`error.id`*:: + -- -Time in seconds - +Unique identifier for the error. -type: integer +type: keyword -- -*`fortinet.firewall.local`*:: +*`error.message`*:: + -- -Local IP for a PPPD Connection - +Error message. -type: ip +type: text -- -*`fortinet.firewall.log`*:: +*`error.stack_trace`*:: + -- -Log message - +The stack trace of this error in plain text. type: keyword -- -*`fortinet.firewall.login`*:: +*`error.stack_trace.text`*:: + -- -SSH login - - -type: keyword +type: text -- -*`fortinet.firewall.lowcount`*:: +*`error.type`*:: + -- -Fabric lowcount +The type of the error, for example the class name of the exception. +type: keyword -type: integer +example: java.lang.NullPointerException -- -*`fortinet.firewall.mac`*:: +[float] +=== event + +The event fields are used for context information about the log or metric event itself. +A log is defined as an event containing details of something that happened. Log events must include the time at which the thing happened. Examples of log events include a process starting on a host, a network packet being sent from a source to a destination, or a network connection between a client and a server being initiated or closed. A metric is defined as an event containing one or more numerical measurements and the time at which the measurement was taken. Examples of metric events include memory pressure measured on a host and device temperature. See the `event.kind` definition in this section for additional details about metric and state events. + + +*`event.action`*:: + -- -DHCP mac address - +The action captured by the event. +This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. type: keyword +example: user-password-change + -- -*`fortinet.firewall.malform_data`*:: +*`event.category`*:: + -- -VOIP malformed data +This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. +`event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. +This field is an array. This will allow proper categorization of some events that fall in multiple categories. +type: keyword -type: integer +example: authentication -- -*`fortinet.firewall.malform_desc`*:: +*`event.code`*:: + -- -VOIP malformed data description - +Identification code for this event, if one exists. +Some event sources use event codes to identify messages unambiguously, regardless of message language or wording adjustments over time. An example of this is the Windows Event ID. type: keyword +example: 4648 + -- -*`fortinet.firewall.manuf`*:: +*`event.created`*:: + -- -Manufacturer name +event.created contains the date/time when the event was first read by an agent, or by your pipeline. +This field is distinct from @timestamp in that @timestamp typically contain the time extracted from the original event. +In most situations, these two timestamps will be slightly different. The difference can be used to calculate the delay between your source generating an event, and the time when your agent first processed it. This can be used to monitor your agent's or pipeline's ability to keep up with your event source. +In case the two timestamps are identical, @timestamp should be used. +type: date -type: keyword +example: 2016-05-23T08:05:34.857Z -- -*`fortinet.firewall.masterdstmac`*:: +*`event.dataset`*:: + -- -Master mac address for a host with multiple network interfaces - +Name of the dataset. +If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. +It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. type: keyword +example: apache.access + -- -*`fortinet.firewall.mastersrcmac`*:: +*`event.duration`*:: + -- -The master MAC address for a host that has multiple network interfaces +Duration of the event in nanoseconds. +If event.start and event.end are known this value should be the difference between the end and start time. +type: long -type: keyword +format: duration -- -*`fortinet.firewall.mediumcount`*:: +*`event.end`*:: + -- -Fabric medium count - +event.end contains the date when the event ended or when the activity was last observed. -type: integer +type: date -- -*`fortinet.firewall.mem`*:: +*`event.hash`*:: + -- -Memory usage system statistics - +Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log integrity. type: keyword +example: 123456789012345678901234567890ABCD + -- -*`fortinet.firewall.meshmode`*:: +*`event.id`*:: + -- -Wireless mesh mode - +Unique ID to describe the event. type: keyword +example: 8a4f500d + -- -*`fortinet.firewall.message_type`*:: +*`event.ingested`*:: + -- -VOIP message type +Timestamp when an event arrived in the central data store. +This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. +In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` < `event.created` < `event.ingested`. +type: date -type: keyword +example: 2016-05-23T08:05:35.101Z -- -*`fortinet.firewall.method`*:: +*`event.kind`*:: + -- -HTTP method - +This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. +`event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. +The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. type: keyword +example: alert + -- -*`fortinet.firewall.mgmtcnt`*:: +*`event.module`*:: + -- -The number of unauthorized client flooding managemet frames +Name of the module this data is coming from. +If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. +type: keyword -type: integer +example: apache -- -*`fortinet.firewall.mode`*:: +*`event.original`*:: + -- -IPSEC mode - +Raw text message of entire event. Used to demonstrate log integrity. +This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. type: keyword +example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232 + -- -*`fortinet.firewall.module`*:: +*`event.outcome`*:: + -- -PCI-DSS module - +This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. +`event.outcome` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event. +Note that when a single transaction is described in multiple events, each event may populate different values of `event.outcome`, according to their perspective. +Also note that in the case of a compound event (a single event that contains multiple logical events), this field should be populated with the value that best captures the overall success or failure from the perspective of the event producer. +Further note that not all events will have an associated outcome. For example, this field is generally not populated for metric events, events with `event.type:info`, or any events for which an outcome does not make logical sense. type: keyword +example: success + -- -*`fortinet.firewall.monitor-name`*:: +*`event.provider`*:: + -- -Health Monitor Name - +Source of the event. +Event transports such as Syslog or the Windows Event Log typically mention the source of an event. It can be the name of the software that generated the event (e.g. Sysmon, httpd), or of a subsystem of the operating system (kernel, Microsoft-Windows-Security-Auditing). type: keyword +example: kernel + -- -*`fortinet.firewall.monitor-type`*:: +*`event.reference`*:: + -- -Health Monitor Type - +Reference URL linking to additional information about this event. +This URL links to a static definition of the this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. type: keyword +example: https://system.vendor.com/event/#0001234 + -- -*`fortinet.firewall.mpsk`*:: +*`event.risk_score`*:: + -- -Wireless MPSK - +Risk score or priority of the event (e.g. security solutions). Use your system's original value here. -type: keyword +type: float -- -*`fortinet.firewall.msgproto`*:: +*`event.risk_score_norm`*:: + -- -Message Protocol Number - +Normalized risk score or priority of the event, on a scale of 0 to 100. +This is mainly useful if you use more than one system that assigns risk scores, and you want to see a normalized value across all systems. -type: keyword +type: float -- -*`fortinet.firewall.mtu`*:: +*`event.sequence`*:: + -- -Max Transmission Unit Value +Sequence number of the event. +The sequence number is a value published by some event sources, to make the exact ordering of events unambiguous, regardless of the timestamp precision. +type: long -type: integer +format: string -- -*`fortinet.firewall.name`*:: +*`event.severity`*:: + -- -Name +The numeric severity of the event according to your event source. +What the different severity values mean can be different between sources and use cases. It's up to the implementer to make sure severities are consistent across events from the same source. +The Syslog severity belongs in `log.syslog.severity.code`. `event.severity` is meant to represent the severity according to the event source (e.g. firewall, IDS). If the event source does not publish its own severity, you may optionally copy the `log.syslog.severity.code` to `event.severity`. +type: long -type: keyword +example: 7 + +format: string -- -*`fortinet.firewall.nat`*:: +*`event.start`*:: + -- -NAT IP Address - +event.start contains the date when the event started or when the activity was first observed. -type: keyword +type: date -- -*`fortinet.firewall.netid`*:: +*`event.timezone`*:: + -- -Connector NetID - +This field should be populated when the event's timestamp does not include timezone information already (e.g. default Syslog timestamps). It's optional otherwise. +Acceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00"). type: keyword -- -*`fortinet.firewall.new_status`*:: +*`event.type`*:: + -- -New status on user change - +This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. +`event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. +This field is an array. This will allow proper categorization of some events that fall in multiple event types. type: keyword -- -*`fortinet.firewall.new_value`*:: +*`event.url`*:: + -- -New Virtual Domain Name - +URL linking to an external system to continue investigation of this event. +This URL links to another system where in-depth investigation of the specific occurence of this event can take place. Alert events, indicated by `event.kind:alert`, are a common use case for this field. type: keyword --- +example: https://mysystem.mydomain.com/alert/5271dedb-f5b0-4218-87f0-4ac4870a38fe -*`fortinet.firewall.newchannel`*:: -+ -- -New Channel Number +[float] +=== file -type: integer +A file is defined as a set of information that has been created on, or has existed on a filesystem. +File objects can be associated with host events, network events, and/or file events (e.g., those produced by File Integrity Monitoring [FIM] products or services). File fields provide details about the affected file associated with the event or metric. --- -*`fortinet.firewall.newchassisid`*:: +*`file.accessed`*:: + -- -New Chassis ID - +Last time the file was accessed. +Note that not all filesystems keep track of access time. -type: integer +type: date -- -*`fortinet.firewall.newslot`*:: +*`file.attributes`*:: + -- -New Slot Number +Array of file attributes. +Attributes names will vary by platform. Here's a non-exhaustive list of values that are expected in this field: archive, compressed, directory, encrypted, execute, hidden, read, readonly, system, write. +type: keyword -type: integer +example: ["readonly", "system"] -- -*`fortinet.firewall.nextstat`*:: +*`file.code_signature.exists`*:: + -- -Time interval in seconds for the next statistics. +Boolean to capture if a signature is present. +type: boolean -type: integer +example: true -- -*`fortinet.firewall.nf_type`*:: +*`file.code_signature.status`*:: + -- -Notification Type - +Additional information about the certificate status. +This is useful for logging cryptographic errors with the certificate validity or trust status. Leave unpopulated if the validity or trust of the certificate was unchecked. type: keyword +example: ERROR_UNTRUSTED_ROOT + -- -*`fortinet.firewall.noise`*:: +*`file.code_signature.subject_name`*:: + -- -Wifi Noise +Subject name of the code signer +type: keyword -type: integer +example: Microsoft Corporation -- -*`fortinet.firewall.old_status`*:: +*`file.code_signature.trusted`*:: + -- -Original Status +Stores the trust status of the certificate chain. +Validating the trust of the certificate chain may be complicated, and this field should only be populated by tools that actively check the status. +type: boolean -type: keyword +example: true -- -*`fortinet.firewall.old_value`*:: +*`file.code_signature.valid`*:: + -- -Original Virtual Domain name +Boolean to capture if the digital signature is verified against the binary content. +Leave unpopulated if a certificate was unchecked. +type: boolean -type: keyword +example: true -- -*`fortinet.firewall.oldchannel`*:: +*`file.created`*:: + -- -Original channel - +File creation time. +Note that not all filesystems store the creation time. -type: integer +type: date -- -*`fortinet.firewall.oldchassisid`*:: +*`file.ctime`*:: + -- -Original Chassis Number - +Last time the file attributes or metadata changed. +Note that changes to the file content will update `mtime`. This implies `ctime` will be adjusted at the same time, since `mtime` is an attribute of the file. -type: integer +type: date -- -*`fortinet.firewall.oldslot`*:: +*`file.device`*:: + -- -Original Slot Number +Device that is the source of the file. +type: keyword -type: integer +example: sda -- -*`fortinet.firewall.oldsn`*:: +*`file.directory`*:: + -- -Old Serial number - +Directory where the file is located. It should include the drive letter, when appropriate. type: keyword +example: /home/alice + -- -*`fortinet.firewall.oldwprof`*:: +*`file.drive_letter`*:: + -- -Old Web Filter Profile - +Drive letter where the file is located. This field is only relevant on Windows. +The value should be uppercase, and not include the colon. type: keyword +example: C + -- -*`fortinet.firewall.onwire`*:: +*`file.extension`*:: + -- -A flag to indicate if the AP is onwire or not - +File extension. type: keyword +example: png + -- -*`fortinet.firewall.opercountry`*:: +*`file.gid`*:: + -- -Operating Country - +Primary group ID (GID) of the file. type: keyword +example: 1001 + -- -*`fortinet.firewall.opertxpower`*:: +*`file.group`*:: + -- -Operating TX power +Primary group name of the file. +type: keyword -type: integer +example: alice -- -*`fortinet.firewall.osname`*:: +*`file.hash.md5`*:: + -- -Operating System name - +MD5 hash. type: keyword -- -*`fortinet.firewall.osversion`*:: +*`file.hash.sha1`*:: + -- -Operating System version - +SHA1 hash. type: keyword -- -*`fortinet.firewall.out_spi`*:: +*`file.hash.sha256`*:: + -- -Out SPI - +SHA256 hash. type: keyword -- -*`fortinet.firewall.outintf`*:: +*`file.hash.sha512`*:: + -- -Out interface - +SHA512 hash. type: keyword -- -*`fortinet.firewall.passedcount`*:: +*`file.inode`*:: + -- -Fabric passed count +Inode representing the file in the filesystem. +type: keyword -type: integer +example: 256383 -- -*`fortinet.firewall.passwd`*:: +*`file.mime_type`*:: + -- -Changed user password information - +MIME type should identify the format of the file or stream of bytes using https://www.iana.org/assignments/media-types/media-types.xhtml[IANA official types], where possible. When more than one type is applicable, the most specific type should be used. type: keyword -- -*`fortinet.firewall.path`*:: +*`file.mode`*:: + -- -Path of looped configuration for security fabric - +Mode of the file in octal representation. type: keyword +example: 0640 + -- -*`fortinet.firewall.peer`*:: +*`file.mtime`*:: + -- -WAN optimization peer - +Last time the file content was modified. -type: keyword +type: date -- -*`fortinet.firewall.peer_notif`*:: +*`file.name`*:: + -- -VPN peer notification - +Name of the file including the extension, without the directory. type: keyword +example: example.png + -- -*`fortinet.firewall.phase2_name`*:: +*`file.owner`*:: + -- -VPN phase2 name - +File owner's username. type: keyword +example: alice + -- -*`fortinet.firewall.phone`*:: +*`file.path`*:: + -- -VOIP Phone - +Full path to the file, including the file name. It should include the drive letter, when appropriate. type: keyword +example: /home/alice/example.png + -- -*`fortinet.firewall.pid`*:: +*`file.path.text`*:: + -- -Process ID - - -type: integer +type: text -- -*`fortinet.firewall.policytype`*:: +*`file.pe.company`*:: + -- -Policy Type - +Internal company name of the file, provided at compile-time. type: keyword +example: Microsoft Corporation + -- -*`fortinet.firewall.poolname`*:: +*`file.pe.description`*:: + -- -IP Pool name - +Internal description of the file, provided at compile-time. type: keyword +example: Paint + -- -*`fortinet.firewall.port`*:: +*`file.pe.file_version`*:: + -- -Log upload error port +Internal version of the file, provided at compile-time. +type: keyword -type: integer +example: 6.3.9600.17415 -- -*`fortinet.firewall.portbegin`*:: +*`file.pe.original_file_name`*:: + -- -IP Pool port number to begin +Internal name of the file, provided at compile-time. +type: keyword -type: integer +example: MSPAINT.EXE -- -*`fortinet.firewall.portend`*:: +*`file.pe.product`*:: + -- -IP Pool port number to end +Internal product name of the file, provided at compile-time. +type: keyword -type: integer +example: Microsoft® Windows® Operating System -- -*`fortinet.firewall.probeproto`*:: +*`file.size`*:: + -- -Link Monitor Probe Protocol +File size in bytes. +Only relevant when `file.type` is "file". +type: long -type: keyword +example: 16384 -- -*`fortinet.firewall.process`*:: +*`file.target_path`*:: + -- -URL Filter process - +Target path for symlinks. type: keyword -- -*`fortinet.firewall.processtime`*:: +*`file.target_path.text`*:: + -- -Process time for reports - - -type: integer +type: text -- -*`fortinet.firewall.profile`*:: +*`file.type`*:: + -- -Profile Name - +File type (file, dir, or symlink). type: keyword +example: file + -- -*`fortinet.firewall.profile_vd`*:: +*`file.uid`*:: + -- -Virtual Domain Name - +The user ID (UID) or security identifier (SID) of the file owner. type: keyword --- +example: 1001 -*`fortinet.firewall.profilegroup`*:: -+ -- -Profile Group Name +[float] +=== geo -type: keyword +Geo fields can carry data about a specific location related to an event. +This geolocation information can be derived from techniques such as Geo IP, or be user-supplied. --- -*`fortinet.firewall.profiletype`*:: +*`geo.city_name`*:: + -- -Profile Type - +City name. type: keyword +example: Montreal + -- -*`fortinet.firewall.qtypeval`*:: +*`geo.continent_name`*:: + -- -DNS question type value +Name of the continent. +type: keyword -type: integer +example: North America -- -*`fortinet.firewall.quarskip`*:: +*`geo.country_iso_code`*:: + -- -Quarantine skip explanation - +Country ISO code. type: keyword +example: CA + -- -*`fortinet.firewall.quotaexceeded`*:: +*`geo.country_name`*:: + -- -If quota has been exceeded - +Country name. type: keyword +example: Canada + -- -*`fortinet.firewall.quotamax`*:: +*`geo.location`*:: + -- -Maximum quota allowed - in seconds if time-based - in bytes if traffic-based +Longitude and latitude. +type: geo_point -type: long +example: { "lon": -73.614830, "lat": 45.505918 } -- -*`fortinet.firewall.quotatype`*:: +*`geo.name`*:: + -- -Quota type - +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. type: keyword +example: boston-dc + -- -*`fortinet.firewall.quotaused`*:: +*`geo.region_iso_code`*:: + -- -Quota used - in seconds if time-based - in bytes if trafficbased) +Region ISO code. +type: keyword -type: long +example: CA-QC -- -*`fortinet.firewall.radioband`*:: +*`geo.region_name`*:: + -- -Radio band - +Region name. type: keyword --- +example: Quebec -*`fortinet.firewall.radioid`*:: -+ -- -Radio ID +[float] +=== group -type: integer +The group fields are meant to represent groups that are relevant to the event. --- -*`fortinet.firewall.radioidclosest`*:: +*`group.domain`*:: + -- -Radio ID on the AP closest the rogue AP - +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. -type: integer +type: keyword -- -*`fortinet.firewall.radioiddetected`*:: +*`group.id`*:: + -- -Radio ID on the AP which detected the rogue AP - +Unique identifier for the group on the system/platform. -type: integer +type: keyword -- -*`fortinet.firewall.rate`*:: +*`group.name`*:: + -- -Wireless rogue rate value - +Name of the group. type: keyword -- -*`fortinet.firewall.rawdata`*:: +[float] +=== hash + +The hash fields represent different hash algorithms and their values. +Field names for common hashes (e.g. MD5, SHA1) are predefined. Add fields for other hashes by lowercasing the hash algorithm name and using underscore separators as appropriate (snake case, e.g. sha3_512). + + +*`hash.md5`*:: + -- -Raw data value - +MD5 hash. type: keyword -- -*`fortinet.firewall.rawdataid`*:: +*`hash.sha1`*:: + -- -Raw data ID - +SHA1 hash. type: keyword -- -*`fortinet.firewall.rcvddelta`*:: +*`hash.sha256`*:: + -- -Received bytes delta - +SHA256 hash. type: keyword -- -*`fortinet.firewall.reason`*:: +*`hash.sha512`*:: + -- -Alert reason - +SHA512 hash. type: keyword -- -*`fortinet.firewall.received`*:: +[float] +=== host + +A host is defined as a general computing instance. +ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes. + + +*`host.architecture`*:: + -- -Server key exchange received +Operating system architecture. +type: keyword -type: integer +example: x86_64 -- -*`fortinet.firewall.receivedsignature`*:: +*`host.domain`*:: + -- -Server key exchange received signature - +Name of the domain of which the host is a member. +For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. type: keyword +example: CONTOSO + -- -*`fortinet.firewall.red`*:: +*`host.geo.city_name`*:: + -- -Memory information in red - +City name. type: keyword +example: Montreal + -- -*`fortinet.firewall.referralurl`*:: +*`host.geo.continent_name`*:: + -- -Web filter referralurl - +Name of the continent. type: keyword +example: North America + -- -*`fortinet.firewall.remote`*:: +*`host.geo.country_iso_code`*:: + -- -Remote PPP IP address +Country ISO code. +type: keyword -type: ip +example: CA -- -*`fortinet.firewall.remotewtptime`*:: +*`host.geo.country_name`*:: + -- -Remote Wifi Radius authentication time - +Country name. type: keyword +example: Canada + -- -*`fortinet.firewall.reporttype`*:: +*`host.geo.location`*:: + -- -Report type +Longitude and latitude. +type: geo_point -type: keyword +example: { "lon": -73.614830, "lat": 45.505918 } -- -*`fortinet.firewall.reqtype`*:: +*`host.geo.name`*:: + -- -Request type - +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. type: keyword +example: boston-dc + -- -*`fortinet.firewall.request_name`*:: +*`host.geo.region_iso_code`*:: + -- -VOIP request name - +Region ISO code. type: keyword +example: CA-QC + -- -*`fortinet.firewall.result`*:: +*`host.geo.region_name`*:: + -- -VPN phase result - +Region name. type: keyword +example: Quebec + -- -*`fortinet.firewall.role`*:: +*`host.hostname`*:: + -- -VPN Phase 2 role - +Hostname of the host. +It normally contains what the `hostname` command returns on the host machine. type: keyword -- -*`fortinet.firewall.rssi`*:: +*`host.id`*:: + -- -Received signal strength indicator - +Unique host id. +As hostname is not always unique, use values that are meaningful in your environment. +Example: The current usage of `beat.name`. -type: integer +type: keyword -- -*`fortinet.firewall.rsso_key`*:: +*`host.ip`*:: + -- -RADIUS SSO attribute value - +Host ip addresses. -type: keyword +type: ip -- -*`fortinet.firewall.ruledata`*:: +*`host.mac`*:: + -- -Rule data - +Host mac addresses. type: keyword -- -*`fortinet.firewall.ruletype`*:: +*`host.name`*:: + -- -Rule type - +Name of the host. +It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. type: keyword -- -*`fortinet.firewall.scanned`*:: +*`host.os.family`*:: + -- -Number of Scanned MMSs +OS family (such as redhat, debian, freebsd, windows). +type: keyword -type: integer +example: debian -- -*`fortinet.firewall.scantime`*:: +*`host.os.full`*:: + -- -Scanned time +Operating system name, including the version or code name. +type: keyword -type: long +example: Mac OS Mojave -- -*`fortinet.firewall.scope`*:: +*`host.os.full.text`*:: + -- -FortiGuard Override Scope - - -type: keyword +type: text -- -*`fortinet.firewall.security`*:: +*`host.os.kernel`*:: + -- -Wireless rogue security - +Operating system kernel version as a raw string. type: keyword +example: 4.4.0-112-generic + -- -*`fortinet.firewall.sensitivity`*:: +*`host.os.name`*:: + -- -Sensitivity for document fingerprint - +Operating system name, without the version. type: keyword +example: Mac OS X + -- -*`fortinet.firewall.sensor`*:: +*`host.os.name.text`*:: + -- -NAC Sensor Name - - -type: keyword +type: text -- -*`fortinet.firewall.sentdelta`*:: +*`host.os.platform`*:: + -- -Sent bytes delta - +Operating system platform (such centos, ubuntu, windows). type: keyword +example: darwin + -- -*`fortinet.firewall.seq`*:: +*`host.os.version`*:: + -- -Sequence number - +Operating system version as a raw string. type: keyword +example: 10.14.1 + -- -*`fortinet.firewall.serial`*:: +*`host.type`*:: + -- -WAN optimisation serial - +Type of host. +For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. type: keyword -- -*`fortinet.firewall.serialno`*:: +*`host.uptime`*:: + -- -Serial number +Seconds the host has been up. +type: long -type: keyword +example: 1325 -- -*`fortinet.firewall.server`*:: +*`host.user.domain`*:: + -- -AD server FQDN or IP - +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. type: keyword -- -*`fortinet.firewall.session_id`*:: +*`host.user.email`*:: + -- -Session ID - +User email address. type: keyword -- -*`fortinet.firewall.sessionid`*:: +*`host.user.full_name`*:: + -- -WAD Session ID +User's full name, if available. +type: keyword -type: integer +example: Albert Einstein -- -*`fortinet.firewall.setuprate`*:: +*`host.user.full_name.text`*:: + -- -Session Setup Rate - - -type: long +type: text -- -*`fortinet.firewall.severity`*:: +*`host.user.group.domain`*:: + -- -Severity - +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. type: keyword -- -*`fortinet.firewall.shaperdroprcvdbyte`*:: +*`host.user.group.id`*:: + -- -Received bytes dropped by shaper +Unique identifier for the group on the system/platform. - -type: integer +type: keyword -- -*`fortinet.firewall.shaperdropsentbyte`*:: +*`host.user.group.name`*:: + -- -Sent bytes dropped by shaper - +Name of the group. -type: integer +type: keyword -- -*`fortinet.firewall.shaperperipdropbyte`*:: +*`host.user.hash`*:: + -- -Dropped bytes per IP by shaper - +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. -type: integer +type: keyword -- -*`fortinet.firewall.shaperperipname`*:: +*`host.user.id`*:: + -- -Traffic shaper name (per IP) - +Unique identifiers of the user. type: keyword -- -*`fortinet.firewall.shaperrcvdname`*:: +*`host.user.name`*:: + -- -Traffic shaper name for received traffic - +Short name or login of the user. type: keyword +example: albert + -- -*`fortinet.firewall.shapersentname`*:: +*`host.user.name.text`*:: + -- -Traffic shaper name for sent traffic +type: text +-- -type: keyword +[float] +=== http --- +Fields related to HTTP activity. Use the `url` field set to store the url of the request. -*`fortinet.firewall.shapingpolicyid`*:: + +*`http.request.body.bytes`*:: + -- -Traffic shaper policy ID +Size in bytes of the request body. +type: long -type: integer +example: 887 + +format: bytes -- -*`fortinet.firewall.signal`*:: +*`http.request.body.content`*:: + -- -Wireless rogue API signal +The full HTTP request body. +type: keyword -type: integer +example: Hello world -- -*`fortinet.firewall.size`*:: +*`http.request.body.content.text`*:: + -- -Email size in bytes - - -type: long +type: text -- -*`fortinet.firewall.slot`*:: +*`http.request.bytes`*:: + -- -Slot number +Total size in bytes of the request (body and headers). + +type: long +example: 1437 -type: integer +format: bytes -- -*`fortinet.firewall.sn`*:: +*`http.request.method`*:: + -- -Security fabric serial number - +HTTP request method. +The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". type: keyword +example: get, post, put + -- -*`fortinet.firewall.snclosest`*:: +*`http.request.referrer`*:: + -- -SN of the AP closest to the rogue AP - +Referrer for this HTTP request. type: keyword +example: https://blog.example.com/ + -- -*`fortinet.firewall.sndetected`*:: +*`http.response.body.bytes`*:: + -- -SN of the AP which detected the rogue AP +Size in bytes of the response body. + +type: long +example: 887 -type: keyword +format: bytes -- -*`fortinet.firewall.snmeshparent`*:: +*`http.response.body.content`*:: + -- -SN of the mesh parent - +The full HTTP response body. type: keyword +example: Hello world + -- -*`fortinet.firewall.spi`*:: +*`http.response.body.content.text`*:: + -- -IPSEC SPI - - -type: keyword +type: text -- -*`fortinet.firewall.src_int`*:: +*`http.response.bytes`*:: + -- -Source interface +Total size in bytes of the response (body and headers). +type: long -type: keyword +example: 1437 + +format: bytes -- -*`fortinet.firewall.srcintfrole`*:: +*`http.response.status_code`*:: + -- -Source interface role +HTTP response status code. + +type: long +example: 404 -type: keyword +format: string -- -*`fortinet.firewall.srccountry`*:: +*`http.version`*:: + -- -Source country - +HTTP version. type: keyword --- +example: 1.1 -*`fortinet.firewall.srcfamily`*:: -+ -- -Source family +[float] +=== interface -type: keyword +The interface fields are used to record ingress and egress interface information when reported by an observer (e.g. firewall, router, load balancer) in the context of the observer handling a network connection. In the case of a single observer interface (e.g. network sensor on a span port) only the observer.ingress information should be populated. --- -*`fortinet.firewall.srchwvendor`*:: +*`interface.alias`*:: + -- -Source hardware vendor - +Interface alias as reported by the system, typically used in firewall implementations for e.g. inside, outside, or dmz logical interface naming. type: keyword +example: outside + -- -*`fortinet.firewall.srchwversion`*:: +*`interface.id`*:: + -- -Source hardware version - +Interface ID as reported by an observer (typically SNMP interface ID). type: keyword +example: 10 + -- -*`fortinet.firewall.srcinetsvc`*:: +*`interface.name`*:: + -- -Source interface service - +Interface name as reported by the system. type: keyword --- +example: eth0 -*`fortinet.firewall.srcname`*:: -+ -- -Source name +[float] +=== log -type: keyword +Details about the event's logging mechanism or logging transport. +The log.* fields are typically populated with details about the logging mechanism used to create and/or transport the event. For example, syslog details belong under `log.syslog.*`. +The details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields. --- -*`fortinet.firewall.srcserver`*:: +*`log.level`*:: + -- -Source server +Original log level of the log event. +If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). +Some examples are `warn`, `err`, `i`, `informational`. +type: keyword -type: integer +example: error -- -*`fortinet.firewall.srcssid`*:: +*`log.logger`*:: + -- -Source SSID - +The name of the logger inside an application. This is usually the name of the class which initialized the logger, or can be a custom name. type: keyword +example: org.elasticsearch.bootstrap.Bootstrap + -- -*`fortinet.firewall.srcswversion`*:: +*`log.origin.file.line`*:: + -- -Source software version +The line number of the file containing the source code which originated the log event. +type: integer -type: keyword +example: 42 -- -*`fortinet.firewall.srcuuid`*:: +*`log.origin.file.name`*:: + -- -Source UUID - +The name of the file containing the source code which originated the log event. Note that this is not the name of the log file. type: keyword +example: Bootstrap.java + -- -*`fortinet.firewall.sscname`*:: +*`log.origin.function`*:: + -- -SSC name - +The name of the function or method which originated the log event. type: keyword +example: init + -- -*`fortinet.firewall.ssid`*:: +*`log.original`*:: + -- -Base Service Set ID - +This is the original log message and contains the full log message before splitting it up in multiple parts. +In contrast to the `message` field which can contain an extracted part of the log message, this field contains the original, full log message. It can have already some modifications applied like encoding or new lines removed to clean up the log message. +This field is not indexed and doc_values are disabled so it can't be queried but the value can be retrieved from `_source`. type: keyword +example: Sep 19 08:26:10 localhost My log + -- -*`fortinet.firewall.sslaction`*:: +*`log.syslog`*:: + -- -SSL Action - +The Syslog metadata of the event, if the event was transmitted via Syslog. Please see RFCs 5424 or 3164. -type: keyword +type: object -- -*`fortinet.firewall.ssllocal`*:: +*`log.syslog.facility.code`*:: + -- -WAD SSL local +The Syslog numeric facility of the log event, if available. +According to RFCs 5424 and 3164, this value should be an integer between 0 and 23. +type: long -type: keyword +example: 23 + +format: string -- -*`fortinet.firewall.sslremote`*:: +*`log.syslog.facility.name`*:: + -- -WAD SSL remote - +The Syslog text-based facility of the log event, if available. type: keyword +example: local7 + -- -*`fortinet.firewall.stacount`*:: +*`log.syslog.priority`*:: + -- -Number of stations/clients +Syslog numeric priority of the event, if available. +According to RFCs 5424 and 3164, the priority is 8 * facility + severity. This number is therefore expected to contain a value between 0 and 191. +type: long -type: integer +example: 135 + +format: string -- -*`fortinet.firewall.stage`*:: +*`log.syslog.severity.code`*:: + -- -IPSEC stage +The Syslog numeric severity of the log event, if available. +If the event source publishing via Syslog provides a different numeric severity value (e.g. firewall, IDS), your source's numeric severity should go to `event.severity`. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `event.severity`. +type: long -type: keyword +example: 3 -- -*`fortinet.firewall.stamac`*:: +*`log.syslog.severity.name`*:: + -- -802.1x station mac - +The Syslog numeric severity of the log event, if available. +If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source's text severity should go to `log.level`. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `log.level`. type: keyword --- +example: Error -*`fortinet.firewall.state`*:: -+ -- -Admin login state +[float] +=== network -type: keyword +The network is defined as the communication path over which a host or network event happens. +The network.* fields should be populated with details about the network activity associated with an event. --- -*`fortinet.firewall.status`*:: +*`network.application`*:: + -- -Status - +A name given to an application level protocol. This can be arbitrarily assigned for things like microservices, but also apply to things like skype, icq, facebook, twitter. This would be used in situations where the vendor or service can be decoded such as from the source/dest IP owners, ports, or wire format. +The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". type: keyword +example: aim + -- -*`fortinet.firewall.stitch`*:: +*`network.bytes`*:: + -- -Automation stitch triggered +Total bytes transferred in both directions. +If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. +type: long -type: keyword +example: 368 + +format: bytes -- -*`fortinet.firewall.subject`*:: +*`network.community_id`*:: + -- -Email subject - +A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. +Learn more at https://github.com/corelight/community-id-spec. type: keyword +example: 1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0= + -- -*`fortinet.firewall.submodule`*:: +*`network.direction`*:: + -- -Configuration Sub-Module Name +Direction of the network traffic. +Recommended values are: + * inbound + * outbound + * internal + * external + * unknown +When mapping events from a host-based monitoring context, populate this field from the host's point of view. +When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of your network perimeter. type: keyword +example: inbound + -- -*`fortinet.firewall.subservice`*:: +*`network.forwarded_ip`*:: + -- -AV subservice +Host IP address when the source IP address is the proxy. +type: ip -type: keyword +example: 192.1.1.2 -- -*`fortinet.firewall.subtype`*:: +*`network.iana_number`*:: + -- -Log subtype - +IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. type: keyword +example: 6 + -- -*`fortinet.firewall.suspicious`*:: +*`network.inner`*:: + -- -Number of Suspicious MMSs - +Network.inner fields are added in addition to network.vlan fields to describe the innermost VLAN when q-in-q VLAN tagging is present. Allowed fields include vlan.id and vlan.name. Inner vlan fields are typically used when sending traffic with multiple 802.1q encapsulations to a network sensor (e.g. Zeek, Wireshark.) -type: integer +type: object -- -*`fortinet.firewall.switchproto`*:: +*`network.inner.vlan.id`*:: + -- -Protocol change information - +VLAN ID as reported by the observer. type: keyword +example: 10 + -- -*`fortinet.firewall.sync_status`*:: +*`network.inner.vlan.name`*:: + -- -The sync status with the master - +Optional VLAN name as reported by the observer. type: keyword +example: outside + -- -*`fortinet.firewall.sync_type`*:: +*`network.name`*:: + -- -The sync type with the master - +Name given by operators to sections of their network. type: keyword +example: Guest Wifi + -- -*`fortinet.firewall.sysuptime`*:: +*`network.packets`*:: + -- -System uptime +Total packets transferred in both directions. +If `source.packets` and `destination.packets` are known, `network.packets` is their sum. +type: long -type: keyword +example: 24 -- -*`fortinet.firewall.tamac`*:: +*`network.protocol`*:: + -- -the MAC address of Transmitter, if none, then Receiver - +L7 Network protocol name. ex. http, lumberjack, transport protocol. +The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". type: keyword +example: http + -- -*`fortinet.firewall.threattype`*:: +*`network.transport`*:: + -- -WIDS threat type - +Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) +The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". type: keyword +example: tcp + -- -*`fortinet.firewall.time`*:: +*`network.type`*:: + -- -Time of the event - +In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc +The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". type: keyword +example: ipv4 + -- -*`fortinet.firewall.to`*:: +*`network.vlan.id`*:: + -- -Email to field - +VLAN ID as reported by the observer. type: keyword +example: 10 + -- -*`fortinet.firewall.to_vcluster`*:: +*`network.vlan.name`*:: + -- -destination virtual cluster number +Optional VLAN name as reported by the observer. +type: keyword -type: integer +example: outside -- -*`fortinet.firewall.total`*:: +[float] +=== observer + +An observer is defined as a special network, security, or application device used to detect, observe, or create network, security, or application-related events and metrics. +This could be a custom hardware appliance or a server that has been configured to run special network, security, or application software. Examples include firewalls, web proxies, intrusion detection/prevention systems, network monitoring sensors, web application firewalls, data loss prevention systems, and APM servers. The observer.* fields shall be populated with details of the system, if any, that detects, observes and/or creates a network, security, or application event or metric. Message queues and ETL components used in processing events or metrics are not considered observers in ECS. + + +*`observer.egress`*:: + -- -Total memory - +Observer.egress holds information like interface number and name, vlan, and zone information to classify egress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. -type: integer +type: object -- -*`fortinet.firewall.totalsession`*:: +*`observer.egress.interface.alias`*:: + -- -Total Number of Sessions +Interface alias as reported by the system, typically used in firewall implementations for e.g. inside, outside, or dmz logical interface naming. +type: keyword -type: integer +example: outside -- -*`fortinet.firewall.trace_id`*:: +*`observer.egress.interface.id`*:: + -- -Session clash trace ID - +Interface ID as reported by an observer (typically SNMP interface ID). type: keyword +example: 10 + -- -*`fortinet.firewall.trandisp`*:: +*`observer.egress.interface.name`*:: + -- -NAT translation type - +Interface name as reported by the system. type: keyword +example: eth0 + -- -*`fortinet.firewall.transid`*:: +*`observer.egress.vlan.id`*:: + -- -HTTP transaction ID +VLAN ID as reported by the observer. +type: keyword -type: integer +example: 10 -- -*`fortinet.firewall.translationid`*:: +*`observer.egress.vlan.name`*:: + -- -DNS filter transaltion ID - +Optional VLAN name as reported by the observer. type: keyword +example: outside + -- -*`fortinet.firewall.trigger`*:: +*`observer.egress.zone`*:: + -- -Automation stitch trigger - +Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. type: keyword +example: Public_Internet + -- -*`fortinet.firewall.trueclntip`*:: +*`observer.geo.city_name`*:: + -- -File filter true client IP +City name. +type: keyword -type: ip +example: Montreal -- -*`fortinet.firewall.tunnelid`*:: +*`observer.geo.continent_name`*:: + -- -IPSEC tunnel ID +Name of the continent. +type: keyword -type: integer +example: North America -- -*`fortinet.firewall.tunnelip`*:: +*`observer.geo.country_iso_code`*:: + -- -IPSEC tunnel IP +Country ISO code. +type: keyword -type: ip +example: CA -- -*`fortinet.firewall.tunneltype`*:: +*`observer.geo.country_name`*:: + -- -IPSEC tunnel type - +Country name. type: keyword +example: Canada + -- -*`fortinet.firewall.type`*:: +*`observer.geo.location`*:: + -- -Module type +Longitude and latitude. +type: geo_point -type: keyword +example: { "lon": -73.614830, "lat": 45.505918 } -- -*`fortinet.firewall.ui`*:: +*`observer.geo.name`*:: + -- -Admin authentication UI type - +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. type: keyword +example: boston-dc + -- -*`fortinet.firewall.unauthusersource`*:: +*`observer.geo.region_iso_code`*:: + -- -Unauthenticated user source - +Region ISO code. type: keyword --- - -*`fortinet.firewall.unit`*:: -+ --- -Power supply unit - - -type: integer +example: CA-QC -- -*`fortinet.firewall.urlfilteridx`*:: +*`observer.geo.region_name`*:: + -- -URL filter ID +Region name. +type: keyword -type: integer +example: Quebec -- -*`fortinet.firewall.urlfilterlist`*:: +*`observer.hostname`*:: + -- -URL filter list - +Hostname of the observer. type: keyword -- -*`fortinet.firewall.urlsource`*:: +*`observer.ingress`*:: + -- -URL filter source - +Observer.ingress holds information like interface number and name, vlan, and zone information to classify ingress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. -type: keyword +type: object -- -*`fortinet.firewall.urltype`*:: +*`observer.ingress.interface.alias`*:: + -- -URL filter type - +Interface alias as reported by the system, typically used in firewall implementations for e.g. inside, outside, or dmz logical interface naming. type: keyword +example: outside + -- -*`fortinet.firewall.used`*:: +*`observer.ingress.interface.id`*:: + -- -Number of Used IPs +Interface ID as reported by an observer (typically SNMP interface ID). +type: keyword -type: integer +example: 10 -- -*`fortinet.firewall.used_for_type`*:: +*`observer.ingress.interface.name`*:: + -- -Connection for the type +Interface name as reported by the system. +type: keyword -type: integer +example: eth0 -- -*`fortinet.firewall.utmaction`*:: +*`observer.ingress.vlan.id`*:: + -- -Security action performed by UTM - +VLAN ID as reported by the observer. type: keyword +example: 10 + -- -*`fortinet.firewall.vap`*:: +*`observer.ingress.vlan.name`*:: + -- -Virtual AP - +Optional VLAN name as reported by the observer. type: keyword +example: outside + -- -*`fortinet.firewall.vapmode`*:: +*`observer.ingress.zone`*:: + -- -Virtual AP mode - +Network zone of incoming traffic as reported by the observer to categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc. type: keyword +example: DMZ + -- -*`fortinet.firewall.vcluster`*:: +*`observer.ip`*:: + -- -virtual cluster id - +IP addresses of the observer. -type: integer +type: ip -- -*`fortinet.firewall.vcluster_member`*:: +*`observer.mac`*:: + -- -Virtual cluster member - +MAC addresses of the observer -type: integer +type: keyword -- -*`fortinet.firewall.vcluster_state`*:: +*`observer.name`*:: + -- -Virtual cluster state - +Custom name of the observer. +This is a name that can be given to an observer. This can be helpful for example if multiple firewalls of the same model are used in an organization. +If no custom name is needed, the field can be left empty. type: keyword +example: 1_proxySG + -- -*`fortinet.firewall.vd`*:: +*`observer.os.family`*:: + -- -Virtual Domain Name - +OS family (such as redhat, debian, freebsd, windows). type: keyword +example: debian + -- -*`fortinet.firewall.vdname`*:: +*`observer.os.full`*:: + -- -Virtual Domain Name - +Operating system name, including the version or code name. type: keyword +example: Mac OS Mojave + -- -*`fortinet.firewall.vendorurl`*:: +*`observer.os.full.text`*:: + -- -Vulnerability scan vendor name - - -type: keyword +type: text -- -*`fortinet.firewall.version`*:: +*`observer.os.kernel`*:: + -- -Version - +Operating system kernel version as a raw string. type: keyword +example: 4.4.0-112-generic + -- -*`fortinet.firewall.vip`*:: +*`observer.os.name`*:: + -- -Virtual IP - +Operating system name, without the version. type: keyword +example: Mac OS X + -- -*`fortinet.firewall.virus`*:: +*`observer.os.name.text`*:: + -- -Virus name - - -type: keyword +type: text -- -*`fortinet.firewall.virusid`*:: +*`observer.os.platform`*:: + -- -Virus ID (unique virus identifier) +Operating system platform (such centos, ubuntu, windows). +type: keyword -type: integer +example: darwin -- -*`fortinet.firewall.voip_proto`*:: +*`observer.os.version`*:: + -- -VOIP protocol - +Operating system version as a raw string. type: keyword +example: 10.14.1 + -- -*`fortinet.firewall.vpn`*:: +*`observer.product`*:: + -- -VPN description - +The product name of the observer. type: keyword +example: s200 + -- -*`fortinet.firewall.vpntunnel`*:: +*`observer.serial_number`*:: + -- -IPsec Vpn Tunnel Name - +Observer serial number. type: keyword -- -*`fortinet.firewall.vpntype`*:: +*`observer.type`*:: + -- -The type of the VPN tunnel - +The type of the observer the data is coming from. +There is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`. type: keyword +example: firewall + -- -*`fortinet.firewall.vrf`*:: +*`observer.vendor`*:: + -- -VRF number +Vendor name of the observer. +type: keyword -type: integer +example: Symantec -- -*`fortinet.firewall.vulncat`*:: +*`observer.version`*:: + -- -Vulnerability Category - +Observer version. type: keyword -- -*`fortinet.firewall.vulnid`*:: -+ --- -Vulnerability ID - +[float] +=== organization -type: integer +The organization fields enrich data with information about the company or entity the data is associated with. +These fields help you arrange or filter data stored in an index by one or multiple organizations. --- -*`fortinet.firewall.vulnname`*:: +*`organization.id`*:: + -- -Vulnerability name - +Unique identifier for the organization. type: keyword -- -*`fortinet.firewall.vwlid`*:: +*`organization.name`*:: + -- -VWL ID - +Organization name. -type: integer +type: keyword -- -*`fortinet.firewall.vwlquality`*:: +*`organization.name.text`*:: + -- -VWL quality - - -type: keyword - --- +type: text -*`fortinet.firewall.vwlservice`*:: -+ -- -VWL service +[float] +=== os -type: keyword +The OS fields contain information about the operating system. --- -*`fortinet.firewall.vwpvlanid`*:: +*`os.family`*:: + -- -VWP VLAN ID +OS family (such as redhat, debian, freebsd, windows). +type: keyword -type: integer +example: debian -- -*`fortinet.firewall.wanin`*:: +*`os.full`*:: + -- -WAN incoming traffic in bytes +Operating system name, including the version or code name. +type: keyword -type: long +example: Mac OS Mojave -- -*`fortinet.firewall.wanoptapptype`*:: +*`os.full.text`*:: + -- -WAN Optimization Application type - - -type: keyword +type: text -- -*`fortinet.firewall.wanout`*:: +*`os.kernel`*:: + -- -WAN outgoing traffic in bytes +Operating system kernel version as a raw string. +type: keyword -type: long +example: 4.4.0-112-generic -- -*`fortinet.firewall.weakwepiv`*:: +*`os.name`*:: + -- -Weak Wep Initiation Vector - +Operating system name, without the version. type: keyword +example: Mac OS X + -- -*`fortinet.firewall.xauthgroup`*:: +*`os.name.text`*:: + -- -XAuth Group Name - - -type: keyword +type: text -- -*`fortinet.firewall.xauthuser`*:: +*`os.platform`*:: + -- -XAuth User Name - +Operating system platform (such centos, ubuntu, windows). type: keyword +example: darwin + -- -*`fortinet.firewall.xid`*:: +*`os.version`*:: + -- -Wireless X ID +Operating system version as a raw string. +type: keyword -type: integer +example: 10.14.1 -- -[[exported-fields-googlecloud]] -== Google Cloud fields - -Module for handling logs from Google Cloud. +[float] +=== package +These fields contain information about an installed software package. It contains general information about a package, such as name, version or size. It also contains installation details, such as time or location. -[float] -=== googlecloud +*`package.architecture`*:: ++ +-- +Package architecture. -Fields from Google Cloud logs. +type: keyword +example: x86_64 +-- -[float] -=== destination.instance +*`package.build_version`*:: ++ +-- +Additional information about the build version of the installed package. +For example use the commit SHA of a non-released package. -If the destination of the connection was a VM located on the same VPC, this field is populated with VM instance details. In a Shared VPC configuration, project_id corresponds to the project that owns the instance, usually the service project. +type: keyword +example: 36f4f7e89dd61b0988b12ee000b98966867710cd +-- -*`googlecloud.destination.instance.project_id`*:: +*`package.checksum`*:: + -- -ID of the project containing the VM. - +Checksum of the installed package for verification. type: keyword +example: 68b329da9893e34099c7d8ad5cb9c940 + -- -*`googlecloud.destination.instance.region`*:: +*`package.description`*:: + -- -Region of the VM. - +Description of the package. type: keyword +example: Open source programming language to build simple/reliable/efficient software. + -- -*`googlecloud.destination.instance.zone`*:: +*`package.install_scope`*:: + -- -Zone of the VM. - +Indicating how the package was installed, e.g. user-local, global. type: keyword --- +example: global -[float] -=== destination.vpc +-- -If the destination of the connection was a VM located on the same VPC, this field is populated with VPC network details. In a Shared VPC configuration, project_id corresponds to that of the host project. +*`package.installed`*:: ++ +-- +Time when package was installed. +type: date +-- -*`googlecloud.destination.vpc.project_id`*:: +*`package.license`*:: + -- -ID of the project containing the VM. - +License under which the package was released. +Use a short name, e.g. the license identifier from SPDX License List where possible (https://spdx.org/licenses/). type: keyword +example: Apache License 2.0 + -- -*`googlecloud.destination.vpc.vpc_name`*:: +*`package.name`*:: + -- -VPC on which the VM is operating. - +Package name type: keyword +example: go + -- -*`googlecloud.destination.vpc.subnetwork_name`*:: +*`package.path`*:: + -- -Subnetwork on which the VM is operating. - +Path where the package is installed. type: keyword +example: /usr/local/Cellar/go/1.12.9/ + -- -[float] -=== source.instance +*`package.reference`*:: ++ +-- +Home page or reference URL of the software in this package, if available. -If the source of the connection was a VM located on the same VPC, this field is populated with VM instance details. In a Shared VPC configuration, project_id corresponds to the project that owns the instance, usually the service project. +type: keyword +example: https://golang.org +-- -*`googlecloud.source.instance.project_id`*:: +*`package.size`*:: + -- -ID of the project containing the VM. +Package size in bytes. +type: long -type: keyword +example: 62231 + +format: string -- -*`googlecloud.source.instance.region`*:: +*`package.type`*:: + -- -Region of the VM. - +Type of package. +This should contain the package file type, rather than the package manager name. Examples: rpm, dpkg, brew, npm, gem, nupkg, jar. type: keyword +example: rpm + -- -*`googlecloud.source.instance.zone`*:: +*`package.version`*:: + -- -Zone of the VM. - +Package version type: keyword +example: 1.12.9 + -- [float] -=== source.vpc - -If the source of the connection was a VM located on the same VPC, this field is populated with VPC network details. In a Shared VPC configuration, project_id corresponds to that of the host project. +=== pe +These fields contain Windows Portable Executable (PE) metadata. -*`googlecloud.source.vpc.project_id`*:: +*`pe.company`*:: + -- -ID of the project containing the VM. - +Internal company name of the file, provided at compile-time. type: keyword +example: Microsoft Corporation + -- -*`googlecloud.source.vpc.vpc_name`*:: +*`pe.description`*:: + -- -VPC on which the VM is operating. - +Internal description of the file, provided at compile-time. type: keyword +example: Paint + -- -*`googlecloud.source.vpc.subnetwork_name`*:: +*`pe.file_version`*:: + -- -Subnetwork on which the VM is operating. - +Internal version of the file, provided at compile-time. type: keyword +example: 6.3.9600.17415 + -- -[float] -=== audit +*`pe.original_file_name`*:: ++ +-- +Internal name of the file, provided at compile-time. -Fields for Google Cloud audit logs. +type: keyword +example: MSPAINT.EXE +-- -*`googlecloud.audit.type`*:: +*`pe.product`*:: + -- -Type property. - +Internal product name of the file, provided at compile-time. type: keyword +example: Microsoft® Windows® Operating System + -- [float] -=== authentication_info - -Authentication information. +=== process +These fields contain information about a process. +These fields can help you correlate metrics information with a process id/name from a log message. The `process.pid` often stays in the metric itself and is copied to the global field for correlation. -*`googlecloud.audit.authentication_info.principal_email`*:: +*`process.args`*:: + -- -The email address of the authenticated user making the request. - +Array of process arguments, starting with the absolute path to the executable. +May be filtered to protect sensitive information. type: keyword +example: ['/usr/bin/ssh', '-l', 'user', '10.0.0.16'] + -- -*`googlecloud.audit.authentication_info.authority_selector`*:: +*`process.args_count`*:: + -- -The authority selector specified by the requestor, if any. It is not guaranteed that the principal was allowed to use this authority. +Length of the process.args array. +This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. +type: long -type: keyword +example: 4 -- -*`googlecloud.audit.authorization_info`*:: +*`process.code_signature.exists`*:: + -- -Authorization information for the operation. +Boolean to capture if a signature is present. +type: boolean -type: array +example: true -- -*`googlecloud.audit.method_name`*:: +*`process.code_signature.status`*:: + -- -The name of the service method or operation. For API calls, this should be the name of the API method. For example, 'google.datastore.v1.Datastore.RunQuery'. - +Additional information about the certificate status. +This is useful for logging cryptographic errors with the certificate validity or trust status. Leave unpopulated if the validity or trust of the certificate was unchecked. type: keyword +example: ERROR_UNTRUSTED_ROOT + -- -*`googlecloud.audit.num_response_items`*:: +*`process.code_signature.subject_name`*:: + -- -The number of items returned from a List or Query API method, if applicable. +Subject name of the code signer +type: keyword -type: long +example: Microsoft Corporation -- -[float] -=== request +*`process.code_signature.trusted`*:: ++ +-- +Stores the trust status of the certificate chain. +Validating the trust of the certificate chain may be complicated, and this field should only be populated by tools that actively check the status. -The operation request. +type: boolean +example: true +-- -*`googlecloud.audit.request.proto_name`*:: +*`process.code_signature.valid`*:: + -- -Type property of the request. +Boolean to capture if the digital signature is verified against the binary content. +Leave unpopulated if a certificate was unchecked. +type: boolean -type: keyword +example: true -- -*`googlecloud.audit.request.filter`*:: +*`process.command_line`*:: + -- -Filter of the request. - +Full command line that started the process, including the absolute path to the executable, and all arguments. +Some arguments may be filtered to protect sensitive information. type: keyword +example: /usr/bin/ssh -l user 10.0.0.16 + -- -*`googlecloud.audit.request.name`*:: +*`process.command_line.text`*:: + -- -Name of the request. +type: text +-- -type: keyword - --- - -*`googlecloud.audit.request.resource_name`*:: +*`process.entity_id`*:: + -- -Name of the request resource. - +Unique identifier for the process. +The implementation of this is specified by the data source, but some examples of what could be used here are a process-generated UUID, Sysmon Process GUIDs, or a hash of some uniquely identifying components of a process. +Constructing a globally unique identifier is a common practice to mitigate PID reuse as well as to identify a specific process over time, across multiple monitored hosts. type: keyword --- - -[float] -=== request_metadata - -Metadata about the request. - +example: c2c455d9f99375d +-- -*`googlecloud.audit.request_metadata.caller_ip`*:: +*`process.executable`*:: + -- -The IP address of the caller. +Absolute path to the process executable. +type: keyword -type: ip +example: /usr/bin/ssh -- -*`googlecloud.audit.request_metadata.caller_supplied_user_agent`*:: +*`process.executable.text`*:: + -- -The user agent of the caller. This information is not authenticated and should be treated accordingly. - - -type: keyword +type: text -- -[float] -=== response - -The operation response. - - - -*`googlecloud.audit.response.proto_name`*:: +*`process.exit_code`*:: + -- -Type property of the response. +The exit code of the process, if this is a termination event. +The field should be absent if there is no exit code for the event (e.g. process start). +type: long -type: keyword +example: 137 -- -[float] -=== details - -The details of the response. - - - -*`googlecloud.audit.response.details.group`*:: +*`process.hash.md5`*:: + -- -The name of the group. - +MD5 hash. type: keyword -- -*`googlecloud.audit.response.details.kind`*:: +*`process.hash.sha1`*:: + -- -The kind of the response details. - +SHA1 hash. type: keyword -- -*`googlecloud.audit.response.details.name`*:: +*`process.hash.sha256`*:: + -- -The name of the response details. - +SHA256 hash. type: keyword -- -*`googlecloud.audit.response.details.uid`*:: +*`process.hash.sha512`*:: + -- -The uid of the response details. - +SHA512 hash. type: keyword -- -*`googlecloud.audit.response.status`*:: +*`process.name`*:: + -- -Status of the response. - +Process name. +Sometimes called program name or similar. type: keyword +example: ssh + -- -*`googlecloud.audit.resource_name`*:: +*`process.name.text`*:: + -- -The resource or collection that is the target of the operation. The name is a scheme-less URI, not including the API service name. For example, 'shelves/SHELF_ID/books'. - - -type: keyword +type: text -- -[float] -=== resource_location - -The location of the resource. - - - -*`googlecloud.audit.resource_location.current_locations`*:: +*`process.parent.args`*:: + -- -Current locations of the resource. - +Array of process arguments. +May be filtered to protect sensitive information. type: keyword +example: ['ssh', '-l', 'user', '10.0.0.16'] + -- -*`googlecloud.audit.service_name`*:: +*`process.parent.args_count`*:: + -- -The name of the API service performing the operation. For example, datastore.googleapis.com. +Length of the process.args array. +This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. +type: long -type: keyword +example: 4 -- -[float] -=== status - -The status of the overall operation. - - - -*`googlecloud.audit.status.code`*:: +*`process.parent.code_signature.exists`*:: + -- -The status code, which should be an enum value of google.rpc.Code. +Boolean to capture if a signature is present. +type: boolean -type: integer +example: true -- -*`googlecloud.audit.status.message`*:: +*`process.parent.code_signature.status`*:: + -- -A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. - +Additional information about the certificate status. +This is useful for logging cryptographic errors with the certificate validity or trust status. Leave unpopulated if the validity or trust of the certificate was unchecked. type: keyword +example: ERROR_UNTRUSTED_ROOT + -- -[float] -=== firewall +*`process.parent.code_signature.subject_name`*:: ++ +-- +Subject name of the code signer -Fields for Google Cloud Firewall logs. +type: keyword +example: Microsoft Corporation +-- -[float] -=== rule_details +*`process.parent.code_signature.trusted`*:: ++ +-- +Stores the trust status of the certificate chain. +Validating the trust of the certificate chain may be complicated, and this field should only be populated by tools that actively check the status. -Description of the firewall rule that matched this connection. +type: boolean +example: true +-- -*`googlecloud.firewall.rule_details.priority`*:: +*`process.parent.code_signature.valid`*:: + -- -The priority for the firewall rule. +Boolean to capture if the digital signature is verified against the binary content. +Leave unpopulated if a certificate was unchecked. -type: long +type: boolean + +example: true -- -*`googlecloud.firewall.rule_details.action`*:: +*`process.parent.command_line`*:: + -- -Action that the rule performs on match. +Full command line that started the process, including the absolute path to the executable, and all arguments. +Some arguments may be filtered to protect sensitive information. type: keyword +example: /usr/bin/ssh -l user 10.0.0.16 + -- -*`googlecloud.firewall.rule_details.direction`*:: +*`process.parent.command_line.text`*:: + -- -Direction of traffic that matches this rule. - -type: keyword +type: text -- -*`googlecloud.firewall.rule_details.reference`*:: +*`process.parent.entity_id`*:: + -- -Reference to the firewall rule. +Unique identifier for the process. +The implementation of this is specified by the data source, but some examples of what could be used here are a process-generated UUID, Sysmon Process GUIDs, or a hash of some uniquely identifying components of a process. +Constructing a globally unique identifier is a common practice to mitigate PID reuse as well as to identify a specific process over time, across multiple monitored hosts. type: keyword +example: c2c455d9f99375d + -- -*`googlecloud.firewall.rule_details.source_range`*:: +*`process.parent.executable`*:: + -- -List of source ranges that the firewall rule applies to. +Absolute path to the process executable. type: keyword +example: /usr/bin/ssh + -- -*`googlecloud.firewall.rule_details.destination_range`*:: +*`process.parent.executable.text`*:: + -- -List of destination ranges that the firewall applies to. - -type: keyword +type: text -- -*`googlecloud.firewall.rule_details.source_tag`*:: +*`process.parent.exit_code`*:: + -- -List of all the source tags that the firewall rule applies to. +The exit code of the process, if this is a termination event. +The field should be absent if there is no exit code for the event (e.g. process start). +type: long -type: keyword +example: 137 -- -*`googlecloud.firewall.rule_details.target_tag`*:: +*`process.parent.hash.md5`*:: + -- -List of all the target tags that the firewall rule applies to. - +MD5 hash. type: keyword -- -*`googlecloud.firewall.rule_details.ip_port_info`*:: +*`process.parent.hash.sha1`*:: + -- -List of ip protocols and applicable port ranges for rules. - +SHA1 hash. -type: array +type: keyword -- -*`googlecloud.firewall.rule_details.source_service_account`*:: +*`process.parent.hash.sha256`*:: + -- -List of all the source service accounts that the firewall rule applies to. - +SHA256 hash. type: keyword -- -*`googlecloud.firewall.rule_details.target_service_account`*:: +*`process.parent.hash.sha512`*:: + -- -List of all the target service accounts that the firewall rule applies to. - +SHA512 hash. type: keyword -- -[float] -=== vpcflow +*`process.parent.name`*:: ++ +-- +Process name. +Sometimes called program name or similar. -Fields for Google Cloud VPC flow logs. +type: keyword +example: ssh +-- -*`googlecloud.vpcflow.reporter`*:: +*`process.parent.name.text`*:: + -- -The side which reported the flow. Can be either 'SRC' or 'DEST'. - - -type: keyword +type: text -- -*`googlecloud.vpcflow.rtt.ms`*:: +*`process.parent.pgid`*:: + -- -Latency as measured (for TCP flows only) during the time interval. This is the time elapsed between sending a SEQ and receiving a corresponding ACK and it contains the network RTT as well as the application related delay. - +Identifier of the group of processes the process belongs to. type: long +format: string + -- -[[exported-fields-haproxy]] -== HAProxy fields +*`process.parent.pid`*:: ++ +-- +Process id. -haproxy Module +type: long +example: 4242 +format: string -[float] -=== haproxy +-- +*`process.parent.ppid`*:: ++ +-- +Parent process' pid. +type: long +example: 4241 -*`haproxy.frontend_name`*:: -+ --- -Name of the frontend (or listener) which received and processed the connection. +format: string -- -*`haproxy.backend_name`*:: +*`process.parent.start`*:: + -- -Name of the backend (or listener) which was selected to manage the connection to the server. +The time the process started. --- +type: date -*`haproxy.server_name`*:: -+ --- -Name of the last server to which the connection was sent. +example: 2016-05-23T08:05:34.853Z -- -*`haproxy.total_waiting_time_ms`*:: +*`process.parent.thread.id`*:: + -- -Total time in milliseconds spent waiting in the various queues +Thread ID. type: long --- - -*`haproxy.connection_wait_time_ms`*:: -+ --- -Total time in milliseconds spent waiting for the connection to establish to the final server +example: 4242 -type: long +format: string -- -*`haproxy.bytes_read`*:: +*`process.parent.thread.name`*:: + -- -Total number of bytes transmitted to the client when the log is emitted. +Thread name. -type: long +type: keyword + +example: thread-0 -- -*`haproxy.time_queue`*:: +*`process.parent.title`*:: + -- -Total time in milliseconds spent waiting in the various queues. +Process title. +The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. -type: long +type: keyword -- -*`haproxy.time_backend_connect`*:: +*`process.parent.title.text`*:: + -- -Total time in milliseconds spent waiting for the connection to establish to the final server, including retries. - -type: long +type: text -- -*`haproxy.server_queue`*:: +*`process.parent.uptime`*:: + -- -Total number of requests which were processed before this one in the server queue. +Seconds the process has been up. type: long +example: 1325 + -- -*`haproxy.backend_queue`*:: +*`process.parent.working_directory`*:: + -- -Total number of requests which were processed before this one in the backend's global queue. +The working directory of the process. -type: long +type: keyword + +example: /home/alice -- -*`haproxy.bind_name`*:: +*`process.parent.working_directory.text`*:: + -- -Name of the listening address which received the connection. +type: text -- -*`haproxy.error_message`*:: +*`process.pe.company`*:: + -- -Error message logged by HAProxy in case of error. +Internal company name of the file, provided at compile-time. -type: text +type: keyword + +example: Microsoft Corporation -- -*`haproxy.source`*:: +*`process.pe.description`*:: + -- -The HAProxy source of the log +Internal description of the file, provided at compile-time. type: keyword +example: Paint + -- -*`haproxy.termination_state`*:: +*`process.pe.file_version`*:: + -- -Condition the session was in when the session ended. +Internal version of the file, provided at compile-time. + +type: keyword + +example: 6.3.9600.17415 -- -*`haproxy.mode`*:: +*`process.pe.original_file_name`*:: + -- -mode that the frontend is operating (TCP or HTTP) +Internal name of the file, provided at compile-time. type: keyword +example: MSPAINT.EXE + -- -[float] -=== connections +*`process.pe.product`*:: ++ +-- +Internal product name of the file, provided at compile-time. -Contains various counts of connections active in the process. +type: keyword +example: Microsoft® Windows® Operating System -*`haproxy.connections.active`*:: +-- + +*`process.pgid`*:: + -- -Total number of concurrent connections on the process when the session was logged. +Identifier of the group of processes the process belongs to. type: long +format: string + -- -*`haproxy.connections.frontend`*:: +*`process.pid`*:: + -- -Total number of concurrent connections on the frontend when the session was logged. +Process id. type: long +example: 4242 + +format: string + -- -*`haproxy.connections.backend`*:: +*`process.ppid`*:: + -- -Total number of concurrent connections handled by the backend when the session was logged. +Parent process' pid. type: long +example: 4241 + +format: string + -- -*`haproxy.connections.server`*:: +*`process.start`*:: + -- -Total number of concurrent connections still active on the server when the session was logged. +The time the process started. -type: long +type: date + +example: 2016-05-23T08:05:34.853Z -- -*`haproxy.connections.retries`*:: +*`process.thread.id`*:: + -- -Number of connection retries experienced by this session when trying to connect to the server. +Thread ID. type: long --- - -[float] -=== client +example: 4242 -Information about the client doing the request +format: string +-- -*`haproxy.client.ip`*:: +*`process.thread.name`*:: + -- -type: alias +Thread name. -alias to: source.address +type: keyword + +example: thread-0 -- -*`haproxy.client.port`*:: +*`process.title`*:: + -- -type: alias +Process title. +The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. -alias to: source.port +type: keyword -- -*`haproxy.process_name`*:: +*`process.title.text`*:: + -- -type: alias - -alias to: process.name +type: text -- -*`haproxy.pid`*:: +*`process.uptime`*:: + -- -type: alias - -alias to: process.pid - --- +Seconds the process has been up. -[float] -=== destination +type: long -Destination information +example: 1325 +-- -*`haproxy.destination.port`*:: +*`process.working_directory`*:: + -- -type: alias +The working directory of the process. -alias to: destination.port +type: keyword + +example: /home/alice -- -*`haproxy.destination.ip`*:: +*`process.working_directory.text`*:: + -- -type: alias - -alias to: destination.ip +type: text -- [float] -=== geoip - -Contains GeoIP information gathered based on the client.ip field. Only present if the GeoIP Elasticsearch plugin is available and used. +=== registry +Fields related to Windows Registry operations. -*`haproxy.geoip.continent_name`*:: +*`registry.data.bytes`*:: + -- -type: alias +Original bytes written with base64 encoding. +For Windows registry operations, such as SetValueEx and RegQueryValueEx, this corresponds to the data pointed by `lp_data`. This is optional but provides better recoverability and should be populated for REG_BINARY encoded values. -alias to: source.geo.continent_name +type: keyword + +example: ZQBuAC0AVQBTAAAAZQBuAAAAAAA= -- -*`haproxy.geoip.country_iso_code`*:: +*`registry.data.strings`*:: + -- -type: alias +Content when writing string types. +Populated as an array when writing string data to the registry. For single string registry types (REG_SZ, REG_EXPAND_SZ), this should be an array with one string. For sequences of string with REG_MULTI_SZ, this array will be variable length. For numeric data, such as REG_DWORD and REG_QWORD, this should be populated with the decimal representation (e.g `"1"`). -alias to: source.geo.country_iso_code +type: keyword + +example: ["C:\rta\red_ttp\bin\myapp.exe"] -- -*`haproxy.geoip.location`*:: +*`registry.data.type`*:: + -- -type: alias +Standard registry type for encoding contents -alias to: source.geo.location +type: keyword + +example: REG_SZ -- -*`haproxy.geoip.region_name`*:: +*`registry.hive`*:: + -- -type: alias +Abbreviated name for the hive. -alias to: source.geo.region_name +type: keyword + +example: HKLM -- -*`haproxy.geoip.city_name`*:: +*`registry.key`*:: + -- -type: alias +Hive-relative path of keys. -alias to: source.geo.city_name +type: keyword + +example: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe -- -*`haproxy.geoip.region_iso_code`*:: +*`registry.path`*:: + -- -type: alias +Full path, including hive, key and value -alias to: source.geo.region_iso_code +type: keyword + +example: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger -- -[float] -=== http +*`registry.value`*:: ++ +-- +Name of the value written. -Please add description +type: keyword + +example: Debugger +-- [float] -=== response +=== related -Fields related to the HTTP response +This field set is meant to facilitate pivoting around a piece of data. +Some pieces of information can be seen in many places in an ECS event. To facilitate searching for them, store an array of all seen values to their corresponding field in `related.`. +A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:192.0.2.15`. -*`haproxy.http.response.captured_cookie`*:: +*`related.hash`*:: + -- -Optional "name=value" entry indicating that the client had this cookie in the response. +All the hashes seen on your event. Populating this field, then using it to search for hashes can help in situations where you're unsure what the hash algorithm is (and therefore which key name to search). +type: keyword -- -*`haproxy.http.response.captured_headers`*:: +*`related.ip`*:: + -- -List of headers captured in the response due to the presence of the "capture response header" statement in the frontend. - +All of the IPs seen on your event. -type: keyword +type: ip -- -*`haproxy.http.response.status_code`*:: +*`related.user`*:: + -- -type: alias +All the user names seen on your event. -alias to: http.response.status_code +type: keyword -- [float] -=== request +=== rule -Fields related to the HTTP request +Rule fields are used to capture the specifics of any observer or agent rules that generate alerts or other notable events. +Examples of data sources that would populate the rule fields include: network admission control platforms, network or host IDS/IPS, network firewalls, web application firewalls, url filters, endpoint detection and response (EDR) systems, etc. -*`haproxy.http.request.captured_cookie`*:: +*`rule.author`*:: + -- -Optional "name=value" entry indicating that the server has returned a cookie with its request. +Name, organization, or pseudonym of the author or authors who created the rule used to generate this event. + +type: keyword +example: ['Star-Lord'] -- -*`haproxy.http.request.captured_headers`*:: +*`rule.category`*:: + -- -List of headers captured in the request due to the presence of the "capture request header" statement in the frontend. - +A categorization value keyword used by the entity using the rule for detection of this event. type: keyword +example: Attempted Information Leak + -- -*`haproxy.http.request.raw_request_line`*:: +*`rule.description`*:: + -- -Complete HTTP request line, including the method, request and HTTP version string. +The description of the rule generating the event. type: keyword +example: Block requests to public DNS over HTTPS / TLS protocols + -- -*`haproxy.http.request.time_wait_without_data_ms`*:: +*`rule.id`*:: + -- -Total time in milliseconds spent waiting for the server to send a full HTTP response, not counting data. +A rule ID that is unique within the scope of an agent, observer, or other entity using the rule for detection of this event. -type: long +type: keyword --- +example: 101 -*`haproxy.http.request.time_wait_ms`*:: -+ -- -Total time in milliseconds spent waiting for a full HTTP request from the client (not counting body) after the first byte was received. - -type: long +*`rule.license`*:: ++ -- +Name of the license under which the rule used to generate this event is made available. -[float] -=== tcp - -TCP log format +type: keyword +example: Apache 2.0 -*`haproxy.tcp.connection_waiting_time_ms`*:: -+ -- -Total time in milliseconds elapsed between the accept and the last close - -type: long +*`rule.name`*:: ++ -- +The name of the rule or signature generating the event. -[[exported-fields-host-processor]] -== Host fields - -Info collected for the host machine. - +type: keyword +example: BLOCK_DNS_over_TLS +-- -*`host.containerized`*:: +*`rule.reference`*:: + -- -If the host is a container. +Reference URL to additional information about the rule used to generate this event. +The URL can point to the vendor's documentation about the rule. If that's not available, it can also be a link to a more general page describing this type of alert. +type: keyword -type: boolean +example: https://en.wikipedia.org/wiki/DNS_over_TLS -- -*`host.os.build`*:: +*`rule.ruleset`*:: + -- -OS build information. - +Name of the ruleset, policy, group, or parent category in which the rule used to generate this event is a member. type: keyword -example: 18D109 +example: Standard_Protocol_Filters -- -*`host.os.codename`*:: +*`rule.uuid`*:: + -- -OS codename, if any. - +A rule ID that is unique within the scope of a set or group of agents, observers, or other entities using the rule for detection of this event. type: keyword -example: stretch +example: 1100110011 -- -[[exported-fields-ibmmq]] -== ibmmq fields - -ibmmq Module - - - -[float] -=== ibmmq +*`rule.version`*:: ++ +-- +The version / revision of the rule being used for analysis. +type: keyword +example: 1.1 +-- [float] -=== errorlog +=== server -IBM MQ error logs +A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. +For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. +Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately. -*`ibmmq.errorlog.installation`*:: +*`server.address`*:: + -- -This is the installation name which can be given at installation time. -Each installation of IBM MQ on UNIX, Linux, and Windows, has a unique identifier known as an installation name. The installation name is used to associate things such as queue managers and configuration files with an installation. - +Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. type: keyword -- -*`ibmmq.errorlog.qmgr`*:: +*`server.as.number`*:: + -- -Name of the queue manager. Queue managers provide queuing services to applications, and manages the queues that belong to them. +Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. +type: long -type: keyword +example: 15169 -- -*`ibmmq.errorlog.arithinsert`*:: +*`server.as.organization.name`*:: + -- -Changing content based on error.id +Organization name. type: keyword +example: Google LLC + -- -*`ibmmq.errorlog.commentinsert`*:: +*`server.as.organization.name.text`*:: + -- -Changing content based on error.id - -type: keyword +type: text -- -*`ibmmq.errorlog.errordescription`*:: +*`server.bytes`*:: + -- -Please add description +Bytes sent from the server to the client. -type: text +type: long -example: Please add example +example: 184 + +format: bytes -- -*`ibmmq.errorlog.explanation`*:: +*`server.domain`*:: + -- -Explaines the error in more detail +Server domain. type: keyword -- -*`ibmmq.errorlog.action`*:: +*`server.geo.city_name`*:: + -- -Defines what to do when the error occurs +City name. type: keyword +example: Montreal + -- -*`ibmmq.errorlog.code`*:: +*`server.geo.continent_name`*:: + -- -Error code. +Name of the continent. type: keyword --- - -[[exported-fields-icinga]] -== Icinga fields - -Icinga Module - - - -[float] -=== icinga - - - - -[float] -=== debug - -Contains fields for the Icinga debug logs. - +example: North America +-- -*`icinga.debug.facility`*:: +*`server.geo.country_iso_code`*:: + -- -Specifies what component of Icinga logged the message. - +Country ISO code. type: keyword +example: CA + -- -*`icinga.debug.severity`*:: +*`server.geo.country_name`*:: + -- -type: alias +Country name. -alias to: log.level +type: keyword + +example: Canada -- -*`icinga.debug.message`*:: +*`server.geo.location`*:: + -- -type: alias +Longitude and latitude. -alias to: message +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } -- -[float] -=== main +*`server.geo.name`*:: ++ +-- +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. -Contains fields for the Icinga main logs. +type: keyword +example: boston-dc +-- -*`icinga.main.facility`*:: +*`server.geo.region_iso_code`*:: + -- -Specifies what component of Icinga logged the message. - +Region ISO code. type: keyword +example: CA-QC + -- -*`icinga.main.severity`*:: +*`server.geo.region_name`*:: + -- -type: alias +Region name. -alias to: log.level +type: keyword + +example: Quebec -- -*`icinga.main.message`*:: +*`server.ip`*:: + -- -type: alias +IP address of the server. +Can be one or multiple IPv4 or IPv6 addresses. -alias to: message +type: ip -- -[float] -=== startup - -Contains fields for the Icinga startup logs. - - - -*`icinga.startup.facility`*:: +*`server.mac`*:: + -- -Specifies what component of Icinga logged the message. - +MAC address of the server. type: keyword -- -*`icinga.startup.severity`*:: +*`server.nat.ip`*:: + -- -type: alias +Translated ip of destination based NAT sessions (e.g. internet to private DMZ) +Typically used with load balancers, firewalls, or routers. -alias to: log.level +type: ip -- -*`icinga.startup.message`*:: +*`server.nat.port`*:: + -- -type: alias - -alias to: message - --- - -[[exported-fields-iis]] -== IIS fields - -Module for parsing IIS log files. - - - -[float] -=== iis - -Fields from IIS log files. - - - -[float] -=== access +Translated port of destination based NAT sessions (e.g. internet to private DMZ) +Typically used with load balancers, firewalls, or routers. -Contains fields for IIS access logs. +type: long +format: string +-- -*`iis.access.sub_status`*:: +*`server.packets`*:: + -- -The HTTP substatus code. - +Packets sent from the server to the client. type: long +example: 12 + -- -*`iis.access.win32_status`*:: +*`server.port`*:: + -- -The Windows status code. - +Port of the server. type: long +format: string + -- -*`iis.access.site_name`*:: +*`server.registered_domain`*:: + -- -The site name and instance number. - +The highest registered server domain, stripped of the subdomain. +For example, the registered domain for "foo.google.com" is "google.com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". type: keyword +example: google.com + -- -*`iis.access.server_name`*:: +*`server.top_level_domain`*:: + -- -The name of the server on which the log file entry was generated. - +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". type: keyword +example: co.uk + -- -*`iis.access.cookie`*:: +*`server.user.domain`*:: + -- -The content of the cookie sent or received, if any. - +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. type: keyword -- -*`iis.access.body_received.bytes`*:: +*`server.user.email`*:: + -- -type: alias +User email address. -alias to: http.request.body.bytes +type: keyword -- -*`iis.access.body_sent.bytes`*:: +*`server.user.full_name`*:: + -- -type: alias +User's full name, if available. -alias to: http.response.body.bytes +type: keyword + +example: Albert Einstein -- -*`iis.access.server_ip`*:: +*`server.user.full_name.text`*:: + -- -type: alias - -alias to: destination.address +type: text -- -*`iis.access.method`*:: +*`server.user.group.domain`*:: + -- -type: alias +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. -alias to: http.request.method +type: keyword -- -*`iis.access.url`*:: +*`server.user.group.id`*:: + -- -type: alias +Unique identifier for the group on the system/platform. -alias to: url.path +type: keyword -- -*`iis.access.query_string`*:: +*`server.user.group.name`*:: + -- -type: alias +Name of the group. -alias to: url.query +type: keyword -- -*`iis.access.port`*:: +*`server.user.hash`*:: + -- -type: alias +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. -alias to: destination.port +type: keyword -- -*`iis.access.user_name`*:: +*`server.user.id`*:: + -- -type: alias +Unique identifiers of the user. -alias to: user.name +type: keyword -- -*`iis.access.remote_ip`*:: +*`server.user.name`*:: + -- -type: alias +Short name or login of the user. -alias to: source.address +type: keyword + +example: albert -- -*`iis.access.referrer`*:: +*`server.user.name.text`*:: + -- -type: alias - -alias to: http.request.referrer +type: text -- -*`iis.access.response_code`*:: -+ --- -type: alias +[float] +=== service -alias to: http.response.status_code +The service fields describe the service for or from which the data was collected. +These fields help you find and correlate logs for a specific service and version. --- -*`iis.access.http_version`*:: +*`service.ephemeral_id`*:: + -- -type: alias +Ephemeral identifier of this service (if one exists). +This id normally changes across restarts, but `service.id` does not. -alias to: http.version +type: keyword + +example: 8a4f500f -- -*`iis.access.hostname`*:: +*`service.id`*:: + -- -type: alias +Unique identifier of the running service. If the service is comprised of many nodes, the `service.id` should be the same for all nodes. +This id should uniquely identify the service. This makes it possible to correlate logs and metrics for one specific service, no matter which particular node emitted the event. +Note that if you need to see the events from one specific host of the service, you should filter on that `host.name` or `host.id` instead. -alias to: host.hostname +type: keyword --- +example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6 +-- -*`iis.access.user_agent.device`*:: +*`service.name`*:: + -- -type: alias +Name of the service data is collected from. +The name of the service is normally user given. This allows for distributed services that run on multiple hosts to correlate the related instances based on the name. +In the case of Elasticsearch the `service.name` could contain the cluster name. For Beats the `service.name` is by default a copy of the `service.type` field if no name is specified. -alias to: user_agent.device.name +type: keyword + +example: elasticsearch-metrics -- -*`iis.access.user_agent.name`*:: +*`service.node.name`*:: + -- -type: alias +Name of a service node. +This allows for two nodes of the same service running on the same host to be differentiated. Therefore, `service.node.name` should typically be unique across nodes of a given service. +In the case of Elasticsearch, the `service.node.name` could contain the unique node name within the Elasticsearch cluster. In cases where the service doesn't have the concept of a node name, the host name or container name can be used to distinguish running instances that make up this service. If those do not provide uniqueness (e.g. multiple instances of the service running on the same host) - the node name can be manually set. -alias to: user_agent.name +type: keyword + +example: instance-0000000016 -- -*`iis.access.user_agent.os`*:: +*`service.state`*:: + -- -type: alias +Current state of the service. -alias to: user_agent.os.full_name +type: keyword -- -*`iis.access.user_agent.os_name`*:: +*`service.type`*:: + -- -type: alias +The type of the service data is collected from. +The type can be used to group and correlate logs and metrics from one service type. +Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. -alias to: user_agent.os.name +type: keyword + +example: elasticsearch -- -*`iis.access.user_agent.original`*:: +*`service.version`*:: + -- -type: alias +Version of the service the data was collected from. +This allows to look at a data set only for a specific version of a service. -alias to: user_agent.original +type: keyword + +example: 3.2.4 -- +[float] +=== source -*`iis.access.geoip.continent_name`*:: +Source fields describe details about the source of a packet/event. +Source fields are usually populated in conjunction with destination fields. + + +*`source.address`*:: + -- -type: alias +Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. -alias to: source.geo.continent_name +type: keyword -- -*`iis.access.geoip.country_iso_code`*:: +*`source.as.number`*:: + -- -type: alias +Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. -alias to: source.geo.country_iso_code +type: long + +example: 15169 -- -*`iis.access.geoip.location`*:: +*`source.as.organization.name`*:: + -- -type: alias +Organization name. -alias to: source.geo.location +type: keyword + +example: Google LLC -- -*`iis.access.geoip.region_name`*:: +*`source.as.organization.name.text`*:: + -- -type: alias - -alias to: source.geo.region_name +type: text -- -*`iis.access.geoip.city_name`*:: +*`source.bytes`*:: + -- -type: alias +Bytes sent from the source to the destination. -alias to: source.geo.city_name +type: long + +example: 184 + +format: bytes -- -*`iis.access.geoip.region_iso_code`*:: +*`source.domain`*:: + -- -type: alias +Source domain. -alias to: source.geo.region_iso_code +type: keyword -- -[float] -=== error +*`source.geo.city_name`*:: ++ +-- +City name. -Contains fields for IIS error logs. +type: keyword +example: Montreal +-- -*`iis.error.reason_phrase`*:: +*`source.geo.continent_name`*:: + -- -The HTTP reason phrase. - +Name of the continent. type: keyword +example: North America + -- -*`iis.error.queue_name`*:: +*`source.geo.country_iso_code`*:: + -- -The IIS application pool name. - +Country ISO code. type: keyword +example: CA + -- -*`iis.error.remote_ip`*:: +*`source.geo.country_name`*:: + -- -type: alias +Country name. -alias to: source.address +type: keyword + +example: Canada -- -*`iis.error.remote_port`*:: +*`source.geo.location`*:: + -- -type: alias +Longitude and latitude. -alias to: source.port +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } -- -*`iis.error.server_ip`*:: +*`source.geo.name`*:: + -- -type: alias +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. -alias to: destination.address +type: keyword + +example: boston-dc -- -*`iis.error.server_port`*:: +*`source.geo.region_iso_code`*:: + -- -type: alias +Region ISO code. -alias to: destination.port +type: keyword + +example: CA-QC -- -*`iis.error.http_version`*:: +*`source.geo.region_name`*:: + -- -type: alias +Region name. -alias to: http.version +type: keyword + +example: Quebec -- -*`iis.error.method`*:: +*`source.ip`*:: + -- -type: alias +IP address of the source. +Can be one or multiple IPv4 or IPv6 addresses. -alias to: http.request.method +type: ip -- -*`iis.error.url`*:: +*`source.mac`*:: + -- -type: alias +MAC address of the source. -alias to: url.original +type: keyword -- -*`iis.error.response_code`*:: +*`source.nat.ip`*:: + -- -type: alias +Translated ip of source based NAT sessions (e.g. internal client to internet) +Typically connections traversing load balancers, firewalls, or routers. -alias to: http.response.status_code +type: ip -- - -*`iis.error.geoip.continent_name`*:: +*`source.nat.port`*:: + -- -type: alias +Translated port of source based NAT sessions. (e.g. internal client to internet) +Typically used with load balancers, firewalls, or routers. -alias to: source.geo.continent_name +type: long + +format: string -- -*`iis.error.geoip.country_iso_code`*:: +*`source.packets`*:: + -- -type: alias +Packets sent from the source to the destination. -alias to: source.geo.country_iso_code +type: long + +example: 12 -- -*`iis.error.geoip.location`*:: +*`source.port`*:: + -- -type: alias +Port of the source. -alias to: source.geo.location +type: long + +format: string -- -*`iis.error.geoip.region_name`*:: +*`source.registered_domain`*:: + -- -type: alias +The highest registered source domain, stripped of the subdomain. +For example, the registered domain for "foo.google.com" is "google.com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". -alias to: source.geo.region_name +type: keyword + +example: google.com -- -*`iis.error.geoip.city_name`*:: +*`source.top_level_domain`*:: + -- -type: alias +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". -alias to: source.geo.city_name +type: keyword + +example: co.uk -- -*`iis.error.geoip.region_iso_code`*:: +*`source.user.domain`*:: + -- -type: alias +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. -alias to: source.geo.region_iso_code +type: keyword -- -[[exported-fields-iptables]] -== iptables fields - -Module for handling the iptables logs. - - - -[float] -=== iptables - -Fields from the iptables logs. +*`source.user.email`*:: ++ +-- +User email address. +type: keyword +-- -*`iptables.ether_type`*:: +*`source.user.full_name`*:: + -- -Value of the ethernet type field identifying the network layer protocol. +User's full name, if available. +type: keyword -type: long +example: Albert Einstein -- -*`iptables.flow_label`*:: +*`source.user.full_name.text`*:: + -- -IPv6 flow label. - - -type: integer +type: text -- -*`iptables.fragment_flags`*:: +*`source.user.group.domain`*:: + -- -IP fragment flags. A combination of CE, DF and MF. - +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. type: keyword -- -*`iptables.fragment_offset`*:: +*`source.user.group.id`*:: + -- -Offset of the current IP fragment. - +Unique identifier for the group on the system/platform. -type: long +type: keyword -- -[float] -=== icmp - -ICMP fields. - - - -*`iptables.icmp.code`*:: +*`source.user.group.name`*:: + -- -ICMP code. - +Name of the group. -type: long +type: keyword -- -*`iptables.icmp.id`*:: +*`source.user.hash`*:: + -- -ICMP ID. - +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. -type: long +type: keyword -- -*`iptables.icmp.parameter`*:: +*`source.user.id`*:: + -- -ICMP parameter. - +Unique identifiers of the user. -type: long +type: keyword -- -*`iptables.icmp.redirect`*:: +*`source.user.name`*:: + -- -ICMP redirect address. +Short name or login of the user. +type: keyword -type: ip +example: albert -- -*`iptables.icmp.seq`*:: +*`source.user.name.text`*:: + -- -ICMP sequence number. +type: text +-- -type: long +[float] +=== threat --- +Fields to classify events and alerts according to a threat taxonomy such as the Mitre ATT&CK framework. +These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to capture the high level category of the threat (e.g. "impact"). The threat.technique.* fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. "endpoint denial of service"). -*`iptables.icmp.type`*:: + +*`threat.framework`*:: + -- -ICMP type. +Name of the threat framework used to further categorize and classify the tactic and technique of the reported threat. Framework classification can be provided by detecting systems, evaluated at ingest time, or retrospectively tagged to events. +type: keyword -type: long +example: MITRE ATT&CK -- -*`iptables.id`*:: +*`threat.tactic.id`*:: + -- -Packet identifier. +The id of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +type: keyword -type: long +example: TA0040 -- -*`iptables.incomplete_bytes`*:: +*`threat.tactic.name`*:: + -- -Number of incomplete bytes. +Name of the type of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +type: keyword -type: long +example: impact -- -*`iptables.input_device`*:: +*`threat.tactic.reference`*:: + -- -Device that received the packet. - +The reference url of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword +example: https://attack.mitre.org/tactics/TA0040/ + -- -*`iptables.precedence_bits`*:: +*`threat.technique.id`*:: + -- -IP precedence bits. +The id of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +type: keyword -type: short +example: T1499 -- -*`iptables.tos`*:: +*`threat.technique.name`*:: + -- -IP Type of Service field. +The name of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +type: keyword -type: long +example: endpoint denial of service -- -*`iptables.length`*:: +*`threat.technique.name.text`*:: + -- -Packet length. - - -type: long +type: text -- -*`iptables.output_device`*:: +*`threat.technique.reference`*:: + -- -Device that output the packet. - +The reference url of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword +example: https://attack.mitre.org/techniques/T1499/ + -- [float] -=== tcp - -TCP fields. +=== tls +Fields related to a TLS connection. These fields focus on the TLS protocol itself and intentionally avoids in-depth analysis of the related x.509 certificate files. -*`iptables.tcp.flags`*:: +*`tls.cipher`*:: + -- -TCP flags. - +String indicating the cipher used during the current connection. type: keyword +example: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + -- -*`iptables.tcp.reserved_bits`*:: +*`tls.client.certificate`*:: + -- -TCP reserved bits. +PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list. +type: keyword -type: short +example: MII... -- -*`iptables.tcp.seq`*:: +*`tls.client.certificate_chain`*:: + -- -TCP sequence number. +Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain. +type: keyword -type: long +example: ['MII...', 'MII...'] -- -*`iptables.tcp.ack`*:: +*`tls.client.hash.md5`*:: + -- -TCP Acknowledgment number. +Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. +type: keyword -type: long +example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC -- -*`iptables.tcp.window`*:: +*`tls.client.hash.sha1`*:: + -- -Advertised TCP window size. +Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. +type: keyword -type: long +example: 9E393D93138888D288266C2D915214D1D1CCEB2A -- -*`iptables.ttl`*:: +*`tls.client.hash.sha256`*:: + -- -Time To Live field. +Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. +type: keyword -type: integer +example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 -- -[float] -=== udp +*`tls.client.issuer`*:: ++ +-- +Distinguished name of subject of the issuer of the x.509 certificate presented by the client. -UDP fields. +type: keyword +example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com +-- -*`iptables.udp.length`*:: +*`tls.client.ja3`*:: + -- -Length of the UDP header and payload. +A hash that identifies clients based on how they perform an SSL/TLS handshake. +type: keyword -type: long +example: d4e5b18d6b55c71272893221c96ba240 -- -[float] -=== ubiquiti +*`tls.client.not_after`*:: ++ +-- +Date/Time indicating when client certificate is no longer considered valid. -Fields for Ubiquiti network devices. +type: date +example: 2021-01-01T00:00:00.000Z +-- -*`iptables.ubiquiti.input_zone`*:: +*`tls.client.not_before`*:: + -- -Input zone. +Date/Time indicating when client certificate is first considered valid. +type: date -type: keyword +example: 1970-01-01T00:00:00.000Z -- -*`iptables.ubiquiti.output_zone`*:: +*`tls.client.server_name`*:: + -- -Output zone. - +Also called an SNI, this tells the server which hostname to which the client is attempting to connect. When this value is available, it should get copied to `destination.domain`. type: keyword +example: www.elastic.co + -- -*`iptables.ubiquiti.rule_number`*:: +*`tls.client.subject`*:: + -- -The rule number within the rule set. +Distinguished name of subject of the x.509 certificate presented by the client. type: keyword +example: CN=myclient, OU=Documentation Team, DC=mydomain, DC=com + -- -*`iptables.ubiquiti.rule_set`*:: +*`tls.client.supported_ciphers`*:: + -- -The rule set name. +Array of ciphers offered by the client during the client hello. type: keyword +example: ['TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', '...'] + -- -[[exported-fields-jolokia-autodiscover]] -== Jolokia Discovery autodiscover provider fields +*`tls.curve`*:: ++ +-- +String indicating the curve used for the given cipher, when applicable. -Metadata from Jolokia Discovery added by the jolokia provider. +type: keyword +example: secp256r1 +-- -*`jolokia.agent.version`*:: +*`tls.established`*:: + -- -Version number of jolokia agent. - +Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel. -type: keyword +type: boolean -- -*`jolokia.agent.id`*:: +*`tls.next_protocol`*:: + -- -Each agent has a unique id which can be either provided during startup of the agent in form of a configuration parameter or being autodetected. If autodected, the id has several parts: The IP, the process id, hashcode of the agent and its type. - +String indicating the protocol being tunneled. Per the values in the IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case. type: keyword +example: http/1.1 + -- -*`jolokia.server.product`*:: +*`tls.resumed`*:: + -- -The container product if detected. - +Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation. -type: keyword +type: boolean -- -*`jolokia.server.version`*:: +*`tls.server.certificate`*:: + -- -The container's version (if detected). - +PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list. type: keyword +example: MII... + -- -*`jolokia.server.vendor`*:: +*`tls.server.certificate_chain`*:: + -- -The vendor of the container the agent is running in. - +Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain. type: keyword +example: ['MII...', 'MII...'] + -- -*`jolokia.url`*:: +*`tls.server.hash.md5`*:: + -- -The URL how this agent can be contacted. - +Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword +example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC + -- -*`jolokia.secured`*:: +*`tls.server.hash.sha1`*:: + -- -Whether the agent was configured for authentication or not. +Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. +type: keyword -type: boolean +example: 9E393D93138888D288266C2D915214D1D1CCEB2A -- -[[exported-fields-kafka]] -== Kafka fields +*`tls.server.hash.sha256`*:: ++ +-- +Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. -Kafka module +type: keyword +example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 +-- -[float] -=== kafka +*`tls.server.issuer`*:: ++ +-- +Subject of the issuer of the x.509 certificate presented by the server. +type: keyword +example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com +-- -[float] -=== log +*`tls.server.ja3s`*:: ++ +-- +A hash that identifies servers based on how they perform an SSL/TLS handshake. -Kafka log lines. +type: keyword +example: 394441ab65754e2207b1e1b457b3641d +-- -*`kafka.log.level`*:: +*`tls.server.not_after`*:: + -- -type: alias +Timestamp indicating when server certificate is no longer considered valid. -alias to: log.level +type: date + +example: 2021-01-01T00:00:00.000Z -- -*`kafka.log.message`*:: +*`tls.server.not_before`*:: + -- -type: alias +Timestamp indicating when server certificate is first considered valid. -alias to: message +type: date + +example: 1970-01-01T00:00:00.000Z -- -*`kafka.log.component`*:: +*`tls.server.subject`*:: + -- -Component the log is coming from. - +Subject of the x.509 certificate presented by the server. type: keyword +example: CN=www.mydomain.com, OU=Infrastructure Team, DC=mydomain, DC=com + -- -*`kafka.log.class`*:: +*`tls.version`*:: + -- -Java class the log is coming from. +Numeric part of the version parsed from the original string. +type: keyword + +example: 1.2 + +-- + +*`tls.version_protocol`*:: ++ +-- +Normalized lowercase protocol name parsed from original string. type: keyword +example: tls + -- [float] -=== trace - -Trace in the log line. +=== tracing +Distributed tracing makes it possible to analyze performance throughout a microservice architecture all in one view. This is accomplished by tracing all of the requests - from the initial web request in the front-end service - to queries made through multiple back-end services. -*`kafka.log.trace.class`*:: +*`tracing.trace.id`*:: + -- -Java class the trace is coming from. - +Unique identifier of the trace. +A trace groups multiple events like transactions that belong together. For example, a user request handled by multiple inter-connected services. type: keyword +example: 4bf92f3577b34da6a3ce929d0e0e4736 + -- -*`kafka.log.trace.message`*:: +*`tracing.transaction.id`*:: + -- -Message part of the trace. +Unique identifier of the transaction. +A transaction is the highest level of work measured within a service, such as a request to a server. +type: keyword -type: text +example: 00f067aa0ba902b7 -- -[[exported-fields-kibana]] -== kibana fields - -kibana Module +[float] +=== url +URL fields provide support for complete or partial URLs, and supports the breaking down into scheme, domain, path, and so on. -[float] -=== kibana +*`url.domain`*:: ++ +-- +Domain of the url, such as "www.elastic.co". +In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. +type: keyword +example: www.elastic.co +-- -[float] -=== log +*`url.extension`*:: ++ +-- +The field contains the file extension from the original request url. +The file extension is only set if it exists, as not every url has a file extension. +The leading period must not be included. For example, the value must be "png", not ".png". -Kafka log lines. +type: keyword +example: png +-- -*`kibana.log.tags`*:: +*`url.fragment`*:: + -- -Kibana logging tags. - +Portion of the url after the `#`, such as "top". +The `#` is not part of the fragment. type: keyword -- -*`kibana.log.state`*:: +*`url.full`*:: + -- -Current state of Kibana. - +If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. type: keyword +example: https://www.elastic.co:443/search?q=elasticsearch#top + -- -*`kibana.log.meta`*:: +*`url.full.text`*:: + -- -type: object +type: text -- -*`kibana.log.kibana.log.meta.req.headers.referer`*:: +*`url.original`*:: + -- -type: alias +Unmodified original url as seen in the event source. +Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. +This field is meant to represent the URL as it was observed, complete or not. -alias to: http.request.referrer +type: keyword + +example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch -- -*`kibana.log.kibana.log.meta.req.referer`*:: +*`url.original.text`*:: + -- -type: alias - -alias to: http.request.referrer +type: text -- -*`kibana.log.kibana.log.meta.req.headers.user-agent`*:: +*`url.password`*:: + -- -type: alias +Password of the request. -alias to: user_agent.original +type: keyword -- -*`kibana.log.kibana.log.meta.req.remoteAddress`*:: +*`url.path`*:: + -- -type: alias +Path of the request, such as "/search". -alias to: source.address +type: keyword -- -*`kibana.log.kibana.log.meta.req.url`*:: +*`url.port`*:: + -- -type: alias +Port of the request, such as 443. -alias to: url.original +type: long + +example: 443 + +format: string -- -*`kibana.log.kibana.log.meta.statusCode`*:: +*`url.query`*:: + -- -type: alias +The query field describes the query string of the request, such as "q=elasticsearch". +The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases. -alias to: http.response.status_code +type: keyword -- -*`kibana.log.kibana.log.meta.method`*:: +*`url.registered_domain`*:: + -- -type: alias +The highest registered url domain, stripped of the subdomain. +For example, the registered domain for "foo.google.com" is "google.com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". -alias to: http.request.method +type: keyword --- +example: google.com -[[exported-fields-kubernetes-processor]] -== Kubernetes fields +-- -Kubernetes metadata added by the kubernetes processor +*`url.scheme`*:: ++ +-- +Scheme of the request, such as "https". +Note: The `:` is not part of the scheme. +type: keyword +example: https +-- -*`kubernetes.pod.name`*:: +*`url.top_level_domain`*:: + -- -Kubernetes pod name - +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". type: keyword +example: co.uk + -- -*`kubernetes.pod.uid`*:: +*`url.username`*:: + -- -Kubernetes Pod UID - +Username of the request. type: keyword -- -*`kubernetes.namespace`*:: +[float] +=== user + +The user fields describe information about the user that is relevant to the event. +Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. + + +*`user.domain`*:: + -- -Kubernetes namespace - +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. type: keyword -- -*`kubernetes.node.name`*:: +*`user.email`*:: + -- -Kubernetes node name - +User email address. type: keyword -- -*`kubernetes.labels.*`*:: +*`user.full_name`*:: + -- -Kubernetes labels map +User's full name, if available. +type: keyword -type: object +example: Albert Einstein -- -*`kubernetes.annotations.*`*:: +*`user.full_name.text`*:: + -- -Kubernetes annotations map - - -type: object +type: text -- -*`kubernetes.replicaset.name`*:: +*`user.group.domain`*:: + -- -Kubernetes replicaset name - +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. type: keyword -- -*`kubernetes.deployment.name`*:: +*`user.group.id`*:: + -- -Kubernetes deployment name - +Unique identifier for the group on the system/platform. type: keyword -- -*`kubernetes.statefulset.name`*:: +*`user.group.name`*:: + -- -Kubernetes statefulset name - +Name of the group. type: keyword -- -*`kubernetes.container.name`*:: +*`user.hash`*:: + -- -Kubernetes container name - +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. type: keyword -- -*`kubernetes.container.image`*:: +*`user.id`*:: + -- -Kubernetes container image - +Unique identifiers of the user. type: keyword -- -[[exported-fields-log]] -== Log file content fields - -Contains log file lines. - - - -*`log.file.path`*:: +*`user.name`*:: + -- -The file from which the line was read. This field contains the absolute path to the file. For example: `/var/log/system.log`. - +Short name or login of the user. type: keyword -required: False +example: albert -- -*`log.source.address`*:: +*`user.name.text`*:: + -- -Source address from which the log event was read / sent from. +type: text +-- -type: keyword +[float] +=== user_agent -required: False +The user_agent fields normally come from a browser request. +They often show up in web service logs coming from the parsed user agent string. --- -*`log.offset`*:: +*`user_agent.device.name`*:: + -- -The file offset the reported line starts at. - +Name of the device. -type: long +type: keyword -required: False +example: iPhone -- -*`stream`*:: +*`user_agent.name`*:: + -- -Log stream when reading container logs, can be 'stdout' or 'stderr' - +Name of the user agent. type: keyword -required: False +example: Safari -- -*`input.type`*:: +*`user_agent.original`*:: + -- -The input type from which the event was generated. This field is set to the value specified for the `type` option in the input section of the Filebeat config file. +Unparsed user_agent string. +type: keyword -required: True +example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1 -- -*`syslog.facility`*:: +*`user_agent.original.text`*:: + -- -The facility extracted from the priority. - - -type: long - -required: False +type: text -- -*`syslog.priority`*:: +*`user_agent.os.family`*:: + -- -The priority of the syslog event. - +OS family (such as redhat, debian, freebsd, windows). -type: long +type: keyword -required: False +example: debian -- -*`syslog.severity_label`*:: +*`user_agent.os.full`*:: + -- -The human readable severity. - +Operating system name, including the version or code name. type: keyword -required: False +example: Mac OS Mojave -- -*`syslog.facility_label`*:: +*`user_agent.os.full.text`*:: + -- -The human readable facility. - - -type: keyword - -required: False +type: text -- -*`process.program`*:: +*`user_agent.os.kernel`*:: + -- -The name of the program. - +Operating system kernel version as a raw string. type: keyword -required: False +example: 4.4.0-112-generic -- -*`log.flags`*:: +*`user_agent.os.name`*:: + -- -This field contains the flags of the event. +Operating system name, without the version. +type: keyword + +example: Mac OS X -- -*`http.response.content_length`*:: +*`user_agent.os.name.text`*:: + -- -type: alias - -alias to: http.response.body.bytes +type: text -- - - -*`user_agent.os.full_name`*:: +*`user_agent.os.platform`*:: + -- +Operating system platform (such centos, ubuntu, windows). + type: keyword +example: darwin + -- -*`fileset.name`*:: +*`user_agent.os.version`*:: + -- -The Filebeat fileset that generated this event. - +Operating system version as a raw string. type: keyword +example: 10.14.1 + -- -*`fileset.module`*:: +*`user_agent.version`*:: + -- -type: alias +Version of the user agent. -alias to: event.module +type: keyword --- +example: 12.0 -*`read_timestamp`*:: -+ -- -type: alias -alias to: event.created +[float] +=== vlan --- +The VLAN fields are used to identify 802.1q tag(s) of a packet, as well as ingress and egress VLAN associations of an observer in relation to a specific packet or connection. +Network.vlan fields are used to record a single VLAN tag, or the outer tag in the case of q-in-q encapsulations, for a packet or connection as observed, typically provided by a network sensor (e.g. Zeek, Wireshark) passively reporting on traffic. +Network.inner VLAN fields are used to report inner q-in-q 802.1q tags (multiple 802.1q encapsulations) as observed, typically provided by a network sensor (e.g. Zeek, Wireshark) passively reporting on traffic. Network.inner VLAN fields should only be used in addition to network.vlan fields to indicate q-in-q tagging. +Observer.ingress and observer.egress VLAN values are used to record observer specific information when observer events contain discrete ingress and egress VLAN information, typically provided by firewalls, routers, or load balancers. -*`docker.attrs`*:: + +*`vlan.id`*:: + -- -docker.attrs contains labels and environment variables written by docker's JSON File logging driver. These fields are only available when they are configured in the logging driver options. +VLAN ID as reported by the observer. +type: keyword -type: object +example: 10 -- -*`icmp.code`*:: +*`vlan.name`*:: + -- -ICMP code. - +Optional VLAN name as reported by the observer. type: keyword --- +example: outside -*`icmp.type`*:: -+ -- -ICMP type. +[float] +=== vulnerability -type: keyword +The vulnerability fields describe information about a vulnerability that is relevant to an event. --- -*`igmp.type`*:: +*`vulnerability.category`*:: + -- -IGMP type. - +The type of system or architecture that the vulnerability affects. These may be platform-specific (for example, Debian or SUSE) or general (for example, Database or Firewall). For example (https://qualysguard.qualys.com/qwebhelp/fo_portal/knowledgebase/vulnerability_categories.htm[Qualys vulnerability categories]) +This field must be an array. type: keyword --- +example: ["Firewall"] +-- -*`azure.eventhub`*:: +*`vulnerability.classification`*:: + -- -Name of the eventhub. - +The classification of the vulnerability scoring system. For example (https://www.first.org/cvss/) type: keyword +example: CVSS + -- -*`azure.offset`*:: +*`vulnerability.description`*:: + -- -The offset. +The description of the vulnerability that provides additional context of the vulnerability. For example (https://cve.mitre.org/about/faqs.html#cve_entry_descriptions_created[Common Vulnerabilities and Exposure CVE description]) +type: keyword -type: long +example: In macOS before 2.12.6, there is a vulnerability in the RPC... -- -*`azure.enqueued_time`*:: +*`vulnerability.description.text`*:: + -- -The enqueued time. - - -type: date +type: text -- -*`azure.partition_id`*:: +*`vulnerability.enumeration`*:: + -- -The partition id. +The type of identifier used for this vulnerability. For example (https://cve.mitre.org/about/) +type: keyword -type: long +example: CVE -- -*`azure.consumer_group`*:: +*`vulnerability.id`*:: + -- -The consumer group. - +The identification (ID) is the number portion of a vulnerability entry. It includes a unique identification number for the vulnerability. For example (https://cve.mitre.org/about/faqs.html#what_is_cve_id)[Common Vulnerabilities and Exposure CVE ID] type: keyword +example: CVE-2019-00001 + -- -*`azure.sequence_number`*:: +*`vulnerability.reference`*:: + -- -The sequence number. +A resource that provides additional information, context, and mitigations for the identified vulnerability. +type: keyword -type: long +example: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111 -- - -*`kafka.topic`*:: +*`vulnerability.report_id`*:: + -- -Kafka topic - +The report or scan identification number. type: keyword +example: 20191018.0001 + -- -*`kafka.partition`*:: +*`vulnerability.scanner.vendor`*:: + -- -Kafka partition number +The name of the vulnerability scanner vendor. +type: keyword -type: long +example: Tenable -- -*`kafka.offset`*:: +*`vulnerability.score.base`*:: + -- -Kafka offset of this message +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Base scores cover an assessment for exploitability metrics (attack vector, complexity, privileges, and user interaction), impact metrics (confidentiality, integrity, and availability), and scope. For example (https://www.first.org/cvss/specification-document) +type: float -type: long +example: 5.5 -- -*`kafka.key`*:: +*`vulnerability.score.environmental`*:: + -- -Kafka key, corresponding to the Kafka value stored in the message +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Environmental scores cover an assessment for any modified Base metrics, confidentiality, integrity, and availability requirements. For example (https://www.first.org/cvss/specification-document) +type: float -type: keyword +example: 5.5 -- -*`kafka.block_timestamp`*:: +*`vulnerability.score.temporal`*:: + -- -Kafka outer (compressed) block timestamp - +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Temporal scores cover an assessment for code maturity, remediation level, and confidence. For example (https://www.first.org/cvss/specification-document) -type: date +type: float -- -*`kafka.headers`*:: +*`vulnerability.score.version`*:: + -- -An array of Kafka header strings for this message, in the form ": ". - +The National Vulnerability Database (NVD) provides qualitative severity rankings of "Low", "Medium", and "High" for CVSS v2.0 base score ranges in addition to the severity ratings for CVSS v3.0 as they are defined in the CVSS v3.0 specification. +CVSS is owned and managed by FIRST.Org, Inc. (FIRST), a US-based non-profit organization, whose mission is to help computer security incident response teams across the world. For example (https://nvd.nist.gov/vuln-metrics/cvss) -type: array +type: keyword + +example: 2.0 -- -[[exported-fields-logstash]] -== logstash fields +*`vulnerability.severity`*:: ++ +-- +The severity of the vulnerability can help with metrics and internal prioritization regarding remediation. For example (https://nvd.nist.gov/vuln-metrics/cvss) -logstash Module +type: keyword +example: Critical +-- -[float] -=== logstash +[[exported-fields-elasticsearch]] +== Elasticsearch fields +elasticsearch Module [float] -=== log +=== elasticsearch -Fields from the Logstash logs. -*`logstash.log.module`*:: +*`elasticsearch.component`*:: + -- -The module or class where the event originate. - +Elasticsearch component from where the log event originated type: keyword +example: o.e.c.m.MetaDataCreateIndexService + -- -*`logstash.log.thread`*:: +*`elasticsearch.cluster.uuid`*:: + -- -Information about the running thread where the log originate. - +UUID of the cluster type: keyword +example: GmvrbHlNTiSVYiPf8kxg9g + -- -*`logstash.log.thread.text`*:: +*`elasticsearch.cluster.name`*:: + -- -type: text +Name of the cluster + +type: keyword + +example: docker-cluster -- -*`logstash.log.log_event`*:: +*`elasticsearch.node.id`*:: + -- -key and value debugging information. +ID of the node +type: keyword -type: object +example: DSiWcTyeThWtUXLB9J0BMw -- -*`logstash.log.pipeline_id`*:: +*`elasticsearch.node.name`*:: + -- -The ID of the pipeline. +Name of the node + +type: keyword + +example: vWNJsZ3 + +-- +*`elasticsearch.index.name`*:: ++ +-- +Index name type: keyword -example: main +example: filebeat-test-input -- -*`logstash.log.message`*:: +*`elasticsearch.index.id`*:: + -- -type: alias +Index id -alias to: message +type: keyword + +example: aOGgDwbURfCV57AScqbCgw -- -*`logstash.log.level`*:: +*`elasticsearch.shard.id`*:: + -- -type: alias +Id of the shard -alias to: log.level +type: keyword + +example: 0 -- [float] -=== slowlog +=== audit -slowlog -*`logstash.slowlog.module`*:: +*`elasticsearch.audit.layer`*:: + -- -The module or class where the event originate. - +The layer from which this event originated: rest, transport or ip_filter type: keyword +example: rest + -- -*`logstash.slowlog.thread`*:: +*`elasticsearch.audit.event_type`*:: + -- -Information about the running thread where the log originate. - +The type of event that occurred: anonymous_access_denied, authentication_failed, access_denied, access_granted, connection_granted, connection_denied, tampered_request, run_as_granted, run_as_denied type: keyword +example: access_granted + -- -*`logstash.slowlog.thread.text`*:: +*`elasticsearch.audit.origin.type`*:: + -- -type: text +Where the request originated: rest (request originated from a REST API request), transport (request was received on the transport channel), local_node (the local node issued the request) + +type: keyword + +example: local_node -- -*`logstash.slowlog.event`*:: +*`elasticsearch.audit.realm`*:: + -- -Raw dump of the original event - +The authentication realm the authentication was validated against type: keyword -- -*`logstash.slowlog.event.text`*:: +*`elasticsearch.audit.user.realm`*:: + -- -type: text +The user's authentication realm, if authenticated + +type: keyword -- -*`logstash.slowlog.plugin_name`*:: +*`elasticsearch.audit.user.roles`*:: + -- -Name of the plugin - +Roles to which the principal belongs type: keyword +example: ['kibana_user', 'beats_admin'] + -- -*`logstash.slowlog.plugin_type`*:: +*`elasticsearch.audit.action`*:: + -- -Type of the plugin: Inputs, Filters, Outputs or Codecs. - +The name of the action that was executed type: keyword +example: cluster:monitor/main + -- -*`logstash.slowlog.took_in_millis`*:: +*`elasticsearch.audit.url.params`*:: + -- -Execution time for the plugin in milliseconds. - +REST URI parameters -type: long +example: {username=jacknich2} -- -*`logstash.slowlog.plugin_params`*:: +*`elasticsearch.audit.indices`*:: + -- -String value of the plugin configuration - +Indices accessed by action type: keyword +example: ['foo-2019.01.04', 'foo-2019.01.03', 'foo-2019.01.06'] + -- -*`logstash.slowlog.plugin_params.text`*:: +*`elasticsearch.audit.request.id`*:: + -- -type: text +Unique ID of request + +type: keyword + +example: WzL_kb6VSvOhAq0twPvHOQ -- -*`logstash.slowlog.plugin_params_object`*:: +*`elasticsearch.audit.request.name`*:: + -- -key -> value of the configuration used by the plugin. +The type of request that was executed +type: keyword -type: object +example: ClearScrollRequest -- -*`logstash.slowlog.level`*:: +*`elasticsearch.audit.request_body`*:: + -- type: alias -alias to: log.level +alias to: http.request.body.content -- -*`logstash.slowlog.took_in_nanos`*:: +*`elasticsearch.audit.origin_address`*:: + -- type: alias -alias to: event.duration +alias to: source.ip -- -[[exported-fields-misp]] -== MISP fields - -Module for handling threat information from MISP. - - - -[float] -=== misp - -Fields from MISP threat information. - - - -[float] -=== attack_pattern - -Fields provide support for specifying information about attack patterns. - - - -*`misp.attack_pattern.id`*:: +*`elasticsearch.audit.uri`*:: + -- -Identifier of the threat indicator. - +type: alias -type: keyword +alias to: url.original -- -*`misp.attack_pattern.name`*:: +*`elasticsearch.audit.principal`*:: + -- -Name of the attack pattern. - +type: alias -type: keyword +alias to: user.name -- -*`misp.attack_pattern.description`*:: +*`elasticsearch.audit.message`*:: + -- -Description of the attack pattern. - - type: text -- -*`misp.attack_pattern.kill_chain_phases`*:: -+ --- -The kill chain phase(s) to which this attack pattern corresponds. +[float] +=== deprecation -type: keyword --- +[float] +=== gc + +GC fileset fields. + + [float] -=== campaign +=== phase -Fields provide support for specifying information about campaigns. +Fields specific to GC phase. -*`misp.campaign.id`*:: +*`elasticsearch.gc.phase.name`*:: + -- -Identifier of the campaign. +Name of the GC collection phase. type: keyword -- -*`misp.campaign.name`*:: +*`elasticsearch.gc.phase.duration_sec`*:: + -- -Name of the campaign. +Collection phase duration according to the Java virtual machine. -type: keyword +type: float -- -*`misp.campaign.description`*:: +*`elasticsearch.gc.phase.scrub_symbol_table_time_sec`*:: + -- -Description of the campaign. +Pause time in seconds cleaning up symbol tables. -type: text +type: float -- -*`misp.campaign.aliases`*:: +*`elasticsearch.gc.phase.scrub_string_table_time_sec`*:: + -- -Alternative names used to identify this campaign. +Pause time in seconds cleaning up string tables. -type: text +type: float -- -*`misp.campaign.first_seen`*:: +*`elasticsearch.gc.phase.weak_refs_processing_time_sec`*:: + -- -The time that this Campaign was first seen, in RFC3339 format. +Time spent processing weak references in seconds. -type: date +type: float -- -*`misp.campaign.last_seen`*:: +*`elasticsearch.gc.phase.parallel_rescan_time_sec`*:: + -- -The time that this Campaign was last seen, in RFC3339 format. +Time spent in seconds marking live objects while application is stopped. -type: date +type: float -- -*`misp.campaign.objective`*:: +*`elasticsearch.gc.phase.class_unload_time_sec`*:: + -- -This field defines the Campaign's primary goal, objective, desired outcome, or intended effect. +Time spent unloading unused classes in seconds. -type: keyword +type: float -- [float] -=== course_of_action +=== cpu_time -A Course of Action is an action taken either to prevent an attack or to respond to an attack that is in progress. +Process CPU time spent performing collections. -*`misp.course_of_action.id`*:: +*`elasticsearch.gc.phase.cpu_time.user_sec`*:: + -- -Identifier of the Course of Action. +CPU time spent outside the kernel. -type: keyword +type: float -- -*`misp.course_of_action.name`*:: +*`elasticsearch.gc.phase.cpu_time.sys_sec`*:: + -- -The name used to identify the Course of Action. +CPU time spent inside the kernel. -type: keyword +type: float -- -*`misp.course_of_action.description`*:: +*`elasticsearch.gc.phase.cpu_time.real_sec`*:: + -- -Description of the Course of Action. +Total elapsed CPU time spent to complete the collection from start to finish. -type: text +type: float -- -[float] -=== identity - -Identity can represent actual individuals, organizations, or groups, as well as classes of individuals, organizations, or groups. - - - -*`misp.identity.id`*:: +*`elasticsearch.gc.jvm_runtime_sec`*:: + -- -Identifier of the Identity. +The time from JVM start up in seconds, as a floating point number. -type: keyword +type: float -- -*`misp.identity.name`*:: +*`elasticsearch.gc.threads_total_stop_time_sec`*:: + -- -The name used to identify the Identity. +Garbage collection threads total stop time seconds. -type: keyword +type: float -- -*`misp.identity.description`*:: +*`elasticsearch.gc.stopping_threads_time_sec`*:: + -- -Description of the Identity. +Time took to stop threads seconds. -type: text +type: float -- -*`misp.identity.identity_class`*:: +*`elasticsearch.gc.tags`*:: + -- -The type of entity that this Identity describes, e.g., an individual or organization. Open Vocab - identity-class-ov +GC logging tags. type: keyword -- -*`misp.identity.labels`*:: -+ --- -The list of roles that this Identity performs. - - -type: keyword +[float] +=== heap -example: CEO +Heap allocation and total size. --- -*`misp.identity.sectors`*:: +*`elasticsearch.gc.heap.size_kb`*:: + -- -The list of sectors that this Identity belongs to. Open Vocab - industry-sector-ov +Total heap size in kilobytes. -type: keyword +type: integer -- -*`misp.identity.contact_information`*:: +*`elasticsearch.gc.heap.used_kb`*:: + -- -The contact information (e-mail, phone number, etc.) for this Identity. +Used heap in kilobytes. -type: text +type: integer -- [float] -=== intrusion_set +=== old_gen -An Intrusion Set is a grouped set of adversary behavior and resources with common properties that is believed to be orchestrated by a single organization. +Old generation occupancy and total size. -*`misp.intrusion_set.id`*:: +*`elasticsearch.gc.old_gen.size_kb`*:: + -- -Identifier of the Intrusion Set. +Total size of old generation in kilobytes. -type: keyword +type: integer -- -*`misp.intrusion_set.name`*:: +*`elasticsearch.gc.old_gen.used_kb`*:: + -- -The name used to identify the Intrusion Set. +Old generation occupancy in kilobytes. -type: keyword +type: integer -- -*`misp.intrusion_set.description`*:: +[float] +=== young_gen + +Young generation occupancy and total size. + + + +*`elasticsearch.gc.young_gen.size_kb`*:: + -- -Description of the Intrusion Set. +Total size of young generation in kilobytes. -type: text +type: integer -- -*`misp.intrusion_set.aliases`*:: +*`elasticsearch.gc.young_gen.used_kb`*:: + -- -Alternative names used to identify the Intrusion Set. +Young generation occupancy in kilobytes. -type: text +type: integer -- -*`misp.intrusion_set.first_seen`*:: +[float] +=== server + +Server log file + + +*`elasticsearch.server.stacktrace`*:: + -- -The time that this Intrusion Set was first seen, in RFC3339 format. +Field is not indexed. +-- -type: date +[float] +=== gc --- +GC log -*`misp.intrusion_set.last_seen`*:: + +[float] +=== young + +Young GC + + +*`elasticsearch.server.gc.young.one`*:: + -- -The time that this Intrusion Set was last seen, in RFC3339 format. -type: date +type: long + +example: -- -*`misp.intrusion_set.goals`*:: +*`elasticsearch.server.gc.young.two`*:: + -- -The high level goals of this Intrusion Set, namely, what are they trying to do. -type: text +type: long + +example: -- -*`misp.intrusion_set.resource_level`*:: +*`elasticsearch.server.gc.overhead_seq`*:: + -- -This defines the organizational level at which this Intrusion Set typically works. Open Vocab - attack-resource-level-ov +Sequence number +type: long -type: text +example: 3449992 -- -*`misp.intrusion_set.primary_motivation`*:: +*`elasticsearch.server.gc.collection_duration.ms`*:: + -- -The primary reason, motivation, or purpose behind this Intrusion Set. Open Vocab - attack-motivation-ov +Time spent in GC, in milliseconds +type: float -type: text +example: 1600 -- -*`misp.intrusion_set.secondary_motivations`*:: +*`elasticsearch.server.gc.observation_duration.ms`*:: + -- -The secondary reasons, motivations, or purposes behind this Intrusion Set. Open Vocab - attack-motivation-ov +Total time over which collection was observed, in milliseconds +type: float -type: text +example: 1800 -- [float] -=== malware - -Malware is a type of TTP that is also known as malicious code and malicious software, refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system (OS) or of otherwise annoying or disrupting the victim. +=== slowlog +Slowlog events from Elasticsearch -*`misp.malware.id`*:: +*`elasticsearch.slowlog.logger`*:: + -- -Identifier of the Malware. - +Logger name type: keyword +example: index.search.slowlog.fetch + -- -*`misp.malware.name`*:: +*`elasticsearch.slowlog.took`*:: + -- -The name used to identify the Malware. - +Time it took to execute the query type: keyword +example: 300ms + -- -*`misp.malware.description`*:: +*`elasticsearch.slowlog.types`*:: + -- -Description of the Malware. +Types +type: keyword -type: text +example: -- -*`misp.malware.labels`*:: +*`elasticsearch.slowlog.stats`*:: + -- -The type of malware being described. Open Vocab - malware-label-ov. adware,backdoor,bot,ddos,dropper,exploit-kit,keylogger,ransomware, remote-access-trojan,resource-exploitation,rogue-security-software,rootkit, screen-capture,spyware,trojan,virus,worm - +Stats groups type: keyword +example: group1 + -- -*`misp.malware.kill_chain_phases`*:: +*`elasticsearch.slowlog.search_type`*:: + -- -The list of kill chain phases for which this Malware instance can be used. - +Search type type: keyword -format: string +example: QUERY_THEN_FETCH -- -[float] -=== note +*`elasticsearch.slowlog.source_query`*:: ++ +-- +Slow query -A Note is a comment or note containing informative text to help explain the context of one or more STIX Objects (SDOs or SROs) or to provide additional analysis that is not contained in the original object. +type: keyword +example: {"query":{"match_all":{"boost":1.0}}} +-- -*`misp.note.id`*:: +*`elasticsearch.slowlog.extra_source`*:: + -- -Identifier of the Note. - +Extra source information type: keyword +example: + -- -*`misp.note.summary`*:: +*`elasticsearch.slowlog.total_hits`*:: + -- -A brief description used as a summary of the Note. - +Total hits type: keyword +example: 42 + -- -*`misp.note.description`*:: +*`elasticsearch.slowlog.total_shards`*:: + -- -The content of the Note. +Total queried shards +type: keyword -type: text +example: 22 -- -*`misp.note.authors`*:: +*`elasticsearch.slowlog.routing`*:: + -- -The name of the author(s) of this Note. - +Routing type: keyword +example: s01HZ2QBk9jw4gtgaFtn + -- -*`misp.note.object_refs`*:: +*`elasticsearch.slowlog.id`*:: + -- -The STIX Objects (SDOs and SROs) that the note is being applied to. - +Id type: keyword +example: + -- -[float] -=== threat_indicator +*`elasticsearch.slowlog.type`*:: ++ +-- +Type -Fields provide support for specifying information about threat indicators, and related matching patterns. +type: keyword +example: doc +-- -*`misp.threat_indicator.labels`*:: +*`elasticsearch.slowlog.source`*:: + -- -list of type open-vocab that specifies the type of indicator. - +Source of document that was indexed type: keyword -example: Domain Watchlist +-- +[[exported-fields-envoyproxy]] +== Envoyproxy fields --- +Module for handling logs produced by envoy -*`misp.threat_indicator.id`*:: -+ --- -Identifier of the threat indicator. -type: keyword +[float] +=== envoyproxy --- +Fields from envoy proxy logs after normalization -*`misp.threat_indicator.version`*:: + + +*`envoyproxy.log_type`*:: + -- -Version of the threat indicator. +Envoy log type, normally ACCESS type: keyword -- -*`misp.threat_indicator.type`*:: +*`envoyproxy.response_flags`*:: + -- -Type of the threat indicator. +Response flags type: keyword -- -*`misp.threat_indicator.description`*:: +*`envoyproxy.upstream_service_time`*:: + -- -Description of the threat indicator. +Upstream service time in nanoseconds -type: text +type: long + +format: duration -- -*`misp.threat_indicator.feed`*:: +*`envoyproxy.request_id`*:: + -- -Name of the threat feed. +ID of the request -type: text +type: keyword -- -*`misp.threat_indicator.valid_from`*:: +*`envoyproxy.authority`*:: + -- -The time from which this Indicator should be considered valuable intelligence, in RFC3339 format. +Envoy proxy authority field -type: date +type: keyword -- -*`misp.threat_indicator.valid_until`*:: +*`envoyproxy.proxy_type`*:: + -- -The time at which this Indicator should no longer be considered valuable intelligence. If the valid_until property is omitted, then there is no constraint on the latest time for which the indicator should be used, in RFC3339 format. +Envoy proxy type, tcp or http -type: date +type: keyword -- -*`misp.threat_indicator.severity`*:: -+ --- -Threat severity to which this indicator corresponds. +[[exported-fields-envoyproxy]] +== Envoyproxy fields +Module for handling logs produced by envoy -type: keyword -example: high -format: string +[float] +=== envoyproxy --- +Fields from envoy proxy logs after normalization -*`misp.threat_indicator.confidence`*:: + + +*`envoyproxy.log_type`*:: + -- -Confidence level to which this indicator corresponds. +Envoy log type, normally ACCESS type: keyword -example: high - -- -*`misp.threat_indicator.kill_chain_phases`*:: +*`envoyproxy.response_flags`*:: + -- -The kill chain phase(s) to which this indicator corresponds. +Response flags type: keyword -format: string - -- -*`misp.threat_indicator.mitre_tactic`*:: +*`envoyproxy.upstream_service_time`*:: + -- -MITRE tactics to which this indicator corresponds. - +Upstream service time in nanoseconds -type: keyword -example: Initial Access +type: long -format: string +format: duration -- -*`misp.threat_indicator.mitre_technique`*:: +*`envoyproxy.request_id`*:: + -- -MITRE techniques to which this indicator corresponds. +ID of the request type: keyword -example: Drive-by Compromise - -format: string - -- -*`misp.threat_indicator.attack_pattern`*:: +*`envoyproxy.authority`*:: + -- -The attack_pattern for this indicator is a STIX Pattern as specified in STIX Version 2.0 Part 5 - STIX Patterning. +Envoy proxy authority field type: keyword -example: [destination:ip = '91.219.29.188/32'] - - -- -*`misp.threat_indicator.attack_pattern_kql`*:: +*`envoyproxy.proxy_type`*:: + -- -The attack_pattern for this indicator is KQL query that matches the attack_pattern specified in the STIX Pattern format. +Envoy proxy type, tcp or http type: keyword -example: destination.ip: "91.219.29.188/32" +-- +[[exported-fields-fortinet]] +== Fortinet fields --- +fortinet Module -*`misp.threat_indicator.negate`*:: -+ --- -When set to true, it specifies the absence of the attack_pattern. -type: boolean +[float] +=== fortinet --- +Fields from fortinet FortiOS -*`misp.threat_indicator.intrusion_set`*:: + + +*`fortinet.file.hash.crc32`*:: + -- -Name of the intrusion set if known. +CRC32 Hash of file type: keyword -- -*`misp.threat_indicator.campaign`*:: +[float] +=== firewall + +Module for parsing Fortinet syslog. + + + +*`fortinet.firewall.acct_stat`*:: + -- -Name of the attack campaign if known. +Accounting state (RADIUS) type: keyword -- -*`misp.threat_indicator.threat_actor`*:: +*`fortinet.firewall.acktime`*:: + -- -Name of the threat actor if known. +Alarm Acknowledge Time type: keyword -- -[float] -=== observed_data +*`fortinet.firewall.act`*:: ++ +-- +Action -Observed data conveys information that was observed on systems and networks, such as log data or network traffic, using the Cyber Observable specification. +type: keyword +-- -*`misp.observed_data.id`*:: +*`fortinet.firewall.action`*:: + -- -Identifier of the Observed Data. +Status of the session type: keyword -- -*`misp.observed_data.first_observed`*:: +*`fortinet.firewall.activity`*:: + -- -The beginning of the time window that the data was observed, in RFC3339 format. +HA activity message -type: date +type: keyword -- -*`misp.observed_data.last_observed`*:: +*`fortinet.firewall.addr`*:: + -- -The end of the time window that the data was observed, in RFC3339 format. +IP Address -type: date +type: ip -- -*`misp.observed_data.number_observed`*:: +*`fortinet.firewall.addr_type`*:: + -- -The number of times the data represented in the objects property was observed. This MUST be an integer between 1 and 999,999,999 inclusive. +Address Type -type: integer +type: keyword -- -*`misp.observed_data.objects`*:: +*`fortinet.firewall.addrgrp`*:: + -- -A dictionary of Cyber Observable Objects that describes the single fact that was observed. +Address Group type: keyword -- -[float] -=== report +*`fortinet.firewall.adgroup`*:: ++ +-- +AD Group Name -Reports are collections of threat intelligence focused on one or more topics, such as a description of a threat actor, malware, or attack technique, including context and related details. +type: keyword +-- -*`misp.report.id`*:: +*`fortinet.firewall.admin`*:: + -- -Identifier of the Report. +Admin User type: keyword -- -*`misp.report.labels`*:: +*`fortinet.firewall.age`*:: + -- -This field is an Open Vocabulary that specifies the primary subject of this report. Open Vocab - report-label-ov. threat-report,attack-pattern,campaign,identity,indicator,malware,observed-data,threat-actor,tool,vulnerability +Time in seconds - time passed since last seen -type: keyword +type: integer -- -*`misp.report.name`*:: +*`fortinet.firewall.agent`*:: + -- -The name used to identify the Report. +User agent - eg. agent="Mozilla/5.0" type: keyword -- -*`misp.report.description`*:: +*`fortinet.firewall.alarmid`*:: + -- -A description that provides more details and context about Report. +Alarm ID -type: text +type: integer -- -*`misp.report.published`*:: +*`fortinet.firewall.alert`*:: + -- -The date that this report object was officially published by the creator of this report, in RFC3339 format. +Alert -type: date +type: keyword -- -*`misp.report.object_refs`*:: +*`fortinet.firewall.analyticscksum`*:: + -- -Specifies the STIX Objects that are referred to by this Report. +The checksum of the file submitted for analytics -type: text +type: keyword -- -[float] -=== threat_actor +*`fortinet.firewall.analyticssubmit`*:: ++ +-- +The flag for analytics submission -Threat Actors are actual individuals, groups, or organizations believed to be operating with malicious intent. +type: keyword +-- -*`misp.threat_actor.id`*:: +*`fortinet.firewall.ap`*:: + -- -Identifier of the Threat Actor. +Access Point type: keyword -- -*`misp.threat_actor.labels`*:: +*`fortinet.firewall.app-type`*:: + -- -This field specifies the type of threat actor. Open Vocab - threat-actor-label-ov. activist,competitor,crime-syndicate,criminal,hacker,insider-accidental,insider-disgruntled,nation-state,sensationalist,spy,terrorist +Address Type type: keyword -- -*`misp.threat_actor.name`*:: +*`fortinet.firewall.appact`*:: + -- -The name used to identify this Threat Actor or Threat Actor group. +The security action from app control type: keyword -- -*`misp.threat_actor.description`*:: +*`fortinet.firewall.appid`*:: + -- -A description that provides more details and context about the Threat Actor. +Application ID -type: text +type: integer -- -*`misp.threat_actor.aliases`*:: +*`fortinet.firewall.applist`*:: + -- -A list of other names that this Threat Actor is believed to use. +Application Control profile -type: text +type: keyword -- -*`misp.threat_actor.roles`*:: +*`fortinet.firewall.apprisk`*:: + -- -This is a list of roles the Threat Actor plays. Open Vocab - threat-actor-role-ov. agent,director,independent,sponsor,infrastructure-operator,infrastructure-architect,malware-author +Application Risk Level -type: text +type: keyword -- -*`misp.threat_actor.goals`*:: +*`fortinet.firewall.apscan`*:: + -- -The high level goals of this Threat Actor, namely, what are they trying to do. +The name of the AP, which scanned and detected the rogue AP -type: text +type: keyword -- -*`misp.threat_actor.sophistication`*:: +*`fortinet.firewall.apsn`*:: + -- -The skill, specific knowledge, special training, or expertise a Threat Actor must have to perform the attack. Open Vocab - threat-actor-sophistication-ov. none,minimal,intermediate,advanced,strategic,expert,innovator +Access Point -type: text +type: keyword -- -*`misp.threat_actor.resource_level`*:: +*`fortinet.firewall.apstatus`*:: + -- -This defines the organizational level at which this Threat Actor typically works. Open Vocab - attack-resource-level-ov. individual,club,contest,team,organization,government +Access Point status -type: text +type: keyword -- -*`misp.threat_actor.primary_motivation`*:: +*`fortinet.firewall.aptype`*:: + -- -The primary reason, motivation, or purpose behind this Threat Actor. Open Vocab - attack-motivation-ov. accidental,coercion,dominance,ideology,notoriety,organizational-gain,personal-gain,personal-satisfaction,revenge,unpredictable +Access Point type -type: text +type: keyword -- -*`misp.threat_actor.secondary_motivations`*:: +*`fortinet.firewall.assigned`*:: + -- -The secondary reasons, motivations, or purposes behind this Threat Actor. Open Vocab - attack-motivation-ov. accidental,coercion,dominance,ideology,notoriety,organizational-gain,personal-gain,personal-satisfaction,revenge,unpredictable +Assigned IP Address -type: text +type: ip -- -*`misp.threat_actor.personal_motivations`*:: +*`fortinet.firewall.assignip`*:: + -- -The personal reasons, motivations, or purposes of the Threat Actor regardless of organizational goals. Open Vocab - attack-motivation-ov. accidental,coercion,dominance,ideology,notoriety,organizational-gain,personal-gain,personal-satisfaction,revenge,unpredictable +Assigned IP Address -type: text +type: ip -- -[float] -=== tool +*`fortinet.firewall.attachment`*:: ++ +-- +The flag for email attachement -Tools are legitimate software that can be used by threat actors to perform attacks. +type: keyword +-- -*`misp.tool.id`*:: +*`fortinet.firewall.attack`*:: + -- -Identifier of the Tool. +Attack Name type: keyword -- -*`misp.tool.labels`*:: +*`fortinet.firewall.attackcontext`*:: + -- -The kind(s) of tool(s) being described. Open Vocab - tool-label-ov. denial-of-service,exploitation,information-gathering,network-capture,credential-exploitation,remote-access,vulnerability-scanning +The trigger patterns and the packetdata with base64 encoding type: keyword -- -*`misp.tool.name`*:: +*`fortinet.firewall.attackcontextid`*:: + -- -The name used to identify the Tool. +Attack context id / total type: keyword -- -*`misp.tool.description`*:: +*`fortinet.firewall.attackid`*:: + -- -A description that provides more details and context about the Tool. +Attack ID -type: text +type: integer -- -*`misp.tool.tool_version`*:: +*`fortinet.firewall.auditid`*:: + -- -The version identifier associated with the Tool. +Audit ID -type: keyword +type: long -- -*`misp.tool.kill_chain_phases`*:: +*`fortinet.firewall.auditscore`*:: + -- -The list of kill chain phases for which this Tool instance can be used. +The Audit Score -type: text +type: keyword -- -[float] -=== vulnerability +*`fortinet.firewall.audittime`*:: ++ +-- +The time of the audit -A Vulnerability is a mistake in software that can be directly used by a hacker to gain access to a system or network. +type: long +-- -*`misp.vulnerability.id`*:: +*`fortinet.firewall.authgrp`*:: + -- -Identifier of the Vulnerability. +Authorization Group type: keyword -- -*`misp.vulnerability.name`*:: +*`fortinet.firewall.authid`*:: + -- -The name used to identify the Vulnerability. +Authentication ID type: keyword -- -*`misp.vulnerability.description`*:: +*`fortinet.firewall.authproto`*:: + -- -A description that provides more details and context about the Vulnerability. +The protocol that initiated the authentication -type: text +type: keyword -- -[[exported-fields-mongodb]] -== mongodb fields +*`fortinet.firewall.authserver`*:: ++ +-- +Authentication server -Module for parsing MongoDB log files. +type: keyword +-- -[float] -=== mongodb +*`fortinet.firewall.bandwidth`*:: ++ +-- +Bandwidth -Fields from MongoDB logs. +type: keyword +-- -[float] -=== log +*`fortinet.firewall.banned_rule`*:: ++ +-- +NAC quarantine Banned Rule Name -Contains fields from MongoDB logs. +type: keyword +-- -*`mongodb.log.component`*:: +*`fortinet.firewall.banned_src`*:: + -- -Functional categorization of message +NAC quarantine Banned Source IP type: keyword -example: COMMAND - -- -*`mongodb.log.context`*:: +*`fortinet.firewall.banword`*:: + -- -Context of message +Banned word type: keyword -example: initandlisten - -- -*`mongodb.log.severity`*:: +*`fortinet.firewall.botnetdomain`*:: + -- -type: alias +Botnet Domain Name -alias to: log.level + +type: keyword -- -*`mongodb.log.message`*:: +*`fortinet.firewall.botnetip`*:: + -- -type: alias +Botnet IP Address -alias to: message --- +type: ip -[[exported-fields-mssql]] -== mssql fields +-- -MS SQL Filebeat Module +*`fortinet.firewall.bssid`*:: ++ +-- +Service Set ID -[float] -=== mssql +type: keyword -Fields from the MSSQL log files +-- +*`fortinet.firewall.call_id`*:: ++ +-- +Caller ID -[float] -=== log -Common log fields +type: keyword +-- -*`mssql.log.origin`*:: +*`fortinet.firewall.carrier_ep`*:: + -- -Origin of the message, usually the server but it can also be a recovery process +The FortiOS Carrier end-point identification + type: keyword -- -[[exported-fields-mysql]] -== MySQL fields +*`fortinet.firewall.cat`*:: ++ +-- +DNS category ID -Module for parsing the MySQL log files. +type: integer +-- -[float] -=== mysql +*`fortinet.firewall.category`*:: ++ +-- +Authentication category -Fields from the MySQL log files. +type: keyword +-- -*`mysql.thread_id`*:: +*`fortinet.firewall.cc`*:: + -- -The connection or thread ID for the query. +CC Email Address -type: long +type: keyword -- -[float] -=== error +*`fortinet.firewall.cdrcontent`*:: ++ +-- +Cdrcontent -Contains fields from the MySQL error logs. +type: keyword +-- -*`mysql.error.thread_id`*:: +*`fortinet.firewall.centralnatid`*:: + -- -type: alias +Central NAT ID -alias to: mysql.thread_id + +type: integer -- -*`mysql.error.level`*:: +*`fortinet.firewall.cert`*:: + -- -type: alias +Certificate -alias to: log.level + +type: keyword -- -*`mysql.error.message`*:: +*`fortinet.firewall.cert-type`*:: + -- -type: alias +Certificate type -alias to: message + +type: keyword -- -[float] -=== slowlog +*`fortinet.firewall.certhash`*:: ++ +-- +Certificate hash -Contains fields from the MySQL slow logs. +type: keyword +-- -*`mysql.slowlog.lock_time.sec`*:: +*`fortinet.firewall.cfgattr`*:: + -- -The amount of time the query waited for the lock to be available. The value is in seconds, as a floating point number. +Configuration attribute -type: float +type: keyword -- -*`mysql.slowlog.rows_sent`*:: +*`fortinet.firewall.cfgobj`*:: + -- -The number of rows returned by the query. +Configuration object -type: long +type: keyword -- -*`mysql.slowlog.rows_examined`*:: +*`fortinet.firewall.cfgpath`*:: + -- -The number of rows scanned by the query. +Configuration path -type: long +type: keyword -- -*`mysql.slowlog.rows_affected`*:: +*`fortinet.firewall.cfgtid`*:: + -- -The number of rows modified by the query. +Configuration transaction ID -type: long +type: keyword -- -*`mysql.slowlog.bytes_sent`*:: +*`fortinet.firewall.cfgtxpower`*:: + -- -The number of bytes sent to client. - +Configuration TX power -type: long -format: bytes +type: integer -- -*`mysql.slowlog.bytes_received`*:: +*`fortinet.firewall.channel`*:: + -- -The number of bytes received from client. - +Wireless Channel -type: long -format: bytes +type: integer -- -*`mysql.slowlog.query`*:: +*`fortinet.firewall.channeltype`*:: + -- -The slow query. +SSH channel type +type: keyword + -- -*`mysql.slowlog.id`*:: +*`fortinet.firewall.chassisid`*:: + -- -type: alias +Chassis ID -alias to: mysql.thread_id + +type: integer -- -*`mysql.slowlog.schema`*:: +*`fortinet.firewall.checksum`*:: + -- -The schema where the slow query was executed. +The checksum of the scanned file type: keyword -- -*`mysql.slowlog.current_user`*:: +*`fortinet.firewall.chgheaders`*:: + -- -Current authenticated user, used to determine access privileges. Can differ from the value for user. +HTTP Headers type: keyword -- -*`mysql.slowlog.last_errno`*:: +*`fortinet.firewall.cldobjid`*:: + -- -Last SQL error seen. +Connector object ID type: keyword -- -*`mysql.slowlog.killed`*:: +*`fortinet.firewall.client_addr`*:: + -- -Code of the reason if the query was killed. +Wifi client address type: keyword -- -*`mysql.slowlog.query_cache_hit`*:: +*`fortinet.firewall.cloudaction`*:: + -- -Whether the query cache was hit. +Cloud Action -type: boolean +type: keyword -- -*`mysql.slowlog.tmp_table`*:: +*`fortinet.firewall.clouduser`*:: + -- -Whether a temporary table was used to resolve the query. +Cloud User -type: boolean +type: keyword -- -*`mysql.slowlog.tmp_table_on_disk`*:: +*`fortinet.firewall.column`*:: + -- -Whether the query needed temporary tables on disk. +VOIP Column -type: boolean +type: integer -- -*`mysql.slowlog.tmp_tables`*:: +*`fortinet.firewall.command`*:: + -- -Number of temporary tables created for this query +CLI Command -type: long +type: keyword -- -*`mysql.slowlog.tmp_disk_tables`*:: +*`fortinet.firewall.community`*:: + -- -Number of temporary tables created on disk for this query. +SNMP Community -type: long +type: keyword -- -*`mysql.slowlog.tmp_table_sizes`*:: +*`fortinet.firewall.configcountry`*:: + -- -Size of temporary tables created for this query. +Configuration country -type: long -format: bytes +type: keyword -- -*`mysql.slowlog.filesort`*:: +*`fortinet.firewall.connection_type`*:: + -- -Whether filesort optimization was used. +FortiClient Connection Type -type: boolean +type: keyword -- -*`mysql.slowlog.filesort_on_disk`*:: +*`fortinet.firewall.conserve`*:: + -- -Whether filesort optimization was used and it needed temporary tables on disk. +Flag for conserve mode -type: boolean +type: keyword -- -*`mysql.slowlog.priority_queue`*:: +*`fortinet.firewall.constraint`*:: + -- -Whether a priority queue was used for filesort. +WAF http protocol restrictions -type: boolean +type: keyword -- -*`mysql.slowlog.full_scan`*:: +*`fortinet.firewall.contentdisarmed`*:: + -- -Whether a full table scan was needed for the slow query. +Email scanned content -type: boolean +type: keyword -- -*`mysql.slowlog.full_join`*:: +*`fortinet.firewall.contenttype`*:: + -- -Whether a full join was needed for the slow query (no indexes were used for joins). +Content Type from HTTP header -type: boolean +type: keyword -- -*`mysql.slowlog.merge_passes`*:: +*`fortinet.firewall.cookies`*:: + -- -Number of merge passes executed for the query. +VPN Cookie -type: long +type: keyword -- -*`mysql.slowlog.sort_merge_passes`*:: +*`fortinet.firewall.count`*:: + -- -Number of merge passes that the sort algorithm has had to do. +Counts of action type -type: long +type: integer -- -*`mysql.slowlog.sort_range_count`*:: +*`fortinet.firewall.countapp`*:: + -- -Number of sorts that were done using ranges. +Number of App Ctrl logs associated with the session -type: long +type: integer -- -*`mysql.slowlog.sort_rows`*:: +*`fortinet.firewall.countav`*:: + -- -Number of sorted rows. +Number of AV logs associated with the session -type: long +type: integer -- -*`mysql.slowlog.sort_scan_count`*:: +*`fortinet.firewall.countcifs`*:: + -- -Number of sorts that were done by scanning the table. +Number of CIFS logs associated with the session -type: long +type: integer -- -*`mysql.slowlog.log_slow_rate_type`*:: +*`fortinet.firewall.countdlp`*:: + -- -Type of slow log rate limit, it can be `session` if the rate limit is applied per session, or `query` if it applies per query. +Number of DLP logs associated with the session -type: keyword +type: integer -- -*`mysql.slowlog.log_slow_rate_limit`*:: +*`fortinet.firewall.countdns`*:: + -- -Slow log rate limit, a value of 100 means that one in a hundred queries or sessions are being logged. +Number of DNS logs associated with the session -type: keyword +type: integer -- -*`mysql.slowlog.read_first`*:: +*`fortinet.firewall.countemail`*:: + -- -The number of times the first entry in an index was read. +Number of email logs associated with the session -type: long +type: integer -- -*`mysql.slowlog.read_last`*:: +*`fortinet.firewall.countff`*:: + -- -The number of times the last key in an index was read. +Number of ff logs associated with the session -type: long +type: integer -- -*`mysql.slowlog.read_key`*:: +*`fortinet.firewall.countips`*:: + -- -The number of requests to read a row based on a key. +Number of IPS logs associated with the session -type: long +type: integer -- -*`mysql.slowlog.read_next`*:: +*`fortinet.firewall.countssh`*:: + -- -The number of requests to read the next row in key order. +Number of SSH logs associated with the session -type: long +type: integer -- -*`mysql.slowlog.read_prev`*:: +*`fortinet.firewall.countssl`*:: + -- -The number of requests to read the previous row in key order. +Number of SSL logs associated with the session -type: long +type: integer -- -*`mysql.slowlog.read_rnd`*:: +*`fortinet.firewall.countwaf`*:: + -- -The number of requests to read a row based on a fixed position. +Number of WAF logs associated with the session -type: long +type: integer -- -*`mysql.slowlog.read_rnd_next`*:: +*`fortinet.firewall.countweb`*:: + -- -The number of requests to read the next row in the data file. +Number of Web filter logs associated with the session -type: long +type: integer -- -[float] -=== innodb - -Contains fields relative to InnoDB engine - - - -*`mysql.slowlog.innodb.trx_id`*:: +*`fortinet.firewall.cpu`*:: + -- -Transaction ID +CPU Usage -type: keyword +type: integer -- -*`mysql.slowlog.innodb.io_r_ops`*:: +*`fortinet.firewall.craction`*:: + -- -Number of page read operations. +Client Reputation Action -type: long +type: integer -- -*`mysql.slowlog.innodb.io_r_bytes`*:: +*`fortinet.firewall.criticalcount`*:: + -- -Bytes read during page read operations. - +Number of critical ratings -type: long -format: bytes +type: integer -- -*`mysql.slowlog.innodb.io_r_wait.sec`*:: +*`fortinet.firewall.crl`*:: + -- -How long it took to read all needed data from storage. +Client Reputation Level -type: long +type: keyword -- -*`mysql.slowlog.innodb.rec_lock_wait.sec`*:: +*`fortinet.firewall.crlevel`*:: + -- -How long the query waited for locks. +Client Reputation Level -type: long +type: keyword -- -*`mysql.slowlog.innodb.queue_wait.sec`*:: +*`fortinet.firewall.crscore`*:: + -- -How long the query waited to enter the InnoDB queue and to be executed once in the queue. +Some description -type: long +type: integer -- -*`mysql.slowlog.innodb.pages_distinct`*:: +*`fortinet.firewall.cveid`*:: + -- -Approximated count of pages accessed to execute the query. +CVE ID -type: long +type: keyword -- -*`mysql.slowlog.user`*:: +*`fortinet.firewall.daemon`*:: + -- -type: alias +Daemon name -alias to: user.name + +type: keyword -- -*`mysql.slowlog.host`*:: +*`fortinet.firewall.datarange`*:: + -- -type: alias +Data range for reports -alias to: source.domain + +type: keyword -- -*`mysql.slowlog.ip`*:: +*`fortinet.firewall.date`*:: + -- -type: alias +Date -alias to: source.ip + +type: keyword -- -[[exported-fields-nats]] -== NATS fields +*`fortinet.firewall.ddnsserver`*:: ++ +-- +DDNS server -Module for parsing NATS log files. +type: ip +-- -[float] -=== nats +*`fortinet.firewall.desc`*:: ++ +-- +Description -Fields from NATS logs. +type: keyword +-- -[float] -=== log +*`fortinet.firewall.detectionmethod`*:: ++ +-- +Detection method -Nats log files +type: keyword +-- -[float] -=== client +*`fortinet.firewall.devcategory`*:: ++ +-- +Device category -Fields from NATS logs client. +type: keyword +-- -*`nats.log.client.id`*:: +*`fortinet.firewall.devintfname`*:: + -- -The id of the client +HA device Interface Name -type: integer +type: keyword -- -[float] -=== msg +*`fortinet.firewall.devtype`*:: ++ +-- +Device type -Fields from NATS logs message. +type: keyword +-- -*`nats.log.msg.bytes`*:: +*`fortinet.firewall.dhcp_msg`*:: + -- -Size of the payload in bytes - +DHCP Message -type: long -format: bytes +type: keyword -- -*`nats.log.msg.type`*:: +*`fortinet.firewall.dintf`*:: + -- -The protocol message type +Destination interface type: keyword -- -*`nats.log.msg.subject`*:: +*`fortinet.firewall.disk`*:: + -- -Subject name this message was received on +Assosciated disk type: keyword -- -*`nats.log.msg.sid`*:: +*`fortinet.firewall.disklograte`*:: + -- -The unique alphanumeric subscription ID of the subject +Disk logging rate -type: integer +type: long -- -*`nats.log.msg.reply_to`*:: +*`fortinet.firewall.dlpextra`*:: + -- -The inbox subject on which the publisher is listening for responses +DLP extra information type: keyword -- -*`nats.log.msg.max_messages`*:: +*`fortinet.firewall.docsource`*:: + -- -An optional number of messages to wait for before automatically unsubscribing +DLP fingerprint document source -type: integer +type: keyword -- -*`nats.log.msg.error.message`*:: +*`fortinet.firewall.domainctrlauthstate`*:: + -- -Details about the error occurred +CIFS domain auth state -type: text +type: integer -- -*`nats.log.msg.queue_group`*:: +*`fortinet.firewall.domainctrlauthtype`*:: + -- -The queue group which subscriber will join +CIFS domain auth type -type: text +type: integer -- -[[exported-fields-netflow]] -== NetFlow fields +*`fortinet.firewall.domainctrldomain`*:: ++ +-- +CIFS domain auth domain -Fields from NetFlow and IPFIX flows. +type: keyword +-- -[float] -=== netflow +*`fortinet.firewall.domainctrlip`*:: ++ +-- +CIFS Domain IP -Fields from NetFlow and IPFIX. +type: ip +-- -*`netflow.type`*:: +*`fortinet.firewall.domainctrlname`*:: + -- -The type of NetFlow record described by this event. +CIFS Domain name type: keyword -- -[float] -=== exporter +*`fortinet.firewall.domainctrlprotocoltype`*:: ++ +-- +CIFS Domain connection protocol -Metadata related to the exporter device that generated this record. +type: integer +-- -*`netflow.exporter.address`*:: +*`fortinet.firewall.domainctrlusername`*:: + -- -Exporter's network address in IP:port format. +CIFS Domain username type: keyword -- -*`netflow.exporter.source_id`*:: +*`fortinet.firewall.domainfilteridx`*:: + -- -Observation domain ID to which this record belongs. +Domain filter ID -type: long +type: integer -- -*`netflow.exporter.timestamp`*:: +*`fortinet.firewall.domainfilterlist`*:: + -- -Time and date of export. +Domain filter name -type: date +type: keyword -- -*`netflow.exporter.uptime_millis`*:: +*`fortinet.firewall.ds`*:: + -- -How long the exporter process has been running, in milliseconds. +Direction with distribution system -type: long +type: keyword -- -*`netflow.exporter.version`*:: +*`fortinet.firewall.dst_int`*:: + -- -NetFlow version used. +Destination interface -type: integer +type: keyword -- -*`netflow.octet_delta_count`*:: +*`fortinet.firewall.dstintfrole`*:: + -- -type: long +Destination interface role --- -*`netflow.packet_delta_count`*:: -+ --- -type: long +type: keyword -- -*`netflow.delta_flow_count`*:: +*`fortinet.firewall.dstcountry`*:: + -- -type: long +Destination country --- -*`netflow.protocol_identifier`*:: -+ --- -type: short +type: keyword -- -*`netflow.ip_class_of_service`*:: +*`fortinet.firewall.dstdevcategory`*:: + -- -type: short +Destination device category --- -*`netflow.tcp_control_bits`*:: -+ --- -type: integer +type: keyword -- -*`netflow.source_transport_port`*:: +*`fortinet.firewall.dstdevtype`*:: + -- -type: integer +Destination device type --- -*`netflow.source_ipv4_address`*:: -+ --- -type: ip +type: keyword -- -*`netflow.source_ipv4_prefix_length`*:: +*`fortinet.firewall.dstfamily`*:: + -- -type: short +Destination OS family --- -*`netflow.ingress_interface`*:: -+ --- -type: long +type: keyword -- -*`netflow.destination_transport_port`*:: +*`fortinet.firewall.dsthwvendor`*:: + -- -type: integer +Destination HW vendor --- -*`netflow.destination_ipv4_address`*:: -+ --- -type: ip +type: keyword -- -*`netflow.destination_ipv4_prefix_length`*:: +*`fortinet.firewall.dsthwversion`*:: + -- -type: short +Destination HW version --- -*`netflow.egress_interface`*:: -+ --- -type: long +type: keyword -- -*`netflow.ip_next_hop_ipv4_address`*:: +*`fortinet.firewall.dstinetsvc`*:: + -- -type: ip +Destination interface service --- -*`netflow.bgp_source_as_number`*:: -+ --- -type: long +type: keyword -- -*`netflow.bgp_destination_as_number`*:: +*`fortinet.firewall.dstosname`*:: + -- -type: long +Destination OS name --- -*`netflow.bgp_next_hop_ipv4_address`*:: -+ --- -type: ip +type: keyword -- -*`netflow.post_mcast_packet_delta_count`*:: +*`fortinet.firewall.dstosversion`*:: + -- -type: long +Destination OS version --- -*`netflow.post_mcast_octet_delta_count`*:: -+ --- -type: long +type: keyword -- -*`netflow.flow_end_sys_up_time`*:: +*`fortinet.firewall.dstserver`*:: + -- -type: long +Destination server --- -*`netflow.flow_start_sys_up_time`*:: -+ --- -type: long +type: integer -- -*`netflow.post_octet_delta_count`*:: +*`fortinet.firewall.dstssid`*:: + -- -type: long +Destination SSID --- -*`netflow.post_packet_delta_count`*:: -+ --- -type: long +type: keyword -- -*`netflow.minimum_ip_total_length`*:: +*`fortinet.firewall.dstswversion`*:: + -- -type: long +Destination software version --- -*`netflow.maximum_ip_total_length`*:: -+ --- -type: long +type: keyword -- -*`netflow.source_ipv6_address`*:: +*`fortinet.firewall.dstunauthusersource`*:: + -- -type: ip +Destination unauthenticated source --- -*`netflow.destination_ipv6_address`*:: -+ --- -type: ip +type: keyword -- -*`netflow.source_ipv6_prefix_length`*:: +*`fortinet.firewall.dstuuid`*:: + -- -type: short +UUID of the Destination IP address --- -*`netflow.destination_ipv6_prefix_length`*:: -+ --- -type: short +type: keyword -- -*`netflow.flow_label_ipv6`*:: +*`fortinet.firewall.duid`*:: + -- -type: long +DHCP UID + + +type: keyword -- -*`netflow.icmp_type_code_ipv4`*:: +*`fortinet.firewall.eapolcnt`*:: + -- +EAPOL packet count + + type: integer -- -*`netflow.igmp_type`*:: +*`fortinet.firewall.eapoltype`*:: + -- -type: short +EAPOL packet type --- -*`netflow.sampling_interval`*:: -+ --- -type: long +type: keyword -- -*`netflow.sampling_algorithm`*:: +*`fortinet.firewall.encrypt`*:: + -- -type: short +Whether the packet is encrypted or not --- -*`netflow.flow_active_timeout`*:: -+ --- type: integer -- -*`netflow.flow_idle_timeout`*:: +*`fortinet.firewall.encryption`*:: + -- -type: integer +Encryption method --- -*`netflow.engine_type`*:: -+ --- -type: short +type: keyword -- -*`netflow.engine_id`*:: +*`fortinet.firewall.epoch`*:: + -- -type: short +Epoch used for locating file --- -*`netflow.exported_octet_total_count`*:: -+ --- -type: long +type: integer -- -*`netflow.exported_message_total_count`*:: +*`fortinet.firewall.espauth`*:: + -- -type: long +ESP Authentication --- -*`netflow.exported_flow_record_total_count`*:: -+ --- -type: long +type: keyword -- -*`netflow.ipv4_router_sc`*:: +*`fortinet.firewall.esptransform`*:: + -- -type: ip +ESP Transform --- -*`netflow.source_ipv4_prefix`*:: -+ --- -type: ip +type: keyword -- -*`netflow.destination_ipv4_prefix`*:: +*`fortinet.firewall.exch`*:: + -- -type: ip +Mail Exchanges from DNS response answer section --- -*`netflow.mpls_top_label_type`*:: -+ --- -type: short +type: keyword -- -*`netflow.mpls_top_label_ipv4_address`*:: +*`fortinet.firewall.exchange`*:: + -- -type: ip +Mail Exchanges from DNS response answer section + + +type: keyword -- -*`netflow.sampler_id`*:: +*`fortinet.firewall.expectedsignature`*:: + -- -type: short +Expected SSL signature + + +type: keyword -- -*`netflow.sampler_mode`*:: +*`fortinet.firewall.expiry`*:: + -- -type: short +FortiGuard override expiry timestamp + + +type: keyword -- -*`netflow.sampler_random_interval`*:: +*`fortinet.firewall.fams_pause`*:: + -- -type: long +Fortinet Analysis and Management Service Pause + + +type: integer -- -*`netflow.class_id`*:: +*`fortinet.firewall.fazlograte`*:: + -- +FortiAnalyzer Logging Rate + + type: long -- -*`netflow.minimum_ttl`*:: +*`fortinet.firewall.fctemssn`*:: + -- -type: short +FortiClient Endpoint SSN --- -*`netflow.maximum_ttl`*:: -+ --- -type: short +type: keyword -- -*`netflow.fragment_identification`*:: +*`fortinet.firewall.fctuid`*:: + -- -type: long +FortiClient UID + + +type: keyword -- -*`netflow.post_ip_class_of_service`*:: +*`fortinet.firewall.field`*:: + -- -type: short +NTP status field + + +type: keyword -- -*`netflow.source_mac_address`*:: +*`fortinet.firewall.filefilter`*:: + -- +The filter used to identify the affected file + + type: keyword -- -*`netflow.post_destination_mac_address`*:: +*`fortinet.firewall.filehashsrc`*:: + -- +Filehash source + + type: keyword -- -*`netflow.vlan_id`*:: +*`fortinet.firewall.filtercat`*:: + -- -type: integer +DLP filter category + + +type: keyword -- -*`netflow.post_vlan_id`*:: +*`fortinet.firewall.filteridx`*:: + -- +DLP filter ID + + type: integer -- -*`netflow.ip_version`*:: +*`fortinet.firewall.filtername`*:: + -- -type: short +DLP rule name --- -*`netflow.flow_direction`*:: -+ --- -type: short +type: keyword -- -*`netflow.ip_next_hop_ipv6_address`*:: +*`fortinet.firewall.filtertype`*:: + -- -type: ip +DLP filter type + + +type: keyword -- -*`netflow.bgp_next_hop_ipv6_address`*:: +*`fortinet.firewall.fortiguardresp`*:: + -- -type: ip +Antispam ESP value + + +type: keyword -- -*`netflow.ipv6_extension_headers`*:: +*`fortinet.firewall.forwardedfor`*:: + -- -type: long +Email address forwarded + + +type: keyword -- -*`netflow.mpls_top_label_stack_section`*:: +*`fortinet.firewall.fqdn`*:: + -- -type: short +FQDN + + +type: keyword -- -*`netflow.mpls_label_stack_section2`*:: +*`fortinet.firewall.frametype`*:: + -- -type: short +Wireless frametype + + +type: keyword -- -*`netflow.mpls_label_stack_section3`*:: +*`fortinet.firewall.freediskstorage`*:: + -- -type: short +Free disk integer + + +type: integer -- -*`netflow.mpls_label_stack_section4`*:: +*`fortinet.firewall.from`*:: + -- -type: short +From email address + + +type: keyword -- -*`netflow.mpls_label_stack_section5`*:: +*`fortinet.firewall.from_vcluster`*:: + -- -type: short +Source virtual cluster number + + +type: integer -- -*`netflow.mpls_label_stack_section6`*:: +*`fortinet.firewall.fsaverdict`*:: + -- -type: short +FSA verdict + + +type: keyword -- -*`netflow.mpls_label_stack_section7`*:: +*`fortinet.firewall.fwserver_name`*:: + -- -type: short +Web proxy server name + + +type: keyword -- -*`netflow.mpls_label_stack_section8`*:: +*`fortinet.firewall.gateway`*:: + -- -type: short +Gateway ip address for PPPoE status report + + +type: ip -- -*`netflow.mpls_label_stack_section9`*:: +*`fortinet.firewall.green`*:: + -- -type: short +Memory status + + +type: keyword -- -*`netflow.mpls_label_stack_section10`*:: +*`fortinet.firewall.groupid`*:: + -- -type: short +User Group ID + + +type: integer -- -*`netflow.destination_mac_address`*:: +*`fortinet.firewall.ha-prio`*:: + -- -type: keyword +HA Priority + + +type: integer -- -*`netflow.post_source_mac_address`*:: +*`fortinet.firewall.ha_group`*:: + -- +HA Group + + type: keyword -- -*`netflow.interface_name`*:: +*`fortinet.firewall.ha_role`*:: + -- +HA Role + + type: keyword -- -*`netflow.interface_description`*:: +*`fortinet.firewall.handshake`*:: + -- +SSL Handshake + + type: keyword -- -*`netflow.sampler_name`*:: +*`fortinet.firewall.hash`*:: + -- +Hash value of downloaded file + + type: keyword -- -*`netflow.octet_total_count`*:: +*`fortinet.firewall.hbdn_reason`*:: + -- -type: long +Heartbeat down reason --- -*`netflow.packet_total_count`*:: -+ --- -type: long +type: keyword -- -*`netflow.flags_and_sampler_id`*:: +*`fortinet.firewall.highcount`*:: + -- -type: long +Highcount fabric summary --- -*`netflow.fragment_offset`*:: -+ --- type: integer -- -*`netflow.forwarding_status`*:: +*`fortinet.firewall.host`*:: + -- -type: short +Hostname --- -*`netflow.mpls_vpn_route_distinguisher`*:: -+ --- -type: short +type: keyword -- -*`netflow.mpls_top_label_prefix_length`*:: +*`fortinet.firewall.iaid`*:: + -- -type: short +DHCPv6 id --- -*`netflow.src_traffic_index`*:: -+ --- -type: long +type: keyword -- -*`netflow.dst_traffic_index`*:: +*`fortinet.firewall.icmpcode`*:: + -- -type: long +Destination Port of the ICMP message --- -*`netflow.application_description`*:: -+ --- type: keyword -- -*`netflow.application_id`*:: +*`fortinet.firewall.icmpid`*:: + -- -type: short +Source port of the ICMP message --- -*`netflow.application_name`*:: -+ --- type: keyword -- -*`netflow.post_ip_diff_serv_code_point`*:: +*`fortinet.firewall.icmptype`*:: + -- -type: short +The type of ICMP message + + +type: keyword -- -*`netflow.multicast_replication_factor`*:: +*`fortinet.firewall.identifier`*:: + -- -type: long +Network traffic identifier + + +type: integer -- -*`netflow.class_name`*:: +*`fortinet.firewall.in_spi`*:: + -- +IPSEC inbound SPI + + type: keyword -- -*`netflow.classification_engine_id`*:: +*`fortinet.firewall.incidentserialno`*:: + -- -type: short +Incident serial number + + +type: integer -- -*`netflow.layer2packet_section_offset`*:: +*`fortinet.firewall.infected`*:: + -- +Infected MMS + + type: integer -- -*`netflow.layer2packet_section_size`*:: +*`fortinet.firewall.infectedfilelevel`*:: + -- +DLP infected file level + + type: integer -- -*`netflow.layer2packet_section_data`*:: +*`fortinet.firewall.informationsource`*:: + -- -type: short +Information source + + +type: keyword -- -*`netflow.bgp_next_adjacent_as_number`*:: +*`fortinet.firewall.init`*:: + -- -type: long +IPSEC init stage + + +type: keyword -- -*`netflow.bgp_prev_adjacent_as_number`*:: +*`fortinet.firewall.initiator`*:: + -- -type: long +Original login user name for Fortiguard override + + +type: keyword -- -*`netflow.exporter_ipv4_address`*:: +*`fortinet.firewall.interface`*:: + -- -type: ip +Related interface + + +type: keyword -- -*`netflow.exporter_ipv6_address`*:: +*`fortinet.firewall.intf`*:: + -- -type: ip +Related interface + + +type: keyword -- -*`netflow.dropped_octet_delta_count`*:: +*`fortinet.firewall.invalidmac`*:: + -- -type: long +The MAC address with invalid OUI + + +type: keyword -- -*`netflow.dropped_packet_delta_count`*:: +*`fortinet.firewall.ip`*:: + -- -type: long +Related IP + + +type: ip -- -*`netflow.dropped_octet_total_count`*:: +*`fortinet.firewall.iptype`*:: + -- -type: long +Related IP type + + +type: keyword -- -*`netflow.dropped_packet_total_count`*:: +*`fortinet.firewall.keyword`*:: + -- -type: long +Keyword used for search + + +type: keyword -- -*`netflow.flow_end_reason`*:: +*`fortinet.firewall.kind`*:: + -- -type: short +VOIP kind + + +type: keyword -- -*`netflow.common_properties_id`*:: +*`fortinet.firewall.lanin`*:: + -- +LAN incoming traffic in bytes + + type: long -- -*`netflow.observation_point_id`*:: +*`fortinet.firewall.lanout`*:: + -- +LAN outbound traffic in bytes + + type: long -- -*`netflow.icmp_type_code_ipv6`*:: +*`fortinet.firewall.lease`*:: + -- +DHCP lease + + type: integer -- -*`netflow.mpls_top_label_ipv6_address`*:: +*`fortinet.firewall.license_limit`*:: + -- -type: ip +Maximum Number of FortiClients for the License --- -*`netflow.line_card_id`*:: -+ --- -type: long +type: keyword -- -*`netflow.port_id`*:: +*`fortinet.firewall.limit`*:: + -- -type: long +Virtual Domain Resource Limit --- -*`netflow.metering_process_id`*:: -+ --- -type: long +type: integer -- -*`netflow.exporting_process_id`*:: +*`fortinet.firewall.line`*:: + -- -type: long +VOIP line + + +type: keyword -- -*`netflow.template_id`*:: +*`fortinet.firewall.live`*:: + -- +Time in seconds + + type: integer -- -*`netflow.wlan_channel_id`*:: +*`fortinet.firewall.local`*:: + -- -type: short +Local IP for a PPPD Connection + + +type: ip -- -*`netflow.wlan_ssid`*:: +*`fortinet.firewall.log`*:: + -- +Log message + + type: keyword -- -*`netflow.flow_id`*:: +*`fortinet.firewall.login`*:: + -- -type: long +SSH login --- -*`netflow.observation_domain_id`*:: -+ --- -type: long +type: keyword -- -*`netflow.flow_start_seconds`*:: +*`fortinet.firewall.lowcount`*:: + -- -type: date +Fabric lowcount --- -*`netflow.flow_end_seconds`*:: -+ --- -type: date +type: integer -- -*`netflow.flow_start_milliseconds`*:: +*`fortinet.firewall.mac`*:: + -- -type: date +DHCP mac address --- -*`netflow.flow_end_milliseconds`*:: -+ --- -type: date +type: keyword -- -*`netflow.flow_start_microseconds`*:: +*`fortinet.firewall.malform_data`*:: + -- -type: date +VOIP malformed data --- -*`netflow.flow_end_microseconds`*:: -+ --- -type: date +type: integer -- -*`netflow.flow_start_nanoseconds`*:: +*`fortinet.firewall.malform_desc`*:: + -- -type: date +VOIP malformed data description --- -*`netflow.flow_end_nanoseconds`*:: -+ --- -type: date +type: keyword -- -*`netflow.flow_start_delta_microseconds`*:: +*`fortinet.firewall.manuf`*:: + -- -type: long +Manufacturer name --- -*`netflow.flow_end_delta_microseconds`*:: -+ --- -type: long +type: keyword -- -*`netflow.system_init_time_milliseconds`*:: +*`fortinet.firewall.masterdstmac`*:: + -- -type: date +Master mac address for a host with multiple network interfaces + + +type: keyword -- -*`netflow.flow_duration_milliseconds`*:: +*`fortinet.firewall.mastersrcmac`*:: + -- -type: long +The master MAC address for a host that has multiple network interfaces + + +type: keyword -- -*`netflow.flow_duration_microseconds`*:: +*`fortinet.firewall.mediumcount`*:: + -- -type: long +Fabric medium count + + +type: integer -- -*`netflow.observed_flow_total_count`*:: +*`fortinet.firewall.mem`*:: + -- -type: long +Memory usage system statistics + + +type: keyword -- -*`netflow.ignored_packet_total_count`*:: +*`fortinet.firewall.meshmode`*:: + -- -type: long +Wireless mesh mode + + +type: keyword -- -*`netflow.ignored_octet_total_count`*:: +*`fortinet.firewall.message_type`*:: + -- -type: long +VOIP message type + + +type: keyword -- -*`netflow.not_sent_flow_total_count`*:: +*`fortinet.firewall.method`*:: + -- -type: long +HTTP method + + +type: keyword -- -*`netflow.not_sent_packet_total_count`*:: +*`fortinet.firewall.mgmtcnt`*:: + -- -type: long +The number of unauthorized client flooding managemet frames + + +type: integer -- -*`netflow.not_sent_octet_total_count`*:: +*`fortinet.firewall.mode`*:: + -- -type: long +IPSEC mode + + +type: keyword -- -*`netflow.destination_ipv6_prefix`*:: +*`fortinet.firewall.module`*:: + -- -type: ip +PCI-DSS module + + +type: keyword -- -*`netflow.source_ipv6_prefix`*:: +*`fortinet.firewall.monitor-name`*:: + -- -type: ip +Health Monitor Name + + +type: keyword -- -*`netflow.post_octet_total_count`*:: +*`fortinet.firewall.monitor-type`*:: + -- -type: long +Health Monitor Type + + +type: keyword -- -*`netflow.post_packet_total_count`*:: +*`fortinet.firewall.mpsk`*:: + -- -type: long +Wireless MPSK + + +type: keyword -- -*`netflow.flow_key_indicator`*:: +*`fortinet.firewall.msgproto`*:: + -- -type: long +Message Protocol Number + + +type: keyword -- -*`netflow.post_mcast_packet_total_count`*:: +*`fortinet.firewall.mtu`*:: + -- -type: long +Max Transmission Unit Value + + +type: integer -- -*`netflow.post_mcast_octet_total_count`*:: +*`fortinet.firewall.name`*:: + -- -type: long +Name + + +type: keyword -- -*`netflow.icmp_type_ipv4`*:: +*`fortinet.firewall.nat`*:: + -- -type: short +NAT IP Address + + +type: keyword -- -*`netflow.icmp_code_ipv4`*:: +*`fortinet.firewall.netid`*:: + -- -type: short +Connector NetID + + +type: keyword -- -*`netflow.icmp_type_ipv6`*:: +*`fortinet.firewall.new_status`*:: + -- -type: short +New status on user change + + +type: keyword -- -*`netflow.icmp_code_ipv6`*:: +*`fortinet.firewall.new_value`*:: + -- -type: short +New Virtual Domain Name + + +type: keyword -- -*`netflow.udp_source_port`*:: +*`fortinet.firewall.newchannel`*:: + -- +New Channel Number + + type: integer -- -*`netflow.udp_destination_port`*:: +*`fortinet.firewall.newchassisid`*:: + -- +New Chassis ID + + type: integer -- -*`netflow.tcp_source_port`*:: +*`fortinet.firewall.newslot`*:: + -- +New Slot Number + + type: integer -- -*`netflow.tcp_destination_port`*:: +*`fortinet.firewall.nextstat`*:: + -- +Time interval in seconds for the next statistics. + + type: integer -- -*`netflow.tcp_sequence_number`*:: +*`fortinet.firewall.nf_type`*:: + -- -type: long +Notification Type --- -*`netflow.tcp_acknowledgement_number`*:: -+ --- -type: long +type: keyword -- -*`netflow.tcp_window_size`*:: +*`fortinet.firewall.noise`*:: + -- -type: integer +Wifi Noise --- -*`netflow.tcp_urgent_pointer`*:: -+ --- type: integer -- -*`netflow.tcp_header_length`*:: +*`fortinet.firewall.old_status`*:: + -- -type: short +Original Status + + +type: keyword -- -*`netflow.ip_header_length`*:: +*`fortinet.firewall.old_value`*:: + -- -type: short +Original Virtual Domain name + + +type: keyword -- -*`netflow.total_length_ipv4`*:: +*`fortinet.firewall.oldchannel`*:: + -- +Original channel + + type: integer -- -*`netflow.payload_length_ipv6`*:: +*`fortinet.firewall.oldchassisid`*:: + -- +Original Chassis Number + + type: integer -- -*`netflow.ip_ttl`*:: +*`fortinet.firewall.oldslot`*:: + -- -type: short +Original Slot Number --- -*`netflow.next_header_ipv6`*:: -+ --- -type: short +type: integer -- -*`netflow.mpls_payload_length`*:: +*`fortinet.firewall.oldsn`*:: + -- -type: long +Old Serial number --- -*`netflow.ip_diff_serv_code_point`*:: -+ --- -type: short +type: keyword -- -*`netflow.ip_precedence`*:: +*`fortinet.firewall.oldwprof`*:: + -- -type: short +Old Web Filter Profile --- -*`netflow.fragment_flags`*:: -+ --- -type: short +type: keyword -- -*`netflow.octet_delta_sum_of_squares`*:: +*`fortinet.firewall.onwire`*:: + -- -type: long +A flag to indicate if the AP is onwire or not + + +type: keyword -- -*`netflow.octet_total_sum_of_squares`*:: +*`fortinet.firewall.opercountry`*:: + -- -type: long +Operating Country + + +type: keyword -- -*`netflow.mpls_top_label_ttl`*:: +*`fortinet.firewall.opertxpower`*:: + -- -type: short +Operating TX power + + +type: integer -- -*`netflow.mpls_label_stack_length`*:: +*`fortinet.firewall.osname`*:: + -- -type: long +Operating System name + + +type: keyword -- -*`netflow.mpls_label_stack_depth`*:: +*`fortinet.firewall.osversion`*:: + -- -type: long +Operating System version + + +type: keyword -- -*`netflow.mpls_top_label_exp`*:: +*`fortinet.firewall.out_spi`*:: + -- -type: short +Out SPI + + +type: keyword -- -*`netflow.ip_payload_length`*:: +*`fortinet.firewall.outintf`*:: + -- -type: long +Out interface + + +type: keyword -- -*`netflow.udp_message_length`*:: +*`fortinet.firewall.passedcount`*:: + -- +Fabric passed count + + type: integer -- -*`netflow.is_multicast`*:: +*`fortinet.firewall.passwd`*:: + -- -type: short +Changed user password information --- -*`netflow.ipv4_ihl`*:: -+ --- -type: short +type: keyword -- -*`netflow.ipv4_options`*:: +*`fortinet.firewall.path`*:: + -- -type: long +Path of looped configuration for security fabric --- -*`netflow.tcp_options`*:: -+ --- -type: long +type: keyword -- -*`netflow.padding_octets`*:: +*`fortinet.firewall.peer`*:: + -- -type: short +WAN optimization peer --- -*`netflow.collector_ipv4_address`*:: -+ --- -type: ip +type: keyword -- -*`netflow.collector_ipv6_address`*:: +*`fortinet.firewall.peer_notif`*:: + -- -type: ip +VPN peer notification --- -*`netflow.export_interface`*:: -+ --- -type: long +type: keyword -- -*`netflow.export_protocol_version`*:: +*`fortinet.firewall.phase2_name`*:: + -- -type: short +VPN phase2 name --- -*`netflow.export_transport_protocol`*:: -+ --- -type: short +type: keyword -- -*`netflow.collector_transport_port`*:: +*`fortinet.firewall.phone`*:: + -- -type: integer +VOIP Phone + + +type: keyword -- -*`netflow.exporter_transport_port`*:: +*`fortinet.firewall.pid`*:: + -- +Process ID + + type: integer -- -*`netflow.tcp_syn_total_count`*:: +*`fortinet.firewall.policytype`*:: + -- -type: long +Policy Type --- -*`netflow.tcp_fin_total_count`*:: -+ --- -type: long +type: keyword -- -*`netflow.tcp_rst_total_count`*:: +*`fortinet.firewall.poolname`*:: + -- -type: long +IP Pool name --- -*`netflow.tcp_psh_total_count`*:: -+ --- -type: long +type: keyword -- -*`netflow.tcp_ack_total_count`*:: +*`fortinet.firewall.port`*:: + -- -type: long +Log upload error port --- -*`netflow.tcp_urg_total_count`*:: -+ --- -type: long +type: integer -- -*`netflow.ip_total_length`*:: +*`fortinet.firewall.portbegin`*:: + -- -type: long +IP Pool port number to begin --- -*`netflow.post_nat_source_ipv4_address`*:: -+ --- -type: ip +type: integer -- -*`netflow.post_nat_destination_ipv4_address`*:: +*`fortinet.firewall.portend`*:: + -- -type: ip +IP Pool port number to end --- -*`netflow.post_napt_source_transport_port`*:: -+ --- type: integer -- -*`netflow.post_napt_destination_transport_port`*:: +*`fortinet.firewall.probeproto`*:: + -- -type: integer +Link Monitor Probe Protocol --- -*`netflow.nat_originating_address_realm`*:: -+ --- -type: short +type: keyword -- -*`netflow.nat_event`*:: +*`fortinet.firewall.process`*:: + -- -type: short +URL Filter process --- -*`netflow.initiator_octets`*:: -+ --- -type: long +type: keyword -- -*`netflow.responder_octets`*:: +*`fortinet.firewall.processtime`*:: + -- -type: long +Process time for reports --- -*`netflow.firewall_event`*:: -+ --- -type: short +type: integer -- -*`netflow.ingress_vrfid`*:: +*`fortinet.firewall.profile`*:: + -- -type: long +Profile Name --- -*`netflow.egress_vrfid`*:: -+ --- -type: long +type: keyword -- -*`netflow.vr_fname`*:: +*`fortinet.firewall.profile_vd`*:: + -- -type: keyword +Virtual Domain Name --- -*`netflow.post_mpls_top_label_exp`*:: -+ --- -type: short +type: keyword -- -*`netflow.tcp_window_scale`*:: +*`fortinet.firewall.profilegroup`*:: + -- -type: integer +Profile Group Name --- -*`netflow.biflow_direction`*:: -+ --- -type: short +type: keyword -- -*`netflow.ethernet_header_length`*:: +*`fortinet.firewall.profiletype`*:: + -- -type: short +Profile Type --- -*`netflow.ethernet_payload_length`*:: -+ --- -type: integer +type: keyword -- -*`netflow.ethernet_total_length`*:: +*`fortinet.firewall.qtypeval`*:: + -- -type: integer +DNS question type value --- -*`netflow.dot1q_vlan_id`*:: -+ --- type: integer -- -*`netflow.dot1q_priority`*:: +*`fortinet.firewall.quarskip`*:: + -- -type: short +Quarantine skip explanation --- -*`netflow.dot1q_customer_vlan_id`*:: -+ --- -type: integer +type: keyword -- -*`netflow.dot1q_customer_priority`*:: +*`fortinet.firewall.quotaexceeded`*:: + -- -type: short +If quota has been exceeded --- -*`netflow.metro_evc_id`*:: -+ --- type: keyword -- -*`netflow.metro_evc_type`*:: +*`fortinet.firewall.quotamax`*:: + -- -type: short +Maximum quota allowed - in seconds if time-based - in bytes if traffic-based --- -*`netflow.pseudo_wire_id`*:: -+ --- type: long -- -*`netflow.pseudo_wire_type`*:: +*`fortinet.firewall.quotatype`*:: + -- -type: integer +Quota type --- -*`netflow.pseudo_wire_control_word`*:: -+ --- -type: long +type: keyword -- -*`netflow.ingress_physical_interface`*:: +*`fortinet.firewall.quotaused`*:: + -- +Quota used - in seconds if time-based - in bytes if trafficbased) + + type: long -- -*`netflow.egress_physical_interface`*:: +*`fortinet.firewall.radioband`*:: + -- -type: long +Radio band + + +type: keyword -- -*`netflow.post_dot1q_vlan_id`*:: +*`fortinet.firewall.radioid`*:: + -- +Radio ID + + type: integer -- -*`netflow.post_dot1q_customer_vlan_id`*:: +*`fortinet.firewall.radioidclosest`*:: + -- +Radio ID on the AP closest the rogue AP + + type: integer -- -*`netflow.ethernet_type`*:: +*`fortinet.firewall.radioiddetected`*:: + -- +Radio ID on the AP which detected the rogue AP + + type: integer -- -*`netflow.post_ip_precedence`*:: +*`fortinet.firewall.rate`*:: + -- -type: short +Wireless rogue rate value --- -*`netflow.collection_time_milliseconds`*:: -+ --- -type: date +type: keyword -- -*`netflow.export_sctp_stream_id`*:: +*`fortinet.firewall.rawdata`*:: + -- -type: integer +Raw data value --- -*`netflow.max_export_seconds`*:: -+ --- -type: date +type: keyword -- -*`netflow.max_flow_end_seconds`*:: +*`fortinet.firewall.rawdataid`*:: + -- -type: date +Raw data ID --- -*`netflow.message_md5_checksum`*:: -+ --- -type: short +type: keyword -- -*`netflow.message_scope`*:: +*`fortinet.firewall.rcvddelta`*:: + -- -type: short +Received bytes delta --- -*`netflow.min_export_seconds`*:: -+ --- -type: date +type: keyword -- -*`netflow.min_flow_start_seconds`*:: +*`fortinet.firewall.reason`*:: + -- -type: date +Alert reason --- -*`netflow.opaque_octets`*:: -+ --- -type: short +type: keyword -- -*`netflow.session_scope`*:: +*`fortinet.firewall.received`*:: + -- -type: short +Server key exchange received + + +type: integer -- -*`netflow.max_flow_end_microseconds`*:: +*`fortinet.firewall.receivedsignature`*:: + -- -type: date +Server key exchange received signature + + +type: keyword -- -*`netflow.max_flow_end_milliseconds`*:: +*`fortinet.firewall.red`*:: + -- -type: date +Memory information in red + + +type: keyword -- -*`netflow.max_flow_end_nanoseconds`*:: +*`fortinet.firewall.referralurl`*:: + -- -type: date +Web filter referralurl + + +type: keyword -- -*`netflow.min_flow_start_microseconds`*:: +*`fortinet.firewall.remote`*:: + -- -type: date +Remote PPP IP address + + +type: ip -- -*`netflow.min_flow_start_milliseconds`*:: +*`fortinet.firewall.remotewtptime`*:: + -- -type: date +Remote Wifi Radius authentication time + + +type: keyword -- -*`netflow.min_flow_start_nanoseconds`*:: +*`fortinet.firewall.reporttype`*:: + -- -type: date +Report type + + +type: keyword -- -*`netflow.collector_certificate`*:: +*`fortinet.firewall.reqtype`*:: + -- -type: short +Request type + + +type: keyword -- -*`netflow.exporter_certificate`*:: +*`fortinet.firewall.request_name`*:: + -- -type: short +VOIP request name + + +type: keyword -- -*`netflow.data_records_reliability`*:: +*`fortinet.firewall.result`*:: + -- -type: boolean +VPN phase result + + +type: keyword -- -*`netflow.observation_point_type`*:: +*`fortinet.firewall.role`*:: + -- -type: short +VPN Phase 2 role + + +type: keyword -- -*`netflow.new_connection_delta_count`*:: +*`fortinet.firewall.rssi`*:: + -- -type: long +Received signal strength indicator + + +type: integer -- -*`netflow.connection_sum_duration_seconds`*:: +*`fortinet.firewall.rsso_key`*:: + -- -type: long +RADIUS SSO attribute value + + +type: keyword -- -*`netflow.connection_transaction_id`*:: +*`fortinet.firewall.ruledata`*:: + -- -type: long +Rule data + + +type: keyword -- -*`netflow.post_nat_source_ipv6_address`*:: +*`fortinet.firewall.ruletype`*:: + -- -type: ip +Rule type + + +type: keyword -- -*`netflow.post_nat_destination_ipv6_address`*:: +*`fortinet.firewall.scanned`*:: + -- -type: ip +Number of Scanned MMSs + + +type: integer -- -*`netflow.nat_pool_id`*:: +*`fortinet.firewall.scantime`*:: + -- +Scanned time + + type: long -- -*`netflow.nat_pool_name`*:: +*`fortinet.firewall.scope`*:: + -- +FortiGuard Override Scope + + type: keyword -- -*`netflow.anonymization_flags`*:: +*`fortinet.firewall.security`*:: + -- -type: integer +Wireless rogue security --- -*`netflow.anonymization_technique`*:: -+ --- -type: integer +type: keyword -- -*`netflow.information_element_index`*:: +*`fortinet.firewall.sensitivity`*:: + -- -type: integer +Sensitivity for document fingerprint + + +type: keyword -- -*`netflow.p2p_technology`*:: +*`fortinet.firewall.sensor`*:: + -- +NAC Sensor Name + + type: keyword -- -*`netflow.tunnel_technology`*:: +*`fortinet.firewall.sentdelta`*:: + -- +Sent bytes delta + + type: keyword -- -*`netflow.encrypted_technology`*:: +*`fortinet.firewall.seq`*:: + -- +Sequence number + + type: keyword -- -*`netflow.bgp_validity_state`*:: +*`fortinet.firewall.serial`*:: + -- -type: short +WAN optimisation serial + + +type: keyword -- -*`netflow.ip_sec_spi`*:: +*`fortinet.firewall.serialno`*:: + -- -type: long +Serial number + + +type: keyword -- -*`netflow.gre_key`*:: +*`fortinet.firewall.server`*:: + -- -type: long +AD server FQDN or IP + + +type: keyword -- -*`netflow.nat_type`*:: +*`fortinet.firewall.session_id`*:: + -- -type: short +Session ID + + +type: keyword -- -*`netflow.initiator_packets`*:: +*`fortinet.firewall.sessionid`*:: + -- -type: long +WAD Session ID + + +type: integer -- -*`netflow.responder_packets`*:: +*`fortinet.firewall.setuprate`*:: + -- +Session Setup Rate + + type: long -- -*`netflow.observation_domain_name`*:: +*`fortinet.firewall.severity`*:: + -- +Severity + + type: keyword -- -*`netflow.selection_sequence_id`*:: +*`fortinet.firewall.shaperdroprcvdbyte`*:: + -- -type: long +Received bytes dropped by shaper --- -*`netflow.selector_id`*:: -+ --- -type: long +type: integer -- -*`netflow.information_element_id`*:: +*`fortinet.firewall.shaperdropsentbyte`*:: + -- +Sent bytes dropped by shaper + + type: integer -- -*`netflow.selector_algorithm`*:: +*`fortinet.firewall.shaperperipdropbyte`*:: + -- +Dropped bytes per IP by shaper + + type: integer -- -*`netflow.sampling_packet_interval`*:: +*`fortinet.firewall.shaperperipname`*:: + -- -type: long +Traffic shaper name (per IP) + + +type: keyword -- -*`netflow.sampling_packet_space`*:: +*`fortinet.firewall.shaperrcvdname`*:: + -- -type: long +Traffic shaper name for received traffic + + +type: keyword -- -*`netflow.sampling_time_interval`*:: +*`fortinet.firewall.shapersentname`*:: + -- -type: long +Traffic shaper name for sent traffic + + +type: keyword -- -*`netflow.sampling_time_space`*:: +*`fortinet.firewall.shapingpolicyid`*:: + -- -type: long +Traffic shaper policy ID + + +type: integer -- -*`netflow.sampling_size`*:: +*`fortinet.firewall.signal`*:: + -- -type: long +Wireless rogue API signal + + +type: integer -- -*`netflow.sampling_population`*:: +*`fortinet.firewall.size`*:: + -- +Email size in bytes + + type: long -- -*`netflow.sampling_probability`*:: +*`fortinet.firewall.slot`*:: + -- -type: double +Slot number --- -*`netflow.data_link_frame_size`*:: -+ --- type: integer -- -*`netflow.ip_header_packet_section`*:: +*`fortinet.firewall.sn`*:: + -- -type: short +Security fabric serial number + + +type: keyword -- -*`netflow.ip_payload_packet_section`*:: +*`fortinet.firewall.snclosest`*:: + -- -type: short +SN of the AP closest to the rogue AP + + +type: keyword -- -*`netflow.data_link_frame_section`*:: +*`fortinet.firewall.sndetected`*:: + -- -type: short +SN of the AP which detected the rogue AP --- -*`netflow.mpls_label_stack_section`*:: -+ --- -type: short +type: keyword -- -*`netflow.mpls_payload_packet_section`*:: +*`fortinet.firewall.snmeshparent`*:: + -- -type: short +SN of the mesh parent --- -*`netflow.selector_id_total_pkts_observed`*:: -+ --- -type: long +type: keyword -- -*`netflow.selector_id_total_pkts_selected`*:: +*`fortinet.firewall.spi`*:: + -- -type: long +IPSEC SPI --- -*`netflow.absolute_error`*:: -+ --- -type: double +type: keyword -- -*`netflow.relative_error`*:: +*`fortinet.firewall.src_int`*:: + -- -type: double +Source interface --- -*`netflow.observation_time_seconds`*:: -+ --- -type: date +type: keyword -- -*`netflow.observation_time_milliseconds`*:: +*`fortinet.firewall.srcintfrole`*:: + -- -type: date +Source interface role --- -*`netflow.observation_time_microseconds`*:: -+ --- -type: date +type: keyword -- -*`netflow.observation_time_nanoseconds`*:: +*`fortinet.firewall.srccountry`*:: + -- -type: date +Source country --- -*`netflow.digest_hash_value`*:: -+ --- -type: long +type: keyword -- -*`netflow.hash_ip_payload_offset`*:: +*`fortinet.firewall.srcfamily`*:: + -- -type: long +Source family --- -*`netflow.hash_ip_payload_size`*:: -+ --- -type: long +type: keyword -- -*`netflow.hash_output_range_min`*:: +*`fortinet.firewall.srchwvendor`*:: + -- -type: long +Source hardware vendor --- -*`netflow.hash_output_range_max`*:: -+ --- -type: long +type: keyword -- -*`netflow.hash_selected_range_min`*:: +*`fortinet.firewall.srchwversion`*:: + -- -type: long +Source hardware version --- -*`netflow.hash_selected_range_max`*:: -+ --- -type: long +type: keyword -- -*`netflow.hash_digest_output`*:: +*`fortinet.firewall.srcinetsvc`*:: + -- -type: boolean +Source interface service --- -*`netflow.hash_initialiser_value`*:: -+ --- -type: long +type: keyword -- -*`netflow.selector_name`*:: +*`fortinet.firewall.srcname`*:: + -- +Source name + + type: keyword -- -*`netflow.upper_ci_limit`*:: +*`fortinet.firewall.srcserver`*:: + -- -type: double +Source server + + +type: integer -- -*`netflow.lower_ci_limit`*:: +*`fortinet.firewall.srcssid`*:: + -- -type: double +Source SSID + + +type: keyword -- -*`netflow.confidence_level`*:: +*`fortinet.firewall.srcswversion`*:: + -- -type: double +Source software version + + +type: keyword -- -*`netflow.information_element_data_type`*:: +*`fortinet.firewall.srcuuid`*:: + -- -type: short +Source UUID + + +type: keyword -- -*`netflow.information_element_description`*:: +*`fortinet.firewall.sscname`*:: + -- +SSC name + + type: keyword -- -*`netflow.information_element_name`*:: +*`fortinet.firewall.ssid`*:: + -- +Base Service Set ID + + type: keyword -- -*`netflow.information_element_range_begin`*:: +*`fortinet.firewall.sslaction`*:: + -- -type: long +SSL Action + + +type: keyword -- -*`netflow.information_element_range_end`*:: +*`fortinet.firewall.ssllocal`*:: + -- -type: long +WAD SSL local + + +type: keyword -- -*`netflow.information_element_semantics`*:: +*`fortinet.firewall.sslremote`*:: + -- -type: short +WAD SSL remote + + +type: keyword -- -*`netflow.information_element_units`*:: +*`fortinet.firewall.stacount`*:: + -- +Number of stations/clients + + type: integer -- -*`netflow.private_enterprise_number`*:: +*`fortinet.firewall.stage`*:: + -- -type: long +IPSEC stage --- -*`netflow.virtual_station_interface_id`*:: -+ --- -type: short +type: keyword -- -*`netflow.virtual_station_interface_name`*:: +*`fortinet.firewall.stamac`*:: + -- +802.1x station mac + + type: keyword -- -*`netflow.virtual_station_uuid`*:: +*`fortinet.firewall.state`*:: + -- -type: short +Admin login state --- -*`netflow.virtual_station_name`*:: -+ --- type: keyword -- -*`netflow.layer2_segment_id`*:: +*`fortinet.firewall.status`*:: + -- -type: long +Status --- -*`netflow.layer2_octet_delta_count`*:: -+ --- -type: long +type: keyword -- -*`netflow.layer2_octet_total_count`*:: +*`fortinet.firewall.stitch`*:: + -- -type: long +Automation stitch triggered --- -*`netflow.ingress_unicast_packet_total_count`*:: -+ --- -type: long +type: keyword -- -*`netflow.ingress_multicast_packet_total_count`*:: +*`fortinet.firewall.subject`*:: + -- -type: long +Email subject --- -*`netflow.ingress_broadcast_packet_total_count`*:: -+ --- -type: long +type: keyword -- -*`netflow.egress_unicast_packet_total_count`*:: +*`fortinet.firewall.submodule`*:: + -- -type: long +Configuration Sub-Module Name --- -*`netflow.egress_broadcast_packet_total_count`*:: -+ --- -type: long +type: keyword -- -*`netflow.monitoring_interval_start_milli_seconds`*:: +*`fortinet.firewall.subservice`*:: + -- -type: date +AV subservice --- -*`netflow.monitoring_interval_end_milli_seconds`*:: -+ --- -type: date +type: keyword -- -*`netflow.port_range_start`*:: +*`fortinet.firewall.subtype`*:: + -- -type: integer +Log subtype --- -*`netflow.port_range_end`*:: -+ --- -type: integer +type: keyword -- -*`netflow.port_range_step_size`*:: +*`fortinet.firewall.suspicious`*:: + -- -type: integer +Number of Suspicious MMSs --- -*`netflow.port_range_num_ports`*:: -+ --- type: integer -- -*`netflow.sta_mac_address`*:: +*`fortinet.firewall.switchproto`*:: + -- +Protocol change information + + type: keyword -- -*`netflow.sta_ipv4_address`*:: +*`fortinet.firewall.sync_status`*:: + -- -type: ip +The sync status with the master --- -*`netflow.wtp_mac_address`*:: -+ --- type: keyword -- -*`netflow.ingress_interface_type`*:: +*`fortinet.firewall.sync_type`*:: + -- -type: long +The sync type with the master --- -*`netflow.egress_interface_type`*:: -+ --- -type: long +type: keyword -- -*`netflow.rtp_sequence_number`*:: +*`fortinet.firewall.sysuptime`*:: + -- -type: integer +System uptime --- -*`netflow.user_name`*:: -+ --- type: keyword -- -*`netflow.application_category_name`*:: +*`fortinet.firewall.tamac`*:: + -- +the MAC address of Transmitter, if none, then Receiver + + type: keyword -- -*`netflow.application_sub_category_name`*:: +*`fortinet.firewall.threattype`*:: + -- +WIDS threat type + + type: keyword -- -*`netflow.application_group_name`*:: +*`fortinet.firewall.time`*:: + -- +Time of the event + + type: keyword -- -*`netflow.original_flows_present`*:: +*`fortinet.firewall.to`*:: + -- -type: long +Email to field --- -*`netflow.original_flows_initiated`*:: -+ --- -type: long +type: keyword -- -*`netflow.original_flows_completed`*:: +*`fortinet.firewall.to_vcluster`*:: + -- -type: long +destination virtual cluster number --- -*`netflow.distinct_count_of_source_ip_address`*:: -+ --- -type: long +type: integer -- -*`netflow.distinct_count_of_destination_ip_address`*:: +*`fortinet.firewall.total`*:: + -- -type: long +Total memory --- -*`netflow.distinct_count_of_source_ipv4_address`*:: -+ --- -type: long +type: integer -- -*`netflow.distinct_count_of_destination_ipv4_address`*:: +*`fortinet.firewall.totalsession`*:: + -- -type: long +Total Number of Sessions --- -*`netflow.distinct_count_of_source_ipv6_address`*:: -+ --- -type: long +type: integer -- -*`netflow.distinct_count_of_destination_ipv6_address`*:: +*`fortinet.firewall.trace_id`*:: + -- -type: long +Session clash trace ID --- -*`netflow.value_distribution_method`*:: -+ --- -type: short +type: keyword -- -*`netflow.rfc3550_jitter_milliseconds`*:: +*`fortinet.firewall.trandisp`*:: + -- -type: long +NAT translation type + + +type: keyword -- -*`netflow.rfc3550_jitter_microseconds`*:: +*`fortinet.firewall.transid`*:: + -- -type: long +HTTP transaction ID + + +type: integer -- -*`netflow.rfc3550_jitter_nanoseconds`*:: +*`fortinet.firewall.translationid`*:: + -- -type: long +DNS filter transaltion ID + + +type: keyword -- -*`netflow.dot1q_dei`*:: +*`fortinet.firewall.trigger`*:: + -- -type: boolean +Automation stitch trigger + + +type: keyword -- -*`netflow.dot1q_customer_dei`*:: +*`fortinet.firewall.trueclntip`*:: + -- -type: boolean +File filter true client IP + + +type: ip -- -*`netflow.flow_selector_algorithm`*:: +*`fortinet.firewall.tunnelid`*:: + -- +IPSEC tunnel ID + + type: integer -- -*`netflow.flow_selected_octet_delta_count`*:: +*`fortinet.firewall.tunnelip`*:: + -- -type: long +IPSEC tunnel IP --- -*`netflow.flow_selected_packet_delta_count`*:: -+ --- -type: long +type: ip -- -*`netflow.flow_selected_flow_delta_count`*:: +*`fortinet.firewall.tunneltype`*:: + -- -type: long +IPSEC tunnel type --- -*`netflow.selector_id_total_flows_observed`*:: -+ --- -type: long +type: keyword -- -*`netflow.selector_id_total_flows_selected`*:: +*`fortinet.firewall.type`*:: + -- -type: long +Module type --- -*`netflow.sampling_flow_interval`*:: -+ --- -type: long +type: keyword -- -*`netflow.sampling_flow_spacing`*:: +*`fortinet.firewall.ui`*:: + -- -type: long +Admin authentication UI type --- -*`netflow.flow_sampling_time_interval`*:: -+ --- -type: long +type: keyword -- -*`netflow.flow_sampling_time_spacing`*:: +*`fortinet.firewall.unauthusersource`*:: + -- -type: long +Unauthenticated user source + + +type: keyword -- -*`netflow.hash_flow_domain`*:: +*`fortinet.firewall.unit`*:: + -- +Power supply unit + + type: integer -- -*`netflow.transport_octet_delta_count`*:: +*`fortinet.firewall.urlfilteridx`*:: + -- -type: long +URL filter ID --- -*`netflow.transport_packet_delta_count`*:: -+ --- -type: long +type: integer -- -*`netflow.original_exporter_ipv4_address`*:: +*`fortinet.firewall.urlfilterlist`*:: + -- -type: ip +URL filter list --- -*`netflow.original_exporter_ipv6_address`*:: -+ --- -type: ip +type: keyword -- -*`netflow.original_observation_domain_id`*:: +*`fortinet.firewall.urlsource`*:: + -- -type: long +URL filter source --- -*`netflow.intermediate_process_id`*:: -+ --- -type: long +type: keyword -- -*`netflow.ignored_data_record_total_count`*:: +*`fortinet.firewall.urltype`*:: + -- -type: long +URL filter type --- -*`netflow.data_link_frame_type`*:: -+ --- -type: integer +type: keyword -- -*`netflow.section_offset`*:: +*`fortinet.firewall.used`*:: + -- +Number of Used IPs + + type: integer -- -*`netflow.section_exported_octets`*:: +*`fortinet.firewall.used_for_type`*:: + -- +Connection for the type + + type: integer -- -*`netflow.dot1q_service_instance_tag`*:: +*`fortinet.firewall.utmaction`*:: + -- -type: short +Security action performed by UTM --- -*`netflow.dot1q_service_instance_id`*:: -+ --- -type: long +type: keyword -- -*`netflow.dot1q_service_instance_priority`*:: +*`fortinet.firewall.vap`*:: + -- -type: short +Virtual AP --- -*`netflow.dot1q_customer_source_mac_address`*:: -+ --- type: keyword -- -*`netflow.dot1q_customer_destination_mac_address`*:: +*`fortinet.firewall.vapmode`*:: + -- +Virtual AP mode + + type: keyword -- -*`netflow.post_layer2_octet_delta_count`*:: +*`fortinet.firewall.vcluster`*:: + -- -type: long +virtual cluster id --- -*`netflow.post_mcast_layer2_octet_delta_count`*:: -+ --- -type: long +type: integer -- -*`netflow.post_layer2_octet_total_count`*:: +*`fortinet.firewall.vcluster_member`*:: + -- -type: long +Virtual cluster member --- -*`netflow.post_mcast_layer2_octet_total_count`*:: -+ --- -type: long +type: integer -- -*`netflow.minimum_layer2_total_length`*:: +*`fortinet.firewall.vcluster_state`*:: + -- -type: long +Virtual cluster state --- -*`netflow.maximum_layer2_total_length`*:: -+ --- -type: long +type: keyword -- -*`netflow.dropped_layer2_octet_delta_count`*:: +*`fortinet.firewall.vd`*:: + -- -type: long +Virtual Domain Name --- -*`netflow.dropped_layer2_octet_total_count`*:: -+ --- -type: long +type: keyword -- -*`netflow.ignored_layer2_octet_total_count`*:: +*`fortinet.firewall.vdname`*:: + -- -type: long +Virtual Domain Name --- -*`netflow.not_sent_layer2_octet_total_count`*:: -+ --- -type: long +type: keyword -- -*`netflow.layer2_octet_delta_sum_of_squares`*:: +*`fortinet.firewall.vendorurl`*:: + -- -type: long +Vulnerability scan vendor name --- -*`netflow.layer2_octet_total_sum_of_squares`*:: -+ --- -type: long +type: keyword -- -*`netflow.layer2_frame_delta_count`*:: +*`fortinet.firewall.version`*:: + -- -type: long +Version --- -*`netflow.layer2_frame_total_count`*:: -+ --- -type: long +type: keyword -- -*`netflow.pseudo_wire_destination_ipv4_address`*:: +*`fortinet.firewall.vip`*:: + -- -type: ip +Virtual IP --- -*`netflow.ignored_layer2_frame_total_count`*:: -+ --- -type: long +type: keyword -- -*`netflow.mib_object_value_integer`*:: +*`fortinet.firewall.virus`*:: + -- -type: integer +Virus name --- -*`netflow.mib_object_value_octet_string`*:: -+ --- -type: short +type: keyword -- -*`netflow.mib_object_value_oid`*:: +*`fortinet.firewall.virusid`*:: + -- -type: short +Virus ID (unique virus identifier) --- -*`netflow.mib_object_value_bits`*:: -+ --- -type: short +type: integer -- -*`netflow.mib_object_value_ip_address`*:: +*`fortinet.firewall.voip_proto`*:: + -- -type: ip +VOIP protocol --- -*`netflow.mib_object_value_counter`*:: -+ --- -type: long +type: keyword -- -*`netflow.mib_object_value_gauge`*:: +*`fortinet.firewall.vpn`*:: + -- -type: long +VPN description --- -*`netflow.mib_object_value_time_ticks`*:: -+ --- -type: long +type: keyword -- -*`netflow.mib_object_value_unsigned`*:: +*`fortinet.firewall.vpntunnel`*:: + -- -type: long +IPsec Vpn Tunnel Name --- -*`netflow.mib_object_identifier`*:: -+ --- -type: short +type: keyword -- -*`netflow.mib_sub_identifier`*:: +*`fortinet.firewall.vpntype`*:: + -- -type: long +The type of the VPN tunnel --- -*`netflow.mib_index_indicator`*:: -+ --- -type: long +type: keyword -- -*`netflow.mib_capture_time_semantics`*:: +*`fortinet.firewall.vrf`*:: + -- -type: short +VRF number --- -*`netflow.mib_context_engine_id`*:: -+ --- -type: short +type: integer -- -*`netflow.mib_context_name`*:: +*`fortinet.firewall.vulncat`*:: + -- -type: keyword +Vulnerability Category --- -*`netflow.mib_object_name`*:: -+ --- type: keyword -- -*`netflow.mib_object_description`*:: +*`fortinet.firewall.vulnid`*:: + -- -type: keyword +Vulnerability ID --- -*`netflow.mib_object_syntax`*:: -+ --- -type: keyword +type: integer -- -*`netflow.mib_module_name`*:: +*`fortinet.firewall.vulnname`*:: + -- -type: keyword +Vulnerability name --- -*`netflow.mobile_imsi`*:: -+ --- type: keyword -- -*`netflow.mobile_msisdn`*:: +*`fortinet.firewall.vwlid`*:: + -- -type: keyword +VWL ID --- -*`netflow.http_status_code`*:: -+ --- type: integer -- -*`netflow.source_transport_ports_limit`*:: +*`fortinet.firewall.vwlquality`*:: + -- -type: integer +VWL quality --- -*`netflow.http_request_method`*:: -+ --- type: keyword -- -*`netflow.http_request_host`*:: +*`fortinet.firewall.vwlservice`*:: + -- -type: keyword +VWL service --- -*`netflow.http_request_target`*:: -+ --- type: keyword -- -*`netflow.http_message_version`*:: +*`fortinet.firewall.vwpvlanid`*:: + -- -type: keyword +VWP VLAN ID + + +type: integer -- -*`netflow.nat_instance_id`*:: +*`fortinet.firewall.wanin`*:: + -- +WAN incoming traffic in bytes + + type: long -- -*`netflow.internal_address_realm`*:: +*`fortinet.firewall.wanoptapptype`*:: + -- -type: short +WAN Optimization Application type --- -*`netflow.external_address_realm`*:: -+ --- -type: short +type: keyword -- -*`netflow.nat_quota_exceeded_event`*:: +*`fortinet.firewall.wanout`*:: + -- -type: long +WAN outgoing traffic in bytes --- -*`netflow.nat_threshold_event`*:: -+ --- type: long -- -*`netflow.http_user_agent`*:: +*`fortinet.firewall.weakwepiv`*:: + -- -type: keyword +Weak Wep Initiation Vector --- -*`netflow.http_content_type`*:: -+ --- type: keyword -- -*`netflow.http_reason_phrase`*:: +*`fortinet.firewall.xauthgroup`*:: + -- +XAuth Group Name + + type: keyword -- -*`netflow.max_session_entries`*:: +*`fortinet.firewall.xauthuser`*:: + -- -type: long +XAuth User Name --- -*`netflow.max_bib_entries`*:: -+ --- -type: long +type: keyword -- -*`netflow.max_entries_per_user`*:: +*`fortinet.firewall.xid`*:: + -- -type: long +Wireless X ID --- -*`netflow.max_subscribers`*:: -+ --- -type: long +type: integer -- -*`netflow.max_fragments_pending_reassembly`*:: -+ --- -type: long +[[exported-fields-googlecloud]] +== Google Cloud fields --- +Module for handling logs from Google Cloud. -*`netflow.address_pool_high_threshold`*:: -+ --- -type: long --- -*`netflow.address_pool_low_threshold`*:: -+ --- -type: long +[float] +=== googlecloud --- +Fields from Google Cloud logs. -*`netflow.address_port_mapping_high_threshold`*:: -+ --- -type: long --- -*`netflow.address_port_mapping_low_threshold`*:: -+ --- -type: long +[float] +=== destination.instance --- +If the destination of the connection was a VM located on the same VPC, this field is populated with VM instance details. In a Shared VPC configuration, project_id corresponds to the project that owns the instance, usually the service project. -*`netflow.address_port_mapping_per_user_high_threshold`*:: -+ --- -type: long --- -*`netflow.global_address_mapping_high_threshold`*:: +*`googlecloud.destination.instance.project_id`*:: + -- -type: long +ID of the project containing the VM. --- -*`netflow.vpn_identifier`*:: -+ --- -type: short +type: keyword -- -[[exported-fields-nginx]] -== Nginx fields +*`googlecloud.destination.instance.region`*:: ++ +-- +Region of the VM. -Module for parsing the Nginx log files. +type: keyword +-- -[float] -=== nginx +*`googlecloud.destination.instance.zone`*:: ++ +-- +Zone of the VM. -Fields from the Nginx log files. +type: keyword +-- [float] -=== access +=== destination.vpc -Contains fields for the Nginx access logs. +If the destination of the connection was a VM located on the same VPC, this field is populated with VPC network details. In a Shared VPC configuration, project_id corresponds to that of the host project. -*`nginx.access.remote_ip_list`*:: +*`googlecloud.destination.vpc.project_id`*:: + -- -An array of remote IP addresses. It is a list because it is common to include, besides the client IP address, IP addresses from headers like `X-Forwarded-For`. Real source IP is restored to `source.ip`. +ID of the project containing the VM. -type: array +type: keyword -- -*`nginx.access.body_sent.bytes`*:: +*`googlecloud.destination.vpc.vpc_name`*:: + -- -type: alias +VPC on which the VM is operating. -alias to: http.response.body.bytes + +type: keyword -- -*`nginx.access.user_name`*:: +*`googlecloud.destination.vpc.subnetwork_name`*:: + -- -type: alias +Subnetwork on which the VM is operating. -alias to: user.name --- +type: keyword -*`nginx.access.method`*:: -+ -- -type: alias - -alias to: http.request.method --- +[float] +=== source.instance -*`nginx.access.url`*:: -+ --- -type: alias +If the source of the connection was a VM located on the same VPC, this field is populated with VM instance details. In a Shared VPC configuration, project_id corresponds to the project that owns the instance, usually the service project. -alias to: url.original --- -*`nginx.access.http_version`*:: +*`googlecloud.source.instance.project_id`*:: + -- -type: alias +ID of the project containing the VM. -alias to: http.version + +type: keyword -- -*`nginx.access.response_code`*:: +*`googlecloud.source.instance.region`*:: + -- -type: alias +Region of the VM. -alias to: http.response.status_code + +type: keyword -- -*`nginx.access.referrer`*:: +*`googlecloud.source.instance.zone`*:: + -- -type: alias +Zone of the VM. -alias to: http.request.referrer --- +type: keyword -*`nginx.access.agent`*:: -+ -- -type: alias -alias to: user_agent.original +[float] +=== source.vpc --- +If the source of the connection was a VM located on the same VPC, this field is populated with VPC network details. In a Shared VPC configuration, project_id corresponds to that of the host project. -*`nginx.access.user_agent.device`*:: + +*`googlecloud.source.vpc.project_id`*:: + -- -type: alias +ID of the project containing the VM. -alias to: user_agent.device.name + +type: keyword -- -*`nginx.access.user_agent.name`*:: +*`googlecloud.source.vpc.vpc_name`*:: + -- -type: alias +VPC on which the VM is operating. -alias to: user_agent.name + +type: keyword -- -*`nginx.access.user_agent.os`*:: +*`googlecloud.source.vpc.subnetwork_name`*:: + -- -type: alias +Subnetwork on which the VM is operating. -alias to: user_agent.os.full_name --- +type: keyword -*`nginx.access.user_agent.os_name`*:: -+ -- -type: alias -alias to: user_agent.os.name +[float] +=== audit --- +Fields for Google Cloud audit logs. -*`nginx.access.user_agent.original`*:: + + +*`googlecloud.audit.type`*:: + -- -type: alias +Type property. -alias to: user_agent.original + +type: keyword -- +[float] +=== authentication_info -*`nginx.access.geoip.continent_name`*:: -+ --- -type: alias +Authentication information. -alias to: source.geo.continent_name --- -*`nginx.access.geoip.country_iso_code`*:: +*`googlecloud.audit.authentication_info.principal_email`*:: + -- -type: alias +The email address of the authenticated user making the request. -alias to: source.geo.country_iso_code + +type: keyword -- -*`nginx.access.geoip.location`*:: +*`googlecloud.audit.authentication_info.authority_selector`*:: + -- -type: alias +The authority selector specified by the requestor, if any. It is not guaranteed that the principal was allowed to use this authority. -alias to: source.geo.location + +type: keyword -- -*`nginx.access.geoip.region_name`*:: +*`googlecloud.audit.authorization_info`*:: + -- -type: alias +Authorization information for the operation. -alias to: source.geo.region_name + +type: array -- -*`nginx.access.geoip.city_name`*:: +*`googlecloud.audit.method_name`*:: + -- -type: alias +The name of the service method or operation. For API calls, this should be the name of the API method. For example, 'google.datastore.v1.Datastore.RunQuery'. -alias to: source.geo.city_name + +type: keyword -- -*`nginx.access.geoip.region_iso_code`*:: +*`googlecloud.audit.num_response_items`*:: + -- -type: alias +The number of items returned from a List or Query API method, if applicable. -alias to: source.geo.region_iso_code + +type: long -- [float] -=== error +=== request -Contains fields for the Nginx error logs. +The operation request. -*`nginx.error.connection_id`*:: +*`googlecloud.audit.request.proto_name`*:: + -- -Connection identifier. +Type property of the request. -type: long +type: keyword -- -*`nginx.error.level`*:: +*`googlecloud.audit.request.filter`*:: + -- -type: alias +Filter of the request. -alias to: log.level + +type: keyword -- -*`nginx.error.pid`*:: +*`googlecloud.audit.request.name`*:: + -- -type: alias +Name of the request. -alias to: process.pid + +type: keyword -- -*`nginx.error.tid`*:: +*`googlecloud.audit.request.resource_name`*:: + -- -type: alias - -alias to: process.thread.id - --- +Name of the request resource. -*`nginx.error.message`*:: -+ --- -type: alias -alias to: message +type: keyword -- [float] -=== ingress_controller +=== request_metadata -Contains fields for the Ingress Nginx controller access logs. +Metadata about the request. -*`nginx.ingress_controller.remote_ip_list`*:: +*`googlecloud.audit.request_metadata.caller_ip`*:: + -- -An array of remote IP addresses. It is a list because it is common to include, besides the client IP address, IP addresses from headers like `X-Forwarded-For`. Real source IP is restored to `source.ip`. +The IP address of the caller. -type: array +type: ip -- -*`nginx.ingress_controller.http.request.length`*:: +*`googlecloud.audit.request_metadata.caller_supplied_user_agent`*:: + -- -The request length (including request line, header, and request body) - +The user agent of the caller. This information is not authenticated and should be treated accordingly. -type: long -format: bytes +type: keyword -- -*`nginx.ingress_controller.http.request.time`*:: +*`googlecloud.audit.resource_name`*:: + -- -Time elapsed since the first bytes were read from the client - +The resource or collection that is the target of the operation. The name is a scheme-less URI, not including the API service name. For example, 'shelves/SHELF_ID/books'. -type: double -format: duration +type: keyword -- -*`nginx.ingress_controller.upstream.name`*:: -+ --- -The name of the upstream. +[float] +=== resource_location +The location of the resource. -type: keyword --- -*`nginx.ingress_controller.upstream.alternative_name`*:: +*`googlecloud.audit.resource_location.current_locations`*:: + -- -The name of the alternative upstream. +Current locations of the resource. type: keyword -- -*`nginx.ingress_controller.upstream.response.length`*:: +*`googlecloud.audit.service_name`*:: + -- -The length of the response obtained from the upstream server - - -type: long +The name of the API service performing the operation. For example, datastore.googleapis.com. -format: bytes --- +type: keyword -*`nginx.ingress_controller.upstream.response.time`*:: -+ -- -The time spent on receiving the response from the upstream server as seconds with millisecond resolution +[float] +=== status -type: double +The status of the overall operation. -format: duration --- -*`nginx.ingress_controller.upstream.response.status_code`*:: +*`googlecloud.audit.status.code`*:: + -- -The status code of the response obtained from the upstream server +The status code, which should be an enum value of google.rpc.Code. -type: long +type: integer -- -*`nginx.ingress_controller.http.request.id`*:: +*`googlecloud.audit.status.message`*:: + -- -The randomly generated ID of the request +A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. type: keyword -- -*`nginx.ingress_controller.upstream.ip`*:: -+ --- -The IP address of the upstream server. If several servers were contacted during request processing, their addresses are separated by commas. +[float] +=== firewall +Fields for Google Cloud Firewall logs. -type: ip --- -*`nginx.ingress_controller.upstream.port`*:: -+ --- -The port of the upstream server. +[float] +=== rule_details +Description of the firewall rule that matched this connection. -type: long --- -*`nginx.ingress_controller.body_sent.bytes`*:: +*`googlecloud.firewall.rule_details.priority`*:: + -- -type: alias +The priority for the firewall rule. -alias to: http.response.body.bytes +type: long -- -*`nginx.ingress_controller.user_name`*:: +*`googlecloud.firewall.rule_details.action`*:: + -- -type: alias +Action that the rule performs on match. -alias to: user.name +type: keyword -- -*`nginx.ingress_controller.method`*:: +*`googlecloud.firewall.rule_details.direction`*:: + -- -type: alias +Direction of traffic that matches this rule. -alias to: http.request.method +type: keyword -- -*`nginx.ingress_controller.url`*:: +*`googlecloud.firewall.rule_details.reference`*:: + -- -type: alias +Reference to the firewall rule. -alias to: url.original +type: keyword -- -*`nginx.ingress_controller.http_version`*:: +*`googlecloud.firewall.rule_details.source_range`*:: + -- -type: alias +List of source ranges that the firewall rule applies to. -alias to: http.version +type: keyword -- -*`nginx.ingress_controller.response_code`*:: +*`googlecloud.firewall.rule_details.destination_range`*:: + -- -type: alias +List of destination ranges that the firewall applies to. -alias to: http.response.status_code +type: keyword -- -*`nginx.ingress_controller.referrer`*:: +*`googlecloud.firewall.rule_details.source_tag`*:: + -- -type: alias - -alias to: http.request.referrer - --- +List of all the source tags that the firewall rule applies to. -*`nginx.ingress_controller.agent`*:: -+ --- -type: alias -alias to: user_agent.original +type: keyword -- - -*`nginx.ingress_controller.user_agent.device`*:: +*`googlecloud.firewall.rule_details.target_tag`*:: + -- -type: alias - -alias to: user_agent.device.name - --- +List of all the target tags that the firewall rule applies to. -*`nginx.ingress_controller.user_agent.name`*:: -+ --- -type: alias -alias to: user_agent.name +type: keyword -- -*`nginx.ingress_controller.user_agent.os`*:: +*`googlecloud.firewall.rule_details.ip_port_info`*:: + -- -type: alias +List of ip protocols and applicable port ranges for rules. -alias to: user_agent.os.full_name + +type: array -- -*`nginx.ingress_controller.user_agent.os_name`*:: +*`googlecloud.firewall.rule_details.source_service_account`*:: + -- -type: alias +List of all the source service accounts that the firewall rule applies to. -alias to: user_agent.os.name + +type: keyword -- -*`nginx.ingress_controller.user_agent.original`*:: +*`googlecloud.firewall.rule_details.target_service_account`*:: + -- -type: alias - -alias to: user_agent.original +List of all the target service accounts that the firewall rule applies to. --- +type: keyword -*`nginx.ingress_controller.geoip.continent_name`*:: -+ -- -type: alias -alias to: source.geo.continent_name - --- +[float] +=== vpcflow -*`nginx.ingress_controller.geoip.country_iso_code`*:: -+ --- -type: alias +Fields for Google Cloud VPC flow logs. -alias to: source.geo.country_iso_code --- -*`nginx.ingress_controller.geoip.location`*:: +*`googlecloud.vpcflow.reporter`*:: + -- -type: alias +The side which reported the flow. Can be either 'SRC' or 'DEST'. -alias to: source.geo.location + +type: keyword -- -*`nginx.ingress_controller.geoip.region_name`*:: +*`googlecloud.vpcflow.rtt.ms`*:: + -- -type: alias +Latency as measured (for TCP flows only) during the time interval. This is the time elapsed between sending a SEQ and receiving a corresponding ACK and it contains the network RTT as well as the application related delay. -alias to: source.geo.region_name --- +type: long -*`nginx.ingress_controller.geoip.city_name`*:: -+ -- -type: alias - -alias to: source.geo.city_name --- +[[exported-fields-googlecloud]] +== Google Cloud fields -*`nginx.ingress_controller.geoip.region_iso_code`*:: -+ --- -type: alias +Module for handling logs from Google Cloud. -alias to: source.geo.region_iso_code --- -[[exported-fields-o365]] -== Office 365 fields +[float] +=== googlecloud -Module for handling logs from Office 365. +Fields from Google Cloud logs. [float] -=== o365.audit +=== destination.instance -Fields from Office 365 Management API audit logs. +If the destination of the connection was a VM located on the same VPC, this field is populated with VM instance details. In a Shared VPC configuration, project_id corresponds to the project that owns the instance, usually the service project. -*`o365.audit.Actor`*:: +*`googlecloud.destination.instance.project_id`*:: + -- -type: array +ID of the project containing the VM. --- -*`o365.audit.ActorContextId`*:: -+ --- type: keyword -- -*`o365.audit.ActorIpAddress`*:: +*`googlecloud.destination.instance.region`*:: + -- -type: keyword +Region of the VM. --- -*`o365.audit.ActorUserId`*:: -+ --- type: keyword -- -*`o365.audit.ActorYammerUserId`*:: +*`googlecloud.destination.instance.zone`*:: + -- -type: keyword +Zone of the VM. --- -*`o365.audit.AlertEntityId`*:: -+ --- type: keyword -- -*`o365.audit.AlertId`*:: -+ --- -type: keyword +[float] +=== destination.vpc --- +If the destination of the connection was a VM located on the same VPC, this field is populated with VPC network details. In a Shared VPC configuration, project_id corresponds to that of the host project. -*`o365.audit.AlertLinks`*:: -+ --- -type: array --- -*`o365.audit.AlertType`*:: +*`googlecloud.destination.vpc.project_id`*:: + -- -type: keyword +ID of the project containing the VM. --- -*`o365.audit.AppId`*:: -+ --- type: keyword -- -*`o365.audit.ApplicationDisplayName`*:: +*`googlecloud.destination.vpc.vpc_name`*:: + -- -type: keyword +VPC on which the VM is operating. --- -*`o365.audit.ApplicationId`*:: -+ --- type: keyword -- -*`o365.audit.AzureActiveDirectoryEventType`*:: +*`googlecloud.destination.vpc.subnetwork_name`*:: + -- +Subnetwork on which the VM is operating. + + type: keyword -- -*`o365.audit.ExchangeMetaData.*`*:: -+ --- -type: object +[float] +=== source.instance --- +If the source of the connection was a VM located on the same VPC, this field is populated with VM instance details. In a Shared VPC configuration, project_id corresponds to the project that owns the instance, usually the service project. -*`o365.audit.Category`*:: -+ --- -type: keyword --- -*`o365.audit.ClientAppId`*:: +*`googlecloud.source.instance.project_id`*:: + -- -type: keyword +ID of the project containing the VM. --- -*`o365.audit.ClientInfoString`*:: -+ --- type: keyword -- -*`o365.audit.ClientIP`*:: +*`googlecloud.source.instance.region`*:: + -- -type: keyword +Region of the VM. --- -*`o365.audit.ClientIPAddress`*:: -+ --- type: keyword -- -*`o365.audit.Comments`*:: +*`googlecloud.source.instance.zone`*:: + -- -type: text +Zone of the VM. --- -*`o365.audit.CorrelationId`*:: -+ --- type: keyword -- -*`o365.audit.CreationTime`*:: -+ --- -type: keyword +[float] +=== source.vpc --- +If the source of the connection was a VM located on the same VPC, this field is populated with VPC network details. In a Shared VPC configuration, project_id corresponds to that of the host project. -*`o365.audit.CustomUniqueId`*:: + + +*`googlecloud.source.vpc.project_id`*:: + -- +ID of the project containing the VM. + + type: keyword -- -*`o365.audit.Data`*:: +*`googlecloud.source.vpc.vpc_name`*:: + -- +VPC on which the VM is operating. + + type: keyword -- -*`o365.audit.DataType`*:: +*`googlecloud.source.vpc.subnetwork_name`*:: + -- +Subnetwork on which the VM is operating. + + type: keyword -- -*`o365.audit.EntityType`*:: +[float] +=== audit + +Fields for Google Cloud audit logs. + + + +*`googlecloud.audit.type`*:: + -- +Type property. + + type: keyword -- -*`o365.audit.EventData`*:: +[float] +=== authentication_info + +Authentication information. + + + +*`googlecloud.audit.authentication_info.principal_email`*:: + -- +The email address of the authenticated user making the request. + + type: keyword -- -*`o365.audit.EventSource`*:: +*`googlecloud.audit.authentication_info.authority_selector`*:: + -- +The authority selector specified by the requestor, if any. It is not guaranteed that the principal was allowed to use this authority. + + type: keyword -- -*`o365.audit.ExceptionInfo.*`*:: +*`googlecloud.audit.authorization_info`*:: + -- -type: object +Authorization information for the operation. --- -*`o365.audit.ExtendedProperties.*`*:: -+ --- -type: object +type: array -- -*`o365.audit.ExternalAccess`*:: +*`googlecloud.audit.method_name`*:: + -- +The name of the service method or operation. For API calls, this should be the name of the API method. For example, 'google.datastore.v1.Datastore.RunQuery'. + + type: keyword -- -*`o365.audit.GroupName`*:: +*`googlecloud.audit.num_response_items`*:: + -- -type: keyword +The number of items returned from a List or Query API method, if applicable. + + +type: long -- -*`o365.audit.Id`*:: +[float] +=== request + +The operation request. + + + +*`googlecloud.audit.request.proto_name`*:: + -- +Type property of the request. + + type: keyword -- -*`o365.audit.ImplicitShare`*:: +*`googlecloud.audit.request.filter`*:: + -- +Filter of the request. + + type: keyword -- -*`o365.audit.IncidentId`*:: +*`googlecloud.audit.request.name`*:: + -- +Name of the request. + + type: keyword -- -*`o365.audit.InternalLogonType`*:: +*`googlecloud.audit.request.resource_name`*:: + -- +Name of the request resource. + + type: keyword -- -*`o365.audit.InterSystemsId`*:: +[float] +=== request_metadata + +Metadata about the request. + + + +*`googlecloud.audit.request_metadata.caller_ip`*:: + -- -type: keyword +The IP address of the caller. + + +type: ip -- -*`o365.audit.IntraSystemId`*:: +*`googlecloud.audit.request_metadata.caller_supplied_user_agent`*:: + -- +The user agent of the caller. This information is not authenticated and should be treated accordingly. + + type: keyword -- -*`o365.audit.Item.*`*:: -+ --- -type: object +[float] +=== response --- +The operation response. -*`o365.audit.Item.*.*`*:: -+ --- -type: object --- -*`o365.audit.ItemName`*:: +*`googlecloud.audit.response.proto_name`*:: + -- +Type property of the response. + + type: keyword -- -*`o365.audit.ItemType`*:: +[float] +=== details + +The details of the response. + + + +*`googlecloud.audit.response.details.group`*:: + -- +The name of the group. + + type: keyword -- -*`o365.audit.ListId`*:: +*`googlecloud.audit.response.details.kind`*:: + -- +The kind of the response details. + + type: keyword -- -*`o365.audit.ListItemUniqueId`*:: +*`googlecloud.audit.response.details.name`*:: + -- +The name of the response details. + + type: keyword -- -*`o365.audit.LogonError`*:: +*`googlecloud.audit.response.details.uid`*:: + -- +The uid of the response details. + + type: keyword -- -*`o365.audit.LogonType`*:: +*`googlecloud.audit.response.status`*:: + -- +Status of the response. + + type: keyword -- -*`o365.audit.LogonUserSid`*:: +*`googlecloud.audit.resource_name`*:: + -- +The resource or collection that is the target of the operation. The name is a scheme-less URI, not including the API service name. For example, 'shelves/SHELF_ID/books'. + + type: keyword -- -*`o365.audit.MailboxGuid`*:: -+ --- -type: keyword +[float] +=== resource_location --- +The location of the resource. -*`o365.audit.MailboxOwnerMasterAccountSid`*:: -+ --- -type: keyword --- -*`o365.audit.MailboxOwnerSid`*:: +*`googlecloud.audit.resource_location.current_locations`*:: + -- +Current locations of the resource. + + type: keyword -- -*`o365.audit.MailboxOwnerUPN`*:: +*`googlecloud.audit.service_name`*:: + -- +The name of the API service performing the operation. For example, datastore.googleapis.com. + + type: keyword -- -*`o365.audit.Members`*:: -+ --- -type: array +[float] +=== status --- +The status of the overall operation. -*`o365.audit.Members.*`*:: -+ --- -type: object --- -*`o365.audit.ModifiedProperties.*.*`*:: +*`googlecloud.audit.status.code`*:: + -- -type: object +The status code, which should be an enum value of google.rpc.Code. --- -*`o365.audit.Name`*:: -+ --- -type: keyword +type: integer -- -*`o365.audit.ObjectId`*:: +*`googlecloud.audit.status.message`*:: + -- -type: keyword +A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. --- -*`o365.audit.Operation`*:: -+ --- type: keyword -- -*`o365.audit.OrganizationId`*:: -+ --- -type: keyword +[float] +=== firewall --- +Fields for Google Cloud Firewall logs. -*`o365.audit.OrganizationName`*:: -+ --- -type: keyword --- -*`o365.audit.OriginatingServer`*:: -+ --- -type: keyword +[float] +=== rule_details --- +Description of the firewall rule that matched this connection. -*`o365.audit.Parameters.*`*:: -+ --- -type: object --- -*`o365.audit.PolicyDetails`*:: +*`googlecloud.firewall.rule_details.priority`*:: + -- -type: array +The priority for the firewall rule. + +type: long -- -*`o365.audit.PolicyId`*:: +*`googlecloud.firewall.rule_details.action`*:: + -- +Action that the rule performs on match. + type: keyword -- -*`o365.audit.RecordType`*:: +*`googlecloud.firewall.rule_details.direction`*:: + -- +Direction of traffic that matches this rule. + type: keyword -- -*`o365.audit.ResultStatus`*:: +*`googlecloud.firewall.rule_details.reference`*:: + -- +Reference to the firewall rule. + type: keyword -- -*`o365.audit.SensitiveInfoDetectionIsIncluded`*:: +*`googlecloud.firewall.rule_details.source_range`*:: + -- +List of source ranges that the firewall rule applies to. + type: keyword -- -*`o365.audit.SharePointMetaData.*`*:: +*`googlecloud.firewall.rule_details.destination_range`*:: + -- -type: object - --- +List of destination ranges that the firewall applies to. -*`o365.audit.SessionId`*:: -+ --- type: keyword -- -*`o365.audit.Severity`*:: +*`googlecloud.firewall.rule_details.source_tag`*:: + -- -type: keyword +List of all the source tags that the firewall rule applies to. --- -*`o365.audit.Site`*:: -+ --- type: keyword -- -*`o365.audit.SiteUrl`*:: +*`googlecloud.firewall.rule_details.target_tag`*:: + -- -type: keyword +List of all the target tags that the firewall rule applies to. --- -*`o365.audit.Source`*:: -+ --- type: keyword -- -*`o365.audit.SourceFileExtension`*:: +*`googlecloud.firewall.rule_details.ip_port_info`*:: + -- -type: keyword +List of ip protocols and applicable port ranges for rules. + + +type: array -- -*`o365.audit.SourceFileName`*:: +*`googlecloud.firewall.rule_details.source_service_account`*:: + -- +List of all the source service accounts that the firewall rule applies to. + + type: keyword -- -*`o365.audit.SourceRelativeUrl`*:: +*`googlecloud.firewall.rule_details.target_service_account`*:: + -- +List of all the target service accounts that the firewall rule applies to. + + type: keyword -- -*`o365.audit.Status`*:: +[float] +=== vpcflow + +Fields for Google Cloud VPC flow logs. + + + +*`googlecloud.vpcflow.reporter`*:: + -- +The side which reported the flow. Can be either 'SRC' or 'DEST'. + + type: keyword -- -*`o365.audit.SupportTicketId`*:: +*`googlecloud.vpcflow.rtt.ms`*:: + -- -type: keyword +Latency as measured (for TCP flows only) during the time interval. This is the time elapsed between sending a SEQ and receiving a corresponding ACK and it contains the network RTT as well as the application related delay. + + +type: long -- -*`o365.audit.Target`*:: +[[exported-fields-haproxy]] +== HAProxy fields + +haproxy Module + + + +[float] +=== haproxy + + + + +*`haproxy.frontend_name`*:: + -- -type: array +Name of the frontend (or listener) which received and processed the connection. -- -*`o365.audit.TargetContextId`*:: +*`haproxy.backend_name`*:: + -- -type: keyword +Name of the backend (or listener) which was selected to manage the connection to the server. -- -*`o365.audit.TargetUserOrGroupName`*:: +*`haproxy.server_name`*:: + -- -type: keyword +Name of the last server to which the connection was sent. -- -*`o365.audit.TargetUserOrGroupType`*:: +*`haproxy.total_waiting_time_ms`*:: + -- -type: keyword +Total time in milliseconds spent waiting in the various queues + +type: long -- -*`o365.audit.TeamName`*:: +*`haproxy.connection_wait_time_ms`*:: + -- -type: keyword +Total time in milliseconds spent waiting for the connection to establish to the final server + +type: long -- -*`o365.audit.TeamGuid`*:: +*`haproxy.bytes_read`*:: + -- -type: keyword +Total number of bytes transmitted to the client when the log is emitted. + +type: long -- -*`o365.audit.UniqueSharingId`*:: +*`haproxy.time_queue`*:: + -- -type: keyword +Total time in milliseconds spent waiting in the various queues. + +type: long -- -*`o365.audit.UserAgent`*:: +*`haproxy.time_backend_connect`*:: + -- -type: keyword +Total time in milliseconds spent waiting for the connection to establish to the final server, including retries. + +type: long -- -*`o365.audit.UserId`*:: +*`haproxy.server_queue`*:: + -- -type: keyword +Total number of requests which were processed before this one in the server queue. + +type: long -- -*`o365.audit.UserKey`*:: +*`haproxy.backend_queue`*:: + -- -type: keyword +Total number of requests which were processed before this one in the backend's global queue. + +type: long -- -*`o365.audit.UserType`*:: +*`haproxy.bind_name`*:: + -- -type: keyword +Name of the listening address which received the connection. -- -*`o365.audit.Version`*:: +*`haproxy.error_message`*:: + -- -type: keyword +Error message logged by HAProxy in case of error. + +type: text -- -*`o365.audit.WebId`*:: +*`haproxy.source`*:: + -- +The HAProxy source of the log + type: keyword -- -*`o365.audit.Workload`*:: +*`haproxy.termination_state`*:: + -- -type: keyword +Condition the session was in when the session ended. -- -*`o365.audit.YammerNetworkId`*:: +*`haproxy.mode`*:: + -- +mode that the frontend is operating (TCP or HTTP) + type: keyword -- -[[exported-fields-okta]] -== Okta fields - -Module for handling system logs from Okta. - - - [float] -=== okta - -Fields from Okta. +=== connections +Contains various counts of connections active in the process. -*`okta.uuid`*:: +*`haproxy.connections.active`*:: + -- -The unique identifier of the Okta LogEvent. - +Total number of concurrent connections on the process when the session was logged. -type: keyword +type: long -- -*`okta.event_type`*:: +*`haproxy.connections.frontend`*:: + -- -The type of the LogEvent. - +Total number of concurrent connections on the frontend when the session was logged. -type: keyword +type: long -- -*`okta.version`*:: +*`haproxy.connections.backend`*:: + -- -The version of the LogEvent. - +Total number of concurrent connections handled by the backend when the session was logged. -type: keyword +type: long -- -*`okta.severity`*:: +*`haproxy.connections.server`*:: + -- -The severity of the LogEvent. Must be one of DEBUG, INFO, WARN, or ERROR. - +Total number of concurrent connections still active on the server when the session was logged. -type: keyword +type: long -- -*`okta.display_message`*:: +*`haproxy.connections.retries`*:: + -- -The display message of the LogEvent. - +Number of connection retries experienced by this session when trying to connect to the server. -type: keyword +type: long -- [float] -=== actor - -Fields that let you store information of the actor for the LogEvent. +=== client +Information about the client doing the request -*`okta.actor.id`*:: +*`haproxy.client.ip`*:: + -- -Identifier of the actor. - +type: alias -type: keyword +alias to: source.address -- -*`okta.actor.type`*:: +*`haproxy.client.port`*:: + -- -Type of the actor. - +type: alias -type: keyword +alias to: source.port -- -*`okta.actor.alternate_id`*:: +*`haproxy.process_name`*:: + -- -Alternate identifier of the actor. - +type: alias -type: keyword +alias to: process.name -- -*`okta.actor.display_name`*:: +*`haproxy.pid`*:: + -- -Display name of the actor. - +type: alias -type: keyword +alias to: process.pid -- [float] -=== client - -Fields that let you store information about the client of the actor. +=== destination +Destination information -*`okta.client.ip`*:: +*`haproxy.destination.port`*:: + -- -The IP address of the client. +type: alias +alias to: destination.port -type: ip +-- + +*`haproxy.destination.ip`*:: ++ +-- +type: alias + +alias to: destination.ip -- [float] -=== user_agent +=== geoip -Fields about the user agent information of the client. +Contains GeoIP information gathered based on the client.ip field. Only present if the GeoIP Elasticsearch plugin is available and used. -*`okta.client.user_agent.raw_user_agent`*:: +*`haproxy.geoip.continent_name`*:: + -- -The raw informaton of the user agent. - +type: alias -type: keyword +alias to: source.geo.continent_name -- -*`okta.client.user_agent.os`*:: +*`haproxy.geoip.country_iso_code`*:: + -- -The OS informaton. - +type: alias -type: keyword +alias to: source.geo.country_iso_code -- -*`okta.client.user_agent.browser`*:: +*`haproxy.geoip.location`*:: + -- -The browser informaton of the client. - +type: alias -type: keyword +alias to: source.geo.location -- -*`okta.client.zone`*:: +*`haproxy.geoip.region_name`*:: + -- -The zone information of the client. - +type: alias -type: keyword +alias to: source.geo.region_name -- -*`okta.client.device`*:: +*`haproxy.geoip.city_name`*:: + -- -The information of the client device. - +type: alias -type: keyword +alias to: source.geo.city_name -- -*`okta.client.id`*:: +*`haproxy.geoip.region_iso_code`*:: + -- -The identifier of the client. - +type: alias -type: keyword +alias to: source.geo.region_iso_code -- [float] -=== outcome +=== http -Fields that let you store information about the outcome. +Please add description +[float] +=== response -*`okta.outcome.reason`*:: +Fields related to the HTTP response + + +*`haproxy.http.response.captured_cookie`*:: + -- -The reason of the outcome. - +Optional "name=value" entry indicating that the client had this cookie in the response. -type: keyword -- -*`okta.outcome.result`*:: +*`haproxy.http.response.captured_headers`*:: + -- -The result of the outcome. Must be one of: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. +List of headers captured in the response due to the presence of the "capture response header" statement in the frontend. type: keyword -- -*`okta.target`*:: +*`haproxy.http.response.status_code`*:: + -- -The list of targets. - +type: alias -type: array +alias to: http.response.status_code -- [float] -=== transaction - -Fields that let you store information about related transaction. +=== request +Fields related to the HTTP request -*`okta.transaction.id`*:: +*`haproxy.http.request.captured_cookie`*:: + -- -Identifier of the transaction. - +Optional "name=value" entry indicating that the server has returned a cookie with its request. -type: keyword -- -*`okta.transaction.type`*:: +*`haproxy.http.request.captured_headers`*:: + -- -The type of transaction. Must be one of "WEB", "JOB". +List of headers captured in the request due to the presence of the "capture request header" statement in the frontend. type: keyword -- -[float] -=== debug_context - -Fields that let you store information about the debug context. - - - -[float] -=== debug_data - -The debug data. - - - -*`okta.debug_context.debug_data.device_fingerprint`*:: +*`haproxy.http.request.raw_request_line`*:: + -- -The fingerprint of the device. - +Complete HTTP request line, including the method, request and HTTP version string. type: keyword -- -*`okta.debug_context.debug_data.request_id`*:: +*`haproxy.http.request.time_wait_without_data_ms`*:: + -- -The identifier of the request. - +Total time in milliseconds spent waiting for the server to send a full HTTP response, not counting data. -type: keyword +type: long -- -*`okta.debug_context.debug_data.request_uri`*:: +*`haproxy.http.request.time_wait_ms`*:: + -- -The request URI. - - -type: keyword +Total time in milliseconds spent waiting for a full HTTP request from the client (not counting body) after the first byte was received. --- +type: long -*`okta.debug_context.debug_data.threat_suspected`*:: -+ -- -Threat suspected. +[float] +=== tcp -type: keyword +TCP log format --- -*`okta.debug_context.debug_data.url`*:: +*`haproxy.tcp.connection_waiting_time_ms`*:: + -- -The URL. - +Total time in milliseconds elapsed between the accept and the last close -type: keyword +type: long -- -[float] -=== authentication_context +[[exported-fields-host-processor]] +== Host fields -Fields that let you store information about authentication context. +Info collected for the host machine. -*`okta.authentication_context.authentication_provider`*:: + +*`host.containerized`*:: + -- -The information about the authentication provider. Must be one of OKTA_AUTHENTICATION_PROVIDER, ACTIVE_DIRECTORY, LDAP, FEDERATION, SOCIAL, FACTOR_PROVIDER. +If the host is a container. -type: keyword +type: boolean -- -*`okta.authentication_context.authentication_step`*:: +*`host.os.build`*:: + -- -The authentication step. +OS build information. -type: integer +type: keyword + +example: 18D109 -- -*`okta.authentication_context.credential_provider`*:: +*`host.os.codename`*:: + -- -The information about credential provider. Must be one of OKTA_CREDENTIAL_PROVIDER, RSA, SYMANTEC, GOOGLE, DUO, YUBIKEY. +OS codename, if any. type: keyword --- +example: stretch -*`okta.authentication_context.credential_type`*:: -+ -- -The information about credential type. Must be one of OTP, SMS, PASSWORD, ASSERTION, IWA, EMAIL, OAUTH2, JWT, CERTIFICATE, PRE_SHARED_SYMMETRIC_KEY, OKTA_CLIENT_SESSION, DEVICE_UDID. +[[exported-fields-ibmmq]] +== ibmmq fields -type: keyword +ibmmq Module --- -*`okta.authentication_context.issuer`*:: -+ --- -The information about the issuer. +[float] +=== ibmmq -type: array --- -*`okta.authentication_context.external_session_id`*:: -+ --- -The session identifer of the external session if any. +[float] +=== errorlog -type: keyword +IBM MQ error logs --- -*`okta.authentication_context.interface`*:: +*`ibmmq.errorlog.installation`*:: + -- -The interface used. e.g., Outlook, Office365, wsTrust +This is the installation name which can be given at installation time. +Each installation of IBM MQ on UNIX, Linux, and Windows, has a unique identifier known as an installation name. The installation name is used to associate things such as queue managers and configuration files with an installation. type: keyword -- -[float] -=== security_context - -Fields that let you store information about security context. +*`ibmmq.errorlog.qmgr`*:: ++ +-- +Name of the queue manager. Queue managers provide queuing services to applications, and manages the queues that belong to them. +type: keyword -[float] -=== as +-- -The autonomous system. +*`ibmmq.errorlog.arithinsert`*:: ++ +-- +Changing content based on error.id +type: keyword +-- -*`okta.security_context.as.number`*:: +*`ibmmq.errorlog.commentinsert`*:: + -- -The AS number. - +Changing content based on error.id -type: integer +type: keyword -- -[float] -=== organization +*`ibmmq.errorlog.errordescription`*:: ++ +-- +Please add description -The organization that owns the AS number. +type: text +example: Please add example +-- -*`okta.security_context.as.organization.name`*:: +*`ibmmq.errorlog.explanation`*:: + -- -The organization name. - +Explaines the error in more detail type: keyword -- -*`okta.security_context.isp`*:: +*`ibmmq.errorlog.action`*:: + -- -The Internet Service Provider. - +Defines what to do when the error occurs type: keyword -- -*`okta.security_context.domain`*:: +*`ibmmq.errorlog.code`*:: + -- -The domain name. - +Error code. type: keyword -- -*`okta.security_context.is_proxy`*:: -+ --- -Whether it is a proxy or not. +[[exported-fields-ibmmq]] +== ibmmq fields +ibmmq Module -type: boolean --- [float] -=== request +=== ibmmq -Fields that let you store information about the request, in the form of list of ip_chain. [float] -=== ip_chain - -List of ip_chain objects. +=== errorlog +IBM MQ error logs -*`okta.request.ip_chain.ip`*:: +*`ibmmq.errorlog.installation`*:: + -- -IP address. +This is the installation name which can be given at installation time. +Each installation of IBM MQ on UNIX, Linux, and Windows, has a unique identifier known as an installation name. The installation name is used to associate things such as queue managers and configuration files with an installation. -type: ip +type: keyword -- -*`okta.request.ip_chain.version`*:: +*`ibmmq.errorlog.qmgr`*:: + -- -IP version. Must be one of V4, V6. +Name of the queue manager. Queue managers provide queuing services to applications, and manages the queues that belong to them. type: keyword -- -*`okta.request.ip_chain.source`*:: +*`ibmmq.errorlog.arithinsert`*:: + -- -Source information. - +Changing content based on error.id type: keyword -- -[float] -=== geographical_context - -Geographical information. - - - -*`okta.request.ip_chain.geographical_context.city`*:: +*`ibmmq.errorlog.commentinsert`*:: + -- -The city. +Changing content based on error.id type: keyword -- -*`okta.request.ip_chain.geographical_context.state`*:: +*`ibmmq.errorlog.errordescription`*:: + -- -The state. +Please add description -type: keyword +type: text + +example: Please add example -- -*`okta.request.ip_chain.geographical_context.postal_code`*:: +*`ibmmq.errorlog.explanation`*:: + -- -The postal code. +Explaines the error in more detail type: keyword -- -*`okta.request.ip_chain.geographical_context.country`*:: +*`ibmmq.errorlog.action`*:: + -- -The country. +Defines what to do when the error occurs type: keyword -- -*`okta.request.ip_chain.geographical_context.geolocation`*:: +*`ibmmq.errorlog.code`*:: + -- -Geolocation information. - +Error code. -type: geo_point +type: keyword -- -[[exported-fields-osquery]] -== Osquery fields +[[exported-fields-icinga]] +== Icinga fields -Fields exported by the `osquery` module +Icinga Module [float] -=== osquery +=== icinga [float] -=== result +=== debug -Common fields exported by the result metricset. +Contains fields for the Icinga debug logs. -*`osquery.result.name`*:: +*`icinga.debug.facility`*:: + -- -The name of the query that generated this event. +Specifies what component of Icinga logged the message. type: keyword -- -*`osquery.result.action`*:: +*`icinga.debug.severity`*:: + -- -For incremental data, marks whether the entry was added or removed. It can be one of "added", "removed", or "snapshot". - +type: alias -type: keyword +alias to: log.level -- -*`osquery.result.host_identifier`*:: +*`icinga.debug.message`*:: + -- -The identifier for the host on which the osquery agent is running. Normally the hostname. - +type: alias -type: keyword +alias to: message -- -*`osquery.result.unix_time`*:: -+ --- -Unix timestamp of the event, in seconds since the epoch. Used for computing the `@timestamp` column. +[float] +=== main +Contains fields for the Icinga main logs. -type: long --- -*`osquery.result.calendar_time`*:: +*`icinga.main.facility`*:: + -- -String representation of the collection time, as formatted by osquery. +Specifies what component of Icinga logged the message. type: keyword -- -[[exported-fields-panw]] -== panw fields - -Module for Palo Alto Networks (PAN-OS) - +*`icinga.main.severity`*:: ++ +-- +type: alias +alias to: log.level -[float] -=== panw +-- -Fields from the panw module. +*`icinga.main.message`*:: ++ +-- +type: alias +alias to: message +-- [float] -=== panos +=== startup -Fields for the Palo Alto Networks PAN-OS logs. +Contains fields for the Icinga startup logs. -*`panw.panos.ruleset`*:: +*`icinga.startup.facility`*:: + -- -Name of the rule that matched this session. +Specifies what component of Icinga logged the message. type: keyword -- -[float] -=== source - -Fields to extend the top-level source object. +*`icinga.startup.severity`*:: ++ +-- +type: alias +alias to: log.level +-- -*`panw.panos.source.zone`*:: +*`icinga.startup.message`*:: + -- -Source zone for this session. - +type: alias -type: keyword +alias to: message -- -*`panw.panos.source.interface`*:: -+ --- -Source interface for this session. +[[exported-fields-iis]] +== IIS fields +Module for parsing IIS log files. -type: keyword --- [float] -=== nat +=== iis -Post-NAT source address, if source NAT is performed. +Fields from IIS log files. -*`panw.panos.source.nat.ip`*:: -+ --- -Post-NAT source IP. +[float] +=== access +Contains fields for IIS access logs. -type: ip --- -*`panw.panos.source.nat.port`*:: +*`iis.access.sub_status`*:: + -- -Post-NAT source port. +The HTTP substatus code. type: long -- -[float] -=== destination +*`iis.access.win32_status`*:: ++ +-- +The Windows status code. -Fields to extend the top-level destination object. +type: long +-- -*`panw.panos.destination.zone`*:: +*`iis.access.site_name`*:: + -- -Destination zone for this session. +The site name and instance number. type: keyword -- -*`panw.panos.destination.interface`*:: +*`iis.access.server_name`*:: + -- -Destination interface for this session. +The name of the server on which the log file entry was generated. type: keyword -- -[float] -=== nat +*`iis.access.cookie`*:: ++ +-- +The content of the cookie sent or received, if any. -Post-NAT destination address, if destination NAT is performed. +type: keyword +-- -*`panw.panos.destination.nat.ip`*:: +*`iis.access.body_received.bytes`*:: + -- -Post-NAT destination IP. - +type: alias -type: ip +alias to: http.request.body.bytes -- -*`panw.panos.destination.nat.port`*:: +*`iis.access.body_sent.bytes`*:: + -- -Post-NAT destination port. - +type: alias -type: long +alias to: http.response.body.bytes -- -[float] -=== network - -Fields to extend the top-level network object. +*`iis.access.server_ip`*:: ++ +-- +type: alias +alias to: destination.address +-- -*`panw.panos.network.pcap_id`*:: +*`iis.access.method`*:: + -- -Packet capture ID for a threat. - +type: alias -type: keyword +alias to: http.request.method -- - -*`panw.panos.network.nat.community_id`*:: +*`iis.access.url`*:: + -- -Community ID flow-hash for the NAT 5-tuple. - +type: alias -type: keyword +alias to: url.path -- -[float] -=== file - -Fields to extend the top-level file object. +*`iis.access.query_string`*:: ++ +-- +type: alias +alias to: url.query +-- -*`panw.panos.file.hash`*:: +*`iis.access.port`*:: + -- -Binary hash for a threat file sent to be analyzed by the WildFire service. - +type: alias -type: keyword +alias to: destination.port -- -[float] -=== url - -Fields to extend the top-level url object. +*`iis.access.user_name`*:: ++ +-- +type: alias +alias to: user.name +-- -*`panw.panos.url.category`*:: +*`iis.access.remote_ip`*:: + -- -For threat URLs, it's the URL category. For WildFire, the verdict on the file and is either 'malicious', 'grayware', or 'benign'. - +type: alias -type: keyword +alias to: source.address -- -*`panw.panos.flow_id`*:: +*`iis.access.referrer`*:: + -- -Internal numeric identifier for each session. - +type: alias -type: keyword +alias to: http.request.referrer -- -*`panw.panos.sequence_number`*:: +*`iis.access.response_code`*:: + -- -Log entry identifier that is incremented sequentially. Unique for each log type. - +type: alias -type: long +alias to: http.response.status_code -- -*`panw.panos.threat.resource`*:: +*`iis.access.http_version`*:: + -- -URL or file name for a threat. - +type: alias -type: keyword +alias to: http.version -- -*`panw.panos.threat.id`*:: +*`iis.access.hostname`*:: + -- -Palo Alto Networks identifier for the threat. - +type: alias -type: keyword +alias to: host.hostname -- -*`panw.panos.threat.name`*:: + +*`iis.access.user_agent.device`*:: + -- -Palo Alto Networks name for the threat. - +type: alias -type: keyword +alias to: user_agent.device.name -- -*`panw.panos.action`*:: +*`iis.access.user_agent.name`*:: + -- -Action taken for the session. +type: alias -type: keyword +alias to: user_agent.name -- -[[exported-fields-postgresql]] -== PostgreSQL fields - -Module for parsing the PostgreSQL log files. - +*`iis.access.user_agent.os`*:: ++ +-- +type: alias +alias to: user_agent.os.full_name -[float] -=== postgresql +-- -Fields from PostgreSQL logs. +*`iis.access.user_agent.os_name`*:: ++ +-- +type: alias +alias to: user_agent.os.name +-- -[float] -=== log +*`iis.access.user_agent.original`*:: ++ +-- +type: alias -Fields from the PostgreSQL log files. +alias to: user_agent.original +-- -*`postgresql.log.timestamp`*:: +*`iis.access.geoip.continent_name`*:: + -- +type: alias -deprecated:[7.3.0] - -The timestamp from the log line. - +alias to: source.geo.continent_name -- -*`postgresql.log.core_id`*:: +*`iis.access.geoip.country_iso_code`*:: + -- -Core id - +type: alias -type: long +alias to: source.geo.country_iso_code -- -*`postgresql.log.database`*:: +*`iis.access.geoip.location`*:: + -- -Name of database - +type: alias -example: mydb +alias to: source.geo.location -- -*`postgresql.log.query`*:: +*`iis.access.geoip.region_name`*:: + -- -Query statement. - +type: alias -example: SELECT * FROM users; +alias to: source.geo.region_name -- -*`postgresql.log.query_step`*:: +*`iis.access.geoip.city_name`*:: + -- -Statement step when using extended query protocol (one of statement, parse, bind or execute) - +type: alias -example: parse +alias to: source.geo.city_name -- -*`postgresql.log.query_name`*:: +*`iis.access.geoip.region_iso_code`*:: + -- -Name given to a query when using extended query protocol. If it is "", or not present, this field is ignored. - +type: alias -example: pdo_stmt_00000001 +alias to: source.geo.region_iso_code -- -*`postgresql.log.error.code`*:: +[float] +=== error + +Contains fields for IIS error logs. + + + +*`iis.error.reason_phrase`*:: + -- -Error code returned by Postgres (if any) +The HTTP reason phrase. -type: long + +type: keyword -- -*`postgresql.log.timezone`*:: +*`iis.error.queue_name`*:: + -- -type: alias +The IIS application pool name. -alias to: event.timezone + +type: keyword -- -*`postgresql.log.thread_id`*:: +*`iis.error.remote_ip`*:: + -- type: alias -alias to: process.pid +alias to: source.address -- -*`postgresql.log.user`*:: +*`iis.error.remote_port`*:: + -- type: alias -alias to: user.name +alias to: source.port -- -*`postgresql.log.level`*:: +*`iis.error.server_ip`*:: + -- type: alias -alias to: log.level +alias to: destination.address -- -*`postgresql.log.message`*:: +*`iis.error.server_port`*:: + -- type: alias -alias to: message +alias to: destination.port -- -[[exported-fields-process]] -== Process fields +*`iis.error.http_version`*:: ++ +-- +type: alias -Process metadata fields +alias to: http.version + +-- +*`iis.error.method`*:: ++ +-- +type: alias +alias to: http.request.method +-- -*`process.exe`*:: +*`iis.error.url`*:: + -- type: alias -alias to: process.executable +alias to: url.original -- -[[exported-fields-rabbitmq]] -== RabbitMQ fields +*`iis.error.response_code`*:: ++ +-- +type: alias -RabbitMQ Module +alias to: http.response.status_code +-- -[float] -=== rabbitmq +*`iis.error.geoip.continent_name`*:: ++ +-- +type: alias +alias to: source.geo.continent_name +-- +*`iis.error.geoip.country_iso_code`*:: ++ +-- +type: alias -[float] -=== log +alias to: source.geo.country_iso_code -RabbitMQ log files +-- +*`iis.error.geoip.location`*:: ++ +-- +type: alias +alias to: source.geo.location -*`rabbitmq.log.pid`*:: +-- + +*`iis.error.geoip.region_name`*:: + -- -The Erlang process id +type: alias -type: keyword +alias to: source.geo.region_name -example: <0.222.0> +-- +*`iis.error.geoip.city_name`*:: ++ -- +type: alias -[[exported-fields-redis]] -== Redis fields +alias to: source.geo.city_name -Redis Module +-- + +*`iis.error.geoip.region_iso_code`*:: ++ +-- +type: alias +alias to: source.geo.region_iso_code +-- -[float] -=== redis +[[exported-fields-iptables]] +== iptables fields +Module for handling the iptables logs. [float] -=== log +=== iptables -Redis log files +Fields from the iptables logs. -*`redis.log.role`*:: +*`iptables.ether_type`*:: + -- -The role of the Redis instance. Can be one of `master`, `slave`, `child` (for RDF/AOF writing child), or `sentinel`. +Value of the ethernet type field identifying the network layer protocol. -type: keyword +type: long -- -*`redis.log.pid`*:: +*`iptables.flow_label`*:: + -- -type: alias +IPv6 flow label. -alias to: process.pid + +type: integer -- -*`redis.log.level`*:: +*`iptables.fragment_flags`*:: + -- -type: alias +IP fragment flags. A combination of CE, DF and MF. -alias to: log.level + +type: keyword -- -*`redis.log.message`*:: +*`iptables.fragment_offset`*:: + -- -type: alias +Offset of the current IP fragment. -alias to: message + +type: long -- [float] -=== slowlog +=== icmp -Slow logs are retrieved from Redis via a network connection. +ICMP fields. -*`redis.slowlog.cmd`*:: +*`iptables.icmp.code`*:: + -- -The command executed. +ICMP code. -type: keyword +type: long -- -*`redis.slowlog.duration.us`*:: +*`iptables.icmp.id`*:: + -- -How long it took to execute the command in microseconds. +ICMP ID. type: long -- -*`redis.slowlog.id`*:: +*`iptables.icmp.parameter`*:: + -- -The ID of the query. +ICMP parameter. type: long -- -*`redis.slowlog.key`*:: +*`iptables.icmp.redirect`*:: + -- -The key on which the command was executed. +ICMP redirect address. -type: keyword +type: ip -- -*`redis.slowlog.args`*:: +*`iptables.icmp.seq`*:: + -- -The arguments with which the command was called. +ICMP sequence number. -type: keyword +type: long -- -[[exported-fields-s3]] -== s3 fields - -S3 fields from s3 input. - - - -*`bucket_name`*:: +*`iptables.icmp.type`*:: + -- -Name of the S3 bucket that this log retrieved from. +ICMP type. -type: keyword +type: long -- -*`object_key`*:: +*`iptables.id`*:: + -- -Name of the S3 object that this log retrieved from. +Packet identifier. -type: keyword +type: long -- -[[exported-fields-santa]] -== Google Santa fields +*`iptables.incomplete_bytes`*:: ++ +-- +Number of incomplete bytes. -Santa Module +type: long +-- -[float] -=== santa +*`iptables.input_device`*:: ++ +-- +Device that received the packet. +type: keyword +-- -*`santa.action`*:: +*`iptables.precedence_bits`*:: + -- -Action +IP precedence bits. -type: keyword -example: EXEC +type: short -- -*`santa.decision`*:: +*`iptables.tos`*:: + -- -Decision that santad took. +IP Type of Service field. -type: keyword -example: ALLOW +type: long -- -*`santa.reason`*:: +*`iptables.length`*:: + -- -Reason for the decsision. +Packet length. -type: keyword -example: CERT +type: long -- -*`santa.mode`*:: +*`iptables.output_device`*:: + -- -Operating mode of Santa. +Device that output the packet. -type: keyword -example: M +type: keyword -- [float] -=== disk - -Fields for DISKAPPEAR actions. +=== tcp +TCP fields. -*`santa.disk.volume`*:: -+ --- -The volume name. --- -*`santa.disk.bus`*:: +*`iptables.tcp.flags`*:: + -- -The disk bus protocol. +TCP flags. --- -*`santa.disk.serial`*:: -+ --- -The disk serial number. +type: keyword -- -*`santa.disk.bsdname`*:: +*`iptables.tcp.reserved_bits`*:: + -- -The disk BSD name. +TCP reserved bits. -example: disk1s3 + +type: short -- -*`santa.disk.model`*:: +*`iptables.tcp.seq`*:: + -- -The disk model. +TCP sequence number. -example: APPLE SSD SM0512L + +type: long -- -*`santa.disk.fs`*:: +*`iptables.tcp.ack`*:: + -- -The disk volume kind (filesystem type). - -example: apfs +TCP Acknowledgment number. --- -*`santa.disk.mount`*:: -+ --- -The disk volume path. +type: long -- -*`santa.certificate.common_name`*:: +*`iptables.tcp.window`*:: + -- -Common name from code signing certificate. +Advertised TCP window size. -type: keyword + +type: long -- -*`santa.certificate.sha256`*:: +*`iptables.ttl`*:: + -- -SHA256 hash of code signing certificate. +Time To Live field. -type: keyword + +type: integer -- -[[exported-fields-suricata]] -== Suricata fields +[float] +=== udp -Module for handling the EVE JSON logs produced by Suricata. +UDP fields. -[float] -=== suricata +*`iptables.udp.length`*:: ++ +-- +Length of the UDP header and payload. -Fields from the Suricata EVE log file. +type: long +-- [float] -=== eve +=== ubiquiti -Fields exported by the EVE JSON logs +Fields for Ubiquiti network devices. -*`suricata.eve.event_type`*:: +*`iptables.ubiquiti.input_zone`*:: + -- -type: keyword +Input zone. --- -*`suricata.eve.app_proto_orig`*:: -+ --- type: keyword -- - -*`suricata.eve.tcp.tcp_flags`*:: +*`iptables.ubiquiti.output_zone`*:: + -- +Output zone. + + type: keyword -- -*`suricata.eve.tcp.psh`*:: +*`iptables.ubiquiti.rule_number`*:: + -- -type: boolean +The rule number within the rule set. + +type: keyword -- -*`suricata.eve.tcp.tcp_flags_tc`*:: +*`iptables.ubiquiti.rule_set`*:: + -- +The rule set name. + type: keyword -- -*`suricata.eve.tcp.ack`*:: -+ --- -type: boolean +[[exported-fields-iptables]] +== iptables fields --- +Module for handling the iptables logs. -*`suricata.eve.tcp.syn`*:: + + +[float] +=== iptables + +Fields from the iptables logs. + + + +*`iptables.ether_type`*:: + -- -type: boolean +Value of the ethernet type field identifying the network layer protocol. + + +type: long -- -*`suricata.eve.tcp.state`*:: +*`iptables.flow_label`*:: + -- -type: keyword +IPv6 flow label. + + +type: integer -- -*`suricata.eve.tcp.tcp_flags_ts`*:: +*`iptables.fragment_flags`*:: + -- +IP fragment flags. A combination of CE, DF and MF. + + type: keyword -- -*`suricata.eve.tcp.rst`*:: +*`iptables.fragment_offset`*:: + -- -type: boolean +Offset of the current IP fragment. --- -*`suricata.eve.tcp.fin`*:: -+ --- -type: boolean +type: long -- +[float] +=== icmp -*`suricata.eve.fileinfo.sha1`*:: -+ --- -type: keyword +ICMP fields. --- -*`suricata.eve.fileinfo.filename`*:: + +*`iptables.icmp.code`*:: + -- -type: alias +ICMP code. -alias to: file.path + +type: long -- -*`suricata.eve.fileinfo.tx_id`*:: +*`iptables.icmp.id`*:: + -- +ICMP ID. + + type: long -- -*`suricata.eve.fileinfo.state`*:: +*`iptables.icmp.parameter`*:: + -- -type: keyword +ICMP parameter. --- -*`suricata.eve.fileinfo.stored`*:: -+ --- -type: boolean +type: long -- -*`suricata.eve.fileinfo.gaps`*:: +*`iptables.icmp.redirect`*:: + -- -type: boolean +ICMP redirect address. --- -*`suricata.eve.fileinfo.sha256`*:: -+ --- -type: keyword +type: ip -- -*`suricata.eve.fileinfo.md5`*:: +*`iptables.icmp.seq`*:: + -- -type: keyword +ICMP sequence number. + + +type: long -- -*`suricata.eve.fileinfo.size`*:: +*`iptables.icmp.type`*:: + -- -type: alias +ICMP type. -alias to: file.size + +type: long -- -*`suricata.eve.icmp_type`*:: +*`iptables.id`*:: + -- +Packet identifier. + + type: long -- -*`suricata.eve.dest_port`*:: +*`iptables.incomplete_bytes`*:: + -- -type: alias +Number of incomplete bytes. -alias to: destination.port + +type: long -- -*`suricata.eve.src_port`*:: +*`iptables.input_device`*:: + -- -type: alias +Device that received the packet. -alias to: source.port + +type: keyword -- -*`suricata.eve.proto`*:: +*`iptables.precedence_bits`*:: + -- -type: alias +IP precedence bits. -alias to: network.transport + +type: short -- -*`suricata.eve.pcap_cnt`*:: +*`iptables.tos`*:: + -- +IP Type of Service field. + + type: long -- -*`suricata.eve.src_ip`*:: +*`iptables.length`*:: + -- -type: alias +Packet length. -alias to: source.ip --- +type: long +-- -*`suricata.eve.dns.type`*:: +*`iptables.output_device`*:: + -- -type: keyword +Device that output the packet. --- -*`suricata.eve.dns.rrtype`*:: -+ --- type: keyword -- -*`suricata.eve.dns.rrname`*:: -+ --- -type: keyword +[float] +=== tcp --- +TCP fields. -*`suricata.eve.dns.rdata`*:: + + +*`iptables.tcp.flags`*:: + -- +TCP flags. + + type: keyword -- -*`suricata.eve.dns.tx_id`*:: +*`iptables.tcp.reserved_bits`*:: + -- -type: long +TCP reserved bits. + + +type: short -- -*`suricata.eve.dns.ttl`*:: +*`iptables.tcp.seq`*:: + -- +TCP sequence number. + + type: long -- -*`suricata.eve.dns.rcode`*:: +*`iptables.tcp.ack`*:: + -- -type: keyword +TCP Acknowledgment number. --- -*`suricata.eve.dns.id`*:: -+ --- type: long -- -*`suricata.eve.flow_id`*:: +*`iptables.tcp.window`*:: + -- -type: keyword - --- +Advertised TCP window size. -*`suricata.eve.email.status`*:: -+ --- -type: keyword +type: long -- -*`suricata.eve.dest_ip`*:: +*`iptables.ttl`*:: + -- -type: alias +Time To Live field. -alias to: destination.ip + +type: integer -- -*`suricata.eve.icmp_code`*:: +[float] +=== udp + +UDP fields. + + + +*`iptables.udp.length`*:: + -- +Length of the UDP header and payload. + + type: long -- +[float] +=== ubiquiti -*`suricata.eve.http.status`*:: -+ --- -type: alias +Fields for Ubiquiti network devices. -alias to: http.response.status_code --- -*`suricata.eve.http.redirect`*:: +*`iptables.ubiquiti.input_zone`*:: + -- +Input zone. + + type: keyword -- -*`suricata.eve.http.http_user_agent`*:: +*`iptables.ubiquiti.output_zone`*:: + -- -type: alias +Output zone. -alias to: user_agent.original + +type: keyword -- -*`suricata.eve.http.protocol`*:: +*`iptables.ubiquiti.rule_number`*:: + -- +The rule number within the rule set. + type: keyword -- -*`suricata.eve.http.http_refer`*:: +*`iptables.ubiquiti.rule_set`*:: + -- -type: alias +The rule set name. -alias to: http.request.referrer +type: keyword -- -*`suricata.eve.http.url`*:: -+ --- -type: alias +[[exported-fields-jolokia-autodiscover]] +== Jolokia Discovery autodiscover provider fields -alias to: url.original +Metadata from Jolokia Discovery added by the jolokia provider. --- -*`suricata.eve.http.hostname`*:: + +*`jolokia.agent.version`*:: + -- -type: alias +Version number of jolokia agent. -alias to: url.domain + +type: keyword -- -*`suricata.eve.http.length`*:: +*`jolokia.agent.id`*:: + -- -type: alias +Each agent has a unique id which can be either provided during startup of the agent in form of a configuration parameter or being autodetected. If autodected, the id has several parts: The IP, the process id, hashcode of the agent and its type. -alias to: http.response.body.bytes + +type: keyword -- -*`suricata.eve.http.http_method`*:: +*`jolokia.server.product`*:: + -- -type: alias +The container product if detected. -alias to: http.request.method + +type: keyword -- -*`suricata.eve.http.http_content_type`*:: +*`jolokia.server.version`*:: + -- +The container's version (if detected). + + type: keyword -- -*`suricata.eve.timestamp`*:: +*`jolokia.server.vendor`*:: + -- -type: alias +The vendor of the container the agent is running in. -alias to: @timestamp + +type: keyword -- -*`suricata.eve.in_iface`*:: +*`jolokia.url`*:: + -- +The URL how this agent can be contacted. + + type: keyword -- - -*`suricata.eve.alert.category`*:: +*`jolokia.secured`*:: + -- -type: keyword +Whether the agent was configured for authentication or not. + + +type: boolean -- -*`suricata.eve.alert.severity`*:: +[[exported-fields-kafka]] +== Kafka fields + +Kafka module + + + +[float] +=== kafka + + + + +[float] +=== log + +Kafka log lines. + + + +*`kafka.log.level`*:: + -- type: alias -alias to: event.severity +alias to: log.level -- -*`suricata.eve.alert.rev`*:: +*`kafka.log.message`*:: + -- -type: long +type: alias + +alias to: message -- -*`suricata.eve.alert.gid`*:: +*`kafka.log.component`*:: + -- -type: long +Component the log is coming from. --- -*`suricata.eve.alert.signature`*:: -+ --- type: keyword -- -*`suricata.eve.alert.action`*:: +*`kafka.log.class`*:: + -- -type: alias +Java class the log is coming from. -alias to: event.outcome --- +type: keyword -*`suricata.eve.alert.signature_id`*:: -+ -- -type: long --- +[float] +=== trace +Trace in the log line. -*`suricata.eve.ssh.client.proto_version`*:: + +*`kafka.log.trace.class`*:: + -- +Java class the trace is coming from. + + type: keyword -- -*`suricata.eve.ssh.client.software_version`*:: +*`kafka.log.trace.message`*:: + -- -type: keyword +Message part of the trace. + + +type: text -- +[[exported-fields-kibana]] +== kibana fields -*`suricata.eve.ssh.server.proto_version`*:: +kibana Module + + + +[float] +=== kibana + + + + +[float] +=== log + +Kafka log lines. + + + +*`kibana.log.tags`*:: + -- +Kibana logging tags. + + type: keyword -- -*`suricata.eve.ssh.server.software_version`*:: +*`kibana.log.state`*:: + -- -type: keyword +Current state of Kibana. --- +type: keyword +-- -*`suricata.eve.stats.capture.kernel_packets`*:: +*`kibana.log.meta`*:: + -- -type: long +type: object -- -*`suricata.eve.stats.capture.kernel_drops`*:: +*`kibana.log.kibana.log.meta.req.headers.referer`*:: + -- -type: long +type: alias + +alias to: http.request.referrer -- -*`suricata.eve.stats.capture.kernel_ifdrops`*:: +*`kibana.log.kibana.log.meta.req.referer`*:: + -- -type: long +type: alias + +alias to: http.request.referrer -- -*`suricata.eve.stats.uptime`*:: +*`kibana.log.kibana.log.meta.req.headers.user-agent`*:: + -- -type: long +type: alias --- +alias to: user_agent.original +-- -*`suricata.eve.stats.detect.alert`*:: +*`kibana.log.kibana.log.meta.req.remoteAddress`*:: + -- -type: long +type: alias --- +alias to: source.address +-- -*`suricata.eve.stats.http.memcap`*:: +*`kibana.log.kibana.log.meta.req.url`*:: + -- -type: long +type: alias + +alias to: url.original -- -*`suricata.eve.stats.http.memuse`*:: +*`kibana.log.kibana.log.meta.statusCode`*:: + -- -type: long +type: alias --- +alias to: http.response.status_code +-- -*`suricata.eve.stats.file_store.open_files`*:: +*`kibana.log.kibana.log.meta.method`*:: + -- -type: long +type: alias + +alias to: http.request.method -- +[[exported-fields-kubernetes-processor]] +== Kubernetes fields -*`suricata.eve.stats.defrag.max_frag_hits`*:: -+ --- -type: long +Kubernetes metadata added by the kubernetes processor --- -*`suricata.eve.stats.defrag.ipv4.timeouts`*:: + +*`kubernetes.pod.name`*:: + -- -type: long +Kubernetes pod name --- -*`suricata.eve.stats.defrag.ipv4.fragments`*:: -+ --- -type: long +type: keyword -- -*`suricata.eve.stats.defrag.ipv4.reassembled`*:: +*`kubernetes.pod.uid`*:: + -- -type: long - --- +Kubernetes Pod UID -*`suricata.eve.stats.defrag.ipv6.timeouts`*:: -+ --- -type: long +type: keyword -- -*`suricata.eve.stats.defrag.ipv6.fragments`*:: +*`kubernetes.namespace`*:: + -- -type: long +Kubernetes namespace --- -*`suricata.eve.stats.defrag.ipv6.reassembled`*:: -+ --- -type: long +type: keyword -- - -*`suricata.eve.stats.flow.tcp_reuse`*:: +*`kubernetes.node.name`*:: + -- -type: long +Kubernetes node name + + +type: keyword -- -*`suricata.eve.stats.flow.udp`*:: +*`kubernetes.labels.*`*:: + -- -type: long +Kubernetes labels map + + +type: object -- -*`suricata.eve.stats.flow.memcap`*:: +*`kubernetes.annotations.*`*:: + -- -type: long +Kubernetes annotations map + + +type: object -- -*`suricata.eve.stats.flow.emerg_mode_entered`*:: +*`kubernetes.replicaset.name`*:: + -- -type: long +Kubernetes replicaset name + + +type: keyword -- -*`suricata.eve.stats.flow.emerg_mode_over`*:: +*`kubernetes.deployment.name`*:: + -- -type: long +Kubernetes deployment name + + +type: keyword -- -*`suricata.eve.stats.flow.tcp`*:: +*`kubernetes.statefulset.name`*:: + -- -type: long +Kubernetes statefulset name + + +type: keyword -- -*`suricata.eve.stats.flow.icmpv6`*:: +*`kubernetes.container.name`*:: + -- -type: long +Kubernetes container name + + +type: keyword -- -*`suricata.eve.stats.flow.icmpv4`*:: +*`kubernetes.container.image`*:: + -- -type: long +Kubernetes container image + + +type: keyword -- -*`suricata.eve.stats.flow.spare`*:: +[[exported-fields-log]] +== Log file content fields + +Contains log file lines. + + + +*`log.file.path`*:: + -- -type: long +The file from which the line was read. This field contains the absolute path to the file. For example: `/var/log/system.log`. + + +type: keyword + +required: False -- -*`suricata.eve.stats.flow.memuse`*:: +*`log.source.address`*:: + -- -type: long +Source address from which the log event was read / sent from. --- +type: keyword -*`suricata.eve.stats.tcp.pseudo_failed`*:: -+ --- -type: long +required: False -- -*`suricata.eve.stats.tcp.ssn_memcap_drop`*:: +*`log.offset`*:: + -- +The file offset the reported line starts at. + + type: long +required: False + -- -*`suricata.eve.stats.tcp.insert_data_overlap_fail`*:: +*`stream`*:: + -- -type: long +Log stream when reading container logs, can be 'stdout' or 'stderr' + + +type: keyword + +required: False -- -*`suricata.eve.stats.tcp.sessions`*:: +*`input.type`*:: + -- -type: long +The input type from which the event was generated. This field is set to the value specified for the `type` option in the input section of the Filebeat config file. + + +required: True -- -*`suricata.eve.stats.tcp.pseudo`*:: +*`syslog.facility`*:: + -- +The facility extracted from the priority. + + type: long +required: False + -- -*`suricata.eve.stats.tcp.synack`*:: +*`syslog.priority`*:: + -- +The priority of the syslog event. + + type: long +required: False + -- -*`suricata.eve.stats.tcp.insert_data_normal_fail`*:: +*`syslog.severity_label`*:: + -- -type: long +The human readable severity. + + +type: keyword + +required: False -- -*`suricata.eve.stats.tcp.syn`*:: +*`syslog.facility_label`*:: + -- -type: long +The human readable facility. + + +type: keyword + +required: False -- -*`suricata.eve.stats.tcp.memuse`*:: +*`process.program`*:: + -- -type: long +The name of the program. + + +type: keyword + +required: False -- -*`suricata.eve.stats.tcp.invalid_checksum`*:: +*`log.flags`*:: + -- -type: long +This field contains the flags of the event. + -- -*`suricata.eve.stats.tcp.segment_memcap_drop`*:: +*`http.response.content_length`*:: + -- -type: long +type: alias + +alias to: http.response.body.bytes -- -*`suricata.eve.stats.tcp.overlap`*:: + + +*`user_agent.os.full_name`*:: + -- -type: long +type: keyword -- -*`suricata.eve.stats.tcp.insert_list_fail`*:: +*`fileset.name`*:: + -- -type: long +The Filebeat fileset that generated this event. + + +type: keyword -- -*`suricata.eve.stats.tcp.rst`*:: +*`fileset.module`*:: + -- -type: long +type: alias + +alias to: event.module -- -*`suricata.eve.stats.tcp.stream_depth_reached`*:: +*`read_timestamp`*:: + -- -type: long +type: alias + +alias to: event.created -- -*`suricata.eve.stats.tcp.reassembly_memuse`*:: +*`docker.attrs`*:: + -- -type: long +docker.attrs contains labels and environment variables written by docker's JSON File logging driver. These fields are only available when they are configured in the logging driver options. + + +type: object -- -*`suricata.eve.stats.tcp.reassembly_gap`*:: +*`icmp.code`*:: + -- -type: long +ICMP code. + + +type: keyword -- -*`suricata.eve.stats.tcp.overlap_diff_data`*:: +*`icmp.type`*:: + -- -type: long +ICMP type. + + +type: keyword -- -*`suricata.eve.stats.tcp.no_flow`*:: +*`igmp.type`*:: + -- -type: long +IGMP type. + + +type: keyword -- -*`suricata.eve.stats.decoder.avg_pkt_size`*:: +*`azure.eventhub`*:: + -- -type: long +Name of the eventhub. + + +type: keyword -- -*`suricata.eve.stats.decoder.bytes`*:: +*`azure.offset`*:: + -- +The offset. + + type: long -- -*`suricata.eve.stats.decoder.tcp`*:: +*`azure.enqueued_time`*:: + -- -type: long +The enqueued time. --- -*`suricata.eve.stats.decoder.raw`*:: -+ --- -type: long +type: date -- -*`suricata.eve.stats.decoder.ppp`*:: +*`azure.partition_id`*:: + -- +The partition id. + + type: long -- -*`suricata.eve.stats.decoder.vlan_qinq`*:: +*`azure.consumer_group`*:: + -- -type: long +The consumer group. + + +type: keyword -- -*`suricata.eve.stats.decoder.null`*:: +*`azure.sequence_number`*:: + -- +The sequence number. + + type: long -- -*`suricata.eve.stats.decoder.ltnull.unsupported_type`*:: +*`kafka.topic`*:: + -- -type: long +Kafka topic --- -*`suricata.eve.stats.decoder.ltnull.pkt_too_small`*:: -+ --- -type: long +type: keyword -- -*`suricata.eve.stats.decoder.invalid`*:: +*`kafka.partition`*:: + -- -type: long +Kafka partition number --- -*`suricata.eve.stats.decoder.gre`*:: -+ --- type: long -- -*`suricata.eve.stats.decoder.ipv4`*:: +*`kafka.offset`*:: + -- -type: long +Kafka offset of this message --- -*`suricata.eve.stats.decoder.ipv6`*:: -+ --- type: long -- -*`suricata.eve.stats.decoder.pkts`*:: +*`kafka.key`*:: + -- -type: long +Kafka key, corresponding to the Kafka value stored in the message --- -*`suricata.eve.stats.decoder.ipv6_in_ipv6`*:: -+ --- -type: long +type: keyword -- - -*`suricata.eve.stats.decoder.ipraw.invalid_ip_version`*:: +*`kafka.block_timestamp`*:: + -- -type: long +Kafka outer (compressed) block timestamp --- -*`suricata.eve.stats.decoder.pppoe`*:: -+ --- -type: long +type: date -- -*`suricata.eve.stats.decoder.udp`*:: +*`kafka.headers`*:: + -- -type: long +An array of Kafka header strings for this message, in the form ": ". --- +type: array -*`suricata.eve.stats.decoder.dce.pkt_too_small`*:: -+ -- -type: long --- +[[exported-fields-logstash]] +== logstash fields -*`suricata.eve.stats.decoder.vlan`*:: -+ --- -type: long +logstash Module --- -*`suricata.eve.stats.decoder.sctp`*:: -+ --- -type: long --- +[float] +=== logstash -*`suricata.eve.stats.decoder.max_pkt_size`*:: -+ --- -type: long --- -*`suricata.eve.stats.decoder.teredo`*:: -+ --- -type: long --- +[float] +=== log -*`suricata.eve.stats.decoder.mpls`*:: -+ --- -type: long +Fields from the Logstash logs. --- -*`suricata.eve.stats.decoder.sll`*:: + +*`logstash.log.module`*:: + -- -type: long +The module or class where the event originate. --- -*`suricata.eve.stats.decoder.icmpv6`*:: -+ --- -type: long +type: keyword -- -*`suricata.eve.stats.decoder.icmpv4`*:: +*`logstash.log.thread`*:: + -- -type: long +Information about the running thread where the log originate. --- -*`suricata.eve.stats.decoder.erspan`*:: -+ --- -type: long +type: keyword -- -*`suricata.eve.stats.decoder.ethernet`*:: +*`logstash.log.thread.text`*:: + -- -type: long +type: text -- -*`suricata.eve.stats.decoder.ipv4_in_ipv6`*:: +*`logstash.log.log_event`*:: + -- -type: long +key and value debugging information. + + +type: object -- -*`suricata.eve.stats.decoder.ieee8021ah`*:: +*`logstash.log.pipeline_id`*:: + -- -type: long +The ID of the pipeline. --- +type: keyword -*`suricata.eve.stats.dns.memcap_global`*:: -+ --- -type: long +example: main -- -*`suricata.eve.stats.dns.memcap_state`*:: +*`logstash.log.message`*:: + -- -type: long +type: alias + +alias to: message -- -*`suricata.eve.stats.dns.memuse`*:: +*`logstash.log.level`*:: + -- -type: long +type: alias + +alias to: log.level -- +[float] +=== slowlog -*`suricata.eve.stats.flow_mgr.rows_busy`*:: -+ --- -type: long +slowlog --- -*`suricata.eve.stats.flow_mgr.flows_timeout`*:: + +*`logstash.slowlog.module`*:: + -- -type: long +The module or class where the event originate. + + +type: keyword -- -*`suricata.eve.stats.flow_mgr.flows_notimeout`*:: +*`logstash.slowlog.thread`*:: + -- -type: long +Information about the running thread where the log originate. + + +type: keyword -- -*`suricata.eve.stats.flow_mgr.rows_skipped`*:: +*`logstash.slowlog.thread.text`*:: + -- -type: long +type: text -- -*`suricata.eve.stats.flow_mgr.closed_pruned`*:: +*`logstash.slowlog.event`*:: + -- -type: long +Raw dump of the original event + + +type: keyword -- -*`suricata.eve.stats.flow_mgr.new_pruned`*:: +*`logstash.slowlog.event.text`*:: + -- -type: long +type: text -- -*`suricata.eve.stats.flow_mgr.flows_removed`*:: +*`logstash.slowlog.plugin_name`*:: + -- -type: long +Name of the plugin + + +type: keyword -- -*`suricata.eve.stats.flow_mgr.bypassed_pruned`*:: +*`logstash.slowlog.plugin_type`*:: + -- -type: long +Type of the plugin: Inputs, Filters, Outputs or Codecs. + + +type: keyword -- -*`suricata.eve.stats.flow_mgr.est_pruned`*:: +*`logstash.slowlog.took_in_millis`*:: + -- +Execution time for the plugin in milliseconds. + + type: long -- -*`suricata.eve.stats.flow_mgr.flows_timeout_inuse`*:: +*`logstash.slowlog.plugin_params`*:: + -- -type: long +String value of the plugin configuration + + +type: keyword -- -*`suricata.eve.stats.flow_mgr.flows_checked`*:: +*`logstash.slowlog.plugin_params.text`*:: + -- -type: long +type: text -- -*`suricata.eve.stats.flow_mgr.rows_maxlen`*:: +*`logstash.slowlog.plugin_params_object`*:: + -- -type: long +key -> value of the configuration used by the plugin. + + +type: object -- -*`suricata.eve.stats.flow_mgr.rows_checked`*:: +*`logstash.slowlog.level`*:: + -- -type: long +type: alias + +alias to: log.level -- -*`suricata.eve.stats.flow_mgr.rows_empty`*:: +*`logstash.slowlog.took_in_nanos`*:: + -- -type: long +type: alias + +alias to: event.duration -- +[[exported-fields-misp]] +== MISP fields +Module for handling threat information from MISP. -*`suricata.eve.stats.app_layer.flow.tls`*:: -+ --- -type: long --- -*`suricata.eve.stats.app_layer.flow.ftp`*:: -+ --- -type: long +[float] +=== misp --- +Fields from MISP threat information. -*`suricata.eve.stats.app_layer.flow.http`*:: -+ --- -type: long --- -*`suricata.eve.stats.app_layer.flow.failed_udp`*:: -+ --- -type: long +[float] +=== attack_pattern --- +Fields provide support for specifying information about attack patterns. -*`suricata.eve.stats.app_layer.flow.dns_udp`*:: -+ --- -type: long --- -*`suricata.eve.stats.app_layer.flow.dns_tcp`*:: +*`misp.attack_pattern.id`*:: + -- -type: long +Identifier of the threat indicator. --- -*`suricata.eve.stats.app_layer.flow.smtp`*:: -+ --- -type: long +type: keyword -- -*`suricata.eve.stats.app_layer.flow.failed_tcp`*:: +*`misp.attack_pattern.name`*:: + -- -type: long +Name of the attack pattern. --- -*`suricata.eve.stats.app_layer.flow.msn`*:: -+ --- -type: long +type: keyword -- -*`suricata.eve.stats.app_layer.flow.ssh`*:: +*`misp.attack_pattern.description`*:: + -- -type: long +Description of the attack pattern. --- -*`suricata.eve.stats.app_layer.flow.imap`*:: -+ --- -type: long +type: text -- -*`suricata.eve.stats.app_layer.flow.dcerpc_udp`*:: +*`misp.attack_pattern.kill_chain_phases`*:: + -- -type: long +The kill chain phase(s) to which this attack pattern corresponds. --- -*`suricata.eve.stats.app_layer.flow.dcerpc_tcp`*:: -+ --- -type: long +type: keyword -- -*`suricata.eve.stats.app_layer.flow.smb`*:: -+ --- -type: long +[float] +=== campaign --- +Fields provide support for specifying information about campaigns. -*`suricata.eve.stats.app_layer.tx.tls`*:: + +*`misp.campaign.id`*:: + -- -type: long +Identifier of the campaign. --- -*`suricata.eve.stats.app_layer.tx.ftp`*:: -+ --- -type: long +type: keyword -- -*`suricata.eve.stats.app_layer.tx.http`*:: +*`misp.campaign.name`*:: + -- -type: long +Name of the campaign. --- -*`suricata.eve.stats.app_layer.tx.dns_udp`*:: -+ --- -type: long +type: keyword -- -*`suricata.eve.stats.app_layer.tx.dns_tcp`*:: +*`misp.campaign.description`*:: + -- -type: long +Description of the campaign. --- -*`suricata.eve.stats.app_layer.tx.smtp`*:: -+ --- -type: long +type: text -- -*`suricata.eve.stats.app_layer.tx.ssh`*:: +*`misp.campaign.aliases`*:: + -- -type: long +Alternative names used to identify this campaign. --- -*`suricata.eve.stats.app_layer.tx.dcerpc_udp`*:: -+ --- -type: long +type: text -- -*`suricata.eve.stats.app_layer.tx.dcerpc_tcp`*:: +*`misp.campaign.first_seen`*:: + -- -type: long +The time that this Campaign was first seen, in RFC3339 format. --- -*`suricata.eve.stats.app_layer.tx.smb`*:: -+ --- -type: long +type: date -- - -*`suricata.eve.tls.notbefore`*:: +*`misp.campaign.last_seen`*:: + -- +The time that this Campaign was last seen, in RFC3339 format. + + type: date -- -*`suricata.eve.tls.issuerdn`*:: +*`misp.campaign.objective`*:: + -- +This field defines the Campaign's primary goal, objective, desired outcome, or intended effect. + + type: keyword -- -*`suricata.eve.tls.sni`*:: +[float] +=== course_of_action + +A Course of Action is an action taken either to prevent an attack or to respond to an attack that is in progress. + + + +*`misp.course_of_action.id`*:: + -- +Identifier of the Course of Action. + + type: keyword -- -*`suricata.eve.tls.version`*:: +*`misp.course_of_action.name`*:: + -- +The name used to identify the Course of Action. + + type: keyword -- -*`suricata.eve.tls.session_resumed`*:: +*`misp.course_of_action.description`*:: + -- -type: boolean +Description of the Course of Action. + + +type: text -- -*`suricata.eve.tls.fingerprint`*:: +[float] +=== identity + +Identity can represent actual individuals, organizations, or groups, as well as classes of individuals, organizations, or groups. + + + +*`misp.identity.id`*:: + -- +Identifier of the Identity. + + type: keyword -- -*`suricata.eve.tls.serial`*:: +*`misp.identity.name`*:: + -- +The name used to identify the Identity. + + type: keyword -- -*`suricata.eve.tls.notafter`*:: +*`misp.identity.description`*:: + -- -type: date +Description of the Identity. + + +type: text -- -*`suricata.eve.tls.subject`*:: +*`misp.identity.identity_class`*:: + -- +The type of entity that this Identity describes, e.g., an individual or organization. Open Vocab - identity-class-ov + + type: keyword -- -*`suricata.eve.app_proto_ts`*:: +*`misp.identity.labels`*:: + -- -type: keyword +The list of roles that this Identity performs. --- +type: keyword -*`suricata.eve.flow.bytes_toclient`*:: -+ --- -type: alias +example: CEO -alias to: destination.bytes -- -*`suricata.eve.flow.start`*:: +*`misp.identity.sectors`*:: + -- -type: alias +The list of sectors that this Identity belongs to. Open Vocab - industry-sector-ov -alias to: event.start + +type: keyword -- -*`suricata.eve.flow.pkts_toclient`*:: +*`misp.identity.contact_information`*:: + -- -type: alias +The contact information (e-mail, phone number, etc.) for this Identity. -alias to: destination.packets --- +type: text -*`suricata.eve.flow.age`*:: -+ -- -type: long --- +[float] +=== intrusion_set -*`suricata.eve.flow.state`*:: -+ --- -type: keyword +An Intrusion Set is a grouped set of adversary behavior and resources with common properties that is believed to be orchestrated by a single organization. --- -*`suricata.eve.flow.bytes_toserver`*:: + +*`misp.intrusion_set.id`*:: + -- -type: alias +Identifier of the Intrusion Set. -alias to: source.bytes + +type: keyword -- -*`suricata.eve.flow.reason`*:: +*`misp.intrusion_set.name`*:: + -- +The name used to identify the Intrusion Set. + + type: keyword -- -*`suricata.eve.flow.pkts_toserver`*:: +*`misp.intrusion_set.description`*:: + -- -type: alias +Description of the Intrusion Set. -alias to: source.packets + +type: text -- -*`suricata.eve.flow.end`*:: +*`misp.intrusion_set.aliases`*:: + -- +Alternative names used to identify the Intrusion Set. + + +type: text + +-- + +*`misp.intrusion_set.first_seen`*:: ++ +-- +The time that this Intrusion Set was first seen, in RFC3339 format. + + type: date -- -*`suricata.eve.flow.alerted`*:: +*`misp.intrusion_set.last_seen`*:: ++ +-- +The time that this Intrusion Set was last seen, in RFC3339 format. + + +type: date + +-- + +*`misp.intrusion_set.goals`*:: ++ +-- +The high level goals of this Intrusion Set, namely, what are they trying to do. + + +type: text + +-- + +*`misp.intrusion_set.resource_level`*:: ++ +-- +This defines the organizational level at which this Intrusion Set typically works. Open Vocab - attack-resource-level-ov + + +type: text + +-- + +*`misp.intrusion_set.primary_motivation`*:: ++ +-- +The primary reason, motivation, or purpose behind this Intrusion Set. Open Vocab - attack-motivation-ov + + +type: text + +-- + +*`misp.intrusion_set.secondary_motivations`*:: ++ +-- +The secondary reasons, motivations, or purposes behind this Intrusion Set. Open Vocab - attack-motivation-ov + + +type: text + +-- + +[float] +=== malware + +Malware is a type of TTP that is also known as malicious code and malicious software, refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system (OS) or of otherwise annoying or disrupting the victim. + + + +*`misp.malware.id`*:: ++ +-- +Identifier of the Malware. + + +type: keyword + +-- + +*`misp.malware.name`*:: ++ +-- +The name used to identify the Malware. + + +type: keyword + +-- + +*`misp.malware.description`*:: ++ +-- +Description of the Malware. + + +type: text + +-- + +*`misp.malware.labels`*:: ++ +-- +The type of malware being described. Open Vocab - malware-label-ov. adware,backdoor,bot,ddos,dropper,exploit-kit,keylogger,ransomware, remote-access-trojan,resource-exploitation,rogue-security-software,rootkit, screen-capture,spyware,trojan,virus,worm + + +type: keyword + +-- + +*`misp.malware.kill_chain_phases`*:: ++ +-- +The list of kill chain phases for which this Malware instance can be used. + + +type: keyword + +format: string + +-- + +[float] +=== note + +A Note is a comment or note containing informative text to help explain the context of one or more STIX Objects (SDOs or SROs) or to provide additional analysis that is not contained in the original object. + + + +*`misp.note.id`*:: ++ +-- +Identifier of the Note. + + +type: keyword + +-- + +*`misp.note.summary`*:: ++ +-- +A brief description used as a summary of the Note. + + +type: keyword + +-- + +*`misp.note.description`*:: ++ +-- +The content of the Note. + + +type: text + +-- + +*`misp.note.authors`*:: ++ +-- +The name of the author(s) of this Note. + + +type: keyword + +-- + +*`misp.note.object_refs`*:: ++ +-- +The STIX Objects (SDOs and SROs) that the note is being applied to. + + +type: keyword + +-- + +[float] +=== threat_indicator + +Fields provide support for specifying information about threat indicators, and related matching patterns. + + + +*`misp.threat_indicator.labels`*:: ++ +-- +list of type open-vocab that specifies the type of indicator. + + +type: keyword + +example: Domain Watchlist + + +-- + +*`misp.threat_indicator.id`*:: ++ +-- +Identifier of the threat indicator. + + +type: keyword + +-- + +*`misp.threat_indicator.version`*:: ++ +-- +Version of the threat indicator. + + +type: keyword + +-- + +*`misp.threat_indicator.type`*:: ++ +-- +Type of the threat indicator. + + +type: keyword + +-- + +*`misp.threat_indicator.description`*:: ++ +-- +Description of the threat indicator. + + +type: text + +-- + +*`misp.threat_indicator.feed`*:: ++ +-- +Name of the threat feed. + + +type: text + +-- + +*`misp.threat_indicator.valid_from`*:: ++ +-- +The time from which this Indicator should be considered valuable intelligence, in RFC3339 format. + + +type: date + +-- + +*`misp.threat_indicator.valid_until`*:: ++ +-- +The time at which this Indicator should no longer be considered valuable intelligence. If the valid_until property is omitted, then there is no constraint on the latest time for which the indicator should be used, in RFC3339 format. + + +type: date + +-- + +*`misp.threat_indicator.severity`*:: ++ +-- +Threat severity to which this indicator corresponds. + + +type: keyword + +example: high + +format: string + +-- + +*`misp.threat_indicator.confidence`*:: ++ +-- +Confidence level to which this indicator corresponds. + + +type: keyword + +example: high + +-- + +*`misp.threat_indicator.kill_chain_phases`*:: ++ +-- +The kill chain phase(s) to which this indicator corresponds. + + +type: keyword + +format: string + +-- + +*`misp.threat_indicator.mitre_tactic`*:: ++ +-- +MITRE tactics to which this indicator corresponds. + + +type: keyword + +example: Initial Access + +format: string + +-- + +*`misp.threat_indicator.mitre_technique`*:: ++ +-- +MITRE techniques to which this indicator corresponds. + + +type: keyword + +example: Drive-by Compromise + +format: string + +-- + +*`misp.threat_indicator.attack_pattern`*:: ++ +-- +The attack_pattern for this indicator is a STIX Pattern as specified in STIX Version 2.0 Part 5 - STIX Patterning. + + +type: keyword + +example: [destination:ip = '91.219.29.188/32'] + + +-- + +*`misp.threat_indicator.attack_pattern_kql`*:: ++ +-- +The attack_pattern for this indicator is KQL query that matches the attack_pattern specified in the STIX Pattern format. + + +type: keyword + +example: destination.ip: "91.219.29.188/32" + + +-- + +*`misp.threat_indicator.negate`*:: + -- +When set to true, it specifies the absence of the attack_pattern. + + type: boolean -- -*`suricata.eve.app_proto`*:: +*`misp.threat_indicator.intrusion_set`*:: + -- -type: alias +Name of the intrusion set if known. -alias to: network.protocol + +type: keyword -- -*`suricata.eve.tx_id`*:: +*`misp.threat_indicator.campaign`*:: + -- -type: long +Name of the attack campaign if known. + + +type: keyword -- -*`suricata.eve.app_proto_tc`*:: +*`misp.threat_indicator.threat_actor`*:: ++ +-- +Name of the threat actor if known. + + +type: keyword + +-- + +[float] +=== observed_data + +Observed data conveys information that was observed on systems and networks, such as log data or network traffic, using the Cyber Observable specification. + + + +*`misp.observed_data.id`*:: + -- +Identifier of the Observed Data. + + type: keyword -- +*`misp.observed_data.first_observed`*:: ++ +-- +The beginning of the time window that the data was observed, in RFC3339 format. + -*`suricata.eve.smtp.rcpt_to`*:: +type: date + +-- + +*`misp.observed_data.last_observed`*:: ++ +-- +The end of the time window that the data was observed, in RFC3339 format. + + +type: date + +-- + +*`misp.observed_data.number_observed`*:: ++ +-- +The number of times the data represented in the objects property was observed. This MUST be an integer between 1 and 999,999,999 inclusive. + + +type: integer + +-- + +*`misp.observed_data.objects`*:: + -- +A dictionary of Cyber Observable Objects that describes the single fact that was observed. + + type: keyword -- -*`suricata.eve.smtp.mail_from`*:: +[float] +=== report + +Reports are collections of threat intelligence focused on one or more topics, such as a description of a threat actor, malware, or attack technique, including context and related details. + + + +*`misp.report.id`*:: ++ +-- +Identifier of the Report. + + +type: keyword + +-- + +*`misp.report.labels`*:: + -- +This field is an Open Vocabulary that specifies the primary subject of this report. Open Vocab - report-label-ov. threat-report,attack-pattern,campaign,identity,indicator,malware,observed-data,threat-actor,tool,vulnerability + + type: keyword -- -*`suricata.eve.smtp.helo`*:: +*`misp.report.name`*:: ++ +-- +The name used to identify the Report. + + +type: keyword + +-- + +*`misp.report.description`*:: ++ +-- +A description that provides more details and context about Report. + + +type: text + +-- + +*`misp.report.published`*:: + -- +The date that this report object was officially published by the creator of this report, in RFC3339 format. + + +type: date + +-- + +*`misp.report.object_refs`*:: ++ +-- +Specifies the STIX Objects that are referred to by this Report. + + +type: text + +-- + +[float] +=== threat_actor + +Threat Actors are actual individuals, groups, or organizations believed to be operating with malicious intent. + + + +*`misp.threat_actor.id`*:: ++ +-- +Identifier of the Threat Actor. + + type: keyword -- -*`suricata.eve.app_proto_expected`*:: +*`misp.threat_actor.labels`*:: ++ +-- +This field specifies the type of threat actor. Open Vocab - threat-actor-label-ov. activist,competitor,crime-syndicate,criminal,hacker,insider-accidental,insider-disgruntled,nation-state,sensationalist,spy,terrorist + + +type: keyword + +-- + +*`misp.threat_actor.name`*:: ++ +-- +The name used to identify this Threat Actor or Threat Actor group. + + +type: keyword + +-- + +*`misp.threat_actor.description`*:: ++ +-- +A description that provides more details and context about the Threat Actor. + + +type: text + +-- + +*`misp.threat_actor.aliases`*:: ++ +-- +A list of other names that this Threat Actor is believed to use. + + +type: text + +-- + +*`misp.threat_actor.roles`*:: ++ +-- +This is a list of roles the Threat Actor plays. Open Vocab - threat-actor-role-ov. agent,director,independent,sponsor,infrastructure-operator,infrastructure-architect,malware-author + + +type: text + +-- + +*`misp.threat_actor.goals`*:: ++ +-- +The high level goals of this Threat Actor, namely, what are they trying to do. + + +type: text + +-- + +*`misp.threat_actor.sophistication`*:: ++ +-- +The skill, specific knowledge, special training, or expertise a Threat Actor must have to perform the attack. Open Vocab - threat-actor-sophistication-ov. none,minimal,intermediate,advanced,strategic,expert,innovator + + +type: text + +-- + +*`misp.threat_actor.resource_level`*:: ++ +-- +This defines the organizational level at which this Threat Actor typically works. Open Vocab - attack-resource-level-ov. individual,club,contest,team,organization,government + + +type: text + +-- + +*`misp.threat_actor.primary_motivation`*:: ++ +-- +The primary reason, motivation, or purpose behind this Threat Actor. Open Vocab - attack-motivation-ov. accidental,coercion,dominance,ideology,notoriety,organizational-gain,personal-gain,personal-satisfaction,revenge,unpredictable + + +type: text + +-- + +*`misp.threat_actor.secondary_motivations`*:: ++ +-- +The secondary reasons, motivations, or purposes behind this Threat Actor. Open Vocab - attack-motivation-ov. accidental,coercion,dominance,ideology,notoriety,organizational-gain,personal-gain,personal-satisfaction,revenge,unpredictable + + +type: text + +-- + +*`misp.threat_actor.personal_motivations`*:: ++ +-- +The personal reasons, motivations, or purposes of the Threat Actor regardless of organizational goals. Open Vocab - attack-motivation-ov. accidental,coercion,dominance,ideology,notoriety,organizational-gain,personal-gain,personal-satisfaction,revenge,unpredictable + + +type: text + +-- + +[float] +=== tool + +Tools are legitimate software that can be used by threat actors to perform attacks. + + + +*`misp.tool.id`*:: ++ +-- +Identifier of the Tool. + + +type: keyword + +-- + +*`misp.tool.labels`*:: ++ +-- +The kind(s) of tool(s) being described. Open Vocab - tool-label-ov. denial-of-service,exploitation,information-gathering,network-capture,credential-exploitation,remote-access,vulnerability-scanning + + +type: keyword + +-- + +*`misp.tool.name`*:: ++ +-- +The name used to identify the Tool. + + +type: keyword + +-- + +*`misp.tool.description`*:: ++ +-- +A description that provides more details and context about the Tool. + + +type: text + +-- + +*`misp.tool.tool_version`*:: ++ +-- +The version identifier associated with the Tool. + + +type: keyword + +-- + +*`misp.tool.kill_chain_phases`*:: ++ +-- +The list of kill chain phases for which this Tool instance can be used. + + +type: text + +-- + +[float] +=== vulnerability + +A Vulnerability is a mistake in software that can be directly used by a hacker to gain access to a system or network. + + + +*`misp.vulnerability.id`*:: ++ +-- +Identifier of the Vulnerability. + + +type: keyword + +-- + +*`misp.vulnerability.name`*:: ++ +-- +The name used to identify the Vulnerability. + + +type: keyword + +-- + +*`misp.vulnerability.description`*:: ++ +-- +A description that provides more details and context about the Vulnerability. + + +type: text + +-- + +[[exported-fields-misp]] +== MISP fields + +Module for handling threat information from MISP. + + + +[float] +=== misp + +Fields from MISP threat information. + + + +[float] +=== attack_pattern + +Fields provide support for specifying information about attack patterns. + + + +*`misp.attack_pattern.id`*:: ++ +-- +Identifier of the threat indicator. + + +type: keyword + +-- + +*`misp.attack_pattern.name`*:: ++ +-- +Name of the attack pattern. + + +type: keyword + +-- + +*`misp.attack_pattern.description`*:: ++ +-- +Description of the attack pattern. + + +type: text + +-- + +*`misp.attack_pattern.kill_chain_phases`*:: ++ +-- +The kill chain phase(s) to which this attack pattern corresponds. + + +type: keyword + +-- + +[float] +=== campaign + +Fields provide support for specifying information about campaigns. + + + +*`misp.campaign.id`*:: ++ +-- +Identifier of the campaign. + + +type: keyword + +-- + +*`misp.campaign.name`*:: ++ +-- +Name of the campaign. + + +type: keyword + +-- + +*`misp.campaign.description`*:: ++ +-- +Description of the campaign. + + +type: text + +-- + +*`misp.campaign.aliases`*:: ++ +-- +Alternative names used to identify this campaign. + + +type: text + +-- + +*`misp.campaign.first_seen`*:: ++ +-- +The time that this Campaign was first seen, in RFC3339 format. + + +type: date + +-- + +*`misp.campaign.last_seen`*:: ++ +-- +The time that this Campaign was last seen, in RFC3339 format. + + +type: date + +-- + +*`misp.campaign.objective`*:: ++ +-- +This field defines the Campaign's primary goal, objective, desired outcome, or intended effect. + + +type: keyword + +-- + +[float] +=== course_of_action + +A Course of Action is an action taken either to prevent an attack or to respond to an attack that is in progress. + + + +*`misp.course_of_action.id`*:: ++ +-- +Identifier of the Course of Action. + + +type: keyword + +-- + +*`misp.course_of_action.name`*:: ++ +-- +The name used to identify the Course of Action. + + +type: keyword + +-- + +*`misp.course_of_action.description`*:: ++ +-- +Description of the Course of Action. + + +type: text + +-- + +[float] +=== identity + +Identity can represent actual individuals, organizations, or groups, as well as classes of individuals, organizations, or groups. + + + +*`misp.identity.id`*:: ++ +-- +Identifier of the Identity. + + +type: keyword + +-- + +*`misp.identity.name`*:: ++ +-- +The name used to identify the Identity. + + +type: keyword + +-- + +*`misp.identity.description`*:: ++ +-- +Description of the Identity. + + +type: text + +-- + +*`misp.identity.identity_class`*:: ++ +-- +The type of entity that this Identity describes, e.g., an individual or organization. Open Vocab - identity-class-ov + + +type: keyword + +-- + +*`misp.identity.labels`*:: ++ +-- +The list of roles that this Identity performs. + + +type: keyword + +example: CEO + + +-- + +*`misp.identity.sectors`*:: ++ +-- +The list of sectors that this Identity belongs to. Open Vocab - industry-sector-ov + + +type: keyword + +-- + +*`misp.identity.contact_information`*:: ++ +-- +The contact information (e-mail, phone number, etc.) for this Identity. + + +type: text + +-- + +[float] +=== intrusion_set + +An Intrusion Set is a grouped set of adversary behavior and resources with common properties that is believed to be orchestrated by a single organization. + + + +*`misp.intrusion_set.id`*:: ++ +-- +Identifier of the Intrusion Set. + + +type: keyword + +-- + +*`misp.intrusion_set.name`*:: ++ +-- +The name used to identify the Intrusion Set. + + +type: keyword + +-- + +*`misp.intrusion_set.description`*:: ++ +-- +Description of the Intrusion Set. + + +type: text + +-- + +*`misp.intrusion_set.aliases`*:: ++ +-- +Alternative names used to identify the Intrusion Set. + + +type: text + +-- + +*`misp.intrusion_set.first_seen`*:: ++ +-- +The time that this Intrusion Set was first seen, in RFC3339 format. + + +type: date + +-- + +*`misp.intrusion_set.last_seen`*:: ++ +-- +The time that this Intrusion Set was last seen, in RFC3339 format. + + +type: date + +-- + +*`misp.intrusion_set.goals`*:: ++ +-- +The high level goals of this Intrusion Set, namely, what are they trying to do. + + +type: text + +-- + +*`misp.intrusion_set.resource_level`*:: ++ +-- +This defines the organizational level at which this Intrusion Set typically works. Open Vocab - attack-resource-level-ov + + +type: text + +-- + +*`misp.intrusion_set.primary_motivation`*:: ++ +-- +The primary reason, motivation, or purpose behind this Intrusion Set. Open Vocab - attack-motivation-ov + + +type: text + +-- + +*`misp.intrusion_set.secondary_motivations`*:: ++ +-- +The secondary reasons, motivations, or purposes behind this Intrusion Set. Open Vocab - attack-motivation-ov + + +type: text + +-- + +[float] +=== malware + +Malware is a type of TTP that is also known as malicious code and malicious software, refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system (OS) or of otherwise annoying or disrupting the victim. + + + +*`misp.malware.id`*:: ++ +-- +Identifier of the Malware. + + +type: keyword + +-- + +*`misp.malware.name`*:: ++ +-- +The name used to identify the Malware. + + +type: keyword + +-- + +*`misp.malware.description`*:: ++ +-- +Description of the Malware. + + +type: text + +-- + +*`misp.malware.labels`*:: ++ +-- +The type of malware being described. Open Vocab - malware-label-ov. adware,backdoor,bot,ddos,dropper,exploit-kit,keylogger,ransomware, remote-access-trojan,resource-exploitation,rogue-security-software,rootkit, screen-capture,spyware,trojan,virus,worm + + +type: keyword + +-- + +*`misp.malware.kill_chain_phases`*:: ++ +-- +The list of kill chain phases for which this Malware instance can be used. + + +type: keyword + +format: string + +-- + +[float] +=== note + +A Note is a comment or note containing informative text to help explain the context of one or more STIX Objects (SDOs or SROs) or to provide additional analysis that is not contained in the original object. + + + +*`misp.note.id`*:: ++ +-- +Identifier of the Note. + + +type: keyword + +-- + +*`misp.note.summary`*:: ++ +-- +A brief description used as a summary of the Note. + + +type: keyword + +-- + +*`misp.note.description`*:: ++ +-- +The content of the Note. + + +type: text + +-- + +*`misp.note.authors`*:: ++ +-- +The name of the author(s) of this Note. + + +type: keyword + +-- + +*`misp.note.object_refs`*:: ++ +-- +The STIX Objects (SDOs and SROs) that the note is being applied to. + + +type: keyword + +-- + +[float] +=== threat_indicator + +Fields provide support for specifying information about threat indicators, and related matching patterns. + + + +*`misp.threat_indicator.labels`*:: ++ +-- +list of type open-vocab that specifies the type of indicator. + + +type: keyword + +example: Domain Watchlist + + +-- + +*`misp.threat_indicator.id`*:: ++ +-- +Identifier of the threat indicator. + + +type: keyword + +-- + +*`misp.threat_indicator.version`*:: ++ +-- +Version of the threat indicator. + + +type: keyword + +-- + +*`misp.threat_indicator.type`*:: ++ +-- +Type of the threat indicator. + + +type: keyword + +-- + +*`misp.threat_indicator.description`*:: ++ +-- +Description of the threat indicator. + + +type: text + +-- + +*`misp.threat_indicator.feed`*:: ++ +-- +Name of the threat feed. + + +type: text + +-- + +*`misp.threat_indicator.valid_from`*:: ++ +-- +The time from which this Indicator should be considered valuable intelligence, in RFC3339 format. + + +type: date + +-- + +*`misp.threat_indicator.valid_until`*:: ++ +-- +The time at which this Indicator should no longer be considered valuable intelligence. If the valid_until property is omitted, then there is no constraint on the latest time for which the indicator should be used, in RFC3339 format. + + +type: date + +-- + +*`misp.threat_indicator.severity`*:: ++ +-- +Threat severity to which this indicator corresponds. + + +type: keyword + +example: high + +format: string + +-- + +*`misp.threat_indicator.confidence`*:: ++ +-- +Confidence level to which this indicator corresponds. + + +type: keyword + +example: high + +-- + +*`misp.threat_indicator.kill_chain_phases`*:: ++ +-- +The kill chain phase(s) to which this indicator corresponds. + + +type: keyword + +format: string + +-- + +*`misp.threat_indicator.mitre_tactic`*:: ++ +-- +MITRE tactics to which this indicator corresponds. + + +type: keyword + +example: Initial Access + +format: string + +-- + +*`misp.threat_indicator.mitre_technique`*:: ++ +-- +MITRE techniques to which this indicator corresponds. + + +type: keyword + +example: Drive-by Compromise + +format: string + +-- + +*`misp.threat_indicator.attack_pattern`*:: ++ +-- +The attack_pattern for this indicator is a STIX Pattern as specified in STIX Version 2.0 Part 5 - STIX Patterning. + + +type: keyword + +example: [destination:ip = '91.219.29.188/32'] + + +-- + +*`misp.threat_indicator.attack_pattern_kql`*:: ++ +-- +The attack_pattern for this indicator is KQL query that matches the attack_pattern specified in the STIX Pattern format. + + +type: keyword + +example: destination.ip: "91.219.29.188/32" + + +-- + +*`misp.threat_indicator.negate`*:: ++ +-- +When set to true, it specifies the absence of the attack_pattern. + + +type: boolean + +-- + +*`misp.threat_indicator.intrusion_set`*:: ++ +-- +Name of the intrusion set if known. + + +type: keyword + +-- + +*`misp.threat_indicator.campaign`*:: ++ +-- +Name of the attack campaign if known. + + +type: keyword + +-- + +*`misp.threat_indicator.threat_actor`*:: ++ +-- +Name of the threat actor if known. + + +type: keyword + +-- + +[float] +=== observed_data + +Observed data conveys information that was observed on systems and networks, such as log data or network traffic, using the Cyber Observable specification. + + + +*`misp.observed_data.id`*:: ++ +-- +Identifier of the Observed Data. + + +type: keyword + +-- + +*`misp.observed_data.first_observed`*:: ++ +-- +The beginning of the time window that the data was observed, in RFC3339 format. + + +type: date + +-- + +*`misp.observed_data.last_observed`*:: ++ +-- +The end of the time window that the data was observed, in RFC3339 format. + + +type: date + +-- + +*`misp.observed_data.number_observed`*:: ++ +-- +The number of times the data represented in the objects property was observed. This MUST be an integer between 1 and 999,999,999 inclusive. + + +type: integer + +-- + +*`misp.observed_data.objects`*:: ++ +-- +A dictionary of Cyber Observable Objects that describes the single fact that was observed. + + +type: keyword + +-- + +[float] +=== report + +Reports are collections of threat intelligence focused on one or more topics, such as a description of a threat actor, malware, or attack technique, including context and related details. + + + +*`misp.report.id`*:: ++ +-- +Identifier of the Report. + + +type: keyword + +-- + +*`misp.report.labels`*:: ++ +-- +This field is an Open Vocabulary that specifies the primary subject of this report. Open Vocab - report-label-ov. threat-report,attack-pattern,campaign,identity,indicator,malware,observed-data,threat-actor,tool,vulnerability + + +type: keyword + +-- + +*`misp.report.name`*:: ++ +-- +The name used to identify the Report. + + +type: keyword + +-- + +*`misp.report.description`*:: ++ +-- +A description that provides more details and context about Report. + + +type: text + +-- + +*`misp.report.published`*:: ++ +-- +The date that this report object was officially published by the creator of this report, in RFC3339 format. + + +type: date + +-- + +*`misp.report.object_refs`*:: ++ +-- +Specifies the STIX Objects that are referred to by this Report. + + +type: text + +-- + +[float] +=== threat_actor + +Threat Actors are actual individuals, groups, or organizations believed to be operating with malicious intent. + + + +*`misp.threat_actor.id`*:: ++ +-- +Identifier of the Threat Actor. + + +type: keyword + +-- + +*`misp.threat_actor.labels`*:: ++ +-- +This field specifies the type of threat actor. Open Vocab - threat-actor-label-ov. activist,competitor,crime-syndicate,criminal,hacker,insider-accidental,insider-disgruntled,nation-state,sensationalist,spy,terrorist + + +type: keyword + +-- + +*`misp.threat_actor.name`*:: ++ +-- +The name used to identify this Threat Actor or Threat Actor group. + + +type: keyword + +-- + +*`misp.threat_actor.description`*:: ++ +-- +A description that provides more details and context about the Threat Actor. + + +type: text + +-- + +*`misp.threat_actor.aliases`*:: ++ +-- +A list of other names that this Threat Actor is believed to use. + + +type: text + +-- + +*`misp.threat_actor.roles`*:: ++ +-- +This is a list of roles the Threat Actor plays. Open Vocab - threat-actor-role-ov. agent,director,independent,sponsor,infrastructure-operator,infrastructure-architect,malware-author + + +type: text + +-- + +*`misp.threat_actor.goals`*:: ++ +-- +The high level goals of this Threat Actor, namely, what are they trying to do. + + +type: text + +-- + +*`misp.threat_actor.sophistication`*:: ++ +-- +The skill, specific knowledge, special training, or expertise a Threat Actor must have to perform the attack. Open Vocab - threat-actor-sophistication-ov. none,minimal,intermediate,advanced,strategic,expert,innovator + + +type: text + +-- + +*`misp.threat_actor.resource_level`*:: ++ +-- +This defines the organizational level at which this Threat Actor typically works. Open Vocab - attack-resource-level-ov. individual,club,contest,team,organization,government + + +type: text + +-- + +*`misp.threat_actor.primary_motivation`*:: ++ +-- +The primary reason, motivation, or purpose behind this Threat Actor. Open Vocab - attack-motivation-ov. accidental,coercion,dominance,ideology,notoriety,organizational-gain,personal-gain,personal-satisfaction,revenge,unpredictable + + +type: text + +-- + +*`misp.threat_actor.secondary_motivations`*:: ++ +-- +The secondary reasons, motivations, or purposes behind this Threat Actor. Open Vocab - attack-motivation-ov. accidental,coercion,dominance,ideology,notoriety,organizational-gain,personal-gain,personal-satisfaction,revenge,unpredictable + + +type: text + +-- + +*`misp.threat_actor.personal_motivations`*:: ++ +-- +The personal reasons, motivations, or purposes of the Threat Actor regardless of organizational goals. Open Vocab - attack-motivation-ov. accidental,coercion,dominance,ideology,notoriety,organizational-gain,personal-gain,personal-satisfaction,revenge,unpredictable + + +type: text + +-- + +[float] +=== tool + +Tools are legitimate software that can be used by threat actors to perform attacks. + + + +*`misp.tool.id`*:: ++ +-- +Identifier of the Tool. + + +type: keyword + +-- + +*`misp.tool.labels`*:: ++ +-- +The kind(s) of tool(s) being described. Open Vocab - tool-label-ov. denial-of-service,exploitation,information-gathering,network-capture,credential-exploitation,remote-access,vulnerability-scanning + + +type: keyword + +-- + +*`misp.tool.name`*:: ++ +-- +The name used to identify the Tool. + + +type: keyword + +-- + +*`misp.tool.description`*:: ++ +-- +A description that provides more details and context about the Tool. + + +type: text + +-- + +*`misp.tool.tool_version`*:: ++ +-- +The version identifier associated with the Tool. + + +type: keyword + +-- + +*`misp.tool.kill_chain_phases`*:: ++ +-- +The list of kill chain phases for which this Tool instance can be used. + + +type: text + +-- + +[float] +=== vulnerability + +A Vulnerability is a mistake in software that can be directly used by a hacker to gain access to a system or network. + + + +*`misp.vulnerability.id`*:: ++ +-- +Identifier of the Vulnerability. + + +type: keyword + +-- + +*`misp.vulnerability.name`*:: ++ +-- +The name used to identify the Vulnerability. + + +type: keyword + +-- + +*`misp.vulnerability.description`*:: ++ +-- +A description that provides more details and context about the Vulnerability. + + +type: text + +-- + +[[exported-fields-mongodb]] +== mongodb fields + +Module for parsing MongoDB log files. + + + +[float] +=== mongodb + +Fields from MongoDB logs. + + + +[float] +=== log + +Contains fields from MongoDB logs. + + + +*`mongodb.log.component`*:: ++ +-- +Functional categorization of message + + +type: keyword + +example: COMMAND + +-- + +*`mongodb.log.context`*:: ++ +-- +Context of message + + +type: keyword + +example: initandlisten + +-- + +*`mongodb.log.severity`*:: ++ +-- +type: alias + +alias to: log.level + +-- + +*`mongodb.log.message`*:: ++ +-- +type: alias + +alias to: message + +-- + +[[exported-fields-mssql]] +== mssql fields + +MS SQL Filebeat Module + + +[float] +=== mssql + +Fields from the MSSQL log files + + +[float] +=== log + +Common log fields + + +*`mssql.log.origin`*:: ++ +-- +Origin of the message, usually the server but it can also be a recovery process + +type: keyword + +-- + +[[exported-fields-mssql]] +== mssql fields + +MS SQL Filebeat Module + + +[float] +=== mssql + +Fields from the MSSQL log files + + +[float] +=== log + +Common log fields + + +*`mssql.log.origin`*:: ++ +-- +Origin of the message, usually the server but it can also be a recovery process + +type: keyword + +-- + +[[exported-fields-mysql]] +== MySQL fields + +Module for parsing the MySQL log files. + + + +[float] +=== mysql + +Fields from the MySQL log files. + + + +*`mysql.thread_id`*:: ++ +-- +The connection or thread ID for the query. + + +type: long + +-- + +[float] +=== error + +Contains fields from the MySQL error logs. + + + +*`mysql.error.thread_id`*:: ++ +-- +type: alias + +alias to: mysql.thread_id + +-- + +*`mysql.error.level`*:: ++ +-- +type: alias + +alias to: log.level + +-- + +*`mysql.error.message`*:: ++ +-- +type: alias + +alias to: message + +-- + +[float] +=== slowlog + +Contains fields from the MySQL slow logs. + + + +*`mysql.slowlog.lock_time.sec`*:: ++ +-- +The amount of time the query waited for the lock to be available. The value is in seconds, as a floating point number. + + +type: float + +-- + +*`mysql.slowlog.rows_sent`*:: ++ +-- +The number of rows returned by the query. + + +type: long + +-- + +*`mysql.slowlog.rows_examined`*:: ++ +-- +The number of rows scanned by the query. + + +type: long + +-- + +*`mysql.slowlog.rows_affected`*:: ++ +-- +The number of rows modified by the query. + + +type: long + +-- + +*`mysql.slowlog.bytes_sent`*:: ++ +-- +The number of bytes sent to client. + + +type: long + +format: bytes + +-- + +*`mysql.slowlog.bytes_received`*:: ++ +-- +The number of bytes received from client. + + +type: long + +format: bytes + +-- + +*`mysql.slowlog.query`*:: ++ +-- +The slow query. + + +-- + +*`mysql.slowlog.id`*:: ++ +-- +type: alias + +alias to: mysql.thread_id + +-- + +*`mysql.slowlog.schema`*:: ++ +-- +The schema where the slow query was executed. + + +type: keyword + +-- + +*`mysql.slowlog.current_user`*:: ++ +-- +Current authenticated user, used to determine access privileges. Can differ from the value for user. + + +type: keyword + +-- + +*`mysql.slowlog.last_errno`*:: ++ +-- +Last SQL error seen. + + +type: keyword + +-- + +*`mysql.slowlog.killed`*:: ++ +-- +Code of the reason if the query was killed. + + +type: keyword + +-- + +*`mysql.slowlog.query_cache_hit`*:: ++ +-- +Whether the query cache was hit. + + +type: boolean + +-- + +*`mysql.slowlog.tmp_table`*:: ++ +-- +Whether a temporary table was used to resolve the query. + + +type: boolean + +-- + +*`mysql.slowlog.tmp_table_on_disk`*:: ++ +-- +Whether the query needed temporary tables on disk. + + +type: boolean + +-- + +*`mysql.slowlog.tmp_tables`*:: ++ +-- +Number of temporary tables created for this query + + +type: long + +-- + +*`mysql.slowlog.tmp_disk_tables`*:: ++ +-- +Number of temporary tables created on disk for this query. + + +type: long + +-- + +*`mysql.slowlog.tmp_table_sizes`*:: ++ +-- +Size of temporary tables created for this query. + +type: long + +format: bytes + +-- + +*`mysql.slowlog.filesort`*:: ++ +-- +Whether filesort optimization was used. + + +type: boolean + +-- + +*`mysql.slowlog.filesort_on_disk`*:: ++ +-- +Whether filesort optimization was used and it needed temporary tables on disk. + + +type: boolean + +-- + +*`mysql.slowlog.priority_queue`*:: ++ +-- +Whether a priority queue was used for filesort. + + +type: boolean + +-- + +*`mysql.slowlog.full_scan`*:: ++ +-- +Whether a full table scan was needed for the slow query. + + +type: boolean + +-- + +*`mysql.slowlog.full_join`*:: ++ +-- +Whether a full join was needed for the slow query (no indexes were used for joins). + + +type: boolean + +-- + +*`mysql.slowlog.merge_passes`*:: ++ +-- +Number of merge passes executed for the query. + + +type: long + +-- + +*`mysql.slowlog.sort_merge_passes`*:: ++ +-- +Number of merge passes that the sort algorithm has had to do. + + +type: long + +-- + +*`mysql.slowlog.sort_range_count`*:: ++ +-- +Number of sorts that were done using ranges. + + +type: long + +-- + +*`mysql.slowlog.sort_rows`*:: ++ +-- +Number of sorted rows. + + +type: long + +-- + +*`mysql.slowlog.sort_scan_count`*:: ++ +-- +Number of sorts that were done by scanning the table. + + +type: long + +-- + +*`mysql.slowlog.log_slow_rate_type`*:: ++ +-- +Type of slow log rate limit, it can be `session` if the rate limit is applied per session, or `query` if it applies per query. + + +type: keyword + +-- + +*`mysql.slowlog.log_slow_rate_limit`*:: ++ +-- +Slow log rate limit, a value of 100 means that one in a hundred queries or sessions are being logged. + + +type: keyword + +-- + +*`mysql.slowlog.read_first`*:: ++ +-- +The number of times the first entry in an index was read. + + +type: long + +-- + +*`mysql.slowlog.read_last`*:: ++ +-- +The number of times the last key in an index was read. + + +type: long + +-- + +*`mysql.slowlog.read_key`*:: ++ +-- +The number of requests to read a row based on a key. + + +type: long + +-- + +*`mysql.slowlog.read_next`*:: ++ +-- +The number of requests to read the next row in key order. + + +type: long + +-- + +*`mysql.slowlog.read_prev`*:: ++ +-- +The number of requests to read the previous row in key order. + + +type: long + +-- + +*`mysql.slowlog.read_rnd`*:: ++ +-- +The number of requests to read a row based on a fixed position. + + +type: long + +-- + +*`mysql.slowlog.read_rnd_next`*:: ++ +-- +The number of requests to read the next row in the data file. + + +type: long + +-- + +[float] +=== innodb + +Contains fields relative to InnoDB engine + + + +*`mysql.slowlog.innodb.trx_id`*:: ++ +-- +Transaction ID + + +type: keyword + +-- + +*`mysql.slowlog.innodb.io_r_ops`*:: ++ +-- +Number of page read operations. + + +type: long + +-- + +*`mysql.slowlog.innodb.io_r_bytes`*:: ++ +-- +Bytes read during page read operations. + + +type: long + +format: bytes + +-- + +*`mysql.slowlog.innodb.io_r_wait.sec`*:: ++ +-- +How long it took to read all needed data from storage. + + +type: long + +-- + +*`mysql.slowlog.innodb.rec_lock_wait.sec`*:: ++ +-- +How long the query waited for locks. + + +type: long + +-- + +*`mysql.slowlog.innodb.queue_wait.sec`*:: ++ +-- +How long the query waited to enter the InnoDB queue and to be executed once in the queue. + + +type: long + +-- + +*`mysql.slowlog.innodb.pages_distinct`*:: ++ +-- +Approximated count of pages accessed to execute the query. + + +type: long + +-- + +*`mysql.slowlog.user`*:: ++ +-- +type: alias + +alias to: user.name + +-- + +*`mysql.slowlog.host`*:: ++ +-- +type: alias + +alias to: source.domain + +-- + +*`mysql.slowlog.ip`*:: ++ +-- +type: alias + +alias to: source.ip + +-- + +[[exported-fields-nats]] +== NATS fields + +Module for parsing NATS log files. + + + +[float] +=== nats + +Fields from NATS logs. + + + +[float] +=== log + +Nats log files + + + +[float] +=== client + +Fields from NATS logs client. + + + +*`nats.log.client.id`*:: ++ +-- +The id of the client + + +type: integer + +-- + +[float] +=== msg + +Fields from NATS logs message. + + + +*`nats.log.msg.bytes`*:: ++ +-- +Size of the payload in bytes + + +type: long + +format: bytes + +-- + +*`nats.log.msg.type`*:: ++ +-- +The protocol message type + + +type: keyword + +-- + +*`nats.log.msg.subject`*:: ++ +-- +Subject name this message was received on + + +type: keyword + +-- + +*`nats.log.msg.sid`*:: ++ +-- +The unique alphanumeric subscription ID of the subject + + +type: integer + +-- + +*`nats.log.msg.reply_to`*:: ++ +-- +The inbox subject on which the publisher is listening for responses + + +type: keyword + +-- + +*`nats.log.msg.max_messages`*:: ++ +-- +An optional number of messages to wait for before automatically unsubscribing + + +type: integer + +-- + +*`nats.log.msg.error.message`*:: ++ +-- +Details about the error occurred + + +type: text + +-- + +*`nats.log.msg.queue_group`*:: ++ +-- +The queue group which subscriber will join + + +type: text + +-- + +[[exported-fields-netflow]] +== NetFlow fields + +Fields from NetFlow and IPFIX flows. + + + +[float] +=== netflow + +Fields from NetFlow and IPFIX. + + + +*`netflow.type`*:: ++ +-- +The type of NetFlow record described by this event. + + +type: keyword + +-- + +[float] +=== exporter + +Metadata related to the exporter device that generated this record. + + + +*`netflow.exporter.address`*:: ++ +-- +Exporter's network address in IP:port format. + + +type: keyword + +-- + +*`netflow.exporter.source_id`*:: ++ +-- +Observation domain ID to which this record belongs. + + +type: long + +-- + +*`netflow.exporter.timestamp`*:: ++ +-- +Time and date of export. + + +type: date + +-- + +*`netflow.exporter.uptime_millis`*:: ++ +-- +How long the exporter process has been running, in milliseconds. + + +type: long + +-- + +*`netflow.exporter.version`*:: ++ +-- +NetFlow version used. + + +type: integer + +-- + +*`netflow.octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.delta_flow_count`*:: ++ +-- +type: long + +-- + +*`netflow.protocol_identifier`*:: ++ +-- +type: short + +-- + +*`netflow.ip_class_of_service`*:: ++ +-- +type: short + +-- + +*`netflow.tcp_control_bits`*:: ++ +-- +type: integer + +-- + +*`netflow.source_transport_port`*:: ++ +-- +type: integer + +-- + +*`netflow.source_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.source_ipv4_prefix_length`*:: ++ +-- +type: short + +-- + +*`netflow.ingress_interface`*:: ++ +-- +type: long + +-- + +*`netflow.destination_transport_port`*:: ++ +-- +type: integer + +-- + +*`netflow.destination_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.destination_ipv4_prefix_length`*:: ++ +-- +type: short + +-- + +*`netflow.egress_interface`*:: ++ +-- +type: long + +-- + +*`netflow.ip_next_hop_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.bgp_source_as_number`*:: ++ +-- +type: long + +-- + +*`netflow.bgp_destination_as_number`*:: ++ +-- +type: long + +-- + +*`netflow.bgp_next_hop_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.post_mcast_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_mcast_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.flow_end_sys_up_time`*:: ++ +-- +type: long + +-- + +*`netflow.flow_start_sys_up_time`*:: ++ +-- +type: long + +-- + +*`netflow.post_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.minimum_ip_total_length`*:: ++ +-- +type: long + +-- + +*`netflow.maximum_ip_total_length`*:: ++ +-- +type: long + +-- + +*`netflow.source_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.destination_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.source_ipv6_prefix_length`*:: ++ +-- +type: short + +-- + +*`netflow.destination_ipv6_prefix_length`*:: ++ +-- +type: short + +-- + +*`netflow.flow_label_ipv6`*:: ++ +-- +type: long + +-- + +*`netflow.icmp_type_code_ipv4`*:: ++ +-- +type: integer + +-- + +*`netflow.igmp_type`*:: ++ +-- +type: short + +-- + +*`netflow.sampling_interval`*:: ++ +-- +type: long + +-- + +*`netflow.sampling_algorithm`*:: ++ +-- +type: short + +-- + +*`netflow.flow_active_timeout`*:: ++ +-- +type: integer + +-- + +*`netflow.flow_idle_timeout`*:: ++ +-- +type: integer + +-- + +*`netflow.engine_type`*:: ++ +-- +type: short + +-- + +*`netflow.engine_id`*:: ++ +-- +type: short + +-- + +*`netflow.exported_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.exported_message_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.exported_flow_record_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ipv4_router_sc`*:: ++ +-- +type: ip + +-- + +*`netflow.source_ipv4_prefix`*:: ++ +-- +type: ip + +-- + +*`netflow.destination_ipv4_prefix`*:: ++ +-- +type: ip + +-- + +*`netflow.mpls_top_label_type`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_top_label_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.sampler_id`*:: ++ +-- +type: short + +-- + +*`netflow.sampler_mode`*:: ++ +-- +type: short + +-- + +*`netflow.sampler_random_interval`*:: ++ +-- +type: long + +-- + +*`netflow.class_id`*:: ++ +-- +type: long + +-- + +*`netflow.minimum_ttl`*:: ++ +-- +type: short + +-- + +*`netflow.maximum_ttl`*:: ++ +-- +type: short + +-- + +*`netflow.fragment_identification`*:: ++ +-- +type: long + +-- + +*`netflow.post_ip_class_of_service`*:: ++ +-- +type: short + +-- + +*`netflow.source_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.post_destination_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.post_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.ip_version`*:: ++ +-- +type: short + +-- + +*`netflow.flow_direction`*:: ++ +-- +type: short + +-- + +*`netflow.ip_next_hop_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.bgp_next_hop_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.ipv6_extension_headers`*:: ++ +-- +type: long + +-- + +*`netflow.mpls_top_label_stack_section`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section2`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section3`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section4`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section5`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section6`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section7`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section8`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section9`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section10`*:: ++ +-- +type: short + +-- + +*`netflow.destination_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.post_source_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.interface_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.interface_description`*:: ++ +-- +type: keyword + +-- + +*`netflow.sampler_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.flags_and_sampler_id`*:: ++ +-- +type: long + +-- + +*`netflow.fragment_offset`*:: ++ +-- +type: integer + +-- + +*`netflow.forwarding_status`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_vpn_route_distinguisher`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_top_label_prefix_length`*:: ++ +-- +type: short + +-- + +*`netflow.src_traffic_index`*:: ++ +-- +type: long + +-- + +*`netflow.dst_traffic_index`*:: ++ +-- +type: long + +-- + +*`netflow.application_description`*:: ++ +-- +type: keyword + +-- + +*`netflow.application_id`*:: ++ +-- +type: short + +-- + +*`netflow.application_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.post_ip_diff_serv_code_point`*:: ++ +-- +type: short + +-- + +*`netflow.multicast_replication_factor`*:: ++ +-- +type: long + +-- + +*`netflow.class_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.classification_engine_id`*:: ++ +-- +type: short + +-- + +*`netflow.layer2packet_section_offset`*:: ++ +-- +type: integer + +-- + +*`netflow.layer2packet_section_size`*:: ++ +-- +type: integer + +-- + +*`netflow.layer2packet_section_data`*:: ++ +-- +type: short + +-- + +*`netflow.bgp_next_adjacent_as_number`*:: ++ +-- +type: long + +-- + +*`netflow.bgp_prev_adjacent_as_number`*:: ++ +-- +type: long + +-- + +*`netflow.exporter_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.exporter_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.dropped_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.dropped_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.dropped_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.dropped_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.flow_end_reason`*:: ++ +-- +type: short + +-- + +*`netflow.common_properties_id`*:: ++ +-- +type: long + +-- + +*`netflow.observation_point_id`*:: ++ +-- +type: long + +-- + +*`netflow.icmp_type_code_ipv6`*:: ++ +-- +type: integer + +-- + +*`netflow.mpls_top_label_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.line_card_id`*:: ++ +-- +type: long + +-- + +*`netflow.port_id`*:: ++ +-- +type: long + +-- + +*`netflow.metering_process_id`*:: ++ +-- +type: long + +-- + +*`netflow.exporting_process_id`*:: ++ +-- +type: long + +-- + +*`netflow.template_id`*:: ++ +-- +type: integer + +-- + +*`netflow.wlan_channel_id`*:: ++ +-- +type: short + +-- + +*`netflow.wlan_ssid`*:: ++ +-- +type: keyword + +-- + +*`netflow.flow_id`*:: ++ +-- +type: long + +-- + +*`netflow.observation_domain_id`*:: ++ +-- +type: long + +-- + +*`netflow.flow_start_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_end_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_start_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_end_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_start_microseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_end_microseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_start_nanoseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_end_nanoseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_start_delta_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.flow_end_delta_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.system_init_time_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_duration_milliseconds`*:: ++ +-- +type: long + +-- + +*`netflow.flow_duration_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.observed_flow_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ignored_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ignored_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.not_sent_flow_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.not_sent_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.not_sent_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.destination_ipv6_prefix`*:: ++ +-- +type: ip + +-- + +*`netflow.source_ipv6_prefix`*:: ++ +-- +type: ip + +-- + +*`netflow.post_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.flow_key_indicator`*:: ++ +-- +type: long + +-- + +*`netflow.post_mcast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_mcast_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.icmp_type_ipv4`*:: ++ +-- +type: short + +-- + +*`netflow.icmp_code_ipv4`*:: ++ +-- +type: short + +-- + +*`netflow.icmp_type_ipv6`*:: ++ +-- +type: short + +-- + +*`netflow.icmp_code_ipv6`*:: ++ +-- +type: short + +-- + +*`netflow.udp_source_port`*:: ++ +-- +type: integer + +-- + +*`netflow.udp_destination_port`*:: ++ +-- +type: integer + +-- + +*`netflow.tcp_source_port`*:: ++ +-- +type: integer + +-- + +*`netflow.tcp_destination_port`*:: ++ +-- +type: integer + +-- + +*`netflow.tcp_sequence_number`*:: ++ +-- +type: long + +-- + +*`netflow.tcp_acknowledgement_number`*:: ++ +-- +type: long + +-- + +*`netflow.tcp_window_size`*:: ++ +-- +type: integer + +-- + +*`netflow.tcp_urgent_pointer`*:: ++ +-- +type: integer + +-- + +*`netflow.tcp_header_length`*:: ++ +-- +type: short + +-- + +*`netflow.ip_header_length`*:: ++ +-- +type: short + +-- + +*`netflow.total_length_ipv4`*:: ++ +-- +type: integer + +-- + +*`netflow.payload_length_ipv6`*:: ++ +-- +type: integer + +-- + +*`netflow.ip_ttl`*:: ++ +-- +type: short + +-- + +*`netflow.next_header_ipv6`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_payload_length`*:: ++ +-- +type: long + +-- + +*`netflow.ip_diff_serv_code_point`*:: ++ +-- +type: short + +-- + +*`netflow.ip_precedence`*:: ++ +-- +type: short + +-- + +*`netflow.fragment_flags`*:: ++ +-- +type: short + +-- + +*`netflow.octet_delta_sum_of_squares`*:: ++ +-- +type: long + +-- + +*`netflow.octet_total_sum_of_squares`*:: ++ +-- +type: long + +-- + +*`netflow.mpls_top_label_ttl`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_length`*:: ++ +-- +type: long + +-- + +*`netflow.mpls_label_stack_depth`*:: ++ +-- +type: long + +-- + +*`netflow.mpls_top_label_exp`*:: ++ +-- +type: short + +-- + +*`netflow.ip_payload_length`*:: ++ +-- +type: long + +-- + +*`netflow.udp_message_length`*:: ++ +-- +type: integer + +-- + +*`netflow.is_multicast`*:: ++ +-- +type: short + +-- + +*`netflow.ipv4_ihl`*:: ++ +-- +type: short + +-- + +*`netflow.ipv4_options`*:: ++ +-- +type: long + +-- + +*`netflow.tcp_options`*:: ++ +-- +type: long + +-- + +*`netflow.padding_octets`*:: ++ +-- +type: short + +-- + +*`netflow.collector_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.collector_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.export_interface`*:: ++ +-- +type: long + +-- + +*`netflow.export_protocol_version`*:: ++ +-- +type: short + +-- + +*`netflow.export_transport_protocol`*:: ++ +-- +type: short + +-- + +*`netflow.collector_transport_port`*:: ++ +-- +type: integer + +-- + +*`netflow.exporter_transport_port`*:: ++ +-- +type: integer + +-- + +*`netflow.tcp_syn_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.tcp_fin_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.tcp_rst_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.tcp_psh_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.tcp_ack_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.tcp_urg_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ip_total_length`*:: ++ +-- +type: long + +-- + +*`netflow.post_nat_source_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.post_nat_destination_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.post_napt_source_transport_port`*:: ++ +-- +type: integer + +-- + +*`netflow.post_napt_destination_transport_port`*:: ++ +-- +type: integer + +-- + +*`netflow.nat_originating_address_realm`*:: ++ +-- +type: short + +-- + +*`netflow.nat_event`*:: ++ +-- +type: short + +-- + +*`netflow.initiator_octets`*:: ++ +-- +type: long + +-- + +*`netflow.responder_octets`*:: ++ +-- +type: long + +-- + +*`netflow.firewall_event`*:: ++ +-- +type: short + +-- + +*`netflow.ingress_vrfid`*:: ++ +-- +type: long + +-- + +*`netflow.egress_vrfid`*:: ++ +-- +type: long + +-- + +*`netflow.vr_fname`*:: ++ +-- +type: keyword + +-- + +*`netflow.post_mpls_top_label_exp`*:: ++ +-- +type: short + +-- + +*`netflow.tcp_window_scale`*:: ++ +-- +type: integer + +-- + +*`netflow.biflow_direction`*:: ++ +-- +type: short + +-- + +*`netflow.ethernet_header_length`*:: ++ +-- +type: short + +-- + +*`netflow.ethernet_payload_length`*:: ++ +-- +type: integer + +-- + +*`netflow.ethernet_total_length`*:: ++ +-- +type: integer + +-- + +*`netflow.dot1q_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.dot1q_priority`*:: ++ +-- +type: short + +-- + +*`netflow.dot1q_customer_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.dot1q_customer_priority`*:: ++ +-- +type: short + +-- + +*`netflow.metro_evc_id`*:: ++ +-- +type: keyword + +-- + +*`netflow.metro_evc_type`*:: ++ +-- +type: short + +-- + +*`netflow.pseudo_wire_id`*:: ++ +-- +type: long + +-- + +*`netflow.pseudo_wire_type`*:: ++ +-- +type: integer + +-- + +*`netflow.pseudo_wire_control_word`*:: ++ +-- +type: long + +-- + +*`netflow.ingress_physical_interface`*:: ++ +-- +type: long + +-- + +*`netflow.egress_physical_interface`*:: ++ +-- +type: long + +-- + +*`netflow.post_dot1q_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.post_dot1q_customer_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.ethernet_type`*:: ++ +-- +type: integer + +-- + +*`netflow.post_ip_precedence`*:: ++ +-- +type: short + +-- + +*`netflow.collection_time_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.export_sctp_stream_id`*:: ++ +-- +type: integer + +-- + +*`netflow.max_export_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.max_flow_end_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.message_md5_checksum`*:: ++ +-- +type: short + +-- + +*`netflow.message_scope`*:: ++ +-- +type: short + +-- + +*`netflow.min_export_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.min_flow_start_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.opaque_octets`*:: ++ +-- +type: short + +-- + +*`netflow.session_scope`*:: ++ +-- +type: short + +-- + +*`netflow.max_flow_end_microseconds`*:: ++ +-- +type: date + +-- + +*`netflow.max_flow_end_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.max_flow_end_nanoseconds`*:: ++ +-- +type: date + +-- + +*`netflow.min_flow_start_microseconds`*:: ++ +-- +type: date + +-- + +*`netflow.min_flow_start_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.min_flow_start_nanoseconds`*:: ++ +-- +type: date + +-- + +*`netflow.collector_certificate`*:: ++ +-- +type: short + +-- + +*`netflow.exporter_certificate`*:: ++ +-- +type: short + +-- + +*`netflow.data_records_reliability`*:: ++ +-- +type: boolean + +-- + +*`netflow.observation_point_type`*:: ++ +-- +type: short + +-- + +*`netflow.new_connection_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.connection_sum_duration_seconds`*:: ++ +-- +type: long + +-- + +*`netflow.connection_transaction_id`*:: ++ +-- +type: long + +-- + +*`netflow.post_nat_source_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.post_nat_destination_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.nat_pool_id`*:: ++ +-- +type: long + +-- + +*`netflow.nat_pool_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.anonymization_flags`*:: ++ +-- +type: integer + +-- + +*`netflow.anonymization_technique`*:: ++ +-- +type: integer + +-- + +*`netflow.information_element_index`*:: ++ +-- +type: integer + +-- + +*`netflow.p2p_technology`*:: ++ +-- +type: keyword + +-- + +*`netflow.tunnel_technology`*:: ++ +-- +type: keyword + +-- + +*`netflow.encrypted_technology`*:: ++ +-- +type: keyword + +-- + +*`netflow.bgp_validity_state`*:: ++ +-- +type: short + +-- + +*`netflow.ip_sec_spi`*:: ++ +-- +type: long + +-- + +*`netflow.gre_key`*:: ++ +-- +type: long + +-- + +*`netflow.nat_type`*:: ++ +-- +type: short + +-- + +*`netflow.initiator_packets`*:: ++ +-- +type: long + +-- + +*`netflow.responder_packets`*:: ++ +-- +type: long + +-- + +*`netflow.observation_domain_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.selection_sequence_id`*:: ++ +-- +type: long + +-- + +*`netflow.selector_id`*:: ++ +-- +type: long + +-- + +*`netflow.information_element_id`*:: ++ +-- +type: integer + +-- + +*`netflow.selector_algorithm`*:: ++ +-- +type: integer + +-- + +*`netflow.sampling_packet_interval`*:: ++ +-- +type: long + +-- + +*`netflow.sampling_packet_space`*:: ++ +-- +type: long + +-- + +*`netflow.sampling_time_interval`*:: ++ +-- +type: long + +-- + +*`netflow.sampling_time_space`*:: ++ +-- +type: long + +-- + +*`netflow.sampling_size`*:: ++ +-- +type: long + +-- + +*`netflow.sampling_population`*:: ++ +-- +type: long + +-- + +*`netflow.sampling_probability`*:: ++ +-- +type: double + +-- + +*`netflow.data_link_frame_size`*:: ++ +-- +type: integer + +-- + +*`netflow.ip_header_packet_section`*:: ++ +-- +type: short + +-- + +*`netflow.ip_payload_packet_section`*:: ++ +-- +type: short + +-- + +*`netflow.data_link_frame_section`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_payload_packet_section`*:: ++ +-- +type: short + +-- + +*`netflow.selector_id_total_pkts_observed`*:: ++ +-- +type: long + +-- + +*`netflow.selector_id_total_pkts_selected`*:: ++ +-- +type: long + +-- + +*`netflow.absolute_error`*:: ++ +-- +type: double + +-- + +*`netflow.relative_error`*:: ++ +-- +type: double + +-- + +*`netflow.observation_time_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.observation_time_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.observation_time_microseconds`*:: ++ +-- +type: date + +-- + +*`netflow.observation_time_nanoseconds`*:: ++ +-- +type: date + +-- + +*`netflow.digest_hash_value`*:: ++ +-- +type: long + +-- + +*`netflow.hash_ip_payload_offset`*:: ++ +-- +type: long + +-- + +*`netflow.hash_ip_payload_size`*:: ++ +-- +type: long + +-- + +*`netflow.hash_output_range_min`*:: ++ +-- +type: long + +-- + +*`netflow.hash_output_range_max`*:: ++ +-- +type: long + +-- + +*`netflow.hash_selected_range_min`*:: ++ +-- +type: long + +-- + +*`netflow.hash_selected_range_max`*:: ++ +-- +type: long + +-- + +*`netflow.hash_digest_output`*:: ++ +-- +type: boolean + +-- + +*`netflow.hash_initialiser_value`*:: ++ +-- +type: long + +-- + +*`netflow.selector_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.upper_ci_limit`*:: ++ +-- +type: double + +-- + +*`netflow.lower_ci_limit`*:: ++ +-- +type: double + +-- + +*`netflow.confidence_level`*:: ++ +-- +type: double + +-- + +*`netflow.information_element_data_type`*:: ++ +-- +type: short + +-- + +*`netflow.information_element_description`*:: ++ +-- +type: keyword + +-- + +*`netflow.information_element_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.information_element_range_begin`*:: ++ +-- +type: long + +-- + +*`netflow.information_element_range_end`*:: ++ +-- +type: long + +-- + +*`netflow.information_element_semantics`*:: ++ +-- +type: short + +-- + +*`netflow.information_element_units`*:: ++ +-- +type: integer + +-- + +*`netflow.private_enterprise_number`*:: ++ +-- +type: long + +-- + +*`netflow.virtual_station_interface_id`*:: ++ +-- +type: short + +-- + +*`netflow.virtual_station_interface_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.virtual_station_uuid`*:: ++ +-- +type: short + +-- + +*`netflow.virtual_station_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.layer2_segment_id`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ingress_unicast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ingress_multicast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ingress_broadcast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.egress_unicast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.egress_broadcast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.monitoring_interval_start_milli_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.monitoring_interval_end_milli_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.port_range_start`*:: ++ +-- +type: integer + +-- + +*`netflow.port_range_end`*:: ++ +-- +type: integer + +-- + +*`netflow.port_range_step_size`*:: ++ +-- +type: integer + +-- + +*`netflow.port_range_num_ports`*:: ++ +-- +type: integer + +-- + +*`netflow.sta_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.sta_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.wtp_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.ingress_interface_type`*:: ++ +-- +type: long + +-- + +*`netflow.egress_interface_type`*:: ++ +-- +type: long + +-- + +*`netflow.rtp_sequence_number`*:: ++ +-- +type: integer + +-- + +*`netflow.user_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.application_category_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.application_sub_category_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.application_group_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.original_flows_present`*:: ++ +-- +type: long + +-- + +*`netflow.original_flows_initiated`*:: ++ +-- +type: long + +-- + +*`netflow.original_flows_completed`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_source_ip_address`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_destination_ip_address`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_source_ipv4_address`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_destination_ipv4_address`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_source_ipv6_address`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_destination_ipv6_address`*:: ++ +-- +type: long + +-- + +*`netflow.value_distribution_method`*:: ++ +-- +type: short + +-- + +*`netflow.rfc3550_jitter_milliseconds`*:: ++ +-- +type: long + +-- + +*`netflow.rfc3550_jitter_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.rfc3550_jitter_nanoseconds`*:: ++ +-- +type: long + +-- + +*`netflow.dot1q_dei`*:: ++ +-- +type: boolean + +-- + +*`netflow.dot1q_customer_dei`*:: ++ +-- +type: boolean + +-- + +*`netflow.flow_selector_algorithm`*:: ++ +-- +type: integer + +-- + +*`netflow.flow_selected_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.flow_selected_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.flow_selected_flow_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.selector_id_total_flows_observed`*:: ++ +-- +type: long + +-- + +*`netflow.selector_id_total_flows_selected`*:: ++ +-- +type: long + +-- + +*`netflow.sampling_flow_interval`*:: ++ +-- +type: long + +-- + +*`netflow.sampling_flow_spacing`*:: ++ +-- +type: long + +-- + +*`netflow.flow_sampling_time_interval`*:: ++ +-- +type: long + +-- + +*`netflow.flow_sampling_time_spacing`*:: ++ +-- +type: long + +-- + +*`netflow.hash_flow_domain`*:: ++ +-- +type: integer + +-- + +*`netflow.transport_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.transport_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.original_exporter_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.original_exporter_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.original_observation_domain_id`*:: ++ +-- +type: long + +-- + +*`netflow.intermediate_process_id`*:: ++ +-- +type: long + +-- + +*`netflow.ignored_data_record_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.data_link_frame_type`*:: ++ +-- +type: integer + +-- + +*`netflow.section_offset`*:: ++ +-- +type: integer + +-- + +*`netflow.section_exported_octets`*:: ++ +-- +type: integer + +-- + +*`netflow.dot1q_service_instance_tag`*:: ++ +-- +type: short + +-- + +*`netflow.dot1q_service_instance_id`*:: ++ +-- +type: long + +-- + +*`netflow.dot1q_service_instance_priority`*:: ++ +-- +type: short + +-- + +*`netflow.dot1q_customer_source_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.dot1q_customer_destination_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.post_layer2_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_mcast_layer2_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_mcast_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.minimum_layer2_total_length`*:: ++ +-- +type: long + +-- + +*`netflow.maximum_layer2_total_length`*:: ++ +-- +type: long + +-- + +*`netflow.dropped_layer2_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.dropped_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ignored_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.not_sent_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_octet_delta_sum_of_squares`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_octet_total_sum_of_squares`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_frame_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_frame_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.pseudo_wire_destination_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.ignored_layer2_frame_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.mib_object_value_integer`*:: ++ +-- +type: integer + +-- + +*`netflow.mib_object_value_octet_string`*:: ++ +-- +type: short + +-- + +*`netflow.mib_object_value_oid`*:: ++ +-- +type: short + +-- + +*`netflow.mib_object_value_bits`*:: ++ +-- +type: short + +-- + +*`netflow.mib_object_value_ip_address`*:: ++ +-- +type: ip + +-- + +*`netflow.mib_object_value_counter`*:: ++ +-- +type: long + +-- + +*`netflow.mib_object_value_gauge`*:: ++ +-- +type: long + +-- + +*`netflow.mib_object_value_time_ticks`*:: ++ +-- +type: long + +-- + +*`netflow.mib_object_value_unsigned`*:: ++ +-- +type: long + +-- + +*`netflow.mib_object_identifier`*:: ++ +-- +type: short + +-- + +*`netflow.mib_sub_identifier`*:: ++ +-- +type: long + +-- + +*`netflow.mib_index_indicator`*:: ++ +-- +type: long + +-- + +*`netflow.mib_capture_time_semantics`*:: ++ +-- +type: short + +-- + +*`netflow.mib_context_engine_id`*:: ++ +-- +type: short + +-- + +*`netflow.mib_context_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.mib_object_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.mib_object_description`*:: ++ +-- +type: keyword + +-- + +*`netflow.mib_object_syntax`*:: ++ +-- +type: keyword + +-- + +*`netflow.mib_module_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.mobile_imsi`*:: ++ +-- +type: keyword + +-- + +*`netflow.mobile_msisdn`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_status_code`*:: ++ +-- +type: integer + +-- + +*`netflow.source_transport_ports_limit`*:: ++ +-- +type: integer + +-- + +*`netflow.http_request_method`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_request_host`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_request_target`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_message_version`*:: ++ +-- +type: keyword + +-- + +*`netflow.nat_instance_id`*:: ++ +-- +type: long + +-- + +*`netflow.internal_address_realm`*:: ++ +-- +type: short + +-- + +*`netflow.external_address_realm`*:: ++ +-- +type: short + +-- + +*`netflow.nat_quota_exceeded_event`*:: ++ +-- +type: long + +-- + +*`netflow.nat_threshold_event`*:: ++ +-- +type: long + +-- + +*`netflow.http_user_agent`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_content_type`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_reason_phrase`*:: ++ +-- +type: keyword + +-- + +*`netflow.max_session_entries`*:: ++ +-- +type: long + +-- + +*`netflow.max_bib_entries`*:: ++ +-- +type: long + +-- + +*`netflow.max_entries_per_user`*:: ++ +-- +type: long + +-- + +*`netflow.max_subscribers`*:: ++ +-- +type: long + +-- + +*`netflow.max_fragments_pending_reassembly`*:: ++ +-- +type: long + +-- + +*`netflow.address_pool_high_threshold`*:: ++ +-- +type: long + +-- + +*`netflow.address_pool_low_threshold`*:: ++ +-- +type: long + +-- + +*`netflow.address_port_mapping_high_threshold`*:: ++ +-- +type: long + +-- + +*`netflow.address_port_mapping_low_threshold`*:: ++ +-- +type: long + +-- + +*`netflow.address_port_mapping_per_user_high_threshold`*:: ++ +-- +type: long + +-- + +*`netflow.global_address_mapping_high_threshold`*:: ++ +-- +type: long + +-- + +*`netflow.vpn_identifier`*:: ++ +-- +type: short + +-- + +[[exported-fields-netflow]] +== NetFlow fields + +Fields from NetFlow and IPFIX flows. + + + +[float] +=== netflow + +Fields from NetFlow and IPFIX. + + + +*`netflow.type`*:: ++ +-- +The type of NetFlow record described by this event. + + +type: keyword + +-- + +[float] +=== exporter + +Metadata related to the exporter device that generated this record. + + + +*`netflow.exporter.address`*:: ++ +-- +Exporter's network address in IP:port format. + + +type: keyword + +-- + +*`netflow.exporter.source_id`*:: ++ +-- +Observation domain ID to which this record belongs. + + +type: long + +-- + +*`netflow.exporter.timestamp`*:: ++ +-- +Time and date of export. + + +type: date + +-- + +*`netflow.exporter.uptime_millis`*:: ++ +-- +How long the exporter process has been running, in milliseconds. + + +type: long + +-- + +*`netflow.exporter.version`*:: ++ +-- +NetFlow version used. + + +type: integer + +-- + +*`netflow.octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.delta_flow_count`*:: ++ +-- +type: long + +-- + +*`netflow.protocol_identifier`*:: ++ +-- +type: short + +-- + +*`netflow.ip_class_of_service`*:: ++ +-- +type: short + +-- + +*`netflow.tcp_control_bits`*:: ++ +-- +type: integer + +-- + +*`netflow.source_transport_port`*:: ++ +-- +type: integer + +-- + +*`netflow.source_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.source_ipv4_prefix_length`*:: ++ +-- +type: short + +-- + +*`netflow.ingress_interface`*:: ++ +-- +type: long + +-- + +*`netflow.destination_transport_port`*:: ++ +-- +type: integer + +-- + +*`netflow.destination_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.destination_ipv4_prefix_length`*:: ++ +-- +type: short + +-- + +*`netflow.egress_interface`*:: ++ +-- +type: long + +-- + +*`netflow.ip_next_hop_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.bgp_source_as_number`*:: ++ +-- +type: long + +-- + +*`netflow.bgp_destination_as_number`*:: ++ +-- +type: long + +-- + +*`netflow.bgp_next_hop_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.post_mcast_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_mcast_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.flow_end_sys_up_time`*:: ++ +-- +type: long + +-- + +*`netflow.flow_start_sys_up_time`*:: ++ +-- +type: long + +-- + +*`netflow.post_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.minimum_ip_total_length`*:: ++ +-- +type: long + +-- + +*`netflow.maximum_ip_total_length`*:: ++ +-- +type: long + +-- + +*`netflow.source_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.destination_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.source_ipv6_prefix_length`*:: ++ +-- +type: short + +-- + +*`netflow.destination_ipv6_prefix_length`*:: ++ +-- +type: short + +-- + +*`netflow.flow_label_ipv6`*:: ++ +-- +type: long + +-- + +*`netflow.icmp_type_code_ipv4`*:: ++ +-- +type: integer + +-- + +*`netflow.igmp_type`*:: ++ +-- +type: short + +-- + +*`netflow.sampling_interval`*:: ++ +-- +type: long + +-- + +*`netflow.sampling_algorithm`*:: ++ +-- +type: short + +-- + +*`netflow.flow_active_timeout`*:: ++ +-- +type: integer + +-- + +*`netflow.flow_idle_timeout`*:: ++ +-- +type: integer + +-- + +*`netflow.engine_type`*:: ++ +-- +type: short + +-- + +*`netflow.engine_id`*:: ++ +-- +type: short + +-- + +*`netflow.exported_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.exported_message_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.exported_flow_record_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ipv4_router_sc`*:: ++ +-- +type: ip + +-- + +*`netflow.source_ipv4_prefix`*:: ++ +-- +type: ip + +-- + +*`netflow.destination_ipv4_prefix`*:: ++ +-- +type: ip + +-- + +*`netflow.mpls_top_label_type`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_top_label_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.sampler_id`*:: ++ +-- +type: short + +-- + +*`netflow.sampler_mode`*:: ++ +-- +type: short + +-- + +*`netflow.sampler_random_interval`*:: ++ +-- +type: long + +-- + +*`netflow.class_id`*:: ++ +-- +type: long + +-- + +*`netflow.minimum_ttl`*:: ++ +-- +type: short + +-- + +*`netflow.maximum_ttl`*:: ++ +-- +type: short + +-- + +*`netflow.fragment_identification`*:: ++ +-- +type: long + +-- + +*`netflow.post_ip_class_of_service`*:: ++ +-- +type: short + +-- + +*`netflow.source_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.post_destination_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.post_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.ip_version`*:: ++ +-- +type: short + +-- + +*`netflow.flow_direction`*:: ++ +-- +type: short + +-- + +*`netflow.ip_next_hop_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.bgp_next_hop_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.ipv6_extension_headers`*:: ++ +-- +type: long + +-- + +*`netflow.mpls_top_label_stack_section`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section2`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section3`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section4`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section5`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section6`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section7`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section8`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section9`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section10`*:: ++ +-- +type: short + +-- + +*`netflow.destination_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.post_source_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.interface_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.interface_description`*:: ++ +-- +type: keyword + +-- + +*`netflow.sampler_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.flags_and_sampler_id`*:: ++ +-- +type: long + +-- + +*`netflow.fragment_offset`*:: ++ +-- +type: integer + +-- + +*`netflow.forwarding_status`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_vpn_route_distinguisher`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_top_label_prefix_length`*:: ++ +-- +type: short + +-- + +*`netflow.src_traffic_index`*:: ++ +-- +type: long + +-- + +*`netflow.dst_traffic_index`*:: ++ +-- +type: long + +-- + +*`netflow.application_description`*:: ++ +-- +type: keyword + +-- + +*`netflow.application_id`*:: ++ +-- +type: short + +-- + +*`netflow.application_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.post_ip_diff_serv_code_point`*:: ++ +-- +type: short + +-- + +*`netflow.multicast_replication_factor`*:: ++ +-- +type: long + +-- + +*`netflow.class_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.classification_engine_id`*:: ++ +-- +type: short + +-- + +*`netflow.layer2packet_section_offset`*:: ++ +-- +type: integer + +-- + +*`netflow.layer2packet_section_size`*:: ++ +-- +type: integer + +-- + +*`netflow.layer2packet_section_data`*:: ++ +-- +type: short + +-- + +*`netflow.bgp_next_adjacent_as_number`*:: ++ +-- +type: long + +-- + +*`netflow.bgp_prev_adjacent_as_number`*:: ++ +-- +type: long + +-- + +*`netflow.exporter_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.exporter_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.dropped_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.dropped_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.dropped_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.dropped_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.flow_end_reason`*:: ++ +-- +type: short + +-- + +*`netflow.common_properties_id`*:: ++ +-- +type: long + +-- + +*`netflow.observation_point_id`*:: ++ +-- +type: long + +-- + +*`netflow.icmp_type_code_ipv6`*:: ++ +-- +type: integer + +-- + +*`netflow.mpls_top_label_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.line_card_id`*:: ++ +-- +type: long + +-- + +*`netflow.port_id`*:: ++ +-- +type: long + +-- + +*`netflow.metering_process_id`*:: ++ +-- +type: long + +-- + +*`netflow.exporting_process_id`*:: ++ +-- +type: long + +-- + +*`netflow.template_id`*:: ++ +-- +type: integer + +-- + +*`netflow.wlan_channel_id`*:: ++ +-- +type: short + +-- + +*`netflow.wlan_ssid`*:: ++ +-- +type: keyword + +-- + +*`netflow.flow_id`*:: ++ +-- +type: long + +-- + +*`netflow.observation_domain_id`*:: ++ +-- +type: long + +-- + +*`netflow.flow_start_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_end_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_start_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_end_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_start_microseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_end_microseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_start_nanoseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_end_nanoseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_start_delta_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.flow_end_delta_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.system_init_time_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_duration_milliseconds`*:: ++ +-- +type: long + +-- + +*`netflow.flow_duration_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.observed_flow_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ignored_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ignored_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.not_sent_flow_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.not_sent_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.not_sent_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.destination_ipv6_prefix`*:: ++ +-- +type: ip + +-- + +*`netflow.source_ipv6_prefix`*:: ++ +-- +type: ip + +-- + +*`netflow.post_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.flow_key_indicator`*:: ++ +-- +type: long + +-- + +*`netflow.post_mcast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_mcast_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.icmp_type_ipv4`*:: ++ +-- +type: short + +-- + +*`netflow.icmp_code_ipv4`*:: ++ +-- +type: short + +-- + +*`netflow.icmp_type_ipv6`*:: ++ +-- +type: short + +-- + +*`netflow.icmp_code_ipv6`*:: ++ +-- +type: short + +-- + +*`netflow.udp_source_port`*:: ++ +-- +type: integer + +-- + +*`netflow.udp_destination_port`*:: ++ +-- +type: integer + +-- + +*`netflow.tcp_source_port`*:: ++ +-- +type: integer + +-- + +*`netflow.tcp_destination_port`*:: ++ +-- +type: integer + +-- + +*`netflow.tcp_sequence_number`*:: ++ +-- +type: long + +-- + +*`netflow.tcp_acknowledgement_number`*:: ++ +-- +type: long + +-- + +*`netflow.tcp_window_size`*:: ++ +-- +type: integer + +-- + +*`netflow.tcp_urgent_pointer`*:: ++ +-- +type: integer + +-- + +*`netflow.tcp_header_length`*:: ++ +-- +type: short + +-- + +*`netflow.ip_header_length`*:: ++ +-- +type: short + +-- + +*`netflow.total_length_ipv4`*:: ++ +-- +type: integer + +-- + +*`netflow.payload_length_ipv6`*:: ++ +-- +type: integer + +-- + +*`netflow.ip_ttl`*:: ++ +-- +type: short + +-- + +*`netflow.next_header_ipv6`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_payload_length`*:: ++ +-- +type: long + +-- + +*`netflow.ip_diff_serv_code_point`*:: ++ +-- +type: short + +-- + +*`netflow.ip_precedence`*:: ++ +-- +type: short + +-- + +*`netflow.fragment_flags`*:: ++ +-- +type: short + +-- + +*`netflow.octet_delta_sum_of_squares`*:: ++ +-- +type: long + +-- + +*`netflow.octet_total_sum_of_squares`*:: ++ +-- +type: long + +-- + +*`netflow.mpls_top_label_ttl`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_length`*:: ++ +-- +type: long + +-- + +*`netflow.mpls_label_stack_depth`*:: ++ +-- +type: long + +-- + +*`netflow.mpls_top_label_exp`*:: ++ +-- +type: short + +-- + +*`netflow.ip_payload_length`*:: ++ +-- +type: long + +-- + +*`netflow.udp_message_length`*:: ++ +-- +type: integer + +-- + +*`netflow.is_multicast`*:: ++ +-- +type: short + +-- + +*`netflow.ipv4_ihl`*:: ++ +-- +type: short + +-- + +*`netflow.ipv4_options`*:: ++ +-- +type: long + +-- + +*`netflow.tcp_options`*:: ++ +-- +type: long + +-- + +*`netflow.padding_octets`*:: ++ +-- +type: short + +-- + +*`netflow.collector_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.collector_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.export_interface`*:: ++ +-- +type: long + +-- + +*`netflow.export_protocol_version`*:: ++ +-- +type: short + +-- + +*`netflow.export_transport_protocol`*:: ++ +-- +type: short + +-- + +*`netflow.collector_transport_port`*:: ++ +-- +type: integer + +-- + +*`netflow.exporter_transport_port`*:: ++ +-- +type: integer + +-- + +*`netflow.tcp_syn_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.tcp_fin_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.tcp_rst_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.tcp_psh_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.tcp_ack_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.tcp_urg_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ip_total_length`*:: ++ +-- +type: long + +-- + +*`netflow.post_nat_source_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.post_nat_destination_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.post_napt_source_transport_port`*:: ++ +-- +type: integer + +-- + +*`netflow.post_napt_destination_transport_port`*:: ++ +-- +type: integer + +-- + +*`netflow.nat_originating_address_realm`*:: ++ +-- +type: short + +-- + +*`netflow.nat_event`*:: ++ +-- +type: short + +-- + +*`netflow.initiator_octets`*:: ++ +-- +type: long + +-- + +*`netflow.responder_octets`*:: ++ +-- +type: long + +-- + +*`netflow.firewall_event`*:: ++ +-- +type: short + +-- + +*`netflow.ingress_vrfid`*:: ++ +-- +type: long + +-- + +*`netflow.egress_vrfid`*:: ++ +-- +type: long + +-- + +*`netflow.vr_fname`*:: ++ +-- +type: keyword + +-- + +*`netflow.post_mpls_top_label_exp`*:: ++ +-- +type: short + +-- + +*`netflow.tcp_window_scale`*:: ++ +-- +type: integer + +-- + +*`netflow.biflow_direction`*:: ++ +-- +type: short + +-- + +*`netflow.ethernet_header_length`*:: ++ +-- +type: short + +-- + +*`netflow.ethernet_payload_length`*:: ++ +-- +type: integer + +-- + +*`netflow.ethernet_total_length`*:: ++ +-- +type: integer + +-- + +*`netflow.dot1q_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.dot1q_priority`*:: ++ +-- +type: short + +-- + +*`netflow.dot1q_customer_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.dot1q_customer_priority`*:: ++ +-- +type: short + +-- + +*`netflow.metro_evc_id`*:: ++ +-- +type: keyword + +-- + +*`netflow.metro_evc_type`*:: ++ +-- +type: short + +-- + +*`netflow.pseudo_wire_id`*:: ++ +-- +type: long + +-- + +*`netflow.pseudo_wire_type`*:: ++ +-- +type: integer + +-- + +*`netflow.pseudo_wire_control_word`*:: ++ +-- +type: long + +-- + +*`netflow.ingress_physical_interface`*:: ++ +-- +type: long + +-- + +*`netflow.egress_physical_interface`*:: ++ +-- +type: long + +-- + +*`netflow.post_dot1q_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.post_dot1q_customer_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.ethernet_type`*:: ++ +-- +type: integer + +-- + +*`netflow.post_ip_precedence`*:: ++ +-- +type: short + +-- + +*`netflow.collection_time_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.export_sctp_stream_id`*:: ++ +-- +type: integer + +-- + +*`netflow.max_export_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.max_flow_end_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.message_md5_checksum`*:: ++ +-- +type: short + +-- + +*`netflow.message_scope`*:: ++ +-- +type: short + +-- + +*`netflow.min_export_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.min_flow_start_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.opaque_octets`*:: ++ +-- +type: short + +-- + +*`netflow.session_scope`*:: ++ +-- +type: short + +-- + +*`netflow.max_flow_end_microseconds`*:: ++ +-- +type: date + +-- + +*`netflow.max_flow_end_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.max_flow_end_nanoseconds`*:: ++ +-- +type: date + +-- + +*`netflow.min_flow_start_microseconds`*:: ++ +-- +type: date + +-- + +*`netflow.min_flow_start_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.min_flow_start_nanoseconds`*:: ++ +-- +type: date + +-- + +*`netflow.collector_certificate`*:: ++ +-- +type: short + +-- + +*`netflow.exporter_certificate`*:: ++ +-- +type: short + +-- + +*`netflow.data_records_reliability`*:: ++ +-- +type: boolean + +-- + +*`netflow.observation_point_type`*:: ++ +-- +type: short + +-- + +*`netflow.new_connection_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.connection_sum_duration_seconds`*:: ++ +-- +type: long + +-- + +*`netflow.connection_transaction_id`*:: ++ +-- +type: long + +-- + +*`netflow.post_nat_source_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.post_nat_destination_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.nat_pool_id`*:: ++ +-- +type: long + +-- + +*`netflow.nat_pool_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.anonymization_flags`*:: ++ +-- +type: integer + +-- + +*`netflow.anonymization_technique`*:: ++ +-- +type: integer + +-- + +*`netflow.information_element_index`*:: ++ +-- +type: integer + +-- + +*`netflow.p2p_technology`*:: ++ +-- +type: keyword + +-- + +*`netflow.tunnel_technology`*:: ++ +-- +type: keyword + +-- + +*`netflow.encrypted_technology`*:: ++ +-- +type: keyword + +-- + +*`netflow.bgp_validity_state`*:: ++ +-- +type: short + +-- + +*`netflow.ip_sec_spi`*:: ++ +-- +type: long + +-- + +*`netflow.gre_key`*:: ++ +-- +type: long + +-- + +*`netflow.nat_type`*:: ++ +-- +type: short + +-- + +*`netflow.initiator_packets`*:: ++ +-- +type: long + +-- + +*`netflow.responder_packets`*:: ++ +-- +type: long + +-- + +*`netflow.observation_domain_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.selection_sequence_id`*:: ++ +-- +type: long + +-- + +*`netflow.selector_id`*:: ++ +-- +type: long + +-- + +*`netflow.information_element_id`*:: ++ +-- +type: integer + +-- + +*`netflow.selector_algorithm`*:: ++ +-- +type: integer + +-- + +*`netflow.sampling_packet_interval`*:: ++ +-- +type: long + +-- + +*`netflow.sampling_packet_space`*:: ++ +-- +type: long + +-- + +*`netflow.sampling_time_interval`*:: ++ +-- +type: long + +-- + +*`netflow.sampling_time_space`*:: ++ +-- +type: long + +-- + +*`netflow.sampling_size`*:: ++ +-- +type: long + +-- + +*`netflow.sampling_population`*:: ++ +-- +type: long + +-- + +*`netflow.sampling_probability`*:: ++ +-- +type: double + +-- + +*`netflow.data_link_frame_size`*:: ++ +-- +type: integer + +-- + +*`netflow.ip_header_packet_section`*:: ++ +-- +type: short + +-- + +*`netflow.ip_payload_packet_section`*:: ++ +-- +type: short + +-- + +*`netflow.data_link_frame_section`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_payload_packet_section`*:: ++ +-- +type: short + +-- + +*`netflow.selector_id_total_pkts_observed`*:: ++ +-- +type: long + +-- + +*`netflow.selector_id_total_pkts_selected`*:: ++ +-- +type: long + +-- + +*`netflow.absolute_error`*:: ++ +-- +type: double + +-- + +*`netflow.relative_error`*:: ++ +-- +type: double + +-- + +*`netflow.observation_time_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.observation_time_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.observation_time_microseconds`*:: ++ +-- +type: date + +-- + +*`netflow.observation_time_nanoseconds`*:: ++ +-- +type: date + +-- + +*`netflow.digest_hash_value`*:: ++ +-- +type: long + +-- + +*`netflow.hash_ip_payload_offset`*:: ++ +-- +type: long + +-- + +*`netflow.hash_ip_payload_size`*:: ++ +-- +type: long + +-- + +*`netflow.hash_output_range_min`*:: ++ +-- +type: long + +-- + +*`netflow.hash_output_range_max`*:: ++ +-- +type: long + +-- + +*`netflow.hash_selected_range_min`*:: ++ +-- +type: long + +-- + +*`netflow.hash_selected_range_max`*:: ++ +-- +type: long + +-- + +*`netflow.hash_digest_output`*:: ++ +-- +type: boolean + +-- + +*`netflow.hash_initialiser_value`*:: ++ +-- +type: long + +-- + +*`netflow.selector_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.upper_ci_limit`*:: ++ +-- +type: double + +-- + +*`netflow.lower_ci_limit`*:: ++ +-- +type: double + +-- + +*`netflow.confidence_level`*:: ++ +-- +type: double + +-- + +*`netflow.information_element_data_type`*:: ++ +-- +type: short + +-- + +*`netflow.information_element_description`*:: ++ +-- +type: keyword + +-- + +*`netflow.information_element_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.information_element_range_begin`*:: ++ +-- +type: long + +-- + +*`netflow.information_element_range_end`*:: ++ +-- +type: long + +-- + +*`netflow.information_element_semantics`*:: ++ +-- +type: short + +-- + +*`netflow.information_element_units`*:: ++ +-- +type: integer + +-- + +*`netflow.private_enterprise_number`*:: ++ +-- +type: long + +-- + +*`netflow.virtual_station_interface_id`*:: ++ +-- +type: short + +-- + +*`netflow.virtual_station_interface_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.virtual_station_uuid`*:: ++ +-- +type: short + +-- + +*`netflow.virtual_station_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.layer2_segment_id`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ingress_unicast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ingress_multicast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ingress_broadcast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.egress_unicast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.egress_broadcast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.monitoring_interval_start_milli_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.monitoring_interval_end_milli_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.port_range_start`*:: ++ +-- +type: integer + +-- + +*`netflow.port_range_end`*:: ++ +-- +type: integer + +-- + +*`netflow.port_range_step_size`*:: ++ +-- +type: integer + +-- + +*`netflow.port_range_num_ports`*:: ++ +-- +type: integer + +-- + +*`netflow.sta_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.sta_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.wtp_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.ingress_interface_type`*:: ++ +-- +type: long + +-- + +*`netflow.egress_interface_type`*:: ++ +-- +type: long + +-- + +*`netflow.rtp_sequence_number`*:: ++ +-- +type: integer + +-- + +*`netflow.user_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.application_category_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.application_sub_category_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.application_group_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.original_flows_present`*:: ++ +-- +type: long + +-- + +*`netflow.original_flows_initiated`*:: ++ +-- +type: long + +-- + +*`netflow.original_flows_completed`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_source_ip_address`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_destination_ip_address`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_source_ipv4_address`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_destination_ipv4_address`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_source_ipv6_address`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_destination_ipv6_address`*:: ++ +-- +type: long + +-- + +*`netflow.value_distribution_method`*:: ++ +-- +type: short + +-- + +*`netflow.rfc3550_jitter_milliseconds`*:: ++ +-- +type: long + +-- + +*`netflow.rfc3550_jitter_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.rfc3550_jitter_nanoseconds`*:: ++ +-- +type: long + +-- + +*`netflow.dot1q_dei`*:: ++ +-- +type: boolean + +-- + +*`netflow.dot1q_customer_dei`*:: ++ +-- +type: boolean + +-- + +*`netflow.flow_selector_algorithm`*:: ++ +-- +type: integer + +-- + +*`netflow.flow_selected_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.flow_selected_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.flow_selected_flow_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.selector_id_total_flows_observed`*:: ++ +-- +type: long + +-- + +*`netflow.selector_id_total_flows_selected`*:: ++ +-- +type: long + +-- + +*`netflow.sampling_flow_interval`*:: ++ +-- +type: long + +-- + +*`netflow.sampling_flow_spacing`*:: ++ +-- +type: long + +-- + +*`netflow.flow_sampling_time_interval`*:: ++ +-- +type: long + +-- + +*`netflow.flow_sampling_time_spacing`*:: ++ +-- +type: long + +-- + +*`netflow.hash_flow_domain`*:: ++ +-- +type: integer + +-- + +*`netflow.transport_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.transport_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.original_exporter_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.original_exporter_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.original_observation_domain_id`*:: ++ +-- +type: long + +-- + +*`netflow.intermediate_process_id`*:: ++ +-- +type: long + +-- + +*`netflow.ignored_data_record_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.data_link_frame_type`*:: ++ +-- +type: integer + +-- + +*`netflow.section_offset`*:: ++ +-- +type: integer + +-- + +*`netflow.section_exported_octets`*:: ++ +-- +type: integer + +-- + +*`netflow.dot1q_service_instance_tag`*:: ++ +-- +type: short + +-- + +*`netflow.dot1q_service_instance_id`*:: ++ +-- +type: long + +-- + +*`netflow.dot1q_service_instance_priority`*:: ++ +-- +type: short + +-- + +*`netflow.dot1q_customer_source_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.dot1q_customer_destination_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.post_layer2_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_mcast_layer2_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_mcast_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.minimum_layer2_total_length`*:: ++ +-- +type: long + +-- + +*`netflow.maximum_layer2_total_length`*:: ++ +-- +type: long + +-- + +*`netflow.dropped_layer2_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.dropped_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ignored_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.not_sent_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_octet_delta_sum_of_squares`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_octet_total_sum_of_squares`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_frame_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_frame_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.pseudo_wire_destination_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.ignored_layer2_frame_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.mib_object_value_integer`*:: ++ +-- +type: integer + +-- + +*`netflow.mib_object_value_octet_string`*:: ++ +-- +type: short + +-- + +*`netflow.mib_object_value_oid`*:: ++ +-- +type: short + +-- + +*`netflow.mib_object_value_bits`*:: ++ +-- +type: short + +-- + +*`netflow.mib_object_value_ip_address`*:: ++ +-- +type: ip + +-- + +*`netflow.mib_object_value_counter`*:: ++ +-- +type: long + +-- + +*`netflow.mib_object_value_gauge`*:: ++ +-- +type: long + +-- + +*`netflow.mib_object_value_time_ticks`*:: ++ +-- +type: long + +-- + +*`netflow.mib_object_value_unsigned`*:: ++ +-- +type: long + +-- + +*`netflow.mib_object_identifier`*:: ++ +-- +type: short + +-- + +*`netflow.mib_sub_identifier`*:: ++ +-- +type: long + +-- + +*`netflow.mib_index_indicator`*:: ++ +-- +type: long + +-- + +*`netflow.mib_capture_time_semantics`*:: ++ +-- +type: short + +-- + +*`netflow.mib_context_engine_id`*:: ++ +-- +type: short + +-- + +*`netflow.mib_context_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.mib_object_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.mib_object_description`*:: ++ +-- +type: keyword + +-- + +*`netflow.mib_object_syntax`*:: ++ +-- +type: keyword + +-- + +*`netflow.mib_module_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.mobile_imsi`*:: ++ +-- +type: keyword + +-- + +*`netflow.mobile_msisdn`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_status_code`*:: ++ +-- +type: integer + +-- + +*`netflow.source_transport_ports_limit`*:: ++ +-- +type: integer + +-- + +*`netflow.http_request_method`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_request_host`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_request_target`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_message_version`*:: ++ +-- +type: keyword + +-- + +*`netflow.nat_instance_id`*:: ++ +-- +type: long + +-- + +*`netflow.internal_address_realm`*:: ++ +-- +type: short + +-- + +*`netflow.external_address_realm`*:: ++ +-- +type: short + +-- + +*`netflow.nat_quota_exceeded_event`*:: ++ +-- +type: long + +-- + +*`netflow.nat_threshold_event`*:: ++ +-- +type: long + +-- + +*`netflow.http_user_agent`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_content_type`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_reason_phrase`*:: ++ +-- +type: keyword + +-- + +*`netflow.max_session_entries`*:: ++ +-- +type: long + +-- + +*`netflow.max_bib_entries`*:: ++ +-- +type: long + +-- + +*`netflow.max_entries_per_user`*:: ++ +-- +type: long + +-- + +*`netflow.max_subscribers`*:: ++ +-- +type: long + +-- + +*`netflow.max_fragments_pending_reassembly`*:: ++ +-- +type: long + +-- + +*`netflow.address_pool_high_threshold`*:: ++ +-- +type: long + +-- + +*`netflow.address_pool_low_threshold`*:: ++ +-- +type: long + +-- + +*`netflow.address_port_mapping_high_threshold`*:: ++ +-- +type: long + +-- + +*`netflow.address_port_mapping_low_threshold`*:: ++ +-- +type: long + +-- + +*`netflow.address_port_mapping_per_user_high_threshold`*:: ++ +-- +type: long + +-- + +*`netflow.global_address_mapping_high_threshold`*:: ++ +-- +type: long + +-- + +*`netflow.vpn_identifier`*:: ++ +-- +type: short + +-- + +[[exported-fields-netflow-module]] +== NetFlow fields + +Module for receiving NetFlow and IPFIX flow records over UDP. The module does not add fields beyond what the netflow input provides. + + +[[exported-fields-nginx]] +== Nginx fields + +Module for parsing the Nginx log files. + + + +[float] +=== nginx + +Fields from the Nginx log files. + + + +[float] +=== access + +Contains fields for the Nginx access logs. + + + +*`nginx.access.remote_ip_list`*:: ++ +-- +An array of remote IP addresses. It is a list because it is common to include, besides the client IP address, IP addresses from headers like `X-Forwarded-For`. Real source IP is restored to `source.ip`. + + +type: array + +-- + +*`nginx.access.body_sent.bytes`*:: ++ +-- +type: alias + +alias to: http.response.body.bytes + +-- + +*`nginx.access.user_name`*:: ++ +-- +type: alias + +alias to: user.name + +-- + +*`nginx.access.method`*:: ++ +-- +type: alias + +alias to: http.request.method + +-- + +*`nginx.access.url`*:: ++ +-- +type: alias + +alias to: url.original + +-- + +*`nginx.access.http_version`*:: ++ +-- +type: alias + +alias to: http.version + +-- + +*`nginx.access.response_code`*:: ++ +-- +type: alias + +alias to: http.response.status_code + +-- + +*`nginx.access.referrer`*:: ++ +-- +type: alias + +alias to: http.request.referrer + +-- + +*`nginx.access.agent`*:: ++ +-- +type: alias + +alias to: user_agent.original + +-- + + +*`nginx.access.user_agent.device`*:: ++ +-- +type: alias + +alias to: user_agent.device.name + +-- + +*`nginx.access.user_agent.name`*:: ++ +-- +type: alias + +alias to: user_agent.name + +-- + +*`nginx.access.user_agent.os`*:: ++ +-- +type: alias + +alias to: user_agent.os.full_name + +-- + +*`nginx.access.user_agent.os_name`*:: ++ +-- +type: alias + +alias to: user_agent.os.name + +-- + +*`nginx.access.user_agent.original`*:: ++ +-- +type: alias + +alias to: user_agent.original + +-- + + +*`nginx.access.geoip.continent_name`*:: ++ +-- +type: alias + +alias to: source.geo.continent_name + +-- + +*`nginx.access.geoip.country_iso_code`*:: ++ +-- +type: alias + +alias to: source.geo.country_iso_code + +-- + +*`nginx.access.geoip.location`*:: ++ +-- +type: alias + +alias to: source.geo.location + +-- + +*`nginx.access.geoip.region_name`*:: ++ +-- +type: alias + +alias to: source.geo.region_name + +-- + +*`nginx.access.geoip.city_name`*:: ++ +-- +type: alias + +alias to: source.geo.city_name + +-- + +*`nginx.access.geoip.region_iso_code`*:: ++ +-- +type: alias + +alias to: source.geo.region_iso_code + +-- + +[float] +=== error + +Contains fields for the Nginx error logs. + + + +*`nginx.error.connection_id`*:: ++ +-- +Connection identifier. + + +type: long + +-- + +*`nginx.error.level`*:: ++ +-- +type: alias + +alias to: log.level + +-- + +*`nginx.error.pid`*:: ++ +-- +type: alias + +alias to: process.pid + +-- + +*`nginx.error.tid`*:: ++ +-- +type: alias + +alias to: process.thread.id + +-- + +*`nginx.error.message`*:: ++ +-- +type: alias + +alias to: message + +-- + +[float] +=== ingress_controller + +Contains fields for the Ingress Nginx controller access logs. + + + +*`nginx.ingress_controller.remote_ip_list`*:: ++ +-- +An array of remote IP addresses. It is a list because it is common to include, besides the client IP address, IP addresses from headers like `X-Forwarded-For`. Real source IP is restored to `source.ip`. + + +type: array + +-- + +*`nginx.ingress_controller.http.request.length`*:: ++ +-- +The request length (including request line, header, and request body) + + +type: long + +format: bytes + +-- + +*`nginx.ingress_controller.http.request.time`*:: ++ +-- +Time elapsed since the first bytes were read from the client + + +type: double + +format: duration + +-- + +*`nginx.ingress_controller.upstream.name`*:: ++ +-- +The name of the upstream. + + +type: keyword + +-- + +*`nginx.ingress_controller.upstream.alternative_name`*:: ++ +-- +The name of the alternative upstream. + + +type: keyword + +-- + +*`nginx.ingress_controller.upstream.response.length`*:: ++ +-- +The length of the response obtained from the upstream server + + +type: long + +format: bytes + +-- + +*`nginx.ingress_controller.upstream.response.time`*:: ++ +-- +The time spent on receiving the response from the upstream server as seconds with millisecond resolution + + +type: double + +format: duration + +-- + +*`nginx.ingress_controller.upstream.response.status_code`*:: ++ +-- +The status code of the response obtained from the upstream server + + +type: long + +-- + +*`nginx.ingress_controller.http.request.id`*:: ++ +-- +The randomly generated ID of the request + + +type: keyword + +-- + +*`nginx.ingress_controller.upstream.ip`*:: ++ +-- +The IP address of the upstream server. If several servers were contacted during request processing, their addresses are separated by commas. + + +type: ip + +-- + +*`nginx.ingress_controller.upstream.port`*:: ++ +-- +The port of the upstream server. + + +type: long + +-- + +*`nginx.ingress_controller.body_sent.bytes`*:: ++ +-- +type: alias + +alias to: http.response.body.bytes + +-- + +*`nginx.ingress_controller.user_name`*:: ++ +-- +type: alias + +alias to: user.name + +-- + +*`nginx.ingress_controller.method`*:: ++ +-- +type: alias + +alias to: http.request.method + +-- + +*`nginx.ingress_controller.url`*:: ++ +-- +type: alias + +alias to: url.original + +-- + +*`nginx.ingress_controller.http_version`*:: ++ +-- +type: alias + +alias to: http.version + +-- + +*`nginx.ingress_controller.response_code`*:: ++ +-- +type: alias + +alias to: http.response.status_code + +-- + +*`nginx.ingress_controller.referrer`*:: ++ +-- +type: alias + +alias to: http.request.referrer + +-- + +*`nginx.ingress_controller.agent`*:: ++ +-- +type: alias + +alias to: user_agent.original + +-- + + +*`nginx.ingress_controller.user_agent.device`*:: ++ +-- +type: alias + +alias to: user_agent.device.name + +-- + +*`nginx.ingress_controller.user_agent.name`*:: ++ +-- +type: alias + +alias to: user_agent.name + +-- + +*`nginx.ingress_controller.user_agent.os`*:: ++ +-- +type: alias + +alias to: user_agent.os.full_name + +-- + +*`nginx.ingress_controller.user_agent.os_name`*:: ++ +-- +type: alias + +alias to: user_agent.os.name + +-- + +*`nginx.ingress_controller.user_agent.original`*:: ++ +-- +type: alias + +alias to: user_agent.original + +-- + + +*`nginx.ingress_controller.geoip.continent_name`*:: ++ +-- +type: alias + +alias to: source.geo.continent_name + +-- + +*`nginx.ingress_controller.geoip.country_iso_code`*:: ++ +-- +type: alias + +alias to: source.geo.country_iso_code + +-- + +*`nginx.ingress_controller.geoip.location`*:: ++ +-- +type: alias + +alias to: source.geo.location + +-- + +*`nginx.ingress_controller.geoip.region_name`*:: ++ +-- +type: alias + +alias to: source.geo.region_name + +-- + +*`nginx.ingress_controller.geoip.city_name`*:: ++ +-- +type: alias + +alias to: source.geo.city_name + +-- + +*`nginx.ingress_controller.geoip.region_iso_code`*:: ++ +-- +type: alias + +alias to: source.geo.region_iso_code + +-- + +[[exported-fields-o365]] +== Office 365 fields + +Module for handling logs from Office 365. + + + +[float] +=== o365.audit + +Fields from Office 365 Management API audit logs. + + + +*`o365.audit.Actor`*:: ++ +-- +type: array + +-- + +*`o365.audit.ActorContextId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ActorIpAddress`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ActorUserId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ActorYammerUserId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.AlertEntityId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.AlertId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.AlertLinks`*:: ++ +-- +type: array + +-- + +*`o365.audit.AlertType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.AppId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ApplicationDisplayName`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ApplicationId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.AzureActiveDirectoryEventType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ExchangeMetaData.*`*:: ++ +-- +type: object + +-- + +*`o365.audit.Category`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ClientAppId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ClientInfoString`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ClientIP`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ClientIPAddress`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Comments`*:: ++ +-- +type: text + +-- + +*`o365.audit.CorrelationId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.CreationTime`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.CustomUniqueId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Data`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.DataType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.EntityType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.EventData`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.EventSource`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ExceptionInfo.*`*:: ++ +-- +type: object + +-- + +*`o365.audit.ExtendedProperties.*`*:: ++ +-- +type: object + +-- + +*`o365.audit.ExternalAccess`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.GroupName`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Id`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ImplicitShare`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.IncidentId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.InternalLogonType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.InterSystemsId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.IntraSystemId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Item.*`*:: ++ +-- +type: object + +-- + +*`o365.audit.Item.*.*`*:: ++ +-- +type: object + +-- + +*`o365.audit.ItemName`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ItemType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ListId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ListItemUniqueId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.LogonError`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.LogonType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.LogonUserSid`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.MailboxGuid`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.MailboxOwnerMasterAccountSid`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.MailboxOwnerSid`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.MailboxOwnerUPN`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Members`*:: ++ +-- +type: array + +-- + +*`o365.audit.Members.*`*:: ++ +-- +type: object + +-- + +*`o365.audit.ModifiedProperties.*.*`*:: ++ +-- +type: object + +-- + +*`o365.audit.Name`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ObjectId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Operation`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.OrganizationId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.OrganizationName`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.OriginatingServer`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Parameters.*`*:: ++ +-- +type: object + +-- + +*`o365.audit.PolicyDetails`*:: ++ +-- +type: array + +-- + +*`o365.audit.PolicyId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.RecordType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ResultStatus`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.SensitiveInfoDetectionIsIncluded`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.SharePointMetaData.*`*:: ++ +-- +type: object + +-- + +*`o365.audit.SessionId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Severity`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Site`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.SiteUrl`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Source`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.SourceFileExtension`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.SourceFileName`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.SourceRelativeUrl`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Status`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.SupportTicketId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Target`*:: ++ +-- +type: array + +-- + +*`o365.audit.TargetContextId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.TargetUserOrGroupName`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.TargetUserOrGroupType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.TeamName`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.TeamGuid`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.UniqueSharingId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.UserAgent`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.UserId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.UserKey`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.UserType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Version`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.WebId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Workload`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.YammerNetworkId`*:: ++ +-- +type: keyword + +-- + +[[exported-fields-o365]] +== Office 365 fields + +Module for handling logs from Office 365. + + + +[float] +=== o365.audit + +Fields from Office 365 Management API audit logs. + + + +*`o365.audit.Actor`*:: ++ +-- +type: array + +-- + +*`o365.audit.ActorContextId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ActorIpAddress`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ActorUserId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ActorYammerUserId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.AlertEntityId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.AlertId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.AlertLinks`*:: ++ +-- +type: array + +-- + +*`o365.audit.AlertType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.AppId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ApplicationDisplayName`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ApplicationId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.AzureActiveDirectoryEventType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ExchangeMetaData.*`*:: ++ +-- +type: object + +-- + +*`o365.audit.Category`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ClientAppId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ClientInfoString`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ClientIP`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ClientIPAddress`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Comments`*:: ++ +-- +type: text + +-- + +*`o365.audit.CorrelationId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.CreationTime`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.CustomUniqueId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Data`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.DataType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.EntityType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.EventData`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.EventSource`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ExceptionInfo.*`*:: ++ +-- +type: object + +-- + +*`o365.audit.ExtendedProperties.*`*:: ++ +-- +type: object + +-- + +*`o365.audit.ExternalAccess`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.GroupName`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Id`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ImplicitShare`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.IncidentId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.InternalLogonType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.InterSystemsId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.IntraSystemId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Item.*`*:: ++ +-- +type: object + +-- + +*`o365.audit.Item.*.*`*:: ++ +-- +type: object + +-- + +*`o365.audit.ItemName`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ItemType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ListId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ListItemUniqueId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.LogonError`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.LogonType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.LogonUserSid`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.MailboxGuid`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.MailboxOwnerMasterAccountSid`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.MailboxOwnerSid`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.MailboxOwnerUPN`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Members`*:: ++ +-- +type: array + +-- + +*`o365.audit.Members.*`*:: ++ +-- +type: object + +-- + +*`o365.audit.ModifiedProperties.*.*`*:: ++ +-- +type: object + +-- + +*`o365.audit.Name`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ObjectId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Operation`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.OrganizationId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.OrganizationName`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.OriginatingServer`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Parameters.*`*:: ++ +-- +type: object + +-- + +*`o365.audit.PolicyDetails`*:: ++ +-- +type: array + +-- + +*`o365.audit.PolicyId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.RecordType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ResultStatus`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.SensitiveInfoDetectionIsIncluded`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.SharePointMetaData.*`*:: ++ +-- +type: object + +-- + +*`o365.audit.SessionId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Severity`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Site`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.SiteUrl`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Source`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.SourceFileExtension`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.SourceFileName`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.SourceRelativeUrl`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Status`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.SupportTicketId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Target`*:: ++ +-- +type: array + +-- + +*`o365.audit.TargetContextId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.TargetUserOrGroupName`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.TargetUserOrGroupType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.TeamName`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.TeamGuid`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.UniqueSharingId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.UserAgent`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.UserId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.UserKey`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.UserType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Version`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.WebId`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.Workload`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.YammerNetworkId`*:: ++ +-- +type: keyword + +-- + +[[exported-fields-okta]] +== Okta fields + +Module for handling system logs from Okta. + + + +[float] +=== okta + +Fields from Okta. + + + +*`okta.uuid`*:: ++ +-- +The unique identifier of the Okta LogEvent. + + +type: keyword + +-- + +*`okta.event_type`*:: ++ +-- +The type of the LogEvent. + + +type: keyword + +-- + +*`okta.version`*:: ++ +-- +The version of the LogEvent. + + +type: keyword + +-- + +*`okta.severity`*:: ++ +-- +The severity of the LogEvent. Must be one of DEBUG, INFO, WARN, or ERROR. + + +type: keyword + +-- + +*`okta.display_message`*:: ++ +-- +The display message of the LogEvent. + + +type: keyword + +-- + +[float] +=== actor + +Fields that let you store information of the actor for the LogEvent. + + + +*`okta.actor.id`*:: ++ +-- +Identifier of the actor. + + +type: keyword + +-- + +*`okta.actor.type`*:: ++ +-- +Type of the actor. + + +type: keyword + +-- + +*`okta.actor.alternate_id`*:: ++ +-- +Alternate identifier of the actor. + + +type: keyword + +-- + +*`okta.actor.display_name`*:: ++ +-- +Display name of the actor. + + +type: keyword + +-- + +[float] +=== client + +Fields that let you store information about the client of the actor. + + + +*`okta.client.ip`*:: ++ +-- +The IP address of the client. + + +type: ip + +-- + +[float] +=== user_agent + +Fields about the user agent information of the client. + + + +*`okta.client.user_agent.raw_user_agent`*:: ++ +-- +The raw informaton of the user agent. + + +type: keyword + +-- + +*`okta.client.user_agent.os`*:: ++ +-- +The OS informaton. + + +type: keyword + +-- + +*`okta.client.user_agent.browser`*:: ++ +-- +The browser informaton of the client. + + +type: keyword + +-- + +*`okta.client.zone`*:: ++ +-- +The zone information of the client. + + +type: keyword + +-- + +*`okta.client.device`*:: ++ +-- +The information of the client device. + + +type: keyword + +-- + +*`okta.client.id`*:: ++ +-- +The identifier of the client. + + +type: keyword + +-- + +[float] +=== outcome + +Fields that let you store information about the outcome. + + + +*`okta.outcome.reason`*:: ++ +-- +The reason of the outcome. + + +type: keyword + +-- + +*`okta.outcome.result`*:: ++ +-- +The result of the outcome. Must be one of: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. + + +type: keyword + +-- + +*`okta.target`*:: ++ +-- +The list of targets. + + +type: array + +-- + +[float] +=== transaction + +Fields that let you store information about related transaction. + + + +*`okta.transaction.id`*:: ++ +-- +Identifier of the transaction. + + +type: keyword + +-- + +*`okta.transaction.type`*:: ++ +-- +The type of transaction. Must be one of "WEB", "JOB". + + +type: keyword + +-- + +[float] +=== debug_context + +Fields that let you store information about the debug context. + + + +[float] +=== debug_data + +The debug data. + + + +*`okta.debug_context.debug_data.device_fingerprint`*:: ++ +-- +The fingerprint of the device. + + +type: keyword + +-- + +*`okta.debug_context.debug_data.request_id`*:: ++ +-- +The identifier of the request. + + +type: keyword + +-- + +*`okta.debug_context.debug_data.request_uri`*:: ++ +-- +The request URI. + + +type: keyword + +-- + +*`okta.debug_context.debug_data.threat_suspected`*:: ++ +-- +Threat suspected. + + +type: keyword + +-- + +*`okta.debug_context.debug_data.url`*:: ++ +-- +The URL. + + +type: keyword + +-- + +[float] +=== authentication_context + +Fields that let you store information about authentication context. + + + +*`okta.authentication_context.authentication_provider`*:: ++ +-- +The information about the authentication provider. Must be one of OKTA_AUTHENTICATION_PROVIDER, ACTIVE_DIRECTORY, LDAP, FEDERATION, SOCIAL, FACTOR_PROVIDER. + + +type: keyword + +-- + +*`okta.authentication_context.authentication_step`*:: ++ +-- +The authentication step. + + +type: integer + +-- + +*`okta.authentication_context.credential_provider`*:: ++ +-- +The information about credential provider. Must be one of OKTA_CREDENTIAL_PROVIDER, RSA, SYMANTEC, GOOGLE, DUO, YUBIKEY. + + +type: keyword + +-- + +*`okta.authentication_context.credential_type`*:: ++ +-- +The information about credential type. Must be one of OTP, SMS, PASSWORD, ASSERTION, IWA, EMAIL, OAUTH2, JWT, CERTIFICATE, PRE_SHARED_SYMMETRIC_KEY, OKTA_CLIENT_SESSION, DEVICE_UDID. + + +type: keyword + +-- + +*`okta.authentication_context.issuer`*:: ++ +-- +The information about the issuer. + + +type: array + +-- + +*`okta.authentication_context.external_session_id`*:: ++ +-- +The session identifer of the external session if any. + + +type: keyword + +-- + +*`okta.authentication_context.interface`*:: ++ +-- +The interface used. e.g., Outlook, Office365, wsTrust + + +type: keyword + +-- + +[float] +=== security_context + +Fields that let you store information about security context. + + + +[float] +=== as + +The autonomous system. + + + +*`okta.security_context.as.number`*:: ++ +-- +The AS number. + + +type: integer + +-- + +[float] +=== organization + +The organization that owns the AS number. + + + +*`okta.security_context.as.organization.name`*:: ++ +-- +The organization name. + + +type: keyword + +-- + +*`okta.security_context.isp`*:: ++ +-- +The Internet Service Provider. + + +type: keyword + +-- + +*`okta.security_context.domain`*:: ++ +-- +The domain name. + + +type: keyword + +-- + +*`okta.security_context.is_proxy`*:: ++ +-- +Whether it is a proxy or not. + + +type: boolean + +-- + +[float] +=== request + +Fields that let you store information about the request, in the form of list of ip_chain. + + + +[float] +=== ip_chain + +List of ip_chain objects. + + + +*`okta.request.ip_chain.ip`*:: ++ +-- +IP address. + + +type: ip + +-- + +*`okta.request.ip_chain.version`*:: ++ +-- +IP version. Must be one of V4, V6. + + +type: keyword + +-- + +*`okta.request.ip_chain.source`*:: ++ +-- +Source information. + + +type: keyword + +-- + +[float] +=== geographical_context + +Geographical information. + + + +*`okta.request.ip_chain.geographical_context.city`*:: ++ +-- +The city. + +type: keyword + +-- + +*`okta.request.ip_chain.geographical_context.state`*:: ++ +-- +The state. + +type: keyword + +-- + +*`okta.request.ip_chain.geographical_context.postal_code`*:: ++ +-- +The postal code. + +type: keyword + +-- + +*`okta.request.ip_chain.geographical_context.country`*:: ++ +-- +The country. + +type: keyword + +-- + +*`okta.request.ip_chain.geographical_context.geolocation`*:: ++ +-- +Geolocation information. + + +type: geo_point + +-- + +[[exported-fields-okta]] +== Okta fields + +Module for handling system logs from Okta. + + + +[float] +=== okta + +Fields from Okta. + + + +*`okta.uuid`*:: ++ +-- +The unique identifier of the Okta LogEvent. + + +type: keyword + +-- + +*`okta.event_type`*:: ++ +-- +The type of the LogEvent. + + +type: keyword + +-- + +*`okta.version`*:: ++ +-- +The version of the LogEvent. + + +type: keyword + +-- + +*`okta.severity`*:: ++ +-- +The severity of the LogEvent. Must be one of DEBUG, INFO, WARN, or ERROR. + + +type: keyword + +-- + +*`okta.display_message`*:: ++ +-- +The display message of the LogEvent. + + +type: keyword + +-- + +[float] +=== actor + +Fields that let you store information of the actor for the LogEvent. + + + +*`okta.actor.id`*:: ++ +-- +Identifier of the actor. + + +type: keyword + +-- + +*`okta.actor.type`*:: ++ +-- +Type of the actor. + + +type: keyword + +-- + +*`okta.actor.alternate_id`*:: ++ +-- +Alternate identifier of the actor. + + +type: keyword + +-- + +*`okta.actor.display_name`*:: ++ +-- +Display name of the actor. + + +type: keyword + +-- + +[float] +=== client + +Fields that let you store information about the client of the actor. + + + +*`okta.client.ip`*:: ++ +-- +The IP address of the client. + + +type: ip + +-- + +[float] +=== user_agent + +Fields about the user agent information of the client. + + + +*`okta.client.user_agent.raw_user_agent`*:: ++ +-- +The raw informaton of the user agent. + + +type: keyword + +-- + +*`okta.client.user_agent.os`*:: ++ +-- +The OS informaton. + + +type: keyword + +-- + +*`okta.client.user_agent.browser`*:: ++ +-- +The browser informaton of the client. + + +type: keyword + +-- + +*`okta.client.zone`*:: ++ +-- +The zone information of the client. + + +type: keyword + +-- + +*`okta.client.device`*:: ++ +-- +The information of the client device. + + +type: keyword + +-- + +*`okta.client.id`*:: ++ +-- +The identifier of the client. + + +type: keyword + +-- + +[float] +=== outcome + +Fields that let you store information about the outcome. + + + +*`okta.outcome.reason`*:: ++ +-- +The reason of the outcome. + + +type: keyword + +-- + +*`okta.outcome.result`*:: ++ +-- +The result of the outcome. Must be one of: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. + + +type: keyword + +-- + +*`okta.target`*:: ++ +-- +The list of targets. + + +type: array + +-- + +[float] +=== transaction + +Fields that let you store information about related transaction. + + + +*`okta.transaction.id`*:: ++ +-- +Identifier of the transaction. + + +type: keyword + +-- + +*`okta.transaction.type`*:: ++ +-- +The type of transaction. Must be one of "WEB", "JOB". + + +type: keyword + +-- + +[float] +=== debug_context + +Fields that let you store information about the debug context. + + + +[float] +=== debug_data + +The debug data. + + + +*`okta.debug_context.debug_data.device_fingerprint`*:: ++ +-- +The fingerprint of the device. + + +type: keyword + +-- + +*`okta.debug_context.debug_data.request_id`*:: ++ +-- +The identifier of the request. + + +type: keyword + +-- + +*`okta.debug_context.debug_data.request_uri`*:: ++ +-- +The request URI. + + +type: keyword + +-- + +*`okta.debug_context.debug_data.threat_suspected`*:: ++ +-- +Threat suspected. + + +type: keyword + +-- + +*`okta.debug_context.debug_data.url`*:: ++ +-- +The URL. + + +type: keyword + +-- + +[float] +=== authentication_context + +Fields that let you store information about authentication context. + + + +*`okta.authentication_context.authentication_provider`*:: ++ +-- +The information about the authentication provider. Must be one of OKTA_AUTHENTICATION_PROVIDER, ACTIVE_DIRECTORY, LDAP, FEDERATION, SOCIAL, FACTOR_PROVIDER. + + +type: keyword + +-- + +*`okta.authentication_context.authentication_step`*:: ++ +-- +The authentication step. + + +type: integer + +-- + +*`okta.authentication_context.credential_provider`*:: ++ +-- +The information about credential provider. Must be one of OKTA_CREDENTIAL_PROVIDER, RSA, SYMANTEC, GOOGLE, DUO, YUBIKEY. + + +type: keyword + +-- + +*`okta.authentication_context.credential_type`*:: ++ +-- +The information about credential type. Must be one of OTP, SMS, PASSWORD, ASSERTION, IWA, EMAIL, OAUTH2, JWT, CERTIFICATE, PRE_SHARED_SYMMETRIC_KEY, OKTA_CLIENT_SESSION, DEVICE_UDID. + + +type: keyword + +-- + +*`okta.authentication_context.issuer`*:: ++ +-- +The information about the issuer. + + +type: array + +-- + +*`okta.authentication_context.external_session_id`*:: ++ +-- +The session identifer of the external session if any. + + +type: keyword + +-- + +*`okta.authentication_context.interface`*:: ++ +-- +The interface used. e.g., Outlook, Office365, wsTrust + + +type: keyword + +-- + +[float] +=== security_context + +Fields that let you store information about security context. + + + +[float] +=== as + +The autonomous system. + + + +*`okta.security_context.as.number`*:: ++ +-- +The AS number. + + +type: integer + +-- + +[float] +=== organization + +The organization that owns the AS number. + + + +*`okta.security_context.as.organization.name`*:: ++ +-- +The organization name. + + +type: keyword + +-- + +*`okta.security_context.isp`*:: ++ +-- +The Internet Service Provider. + + +type: keyword + +-- + +*`okta.security_context.domain`*:: ++ +-- +The domain name. + + +type: keyword + +-- + +*`okta.security_context.is_proxy`*:: ++ +-- +Whether it is a proxy or not. + + +type: boolean + +-- + +[float] +=== request + +Fields that let you store information about the request, in the form of list of ip_chain. + + + +[float] +=== ip_chain + +List of ip_chain objects. + + + +*`okta.request.ip_chain.ip`*:: ++ +-- +IP address. + + +type: ip + +-- + +*`okta.request.ip_chain.version`*:: ++ +-- +IP version. Must be one of V4, V6. + + +type: keyword + +-- + +*`okta.request.ip_chain.source`*:: ++ +-- +Source information. + + +type: keyword + +-- + +[float] +=== geographical_context + +Geographical information. + + + +*`okta.request.ip_chain.geographical_context.city`*:: ++ +-- +The city. + +type: keyword + +-- + +*`okta.request.ip_chain.geographical_context.state`*:: ++ +-- +The state. + +type: keyword + +-- + +*`okta.request.ip_chain.geographical_context.postal_code`*:: ++ +-- +The postal code. + +type: keyword + +-- + +*`okta.request.ip_chain.geographical_context.country`*:: ++ +-- +The country. + +type: keyword + +-- + +*`okta.request.ip_chain.geographical_context.geolocation`*:: ++ +-- +Geolocation information. + + +type: geo_point + +-- + +[[exported-fields-osquery]] +== Osquery fields + +Fields exported by the `osquery` module + + + +[float] +=== osquery + + + + +[float] +=== result + +Common fields exported by the result metricset. + + + +*`osquery.result.name`*:: ++ +-- +The name of the query that generated this event. + + +type: keyword + +-- + +*`osquery.result.action`*:: ++ +-- +For incremental data, marks whether the entry was added or removed. It can be one of "added", "removed", or "snapshot". + + +type: keyword + +-- + +*`osquery.result.host_identifier`*:: ++ +-- +The identifier for the host on which the osquery agent is running. Normally the hostname. + + +type: keyword + +-- + +*`osquery.result.unix_time`*:: ++ +-- +Unix timestamp of the event, in seconds since the epoch. Used for computing the `@timestamp` column. + + +type: long + +-- + +*`osquery.result.calendar_time`*:: ++ +-- +String representation of the collection time, as formatted by osquery. + + +type: keyword + +-- + +[[exported-fields-panw]] +== panw fields + +Module for Palo Alto Networks (PAN-OS) + + + +[float] +=== panw + +Fields from the panw module. + + + +[float] +=== panos + +Fields for the Palo Alto Networks PAN-OS logs. + + + +*`panw.panos.ruleset`*:: ++ +-- +Name of the rule that matched this session. + + +type: keyword + +-- + +[float] +=== source + +Fields to extend the top-level source object. + + + +*`panw.panos.source.zone`*:: ++ +-- +Source zone for this session. + + +type: keyword + +-- + +*`panw.panos.source.interface`*:: ++ +-- +Source interface for this session. + + +type: keyword + +-- + +[float] +=== nat + +Post-NAT source address, if source NAT is performed. + + + +*`panw.panos.source.nat.ip`*:: ++ +-- +Post-NAT source IP. + + +type: ip + +-- + +*`panw.panos.source.nat.port`*:: ++ +-- +Post-NAT source port. + + +type: long + +-- + +[float] +=== destination + +Fields to extend the top-level destination object. + + + +*`panw.panos.destination.zone`*:: ++ +-- +Destination zone for this session. + + +type: keyword + +-- + +*`panw.panos.destination.interface`*:: ++ +-- +Destination interface for this session. + + +type: keyword + +-- + +[float] +=== nat + +Post-NAT destination address, if destination NAT is performed. + + + +*`panw.panos.destination.nat.ip`*:: ++ +-- +Post-NAT destination IP. + + +type: ip + +-- + +*`panw.panos.destination.nat.port`*:: ++ +-- +Post-NAT destination port. + + +type: long + +-- + +[float] +=== network + +Fields to extend the top-level network object. + + + +*`panw.panos.network.pcap_id`*:: ++ +-- +Packet capture ID for a threat. + + +type: keyword + +-- + + +*`panw.panos.network.nat.community_id`*:: ++ +-- +Community ID flow-hash for the NAT 5-tuple. + + +type: keyword + +-- + +[float] +=== file + +Fields to extend the top-level file object. + + + +*`panw.panos.file.hash`*:: ++ +-- +Binary hash for a threat file sent to be analyzed by the WildFire service. + + +type: keyword + +-- + +[float] +=== url + +Fields to extend the top-level url object. + + + +*`panw.panos.url.category`*:: ++ +-- +For threat URLs, it's the URL category. For WildFire, the verdict on the file and is either 'malicious', 'grayware', or 'benign'. + + +type: keyword + +-- + +*`panw.panos.flow_id`*:: ++ +-- +Internal numeric identifier for each session. + + +type: keyword + +-- + +*`panw.panos.sequence_number`*:: ++ +-- +Log entry identifier that is incremented sequentially. Unique for each log type. + + +type: long + +-- + +*`panw.panos.threat.resource`*:: ++ +-- +URL or file name for a threat. + + +type: keyword + +-- + +*`panw.panos.threat.id`*:: ++ +-- +Palo Alto Networks identifier for the threat. + + +type: keyword + +-- + +*`panw.panos.threat.name`*:: ++ +-- +Palo Alto Networks name for the threat. + + +type: keyword + +-- + +*`panw.panos.action`*:: ++ +-- +Action taken for the session. + +type: keyword + +-- + +[[exported-fields-panw]] +== panw fields + +Module for Palo Alto Networks (PAN-OS) + + + +[float] +=== panw + +Fields from the panw module. + + + +[float] +=== panos + +Fields for the Palo Alto Networks PAN-OS logs. + + + +*`panw.panos.ruleset`*:: ++ +-- +Name of the rule that matched this session. + + +type: keyword + +-- + +[float] +=== source + +Fields to extend the top-level source object. + + + +*`panw.panos.source.zone`*:: ++ +-- +Source zone for this session. + + +type: keyword + +-- + +*`panw.panos.source.interface`*:: ++ +-- +Source interface for this session. + + +type: keyword + +-- + +[float] +=== nat + +Post-NAT source address, if source NAT is performed. + + + +*`panw.panos.source.nat.ip`*:: ++ +-- +Post-NAT source IP. + + +type: ip + +-- + +*`panw.panos.source.nat.port`*:: ++ +-- +Post-NAT source port. + + +type: long + +-- + +[float] +=== destination + +Fields to extend the top-level destination object. + + + +*`panw.panos.destination.zone`*:: ++ +-- +Destination zone for this session. + + +type: keyword + +-- + +*`panw.panos.destination.interface`*:: ++ +-- +Destination interface for this session. + + +type: keyword + +-- + +[float] +=== nat + +Post-NAT destination address, if destination NAT is performed. + + + +*`panw.panos.destination.nat.ip`*:: ++ +-- +Post-NAT destination IP. + + +type: ip + +-- + +*`panw.panos.destination.nat.port`*:: ++ +-- +Post-NAT destination port. + + +type: long + +-- + +[float] +=== network + +Fields to extend the top-level network object. + + + +*`panw.panos.network.pcap_id`*:: ++ +-- +Packet capture ID for a threat. + + +type: keyword + +-- + + +*`panw.panos.network.nat.community_id`*:: ++ +-- +Community ID flow-hash for the NAT 5-tuple. + + +type: keyword + +-- + +[float] +=== file + +Fields to extend the top-level file object. + + + +*`panw.panos.file.hash`*:: ++ +-- +Binary hash for a threat file sent to be analyzed by the WildFire service. + + +type: keyword + +-- + +[float] +=== url + +Fields to extend the top-level url object. + + + +*`panw.panos.url.category`*:: ++ +-- +For threat URLs, it's the URL category. For WildFire, the verdict on the file and is either 'malicious', 'grayware', or 'benign'. + + +type: keyword + +-- + +*`panw.panos.flow_id`*:: ++ +-- +Internal numeric identifier for each session. + + +type: keyword + +-- + +*`panw.panos.sequence_number`*:: ++ +-- +Log entry identifier that is incremented sequentially. Unique for each log type. + + +type: long + +-- + +*`panw.panos.threat.resource`*:: ++ +-- +URL or file name for a threat. + + +type: keyword + +-- + +*`panw.panos.threat.id`*:: ++ +-- +Palo Alto Networks identifier for the threat. + + +type: keyword + +-- + +*`panw.panos.threat.name`*:: ++ +-- +Palo Alto Networks name for the threat. + + +type: keyword + +-- + +*`panw.panos.action`*:: ++ +-- +Action taken for the session. + +type: keyword + +-- + +[[exported-fields-postgresql]] +== PostgreSQL fields + +Module for parsing the PostgreSQL log files. + + + +[float] +=== postgresql + +Fields from PostgreSQL logs. + + + +[float] +=== log + +Fields from the PostgreSQL log files. + + + +*`postgresql.log.timestamp`*:: ++ +-- + +deprecated:[7.3.0] + +The timestamp from the log line. + + +-- + +*`postgresql.log.core_id`*:: ++ +-- +Core id + + +type: long + +-- + +*`postgresql.log.database`*:: ++ +-- +Name of database + + +example: mydb + +-- + +*`postgresql.log.query`*:: ++ +-- +Query statement. + + +example: SELECT * FROM users; + +-- + +*`postgresql.log.query_step`*:: ++ +-- +Statement step when using extended query protocol (one of statement, parse, bind or execute) + + +example: parse + +-- + +*`postgresql.log.query_name`*:: ++ +-- +Name given to a query when using extended query protocol. If it is "", or not present, this field is ignored. + + +example: pdo_stmt_00000001 + +-- + +*`postgresql.log.error.code`*:: ++ +-- +Error code returned by Postgres (if any) + +type: long + +-- + +*`postgresql.log.timezone`*:: ++ +-- +type: alias + +alias to: event.timezone + +-- + +*`postgresql.log.thread_id`*:: ++ +-- +type: alias + +alias to: process.pid + +-- + +*`postgresql.log.user`*:: ++ +-- +type: alias + +alias to: user.name + +-- + +*`postgresql.log.level`*:: ++ +-- +type: alias + +alias to: log.level + +-- + +*`postgresql.log.message`*:: ++ +-- +type: alias + +alias to: message + +-- + +[[exported-fields-process]] +== Process fields + +Process metadata fields + + + + +*`process.exe`*:: ++ +-- +type: alias + +alias to: process.executable + +-- + +[[exported-fields-rabbitmq]] +== RabbitMQ fields + +RabbitMQ Module + + + +[float] +=== rabbitmq + + + + +[float] +=== log + +RabbitMQ log files + + + +*`rabbitmq.log.pid`*:: ++ +-- +The Erlang process id + +type: keyword + +example: <0.222.0> + +-- + +[[exported-fields-rabbitmq]] +== RabbitMQ fields + +RabbitMQ Module + + + +[float] +=== rabbitmq + + + + +[float] +=== log + +RabbitMQ log files + + + +*`rabbitmq.log.pid`*:: ++ +-- +The Erlang process id + +type: keyword + +example: <0.222.0> + +-- + +[[exported-fields-redis]] +== Redis fields + +Redis Module + + + +[float] +=== redis + + + + +[float] +=== log + +Redis log files + + + +*`redis.log.role`*:: ++ +-- +The role of the Redis instance. Can be one of `master`, `slave`, `child` (for RDF/AOF writing child), or `sentinel`. + + +type: keyword + +-- + +*`redis.log.pid`*:: ++ +-- +type: alias + +alias to: process.pid + +-- + +*`redis.log.level`*:: ++ +-- +type: alias + +alias to: log.level + +-- + +*`redis.log.message`*:: ++ +-- +type: alias + +alias to: message + +-- + +[float] +=== slowlog + +Slow logs are retrieved from Redis via a network connection. + + + +*`redis.slowlog.cmd`*:: ++ +-- +The command executed. + + +type: keyword + +-- + +*`redis.slowlog.duration.us`*:: ++ +-- +How long it took to execute the command in microseconds. + + +type: long + +-- + +*`redis.slowlog.id`*:: ++ +-- +The ID of the query. + + +type: long + +-- + +*`redis.slowlog.key`*:: ++ +-- +The key on which the command was executed. + + +type: keyword + +-- + +*`redis.slowlog.args`*:: ++ +-- +The arguments with which the command was called. + + +type: keyword + +-- + +[[exported-fields-s3]] +== s3 fields + +S3 fields from s3 input. + + + +*`bucket_name`*:: ++ +-- +Name of the S3 bucket that this log retrieved from. + + +type: keyword + +-- + +*`object_key`*:: ++ +-- +Name of the S3 object that this log retrieved from. + + +type: keyword + +-- + +[[exported-fields-s3]] +== s3 fields + +S3 fields from s3 input. + + + +*`bucket_name`*:: ++ +-- +Name of the S3 bucket that this log retrieved from. + + +type: keyword + +-- + +*`object_key`*:: ++ +-- +Name of the S3 object that this log retrieved from. + + +type: keyword + +-- + +[[exported-fields-santa]] +== Google Santa fields + +Santa Module + + + +[float] +=== santa + + + + +*`santa.action`*:: ++ +-- +Action + +type: keyword + +example: EXEC + +-- + +*`santa.decision`*:: ++ +-- +Decision that santad took. + +type: keyword + +example: ALLOW + +-- + +*`santa.reason`*:: ++ +-- +Reason for the decsision. + +type: keyword + +example: CERT + +-- + +*`santa.mode`*:: ++ +-- +Operating mode of Santa. + +type: keyword + +example: M + +-- + +[float] +=== disk + +Fields for DISKAPPEAR actions. + + +*`santa.disk.volume`*:: ++ +-- +The volume name. + +-- + +*`santa.disk.bus`*:: ++ +-- +The disk bus protocol. + +-- + +*`santa.disk.serial`*:: ++ +-- +The disk serial number. + +-- + +*`santa.disk.bsdname`*:: ++ +-- +The disk BSD name. + +example: disk1s3 + +-- + +*`santa.disk.model`*:: ++ +-- +The disk model. + +example: APPLE SSD SM0512L + +-- + +*`santa.disk.fs`*:: ++ +-- +The disk volume kind (filesystem type). + +example: apfs + +-- + +*`santa.disk.mount`*:: ++ +-- +The disk volume path. + +-- + +*`santa.certificate.common_name`*:: ++ +-- +Common name from code signing certificate. + +type: keyword + +-- + +*`santa.certificate.sha256`*:: ++ +-- +SHA256 hash of code signing certificate. + +type: keyword + +-- + +[[exported-fields-suricata]] +== Suricata fields + +Module for handling the EVE JSON logs produced by Suricata. + + + +[float] +=== suricata + +Fields from the Suricata EVE log file. + + + +[float] +=== eve + +Fields exported by the EVE JSON logs + + + +*`suricata.eve.event_type`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.app_proto_orig`*:: ++ +-- +type: keyword + +-- + + +*`suricata.eve.tcp.tcp_flags`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.tcp.psh`*:: ++ +-- +type: boolean + +-- + +*`suricata.eve.tcp.tcp_flags_tc`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.tcp.ack`*:: ++ +-- +type: boolean + +-- + +*`suricata.eve.tcp.syn`*:: ++ +-- +type: boolean + +-- + +*`suricata.eve.tcp.state`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.tcp.tcp_flags_ts`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.tcp.rst`*:: ++ +-- +type: boolean + +-- + +*`suricata.eve.tcp.fin`*:: ++ +-- +type: boolean + +-- + + +*`suricata.eve.fileinfo.sha1`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.fileinfo.filename`*:: ++ +-- +type: alias + +alias to: file.path + +-- + +*`suricata.eve.fileinfo.tx_id`*:: ++ +-- +type: long + +-- + +*`suricata.eve.fileinfo.state`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.fileinfo.stored`*:: ++ +-- +type: boolean + +-- + +*`suricata.eve.fileinfo.gaps`*:: ++ +-- +type: boolean + +-- + +*`suricata.eve.fileinfo.sha256`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.fileinfo.md5`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.fileinfo.size`*:: ++ +-- +type: alias + +alias to: file.size + +-- + +*`suricata.eve.icmp_type`*:: ++ +-- +type: long + +-- + +*`suricata.eve.dest_port`*:: ++ +-- +type: alias + +alias to: destination.port + +-- + +*`suricata.eve.src_port`*:: ++ +-- +type: alias + +alias to: source.port + +-- + +*`suricata.eve.proto`*:: ++ +-- +type: alias + +alias to: network.transport + +-- + +*`suricata.eve.pcap_cnt`*:: ++ +-- +type: long + +-- + +*`suricata.eve.src_ip`*:: ++ +-- +type: alias + +alias to: source.ip + +-- + + +*`suricata.eve.dns.type`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.dns.rrtype`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.dns.rrname`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.dns.rdata`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.dns.tx_id`*:: ++ +-- +type: long + +-- + +*`suricata.eve.dns.ttl`*:: ++ +-- +type: long + +-- + +*`suricata.eve.dns.rcode`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.dns.id`*:: ++ +-- +type: long + +-- + +*`suricata.eve.flow_id`*:: ++ +-- +type: keyword + +-- + + +*`suricata.eve.email.status`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.dest_ip`*:: ++ +-- +type: alias + +alias to: destination.ip + +-- + +*`suricata.eve.icmp_code`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.http.status`*:: ++ +-- +type: alias + +alias to: http.response.status_code + +-- + +*`suricata.eve.http.redirect`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.http.http_user_agent`*:: ++ +-- +type: alias + +alias to: user_agent.original + +-- + +*`suricata.eve.http.protocol`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.http.http_refer`*:: ++ +-- +type: alias + +alias to: http.request.referrer + +-- + +*`suricata.eve.http.url`*:: ++ +-- +type: alias + +alias to: url.original + +-- + +*`suricata.eve.http.hostname`*:: ++ +-- +type: alias + +alias to: url.domain + +-- + +*`suricata.eve.http.length`*:: ++ +-- +type: alias + +alias to: http.response.body.bytes + +-- + +*`suricata.eve.http.http_method`*:: ++ +-- +type: alias + +alias to: http.request.method + +-- + +*`suricata.eve.http.http_content_type`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.timestamp`*:: ++ +-- +type: alias + +alias to: @timestamp + +-- + +*`suricata.eve.in_iface`*:: ++ +-- +type: keyword + +-- + + +*`suricata.eve.alert.category`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.alert.severity`*:: ++ +-- +type: alias + +alias to: event.severity + +-- + +*`suricata.eve.alert.rev`*:: ++ +-- +type: long + +-- + +*`suricata.eve.alert.gid`*:: ++ +-- +type: long + +-- + +*`suricata.eve.alert.signature`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.alert.action`*:: ++ +-- +type: alias + +alias to: event.outcome + +-- + +*`suricata.eve.alert.signature_id`*:: ++ +-- +type: long + +-- + + + +*`suricata.eve.ssh.client.proto_version`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.ssh.client.software_version`*:: ++ +-- +type: keyword + +-- + + +*`suricata.eve.ssh.server.proto_version`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.ssh.server.software_version`*:: ++ +-- +type: keyword + +-- + + + +*`suricata.eve.stats.capture.kernel_packets`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.capture.kernel_drops`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.capture.kernel_ifdrops`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.uptime`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.detect.alert`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.http.memcap`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.http.memuse`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.file_store.open_files`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.defrag.max_frag_hits`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.defrag.ipv4.timeouts`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.defrag.ipv4.fragments`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.defrag.ipv4.reassembled`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.defrag.ipv6.timeouts`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.defrag.ipv6.fragments`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.defrag.ipv6.reassembled`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.flow.tcp_reuse`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow.udp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow.memcap`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow.emerg_mode_entered`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow.emerg_mode_over`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow.tcp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow.icmpv6`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow.icmpv4`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow.spare`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow.memuse`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.tcp.pseudo_failed`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.ssn_memcap_drop`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.insert_data_overlap_fail`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.sessions`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.pseudo`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.synack`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.insert_data_normal_fail`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.syn`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.memuse`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.invalid_checksum`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.segment_memcap_drop`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.overlap`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.insert_list_fail`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.rst`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.stream_depth_reached`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.reassembly_memuse`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.reassembly_gap`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.overlap_diff_data`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.no_flow`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.decoder.avg_pkt_size`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.bytes`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.tcp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.raw`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.ppp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.vlan_qinq`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.null`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.decoder.ltnull.unsupported_type`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.ltnull.pkt_too_small`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.invalid`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.gre`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.ipv4`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.ipv6`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.pkts`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.ipv6_in_ipv6`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.decoder.ipraw.invalid_ip_version`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.pppoe`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.udp`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.decoder.dce.pkt_too_small`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.vlan`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.sctp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.max_pkt_size`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.teredo`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.mpls`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.sll`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.icmpv6`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.icmpv4`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.erspan`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.ethernet`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.ipv4_in_ipv6`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.ieee8021ah`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.dns.memcap_global`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.dns.memcap_state`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.dns.memuse`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.flow_mgr.rows_busy`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.flows_timeout`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.flows_notimeout`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.rows_skipped`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.closed_pruned`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.new_pruned`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.flows_removed`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.bypassed_pruned`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.est_pruned`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.flows_timeout_inuse`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.flows_checked`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.rows_maxlen`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.rows_checked`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.rows_empty`*:: ++ +-- +type: long + +-- + + + +*`suricata.eve.stats.app_layer.flow.tls`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.ftp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.http`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.failed_udp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.dns_udp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.dns_tcp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.smtp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.failed_tcp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.msn`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.ssh`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.imap`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.dcerpc_udp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.dcerpc_tcp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.smb`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.app_layer.tx.tls`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.tx.ftp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.tx.http`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.tx.dns_udp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.tx.dns_tcp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.tx.smtp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.tx.ssh`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.tx.dcerpc_udp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.tx.dcerpc_tcp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.tx.smb`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.tls.notbefore`*:: ++ +-- +type: date + +-- + +*`suricata.eve.tls.issuerdn`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.tls.sni`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.tls.version`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.tls.session_resumed`*:: ++ +-- +type: boolean + +-- + +*`suricata.eve.tls.fingerprint`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.tls.serial`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.tls.notafter`*:: ++ +-- +type: date + +-- + +*`suricata.eve.tls.subject`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.app_proto_ts`*:: ++ +-- +type: keyword + +-- + + +*`suricata.eve.flow.bytes_toclient`*:: ++ +-- +type: alias + +alias to: destination.bytes + +-- + +*`suricata.eve.flow.start`*:: ++ +-- +type: alias + +alias to: event.start + +-- + +*`suricata.eve.flow.pkts_toclient`*:: ++ +-- +type: alias + +alias to: destination.packets + +-- + +*`suricata.eve.flow.age`*:: ++ +-- +type: long + +-- + +*`suricata.eve.flow.state`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.flow.bytes_toserver`*:: ++ +-- +type: alias + +alias to: source.bytes + +-- + +*`suricata.eve.flow.reason`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.flow.pkts_toserver`*:: ++ +-- +type: alias + +alias to: source.packets + +-- + +*`suricata.eve.flow.end`*:: ++ +-- +type: date + +-- + +*`suricata.eve.flow.alerted`*:: ++ +-- +type: boolean + +-- + +*`suricata.eve.app_proto`*:: ++ +-- +type: alias + +alias to: network.protocol + +-- + +*`suricata.eve.tx_id`*:: ++ +-- +type: long + +-- + +*`suricata.eve.app_proto_tc`*:: ++ +-- +type: keyword + +-- + + +*`suricata.eve.smtp.rcpt_to`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.smtp.mail_from`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.smtp.helo`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.app_proto_expected`*:: ++ +-- +type: keyword + +-- + +[[exported-fields-suricata]] +== Suricata fields + +Module for handling the EVE JSON logs produced by Suricata. + + + +[float] +=== suricata + +Fields from the Suricata EVE log file. + + + +[float] +=== eve + +Fields exported by the EVE JSON logs + + + +*`suricata.eve.event_type`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.app_proto_orig`*:: ++ +-- +type: keyword + +-- + + +*`suricata.eve.tcp.tcp_flags`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.tcp.psh`*:: ++ +-- +type: boolean + +-- + +*`suricata.eve.tcp.tcp_flags_tc`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.tcp.ack`*:: ++ +-- +type: boolean + +-- + +*`suricata.eve.tcp.syn`*:: ++ +-- +type: boolean + +-- + +*`suricata.eve.tcp.state`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.tcp.tcp_flags_ts`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.tcp.rst`*:: ++ +-- +type: boolean + +-- + +*`suricata.eve.tcp.fin`*:: ++ +-- +type: boolean + +-- + + +*`suricata.eve.fileinfo.sha1`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.fileinfo.filename`*:: ++ +-- +type: alias + +alias to: file.path + +-- + +*`suricata.eve.fileinfo.tx_id`*:: ++ +-- +type: long + +-- + +*`suricata.eve.fileinfo.state`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.fileinfo.stored`*:: ++ +-- +type: boolean + +-- + +*`suricata.eve.fileinfo.gaps`*:: ++ +-- +type: boolean + +-- + +*`suricata.eve.fileinfo.sha256`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.fileinfo.md5`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.fileinfo.size`*:: ++ +-- +type: alias + +alias to: file.size + +-- + +*`suricata.eve.icmp_type`*:: ++ +-- +type: long + +-- + +*`suricata.eve.dest_port`*:: ++ +-- +type: alias + +alias to: destination.port + +-- + +*`suricata.eve.src_port`*:: ++ +-- +type: alias + +alias to: source.port + +-- + +*`suricata.eve.proto`*:: ++ +-- +type: alias + +alias to: network.transport + +-- + +*`suricata.eve.pcap_cnt`*:: ++ +-- +type: long + +-- + +*`suricata.eve.src_ip`*:: ++ +-- +type: alias + +alias to: source.ip + +-- + + +*`suricata.eve.dns.type`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.dns.rrtype`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.dns.rrname`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.dns.rdata`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.dns.tx_id`*:: ++ +-- +type: long + +-- + +*`suricata.eve.dns.ttl`*:: ++ +-- +type: long + +-- + +*`suricata.eve.dns.rcode`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.dns.id`*:: ++ +-- +type: long + +-- + +*`suricata.eve.flow_id`*:: ++ +-- +type: keyword + +-- + + +*`suricata.eve.email.status`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.dest_ip`*:: ++ +-- +type: alias + +alias to: destination.ip + +-- + +*`suricata.eve.icmp_code`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.http.status`*:: ++ +-- +type: alias + +alias to: http.response.status_code + +-- + +*`suricata.eve.http.redirect`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.http.http_user_agent`*:: ++ +-- +type: alias + +alias to: user_agent.original + +-- + +*`suricata.eve.http.protocol`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.http.http_refer`*:: ++ +-- +type: alias + +alias to: http.request.referrer + +-- + +*`suricata.eve.http.url`*:: ++ +-- +type: alias + +alias to: url.original + +-- + +*`suricata.eve.http.hostname`*:: ++ +-- +type: alias + +alias to: url.domain + +-- + +*`suricata.eve.http.length`*:: ++ +-- +type: alias + +alias to: http.response.body.bytes + +-- + +*`suricata.eve.http.http_method`*:: ++ +-- +type: alias + +alias to: http.request.method + +-- + +*`suricata.eve.http.http_content_type`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.timestamp`*:: ++ +-- +type: alias + +alias to: @timestamp + +-- + +*`suricata.eve.in_iface`*:: ++ +-- +type: keyword + +-- + + +*`suricata.eve.alert.category`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.alert.severity`*:: ++ +-- +type: alias + +alias to: event.severity + +-- + +*`suricata.eve.alert.rev`*:: ++ +-- +type: long + +-- + +*`suricata.eve.alert.gid`*:: ++ +-- +type: long + +-- + +*`suricata.eve.alert.signature`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.alert.action`*:: ++ +-- +type: alias + +alias to: event.outcome + +-- + +*`suricata.eve.alert.signature_id`*:: ++ +-- +type: long + +-- + + + +*`suricata.eve.ssh.client.proto_version`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.ssh.client.software_version`*:: ++ +-- +type: keyword + +-- + + +*`suricata.eve.ssh.server.proto_version`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.ssh.server.software_version`*:: ++ +-- +type: keyword + +-- + + + +*`suricata.eve.stats.capture.kernel_packets`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.capture.kernel_drops`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.capture.kernel_ifdrops`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.uptime`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.detect.alert`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.http.memcap`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.http.memuse`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.file_store.open_files`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.defrag.max_frag_hits`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.defrag.ipv4.timeouts`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.defrag.ipv4.fragments`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.defrag.ipv4.reassembled`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.defrag.ipv6.timeouts`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.defrag.ipv6.fragments`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.defrag.ipv6.reassembled`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.flow.tcp_reuse`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow.udp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow.memcap`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow.emerg_mode_entered`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow.emerg_mode_over`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow.tcp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow.icmpv6`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow.icmpv4`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow.spare`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow.memuse`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.tcp.pseudo_failed`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.ssn_memcap_drop`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.insert_data_overlap_fail`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.sessions`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.pseudo`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.synack`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.insert_data_normal_fail`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.syn`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.memuse`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.invalid_checksum`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.segment_memcap_drop`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.overlap`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.insert_list_fail`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.rst`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.stream_depth_reached`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.reassembly_memuse`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.reassembly_gap`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.overlap_diff_data`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.tcp.no_flow`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.decoder.avg_pkt_size`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.bytes`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.tcp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.raw`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.ppp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.vlan_qinq`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.null`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.decoder.ltnull.unsupported_type`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.ltnull.pkt_too_small`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.invalid`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.gre`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.ipv4`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.ipv6`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.pkts`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.ipv6_in_ipv6`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.decoder.ipraw.invalid_ip_version`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.pppoe`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.udp`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.decoder.dce.pkt_too_small`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.vlan`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.sctp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.max_pkt_size`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.teredo`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.mpls`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.sll`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.icmpv6`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.icmpv4`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.erspan`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.ethernet`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.ipv4_in_ipv6`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.decoder.ieee8021ah`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.dns.memcap_global`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.dns.memcap_state`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.dns.memuse`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.flow_mgr.rows_busy`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.flows_timeout`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.flows_notimeout`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.rows_skipped`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.closed_pruned`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.new_pruned`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.flows_removed`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.bypassed_pruned`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.est_pruned`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.flows_timeout_inuse`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.flows_checked`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.rows_maxlen`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.rows_checked`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.flow_mgr.rows_empty`*:: ++ +-- +type: long + +-- + + + +*`suricata.eve.stats.app_layer.flow.tls`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.ftp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.http`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.failed_udp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.dns_udp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.dns_tcp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.smtp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.failed_tcp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.msn`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.ssh`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.imap`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.dcerpc_udp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.dcerpc_tcp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.flow.smb`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.stats.app_layer.tx.tls`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.tx.ftp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.tx.http`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.tx.dns_udp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.tx.dns_tcp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.tx.smtp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.tx.ssh`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.tx.dcerpc_udp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.tx.dcerpc_tcp`*:: ++ +-- +type: long + +-- + +*`suricata.eve.stats.app_layer.tx.smb`*:: ++ +-- +type: long + +-- + + +*`suricata.eve.tls.notbefore`*:: ++ +-- +type: date + +-- + +*`suricata.eve.tls.issuerdn`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.tls.sni`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.tls.version`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.tls.session_resumed`*:: ++ +-- +type: boolean + +-- + +*`suricata.eve.tls.fingerprint`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.tls.serial`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.tls.notafter`*:: ++ +-- +type: date + +-- + +*`suricata.eve.tls.subject`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.app_proto_ts`*:: ++ +-- +type: keyword + +-- + + +*`suricata.eve.flow.bytes_toclient`*:: ++ +-- +type: alias + +alias to: destination.bytes + +-- + +*`suricata.eve.flow.start`*:: ++ +-- +type: alias + +alias to: event.start + +-- + +*`suricata.eve.flow.pkts_toclient`*:: ++ +-- +type: alias + +alias to: destination.packets + +-- + +*`suricata.eve.flow.age`*:: ++ +-- +type: long + +-- + +*`suricata.eve.flow.state`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.flow.bytes_toserver`*:: ++ +-- +type: alias + +alias to: source.bytes + +-- + +*`suricata.eve.flow.reason`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.flow.pkts_toserver`*:: ++ +-- +type: alias + +alias to: source.packets + +-- + +*`suricata.eve.flow.end`*:: ++ +-- +type: date + +-- + +*`suricata.eve.flow.alerted`*:: ++ +-- +type: boolean + +-- + +*`suricata.eve.app_proto`*:: ++ +-- +type: alias + +alias to: network.protocol + +-- + +*`suricata.eve.tx_id`*:: ++ +-- +type: long + +-- + +*`suricata.eve.app_proto_tc`*:: ++ +-- +type: keyword + +-- + + +*`suricata.eve.smtp.rcpt_to`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.smtp.mail_from`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.smtp.helo`*:: ++ +-- +type: keyword + +-- + +*`suricata.eve.app_proto_expected`*:: ++ +-- +type: keyword + +-- + +[[exported-fields-system]] +== System fields + +Module for parsing system log files. + + + +[float] +=== system + +Fields from the system log files. + + + +[float] +=== auth + +Fields from the Linux authorization logs. + + + +*`system.auth.timestamp`*:: ++ +-- +type: alias + +alias to: @timestamp + +-- + +*`system.auth.hostname`*:: ++ +-- +type: alias + +alias to: host.hostname + +-- + +*`system.auth.program`*:: ++ +-- +type: alias + +alias to: process.name + +-- + +*`system.auth.pid`*:: ++ +-- +type: alias + +alias to: process.pid + +-- + +*`system.auth.message`*:: ++ +-- +type: alias + +alias to: message + +-- + +*`system.auth.user`*:: ++ +-- +type: alias + +alias to: user.name + +-- + + +*`system.auth.ssh.method`*:: ++ +-- +The SSH authentication method. Can be one of "password" or "publickey". + + +-- + +*`system.auth.ssh.signature`*:: ++ +-- +The signature of the client public key. + + +-- + +*`system.auth.ssh.dropped_ip`*:: ++ +-- +The client IP from SSH connections that are open and immediately dropped. + + +type: ip + +-- + +*`system.auth.ssh.event`*:: ++ +-- +The SSH event as found in the logs (Accepted, Invalid, Failed, etc.) + + +example: Accepted + +-- + +*`system.auth.ssh.ip`*:: ++ +-- +type: alias + +alias to: source.ip + +-- + +*`system.auth.ssh.port`*:: ++ +-- +type: alias + +alias to: source.port + +-- + + +*`system.auth.ssh.geoip.continent_name`*:: ++ +-- +type: alias + +alias to: source.geo.continent_name + +-- + +*`system.auth.ssh.geoip.country_iso_code`*:: ++ +-- +type: alias + +alias to: source.geo.country_iso_code + +-- + +*`system.auth.ssh.geoip.location`*:: ++ +-- +type: alias + +alias to: source.geo.location + +-- + +*`system.auth.ssh.geoip.region_name`*:: ++ +-- +type: alias + +alias to: source.geo.region_name + +-- + +*`system.auth.ssh.geoip.city_name`*:: ++ +-- +type: alias + +alias to: source.geo.city_name + +-- + +*`system.auth.ssh.geoip.region_iso_code`*:: ++ +-- +type: alias + +alias to: source.geo.region_iso_code + +-- + +[float] +=== sudo + +Fields specific to events created by the `sudo` command. + + + +*`system.auth.sudo.error`*:: ++ +-- +The error message in case the sudo command failed. + + +example: user NOT in sudoers + +-- + +*`system.auth.sudo.tty`*:: ++ +-- +The TTY where the sudo command is executed. + + +-- + +*`system.auth.sudo.pwd`*:: ++ +-- +The current directory where the sudo command is executed. + + +-- + +*`system.auth.sudo.user`*:: ++ +-- +The target user to which the sudo command is switching. + + +example: root + +-- + +*`system.auth.sudo.command`*:: ++ +-- +The command executed via sudo. + + +-- + +[float] +=== useradd + +Fields specific to events created by the `useradd` command. + + + +*`system.auth.useradd.home`*:: ++ +-- +The home folder for the new user. + +-- + +*`system.auth.useradd.shell`*:: ++ +-- +The default shell for the new user. + +-- + +*`system.auth.useradd.name`*:: ++ +-- +type: alias + +alias to: user.name + +-- + +*`system.auth.useradd.uid`*:: ++ +-- +type: alias + +alias to: user.id + +-- + +*`system.auth.useradd.gid`*:: ++ +-- +type: alias + +alias to: group.id + +-- + +[float] +=== groupadd + +Fields specific to events created by the `groupadd` command. + + + +*`system.auth.groupadd.name`*:: ++ +-- +type: alias + +alias to: group.name + +-- + +*`system.auth.groupadd.gid`*:: ++ +-- +type: alias + +alias to: group.id + +-- + +[float] +=== syslog + +Contains fields from the syslog system logs. + + + +*`system.syslog.timestamp`*:: ++ +-- +type: alias + +alias to: @timestamp + +-- + +*`system.syslog.hostname`*:: ++ +-- +type: alias + +alias to: host.hostname + +-- + +*`system.syslog.program`*:: ++ +-- +type: alias + +alias to: process.name + +-- + +*`system.syslog.pid`*:: ++ +-- +type: alias + +alias to: process.pid + +-- + +*`system.syslog.message`*:: ++ +-- +type: alias + +alias to: message + +-- + +[[exported-fields-traefik]] +== Traefik fields + +Module for parsing the Traefik log files. + + + +[float] +=== traefik + +Fields from the Traefik log files. + + + +[float] +=== access + +Contains fields for the Traefik access logs. + + + +*`traefik.access.user_identifier`*:: ++ +-- +Is the RFC 1413 identity of the client + + +type: keyword + +-- + +*`traefik.access.request_count`*:: ++ +-- +The number of requests + + +type: long + +-- + +*`traefik.access.frontend_name`*:: ++ +-- +The name of the frontend used + + +type: keyword + +-- + +*`traefik.access.backend_url`*:: ++ +-- +The url of the backend where request is forwarded + +type: keyword + +-- + +*`traefik.access.body_sent.bytes`*:: ++ +-- +type: alias + +alias to: http.response.body.bytes + +-- + +*`traefik.access.remote_ip`*:: ++ +-- +type: alias + +alias to: source.address + +-- + +*`traefik.access.user_name`*:: ++ +-- +type: alias + +alias to: user.name + +-- + +*`traefik.access.method`*:: ++ +-- +type: alias + +alias to: http.request.method + +-- + +*`traefik.access.url`*:: ++ +-- +type: alias + +alias to: url.original + +-- + +*`traefik.access.http_version`*:: ++ +-- +type: alias + +alias to: http.version + +-- + +*`traefik.access.response_code`*:: ++ +-- +type: alias + +alias to: http.response.status_code + +-- + +*`traefik.access.referrer`*:: ++ +-- +type: alias + +alias to: http.request.referrer + +-- + +*`traefik.access.agent`*:: ++ +-- +type: alias + +alias to: user_agent.original + +-- + + +*`traefik.access.user_agent.device`*:: ++ +-- +type: alias + +alias to: user_agent.device.name + +-- + +*`traefik.access.user_agent.name`*:: ++ +-- +type: alias + +alias to: user_agent.name + +-- + +*`traefik.access.user_agent.os`*:: ++ +-- +type: alias + +alias to: user_agent.os.full_name + +-- + +*`traefik.access.user_agent.os_name`*:: ++ +-- +type: alias + +alias to: user_agent.os.name + +-- + +*`traefik.access.user_agent.original`*:: ++ +-- +type: alias + +alias to: user_agent.original + +-- + + +*`traefik.access.geoip.continent_name`*:: ++ +-- +type: alias + +alias to: source.geo.continent_name + +-- + +*`traefik.access.geoip.country_iso_code`*:: ++ +-- +type: alias + +alias to: source.geo.country_iso_code + +-- + +*`traefik.access.geoip.location`*:: ++ +-- +type: alias + +alias to: source.geo.location + +-- + +*`traefik.access.geoip.region_name`*:: ++ +-- +type: alias + +alias to: source.geo.region_name + +-- + +*`traefik.access.geoip.city_name`*:: ++ +-- +type: alias + +alias to: source.geo.city_name + +-- + +*`traefik.access.geoip.region_iso_code`*:: ++ +-- +type: alias + +alias to: source.geo.region_iso_code + +-- + +[[exported-fields-zeek]] +== Zeek fields + +Module for handling logs produced by Zeek/Bro + + + +[float] +=== zeek + +Fields from Zeek/Bro logs after normalization + + + +*`zeek.session_id`*:: ++ +-- +A unique identifier of the session + + +type: keyword + +-- + +[float] +=== capture_loss + +Fields exported by the Zeek capture_loss log + + + +*`zeek.capture_loss.ts_delta`*:: ++ +-- +The time delay between this measurement and the last. + + +type: integer + +-- + +*`zeek.capture_loss.peer`*:: ++ +-- +In the event that there are multiple Bro instances logging to the same host, this distinguishes each peer with its individual name. + + +type: keyword + +-- + +*`zeek.capture_loss.gaps`*:: ++ +-- +Number of missed ACKs from the previous measurement interval. + + +type: integer + +-- + +*`zeek.capture_loss.acks`*:: ++ +-- +Total number of ACKs seen in the previous measurement interval. + + +type: integer + +-- + +*`zeek.capture_loss.percent_lost`*:: ++ +-- +Percentage of ACKs seen where the data being ACKed wasn't seen. + + +type: double + +-- + +[float] +=== connection + +Fields exported by the Zeek Connection log + + + +*`zeek.connection.local_orig`*:: ++ +-- +Indicates whether the session is originated locally. + + +type: boolean + +-- + +*`zeek.connection.local_resp`*:: ++ +-- +Indicates whether the session is responded locally. + + +type: boolean + +-- + +*`zeek.connection.missed_bytes`*:: ++ +-- +Missed bytes for the session. + + +type: long + +-- + +*`zeek.connection.state`*:: ++ +-- +Code indicating the state of the session. + + +type: keyword + +-- + +*`zeek.connection.state_message`*:: ++ +-- +The state of the session. + + +type: keyword + +-- + + +*`zeek.connection.icmp.type`*:: ++ +-- +ICMP message type. + + +type: integer + +-- + +*`zeek.connection.icmp.code`*:: ++ +-- +ICMP message code. + + +type: integer + +-- + +*`zeek.connection.history`*:: ++ +-- +Flags indicating the history of the session. + + +type: keyword + +-- + +*`zeek.connection.vlan`*:: ++ +-- +VLAN identifier. + + +type: integer + +-- + +*`zeek.connection.inner_vlan`*:: ++ +-- +VLAN identifier. + + +type: integer + +-- + +[float] +=== dce_rpc + +Fields exported by the Zeek DCE_RPC log + + + +*`zeek.dce_rpc.rtt`*:: ++ +-- +Round trip time from the request to the response. If either the request or response wasn't seen, this will be null. + + +type: integer + +-- + +*`zeek.dce_rpc.named_pipe`*:: ++ +-- +Remote pipe name. + + +type: keyword + +-- + +*`zeek.dce_rpc.endpoint`*:: ++ +-- +Endpoint name looked up from the uuid. + + +type: keyword + +-- + +*`zeek.dce_rpc.operation`*:: ++ +-- +Operation seen in the call. + + +type: keyword + +-- + +[float] +=== dhcp + +Fields exported by the Zeek DHCP log + + + +*`zeek.dhcp.domain`*:: ++ +-- +Domain given by the server in option 15. + + +type: keyword + +-- + +*`zeek.dhcp.duration`*:: ++ +-- +Duration of the DHCP session representing the time from the first +message to the last, in seconds. + + +type: double + +-- + +*`zeek.dhcp.hostname`*:: ++ +-- +Name given by client in Hostname option 12. + + +type: keyword + +-- + +*`zeek.dhcp.client_fqdn`*:: ++ +-- +FQDN given by client in Client FQDN option 81. + + +type: keyword + +-- + +*`zeek.dhcp.lease_time`*:: ++ +-- +IP address lease interval in seconds. + + +type: integer + +-- + +[float] +=== address + +Addresses seen in this DHCP exchange. + + + +*`zeek.dhcp.address.assigned`*:: ++ +-- +IP address assigned by the server. + + +type: ip + +-- + +*`zeek.dhcp.address.client`*:: ++ +-- +IP address of the client. If a transaction is only a client sending +INFORM messages then there is no lease information exchanged so this +is helpful to know who sent the messages. Getting an address in this +field does require that the client sources at least one DHCP message +using a non-broadcast address. + + +type: ip + +-- + +*`zeek.dhcp.address.mac`*:: ++ +-- +Client's hardware address. + + +type: keyword + +-- + +*`zeek.dhcp.address.requested`*:: ++ +-- +IP address requested by the client. + + +type: ip + +-- + +*`zeek.dhcp.address.server`*:: ++ +-- +IP address of the DHCP server. + + +type: ip + +-- + + +*`zeek.dhcp.msg.types`*:: ++ +-- +List of DHCP message types seen in this exchange. + + +type: keyword + +-- + +*`zeek.dhcp.msg.origin`*:: ++ +-- +(present if policy/protocols/dhcp/msg-orig.bro is loaded) +The address that originated each message from the msg.types field. + + +type: ip + +-- + +*`zeek.dhcp.msg.client`*:: ++ +-- +Message typically accompanied with a DHCP_DECLINE so the client can +tell the server why it rejected an address. + + +type: keyword + +-- + +*`zeek.dhcp.msg.server`*:: ++ +-- +Message typically accompanied with a DHCP_NAK to let the client know +why it rejected the request. + + +type: keyword + +-- + + +*`zeek.dhcp.software.client`*:: ++ +-- +(present if policy/protocols/dhcp/software.bro is loaded) +Software reported by the client in the vendor_class option. + + +type: keyword + +-- + +*`zeek.dhcp.software.server`*:: ++ +-- +(present if policy/protocols/dhcp/software.bro is loaded) +Software reported by the client in the vendor_class option. + + +type: keyword + +-- + + +*`zeek.dhcp.id.circuit`*:: ++ +-- +(present if policy/protocols/dhcp/sub-opts.bro is loaded) +Added by DHCP relay agents which terminate switched or permanent +circuits. It encodes an agent-local identifier of the circuit from +which a DHCP client-to-server packet was received. Typically it +should represent a router or switch interface number. + + +type: keyword + +-- + +*`zeek.dhcp.id.remote_agent`*:: ++ +-- +(present if policy/protocols/dhcp/sub-opts.bro is loaded) +A globally unique identifier added by relay agents to identify the +remote host end of the circuit. + + +type: keyword + +-- + +*`zeek.dhcp.id.subscriber`*:: ++ +-- +(present if policy/protocols/dhcp/sub-opts.bro is loaded) +The subscriber ID is a value independent of the physical network +configuration so that a customer's DHCP configuration can be given +to them correctly no matter where they are physically connected. + + +type: keyword + +-- + +[float] +=== dnp3 + +Fields exported by the Zeek SSH log + + + + +*`zeek.dnp3.function.request`*:: ++ +-- +The name of the function message in the request. + + +type: keyword + +-- + +*`zeek.dnp3.function.reply`*:: ++ +-- +The name of the function message in the reply. + + +type: keyword + +-- + +*`zeek.dnp3.id`*:: ++ +-- +The response's internal indication number. + + +type: integer + +-- + +[float] +=== dns + +Fields exported by the Zeek DNS log + + + +*`zeek.dns.trans_id`*:: ++ +-- +DNS transaction identifier. + + +type: keyword + +-- + +*`zeek.dns.rtt`*:: ++ +-- +Round trip time for the query and response. + + +type: double + +-- + +*`zeek.dns.query`*:: ++ +-- +The domain name that is the subject of the DNS query. + + +type: keyword + +-- + +*`zeek.dns.qclass`*:: ++ +-- +The QCLASS value specifying the class of the query. + + +type: long + +-- + +*`zeek.dns.qclass_name`*:: ++ +-- +A descriptive name for the class of the query. + + +type: keyword + +-- + +*`zeek.dns.qtype`*:: ++ +-- +A QTYPE value specifying the type of the query. + + +type: long + +-- + +*`zeek.dns.qtype_name`*:: ++ +-- +A descriptive name for the type of the query. + + +type: keyword + +-- + +*`zeek.dns.rcode`*:: ++ +-- +The response code value in DNS response messages. + + +type: long + +-- + +*`zeek.dns.rcode_name`*:: ++ +-- +A descriptive name for the response code value. + + +type: keyword + +-- + +*`zeek.dns.AA`*:: ++ +-- +The Authoritative Answer bit for response messages specifies that the responding +name server is an authority for the domain name in the question section. + + +type: boolean + +-- + +*`zeek.dns.TC`*:: ++ +-- +The Truncation bit specifies that the message was truncated. + + +type: boolean + +-- + +*`zeek.dns.RD`*:: ++ +-- +The Recursion Desired bit in a request message indicates that the client +wants recursive service for this query. + + +type: boolean + +-- + +*`zeek.dns.RA`*:: ++ +-- +The Recursion Available bit in a response message indicates that the name +server supports recursive queries. + + +type: boolean + +-- + +*`zeek.dns.answers`*:: ++ +-- +The set of resource descriptions in the query answer. + + +type: keyword + +-- + +*`zeek.dns.TTLs`*:: ++ +-- +The caching intervals of the associated RRs described by the answers field. + + +type: double + +-- + +*`zeek.dns.rejected`*:: ++ +-- +Indicates whether the DNS query was rejected by the server. + + +type: boolean + +-- + +*`zeek.dns.total_answers`*:: ++ +-- +The total number of resource records in the reply. + + +type: integer + +-- + +*`zeek.dns.total_replies`*:: ++ +-- +The total number of resource records in the reply message. + + +type: integer + +-- + +*`zeek.dns.saw_query`*:: ++ +-- +Whether the full DNS query has been seen. + + +type: boolean + +-- + +*`zeek.dns.saw_reply`*:: ++ +-- +Whether the full DNS reply has been seen. + + +type: boolean + +-- + +[float] +=== dpd + +Fields exported by the Zeek DPD log + + + +*`zeek.dpd.analyzer`*:: ++ +-- +The analyzer that generated the violation. + + +type: keyword + +-- + +*`zeek.dpd.failure_reason`*:: ++ +-- +The textual reason for the analysis failure. + + +type: keyword + +-- + +*`zeek.dpd.packet_segment`*:: ++ +-- +(present if policy/frameworks/dpd/packet-segment-logging.bro is loaded) +A chunk of the payload that most likely resulted in the protocol violation. + + +type: keyword + +-- + +[float] +=== files + +Fields exported by the Zeek Files log. + + + +*`zeek.files.fuid`*:: ++ +-- +A file unique identifier. + + +type: keyword + +-- + +*`zeek.files.tx_host`*:: ++ +-- +The host that transferred the file. + + +type: ip + +-- + +*`zeek.files.rx_host`*:: ++ +-- +The host that received the file. + + +type: ip + +-- + +*`zeek.files.session_ids`*:: ++ +-- +The sessions that have this file. + + +type: keyword + +-- + +*`zeek.files.source`*:: ++ +-- +An identification of the source of the file data. E.g. it may be a network protocol +over which it was transferred, or a local file path which was read, or some other +input source. + + +type: keyword + +-- + +*`zeek.files.depth`*:: ++ +-- +A value to represent the depth of this file in relation to its source. In SMTP, it +is the depth of the MIME attachment on the message. In HTTP, it is the depth of the +request within the TCP connection. + + +type: long + +-- + +*`zeek.files.analyzers`*:: ++ +-- +A set of analysis types done during the file analysis. + + +type: keyword + +-- + +*`zeek.files.mime_type`*:: ++ +-- +Mime type of the file. + + +type: keyword + +-- + +*`zeek.files.filename`*:: ++ +-- +Name of the file if available. + + +type: keyword + +-- + +*`zeek.files.local_orig`*:: ++ +-- +If the source of this file is a network connection, this field indicates if the data +originated from the local network or not. + + +type: boolean + +-- + +*`zeek.files.is_orig`*:: ++ +-- +If the source of this file is a network connection, this field indicates if the file is +being sent by the originator of the connection or the responder. + + +type: boolean + +-- + +*`zeek.files.duration`*:: ++ +-- +The duration the file was analyzed for. Not the duration of the session. + + +type: double + +-- + +*`zeek.files.seen_bytes`*:: ++ +-- +Number of bytes provided to the file analysis engine for the file. + + +type: long + +-- + +*`zeek.files.total_bytes`*:: ++ +-- +Total number of bytes that are supposed to comprise the full file. + + +type: long + +-- + +*`zeek.files.missing_bytes`*:: ++ +-- +The number of bytes in the file stream that were completely missed during the process +of analysis. + + +type: long + +-- + +*`zeek.files.overflow_bytes`*:: ++ +-- +The number of bytes in the file stream that were not delivered to stream file analyzers. +This could be overlapping bytes or bytes that couldn't be reassembled. + + +type: long + +-- + +*`zeek.files.timedout`*:: ++ +-- +Whether the file analysis timed out at least once for the file. + + +type: boolean + +-- + +*`zeek.files.parent_fuid`*:: ++ +-- +Identifier associated with a container file from which this one was extracted as part of +the file analysis. + + +type: keyword + +-- + +*`zeek.files.md5`*:: ++ +-- +An MD5 digest of the file contents. + + +type: keyword + +-- + +*`zeek.files.sha1`*:: ++ +-- +A SHA1 digest of the file contents. + + +type: keyword + +-- + +*`zeek.files.sha256`*:: ++ +-- +A SHA256 digest of the file contents. + + +type: keyword + +-- + +*`zeek.files.extracted`*:: ++ +-- +Local filename of extracted file. + + +type: keyword + +-- + +*`zeek.files.extracted_cutoff`*:: ++ +-- +Indicate whether the file being extracted was cut off hence not extracted completely. + + +type: boolean + +-- + +*`zeek.files.extracted_size`*:: ++ +-- +The number of bytes extracted to disk. + + +type: long + +-- + +*`zeek.files.entropy`*:: ++ +-- +The information density of the contents of the file. + + +type: double + +-- + +[float] +=== ftp + +Fields exported by the Zeek FTP log + + + +*`zeek.ftp.user`*:: ++ +-- +User name for the current FTP session. + + +type: keyword + +-- + +*`zeek.ftp.password`*:: ++ +-- +Password for the current FTP session if captured. + + +type: keyword + +-- + +*`zeek.ftp.command`*:: ++ +-- +Command given by the client. + + +type: keyword + +-- + +*`zeek.ftp.arg`*:: ++ +-- +Argument for the command if one is given. + + +type: keyword + +-- + + +*`zeek.ftp.file.size`*:: ++ +-- +Size of the file if the command indicates a file transfer. + + +type: long + +-- + +*`zeek.ftp.file.mime_type`*:: ++ +-- +Sniffed mime type of file. + + +type: keyword + +-- + +*`zeek.ftp.file.fuid`*:: ++ +-- +(present if base/protocols/ftp/files.bro is loaded) +File unique ID. + + +type: keyword + +-- + + +*`zeek.ftp.reply.code`*:: ++ +-- +Reply code from the server in response to the command. + + +type: integer + +-- + +*`zeek.ftp.reply.msg`*:: ++ +-- +Reply message from the server in response to the command. + + +type: keyword + +-- + +[float] +=== data_channel + +Expected FTP data channel. + + + +*`zeek.ftp.data_channel.passive`*:: ++ +-- +Whether PASV mode is toggled for control channel. + + +type: boolean + +-- + +*`zeek.ftp.data_channel.originating_host`*:: ++ +-- +The host that will be initiating the data connection. + + +type: ip + +-- + +*`zeek.ftp.data_channel.response_host`*:: ++ +-- +The host that will be accepting the data connection. + + +type: ip + +-- + +*`zeek.ftp.data_channel.response_port`*:: ++ +-- +The port at which the acceptor is listening for the data connection. + + +type: integer + +-- + +*`zeek.ftp.cwd`*:: ++ +-- +Current working directory that this session is in. By making the default value '.', we can indicate that unless something more concrete is discovered that the existing but unknown directory is ok to use. + + +type: keyword + +-- + +[float] +=== cmdarg + +Command that is currently waiting for a response. + + + +*`zeek.ftp.cmdarg.cmd`*:: ++ +-- +Command. + + +type: keyword + +-- + +*`zeek.ftp.cmdarg.arg`*:: ++ +-- +Argument for the command if one was given. + + +type: keyword + +-- + +*`zeek.ftp.cmdarg.seq`*:: ++ +-- +Counter to track how many commands have been executed. + + +type: integer + +-- + +*`zeek.ftp.pending_commands`*:: ++ +-- +Queue for commands that have been sent but not yet responded to are tracked here. + + +type: integer + +-- + +*`zeek.ftp.passive`*:: ++ +-- +Indicates if the session is in active or passive mode. + + +type: boolean + +-- + +*`zeek.ftp.capture_password`*:: ++ +-- +Determines if the password will be captured for this request. + + +type: boolean + +-- + +*`zeek.ftp.last_auth_requested`*:: ++ +-- +present if base/protocols/ftp/gridftp.bro is loaded. +Last authentication/security mechanism that was used. + + +type: keyword + +-- + +[float] +=== http + +Fields exported by the Zeek HTTP log + + + +*`zeek.http.trans_depth`*:: ++ +-- +Represents the pipelined depth into the connection of this request/response transaction. + + +type: integer + +-- + +*`zeek.http.status_msg`*:: ++ +-- +Status message returned by the server. + + +type: keyword + +-- + +*`zeek.http.info_code`*:: ++ +-- +Last seen 1xx informational reply code returned by the server. + + +type: integer + +-- + +*`zeek.http.info_msg`*:: ++ +-- +Last seen 1xx informational reply message returned by the server. + + +type: keyword + +-- + +*`zeek.http.tags`*:: ++ +-- +A set of indicators of various attributes discovered and related to a particular +request/response pair. + + +type: keyword + +-- + +*`zeek.http.password`*:: ++ +-- +Password if basic-auth is performed for the request. + + +type: keyword + +-- + +*`zeek.http.captured_password`*:: ++ +-- +Determines if the password will be captured for this request. + + +type: boolean + +-- + +*`zeek.http.proxied`*:: ++ +-- +All of the headers that may indicate if the HTTP request was proxied. + + +type: keyword + +-- + +*`zeek.http.range_request`*:: ++ +-- +Indicates if this request can assume 206 partial content in response. + + +type: boolean + +-- + +*`zeek.http.client_header_names`*:: ++ +-- +The vector of HTTP header names sent by the client. No header values +are included here, just the header names. + + +type: keyword + +-- + +*`zeek.http.server_header_names`*:: ++ +-- +The vector of HTTP header names sent by the server. No header values +are included here, just the header names. + + +type: keyword + +-- + +*`zeek.http.orig_fuids`*:: ++ +-- +An ordered vector of file unique IDs from the originator. + + +type: keyword + +-- + +*`zeek.http.orig_mime_types`*:: ++ +-- +An ordered vector of mime types from the originator. + + +type: keyword + +-- + +*`zeek.http.orig_filenames`*:: ++ +-- +An ordered vector of filenames from the originator. + + +type: keyword + +-- + +*`zeek.http.resp_fuids`*:: ++ +-- +An ordered vector of file unique IDs from the responder. + + +type: keyword + +-- + +*`zeek.http.resp_mime_types`*:: ++ +-- +An ordered vector of mime types from the responder. + + +type: keyword + +-- + +*`zeek.http.resp_filenames`*:: ++ +-- +An ordered vector of filenames from the responder. + + +type: keyword + +-- + +*`zeek.http.orig_mime_depth`*:: ++ +-- +Current number of MIME entities in the HTTP request message body. + + +type: integer + +-- + +*`zeek.http.resp_mime_depth`*:: ++ +-- +Current number of MIME entities in the HTTP response message body. + + +type: integer + +-- + +[float] +=== intel + +Fields exported by the Zeek Intel log. + + + + +*`zeek.intel.seen.indicator`*:: ++ +-- +The intelligence indicator. + + +type: keyword + +-- + +*`zeek.intel.seen.indicator_type`*:: ++ +-- +The type of data the indicator represents. + + +type: keyword + +-- + +*`zeek.intel.seen.host`*:: ++ +-- +If the indicator type was Intel::ADDR, then this field will be present. + + +type: keyword + +-- + +*`zeek.intel.seen.conn`*:: ++ +-- +If the data was discovered within a connection, the connection record should go here to give context to the data. + + +type: keyword + +-- + +*`zeek.intel.seen.where`*:: ++ +-- +Where the data was discovered. + + +type: keyword + +-- + +*`zeek.intel.seen.node`*:: ++ +-- +The name of the node where the match was discovered. + + +type: keyword + +-- + +*`zeek.intel.seen.uid`*:: ++ +-- +If the data was discovered within a connection, the connection uid should go here to give context to the data. If the conn field is provided, this will be automatically filled out. + + +type: keyword + +-- + +*`zeek.intel.seen.f`*:: ++ +-- +If the data was discovered within a file, the file record should go here to provide context to the data. + + +type: object + +-- + +*`zeek.intel.seen.fuid`*:: ++ +-- +If the data was discovered within a file, the file uid should go here to provide context to the data. If the file record f is provided, this will be automatically filled out. + + +type: keyword + +-- + +*`zeek.intel.matched`*:: ++ +-- +Event to represent a match in the intelligence data from data that was seen. + + +type: keyword + +-- + +*`zeek.intel.sources`*:: ++ +-- +Sources which supplied data for this match. + + +type: keyword + +-- + +*`zeek.intel.fuid`*:: ++ +-- +If a file was associated with this intelligence hit, this is the uid for the file. + + +type: keyword + +-- + +*`zeek.intel.file_mime_type`*:: ++ +-- +A mime type if the intelligence hit is related to a file. If the $f field is provided this will be automatically filled out. + + +type: keyword + +-- + +*`zeek.intel.file_desc`*:: ++ +-- +Frequently files can be described to give a bit more context. If the $f field is provided this field will be automatically filled out. + + +type: keyword + +-- + +[float] +=== irc + +Fields exported by the Zeek IRC log + + + +*`zeek.irc.nick`*:: ++ +-- +Nickname given for the connection. + + +type: keyword + +-- + +*`zeek.irc.user`*:: ++ +-- +Username given for the connection. + + +type: keyword + +-- + +*`zeek.irc.command`*:: ++ +-- +Command given by the client. + + +type: keyword + +-- + +*`zeek.irc.value`*:: ++ +-- +Value for the command given by the client. + + +type: keyword + +-- + +*`zeek.irc.addl`*:: ++ +-- +Any additional data for the command. + + +type: keyword + +-- + + + +*`zeek.irc.dcc.file.name`*:: ++ +-- +Present if base/protocols/irc/dcc-send.bro is loaded. +DCC filename requested. + + +type: keyword + +-- + +*`zeek.irc.dcc.file.size`*:: ++ +-- +Present if base/protocols/irc/dcc-send.bro is loaded. +Size of the DCC transfer as indicated by the sender. + + +type: long + +-- + +*`zeek.irc.dcc.mime_type`*:: ++ +-- +present if base/protocols/irc/dcc-send.bro is loaded. +Sniffed mime type of the file. + + +type: keyword + +-- + +*`zeek.irc.fuid`*:: ++ +-- +present if base/protocols/irc/files.bro is loaded. +File unique ID. + + +type: keyword + +-- + +[float] +=== kerberos + +Fields exported by the Zeek Kerberos log + + + +*`zeek.kerberos.request_type`*:: ++ +-- +Request type - Authentication Service (AS) or Ticket Granting Service (TGS). + + +type: keyword + +-- + +*`zeek.kerberos.client`*:: ++ +-- +Client name. + + +type: keyword + +-- + +*`zeek.kerberos.service`*:: ++ +-- +Service name. + + +type: keyword + +-- + +*`zeek.kerberos.success`*:: ++ +-- +Request result. + + +type: boolean + +-- + + +*`zeek.kerberos.error.code`*:: ++ +-- +Error code. + + +type: integer + +-- + +*`zeek.kerberos.error.msg`*:: ++ +-- +Error message. + + +type: keyword + +-- + + +*`zeek.kerberos.valid.from`*:: ++ +-- +Ticket valid from. + + +type: date + +-- + +*`zeek.kerberos.valid.until`*:: ++ +-- +Ticket valid until. + + +type: date + +-- + +*`zeek.kerberos.valid.days`*:: ++ +-- +Number of days the ticket is valid for. + + +type: integer + +-- + +*`zeek.kerberos.cipher`*:: ++ +-- +Ticket encryption type. + + +type: keyword + +-- + +*`zeek.kerberos.forwardable`*:: ++ +-- +Forwardable ticket requested. + + +type: boolean + +-- + +*`zeek.kerberos.renewable`*:: ++ +-- +Renewable ticket requested. + + +type: boolean + +-- + + +*`zeek.kerberos.ticket.auth`*:: ++ +-- +Hash of ticket used to authorize request/transaction. + + +type: keyword + +-- + +*`zeek.kerberos.ticket.new`*:: ++ +-- +Hash of ticket returned by the KDC. + + +type: keyword + +-- + + + +*`zeek.kerberos.cert.client.value`*:: ++ +-- +Client certificate. + + +type: keyword + +-- + +*`zeek.kerberos.cert.client.fuid`*:: ++ +-- +File unique ID of client cert. + + +type: keyword + +-- + +*`zeek.kerberos.cert.client.subject`*:: ++ +-- +Subject of client certificate. + + +type: keyword + +-- + + +*`zeek.kerberos.cert.server.value`*:: ++ +-- +Server certificate. + + +type: keyword + +-- + +*`zeek.kerberos.cert.server.fuid`*:: ++ +-- +File unique ID of server certificate. + + +type: keyword + +-- + +*`zeek.kerberos.cert.server.subject`*:: ++ +-- +Subject of server certificate. + + +type: keyword + +-- + +[float] +=== modbus + +Fields exported by the Zeek modbus log. + + + +*`zeek.modbus.function`*:: ++ +-- +The name of the function message that was sent. + + +type: keyword + +-- + +*`zeek.modbus.exception`*:: ++ +-- +The exception if the response was a failure. + + +type: keyword + +-- + +*`zeek.modbus.track_address`*:: ++ +-- +Present if policy/protocols/modbus/track-memmap.bro is loaded. +Modbus track address. + + +type: integer + +-- + +[float] +=== mysql + +Fields exported by the Zeek MySQL log. + + + +*`zeek.mysql.cmd`*:: ++ +-- +The command that was issued. + + +type: keyword + +-- + +*`zeek.mysql.arg`*:: ++ +-- +The argument issued to the command. + + +type: keyword + +-- + +*`zeek.mysql.success`*:: ++ +-- +Whether the command succeeded. + + +type: boolean + +-- + +*`zeek.mysql.rows`*:: ++ +-- +The number of affected rows, if any. + + +type: integer + +-- + +*`zeek.mysql.response`*:: ++ +-- +Server message, if any. + + +type: keyword + +-- + +[float] +=== notice + +Fields exported by the Zeek Notice log. + + + +*`zeek.notice.connection_id`*:: ++ +-- +Identifier of the related connection session. + + +type: keyword + +-- + +*`zeek.notice.icmp_id`*:: ++ +-- +Identifier of the related ICMP session. + + +type: keyword + +-- + +*`zeek.notice.file.id`*:: ++ +-- +An identifier associated with a single file that is related to this notice. + + +type: keyword + +-- + +*`zeek.notice.file.parent_id`*:: ++ +-- +Identifier associated with a container file from which this one was extracted. + + +type: keyword + +-- + +*`zeek.notice.file.source`*:: ++ +-- +An identification of the source of the file data. E.g. it may be a network protocol +over which it was transferred, or a local file path which was read, or some other +input source. + + +type: keyword + +-- + +*`zeek.notice.file.mime_type`*:: ++ +-- +A mime type if the notice is related to a file. + + +type: keyword + +-- + +*`zeek.notice.file.is_orig`*:: ++ +-- +If the source of this file is a network connection, this field indicates if the file is +being sent by the originator of the connection or the responder. + + +type: boolean + +-- + +*`zeek.notice.file.seen_bytes`*:: ++ +-- +Number of bytes provided to the file analysis engine for the file. + + +type: long + +-- + +*`zeek.notice.ffile.total_bytes`*:: ++ +-- +Total number of bytes that are supposed to comprise the full file. + + +type: long + +-- + +*`zeek.notice.file.missing_bytes`*:: ++ +-- +The number of bytes in the file stream that were completely missed during the process +of analysis. + + +type: long + +-- + +*`zeek.notice.file.overflow_bytes`*:: ++ +-- +The number of bytes in the file stream that were not delivered to stream file analyzers. +This could be overlapping bytes or bytes that couldn't be reassembled. + + +type: long + +-- + +*`zeek.notice.fuid`*:: ++ +-- +A file unique ID if this notice is related to a file. + + +type: keyword + +-- + +*`zeek.notice.note`*:: ++ +-- +The type of the notice. + + +type: keyword + +-- + +*`zeek.notice.msg`*:: ++ +-- +The human readable message for the notice. + + +type: keyword + +-- + +*`zeek.notice.sub`*:: ++ +-- +The human readable sub-message. + + +type: keyword + +-- + +*`zeek.notice.n`*:: ++ +-- +Associated count, or a status code. + + +type: long + +-- + +*`zeek.notice.peer_name`*:: ++ +-- +Name of remote peer that raised this notice. + + +type: keyword + +-- + +*`zeek.notice.peer_descr`*:: ++ +-- +Textual description for the peer that raised this notice. + + +type: text + +-- + +*`zeek.notice.actions`*:: ++ +-- +The actions which have been applied to this notice. + + +type: keyword + +-- + +*`zeek.notice.email_body_sections`*:: ++ +-- +By adding chunks of text into this element, other scripts can expand on notices +that are being emailed. + + +type: text + +-- + +*`zeek.notice.email_delay_tokens`*:: ++ +-- +Adding a string token to this set will cause the built-in emailing functionality +to delay sending the email either the token has been removed or the email +has been delayed for the specified time duration. + + +type: keyword + +-- + +*`zeek.notice.identifier`*:: ++ +-- +This field is provided when a notice is generated for the purpose of deduplicating notices. + + +type: keyword + +-- + +*`zeek.notice.suppress_for`*:: ++ +-- +This field indicates the length of time that this unique notice should be suppressed. + + +type: double + +-- + +*`zeek.notice.dropped`*:: ++ +-- +Indicate if the source IP address was dropped and denied network access. + + +type: boolean + +-- + +[float] +=== ntlm + +Fields exported by the Zeek NTLM log. + + + +*`zeek.ntlm.domain`*:: ++ +-- +Domain name given by the client. + + +type: keyword + +-- + +*`zeek.ntlm.hostname`*:: ++ +-- +Hostname given by the client. + + +type: keyword + +-- + +*`zeek.ntlm.success`*:: ++ +-- +Indicate whether or not the authentication was successful. + + +type: boolean + +-- + +*`zeek.ntlm.username`*:: ++ +-- +Username given by the client. + + +type: keyword + +-- + + + +*`zeek.ntlm.server.name.dns`*:: ++ +-- +DNS name given by the server in a CHALLENGE. + + +type: keyword + +-- + +*`zeek.ntlm.server.name.netbios`*:: ++ +-- +NetBIOS name given by the server in a CHALLENGE. + + +type: keyword + +-- + +*`zeek.ntlm.server.name.tree`*:: ++ +-- +Tree name given by the server in a CHALLENGE. + + +type: keyword + +-- + +[float] +=== ocsp + +Fields exported by the Zeek OCSP log +Online Certificate Status Protocol (OCSP). Only created if policy script is loaded. + + + +*`zeek.ocsp.file_id`*:: ++ +-- +File id of the OCSP reply. + + +type: keyword + +-- + + +*`zeek.ocsp.hash.algorithm`*:: ++ +-- +Hash algorithm used to generate issuerNameHash and issuerKeyHash. + + +type: keyword + +-- + + +*`zeek.ocsp.hash.issuer.name`*:: ++ +-- +Hash of the issuer's distingueshed name. + + +type: keyword + +-- + +*`zeek.ocsp.hash.issuer.key`*:: ++ +-- +Hash of the issuer's public key. + + +type: keyword + +-- + +*`zeek.ocsp.serial_number`*:: ++ +-- +Serial number of the affected certificate. + + +type: keyword + +-- + +*`zeek.ocsp.status`*:: ++ +-- +Status of the affected certificate. + + +type: keyword + +-- + + +*`zeek.ocsp.revoke.time`*:: ++ +-- +Time at which the certificate was revoked. + + +type: date + +-- + +*`zeek.ocsp.revoke.reason`*:: ++ +-- +Reason for which the certificate was revoked. + + +type: keyword + +-- + + +*`zeek.ocsp.update.this`*:: ++ +-- +The time at which the status being shows is known to have been correct. + + +type: date + +-- + +*`zeek.ocsp.update.next`*:: ++ +-- +The latest time at which new information about the status of the certificate will be available. + + +type: date + +-- + +[float] +=== pe + +Fields exported by the Zeek pe log. + + + +*`zeek.pe.client`*:: ++ +-- +The client's version string. + + +type: keyword + +-- + +*`zeek.pe.id`*:: ++ +-- +File id of this portable executable file. + + +type: keyword + +-- + +*`zeek.pe.machine`*:: ++ +-- +The target machine that the file was compiled for. + + +type: keyword + +-- + +*`zeek.pe.compile_time`*:: ++ +-- +The time that the file was created at. + + +type: date + +-- + +*`zeek.pe.os`*:: ++ +-- +The required operating system. + + +type: keyword + +-- + +*`zeek.pe.subsystem`*:: ++ +-- +The subsystem that is required to run this file. + + +type: keyword + +-- + +*`zeek.pe.is_exe`*:: ++ +-- +Is the file an executable, or just an object file? + + +type: boolean + +-- + +*`zeek.pe.is_64bit`*:: ++ +-- +Is the file a 64-bit executable? + + +type: boolean + +-- + +*`zeek.pe.uses_aslr`*:: ++ +-- +Does the file support Address Space Layout Randomization? + + +type: boolean + +-- + +*`zeek.pe.uses_dep`*:: ++ +-- +Does the file support Data Execution Prevention? + + +type: boolean + +-- + +*`zeek.pe.uses_code_integrity`*:: ++ +-- +Does the file enforce code integrity checks? + + +type: boolean + +-- + +*`zeek.pe.uses_seh`*:: ++ +-- +Does the file use structured exception handing? + + +type: boolean + +-- + +*`zeek.pe.has_import_table`*:: ++ +-- +Does the file have an import table? + + +type: boolean + +-- + +*`zeek.pe.has_export_table`*:: ++ +-- +Does the file have an export table? + + +type: boolean + +-- + +*`zeek.pe.has_cert_table`*:: ++ +-- +Does the file have an attribute certificate table? + + +type: boolean + +-- + +*`zeek.pe.has_debug_data`*:: ++ +-- +Does the file have a debug table? + + +type: boolean + +-- + +*`zeek.pe.section_names`*:: ++ +-- +The names of the sections, in order. + + +type: keyword + +-- + +[float] +=== radius + +Fields exported by the Zeek Radius log. + + + +*`zeek.radius.username`*:: ++ +-- +The username, if present. + + +type: keyword + +-- + +*`zeek.radius.mac`*:: ++ +-- +MAC address, if present. + + +type: keyword + +-- + +*`zeek.radius.framed_addr`*:: ++ +-- +The address given to the network access server, if present. This is only a hint from the RADIUS server and the network access server is not required to honor the address. + + +type: ip + +-- + +*`zeek.radius.remote_ip`*:: ++ +-- +Remote IP address, if present. This is collected from the Tunnel-Client-Endpoint attribute. + + +type: ip + +-- + +*`zeek.radius.connect_info`*:: ++ +-- +Connect info, if present. + + +type: keyword + +-- + +*`zeek.radius.reply_msg`*:: ++ +-- +Reply message from the server challenge. This is frequently shown to the user authenticating. + + +type: keyword + +-- + +*`zeek.radius.result`*:: ++ +-- +Successful or failed authentication. + + +type: keyword + +-- + +*`zeek.radius.ttl`*:: ++ +-- +The duration between the first request and either the "Access-Accept" message or an error. If the field is empty, it means that either the request or response was not seen. + + +type: integer + +-- + +*`zeek.radius.logged`*:: ++ +-- +Whether this has already been logged and can be ignored. + + +type: boolean + +-- + +[float] +=== rdp + +Fields exported by the Zeek RDP log. + + + +*`zeek.rdp.cookie`*:: ++ +-- +Cookie value used by the client machine. This is typically a username. + + +type: keyword + +-- + +*`zeek.rdp.result`*:: ++ +-- +Status result for the connection. It's a mix between RDP negotation failure messages and GCC server create response messages. + + +type: keyword + +-- + +*`zeek.rdp.security_protocol`*:: ++ +-- +Security protocol chosen by the server. + + +type: keyword + +-- + +*`zeek.rdp.keyboard_layout`*:: ++ +-- +Keyboard layout (language) of the client machine. + + +type: keyword + +-- + + +*`zeek.rdp.client.build`*:: ++ +-- +RDP client version used by the client machine. + + +type: keyword + +-- + +*`zeek.rdp.client.client_name`*:: ++ +-- +Name of the client machine. + + +type: keyword + +-- + +*`zeek.rdp.client.product_id`*:: ++ +-- +Product ID of the client machine. + + +type: keyword + +-- + + +*`zeek.rdp.desktop.width`*:: ++ +-- +Desktop width of the client machine. + + +type: integer + +-- + +*`zeek.rdp.desktop.height`*:: ++ +-- +Desktop height of the client machine. + + +type: integer + +-- + +*`zeek.rdp.desktop.color_depth`*:: ++ +-- +The color depth requested by the client in the high_color_depth field. + + +type: keyword + +-- + + +*`zeek.rdp.cert.type`*:: ++ +-- +If the connection is being encrypted with native RDP encryption, this is the type of cert being used. + + +type: keyword + +-- + +*`zeek.rdp.cert.count`*:: ++ +-- +The number of certs seen. X.509 can transfer an entire certificate chain. + + +type: integer + +-- + +*`zeek.rdp.cert.permanent`*:: ++ +-- +Indicates if the provided certificate or certificate chain is permanent or temporary. + + +type: boolean + +-- + + +*`zeek.rdp.encryption.level`*:: ++ +-- +Encryption level of the connection. + + +type: keyword + +-- + +*`zeek.rdp.encryption.method`*:: ++ +-- +Encryption method of the connection. + + +type: keyword + +-- + +*`zeek.rdp.done`*:: ++ +-- +Track status of logging RDP connections. + + +type: boolean + +-- + +*`zeek.rdp.ssl`*:: ++ +-- +(present if policy/protocols/rdp/indicate_ssl.bro is loaded) +Flag the connection if it was seen over SSL. + + +type: boolean + +-- + +[float] +=== rfb + +Fields exported by the Zeek RFB log. + + + + + +*`zeek.rfb.version.client.major`*:: ++ +-- +Major version of the client. + + +type: keyword + +-- + +*`zeek.rfb.version.client.minor`*:: ++ +-- +Minor version of the client. + + +type: keyword + +-- + + +*`zeek.rfb.version.server.major`*:: ++ +-- +Major version of the server. + + +type: keyword + +-- + +*`zeek.rfb.version.server.minor`*:: ++ +-- +Minor version of the server. + + +type: keyword + +-- + + +*`zeek.rfb.auth.success`*:: ++ +-- +Whether or not authentication was successful. + + +type: boolean + +-- + +*`zeek.rfb.auth.method`*:: ++ +-- +Identifier of authentication method used. + + +type: keyword + +-- + +*`zeek.rfb.share_flag`*:: ++ +-- +Whether the client has an exclusive or a shared session. + + +type: boolean + +-- + +*`zeek.rfb.desktop_name`*:: ++ +-- +Name of the screen that is being shared. + + +type: keyword + +-- + +*`zeek.rfb.width`*:: ++ +-- +Width of the screen that is being shared. + + +type: integer + +-- + +*`zeek.rfb.height`*:: ++ +-- +Height of the screen that is being shared. + + +type: integer + +-- + +[float] +=== sip + +Fields exported by the Zeek SIP log. + + + +*`zeek.sip.transaction_depth`*:: ++ +-- +Represents the pipelined depth into the connection of this request/response transaction. + + +type: integer + +-- + + +*`zeek.sip.sequence.method`*:: ++ +-- +Verb used in the SIP request (INVITE, REGISTER etc.). + + +type: keyword + +-- + +*`zeek.sip.sequence.number`*:: ++ +-- +Contents of the CSeq: header from the client. + + +type: keyword + +-- + +*`zeek.sip.uri`*:: ++ +-- +URI used in the request. + + +type: keyword + +-- + +*`zeek.sip.date`*:: ++ +-- +Contents of the Date: header from the client. + + +type: keyword + +-- + + +*`zeek.sip.request.from`*:: ++ +-- +Contents of the request From: header Note: The tag= value that's usually appended to the sender is stripped off and not logged. + + +type: keyword + +-- + +*`zeek.sip.request.to`*:: ++ +-- +Contents of the To: header. + + +type: keyword + +-- + +*`zeek.sip.request.path`*:: ++ +-- +The client message transmission path, as extracted from the headers. + + +type: keyword + +-- + +*`zeek.sip.request.body_length`*:: ++ +-- +Contents of the Content-Length: header from the client. + + +type: long + +-- + + +*`zeek.sip.response.from`*:: ++ +-- +Contents of the response From: header Note: The tag= value that's usually appended to the sender is stripped off and not logged. + + +type: keyword + +-- + +*`zeek.sip.response.to`*:: ++ +-- +Contents of the response To: header. + + +type: keyword + +-- + +*`zeek.sip.response.path`*:: ++ +-- +The server message transmission path, as extracted from the headers. + + +type: keyword + +-- + +*`zeek.sip.response.body_length`*:: ++ +-- +Contents of the Content-Length: header from the server. + + +type: long + +-- + +*`zeek.sip.reply_to`*:: ++ +-- +Contents of the Reply-To: header. + + +type: keyword + +-- + +*`zeek.sip.call_id`*:: ++ +-- +Contents of the Call-ID: header from the client. + + +type: keyword + +-- + +*`zeek.sip.subject`*:: ++ +-- +Contents of the Subject: header from the client. + + +type: keyword + +-- + +*`zeek.sip.user_agent`*:: ++ +-- +Contents of the User-Agent: header from the client. + + +type: keyword + +-- + + +*`zeek.sip.status.code`*:: ++ +-- +Status code returned by the server. + + +type: integer + +-- + +*`zeek.sip.status.msg`*:: ++ +-- +Status message returned by the server. + + +type: keyword + +-- + +*`zeek.sip.warning`*:: ++ +-- +Contents of the Warning: header. + + +type: keyword + +-- + +*`zeek.sip.content_type`*:: ++ +-- +Contents of the Content-Type: header from the server. + + +type: keyword + +-- + +[float] +=== smb_cmd + +Fields exported by the Zeek smb_cmd log. + + + +*`zeek.smb_cmd.command`*:: ++ +-- +The command sent by the client. + + +type: keyword + +-- + +*`zeek.smb_cmd.sub_command`*:: ++ +-- +The subcommand sent by the client, if present. + + +type: keyword + +-- + +*`zeek.smb_cmd.argument`*:: ++ +-- +Command argument sent by the client, if any. + + +type: keyword + +-- + +*`zeek.smb_cmd.status`*:: ++ +-- +Server reply to the client's command. + + +type: keyword + +-- + +*`zeek.smb_cmd.rtt`*:: ++ +-- +Round trip time from the request to the response. + + +type: double + +-- + +*`zeek.smb_cmd.version`*:: ++ +-- +Version of SMB for the command. + + +type: keyword + +-- + +*`zeek.smb_cmd.username`*:: ++ +-- +Authenticated username, if available. + + +type: keyword + +-- + +*`zeek.smb_cmd.tree`*:: ++ +-- +If this is related to a tree, this is the tree that was used for the current command. + + +type: keyword + +-- + +*`zeek.smb_cmd.tree_service`*:: ++ +-- +The type of tree (disk share, printer share, named pipe, etc.). + + +type: keyword + +-- + +[float] +=== file + +If the command referenced a file, store it here. + + + +*`zeek.smb_cmd.file.name`*:: ++ +-- +Filename if one was seen. + + +type: keyword + +-- + +*`zeek.smb_cmd.file.action`*:: ++ +-- +Action this log record represents. + + +type: keyword + +-- + +*`zeek.smb_cmd.file.uid`*:: ++ +-- +UID of the referenced file. + + +type: keyword + +-- + + +*`zeek.smb_cmd.file.host.tx`*:: ++ +-- +Address of the transmitting host. + + +type: ip + +-- + +*`zeek.smb_cmd.file.host.rx`*:: ++ +-- +Address of the receiving host. + + +type: ip + +-- + +*`zeek.smb_cmd.smb1_offered_dialects`*:: ++ +-- +Present if base/protocols/smb/smb1-main.bro is loaded. +Dialects offered by the client. + + +type: keyword + +-- + +*`zeek.smb_cmd.smb2_offered_dialects`*:: ++ +-- +Present if base/protocols/smb/smb2-main.bro is loaded. +Dialects offered by the client. + + +type: integer + +-- + +[float] +=== smb_files + +Fields exported by the Zeek SMB Files log. + + + +*`zeek.smb_files.action`*:: ++ +-- +Action this log record represents. + + +type: keyword + +-- + +*`zeek.smb_files.fid`*:: ++ +-- +ID referencing this file. + + +type: integer + +-- + +*`zeek.smb_files.name`*:: ++ +-- +Filename if one was seen. + + +type: keyword + +-- + +*`zeek.smb_files.path`*:: ++ +-- +Path pulled from the tree this file was transferred to or from. + + +type: keyword + +-- + +*`zeek.smb_files.previous_name`*:: ++ +-- +If the rename action was seen, this will be the file's previous name. + + +type: keyword + +-- + +*`zeek.smb_files.size`*:: ++ +-- +Byte size of the file. + + +type: long + +-- + +[float] +=== times + +Timestamps of the file. + + + +*`zeek.smb_files.times.accessed`*:: ++ +-- +The file's access time. + + +type: date + +-- + +*`zeek.smb_files.times.changed`*:: ++ +-- +The file's change time. + + +type: date + +-- + +*`zeek.smb_files.times.created`*:: ++ +-- +The file's create time. + + +type: date + +-- + +*`zeek.smb_files.times.modified`*:: ++ +-- +The file's modify time. + + +type: date + +-- + +*`zeek.smb_files.uuid`*:: ++ +-- +UUID referencing this file if DCE/RPC. + + +type: keyword + +-- + +[float] +=== smb_mapping + +Fields exported by the Zeek SMB_Mapping log. + + + +*`zeek.smb_mapping.path`*:: ++ +-- +Name of the tree path. + + +type: keyword + +-- + +*`zeek.smb_mapping.service`*:: ++ +-- +The type of resource of the tree (disk share, printer share, named pipe, etc.). + + +type: keyword + +-- + +*`zeek.smb_mapping.native_file_system`*:: ++ +-- +File system of the tree. + + +type: keyword + +-- + +*`zeek.smb_mapping.share_type`*:: ++ +-- +If this is SMB2, a share type will be included. For SMB1, the type of share +will be deduced and included as well. + + +type: keyword + +-- + +[float] +=== smtp + +Fields exported by the Zeek SMTP log. + + + +*`zeek.smtp.transaction_depth`*:: ++ +-- +A count to represent the depth of this message transaction in a single connection where multiple messages were transferred. + + +type: integer + +-- + +*`zeek.smtp.helo`*:: ++ +-- +Contents of the Helo header. + + +type: keyword + +-- + +*`zeek.smtp.mail_from`*:: ++ +-- +Email addresses found in the MAIL FROM header. + + +type: keyword + +-- + +*`zeek.smtp.rcpt_to`*:: ++ +-- +Email addresses found in the RCPT TO header. + + +type: keyword + +-- + +*`zeek.smtp.date`*:: ++ +-- +Contents of the Date header. + + +type: date + +-- + +*`zeek.smtp.from`*:: ++ +-- +Contents of the From header. + + +type: keyword + +-- + +*`zeek.smtp.to`*:: ++ +-- +Contents of the To header. + + +type: keyword + +-- + +*`zeek.smtp.cc`*:: ++ +-- +Contents of the CC header. + + +type: keyword + +-- + +*`zeek.smtp.reply_to`*:: ++ +-- +Contents of the ReplyTo header. + + +type: keyword + +-- + +*`zeek.smtp.msg_id`*:: ++ +-- +Contents of the MsgID header. + + +type: keyword + +-- + +*`zeek.smtp.in_reply_to`*:: ++ +-- +Contents of the In-Reply-To header. + + +type: keyword + +-- + +*`zeek.smtp.subject`*:: ++ +-- +Contents of the Subject header. + + +type: keyword + +-- + +*`zeek.smtp.x_originating_ip`*:: ++ +-- +Contents of the X-Originating-IP header. + + +type: keyword + +-- + +*`zeek.smtp.first_received`*:: ++ +-- +Contents of the first Received header. + + +type: keyword + +-- + +*`zeek.smtp.second_received`*:: ++ +-- +Contents of the second Received header. + + +type: keyword + +-- + +*`zeek.smtp.last_reply`*:: ++ +-- +The last message that the server sent to the client. + + +type: keyword + +-- + +*`zeek.smtp.path`*:: ++ +-- +The message transmission path, as extracted from the headers. + + +type: ip + +-- + +*`zeek.smtp.user_agent`*:: ++ +-- +Value of the User-Agent header from the client. + + +type: keyword + +-- + +*`zeek.smtp.tls`*:: ++ +-- +Indicates that the connection has switched to using TLS. + + +type: boolean + +-- + +*`zeek.smtp.process_received_from`*:: ++ +-- +Indicates if the "Received: from" headers should still be processed. + + +type: boolean + +-- + +*`zeek.smtp.has_client_activity`*:: ++ +-- +Indicates if client activity has been seen, but not yet logged. + + +type: boolean + +-- + +*`zeek.smtp.fuids`*:: ++ +-- +(present if base/protocols/smtp/files.bro is loaded) +An ordered vector of file unique IDs seen attached to the message. + + +type: keyword + +-- + +*`zeek.smtp.is_webmail`*:: ++ +-- +Indicates if the message was sent through a webmail interface. + + +type: boolean + +-- + +[float] +=== snmp + +Fields exported by the Zeek SNMP log. + + + +*`zeek.snmp.duration`*:: ++ +-- +The amount of time between the first packet beloning to the SNMP session and the latest one seen. + + +type: double + +-- + +*`zeek.snmp.version`*:: ++ +-- +The version of SNMP being used. + + +type: keyword + +-- + +*`zeek.snmp.community`*:: ++ +-- +The community string of the first SNMP packet associated with the session. This is used as part of SNMP's (v1 and v2c) administrative/security framework. See RFC 1157 or RFC 1901. + + +type: keyword + +-- + + +*`zeek.snmp.get.requests`*:: ++ +-- +The number of variable bindings in GetRequest/GetNextRequest PDUs seen for the session. + + +type: integer + +-- + +*`zeek.snmp.get.bulk_requests`*:: ++ +-- +The number of variable bindings in GetBulkRequest PDUs seen for the session. + + +type: integer + +-- + +*`zeek.snmp.get.responses`*:: ++ +-- +The number of variable bindings in GetResponse/Response PDUs seen for the session. + + +type: integer + +-- + + +*`zeek.snmp.set.requests`*:: ++ +-- +The number of variable bindings in SetRequest PDUs seen for the session. + + +type: integer + +-- + +*`zeek.snmp.display_string`*:: ++ +-- +A system description of the SNMP responder endpoint. + + +type: keyword + +-- + +*`zeek.snmp.up_since`*:: ++ +-- +The time at which the SNMP responder endpoint claims it's been up since. + + +type: date + +-- + +[float] +=== socks + +Fields exported by the Zeek SOCKS log. + + + +*`zeek.socks.version`*:: ++ +-- +Protocol version of SOCKS. + + +type: integer + +-- + +*`zeek.socks.user`*:: ++ +-- +Username used to request a login to the proxy. + + +type: keyword + +-- + +*`zeek.socks.password`*:: ++ +-- +Password used to request a login to the proxy. + + +type: keyword + +-- + +*`zeek.socks.status`*:: ++ +-- +Server status for the attempt at using the proxy. + + +type: keyword + +-- + + +*`zeek.socks.request.host`*:: ++ +-- +Client requested SOCKS address. Could be an address, a name or both. + + +type: keyword + +-- + +*`zeek.socks.request.port`*:: ++ +-- +Client requested port. + + +type: integer + +-- + + +*`zeek.socks.bound.host`*:: ++ +-- +Server bound address. Could be an address, a name or both. + + +type: keyword + +-- + +*`zeek.socks.bound.port`*:: ++ +-- +Server bound port. + + +type: integer + +-- + +*`zeek.socks.capture_password`*:: ++ +-- +Determines if the password will be captured for this request. + + +type: boolean + +-- + +[float] +=== ssh + +Fields exported by the Zeek SSH log. + + + +*`zeek.ssh.client`*:: ++ +-- +The client's version string. + + +type: keyword + +-- + +*`zeek.ssh.direction`*:: ++ +-- +Direction of the connection. If the client was a local host logging into +an external host, this would be OUTBOUND. INBOUND would be set for the +opposite situation. + + +type: keyword + +-- + +*`zeek.ssh.host_key`*:: ++ +-- +The server's key thumbprint. + + +type: keyword + +-- + +*`zeek.ssh.server`*:: ++ +-- +The server's version string. + + +type: keyword + +-- + +*`zeek.ssh.version`*:: ++ +-- +SSH major version (1 or 2). + + +type: integer + +-- + +[float] +=== algorithm + +Cipher algorithms used in this session. + + + +*`zeek.ssh.algorithm.cipher`*:: ++ +-- +The encryption algorithm in use. + + +type: keyword + +-- + +*`zeek.ssh.algorithm.compression`*:: ++ +-- +The compression algorithm in use. + + +type: keyword + +-- + +*`zeek.ssh.algorithm.host_key`*:: ++ +-- +The server host key's algorithm. + + +type: keyword + +-- + +*`zeek.ssh.algorithm.key_exchange`*:: ++ +-- +The key exchange algorithm in use. + + +type: keyword + +-- + +*`zeek.ssh.algorithm.mac`*:: ++ +-- +The signing (MAC) algorithm in use. + + +type: keyword + +-- + + +*`zeek.ssh.auth.attempts`*:: ++ +-- +The number of authentication attemps we observed. There's always at +least one, since some servers might support no authentication at all. +It's important to note that not all of these are failures, since some +servers require two-factor auth (e.g. password AND pubkey). + + +type: integer + +-- + +*`zeek.ssh.auth.success`*:: ++ +-- +Authentication result. + + +type: boolean + +-- + +[float] +=== ssl + +Fields exported by the Zeek SSL log. + + + +*`zeek.ssl.version`*:: ++ +-- +SSL/TLS version that was logged. + + +type: keyword + +-- + +*`zeek.ssl.cipher`*:: ++ +-- +SSL/TLS cipher suite that was logged. + + +type: keyword + +-- + +*`zeek.ssl.curve`*:: ++ +-- +Elliptic curve that was logged when using ECDH/ECDHE. + + +type: keyword + +-- + +*`zeek.ssl.resumed`*:: ++ +-- +Flag to indicate if the session was resumed reusing the key material exchanged in an +earlier connection. + + +type: boolean + +-- + +*`zeek.ssl.next_protocol`*:: ++ +-- +Next protocol the server chose using the application layer next protocol extension. + + +type: keyword + +-- + +*`zeek.ssl.established`*:: ++ +-- +Flag to indicate if this ssl session has been established successfully. + + +type: boolean + +-- + + +*`zeek.ssl.validation.status`*:: ++ +-- +Result of certificate validation for this connection. + + +type: keyword + +-- + +*`zeek.ssl.validation.code`*:: ++ +-- +Result of certificate validation for this connection, given as OpenSSL validation code. + + +type: keyword + +-- + +*`zeek.ssl.last_alert`*:: ++ +-- +Last alert that was seen during the connection. + + +type: keyword + +-- + + +*`zeek.ssl.server.name`*:: ++ +-- +Value of the Server Name Indicator SSL/TLS extension. It indicates the server name +that the client was requesting. + + +type: keyword + +-- + +*`zeek.ssl.server.cert_chain`*:: ++ +-- +Chain of certificates offered by the server to validate its complete signing chain. + + +type: keyword + +-- + +*`zeek.ssl.server.cert_chain_fuids`*:: ++ +-- +An ordered vector of certificate file identifiers for the certificates offered by the server. + + +type: keyword + +-- + +[float] +=== issuer + +Subject of the signer of the X.509 certificate offered by the server. + + + +*`zeek.ssl.server.issuer.common_name`*:: ++ +-- +Common name of the signer of the X.509 certificate offered by the server. + + +type: keyword + +-- + +*`zeek.ssl.server.issuer.country`*:: ++ +-- +Country code of the signer of the X.509 certificate offered by the server. + + +type: keyword + +-- + +*`zeek.ssl.server.issuer.locality`*:: ++ +-- +Locality of the signer of the X.509 certificate offered by the server. + + +type: keyword + +-- + +*`zeek.ssl.server.issuer.organization`*:: ++ +-- +Organization of the signer of the X.509 certificate offered by the server. + + +type: keyword + +-- + +*`zeek.ssl.server.issuer.organizational_unit`*:: ++ +-- +Organizational unit of the signer of the X.509 certificate offered by the server. + + +type: keyword + +-- + +*`zeek.ssl.server.issuer.state`*:: ++ +-- +State or province name of the signer of the X.509 certificate offered by the server. + + +type: keyword + +-- + +[float] +=== subject + +Subject of the X.509 certificate offered by the server. + + + +*`zeek.ssl.server.subject.common_name`*:: ++ +-- +Common name of the X.509 certificate offered by the server. + + +type: keyword + +-- + +*`zeek.ssl.server.subject.country`*:: ++ +-- +Country code of the X.509 certificate offered by the server. + + +type: keyword + +-- + +*`zeek.ssl.server.subject.locality`*:: ++ +-- +Locality of the X.509 certificate offered by the server. + + +type: keyword + +-- + +*`zeek.ssl.server.subject.organization`*:: ++ +-- +Organization of the X.509 certificate offered by the server. + + +type: keyword + +-- + +*`zeek.ssl.server.subject.organizational_unit`*:: ++ +-- +Organizational unit of the X.509 certificate offered by the server. + + +type: keyword + +-- + +*`zeek.ssl.server.subject.state`*:: ++ +-- +State or province name of the X.509 certificate offered by the server. + + +type: keyword + +-- + + +*`zeek.ssl.client.cert_chain`*:: ++ +-- +Chain of certificates offered by the client to validate its complete signing chain. + + +type: keyword + +-- + +*`zeek.ssl.client.cert_chain_fuids`*:: ++ +-- +An ordered vector of certificate file identifiers for the certificates offered by the client. + + +type: keyword + +-- + +[float] +=== issuer + +Subject of the signer of the X.509 certificate offered by the client. + + + +*`zeek.ssl.client.issuer.common_name`*:: ++ +-- +Common name of the signer of the X.509 certificate offered by the client. + + +type: keyword + +-- + +*`zeek.ssl.client.issuer.country`*:: ++ +-- +Country code of the signer of the X.509 certificate offered by the client. + + +type: keyword + +-- + +*`zeek.ssl.client.issuer.locality`*:: ++ +-- +Locality of the signer of the X.509 certificate offered by the client. + + +type: keyword + +-- + +*`zeek.ssl.client.issuer.organization`*:: ++ +-- +Organization of the signer of the X.509 certificate offered by the client. + + +type: keyword + +-- + +*`zeek.ssl.client.issuer.organizational_unit`*:: ++ +-- +Organizational unit of the signer of the X.509 certificate offered by the client. + + +type: keyword + +-- + +*`zeek.ssl.client.issuer.state`*:: ++ +-- +State or province name of the signer of the X.509 certificate offered by the client. + + +type: keyword + +-- + +[float] +=== subject + +Subject of the X.509 certificate offered by the client. + + + +*`zeek.ssl.client.subject.common_name`*:: ++ +-- +Common name of the X.509 certificate offered by the client. + + +type: keyword + +-- + +*`zeek.ssl.client.subject.country`*:: ++ +-- +Country code of the X.509 certificate offered by the client. + + +type: keyword + +-- + +*`zeek.ssl.client.subject.locality`*:: ++ +-- +Locality of the X.509 certificate offered by the client. + + +type: keyword + +-- + +*`zeek.ssl.client.subject.organization`*:: ++ +-- +Organization of the X.509 certificate offered by the client. + + +type: keyword + +-- + +*`zeek.ssl.client.subject.organizational_unit`*:: ++ +-- +Organizational unit of the X.509 certificate offered by the client. + + +type: keyword + +-- + +*`zeek.ssl.client.subject.state`*:: ++ +-- +State or province name of the X.509 certificate offered by the client. + + +type: keyword + +-- + +[float] +=== stats + +Fields exported by the Zeek stats log. + + + +*`zeek.stats.peer`*:: ++ +-- +Peer that generated this log. Mostly for clusters. + + +type: keyword + +-- + +*`zeek.stats.memory`*:: ++ +-- +Amount of memory currently in use in MB. + + +type: integer + +-- + + +*`zeek.stats.packets.processed`*:: ++ +-- +Number of packets processed since the last stats interval. + + +type: long + +-- + +*`zeek.stats.packets.dropped`*:: ++ +-- +Number of packets dropped since the last stats interval if reading live traffic. + + +type: long + +-- + +*`zeek.stats.packets.received`*:: + -- -type: keyword +Number of packets seen on the link since the last stats interval if reading live traffic. --- -[[exported-fields-system]] -== System fields +type: long -Module for parsing system log files. +-- +*`zeek.stats.bytes.received`*:: ++ +-- +Number of bytes received since the last stats interval if reading live traffic. -[float] -=== system -Fields from the system log files. +type: long +-- -[float] -=== auth -Fields from the Linux authorization logs. +*`zeek.stats.connections.tcp.active`*:: ++ +-- +TCP connections currently in memory. +type: integer -*`system.auth.timestamp`*:: +-- + +*`zeek.stats.connections.tcp.count`*:: + -- -type: alias +TCP connections seen since last stats interval. -alias to: @timestamp + +type: integer -- -*`system.auth.hostname`*:: + +*`zeek.stats.connections.udp.active`*:: + -- -type: alias +UDP connections currently in memory. -alias to: host.hostname + +type: integer -- -*`system.auth.program`*:: +*`zeek.stats.connections.udp.count`*:: + -- -type: alias +UDP connections seen since last stats interval. -alias to: process.name + +type: integer -- -*`system.auth.pid`*:: + +*`zeek.stats.connections.icmp.active`*:: + -- -type: alias +ICMP connections currently in memory. -alias to: process.pid + +type: integer -- -*`system.auth.message`*:: +*`zeek.stats.connections.icmp.count`*:: + -- -type: alias +ICMP connections seen since last stats interval. -alias to: message + +type: integer -- -*`system.auth.user`*:: + +*`zeek.stats.events.processed`*:: + -- -type: alias +Number of events processed since the last stats interval. -alias to: user.name --- +type: integer +-- -*`system.auth.ssh.method`*:: +*`zeek.stats.events.queued`*:: + -- -The SSH authentication method. Can be one of "password" or "publickey". +Number of events that have been queued since the last stats interval. + +type: integer -- -*`system.auth.ssh.signature`*:: + +*`zeek.stats.timers.count`*:: + -- -The signature of the client public key. +Number of timers scheduled since last stats interval. +type: integer + -- -*`system.auth.ssh.dropped_ip`*:: +*`zeek.stats.timers.active`*:: + -- -The client IP from SSH connections that are open and immediately dropped. +Current number of scheduled timers. -type: ip +type: integer -- -*`system.auth.ssh.event`*:: + +*`zeek.stats.files.count`*:: + -- -The SSH event as found in the logs (Accepted, Invalid, Failed, etc.) +Number of files seen since last stats interval. -example: Accepted +type: integer -- -*`system.auth.ssh.ip`*:: +*`zeek.stats.files.active`*:: + -- -type: alias +Current number of files actively being seen. -alias to: source.ip + +type: integer -- -*`system.auth.ssh.port`*:: + +*`zeek.stats.dns_requests.count`*:: + -- -type: alias +Number of DNS requests seen since last stats interval. -alias to: source.port --- +type: integer +-- -*`system.auth.ssh.geoip.continent_name`*:: +*`zeek.stats.dns_requests.active`*:: + -- -type: alias +Current number of DNS requests awaiting a reply. -alias to: source.geo.continent_name + +type: integer -- -*`system.auth.ssh.geoip.country_iso_code`*:: + +*`zeek.stats.reassembly_size.tcp`*:: + -- -type: alias +Current size of TCP data in reassembly. -alias to: source.geo.country_iso_code + +type: integer -- -*`system.auth.ssh.geoip.location`*:: +*`zeek.stats.reassembly_size.file`*:: + -- -type: alias +Current size of File data in reassembly. -alias to: source.geo.location + +type: integer -- -*`system.auth.ssh.geoip.region_name`*:: +*`zeek.stats.reassembly_size.frag`*:: + -- -type: alias +Current size of packet fragment data in reassembly. -alias to: source.geo.region_name + +type: integer -- -*`system.auth.ssh.geoip.city_name`*:: +*`zeek.stats.reassembly_size.unknown`*:: + -- -type: alias +Current size of unknown data in reassembly (this is only PIA buffer right now). -alias to: source.geo.city_name + +type: integer -- -*`system.auth.ssh.geoip.region_iso_code`*:: +*`zeek.stats.timestamp_lag`*:: + -- -type: alias +Lag between the wall clock and packet timestamps if reading live traffic. -alias to: source.geo.region_iso_code + +type: integer -- [float] -=== sudo +=== syslog -Fields specific to events created by the `sudo` command. +Fields exported by the Zeek syslog log. -*`system.auth.sudo.error`*:: +*`zeek.syslog.facility`*:: + -- -The error message in case the sudo command failed. +Syslog facility for the message. -example: user NOT in sudoers +type: keyword -- -*`system.auth.sudo.tty`*:: +*`zeek.syslog.severity`*:: + -- -The TTY where the sudo command is executed. +Syslog severity for the message. +type: keyword + -- -*`system.auth.sudo.pwd`*:: +*`zeek.syslog.message`*:: + -- -The current directory where the sudo command is executed. +The plain text message. +type: keyword + -- -*`system.auth.sudo.user`*:: +[float] +=== tunnel + +Fields exported by the Zeek SSH log. + + + +*`zeek.tunnel.type`*:: + -- -The target user to which the sudo command is switching. +The type of tunnel. -example: root +type: keyword -- -*`system.auth.sudo.command`*:: +*`zeek.tunnel.action`*:: + -- -The command executed via sudo. +The type of activity that occurred. + +type: keyword -- [float] -=== useradd +=== weird -Fields specific to events created by the `useradd` command. +Fields exported by the Zeek Weird log. -*`system.auth.useradd.home`*:: +*`zeek.weird.name`*:: + -- -The home folder for the new user. +The name of the weird that occurred. + + +type: keyword -- -*`system.auth.useradd.shell`*:: +*`zeek.weird.additional_info`*:: + -- -The default shell for the new user. +Additional information accompanying the weird if any. + + +type: keyword -- -*`system.auth.useradd.name`*:: +*`zeek.weird.notice`*:: + -- -type: alias +Indicate if this weird was also turned into a notice. -alias to: user.name + +type: boolean -- -*`system.auth.useradd.uid`*:: +*`zeek.weird.peer`*:: + -- -type: alias +The peer that originated this weird. This is helpful in cluster deployments if a particular cluster node is having trouble to help identify which node is having trouble. -alias to: user.id + +type: keyword -- -*`system.auth.useradd.gid`*:: +*`zeek.weird.identifier`*:: + -- -type: alias +This field is to be provided when a weird is generated for the purpose of deduplicating weirds. The identifier string should be unique for a single instance of the weird. This field is used to define when a weird is conceptually a duplicate of a previous weird. -alias to: group.id + +type: keyword -- [float] -=== groupadd +=== x509 -Fields specific to events created by the `groupadd` command. +Fields exported by the Zeek x509 log. -*`system.auth.groupadd.name`*:: +*`zeek.x509.id`*:: + -- -type: alias +File id of this certificate. -alias to: group.name + +type: keyword -- -*`system.auth.groupadd.gid`*:: +[float] +=== certificate + +Basic information about the certificate. + + + +*`zeek.x509.certificate.version`*:: + -- -type: alias +Version number. -alias to: group.id + +type: integer + +-- + +*`zeek.x509.certificate.serial`*:: ++ +-- +Serial number. + + +type: keyword -- [float] -=== syslog +=== subject -Contains fields from the syslog system logs. +Subject. -*`system.syslog.timestamp`*:: +*`zeek.x509.certificate.subject.country`*:: + -- -type: alias +Country provided in the certificate subject. -alias to: @timestamp + +type: keyword -- -*`system.syslog.hostname`*:: +*`zeek.x509.certificate.subject.common_name`*:: + -- -type: alias +Common name provided in the certificate subject. -alias to: host.hostname + +type: keyword -- -*`system.syslog.program`*:: +*`zeek.x509.certificate.subject.locality`*:: + -- -type: alias +Locality provided in the certificate subject. -alias to: process.name + +type: keyword -- -*`system.syslog.pid`*:: +*`zeek.x509.certificate.subject.organization`*:: + -- -type: alias +Organization provided in the certificate subject. -alias to: process.pid + +type: keyword -- -*`system.syslog.message`*:: +*`zeek.x509.certificate.subject.organizational_unit`*:: + -- -type: alias +Organizational unit provided in the certificate subject. -alias to: message + +type: keyword -- -[[exported-fields-traefik]] -== Traefik fields +*`zeek.x509.certificate.subject.state`*:: ++ +-- +State or province provided in the certificate subject. -Module for parsing the Traefik log files. +type: keyword +-- [float] -=== traefik +=== issuer -Fields from the Traefik log files. +Issuer. -[float] -=== access +*`zeek.x509.certificate.issuer.country`*:: ++ +-- +Country provided in the certificate issuer field. -Contains fields for the Traefik access logs. +type: keyword +-- -*`traefik.access.user_identifier`*:: +*`zeek.x509.certificate.issuer.common_name`*:: + -- -Is the RFC 1413 identity of the client +Common name provided in the certificate issuer field. type: keyword -- -*`traefik.access.request_count`*:: +*`zeek.x509.certificate.issuer.locality`*:: + -- -The number of requests +Locality provided in the certificate issuer field. -type: long +type: keyword -- -*`traefik.access.frontend_name`*:: +*`zeek.x509.certificate.issuer.organization`*:: + -- -The name of the frontend used +Organization provided in the certificate issuer field. type: keyword -- -*`traefik.access.backend_url`*:: +*`zeek.x509.certificate.issuer.organizational_unit`*:: + -- -The url of the backend where request is forwarded +Organizational unit provided in the certificate issuer field. + type: keyword -- -*`traefik.access.body_sent.bytes`*:: +*`zeek.x509.certificate.issuer.state`*:: + -- -type: alias +State or province provided in the certificate issuer field. -alias to: http.response.body.bytes + +type: keyword -- -*`traefik.access.remote_ip`*:: +*`zeek.x509.certificate.common_name`*:: + -- -type: alias +Last (most specific) common name. -alias to: source.address --- +type: keyword -*`traefik.access.user_name`*:: -+ -- -type: alias -alias to: user.name +[float] +=== valid --- +Certificate validity timestamps -*`traefik.access.method`*:: + + +*`zeek.x509.certificate.valid.from`*:: + -- -type: alias +Timestamp before when certificate is not valid. -alias to: http.request.method + +type: date -- -*`traefik.access.url`*:: +*`zeek.x509.certificate.valid.until`*:: + -- -type: alias +Timestamp after when certificate is not valid. -alias to: url.original + +type: date -- -*`traefik.access.http_version`*:: + +*`zeek.x509.certificate.key.algorithm`*:: + -- -type: alias +Name of the key algorithm. -alias to: http.version + +type: keyword -- -*`traefik.access.response_code`*:: +*`zeek.x509.certificate.key.type`*:: + -- -type: alias +Key type, if key parseable by openssl (either rsa, dsa or ec). -alias to: http.response.status_code + +type: keyword -- -*`traefik.access.referrer`*:: +*`zeek.x509.certificate.key.length`*:: + -- -type: alias +Key length in bits. -alias to: http.request.referrer + +type: integer -- -*`traefik.access.agent`*:: +*`zeek.x509.certificate.signature_algorithm`*:: + -- -type: alias +Name of the signature algorithm. -alias to: user_agent.original --- +type: keyword +-- -*`traefik.access.user_agent.device`*:: +*`zeek.x509.certificate.exponent`*:: + -- -type: alias +Exponent, if RSA-certificate. -alias to: user_agent.device.name + +type: keyword -- -*`traefik.access.user_agent.name`*:: +*`zeek.x509.certificate.curve`*:: + -- -type: alias +Curve, if EC-certificate. -alias to: user_agent.name --- +type: keyword -*`traefik.access.user_agent.os`*:: -+ -- -type: alias -alias to: user_agent.os.full_name +[float] +=== san --- +Subject alternative name extension of the certificate. -*`traefik.access.user_agent.os_name`*:: + + +*`zeek.x509.san.dns`*:: + -- -type: alias +List of DNS entries in SAN. -alias to: user_agent.os.name + +type: keyword -- -*`traefik.access.user_agent.original`*:: +*`zeek.x509.san.uri`*:: + -- -type: alias +List of URI entries in SAN. -alias to: user_agent.original --- +type: keyword +-- -*`traefik.access.geoip.continent_name`*:: +*`zeek.x509.san.email`*:: + -- -type: alias +List of email entries in SAN. -alias to: source.geo.continent_name + +type: keyword -- -*`traefik.access.geoip.country_iso_code`*:: +*`zeek.x509.san.ip`*:: + -- -type: alias +List of IP entries in SAN. -alias to: source.geo.country_iso_code + +type: ip -- -*`traefik.access.geoip.location`*:: +*`zeek.x509.san.other_fields`*:: + -- -type: alias +True if the certificate contained other, not recognized or parsed name fields. -alias to: source.geo.location + +type: boolean -- -*`traefik.access.geoip.region_name`*:: +[float] +=== basic_constraints + +Basic constraints extension of the certificate. + + + +*`zeek.x509.basic_constraints.certificate_authority`*:: + -- -type: alias +CA flag set or not. -alias to: source.geo.region_name + +type: boolean -- -*`traefik.access.geoip.city_name`*:: +*`zeek.x509.basic_constraints.path_length`*:: + -- -type: alias +Maximum path length. -alias to: source.geo.city_name + +type: integer -- -*`traefik.access.geoip.region_iso_code`*:: +*`zeek.x509.log_cert`*:: + -- -type: alias +Present if policy/protocols/ssl/log-hostcerts-only.bro is loaded +Logging of certificate is suppressed if set to F. -alias to: source.geo.region_iso_code + +type: boolean -- diff --git a/filebeat/docs/inputs/input-aws-s3.asciidoc b/filebeat/docs/inputs/input-aws-s3.asciidoc new file mode 100644 index 00000000000..e5ddfcc6de1 --- /dev/null +++ b/filebeat/docs/inputs/input-aws-s3.asciidoc @@ -0,0 +1,152 @@ +[role="xpack"] + +:libbeat-xpack-dir: ../../../../x-pack/libbeat + +:type: s3 + +[id="{beatname_lc}-input-{type}"] +=== s3 input + +++++ +s3 +++++ + +beta[] + +Use the `s3` input to retrieve logs from S3 objects that are pointed by messages +from specific SQS queues. This input can, for example, be used to receive S3 +server access logs to monitor detailed records for the requests that are made to +a bucket. + +When processing a s3 object which pointed by a sqs message, if half of the set +visibility timeout passed and the processing is still ongoing, then the +visibility timeout of that sqs message will be reset to make sure the message +does not go back to the queue in the middle of the processing. If there are +errors happening during the processing of the s3 object, then the process will be +stopped and the sqs message will be returned back to the queue. + +["source","yaml",subs="attributes"] +---- +{beatname_lc}.inputs: +- type: s3 + queue_url: https://sqs.ap-southeast-1.amazonaws.com/1234/test-s3-queue + credential_profile_name: elastic-beats + expand_event_list_from_field: Records +---- + +The `s3` input supports the following configuration options plus the +<<{beatname_lc}-input-{type}-common-options>> described later. + +[float] +==== `queue_url` + +URL of the AWS SQS queue that messages will be received from. Required. + +[float] +==== `visibility_timeout` + +The duration that the received messages are hidden from subsequent +retrieve requests after being retrieved by a ReceiveMessage request. +This value needs to be a lot bigger than {beatname_uc} collection frequency so +if it took too long to read the s3 log, this sqs message will not be reprocessed. +The default visibility timeout for a message is 300 seconds. The minimum +is 0 seconds. The maximum is 12 hours. + +[float] +==== `expand_event_list_from_field` + +If the fileset using this input expects to receive multiple messages bundled +under a specific field then the config option expand_event_list_from_field value +can be assigned the name of the field. This setting will be able to split the +messages under the group value into separate events. For example, CloudTrail logs +are in JSON format and events are found under the JSON object "Records". + +Note: When `expand_event_list_from_field` parameter is given in the config, s3 +input will assume the logs are in JSON format and decode them as JSON. Content +type will not be checked. +If a file has "application/json" content-type, `expand_event_list_from_field` +becomes required to read the json file. + +[float] +==== `api_timeout` + +The maximum duration of AWS API can take. If it exceeds the timeout, AWS API +will be interrupted. +The default AWS API timeout for a message is 120 seconds. The minimum +is 0 seconds. The maximum is half of the visibility timeout value. + +["source","json"] +---- +{ + "Records": [ + { + "eventVersion": "1.07", + "eventTime": "2019-11-14T00:51:00Z", + "awsRegion": "us-east-1", + "eventID": "EXAMPLE8-9621-4d00-b913-beca2EXAMPLE", + ... + }, + { + "eventVersion": "1.07", + "eventTime": "2019-11-14T00:52:00Z", + "awsRegion": "us-east-1", + "eventID": "EXAMPLEc-28be-486c-8928-49ce6EXAMPLE", + ... + } + ] +} +``` +---- + +[float] +==== `aws credentials` + +In order to make AWS API calls, `s3` input requires AWS credentials.Please see + <> for more details. + +[float] +=== AWS Permissions +Specific AWS permissions are required for IAM user to access SQS and S3: +---- +s3:GetObject +sqs:ReceiveMessage +sqs:ChangeMessageVisibility +sqs:DeleteMessage +---- + +[float] +=== S3 and SQS setup +Enable bucket notification: any new object creation in S3 bucket will also +create a notification through SQS. Please see +https://docs.aws.amazon.com/AmazonS3/latest/dev/ways-to-add-notification-config-to-bucket.html#step1-create-sqs-queue-for-notification[create-sqs-queue-for-notification] +for more details. + +[float] +=== Parallel Processing +Multiple Filebeat instances can read from the same SQS queues at the same time. +To horizontally scale processing when there are large amounts of log data +flowing into an S3 bucket, you can run multiple {beatname_uc} instances that +read from the same SQS queues at the same time. No additional configuration is +required. + +Using SQS ensures that each message in the queue is processed only once +even when multiple {beatname_uc} instances are running in parallel. To prevent +{beatname_uc} from receiving and processing the message more than once, set the +visibility timeout. + +The visibility timeout begins when SQS returns a message to Filebeat. +During this time, Filebeat processes and deletes the message. However, if +Filebeat fails before deleting the message and your system doesn't call the +DeleteMessage action for that message before the visibility timeout expires, the +message becomes visible to other {beatname_uc} instances, and the message is +received again. By default, the visibility timeout is set to 5 minutes for s3 +input in {beatname_uc}. 5 minutes is sufficient time for {beatname_uc} to read +SQS messages and process related s3 log files. + +[id="{beatname_lc}-input-{type}-common-options"] +include::../../../../filebeat/docs/inputs/input-common-options.asciidoc[] + +[id="aws-credentials-config"] +include::{libbeat-xpack-dir}/docs/aws-credentials-config.asciidoc[] + +:type!: diff --git a/filebeat/docs/inputs/input-azure-eventhub.asciidoc b/filebeat/docs/inputs/input-azure-eventhub.asciidoc new file mode 100644 index 00000000000..ac91fb476d6 --- /dev/null +++ b/filebeat/docs/inputs/input-azure-eventhub.asciidoc @@ -0,0 +1,74 @@ +[role="xpack"] + +:type: azure-eventhub + +[id="{beatname_lc}-input-{type}"] +=== Azure eventhub input + +++++ +Azure eventhub +++++ + +Users can make use of the `azure-eventhub` input in order to read messages from an azure eventhub. +The azure-eventhub input implementation is based on the the event processor host (EPH is intended to be run across multiple processes and machines while load balancing message consumers more on this here https://github.com/Azure/azure-event-hubs-go#event-processor-host, https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-event-processor-host). +State such as leases on partitions and checkpoints in the event stream are shared between receivers using an Azure Storage container. For this reason, as a prerequisite to using this input, users will have to create or use an existing storage account. + + + + +Example configuration: + +["source","yaml",subs="attributes"] +---- +{beatname_lc}.inputs: +- type: azure-eventhub + eventhub: "insights-operational-logs" + consumer_group: "test" + connection_string: "Endpoint=sb://....." + storage_account: "azureeph" + storage_account_key: "....." + storage_account_container: "" + resource_manager_endpoint: "" + +---- + +==== Configuration options + +The `azure-eventhub` input supports the following configuration: + +==== `eventhub` + +The name of the eventhub users would like to read from, field required. + +==== `consumer_group` + +Optional, we recommend using a dedicated consumer group for the azure input. Reusing consumer groups among non-related consumers can cause unexpected behavior and possibly lost events. + +==== `connection_string` + +The connection string required to communicate with Event Hubs, steps here https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-get-connection-string. + +A Blob Storage account is required in order to store/retrieve/update the offset or state of the eventhub messages. This means that after stopping filebeat it can start back up at the spot that it stopped processing messages. + +==== `storage_account` + +The name of the storage account. Required. + +==== `storage_account_key` + +The storage account key, this key will be used to authorize access to data in your storage account, option is required. + +==== `storage_account_container` + +Optional, the name of the storage account container you would like to store the offset information in. + +==== `resource_manager_endpoint` + +Optional, by default we are using the azure public environment, to override, users can provide a specific resource manager endpoint in order to use a different azure environment. +Ex: +https://management.chinacloudapi.cn/ for azure ChinaCloud +https://management.microsoftazure.de/ for azure GermanCloud +https://management.azure.com/ for azure PublicCloud +https://management.usgovcloudapi.net/ for azure USGovernmentCloud +Users can also use this in case of a Hybrid Cloud model, where one may define their own endpoints. + diff --git a/filebeat/docs/inputs/input-cloudfoundry.asciidoc b/filebeat/docs/inputs/input-cloudfoundry.asciidoc new file mode 100644 index 00000000000..c4428adb44c --- /dev/null +++ b/filebeat/docs/inputs/input-cloudfoundry.asciidoc @@ -0,0 +1,93 @@ +[role="xpack"] + +:type: cloudfoundry + +[id="{beatname_lc}-input-{type}"] +=== Cloud Foundry input + +++++ +Cloud Foundry +++++ + +beta[] + +Use the `cloudfoundry` input to get http access logs, container logs and error logs from Cloud Foundry. Connects to +the Cloud Foundry loggregator to receive events. + +Example configurations: + +["source","yaml",subs="attributes"] +---- +{beatname_lc}.inputs: +- type: cloudfoundry + api_address: https://api.dev.cfdev.sh + client_id: uaa-filebeat + client_secret: verysecret + ssl: + verification_mode: none +---- + +["source","yaml",subs="attributes"] +---- +{beatname_lc}.inputs: +- type: cloudfoundry + api_address: https://api.dev.cfdev.sh + client_id: uaa-filebeat + client_secret: verysecret + ssl.certificate_authorities: ["/etc/pki/cf/ca.pem"] + ssl.certificate: "/etc/pki/cf/cert.pem" + ssl.key: "/etc/pki/cf/cert.key" + +---- + + +==== Configuration options + +The `cloudfoundry` input supports the following configuration options plus the +<<{beatname_lc}-input-{type}-common-options>> described later. + +[float] +==== `api_address` + +The URL of the Cloud Foundry API. Optional. Default: "http://api.bosh-lite.com". + +[float] +==== `doppler_address` + +The URL of the Cloud Foundry Doppler Websocket. Optional. Default: "(value from ${api_address}/v2/info)". + +[float] +==== `uaa_address` + +The URL of the Cloud Foundry UAA API. Optional. Default: "(value from ${api_address}/v2/info)". + +[float] +==== `rlp_address` + +The URL of the Cloud Foundry RLP Gateway. Optional. Default: "(value from ${api_address}/v2/info)". + +[float] +==== `client_id` + +Client ID to authenticate with Cloud Foundry. Default: "". + +[float] +==== `client_secret` + +Client Secret to authenticate with Cloud Foundry. Default: "". + +[float] +==== `shard_id` + +Shard ID for connection to the RLP Gateway. Use the same ID across multiple {beatname_lc} to shard the load of events +from the RLP Gateway. Default: "(generated UUID)". + +[float] +==== `ssl` + +This specifies SSL/TLS common config. Default: not used. + +[id="{beatname_lc}-input-{type}-common-options"] +include::../../../../filebeat/docs/inputs/input-common-options.asciidoc[] + +:type!: diff --git a/filebeat/docs/inputs/input-google-pubsub.asciidoc b/filebeat/docs/inputs/input-google-pubsub.asciidoc new file mode 100644 index 00000000000..c03a3327602 --- /dev/null +++ b/filebeat/docs/inputs/input-google-pubsub.asciidoc @@ -0,0 +1,98 @@ +[role="xpack"] + +:type: google-pubsub + +[id="{beatname_lc}-input-{type}"] +=== Google Cloud Pub/Sub input + +++++ +Google Pub/Sub +++++ + +Use the `google-pubsub` input to read messages from a Google Cloud Pub/Sub topic +subscription. + +This input can, for example, be used to receive Stackdriver logs that have been +exported to a Google Cloud Pub/Sub topic. + +Multiple Filebeat instances can be configured to read from the same subscription +to achieve high-availability or increased throughput. + +Example configuration: + +["source","yaml",subs="attributes"] +---- +{beatname_lc}.inputs: +- type: google-pubsub + project_id: my-gcp-project-id + topic: vpc-firewall-logs-topic + subscription.name: filebeat-vpc-firewall-logs-sub + credentials_file: ${path.config}/my-pubsub-subscriber-credentials.json +---- + + +==== Configuration options + +The `google-pubsub` input supports the following configuration options plus the +<<{beatname_lc}-input-{type}-common-options>> described later. + +[float] +==== `project_id` + +Google Cloud project ID. Required. + +[float] +==== `topic` + +Google Cloud Pub/Sub topic name. Required. + +[float] +==== `subscription.name` + +Name of the subscription to read from. Required. + +[float] +==== `subscription.create` + +Boolean value that configures the input to create the subscription if it does +not exist. The default value is `true`. + +[float] +==== `subscription.num_goroutines` + +Number of goroutines to create to read from the subscription. This does not +limit the number of messages that can be processed concurrently or the maximum +number of goroutines the input will create. Even with one goroutine, many +messages might be processed at once, because that goroutine may continually +receive messages. To limit the number of messages being processed concurrently, +set `subscription.max_outstanding_messages`. Default is 1. + + +[float] +==== `subscription.max_outstanding_messages` + +The maximum number of unprocessed messages (unacknowledged but not yet expired). +If the value is negative, then there will be no limit on the number of +unprocessed messages. Default is 1000. + +[float] +==== `credentials_file` + +Path to a JSON file containing the credentials and key used to subscribe. +As an alternative you can use the `credentials_json` config option or rely on +https://cloud.google.com/docs/authentication/production[Google Application +Default Credentials] (ADC). + +[float] +==== `credentials_json` + +JSON blob containing the credentials and key used to subscribe. This can be as +an alternative to `credentials_file` if you want to embed the credential data +within your config file or put the information into a keystore. You may also use +https://cloud.google.com/docs/authentication/production[Google Application +Default Credentials] (ADC). + +[id="{beatname_lc}-input-{type}-common-options"] +include::../../../../filebeat/docs/inputs/input-common-options.asciidoc[] + +:type!: diff --git a/filebeat/docs/inputs/input-httpjson.asciidoc b/filebeat/docs/inputs/input-httpjson.asciidoc new file mode 100644 index 00000000000..441bcde7f6e --- /dev/null +++ b/filebeat/docs/inputs/input-httpjson.asciidoc @@ -0,0 +1,167 @@ +[role="xpack"] + +:type: httpjson + +[id="{beatname_lc}-input-{type}"] +=== HTTP JSON input + +++++ +HTTP JSON +++++ + +beta[] + +Use the `httpjson` input to read messages from an HTTP API with JSON payloads. + +For example, this input is used to retrieve MISP threat indicators in the filebeat +x-pack misp module. + +This input supports timed retrieval at a configurable interval and pagination. + +Example configurations: + +["source","yaml",subs="attributes"] +---- +{beatname_lc}.inputs: +- type: httpjson + api_key: + interval: 12h + url: +---- + +["source","yaml",subs="attributes"] +---- +{beatname_lc}.inputs: +- type: httpjson + http_method: POST + json_objects_array: hits.hits + pagination: |- + { + "enabled": true, + "extra_body_content": { + "scroll": "5m" + }, + "id_field": "_scroll_id", + "req_field": "scroll_id", + "url": "http://localhost:9200/_search/scroll" + } + url: http://localhost:9200/filebeat-test/_search?scroll=5m +---- + + +==== Configuration options + +The `httpjson` input supports the following configuration options plus the +<<{beatname_lc}-input-{type}-common-options>> described later. + +[float] +==== `api_key` + +API key to access the HTTP API. Optional. Default: "", which means no API key is used. + +[float] +==== `http_client_timeout` + +Time duration before declaring that the HTTP client connection has timed out. Default: 60s. + +[float] +==== `http_headers` + +Extra HTTP header options can be set by specifying this JSON object. Default: not used. + +[float] +==== `http_method` + +This option specifies which HTTP method to use, GET or POST. Default: GET. + +[float] +==== `http_request_body` + +Any additional data that needs to be set in the HTTP request can be specified in +this JSON blob. Default: not used. + +[float] +==== `interval` + +Time duration between repeated data retrievals. Default: 0s, meaning no repeated data retrieval. + +[float] +==== `json_objects_array` + +If the HTTP API returns data in a JSON array, then this option can be set to decode these records +from the array. Default: not used. + +[float] +==== `no_http_body` + +If set, do not use HTTP request body. Default: false. + +[float] +==== `pagination.enabled` + +This option specifies whether pagination is enabled. Default: true. + +[float] +==== `pagination.extra_body_content` + +Any additional data that needs to be set in the HTTP pagination request can be specified in +this JSON blob. Default: not used. + +[float] +==== `pagination.header.field_name` + +The field name in the HTTP Header that is used for pagination control. + +[float] +==== `pagination.header.regex_pattern` + +The regular expression pattern to use for retrieving the pagination information from the HTTP Header field specified above. + +[float] +==== `pagination.id_field` + +This specifies which field to use as the pagination id, to retrieve the id from the pagination +result JSON document. Required when pagination is enabled. + +[float] +==== `pagination.req_field` + +This specifies which field to use as the pagination request id, to send to the HTTP API. +Required when pagination is enabled. + +[float] +==== `pagination.url` + +This specifies the URL for sending pagination request. Required if the pagination URL is different +than the HTTP API URL. + +[float] +==== `rate_limit.limit` + +This specifies the field in the HTTP Header of the response that specifies the total limit. + +[float] +==== `rate_limit.remaining` + +This specifies the field in the HTTP Header of the response that specifies the remaining quota of the rate limit. + +[float] +==== `rate_limit.reset` + +This specifies the field in the HTTP Header of the response that specifies the epoch time +when the rate limit will be reset. + +[float] +==== `ssl` + +This specifies SSL/TLS common config. Default: not used. + +[float] +==== `url` + +The URL of the HTTP API. Required. + +[id="{beatname_lc}-input-{type}-common-options"] +include::../../../../filebeat/docs/inputs/input-common-options.asciidoc[] + +:type!: diff --git a/filebeat/docs/inputs/input-netflow.asciidoc b/filebeat/docs/inputs/input-netflow.asciidoc new file mode 100644 index 00000000000..840ad70ec05 --- /dev/null +++ b/filebeat/docs/inputs/input-netflow.asciidoc @@ -0,0 +1,126 @@ +[role="xpack"] + +:type: netflow + +[id="{beatname_lc}-input-{type}"] +=== NetFlow input + +++++ +NetFlow +++++ + +Use the `netflow` input to read NetFlow and IPFIX exported flows +and options records over UDP. + +This input supports NetFlow versions 1, 5, 6, 7, 8 and 9, as well as +IPFIX. For NetFlow versions older than 9, fields are mapped automatically +to NetFlow v9. + +Example configuration: + +["source","yaml",subs="attributes"] +---- +{beatname_lc}.inputs: +- type: netflow + max_message_size: 10KiB + host: "0.0.0.0:2055" + protocols: [ v5, v9, ipfix ] + expiration_timeout: 30m + queue_size: 8192 + custom_definitions: + - path/to/fields.yml + detect_sequence_reset: true +---- + + +==== Configuration options + +The `netflow` input supports the following configuration options plus the +<<{beatname_lc}-input-{type}-common-options>> described later. + +include::../../../../filebeat/docs/inputs/input-common-udp-options.asciidoc[] + +[float] +[[protocols]] +==== `protocols` + +List of enabled protocols. +Valid values are `v1`, `v5`, `v6`, `v7`, `v8`, `v9` and `ipfix`. + +[float] +[[expiration_timeout]] +==== `expiration_timeout` + +The time before an idle session or unused template is expired. +Only applicable to v9 and IPFIX protocols. A value of zero disables expiration. + +[float] +[[queue_size]] +==== `queue_size` + +The maximum number of packets that can be queued for processing. +Use this setting to avoid packet-loss when dealing with occasional bursts +of traffic. + +[float] +[[custom_definitions]] +==== `custom_definitions` + +A list of paths to field definitions YAML files. These allow to update the +NetFlow/IPFIX fields with vendor extensions and to override existing fields. + +The expected format is the same as used by Logstash's NetFlow codec +{logstash-ref}/plugins-codecs-netflow.html#plugins-codecs-netflow-ipfix_definitions[ipfix_definitions] +and {logstash-ref}/plugins-codecs-netflow.html#plugins-codecs-netflow-netflow_definitions[netflow_definitions]. +{beatname_uc} will detect which of the two formats is used. + +NetFlow format example: +["source","yaml",subs="attributes"] +id: +- default length in bytes +- :name +id: +- :uintN or :intN: or :ip4_addr or :ip6_addr or :mac_addr or :string +- :name +id: +- :skip + + +Where `id` is the numeric field ID. + +The IPFIX format similar, but grouped by Private Enterprise Number (PEN): +["source","yaml",subs="attributes"] +pen1: + id: + - :uintN or :ip4_addr or :ip6_addr or :mac_addr or :string + - :name + id: + - :skip +pen2: + id: + - :octetarray + - :name + +Note that fields are shared between NetFlow V9 and IPFIX. Changes to +IPFIX PEN zero are equivalent to changes to NetFlow fields. + +[WARNING] +Overriding the names and/or types of standard fields can prevent +mapping of ECS fields to function properly. + +[float] +[[detect_sequence_reset]] +==== `detect_sequence_reset` + +Flag controlling whether {beatname_uc} should monitor sequence numbers in the +Netflow packets to detect an Exporting Process reset. When this condition is +detected, record templates for the given exporter will be dropped. This will +cause flow loss until the exporter provides new templates. If set to `false`, +{beatname_uc} will ignore sequence numbers, which can cause some invalid flows +if the exporter process is reset. This option is only applicable to Netflow V9 +and IPFIX. Default is `true`. + +[id="{beatname_lc}-input-{type}-common-options"] +include::../../../../filebeat/docs/inputs/input-common-options.asciidoc[] + +:type!: diff --git a/filebeat/docs/inputs/input-o365audit.asciidoc b/filebeat/docs/inputs/input-o365audit.asciidoc new file mode 100644 index 00000000000..cca6ed138a4 --- /dev/null +++ b/filebeat/docs/inputs/input-o365audit.asciidoc @@ -0,0 +1,138 @@ +[role="xpack"] + +:type: o365audit + +[id="{beatname_lc}-input-{type}"] +=== Office 365 Management Activity API input + +++++ +Office 365 Management Activity API +++++ + +beta[] + +Use the `o365audit` input to retrieve audit messages from Office 365 +and Azure AD activity logs. These are the same logs that are available under +_Audit_ _log_ _search_ in the _Security_ _and_ _Compliance_ center. + +A single input instance can be used to fetch events for multiple tenants as long +as a single application is configured to access all tenants. Certificate-based +authentication is recommended in this scenario. + +This input doesn't perform any transformation on the incoming messages, notably +no {ecs-ref}/ecs-reference.html[Elastic Common Schema fields] are populated, and +some data is encoded as arrays of objects, which are difficult to query in +Elasticsearch. You probably want to use the +{filebeat-ref}/filebeat-module-o365.html[Office 365 module] instead. + +Example configuration: + +["source","yaml",subs="attributes"] +---- +{beatname_lc}.inputs: +- type: o365audit + application_id: my-application-id + tenant_id: my-tenant-id + client_secret: my-client-secret +---- + +Multi-tenancy and certificate-based authentication is also supported: + +---- +{beatname_lc}.inputs: +- type: o365audit + application_id: my-application-id + tenant_id: + - tenant-id-A + - tenant-id-B + - tenant-id-C + certificate: /path/to/cert.pem + key: /path/to/private.pem + # key_passphrase: "my key's password" +---- + +==== Configuration options + +The `o365audit` input supports the following configuration options plus the +<<{beatname_lc}-input-{type}-common-options>> described later. + +[float] +===== `application_id` + +The Application ID (also known as Client ID) of the Azure application to +authenticate as. + +[float] +===== `tenant_id` + +The tenant ID (also known as Directory ID) whose data is to be fetched. It's +also possible to specify a list of tenants IDs to fetch data from more than +one tenant. + +[float] +===== `content_type` + +List of content types to fetch. The default is to fetch all known content types: + +- Audit.AzureActiveDirectory +- Audit.Exchange +- Audit.SharePoint +- Audit.General +- DLP.All + +[float] +===== `client_secret` + +The client secret used for authentication. + +[float] +===== `certificate` + +Path to the public certificate file used for certificate-based authentication. + +[float] +===== `key` + +Path to the certificate's private key file for certificate-based authentication. + +[float] +===== `key_passphrase` + +Passphrase used to decrypt the private key. + +[float] +===== `api.authentication_endpoint` + +The authentication endpoint used to authorize the Azure app. This is +`https://login.microsoftonline.com/` by default, and can be changed to access +alternative endpoints. + +===== `api.resource` + +The API resource to retrieve information from. This is +`https://manage.office.com` by default, and can be changed to access alternative +endpoints. + +===== `api.max_retention` + +The maximum data retention period to support. `168h` by default. {beatname_uc} +will fetch all retained data for a tenant when run for the first time. + +===== `api.poll_interval` + +The interval to wait before polling the API server for new events. Default `3m`. + +===== `api.max_requests_per_minute` + +The maximum number of requests to perform per minute, for each tenant. The +default is `2000`, as this is the server-side limit per tenant. + +===== `api.max_query_size` + +The maximum time window that API allows in a single query. Defaults to `24h` +to match Microsoft's documented limit. + +[id="{beatname_lc}-input-{type}-common-options"] +include::../../../../filebeat/docs/inputs/input-common-options.asciidoc[] + +:type!: diff --git a/filebeat/docs/modules/cef.asciidoc b/filebeat/docs/modules/cef.asciidoc index cb5af4a9230..38ac4e4cd5b 100644 --- a/filebeat/docs/modules/cef.asciidoc +++ b/filebeat/docs/modules/cef.asciidoc @@ -40,12 +40,6 @@ The UDP port to listen for syslog traffic. Defaults to `9003` NOTE: Ports below 1024 require Filebeat to run as root. -*`var.tags`*:: - -A list of tags to include in events. Including `forwarded` indicates that the -events did not originate on this host and causes `host.name` to not be added to -events. Defaults to `[cef, forwarded]`. - [float] ==== Forcepoint NGFW Security Management Center diff --git a/filebeat/docs/modules/googlecloud.asciidoc b/filebeat/docs/modules/googlecloud.asciidoc index bc0e62e93b8..419d8e939ee 100644 --- a/filebeat/docs/modules/googlecloud.asciidoc +++ b/filebeat/docs/modules/googlecloud.asciidoc @@ -35,7 +35,7 @@ Example config: [source,yaml] ---- -- module: googlecloud +- module: googleclcoud audit: enabled: true var.project_id: my-gcp-project-id @@ -80,7 +80,7 @@ Example config: [source,yaml] ---- -- module: googlecloud +- module: googleclcoud vpcflow: enabled: true var.project_id: my-gcp-project-id @@ -125,7 +125,7 @@ Example config: [source,yaml] ---- -- module: googlecloud +- module: googleclcoud firewall: enabled: true var.project_id: my-gcp-project-id diff --git a/filebeat/filebeat.reference.yml b/filebeat/filebeat.reference.yml index 0a3d03d98be..b3462472ad1 100644 --- a/filebeat/filebeat.reference.yml +++ b/filebeat/filebeat.reference.yml @@ -37,6 +37,24 @@ filebeat.modules: # can be added under this section. #input: +#------------------------------- Activemq Module ------------------------------- +- module: activemq + # Audit logs + audit: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: + + # Application logs + log: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: + #-------------------------------- Apache Module -------------------------------- #- module: apache # Access logs @@ -76,6 +94,348 @@ filebeat.modules: # can be added under this section. #input: +#--------------------------------- AWS Module --------------------------------- +- module: aws + cloudtrail: + enabled: false + + # AWS SQS queue url + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + + # Profile name for aws credential + # If not set the default profile is used + #var.credential_profile_name: fb-aws + + # Use access_key_id, secret_access_key and/or session_token instead of shared credential file + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + + # The duration that the received messages are hidden from ReceiveMessage request + # Default to be 300s + #var.visibility_timeout: 300s + + # Maximum duration before AWS API request will be interrupted + # Default to be 120s + #var.api_timeout: 120s + + # Custom endpoint used to access AWS APIs + #var.endpoint: amazonaws.com + + # AWS IAM Role to assume + #var.role_arn: arn:aws:iam::123456789012:role/test-mb + + cloudwatch: + enabled: false + + # AWS SQS queue url + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + + # Profile name for aws credential + # If not set the default profile is used + #var.credential_profile_name: fb-aws + + # Use access_key_id, secret_access_key and/or session_token instead of shared credential file + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + + # The duration that the received messages are hidden from ReceiveMessage request + # Default to be 300s + #var.visibility_timeout: 300s + + # Maximum duration before AWS API request will be interrupted + # Default to be 120s + #var.api_timeout: 120s + + # Custom endpoint used to access AWS APIs + #var.endpoint: amazonaws.com + + # AWS IAM Role to assume + #var.role_arn: arn:aws:iam::123456789012:role/test-mb + + ec2: + enabled: false + + # AWS SQS queue url + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + + # Profile name for aws credential + # If not set the default profile is used + #var.credential_profile_name: fb-aws + + # Use access_key_id, secret_access_key and/or session_token instead of shared credential file + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + + # The duration that the received messages are hidden from ReceiveMessage request + # Default to be 300s + #var.visibility_timeout: 300s + + # Maximum duration before AWS API request will be interrupted + # Default to be 120s + #var.api_timeout: 120s + + # Custom endpoint used to access AWS APIs + #var.endpoint: amazonaws.com + + # AWS IAM Role to assume + #var.role_arn: arn:aws:iam::123456789012:role/test-mb + + elb: + enabled: false + + # AWS SQS queue url + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + + # Profile name for aws credential + # If not set the default profile is used + #var.credential_profile_name: fb-aws + + # Use access_key_id, secret_access_key and/or session_token instead of shared credential file + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + + # The duration that the received messages are hidden from ReceiveMessage request + # Default to be 300s + #var.visibility_timeout: 300s + + # Maximum duration before AWS API request will be interrupted + # Default to be 120s + #var.api_timeout: 120s + + # Custom endpoint used to access AWS APIs + #var.endpoint: amazonaws.com + + # AWS IAM Role to assume + #var.role_arn: arn:aws:iam::123456789012:role/test-mb + + s3access: + enabled: false + + # AWS SQS queue url + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + + # Profile name for aws credential + # If not set the default profile is used + #var.credential_profile_name: fb-aws + + # Use access_key_id, secret_access_key and/or session_token instead of shared credential file + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + + # The duration that the received messages are hidden from ReceiveMessage request + # Default to be 300s + #var.visibility_timeout: 300s + + # Maximum duration before AWS API request will be interrupted + # Default to be 120s + #var.api_timeout: 120s + + # Custom endpoint used to access AWS APIs + #var.endpoint: amazonaws.com + + # AWS IAM Role to assume + #var.role_arn: arn:aws:iam::123456789012:role/test-mb + + vpcflow: + enabled: false + + # AWS SQS queue url + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + + # Profile name for aws credential + # If not set the default profile is used + #var.credential_profile_name: fb-aws + + # Use access_key_id, secret_access_key and/or session_token instead of shared credential file + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + + # The duration that the received messages are hidden from ReceiveMessage request + # Default to be 300s + #var.visibility_timeout: 300s + + # Maximum duration before AWS API request will be interrupted + # Default to be 120s + #var.api_timeout: 120s + + # Custom endpoint used to access AWS APIs + #var.endpoint: amazonaws.com + + # AWS IAM Role to assume + #var.role_arn: arn:aws:iam::123456789012:role/test-mb + +#-------------------------------- Azure Module -------------------------------- +- module: azure + # All logs + activitylogs: + enabled: true + var: + # eventhub name containing the activity logs, overwrite he default value if the logs are exported in a different eventhub + eventhub: "insights-operational-logs" + # consumer group name that has access to the event hub, we advise creating a dedicated consumer group for the azure module + consumer_group: "$Default" + # the connection string required to communicate with Event Hubs, steps to generate one here https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-get-connection-string + connection_string: "" + # the name of the storage account the state/offsets will be stored and updated + storage_account: "" + # the storage account key, this key will be used to authorize access to data in your storage account + storage_account_key: "" + + auditlogs: + enabled: false + # var: + # eventhub: "insights-logs-auditlogs" + # consumer_group: "$Default" + # connection_string: "" + # storage_account: "" + # storage_account_key: "" + signinlogs: + enabled: false + # var: + # eventhub: "insights-logs-signinlogs" + # consumer_group: "$Default" + # connection_string: "" + # storage_account: "" + # storage_account_key: "" + +#--------------------------------- CEF Module --------------------------------- +- module: cef + log: + enabled: true + var: + syslog_host: localhost + syslog_port: 9003 + +#------------------------------ Checkpoint Module ------------------------------ +- module: checkpoint + firewall: + enabled: true + + # Set which input to use between syslog (default) or file. + #var.input: syslog + + # The interface to listen to UDP based syslog traffic. Defaults to + # localhost. Set to 0.0.0.0 to bind to all available interfaces. + #var.syslog_host: localhost + + # The UDP port to listen for syslog traffic. Defaults to 9001. + #var.syslog_port: 9001 + + # Set the log level from 1 (alerts only) to 7 (include all messages). + # Messages with a log level higher than the specified will be dropped. + # See https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs-sev-level.html + #var.log_level: 7 +#-------------------------------- Cisco Module -------------------------------- +- module: cisco + asa: + enabled: true + + # Set which input to use between syslog (default) or file. + #var.input: syslog + + # The interface to listen to UDP based syslog traffic. Defaults to + # localhost. Set to 0.0.0.0 to bind to all available interfaces. + #var.syslog_host: localhost + + # The UDP port to listen for syslog traffic. Defaults to 9001. + #var.syslog_port: 9001 + + # Set the log level from 1 (alerts only) to 7 (include all messages). + # Messages with a log level higher than the specified will be dropped. + # See https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs-sev-level.html + #var.log_level: 7 + + ftd: + enabled: true + + # Set which input to use between syslog (default) or file. + #var.input: syslog + + # The interface to listen to UDP based syslog traffic. Defaults to + # localhost. Set to 0.0.0.0 to bind to all available interfaces. + #var.syslog_host: localhost + + # The UDP port to listen for syslog traffic. Defaults to 9003. + #var.syslog_port: 9003 + + # Set the log level from 1 (alerts only) to 7 (include all messages). + # Messages with a log level higher than the specified will be dropped. + # See https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/b_fptd_syslog_guide/syslogs-sev-level.html + #var.log_level: 7 + + ios: + enabled: true + + # Set which input to use between syslog (default) or file. + #var.input: syslog + + # The interface to listen to UDP based syslog traffic. Defaults to + # localhost. Set to 0.0.0.0 to bind to all available interfaces. + #var.syslog_host: localhost + + # The UDP port to listen for syslog traffic. Defaults to 9002. + #var.syslog_port: 9002 + + # Set custom paths for the log files when using file input. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: + +#------------------------------- Coredns Module ------------------------------- +- module: coredns + # Fileset for native deployment + log: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: + +#----------------------------- Crowdstrike Module ----------------------------- +- module: crowdstrike + + falcon: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: + #---------------------------- Elasticsearch Module ---------------------------- - module: elasticsearch # Server log @@ -110,6 +470,72 @@ filebeat.modules: # Filebeat will choose the paths depending on your OS. #var.paths: +#------------------------------ Envoyproxy Module ------------------------------ +- module: envoyproxy + # Fileset for native deployment + log: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: + +#----------------------------- Google Cloud Module ----------------------------- +- module: googlecloud + vpcflow: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be + # configured to use this topic as a sink for VPC flow logs. + var.topic: googlecloud-vpc-flowlogs + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + firewall: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: googlecloud-vpc-firewall + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-googlecloud-firewall-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + audit: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: googlecloud-vpc-audit + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-googlecloud-audit + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + #------------------------------- HAProxy Module ------------------------------- - module: haproxy # All logs @@ -123,6 +549,16 @@ filebeat.modules: # Filebeat will choose the paths depending on your OS. #var.paths: +#-------------------------------- Ibmmq Module -------------------------------- +- module: ibmmq + # All logs + errorlog: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: + #-------------------------------- Icinga Module -------------------------------- #- module: icinga # Main logs @@ -187,6 +623,18 @@ filebeat.modules: # can be added under this section. #input: +#------------------------------- Iptables Module ------------------------------- +- module: iptables + log: + enabled: true + + # Set which input to use between syslog (default) or file. + #var.input: + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: + #-------------------------------- Kafka Module -------------------------------- - module: kafka # All logs @@ -229,6 +677,25 @@ filebeat.modules: # Filebeat will choose the paths depending on your OS. #var.paths: +#--------------------------------- MISP Module --------------------------------- +- module: misp + threat: + enabled: true + # API key to access MISP + #var.api_key + + # Array object in MISP response + #var.json_objects_array + + # URL of the MISP REST API + #var.url + + # You can also pass SSL options. For example: + #var.ssl: |- + # { + # verification_mode: none + # } + #------------------------------- Mongodb Module ------------------------------- #- module: mongodb # Logs @@ -243,6 +710,16 @@ filebeat.modules: # can be added under this section. #input: +#-------------------------------- Mssql Module -------------------------------- +- module: mssql + # Fileset for native deployment + log: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: + #-------------------------------- MySQL Module -------------------------------- #- module: mysql # Error logs @@ -279,6 +756,14 @@ filebeat.modules: # Filebeat will choose the paths depending on your OS. #var.paths: +#------------------------------- NetFlow Module ------------------------------- +- module: netflow + log: + enabled: true + var: + netflow_host: localhost + netflow_port: 2055 + #-------------------------------- Nginx Module -------------------------------- #- module: nginx # Access logs @@ -313,6 +798,69 @@ filebeat.modules: # # Filebeat will choose the paths depending on your OS. # #var.paths: +#------------------------------ Office 365 Module ------------------------------ +- module: o365 + audit: + enabled: true + + # Set the application_id (also known as client ID): + var.application_id: "" + + # Configure the tenants to monitor: + # Use the tenant ID (also known as directory ID) and the domain name. + # var.tenants: + # - id: "tenant_id_1" + # name: "mydomain.onmicrosoft.com" + # - id: "tenant_id_2" + # name: "mycompany.com" + var.tenants: + - id: "" + name: "mytenant.onmicrosoft.com" + + # List of content-types to fetch. By default all known content-types + # are retrieved: + # var.content_type: + # - "Audit.AzureActiveDirectory" + # - "Audit.Exchange" + # - "Audit.SharePoint" + # - "Audit.General" + # - "DLP.All" + + # Use the following settings to enable certificate-based authentication: + # var.certificate: "/path/to/certificate.pem" + # var.key: "/path/to/private_key.pem" + # var.key_passphrase: "myPrivateKeyPassword" + + # Client-secret based authentication: + # Comment the following line if using certificate authentication. + var.client_secret: "" + + # Advanced settings, use with care: + # var.api: + # # Settings for custom endpoints: + # authentication_endpoint: "https://login.microsoftonline.us/" + # resource: "https://manage.office365.us" + # + # max_retention: 7d + # max_requests_per_minute: 2000 + # poll_interval: 3m + +#--------------------------------- Okta Module --------------------------------- +- module: okta + system: + enabled: true + # API key to access Okta + #var.api_key + + # URL of the Okta REST API + #var.url + + # Disable SSL verification + #var.ssl: |- + # { + # "verification_mode": "none" + # } + #------------------------------- Osquery Module ------------------------------- - module: osquery result: @@ -327,6 +875,18 @@ filebeat.modules: # of the document. The default is true. #var.use_namespace: true +#--------------------------------- Panw Module --------------------------------- +- module: panw + panos: + enabled: true + + # Set which input to use between syslog (default) or file. + #var.input: + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: + #------------------------------ PostgreSQL Module ------------------------------ #- module: postgresql # Logs @@ -341,6 +901,16 @@ filebeat.modules: # can be added under this section. #input: +#------------------------------- RabbitMQ Module ------------------------------- +- module: rabbitmq + # All logs + log: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: ["/var/log/rabbitmq/rabbit@localhost.log*"] + #-------------------------------- Redis Module -------------------------------- #- module: redis # Main logs @@ -369,6 +939,16 @@ filebeat.modules: # Filebeat will choose the the default path. #var.paths: +#------------------------------- Suricata Module ------------------------------- +- module: suricata + # All logs + eve: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: + #------------------------------- Traefik Module ------------------------------- #- module: traefik # Access logs @@ -383,6 +963,89 @@ filebeat.modules: # can be added under this section. #input: +#--------------------------------- Zeek Module --------------------------------- +- module: zeek + capture_loss: + enabled: true + connection: + enabled: true + dce_rpc: + enabled: true + dhcp: + enabled: true + dnp3: + enabled: true + dns: + enabled: true + dpd: + enabled: true + files: + enabled: true + ftp: + enabled: true + http: + enabled: true + intel: + enabled: true + irc: + enabled: true + kerberos: + enabled: true + modbus: + enabled: true + mysql: + enabled: true + notice: + enabled: true + ntlm: + enabled: true + ocsp: + enabled: true + pe: + enabled: true + radius: + enabled: true + rdp: + enabled: true + rfb: + enabled: true + signatures: + enabled: true + sip: + enabled: true + smb_cmd: + enabled: true + smb_files: + enabled: true + smb_mapping: + enabled: true + smtp: + enabled: true + snmp: + enabled: true + socks: + enabled: true + ssh: + enabled: true + ssl: + enabled: true + stats: + enabled: true + syslog: + enabled: true + traceroute: + enabled: true + tunnel: + enabled: true + weird: + enabled: true + x509: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: + #=========================== Filebeat inputs ============================= diff --git a/filebeat/include/list.go b/filebeat/include/list.go index 7cc66b3894b..ceaebbead7d 100644 --- a/filebeat/include/list.go +++ b/filebeat/include/list.go @@ -21,34 +21,62 @@ package include import ( // Import packages that need to register themselves. + _ "github.com/elastic/beats/v7/filebeat/input/azureeventhub" + _ "github.com/elastic/beats/v7/filebeat/input/cloudfoundry" _ "github.com/elastic/beats/v7/filebeat/input/container" _ "github.com/elastic/beats/v7/filebeat/input/docker" + _ "github.com/elastic/beats/v7/filebeat/input/googlepubsub" + _ "github.com/elastic/beats/v7/filebeat/input/httpjson" _ "github.com/elastic/beats/v7/filebeat/input/kafka" _ "github.com/elastic/beats/v7/filebeat/input/log" _ "github.com/elastic/beats/v7/filebeat/input/mqtt" + _ "github.com/elastic/beats/v7/filebeat/input/netflow" + _ "github.com/elastic/beats/v7/filebeat/input/o365audit" _ "github.com/elastic/beats/v7/filebeat/input/redis" + _ "github.com/elastic/beats/v7/filebeat/input/s3" _ "github.com/elastic/beats/v7/filebeat/input/stdin" _ "github.com/elastic/beats/v7/filebeat/input/syslog" _ "github.com/elastic/beats/v7/filebeat/input/tcp" _ "github.com/elastic/beats/v7/filebeat/input/udp" _ "github.com/elastic/beats/v7/filebeat/input/unix" + _ "github.com/elastic/beats/v7/filebeat/module/activemq" _ "github.com/elastic/beats/v7/filebeat/module/apache" _ "github.com/elastic/beats/v7/filebeat/module/auditd" + _ "github.com/elastic/beats/v7/filebeat/module/aws" + _ "github.com/elastic/beats/v7/filebeat/module/azure" + _ "github.com/elastic/beats/v7/filebeat/module/cef" + _ "github.com/elastic/beats/v7/filebeat/module/checkpoint" + _ "github.com/elastic/beats/v7/filebeat/module/cisco" + _ "github.com/elastic/beats/v7/filebeat/module/coredns" + _ "github.com/elastic/beats/v7/filebeat/module/crowdstrike" _ "github.com/elastic/beats/v7/filebeat/module/elasticsearch" + _ "github.com/elastic/beats/v7/filebeat/module/envoyproxy" + _ "github.com/elastic/beats/v7/filebeat/module/googlecloud" _ "github.com/elastic/beats/v7/filebeat/module/haproxy" + _ "github.com/elastic/beats/v7/filebeat/module/ibmmq" _ "github.com/elastic/beats/v7/filebeat/module/icinga" _ "github.com/elastic/beats/v7/filebeat/module/iis" + _ "github.com/elastic/beats/v7/filebeat/module/iptables" _ "github.com/elastic/beats/v7/filebeat/module/kafka" _ "github.com/elastic/beats/v7/filebeat/module/kibana" _ "github.com/elastic/beats/v7/filebeat/module/logstash" + _ "github.com/elastic/beats/v7/filebeat/module/misp" _ "github.com/elastic/beats/v7/filebeat/module/mongodb" + _ "github.com/elastic/beats/v7/filebeat/module/mssql" _ "github.com/elastic/beats/v7/filebeat/module/mysql" _ "github.com/elastic/beats/v7/filebeat/module/nats" + _ "github.com/elastic/beats/v7/filebeat/module/netflow" _ "github.com/elastic/beats/v7/filebeat/module/nginx" + _ "github.com/elastic/beats/v7/filebeat/module/o365" + _ "github.com/elastic/beats/v7/filebeat/module/okta" _ "github.com/elastic/beats/v7/filebeat/module/osquery" + _ "github.com/elastic/beats/v7/filebeat/module/panw" _ "github.com/elastic/beats/v7/filebeat/module/postgresql" + _ "github.com/elastic/beats/v7/filebeat/module/rabbitmq" _ "github.com/elastic/beats/v7/filebeat/module/redis" _ "github.com/elastic/beats/v7/filebeat/module/santa" + _ "github.com/elastic/beats/v7/filebeat/module/suricata" _ "github.com/elastic/beats/v7/filebeat/module/system" _ "github.com/elastic/beats/v7/filebeat/module/traefik" + _ "github.com/elastic/beats/v7/filebeat/module/zeek" ) diff --git a/filebeat/input/azureeventhub/azureeventhub_integration_test.go b/filebeat/input/azureeventhub/azureeventhub_integration_test.go new file mode 100644 index 00000000000..e14bb41a918 --- /dev/null +++ b/filebeat/input/azureeventhub/azureeventhub_integration_test.go @@ -0,0 +1,119 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// +build integration +// +build azure + +package azureeventhub + +import ( + "context" + "os" + "sync" + "testing" + "time" + + eventhub "github.com/Azure/azure-event-hubs-go/v3" + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/filebeat/channel" + "github.com/elastic/beats/v7/filebeat/input" + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common" +) + +var ( + azureConfig = common.MustNewConfigFrom(common.MapStr{ + "storage_account_key": lookupEnv("STORAGE_ACCOUNT_NAME"), + "storage_account": lookupEnv("STORAGE_ACCOUNT_KEY"), + "storage_account_container": ephContainerName, + "connection_string": lookupEnv("EVENTHUB_CONNECTION_STRING"), + "consumer_group": lookupEnv("EVENTHUB_CONSUMERGROUP"), + "eventhub": lookupEnv("EVENTHUB_NAME"), + }) + + message = "{\"records\":[{\"some_field\":\"this is some message\",\"time\":\"2019-12-17T13:43:44.4946995Z\"}" +) + +func TestInput(t *testing.T) { + err := addEventToHub(lookupEnv("EVENTHUB_CONNECTION_STRING")) + if err != nil { + t.Fatal(err) + } + context := input.Context{ + Done: make(chan struct{}), + BeatDone: make(chan struct{}), + } + + o := &stubOutleter{} + o.cond = sync.NewCond(o) + defer o.Close() + + connector := channel.ConnectorFunc(func(_ *common.Config, _ beat.ClientConfig) (channel.Outleter, error) { + return o, nil + }) + input, err := NewInput(azureConfig, connector, context) + if err != nil { + t.Fatal(err) + } + + // Run the input and wait for finalization + input.Run() + + timeout := time.After(30 * time.Second) + // Route input events through our capturer instead of sending through ES. + events := make(chan beat.Event, 100) + defer close(events) + + select { + case event := <-events: + text, err := event.Fields.GetValue("message") + if err != nil { + t.Fatal(err) + } + assert.Equal(t, text, message) + + case <-timeout: + t.Fatal("timeout waiting for incoming events") + } + + // Close the done channel and make sure the beat shuts down in a reasonable + // amount of time. + close(context.Done) + didClose := make(chan struct{}) + go func() { + input.Wait() + close(didClose) + }() + + select { + case <-time.After(30 * time.Second): + t.Fatal("timeout waiting for beat to shut down") + case <-didClose: + } +} + +func lookupEnv(t *testing.T, varName string) string { + value, ok := os.LookupEnv(varName) + if !ok { + t.Fatalf("Environment variable %s is not set", varName) + } + return value +} + +func addEventToHub(connStr string) error { + hub, err := eventhub.NewHubFromConnectionString(connStr) + if err != nil { + return err + } + ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second) + // send a single message into a random partition + err = hub.Send(ctx, eventhub.NewEventFromString(message)) + if err != nil { + return err + } + hub.Close(ctx) + defer cancel() + return nil +} diff --git a/filebeat/input/azureeventhub/config.go b/filebeat/input/azureeventhub/config.go new file mode 100644 index 00000000000..0521d3a76e6 --- /dev/null +++ b/filebeat/input/azureeventhub/config.go @@ -0,0 +1,41 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package azureeventhub + +import ( + "errors" + "fmt" +) + +type azureInputConfig struct { + ConnectionString string `config:"connection_string" validate:"required"` + EventHubName string `config:"eventhub" validate:"required"` + ConsumerGroup string `config:"consumer_group"` + // Azure Storage container to store leases and checkpoints + SAName string `config:"storage_account"` + SAKey string `config:"storage_account_key"` + SAContainer string `config:"storage_account_container"` + // by default the azure public environment is used, to override, users can provide a specific resource manager endpoint + OverrideEnvironment string `config:"resource_manager_endpoint"` +} + +const ephContainerName = "filebeat" + +// Validate validates the config. +func (conf *azureInputConfig) Validate() error { + if conf.ConnectionString == "" { + return errors.New("no connection string configured") + } + if conf.EventHubName == "" { + return errors.New("no event hub name configured") + } + if conf.SAName == "" || conf.SAKey == "" { + return errors.New("missing storage account information") + } + if conf.SAContainer == "" { + conf.SAContainer = fmt.Sprintf("%s-%s", ephContainerName, conf.EventHubName) + } + return nil +} diff --git a/filebeat/input/azureeventhub/eph.go b/filebeat/input/azureeventhub/eph.go new file mode 100644 index 00000000000..bab54a45223 --- /dev/null +++ b/filebeat/input/azureeventhub/eph.go @@ -0,0 +1,100 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package azureeventhub + +import ( + "context" + "errors" + "fmt" + + eventhub "github.com/Azure/azure-event-hubs-go/v3" + "github.com/Azure/azure-event-hubs-go/v3/eph" + "github.com/Azure/azure-event-hubs-go/v3/storage" + "github.com/Azure/azure-storage-blob-go/azblob" + "github.com/Azure/go-autorest/autorest/azure" +) + +// users can select from one of the already defined azure cloud envs +var environments = map[string]azure.Environment{ + azure.ChinaCloud.ResourceManagerEndpoint: azure.ChinaCloud, + azure.GermanCloud.ResourceManagerEndpoint: azure.GermanCloud, + azure.PublicCloud.ResourceManagerEndpoint: azure.PublicCloud, + azure.USGovernmentCloud.ResourceManagerEndpoint: azure.USGovernmentCloud, +} + +// runWithEPH will consume ingested events using the Event Processor Host (EPH) https://github.com/Azure/azure-event-hubs-go#event-processor-host, https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-event-processor-host +func (a *azureInput) runWithEPH() error { + // create a new Azure Storage Leaser / Checkpointer + cred, err := azblob.NewSharedKeyCredential(a.config.SAName, a.config.SAKey) + if err != nil { + return err + } + env, err := getAzureEnvironment(a.config.OverrideEnvironment) + if err != nil { + return err + } + leaserCheckpointer, err := storage.NewStorageLeaserCheckpointer(cred, a.config.SAName, a.config.SAContainer, env) + if err != nil { + return err + } + // adding a nil EventProcessorHostOption will break the code, this is why a condition is added and a.processor is assigned + if a.config.ConsumerGroup != "" { + a.processor, err = eph.NewFromConnectionString( + a.workerCtx, + fmt.Sprintf("%s%s%s", a.config.ConnectionString, eventHubConnector, a.config.EventHubName), + leaserCheckpointer, + leaserCheckpointer, + eph.WithConsumerGroup(a.config.ConsumerGroup)) + } else { + a.processor, err = eph.NewFromConnectionString( + a.workerCtx, + fmt.Sprintf("%s%s%s", a.config.ConnectionString, eventHubConnector, a.config.EventHubName), + leaserCheckpointer, + leaserCheckpointer) + } + if err != nil { + return err + } + + // register a message handler -- many can be registered + handlerID, err := a.processor.RegisterHandler(a.workerCtx, + func(c context.Context, e *eventhub.Event) error { + var onEventErr error + // partitionID is not yet mapped in the azure-eventhub sdk + ok := a.processEvents(e, "") + if !ok { + onEventErr = errors.New("OnEvent function returned false. Stopping input worker") + a.log.Debug(onEventErr.Error()) + a.Stop() + } + return onEventErr + }) + if err != nil { + return err + } + a.log.Infof("handler id: %q is running\n", handlerID) + + // unregister a handler to stop that handler from receiving events + // processor.UnregisterHandler(ctx, handleID) + + // start handling messages from all of the partitions balancing across multiple consumers + err = a.processor.Start(a.workerCtx) + if err != nil { + return err + } + return nil +} + +func getAzureEnvironment(overrideResManager string) (azure.Environment, error) { + // if no overrride is set then the azure public cloud is used + if overrideResManager == "" { + return azure.PublicCloud, nil + } + if env, ok := environments[overrideResManager]; ok { + return env, nil + } + // can retrieve hybrid env from the resource manager endpoint + return azure.EnvironmentFromURL(overrideResManager) +} diff --git a/filebeat/input/azureeventhub/eph_test.go b/filebeat/input/azureeventhub/eph_test.go new file mode 100644 index 00000000000..b48499eb7c4 --- /dev/null +++ b/filebeat/input/azureeventhub/eph_test.go @@ -0,0 +1,44 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package azureeventhub + +import ( + "testing" + + "github.com/Azure/go-autorest/autorest/azure" + + "github.com/stretchr/testify/assert" +) + +var ( + invalidConfig = azureInputConfig{ + SAKey: "invalid_key", + SAName: "storage", + SAContainer: ephContainerName, + ConnectionString: "invalid_connection_string", + ConsumerGroup: "$Default", + } +) + +func TestRunWithEPH(t *testing.T) { + input := azureInput{config: invalidConfig} + // decoding error when key is invalid + err := input.runWithEPH() + assert.Error(t, err, '7') +} + +func TestGetAzureEnvironment(t *testing.T) { + resMan := "" + env, err := getAzureEnvironment(resMan) + assert.NoError(t, err) + assert.Equal(t, env, azure.PublicCloud) + resMan = "https://management.microsoftazure.de/" + env, err = getAzureEnvironment(resMan) + assert.NoError(t, err) + assert.Equal(t, env, azure.GermanCloud) + resMan = "http://management.invalidhybrid.com/" + env, err = getAzureEnvironment(resMan) + assert.Errorf(t, err, "invalid character 'F' looking for beginning of value") +} diff --git a/filebeat/input/azureeventhub/file_persister_test.go b/filebeat/input/azureeventhub/file_persister_test.go new file mode 100644 index 00000000000..06f6a308ca8 --- /dev/null +++ b/filebeat/input/azureeventhub/file_persister_test.go @@ -0,0 +1,46 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package azureeventhub + +import ( + "os" + "path" + "testing" + "time" + + "github.com/Azure/azure-event-hubs-go/v3/persist" + + "github.com/stretchr/testify/assert" +) + +func TestFilePersister_Read(t *testing.T) { + namespace := "namespace" + name := "name" + consumerGroup := "$Default" + partitionID := "0" + dir := path.Join(os.TempDir(), "read") + persister, err := persist.NewFilePersister(dir) + assert.Nil(t, err) + ckp, err := persister.Read(namespace, name, consumerGroup, partitionID) + assert.NotNil(t, err) + assert.Equal(t, persist.NewCheckpointFromStartOfStream(), ckp) +} + +func TestFilePersister_Write(t *testing.T) { + namespace := "namespace" + name := "name" + consumerGroup := "$Default" + partitionID := "0" + dir := path.Join(os.TempDir(), "write") + persister, err := persist.NewFilePersister(dir) + assert.Nil(t, err) + ckp := persist.NewCheckpoint("120", 22, time.Now()) + err = persister.Write(namespace, name, consumerGroup, partitionID, ckp) + assert.Nil(t, err) + ckp2, err := persister.Read(namespace, name, consumerGroup, partitionID) + assert.Nil(t, err) + assert.Equal(t, ckp.Offset, ckp2.Offset) + assert.Equal(t, ckp.SequenceNumber, ckp2.SequenceNumber) +} diff --git a/filebeat/input/azureeventhub/input.go b/filebeat/input/azureeventhub/input.go new file mode 100644 index 00000000000..2cf6494f8d7 --- /dev/null +++ b/filebeat/input/azureeventhub/input.go @@ -0,0 +1,223 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package azureeventhub + +import ( + "context" + "encoding/json" + "fmt" + "sync" + "time" + + "github.com/pkg/errors" + + "github.com/elastic/beats/v7/filebeat/channel" + "github.com/elastic/beats/v7/filebeat/input" + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/logp" + + eventhub "github.com/Azure/azure-event-hubs-go/v3" + "github.com/Azure/azure-event-hubs-go/v3/eph" +) + +const ( + eventHubConnector = ";EntityPath=" + expandEventListFromField = "records" +) + +// azureInput struct for the azure-eventhub input +type azureInput struct { + config azureInputConfig // azure-eventhub configuration + context input.Context + outlet channel.Outleter + log *logp.Logger // logging info and error messages + workerCtx context.Context // worker goroutine context. It's cancelled when the input stops or the worker exits. + workerCancel context.CancelFunc // used to signal that the worker should stop. + workerOnce sync.Once // guarantees that the worker goroutine is only started once. + workerWg sync.WaitGroup // waits on worker goroutine. + processor *eph.EventProcessorHost // eph will be assigned if users have enabled the option + hub *eventhub.Hub // hub will be assigned + ackChannel chan int +} + +const ( + inputName = "azure-eventhub" +) + +func init() { + err := input.Register(inputName, NewInput) + if err != nil { + panic(errors.Wrapf(err, "failed to register %v input", inputName)) + } +} + +// NewInput creates a new azure-eventhub input +func NewInput( + cfg *common.Config, + connector channel.Connector, + inputContext input.Context, +) (input.Input, error) { + var config azureInputConfig + if err := cfg.Unpack(&config); err != nil { + return nil, errors.Wrapf(err, "reading %s input config", inputName) + } + + inputCtx, cancelInputCtx := context.WithCancel(context.Background()) + go func() { + defer cancelInputCtx() + select { + case <-inputContext.Done: + case <-inputCtx.Done(): + } + }() + + // If the input ever needs to be made restartable, then context would need + // to be recreated with each restart. + workerCtx, workerCancel := context.WithCancel(inputCtx) + + in := &azureInput{ + config: config, + log: logp.NewLogger(fmt.Sprintf("%s input", inputName)).With("connection string", config.ConnectionString), + context: inputContext, + workerCtx: workerCtx, + workerCancel: workerCancel, + } + out, err := connector.ConnectWith(cfg, beat.ClientConfig{ + Processing: beat.ProcessingConfig{ + DynamicFields: inputContext.DynamicFields, + }, + }) + if err != nil { + return nil, err + } + in.outlet = out + in.log.Infof("Initialized %s input.", inputName) + return in, nil +} + +// Run starts the input worker then returns. Only the first invocation +// will ever start the worker. +func (a *azureInput) Run() { + a.workerOnce.Do(func() { + a.workerWg.Add(1) + go func() { + a.log.Infof("%s input worker has started.", inputName) + defer a.log.Infof("%s input worker has stopped.", inputName) + defer a.workerWg.Done() + defer a.workerCancel() + err := a.runWithEPH() + if err != nil { + a.log.Error(err) + return + } + }() + }) +} + +// run will run the input with the non-eph version, this option will be available once a more reliable storage is in place, it is curently using an in-memory storage +//func (a *azureInput) run() error { +// var err error +// a.hub, err = eventhub.NewHubFromConnectionString(fmt.Sprintf("%s%s%s", a.config.ConnectionString, eventHubConnector, a.config.EventHubName)) +// if err != nil { +// return err +// } +// // listen to each partition of the Event Hub +// runtimeInfo, err := a.hub.GetRuntimeInformation(a.workerCtx) +// if err != nil { +// return err +// } +// +// for _, partitionID := range runtimeInfo.PartitionIDs { +// // Start receiving messages +// handler := func(c context.Context, event *eventhub.Event) error { +// a.log.Info(string(event.Data)) +// return a.processEvents(event, partitionID) +// } +// var err error +// // sending a nill ReceiveOption will throw an exception +// if a.config.ConsumerGroup != "" { +// _, err = a.hub.Receive(a.workerCtx, partitionID, handler, eventhub.ReceiveWithConsumerGroup(a.config.ConsumerGroup)) +// } else { +// _, err = a.hub.Receive(a.workerCtx, partitionID, handler) +// } +// if err != nil { +// return err +// } +// } +// return nil +//} + +// Stop stops TCP server +func (a *azureInput) Stop() { + if a.hub != nil { + err := a.hub.Close(a.workerCtx) + if err != nil { + a.log.Errorw(fmt.Sprintf("error while closing eventhub"), "error", err) + } + } + if a.processor != nil { + err := a.processor.Close(a.workerCtx) + if err != nil { + a.log.Errorw(fmt.Sprintf("error while closing eventhostprocessor"), "error", err) + } + } + a.workerCancel() + a.workerWg.Wait() +} + +// Wait stop the current server +func (a *azureInput) Wait() { + a.Stop() +} + +func (a *azureInput) processEvents(event *eventhub.Event, partitionID string) bool { + timestamp := time.Now() + azure := common.MapStr{ + // partitionID is only mapped in the non-eph option which is not available yet, this field will be temporary unavailable + //"partition_id": partitionID, + "eventhub": a.config.EventHubName, + "consumer_group": a.config.ConsumerGroup, + } + messages := a.parseMultipleMessages(event.Data) + for _, msg := range messages { + azure.Put("offset", event.SystemProperties.Offset) + azure.Put("sequence_number", event.SystemProperties.SequenceNumber) + azure.Put("enqueued_time", event.SystemProperties.EnqueuedTime) + ok := a.outlet.OnEvent(beat.Event{ + Timestamp: timestamp, + Fields: common.MapStr{ + "message": msg, + "azure": azure, + }, + Private: event.Data, + }) + if !ok { + return ok + } + } + return true +} + +// parseMultipleMessages will try to split the message into multiple ones based on the group field provided by the configuration +func (a *azureInput) parseMultipleMessages(bMessage []byte) []string { + var obj map[string][]interface{} + err := json.Unmarshal(bMessage, &obj) + if err != nil { + a.log.Errorw(fmt.Sprintf("deserializing multiple messages using the group object `records`"), "error", err) + } + var messages []string + if len(obj[expandEventListFromField]) > 0 { + for _, ms := range obj[expandEventListFromField] { + js, err := json.Marshal(ms) + if err == nil { + messages = append(messages, string(js)) + } else { + a.log.Errorw(fmt.Sprintf("serializing message %s", ms), "error", err) + } + } + } + return messages +} diff --git a/filebeat/input/azureeventhub/input_test.go b/filebeat/input/azureeventhub/input_test.go new file mode 100644 index 00000000000..6e6cd47484c --- /dev/null +++ b/filebeat/input/azureeventhub/input_test.go @@ -0,0 +1,120 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package azureeventhub + +import ( + "fmt" + "sync" + "testing" + "time" + + eventhub "github.com/Azure/azure-event-hubs-go/v3" + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/filebeat/channel" + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common" +) + +var ( + config = azureInputConfig{ + SAKey: "", + SAName: "", + SAContainer: ephContainerName, + ConnectionString: "", + ConsumerGroup: "", + } +) + +func TestProcessEvents(t *testing.T) { + // Stub outlet for receiving events generated by the input. + o := &stubOutleter{} + out, err := newStubOutlet(o) + if err != nil { + t.Fatal(err) + } + input := azureInput{ + config: config, + outlet: out, + } + var sn int64 = 12 + now := time.Now() + var off int64 = 1234 + var pID int16 = 1 + + properties := eventhub.SystemProperties{ + SequenceNumber: &sn, + EnqueuedTime: &now, + Offset: &off, + PartitionID: &pID, + PartitionKey: nil, + } + single := "{\"test\":\"this is some message\",\"time\":\"2019-12-17T13:43:44.4946995Z\"}" + msg := fmt.Sprintf("{\"records\":[%s]}", single) + ev := eventhub.Event{ + Data: []byte(msg), + SystemProperties: &properties, + } + ok := input.processEvents(&ev, "0") + if !ok { + t.Fatal("OnEvent function returned false") + } + assert.Equal(t, len(o.Events), 1) + message, err := o.Events[0].Fields.GetValue("message") + if err != nil { + t.Fatal(err) + } + assert.Equal(t, message, single) +} + +func TestParseMultipleMessages(t *testing.T) { + msg := "{\"records\":[{\"test\":\"this is some message\",\"time\":\"2019-12-17T13:43:44.4946995Z\"}," + + "{\"test\":\"this is 2nd message\",\"time\":\"2019-12-17T13:43:44.4946995Z\"}," + + "{\"test\":\"this is 3rd message\",\"time\":\"2019-12-17T13:43:44.4946995Z\"}]}" + input := azureInput{} + messages := input.parseMultipleMessages([]byte(msg)) + assert.NotNil(t, messages) + assert.Equal(t, len(messages), 3) + msgs := []string{ + fmt.Sprintf("{\"test\":\"this is some message\",\"time\":\"2019-12-17T13:43:44.4946995Z\"}"), + fmt.Sprintf("{\"test\":\"this is 2nd message\",\"time\":\"2019-12-17T13:43:44.4946995Z\"}"), + fmt.Sprintf("{\"test\":\"this is 3rd message\",\"time\":\"2019-12-17T13:43:44.4946995Z\"}")} + for _, ms := range messages { + assert.Contains(t, msgs, ms) + } +} + +type stubOutleter struct { + sync.Mutex + cond *sync.Cond + done bool + Events []beat.Event +} + +func newStubOutlet(stub *stubOutleter) (channel.Outleter, error) { + stub.cond = sync.NewCond(stub) + defer stub.Close() + + connector := channel.ConnectorFunc(func(_ *common.Config, _ beat.ClientConfig) (channel.Outleter, error) { + return stub, nil + }) + return connector.ConnectWith(nil, beat.ClientConfig{ + Processing: beat.ProcessingConfig{}, + }) +} +func (o *stubOutleter) Close() error { + o.Lock() + defer o.Unlock() + o.done = true + return nil +} +func (o *stubOutleter) Done() <-chan struct{} { return nil } +func (o *stubOutleter) OnEvent(event beat.Event) bool { + o.Lock() + defer o.Unlock() + o.Events = append(o.Events, event) + o.cond.Broadcast() + return o.done +} diff --git a/filebeat/input/cloudfoundry/input.go b/filebeat/input/cloudfoundry/input.go new file mode 100644 index 00000000000..ea2152129a2 --- /dev/null +++ b/filebeat/input/cloudfoundry/input.go @@ -0,0 +1,120 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package cloudfoundry + +import ( + "context" + "sync" + + "github.com/elastic/beats/v7/x-pack/libbeat/common/cloudfoundry" + + "github.com/elastic/beats/v7/filebeat/channel" + "github.com/elastic/beats/v7/filebeat/harvester" + "github.com/elastic/beats/v7/filebeat/input" + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/logp" +) + +func init() { + err := input.Register("cloudfoundry", NewInput) + if err != nil { + panic(err) + } +} + +// Input defines a udp input to receive event on a specific host:port. +type Input struct { + sync.Mutex + listener *cloudfoundry.RlpListener + started bool + log *logp.Logger + outlet channel.Outleter +} + +// NewInput creates a new udp input +func NewInput( + cfg *common.Config, + outlet channel.Connector, + context input.Context, +) (input.Input, error) { + log := logp.NewLogger("cloudfoundry") + + out, err := outlet.ConnectWith(cfg, beat.ClientConfig{ + Processing: beat.ProcessingConfig{ + DynamicFields: context.DynamicFields, + }, + }) + if err != nil { + return nil, err + } + + var conf cloudfoundry.Config + if err = cfg.Unpack(&conf); err != nil { + return nil, err + } + + hub := cloudfoundry.NewHub(&conf, "filebeat", log) + forwarder := harvester.NewForwarder(out) + callbacks := cloudfoundry.RlpListenerCallbacks{ + HttpAccess: func(evt *cloudfoundry.EventHttpAccess) { + forwarder.Send(beat.Event{ + Timestamp: evt.Timestamp(), + Fields: evt.ToFields(), + }) + }, + Log: func(evt *cloudfoundry.EventLog) { + forwarder.Send(beat.Event{ + Timestamp: evt.Timestamp(), + Fields: evt.ToFields(), + }) + }, + Error: func(evt *cloudfoundry.EventError) { + forwarder.Send(beat.Event{ + Timestamp: evt.Timestamp(), + Fields: evt.ToFields(), + }) + }, + } + + listener, err := hub.RlpListener(callbacks) + if err != nil { + return nil, err + } + return &Input{ + outlet: out, + listener: listener, + started: false, + log: log, + }, nil +} + +// Run starts and start the UDP server and read events from the socket +func (p *Input) Run() { + p.Lock() + defer p.Unlock() + + if !p.started { + p.log.Info("starting cloudfoundry input") + p.listener.Start(context.TODO()) + p.started = true + } +} + +// Stop stops the UDP input +func (p *Input) Stop() { + defer p.outlet.Close() + p.Lock() + defer p.Unlock() + + p.log.Info("stopping cloudfoundry input") + p.listener.Stop() + p.started = false +} + +// Wait suspends the UDP input +func (p *Input) Wait() { + p.Stop() +} diff --git a/filebeat/input/googlepubsub/_meta/Dockerfile b/filebeat/input/googlepubsub/_meta/Dockerfile new file mode 100644 index 00000000000..1c47d0aa317 --- /dev/null +++ b/filebeat/input/googlepubsub/_meta/Dockerfile @@ -0,0 +1,32 @@ +FROM debian:stretch + +RUN \ + apt-get update \ + && apt-get install -y \ + apt-transport-https \ + ca-certificates \ + curl \ + python \ + openjdk-8-jre \ + gnupg2 \ + && rm -rf /var/lib/apt/lists/* + +RUN \ + echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" \ + >> /etc/apt/sources.list.d/google-cloud-sdk.list \ + && curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg \ + | apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - + +RUN \ + apt-get update \ + && apt-get install -y \ + google-cloud-sdk \ + google-cloud-sdk-pubsub-emulator \ + && rm -rf /var/lib/apt/lists/* + +RUN \ + mkdir /data + +HEALTHCHECK --interval=1s --retries=90 CMD curl -s -f http://localhost:8432/ + +CMD gcloud beta emulators pubsub start --data-dir /data --host-port "0.0.0.0:8432" diff --git a/filebeat/input/googlepubsub/_meta/docker-compose.yml b/filebeat/input/googlepubsub/_meta/docker-compose.yml new file mode 100644 index 00000000000..1b34413967a --- /dev/null +++ b/filebeat/input/googlepubsub/_meta/docker-compose.yml @@ -0,0 +1,7 @@ +version: '2.3' + +services: + googlepubsub: + build: . + ports: + - 127.0.0.1:8432:8432 diff --git a/filebeat/input/googlepubsub/config.go b/filebeat/input/googlepubsub/config.go new file mode 100644 index 00000000000..56f02f3a471 --- /dev/null +++ b/filebeat/input/googlepubsub/config.go @@ -0,0 +1,69 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package googlepubsub + +import ( + "context" + "fmt" + "os" + + "cloud.google.com/go/pubsub" + "golang.org/x/oauth2/google" +) + +type config struct { + // Google Cloud project name. + ProjectID string `config:"project_id" validate:"required"` + + // Google Cloud Pub/Sub topic name. + Topic string `config:"topic" validate:"required"` + + // Google Cloud Pub/Sub subscription name. Multiple Filebeats can pull from same subscription. + Subscription struct { + Name string `config:"name" validate:"required"` + NumGoroutines int `config:"num_goroutines"` + MaxOutstandingMessages int `config:"max_outstanding_messages"` + Create bool `config:"create"` + } `config:"subscription"` + + // JSON file containing authentication credentials and key. + CredentialsFile string `config:"credentials_file"` + + // JSON blob containing authentication credentials and key. + CredentialsJSON []byte `config:"credentials_json"` +} + +func (c *config) Validate() error { + // credentials_file + if c.CredentialsFile != "" { + if _, err := os.Stat(c.CredentialsFile); os.IsNotExist(err) { + return fmt.Errorf("credentials_file is configured, but the file %q cannot be found", c.CredentialsFile) + } else { + return nil + } + } + + // credentials_json + if len(c.CredentialsJSON) > 0 { + return nil + } + + // Application Default Credentials (ADC) + ctx := context.Background() + if _, err := google.FindDefaultCredentials(ctx, pubsub.ScopePubSub); err == nil { + return nil + } + + return fmt.Errorf("no authentication credentials were configured or detected " + + "(credentials_file, credentials_json, and application default credentials (ADC))") +} + +func defaultConfig() config { + var c config + c.Subscription.NumGoroutines = 1 + c.Subscription.MaxOutstandingMessages = 1000 + c.Subscription.Create = true + return c +} diff --git a/filebeat/input/googlepubsub/config_test.go b/filebeat/input/googlepubsub/config_test.go new file mode 100644 index 00000000000..6e949326ca3 --- /dev/null +++ b/filebeat/input/googlepubsub/config_test.go @@ -0,0 +1,34 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package googlepubsub + +import ( + "os" + "path/filepath" + "testing" + + "github.com/stretchr/testify/assert" +) + +const googleApplicationCredentialsVar = "GOOGLE_APPLICATION_CREDENTIALS" + +func TestConfigValidateGoogleAppDefaultCreds(t *testing.T) { + // Return the environment variables to their original state. + original, found := os.LookupEnv(googleApplicationCredentialsVar) + defer func() { + if found { + os.Setenv(googleApplicationCredentialsVar, original) + } else { + os.Unsetenv(googleApplicationCredentialsVar) + } + }() + + // Validate that it finds the application default credentials and does + // not trigger a config validation error because credentials were not + // set in the config. + os.Setenv(googleApplicationCredentialsVar, filepath.Clean("testdata/fake.json")) + c := defaultConfig() + assert.NoError(t, c.Validate()) +} diff --git a/filebeat/input/googlepubsub/input.go b/filebeat/input/googlepubsub/input.go new file mode 100644 index 00000000000..e9f48073d74 --- /dev/null +++ b/filebeat/input/googlepubsub/input.go @@ -0,0 +1,240 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package googlepubsub + +import ( + "context" + "crypto/sha256" + "encoding/hex" + "sync" + "time" + + "cloud.google.com/go/pubsub" + "github.com/pkg/errors" + "google.golang.org/api/option" + + "github.com/elastic/beats/v7/filebeat/channel" + "github.com/elastic/beats/v7/filebeat/input" + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/common/atomic" + "github.com/elastic/beats/v7/libbeat/common/useragent" + "github.com/elastic/beats/v7/libbeat/logp" +) + +const ( + inputName = "google-pubsub" +) + +func init() { + err := input.Register(inputName, NewInput) + if err != nil { + panic(errors.Wrapf(err, "failed to register %v input", inputName)) + } +} + +type pubsubInput struct { + config + + log *logp.Logger + outlet channel.Outleter // Output of received pubsub messages. + inputCtx context.Context // Wraps the Done channel from parent input.Context. + + workerCtx context.Context // Worker goroutine context. It's cancelled when the input stops or the worker exits. + workerCancel context.CancelFunc // Used to signal that the worker should stop. + workerOnce sync.Once // Guarantees that the worker goroutine is only started once. + workerWg sync.WaitGroup // Waits on pubsub worker goroutine. + + ackedCount *atomic.Uint32 // Total number of successfully ACKed pubsub messages. +} + +// NewInput creates a new Google Cloud Pub/Sub input that consumes events from +// a topic subscription. +func NewInput( + cfg *common.Config, + connector channel.Connector, + inputContext input.Context, +) (inp input.Input, err error) { + // Extract and validate the input's configuration. + conf := defaultConfig() + if err = cfg.Unpack(&conf); err != nil { + return nil, err + } + + // Wrap input.Context's Done channel with a context.Context. This goroutine + // stops with the parent closes the Done channel. + inputCtx, cancelInputCtx := context.WithCancel(context.Background()) + go func() { + defer cancelInputCtx() + select { + case <-inputContext.Done: + case <-inputCtx.Done(): + } + }() + + // If the input ever needs to be made restartable, then context would need + // to be recreated with each restart. + workerCtx, workerCancel := context.WithCancel(inputCtx) + + in := &pubsubInput{ + config: conf, + log: logp.NewLogger("google.pubsub").With( + "pubsub_project", conf.ProjectID, + "pubsub_topic", conf.Topic, + "pubsub_subscription", conf.Subscription), + inputCtx: inputCtx, + workerCtx: workerCtx, + workerCancel: workerCancel, + ackedCount: atomic.NewUint32(0), + } + + // Build outlet for events. + in.outlet, err = connector.ConnectWith(cfg, beat.ClientConfig{ + Processing: beat.ProcessingConfig{ + DynamicFields: inputContext.DynamicFields, + }, + ACKEvents: func(privates []interface{}) { + for _, priv := range privates { + if msg, ok := priv.(*pubsub.Message); ok { + msg.Ack() + in.ackedCount.Inc() + } else { + in.log.Error("Failed ACKing pub/sub event") + } + } + }, + }) + if err != nil { + return nil, err + } + in.log.Info("Initialized Google Pub/Sub input.") + return in, nil +} + +// Run starts the pubsub input worker then returns. Only the first invocation +// will ever start the pubsub worker. +func (in *pubsubInput) Run() { + in.workerOnce.Do(func() { + in.workerWg.Add(1) + go func() { + in.log.Info("Pub/Sub input worker has started.") + defer in.log.Info("Pub/Sub input worker has stopped.") + defer in.workerWg.Done() + defer in.workerCancel() + if err := in.run(); err != nil { + in.log.Error(err) + return + } + }() + }) +} + +func (in *pubsubInput) run() error { + ctx, cancel := context.WithCancel(in.workerCtx) + defer cancel() + + // Make pubsub client. + opts := []option.ClientOption{option.WithUserAgent(useragent.UserAgent("Filebeat"))} + if in.CredentialsFile != "" { + opts = append(opts, option.WithCredentialsFile(in.CredentialsFile)) + } else if len(in.CredentialsJSON) > 0 { + option.WithCredentialsJSON(in.CredentialsJSON) + } + + client, err := pubsub.NewClient(ctx, in.ProjectID, opts...) + if err != nil { + return err + } + defer client.Close() + + // Setup our subscription to the topic. + sub, err := in.getOrCreateSubscription(ctx, client) + if err != nil { + return errors.Wrap(err, "failed to subscribe to pub/sub topic") + } + sub.ReceiveSettings.NumGoroutines = in.Subscription.NumGoroutines + sub.ReceiveSettings.MaxOutstandingMessages = in.Subscription.MaxOutstandingMessages + + // Start receiving messages. + topicID := makeTopicID(in.ProjectID, in.Topic) + return sub.Receive(ctx, func(ctx context.Context, msg *pubsub.Message) { + if ok := in.outlet.OnEvent(makeEvent(topicID, msg)); !ok { + msg.Nack() + in.log.Debug("OnEvent returned false. Stopping input worker.") + cancel() + } + }) +} + +// Stop stops the pubsub input and waits for it to fully stop. +func (in *pubsubInput) Stop() { + in.workerCancel() + in.workerWg.Wait() +} + +// Wait is an alias for Stop. +func (in *pubsubInput) Wait() { + in.Stop() +} + +// makeTopicID returns a short sha256 hash of the project ID plus topic name. +// This string can be joined with pub/sub message IDs that are unique within a +// topic to create a unique _id for documents. +func makeTopicID(project, topic string) string { + h := sha256.New() + h.Write([]byte(project)) + h.Write([]byte(topic)) + prefix := hex.EncodeToString(h.Sum(nil)) + return prefix[:10] +} + +func makeEvent(topicID string, msg *pubsub.Message) beat.Event { + id := topicID + "-" + msg.ID + + event := beat.Event{ + Timestamp: msg.PublishTime.UTC(), + Fields: common.MapStr{ + "event": common.MapStr{ + "id": id, + "created": time.Now().UTC(), + }, + "message": string(msg.Data), + }, + Private: msg, + } + event.SetID(id) + + if len(msg.Attributes) > 0 { + event.PutValue("labels", msg.Attributes) + } + + return event +} + +func (in *pubsubInput) getOrCreateSubscription(ctx context.Context, client *pubsub.Client) (*pubsub.Subscription, error) { + sub := client.Subscription(in.Subscription.Name) + + exists, err := sub.Exists(ctx) + if err != nil { + return nil, errors.Wrap(err, "failed to check if subscription exists") + } + if exists { + return sub, nil + } + + // Create subscription. + if in.Subscription.Create { + sub, err = client.CreateSubscription(ctx, in.Subscription.Name, pubsub.SubscriptionConfig{ + Topic: client.Topic(in.Topic), + }) + if err != nil { + return nil, errors.Wrap(err, "failed to create subscription") + } + in.log.Debug("Created new subscription.") + return sub, nil + } + + return nil, errors.New("no subscription exists and 'subscription.create' is not enabled") +} diff --git a/filebeat/input/googlepubsub/pubsub_test.go b/filebeat/input/googlepubsub/pubsub_test.go new file mode 100644 index 00000000000..58d4db9331c --- /dev/null +++ b/filebeat/input/googlepubsub/pubsub_test.go @@ -0,0 +1,470 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package googlepubsub + +import ( + "context" + "io/ioutil" + "net/http" + "os" + "strconv" + "sync" + "testing" + "time" + + "cloud.google.com/go/pubsub" + "github.com/stretchr/testify/assert" + "golang.org/x/sync/errgroup" + "google.golang.org/api/iterator" + + "github.com/elastic/beats/v7/filebeat/channel" + "github.com/elastic/beats/v7/filebeat/input" + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/common/atomic" + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/libbeat/tests/compose" + "github.com/elastic/beats/v7/libbeat/tests/resources" +) + +const ( + emulatorProjectID = "test-project-id" + emulatorTopic = "test-topic-foo" + emulatorSubscription = "test-subscription-bar" +) + +var once sync.Once + +func testSetup(t *testing.T) (*pubsub.Client, context.CancelFunc) { + t.Helper() + + host := os.Getenv("PUBSUB_EMULATOR_HOST") + if host == "" { + t.Skip("PUBSUB_EMULATOR_HOST is not set in environment. You can start " + + "the emulator with \"docker-compose up\" from the _meta directory. " + + "The default address is PUBSUB_EMULATOR_HOST=localhost:8432") + } + + if isInDockerIntegTestEnv() { + // We're running inside out integration test environment so + // make sure that that googlepubsub container is running. + compose.EnsureUp(t, "googlepubsub") + } + + once.Do(func() { + logp.TestingSetup() + + // Disable HTTP keep-alives to ensure no extra goroutines hang around. + httpClient := http.Client{Transport: &http.Transport{DisableKeepAlives: true}} + + // Sanity check the emulator. + resp, err := httpClient.Get("http://" + host) + if err != nil { + t.Fatalf("pubsub emulator at %s is not healthy: %v", host, err) + } + defer resp.Body.Close() + + _, err = ioutil.ReadAll(resp.Body) + if err != nil { + t.Fatal("failed to read response", err) + } + if resp.StatusCode != http.StatusOK { + t.Fatalf("pubsub emulator is not healthy, got status code %d", resp.StatusCode) + } + }) + + ctx, cancel := context.WithCancel(context.Background()) + client, err := pubsub.NewClient(ctx, emulatorProjectID) + if err != nil { + t.Fatalf("failed to create client: %v", err) + } + + resetPubSub(t, client) + return client, cancel +} + +func resetPubSub(t *testing.T, client *pubsub.Client) { + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + // Clear topics. + topics := client.Topics(ctx) + for { + topic, err := topics.Next() + if err == iterator.Done { + break + } + if err != nil { + t.Fatal(err) + } + if err = topic.Delete(ctx); err != nil { + t.Fatalf("failed to delete topic %v: %v", topic.ID(), err) + } + } + + // Clear subscriptions. + subs := client.Subscriptions(ctx) + for { + sub, err := subs.Next() + if err == iterator.Done { + break + } + if err != nil { + t.Fatal(err) + } + + if err = sub.Delete(ctx); err != nil { + t.Fatalf("failed to delete subscription %v: %v", sub.ID(), err) + } + } +} + +func createTopic(t *testing.T, client *pubsub.Client) { + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + topic := client.Topic(emulatorTopic) + exists, err := topic.Exists(ctx) + if err != nil { + t.Fatalf("failed to check if topic exists: %v", err) + } + if !exists { + if topic, err = client.CreateTopic(ctx, emulatorTopic); err != nil { + t.Fatalf("failed to create the topic: %v", err) + } + t.Log("Topic created:", topic.ID()) + } +} + +func publishMessages(t *testing.T, client *pubsub.Client, numMsgs int) []string { + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + topic := client.Topic(emulatorTopic) + defer topic.Stop() + + messageIDs := make([]string, numMsgs) + for i := 0; i < numMsgs; i++ { + result := topic.Publish(ctx, &pubsub.Message{ + Data: []byte(time.Now().UTC().Format(time.RFC3339Nano) + ": hello world " + strconv.Itoa(i)), + }) + + // Wait for message to publish and get assigned ID. + id, err := result.Get(ctx) + if err != nil { + t.Fatal(err) + } + messageIDs[i] = id + } + t.Logf("Published %d messages to topic %v. ID range: [%v, %v]", len(messageIDs), topic.ID(), messageIDs[0], messageIDs[len(messageIDs)-1]) + return messageIDs +} + +func createSubscription(t *testing.T, client *pubsub.Client) { + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + sub := client.Subscription(emulatorSubscription) + exists, err := sub.Exists(ctx) + if err != nil { + t.Fatalf("failed to check if sub exists: %v", err) + } + if exists { + return + } + + sub, err = client.CreateSubscription(ctx, emulatorSubscription, pubsub.SubscriptionConfig{ + Topic: client.Topic(emulatorTopic), + }) + if err != nil { + t.Fatalf("failed to create subscription: %v", err) + } + t.Log("New subscription created:", sub.ID()) +} + +func ifNotDone(ctx context.Context, f func()) func() { + return func() { + select { + case <-ctx.Done(): + return + default: + } + f() + } +} + +func defaultTestConfig() *common.Config { + return common.MustNewConfigFrom(map[string]interface{}{ + "project_id": emulatorProjectID, + "topic": emulatorTopic, + "subscription": map[string]interface{}{ + "name": emulatorSubscription, + "create": true, + }, + "credentials_file": "testdata/fake.json", + }) +} + +func isInDockerIntegTestEnv() bool { + return os.Getenv("BEATS_INSIDE_INTEGRATION_TEST_ENV") != "" +} + +func runTest(t *testing.T, cfg *common.Config, run func(client *pubsub.Client, input *pubsubInput, out *stubOutleter, t *testing.T)) { + runTestWithACKer(t, cfg, ackEvent, run) +} + +func runTestWithACKer(t *testing.T, cfg *common.Config, acker acker, run func(client *pubsub.Client, input *pubsubInput, out *stubOutleter, t *testing.T)) { + if !isInDockerIntegTestEnv() { + // Don't test goroutines when using our compose.EnsureUp. + defer resources.NewGoroutinesChecker().Check(t) + } + + // Create pubsub client for setting up and communicating to emulator. + client, clientCancel := testSetup(t) + defer clientCancel() + defer client.Close() + + // Simulate input.Context from Filebeat input runner. + inputCtx := newInputContext() + defer close(inputCtx.Done) + + // Stub outlet for receiving events generated by the input. + eventOutlet := newStubOutlet(acker) + defer eventOutlet.Close() + + connector := channel.ConnectorFunc(func(_ *common.Config, cliCfg beat.ClientConfig) (channel.Outleter, error) { + eventOutlet.setClientConfig(cliCfg) + return eventOutlet, nil + }) + + in, err := NewInput(cfg, connector, inputCtx) + if err != nil { + t.Fatal(err) + } + pubsubInput := in.(*pubsubInput) + defer pubsubInput.Stop() + + run(client, pubsubInput, eventOutlet, t) +} + +func newInputContext() input.Context { + return input.Context{ + Done: make(chan struct{}), + } +} + +type acker func(beat.Event, beat.ClientConfig) bool + +type stubOutleter struct { + sync.Mutex + cond *sync.Cond + done bool + Events []beat.Event + clientCfg beat.ClientConfig + acker acker +} + +func newStubOutlet(acker acker) *stubOutleter { + o := &stubOutleter{ + acker: acker, + } + o.cond = sync.NewCond(o) + return o +} + +func ackEvent(ev beat.Event, cfg beat.ClientConfig) bool { + switch { + case cfg.ACKCount != nil: + cfg.ACKCount(1) + case cfg.ACKEvents != nil: + evs := [1]interface{}{ev.Private} + cfg.ACKEvents(evs[:]) + case cfg.ACKLastEvent != nil: + cfg.ACKLastEvent(ev.Private) + default: + return false + } + return true +} + +func (o *stubOutleter) setClientConfig(cfg beat.ClientConfig) { + o.Lock() + defer o.Unlock() + o.clientCfg = cfg +} + +func (o *stubOutleter) waitForEvents(numEvents int) ([]beat.Event, bool) { + o.Lock() + defer o.Unlock() + + for len(o.Events) < numEvents && !o.done { + o.cond.Wait() + } + + size := numEvents + if size >= len(o.Events) { + size = len(o.Events) + } + + out := make([]beat.Event, size) + copy(out, o.Events) + return out, len(out) == numEvents +} + +func (o *stubOutleter) Close() error { + o.Lock() + defer o.Unlock() + o.done = true + return nil +} + +func (o *stubOutleter) Done() <-chan struct{} { return nil } + +func (o *stubOutleter) OnEvent(event beat.Event) bool { + o.Lock() + defer o.Unlock() + acked := o.acker(event, o.clientCfg) + if acked { + o.Events = append(o.Events, event) + o.cond.Broadcast() + } + return !o.done +} + +// --- Test Cases + +func TestTopicDoesNotExist(t *testing.T) { + cfg := defaultTestConfig() + + runTest(t, cfg, func(client *pubsub.Client, input *pubsubInput, out *stubOutleter, t *testing.T) { + err := input.run() + if assert.Error(t, err) { + assert.Contains(t, err.Error(), "failed to subscribe to pub/sub topic") + } + }) +} + +func TestSubscriptionDoesNotExistError(t *testing.T) { + cfg := defaultTestConfig() + cfg.SetBool("subscription.create", -1, false) + + runTest(t, cfg, func(client *pubsub.Client, input *pubsubInput, out *stubOutleter, t *testing.T) { + createTopic(t, client) + + err := input.run() + if assert.Error(t, err) { + assert.Contains(t, err.Error(), "no subscription exists and 'subscription.create' is not enabled") + } + }) +} + +func TestSubscriptionExists(t *testing.T) { + cfg := defaultTestConfig() + + runTest(t, cfg, func(client *pubsub.Client, input *pubsubInput, out *stubOutleter, t *testing.T) { + createTopic(t, client) + createSubscription(t, client) + publishMessages(t, client, 5) + + var group errgroup.Group + group.Go(input.run) + + time.AfterFunc(10*time.Second, func() { out.Close() }) + events, ok := out.waitForEvents(5) + if !ok { + t.Fatalf("Expected 5 events, but got %d.", len(events)) + } + input.Stop() + + if err := group.Wait(); err != nil { + t.Fatal(err) + } + }) +} + +func TestSubscriptionCreate(t *testing.T) { + cfg := defaultTestConfig() + + runTest(t, cfg, func(client *pubsub.Client, input *pubsubInput, out *stubOutleter, t *testing.T) { + createTopic(t, client) + + group, ctx := errgroup.WithContext(context.Background()) + group.Go(input.run) + + time.AfterFunc(1*time.Second, ifNotDone(ctx, func() { publishMessages(t, client, 5) })) + time.AfterFunc(10*time.Second, func() { out.Close() }) + + events, ok := out.waitForEvents(5) + if !ok { + t.Fatalf("Expected 5 events, but got %d.", len(events)) + } + input.Stop() + + if err := group.Wait(); err != nil { + t.Fatal(err) + } + }) +} + +func TestRunStop(t *testing.T) { + cfg := defaultTestConfig() + + runTest(t, cfg, func(client *pubsub.Client, input *pubsubInput, out *stubOutleter, t *testing.T) { + input.Run() + input.Stop() + input.Run() + input.Stop() + }) +} + +func TestEndToEndACK(t *testing.T) { + cfg := defaultTestConfig() + + var count atomic.Int + seen := make(map[string]struct{}) + // ACK every other message + halfAcker := func(ev beat.Event, clientConfig beat.ClientConfig) bool { + msg := ev.Private.(*pubsub.Message) + seen[msg.ID] = struct{}{} + if count.Inc()&1 != 0 { + // Nack will result in the Message being redelivered more quickly than if it were allowed to expire. + msg.Nack() + return false + } + return ackEvent(ev, clientConfig) + } + + runTestWithACKer(t, cfg, halfAcker, func(client *pubsub.Client, input *pubsubInput, out *stubOutleter, t *testing.T) { + createTopic(t, client) + createSubscription(t, client) + + group, _ := errgroup.WithContext(context.Background()) + group.Go(input.run) + + const numMsgs = 10 + publishMessages(t, client, numMsgs) + events, ok := out.waitForEvents(numMsgs) + if !ok { + t.Fatalf("Expected %d events, but got %d.", 1, len(events)) + } + + // Assert that all messages were eventually received + assert.Len(t, events, len(seen)) + got := make(map[string]struct{}) + for _, ev := range events { + msg := ev.Private.(*pubsub.Message) + got[msg.ID] = struct{}{} + } + for id := range seen { + _, exists := got[id] + assert.True(t, exists) + } + input.Stop() + out.Close() + if err := group.Wait(); err != nil { + t.Fatal(err) + } + }) +} diff --git a/filebeat/input/googlepubsub/testdata/fake.json b/filebeat/input/googlepubsub/testdata/fake.json new file mode 100644 index 00000000000..62bc9a26633 --- /dev/null +++ b/filebeat/input/googlepubsub/testdata/fake.json @@ -0,0 +1,12 @@ +{ + "type": "service_account", + "project_id": "foo", + "private_key_id": "x", + "private_key": "", + "client_email": "foo@bar.com", + "client_id": "0", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "https://foo.bar/path" +} diff --git a/filebeat/input/httpjson/config.go b/filebeat/input/httpjson/config.go new file mode 100644 index 00000000000..cb1e12ba417 --- /dev/null +++ b/filebeat/input/httpjson/config.go @@ -0,0 +1,95 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package httpjson + +import ( + "regexp" + "strings" + "time" + + "github.com/pkg/errors" + + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/common/transport/tlscommon" +) + +// Config contains information about httpjson configuration +type config struct { + APIKey string `config:"api_key"` + AuthenticationScheme string `config:"authentication_scheme"` + HTTPClientTimeout time.Duration `config:"http_client_timeout"` + HTTPHeaders common.MapStr `config:"http_headers"` + HTTPMethod string `config:"http_method" validate:"required"` + HTTPRequestBody common.MapStr `config:"http_request_body"` + Interval time.Duration `config:"interval"` + JSONObjects string `config:"json_objects_array"` + NoHTTPBody bool `config:"no_http_body"` + Pagination *Pagination `config:"pagination"` + RateLimit *RateLimit `config:"rate_limit"` + TLS *tlscommon.Config `config:"ssl"` + URL string `config:"url" validate:"required"` +} + +// Pagination contains information about httpjson pagination settings +type Pagination struct { + Enabled *bool `config:"enabled"` + ExtraBodyContent common.MapStr `config:"extra_body_content"` + Header *Header `config:"header"` + IDField string `config:"id_field"` + RequestField string `config:"req_field"` + URL string `config:"url"` +} + +// IsEnabled returns true if the `enable` field is set to true in the yaml. +func (p *Pagination) IsEnabled() bool { + return p != nil && (p.Enabled == nil || *p.Enabled) +} + +// HTTP Header information for pagination +type Header struct { + FieldName string `config:"field_name" validate:"required"` + RegexPattern *regexp.Regexp `config:"regex_pattern" validate:"required"` +} + +// HTTP Header Rate Limit information +type RateLimit struct { + Limit string `config:"limit"` + Reset string `config:"reset"` + Remaining string `config:"remaining"` +} + +func (c *config) Validate() error { + switch strings.ToUpper(c.HTTPMethod) { + case "GET": + break + case "POST": + break + default: + return errors.Errorf("httpjson input: Invalid http_method, %s", c.HTTPMethod) + } + if c.NoHTTPBody { + if len(c.HTTPRequestBody) > 0 { + return errors.Errorf("invalid configuration: both no_http_body and http_request_body cannot be set simultaneously") + } + if c.Pagination != nil && (len(c.Pagination.ExtraBodyContent) > 0 || c.Pagination.RequestField != "") { + return errors.Errorf("invalid configuration: both no_http_body and pagination.extra_body_content or pagination.req_field cannot be set simultaneously") + } + } + if c.Pagination != nil { + if c.Pagination.Header != nil { + if c.Pagination.RequestField != "" || c.Pagination.IDField != "" || len(c.Pagination.ExtraBodyContent) > 0 { + return errors.Errorf("invalid configuration: both pagination.header and pagination.req_field or pagination.id_field or pagination.extra_body_content cannot be set simultaneously") + } + } + } + return nil +} + +func defaultConfig() config { + var c config + c.HTTPMethod = "GET" + c.HTTPClientTimeout = 60 * time.Second + return c +} diff --git a/filebeat/input/httpjson/httpjson_test.go b/filebeat/input/httpjson/httpjson_test.go new file mode 100644 index 00000000000..4faa190544e --- /dev/null +++ b/filebeat/input/httpjson/httpjson_test.go @@ -0,0 +1,488 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package httpjson + +import ( + "context" + "encoding/json" + "io/ioutil" + "log" + "net/http" + "net/http/httptest" + "regexp" + "strconv" + "sync" + "testing" + "time" + + "golang.org/x/sync/errgroup" + + "github.com/elastic/beats/v7/filebeat/channel" + "github.com/elastic/beats/v7/filebeat/input" + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/logp" +) + +var ( + once sync.Once + url string +) + +func testSetup(t *testing.T) { + t.Helper() + once.Do(func() { + logp.TestingSetup() + }) +} + +func createServer(newServer func(handler http.Handler) *httptest.Server) *httptest.Server { + return newServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.Method == http.MethodPost { + req, err := ioutil.ReadAll(r.Body) + defer r.Body.Close() + if err != nil { + log.Fatalln(err) + } + var m interface{} + err = json.Unmarshal(req, &m) + w.Header().Set("Content-Type", "application/json") + if err != nil { + w.WriteHeader(http.StatusBadRequest) + } else { + w.WriteHeader(http.StatusOK) + w.Write(req) + } + } else { + message := map[string]interface{}{ + "hello": "world", + "embedded": map[string]string{ + "hello": "world", + }, + } + b, _ := json.Marshal(message) + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusOK) + w.Write(b) + } + })) +} + +func createCustomServer(newServer func(handler http.Handler) *httptest.Server) *httptest.Server { + var isRetry bool + return newServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Content-Type", "application/json") + if !isRetry { + w.Header().Set("X-Rate-Limit-Limit", "0") + w.Header().Set("X-Rate-Limit-Remaining", "0") + w.Header().Set("X-Rate-Limit-Reset", strconv.FormatInt(time.Now().Unix(), 10)) + w.WriteHeader(http.StatusTooManyRequests) + w.Write([]byte{}) + isRetry = true + } else { + message := map[string]interface{}{ + "hello": "world", + "embedded": map[string]string{ + "hello": "world", + }, + } + b, _ := json.Marshal(message) + w.WriteHeader(http.StatusOK) + w.Write(b) + } + })) +} + +func runTest(t *testing.T, isTLS bool, testRateLimitRetry bool, m map[string]interface{}, run func(input *HttpjsonInput, out *stubOutleter, t *testing.T)) { + testSetup(t) + // Create an http test server according to whether TLS is used + var newServer = httptest.NewServer + if isTLS { + newServer = httptest.NewTLSServer + } + ts := createServer(newServer) + if testRateLimitRetry { + ts = createCustomServer(newServer) + } + defer ts.Close() + m["url"] = ts.URL + cfg := common.MustNewConfigFrom(m) + // Simulate input.Context from Filebeat input runner. + inputCtx := newInputContext() + defer close(inputCtx.Done) + + // Stub outlet for receiving events generated by the input. + eventOutlet := newStubOutlet() + defer eventOutlet.Close() + + connector := channel.ConnectorFunc(func(_ *common.Config, _ beat.ClientConfig) (channel.Outleter, error) { + return eventOutlet, nil + }) + + in, err := NewInput(cfg, connector, inputCtx) + if err != nil { + t.Fatal(err) + } + input := in.(*HttpjsonInput) + defer input.Stop() + + run(input, eventOutlet, t) +} + +func newInputContext() input.Context { + return input.Context{ + Done: make(chan struct{}), + } +} + +type stubOutleter struct { + sync.Mutex + cond *sync.Cond + done bool + Events []beat.Event +} + +func newStubOutlet() *stubOutleter { + o := &stubOutleter{} + o.cond = sync.NewCond(o) + return o +} + +func (o *stubOutleter) waitForEvents(numEvents int) ([]beat.Event, bool) { + o.Lock() + defer o.Unlock() + + for len(o.Events) < numEvents && !o.done { + o.cond.Wait() + } + + size := numEvents + if size >= len(o.Events) { + size = len(o.Events) + } + + out := make([]beat.Event, size) + copy(out, o.Events) + return out, len(out) == numEvents +} + +func (o *stubOutleter) Close() error { + o.Lock() + defer o.Unlock() + o.done = true + return nil +} + +func (o *stubOutleter) Done() <-chan struct{} { return nil } + +func (o *stubOutleter) OnEvent(event beat.Event) bool { + o.Lock() + defer o.Unlock() + o.Events = append(o.Events, event) + o.cond.Broadcast() + return !o.done +} + +// --- Test Cases + +func TestConfigValidationCase1(t *testing.T) { + m := map[string]interface{}{ + "http_method": "GET", + "http_request_body": map[string]interface{}{"test": "abc"}, + "no_http_body": true, + "url": "localhost", + } + cfg := common.MustNewConfigFrom(m) + conf := defaultConfig() + if err := cfg.Unpack(&conf); err == nil { + t.Fatal("Configuration validation failed. no_http_body and http_request_body cannot coexist.") + } +} + +func TestConfigValidationCase2(t *testing.T) { + m := map[string]interface{}{ + "http_method": "GET", + "no_http_body": true, + "pagination": map[string]interface{}{"extra_body_content": map[string]interface{}{"test": "abc"}}, + "url": "localhost", + } + cfg := common.MustNewConfigFrom(m) + conf := defaultConfig() + if err := cfg.Unpack(&conf); err == nil { + t.Fatal("Configuration validation failed. no_http_body and pagination.extra_body_content cannot coexist.") + } +} + +func TestConfigValidationCase3(t *testing.T) { + m := map[string]interface{}{ + "http_method": "GET", + "no_http_body": true, + "pagination": map[string]interface{}{"req_field": "abc"}, + "url": "localhost", + } + cfg := common.MustNewConfigFrom(m) + conf := defaultConfig() + if err := cfg.Unpack(&conf); err == nil { + t.Fatal("Configuration validation failed. no_http_body and pagination.req_field cannot coexist.") + } +} + +func TestConfigValidationCase4(t *testing.T) { + m := map[string]interface{}{ + "http_method": "GET", + "pagination": map[string]interface{}{"header": map[string]interface{}{"field_name": "Link", "regex_pattern": "<([^>]+)>; *rel=\"next\"(?:,|$)"}, "req_field": "abc"}, + "url": "localhost", + } + cfg := common.MustNewConfigFrom(m) + conf := defaultConfig() + if err := cfg.Unpack(&conf); err == nil { + t.Fatal("Configuration validation failed. pagination.header and pagination.req_field cannot coexist.") + } +} + +func TestConfigValidationCase5(t *testing.T) { + m := map[string]interface{}{ + "http_method": "GET", + "pagination": map[string]interface{}{"header": map[string]interface{}{"field_name": "Link", "regex_pattern": "<([^>]+)>; *rel=\"next\"(?:,|$)"}, "id_field": "abc"}, + "url": "localhost", + } + cfg := common.MustNewConfigFrom(m) + conf := defaultConfig() + if err := cfg.Unpack(&conf); err == nil { + t.Fatal("Configuration validation failed. pagination.header and pagination.id_field cannot coexist.") + } +} + +func TestConfigValidationCase6(t *testing.T) { + m := map[string]interface{}{ + "http_method": "GET", + "pagination": map[string]interface{}{"header": map[string]interface{}{"field_name": "Link", "regex_pattern": "<([^>]+)>; *rel=\"next\"(?:,|$)"}, "extra_body_content": map[string]interface{}{"test": "abc"}}, + "url": "localhost", + } + cfg := common.MustNewConfigFrom(m) + conf := defaultConfig() + if err := cfg.Unpack(&conf); err == nil { + t.Fatal("Configuration validation failed. pagination.header and extra_body_content cannot coexist.") + } +} + +func TestConfigValidationCase7(t *testing.T) { + m := map[string]interface{}{ + "http_method": "DELETE", + "no_http_body": true, + "url": "localhost", + } + cfg := common.MustNewConfigFrom(m) + conf := defaultConfig() + if err := cfg.Unpack(&conf); err == nil { + t.Fatal("Configuration validation failed. http_method DELETE is not allowed.") + } +} + +func TestGetNextLinkFromHeader(t *testing.T) { + header := make(http.Header) + header.Add("Link", "; rel=\"self\"") + header.Add("Link", "; rel=\"next\"") + re, _ := regexp.Compile("<([^>]+)>; *rel=\"next\"(?:,|$)") + url, err := getNextLinkFromHeader(header, "Link", re) + if url != "https://dev-168980.okta.com/api/v1/logs?after=1581658181086_1" { + t.Fatal("Failed to test getNextLinkFromHeader. URL " + url + " is not expected") + } + if err != nil { + t.Fatal("Failed to test getNextLinkFromHeader with error:", err) + } +} + +func TestCreateRequestInfoFromBody(t *testing.T) { + m := map[string]interface{}{ + "id": 100, + } + extraBodyContent := common.MapStr{"extra_body": "abc"} + ri, err := createRequestInfoFromBody(common.MapStr(m), "id", "pagination_id", extraBodyContent, "https://test-123", &RequestInfo{ + URL: "", + ContentMap: common.MapStr{}, + Headers: common.MapStr{}, + }) + if ri.URL != "https://test-123" { + t.Fatal("Failed to test createRequestInfoFromBody. URL should be https://test-123.") + } + p, err := ri.ContentMap.GetValue("pagination_id") + if err != nil { + t.Fatal("Failed to test createRequestInfoFromBody with error", err) + } + switch pt := p.(type) { + case int: + if pt != 100 { + t.Fatalf("Failed to test createRequestInfoFromBody. pagination_id value %d should be 100.", pt) + } + default: + t.Fatalf("Failed to test createRequestInfoFromBody. pagination_id value %T should be int.", pt) + } + b, err := ri.ContentMap.GetValue("extra_body") + if err != nil { + t.Fatal("Failed to test createRequestInfoFromBody with error", err) + } + switch bt := b.(type) { + case string: + if bt != "abc" { + t.Fatalf("Failed to test createRequestInfoFromBody. extra_body value %s does not match \"abc\".", bt) + } + default: + t.Fatalf("Failed to test createRequestInfoFromBody. extra_body type %T should be string.", bt) + } +} + +func TestGetRateLimitCase1(t *testing.T) { + header := make(http.Header) + header.Add("X-Rate-Limit-Limit", "120") + header.Add("X-Rate-Limit-Remaining", "118") + header.Add("X-Rate-Limit-Reset", "1581658643") + rateLimit := &RateLimit{ + Limit: "X-Rate-Limit-Limit", + Reset: "X-Rate-Limit-Reset", + Remaining: "X-Rate-Limit-Remaining", + } + epoch, err := getRateLimit(header, rateLimit) + if err != nil || epoch != 0 { + t.Fatal("Failed to test getRateLimit.") + } +} + +func TestGetRateLimitCase2(t *testing.T) { + header := make(http.Header) + header.Add("X-Rate-Limit-Limit", "10") + header.Add("X-Rate-Limit-Remaining", "0") + header.Add("X-Rate-Limit-Reset", "1581658643") + rateLimit := &RateLimit{ + Limit: "X-Rate-Limit-Limit", + Reset: "X-Rate-Limit-Reset", + Remaining: "X-Rate-Limit-Remaining", + } + epoch, err := getRateLimit(header, rateLimit) + if err != nil || epoch != 1581658643 { + t.Fatal("Failed to test getRateLimit.") + } +} + +func TestGET(t *testing.T) { + m := map[string]interface{}{ + "http_method": "GET", + "interval": 0, + } + runTest(t, false, false, m, func(input *HttpjsonInput, out *stubOutleter, t *testing.T) { + group, _ := errgroup.WithContext(context.Background()) + group.Go(input.run) + + events, ok := out.waitForEvents(1) + if !ok { + t.Fatalf("Expected 1 events, but got %d.", len(events)) + } + input.Stop() + + if err := group.Wait(); err != nil { + t.Fatal(err) + } + }) +} + +func TestGetHTTPS(t *testing.T) { + m := map[string]interface{}{ + "http_method": "GET", + "interval": 0, + "ssl.verification_mode": "none", + } + runTest(t, true, false, m, func(input *HttpjsonInput, out *stubOutleter, t *testing.T) { + group, _ := errgroup.WithContext(context.Background()) + group.Go(input.run) + + events, ok := out.waitForEvents(1) + if !ok { + t.Fatalf("Expected 1 events, but got %d.", len(events)) + } + input.Stop() + + if err := group.Wait(); err != nil { + t.Fatal(err) + } + }) +} + +func TestRateLimitRetry(t *testing.T) { + m := map[string]interface{}{ + "http_method": "GET", + "interval": 0, + } + runTest(t, false, true, m, func(input *HttpjsonInput, out *stubOutleter, t *testing.T) { + group, _ := errgroup.WithContext(context.Background()) + group.Go(input.run) + + events, ok := out.waitForEvents(1) + if !ok { + t.Fatalf("Expected 1 events, but got %d.", len(events)) + } + input.Stop() + + if err := group.Wait(); err != nil { + t.Fatal(err) + } + }) +} + +func TestPOST(t *testing.T) { + m := map[string]interface{}{ + "http_method": "POST", + "http_request_body": map[string]interface{}{"test": "abc", "testNested": map[string]interface{}{"testNested1": 123}}, + "interval": 0, + } + runTest(t, false, false, m, func(input *HttpjsonInput, out *stubOutleter, t *testing.T) { + group, _ := errgroup.WithContext(context.Background()) + group.Go(input.run) + + events, ok := out.waitForEvents(1) + if !ok { + t.Fatalf("Expected 1 events, but got %d.", len(events)) + } + input.Stop() + + if err := group.Wait(); err != nil { + t.Fatal(err) + } + }) +} + +func TestRepeatedPOST(t *testing.T) { + m := map[string]interface{}{ + "http_method": "POST", + "http_request_body": map[string]interface{}{"test": "abc", "testNested": map[string]interface{}{"testNested1": 123}}, + "interval": 10 ^ 9, + } + runTest(t, false, false, m, func(input *HttpjsonInput, out *stubOutleter, t *testing.T) { + group, _ := errgroup.WithContext(context.Background()) + group.Go(input.run) + + events, ok := out.waitForEvents(3) + if !ok { + t.Fatalf("Expected 3 events, but got %d.", len(events)) + } + input.Stop() + + if err := group.Wait(); err != nil { + t.Fatal(err) + } + }) +} + +func TestRunStop(t *testing.T) { + m := map[string]interface{}{ + "http_method": "GET", + "interval": 0, + } + runTest(t, false, false, m, func(input *HttpjsonInput, out *stubOutleter, t *testing.T) { + input.Run() + input.Stop() + input.Run() + input.Stop() + }) +} diff --git a/filebeat/input/httpjson/input.go b/filebeat/input/httpjson/input.go new file mode 100644 index 00000000000..2bac95fa6f6 --- /dev/null +++ b/filebeat/input/httpjson/input.go @@ -0,0 +1,469 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package httpjson + +import ( + "bytes" + "context" + "encoding/json" + "io" + "io/ioutil" + "net/http" + "regexp" + "strconv" + "sync" + "time" + + "github.com/pkg/errors" + + "github.com/elastic/beats/v7/filebeat/channel" + "github.com/elastic/beats/v7/filebeat/input" + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/common/transport" + "github.com/elastic/beats/v7/libbeat/common/transport/tlscommon" + "github.com/elastic/beats/v7/libbeat/common/useragent" + "github.com/elastic/beats/v7/libbeat/logp" +) + +const ( + inputName = "httpjson" +) + +var userAgent = useragent.UserAgent("Filebeat") + +func init() { + err := input.Register(inputName, NewInput) + if err != nil { + panic(errors.Wrapf(err, "failed to register %v input", inputName)) + } +} + +type HttpjsonInput struct { + config + log *logp.Logger + outlet channel.Outleter // Output of received messages. + inputCtx context.Context // Wraps the Done channel from parent input.Context. + + workerCtx context.Context // Worker goroutine context. It's cancelled when the input stops or the worker exits. + workerCancel context.CancelFunc // Used to signal that the worker should stop. + workerOnce sync.Once // Guarantees that the worker goroutine is only started once. + workerWg sync.WaitGroup // Waits on worker goroutine. +} + +type RequestInfo struct { + URL string + ContentMap common.MapStr + Headers common.MapStr +} + +// NewInput creates a new httpjson input +func NewInput( + cfg *common.Config, + connector channel.Connector, + inputContext input.Context, +) (input.Input, error) { + // Extract and validate the input's configuration. + conf := defaultConfig() + if err := cfg.Unpack(&conf); err != nil { + return nil, err + } + // Build outlet for events. + out, err := connector.ConnectWith(cfg, beat.ClientConfig{ + Processing: beat.ProcessingConfig{ + DynamicFields: inputContext.DynamicFields, + }, + }) + if err != nil { + return nil, err + } + + // Wrap input.Context's Done channel with a context.Context. This goroutine + // stops with the parent closes the Done channel. + inputCtx, cancelInputCtx := context.WithCancel(context.Background()) + go func() { + defer cancelInputCtx() + select { + case <-inputContext.Done: + case <-inputCtx.Done(): + } + }() + + // If the input ever needs to be made restartable, then context would need + // to be recreated with each restart. + workerCtx, workerCancel := context.WithCancel(inputCtx) + + in := &HttpjsonInput{ + config: conf, + log: logp.NewLogger("httpjson").With( + "url", conf.URL), + outlet: out, + inputCtx: inputCtx, + workerCtx: workerCtx, + workerCancel: workerCancel, + } + + in.log.Info("Initialized httpjson input.") + return in, nil +} + +// Run starts the input worker then returns. Only the first invocation +// will ever start the worker. +func (in *HttpjsonInput) Run() { + in.workerOnce.Do(func() { + in.workerWg.Add(1) + go func() { + in.log.Info("httpjson input worker has started.") + defer in.log.Info("httpjson input worker has stopped.") + defer in.workerWg.Done() + defer in.workerCancel() + if err := in.run(); err != nil { + in.log.Error(err) + return + } + }() + }) +} + +// createHTTPRequest creates an HTTP/HTTPs request for the input +func (in *HttpjsonInput) createHTTPRequest(ctx context.Context, ri *RequestInfo) (*http.Request, error) { + var body io.Reader + if len(ri.ContentMap) == 0 || in.config.NoHTTPBody { + body = nil + } else { + b, err := json.Marshal(ri.ContentMap) + if err != nil { + return nil, err + } + body = bytes.NewReader(b) + } + req, err := http.NewRequest(in.config.HTTPMethod, ri.URL, body) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + req.Header.Set("Accept", "application/json") + req.Header.Set("Content-Type", "application/json") + req.Header.Set("User-Agent", userAgent) + if in.config.APIKey != "" { + if in.config.AuthenticationScheme != "" { + req.Header.Set("Authorization", in.config.AuthenticationScheme+" "+in.config.APIKey) + } else { + req.Header.Set("Authorization", in.config.APIKey) + } + } + for k, v := range ri.Headers { + switch vv := v.(type) { + case string: + req.Header.Set(k, vv) + default: + } + } + return req, nil +} + +// processEventArray publishes an event for each object contained in the array. It returns the last object in the array and an error if any. +func (in *HttpjsonInput) processEventArray(events []interface{}) (map[string]interface{}, error) { + var m map[string]interface{} + for _, t := range events { + switch v := t.(type) { + case map[string]interface{}: + m = v + d, err := json.Marshal(v) + if err != nil { + return nil, errors.Wrapf(err, "failed to marshal %+v", v) + } + ok := in.outlet.OnEvent(makeEvent(string(d))) + if !ok { + return nil, errors.New("function OnEvent returned false") + } + default: + return nil, errors.Errorf("expected only JSON objects in the array but got a %T", v) + } + } + return m, nil +} + +// getNextLinkFromHeader retrieves the next URL for pagination from the HTTP Header of the response +func getNextLinkFromHeader(header http.Header, fieldName string, re *regexp.Regexp) (string, error) { + links, ok := header[fieldName] + if !ok { + return "", errors.Errorf("field %s does not exist in the HTTP Header", fieldName) + } + for _, link := range links { + matchArray := re.FindAllStringSubmatch(link, -1) + if len(matchArray) == 1 { + return matchArray[0][1], nil + } + } + return "", nil +} + +// getRateLimit get the rate limit value if specified in the HTTP Header of the response +func getRateLimit(header http.Header, rateLimit *RateLimit) (int64, error) { + if rateLimit != nil { + if rateLimit.Remaining != "" { + remaining := header.Get(rateLimit.Remaining) + if remaining == "" { + return 0, errors.Errorf("field %s does not exist in the HTTP Header, or is empty", rateLimit.Remaining) + } + m, err := strconv.ParseInt(remaining, 10, 64) + if err != nil { + return 0, errors.Wrapf(err, "failed to parse rate-limit remaining value") + } + if m == 0 { + reset := header.Get(rateLimit.Reset) + if reset == "" { + return 0, errors.Errorf("field %s does not exist in the HTTP Header, or is empty", rateLimit.Reset) + } + epoch, err := strconv.ParseInt(reset, 10, 64) + if err != nil { + return 0, errors.Wrapf(err, "failed to parse rate-limit reset value") + } + return epoch, nil + } + } + } + return 0, nil +} + +// applyRateLimit applies appropriate rate limit if specified in the HTTP Header of the response +func (in *HttpjsonInput) applyRateLimit(ctx context.Context, header http.Header, rateLimit *RateLimit) error { + epoch, err := getRateLimit(header, rateLimit) + if err != nil { + return err + } + if epoch == 0 { + return nil + } + t := time.Unix(epoch, 0) + in.log.Debugf("Rate Limit: Wait until %v for the rate limit to reset.", t) + ticker := time.NewTicker(time.Until(t)) + defer ticker.Stop() + select { + case <-ctx.Done(): + in.log.Info("Context done.") + return nil + case <-ticker.C: + in.log.Debug("Rate Limit: time is up.") + return nil + } +} + +// createRequestInfoFromBody creates a new RequestInfo for a new HTTP request in pagination based on HTTP response body +func createRequestInfoFromBody(m common.MapStr, idField string, requestField string, extraBodyContent common.MapStr, url string, ri *RequestInfo) (*RequestInfo, error) { + v, err := m.GetValue(idField) + if err != nil { + if err == common.ErrKeyNotFound { + return nil, nil + } else { + return nil, errors.Wrapf(err, "failed to retrieve id_field for pagination") + } + } + if requestField != "" { + ri.ContentMap.Put(requestField, v) + if url != "" { + ri.URL = url + } + } else { + switch vt := v.(type) { + case string: + ri.URL = vt + default: + return nil, errors.New("pagination ID is not of string type") + } + } + if len(extraBodyContent) > 0 { + ri.ContentMap.Update(extraBodyContent) + } + return ri, nil +} + +// processHTTPRequest processes HTTP request, and handles pagination if enabled +func (in *HttpjsonInput) processHTTPRequest(ctx context.Context, client *http.Client, ri *RequestInfo) error { + for { + req, err := in.createHTTPRequest(ctx, ri) + if err != nil { + return errors.Wrapf(err, "failed to create http request") + } + msg, err := client.Do(req) + if err != nil { + return errors.Wrapf(err, "failed to execute http client.Do") + } + responseData, err := ioutil.ReadAll(msg.Body) + header := msg.Header + msg.Body.Close() + if err != nil { + return errors.Wrapf(err, "failed to read http.response.body") + } + if msg.StatusCode != http.StatusOK { + in.log.Debugw("HTTP request failed", "http.response.status_code", msg.StatusCode, "http.response.body", string(responseData)) + if msg.StatusCode == http.StatusTooManyRequests { + if err = in.applyRateLimit(ctx, header, in.config.RateLimit); err != nil { + return err + } + continue + } + return errors.Errorf("http request was unsuccessful with a status code %d", msg.StatusCode) + } + var m, v interface{} + var mm map[string]interface{} + err = json.Unmarshal(responseData, &m) + if err != nil { + in.log.Debug("failed to unmarshal http.response.body", string(responseData)) + return errors.Wrapf(err, "failed to unmarshal http.response.body") + } + switch obj := m.(type) { + // Top level Array + case []interface{}: + mm, err = in.processEventArray(obj) + if err != nil { + return err + } + case map[string]interface{}: + if in.config.JSONObjects == "" { + mm, err = in.processEventArray([]interface{}{obj}) + if err != nil { + return err + } + } else { + v, err = common.MapStr(mm).GetValue(in.config.JSONObjects) + if err != nil { + return err + } + switch ts := v.(type) { + case []interface{}: + mm, err = in.processEventArray(ts) + if err != nil { + return err + } + default: + return errors.Errorf("content of %s is not a valid array", in.config.JSONObjects) + } + } + default: + in.log.Debug("http.response.body is not a valid JSON object", string(responseData)) + return errors.Errorf("http.response.body is not a valid JSON object, but a %T", obj) + } + + if mm != nil && in.config.Pagination != nil && in.config.Pagination.IsEnabled() { + if in.config.Pagination.Header != nil { + // Pagination control using HTTP Header + url, err := getNextLinkFromHeader(header, in.config.Pagination.Header.FieldName, in.config.Pagination.Header.RegexPattern) + if err != nil { + return errors.Wrapf(err, "failed to retrieve the next URL for pagination") + } + if ri.URL == url || url == "" { + in.log.Info("Pagination finished.") + return nil + } + ri.URL = url + if err = in.applyRateLimit(ctx, header, in.config.RateLimit); err != nil { + return err + } + in.log.Info("Continuing with pagination to URL: ", ri.URL) + continue + } else { + // Pagination control using HTTP Body fields + ri, err := createRequestInfoFromBody(common.MapStr(mm), in.config.Pagination.IDField, in.config.Pagination.RequestField, common.MapStr(in.config.Pagination.ExtraBodyContent), in.config.Pagination.URL, ri) + if err != nil { + return err + } + if ri == nil { + return nil + } + if err = in.applyRateLimit(ctx, header, in.config.RateLimit); err != nil { + return err + } + in.log.Info("Continuing with pagination to URL: ", ri.URL) + continue + } + } + return nil + } +} + +func (in *HttpjsonInput) run() error { + ctx, cancel := context.WithCancel(in.workerCtx) + defer cancel() + + tlsConfig, err := tlscommon.LoadTLSConfig(in.config.TLS) + if err != nil { + return err + } + + var dialer, tlsDialer transport.Dialer + + dialer = transport.NetDialer(in.config.HTTPClientTimeout) + tlsDialer, err = transport.TLSDialer(dialer, tlsConfig, in.config.HTTPClientTimeout) + if err != nil { + return err + } + + // Make transport client + var client *http.Client + client = &http.Client{ + Transport: &http.Transport{ + Dial: dialer.Dial, + DialTLS: tlsDialer.Dial, + TLSClientConfig: tlsConfig.ToConfig(), + DisableKeepAlives: true, + }, + Timeout: in.config.HTTPClientTimeout, + } + + ri := &RequestInfo{ + URL: in.URL, + ContentMap: common.MapStr{}, + Headers: in.HTTPHeaders, + } + if in.config.HTTPMethod == "POST" && in.config.HTTPRequestBody != nil { + ri.ContentMap.Update(common.MapStr(in.config.HTTPRequestBody)) + } + err = in.processHTTPRequest(ctx, client, ri) + if err == nil && in.Interval > 0 { + ticker := time.NewTicker(in.Interval) + defer ticker.Stop() + for { + select { + case <-ctx.Done(): + in.log.Info("Context done.") + return nil + case <-ticker.C: + in.log.Info("Process another repeated request.") + err = in.processHTTPRequest(ctx, client, ri) + if err != nil { + return err + } + } + } + } + return err +} + +// Stop stops the misp input and waits for it to fully stop. +func (in *HttpjsonInput) Stop() { + in.workerCancel() + in.workerWg.Wait() +} + +// Wait is an alias for Stop. +func (in *HttpjsonInput) Wait() { + in.Stop() +} + +func makeEvent(body string) beat.Event { + fields := common.MapStr{ + "event": common.MapStr{ + "created": time.Now().UTC(), + }, + "message": body, + } + + return beat.Event{ + Timestamp: time.Now().UTC(), + Fields: fields, + } +} diff --git a/filebeat/input/netflow/_meta/fields.header.yml b/filebeat/input/netflow/_meta/fields.header.yml new file mode 100644 index 00000000000..60e585ec2df --- /dev/null +++ b/filebeat/input/netflow/_meta/fields.header.yml @@ -0,0 +1,44 @@ +- key: netflow + title: "NetFlow" + description: > + Fields from NetFlow and IPFIX flows. + fields: + - name: netflow + type: group + description: > + Fields from NetFlow and IPFIX. + fields: + - name: type + type: keyword + description: > + The type of NetFlow record described by this event. + + - name: exporter + type: group + description: > + Metadata related to the exporter device that generated this record. + fields: + - name: address + type: keyword + description: > + Exporter's network address in IP:port format. + + - name: source_id + type: long + description: > + Observation domain ID to which this record belongs. + + - name: timestamp + type: date + description: > + Time and date of export. + + - name: uptime_millis + type: long + description: > + How long the exporter process has been running, in milliseconds. + + - name: version + type: integer + description: > + NetFlow version used. diff --git a/filebeat/input/netflow/_meta/fields.yml b/filebeat/input/netflow/_meta/fields.yml new file mode 100644 index 00000000000..f5a4c0823d5 --- /dev/null +++ b/filebeat/input/netflow/_meta/fields.yml @@ -0,0 +1,1383 @@ +- key: netflow + title: "NetFlow" + description: > + Fields from NetFlow and IPFIX flows. + fields: + - name: netflow + type: group + description: > + Fields from NetFlow and IPFIX. + fields: + - name: type + type: keyword + description: > + The type of NetFlow record described by this event. + + - name: exporter + type: group + description: > + Metadata related to the exporter device that generated this record. + fields: + - name: address + type: keyword + description: > + Exporter's network address in IP:port format. + + - name: source_id + type: long + description: > + Observation domain ID to which this record belongs. + + - name: timestamp + type: date + description: > + Time and date of export. + + - name: uptime_millis + type: long + description: > + How long the exporter process has been running, in milliseconds. + + - name: version + type: integer + description: > + NetFlow version used. + + - name: octet_delta_count + type: long + + - name: packet_delta_count + type: long + + - name: delta_flow_count + type: long + + - name: protocol_identifier + type: short + + - name: ip_class_of_service + type: short + + - name: tcp_control_bits + type: integer + + - name: source_transport_port + type: integer + + - name: source_ipv4_address + type: ip + + - name: source_ipv4_prefix_length + type: short + + - name: ingress_interface + type: long + + - name: destination_transport_port + type: integer + + - name: destination_ipv4_address + type: ip + + - name: destination_ipv4_prefix_length + type: short + + - name: egress_interface + type: long + + - name: ip_next_hop_ipv4_address + type: ip + + - name: bgp_source_as_number + type: long + + - name: bgp_destination_as_number + type: long + + - name: bgp_next_hop_ipv4_address + type: ip + + - name: post_mcast_packet_delta_count + type: long + + - name: post_mcast_octet_delta_count + type: long + + - name: flow_end_sys_up_time + type: long + + - name: flow_start_sys_up_time + type: long + + - name: post_octet_delta_count + type: long + + - name: post_packet_delta_count + type: long + + - name: minimum_ip_total_length + type: long + + - name: maximum_ip_total_length + type: long + + - name: source_ipv6_address + type: ip + + - name: destination_ipv6_address + type: ip + + - name: source_ipv6_prefix_length + type: short + + - name: destination_ipv6_prefix_length + type: short + + - name: flow_label_ipv6 + type: long + + - name: icmp_type_code_ipv4 + type: integer + + - name: igmp_type + type: short + + - name: sampling_interval + type: long + + - name: sampling_algorithm + type: short + + - name: flow_active_timeout + type: integer + + - name: flow_idle_timeout + type: integer + + - name: engine_type + type: short + + - name: engine_id + type: short + + - name: exported_octet_total_count + type: long + + - name: exported_message_total_count + type: long + + - name: exported_flow_record_total_count + type: long + + - name: ipv4_router_sc + type: ip + + - name: source_ipv4_prefix + type: ip + + - name: destination_ipv4_prefix + type: ip + + - name: mpls_top_label_type + type: short + + - name: mpls_top_label_ipv4_address + type: ip + + - name: sampler_id + type: short + + - name: sampler_mode + type: short + + - name: sampler_random_interval + type: long + + - name: class_id + type: long + + - name: minimum_ttl + type: short + + - name: maximum_ttl + type: short + + - name: fragment_identification + type: long + + - name: post_ip_class_of_service + type: short + + - name: source_mac_address + type: keyword + + - name: post_destination_mac_address + type: keyword + + - name: vlan_id + type: integer + + - name: post_vlan_id + type: integer + + - name: ip_version + type: short + + - name: flow_direction + type: short + + - name: ip_next_hop_ipv6_address + type: ip + + - name: bgp_next_hop_ipv6_address + type: ip + + - name: ipv6_extension_headers + type: long + + - name: mpls_top_label_stack_section + type: short + + - name: mpls_label_stack_section2 + type: short + + - name: mpls_label_stack_section3 + type: short + + - name: mpls_label_stack_section4 + type: short + + - name: mpls_label_stack_section5 + type: short + + - name: mpls_label_stack_section6 + type: short + + - name: mpls_label_stack_section7 + type: short + + - name: mpls_label_stack_section8 + type: short + + - name: mpls_label_stack_section9 + type: short + + - name: mpls_label_stack_section10 + type: short + + - name: destination_mac_address + type: keyword + + - name: post_source_mac_address + type: keyword + + - name: interface_name + type: keyword + + - name: interface_description + type: keyword + + - name: sampler_name + type: keyword + + - name: octet_total_count + type: long + + - name: packet_total_count + type: long + + - name: flags_and_sampler_id + type: long + + - name: fragment_offset + type: integer + + - name: forwarding_status + type: short + + - name: mpls_vpn_route_distinguisher + type: short + + - name: mpls_top_label_prefix_length + type: short + + - name: src_traffic_index + type: long + + - name: dst_traffic_index + type: long + + - name: application_description + type: keyword + + - name: application_id + type: short + + - name: application_name + type: keyword + + - name: post_ip_diff_serv_code_point + type: short + + - name: multicast_replication_factor + type: long + + - name: class_name + type: keyword + + - name: classification_engine_id + type: short + + - name: layer2packet_section_offset + type: integer + + - name: layer2packet_section_size + type: integer + + - name: layer2packet_section_data + type: short + + - name: bgp_next_adjacent_as_number + type: long + + - name: bgp_prev_adjacent_as_number + type: long + + - name: exporter_ipv4_address + type: ip + + - name: exporter_ipv6_address + type: ip + + - name: dropped_octet_delta_count + type: long + + - name: dropped_packet_delta_count + type: long + + - name: dropped_octet_total_count + type: long + + - name: dropped_packet_total_count + type: long + + - name: flow_end_reason + type: short + + - name: common_properties_id + type: long + + - name: observation_point_id + type: long + + - name: icmp_type_code_ipv6 + type: integer + + - name: mpls_top_label_ipv6_address + type: ip + + - name: line_card_id + type: long + + - name: port_id + type: long + + - name: metering_process_id + type: long + + - name: exporting_process_id + type: long + + - name: template_id + type: integer + + - name: wlan_channel_id + type: short + + - name: wlan_ssid + type: keyword + + - name: flow_id + type: long + + - name: observation_domain_id + type: long + + - name: flow_start_seconds + type: date + + - name: flow_end_seconds + type: date + + - name: flow_start_milliseconds + type: date + + - name: flow_end_milliseconds + type: date + + - name: flow_start_microseconds + type: date + + - name: flow_end_microseconds + type: date + + - name: flow_start_nanoseconds + type: date + + - name: flow_end_nanoseconds + type: date + + - name: flow_start_delta_microseconds + type: long + + - name: flow_end_delta_microseconds + type: long + + - name: system_init_time_milliseconds + type: date + + - name: flow_duration_milliseconds + type: long + + - name: flow_duration_microseconds + type: long + + - name: observed_flow_total_count + type: long + + - name: ignored_packet_total_count + type: long + + - name: ignored_octet_total_count + type: long + + - name: not_sent_flow_total_count + type: long + + - name: not_sent_packet_total_count + type: long + + - name: not_sent_octet_total_count + type: long + + - name: destination_ipv6_prefix + type: ip + + - name: source_ipv6_prefix + type: ip + + - name: post_octet_total_count + type: long + + - name: post_packet_total_count + type: long + + - name: flow_key_indicator + type: long + + - name: post_mcast_packet_total_count + type: long + + - name: post_mcast_octet_total_count + type: long + + - name: icmp_type_ipv4 + type: short + + - name: icmp_code_ipv4 + type: short + + - name: icmp_type_ipv6 + type: short + + - name: icmp_code_ipv6 + type: short + + - name: udp_source_port + type: integer + + - name: udp_destination_port + type: integer + + - name: tcp_source_port + type: integer + + - name: tcp_destination_port + type: integer + + - name: tcp_sequence_number + type: long + + - name: tcp_acknowledgement_number + type: long + + - name: tcp_window_size + type: integer + + - name: tcp_urgent_pointer + type: integer + + - name: tcp_header_length + type: short + + - name: ip_header_length + type: short + + - name: total_length_ipv4 + type: integer + + - name: payload_length_ipv6 + type: integer + + - name: ip_ttl + type: short + + - name: next_header_ipv6 + type: short + + - name: mpls_payload_length + type: long + + - name: ip_diff_serv_code_point + type: short + + - name: ip_precedence + type: short + + - name: fragment_flags + type: short + + - name: octet_delta_sum_of_squares + type: long + + - name: octet_total_sum_of_squares + type: long + + - name: mpls_top_label_ttl + type: short + + - name: mpls_label_stack_length + type: long + + - name: mpls_label_stack_depth + type: long + + - name: mpls_top_label_exp + type: short + + - name: ip_payload_length + type: long + + - name: udp_message_length + type: integer + + - name: is_multicast + type: short + + - name: ipv4_ihl + type: short + + - name: ipv4_options + type: long + + - name: tcp_options + type: long + + - name: padding_octets + type: short + + - name: collector_ipv4_address + type: ip + + - name: collector_ipv6_address + type: ip + + - name: export_interface + type: long + + - name: export_protocol_version + type: short + + - name: export_transport_protocol + type: short + + - name: collector_transport_port + type: integer + + - name: exporter_transport_port + type: integer + + - name: tcp_syn_total_count + type: long + + - name: tcp_fin_total_count + type: long + + - name: tcp_rst_total_count + type: long + + - name: tcp_psh_total_count + type: long + + - name: tcp_ack_total_count + type: long + + - name: tcp_urg_total_count + type: long + + - name: ip_total_length + type: long + + - name: post_nat_source_ipv4_address + type: ip + + - name: post_nat_destination_ipv4_address + type: ip + + - name: post_napt_source_transport_port + type: integer + + - name: post_napt_destination_transport_port + type: integer + + - name: nat_originating_address_realm + type: short + + - name: nat_event + type: short + + - name: initiator_octets + type: long + + - name: responder_octets + type: long + + - name: firewall_event + type: short + + - name: ingress_vrfid + type: long + + - name: egress_vrfid + type: long + + - name: vr_fname + type: keyword + + - name: post_mpls_top_label_exp + type: short + + - name: tcp_window_scale + type: integer + + - name: biflow_direction + type: short + + - name: ethernet_header_length + type: short + + - name: ethernet_payload_length + type: integer + + - name: ethernet_total_length + type: integer + + - name: dot1q_vlan_id + type: integer + + - name: dot1q_priority + type: short + + - name: dot1q_customer_vlan_id + type: integer + + - name: dot1q_customer_priority + type: short + + - name: metro_evc_id + type: keyword + + - name: metro_evc_type + type: short + + - name: pseudo_wire_id + type: long + + - name: pseudo_wire_type + type: integer + + - name: pseudo_wire_control_word + type: long + + - name: ingress_physical_interface + type: long + + - name: egress_physical_interface + type: long + + - name: post_dot1q_vlan_id + type: integer + + - name: post_dot1q_customer_vlan_id + type: integer + + - name: ethernet_type + type: integer + + - name: post_ip_precedence + type: short + + - name: collection_time_milliseconds + type: date + + - name: export_sctp_stream_id + type: integer + + - name: max_export_seconds + type: date + + - name: max_flow_end_seconds + type: date + + - name: message_md5_checksum + type: short + + - name: message_scope + type: short + + - name: min_export_seconds + type: date + + - name: min_flow_start_seconds + type: date + + - name: opaque_octets + type: short + + - name: session_scope + type: short + + - name: max_flow_end_microseconds + type: date + + - name: max_flow_end_milliseconds + type: date + + - name: max_flow_end_nanoseconds + type: date + + - name: min_flow_start_microseconds + type: date + + - name: min_flow_start_milliseconds + type: date + + - name: min_flow_start_nanoseconds + type: date + + - name: collector_certificate + type: short + + - name: exporter_certificate + type: short + + - name: data_records_reliability + type: boolean + + - name: observation_point_type + type: short + + - name: new_connection_delta_count + type: long + + - name: connection_sum_duration_seconds + type: long + + - name: connection_transaction_id + type: long + + - name: post_nat_source_ipv6_address + type: ip + + - name: post_nat_destination_ipv6_address + type: ip + + - name: nat_pool_id + type: long + + - name: nat_pool_name + type: keyword + + - name: anonymization_flags + type: integer + + - name: anonymization_technique + type: integer + + - name: information_element_index + type: integer + + - name: p2p_technology + type: keyword + + - name: tunnel_technology + type: keyword + + - name: encrypted_technology + type: keyword + + - name: bgp_validity_state + type: short + + - name: ip_sec_spi + type: long + + - name: gre_key + type: long + + - name: nat_type + type: short + + - name: initiator_packets + type: long + + - name: responder_packets + type: long + + - name: observation_domain_name + type: keyword + + - name: selection_sequence_id + type: long + + - name: selector_id + type: long + + - name: information_element_id + type: integer + + - name: selector_algorithm + type: integer + + - name: sampling_packet_interval + type: long + + - name: sampling_packet_space + type: long + + - name: sampling_time_interval + type: long + + - name: sampling_time_space + type: long + + - name: sampling_size + type: long + + - name: sampling_population + type: long + + - name: sampling_probability + type: double + + - name: data_link_frame_size + type: integer + + - name: ip_header_packet_section + type: short + + - name: ip_payload_packet_section + type: short + + - name: data_link_frame_section + type: short + + - name: mpls_label_stack_section + type: short + + - name: mpls_payload_packet_section + type: short + + - name: selector_id_total_pkts_observed + type: long + + - name: selector_id_total_pkts_selected + type: long + + - name: absolute_error + type: double + + - name: relative_error + type: double + + - name: observation_time_seconds + type: date + + - name: observation_time_milliseconds + type: date + + - name: observation_time_microseconds + type: date + + - name: observation_time_nanoseconds + type: date + + - name: digest_hash_value + type: long + + - name: hash_ip_payload_offset + type: long + + - name: hash_ip_payload_size + type: long + + - name: hash_output_range_min + type: long + + - name: hash_output_range_max + type: long + + - name: hash_selected_range_min + type: long + + - name: hash_selected_range_max + type: long + + - name: hash_digest_output + type: boolean + + - name: hash_initialiser_value + type: long + + - name: selector_name + type: keyword + + - name: upper_ci_limit + type: double + + - name: lower_ci_limit + type: double + + - name: confidence_level + type: double + + - name: information_element_data_type + type: short + + - name: information_element_description + type: keyword + + - name: information_element_name + type: keyword + + - name: information_element_range_begin + type: long + + - name: information_element_range_end + type: long + + - name: information_element_semantics + type: short + + - name: information_element_units + type: integer + + - name: private_enterprise_number + type: long + + - name: virtual_station_interface_id + type: short + + - name: virtual_station_interface_name + type: keyword + + - name: virtual_station_uuid + type: short + + - name: virtual_station_name + type: keyword + + - name: layer2_segment_id + type: long + + - name: layer2_octet_delta_count + type: long + + - name: layer2_octet_total_count + type: long + + - name: ingress_unicast_packet_total_count + type: long + + - name: ingress_multicast_packet_total_count + type: long + + - name: ingress_broadcast_packet_total_count + type: long + + - name: egress_unicast_packet_total_count + type: long + + - name: egress_broadcast_packet_total_count + type: long + + - name: monitoring_interval_start_milli_seconds + type: date + + - name: monitoring_interval_end_milli_seconds + type: date + + - name: port_range_start + type: integer + + - name: port_range_end + type: integer + + - name: port_range_step_size + type: integer + + - name: port_range_num_ports + type: integer + + - name: sta_mac_address + type: keyword + + - name: sta_ipv4_address + type: ip + + - name: wtp_mac_address + type: keyword + + - name: ingress_interface_type + type: long + + - name: egress_interface_type + type: long + + - name: rtp_sequence_number + type: integer + + - name: user_name + type: keyword + + - name: application_category_name + type: keyword + + - name: application_sub_category_name + type: keyword + + - name: application_group_name + type: keyword + + - name: original_flows_present + type: long + + - name: original_flows_initiated + type: long + + - name: original_flows_completed + type: long + + - name: distinct_count_of_source_ip_address + type: long + + - name: distinct_count_of_destination_ip_address + type: long + + - name: distinct_count_of_source_ipv4_address + type: long + + - name: distinct_count_of_destination_ipv4_address + type: long + + - name: distinct_count_of_source_ipv6_address + type: long + + - name: distinct_count_of_destination_ipv6_address + type: long + + - name: value_distribution_method + type: short + + - name: rfc3550_jitter_milliseconds + type: long + + - name: rfc3550_jitter_microseconds + type: long + + - name: rfc3550_jitter_nanoseconds + type: long + + - name: dot1q_dei + type: boolean + + - name: dot1q_customer_dei + type: boolean + + - name: flow_selector_algorithm + type: integer + + - name: flow_selected_octet_delta_count + type: long + + - name: flow_selected_packet_delta_count + type: long + + - name: flow_selected_flow_delta_count + type: long + + - name: selector_id_total_flows_observed + type: long + + - name: selector_id_total_flows_selected + type: long + + - name: sampling_flow_interval + type: long + + - name: sampling_flow_spacing + type: long + + - name: flow_sampling_time_interval + type: long + + - name: flow_sampling_time_spacing + type: long + + - name: hash_flow_domain + type: integer + + - name: transport_octet_delta_count + type: long + + - name: transport_packet_delta_count + type: long + + - name: original_exporter_ipv4_address + type: ip + + - name: original_exporter_ipv6_address + type: ip + + - name: original_observation_domain_id + type: long + + - name: intermediate_process_id + type: long + + - name: ignored_data_record_total_count + type: long + + - name: data_link_frame_type + type: integer + + - name: section_offset + type: integer + + - name: section_exported_octets + type: integer + + - name: dot1q_service_instance_tag + type: short + + - name: dot1q_service_instance_id + type: long + + - name: dot1q_service_instance_priority + type: short + + - name: dot1q_customer_source_mac_address + type: keyword + + - name: dot1q_customer_destination_mac_address + type: keyword + + - name: post_layer2_octet_delta_count + type: long + + - name: post_mcast_layer2_octet_delta_count + type: long + + - name: post_layer2_octet_total_count + type: long + + - name: post_mcast_layer2_octet_total_count + type: long + + - name: minimum_layer2_total_length + type: long + + - name: maximum_layer2_total_length + type: long + + - name: dropped_layer2_octet_delta_count + type: long + + - name: dropped_layer2_octet_total_count + type: long + + - name: ignored_layer2_octet_total_count + type: long + + - name: not_sent_layer2_octet_total_count + type: long + + - name: layer2_octet_delta_sum_of_squares + type: long + + - name: layer2_octet_total_sum_of_squares + type: long + + - name: layer2_frame_delta_count + type: long + + - name: layer2_frame_total_count + type: long + + - name: pseudo_wire_destination_ipv4_address + type: ip + + - name: ignored_layer2_frame_total_count + type: long + + - name: mib_object_value_integer + type: integer + + - name: mib_object_value_octet_string + type: short + + - name: mib_object_value_oid + type: short + + - name: mib_object_value_bits + type: short + + - name: mib_object_value_ip_address + type: ip + + - name: mib_object_value_counter + type: long + + - name: mib_object_value_gauge + type: long + + - name: mib_object_value_time_ticks + type: long + + - name: mib_object_value_unsigned + type: long + + - name: mib_object_identifier + type: short + + - name: mib_sub_identifier + type: long + + - name: mib_index_indicator + type: long + + - name: mib_capture_time_semantics + type: short + + - name: mib_context_engine_id + type: short + + - name: mib_context_name + type: keyword + + - name: mib_object_name + type: keyword + + - name: mib_object_description + type: keyword + + - name: mib_object_syntax + type: keyword + + - name: mib_module_name + type: keyword + + - name: mobile_imsi + type: keyword + + - name: mobile_msisdn + type: keyword + + - name: http_status_code + type: integer + + - name: source_transport_ports_limit + type: integer + + - name: http_request_method + type: keyword + + - name: http_request_host + type: keyword + + - name: http_request_target + type: keyword + + - name: http_message_version + type: keyword + + - name: nat_instance_id + type: long + + - name: internal_address_realm + type: short + + - name: external_address_realm + type: short + + - name: nat_quota_exceeded_event + type: long + + - name: nat_threshold_event + type: long + + - name: http_user_agent + type: keyword + + - name: http_content_type + type: keyword + + - name: http_reason_phrase + type: keyword + + - name: max_session_entries + type: long + + - name: max_bib_entries + type: long + + - name: max_entries_per_user + type: long + + - name: max_subscribers + type: long + + - name: max_fragments_pending_reassembly + type: long + + - name: address_pool_high_threshold + type: long + + - name: address_pool_low_threshold + type: long + + - name: address_port_mapping_high_threshold + type: long + + - name: address_port_mapping_low_threshold + type: long + + - name: address_port_mapping_per_user_high_threshold + type: long + + - name: global_address_mapping_high_threshold + type: long + + - name: vpn_identifier + type: short + diff --git a/filebeat/input/netflow/_meta/kibana/7/dashboard/filebeat-network-flows-top-n.json b/filebeat/input/netflow/_meta/kibana/7/dashboard/filebeat-network-flows-top-n.json new file mode 100644 index 00000000000..fc0971c4161 --- /dev/null +++ b/filebeat/input/netflow/_meta/kibana/7/dashboard/filebeat-network-flows-top-n.json @@ -0,0 +1,869 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "c1e2ccd0-1ae5-11e9-9eb0-d1ab52900288", + "title": "Source Port and Transport [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Transport", + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Port", + "field": "source.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Source Port and Transport [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "3bc31900-1ae7-11e9-9eb0-d1ab52900288", + "type": "visualization", + "updated_at": "2019-01-18T16:16:16.527Z", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "controlledBy": "1547791659064", + "disabled": false, + "index": "filebeat-*", + "key": "network.direction", + "negate": false, + "params": [ + "inbound", + "outbound" + ], + "type": "phrases", + "value": "inbound, outbound" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "network.direction": "inbound" + } + }, + { + "match_phrase": { + "network.direction": "outbound" + } + } + ] + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "controlledBy": "1547791714688", + "disabled": false, + "index": "filebeat-*", + "key": "flow.locality", + "negate": false, + "params": { + "query": "public", + "type": "phrase" + }, + "type": "phrase", + "value": "public" + }, + "query": { + "match": { + "flow.locality": { + "query": "public", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Flow Selectors [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "network.direction", + "id": "1547791659064", + "indexPattern": "filebeat-*", + "label": "Network Direction", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "flow.locality", + "id": "1547791714688", + "indexPattern": "filebeat-*", + "label": "Locality", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false + }, + "title": "Flow Selectors [Filebeat Netflow]", + "type": "input_control_vis" + } + }, + "id": "b957b010-1ae7-11e9-9eb0-d1ab52900288", + "type": "visualization", + "updated_at": "2019-01-18T16:16:16.527Z", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "c1e2ccd0-1ae5-11e9-9eb0-d1ab52900288", + "title": "Destination Port and Transport [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Transport", + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Port", + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Destination Port and Transport [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "44042280-1ae7-11e9-9eb0-d1ab52900288", + "type": "visualization", + "updated_at": "2019-01-18T16:16:16.527Z", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "c1e2ccd0-1ae5-11e9-9eb0-d1ab52900288", + "title": "Top Sources Table [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Duration", + "field": "event.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source IP", + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 30 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Domain", + "field": "source.domain", + "missingBucket": true, + "missingBucketLabel": "", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Sources Table [Filebeat Netflow]", + "type": "table" + } + }, + "id": "846bac40-1ae6-11e9-9eb0-d1ab52900288", + "type": "visualization", + "updated_at": "2019-01-18T16:39:24.499Z", + "version": 3 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "c1e2ccd0-1ae5-11e9-9eb0-d1ab52900288", + "title": "Top Destinations Table [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Duration", + "field": "event.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination IP", + "field": "destination.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 30 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Domain", + "field": "destination.domain", + "missingBucket": true, + "missingBucketLabel": "", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Destinations Table [Filebeat Netflow]", + "type": "table" + } + }, + "id": "8d0c61f0-1ae6-11e9-9eb0-d1ab52900288", + "type": "visualization", + "updated_at": "2019-01-18T16:39:44.417Z", + "version": 3 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "c1e2ccd0-1ae5-11e9-9eb0-d1ab52900288", + "title": "Flows Over Time [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "colors": { + "Bytes": "#82B5D8", + "Count": "#052B51", + "Event Count": "#3F2B5B" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "time_zone": "America/New_York", + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "top", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Event Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + }, + { + "data": { + "id": "3", + "label": "Bytes" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Bytes" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Event Count" + }, + "type": "value" + } + ] + }, + "title": "Flows Over Time [Filebeat Netflow]", + "type": "area" + } + }, + "id": "e7c6efa0-1ae8-11e9-9eb0-d1ab52900288", + "type": "visualization", + "updated_at": "2019-01-18T16:16:16.527Z", + "version": 2 + }, + { + "attributes": { + "columns": [ + "source.ip", + "destination.ip", + "network.direction", + "network.transport", + "network.bytes" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "event.action", + "negate": false, + "params": { + "query": "netflow_flow", + "type": "phrase" + }, + "type": "phrase", + "value": "netflow_flow" + }, + "query": { + "match": { + "event.action": { + "query": "netflow_flow", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Network Flow Search [Filebeat]", + "version": 1 + }, + "id": "c1e2ccd0-1ae5-11e9-9eb0-d1ab52900288", + "type": "search", + "updated_at": "2019-01-18T16:16:16.527Z", + "version": 2 + }, + { + "attributes": { + "description": "Top N network flows", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "1", + "w": 24, + "x": 0, + "y": 8 + }, + "id": "3bc31900-1ae7-11e9-9eb0-d1ab52900288", + "panelIndex": "1", + "type": "visualization", + "version": "7.0.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "2", + "w": 24, + "x": 0, + "y": 0 + }, + "id": "b957b010-1ae7-11e9-9eb0-d1ab52900288", + "panelIndex": "2", + "type": "visualization", + "version": "7.0.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 24, + "y": 8 + }, + "id": "44042280-1ae7-11e9-9eb0-d1ab52900288", + "panelIndex": "3", + "type": "visualization", + "version": "7.0.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "4", + "w": 24, + "x": 0, + "y": 23 + }, + "id": "846bac40-1ae6-11e9-9eb0-d1ab52900288", + "panelIndex": "4", + "type": "visualization", + "version": "7.0.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "5", + "w": 24, + "x": 24, + "y": 23 + }, + "id": "8d0c61f0-1ae6-11e9-9eb0-d1ab52900288", + "panelIndex": "5", + "type": "visualization", + "version": "7.0.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "6", + "w": 24, + "x": 24, + "y": 0 + }, + "id": "e7c6efa0-1ae8-11e9-9eb0-d1ab52900288", + "panelIndex": "6", + "type": "visualization", + "version": "7.0.0" + } + ], + "timeRestore": false, + "title": "[Filebeat Netflow] Top-N Flows", + "version": 1 + }, + "id": "1374fe40-1ae8-11e9-9eb0-d1ab52900288", + "type": "dashboard", + "updated_at": "2019-01-18T16:40:54.334Z", + "version": 4 + } + ], + "version": "7.0.0-SNAPSHOT" +} diff --git a/filebeat/input/netflow/case.go b/filebeat/input/netflow/case.go new file mode 100644 index 00000000000..cfe5e8fbfa1 --- /dev/null +++ b/filebeat/input/netflow/case.go @@ -0,0 +1,93 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package netflow + +import ( + "strings" + "sync" + "unicode" + + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/record" +) + +var fieldNameConverter = caseConverter{ + conversion: map[string]string{ + // Special handled fields + + // VRFname should be VRFName + "VRFname": "vrf_name", + }, +} + +type caseConverter struct { + rwMutex sync.RWMutex + conversion map[string]string +} + +func (c *caseConverter) memoize(nfName, converted string) string { + c.rwMutex.Lock() + defer c.rwMutex.Unlock() + c.conversion[nfName] = converted + return converted +} + +func (c *caseConverter) ToSnakeCase(orig record.Map) common.MapStr { + result := common.MapStr(make(map[string]interface{}, len(orig))) + c.rwMutex.RLock() + defer c.rwMutex.RUnlock() + + for nfName, value := range orig { + name, found := c.conversion[nfName] + if !found { + c.rwMutex.RUnlock() + name = c.memoize(nfName, CamelCaseToSnakeCase(nfName)) + c.rwMutex.RLock() + } + result[name] = value + } + return result +} + +// CamelCaseToSnakeCase converts a camel-case identifier to snake-case +// format. This function is tailored to some specifics of NetFlow field names. +// Don't reuse it. +func CamelCaseToSnakeCase(in string) string { + // skip those few fields that are already snake-cased + if strings.ContainsRune(in, '_') { + return strings.ToLower(in) + } + + out := make([]rune, 0, len(in)+4) + runes := []rune(in) + upperCount := 1 + for _, r := range runes { + lr := unicode.ToLower(r) + isUpper := lr != r + if isUpper { + if upperCount == 0 { + out = append(out, '_') + } + upperCount++ + } else { + if upperCount > 2 { + // Some magic here: + // NetFlow usually lowercases all but the first letter of an + // acronym (Icmp) Except when it is 2 characters long: (IP). + // In other cases, it keeps all caps, but if we have a run of + // more than 2 uppercase chars, then the last char belongs to + // the next word: + // postNATSourceIPv4Address : post_nat_source_ipv4_address + // selectorIDTotalFlowsObserved : selector_id_total_flows_... + out = append(out, '_') + n := len(out) - 1 + out[n], out[n-1] = out[n-1], out[n] + } + upperCount = 0 + } + out = append(out, lr) + } + return string(out) +} diff --git a/filebeat/input/netflow/case_test.go b/filebeat/input/netflow/case_test.go new file mode 100644 index 00000000000..b7faf8925f7 --- /dev/null +++ b/filebeat/input/netflow/case_test.go @@ -0,0 +1,36 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package netflow + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestCamelCaseToSnakeCase(t *testing.T) { + for _, testCase := range [][2]string{ + {"aBCDe", "a_bc_de"}, + {"postNATSourceIPv4Address", "post_nat_source_ipv4_address"}, + {"selectorIDTotalFlowsObserved", "selector_id_total_flows_observed"}, + {"engineId", "engine_id"}, + {"samplerRandomInterval", "sampler_random_interval"}, + {"dot1qVlanId", "dot1q_vlan_id"}, + {"messageMD5Checksum", "message_md5_checksum"}, + {"hashIPPayloadSize", "hash_ip_payload_size"}, + {"upperCILimit", "upper_ci_limit"}, + {"virtualStationUUID", "virtual_station_uuid"}, + {"selectorIDTotalFlowsObserved", "selector_id_total_flows_observed"}, + {"postMCastLayer2OctetDeltaCount", "post_mcast_layer2_octet_delta_count"}, + {"IPSecSPI", "ip_sec_spi"}, + {"VRFname", "vrf_name"}, + } { + s, found := fieldNameConverter.conversion[testCase[0]] + if !found { + s = CamelCaseToSnakeCase(testCase[0]) + } + assert.Equal(t, testCase[1], s) + } +} diff --git a/filebeat/input/netflow/config.go b/filebeat/input/netflow/config.go new file mode 100644 index 00000000000..cc0094f4ed8 --- /dev/null +++ b/filebeat/input/netflow/config.go @@ -0,0 +1,39 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package netflow + +import ( + "time" + + "github.com/dustin/go-humanize" + + "github.com/elastic/beats/v7/filebeat/harvester" + "github.com/elastic/beats/v7/filebeat/inputsource/udp" +) + +type config struct { + udp.Config `config:",inline"` + harvester.ForwarderConfig `config:",inline"` + Protocols []string `config:"protocols"` + ExpirationTimeout time.Duration `config:"expiration_timeout"` + PacketQueueSize int `config:"queue_size"` + CustomDefinitions []string `config:"custom_definitions"` + DetectSequenceReset bool `config:"detect_sequence_reset"` +} + +var defaultConfig = config{ + Config: udp.Config{ + MaxMessageSize: 10 * humanize.KiByte, + Host: ":2055", + Timeout: time.Minute * 5, + }, + ForwarderConfig: harvester.ForwarderConfig{ + Type: inputName, + }, + Protocols: []string{"v5", "v9", "ipfix"}, + ExpirationTimeout: time.Minute * 30, + PacketQueueSize: 8192, + DetectSequenceReset: true, +} diff --git a/filebeat/input/netflow/convert.go b/filebeat/input/netflow/convert.go new file mode 100644 index 00000000000..cfc3fd1736a --- /dev/null +++ b/filebeat/input/netflow/convert.go @@ -0,0 +1,482 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package netflow + +import ( + "encoding/base64" + "encoding/binary" + "net" + "strconv" + "strings" + "time" + + "github.com/cespare/xxhash/v2" + + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/common/flowhash" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/record" +) + +var ( + // RFC 1918 + privateIPv4 = []net.IPNet{ + {IP: net.IPv4(10, 0, 0, 0), Mask: net.IPv4Mask(255, 0, 0, 0)}, + {IP: net.IPv4(172, 16, 0, 0), Mask: net.IPv4Mask(255, 240, 0, 0)}, + {IP: net.IPv4(192, 168, 0, 0), Mask: net.IPv4Mask(255, 255, 0, 0)}, + } + + // RFC 4193 + privateIPv6 = net.IPNet{ + IP: net.IP{0xfd, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, + Mask: net.IPMask{0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, + } +) + +func toBeatEvent(flow record.Record) (event beat.Event) { + switch flow.Type { + case record.Flow: + return flowToBeatEvent(flow) + case record.Options: + return optionsToBeatEvent(flow) + default: + return toBeatEventCommon(flow) + } +} + +func toBeatEventCommon(flow record.Record) (event beat.Event) { + // replace net.HardwareAddress with its String() representation + fixMacAddresses(flow.Fields) + // Nest Exporter into netflow fields + flow.Fields["exporter"] = fieldNameConverter.ToSnakeCase(flow.Exporter) + + // Nest Type into netflow fields + switch flow.Type { + case record.Flow: + flow.Fields["type"] = "netflow_flow" + case record.Options: + flow.Fields["type"] = "netflow_options" + default: + flow.Fields["type"] = "netflow_unknown" + } + + // ECS Fields -- event + ecsEvent := common.MapStr{ + "created": flow.Timestamp, + "kind": "event", + "category": "network_traffic", + "action": flow.Fields["type"], + } + // ECS Fields -- device + ecsDevice := common.MapStr{} + if exporter, ok := getKeyString(flow.Exporter, "address"); ok { + ecsDevice["ip"] = extractIPFromIPPort(exporter) + } + + event.Timestamp = flow.Timestamp + event.Fields = common.MapStr{ + "netflow": fieldNameConverter.ToSnakeCase(flow.Fields), + "event": ecsEvent, + "observer": ecsDevice, + } + return +} + +func extractIPFromIPPort(address string) string { + // address can be "n.n.n.n:port" or "[hhhh:hhhh::hhhh]:port" + if lastColon := strings.LastIndexByte(address, ':'); lastColon > -1 { + address = address[:lastColon] + } + if len(address) > 0 && address[0] == '[' { + address = address[1:] + } + if n := len(address); n > 0 && address[n-1] == ']' { + address = address[:n-1] + } + return address +} + +func optionsToBeatEvent(flow record.Record) beat.Event { + for _, key := range []string{"options", "scope"} { + if iface, found := flow.Fields[key]; found { + if opts, ok := iface.(record.Map); ok { + fixMacAddresses(opts) + flow.Fields[key] = fieldNameConverter.ToSnakeCase(opts) + } + } + } + return toBeatEventCommon(flow) +} + +func flowToBeatEvent(flow record.Record) (event beat.Event) { + event = toBeatEventCommon(flow) + + ecsEvent, ok := event.Fields["event"].(common.MapStr) + if !ok { + ecsEvent = common.MapStr{} + event.Fields["event"] = ecsEvent + } + sysUptime, hasSysUptime := getKeyUint64(flow.Exporter, "uptimeMillis") + if !hasSysUptime || sysUptime == 0 { + // Alternative update + sysUptime, hasSysUptime = getKeyUint64(flow.Fields, "systemInitTimeMilliseconds") + } + startUptime, hasStartUptime := getKeyUint64(flow.Fields, "flowStartSysUpTime") + endUptime, hasEndUptime := getKeyUint64(flow.Fields, "flowEndSysUpTime") + if hasSysUptime { + // Can't convert uptime values to absolute time if sysUptime is bogus + // It will result on a flow that starts and ends in the future. + hasStartUptime = hasStartUptime && startUptime <= sysUptime + hasEndUptime = hasEndUptime && endUptime <= sysUptime + if hasStartUptime { + ecsEvent["start"] = flow.Timestamp.Add((time.Duration(startUptime) - time.Duration(sysUptime)) * time.Millisecond) + } + if hasEndUptime { + ecsEvent["end"] = flow.Timestamp.Add((time.Duration(endUptime) - time.Duration(sysUptime)) * time.Millisecond) + } + if hasStartUptime && hasEndUptime { + ecsEvent["duration"] = ecsEvent["end"].(time.Time).Sub(ecsEvent["start"].(time.Time)).Nanoseconds() + } + } + if ecsEvent["duration"] == nil { + if durationMillis, found := getKeyUint64(flow.Fields, "flowDurationMilliseconds"); found { + duration := time.Duration(durationMillis) * time.Millisecond + ecsEvent["duration"] = duration + + // Here we're missing at least one of (start, end) + if start := ecsEvent["start"]; start != nil { + ecsEvent["end"] = start.(time.Time).Add(duration) + } else if end := ecsEvent["end"]; end != nil { + ecsEvent["start"] = end.(time.Time).Add(-duration) + } + } + } + + flowDirection, hasFlowDirection := getKeyUint64(flow.Fields, "flowDirection") + // ECS Fields -- source and destination + ecsSource := common.MapStr{} + ecsDest := common.MapStr{} + + // Populate first with WLAN fields + if hasFlowDirection { + staIP, _ := getKeyIP(flow.Fields, "staIPv4Address") + staMac, hasStaMac := getKeyString(flow.Fields, "staMacAddress") + wtpMac, hasWtpMac := getKeyString(flow.Fields, "wtpMacAddress") + if hasStaMac && hasWtpMac { + srcMac := staMac + srcIP := staIP + dstMac := wtpMac + var dstIP net.IP = nil + if Direction(flowDirection) == DirectionOutbound { + srcMac, dstMac = dstMac, srcMac + srcIP, dstIP = dstIP, srcIP + } + if srcIP != nil { + ecsSource["ip"] = srcIP + ecsSource["locality"] = getIPLocality(srcIP).String() + } + ecsSource["mac"] = srcMac + if dstIP != nil { + ecsDest["ip"] = dstIP + ecsDest["locality"] = getIPLocality(dstIP).String() + } + ecsDest["mac"] = dstMac + } + } + + // Regular IPv4 fields + if ip, found := getKeyIP(flow.Fields, "sourceIPv4Address"); found { + ecsSource["ip"] = ip + ecsSource["locality"] = getIPLocality(ip).String() + } + if sourcePort, found := getKeyUint64(flow.Fields, "sourceTransportPort"); found { + ecsSource["port"] = sourcePort + } + if mac, found := getKeyString(flow.Fields, "sourceMacAddress"); found { + ecsSource["mac"] = mac + } + + // ECS Fields -- destination + if ip, found := getKeyIP(flow.Fields, "destinationIPv4Address"); found { + ecsDest["ip"] = ip + ecsDest["locality"] = getIPLocality(ip).String() + } + if destPort, found := getKeyUint64(flow.Fields, "destinationTransportPort"); found { + ecsDest["port"] = destPort + } + if mac, found := getKeyString(flow.Fields, "destinationMacAddress"); found { + ecsDest["mac"] = mac + } + + // ECS Fields -- Flow + ecsFlow := common.MapStr{} + var srcIP, dstIP net.IP + var srcPort, dstPort uint16 + var protocol IPProtocol + if ip, found := getKeyIP(record.Map(ecsSource), "ip"); found { + srcIP = ip + } + if ip, found := getKeyIP(record.Map(ecsDest), "ip"); found { + dstIP = ip + } + if port, found := getKeyUint64(flow.Fields, "sourceTransportPort"); found { + srcPort = uint16(port) + } + if port, found := getKeyUint64(flow.Fields, "destinationTransportPort"); found { + dstPort = uint16(port) + } + if proto, found := getKeyUint64(flow.Fields, "protocolIdentifier"); found { + protocol = IPProtocol(proto) + } + if srcIP == nil { + srcIP = net.IPv4(0, 0, 0, 0).To4() + } + if dstIP == nil { + dstIP = net.IPv4(0, 0, 0, 0).To4() + } + ecsFlow["id"] = flowID(srcIP, dstIP, srcPort, dstPort, uint8(protocol)) + ecsFlow["locality"] = getIPLocality(srcIP, dstIP).String() + + // ECS Fields -- network + ecsNetwork := common.MapStr{} + if proto, found := getKeyUint64(flow.Fields, "protocolIdentifier"); found { + ecsNetwork["transport"] = IPProtocol(proto).String() + ecsNetwork["iana_number"] = proto + } + countBytes, hasBytes := getKeyUint64Alternatives(flow.Fields, "octetDeltaCount", "octetTotalCount", "initiatorOctets") + countPkts, hasPkts := getKeyUint64Alternatives(flow.Fields, "packetDeltaCount", "packetTotalCount", "initiatorPackets") + revBytes, hasRevBytes := getKeyUint64Alternatives(flow.Fields, "reverseOctetDeltaCount", "reverseOctetTotalCount", "responderOctets") + revPkts, hasRevPkts := getKeyUint64Alternatives(flow.Fields, "reversePacketDeltaCount", "reversePacketTotalCount", "responderPackets") + + if hasRevBytes { + ecsDest["bytes"] = revBytes + } + + if hasRevPkts { + ecsDest["packets"] = revPkts + } + + if hasBytes { + ecsSource["bytes"] = countBytes + if hasRevBytes { + countBytes += revBytes + } + ecsNetwork["bytes"] = countBytes + } + if hasPkts { + ecsSource["packets"] = countPkts + if hasRevPkts { + countPkts += revPkts + } + ecsNetwork["packets"] = countPkts + } + + if biflowDir, isBiflow := getKeyUint64(flow.Fields, "biflowDirection"); isBiflow && len(ecsSource) > 0 && len(ecsDest) > 0 { + // swap source and destination if biflowDirection is reverseInitiator + if biflowDir == 2 { + ecsDest, ecsSource = ecsSource, ecsDest + } + ecsEvent["category"] = "network_session" + + // Assume source is the client in biflows. + event.Fields["client"] = ecsSource + event.Fields["server"] = ecsDest + } + + ecsNetwork["direction"] = "unknown" + if hasFlowDirection { + ecsNetwork["direction"] = Direction(flowDirection).String() + } + if ssid, found := getKeyString(flow.Fields, "wlanSSID"); found { + ecsNetwork["name"] = ssid + } + + ecsNetwork["community_id"] = flowhash.CommunityID.Hash(flowhash.Flow{ + SourceIP: srcIP, + SourcePort: srcPort, + DestinationIP: dstIP, + DestinationPort: dstPort, + Protocol: uint8(protocol), + }) + + if len(ecsFlow) > 0 { + event.Fields["flow"] = ecsFlow + } + if len(ecsSource) > 0 { + event.Fields["source"] = ecsSource + } + if len(ecsDest) > 0 { + event.Fields["destination"] = ecsDest + } + if len(ecsNetwork) > 0 { + event.Fields["network"] = ecsNetwork + } + return +} + +func getKeyUint64(dict record.Map, key string) (value uint64, found bool) { + iface, found := dict[key] + if !found { + return + } + value, found = iface.(uint64) + return +} + +func getKeyUint64Alternatives(dict record.Map, keys ...string) (value uint64, found bool) { + var iface interface{} + for _, key := range keys { + if iface, found = dict[key]; found { + if value, found = iface.(uint64); found { + return + } + } + } + return +} + +func getKeyString(dict record.Map, key string) (value string, found bool) { + iface, found := dict[key] + if !found { + return + } + value, found = iface.(string) + return +} + +func getKeyIP(dict record.Map, key string) (value net.IP, found bool) { + iface, found := dict[key] + if !found { + return + } + value, found = iface.(net.IP) + return +} + +// Replaces each net.HardwareAddr in the dictionary with its string representation +// because HardwareAddr doesn't implement Marshaler interface. +func fixMacAddresses(dict map[string]interface{}) { + for key, value := range dict { + if asMac, ok := value.(net.HardwareAddr); ok { + dict[key] = asMac.String() + } + } +} + +type Locality uint8 + +const ( + LocalityPrivate Locality = iota + 1 + LocalityPublic +) + +var localityNames = map[Locality]string{ + LocalityPrivate: "private", + LocalityPublic: "public", +} + +func (l Locality) String() string { + name, found := localityNames[l] + if found { + return name + } + return "unknown (" + strconv.Itoa(int(l)) + ")" +} + +func isPrivateNetwork(ip net.IP) bool { + for _, net := range privateIPv4 { + if net.Contains(ip) { + return true + } + } + + return privateIPv6.Contains(ip) +} + +func isLocalOrPrivate(ip net.IP) bool { + return isPrivateNetwork(ip) || + ip.IsLoopback() || + ip.IsUnspecified() || + ip.Equal(net.IPv4bcast) || + ip.IsLinkLocalUnicast() || + ip.IsLinkLocalMulticast() || + ip.IsInterfaceLocalMulticast() +} + +func getIPLocality(ip ...net.IP) Locality { + for _, addr := range ip { + if !isLocalOrPrivate(addr) { + return LocalityPublic + } + } + return LocalityPrivate +} + +// TODO: create table from https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml +// They have a CSV file available for conversion. + +type IPProtocol uint8 + +const ( + ICMP IPProtocol = 1 + TCP IPProtocol = 6 + UDP IPProtocol = 17 + IPv6ICMP IPProtocol = 58 +) + +var ipProtocolNames = map[IPProtocol]string{ + ICMP: "icmp", + TCP: "tcp", + UDP: "udp", + IPv6ICMP: "ipv6-icmp", +} + +func (p IPProtocol) String() string { + name, found := ipProtocolNames[p] + if found { + return name + } + return "unknown (" + strconv.Itoa(int(p)) + ")" +} + +func flowID(srcIP, dstIP net.IP, srcPort, dstPort uint16, proto uint8) string { + h := xxhash.New() + // Both flows will have the same ID. + if srcPort >= dstPort { + h.Write(srcIP) + binary.Write(h, binary.BigEndian, srcPort) + h.Write(dstIP) + binary.Write(h, binary.BigEndian, dstPort) + } else { + h.Write(dstIP) + binary.Write(h, binary.BigEndian, dstPort) + h.Write(srcIP) + binary.Write(h, binary.BigEndian, srcPort) + } + binary.Write(h, binary.BigEndian, proto) + + return base64.RawURLEncoding.EncodeToString(h.Sum(nil)) +} + +type Direction uint8 + +const ( + // According to IPFIX flowDirection field definition + DirectionInbound Direction = iota + DirectionOutbound +) + +var directionNames = map[Direction]string{ + DirectionInbound: "inbound", + DirectionOutbound: "outbound", +} + +func (l Direction) String() string { + name, found := directionNames[l] + if found { + return name + } + return "unknown (" + strconv.Itoa(int(l)) + ")" +} diff --git a/filebeat/input/netflow/decoder/atomic/bool.go b/filebeat/input/netflow/decoder/atomic/bool.go new file mode 100644 index 00000000000..b294cc6c395 --- /dev/null +++ b/filebeat/input/netflow/decoder/atomic/bool.go @@ -0,0 +1,30 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package atomic + +import "sync/atomic" + +type Bool struct { + value uint32 +} + +func (b *Bool) Store(value bool) { + atomic.StoreUint32(&b.value, encodeBool(value)) +} + +func (b *Bool) CAS(old bool, new bool) (swapped bool) { + return atomic.CompareAndSwapUint32(&b.value, encodeBool(old), encodeBool(new)) +} + +func (b *Bool) Load() (value bool) { + return atomic.LoadUint32(&b.value) != 0 +} + +func encodeBool(value bool) (result uint32) { + if value { + result = 1 + } + return +} diff --git a/filebeat/input/netflow/decoder/config/config.go b/filebeat/input/netflow/decoder/config/config.go new file mode 100644 index 00000000000..3613f93f369 --- /dev/null +++ b/filebeat/input/netflow/decoder/config/config.go @@ -0,0 +1,111 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package config + +import ( + "io" + "io/ioutil" + "time" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/fields" +) + +// Config stores the configuration used by the NetFlow Collector. +type Config struct { + protocols []string + logOutput io.Writer + expiration time.Duration + detectReset bool + fields fields.FieldDict +} + +var defaultCfg = Config{ + protocols: []string{}, + logOutput: ioutil.Discard, + expiration: time.Hour, + detectReset: true, +} + +// Defaults returns a configuration object with defaults settings: +// - no protocols are enabled. +// - log output is discarded +// - session expiration is checked once every hour. +func Defaults() Config { + return defaultCfg +} + +// WithProtocols modifies an existing configuration object to enable the +// passed-in protocols. +func (c *Config) WithProtocols(protos ...string) *Config { + c.protocols = protos + return c +} + +// WithLogOutput sets the output io.Writer for logging. +func (c *Config) WithLogOutput(output io.Writer) *Config { + c.logOutput = output + return c +} + +// WithExpiration configures the expiration timeout for sessions and templates. +// A value of zero disables expiration. +func (c *Config) WithExpiration(timeout time.Duration) *Config { + c.expiration = timeout + return c +} + +// WithSequenceResetEnabled allows to toggle the detection of reset sequences, +// which mean that an Exporter has restarted. This will cause the session to be +// reset (all templates expired). A value of true enables this behavior. +func (c *Config) WithSequenceResetEnabled(enabled bool) *Config { + c.detectReset = enabled + return c +} + +// WithCustomFields extends the NetFlow V9/IPFIX supported fields with +// custom ones. This method can be chained multiple times adding fields +// from different sources. +func (c *Config) WithCustomFields(dicts ...fields.FieldDict) *Config { + if len(dicts) == 0 { + return c + } + if c.fields == nil { + c.fields = fields.FieldDict{} + c.fields.Merge(fields.GlobalFields) + } + for _, dict := range dicts { + c.fields.Merge(dict) + } + return c +} + +// Protocols returns a list of the protocols enabled. +func (c *Config) Protocols() []string { + return c.protocols +} + +// LogOutput returns the io.Writer where logs are to be written. +func (c *Config) LogOutput() io.Writer { + return c.logOutput +} + +// ExpirationTimeout returns the configured expiration timeout for +// sessions and templates. +func (c *Config) ExpirationTimeout() time.Duration { + return c.expiration +} + +// SequenceResetEnabled returns if sequence reset detection is enabled. +func (c *Config) SequenceResetEnabled() bool { + return c.detectReset +} + +// Fields returns the configured fields. +func (c *Config) Fields() fields.FieldDict { + if c.fields == nil { + return fields.GlobalFields + } + return c.fields +} diff --git a/filebeat/input/netflow/decoder/decoder.go b/filebeat/input/netflow/decoder/decoder.go new file mode 100644 index 00000000000..4f8d178df5c --- /dev/null +++ b/filebeat/input/netflow/decoder/decoder.go @@ -0,0 +1,110 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package decoder + +import ( + "bytes" + "encoding/binary" + "fmt" + "io" + "log" + "net" + "sync" + + "github.com/pkg/errors" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/config" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/protocol" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/record" +) + +// Decoder is a NetFlow decoder that accepts network packets from an Exporter +// and returns the NetFlow records contained in them. +type Decoder struct { + mutex sync.Mutex + protos map[uint16]protocol.Protocol + started bool + logger log.Logger + config config.Config +} + +// NewDecoder returns a new NetFlow decoder configured using the passed +// configuration. +func NewDecoder(config *config.Config) (*Decoder, error) { + decoder := &Decoder{ + protos: make(map[uint16]protocol.Protocol, len(config.Protocols())), + } + for _, protoName := range config.Protocols() { + factory, err := protocol.Registry.Get(protoName) + if err != nil { + return nil, err + } + proto := factory(*config) + decoder.protos[proto.Version()] = proto + } + return decoder, nil +} + +// Start will start some necessary background tasks in the decoder, mainly for +// session and template expiration in NetFlow 9 and IPFIX. +func (p *Decoder) Start() error { + p.mutex.Lock() + defer p.mutex.Unlock() + + if p.started { + return errors.New("already started") + } + + for _, proto := range p.protos { + if err := proto.Start(); err != nil { + p.stop() + return errors.Wrapf(err, "failed to start protocol version %d", proto.Version()) + } + } + p.started = true + return nil +} + +// Stop will stop any background tasks running withing the decoder. +func (p *Decoder) Stop() error { + p.mutex.Lock() + defer p.mutex.Unlock() + if !p.started { + return errors.New("already stopped") + } + p.started = false + return p.stop() +} + +// Read will process a NetFlow packet received from the network. +// source is the address for the NetFlow exporter that sent the packet. +// It returns the (possibly empty) list of records extracted from the packet. +func (p *Decoder) Read(buf *bytes.Buffer, source net.Addr) (records []record.Record, err error) { + if buf.Len() < 2 { + return nil, io.EOF + } + version := binary.BigEndian.Uint16(buf.Bytes()[:2]) + + handler, exists := p.protos[version] + if !exists { + return nil, fmt.Errorf("netflow protocol version %d not supported", version) + } + return handler.OnPacket(buf, source) +} + +// NewConfig returns a new configuration structure to be passed to NewDecoder. +func NewConfig() *config.Config { + cfg := config.Defaults() + return &cfg +} + +func (p *Decoder) stop() error { + for _, proto := range p.protos { + if err := proto.Stop(); err != nil { + p.logger.Printf("Error stopping protocol %d: %v", proto.Version(), err) + } + } + return nil +} diff --git a/filebeat/input/netflow/decoder/doc.go b/filebeat/input/netflow/decoder/doc.go new file mode 100644 index 00000000000..789b45ae4ef --- /dev/null +++ b/filebeat/input/netflow/decoder/doc.go @@ -0,0 +1,61 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// Package decoder is a NetFlow and IPFIX Collector. It is fed NetFlow packets +// from the Exporter and outputs the records in an easy-to-use format. +// +// For legacy NetFlow versions (V1, V5, V6, V7, V8), it maps the static fields +// found in those protocols to existing NetFlow/IPFIX fields, which allows to +// work with any supported NetFlow version without worrying about the +// specific version that the Exporter is using. +// +// For more complex protocols (V9, IPFIX) it performs session/template management +// and expiration internally so the caller doesn't need to take care of +// maintaining sessions nor templates. +// +// Status +// +// IPFIX +// +// - Working implementation as of rfc7011. +// - Options records supported. +// - Variable-length fields supported. +// - Missing: Support for RFC6313 data-types (basicList, subTemplateList, subTemplateMultiList). +// +// NetFlow 9 +// +// - Working implementation as of rfc3954. +// - Support Options templates. +// +// NetFlow 8 +// +// - Supports the following aggregation types as defined in +// https://www.cisco.com/c/en/us/td/docs/net_mgmt/netflow_collection_engine/3-6/user/guide/format.html#wp1006730 : +// +// RouterAS +// RouterProtoPort +// RouterSrcPrefix +// RouterDstPrefix +// RouterPrefix +// DestOnly +// SrcDst +// FullFlow +// TosAS +// TosProtoPort +// TosSrcPrefix +// TosDstPrefix +// TosPrefix +// PrePortProtocol +// +// - Untested: Only validated by comparing to Wireshark decoder. +// +// NetFlow 6 & 7 +// +// - Untested: Only validated by comparing to Wireshark decoder. +// +// NetFlow 1 & 5 +// +// - Tested using softflowd +// +package decoder diff --git a/filebeat/input/netflow/decoder/examples/go-netflow-example.go b/filebeat/input/netflow/decoder/examples/go-netflow-example.go new file mode 100644 index 00000000000..c86e97e5d46 --- /dev/null +++ b/filebeat/input/netflow/decoder/examples/go-netflow-example.go @@ -0,0 +1,71 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +import ( + "bytes" + "encoding/json" + "fmt" + "log" + "net" + "os" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder" +) + +func main() { + decoder, err := decoder.NewDecoder(decoder.NewConfig(). + WithLogOutput(os.Stderr). + WithProtocols("v1", "v5", "v9", "ipfix")) + if err != nil { + log.Fatal("Failed creating decoder:", err) + } + + addr, err := net.ResolveUDPAddr("udp", ":2055") + if err != nil { + log.Fatal("Failed to resolve address:", err) + } + + server, err := net.ListenUDP("udp", addr) + if err != nil { + log.Fatalf("Failed to listen on %v: %v", addr, err) + } + defer server.Close() + + if err = server.SetReadBuffer(1 << 16); err != nil { + log.Fatalf("Failed to set read buffer size for socket: %v", err) + } + + log.Println("Listening on ", server.LocalAddr()) + buf := make([]byte, 8192) + decBuf := new(bytes.Buffer) + for { + size, remote, err := server.ReadFromUDP(buf) + if err != nil { + log.Println("Error reading from socket:", err) + continue + } + + decBuf.Reset() + decBuf.Write(buf[:size]) + records, err := decoder.Read(decBuf, remote) + if err != nil { + log.Printf("warn: Failed reading records from %v: %v\n", remote, err) + } + + for _, r := range records { + evt, err := json.Marshal(map[string]interface{}{ + "@timestamp": r.Timestamp, + "type": r.Type, + "exporter": r.Exporter, + "data": r.Fields, + }) + if err != nil { + log.Fatal(err) + } + fmt.Println(string(evt)) + } + } +} diff --git a/filebeat/input/netflow/decoder/fields/assorted.csv b/filebeat/input/netflow/decoder/fields/assorted.csv new file mode 100644 index 00000000000..415061eccd4 --- /dev/null +++ b/filebeat/input/netflow/decoder/fields/assorted.csv @@ -0,0 +1,514 @@ +; From Logstash Netflow Codec Plugin +; https://github.com/logstash-plugins/logstash-codec-netflow/blob/master/lib/logstash/codecs/netflow/ipfix.yaml +; +; Alcatel +637,91,natInsideSvcid,unsigned16 +637,92,natOutsideSvcid,unsigned16 +637,93,natSubString,string +; Ixia +3054,110,ixiaL7AppId,unsigned32 +3054,111,ixiaL7AppName,string +3054,120,ixiaSrcCountryCode,string +3054,121,ixiaSrcCountryName,string +3054,122,ixiaSrcRegionCode,string +3054,123,ixiaSrcRegionName,string +3054,125,ixiaSrcCityName,string +3054,126,ixiaSrcLatitude,float32 +3054,127,ixiaSrcLongitude,float32 +3054,140,ixiaDstCountryCode,string +3054,141,ixiaDstCountryName,string +3054,142,ixiaDstRegionCode,string +3054,143,ixiaDstRegionNode,string +3054,145,ixiaDstCityName,string +3054,146,ixiaDstLatitude,float32 +3054,147,ixiaDstLongitude,float32 +3054,160,ixiaDeviceId,unsigned8 +3054,161,ixiaDeviceName,string +3054,162,ixiaBrowserId,unsigned8 +3054,163,ixiaBrowserName,string +3054,176,ixiaRevOctetDeltaCount,unsigned64 +3054,177,ixiaRevPacketDeltaCount,unsigned64 +3054,178,ixiaEncryptType,string +3054,179,ixiaEncryptCipher,string +3054,180,ixiaEncryptKeyLength,unsigned16 +3054,181,ixiaImsiSubscriber,string +3054,182,ixiaHttpUserAgent,string +3054,183,ixiaHttpHostName,string +3054,184,ixiaHttpUri,string +3054,185,ixiaDnsRecordTxt,string +3054,186,ixiaSrcAsName,string +3054,187,ixiaDstAsName,string +3054,188,ixiaLatency,unsigned32 +3054,189,ixiaDnsQuery,string +3054,190,ixiaDnsAnswer,string +3054,191,ixiaDnsClasses,string +3054,192,ixiaThreatType,string +3054,193,ixiaThreatIPv4,ipv4Address +3054,194,ixiaThreatIPv6,ipv4Address +; VMWare +6876,880,vmwareTenantProtocol,unsigned8 +6876,881,vmwareTenantSourceIPv4,ipv4Address +6876,882,vmwareTenantDestIPv4,ipv4Address +6876,883,vmwareTenantSourceIPv6,ipv6Address +6876,884,vmwareTenantDestIPv6,ipv6Address +6876,886,vmwareTenantSourcePort,unsigned16 +6876,887,vmwareTenantDestPort,unsigned16 +6876,888,vmwareEgressInterfaceAttr,unsigned16 +6876,889,vmwareVxlanExportRole,unsigned8 +6876,890,vmwareIngressInterfaceAttr,unsigned16 +; Astaro +9789,1,afcProtocol,unsigned16 +9789,2,afcProtocolName,string +9789,4,flowDirection,unsigned8 +; Barracuda +10704,1,Timestamp,unsigned32 +10704,2,LogOp,unsigned8 +10704,3,TrafficType,unsigned8 +10704,4,FW_Rule,string +10704,5,ServiceName,string +10704,6,Reason,unsigned32 +10704,7,ReasonText,string +10704,8,BindIPv4Address,ipv4Address +10704,9,BindTransportPort,unsigned16 +10704,10,ConnIPv4Address,ipv4Address +10704,11,ConnTransportPort,unsigned16 +10704,12,AuditCounter,unsigned32 +; Barracuda (2) +12326,1,Timestamp,unsigned32 +12326,2,LogOp,unsigned8 +12326,3,TrafficType,unsigned8 +12326,4,FW_Rule,string +12326,5,ServiceName,string +12326,6,Reason,unsigned32 +12326,7,ReasonText,string +12326,8,BindIPv4Address,ipv4Address +12326,9,BindTransportPort,unsigned16 +12326,10,ConnIPv4Address,ipv4Address +12326,11,ConnTransportPort,unsigned16 +12326,12,AuditCounter,unsigned32 +; Procera +15397,1,proceraService,string +15397,2,proceraBaseService,string +15397,3,proceraIncomingOctets,unsigned64 +15397,4,proceraOutgoingOctets,unsigned64 +15397,5,proceraIncomingPackets,unsigned64 +15397,6,proceraOutgoingPackets,unsigned64 +15397,7,proceraIncomingShapingLatency,unsigned16 +15397,8,proceraOutgoingShapingLatency,unsigned16 +15397,9,proceraIncomingShapingDrops,unsigned32 +15397,10,proceraOutgoingShapingDrops,unsigned32 +15397,11,proceraInternalRtt,signed32 +15397,12,proceraExternalRtt,signed32 +15397,15,proceraFlowBehavior,string +15397,16,proceraContentCategories,string +15397,17,proceraProperty,string +15397,18,proceraServerHostname,string +15397,19,proceraHttpRequestMethod,string +15397,20,proceraHttpUserAgent,string +15397,21,proceraHttpContentType,string +15397,22,proceraHttpUrl,string +15397,23,proceraHttpReferer,string +15397,24,proceraHttpResponseStatus,unsigned16 +15397,25,proceraHttpFileLength,unsigned32 +15397,26,proceraHttpLocation,string +15397,27,proceraHttpLanguage,string +15397,28,proceraSubscriberIdentifier,string +15397,29,proceraMsisdn,unsigned64 +15397,30,proceraImsi,unsigned64 +15397,31,proceraRat,string +15397,32,proceraDeviceId,unsigned64 +15397,33,proceraSgsn,string +15397,34,proceraRnc,unsigned16 +15397,35,proceraApn,string +15397,36,proceraUserLocationInformation,string +15397,37,proceraGgsn,string +15397,38,proceraQoeIncomingInternal,float32 +15397,39,proceraQoeIncomingExternal,float32 +15397,40,proceraQoeOutgoingInternal,float32 +15397,41,proceraQoeOutgoingExternal,float32 +15397,42,proceraLocalIPv4Host,ipv4Address +15397,43,proceraLocalIPv6Host,ipv6Address +15397,44,proceraRemoteIPv4Host,ipv4Address +15397,45,proceraRemoteIPv6Host,ipv6Address +15397,46,proceraHttpRequestVersion,string +15397,47,proceraTemplateName,string +; netfilter/iptables +21373,4,mark,unsigned32 +21373,6,conntrack_id,unsigned32 +; RFC 5103 +29305,1,reverseOctetDeltaCount,unsigned64 +29305,2,reversePacketDeltaCount,unsigned64 +29305,3,reverseDeltaFlowCount,unsigned64 +29305,4,reverseProtocolIdentifier,unsigned8 +29305,5,reverseIpClassOfService,unsigned8 +29305,6,reverseTcpControlBits,unsigned16 +29305,7,reverseSourceTransportPort,unsigned16 +29305,8,reverseSourceIPv4Address,ipv4Address +29305,9,reverseSourceIPv4PrefixLength,unsigned8 +29305,10,reverseIngressInterface,unsigned32 +29305,11,reverseDestinationTransportPort,unsigned16 +29305,12,reverseDestinationIPv4Address,ipv4Address +29305,13,reverseDestinationIPv4PrefixLength,unsigned8 +29305,14,reverseEgressInterface,unsigned32 +29305,15,reverseIpNextHopIPv4Address,ipv4Address +29305,16,reverseBgpSourceAsNumber,unsigned32 +29305,17,reverseBgpDestinationAsNumber,unsigned32 +29305,18,reverseBgpNextHopIPv4Address,ipv4Address +29305,19,reversePostMCastPacketDeltaCount,unsigned64 +29305,20,reversePostMCastOctetDeltaCount,unsigned64 +29305,21,reverseFlowEndSysUpTime,unsigned32 +29305,22,reverseFlowStartSysUpTime,unsigned32 +29305,23,reversePostOctetDeltaCount,unsigned64 +29305,24,reversePostPacketDeltaCount,unsigned64 +29305,25,reverseMinimumIpTotalLength,unsigned64 +29305,26,reverseMaximumIpTotalLength,unsigned64 +29305,27,reverseSourceIPv6Address,ipv6Address +29305,28,reverseDestinationIPv6Address,ipv6Address +29305,29,reverseSourceIPv6PrefixLength,unsigned8 +29305,30,reverseDestinationIPv6PrefixLength,unsigned8 +29305,31,reverseFlowLabelIPv6,unsigned32 +29305,32,reverseIcmpTypeCodeIPv4,unsigned16 +29305,33,reverseIgmpType,unsigned8 +29305,34,reverseSamplingInterval,unsigned32 +29305,35,reverseSamplingAlgorithm,unsigned8 +29305,36,reverseFlowActiveTimeout,unsigned16 +29305,37,reverseFlowIdleTimeout,unsigned16 +29305,38,reverseEngineType,unsigned8 +29305,39,reverseEngineId,unsigned8 +29305,43,reverseIpv4RouterSc,ipv4Address +29305,44,reverseSourceIPv4Prefix,ipv4Address +29305,45,reverseDestinationIPv4Prefix,ipv4Address +29305,46,reverseMplsTopLabelType,unsigned8 +29305,47,reverseMplsTopLabelIPv4Address,ipv4Address +29305,48,reverseSamplerId,unsigned8 +29305,49,reverseSamplerMode,unsigned8 +29305,50,reverseSamplerRandomInterval,unsigned32 +29305,51,reverseClassId,unsigned8 +29305,52,reverseMinimumTTL,unsigned8 +29305,53,reverseMaximumTTL,unsigned8 +29305,54,reverseFragmentIdentification,unsigned32 +29305,55,reversePostIpClassOfService,unsigned8 +29305,56,reverseSourceMacAddress,macAddress +29305,57,reversePostDestinationMacAddress,macAddress +29305,58,reverseVlanId,unsigned16 +29305,59,reversePostVlanId,unsigned16 +29305,60,reverseIpVersion,unsigned8 +29305,61,reverseFlowDirection,unsigned8 +29305,62,reverseIpNextHopIPv6Address,ipv6Address +29305,63,reverseBgpNextHopIPv6Address,ipv6Address +29305,64,reverseIpv6ExtensionHeaders,unsigned32 +29305,70,reverseMplsTopLabelStackSection,string +29305,71,reverseMplsLabelStackSection2,string +29305,72,reverseMplsLabelStackSection3,string +29305,73,reverseMplsLabelStackSection4,string +29305,74,reverseMplsLabelStackSection5,string +29305,75,reverseMplsLabelStackSection6,string +29305,76,reverseMplsLabelStackSection7,string +29305,77,reverseMplsLabelStackSection8,string +29305,78,reverseMplsLabelStackSection9,string +29305,79,reverseMplsLabelStackSection10,string +29305,80,reverseDestinationMacAddress,macAddress +29305,81,reversePostSourceMacAddress,macAddress +29305,82,reverseInterfaceName,string +29305,83,reverseInterfaceDescription,string +29305,84,reverseSamplerName,string +29305,85,reverseOctetTotalCount,unsigned64 +29305,86,reversePacketTotalCount,unsigned64 +29305,87,reverseFlagsAndSamplerId,unsigned32 +29305,88,reverseFragmentOffset,unsigned16 +29305,89,reverseForwardingStatus,unsigned32 +29305,90,reverseMplsVpnRouteDistinguisher,string +29305,91,reverseMplsTopLabelPrefixLength,unsigned8 +29305,92,reverseSrcTrafficIndex,unsigned32 +29305,93,reverseDstTrafficIndex,unsigned32 +29305,94,reverseApplicationDescription,string +29305,95,reverseApplicationId,string +29305,96,reverseApplicationName,string +29305,98,reversePostIpDiffServCodePoint,unsigned8 +29305,99,reverseMulticastReplicationFactor,unsigned32 +29305,100,reverseClassName,string +29305,101,reverseClassificationEngineId,unsigned8 +29305,102,reverseLayer2packetSectionOffset,unsigned16 +29305,103,reverseLayer2packetSectionSize,unsigned16 +29305,104,reverseLayer2packetSectionData,string +29305,128,reverseBgpNextAdjacentAsNumber,unsigned32 +29305,129,reverseBgpPrevAdjacentAsNumber,unsigned32 +29305,132,reverseDroppedOctetDeltaCount,unsigned64 +29305,133,reverseDroppedPacketDeltaCount,unsigned64 +29305,134,reverseDroppedOctetTotalCount,unsigned64 +29305,135,reverseDroppedPacketTotalCount,unsigned64 +29305,136,reverseFlowEndReason,unsigned8 +29305,138,reverseObservationPointId,unsigned64 +29305,139,reverseIcmpTypeCodeIPv6,unsigned16 +29305,140,reverseMplsTopLabelIPv6Address,ipv6Address +29305,141,reverseLineCardId,unsigned32 +29305,142,reversePortId,unsigned32 +29305,143,reverseMeteringProcessId,unsigned32 +29305,144,reverseExportingProcessId,unsigned32 +29305,146,reverseWlanChannelId,unsigned8 +29305,147,reverseWlanSSID,string +29305,150,reverseFlowStartSeconds,unsigned32 +29305,151,reverseFlowEndSeconds,unsigned32 +29305,152,reverseFlowStartMilliseconds,unsigned64 +29305,153,reverseFlowEndMilliseconds,unsigned64 +29305,154,reverseFlowStartMicroseconds,unsigned64 +29305,155,reverseFlowEndMicroseconds,unsigned64 +29305,156,reverseFlowStartNanoseconds,unsigned64 +29305,157,reverseFlowEndNanoseconds,unsigned64 +29305,158,reverseFlowStartDeltaMicroseconds,unsigned32 +29305,159,reverseFlowEndDeltaMicroseconds,unsigned32 +29305,160,reverseSystemInitTimeMilliseconds,unsigned64 +29305,161,reverseFlowDurationMilliseconds,unsigned32 +29305,162,reverseFlowDurationMicroseconds,unsigned32 +29305,169,reverseDestinationIPv6Prefix,ipv6Address +29305,170,reverseSourceIPv6Prefix,ipv6Address +29305,171,reversePostOctetTotalCount,unsigned64 +29305,172,reversePostPacketTotalCount,unsigned64 +29305,174,reversePostMCastPacketTotalCount,unsigned64 +29305,175,reversePostMCastOctetTotalCount,unsigned64 +29305,176,reverseIcmpTypeIPv4,unsigned8 +29305,177,reverseIcmpCodeIPv4,unsigned8 +29305,178,reverseIcmpTypeIPv6,unsigned8 +29305,179,reverseIcmpCodeIPv6,unsigned8 +29305,180,reverseUdpSourcePort,unsigned16 +29305,181,reverseUdpDestinationPort,unsigned16 +29305,182,reverseTcpSourcePort,unsigned16 +29305,183,reverseTcpDestinationPort,unsigned16 +29305,184,reverseTcpSequenceNumber,unsigned32 +29305,185,reverseTcpAcknowledgementNumber,unsigned32 +29305,186,reverseTcpWindowSize,unsigned16 +29305,187,reverseTcpUrgentPointer,unsigned16 +29305,188,reverseTcpHeaderLength,unsigned8 +29305,189,reverseIpHeaderLength,unsigned8 +29305,190,reverseTotalLengthIPv4,unsigned16 +29305,191,reversePayloadLengthIPv6,unsigned16 +29305,192,reverseIpTTL,unsigned8 +29305,193,reverseNextHeaderIPv6,unsigned8 +29305,194,reverseMplsPayloadLength,unsigned32 +29305,195,reverseIpDiffServCodePoint,unsigned8 +29305,196,reverseIpPrecedence,unsigned8 +29305,197,reverseFragmentFlags,unsigned8 +29305,198,reverseOctetDeltaSumOfSquares,unsigned64 +29305,199,reverseOctetTotalSumOfSquares,unsigned64 +29305,200,reverseMplsTopLabelTTL,unsigned8 +29305,201,reverseMplsLabelStackLength,unsigned32 +29305,202,reverseMplsLabelStackDepth,unsigned32 +29305,203,reverseMplsTopLabelExp,unsigned8 +29305,204,reverseIpPayloadLength,unsigned32 +29305,205,reverseUdpMessageLength,unsigned16 +29305,206,reverseIsMulticast,unsigned8 +29305,207,reverseIpv4IHL,unsigned8 +29305,208,reverseIpv4Options,unsigned32 +29305,209,reverseTcpOptions,unsigned64 +29305,218,reverseTcpSynTotalCount,unsigned64 +29305,219,reverseTcpFinTotalCount,unsigned64 +29305,220,reverseTcpRstTotalCount,unsigned64 +29305,221,reverseTcpPshTotalCount,unsigned64 +29305,222,reverseTcpAckTotalCount,unsigned64 +29305,223,reverseTcpUrgTotalCount,unsigned64 +29305,224,reverseIpTotalLength,unsigned64 +29305,225,reversePostNATSourceIPv4Address,ipv4Address +29305,226,reversePostNATDestinationIPv4Address,ipv4Address +29305,227,reversePostNAPTSourceTransportPort,unsigned16 +29305,228,reversePostNAPTDestinationTransportPort,unsigned16 +29305,229,reverseNatOriginatingAddressRealm,unsigned8 +29305,230,reverseNatEvent,unsigned8 +29305,231,reverseInitiatorOctets,unsigned64 +29305,232,reverseResponderOctets,unsigned64 +29305,233,reverseFirewallEvent,unsigned8 +29305,234,reverseIngressVRFID,unsigned32 +29305,235,reverseEgressVRFID,unsigned32 +29305,236,reverseVRFname,string +29305,237,reversePostMplsTopLabelExp,unsigned8 +29305,238,reverseTcpWindowScale,unsigned16 +29305,240,reverseEthernetHeaderLength,unsigned8 +29305,241,reverseEthernetPayloadLength,unsigned16 +29305,242,reverseEthernetTotalLength,unsigned16 +29305,243,reverseDot1qVlanId,unsigned16 +29305,244,reverseDot1qPriority,unsigned8 +29305,245,reverseDot1qCustomerVlanId,unsigned16 +29305,246,reverseDot1qCustomerPriority,unsigned8 +29305,247,reverseMetroEvcId,string +29305,248,reverseMetroEvcType,unsigned8 +29305,249,reversePseudoWireId,unsigned32 +29305,250,reversePseudoWireType,unsigned16 +29305,251,reversePseudoWireControlWord,unsigned32 +29305,252,reverseIngressPhysicalInterface,unsigned32 +29305,253,reverseEgressPhysicalInterface,unsigned32 +29305,254,reversePostDot1qVlanId,unsigned16 +29305,255,reversePostDot1qCustomerVlanId,unsigned16 +29305,256,reverseEthernetType,unsigned16 +29305,257,reversePostIpPrecedence,unsigned8 +29305,258,reverseCollectionTimeMilliseconds,unsigned64 +29305,259,reverseExportSctpStreamId,unsigned16 +29305,260,reverseMaxExportSeconds,unsigned32 +29305,261,reverseMaxFlowEndSeconds,unsigned32 +29305,262,reverseMessageMD5Checksum,string +29305,263,reverseMessageScope,unsigned8 +29305,264,reverseMinExportSeconds,unsigned32 +29305,265,reverseMinFlowStartSeconds,unsigned32 +29305,266,reverseOpaqueOctets,string +29305,267,reverseSessionScope,unsigned8 +29305,268,reverseMaxFlowEndMicroseconds,unsigned64 +29305,269,reverseMaxFlowEndMilliseconds,unsigned64 +29305,270,reverseMaxFlowEndNanoseconds,unsigned64 +29305,271,reverseMinFlowStartMicroseconds,unsigned64 +29305,272,reverseMinFlowStartMilliseconds,unsigned64 +29305,273,reverseMinFlowStartNanoseconds,unsigned64 +29305,274,reverseCollectorCertificate,string +29305,275,reverseExporterCertificate,string +29305,276,reverseDataRecordsReliability,unsigned8 +29305,277,reverseObservationPointType,unsigned8 +29305,278,reverseNewConnectionDeltaCount,unsigned32 +29305,279,reverseConnectionSumDurationSeconds,unsigned64 +29305,280,reverseConnectionTransactionId,unsigned64 +29305,281,reversePostNATSourceIPv6Address,ipv6Address +29305,282,reversePostNATDestinationIPv6Address,ipv6Address +29305,283,reverseNatPoolId,unsigned32 +29305,284,reverseNatPoolName,string +29305,285,reverseAnonymizationFlags,unsigned16 +29305,286,reverseAnonymizationTechnique,unsigned16 +29305,287,reverseInformationElementIndex,unsigned16 +29305,288,reverseP2pTechnology,string +29305,289,reverseTunnelTechnology,string +29305,290,reverseEncryptedTechnology,string +29305,294,reverseBgpValidityState,unsigned8 +29305,295,reverseIPSecSPI,unsigned32 +29305,296,reverseGreKey,unsigned32 +29305,297,reverseNatType,unsigned8 +29305,298,reverseInitiatorPackets,unsigned64 +29305,299,reverseResponderPackets,unsigned64 +29305,300,reverseObservationDomainName,string +29305,301,reverseSelectionSequenceId,unsigned64 +29305,302,reverseSelectorId,unsigned64 +29305,303,reverseInformationElementId,unsigned16 +29305,304,reverseSelectorAlgorithm,unsigned16 +29305,305,reverseSamplingPacketInterval,unsigned32 +29305,306,reverseSamplingPacketSpace,unsigned32 +29305,307,reverseSamplingTimeInterval,unsigned32 +29305,308,reverseSamplingTimeSpace,unsigned32 +29305,309,reverseSamplingSize,unsigned32 +29305,310,reverseSamplingPopulation,unsigned32 +29305,311,reverseSamplingProbability,float64 +29305,312,reverseDataLinkFrameSize,unsigned16 +29305,313,reverseIpHeaderPacketSection,string +29305,314,reverseIpPayloadPacketSection,string +29305,315,reverseDataLinkFrameSection,string +29305,316,reverseMplsLabelStackSection,string +29305,317,reverseMplsPayloadPacketSection,string +29305,318,reverseSelectorIdTotalPktsObserved,unsigned64 +29305,319,reverseSelectorIdTotalPktsSelected,unsigned64 +29305,320,reverseAbsoluteError,float64 +29305,321,reverseRelativeError,float64 +29305,322,reverseObservationTimeSeconds,unsigned32 +29305,323,reverseObservationTimeMilliseconds,unsigned64 +29305,324,reverseObservationTimeMicroseconds,unsigned64 +29305,325,reverseObservationTimeNanoseconds,unsigned64 +29305,326,reverseDigestHashValue,unsigned64 +29305,327,reverseHashIPPayloadOffset,unsigned64 +29305,328,reverseHashIPPayloadSize,unsigned64 +29305,329,reverseHashOutputRangeMin,unsigned64 +29305,330,reverseHashOutputRangeMax,unsigned64 +29305,331,reverseHashSelectedRangeMin,unsigned64 +29305,332,reverseHashSelectedRangeMax,unsigned64 +29305,333,reverseHashDigestOutput,unsigned8 +29305,334,reverseHashInitialiserValue,unsigned64 +29305,335,reverseSelectorName,string +29305,336,reverseUpperCILimit,float64 +29305,337,reverseLowerCILimit,float64 +29305,338,reverseConfidenceLevel,float64 +29305,339,reverseInformationElementDataType,unsigned8 +29305,340,reverseInformationElementDescription,string +29305,341,reverseInformationElementName,string +29305,342,reverseInformationElementRangeBegin,unsigned64 +29305,343,reverseInformationElementRangeEnd,unsigned64 +29305,344,reverseInformationElementSemantics,unsigned8 +29305,345,reverseInformationElementUnits,unsigned16 +29305,346,reversePrivateEnterpriseNumber,unsigned32 +29305,347,reverseVirtualStationInterfaceId,string +29305,348,reverseVirtualStationInterfaceName,string +29305,349,reverseVirtualStationUUID,string +29305,350,reverseVirtualStationName,string +29305,351,reverseLayer2SegmentId,unsigned64 +29305,352,reverseLayer2OctetDeltaCount,unsigned64 +29305,353,reverseLayer2OctetTotalCount,unsigned64 +29305,354,reverseIngressUnicastPacketTotalCount,unsigned64 +29305,355,reverseIngressMulticastPacketTotalCount,unsigned64 +29305,356,reverseIngressBroadcastPacketTotalCount,unsigned64 +29305,357,reverseEgressUnicastPacketTotalCount,unsigned64 +29305,358,reverseEgressBroadcastPacketTotalCount,unsigned64 +29305,359,reverseMonitoringIntervalStartMilliSeconds,unsigned64 +29305,360,reverseMonitoringIntervalEndMilliSeconds,unsigned64 +29305,361,reversePortRangeStart,unsigned16 +29305,362,reversePortRangeEnd,unsigned16 +29305,363,reversePortRangeStepSize,unsigned16 +29305,364,reversePortRangeNumPorts,unsigned16 +29305,365,reverseStaMacAddress,macAddress +29305,366,reverseStaIPv4Address,ipv4Address +29305,367,reverseWtpMacAddress,macAddress +29305,368,reverseIngressInterfaceType,unsigned32 +29305,369,reverseEgressInterfaceType,unsigned32 +29305,370,reverseRtpSequenceNumber,unsigned16 +29305,371,reverseUserName,string +29305,372,reverseApplicationCategoryName,string +29305,373,reverseApplicationSubCategoryName,string +29305,374,reverseApplicationGroupName,string +29305,375,reverseOriginalFlowsPresent,unsigned64 +29305,376,reverseOriginalFlowsInitiated,unsigned64 +29305,377,reverseOriginalFlowsCompleted,unsigned64 +29305,378,reverseDistinctCountOfSourceIPAddress,unsigned64 +29305,379,reverseDistinctCountOfDestinationIPAddress,unsigned64 +29305,380,reverseDistinctCountOfSourceIPv4Address,unsigned32 +29305,381,reverseDistinctCountOfDestinationIPv4Address,unsigned32 +29305,382,reverseDistinctCountOfSourceIPv6Address,unsigned64 +29305,383,reverseDistinctCountOfDestinationIPv6Address,unsigned64 +29305,384,reverseValueDistributionMethod,unsigned8 +29305,385,reverseRfc3550JitterMilliseconds,unsigned32 +29305,386,reverseRfc3550JitterMicroseconds,unsigned32 +29305,387,reverseRfc3550JitterNanoseconds,unsigned32 +29305,388,reverseDot1qDEI,unsigned8 +29305,389,reverseDot1qCustomerDEI,unsigned8 +29305,390,reverseFlowSelectorAlgorithm,unsigned16 +29305,391,reverseFlowSelectedOctetDeltaCount,unsigned64 +29305,392,reverseFlowSelectedPacketDeltaCount,unsigned64 +29305,393,reverseFlowSelectedFlowDeltaCount,unsigned64 +29305,394,reverseSelectorIDTotalFlowsObserved,unsigned64 +29305,395,reverseSelectorIDTotalFlowsSelected,unsigned64 +29305,396,reverseSamplingFlowInterval,unsigned64 +29305,397,reverseSamplingFlowSpacing,unsigned64 +29305,398,reverseFlowSamplingTimeInterval,unsigned64 +29305,399,reverseFlowSamplingTimeSpacing,unsigned64 +29305,400,reverseHashFlowDomain,unsigned16 +29305,401,reverseTransportOctetDeltaCount,unsigned64 +29305,402,reverseTransportPacketDeltaCount,unsigned64 +29305,403,reverseOriginalExporterIPv4Address,ipv4Address +29305,404,reverseOriginalExporterIPv6Address,ipv6Address +29305,405,reverseOriginalObservationDomainId,unsigned32 +29305,406,reverseIntermediateProcessId,unsigned32 +29305,407,reverseIgnoredDataRecordTotalCount,unsigned64 +29305,408,reverseDataLinkFrameType,unsigned16 +29305,409,reverseSectionOffset,unsigned16 +29305,410,reverseSectionExportedOctets,unsigned16 +29305,411,reverseDot1qServiceInstanceTag,string +29305,412,reverseDot1qServiceInstanceId,unsigned32 +29305,413,reverseDot1qServiceInstancePriority,unsigned8 +29305,414,reverseDot1qCustomerSourceMacAddress,macAddress +29305,415,reverseDot1qCustomerDestinationMacAddress,macAddress +29305,417,reversePostLayer2OctetDeltaCount,unsigned64 +29305,418,reversePostMCastLayer2OctetDeltaCount,unsigned64 +29305,420,reversePostLayer2OctetTotalCount,unsigned64 +29305,421,reversePostMCastLayer2OctetTotalCount,unsigned64 +29305,422,reverseMinimumLayer2TotalLength,unsigned64 +29305,423,reverseMaximumLayer2TotalLength,unsigned64 +29305,424,reverseDroppedLayer2OctetDeltaCount,unsigned64 +29305,425,reverseDroppedLayer2OctetTotalCount,unsigned64 +29305,426,reverseIgnoredLayer2OctetTotalCount,unsigned64 +29305,427,reverseNotSentLayer2OctetTotalCount,unsigned64 +29305,428,reverseLayer2OctetDeltaSumOfSquares,unsigned64 +29305,429,reverseLayer2OctetTotalSumOfSquares,unsigned64 +29305,430,reverseLayer2FrameDeltaCount,unsigned64 +29305,431,reverseLayer2FrameTotalCount,unsigned64 +29305,432,reversePseudoWireDestinationIPv4Address,ipv4Address +29305,433,reverseIgnoredLayer2FrameTotalCount,unsigned64 +; vIPtela +41916,4321,viptelaVPNId,unsigned64 diff --git a/filebeat/input/netflow/decoder/fields/cert_pen6871.csv b/filebeat/input/netflow/decoder/fields/cert_pen6871.csv new file mode 100644 index 00000000000..4e9e9a549a2 --- /dev/null +++ b/filebeat/input/netflow/decoder/fields/cert_pen6871.csv @@ -0,0 +1,98 @@ +6871,14,initialTCPFlags,unsigned8 +6871,15,unionTCPFlags,unsigned8 +6871,18,payload,string +6871,21,reverseFlowDeltaMilliseconds,unsigned32 +6871,33,silkAppLabel,unsigned16 +6871,35,payloadEntropy,unsigned8 +6871,36,osName,string +6871,37,osVersion,string +6871,38,firstPacketBanner,string +6871,39,secondPacketBanner,string +6871,40,flowAttributes,unsigned16 +6871,100,expiredFragmentCount,unsigned32 +6871,101,assembledFragmentCount,unsigned32 +6871,102,meanFlowRate,unsigned32 +6871,103,meanPacketRate,unsigned32 +6871,104,flowTableFlushEventCount,unsigned32 +6871,105,flowTablePeakCount,unsigned32 +6871,107,osFingerPrint,string +6871,126,tftpFilename,string +6871,127,tftpMode,string +6871,174,dnsQueryResponse,unsigned8 +6871,175,dnsQRType,unsigned16 +6871,176,dnsAuthoritative,unsigned8 +6871,177,dnsNXDomain,unsigned8 +6871,178,dnsRRSection,unsigned8 +6871,179,dnsQName,string +6871,180,dnsCName,string +6871,181,dnsMXPreference,unsigned16 +6871,182,dnsMXExchange,string +6871,183,dnsNSDName,string +6871,184,dnsPTRDName,string +6871,185,sslCipher,string +6871,186,sslClientVersion,unsigned8 +6871,187,sslServerCipher,unsigned32 +6871,188,sslCompressionMethod,unsigned8 +6871,189,sslCertVersion,unsigned8 +6871,190,sslCertSignature,string +6871,199,dnsTTL,unsigned32 +6871,208,dnsTXTData,string +6871,209,dnsSOASerial,unsigned32 +6871,210,dnsSOARefresh,unsigned32 +6871,211,dnsSOARetry,unsigned32 +6871,212,dnsSOAExpire,unsigned32 +6871,213,dnsSOAMinimum,unsigned32 +6871,214,dnsSOAMName,string +6871,215,dnsSOARName,string +6871,216,dnsSRVPriority,unsigned16 +6871,217,dnsSRVWeight,unsigned16 +6871,218,dnsSRVPort,unsigned16 +6871,219,dnsSRVTarget,unsigned16 +6871,223,tcpUrgTotalCount,unsigned32 +6871,226,dnsID,unsigned16 +6871,244,sslCertSerialNumber,string +6871,245,sslObjectType,string +6871,246,sslObjectValue,string +6871,247,sslCertValidityNotBefore,string +6871,248,sslCertValidityNotAfter,string +6871,249,sslPublicKeyAlgorithm,string +6871,250,sslPublicKeyLength,string +6871,287,rtpPayloadType,unsigned8 +6871,288,reverseRtpPayloadType,unsigned8 +6871,289,mptcpInitialDataSequenceNumber,unsigned64 +6871,290,mptcpReceiverToken,unsigned32 +6871,291,mptcpMaximumSegmentSize,unsigned16 +6871,292,mptcpAddressID,unsigned8 +6871,293,mptcpFlags,unsigned8 +6871,294,sslServerName,string +6871,295,sslCertificateHash,string +6871,500,smallPacketCount,unsigned32 +6871,501,nonEmptyPacketCount,unsigned32 +6871,502,dataByteCount,unsigned64 +6871,503,averageInterarrivalTime,unsigned64 +6871,504,standardDeviationInterarrivalTime,unsigned64 +6871,505,firstNonEmptyPacketSize,unsigned16 +6871,506,maxPacketSize,unsigned16 +6871,507,firstEightNonEmptyPacketDirections,unsigned8 +6871,508,standardDeviationPayloadLength,unsigned8 +6871,510,largePacketCount,unsigned32 +6871,16398,reverseInitialTCPFlags,unsigned8 +6871,16399,reverseUnionTCPFlags,unsigned8 +6871,16402,reversePayload,string +6871,16419,reversePayloadEntropy,unsigned8 +6871,16420,reverseOsName,string +6871,16421,reverseOsVersion,string +6871,16422,reverseFirstPacketBanner,string +6871,16423,reverseSecondPacketBanner,string +6871,16424,reverseFlowAttributes,unsigned16 +6871,16491,reverseOsFingerPrint,string +6871,16671,reverseRtpPayloadType,unsigned8 +6871,16884,reverseSmallPacketCount,unsigned32 +6871,16885,reverseNonEmptyPacketCount,unsigned32 +6871,16886,reverseDataByteCount,unsigned64 +6871,16887,reverseAverageInterarrivalTime,unsigned64 +6871,16888,reverseStandardDeviationInterarrivalTime,unsigned64 +6871,16889,reverseFirstNonEmptyPacketSize,unsigned16 +6871,16890,reverseMaxPacketSize,unsigned16 +6871,16892,reverseStandardDeviationPayloadLength,unsigned16 +6871,16894,reverseLargePacketCount,unsigned32 diff --git a/filebeat/input/netflow/decoder/fields/cisco.csv b/filebeat/input/netflow/decoder/fields/cisco.csv new file mode 100644 index 00000000000..65e5f9b5b75 --- /dev/null +++ b/filebeat/input/netflow/decoder/fields/cisco.csv @@ -0,0 +1,292 @@ +PolicyQosClassificationHierarchy,9,8232,unsigned32 +waasoptimizationSegment,9,9252,unsigned8 +artClientpackets,9,9265,unsigned64 +artServerpackets,9,9266,unsigned64 +artCountRetransmissions,9,9268,unsigned32 +artCountTransactions,9,9272,unsigned32 +artTotalTransactionTimeSum,9,9273,unsigned32 +artTotalTransactionTimeMaximum,9,9274,unsigned32 +artTotalTransactionTimeMinimum,9,9275,unsigned32 +artCountNewConnections,9,9282,unsigned32 +artCountResponses,9,9292,unsigned32 +artCountResponsesHistogramBucket1,9,9293,unsigned32 +artCountResponsesHistogramBucket2,9,9294,unsigned32 +artCountResponsesHistogramBucket3,9,9295,unsigned32 +artCountResponsesHistogramBucket4,9,9296,unsigned32 +artCountResponsesHistogramBucket5,9,9297,unsigned32 +artCountResponsesHistogramBucket6,9,9298,unsigned32 +artCountResponsesHistogramBucket7,9,9299,unsigned32 +artCountLateResponses,9,9300,unsigned32 +artResponseTimeSum,9,9303,unsigned32 +artResponseTimeMaximum,9,9304,unsigned32 +artResponseTimeMinimum,9,9305,unsigned32 +artServerResponseTimeSum,9,9306,unsigned32 +artServerResponseTimeMaximum,9,9307,unsigned32 +artServerResponseTimeMinimum,9,9308,unsigned32 +artTotalResponseTimeSum,9,9309,unsigned32 +artTotalResponseTimeMaximum,9,9310,unsigned32 +artTotalResponseTimeMinimum,9,9311,unsigned32 +artNetworkTimeSum,9,9313,unsigned32 +artNetworkTimeMaximum,9,9314,unsigned32 +artNetworkTimeMinimum,9,9315,unsigned32 +artClientNetworkTimeSum,9,9316,unsigned32 +artClientNetworkTimeMaximum,9,9317,unsigned32 +artClientNetworkTimeMinimum,9,9318,unsigned32 +artServerNetworkTimeSum,9,9319,unsigned32 +artServerNetworkTimeMaximum,9,9320,unsigned32 +artServerNetworkTimeMinimum,9,9321,unsigned32 +applicationHttpUriStatistics,9,9357,octetArray +PolicyQosQueueindex,9,9360,unsigned32 +PolicyQosQueueINDEX,9,9360,unsigned32 +PolicyQosQueuedrops,9,9361,unsigned64 +applicationCategoryName,9,12232,unsigned32 +applicationSubCategoryName,9,12233,unsigned32 +applicationGroupName,9,12234,unsigned32 +applicationHttpUser-agent,9,12235,octetArray +applicationTraffic-class,9,12243,unsigned32 +applicationBusiness-relevance,9,12244,unsigned32 +timestampAbsoluteMonitoring-interval,9,32733,unsigned64 +netscalerRoundTripTime,5951,128,unsigned32 +netscalerTransactionId,5951,129,unsigned32 +netscalerHttpReqUrl,5951,130,string +netscalerHttpReqCookie,5951,131,string +netscalerFlowFlags,5951,132,unsigned64 +netscalerConnectionId,5951,133,unsigned32 +netscalerSyslogPriority,5951,134,unsigned8 +netscalerSyslogMessage,5951,135,string +netscalerSyslogTimestamp,5951,136,unsigned64 +netscalerHttpReqReferer,5951,140,string +netscalerHttpReqMethod,5951,141,string +netscalerHttpReqHost,5951,142,string +netscalerHttpReqUserAgent,5951,143,string +netscalerHttpRspStatus,5951,144,unsigned16 +netscalerHttpRspLen,5951,145,unsigned64 +netscalerServerTTFB,5951,146,unsigned64 +netscalerServerTTLB,5951,147,unsigned64 +netscalerAppNameIncarnationNumber,5951,150,unsigned32 +netscalerAppNameAppId,5951,151,unsigned32 +netscalerAppName,5951,152,string +netscalerHttpReqRcvFB,5951,153,unsigned64 +netscalerHttpReqForwFB,5951,156,unsigned64 +netscalerHttpResRcvFB,5951,157,unsigned64 +netscalerHttpResForwFB,5951,158,unsigned64 +netscalerHttpReqRcvLB,5951,159,unsigned64 +netscalerHttpReqForwLB,5951,160,unsigned64 +netscalerMainPageId,5951,161,unsigned32 +netscalerMainPageCoreId,5951,162,unsigned32 +netscalerHttpClientInteractionStartTime,5951,163,string +netscalerHttpClientRenderEndTime,5951,164,string +netscalerHttpClientRenderStartTime,5951,165,string +netscalerAppTemplateName,5951,167,string +netscalerHttpClientInteractionEndTime,5951,168,string +netscalerHttpResRcvLB,5951,169,unsigned64 +netscalerHttpResForwLB,5951,170,unsigned64 +netscalerAppUnitNameAppId,5951,171,unsigned32 +netscalerDbLoginFlags,5951,172,unsigned32 +netscalerDbReqType,5951,173,unsigned8 +netscalerDbProtocolName,5951,174,unsigned8 +netscalerDbUserName,5951,175,string +netscalerDbDatabaseName,5951,176,string +netscalerDbCltHostName,5951,177,string +netscalerDbReqString,5951,178,string +netscalerDbRespStatusString,5951,179,string +netscalerDbRespStatus,5951,180,unsigned64 +netscalerDbRespLength,5951,181,unsigned64 +netscalerClientRTT,5951,182,unsigned32 +netscalerHttpContentType,5951,183,string +netscalerHttpReqAuthorization,5951,185,string +netscalerHttpReqVia,5951,186,string +netscalerHttpResLocation,5951,187,string +netscalerHttpResSetCookie,5951,188,string +netscalerHttpResSetCookie2,5951,189,string +netscalerHttpReqXForwardedFor,5951,190,string +netscalerConnectionChainID,5951,192,octetarray +netscalerConnectionChainHopCount,5951,193,unsigned64 +netscalerICASessionGuid,5951,200,octetarray +netscaleIcaClientVersion,5951,201,string +netscalerIcaClientType,5951,202,unsigned16 +netscalerIcaClientIP,5951,203,ipv4Address +netscalerIcaClientHostName,5951,204,string +netscalerAaaUsername,5951,205,string +netscalerIcaDomainName,5951,207,string +netscalerIcaClientLauncher,5951,208,unsigned16 +netscalerIcaSessionSetupTime,5951,209,unsigned32 +netscalerIcaServerName,5951,210,string +netscalerIcaSessionReconnects,5951,214,unsigned8 +netscalerIcaRTT,5951,215,unsigned32 +netscalerIcaClientsideRXBytes,5951,216,unsigned32 +netscalerIcaClientsideTXBytes,5951,217,unsigned32 +netscalerIcaClientsidePacketsRetransmit,5951,219,unsigned16 +netscalerIcaServersidePacketsRetransmit,5951,220,unsigned16 +netscalerIcaClientsideRTT,5951,221,unsigned32 +netscalerIcaServersideRTT,5951,222,unsigned32 +netscalerIcaSessionUpdateBeginSec,5951,223,unsigned32 +netscalerIcaSessionUpdateEndSec,5951,224,unsigned32 +netscalerIcaChannelId1,5951,225,unsigned32 +netscalerIcaChannelId1Bytes,5951,226,unsigned32 +netscalerIcaChannelId2,5951,227,unsigned32 +netscalerIcaChannelId2Bytes,5951,228,unsigned32 +netscalerIcaChannelId3,5951,229,unsigned32 +netscalerIcaChannelId3Bytes,5951,230,unsigned32 +netscalerIcaChannelId4,5951,231,unsigned32 +netscalerIcaChannelId4Bytes,5951,232,unsigned32 +netscalerIcaChannelId5,5951,233,unsigned32 +netscalerIcaChannelId5Bytes,5951,234,unsigned32 +netscalerIcaConnectionPriority,5951,235,unsigned16 +netscalerApplicationStartupDuration,5951,236,unsigned32 +netscalerIcaLaunchMechanism,5951,237,unsigned16 +netscalerIcaApplicationName,5951,238,string +netscalerApplicationStartupTime,5951,239,unsigned32 +netscalerIcaApplicationTerminationType,5951,240,unsigned16 +netscalerIcaApplicationTerminationTime,5951,241,unsigned32 +netscalerIcaSessionEndTime,5951,242,unsigned32 +netscalerIcaClientsideJitter,5951,243,unsigned32 +netscalerIcaServersideJitter,5951,244,unsigned32 +netscalerIcaAppProcessID,5951,245,unsigned32 +netscalerIcaAppModulePath,5951,246,string +netscalerIcaDeviceSerialNo,5951,247,unsigned32 +netscalerMsiClientCookie,5951,248,octetarray +netscalerIcaFlags,5951,249,unsigned64 +netscalerIcaUsername,5951,250,string +netscalerLicenseType,5951,251,unsigned8 +netscalerMaxLicenseCount,5951,252,unsigned64 +netscalerCurrentLicenseConsumed,5951,253,unsigned64 +netscalerIcaNetworkUpdateStartTime,5951,254,unsigned32 +netscalerIcaNetworkUpdateEndTime,5951,255,unsigned32 +netscalerIcaClientsideSRTT,5951,256,unsigned32 +netscalerIcaServersideSRTT,5951,257,unsigned32 +netscalerIcaClientsideDelay,5951,258,unsigned32 +netscalerIcaServersideDelay,5951,259,unsigned32 +netscalerIcaHostDelay,5951,260,unsigned32 +netscalerIcaClientSideWindowSize,5951,261,unsigned16 +netscalerIcaServerSideWindowSize,5951,262,unsigned16 +netscalerIcaClientSideRTOCount,5951,263,unsigned16 +netscalerIcaServerSideRTOCount,5951,264,unsigned16 +netscalerIcaL7ClientLatency,5951,265,unsigned32 +netscalerIcaL7ServerLatency,5951,266,unsigned32 +netscalerHttpDomainName,5951,267,string +netscalerCacheRedirClientConnectionCoreID,5951,268,unsigned32 +netscalerCacheRedirClientConnectionTransactionID,5951,269,unsigned32 +netscalerUnknown270,5951,270,unsigned32 +netscalerUnknown271,5951,271,unsigned32 +netscalerUnknown272,5951,272,unsigned32 +netscalerUnknown273,5951,273,unsigned32 +netscalerUnknown274,5951,274,unsigned32 +netscalerUnknown275,5951,275,unsigned32 +netscalerUnknown276,5951,276,unsigned32 +netscalerUnknown277,5951,277,unsigned32 +netscalerUnknown278,5951,278,unsigned32 +netscalerUnknown279,5951,279,unsigned32 +netscalerUnknown280,5951,280,unsigned32 +netscalerUnknown281,5951,281,unsigned32 +netscalerUnknown282,5951,282,unsigned32 +netscalerUnknown283,5951,283,unsigned32 +netscalerUnknown284,5951,284,unsigned32 +netscalerUnknown285,5951,285,unsigned32 +netscalerUnknown286,5951,286,unsigned32 +netscalerUnknown287,5951,287,unsigned32 +netscalerUnknown288,5951,288,unsigned32 +netscalerUnknown289,5951,289,unsigned32 +netscalerUnknown290,5951,290,unsigned32 +netscalerUnknown291,5951,291,unsigned32 +netscalerUnknown292,5951,292,unsigned32 +netscalerUnknown293,5951,293,unsigned32 +netscalerUnknown294,5951,294,unsigned32 +netscalerUnknown295,5951,295,unsigned32 +netscalerUnknown296,5951,296,unsigned32 +netscalerUnknown297,5951,297,unsigned32 +netscalerUnknown298,5951,298,unsigned32 +netscalerUnknown299,5951,299,unsigned32 +netscalerUnknown300,5951,300,unsigned32 +netscalerUnknown301,5951,301,unsigned32 +netscalerUnknown302,5951,302,unsigned32 +netscalerUnknown303,5951,303,unsigned32 +netscalerUnknown304,5951,304,unsigned32 +netscalerUnknown305,5951,305,unsigned32 +netscalerUnknown306,5951,306,unsigned32 +netscalerUnknown307,5951,307,unsigned32 +netscalerUnknown308,5951,308,unsigned32 +netscalerUnknown309,5951,309,unsigned32 +netscalerUnknown310,5951,310,unsigned32 +netscalerUnknown311,5951,311,unsigned32 +netscalerUnknown312,5951,312,unsigned32 +netscalerUnknown313,5951,313,unsigned32 +netscalerUnknown314,5951,314,unsigned32 +netscalerUnknown315,5951,315,unsigned32 +netscalerUnknown316,5951,316,string +netscalerUnknown317,5951,317,unsigned32 +netscalerUnknown318,5951,318,unsigned32 +netscalerUnknown319,5951,319,string +netscalerUnknown320,5951,320,unsigned16 +netscalerUnknown321,5951,321,unsigned32 +netscalerUnknown322,5951,322,unsigned32 +netscalerUnknown323,5951,323,unsigned16 +netscalerUnknown324,5951,324,unsigned16 +netscalerUnknown325,5951,325,unsigned16 +netscalerUnknown326,5951,326,unsigned16 +netscalerUnknown327,5951,327,unsigned32 +netscalerUnknown328,5951,328,unsigned16 +netscalerUnknown329,5951,329,unsigned16 +netscalerUnknown330,5951,330,unsigned16 +netscalerUnknown331,5951,331,unsigned16 +netscalerUnknown332,5951,332,unsigned32 +netscalerUnknown333,5951,333,string +netscalerUnknown334,5951,334,string +netscalerUnknown335,5951,335,unsigned32 +netscalerUnknown336,5951,336,unsigned32 +netscalerUnknown337,5951,337,unsigned32 +netscalerUnknown338,5951,338,unsigned32 +netscalerUnknown339,5951,339,unsigned32 +netscalerUnknown340,5951,340,unsigned32 +netscalerUnknown341,5951,341,unsigned32 +netscalerUnknown342,5951,342,unsigned32 +netscalerUnknown343,5951,343,unsigned32 +netscalerUnknown344,5951,344,unsigned32 +netscalerUnknown345,5951,345,unsigned32 +netscalerUnknown346,5951,346,unsigned32 +netscalerUnknown347,5951,347,unsigned32 +netscalerUnknown348,5951,348,unsigned16 +netscalerUnknown349,5951,349,string +netscalerUnknown350,5951,350,string +netscalerUnknown351,5951,351,string +netscalerUnknown352,5951,352,unsigned16 +netscalerUnknown353,5951,353,unsigned32 +netscalerUnknown354,5951,354,unsigned32 +netscalerUnknown355,5951,355,unsigned32 +netscalerUnknown356,5951,356,unsigned32 +netscalerUnknown357,5951,357,unsigned32 +netscalerUnknown363,5951,363,octetarray +netscalerUnknown383,5951,383,octetarray +netscalerUnknown391,5951,391,unsigned32 +netscalerUnknown398,5951,398,unsigned32 +netscalerUnknown404,5951,404,unsigned32 +netscalerUnknown405,5951,405,unsigned32 +netscalerUnknown427,5951,427,unsigned64 +netscalerUnknown429,5951,429,unsigned8 +netscalerUnknown432,5951,432,unsigned8 +netscalerUnknown433,5951,433,unsigned8 +netscalerUnknown453,5951,453,unsigned64 +netscalerUnknown465,5951,465,unsigned32 +ingressAclID,0,33000,aclid +egressAclID,0,33001,aclid +fwExtEvent,0,33002,unsigned16 +fwEventLevel,0,33003,unsigned32 +fwEventLevelID,0,33004,unsigned32 +fwConfiguredValue,0,33005,unsigned32 +fwCtsSrcSGT,0,34000,unsigned32 +fwExtEventAlt,0,35001,unsigned32 +fwBlackoutSecs,0,35004,unsigned32 +fwHalfOpenHigh,0,35005,unsigned32 +fwHalfOpenRate,0,35006,unsigned32 +fwZonePairID,0,35007,unsigned32 +fwMaxSessions,0,35008,unsigned32 +fwZonePairName,0,35009,unsigned32 +fwExtEventDesc,0,35010,string +fwSummaryPktCount,0,35011,unsigned32 +fwHalfOpenCount,0,35012,unsigned32 +username,0,40000,string +XlateSourceAddressIPV4,0,40001,ipv4Address +XlateDestinationAddressIPV4,0,40002,ipv4Address +XlateSourcePort,0,40003,unsigned16 +XlateDestinationPort,0,40004,unsigned16 +FirewallEvent,0,40005,unsigned8 diff --git a/filebeat/input/netflow/decoder/fields/doc.go b/filebeat/input/netflow/decoder/fields/doc.go new file mode 100644 index 00000000000..d3ae43e4521 --- /dev/null +++ b/filebeat/input/netflow/decoder/fields/doc.go @@ -0,0 +1,11 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package fields + +//go:generate go run gen.go -output zfields_ipfix.go -export IpfixFields --column-id=1 --column-name=2 --column-type=3 ipfix-information-elements.csv +//go:generate go run gen.go -output zfields_cert.go -export CertFields --column-pen=1 --column-id=2 --column-name=3 --column-type=4 cert_pen6871.csv +//go:generate go run gen.go -output zfields_cisco.go -export CiscoFields --column-pen=2 --column-id=3 --column-name=1 --column-type=4 cisco.csv +//go:generate go run gen.go -output zfields_assorted.go -export AssortedFields --column-pen=1 --column-id=2 --column-name=3 --column-type=4 assorted.csv +//go:generate go fmt diff --git a/filebeat/input/netflow/decoder/fields/field.go b/filebeat/input/netflow/decoder/fields/field.go new file mode 100644 index 00000000000..2acaa8a9bee --- /dev/null +++ b/filebeat/input/netflow/decoder/fields/field.go @@ -0,0 +1,39 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package fields + +import "fmt" + +var GlobalFields = FieldDict{} + +type Key struct { + EnterpriseID uint32 + FieldID uint16 +} + +type Field struct { + Name string + Decoder Decoder +} + +type FieldDict map[Key]*Field + +func RegisterGlobalFields(dict FieldDict) error { + for key, value := range dict { + if _, found := GlobalFields[key]; found { + return fmt.Errorf("field %+v is duplicated", key) + } + GlobalFields[key] = value + } + return nil +} + +// Merge merges the passed fields into the dictionary, overwriting existing +// fields if duplicated. +func (f FieldDict) Merge(otherFields FieldDict) { + for key, value := range otherFields { + f[key] = value + } +} diff --git a/filebeat/input/netflow/decoder/fields/field_test.go b/filebeat/input/netflow/decoder/fields/field_test.go new file mode 100644 index 00000000000..883a0c6903b --- /dev/null +++ b/filebeat/input/netflow/decoder/fields/field_test.go @@ -0,0 +1,58 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package fields + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestFieldDict_Merge(t *testing.T) { + a := FieldDict{ + Key{1, 2}: &Field{"field1", String}, + Key{2, 3}: &Field{"field2", Unsigned32}, + } + b := FieldDict{ + Key{3, 4}: &Field{"field3", MacAddress}, + Key{4, 5}: &Field{"field4", Ipv4Address}, + Key{5, 6}: &Field{"field5", Ipv6Address}, + } + c := FieldDict{ + Key{3, 4}: &Field{"field3v2", OctetArray}, + Key{0, 0}: &Field{"field0", DateTimeMicroseconds}, + } + + f := FieldDict{} + + f.Merge(a) + + assert.Len(t, f, len(a)) + if !checkContains(t, f, a) { + t.FailNow() + } + + f.Merge(b) + assert.Len(t, f, len(a)+len(b)) + if !checkContains(t, f, b) { + t.FailNow() + } + + f.Merge(c) + assert.Len(t, f, len(a)+len(b)+len(c)-1) + if !checkContains(t, f, c) { + t.FailNow() + } + +} + +func checkContains(t testing.TB, dest FieldDict, contains FieldDict) bool { + for k, v := range contains { + if !assert.Contains(t, dest, k) || !assert.Equal(t, *v, *dest[k]) { + return false + } + } + return true +} diff --git a/filebeat/input/netflow/decoder/fields/gen.go b/filebeat/input/netflow/decoder/fields/gen.go new file mode 100644 index 00000000000..743c1a062cb --- /dev/null +++ b/filebeat/input/netflow/decoder/fields/gen.go @@ -0,0 +1,185 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// +build ignore + +package main + +import ( + "bufio" + "bytes" + "encoding/csv" + "flag" + "fmt" + "io" + "os" + "strings" +) + +var ( + outputFile = flag.String("output", "zfields.go", "Output file") + export = flag.String("export", "fields", "Name used to export this fields") + nameCol = flag.Int("column-name", 0, "Index of column with field name") + penCol = flag.Int("column-pen", 0, "Index of column with PEN ID") + idCol = flag.Int("column-id", 0, "Index of column with field ID") + typeCol = flag.Int("column-type", 0, "Index of column with field type") +) + +const fileHeader = `// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// go run gen.go +// MACHINE GENERATED BY THE ABOVE COMMAND; DO NOT EDIT. + +package fields + +` + +var TypeNames = []string{ + "OctetArray", + "Unsigned8", + "Unsigned16", + "Unsigned32", + "Unsigned64", + "Signed8", + "Signed16", + "Signed32", + "Signed64", + "Float32", + "Float64", + "Boolean", + "MacAddress", + "String", + "DateTimeSeconds", + "DateTimeMilliseconds", + "DateTimeMicroseconds", + "DateTimeNanoseconds", + "Ipv4Address", + "Ipv6Address", + "BasicList", + "SubTemplateList", + "SubTemplateMultiList", + "ACLID", +} + +func write(w io.Writer, msg string) { + if _, err := w.Write([]byte(msg)); err != nil { + fmt.Fprintf(os.Stderr, "Failed writing to %s: %v\n", *outputFile, err) + os.Exit(4) + } +} + +func usage() { + fmt.Fprintf(os.Stderr, "Usage: gen [-output file.go] [-export name] [--column-{name|pen|id|type}=N]* \n") + flag.PrintDefaults() + os.Exit(1) +} + +func requireColumn(colFlag *int, argument string) { + if *colFlag <= 0 { + fmt.Fprintf(os.Stderr, "Required argument %s not provided\n", argument) + usage() + } +} + +func main() { + flag.Usage = usage + flag.Parse() + if len(flag.Args()) == 0 { + fmt.Fprintf(os.Stderr, "No CSV file to parse provided\n") + usage() + } + csvFile := flag.Args()[0] + if len(csvFile) == 0 { + fmt.Fprintf(os.Stderr, "Argument -input is required\n") + os.Exit(2) + } + + requireColumn(nameCol, "--column-name") + requireColumn(idCol, "--column-id") + requireColumn(typeCol, "--column-type") + + fHandle, err := os.Open(csvFile) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to open %s: %v\n", csvFile, err) + os.Exit(2) + } + defer fHandle.Close() + + outHandle, err := os.Create(*outputFile) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to create %s: %v\n", *outputFile, err) + os.Exit(3) + } + defer outHandle.Close() + + write(outHandle, fileHeader) + write(outHandle, fmt.Sprintf("var %s = FieldDict {\n", *export)) + + typeMap := make(map[string]string) + for _, n := range TypeNames { + typeMap[strings.ToLower(n)] = n + } + + filtered := bytes.NewBuffer(nil) + scanner := bufio.NewScanner(fHandle) + for scanner.Scan() { + if len(scanner.Bytes()) == 0 || scanner.Bytes()[0] != ';' { + filtered.Write(scanner.Bytes()) + filtered.WriteByte('\n') + } + } + reader := csv.NewReader(filtered) + for lineNum := 1; ; lineNum++ { + record, err := reader.Read() + if err != nil { + if err == io.EOF { + break + } + fmt.Fprintf(os.Stderr, "read of %s failed: %v\n", csvFile, err) + os.Exit(5) + } + n := len(record) + vars := make(map[string]string) + for _, f := range []struct { + column int + name string + }{ + {*idCol, "id"}, + {*penCol, "pen"}, + {*nameCol, "name"}, + {*typeCol, "type"}, + } { + if f.column > 0 { + if f.column > n { + fmt.Fprintf(os.Stderr, "%s column is out of range in line %d\n", f.name, lineNum) + os.Exit(6) + } + vars[f.name] = record[f.column-1] + } else { + vars[f.name] = "0" + } + } + if len(vars["type"]) == 0 { + write(outHandle, fmt.Sprintf("\t// Field %s: %s\n", vars["id"], vars["name"])) + continue + } + ttype, found := typeMap[strings.ToLower(vars["type"])] + if !found { + fmt.Fprintf(os.Stderr, "unknown type %s in line %d\n", vars["type"], lineNum) + os.Exit(7) + } + write(outHandle, fmt.Sprintf("\tKey{EnterpriseID: %s, FieldID: %s}: {Name: \"%s\", Decoder: %s},\n", + vars["pen"], vars["id"], vars["name"], ttype)) + } + write(outHandle, fmt.Sprintf(`} + +func init() { + if err := RegisterGlobalFields(%s); err != nil { + panic(err) + } +} +`, *export)) +} diff --git a/filebeat/input/netflow/decoder/fields/ipfix-information-elements.csv b/filebeat/input/netflow/decoder/fields/ipfix-information-elements.csv new file mode 100644 index 00000000000..c2c5143f96b --- /dev/null +++ b/filebeat/input/netflow/decoder/fields/ipfix-information-elements.csv @@ -0,0 +1,3661 @@ +; WARNING: This is an edited version of the original IANA document! +; +; Changes +; ======= +; 2020-01-14 - @adriansr: Change field 51 (classId) from unsigned8 to unsigned32 +; +;ElementID,Name,Abstract Data Type,Data Type Semantics,Status,Description,Units,Range,References,Requester,Revision,Date +0,Reserved,,,,,,,,[RFC5102],,2013-02-18 +1,octetDeltaCount,unsigned64,deltaCounter,current,"The number of octets since the previous report (if any) +in incoming packets for this Flow at the Observation Point. +The number of octets includes IP header(s) and IP payload.",octets,,,[RFC5102],0,2013-02-18 +2,packetDeltaCount,unsigned64,deltaCounter,current,"The number of incoming packets since the previous report +(if any) for this Flow at the Observation Point.",packets,,,[RFC5102],0,2013-02-18 +3,deltaFlowCount,unsigned64,deltaCounter,current,"The conservative count of Original Flows contributing +to this Aggregated Flow; may be distributed via any of the methods +expressed by the valueDistributionMethod Information Element.",flows,,,[RFC7015],1,2013-06-25 +4,protocolIdentifier,unsigned8,identifier,current,"The value of the protocol number in the IP packet header. +The protocol number identifies the IP packet payload type. +Protocol numbers are defined in the IANA Protocol Numbers +registry. + + + + +In Internet Protocol version 4 (IPv4), this is carried in the +Protocol field. In Internet Protocol version 6 (IPv6), this +is carried in the Next Header field in the last extension +header of the packet.",,,"See [RFC791] for the specification of the IPv4 +protocol field. +See [RFC8200] for the specification of the +IPv6 protocol field. +See the list of protocol numbers assigned by IANA at [IANA registry protocol-numbers].",[RFC5102],0,2013-02-18 +5,ipClassOfService,unsigned8,identifier,current,"For IPv4 packets, this is the value of the TOS field in +the IPv4 packet header. For IPv6 packets, this is the +value of the Traffic Class field in the IPv6 packet header.",,,"See [RFC1812] (Section 5.3.2) and [RFC791] for the definition of the IPv4 TOS field. +See [RFC8200] for the definition of the IPv6 +Traffic Class field.",[RFC5102],0,2013-02-18 +6,tcpControlBits,unsigned16,flags,current,"TCP control bits observed for the packets of this Flow. +This information is encoded as a bit field; for each TCP control +bit, there is a bit in this set. The bit is set to 1 if any +observed packet of this Flow has the corresponding TCP control bit +set to 1. The bit is cleared to 0 otherwise. + + + + +The values of each bit are shown below, per the definition of the +bits in the TCP header [RFC793][RFC3168][RFC3540]: + + + + MSb LSb + 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 ++---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ +| | | N | C | E | U | A | P | R | S | F | +| Zero | Future | S | W | C | R | C | S | S | Y | I | +| (Data Offset) | Use | | R | E | G | K | H | T | N | N | ++---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ + +bit flag +value name description +------+-----+------------------------------------- +0x8000 Zero (see tcpHeaderLength) +0x4000 Zero (see tcpHeaderLength) +0x2000 Zero (see tcpHeaderLength) +0x1000 Zero (see tcpHeaderLength) +0x0800 Future Use +0x0400 Future Use +0x0200 Future Use +0x0100 NS ECN Nonce Sum +0x0080 CWR Congestion Window Reduced +0x0040 ECE ECN Echo +0x0020 URG Urgent Pointer field significant +0x0010 ACK Acknowledgment field significant +0x0008 PSH Push Function +0x0004 RST Reset the connection +0x0002 SYN Synchronize sequence numbers +0x0001 FIN No more data from sender + + + +As the most significant 4 bits of octets 12 and 13 (counting from +zero) of the TCP header [RFC793] are used to encode the TCP data +offset (header length), the corresponding bits in this Information +Element MUST be exported as zero and MUST be ignored by the +collector. Use the tcpHeaderLength Information Element to encode +this value. + + + + +Each of the 3 bits (0x800, 0x400, and 0x200), which are reserved +for future use in [RFC793], SHOULD be exported as observed in the +TCP headers of the packets of this Flow. + + + + +If exported as a single octet with reduced-size encoding, this +Information Element covers the low-order octet of this field (i.e, +bits 0x80 to 0x01), omitting the ECN Nonce Sum and the three +Future Use bits. A collector receiving this Information Element +with reduced-size encoding must not assume anything about the +content of these four bits. + + + + +Exporting Processes exporting this Information Element on behalf +of a Metering Process that is not capable of observing any of the +ECN Nonce Sum or Future Use bits SHOULD use reduced-size encoding, +and only export the least significant 8 bits of this Information +Element. + + + + +Note that previous revisions of this Information Element's +definition specified that the CWR and ECE bits must be exported as +zero, even if observed. Collectors should therefore not assume +that a value of zero for these bits in this Information Element +indicates the bits were never set in the observed traffic, +especially if these bits are zero in every Flow Record sent by a +given exporter.",,,[RFC793][RFC3168][RFC3540],[RFC7125],1,2014-01-03 +7,sourceTransportPort,unsigned16,identifier,current,"The source port identifier in the transport header. +For the transport protocols UDP, TCP, and SCTP, this is the +source port number given in the respective header. This +field MAY also be used for future transport protocols that +have 16-bit source port identifiers.",,,"See [RFC768] for the definition of the UDP +source port field. +See [RFC793] for the definition of the TCP +source port field. +See [RFC4960] for the definition of SCTP. + + + + +Additional information on defined UDP and TCP port numbers can be +found at [IANA registry service-names-port-numbers].",[RFC5102],0,2013-02-18 +8,sourceIPv4Address,ipv4Address,default,current,The IPv4 source address in the IP packet header.,,,"See [RFC791] for the definition of the IPv4 +source address field.",[RFC5102],1,2014-02-03 +9,sourceIPv4PrefixLength,unsigned8,,current,"The number of contiguous bits that are relevant in the +sourceIPv4Prefix Information Element.",bits,0-32,,[RFC5102],0,2013-02-18 +10,ingressInterface,unsigned32,identifier,current,"The index of the IP interface where packets of this Flow +are being received. The value matches the value of managed +object 'ifIndex' as defined in [RFC2863]. +Note that ifIndex values are not assigned statically to an +interface and that the interfaces may be renumbered every +time the device's management system is re-initialized, as +specified in [RFC2863].",,,"See [RFC2863] for the definition of the +ifIndex object.",[RFC5102],0,2013-02-18 +11,destinationTransportPort,unsigned16,identifier,current,"The destination port identifier in the transport header. +For the transport protocols UDP, TCP, and SCTP, this is the +destination port number given in the respective header. +This field MAY also be used for future transport protocols +that have 16-bit destination port identifiers.",,,"See [RFC768] for the definition of the UDP +destination port field. +See [RFC793] for the definition of the TCP +destination port field. +See [RFC4960] for the definition of SCTP. + + + + +Additional information on defined UDP and TCP port numbers can be +found at [IANA registry service-names-port-numbers].",[RFC5102],0,2013-02-18 +12,destinationIPv4Address,ipv4Address,default,current,The IPv4 destination address in the IP packet header.,,,"See [RFC791] for the definition of the IPv4 +destination address field.",[RFC5102],1,2014-02-03 +13,destinationIPv4PrefixLength,unsigned8,,current,"The number of contiguous bits that are relevant in the +destinationIPv4Prefix Information Element.",bits,0-32,,[RFC5102],0,2013-02-18 +14,egressInterface,unsigned32,identifier,current,"The index of the IP interface where packets of +this Flow are being sent. The value matches the value of +managed object 'ifIndex' as defined in [RFC2863]. +Note that ifIndex values are not assigned statically to an +interface and that the interfaces may be renumbered every +time the device's management system is re-initialized, as +specified in [RFC2863].",,,"See [RFC2863] for the definition of the +ifIndex object.",[RFC5102],0,2013-02-18 +15,ipNextHopIPv4Address,ipv4Address,default,current,The IPv4 address of the next IPv4 hop.,,,,[RFC5102],1,2014-02-03 +16,bgpSourceAsNumber,unsigned32,identifier,current,"The autonomous system (AS) number of the source IP address. +If AS path information for this Flow is only available as +an unordered AS set (and not as an ordered AS sequence), +then the value of this Information Element is 0.",,,"See [RFC4271] for a description of BGP-4, and +see [RFC1930] for the definition of the AS +number.",[RFC5102],0,2013-02-18 +17,bgpDestinationAsNumber,unsigned32,identifier,current,"The autonomous system (AS) number of the destination IP +address. If AS path information for this Flow is only +available as an unordered AS set (and not as an ordered AS +sequence), then the value of this Information Element is 0.",,,"See [RFC4271] for a description of BGP-4, and +see [RFC1930] for the definition of the AS +number.",[RFC5102],0,2013-02-18 +18,bgpNextHopIPv4Address,ipv4Address,default,current,The IPv4 address of the next (adjacent) BGP hop.,,,See [RFC4271] for a description of BGP-4.,[RFC5102],1,2014-02-03 +19,postMCastPacketDeltaCount,unsigned64,deltaCounter,current,"The number of outgoing multicast packets since the +previous report (if any) sent for packets of this Flow +by a multicast daemon within the Observation Domain. +This property cannot necessarily be observed at the +Observation Point, but may be retrieved by other means.",packets,,,[RFC5102],0,2013-02-18 +20,postMCastOctetDeltaCount,unsigned64,deltaCounter,current,"The number of octets since the previous report (if any) +in outgoing multicast packets sent for packets of this +Flow by a multicast daemon within the Observation Domain. +This property cannot necessarily be observed at the +Observation Point, but may be retrieved by other means. +The number of octets includes IP header(s) and IP payload.",octets,,,[RFC5102],0,2013-02-18 +21,flowEndSysUpTime,unsigned32,,current,"The relative timestamp of the last packet of this Flow. It indicates the +number of milliseconds since the last (re-)initialization of the IPFIX +Device (sysUpTime). sysUpTime can be calculated from +systemInitTimeMilliseconds.",milliseconds,,,[RFC5102],1,2014-01-11 +22,flowStartSysUpTime,unsigned32,,current,"The relative timestamp of the first packet of this Flow. It indicates +the number of milliseconds since the last (re-)initialization of the +IPFIX Device (sysUpTime). sysUpTime can be calculated from +systemInitTimeMilliseconds.",milliseconds,,,[RFC5102],1,2014-01-11 +23,postOctetDeltaCount,unsigned64,deltaCounter,current,"The definition of this Information Element is identical +to the definition of Information Element +'octetDeltaCount', except that it reports a +potentially modified value caused by a middlebox +function after the packet passed the Observation Point.",octets,,,[RFC5102],0,2013-02-18 +24,postPacketDeltaCount,unsigned64,deltaCounter,current,"The definition of this Information Element is identical +to the definition of Information Element +'packetDeltaCount', except that it reports a +potentially modified value caused by a middlebox +function after the packet passed the Observation Point.",packets,,,[RFC5102],0,2013-02-18 +25,minimumIpTotalLength,unsigned64,,current,"Length of the smallest packet observed for this Flow. +The packet length includes the IP header(s) length and +the IP payload length.",octets,,"See [RFC791] for the specification of the IPv4 +total length. +See [RFC8200] for the specification of the +IPv6 payload length. +See [RFC2675] for the specification of the +IPv6 jumbo payload length.",[RFC5102],0,2013-02-18 +26,maximumIpTotalLength,unsigned64,,current,"Length of the largest packet observed for this Flow. +The packet length includes the IP header(s) length and +the IP payload length.",octets,,"See [RFC791] for the specification of the IPv4 +total length. +See [RFC8200] for the specification of the +IPv6 payload length. +See [RFC2675] for the specification of the +IPv6 jumbo payload length.",[RFC5102],0,2013-02-18 +27,sourceIPv6Address,ipv6Address,default,current,The IPv6 source address in the IP packet header.,,,"See [RFC8200] for the definition of the Source +Address field in the IPv6 header.",[RFC5102],1,2014-02-03 +28,destinationIPv6Address,ipv6Address,default,current,The IPv6 destination address in the IP packet header.,,,"See [RFC8200] for the definition of the +Destination Address field in the IPv6 header.",[RFC5102],1,2014-02-03 +29,sourceIPv6PrefixLength,unsigned8,,current,"The number of contiguous bits that are relevant in the +sourceIPv6Prefix Information Element.",bits,0-128,,[RFC5102],0,2013-02-18 +30,destinationIPv6PrefixLength,unsigned8,,current,"The number of contiguous bits that are relevant in the +destinationIPv6Prefix Information Element.",bits,0-128,,[RFC5102],0,2013-02-18 +31,flowLabelIPv6,unsigned32,identifier,current,The value of the IPv6 Flow Label field in the IP packet header.,,0-0xFFFFF,"See [RFC8200] for the definition of the +Flow Label field in the IPv6 packet header.",[RFC5102],1,2014-08-13 +32,icmpTypeCodeIPv4,unsigned16,identifier,current,"Type and Code of the IPv4 ICMP message. The combination of +both values is reported as (ICMP type * 256) + ICMP code.",,,"See [RFC792] for the definition of the IPv4 +ICMP type and code fields.",[RFC5102],0,2013-02-18 +33,igmpType,unsigned8,identifier,current,The type field of the IGMP message.,,,"See [RFC3376] for the definition of the IGMP +type field.",[RFC5102],0,2013-02-18 +34,samplingInterval,unsigned32,quantity,deprecated,"Deprecated in favor of 305 samplingPacketInterval. When using +sampled NetFlow, the rate at which packets are sampled -- e.g., a +value of 100 indicates that one of every 100 packets is sampled.",packets,,,[RFC7270],0,2014-04-04 +35,samplingAlgorithm,unsigned8,identifier,deprecated,"Deprecated in favor of 304 selectorAlgorithm. The type of +algorithm used for sampled NetFlow: + + + + +1 - Deterministic Sampling, +2 - Random Sampling. + + + + +The values are not compatible with the selectorAlgorithm IE, where +""Deterministic"" has been replaced by ""Systematic count-based"" (1) +or ""Systematic time-based"" (2), and ""Random"" is (3). Conversion +is required; see [Packet Sampling (PSAMP) Parameters.]",,,,[RFC7270],0,2014-04-04 +36,flowActiveTimeout,unsigned16,,current,"The number of seconds after which an active Flow is timed out +anyway, even if there is still a continuous flow of packets.",seconds,,,[RFC5102],0,2013-02-18 +37,flowIdleTimeout,unsigned16,,current,"A Flow is considered to be timed out if no packets belonging +to the Flow have been observed for the number of seconds +specified by this field.",seconds,,,[RFC5102],0,2013-02-18 +38,engineType,unsigned8,identifier,deprecated,"Type of flow switching engine in a router/switch: + + + +RP = 0, +VIP/Line card = 1, +PFC/DFC = 2. + + + +Reserved for internal use on the Collector.",,,,[RFC7270],0,2014-04-04 +39,engineId,unsigned8,identifier,deprecated,"Versatile Interface Processor (VIP) or line card slot number of the flow switching engine in a +router/switch. Reserved for internal use on the Collector.",,,,[RFC7270],0,2014-04-04 +40,exportedOctetTotalCount,unsigned64,totalCounter,current,"The total number of octets that the Exporting Process +has sent since the Exporting Process (re-)initialization +to a particular Collecting Process. +The value of this Information Element is calculated by +summing up the IPFIX Message Header length values of all +IPFIX Messages that were successfully sent to the Collecting +Process. The reported number excludes octets in the IPFIX +Message that carries the counter value. +If this Information Element is sent to a particular +Collecting Process, then by default it specifies the number +of octets sent to this Collecting Process.",octets,,,[RFC5102],0,2013-02-18 +41,exportedMessageTotalCount,unsigned64,totalCounter,current,"The total number of IPFIX Messages that the Exporting Process +has sent since the Exporting Process (re-)initialization to +a particular Collecting Process. +The reported number excludes the IPFIX Message that carries +the counter value. +If this Information Element is sent to a particular +Collecting Process, then by default it specifies the number +of IPFIX Messages sent to this Collecting Process.",messages,,,[RFC5102],0,2013-02-18 +42,exportedFlowRecordTotalCount,unsigned64,totalCounter,current,"The total number of Flow Records that the Exporting +Process has sent as Data Records since the Exporting +Process (re-)initialization to a particular Collecting +Process. The reported number excludes Flow Records in +the IPFIX Message that carries the counter value. +If this Information Element is sent to a particular +Collecting Process, then by default it specifies the number +of Flow Records sent to this process.",flows,,,[RFC5102],0,2013-02-18 +43,ipv4RouterSc,ipv4Address,default,deprecated,"This is a platform-specific field for the Catalyst 5000/Catalyst 6000 +family. It is used to store the address of a router that is being +shortcut when performing MultiLayer Switching.",,,[CCO-MLS] describes MultiLayer Switching.,[RFC7270],0,2014-04-04 +44,sourceIPv4Prefix,ipv4Address,default,current,IPv4 source address prefix.,,,,[RFC5102],0,2013-02-18 +45,destinationIPv4Prefix,ipv4Address,default,current,IPv4 destination address prefix.,,,,[RFC5102],0,2013-02-18 +46,mplsTopLabelType,unsigned8,identifier,current,"This field identifies the control protocol that allocated the +top-of-stack label. Values for this field are listed in the +MPLS label type registry. See +[http://www.iana.org/assignments/ipfix/ipfix.xml#ipfix-mpls-label-type]",,,"See [RFC3031] for the MPLS label structure. +See [RFC4364] for the association of MPLS +labels with Virtual Private Networks (VPNs). +See [RFC4271] for BGP and BGP routing. +See [RFC5036] for Label Distribution Protocol +(LDP). +See the list of MPLS label types assigned by IANA at [IANA registry mpls-label-values].",[RFC5102],0,2013-02-18 +47,mplsTopLabelIPv4Address,ipv4Address,default,current,"The IPv4 address of the system that the MPLS top label will +cause this Flow to be forwarded to.",,,"See [RFC3031] for the association between MPLS +labels and IP addresses.",[RFC5102],1,2014-02-03 +48,samplerId,unsigned8,identifier,deprecated,"Deprecated in favor of 302 selectorId. The unique identifier +associated with samplerName.",,,,[RFC7270],0,2014-04-04 +49,samplerMode,unsigned8,identifier,deprecated,"Deprecated in favor of 304 selectorAlgorithm. The values are not +compatible: selectorAlgorithm=3 is random sampling. The type of +algorithm used for sampling data: 1 - Deterministic, 2 - Random +Sampling. Use with samplerRandomInterval.",,,,[RFC7270],0,2014-04-04 +50,samplerRandomInterval,unsigned32,quantity,deprecated,"Deprecated in favor of 305 samplingPacketInterval. Packet +interval at which to sample -- in case of random sampling. Used in +connection with the samplerMode 0x02 (random sampling) value.",,,,[RFC7270],0,2014-04-04 +51,classId,unsigned32,identifier,deprecated,"Deprecated in favor of 302 selectorId. Characterizes the traffic +class, i.e., QoS treatment.",,,,[RFC7270],0,2014-04-04 +52,minimumTTL,unsigned8,,current,Minimum TTL value observed for any packet in this Flow.,hops,,"See [RFC791] for the definition of the IPv4 +Time to Live field. +See [RFC8200] for the definition of the IPv6 +Hop Limit field.",[RFC5102],0,2013-02-18 +53,maximumTTL,unsigned8,,current,Maximum TTL value observed for any packet in this Flow.,hops,,"See [RFC791] for the definition of the IPv4 +Time to Live field. +See [RFC8200] for the definition of the IPv6 +Hop Limit field.",[RFC5102],0,2013-02-18 +54,fragmentIdentification,unsigned32,identifier,current,"The value of the Identification field +in the IPv4 packet header or in the IPv6 Fragment header, +respectively. The value is 0 for IPv6 if there is +no fragment header.",,,"See [RFC791] for the definition of the IPv4 +Identification field. +See [RFC8200] for the definition of the +Identification field in the IPv6 Fragment header.",[RFC5102],0,2013-02-18 +55,postIpClassOfService,unsigned8,identifier,current,"The definition of this Information Element is identical +to the definition of Information Element +'ipClassOfService', except that it reports a +potentially modified value caused by a middlebox +function after the packet passed the Observation Point.",,,"See [RFC791] for the definition of the IPv4 +TOS field. +See [RFC8200] for the definition of the IPv6 +Traffic Class field. +See [RFC3234] for the definition of +middleboxes.",[RFC5102],0,2013-02-18 +56,sourceMacAddress,macAddress,default,current,The IEEE 802 source MAC address field.,,,See IEEE.802-3.2002.,[RFC5102],1,2014-02-03 +57,postDestinationMacAddress,macAddress,default,current,"The definition of this Information Element is identical +to the definition of Information Element +'destinationMacAddress', except that it reports a +potentially modified value caused by a middlebox +function after the packet passed the Observation Point.",,,See IEEE.802-3.2002.,[RFC5102],1,2014-02-03 +58,vlanId,unsigned16,identifier,current,"Virtual LAN identifier associated with ingress interface. For dot1q vlans, see 243 +dot1qVlanId.",,,See IEEE.802-1Q.2003.,[RFC5102],0,2013-02-18 +59,postVlanId,unsigned16,identifier,current,"Virtual LAN identifier associated with egress interface. For postdot1q vlans, see 254, postDot1qVlanId.",,,See IEEE.802-1Q.2003.,[RFC5102],0,2013-02-18 +60,ipVersion,unsigned8,identifier,current,The IP version field in the IP packet header.,,,"See [RFC791] for the definition of the version +field in the IPv4 packet header. +See [RFC8200] for the definition of the +version field in the IPv6 packet header. +Additional information on defined version numbers can be found at +[IANA registry version-numbers].",[RFC5102],0,2013-02-18 +61,flowDirection,unsigned8,identifier,current,"The direction of the Flow observed at the Observation +Point. There are only two values defined. + + + +0x00: ingress flow +0x01: egress flow",,,,[RFC5102],0,2013-02-18 +62,ipNextHopIPv6Address,ipv6Address,default,current,The IPv6 address of the next IPv6 hop.,,,,[RFC5102],1,2014-02-03 +63,bgpNextHopIPv6Address,ipv6Address,default,current,The IPv6 address of the next (adjacent) BGP hop.,,,See [RFC4271] for a description of BGP-4.,[RFC5102],1,2014-02-03 +64,ipv6ExtensionHeaders,unsigned32,flags,current,"IPv6 extension headers observed in packets of this Flow. +The information is encoded in a set of bit fields. For +each IPv6 option header, there is a bit in this set. +The bit is set to 1 if any observed packet of this Flow +contains the corresponding IPv6 extension header. +Otherwise, if no observed packet of this Flow contained +the respective IPv6 extension header, the value of the +corresponding bit is 0. + + + + 0 1 2 3 4 5 6 7 + +-----+-----+-----+-----+-----+-----+-----+-----+ + | DST | HOP | Res | UNK |FRA0 | RH |FRA1 | Res | ... + +-----+-----+-----+-----+-----+-----+-----+-----+ + + 8 9 10 11 12 13 14 15 + +-----+-----+-----+-----+-----+-----+-----+-----+ +... | Reserved | MOB | ESP | AH | PAY | ... + +-----+-----+-----+-----+-----+-----+-----+-----+ + + 16 17 18 19 20 21 22 23 + +-----+-----+-----+-----+-----+-----+-----+-----+ +... | Reserved | ... + +-----+-----+-----+-----+-----+-----+-----+-----+ + + 24 25 26 27 28 29 30 31 + +-----+-----+-----+-----+-----+-----+-----+-----+ +... | Reserved | + +-----+-----+-----+-----+-----+-----+-----+-----+ + +Bit IPv6 Option Description + +0, DST 60 Destination option header +1, HOP 0 Hop-by-hop option header +2, Res Reserved +3, UNK Unknown Layer 4 header + (compressed, encrypted, not supported) +4, FRA0 44 Fragment header - first fragment +5, RH 43 Routing header +6, FRA1 44 Fragmentation header - not first fragment +7, Res Reserved +8 to 11 Reserved +12, MOB 135 IPv6 mobility [RFC3775] +13, ESP 50 Encrypted security payload +14, AH 51 Authentication Header +15, PAY 108 Payload compression header +16 to 31 Reserved",,,"See [RFC8200] for the general definition of +IPv6 extension headers and for the specification of the hop-by-hop +options header, the routing header, the fragment header, and the +destination options header. +See [RFC4302] for the specification of the +authentication header. +See [RFC4303] for the specification of the +encapsulating security payload. + +The diagram provided in [RFC5102] is incorrect. +The diagram in this registry is taken from Errata 1738. See [RFC Errata + 1738]",[RFC5102],0,2013-02-18 +65-69,Assigned for NetFlow v9 compatibility,,,,,,,[RFC3954],[RFC5102],0,2013-02-18 +70,mplsTopLabelStackSection,octetArray,default,current,"The Label, Exp, and S fields from the top MPLS label +stack entry, i.e., from the last label that was pushed. + + + + +The size of this Information Element is 3 octets. + + + + 0 1 2 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 ++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +| Label | Exp |S| ++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + +Label: Label Value, 20 bits +Exp: Experimental Use, 3 bits +S: Bottom of Stack, 1 bit",,,See [RFC3032].,[RFC5102],1,2014-02-03 +71,mplsLabelStackSection2,octetArray,default,current,"The Label, Exp, and S fields from the label stack entry that +was pushed immediately before the label stack entry that would +be reported by mplsTopLabelStackSection. See the definition of +mplsTopLabelStackSection for further details. + + + + +The size of this Information Element is 3 octets.",,,See [RFC3032].,[RFC5102],1,2014-02-03 +72,mplsLabelStackSection3,octetArray,default,current,"The Label, Exp, and S fields from the label stack entry that +was pushed immediately before the label stack entry that would +be reported by mplsLabelStackSection2. See the definition of +mplsTopLabelStackSection for further details. + + + + +The size of this Information Element is 3 octets.",,,See [RFC3032].,[RFC5102],1,2014-02-03 +73,mplsLabelStackSection4,octetArray,default,current,"The Label, Exp, and S fields from the label stack entry that +was pushed immediately before the label stack entry that would +be reported by mplsLabelStackSection3. See the definition of +mplsTopLabelStackSection for further details. + + + + +The size of this Information Element is 3 octets.",,,See [RFC3032].,[RFC5102],1,2014-02-03 +74,mplsLabelStackSection5,octetArray,default,current,"The Label, Exp, and S fields from the label stack entry that +was pushed immediately before the label stack entry that would +be reported by mplsLabelStackSection4. See the definition of +mplsTopLabelStackSection for further details. + + + + +The size of this Information Element is 3 octets.",,,See [RFC3032].,[RFC5102],1,2014-02-03 +75,mplsLabelStackSection6,octetArray,default,current,"The Label, Exp, and S fields from the label stack entry that +was pushed immediately before the label stack entry that would +be reported by mplsLabelStackSection5. See the definition of +mplsTopLabelStackSection for further details. + + + + +The size of this Information Element is 3 octets.",,,See [RFC3032].,[RFC5102],1,2014-02-03 +76,mplsLabelStackSection7,octetArray,default,current,"The Label, Exp, and S fields from the label stack entry that +was pushed immediately before the label stack entry that would +be reported by mplsLabelStackSection6. See the definition of +mplsTopLabelStackSection for further details. + + + + +The size of this Information Element is 3 octets.",,,See [RFC3032].,[RFC5102],1,2014-02-03 +77,mplsLabelStackSection8,octetArray,default,current,"The Label, Exp, and S fields from the label stack entry that +was pushed immediately before the label stack entry that would +be reported by mplsLabelStackSection7. See the definition of +mplsTopLabelStackSection for further details. + + + + +The size of this Information Element is 3 octets.",,,See [RFC3032].,[RFC5102],1,2014-02-03 +78,mplsLabelStackSection9,octetArray,default,current,"The Label, Exp, and S fields from the label stack entry that +was pushed immediately before the label stack entry that would +be reported by mplsLabelStackSection8. See the definition of +mplsTopLabelStackSection for further details. + + + + +The size of this Information Element is 3 octets.",,,See [RFC3032].,[RFC5102],1,2014-02-03 +79,mplsLabelStackSection10,octetArray,default,current,"The Label, Exp, and S fields from the label stack entry that +was pushed immediately before the label stack entry that would +be reported by mplsLabelStackSection9. See the definition of +mplsTopLabelStackSection for further details. + + + + +The size of this Information Element is 3 octets.",,,See [RFC3032].,[RFC5102],1,2014-02-03 +80,destinationMacAddress,macAddress,default,current,The IEEE 802 destination MAC address field.,,,See IEEE.802-3.2002.,[RFC5102],1,2014-02-03 +81,postSourceMacAddress,macAddress,default,current,"The definition of this Information Element is identical +to the definition of Information Element +'sourceMacAddress', except that it reports a +potentially modified value caused by a middlebox +function after the packet passed the Observation Point.",,,See IEEE.802-3.2002.,[RFC5102],1,2014-02-03 +82,interfaceName,string,default,current,"A short name uniquely describing an interface, eg ""Eth1/0"".",,,See [RFC2863] for the definition of the ifName object.,[ipfix-iana_at_cisco.com],0,2013-02-18 +83,interfaceDescription,string,default,current,"The description of an interface, eg ""FastEthernet 1/0"" or ""ISP +connection"".",,,See [RFC2863] for the definition of the ifDescr object.,[ipfix-iana_at_cisco.com],0,2013-02-18 +84,samplerName,string,,deprecated,"Deprecated in favor of 335 selectorName. Name of the flow +sampler.",,,,[RFC7270],0,2014-04-04 +85,octetTotalCount,unsigned64,totalCounter,current,"The total number of octets in incoming packets +for this Flow at the Observation Point since the Metering +Process (re-)initialization for this Observation Point. The +number of octets includes IP header(s) and IP payload.",octets,,,[RFC5102],0,2013-02-18 +86,packetTotalCount,unsigned64,totalCounter,current,"The total number of incoming packets for this Flow +at the Observation Point since the Metering Process +(re-)initialization for this Observation Point.",packets,,,[RFC5102],0,2013-02-18 +87,flagsAndSamplerId,unsigned32,identifier,deprecated,"Flow flags and the value of the sampler ID (samplerId) combined in +one bitmapped field. Reserved for internal use on the Collector.",,,,[RFC7270],0,2014-04-04 +88,fragmentOffset,unsigned16,quantity,current,"The value of the IP fragment offset field in the +IPv4 packet header or the IPv6 Fragment header, +respectively. The value is 0 for IPv6 if there is +no fragment header.",,0-0x1FFF,"See [RFC791] for the specification of the +fragment offset in the IPv4 header. +See [RFC8200] for the specification of the +fragment offset in the IPv6 Fragment header.",[RFC5102],1,2014-08-13 +89,forwardingStatus,unsigned8,identifier,current,"This Information Element describes the forwarding status of the +flow and any attached reasons. + + + + +The layout of the encoding is as follows: + + + +MSB - 0 1 2 3 4 5 6 7 - LSB + +---+---+---+---+---+---+---+---+ + | Status| Reason code or flags | + +---+---+---+---+---+---+---+---+ + + + +See the Forwarding Status sub-registries at [http://www.iana.org/assignments/ipfix/ipfix.xhtml#forwarding-status]. + + + +Examples: + +value : 0x40 = 64 +binary: 01000000 +decode: 01 -> Forward + 000000 -> No further information + +value : 0x89 = 137 +binary: 10001001 +decode: 10 -> Drop + 001001 -> Bad TTL",,,"See ""NetFlow Version 9 Flow-Record Format"" [CCO-NF9FMT].","[RFC7270][RFC Errata + 5262]",2,2018-02-21 +90,mplsVpnRouteDistinguisher,octetArray,default,current,"The value of the VPN route distinguisher of a corresponding +entry in a VPN routing and forwarding table. Route +distinguisher ensures that the same address can be used in +several different MPLS VPNs and that it is possible for BGP to +carry several completely different routes to that address, one +for each VPN. According to [RFC4364], the size of +mplsVpnRouteDistinguisher is 8 octets. However, in [RFC4382] an +octet string with flexible length was chosen for representing a +VPN route distinguisher by object MplsL3VpnRouteDistinguisher. +This choice was made in order to be open to future changes of +the size. This idea was adopted when choosing octetArray as +abstract data type for this Information Element. The maximum +length of this Information Element is 256 octets.",,,"See [RFC4364] for the specification of the +route distinguisher. See [RFC4382] for the +specification of the MPLS/BGP Layer 3 Virtual Private Network (VPN) +Management Information Base.",[RFC5102],1,2014-02-03 +91,mplsTopLabelPrefixLength,unsigned8,quantity,current,"The prefix length of the subnet of the mplsTopLabelIPv4Address that +the MPLS top label will cause the Flow to be forwarded to.",bits,0-32,"See [RFC3031] for the association between +MPLS labels and prefix lengths.",[ipfix-iana_at_cisco.com],1,2014-08-13 +92,srcTrafficIndex,unsigned32,identifier,current,BGP Policy Accounting Source Traffic Index.,,,BGP policy accounting as described in [CCO-BGPPOL].,[RFC7270],0,2014-04-04 +93,dstTrafficIndex,unsigned32,identifier,current,BGP Policy Accounting Destination Traffic Index.,,,BGP policy accounting as described in [CCO-BGPPOL].,[RFC7270],0,2014-04-04 +94,applicationDescription,string,default,current,Specifies the description of an application.,,,,[RFC6759],1,2014-02-03 +95,applicationId,octetArray,default,current,Specifies an Application ID per [RFC6759].,,,See section 4 of [RFC6759] for the applicationId Information Element Specification.,[RFC6759],1,2014-02-03 +96,applicationName,string,default,current,Specifies the name of an application.,,,,[RFC6759],0,2013-02-18 +97,Assigned for NetFlow v9 compatibility,,,,,,,[RFC3954],[RFC5102],0,2013-02-18 +98,postIpDiffServCodePoint,unsigned8,identifier,current,"The definition of this Information Element is identical to the +definition of Information Element 'ipDiffServCodePoint', except +that it reports a potentially modified value caused by a +middlebox function after the packet passed the Observation +Point.",,0-63,"See [RFC3260] for the definition of the Differentiated +Services Field. See section 5.3.2 of [RFC1812] and +[RFC791] for the definition of the IPv4 TOS field. See +[RFC8200] for the definition of the IPv6 Traffic Class +field. See the IPFIX Information Model [RFC5102] for the +'ipDiffServCodePoint' specification.",[ipfix-iana_at_cisco.com],0,2013-02-18 +99,multicastReplicationFactor,unsigned32,quantity,current,"The amount of multicast replication that's applied to a traffic +stream.",,,"See [RFC1112] for the specification of reserved IPv4 +multicast addresses. See [RFC4291] for the +specification of reserved IPv6 multicast addresses.",[ipfix-iana_at_cisco.com],0,2013-02-18 +100,className,string,,deprecated,"Deprecated in favor of 335 selectorName. Traffic Class Name, +associated with the classId Information Element.",,,,[RFC7270],0,2014-04-04 +101,classificationEngineId,unsigned8,identifier,current,"A unique identifier for the engine that determined the +Selector ID. Thus, the Classification Engine ID defines +the context for the Selector ID. The Classification +Engine can be considered a specific registry for +application assignments. + + + + +Values for this field are listed in the Classification +Engine IDs registry. See +[http://www.iana.org/assignments/ipfix/ipfix.xml#classification-engine-ids]",,,,[RFC6759],0,2013-02-18 +102,layer2packetSectionOffset,unsigned16,quantity,deprecated,"Deprecated in favor of 409 sectionOffset. Layer 2 packet +section offset. Potentially a generic packet section offset.",,,,[RFC7270],0,2014-04-04 +103,layer2packetSectionSize,unsigned16,quantity,deprecated,"Deprecated in favor of 312 dataLinkFrameSize. Layer 2 packet +section size. Potentially a generic packet section size.",,,,[RFC7270],0,2014-04-04 +104,layer2packetSectionData,octetArray,,deprecated,"Deprecated in favor of 315 dataLinkFrameSection. Layer 2 packet +section data.",,,,[RFC7270],0,2014-04-04 +105-127,Assigned for NetFlow v9 compatibility,,,,,,,[RFC3954],[RFC5102],0,2013-02-18 +128,bgpNextAdjacentAsNumber,unsigned32,identifier,current,"The autonomous system (AS) number of the first AS in the AS +path to the destination IP address. The path is deduced +by looking up the destination IP address of the Flow in the +BGP routing information base. If AS path information for +this Flow is only available as an unordered AS set (and not +as an ordered AS sequence), then the value of this Information +Element is 0.",,,"See [RFC4271] for a description of BGP-4, and +see [RFC1930] for the definition of the AS +number.",[RFC5102],0,2013-02-18 +129,bgpPrevAdjacentAsNumber,unsigned32,identifier,current,"The autonomous system (AS) number of the last AS in the AS +path from the source IP address. The path is deduced +by looking up the source IP address of the Flow in the BGP +routing information base. If AS path information for this +Flow is only available as an unordered AS set (and not as +an ordered AS sequence), then the value of this Information +Element is 0. In case of BGP asymmetry, the +bgpPrevAdjacentAsNumber might not be able to report the correct +value.",,,"See [RFC4271] for a description of BGP-4, and +see [RFC1930] for the definition of the AS +number.",[RFC5102],0,2013-02-18 +130,exporterIPv4Address,ipv4Address,default,current,"The IPv4 address used by the Exporting Process. This is used +by the Collector to identify the Exporter in cases where the +identity of the Exporter may have been obscured by the use of +a proxy.",,,,[RFC5102],1,2014-02-03 +131,exporterIPv6Address,ipv6Address,default,current,"The IPv6 address used by the Exporting Process. This is used +by the Collector to identify the Exporter in cases where the +identity of the Exporter may have been obscured by the use of +a proxy.",,,,[RFC5102],1,2014-02-03 +132,droppedOctetDeltaCount,unsigned64,deltaCounter,current,"The number of octets since the previous report (if any) +in packets of this Flow dropped by packet treatment. +The number of octets includes IP header(s) and IP payload.",octets,,,[RFC5102],0,2013-02-18 +133,droppedPacketDeltaCount,unsigned64,deltaCounter,current,"The number of packets since the previous report (if any) +of this Flow dropped by packet treatment.",packets,,,[RFC5102],0,2013-02-18 +134,droppedOctetTotalCount,unsigned64,totalCounter,current,"The total number of octets in packets of this Flow dropped +by packet treatment since the Metering Process +(re-)initialization for this Observation Point. +The number of octets includes IP header(s) and IP payload.",octets,,,[RFC5102],0,2013-02-18 +135,droppedPacketTotalCount,unsigned64,totalCounter,current,"The number of packets of this Flow dropped by packet +treatment since the Metering Process +(re-)initialization for this Observation Point.",packets,,,[RFC5102],0,2013-02-18 +136,flowEndReason,unsigned8,identifier,current,"The reason for Flow termination. The range of values includes +the following: + + + +0x01: idle timeout + The Flow was terminated because it was considered to be + idle. + +0x02: active timeout + The Flow was terminated for reporting purposes while it was + still active, for example, after the maximum lifetime of + unreported Flows was reached. + +0x03: end of Flow detected + The Flow was terminated because the Metering Process + detected signals indicating the end of the Flow, + for example, the TCP FIN flag. + +0x04: forced end + The Flow was terminated because of some external event, + for example, a shutdown of the Metering Process initiated + by a network management application. + +0x05: lack of resources + The Flow was terminated because of lack of resources + available to the Metering Process and/or the Exporting + Process.",,,,[RFC5102],0,2013-02-18 +137,commonPropertiesId,unsigned64,identifier,current,"An identifier of a set of common properties that is +unique per Observation Domain and Transport Session. +Typically, this Information Element is used to link to +information reported in separate Data Records.",,,,[RFC5102],0,2013-02-18 +138,observationPointId,unsigned64,identifier,current,"An identifier of an Observation Point that is unique per +Observation Domain. It is RECOMMENDED that this identifier is +also unique per IPFIX Device. Typically, this Information +Element is used for limiting the scope of other Information +Elements.",,,,[RFC5102][ipfix-iana_at_cisco.com],1,2013-04-11 +139,icmpTypeCodeIPv6,unsigned16,identifier,current,"Type and Code of the IPv6 ICMP message. The combination of +both values is reported as (ICMP type * 256) + ICMP code.",,,"See [RFC4443] for the definition of the IPv6 +ICMP type and code fields.",[RFC5102],0,2013-02-18 +140,mplsTopLabelIPv6Address,ipv6Address,default,current,"The IPv6 address of the system that the MPLS top label will +cause this Flow to be forwarded to.",,,"See [RFC3031] for the association between MPLS +labels and IP addresses.",[RFC5102],1,2014-02-03 +141,lineCardId,unsigned32,identifier,current,"An identifier of a line card that is unique per IPFIX +Device hosting an Observation Point. Typically, this +Information Element is used for limiting the scope +of other Information Elements.",,,,[RFC5102],0,2013-02-18 +142,portId,unsigned32,identifier,current,"An identifier of a line port that is unique per IPFIX +Device hosting an Observation Point. Typically, this +Information Element is used for limiting the scope +of other Information Elements.",,,,[RFC5102],0,2013-02-18 +143,meteringProcessId,unsigned32,identifier,current,"An identifier of a Metering Process that is unique per +IPFIX Device. Typically, this Information Element is used +for limiting the scope of other Information Elements. +Note that process identifiers are typically assigned +dynamically. +The Metering Process may be re-started with a different ID.",,,,[RFC5102],0,2013-02-18 +144,exportingProcessId,unsigned32,identifier,current,"An identifier of an Exporting Process that is unique per +IPFIX Device. Typically, this Information Element is used +for limiting the scope of other Information Elements. +Note that process identifiers are typically assigned +dynamically. The Exporting Process may be re-started +with a different ID.",,,,[RFC5102],0,2013-02-18 +145,templateId,unsigned16,identifier,current,"An identifier of a Template that is locally unique within a +combination of a Transport session and an Observation Domain. + + + + +Template IDs 0-255 are reserved for Template Sets, Options +Template Sets, and other reserved Sets yet to be created. +Template IDs of Data Sets are numbered from 256 to 65535. + + + + +Typically, this Information Element is used for limiting +the scope of other Information Elements. +Note that after a re-start of the Exporting Process Template +identifiers may be re-assigned.",,,,[RFC5102],0,2013-02-18 +146,wlanChannelId,unsigned8,identifier,current,The identifier of the 802.11 (Wi-Fi) channel used.,,,See IEEE.802-11.1999.,[RFC5102],0,2013-02-18 +147,wlanSSID,string,default,current,"The Service Set IDentifier (SSID) identifying an 802.11 +(Wi-Fi) network used. According to IEEE.802-11.1999, the +SSID is encoded into a string of up to 32 characters.",,,See IEEE.802-11.1999.,[RFC5102],0,2013-02-18 +148,flowId,unsigned64,identifier,current,"An identifier of a Flow that is unique within an Observation +Domain. This Information Element can be used to distinguish +between different Flows if Flow Keys such as IP addresses and +port numbers are not reported or are reported in separate +records.",,,,[RFC5102],0,2013-02-18 +149,observationDomainId,unsigned32,identifier,current,"An identifier of an Observation Domain that is locally +unique to an Exporting Process. The Exporting Process uses +the Observation Domain ID to uniquely identify to the +Collecting Process the Observation Domain where Flows +were metered. It is RECOMMENDED that this identifier is +also unique per IPFIX Device. + + + + +A value of 0 indicates that no specific Observation Domain +is identified by this Information Element. + + + + +Typically, this Information Element is used for limiting +the scope of other Information Elements.",,,,[RFC5102],0,2013-02-18 +150,flowStartSeconds,dateTimeSeconds,default,current,The absolute timestamp of the first packet of this Flow.,seconds,,,[RFC5102],0,2013-02-18 +151,flowEndSeconds,dateTimeSeconds,default,current,The absolute timestamp of the last packet of this Flow.,seconds,,,[RFC5102],0,2013-02-18 +152,flowStartMilliseconds,dateTimeMilliseconds,default,current,The absolute timestamp of the first packet of this Flow.,milliseconds,,,[RFC5102],0,2013-02-18 +153,flowEndMilliseconds,dateTimeMilliseconds,default,current,The absolute timestamp of the last packet of this Flow.,milliseconds,,,[RFC5102],0,2013-02-18 +154,flowStartMicroseconds,dateTimeMicroseconds,default,current,The absolute timestamp of the first packet of this Flow.,microseconds,,,[RFC5102],0,2013-02-18 +155,flowEndMicroseconds,dateTimeMicroseconds,default,current,The absolute timestamp of the last packet of this Flow.,microseconds,,,[RFC5102],0,2013-02-18 +156,flowStartNanoseconds,dateTimeNanoseconds,default,current,The absolute timestamp of the first packet of this Flow.,nanoseconds,,,[RFC5102],0,2013-02-18 +157,flowEndNanoseconds,dateTimeNanoseconds,default,current,The absolute timestamp of the last packet of this Flow.,nanoseconds,,,[RFC5102],0,2013-02-18 +158,flowStartDeltaMicroseconds,unsigned32,,current,"This is a relative timestamp only valid within the scope +of a single IPFIX Message. It contains the negative time +offset of the first observed packet of this Flow relative +to the export time specified in the IPFIX Message Header.",microseconds,,"See the [IPFIX protocol +specification] for the definition of the IPFIX Message Header.",[RFC5102],0,2013-02-18 +159,flowEndDeltaMicroseconds,unsigned32,,current,"This is a relative timestamp only valid within the scope +of a single IPFIX Message. It contains the negative time +offset of the last observed packet of this Flow relative +to the export time specified in the IPFIX Message Header.",microseconds,,"See the [IPFIX protocol +specification] for the definition of the IPFIX Message Header.",[RFC5102],0,2013-02-18 +160,systemInitTimeMilliseconds,dateTimeMilliseconds,default,current,"The absolute timestamp of the last (re-)initialization of the +IPFIX Device.",milliseconds,,,[RFC5102],0,2013-02-18 +161,flowDurationMilliseconds,unsigned32,,current,"The difference in time between the first observed packet +of this Flow and the last observed packet of this Flow.",milliseconds,,,[RFC5102],0,2013-02-18 +162,flowDurationMicroseconds,unsigned32,,current,"The difference in time between the first observed packet +of this Flow and the last observed packet of this Flow.",microseconds,,,[RFC5102],0,2013-02-18 +163,observedFlowTotalCount,unsigned64,totalCounter,current,"The total number of Flows observed in the Observation Domain +since the Metering Process (re-)initialization for this +Observation Point.",flows,,,[RFC5102],0,2013-02-18 +164,ignoredPacketTotalCount,unsigned64,totalCounter,current,"The total number of observed IP packets that the +Metering Process did not process since the +(re-)initialization of the Metering Process.",packets,,,[RFC5102],0,2013-02-18 +165,ignoredOctetTotalCount,unsigned64,totalCounter,current,"The total number of octets in observed IP packets +(including the IP header) that the Metering Process +did not process since the (re-)initialization of the +Metering Process.",octets,,,[RFC5102],0,2013-02-18 +166,notSentFlowTotalCount,unsigned64,totalCounter,current,"The total number of Flow Records that were generated by the +Metering Process and dropped by the Metering Process or +by the Exporting Process instead of being sent to the +Collecting Process. There are several potential reasons for +this including resource shortage and special Flow export +policies.",flows,,,[RFC5102],0,2013-02-18 +167,notSentPacketTotalCount,unsigned64,totalCounter,current,"The total number of packets in Flow Records that were +generated by the Metering Process and dropped +by the Metering Process or by the Exporting Process +instead of being sent to the Collecting Process. +There are several potential reasons for this including +resource shortage and special Flow export policies.",packets,,,[RFC5102],0,2013-02-18 +168,notSentOctetTotalCount,unsigned64,totalCounter,current,"The total number of octets in packets in Flow Records +that were generated by the Metering Process and +dropped by the Metering Process or by the Exporting +Process instead of being sent to the Collecting Process. +There are several potential reasons for this including +resource shortage and special Flow export policies.",octets,,,[RFC5102],0,2013-02-18 +169,destinationIPv6Prefix,ipv6Address,default,current,IPv6 destination address prefix.,,,,[RFC5102],0,2013-02-18 +170,sourceIPv6Prefix,ipv6Address,default,current,IPv6 source address prefix.,,,,[RFC5102],0,2013-02-18 +171,postOctetTotalCount,unsigned64,totalCounter,current,"The definition of this Information Element is identical +to the definition of Information Element +'octetTotalCount', except that it reports a +potentially modified value caused by a middlebox +function after the packet passed the Observation Point.",octets,,,[RFC5102],0,2013-02-18 +172,postPacketTotalCount,unsigned64,totalCounter,current,"The definition of this Information Element is identical +to the definition of Information Element +'packetTotalCount', except that it reports a +potentially modified value caused by a middlebox +function after the packet passed the Observation Point.",packets,,,[RFC5102],0,2013-02-18 +173,flowKeyIndicator,unsigned64,flags,current,"This set of bit fields is used for marking the Information +Elements of a Data Record that serve as Flow Key. Each bit +represents an Information Element in the Data Record, with +the n-th least significant bit representing the n-th Information +Element. +A bit set to value 1 indicates that the corresponding +Information Element is a Flow Key of the reported Flow. +A bit set to value 0 indicates that this is not the case. + + + + +If the Data Record contains more than 64 Information Elements, +the corresponding Template SHOULD be designed such that all +Flow Keys are among the first 64 Information Elements, because +the flowKeyIndicator only contains 64 bits. If the Data Record +contains less than 64 Information Elements, then the bits in +the flowKeyIndicator for which no corresponding Information +Element exists MUST have the value 0.",,,,"[RFC5102][RFC Errata + 4984]",1,2017-08-01 +174,postMCastPacketTotalCount,unsigned64,totalCounter,current,"The total number of outgoing multicast packets sent for +packets of this Flow by a multicast daemon within the +Observation Domain since the Metering Process +(re-)initialization. This property cannot necessarily +be observed at the Observation Point, but may be retrieved +by other means.",packets,,,[RFC5102],0,2013-02-18 +175,postMCastOctetTotalCount,unsigned64,totalCounter,current,"The total number of octets in outgoing multicast packets +sent for packets of this Flow by a multicast daemon in the +Observation Domain since the Metering Process +(re-)initialization. This property cannot necessarily be +observed at the Observation Point, but may be retrieved by +other means. +The number of octets includes IP header(s) and IP payload.",octets,,,[RFC5102],0,2013-02-18 +176,icmpTypeIPv4,unsigned8,identifier,current,Type of the IPv4 ICMP message.,,,"See [RFC792] for the definition of the IPv4 +ICMP type field.",[RFC5102],0,2013-02-18 +177,icmpCodeIPv4,unsigned8,identifier,current,Code of the IPv4 ICMP message.,,,"See [RFC792] for the definition of the IPv4 +ICMP code field.",[RFC5102],0,2013-02-18 +178,icmpTypeIPv6,unsigned8,identifier,current,Type of the IPv6 ICMP message.,,,"See [RFC4443] for the definition of the IPv6 +ICMP type field.",[RFC5102],0,2013-02-18 +179,icmpCodeIPv6,unsigned8,identifier,current,Code of the IPv6 ICMP message.,,,"See [RFC4443] for the definition of the IPv6 +ICMP code field.",[RFC5102],0,2013-02-18 +180,udpSourcePort,unsigned16,identifier,current,The source port identifier in the UDP header.,,,"See [RFC768] for the definition of the UDP +source port field. +Additional information on defined UDP port numbers can be found at +[IANA registry service-names-port-numbers].",[RFC5102],0,2013-02-18 +181,udpDestinationPort,unsigned16,identifier,current,The destination port identifier in the UDP header.,,,"See [RFC768] for the definition of the UDP +destination port field. +Additional information on defined UDP port numbers can be found at +[IANA registry service-names-port-numbers].",[RFC5102],0,2013-02-18 +182,tcpSourcePort,unsigned16,identifier,current,The source port identifier in the TCP header.,,,"See [RFC793] for the definition of the TCP +source port field. +Additional information on defined TCP port numbers can be found at +[IANA registry service-names-port-numbers].",[RFC5102],0,2013-02-18 +183,tcpDestinationPort,unsigned16,identifier,current,The destination port identifier in the TCP header.,,,"See [RFC793] for the definition of the TCP +destination port field. +Additional information on defined TCP port numbers can be found at +[IANA registry service-names-port-numbers].",[RFC5102],0,2013-02-18 +184,tcpSequenceNumber,unsigned32,,current,The sequence number in the TCP header.,,,"See [RFC793] for the definition of the TCP +sequence number.",[RFC5102],0,2013-02-18 +185,tcpAcknowledgementNumber,unsigned32,,current,The acknowledgement number in the TCP header.,,,"See [RFC793] for the definition of the TCP +acknowledgement number.",[RFC5102],0,2013-02-18 +186,tcpWindowSize,unsigned16,,current,"The window field in the TCP header. +If the TCP window scale is supported, +then TCP window scale must be known +to fully interpret the value of this information.",,,"See [RFC793] for the definition of the TCP +window field. +See [RFC1323] for the definition of the TCP +window scale.",[RFC5102],0,2013-02-18 +187,tcpUrgentPointer,unsigned16,,current,The urgent pointer in the TCP header.,,,"See [RFC793] for the definition of the TCP +urgent pointer.",[RFC5102],0,2013-02-18 +188,tcpHeaderLength,unsigned8,,current,"The length of the TCP header. Note that the value of this +Information Element is different from the value of the Data +Offset field in the TCP header. The Data Offset field +indicates the length of the TCP header in units of 4 octets. +This Information Elements specifies the length of the TCP +header in units of octets.",octets,,"See [RFC793] for the definition of the TCP +header.",[RFC5102],0,2013-02-18 +189,ipHeaderLength,unsigned8,,current,"The length of the IP header. For IPv6, the value of this +Information Element is 40.",octets,,"See [RFC791] for the definition of the IPv4 +header. +See [RFC8200] for the definition of the IPv6 +header.",[RFC5102],0,2013-02-18 +190,totalLengthIPv4,unsigned16,,current,The total length of the IPv4 packet.,octets,,"See [RFC791] for the specification of the IPv4 +total length.",[RFC5102],0,2013-02-18 +191,payloadLengthIPv6,unsigned16,,current,"This Information Element reports the value of the Payload +Length field in the IPv6 header. Note that IPv6 extension +headers belong to the payload. Also note that in case of a +jumbo payload option the value of the Payload Length field in +the IPv6 header is zero and so will be the value reported +by this Information Element.",octets,,"See [RFC8200] for the specification of the IPv6 +payload length. +See [RFC2675] for the specification of the IPv6 +jumbo payload option.",[RFC5102],0,2013-02-18 +192,ipTTL,unsigned8,,current,"For IPv4, the value of the Information Element matches +the value of the Time to Live (TTL) field in the IPv4 packet +header. For IPv6, the value of the Information Element +matches the value of the Hop Limit field in the IPv6 +packet header.",hops,,"See [RFC791] for the definition of the IPv4 +Time to Live field. +See [RFC2675] for the definition of the IPv6 +Hop Limit field.",[RFC5102],0,2013-02-18 +193,nextHeaderIPv6,unsigned8,,current,"The value of the Next Header field of the IPv6 header. +The value identifies the type of the following IPv6 +extension header or of the following IP payload. +Valid values are defined in the IANA +Protocol Numbers registry.",,,"See [RFC8200] for the definition of the IPv6 +Next Header field. +See the list of protocol numbers assigned by IANA at [IANA registry protocol-numbers].",[RFC5102],0,2013-02-18 +194,mplsPayloadLength,unsigned32,,current,The size of the MPLS packet without the label stack.,octets,,"See [RFC3031] for the specification of MPLS +packets. +See [RFC3032] for the specification of the +MPLS label stack.",[RFC5102],0,2013-02-18 +195,ipDiffServCodePoint,unsigned8,identifier,current,"The value of a Differentiated Services Code Point (DSCP) +encoded in the Differentiated Services field. The +Differentiated Services field spans the most significant +6 bits of the IPv4 TOS field or the IPv6 Traffic Class +field, respectively. + + + + +This Information Element encodes only the 6 bits of the +Differentiated Services field. Therefore, its value may +range from 0 to 63.",,0-63,"See [RFC3260] for the definition of the +Differentiated Services field. +See [RFC1812] (Section 5.3.2) and [RFC791] for the definition of the IPv4 TOS field. +See [RFC8200] for the definition of the IPv6 +Traffic Class field.",[RFC5102],0,2013-02-18 +196,ipPrecedence,unsigned8,identifier,current,"The value of the IP Precedence. The IP Precedence value +is encoded in the first 3 bits of the IPv4 TOS field +or the IPv6 Traffic Class field, respectively. + + + + +This Information Element encodes only these 3 bits. +Therefore, its value may range from 0 to 7.",,0-7,"See [RFC1812] (Section 5.3.3) and [RFC791] for the definition of the IP Precedence. +See [RFC1812] (Section 5.3.2) and [RFC791] for the definition of the IPv4 TOS field. +See [RFC8200] for the definition of the IPv6 +Traffic Class field.",[RFC5102],0,2013-02-18 +197,fragmentFlags,unsigned8,flags,current,"Fragmentation properties indicated by flags in the IPv4 +packet header or the IPv6 Fragment header, respectively. + + + + +Bit 0: (RS) Reserved. + The value of this bit MUST be 0 until specified + otherwise. + +Bit 1: (DF) 0 = May Fragment, 1 = Don't Fragment. + Corresponds to the value of the DF flag in the + IPv4 header. Will always be 0 for IPv6 unless + a ""don't fragment"" feature is introduced to IPv6. + +Bit 2: (MF) 0 = Last Fragment, 1 = More Fragments. + Corresponds to the MF flag in the IPv4 header + or to the M flag in the IPv6 Fragment header, + respectively. The value is 0 for IPv6 if there + is no fragment header. + +Bits 3-7: (DC) Don't Care. + The values of these bits are irrelevant. + + 0 1 2 3 4 5 6 7 + +---+---+---+---+---+---+---+---+ + | R | D | M | D | D | D | D | D | + | S | F | F | C | C | C | C | C | + +---+---+---+---+---+---+---+---+",,,"See [RFC791] for the specification of the IPv4 +fragment flags. +See [RFC8200] for the specification of the +IPv6 Fragment header.",[RFC5102],0,2013-02-18 +198,octetDeltaSumOfSquares,unsigned64,,current,"The sum of the squared numbers of octets per incoming +packet since the previous report (if any) for this +Flow at the Observation Point. +The number of octets includes IP header(s) and IP payload.",,,,[RFC5102],0,2013-02-18 +199,octetTotalSumOfSquares,unsigned64,,current,"The total sum of the squared numbers of octets in incoming +packets for this Flow at the Observation Point since the +Metering Process (re-)initialization for this Observation +Point. The number of octets includes IP header(s) and IP +payload.",octets,,,[RFC5102],0,2013-02-18 +200,mplsTopLabelTTL,unsigned8,,current,"The TTL field from the top MPLS label stack entry, +i.e., the last label that was pushed.",hops,,"See [RFC3032] for the specification of the TTL +field.",[RFC5102],0,2013-02-18 +201,mplsLabelStackLength,unsigned32,,current,The length of the MPLS label stack in units of octets.,octets,,"See [RFC3032] for the specification of the +MPLS label stack.",[RFC5102],0,2013-02-18 +202,mplsLabelStackDepth,unsigned32,,current,The number of labels in the MPLS label stack.,entries,,"See [RFC3032] for the specification of the +MPLS label stack.",[RFC5102],0,2013-02-18 +203,mplsTopLabelExp,unsigned8,flags,current,"The Exp field from the top MPLS label stack entry, +i.e., the last label that was pushed. + + + +Bits 0-4: Don't Care, value is irrelevant. +Bits 5-7: MPLS Exp field. + + 0 1 2 3 4 5 6 7 + +---+---+---+---+---+---+---+---+ + | don't care | Exp | + +---+---+---+---+---+---+---+---+",,,"See [RFC3032] for the specification of the +Exp field. +See [RFC3270] for usage of the Exp field.",[RFC5102],0,2013-02-18 +204,ipPayloadLength,unsigned32,,current,"The effective length of the IP payload. + + + + +For IPv4 packets, the value of this Information Element is +the difference between the total length of the IPv4 packet +(as reported by Information Element totalLengthIPv4) and the +length of the IPv4 header (as reported by Information Element +headerLengthIPv4). + + + + +For IPv6, the value of the Payload Length field +in the IPv6 header is reported except in the case that +the value of this field is zero and that there is a valid +jumbo payload option. In this case, the value of the +Jumbo Payload Length field in the jumbo payload option +is reported.",octets,,"See [RFC791] for the specification of IPv4 +packets. +See [RFC8200] for the specification of the +IPv6 payload length. +See [RFC2675] for the specification of the +IPv6 jumbo payload length.",[RFC5102],0,2013-02-18 +205,udpMessageLength,unsigned16,,current,The value of the Length field in the UDP header.,octets,,"See [RFC768] for the specification of the UDP +header.",[RFC5102],0,2013-02-18 +206,isMulticast,unsigned8,flags,current,"If the IP destination address is not a reserved multicast +address, then the value of all bits of the octet (including +the reserved ones) is zero. + + + + +The first bit of this octet is set to 1 if the Version +field of the IP header has the value 4 and if the +Destination Address field contains a reserved multicast +address in the range from 224.0.0.0 to 239.255.255.255. +Otherwise, this bit is set to 0. + + + + +The second and third bits of this octet are reserved for +future use. + + + + +The remaining bits of the octet are only set to values +other than zero if the IP Destination Address is a +reserved IPv6 multicast address. Then the fourth bit +of the octet is set to the value of the T flag in the +IPv6 multicast address and the remaining four bits are +set to the value of the scope field in the IPv6 +multicast address. + + + + 0 1 2 3 4 5 6 7 + +------+------+------+------+------+------+------+------+ + | IPv6 multicast scope | T | RES. | RES. | MCv4 | + +------+------+------+------+------+------+------+------+ + + Bits 0-3: set to value of multicast scope if IPv6 multicast + Bit 4: set to value of T flag, if IPv6 multicast + Bits 5-6: reserved for future use + Bit 7: set to 1 if IPv4 multicast",,,"See [RFC1112] for the specification of +reserved IPv4 multicast addresses. +See [RFC4291] for the specification of +reserved IPv6 multicast addresses and the definition of the T flag and +the IPv6 multicast scope. +The diagram provided in [RFC5102] is incorrect. +The diagram in this registry is taken from Errata 1736. See [RFC Errata + 1736]",[RFC5102],0,2013-02-18 +207,ipv4IHL,unsigned8,,current,"The value of the Internet Header Length (IHL) field in +the IPv4 header. It specifies the length of the header +in units of 4 octets. Please note that its unit is +different from most of the other Information Elements +reporting length values.",4-octet words,,"See [RFC791] for the specification of the IPv4 +header.",[RFC5102],0,2013-02-18 +208,ipv4Options,unsigned32,flags,current,"IPv4 options in packets of this Flow. +The information is encoded in a set of bit fields. For +each valid IPv4 option type, there is a bit in this set. +The bit is set to 1 if any observed packet of this Flow +contains the corresponding IPv4 option type. Otherwise, +if no observed packet of this Flow contained the +respective IPv4 option type, the value of the +corresponding bit is 0. + + + + +The list of valid IPv4 options is maintained by IANA. +Note that for identifying an option not just the 5-bit +Option Number, but all 8 bits of the Option Type need to +match one of the IPv4 options specified at +http://www.iana.org/assignments/ip-parameters. + + + + +Options are mapped to bits according to their option numbers. +Option number X is mapped to bit X. +The mapping is illustrated by the figure below. + + + + 0 1 2 3 4 5 6 7 + +------+------+------+------+------+------+------+------+ +... | RR |CIPSO |E-SEC | TS | LSR | SEC | NOP | EOOL | + +------+------+------+------+------+------+------+------+ + + 8 9 10 11 12 13 14 15 + +------+------+------+------+------+------+------+------+ +... |ENCODE| VISA | FINN | MTUR | MTUP | ZSU | SSR | SID | ... + +------+------+------+------+------+------+------+------+ + + 16 17 18 19 20 21 22 23 + +------+------+------+------+------+------+------+------+ +... | DPS |NSAPA | SDB |RTRALT|ADDEXT| TR | EIP |IMITD | ... + +------+------+------+------+------+------+------+------+ + + 24 25 26 27 28 29 30 31 + +------+------+------+------+------+------+------+------+ +... | | EXP | to be assigned by IANA | QS | UMP | + +------+------+------+------+------+------+------+------+ + + Type Option + Bit Value Name Reference + ---+-----+-------+------------------------------------ + 0 7 RR Record Route, RFC 791 + 1 134 CIPSO Commercial Security + 2 133 E-SEC Extended Security, RFC 1108 + 3 68 TS Time Stamp, RFC 791 + 4 131 LSR Loose Source Route, RFC791 + 5 130 SEC Security, RFC 1108 + 6 1 NOP No Operation, RFC 791 + 7 0 EOOL End of Options List, RFC 791 + 8 15 ENCODE + 9 142 VISA Experimental Access Control + 10 205 FINN Experimental Flow Control + 11 12 MTUR (obsoleted) MTU Reply, RFC 1191 + 12 11 MTUP (obsoleted) MTU Probe, RFC 1191 + 13 10 ZSU Experimental Measurement + 14 137 SSR Strict Source Route, RFC 791 + 15 136 SID Stream ID, RFC 791 + 16 151 DPS Dynamic Packet State + 17 150 NSAPA NSAP Address + 18 149 SDB Selective Directed Broadcast + 19 147 ADDEXT Address Extension + 20 148 RTRALT Router Alert, RFC 2113 + 21 82 TR Traceroute, RFC 3193 + 22 145 EIP Extended Internet Protocol, RFC 1385 + 23 144 IMITD IMI Traffic Descriptor + 25 30 EXP RFC3692-style Experiment + 25 94 EXP RFC3692-style Experiment + 25 158 EXP RFC3692-style Experiment + 25 222 EXP RFC3692-style Experiment + 30 25 QS Quick-Start + 31 152 UMP Upstream Multicast Pkt. + ... ... ... Further options numbers + may be assigned by IANA",,,"See [RFC791] for the definition of IPv4 +options. +See the list of IPv4 option numbers assigned by IANA at [IANA registry ip-parameters]. +The diagram provided in [RFC5102] is incorrect. +The diagram in this registry is taken from Errata 1737. See [RFC Errata + 1737]",[RFC5102],0,2013-02-18 +209,tcpOptions,unsigned64,flags,current,"TCP options in packets of this Flow. +The information is encoded in a set of bit fields. For +each TCP option, there is a bit in this set. +The bit is set to 1 if any observed packet of this Flow +contains the corresponding TCP option. +Otherwise, if no observed packet of this Flow contained +the respective TCP option, the value of the +corresponding bit is 0. + + + + +Options are mapped to bits according to their option +numbers. Option number X is mapped to bit X. +TCP option numbers are maintained by IANA. + + + + 0 1 2 3 4 5 6 7 + +-----+-----+-----+-----+-----+-----+-----+-----+ + | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | ... + +-----+-----+-----+-----+-----+-----+-----+-----+ + + 8 9 10 11 12 13 14 15 + +-----+-----+-----+-----+-----+-----+-----+-----+ +... | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 |... + +-----+-----+-----+-----+-----+-----+-----+-----+ + + 16 17 18 19 20 21 22 23 + +-----+-----+-----+-----+-----+-----+-----+-----+ +... | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 |... + +-----+-----+-----+-----+-----+-----+-----+-----+ + + . . . + + 56 57 58 59 60 61 62 63 + +-----+-----+-----+-----+-----+-----+-----+-----+ +... | 63 | 62 | 61 | 60 | 59 | 58 | 57 | 56 | + +-----+-----+-----+-----+-----+-----+-----+-----+",,,"See [RFC793] for the definition of TCP +options. +See the list of TCP option numbers assigned by IANA at [IANA registry tcp-parameters]. +The diagram provided in [RFC5102] is incorrect. +The diagram in this registry is taken from Errata 1739. See [RFC Errata + 1739]",[RFC5102],0,2013-02-18 +210,paddingOctets,octetArray,default,current,"The value of this Information Element is always a sequence of +0x00 values.",,,,[RFC5102],0,2013-02-18 +211,collectorIPv4Address,ipv4Address,default,current,"An IPv4 address to which the Exporting Process sends Flow +information.",,,,[RFC5102],1,2014-02-03 +212,collectorIPv6Address,ipv6Address,default,current,"An IPv6 address to which the Exporting Process sends Flow +information.",,,,[RFC5102],1,2014-02-03 +213,exportInterface,unsigned32,identifier,current,"The index of the interface from which IPFIX Messages sent +by the Exporting Process to a Collector leave the IPFIX +Device. The value matches the value of +managed object 'ifIndex' as defined in [RFC2863]. +Note that ifIndex values are not assigned statically to an +interface and that the interfaces may be renumbered every +time the device's management system is re-initialized, as +specified in [RFC2863].",,,"See [RFC2863] for the definition of the +ifIndex object.",[RFC5102],0,2013-02-18 +214,exportProtocolVersion,unsigned8,identifier,current,"The protocol version used by the Exporting Process for +sending Flow information. The protocol version is given +by the value of the Version Number field in the Message +Header. + + + + +The protocol version is 10 for IPFIX and 9 for NetFlow +version 9. +A value of 0 indicates that no export protocol is in use.",,,"See the [IPFIX protocol +specification] for the definition of the IPFIX Message Header. +See [RFC3954] for the definition of the +NetFlow version 9 message header.",[RFC5102],0,2013-02-18 +215,exportTransportProtocol,unsigned8,identifier,current,"The value of the protocol number used by the Exporting Process +for sending Flow information. +The protocol number identifies the IP packet payload type. +Protocol numbers are defined in the IANA Protocol Numbers +registry. + + + + +In Internet Protocol version 4 (IPv4), this is carried in the +Protocol field. In Internet Protocol version 6 (IPv6), this +is carried in the Next Header field in the last extension +header of the packet.",,,"See [RFC791] for the specification of the IPv4 +protocol field. +See [RFC8200] for the specification of the +IPv6 protocol field. +See the list of protocol numbers assigned by IANA at [IANA registry protocol-numbers].",[RFC5102],0,2013-02-18 +216,collectorTransportPort,unsigned16,identifier,current,"The destination port identifier to which the Exporting +Process sends Flow information. For the transport protocols +UDP, TCP, and SCTP, this is the destination port number. +This field MAY also be used for future transport protocols +that have 16-bit source port identifiers.",,,"See [RFC768] for the definition of the UDP +destination port field. +See [RFC793] for the definition of the TCP +destination port field. +See [RFC4960] for the definition of SCTP. + + + + +Additional information on defined UDP and TCP port numbers can be +found at [IANA registry service-names-port-numbers].",[RFC5102],0,2013-02-18 +217,exporterTransportPort,unsigned16,identifier,current,"The source port identifier from which the Exporting +Process sends Flow information. For the transport protocols +UDP, TCP, and SCTP, this is the source port number. +This field MAY also be used for future transport protocols +that have 16-bit source port identifiers. This field may +be useful for distinguishing multiple Exporting Processes +that use the same IP address.",,,"See [RFC768] for the definition of the UDP +source port field. +See [RFC793] for the definition of the TCP +source port field. +See [RFC4960] for the definition of SCTP. + + + + +Additional information on defined UDP and TCP port numbers can be +found at [IANA registry service-names-port-numbers].",[RFC5102],0,2013-02-18 +218,tcpSynTotalCount,unsigned64,totalCounter,current,"The total number of packets of this Flow with +TCP ""Synchronize sequence numbers"" (SYN) flag set.",packets,,"See [RFC793] for the definition of the TCP SYN +flag.",[RFC5102],0,2013-02-18 +219,tcpFinTotalCount,unsigned64,totalCounter,current,"The total number of packets of this Flow with +TCP ""No more data from sender"" (FIN) flag set.",packets,,"See [RFC793] for the definition of the TCP FIN +flag.",[RFC5102],0,2013-02-18 +220,tcpRstTotalCount,unsigned64,totalCounter,current,"The total number of packets of this Flow with +TCP ""Reset the connection"" (RST) flag set.",packets,,"See [RFC793] for the definition of the TCP RST +flag.",[RFC5102],0,2013-02-18 +221,tcpPshTotalCount,unsigned64,totalCounter,current,"The total number of packets of this Flow with +TCP ""Push Function"" (PSH) flag set.",packets,,"See [RFC793] for the definition of the TCP PSH +flag.",[RFC5102],0,2013-02-18 +222,tcpAckTotalCount,unsigned64,totalCounter,current,"The total number of packets of this Flow with +TCP ""Acknowledgment field significant"" (ACK) flag set.",packets,,"See [RFC793] for the definition of the TCP ACK +flag.",[RFC5102],0,2013-02-18 +223,tcpUrgTotalCount,unsigned64,totalCounter,current,"The total number of packets of this Flow with +TCP ""Urgent Pointer field significant"" (URG) flag set.",packets,,"See [RFC793] for the definition of the TCP URG +flag.",[RFC5102],0,2013-02-18 +224,ipTotalLength,unsigned64,,current,The total length of the IP packet.,octets,,"See [RFC791] for the specification of the IPv4 +total length. +See [RFC8200] for the specification of the +IPv6 payload length. +See [RFC2675] for the specification of the +IPv6 jumbo payload length.",[RFC5102],0,2013-02-18 +225,postNATSourceIPv4Address,ipv4Address,default,current,"The definition of this Information Element is identical to the +definition of Information Element 'sourceIPv4Address', except +that it reports a modified value caused by a NAT middlebox +function after the packet passed the Observation Point.",,,"See [RFC791] for the definition of the IPv4 source +address field. See [RFC3022] for the definition of +NAT. See [RFC3234] for the definition of middleboxes.",[ipfix-iana_at_cisco.com],1,2014-02-03 +226,postNATDestinationIPv4Address,ipv4Address,default,current,"The definition of this Information Element is identical to the +definition of Information Element 'destinationIPv4Address', +except that it reports a modified value caused by a NAT +middlebox function after the packet passed the Observation +Point.",,,"See [RFC791] for the definition of the IPv4 destination +address field. See [RFC3022] for the definition of +NAT. See [RFC3234] for the definition of middleboxes.",[ipfix-iana_at_cisco.com],1,2014-02-03 +227,postNAPTSourceTransportPort,unsigned16,identifier,current,"The definition of this Information Element is identical to the +definition of Information Element 'sourceTransportPort', except +that it reports a modified value caused by a Network Address +Port Translation (NAPT) middlebox function after the packet +passed the Observation Point.",,,"See [RFC768] for the definition of the UDP source port +field. See [RFC793] for the definition of the TCP +source port field. See [RFC4960] for the definition of +SCTP. +See [RFC3022] for the definition of NAPT. See [RFC3234] for the definition of middleboxes. +Additional information on defined UDP and TCP port numbers can +be found at http://www.iana.org/assignments/port-numbers.",[ipfix-iana_at_cisco.com],0,2013-02-18 +228,postNAPTDestinationTransportPort,unsigned16,identifier,current,"The definition of this Information Element is identical to the +definition of Information Element 'destinationTransportPort', +except that it reports a modified value caused by a Network +Address Port Translation (NAPT) middlebox function after the +packet passed the Observation Point.",,,"See [RFC768] for the definition of the UDP source port +field. See [RFC793] for the definition of the TCP +source port field. See [RFC4960] for the definition of +SCTP. +See [RFC3022] for the definition of NAPT. See [RFC3234] for the definition of middleboxes. +Additional information on defined UDP and TCP port numbers can +be found at [IANA registry service-names-port-numbers].",[ipfix-iana_at_cisco.com],0,2013-02-18 +229,natOriginatingAddressRealm,unsigned8,identifier,current,"Indicates whether the session was created because traffic +originated in the private or public address realm. +postNATSourceIPv4Address, postNATDestinationIPv4Address, +postNAPTSourceTransportPort, and +postNAPTDestinationTransportPort are qualified with the address +realm in perspective. + + + + +The allowed values are: + + + + +Private: 1 + + + + +Public: 2",,1-2,See [RFC3022] for the definition of NAT.,[ipfix-iana_at_cisco.com],1,2014-08-13 +230,natEvent,unsigned8,identifier,current,"This Information Element identifies a NAT event. This IE identifies +the type of a NAT event. Examples of NAT events include, but are not +limited to, NAT translation create, NAT translation delete, Threshold +Reached, or Threshold Exceeded, etc. Values for this Information +Element are listed in the ""NAT Event Type"" registry, see +[http://www.iana.org/assignments/ipfix/ipfix.xml#ipfix-nat-event-type]. +New assignments of values will be administered by IANA and are +subject to Expert Review [RFC8126]. Experts +need to check definitions of new values for completeness, accuracy, +and redundancy.",,,"See [RFC3022] for the definition of NAT. See +[RFC3234] for the definition of middleboxes. +See [RFC8158] +for the definitions of values 4-16.",[RFC8158],2,2017-03-15 +231,initiatorOctets,unsigned64,deltaCounter,current,"The total number of layer 4 payload bytes in a flow from the +initiator since the previous report. The initiator is the device +which triggered the session creation, and remains the same for +the life of the session.",octets,,"See #298, initiatorPackets.",[ipfix-iana_at_cisco.com],1,2014-08-13 +232,responderOctets,unsigned64,deltaCounter,current,"The total number of layer 4 payload bytes in a flow from the +responder since the previous report. The responder is the device +which replies to the initiator, and remains the same for the life +of the session.",octets,,"See #299, responderPackets.",[ipfix-iana_at_cisco.com],1,2014-08-13 +233,firewallEvent,unsigned8,,current,"Indicates a firewall event. The allowed values are: + + + + +0 - Ignore (invalid) + + + + +1 - Flow Created + + + + +2 - Flow Deleted + + + + +3 - Flow Denied + + + + +4 - Flow Alert + + + + +5 - Flow Update",,,,[ipfix-iana_at_cisco.com],0,2013-02-18 +234,ingressVRFID,unsigned32,,current,"An unique identifier of the VRFname where the packets of this +flow are being received. This identifier is unique per Metering +Process",,,,[ipfix-iana_at_cisco.com],0,2013-02-18 +235,egressVRFID,unsigned32,,current,"An unique identifier of the VRFname where the packets of this +flow are being sent. This identifier is unique per Metering +Process",,,,[ipfix-iana_at_cisco.com],0,2013-02-18 +236,VRFname,string,default,current,The name of a VPN Routing and Forwarding table (VRF).,,,See [RFC4364] for the definition of VRF.,[ipfix-iana_at_cisco.com],0,2013-02-18 +237,postMplsTopLabelExp,unsigned8,flags,current,"The definition of this Information Element is identical to the +definition of Information Element 'mplsTopLabelExp', except +that it reports a potentially modified value caused by a +middlebox function after the packet passed the Observation +Point.",,,"See [RFC3032] for the specification of the Exp +field. +See [RFC3270] for usage of the Exp field.",[RFC5102],0,2013-02-18 +238,tcpWindowScale,unsigned16,,current,The scale of the window field in the TCP header.,,,"See [RFC1323] for the definition of the TCP +window scale.",[RFC5102],0,2013-02-18 +239,biflowDirection,unsigned8,identifier,current,"A description of the direction assignment method used to +assign the Biflow Source and Destination. This Information Element +MAY be present in a Flow Data Record, or applied to all flows exported +from an Exporting Process or Observation Domain using IPFIX Options. +If this Information Element is not present in a Flow Record or +associated with a Biflow via scope, it is assumed that the +configuration of the direction assignment method is done out-of-band. +Note that when using IPFIX Options to apply this Information Element +to all flows within an Observation Domain or from an Exporting +Process, the Option SHOULD be sent reliably. If reliable transport is +not available (i.e., when using UDP), this Information Element SHOULD +appear in each Flow Record. This field may take the following +values: + + ++-------+------------------+----------------------------------------+ +| Value | Name | Description | ++-------+------------------+----------------------------------------+ +| 0x00 | arbitrary | Direction was assigned arbitrarily. | +| 0x01 | initiator | The Biflow Source is the flow | +| | | initiator, as determined by the | +| | | Metering Process' best effort to | +| | | detect the initiator. | +| 0x02 | reverseInitiator | The Biflow Destination is the flow | +| | | initiator, as determined by the | +| | | Metering Process' best effort to | +| | | detect the initiator. This value is | +| | | provided for the convenience of | +| | | Exporting Processes to revise an | +| | | initiator estimate without re-encoding | +| | | the Biflow Record. | +| 0x03 | perimeter | The Biflow Source is the endpoint | +| | | outside of a defined perimeter. The | +| | | perimeter's definition is implicit in | +| | | the set of Biflow Source and Biflow | +| | | Destination addresses exported in the | +| | | Biflow Records. | ++-------+------------------+----------------------------------------+",,,,[RFC5103],0,2013-02-18 +240,ethernetHeaderLength,unsigned8,quantity,current,"The difference between the length of an Ethernet frame (minus the +FCS) and the length of its MAC Client Data section (including any +padding) as defined in section 3.1 of [IEEE.802-3.2005]. It does +not include the Preamble, SFD and Extension field lengths.",octets,,[IEEE.802-3.2005],[ipfix-iana_at_cisco.com],1,2014-08-13 +241,ethernetPayloadLength,unsigned16,quantity,current,"The length of the MAC Client Data section (including any padding) +of a frame as defined in section 3.1 of [IEEE.802-3.2005].",octets,,[IEEE.802-3.2005],[ipfix-iana_at_cisco.com],1,2014-08-13 +242,ethernetTotalLength,unsigned16,quantity,current,"The total length of the Ethernet frame (excluding the Preamble, +SFD, Extension and FCS fields) as described in section 3.1 of +[IEEE.802-3.2005].",octets,,[IEEE.802-3.2005],[ipfix-iana_at_cisco.com],1,2014-08-13 +243,dot1qVlanId,unsigned16,identifier,current,"The value of the 12-bit VLAN Identifier portion of the Tag Control +Information field of an Ethernet frame. The structure and +semantics within the Tag Control Information field are defined in +[IEEE802.1Q]. In Provider Bridged Networks, it represents the +Service VLAN identifier in the Service VLAN Tag (S-TAG) Tag +Control Information (TCI) field or the Customer VLAN identifier in +the Customer VLAN Tag (C-TAG) Tag Control Information (TCI) field +as described in [IEEE802.1Q]. In Provider Backbone Bridged +Networks, it represents the Backbone VLAN identifier in the +Backbone VLAN Tag (B-TAG) Tag Control Information (TCI) field as +described in [IEEE802.1Q]. In a virtual link between a host +system and EVB bridge, it represents the Service VLAN identifier +indicating S-channel as described in [IEEE802.1Qbg]. + + + + +In the case of a multi-tagged frame, it represents the outer tag's +VLAN identifier, except for I-TAG.",,,[IEEE802.1Q][IEEE802.1Qbg],[ipfix-iana_at_cisco.com][RFC7133],2,2014-01-11 +244,dot1qPriority,unsigned8,identifier,current,"The value of the 3-bit User Priority portion of the Tag Control +Information field of an Ethernet frame. The structure and +semantics within the Tag Control Information field are defined in +[IEEE802.1Q]. In the case of multi-tagged frame, it represents +the 3-bit Priority Code Point (PCP) portion of the outer tag's Tag +Control Information (TCI) field as described in [IEEE802.1Q], +except for I-TAG.",,,[IEEE802.1Q],[ipfix-iana_at_cisco.com][RFC7133],1,2014-01-11 +245,dot1qCustomerVlanId,unsigned16,identifier,current,"The value represents the Customer VLAN identifier in the Customer +VLAN Tag (C-TAG) Tag Control Information (TCI) field as described +in [IEEE802.1Q].",,,[IEEE802.1Q],[ipfix-iana_at_cisco.com][RFC7133],1,2014-01-11 +246,dot1qCustomerPriority,unsigned8,identifier,current,"The value represents the 3-bit Priority Code Point (PCP) portion +of the Customer VLAN Tag (C-TAG) Tag Control Information (TCI) +field as described in [IEEE802.1Q].",,,[IEEE802.1Q],[ipfix-iana_at_cisco.com][RFC7133],1,2014-01-11 +247,metroEvcId,string,default,current,"The EVC Service Attribute which uniquely identifies the Ethernet +Virtual Connection (EVC) within a Metro Ethernet Network, as +defined in section 6.2 of MEF 10.1. The MetroEVCID is encoded in +a string of up to 100 characters.",,,"MEF 10.1 (Ethernet Services Attributes Phase 2) +MEF16 (Ethernet Local Management Interface)",[ipfix-iana_at_cisco.com],1,2014-02-03 +248,metroEvcType,unsigned8,identifier,current,"The 3-bit EVC Service Attribute which identifies the type of +service provided by an EVC.",,,"MEF 10.1 (Ethernet Services Attributes Phase 2) +MEF16 (Ethernet Local Management Interface)",[ipfix-iana_at_cisco.com],0,2013-02-18 +249,pseudoWireId,unsigned32,identifier,current,"A 32-bit non-zero connection identifier, which together with the +pseudoWireType, identifies the Pseudo Wire (PW) as defined in [RFC8077].",,,See [RFC8077] for pseudowire definitions.,[ipfix-iana_at_cisco.com],0,2013-02-18 +250,pseudoWireType,unsigned16,identifier,current,"The value of this information element identifies the type of MPLS +Pseudo Wire (PW) as defined in [RFC4446].",,,"See [RFC4446] for the pseudowire type definition, and +http://www.iana.org/assignments/pwe3-parameters for the IANA +Pseudowire Types Registry.",[ipfix-iana_at_cisco.com],0,2013-02-18 +251,pseudoWireControlWord,unsigned32,identifier,current,"The 32-bit Preferred Pseudo Wire (PW) MPLS Control Word as +defined in Section 3 of [RFC4385].",,,"See [RFC4385] for the Pseudo Wire Control Word +definition.",[ipfix-iana_at_cisco.com],0,2013-02-18 +252,ingressPhysicalInterface,unsigned32,identifier,current,"The index of a networking device's physical interface (example, a +switch port) where packets of this flow are being received.",,,See [RFC2863] for the definition of the ifIndex object.,[ipfix-iana_at_cisco.com],0,2013-02-18 +253,egressPhysicalInterface,unsigned32,identifier,current,"The index of a networking device's physical interface (example, a +switch port) where packets of this flow are being sent.",,,See [RFC2863] for the definition of the ifIndex object.,[ipfix-iana_at_cisco.com],0,2013-02-18 +254,postDot1qVlanId,unsigned16,identifier,current,"The definition of this Information Element is identical to the +definition of Information Element 'dot1qVlanId', except that it +reports a potentially modified value caused by a middlebox +function after the packet passed the Observation Point.",,,"[IEEE.802-3.2005] +[IEEE.802-1ad.2005]",[ipfix-iana_at_cisco.com],0,2013-02-18 +255,postDot1qCustomerVlanId,unsigned16,identifier,current,"The definition of this Information Element is identical to the +definition of Information Element 'dot1qCustomerVlanId', except +that it reports a potentially modified value caused by a +middlebox function after the packet passed the Observation Point.",,,"[IEEE.802-1ad.2005] +[IEEE.802-1Q.2003]",[ipfix-iana_at_cisco.com],0,2013-02-18 +256,ethernetType,unsigned16,identifier,current,"The Ethernet type field of an Ethernet frame that identifies the +MAC client protocol carried in the payload as defined in +paragraph 1.4.349 of [IEEE.802-3.2005].",,,"[IEEE.802-3.2005] +Ethertype registry available at +[http://standards.ieee.org/regauth/ethertype/eth.txt]",[ipfix-iana_at_cisco.com],0,2013-02-18 +257,postIpPrecedence,unsigned8,identifier,current,"The definition of this Information Element is identical to the +definition of Information Element 'ipPrecedence', except that +it reports a potentially modified value caused by a middlebox +function after the packet passed the Observation Point.",,0-7,"See [RFC1812] (Section 5.3.3) and +[RFC791] for the definition of the +IP Precedence. See [RFC1812] +(Section 5.3.2) and [RFC791] for the +definition of the IPv4 TOS field. See +[RFC8200] for the definition of the +IPv6 Traffic Class field.",[ipfix-iana_at_cisco.com],0,2013-02-18 +258,collectionTimeMilliseconds,dateTimeMilliseconds,default,current,"The absolute timestamp at which the data within the +scope containing this Information Element was received by a +Collecting Process. This Information Element SHOULD be bound to +its containing IPFIX Message via IPFIX Options and the +messageScope Information Element, as defined below.",milliseconds,,,"[RFC5655][RFC Errata + 3559]",1,2013-03-26 +259,exportSctpStreamId,unsigned16,identifier,current,"The value of the SCTP Stream Identifier used by the +Exporting Process for exporting IPFIX Message data. This is +carried in the Stream Identifier field of the header of the SCTP +DATA chunk containing the IPFIX Message(s).",,,,[RFC5655],0,2013-02-18 +260,maxExportSeconds,dateTimeSeconds,default,current,"The absolute Export Time of the latest IPFIX Message +within the scope containing this Information Element. This +Information Element SHOULD be bound to its containing IPFIX +Transport Session via IPFIX Options and the sessionScope +Information Element.",seconds,,,[RFC5655],0,2013-02-18 +261,maxFlowEndSeconds,dateTimeSeconds,default,current,"The latest absolute timestamp of the last packet +within any Flow within the scope containing this Information +Element, rounded up to the second if necessary. This Information +Element SHOULD be bound to its containing IPFIX Transport Session +via IPFIX Options and the sessionScope Information Element.",seconds,,,[RFC5655],0,2013-02-18 +262,messageMD5Checksum,octetArray,default,current,"The MD5 checksum of the IPFIX Message containing this +record. This Information Element SHOULD be bound to its +containing IPFIX Message via an options record and the +messageScope Information Element, as defined below, and SHOULD +appear only once in a given IPFIX Message. To calculate the value +of this Information Element, first buffer the containing IPFIX +Message, setting the value of this Information Element to all +zeroes. Then calculate the MD5 checksum of the resulting buffer +as defined in [RFC1321], place the resulting value in this +Information Element, and export the buffered message. This +Information Element is intended as a simple checksum only; +therefore collision resistance and algorithm agility are not +required, and MD5 is an appropriate message digest. + +This Information Element has a fixed length of 16 octets.",,,,[RFC5655][RFC1321],0,2013-02-18 +263,messageScope,unsigned8,,current,"The presence of this Information Element as scope in +an Options Template signifies that the options described by the +Template apply to the IPFIX Message that contains them. It is +defined for general purpose message scoping of options, and +proposed specifically to allow the attachment a checksum to a +message via IPFIX Options. The value of this Information Element +MUST be written as 0 by the File Writer or Exporting Process. The +value of this Information Element MUST be ignored by the File +Reader or the Collecting Process.",,0-0,,[RFC5655],0,2013-02-18 +264,minExportSeconds,dateTimeSeconds,default,current,"The absolute Export Time of the earliest IPFIX Message +within the scope containing this Information Element. This +Information Element SHOULD be bound to its containing IPFIX +Transport Session via an options record and the sessionScope +Information Element.",seconds,,,[RFC5655],0,2013-02-18 +265,minFlowStartSeconds,dateTimeSeconds,default,current,"The earliest absolute timestamp of the first packet +within any Flow within the scope containing this Information +Element, rounded down to the second if necessary. This +Information Element SHOULD be bound to its containing IPFIX +Transport Session via an options record and the sessionScope +Information Element.",seconds,,,[RFC5655],0,2013-02-18 +266,opaqueOctets,octetArray,default,current,"This Information Element is used to encapsulate non- +IPFIX data into an IPFIX Message stream, for the purpose of +allowing a non-IPFIX data processor to store a data stream inline +within an IPFIX File. A Collecting Process or File Writer MUST +NOT try to interpret this binary data. This Information Element +differs from paddingOctets as its contents are meaningful in some +non-IPFIX context, while the contents of paddingOctets MUST be +0x00 and are intended only for Information Element alignment.",,,,[RFC5655],0,2013-02-18 +267,sessionScope,unsigned8,,current,"The presence of this Information Element as scope in +an Options Template signifies that the options described by the +Template apply to the IPFIX Transport Session that contains them. +Note that as all options are implicitly scoped to Transport +Session and Observation Domain, this Information Element is +equivalent to a ""null"" scope. It is defined for general purpose +session scoping of options, and proposed specifically to allow the +attachment of time window to an IPFIX File via IPFIX Options. The +value of this Information Element MUST be written as 0 by the File +Writer or Exporting Process. The value of this Information +Element MUST be ignored by the File Reader or the Collecting +Process.",,0-0,,[RFC5655],0,2013-02-18 +268,maxFlowEndMicroseconds,dateTimeMicroseconds,default,current,"The latest absolute timestamp of the last packet +within any Flow within the scope containing this Information +Element, rounded up to the microsecond if necessary. This +Information Element SHOULD be bound to its containing IPFIX +Transport Session via IPFIX Options and the sessionScope +Information Element. This Information Element SHOULD be used only +in Transport Sessions containing Flow Records with microsecond- +precision (or better) timestamp Information Elements.",microseconds,,,[RFC5655],0,2013-02-18 +269,maxFlowEndMilliseconds,dateTimeMilliseconds,default,current,"The latest absolute timestamp of the last packet +within any Flow within the scope containing this Information +Element, rounded up to the millisecond if necessary. This +Information Element SHOULD be bound to its containing IPFIX +Transport Session via IPFIX Options and the sessionScope +Information Element. This Information Element SHOULD be used only +in Transport Sessions containing Flow Records with millisecond- +precision (or better) timestamp Information Elements.",milliseconds,,,[RFC5655],0,2013-02-18 +270,maxFlowEndNanoseconds,dateTimeNanoseconds,default,current,"The latest absolute timestamp of the last packet +within any Flow within the scope containing this Information +Element. This Information Element SHOULD be bound to its +containing IPFIX Transport Session via IPFIX Options and the +sessionScope Information Element. This Information Element SHOULD +be used only in Transport Sessions containing Flow Records with +nanosecond-precision timestamp Information Elements.",nanoseconds,,,[RFC5655],0,2013-02-18 +271,minFlowStartMicroseconds,dateTimeMicroseconds,default,current,"The earliest absolute timestamp of the first packet +within any Flow within the scope containing this Information +Element, rounded down to the microsecond if necessary. This +Information Element SHOULD be bound to its containing IPFIX +Transport Session via an options record and the sessionScope +Information Element. This Information Element SHOULD be used only +in Transport Sessions containing Flow Records with microsecond- +precision (or better) timestamp Information Elements.",microseconds,,,[RFC5655],0,2013-02-18 +272,minFlowStartMilliseconds,dateTimeMilliseconds,default,current,"The earliest absolute timestamp of the first packet +within any Flow within the scope containing this Information +Element, rounded down to the millisecond if necessary. This +Information Element SHOULD be bound to its containing IPFIX +Transport Session via an options record and the sessionScope +Information Element. This Information Element SHOULD be used only +in Transport Sessions containing Flow Records with millisecond- +precision (or better) timestamp Information Elements.",milliseconds,,,[RFC5655],0,2013-02-18 +273,minFlowStartNanoseconds,dateTimeNanoseconds,default,current,"The earliest absolute timestamp of the first packet +within any Flow within the scope containing this Information +Element. This Information Element SHOULD be bound to its +containing IPFIX Transport Session via an options record and the +sessionScope Information Element. This Information Element SHOULD +be used only in Transport Sessions containing Flow Records with +nanosecond-precision timestamp Information Elements.",nanoseconds,,,[RFC5655],0,2013-02-18 +274,collectorCertificate,octetArray,default,current,"The full X.509 certificate, encoded in ASN.1 DER +format, used by the Collector when IPFIX Messages were transmitted +using TLS or DTLS. This Information Element SHOULD be bound to +its containing IPFIX Transport Session via an options record and +the sessionScope Information Element, or to its containing IPFIX +Message via an options record and the messageScope Information +Element.",,,,[RFC5655],0,2013-02-18 +275,exporterCertificate,octetArray,default,current,"The full X.509 certificate, encoded in ASN.1 DER +format, used by the Collector when IPFIX Messages were transmitted +using TLS or DTLS. This Information Element SHOULD be bound to +its containing IPFIX Transport Session via an options record and +the sessionScope Information Element, or to its containing IPFIX +Message via an options record and the messageScope Information +Element.",,,,[RFC5655],0,2013-02-18 +276,dataRecordsReliability,boolean,default,current,"The export reliability of Data Records, within this SCTP +stream, for the element(s) in the Options Template +scope. A typical example of an element for which the +export reliability will be reported is the templateID, +as specified in the Data Records Reliability Options +Template. A value of 'True' means that the Exporting +Process MUST send any Data Records associated with the +element(s) reliably within this SCTP stream. A value of +'False' means that the Exporting Process MAY send any +Data Records associated with the element(s) unreliably +within this SCTP stream.",,,,[RFC6526],1,2014-02-03 +277,observationPointType,unsigned8,identifier,current,"Type of observation point. Values assigned to date are: + + + + +1. Physical port + + + + +2. Port channel + + + + +3. Vlan.",,,,[ipfix-iana_at_cisco.com],0,2013-02-18 +278,newConnectionDeltaCount,unsigned32,deltaCounter,current,"This information element counts the number of TCP or UDP +connections which were opened during the observation period. The +observation period may be specified by the flow start and end timestamps.",,,,[ipfix-iana_at_cisco.com],1,2014-08-13 +279,connectionSumDurationSeconds,unsigned64,,current,"This information element aggregates the total time in +seconds for all of the TCP or UDP connections which were in use during +the observation period. For example if there are 5 concurrent +connections each for 10 seconds, the value would be 50 s.",seconds,,,[ipfix-iana_at_cisco.com],1,2013-06-25 +280,connectionTransactionId,unsigned64,identifier,current,"This information element identifies a transaction within a +connection. A transaction is a meaningful exchange of application data +between two network devices or a client and server. A transactionId is +assigned the first time a flow is reported, so that later reports for +the same flow will have the same transactionId. A different +transactionId is used for each transaction within a TCP or UDP +connection. The identifiers need not be sequential.",,,,[ipfix-iana_at_cisco.com],0,2013-02-18 +281,postNATSourceIPv6Address,ipv6Address,default,current,"The definition of this Information Element is identical to +the definition of Information Element 'sourceIPv6Address', except that +it reports a modified value caused by a NAT64 middlebox function after +the packet passed the Observation Point. + +See [RFC8200] for the definition of the Source Address field in the IPv6 +header. See [RFC3234] for the definition of middleboxes. See +[RFC6146] for nat64 specification.",,,,[ipfix-iana_at_cisco.com],0,2013-02-18 +282,postNATDestinationIPv6Address,ipv6Address,default,current,"The definition of this Information Element is identical to +the definition of Information Element 'destinationIPv6Address', except +that it reports a modified value caused by a NAT64 middlebox function +after the packet passed the Observation Point. + +See [RFC8200] for the definition of the Destination Address field in the +IPv6 header. See [RFC3234] for the definition of middleboxes. See +[RFC6146] for nat64 specification.",,,,[ipfix-iana_at_cisco.com],0,2013-02-18 +283,natPoolId,unsigned32,identifier,current,Locally unique identifier of a NAT pool.,,,,[ipfix-iana_at_cisco.com],0,2013-02-18 +284,natPoolName,string,default,current,The name of a NAT pool identified by a natPoolID.,,,,[ipfix-iana_at_cisco.com],0,2013-02-18 +285,anonymizationFlags,unsigned16,flags,current,"A flag word describing specialized modifications to +the anonymization policy in effect for the anonymization technique +applied to a referenced Information Element within a referenced +Template. When flags are clear (0), the normal policy (as +described by anonymizationTechnique) applies without modification. + + + +MSB 14 13 12 11 10 9 8 7 6 5 4 3 2 1 LSB ++---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ +| Reserved |LOR|PmA| SC | ++---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ + +anonymizationFlags IE + ++--------+----------+-----------------------------------------------+ +| bit(s) | name | description | +| (LSB = | | | +| 0) | | | ++--------+----------+-----------------------------------------------+ +| 0-1 | SC | Stability Class: see the Stability Class | +| | | table below, and section Section 5.1. | +| 2 | PmA | Perimeter Anonymization: when set (1), | +| | | source- Information Elements as described in | +| | | [RFC5103] are interpreted as external | +| | | addresses, and destination- Information | +| | | Elements as described in [RFC5103] are | +| | | interpreted as internal addresses, for the | +| | | purposes of associating | +| | | anonymizationTechnique to Information | +| | | Elements only; see Section 7.2.2 for details. | +| | | This bit MUST NOT be set when associated with | +| | | a non-endpoint (i.e., source- or | +| | | destination-) Information Element. SHOULD be | +| | | consistent within a record (i.e., if a | +| | | source- Information Element has this flag | +| | | set, the corresponding destination- element | +| | | SHOULD have this flag set, and vice-versa.) | +| 3 | LOR | Low-Order Unchanged: when set (1), the | +| | | low-order bits of the anonymized Information | +| | | Element contain real data. This modification | +| | | is intended for the anonymization of | +| | | network-level addresses while leaving | +| | | host-level addresses intact in order to | +| | | preserve host level-structure, which could | +| | | otherwise be used to reverse anonymization. | +| | | MUST NOT be set when associated with a | +| | | truncation-based anonymizationTechnique. | +| 4-15 | Reserved | Reserved for future use: SHOULD be cleared | +| | | (0) by the Exporting Process and MUST be | +| | | ignored by the Collecting Process. | ++--------+----------+-----------------------------------------------+ + + + +The Stability Class portion of this flags word describes the +stability class of the anonymization technique applied to a +referenced Information Element within a referenced Template. +Stability classes refer to the stability of the parameters of the +anonymization technique, and therefore the comparability of the +mapping between the real and anonymized values over time. This +determines which anonymized datasets may be compared with each +other. Values are as follows: + + + ++-----+-----+-------------------------------------------------------+ +| Bit | Bit | Description | +| 1 | 0 | | ++-----+-----+-------------------------------------------------------+ +| 0 | 0 | Undefined: the Exporting Process makes no | +| | | representation as to how stable the mapping is, or | +| | | over what time period values of this field will | +| | | remain comparable; while the Collecting Process MAY | +| | | assume Session level stability, Session level | +| | | stability is not guaranteed. Processes SHOULD assume | +| | | this is the case in the absence of stability class | +| | | information; this is the default stability class. | +| 0 | 1 | Session: the Exporting Process will ensure that the | +| | | parameters of the anonymization technique are stable | +| | | during the Transport Session. All the values of the | +| | | described Information Element for each Record | +| | | described by the referenced Template within the | +| | | Transport Session are comparable. The Exporting | +| | | Process SHOULD endeavour to ensure at least this | +| | | stability class. | +| 1 | 0 | Exporter-Collector Pair: the Exporting Process will | +| | | ensure that the parameters of the anonymization | +| | | technique are stable across Transport Sessions over | +| | | time with the given Collecting Process, but may use | +| | | different parameters for different Collecting | +| | | Processes. Data exported to different Collecting | +| | | Processes are not comparable. | +| 1 | 1 | Stable: the Exporting Process will ensure that the | +| | | parameters of the anonymization technique are stable | +| | | across Transport Sessions over time, regardless of | +| | | the Collecting Process to which it is sent. | ++-----+-----+-------------------------------------------------------+",,,,[RFC6235],0,2013-02-18 +286,anonymizationTechnique,unsigned16,identifier,current,"A description of the anonymization technique applied +to a referenced Information Element within a referenced Template. +Each technique may be applicable only to certain Information +Elements and recommended only for certain Infomation Elements; +these restrictions are noted in the table below. + + + ++-------+---------------------------+-----------------+-------------+ +| Value | Description | Applicable to | Recommended | +| | | | for | ++-------+---------------------------+-----------------+-------------+ +| 0 | Undefined: the Exporting | all | all | +| | Process makes no | | | +| | representation as to | | | +| | whether the defined field | | | +| | is anonymized or not. | | | +| | While the Collecting | | | +| | Process MAY assume that | | | +| | the field is not | | | +| | anonymized, it is not | | | +| | guaranteed not to be. | | | +| | This is the default | | | +| | anonymization technique. | | | +| 1 | None: the values exported | all | all | +| | are real. | | | +| 2 | Precision | all | all | +| | Degradation/Truncation: | | | +| | the values exported are | | | +| | anonymized using simple | | | +| | precision degradation or | | | +| | truncation. The new | | | +| | precision or number of | | | +| | truncated bits is | | | +| | implicit in the exported | | | +| | data, and can be deduced | | | +| | by the Collecting | | | +| | Process. | | | +| 3 | Binning: the values | all | all | +| | exported are anonymized | | | +| | into bins. | | | +| 4 | Enumeration: the values | all | timestamps | +| | exported are anonymized | | | +| | by enumeration. | | | +| 5 | Permutation: the values | all | identifiers | +| | exported are anonymized | | | +| | by permutation. | | | +| 6 | Structured Permutation: | addresses | | +| | the values exported are | | | +| | anonymized by | | | +| | permutation, preserving | | | +| | bit-level structure as | | | +| | appropriate; this | | | +| | represents | | | +| | prefix-preserving IP | | | +| | address anonymization or | | | +| | structured MAC address | | | +| | anonymization. | | | +| 7 | Reverse Truncation: the | addresses | | +| | values exported are | | | +| | anonymized using reverse | | | +| | truncation. The number | | | +| | of truncated bits is | | | +| | implicit in the exported | | | +| | data, and can be deduced | | | +| | by the Collecting | | | +| | Process. | | | +| 8 | Noise: the values | non-identifiers | counters | +| | exported are anonymized | | | +| | by adding random noise to | | | +| | each value. | | | +| 9 | Offset: the values | all | timestamps | +| | exported are anonymized | | | +| | by adding a single offset | | | +| | to all values. | | | ++-------+---------------------------+-----------------+-------------+",,,,[RFC6235],0,2013-02-18 +287,informationElementIndex,unsigned16,identifier,current,"A zero-based index of an Information Element +referenced by informationElementId within a Template referenced by +templateId; used to disambiguate scope for templates containing +multiple identical Information Elements.",,,,[RFC6235],0,2013-02-18 +288,p2pTechnology,string,default,current,"Specifies if the Application ID is based on peer-to-peer +technology. + + + + +Possible values are: { ""yes"", ""y"", 1 }, +{ ""no"", ""n"", 2 } and { ""unassigned"", ""u"", 0 }.",,,,[RFC6759],0,2013-02-18 +289,tunnelTechnology,string,default,current,"Specifies if the Application ID is used as a tunnel technology. + + + + +Possible values are: { ""yes"", ""y"", 1 }, { ""no"", ""n"", 2 } and +{ ""unassigned"", ""u"", 0 }.",,,,[RFC6759],0,2013-02-18 +290,encryptedTechnology,string,default,current,"Specifies if the Application ID is an encrypted networking +protocol. + + + + Possible values are: { ""yes"", ""y"", 1 }, +{ ""no"", ""n"", 2 } and { ""unassigned"", ""u"", 0 }.",,,,[RFC6759],0,2013-02-18 +291,basicList,basicList,list,current,"Specifies a generic Information Element with a basicList abstract +data type. For example, a list of port numbers, a list of +interface indexes, etc.",,,,[RFC6313],0,2013-02-18 +292,subTemplateList,subTemplateList,list,current,"Specifies a generic Information Element with a subTemplateList +abstract data type.",,,,[RFC6313],0,2013-02-18 +293,subTemplateMultiList,subTemplateMultiList,list,current,"Specifies a generic Information Element with a +subTemplateMultiList abstract data type.",,,,[RFC6313],0,2013-02-18 +294,bgpValidityState,unsigned8,identifier,current,"This element describes the ""validity state"" of the BGP route correspondent source or destination IP address. If the ""validity state"" for this Flow is only available, then the value of this Information Element is 255.",,,"See [RFC4271] for a description of BGP-4, +[RFC6811] for the +definition of ""validity states"" and +[draft-ietf-sidr-origin-validation-signaling] +for the encoding of those ""validity states"".",[ipfix-iana_at_cisco.com],0,2013-02-18 +295,IPSecSPI,unsigned32,identifier,current,IPSec Security Parameters Index (SPI).,,,See [RFC2401] for the definition of SPI.,[ipfix-iana_at_cisco.com],0,2013-02-18 +296,greKey,unsigned32,identifier,current,"GRE key, which is used for identifying an individual traffic flow within a tunnel.",,,See [RFC1701] for the definition of GRE and the GRE Key.,[ipfix-iana_at_cisco.com],0,2013-02-18 +297,natType,unsigned8,identifier,current,"The type of NAT treatment: + + + + +0 unknown + + + + +1 NAT44 translated + + + + +2 NAT64 translated + + + + +3 NAT46 translated + + + + +4 IPv4-->IPv4 (no NAT) + + + + +5 NAT66 translated + + + + +6 IPv6-->IPv6 (no NAT)",,,"See [RFC3022] for the definition of NAT. +See [RFC1631] for the definition of NAT44. +See [RFC6144] for the definition of NAT64. +See [RFC6146] for the definition of NAT46. +See [RFC6296] for the definition of NAT66. +See [RFC791] for the definition of IPv4. +See [RFC8200] for the definition of IPv6.",[ipfix-iana_at_cisco.com],0,2013-02-18 +298,initiatorPackets,unsigned64,deltaCounter,current,"The total number of layer 4 packets in a flow from the initiator +since the previous report. The initiator is the device which +triggered the session creation, and remains the same for the life +of the session.",packets,,"See #231, initiatorOctets.",[ipfix-iana_at_cisco.com],1,2014-08-13 +299,responderPackets,unsigned64,deltaCounter,current,"The total number of layer 4 packets in a flow from the responder +since the previous report. The responder is the device which +replies to the initiator, and remains the same for the life of the +session.",packets,,"See #232, responderOctets.",[ipfix-iana_at_cisco.com],1,2014-08-13 +300,observationDomainName,string,default,current,"The name of an observation domain identified by an +observationDomainId.",,,"See #149, observationDomainId.",[ipfix-iana_at_cisco.com],0,2013-02-18 +301,selectionSequenceId,unsigned64,identifier,current,"From all the packets observed at an Observation Point, a subset of +the packets is selected by a sequence of one or more Selectors. +The selectionSequenceId is a unique value per Observation Domain, +specifying the Observation Point and the sequence of Selectors +through which the packets are selected.",,,,[RFC5477],0,2013-02-18 +302,selectorId,unsigned64,identifier,current,"The Selector ID is the unique ID identifying a Primitive Selector. +Each Primitive Selector must have a unique ID in the Observation +Domain.",,,,"[RFC5477][RFC Errata + 2052]",0,2013-02-18 +303,informationElementId,unsigned16,identifier,current,"This Information Element contains the ID of another Information +Element.",,,,[RFC5477],0,2013-02-18 +304,selectorAlgorithm,unsigned16,identifier,current,"This Information Element identifies the packet selection methods +(e.g., Filtering, Sampling) that are applied by the Selection +Process. + + + + +Most of these methods have parameters. Further Information +Elements are needed to fully specify packet selection with these +methods and all their parameters. + + + + +The methods listed below are defined in [RFC5475]. For their parameters, Information Elements are defined in +the information model document. The names of these Information +Elements are listed for each method identifier. + + + + +Further method identifiers may be added to the list below. It +might be necessary to define new Information Elements to specify +their parameters. + + + + +The selectorAlgorithm registry is maintained by IANA. New +assignments for the registry will be administered by IANA, and +are subject to Expert Review [RFC8126]. + + + + +The registry can be updated when specifications of the new +method(s) and any new Information Elements are provided. + + + + +The group of experts must double check the selectorAlgorithm +definitions and Information Elements with already defined +selectorAlgorithms and Information Elements for completeness, +accuracy, and redundancy. Those experts will initially be drawn +from the Working Group Chairs and document editors of the IPFIX +and PSAMP Working Groups. + + + + +The following packet selection methods identifiers are defined +here: + + + + +[IANA registry psamp-parameters] + + + + +There is a broad variety of possible parameters that could be used +for Property match Filtering (5) but currently there are no agreed +parameters specified.",,,,[RFC5477],0,2013-02-18 +305,samplingPacketInterval,unsigned32,quantity,current,"This Information Element specifies the number of packets that are +consecutively sampled. A value of 100 means that 100 +consecutive packets are sampled. + + + + +For example, this Information Element may be used to describe the +configuration of a systematic count-based Sampling Selector.",packets,,,[RFC5477],0,2013-02-18 +306,samplingPacketSpace,unsigned32,quantity,current,"This Information Element specifies the number of packets between +two ""samplingPacketInterval""s. A value of 100 means that the next +interval starts 100 packets (which are not sampled) after the +current ""samplingPacketInterval"" is over. + + + + +For example, this Information Element may be used to describe the +configuration of a systematic count-based Sampling Selector.",packets,,,[RFC5477],0,2013-02-18 +307,samplingTimeInterval,unsigned32,quantity,current,"This Information Element specifies the time interval in +microseconds during which all arriving packets are sampled. + + + + +For example, this Information Element may be used to describe the +configuration of a systematic time-based Sampling Selector.",microseconds,,,[RFC5477],0,2013-02-18 +308,samplingTimeSpace,unsigned32,quantity,current,"This Information Element specifies the time interval in +microseconds between two ""samplingTimeInterval""s. A value of 100 +means that the next interval starts 100 microseconds (during which +no packets are sampled) after the current ""samplingTimeInterval"" +is over. + + + + +For example, this Information Element may used to describe the +configuration of a systematic time-based Sampling Selector.",microseconds,,,[RFC5477],0,2013-02-18 +309,samplingSize,unsigned32,quantity,current,"This Information Element specifies the number of elements taken +from the parent Population for random Sampling methods. + + + + +For example, this Information Element may be used to describe the +configuration of a random n-out-of-N Sampling Selector.",packets,,,[RFC5477],0,2013-02-18 +310,samplingPopulation,unsigned32,quantity,current,"This Information Element specifies the number of elements in the +parent Population for random Sampling methods. + + + + +For example, this Information Element may be used to describe the +configuration of a random n-out-of-N Sampling Selector.",packets,,,[RFC5477],0,2013-02-18 +311,samplingProbability,float64,quantity,current,"This Information Element specifies the probability that a packet +is sampled, expressed as a value between 0 and 1. The probability +is equal for every packet. A value of 0 means no packet was +sampled since the probability is 0. + + + + +For example, this Information Element may be used to describe the +configuration of a uniform probabilistic Sampling Selector.",,,,[RFC5477],0,2013-02-18 +312,dataLinkFrameSize,unsigned16,quantity,current,"This Information Element specifies the length of the selected data +link frame. + + + + +The data link layer is defined in [ISO/IEC.7498-1:1994].",,,[ISO/IEC.7498-1:1994],[RFC7133],1,2014-01-11 +313,ipHeaderPacketSection,octetArray,default,current,"This Information Element carries a series of n octets from the IP +header of a sampled packet, starting sectionOffset octets into the +IP header. + + + + +However, if no sectionOffset field corresponding to this +Information Element is present, then a sectionOffset of zero +applies, and the octets MUST be from the start of the IP header. + + + + +With sufficient length, this element also reports octets from the +IP payload. However, full packet capture of arbitrary packet +streams is explicitly out of scope per the Security Considerations +sections of [RFC5477] and [RFC2804]. + + + + +The sectionExportedOctets expresses how much data was exported, +while the remainder is padding. + + + + +When the sectionExportedOctets field corresponding to this +Information Element exists, this Information Element MAY have a +fixed length and MAY be padded, or it MAY have a variable length. + + + + +When the sectionExportedOctets field corresponding to this +Information Element does not exist, this Information Element +SHOULD have a variable length and MUST NOT be padded. In this +case, the size of the exported section may be constrained due to +limitations in the IPFIX protocol.",,,"[RFC2804] +[RFC5477]",[RFC5477][RFC7133],1,2014-01-11 +314,ipPayloadPacketSection,octetArray,default,current,"This Information Element carries a series of n octets from the IP +payload of a sampled packet, starting sectionOffset octets into +the IP payload. + + + + +However, if no sectionOffset field corresponding to this +Information Element is present, then a sectionOffset of zero +applies, and the octets MUST be from the start of the IP payload. + + + + +The IPv4 payload is that part of the packet that follows the IPv4 +header and any options, which [RFC791] refers to as ""data"" or +""data octets"". For example, see the examples in [RFC791], +Appendix A. + + + + +The IPv6 payload is the rest of the packet following the 40-octet +IPv6 header. Note that any extension headers present are +considered part of the payload. See [RFC8200] for the IPv6 +specification. + + + + +The sectionExportedOctets expresses how much data was observed, +while the remainder is padding. + + + + +When the sectionExportedOctets field corresponding to this +Information Element exists, this Information Element MAY have a +fixed length and MAY be padded, or MAY have a variable length. + + + + +When the sectionExportedOctets field corresponding to this +Information Element does not exist, this Information Element +SHOULD have a variable length and MUST NOT be padded. In this +case, the size of the exported section may be constrained due to +limitations in the IPFIX protocol.",,,"[RFC791] +[RFC8200]",[RFC5477][RFC7133],1,2014-01-11 +315,dataLinkFrameSection,octetArray,default,current,"This Information Element carries n octets from the data link frame +of a selected frame, starting sectionOffset octets into the frame. + + + + +However, if no sectionOffset field corresponding to this +Information Element is present, then a sectionOffset of zero +applies, and the octets MUST be from the start of the data link +frame. + + + + +The sectionExportedOctets expresses how much data was observed, +while the remainder is padding. + + + + +When the sectionExportedOctets field corresponding to this +Information Element exists, this Information Element MAY have a +fixed length and MAY be padded, or MAY have a variable length. + + + + +When the sectionExportedOctets field corresponding to this +Information Element does not exist, this Information Element +SHOULD have a variable length and MUST NOT be padded. In this +case, the size of the exported section may be constrained due to +limitations in the IPFIX protocol. + + + + +Further Information Elements, i.e., dataLinkFrameType and +dataLinkFrameSize, are needed to specify the data link type and the +size of the data link frame of this Information Element. A set of +these Information Elements MAY be contained in a structured data +type, as expressed in [RFC6313]. Or a set of these Information +Elements MAY be contained in one Flow Record as shown in Appendix +B of [RFC7133]. + + + + +The data link layer is defined in [ISO/IEC.7498-1:1994].",,,"[RFC6313] +[RFC7133] +[ISO/IEC.7498-1:1994]",[RFC7133],1,2014-01-11 +316,mplsLabelStackSection,octetArray,default,current,"This Information Element carries a series of n octets from the +MPLS label stack of a sampled packet, starting sectionOffset +octets into the MPLS label stack. + + + + +However, if no sectionOffset field corresponding to this +Information Element is present, then a sectionOffset of zero +applies, and the octets MUST be from the head of the MPLS label +stack. + + + + +With sufficient length, this element also reports octets from the +MPLS payload. However, full packet capture of arbitrary packet +streams is explicitly out of scope per the Security Considerations +sections of [RFC5477] and [RFC2804]. + + + + +See [RFC3031] for the specification of MPLS packets. + + + + +See [RFC3032] for the specification of the MPLS label stack. + + + + +The sectionExportedOctets expresses how much data was observed, +while the remainder is padding. + + + + +When the sectionExportedOctets field corresponding to this +Information Element exists, this Information Element MAY have a +fixed length and MAY be padded, or MAY have a variable length. + + + + +When the sectionExportedOctets field corresponding to this +Information Element does not exist, this Information Element +SHOULD have a variable length and MUST NOT be padded. In this +case, the size of the exported section may be constrained due to +limitations in the IPFIX protocol.",,,"[RFC2804] +[RFC3031] +[RFC3032] +[RFC5477]",[RFC5477][RFC7133],1,2014-01-11 +317,mplsPayloadPacketSection,octetArray,default,current,"The mplsPayloadPacketSection carries a series of n octets from the +MPLS payload of a sampled packet, starting sectionOffset octets +into the MPLS payload, as it is data that follows immediately after +the MPLS label stack. + + + + +However, if no sectionOffset field corresponding to this +Information Element is present, then a sectionOffset of zero +applies, and the octets MUST be from the start of the MPLS +payload. + + + + +See [RFC3031] for the specification of MPLS packets. + + + + +See [RFC3032] for the specification of the MPLS label stack. + + + + +The sectionExportedOctets expresses how much data was observed, +while the remainder is padding. + + + + +When the sectionExportedOctets field corresponding to this +Information Element exists, this Information Element MAY have a +fixed length and MAY be padded, or it MAY have a variable length. + + + + +When the sectionExportedOctets field corresponding to this +Information Element does not exist, this Information Element +SHOULD have a variable length and MUST NOT be padded. In this +case, the size of the exported section may be constrained due to +limitations in the IPFIX protocol.",,,"[RFC3031] +[RFC3032]",[RFC5477][RFC7133],1,2014-01-11 +318,selectorIdTotalPktsObserved,unsigned64,totalCounter,current,"This Information Element specifies the total number of packets +observed by a Selector, for a specific value of SelectorId. + + + + +This Information Element should be used in an Options Template +scoped to the observation to which it refers. See Section 3.4.2.1 +of the IPFIX protocol document [RFC7011].",packets,,,[RFC5477],0,2013-02-18 +319,selectorIdTotalPktsSelected,unsigned64,totalCounter,current,"This Information Element specifies the total number of packets +selected by a Selector, for a specific value of SelectorId. + + + + +This Information Element should be used in an Options Template +scoped to the observation to which it refers. See Section 3.4.2.1 +of the IPFIX protocol document [RFC7011].",packets,,,[RFC5477],0,2013-02-18 +320,absoluteError,float64,quantity,current,"This Information Element specifies the maximum possible +measurement error of the reported value for a given Information +Element. The absoluteError has the same unit as the Information +Element with which it is associated. The real value of the metric can +differ by absoluteError (positive or negative) from the measured +value. + + + + +This Information Element provides only the error for measured +values. If an Information Element contains an estimated value +(from Sampling), the confidence boundaries and confidence level +have to be provided instead, using the upperCILimit, lowerCILimit, +and confidenceLevel Information Elements. + + + + +This Information Element should be used in an Options Template +scoped to the observation to which it refers. See Section 3.4.2.1 +of the IPFIX protocol document [RFC7011].",inferred,,,[RFC5477],1,2018-06-13 +321,relativeError,float64,quantity,current,"This Information Element specifies the maximum possible positive +or negative error ratio for the reported value for a given +Information Element as percentage of the measured value. The real +value of the metric can differ by relativeError percent (positive +or negative) from the measured value. + + + + +This Information Element provides only the error for measured +values. If an Information Element contains an estimated value +(from Sampling), the confidence boundaries and confidence level +have to be provided instead, using the upperCILimit, lowerCILimit, +and confidenceLevel Information Elements. + + + + +This Information Element should be used in an Options Template +scoped to the observation to which it refers. See Section 3.4.2.1 +of the IPFIX protocol document [RFC7011].",,,,[RFC5477],0,2013-02-18 +322,observationTimeSeconds,dateTimeSeconds,default,current,"This Information Element specifies the absolute time in seconds of +an observation.",seconds,,,[RFC5477],1,2014-02-03 +323,observationTimeMilliseconds,dateTimeMilliseconds,default,current,"This Information Element specifies the absolute time in +milliseconds of an observation.",milliseconds,,,[RFC5477],1,2014-02-03 +324,observationTimeMicroseconds,dateTimeMicroseconds,default,current,"This Information Element specifies the absolute time in +microseconds of an observation.",microseconds,,,[RFC5477],1,2014-02-03 +325,observationTimeNanoseconds,dateTimeNanoseconds,default,current,"This Information Element specifies the absolute time in +nanoseconds of an observation.",nanoseconds,,,[RFC5477],1,2014-02-03 +326,digestHashValue,unsigned64,quantity,current,"This Information Element specifies the value from the digest hash +function. + +See also Sections 6.2, 3.8 and 7.1 of [RFC5475].",,,,[RFC5477],0,2013-02-18 +327,hashIPPayloadOffset,unsigned64,quantity,current,"This Information Element specifies the IP payload offset used by a +Hash-based Selection Selector. + +See also Sections 6.2, 3.8 and 7.1 of [RFC5475].",,,,[RFC5477],0,2013-02-18 +328,hashIPPayloadSize,unsigned64,quantity,current,"This Information Element specifies the IP payload size used by a +Hash-based Selection Selector. See also Sections 6.2, 3.8 and 7.1 of +[RFC5475].",,,,[RFC5477],0,2013-02-18 +329,hashOutputRangeMin,unsigned64,quantity,current,"This Information Element specifies the value for the beginning of +a hash function's potential output range. + + + + +See also Sections 6.2, 3.8 and 7.1 of [RFC5475].",,,,[RFC5477],0,2013-02-18 +330,hashOutputRangeMax,unsigned64,quantity,current,"This Information Element specifies the value for the end of a hash +function's potential output range. + + + + +See also Sections 6.2, 3.8 and 7.1 of [RFC5475].",,,,[RFC5477],0,2013-02-18 +331,hashSelectedRangeMin,unsigned64,quantity,current,"This Information Element specifies the value for the beginning of +a hash function's selected range. + + + + +See also Sections 6.2, 3.8 and 7.1 of [RFC5475].",,,,[RFC5477],0,2013-02-18 +332,hashSelectedRangeMax,unsigned64,quantity,current,"This Information Element specifies the value for the end of a hash +function's selected range. + + + + +See also Sections 6.2, 3.8 and 7.1 of [RFC5475].",,,,[RFC5477],0,2013-02-18 +333,hashDigestOutput,boolean,default,current,"This Information Element contains a boolean value that is TRUE if +the output from this hash Selector has been configured to be +included in the packet report as a packet digest, else FALSE. + + + + +See also Sections 6.2, 3.8 and 7.1 of [RFC5475].",,,,[RFC5477],1,2014-02-03 +334,hashInitialiserValue,unsigned64,quantity,current,"This Information Element specifies the initialiser value to the +hash function. + + + + +See also Sections 6.2, 3.8 and 7.1 of [RFC5475].",,,,[RFC5477],0,2013-02-18 +335,selectorName,string,default,current,"The name of a selector identified by a selectorID. Globally +unique per Metering Process.",,,,[ipfix-iana_at_cisco.com],0,2013-02-18 +336,upperCILimit,float64,quantity,current,"This Information Element specifies the upper limit of a confidence +interval. It is used to provide an accuracy statement for an +estimated value. The confidence limits define the range in which +the real value is assumed to be with a certain probability p. +Confidence limits always need to be associated with a confidence +level that defines this probability p. Please note that a +confidence interval only provides a probability that the real +value lies within the limits. That means the real value can lie +outside the confidence limits. + + + + +The upperCILimit, lowerCILimit, and confidenceLevel Information +Elements should all be used in an Options Template scoped to the +observation to which they refer. See Section 3.4.2.1 of the IPFIX +protocol document [RFC7011]. + + + + +Note that the upperCILimit, lowerCILimit, and confidenceLevel are +all required to specify confidence, and should be disregarded +unless all three are specified together.",,,,[RFC5477],0,2013-02-18 +337,lowerCILimit,float64,quantity,current,"This Information Element specifies the lower limit of a confidence +interval. For further information, see the description of +upperCILimit. + + + + +The upperCILimit, lowerCILimit, and confidenceLevel Information +Elements should all be used in an Options Template scoped to the +observation to which they refer. See Section 3.4.2.1 of the IPFIX +protocol document [RFC7011]. + + + + +Note that the upperCILimit, lowerCILimit, and confidenceLevel are +all required to specify confidence, and should be disregarded +unless all three are specified together.",,,,[RFC5477],0,2013-02-18 +338,confidenceLevel,float64,quantity,current,"This Information Element specifies the confidence level. It is +used to provide an accuracy statement for estimated values. The +confidence level provides the probability p with which the real +value lies within a given range. A confidence level always needs +to be associated with confidence limits that define the range in +which the real value is assumed to be. + + + + +The upperCILimit, lowerCILimit, and confidenceLevel Information +Elements should all be used in an Options Template scoped to the +observation to which they refer. See Section 3.4.2.1 of the IPFIX +protocol document [RFC7011]. + + + + +Note that the upperCILimit, lowerCILimit, and confidenceLevel are +all required to specify confidence, and should be disregarded +unless all three are specified together.",,,,[RFC5477],0,2013-02-18 +339,informationElementDataType,unsigned8,,current,"A description of the abstract data type of an IPFIX +information element.These are taken from the abstract data types +defined in section 3.1 of the IPFIX Information Model [RFC5102]; +see that section for more information on the types described +in the informationElementDataType sub-registry. + + + + +These types are registered in the IANA IPFIX Information Element +Data Type subregistry. This subregistry is intended to assign +numbers for type names, not to provide a mechanism for adding data +types to the IPFIX Protocol, and as such requires a Standards +Action [RFC8126] to modify.",,,,[RFC5610],0,2013-02-18 +340,informationElementDescription,string,default,current,"A UTF-8 [RFC3629] encoded Unicode string containing a +human-readable description of an Information Element. The content +of the informationElementDescription MAY be annotated with one or +more language tags [RFC4646], encoded in-line [RFC2482] within the +UTF-8 string, in order to specify the language in which the +description is written. Description text in multiple languages +MAY tag each section with its own language tag; in this case, the +description information in each language SHOULD have equivalent +meaning. In the absence of any language tag, the ""i-default"" +[RFC2277] language SHOULD be assumed. See the Security +Considerations section for notes on string handling for +Information Element type records.",,,,[RFC5610],0,2013-02-18 +341,informationElementName,string,default,current,"A UTF-8 [RFC3629] encoded Unicode string containing +the name of an Information Element, intended as a simple +identifier. See the Security Considerations section for notes on +string handling for Information Element type records",,,,[RFC5610],0,2013-02-18 +342,informationElementRangeBegin,unsigned64,quantity,current,"Contains the inclusive low end of the range of +acceptable values for an Information Element.",,,,[RFC5610],0,2013-02-18 +343,informationElementRangeEnd,unsigned64,quantity,current,"Contains the inclusive high end of the range of +acceptable values for an Information Element.",,,,[RFC5610],0,2013-02-18 +344,informationElementSemantics,unsigned8,,current,"A description of the semantics of an IPFIX Information +Element. These are taken from the data type semantics defined in +section 3.2 of the IPFIX Information Model [RFC5102]; see that +section for more information on the types defined in the informationElementSemantics sub-registry. This +field may take the values in Table ; the special value 0x00 +(default) is used to note that no semantics apply to the field; it +cannot be manipulated by a Collecting Process or File Reader that +does not understand it a priori. + + + + +These semantics are registered in the IANA IPFIX Information +Element Semantics subregistry. This subregistry is intended to +assign numbers for semantics names, not to provide a mechanism for +adding semantics to the IPFIX Protocol, and as such requires a +Standards Action [RFC8126] to modify.",,,,[RFC5610],0,2013-02-18 +345,informationElementUnits,unsigned16,,current,"A description of the units of an IPFIX Information +Element. These correspond to the units implicitly defined in the +Information Element definitions in section 5 of the IPFIX +Information Model [RFC5102]; see that section for more information +on the types described in the informationElementsUnits sub-registry. This field may take the values in +Table 3 below; the special value 0x00 (none) is used to note that +the field is unitless. + + + + +These types are registered in the IANA IPFIX Information Element +Units subregistry; new types may be added on a First Come First +Served [RFC8126] basis.",,,,[RFC5610],0,2013-02-18 +346,privateEnterpriseNumber,unsigned32,identifier,current,"A private enterprise number, as assigned by IANA. +Within the context of an Information Element Type record, this +element can be used along with the informationElementId element to +scope properties to a specific Information Element. To export +type information about an IANA-assigned Information Element, set +the privateEnterpriseNumber to 0, or do not export the +privateEnterpriseNumber in the type record. To export type +information about an enterprise-specific Information Element, +export the enterprise number in privateEnterpriseNumber, and +export the Information Element number with the Enterprise bit +cleared in informationElementId. The Enterprise bit in the +associated informationElementId Information Element MUST be +ignored by the Collecting Process.",,,,[RFC5610],0,2013-02-18 +347,virtualStationInterfaceId,octetArray,default,current,"Instance Identifier of the interface to a Virtual Station. A Virtual +Station is an end station instance: it can be a virtual machine or a +physical host.",,,See IEEE 802.1Qbg for the definition of Virtual Station Interface ID.,[ipfix-iana_at_cisco.com],1,2014-02-03 +348,virtualStationInterfaceName,string,default,current,"Name of the interface to a Virtual Station. A Virtual Station is an end station +instance: it can be a virtual machine or a physical host.",,,See IEEE 802.1Qbg for the definition of Virtual Station Interface.,[ipfix-iana_at_cisco.com],1,2014-02-03 +349,virtualStationUUID,octetArray,default,current,"Unique Identifier of a Virtual Station. A Virtual Station is an end station +instance: it can be a virtual machine or a physical host.",,,See IEEE 802.1Qbg for the definition of Virtual Station.,[ipfix-iana_at_cisco.com],1,2014-02-03 +350,virtualStationName,string,default,current,"Name of a Virtual Station. A Virtual Station is an end station +instance: it can be a virtual machine or a physical host.",,,See IEEE 802.1Qbg for the definition of Virtual Station.,[ipfix-iana_at_cisco.com],0,2013-02-18 +351,layer2SegmentId,unsigned64,identifier,current,"Identifier of a layer 2 network segment in an overlay network. +The most significant byte identifies the layer 2 network +overlay network encapsulation type: + + + + +0x00 reserved + + + + +0x01 VxLAN + + + + +0x02 NVGRE + + + + +The three lowest significant bytes +hold the value of the layer 2 +overlay network segment identifier. + + + + +For example: + + + + +- a 24 bit segment ID VXLAN Network +Identifier (VNI) + + + + +- a 24 bit Tenant Network Identifier +(TNI) for NVGRE",,,"See VxLAN RFC at [RFC7348] + + + + +See NVGRE RFC at [RFC7637]",[ipfix-iana_at_cisco.com],0,2013-02-18 +352,layer2OctetDeltaCount,unsigned64,deltaCounter,current,"The number of layer 2 octets since the previous report (if any) in +incoming packets for this Flow at the Observation Point. The +number of octets includes layer 2 header(s) and layer 2 payload. +# memo: layer 2 version of octetDeltaCount (field #1)",octets,,,[ipfix-iana_at_cisco.com],1,2014-05-02 +353,layer2OctetTotalCount,unsigned64,totalCounter,current,"The total number of layer 2 octets in incoming packets for this +Flow at the Observation Point since the Metering Process +(re-)initialization for this Observation Point. The number of +octets includes layer 2 header(s) and layer 2 payload. +# memo: layer 2 version of octetTotalCount (field #85)",octets,,,[ipfix-iana_at_cisco.com],1,2014-05-02 +354,ingressUnicastPacketTotalCount,unsigned64,totalCounter,current,"The total number of incoming unicast packets metered at the +Observation Point since the Metering Process (re-)initialization +for this Observation Point.",packets,,,[ipfix-iana_at_cisco.com],0,2013-02-18 +355,ingressMulticastPacketTotalCount,unsigned64,totalCounter,current,"The total number of incoming multicast packets metered at the +Observation Point since the Metering Process (re-)initialization +for this Observation Point.",packets,,,[ipfix-iana_at_cisco.com],0,2013-02-18 +356,ingressBroadcastPacketTotalCount,unsigned64,totalCounter,current,"The total number of incoming broadcast packets metered at the +Observation Point since the Metering Process (re-)initialization +for this Observation Point.",packets,,,[ipfix-iana_at_cisco.com],0,2013-02-18 +357,egressUnicastPacketTotalCount,unsigned64,totalCounter,current,"The total number of incoming unicast packets metered at the +Observation Point since the Metering Process (re-)initialization +for this Observation Point.",packets,,,[ipfix-iana_at_cisco.com],0,2013-02-18 +358,egressBroadcastPacketTotalCount,unsigned64,totalCounter,current,"The total number of incoming broadcast packets metered at the +Observation Point since the Metering Process (re-)initialization +for this Observation Point.",packets,,,[ipfix-iana_at_cisco.com],0,2013-02-18 +359,monitoringIntervalStartMilliSeconds,dateTimeMilliseconds,default,current,"The absolute timestamp at which the monitoring interval +started. +A Monitoring interval is the period of time during which the Metering +Process is running.",milliseconds,,,[ipfix-iana_at_cisco.com],0,2013-02-18 +360,monitoringIntervalEndMilliSeconds,dateTimeMilliseconds,default,current,"The absolute timestamp at which the monitoring interval ended. +A Monitoring interval is the period of time during which the Metering +Process is running.",milliseconds,,,[ipfix-iana_at_cisco.com],0,2013-02-18 +361,portRangeStart,unsigned16,identifier,current,"The port number identifying the start of a range of ports. A value +of zero indicates that the range start is not specified, ie the +range is defined in some other way. + + + + +Additional information on defined TCP port numbers can be found at +[IANA registry service-names-port-numbers].",,,,[ipfix-iana_at_cisco.com],0,2013-02-18 +362,portRangeEnd,unsigned16,identifier,current,"The port number identifying the end of a range of ports. A value +of zero indicates that the range end is not specified, ie the +range is defined in some other way. + + + + +Additional information on defined TCP port numbers can be found at +[IANA registry service-names-port-numbers].",,,,[ipfix-iana_at_cisco.com],0,2013-02-18 +363,portRangeStepSize,unsigned16,identifier,current,"The step size in a port range. The default step size is 1, +which indicates contiguous ports. A value of zero indicates +that the step size is not specified, ie the range is defined +in some other way.",,,,[ipfix-iana_at_cisco.com],0,2013-02-18 +364,portRangeNumPorts,unsigned16,identifier,current,"The number of ports in a port range. A value of zero indicates +that the number of ports is not specified, ie the range is defined +in some other way.",,,,[ipfix-iana_at_cisco.com],0,2013-02-18 +365,staMacAddress,macAddress,default,current,The IEEE 802 MAC address of a wireless station (STA).,,,See section 1.4 of [RFC5415] for the definition of STA.,[ipfix-iana_at_cisco.com],1,2014-02-03 +366,staIPv4Address,ipv4Address,default,current,The IPv4 address of a wireless station (STA).,,,See section 1.4 of [RFC5415] for the definition of STA.,[ipfix-iana_at_cisco.com],1,2014-02-03 +367,wtpMacAddress,macAddress,default,current,The IEEE 802 MAC address of a wireless access point (WTP).,,,See section 1.4 of [RFC5415] for the definition of WTP.,[ipfix-iana_at_cisco.com],1,2014-02-03 +368,ingressInterfaceType,unsigned32,identifier,current,"The type of interface where packets of this Flow are being received. +The value matches the value of managed object 'ifType' as defined in +[IANA registry ianaiftype-mib].",,,[IANA registry ianaiftype-mib],[ipfix-iana_at_cisco.com],0,2013-02-18 +369,egressInterfaceType,unsigned32,identifier,current,"The type of interface where packets of this Flow are being sent. +The value matches the value of managed object 'ifType' as defined in +[IANA registry ianaiftype-mib].",,,[IANA registry ianaiftype-mib],[ipfix-iana_at_cisco.com],0,2013-02-18 +370,rtpSequenceNumber,unsigned16,,current,The RTP sequence number per [RFC3550].,,,[RFC3550],[ipfix-iana_at_cisco.com],0,2013-02-18 +371,userName,string,default,current,User name associated with the flow.,,,,[ipfix-iana_at_cisco.com],0,2013-02-18 +372,applicationCategoryName,string,default,current,"An attribute that provides a first level categorization for +each Application ID.",,,,[RFC6759],0,2013-02-18 +373,applicationSubCategoryName,string,default,current,"An attribute that provides a second level categorization +for each Application ID.",,,,[RFC6759],0,2013-02-18 +374,applicationGroupName,string,default,current,"An attribute that groups multiple Application IDs that +belong to the same networking application.",,,,[RFC6759],0,2013-02-18 +375,originalFlowsPresent,unsigned64,deltaCounter,current,"The non-conservative count of Original Flows +contributing to this Aggregated Flow. Non-conservative counts +need not sum to the original count on re-aggregation.",flows,,,[RFC7015],1,2013-06-25 +376,originalFlowsInitiated,unsigned64,deltaCounter,current,"The conservative count of Original Flows whose first +packet is represented within this Aggregated Flow. Conservative +counts must sum to the original count on re-aggregation.",flows,,,[RFC7015],1,2013-06-25 +377,originalFlowsCompleted,unsigned64,deltaCounter,current,"The conservative count of Original Flows whose last +packet is represented within this Aggregated Flow. Conservative +counts must sum to the original count on re-aggregation.",flows,,,[RFC7015],1,2013-06-25 +378,distinctCountOfSourceIPAddress,unsigned64,totalCounter,current,"The count of distinct source IP address values for +Original Flows contributing to this Aggregated Flow, without +regard to IP version. This Information Element is preferred to +the IP-version-specific counters, unless it is important to +separate the counts by version.",,,,[RFC7015],0,2013-02-18 +379,distinctCountOfDestinationIPAddress,unsigned64,totalCounter,current,"The count of distinct destination IP address values +for Original Flows contributing to this Aggregated Flow, without +regard to IP version. This Information Element is preferred to +the version-specific counters below, unless it is important to +separate the counts by version.",,,,[RFC7015],0,2013-02-18 +380,distinctCountOfSourceIPv4Address,unsigned32,totalCounter,current,"The count of distinct source IPv4 address values for +Original Flows contributing to this Aggregated Flow.",,,,[RFC7015],0,2013-02-18 +381,distinctCountOfDestinationIPv4Address,unsigned32,totalCounter,current,"The count of distinct destination IPv4 address values +for Original Flows contributing to this Aggregated Flow.",,,,[RFC7015],0,2013-02-18 +382,distinctCountOfSourceIPv6Address,unsigned64,totalCounter,current,"The count of distinct source IPv6 address values for +Original Flows contributing to this Aggregated Flow.",,,,[RFC7015],0,2013-02-18 +383,distinctCountOfDestinationIPv6Address,unsigned64,totalCounter,current,"The count of distinct destination IPv6 address values +for Original Flows contributing to this Aggregated Flow.",,,,[RFC7015],0,2013-02-18 +384,valueDistributionMethod,unsigned8,,current,"A description of the method used to distribute the +counters from Contributing Flows into the Aggregated Flow records +described by an associated scope, generally a Template. The +method is deemed to apply to all the non-key Information Elements +in the referenced scope for which value distribution is a valid +operation; if the originalFlowsInitiated and/or +originalFlowsCompleted Information Elements appear in the +Template, they are not subject to this distribution method, as +they each infer their own distribution method. This is intended +to be a complete set of possible value distribution methods; it is +encoded as follows: + + + ++-------+-----------------------------------------------------------+ +| Value | Description | ++-------+-----------------------------------------------------------+ +| 0 | Unspecified: The counters for an Original Flow are | +| | explicitly not distributed according to any other method | +| | defined for this Information Element; use for arbitrary | +| | distribution, or distribution algorithms not described by | +| | any other codepoint. | +| | --------------------------------------------------------- | +| | | +| 1 | Start Interval: The counters for an Original Flow are | +| | added to the counters of the appropriate Aggregated Flow | +| | containing the start time of the Original Flow. This | +| | should be assumed the default if value distribution | +| | information is not available at a Collecting Process for | +| | an Aggregated Flow. | +| | --------------------------------------------------------- | +| | | +| 2 | End Interval: The counters for an Original Flow are added | +| | to the counters of the appropriate Aggregated Flow | +| | containing the end time of the Original Flow. | +| | --------------------------------------------------------- | +| | | +| 3 | Mid Interval: The counters for an Original Flow are added | +| | to the counters of a single appropriate Aggregated Flow | +| | containing some timestamp between start and end time of | +| | the Original Flow. | +| | --------------------------------------------------------- | +| | | +| 4 | Simple Uniform Distribution: Each counter for an Original | +| | Flow is divided by the number of time intervals the | +| | Original Flow covers (i.e., of appropriate Aggregated | +| | Flows sharing the same Flow Key), and this number is | +| | added to each corresponding counter in each Aggregated | +| | Flow. | +| | --------------------------------------------------------- | +| | | +| 5 | Proportional Uniform Distribution: Each counter for an | +| | Original Flow is divided by the number of time units the | +| | Original Flow covers, to derive a mean count rate. This | +| | mean count rate is then multiplied by the number of time | +| | units in the intersection of the duration of the Original | +| | Flow and the time interval of each Aggregated Flow. This | +| | is like simple uniform distribution, but accounts for the | +| | fractional portions of a time interval covered by an | +| | Original Flow in the first and last time interval. | +| | --------------------------------------------------------- | +| | | +| 6 | Simulated Process: Each counter of the Original Flow is | +| | distributed among the intervals of the Aggregated Flows | +| | according to some function the Intermediate Aggregation | +| | Process uses based upon properties of Flows presumed to | +| | be like the Original Flow. This is essentially an | +| | assertion that the Intermediate Aggregation Process has | +| | no direct packet timing information but is nevertheless | +| | not using one of the other simpler distribution methods. | +| | The Intermediate Aggregation Process specifically makes | +| | no assertion as to the correctness of the simulation. | +| | --------------------------------------------------------- | +| | | +| 7 | Direct: The Intermediate Aggregation Process has access | +| | to the original packet timings from the packets making up | +| | the Original Flow, and uses these to distribute or | +| | recalculate the counters. | ++-------+-----------------------------------------------------------+",,,,[RFC7015],0,2013-02-18 +385,rfc3550JitterMilliseconds,unsigned32,quantity,current,"Interarrival jitter as defined in section 6.4.1 of [RFC3550], +measured in milliseconds.",milliseconds,,[RFC3550],[ipfix-iana_at_cisco.com],0,2013-02-18 +386,rfc3550JitterMicroseconds,unsigned32,quantity,current,"Interarrival jitter as defined in section 6.4.1 of [RFC3550], +measured in microseconds.",microseconds,,[RFC3550],[ipfix-iana_at_cisco.com],0,2013-02-18 +387,rfc3550JitterNanoseconds,unsigned32,quantity,current,"Interarrival jitter as defined in section 6.4.1 of [RFC3550], +measured in nanoseconds.",nanoseconds,,[RFC3550],[ipfix-iana_at_cisco.com],0,2013-02-18 +388,dot1qDEI,boolean,default,current,"The value of the 1-bit Drop Eligible Indicator (DEI) field of the VLAN tag as +described in 802.1Q-2011 subclause 9.6. In case of a QinQ frame, it represents +the outer tag's DEI field and in case of an IEEE 802.1ad frame it represents +the DEI field of the S-TAG. Note: in earlier versions of 802.1Q the same bit +field in the incoming packet is occupied by the Canonical Format Indicator +(CFI) field, except for S-TAGs.",,,[802.1Q-2011 subclause 9.6],[Yaakov_J_Stein],1,2014-02-03 +389,dot1qCustomerDEI,boolean,default,current,"In case of a QinQ frame, it represents the inner tag's Drop Eligible Indicator +(DEI) field and in case of an IEEE 802.1ad frame it represents the DEI field of +the C-TAG.",,,[802.1Q-2011 subclause 9.6],[Yaakov_J_Stein],1,2014-02-03 +390,flowSelectorAlgorithm,unsigned16,identifier,current,"This Information Element identifies the Intermediate Flow +Selection Process technique (e.g., Filtering, Sampling) that is +applied by the Intermediate Flow Selection Process. Most of these +techniques have parameters. Its configuration parameter(s) MUST +be clearly specified. Further Information Elements are needed to +fully specify packet selection with these methods and all their +parameters. Further method identifiers may be added to the +flowSelectorAlgorithm registry. It might be necessary to define new Information Elements +to specify their parameters. The flowSelectorAlgorithm registry +is maintained by IANA. New assignments for the registry will be +administered by IANA, on a First Come First Served basis +[RFC8126], subject to Expert Review [RFC8126]. Please note that +the purpose of the flow selection techniques described in this +document is the improvement of measurement functions as defined in +the Scope (Section 1). Before adding new flow selector algorithms +it should be checked what is their intended purpose and especially +if those contradict with policies defined in [RFC2804]. The +designated expert(s) should consult with the community if a +request is received that runs counter to [RFC2804]. The registry +can be updated when specifications of the new method(s) and any +new Information Elements are provided. The group of experts must +double check the flowSelectorAlgorithm definitions and Information +Elements with already defined flowSelectorAlgorithm and +Information Elements for completeness, accuracy, and redundancy. +Those experts will initially be drawn from the Working Group +Chairs and document editors of the IPFIX and PSAMP Working Groups. +The Intermediate Flow Selection Process Techniques +identifiers are defined at [http://www.iana.org/assignments/ipfix/ipfix.xml#ipfix-flowselectoralgorithm].",,,,[RFC7014],0,2013-06-07 +391,flowSelectedOctetDeltaCount,unsigned64,deltaCounter,current,"This Information Element specifies the volume in octets of all +Flows that are selected in the Intermediate Flow Selection Process +since the previous report.",octets,,,[RFC7014],1,2014-08-13 +392,flowSelectedPacketDeltaCount,unsigned64,deltaCounter,current,"This Information Element specifies the volume in packets of all +Flows that were selected in the Intermediate Flow Selection +Process since the previous report.",packets,,,[RFC7014],1,2014-08-13 +393,flowSelectedFlowDeltaCount,unsigned64,deltaCounter,current,"This Information Element specifies the number of Flows that were +selected in the Intermediate Flow Selection Process since the last +report.",flows,,,[RFC7014],1,2014-08-13 +394,selectorIDTotalFlowsObserved,unsigned64,,current,"This Information Element specifies the total number of Flows +observed by a Selector, for a specific value of SelectorId. This +Information Element should be used in an Options Template scoped +to the observation to which it refers. See Section 3.4.2.1 of the +IPFIX protocol document [RFC7011].",flows,,,[RFC7014],0,2013-06-07 +395,selectorIDTotalFlowsSelected,unsigned64,,current,"This Information Element specifies the total number of Flows +selected by a Selector, for a specific value of SelectorId. This +Information Element should be used in an Options Template scoped +to the observation to which it refers. See Section 3.4.2.1 of the +IPFIX protocol document [RFC7011].",flows,,,[RFC7014],0,2013-06-07 +396,samplingFlowInterval,unsigned64,,current,"This Information Element specifies the number of Flows that are +consecutively sampled. A value of 100 means that 100 consecutive +Flows are sampled. For example, this Information Element may be +used to describe the configuration of a systematic count-based +Sampling Selector.",flows,,,[RFC7014],0,2013-06-07 +397,samplingFlowSpacing,unsigned64,,current,"This Information Element specifies the number of Flows between two +""samplingFlowInterval""s. A value of 100 means that the next +interval starts 100 Flows (which are not sampled) after the +current ""samplingFlowInterval"" is over. For example, this +Information Element may be used to describe the configuration of a +systematic count-based Sampling Selector.",flows,,,[RFC7014],0,2013-06-07 +398,flowSamplingTimeInterval,unsigned64,,current,"This Information Element specifies the time interval in +microseconds during which all arriving Flows are sampled. For +example, this Information Element may be used to describe the +configuration of a systematic time-based Sampling Selector.",microseconds,,,[RFC7014],0,2013-06-07 +399,flowSamplingTimeSpacing,unsigned64,,current,"This Information Element specifies the time interval in +microseconds between two ""flowSamplingTimeInterval""s. A value of +100 means that the next interval starts 100 microseconds (during +which no Flows are sampled) after the current +""flowsamplingTimeInterval"" is over. For example, this Information +Element may used to describe the configuration of a systematic +time-based Sampling Selector.",microseconds,,,[RFC7014],0,2013-06-07 +400,hashFlowDomain,unsigned16,identifier,current,"This Information Element specifies the Information Elements that +are used by the Hash-based Flow Selector as the Hash Domain.",,,,[RFC7014],0,2013-06-07 +401,transportOctetDeltaCount,unsigned64,deltaCounter,current,"The number of octets, excluding IP header(s) and Layer 4 transport +protocol header(s), observed for this Flow at the Observation Point +since the previous report (if any).",octets,,,[Brian_Trammell],0,2013-08-01 +402,transportPacketDeltaCount,unsigned64,deltaCounter,current,"The number of packets containing at least one octet beyond the IP header(s) and +Layer 4 transport protocol header(s), observed for this Flow at the Observation +Point since the previous report (if any).",packets,,,[Brian_Trammell],0,2013-08-01 +403,originalExporterIPv4Address,ipv4Address,,current,"The IPv4 address used by the Exporting Process on an +Original Exporter, as seen by the Collecting Process on an IPFIX +Mediator. Used to provide information about the Original +Observation Points to a downstream Collector.",,,,[RFC7119],0,2013-12-24 +404,originalExporterIPv6Address,ipv6Address,,current,"The IPv6 address used by the Exporting Process on an +Original Exporter, as seen by the Collecting Process on an IPFIX +Mediator. Used to provide information about the Original +Observation Points to a downstream Collector.",,,,[RFC7119],0,2013-12-24 +405,originalObservationDomainId,unsigned32,identifier,current,"The Observation Domain ID reported by the Exporting +Process on an Original Exporter, as seen by the Collecting Process +on an IPFIX Mediator. Used to provide information about the +Original Observation Domain to a downstream Collector. When +cascading through multiple Mediators, this identifies the initial +Observation Domain in the cascade.",,,,[RFC7119],0,2013-12-24 +406,intermediateProcessId,unsigned32,identifier,current,"Description: An identifier of an Intermediate Process that is +unique per IPFIX Device. Typically, this Information Element is +used for limiting the scope of other Information Elements. Note +that process identifiers may be assigned dynamically; that is, an +Intermediate Process may be restarted with a different ID.",,,,[RFC7119],0,2013-12-24 +407,ignoredDataRecordTotalCount,unsigned64,totalCounter,current,"Description: The total number of received Data Records that the +Intermediate Process did not process since the (re-)initialization +of the Intermediate Process; includes only Data Records not +examined or otherwise handled by the Intermediate Process due to +resource constraints, not Data Records that were examined or +otherwise handled by the Intermediate Process but those that +merely do not contribute to any exported Data Record due to the +operations performed by the Intermediate Process.",,,,[RFC7119],0,2013-12-24 +408,dataLinkFrameType,unsigned16,flags,current,"This Information Element specifies the type of the selected data +link frame. + + + + +The following data link types are defined here: + + + + +- 0x01 IEEE802.3 ETHERNET [IEEE802.3] + + + + +- 0x02 IEEE802.11 MAC Frame format [IEEE802.11] + + + + +Further values may be assigned by IANA. Note that the assigned +values are bits so that multiple observations can be OR'd +together. + + + + +The data link layer is defined in [ISO/IEC.7498-1:1994].",,,[IEEE802.3][IEEE802.11][ISO/IEC.7498-1:1994],[RFC7133],0,2014-01-11 +409,sectionOffset,unsigned16,quantity,current,"This Information Element specifies the offset of the packet +section (e.g., dataLinkFrameSection, ipHeaderPacketSection, +ipPayloadPacketSection, mplsLabelStackSection, and +mplsPayloadPacketSection). If this Information Element is +omitted, it defaults to zero (i.e., no offset). + + + + +If multiple sectionOffset Information Elements are specified +within a single Template, then they apply to the packet section +Information Elements in order: the first sectionOffset applies to +the first packet section, the second to the second, and so on. +Note that the ""closest"" sectionOffset and packet section +Information Elements within a given Template are not necessarily +related. If there are fewer sectionOffset Information Elements +than packet section Information Elements, then subsequent packet +section Information Elements have no offset, i.e., a sectionOffset +of zero applies to those packet section Information Elements. If +there are more sectionOffset Information Elements than the number +of packet section Information Elements, then the additional +sectionOffset Information Elements are meaningless.",,,,[RFC7133],0,2014-01-11 +410,sectionExportedOctets,unsigned16,quantity,current,"This Information Element specifies the observed length of the +packet section (e.g., dataLinkFrameSection, ipHeaderPacketSection, +ipPayloadPacketSection, mplsLabelStackSection, and +mplsPayloadPacketSection) when padding is used. + + + + +The packet section may be of a fixed size larger than the +sectionExportedOctets. In this case, octets in the packet section +beyond the sectionExportedOctets MUST follow the [RFC7011] rules +for padding (i.e., be composed of zero (0) valued octets).",,,[RFC7011],[RFC7133],0,2014-01-11 +411,dot1qServiceInstanceTag,octetArray,default,current,"This Information Element, which is 16 octets long, represents the +Backbone Service Instance Tag (I-TAG) Tag Control Information +(TCI) field of an Ethernet frame as described in [IEEE802.1Q]. It +encodes the Backbone Service Instance Priority Code Point (I-PCP), +Backbone Service Instance Drop Eligible Indicator (I-DEI), Use Customer Addresses (UCAs), +Backbone Service Instance Identifier (I-SID), Encapsulated +Customer Destination Address (C-DA), Encapsulated Customer Source +Address (C-SA), and reserved fields. The structure and semantics +within the Tag Control Information field are defined in +[IEEE802.1Q].",,,[IEEE802.1Q],[RFC7133],1,2014-05-02 +412,dot1qServiceInstanceId,unsigned32,identifier,current,"The value of the 24-bit Backbone Service Instance Identifier +(I-SID) portion of the Backbone Service Instance Tag (I-TAG) Tag +Control Information (TCI) field of an Ethernet frame as described +in [IEEE802.1Q].",,0-0xFFFFFF,[IEEE802.1Q],[RFC7133],1,2014-05-02 +413,dot1qServiceInstancePriority,unsigned8,identifier,current,"The value of the 3-bit Backbone Service Instance Priority Code +Point (I-PCP) portion of the Backbone Service Instance Tag (I-TAG) +Tag Control Information (TCI) field of an Ethernet frame as +described in [IEEE802.1Q].",,0-7,[IEEE802.1Q],[RFC7133],1,2014-05-02 +414,dot1qCustomerSourceMacAddress,macAddress,default,current,"The value of the Encapsulated Customer Source Address (C-SA) +portion of the Backbone Service Instance Tag (I-TAG) Tag Control +Information (TCI) field of an Ethernet frame as described in +[IEEE802.1Q].",,,[IEEE802.1Q],[RFC7133],1,2014-05-02 +415,dot1qCustomerDestinationMacAddress,macAddress,default,current,"The value of the Encapsulated Customer Destination Address (C-DA) +portion of the Backbone Service Instance Tag (I-TAG) Tag Control +Information (TCI) field of an Ethernet frame as described in +[IEEE802.1Q].",,,[IEEE802.1Q],[RFC7133],1,2014-05-02 +416,,,,deprecated,"Duplicate of Information Element ID 352, layer2OctetDeltaCount.",,,[RFC5477],,2,2014-05-13 +417,postLayer2OctetDeltaCount,unsigned64,deltaCounter,current,"The definition of this Information Element is identical to the +definition of the layer2OctetDeltaCount Information Element, +except that it reports a potentially modified value caused by a +middlebox function after the packet passed the Observation Point. + + + + +This Information Element is the layer 2 version of +postOctetDeltaCount (ElementId #23).",octets,,[RFC5477],[RFC7133],1,2014-05-02 +418,postMCastLayer2OctetDeltaCount,unsigned64,deltaCounter,current,"The number of layer 2 octets since the previous report (if any) in +outgoing multicast packets sent for packets of this Flow by a +multicast daemon within the Observation Domain. This property +cannot necessarily be observed at the Observation Point but may +be retrieved by other means. The number of octets includes layer +2 header(s) and layer 2 payload. + + + + +This Information Element is the layer 2 version of +postMCastOctetDeltaCount (ElementId #20).",octets,,[RFC5477],[RFC7133],1,2014-05-02 +419,,,,deprecated,"Duplicate of Information Element ID 353, layer2OctetTotalCount.",,,[RFC5477],,2,2014-05-13 +420,postLayer2OctetTotalCount,unsigned64,totalCounter,current,"The definition of this Information Element is identical to the +definition of the layer2OctetTotalCount Information Element, +except that it reports a potentially modified value caused by a +middlebox function after the packet passed the Observation Point. + + + + +This Information Element is the layer 2 version of +postOctetTotalCount (ElementId #171).",octets,,[RFC5477],[RFC7133],1,2014-05-02 +421,postMCastLayer2OctetTotalCount,unsigned64,totalCounter,current,"The total number of layer 2 octets in outgoing multicast packets +sent for packets of this Flow by a multicast daemon in the +Observation Domain since the Metering Process (re-)initialization. +This property cannot necessarily be observed at the Observation +Point but may be retrieved by other means. The number of octets +includes layer 2 header(s) and layer 2 payload. + + + + +This Information Element is the layer 2 version of +postMCastOctetTotalCount (ElementId #175).",octets,,[RFC5477],[RFC7133],1,2014-05-02 +422,minimumLayer2TotalLength,unsigned64,,current,"Layer 2 length of the smallest packet observed for this Flow. The +packet length includes the length of the layer 2 header(s) and the +length of the layer 2 payload. + + + + +This Information Element is the layer 2 version of +minimumIpTotalLength (ElementId #25).",octets,,[RFC5477],[RFC7133],1,2014-05-02 +423,maximumLayer2TotalLength,unsigned64,,current,"Layer 2 length of the largest packet observed for this Flow. The +packet length includes the length of the layer 2 header(s) and the length of the layer +2 payload. + + + + +This Information Element is the layer 2 version of +maximumIpTotalLength (ElementId #26).",octets,,[RFC5477],[RFC7133],1,2014-05-02 +424,droppedLayer2OctetDeltaCount,unsigned64,deltaCounter,current,"The number of layer 2 octets since the previous report (if any) in +packets of this Flow dropped by packet treatment. The number of +octets includes layer 2 header(s) and layer 2 payload. + + + + +This Information Element is the layer 2 version of +droppedOctetDeltaCount (ElementId #132).",octets,,[RFC5477],[RFC7133],1,2014-05-02 +425,droppedLayer2OctetTotalCount,unsigned64,totalCounter,current,"The total number of octets in observed layer 2 packets (including +the layer 2 header) that were dropped by packet treatment since +the (re-)initialization of the Metering Process. + + + + +This Information Element is the layer 2 version of +droppedOctetTotalCount (ElementId #134).",octets,,[RFC5477],[RFC7133],1,2014-05-02 +426,ignoredLayer2OctetTotalCount,unsigned64,totalCounter,current,"The total number of octets in observed layer 2 packets (including +the layer 2 header) that the Metering Process did not process +since the (re-)initialization of the Metering Process. + + + + +This Information Element is the layer 2 version of +ignoredOctetTotalCount (ElementId #165).",octets,,[RFC5477],[RFC7133],1,2014-05-02 +427,notSentLayer2OctetTotalCount,unsigned64,totalCounter,current,"The total number of octets in observed layer 2 packets (including +the layer 2 header) that the Metering Process did not process +since the (re-)initialization of the Metering Process. + + + + +This Information Element is the layer 2 version of +notSentOctetTotalCount (ElementId #168).",octets,,[RFC5477],[RFC7133],1,2014-05-02 +428,layer2OctetDeltaSumOfSquares,unsigned64,deltaCounter,current,"The sum of the squared numbers of layer 2 octets per incoming +packet since the previous report (if any) for this Flow at the +Observation Point. The number of octets includes layer 2 +header(s) and layer 2 payload. + + + + +This Information Element is the layer 2 version of +octetDeltaSumOfSquares (ElementId #198).",octets,,[RFC5477],[RFC7133],1,2014-05-02 +429,layer2OctetTotalSumOfSquares,unsigned64,totalCounter,current,"The total sum of the squared numbers of layer 2 octets in incoming +packets for this Flow at the Observation Point since the Metering +Process (re-)initialization for this Observation Point. The +number of octets includes layer 2 header(s) and layer 2 payload. + + + + +This Information Element is the layer 2 version of +octetTotalSumOfSquares (ElementId #199).",octets,,[RFC5477],[RFC7133],1,2014-05-02 +430,layer2FrameDeltaCount,unsigned64,deltaCounter,current,"The number of incoming layer 2 frames since the +previous report (if any) for this Flow at the +Observation Point.",frames,,,[ipfix-iana_at_cisco.com],0,2014-05-02 +431,layer2FrameTotalCount,unsigned64,totalCounter,current,"The total number of incoming layer 2 frames +for this Flow at the Observation Point since +the Metering Process (re-)initialization for +this Observation Point.",frames,,,[ipfix-iana_at_cisco.com],0,2014-05-02 +432,pseudoWireDestinationIPv4Address,ipv4Address,default,current,The destination IPv4 address of the PSN tunnel carrying the pseudowire.,,,[RFC3985],[ipfix-iana_at_cisco.com],0,2014-05-28 +433,ignoredLayer2FrameTotalCount,unsigned64,totalCounter,current,"The total number of observed layer 2 frames that the Metering Process +did not process since the (re-)initialization of the Metering Process. +This Information Element is the layer 2 version of ignoredPacketTotalCount (ElementId #164).",frames,,,[ipfix-iana_at_cisco.com],0,2014-06-27 +434,mibObjectValueInteger,signed32,quantity,current,"An IPFIX Information Element that denotes that the +integer value of a MIB object will be exported. The MIB Object +Identifier (""mibObjectIdentifier"") for this field MUST be exported +in a MIB Field Option or via another means. This Information +Element is used for MIB objects with the Base syntax of Integer32 +and INTEGER with IPFIX reduced-size encoding used as required. +The value is encoded as per the standard IPFIX Abstract Data Type +of signed32.",,,,[RFC8038],1,2017-04-30 +435,mibObjectValueOctetString,octetArray,default,current,"An IPFIX Information Element that denotes that an +Octet String or Opaque value of a MIB object will be exported. +The MIB Object Identifier (""mibObjectIdentifier"") for this field +MUST be exported in a MIB Field Option or via another means. This +Information Element is used for MIB objects with the Base syntax +of OCTET STRING and Opaque. The value is encoded as per the +standard IPFIX Abstract Data Type of octetArray.",,,,[RFC8038],0,2015-12-13 +436,mibObjectValueOID,octetArray,default,current,"An IPFIX Information Element that denotes that an +Object Identifier or OID value of a MIB object will be exported. +The MIB Object Identifier (""mibObjectIdentifier"") for this field +MUST be exported in a MIB Field Option or via another means. This +Information Element is used for MIB objects with the Base syntax +of OBJECT IDENTIFIER. Note: In this case, the +""mibObjectIdentifier"" defines which MIB object is being exported, +and the ""mibObjectValueOID"" field will contain the OID value of +that MIB object. The mibObjectValueOID Information Element is +encoded as ASN.1/BER [X.690] in an octetArray.",,,,[RFC8038],0,2015-12-13 +437,mibObjectValueBits,octetArray,flags,current,"An IPFIX Information Element that denotes that a set +of Enumerated flags or bits from a MIB object will be exported. +The MIB Object Identifier (""mibObjectIdentifier"") for this field +MUST be exported in a MIB Field Option or via another means. This +Information Element is used for MIB objects with the Base syntax +of BITS. The flags or bits are encoded as per the standard IPFIX +Abstract Data Type of octetArray, with sufficient length to +accommodate the required number of bits. If the number of bits is +not an integer multiple of octets, then the most significant bits +at the end of the octetArray MUST be set to 0.",,,,[RFC8038],0,2015-12-13 +438,mibObjectValueIPAddress,ipv4Address,default,current,"An IPFIX Information Element that denotes that the +IPv4 address value of a MIB object will be exported. The MIB +Object Identifier (""mibObjectIdentifier"") for this field MUST be +exported in a MIB Field Option or via another means. This +Information Element is used for MIB objects with the Base syntax +of IpAddress. The value is encoded as per the standard IPFIX +Abstract Data Type of ipv4Address.",,,,[RFC8038],0,2015-12-13 +439,mibObjectValueCounter,unsigned64,snmpCounter,current,"An IPFIX Information Element that denotes that the +counter value of a MIB object will be exported. The MIB Object +Identifier (""mibObjectIdentifier"") for this field MUST be exported +in a MIB Field Option or via another means. This Information +Element is used for MIB objects with the Base syntax of Counter32 +or Counter64 with IPFIX reduced-size encoding used as required. +The value is encoded as per the standard IPFIX Abstract Data Type +of unsigned64.",,,,[RFC8038],0,2015-12-13 +440,mibObjectValueGauge,unsigned32,snmpGauge,current,"An IPFIX Information Element that denotes that the +Gauge value of a MIB object will be exported. The MIB Object +Identifier (""mibObjectIdentifier"") for this field MUST be exported +in a MIB Field Option or via another means. This Information +Element is used for MIB objects with the Base syntax of Gauge32. +The value is encoded as per the standard IPFIX Abstract Data Type +of unsigned32. This value represents a non-negative integer that +may increase or decrease but that shall never exceed a maximum +value or fall below a minimum value.",,,,[RFC8038],0,2015-12-13 +441,mibObjectValueTimeTicks,unsigned32,quantity,current,"An IPFIX Information Element that denotes that the +TimeTicks value of a MIB object will be exported. The MIB Object +Identifier (""mibObjectIdentifier"") for this field MUST be exported +in a MIB Field Option or via another means. This Information +Element is used for MIB objects with the Base syntax of TimeTicks. +The value is encoded as per the standard IPFIX Abstract Data Type +of unsigned32.",,,,[RFC8038],1,2017-04-30 +442,mibObjectValueUnsigned,unsigned32,quantity,current,"An IPFIX Information Element that denotes that an +unsigned integer value of a MIB object will be exported. The MIB +Object Identifier (""mibObjectIdentifier"") for this field MUST be +exported in a MIB Field Option or via another means. This +Information Element is used for MIB objects with the Base syntax +of unsigned32 with IPFIX reduced-size encoding used as required. +The value is encoded as per the standard IPFIX Abstract Data Type +of unsigned32.",,,,[RFC8038],1,2017-04-30 +443,mibObjectValueTable,subTemplateList,list,current,"An IPFIX Information Element that denotes that a +complete or partial conceptual table will be exported. The MIB +Object Identifier (""mibObjectIdentifier"") for this field MUST be +exported in a MIB Field Option or via another means. This +Information Element is used for MIB objects with a syntax of +SEQUENCE OF. This is encoded as a subTemplateList of mibObjectValue +Information Elements. The Template specified in the +subTemplateList MUST be an Options Template and MUST include all +the objects listed in the INDEX clause as Scope Fields.",,,,[RFC8038],1,2017-04-30 +444,mibObjectValueRow,subTemplateList,list,current,"An IPFIX Information Element that denotes that a +single row of a conceptual table will be exported. The MIB Object +Identifier (""mibObjectIdentifier"") for this field MUST be exported +in a MIB Field Option or via another means. This Information +Element is used for MIB objects with a syntax of SEQUENCE. This +is encoded as a subTemplateList of mibObjectValue Information +Elements. The subTemplateList exported MUST contain exactly one +row (i.e., one instance of the subTemplate). The Template +specified in the subTemplateList MUST be an Options Template and +MUST include all the objects listed in the INDEX clause as Scope +Fields.",,,,[RFC8038],0,2015-12-13 +445,mibObjectIdentifier,octetArray,default,current,"An IPFIX Information Element that denotes that a MIB +Object Identifier (MIB OID) is exported in the (Options) +Template Record. The mibObjectIdentifier Information Element +contains the OID assigned to the MIB object type definition +encoded as ASN.1/BER [X.690].",,,,[RFC8038],0,2015-12-13 +446,mibSubIdentifier,unsigned32,identifier,current,A non-negative sub-identifier of an Object Identifier (OID).,,,,[RFC8038],0,2015-12-13 +447,mibIndexIndicator,unsigned64,flags,current,"A set of bit fields that is used for marking the +Information Elements of a Data Record that serve as INDEX MIB +objects for an indexed columnar MIB object. Each bit represents +an Information Element in the Data Record, with the n-th least +significant bit representing the n-th Information Element. A bit +set to 1 indicates that the corresponding Information Element is +an index of the columnar object represented by the mibObjectValue. +A bit set to 0 indicates that this is not the case. + + + + +If the Data Record contains more than 64 Information Elements, the +corresponding Template SHOULD be designed such that all index +fields are among the first 64 Information Elements, because the +mibIndexIndicator only contains 64 bits. If the Data Record +contains less than 64 Information Elements, then the extra bits in +the mibIndexIndicator for which no corresponding Information +Element exists MUST have the value 0 and must be disregarded by +the Collector. This Information Element may be exported with +IPFIX reduced-size encoding.",,,,[RFC8038],0,2015-12-13 +448,mibCaptureTimeSemantics,unsigned8,identifier,current,"Indicates when in the lifetime of the Flow the MIB +value was retrieved from the MIB for a mibObjectIdentifier. This +is used to indicate if the value exported was collected from the +MIB closer to Flow creation or Flow export time and refers to the +Timestamp fields included in the same Data Record. This field +SHOULD be used when exporting a mibObjectValue that specifies +counters or statistics. + + + + +If the MIB value was sampled by SNMP prior to the IPFIX Metering +Process or Exporting Process retrieving the value (i.e., the data +is already stale) and it is important to know the exact sampling +time, then an additional observationTime* element should be paired +with the OID using IPFIX Structured Data [RFC6313]. Similarly, if +different MIB capture times apply to different mibObjectValue elements +within the Data Record, then individual mibCaptureTimeSemantics +Information Elements should be paired with each OID using IPFIX +Structured Data. + + + + +Values: + + + + +0 undefined + + + + +1 begin - The value for the MIB object is captured from the +MIB when the Flow is first observed + + + + +2 end - The value for the MIB object is captured from the MIB +when the Flow ends + + + + +3 export - The value for the MIB object is captured from the +MIB at export time + + + + +4 average - The value for the MIB object is an average of +multiple captures from the MIB over the observed life of the +Flow",,,,[RFC8038],0,2015-12-13 +449,mibContextEngineID,octetArray,default,current,"A mibContextEngineID that specifies the SNMP engine +ID for a MIB field being exported over IPFIX. Definition as per +[RFC3411], Section 3.3.",,,,[RFC8038],0,2015-12-13 +450,mibContextName,string,default,current,"An Information Element that denotes that a MIB +context name is specified for a MIB field being exported over +IPFIX. Reference [RFC3411], Section 3.3.",,,,[RFC8038],0,2015-12-13 +451,mibObjectName,string,default,current,"The name (called a descriptor in [RFC2578] +of an object type definition.",,,,[RFC8038],0,2015-12-13 +452,mibObjectDescription,string,default,current,"The value of the DESCRIPTION clause of a MIB object +type definition.",,,,[RFC8038],0,2015-12-13 +453,mibObjectSyntax,string,default,current,"The value of the SYNTAX clause of a MIB object type +definition, which may include a textual convention or sub-typing. +See [RFC2578].",,,,[RFC8038],0,2015-12-13 +454,mibModuleName,string,default,current,"The textual name of the MIB module that defines a MIB +object.",,,,[RFC8038],0,2015-12-13 +455,mobileIMSI,string,default,current,"The International Mobile Subscription Identity (IMSI). The +IMSI is a decimal digit string with up to a maximum of 15 ASCII/UTF-8 +encoded digits (0x30 - 0x39).",,,[3GPP TS 23.003] Section 3 and [ITU-T E.164].,[ipfix-iana_at_cisco.com],0,2015-12-15 +456,mobileMSISDN,string,default,current,"The Mobile Station International Subscriber Directory Number +(MSISDN). The MSISDN is a decimal digit string with up to a maximum of 15 +ASCII/UTF-8 encoded digits (0x30 - 0x39).",,,[3GPP TS 23.003] Section 3 and [ITU-T E.164].,[ipfix-iana_at_cisco.com],0,2015-12-15 +457,httpStatusCode,unsigned16,identifier,current,"The HTTP Response Status Code, as defined in +section 6 of [RFC7231], +associated with a flow. Implies that the flow +record represents a flow containing an HTTP +Response.",,0-999,[RFC7231],[Andrew_Feren],0,2016-04-28 +458,sourceTransportPortsLimit,unsigned16,quantity,current,"This Information Element contains the maximum +number of IP source transport ports that can be used by an end +user when sending IP packets; each user is associated with one +or more (source) IPv4 or IPv6 addresses. This Information +Element is particularly useful in address-sharing deployments +that adhere to REQ-4 of [RFC6888]. Limiting the number of +ports assigned to each user ensures fairness among users and +mitigates the denial-of-service attack that a user could launch +against other users through the address-sharing device in order +to grab more ports.",ports,1-65535,,"[RFC8045][RFC Errata + 5009]",1,2017-08-01 +459,httpRequestMethod,string,,current,"The HTTP request method, as defined in section 4 of +[RFC7231], associated with a +flow. String with up to 8 UTF-8 characters.",,,,[Felix_Erlacher],0,2016-11-15 +460,httpRequestHost,string,,current,"The HTTP request host, as defined in section 5.4 of +[RFC7230] or, in the case of +HTTP/2, the content of the :authority pseudo-header +field as defined in section 8.1.2.3 of +[RFC7240]. Encoded in UTF-8.",,,,[Felix_Erlacher],0,2016-11-15 +461,httpRequestTarget,string,,current,"The HTTP request target, as defined in section 2 of +[RFC7231] and in section 5.3 of +[RFC7230], associated with a flow. +Or the HTTP/2 "":path"" pseudo-header field as defined in +section 8.1.2.3 of [RFC7240]. +Encoded in UTF-8.",,,,[Felix_Erlacher],0,2016-11-15 +462,httpMessageVersion,string,,current,"The version of an HTTP/1.1 message as indicated by the +HTTP-version field, defined in section 2.6 of +[RFC7230], or the version +identification of an HTTP/2 frame as defined in +[RFC7240] section 3.1. The length +of this field is limited to 10 characters, UTF-8 encoded.",,,,[Felix_Erlacher],0,2016-11-15 +463,natInstanceID,unsigned32,identifier,current,"This Information Element uniquely identifies an Instance of the NAT + that runs on a NAT middlebox function after the packet passes the + Observation Point. natInstanceID is defined in + [RFC7659].",,,"See [RFC791] for the definition of the IPv4 + source address field. See [RFC3022] + for the definition of NAT. See [RFC3234] + for the definition of middleboxes.",[RFC8158],0,2017-03-15 +464,internalAddressRealm,octetArray,identifier,current,"This Information Element represents the internal address realm where + the packet is originated from or destined to. By definition, a NAT + mapping can be created from two address realms, one from internal and + one from external. Realms are implementation dependent and can represent + a Virtual Routing and Forwarding (VRF) ID, a VLAN ID, or some unique + identifier. Realms are optional and, when left unspecified, would mean + that the external and internal realms are the same.",,,"See [RFC791] for the definition of the IPv4 + source address field. See [RFC3022] + for the definition of NAT. See [RFC3234] + for the definition of middleboxes.",[RFC8158],0,2017-03-15 +465,externalAddressRealm,octetArray,identifier,current,"This Information Element represents the external address + realm where the packet is originated from or destined to. The + detailed definition is in the internal address realm as specified + above.",,,"See [RFC791] for the definition of the IPv4 + source address field. See [RFC3022] + for the definition of NAT. See [RFC3234] + for the definition of middleboxes.",[RFC8158],0,2017-03-15 +466,natQuotaExceededEvent,unsigned32,identifier,current,"This Information Element identifies the type of a NAT Quota Exceeded + event. Values for this Information Element are listed in the ""NAT + Quota Exceeded Event Type"" registry, see + [http://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix-nat-quota-exceeded-event]. + New assignments of values will be administered by IANA and are subject + to Expert Review [RFC8126]. Experts need to + check definitions of new values for completeness, accuracy, and + redundancy.",,,"See [RFC791] for the definition of the IPv4 + source address field. See [RFC3022] + for the definition of NAT. See [RFC3234] + for the definition of middleboxes.",[RFC8158],0,2017-03-15 +467,natThresholdEvent,unsigned32,identifier,current,"This Information Element identifies a type of a NAT Threshold event. + Values for this Information Element are listed in the ""NAT Threshold + Event Type"" registry, see + [http://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix-nat-threshold-event]. + New assignments of values will be administered by IANA and are + subject to Expert Review [RFC8126]. Experts + need to check definitions of new values for completeness, accuracy, + and redundancy.",,,"See [RFC791] for the definition of the IPv4 + source address field. See [RFC3022] + for the definition of NAT. See [RFC3234] + for the definition of middleboxes.",[RFC8158],0,2017-03-15 +468,httpUserAgent,string,default,current,"The HTTP User-Agent header field as defined in section 5.5.3 of + [RFC7231]. Encoded in UTF-8.",,,[RFC7231],[Andrew_Feren],0,2017-04-19 +469,httpContentType,string,default,current,"The HTTP Content-Type header field as defined in section 3.1.1.5 of + [RFC7231]. Encoded in UTF-8.",,,[RFC7231],[Andrew_Feren],0,2017-04-19 +470,httpReasonPhrase,string,default,current,"The HTTP reason phrase as defined in section 6.1 of of + [RFC7231].",,,[RFC7231],[Felix_Erlacher],0,2017-06-19 +471,maxSessionEntries,unsigned32,identifier,current,"This element represents the maximum session entries that + can be created by the NAT device.",,,"See [RFC3022] for the definition of NAT. + See [RFC3234] for the definition of middleboxes.",[RFC8158],0,2017-12-01 +472,maxBIBEntries,unsigned32,identifier,current,"This element represents the maximum BIB entries that can + be created by the NAT device.",,,"See [RFC3022] for the definition of NAT. + See [RFC3234] for the definition of middleboxes.",[RFC8158],0,2017-12-01 +473,maxEntriesPerUser,unsigned32,identifier,current,"This element represents the maximum NAT entries that can + be created per user by the NAT device.",,,"See [RFC3022] for the definition of NAT. + See [RFC3234] for the definition of middleboxes.",[RFC8158],0,2017-12-01 +474,maxSubscribers,unsigned32,identifier,current,"This element represents the maximum subscribers or + maximum hosts that are allowed by the NAT device.",,,"See [RFC3022] for the definition of NAT. + See [RFC3234] for the definition of middleboxes.",[RFC8158],0,2017-12-01 +475,maxFragmentsPendingReassembly,unsigned32,identifier,current,"This element represents the maximum fragments that the + NAT device can store for reassembling the packet.",,,"See [RFC3022] for the definition of NAT. + See [RFC3234] for the definition of middleboxes.",[RFC8158],0,2017-12-01 +476,addressPoolHighThreshold,unsigned32,identifier,current,"This element represents the high threshold value of the + number of public IP addresses in the address pool.",,,"See [RFC3022] for the definition of NAT. + See [RFC3234] for the definition of middleboxes.",[RFC8158],0,2017-12-01 +477,addressPoolLowThreshold,unsigned32,identifier,current,"This element represents the low threshold value of the + number of public IP addresses in the address pool.",,,"See [RFC3022] for the definition of NAT. + See [RFC3234] for the definition of middleboxes.",[RFC8158],0,2017-12-01 +478,addressPortMappingHighThreshold,unsigned32,identifier,current,"This element represents the high threshold value of the + number of address and port mappings.",,,"See [RFC3022] for the definition of NAT. + See [RFC3234] for the definition of middleboxes.",[RFC8158],0,2017-12-01 +479,addressPortMappingLowThreshold,unsigned32,identifier,current,"This element represents the low threshold value of the + number of address and port mappings.",,,"See [RFC3022] for the definition of NAT. + See [RFC3234] for the definition of middleboxes.",[RFC8158],0,2017-12-01 +480,addressPortMappingPerUserHighThreshold,unsigned32,identifier,current,"This element represents the high threshold value of the + number of address and port mappings that a single user is allowed to + create on a NAT device.",,,"See [RFC3022] for the definition of NAT. + See [RFC3234] for the definition of middleboxes.",[RFC8158],0,2017-12-01 +481,globalAddressMappingHighThreshold,unsigned32,identifier,current,"This element represents the high threshold value of the + number of address and port mappings that a single user is allowed to + create on a NAT device in a paired address pooling behavior.",,,"See [RFC3022] for the definition of NAT. + See [RFC3234] for the definition of middleboxes. + See [RFC4787] for the definition of paired + address pooling behavior.",[RFC8158],0,2017-12-01 +482,vpnIdentifier,octetArray,default,current,"VPN ID in the format specified by [RFC2685]. + The size of this Information Element is 7 octets.",,,[RFC2685],[ipfix-iana_at_cisco.com],0,2018-07-10 +483-32767,Unassigned,,,,,,,,,, diff --git a/filebeat/input/netflow/decoder/fields/types.go b/filebeat/input/netflow/decoder/fields/types.go new file mode 100644 index 00000000000..2832a9acc58 --- /dev/null +++ b/filebeat/input/netflow/decoder/fields/types.go @@ -0,0 +1,382 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package fields + +import ( + "encoding/binary" + "encoding/hex" + "errors" + "fmt" + "io" + "math" + "net" + "strings" + "time" +) + +var ( + NtpEpoch = time.Date(1900, 1, 1, 0, 0, 0, 0, time.UTC) + + ErrOutOfBounds = errors.New("excess bytes for decoding") + ErrUnsupported = errors.New("unsupported data type") +) + +type Decoder interface { + Decode([]byte) (interface{}, error) + MinLength() uint16 + MaxLength() uint16 +} + +type UnsignedDecoder uint8 + +func (u UnsignedDecoder) MinLength() uint16 { + return 1 +} + +func (u UnsignedDecoder) MaxLength() uint16 { + return uint16(u) +} + +func (u UnsignedDecoder) Decode(data []byte) (interface{}, error) { + n := len(data) + if n > int(u) { + return uint64(0), ErrOutOfBounds + } + switch n { + case 0: + return uint64(0), io.EOF + case 1: + return uint64(data[0]), nil + case 2: + return uint64(binary.BigEndian.Uint16(data)), nil + case 4: + return uint64(binary.BigEndian.Uint32(data)), nil + case 8: + return binary.BigEndian.Uint64(data), nil + default: + var value uint64 + for i := 0; i < n; i++ { + value = (value << 8) | uint64(data[i]) + } + return value, nil + } +} + +var _ Decoder = (*UnsignedDecoder)(nil) + +type SignedDecoder uint8 + +func (u SignedDecoder) MinLength() uint16 { + return 1 +} + +func (u SignedDecoder) MaxLength() uint16 { + return uint16(u) +} + +func (u SignedDecoder) Decode(data []byte) (interface{}, error) { + n := len(data) + if n > int(u) { + return int64(0), ErrOutOfBounds + } + switch n { + case 0: + return int64(0), io.EOF + case 1: + return int64(int8(data[0])), nil + case 2: + return int64(int16(binary.BigEndian.Uint16(data))), nil + case 4: + return int64(int32(binary.BigEndian.Uint32(data))), nil + case 8: + return int64(binary.BigEndian.Uint64(data)), nil + default: + value := uint64(data[0]) + if value&0x80 != 0 { + value |= ^uint64(0xFF) + } + for i := 1; i < n; i++ { + value = (value << 8) | uint64(data[i]) + } + return int64(value), nil + } +} + +var _ Decoder = (*SignedDecoder)(nil) + +type FloatDecoder uint8 + +func (u FloatDecoder) MinLength() uint16 { + return 4 +} + +func (u FloatDecoder) MaxLength() uint16 { + return uint16(u) +} + +func (u FloatDecoder) Decode(data []byte) (interface{}, error) { + n := len(data) + if n > int(u) { + return float64(0), ErrOutOfBounds + } + switch n { + case 0: + return float64(0), io.EOF + case 4: + return float64(math.Float32frombits(binary.BigEndian.Uint32(data))), nil + case 8: + return float64(math.Float64frombits(binary.BigEndian.Uint64(data))), nil + default: + return float64(0), fmt.Errorf("wrong number of bytes in floating point decoding. have=%d want={4,8}", n) + } +} + +var _ Decoder = (*FloatDecoder)(nil) + +type BooleanDecoder struct{} + +func (u BooleanDecoder) MinLength() uint16 { + return 1 +} + +func (u BooleanDecoder) MaxLength() uint16 { + return 1 +} + +func (u BooleanDecoder) Decode(data []byte) (interface{}, error) { + n := len(data) + switch n { + case 0: + return false, io.EOF + case 1: + /* The boolean data type is specified according to the TruthValue in + [RFC2579]. It is encoded as a single-octet integer per + Section 6.1.1, with the value 1 for true and value 2 for false. + Every other value is undefined. + */ + switch data[0] { + case 1: + return true, nil + case 2: + return false, nil + default: + return false, fmt.Errorf("invalid value for boolean decoding. have=%d want={1,2}", data[0]) + } + default: + return false, ErrOutOfBounds + } +} + +var _ Decoder = (*BooleanDecoder)(nil) + +type OctetArrayDecoder struct{} + +func (u OctetArrayDecoder) MinLength() uint16 { + return 0 +} + +func (u OctetArrayDecoder) MaxLength() uint16 { + return 0xffff +} + +func (u OctetArrayDecoder) Decode(data []byte) (interface{}, error) { + return data, nil +} + +var _ Decoder = (*OctetArrayDecoder)(nil) + +type MacAddressDecoder struct{} + +func (u MacAddressDecoder) MinLength() uint16 { + return 6 +} + +func (u MacAddressDecoder) MaxLength() uint16 { + return 6 +} + +func (u MacAddressDecoder) Decode(data []byte) (interface{}, error) { + if len(data) != 6 { + return net.HardwareAddr{}, ErrOutOfBounds + } + return net.HardwareAddr(data), nil +} + +var _ Decoder = (*MacAddressDecoder)(nil) + +type StringDecoder struct{} + +func (u StringDecoder) MinLength() uint16 { + return 0 +} + +func (u StringDecoder) MaxLength() uint16 { + return 0xffff +} + +func (u StringDecoder) Decode(data []byte) (interface{}, error) { + return strings.TrimRightFunc(string(data), func(r rune) bool { + return r == 0 + }), nil +} + +var _ Decoder = (*StringDecoder)(nil) + +type DateTimeSecondsDecoder struct{} + +func (u DateTimeSecondsDecoder) MinLength() uint16 { + return 4 +} + +func (u DateTimeSecondsDecoder) MaxLength() uint16 { + return 4 +} + +func (u DateTimeSecondsDecoder) Decode(data []byte) (interface{}, error) { + if len(data) != 4 { + return time.Time{}, ErrOutOfBounds + } + return time.Unix(int64(binary.BigEndian.Uint32(data)), 0).UTC(), nil +} + +var _ Decoder = (*DateTimeSecondsDecoder)(nil) + +type DateTimeMillisecondsDecoder struct{} + +func (u DateTimeMillisecondsDecoder) MinLength() uint16 { + return 8 +} + +func (u DateTimeMillisecondsDecoder) MaxLength() uint16 { + return 8 +} + +func (u DateTimeMillisecondsDecoder) Decode(data []byte) (interface{}, error) { + if len(data) != 8 { + return time.Time{}, ErrOutOfBounds + } + millis := binary.BigEndian.Uint64(data) + return time.Unix(int64(millis/1000), int64(millis%1000)*1000000).UTC(), nil +} + +var _ Decoder = (*DateTimeMillisecondsDecoder)(nil) + +type NTPTimestampDecoder struct{} + +func (u NTPTimestampDecoder) MinLength() uint16 { + return 8 +} + +func (u NTPTimestampDecoder) MaxLength() uint16 { + return 8 +} + +func (u NTPTimestampDecoder) Decode(data []byte) (interface{}, error) { + if len(data) != 8 { + return time.Time{}, ErrOutOfBounds + } + secs := binary.BigEndian.Uint32(data[:4]) + frac := binary.BigEndian.Uint32(data[4:]) + return NtpEpoch.Add(time.Duration(secs) * time.Second).Add(time.Duration(int64(frac)*int64(time.Second)/int64(0x100000000)) * time.Nanosecond), nil +} + +var _ Decoder = (*NTPTimestampDecoder)(nil) + +type IPAddressDecoder uint8 + +func (u IPAddressDecoder) MinLength() uint16 { + return uint16(u) +} + +func (u IPAddressDecoder) MaxLength() uint16 { + return uint16(u) +} + +func (u IPAddressDecoder) Decode(data []byte) (interface{}, error) { + n := len(data) + if n != int(u) { + return net.IP{}, ErrOutOfBounds + } + if n == 4 { + return net.IPv4(data[0], data[1], data[2], data[3]).To4(), nil + } + return net.IP(data), nil +} + +var _ Decoder = (*IPAddressDecoder)(nil) + +type UnsupportedDecoder struct{} + +func (u UnsupportedDecoder) MinLength() uint16 { + return 0 +} + +func (u UnsupportedDecoder) MaxLength() uint16 { + return math.MaxUint16 +} + +func (u UnsupportedDecoder) Decode(data []byte) (interface{}, error) { + return nil, ErrUnsupported +} + +var _ Decoder = (*UnsupportedDecoder)(nil) + +type ACLIDDecoder struct{} + +const aclIDLength = 12 + +func (u ACLIDDecoder) MinLength() uint16 { + return aclIDLength +} + +func (u ACLIDDecoder) MaxLength() uint16 { + return aclIDLength +} + +func (u ACLIDDecoder) Decode(data []byte) (interface{}, error) { + if len(data) != aclIDLength { + return nil, ErrOutOfBounds + } + // Encode a [12]byte to a hex string in the form: + // "11223344-55667788-99aabbcc" + var result [aclIDLength*2 + 2]byte + hex.Encode(result[:8], data[:4]) + hex.Encode(result[9:17], data[4:8]) + hex.Encode(result[18:], data[8:]) + result[8], result[17] = '-', '-' + return string(result[:]), nil +} + +var _ Decoder = (*OctetArrayDecoder)(nil) + +// RFC5610 fields +var ( + OctetArray = OctetArrayDecoder{} + Unsigned8 = UnsignedDecoder(1) + Unsigned16 = UnsignedDecoder(2) + Unsigned32 = UnsignedDecoder(4) + Unsigned64 = UnsignedDecoder(8) + Signed8 = SignedDecoder(1) + Signed16 = SignedDecoder(2) + Signed32 = SignedDecoder(4) + Signed64 = SignedDecoder(8) + Float32 = FloatDecoder(4) + Float64 = FloatDecoder(8) + Boolean = BooleanDecoder{} + MacAddress = MacAddressDecoder{} + String = StringDecoder{} + DateTimeSeconds = DateTimeSecondsDecoder{} + DateTimeMilliseconds = DateTimeMillisecondsDecoder{} + DateTimeMicroseconds = NTPTimestampDecoder{} + DateTimeNanoseconds = NTPTimestampDecoder{} + Ipv4Address = IPAddressDecoder(4) + Ipv6Address = IPAddressDecoder(16) + BasicList = UnsupportedDecoder{} + SubTemplateList = UnsupportedDecoder{} + SubTemplateMultiList = UnsupportedDecoder{} +) + +// ACLID field added for Cisco ASA devices +var ACLID = ACLIDDecoder{} diff --git a/filebeat/input/netflow/decoder/fields/types_test.go b/filebeat/input/netflow/decoder/fields/types_test.go new file mode 100644 index 00000000000..ffe56c831dd --- /dev/null +++ b/filebeat/input/netflow/decoder/fields/types_test.go @@ -0,0 +1,1129 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package fields + +import ( + "encoding/binary" + "fmt" + "math" + "net" + "testing" + "time" + + "github.com/stretchr/testify/assert" +) + +const ( + // UnixEpochInNTP represents the number of seconds between 1-Jan-1900 + // and 1-Jan-1970, that is, the UNIX Epoch as an NTP timestamp seconds. + UnixEpochInNTP = uint32(2208988800) +) + +func TestOctetArray(t *testing.T) { + assert.Equal(t, uint16(0), OctetArray.MinLength()) + assert.Equal(t, ^uint16(0), OctetArray.MaxLength()) + for _, testCase := range [][]byte{ + {}, + {1}, + {1, 2, 3}, + make([]byte, 65535), + } { + t.Run(fmt.Sprintf("array of length %d", len(testCase)), func(t *testing.T) { + value, err := OctetArray.Decode(testCase) + assert.NoError(t, err) + assert.Equal(t, testCase, value) + }) + } +} + +type testCase struct { + title string + bytes []byte + value interface{} + err bool + strValue string +} + +func (testCase testCase) Run(t *testing.T, decoder Decoder) { + t.Run(testCase.title, func(t *testing.T) { + value, err := decoder.Decode(testCase.bytes) + assert.Equal(t, testCase.value, value) + if testCase.err { + assert.Error(t, err) + } else { + assert.NoError(t, err) + } + if len(testCase.strValue) > 0 { + stringer, isStringer := value.(fmt.Stringer) + assert.True(t, isStringer) + assert.Equal(t, testCase.strValue, stringer.String()) + } + }) +} + +func doTest(t *testing.T, decoder Decoder, min uint16, max uint16, testCases []testCase) { + assert.Equal(t, min, decoder.MinLength(), "min length out of bounds") + assert.Equal(t, max, decoder.MaxLength(), "max length out of bounds") + for _, testCase := range testCases { + testCase.Run(t, decoder) + } +} + +func TestUnsigned8(t *testing.T) { + doTest(t, Unsigned8, 1, 1, []testCase{ + { + title: "No data", + value: uint64(0), + err: true, + }, + { + title: "Single byte 0", + bytes: []byte{0}, + value: uint64(0), + }, + { + title: "Single byte 1", + bytes: []byte{1}, + value: uint64(1), + }, + { + title: "Single byte 255", + bytes: []byte{255}, + value: uint64(255), + }, + { + title: "Excess data", + bytes: []byte{128, 129}, + value: uint64(0), + err: true, + }, + }) +} + +func TestUnsigned16(t *testing.T) { + doTest(t, Unsigned16, 1, 2, []testCase{ + { + title: "No data", + value: uint64(0), + err: true, + }, + { + title: "Single byte 0", + bytes: []byte{0}, + value: uint64(0), + }, + { + title: "Single byte 1", + bytes: []byte{1}, + value: uint64(1), + }, + { + title: "Single byte 255", + bytes: []byte{255}, + value: uint64(255), + }, + { + title: "Two bytes", + bytes: []byte{128, 129}, + value: uint64(128<<8 | 129), + }, + { + title: "Two bytes zero", + bytes: []byte{0, 0}, + value: uint64(0), + }, + { + title: "Two bytes max", + bytes: []byte{255, 255}, + value: uint64(0xFFFF), + }, + { + title: "Excess data", + bytes: []byte{1, 255, 255}, + value: uint64(0), + err: true, + }, + }) +} + +func TestUnsigned32(t *testing.T) { + doTest(t, Unsigned32, 1, 4, []testCase{ + { + title: "No data", + value: uint64(0), + err: true, + }, + { + title: "Single byte 0", + bytes: []byte{0}, + value: uint64(0), + }, + { + title: "Single byte 1", + bytes: []byte{1}, + value: uint64(1), + }, + { + title: "Single byte 255", + bytes: []byte{255}, + value: uint64(255), + }, + { + title: "Two bytes", + bytes: []byte{128, 129}, + value: uint64(0x8081), + }, + { + title: "Two bytes zero", + bytes: []byte{0, 0}, + value: uint64(0), + }, + { + title: "3 bytes", + bytes: []byte{128, 129, 255}, + value: uint64(0x8081ff), + }, + { + title: "4 bytes", + bytes: []byte{255, 1, 2, 3}, + value: uint64(0xff010203), + }, + { + title: "excess", + bytes: []byte{10, 255, 1, 2, 3}, + value: uint64(0), + err: true, + }, + }) +} + +func TestUnsigned64(t *testing.T) { + doTest(t, Unsigned64, 1, 8, []testCase{ + { + title: "No data", + value: uint64(0), + err: true, + }, + { + title: "Single byte 0", + bytes: []byte{0}, + value: uint64(0), + }, + { + title: "Single byte 1", + bytes: []byte{1}, + value: uint64(1), + }, + { + title: "Single byte 255", + bytes: []byte{255}, + value: uint64(255), + }, + { + title: "Two bytes", + bytes: []byte{128, 129}, + value: uint64(0x8081), + }, + { + title: "Two bytes zero", + bytes: []byte{0, 0}, + value: uint64(0), + }, + { + title: "3 bytes", + bytes: []byte{128, 129, 255}, + value: uint64(0x8081ff), + }, + { + title: "4 bytes", + bytes: []byte{255, 1, 2, 3}, + value: uint64(0xff010203), + }, + { + title: "5 bytes", + bytes: []byte{10, 255, 1, 2, 3}, + value: uint64(0x0aff010203), + }, + { + title: "6 bytes", + bytes: []byte{254, 10, 255, 1, 2, 3}, + value: uint64(0xfe0aff010203), + }, + { + title: "7 bytes", + bytes: []byte{12, 254, 10, 255, 1, 2, 3}, + value: uint64(0x0cfe0aff010203), + }, + { + title: "8 bytes", + bytes: []byte{240, 12, 254, 10, 255, 1, 2, 3}, + value: uint64(0xf00cfe0aff010203), + }, + { + title: "excess", + bytes: []byte{1, 240, 12, 254, 10, 255, 1, 2, 3}, + value: uint64(0), + err: true, + }, + }) +} + +func TestSigned8(t *testing.T) { + doTest(t, Signed8, 1, 1, []testCase{ + { + title: "No data", + value: int64(0), + err: true, + }, + { + title: "Single byte 0", + bytes: []byte{0}, + value: int64(0), + }, + { + title: "Single byte 1", + bytes: []byte{1}, + value: int64(1), + }, + { + title: "Negative", + bytes: []byte{255}, + value: int64(-1), + }, + { + title: "Negative 2", + bytes: []byte{128}, + value: int64(-128), + }, + { + title: "Negative 3", + bytes: []byte{240}, + value: int64(-16), + }, + { + title: "Excess data", + bytes: []byte{128, 129}, + value: int64(0), + err: true, + }, + }) +} + +func TestSigned16(t *testing.T) { + doTest(t, Signed16, 1, 2, []testCase{ + { + title: "No data", + value: int64(0), + err: true, + }, + { + title: "Single byte 0", + bytes: []byte{0}, + value: int64(0), + }, + { + title: "Single byte 1", + bytes: []byte{1}, + value: int64(1), + }, + { + title: "Negative", + bytes: []byte{255}, + value: int64(-1), + }, + { + title: "Negative 2", + bytes: []byte{128}, + value: int64(-128), + }, + { + title: "Negative 3", + bytes: []byte{240}, + value: int64(-16), + }, + { + title: "Two bytes positive", + bytes: []byte{127, 129}, + value: int64(0x7f81), + }, + { + title: "Two bytes negative", + bytes: []byte{128, 129}, + value: int64(-0x7f7f), + }, + { + title: "Minus one", + bytes: []byte{0xff, 0xff}, + value: int64(-1), + }, + { + title: "excess", + bytes: []byte{0x80, 0, 0}, + value: int64(0), + err: true, + }, + }) +} + +func TestSigned32(t *testing.T) { + doTest(t, Signed32, 1, 4, []testCase{ + { + title: "No data", + value: int64(0), + err: true, + }, + { + title: "Single byte 0", + bytes: []byte{0}, + value: int64(0), + }, + { + title: "Single byte 1", + bytes: []byte{1}, + value: int64(1), + }, + { + title: "Negative", + bytes: []byte{255}, + value: int64(-1), + }, + { + title: "Negative 2", + bytes: []byte{128}, + value: int64(-128), + }, + { + title: "Negative 3", + bytes: []byte{240}, + value: int64(-16), + }, + { + title: "Two bytes positive", + bytes: []byte{127, 129}, + value: int64(0x7f81), + }, + { + title: "Two bytes negative", + bytes: []byte{128, 129}, + value: int64(-0x7f7f), + }, + { + title: "Minus one", + bytes: []byte{0xff, 0xff}, + value: int64(-1), + }, + { + title: "3 bytes positive", + bytes: []byte{127, 129, 255}, + value: int64(0x7f81ff), + }, + { + title: "3 bytes negative", + bytes: []byte{128, 129, 255}, + value: int64(-0x7f7e01), + }, + { + title: "3 bytes Minus one", + bytes: []byte{0xff, 0xff, 0xff}, + value: int64(-1), + }, + { + title: "4 bytes", + bytes: []byte{0xff, 0xff, 0xff, 0xff}, + value: int64(-1), + }, + { + title: "4 bytes max positive", + bytes: []byte{0x7f, 0xff, 0xff, 0xff}, + value: int64(1<<31 - 1), + }, + { + title: "4 bytes max negative", + bytes: []byte{0x80, 0, 0, 0}, + value: int64(-(1 << 31)), + }, + { + title: "excess", + bytes: []byte{0x80, 0, 0, 0, 0}, + value: int64(0), + err: true, + }, + }) +} + +func TestSigned64(t *testing.T) { + doTest(t, Signed64, 1, 8, []testCase{ + { + title: "No data", + value: int64(0), + err: true, + }, + { + title: "Single byte 0", + bytes: []byte{0}, + value: int64(0), + }, + { + title: "Single byte 1", + bytes: []byte{1}, + value: int64(1), + }, + { + title: "Negative", + bytes: []byte{255}, + value: int64(-1), + }, + { + title: "Negative 2", + bytes: []byte{128}, + value: int64(-128), + }, + { + title: "Negative 3", + bytes: []byte{240}, + value: int64(-16), + }, + { + title: "Two bytes positive", + bytes: []byte{127, 129}, + value: int64(0x7f81), + }, + { + title: "Two bytes negative", + bytes: []byte{128, 129}, + value: int64(-0x7f7f), + }, + { + title: "Minus one", + bytes: []byte{0xff, 0xff}, + value: int64(-1), + }, + { + title: "3 bytes positive", + bytes: []byte{127, 129, 255}, + value: int64(0x7f81ff), + }, + { + title: "3 bytes negative", + bytes: []byte{128, 129, 255}, + value: int64(-0x7f7e01), + }, + { + title: "3 bytes Minus one", + bytes: []byte{0xff, 0xff, 0xff}, + value: int64(-1), + }, + { + title: "4 bytes", + bytes: []byte{0xff, 0xff, 0xff, 0xff}, + value: int64(-1), + }, + { + title: "4 bytes max positive", + bytes: []byte{0x7f, 0xff, 0xff, 0xff}, + value: int64(1<<31 - 1), + }, + { + title: "4 bytes max negative", + bytes: []byte{0x80, 0, 0, 0}, + value: int64(-(1 << 31)), + }, + { + title: "5 bytes max positive", + bytes: []byte{0x7f, 0xff, 0xff, 0xff, 0xff}, + value: int64(1<<39 - 1), + }, + { + title: "5 bytes max negative", + bytes: []byte{0x80, 0, 0, 0, 0}, + value: int64(-(1 << 39)), + }, + { + title: "6 bytes max positive", + bytes: []byte{0x7f, 0xff, 0xff, 0xff, 0xff, 0xff}, + value: int64(1<<47 - 1), + }, + { + title: "6 bytes max negative", + bytes: []byte{0x80, 0, 0, 0, 0, 0}, + value: int64(-(1 << 47)), + }, + { + title: "7 bytes max positive", + bytes: []byte{0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + value: int64(1<<55 - 1), + }, + { + title: "7 bytes max negative", + bytes: []byte{0x80, 0, 0, 0, 0, 0, 0}, + value: int64(-(1 << 55)), + }, + { + title: "8 bytes max positive", + bytes: []byte{0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + value: int64(1<<63 - 1), + }, + { + title: "8 bytes max negative", + bytes: []byte{0x80, 0, 0, 0, 0, 0, 0, 0}, + value: int64(-(1 << 63)), + }, + { + title: "excess", + bytes: []byte{0x80, 0, 0, 0, 0, 0, 0, 0, 1}, + value: int64(0), + err: true, + }, + }) +} + +func makeFloat32(value float32) testCase { + var bytes [4]byte + binary.BigEndian.PutUint32(bytes[:], math.Float32bits(value)) + return testCase{ + title: fmt.Sprintf("expected float32 %v", value), + value: float64(value), + bytes: bytes[:], + } +} + +func makeFloat64(value float64) testCase { + var bytes [8]byte + binary.BigEndian.PutUint64(bytes[:], math.Float64bits(value)) + return testCase{ + title: fmt.Sprintf("expected float64 %v", value), + value: float64(value), + bytes: bytes[:], + } +} + +func TestFloat32(t *testing.T) { + doTest(t, Float32, 4, 4, []testCase{ + { + title: "No data", + value: float64(0), + err: true, + }, + { + title: "No data 3", + bytes: []byte{1, 2, 3}, + value: float64(0), + err: true, + }, + { + title: "No extra precision", + bytes: []byte{1, 2, 3, 4, 5, 6, 7, 8}, + value: float64(0), + err: true, + }, + makeFloat32(0.0), + makeFloat32(-1.0), + makeFloat32(1.0), + makeFloat32(1.0 / 256.0), + makeFloat32(-123.25), + makeFloat32(math.Pi), + makeFloat32(math.MaxFloat32), + }) +} + +func TestFloat64(t *testing.T) { + doTest(t, Float64, 4, 8, []testCase{ + { + title: "No data", + value: float64(0), + err: true, + }, + { + title: "No data 3", + bytes: []byte{1, 2, 3}, + value: float64(0), + err: true, + }, + { + title: "No data 5", + bytes: []byte{1, 2, 3, 4, 5}, + value: float64(0), + err: true, + }, + makeFloat32(0.0), + makeFloat32(-1.0), + makeFloat32(1.0), + makeFloat32(1.0 / 256.0), + makeFloat32(-123.25), + makeFloat32(math.Pi), + makeFloat32(math.MaxFloat32), + makeFloat64(0.0), + makeFloat64(math.Pi), + makeFloat64(math.MaxFloat64), + makeFloat64(1.1), + }) +} + +func TestBoolean(t *testing.T) { + doTest(t, Boolean, 1, 1, []testCase{ + { + title: "No data", + value: false, + err: true, + }, + { + title: "Bad false 0", + value: false, + bytes: []byte{0}, + err: true, + }, + { + title: "True", + value: true, + bytes: []byte{1}, + }, + { + title: "false", + value: false, + bytes: []byte{2}, + }, + { + title: "bad true", + value: false, + bytes: []byte{3}, + err: true, + }, + { + title: "extra bytes", + value: false, + bytes: []byte{2, 2}, + err: true, + }, + }) +} + +func TestMacAddress(t *testing.T) { + doTest(t, MacAddress, 6, 6, []testCase{ + { + title: "No data", + bytes: []byte{}, + value: net.HardwareAddr{}, + err: true, + }, + { + title: "Not enough", + bytes: []byte{0, 1, 2, 3, 4}, + value: net.HardwareAddr{}, + err: true, + }, + { + title: "Generic MAC", + bytes: []byte{1, 2, 3, 4, 5, 6}, + value: net.HardwareAddr{0x1, 0x2, 0x3, 0x4, 0x5, 0x6}, + strValue: "01:02:03:04:05:06", + }, + { + title: "Excess", + bytes: []byte{0, 1, 2, 3, 4, 5, 6}, + value: net.HardwareAddr{}, + err: true, + }, + }) +} + +func TestString(t *testing.T) { + allAs := make([]byte, math.MaxUint16) + for i := range allAs { + allAs[i] = 'A' + } + doTest(t, String, 0, math.MaxUint16, []testCase{ + { + title: "Empty string", + bytes: []byte{}, + value: "", + }, + { + title: "Hello world", + bytes: []byte("hello world"), + value: "hello world", + }, + { + title: "Single char", + bytes: []byte{49}, + value: "1", + }, + { + title: "Max length", + bytes: allAs, + value: string(allAs), + }, + { + title: "Zero byte stripped", + bytes: []byte{0}, + value: "", + }, + { + title: "UTF-8", + bytes: []byte{227, 128, 140, 230, 173, 187, 231, 165, 158, 227, 129, 175, 32, 227, 131, 170, 227, 131, 179, 227, 130, 180, 227, 129, 151, 227, 129, 139, 233, 163, 159, 227, 129, 185, 227, 129, 170, 227, 129, 132, 227, 128, 141}, + value: "「死神㯠リンゴã—ã‹é£Ÿã¹ãªã„ã€", + }, + { + title: "Valid 2 Octet Sequence", + bytes: []byte("\xc3\xb1"), + value: "ñ", + }, + { + title: "Invalid 2 Octet Sequence", + bytes: []byte("\xc3\x28"), + value: "\xc3(", + }, + { + title: "Invalid Sequence Identifier", + bytes: []byte("\xa0\xa1"), + value: "\xa0\xa1", + }, + { + title: "Valid 3 Octet Sequence", + bytes: []byte("\xe2\x82\xa1"), + value: "â‚¡", + }, + { + title: "Invalid 3 Octet Sequence (in 2nd Octet)", + bytes: []byte("\xe2\x28\xa1"), + value: "\xe2(\xa1", + }, + { + title: "Invalid 3 Octet Sequence (in 3rd Octet)", + bytes: []byte("\xe2\x82\x28"), + value: "\xe2\x82(", + }, + { + title: "Valid 4 Octet Sequence", + bytes: []byte("\xf0\x90\x8c\xbc"), + value: "ðŒ¼", + }, + { + title: "Invalid 4 Octet Sequence (in 2nd Octet)", + bytes: []byte("\xf0\x28\x8c\xbc"), + value: "\xf0(\x8c\xbc", + }, + { + title: "Invalid 4 Octet Sequence (in 3rd Octet)", + bytes: []byte("\xf0\x90\x28\xbc"), + value: "\xf0\x90(\xbc", + }, + { + title: "Invalid 4 Octet Sequence (in 4th Octet)", + bytes: []byte("\xf0\x28\x8c\x28"), + value: "\xf0(\x8c(", + }, + { + title: "Valid 5 Octet Sequence (but not Unicode!)", + bytes: []byte("\xf8\xa1\xa1\xa1\xa1"), + value: "\xf8\xa1\xa1\xa1\xa1", + }, + { + title: "Valid 6 Octet Sequence (but not Unicode!)", + bytes: []byte("\xfc\xa1\xa1\xa1\xa1\xa1"), + value: "\xfc\xa1\xa1\xa1\xa1\xa1", + }, + { + title: "strip trailing nulls", + bytes: []byte("Hello world\000\000\000\000\000"), + value: "Hello world", + }, + { + title: "don't strip non-trailing nulls", + bytes: []byte("\000Hello\000world\000"), + value: "\000Hello\000world", + }, + }) +} + +func TestDateTimeSeconds(t *testing.T) { + timestamp := uint32(time.Now().Unix()) + var nowBytes [4]byte + binary.BigEndian.PutUint32(nowBytes[:], timestamp) + now := time.Unix(int64(timestamp), 0).UTC() + + doTest(t, DateTimeSeconds, 4, 4, []testCase{ + { + title: "Empty", + bytes: []byte{}, + value: time.Time{}, + err: true, + }, + { + title: "Not enough", + bytes: []byte{1, 2, 3}, + value: time.Time{}, + err: true, + }, + { + title: "Too much", + bytes: []byte{1, 2, 3, 4, 5}, + value: time.Time{}, + err: true, + }, + { + title: "UNIX Epoch", + bytes: []byte{0, 0, 0, 0}, + value: time.Unix(0, 0).UTC(), + strValue: "1970-01-01 00:00:00 +0000 UTC", + }, + { + title: "Now", + bytes: nowBytes[:], + value: now, + strValue: now.String(), + }, + { + title: "Max value", + bytes: []byte{255, 255, 255, 255}, + value: time.Unix(1<<32-1, 0).UTC(), + strValue: "2106-02-07 06:28:15 +0000 UTC", + }, + }) +} + +func TestDateTimeMilliseconds(t *testing.T) { + timeMillis := time.Now().UnixNano() / int64(time.Millisecond) + var nowBytes [8]byte + binary.BigEndian.PutUint64(nowBytes[:], uint64(timeMillis)) + now := time.Unix(timeMillis*int64(time.Millisecond)/int64(time.Second), (timeMillis%1000)*int64(time.Millisecond/time.Nanosecond)).UTC() + + doTest(t, DateTimeMilliseconds, 8, 8, []testCase{ + { + title: "Empty", + bytes: []byte{}, + value: time.Time{}, + err: true, + }, + { + title: "Not enough", + bytes: []byte{1, 2, 3, 4, 5, 6, 7}, + value: time.Time{}, + err: true, + }, + { + title: "Too much", + bytes: []byte{1, 2, 3, 4, 5, 6, 7, 8, 9}, + value: time.Time{}, + err: true, + }, + { + title: "UNIX Epoch", + bytes: []byte{0, 0, 0, 0, 0, 0, 0, 0}, + value: time.Unix(0, 0).UTC(), + strValue: "1970-01-01 00:00:00 +0000 UTC", + }, + { + title: "Now", + bytes: nowBytes[:], + value: now, + strValue: now.String(), + }, + { + title: "Max value (63 bits)", + bytes: []byte{127, 255, 255, 255, 255, 255, 255, 255}, + value: time.Unix(math.MaxInt64/1000, (math.MaxInt64%1000)*int64(time.Millisecond/time.Nanosecond)).UTC(), + strValue: "292278994-08-17 07:12:55.807 +0000 UTC", + }, + { + title: "Max value (64 bits)", + bytes: []byte{255, 255, 255, 255, 255, 255, 255, 255}, + value: time.Unix(math.MaxUint64/1000, (math.MaxUint64%1000)*int64(time.Millisecond/time.Nanosecond)).UTC(), + strValue: "584556019-04-03 14:25:51.615 +0000 UTC", + }, + }) +} + +func TestNTPTimestamp(t *testing.T) { + timeNow := time.Now().UTC() + secsNTP := uint32(timeNow.Unix() + int64(UnixEpochInNTP)) + fracNTP := uint32(((timeNow.UnixNano() % int64(time.Second)) << 32) / int64(time.Second)) + + // There is a small precision loss in the conversion between NTP and Time, + // need to recalculate otherwise there's a nanosecond difference (rounding?) + now := time.Unix(int64(secsNTP-UnixEpochInNTP), int64(fracNTP)*int64(time.Second)/(int64(0x100000000))).UTC() + var nowBytes [8]byte + binary.BigEndian.PutUint32(nowBytes[:4], secsNTP) + binary.BigEndian.PutUint32(nowBytes[4:], fracNTP) + + var centuryBytes [8]byte + binary.BigEndian.PutUint32(centuryBytes[:], 3155587200) + + doTest(t, DateTimeMicroseconds, 8, 8, []testCase{ + { + title: "Empty", + bytes: []byte{}, + value: time.Time{}, + err: true, + }, + { + title: "Not enough", + bytes: []byte{1, 2, 3, 4, 5, 6, 7}, + value: time.Time{}, + err: true, + }, + { + title: "Too much", + bytes: []byte{1, 2, 3, 4, 5, 6, 7, 8, 9}, + value: time.Time{}, + err: true, + }, + { + title: "NTP Epoch", + bytes: []byte{0, 0, 0, 0, 0, 0, 0, 0}, + value: NtpEpoch, + strValue: "1900-01-01 00:00:00 +0000 UTC", + }, + { + title: "Now", + bytes: nowBytes[:], + value: now, + strValue: now.String(), + }, + { + title: "Max value (64 bits)", + bytes: []byte{255, 255, 255, 255, 255, 255, 255, 255}, + value: time.Unix(int64(math.MaxUint32-UnixEpochInNTP), int64(math.MaxUint32)*int64(time.Second)/int64(1<<32)).UTC(), + strValue: "2036-02-07 06:28:15.999999999 +0000 UTC", + }, + { + title: "Last day 20th century", + bytes: centuryBytes[:], + value: time.Date(1999, 12, 31, 0, 0, 0, 0, time.UTC), + strValue: "1999-12-31 00:00:00 +0000 UTC", + }, + { + title: "Random date from NTP server", + bytes: []byte{0xdf, 0x96, 0xd0, 0x2, 0x56, 0x67, 0xf8, 0xf3}, + value: time.Date(2018, 11, 14, 16, 46, 58, 337523993, time.UTC), + strValue: "2018-11-14 16:46:58.337523993 +0000 UTC", + }, + }) +} + +func TestIPv4(t *testing.T) { + doTest(t, Ipv4Address, 4, 4, []testCase{ + { + title: "Empty", + bytes: []byte{}, + value: net.IP{}, + err: true, + }, + { + title: "Too little", + bytes: []byte{1, 2, 3}, + value: net.IP{}, + err: true, + }, + { + title: "Too much", + bytes: []byte{1, 2, 3, 4, 5}, + value: net.IP{}, + err: true, + }, + { + title: "IP address", + bytes: []byte{192, 0, 2, 135}, + value: net.IPv4(192, 0, 2, 135).To4(), + strValue: "192.0.2.135", + }, + { + title: "Zero address", + bytes: []byte{0, 0, 0, 0}, + value: net.IPv4(0, 0, 0, 0).To4(), + strValue: "0.0.0.0", + }, + { + title: "Broadcast address", + bytes: []byte{255, 255, 255, 255}, + value: net.IPv4(255, 255, 255, 255).To4(), + strValue: "255.255.255.255", + }, + }) +} + +func TestIPv6(t *testing.T) { + doTest(t, Ipv6Address, 16, 16, []testCase{ + { + title: "Empty", + bytes: []byte{}, + value: net.IP{}, + err: true, + }, + { + title: "Too little", + bytes: make([]byte, 15), + value: net.IP{}, + err: true, + }, + { + title: "Too much", + bytes: make([]byte, 17), + value: net.IP{}, + err: true, + }, + { + title: "IPv6 address", + bytes: []byte{0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0}, + value: net.ParseIP("2001:db8::1234:5678:9abc:def0"), + strValue: "2001:db8::1234:5678:9abc:def0", + }, + { + title: "Zero address", + bytes: make([]byte, 16), + value: net.ParseIP("::"), + strValue: "::", + }, + }) +} + +func TestUnsupported(t *testing.T) { + doTest(t, BasicList, 0, math.MaxUint16, []testCase{ + { + title: "Empty", + bytes: []byte{}, + err: true, + }, + { + title: "Any", + bytes: make([]byte, 15), + err: true, + }, + }) +} + +func TestACLID(t *testing.T) { + doTest(t, ACLID, 12, 12, []testCase{ + { + title: "Empty", + bytes: []byte{}, + err: true, + }, + { + title: "Sample", + bytes: []byte{ + 0x10, 0x21, 0x32, 0x43, + 0x54, 0x65, 0x76, 0x87, + 0x98, 0xA9, 0xBA, 0xCD}, + value: "10213243-54657687-98a9bacd", + }, + { + title: "Short", + bytes: []byte{ + 0x10, 0x21, 0x32, 0x43, + 0x54, 0x65, 0x76, 0x87, + 0x98, 0xA9, 0xBA}, + err: true, + }, + { + title: "Long", + bytes: []byte{ + 0x10, 0x21, 0x32, 0x43, + 0x54, 0x65, 0x76, 0x87, + 0x98, 0xA9, 0xBA, 0xCD, + 0xDF}, + err: true, + }, + }) +} diff --git a/filebeat/input/netflow/decoder/fields/zfields_assorted.go b/filebeat/input/netflow/decoder/fields/zfields_assorted.go new file mode 100644 index 00000000000..6a08743e54d --- /dev/null +++ b/filebeat/input/netflow/decoder/fields/zfields_assorted.go @@ -0,0 +1,518 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// go run gen.go +// MACHINE GENERATED BY THE ABOVE COMMAND; DO NOT EDIT. + +package fields + +var AssortedFields = FieldDict{ + Key{EnterpriseID: 637, FieldID: 91}: {Name: "natInsideSvcid", Decoder: Unsigned16}, + Key{EnterpriseID: 637, FieldID: 92}: {Name: "natOutsideSvcid", Decoder: Unsigned16}, + Key{EnterpriseID: 637, FieldID: 93}: {Name: "natSubString", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 110}: {Name: "ixiaL7AppId", Decoder: Unsigned32}, + Key{EnterpriseID: 3054, FieldID: 111}: {Name: "ixiaL7AppName", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 120}: {Name: "ixiaSrcCountryCode", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 121}: {Name: "ixiaSrcCountryName", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 122}: {Name: "ixiaSrcRegionCode", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 123}: {Name: "ixiaSrcRegionName", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 125}: {Name: "ixiaSrcCityName", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 126}: {Name: "ixiaSrcLatitude", Decoder: Float32}, + Key{EnterpriseID: 3054, FieldID: 127}: {Name: "ixiaSrcLongitude", Decoder: Float32}, + Key{EnterpriseID: 3054, FieldID: 140}: {Name: "ixiaDstCountryCode", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 141}: {Name: "ixiaDstCountryName", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 142}: {Name: "ixiaDstRegionCode", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 143}: {Name: "ixiaDstRegionNode", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 145}: {Name: "ixiaDstCityName", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 146}: {Name: "ixiaDstLatitude", Decoder: Float32}, + Key{EnterpriseID: 3054, FieldID: 147}: {Name: "ixiaDstLongitude", Decoder: Float32}, + Key{EnterpriseID: 3054, FieldID: 160}: {Name: "ixiaDeviceId", Decoder: Unsigned8}, + Key{EnterpriseID: 3054, FieldID: 161}: {Name: "ixiaDeviceName", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 162}: {Name: "ixiaBrowserId", Decoder: Unsigned8}, + Key{EnterpriseID: 3054, FieldID: 163}: {Name: "ixiaBrowserName", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 176}: {Name: "ixiaRevOctetDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 3054, FieldID: 177}: {Name: "ixiaRevPacketDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 3054, FieldID: 178}: {Name: "ixiaEncryptType", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 179}: {Name: "ixiaEncryptCipher", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 180}: {Name: "ixiaEncryptKeyLength", Decoder: Unsigned16}, + Key{EnterpriseID: 3054, FieldID: 181}: {Name: "ixiaImsiSubscriber", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 182}: {Name: "ixiaHttpUserAgent", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 183}: {Name: "ixiaHttpHostName", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 184}: {Name: "ixiaHttpUri", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 185}: {Name: "ixiaDnsRecordTxt", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 186}: {Name: "ixiaSrcAsName", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 187}: {Name: "ixiaDstAsName", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 188}: {Name: "ixiaLatency", Decoder: Unsigned32}, + Key{EnterpriseID: 3054, FieldID: 189}: {Name: "ixiaDnsQuery", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 190}: {Name: "ixiaDnsAnswer", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 191}: {Name: "ixiaDnsClasses", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 192}: {Name: "ixiaThreatType", Decoder: String}, + Key{EnterpriseID: 3054, FieldID: 193}: {Name: "ixiaThreatIPv4", Decoder: Ipv4Address}, + Key{EnterpriseID: 3054, FieldID: 194}: {Name: "ixiaThreatIPv6", Decoder: Ipv4Address}, + Key{EnterpriseID: 6876, FieldID: 880}: {Name: "vmwareTenantProtocol", Decoder: Unsigned8}, + Key{EnterpriseID: 6876, FieldID: 881}: {Name: "vmwareTenantSourceIPv4", Decoder: Ipv4Address}, + Key{EnterpriseID: 6876, FieldID: 882}: {Name: "vmwareTenantDestIPv4", Decoder: Ipv4Address}, + Key{EnterpriseID: 6876, FieldID: 883}: {Name: "vmwareTenantSourceIPv6", Decoder: Ipv6Address}, + Key{EnterpriseID: 6876, FieldID: 884}: {Name: "vmwareTenantDestIPv6", Decoder: Ipv6Address}, + Key{EnterpriseID: 6876, FieldID: 886}: {Name: "vmwareTenantSourcePort", Decoder: Unsigned16}, + Key{EnterpriseID: 6876, FieldID: 887}: {Name: "vmwareTenantDestPort", Decoder: Unsigned16}, + Key{EnterpriseID: 6876, FieldID: 888}: {Name: "vmwareEgressInterfaceAttr", Decoder: Unsigned16}, + Key{EnterpriseID: 6876, FieldID: 889}: {Name: "vmwareVxlanExportRole", Decoder: Unsigned8}, + Key{EnterpriseID: 6876, FieldID: 890}: {Name: "vmwareIngressInterfaceAttr", Decoder: Unsigned16}, + Key{EnterpriseID: 9789, FieldID: 1}: {Name: "afcProtocol", Decoder: Unsigned16}, + Key{EnterpriseID: 9789, FieldID: 2}: {Name: "afcProtocolName", Decoder: String}, + Key{EnterpriseID: 9789, FieldID: 4}: {Name: "flowDirection", Decoder: Unsigned8}, + Key{EnterpriseID: 10704, FieldID: 1}: {Name: "Timestamp", Decoder: Unsigned32}, + Key{EnterpriseID: 10704, FieldID: 2}: {Name: "LogOp", Decoder: Unsigned8}, + Key{EnterpriseID: 10704, FieldID: 3}: {Name: "TrafficType", Decoder: Unsigned8}, + Key{EnterpriseID: 10704, FieldID: 4}: {Name: "FW_Rule", Decoder: String}, + Key{EnterpriseID: 10704, FieldID: 5}: {Name: "ServiceName", Decoder: String}, + Key{EnterpriseID: 10704, FieldID: 6}: {Name: "Reason", Decoder: Unsigned32}, + Key{EnterpriseID: 10704, FieldID: 7}: {Name: "ReasonText", Decoder: String}, + Key{EnterpriseID: 10704, FieldID: 8}: {Name: "BindIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 10704, FieldID: 9}: {Name: "BindTransportPort", Decoder: Unsigned16}, + Key{EnterpriseID: 10704, FieldID: 10}: {Name: "ConnIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 10704, FieldID: 11}: {Name: "ConnTransportPort", Decoder: Unsigned16}, + Key{EnterpriseID: 10704, FieldID: 12}: {Name: "AuditCounter", Decoder: Unsigned32}, + Key{EnterpriseID: 12326, FieldID: 1}: {Name: "Timestamp", Decoder: Unsigned32}, + Key{EnterpriseID: 12326, FieldID: 2}: {Name: "LogOp", Decoder: Unsigned8}, + Key{EnterpriseID: 12326, FieldID: 3}: {Name: "TrafficType", Decoder: Unsigned8}, + Key{EnterpriseID: 12326, FieldID: 4}: {Name: "FW_Rule", Decoder: String}, + Key{EnterpriseID: 12326, FieldID: 5}: {Name: "ServiceName", Decoder: String}, + Key{EnterpriseID: 12326, FieldID: 6}: {Name: "Reason", Decoder: Unsigned32}, + Key{EnterpriseID: 12326, FieldID: 7}: {Name: "ReasonText", Decoder: String}, + Key{EnterpriseID: 12326, FieldID: 8}: {Name: "BindIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 12326, FieldID: 9}: {Name: "BindTransportPort", Decoder: Unsigned16}, + Key{EnterpriseID: 12326, FieldID: 10}: {Name: "ConnIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 12326, FieldID: 11}: {Name: "ConnTransportPort", Decoder: Unsigned16}, + Key{EnterpriseID: 12326, FieldID: 12}: {Name: "AuditCounter", Decoder: Unsigned32}, + Key{EnterpriseID: 15397, FieldID: 1}: {Name: "proceraService", Decoder: String}, + Key{EnterpriseID: 15397, FieldID: 2}: {Name: "proceraBaseService", Decoder: String}, + Key{EnterpriseID: 15397, FieldID: 3}: {Name: "proceraIncomingOctets", Decoder: Unsigned64}, + Key{EnterpriseID: 15397, FieldID: 4}: {Name: "proceraOutgoingOctets", Decoder: Unsigned64}, + Key{EnterpriseID: 15397, FieldID: 5}: {Name: "proceraIncomingPackets", Decoder: Unsigned64}, + Key{EnterpriseID: 15397, FieldID: 6}: {Name: "proceraOutgoingPackets", Decoder: Unsigned64}, + Key{EnterpriseID: 15397, FieldID: 7}: {Name: "proceraIncomingShapingLatency", Decoder: Unsigned16}, + Key{EnterpriseID: 15397, FieldID: 8}: {Name: "proceraOutgoingShapingLatency", Decoder: Unsigned16}, + Key{EnterpriseID: 15397, FieldID: 9}: {Name: "proceraIncomingShapingDrops", Decoder: Unsigned32}, + Key{EnterpriseID: 15397, FieldID: 10}: {Name: "proceraOutgoingShapingDrops", Decoder: Unsigned32}, + Key{EnterpriseID: 15397, FieldID: 11}: {Name: "proceraInternalRtt", Decoder: Signed32}, + Key{EnterpriseID: 15397, FieldID: 12}: {Name: "proceraExternalRtt", Decoder: Signed32}, + Key{EnterpriseID: 15397, FieldID: 15}: {Name: "proceraFlowBehavior", Decoder: String}, + Key{EnterpriseID: 15397, FieldID: 16}: {Name: "proceraContentCategories", Decoder: String}, + Key{EnterpriseID: 15397, FieldID: 17}: {Name: "proceraProperty", Decoder: String}, + Key{EnterpriseID: 15397, FieldID: 18}: {Name: "proceraServerHostname", Decoder: String}, + Key{EnterpriseID: 15397, FieldID: 19}: {Name: "proceraHttpRequestMethod", Decoder: String}, + Key{EnterpriseID: 15397, FieldID: 20}: {Name: "proceraHttpUserAgent", Decoder: String}, + Key{EnterpriseID: 15397, FieldID: 21}: {Name: "proceraHttpContentType", Decoder: String}, + Key{EnterpriseID: 15397, FieldID: 22}: {Name: "proceraHttpUrl", Decoder: String}, + Key{EnterpriseID: 15397, FieldID: 23}: {Name: "proceraHttpReferer", Decoder: String}, + Key{EnterpriseID: 15397, FieldID: 24}: {Name: "proceraHttpResponseStatus", Decoder: Unsigned16}, + Key{EnterpriseID: 15397, FieldID: 25}: {Name: "proceraHttpFileLength", Decoder: Unsigned32}, + Key{EnterpriseID: 15397, FieldID: 26}: {Name: "proceraHttpLocation", Decoder: String}, + Key{EnterpriseID: 15397, FieldID: 27}: {Name: "proceraHttpLanguage", Decoder: String}, + Key{EnterpriseID: 15397, FieldID: 28}: {Name: "proceraSubscriberIdentifier", Decoder: String}, + Key{EnterpriseID: 15397, FieldID: 29}: {Name: "proceraMsisdn", Decoder: Unsigned64}, + Key{EnterpriseID: 15397, FieldID: 30}: {Name: "proceraImsi", Decoder: Unsigned64}, + Key{EnterpriseID: 15397, FieldID: 31}: {Name: "proceraRat", Decoder: String}, + Key{EnterpriseID: 15397, FieldID: 32}: {Name: "proceraDeviceId", Decoder: Unsigned64}, + Key{EnterpriseID: 15397, FieldID: 33}: {Name: "proceraSgsn", Decoder: String}, + Key{EnterpriseID: 15397, FieldID: 34}: {Name: "proceraRnc", Decoder: Unsigned16}, + Key{EnterpriseID: 15397, FieldID: 35}: {Name: "proceraApn", Decoder: String}, + Key{EnterpriseID: 15397, FieldID: 36}: {Name: "proceraUserLocationInformation", Decoder: String}, + Key{EnterpriseID: 15397, FieldID: 37}: {Name: "proceraGgsn", Decoder: String}, + Key{EnterpriseID: 15397, FieldID: 38}: {Name: "proceraQoeIncomingInternal", Decoder: Float32}, + Key{EnterpriseID: 15397, FieldID: 39}: {Name: "proceraQoeIncomingExternal", Decoder: Float32}, + Key{EnterpriseID: 15397, FieldID: 40}: {Name: "proceraQoeOutgoingInternal", Decoder: Float32}, + Key{EnterpriseID: 15397, FieldID: 41}: {Name: "proceraQoeOutgoingExternal", Decoder: Float32}, + Key{EnterpriseID: 15397, FieldID: 42}: {Name: "proceraLocalIPv4Host", Decoder: Ipv4Address}, + Key{EnterpriseID: 15397, FieldID: 43}: {Name: "proceraLocalIPv6Host", Decoder: Ipv6Address}, + Key{EnterpriseID: 15397, FieldID: 44}: {Name: "proceraRemoteIPv4Host", Decoder: Ipv4Address}, + Key{EnterpriseID: 15397, FieldID: 45}: {Name: "proceraRemoteIPv6Host", Decoder: Ipv6Address}, + Key{EnterpriseID: 15397, FieldID: 46}: {Name: "proceraHttpRequestVersion", Decoder: String}, + Key{EnterpriseID: 15397, FieldID: 47}: {Name: "proceraTemplateName", Decoder: String}, + Key{EnterpriseID: 21373, FieldID: 4}: {Name: "mark", Decoder: Unsigned32}, + Key{EnterpriseID: 21373, FieldID: 6}: {Name: "conntrack_id", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 1}: {Name: "reverseOctetDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 2}: {Name: "reversePacketDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 3}: {Name: "reverseDeltaFlowCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 4}: {Name: "reverseProtocolIdentifier", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 5}: {Name: "reverseIpClassOfService", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 6}: {Name: "reverseTcpControlBits", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 7}: {Name: "reverseSourceTransportPort", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 8}: {Name: "reverseSourceIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 29305, FieldID: 9}: {Name: "reverseSourceIPv4PrefixLength", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 10}: {Name: "reverseIngressInterface", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 11}: {Name: "reverseDestinationTransportPort", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 12}: {Name: "reverseDestinationIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 29305, FieldID: 13}: {Name: "reverseDestinationIPv4PrefixLength", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 14}: {Name: "reverseEgressInterface", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 15}: {Name: "reverseIpNextHopIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 29305, FieldID: 16}: {Name: "reverseBgpSourceAsNumber", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 17}: {Name: "reverseBgpDestinationAsNumber", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 18}: {Name: "reverseBgpNextHopIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 29305, FieldID: 19}: {Name: "reversePostMCastPacketDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 20}: {Name: "reversePostMCastOctetDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 21}: {Name: "reverseFlowEndSysUpTime", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 22}: {Name: "reverseFlowStartSysUpTime", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 23}: {Name: "reversePostOctetDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 24}: {Name: "reversePostPacketDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 25}: {Name: "reverseMinimumIpTotalLength", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 26}: {Name: "reverseMaximumIpTotalLength", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 27}: {Name: "reverseSourceIPv6Address", Decoder: Ipv6Address}, + Key{EnterpriseID: 29305, FieldID: 28}: {Name: "reverseDestinationIPv6Address", Decoder: Ipv6Address}, + Key{EnterpriseID: 29305, FieldID: 29}: {Name: "reverseSourceIPv6PrefixLength", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 30}: {Name: "reverseDestinationIPv6PrefixLength", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 31}: {Name: "reverseFlowLabelIPv6", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 32}: {Name: "reverseIcmpTypeCodeIPv4", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 33}: {Name: "reverseIgmpType", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 34}: {Name: "reverseSamplingInterval", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 35}: {Name: "reverseSamplingAlgorithm", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 36}: {Name: "reverseFlowActiveTimeout", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 37}: {Name: "reverseFlowIdleTimeout", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 38}: {Name: "reverseEngineType", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 39}: {Name: "reverseEngineId", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 43}: {Name: "reverseIpv4RouterSc", Decoder: Ipv4Address}, + Key{EnterpriseID: 29305, FieldID: 44}: {Name: "reverseSourceIPv4Prefix", Decoder: Ipv4Address}, + Key{EnterpriseID: 29305, FieldID: 45}: {Name: "reverseDestinationIPv4Prefix", Decoder: Ipv4Address}, + Key{EnterpriseID: 29305, FieldID: 46}: {Name: "reverseMplsTopLabelType", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 47}: {Name: "reverseMplsTopLabelIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 29305, FieldID: 48}: {Name: "reverseSamplerId", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 49}: {Name: "reverseSamplerMode", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 50}: {Name: "reverseSamplerRandomInterval", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 51}: {Name: "reverseClassId", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 52}: {Name: "reverseMinimumTTL", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 53}: {Name: "reverseMaximumTTL", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 54}: {Name: "reverseFragmentIdentification", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 55}: {Name: "reversePostIpClassOfService", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 56}: {Name: "reverseSourceMacAddress", Decoder: MacAddress}, + Key{EnterpriseID: 29305, FieldID: 57}: {Name: "reversePostDestinationMacAddress", Decoder: MacAddress}, + Key{EnterpriseID: 29305, FieldID: 58}: {Name: "reverseVlanId", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 59}: {Name: "reversePostVlanId", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 60}: {Name: "reverseIpVersion", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 61}: {Name: "reverseFlowDirection", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 62}: {Name: "reverseIpNextHopIPv6Address", Decoder: Ipv6Address}, + Key{EnterpriseID: 29305, FieldID: 63}: {Name: "reverseBgpNextHopIPv6Address", Decoder: Ipv6Address}, + Key{EnterpriseID: 29305, FieldID: 64}: {Name: "reverseIpv6ExtensionHeaders", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 70}: {Name: "reverseMplsTopLabelStackSection", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 71}: {Name: "reverseMplsLabelStackSection2", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 72}: {Name: "reverseMplsLabelStackSection3", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 73}: {Name: "reverseMplsLabelStackSection4", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 74}: {Name: "reverseMplsLabelStackSection5", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 75}: {Name: "reverseMplsLabelStackSection6", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 76}: {Name: "reverseMplsLabelStackSection7", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 77}: {Name: "reverseMplsLabelStackSection8", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 78}: {Name: "reverseMplsLabelStackSection9", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 79}: {Name: "reverseMplsLabelStackSection10", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 80}: {Name: "reverseDestinationMacAddress", Decoder: MacAddress}, + Key{EnterpriseID: 29305, FieldID: 81}: {Name: "reversePostSourceMacAddress", Decoder: MacAddress}, + Key{EnterpriseID: 29305, FieldID: 82}: {Name: "reverseInterfaceName", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 83}: {Name: "reverseInterfaceDescription", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 84}: {Name: "reverseSamplerName", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 85}: {Name: "reverseOctetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 86}: {Name: "reversePacketTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 87}: {Name: "reverseFlagsAndSamplerId", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 88}: {Name: "reverseFragmentOffset", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 89}: {Name: "reverseForwardingStatus", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 90}: {Name: "reverseMplsVpnRouteDistinguisher", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 91}: {Name: "reverseMplsTopLabelPrefixLength", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 92}: {Name: "reverseSrcTrafficIndex", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 93}: {Name: "reverseDstTrafficIndex", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 94}: {Name: "reverseApplicationDescription", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 95}: {Name: "reverseApplicationId", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 96}: {Name: "reverseApplicationName", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 98}: {Name: "reversePostIpDiffServCodePoint", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 99}: {Name: "reverseMulticastReplicationFactor", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 100}: {Name: "reverseClassName", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 101}: {Name: "reverseClassificationEngineId", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 102}: {Name: "reverseLayer2packetSectionOffset", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 103}: {Name: "reverseLayer2packetSectionSize", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 104}: {Name: "reverseLayer2packetSectionData", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 128}: {Name: "reverseBgpNextAdjacentAsNumber", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 129}: {Name: "reverseBgpPrevAdjacentAsNumber", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 132}: {Name: "reverseDroppedOctetDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 133}: {Name: "reverseDroppedPacketDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 134}: {Name: "reverseDroppedOctetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 135}: {Name: "reverseDroppedPacketTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 136}: {Name: "reverseFlowEndReason", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 138}: {Name: "reverseObservationPointId", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 139}: {Name: "reverseIcmpTypeCodeIPv6", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 140}: {Name: "reverseMplsTopLabelIPv6Address", Decoder: Ipv6Address}, + Key{EnterpriseID: 29305, FieldID: 141}: {Name: "reverseLineCardId", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 142}: {Name: "reversePortId", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 143}: {Name: "reverseMeteringProcessId", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 144}: {Name: "reverseExportingProcessId", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 146}: {Name: "reverseWlanChannelId", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 147}: {Name: "reverseWlanSSID", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 150}: {Name: "reverseFlowStartSeconds", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 151}: {Name: "reverseFlowEndSeconds", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 152}: {Name: "reverseFlowStartMilliseconds", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 153}: {Name: "reverseFlowEndMilliseconds", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 154}: {Name: "reverseFlowStartMicroseconds", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 155}: {Name: "reverseFlowEndMicroseconds", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 156}: {Name: "reverseFlowStartNanoseconds", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 157}: {Name: "reverseFlowEndNanoseconds", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 158}: {Name: "reverseFlowStartDeltaMicroseconds", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 159}: {Name: "reverseFlowEndDeltaMicroseconds", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 160}: {Name: "reverseSystemInitTimeMilliseconds", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 161}: {Name: "reverseFlowDurationMilliseconds", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 162}: {Name: "reverseFlowDurationMicroseconds", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 169}: {Name: "reverseDestinationIPv6Prefix", Decoder: Ipv6Address}, + Key{EnterpriseID: 29305, FieldID: 170}: {Name: "reverseSourceIPv6Prefix", Decoder: Ipv6Address}, + Key{EnterpriseID: 29305, FieldID: 171}: {Name: "reversePostOctetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 172}: {Name: "reversePostPacketTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 174}: {Name: "reversePostMCastPacketTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 175}: {Name: "reversePostMCastOctetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 176}: {Name: "reverseIcmpTypeIPv4", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 177}: {Name: "reverseIcmpCodeIPv4", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 178}: {Name: "reverseIcmpTypeIPv6", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 179}: {Name: "reverseIcmpCodeIPv6", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 180}: {Name: "reverseUdpSourcePort", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 181}: {Name: "reverseUdpDestinationPort", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 182}: {Name: "reverseTcpSourcePort", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 183}: {Name: "reverseTcpDestinationPort", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 184}: {Name: "reverseTcpSequenceNumber", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 185}: {Name: "reverseTcpAcknowledgementNumber", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 186}: {Name: "reverseTcpWindowSize", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 187}: {Name: "reverseTcpUrgentPointer", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 188}: {Name: "reverseTcpHeaderLength", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 189}: {Name: "reverseIpHeaderLength", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 190}: {Name: "reverseTotalLengthIPv4", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 191}: {Name: "reversePayloadLengthIPv6", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 192}: {Name: "reverseIpTTL", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 193}: {Name: "reverseNextHeaderIPv6", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 194}: {Name: "reverseMplsPayloadLength", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 195}: {Name: "reverseIpDiffServCodePoint", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 196}: {Name: "reverseIpPrecedence", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 197}: {Name: "reverseFragmentFlags", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 198}: {Name: "reverseOctetDeltaSumOfSquares", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 199}: {Name: "reverseOctetTotalSumOfSquares", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 200}: {Name: "reverseMplsTopLabelTTL", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 201}: {Name: "reverseMplsLabelStackLength", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 202}: {Name: "reverseMplsLabelStackDepth", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 203}: {Name: "reverseMplsTopLabelExp", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 204}: {Name: "reverseIpPayloadLength", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 205}: {Name: "reverseUdpMessageLength", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 206}: {Name: "reverseIsMulticast", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 207}: {Name: "reverseIpv4IHL", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 208}: {Name: "reverseIpv4Options", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 209}: {Name: "reverseTcpOptions", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 218}: {Name: "reverseTcpSynTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 219}: {Name: "reverseTcpFinTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 220}: {Name: "reverseTcpRstTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 221}: {Name: "reverseTcpPshTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 222}: {Name: "reverseTcpAckTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 223}: {Name: "reverseTcpUrgTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 224}: {Name: "reverseIpTotalLength", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 225}: {Name: "reversePostNATSourceIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 29305, FieldID: 226}: {Name: "reversePostNATDestinationIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 29305, FieldID: 227}: {Name: "reversePostNAPTSourceTransportPort", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 228}: {Name: "reversePostNAPTDestinationTransportPort", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 229}: {Name: "reverseNatOriginatingAddressRealm", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 230}: {Name: "reverseNatEvent", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 231}: {Name: "reverseInitiatorOctets", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 232}: {Name: "reverseResponderOctets", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 233}: {Name: "reverseFirewallEvent", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 234}: {Name: "reverseIngressVRFID", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 235}: {Name: "reverseEgressVRFID", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 236}: {Name: "reverseVRFname", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 237}: {Name: "reversePostMplsTopLabelExp", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 238}: {Name: "reverseTcpWindowScale", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 240}: {Name: "reverseEthernetHeaderLength", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 241}: {Name: "reverseEthernetPayloadLength", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 242}: {Name: "reverseEthernetTotalLength", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 243}: {Name: "reverseDot1qVlanId", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 244}: {Name: "reverseDot1qPriority", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 245}: {Name: "reverseDot1qCustomerVlanId", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 246}: {Name: "reverseDot1qCustomerPriority", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 247}: {Name: "reverseMetroEvcId", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 248}: {Name: "reverseMetroEvcType", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 249}: {Name: "reversePseudoWireId", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 250}: {Name: "reversePseudoWireType", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 251}: {Name: "reversePseudoWireControlWord", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 252}: {Name: "reverseIngressPhysicalInterface", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 253}: {Name: "reverseEgressPhysicalInterface", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 254}: {Name: "reversePostDot1qVlanId", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 255}: {Name: "reversePostDot1qCustomerVlanId", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 256}: {Name: "reverseEthernetType", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 257}: {Name: "reversePostIpPrecedence", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 258}: {Name: "reverseCollectionTimeMilliseconds", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 259}: {Name: "reverseExportSctpStreamId", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 260}: {Name: "reverseMaxExportSeconds", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 261}: {Name: "reverseMaxFlowEndSeconds", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 262}: {Name: "reverseMessageMD5Checksum", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 263}: {Name: "reverseMessageScope", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 264}: {Name: "reverseMinExportSeconds", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 265}: {Name: "reverseMinFlowStartSeconds", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 266}: {Name: "reverseOpaqueOctets", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 267}: {Name: "reverseSessionScope", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 268}: {Name: "reverseMaxFlowEndMicroseconds", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 269}: {Name: "reverseMaxFlowEndMilliseconds", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 270}: {Name: "reverseMaxFlowEndNanoseconds", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 271}: {Name: "reverseMinFlowStartMicroseconds", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 272}: {Name: "reverseMinFlowStartMilliseconds", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 273}: {Name: "reverseMinFlowStartNanoseconds", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 274}: {Name: "reverseCollectorCertificate", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 275}: {Name: "reverseExporterCertificate", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 276}: {Name: "reverseDataRecordsReliability", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 277}: {Name: "reverseObservationPointType", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 278}: {Name: "reverseNewConnectionDeltaCount", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 279}: {Name: "reverseConnectionSumDurationSeconds", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 280}: {Name: "reverseConnectionTransactionId", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 281}: {Name: "reversePostNATSourceIPv6Address", Decoder: Ipv6Address}, + Key{EnterpriseID: 29305, FieldID: 282}: {Name: "reversePostNATDestinationIPv6Address", Decoder: Ipv6Address}, + Key{EnterpriseID: 29305, FieldID: 283}: {Name: "reverseNatPoolId", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 284}: {Name: "reverseNatPoolName", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 285}: {Name: "reverseAnonymizationFlags", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 286}: {Name: "reverseAnonymizationTechnique", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 287}: {Name: "reverseInformationElementIndex", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 288}: {Name: "reverseP2pTechnology", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 289}: {Name: "reverseTunnelTechnology", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 290}: {Name: "reverseEncryptedTechnology", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 294}: {Name: "reverseBgpValidityState", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 295}: {Name: "reverseIPSecSPI", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 296}: {Name: "reverseGreKey", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 297}: {Name: "reverseNatType", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 298}: {Name: "reverseInitiatorPackets", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 299}: {Name: "reverseResponderPackets", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 300}: {Name: "reverseObservationDomainName", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 301}: {Name: "reverseSelectionSequenceId", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 302}: {Name: "reverseSelectorId", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 303}: {Name: "reverseInformationElementId", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 304}: {Name: "reverseSelectorAlgorithm", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 305}: {Name: "reverseSamplingPacketInterval", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 306}: {Name: "reverseSamplingPacketSpace", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 307}: {Name: "reverseSamplingTimeInterval", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 308}: {Name: "reverseSamplingTimeSpace", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 309}: {Name: "reverseSamplingSize", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 310}: {Name: "reverseSamplingPopulation", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 311}: {Name: "reverseSamplingProbability", Decoder: Float64}, + Key{EnterpriseID: 29305, FieldID: 312}: {Name: "reverseDataLinkFrameSize", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 313}: {Name: "reverseIpHeaderPacketSection", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 314}: {Name: "reverseIpPayloadPacketSection", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 315}: {Name: "reverseDataLinkFrameSection", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 316}: {Name: "reverseMplsLabelStackSection", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 317}: {Name: "reverseMplsPayloadPacketSection", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 318}: {Name: "reverseSelectorIdTotalPktsObserved", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 319}: {Name: "reverseSelectorIdTotalPktsSelected", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 320}: {Name: "reverseAbsoluteError", Decoder: Float64}, + Key{EnterpriseID: 29305, FieldID: 321}: {Name: "reverseRelativeError", Decoder: Float64}, + Key{EnterpriseID: 29305, FieldID: 322}: {Name: "reverseObservationTimeSeconds", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 323}: {Name: "reverseObservationTimeMilliseconds", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 324}: {Name: "reverseObservationTimeMicroseconds", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 325}: {Name: "reverseObservationTimeNanoseconds", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 326}: {Name: "reverseDigestHashValue", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 327}: {Name: "reverseHashIPPayloadOffset", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 328}: {Name: "reverseHashIPPayloadSize", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 329}: {Name: "reverseHashOutputRangeMin", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 330}: {Name: "reverseHashOutputRangeMax", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 331}: {Name: "reverseHashSelectedRangeMin", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 332}: {Name: "reverseHashSelectedRangeMax", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 333}: {Name: "reverseHashDigestOutput", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 334}: {Name: "reverseHashInitialiserValue", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 335}: {Name: "reverseSelectorName", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 336}: {Name: "reverseUpperCILimit", Decoder: Float64}, + Key{EnterpriseID: 29305, FieldID: 337}: {Name: "reverseLowerCILimit", Decoder: Float64}, + Key{EnterpriseID: 29305, FieldID: 338}: {Name: "reverseConfidenceLevel", Decoder: Float64}, + Key{EnterpriseID: 29305, FieldID: 339}: {Name: "reverseInformationElementDataType", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 340}: {Name: "reverseInformationElementDescription", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 341}: {Name: "reverseInformationElementName", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 342}: {Name: "reverseInformationElementRangeBegin", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 343}: {Name: "reverseInformationElementRangeEnd", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 344}: {Name: "reverseInformationElementSemantics", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 345}: {Name: "reverseInformationElementUnits", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 346}: {Name: "reversePrivateEnterpriseNumber", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 347}: {Name: "reverseVirtualStationInterfaceId", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 348}: {Name: "reverseVirtualStationInterfaceName", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 349}: {Name: "reverseVirtualStationUUID", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 350}: {Name: "reverseVirtualStationName", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 351}: {Name: "reverseLayer2SegmentId", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 352}: {Name: "reverseLayer2OctetDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 353}: {Name: "reverseLayer2OctetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 354}: {Name: "reverseIngressUnicastPacketTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 355}: {Name: "reverseIngressMulticastPacketTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 356}: {Name: "reverseIngressBroadcastPacketTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 357}: {Name: "reverseEgressUnicastPacketTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 358}: {Name: "reverseEgressBroadcastPacketTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 359}: {Name: "reverseMonitoringIntervalStartMilliSeconds", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 360}: {Name: "reverseMonitoringIntervalEndMilliSeconds", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 361}: {Name: "reversePortRangeStart", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 362}: {Name: "reversePortRangeEnd", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 363}: {Name: "reversePortRangeStepSize", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 364}: {Name: "reversePortRangeNumPorts", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 365}: {Name: "reverseStaMacAddress", Decoder: MacAddress}, + Key{EnterpriseID: 29305, FieldID: 366}: {Name: "reverseStaIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 29305, FieldID: 367}: {Name: "reverseWtpMacAddress", Decoder: MacAddress}, + Key{EnterpriseID: 29305, FieldID: 368}: {Name: "reverseIngressInterfaceType", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 369}: {Name: "reverseEgressInterfaceType", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 370}: {Name: "reverseRtpSequenceNumber", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 371}: {Name: "reverseUserName", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 372}: {Name: "reverseApplicationCategoryName", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 373}: {Name: "reverseApplicationSubCategoryName", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 374}: {Name: "reverseApplicationGroupName", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 375}: {Name: "reverseOriginalFlowsPresent", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 376}: {Name: "reverseOriginalFlowsInitiated", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 377}: {Name: "reverseOriginalFlowsCompleted", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 378}: {Name: "reverseDistinctCountOfSourceIPAddress", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 379}: {Name: "reverseDistinctCountOfDestinationIPAddress", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 380}: {Name: "reverseDistinctCountOfSourceIPv4Address", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 381}: {Name: "reverseDistinctCountOfDestinationIPv4Address", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 382}: {Name: "reverseDistinctCountOfSourceIPv6Address", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 383}: {Name: "reverseDistinctCountOfDestinationIPv6Address", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 384}: {Name: "reverseValueDistributionMethod", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 385}: {Name: "reverseRfc3550JitterMilliseconds", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 386}: {Name: "reverseRfc3550JitterMicroseconds", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 387}: {Name: "reverseRfc3550JitterNanoseconds", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 388}: {Name: "reverseDot1qDEI", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 389}: {Name: "reverseDot1qCustomerDEI", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 390}: {Name: "reverseFlowSelectorAlgorithm", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 391}: {Name: "reverseFlowSelectedOctetDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 392}: {Name: "reverseFlowSelectedPacketDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 393}: {Name: "reverseFlowSelectedFlowDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 394}: {Name: "reverseSelectorIDTotalFlowsObserved", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 395}: {Name: "reverseSelectorIDTotalFlowsSelected", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 396}: {Name: "reverseSamplingFlowInterval", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 397}: {Name: "reverseSamplingFlowSpacing", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 398}: {Name: "reverseFlowSamplingTimeInterval", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 399}: {Name: "reverseFlowSamplingTimeSpacing", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 400}: {Name: "reverseHashFlowDomain", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 401}: {Name: "reverseTransportOctetDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 402}: {Name: "reverseTransportPacketDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 403}: {Name: "reverseOriginalExporterIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 29305, FieldID: 404}: {Name: "reverseOriginalExporterIPv6Address", Decoder: Ipv6Address}, + Key{EnterpriseID: 29305, FieldID: 405}: {Name: "reverseOriginalObservationDomainId", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 406}: {Name: "reverseIntermediateProcessId", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 407}: {Name: "reverseIgnoredDataRecordTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 408}: {Name: "reverseDataLinkFrameType", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 409}: {Name: "reverseSectionOffset", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 410}: {Name: "reverseSectionExportedOctets", Decoder: Unsigned16}, + Key{EnterpriseID: 29305, FieldID: 411}: {Name: "reverseDot1qServiceInstanceTag", Decoder: String}, + Key{EnterpriseID: 29305, FieldID: 412}: {Name: "reverseDot1qServiceInstanceId", Decoder: Unsigned32}, + Key{EnterpriseID: 29305, FieldID: 413}: {Name: "reverseDot1qServiceInstancePriority", Decoder: Unsigned8}, + Key{EnterpriseID: 29305, FieldID: 414}: {Name: "reverseDot1qCustomerSourceMacAddress", Decoder: MacAddress}, + Key{EnterpriseID: 29305, FieldID: 415}: {Name: "reverseDot1qCustomerDestinationMacAddress", Decoder: MacAddress}, + Key{EnterpriseID: 29305, FieldID: 417}: {Name: "reversePostLayer2OctetDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 418}: {Name: "reversePostMCastLayer2OctetDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 420}: {Name: "reversePostLayer2OctetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 421}: {Name: "reversePostMCastLayer2OctetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 422}: {Name: "reverseMinimumLayer2TotalLength", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 423}: {Name: "reverseMaximumLayer2TotalLength", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 424}: {Name: "reverseDroppedLayer2OctetDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 425}: {Name: "reverseDroppedLayer2OctetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 426}: {Name: "reverseIgnoredLayer2OctetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 427}: {Name: "reverseNotSentLayer2OctetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 428}: {Name: "reverseLayer2OctetDeltaSumOfSquares", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 429}: {Name: "reverseLayer2OctetTotalSumOfSquares", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 430}: {Name: "reverseLayer2FrameDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 431}: {Name: "reverseLayer2FrameTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 29305, FieldID: 432}: {Name: "reversePseudoWireDestinationIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 29305, FieldID: 433}: {Name: "reverseIgnoredLayer2FrameTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 41916, FieldID: 4321}: {Name: "viptelaVPNId", Decoder: Unsigned64}, +} + +func init() { + if err := RegisterGlobalFields(AssortedFields); err != nil { + panic(err) + } +} diff --git a/filebeat/input/netflow/decoder/fields/zfields_cert.go b/filebeat/input/netflow/decoder/fields/zfields_cert.go new file mode 100644 index 00000000000..1c65b784550 --- /dev/null +++ b/filebeat/input/netflow/decoder/fields/zfields_cert.go @@ -0,0 +1,115 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// go run gen.go +// MACHINE GENERATED BY THE ABOVE COMMAND; DO NOT EDIT. + +package fields + +var CertFields = FieldDict{ + Key{EnterpriseID: 6871, FieldID: 14}: {Name: "initialTCPFlags", Decoder: Unsigned8}, + Key{EnterpriseID: 6871, FieldID: 15}: {Name: "unionTCPFlags", Decoder: Unsigned8}, + Key{EnterpriseID: 6871, FieldID: 18}: {Name: "payload", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 21}: {Name: "reverseFlowDeltaMilliseconds", Decoder: Unsigned32}, + Key{EnterpriseID: 6871, FieldID: 33}: {Name: "silkAppLabel", Decoder: Unsigned16}, + Key{EnterpriseID: 6871, FieldID: 35}: {Name: "payloadEntropy", Decoder: Unsigned8}, + Key{EnterpriseID: 6871, FieldID: 36}: {Name: "osName", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 37}: {Name: "osVersion", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 38}: {Name: "firstPacketBanner", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 39}: {Name: "secondPacketBanner", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 40}: {Name: "flowAttributes", Decoder: Unsigned16}, + Key{EnterpriseID: 6871, FieldID: 100}: {Name: "expiredFragmentCount", Decoder: Unsigned32}, + Key{EnterpriseID: 6871, FieldID: 101}: {Name: "assembledFragmentCount", Decoder: Unsigned32}, + Key{EnterpriseID: 6871, FieldID: 102}: {Name: "meanFlowRate", Decoder: Unsigned32}, + Key{EnterpriseID: 6871, FieldID: 103}: {Name: "meanPacketRate", Decoder: Unsigned32}, + Key{EnterpriseID: 6871, FieldID: 104}: {Name: "flowTableFlushEventCount", Decoder: Unsigned32}, + Key{EnterpriseID: 6871, FieldID: 105}: {Name: "flowTablePeakCount", Decoder: Unsigned32}, + Key{EnterpriseID: 6871, FieldID: 107}: {Name: "osFingerPrint", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 126}: {Name: "tftpFilename", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 127}: {Name: "tftpMode", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 174}: {Name: "dnsQueryResponse", Decoder: Unsigned8}, + Key{EnterpriseID: 6871, FieldID: 175}: {Name: "dnsQRType", Decoder: Unsigned16}, + Key{EnterpriseID: 6871, FieldID: 176}: {Name: "dnsAuthoritative", Decoder: Unsigned8}, + Key{EnterpriseID: 6871, FieldID: 177}: {Name: "dnsNXDomain", Decoder: Unsigned8}, + Key{EnterpriseID: 6871, FieldID: 178}: {Name: "dnsRRSection", Decoder: Unsigned8}, + Key{EnterpriseID: 6871, FieldID: 179}: {Name: "dnsQName", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 180}: {Name: "dnsCName", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 181}: {Name: "dnsMXPreference", Decoder: Unsigned16}, + Key{EnterpriseID: 6871, FieldID: 182}: {Name: "dnsMXExchange", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 183}: {Name: "dnsNSDName", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 184}: {Name: "dnsPTRDName", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 185}: {Name: "sslCipher", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 186}: {Name: "sslClientVersion", Decoder: Unsigned8}, + Key{EnterpriseID: 6871, FieldID: 187}: {Name: "sslServerCipher", Decoder: Unsigned32}, + Key{EnterpriseID: 6871, FieldID: 188}: {Name: "sslCompressionMethod", Decoder: Unsigned8}, + Key{EnterpriseID: 6871, FieldID: 189}: {Name: "sslCertVersion", Decoder: Unsigned8}, + Key{EnterpriseID: 6871, FieldID: 190}: {Name: "sslCertSignature", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 199}: {Name: "dnsTTL", Decoder: Unsigned32}, + Key{EnterpriseID: 6871, FieldID: 208}: {Name: "dnsTXTData", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 209}: {Name: "dnsSOASerial", Decoder: Unsigned32}, + Key{EnterpriseID: 6871, FieldID: 210}: {Name: "dnsSOARefresh", Decoder: Unsigned32}, + Key{EnterpriseID: 6871, FieldID: 211}: {Name: "dnsSOARetry", Decoder: Unsigned32}, + Key{EnterpriseID: 6871, FieldID: 212}: {Name: "dnsSOAExpire", Decoder: Unsigned32}, + Key{EnterpriseID: 6871, FieldID: 213}: {Name: "dnsSOAMinimum", Decoder: Unsigned32}, + Key{EnterpriseID: 6871, FieldID: 214}: {Name: "dnsSOAMName", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 215}: {Name: "dnsSOARName", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 216}: {Name: "dnsSRVPriority", Decoder: Unsigned16}, + Key{EnterpriseID: 6871, FieldID: 217}: {Name: "dnsSRVWeight", Decoder: Unsigned16}, + Key{EnterpriseID: 6871, FieldID: 218}: {Name: "dnsSRVPort", Decoder: Unsigned16}, + Key{EnterpriseID: 6871, FieldID: 219}: {Name: "dnsSRVTarget", Decoder: Unsigned16}, + Key{EnterpriseID: 6871, FieldID: 223}: {Name: "tcpUrgTotalCount", Decoder: Unsigned32}, + Key{EnterpriseID: 6871, FieldID: 226}: {Name: "dnsID", Decoder: Unsigned16}, + Key{EnterpriseID: 6871, FieldID: 244}: {Name: "sslCertSerialNumber", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 245}: {Name: "sslObjectType", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 246}: {Name: "sslObjectValue", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 247}: {Name: "sslCertValidityNotBefore", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 248}: {Name: "sslCertValidityNotAfter", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 249}: {Name: "sslPublicKeyAlgorithm", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 250}: {Name: "sslPublicKeyLength", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 287}: {Name: "rtpPayloadType", Decoder: Unsigned8}, + Key{EnterpriseID: 6871, FieldID: 288}: {Name: "reverseRtpPayloadType", Decoder: Unsigned8}, + Key{EnterpriseID: 6871, FieldID: 289}: {Name: "mptcpInitialDataSequenceNumber", Decoder: Unsigned64}, + Key{EnterpriseID: 6871, FieldID: 290}: {Name: "mptcpReceiverToken", Decoder: Unsigned32}, + Key{EnterpriseID: 6871, FieldID: 291}: {Name: "mptcpMaximumSegmentSize", Decoder: Unsigned16}, + Key{EnterpriseID: 6871, FieldID: 292}: {Name: "mptcpAddressID", Decoder: Unsigned8}, + Key{EnterpriseID: 6871, FieldID: 293}: {Name: "mptcpFlags", Decoder: Unsigned8}, + Key{EnterpriseID: 6871, FieldID: 294}: {Name: "sslServerName", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 295}: {Name: "sslCertificateHash", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 500}: {Name: "smallPacketCount", Decoder: Unsigned32}, + Key{EnterpriseID: 6871, FieldID: 501}: {Name: "nonEmptyPacketCount", Decoder: Unsigned32}, + Key{EnterpriseID: 6871, FieldID: 502}: {Name: "dataByteCount", Decoder: Unsigned64}, + Key{EnterpriseID: 6871, FieldID: 503}: {Name: "averageInterarrivalTime", Decoder: Unsigned64}, + Key{EnterpriseID: 6871, FieldID: 504}: {Name: "standardDeviationInterarrivalTime", Decoder: Unsigned64}, + Key{EnterpriseID: 6871, FieldID: 505}: {Name: "firstNonEmptyPacketSize", Decoder: Unsigned16}, + Key{EnterpriseID: 6871, FieldID: 506}: {Name: "maxPacketSize", Decoder: Unsigned16}, + Key{EnterpriseID: 6871, FieldID: 507}: {Name: "firstEightNonEmptyPacketDirections", Decoder: Unsigned8}, + Key{EnterpriseID: 6871, FieldID: 508}: {Name: "standardDeviationPayloadLength", Decoder: Unsigned8}, + Key{EnterpriseID: 6871, FieldID: 510}: {Name: "largePacketCount", Decoder: Unsigned32}, + Key{EnterpriseID: 6871, FieldID: 16398}: {Name: "reverseInitialTCPFlags", Decoder: Unsigned8}, + Key{EnterpriseID: 6871, FieldID: 16399}: {Name: "reverseUnionTCPFlags", Decoder: Unsigned8}, + Key{EnterpriseID: 6871, FieldID: 16402}: {Name: "reversePayload", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 16419}: {Name: "reversePayloadEntropy", Decoder: Unsigned8}, + Key{EnterpriseID: 6871, FieldID: 16420}: {Name: "reverseOsName", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 16421}: {Name: "reverseOsVersion", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 16422}: {Name: "reverseFirstPacketBanner", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 16423}: {Name: "reverseSecondPacketBanner", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 16424}: {Name: "reverseFlowAttributes", Decoder: Unsigned16}, + Key{EnterpriseID: 6871, FieldID: 16491}: {Name: "reverseOsFingerPrint", Decoder: String}, + Key{EnterpriseID: 6871, FieldID: 16671}: {Name: "reverseRtpPayloadType", Decoder: Unsigned8}, + Key{EnterpriseID: 6871, FieldID: 16884}: {Name: "reverseSmallPacketCount", Decoder: Unsigned32}, + Key{EnterpriseID: 6871, FieldID: 16885}: {Name: "reverseNonEmptyPacketCount", Decoder: Unsigned32}, + Key{EnterpriseID: 6871, FieldID: 16886}: {Name: "reverseDataByteCount", Decoder: Unsigned64}, + Key{EnterpriseID: 6871, FieldID: 16887}: {Name: "reverseAverageInterarrivalTime", Decoder: Unsigned64}, + Key{EnterpriseID: 6871, FieldID: 16888}: {Name: "reverseStandardDeviationInterarrivalTime", Decoder: Unsigned64}, + Key{EnterpriseID: 6871, FieldID: 16889}: {Name: "reverseFirstNonEmptyPacketSize", Decoder: Unsigned16}, + Key{EnterpriseID: 6871, FieldID: 16890}: {Name: "reverseMaxPacketSize", Decoder: Unsigned16}, + Key{EnterpriseID: 6871, FieldID: 16892}: {Name: "reverseStandardDeviationPayloadLength", Decoder: Unsigned16}, + Key{EnterpriseID: 6871, FieldID: 16894}: {Name: "reverseLargePacketCount", Decoder: Unsigned32}, +} + +func init() { + if err := RegisterGlobalFields(CertFields); err != nil { + panic(err) + } +} diff --git a/filebeat/input/netflow/decoder/fields/zfields_cisco.go b/filebeat/input/netflow/decoder/fields/zfields_cisco.go new file mode 100644 index 00000000000..7d1abc1b62c --- /dev/null +++ b/filebeat/input/netflow/decoder/fields/zfields_cisco.go @@ -0,0 +1,309 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// go run gen.go +// MACHINE GENERATED BY THE ABOVE COMMAND; DO NOT EDIT. + +package fields + +var CiscoFields = FieldDict{ + Key{EnterpriseID: 9, FieldID: 8232}: {Name: "PolicyQosClassificationHierarchy", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9252}: {Name: "waasoptimizationSegment", Decoder: Unsigned8}, + Key{EnterpriseID: 9, FieldID: 9265}: {Name: "artClientpackets", Decoder: Unsigned64}, + Key{EnterpriseID: 9, FieldID: 9266}: {Name: "artServerpackets", Decoder: Unsigned64}, + Key{EnterpriseID: 9, FieldID: 9268}: {Name: "artCountRetransmissions", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9272}: {Name: "artCountTransactions", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9273}: {Name: "artTotalTransactionTimeSum", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9274}: {Name: "artTotalTransactionTimeMaximum", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9275}: {Name: "artTotalTransactionTimeMinimum", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9282}: {Name: "artCountNewConnections", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9292}: {Name: "artCountResponses", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9293}: {Name: "artCountResponsesHistogramBucket1", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9294}: {Name: "artCountResponsesHistogramBucket2", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9295}: {Name: "artCountResponsesHistogramBucket3", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9296}: {Name: "artCountResponsesHistogramBucket4", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9297}: {Name: "artCountResponsesHistogramBucket5", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9298}: {Name: "artCountResponsesHistogramBucket6", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9299}: {Name: "artCountResponsesHistogramBucket7", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9300}: {Name: "artCountLateResponses", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9303}: {Name: "artResponseTimeSum", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9304}: {Name: "artResponseTimeMaximum", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9305}: {Name: "artResponseTimeMinimum", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9306}: {Name: "artServerResponseTimeSum", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9307}: {Name: "artServerResponseTimeMaximum", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9308}: {Name: "artServerResponseTimeMinimum", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9309}: {Name: "artTotalResponseTimeSum", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9310}: {Name: "artTotalResponseTimeMaximum", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9311}: {Name: "artTotalResponseTimeMinimum", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9313}: {Name: "artNetworkTimeSum", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9314}: {Name: "artNetworkTimeMaximum", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9315}: {Name: "artNetworkTimeMinimum", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9316}: {Name: "artClientNetworkTimeSum", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9317}: {Name: "artClientNetworkTimeMaximum", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9318}: {Name: "artClientNetworkTimeMinimum", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9319}: {Name: "artServerNetworkTimeSum", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9320}: {Name: "artServerNetworkTimeMaximum", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9321}: {Name: "artServerNetworkTimeMinimum", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9357}: {Name: "applicationHttpUriStatistics", Decoder: OctetArray}, + Key{EnterpriseID: 9, FieldID: 9360}: {Name: "PolicyQosQueueindex", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9360}: {Name: "PolicyQosQueueINDEX", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 9361}: {Name: "PolicyQosQueuedrops", Decoder: Unsigned64}, + Key{EnterpriseID: 9, FieldID: 12232}: {Name: "applicationCategoryName", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 12233}: {Name: "applicationSubCategoryName", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 12234}: {Name: "applicationGroupName", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 12235}: {Name: "applicationHttpUser-agent", Decoder: OctetArray}, + Key{EnterpriseID: 9, FieldID: 12243}: {Name: "applicationTraffic-class", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 12244}: {Name: "applicationBusiness-relevance", Decoder: Unsigned32}, + Key{EnterpriseID: 9, FieldID: 32733}: {Name: "timestampAbsoluteMonitoring-interval", Decoder: Unsigned64}, + Key{EnterpriseID: 5951, FieldID: 128}: {Name: "netscalerRoundTripTime", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 129}: {Name: "netscalerTransactionId", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 130}: {Name: "netscalerHttpReqUrl", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 131}: {Name: "netscalerHttpReqCookie", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 132}: {Name: "netscalerFlowFlags", Decoder: Unsigned64}, + Key{EnterpriseID: 5951, FieldID: 133}: {Name: "netscalerConnectionId", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 134}: {Name: "netscalerSyslogPriority", Decoder: Unsigned8}, + Key{EnterpriseID: 5951, FieldID: 135}: {Name: "netscalerSyslogMessage", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 136}: {Name: "netscalerSyslogTimestamp", Decoder: Unsigned64}, + Key{EnterpriseID: 5951, FieldID: 140}: {Name: "netscalerHttpReqReferer", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 141}: {Name: "netscalerHttpReqMethod", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 142}: {Name: "netscalerHttpReqHost", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 143}: {Name: "netscalerHttpReqUserAgent", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 144}: {Name: "netscalerHttpRspStatus", Decoder: Unsigned16}, + Key{EnterpriseID: 5951, FieldID: 145}: {Name: "netscalerHttpRspLen", Decoder: Unsigned64}, + Key{EnterpriseID: 5951, FieldID: 146}: {Name: "netscalerServerTTFB", Decoder: Unsigned64}, + Key{EnterpriseID: 5951, FieldID: 147}: {Name: "netscalerServerTTLB", Decoder: Unsigned64}, + Key{EnterpriseID: 5951, FieldID: 150}: {Name: "netscalerAppNameIncarnationNumber", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 151}: {Name: "netscalerAppNameAppId", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 152}: {Name: "netscalerAppName", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 153}: {Name: "netscalerHttpReqRcvFB", Decoder: Unsigned64}, + Key{EnterpriseID: 5951, FieldID: 156}: {Name: "netscalerHttpReqForwFB", Decoder: Unsigned64}, + Key{EnterpriseID: 5951, FieldID: 157}: {Name: "netscalerHttpResRcvFB", Decoder: Unsigned64}, + Key{EnterpriseID: 5951, FieldID: 158}: {Name: "netscalerHttpResForwFB", Decoder: Unsigned64}, + Key{EnterpriseID: 5951, FieldID: 159}: {Name: "netscalerHttpReqRcvLB", Decoder: Unsigned64}, + Key{EnterpriseID: 5951, FieldID: 160}: {Name: "netscalerHttpReqForwLB", Decoder: Unsigned64}, + Key{EnterpriseID: 5951, FieldID: 161}: {Name: "netscalerMainPageId", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 162}: {Name: "netscalerMainPageCoreId", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 163}: {Name: "netscalerHttpClientInteractionStartTime", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 164}: {Name: "netscalerHttpClientRenderEndTime", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 165}: {Name: "netscalerHttpClientRenderStartTime", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 167}: {Name: "netscalerAppTemplateName", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 168}: {Name: "netscalerHttpClientInteractionEndTime", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 169}: {Name: "netscalerHttpResRcvLB", Decoder: Unsigned64}, + Key{EnterpriseID: 5951, FieldID: 170}: {Name: "netscalerHttpResForwLB", Decoder: Unsigned64}, + Key{EnterpriseID: 5951, FieldID: 171}: {Name: "netscalerAppUnitNameAppId", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 172}: {Name: "netscalerDbLoginFlags", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 173}: {Name: "netscalerDbReqType", Decoder: Unsigned8}, + Key{EnterpriseID: 5951, FieldID: 174}: {Name: "netscalerDbProtocolName", Decoder: Unsigned8}, + Key{EnterpriseID: 5951, FieldID: 175}: {Name: "netscalerDbUserName", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 176}: {Name: "netscalerDbDatabaseName", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 177}: {Name: "netscalerDbCltHostName", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 178}: {Name: "netscalerDbReqString", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 179}: {Name: "netscalerDbRespStatusString", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 180}: {Name: "netscalerDbRespStatus", Decoder: Unsigned64}, + Key{EnterpriseID: 5951, FieldID: 181}: {Name: "netscalerDbRespLength", Decoder: Unsigned64}, + Key{EnterpriseID: 5951, FieldID: 182}: {Name: "netscalerClientRTT", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 183}: {Name: "netscalerHttpContentType", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 185}: {Name: "netscalerHttpReqAuthorization", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 186}: {Name: "netscalerHttpReqVia", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 187}: {Name: "netscalerHttpResLocation", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 188}: {Name: "netscalerHttpResSetCookie", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 189}: {Name: "netscalerHttpResSetCookie2", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 190}: {Name: "netscalerHttpReqXForwardedFor", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 192}: {Name: "netscalerConnectionChainID", Decoder: OctetArray}, + Key{EnterpriseID: 5951, FieldID: 193}: {Name: "netscalerConnectionChainHopCount", Decoder: Unsigned64}, + Key{EnterpriseID: 5951, FieldID: 200}: {Name: "netscalerICASessionGuid", Decoder: OctetArray}, + Key{EnterpriseID: 5951, FieldID: 201}: {Name: "netscaleIcaClientVersion", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 202}: {Name: "netscalerIcaClientType", Decoder: Unsigned16}, + Key{EnterpriseID: 5951, FieldID: 203}: {Name: "netscalerIcaClientIP", Decoder: Ipv4Address}, + Key{EnterpriseID: 5951, FieldID: 204}: {Name: "netscalerIcaClientHostName", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 205}: {Name: "netscalerAaaUsername", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 207}: {Name: "netscalerIcaDomainName", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 208}: {Name: "netscalerIcaClientLauncher", Decoder: Unsigned16}, + Key{EnterpriseID: 5951, FieldID: 209}: {Name: "netscalerIcaSessionSetupTime", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 210}: {Name: "netscalerIcaServerName", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 214}: {Name: "netscalerIcaSessionReconnects", Decoder: Unsigned8}, + Key{EnterpriseID: 5951, FieldID: 215}: {Name: "netscalerIcaRTT", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 216}: {Name: "netscalerIcaClientsideRXBytes", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 217}: {Name: "netscalerIcaClientsideTXBytes", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 219}: {Name: "netscalerIcaClientsidePacketsRetransmit", Decoder: Unsigned16}, + Key{EnterpriseID: 5951, FieldID: 220}: {Name: "netscalerIcaServersidePacketsRetransmit", Decoder: Unsigned16}, + Key{EnterpriseID: 5951, FieldID: 221}: {Name: "netscalerIcaClientsideRTT", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 222}: {Name: "netscalerIcaServersideRTT", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 223}: {Name: "netscalerIcaSessionUpdateBeginSec", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 224}: {Name: "netscalerIcaSessionUpdateEndSec", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 225}: {Name: "netscalerIcaChannelId1", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 226}: {Name: "netscalerIcaChannelId1Bytes", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 227}: {Name: "netscalerIcaChannelId2", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 228}: {Name: "netscalerIcaChannelId2Bytes", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 229}: {Name: "netscalerIcaChannelId3", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 230}: {Name: "netscalerIcaChannelId3Bytes", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 231}: {Name: "netscalerIcaChannelId4", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 232}: {Name: "netscalerIcaChannelId4Bytes", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 233}: {Name: "netscalerIcaChannelId5", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 234}: {Name: "netscalerIcaChannelId5Bytes", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 235}: {Name: "netscalerIcaConnectionPriority", Decoder: Unsigned16}, + Key{EnterpriseID: 5951, FieldID: 236}: {Name: "netscalerApplicationStartupDuration", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 237}: {Name: "netscalerIcaLaunchMechanism", Decoder: Unsigned16}, + Key{EnterpriseID: 5951, FieldID: 238}: {Name: "netscalerIcaApplicationName", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 239}: {Name: "netscalerApplicationStartupTime", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 240}: {Name: "netscalerIcaApplicationTerminationType", Decoder: Unsigned16}, + Key{EnterpriseID: 5951, FieldID: 241}: {Name: "netscalerIcaApplicationTerminationTime", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 242}: {Name: "netscalerIcaSessionEndTime", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 243}: {Name: "netscalerIcaClientsideJitter", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 244}: {Name: "netscalerIcaServersideJitter", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 245}: {Name: "netscalerIcaAppProcessID", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 246}: {Name: "netscalerIcaAppModulePath", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 247}: {Name: "netscalerIcaDeviceSerialNo", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 248}: {Name: "netscalerMsiClientCookie", Decoder: OctetArray}, + Key{EnterpriseID: 5951, FieldID: 249}: {Name: "netscalerIcaFlags", Decoder: Unsigned64}, + Key{EnterpriseID: 5951, FieldID: 250}: {Name: "netscalerIcaUsername", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 251}: {Name: "netscalerLicenseType", Decoder: Unsigned8}, + Key{EnterpriseID: 5951, FieldID: 252}: {Name: "netscalerMaxLicenseCount", Decoder: Unsigned64}, + Key{EnterpriseID: 5951, FieldID: 253}: {Name: "netscalerCurrentLicenseConsumed", Decoder: Unsigned64}, + Key{EnterpriseID: 5951, FieldID: 254}: {Name: "netscalerIcaNetworkUpdateStartTime", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 255}: {Name: "netscalerIcaNetworkUpdateEndTime", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 256}: {Name: "netscalerIcaClientsideSRTT", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 257}: {Name: "netscalerIcaServersideSRTT", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 258}: {Name: "netscalerIcaClientsideDelay", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 259}: {Name: "netscalerIcaServersideDelay", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 260}: {Name: "netscalerIcaHostDelay", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 261}: {Name: "netscalerIcaClientSideWindowSize", Decoder: Unsigned16}, + Key{EnterpriseID: 5951, FieldID: 262}: {Name: "netscalerIcaServerSideWindowSize", Decoder: Unsigned16}, + Key{EnterpriseID: 5951, FieldID: 263}: {Name: "netscalerIcaClientSideRTOCount", Decoder: Unsigned16}, + Key{EnterpriseID: 5951, FieldID: 264}: {Name: "netscalerIcaServerSideRTOCount", Decoder: Unsigned16}, + Key{EnterpriseID: 5951, FieldID: 265}: {Name: "netscalerIcaL7ClientLatency", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 266}: {Name: "netscalerIcaL7ServerLatency", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 267}: {Name: "netscalerHttpDomainName", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 268}: {Name: "netscalerCacheRedirClientConnectionCoreID", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 269}: {Name: "netscalerCacheRedirClientConnectionTransactionID", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 270}: {Name: "netscalerUnknown270", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 271}: {Name: "netscalerUnknown271", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 272}: {Name: "netscalerUnknown272", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 273}: {Name: "netscalerUnknown273", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 274}: {Name: "netscalerUnknown274", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 275}: {Name: "netscalerUnknown275", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 276}: {Name: "netscalerUnknown276", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 277}: {Name: "netscalerUnknown277", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 278}: {Name: "netscalerUnknown278", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 279}: {Name: "netscalerUnknown279", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 280}: {Name: "netscalerUnknown280", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 281}: {Name: "netscalerUnknown281", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 282}: {Name: "netscalerUnknown282", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 283}: {Name: "netscalerUnknown283", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 284}: {Name: "netscalerUnknown284", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 285}: {Name: "netscalerUnknown285", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 286}: {Name: "netscalerUnknown286", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 287}: {Name: "netscalerUnknown287", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 288}: {Name: "netscalerUnknown288", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 289}: {Name: "netscalerUnknown289", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 290}: {Name: "netscalerUnknown290", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 291}: {Name: "netscalerUnknown291", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 292}: {Name: "netscalerUnknown292", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 293}: {Name: "netscalerUnknown293", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 294}: {Name: "netscalerUnknown294", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 295}: {Name: "netscalerUnknown295", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 296}: {Name: "netscalerUnknown296", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 297}: {Name: "netscalerUnknown297", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 298}: {Name: "netscalerUnknown298", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 299}: {Name: "netscalerUnknown299", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 300}: {Name: "netscalerUnknown300", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 301}: {Name: "netscalerUnknown301", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 302}: {Name: "netscalerUnknown302", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 303}: {Name: "netscalerUnknown303", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 304}: {Name: "netscalerUnknown304", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 305}: {Name: "netscalerUnknown305", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 306}: {Name: "netscalerUnknown306", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 307}: {Name: "netscalerUnknown307", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 308}: {Name: "netscalerUnknown308", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 309}: {Name: "netscalerUnknown309", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 310}: {Name: "netscalerUnknown310", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 311}: {Name: "netscalerUnknown311", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 312}: {Name: "netscalerUnknown312", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 313}: {Name: "netscalerUnknown313", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 314}: {Name: "netscalerUnknown314", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 315}: {Name: "netscalerUnknown315", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 316}: {Name: "netscalerUnknown316", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 317}: {Name: "netscalerUnknown317", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 318}: {Name: "netscalerUnknown318", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 319}: {Name: "netscalerUnknown319", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 320}: {Name: "netscalerUnknown320", Decoder: Unsigned16}, + Key{EnterpriseID: 5951, FieldID: 321}: {Name: "netscalerUnknown321", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 322}: {Name: "netscalerUnknown322", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 323}: {Name: "netscalerUnknown323", Decoder: Unsigned16}, + Key{EnterpriseID: 5951, FieldID: 324}: {Name: "netscalerUnknown324", Decoder: Unsigned16}, + Key{EnterpriseID: 5951, FieldID: 325}: {Name: "netscalerUnknown325", Decoder: Unsigned16}, + Key{EnterpriseID: 5951, FieldID: 326}: {Name: "netscalerUnknown326", Decoder: Unsigned16}, + Key{EnterpriseID: 5951, FieldID: 327}: {Name: "netscalerUnknown327", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 328}: {Name: "netscalerUnknown328", Decoder: Unsigned16}, + Key{EnterpriseID: 5951, FieldID: 329}: {Name: "netscalerUnknown329", Decoder: Unsigned16}, + Key{EnterpriseID: 5951, FieldID: 330}: {Name: "netscalerUnknown330", Decoder: Unsigned16}, + Key{EnterpriseID: 5951, FieldID: 331}: {Name: "netscalerUnknown331", Decoder: Unsigned16}, + Key{EnterpriseID: 5951, FieldID: 332}: {Name: "netscalerUnknown332", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 333}: {Name: "netscalerUnknown333", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 334}: {Name: "netscalerUnknown334", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 335}: {Name: "netscalerUnknown335", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 336}: {Name: "netscalerUnknown336", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 337}: {Name: "netscalerUnknown337", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 338}: {Name: "netscalerUnknown338", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 339}: {Name: "netscalerUnknown339", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 340}: {Name: "netscalerUnknown340", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 341}: {Name: "netscalerUnknown341", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 342}: {Name: "netscalerUnknown342", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 343}: {Name: "netscalerUnknown343", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 344}: {Name: "netscalerUnknown344", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 345}: {Name: "netscalerUnknown345", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 346}: {Name: "netscalerUnknown346", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 347}: {Name: "netscalerUnknown347", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 348}: {Name: "netscalerUnknown348", Decoder: Unsigned16}, + Key{EnterpriseID: 5951, FieldID: 349}: {Name: "netscalerUnknown349", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 350}: {Name: "netscalerUnknown350", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 351}: {Name: "netscalerUnknown351", Decoder: String}, + Key{EnterpriseID: 5951, FieldID: 352}: {Name: "netscalerUnknown352", Decoder: Unsigned16}, + Key{EnterpriseID: 5951, FieldID: 353}: {Name: "netscalerUnknown353", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 354}: {Name: "netscalerUnknown354", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 355}: {Name: "netscalerUnknown355", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 356}: {Name: "netscalerUnknown356", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 357}: {Name: "netscalerUnknown357", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 363}: {Name: "netscalerUnknown363", Decoder: OctetArray}, + Key{EnterpriseID: 5951, FieldID: 383}: {Name: "netscalerUnknown383", Decoder: OctetArray}, + Key{EnterpriseID: 5951, FieldID: 391}: {Name: "netscalerUnknown391", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 398}: {Name: "netscalerUnknown398", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 404}: {Name: "netscalerUnknown404", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 405}: {Name: "netscalerUnknown405", Decoder: Unsigned32}, + Key{EnterpriseID: 5951, FieldID: 427}: {Name: "netscalerUnknown427", Decoder: Unsigned64}, + Key{EnterpriseID: 5951, FieldID: 429}: {Name: "netscalerUnknown429", Decoder: Unsigned8}, + Key{EnterpriseID: 5951, FieldID: 432}: {Name: "netscalerUnknown432", Decoder: Unsigned8}, + Key{EnterpriseID: 5951, FieldID: 433}: {Name: "netscalerUnknown433", Decoder: Unsigned8}, + Key{EnterpriseID: 5951, FieldID: 453}: {Name: "netscalerUnknown453", Decoder: Unsigned64}, + Key{EnterpriseID: 5951, FieldID: 465}: {Name: "netscalerUnknown465", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 33000}: {Name: "ingressAclID", Decoder: ACLID}, + Key{EnterpriseID: 0, FieldID: 33001}: {Name: "egressAclID", Decoder: ACLID}, + Key{EnterpriseID: 0, FieldID: 33002}: {Name: "fwExtEvent", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 33003}: {Name: "fwEventLevel", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 33004}: {Name: "fwEventLevelID", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 33005}: {Name: "fwConfiguredValue", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 34000}: {Name: "fwCtsSrcSGT", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 35001}: {Name: "fwExtEventAlt", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 35004}: {Name: "fwBlackoutSecs", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 35005}: {Name: "fwHalfOpenHigh", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 35006}: {Name: "fwHalfOpenRate", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 35007}: {Name: "fwZonePairID", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 35008}: {Name: "fwMaxSessions", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 35009}: {Name: "fwZonePairName", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 35010}: {Name: "fwExtEventDesc", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 35011}: {Name: "fwSummaryPktCount", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 35012}: {Name: "fwHalfOpenCount", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 40000}: {Name: "username", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 40001}: {Name: "XlateSourceAddressIPV4", Decoder: Ipv4Address}, + Key{EnterpriseID: 0, FieldID: 40002}: {Name: "XlateDestinationAddressIPV4", Decoder: Ipv4Address}, + Key{EnterpriseID: 0, FieldID: 40003}: {Name: "XlateSourcePort", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 40004}: {Name: "XlateDestinationPort", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 40005}: {Name: "FirewallEvent", Decoder: Unsigned8}, +} + +func init() { + if err := RegisterGlobalFields(CiscoFields); err != nil { + panic(err) + } +} diff --git a/filebeat/input/netflow/decoder/fields/zfields_ipfix.go b/filebeat/input/netflow/decoder/fields/zfields_ipfix.go new file mode 100644 index 00000000000..045ec5c3499 --- /dev/null +++ b/filebeat/input/netflow/decoder/fields/zfields_ipfix.go @@ -0,0 +1,475 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// go run gen.go +// MACHINE GENERATED BY THE ABOVE COMMAND; DO NOT EDIT. + +package fields + +var IpfixFields = FieldDict{ + // Field 0: Reserved + Key{EnterpriseID: 0, FieldID: 1}: {Name: "octetDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 2}: {Name: "packetDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 3}: {Name: "deltaFlowCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 4}: {Name: "protocolIdentifier", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 5}: {Name: "ipClassOfService", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 6}: {Name: "tcpControlBits", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 7}: {Name: "sourceTransportPort", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 8}: {Name: "sourceIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 0, FieldID: 9}: {Name: "sourceIPv4PrefixLength", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 10}: {Name: "ingressInterface", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 11}: {Name: "destinationTransportPort", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 12}: {Name: "destinationIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 0, FieldID: 13}: {Name: "destinationIPv4PrefixLength", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 14}: {Name: "egressInterface", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 15}: {Name: "ipNextHopIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 0, FieldID: 16}: {Name: "bgpSourceAsNumber", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 17}: {Name: "bgpDestinationAsNumber", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 18}: {Name: "bgpNextHopIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 0, FieldID: 19}: {Name: "postMCastPacketDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 20}: {Name: "postMCastOctetDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 21}: {Name: "flowEndSysUpTime", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 22}: {Name: "flowStartSysUpTime", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 23}: {Name: "postOctetDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 24}: {Name: "postPacketDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 25}: {Name: "minimumIpTotalLength", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 26}: {Name: "maximumIpTotalLength", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 27}: {Name: "sourceIPv6Address", Decoder: Ipv6Address}, + Key{EnterpriseID: 0, FieldID: 28}: {Name: "destinationIPv6Address", Decoder: Ipv6Address}, + Key{EnterpriseID: 0, FieldID: 29}: {Name: "sourceIPv6PrefixLength", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 30}: {Name: "destinationIPv6PrefixLength", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 31}: {Name: "flowLabelIPv6", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 32}: {Name: "icmpTypeCodeIPv4", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 33}: {Name: "igmpType", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 34}: {Name: "samplingInterval", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 35}: {Name: "samplingAlgorithm", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 36}: {Name: "flowActiveTimeout", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 37}: {Name: "flowIdleTimeout", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 38}: {Name: "engineType", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 39}: {Name: "engineId", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 40}: {Name: "exportedOctetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 41}: {Name: "exportedMessageTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 42}: {Name: "exportedFlowRecordTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 43}: {Name: "ipv4RouterSc", Decoder: Ipv4Address}, + Key{EnterpriseID: 0, FieldID: 44}: {Name: "sourceIPv4Prefix", Decoder: Ipv4Address}, + Key{EnterpriseID: 0, FieldID: 45}: {Name: "destinationIPv4Prefix", Decoder: Ipv4Address}, + Key{EnterpriseID: 0, FieldID: 46}: {Name: "mplsTopLabelType", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 47}: {Name: "mplsTopLabelIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 0, FieldID: 48}: {Name: "samplerId", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 49}: {Name: "samplerMode", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 50}: {Name: "samplerRandomInterval", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 51}: {Name: "classId", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 52}: {Name: "minimumTTL", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 53}: {Name: "maximumTTL", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 54}: {Name: "fragmentIdentification", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 55}: {Name: "postIpClassOfService", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 56}: {Name: "sourceMacAddress", Decoder: MacAddress}, + Key{EnterpriseID: 0, FieldID: 57}: {Name: "postDestinationMacAddress", Decoder: MacAddress}, + Key{EnterpriseID: 0, FieldID: 58}: {Name: "vlanId", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 59}: {Name: "postVlanId", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 60}: {Name: "ipVersion", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 61}: {Name: "flowDirection", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 62}: {Name: "ipNextHopIPv6Address", Decoder: Ipv6Address}, + Key{EnterpriseID: 0, FieldID: 63}: {Name: "bgpNextHopIPv6Address", Decoder: Ipv6Address}, + Key{EnterpriseID: 0, FieldID: 64}: {Name: "ipv6ExtensionHeaders", Decoder: Unsigned32}, + // Field 65-69: Assigned for NetFlow v9 compatibility + Key{EnterpriseID: 0, FieldID: 70}: {Name: "mplsTopLabelStackSection", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 71}: {Name: "mplsLabelStackSection2", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 72}: {Name: "mplsLabelStackSection3", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 73}: {Name: "mplsLabelStackSection4", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 74}: {Name: "mplsLabelStackSection5", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 75}: {Name: "mplsLabelStackSection6", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 76}: {Name: "mplsLabelStackSection7", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 77}: {Name: "mplsLabelStackSection8", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 78}: {Name: "mplsLabelStackSection9", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 79}: {Name: "mplsLabelStackSection10", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 80}: {Name: "destinationMacAddress", Decoder: MacAddress}, + Key{EnterpriseID: 0, FieldID: 81}: {Name: "postSourceMacAddress", Decoder: MacAddress}, + Key{EnterpriseID: 0, FieldID: 82}: {Name: "interfaceName", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 83}: {Name: "interfaceDescription", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 84}: {Name: "samplerName", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 85}: {Name: "octetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 86}: {Name: "packetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 87}: {Name: "flagsAndSamplerId", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 88}: {Name: "fragmentOffset", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 89}: {Name: "forwardingStatus", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 90}: {Name: "mplsVpnRouteDistinguisher", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 91}: {Name: "mplsTopLabelPrefixLength", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 92}: {Name: "srcTrafficIndex", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 93}: {Name: "dstTrafficIndex", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 94}: {Name: "applicationDescription", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 95}: {Name: "applicationId", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 96}: {Name: "applicationName", Decoder: String}, + // Field 97: Assigned for NetFlow v9 compatibility + Key{EnterpriseID: 0, FieldID: 98}: {Name: "postIpDiffServCodePoint", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 99}: {Name: "multicastReplicationFactor", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 100}: {Name: "className", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 101}: {Name: "classificationEngineId", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 102}: {Name: "layer2packetSectionOffset", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 103}: {Name: "layer2packetSectionSize", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 104}: {Name: "layer2packetSectionData", Decoder: OctetArray}, + // Field 105-127: Assigned for NetFlow v9 compatibility + Key{EnterpriseID: 0, FieldID: 128}: {Name: "bgpNextAdjacentAsNumber", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 129}: {Name: "bgpPrevAdjacentAsNumber", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 130}: {Name: "exporterIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 0, FieldID: 131}: {Name: "exporterIPv6Address", Decoder: Ipv6Address}, + Key{EnterpriseID: 0, FieldID: 132}: {Name: "droppedOctetDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 133}: {Name: "droppedPacketDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 134}: {Name: "droppedOctetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 135}: {Name: "droppedPacketTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 136}: {Name: "flowEndReason", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 137}: {Name: "commonPropertiesId", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 138}: {Name: "observationPointId", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 139}: {Name: "icmpTypeCodeIPv6", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 140}: {Name: "mplsTopLabelIPv6Address", Decoder: Ipv6Address}, + Key{EnterpriseID: 0, FieldID: 141}: {Name: "lineCardId", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 142}: {Name: "portId", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 143}: {Name: "meteringProcessId", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 144}: {Name: "exportingProcessId", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 145}: {Name: "templateId", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 146}: {Name: "wlanChannelId", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 147}: {Name: "wlanSSID", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 148}: {Name: "flowId", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 149}: {Name: "observationDomainId", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 150}: {Name: "flowStartSeconds", Decoder: DateTimeSeconds}, + Key{EnterpriseID: 0, FieldID: 151}: {Name: "flowEndSeconds", Decoder: DateTimeSeconds}, + Key{EnterpriseID: 0, FieldID: 152}: {Name: "flowStartMilliseconds", Decoder: DateTimeMilliseconds}, + Key{EnterpriseID: 0, FieldID: 153}: {Name: "flowEndMilliseconds", Decoder: DateTimeMilliseconds}, + Key{EnterpriseID: 0, FieldID: 154}: {Name: "flowStartMicroseconds", Decoder: DateTimeMicroseconds}, + Key{EnterpriseID: 0, FieldID: 155}: {Name: "flowEndMicroseconds", Decoder: DateTimeMicroseconds}, + Key{EnterpriseID: 0, FieldID: 156}: {Name: "flowStartNanoseconds", Decoder: DateTimeNanoseconds}, + Key{EnterpriseID: 0, FieldID: 157}: {Name: "flowEndNanoseconds", Decoder: DateTimeNanoseconds}, + Key{EnterpriseID: 0, FieldID: 158}: {Name: "flowStartDeltaMicroseconds", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 159}: {Name: "flowEndDeltaMicroseconds", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 160}: {Name: "systemInitTimeMilliseconds", Decoder: DateTimeMilliseconds}, + Key{EnterpriseID: 0, FieldID: 161}: {Name: "flowDurationMilliseconds", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 162}: {Name: "flowDurationMicroseconds", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 163}: {Name: "observedFlowTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 164}: {Name: "ignoredPacketTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 165}: {Name: "ignoredOctetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 166}: {Name: "notSentFlowTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 167}: {Name: "notSentPacketTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 168}: {Name: "notSentOctetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 169}: {Name: "destinationIPv6Prefix", Decoder: Ipv6Address}, + Key{EnterpriseID: 0, FieldID: 170}: {Name: "sourceIPv6Prefix", Decoder: Ipv6Address}, + Key{EnterpriseID: 0, FieldID: 171}: {Name: "postOctetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 172}: {Name: "postPacketTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 173}: {Name: "flowKeyIndicator", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 174}: {Name: "postMCastPacketTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 175}: {Name: "postMCastOctetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 176}: {Name: "icmpTypeIPv4", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 177}: {Name: "icmpCodeIPv4", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 178}: {Name: "icmpTypeIPv6", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 179}: {Name: "icmpCodeIPv6", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 180}: {Name: "udpSourcePort", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 181}: {Name: "udpDestinationPort", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 182}: {Name: "tcpSourcePort", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 183}: {Name: "tcpDestinationPort", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 184}: {Name: "tcpSequenceNumber", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 185}: {Name: "tcpAcknowledgementNumber", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 186}: {Name: "tcpWindowSize", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 187}: {Name: "tcpUrgentPointer", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 188}: {Name: "tcpHeaderLength", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 189}: {Name: "ipHeaderLength", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 190}: {Name: "totalLengthIPv4", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 191}: {Name: "payloadLengthIPv6", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 192}: {Name: "ipTTL", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 193}: {Name: "nextHeaderIPv6", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 194}: {Name: "mplsPayloadLength", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 195}: {Name: "ipDiffServCodePoint", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 196}: {Name: "ipPrecedence", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 197}: {Name: "fragmentFlags", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 198}: {Name: "octetDeltaSumOfSquares", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 199}: {Name: "octetTotalSumOfSquares", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 200}: {Name: "mplsTopLabelTTL", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 201}: {Name: "mplsLabelStackLength", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 202}: {Name: "mplsLabelStackDepth", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 203}: {Name: "mplsTopLabelExp", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 204}: {Name: "ipPayloadLength", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 205}: {Name: "udpMessageLength", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 206}: {Name: "isMulticast", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 207}: {Name: "ipv4IHL", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 208}: {Name: "ipv4Options", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 209}: {Name: "tcpOptions", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 210}: {Name: "paddingOctets", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 211}: {Name: "collectorIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 0, FieldID: 212}: {Name: "collectorIPv6Address", Decoder: Ipv6Address}, + Key{EnterpriseID: 0, FieldID: 213}: {Name: "exportInterface", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 214}: {Name: "exportProtocolVersion", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 215}: {Name: "exportTransportProtocol", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 216}: {Name: "collectorTransportPort", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 217}: {Name: "exporterTransportPort", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 218}: {Name: "tcpSynTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 219}: {Name: "tcpFinTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 220}: {Name: "tcpRstTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 221}: {Name: "tcpPshTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 222}: {Name: "tcpAckTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 223}: {Name: "tcpUrgTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 224}: {Name: "ipTotalLength", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 225}: {Name: "postNATSourceIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 0, FieldID: 226}: {Name: "postNATDestinationIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 0, FieldID: 227}: {Name: "postNAPTSourceTransportPort", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 228}: {Name: "postNAPTDestinationTransportPort", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 229}: {Name: "natOriginatingAddressRealm", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 230}: {Name: "natEvent", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 231}: {Name: "initiatorOctets", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 232}: {Name: "responderOctets", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 233}: {Name: "firewallEvent", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 234}: {Name: "ingressVRFID", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 235}: {Name: "egressVRFID", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 236}: {Name: "VRFname", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 237}: {Name: "postMplsTopLabelExp", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 238}: {Name: "tcpWindowScale", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 239}: {Name: "biflowDirection", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 240}: {Name: "ethernetHeaderLength", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 241}: {Name: "ethernetPayloadLength", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 242}: {Name: "ethernetTotalLength", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 243}: {Name: "dot1qVlanId", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 244}: {Name: "dot1qPriority", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 245}: {Name: "dot1qCustomerVlanId", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 246}: {Name: "dot1qCustomerPriority", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 247}: {Name: "metroEvcId", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 248}: {Name: "metroEvcType", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 249}: {Name: "pseudoWireId", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 250}: {Name: "pseudoWireType", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 251}: {Name: "pseudoWireControlWord", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 252}: {Name: "ingressPhysicalInterface", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 253}: {Name: "egressPhysicalInterface", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 254}: {Name: "postDot1qVlanId", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 255}: {Name: "postDot1qCustomerVlanId", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 256}: {Name: "ethernetType", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 257}: {Name: "postIpPrecedence", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 258}: {Name: "collectionTimeMilliseconds", Decoder: DateTimeMilliseconds}, + Key{EnterpriseID: 0, FieldID: 259}: {Name: "exportSctpStreamId", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 260}: {Name: "maxExportSeconds", Decoder: DateTimeSeconds}, + Key{EnterpriseID: 0, FieldID: 261}: {Name: "maxFlowEndSeconds", Decoder: DateTimeSeconds}, + Key{EnterpriseID: 0, FieldID: 262}: {Name: "messageMD5Checksum", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 263}: {Name: "messageScope", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 264}: {Name: "minExportSeconds", Decoder: DateTimeSeconds}, + Key{EnterpriseID: 0, FieldID: 265}: {Name: "minFlowStartSeconds", Decoder: DateTimeSeconds}, + Key{EnterpriseID: 0, FieldID: 266}: {Name: "opaqueOctets", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 267}: {Name: "sessionScope", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 268}: {Name: "maxFlowEndMicroseconds", Decoder: DateTimeMicroseconds}, + Key{EnterpriseID: 0, FieldID: 269}: {Name: "maxFlowEndMilliseconds", Decoder: DateTimeMilliseconds}, + Key{EnterpriseID: 0, FieldID: 270}: {Name: "maxFlowEndNanoseconds", Decoder: DateTimeNanoseconds}, + Key{EnterpriseID: 0, FieldID: 271}: {Name: "minFlowStartMicroseconds", Decoder: DateTimeMicroseconds}, + Key{EnterpriseID: 0, FieldID: 272}: {Name: "minFlowStartMilliseconds", Decoder: DateTimeMilliseconds}, + Key{EnterpriseID: 0, FieldID: 273}: {Name: "minFlowStartNanoseconds", Decoder: DateTimeNanoseconds}, + Key{EnterpriseID: 0, FieldID: 274}: {Name: "collectorCertificate", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 275}: {Name: "exporterCertificate", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 276}: {Name: "dataRecordsReliability", Decoder: Boolean}, + Key{EnterpriseID: 0, FieldID: 277}: {Name: "observationPointType", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 278}: {Name: "newConnectionDeltaCount", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 279}: {Name: "connectionSumDurationSeconds", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 280}: {Name: "connectionTransactionId", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 281}: {Name: "postNATSourceIPv6Address", Decoder: Ipv6Address}, + Key{EnterpriseID: 0, FieldID: 282}: {Name: "postNATDestinationIPv6Address", Decoder: Ipv6Address}, + Key{EnterpriseID: 0, FieldID: 283}: {Name: "natPoolId", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 284}: {Name: "natPoolName", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 285}: {Name: "anonymizationFlags", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 286}: {Name: "anonymizationTechnique", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 287}: {Name: "informationElementIndex", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 288}: {Name: "p2pTechnology", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 289}: {Name: "tunnelTechnology", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 290}: {Name: "encryptedTechnology", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 291}: {Name: "basicList", Decoder: BasicList}, + Key{EnterpriseID: 0, FieldID: 292}: {Name: "subTemplateList", Decoder: SubTemplateList}, + Key{EnterpriseID: 0, FieldID: 293}: {Name: "subTemplateMultiList", Decoder: SubTemplateMultiList}, + Key{EnterpriseID: 0, FieldID: 294}: {Name: "bgpValidityState", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 295}: {Name: "IPSecSPI", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 296}: {Name: "greKey", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 297}: {Name: "natType", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 298}: {Name: "initiatorPackets", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 299}: {Name: "responderPackets", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 300}: {Name: "observationDomainName", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 301}: {Name: "selectionSequenceId", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 302}: {Name: "selectorId", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 303}: {Name: "informationElementId", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 304}: {Name: "selectorAlgorithm", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 305}: {Name: "samplingPacketInterval", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 306}: {Name: "samplingPacketSpace", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 307}: {Name: "samplingTimeInterval", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 308}: {Name: "samplingTimeSpace", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 309}: {Name: "samplingSize", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 310}: {Name: "samplingPopulation", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 311}: {Name: "samplingProbability", Decoder: Float64}, + Key{EnterpriseID: 0, FieldID: 312}: {Name: "dataLinkFrameSize", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 313}: {Name: "ipHeaderPacketSection", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 314}: {Name: "ipPayloadPacketSection", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 315}: {Name: "dataLinkFrameSection", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 316}: {Name: "mplsLabelStackSection", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 317}: {Name: "mplsPayloadPacketSection", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 318}: {Name: "selectorIdTotalPktsObserved", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 319}: {Name: "selectorIdTotalPktsSelected", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 320}: {Name: "absoluteError", Decoder: Float64}, + Key{EnterpriseID: 0, FieldID: 321}: {Name: "relativeError", Decoder: Float64}, + Key{EnterpriseID: 0, FieldID: 322}: {Name: "observationTimeSeconds", Decoder: DateTimeSeconds}, + Key{EnterpriseID: 0, FieldID: 323}: {Name: "observationTimeMilliseconds", Decoder: DateTimeMilliseconds}, + Key{EnterpriseID: 0, FieldID: 324}: {Name: "observationTimeMicroseconds", Decoder: DateTimeMicroseconds}, + Key{EnterpriseID: 0, FieldID: 325}: {Name: "observationTimeNanoseconds", Decoder: DateTimeNanoseconds}, + Key{EnterpriseID: 0, FieldID: 326}: {Name: "digestHashValue", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 327}: {Name: "hashIPPayloadOffset", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 328}: {Name: "hashIPPayloadSize", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 329}: {Name: "hashOutputRangeMin", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 330}: {Name: "hashOutputRangeMax", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 331}: {Name: "hashSelectedRangeMin", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 332}: {Name: "hashSelectedRangeMax", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 333}: {Name: "hashDigestOutput", Decoder: Boolean}, + Key{EnterpriseID: 0, FieldID: 334}: {Name: "hashInitialiserValue", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 335}: {Name: "selectorName", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 336}: {Name: "upperCILimit", Decoder: Float64}, + Key{EnterpriseID: 0, FieldID: 337}: {Name: "lowerCILimit", Decoder: Float64}, + Key{EnterpriseID: 0, FieldID: 338}: {Name: "confidenceLevel", Decoder: Float64}, + Key{EnterpriseID: 0, FieldID: 339}: {Name: "informationElementDataType", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 340}: {Name: "informationElementDescription", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 341}: {Name: "informationElementName", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 342}: {Name: "informationElementRangeBegin", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 343}: {Name: "informationElementRangeEnd", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 344}: {Name: "informationElementSemantics", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 345}: {Name: "informationElementUnits", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 346}: {Name: "privateEnterpriseNumber", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 347}: {Name: "virtualStationInterfaceId", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 348}: {Name: "virtualStationInterfaceName", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 349}: {Name: "virtualStationUUID", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 350}: {Name: "virtualStationName", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 351}: {Name: "layer2SegmentId", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 352}: {Name: "layer2OctetDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 353}: {Name: "layer2OctetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 354}: {Name: "ingressUnicastPacketTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 355}: {Name: "ingressMulticastPacketTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 356}: {Name: "ingressBroadcastPacketTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 357}: {Name: "egressUnicastPacketTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 358}: {Name: "egressBroadcastPacketTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 359}: {Name: "monitoringIntervalStartMilliSeconds", Decoder: DateTimeMilliseconds}, + Key{EnterpriseID: 0, FieldID: 360}: {Name: "monitoringIntervalEndMilliSeconds", Decoder: DateTimeMilliseconds}, + Key{EnterpriseID: 0, FieldID: 361}: {Name: "portRangeStart", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 362}: {Name: "portRangeEnd", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 363}: {Name: "portRangeStepSize", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 364}: {Name: "portRangeNumPorts", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 365}: {Name: "staMacAddress", Decoder: MacAddress}, + Key{EnterpriseID: 0, FieldID: 366}: {Name: "staIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 0, FieldID: 367}: {Name: "wtpMacAddress", Decoder: MacAddress}, + Key{EnterpriseID: 0, FieldID: 368}: {Name: "ingressInterfaceType", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 369}: {Name: "egressInterfaceType", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 370}: {Name: "rtpSequenceNumber", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 371}: {Name: "userName", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 372}: {Name: "applicationCategoryName", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 373}: {Name: "applicationSubCategoryName", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 374}: {Name: "applicationGroupName", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 375}: {Name: "originalFlowsPresent", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 376}: {Name: "originalFlowsInitiated", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 377}: {Name: "originalFlowsCompleted", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 378}: {Name: "distinctCountOfSourceIPAddress", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 379}: {Name: "distinctCountOfDestinationIPAddress", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 380}: {Name: "distinctCountOfSourceIPv4Address", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 381}: {Name: "distinctCountOfDestinationIPv4Address", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 382}: {Name: "distinctCountOfSourceIPv6Address", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 383}: {Name: "distinctCountOfDestinationIPv6Address", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 384}: {Name: "valueDistributionMethod", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 385}: {Name: "rfc3550JitterMilliseconds", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 386}: {Name: "rfc3550JitterMicroseconds", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 387}: {Name: "rfc3550JitterNanoseconds", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 388}: {Name: "dot1qDEI", Decoder: Boolean}, + Key{EnterpriseID: 0, FieldID: 389}: {Name: "dot1qCustomerDEI", Decoder: Boolean}, + Key{EnterpriseID: 0, FieldID: 390}: {Name: "flowSelectorAlgorithm", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 391}: {Name: "flowSelectedOctetDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 392}: {Name: "flowSelectedPacketDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 393}: {Name: "flowSelectedFlowDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 394}: {Name: "selectorIDTotalFlowsObserved", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 395}: {Name: "selectorIDTotalFlowsSelected", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 396}: {Name: "samplingFlowInterval", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 397}: {Name: "samplingFlowSpacing", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 398}: {Name: "flowSamplingTimeInterval", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 399}: {Name: "flowSamplingTimeSpacing", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 400}: {Name: "hashFlowDomain", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 401}: {Name: "transportOctetDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 402}: {Name: "transportPacketDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 403}: {Name: "originalExporterIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 0, FieldID: 404}: {Name: "originalExporterIPv6Address", Decoder: Ipv6Address}, + Key{EnterpriseID: 0, FieldID: 405}: {Name: "originalObservationDomainId", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 406}: {Name: "intermediateProcessId", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 407}: {Name: "ignoredDataRecordTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 408}: {Name: "dataLinkFrameType", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 409}: {Name: "sectionOffset", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 410}: {Name: "sectionExportedOctets", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 411}: {Name: "dot1qServiceInstanceTag", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 412}: {Name: "dot1qServiceInstanceId", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 413}: {Name: "dot1qServiceInstancePriority", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 414}: {Name: "dot1qCustomerSourceMacAddress", Decoder: MacAddress}, + Key{EnterpriseID: 0, FieldID: 415}: {Name: "dot1qCustomerDestinationMacAddress", Decoder: MacAddress}, + // Field 416: + Key{EnterpriseID: 0, FieldID: 417}: {Name: "postLayer2OctetDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 418}: {Name: "postMCastLayer2OctetDeltaCount", Decoder: Unsigned64}, + // Field 419: + Key{EnterpriseID: 0, FieldID: 420}: {Name: "postLayer2OctetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 421}: {Name: "postMCastLayer2OctetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 422}: {Name: "minimumLayer2TotalLength", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 423}: {Name: "maximumLayer2TotalLength", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 424}: {Name: "droppedLayer2OctetDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 425}: {Name: "droppedLayer2OctetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 426}: {Name: "ignoredLayer2OctetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 427}: {Name: "notSentLayer2OctetTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 428}: {Name: "layer2OctetDeltaSumOfSquares", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 429}: {Name: "layer2OctetTotalSumOfSquares", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 430}: {Name: "layer2FrameDeltaCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 431}: {Name: "layer2FrameTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 432}: {Name: "pseudoWireDestinationIPv4Address", Decoder: Ipv4Address}, + Key{EnterpriseID: 0, FieldID: 433}: {Name: "ignoredLayer2FrameTotalCount", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 434}: {Name: "mibObjectValueInteger", Decoder: Signed32}, + Key{EnterpriseID: 0, FieldID: 435}: {Name: "mibObjectValueOctetString", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 436}: {Name: "mibObjectValueOID", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 437}: {Name: "mibObjectValueBits", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 438}: {Name: "mibObjectValueIPAddress", Decoder: Ipv4Address}, + Key{EnterpriseID: 0, FieldID: 439}: {Name: "mibObjectValueCounter", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 440}: {Name: "mibObjectValueGauge", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 441}: {Name: "mibObjectValueTimeTicks", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 442}: {Name: "mibObjectValueUnsigned", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 443}: {Name: "mibObjectValueTable", Decoder: SubTemplateList}, + Key{EnterpriseID: 0, FieldID: 444}: {Name: "mibObjectValueRow", Decoder: SubTemplateList}, + Key{EnterpriseID: 0, FieldID: 445}: {Name: "mibObjectIdentifier", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 446}: {Name: "mibSubIdentifier", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 447}: {Name: "mibIndexIndicator", Decoder: Unsigned64}, + Key{EnterpriseID: 0, FieldID: 448}: {Name: "mibCaptureTimeSemantics", Decoder: Unsigned8}, + Key{EnterpriseID: 0, FieldID: 449}: {Name: "mibContextEngineID", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 450}: {Name: "mibContextName", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 451}: {Name: "mibObjectName", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 452}: {Name: "mibObjectDescription", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 453}: {Name: "mibObjectSyntax", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 454}: {Name: "mibModuleName", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 455}: {Name: "mobileIMSI", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 456}: {Name: "mobileMSISDN", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 457}: {Name: "httpStatusCode", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 458}: {Name: "sourceTransportPortsLimit", Decoder: Unsigned16}, + Key{EnterpriseID: 0, FieldID: 459}: {Name: "httpRequestMethod", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 460}: {Name: "httpRequestHost", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 461}: {Name: "httpRequestTarget", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 462}: {Name: "httpMessageVersion", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 463}: {Name: "natInstanceID", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 464}: {Name: "internalAddressRealm", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 465}: {Name: "externalAddressRealm", Decoder: OctetArray}, + Key{EnterpriseID: 0, FieldID: 466}: {Name: "natQuotaExceededEvent", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 467}: {Name: "natThresholdEvent", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 468}: {Name: "httpUserAgent", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 469}: {Name: "httpContentType", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 470}: {Name: "httpReasonPhrase", Decoder: String}, + Key{EnterpriseID: 0, FieldID: 471}: {Name: "maxSessionEntries", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 472}: {Name: "maxBIBEntries", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 473}: {Name: "maxEntriesPerUser", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 474}: {Name: "maxSubscribers", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 475}: {Name: "maxFragmentsPendingReassembly", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 476}: {Name: "addressPoolHighThreshold", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 477}: {Name: "addressPoolLowThreshold", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 478}: {Name: "addressPortMappingHighThreshold", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 479}: {Name: "addressPortMappingLowThreshold", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 480}: {Name: "addressPortMappingPerUserHighThreshold", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 481}: {Name: "globalAddressMappingHighThreshold", Decoder: Unsigned32}, + Key{EnterpriseID: 0, FieldID: 482}: {Name: "vpnIdentifier", Decoder: OctetArray}, + // Field 483-32767: Unassigned +} + +func init() { + if err := RegisterGlobalFields(IpfixFields); err != nil { + panic(err) + } +} diff --git a/filebeat/input/netflow/decoder/include.go b/filebeat/input/netflow/decoder/include.go new file mode 100644 index 00000000000..cb90760c5f3 --- /dev/null +++ b/filebeat/input/netflow/decoder/include.go @@ -0,0 +1,18 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package decoder + +// Include supported protocols so that they can be registered +// into the protocol registry. + +import ( + _ "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/ipfix" + _ "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/v1" + _ "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/v5" + _ "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/v6" + _ "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/v7" + _ "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/v8" + _ "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/v9" +) diff --git a/filebeat/input/netflow/decoder/ipfix/decoder.go b/filebeat/input/netflow/decoder/ipfix/decoder.go new file mode 100644 index 00000000000..d236d5f23c7 --- /dev/null +++ b/filebeat/input/netflow/decoder/ipfix/decoder.go @@ -0,0 +1,115 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package ipfix + +import ( + "bytes" + "encoding/binary" + "errors" + "fmt" + "io" + "math" + "time" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/fields" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/template" + v9 "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/v9" +) + +const ( + TemplateFlowSetID = 2 + TemplateOptionsSetID = 3 + EnterpriseBit uint16 = 0x8000 + SizeOfIPFIXHeader uint16 = 16 +) + +type DecoderIPFIX struct { + v9.DecoderV9 +} + +var _ v9.Decoder = (*DecoderIPFIX)(nil) + +func (_ DecoderIPFIX) ReadPacketHeader(buf *bytes.Buffer) (header v9.PacketHeader, newBuf *bytes.Buffer, countRecords int, err error) { + var data [SizeOfIPFIXHeader]byte + n, err := buf.Read(data[:]) + if n != len(data) || err != nil { + return header, buf, countRecords, io.EOF + } + header = v9.PacketHeader{ + Version: binary.BigEndian.Uint16(data[:2]), + Count: binary.BigEndian.Uint16(data[2:4]), + UnixSecs: time.Unix(int64(binary.BigEndian.Uint32(data[4:8])), 0).UTC(), + SequenceNo: binary.BigEndian.Uint32(data[8:12]), + SourceID: binary.BigEndian.Uint32(data[12:16]), + } + // In IPFIX, Count is length of packet + if header.Count < SizeOfIPFIXHeader { + return header, buf, countRecords, io.EOF + } + payloadLen := header.Count - SizeOfIPFIXHeader + payload := buf.Next(int(payloadLen)) + if len(payload) < int(payloadLen) { + return header, buf, countRecords, io.EOF + } + return header, bytes.NewBuffer(payload), math.MaxUint16, nil +} + +func (d DecoderIPFIX) ReadTemplateSet(setID uint16, buf *bytes.Buffer) ([]*template.Template, error) { + switch setID { + case TemplateFlowSetID: + return v9.ReadTemplateFlowSet(d, buf) + case TemplateOptionsSetID: + return d.ReadOptionsTemplateFlowSet(buf) + default: + return nil, fmt.Errorf("set id %d not supported", setID) + } +} + +func (d DecoderIPFIX) ReadFieldDefinition(buf *bytes.Buffer) (field fields.Key, length uint16, err error) { + var row [4]byte + if n, err := buf.Read(row[:]); err != nil || n != len(row) { + return field, length, io.EOF + } + field.FieldID = binary.BigEndian.Uint16(row[:2]) + length = binary.BigEndian.Uint16(row[2:]) + if field.FieldID&EnterpriseBit != 0 { + field.FieldID &= ^EnterpriseBit + if n, err := buf.Read(row[:]); err != nil || n != len(row) { + return field, length, io.EOF + } + field.EnterpriseID = binary.BigEndian.Uint32(row[:]) + } + return field, length, nil +} + +func (d DecoderIPFIX) ReadOptionsTemplateFlowSet(buf *bytes.Buffer) (templates []*template.Template, err error) { + var header [6]byte + for buf.Len() >= len(header) { + if n, err := buf.Read(header[:]); err != nil || n < len(header) { + if err == nil { + err = io.EOF + } + return nil, err + } + tID := binary.BigEndian.Uint16(header[:2]) + if tID < 256 { + return nil, errors.New("invalid template id") + } + totalCount := int(binary.BigEndian.Uint16(header[2:4])) + scopeCount := int(binary.BigEndian.Uint16(header[4:])) + if scopeCount > totalCount || scopeCount == 0 { + return nil, fmt.Errorf("wrong counts in options template flowset: scope=%d total=%d", scopeCount, totalCount) + } + template, err := v9.ReadFields(d, buf, totalCount) + if err != nil { + return nil, err + } + template.ID = tID + template.ScopeFields = scopeCount + template.IsOptions = true + templates = append(templates, &template) + } + return templates, nil +} diff --git a/filebeat/input/netflow/decoder/ipfix/decoder_test.go b/filebeat/input/netflow/decoder/ipfix/decoder_test.go new file mode 100644 index 00000000000..7617ef9f89b --- /dev/null +++ b/filebeat/input/netflow/decoder/ipfix/decoder_test.go @@ -0,0 +1,348 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package ipfix + +import ( + "bytes" + "errors" + "io" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/fields" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/template" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/test" + v9 "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/v9" +) + +func TestDecoderV9_ReadFieldDefinition(t *testing.T) { + decoder := DecoderIPFIX{} + for _, tc := range []struct { + title string + raw []byte + field fields.Key + length uint16 + err error + }{ + { + title: "valid field", + raw: []byte{ + 1, 2, 3, 4, + }, + field: fields.Key{FieldID: 0x0102}, + length: 0x0304, + }, + { + title: "short field", + raw: []byte{ + 1, 2, 3, + }, + err: io.EOF, + }, + { + title: "enterprise id", + raw: []byte{ + 0x80, 1, 0, 4, 0x11, 0x22, 0x33, 0x44, + }, + field: fields.Key{EnterpriseID: 0x11223344, FieldID: 1}, + length: 4, + }, + { + title: "max length", + raw: []byte{ + 0x12, 0x34, 0xff, 0xff, + }, + field: fields.Key{FieldID: 0x1234}, + length: 0xffff, + }, + } { + t.Run(tc.title, func(t *testing.T) { + field, length, err := decoder.ReadFieldDefinition(bytes.NewBuffer(tc.raw)) + assert.Equal(t, tc.err, err) + assert.Equal(t, tc.field, field) + assert.Equal(t, tc.length, length) + }) + } +} + +func TestDecoderV9_ReadFields(t *testing.T) { + decoder := DecoderIPFIX{} + for _, tc := range []struct { + title string + packet []uint16 + count int + expected template.Template + err error + }{ + { + title: "valid fields", + packet: []uint16{ + 1, 4, + 5, 1, + 14, 2, + }, + count: 3, + expected: template.Template{ + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + }, + Length: 7, + }, + }, + { + title: "length out of bounds", + packet: []uint16{ + 1, 4, + 5, 11, + 14, 2, + }, + count: 3, + expected: template.Template{ + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 11}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + }, + Length: 17, + }, + }, + { + title: "enterprise ID", + packet: []uint16{ + 1, 4, + 5, 1, + 0x8000 | 128, 4, + 0, 5951, + }, + count: 3, + expected: template.Template{ + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + {Length: 4, Info: &fields.Field{Name: "netscalerRoundTripTime", Decoder: fields.Unsigned32}}, + }, + Length: 9, + }, + }, + { + title: "EOF", + packet: []uint16{ + 1, 4, + 5, 1, + }, + count: 3, + err: io.EOF, + }, + } { + t.Run(tc.title, func(t *testing.T) { + raw := test.MakePacket(tc.packet) + record, err := v9.ReadFields(decoder, raw, tc.count) + assert.Equal(t, tc.err, err) + assert.Equal(t, tc.expected.Length, record.Length) + assert.Equal(t, tc.expected.VariableLength, record.VariableLength) + assert.Equal(t, tc.expected.ID, record.ID) + template.AssertFieldsEquals(t, tc.expected.Fields, record.Fields) + }) + } +} + +func TestReadOptionsTemplateFlowSet(t *testing.T) { + decoder := DecoderIPFIX{} + for _, tc := range []struct { + title string + packet []uint16 + expected []*template.Template + err error + }{ + { + title: "valid fields", + packet: []uint16{ + 999, 3, 1, + 1, 4, + 5, 1, + 14, 2, + 998, 1, 1, + 16, 4, + }, + expected: []*template.Template{ + { + ID: 999, + Length: 7, + ScopeFields: 1, + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + }, + }, + { + ID: 998, + Length: 4, + ScopeFields: 1, + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "bgpSourceAsNumber", Decoder: fields.Unsigned32}}, + }, + }, + }, + }, + { + title: "variable length", + packet: []uint16{ + 999, 3, 2, + 1, 0xFFFF, + 5, 1, + 14, 2, + 998, 1, 1, + 16, 4, + }, + expected: []*template.Template{ + { + ID: 999, + Length: 4, + VariableLength: true, + ScopeFields: 2, + Fields: []template.FieldTemplate{ + {Length: 0xFFFF, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + }, + }, + { + ID: 998, + Length: 4, + ScopeFields: 1, + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "bgpSourceAsNumber", Decoder: fields.Unsigned32}}, + }, + }, + }, + }, + { + title: "EOF", + packet: []uint16{ + 999, 44, 8, + 1, 4, + 5, 1, + 14, 2, + 1, 4, 0, + 16, 4, + }, + err: io.EOF, + }, + { + title: "bad length", + packet: []uint16{ + 999, 1, 3, + 1, 4, + 5, 1, + 14, 2, + 1111, 1, 1, + 16, 4, + 0, 0, 0, 0, 0, 0, 0, 0, + }, + err: errors.New("wrong counts in options template flowset: scope=3 total=1"), + }, + { + title: "invalid template ID", + packet: []uint16{ + 999, 3, 2, + 1, 4, + 5, 1, + 14, 2, + 1, 4, 2, + 16, 4, + 0, 0, 0, 0, 0, 0, 0, 0, + }, + err: errors.New("invalid template id"), + }, + } { + t.Run(tc.title, func(t *testing.T) { + raw := test.MakePacket(tc.packet) + templates, err := decoder.ReadOptionsTemplateFlowSet(raw) + assert.Equal(t, tc.err, err) + if assert.Len(t, templates, len(tc.expected)) { + for idx := range tc.expected { + template.AssertTemplateEquals(t, tc.expected[idx], templates[idx]) + } + } + }) + } +} + +func TestReadRecordTemplateFlowSet(t *testing.T) { + decoder := DecoderIPFIX{} + for _, tc := range []struct { + title string + packet []uint16 + expected []*template.Template + err error + }{ + { + title: "valid fields", + packet: []uint16{ + 999, 3, + 1, 4, + 5, 1, + 14, 2, + 998, 1, + 16, 4, + }, + expected: []*template.Template{ + { + ID: 999, + Length: 7, + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + }, + }, + { + ID: 998, + Length: 4, + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "bgpSourceAsNumber", Decoder: fields.Unsigned32}}, + }, + }, + }, + }, + { + title: "EOF", + packet: []uint16{ + 999, 44, + 1, 4, + 5, 1, + 14, 2, + 1, 4, + 16, 4, + }, + err: io.EOF, + }, + { + title: "bad ID", + packet: []uint16{ + 99, 6, + 1, 4, + 5, 1, + 14, 2, + }, + err: errors.New("invalid template id"), + }, + } { + t.Run(tc.title, func(t *testing.T) { + raw := test.MakePacket(tc.packet) + templates, err := v9.ReadTemplateFlowSet(decoder, raw) + assert.Equal(t, tc.err, err) + if assert.Len(t, templates, len(tc.expected)) { + for idx := range tc.expected { + template.AssertTemplateEquals(t, tc.expected[idx], templates[idx]) + } + } + }) + } +} diff --git a/filebeat/input/netflow/decoder/ipfix/ipfix.go b/filebeat/input/netflow/decoder/ipfix/ipfix.go new file mode 100644 index 00000000000..b8799c2d391 --- /dev/null +++ b/filebeat/input/netflow/decoder/ipfix/ipfix.go @@ -0,0 +1,44 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package ipfix + +import ( + "log" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/config" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/protocol" + v9 "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/v9" +) + +const ( + ProtocolName = "ipfix" + ProtocolID uint16 = 10 + LogPrefix = "[ipfix] " +) + +type IPFixProtocol struct { + v9.NetflowV9Protocol +} + +var _ protocol.Protocol = (*IPFixProtocol)(nil) + +func init() { + protocol.Registry.Register(ProtocolName, New) +} + +func New(config config.Config) protocol.Protocol { + logger := log.New(config.LogOutput(), LogPrefix, 0) + decoder := DecoderIPFIX{ + DecoderV9: v9.DecoderV9{Logger: logger, Fields: config.Fields()}, + } + proto := &IPFixProtocol{ + NetflowV9Protocol: *v9.NewProtocolWithDecoder(decoder, config, logger), + } + return proto +} + +func (*IPFixProtocol) Version() uint16 { + return ProtocolID +} diff --git a/filebeat/input/netflow/decoder/ipfix/ipfix_test.go b/filebeat/input/netflow/decoder/ipfix/ipfix_test.go new file mode 100644 index 00000000000..7453b131608 --- /dev/null +++ b/filebeat/input/netflow/decoder/ipfix/ipfix_test.go @@ -0,0 +1,235 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package ipfix + +import ( + "bytes" + "encoding/hex" + "testing" + "time" + + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/config" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/fields" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/record" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/test" + v9 "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/v9" +) + +func TestMessageWithOptions(t *testing.T) { + rawString := "" + + "000a01e45bf435e1000000a500000000000200480400001000080004000c0004" + + "0001000400020004000a0004000e000400070002000b00020004000100060001" + + "003c00010005000100200002003a000200160004001500040002004808000010" + + "001b0010001c00100001000400020004000a0004000e000400070002000b0002" + + "0004000100060001003c000100050001008b0002003a00020016000400150004" + + "0003001e010000050001008f000400a000080130000201310002013200040100" + + "00180000e9160000016731f277e100010001000000630400010ed83acd35d5da" + + "354b0000002e0000000100000000000000000fb9005006100400000000006a53" + + "cb3c6a53cb3c6f4de601d5da354b000000300000000100000000000000008022" + + "005006180400000000006a53cb3c6a53cb3cd69bae4fd5da354b000000340000" + + "000100000000000000007a51005006180400000000006a53cb3c6a53cb3cb9ae" + + "3002d5da354b00000034000000010000000000000000e1e50050061804000000" + + "00006a53cb3c6a53cb3cd83acd56d5da354b0000002e00000001000000000000" + + "0000d317005006100400000000006a53cb3c6a53cb3cdbbb956bd5da354b0000" + + "003c000000010000000000000000b235005006180400000000006a53cb3c6a53" + + "cb3c0000" + raw, err := hex.DecodeString(rawString) + assert.NoError(t, err) + + captureTimeMillis, err := time.Parse(time.RFC3339, "2018-11-20T16:27:13.249Z") + if !assert.NoError(t, err) { + t.Fatal(err) + } + captureTime := time.Unix(captureTimeMillis.Unix(), 0).UTC() + expected := record.Record{ + Type: record.Options, + Timestamp: captureTime, + Fields: record.Map{ + "scope": record.Map{ + "meteringProcessId": uint64(59670), + }, + "options": record.Map{ + "samplingPacketInterval": uint64(1), + "samplingPacketSpace": uint64(99), + "selectorAlgorithm": uint64(1), + "systemInitTimeMilliseconds": captureTimeMillis, + }, + }, + Exporter: record.Map{ + "address": "127.0.0.1:1234", + "sourceId": uint64(0), + "timestamp": captureTime, + "uptimeMillis": uint64(0), + "version": uint64(10), + }, + } + proto := New(config.Defaults()) + flows, err := proto.OnPacket(bytes.NewBuffer(raw), test.MakeAddress(t, "127.0.0.1:1234")) + assert.NoError(t, err) + if assert.Len(t, flows, 7) { + assert.Equal(t, record.Options, flows[0].Type) + test.AssertRecordsEqual(t, expected, flows[0]) + for i := 1; i < len(flows); i++ { + assert.Equal(t, record.Flow, flows[i].Type) + } + } +} + +func TestOptionTemplates(t *testing.T) { + addr := test.MakeAddress(t, "127.0.0.1:12345") + key := v9.MakeSessionKey(addr, 1234) + + t.Run("Single options template", func(t *testing.T) { + proto := New(config.Defaults()) + flows, err := proto.OnPacket(test.MakePacket([]uint16{ + // Header + // Version, Length, Ts, SeqNo, Source + 10, 40, 11, 11, 22, 22, 0, 1234, + // Set #1 (options template) + 3, 24, /*len of set*/ + 999, 3 /*total field count */, 1, /*scope field count*/ + 1, 4, // Fields + 2, 4, + 3, 4, + 0, // Padding + }), addr) + assert.NoError(t, err) + assert.Empty(t, flows) + + ipfix, ok := proto.(*IPFixProtocol) + assert.True(t, ok) + v9proto := &ipfix.NetflowV9Protocol + assert.Len(t, v9proto.Session.Sessions, 1) + s, found := v9proto.Session.Sessions[key] + assert.True(t, found) + assert.Len(t, s.Templates, 1) + opt := s.GetTemplate(999) + assert.NotNil(t, opt) + assert.Equal(t, 1, opt.ScopeFields) + }) + + t.Run("Multiple options template", func(t *testing.T) { + proto := New(config.Defaults()) + raw := test.MakePacket([]uint16{ + // Header + // Version, Count, Ts, SeqNo, Source + 10, 66, 11, 11, 22, 22, 0, 1234, + // Set #1 (options template) + 3, 22 + 26, /*len of set*/ + 999, 3 /*total field count*/, 2, /*scope field count*/ + 1, 4, // Fields + 2, 4, + 3, 4, + 998, 5, 3, + 1, 4, + 2, 2, + 3, 3, + 4, 1, + 5, 1, + 0, + }) + flows, err := proto.OnPacket(raw, addr) + assert.NoError(t, err) + assert.Empty(t, flows) + + ipfix, ok := proto.(*IPFixProtocol) + v9proto := &ipfix.NetflowV9Protocol + assert.True(t, ok) + assert.Len(t, v9proto.Session.Sessions, 1) + s, found := v9proto.Session.Sessions[key] + assert.True(t, found) + assert.Len(t, s.Templates, 2) + for _, id := range []uint16{998, 999} { + opt := s.GetTemplate(id) + assert.NotNil(t, opt) + assert.True(t, opt.ScopeFields > 0) + } + }) + + t.Run("records discarded", func(t *testing.T) { + proto := New(config.Defaults()) + raw := test.MakePacket([]uint16{ + // Header + // Version, Count, Ts, SeqNo, Source + 10, 24, 11, 11, 22, 22, 0, 1234, + // Set #1 (options template) + 9998, 8, /*len of set*/ + 1, 2, + }) + flows, err := proto.OnPacket(raw, addr) + assert.NoError(t, err) + assert.Empty(t, flows) + + ipfix, ok := proto.(*IPFixProtocol) + assert.True(t, ok) + v9proto := &ipfix.NetflowV9Protocol + + assert.Len(t, v9proto.Session.Sessions, 1) + s, found := v9proto.Session.Sessions[key] + assert.True(t, found) + assert.Len(t, s.Templates, 0) + + raw = test.MakePacket([]uint16{ + // Header + // Version, Count, Ts, SeqNo, Source + 10, 30, 11, 11, 22, 22, 0, 1234, + // Set #1 (options template) + 3, 14, /*len of set*/ + 9998, 1, 1, + 3, 4, + }) + flows, err = proto.OnPacket(raw, addr) + assert.NoError(t, err) + assert.Empty(t, flows) + assert.Len(t, v9proto.Session.Sessions, 1) + assert.Len(t, s.Templates, 1) + }) +} + +func TestCustomFields(t *testing.T) { + addr := test.MakeAddress(t, "127.0.0.1:12345") + + conf := config.Defaults() + conf.WithCustomFields(fields.FieldDict{ + fields.Key{EnterpriseID: 0x12345678, FieldID: 33}: &fields.Field{Name: "customField", Decoder: fields.String}, + }) + assert.Contains(t, conf.Fields(), fields.Key{EnterpriseID: 0x12345678, FieldID: 33}) + proto := New(conf) + flows, err := proto.OnPacket(test.MakePacket([]uint16{ + // Header + // Version, Length, Ts, SeqNo, Source + 10, 42, 11, 11, 22, 22, 0, 1234, + // Set #1 (record template) + 2, 26, /*len of set*/ + 999, 3, + 1, 4, // Field 1 + 2, 4, // Field 2 + // Field 3 + 0x8000 | 33, 6, + 0x1234, 0x5678, // enterprise ID + 0, // Padding + }), addr) + assert.NoError(t, err) + assert.Empty(t, flows) + + flows, err = proto.OnPacket(test.MakePacket([]uint16{ + // Header + // Version, Length, Ts, SeqNo, Source + 10, 34, 11, 11, 22, 22, 0, 1234, + // Set (data record) + 999, 18, /*len of 999 record */ + 0x0102, 0x0304, // field 1 + 0x0506, 0x0708, // field 2 + // Field 3 + 0x5465, 0x7374, + 0x4d65, + }), addr) + assert.NoError(t, err) + assert.Len(t, flows, 1) + assert.Contains(t, flows[0].Fields, "customField") + assert.Equal(t, flows[0].Fields["customField"], "TestMe") +} diff --git a/filebeat/input/netflow/decoder/protocol/protocol.go b/filebeat/input/netflow/decoder/protocol/protocol.go new file mode 100644 index 00000000000..3ae756eb140 --- /dev/null +++ b/filebeat/input/netflow/decoder/protocol/protocol.go @@ -0,0 +1,34 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package protocol + +import ( + "bytes" + "net" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/record" +) + +// Protocol is the interface that NetFlow protocol parsers must conform to. +type Protocol interface { + + // Version returns the NetFlow version that this protocol implements. + // The version number in packet headers is compared with this value to + // select the appropriate protocol parser. + Version() uint16 + + // OnPacket is the main callback to decode network packets. It receives + // the packet payload and the network source (address of the exporter) + // and extracts any records contained in the packet. + OnPacket(buf *bytes.Buffer, source net.Addr) ([]record.Record, error) + + // Start initializes the Protocol. This is necessary so that background + // routines (i.e. to expire sessions) are required. + Start() error + + // Stop stops any running goroutines and frees any other resources that + // the protocol parser might be using. + Stop() error +} diff --git a/filebeat/input/netflow/decoder/protocol/registry.go b/filebeat/input/netflow/decoder/protocol/registry.go new file mode 100644 index 00000000000..56d40f6dac7 --- /dev/null +++ b/filebeat/input/netflow/decoder/protocol/registry.go @@ -0,0 +1,52 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package protocol + +import ( + "fmt" + "strings" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/config" +) + +// Registry is the global instance of the ProtocolRegistry. Protocol handlers +// must register themselves in this registry to be discoverable. +var Registry ProtocolRegistry = make(map[string]ProtocolFactory) + +// ProtocolFactory is the type for a factory method that creates instances +// of a protocol. +type ProtocolFactory func(config config.Config) Protocol + +// ProtocolRegistry allows protocols to be registered and be discovered by +// their protocol name. +type ProtocolRegistry map[string]ProtocolFactory + +// Register registers a new protocol into the registry. +func (r ProtocolRegistry) Register(name string, factory ProtocolFactory) error { + name = strings.ToLower(name) + if _, exists := r[name]; exists { + return fmt.Errorf("protocol '%s' already registered", name) + } + r[name] = factory + return nil +} + +// Get returns a ProtocolFactory for a registered protocol. +func (r ProtocolRegistry) Get(name string) (ProtocolFactory, error) { + name = strings.ToLower(name) + if generator, found := r[name]; found { + return generator, nil + } + return nil, fmt.Errorf("protocol named '%s' not found", name) +} + +// All returns a list of the registered protocol names. +func (r ProtocolRegistry) All() (names []string) { + names = make([]string, 0, len(r)) + for proto := range r { + names = append(names, proto) + } + return names +} diff --git a/filebeat/input/netflow/decoder/protocol/registry_test.go b/filebeat/input/netflow/decoder/protocol/registry_test.go new file mode 100644 index 00000000000..b78fe875486 --- /dev/null +++ b/filebeat/input/netflow/decoder/protocol/registry_test.go @@ -0,0 +1,104 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package protocol + +import ( + "bytes" + "net" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/config" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/record" +) + +type testProto int + +func (testProto) Version() uint16 { + return 42 +} + +func (testProto) OnPacket(*bytes.Buffer, net.Addr) ([]record.Record, error) { + return nil, nil +} + +func (testProto) Start() error { + return nil +} + +func (testProto) Stop() error { + return nil +} + +func testFactory(value int) ProtocolFactory { + return func(_ config.Config) Protocol { + return testProto(value) + } +} + +func TestRegistry_Register(t *testing.T) { + t.Run("valid protocol", func(t *testing.T) { + registry := ProtocolRegistry{} + err := registry.Register("my_proto", testFactory(0)) + assert.NoError(t, err) + }) + t.Run("duplicate protocol", func(t *testing.T) { + registry := ProtocolRegistry{} + err := registry.Register("my_proto", testFactory(0)) + assert.NoError(t, err) + err = registry.Register("my_proto", testFactory(1)) + assert.Error(t, err) + }) +} + +func TestRegistry_Get(t *testing.T) { + t.Run("valid protocol", func(t *testing.T) { + registry := ProtocolRegistry{} + err := registry.Register("my_proto", testFactory(0)) + assert.NoError(t, err) + gen, err := registry.Get("my_proto") + assert.NoError(t, err) + assert.Equal(t, testProto(0), gen(config.Defaults())) + }) + t.Run("two protocols", func(t *testing.T) { + registry := ProtocolRegistry{} + err := registry.Register("my_proto", testFactory(1)) + assert.NoError(t, err) + err = registry.Register("other_proto", testFactory(2)) + assert.NoError(t, err) + gen, err := registry.Get("my_proto") + assert.NoError(t, err) + assert.Equal(t, testProto(1), gen(config.Defaults())) + gen, err = registry.Get("other_proto") + assert.NoError(t, err) + assert.Equal(t, testProto(2), gen(config.Defaults())) + }) + t.Run("not registered", func(t *testing.T) { + registry := ProtocolRegistry{} + _, err := registry.Get("my_proto") + assert.Error(t, err) + }) +} + +func TestRegistry_All(t *testing.T) { + protos := map[string]int{ + "proto1": 1, + "proto2": 2, + "proto3": 2, + } + registry := ProtocolRegistry{} + for key, value := range protos { + if err := registry.Register(key, testFactory(value)); err != nil { + t.Fatal(err) + } + } + names := registry.All() + assert.Len(t, names, len(protos)) + for _, name := range names { + _, found := protos[name] + assert.True(t, found) + } +} diff --git a/filebeat/input/netflow/decoder/record/record.go b/filebeat/input/netflow/decoder/record/record.go new file mode 100644 index 00000000000..b18f637cef2 --- /dev/null +++ b/filebeat/input/netflow/decoder/record/record.go @@ -0,0 +1,103 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package record + +import ( + "time" +) + +// Type is an enumeration type used to distinguish between the different +// types of records. +type Type uint8 + +const ( + // Flow enumeration value identifies exported flows. + Flow Type = iota + + // Options enumeration value identifies exported options records, as defined + // in NetFlowV9 and IPFIX. + Options +) + +// Map type is a regular map with string keys and interface{} values. The valid +// types for Map entries in a record are: +// +// +---------+----------------------------------------+ +// | uint64 | unsigned integer fields. | +// +---------+----------------------------------------+ +// | int64 | signed integer fields. | +// +---------+----------------------------------------+ +// | float64 | floating-point fields. | +// +---------+----------------------------------------+ +// | bool | boolean fields. | +// +---------+----------------------------------------+ +// |[]byte | octetArray (raw) fields. | +// +---------+----------------------------------------+ +// | string | string fields. | +// +---------+----------------------------------------+ +// |time.Time| timestamp fields. | +// +---------+----------------------------------------+ +// | net.IP | IPv4 and IPv6 address fields. | +// +---------+----------------------------------------+ +// | Map | nested fields found in option records. | +// +---------+----------------------------------------+ +type Map map[string]interface{} + +// Record represents a NetFlow record extracted from a NetFlow packet. +type Record struct { + // Time of export for this record. This timestamp is obtained from + // the NetFlow header so its accuracy depends on the Exporter's clock. + Timestamp time.Time + + // Fields included in this record. For static NetFlow protocols + // (versions 1 to 8), these fields are the V9/IPFIX equivalent of + // the original fields. + // For NetFlow 9 and IPFIX flow records, this is a map of the fields included + // in each flow. + // For NetFlow 9 and IPFIX options records, this map contains two submaps, + // one for scope and one for options. + Fields Map + + // Exporter contains metadata from the exporter process and NetFlow session. + // Valid keys are: + // + // +--------------+-----------+------------------------------------------------------------------+ + // | version | uint16 | The NetFlow version used to transport the record | + // +--------------+-----------+------------------------------------------------------------------+ + // | timestamp | time.Time | Publishing time at the exporter process. | + // +--------------+-----------+------------------------------------------------------------------+ + // | uptimeMillis | uint64 | Time in milliseconds that the exporter process has been running. | + // +--------------+-----------+------------------------------------------------------------------+ + // | address | string | Network address of the exporter process, in : format. | + // +--------------+-----------+------------------------------------------------------------------+ + // + // NetFlow 5 only: + // +------------------+-----------+------------------------------------------------------------+ + // | samplingInterval | uint64 | Aggregation method being used (See AggType for details). | + // +------------------+-----------+------------------------------------------------------------+ + // + // NetFlow 5, 6, 8 only: + // +--------------+-----------+------------------------------------------------------------------+ + // | engineType | uint64 | Type of flow-switching engine. | + // +--------------+-----------+------------------------------------------------------------------+ + // | engineId | uint64 | ID number of the flow switching engine. | + // +--------------+-----------+------------------------------------------------------------------+ + // + // NetFlow 8 only: + // +--------------------+-----------+------------------------------------------------------------+ + // | aggregation | uint64 | Aggregation method being used (See AggType for details). | + // +--------------------+-----------+------------------------------------------------------------+ + // | aggregationVersion | uint64 | Version of the aggregation export. | + // +--------------------+-----------+------------------------------------------------------------+ + // + // NetFlow 9 & IPFIX only: + // +--------------+-----------+------------------------------------------------------------------+ + // | sourceId | uint64 | Exporter observation domain ID. | + // +--------------+-----------+------------------------------------------------------------------+ + Exporter Map + + // Type is the type of this record, either Flow or Options. + Type Type +} diff --git a/filebeat/input/netflow/decoder/template/template.go b/filebeat/input/netflow/decoder/template/template.go new file mode 100644 index 00000000000..8709ca8766e --- /dev/null +++ b/filebeat/input/netflow/decoder/template/template.go @@ -0,0 +1,135 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package template + +import ( + "bytes" + "encoding/binary" + "errors" + "io" + "math" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/fields" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/record" +) + +const ( + VariableLength uint16 = 0xffff +) + +var ( + ErrEmptyTemplate = errors.New("empty template") +) + +type Template struct { + ID uint16 + Fields []FieldTemplate + Length int + VariableLength bool + ScopeFields int + // IsOptions signals that this is an options template. Previously + // ScopeFields>0 was used for this, but that's unreliable under v9. + IsOptions bool +} + +type FieldTemplate struct { + Length uint16 + Info *fields.Field +} + +func PopulateFieldMap(dest record.Map, fields []FieldTemplate, variableLength bool, buffer *bytes.Buffer) error { + for _, field := range fields { + length := field.Length + if variableLength && length == VariableLength { + tmp := buffer.Next(1) + if len(tmp) != 1 { + return io.EOF + } + length = uint16(tmp[0]) + if length == 255 { + tmp = buffer.Next(2) + if len(tmp) != 2 { + return io.EOF + } + length = binary.BigEndian.Uint16(tmp) + } + } + raw := buffer.Next(int(length)) + if len(raw) != int(length) { + return io.EOF + } + if fieldInfo := field.Info; fieldInfo != nil { + value, err := fieldInfo.Decoder.Decode(raw) + if err != nil { + continue + } + dest[fieldInfo.Name] = value + } + } + return nil +} + +func (t *Template) Apply(data *bytes.Buffer, n int) ([]record.Record, error) { + if t.Length == 0 { + return nil, ErrEmptyTemplate + } + if n == 0 { + n = data.Len() / t.Length + } + limit, alloc := n, n + if t.VariableLength { + limit = math.MaxInt16 + alloc = n + if alloc > 16 { + alloc = 16 + } + } + makeFn := t.makeFlow + if t.IsOptions { + makeFn = t.makeOptions + } + events := make([]record.Record, 0, alloc) + for i := 0; i < limit; i++ { + event, err := makeFn(data) + if err != nil { + if err == io.EOF && t.VariableLength { + break + } + return events, err + } + events = append(events, event) + } + return events, nil +} + +func (t *Template) makeFlow(data *bytes.Buffer) (ev record.Record, err error) { + ev = record.Record{ + Type: record.Flow, + Fields: record.Map{}, + } + if err = PopulateFieldMap(ev.Fields, t.Fields, t.VariableLength, data); err != nil { + return ev, err + } + return ev, nil +} + +func (t *Template) makeOptions(data *bytes.Buffer) (ev record.Record, err error) { + scope := record.Map{} + options := record.Map{} + ev = record.Record{ + Type: record.Options, + Fields: record.Map{ + "scope": scope, + "options": options, + }, + } + if err = PopulateFieldMap(scope, t.Fields[:t.ScopeFields], t.VariableLength, data); err != nil { + return ev, err + } + if err = PopulateFieldMap(options, t.Fields[t.ScopeFields:], t.VariableLength, data); err != nil { + return ev, err + } + return ev, nil +} diff --git a/filebeat/input/netflow/decoder/template/template_test.go b/filebeat/input/netflow/decoder/template/template_test.go new file mode 100644 index 00000000000..8dc1c69f60d --- /dev/null +++ b/filebeat/input/netflow/decoder/template/template_test.go @@ -0,0 +1,645 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package template + +import ( + "bytes" + "errors" + "net" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/fields" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/record" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/test" +) + +func TestTemplate_Apply(t *testing.T) { + longField := make([]byte, 0x0456) + for i := range longField { + longField[i] = byte(i) + } + for _, tc := range []struct { + title string + record Template + data []byte + count int + expected []record.Record + err error + }{ + { + title: "empty template", + err: errors.New("empty template"), + }, + { + title: "single record guess length and pad", + record: Template{ + Length: 7, + Fields: []FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 2, Info: &fields.Field{Name: "destinationTransportPort", Decoder: fields.Unsigned16}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + }, + }, + data: []byte{ + 10, 1, 2, 3, 0x12, 0x34, 59, 0, + }, + count: 0, + expected: []record.Record{ + { + Type: record.Flow, + Fields: record.Map{ + "sourceIPv4Address": net.ParseIP("10.1.2.3").To4(), + "destinationTransportPort": uint64(0x1234), + "ipClassOfService": uint64(59), + }, + }, + }, + }, + { + title: "two records guess length", + record: Template{ + Length: 7, + Fields: []FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 2, Info: &fields.Field{Name: "destinationTransportPort", Decoder: fields.Unsigned16}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + }, + }, + data: []byte{ + 10, 1, 2, 3, 0x12, 0x34, 59, + 127, 0, 0, 1, 0, 80, 12, + }, + count: 0, + expected: []record.Record{ + { + Type: record.Flow, + Fields: record.Map{ + "sourceIPv4Address": net.ParseIP("10.1.2.3").To4(), + "destinationTransportPort": uint64(0x1234), + "ipClassOfService": uint64(59), + }, + }, + { + Type: record.Flow, + Fields: record.Map{ + "sourceIPv4Address": net.ParseIP("127.0.0.1").To4(), + "destinationTransportPort": uint64(80), + "ipClassOfService": uint64(12), + }, + }, + }, + }, + { + title: "single record with count", + record: Template{ + Length: 7, + Fields: []FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 2, Info: &fields.Field{Name: "destinationTransportPort", Decoder: fields.Unsigned16}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + }, + }, + data: []byte{ + 10, 1, 2, 3, 0x12, 0x34, 59, 0, + }, + count: 1, + expected: []record.Record{ + { + Type: record.Flow, + Fields: record.Map{ + "sourceIPv4Address": net.ParseIP("10.1.2.3").To4(), + "destinationTransportPort": uint64(0x1234), + "ipClassOfService": uint64(59), + }, + }, + }, + }, + { + title: "single record with count excess", + record: Template{ + Length: 7, + Fields: []FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 2, Info: &fields.Field{Name: "destinationTransportPort", Decoder: fields.Unsigned16}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + }, + }, + data: []byte{ + 10, 1, 2, 3, 0x12, 0x34, 59, + 127, 0, 0, 1, 0, 80, 12, + }, + count: 1, + expected: []record.Record{ + { + Type: record.Flow, + Fields: record.Map{ + "sourceIPv4Address": net.ParseIP("10.1.2.3").To4(), + "destinationTransportPort": uint64(0x1234), + "ipClassOfService": uint64(59), + }, + }, + }, + }, + { + title: "two records with count", + record: Template{ + Length: 7, + Fields: []FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 2, Info: &fields.Field{Name: "destinationTransportPort", Decoder: fields.Unsigned16}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + }, + }, + data: []byte{ + 10, 1, 2, 3, 0x12, 0x34, 59, + 127, 0, 0, 1, 0, 80, 12, + }, + count: 2, + expected: []record.Record{ + { + Type: record.Flow, + Fields: record.Map{ + "sourceIPv4Address": net.ParseIP("10.1.2.3").To4(), + "destinationTransportPort": uint64(0x1234), + "ipClassOfService": uint64(59), + }, + }, + { + Type: record.Flow, + Fields: record.Map{ + "sourceIPv4Address": net.ParseIP("127.0.0.1").To4(), + "destinationTransportPort": uint64(80), + "ipClassOfService": uint64(12), + }, + }, + }, + }, + { + title: "single record variable length guess count", + record: Template{ + Length: 6, + VariableLength: true, + Fields: []FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: VariableLength, Info: &fields.Field{Name: "vpnIdentifier", Decoder: fields.OctetArray}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + }, + }, + data: []byte{ + 10, 1, 2, 3, + 5, 1, 2, 3, 4, 5, + 93, + }, + count: 0, + expected: []record.Record{ + { + Type: record.Flow, + Fields: record.Map{ + "sourceIPv4Address": net.ParseIP("10.1.2.3").To4(), + "vpnIdentifier": []byte{1, 2, 3, 4, 5}, + "ipClassOfService": uint64(93), + }, + }, + }, + }, + { + title: "multiple record variable length guess count", + record: Template{ + Length: 6, + VariableLength: true, + Fields: []FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: VariableLength, Info: &fields.Field{Name: "vpnIdentifier", Decoder: fields.OctetArray}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + }, + }, + data: []byte{ + 10, 1, 2, 3, + 5, 1, 2, 3, 4, 5, + 93, + 10, 1, 2, 3, + 2, 123, 234, + 93, + }, + count: 0, + expected: []record.Record{ + { + Type: record.Flow, + Fields: record.Map{ + "sourceIPv4Address": net.ParseIP("10.1.2.3").To4(), + "vpnIdentifier": []byte{1, 2, 3, 4, 5}, + "ipClassOfService": uint64(93), + }, + }, + { + Type: record.Flow, + Fields: record.Map{ + "sourceIPv4Address": net.ParseIP("10.1.2.3").To4(), + "vpnIdentifier": []byte{123, 234}, + "ipClassOfService": uint64(93), + }, + }, + }, + }, + { + title: "long variable length", + record: Template{ + Length: 6, + VariableLength: true, + Fields: []FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: VariableLength, Info: &fields.Field{Name: "vpnIdentifier", Decoder: fields.OctetArray}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + }, + }, + data: append([]byte{10, 1, 2, 3, 0xFF, 0x04, 0x56}, + append(append([]byte{}, longField...), 93, 10, 1, 2, 3, 2, 123, 234, 93)...), + count: 2, + expected: []record.Record{ + { + Type: record.Flow, + Fields: record.Map{ + "sourceIPv4Address": net.ParseIP("10.1.2.3").To4(), + "vpnIdentifier": longField, + "ipClassOfService": uint64(93), + }, + }, + { + Type: record.Flow, + Fields: record.Map{ + "sourceIPv4Address": net.ParseIP("10.1.2.3").To4(), + "vpnIdentifier": []byte{123, 234}, + "ipClassOfService": uint64(93), + }, + }, + }, + }, + } { + t.Run(tc.title, func(t *testing.T) { + actual, err := tc.record.Apply(bytes.NewBuffer(tc.data), tc.count) + assert.Equal(t, tc.err, err) + if assert.Len(t, actual, len(tc.expected)) { + for i, record := range actual { + test.AssertRecordsEqual(t, tc.expected[i], record) + } + } + }) + } +} + +func TestOptionsTemplate_Apply(t *testing.T) { + longField := make([]byte, 0x0456) + for i := range longField { + longField[i] = byte(i) + } + for _, tc := range []struct { + title string + record Template + data []byte + count int + expected []record.Record + err error + }{ + { + title: "empty template", + err: errors.New("empty template"), + }, + { + title: "single record guess length and pad", + record: Template{ + Length: 7, + ScopeFields: 1, + IsOptions: true, + Fields: []FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 2, Info: &fields.Field{Name: "destinationTransportPort", Decoder: fields.Unsigned16}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + }, + }, + data: []byte{ + 10, 1, 2, 3, 0x12, 0x34, 59, 0, + }, + count: 0, + expected: []record.Record{ + { + Type: record.Options, + Fields: record.Map{ + "scope": record.Map{ + "sourceIPv4Address": net.ParseIP("10.1.2.3").To4(), + }, + "options": record.Map{ + "destinationTransportPort": uint64(0x1234), + "ipClassOfService": uint64(59), + }, + }, + }, + }, + }, + { + title: "two records guess length", + record: Template{ + Length: 7, + ScopeFields: 2, + IsOptions: true, + Fields: []FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 2, Info: &fields.Field{Name: "destinationTransportPort", Decoder: fields.Unsigned16}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + }, + }, + data: []byte{ + 10, 1, 2, 3, 0x12, 0x34, 59, + 127, 0, 0, 1, 0, 80, 12, + }, + count: 0, + expected: []record.Record{ + { + Type: record.Options, + Fields: record.Map{ + "scope": record.Map{ + "sourceIPv4Address": net.ParseIP("10.1.2.3").To4(), + "destinationTransportPort": uint64(0x1234), + }, + "options": record.Map{ + "ipClassOfService": uint64(59), + }, + }, + }, + { + Type: record.Options, + Fields: record.Map{ + "scope": record.Map{ + "sourceIPv4Address": net.ParseIP("127.0.0.1").To4(), + "destinationTransportPort": uint64(80), + }, + "options": record.Map{ + "ipClassOfService": uint64(12), + }, + }, + }, + }, + }, + { + title: "single record with count", + record: Template{ + Length: 7, + ScopeFields: 3, + IsOptions: true, + Fields: []FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 2, Info: &fields.Field{Name: "destinationTransportPort", Decoder: fields.Unsigned16}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + }, + }, + data: []byte{ + 10, 1, 2, 3, 0x12, 0x34, 59, 0, + }, + count: 1, + expected: []record.Record{ + { + Type: record.Options, + Fields: record.Map{ + "scope": record.Map{ + "sourceIPv4Address": net.ParseIP("10.1.2.3").To4(), + "destinationTransportPort": uint64(0x1234), + "ipClassOfService": uint64(59), + }, + "options": record.Map{}, + }, + }, + }, + }, + { + title: "single record with count excess", + record: Template{ + Length: 7, + ScopeFields: 1, + IsOptions: true, + Fields: []FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 2, Info: &fields.Field{Name: "destinationTransportPort", Decoder: fields.Unsigned16}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + }, + }, + data: []byte{ + 10, 1, 2, 3, 0x12, 0x34, 59, + 127, 0, 0, 1, 0, 80, 12, + }, + count: 1, + expected: []record.Record{ + { + Type: record.Options, + Fields: record.Map{ + "scope": record.Map{ + "sourceIPv4Address": net.ParseIP("10.1.2.3").To4(), + }, + "options": record.Map{ + "destinationTransportPort": uint64(0x1234), + "ipClassOfService": uint64(59), + }, + }, + }, + }, + }, + { + title: "two records with count", + record: Template{ + Length: 7, + ScopeFields: 2, + IsOptions: true, + Fields: []FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 2, Info: &fields.Field{Name: "destinationTransportPort", Decoder: fields.Unsigned16}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + }, + }, + data: []byte{ + 10, 1, 2, 3, 0x12, 0x34, 59, + 127, 0, 0, 1, 0, 80, 12, + }, + count: 2, + expected: []record.Record{ + { + Type: record.Options, + Fields: record.Map{ + "scope": record.Map{ + "sourceIPv4Address": net.ParseIP("10.1.2.3").To4(), + "destinationTransportPort": uint64(0x1234), + }, + "options": record.Map{ + "ipClassOfService": uint64(59), + }, + }, + }, + { + Type: record.Options, + Fields: record.Map{ + "scope": record.Map{ + "sourceIPv4Address": net.ParseIP("127.0.0.1").To4(), + "destinationTransportPort": uint64(80), + }, + "options": record.Map{ + "ipClassOfService": uint64(12), + }, + }, + }, + }, + }, + { + title: "single record variable length guess count", + record: Template{ + Length: 6, + ScopeFields: 1, + IsOptions: true, + VariableLength: true, + Fields: []FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: VariableLength, Info: &fields.Field{Name: "vpnIdentifier", Decoder: fields.OctetArray}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + }, + }, + data: []byte{ + 10, 1, 2, 3, + 5, 1, 2, 3, 4, 5, + 93, + }, + count: 0, + expected: []record.Record{ + { + Type: record.Options, + Fields: record.Map{ + "scope": record.Map{ + "sourceIPv4Address": net.ParseIP("10.1.2.3").To4(), + }, + "options": record.Map{ + "vpnIdentifier": []byte{1, 2, 3, 4, 5}, + "ipClassOfService": uint64(93), + }, + }, + }, + }, + }, + { + title: "multiple record variable length guess count", + record: Template{ + Length: 6, + ScopeFields: 1, + IsOptions: true, + VariableLength: true, + Fields: []FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: VariableLength, Info: &fields.Field{Name: "vpnIdentifier", Decoder: fields.OctetArray}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + }, + }, + data: []byte{ + 10, 1, 2, 3, + 5, 1, 2, 3, 4, 5, + 93, + 10, 1, 2, 3, + 2, 123, 234, + 93, + }, + count: 0, + expected: []record.Record{ + { + Type: record.Options, + Fields: record.Map{ + "scope": record.Map{ + "sourceIPv4Address": net.ParseIP("10.1.2.3").To4(), + }, + "options": record.Map{ + "vpnIdentifier": []byte{1, 2, 3, 4, 5}, + "ipClassOfService": uint64(93), + }, + }, + }, + { + Type: record.Options, + Fields: record.Map{ + "scope": record.Map{ + "sourceIPv4Address": net.ParseIP("10.1.2.3").To4(), + }, + "options": record.Map{ + "vpnIdentifier": []byte{123, 234}, + "ipClassOfService": uint64(93), + }, + }, + }, + }, + }, + { + title: "long variable length", + record: Template{ + Length: 6, + VariableLength: true, + ScopeFields: 2, + IsOptions: true, + Fields: []FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: VariableLength, Info: &fields.Field{Name: "vpnIdentifier", Decoder: fields.OctetArray}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + }, + }, + data: append([]byte{10, 1, 2, 3, 0xFF, 0x04, 0x56}, + append(append([]byte{}, longField...), 93, 10, 1, 2, 3, 2, 123, 234, 93)...), + count: 2, + expected: []record.Record{ + { + Type: record.Options, + Fields: record.Map{ + "scope": record.Map{ + "sourceIPv4Address": net.ParseIP("10.1.2.3").To4(), + "vpnIdentifier": longField, + }, + "options": record.Map{ + "ipClassOfService": uint64(93), + }, + }, + }, + { + Type: record.Options, + Fields: record.Map{ + "scope": record.Map{ + "sourceIPv4Address": net.ParseIP("10.1.2.3").To4(), + "vpnIdentifier": []byte{123, 234}, + }, + "options": record.Map{ + "ipClassOfService": uint64(93), + }, + }, + }, + }, + }, + } { + t.Run(tc.title, func(t *testing.T) { + actual, err := tc.record.Apply(bytes.NewBuffer(tc.data), tc.count) + assert.Equal(t, tc.err, err) + if assert.Len(t, actual, len(tc.expected)) { + for i, record := range actual { + test.AssertRecordsEqual(t, tc.expected[i], record) + } + } + }) + } +} + +func TestTemplateEquals(t *testing.T) { + a := Template{ + ID: 1234, + Fields: []FieldTemplate{ + {Length: VariableLength, Info: &fields.Field{Name: "wlanSSID", Decoder: fields.String}}, + {Length: 16, Info: &fields.Field{Name: "collectorIPv6Address", Decoder: fields.Ipv6Address}}, + }, + Length: 17, + VariableLength: true, + ScopeFields: 0, + } + assert.True(t, ValidateTemplate(t, &a)) + b := a + assert.True(t, AssertTemplateEquals(t, &a, &b)) +} diff --git a/filebeat/input/netflow/decoder/template/test_helpers.go b/filebeat/input/netflow/decoder/template/test_helpers.go new file mode 100644 index 00000000000..9045108c449 --- /dev/null +++ b/filebeat/input/netflow/decoder/template/test_helpers.go @@ -0,0 +1,83 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package template + +import ( + "fmt" + "sync" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/fields" +) + +var ( + decoderByName = map[string]fields.Decoder{} + once sync.Once +) + +func buildDecoderByNameMap() { + for _, value := range fields.GlobalFields { + decoderByName[value.Name] = value.Decoder + } +} + +func ValidateTemplate(t testing.TB, template *Template) bool { + once.Do(buildDecoderByNameMap) + + sum := 0 + seen := make(map[string]bool) + for idx, field := range template.Fields { + isVariable := template.VariableLength && field.Length == VariableLength + if !isVariable { + sum += int(field.Length) + } else { + sum += 1 + } + if field.Info != nil { + msg := fmt.Sprintf("field[%d]: \"%s\"", idx, field.Info.Name) + if !assert.NotNil(t, field.Info.Decoder, msg) || !isVariable && (!assert.True(t, field.Info.Decoder.MinLength() <= field.Length, msg) || + !assert.True(t, field.Info.Decoder.MaxLength() >= field.Length, msg)) { + return false + } + if !assert.False(t, seen[field.Info.Name], msg) { + return false + } + seen[field.Info.Name] = true + knownDecoder, found := decoderByName[field.Info.Name] + if !assert.True(t, found, msg) || + !assert.Equal(t, knownDecoder, field.Info.Decoder, msg) { + return false + } + } + } + return assert.Equal(t, template.Length, sum) && + assert.Equal(t, 0, template.ScopeFields) +} + +func AssertFieldsEquals(t testing.TB, expected []FieldTemplate, actual []FieldTemplate) (succeeded bool) { + if succeeded = assert.Len(t, actual, len(expected)); succeeded { + for idx := range expected { + succeeded = assert.Equal(t, expected[idx].Length, actual[idx].Length, string(idx)) && succeeded + succeeded = assert.Equal(t, expected[idx].Info, actual[idx].Info, string(idx)) && succeeded + } + } + return +} + +func AssertTemplateEquals(t testing.TB, expected *Template, actual *Template) bool { + if expected == nil && actual == nil { + return true + } + if !assert.True(t, (expected == nil) == (actual == nil)) { + return false + } + assert.Equal(t, expected.VariableLength, actual.VariableLength) + assert.Equal(t, expected.Length, actual.Length) + assert.Equal(t, expected.ScopeFields, actual.ScopeFields) + assert.Equal(t, actual.ID, actual.ID) + return AssertFieldsEquals(t, actual.Fields, actual.Fields) +} diff --git a/filebeat/input/netflow/decoder/test/helper.go b/filebeat/input/netflow/decoder/test/helper.go new file mode 100644 index 00000000000..f62d03fa87a --- /dev/null +++ b/filebeat/input/netflow/decoder/test/helper.go @@ -0,0 +1,86 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package test + +import ( + "bytes" + "encoding/binary" + "net" + "strconv" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/record" +) + +type TestLogWriter struct { + testing.TB +} + +func (t TestLogWriter) Write(buf []byte) (int, error) { + t.Log(string(buf)) + return len(buf), nil +} + +func MakeAddress(t testing.TB, ipPortPair string) net.Addr { + ip, portS, err := net.SplitHostPort(ipPortPair) + if err != nil { + t.Fatal(err) + return nil + } + port, err := strconv.Atoi(portS) + if err != nil { + t.Fatal(err) + return nil + } + return &net.UDPAddr{ + IP: net.ParseIP(ip), + Port: port, + } +} + +func MakePacket(data []uint16) *bytes.Buffer { + r := make([]byte, len(data)*2) + for idx, val := range data { + binary.BigEndian.PutUint16(r[idx*2:(idx+1)*2], val) + } + return bytes.NewBuffer(r) +} + +func AssertMapEqual(t testing.TB, expected record.Map, actual record.Map) bool { + for key, expectedValue := range expected { + value, found := actual[key] + if !assert.True(t, found, key) { + return false + } + if !assert.Equal(t, expectedValue, value, key) { + return false + } + } + for key := range actual { + _, found := expected[key] + if !assert.True(t, found, key) { + return false + } + } + return true +} + +func AssertRecordsEqual(t testing.TB, expected record.Record, actual record.Record) bool { + if !assert.Equal(t, expected.Type, actual.Type) { + return false + } + if !assert.Equal(t, expected.Timestamp, actual.Timestamp) { + return false + } + if !AssertMapEqual(t, expected.Fields, actual.Fields) { + return false + } + if !AssertMapEqual(t, expected.Exporter, actual.Exporter) { + return false + } + return true +} diff --git a/filebeat/input/netflow/decoder/v1/v1.go b/filebeat/input/netflow/decoder/v1/v1.go new file mode 100644 index 00000000000..8d9008c9393 --- /dev/null +++ b/filebeat/input/netflow/decoder/v1/v1.go @@ -0,0 +1,143 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package v1 + +import ( + "bytes" + "encoding/binary" + "io" + "log" + "net" + "time" + + "github.com/pkg/errors" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/config" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/fields" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/protocol" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/record" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/template" +) + +const ( + ProtocolName = "v1" + LogPrefix = "[netflow-v1] " + ProtocolID uint16 = 1 +) + +var templateV1 = template.Template{ + ID: 0, + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 4, Info: &fields.Field{Name: "destinationIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 4, Info: &fields.Field{Name: "ipNextHopIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 2, Info: &fields.Field{Name: "ingressInterface", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "packetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "flowStartSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "flowEndSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "sourceTransportPort", Decoder: fields.Unsigned16}}, + {Length: 2, Info: &fields.Field{Name: "destinationTransportPort", Decoder: fields.Unsigned16}}, + {Length: 2}, // Padding + {Length: 1, Info: &fields.Field{Name: "protocolIdentifier", Decoder: fields.Unsigned8}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + {Length: 1, Info: &fields.Field{Name: "tcpControlBits", Decoder: fields.Unsigned16}}, + {Length: 7}, // Padding + }, + Length: 48, +} + +type ReadHeaderFn func(*bytes.Buffer, net.Addr) (int, time.Time, record.Map, error) + +type NetflowProtocol struct { + logger *log.Logger + flowTemplate *template.Template + version uint16 + readHeader ReadHeaderFn +} + +func init() { + protocol.Registry.Register(ProtocolName, New) +} + +func New(config config.Config) protocol.Protocol { + return NewProtocol(ProtocolID, &templateV1, readV1Header, log.New(config.LogOutput(), LogPrefix, 0)) +} + +func NewProtocol(version uint16, template *template.Template, readHeader ReadHeaderFn, logger *log.Logger) protocol.Protocol { + return &NetflowProtocol{ + logger: logger, + flowTemplate: template, + version: version, + readHeader: readHeader, + } +} + +func (p *NetflowProtocol) Version() uint16 { + return p.version +} + +func (NetflowProtocol) Start() error { + return nil +} + +func (NetflowProtocol) Stop() error { + return nil +} + +func (p *NetflowProtocol) OnPacket(buf *bytes.Buffer, source net.Addr) (flows []record.Record, err error) { + numFlows, timestamp, metadata, err := p.readHeader(buf, source) + if err != nil { + p.logger.Printf("Failed parsing packet: %v", err) + return nil, errors.Wrap(err, "error reading netflow header") + } + flows, err = p.flowTemplate.Apply(buf, numFlows) + if err != nil { + return nil, errors.Wrap(err, "error parsing flows") + } + for i := range flows { + flows[i].Exporter = metadata + flows[i].Timestamp = timestamp + } + return flows, nil +} + +type PacketHeader struct { + Version uint16 + Count uint16 + SysUptime uint32 // 32 bit milliseconds + Timestamp time.Time // 32 bit seconds + 32 bit nanoseconds +} + +func ReadPacketHeader(buf *bytes.Buffer) (header PacketHeader, err error) { + var arr [16]byte + if n, err := buf.Read(arr[:]); err != nil || n != len(arr) { + return header, io.EOF + } + timestamp := binary.BigEndian.Uint64(arr[8:16]) + header = PacketHeader{ + Version: binary.BigEndian.Uint16(arr[:2]), + Count: binary.BigEndian.Uint16(arr[2:4]), + SysUptime: binary.BigEndian.Uint32(arr[4:8]), + Timestamp: time.Unix(int64(timestamp>>32), int64(timestamp&(1<<32-1))).UTC(), + } + return header, nil +} + +func readV1Header(buf *bytes.Buffer, source net.Addr) (count int, ts time.Time, metadata record.Map, err error) { + header, err := ReadPacketHeader(buf) + if err != nil { + return count, ts, metadata, err + } + count = int(header.Count) + metadata = record.Map{ + "version": uint64(header.Version), + "timestamp": header.Timestamp, + "uptimeMillis": uint64(header.SysUptime), + "address": source.String(), + } + return count, header.Timestamp, metadata, nil +} diff --git a/filebeat/input/netflow/decoder/v1/v1_test.go b/filebeat/input/netflow/decoder/v1/v1_test.go new file mode 100644 index 00000000000..8887298c06d --- /dev/null +++ b/filebeat/input/netflow/decoder/v1/v1_test.go @@ -0,0 +1,122 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package v1 + +import ( + "bytes" + "encoding/hex" + "net" + "testing" + "time" + + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/config" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/record" + template2 "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/template" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/test" +) + +func TestNetflowProtocol_New(t *testing.T) { + proto := New(config.Defaults()) + + assert.Nil(t, proto.Start()) + assert.Equal(t, uint16(1), proto.Version()) + assert.Nil(t, proto.Stop()) +} + +func TestNetflowProtocol_OnPacket(t *testing.T) { + proto := New(config.Defaults()) + + rawS := "00010002000000015bf689f605946fb0" + + "acd910e5c0a8017b00000000000000000000000e00002cfa" + + "fff609a0fff6109601bbd711000006001800000000000000" + + "c0a8017bacd910e500000000000000000000000700000c5b" + + "fff609a0fff61096d71101bb000006001800000000000000" + + captureTime, err := time.Parse(time.RFC3339Nano, "2018-11-22T10:50:30.093614Z") + captureTime = captureTime.UTC() + if !assert.NoError(t, err) { + t.Fatal(err) + } + expected := []record.Record{ + { + Type: record.Flow, + Timestamp: captureTime, + Fields: record.Map{ + "destinationIPv4Address": net.ParseIP("192.168.1.123").To4(), + "destinationTransportPort": uint64(55057), + "egressInterface": uint64(0), + "flowEndSysUpTime": uint64(4294316182), + "flowStartSysUpTime": uint64(4294314400), + "ingressInterface": uint64(0), + "ipClassOfService": uint64(0), + "ipNextHopIPv4Address": net.ParseIP("0.0.0.0").To4(), + "octetDeltaCount": uint64(11514), + "packetDeltaCount": uint64(14), + "protocolIdentifier": uint64(6), + "sourceIPv4Address": net.ParseIP("172.217.16.229").To4(), + "sourceTransportPort": uint64(443), + "tcpControlBits": uint64(24), + }, + Exporter: record.Map{ + "address": "127.0.0.1:59707", + "timestamp": captureTime, + "uptimeMillis": uint64(1), + "version": uint64(1), + }, + }, { + Type: record.Flow, + Timestamp: captureTime, + Fields: record.Map{ + "destinationIPv4Address": net.ParseIP("172.217.16.229").To4(), + "destinationTransportPort": uint64(443), + "egressInterface": uint64(0), + "flowEndSysUpTime": uint64(4294316182), + "flowStartSysUpTime": uint64(4294314400), + "ingressInterface": uint64(0), + "ipClassOfService": uint64(0), + "ipNextHopIPv4Address": net.ParseIP("0.0.0.0").To4(), + "octetDeltaCount": uint64(3163), + "packetDeltaCount": uint64(7), + "protocolIdentifier": uint64(6), + "sourceIPv4Address": net.ParseIP("192.168.1.123").To4(), + "sourceTransportPort": uint64(55057), + "tcpControlBits": uint64(24), + }, + Exporter: record.Map{ + "address": "127.0.0.1:59707", + "timestamp": captureTime, + "uptimeMillis": uint64(1), + "version": uint64(1), + }, + }, + } + raw, err := hex.DecodeString(rawS) + if !assert.NoError(t, err) { + t.Fatal(err) + } + flows, err := proto.OnPacket(bytes.NewBuffer(raw), test.MakeAddress(t, "127.0.0.1:59707")) + assert.NoError(t, err) + assert.Len(t, flows, len(expected)) + assert.Equal(t, expected, flows) +} + +func TestNetflowProtocol_BadPacket(t *testing.T) { + proto := New(config.Defaults()) + + rawS := "00010002000000015bf689f605" + raw, err := hex.DecodeString(rawS) + if !assert.NoError(t, err) { + t.Fatal(err) + } + flows, err := proto.OnPacket(bytes.NewBuffer(raw), test.MakeAddress(t, "127.0.0.1:59707")) + assert.Error(t, err) + assert.Len(t, flows, 0) +} + +func TestTemplate(t *testing.T) { + template2.ValidateTemplate(t, &templateV1) +} diff --git a/filebeat/input/netflow/decoder/v5/v5.go b/filebeat/input/netflow/decoder/v5/v5.go new file mode 100644 index 00000000000..74d4adbb70e --- /dev/null +++ b/filebeat/input/netflow/decoder/v5/v5.go @@ -0,0 +1,110 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package v5 + +import ( + "bytes" + "encoding/binary" + "io" + "log" + "net" + "time" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/config" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/fields" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/protocol" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/record" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/template" + v1 "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/v1" +) + +const ( + ProtocolName = "v5" + ProtocolID uint16 = 5 + LogPrefix = "[netflow-v5] " +) + +var templateV5 = template.Template{ + ID: 0, + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 4, Info: &fields.Field{Name: "destinationIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 4, Info: &fields.Field{Name: "ipNextHopIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 2, Info: &fields.Field{Name: "ingressInterface", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "packetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "flowStartSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "flowEndSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "sourceTransportPort", Decoder: fields.Unsigned16}}, + {Length: 2, Info: &fields.Field{Name: "destinationTransportPort", Decoder: fields.Unsigned16}}, + {Length: 1}, // Padding + {Length: 1, Info: &fields.Field{Name: "tcpControlBits", Decoder: fields.Unsigned16}}, + {Length: 1, Info: &fields.Field{Name: "protocolIdentifier", Decoder: fields.Unsigned8}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + {Length: 2, Info: &fields.Field{Name: "bgpSourceAsNumber", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "bgpDestinationAsNumber", Decoder: fields.Unsigned32}}, + {Length: 1, Info: &fields.Field{Name: "sourceIPv4PrefixLength", Decoder: fields.Unsigned8}}, + {Length: 1, Info: &fields.Field{Name: "destinationIPv4PrefixLength", Decoder: fields.Unsigned8}}, + {Length: 2}, // Padding + }, + Length: 48, +} + +func init() { + protocol.Registry.Register(ProtocolName, New) +} + +func New(config config.Config) protocol.Protocol { + return v1.NewProtocol(ProtocolID, &templateV5, ReadV5Header, log.New(config.LogOutput(), LogPrefix, 0)) +} + +type PacketHeader struct { + Version uint16 + Count uint16 + SysUptime uint32 // 32 bit milliseconds + Timestamp time.Time // 32 bit seconds + 32 bit nanoseconds + FlowSequence uint32 + EngineType uint8 + EngineID uint8 + SamplingInterval uint16 +} + +func ReadPacketHeader(buf *bytes.Buffer) (header PacketHeader, err error) { + var arr [24]byte + if n, err := buf.Read(arr[:]); err != nil || n != len(arr) { + return header, io.EOF + } + timestamp := binary.BigEndian.Uint64(arr[8:16]) + header = PacketHeader{ + Version: binary.BigEndian.Uint16(arr[:2]), + Count: binary.BigEndian.Uint16(arr[2:4]), + SysUptime: binary.BigEndian.Uint32(arr[4:8]), + Timestamp: time.Unix(int64(timestamp>>32), int64(timestamp&(1<<32-1))).UTC(), + FlowSequence: binary.BigEndian.Uint32(arr[16:20]), + EngineType: arr[20], + EngineID: arr[21], + SamplingInterval: binary.BigEndian.Uint16(arr[22:]), + } + return header, nil +} + +func ReadV5Header(buf *bytes.Buffer, source net.Addr) (count int, ts time.Time, metadata record.Map, err error) { + header, err := ReadPacketHeader(buf) + if err != nil { + return count, ts, metadata, err + } + count = int(header.Count) + metadata = record.Map{ + "version": uint64(header.Version), + "timestamp": header.Timestamp, + "uptimeMillis": uint64(header.SysUptime), + "address": source.String(), + "engineType": uint64(header.EngineType), + "engineId": uint64(header.EngineID), + "samplingInterval": uint64(header.SamplingInterval), + } + return count, header.Timestamp, metadata, nil +} diff --git a/filebeat/input/netflow/decoder/v5/v5_test.go b/filebeat/input/netflow/decoder/v5/v5_test.go new file mode 100644 index 00000000000..9494d482f6d --- /dev/null +++ b/filebeat/input/netflow/decoder/v5/v5_test.go @@ -0,0 +1,136 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package v5 + +import ( + "bytes" + "encoding/hex" + "net" + "testing" + "time" + + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/config" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/record" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/template" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/test" +) + +func TestNetflowProtocol_New(t *testing.T) { + proto := New(config.Defaults()) + + assert.Nil(t, proto.Start()) + assert.Equal(t, uint16(5), proto.Version()) + assert.Nil(t, proto.Stop()) +} + +func TestNetflowProtocol_OnPacket(t *testing.T) { + proto := New(config.Defaults()) + + rawS := "00050002000000015bf68d8b35fcb9780000000000000000" + + "acd910e5c0a8017b00000000000000000000000e00002cfa" + + "ffe8086cffe80f6201bbd711001806000000000000000000" + + "c0a8017bacd910e500000000000000000000000700000c5b" + + "ffe8086cffe80f62d71101bb001806000000000000000000" + + captureTime, err := time.Parse(time.RFC3339Nano, "2018-11-22T11:05:47.905755Z") + captureTime = captureTime.UTC() + if !assert.NoError(t, err) { + t.Fatal(err) + } + expected := []record.Record{ + { + Type: record.Flow, + Timestamp: captureTime, + Fields: record.Map{ + "bgpDestinationAsNumber": uint64(0), + "bgpSourceAsNumber": uint64(0), + "destinationIPv4Address": net.ParseIP("192.168.1.123").To4(), + "destinationIPv4PrefixLength": uint64(0), + "destinationTransportPort": uint64(55057), + "egressInterface": uint64(0), + "flowEndSysUpTime": uint64(4293398370), + "flowStartSysUpTime": uint64(4293396588), + "ingressInterface": uint64(0), + "ipClassOfService": uint64(0), + "ipNextHopIPv4Address": net.ParseIP("0.0.0.0").To4(), + "octetDeltaCount": uint64(11514), + "packetDeltaCount": uint64(14), + "protocolIdentifier": uint64(6), + "sourceIPv4Address": net.ParseIP("172.217.16.229").To4(), + "sourceIPv4PrefixLength": uint64(0), + "sourceTransportPort": uint64(443), + "tcpControlBits": uint64(24), + }, + Exporter: record.Map{ + "address": "127.0.0.1:59707", + "engineId": uint64(0), + "engineType": uint64(0), + "samplingInterval": uint64(0), + "timestamp": captureTime, + "uptimeMillis": uint64(1), + "version": uint64(5), + }, + }, { + Type: record.Flow, + Timestamp: captureTime, + Fields: record.Map{ + "bgpDestinationAsNumber": uint64(0), + "bgpSourceAsNumber": uint64(0), + "destinationIPv4Address": net.ParseIP("172.217.16.229").To4(), + "destinationIPv4PrefixLength": uint64(0), + "destinationTransportPort": uint64(443), + "egressInterface": uint64(0), + "flowEndSysUpTime": uint64(4293398370), + "flowStartSysUpTime": uint64(4293396588), + "ingressInterface": uint64(0), + "ipClassOfService": uint64(0), + "ipNextHopIPv4Address": net.ParseIP("0.0.0.0").To4(), + "octetDeltaCount": uint64(3163), + "packetDeltaCount": uint64(7), + "protocolIdentifier": uint64(6), + "sourceIPv4Address": net.ParseIP("192.168.1.123").To4(), + "sourceIPv4PrefixLength": uint64(0), + "sourceTransportPort": uint64(55057), + "tcpControlBits": uint64(24), + }, + Exporter: record.Map{ + "address": "127.0.0.1:59707", + "engineId": uint64(0), + "engineType": uint64(0), + "samplingInterval": uint64(0), + "timestamp": captureTime, + "uptimeMillis": uint64(1), + "version": uint64(5), + }, + }, + } + raw, err := hex.DecodeString(rawS) + if !assert.NoError(t, err) { + t.Fatal(err) + } + flows, err := proto.OnPacket(bytes.NewBuffer(raw), test.MakeAddress(t, "127.0.0.1:59707")) + assert.NoError(t, err) + assert.Len(t, flows, len(expected)) + assert.Equal(t, expected, flows) +} + +func TestNetflowProtocol_BadPacket(t *testing.T) { + proto := New(config.Defaults()) + + rawS := "00050002000000015bf689f605" + raw, err := hex.DecodeString(rawS) + if !assert.NoError(t, err) { + t.Fatal(err) + } + flows, err := proto.OnPacket(bytes.NewBuffer(raw), test.MakeAddress(t, "127.0.0.1:59707")) + assert.Error(t, err) + assert.Len(t, flows, 0) +} + +func TestTemplate(t *testing.T) { + template.ValidateTemplate(t, &templateV5) +} diff --git a/filebeat/input/netflow/decoder/v6/v6.go b/filebeat/input/netflow/decoder/v6/v6.go new file mode 100644 index 00000000000..a5d1bc339e9 --- /dev/null +++ b/filebeat/input/netflow/decoder/v6/v6.go @@ -0,0 +1,57 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package v6 + +import ( + "log" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/config" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/fields" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/protocol" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/template" + v1 "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/v1" + v5 "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/v5" +) + +const ( + ProtocolName = "v6" + ProtocolID uint16 = 6 + LogPrefix = "[netflow-v6] " +) + +var templateV6 = template.Template{ + ID: 0, + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 4, Info: &fields.Field{Name: "destinationIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 4, Info: &fields.Field{Name: "ipNextHopIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 2, Info: &fields.Field{Name: "ingressInterface", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "packetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "flowStartSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "flowEndSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "sourceTransportPort", Decoder: fields.Unsigned16}}, + {Length: 2, Info: &fields.Field{Name: "destinationTransportPort", Decoder: fields.Unsigned16}}, + {Length: 1}, // Padding + {Length: 1, Info: &fields.Field{Name: "tcpControlBits", Decoder: fields.Unsigned16}}, + {Length: 1, Info: &fields.Field{Name: "protocolIdentifier", Decoder: fields.Unsigned8}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + {Length: 2, Info: &fields.Field{Name: "bgpSourceAsNumber", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "bgpDestinationAsNumber", Decoder: fields.Unsigned32}}, + {Length: 1, Info: &fields.Field{Name: "sourceIPv4PrefixLength", Decoder: fields.Unsigned8}}, + {Length: 1, Info: &fields.Field{Name: "destinationIPv4PrefixLength", Decoder: fields.Unsigned8}}, + {Length: 6}, // Padding + }, + Length: 52, +} + +func init() { + protocol.Registry.Register(ProtocolName, New) +} + +func New(config config.Config) protocol.Protocol { + return v1.NewProtocol(ProtocolID, &templateV6, v5.ReadV5Header, log.New(config.LogOutput(), LogPrefix, 0)) +} diff --git a/filebeat/input/netflow/decoder/v6/v6_test.go b/filebeat/input/netflow/decoder/v6/v6_test.go new file mode 100644 index 00000000000..af46896289e --- /dev/null +++ b/filebeat/input/netflow/decoder/v6/v6_test.go @@ -0,0 +1,138 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package v6 + +import ( + "bytes" + "encoding/hex" + "net" + "testing" + "time" + + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/config" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/record" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/template" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/test" +) + +func TestNetflowProtocol_New(t *testing.T) { + proto := New(config.Defaults()) + + assert.Nil(t, proto.Start()) + assert.Equal(t, uint16(6), proto.Version()) + assert.Nil(t, proto.Stop()) +} + +func TestNetflowProtocol_OnPacket(t *testing.T) { + proto := New(config.Defaults()) + + rawS := "00060002000000015bf68d8b35fcb9780000000000000000" + + "acd910e5c0a8017b00000000000000000000000e00002cfa" + + "ffe8086cffe80f6201bbd711001806000000000000000000" + + "00000000" + // extra padding, only difference with v5 + "c0a8017bacd910e500000000000000000000000700000c5b" + + "ffe8086cffe80f62d71101bb001806000000000000000000" + + "00000000" // extra padding, only difference with v5 + + captureTime, err := time.Parse(time.RFC3339Nano, "2018-11-22T11:05:47.905755Z") + captureTime = captureTime.UTC() + if !assert.NoError(t, err) { + t.Fatal(err) + } + expected := []record.Record{ + { + Type: record.Flow, + Timestamp: captureTime, + Fields: record.Map{ + "bgpDestinationAsNumber": uint64(0), + "bgpSourceAsNumber": uint64(0), + "destinationIPv4Address": net.ParseIP("192.168.1.123").To4(), + "destinationIPv4PrefixLength": uint64(0), + "destinationTransportPort": uint64(55057), + "egressInterface": uint64(0), + "flowEndSysUpTime": uint64(4293398370), + "flowStartSysUpTime": uint64(4293396588), + "ingressInterface": uint64(0), + "ipClassOfService": uint64(0), + "ipNextHopIPv4Address": net.ParseIP("0.0.0.0").To4(), + "octetDeltaCount": uint64(11514), + "packetDeltaCount": uint64(14), + "protocolIdentifier": uint64(6), + "sourceIPv4Address": net.ParseIP("172.217.16.229").To4(), + "sourceIPv4PrefixLength": uint64(0), + "sourceTransportPort": uint64(443), + "tcpControlBits": uint64(24), + }, + Exporter: record.Map{ + "address": "127.0.0.1:59707", + "engineId": uint64(0), + "engineType": uint64(0), + "samplingInterval": uint64(0), + "timestamp": captureTime, + "uptimeMillis": uint64(1), + "version": uint64(6), + }, + }, { + Type: record.Flow, + Timestamp: captureTime, + Fields: record.Map{ + "bgpDestinationAsNumber": uint64(0), + "bgpSourceAsNumber": uint64(0), + "destinationIPv4Address": net.ParseIP("172.217.16.229").To4(), + "destinationIPv4PrefixLength": uint64(0), + "destinationTransportPort": uint64(443), + "egressInterface": uint64(0), + "flowEndSysUpTime": uint64(4293398370), + "flowStartSysUpTime": uint64(4293396588), + "ingressInterface": uint64(0), + "ipClassOfService": uint64(0), + "ipNextHopIPv4Address": net.ParseIP("0.0.0.0").To4(), + "octetDeltaCount": uint64(3163), + "packetDeltaCount": uint64(7), + "protocolIdentifier": uint64(6), + "sourceIPv4Address": net.ParseIP("192.168.1.123").To4(), + "sourceIPv4PrefixLength": uint64(0), + "sourceTransportPort": uint64(55057), + "tcpControlBits": uint64(24), + }, + Exporter: record.Map{ + "address": "127.0.0.1:59707", + "engineId": uint64(0), + "engineType": uint64(0), + "samplingInterval": uint64(0), + "timestamp": captureTime, + "uptimeMillis": uint64(1), + "version": uint64(6), + }, + }, + } + raw, err := hex.DecodeString(rawS) + if !assert.NoError(t, err) { + t.Fatal(err) + } + flows, err := proto.OnPacket(bytes.NewBuffer(raw), test.MakeAddress(t, "127.0.0.1:59707")) + assert.NoError(t, err) + assert.Len(t, flows, len(expected)) + assert.Equal(t, expected, flows) +} + +func TestNetflowProtocol_BadPacket(t *testing.T) { + proto := New(config.Defaults()) + + rawS := "00060002000000015bf689f605" + raw, err := hex.DecodeString(rawS) + if !assert.NoError(t, err) { + t.Fatal(err) + } + flows, err := proto.OnPacket(bytes.NewBuffer(raw), test.MakeAddress(t, "127.0.0.1:59707")) + assert.Error(t, err) + assert.Len(t, flows, 0) +} + +func TestTemplate(t *testing.T) { + template.ValidateTemplate(t, &templateV6) +} diff --git a/filebeat/input/netflow/decoder/v7/v7.go b/filebeat/input/netflow/decoder/v7/v7.go new file mode 100644 index 00000000000..62cbdc56a06 --- /dev/null +++ b/filebeat/input/netflow/decoder/v7/v7.go @@ -0,0 +1,103 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package v7 + +import ( + "bytes" + "encoding/binary" + "io" + "log" + "net" + "time" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/config" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/fields" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/protocol" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/record" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/template" + v1 "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/v1" +) + +const ( + ProtocolName = "v7" + ProtocolID uint16 = 7 + LogPrefix = "[netflow-v7] " +) + +var v7template = template.Template{ + ID: 0, + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 4, Info: &fields.Field{Name: "destinationIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 4, Info: &fields.Field{Name: "ipNextHopIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 2, Info: &fields.Field{Name: "ingressInterface", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "packetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "flowStartSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "flowEndSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "sourceTransportPort", Decoder: fields.Unsigned16}}, + {Length: 2, Info: &fields.Field{Name: "destinationTransportPort", Decoder: fields.Unsigned16}}, + {Length: 1}, // Padding + {Length: 1, Info: &fields.Field{Name: "tcpControlBits", Decoder: fields.Unsigned16}}, + {Length: 1, Info: &fields.Field{Name: "protocolIdentifier", Decoder: fields.Unsigned8}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + {Length: 2, Info: &fields.Field{Name: "bgpSourceAsNumber", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "bgpDestinationAsNumber", Decoder: fields.Unsigned32}}, + {Length: 1, Info: &fields.Field{Name: "sourceIPv4PrefixLength", Decoder: fields.Unsigned8}}, + {Length: 1, Info: &fields.Field{Name: "destinationIPv4PrefixLength", Decoder: fields.Unsigned8}}, + {Length: 2, Info: &fields.Field{Name: "flagsAndSamplerId", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "ipv4RouterSc", Decoder: fields.Ipv4Address}}, + }, + Length: 52, +} + +func init() { + protocol.Registry.Register(ProtocolName, New) +} + +func New(config config.Config) protocol.Protocol { + return v1.NewProtocol(ProtocolID, &v7template, ReadV7Header, log.New(config.LogOutput(), LogPrefix, 0)) +} + +type PacketHeader struct { + Version uint16 + Count uint16 + SysUptime uint32 // 32 bit milliseconds + Timestamp time.Time // 32 bit seconds + 32 bit nanoseconds + FlowSequence uint32 + Reserved uint32 +} + +func ReadPacketHeader(buf *bytes.Buffer) (header PacketHeader, err error) { + var arr [24]byte + if n, err := buf.Read(arr[:]); err != nil || n != len(arr) { + return header, io.EOF + } + timestamp := binary.BigEndian.Uint64(arr[8:16]) + header = PacketHeader{ + Version: binary.BigEndian.Uint16(arr[:2]), + Count: binary.BigEndian.Uint16(arr[2:4]), + SysUptime: binary.BigEndian.Uint32(arr[4:8]), + Timestamp: time.Unix(int64(timestamp>>32), int64(timestamp&(1<<32-1))).UTC(), + FlowSequence: binary.BigEndian.Uint32(arr[16:20]), + } + return header, nil +} + +func ReadV7Header(buf *bytes.Buffer, source net.Addr) (count int, ts time.Time, metadata record.Map, err error) { + header, err := ReadPacketHeader(buf) + if err != nil { + return count, ts, metadata, err + } + count = int(header.Count) + metadata = record.Map{ + "version": uint64(header.Version), + "timestamp": header.Timestamp, + "uptimeMillis": uint64(header.SysUptime), + "address": source.String(), + } + return count, header.Timestamp, metadata, nil +} diff --git a/filebeat/input/netflow/decoder/v7/v7_test.go b/filebeat/input/netflow/decoder/v7/v7_test.go new file mode 100644 index 00000000000..cafdbc36b56 --- /dev/null +++ b/filebeat/input/netflow/decoder/v7/v7_test.go @@ -0,0 +1,136 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package v7 + +import ( + "bytes" + "encoding/hex" + "net" + "testing" + "time" + + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/config" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/record" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/template" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/test" +) + +func TestNetflowProtocol_New(t *testing.T) { + proto := New(config.Defaults()) + + assert.Nil(t, proto.Start()) + assert.Equal(t, uint16(7), proto.Version()) + assert.Nil(t, proto.Stop()) +} + +func TestNetflowProtocol_OnPacket(t *testing.T) { + proto := New(config.Defaults()) + + rawS := "00070002000000015bf68d8b35fcb9780000000000000000" + + "acd910e5c0a8017b00000000000000000000000e00002cfa" + + "ffe8086cffe80f6201bbd711001806000000000000004411" + + "ffffffff" + // extra fields + "c0a8017bacd910e500000000000000000000000700000c5b" + + "ffe8086cffe80f62d71101bb001806000000000000003322" + + "fffefdfc" // extra fields + + captureTime, err := time.Parse(time.RFC3339Nano, "2018-11-22T11:05:47.905755Z") + captureTime = captureTime.UTC() + if !assert.NoError(t, err) { + t.Fatal(err) + } + expected := []record.Record{ + { + Type: record.Flow, + Timestamp: captureTime, + Fields: record.Map{ + "bgpDestinationAsNumber": uint64(0), + "bgpSourceAsNumber": uint64(0), + "destinationIPv4Address": net.ParseIP("192.168.1.123").To4(), + "destinationIPv4PrefixLength": uint64(0), + "destinationTransportPort": uint64(55057), + "egressInterface": uint64(0), + "flowEndSysUpTime": uint64(4293398370), + "flowStartSysUpTime": uint64(4293396588), + "ingressInterface": uint64(0), + "ipClassOfService": uint64(0), + "ipNextHopIPv4Address": net.ParseIP("0.0.0.0").To4(), + "octetDeltaCount": uint64(11514), + "packetDeltaCount": uint64(14), + "protocolIdentifier": uint64(6), + "sourceIPv4Address": net.ParseIP("172.217.16.229").To4(), + "sourceIPv4PrefixLength": uint64(0), + "sourceTransportPort": uint64(443), + "tcpControlBits": uint64(24), + "flagsAndSamplerId": uint64(0x4411), + "ipv4RouterSc": net.ParseIP("255.255.255.255").To4(), + }, + Exporter: record.Map{ + "address": "127.0.0.1:59707", + "timestamp": captureTime, + "uptimeMillis": uint64(1), + "version": uint64(7), + }, + }, { + Type: record.Flow, + Timestamp: captureTime, + Fields: record.Map{ + "bgpDestinationAsNumber": uint64(0), + "bgpSourceAsNumber": uint64(0), + "destinationIPv4Address": net.ParseIP("172.217.16.229").To4(), + "destinationIPv4PrefixLength": uint64(0), + "destinationTransportPort": uint64(443), + "egressInterface": uint64(0), + "flowEndSysUpTime": uint64(4293398370), + "flowStartSysUpTime": uint64(4293396588), + "ingressInterface": uint64(0), + "ipClassOfService": uint64(0), + "ipNextHopIPv4Address": net.ParseIP("0.0.0.0").To4(), + "octetDeltaCount": uint64(3163), + "packetDeltaCount": uint64(7), + "protocolIdentifier": uint64(6), + "sourceIPv4Address": net.ParseIP("192.168.1.123").To4(), + "sourceIPv4PrefixLength": uint64(0), + "sourceTransportPort": uint64(55057), + "tcpControlBits": uint64(24), + "flagsAndSamplerId": uint64(0x3322), + "ipv4RouterSc": net.ParseIP("255.254.253.252").To4(), + }, + Exporter: record.Map{ + "address": "127.0.0.1:59707", + "timestamp": captureTime, + "uptimeMillis": uint64(1), + "version": uint64(7), + }, + }, + } + raw, err := hex.DecodeString(rawS) + if !assert.NoError(t, err) { + t.Fatal(err) + } + flows, err := proto.OnPacket(bytes.NewBuffer(raw), test.MakeAddress(t, "127.0.0.1:59707")) + assert.NoError(t, err) + assert.Len(t, flows, len(expected)) + assert.Equal(t, expected, flows) +} + +func TestNetflowProtocol_BadPacket(t *testing.T) { + proto := New(config.Defaults()) + + rawS := "00060002000000015bf689f605" + raw, err := hex.DecodeString(rawS) + if !assert.NoError(t, err) { + t.Fatal(err) + } + flows, err := proto.OnPacket(bytes.NewBuffer(raw), test.MakeAddress(t, "127.0.0.1:59707")) + assert.Error(t, err) + assert.Len(t, flows, 0) +} + +func TestTemplate(t *testing.T) { + template.ValidateTemplate(t, &v7template) +} diff --git a/filebeat/input/netflow/decoder/v8/v8.go b/filebeat/input/netflow/decoder/v8/v8.go new file mode 100644 index 00000000000..855b8d3c914 --- /dev/null +++ b/filebeat/input/netflow/decoder/v8/v8.go @@ -0,0 +1,400 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package v8 + +import ( + "bytes" + "encoding/binary" + "fmt" + "io" + "log" + "net" + "time" + + "github.com/pkg/errors" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/config" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/fields" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/protocol" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/record" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/template" +) + +const ( + ProtocolName = "v8" + LogPrefix = "[netflow-v8] " + ProtocolID uint16 = 8 +) + +// AggType is an enumeration type for Netflow V8 aggregations. +// See https://www.cisco.com/c/en/us/td/docs/net_mgmt/netflow_collection_engine/3-6/user/guide/format.html +type AggType uint8 + +const ( + RouterAS AggType = iota + 1 + RouterProtoPort + RouterSrcPrefix + RouterDstPrefix + RouterPrefix + DestOnly + SrcDst + FullFlow + TosAS + TosProtoPort + TosSrcPrefix + TosDstPrefix + TosPrefix + PrePortProtocol +) + +var templates = map[AggType]*template.Template{ + RouterAS: { + Fields: []template.FieldTemplate{ + // observedFlowTotalCount + {Length: 4, Info: &fields.Field{Name: "deltaFlowCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "packetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "flowStartSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "flowEndSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "bgpSourceAsNumber", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "bgpDestinationAsNumber", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "ingressInterface", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + }, + Length: 28, + }, + RouterProtoPort: { + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "deltaFlowCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "packetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "flowStartSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "flowEndSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 1, Info: &fields.Field{Name: "protocolIdentifier", Decoder: fields.Unsigned8}}, + {Length: 3}, + {Length: 2, Info: &fields.Field{Name: "sourceTransportPort", Decoder: fields.Unsigned16}}, + {Length: 2, Info: &fields.Field{Name: "destinationTransportPort", Decoder: fields.Unsigned16}}, + }, + Length: 28, + }, + RouterDstPrefix: { + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "deltaFlowCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "packetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "flowStartSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "flowEndSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "destinationIPv4Prefix", Decoder: fields.Ipv4Address}}, + {Length: 2}, + {Length: 2, Info: &fields.Field{Name: "bgpDestinationAsNumber", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + {Length: 2}, + }, + Length: 32, + }, + RouterSrcPrefix: { + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "deltaFlowCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "packetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "flowStartSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "flowEndSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Prefix", Decoder: fields.Ipv4Address}}, + {Length: 2}, + {Length: 2, Info: &fields.Field{Name: "bgpSourceAsNumber", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "ingressInterface", Decoder: fields.Unsigned32}}, + {Length: 2}, + }, + Length: 32, + }, + RouterPrefix: { + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "deltaFlowCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "packetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "flowStartSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "flowEndSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Prefix", Decoder: fields.Ipv4Address}}, + {Length: 4, Info: &fields.Field{Name: "destinationIPv4Prefix", Decoder: fields.Ipv4Address}}, + {Length: 4}, + {Length: 2, Info: &fields.Field{Name: "bgpSourceAsNumber", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "bgpDestinationAsNumber", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "ingressInterface", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + }, + Length: 40, + }, + TosAS: { + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "deltaFlowCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "packetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "flowStartSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "flowEndSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "bgpSourceAsNumber", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "bgpDestinationAsNumber", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "ingressInterface", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + {Length: 3}, + }, + Length: 32, + }, + TosProtoPort: { + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "deltaFlowCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "packetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "flowStartSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "flowEndSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 1, Info: &fields.Field{Name: "protocolIdentifier", Decoder: fields.Unsigned8}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + {Length: 2}, + {Length: 2, Info: &fields.Field{Name: "sourceTransportPort", Decoder: fields.Unsigned16}}, + {Length: 2, Info: &fields.Field{Name: "destinationTransportPort", Decoder: fields.Unsigned16}}, + {Length: 2, Info: &fields.Field{Name: "ingressInterface", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + }, + Length: 32, + }, + PrePortProtocol: { + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "deltaFlowCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "packetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "flowStartSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "flowEndSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Prefix", Decoder: fields.Ipv4Address}}, + {Length: 4, Info: &fields.Field{Name: "destinationIPv4Prefix", Decoder: fields.Ipv4Address}}, + // Warning: according to CISCO docs, this is reversed (dest, src) + {Length: 1, Info: &fields.Field{Name: "destinationIPv4PrefixLength", Decoder: fields.Unsigned8}}, + {Length: 1, Info: &fields.Field{Name: "sourceIPv4PrefixLength", Decoder: fields.Unsigned8}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + {Length: 1, Info: &fields.Field{Name: "protocolIdentifier", Decoder: fields.Unsigned8}}, + {Length: 2, Info: &fields.Field{Name: "sourceTransportPort", Decoder: fields.Unsigned16}}, + {Length: 2, Info: &fields.Field{Name: "destinationTransportPort", Decoder: fields.Unsigned16}}, + {Length: 2, Info: &fields.Field{Name: "ingressInterface", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + }, + Length: 40, + }, + TosSrcPrefix: { + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "deltaFlowCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "packetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "flowStartSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "flowEndSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Prefix", Decoder: fields.Ipv4Address}}, + {Length: 1, Info: &fields.Field{Name: "sourceIPv4PrefixLength", Decoder: fields.Unsigned8}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + {Length: 2, Info: &fields.Field{Name: "bgpSourceAsNumber", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "ingressInterface", Decoder: fields.Unsigned32}}, + {Length: 2}, + }, + Length: 32, + }, + TosDstPrefix: { + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "deltaFlowCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "packetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "flowStartSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "flowEndSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "destinationIPv4Prefix", Decoder: fields.Ipv4Address}}, + {Length: 1, Info: &fields.Field{Name: "destinationIPv4PrefixLength", Decoder: fields.Unsigned8}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + {Length: 2, Info: &fields.Field{Name: "bgpDestinationAsNumber", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + {Length: 2}, + }, + Length: 32, + }, + TosPrefix: { + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "deltaFlowCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "packetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "flowStartSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "flowEndSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Prefix", Decoder: fields.Ipv4Address}}, + {Length: 4, Info: &fields.Field{Name: "destinationIPv4Prefix", Decoder: fields.Ipv4Address}}, + {Length: 1, Info: &fields.Field{Name: "destinationIPv4PrefixLength", Decoder: fields.Unsigned8}}, + {Length: 1, Info: &fields.Field{Name: "sourceIPv4PrefixLength", Decoder: fields.Unsigned8}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + {Length: 1}, + {Length: 2, Info: &fields.Field{Name: "bgpSourceAsNumber", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "bgpDestinationAsNumber", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "ingressInterface", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + }, + Length: 40, + }, + DestOnly: { + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "destinationIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 4, Info: &fields.Field{Name: "packetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "flowStartSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "flowEndSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + // Warning: This is documented as "marked_tos: Type of Service of the packets that exceeded the contract" + // but I can't find a V9 field for it. + {Length: 1, Info: &fields.Field{Name: "postIpClassOfService", Decoder: fields.Unsigned8}}, + // Warning: This is documented as "extraPkts: Packets that exceeded the contract" + // but I can't find a V9 field for it. + {Length: 4, Info: &fields.Field{Name: "droppedPacketDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "ipv4RouterSc", Decoder: fields.Ipv4Address}}, + }, + Length: 32, + }, + SrcDst: { + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "destinationIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 4, Info: &fields.Field{Name: "packetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "flowStartSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "flowEndSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "ingressInterface", Decoder: fields.Unsigned32}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + // Warning: This is documented as "marked_tos: Type of Service of the packets that exceeded the contract" + // but I can't find a V9 field for it. + {Length: 1, Info: &fields.Field{Name: "postIpClassOfService", Decoder: fields.Unsigned8}}, + {Length: 2}, // Padding + // Warning: This is documented as "extraPkts: Packets that exceeded the contract" + // but I can't find a V9 field for it. + {Length: 4, Info: &fields.Field{Name: "droppedPacketDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "ipv4RouterSc", Decoder: fields.Ipv4Address}}, + }, + Length: 40, + }, + FullFlow: { + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "destinationIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 4, Info: &fields.Field{Name: "sourceIPv4Address", Decoder: fields.Ipv4Address}}, + {Length: 2, Info: &fields.Field{Name: "destinationTransportPort", Decoder: fields.Unsigned16}}, + {Length: 2, Info: &fields.Field{Name: "sourceTransportPort", Decoder: fields.Unsigned16}}, + {Length: 4, Info: &fields.Field{Name: "packetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "flowStartSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 4, Info: &fields.Field{Name: "flowEndSysUpTime", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + {Length: 2, Info: &fields.Field{Name: "ingressInterface", Decoder: fields.Unsigned32}}, + + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + {Length: 1, Info: &fields.Field{Name: "protocolIdentifier", Decoder: fields.Unsigned8}}, + // Warning: This is documented as "marked_tos: Type of Service of the packets that exceeded the contract" + // but I can't find a V9 field for it. + {Length: 1, Info: &fields.Field{Name: "postIpClassOfService", Decoder: fields.Unsigned8}}, + {Length: 1}, // Padding + // Warning: This is documented as "extraPkts: Packets that exceeded the contract" + // but I can't find a V9 field for it. + {Length: 4, Info: &fields.Field{Name: "droppedPacketDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 4, Info: &fields.Field{Name: "ipv4RouterSc", Decoder: fields.Ipv4Address}}, + }, + Length: 44, + }, +} + +type NetflowV8Protocol struct { + logger *log.Logger +} + +func init() { + protocol.Registry.Register(ProtocolName, New) +} + +func New(config config.Config) protocol.Protocol { + return &NetflowV8Protocol{ + logger: log.New(config.LogOutput(), LogPrefix, 0), + } +} + +func (NetflowV8Protocol) Version() uint16 { + return ProtocolID +} + +func (p *NetflowV8Protocol) OnPacket(buf *bytes.Buffer, source net.Addr) (flows []record.Record, err error) { + header, err := ReadPacketHeader(buf) + if err != nil { + p.logger.Printf("Failed parsing packet: %v", err) + return nil, errors.Wrap(err, "error reading V8 header") + } + template, found := templates[header.Aggregation] + if !found { + p.logger.Printf("Packet from %s uses an unknown V8 aggregation: %d", source, header.Aggregation) + return nil, fmt.Errorf("unsupported V8 aggregation: %d", header.Aggregation) + } + metadata := header.GetMetadata(source) + flows, err = template.Apply(buf, int(header.Count)) + if err != nil { + return nil, errors.Wrapf(err, "unable to decode V8 flows of type %d", header.Aggregation) + } + for i := range flows { + flows[i].Exporter = metadata + flows[i].Timestamp = header.Timestamp + } + return flows, nil +} + +func (NetflowV8Protocol) Start() error { + return nil +} + +func (NetflowV8Protocol) Stop() error { + return nil +} + +type PacketHeader struct { + Version uint16 + Count uint16 + SysUptime uint32 // 32 bit milliseconds + Timestamp time.Time // 32 bit seconds + 32 bit nanoseconds + FlowSequence uint32 + EngineType uint8 + EngineID uint8 + Aggregation AggType + AggVersion uint8 + Reserved uint32 +} + +func ReadPacketHeader(buf *bytes.Buffer) (header PacketHeader, err error) { + var arr [28]byte + if n, err := buf.Read(arr[:]); err != nil || n != len(arr) { + if err == nil { + err = io.EOF + } + return header, err + } + timestamp := binary.BigEndian.Uint64(arr[8:16]) + header = PacketHeader{ + Version: binary.BigEndian.Uint16(arr[:2]), + Count: binary.BigEndian.Uint16(arr[2:4]), + SysUptime: binary.BigEndian.Uint32(arr[4:8]), + Timestamp: time.Unix(int64(timestamp>>32), int64(timestamp&(1<<32-1))).UTC(), + FlowSequence: binary.BigEndian.Uint32(arr[16:20]), + EngineType: arr[20], + EngineID: arr[21], + Aggregation: AggType(arr[22]), + AggVersion: arr[23], + } + return header, nil +} + +func (header PacketHeader) GetMetadata(source net.Addr) record.Map { + return record.Map{ + "version": uint64(header.Version), + "timestamp": header.Timestamp, + "uptimeMillis": uint64(header.SysUptime), + "address": source.String(), + "engineType": uint64(header.EngineType), + "engineId": uint64(header.EngineID), + "aggregation": uint64(header.Aggregation), + "aggregationVersion": uint64(header.AggVersion), + } +} diff --git a/filebeat/input/netflow/decoder/v8/v8_test.go b/filebeat/input/netflow/decoder/v8/v8_test.go new file mode 100644 index 00000000000..81ad2437cae --- /dev/null +++ b/filebeat/input/netflow/decoder/v8/v8_test.go @@ -0,0 +1,635 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package v8 + +import ( + "bytes" + "encoding/hex" + "errors" + "net" + "testing" + "time" + + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/config" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/record" + template2 "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/template" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/test" +) + +func TestTemplates(t *testing.T) { + for code, template := range templates { + if !template2.ValidateTemplate(t, template) { + t.Fatal("Failed validating template for V8 record", code) + } + } +} + +func TestNetflowProtocol_New(t *testing.T) { + proto := New(config.Defaults()) + + assert.Nil(t, proto.Start()) + assert.Equal(t, uint16(8), proto.Version()) + assert.Nil(t, proto.Stop()) +} + +func TestNetflowProtocol_BadPacket(t *testing.T) { + proto := New(config.Defaults()) + + rawS := "00080002000000015bf689f605" + raw, err := hex.DecodeString(rawS) + if !assert.NoError(t, err) { + t.Fatal(err) + } + flows, err := proto.OnPacket(bytes.NewBuffer(raw), test.MakeAddress(t, "127.0.0.1:59707")) + assert.Error(t, err) + assert.Len(t, flows, 0) +} + +func TestNetflowV8Protocol_OnPacket(t *testing.T) { + proto := New(config.Defaults()) + address := test.MakeAddress(t, "127.0.0.1:11111") + captureTime, err := time.Parse(time.RFC3339Nano, "2018-11-22T20:53:03.987654321Z") + if !assert.NoError(t, err) { + t.Fatal(err) + } + for _, testCase := range []struct { + name string + aggregation AggType + packet []uint16 + expected record.Record + empty bool + err error + }{ + { + name: "RouterAS", + aggregation: RouterAS, + packet: []uint16{ + // Header + 8, 1, 1, 2, 23543, 5935, 15070, 26801, 0x1234, 0x5678, 258, 0, 0, 0, + // Flow record + 0x1234, 0x5678, 0x09ab, 0xcdef, 0x1122, 0x3344, 0x5566, 0x7788, + 0x99aa, 0x99bb, 0x1111, 0x2222, 0x3333, 0x4444, + }, + expected: record.Record{ + Type: record.Flow, + Timestamp: captureTime, + Fields: record.Map{ + "deltaFlowCount": uint64(0x12345678), + "packetDeltaCount": uint64(0x9abcdef), + "octetDeltaCount": uint64(0x11223344), + "flowStartSysUpTime": uint64(0x55667788), + "flowEndSysUpTime": uint64(0x99aa99bb), + "bgpSourceAsNumber": uint64(0x1111), + "bgpDestinationAsNumber": uint64(0x2222), + "ingressInterface": uint64(0x3333), + "egressInterface": uint64(0x4444), + }, + Exporter: record.Map{ + "version": uint64(8), + "timestamp": captureTime, + "uptimeMillis": uint64(0x10002), + "address": address.String(), + "engineType": uint64(1), + "engineId": uint64(2), + "aggregation": uint64(RouterAS), + "aggregationVersion": uint64(0), + }, + }, + }, + { + name: "RouterProtoPort", + aggregation: RouterProtoPort, + packet: []uint16{ + // Header + 8, 1, 1, 2, 23543, 5935, 15070, 26801, 0x1234, 0x5678, 258, 0, 0, 0, + // Flow record + 0x1234, 0x5678, 0x09ab, 0xcdef, 0x1122, 0x3344, 0x5566, 0x7788, + 0x99aa, 0x99bb, 0x1111, 0x2222, 0x3333, 0x4444, + }, + expected: record.Record{ + Type: record.Flow, + Timestamp: captureTime, + Fields: record.Map{ + "deltaFlowCount": uint64(0x12345678), + "packetDeltaCount": uint64(0x9abcdef), + "octetDeltaCount": uint64(0x11223344), + "flowStartSysUpTime": uint64(0x55667788), + "flowEndSysUpTime": uint64(0x99aa99bb), + "protocolIdentifier": uint64(0x11), + "sourceTransportPort": uint64(0x3333), + "destinationTransportPort": uint64(0x4444), + }, + Exporter: record.Map{ + "version": uint64(8), + "timestamp": captureTime, + "uptimeMillis": uint64(0x10002), + "address": address.String(), + "engineType": uint64(1), + "engineId": uint64(2), + "aggregation": uint64(RouterProtoPort), + "aggregationVersion": uint64(0), + }, + }, + }, + { + name: "RouterDstPrefix", + aggregation: RouterDstPrefix, + packet: []uint16{ + // Header + 8, 1, 1, 2, 23543, 5935, 15070, 26801, 0x1234, 0x5678, 258, 0, 0, 0, + // Flow record + 0x1234, 0x5678, 0x09ab, 0xcdef, 0x1122, 0x3344, 0x5566, 0x7788, + 0x99aa, 0x99bb, 0x1111, 0x2222, 0x3333, 0x4444, 0x0506, 0, + }, + expected: record.Record{ + Type: record.Flow, + Timestamp: captureTime, + Fields: record.Map{ + "deltaFlowCount": uint64(0x12345678), + "packetDeltaCount": uint64(0x09abcdef), + "octetDeltaCount": uint64(0x11223344), + "flowStartSysUpTime": uint64(0x55667788), + "flowEndSysUpTime": uint64(0x99aa99bb), + "destinationIPv4Prefix": net.ParseIP("17.17.34.34").To4(), + "bgpDestinationAsNumber": uint64(0x4444), + "egressInterface": uint64(0x0506), + }, + Exporter: record.Map{ + "version": uint64(8), + "timestamp": captureTime, + "uptimeMillis": uint64(0x10002), + "address": address.String(), + "engineType": uint64(1), + "engineId": uint64(2), + "aggregation": uint64(RouterDstPrefix), + "aggregationVersion": uint64(0), + }, + }, + }, + { + name: "RouterSrcPrefix", + aggregation: RouterSrcPrefix, + packet: []uint16{ + // Header + 8, 1, 1, 2, 23543, 5935, 15070, 26801, 0x1234, 0x5678, 258, 0, 0, 0, + // Flow record + 0x1234, 0x5678, 0x09ab, 0xcdef, 0x1122, 0x3344, 0x5566, 0x7788, + 0x99aa, 0x99bb, 0x1111, 0x2222, 0x3333, 0x4444, 0x0506, 0, + }, + expected: record.Record{ + Type: record.Flow, + Timestamp: captureTime, + Fields: record.Map{ + "deltaFlowCount": uint64(0x12345678), + "packetDeltaCount": uint64(0x09abcdef), + "octetDeltaCount": uint64(0x11223344), + "flowStartSysUpTime": uint64(0x55667788), + "flowEndSysUpTime": uint64(0x99aa99bb), + "sourceIPv4Prefix": net.ParseIP("17.17.34.34").To4(), + "bgpSourceAsNumber": uint64(0x4444), + "ingressInterface": uint64(0x0506), + }, + Exporter: record.Map{ + "version": uint64(8), + "timestamp": captureTime, + "uptimeMillis": uint64(0x10002), + "address": address.String(), + "engineType": uint64(1), + "engineId": uint64(2), + "aggregation": uint64(RouterSrcPrefix), + "aggregationVersion": uint64(0), + }, + }, + }, + { + name: "RouterPrefix", + aggregation: RouterPrefix, + packet: []uint16{ + // Header + 8, 1, 1, 2, 23543, 5935, 15070, 26801, 0x1234, 0x5678, 258, 0, 0, 0, + // Flow record + 0x1234, 0x5678, 0x09ab, 0xcdef, 0x1122, 0x3344, 0x5566, 0x7788, + 0x99aa, 0x99bb, 0x1111, 0x2222, 0x3333, 0x4444, 0, 0, + 0x0506, 0x0708, 0x090a, 0x0b0c, 0x0d0e, + }, + expected: record.Record{ + Type: record.Flow, + Timestamp: captureTime, + Fields: record.Map{ + "deltaFlowCount": uint64(0x12345678), + "packetDeltaCount": uint64(0x9abcdef), + "octetDeltaCount": uint64(0x11223344), + "flowStartSysUpTime": uint64(0x55667788), + "flowEndSysUpTime": uint64(0x99aa99bb), + "sourceIPv4Prefix": net.ParseIP("17.17.34.34").To4(), + "destinationIPv4Prefix": net.ParseIP("51.51.68.68").To4(), + "bgpSourceAsNumber": uint64(0x0506), + "bgpDestinationAsNumber": uint64(0x0708), + "ingressInterface": uint64(0x090a), + "egressInterface": uint64(0x0b0c), + }, + Exporter: record.Map{ + "version": uint64(8), + "timestamp": captureTime, + "uptimeMillis": uint64(0x10002), + "address": address.String(), + "engineType": uint64(1), + "engineId": uint64(2), + "aggregation": uint64(RouterPrefix), + "aggregationVersion": uint64(0), + }, + }, + }, + { + name: "TosAS", + aggregation: TosAS, + packet: []uint16{ + // Header + 8, 1, 1, 2, 23543, 5935, 15070, 26801, 0x1234, 0x5678, 258, 0, 0, 0, + // Flow record + 0x1234, 0x5678, 0x09ab, 0xcdef, 0x1122, 0x3344, 0x5566, 0x7788, + 0x99aa, 0x99bb, 0x1111, 0x2222, 0x3333, 0x4444, 0x5555, 0x6666, + }, + expected: record.Record{ + Type: record.Flow, + Timestamp: captureTime, + Fields: record.Map{ + "deltaFlowCount": uint64(0x12345678), + "packetDeltaCount": uint64(0x09abcdef), + "octetDeltaCount": uint64(0x11223344), + "flowStartSysUpTime": uint64(0x55667788), + "flowEndSysUpTime": uint64(0x99aa99bb), + "bgpSourceAsNumber": uint64(0x1111), + "bgpDestinationAsNumber": uint64(0x2222), + "ingressInterface": uint64(0x3333), + "egressInterface": uint64(0x4444), + "ipClassOfService": uint64(0x55), + }, + Exporter: record.Map{ + "version": uint64(8), + "timestamp": captureTime, + "uptimeMillis": uint64(0x10002), + "address": address.String(), + "engineType": uint64(1), + "engineId": uint64(2), + "aggregation": uint64(TosAS), + "aggregationVersion": uint64(0), + }, + }, + }, + { + name: "TosProtoPort", + aggregation: TosProtoPort, + packet: []uint16{ + // Header + 8, 1, 1, 2, 23543, 5935, 15070, 26801, 0x1234, 0x5678, 258, 0, 0, 0, + // Flow record + 0x1234, 0x5678, 0x09ab, 0xcdef, 0x1122, 0x3344, 0x5566, 0x7788, + 0x99aa, 0x99bb, 0x1111, 0x2222, 0x3333, 0x4444, 0x5555, 0x6666, + }, + expected: record.Record{ + Type: record.Flow, + Timestamp: captureTime, + Fields: record.Map{ + "deltaFlowCount": uint64(0x12345678), + "packetDeltaCount": uint64(0x9abcdef), + "octetDeltaCount": uint64(0x11223344), + "flowStartSysUpTime": uint64(0x55667788), + "flowEndSysUpTime": uint64(0x99aa99bb), + "protocolIdentifier": uint64(0x11), + "ipClassOfService": uint64(0x11), + "sourceTransportPort": uint64(0x3333), + "destinationTransportPort": uint64(0x4444), + "ingressInterface": uint64(0x5555), + "egressInterface": uint64(0x6666), + }, + Exporter: record.Map{ + "version": uint64(8), + "timestamp": captureTime, + "uptimeMillis": uint64(0x10002), + "address": address.String(), + "engineType": uint64(1), + "engineId": uint64(2), + "aggregation": uint64(TosProtoPort), + "aggregationVersion": uint64(0), + }, + }, + }, + { + name: "PrePortProtocol", + aggregation: PrePortProtocol, + packet: []uint16{ + // Header + 8, 1, 1, 2, 23543, 5935, 15070, 26801, 0x1234, 0x5678, 258, 0, 0, 0, + // Flow record + 0x1234, 0x5678, 0x09ab, 0xcdef, 0x1122, 0x3344, 0x5566, 0x7788, + 0x99aa, 0x99bb, 0x1111, 0x2222, 0x3333, 0x4444, 0x5555, 0x6666, + 0x7181, 0x91a1, 0xb1c1, 0xd1e1, + }, + expected: record.Record{ + Type: record.Flow, + Timestamp: captureTime, + Fields: record.Map{ + "deltaFlowCount": uint64(0x12345678), + "packetDeltaCount": uint64(0x9abcdef), + "octetDeltaCount": uint64(0x11223344), + "flowStartSysUpTime": uint64(0x55667788), + "flowEndSysUpTime": uint64(0x99aa99bb), + "sourceIPv4Prefix": net.ParseIP("17.17.34.34").To4(), + "destinationIPv4Prefix": net.ParseIP("51.51.68.68").To4(), + "destinationIPv4PrefixLength": uint64(0x55), + "sourceIPv4PrefixLength": uint64(0x55), + "ipClassOfService": uint64(0x66), + "protocolIdentifier": uint64(0x66), + "sourceTransportPort": uint64(0x7181), + "destinationTransportPort": uint64(0x91a1), + "ingressInterface": uint64(0xb1c1), + "egressInterface": uint64(0xd1e1), + }, + Exporter: record.Map{ + "version": uint64(8), + "timestamp": captureTime, + "uptimeMillis": uint64(0x10002), + "address": address.String(), + "engineType": uint64(1), + "engineId": uint64(2), + "aggregation": uint64(PrePortProtocol), + "aggregationVersion": uint64(0), + }, + }, + }, + { + name: "TosSrcPrefix", + aggregation: TosSrcPrefix, + packet: []uint16{ + // Header + 8, 1, 1, 2, 23543, 5935, 15070, 26801, 0x1234, 0x5678, 258, 0, 0, 0, + // Flow record + 0x1234, 0x5678, 0x09ab, 0xcdef, 0x1122, 0x3344, 0x5566, 0x7788, + 0x99aa, 0x99bb, 0x1111, 0x2222, 0x3333, 0x4444, 0x5555, 0x6666, + }, + expected: record.Record{ + Type: record.Flow, + Timestamp: captureTime, + Fields: record.Map{ + "deltaFlowCount": uint64(0x12345678), + "packetDeltaCount": uint64(0x9abcdef), + "octetDeltaCount": uint64(0x11223344), + "flowStartSysUpTime": uint64(0x55667788), + "flowEndSysUpTime": uint64(0x99aa99bb), + "sourceIPv4Prefix": net.ParseIP("17.17.34.34").To4(), + "sourceIPv4PrefixLength": uint64(0x33), + "ipClassOfService": uint64(0x33), + "bgpSourceAsNumber": uint64(0x4444), + "ingressInterface": uint64(0x5555), + }, + Exporter: record.Map{ + "version": uint64(8), + "timestamp": captureTime, + "uptimeMillis": uint64(0x10002), + "address": address.String(), + "engineType": uint64(1), + "engineId": uint64(2), + "aggregation": uint64(TosSrcPrefix), + "aggregationVersion": uint64(0), + }, + }, + }, + { + name: "TosDstPrefix", + aggregation: TosDstPrefix, + packet: []uint16{ + // Header + 8, 1, 1, 2, 23543, 5935, 15070, 26801, 0x1234, 0x5678, 258, 0, 0, 0, + // Flow record + 0x1234, 0x5678, 0x09ab, 0xcdef, 0x1122, 0x3344, 0x5566, 0x7788, + 0x99aa, 0x99bb, 0x1111, 0x2222, 0x3333, 0x4444, 0x5555, 0x6666, + }, + expected: record.Record{ + Type: record.Flow, + Timestamp: captureTime, + Fields: record.Map{ + "deltaFlowCount": uint64(0x12345678), + "packetDeltaCount": uint64(0x9abcdef), + "octetDeltaCount": uint64(0x11223344), + "flowStartSysUpTime": uint64(0x55667788), + "flowEndSysUpTime": uint64(0x99aa99bb), + "destinationIPv4Prefix": net.ParseIP("17.17.34.34").To4(), + "destinationIPv4PrefixLength": uint64(0x33), + "ipClassOfService": uint64(0x33), + "bgpDestinationAsNumber": uint64(0x4444), + "egressInterface": uint64(0x5555), + }, + Exporter: record.Map{ + "version": uint64(8), + "timestamp": captureTime, + "uptimeMillis": uint64(0x10002), + "address": address.String(), + "engineType": uint64(1), + "engineId": uint64(2), + "aggregation": uint64(TosDstPrefix), + "aggregationVersion": uint64(0), + }, + }, + }, + { + name: "TosPrefix", + aggregation: TosPrefix, + packet: []uint16{ + // Header + 8, 1, 1, 2, 23543, 5935, 15070, 26801, 0x1234, 0x5678, 258, 0, 0, 0, + // Flow record + 0x1234, 0x5678, 0x09ab, 0xcdef, 0x1122, 0x3344, 0x5566, 0x7788, + 0x99aa, 0x99bb, 0x1111, 0x2222, 0x3333, 0x4444, 0x5555, 0x6666, + 0x7181, 0x91a1, 0xb1c1, 0xd1e1, + }, + expected: record.Record{ + Type: record.Flow, + Timestamp: captureTime, + Fields: record.Map{ + "deltaFlowCount": uint64(0x12345678), + "packetDeltaCount": uint64(0x9abcdef), + "octetDeltaCount": uint64(0x11223344), + "flowStartSysUpTime": uint64(0x55667788), + "flowEndSysUpTime": uint64(0x99aa99bb), + "sourceIPv4Prefix": net.ParseIP("17.17.34.34").To4(), + "destinationIPv4Prefix": net.ParseIP("51.51.68.68").To4(), + "destinationIPv4PrefixLength": uint64(0x55), + "sourceIPv4PrefixLength": uint64(0x55), + "ipClassOfService": uint64(0x66), + "bgpSourceAsNumber": uint64(0x7181), + "bgpDestinationAsNumber": uint64(0x91a1), + "ingressInterface": uint64(0xb1c1), + "egressInterface": uint64(0xd1e1), + }, + Exporter: record.Map{ + "version": uint64(8), + "timestamp": captureTime, + "uptimeMillis": uint64(0x10002), + "address": address.String(), + "engineType": uint64(1), + "engineId": uint64(2), + "aggregation": uint64(TosPrefix), + "aggregationVersion": uint64(0), + }, + }, + }, + { + name: "DestOnly", + aggregation: DestOnly, + packet: []uint16{ + // Header + 8, 1, 1, 2, 23543, 5935, 15070, 26801, 0x1234, 0x5678, 258, 0, 0, 0, + // Flow record + 0x1234, 0x5678, 0x09ab, 0xcdef, 0x1122, 0x3344, 0x5566, 0x7788, + 0x99aa, 0x99bb, 0x1111, 0x2222, 0x3333, 0x4444, 0x5555, 0x6666, + }, + expected: record.Record{ + Type: record.Flow, + Timestamp: captureTime, + Fields: record.Map{ + "destinationIPv4Address": net.ParseIP("18.52.86.120").To4(), + "packetDeltaCount": uint64(0x9abcdef), + "octetDeltaCount": uint64(0x11223344), + "flowStartSysUpTime": uint64(0x55667788), + "flowEndSysUpTime": uint64(0x99aa99bb), + "egressInterface": uint64(0x1111), + "ipClassOfService": uint64(0x22), + "postIpClassOfService": uint64(0x22), + "droppedPacketDeltaCount": uint64(0x33334444), + "ipv4RouterSc": net.ParseIP("85.85.102.102").To4(), + }, + Exporter: record.Map{ + "version": uint64(8), + "timestamp": captureTime, + "uptimeMillis": uint64(0x10002), + "address": address.String(), + "engineType": uint64(1), + "engineId": uint64(2), + "aggregation": uint64(DestOnly), + "aggregationVersion": uint64(0), + }, + }, + }, + { + name: "SrcDst", + aggregation: SrcDst, + packet: []uint16{ + // Header + 8, 1, 1, 2, 23543, 5935, 15070, 26801, 0x1234, 0x5678, 258, 0, 0, 0, + // Flow record + 0x1234, 0x5678, 0x09ab, 0xcdef, 0x1122, 0x3344, 0x5566, 0x7788, + 0x99aa, 0x99bb, 0x1111, 0x2222, 0x3333, 0x4444, 0x5555, 0x6666, + 0x7181, 0x91a1, 0xb1c1, 0xd1e1, + }, + expected: record.Record{ + Type: record.Flow, + Timestamp: captureTime, + Fields: record.Map{ + "destinationIPv4Address": net.ParseIP("18.52.86.120").To4(), + "sourceIPv4Address": net.ParseIP("9.171.205.239").To4(), + "packetDeltaCount": uint64(0x11223344), + "octetDeltaCount": uint64(0x55667788), + "flowStartSysUpTime": uint64(0x99aa99bb), + "flowEndSysUpTime": uint64(0x11112222), + "egressInterface": uint64(0x3333), + "ingressInterface": uint64(0x4444), + "ipClassOfService": uint64(0x55), + "postIpClassOfService": uint64(0x55), + "droppedPacketDeltaCount": uint64(0x718191a1), + "ipv4RouterSc": net.ParseIP("177.193.209.225").To4(), + }, + Exporter: record.Map{ + "version": uint64(8), + "timestamp": captureTime, + "uptimeMillis": uint64(0x10002), + "address": address.String(), + "engineType": uint64(1), + "engineId": uint64(2), + "aggregation": uint64(SrcDst), + "aggregationVersion": uint64(0), + }, + }, + }, + { + name: "FullFlow", + aggregation: FullFlow, + packet: []uint16{ + // Header + 8, 1, 1, 2, 23543, 5935, 15070, 26801, 0x1234, 0x5678, 258, 0, 0, 0, + // Flow record + 0x1234, 0x5678, 0x09ab, 0xcdef, 0x1122, 0x3344, 0x5566, 0x7788, + 0x99aa, 0x99bb, 0x1111, 0x2222, 0x3333, 0x4444, 0x5555, 0x6666, + 0x7181, 0x91a1, 0xb1c1, 0xd1e1, 0x2f2e, 0x2d2c, + }, + expected: record.Record{ + Type: record.Flow, + Timestamp: captureTime, + Fields: record.Map{ + "destinationIPv4Address": net.ParseIP("18.52.86.120").To4(), + "sourceIPv4Address": net.ParseIP("9.171.205.239").To4(), + "destinationTransportPort": uint64(0x1122), + "sourceTransportPort": uint64(0x3344), + "packetDeltaCount": uint64(0x55667788), + "octetDeltaCount": uint64(0x99aa99bb), + "flowStartSysUpTime": uint64(0x11112222), + "flowEndSysUpTime": uint64(0x33334444), + "egressInterface": uint64(0x5555), + "ingressInterface": uint64(0x6666), + "ipClassOfService": uint64(0x71), + "protocolIdentifier": uint64(0x81), + "postIpClassOfService": uint64(0x91), + "droppedPacketDeltaCount": uint64(0xb1c1d1e1), + "ipv4RouterSc": net.ParseIP("47.46.45.44").To4(), + }, + Exporter: record.Map{ + "version": uint64(8), + "timestamp": captureTime, + "uptimeMillis": uint64(0x10002), + "address": address.String(), + "engineType": uint64(1), + "engineId": uint64(2), + "aggregation": uint64(FullFlow), + "aggregationVersion": uint64(0), + }, + }, + }, + { + name: "Unknown", + aggregation: 0xff, + packet: []uint16{ + // Header + 8, 1, 1, 2, 23543, 5935, 15070, 26801, 0x1234, 0x5678, 258, 0, 0, 0, + // Flow record + 0x1234, 0x5678, 0x09ab, 0xcdef, 0x1122, 0x3344, 0x5566, 0x7788, + 0x99aa, 0x99bb, 0x1111, 0x2222, 0x3333, 0x4444, 0x5555, 0x6666, + 0x7181, 0x91a1, 0xb1c1, 0xd1e1, 0x2f2e, 0x2d2c, + }, + empty: true, + err: errors.New("unsupported V8 aggregation: 255"), + }, + } { + t.Run(testCase.name, func(t *testing.T) { + raw := test.MakePacket(testCase.packet) + raw.Bytes()[22] = uint8(testCase.aggregation) + flow, err := proto.OnPacket(raw, address) + if err == nil { + assert.NoError(t, err) + } else { + assert.Equal(t, testCase.err, err) + } + if !testCase.empty { + if !assert.Len(t, flow, 1) { + return + } + test.AssertRecordsEqual(t, testCase.expected, flow[0]) + } else { + assert.Empty(t, flow) + } + }) + } +} diff --git a/filebeat/input/netflow/decoder/v9/decoder.go b/filebeat/input/netflow/decoder/v9/decoder.go new file mode 100644 index 00000000000..4901ba7d6a8 --- /dev/null +++ b/filebeat/input/netflow/decoder/v9/decoder.go @@ -0,0 +1,232 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package v9 + +import ( + "bytes" + "encoding/binary" + "errors" + "fmt" + "io" + "log" + "net" + "time" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/fields" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/record" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/template" +) + +const ( + TemplateFlowSetID = 0 + TemplateOptionsSetID = 1 +) + +type Decoder interface { + ReadPacketHeader(*bytes.Buffer) (PacketHeader, *bytes.Buffer, int, error) + ReadSetHeader(*bytes.Buffer) (SetHeader, error) + ReadTemplateSet(setID uint16, buf *bytes.Buffer) ([]*template.Template, error) + ReadFieldDefinition(*bytes.Buffer) (field fields.Key, length uint16, err error) + GetLogger() *log.Logger + GetFields() fields.FieldDict +} + +type DecoderV9 struct { + Logger *log.Logger + Fields fields.FieldDict +} + +var _ Decoder = (*DecoderV9)(nil) + +func (d DecoderV9) GetLogger() *log.Logger { + return d.Logger +} + +func (_ DecoderV9) ReadPacketHeader(buf *bytes.Buffer) (header PacketHeader, newBuf *bytes.Buffer, numFlowSets int, err error) { + var data [20]byte + n, err := buf.Read(data[:]) + if n != len(data) || err != nil { + return header, buf, numFlowSets, io.EOF + } + header = PacketHeader{ + Version: binary.BigEndian.Uint16(data[:2]), + Count: binary.BigEndian.Uint16(data[2:4]), + SysUptime: binary.BigEndian.Uint32(data[4:8]), + UnixSecs: time.Unix(int64(binary.BigEndian.Uint32(data[8:12])), 0).UTC(), + SequenceNo: binary.BigEndian.Uint32(data[12:16]), + SourceID: binary.BigEndian.Uint32(data[16:20]), + } + return header, buf, int(header.Count), nil +} + +func (_ DecoderV9) ReadSetHeader(buf *bytes.Buffer) (SetHeader, error) { + var data [4]byte + n, err := buf.Read(data[:]) + if n != len(data) || err != nil { + return SetHeader{}, io.EOF + } + return SetHeader{ + SetID: binary.BigEndian.Uint16(data[:2]), + Length: binary.BigEndian.Uint16(data[2:4]), + }, nil +} + +func (d DecoderV9) ReadTemplateSet(setID uint16, buf *bytes.Buffer) ([]*template.Template, error) { + switch setID { + case TemplateFlowSetID: + return ReadTemplateFlowSet(d, buf) + case TemplateOptionsSetID: + return d.ReadOptionsTemplateFlowSet(buf) + default: + return nil, fmt.Errorf("set id %d not supported", setID) + } +} + +func (d DecoderV9) ReadFieldDefinition(buf *bytes.Buffer) (field fields.Key, length uint16, err error) { + var row [4]byte + if n, err := buf.Read(row[:]); err != nil || n != len(row) { + return field, length, io.EOF + } + field.FieldID = binary.BigEndian.Uint16(row[:2]) + length = binary.BigEndian.Uint16(row[2:]) + return field, length, nil +} + +func (d DecoderV9) GetFields() fields.FieldDict { + if f := d.Fields; f != nil { + return f + } + return fields.GlobalFields +} + +func ReadFields(d Decoder, buf *bytes.Buffer, count int) (record template.Template, err error) { + knownFields := d.GetFields() + logger := d.GetLogger() + record.Fields = make([]template.FieldTemplate, count) + for i := 0; i < count; i++ { + key, length, err := d.ReadFieldDefinition(buf) + if err != nil { + return template.Template{}, io.EOF + } + field := template.FieldTemplate{ + Length: length, + } + if length == template.VariableLength { + record.VariableLength = true + record.Length += 1 + } else { + record.Length += int(field.Length) + } + if fieldInfo, found := knownFields[key]; found { + min, max := fieldInfo.Decoder.MinLength(), fieldInfo.Decoder.MaxLength() + if length == template.VariableLength || min <= field.Length && field.Length <= max { + field.Info = fieldInfo + } else if logger != nil { + logger.Printf("Size of field %s in template is out of bounds (size=%d, min=%d, max=%d)", fieldInfo.Name, field.Length, min, max) + } + } else if logger != nil { + logger.Printf("Field %v in template not found", key) + } + record.Fields[i] = field + } + return record, nil +} + +func ReadTemplateFlowSet(d Decoder, buf *bytes.Buffer) (templates []*template.Template, err error) { + var row [4]byte + for { + if buf.Len() < 4 { + return templates, nil + } + if n, err := buf.Read(row[:]); err != nil || n != len(row) { + return nil, io.EOF + } + tID := binary.BigEndian.Uint16(row[:2]) + if tID < 256 { + return nil, errors.New("invalid template id") + } + count := int(binary.BigEndian.Uint16(row[2:])) + // Ignore empty template + if count == 0 { + continue + } + if buf.Len() < 2*count { + return nil, io.EOF + } + recordTemplate, err := ReadFields(d, buf, count) + if err != nil { + break + } + recordTemplate.ID = tID + templates = append(templates, &recordTemplate) + } + return templates, nil +} + +func (d DecoderV9) ReadOptionsTemplateFlowSet(buf *bytes.Buffer) (templates []*template.Template, err error) { + var header [6]byte + for buf.Len() >= len(header) { + if n, err := buf.Read(header[:]); err != nil || n < len(header) { + if err == nil { + err = io.EOF + } + return nil, err + } + tID := binary.BigEndian.Uint16(header[:2]) + if tID < 256 { + return nil, errors.New("invalid template id") + } + scopeLen := int(binary.BigEndian.Uint16(header[2:4])) + optsLen := int(binary.BigEndian.Uint16(header[4:])) + length := optsLen + scopeLen + if buf.Len() < int(length) { + return nil, io.EOF + } + if (scopeLen+optsLen) == 0 || scopeLen&3 != 0 || optsLen&3 != 0 { + return nil, fmt.Errorf("bad length for options template. scope=%d options=%d", scopeLen, optsLen) + } + template, err := ReadFields(d, buf, (scopeLen+optsLen)/4) + if err != nil { + return nil, err + } + template.ID = tID + template.ScopeFields = scopeLen / 4 + template.IsOptions = true + templates = append(templates, &template) + } + return templates, nil +} + +type PacketHeader struct { + Version, Count uint16 + SysUptime uint32 + UnixSecs time.Time + SequenceNo, SourceID uint32 +} + +type SetHeader struct { + SetID, Length uint16 +} + +func (h SetHeader) BodyLength() int { + if h.Length < 4 { + return 0 + } + return int(h.Length) - 4 +} + +func (h SetHeader) IsPadding() bool { + return h.SetID == 0 && h.Length == 0 +} + +func (h PacketHeader) ExporterMetadata(source net.Addr) record.Map { + return record.Map{ + "version": uint64(h.Version), + "timestamp": h.UnixSecs, + "uptimeMillis": uint64(h.SysUptime), + "address": source.String(), + "sourceId": uint64(h.SourceID), + } +} diff --git a/filebeat/input/netflow/decoder/v9/decoder_test.go b/filebeat/input/netflow/decoder/v9/decoder_test.go new file mode 100644 index 00000000000..46f8e15ff4a --- /dev/null +++ b/filebeat/input/netflow/decoder/v9/decoder_test.go @@ -0,0 +1,358 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package v9 + +import ( + "bytes" + "errors" + "io" + "testing" + "time" + + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/fields" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/template" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/test" +) + +func TestDecoderV9_ReadPacketHeader(t *testing.T) { + captureTime, err := time.Parse(time.RFC3339, "2018-11-22T20:53:03Z") + if !assert.NoError(t, err) { + t.Fatal(err) + } + decoder := DecoderV9{} + for _, tc := range []struct { + title string + packet []uint16 + expected PacketHeader + err error + }{ + { + title: "valid header", + packet: []uint16{ + 9, 4096, 0x1234, 0x5678, 23543, 5935, 0x1122, 0x3344, 0x5566, 0x7788, + }, + expected: PacketHeader{ + Version: 9, + Count: 4096, + SysUptime: 0x12345678, + UnixSecs: captureTime.UTC(), + SequenceNo: 0x11223344, + SourceID: 0x55667788, + }, + }, + { + title: "short header", + packet: []uint16{ + 9, 4096, 0x1234, 0x5678, 23543, 5935, 0x1122, 0x3344, 0x5566, + }, + err: io.EOF, + }, + } { + t.Run(tc.title, func(t *testing.T) { + raw := test.MakePacket(tc.packet) + header, _, _, err := decoder.ReadPacketHeader(raw) + assert.Equal(t, tc.err, err) + assert.Equal(t, tc.expected, header) + }) + } +} + +func TestDecoderV9_ReadFieldDefinition(t *testing.T) { + decoder := DecoderV9{} + for _, tc := range []struct { + title string + raw []byte + field fields.Key + length uint16 + err error + }{ + { + title: "valid field", + raw: []byte{ + 1, 2, 3, 4, + }, + field: fields.Key{FieldID: 0x0102}, + length: 0x0304, + }, + { + title: "short field", + raw: []byte{ + 1, 2, 3, + }, + err: io.EOF, + }, + { + title: "ignore enterprise id", + raw: []byte{ + 0x80, 1, 2, 3, + }, + field: fields.Key{FieldID: 0x8001}, + length: 0x0203, + }, + { + title: "max length", + raw: []byte{ + 0x12, 0x34, 0xff, 0xff, + }, + field: fields.Key{FieldID: 0x1234}, + length: 0xffff, + }, + } { + t.Run(tc.title, func(t *testing.T) { + field, length, err := decoder.ReadFieldDefinition(bytes.NewBuffer(tc.raw)) + assert.Equal(t, tc.err, err) + assert.Equal(t, tc.field, field) + assert.Equal(t, tc.length, length) + }) + } +} + +func TestDecoderV9_ReadFields(t *testing.T) { + decoder := DecoderV9{} + for _, tc := range []struct { + title string + packet []uint16 + count int + expected template.Template + err error + }{ + { + title: "valid fields", + packet: []uint16{ + 1, 4, + 5, 1, + 14, 2, + }, + count: 3, + expected: template.Template{ + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + }, + Length: 7, + }, + }, + { + title: "length out of bounds", + packet: []uint16{ + 1, 4, + 5, 11, + 14, 2, + }, + count: 3, + expected: template.Template{ + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 11}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + }, + Length: 17, + }, + }, + { + title: "ignore enterprise ID", + packet: []uint16{ + 1, 4, + 5, 1, + 0x8000 | 8232, 2, + }, + count: 3, + expected: template.Template{ + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + {Length: 2}, + }, + Length: 7, + }, + }, + { + title: "EOF", + packet: []uint16{ + 1, 4, + 5, 1, + }, + count: 3, + err: io.EOF, + }, + } { + t.Run(tc.title, func(t *testing.T) { + raw := test.MakePacket(tc.packet) + record, err := ReadFields(decoder, raw, tc.count) + assert.Equal(t, tc.err, err) + assert.Equal(t, tc.expected.Length, record.Length) + assert.Equal(t, tc.expected.VariableLength, record.VariableLength) + assert.Equal(t, tc.expected.ID, record.ID) + template.AssertFieldsEquals(t, tc.expected.Fields, record.Fields) + }) + } +} + +func TestReadOptionsTemplateFlowSet(t *testing.T) { + decoder := DecoderV9{} + for _, tc := range []struct { + title string + packet []uint16 + expected []*template.Template + err error + }{ + { + title: "valid fields", + packet: []uint16{ + 999, 4, 8, + 1, 4, + 5, 1, + 14, 2, + 998, 4, 0, + 16, 4, + }, + expected: []*template.Template{ + { + ID: 999, + Length: 7, + ScopeFields: 1, + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + }, + }, + { + ID: 998, + Length: 4, + ScopeFields: 1, + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "bgpSourceAsNumber", Decoder: fields.Unsigned32}}, + }, + }, + }, + }, + { + title: "EOF", + packet: []uint16{ + 999, 44, 8, + 1, 4, + 5, 1, + 14, 2, + 1, 4, 0, + 16, 4, + }, + err: io.EOF, + }, + { + title: "bad length", + packet: []uint16{ + 999, 4, 8, + 1, 4, + 5, 1, + 14, 2, + 1111, 4, 7, + 16, 4, + 0, 0, 0, 0, 0, 0, 0, 0, + }, + err: errors.New("bad length for options template. scope=4 options=7"), + }, + { + title: "invalid template ID", + packet: []uint16{ + 999, 4, 8, + 1, 4, + 5, 1, + 14, 2, + 1, 4, 6, + 16, 4, + 0, 0, 0, 0, 0, 0, 0, 0, + }, + err: errors.New("invalid template id"), + }, + } { + t.Run(tc.title, func(t *testing.T) { + raw := test.MakePacket(tc.packet) + templates, err := decoder.ReadOptionsTemplateFlowSet(raw) + assert.Equal(t, tc.err, err) + if assert.Len(t, templates, len(tc.expected)) { + for idx := range tc.expected { + template.AssertTemplateEquals(t, tc.expected[idx], templates[idx]) + } + } + }) + } +} + +func TestReadTemplateFlowSet(t *testing.T) { + decoder := DecoderV9{} + for _, tc := range []struct { + title string + packet []uint16 + expected []*template.Template + err error + }{ + { + title: "valid fields", + packet: []uint16{ + 999, 3, + 1, 4, + 5, 1, + 14, 2, + 998, 1, + 16, 4, + }, + expected: []*template.Template{ + { + ID: 999, + Length: 7, + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "octetDeltaCount", Decoder: fields.Unsigned64}}, + {Length: 1, Info: &fields.Field{Name: "ipClassOfService", Decoder: fields.Unsigned8}}, + {Length: 2, Info: &fields.Field{Name: "egressInterface", Decoder: fields.Unsigned32}}, + }, + }, + { + ID: 998, + Length: 4, + Fields: []template.FieldTemplate{ + {Length: 4, Info: &fields.Field{Name: "bgpSourceAsNumber", Decoder: fields.Unsigned32}}, + }, + }, + }, + }, + { + title: "EOF", + packet: []uint16{ + 999, 44, + 1, 4, + 5, 1, + 14, 2, + 1, 4, + 16, 4, + }, + err: io.EOF, + }, + { + title: "bad ID", + packet: []uint16{ + 99, 6, + 1, 4, + 5, 1, + 14, 2, + }, + err: errors.New("invalid template id"), + }, + } { + t.Run(tc.title, func(t *testing.T) { + raw := test.MakePacket(tc.packet) + templates, err := ReadTemplateFlowSet(decoder, raw) + assert.Equal(t, tc.err, err) + if assert.Len(t, templates, len(tc.expected)) { + for idx := range tc.expected { + template.AssertTemplateEquals(t, tc.expected[idx], templates[idx]) + } + } + }) + } +} diff --git a/filebeat/input/netflow/decoder/v9/session.go b/filebeat/input/netflow/decoder/v9/session.go new file mode 100644 index 00000000000..4813bd0cc19 --- /dev/null +++ b/filebeat/input/netflow/decoder/v9/session.go @@ -0,0 +1,198 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package v9 + +import ( + "log" + "net" + "sync" + "time" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/atomic" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/template" +) + +// SessionKey is the key used to lookup sessions: exporter address + port +// + source ID. +type SessionKey struct { + Addr string + SourceID uint32 +} + +// MakeSessionKey returns a session key. +func MakeSessionKey(addr net.Addr, sourceID uint32) SessionKey { + return SessionKey{addr.String(), sourceID} +} + +// TemplateKey is the type of key used to lookup templates. +type TemplateKey uint16 + +// TemplateWrapper wraps a template with an expiration flag. +type TemplateWrapper struct { + Template *template.Template + Delete atomic.Bool +} + +// SessionState holds the state for a single session (observation domain). +type SessionState struct { + mutex sync.RWMutex + Templates map[TemplateKey]*TemplateWrapper + lastSequence uint32 + logger *log.Logger + Delete atomic.Bool +} + +// NewSession creates a new session. +func NewSession(logger *log.Logger) *SessionState { + return &SessionState{ + logger: logger, + Templates: make(map[TemplateKey]*TemplateWrapper), + } +} + +// AddTemplate adds the passed template. +func (s *SessionState) AddTemplate(t *template.Template) { + s.logger.Printf("state %p addTemplate %d %p", s, t.ID, t) + s.mutex.Lock() + defer s.mutex.Unlock() + s.Templates[TemplateKey(t.ID)] = &TemplateWrapper{Template: t} +} + +// GetTemplate returns a template by ID. +func (s *SessionState) GetTemplate(id uint16) (template *template.Template) { + s.mutex.RLock() + defer s.mutex.RUnlock() + wrapper, found := s.Templates[TemplateKey(id)] + if found { + template = wrapper.Template + wrapper.Delete.Store(false) + } + return template +} + +// ExpireTemplates will remove those templates that have not been used +// since the last call to ExpireTemplates. +func (s *SessionState) ExpireTemplates() (alive int, removed int) { + var toDelete []TemplateKey + s.mutex.RLock() + for id, template := range s.Templates { + if !template.Delete.CAS(false, true) { + toDelete = append(toDelete, id) + } + } + total := len(s.Templates) + s.mutex.RUnlock() + if len(toDelete) > 0 { + s.mutex.Lock() + total = len(s.Templates) + for _, id := range toDelete { + if template, found := s.Templates[id]; found && template.Delete.Load() { + s.logger.Printf("expired template %v", id) + delete(s.Templates, id) + removed++ + } + } + s.mutex.Unlock() + } + return total - removed, removed +} + +// CheckReset returns if the session must be reset after the receipt of the +// given sequence number. +func (s *SessionState) CheckReset(seqNum uint32) (prev uint32, reset bool) { + s.mutex.Lock() + defer s.mutex.Unlock() + prev = s.lastSequence + if reset = !isValidSequence(prev, seqNum); reset { + s.Templates = make(map[TemplateKey]*TemplateWrapper) + } + s.lastSequence = seqNum + return +} + +func isValidSequence(current, next uint32) bool { + return next-current < MaxSequenceDifference || current-next < MaxSequenceDifference +} + +// SessionMap manages all the sessions for a collector. +type SessionMap struct { + mutex sync.RWMutex + Sessions map[SessionKey]*SessionState + logger *log.Logger +} + +// NewSessionMap returns a new SessionMap. +func NewSessionMap(logger *log.Logger) SessionMap { + return SessionMap{ + logger: logger, + Sessions: make(map[SessionKey]*SessionState), + } +} + +// GetOrCreate looks up the given session key and returns an existing session +// or creates a new one. +func (m *SessionMap) GetOrCreate(key SessionKey) *SessionState { + m.mutex.RLock() + session, found := m.Sessions[key] + if found { + session.Delete.Store(false) + } + m.mutex.RUnlock() + if !found { + m.mutex.Lock() + if session, found = m.Sessions[key]; !found { + session = NewSession(m.logger) + m.Sessions[key] = session + } + m.mutex.Unlock() + } + return session +} + +func (m *SessionMap) cleanup() (aliveSession int, removedSession int, aliveTemplates int, removedTemplates int) { + var toDelete []SessionKey + m.mutex.RLock() + total := len(m.Sessions) + for key, session := range m.Sessions { + a, r := session.ExpireTemplates() + aliveTemplates += a + removedTemplates += r + if !session.Delete.CAS(false, true) { + toDelete = append(toDelete, key) + } + } + m.mutex.RUnlock() + if len(toDelete) > 0 { + m.mutex.Lock() + total = len(m.Sessions) + for _, key := range toDelete { + if session, found := m.Sessions[key]; found && session.Delete.Load() { + delete(m.Sessions, key) + removedSession++ + } + } + m.mutex.Unlock() + } + return total - removedSession, removedSession, aliveTemplates, removedTemplates +} + +// CleanupLoop will expire the sessions that have been inactive for the given +// interval. +func (m *SessionMap) CleanupLoop(interval time.Duration, done <-chan struct{}) { + t := time.NewTicker(interval) + defer t.Stop() + for { + select { + case <-done: + return + + case <-t.C: + aliveS, removedS, aliveT, removedT := m.cleanup() + if removedS > 0 || removedT > 0 { + m.logger.Printf("Expired %d sessions (%d remain) / %d templates (%d remain)", removedS, aliveS, removedT, aliveT) + } + } + } +} diff --git a/filebeat/input/netflow/decoder/v9/session_test.go b/filebeat/input/netflow/decoder/v9/session_test.go new file mode 100644 index 00000000000..63bbf3314aa --- /dev/null +++ b/filebeat/input/netflow/decoder/v9/session_test.go @@ -0,0 +1,274 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package v9 + +import ( + "io/ioutil" + "log" + "math" + "sync" + "testing" + "time" + + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/template" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/test" +) + +var logger = log.New(ioutil.Discard, "", 0) + +func makeSessionKey(t testing.TB, ipPortPair string, domain uint32) SessionKey { + return MakeSessionKey(test.MakeAddress(t, ipPortPair), domain) +} + +func TestSessionMap_GetOrCreate(t *testing.T) { + t.Run("consistent behavior", func(t *testing.T) { + sm := NewSessionMap(logger) + + // Session is created + s1 := sm.GetOrCreate(makeSessionKey(t, "127.0.0.1:1234", 42)) + assert.NotNil(t, s1) + + // Get a different Session + s2 := sm.GetOrCreate(makeSessionKey(t, "127.0.0.1:1235", 42)) + assert.NotNil(t, s1) + assert.False(t, s1 == s2) + + // Get a different Session for diff IP same port + s3 := sm.GetOrCreate(makeSessionKey(t, "127.0.0.2:1234", 42)) + assert.NotNil(t, s3) + assert.False(t, s1 == s3 || s2 == s3) + + // Get a different Session for same IP diff port + s4 := sm.GetOrCreate(makeSessionKey(t, "127.0.0.1:1236", 42)) + assert.NotNil(t, s4) + assert.False(t, s1 == s4 || s2 == s4 || s3 == s4) + + // Get same Session for same params + s1b := sm.GetOrCreate(makeSessionKey(t, "127.0.0.1:1234", 42)) + assert.NotNil(t, s1b) + assert.True(t, s1 == s1b) + + // Get diff Session same source different observation domain + s2b := sm.GetOrCreate(makeSessionKey(t, "127.0.0.1:1235", 43)) + assert.NotNil(t, s2b) + assert.False(t, s2 == s2b) + + }) + t.Run("parallel", func(t *testing.T) { + // Goroutines should observe the same session when created in parallel + sm := NewSessionMap(logger) + key := makeSessionKey(t, "127.0.0.1:9995", 42) + const N = 8 + const Iters = 200 + C := make(chan *SessionState, N*Iters) + wg := sync.WaitGroup{} + wg.Add(N) + for i := 0; i < N; i++ { + go func() { + last := sm.GetOrCreate(key) + for iter := 0; iter < Iters; iter++ { + s := sm.GetOrCreate(key) + if last != s { + C <- last + last = s + } + } + C <- last + wg.Done() + }() + } + wg.Wait() + if !assert.NotEmpty(t, C) { + return + } + base := <-C + close(C) + for s := range C { + if !assert.True(t, s == base) { + return + } + } + }) +} + +func testTemplate(id uint16) *template.Template { + return &template.Template{ + ID: id, + } +} + +func TestSessionState(t *testing.T) { + logger := log.New(ioutil.Discard, "", 0) + t.Run("create and get", func(t *testing.T) { + s := NewSession(logger) + t1 := testTemplate(1) + s.AddTemplate(t1) + t2 := s.GetTemplate(1) + assert.True(t, t1 == t2) + }) + t.Run("update", func(t *testing.T) { + s := NewSession(logger) + t1 := testTemplate(1) + s.AddTemplate(t1) + + t2 := testTemplate(2) + s.AddTemplate(t2) + + t1c := s.GetTemplate(1) + assert.True(t, t1 == t1c) + + t2c := s.GetTemplate(2) + assert.True(t, t2 == t2c) + + t1b := testTemplate(1) + s.AddTemplate(t1b) + + t1c = s.GetTemplate(1) + assert.False(t, t1 == t1c) + assert.True(t, t1b == t1b) + }) +} + +func TestSessionMap_Cleanup(t *testing.T) { + sm := NewSessionMap(logger) + + // Session is created + k1 := makeSessionKey(t, "127.0.0.1:1234", 1) + s1 := sm.GetOrCreate(k1) + assert.NotNil(t, s1) + + sm.cleanup() + + // After a cleanup, first session still exists + assert.Len(t, sm.Sessions, 1) + + // Add new session + k2 := makeSessionKey(t, "127.0.0.1:1234", 2) + s2 := sm.GetOrCreate(k2) + assert.NotNil(t, s2) + assert.Len(t, sm.Sessions, 2) + + // After a new cleanup, s1 is removed because it was not accessed + // since the last cleanup. + sm.cleanup() + assert.Len(t, sm.Sessions, 1) + + _, found := sm.Sessions[k1] + assert.False(t, found) + + // s2 is still there + _, found = sm.Sessions[k2] + assert.True(t, found) + + // Access s2 again + sm.GetOrCreate(k2) + + // Cleanup should keep s2 because it has been used since the last cleanup + sm.cleanup() + + assert.Len(t, sm.Sessions, 1) + s2b, found := sm.Sessions[k2] + assert.True(t, found) + assert.True(t, s2 == s2b) + + sm.cleanup() + assert.Empty(t, sm.Sessions) +} + +func TestSessionMap_CleanupLoop(t *testing.T) { + timeout := time.Millisecond * 100 + sm := NewSessionMap(log.New(ioutil.Discard, "", 0)) + key := makeSessionKey(t, "127.0.0.1:1", 42) + s := sm.GetOrCreate(key) + + done := make(chan struct{}) + go sm.CleanupLoop(timeout, done) + + for found := true; found; { + sm.mutex.RLock() + _, found = sm.Sessions[key] + sm.mutex.RUnlock() + } + close(done) + s2 := sm.GetOrCreate(key) + assert.True(t, s != s2) + time.Sleep(timeout * 2) + s3 := sm.GetOrCreate(key) + assert.True(t, s2 == s3) +} + +func TestTemplateExpiration(t *testing.T) { + s := NewSession(logger) + assert.Nil(t, s.GetTemplate(256)) + assert.Nil(t, s.GetTemplate(257)) + s.AddTemplate(testTemplate(256)) + s.AddTemplate(testTemplate(257)) + + s.ExpireTemplates() + + assert.NotNil(t, s.GetTemplate(256)) + _, found := s.Templates[TemplateKey(257)] + assert.True(t, found) + + s.ExpireTemplates() + + _, found = s.Templates[TemplateKey(256)] + assert.True(t, found) + + assert.Nil(t, s.GetTemplate(257)) + + s.ExpireTemplates() + + assert.Nil(t, s.GetTemplate(256)) +} + +func TestSessionCheckReset(t *testing.T) { + for _, testCase := range []struct { + title string + current, next uint32 + reset bool + }{ + { + title: "Regular advance", + current: 12345, + next: 12385, + reset: false, + }, + { + title: "Out of order packet", + current: 12388, + next: 12345, + reset: false, + }, + { + title: "Actual reset", + current: 12345, + next: 9, + reset: true, + }, + { + title: "32-bit Wrap around", + current: math.MaxUint32, + next: 9, + reset: false, + }, + { + title: "Non-sequential stream", + current: 12345, + next: 78910, + reset: true, + }, + } { + t.Run(testCase.title, func(t *testing.T) { + s := NewSession(logger) + s.lastSequence = testCase.current + prev, isReset := s.CheckReset(testCase.next) + assert.Equal(t, prev, testCase.current) + assert.Equal(t, testCase.reset, isReset) + }) + } +} diff --git a/filebeat/input/netflow/decoder/v9/v9.go b/filebeat/input/netflow/decoder/v9/v9.go new file mode 100644 index 00000000000..30cb1405f39 --- /dev/null +++ b/filebeat/input/netflow/decoder/v9/v9.go @@ -0,0 +1,142 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package v9 + +import ( + "bytes" + "log" + "net" + "time" + + "github.com/pkg/errors" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/config" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/protocol" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/record" +) + +const ( + ProtocolName = "v9" + LogPrefix = "[netflow-v9] " + ProtocolID uint16 = 9 + MaxSequenceDifference = 1000 +) + +type NetflowV9Protocol struct { + decoder Decoder + logger *log.Logger + Session SessionMap + timeout time.Duration + done chan struct{} + detectReset bool +} + +func init() { + protocol.Registry.Register(ProtocolName, New) +} + +func New(config config.Config) protocol.Protocol { + logger := log.New(config.LogOutput(), LogPrefix, 0) + return NewProtocolWithDecoder(DecoderV9{Logger: logger, Fields: config.Fields()}, config, logger) +} + +func NewProtocolWithDecoder(decoder Decoder, config config.Config, logger *log.Logger) *NetflowV9Protocol { + return &NetflowV9Protocol{ + decoder: decoder, + Session: NewSessionMap(logger), + logger: logger, + timeout: config.ExpirationTimeout(), + detectReset: config.SequenceResetEnabled(), + } +} + +func (*NetflowV9Protocol) Version() uint16 { + return ProtocolID +} + +func (p *NetflowV9Protocol) Start() error { + p.done = make(chan struct{}) + if p.timeout != time.Duration(0) { + go p.Session.CleanupLoop(p.timeout, p.done) + } + return nil +} + +func (p *NetflowV9Protocol) Stop() error { + if p.done != nil { + close(p.done) + } + return nil +} + +func (p *NetflowV9Protocol) OnPacket(buf *bytes.Buffer, source net.Addr) (flows []record.Record, err error) { + header, payload, numFlowSets, err := p.decoder.ReadPacketHeader(buf) + if err != nil { + p.logger.Printf("Unable to read V9 header: %v", err) + return nil, errors.Wrapf(err, "error reading header") + } + buf = payload + + session := p.Session.GetOrCreate(MakeSessionKey(source, header.SourceID)) + remote := source.String() + + p.logger.Printf("Packet from:%s src:%d seq:%d", remote, header.SourceID, header.SequenceNo) + if p.detectReset { + if prev, reset := session.CheckReset(header.SequenceNo); reset { + p.logger.Printf("Session %s reset (sequence=%d last=%d)", remote, header.SequenceNo, prev) + } + } + + for ; numFlowSets > 0; numFlowSets-- { + set, err := p.decoder.ReadSetHeader(buf) + if err != nil || set.IsPadding() { + break + } + if buf.Len() < set.BodyLength() { + p.logger.Printf("FlowSet ID %+v overflows packet from %s", set, source) + break + } + body := bytes.NewBuffer(buf.Next(set.BodyLength())) + p.logger.Printf("FlowSet ID %d length %d", set.SetID, set.BodyLength()) + + f, err := p.parseSet(set.SetID, session, body) + if err != nil { + p.logger.Printf("Error parsing set %d: %v", set.SetID, err) + return nil, errors.Wrapf(err, "error parsing set") + } + flows = append(flows, f...) + } + metadata := header.ExporterMetadata(source) + for idx := range flows { + flows[idx].Exporter = metadata + flows[idx].Timestamp = header.UnixSecs + } + return flows, nil +} + +func (p *NetflowV9Protocol) parseSet( + setID uint16, + session *SessionState, + buf *bytes.Buffer) (flows []record.Record, err error) { + + if setID >= 256 { + // Flow of Options record, lookup template and generate flows + if template := session.GetTemplate(setID); template != nil { + return template.Apply(buf, 0) + } + p.logger.Printf("No template for ID %d", setID) + return nil, nil + } + + // Template sets + templates, err := p.decoder.ReadTemplateSet(setID, buf) + if err != nil { + return nil, err + } + for _, template := range templates { + session.AddTemplate(template) + } + return flows, nil +} diff --git a/filebeat/input/netflow/decoder/v9/v9_test.go b/filebeat/input/netflow/decoder/v9/v9_test.go new file mode 100644 index 00000000000..007f006ac13 --- /dev/null +++ b/filebeat/input/netflow/decoder/v9/v9_test.go @@ -0,0 +1,251 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package v9 + +import ( + "bytes" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/config" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/fields" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/test" +) + +func TestNetflowV9Protocol_ID(t *testing.T) { + assert.Equal(t, ProtocolID, New(config.Defaults()).Version()) +} + +func TestNetflowProtocol_New(t *testing.T) { + proto := New(config.Defaults()) + + assert.Nil(t, proto.Start()) + assert.Equal(t, uint16(9), proto.Version()) + assert.Nil(t, proto.Stop()) +} + +func TestOptionTemplates(t *testing.T) { + const sourceID = 1234 + addr := test.MakeAddress(t, "127.0.0.1:12345") + key := MakeSessionKey(addr, sourceID) + + t.Run("Single options template", func(t *testing.T) { + proto := New(config.Defaults()) + flows, err := proto.OnPacket(test.MakePacket([]uint16{ + // Header + // Version, Count, Uptime, Ts, SeqNo, Source + 9, 1, 11, 11, 22, 22, 33, 33, 0, 1234, + // Set #1 (options template) + 1, 24, /*len of set*/ + 999, 4 /*scope len*/, 8, /*opts len*/ + 1, 4, // Fields + 2, 4, + 3, 4, + 0, // Padding + }), addr) + assert.NoError(t, err) + assert.Empty(t, flows) + + v9proto, ok := proto.(*NetflowV9Protocol) + assert.True(t, ok) + + assert.Len(t, v9proto.Session.Sessions, 1) + s, found := v9proto.Session.Sessions[key] + assert.True(t, found) + assert.Len(t, s.Templates, 1) + opt := s.GetTemplate(999) + assert.NotNil(t, opt) + assert.True(t, opt.ScopeFields > 0) + }) + + t.Run("Multiple options template", func(t *testing.T) { + proto := New(config.Defaults()) + raw := test.MakePacket([]uint16{ + // Header + // Version, Count, Uptime, Ts, SeqNo, Source + 9, 2, 11, 11, 22, 22, 33, 33, 0, 1234, + // Set #1 (options template) + 1, 22 + 26, /*len of set*/ + 999, 4 /*scope len*/, 8, /*opts len*/ + 1, 4, // Fields + 2, 4, + 3, 4, + 998, 8, 12, + 1, 4, + 2, 2, + 3, 3, + 4, 1, + 5, 1, + 0, + }) + flows, err := proto.OnPacket(raw, addr) + assert.NoError(t, err) + assert.Empty(t, flows) + + v9proto, ok := proto.(*NetflowV9Protocol) + assert.True(t, ok) + assert.Len(t, v9proto.Session.Sessions, 1) + s, found := v9proto.Session.Sessions[key] + assert.True(t, found) + assert.Len(t, s.Templates, 2) + for _, id := range []uint16{998, 999} { + opt := s.GetTemplate(id) + assert.NotNil(t, opt) + assert.True(t, opt.ScopeFields > 0) + } + }) + + t.Run("records discarded", func(t *testing.T) { + proto := New(config.Defaults()) + raw := test.MakePacket([]uint16{ + // Header + // Version, Count, Uptime, Ts, SeqNo, Source + 9, 1, 11, 11, 22, 22, 33, 33, 0, 1234, + // Set #1 (options template) + 9998, 8, /*len of set*/ + 1, 2, + }) + flows, err := proto.OnPacket(raw, addr) + assert.NoError(t, err) + assert.Empty(t, flows) + + v9proto, ok := proto.(*NetflowV9Protocol) + assert.True(t, ok) + + assert.Len(t, v9proto.Session.Sessions, 1) + s, found := v9proto.Session.Sessions[key] + assert.True(t, found) + assert.Len(t, s.Templates, 0) + + raw = test.MakePacket([]uint16{ + // Header + // Version, Count, Uptime, Ts, SeqNo, Source + 9, 1, 11, 11, 22, 22, 33, 33, 0, 1234, + // Set #1 (options template) + 1, 14, /*len of set*/ + 9998, 4, 0, + 3, 4, + }) + flows, err = proto.OnPacket(raw, addr) + assert.NoError(t, err) + assert.Empty(t, flows) + assert.Len(t, v9proto.Session.Sessions, 1) + assert.Len(t, s.Templates, 1) + }) +} + +func TestSessionReset(t *testing.T) { + addr := test.MakeAddress(t, "127.0.0.1:12345") + templatePacket := []uint16{ + // Header + // Version, Count, Uptime, Ts, SeqNo, Source + 9, 1, 11, 11, 22, 22, 33, 33, 0, 1234, + // Set #1 (template) + 0, 20, /*len of set*/ + 999, 3, /*len*/ + 1, 4, // Fields + 2, 4, + 3, 4, + } + flowsPacket := []uint16{ + // Header + // Version, Count, Uptime, Ts, SeqNo, Source + 9, 1, 11, 11, 22, 22, 00, 33, 0, 1234, + // Set #1 (template) + 999, 16, /*len of set*/ + 1, 1, + 2, 2, + 3, 3, + } + t.Run("Reset disabled", func(t *testing.T) { + cfg := config.Defaults() + cfg.WithSequenceResetEnabled(false).WithLogOutput(test.TestLogWriter{TB: t}) + proto := New(cfg) + flows, err := proto.OnPacket(test.MakePacket(templatePacket), addr) + assert.NoError(t, err) + assert.Empty(t, flows) + flows, err = proto.OnPacket(test.MakePacket(flowsPacket), addr) + assert.NoError(t, err) + assert.Len(t, flows, 1) + }) + t.Run("Reset enabled", func(t *testing.T) { + cfg := config.Defaults() + cfg.WithSequenceResetEnabled(true).WithLogOutput(test.TestLogWriter{TB: t}) + proto := New(cfg) + flows, err := proto.OnPacket(test.MakePacket(templatePacket), addr) + assert.NoError(t, err) + assert.Empty(t, flows) + flows, err = proto.OnPacket(test.MakePacket(flowsPacket), addr) + assert.NoError(t, err) + assert.Empty(t, flows) + }) + t.Run("No cross-domain reset", func(t *testing.T) { + mkPack := func(source []uint16, sourceID, seqNo uint32) *bytes.Buffer { + tmp := make([]uint16, len(source)) + copy(tmp, source) + tmp[6] = uint16(seqNo >> 16) + tmp[7] = uint16(seqNo & 0xffff) + tmp[8] = uint16(sourceID >> 16) + tmp[9] = uint16(sourceID & 0xffff) + return test.MakePacket(tmp) + } + cfg := config.Defaults() + cfg.WithSequenceResetEnabled(true).WithLogOutput(test.TestLogWriter{TB: t}) + proto := New(cfg) + flows, err := proto.OnPacket(mkPack(templatePacket, 1, 1000), addr) + assert.NoError(t, err) + assert.Empty(t, flows) + flows, err = proto.OnPacket(mkPack(templatePacket, 2, 500), addr) + assert.NoError(t, err) + assert.Empty(t, flows) + flows, err = proto.OnPacket(mkPack(flowsPacket, 1, 1001), addr) + assert.NoError(t, err) + assert.Len(t, flows, 1) + flows, err = proto.OnPacket(mkPack(flowsPacket, 2, 501), addr) + assert.NoError(t, err) + assert.Len(t, flows, 1) + }) +} + +func TestCustomFields(t *testing.T) { + addr := test.MakeAddress(t, "127.0.0.1:12345") + + conf := config.Defaults() + conf.WithCustomFields(fields.FieldDict{ + fields.Key{FieldID: 33333}: &fields.Field{Name: "customField", Decoder: fields.String}, + }) + assert.Contains(t, conf.Fields(), fields.Key{FieldID: 33333}) + proto := New(conf) + flows, err := proto.OnPacket(test.MakePacket([]uint16{ + // Header + // Version, Count, Uptime, Ts, SeqNo, Source + 9, 1, 11, 11, 22, 22, 33, 33, 0, 1234, + // Set #1 (template) + 0, 20, /*len of set*/ + 999, 3, /*len*/ + 1, 4, // Fields + 2, 4, + 33333, 8, + }), addr) + assert.NoError(t, err) + assert.Empty(t, flows) + + flows, err = proto.OnPacket(test.MakePacket([]uint16{ + // Header + // Version, Count, Uptime, Ts, SeqNo, Source + 9, 1, 11, 11, 22, 22, 33, 34, 0, 1234, + // Set #1 (template) + 999, 20, /*len of set*/ + 1, 1, + 2, 2, + 0x4865, 0x6c6c, + 0x6f20, 0x3a29, + }), addr) + assert.NoError(t, err) + assert.Len(t, flows, 1) + assert.Contains(t, flows[0].Fields, "customField") + assert.Equal(t, flows[0].Fields["customField"], "Hello :)") +} diff --git a/filebeat/input/netflow/definitions.go b/filebeat/input/netflow/definitions.go new file mode 100644 index 00000000000..267abef5a92 --- /dev/null +++ b/filebeat/input/netflow/definitions.go @@ -0,0 +1,217 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package netflow + +import ( + "fmt" + "io/ioutil" + "math" + "os" + "strconv" + + "github.com/pkg/errors" + "gopkg.in/yaml.v2" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/fields" +) + +var logstashName2Decoder = map[string]fields.Decoder{ + "double": fields.Float64, + "float": fields.Float32, + "int8": fields.Signed8, + "int15": fields.SignedDecoder(15), + "int16": fields.Signed16, + "int24": fields.SignedDecoder(24), + "int32": fields.Signed32, + "int64": fields.Signed64, + "ip4_addr": fields.Ipv4Address, + "ip4addr": fields.Ipv4Address, + "ip6_addr": fields.Ipv6Address, + "ip6addr": fields.Ipv6Address, + "mac_addr": fields.MacAddress, + "macaddr": fields.MacAddress, + "string": fields.String, + "uint8": fields.Unsigned8, + "uint15": fields.UnsignedDecoder(15), + "uint16": fields.Unsigned16, + "uint24": fields.UnsignedDecoder(24), + "uint32": fields.Unsigned32, + "uint64": fields.Unsigned64, + "octet_array": fields.OctetArray, + "octetarray": fields.OctetArray, + "acl_id_asa": fields.ACLID, + "mpls_label_stack_octets": fields.UnsupportedDecoder{}, + "application_id": fields.UnsupportedDecoder{}, + "forwarding_status": fields.UnsupportedDecoder{}, +} + +// LoadFieldDefinitions takes a parsed YAML tree from a Logstash +// Netflow or IPFIX custom fields format and converts it to a FieldDict. +func LoadFieldDefinitions(yaml interface{}) (defs fields.FieldDict, err error) { + tree, ok := yaml.(map[interface{}]interface{}) + if !ok { + return nil, fmt.Errorf("invalid custom fields definition format: expected a mapping of integer keys. Got %T", yaml) + } + if len(tree) == 0 { + return nil, nil + } + isIPFIX, err := fieldsAreIPFIX(tree) + if err != nil { + return nil, err + } + defs = fields.FieldDict{} + if !isIPFIX { + if err := loadFields(tree, 0, defs); err != nil { + return nil, errors.Wrap(err, "failed to load NetFlow fields") + } + return defs, nil + } + for pemI, fields := range tree { + pem, err := toInt(pemI) + if err != nil { + return nil, err + } + if !fits(pem, 0, math.MaxUint32) { + return nil, fmt.Errorf("PEM %d out of uint32 range", pem) + } + tree, ok := fields.(map[interface{}]interface{}) + if !ok { + return nil, fmt.Errorf("IPFIX fields for pem=%d malformed", pem) + } + if err := loadFields(tree, uint32(pem), defs); err != nil { + return nil, errors.Wrapf(err, "failed to load IPFIX fields for pem=%d", pem) + } + } + return defs, nil +} + +// LoadFieldDefinitionsFromFile takes the path to a YAML file in Logstash +// Netflow or IPFIX custom fields format and converts it to a FieldDict. +func LoadFieldDefinitionsFromFile(path string) (defs fields.FieldDict, err error) { + file, err := os.Open(path) + if err != nil { + return nil, err + } + defer file.Close() + contents, err := ioutil.ReadAll(file) + if err != nil { + return nil, err + } + var tree interface{} + if err := yaml.Unmarshal(contents, &tree); err != nil { + return nil, errors.Wrap(err, "unable to parse YAML") + } + return LoadFieldDefinitions(tree) +} + +func fits(value, min, max int64) bool { + return value >= min && value <= max +} + +func trimColon(s string) string { + if len(s) > 0 && s[0] == ':' { + return s[1:] + } + return s +} + +func toInt(value interface{}) (int64, error) { + switch v := value.(type) { + case int64: + return v, nil + case int: + return int64(v), nil + case string: + return strconv.ParseInt(v, 0, 64) + } + return 0, fmt.Errorf("value %v cannot be converted to int", value) +} + +func loadFields(def map[interface{}]interface{}, pem uint32, dest fields.FieldDict) error { + for keyI, iface := range def { + fieldID, err := toInt(keyI) + if err != nil { + return err + } + if !fits(fieldID, 0, math.MaxUint16) { + return fmt.Errorf("field ID %d out of range uint16", fieldID) + } + list, ok := iface.([]interface{}) + if !ok { + return fmt.Errorf("field ID %d is not a list", fieldID) + } + bad := true + var fieldType, fieldName string + switch len(list) { + case 2: + switch v := list[0].(type) { + case string: + fieldType = trimColon(v) + case int: + if v == 0 { + v = 4 + } + fieldType = fmt.Sprintf("uint%d", v*8) + } + if name, ok := list[1].(string); ok { + fieldName = trimColon(name) + bad = len(fieldType) == 0 || len(fieldName) == 0 + } + case 1: + str, ok := list[0].(string) + if ok && trimColon(str) == "skip" { + continue + } + } + if bad { + return fmt.Errorf("bad field ID %d: should have two items (type, name) or one (:skip) (Got %+v)", fieldID, list) + } + key := fields.Key{ + EnterpriseID: uint32(pem), + FieldID: uint16(fieldID), + } + if _, exists := dest[key]; exists { + return fmt.Errorf("repeated field ID %d", fieldID) + } + decoder, found := logstashName2Decoder[fieldType] + if !found { + return fmt.Errorf("field ID %d has unknown type %s", fieldID, fieldType) + } + dest[key] = &fields.Field{ + Name: fieldName, + Decoder: decoder, + } + } + return nil +} + +func fieldsAreIPFIX(tree map[interface{}]interface{}) (bool, error) { + if len(tree) == 0 { + return false, errors.New("custom fields definition is empty") + } + var seenList, seenMap bool + for key, value := range tree { + var msg string + switch v := value.(type) { + case map[interface{}]interface{}: + seenMap = true + if seenList { + msg = "expected IPFIX map of fields" + } + case []interface{}: + seenList = true + if seenMap { + msg = "expected NetFlow single field definition" + } + default: + msg = fmt.Sprintf("unexpected format, got %T", v) + } + if len(msg) > 0 { + return false, fmt.Errorf("inconsistent custom fields definition format: %s at key %v", + msg, key) + } + } + return seenMap, nil +} diff --git a/filebeat/input/netflow/definitions_test.go b/filebeat/input/netflow/definitions_test.go new file mode 100644 index 00000000000..8fdcbcac785 --- /dev/null +++ b/filebeat/input/netflow/definitions_test.go @@ -0,0 +1,110 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package netflow + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "gopkg.in/yaml.v2" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/fields" +) + +func TestLoadFieldDefinitions(t *testing.T) { + for _, testCase := range []struct { + title, yaml string + expected fields.FieldDict + }{ + { + title: "IPFIX definitions", + yaml: ` +1234: + 0: + - :skip + 7: + - 4 + - :rawField + 11: + - :ip4_addr + - :ip4_field + 33: + - :ip6_addr + - :ipv6_field + 42: + - :int15 + - :dword_field +0x29a: + 128: + - :mac_addr + - :mac_field + 999: + - :string + - :name +`, + expected: fields.FieldDict{ + fields.Key{EnterpriseID: 1234, FieldID: 7}: &fields.Field{Name: "rawField", Decoder: fields.Unsigned32}, + fields.Key{EnterpriseID: 1234, FieldID: 11}: &fields.Field{Name: "ip4_field", Decoder: fields.Ipv4Address}, + fields.Key{EnterpriseID: 1234, FieldID: 33}: &fields.Field{Name: "ipv6_field", Decoder: fields.Ipv6Address}, + fields.Key{EnterpriseID: 1234, FieldID: 42}: &fields.Field{Name: "dword_field", Decoder: fields.SignedDecoder(15)}, + fields.Key{EnterpriseID: 666, FieldID: 128}: &fields.Field{Name: "mac_field", Decoder: fields.MacAddress}, + fields.Key{EnterpriseID: 666, FieldID: 999}: &fields.Field{Name: "name", Decoder: fields.String}, + }, + }, + { + title: "NetFlow definitions", + yaml: ` +1: + - :double + - MyDouble +2: + - :float + - :SomeFloat +3: + - skip +4: + - mac_addr + - :peerMac +5: + - 3 + - :rgbColor +6: + - :octet_array + - :bunchBytes +7: + - :skip +8: + - :forwarding_status + - :status +`, + expected: fields.FieldDict{ + fields.Key{EnterpriseID: 0, FieldID: 1}: &fields.Field{Name: "MyDouble", Decoder: fields.Float64}, + fields.Key{EnterpriseID: 0, FieldID: 2}: &fields.Field{Name: "SomeFloat", Decoder: fields.Float32}, + fields.Key{EnterpriseID: 0, FieldID: 4}: &fields.Field{Name: "peerMac", Decoder: fields.MacAddress}, + fields.Key{EnterpriseID: 0, FieldID: 5}: &fields.Field{Name: "rgbColor", Decoder: fields.UnsignedDecoder(24)}, + fields.Key{EnterpriseID: 0, FieldID: 6}: &fields.Field{Name: "bunchBytes", Decoder: fields.OctetArray}, + fields.Key{EnterpriseID: 0, FieldID: 8}: &fields.Field{Name: "status", Decoder: fields.UnsupportedDecoder{}}, + }, + }, + } { + t.Run(testCase.title, func(t *testing.T) { + var tree interface{} + if err := yaml.Unmarshal([]byte(testCase.yaml), &tree); err != nil { + t.Fatal(err) + } + defs, err := LoadFieldDefinitions(tree) + if !assert.NoError(t, err) { + t.Fatal(err) + } + if !assert.Len(t, defs, len(testCase.expected)) { + t.FailNow() + } + for key, value := range testCase.expected { + assert.Contains(t, defs, key) + assert.Equal(t, *value, *defs[key]) + } + }) + } +} diff --git a/filebeat/input/netflow/doc.go b/filebeat/input/netflow/doc.go new file mode 100644 index 00000000000..371e8cd6685 --- /dev/null +++ b/filebeat/input/netflow/doc.go @@ -0,0 +1,7 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package netflow + +//go:generate go run fields_gen.go -output _meta/fields.yml --column-name=2 --column-type=3 --header _meta/fields.header.yml decoder/fields/ipfix-information-elements.csv diff --git a/filebeat/input/netflow/fields.go b/filebeat/input/netflow/fields.go new file mode 100644 index 00000000000..c1b9fcf244e --- /dev/null +++ b/filebeat/input/netflow/fields.go @@ -0,0 +1,23 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package netflow + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "netflow", asset.ModuleFieldsPri, AssetNetflow); err != nil { + panic(err) + } +} + +// AssetNetflow returns asset data. +// This is the base64 encoded gzipped contents of input/netflow. +func AssetNetflow() string { + return "eJysXU2T5CbSvs+vUPjyXl5P+Gv2Yw572nWsD7vrgw97IxDKknBLQAOq6vKv3wAkFVWCahL1HBzhnn4eEkiS/ELzbfMC16+NAHsa5eVT01huR/jafPNvsD+P8vLNp6bpwDDNleVSfG3+9qlpmuZnDmNnmpOWU7P8ZkNF1/zy68+//LdxVObzp6Y5+V/76iHfNoJOEA/l/tirgq9Nr+Wslp8kRnt3xM/Lr8XjxWO6UbYfroO+wPUidRf9PDO0+/PbAB7WyNM2vAYmdbegWuia9trYgZsGziDs5087MeBNSW1B70SJ5/+OIP8CSztqaaNhpBa6xsrGDrBxNx2cOYPGDtQ2PQjQ4becXEHgzxHf44LF0tKu02DM3d/l1+4dsd2ffywi/p9xSnCR+mUdo+Gi+eXXr+6vm5PUE41XL5bJyFkzIPxx5CDVKEWPE+k/rQF9pu6vm05O1Mnxd7ekl4GzIV61pgVHbzKCWT6BsXRSScE6agEn2G98Aq/fDuqULuxvZvRZufHJxMeRpzcMvzT/lBePutcupSVzGzZQ07QAotGzEFz0/++2MIwPTIout05n0IZLkZSRCwv93ekoEHM9jAtxMxvoEkdPMguWdDBaSpichd2dQb9CO5yi7KUKGBDO0uHG09JKJkfCOxCWn3jCWphBaruHckXYSI0h8kScVnO2t3kZqGWKMCmsliNpuTU73Lo1O+RyIK2mwjgVIe4/aDhX55/I3t4sYPUcpzSc+BsZQfR2KF4s0bvBiJNMn2hiqXLbaiwX3mBUTzrmQM98B66aPtTNnisi4M2SQSq85G2vyLJv1BAxT21Ct9PjOmg88Rp8veBKGksmRo0l1eYg4qg1Rd6WgOiIuRoyK+JMPgZqLNW2AuxFr7af8siqTVzwaZ4IV8RKS8eclmfQ9O0A+mZi/nTkgOLA8aBVB3s3ehWL15eRtjB6klLrwCZF3C8QJrtgnMuNIu8XcKmMhk5q5KIPRuxMx9J9XXF07KXmdphQq0KZ5Wfw50fOCKPvwbwbK6Agei4AtTgL5M5Pfg4IDl63HPRwXjBHdSOYwBjawxEKv1bB7a6g8fZdy9mCJoZVuhNH7uIi7KRGQ6xUyzHDbO4DFO88uRMAGqEdK2KSHe58giaaik5O2FMaPNmEhM8vCmv3A+RWcbkdEJCTpv0Ewm7OOfN7j7kKDzjpi5JOlGV3ew3L02PH6lrFch6pSO1J1nL5YdEorsg+THzfMndcA0vuRz5gip1C3E396FLi0B4AbxaEmyYZgHag99CMst+ff2MpeyEGN3fPkcD/cJTgx6MEe58BSfDlKMHe30ES/PkowV+OEvz1KMH339V4nPW26Yhx26JY4v6/BhflmMrh6wWHG7TWv1piKDzwNNLeEOrixvy9n4Gu9508nQxgnF2pL1R3zss2ltp5v5nP1PGsRPDfSMedbvUzN0N5HuzBPFYFQEYzYjU9nTgjXHSw9+ky6SFjq3BUqXHxJuqUMSYo9+tiFE6NV2em46fgyISYT0meUMzcRs2j5T4louEmx4kyK0sTO8GXwonuMZvzRtCh0kivoH9YzuNiLtEnJEli+B/7eeAoOmpp6UQ2F4Z2v1PmznlNXk1pONczrIUFfBQTI5EZGi2V2kLditT+gq+vDdwJgDfpDwLU3AlLKlEDNeVOI5PTJAVRWirQlgMiQJO3QlswEuXQfVpp76BlD8k+VsbpyuhsA6O6K5fXVwTKI1ewoN1FuVTWypHhAFRBLUxqpDZp9bJLeXFxHBuoEG4hi82lhxmTAGQt9JIrq1CtUMNFeDhRYjzULXdAX7vNn6AKWBgvLpZiB63FriMzLatHrsOGkQUVtQNXQsO4wUQ/lf0dQ1nNYK7GwkS44JZERXr8TLpZL0HWM4In04gI0LMIZ2xNzVbkZHsh9ZEbayWovTKFdCdc2NoJbPjqGWwM1bd+urRTdI3t60pFsKj0VxGxRqW/ShflBa4ujHKuenFIsK/WVooeV2srFHbzWpJ1sFxK0qHy1bNnqHWs4uzV3VjFqLnbqvi4rgcHjFUYh7asclgHPDgsvM4gGOACG4ek7EXIywhdDz6Ngia4cNG5SwwVFzrgrHtvrKTPceGwIRmN7aepxMWFeWTFWNHrKGkXgRFxAVeYwk9I9If5YQ6Ljz7u5Sw1H8dSK9zH5Qw6p7iloC3d51OGpag4ijbz5AtbrzPVUOxbRBa2iuCxlIqoAT5mv3H9JY/oDhQOfBMa3hRmb2tUyhngtTifAeaPiyFbtq5czvNPhA/Fm+F/X/q8Z+nOO3OFQyja+bS0V7piHWdyHIFZWZGmuoPicg8hwEc36S2wrZMUWUtd4FFz40KEX6zaBskttVdL4K/tq6hw2xzyxGuR2tS4ig6pzFCJdIanDjnrvqq9pqabznvUgm6FvromTEdwqHt2YVGbHLUadiP6iI5gNy+pee95RL9OiWigY3F7miPxL0+KDa7glrvIKmcN01upwSgpnCuEgp24hgsdR6yMoVP5rE/liVE85KzJqaIAVn+Jx949oyPCvW95XbcL2AG0AFvnp2/od1yPvE1fCZ4aj3zPvLTfv+JbiQJMaS41t9fSyQYUm42VE+jaUTc8dvgJrJYEziw1aFYhbyiL6CVUBuZOkgvXyWJAxphHoORgebMZIdcHJw8PyZ7ePYs1UMPVcEZHvG90EB/66Op0McLWq9btGOHWfSnX44PCxZvzt1tl+nrxKA2zihirgU6oKU/0jawUqHEdsLJOs8ZJU/eFsAHYi5mL7+EVa5hE9PRyUTlJLkh1FUsq+joDMhgyYHzTIm5+8V5UFJEe8GgdvMPja0kPq1wzgUcG/BTuGfCTuAVmDPTSvlz+omCNySqwHbV06ed3Pu3IacvH1IXYSjkCFc9rvKF9AHPJCbi420asPTLoho0IbObpVknDFdEiFh8oUJZr1yqOoXAJhVwMhWNxBErKZA9ApvS1InAuNhVSXCf+x9IXlkxKZm+Ne7AFNgj+OiOuTC7CS3TfIzaGBH66pS9/6/6gwshylP1e27MTt7PvsaiBgmD6qix0Vei2V+RMR95xe/Wdm8VHjCt3GIhRvFAneg3kBfay5TUIc+JvoW2oAeJjWxwu0YOC03UDq5e1lZuKj1fASkRjb1K3ES7ZNmL+DV0eu76/W6qztc/31sZHVe69b1jvydYO7MFVwybreO9NU6p5xDwzuiG1bHMXbSfndky4CP6mHrl4ISdN3TRRlcdbEfC+KxVhRNb0Qh3BTvyPeRSDwh+bQXSWl0yJerGGrP03eIsQs4QfF7PQ1shxtkBA60T7RU6H/Idp+BkLi01oOGK4UOYRXuFhJzjQfv6OA++nd7wHY8lAzeBu44TTkt4vD4jOUKYnvQyMsFUeKmerZks0FS5s5qXWKoGlpY8mPHbV6bqRH9G4sZeNCuKXBzNhqb2H4jRUozZ5O9o4/2JWysVunIx84ntZc4dylJcaGJPixH2aiYxwhv0VmwOmHBNv1HHOX4Kk5lFNigi37CmGoGot9MWqmmcBccTlMzBRYTkrTv2kSGaB+mCQ0vxM3Z3ivC+luUH2VZ25tjP1F3QIX7dHfOUt6XkO3O4+8sxzvQy4kcPbH2Kgz/nu6dVbcLUvX+7gFaXjJX0/C36sP3Mlur0gO0zVakm7Y1TwQbODD5NokoJbqeOvpMT5R2yqOcG2pWORXD7THWyYFwhhQG7IlPUrwRkLChnaRGgxT768j/lKmqV1T5sdEN3kcLGq9iH1w2fB0tfuU62twmr7fpttvrHYoB9hx+9eGbXQS309QGHm9iNo/FdAsc/JQ9fI6CsDhigNJtVdkcla3YOXpFlxfPgAZ3JSI5TDw+NuZoNF822fa147q7qlTPcJ7sN0JU1LdaJ9AGFJNaBSOCyhD2T8q33N2zk8NgI7yGKvSJ/Yj1++fEd+59aCrnnqtGNAv3V6YHgWv2eW1df4O9inwrMh4UNbAAobaoIHMrIRwYFX0fcs1W+j72lCqxOaZJ//CibqcBot0CDzaFtGNrxrrUw7h4VRlPG7L/m+v5ZHkt4JBpwIPtcRdtGXRcq18tZLWauRUTdmrTZuV1z9dwqSFLiK60Zx5Kmz3/kJOnfD41+Mr+8vo1J+zRPGh/x80kV8UnWq+9bGirv/xiHCfQ/WeflcG+HCWOocVUv3p+BpR+GOoXj5M/iDjY1HPrq0u7E+4itQB9MT0bPNj2A6mO3ISVMRxi9fN1xoDnwKt55h/ebIwYVN0tQ/Bz9Is73JPsiTWJSql2wJMY7wBCNbneZbbDRe8aMm30OvNR52uVaeibdEtr8Ds6HSQvb/0MA7F8COIeyQC3MSnlC2xfORpDxbvMMmv9JfCn4SESc/VfuI94tfnLHfwXs696WZoR3Y+6CWs5fi16GPDLMwvBfF3nuEx/+bDA5s5vYZMj+q7zZDf//AIRlVdtaw1tGRVR7PIIWFN4v/OloMxqWyooWuBlaV+SK8uQqbqAE/hU6ym0ds6WiSLR+B8MnsI/33QJPhpkPMb7C+8Z7a2fin5AjPOfVIzmSKwVkWP76G1xmcQ5TOBz0XfgUPMvH8uAxqqe4TQcNz8NrKn3tCm0ULaiu8fB+iuTiv6v0fvB1BO4lfZ2kpgTcG0EGXeaj3pEFz0GAGOeKQfqF9Dp/2KdTzHfKmJtcO/p5mUCMFUYOmBnNy6RtZn0CAsJqXf6eAvpGWtxWoBUEUaL9UCKiZ2/DPk5V/Xpq+kfVTEG5I4R/Mu9UyMLVjacvuqoW+8Xvg/XDTjxoG/9mmagJtyUSVchM5KErE9GEirdtaJ1s/yjY69YfmeVaiwMv5XwAAAP//WmxoCA==" +} diff --git a/filebeat/input/netflow/fields_gen.go b/filebeat/input/netflow/fields_gen.go new file mode 100644 index 00000000000..5e41a308766 --- /dev/null +++ b/filebeat/input/netflow/fields_gen.go @@ -0,0 +1,187 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// +build ignore + +package main + +import ( + "bufio" + "bytes" + "encoding/csv" + "flag" + "fmt" + "io" + "io/ioutil" + "os" + "strings" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow" +) + +var ( + outputFile = flag.String("output", "zfields.go", "Output file") + nameCol = flag.Int("column-name", 0, "Index of column with field name") + typeCol = flag.Int("column-type", 0, "Index of column with field type") + indent = flag.Int("indent", 0, "Number of spaces to indent") + header = flag.String("header", "fields.header.yml", "File with header fields to prepend") +) + +// Mapping from NetFlow datatypes to Elasticsearch datatypes +// Types not present are ignored +var typesToElasticTypes = map[string]string{ + "octetarray": "short", + "unsigned8": "short", + "unsigned16": "integer", + "unsigned32": "long", + "unsigned64": "long", + "signed8": "byte", + "signed16": "short", + "signed32": "integer", + "signed64": "long", + "float32": "float", + "float64": "double", + "boolean": "boolean", + "macaddress": "keyword", + "string": "keyword", + "datetimeseconds": "date", + "datetimemilliseconds": "date", + "datetimemicroseconds": "date", + "datetimenanoseconds": "date", + "ipv4address": "ip", + "ipv6address": "ip", +} + +var indentString string + +func makeIndent(n int) (s []byte) { + if n > 0 { + s = make([]byte, n) + for i := 0; i < n; i++ { + s[i] = ' ' + } + } + return s +} + +func write(w io.Writer, msg string) { + for _, line := range strings.Split(msg, "\n") { + writeLine(w, indentString+line+"\n") + } +} + +func writeLine(w io.Writer, line string) { + if n, err := w.Write([]byte(line)); err != nil || n != len(line) { + fmt.Fprintf(os.Stderr, "Failed writing to %s: %v\n", *outputFile, err) + os.Exit(4) + } +} + +func usage() { + fmt.Fprintf(os.Stderr, "Usage: fields_gen [-output file.yml] [--column-{name|type}=N]* \n") + flag.PrintDefaults() + os.Exit(1) +} + +func requireColumn(colFlag *int, argument string) { + if *colFlag <= 0 { + fmt.Fprintf(os.Stderr, "Required argument %s not provided\n", argument) + usage() + } +} + +func main() { + flag.Usage = usage + flag.Parse() + if len(flag.Args()) == 0 { + fmt.Fprintf(os.Stderr, "No CSV file to parse provided\n") + usage() + } + csvFile := flag.Args()[0] + if len(csvFile) == 0 { + fmt.Fprintf(os.Stderr, "Argument -input is required\n") + os.Exit(2) + } + + requireColumn(nameCol, "--column-name") + requireColumn(typeCol, "--column-type") + + indentString = string(makeIndent(*indent)) + + fHandle, err := os.Open(csvFile) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to open %s: %v\n", csvFile, err) + os.Exit(2) + } + defer fHandle.Close() + + outHandle, err := os.Create(*outputFile) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to create %s: %v\n", *outputFile, err) + os.Exit(3) + } + defer outHandle.Close() + + headerHandle, err := os.Open(*header) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to open %s: %v\n", *header, err) + os.Exit(2) + } + defer headerHandle.Close() + + fileHeader, err := ioutil.ReadAll(headerHandle) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to read %s: %v\n", *header, err) + os.Exit(2) + } + write(outHandle, string(fileHeader)) + + filtered := bytes.NewBuffer(nil) + scanner := bufio.NewScanner(fHandle) + for scanner.Scan() { + if len(scanner.Bytes()) == 0 || scanner.Bytes()[0] != ';' { + filtered.Write(scanner.Bytes()) + filtered.WriteByte('\n') + } + } + reader := csv.NewReader(filtered) + for lineNum := 1; ; lineNum++ { + record, err := reader.Read() + if err != nil { + if err == io.EOF { + break + } + fmt.Fprintf(os.Stderr, "read of %s failed: %v\n", csvFile, err) + os.Exit(5) + } + n := len(record) + vars := make(map[string]string) + for _, f := range []struct { + column int + name string + }{ + {*nameCol, "name"}, + {*typeCol, "type"}, + } { + if f.column > 0 { + if f.column > n { + fmt.Fprintf(os.Stderr, "%s column is out of range in line %d\n", f.name, lineNum) + os.Exit(6) + } + vars[f.name] = record[f.column-1] + } + } + if len(vars["type"]) == 0 { + continue + } + esType, found := typesToElasticTypes[strings.ToLower(vars["type"])] + if !found { + continue + } + write(outHandle, fmt.Sprintf(` - name: %s + type: %s +`, + netflow.CamelCaseToSnakeCase(vars["name"]), esType)) + } +} diff --git a/filebeat/input/netflow/input.go b/filebeat/input/netflow/input.go new file mode 100644 index 00000000000..cc8d30815b0 --- /dev/null +++ b/filebeat/input/netflow/input.go @@ -0,0 +1,255 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package netflow + +import ( + "bytes" + "net" + "sync" + "time" + + "github.com/pkg/errors" + + "github.com/elastic/beats/v7/filebeat/channel" + "github.com/elastic/beats/v7/filebeat/harvester" + "github.com/elastic/beats/v7/filebeat/input" + "github.com/elastic/beats/v7/filebeat/inputsource" + "github.com/elastic/beats/v7/filebeat/inputsource/udp" + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/common/atomic" + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/libbeat/monitoring" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/fields" +) + +const ( + inputName = "netflow" +) + +var ( + numPackets = monitoring.NewUint(nil, "filebeat.input.netflow.packets.received") + numDropped = monitoring.NewUint(nil, "filebeat.input.netflow.packets.dropped") + numFlows = monitoring.NewUint(nil, "filebeat.input.netflow.flows") + aliveInputs atomic.Int + logger *logp.Logger + initLogger sync.Once +) + +type packet struct { + data []byte + source net.Addr +} + +type netflowInput struct { + mutex sync.Mutex + udp *udp.Server + decoder *decoder.Decoder + outlet channel.Outleter + forwarder *harvester.Forwarder + logger *logp.Logger + queueC chan packet + queueSize int + started bool +} + +func init() { + err := input.Register(inputName, NewInput) + if err != nil { + panic(err) + } +} + +// An adapter so that logp.Logger can be used as a log.Logger. +type logDebugWrapper struct { + sync.Mutex + Logger *logp.Logger + buf []byte +} + +// Write writes messages to the log. +func (w *logDebugWrapper) Write(p []byte) (n int, err error) { + w.Lock() + defer w.Unlock() + n = len(p) + w.buf = append(w.buf, p...) + for endl := bytes.IndexByte(w.buf, '\n'); endl != -1; endl = bytes.IndexByte(w.buf, '\n') { + w.Logger.Debug(string(w.buf[:endl])) + w.buf = w.buf[endl+1:] + } + return n, nil +} + +// NewInput creates a new Netflow input +func NewInput( + cfg *common.Config, + connector channel.Connector, + context input.Context, +) (input.Input, error) { + initLogger.Do(func() { + logger = logp.NewLogger(inputName) + }) + out, err := connector.ConnectWith(cfg, beat.ClientConfig{ + Processing: beat.ProcessingConfig{ + DynamicFields: context.DynamicFields, + }, + }) + if err != nil { + return nil, err + } + + config := defaultConfig + if err = cfg.Unpack(&config); err != nil { + out.Close() + return nil, err + } + + var customFields []fields.FieldDict + for _, yamlPath := range config.CustomDefinitions { + f, err := LoadFieldDefinitionsFromFile(yamlPath) + if err != nil { + return nil, errors.Wrapf(err, "failed parsing custom field definitions from file '%s'", yamlPath) + } + customFields = append(customFields, f) + } + decoder, err := decoder.NewDecoder(decoder.NewConfig(). + WithProtocols(config.Protocols...). + WithExpiration(config.ExpirationTimeout). + WithLogOutput(&logDebugWrapper{Logger: logger}). + WithCustomFields(customFields...). + WithSequenceResetEnabled(config.DetectSequenceReset)) + if err != nil { + return nil, errors.Wrapf(err, "error initializing netflow decoder") + } + + input := &netflowInput{ + outlet: out, + forwarder: harvester.NewForwarder(out), + decoder: decoder, + logger: logger, + queueSize: config.PacketQueueSize, + } + + input.udp = udp.New(&config.Config, input.packetDispatch) + return input, nil +} + +func (p *netflowInput) Publish(events []beat.Event) error { + for _, evt := range events { + p.forwarder.Send(evt) + } + return nil +} + +// Run starts listening for NetFlow events over the network. +func (p *netflowInput) Run() { + p.mutex.Lock() + defer p.mutex.Unlock() + + if !p.started { + logger.Info("Starting UDP input") + + if err := p.decoder.Start(); err != nil { + logger.Errorw("Failed to start netflow decoder", "error", err) + p.outlet.Close() + return + } + + p.queueC = make(chan packet, p.queueSize) + err := p.udp.Start() + if err != nil { + logger.Errorf("Error running harvester: %v", err) + p.outlet.Close() + p.decoder.Stop() + close(p.queueC) + return + } + + go p.recvRoutine() + // Only the first active input launches the stats thread + if aliveInputs.Inc() == 1 && logger.IsDebug() { + go p.statsLoop() + } + p.started = true + } +} + +// Stop stops the UDP input +func (p *netflowInput) Stop() { + p.mutex.Lock() + defer p.mutex.Unlock() + if p.started { + aliveInputs.Dec() + defer p.outlet.Close() + defer close(p.queueC) + + logger.Info("Stopping UDP input") + p.udp.Stop() + p.started = false + } +} + +// Wait suspends the UDP input +func (p *netflowInput) Wait() { + p.Stop() +} + +func (p *netflowInput) statsLoop() { + prevPackets := numPackets.Get() + prevFlows := numFlows.Get() + prevDropped := numDropped.Get() + // The stats thread only monitors queue length for the first input + prevQueue := len(p.queueC) + t := time.NewTicker(time.Second) + defer t.Stop() + for range t.C { + packets := numPackets.Get() + flows := numFlows.Get() + dropped := numDropped.Get() + queue := len(p.queueC) + if packets > prevPackets || flows > prevFlows || dropped > prevDropped || queue > prevQueue { + logger.Debugf("Stats total:[ packets=%d dropped=%d flows=%d queue_len=%d ] delta:[ packets/s=%d dropped/s=%d flows/s=%d queue_len/s=%+d ]", + packets, dropped, flows, queue, packets-prevPackets, dropped-prevDropped, flows-prevFlows, queue-prevQueue) + prevFlows = flows + prevPackets = packets + prevQueue = queue + prevDropped = dropped + } else { + p.mutex.Lock() + count := aliveInputs.Load() + p.mutex.Unlock() + if count == 0 { + break + } + } + } +} + +func (p *netflowInput) packetDispatch(data []byte, metadata inputsource.NetworkMetadata) { + select { + case p.queueC <- packet{data, metadata.RemoteAddr}: + numPackets.Inc() + default: + numDropped.Inc() + } +} + +func (p *netflowInput) recvRoutine() { + for packet := range p.queueC { + flows, err := p.decoder.Read(bytes.NewBuffer(packet.data), packet.source) + if err != nil { + p.logger.Warnf("Error parsing NetFlow packet of length %d from %s: %v", len(packet.data), packet.source, err) + } + if n := len(flows); n > 0 { + evs := make([]beat.Event, n) + numFlows.Add(uint64(n)) + for i, flow := range flows { + evs[i] = toBeatEvent(flow) + } + p.Publish(evs) + } + } +} diff --git a/filebeat/input/netflow/netflow_test.go b/filebeat/input/netflow/netflow_test.go new file mode 100644 index 00000000000..7ffa78c7749 --- /dev/null +++ b/filebeat/input/netflow/netflow_test.go @@ -0,0 +1,359 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package netflow + +import ( + "bytes" + "encoding/binary" + "encoding/json" + "flag" + "io/ioutil" + "net" + "os" + "path/filepath" + "strings" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/tsg/gopacket" + "github.com/tsg/gopacket/pcap" + "gopkg.in/yaml.v2" + + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/protocol" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/record" + "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow/decoder/test" +) + +var ( + update = flag.Bool("update", false, "update golden data") + + sanitizer = strings.NewReplacer("-", "--", ":", "-", "/", "-", "+", "-", " ", "-", ",", "") +) + +const ( + pcapDir = "testdata/pcap" + datDir = "testdata/dat" + goldenDir = "testdata/golden" + fieldsDir = "testdata/fields" + datSourceIP = "192.0.2.1" +) + +// DatTests specifies the .dat files associated with test cases. +type DatTests struct { + Tests map[string]TestCase `yaml:"tests"` +} + +type TestCase struct { + Files []string `yaml:"files"` + Fields []string `yaml:"custom_fields"` +} + +// TestResult specifies the format of the result data that is written in a +// golden files. +type TestResult struct { + Name string `json:"test_name"` + Error string `json:"error,omitempty"` + Flows []beat.Event `json:"events,omitempty"` +} + +func TestPCAPFiles(t *testing.T) { + pcaps, err := filepath.Glob(filepath.Join(pcapDir, "*.pcap")) + if err != nil { + t.Fatal(err) + } + + for _, file := range pcaps { + testName := strings.TrimSuffix(filepath.Base(file), ".pcap") + + t.Run(testName, func(t *testing.T) { + goldenName := filepath.Join(goldenDir, testName+".pcap.golden.json") + result := getFlowsFromPCAP(t, testName, file) + + if *update { + data, err := json.MarshalIndent(result, "", " ") + if err != nil { + t.Fatal(err) + } + + if err = os.MkdirAll(goldenDir, 0755); err != nil { + t.Fatal(err) + } + + err = ioutil.WriteFile(goldenName, data, 0644) + if err != nil { + t.Fatal(err) + } + + return + } + + goldenData := readGoldenFile(t, goldenName) + assert.EqualValues(t, goldenData, normalize(t, result)) + }) + } +} + +func TestDatFiles(t *testing.T) { + tests := readDatTests(t) + + for name, testData := range tests.Tests { + t.Run(name, func(t *testing.T) { + goldenName := filepath.Join(goldenDir, sanitizer.Replace(name)+".golden.json") + result := getFlowsFromDat(t, name, testData) + + if *update { + data, err := json.MarshalIndent(result, "", " ") + if err != nil { + t.Fatal(err) + } + + if err = os.MkdirAll(goldenDir, 0755); err != nil { + t.Fatal(err) + } + + err = ioutil.WriteFile(goldenName, data, 0644) + if err != nil { + t.Fatal(err) + } + + return + } + + goldenData := readGoldenFile(t, goldenName) + jsonGolden, err := json.Marshal(goldenData) + if !assert.NoError(t, err) { + t.Fatal(err) + } + t.Logf("Golden data: %+v", string(jsonGolden)) + jsonResult, err := json.Marshal(result) + if !assert.NoError(t, err) { + t.Fatal(err) + } + t.Logf("Result data: %+v", string(jsonResult)) + assert.EqualValues(t, goldenData, normalize(t, result)) + assert.Equal(t, jsonGolden, jsonResult) + }) + } +} + +func readDatTests(t testing.TB) *DatTests { + data, err := ioutil.ReadFile("testdata/dat_tests.yaml") + if err != nil { + t.Fatal(err) + } + + var tests DatTests + if err := yaml.Unmarshal(data, &tests); err != nil { + t.Fatal(err) + } + + return &tests +} + +func getFlowsFromDat(t testing.TB, name string, testCase TestCase) TestResult { + t.Helper() + + config := decoder.NewConfig(). + WithProtocols(protocol.Registry.All()...). + WithSequenceResetEnabled(false). + WithExpiration(0). + WithLogOutput(test.TestLogWriter{TB: t}) + + for _, fieldFile := range testCase.Fields { + fields, err := LoadFieldDefinitionsFromFile(filepath.Join(fieldsDir, fieldFile)) + if err != nil { + t.Fatal(err, fieldFile) + } + config = config.WithCustomFields(fields) + } + + decoder, err := decoder.NewDecoder(config) + if !assert.NoError(t, err) { + t.Fatal(err) + } + + source := test.MakeAddress(t, datSourceIP+":4444") + var events []beat.Event + for _, f := range testCase.Files { + dat, err := ioutil.ReadFile(filepath.Join(datDir, f)) + if err != nil { + t.Fatal(err) + } + data := bytes.NewBuffer(dat) + var packetCount int + for packetCount = 0; data.Len() > 0; packetCount++ { + startLen := data.Len() + flows, err := decoder.Read(data, source) + if err != nil { + t.Logf("test %v: decode error: %v", name, err) + break + } + if data.Len() == startLen { + t.Log("Loop detected") + } + ev := make([]beat.Event, len(flows)) + for i := range flows { + ev[i] = toBeatEvent(flows[i]) + } + //return TestResult{Name: name, Error: err.Error(), Events: flowsToEvents(flows)} + events = append(events, ev...) + } + } + + return TestResult{Name: name, Flows: events} +} + +func getFlowsFromPCAP(t testing.TB, name, pcapFile string) TestResult { + t.Helper() + + r, err := pcap.OpenOffline(pcapFile) + if err != nil { + t.Fatal(err) + } + defer r.Close() + + config := decoder.NewConfig(). + WithProtocols(protocol.Registry.All()...). + WithSequenceResetEnabled(false). + WithExpiration(0). + WithLogOutput(test.TestLogWriter{TB: t}) + + decoder, err := decoder.NewDecoder(config) + if !assert.NoError(t, err) { + t.Fatal(err) + } + packetSource := gopacket.NewPacketSource(r, r.LinkType()) + var events []beat.Event + + // Process packets in PCAP and get flow records. + for packet := range packetSource.Packets() { + remoteAddr := &net.UDPAddr{ + IP: net.ParseIP(packet.NetworkLayer().NetworkFlow().Src().String()), + Port: int(binary.BigEndian.Uint16(packet.TransportLayer().TransportFlow().Src().Raw())), + } + payloadData := packet.TransportLayer().LayerPayload() + flows, err := decoder.Read(bytes.NewBuffer(payloadData), remoteAddr) + if err != nil { + return TestResult{Name: name, Error: err.Error(), Flows: events} + } + ev := make([]beat.Event, len(flows)) + for i := range flows { + ev[i] = toBeatEvent(flows[i]) + } + events = append(events, ev...) + } + + return TestResult{Name: name, Flows: events} +} + +func normalize(t testing.TB, result TestResult) TestResult { + data, err := json.MarshalIndent(result, "", " ") + if err != nil { + t.Fatal(err) + } + + var tr TestResult + if err = json.Unmarshal(data, &tr); err != nil { + t.Fatal(err) + } + return tr +} + +func readGoldenFile(t testing.TB, file string) TestResult { + data, err := ioutil.ReadFile(file) + if err != nil { + t.Fatal(err) + } + + var tr TestResult + if err = json.Unmarshal(data, &tr); err != nil { + t.Fatal(err) + } + return tr +} + +// This test converts a flow and its reverse flow to a Beat event +// to check that they have the same flow.id, locality and community-id. +func TestReverseFlows(t *testing.T) { + parseMAC := func(s string) net.HardwareAddr { + addr, err := net.ParseMAC(s) + if err != nil { + t.Fatal(err) + } + return addr + } + flows := []record.Record{ + { + Type: record.Flow, + Fields: record.Map{ + "ingressInterface": uint64(2), + "destinationTransportPort": uint64(50285), + "sourceTransportPort": uint64(993), + "packetDeltaCount": uint64(26), + "ipVersion": uint64(4), + "sourceIPv4Address": net.ParseIP("203.0.113.123").To4(), + "deltaFlowCount": uint64(0), + "sourceMacAddress": parseMAC("10:00:00:00:00:02"), + "flowDirection": uint64(0), + "flowEndSysUpTime": uint64(64526131), + "vlanId": uint64(0), + "ipClassOfService": uint64(0), + "mplsLabelStackLength": uint64(3), + "tcpControlBits": uint64(27), + "egressInterface": uint64(3), + "destinationIPv4Address": net.ParseIP("10.111.111.96").To4(), + "protocolIdentifier": uint64(6), + "flowStartSysUpTime": uint64(64523806), + "destinationMacAddress": parseMAC("10:00:00:00:00:03"), + "octetDeltaCount": uint64(12852), + }, + }, + { + Type: record.Flow, + Fields: record.Map{ + "ingressInterface": uint64(3), + "destinationTransportPort": uint64(993), + "sourceTransportPort": uint64(50285), + "packetDeltaCount": uint64(26), + "ipVersion": uint64(4), + "destinationIPv4Address": net.ParseIP("203.0.113.123").To4(), + "deltaFlowCount": uint64(0), + "postDestinationMacAddress": parseMAC("10:00:00:00:00:03"), + "flowDirection": uint64(1), + "flowEndSysUpTime": uint64(64526131), + "vlanId": uint64(0), + "ipClassOfService": uint64(0), + "mplsLabelStackLength": uint64(3), + "tcpControlBits": uint64(27), + "egressInterface": uint64(3), + "sourceIPv4Address": net.ParseIP("10.111.111.96").To4(), + "protocolIdentifier": uint64(6), + "flowStartSysUpTime": uint64(64523806), + "postSourceMacAddress": parseMAC("10:00:00:00:00:02"), + "octetDeltaCount": uint64(12852), + }, + }, + } + + var evs []beat.Event + for _, f := range flows { + evs = append(evs, toBeatEvent(f)) + } + if !assert.Len(t, evs, 2) { + t.Fatal() + } + for _, key := range []string{"flow.id", "flow.locality", "network.community_id"} { + var keys [2]interface{} + for i := range keys { + var err error + if keys[i], err = evs[i].Fields.GetValue(key); err != nil { + t.Fatal(err, "event num=", i, "key=", key) + } + } + assert.Equal(t, keys[0], keys[1], key) + } +} diff --git a/filebeat/input/netflow/testdata/dat/ipfix.dat b/filebeat/input/netflow/testdata/dat/ipfix.dat new file mode 100755 index 0000000000000000000000000000000000000000..e553184c4549390765f591ea6a2ebc1e9e5f8061 GIT binary patch literal 788 zcma)(PfG$(6vfXQ$5AI!Bb%fog8BeXVUW0R*+Le_O? z_%-EK6n7|;sVKF~T8VPV%u)1-i_apJr~d16G2s)zl7e@_C0%b2R|Oc#rPg4wlLPD{ zK-Fq^dEzN7fuKq~wmuYf${sI7hhPnxaIB1!!sXrzCp-{&W7SVW+Rm_P<$kdS*>gs9 zK*A8rTg66ah9~>W+~!}@g`AZ(kBA4#<43xh4Sdlep%WYDIkhj}JK+1&uuE3o b0nRx82dnzPJ2{!KX0wCr;A;|YkG{Q6C_{3I literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/ipfix_test_barracuda_data256.dat b/filebeat/input/netflow/testdata/dat/ipfix_test_barracuda_data256.dat new file mode 100755 index 0000000000000000000000000000000000000000..d5c2a6bf1a8f6d6fbe0f85b4f2c548d77a42b6e7 GIT binary patch literal 596 zcmZSJVhV{2Wp81OWA$PH0!9WV7Y2rXB7$7WP4E8&awY#UVlZW3NPPp6gabz?i;;oB zUl%S4Wia&}Ydza{?8+~YHlR5m6CkF63`S8Mh{YVZ7?L>%_auE50l8=KBouRy-4lc& z1LT0rSpjj+;z@#BU=xUN56m1C_dv}7yJtnunF@$$81At_@>eW2_sqp`56Co(@F~P% l4qOc6FQ_?C_Z%rB!aWnPxhD&YdybUhbq~xO6!(D50RW^^Z;1c^ literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/ipfix_test_barracuda_extended_uniflow_data256.dat b/filebeat/input/netflow/testdata/dat/ipfix_test_barracuda_extended_uniflow_data256.dat new file mode 100755 index 0000000000000000000000000000000000000000..f9b007c842d7d652c0d6a8b809722c3745228e63 GIT binary patch literal 300 zcmZSJV$_Mc_U}Cd`yL|(AYf!*lmYP>f$YwOY(l;v9#%lC>+7srlCSHTms-O0hLz>i zS%=rteHeGMW|Wi^6od2$_~jSnCgv#k7o-*?mSpDVUA-_Z`PVy$G6n{|Ooo84ooa3% pr5M1zP!?T`v1CQXL=c9#g)bAETOh_mTtu{6Iv1kbhQ!C`764g8PoV$+ literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/ipfix_test_barracuda_extended_uniflow_tpl256.dat b/filebeat/input/netflow/testdata/dat/ipfix_test_barracuda_extended_uniflow_tpl256.dat new file mode 100755 index 0000000000000000000000000000000000000000..8db0082d90ff305f4e5be80529d09332b00235a3 GIT binary patch literal 184 zcmXYpu@M463ow5qXYtqAfg8%I^dD!xfzeVI!pB2FR$;1 z_Bh~IxfR%DAz=T^icmV6lwN*NGRDz93sF;QEnQJ_KKa>+ooj#goq4HSt9z`K*-3z0VLUhqC7yF8%Xm3X$uB6hESkP V7!WUns$v4NUjo&O0r{c~EC4Kn1_J;9 literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/ipfix_test_juniper_mx240_junos151r6s3_data512.dat b/filebeat/input/netflow/testdata/dat/ipfix_test_juniper_mx240_junos151r6s3_data512.dat new file mode 100755 index 0000000000000000000000000000000000000000..1f4c1dea024d442173b753a925c33fdc2db8cce2 GIT binary patch literal 80 zcmZSJVhD&9OtNHPV4B0g0VEk192me9kYr%+0h3^wQH`nOjsX_~10z%niDG`iV8dX; ICCI=400prI761SM literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/ipfix_test_juniper_mx240_junos151r6s3_opttpl512.dat b/filebeat/input/netflow/testdata/dat/ipfix_test_juniper_mx240_junos151r6s3_opttpl512.dat new file mode 100755 index 0000000000000000000000000000000000000000..e3e21ff8ce7d8476d0e2b0f501cebaac0bbb1997 GIT binary patch literal 72 zcmZSJV(^F-OtNHPV4B0g!N9=4%wWO9z`)JG$S{F{g+UW2rUk?cfVc_BZ)Ol+Py*5_ R3``8FKzt3T?m7@N0001r2O|Ig literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/ipfix_test_mikrotik_data258.dat b/filebeat/input/netflow/testdata/dat/ipfix_test_mikrotik_data258.dat new file mode 100755 index 0000000000000000000000000000000000000000..e9c6cfa72c14415c74e5bf6d5104214ec8b865e0 GIT binary patch literal 1448 zcmaizziU%b9L2vkP3}u>@{*>6ARRiigAU>#7JuO2+(CkyPA(3D;2+>34z680J#>*L zbf^|BO0XG}h)5A!1UraBadYq~Qv7w!{qf!-k@l6tJ%RJ-x!-(W#MIKuH}75$>0A{& zs#064CRyt_h0hgeO>W^&B!;4{7*l^WN^f^Z=_fTx_dd`Q`Ai{F$A9_p7e^h!!nNt7W8oF}B2AahGC?yC6>>jdqg7=Mgz8>huj6 zJkX3o4Yt&G*L$^XDtI9AfI?&jx_?Y$nQ=(EvfitXA?0QLB=TLB0lBAP5ylw}=(w7E z`@MmdD@fr&>Su`Kj1^lJaG^yic(mwWK<+tYW>)%NHW`Q9EY}(JaqEH9E_#G}c?6)( zI5AxbQMA}NPtNk1LWJYL9PZC^CoL$_M~sQE!mV+!mo3ba#ru>;cIKNydhVsAXI-3o zaVSrW|3{Ln{T7k(_;wb>cg&6*M(2r^=uDDz9s@at>%Ye$xubj*w?d$Hr96Sm?NW$g z7WMVcss0IgK7KEM{euQYTSoAXsTGeD+qW@B|A(+;^WDk3#bEmjQXt+>wk&$Y@Mec2 zc9!Asyrs!srOsP|pKMw22-k_05aTSt6WODXur1q1^OhEosMO+o8L{7(NBF|nmV*)7 z^5$dSf*&$gS88#7s>LIGVQkC6h;4cJB5!GD5&EKvTo3|zv5GdOz#&){I`D4kypbsBXw=xS%3rgY1>{o@0?TLSw4 literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/ipfix_test_mikrotik_tpl.dat b/filebeat/input/netflow/testdata/dat/ipfix_test_mikrotik_tpl.dat new file mode 100755 index 0000000000000000000000000000000000000000..8fcd5ecab7088ae3fc0348e5ebea40eb6edbdc99 GIT binary patch literal 148 zcmZSJVwe({-)6(Wz;Da|0!$1oj7$sy3^ojm3}Or{45C2H1jLL$%noF612Gqn%?HFF kQ8pmv0J3<1m>-BA0`VgT7Di^E3R29F2HGhD#C8k<0H62=F8}}l literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/ipfix_test_netscaler_data.dat b/filebeat/input/netflow/testdata/dat/ipfix_test_netscaler_data.dat new file mode 100755 index 0000000000000000000000000000000000000000..1887b08c506da1089a82aff042f7a321034140b9 GIT binary patch literal 1409 zcmcIkzi-n(6h6C6R4P#z8K`uXT9FPp$4S!yR)k8`hF?X6c4%49*}lfE?Yq==2tfiB z(f$t%9hgwX+^q{+#m0yP0~-_SR91NB{Ag$rHoheHp5MEB_r3R7L8GbH>r;m(DD~wf z0w^kaH>!Rb1$Rh3qi^p|Z+(~?mv%Uf(8mL$KvFpll%pgMe#>SqODCmb^!0N=ppmC< z+ZMtjJ5X@!k=!A1X@C69g?!V8_507O`v*hldUcN9uWo*lo8+h* z9S5!QYSX4puSjPRwfLp?b`ySJA-oE|^iG>&FCRz)lq<+@-=5rxkSZJgA5hexAMLx6 z`b{OK|Di;y({w87^h^nFqp5_q0fjnBj4k(}-PQSqH_}w%nntN+nwlk{*@J+7t4~bE z!jhgZ%oJzmuHT@hWwXtS<8FC=z(sXCjN;m}x`F4ph#eL#2;sTxY=5rzfPq&X8Ze(l z5n1tTmC~9+xz`Xi@|b$Hm~nDnn1bBp7FiM@nfHBBcX@>bjKr>71gVSABZ8CIaU(*x zO)SCV&^6&SF{$OrJ-`OSK~Upv+%WJ8wQZ^U{D4Mr z-x2l<4Fa8!ojF~@YYz+=P8?TnYFfQsC!UlX-$tIk{r$~fb_zKZt?7lfpNS3G%hpC6Iwo}=isa3B{yW7 z;<+{lr;&*w>@K=Q@nIU;`mIvR_z literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/ipfix_test_netscaler_tpl.dat b/filebeat/input/netflow/testdata/dat/ipfix_test_netscaler_tpl.dat new file mode 100755 index 0000000000000000000000000000000000000000..23639ebf4d817396672b05cf78d1cefe91c104fc GIT binary patch literal 1356 zcmcJP$w~u36h&{f-JOuA=t?2(#eWF6R`US?f2K;!LUD)#h;wwO?iEM$1KjvS@mA_) zqXaBtH$2Yk;dQ;feP5xHHJX#nb)b{OA4yg>z%(|HqRlu!**X$a^R^X;It(*|Pb4Ta z8)cN3R~i0_VdOA&jbt5;$rDC}&y6Fshopbs8zy>uX9dsQBCAPbP%C16Ys0#}2j9!U zJ{CeBZb@u}I+I|wh`xU4aw~n#gMRi#9H5u|=yrQLu86DRrnn_;i#y`I_#i%tuYs-_ zXhtIZP~$(HVf?2b(g;69tUt6LGR*zj4-tJ0>j&rO(a+PEd{neQ@(3ONvR|~r9NJyY t!JfD;_V<%Zeeaccr2D7hnRp>~#B1?Rx@jMB%ir|t&&!kMVPjxO Z0ZL1R2D=6sIv5)00TGZeG6rb^0ssZr4DtW~ literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/ipfix_test_nokia_bras_tpl.dat b/filebeat/input/netflow/testdata/dat/ipfix_test_nokia_bras_tpl.dat new file mode 100755 index 0000000000000000000000000000000000000000..22c7888916bf0b3651e0f151ce94bac1be1a9361 GIT binary patch literal 152 zcmZSJVwe$Sr1qbIfq5H)5(5(ux-c>@@Gwka-~d7vAd7{89Vp5T#52Gmj0~3;7#pI2 id54cDB{A%h{KGTP%}F4n*jjd#1-cN literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/ipfix_test_openbsd_pflow_data.dat b/filebeat/input/netflow/testdata/dat/ipfix_test_openbsd_pflow_data.dat new file mode 100755 index 0000000000000000000000000000000000000000..44aca176bd719c807c492cb2d4ba711579825ecb GIT binary patch literal 1424 zcmb7^O$x#=5JnTFty)|N+CRKNdjM}CWThu@r{D#I?!1BY7~Qya?HN2mS5BIyOiB~S zKnSGs@$!jSNyNn2n&1BS=h^09mV(N34^*x z9A2JE1^F-qUWwI<&ca@F7WT6AJb0xJude6w-H2Ce^`f(|7oCN@EIkjskvY8dKPol7 P+CI#zUUU}r`oa1FUw7e# literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/ipfix_test_openbsd_pflow_tpl.dat b/filebeat/input/netflow/testdata/dat/ipfix_test_openbsd_pflow_tpl.dat new file mode 100755 index 0000000000000000000000000000000000000000..5b85bdafa156d076dd1ef006a0e03fe915b23f36 GIT binary patch literal 124 zcmZSJVyFq9aIS^{0<;*I7;+dH7s7+8QL3j-Gr^8qmvP=pbPX8`d`AZ7=Oa04+b WP?Uv%k&zLoTAD$CK?aD4)B^xI76%9b literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/ipfix_test_procera_data52935.dat b/filebeat/input/netflow/testdata/dat/ipfix_test_procera_data52935.dat new file mode 100755 index 0000000000000000000000000000000000000000..6fadaf8cc6a9485aa0b5ddc9bdae46ff8406f2d3 GIT binary patch literal 1355 zcmZSJV)c%?blif0!TZYUw7k{ljQ?&t=xdIq?8Mu3b_U}Ww%&&9w7HIk8`1B)mVLpxNS!Ai&7N+ly^FhfUXHBoAV%?B)tTpgXbMorkEGqDb=ebMg=Mb3xANIuNB$!y(BM0OHOeUH||9 literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/ipfix_test_procera_tpl52935.dat b/filebeat/input/netflow/testdata/dat/ipfix_test_procera_tpl52935.dat new file mode 100755 index 0000000000000000000000000000000000000000..954baad55a12c1fb12d2462210cc690706119158 GIT binary patch literal 164 zcmZSJVptM&>DV6z2JdsL)ACj`FfmLycbq|-frEjCL7G8;fgLEq17ynp+1x<30FW&R z#4HSq4UGT)GceewHpoC|hG{_2=?p9l%s|~BaTX{o3RNcwln04RLHS}(njcCtL1_Uf Htq-9Ao@pp< literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/ipfix_test_viptela_data257.dat b/filebeat/input/netflow/testdata/dat/ipfix_test_viptela_data257.dat new file mode 100755 index 0000000000000000000000000000000000000000..a9b1d4a9b17bcd6d80a46409c61e8939eaed4409 GIT binary patch literal 124 zcmZSJVyKA{v3Sq0tB-Y!m@OkCBSQ`Y1f*~kvYV|D5S8X(+`Z^48%PycC0Lf39ij+E hGjKq4aWDu#Sd5}j5jQRd21X#88;F^Kh|vHl0RY3)4NCw3 literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/ipfix_test_viptela_tpl257.dat b/filebeat/input/netflow/testdata/dat/ipfix_test_viptela_tpl257.dat new file mode 100755 index 0000000000000000000000000000000000000000..61de9125fa95bc6262048386a6b5d3cfe1994ee1 GIT binary patch literal 124 zcmZSJVyKA{v1DV|HSO^lF2bC>yC(F7*ONzn2tG1j;c3 TF*j5V0~;d~LjxlNBSt2Yd3 literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/ipfix_test_vmware_vds_data266.dat b/filebeat/input/netflow/testdata/dat/ipfix_test_vmware_vds_data266.dat new file mode 100755 index 0000000000000000000000000000000000000000..6f8f6243184b36d66a44749d8c0fab4f6ba10234 GIT binary patch literal 164 zcmZSJVptLpeWZkefhm^(2pG8-rmPWij0WQWAU+U0g-{HPK-oyOa=ijL-Nn!alw$&7 aE~pv?L7=JzMxa`tD2e7U1I^&ZW)1*5W)YZOCTH zeW+hIa~l_&=NK1=2+HQmS2b+zN8YELy55_-N))*_P(qW4i+hUP!)pA(-9s(Z6UX<5 zH;(7VpCMPZ?;{(h*8iD}gL@ysd=wwm$UNL0xg0*!G-o3HC;emgUhALO7*&5JqW&lC l`W~1bxE#LF&+eQho50=6#eYYPmLLHw`9!qzq!7>l>IPZmq)Y$+ literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/ipfix_test_yaf_data45841.dat b/filebeat/input/netflow/testdata/dat/ipfix_test_yaf_data45841.dat new file mode 100755 index 0000000000000000000000000000000000000000..931dc39d116171430d2c5925327a50c9e070afa0 GIT binary patch literal 102 zcmZSJVn~aKKfH>8fk6p~88!hXK2K5{3W( literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/ipfix_test_yaf_data45873.dat b/filebeat/input/netflow/testdata/dat/ipfix_test_yaf_data45873.dat new file mode 100755 index 0000000000000000000000000000000000000000..52b729dcedf28aab5c08dd8d3840197f620ca497 GIT binary patch literal 114 zcmZSJVknA;KUBv61)B{Sk{B2mBhC0%F+%9IuYpo)fH($-S%8>njetT55MTent8fk6p~85o!tYBmcph%(Gz;9!^u#Gwo<4M5DmP*lkf24n*Y6r9^j;+aSkB}5XNs4-$^C;kAnv{A&y#!s+HXCr$yT3TvnA!u)ta@SuV zX;S(p;C48KssH=9>T~2z15gb;12tYN0_5!fEI{zhO=fdN#5)vc^1hiDbVt zwFnmn)lLUW?VAx~61^XEy8D>|it!`Q#69CD;b+gdM=Ean8si7y58)SohWJ(ZUHHw{ zjV1ysx>j_p=xXY^nyqMC(YB&(McazD6>VxNQ$(nzcvjb=nr9nL)B8kfw!Wi+_zGm5xC1ep~W8l2>RO m-k@(T_ahxwsO=_o+Y9a*PY5fE%NBOk? literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow5.dat b/filebeat/input/netflow/testdata/dat/netflow5.dat new file mode 100755 index 0000000000000000000000000000000000000000..db0b1f2defcc7b2dc9bc59fd3dbeb59490321432 GIT binary patch literal 1728 zcma)+JxE(o7>3_mjXw#siO5xh2~;UMh{T_OLk1CDN(CLZVF51^ql1m# zLg}eKtpmT z#kaOjIM11@@rHr28rIlJK4Rb{?@ub;>(xA;xqSWPyEu9>3Fc}n)TzlObq*^YHfMwj zyqhbUX0GK}FwslaxvBBi0#!TAWCKlinIyf>`lIo(2Q~D%JiSQ|?_Dpc^PTjVqs5?a z!rv?2+c!7Y&^&XkwvTi-kPUF~09abswV$i@lM~K@yx~C)4!N&`}M2GHrCEQYjahx&Iw>>p8S|WF7nn7#d~wP-q{Cw zcLFm(>1U{jmwon~NsYkll!2Fg8FRS2-n;mb-reS-_oC!J)aGU1d@FQ501F2OUg>jI z@p^CSn%=#Zj&sRdSHxRMZ$Gg32}rdXc*$Emir0HLCh6S|eVx0Zljp5e-V`&eXAHcO zm+Rv4dT&{>=G`TjWu_062NgY%WETkw#=n|;i9h^!Q!AXoF9jeq>16>rf zG!P85gIGl~6my3ZAt=0pba4ns5bEHn@4fHt%Xdx0gYOIXzW@F1fB*LaV+RE|vEVG9 zZR7y#5otF49+Qf%^(LQ-0blt+r&0#Z9~1vE?OzzLY1jNp8J&Oe&%q2p zO!GbZUJp~SKj54BED1dD!+Z~}(AuXbBp-E5-&-~E;iBdI;(SQU{PF&x@Dri_iIKn5 z!hBf&roV{e$M_@ixl8<)!rx1`t||ZA%kHuM4)ML#drX6i$_(w~-QY``Em#})&t!J$ zMn0R(RNX&R`M(MvYnXkML`GoX~vgSu`K*hx@z0e4JcqKshr1 z50@hIc|XEm`H7S8HKI525BZOn@AJZJyl3Pu{dFRIp64UV|DNdMJ;$MF|4fd8gp?x?X(Q|)Ae|{QIwxaVt!oSQ9%{}?gdEWy6Nq$K)bt|0zO7PM! zAL6%sFN-;F{{%F>}# GAN~dFZVFxi literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow5_test_invalid02.dat b/filebeat/input/netflow/testdata/dat/netflow5_test_invalid02.dat new file mode 100755 index 0000000000000000000000000000000000000000..c8800f5a78a9011e3361cf9159829242bb01ce12 GIT binary patch literal 1464 zcma)+OK4L;6o&r<8%SuO3l+NYu@HhN1QjGIMXFtvY>aSG5ETS9(1@E76cj=i0Uy|B z`bvvZ5Q3tXu2o8<;?m8LDp<%$sNn6Yw8eAIWF|Lq0}jlP%=yokf6kc<+VFh7>vJ-@ z_Oc6zdO-VCoCB(z2Ud7S&=~T$4bk_1WZwKrL)aYy3WLCF)kj#L1r7uIHA(bmt)7PS z9f-2NK3edTtiLNc`3@RhUN`zroFiT&2gvf&A^fAP&552y5-=33Z04U>w|v$=mK++ZdY1po=vS)8 zxc)`S=J7%OIDXZmu{vMF&3xSw|NEHj%cSw8K74Oc{})cre5ih@kH-JypVs=TmX}Mm zzdo)pzuZ$$|BpEIP|q87f5gA?dkRz*{(K$R!oS=f>^}M|$nhNE!F!Q5k^;)0f!k^9!82%ZFG5=7&{}QCgaX^$5;K@Y-+PC{0wl9CAR)S{wqNIt3I_!vnaBDk5Rb( z@>kz%Mc$hCP4q)F7q8j+NH~mtIlzzCXwLZ8yCQmi-;(xi1D800Q~G|YAIcwG4e;;( E1;R}y;s5{u literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow5_test_juniper_mx80.dat b/filebeat/input/netflow/testdata/dat/netflow5_test_juniper_mx80.dat new file mode 100755 index 0000000000000000000000000000000000000000..ece9d12c4af794cb26abf11e7b44875e33b0e265 GIT binary patch literal 1416 zcmb8vK}Zx~6bJA(v$)hgsI@ZIK#y5qu!q24L$(#gFwpSe9$p}x^yaZkk$8|@*a*)F ztF|x(o?N6@g7CD51r-SgG!lxOz-V$$IuO0jQC#PHOE&OM^W)E(?|W~c0b20M6=&$x zMiJC=q46d_$cX?LA1yFdnXP7w-xvT5+em9kRYu9RAQ}emx948sw-GRuKdMs?aiqR+ zRn5;}09L}L@{uENO8zd=%u`jn%|;0tIe*`CFW2>s zUCy1?C)SY?>))?y{%OZ2=i dzh0=?dc^r>_J#Ta`N#86;rXwmr}1q6e*wGHYD@qC literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow5_test_microtik.dat b/filebeat/input/netflow/testdata/dat/netflow5_test_microtik.dat new file mode 100755 index 0000000000000000000000000000000000000000..234128f1f01f2a8b632e7dfafdbe39c7eb0bf9db GIT binary patch literal 1464 zcmai!F=$g!7={0rm&AB$Y7#Qk3Z<>kSdc;rF18(75hQ~oMW{H4aS9TIh7N^Bq$&=A z(5~VV+QA_xibAnVX(-qdUAnjyogJJ+sCv%5y}tWm&I}p?XvU*JUPCjL;2$W7xIFU|E&t;Jeq}@c|K^#{;g$3- z|1gC#Is8liH}Ges`m^h|e~F~=$SiQH3XIM__9y?MHHMl0QT}UkN+LlXB~g02_j>~Vcf7`_ z$KY35R}V)d6YyY%l=!Yc?kw{X>{DuV!P|8G!IzYHF3)<-T7G{6=XLrAd|FAb;Y~l- z`_=yKLblq$=as|^KdH}~5Q(vOG~e9$D^FQT%JAcwxA&|0wSs@(_NS6~xB5Ks8vRY~ z(V9EVx%FW$;0&wO(S6zc>)_X=h>l3dFWdWKFZ_p}ae1)IN=};m!MuE@H}(D|&KsUD zunEJPe#4g0YhYhcdo|R5JI;)Hu{PMFOd-FWcg~mQ{e!iFL___6`&Gu@^c(*4(QDIJ z@Xp4ke)v262H%I!JT#4YN3XG;dp?q-c0Ug;A-|KyW1bR)Ja!)WEz!Ib(Lt%8p5QwD zvB&9mmf!u-=^vwio`U}*@}Per-@tEcZ8mqp_v@1%qK@*Qo_+TMesm$s_mWRj;Q6)T d*_dDZXRGak+s|F*9rJbWHTX7#d9S(i{u@cw1S9|e literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_cisco_asr1001x_tpl259.dat b/filebeat/input/netflow/testdata/dat/netflow9_cisco_asr1001x_tpl259.dat new file mode 100755 index 0000000000000000000000000000000000000000..d5aed36ce419697cc4d7e8b9525d095de58d4bcd GIT binary patch literal 1468 zcma)+-%C?r7{{NpvvX$8&NfdNX`~WF6wyuPRTfHbT6JkS^*X zZ>%7q72Wj*jJyd%L9o2mS=n@nvuG7`Q%c`w=Y7Xfq#QiwynFY2-tY749c`msPhK8A zeI+-0kD^ruQGoC{WtbGBDhiSVv&g{Hpb&lx!x-N>U@=$}b{xNnM*#K+)MKhLOe?|3 z&87$K{H*-Btt4JmURix82~5qO(=@4eHguuzRpEqD|AQSGjR+}jvA6XI~=4YG~V$v^NwkO3Q51J-4=ud=DI zPwHJlYRzasyELFME3O+FKv%J;gG6J?rOC5%t^3tX*dlwP#TXSVLdH9PB@b+hK}i(j zZXrh*ct}amZmV97fC?pj*n(19z?2mAlw|IT>xLkM_pzySTlBDWh@IZHt+!iaBzZ}G zQpt%HIoQk1dM?TmlDz{a3F1DYWyj@RrVNa!!XzHdbpfDE~r5Z7!49`701ku9-C zgg-*eu_k@J8@i$nFXZ(uiqG>ZdpPXUp45LpqesQDD4o~^;-tRli!7B1P zd*5FCG`hePFEf6}Ib%*{XEMvf%E7WR3(Li_GLDKf1*-;Y1=;~rPF2Be!>o#_<&E_naX_MWS5 zjRd6o$dFsq^sru2%DL3ccF69fBSM$P(91zyj=UG*)l(lRZ`#AdVs9@dx{})7mi~An zu=nWM!PXK-Jo)l)+M}r~!>m&fAOv8&`e)&XC|jmIbaW#2uY@U`DIS>hrA z9zzY^u?|gfXZVtCp$z2f@-A+B9tl|df?XQOW_A4;dKO}_*X`c;trTiCJx>|R@VKR6 z+2-6WGAMHpiiw^0C~YDhHSH~-DU}%+NUvH!uR_lN&kS~6Q_9w{g)LxRA_MDrHC>WG ztwtS`p%jm=y^r%J8$||3D};PviNkz*P$NUsp(&*qzN8lqp-1QDx>lSBB11^9A(y6X z&R}&tjGiPiNFm};t05Okdr-{mhWlD zLcYGH!Xp7eB#5<*KZ*ZB5|JPXqMfDq3|49_XDOBzDe@S3gMbDD zImp>sh=_%aqBDED?jDE8Y_&6Y%(ovi0|f|R=Hlz99PI$e8^9w9W48d6g>EMh7ZP%dk)KjCnk_m zE>VbS_@xYI@vElX?=mS%rn;e_3#BN`xC~nk<$y_9#&TgJ=MoYL)7B-Pw3LT=CZ+1Q zD4KN%0UEY1@w7v!F)1}{H9cB&AL~ffm%yj)XI)~4^1`I7q{9T#(9nfa6lPss9m)rj zvZ^0V6a=Ul(-e_)aVUMkq^z0hhK49gQTV4z-)B7mP$RYf>f(LP_p2F8+OF1<`m!2rVnFPW9p_5G09#0SEEfU+OYuA8yUmgy99Tz?(U4}&iXhB_6@!uo z1Vuc(giLNw$sNkf&?l!A5KtJ&?%5E#m5U*EUy}y9oRDsW-Pm+jgZ=G`-QT{*c0YvJExG{7 z--L7{?8eXyG=+g71L*#}VBdRU_q``W08kmk#+xf)wB4P1o?Oec4zF0WJR2m7A26~r zG!S7AJce&E1I=?~U@%XH*++zKxKA;4L;TsX6CBck*h4xH$)69TA@)9yhWRt>MW7yj zKZ0Z-{v>D*+@B9hq5e#Q*{9=1P&eG4n7SeU?6d^Orx&_EL8)2rt{0L&A9F(NeauOY zKMC3c_vhoOKz{=B9djYfJ{>oLy5auB)D87#J=mY#*wd{yl0TmU(lOScIROZCHUH&{&0oBq4f`6|)P& z{&>SM^L9~2Fl-*e>EbvCFd;acnE-7pVZ$X#uuvg9uB)7V!iHc&Y>5+hXX3*1D-l7$ z2P_%0dIdMU!wVyL>k(QaMtGH2F>fD1s&~M3R_~5l_YmnKkRI=J^cIZpDzVY{*W1Kb zahQlsPMKWN+9GQ;Jj-U9)|Sx9rAKb;ojbu^5jW=4(DXIOEN2;=ymclXyn4D~lwV0T h=FicSH~pSbekC>iH~%%$&%eYs!mFgN|K@-B`<~n1#6kc7 literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_cisco_asa_2_tpl_27x.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_cisco_asa_2_tpl_27x.dat new file mode 100755 index 0000000000000000000000000000000000000000..fa112e829ab5c5716f87fc77e0ef3b320f58301a GIT binary patch literal 1212 zcmcJOOAf(M7=_O-O%#n3t*X`zEJ9;w0ahdF5)2FsEWprXW*b)Ek!Y>LA+2aa-K5;) z}dsBY~*RTFo^tOg5v07@Z zd#zu6S!y-r<@T)6R%6|3{M3Uds}1YX(}J1d!kipfk$uh#3=Cc&sd?_1>8=Lx2JwdR20#%K z0n{9C6mtwoGz6#|YK{+zIYwlgV+Qn8Vp3*_Ye`0GQC?~Z$bUdcym?Ufm}51E1ph(J zvA}8$3I2ncV};cm6O#R9jny1elFhNfYK|Gn<~U(B$B_5{f`(5RJpBMuGb!;6b1~GM za1?V$h;KA=B2dgB-a9a3VEJN^Q)ymGPO2_AJ(FP!%$z*9d(0@x@A)X^kRLv2Naj!y RU+F03knf%h6m!T3XaHsxs5bxr literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_cisco_asr9k_data260.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_cisco_asr9k_data260.dat new file mode 100755 index 0000000000000000000000000000000000000000..2b479a0cc9cecff0f0c3b6dbca1fc17f4e33c7cf GIT binary patch literal 1392 zcmZ`&T}V@57=FIZIendVHaFX}n3zhD~+4F5@7dx{LUf4PN-se0&?~8IoOly9u zw_~bXjW65<$}XuAUq1lF+AS!*DX2Tf-y^J9(@OeueNxKiGtcUhU{iw;E;XRqpa%F# z7mtTEBna*iY%k&O9u@&QCkWu5x?BhlF^T~+gM)(VQ9J08cx|9h}AF3{-EAane>p$lE< zH$ZEg45kHGp$A62ivcBg1_kv`1r=j#))JcX0Lo5h90@a&a5`)hOYj0lMi7VyHt%Ay z6Js)HTKj)0+nNF{-Y3WkO{|SZi({k*9yXVJ7I?M(Io6AS$dSi zy8P)Z1G37cz)6e_6f)4e;7tfBV=fP>2~e%<)IFC6ZV7r9O35I`N%VyD*I6TMj&crO zDf=%Uvx9VpDO@l%NZ}+rd$~;hPC@Mh-gZWL{4rC={GL%CX`+>vkOgo_XaOn~1yu(K z@Q?tG2S?wTR(s3UTi)*kc%BCcZ7_)u;Cw)^^|l~dNdPB>Lw%I6r0mygISKrS$A}fD z;3b1of|_|jWRZ6?Ko33OEVTdeetUbw1yHn1J|M_Vi#Iwc9M&MFb!Nb{5*cMr-rz1I z2$G+~q7)dT;*^!q2j5pV=a(r?7V#6ksV|I~GIPtcQ3{L^XUU+ckU^3FZNHTLe$vGt I377!(*70MCU80{{R3 literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_cisco_asr9k_tpl260.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_cisco_asr9k_tpl260.dat new file mode 100755 index 0000000000000000000000000000000000000000..b16082219e8e210bca22dc148fd69bdd475eed50 GIT binary patch literal 120 zcmZSJWME94b09v#tuK_Z^f)sE14knR149ZU3xhZV69WqaBM@@{F%J-P0WlvCivqD2 u5VHeSa09UbkSz$rLO={OkAWAgi;;m1NV5X5Ef7Znu>nx+E1;U!3@iZF@(Gmy literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_cisco_asr9k_tpl266.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_cisco_asr9k_tpl266.dat new file mode 100755 index 0000000000000000000000000000000000000000..ef6e1447897a1f318c53e80deb3faaa18caf3071 GIT binary patch literal 128 zcmZSJWME94vuRO;TVEh!>9N@i3>=LN3=BDpTnv&7Objdxj6f{SAiy94#9Tl&9}tTH zu_zGB1F-`TvjbIf1F-;*EeOQ+K$aX(rz}`EBLf?dW(8tfAdUoL1EAVhKy|MfSOBNi B3vB=Z literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_cisco_nbar_data262.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_cisco_nbar_data262.dat new file mode 100755 index 0000000000000000000000000000000000000000..4d1a394554d3d6e6bf1f979c7f7794670b8b296c GIT binary patch literal 429 zcmZSJWMKUww^|@#(bF{y;_Q43K)}exIFn0G$c{@+cnc$t3lai}Gca%fF{3yGLqOQX zur`_d{B?&Tz~WE>s0qf^0jc~Vmn8whAVHXctPBilAUTj&>l%iI3=D!;4FpPnHGwD) z$O2+i1G(1N;BX;Osf6Ub97aqRf=q$}s0(vkzR2acfW)|<1~M}+R0FvXFINNE2Lu@m zuowtZgbaLu9H0wxdO#Q?0W%QU%NwqOy$qDabRpQwAdL{f^$JL<01XQO;u#<@04vl$ AApigX literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_cisco_nbar_opttpl260.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_cisco_nbar_opttpl260.dat new file mode 100755 index 0000000000000000000000000000000000000000..ab73afcc8e4ae3eed258c613d8a697aab2e661c5 GIT binary patch literal 1355 zcmb7^-A>yu6vrJc)kf*GT~0_y=LI6}*!3E9T`y>(77*M3uIHuJS|7`H3p@eu!8NbN z8}I;_>Y#o(1tKLmJ|DmQ@u8J><7DG zKa;e!U;mc4gt0HOH1p*3OY6o6m+kI$AMz5;jp{5|!K0L9Lb^a@5}97>=ZKyo_sDJch7mQk6EwZRru$ zLjHw0e|a}v^+$Jwu&FXis|dGKfYQ(@7DC=-5%wIN`4=nb8L43~LhGgTP;ftj-^w~4 z%U$vjmW|M$i6nQ5*&+NvlMQdPaD$%N{;dd2*iU6egHc~)9y2nRG*z2~tyR6&z+1^D z)%6t-!hROR$PR>>ym?$vxz$bBor?ZqxpD$SGtjJ+G;3R#AxPNzaHy>ila0w~HoMTz zb2vh+JlZg5ZxQEl!tUys$&}hG=}Lc%_CK7W67rotgoWCMnMP(I#EX-UPQtRbFk@5&s*mXQ#E0m;e9( literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_cisco_nbar_tpl262.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_cisco_nbar_tpl262.dat new file mode 100755 index 0000000000000000000000000000000000000000..286733174dda5e05f77123ef4ec65e13cfc86416 GIT binary patch literal 132 zcmZSJWMKRvrza4x=xGmwINNOo2q<7=V~}FtU|?b30pfTd<^p0qAZBM^V&Dd1TLwl3 zRv=~pVxSoehk@9FfsG*mhy{T1fOKn&rdD#vlkZhlPO$h}nTM+(66%)L{$6K$97B8Q2)} b8Q8$4fpoG0#l?UsM8T>!fFc}>#SDr7hn){9 literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_cisco_wlc_data261.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_cisco_wlc_data261.dat new file mode 100755 index 0000000000000000000000000000000000000000..0f117ade11803e5dab9a096f65a56860fefd9399 GIT binary patch literal 1392 zcmZSJWMK4Py&om^EXbvMpKR$Dq85m57b&p&C)IF}4?jgz?sC(4E;x(s>SobhohnfR2 z7bAQa7>PA!{xqmL56LtK>aQLts5!GR%>jl_0I}}T{|+_Bo=kI~?#Y@CHOCgy9AG*; zN~C+3>`p?=VP+-M9Ef{_xSvDJVNJ$n4ig8F?qQIsgqXts3U7>fC&C35@t6!W^)BST0Yn02{+_p$KLU0I7JvonoL1-xh3j+fq7lXrr6(>3Zg5GMdeSF5amw_jZ0Rh+{%#fci P7=SnlDq#Yp85tM=H!={s literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_field_layer2segmentid_tpl.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_field_layer2segmentid_tpl.dat new file mode 100755 index 0000000000000000000000000000000000000000..3ab58f46a6b0cfadd67b8e265810a0d33e1e8129 GIT binary patch literal 96 zcmZSJWME_n)!7ggdvXo~gU~_-76uUTVdP>EWZ(eucz~D%sD_<^iGdr4S%GXT1}4UM fpez?q<`odz0>#9Dv?vf80NIQ{IVK>!#J~gq(&`7@ literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_fortigate_fortios_521_data256.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_fortigate_fortios_521_data256.dat new file mode 100755 index 0000000000000000000000000000000000000000..a12b8634cf21f8ecedb314050c29e2092e7037bd GIT binary patch literal 60 zcmZSJWME`8-?%C=cm6g822)Q41|Xk-L4yHEFfh)X!1x?UGcas@dJRl7E{$O4VBiO` GfvNyia0&td literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_fortigate_fortios_521_data257.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_fortigate_fortios_521_data257.dat new file mode 100755 index 0000000000000000000000000000000000000000..0e5efc69f21d7e8494225d4c9b96ae6d432417a2 GIT binary patch literal 76 zcmZSJWME`8FBgi;oxhxc!PJ?70mx@$umI8^Fatt?NoEkK${(^smB0MV$7_tc88{i3 Q*$%8oW|!v;R{_ca0EhMq*8l(j literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_fortigate_fortios_521_tpl.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_fortigate_fortios_521_tpl.dat new file mode 100755 index 0000000000000000000000000000000000000000..538d19a0546c9cc8bed0798d287b27e48887facb GIT binary patch literal 284 zcmZSJWME=6f8!LHJO3yHgQ*V#0|O%v-(h5A;03Zc7{q~?iGhVd0*J+cSQLoafg;>M z%mu`JU|En#76u*$7Dgr#^+_`bFvu_nFfs#mPLY2`H-!lw|+_xLOK> literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_fortigate_fortios_542_appid_data258_262.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_fortigate_fortios_542_appid_data258_262.dat new file mode 100755 index 0000000000000000000000000000000000000000..bdc5af07597aed150d1a3cdd3674bf5112c64541 GIT binary patch literal 1284 zcmb7^JuC!47>3_nYu%5K^Pf;~xotEq;u@7gC5lU^6bi0Tk%&SfQ3c)~O?(^joaOS}e$48#Y%YC)d zXWvKA^Ms&p^>~ssF}Qvgkevi}$6BW+ny!ut`)8xuZwcT_?qn6OUtWJk#(+u|A%UQ? z4MFd^Qz};AA{O!v)`j<2NR@;s_h=@oES{g08EQ$ksb+Y^ic_-vG*4K<4E=;=^9JKG z22>{5Nz!jg``w-Y=~s^WvC8(lRyg>Q?W!5x-FY3qa_A>Co98Xa7*N^FPP6vwc9GxO zwEYSnvVSMvGfvcxRhFM?{8UDGtcyHf%@dX|LqDO}Ja19P^piBa)HH&QOZqK0`rN(N=K%Uo;g8!)| zFi6PBTn%GSI1xr2kE_E!8UOGgp+OICMAqW-k~I74+#`q=k-ty#yXyPM{b;?F_q)c! z+Yka7lIA}`Gf0qUgz%lNGHUjt9giMP0b$n z$u}TpMWe@=hpkz+%;&pqzDC`OJe_h_bF)*^XZ`l%d@s4sihUAJ{fyf@rxw(N_bD}E Zbj)b7`H={3$;KM#MjsJlk62EKfDhZJK8FAR literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_h3c_data3281.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_h3c_data3281.dat new file mode 100755 index 0000000000000000000000000000000000000000..6c0ea5adb5d11f3576528f02cbe1bed61419bc3e GIT binary patch literal 1364 zcmbW%KS&!<90%~{ojLUvX>#W7NW=(Y;!seqgLd<8x(H5!N*zUT5fK6%T%=1YDE@&e zE*1p^wJj7QbZIjPf{I${VoAlpp>kX%!AaV0?)Na0aOV&5LXIyVe((40MO28eo&T7A zt;~(9%h`YsK~ecr^a;0=Z|+xUCuBPvZ|(f*3n6Gk2(5*zjastSO)_J%oaMDtXd)Ud zKKX|#{3@CVxD|bAJGzjZ4a`q4<7@_pVAhfKHHkhC zIpf(>Wm31DwlvHzo2m)3o{ZspGW1tIO@s5=G0X|{y2fVdCCmgF@9@#_tXLlQj=l;N z+`}1tfr)(<&L|LIbFl{I31@iqU?w?v@dxG)m`AeDJDBih!Z7#zndSX%zIp5!%rlr5 zvd=8fb4@2BGVRY4a-LQS^W1{@Tbeg8Lu71Yo{`V~OuBXR?M}jWI&t>9S8N8CU@Byt z;T?^4`ZGn0^9vc6IhcRhq*ZsG);{i0yvnE9&H158>^*NgnOfQBdzdk@4nr`X`!rz` zYA|U#T_5njFd*mo%QcOSYRq$mGrW3umlRGaIQRBVm|bi>-1qbo?t6~SsZs3v9A>NR pGlf2NvgWIC-~Har3N|CxFb`lhvZFtU3o0-nQz|acB3_KSZB0w|{a6%}ieGJlb@)%?Ua)Eq7keCP<{QnP; YhmxHPoh(3U1qFoYe;@$y{sXN604;eC6aWAK literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_h3c_netstream_varstring_tpl3281.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_h3c_netstream_varstring_tpl3281.dat new file mode 100755 index 0000000000000000000000000000000000000000..244d71d994ae0b739255340fcb3a7e579b074b52 GIT binary patch literal 140 zcmWm6%MnCS5QX7Gd0bqt1*^MaDFu_l?5D7lg9PL-!jgv^_;uA+y*Q^^i9EUeKYfo? ylEpilJ>}%fkQ%iL)F4Fx1B((BYQ(fNj9f$r5aRuxj;S3m5!XiU}(QnvN~BR0nq1A6vu-{{R30 literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_huawei_netstream_data.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_huawei_netstream_data.dat new file mode 100755 index 0000000000000000000000000000000000000000..eacfb86e83fb0005e09e9d30f05516fef4356e0a GIT binary patch literal 84 zcmZSJWMG`XtoKG#Uf&)D#@~w=fPht*!GSC1wkcPB!5OZcKbk-x79c(`e_>C|{AHaV aKx!B`800qzbE$#ZU_ye8K|+!d!~_8B4idot literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_huawei_netstream_tpl.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_huawei_netstream_tpl.dat new file mode 100755 index 0000000000000000000000000000000000000000..ba74379ccf265b78505ae46b0bc24721814d9df3 GIT binary patch literal 128 zcmZSJWMG`XENeqlUf*U0h9W5j2*_boW{_myU|?b30b+h2W&&bHAQl5+Q6LrqVlJR4 u9}u$xF*gtk0I?ttTLG~(5WfIoHn1*6238;qw2Ofkh;4y55{NG`FarP>s0n}o literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_invalid01.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_invalid01.dat new file mode 100755 index 0000000000000000000000000000000000000000..fc9157854b0430b89ba9998b597d782870201e7e GIT binary patch literal 292 zcmZSJWME=olTix2^YtVH0@$!HFz_;PFt9N20I?_#ivcks5HkTW7ZCFSF*}gQ4HjW! zU<1n905JoD4F^cCG=l(x3=or|mytmXXaEb)UXU$HK&;Hb2ow>3IxGcbJkWGE1xA-0 zf)YhA_X>dc4hCl@Hk5L&yF6D-k%8gH0|;hF04f4$gMey=YC)h=L6$J+99Y4?2*jBT WjL}QLn1LY)D1}gMdQ)5ws1g7;uNwaV literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_iptnetflow_reduced_size_encoding_tpldata260.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_iptnetflow_reduced_size_encoding_tpldata260.dat new file mode 100755 index 0000000000000000000000000000000000000000..8d27d3762ffcfe9369e88cbddfe96bd83ed81e7c GIT binary patch literal 1364 zcmZ{kT}V@57{{Npot@2BNk?;)BkV&-kgSU!1FJ~|Lk=;-i;AQ!f-dr=ys5_vs@CREwdaFQBG1lf z)lBdF>)l1m4(4&4l4NoLkf{VJh3sUZVn`v01im*x%g_pB!F>sGL*)?vvq5qE@`I=+ zMIy3DvQ%GvO`4B|#-7ANZ=IKZb&p!Gu<;?XqVS-qbp_DZutJO6NM3KYo&|v8Cm6o^ zq5Yv5MgiIn@DWR)PitVI2jnlamzx-lho#8p>^$svvKZa@RP9cfC!)|2W|*lwP4Yk} zJmnxjbt3JMd7R{*Z1vD};4H!($yk@{h& z+i~nKgMpKMr>USgy6*gK0!@XHf#V`wX|KL})64i`Wy#}pde8WUk#E#HXVEG2M5~d- zj|WXz%T26+f_eB!fGrRL7hDVLRrb-iYmwoJaq@diu$xHfQ?+MhMrD)j+04KcYN*rG zA))se!6B;^re%*IB1RNsn1w%iQRg%4J$K%QxCgkp6iFWDL%8ZW!!_JCODTYHFXNp) zVQ<;<=LPdiH+=o;d3P2(62Fmm9YUY0c^Q{3@*1^AuLyH|xQ7(;tZeRb@ezq#%|5() z7@YcftGN)|&W*DQ!A$RgEw#5jBH`F;9JueX3e(_Vo4pC>1<0Jc+&j$T?A|BzfpQ~o V_gvfZVT!=ESpyDY5BZZP`VV}OcO3u# literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_juniper_srx_tplopt.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_juniper_srx_tplopt.dat new file mode 100755 index 0000000000000000000000000000000000000000..50c1d0cb1053da43f753647344cadfd39fdda942 GIT binary patch literal 148 zcmWm5u?@m76h+bd9TO4~5c;o*$fVI)}2JM0liCD0jst02c8i-i1GWsxcsv4 literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_macaddr_tpl.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_macaddr_tpl.dat new file mode 100755 index 0000000000000000000000000000000000000000..0a0a6106952aa31dc40fda5b82698afb15288b70 GIT binary patch literal 128 zcmZSJWMF1sDD?=FxX{1=0f|7$g^`hgoq>e`L^3gO09o8Xng>W*Ft9NMFt9N)A<2W} mq!|PlWPlhd57a5a$P84^0c5c-XaTV%5HkS91fcdXf@lExJO!@+ literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_nprobe_data.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_nprobe_data.dat new file mode 100755 index 0000000000000000000000000000000000000000..93a3840fb988a3a9710665b8c7eb4a9278353c0e GIT binary patch literal 76 zcmZSJWME`qXgL-pwr?u~1BlHqnURsf0!W_#VkR~L2?nt>0tzRAoPSC{21o@OU(;PgMqQDgMo3H1Jo=y6$E4f0 UhLk7%@Bjb*#hwFHBZ#aH0Eq<>G5`Po literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_nprobe_tpl.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_nprobe_tpl.dat new file mode 100755 index 0000000000000000000000000000000000000000..9a4b852d2b0528ace52100f7f799af9ac0c512dc GIT binary patch literal 216 zcmaKmNe+TQ5Ji7Ms|+ebLWhK5FNg3Lp2!=xz>% literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_paloalto_81_tpl256-263.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_paloalto_81_tpl256-263.dat new file mode 100755 index 0000000000000000000000000000000000000000..6f144b61df36c7edc0e6816fa4ce8ea188ea9eb5 GIT binary patch literal 712 zcmcJLO9}!p5JaoveBuWg2miXrHC%|^VRm{J=MI7w5xhi81|)ZB!e7vP?M`^q7KNRXpzgrKcAW2&hrDh0~onXH+FIvC0c@< zCu+fElpuo5dF=n!4UqGM5RO7P6g~6?zC gS>w|euBPSMAV)Fob~MTP2XZKS=!wleO&8|@02qydApigX literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_paloalto_panos_tpl.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_paloalto_panos_tpl.dat new file mode 100755 index 0000000000000000000000000000000000000000..14bb72bba2c44fdeef7bb5d8a2f8efc475e2f676 GIT binary patch literal 740 zcmZSJWZ=lIwt5i7xo$B}On)u|0|O%v`v3_+Ad7>6iGc+O85vlCm<@>8fg&705iTI+ z2C{j8G#?O)0*c%iUTAg}ZeO4nY5BFtRd8 iP{UjXw6I09CxVd~kNZgp8+7-x<8ePJ=Awl;vikvl9ydz> literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_softflowd_tpl_data.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_softflowd_tpl_data.dat new file mode 100755 index 0000000000000000000000000000000000000000..962f7488120c5477ff08d91b719477ac84e9d21b GIT binary patch literal 460 zcmb7>F%E(-7=>R63J4)JQ3iByHQqptVQ@5I^90UbfW^ebb8r9$PhfO}o9OJ|1in&@ zlc-I;CjI}{*Vh&f9N^Gd2FDoyLDYy$z=sVJ9_f;R2x5>H@rlKiTU7*_>`qCe@`!A; zzXypv`Ex(dzU}2;MecxkCMRZEkXJq+LDFUfrBT`+bjmLS!YjGd_+{Gft4{glz$nyw r%$IAwdL7?uUTm0(!|;Y>v7M|-L$9AR@19D)jj2dkv)NVG73 literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_streamcore_tpl_data256.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_streamcore_tpl_data256.dat new file mode 100755 index 0000000000000000000000000000000000000000..4cb5216f67c8f58b1128ed94b6e9393a02b9f00b GIT binary patch literal 896 zcmcJNyGjE=7=_Qw&c+zUM$|%yW4BLWCwS>oik*#Y;RB=+vfjl?5E8{ktSo#1#lj@s z0=|d6PmmAA1a+!a|K;QVnVmgn&+ceYHa%HhU8zpiYPaiedN2E8qzM@nW#zbxVkp1> zD@9gHFvL7eAAvC#m-FoPq8s2@AIbVVdJ|gEhI=_H7zK9^na|p@XOWg=a>N zP1u5M*nwTL?!i7BKqzOVncO*ZdIqyQm2P#DH<6<^#9Nuv3zm_}Z_8DACF}+t;Ob)faMqd}T NIn=Iun?Hx2YF%>qX3_uv literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_streamcore_tpl_data260.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_streamcore_tpl_data260.dat new file mode 100755 index 0000000000000000000000000000000000000000..5e743f5561c53a367e89d95bdd22ce7bb5fd6188 GIT binary patch literal 1316 zcmd^-%`U`H9L3MQy&csG5lVuLE3xRRUcuMe+5=20WQK&8SV*+K#!@1&v6grM4`2+& zBqH8}7qH@J$Ru)OQN+T(`SpKuZ+lPA=|v}GoW3;XtA2Cq{B#^y$vXiILcoE9;w4~{ z0_ot4!x@)&9CxvI6Q2w~X+EpLE(qV%7NovluaisCAXiXAV1&E<+Wz{QIyaQY z6ov8X`;w_mRMt1brL~o1)8Ze_sUw;@A!mTi{#AKTT=kewJC$})%*TJr=VOC^mCq|z Ce|9(k literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_ubnt_edgerouter_data1024.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_ubnt_edgerouter_data1024.dat new file mode 100755 index 0000000000000000000000000000000000000000..c7aaa6ec1c693914aa8d430c50deb55f06d0ff97 GIT binary patch literal 496 zcmZSJWZ;lU3u_9$V%)^QP!q%e1S|}UcO(*ye+FS7cO4Kju>eIOfQyl#or{IxH-o8j z00V;{+rIbv-ut`Ue7^5}Cs+XslGbpb2qTKt4*Xj68f7JPVxt%s*c*Ua`BAjK0BL31 zePShpG#eIM;aZuJfLb}QYF&k0Yw{vpiG+9Y3=EtlK&_%kT3H#QA-1l5#vqT)*5rj} zfLf0-FsR=FYL!FM%E%xG(b~j>U8~;IhY~;x)OG`iS&+0cGo(PY{%OMQV4!0m4rZ7E P)QTFy(8y7h#2PsOrw)E; literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_ubnt_edgerouter_data1025.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_ubnt_edgerouter_data1025.dat new file mode 100755 index 0000000000000000000000000000000000000000..703d48d0ba651bf114c2f969fd0ea8c02a783a0d GIT binary patch literal 496 zcmZSJWZ;lUd%ZIJit!2thUyIrK)}Mtct=9Ndjk;LFfcH(0EJjt7?^d|?B^K(+!9gY`qSa3 zAZu;Mu61tuWXmfm3}Q)|cP+v~~HIyHRu4D4F<7hI8$>C#|e;0pl; blPF5$q;WAZ#P9L~M-JP*_xs-OM2;K)WAw_z#zgP%D}=P2E>d&%mlyfS4U9#tp=*Kyfy(4n_tGAS(cft$^Yufod2SB3KxyU~VALOiLiPMwrV%tb3&y Y1Q=w1801cvoAJ1pgIM?CGZ)Rh0Q)8qiU0rr literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat/netflow9_test_unknown_tpl266_292_data.dat b/filebeat/input/netflow/testdata/dat/netflow9_test_unknown_tpl266_292_data.dat new file mode 100755 index 0000000000000000000000000000000000000000..b1bb7fe6fe09b7b110bbd9073f9753a22c8d2692 GIT binary patch literal 320 zcmaivzYYOG5Ql%u9(Tv#RHBn8P@&T3)E+?Nc`kYqiJHgIc@T~86295Hn%R7rKfl@8 zStV*HiTAtF;VKn9nK=!eF%E(-7=>R63J4)JQ3iByHQqptVQ@5I^90UbfW^ebb8r9$PhfO}o9OJ|1in&@ zlc-I;CjI}{*Vh&f9N^Gd2FDoyLDYy$z=sVJ9_f;R2x5>H@rlKiTU7*_>`qCe@`!A; zzXypv`Ex(dzU}2;MecxkCMRZEkXJq+LDFUfrBT`+bjmLS!YjGd_+{Gft4{glz$nyw r%$IAwdL7?uUTm0(!|;Y>v7M|-L$9AR@19D)jj2dkv)NVG73 literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/dat_tests.yaml b/filebeat/input/netflow/testdata/dat_tests.yaml new file mode 100644 index 00000000000..f8d69ffc70c --- /dev/null +++ b/filebeat/input/netflow/testdata/dat_tests.yaml @@ -0,0 +1,182 @@ +--- + +tests: + IPFIX vIPtela with VPN id: + files: + - ipfix_test_viptela_tpl257.dat + - ipfix_test_viptela_data257.dat + IPFIX Barracuda firewall: + files: + - ipfix_test_barracuda_tpl.dat + - ipfix_test_barracuda_data256.dat + IPFIX YAF basic with applabel: + files: + - ipfix_test_yaf_tpls_option_tpl.dat + - ipfix_test_yaf_tpl45841.dat + - ipfix_test_yaf_data45841.dat + - ipfix_test_yaf_data45873.dat + - ipfix_test_yaf_data53248.dat + IPFIX Netscaler with variable length fields, missing templates: + files: + - ipfix_test_netscaler_data.dat + IPFIX configured with include_flowset_id: + files: + - ipfix_test_netscaler_tpl.dat + - ipfix_test_netscaler_data.dat + IPFIX: + files: + - ipfix.dat + IPFIX OpenBSD pflow: + files: + - ipfix_test_openbsd_pflow_tpl.dat + - ipfix_test_openbsd_pflow_data.dat + IPFIX options template from Juniper MX240 JunOS 15.1 R6 S3: + files: + - ipfix_test_juniper_mx240_junos151r6s3_opttpl512.dat + - ipfix_test_juniper_mx240_junos151r6s3_data512.dat + IPFIX Nokia BRAS: + files: + - ipfix_test_nokia_bras_tpl.dat + - ipfix_test_nokia_bras_data256.dat + IPFIX Procera: + files: + - ipfix_test_procera_tpl52935.dat + - ipfix_test_procera_data52935.dat + IPFIX Barracuda extended uniflow template 256: + files: + - ipfix_test_barracuda_extended_uniflow_tpl256.dat + - ipfix_test_barracuda_extended_uniflow_data256.dat + IPFIX Mikrotik RouterOS 6.39.2: + files: + - ipfix_test_mikrotik_tpl.dat + - ipfix_test_mikrotik_data258.dat + - ipfix_test_mikrotik_data259.dat + IPFIX Netscaler with variable length fields: + files: + - ipfix_test_netscaler_tpl.dat + - ipfix_test_netscaler_data.dat + IPFIX VMware virtual distributed switch: + files: + - ipfix_test_vmware_vds_tpl.dat + - ipfix_test_vmware_vds_data264.dat + - ipfix_test_vmware_vds_data266.dat + - ipfix_test_vmware_vds_data266_267.dat + + Netflow 9 valid 01: + files: + - netflow9_test_valid01.dat + Netflow 9 macaddress: + files: + - netflow9_test_macaddr_tpl.dat + - netflow9_test_macaddr_data.dat + Netflow 9 Cisco ASA: + files: + - netflow9_test_cisco_asa_1_tpl.dat + - netflow9_test_cisco_asa_1_data.dat + custom_fields: + - netflow9_cisco_asa_custom.yaml + Netflow 9 multiple netflow exporters: + files: + - netflow9_test_nprobe_tpl.dat + - netflow9_test_softflowd_tpl_data.dat + - netflow9_test_nprobe_data.dat + Netflow 9 invalid 01: + files: + - netflow9_test_invalid01.dat + Netflow 9 options template with scope fields: + files: + - netflow9_test_nprobe_tpl.dat + Netflow 9 Cisco ASA 2: + files: + - netflow9_test_cisco_asa_2_tpl_26x.dat + - netflow9_test_cisco_asa_2_tpl_27x.dat + - netflow9_test_cisco_asa_2_data.dat + custom_fields: + # This renames some fields to test the loading fields from file feature. + - netflow9_cisco_asa_custom.yaml + Netflow 9 ipt_netflow reduced size encoding: + files: + - netflow9_test_iptnetflow_reduced_size_encoding_tpldata260.dat + Netflow 9 H3C: + files: + - netflow9_test_h3c_tpl3281.dat + - netflow9_test_h3c_data3281.dat + Netflow 9 IE150 IE151: + files: + - netflow9_test_unknown_tpl266_292_data.dat + Netflow 9 Palo Alto 1 flowset in large zero filled packet: + files: + - netflow9_test_paloalto_81_tpl256-263.dat + - netflow9_test_paloalto_81_data257_1flowset_in_large_zerofilled_packet.dat + Netflow 9 H3C Netstream with varstring: + files: + - netflow9_test_h3c_netstream_varstring_tpl3281.dat + - netflow9_test_h3c_netstream_varstring_data3281.dat + Netflow 9 Fortigate FortiOS 54x appid: + files: + - netflow9_test_fortigate_fortios_542_appid_tpl258-269.dat + - netflow9_test_fortigate_fortios_542_appid_data258_262.dat + Netflow 9 Ubiquiti Edgerouter with MPLS labels: + files: + - netflow9_test_ubnt_edgerouter_tpl.dat + - netflow9_test_ubnt_edgerouter_data1024.dat + - netflow9_test_ubnt_edgerouter_data1025.dat + Netflow 9 nprobe DPI L7: + files: + - netflow9_test_nprobe_dpi.dat + Netflow 9 Fortigate FortiOS 5.2.1: + files: + - netflow9_test_fortigate_fortios_521_tpl.dat + - netflow9_test_fortigate_fortios_521_data256.dat + - netflow9_test_fortigate_fortios_521_data257.dat + Netflow 9 Streamcore: + files: + - netflow9_test_streamcore_tpl_data256.dat + - netflow9_test_streamcore_tpl_data260.dat + Netflow9 Juniper SRX options template with 0 scope field length: + files: + - netflow9_test_juniper_srx_tplopt.dat + Netflow 9 template with 0 length fields: + files: + - netflow9_test_0length_fields_tpl_data.dat + Netflow 9 Cisco ASR 9000 series options template 256: + files: + - netflow9_test_cisco_asr9k_opttpl256.dat + - netflow9_test_cisco_asr9k_data256.dat + Netflow 9 Huawei Netstream: + files: + - netflow9_test_huawei_netstream_tpl.dat + - netflow9_test_huawei_netstream_data.dat + Netflow 9 field layer2segmentid: + files: + - netflow9_test_field_layer2segmentid_tpl.dat + - netflow9_test_field_layer2segmentid_data.dat + Netflow 9 Cisco ASR 9000 series template 260: + files: + - netflow9_test_cisco_asr9k_tpl260.dat + - netflow9_test_cisco_asr9k_data260.dat + Netflow 9 Cisco NBAR options template 260: + files: + - netflow9_test_cisco_nbar_opttpl260.dat + Netflow 9 Cisco NBAR flowset 262: + files: + - netflow9_test_cisco_nbar_tpl262.dat + - netflow9_test_cisco_nbar_data262.dat + Netflow 9 Cisco WLC: + files: + - netflow9_test_cisco_wlc_tpl.dat + - netflow9_test_cisco_wlc_data261.dat + Netflow 9 Cisco WLC 8500 release 8.2: + files: + - netflow9_test_cisco_wlc_8510_tpl_262.dat + Netflow 9 Cisco 1941/K9 release 15.1: + files: + - netflow9_test_cisco_1941K9.dat + Netflow 9 Cisco ASR1001-X: + files: + - netflow9_cisco_asr1001x_tpl259.dat + Netflow 9 Palo Alto PAN-OS with app-id: + files: + - netflow9_test_paloalto_panos_tpl.dat + - netflow9_test_paloalto_panos_data.dat + diff --git a/filebeat/input/netflow/testdata/fields/netflow9_cisco_asa_custom.yaml b/filebeat/input/netflow/testdata/fields/netflow9_cisco_asa_custom.yaml new file mode 100644 index 00000000000..57c6aba2383 --- /dev/null +++ b/filebeat/input/netflow/testdata/fields/netflow9_cisco_asa_custom.yaml @@ -0,0 +1,28 @@ +# This renames some fields to test the loading fields from file feature. +33000: +- :acl_id_asa +- :ingress_acl_id +33001: +- :acl_id_asa +- egress_acl_id +33002: +- :uint16 +- :fw_ext_event +40000: +- :string +- :asa_username +40001: +- :ip4_addr +- :asa_xlate_src_addr_ipv4 +40002: +- :ip4_addr +- :asa_xlate_dst_addr_ipv4 +40003: +- :uint16 +- :asa_xlate_src_port +40004: +- :uint16 +- :asa_xlate_dst_port +40005: +- :uint8 +- :asa_fw_event diff --git a/filebeat/input/netflow/testdata/golden/IPFIX-Barracuda-extended-uniflow-template-256.golden.json b/filebeat/input/netflow/testdata/golden/IPFIX-Barracuda-extended-uniflow-template-256.golden.json new file mode 100644 index 00000000000..37d62175d9b --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/IPFIX-Barracuda-extended-uniflow-template-256.golden.json @@ -0,0 +1,167 @@ +{ + "test_name": "IPFIX Barracuda extended uniflow template 256", + "events": [ + { + "Timestamp": "2018-04-18T08:16:47Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "64.235.151.76", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-04-18T08:16:47Z", + "duration": 0, + "kind": "event" + }, + "flow": { + "id": "kSpZ1WuBhjc", + "locality": "public" + }, + "netflow": { + "audit_counter": 4157725, + "bind_ipv4_address": "213.208.150.99", + "bind_transport_port": 64238, + "conn_ipv4_address": "64.235.151.76", + "conn_transport_port": 443, + "destination_ipv4_address": "64.235.151.76", + "destination_transport_port": 443, + "egress_interface": 3689, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2018-04-18T08:16:47Z", + "uptime_millis": 0, + "version": 10 + }, + "firewall_event": 1, + "flow_duration_milliseconds": 0, + "flow_end_sys_up_time": 1957197969, + "flow_start_sys_up_time": 1957197969, + "fw_rule": "MTH:MTH-MC-to-Inet", + "ingress_interface": 35233, + "log_op": 1, + "octet_delta_count": 0, + "octet_total_count": 0, + "packet_delta_count": 0, + "packet_total_count": 0, + "protocol_identifier": 6, + "reason": 0, + "reason_text": "Normal Operation", + "service_name": "https", + "source_ipv4_address": "10.236.5.4", + "source_mac_address": "00:50:56:b9:26:46", + "source_transport_port": 51917, + "timestamp": 1524039407, + "traffic_type": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 0, + "community_id": "1:3g7/10xslZq/7OW7ucdoDYgE3IY=", + "direction": "unknown", + "iana_number": 6, + "packets": 0, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 0, + "ip": "10.236.5.4", + "locality": "private", + "mac": "00:50:56:b9:26:46", + "packets": 0, + "port": 51917 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-04-18T08:16:47Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.236.5.4", + "locality": "private", + "port": 51917 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-04-18T08:16:47Z", + "duration": 0, + "kind": "event" + }, + "flow": { + "id": "kSpZ1WuBhjc", + "locality": "public" + }, + "netflow": { + "audit_counter": 4157725, + "bind_ipv4_address": "213.208.150.99", + "bind_transport_port": 64238, + "conn_ipv4_address": "64.235.151.76", + "conn_transport_port": 443, + "destination_ipv4_address": "10.236.5.4", + "destination_transport_port": 51917, + "egress_interface": 35233, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2018-04-18T08:16:47Z", + "uptime_millis": 0, + "version": 10 + }, + "firewall_event": 1, + "flow_duration_milliseconds": 0, + "flow_end_sys_up_time": 1957197969, + "flow_start_sys_up_time": 1957197969, + "fw_rule": "MTH:MTH-MC-to-Inet", + "ingress_interface": 3689, + "log_op": 1, + "octet_delta_count": 0, + "octet_total_count": 0, + "packet_delta_count": 0, + "packet_total_count": 0, + "protocol_identifier": 6, + "reason": 0, + "reason_text": "Normal Operation", + "service_name": "https", + "source_ipv4_address": "64.235.151.76", + "source_mac_address": "00:00:00:00:00:00", + "source_transport_port": 443, + "timestamp": 1524039407, + "traffic_type": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 0, + "community_id": "1:3g7/10xslZq/7OW7ucdoDYgE3IY=", + "direction": "unknown", + "iana_number": 6, + "packets": 0, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 0, + "ip": "64.235.151.76", + "locality": "public", + "mac": "00:00:00:00:00:00", + "packets": 0, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/IPFIX-Barracuda-firewall.golden.json b/filebeat/input/netflow/testdata/golden/IPFIX-Barracuda-firewall.golden.json new file mode 100644 index 00000000000..ad5333cfc04 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/IPFIX-Barracuda-firewall.golden.json @@ -0,0 +1,557 @@ +{ + "test_name": "IPFIX Barracuda firewall", + "events": [ + { + "Timestamp": "2017-06-29T13:58:28Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.99.252.50", + "locality": "private", + "port": 53 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-29T13:58:28Z", + "duration": 20269000000, + "kind": "event" + }, + "flow": { + "id": "2vFIarATx_4", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "10.99.252.50", + "destination_transport_port": 53, + "egress_interface": 26092, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-06-29T13:58:28Z", + "uptime_millis": 0, + "version": 10 + }, + "firewall_event": 2, + "flow_duration_milliseconds": 20269, + "flow_end_sys_up_time": 2395395322, + "flow_start_sys_up_time": 2395375053, + "ingress_interface": 48660, + "octet_delta_count": 0, + "octet_total_count": 65, + "packet_delta_count": 0, + "packet_total_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "10.99.130.239", + "source_mac_address": "00:00:00:00:00:00", + "source_transport_port": 65105, + "type": "netflow_flow" + }, + "network": { + "bytes": 0, + "community_id": "1:hn30QwbDmwNihxKr9rCALGUWPgE=", + "direction": "unknown", + "iana_number": 17, + "packets": 0, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 0, + "ip": "10.99.130.239", + "locality": "private", + "mac": "00:00:00:00:00:00", + "packets": 0, + "port": 65105 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-29T13:58:28Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.99.130.239", + "locality": "private", + "port": 65105 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-29T13:58:28Z", + "duration": 20269000000, + "kind": "event" + }, + "flow": { + "id": "2vFIarATx_4", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "10.99.130.239", + "destination_transport_port": 65105, + "egress_interface": 48660, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-06-29T13:58:28Z", + "uptime_millis": 0, + "version": 10 + }, + "firewall_event": 2, + "flow_duration_milliseconds": 20269, + "flow_end_sys_up_time": 2395395322, + "flow_start_sys_up_time": 2395375053, + "ingress_interface": 26092, + "octet_delta_count": 81, + "octet_total_count": 81, + "packet_delta_count": 1, + "packet_total_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "10.99.252.50", + "source_mac_address": "00:00:00:00:00:00", + "source_transport_port": 53, + "type": "netflow_flow" + }, + "network": { + "bytes": 81, + "community_id": "1:hn30QwbDmwNihxKr9rCALGUWPgE=", + "direction": "unknown", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 81, + "ip": "10.99.252.50", + "locality": "private", + "mac": "00:00:00:00:00:00", + "packets": 1, + "port": 53 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-29T13:58:28Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.98.243.20", + "locality": "private", + "port": 53 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-29T13:58:28Z", + "duration": 20306000000, + "kind": "event" + }, + "flow": { + "id": "wU3G8idsscw", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "10.98.243.20", + "destination_transport_port": 53, + "egress_interface": 41874, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-06-29T13:58:28Z", + "uptime_millis": 0, + "version": 10 + }, + "firewall_event": 2, + "flow_duration_milliseconds": 20306, + "flow_end_sys_up_time": 2395395322, + "flow_start_sys_up_time": 2395375016, + "ingress_interface": 48660, + "octet_delta_count": 0, + "octet_total_count": 65, + "packet_delta_count": 0, + "packet_total_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "10.99.130.239", + "source_mac_address": "00:00:00:00:00:00", + "source_transport_port": 65105, + "type": "netflow_flow" + }, + "network": { + "bytes": 0, + "community_id": "1:ocm1auwAPO+Yk9MSSqJM5efL6qY=", + "direction": "unknown", + "iana_number": 17, + "packets": 0, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 0, + "ip": "10.99.130.239", + "locality": "private", + "mac": "00:00:00:00:00:00", + "packets": 0, + "port": 65105 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-29T13:58:28Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.99.130.239", + "locality": "private", + "port": 65105 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-29T13:58:28Z", + "duration": 20306000000, + "kind": "event" + }, + "flow": { + "id": "wU3G8idsscw", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "10.99.130.239", + "destination_transport_port": 65105, + "egress_interface": 48660, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-06-29T13:58:28Z", + "uptime_millis": 0, + "version": 10 + }, + "firewall_event": 2, + "flow_duration_milliseconds": 20306, + "flow_end_sys_up_time": 2395395322, + "flow_start_sys_up_time": 2395375016, + "ingress_interface": 41874, + "octet_delta_count": 81, + "octet_total_count": 81, + "packet_delta_count": 1, + "packet_total_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "10.98.243.20", + "source_mac_address": "00:00:00:00:00:00", + "source_transport_port": 53, + "type": "netflow_flow" + }, + "network": { + "bytes": 81, + "community_id": "1:ocm1auwAPO+Yk9MSSqJM5efL6qY=", + "direction": "unknown", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 81, + "ip": "10.98.243.20", + "locality": "private", + "mac": "00:00:00:00:00:00", + "packets": 1, + "port": 53 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-29T13:58:28Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.98.243.20", + "locality": "private", + "port": 53 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-29T13:58:28Z", + "duration": 20317000000, + "kind": "event" + }, + "flow": { + "id": "rOmj8EdZ2dc", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "10.98.243.20", + "destination_transport_port": 53, + "egress_interface": 41874, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-06-29T13:58:28Z", + "uptime_millis": 0, + "version": 10 + }, + "firewall_event": 2, + "flow_duration_milliseconds": 20317, + "flow_end_sys_up_time": 2395395322, + "flow_start_sys_up_time": 2395375005, + "ingress_interface": 48660, + "octet_delta_count": 0, + "octet_total_count": 60, + "packet_delta_count": 0, + "packet_total_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "10.99.168.140", + "source_mac_address": "00:00:00:00:00:00", + "source_transport_port": 52344, + "type": "netflow_flow" + }, + "network": { + "bytes": 0, + "community_id": "1:bcQGBQMaIVFnAydHjNGt5YPnRAY=", + "direction": "unknown", + "iana_number": 17, + "packets": 0, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 0, + "ip": "10.99.168.140", + "locality": "private", + "mac": "00:00:00:00:00:00", + "packets": 0, + "port": 52344 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-29T13:58:28Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.99.168.140", + "locality": "private", + "port": 52344 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-29T13:58:28Z", + "duration": 20317000000, + "kind": "event" + }, + "flow": { + "id": "rOmj8EdZ2dc", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "10.99.168.140", + "destination_transport_port": 52344, + "egress_interface": 48660, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-06-29T13:58:28Z", + "uptime_millis": 0, + "version": 10 + }, + "firewall_event": 2, + "flow_duration_milliseconds": 20317, + "flow_end_sys_up_time": 2395395322, + "flow_start_sys_up_time": 2395375005, + "ingress_interface": 41874, + "octet_delta_count": 113, + "octet_total_count": 113, + "packet_delta_count": 1, + "packet_total_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "10.98.243.20", + "source_mac_address": "00:00:00:00:00:00", + "source_transport_port": 53, + "type": "netflow_flow" + }, + "network": { + "bytes": 113, + "community_id": "1:bcQGBQMaIVFnAydHjNGt5YPnRAY=", + "direction": "unknown", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 113, + "ip": "10.98.243.20", + "locality": "private", + "mac": "00:00:00:00:00:00", + "packets": 1, + "port": 53 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-29T13:58:28Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.98.243.20", + "locality": "private", + "port": 53 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-29T13:58:28Z", + "duration": 20368000000, + "kind": "event" + }, + "flow": { + "id": "JE7pThaMwJY", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "10.98.243.20", + "destination_transport_port": 53, + "egress_interface": 41874, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-06-29T13:58:28Z", + "uptime_millis": 0, + "version": 10 + }, + "firewall_event": 2, + "flow_duration_milliseconds": 20368, + "flow_end_sys_up_time": 2395395322, + "flow_start_sys_up_time": 2395374954, + "ingress_interface": 48660, + "octet_delta_count": 0, + "octet_total_count": 60, + "packet_delta_count": 0, + "packet_total_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "10.99.168.140", + "source_mac_address": "00:00:00:00:00:00", + "source_transport_port": 50294, + "type": "netflow_flow" + }, + "network": { + "bytes": 0, + "community_id": "1:ojn8oXkIUR5w+o320kdpJMiPmmM=", + "direction": "unknown", + "iana_number": 17, + "packets": 0, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 0, + "ip": "10.99.168.140", + "locality": "private", + "mac": "00:00:00:00:00:00", + "packets": 0, + "port": 50294 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-29T13:58:28Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.99.168.140", + "locality": "private", + "port": 50294 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-29T13:58:28Z", + "duration": 20368000000, + "kind": "event" + }, + "flow": { + "id": "JE7pThaMwJY", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "10.99.168.140", + "destination_transport_port": 50294, + "egress_interface": 48660, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-06-29T13:58:28Z", + "uptime_millis": 0, + "version": 10 + }, + "firewall_event": 2, + "flow_duration_milliseconds": 20368, + "flow_end_sys_up_time": 2395395322, + "flow_start_sys_up_time": 2395374954, + "ingress_interface": 41874, + "octet_delta_count": 113, + "octet_total_count": 113, + "packet_delta_count": 1, + "packet_total_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "10.98.243.20", + "source_mac_address": "00:00:00:00:00:00", + "source_transport_port": 53, + "type": "netflow_flow" + }, + "network": { + "bytes": 113, + "community_id": "1:ojn8oXkIUR5w+o320kdpJMiPmmM=", + "direction": "unknown", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 113, + "ip": "10.98.243.20", + "locality": "private", + "mac": "00:00:00:00:00:00", + "packets": 1, + "port": 53 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/IPFIX-Mikrotik-RouterOS-6.39.2.golden.json b/filebeat/input/netflow/testdata/golden/IPFIX-Mikrotik-RouterOS-6.39.2.golden.json new file mode 100644 index 00000000000..1f990e524ab --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/IPFIX-Mikrotik-RouterOS-6.39.2.golden.json @@ -0,0 +1,2979 @@ +{ + "test_name": "IPFIX Mikrotik RouterOS 6.39.2", + "events": [ + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.128.17", + "locality": "private", + "port": 123 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "1SREAwMSn_Y", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.128.17", + "destination_transport_port": 123, + "egress_interface": 7, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666794170, + "flow_start_sys_up_time": 2666794170, + "ingress_interface": 13, + "ip_next_hop_ipv4_address": "192.168.224.1", + "ip_version": 4, + "octet_delta_count": 152, + "packet_delta_count": 2, + "post_nat_destination_ipv4_address": "192.168.128.17", + "post_nat_source_ipv4_address": "192.168.230.216", + "protocol_identifier": 17, + "source_ipv4_address": "10.10.8.197", + "source_transport_port": 123, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 152, + "community_id": "1:xhtOANVN9QLWDf3Tox5fsHMf1j4=", + "direction": "unknown", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 152, + "ip": "10.10.8.197", + "locality": "private", + "packets": 2, + "port": 123 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.230.216", + "locality": "private", + "port": 82 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "-1ecQ0Y-YzY", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.230.216", + "destination_transport_port": 82, + "egress_interface": 11, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666794210, + "flow_start_sys_up_time": 2666794210, + "ingress_interface": 7, + "ip_next_hop_ipv4_address": "10.10.6.11", + "ip_version": 4, + "octet_delta_count": 502, + "packet_delta_count": 8, + "post_nat_destination_ipv4_address": "10.10.6.11", + "post_nat_source_ipv4_address": "192.168.35.143", + "protocol_identifier": 6, + "source_ipv4_address": "192.168.35.143", + "source_transport_port": 46518, + "tcp_control_bits": 2, + "type": "netflow_flow" + }, + "network": { + "bytes": 502, + "community_id": "1:X9Jzjnw7Bw6phIzn9EyEGGF0sCg=", + "direction": "unknown", + "iana_number": 6, + "packets": 8, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 502, + "ip": "192.168.35.143", + "locality": "private", + "packets": 8, + "port": 46518 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.35.143", + "locality": "private", + "port": 46518 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "_ztnBsqvzw4", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.35.143", + "destination_transport_port": 46518, + "egress_interface": 7, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666794210, + "flow_start_sys_up_time": 2666794210, + "ingress_interface": 11, + "ip_next_hop_ipv4_address": "192.168.224.1", + "ip_version": 4, + "octet_delta_count": 2233, + "packet_delta_count": 8, + "post_nat_destination_ipv4_address": "192.168.35.143", + "post_nat_source_ipv4_address": "192.168.230.216", + "protocol_identifier": 6, + "source_ipv4_address": "10.10.6.11", + "source_transport_port": 80, + "tcp_control_bits": 18, + "type": "netflow_flow" + }, + "network": { + "bytes": 2233, + "community_id": "1:pDmVo/Rru0kNar+as9ZR2B9R8ig=", + "direction": "unknown", + "iana_number": 6, + "packets": 8, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 2233, + "ip": "10.10.6.11", + "locality": "private", + "packets": 8, + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.230.216", + "locality": "private", + "port": 123 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "83jerlRbQig", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.230.216", + "destination_transport_port": 123, + "egress_interface": 13, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666794210, + "flow_start_sys_up_time": 2666794210, + "ingress_interface": 7, + "ip_next_hop_ipv4_address": "10.10.8.197", + "ip_version": 4, + "octet_delta_count": 152, + "packet_delta_count": 2, + "post_nat_destination_ipv4_address": "10.10.8.197", + "post_nat_source_ipv4_address": "192.168.128.17", + "protocol_identifier": 17, + "source_ipv4_address": "192.168.128.17", + "source_transport_port": 123, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 152, + "community_id": "1:XpciCcuce+PqeEptJQCPs7PXDWw=", + "direction": "unknown", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 152, + "ip": "192.168.128.17", + "locality": "private", + "packets": 2, + "port": 123 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.20.5.191", + "locality": "private", + "port": 42502 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "r6DcuKSlKG8", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.20.5.191", + "destination_transport_port": 42502, + "egress_interface": 9, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666794300, + "flow_start_sys_up_time": 2666793230, + "ingress_interface": 13, + "ip_next_hop_ipv4_address": "172.20.5.191", + "ip_version": 4, + "octet_delta_count": 79724, + "packet_delta_count": 57, + "post_nat_destination_ipv4_address": "172.20.5.191", + "post_nat_source_ipv4_address": "10.10.8.220", + "protocol_identifier": 6, + "source_ipv4_address": "10.10.8.220", + "source_transport_port": 80, + "tcp_control_bits": 18, + "type": "netflow_flow" + }, + "network": { + "bytes": 79724, + "community_id": "1:mijZXFPsGq/HPIz0GoNycp+l6z4=", + "direction": "unknown", + "iana_number": 6, + "packets": 57, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 79724, + "ip": "10.10.8.220", + "locality": "private", + "packets": 57, + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.20.4.1", + "locality": "private", + "port": 53 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "MJV4se1d1EY", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.20.4.1", + "destination_transport_port": 53, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666794320, + "flow_start_sys_up_time": 2666794320, + "ingress_interface": 9, + "ip_next_hop_ipv4_address": "172.20.4.1", + "ip_version": 4, + "octet_delta_count": 161, + "packet_delta_count": 3, + "post_nat_destination_ipv4_address": "172.20.4.1", + "post_nat_source_ipv4_address": "172.20.4.199", + "protocol_identifier": 17, + "source_ipv4_address": "172.20.4.199", + "source_transport_port": 10240, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 161, + "community_id": "1:1bkChZwKODrxts9j+uOWU8Z71yI=", + "direction": "unknown", + "iana_number": 17, + "packets": 3, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 161, + "ip": "172.20.4.199", + "locality": "private", + "packets": 3, + "port": 10240 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.20.4.199", + "locality": "private", + "port": 10240 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "MJV4se1d1EY", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.20.4.199", + "destination_transport_port": 10240, + "egress_interface": 9, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666794320, + "flow_start_sys_up_time": 2666794320, + "ingress_interface": 0, + "ip_next_hop_ipv4_address": "172.20.4.199", + "ip_version": 4, + "octet_delta_count": 245, + "packet_delta_count": 3, + "post_nat_destination_ipv4_address": "172.20.4.199", + "post_nat_source_ipv4_address": "172.20.4.1", + "protocol_identifier": 17, + "source_ipv4_address": "172.20.4.1", + "source_transport_port": 53, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 245, + "community_id": "1:1bkChZwKODrxts9j+uOWU8Z71yI=", + "direction": "unknown", + "iana_number": 17, + "packets": 3, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 245, + "ip": "172.20.4.1", + "locality": "private", + "packets": 3, + "port": 53 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.10.8.34", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "Md4y9RxWsu0", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "10.10.8.34", + "destination_transport_port": 0, + "egress_interface": 13, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666794330, + "flow_start_sys_up_time": 2666790320, + "ingress_interface": 9, + "ip_next_hop_ipv4_address": "10.10.8.34", + "ip_version": 4, + "octet_delta_count": 504, + "packet_delta_count": 6, + "post_nat_destination_ipv4_address": "10.10.8.34", + "post_nat_source_ipv4_address": "172.20.4.30", + "protocol_identifier": 1, + "source_ipv4_address": "172.20.4.30", + "source_transport_port": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 504, + "community_id": "1:R5/ADz+BGeMBuTetWufJMjY3Fp0=", + "direction": "unknown", + "iana_number": 1, + "packets": 6, + "transport": "icmp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 504, + "ip": "172.20.4.30", + "locality": "private", + "packets": 6, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.20.4.30", + "locality": "private", + "port": 59571 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "_XZysP4InTc", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.20.4.30", + "destination_transport_port": 59571, + "egress_interface": 9, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666794400, + "flow_start_sys_up_time": 2666792700, + "ingress_interface": 13, + "ip_next_hop_ipv4_address": "172.20.4.30", + "ip_version": 4, + "octet_delta_count": 784, + "packet_delta_count": 6, + "post_nat_destination_ipv4_address": "172.20.4.30", + "post_nat_source_ipv4_address": "10.10.8.105", + "protocol_identifier": 6, + "source_ipv4_address": "10.10.8.105", + "source_transport_port": 22, + "tcp_control_bits": 18, + "type": "netflow_flow" + }, + "network": { + "bytes": 784, + "community_id": "1:UTPqIKbgBOhUsWyDGwpQ9ybvG1Q=", + "direction": "unknown", + "iana_number": 6, + "packets": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 784, + "ip": "10.10.8.105", + "locality": "private", + "packets": 6, + "port": 22 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.10.8.105", + "locality": "private", + "port": 22 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "_XZysP4InTc", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "10.10.8.105", + "destination_transport_port": 22, + "egress_interface": 13, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666794400, + "flow_start_sys_up_time": 2666792270, + "ingress_interface": 9, + "ip_next_hop_ipv4_address": "10.10.8.105", + "ip_version": 4, + "octet_delta_count": 433, + "packet_delta_count": 8, + "post_nat_destination_ipv4_address": "10.10.8.105", + "post_nat_source_ipv4_address": "172.20.4.30", + "protocol_identifier": 6, + "source_ipv4_address": "172.20.4.30", + "source_transport_port": 59571, + "tcp_control_bits": 2, + "type": "netflow_flow" + }, + "network": { + "bytes": 433, + "community_id": "1:UTPqIKbgBOhUsWyDGwpQ9ybvG1Q=", + "direction": "unknown", + "iana_number": 6, + "packets": 8, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 433, + "ip": "172.20.4.30", + "locality": "private", + "packets": 8, + "port": 59571 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.183.199", + "locality": "private", + "port": 6667 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "5stvUzTWY8c", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.183.199", + "destination_transport_port": 6667, + "egress_interface": 7, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666794440, + "flow_start_sys_up_time": 2666794440, + "ingress_interface": 12, + "ip_next_hop_ipv4_address": "192.168.224.1", + "ip_version": 4, + "octet_delta_count": 196, + "packet_delta_count": 3, + "post_nat_destination_ipv4_address": "192.168.183.199", + "post_nat_source_ipv4_address": "192.168.230.216", + "protocol_identifier": 6, + "source_ipv4_address": "10.10.7.11", + "source_transport_port": 48378, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 196, + "community_id": "1:+2FFzJt+KXMsdRFIIwAkTVbJJ3k=", + "direction": "unknown", + "iana_number": 6, + "packets": 3, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 196, + "ip": "10.10.7.11", + "locality": "private", + "packets": 3, + "port": 48378 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.230.216", + "locality": "private", + "port": 48378 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "VdPCBSYnnS0", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.230.216", + "destination_transport_port": 48378, + "egress_interface": 12, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666794490, + "flow_start_sys_up_time": 2666794490, + "ingress_interface": 7, + "ip_next_hop_ipv4_address": "10.10.7.11", + "ip_version": 4, + "octet_delta_count": 206, + "packet_delta_count": 3, + "post_nat_destination_ipv4_address": "10.10.7.11", + "post_nat_source_ipv4_address": "192.168.183.199", + "protocol_identifier": 6, + "source_ipv4_address": "192.168.183.199", + "source_transport_port": 6667, + "tcp_control_bits": 16, + "type": "netflow_flow" + }, + "network": { + "bytes": 206, + "community_id": "1:wUPylJNkPlJks6QXwY7UebXp0Nk=", + "direction": "unknown", + "iana_number": 6, + "packets": 3, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 206, + "ip": "192.168.183.199", + "locality": "private", + "packets": 3, + "port": 6667 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.20.4.30", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "asoP1PL3Pao", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.20.4.30", + "destination_transport_port": 0, + "egress_interface": 9, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666794700, + "flow_start_sys_up_time": 2666790400, + "ingress_interface": 13, + "ip_next_hop_ipv4_address": "172.20.4.30", + "ip_version": 4, + "octet_delta_count": 504, + "packet_delta_count": 6, + "post_nat_destination_ipv4_address": "172.20.4.30", + "post_nat_source_ipv4_address": "10.10.8.34", + "protocol_identifier": 1, + "source_ipv4_address": "10.10.8.34", + "source_transport_port": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 504, + "community_id": "1:egGU52actG9xRhZUuYg20CpjWzI=", + "direction": "unknown", + "iana_number": 1, + "packets": 6, + "transport": "icmp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 504, + "ip": "10.10.8.34", + "locality": "private", + "packets": 6, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.10.8.220", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "r6DcuKSlKG8", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "10.10.8.220", + "destination_transport_port": 80, + "egress_interface": 13, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666794930, + "flow_start_sys_up_time": 2666792760, + "ingress_interface": 9, + "ip_next_hop_ipv4_address": "10.10.8.220", + "ip_version": 4, + "octet_delta_count": 3539, + "packet_delta_count": 58, + "post_nat_destination_ipv4_address": "10.10.8.220", + "post_nat_source_ipv4_address": "172.20.5.191", + "protocol_identifier": 6, + "source_ipv4_address": "172.20.5.191", + "source_transport_port": 42502, + "tcp_control_bits": 2, + "type": "netflow_flow" + }, + "network": { + "bytes": 3539, + "community_id": "1:mijZXFPsGq/HPIz0GoNycp+l6z4=", + "direction": "unknown", + "iana_number": 6, + "packets": 58, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 3539, + "ip": "172.20.5.191", + "locality": "private", + "packets": 58, + "port": 42502 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "255.255.255.255", + "locality": "private", + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "4AA5ETLDkm0", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "255.255.255.255", + "destination_transport_port": 5678, + "egress_interface": 9, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795740, + "flow_start_sys_up_time": 2666795740, + "ingress_interface": 0, + "ip_next_hop_ipv4_address": "255.255.255.255", + "ip_version": 4, + "octet_delta_count": 495, + "packet_delta_count": 3, + "post_nat_destination_ipv4_address": "255.255.255.255", + "post_nat_source_ipv4_address": "172.20.4.1", + "protocol_identifier": 17, + "source_ipv4_address": "172.20.4.1", + "source_transport_port": 33332, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 495, + "community_id": "1:4xsmybmBWEF/OhjZe6xnUkZg4O4=", + "direction": "unknown", + "iana_number": 17, + "packets": 3, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 495, + "ip": "172.20.4.1", + "locality": "private", + "packets": 3, + "port": 33332 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "255.255.255.255", + "locality": "private", + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "4AA5ETLDkm0", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "255.255.255.255", + "destination_transport_port": 5678, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795740, + "flow_start_sys_up_time": 2666795740, + "ingress_interface": 9, + "ip_next_hop_ipv4_address": "255.255.255.255", + "ip_version": 4, + "octet_delta_count": 330, + "packet_delta_count": 2, + "post_nat_destination_ipv4_address": "255.255.255.255", + "post_nat_source_ipv4_address": "172.20.4.1", + "protocol_identifier": 17, + "source_ipv4_address": "172.20.4.1", + "source_transport_port": 33332, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 330, + "community_id": "1:4xsmybmBWEF/OhjZe6xnUkZg4O4=", + "direction": "unknown", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 330, + "ip": "172.20.4.1", + "locality": "private", + "packets": 2, + "port": 33332 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "255.255.255.255", + "locality": "private", + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "BaTGW6h8V9s", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "255.255.255.255", + "destination_transport_port": 5678, + "egress_interface": 10, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795740, + "flow_start_sys_up_time": 2666795740, + "ingress_interface": 0, + "ip_next_hop_ipv4_address": "255.255.255.255", + "ip_version": 4, + "octet_delta_count": 435, + "packet_delta_count": 3, + "post_nat_destination_ipv4_address": "255.255.255.255", + "post_nat_source_ipv4_address": "172.30.0.1", + "protocol_identifier": 17, + "source_ipv4_address": "172.30.0.1", + "source_transport_port": 53298, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 435, + "community_id": "1:AK+uc3uJyb6v35G+oeC8Ehp4dOE=", + "direction": "unknown", + "iana_number": 17, + "packets": 3, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 435, + "ip": "172.30.0.1", + "locality": "private", + "packets": 3, + "port": 53298 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "255.255.255.255", + "locality": "private", + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "BaTGW6h8V9s", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "255.255.255.255", + "destination_transport_port": 5678, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795740, + "flow_start_sys_up_time": 2666795740, + "ingress_interface": 10, + "ip_next_hop_ipv4_address": "255.255.255.255", + "ip_version": 4, + "octet_delta_count": 290, + "packet_delta_count": 2, + "post_nat_destination_ipv4_address": "255.255.255.255", + "post_nat_source_ipv4_address": "172.30.0.1", + "protocol_identifier": 17, + "source_ipv4_address": "172.30.0.1", + "source_transport_port": 53298, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 290, + "community_id": "1:AK+uc3uJyb6v35G+oeC8Ehp4dOE=", + "direction": "unknown", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 290, + "ip": "172.30.0.1", + "locality": "private", + "packets": 2, + "port": 53298 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "255.255.255.255", + "locality": "private", + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "a0peNOTOYXA", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "255.255.255.255", + "destination_transport_port": 5678, + "egress_interface": 11, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795740, + "flow_start_sys_up_time": 2666795740, + "ingress_interface": 0, + "ip_next_hop_ipv4_address": "255.255.255.255", + "ip_version": 4, + "octet_delta_count": 495, + "packet_delta_count": 3, + "post_nat_destination_ipv4_address": "255.255.255.255", + "post_nat_source_ipv4_address": "10.10.6.1", + "protocol_identifier": 17, + "source_ipv4_address": "10.10.6.1", + "source_transport_port": 48172, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 495, + "community_id": "1:RAC/9JDBXZ5+D1hZFUTfKaz2ugo=", + "direction": "unknown", + "iana_number": 17, + "packets": 3, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 495, + "ip": "10.10.6.1", + "locality": "private", + "packets": 3, + "port": 48172 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "255.255.255.255", + "locality": "private", + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "a0peNOTOYXA", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "255.255.255.255", + "destination_transport_port": 5678, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795740, + "flow_start_sys_up_time": 2666795740, + "ingress_interface": 11, + "ip_next_hop_ipv4_address": "255.255.255.255", + "ip_version": 4, + "octet_delta_count": 330, + "packet_delta_count": 2, + "post_nat_destination_ipv4_address": "255.255.255.255", + "post_nat_source_ipv4_address": "10.10.6.1", + "protocol_identifier": 17, + "source_ipv4_address": "10.10.6.1", + "source_transport_port": 48172, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 330, + "community_id": "1:RAC/9JDBXZ5+D1hZFUTfKaz2ugo=", + "direction": "unknown", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 330, + "ip": "10.10.6.1", + "locality": "private", + "packets": 2, + "port": 48172 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "255.255.255.255", + "locality": "private", + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "rX81_0wnl4c", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "255.255.255.255", + "destination_transport_port": 5678, + "egress_interface": 12, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795750, + "flow_start_sys_up_time": 2666795750, + "ingress_interface": 0, + "ip_next_hop_ipv4_address": "255.255.255.255", + "ip_version": 4, + "octet_delta_count": 495, + "packet_delta_count": 3, + "post_nat_destination_ipv4_address": "255.255.255.255", + "post_nat_source_ipv4_address": "10.10.7.1", + "protocol_identifier": 17, + "source_ipv4_address": "10.10.7.1", + "source_transport_port": 48935, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 495, + "community_id": "1:aBxBvbPn1huzZcWnY6vxAArokoQ=", + "direction": "unknown", + "iana_number": 17, + "packets": 3, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 495, + "ip": "10.10.7.1", + "locality": "private", + "packets": 3, + "port": 48935 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "255.255.255.255", + "locality": "private", + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "rX81_0wnl4c", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "255.255.255.255", + "destination_transport_port": 5678, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795750, + "flow_start_sys_up_time": 2666795750, + "ingress_interface": 12, + "ip_next_hop_ipv4_address": "255.255.255.255", + "ip_version": 4, + "octet_delta_count": 330, + "packet_delta_count": 2, + "post_nat_destination_ipv4_address": "255.255.255.255", + "post_nat_source_ipv4_address": "10.10.7.1", + "protocol_identifier": 17, + "source_ipv4_address": "10.10.7.1", + "source_transport_port": 48935, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 330, + "community_id": "1:aBxBvbPn1huzZcWnY6vxAArokoQ=", + "direction": "unknown", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 330, + "ip": "10.10.7.1", + "locality": "private", + "packets": 2, + "port": 48935 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "255.255.255.255", + "locality": "private", + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "7EW3D8kjT4Q", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "255.255.255.255", + "destination_transport_port": 5678, + "egress_interface": 13, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795750, + "flow_start_sys_up_time": 2666795750, + "ingress_interface": 0, + "ip_next_hop_ipv4_address": "255.255.255.255", + "ip_version": 4, + "octet_delta_count": 495, + "packet_delta_count": 3, + "post_nat_destination_ipv4_address": "255.255.255.255", + "post_nat_source_ipv4_address": "10.10.8.1", + "protocol_identifier": 17, + "source_ipv4_address": "10.10.8.1", + "source_transport_port": 51931, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 495, + "community_id": "1:OGKDsfaFh3XEKadSh2qUGRfql5E=", + "direction": "unknown", + "iana_number": 17, + "packets": 3, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 495, + "ip": "10.10.8.1", + "locality": "private", + "packets": 3, + "port": 51931 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "255.255.255.255", + "locality": "private", + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "7EW3D8kjT4Q", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "255.255.255.255", + "destination_transport_port": 5678, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795750, + "flow_start_sys_up_time": 2666795750, + "ingress_interface": 13, + "ip_next_hop_ipv4_address": "255.255.255.255", + "ip_version": 4, + "octet_delta_count": 330, + "packet_delta_count": 2, + "post_nat_destination_ipv4_address": "255.255.255.255", + "post_nat_source_ipv4_address": "10.10.8.1", + "protocol_identifier": 17, + "source_ipv4_address": "10.10.8.1", + "source_transport_port": 51931, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 330, + "community_id": "1:OGKDsfaFh3XEKadSh2qUGRfql5E=", + "direction": "unknown", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 330, + "ip": "10.10.8.1", + "locality": "private", + "packets": 2, + "port": 51931 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "255.255.255.255", + "locality": "private", + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "JacJ1_FgpYg", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "255.255.255.255", + "destination_transport_port": 5678, + "egress_interface": 14, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795750, + "flow_start_sys_up_time": 2666795750, + "ingress_interface": 0, + "ip_next_hop_ipv4_address": "255.255.255.255", + "ip_version": 4, + "octet_delta_count": 495, + "packet_delta_count": 3, + "post_nat_destination_ipv4_address": "255.255.255.255", + "post_nat_source_ipv4_address": "10.20.0.1", + "protocol_identifier": 17, + "source_ipv4_address": "10.20.0.1", + "source_transport_port": 43454, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 495, + "community_id": "1:SZHwZuTGD4KhA34qOHlPFpIm6O4=", + "direction": "unknown", + "iana_number": 17, + "packets": 3, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 495, + "ip": "10.20.0.1", + "locality": "private", + "packets": 3, + "port": 43454 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "255.255.255.255", + "locality": "private", + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "JacJ1_FgpYg", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "255.255.255.255", + "destination_transport_port": 5678, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795750, + "flow_start_sys_up_time": 2666795750, + "ingress_interface": 14, + "ip_next_hop_ipv4_address": "255.255.255.255", + "ip_version": 4, + "octet_delta_count": 330, + "packet_delta_count": 2, + "post_nat_destination_ipv4_address": "255.255.255.255", + "post_nat_source_ipv4_address": "10.20.0.1", + "protocol_identifier": 17, + "source_ipv4_address": "10.20.0.1", + "source_transport_port": 43454, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 330, + "community_id": "1:SZHwZuTGD4KhA34qOHlPFpIm6O4=", + "direction": "unknown", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 330, + "ip": "10.20.0.1", + "locality": "private", + "packets": 2, + "port": 43454 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "255.255.255.255", + "locality": "private", + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "38frmBtEgfI", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "255.255.255.255", + "destination_transport_port": 5678, + "egress_interface": 15, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795750, + "flow_start_sys_up_time": 2666795750, + "ingress_interface": 0, + "ip_next_hop_ipv4_address": "255.255.255.255", + "ip_version": 4, + "octet_delta_count": 495, + "packet_delta_count": 3, + "post_nat_destination_ipv4_address": "255.255.255.255", + "post_nat_source_ipv4_address": "10.10.10.1", + "protocol_identifier": 17, + "source_ipv4_address": "10.10.10.1", + "source_transport_port": 52837, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 495, + "community_id": "1:jI3Kb3eebBn6wSG8vdNDd3rT5eY=", + "direction": "unknown", + "iana_number": 17, + "packets": 3, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 495, + "ip": "10.10.10.1", + "locality": "private", + "packets": 3, + "port": 52837 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "255.255.255.255", + "locality": "private", + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "38frmBtEgfI", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "255.255.255.255", + "destination_transport_port": 5678, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795750, + "flow_start_sys_up_time": 2666795750, + "ingress_interface": 15, + "ip_next_hop_ipv4_address": "255.255.255.255", + "ip_version": 4, + "octet_delta_count": 330, + "packet_delta_count": 2, + "post_nat_destination_ipv4_address": "255.255.255.255", + "post_nat_source_ipv4_address": "10.10.10.1", + "protocol_identifier": 17, + "source_ipv4_address": "10.10.10.1", + "source_transport_port": 52837, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 330, + "community_id": "1:jI3Kb3eebBn6wSG8vdNDd3rT5eY=", + "direction": "unknown", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 330, + "ip": "10.10.10.1", + "locality": "private", + "packets": 2, + "port": 52837 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "RlrAo_U1Y14", + "locality": "private" + }, + "netflow": { + "destination_ipv6_address": "fe80::ff:fe00:401", + "destination_transport_port": 5678, + "egress_interface": 9, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795740, + "flow_start_sys_up_time": 2666795740, + "ingress_interface": 0, + "ip_next_hop_ipv6_address": "ff02::1", + "ip_version": 6, + "octet_delta_count": 555, + "packet_delta_count": 3, + "protocol_identifier": 17, + "source_ipv6_address": "fe80::ff:fe00:401", + "source_transport_port": 5678, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 555, + "community_id": "1:I4DlCbWgyxRiNPVj5ntu1L7Z0hw=", + "direction": "unknown", + "iana_number": 17, + "packets": 3, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 555, + "packets": 3, + "port": 5678 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "RlrAo_U1Y14", + "locality": "private" + }, + "netflow": { + "destination_ipv6_address": "fe80::ff:fe00:401", + "destination_transport_port": 5678, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795740, + "flow_start_sys_up_time": 2666795740, + "ingress_interface": 9, + "ip_next_hop_ipv6_address": "ff02::1", + "ip_version": 6, + "octet_delta_count": 370, + "packet_delta_count": 2, + "protocol_identifier": 17, + "source_ipv6_address": "fe80::ff:fe00:401", + "source_transport_port": 5678, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 370, + "community_id": "1:I4DlCbWgyxRiNPVj5ntu1L7Z0hw=", + "direction": "unknown", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 370, + "packets": 2, + "port": 5678 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "RlrAo_U1Y14", + "locality": "private" + }, + "netflow": { + "destination_ipv6_address": "fe80::ff:fe00:501", + "destination_transport_port": 5678, + "egress_interface": 10, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795740, + "flow_start_sys_up_time": 2666795740, + "ingress_interface": 0, + "ip_next_hop_ipv6_address": "ff02::1", + "ip_version": 6, + "octet_delta_count": 495, + "packet_delta_count": 3, + "protocol_identifier": 17, + "source_ipv6_address": "fe80::ff:fe00:501", + "source_transport_port": 5678, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 495, + "community_id": "1:I4DlCbWgyxRiNPVj5ntu1L7Z0hw=", + "direction": "unknown", + "iana_number": 17, + "packets": 3, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 495, + "packets": 3, + "port": 5678 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "RlrAo_U1Y14", + "locality": "private" + }, + "netflow": { + "destination_ipv6_address": "fe80::ff:fe00:501", + "destination_transport_port": 5678, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795740, + "flow_start_sys_up_time": 2666795740, + "ingress_interface": 10, + "ip_next_hop_ipv6_address": "ff02::1", + "ip_version": 6, + "octet_delta_count": 330, + "packet_delta_count": 2, + "protocol_identifier": 17, + "source_ipv6_address": "fe80::ff:fe00:501", + "source_transport_port": 5678, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 330, + "community_id": "1:I4DlCbWgyxRiNPVj5ntu1L7Z0hw=", + "direction": "unknown", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 330, + "packets": 2, + "port": 5678 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "RlrAo_U1Y14", + "locality": "private" + }, + "netflow": { + "destination_ipv6_address": "fe80::ff:fe00:601", + "destination_transport_port": 5678, + "egress_interface": 11, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795740, + "flow_start_sys_up_time": 2666795740, + "ingress_interface": 0, + "ip_next_hop_ipv6_address": "ff02::1", + "ip_version": 6, + "octet_delta_count": 555, + "packet_delta_count": 3, + "protocol_identifier": 17, + "source_ipv6_address": "fe80::ff:fe00:601", + "source_transport_port": 5678, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 555, + "community_id": "1:I4DlCbWgyxRiNPVj5ntu1L7Z0hw=", + "direction": "unknown", + "iana_number": 17, + "packets": 3, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 555, + "packets": 3, + "port": 5678 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "RlrAo_U1Y14", + "locality": "private" + }, + "netflow": { + "destination_ipv6_address": "fe80::ff:fe00:601", + "destination_transport_port": 5678, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795740, + "flow_start_sys_up_time": 2666795740, + "ingress_interface": 11, + "ip_next_hop_ipv6_address": "ff02::1", + "ip_version": 6, + "octet_delta_count": 370, + "packet_delta_count": 2, + "protocol_identifier": 17, + "source_ipv6_address": "fe80::ff:fe00:601", + "source_transport_port": 5678, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 370, + "community_id": "1:I4DlCbWgyxRiNPVj5ntu1L7Z0hw=", + "direction": "unknown", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 370, + "packets": 2, + "port": 5678 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "RlrAo_U1Y14", + "locality": "private" + }, + "netflow": { + "destination_ipv6_address": "fe80::ff:fe00:701", + "destination_transport_port": 5678, + "egress_interface": 12, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795750, + "flow_start_sys_up_time": 2666795750, + "ingress_interface": 0, + "ip_next_hop_ipv6_address": "ff02::1", + "ip_version": 6, + "octet_delta_count": 555, + "packet_delta_count": 3, + "protocol_identifier": 17, + "source_ipv6_address": "fe80::ff:fe00:701", + "source_transport_port": 5678, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 555, + "community_id": "1:I4DlCbWgyxRiNPVj5ntu1L7Z0hw=", + "direction": "unknown", + "iana_number": 17, + "packets": 3, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 555, + "packets": 3, + "port": 5678 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "RlrAo_U1Y14", + "locality": "private" + }, + "netflow": { + "destination_ipv6_address": "fe80::ff:fe00:701", + "destination_transport_port": 5678, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795750, + "flow_start_sys_up_time": 2666795750, + "ingress_interface": 12, + "ip_next_hop_ipv6_address": "ff02::1", + "ip_version": 6, + "octet_delta_count": 370, + "packet_delta_count": 2, + "protocol_identifier": 17, + "source_ipv6_address": "fe80::ff:fe00:701", + "source_transport_port": 5678, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 370, + "community_id": "1:I4DlCbWgyxRiNPVj5ntu1L7Z0hw=", + "direction": "unknown", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 370, + "packets": 2, + "port": 5678 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "RlrAo_U1Y14", + "locality": "private" + }, + "netflow": { + "destination_ipv6_address": "fe80::ff:fe00:801", + "destination_transport_port": 5678, + "egress_interface": 13, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795750, + "flow_start_sys_up_time": 2666795750, + "ingress_interface": 0, + "ip_next_hop_ipv6_address": "ff02::1", + "ip_version": 6, + "octet_delta_count": 555, + "packet_delta_count": 3, + "protocol_identifier": 17, + "source_ipv6_address": "fe80::ff:fe00:801", + "source_transport_port": 5678, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 555, + "community_id": "1:I4DlCbWgyxRiNPVj5ntu1L7Z0hw=", + "direction": "unknown", + "iana_number": 17, + "packets": 3, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 555, + "packets": 3, + "port": 5678 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "RlrAo_U1Y14", + "locality": "private" + }, + "netflow": { + "destination_ipv6_address": "fe80::ff:fe00:801", + "destination_transport_port": 5678, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795750, + "flow_start_sys_up_time": 2666795750, + "ingress_interface": 13, + "ip_next_hop_ipv6_address": "ff02::1", + "ip_version": 6, + "octet_delta_count": 370, + "packet_delta_count": 2, + "protocol_identifier": 17, + "source_ipv6_address": "fe80::ff:fe00:801", + "source_transport_port": 5678, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 370, + "community_id": "1:I4DlCbWgyxRiNPVj5ntu1L7Z0hw=", + "direction": "unknown", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 370, + "packets": 2, + "port": 5678 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "RlrAo_U1Y14", + "locality": "private" + }, + "netflow": { + "destination_ipv6_address": "fe80::ff:fe00:901", + "destination_transport_port": 5678, + "egress_interface": 14, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795750, + "flow_start_sys_up_time": 2666795750, + "ingress_interface": 0, + "ip_next_hop_ipv6_address": "ff02::1", + "ip_version": 6, + "octet_delta_count": 555, + "packet_delta_count": 3, + "protocol_identifier": 17, + "source_ipv6_address": "fe80::ff:fe00:901", + "source_transport_port": 5678, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 555, + "community_id": "1:I4DlCbWgyxRiNPVj5ntu1L7Z0hw=", + "direction": "unknown", + "iana_number": 17, + "packets": 3, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 555, + "packets": 3, + "port": 5678 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "RlrAo_U1Y14", + "locality": "private" + }, + "netflow": { + "destination_ipv6_address": "fe80::ff:fe00:901", + "destination_transport_port": 5678, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795750, + "flow_start_sys_up_time": 2666795750, + "ingress_interface": 14, + "ip_next_hop_ipv6_address": "ff02::1", + "ip_version": 6, + "octet_delta_count": 370, + "packet_delta_count": 2, + "protocol_identifier": 17, + "source_ipv6_address": "fe80::ff:fe00:901", + "source_transport_port": 5678, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 370, + "community_id": "1:I4DlCbWgyxRiNPVj5ntu1L7Z0hw=", + "direction": "unknown", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 370, + "packets": 2, + "port": 5678 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "RlrAo_U1Y14", + "locality": "private" + }, + "netflow": { + "destination_ipv6_address": "fe80::ff:fe00:1001", + "destination_transport_port": 5678, + "egress_interface": 15, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795750, + "flow_start_sys_up_time": 2666795750, + "ingress_interface": 0, + "ip_next_hop_ipv6_address": "ff02::1", + "ip_version": 6, + "octet_delta_count": 555, + "packet_delta_count": 3, + "protocol_identifier": 17, + "source_ipv6_address": "fe80::ff:fe00:1001", + "source_transport_port": 5678, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 555, + "community_id": "1:I4DlCbWgyxRiNPVj5ntu1L7Z0hw=", + "direction": "unknown", + "iana_number": 17, + "packets": 3, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 555, + "packets": 3, + "port": 5678 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "RlrAo_U1Y14", + "locality": "private" + }, + "netflow": { + "destination_ipv6_address": "fe80::ff:fe00:1001", + "destination_transport_port": 5678, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795750, + "flow_start_sys_up_time": 2666795750, + "ingress_interface": 15, + "ip_next_hop_ipv6_address": "ff02::1", + "ip_version": 6, + "octet_delta_count": 370, + "packet_delta_count": 2, + "protocol_identifier": 17, + "source_ipv6_address": "fe80::ff:fe00:1001", + "source_transport_port": 5678, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 370, + "community_id": "1:I4DlCbWgyxRiNPVj5ntu1L7Z0hw=", + "direction": "unknown", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 370, + "packets": 2, + "port": 5678 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "RlrAo_U1Y14", + "locality": "private" + }, + "netflow": { + "destination_ipv6_address": "fe80::ff:fe00:1101", + "destination_transport_port": 5678, + "egress_interface": 16, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795750, + "flow_start_sys_up_time": 2666795750, + "ingress_interface": 0, + "ip_next_hop_ipv6_address": "ff02::1", + "ip_version": 6, + "octet_delta_count": 555, + "packet_delta_count": 3, + "protocol_identifier": 17, + "source_ipv6_address": "fe80::ff:fe00:1101", + "source_transport_port": 5678, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 555, + "community_id": "1:I4DlCbWgyxRiNPVj5ntu1L7Z0hw=", + "direction": "unknown", + "iana_number": 17, + "packets": 3, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 555, + "packets": 3, + "port": 5678 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "RlrAo_U1Y14", + "locality": "private" + }, + "netflow": { + "destination_ipv6_address": "fe80::ff:fe00:1101", + "destination_transport_port": 5678, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795750, + "flow_start_sys_up_time": 2666795750, + "ingress_interface": 16, + "ip_next_hop_ipv6_address": "ff02::1", + "ip_version": 6, + "octet_delta_count": 370, + "packet_delta_count": 2, + "protocol_identifier": 17, + "source_ipv6_address": "fe80::ff:fe00:1101", + "source_transport_port": 5678, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 370, + "community_id": "1:I4DlCbWgyxRiNPVj5ntu1L7Z0hw=", + "direction": "unknown", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 370, + "packets": 2, + "port": 5678 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "RlrAo_U1Y14", + "locality": "private" + }, + "netflow": { + "destination_ipv6_address": "fe80::ff:fe00:1201", + "destination_transport_port": 5678, + "egress_interface": 17, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795750, + "flow_start_sys_up_time": 2666795750, + "ingress_interface": 0, + "ip_next_hop_ipv6_address": "ff02::1", + "ip_version": 6, + "octet_delta_count": 555, + "packet_delta_count": 3, + "protocol_identifier": 17, + "source_ipv6_address": "fe80::ff:fe00:1201", + "source_transport_port": 5678, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 555, + "community_id": "1:I4DlCbWgyxRiNPVj5ntu1L7Z0hw=", + "direction": "unknown", + "iana_number": 17, + "packets": 3, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 555, + "packets": 3, + "port": 5678 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-19T16:18:08Z", + "Meta": null, + "Fields": { + "destination": { + "port": 5678 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-19T16:18:08Z", + "kind": "event" + }, + "flow": { + "id": "RlrAo_U1Y14", + "locality": "private" + }, + "netflow": { + "destination_ipv6_address": "fe80::ff:fe00:1201", + "destination_transport_port": 5678, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-07-19T16:18:08Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2666795750, + "flow_start_sys_up_time": 2666795750, + "ingress_interface": 17, + "ip_next_hop_ipv6_address": "ff02::1", + "ip_version": 6, + "octet_delta_count": 370, + "packet_delta_count": 2, + "protocol_identifier": 17, + "source_ipv6_address": "fe80::ff:fe00:1201", + "source_transport_port": 5678, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 370, + "community_id": "1:I4DlCbWgyxRiNPVj5ntu1L7Z0hw=", + "direction": "unknown", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 370, + "packets": 2, + "port": 5678 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/IPFIX-Netscaler-with-variable-length-fields-missing-templates.golden.json b/filebeat/input/netflow/testdata/golden/IPFIX-Netscaler-with-variable-length-fields-missing-templates.golden.json new file mode 100644 index 00000000000..66a9d330c22 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/IPFIX-Netscaler-with-variable-length-fields-missing-templates.golden.json @@ -0,0 +1,3 @@ +{ + "test_name": "IPFIX Netscaler with variable length fields, missing templates" +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/IPFIX-Netscaler-with-variable-length-fields.golden.json b/filebeat/input/netflow/testdata/golden/IPFIX-Netscaler-with-variable-length-fields.golden.json new file mode 100644 index 00000000000..5037ae27ecb --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/IPFIX-Netscaler-with-variable-length-fields.golden.json @@ -0,0 +1,263 @@ +{ + "test_name": "IPFIX Netscaler with variable length fields", + "events": [ + { + "Timestamp": "2016-11-11T12:09:19Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.0.1", + "locality": "private", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-11-11T12:09:19Z", + "kind": "event" + }, + "flow": { + "id": "8wXIKNz6u_8", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "10.0.0.1", + "destination_transport_port": 443, + "egress_interface": 2147483651, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-11-11T12:09:19Z", + "uptime_millis": 0, + "version": 10 + }, + "exporting_process_id": 3, + "flow_end_microseconds": "2016-11-11T12:09:19.000127768Z", + "flow_id": 14460661, + "flow_start_microseconds": "2016-11-11T12:09:19.000127768Z", + "ingress_interface": 8, + "ip_version": 4, + "netscaler_aaa_username": "", + "netscaler_app_name_app_id": 240189440, + "netscaler_app_unit_name_app_id": 0, + "netscaler_connection_chain_hop_count": 1, + "netscaler_connection_chain_id": "AODtHJyoAwDvtCVYhIUGAA==", + "netscaler_connection_id": 14460661, + "netscaler_flow_flags": 84025344, + "netscaler_http_content_type": "", + "netscaler_http_domain_name": "", + "netscaler_http_req_authorization": "", + "netscaler_http_req_cookie": "", + "netscaler_http_req_host": "", + "netscaler_http_req_method": "", + "netscaler_http_req_referer": "", + "netscaler_http_req_url": "", + "netscaler_http_req_user_agent": "", + "netscaler_http_req_via": "", + "netscaler_http_req_xforwarded_for": "", + "netscaler_http_res_forw_fb": 17163184441650, + "netscaler_http_res_forw_lb": 0, + "netscaler_transaction_id": 1068114973, + "netscaler_unknown330": 0, + "observation_point_id": 167954698, + "octet_delta_count": 40, + "packet_delta_count": 1, + "padding_octets": "AAA=", + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 51053, + "tcp_control_bits": 16, + "type": "netflow_flow" + }, + "network": { + "bytes": 40, + "community_id": "1:vKHRCBsu01Bj9xGu84I60+x4kGg=", + "direction": "unknown", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 40, + "ip": "192.168.0.1", + "locality": "private", + "packets": 1, + "port": 51053 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-11-11T12:09:19Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.1", + "locality": "private", + "port": 51053 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-11-11T12:09:19Z", + "kind": "event" + }, + "flow": { + "id": "8wXIKNz6u_8", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.1", + "destination_transport_port": 51053, + "egress_interface": 6, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-11-11T12:09:19Z", + "uptime_millis": 0, + "version": 10 + }, + "exporting_process_id": 3, + "flow_end_microseconds": "2016-11-11T12:09:19.00009951Z", + "flow_id": 14460662, + "flow_start_microseconds": "2016-11-11T12:09:19.00009951Z", + "ingress_interface": 2147483651, + "ip_version": 4, + "netscaler_app_name_app_id": 240189440, + "netscaler_connection_chain_hop_count": 1, + "netscaler_connection_chain_id": "AODtHJyoAwDvtCVYhIUGAA==", + "netscaler_connection_id": 14460661, + "netscaler_flow_flags": 1157636096, + "netscaler_round_trip_time": 83, + "netscaler_transaction_id": 1068114973, + "netscaler_unknown329": 0, + "netscaler_unknown331": 0, + "netscaler_unknown332": 0, + "observation_point_id": 167954698, + "octet_delta_count": 1525, + "packet_delta_count": 2, + "padding_octets": "AAA=", + "protocol_identifier": 6, + "source_ipv4_address": "10.0.0.1", + "source_transport_port": 443, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 1525, + "community_id": "1:vKHRCBsu01Bj9xGu84I60+x4kGg=", + "direction": "unknown", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1525, + "ip": "10.0.0.1", + "locality": "private", + "packets": 2, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-11-11T12:09:19Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.0.1", + "locality": "private", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-11-11T12:09:19Z", + "kind": "event" + }, + "flow": { + "id": "8wXIKNz6u_8", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "10.0.0.1", + "destination_transport_port": 443, + "egress_interface": 2147483651, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-11-11T12:09:19Z", + "uptime_millis": 0, + "version": 10 + }, + "exporting_process_id": 3, + "flow_end_microseconds": "2016-11-11T12:09:19.000128468Z", + "flow_id": 14460661, + "flow_start_microseconds": "2016-11-11T12:09:19.000128468Z", + "ingress_interface": 8, + "ip_version": 4, + "netscaler_aaa_username": "", + "netscaler_app_name_app_id": 240189440, + "netscaler_app_unit_name_app_id": 239927296, + "netscaler_connection_chain_hop_count": 1, + "netscaler_connection_chain_id": "AODtHJyoAwDvtCVYWWsIAA==", + "netscaler_connection_id": 14460661, + "netscaler_flow_flags": 84025344, + "netscaler_http_content_type": "", + "netscaler_http_domain_name": "www.kobo.com", + "netscaler_http_req_authorization": "", + "netscaler_http_req_cookie": "beer=123456789abcdefghijklmnopqrstuvw; AnotherCookie=1234567890abcdefghijklmnopqr; Shameless.Plug=Thankyou.Rakuten.Kobo.Inc.For.Allowing.me.time.to.work.on.this.and.contribute.back.to.the.community; Padding=aaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbccccccccccccccddddddddddddddddddddddeeeeeeeeeeeeeeeeeeeeeffffffffffffffffffffffgggggggggggggggggggggggghhhhhhhhhhhhhhhhhiiiiiiiiiiiiiiiiiiiiiijjjjjjjjjjjjjjjjjjjjjjjjkkkkkkkkkkkkkkkkkklllllllllllllllmmmmmmmmmm; more=less; GJquote=There.is.no.spoon; GarrySays=Nice!!; LastPadding=aaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbcccccccccccccccccccdddddddddddeeeeeeee", + "netscaler_http_req_host": "www.kobo.com", + "netscaler_http_req_method": "GET", + "netscaler_http_req_referer": "http://www.kobo.com/is-the-best-ebook-company-in-the-world", + "netscaler_http_req_url": "/aa/bb/ccccc/ddddddddddddddddddddddddd", + "netscaler_http_req_user_agent": "Mozilla/5.0 (Commodore 64; kobo.com) Gecko/20100101 Firefox/75.0", + "netscaler_http_req_via": "1.1 akamai.net(ghost) (AkamaiGHost)", + "netscaler_http_req_xforwarded_for": "11.222.33.255", + "netscaler_http_res_forw_fb": 0, + "netscaler_http_res_forw_lb": 0, + "netscaler_transaction_id": 1068114985, + "netscaler_unknown330": 0, + "observation_point_id": 167954698, + "octet_delta_count": 1541, + "packet_delta_count": 2, + "padding_octets": "AAA=", + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 51053, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 1541, + "community_id": "1:vKHRCBsu01Bj9xGu84I60+x4kGg=", + "direction": "unknown", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1541, + "ip": "192.168.0.1", + "locality": "private", + "packets": 2, + "port": 51053 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/IPFIX-Nokia-BRAS.golden.json b/filebeat/input/netflow/testdata/golden/IPFIX-Nokia-BRAS.golden.json new file mode 100644 index 00000000000..3c4a77c41b6 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/IPFIX-Nokia-BRAS.golden.json @@ -0,0 +1,63 @@ +{ + "test_name": "IPFIX Nokia BRAS", + "events": [ + { + "Timestamp": "2017-12-14T07:23:45Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.0.34", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-12-14T07:23:45Z", + "kind": "event" + }, + "flow": { + "id": "aVnWxMM8qxI", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "10.0.0.34", + "destination_transport_port": 80, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2228226, + "timestamp": "2017-12-14T07:23:45Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_id": 3389049088, + "flow_start_milliseconds": "2017-12-14T07:23:45.148Z", + "nat_inside_svcid": 100, + "nat_outside_svcid": 0, + "nat_sub_string": "USER1@10.10.0.123", + "padding_octets": "AA==", + "protocol_identifier": 6, + "source_ipv4_address": "10.0.1.228", + "source_transport_port": 5878, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:WBN/ZleczX2flsJWsHfNA7w+NGg=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "10.0.1.228", + "locality": "private", + "port": 5878 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/IPFIX-OpenBSD-pflow.golden.json b/filebeat/input/netflow/testdata/golden/IPFIX-OpenBSD-pflow.golden.json new file mode 100644 index 00000000000..e8331bf0f97 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/IPFIX-OpenBSD-pflow.golden.json @@ -0,0 +1,1643 @@ +{ + "test_name": "IPFIX OpenBSD pflow", + "events": [ + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.1", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "_dzJqQAoWYk", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.1", + "destination_transport_port": 80, + "egress_interface": 1, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:29:59Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 1, + "ip_class_of_service": 0, + "octet_delta_count": 373, + "packet_delta_count": 7, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.17", + "source_transport_port": 64020, + "type": "netflow_flow" + }, + "network": { + "bytes": 373, + "community_id": "1:kRyrwhpDMtm6dZyLIZd9TKwNaw4=", + "direction": "unknown", + "iana_number": 6, + "packets": 7, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 373, + "ip": "192.168.0.17", + "locality": "private", + "packets": 7, + "port": 64020 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.17", + "locality": "private", + "port": 64020 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "_dzJqQAoWYk", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 64020, + "egress_interface": 1, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:29:59Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 1, + "ip_class_of_service": 0, + "octet_delta_count": 6634, + "packet_delta_count": 8, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 80, + "type": "netflow_flow" + }, + "network": { + "bytes": 6634, + "community_id": "1:kRyrwhpDMtm6dZyLIZd9TKwNaw4=", + "direction": "unknown", + "iana_number": 6, + "packets": 8, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 6634, + "ip": "192.168.0.1", + "locality": "private", + "packets": 8, + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.1", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "iSYE82PBcbQ", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.1", + "destination_transport_port": 80, + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:30:01Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 2, + "ip_class_of_service": 0, + "octet_delta_count": 453, + "packet_delta_count": 9, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.17", + "source_transport_port": 64021, + "type": "netflow_flow" + }, + "network": { + "bytes": 453, + "community_id": "1:smEk2vYDQSrIiSeS8YpPeZZRDkI=", + "direction": "unknown", + "iana_number": 6, + "packets": 9, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 453, + "ip": "192.168.0.17", + "locality": "private", + "packets": 9, + "port": 64021 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.17", + "locality": "private", + "port": 64021 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "iSYE82PBcbQ", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 64021, + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:30:01Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 2, + "ip_class_of_service": 0, + "octet_delta_count": 10893, + "packet_delta_count": 11, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 80, + "type": "netflow_flow" + }, + "network": { + "bytes": 10893, + "community_id": "1:smEk2vYDQSrIiSeS8YpPeZZRDkI=", + "direction": "unknown", + "iana_number": 6, + "packets": 11, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 10893, + "ip": "192.168.0.1", + "locality": "private", + "packets": 11, + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.1", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "iSYE82PBcbQ", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.1", + "destination_transport_port": 80, + "egress_interface": 1, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:30:01Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 1, + "ip_class_of_service": 0, + "octet_delta_count": 453, + "packet_delta_count": 9, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.17", + "source_transport_port": 64021, + "type": "netflow_flow" + }, + "network": { + "bytes": 453, + "community_id": "1:smEk2vYDQSrIiSeS8YpPeZZRDkI=", + "direction": "unknown", + "iana_number": 6, + "packets": 9, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 453, + "ip": "192.168.0.17", + "locality": "private", + "packets": 9, + "port": 64021 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.17", + "locality": "private", + "port": 64021 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "iSYE82PBcbQ", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 64021, + "egress_interface": 1, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:30:01Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 1, + "ip_class_of_service": 0, + "octet_delta_count": 10893, + "packet_delta_count": 11, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 80, + "type": "netflow_flow" + }, + "network": { + "bytes": 10893, + "community_id": "1:smEk2vYDQSrIiSeS8YpPeZZRDkI=", + "direction": "unknown", + "iana_number": 6, + "packets": 11, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 10893, + "ip": "192.168.0.1", + "locality": "private", + "packets": 11, + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.1", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "L_N7tNeOZwc", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.1", + "destination_transport_port": 80, + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:29:59Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 2, + "ip_class_of_service": 0, + "octet_delta_count": 373, + "packet_delta_count": 7, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.17", + "source_transport_port": 64022, + "type": "netflow_flow" + }, + "network": { + "bytes": 373, + "community_id": "1:zsYqw4TFjuNp89C5d7QHyhWZN7g=", + "direction": "unknown", + "iana_number": 6, + "packets": 7, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 373, + "ip": "192.168.0.17", + "locality": "private", + "packets": 7, + "port": 64022 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.17", + "locality": "private", + "port": 64022 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "L_N7tNeOZwc", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 64022, + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:29:59Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 2, + "ip_class_of_service": 0, + "octet_delta_count": 6780, + "packet_delta_count": 8, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 80, + "type": "netflow_flow" + }, + "network": { + "bytes": 6780, + "community_id": "1:zsYqw4TFjuNp89C5d7QHyhWZN7g=", + "direction": "unknown", + "iana_number": 6, + "packets": 8, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 6780, + "ip": "192.168.0.1", + "locality": "private", + "packets": 8, + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.1", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "L_N7tNeOZwc", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.1", + "destination_transport_port": 80, + "egress_interface": 1, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:29:59Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 1, + "ip_class_of_service": 0, + "octet_delta_count": 373, + "packet_delta_count": 7, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.17", + "source_transport_port": 64022, + "type": "netflow_flow" + }, + "network": { + "bytes": 373, + "community_id": "1:zsYqw4TFjuNp89C5d7QHyhWZN7g=", + "direction": "unknown", + "iana_number": 6, + "packets": 7, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 373, + "ip": "192.168.0.17", + "locality": "private", + "packets": 7, + "port": 64022 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.17", + "locality": "private", + "port": 64022 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "L_N7tNeOZwc", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 64022, + "egress_interface": 1, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:29:59Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 1, + "ip_class_of_service": 0, + "octet_delta_count": 6780, + "packet_delta_count": 8, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 80, + "type": "netflow_flow" + }, + "network": { + "bytes": 6780, + "community_id": "1:zsYqw4TFjuNp89C5d7QHyhWZN7g=", + "direction": "unknown", + "iana_number": 6, + "packets": 8, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 6780, + "ip": "192.168.0.1", + "locality": "private", + "packets": 8, + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.1", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "Dsp4RZAzcPQ", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.1", + "destination_transport_port": 80, + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:30:01Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 2, + "ip_class_of_service": 0, + "octet_delta_count": 373, + "packet_delta_count": 7, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.17", + "source_transport_port": 64023, + "type": "netflow_flow" + }, + "network": { + "bytes": 373, + "community_id": "1:/JSyWJaYnu0LK3Kp4u7M+1swKeg=", + "direction": "unknown", + "iana_number": 6, + "packets": 7, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 373, + "ip": "192.168.0.17", + "locality": "private", + "packets": 7, + "port": 64023 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.17", + "locality": "private", + "port": 64023 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "Dsp4RZAzcPQ", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 64023, + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:30:01Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 2, + "ip_class_of_service": 0, + "octet_delta_count": 7319, + "packet_delta_count": 9, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 80, + "type": "netflow_flow" + }, + "network": { + "bytes": 7319, + "community_id": "1:/JSyWJaYnu0LK3Kp4u7M+1swKeg=", + "direction": "unknown", + "iana_number": 6, + "packets": 9, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 7319, + "ip": "192.168.0.1", + "locality": "private", + "packets": 9, + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.1", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "Dsp4RZAzcPQ", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.1", + "destination_transport_port": 80, + "egress_interface": 1, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:30:01Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 1, + "ip_class_of_service": 0, + "octet_delta_count": 373, + "packet_delta_count": 7, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.17", + "source_transport_port": 64023, + "type": "netflow_flow" + }, + "network": { + "bytes": 373, + "community_id": "1:/JSyWJaYnu0LK3Kp4u7M+1swKeg=", + "direction": "unknown", + "iana_number": 6, + "packets": 7, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 373, + "ip": "192.168.0.17", + "locality": "private", + "packets": 7, + "port": 64023 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.17", + "locality": "private", + "port": 64023 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "Dsp4RZAzcPQ", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 64023, + "egress_interface": 1, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:30:01Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 1, + "ip_class_of_service": 0, + "octet_delta_count": 7319, + "packet_delta_count": 9, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 80, + "type": "netflow_flow" + }, + "network": { + "bytes": 7319, + "community_id": "1:/JSyWJaYnu0LK3Kp4u7M+1swKeg=", + "direction": "unknown", + "iana_number": 6, + "packets": 9, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 7319, + "ip": "192.168.0.1", + "locality": "private", + "packets": 9, + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.1", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "B9Jsqhany8Q", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.1", + "destination_transport_port": 80, + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:30:00Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 2, + "ip_class_of_service": 0, + "octet_delta_count": 333, + "packet_delta_count": 6, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.17", + "source_transport_port": 64024, + "type": "netflow_flow" + }, + "network": { + "bytes": 333, + "community_id": "1:SvijMnTP+08D8cR3dpIWgVpuahc=", + "direction": "unknown", + "iana_number": 6, + "packets": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 333, + "ip": "192.168.0.17", + "locality": "private", + "packets": 6, + "port": 64024 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.17", + "locality": "private", + "port": 64024 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "B9Jsqhany8Q", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 64024, + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:30:00Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 2, + "ip_class_of_service": 0, + "octet_delta_count": 1833, + "packet_delta_count": 5, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 80, + "type": "netflow_flow" + }, + "network": { + "bytes": 1833, + "community_id": "1:SvijMnTP+08D8cR3dpIWgVpuahc=", + "direction": "unknown", + "iana_number": 6, + "packets": 5, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1833, + "ip": "192.168.0.1", + "locality": "private", + "packets": 5, + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.1", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "B9Jsqhany8Q", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.1", + "destination_transport_port": 80, + "egress_interface": 1, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:30:00Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 1, + "ip_class_of_service": 0, + "octet_delta_count": 333, + "packet_delta_count": 6, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.17", + "source_transport_port": 64024, + "type": "netflow_flow" + }, + "network": { + "bytes": 333, + "community_id": "1:SvijMnTP+08D8cR3dpIWgVpuahc=", + "direction": "unknown", + "iana_number": 6, + "packets": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 333, + "ip": "192.168.0.17", + "locality": "private", + "packets": 6, + "port": 64024 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.17", + "locality": "private", + "port": 64024 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "B9Jsqhany8Q", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 64024, + "egress_interface": 1, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:30:00Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 1, + "ip_class_of_service": 0, + "octet_delta_count": 1833, + "packet_delta_count": 5, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 80, + "type": "netflow_flow" + }, + "network": { + "bytes": 1833, + "community_id": "1:SvijMnTP+08D8cR3dpIWgVpuahc=", + "direction": "unknown", + "iana_number": 6, + "packets": 5, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1833, + "ip": "192.168.0.1", + "locality": "private", + "packets": 5, + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.1", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "O7k79Py4ef0", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.1", + "destination_transport_port": 80, + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:30:00Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 2, + "ip_class_of_service": 0, + "octet_delta_count": 453, + "packet_delta_count": 9, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.17", + "source_transport_port": 64025, + "type": "netflow_flow" + }, + "network": { + "bytes": 453, + "community_id": "1:/Vk3fKGez62RCQgI6iMAXwRZVao=", + "direction": "unknown", + "iana_number": 6, + "packets": 9, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 453, + "ip": "192.168.0.17", + "locality": "private", + "packets": 9, + "port": 64025 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.17", + "locality": "private", + "port": 64025 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "O7k79Py4ef0", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 64025, + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:30:00Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 2, + "ip_class_of_service": 0, + "octet_delta_count": 10550, + "packet_delta_count": 11, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 80, + "type": "netflow_flow" + }, + "network": { + "bytes": 10550, + "community_id": "1:/Vk3fKGez62RCQgI6iMAXwRZVao=", + "direction": "unknown", + "iana_number": 6, + "packets": 11, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 10550, + "ip": "192.168.0.1", + "locality": "private", + "packets": 11, + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.1", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "O7k79Py4ef0", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.1", + "destination_transport_port": 80, + "egress_interface": 1, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:30:00Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 1, + "ip_class_of_service": 0, + "octet_delta_count": 453, + "packet_delta_count": 9, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.17", + "source_transport_port": 64025, + "type": "netflow_flow" + }, + "network": { + "bytes": 453, + "community_id": "1:/Vk3fKGez62RCQgI6iMAXwRZVao=", + "direction": "unknown", + "iana_number": 6, + "packets": 9, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 453, + "ip": "192.168.0.17", + "locality": "private", + "packets": 9, + "port": 64025 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.17", + "locality": "private", + "port": 64025 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "O7k79Py4ef0", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 64025, + "egress_interface": 1, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:30:00Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 1, + "ip_class_of_service": 0, + "octet_delta_count": 10550, + "packet_delta_count": 11, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 80, + "type": "netflow_flow" + }, + "network": { + "bytes": 10550, + "community_id": "1:/Vk3fKGez62RCQgI6iMAXwRZVao=", + "direction": "unknown", + "iana_number": 6, + "packets": 11, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 10550, + "ip": "192.168.0.1", + "locality": "private", + "packets": 11, + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.1", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "T1etbJ4WSI0", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.1", + "destination_transport_port": 80, + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:30:01Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 2, + "ip_class_of_service": 0, + "octet_delta_count": 373, + "packet_delta_count": 7, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.17", + "source_transport_port": 64026, + "type": "netflow_flow" + }, + "network": { + "bytes": 373, + "community_id": "1:lzzJ0bLmBlhJSD9tpGSy2cP4jIg=", + "direction": "unknown", + "iana_number": 6, + "packets": 7, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 373, + "ip": "192.168.0.17", + "locality": "private", + "packets": 7, + "port": 64026 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.17", + "locality": "private", + "port": 64026 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "T1etbJ4WSI0", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 64026, + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:30:01Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 2, + "ip_class_of_service": 0, + "octet_delta_count": 6425, + "packet_delta_count": 8, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 80, + "type": "netflow_flow" + }, + "network": { + "bytes": 6425, + "community_id": "1:lzzJ0bLmBlhJSD9tpGSy2cP4jIg=", + "direction": "unknown", + "iana_number": 6, + "packets": 8, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 6425, + "ip": "192.168.0.1", + "locality": "private", + "packets": 8, + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.1", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "T1etbJ4WSI0", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.1", + "destination_transport_port": 80, + "egress_interface": 1, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:30:01Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 1, + "ip_class_of_service": 0, + "octet_delta_count": 373, + "packet_delta_count": 7, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.17", + "source_transport_port": 64026, + "type": "netflow_flow" + }, + "network": { + "bytes": 373, + "community_id": "1:lzzJ0bLmBlhJSD9tpGSy2cP4jIg=", + "direction": "unknown", + "iana_number": 6, + "packets": 7, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 373, + "ip": "192.168.0.17", + "locality": "private", + "packets": 7, + "port": 64026 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:30:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.17", + "locality": "private", + "port": 64026 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:30:37Z", + "kind": "event" + }, + "flow": { + "id": "T1etbJ4WSI0", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 64026, + "egress_interface": 1, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 42, + "timestamp": "2016-07-21T13:30:37Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_milliseconds": "2016-07-21T13:30:01Z", + "flow_start_milliseconds": "2016-07-21T13:29:59Z", + "ingress_interface": 1, + "ip_class_of_service": 0, + "octet_delta_count": 6425, + "packet_delta_count": 8, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 80, + "type": "netflow_flow" + }, + "network": { + "bytes": 6425, + "community_id": "1:lzzJ0bLmBlhJSD9tpGSy2cP4jIg=", + "direction": "unknown", + "iana_number": 6, + "packets": 8, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 6425, + "ip": "192.168.0.1", + "locality": "private", + "packets": 8, + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/IPFIX-Procera.golden.json b/filebeat/input/netflow/testdata/golden/IPFIX-Procera.golden.json new file mode 100644 index 00000000000..8295166e4c0 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/IPFIX-Procera.golden.json @@ -0,0 +1,565 @@ +{ + "test_name": "IPFIX Procera", + "events": [ + { + "Timestamp": "2018-04-15T03:30:00Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "138.44.161.14", + "locality": "public", + "port": 47838 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-04-15T03:30:00Z", + "kind": "event" + }, + "flow": { + "id": "gEodlN50y4w", + "locality": "public" + }, + "netflow": { + "bgp_destination_as_number": 7575, + "bgp_source_as_number": 7575, + "destination_ipv4_address": "138.44.161.14", + "destination_ipv6_address": "::", + "destination_transport_port": 47838, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2875616939, + "timestamp": "2018-04-15T03:30:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_seconds": "2018-04-15T03:29:02Z", + "flow_start_seconds": "2018-04-15T03:26:50Z", + "procera_base_service": "Being analyzed", + "procera_content_categories": "", + "procera_flow_behavior": "INITIAL,SERVER_IS_LOCAL,BEGINNING", + "procera_http_content_type": "", + "procera_http_file_length": 0, + "procera_http_location": "", + "procera_http_url": "", + "procera_incoming_octets": 60, + "procera_outgoing_octets": 0, + "procera_service": "Being analyzed", + "procera_subscriber_identifier": "", + "procera_template_name": "IPFIX", + "protocol_identifier": 6, + "source_ipv4_address": "181.214.87.71", + "source_ipv6_address": "::", + "source_transport_port": 53787, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:A32CVBRvJG9El+XUJRJpXNzEEJY=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "181.214.87.71", + "locality": "public", + "port": 53787 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-04-15T03:30:00Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "0.0.0.0", + "locality": "private", + "port": 135 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-04-15T03:30:00Z", + "kind": "event" + }, + "flow": { + "id": "GYmhjYyvaAI", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "0.0.0.0", + "destination_ipv6_address": "2001:388:cf0a:6::2", + "destination_transport_port": 135, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2875616939, + "timestamp": "2018-04-15T03:30:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_seconds": "2018-04-15T03:29:02Z", + "flow_start_seconds": "2018-04-15T03:28:44Z", + "procera_base_service": "IP protocol 58 (IPv6-ICMP)", + "procera_content_categories": "", + "procera_flow_behavior": "INITIAL,SERVER_IS_LOCAL,BEGINNING,ESTABLISHED", + "procera_http_content_type": "", + "procera_http_file_length": 0, + "procera_http_location": "", + "procera_http_url": "", + "procera_incoming_octets": 86, + "procera_outgoing_octets": 78, + "procera_service": "IP protocol 58 (IPv6-ICMP)", + "procera_subscriber_identifier": "", + "procera_template_name": "IPFIX", + "protocol_identifier": 58, + "source_ipv4_address": "0.0.0.0", + "source_ipv6_address": "2001:388:cf0a:6::1", + "source_transport_port": 136, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:vK+Zeop1Y3GHxfFGVF2/COcNBWw=", + "direction": "unknown", + "iana_number": 58, + "transport": "ipv6-icmp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "0.0.0.0", + "locality": "private", + "port": 136 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-04-15T03:30:00Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "138.44.161.14", + "locality": "public", + "port": 22252 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-04-15T03:30:00Z", + "kind": "event" + }, + "flow": { + "id": "qSSNfC38l0c", + "locality": "public" + }, + "netflow": { + "bgp_destination_as_number": 7575, + "bgp_source_as_number": 7575, + "destination_ipv4_address": "138.44.161.14", + "destination_ipv6_address": "::", + "destination_transport_port": 22252, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2875616939, + "timestamp": "2018-04-15T03:30:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_seconds": "2018-04-15T03:29:06Z", + "flow_start_seconds": "2018-04-15T03:27:00Z", + "procera_base_service": "Being analyzed", + "procera_content_categories": "", + "procera_flow_behavior": "INITIAL,SERVER_IS_LOCAL,BEGINNING", + "procera_http_content_type": "", + "procera_http_file_length": 0, + "procera_http_location": "", + "procera_http_url": "", + "procera_incoming_octets": 60, + "procera_outgoing_octets": 0, + "procera_service": "Being analyzed", + "procera_subscriber_identifier": "", + "procera_template_name": "IPFIX", + "protocol_identifier": 6, + "source_ipv4_address": "5.188.11.35", + "source_ipv6_address": "::", + "source_transport_port": 44155, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:zC4ZLN/8rkaEyAGWB7SZsdwZbU8=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "5.188.11.35", + "locality": "public", + "port": 44155 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-04-15T03:30:00Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "138.44.161.14", + "locality": "public", + "port": 8 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-04-15T03:30:00Z", + "kind": "event" + }, + "flow": { + "id": "Tv1jmZy2vn4", + "locality": "public" + }, + "netflow": { + "bgp_destination_as_number": 7575, + "bgp_source_as_number": 226, + "destination_ipv4_address": "138.44.161.14", + "destination_ipv6_address": "::", + "destination_transport_port": 8, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2875616939, + "timestamp": "2018-04-15T03:30:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_seconds": "2018-04-15T03:29:46Z", + "flow_start_seconds": "2018-04-15T03:29:02Z", + "procera_base_service": "IP protocol 1 (ICMP)", + "procera_content_categories": "", + "procera_flow_behavior": "INITIAL,SERVER_IS_LOCAL,BEGINNING", + "procera_http_content_type": "", + "procera_http_file_length": 0, + "procera_http_location": "", + "procera_http_url": "", + "procera_incoming_octets": 60, + "procera_outgoing_octets": 0, + "procera_service": "IP protocol 1 (ICMP)", + "procera_subscriber_identifier": "", + "procera_template_name": "IPFIX", + "protocol_identifier": 1, + "source_ipv4_address": "206.117.25.89", + "source_ipv6_address": "::", + "source_transport_port": 0, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:JtAapjcKxopGbt4rPXZuNEkoRv8=", + "direction": "unknown", + "iana_number": 1, + "transport": "icmp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "206.117.25.89", + "locality": "public", + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-04-15T03:30:00Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "0.0.0.0", + "locality": "private", + "port": 135 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-04-15T03:30:00Z", + "kind": "event" + }, + "flow": { + "id": "GYmhjYyvaAI", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "0.0.0.0", + "destination_ipv6_address": "2001:388:cf0a:6::2", + "destination_transport_port": 135, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2875616939, + "timestamp": "2018-04-15T03:30:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_seconds": "2018-04-15T03:29:46Z", + "flow_start_seconds": "2018-04-15T03:29:14Z", + "procera_base_service": "IP protocol 58 (IPv6-ICMP)", + "procera_content_categories": "", + "procera_flow_behavior": "INITIAL,SERVER_IS_LOCAL,BEGINNING,ESTABLISHED", + "procera_http_content_type": "", + "procera_http_file_length": 0, + "procera_http_location": "", + "procera_http_url": "", + "procera_incoming_octets": 86, + "procera_outgoing_octets": 78, + "procera_service": "IP protocol 58 (IPv6-ICMP)", + "procera_subscriber_identifier": "", + "procera_template_name": "IPFIX", + "protocol_identifier": 58, + "source_ipv4_address": "0.0.0.0", + "source_ipv6_address": "2001:388:cf0a:6::1", + "source_transport_port": 136, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:vK+Zeop1Y3GHxfFGVF2/COcNBWw=", + "direction": "unknown", + "iana_number": 58, + "transport": "ipv6-icmp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "0.0.0.0", + "locality": "private", + "port": 136 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-04-15T03:30:00Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "138.44.161.14", + "locality": "public", + "port": 7451 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-04-15T03:30:00Z", + "kind": "event" + }, + "flow": { + "id": "JhEHWMX5XwI", + "locality": "public" + }, + "netflow": { + "bgp_destination_as_number": 7575, + "bgp_source_as_number": 7575, + "destination_ipv4_address": "138.44.161.14", + "destination_ipv6_address": "::", + "destination_transport_port": 7451, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2875616939, + "timestamp": "2018-04-15T03:30:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_seconds": "2018-04-15T03:30:00Z", + "flow_start_seconds": "2018-04-15T03:28:59Z", + "procera_base_service": "Being analyzed", + "procera_content_categories": "", + "procera_flow_behavior": "INITIAL,SERVER_IS_LOCAL,BEGINNING", + "procera_http_content_type": "", + "procera_http_file_length": 0, + "procera_http_location": "", + "procera_http_url": "", + "procera_incoming_octets": 60, + "procera_outgoing_octets": 0, + "procera_service": "Being analyzed", + "procera_subscriber_identifier": "", + "procera_template_name": "IPFIX", + "protocol_identifier": 6, + "source_ipv4_address": "185.232.29.199", + "source_ipv6_address": "::", + "source_transport_port": 55869, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:GY1mBBTSNtzeOvb8SNjfw0N/cdk=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "185.232.29.199", + "locality": "public", + "port": 55869 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-04-15T03:30:00Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "138.44.161.14", + "locality": "public", + "port": 2000 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-04-15T03:30:00Z", + "kind": "event" + }, + "flow": { + "id": "Q_zyIhDZuIo", + "locality": "public" + }, + "netflow": { + "bgp_destination_as_number": 7575, + "bgp_source_as_number": 7575, + "destination_ipv4_address": "138.44.161.14", + "destination_ipv6_address": "::", + "destination_transport_port": 2000, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2875616939, + "timestamp": "2018-04-15T03:30:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_seconds": "2018-04-15T03:30:00Z", + "flow_start_seconds": "2018-04-15T03:29:30Z", + "procera_base_service": "Being analyzed", + "procera_content_categories": "", + "procera_flow_behavior": "INITIAL,SERVER_IS_LOCAL,BEGINNING", + "procera_http_content_type": "", + "procera_http_file_length": 0, + "procera_http_location": "", + "procera_http_url": "", + "procera_incoming_octets": 60, + "procera_outgoing_octets": 0, + "procera_service": "Being analyzed", + "procera_subscriber_identifier": "", + "procera_template_name": "IPFIX", + "protocol_identifier": 6, + "source_ipv4_address": "177.188.228.137", + "source_ipv6_address": "::", + "source_transport_port": 9430, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:Xy/0zLI0aRilmkxj3qiB2MT4W1g=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "177.188.228.137", + "locality": "public", + "port": 9430 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-04-15T03:30:00Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "138.44.161.13", + "locality": "public", + "port": 179 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-04-15T03:30:00Z", + "kind": "event" + }, + "flow": { + "id": "pNMKY7O9aVc", + "locality": "public" + }, + "netflow": { + "bgp_destination_as_number": 7575, + "bgp_source_as_number": 7575, + "destination_ipv4_address": "138.44.161.13", + "destination_ipv6_address": "::", + "destination_transport_port": 179, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2875616939, + "timestamp": "2018-04-15T03:30:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_seconds": "2018-04-15T03:30:00Z", + "flow_start_seconds": "2018-04-15T03:25:00Z", + "procera_base_service": "BGP-4", + "procera_content_categories": "", + "procera_flow_behavior": "INTERACTIVE,CLIENT_IS_LOCAL,INBOUND,ESTABLISHED,ACTIVE", + "procera_http_content_type": "", + "procera_http_file_length": 0, + "procera_http_location": "", + "procera_http_url": "", + "procera_incoming_octets": 7076, + "procera_outgoing_octets": 3310, + "procera_service": "BGP-4", + "procera_subscriber_identifier": "", + "procera_template_name": "IPFIX", + "protocol_identifier": 6, + "source_ipv4_address": "138.44.161.14", + "source_ipv6_address": "::", + "source_transport_port": 33689, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:dIK+X6e3IIFTqsUMuGz9lAG8Ag8=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "138.44.161.14", + "locality": "public", + "port": 33689 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/IPFIX-VMware-virtual-distributed-switch.golden.json b/filebeat/input/netflow/testdata/golden/IPFIX-VMware-virtual-distributed-switch.golden.json new file mode 100644 index 00000000000..c77bc562aad --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/IPFIX-VMware-virtual-distributed-switch.golden.json @@ -0,0 +1,361 @@ +{ + "test_name": "IPFIX VMware virtual distributed switch", + "events": [ + { + "Timestamp": "2016-12-22T12:17:52Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.18.65.211", + "locality": "private", + "port": 5985 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-22T12:17:52Z", + "kind": "event" + }, + "flow": { + "id": "-Sv1di8xiKE", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.18.65.211", + "destination_transport_port": 5985, + "egress_interface": 11, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-12-22T12:17:52Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_direction": 1, + "flow_end_milliseconds": "2016-12-22T12:17:37Z", + "flow_end_reason": 1, + "flow_start_milliseconds": "2016-12-22T12:17:37Z", + "ingress_interface": 3, + "ip_class_of_service": 0, + "layer2_segment_id": 0, + "maximum_ttl": 128, + "octet_delta_count": 100, + "packet_delta_count": 2, + "padding_octets": "AA==", + "protocol_identifier": 6, + "source_ipv4_address": "172.18.65.21", + "source_transport_port": 61209, + "tcp_control_bits": 2, + "type": "netflow_flow", + "vmware_egress_interface_attr": 2, + "vmware_ingress_interface_attr": 1, + "vmware_vxlan_export_role": 0 + }, + "network": { + "bytes": 100, + "community_id": "1:N7jRolYdcCZxQlKUzhCPw7zSQS0=", + "direction": "outbound", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 100, + "ip": "172.18.65.21", + "locality": "private", + "packets": 2, + "port": 61209 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-22T12:17:56Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.18.65.255", + "locality": "private", + "port": 138 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-22T12:17:56Z", + "kind": "event" + }, + "flow": { + "id": "OQCLJ5IN83c", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.18.65.255", + "destination_transport_port": 138, + "egress_interface": 10, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-12-22T12:17:56Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_direction": 1, + "flow_end_milliseconds": "2016-12-22T12:17:42Z", + "flow_end_reason": 1, + "flow_start_milliseconds": "2016-12-22T12:17:42Z", + "ingress_interface": 2, + "ip_class_of_service": 0, + "layer2_segment_id": 0, + "maximum_ttl": 128, + "octet_delta_count": 229, + "packet_delta_count": 1, + "padding_octets": "AA==", + "protocol_identifier": 17, + "source_ipv4_address": "172.18.65.91", + "source_transport_port": 138, + "tcp_control_bits": 0, + "type": "netflow_flow", + "vmware_egress_interface_attr": 2, + "vmware_ingress_interface_attr": 1, + "vmware_vxlan_export_role": 0 + }, + "network": { + "bytes": 229, + "community_id": "1:yfsv6D0WSefvSi1u8ktASD/D4MU=", + "direction": "outbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 229, + "ip": "172.18.65.91", + "locality": "private", + "packets": 1, + "port": 138 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-22T12:17:56Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.18.65.255", + "locality": "private", + "port": 138 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-22T12:17:56Z", + "kind": "event" + }, + "flow": { + "id": "OQCLJ5IN83c", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.18.65.255", + "destination_transport_port": 138, + "egress_interface": 11, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-12-22T12:17:56Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_direction": 1, + "flow_end_milliseconds": "2016-12-22T12:17:42Z", + "flow_end_reason": 1, + "flow_start_milliseconds": "2016-12-22T12:17:42Z", + "ingress_interface": 3, + "ip_class_of_service": 0, + "layer2_segment_id": 0, + "maximum_ttl": 128, + "octet_delta_count": 229, + "packet_delta_count": 1, + "padding_octets": "AA==", + "protocol_identifier": 17, + "source_ipv4_address": "172.18.65.91", + "source_transport_port": 138, + "tcp_control_bits": 0, + "type": "netflow_flow", + "vmware_egress_interface_attr": 2, + "vmware_ingress_interface_attr": 1, + "vmware_vxlan_export_role": 0 + }, + "network": { + "bytes": 229, + "community_id": "1:yfsv6D0WSefvSi1u8ktASD/D4MU=", + "direction": "outbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 229, + "ip": "172.18.65.91", + "locality": "private", + "packets": 1, + "port": 138 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-22T12:26:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "224.0.0.252", + "locality": "private", + "port": 5355 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-22T12:26:04Z", + "kind": "event" + }, + "flow": { + "id": "xcyYrM-QBl0", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "224.0.0.252", + "destination_transport_port": 5355, + "egress_interface": 11, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-12-22T12:26:04Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_direction": 1, + "flow_end_milliseconds": "2016-12-22T12:25:49Z", + "flow_end_reason": 1, + "flow_start_milliseconds": "2016-12-22T12:25:49Z", + "ingress_interface": 3, + "ip_class_of_service": 0, + "layer2_segment_id": 0, + "maximum_ttl": 1, + "octet_delta_count": 104, + "packet_delta_count": 2, + "padding_octets": "AA==", + "protocol_identifier": 17, + "source_ipv4_address": "172.18.65.21", + "source_transport_port": 61329, + "tcp_control_bits": 0, + "type": "netflow_flow", + "vmware_egress_interface_attr": 2, + "vmware_ingress_interface_attr": 1, + "vmware_vxlan_export_role": 0 + }, + "network": { + "bytes": 104, + "community_id": "1:LDWJP/qvMM9zo06ETUUG64DZWhY=", + "direction": "outbound", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 104, + "ip": "172.18.65.21", + "locality": "private", + "packets": 2, + "port": 61329 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-22T12:26:04Z", + "Meta": null, + "Fields": { + "destination": { + "port": 5355 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-22T12:26:04Z", + "kind": "event" + }, + "flow": { + "id": "y_Vml2vPNtw", + "locality": "private" + }, + "netflow": { + "destination_ipv6_address": "ff02::1:3", + "destination_transport_port": 5355, + "egress_interface": 11, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-12-22T12:26:04Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_direction": 1, + "flow_end_milliseconds": "2016-12-22T12:25:49Z", + "flow_end_reason": 1, + "flow_start_milliseconds": "2016-12-22T12:25:49Z", + "ingress_interface": 3, + "ip_class_of_service": 0, + "layer2_segment_id": 0, + "maximum_ttl": 1, + "octet_delta_count": 144, + "packet_delta_count": 2, + "padding_octets": "AA==", + "protocol_identifier": 17, + "source_ipv6_address": "fe80::5187:5cd8:d750:cdc9", + "source_transport_port": 61329, + "tcp_control_bits": 0, + "type": "netflow_flow", + "vmware_egress_interface_attr": 2, + "vmware_ingress_interface_attr": 1, + "vmware_vxlan_export_role": 0 + }, + "network": { + "bytes": 144, + "community_id": "1:Nl0K3f1AqKrkGYEhoNHcgFAr/EY=", + "direction": "outbound", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 144, + "packets": 2, + "port": 61329 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/IPFIX-YAF-basic-with-applabel.golden.json b/filebeat/input/netflow/testdata/golden/IPFIX-YAF-basic-with-applabel.golden.json new file mode 100644 index 00000000000..95c1c37fb42 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/IPFIX-YAF-basic-with-applabel.golden.json @@ -0,0 +1,202 @@ +{ + "test_name": "IPFIX YAF basic with applabel", + "events": [ + { + "Timestamp": "2016-12-25T13:03:38Z", + "Meta": null, + "Fields": { + "destination": { + "bytes": 200, + "ip": "172.16.32.100", + "locality": "private", + "packets": 2, + "port": 53 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-25T13:03:38Z", + "kind": "event" + }, + "flow": { + "id": "QMH_S2K9KdI", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.100", + "destination_transport_port": 53, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-12-25T13:03:38Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_attributes": 1, + "flow_end_milliseconds": "2016-12-25T12:58:35.819Z", + "flow_end_reason": 1, + "flow_start_milliseconds": "2016-12-25T12:58:35.818Z", + "ip_class_of_service": 0, + "octet_total_count": 132, + "packet_total_count": 2, + "protocol_identifier": 17, + "reverse_flow_attributes": 0, + "reverse_flow_delta_milliseconds": 1, + "reverse_ip_class_of_service": 0, + "reverse_octet_total_count": 200, + "reverse_packet_total_count": 2, + "reverse_vlan_id": 0, + "silk_app_label": 53, + "source_ipv4_address": "172.16.32.201", + "source_transport_port": 46086, + "type": "netflow_flow", + "vlan_id": 0 + }, + "network": { + "bytes": 332, + "community_id": "1:3NQ+f2IICsvUP3F8oQM9Js9FO6Q=", + "direction": "unknown", + "iana_number": 17, + "packets": 4, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 132, + "ip": "172.16.32.201", + "locality": "private", + "packets": 2, + "port": 46086 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-25T12:58:38Z", + "Meta": null, + "Fields": { + "destination": { + "bytes": 92, + "ip": "172.16.32.215", + "locality": "private", + "packets": 2, + "port": 9997 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-25T12:58:38Z", + "kind": "event" + }, + "flow": { + "id": "YlvEOsG0NHc", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.215", + "destination_transport_port": 9997, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-12-25T12:58:38Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_attributes": 0, + "flow_end_milliseconds": "2016-12-25T12:58:34.347Z", + "flow_end_reason": 3, + "flow_start_milliseconds": "2016-12-25T12:58:33.345Z", + "initial_tcp_flags": 194, + "ip_class_of_service": 2, + "octet_total_count": 172, + "packet_total_count": 4, + "protocol_identifier": 6, + "reverse_flow_attributes": 0, + "reverse_flow_delta_milliseconds": 0, + "reverse_initial_tcp_flags": 18, + "reverse_ip_class_of_service": 0, + "reverse_octet_total_count": 92, + "reverse_packet_total_count": 2, + "reverse_tcp_sequence_number": 3788795034, + "reverse_union_tcp_flags": 17, + "reverse_vlan_id": 0, + "silk_app_label": 0, + "source_ipv4_address": "172.16.32.100", + "source_transport_port": 63499, + "tcp_sequence_number": 340533701, + "type": "netflow_flow", + "union_tcp_flags": 17, + "vlan_id": 0 + }, + "network": { + "bytes": 264, + "community_id": "1:H1pHO7CtjIP7Q5Rljq4l4EH1wf4=", + "direction": "unknown", + "iana_number": 6, + "packets": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 172, + "ip": "172.16.32.100", + "locality": "private", + "packets": 4, + "port": 63499 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-25T13:03:33Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2016-12-25T13:03:33Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-12-25T13:03:33Z", + "uptime_millis": 0, + "version": 10 + }, + "options": { + "assembled_fragment_count": 0, + "dropped_packet_total_count": 0, + "expired_fragment_count": 0, + "exporter_ipv4_address": "172.16.32.201", + "exporting_process_id": 0, + "flow_table_flush_event_count": 39, + "flow_table_peak_count": 58, + "ignored_packet_total_count": 58, + "mean_flow_rate": 0, + "mean_packet_rate": 6, + "not_sent_packet_total_count": 0, + "packet_total_count": 1960 + }, + "scope": { + "exported_flow_record_total_count": 31, + "system_init_time_milliseconds": "2016-12-25T12:58:32Z" + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/IPFIX-configured-with-include_flowset_id.golden.json b/filebeat/input/netflow/testdata/golden/IPFIX-configured-with-include_flowset_id.golden.json new file mode 100644 index 00000000000..50892931663 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/IPFIX-configured-with-include_flowset_id.golden.json @@ -0,0 +1,263 @@ +{ + "test_name": "IPFIX configured with include_flowset_id", + "events": [ + { + "Timestamp": "2016-11-11T12:09:19Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.0.1", + "locality": "private", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-11-11T12:09:19Z", + "kind": "event" + }, + "flow": { + "id": "8wXIKNz6u_8", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "10.0.0.1", + "destination_transport_port": 443, + "egress_interface": 2147483651, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-11-11T12:09:19Z", + "uptime_millis": 0, + "version": 10 + }, + "exporting_process_id": 3, + "flow_end_microseconds": "2016-11-11T12:09:19.000127768Z", + "flow_id": 14460661, + "flow_start_microseconds": "2016-11-11T12:09:19.000127768Z", + "ingress_interface": 8, + "ip_version": 4, + "netscaler_aaa_username": "", + "netscaler_app_name_app_id": 240189440, + "netscaler_app_unit_name_app_id": 0, + "netscaler_connection_chain_hop_count": 1, + "netscaler_connection_chain_id": "AODtHJyoAwDvtCVYhIUGAA==", + "netscaler_connection_id": 14460661, + "netscaler_flow_flags": 84025344, + "netscaler_http_content_type": "", + "netscaler_http_domain_name": "", + "netscaler_http_req_authorization": "", + "netscaler_http_req_cookie": "", + "netscaler_http_req_host": "", + "netscaler_http_req_method": "", + "netscaler_http_req_referer": "", + "netscaler_http_req_url": "", + "netscaler_http_req_user_agent": "", + "netscaler_http_req_via": "", + "netscaler_http_req_xforwarded_for": "", + "netscaler_http_res_forw_fb": 17163184441650, + "netscaler_http_res_forw_lb": 0, + "netscaler_transaction_id": 1068114973, + "netscaler_unknown330": 0, + "observation_point_id": 167954698, + "octet_delta_count": 40, + "packet_delta_count": 1, + "padding_octets": "AAA=", + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 51053, + "tcp_control_bits": 16, + "type": "netflow_flow" + }, + "network": { + "bytes": 40, + "community_id": "1:vKHRCBsu01Bj9xGu84I60+x4kGg=", + "direction": "unknown", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 40, + "ip": "192.168.0.1", + "locality": "private", + "packets": 1, + "port": 51053 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-11-11T12:09:19Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.1", + "locality": "private", + "port": 51053 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-11-11T12:09:19Z", + "kind": "event" + }, + "flow": { + "id": "8wXIKNz6u_8", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.1", + "destination_transport_port": 51053, + "egress_interface": 6, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-11-11T12:09:19Z", + "uptime_millis": 0, + "version": 10 + }, + "exporting_process_id": 3, + "flow_end_microseconds": "2016-11-11T12:09:19.00009951Z", + "flow_id": 14460662, + "flow_start_microseconds": "2016-11-11T12:09:19.00009951Z", + "ingress_interface": 2147483651, + "ip_version": 4, + "netscaler_app_name_app_id": 240189440, + "netscaler_connection_chain_hop_count": 1, + "netscaler_connection_chain_id": "AODtHJyoAwDvtCVYhIUGAA==", + "netscaler_connection_id": 14460661, + "netscaler_flow_flags": 1157636096, + "netscaler_round_trip_time": 83, + "netscaler_transaction_id": 1068114973, + "netscaler_unknown329": 0, + "netscaler_unknown331": 0, + "netscaler_unknown332": 0, + "observation_point_id": 167954698, + "octet_delta_count": 1525, + "packet_delta_count": 2, + "padding_octets": "AAA=", + "protocol_identifier": 6, + "source_ipv4_address": "10.0.0.1", + "source_transport_port": 443, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 1525, + "community_id": "1:vKHRCBsu01Bj9xGu84I60+x4kGg=", + "direction": "unknown", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1525, + "ip": "10.0.0.1", + "locality": "private", + "packets": 2, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-11-11T12:09:19Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.0.1", + "locality": "private", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-11-11T12:09:19Z", + "kind": "event" + }, + "flow": { + "id": "8wXIKNz6u_8", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "10.0.0.1", + "destination_transport_port": 443, + "egress_interface": 2147483651, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-11-11T12:09:19Z", + "uptime_millis": 0, + "version": 10 + }, + "exporting_process_id": 3, + "flow_end_microseconds": "2016-11-11T12:09:19.000128468Z", + "flow_id": 14460661, + "flow_start_microseconds": "2016-11-11T12:09:19.000128468Z", + "ingress_interface": 8, + "ip_version": 4, + "netscaler_aaa_username": "", + "netscaler_app_name_app_id": 240189440, + "netscaler_app_unit_name_app_id": 239927296, + "netscaler_connection_chain_hop_count": 1, + "netscaler_connection_chain_id": "AODtHJyoAwDvtCVYWWsIAA==", + "netscaler_connection_id": 14460661, + "netscaler_flow_flags": 84025344, + "netscaler_http_content_type": "", + "netscaler_http_domain_name": "www.kobo.com", + "netscaler_http_req_authorization": "", + "netscaler_http_req_cookie": "beer=123456789abcdefghijklmnopqrstuvw; AnotherCookie=1234567890abcdefghijklmnopqr; Shameless.Plug=Thankyou.Rakuten.Kobo.Inc.For.Allowing.me.time.to.work.on.this.and.contribute.back.to.the.community; Padding=aaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbccccccccccccccddddddddddddddddddddddeeeeeeeeeeeeeeeeeeeeeffffffffffffffffffffffgggggggggggggggggggggggghhhhhhhhhhhhhhhhhiiiiiiiiiiiiiiiiiiiiiijjjjjjjjjjjjjjjjjjjjjjjjkkkkkkkkkkkkkkkkkklllllllllllllllmmmmmmmmmm; more=less; GJquote=There.is.no.spoon; GarrySays=Nice!!; LastPadding=aaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbcccccccccccccccccccdddddddddddeeeeeeee", + "netscaler_http_req_host": "www.kobo.com", + "netscaler_http_req_method": "GET", + "netscaler_http_req_referer": "http://www.kobo.com/is-the-best-ebook-company-in-the-world", + "netscaler_http_req_url": "/aa/bb/ccccc/ddddddddddddddddddddddddd", + "netscaler_http_req_user_agent": "Mozilla/5.0 (Commodore 64; kobo.com) Gecko/20100101 Firefox/75.0", + "netscaler_http_req_via": "1.1 akamai.net(ghost) (AkamaiGHost)", + "netscaler_http_req_xforwarded_for": "11.222.33.255", + "netscaler_http_res_forw_fb": 0, + "netscaler_http_res_forw_lb": 0, + "netscaler_transaction_id": 1068114985, + "netscaler_unknown330": 0, + "observation_point_id": 167954698, + "octet_delta_count": 1541, + "packet_delta_count": 2, + "padding_octets": "AAA=", + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 51053, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 1541, + "community_id": "1:vKHRCBsu01Bj9xGu84I60+x4kGg=", + "direction": "unknown", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1541, + "ip": "192.168.0.1", + "locality": "private", + "packets": 2, + "port": 51053 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/IPFIX-options-template-from-Juniper-MX240-JunOS-15.1-R6-S3.golden.json b/filebeat/input/netflow/testdata/golden/IPFIX-options-template-from-Juniper-MX240-JunOS-15.1-R6-S3.golden.json new file mode 100644 index 00000000000..763e20e774e --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/IPFIX-options-template-from-Juniper-MX240-JunOS-15.1-R6-S3.golden.json @@ -0,0 +1,47 @@ +{ + "test_name": "IPFIX options template from Juniper MX240 JunOS 15.1 R6 S3", + "events": [ + { + "Timestamp": "2018-06-01T15:11:53Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2018-06-01T15:11:53Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 524288, + "timestamp": "2018-06-01T15:11:53Z", + "uptime_millis": 0, + "version": 10 + }, + "options": { + "export_protocol_version": 10, + "export_transport_protocol": 17, + "exported_flow_record_total_count": 76, + "exported_message_total_count": 76, + "exporter_ipv4_address": "10.0.0.1", + "exporter_ipv6_address": "::", + "flow_active_timeout": 60, + "flow_idle_timeout": 60, + "sampling_interval": 1000, + "system_init_time_milliseconds": "2010-01-06T07:06:38Z" + }, + "scope": { + "exporting_process_id": 2 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/IPFIX-vIPtela-with-VPN-id.golden.json b/filebeat/input/netflow/testdata/golden/IPFIX-vIPtela-with-VPN-id.golden.json new file mode 100644 index 00000000000..b43b3a4f6b5 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/IPFIX-vIPtela-with-VPN-id.golden.json @@ -0,0 +1,80 @@ +{ + "test_name": "IPFIX vIPtela with VPN id", + "events": [ + { + "Timestamp": "2017-11-21T14:32:15Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.21.27", + "locality": "private", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-11-21T14:32:15Z", + "kind": "event" + }, + "flow": { + "id": "dO-Anbp9xpw", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.21.27", + "destination_transport_port": 443, + "egress_interface": 3, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2887138561, + "timestamp": "2017-11-21T14:32:15Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_reason": 3, + "flow_end_seconds": "2017-11-21T14:32:15Z", + "flow_start_seconds": "2017-11-21T14:32:15Z", + "icmp_type_code_ipv4": 0, + "ingress_interface": 11, + "ip_class_of_service": 48, + "ip_diff_serv_code_point": 12, + "ip_next_hop_ipv4_address": "10.0.0.1", + "ip_precedence": 1, + "maximum_ip_total_length": 277, + "minimum_ip_total_length": 70, + "octet_delta_count": 775, + "octet_total_count": 775, + "packet_delta_count": 8, + "packet_total_count": 8, + "padding_octets": "AAAAAAAAAA==", + "protocol_identifier": 6, + "source_ipv4_address": "10.113.7.54", + "source_transport_port": 41717, + "tcp_control_bits": 16, + "type": "netflow_flow", + "viptela_vpn_id": 100 + }, + "network": { + "bytes": 775, + "community_id": "1:uhU0lSQQ+LoAMve6GxHC0M3nIes=", + "direction": "unknown", + "iana_number": 6, + "packets": 8, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 775, + "ip": "10.113.7.54", + "locality": "private", + "packets": 8, + "port": 41717 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/IPFIX.golden.json b/filebeat/input/netflow/testdata/golden/IPFIX.golden.json new file mode 100644 index 00000000000..c458b21dd9e --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/IPFIX.golden.json @@ -0,0 +1,845 @@ +{ + "test_name": "IPFIX", + "events": [ + { + "Timestamp": "2015-05-13T11:20:26Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2015-05-13T11:20:26Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-05-13T11:20:26Z", + "uptime_millis": 0, + "version": 10 + }, + "options": { + "sampling_packet_interval": 1, + "sampling_packet_space": 0, + "selector_algorithm": 1, + "system_init_time_milliseconds": "2015-05-13T11:20:13.506Z" + }, + "scope": { + "metering_process_id": 2679 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-05-13T11:20:26Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.253.128", + "locality": "private", + "port": 22 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-05-13T11:20:26Z", + "kind": "event" + }, + "flow": { + "id": "ofdVXz7_x6E", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.253.128", + "destination_transport_port": 22, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-05-13T11:20:26Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 12726, + "flow_start_sys_up_time": 0, + "icmp_type_code_ipv4": 0, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 260, + "packet_delta_count": 5, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.253.1", + "source_transport_port": 60560, + "tcp_control_bits": 16, + "type": "netflow_flow", + "vlan_id": 0 + }, + "network": { + "bytes": 260, + "community_id": "1:6pzReSc2/Mtd0o91uM5DmacQb0M=", + "direction": "unknown", + "iana_number": 6, + "packets": 5, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 260, + "ip": "192.168.253.1", + "locality": "private", + "packets": 5, + "port": 60560 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-05-13T11:20:26Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.253.1", + "locality": "private", + "port": 60560 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-05-13T11:20:26Z", + "kind": "event" + }, + "flow": { + "id": "ofdVXz7_x6E", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.253.1", + "destination_transport_port": 60560, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-05-13T11:20:26Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 12726, + "flow_start_sys_up_time": 0, + "icmp_type_code_ipv4": 0, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 1000, + "packet_delta_count": 6, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.253.128", + "source_transport_port": 22, + "tcp_control_bits": 24, + "type": "netflow_flow", + "vlan_id": 0 + }, + "network": { + "bytes": 1000, + "community_id": "1:6pzReSc2/Mtd0o91uM5DmacQb0M=", + "direction": "unknown", + "iana_number": 6, + "packets": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1000, + "ip": "192.168.253.128", + "locality": "private", + "packets": 6, + "port": 22 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-05-13T11:20:26Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.253.132", + "locality": "private", + "port": 35262 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-05-13T11:20:26Z", + "kind": "event" + }, + "flow": { + "id": "ztL93_3GZNs", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.253.132", + "destination_transport_port": 35262, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-05-13T11:20:26Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 1142, + "flow_start_sys_up_time": 1104, + "icmp_type_code_ipv4": 0, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 601, + "packet_delta_count": 2, + "protocol_identifier": 17, + "source_ipv4_address": "192.168.253.2", + "source_transport_port": 53, + "tcp_control_bits": 0, + "type": "netflow_flow", + "vlan_id": 0 + }, + "network": { + "bytes": 601, + "community_id": "1:cmEHBNcVowAg9a6vEA2mT6qdaEY=", + "direction": "unknown", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 601, + "ip": "192.168.253.2", + "locality": "private", + "packets": 2, + "port": 53 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-05-13T11:20:26Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.253.2", + "locality": "private", + "port": 53 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-05-13T11:20:26Z", + "kind": "event" + }, + "flow": { + "id": "ztL93_3GZNs", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.253.2", + "destination_transport_port": 53, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-05-13T11:20:26Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 1142, + "flow_start_sys_up_time": 1104, + "icmp_type_code_ipv4": 0, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 148, + "packet_delta_count": 2, + "protocol_identifier": 17, + "source_ipv4_address": "192.168.253.132", + "source_transport_port": 35262, + "tcp_control_bits": 0, + "type": "netflow_flow", + "vlan_id": 0 + }, + "network": { + "bytes": 148, + "community_id": "1:cmEHBNcVowAg9a6vEA2mT6qdaEY=", + "direction": "unknown", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 148, + "ip": "192.168.253.132", + "locality": "private", + "packets": 2, + "port": 35262 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-05-13T11:20:26Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.253.132", + "locality": "private", + "port": 49935 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-05-13T11:20:26Z", + "kind": "event" + }, + "flow": { + "id": "VANFUe1rklc", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "192.168.253.132", + "destination_transport_port": 49935, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-05-13T11:20:26Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2392, + "flow_start_sys_up_time": 1142, + "icmp_type_code_ipv4": 0, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 5946, + "packet_delta_count": 14, + "protocol_identifier": 6, + "source_ipv4_address": "54.214.9.161", + "source_transport_port": 443, + "tcp_control_bits": 26, + "type": "netflow_flow", + "vlan_id": 0 + }, + "network": { + "bytes": 5946, + "community_id": "1:fXim87AxDxTnzBecrylQnaOWwXs=", + "direction": "unknown", + "iana_number": 6, + "packets": 14, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 5946, + "ip": "54.214.9.161", + "locality": "public", + "packets": 14, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-05-13T11:20:26Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "54.214.9.161", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-05-13T11:20:26Z", + "kind": "event" + }, + "flow": { + "id": "VANFUe1rklc", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "54.214.9.161", + "destination_transport_port": 443, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-05-13T11:20:26Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 2392, + "flow_start_sys_up_time": 1142, + "icmp_type_code_ipv4": 0, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 2608, + "packet_delta_count": 13, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.253.132", + "source_transport_port": 49935, + "tcp_control_bits": 26, + "type": "netflow_flow", + "vlan_id": 0 + }, + "network": { + "bytes": 2608, + "community_id": "1:fXim87AxDxTnzBecrylQnaOWwXs=", + "direction": "unknown", + "iana_number": 6, + "packets": 13, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 2608, + "ip": "192.168.253.132", + "locality": "private", + "packets": 13, + "port": 49935 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-05-13T11:20:26Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.4.36.64", + "locality": "private", + "port": 9200 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-05-13T11:20:26Z", + "kind": "event" + }, + "flow": { + "id": "iDHwMSG6faQ", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "10.4.36.64", + "destination_transport_port": 9200, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-05-13T11:20:26Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 1356, + "flow_start_sys_up_time": 1356, + "icmp_type_code_ipv4": 0, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 60, + "packet_delta_count": 1, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.253.130", + "source_transport_port": 38254, + "tcp_control_bits": 2, + "type": "netflow_flow", + "vlan_id": 0 + }, + "network": { + "bytes": 60, + "community_id": "1:TGQXQoBV0v/a8jfzOG4MA7lX628=", + "direction": "unknown", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 60, + "ip": "192.168.253.130", + "locality": "private", + "packets": 1, + "port": 38254 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-05-13T11:20:28Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.253.128", + "locality": "private", + "port": 22 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-05-13T11:20:28Z", + "kind": "event" + }, + "flow": { + "id": "ofdVXz7_x6E", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.253.128", + "destination_transport_port": 22, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-05-13T11:20:28Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 14611, + "flow_start_sys_up_time": 12727, + "icmp_type_code_ipv4": 0, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 256, + "packet_delta_count": 4, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.253.1", + "source_transport_port": 60560, + "tcp_control_bits": 24, + "type": "netflow_flow", + "vlan_id": 0 + }, + "network": { + "bytes": 256, + "community_id": "1:6pzReSc2/Mtd0o91uM5DmacQb0M=", + "direction": "unknown", + "iana_number": 6, + "packets": 4, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 256, + "ip": "192.168.253.1", + "locality": "private", + "packets": 4, + "port": 60560 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-05-13T11:20:28Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.253.1", + "locality": "private", + "port": 60560 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-05-13T11:20:28Z", + "kind": "event" + }, + "flow": { + "id": "ofdVXz7_x6E", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.253.1", + "destination_transport_port": 60560, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-05-13T11:20:28Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 14611, + "flow_start_sys_up_time": 12727, + "icmp_type_code_ipv4": 0, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 1916, + "packet_delta_count": 3, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.253.128", + "source_transport_port": 22, + "tcp_control_bits": 24, + "type": "netflow_flow", + "vlan_id": 0 + }, + "network": { + "bytes": 1916, + "community_id": "1:6pzReSc2/Mtd0o91uM5DmacQb0M=", + "direction": "unknown", + "iana_number": 6, + "packets": 3, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1916, + "ip": "192.168.253.128", + "locality": "private", + "packets": 3, + "port": 22 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-05-13T11:20:28Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.253.128", + "locality": "private", + "port": 22 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-05-13T11:20:28Z", + "kind": "event" + }, + "flow": { + "id": "WgPN9s2D0jg", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.253.128", + "destination_transport_port": 22, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-05-13T11:20:28Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 12726, + "flow_start_sys_up_time": 12725, + "icmp_type_code_ipv4": 0, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 168, + "packet_delta_count": 2, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.253.1", + "source_transport_port": 65308, + "tcp_control_bits": 24, + "type": "netflow_flow", + "vlan_id": 0 + }, + "network": { + "bytes": 168, + "community_id": "1:+Mf5R/ZcHy8l33HQh7MUdj1QlUE=", + "direction": "unknown", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 168, + "ip": "192.168.253.1", + "locality": "private", + "packets": 2, + "port": 65308 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-05-13T11:20:28Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.253.1", + "locality": "private", + "port": 65308 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-05-13T11:20:28Z", + "kind": "event" + }, + "flow": { + "id": "WgPN9s2D0jg", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.253.1", + "destination_transport_port": 65308, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-05-13T11:20:28Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 12726, + "flow_start_sys_up_time": 12725, + "icmp_type_code_ipv4": 0, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 84, + "packet_delta_count": 1, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.253.128", + "source_transport_port": 22, + "tcp_control_bits": 24, + "type": "netflow_flow", + "vlan_id": 0 + }, + "network": { + "bytes": 84, + "community_id": "1:+Mf5R/ZcHy8l33HQh7MUdj1QlUE=", + "direction": "unknown", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 84, + "ip": "192.168.253.128", + "locality": "private", + "packets": 1, + "port": 22 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-05-13T11:20:28Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "224.0.0.251", + "locality": "private", + "port": 5353 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-05-13T11:20:28Z", + "kind": "event" + }, + "flow": { + "id": "PSMPOofjjVU", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "224.0.0.251", + "destination_transport_port": 5353, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-05-13T11:20:28Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 12741, + "flow_start_sys_up_time": 12741, + "icmp_type_code_ipv4": 0, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 232, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "192.168.253.1", + "source_transport_port": 5353, + "tcp_control_bits": 0, + "type": "netflow_flow", + "vlan_id": 0 + }, + "network": { + "bytes": 232, + "community_id": "1:nyhq/ntQBZPAPfKLfPLpg31+JBs=", + "direction": "unknown", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 232, + "ip": "192.168.253.1", + "locality": "private", + "packets": 1, + "port": 5353 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-1941-K9-release-15.1.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-1941-K9-release-15.1.golden.json new file mode 100644 index 00000000000..b3b9bec5c1c --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-1941-K9-release-15.1.golden.json @@ -0,0 +1,1948 @@ +{ + "test_name": "Netflow 9 Cisco 1941/K9 release 15.1", + "events": [ + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "62.217.193.1", + "locality": "public", + "port": 53 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "BPlkuHwo9sU", + "locality": "public" + }, + "netflow": { + "application_id": "BQAASA==", + "destination_ipv4_address": "62.217.193.1", + "destination_transport_port": 53, + "dot1q_vlan_id": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 0, + "ingress_interface": 17, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "0.0.0.0", + "octet_delta_count": 75, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "192.168.0.111", + "source_mac_address": "ec:1f:72:11:9f:c1", + "source_transport_port": 37301, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 75, + "community_id": "1:Q0JWoL0pSyHJDJxF9+6Nqpnqn3I=", + "direction": "inbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 75, + "ip": "192.168.0.111", + "locality": "private", + "mac": "ec:1f:72:11:9f:c1", + "packets": 1, + "port": 37301 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "62.217.193.65", + "locality": "public", + "port": 53 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "-PhJhHv5gvE", + "locality": "public" + }, + "netflow": { + "application_id": "BQAASA==", + "destination_ipv4_address": "62.217.193.65", + "destination_transport_port": 53, + "dot1q_vlan_id": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 0, + "ingress_interface": 17, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "0.0.0.0", + "octet_delta_count": 75, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "192.168.0.111", + "source_mac_address": "ec:1f:72:11:9f:c1", + "source_transport_port": 58411, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 75, + "community_id": "1:ixp5Xp0pUmGBy18PlAIUAecp4n4=", + "direction": "inbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 75, + "ip": "192.168.0.111", + "locality": "private", + "mac": "ec:1f:72:11:9f:c1", + "packets": 1, + "port": 58411 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "62.217.193.1", + "locality": "public", + "port": 53 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "zTrEnrxMnjo", + "locality": "public" + }, + "netflow": { + "application_id": "BQAASA==", + "destination_ipv4_address": "62.217.193.1", + "destination_transport_port": 53, + "dot1q_vlan_id": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 0, + "ingress_interface": 17, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "0.0.0.0", + "octet_delta_count": 75, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "192.168.0.111", + "source_mac_address": "ec:1f:72:11:9f:c1", + "source_transport_port": 37661, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 75, + "community_id": "1:uuaH/p8dMr2C7F6OvG7QTwKafoI=", + "direction": "inbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 75, + "ip": "192.168.0.111", + "locality": "private", + "mac": "ec:1f:72:11:9f:c1", + "packets": 1, + "port": 37661 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "62.217.193.65", + "locality": "public", + "port": 53 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "G4AVpSxBAVo", + "locality": "public" + }, + "netflow": { + "application_id": "BQAASA==", + "destination_ipv4_address": "62.217.193.65", + "destination_transport_port": 53, + "dot1q_vlan_id": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 0, + "ingress_interface": 17, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "0.0.0.0", + "octet_delta_count": 75, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "192.168.0.111", + "source_mac_address": "ec:1f:72:11:9f:c1", + "source_transport_port": 60212, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 75, + "community_id": "1:cN6L1398Z+/E9YhZhQQEXXzKWfI=", + "direction": "inbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 75, + "ip": "192.168.0.111", + "locality": "private", + "mac": "ec:1f:72:11:9f:c1", + "packets": 1, + "port": 60212 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.3.142", + "locality": "private", + "port": 37450 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "2nQmjOOzSH0", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAAQ==", + "destination_ipv4_address": "192.168.3.142", + "destination_transport_port": 37450, + "dot1q_vlan_id": 872, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 1, + "ingress_interface": 11, + "ip_class_of_service": 48, + "ip_next_hop_ipv4_address": "192.168.3.142", + "octet_delta_count": 964, + "packet_delta_count": 10, + "protocol_identifier": 6, + "source_ipv4_address": "158.85.58.115", + "source_mac_address": "00:23:04:18:ef:40", + "source_transport_port": 5222, + "tcp_control_bits": 29, + "type": "netflow_flow" + }, + "network": { + "bytes": 964, + "community_id": "1:Hi/9p/anXVpWlMC/6/k3Zr9I1to=", + "direction": "outbound", + "iana_number": 6, + "packets": 10, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 964, + "ip": "158.85.58.115", + "locality": "public", + "mac": "00:23:04:18:ef:40", + "packets": 10, + "port": 5222 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "216.58.212.195", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "z7uHiA5SrD0", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAQg==", + "destination_ipv4_address": "216.58.212.195", + "destination_transport_port": 443, + "dot1q_vlan_id": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 0, + "ingress_interface": 17, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "109.166.216.93", + "octet_delta_count": 2748, + "packet_delta_count": 8, + "protocol_identifier": 17, + "source_ipv4_address": "192.168.0.88", + "source_mac_address": "a4:d1:8c:e9:30:2c", + "source_transport_port": 61490, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 2748, + "community_id": "1:qgStw7dQK+Tl0+hQK5Uq9q42HEM=", + "direction": "inbound", + "iana_number": 17, + "packets": 8, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 2748, + "ip": "192.168.0.88", + "locality": "private", + "mac": "a4:d1:8c:e9:30:2c", + "packets": 8, + "port": 61490 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.88", + "locality": "private", + "port": 61490 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "z7uHiA5SrD0", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAAQ==", + "destination_ipv4_address": "192.168.0.88", + "destination_transport_port": 61490, + "dot1q_vlan_id": 872, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 1, + "ingress_interface": 11, + "ip_class_of_service": 48, + "ip_next_hop_ipv4_address": "192.168.0.88", + "octet_delta_count": 2023, + "packet_delta_count": 9, + "protocol_identifier": 17, + "source_ipv4_address": "216.58.212.195", + "source_mac_address": "00:23:04:18:ef:40", + "source_transport_port": 443, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 2023, + "community_id": "1:qgStw7dQK+Tl0+hQK5Uq9q42HEM=", + "direction": "outbound", + "iana_number": 17, + "packets": 9, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 2023, + "ip": "216.58.212.195", + "locality": "public", + "mac": "00:23:04:18:ef:40", + "packets": 9, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "216.58.201.106", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "eyNcUtWu34I", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAAQ==", + "destination_ipv4_address": "216.58.201.106", + "destination_transport_port": 443, + "dot1q_vlan_id": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 0, + "ingress_interface": 17, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "109.166.216.93", + "octet_delta_count": 2180, + "packet_delta_count": 9, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.1.201", + "source_mac_address": "98:01:a7:9f:8d:5f", + "source_transport_port": 50299, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 2180, + "community_id": "1:qby1BSw4pTWxwlh6xrXkVFUjmW0=", + "direction": "inbound", + "iana_number": 6, + "packets": 9, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 2180, + "ip": "192.168.1.201", + "locality": "private", + "mac": "98:01:a7:9f:8d:5f", + "packets": 9, + "port": 50299 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.1.201", + "locality": "private", + "port": 50299 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "eyNcUtWu34I", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAEA==", + "destination_ipv4_address": "192.168.1.201", + "destination_transport_port": 50299, + "dot1q_vlan_id": 872, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 1, + "ingress_interface": 11, + "ip_class_of_service": 48, + "ip_next_hop_ipv4_address": "192.168.1.201", + "octet_delta_count": 700, + "packet_delta_count": 9, + "protocol_identifier": 6, + "source_ipv4_address": "216.58.201.106", + "source_mac_address": "00:23:04:18:ef:40", + "source_transport_port": 443, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 700, + "community_id": "1:qby1BSw4pTWxwlh6xrXkVFUjmW0=", + "direction": "outbound", + "iana_number": 6, + "packets": 9, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 700, + "ip": "216.58.201.106", + "locality": "public", + "mac": "00:23:04:18:ef:40", + "packets": 9, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.2.118", + "locality": "private", + "port": 61353 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "i7e4W23LBGg", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAEA==", + "destination_ipv4_address": "192.168.2.118", + "destination_transport_port": 61353, + "dot1q_vlan_id": 872, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 1, + "ingress_interface": 11, + "ip_class_of_service": 48, + "ip_next_hop_ipv4_address": "192.168.2.118", + "octet_delta_count": 161, + "packet_delta_count": 2, + "protocol_identifier": 6, + "source_ipv4_address": "52.236.33.163", + "source_mac_address": "00:23:04:18:ef:40", + "source_transport_port": 443, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 161, + "community_id": "1:TbEdA3tLJqC2kZYCOR3uLDsO9Zs=", + "direction": "outbound", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 161, + "ip": "52.236.33.163", + "locality": "public", + "mac": "00:23:04:18:ef:40", + "packets": 2, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "52.216.130.237", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "ALOJ32qLh_s", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAEA==", + "destination_ipv4_address": "52.216.130.237", + "destination_transport_port": 443, + "dot1q_vlan_id": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 0, + "ingress_interface": 17, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "109.166.216.93", + "octet_delta_count": 1764, + "packet_delta_count": 21, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.3.34", + "source_mac_address": "1c:5c:f2:07:0f:2a", + "source_transport_port": 61674, + "tcp_control_bits": 27, + "type": "netflow_flow" + }, + "network": { + "bytes": 1764, + "community_id": "1:k+G++HkZbxWsJmSxiwjNGauDdMo=", + "direction": "inbound", + "iana_number": 6, + "packets": 21, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1764, + "ip": "192.168.3.34", + "locality": "private", + "mac": "1c:5c:f2:07:0f:2a", + "packets": 21, + "port": 61674 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.3.34", + "locality": "private", + "port": 61672 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "h9s7TXaoMZw", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAEA==", + "destination_ipv4_address": "192.168.3.34", + "destination_transport_port": 61672, + "dot1q_vlan_id": 872, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 1, + "ingress_interface": 11, + "ip_class_of_service": 48, + "ip_next_hop_ipv4_address": "192.168.3.34", + "octet_delta_count": 13811, + "packet_delta_count": 30, + "protocol_identifier": 6, + "source_ipv4_address": "209.197.3.19", + "source_mac_address": "00:23:04:18:ef:40", + "source_transport_port": 443, + "tcp_control_bits": 31, + "type": "netflow_flow" + }, + "network": { + "bytes": 13811, + "community_id": "1:/IDNcRrgXRDN+hVYssIa2UWNFFc=", + "direction": "outbound", + "iana_number": 6, + "packets": 30, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 13811, + "ip": "209.197.3.19", + "locality": "public", + "mac": "00:23:04:18:ef:40", + "packets": 30, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.3.34", + "locality": "private", + "port": 61674 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "ALOJ32qLh_s", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAEA==", + "destination_ipv4_address": "192.168.3.34", + "destination_transport_port": 61674, + "dot1q_vlan_id": 872, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 1, + "ingress_interface": 11, + "ip_class_of_service": 48, + "ip_next_hop_ipv4_address": "192.168.3.34", + "octet_delta_count": 4717, + "packet_delta_count": 16, + "protocol_identifier": 6, + "source_ipv4_address": "52.216.130.237", + "source_mac_address": "00:23:04:18:ef:40", + "source_transport_port": 443, + "tcp_control_bits": 27, + "type": "netflow_flow" + }, + "network": { + "bytes": 4717, + "community_id": "1:k+G++HkZbxWsJmSxiwjNGauDdMo=", + "direction": "outbound", + "iana_number": 6, + "packets": 16, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 4717, + "ip": "52.216.130.237", + "locality": "public", + "mac": "00:23:04:18:ef:40", + "packets": 16, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.217.23.232", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "2GPS5gJiF8g", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAEA==", + "destination_ipv4_address": "172.217.23.232", + "destination_transport_port": 443, + "dot1q_vlan_id": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 0, + "ingress_interface": 17, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "109.166.216.93", + "octet_delta_count": 2419, + "packet_delta_count": 13, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.157", + "source_mac_address": "b0:34:95:0d:d2:5d", + "source_transport_port": 51209, + "tcp_control_bits": 26, + "type": "netflow_flow" + }, + "network": { + "bytes": 2419, + "community_id": "1:oFTpsIQUx9tiU/r2SmwlsJKnuus=", + "direction": "inbound", + "iana_number": 6, + "packets": 13, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 2419, + "ip": "192.168.0.157", + "locality": "private", + "mac": "b0:34:95:0d:d2:5d", + "packets": 13, + "port": 51209 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.157", + "locality": "private", + "port": 51209 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "2GPS5gJiF8g", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAEA==", + "destination_ipv4_address": "192.168.0.157", + "destination_transport_port": 51209, + "dot1q_vlan_id": 872, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 1, + "ingress_interface": 11, + "ip_class_of_service": 48, + "ip_next_hop_ipv4_address": "192.168.0.157", + "octet_delta_count": 5551, + "packet_delta_count": 10, + "protocol_identifier": 6, + "source_ipv4_address": "172.217.23.232", + "source_mac_address": "00:23:04:18:ef:40", + "source_transport_port": 443, + "tcp_control_bits": 26, + "type": "netflow_flow" + }, + "network": { + "bytes": 5551, + "community_id": "1:oFTpsIQUx9tiU/r2SmwlsJKnuus=", + "direction": "outbound", + "iana_number": 6, + "packets": 10, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 5551, + "ip": "172.217.23.232", + "locality": "public", + "mac": "00:23:04:18:ef:40", + "packets": 10, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.3.178", + "locality": "private", + "port": 45584 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "ughO0a0lrBw", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAEA==", + "destination_ipv4_address": "192.168.3.178", + "destination_transport_port": 45584, + "dot1q_vlan_id": 872, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 1, + "ingress_interface": 11, + "ip_class_of_service": 48, + "ip_next_hop_ipv4_address": "192.168.3.178", + "octet_delta_count": 187, + "packet_delta_count": 3, + "protocol_identifier": 6, + "source_ipv4_address": "107.21.232.174", + "source_mac_address": "00:23:04:18:ef:40", + "source_transport_port": 443, + "tcp_control_bits": 25, + "type": "netflow_flow" + }, + "network": { + "bytes": 187, + "community_id": "1:lWK6ttJ9rWv8JtxbOL3hnjCMNMU=", + "direction": "outbound", + "iana_number": 6, + "packets": 3, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 187, + "ip": "107.21.232.174", + "locality": "public", + "mac": "00:23:04:18:ef:40", + "packets": 3, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "107.21.232.174", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "ughO0a0lrBw", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAEA==", + "destination_ipv4_address": "107.21.232.174", + "destination_transport_port": 443, + "dot1q_vlan_id": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 0, + "ingress_interface": 17, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "109.166.216.93", + "octet_delta_count": 104, + "packet_delta_count": 2, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.3.178", + "source_mac_address": "dc:ef:ca:4c:da:57", + "source_transport_port": 45584, + "tcp_control_bits": 17, + "type": "netflow_flow" + }, + "network": { + "bytes": 104, + "community_id": "1:lWK6ttJ9rWv8JtxbOL3hnjCMNMU=", + "direction": "inbound", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 104, + "ip": "192.168.3.178", + "locality": "private", + "mac": "dc:ef:ca:4c:da:57", + "packets": 2, + "port": 45584 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "95.0.145.242", + "locality": "public", + "port": 2222 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "Ie4W_7Snl8w", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAAQ==", + "destination_ipv4_address": "95.0.145.242", + "destination_transport_port": 2222, + "dot1q_vlan_id": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 0, + "ingress_interface": 17, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "109.166.216.93", + "octet_delta_count": 4050, + "packet_delta_count": 72, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.2.118", + "source_mac_address": "70:18:8b:5c:c9:b5", + "source_transport_port": 64233, + "tcp_control_bits": 27, + "type": "netflow_flow" + }, + "network": { + "bytes": 4050, + "community_id": "1:6p8Cv/jo8TMJvy1G2nAPs9x6DFk=", + "direction": "inbound", + "iana_number": 6, + "packets": 72, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 4050, + "ip": "192.168.2.118", + "locality": "private", + "mac": "70:18:8b:5c:c9:b5", + "packets": 72, + "port": 64233 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.2.118", + "locality": "private", + "port": 64233 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "Ie4W_7Snl8w", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAAQ==", + "destination_ipv4_address": "192.168.2.118", + "destination_transport_port": 64233, + "dot1q_vlan_id": 872, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 1, + "ingress_interface": 11, + "ip_class_of_service": 48, + "ip_next_hop_ipv4_address": "192.168.2.118", + "octet_delta_count": 3719, + "packet_delta_count": 72, + "protocol_identifier": 6, + "source_ipv4_address": "95.0.145.242", + "source_mac_address": "00:23:04:18:ef:40", + "source_transport_port": 2222, + "tcp_control_bits": 27, + "type": "netflow_flow" + }, + "network": { + "bytes": 3719, + "community_id": "1:6p8Cv/jo8TMJvy1G2nAPs9x6DFk=", + "direction": "outbound", + "iana_number": 6, + "packets": 72, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 3719, + "ip": "95.0.145.242", + "locality": "public", + "mac": "00:23:04:18:ef:40", + "packets": 72, + "port": 2222 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "23.5.100.66", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "yokq763qB0U", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAEA==", + "destination_ipv4_address": "23.5.100.66", + "destination_transport_port": 443, + "dot1q_vlan_id": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 0, + "ingress_interface": 17, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "109.166.216.93", + "octet_delta_count": 1402, + "packet_delta_count": 16, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.79", + "source_mac_address": "8c:29:37:7a:28:c0", + "source_transport_port": 54275, + "tcp_control_bits": 26, + "type": "netflow_flow" + }, + "network": { + "bytes": 1402, + "community_id": "1:9vhQhoWddOoV+A74fuYIGy8zA54=", + "direction": "inbound", + "iana_number": 6, + "packets": 16, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1402, + "ip": "192.168.0.79", + "locality": "private", + "mac": "8c:29:37:7a:28:c0", + "packets": 16, + "port": 54275 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "23.5.100.66", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "DCY-5ocv9ik", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAEA==", + "destination_ipv4_address": "23.5.100.66", + "destination_transport_port": 443, + "dot1q_vlan_id": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 0, + "ingress_interface": 17, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "109.166.216.93", + "octet_delta_count": 1538, + "packet_delta_count": 17, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.79", + "source_mac_address": "8c:29:37:7a:28:c0", + "source_transport_port": 54276, + "tcp_control_bits": 26, + "type": "netflow_flow" + }, + "network": { + "bytes": 1538, + "community_id": "1:hbJVG+ljKDlDBqE4TqstvyId5+U=", + "direction": "inbound", + "iana_number": 6, + "packets": 17, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1538, + "ip": "192.168.0.79", + "locality": "private", + "mac": "8c:29:37:7a:28:c0", + "packets": 17, + "port": 54276 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.79", + "locality": "private", + "port": 54276 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "DCY-5ocv9ik", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAEA==", + "destination_ipv4_address": "192.168.0.79", + "destination_transport_port": 54276, + "dot1q_vlan_id": 872, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 1, + "ingress_interface": 11, + "ip_class_of_service": 48, + "ip_next_hop_ipv4_address": "192.168.0.79", + "octet_delta_count": 13002, + "packet_delta_count": 14, + "protocol_identifier": 6, + "source_ipv4_address": "23.5.100.66", + "source_mac_address": "00:23:04:18:ef:40", + "source_transport_port": 443, + "tcp_control_bits": 26, + "type": "netflow_flow" + }, + "network": { + "bytes": 13002, + "community_id": "1:hbJVG+ljKDlDBqE4TqstvyId5+U=", + "direction": "outbound", + "iana_number": 6, + "packets": 14, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 13002, + "ip": "23.5.100.66", + "locality": "public", + "mac": "00:23:04:18:ef:40", + "packets": 14, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.61", + "locality": "private", + "port": 57007 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "B7rjR_940zU", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAEA==", + "destination_ipv4_address": "192.168.0.61", + "destination_transport_port": 57007, + "dot1q_vlan_id": 872, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 1, + "ingress_interface": 11, + "ip_class_of_service": 48, + "ip_next_hop_ipv4_address": "192.168.0.61", + "octet_delta_count": 1194, + "packet_delta_count": 4, + "protocol_identifier": 6, + "source_ipv4_address": "170.251.180.15", + "source_mac_address": "00:23:04:18:ef:40", + "source_transport_port": 443, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 1194, + "community_id": "1:usm9s48ZKXop7u60nquyl3OGGmU=", + "direction": "outbound", + "iana_number": 6, + "packets": 4, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1194, + "ip": "170.251.180.15", + "locality": "public", + "mac": "00:23:04:18:ef:40", + "packets": 4, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "170.251.180.15", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "B7rjR_940zU", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAEA==", + "destination_ipv4_address": "170.251.180.15", + "destination_transport_port": 443, + "dot1q_vlan_id": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 0, + "ingress_interface": 17, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "109.166.216.93", + "octet_delta_count": 682, + "packet_delta_count": 2, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.61", + "source_mac_address": "90:61:ae:76:e5:e9", + "source_transport_port": 57007, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 682, + "community_id": "1:usm9s48ZKXop7u60nquyl3OGGmU=", + "direction": "inbound", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 682, + "ip": "192.168.0.61", + "locality": "private", + "mac": "90:61:ae:76:e5:e9", + "packets": 2, + "port": 57007 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "74.119.119.84", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "0RrmR_QtH34", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAEA==", + "destination_ipv4_address": "74.119.119.84", + "destination_transport_port": 443, + "dot1q_vlan_id": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 0, + "ingress_interface": 17, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "109.166.216.93", + "octet_delta_count": 1804, + "packet_delta_count": 11, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.3.34", + "source_mac_address": "1c:5c:f2:07:0f:2a", + "source_transport_port": 61694, + "tcp_control_bits": 26, + "type": "netflow_flow" + }, + "network": { + "bytes": 1804, + "community_id": "1:/jxDWhvRG2nr/ht0LPbgCBQrKOo=", + "direction": "inbound", + "iana_number": 6, + "packets": 11, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1804, + "ip": "192.168.3.34", + "locality": "private", + "mac": "1c:5c:f2:07:0f:2a", + "packets": 11, + "port": 61694 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.3.142", + "locality": "private", + "port": 59459 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "O1-Y9rjVH2A", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAAQ==", + "destination_ipv4_address": "192.168.3.142", + "destination_transport_port": 59459, + "dot1q_vlan_id": 872, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 1, + "ingress_interface": 11, + "ip_class_of_service": 48, + "ip_next_hop_ipv4_address": "192.168.3.142", + "octet_delta_count": 4774, + "packet_delta_count": 9, + "protocol_identifier": 6, + "source_ipv4_address": "185.60.218.19", + "source_mac_address": "00:23:04:18:ef:40", + "source_transport_port": 443, + "tcp_control_bits": 26, + "type": "netflow_flow" + }, + "network": { + "bytes": 4774, + "community_id": "1:ubJyGYO3ADUgo0t/BtTgdjnF4fk=", + "direction": "outbound", + "iana_number": 6, + "packets": 9, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 4774, + "ip": "185.60.218.19", + "locality": "public", + "mac": "00:23:04:18:ef:40", + "packets": 9, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "185.60.218.15", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "CtFBGbTcLpg", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAAQ==", + "destination_ipv4_address": "185.60.218.15", + "destination_transport_port": 443, + "dot1q_vlan_id": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 0, + "ingress_interface": 17, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "109.166.216.93", + "octet_delta_count": 135, + "packet_delta_count": 2, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.3.200", + "source_mac_address": "18:20:32:bb:1d:62", + "source_transport_port": 64493, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 135, + "community_id": "1:q44LzNKb1dp9tu+LzQFSpppE8Gg=", + "direction": "inbound", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 135, + "ip": "192.168.3.200", + "locality": "private", + "mac": "18:20:32:bb:1d:62", + "packets": 2, + "port": 64493 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.3.200", + "locality": "private", + "port": 64493 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "CtFBGbTcLpg", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAEA==", + "destination_ipv4_address": "192.168.3.200", + "destination_transport_port": 64493, + "dot1q_vlan_id": 872, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 1, + "ingress_interface": 11, + "ip_class_of_service": 48, + "ip_next_hop_ipv4_address": "192.168.3.200", + "octet_delta_count": 135, + "packet_delta_count": 2, + "protocol_identifier": 6, + "source_ipv4_address": "185.60.218.15", + "source_mac_address": "00:23:04:18:ef:40", + "source_transport_port": 443, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 135, + "community_id": "1:q44LzNKb1dp9tu+LzQFSpppE8Gg=", + "direction": "outbound", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 135, + "ip": "185.60.218.15", + "locality": "public", + "mac": "00:23:04:18:ef:40", + "packets": 2, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-03T17:03:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "169.45.214.246", + "locality": "public", + "port": 5222 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-03T17:03:39Z", + "kind": "event" + }, + "flow": { + "id": "lT_guTKc7y4", + "locality": "public" + }, + "netflow": { + "application_id": "BQAAAQ==", + "destination_ipv4_address": "169.45.214.246", + "destination_transport_port": 5222, + "dot1q_vlan_id": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-10-03T17:03:39Z", + "uptime_millis": 210280120, + "version": 9 + }, + "flow_direction": 0, + "ingress_interface": 17, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "109.166.216.93", + "octet_delta_count": 194, + "packet_delta_count": 3, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.95", + "source_mac_address": "a0:39:f7:4d:49:d5", + "source_transport_port": 35053, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 194, + "community_id": "1:e0AnW/lunIiMyNSi9fNN7W5p7Bg=", + "direction": "inbound", + "iana_number": 6, + "packets": 3, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 194, + "ip": "192.168.0.95", + "locality": "private", + "mac": "a0:39:f7:4d:49:d5", + "packets": 3, + "port": 35053 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-ASA-2.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-ASA-2.golden.json new file mode 100644 index 00000000000..dc73be6acf3 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-ASA-2.golden.json @@ -0,0 +1,1327 @@ +{ + "test_name": "Netflow 9 Cisco ASA 2", + "events": [ + { + "Timestamp": "2016-07-21T13:50:37Z", + "Meta": null, + "Fields": { + "destination": { + "bytes": 763, + "ip": "192.168.0.17", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:50:37Z", + "kind": "event" + }, + "flow": { + "id": "UTkRrDbrhnI", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 80, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-07-21T13:50:37Z", + "uptime_millis": 739410190, + "version": 9 + }, + "firewall_event": 2, + "flow_id": 742819709, + "flow_start_milliseconds": "2016-07-21T13:50:32.955Z", + "fw_ext_event": 2030, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_interface": 3, + "initiator_octets": 81, + "observation_time_milliseconds": "2016-07-21T13:50:33.015Z", + "post_napt_destination_transport_port": 80, + "post_napt_source_transport_port": 61775, + "post_nat_destination_ipv4_address": "192.168.0.17", + "post_nat_source_ipv4_address": "192.168.0.2", + "protocol_identifier": 6, + "responder_octets": 763, + "source_ipv4_address": "192.168.0.2", + "source_transport_port": 61775, + "type": "netflow_flow" + }, + "network": { + "bytes": 844, + "community_id": "1:XaNCBbXLPvRPq4YmlYj+3C8LbyE=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 81, + "ip": "192.168.0.2", + "locality": "private", + "port": 61775 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:50:37Z", + "Meta": null, + "Fields": { + "destination": { + "bytes": 6207, + "ip": "192.168.0.17", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:50:37Z", + "kind": "event" + }, + "flow": { + "id": "WQVc0v7217I", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 80, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-07-21T13:50:37Z", + "uptime_millis": 739410190, + "version": 9 + }, + "firewall_event": 5, + "flow_id": 742819710, + "flow_start_milliseconds": "2016-07-21T13:50:32.955Z", + "fw_ext_event": 2030, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_interface": 3, + "initiator_octets": 81, + "observation_time_milliseconds": "2016-07-21T13:50:33.035Z", + "post_napt_destination_transport_port": 80, + "post_napt_source_transport_port": 61776, + "post_nat_destination_ipv4_address": "192.168.0.17", + "post_nat_source_ipv4_address": "192.168.0.2", + "protocol_identifier": 6, + "responder_octets": 6207, + "source_ipv4_address": "192.168.0.2", + "source_transport_port": 61776, + "type": "netflow_flow" + }, + "network": { + "bytes": 6288, + "community_id": "1:ApLoUXZvqTmJTtS6gao5Sqg0kgQ=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 81, + "ip": "192.168.0.2", + "locality": "private", + "port": 61776 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:50:37Z", + "Meta": null, + "Fields": { + "destination": { + "bytes": 6207, + "ip": "192.168.0.17", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:50:37Z", + "kind": "event" + }, + "flow": { + "id": "WQVc0v7217I", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 80, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-07-21T13:50:37Z", + "uptime_millis": 739410190, + "version": 9 + }, + "firewall_event": 2, + "flow_id": 742819710, + "flow_start_milliseconds": "2016-07-21T13:50:32.955Z", + "fw_ext_event": 2030, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_interface": 3, + "initiator_octets": 81, + "observation_time_milliseconds": "2016-07-21T13:50:33.035Z", + "post_napt_destination_transport_port": 80, + "post_napt_source_transport_port": 61776, + "post_nat_destination_ipv4_address": "192.168.0.17", + "post_nat_source_ipv4_address": "192.168.0.2", + "protocol_identifier": 6, + "responder_octets": 6207, + "source_ipv4_address": "192.168.0.2", + "source_transport_port": 61776, + "type": "netflow_flow" + }, + "network": { + "bytes": 6288, + "community_id": "1:ApLoUXZvqTmJTtS6gao5Sqg0kgQ=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 81, + "ip": "192.168.0.2", + "locality": "private", + "port": 61776 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:50:37Z", + "Meta": null, + "Fields": { + "destination": { + "bytes": 9075, + "ip": "192.168.0.18", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:50:37Z", + "kind": "event" + }, + "flow": { + "id": "Nle5z0FLBjA", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.18", + "destination_transport_port": 80, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-07-21T13:50:37Z", + "uptime_millis": 739410190, + "version": 9 + }, + "firewall_event": 5, + "flow_id": 742819619, + "flow_start_milliseconds": "2016-07-21T13:50:32.475Z", + "fw_ext_event": 2030, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_interface": 3, + "initiator_octets": 81, + "observation_time_milliseconds": "2016-07-21T13:50:33.115Z", + "post_napt_destination_transport_port": 80, + "post_napt_source_transport_port": 56635, + "post_nat_destination_ipv4_address": "192.168.0.18", + "post_nat_source_ipv4_address": "192.168.0.1", + "protocol_identifier": 6, + "responder_octets": 9075, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 56635, + "type": "netflow_flow" + }, + "network": { + "bytes": 9156, + "community_id": "1:64faG50xtU56JMAADXSJ0Lro5iE=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 81, + "ip": "192.168.0.1", + "locality": "private", + "port": 56635 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:50:37Z", + "Meta": null, + "Fields": { + "destination": { + "bytes": 9075, + "ip": "192.168.0.18", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:50:37Z", + "kind": "event" + }, + "flow": { + "id": "Nle5z0FLBjA", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.18", + "destination_transport_port": 80, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-07-21T13:50:37Z", + "uptime_millis": 739410190, + "version": 9 + }, + "firewall_event": 2, + "flow_id": 742819619, + "flow_start_milliseconds": "2016-07-21T13:50:32.475Z", + "fw_ext_event": 2030, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_interface": 3, + "initiator_octets": 81, + "observation_time_milliseconds": "2016-07-21T13:50:33.115Z", + "post_napt_destination_transport_port": 80, + "post_napt_source_transport_port": 56635, + "post_nat_destination_ipv4_address": "192.168.0.18", + "post_nat_source_ipv4_address": "192.168.0.1", + "protocol_identifier": 6, + "responder_octets": 9075, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 56635, + "type": "netflow_flow" + }, + "network": { + "bytes": 9156, + "community_id": "1:64faG50xtU56JMAADXSJ0Lro5iE=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 81, + "ip": "192.168.0.1", + "locality": "private", + "port": 56635 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:50:37Z", + "Meta": null, + "Fields": { + "destination": { + "bytes": 5536, + "ip": "192.168.0.17", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:50:37Z", + "kind": "event" + }, + "flow": { + "id": "lfYzCmoZgqo", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 80, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-07-21T13:50:37Z", + "uptime_millis": 739410190, + "version": 9 + }, + "firewall_event": 5, + "flow_id": 742819707, + "flow_start_milliseconds": "2016-07-21T13:50:32.955Z", + "fw_ext_event": 2030, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_interface": 3, + "initiator_octets": 81, + "observation_time_milliseconds": "2016-07-21T13:50:33.185Z", + "post_napt_destination_transport_port": 80, + "post_napt_source_transport_port": 61773, + "post_nat_destination_ipv4_address": "192.168.0.17", + "post_nat_source_ipv4_address": "192.168.0.2", + "protocol_identifier": 6, + "responder_octets": 5536, + "source_ipv4_address": "192.168.0.2", + "source_transport_port": 61773, + "type": "netflow_flow" + }, + "network": { + "bytes": 5617, + "community_id": "1:8hx//bjfEFu4sYomYN8bh9DeMaQ=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 81, + "ip": "192.168.0.2", + "locality": "private", + "port": 61773 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:50:37Z", + "Meta": null, + "Fields": { + "destination": { + "bytes": 5536, + "ip": "192.168.0.17", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:50:37Z", + "kind": "event" + }, + "flow": { + "id": "lfYzCmoZgqo", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 80, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-07-21T13:50:37Z", + "uptime_millis": 739410190, + "version": 9 + }, + "firewall_event": 2, + "flow_id": 742819707, + "flow_start_milliseconds": "2016-07-21T13:50:32.955Z", + "fw_ext_event": 2030, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_interface": 3, + "initiator_octets": 81, + "observation_time_milliseconds": "2016-07-21T13:50:33.185Z", + "post_napt_destination_transport_port": 80, + "post_napt_source_transport_port": 61773, + "post_nat_destination_ipv4_address": "192.168.0.17", + "post_nat_source_ipv4_address": "192.168.0.2", + "protocol_identifier": 6, + "responder_octets": 5536, + "source_ipv4_address": "192.168.0.2", + "source_transport_port": 61773, + "type": "netflow_flow" + }, + "network": { + "bytes": 5617, + "community_id": "1:8hx//bjfEFu4sYomYN8bh9DeMaQ=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 81, + "ip": "192.168.0.2", + "locality": "private", + "port": 61773 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:50:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.18", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:50:37Z", + "kind": "event" + }, + "flow": { + "id": "_9ahEyFsD94", + "locality": "private" + }, + "netflow": { + "asa_username": "", + "destination_ipv4_address": "192.168.0.18", + "destination_transport_port": 80, + "egress_acl_id": "00000000-00000000-00000000", + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-07-21T13:50:37Z", + "uptime_millis": 739410190, + "version": 9 + }, + "firewall_event": 1, + "flow_id": 742819773, + "flow_start_milliseconds": "2016-07-21T13:50:33.385Z", + "fw_ext_event": 0, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_acl_id": "3edcde49-0aa62ac3-a8a2a76b", + "ingress_interface": 3, + "observation_time_milliseconds": "2016-07-21T13:50:33.385Z", + "post_napt_destination_transport_port": 80, + "post_napt_source_transport_port": 56649, + "post_nat_destination_ipv4_address": "192.168.0.18", + "post_nat_source_ipv4_address": "192.168.0.1", + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 56649, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:IZ8RrSqt8oeb2F2Rp9296zm54bc=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "192.168.0.1", + "locality": "private", + "port": 56649 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:50:37Z", + "Meta": null, + "Fields": { + "destination": { + "bytes": 14179, + "ip": "192.168.0.18", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:50:37Z", + "kind": "event" + }, + "flow": { + "id": "_9ahEyFsD94", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.18", + "destination_transport_port": 80, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-07-21T13:50:37Z", + "uptime_millis": 739410190, + "version": 9 + }, + "firewall_event": 5, + "flow_id": 742819773, + "flow_start_milliseconds": "2016-07-21T13:50:33.385Z", + "fw_ext_event": 2030, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_interface": 3, + "initiator_octets": 69, + "observation_time_milliseconds": "2016-07-21T13:50:33.475Z", + "post_napt_destination_transport_port": 80, + "post_napt_source_transport_port": 56649, + "post_nat_destination_ipv4_address": "192.168.0.18", + "post_nat_source_ipv4_address": "192.168.0.1", + "protocol_identifier": 6, + "responder_octets": 14179, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 56649, + "type": "netflow_flow" + }, + "network": { + "bytes": 14248, + "community_id": "1:IZ8RrSqt8oeb2F2Rp9296zm54bc=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 69, + "ip": "192.168.0.1", + "locality": "private", + "port": 56649 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:50:37Z", + "Meta": null, + "Fields": { + "destination": { + "bytes": 14179, + "ip": "192.168.0.18", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:50:37Z", + "kind": "event" + }, + "flow": { + "id": "_9ahEyFsD94", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.18", + "destination_transport_port": 80, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-07-21T13:50:37Z", + "uptime_millis": 739410190, + "version": 9 + }, + "firewall_event": 2, + "flow_id": 742819773, + "flow_start_milliseconds": "2016-07-21T13:50:33.385Z", + "fw_ext_event": 2030, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_interface": 3, + "initiator_octets": 69, + "observation_time_milliseconds": "2016-07-21T13:50:33.475Z", + "post_napt_destination_transport_port": 80, + "post_napt_source_transport_port": 56649, + "post_nat_destination_ipv4_address": "192.168.0.18", + "post_nat_source_ipv4_address": "192.168.0.1", + "protocol_identifier": 6, + "responder_octets": 14179, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 56649, + "type": "netflow_flow" + }, + "network": { + "bytes": 14248, + "community_id": "1:IZ8RrSqt8oeb2F2Rp9296zm54bc=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 69, + "ip": "192.168.0.1", + "locality": "private", + "port": 56649 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:50:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.17", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:50:37Z", + "kind": "event" + }, + "flow": { + "id": "bnG6S7DUlEE", + "locality": "private" + }, + "netflow": { + "asa_username": "", + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 80, + "egress_acl_id": "00000000-00000000-00000000", + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-07-21T13:50:37Z", + "uptime_millis": 739410190, + "version": 9 + }, + "firewall_event": 1, + "flow_id": 742820025, + "flow_start_milliseconds": "2016-07-21T13:50:35.035Z", + "fw_ext_event": 0, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_acl_id": "3edcde49-0aa62ac3-56e8512e", + "ingress_interface": 3, + "observation_time_milliseconds": "2016-07-21T13:50:35.035Z", + "post_napt_destination_transport_port": 80, + "post_napt_source_transport_port": 61777, + "post_nat_destination_ipv4_address": "192.168.0.17", + "post_nat_source_ipv4_address": "192.168.0.2", + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.2", + "source_transport_port": 61777, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:E1vNamQGw5X+X+vT1g7ui6Nc3O0=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "192.168.0.2", + "locality": "private", + "port": 61777 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:50:37Z", + "Meta": null, + "Fields": { + "destination": { + "bytes": 14178, + "ip": "192.168.0.17", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:50:37Z", + "kind": "event" + }, + "flow": { + "id": "bnG6S7DUlEE", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 80, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-07-21T13:50:37Z", + "uptime_millis": 739410190, + "version": 9 + }, + "firewall_event": 5, + "flow_id": 742820025, + "flow_start_milliseconds": "2016-07-21T13:50:35.035Z", + "fw_ext_event": 2030, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_interface": 3, + "initiator_octets": 69, + "observation_time_milliseconds": "2016-07-21T13:50:35.125Z", + "post_napt_destination_transport_port": 80, + "post_napt_source_transport_port": 61777, + "post_nat_destination_ipv4_address": "192.168.0.17", + "post_nat_source_ipv4_address": "192.168.0.2", + "protocol_identifier": 6, + "responder_octets": 14178, + "source_ipv4_address": "192.168.0.2", + "source_transport_port": 61777, + "type": "netflow_flow" + }, + "network": { + "bytes": 14247, + "community_id": "1:E1vNamQGw5X+X+vT1g7ui6Nc3O0=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 69, + "ip": "192.168.0.2", + "locality": "private", + "port": 61777 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:50:37Z", + "Meta": null, + "Fields": { + "destination": { + "bytes": 14178, + "ip": "192.168.0.17", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:50:37Z", + "kind": "event" + }, + "flow": { + "id": "bnG6S7DUlEE", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 80, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-07-21T13:50:37Z", + "uptime_millis": 739410190, + "version": 9 + }, + "firewall_event": 2, + "flow_id": 742820025, + "flow_start_milliseconds": "2016-07-21T13:50:35.035Z", + "fw_ext_event": 2030, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_interface": 3, + "initiator_octets": 69, + "observation_time_milliseconds": "2016-07-21T13:50:35.125Z", + "post_napt_destination_transport_port": 80, + "post_napt_source_transport_port": 61777, + "post_nat_destination_ipv4_address": "192.168.0.17", + "post_nat_source_ipv4_address": "192.168.0.2", + "protocol_identifier": 6, + "responder_octets": 14178, + "source_ipv4_address": "192.168.0.2", + "source_transport_port": 61777, + "type": "netflow_flow" + }, + "network": { + "bytes": 14247, + "community_id": "1:E1vNamQGw5X+X+vT1g7ui6Nc3O0=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 69, + "ip": "192.168.0.2", + "locality": "private", + "port": 61777 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:50:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.17", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:50:37Z", + "kind": "event" + }, + "flow": { + "id": "wuMbsS0oTj4", + "locality": "private" + }, + "netflow": { + "asa_username": "", + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 80, + "egress_acl_id": "00000000-00000000-00000000", + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-07-21T13:50:37Z", + "uptime_millis": 739410190, + "version": 9 + }, + "firewall_event": 1, + "flow_id": 742820153, + "flow_start_milliseconds": "2016-07-21T13:50:35.785Z", + "fw_ext_event": 0, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_acl_id": "3edcde49-0aa62ac3-56e8512e", + "ingress_interface": 3, + "observation_time_milliseconds": "2016-07-21T13:50:35.785Z", + "post_napt_destination_transport_port": 80, + "post_napt_source_transport_port": 56650, + "post_nat_destination_ipv4_address": "192.168.0.17", + "post_nat_source_ipv4_address": "192.168.0.1", + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 56650, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:pkwcoe/zjCLerUgj+HGAwwt4wV8=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "192.168.0.1", + "locality": "private", + "port": 56650 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:50:37Z", + "Meta": null, + "Fields": { + "destination": { + "bytes": 881, + "ip": "192.168.0.17", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:50:37Z", + "kind": "event" + }, + "flow": { + "id": "wuMbsS0oTj4", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 80, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-07-21T13:50:37Z", + "uptime_millis": 739410190, + "version": 9 + }, + "firewall_event": 5, + "flow_id": 742820153, + "flow_start_milliseconds": "2016-07-21T13:50:35.785Z", + "fw_ext_event": 2030, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_interface": 3, + "initiator_octets": 75, + "observation_time_milliseconds": "2016-07-21T13:50:35.925Z", + "post_napt_destination_transport_port": 80, + "post_napt_source_transport_port": 56650, + "post_nat_destination_ipv4_address": "192.168.0.17", + "post_nat_source_ipv4_address": "192.168.0.1", + "protocol_identifier": 6, + "responder_octets": 881, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 56650, + "type": "netflow_flow" + }, + "network": { + "bytes": 956, + "community_id": "1:pkwcoe/zjCLerUgj+HGAwwt4wV8=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 75, + "ip": "192.168.0.1", + "locality": "private", + "port": 56650 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:50:37Z", + "Meta": null, + "Fields": { + "destination": { + "bytes": 881, + "ip": "192.168.0.17", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:50:37Z", + "kind": "event" + }, + "flow": { + "id": "wuMbsS0oTj4", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.17", + "destination_transport_port": 80, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-07-21T13:50:37Z", + "uptime_millis": 739410190, + "version": 9 + }, + "firewall_event": 2, + "flow_id": 742820153, + "flow_start_milliseconds": "2016-07-21T13:50:35.785Z", + "fw_ext_event": 2030, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_interface": 3, + "initiator_octets": 75, + "observation_time_milliseconds": "2016-07-21T13:50:35.925Z", + "post_napt_destination_transport_port": 80, + "post_napt_source_transport_port": 56650, + "post_nat_destination_ipv4_address": "192.168.0.17", + "post_nat_source_ipv4_address": "192.168.0.1", + "protocol_identifier": 6, + "responder_octets": 881, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 56650, + "type": "netflow_flow" + }, + "network": { + "bytes": 956, + "community_id": "1:pkwcoe/zjCLerUgj+HGAwwt4wV8=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 75, + "ip": "192.168.0.1", + "locality": "private", + "port": 56650 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:50:37Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.18", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:50:37Z", + "kind": "event" + }, + "flow": { + "id": "geQD5O-NWw8", + "locality": "private" + }, + "netflow": { + "asa_username": "", + "destination_ipv4_address": "192.168.0.18", + "destination_transport_port": 80, + "egress_acl_id": "00000000-00000000-00000000", + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-07-21T13:50:37Z", + "uptime_millis": 739410190, + "version": 9 + }, + "firewall_event": 1, + "flow_id": 742820223, + "flow_start_milliseconds": "2016-07-21T13:50:36.395Z", + "fw_ext_event": 0, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_acl_id": "3edcde49-0aa62ac3-a8a2a76b", + "ingress_interface": 3, + "observation_time_milliseconds": "2016-07-21T13:50:36.395Z", + "post_napt_destination_transport_port": 80, + "post_napt_source_transport_port": 56651, + "post_nat_destination_ipv4_address": "192.168.0.18", + "post_nat_source_ipv4_address": "192.168.0.1", + "protocol_identifier": 6, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 56651, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:35/w0D/WO1QvBp8O+Vd95Nb+tt4=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "192.168.0.1", + "locality": "private", + "port": 56651 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:50:37Z", + "Meta": null, + "Fields": { + "destination": { + "bytes": 14178, + "ip": "192.168.0.18", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:50:37Z", + "kind": "event" + }, + "flow": { + "id": "geQD5O-NWw8", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.18", + "destination_transport_port": 80, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-07-21T13:50:37Z", + "uptime_millis": 739410190, + "version": 9 + }, + "firewall_event": 5, + "flow_id": 742820223, + "flow_start_milliseconds": "2016-07-21T13:50:36.395Z", + "fw_ext_event": 2030, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_interface": 3, + "initiator_octets": 69, + "observation_time_milliseconds": "2016-07-21T13:50:36.495Z", + "post_napt_destination_transport_port": 80, + "post_napt_source_transport_port": 56651, + "post_nat_destination_ipv4_address": "192.168.0.18", + "post_nat_source_ipv4_address": "192.168.0.1", + "protocol_identifier": 6, + "responder_octets": 14178, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 56651, + "type": "netflow_flow" + }, + "network": { + "bytes": 14247, + "community_id": "1:35/w0D/WO1QvBp8O+Vd95Nb+tt4=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 69, + "ip": "192.168.0.1", + "locality": "private", + "port": 56651 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-07-21T13:50:37Z", + "Meta": null, + "Fields": { + "destination": { + "bytes": 14178, + "ip": "192.168.0.18", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-07-21T13:50:37Z", + "kind": "event" + }, + "flow": { + "id": "geQD5O-NWw8", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.18", + "destination_transport_port": 80, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-07-21T13:50:37Z", + "uptime_millis": 739410190, + "version": 9 + }, + "firewall_event": 2, + "flow_id": 742820223, + "flow_start_milliseconds": "2016-07-21T13:50:36.395Z", + "fw_ext_event": 2030, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_interface": 3, + "initiator_octets": 69, + "observation_time_milliseconds": "2016-07-21T13:50:36.495Z", + "post_napt_destination_transport_port": 80, + "post_napt_source_transport_port": 56651, + "post_nat_destination_ipv4_address": "192.168.0.18", + "post_nat_source_ipv4_address": "192.168.0.1", + "protocol_identifier": 6, + "responder_octets": 14178, + "source_ipv4_address": "192.168.0.1", + "source_transport_port": 56651, + "type": "netflow_flow" + }, + "network": { + "bytes": 14247, + "community_id": "1:35/w0D/WO1QvBp8O+Vd95Nb+tt4=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 69, + "ip": "192.168.0.1", + "locality": "private", + "port": 56651 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-ASA.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-ASA.golden.json new file mode 100644 index 00000000000..df4f450fbc3 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-ASA.golden.json @@ -0,0 +1,999 @@ +{ + "test_name": "Netflow 9 Cisco ASA", + "events": [ + { + "Timestamp": "2015-10-09T09:47:51Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "2.2.2.11", + "locality": "public", + "port": 17549 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-09T09:47:51Z", + "kind": "event" + }, + "flow": { + "id": "5JpExP8VeSU", + "locality": "public" + }, + "netflow": { + "asa_fw_event": 2, + "asa_username": "", + "asa_xlate_dst_addr_ipv4": "2.2.2.11", + "asa_xlate_dst_port": 17549, + "asa_xlate_src_addr_ipv4": "192.168.14.1", + "asa_xlate_src_port": 0, + "destination_ipv4_address": "2.2.2.11", + "destination_transport_port": 17549, + "egress_acl_id": "00000000-00000000-00000000", + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-09T09:47:51Z", + "uptime_millis": 2064637, + "version": 9 + }, + "flow_id": 8500, + "flow_start_milliseconds": "2015-10-09T09:47:47.569Z", + "fw_ext_event": 2025, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_acl_id": "0f8e7ff3-fc1a030f-00000000", + "ingress_interface": 3, + "observation_time_milliseconds": "2015-10-09T09:47:49.599Z", + "octet_total_count": 56, + "protocol_identifier": 1, + "source_ipv4_address": "192.168.14.1", + "source_transport_port": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 56, + "community_id": "1:myH1DIuDZe/vHHCWbrfgfAthgew=", + "direction": "unknown", + "iana_number": 1, + "transport": "icmp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 56, + "ip": "192.168.14.1", + "locality": "private", + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-09T09:47:51Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "164.164.37.11", + "locality": "public", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-09T09:47:51Z", + "kind": "event" + }, + "flow": { + "id": "MSQgezzAYh0", + "locality": "public" + }, + "netflow": { + "asa_fw_event": 2, + "asa_username": "", + "asa_xlate_dst_addr_ipv4": "164.164.37.11", + "asa_xlate_dst_port": 0, + "asa_xlate_src_addr_ipv4": "192.168.23.22", + "asa_xlate_src_port": 17549, + "destination_ipv4_address": "164.164.37.11", + "destination_transport_port": 0, + "egress_acl_id": "00000000-00000000-00000000", + "egress_interface": 3, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-09T09:47:51Z", + "uptime_millis": 2064637, + "version": 9 + }, + "flow_id": 8501, + "flow_start_milliseconds": "2015-10-09T09:47:48.169Z", + "fw_ext_event": 2025, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 8, + "ingress_acl_id": "0f8e7ff3-fc1a030f-00000000", + "ingress_interface": 2, + "observation_time_milliseconds": "2015-10-09T09:47:50.179Z", + "octet_total_count": 56, + "protocol_identifier": 1, + "source_ipv4_address": "192.168.23.22", + "source_transport_port": 17549, + "type": "netflow_flow" + }, + "network": { + "bytes": 56, + "community_id": "1:V7bWHU0GRcqdysY463DKjFqxvKI=", + "direction": "unknown", + "iana_number": 1, + "transport": "icmp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 56, + "ip": "192.168.23.22", + "locality": "private", + "port": 17549 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-09T09:47:51Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.23.22", + "locality": "private", + "port": 17549 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-09T09:47:51Z", + "kind": "event" + }, + "flow": { + "id": "MSQgezzAYh0", + "locality": "public" + }, + "netflow": { + "asa_fw_event": 2, + "asa_username": "", + "asa_xlate_dst_addr_ipv4": "192.168.23.22", + "asa_xlate_dst_port": 17549, + "asa_xlate_src_addr_ipv4": "164.164.37.11", + "asa_xlate_src_port": 0, + "destination_ipv4_address": "192.168.23.22", + "destination_transport_port": 17549, + "egress_acl_id": "00000000-00000000-00000000", + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-09T09:47:51Z", + "uptime_millis": 2064637, + "version": 9 + }, + "flow_id": 8502, + "flow_start_milliseconds": "2015-10-09T09:47:48.179Z", + "fw_ext_event": 2025, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_acl_id": "0f8e7ff3-fc1a030f-00000000", + "ingress_interface": 3, + "observation_time_milliseconds": "2015-10-09T09:47:50.219Z", + "octet_total_count": 56, + "protocol_identifier": 1, + "source_ipv4_address": "164.164.37.11", + "source_transport_port": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 56, + "community_id": "1:2DYf0o1HOtKayoor66sl7Vub2Oo=", + "direction": "unknown", + "iana_number": 1, + "transport": "icmp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 56, + "ip": "164.164.37.11", + "locality": "public", + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-09T09:47:51Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "164.164.37.11", + "locality": "public", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-09T09:47:51Z", + "kind": "event" + }, + "flow": { + "id": "ioGVEAJtaEQ", + "locality": "public" + }, + "netflow": { + "asa_fw_event": 2, + "asa_username": "", + "asa_xlate_dst_addr_ipv4": "164.164.37.11", + "asa_xlate_dst_port": 0, + "asa_xlate_src_addr_ipv4": "192.168.23.20", + "asa_xlate_src_port": 17805, + "destination_ipv4_address": "164.164.37.11", + "destination_transport_port": 0, + "egress_acl_id": "00000000-00000000-00000000", + "egress_interface": 3, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-09T09:47:51Z", + "uptime_millis": 2064637, + "version": 9 + }, + "flow_id": 8503, + "flow_start_milliseconds": "2015-10-09T09:47:48.399Z", + "fw_ext_event": 2025, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 8, + "ingress_acl_id": "0f8e7ff3-fc1a030f-00000000", + "ingress_interface": 2, + "observation_time_milliseconds": "2015-10-09T09:47:50.419Z", + "octet_total_count": 56, + "protocol_identifier": 1, + "source_ipv4_address": "192.168.23.20", + "source_transport_port": 17805, + "type": "netflow_flow" + }, + "network": { + "bytes": 56, + "community_id": "1:Zjs1q5mpf5QMXR1tU6wLZdnMtdA=", + "direction": "unknown", + "iana_number": 1, + "transport": "icmp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 56, + "ip": "192.168.23.20", + "locality": "private", + "port": 17805 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-09T09:47:51Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.23.20", + "locality": "private", + "port": 17805 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-09T09:47:51Z", + "kind": "event" + }, + "flow": { + "id": "ioGVEAJtaEQ", + "locality": "public" + }, + "netflow": { + "asa_fw_event": 2, + "asa_username": "", + "asa_xlate_dst_addr_ipv4": "192.168.23.20", + "asa_xlate_dst_port": 17805, + "asa_xlate_src_addr_ipv4": "164.164.37.11", + "asa_xlate_src_port": 0, + "destination_ipv4_address": "192.168.23.20", + "destination_transport_port": 17805, + "egress_acl_id": "00000000-00000000-00000000", + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-09T09:47:51Z", + "uptime_millis": 2064637, + "version": 9 + }, + "flow_id": 8504, + "flow_start_milliseconds": "2015-10-09T09:47:48.409Z", + "fw_ext_event": 2025, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_acl_id": "0f8e7ff3-fc1a030f-00000000", + "ingress_interface": 3, + "observation_time_milliseconds": "2015-10-09T09:47:50.429Z", + "octet_total_count": 56, + "protocol_identifier": 1, + "source_ipv4_address": "164.164.37.11", + "source_transport_port": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 56, + "community_id": "1:WNySyMxsWxABzgjoEp5ntzEwEgk=", + "direction": "unknown", + "iana_number": 1, + "transport": "icmp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 56, + "ip": "164.164.37.11", + "locality": "public", + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-09T09:47:51Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "2.2.2.11", + "locality": "public", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-09T09:47:51Z", + "kind": "event" + }, + "flow": { + "id": "0xqELVtMeog", + "locality": "public" + }, + "netflow": { + "asa_fw_event": 2, + "asa_username": "", + "asa_xlate_dst_addr_ipv4": "2.2.2.11", + "asa_xlate_dst_port": 0, + "asa_xlate_src_addr_ipv4": "192.168.14.11", + "asa_xlate_src_port": 17805, + "destination_ipv4_address": "2.2.2.11", + "destination_transport_port": 0, + "egress_acl_id": "00000000-00000000-00000000", + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-09T09:47:51Z", + "uptime_millis": 2064637, + "version": 9 + }, + "flow_id": 8505, + "flow_start_milliseconds": "2015-10-09T09:47:48.589Z", + "fw_ext_event": 2025, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 8, + "ingress_acl_id": "0f8e7ff3-fc1a030f-00000000", + "ingress_interface": 3, + "observation_time_milliseconds": "2015-10-09T09:47:50.619Z", + "octet_total_count": 56, + "protocol_identifier": 1, + "source_ipv4_address": "192.168.14.11", + "source_transport_port": 17805, + "type": "netflow_flow" + }, + "network": { + "bytes": 56, + "community_id": "1:PuujUZZmIcmzKkqujVxq5IpNdeM=", + "direction": "unknown", + "iana_number": 1, + "transport": "icmp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 56, + "ip": "192.168.14.11", + "locality": "private", + "port": 17805 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-09T09:47:51Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.14.11", + "locality": "private", + "port": 17805 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-09T09:47:51Z", + "kind": "event" + }, + "flow": { + "id": "0xqELVtMeog", + "locality": "public" + }, + "netflow": { + "asa_fw_event": 2, + "asa_username": "", + "asa_xlate_dst_addr_ipv4": "192.168.14.11", + "asa_xlate_dst_port": 17805, + "asa_xlate_src_addr_ipv4": "2.2.2.11", + "asa_xlate_src_port": 0, + "destination_ipv4_address": "192.168.14.11", + "destination_transport_port": 17805, + "egress_acl_id": "00000000-00000000-00000000", + "egress_interface": 3, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-09T09:47:51Z", + "uptime_millis": 2064637, + "version": 9 + }, + "flow_id": 8506, + "flow_start_milliseconds": "2015-10-09T09:47:48.599Z", + "fw_ext_event": 2025, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_acl_id": "0f8e7ff3-fc1a030f-00000000", + "ingress_interface": 2, + "observation_time_milliseconds": "2015-10-09T09:47:50.639Z", + "octet_total_count": 56, + "protocol_identifier": 1, + "source_ipv4_address": "2.2.2.11", + "source_transport_port": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 56, + "community_id": "1:8u4RQjZfNIm4syRFBIcBDWdPF1Y=", + "direction": "unknown", + "iana_number": 1, + "transport": "icmp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 56, + "ip": "2.2.2.11", + "locality": "public", + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-09T09:47:51Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.14.1", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-09T09:47:51Z", + "kind": "event" + }, + "flow": { + "id": "LA3WpK17LAw", + "locality": "public" + }, + "netflow": { + "asa_fw_event": 2, + "asa_username": "", + "asa_xlate_dst_addr_ipv4": "192.168.14.1", + "asa_xlate_dst_port": 0, + "asa_xlate_src_addr_ipv4": "2.2.2.11", + "asa_xlate_src_port": 17805, + "destination_ipv4_address": "192.168.14.1", + "destination_transport_port": 0, + "egress_acl_id": "00000000-00000000-00000000", + "egress_interface": 3, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-09T09:47:51Z", + "uptime_millis": 2064637, + "version": 9 + }, + "flow_id": 8507, + "flow_start_milliseconds": "2015-10-09T09:47:48.609Z", + "fw_ext_event": 2025, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 8, + "ingress_acl_id": "0f8e7ff3-fc1a030f-00000000", + "ingress_interface": 2, + "observation_time_milliseconds": "2015-10-09T09:47:50.639Z", + "octet_total_count": 56, + "protocol_identifier": 1, + "source_ipv4_address": "2.2.2.11", + "source_transport_port": 17805, + "type": "netflow_flow" + }, + "network": { + "bytes": 56, + "community_id": "1:4ynMlyrnyCCUUIBjD4py4iLgx6g=", + "direction": "unknown", + "iana_number": 1, + "transport": "icmp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 56, + "ip": "2.2.2.11", + "locality": "public", + "port": 17805 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-09T09:47:51Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "2.2.2.11", + "locality": "public", + "port": 17805 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-09T09:47:51Z", + "kind": "event" + }, + "flow": { + "id": "LA3WpK17LAw", + "locality": "public" + }, + "netflow": { + "asa_fw_event": 2, + "asa_username": "", + "asa_xlate_dst_addr_ipv4": "2.2.2.11", + "asa_xlate_dst_port": 17805, + "asa_xlate_src_addr_ipv4": "192.168.14.1", + "asa_xlate_src_port": 0, + "destination_ipv4_address": "2.2.2.11", + "destination_transport_port": 17805, + "egress_acl_id": "00000000-00000000-00000000", + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-09T09:47:51Z", + "uptime_millis": 2064637, + "version": 9 + }, + "flow_id": 8508, + "flow_start_milliseconds": "2015-10-09T09:47:48.619Z", + "fw_ext_event": 2025, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_acl_id": "0f8e7ff3-fc1a030f-00000000", + "ingress_interface": 3, + "observation_time_milliseconds": "2015-10-09T09:47:50.639Z", + "octet_total_count": 56, + "protocol_identifier": 1, + "source_ipv4_address": "192.168.14.1", + "source_transport_port": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 56, + "community_id": "1:myH1DIuDZe/vHHCWbrfgfAthgew=", + "direction": "unknown", + "iana_number": 1, + "transport": "icmp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 56, + "ip": "192.168.14.1", + "locality": "private", + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-09T09:47:51Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.23.1", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-09T09:47:51Z", + "kind": "event" + }, + "flow": { + "id": "tBFZO1WrQyk", + "locality": "public" + }, + "netflow": { + "asa_fw_event": 2, + "asa_username": "", + "asa_xlate_dst_addr_ipv4": "192.168.23.1", + "asa_xlate_dst_port": 0, + "asa_xlate_src_addr_ipv4": "164.164.37.11", + "asa_xlate_src_port": 0, + "destination_ipv4_address": "192.168.23.1", + "destination_transport_port": 0, + "egress_acl_id": "00000000-00000000-00000000", + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-09T09:47:51Z", + "uptime_millis": 2064637, + "version": 9 + }, + "flow_id": 8525, + "flow_start_milliseconds": "2015-10-09T09:47:51.269Z", + "fw_ext_event": 2016, + "icmp_code_ipv4": 3, + "icmp_type_ipv4": 3, + "ingress_acl_id": "0f8e7ff3-fc1a030f-00000000", + "ingress_interface": 3, + "observation_time_milliseconds": "2015-10-09T09:47:51.269Z", + "octet_total_count": 160, + "protocol_identifier": 1, + "source_ipv4_address": "164.164.37.11", + "source_transport_port": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 160, + "community_id": "1:R0zsc95RXUvk7jJdJGPDDw/ol88=", + "direction": "unknown", + "iana_number": 1, + "transport": "icmp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 160, + "ip": "164.164.37.11", + "locality": "public", + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-09T09:47:51Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "164.164.37.11", + "locality": "public", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-09T09:47:51Z", + "kind": "event" + }, + "flow": { + "id": "oil2JqFPSyE", + "locality": "public" + }, + "netflow": { + "asa_fw_event": 2, + "asa_username": "", + "asa_xlate_dst_addr_ipv4": "164.164.37.11", + "asa_xlate_dst_port": 0, + "asa_xlate_src_addr_ipv4": "192.168.23.22", + "asa_xlate_src_port": 18061, + "destination_ipv4_address": "164.164.37.11", + "destination_transport_port": 0, + "egress_acl_id": "00000000-00000000-00000000", + "egress_interface": 3, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-09T09:47:51Z", + "uptime_millis": 2064637, + "version": 9 + }, + "flow_id": 8509, + "flow_start_milliseconds": "2015-10-09T09:47:49.249Z", + "fw_ext_event": 2025, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 8, + "ingress_acl_id": "0f8e7ff3-fc1a030f-00000000", + "ingress_interface": 2, + "observation_time_milliseconds": "2015-10-09T09:47:51.269Z", + "octet_total_count": 56, + "protocol_identifier": 1, + "source_ipv4_address": "192.168.23.22", + "source_transport_port": 18061, + "type": "netflow_flow" + }, + "network": { + "bytes": 56, + "community_id": "1:V7bWHU0GRcqdysY463DKjFqxvKI=", + "direction": "unknown", + "iana_number": 1, + "transport": "icmp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 56, + "ip": "192.168.23.22", + "locality": "private", + "port": 18061 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-09T09:47:51Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.23.22", + "locality": "private", + "port": 18061 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-09T09:47:51Z", + "kind": "event" + }, + "flow": { + "id": "oil2JqFPSyE", + "locality": "public" + }, + "netflow": { + "asa_fw_event": 2, + "asa_username": "", + "asa_xlate_dst_addr_ipv4": "192.168.23.22", + "asa_xlate_dst_port": 18061, + "asa_xlate_src_addr_ipv4": "164.164.37.11", + "asa_xlate_src_port": 0, + "destination_ipv4_address": "192.168.23.22", + "destination_transport_port": 18061, + "egress_acl_id": "00000000-00000000-00000000", + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-09T09:47:51Z", + "uptime_millis": 2064637, + "version": 9 + }, + "flow_id": 8510, + "flow_start_milliseconds": "2015-10-09T09:47:49.259Z", + "fw_ext_event": 2025, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_acl_id": "0f8e7ff3-fc1a030f-00000000", + "ingress_interface": 3, + "observation_time_milliseconds": "2015-10-09T09:47:51.289Z", + "octet_total_count": 56, + "protocol_identifier": 1, + "source_ipv4_address": "164.164.37.11", + "source_transport_port": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 56, + "community_id": "1:2DYf0o1HOtKayoor66sl7Vub2Oo=", + "direction": "unknown", + "iana_number": 1, + "transport": "icmp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 56, + "ip": "164.164.37.11", + "locality": "public", + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-09T09:47:51Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "164.164.37.11", + "locality": "public", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-09T09:47:51Z", + "kind": "event" + }, + "flow": { + "id": "Pbk_o-xetL4", + "locality": "public" + }, + "netflow": { + "asa_fw_event": 2, + "asa_username": "", + "asa_xlate_dst_addr_ipv4": "164.164.37.11", + "asa_xlate_dst_port": 0, + "asa_xlate_src_addr_ipv4": "192.168.23.20", + "asa_xlate_src_port": 18061, + "destination_ipv4_address": "164.164.37.11", + "destination_transport_port": 0, + "egress_acl_id": "00000000-00000000-00000000", + "egress_interface": 3, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-09T09:47:51Z", + "uptime_millis": 2064637, + "version": 9 + }, + "flow_id": 8511, + "flow_start_milliseconds": "2015-10-09T09:47:49.469Z", + "fw_ext_event": 2025, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 8, + "ingress_acl_id": "0f8e7ff3-fc1a030f-00000000", + "ingress_interface": 2, + "observation_time_milliseconds": "2015-10-09T09:47:51.489Z", + "octet_total_count": 56, + "protocol_identifier": 1, + "source_ipv4_address": "192.168.23.20", + "source_transport_port": 18061, + "type": "netflow_flow" + }, + "network": { + "bytes": 56, + "community_id": "1:Zjs1q5mpf5QMXR1tU6wLZdnMtdA=", + "direction": "unknown", + "iana_number": 1, + "transport": "icmp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 56, + "ip": "192.168.23.20", + "locality": "private", + "port": 18061 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-09T09:47:51Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.23.20", + "locality": "private", + "port": 18061 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-09T09:47:51Z", + "kind": "event" + }, + "flow": { + "id": "Pbk_o-xetL4", + "locality": "public" + }, + "netflow": { + "asa_fw_event": 2, + "asa_username": "", + "asa_xlate_dst_addr_ipv4": "192.168.23.20", + "asa_xlate_dst_port": 18061, + "asa_xlate_src_addr_ipv4": "164.164.37.11", + "asa_xlate_src_port": 0, + "destination_ipv4_address": "192.168.23.20", + "destination_transport_port": 18061, + "egress_acl_id": "00000000-00000000-00000000", + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-09T09:47:51Z", + "uptime_millis": 2064637, + "version": 9 + }, + "flow_id": 8512, + "flow_start_milliseconds": "2015-10-09T09:47:49.479Z", + "fw_ext_event": 2025, + "icmp_code_ipv4": 0, + "icmp_type_ipv4": 0, + "ingress_acl_id": "0f8e7ff3-fc1a030f-00000000", + "ingress_interface": 3, + "observation_time_milliseconds": "2015-10-09T09:47:51.509Z", + "octet_total_count": 56, + "protocol_identifier": 1, + "source_ipv4_address": "164.164.37.11", + "source_transport_port": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 56, + "community_id": "1:WNySyMxsWxABzgjoEp5ntzEwEgk=", + "direction": "unknown", + "iana_number": 1, + "transport": "icmp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 56, + "ip": "164.164.37.11", + "locality": "public", + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-ASR-9000-series-options-template-256.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-ASR-9000-series-options-template-256.golden.json new file mode 100644 index 00000000000..bc346d8c98e --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-ASR-9000-series-options-template-256.golden.json @@ -0,0 +1,651 @@ +{ + "test_name": "Netflow 9 Cisco ASR 9000 series options template 256", + "events": [ + { + "Timestamp": "2016-12-06T10:09:48Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2016-12-06T10:09:48Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:48Z", + "uptime_millis": 1704794749, + "version": 9 + }, + "options": { + "ingress_interface": 74, + "interface_description": "TenGigE0_0_1_0" + }, + "scope": { + "octet_delta_count": 3250896451 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:48Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2016-12-06T10:09:48Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:48Z", + "uptime_millis": 1704794749, + "version": 9 + }, + "options": { + "ingress_interface": 75, + "interface_description": "TenGigE0_0_1_1" + }, + "scope": { + "octet_delta_count": 3250896451 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:48Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2016-12-06T10:09:48Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:48Z", + "uptime_millis": 1704794749, + "version": 9 + }, + "options": { + "ingress_interface": 76, + "interface_description": "TenGigE0_0_1_2" + }, + "scope": { + "octet_delta_count": 3250896451 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:48Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2016-12-06T10:09:48Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:48Z", + "uptime_millis": 1704794749, + "version": 9 + }, + "options": { + "ingress_interface": 54, + "interface_description": "GigabitEthernet0_0_0_0" + }, + "scope": { + "octet_delta_count": 3250896451 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:48Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2016-12-06T10:09:48Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:48Z", + "uptime_millis": 1704794749, + "version": 9 + }, + "options": { + "ingress_interface": 55, + "interface_description": "GigabitEthernet0_0_0_1" + }, + "scope": { + "octet_delta_count": 3250896451 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:48Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2016-12-06T10:09:48Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:48Z", + "uptime_millis": 1704794749, + "version": 9 + }, + "options": { + "ingress_interface": 56, + "interface_description": "GigabitEthernet0_0_0_2" + }, + "scope": { + "octet_delta_count": 3250896451 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:48Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2016-12-06T10:09:48Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:48Z", + "uptime_millis": 1704794749, + "version": 9 + }, + "options": { + "ingress_interface": 58, + "interface_description": "GigabitEthernet0_0_0_4" + }, + "scope": { + "octet_delta_count": 3250896451 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:48Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2016-12-06T10:09:48Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:48Z", + "uptime_millis": 1704794749, + "version": 9 + }, + "options": { + "ingress_interface": 59, + "interface_description": "GigabitEthernet0_0_0_5" + }, + "scope": { + "octet_delta_count": 3250896451 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:48Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2016-12-06T10:09:48Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:48Z", + "uptime_millis": 1704794749, + "version": 9 + }, + "options": { + "ingress_interface": 60, + "interface_description": "GigabitEthernet0_0_0_6" + }, + "scope": { + "octet_delta_count": 3250896451 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:48Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2016-12-06T10:09:48Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:48Z", + "uptime_millis": 1704794749, + "version": 9 + }, + "options": { + "ingress_interface": 66, + "interface_description": "GigabitEthernet0_0_0_12" + }, + "scope": { + "octet_delta_count": 3250896451 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:48Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2016-12-06T10:09:48Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:48Z", + "uptime_millis": 1704794749, + "version": 9 + }, + "options": { + "ingress_interface": 86, + "interface_description": "TenGigE0_1_0_0" + }, + "scope": { + "octet_delta_count": 3250896451 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:48Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2016-12-06T10:09:48Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:48Z", + "uptime_millis": 1704794749, + "version": 9 + }, + "options": { + "ingress_interface": 87, + "interface_description": "TenGigE0_1_0_1" + }, + "scope": { + "octet_delta_count": 3250896451 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:48Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2016-12-06T10:09:48Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:48Z", + "uptime_millis": 1704794749, + "version": 9 + }, + "options": { + "ingress_interface": 88, + "interface_description": "TenGigE0_1_0_2" + }, + "scope": { + "octet_delta_count": 3250896451 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:48Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2016-12-06T10:09:48Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:48Z", + "uptime_millis": 1704794749, + "version": 9 + }, + "options": { + "ingress_interface": 162, + "interface_description": "Bundle-Ether2" + }, + "scope": { + "octet_delta_count": 3250896451 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:48Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2016-12-06T10:09:48Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:48Z", + "uptime_millis": 1704794749, + "version": 9 + }, + "options": { + "ingress_interface": 110, + "interface_description": "TenGigE0_6_1_0" + }, + "scope": { + "octet_delta_count": 3250896451 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:48Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2016-12-06T10:09:48Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:48Z", + "uptime_millis": 1704794749, + "version": 9 + }, + "options": { + "ingress_interface": 111, + "interface_description": "TenGigE0_6_1_1" + }, + "scope": { + "octet_delta_count": 3250896451 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:48Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2016-12-06T10:09:48Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:48Z", + "uptime_millis": 1704794749, + "version": 9 + }, + "options": { + "ingress_interface": 102, + "interface_description": "TenGigE0_6_0_0" + }, + "scope": { + "octet_delta_count": 3250896451 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:48Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2016-12-06T10:09:48Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:48Z", + "uptime_millis": 1704794749, + "version": 9 + }, + "options": { + "ingress_interface": 103, + "interface_description": "TenGigE0_6_0_1" + }, + "scope": { + "octet_delta_count": 3250896451 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:48Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2016-12-06T10:09:48Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:48Z", + "uptime_millis": 1704794749, + "version": 9 + }, + "options": { + "ingress_interface": 104, + "interface_description": "TenGigE0_6_0_2" + }, + "scope": { + "octet_delta_count": 3250896451 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-ASR-9000-series-template-260.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-ASR-9000-series-template-260.golden.json new file mode 100644 index 00000000000..cf1ad940af8 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-ASR-9000-series-template-260.golden.json @@ -0,0 +1,1601 @@ +{ + "test_name": "Netflow 9 Cisco ASR 9000 series template 260", + "events": [ + { + "Timestamp": "2016-12-06T10:09:24Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.31.81", + "locality": "private", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-06T10:09:24Z", + "duration": 0, + "end": "2016-12-06T10:08:53.94Z", + "kind": "event", + "start": "2016-12-06T10:08:53.94Z" + }, + "flow": { + "id": "kkhtKjgAywQ", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 64496, + "bgp_next_hop_ipv4_address": "10.0.14.33", + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.0.31.81", + "destination_ipv4_prefix_length": 20, + "destination_transport_port": 443, + "egress_interface": 158, + "egress_vrfid": 1610612736, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:24Z", + "uptime_millis": 1704770673, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 1704740613, + "flow_start_sys_up_time": 1704740613, + "forwarding_status": 64, + "ingress_interface": 110, + "ingress_vrfid": 1610612736, + "ip_class_of_service": 0, + "octet_delta_count": 40, + "packet_delta_count": 1, + "protocol_identifier": 6, + "source_ipv4_address": "10.0.9.146", + "source_ipv4_prefix_length": 16, + "source_transport_port": 54017, + "tcp_control_bits": 16, + "type": "netflow_flow" + }, + "network": { + "bytes": 40, + "community_id": "1:jsUEjyoUL0jdew76Qup2cksJHew=", + "direction": "outbound", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 40, + "ip": "10.0.9.146", + "locality": "private", + "packets": 1, + "port": 54017 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:24Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.35.4", + "locality": "private", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-06T10:09:24Z", + "duration": 641000000, + "end": "2016-12-06T10:08:54.583Z", + "kind": "event", + "start": "2016-12-06T10:08:53.942Z" + }, + "flow": { + "id": "4su7p2nlyno", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 64496, + "bgp_next_hop_ipv4_address": "10.0.14.33", + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.0.35.4", + "destination_ipv4_prefix_length": 16, + "destination_transport_port": 443, + "egress_interface": 158, + "egress_vrfid": 1610612736, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:24Z", + "uptime_millis": 1704770673, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 1704741256, + "flow_start_sys_up_time": 1704740615, + "forwarding_status": 64, + "ingress_interface": 87, + "ingress_vrfid": 1610612736, + "ip_class_of_service": 0, + "octet_delta_count": 104, + "packet_delta_count": 2, + "protocol_identifier": 6, + "source_ipv4_address": "10.0.17.42", + "source_ipv4_prefix_length": 21, + "source_transport_port": 36484, + "tcp_control_bits": 16, + "type": "netflow_flow" + }, + "network": { + "bytes": 104, + "community_id": "1:yB9jVpYE9MA16LwjBHB/JxibmlM=", + "direction": "outbound", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 104, + "ip": "10.0.17.42", + "locality": "private", + "packets": 2, + "port": 36484 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:24Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.34.141", + "locality": "private", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-06T10:09:24Z", + "duration": 0, + "end": "2016-12-06T10:08:53.945Z", + "kind": "event", + "start": "2016-12-06T10:08:53.945Z" + }, + "flow": { + "id": "mfb1_zWayo4", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 64496, + "bgp_next_hop_ipv4_address": "10.0.14.33", + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.0.34.141", + "destination_ipv4_prefix_length": 16, + "destination_transport_port": 443, + "egress_interface": 158, + "egress_vrfid": 1610612736, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:24Z", + "uptime_millis": 1704770673, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 1704740618, + "flow_start_sys_up_time": 1704740618, + "forwarding_status": 64, + "ingress_interface": 104, + "ingress_vrfid": 1610612736, + "ip_class_of_service": 0, + "octet_delta_count": 52, + "packet_delta_count": 1, + "protocol_identifier": 6, + "source_ipv4_address": "10.0.22.111", + "source_ipv4_prefix_length": 24, + "source_transport_port": 16814, + "tcp_control_bits": 17, + "type": "netflow_flow" + }, + "network": { + "bytes": 52, + "community_id": "1:j/VhXzMy3OPka3ZzEYmVN3xFg8A=", + "direction": "outbound", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 52, + "ip": "10.0.22.111", + "locality": "private", + "packets": 1, + "port": 16814 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:24Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.36.170", + "locality": "private", + "port": 64812 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-06T10:09:24Z", + "duration": 0, + "end": "2016-12-06T10:08:53.947Z", + "kind": "event", + "start": "2016-12-06T10:08:53.947Z" + }, + "flow": { + "id": "jKhffDbQq0o", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 64497, + "bgp_next_hop_ipv4_address": "10.0.14.31", + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.0.36.170", + "destination_ipv4_prefix_length": 19, + "destination_transport_port": 64812, + "egress_interface": 158, + "egress_vrfid": 1610612736, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:24Z", + "uptime_millis": 1704770673, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 1704740620, + "flow_start_sys_up_time": 1704740620, + "forwarding_status": 64, + "ingress_interface": 86, + "ingress_vrfid": 1610612736, + "ip_class_of_service": 0, + "octet_delta_count": 435, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "10.0.23.59", + "source_ipv4_prefix_length": 25, + "source_transport_port": 53, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 435, + "community_id": "1:V29ruuyp06iZ1oJ8bxJlJiyOfIE=", + "direction": "outbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 435, + "ip": "10.0.23.59", + "locality": "private", + "packets": 1, + "port": 53 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:24Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.20.242", + "locality": "private", + "port": 2013 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-06T10:09:24Z", + "duration": 0, + "end": "2016-12-06T10:08:53.948Z", + "kind": "event", + "start": "2016-12-06T10:08:53.948Z" + }, + "flow": { + "id": "5siGD7iCzo4", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 65442, + "bgp_next_hop_ipv4_address": "10.0.18.5", + "bgp_source_as_number": 64496, + "destination_ipv4_address": "10.0.20.242", + "destination_ipv4_prefix_length": 21, + "destination_transport_port": 2013, + "egress_interface": 106, + "egress_vrfid": 1610612736, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:24Z", + "uptime_millis": 1704770673, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 1704740621, + "flow_start_sys_up_time": 1704740621, + "forwarding_status": 64, + "ingress_interface": 158, + "ingress_vrfid": 1610612736, + "ip_class_of_service": 0, + "octet_delta_count": 969, + "packet_delta_count": 1, + "protocol_identifier": 6, + "source_ipv4_address": "10.0.34.71", + "source_ipv4_prefix_length": 16, + "source_transport_port": 443, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 969, + "community_id": "1:BfHR+tAWSW/SqM1Bpdnquzk4AaY=", + "direction": "inbound", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 969, + "ip": "10.0.34.71", + "locality": "private", + "packets": 1, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:24Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.30.102", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-06T10:09:24Z", + "duration": 83000000, + "end": "2016-12-06T10:08:53.948Z", + "kind": "event", + "start": "2016-12-06T10:08:53.865Z" + }, + "flow": { + "id": "IyuegsSri_U", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 64496, + "bgp_next_hop_ipv4_address": "10.0.14.33", + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.0.30.102", + "destination_ipv4_prefix_length": 16, + "destination_transport_port": 80, + "egress_interface": 158, + "egress_vrfid": 1610612736, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:24Z", + "uptime_millis": 1704770673, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 1704740621, + "flow_start_sys_up_time": 1704740538, + "forwarding_status": 64, + "ingress_interface": 110, + "ingress_vrfid": 1610612736, + "ip_class_of_service": 0, + "octet_delta_count": 104, + "packet_delta_count": 2, + "protocol_identifier": 6, + "source_ipv4_address": "10.0.10.133", + "source_ipv4_prefix_length": 16, + "source_transport_port": 35273, + "tcp_control_bits": 16, + "type": "netflow_flow" + }, + "network": { + "bytes": 104, + "community_id": "1:55fPsAgheYzGZEIJDB/aG35LT7A=", + "direction": "outbound", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 104, + "ip": "10.0.10.133", + "locality": "private", + "packets": 2, + "port": 35273 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:24Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.6.24", + "locality": "private", + "port": 56771 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-06T10:09:24Z", + "duration": 0, + "end": "2016-12-06T10:08:53.951Z", + "kind": "event", + "start": "2016-12-06T10:08:53.951Z" + }, + "flow": { + "id": "9JGzjsOdNi4", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 65431, + "bgp_next_hop_ipv4_address": "10.0.0.242", + "bgp_source_as_number": 15133, + "destination_ipv4_address": "10.0.6.24", + "destination_ipv4_prefix_length": 16, + "destination_transport_port": 56771, + "egress_interface": 162, + "egress_vrfid": 1610612736, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:24Z", + "uptime_millis": 1704770673, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 1704740624, + "flow_start_sys_up_time": 1704740624, + "forwarding_status": 64, + "ingress_interface": 102, + "ingress_vrfid": 1610612736, + "ip_class_of_service": 32, + "octet_delta_count": 52, + "packet_delta_count": 1, + "protocol_identifier": 6, + "source_ipv4_address": "10.0.37.29", + "source_ipv4_prefix_length": 24, + "source_transport_port": 80, + "tcp_control_bits": 16, + "type": "netflow_flow" + }, + "network": { + "bytes": 52, + "community_id": "1:bN7/YptkJDb0iDXbR5ZC9+2pQ+M=", + "direction": "inbound", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 52, + "ip": "10.0.37.29", + "locality": "private", + "packets": 1, + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:24Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.11.113", + "locality": "private", + "port": 56830 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-06T10:09:24Z", + "duration": 0, + "end": "2016-12-06T10:08:53.951Z", + "kind": "event", + "start": "2016-12-06T10:08:53.951Z" + }, + "flow": { + "id": "Y3aiAEAjjys", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 65432, + "bgp_next_hop_ipv4_address": "10.0.18.105", + "bgp_source_as_number": 64496, + "destination_ipv4_address": "10.0.11.113", + "destination_ipv4_prefix_length": 16, + "destination_transport_port": 56830, + "egress_interface": 46, + "egress_vrfid": 1610612736, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:24Z", + "uptime_millis": 1704770673, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 1704740624, + "flow_start_sys_up_time": 1704740624, + "forwarding_status": 64, + "ingress_interface": 158, + "ingress_vrfid": 1610612736, + "ip_class_of_service": 0, + "octet_delta_count": 614, + "packet_delta_count": 1, + "protocol_identifier": 6, + "source_ipv4_address": "10.0.32.176", + "source_ipv4_prefix_length": 20, + "source_transport_port": 443, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 614, + "community_id": "1:VwFIN943tEznAwHJLDmQwQ4IrWc=", + "direction": "inbound", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 614, + "ip": "10.0.32.176", + "locality": "private", + "packets": 1, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:24Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.15.38", + "locality": "private", + "port": 40078 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-06T10:09:24Z", + "duration": 5418000000, + "end": "2016-12-06T10:08:53.952Z", + "kind": "event", + "start": "2016-12-06T10:08:48.534Z" + }, + "flow": { + "id": "sC3kzwxISec", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 64498, + "bgp_next_hop_ipv4_address": "10.0.14.27", + "bgp_source_as_number": 32934, + "destination_ipv4_address": "10.0.15.38", + "destination_ipv4_prefix_length": 24, + "destination_transport_port": 40078, + "egress_interface": 158, + "egress_vrfid": 1610612736, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:24Z", + "uptime_millis": 1704770673, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 1704740625, + "flow_start_sys_up_time": 1704735207, + "forwarding_status": 64, + "ingress_interface": 87, + "ingress_vrfid": 1610612736, + "ip_class_of_service": 0, + "octet_delta_count": 4350, + "packet_delta_count": 3, + "protocol_identifier": 6, + "source_ipv4_address": "10.0.12.21", + "source_ipv4_prefix_length": 24, + "source_transport_port": 443, + "tcp_control_bits": 16, + "type": "netflow_flow" + }, + "network": { + "bytes": 4350, + "community_id": "1:keTU72GjRPvGrcGoAh5kgn7VAyE=", + "direction": "outbound", + "iana_number": 6, + "packets": 3, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 4350, + "ip": "10.0.12.21", + "locality": "private", + "packets": 3, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:24Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.3.110", + "locality": "private", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-06T10:09:24Z", + "duration": 3317000000, + "end": "2016-12-06T10:08:57.27Z", + "kind": "event", + "start": "2016-12-06T10:08:53.953Z" + }, + "flow": { + "id": "dTmlxL48EoA", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 70, + "bgp_next_hop_ipv4_address": "10.0.16.101", + "bgp_source_as_number": 65431, + "destination_ipv4_address": "10.0.3.110", + "destination_ipv4_prefix_length": 17, + "destination_transport_port": 443, + "egress_interface": 102, + "egress_vrfid": 1610612736, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:24Z", + "uptime_millis": 1704770673, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 1704743943, + "flow_start_sys_up_time": 1704740626, + "forwarding_status": 64, + "ingress_interface": 162, + "ingress_vrfid": 1610612736, + "ip_class_of_service": 0, + "octet_delta_count": 533, + "packet_delta_count": 2, + "protocol_identifier": 6, + "source_ipv4_address": "10.0.4.212", + "source_ipv4_prefix_length": 16, + "source_transport_port": 50691, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 533, + "community_id": "1:BQz6ZQnMAgTy7YLZ0FMc/GX7cYw=", + "direction": "outbound", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 533, + "ip": "10.0.4.212", + "locality": "private", + "packets": 2, + "port": 50691 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:24Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.1.136", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-06T10:09:24Z", + "duration": 19894000000, + "end": "2016-12-06T10:09:04.383Z", + "kind": "event", + "start": "2016-12-06T10:08:44.489Z" + }, + "flow": { + "id": "oMLDxCSgNuA", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_next_hop_ipv4_address": "0.0.0.0", + "bgp_source_as_number": 64497, + "destination_ipv4_address": "10.0.1.136", + "destination_ipv4_prefix_length": 27, + "destination_transport_port": 80, + "egress_interface": 104, + "egress_vrfid": 1610612736, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:24Z", + "uptime_millis": 1704770673, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 1704751056, + "flow_start_sys_up_time": 1704731162, + "forwarding_status": 64, + "ingress_interface": 158, + "ingress_vrfid": 1610612736, + "ip_class_of_service": 0, + "octet_delta_count": 13660, + "packet_delta_count": 325, + "protocol_identifier": 6, + "source_ipv4_address": "10.0.33.122", + "source_ipv4_prefix_length": 21, + "source_transport_port": 58814, + "tcp_control_bits": 16, + "type": "netflow_flow" + }, + "network": { + "bytes": 13660, + "community_id": "1:ER44La+18pqEeuMQJ9u8Z++LJZ8=", + "direction": "inbound", + "iana_number": 6, + "packets": 325, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 13660, + "ip": "10.0.33.122", + "locality": "private", + "packets": 325, + "port": 58814 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:24Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.34.71", + "locality": "private", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-06T10:09:24Z", + "duration": 0, + "end": "2016-12-06T10:08:53.955Z", + "kind": "event", + "start": "2016-12-06T10:08:53.955Z" + }, + "flow": { + "id": "5siGD7iCzo4", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 64496, + "bgp_next_hop_ipv4_address": "10.0.14.33", + "bgp_source_as_number": 65442, + "destination_ipv4_address": "10.0.34.71", + "destination_ipv4_prefix_length": 16, + "destination_transport_port": 443, + "egress_interface": 158, + "egress_vrfid": 1610612736, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:24Z", + "uptime_millis": 1704770673, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 1704740628, + "flow_start_sys_up_time": 1704740628, + "forwarding_status": 64, + "ingress_interface": 106, + "ingress_vrfid": 1610612736, + "ip_class_of_service": 96, + "octet_delta_count": 89, + "packet_delta_count": 1, + "protocol_identifier": 6, + "source_ipv4_address": "10.0.20.242", + "source_ipv4_prefix_length": 21, + "source_transport_port": 2013, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 89, + "community_id": "1:BfHR+tAWSW/SqM1Bpdnquzk4AaY=", + "direction": "outbound", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 89, + "ip": "10.0.20.242", + "locality": "private", + "packets": 1, + "port": 2013 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:24Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.15.38", + "locality": "private", + "port": 51621 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-06T10:09:24Z", + "duration": 0, + "end": "2016-12-06T10:08:53.957Z", + "kind": "event", + "start": "2016-12-06T10:08:53.957Z" + }, + "flow": { + "id": "-IcTJfcRi8w", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 64498, + "bgp_next_hop_ipv4_address": "10.0.14.27", + "bgp_source_as_number": 32934, + "destination_ipv4_address": "10.0.15.38", + "destination_ipv4_prefix_length": 24, + "destination_transport_port": 51621, + "egress_interface": 158, + "egress_vrfid": 1610612736, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:24Z", + "uptime_millis": 1704770673, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 1704740630, + "flow_start_sys_up_time": 1704740630, + "forwarding_status": 64, + "ingress_interface": 87, + "ingress_vrfid": 1610612736, + "ip_class_of_service": 0, + "octet_delta_count": 833, + "packet_delta_count": 1, + "protocol_identifier": 6, + "source_ipv4_address": "10.0.13.25", + "source_ipv4_prefix_length": 24, + "source_transport_port": 443, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 833, + "community_id": "1:V1uWTuA70EL9Qkn1J6pTFRcuV10=", + "direction": "outbound", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 833, + "ip": "10.0.13.25", + "locality": "private", + "packets": 1, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:24Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.2.18", + "locality": "private", + "port": 62464 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-06T10:09:24Z", + "duration": 89000000, + "end": "2016-12-06T10:08:53.959Z", + "kind": "event", + "start": "2016-12-06T10:08:53.87Z" + }, + "flow": { + "id": "tyf0jfEIDwM", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 65437, + "bgp_next_hop_ipv4_address": "10.0.18.126", + "bgp_source_as_number": 64496, + "destination_ipv4_address": "10.0.2.18", + "destination_ipv4_prefix_length": 16, + "destination_transport_port": 62464, + "egress_interface": 110, + "egress_vrfid": 1610612736, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:24Z", + "uptime_millis": 1704770673, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 1704740632, + "flow_start_sys_up_time": 1704740543, + "forwarding_status": 64, + "ingress_interface": 158, + "ingress_vrfid": 1610612736, + "ip_class_of_service": 0, + "octet_delta_count": 1625, + "packet_delta_count": 2, + "protocol_identifier": 6, + "source_ipv4_address": "10.0.25.59", + "source_ipv4_prefix_length": 16, + "source_transport_port": 443, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 1625, + "community_id": "1:bF2alD6RwfO9yf2PNZ0MtP9Cksw=", + "direction": "inbound", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1625, + "ip": "10.0.25.59", + "locality": "private", + "packets": 2, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:24Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.27.168", + "locality": "private", + "port": 465 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-06T10:09:24Z", + "duration": 17325000000, + "end": "2016-12-06T10:09:05.882Z", + "kind": "event", + "start": "2016-12-06T10:08:48.557Z" + }, + "flow": { + "id": "OYKOBQNKdF4", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 64496, + "bgp_next_hop_ipv4_address": "10.0.14.33", + "bgp_source_as_number": 65436, + "destination_ipv4_address": "10.0.27.168", + "destination_ipv4_prefix_length": 16, + "destination_transport_port": 465, + "egress_interface": 158, + "egress_vrfid": 1610612736, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:24Z", + "uptime_millis": 1704770673, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 1704752555, + "flow_start_sys_up_time": 1704735230, + "forwarding_status": 64, + "ingress_interface": 86, + "ingress_vrfid": 1610612736, + "ip_class_of_service": 0, + "octet_delta_count": 142184, + "packet_delta_count": 97, + "protocol_identifier": 6, + "source_ipv4_address": "10.0.7.73", + "source_ipv4_prefix_length": 16, + "source_transport_port": 60312, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 142184, + "community_id": "1:SgVt9ECKOHEc4InDt5s6nTb2ePs=", + "direction": "outbound", + "iana_number": 6, + "packets": 97, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 142184, + "ip": "10.0.7.73", + "locality": "private", + "packets": 97, + "port": 60312 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:24Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.27.169", + "locality": "private", + "port": 995 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-06T10:09:24Z", + "duration": 2705000000, + "end": "2016-12-06T10:08:56.186Z", + "kind": "event", + "start": "2016-12-06T10:08:53.481Z" + }, + "flow": { + "id": "fC6tFjsdK54", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 64496, + "bgp_next_hop_ipv4_address": "10.0.14.33", + "bgp_source_as_number": 65463, + "destination_ipv4_address": "10.0.27.169", + "destination_ipv4_prefix_length": 16, + "destination_transport_port": 995, + "egress_interface": 158, + "egress_vrfid": 1610612736, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:24Z", + "uptime_millis": 1704770673, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 1704742859, + "flow_start_sys_up_time": 1704740154, + "forwarding_status": 64, + "ingress_interface": 106, + "ingress_vrfid": 1610612736, + "ip_class_of_service": 0, + "octet_delta_count": 3016, + "packet_delta_count": 58, + "protocol_identifier": 6, + "source_ipv4_address": "10.0.19.50", + "source_ipv4_prefix_length": 18, + "source_transport_port": 34452, + "tcp_control_bits": 16, + "type": "netflow_flow" + }, + "network": { + "bytes": 3016, + "community_id": "1:tE2lcbsWsM+Jkv2xskEEX4p0MTY=", + "direction": "outbound", + "iana_number": 6, + "packets": 58, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 3016, + "ip": "10.0.19.50", + "locality": "private", + "packets": 58, + "port": 34452 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:24Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.24.13", + "locality": "private", + "port": 49917 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-06T10:09:24Z", + "duration": 361000000, + "end": "2016-12-06T10:08:54.28Z", + "kind": "event", + "start": "2016-12-06T10:08:53.919Z" + }, + "flow": { + "id": "Kk4bVU4hDRk", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_next_hop_ipv4_address": "0.0.0.0", + "bgp_source_as_number": 64496, + "destination_ipv4_address": "10.0.24.13", + "destination_ipv4_prefix_length": 25, + "destination_transport_port": 49917, + "egress_interface": 104, + "egress_vrfid": 1610612736, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:24Z", + "uptime_millis": 1704770673, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 1704740953, + "flow_start_sys_up_time": 1704740592, + "forwarding_status": 64, + "ingress_interface": 158, + "ingress_vrfid": 1610612736, + "ip_class_of_service": 0, + "octet_delta_count": 31500, + "packet_delta_count": 21, + "protocol_identifier": 6, + "source_ipv4_address": "10.0.28.150", + "source_ipv4_prefix_length": 16, + "source_transport_port": 443, + "tcp_control_bits": 16, + "type": "netflow_flow" + }, + "network": { + "bytes": 31500, + "community_id": "1:FN3bCIq6MMWqE4Hl49V+atNp0E0=", + "direction": "inbound", + "iana_number": 6, + "packets": 21, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 31500, + "ip": "10.0.28.150", + "locality": "private", + "packets": 21, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:24Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.21.200", + "locality": "private", + "port": 50254 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-06T10:09:24Z", + "duration": 378000000, + "end": "2016-12-06T10:08:54.037Z", + "kind": "event", + "start": "2016-12-06T10:08:53.659Z" + }, + "flow": { + "id": "_Fk2ywvptGE", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_next_hop_ipv4_address": "0.0.0.0", + "bgp_source_as_number": 64496, + "destination_ipv4_address": "10.0.21.200", + "destination_ipv4_prefix_length": 25, + "destination_transport_port": 50254, + "egress_interface": 87, + "egress_vrfid": 1610612736, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:24Z", + "uptime_millis": 1704770673, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 1704740710, + "flow_start_sys_up_time": 1704740332, + "forwarding_status": 64, + "ingress_interface": 158, + "ingress_vrfid": 1610612736, + "ip_class_of_service": 0, + "octet_delta_count": 2919, + "packet_delta_count": 3, + "protocol_identifier": 6, + "source_ipv4_address": "10.0.26.188", + "source_ipv4_prefix_length": 16, + "source_transport_port": 993, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 2919, + "community_id": "1:6drEgbq558Eo9wL0KROAp9Dz/NQ=", + "direction": "inbound", + "iana_number": 6, + "packets": 3, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 2919, + "ip": "10.0.26.188", + "locality": "private", + "packets": 3, + "port": 993 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:24Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.15.38", + "locality": "private", + "port": 35983 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-06T10:09:24Z", + "duration": 11106000000, + "end": "2016-12-06T10:09:03.759Z", + "kind": "event", + "start": "2016-12-06T10:08:52.653Z" + }, + "flow": { + "id": "MrTF7IZhOrg", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 64498, + "bgp_next_hop_ipv4_address": "10.0.14.27", + "bgp_source_as_number": 15169, + "destination_ipv4_address": "10.0.15.38", + "destination_ipv4_prefix_length": 24, + "destination_transport_port": 35983, + "egress_interface": 158, + "egress_vrfid": 1610612736, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:24Z", + "uptime_millis": 1704770673, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 1704750432, + "flow_start_sys_up_time": 1704739326, + "forwarding_status": 64, + "ingress_interface": 75, + "ingress_vrfid": 1610612736, + "ip_class_of_service": 0, + "octet_delta_count": 4514, + "packet_delta_count": 5, + "protocol_identifier": 6, + "source_ipv4_address": "10.0.29.34", + "source_ipv4_prefix_length": 24, + "source_transport_port": 443, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 4514, + "community_id": "1:3ghkl5QTpPmwGGKHHgAzzui7zEs=", + "direction": "outbound", + "iana_number": 6, + "packets": 5, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 4514, + "ip": "10.0.29.34", + "locality": "private", + "packets": 5, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:24Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.5.224", + "locality": "private", + "port": 51671 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-06T10:09:24Z", + "duration": 0, + "end": "2016-12-06T10:08:53.964Z", + "kind": "event", + "start": "2016-12-06T10:08:53.964Z" + }, + "flow": { + "id": "hUKUTbBVmIY", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 65431, + "bgp_next_hop_ipv4_address": "10.0.0.242", + "bgp_source_as_number": 789, + "destination_ipv4_address": "10.0.5.224", + "destination_ipv4_prefix_length": 16, + "destination_transport_port": 51671, + "egress_interface": 162, + "egress_vrfid": 1610612736, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:24Z", + "uptime_millis": 1704770673, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 1704740637, + "flow_start_sys_up_time": 1704740637, + "forwarding_status": 64, + "ingress_interface": 102, + "ingress_vrfid": 1610612736, + "ip_class_of_service": 0, + "octet_delta_count": 326, + "packet_delta_count": 1, + "protocol_identifier": 6, + "source_ipv4_address": "10.0.8.200", + "source_ipv4_prefix_length": 16, + "source_transport_port": 23128, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 326, + "community_id": "1:TMLPL/iKXxIK7QRg4pnHfBsShqg=", + "direction": "inbound", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 326, + "ip": "10.0.8.200", + "locality": "private", + "packets": 1, + "port": 23128 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-06T10:09:24Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.15.38", + "locality": "private", + "port": 52364 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-06T10:09:24Z", + "duration": 1587000000, + "end": "2016-12-06T10:08:53.964Z", + "kind": "event", + "start": "2016-12-06T10:08:52.377Z" + }, + "flow": { + "id": "IoEUbnBqGXE", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 64498, + "bgp_next_hop_ipv4_address": "10.0.14.27", + "bgp_source_as_number": 15169, + "destination_ipv4_address": "10.0.15.38", + "destination_ipv4_prefix_length": 24, + "destination_transport_port": 52364, + "egress_interface": 158, + "egress_vrfid": 1610612736, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2177, + "timestamp": "2016-12-06T10:09:24Z", + "uptime_millis": 1704770673, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 1704740637, + "flow_start_sys_up_time": 1704739050, + "forwarding_status": 64, + "ingress_interface": 75, + "ingress_vrfid": 1610612736, + "ip_class_of_service": 0, + "octet_delta_count": 112, + "packet_delta_count": 2, + "protocol_identifier": 6, + "source_ipv4_address": "10.0.29.46", + "source_ipv4_prefix_length": 24, + "source_transport_port": 443, + "tcp_control_bits": 18, + "type": "netflow_flow" + }, + "network": { + "bytes": 112, + "community_id": "1:m0iCo0wGlC3GtERxAISGhJWdUMw=", + "direction": "outbound", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 112, + "ip": "10.0.29.46", + "locality": "private", + "packets": 2, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-ASR1001--X.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-ASR1001--X.golden.json new file mode 100644 index 00000000000..2484a8a7fa9 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-ASR1001--X.golden.json @@ -0,0 +1,1655 @@ +{ + "test_name": "Netflow 9 Cisco ASR1001-X", + "events": [ + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.12.100.13", + "locality": "private", + "port": 53218 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "_qSyv-Xe8IM", + "locality": "private" + }, + "netflow": { + "application_id": "DQAFHg==", + "destination_ipv4_address": "10.12.100.13", + "destination_transport_port": 53218, + "egress_interface": 16, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 1, + "flow_end_milliseconds": "2017-10-09T20:22:20.731Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.637Z", + "ingress_interface": 4, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.10.5.100", + "octet_delta_count": 965, + "packet_delta_count": 7, + "protocol_identifier": 6, + "source_ipv4_address": "10.111.111.242", + "source_transport_port": 52444, + "type": "netflow_flow" + }, + "network": { + "bytes": 965, + "community_id": "1:yBbu9yh2dR3uiqZZPVQfNvrs/bw=", + "direction": "outbound", + "iana_number": 6, + "packets": 7, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 965, + "ip": "10.111.111.242", + "locality": "private", + "packets": 7, + "port": 52444 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.100.105.85", + "locality": "private", + "port": 41746 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "7s_4xBb69Y0", + "locality": "private" + }, + "netflow": { + "application_id": "AwAAoQ==", + "destination_ipv4_address": "10.100.105.85", + "destination_transport_port": 41746, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 0, + "flow_end_milliseconds": "2017-10-09T20:22:20.638Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.638Z", + "ingress_interface": 16, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.10.3.114", + "octet_delta_count": 284, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "10.10.4.29", + "source_transport_port": 161, + "type": "netflow_flow" + }, + "network": { + "bytes": 284, + "community_id": "1:EOGOZKIOsiiliNNjOuZs6sS3z0U=", + "direction": "inbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 284, + "ip": "10.10.4.29", + "locality": "private", + "packets": 1, + "port": 161 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.111.111.242", + "locality": "private", + "port": 52444 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "_qSyv-Xe8IM", + "locality": "private" + }, + "netflow": { + "application_id": "DQAFHg==", + "destination_ipv4_address": "10.111.111.242", + "destination_transport_port": 52444, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 0, + "flow_end_milliseconds": "2017-10-09T20:22:20.723Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.639Z", + "ingress_interface": 16, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.10.3.114", + "octet_delta_count": 670, + "packet_delta_count": 6, + "protocol_identifier": 6, + "source_ipv4_address": "10.12.100.13", + "source_transport_port": 53218, + "type": "netflow_flow" + }, + "network": { + "bytes": 670, + "community_id": "1:yBbu9yh2dR3uiqZZPVQfNvrs/bw=", + "direction": "inbound", + "iana_number": 6, + "packets": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 670, + "ip": "10.12.100.13", + "locality": "private", + "packets": 6, + "port": 53218 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.10.11.21", + "locality": "private", + "port": 61440 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "jk1T8-P2OHM", + "locality": "private" + }, + "netflow": { + "application_id": "DQAAQA==", + "destination_ipv4_address": "10.10.11.21", + "destination_transport_port": 61440, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 0, + "flow_end_milliseconds": "2017-10-09T20:22:20.688Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.64Z", + "ingress_interface": 16, + "ip_class_of_service": 184, + "ip_next_hop_ipv4_address": "10.10.3.114", + "octet_delta_count": 80, + "packet_delta_count": 2, + "protocol_identifier": 6, + "source_ipv4_address": "10.12.104.239", + "source_transport_port": 1720, + "type": "netflow_flow" + }, + "network": { + "bytes": 80, + "community_id": "1:6b7hzb2lupBVrTTBOYzbyljYCzw=", + "direction": "inbound", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 80, + "ip": "10.12.104.239", + "locality": "private", + "packets": 2, + "port": 1720 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.12.104.239", + "locality": "private", + "port": 1720 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "jk1T8-P2OHM", + "locality": "private" + }, + "netflow": { + "application_id": "DQAAQA==", + "destination_ipv4_address": "10.12.104.239", + "destination_transport_port": 1720, + "egress_interface": 16, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 1, + "flow_end_milliseconds": "2017-10-09T20:22:20.686Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.64Z", + "ingress_interface": 4, + "ip_class_of_service": 184, + "ip_next_hop_ipv4_address": "10.10.5.100", + "octet_delta_count": 80, + "packet_delta_count": 2, + "protocol_identifier": 6, + "source_ipv4_address": "10.10.11.21", + "source_transport_port": 61440, + "type": "netflow_flow" + }, + "network": { + "bytes": 80, + "community_id": "1:6b7hzb2lupBVrTTBOYzbyljYCzw=", + "direction": "outbound", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 80, + "ip": "10.10.11.21", + "locality": "private", + "packets": 2, + "port": 61440 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.15.131.98", + "locality": "private", + "port": 64400 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "6AEj_wlzQm4", + "locality": "private" + }, + "netflow": { + "application_id": "AwAANQ==", + "destination_ipv4_address": "10.15.131.98", + "destination_transport_port": 64400, + "egress_interface": 16, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 1, + "flow_end_milliseconds": "2017-10-09T20:22:20.64Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.64Z", + "ingress_interface": 4, + "ip_class_of_service": 72, + "ip_next_hop_ipv4_address": "10.10.5.62", + "octet_delta_count": 101, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "10.100.101.45", + "source_transport_port": 53, + "type": "netflow_flow" + }, + "network": { + "bytes": 101, + "community_id": "1:0nd0je2ss73gC5Cl39GkfxSV1iw=", + "direction": "outbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 101, + "ip": "10.100.101.45", + "locality": "private", + "packets": 1, + "port": 53 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.12.105.23", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "MtCuD-nvBTY", + "locality": "private" + }, + "netflow": { + "application_id": "AwAHFA==", + "destination_ipv4_address": "10.12.105.23", + "destination_transport_port": 0, + "egress_interface": 16, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 1, + "flow_end_milliseconds": "2017-10-09T20:22:20.708Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.64Z", + "ingress_interface": 4, + "ip_class_of_service": 72, + "ip_next_hop_ipv4_address": "10.10.5.100", + "octet_delta_count": 1134, + "packet_delta_count": 14, + "protocol_identifier": 17, + "source_ipv4_address": "10.100.101.43", + "source_transport_port": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 1134, + "community_id": "1:5j05uMjmLSTBrzv+/f4RzVjsXoM=", + "direction": "outbound", + "iana_number": 17, + "packets": 14, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1134, + "ip": "10.100.101.43", + "locality": "private", + "packets": 14, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.11.31.108", + "locality": "private", + "port": 51708 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "8zAXung0YbA", + "locality": "public" + }, + "netflow": { + "application_id": "DQACBg==", + "destination_ipv4_address": "10.11.31.108", + "destination_transport_port": 51708, + "egress_interface": 16, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 1, + "flow_end_milliseconds": "2017-10-09T20:22:20.656Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.641Z", + "ingress_interface": 4, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.10.5.30", + "octet_delta_count": 237, + "packet_delta_count": 4, + "protocol_identifier": 6, + "source_ipv4_address": "31.13.71.7", + "source_transport_port": 443, + "type": "netflow_flow" + }, + "network": { + "bytes": 237, + "community_id": "1:7lNSpJLSiDjzVjBtiTBatlKGNaQ=", + "direction": "outbound", + "iana_number": 6, + "packets": 4, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 237, + "ip": "31.13.71.7", + "locality": "public", + "packets": 4, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.100.105.86", + "locality": "private", + "port": 58842 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "5LxKkXX5FfM", + "locality": "private" + }, + "netflow": { + "application_id": "AwAAoQ==", + "destination_ipv4_address": "10.100.105.86", + "destination_transport_port": 58842, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 0, + "flow_end_milliseconds": "2017-10-09T20:22:20.642Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.642Z", + "ingress_interface": 16, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.10.3.114", + "octet_delta_count": 91, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "10.11.21.60", + "source_transport_port": 161, + "type": "netflow_flow" + }, + "network": { + "bytes": 91, + "community_id": "1:MHSDRtvJ2AI894PO4TVb4PrW/yc=", + "direction": "inbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 91, + "ip": "10.11.21.60", + "locality": "private", + "packets": 1, + "port": 161 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.217.11.5", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "MnDMft-qZjs", + "locality": "public" + }, + "netflow": { + "application_id": "DQABzg==", + "destination_ipv4_address": "172.217.11.5", + "destination_transport_port": 443, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 0, + "flow_end_milliseconds": "2017-10-09T20:22:20.642Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.642Z", + "ingress_interface": 16, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.10.3.114", + "octet_delta_count": 41, + "packet_delta_count": 1, + "protocol_identifier": 6, + "source_ipv4_address": "10.12.92.102", + "source_transport_port": 50766, + "type": "netflow_flow" + }, + "network": { + "bytes": 41, + "community_id": "1:uDd6b2aQtfD8+wElJrQKdgWAP34=", + "direction": "inbound", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 41, + "ip": "10.12.92.102", + "locality": "private", + "packets": 1, + "port": 50766 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.11.21.60", + "locality": "private", + "port": 161 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "Ddy-Ii-ZDDI", + "locality": "private" + }, + "netflow": { + "application_id": "AwAAoQ==", + "destination_ipv4_address": "10.11.21.60", + "destination_transport_port": 161, + "egress_interface": 16, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 1, + "flow_end_milliseconds": "2017-10-09T20:22:20.643Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.643Z", + "ingress_interface": 4, + "ip_class_of_service": 96, + "ip_next_hop_ipv4_address": "10.10.5.29", + "octet_delta_count": 111, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "10.100.105.86", + "source_transport_port": 58843, + "type": "netflow_flow" + }, + "network": { + "bytes": 111, + "community_id": "1:57eQyWSxMRU5bytTSoOoGX5Jnjk=", + "direction": "outbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 111, + "ip": "10.100.105.86", + "locality": "private", + "packets": 1, + "port": 58843 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.100.105.85", + "locality": "private", + "port": 41351 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "Hiy-Ti0eVlY", + "locality": "private" + }, + "netflow": { + "application_id": "AwAAoQ==", + "destination_ipv4_address": "10.100.105.85", + "destination_transport_port": 41351, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 0, + "flow_end_milliseconds": "2017-10-09T20:22:20.679Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.644Z", + "ingress_interface": 16, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.10.3.114", + "octet_delta_count": 1164, + "packet_delta_count": 4, + "protocol_identifier": 17, + "source_ipv4_address": "10.10.4.234", + "source_transport_port": 161, + "type": "netflow_flow" + }, + "network": { + "bytes": 1164, + "community_id": "1:Ik5zyNApQAmWob0G79V+hMi5+Pg=", + "direction": "inbound", + "iana_number": 17, + "packets": 4, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1164, + "ip": "10.10.4.234", + "locality": "private", + "packets": 4, + "port": 161 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.10.11.21", + "locality": "private", + "port": 61440 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "7iMintjCsaw", + "locality": "private" + }, + "netflow": { + "application_id": "DQAAQA==", + "destination_ipv4_address": "10.10.11.21", + "destination_transport_port": 61440, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 0, + "flow_end_milliseconds": "2017-10-09T20:22:20.672Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.644Z", + "ingress_interface": 16, + "ip_class_of_service": 184, + "ip_next_hop_ipv4_address": "10.10.3.114", + "octet_delta_count": 80, + "packet_delta_count": 2, + "protocol_identifier": 6, + "source_ipv4_address": "10.12.106.83", + "source_transport_port": 1720, + "type": "netflow_flow" + }, + "network": { + "bytes": 80, + "community_id": "1:YHvXfhIeIZEgkebPSsnrYgUJJI0=", + "direction": "inbound", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 80, + "ip": "10.12.106.83", + "locality": "private", + "packets": 2, + "port": 1720 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.12.92.102", + "locality": "private", + "port": 50766 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "MnDMft-qZjs", + "locality": "public" + }, + "netflow": { + "application_id": "DQABzg==", + "destination_ipv4_address": "10.12.92.102", + "destination_transport_port": 50766, + "egress_interface": 16, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 1, + "flow_end_milliseconds": "2017-10-09T20:22:20.644Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.644Z", + "ingress_interface": 4, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.10.5.162", + "octet_delta_count": 52, + "packet_delta_count": 1, + "protocol_identifier": 6, + "source_ipv4_address": "172.217.11.5", + "source_transport_port": 443, + "type": "netflow_flow" + }, + "network": { + "bytes": 52, + "community_id": "1:uDd6b2aQtfD8+wElJrQKdgWAP34=", + "direction": "outbound", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 52, + "ip": "172.217.11.5", + "locality": "public", + "packets": 1, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.12.106.83", + "locality": "private", + "port": 1720 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "7iMintjCsaw", + "locality": "private" + }, + "netflow": { + "application_id": "DQAAQA==", + "destination_ipv4_address": "10.12.106.83", + "destination_transport_port": 1720, + "egress_interface": 16, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 1, + "flow_end_milliseconds": "2017-10-09T20:22:20.669Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.645Z", + "ingress_interface": 4, + "ip_class_of_service": 184, + "ip_next_hop_ipv4_address": "10.10.5.100", + "octet_delta_count": 80, + "packet_delta_count": 2, + "protocol_identifier": 6, + "source_ipv4_address": "10.10.11.21", + "source_transport_port": 61440, + "type": "netflow_flow" + }, + "network": { + "bytes": 80, + "community_id": "1:YHvXfhIeIZEgkebPSsnrYgUJJI0=", + "direction": "outbound", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 80, + "ip": "10.10.11.21", + "locality": "private", + "packets": 2, + "port": 61440 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "74.201.129.29", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "hphBugBrKPY", + "locality": "public" + }, + "netflow": { + "application_id": "DQABxQ==", + "destination_ipv4_address": "74.201.129.29", + "destination_transport_port": 443, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 0, + "flow_end_milliseconds": "2017-10-09T20:22:20.783Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.646Z", + "ingress_interface": 16, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.10.3.114", + "octet_delta_count": 3088, + "packet_delta_count": 10, + "protocol_identifier": 6, + "source_ipv4_address": "10.12.81.86", + "source_transport_port": 58657, + "type": "netflow_flow" + }, + "network": { + "bytes": 3088, + "community_id": "1:Lq6KbJ/pg4WbByH0CvgQv8BHdtA=", + "direction": "inbound", + "iana_number": 6, + "packets": 10, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 3088, + "ip": "10.12.81.86", + "locality": "private", + "packets": 10, + "port": 58657 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.12.100.13", + "locality": "private", + "port": 389 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "gJ7Z20zGGk8", + "locality": "private" + }, + "netflow": { + "application_id": "DQAB2Q==", + "destination_ipv4_address": "10.12.100.13", + "destination_transport_port": 389, + "egress_interface": 16, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 0, + "flow_end_milliseconds": "2017-10-09T20:22:20.786Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.647Z", + "ingress_interface": 16, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.10.5.100", + "octet_delta_count": 5306, + "packet_delta_count": 24, + "protocol_identifier": 6, + "source_ipv4_address": "10.14.121.98", + "source_transport_port": 50174, + "type": "netflow_flow" + }, + "network": { + "bytes": 5306, + "community_id": "1:/l55n91lgbmQbHIED/mfpk0OQk4=", + "direction": "inbound", + "iana_number": 6, + "packets": 24, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 5306, + "ip": "10.14.121.98", + "locality": "private", + "packets": 24, + "port": 50174 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.100.105.86", + "locality": "private", + "port": 58843 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "Ddy-Ii-ZDDI", + "locality": "private" + }, + "netflow": { + "application_id": "AwAAoQ==", + "destination_ipv4_address": "10.100.105.86", + "destination_transport_port": 58843, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 0, + "flow_end_milliseconds": "2017-10-09T20:22:20.649Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.649Z", + "ingress_interface": 16, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.10.3.114", + "octet_delta_count": 116, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "10.11.21.60", + "source_transport_port": 161, + "type": "netflow_flow" + }, + "network": { + "bytes": 116, + "community_id": "1:57eQyWSxMRU5bytTSoOoGX5Jnjk=", + "direction": "inbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 116, + "ip": "10.11.21.60", + "locality": "private", + "packets": 1, + "port": 161 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.14.121.98", + "locality": "private", + "port": 50174 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "gJ7Z20zGGk8", + "locality": "private" + }, + "netflow": { + "application_id": "DQAB2Q==", + "destination_ipv4_address": "10.14.121.98", + "destination_transport_port": 50174, + "egress_interface": 16, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 0, + "flow_end_milliseconds": "2017-10-09T20:22:20.788Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.649Z", + "ingress_interface": 16, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.10.5.25", + "octet_delta_count": 22764, + "packet_delta_count": 30, + "protocol_identifier": 6, + "source_ipv4_address": "10.12.100.13", + "source_transport_port": 389, + "type": "netflow_flow" + }, + "network": { + "bytes": 22764, + "community_id": "1:/l55n91lgbmQbHIED/mfpk0OQk4=", + "direction": "inbound", + "iana_number": 6, + "packets": 30, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 22764, + "ip": "10.12.100.13", + "locality": "private", + "packets": 30, + "port": 389 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.10.11.21", + "locality": "private", + "port": 61443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "LZaFrMI9jg0", + "locality": "private" + }, + "netflow": { + "application_id": "DQAAQA==", + "destination_ipv4_address": "10.10.11.21", + "destination_transport_port": 61443, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 0, + "flow_end_milliseconds": "2017-10-09T20:22:20.712Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.65Z", + "ingress_interface": 16, + "ip_class_of_service": 184, + "ip_next_hop_ipv4_address": "10.10.3.114", + "octet_delta_count": 80, + "packet_delta_count": 2, + "protocol_identifier": 6, + "source_ipv4_address": "10.12.102.125", + "source_transport_port": 1720, + "type": "netflow_flow" + }, + "network": { + "bytes": 80, + "community_id": "1:TswEOa5Y4y+EsDzrSTiDVjn6ljE=", + "direction": "inbound", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 80, + "ip": "10.12.102.125", + "locality": "private", + "packets": 2, + "port": 1720 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.11.21.60", + "locality": "private", + "port": 161 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "f6pXcQQIzpU", + "locality": "private" + }, + "netflow": { + "application_id": "AwAAoQ==", + "destination_ipv4_address": "10.11.21.60", + "destination_transport_port": 161, + "egress_interface": 16, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 1, + "flow_end_milliseconds": "2017-10-09T20:22:20.65Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.65Z", + "ingress_interface": 4, + "ip_class_of_service": 96, + "ip_next_hop_ipv4_address": "10.10.5.29", + "octet_delta_count": 75, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "10.100.105.86", + "source_transport_port": 58844, + "type": "netflow_flow" + }, + "network": { + "bytes": 75, + "community_id": "1:6XcNqndTmSsA2vpub5no5PP6x94=", + "direction": "outbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 75, + "ip": "10.100.105.86", + "locality": "private", + "packets": 1, + "port": 58844 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.12.102.125", + "locality": "private", + "port": 1720 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "LZaFrMI9jg0", + "locality": "private" + }, + "netflow": { + "application_id": "DQAAQA==", + "destination_ipv4_address": "10.12.102.125", + "destination_transport_port": 1720, + "egress_interface": 16, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 1, + "flow_end_milliseconds": "2017-10-09T20:22:20.71Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.65Z", + "ingress_interface": 4, + "ip_class_of_service": 184, + "ip_next_hop_ipv4_address": "10.10.5.100", + "octet_delta_count": 80, + "packet_delta_count": 2, + "protocol_identifier": 6, + "source_ipv4_address": "10.10.11.21", + "source_transport_port": 61443, + "type": "netflow_flow" + }, + "network": { + "bytes": 80, + "community_id": "1:TswEOa5Y4y+EsDzrSTiDVjn6ljE=", + "direction": "outbound", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 80, + "ip": "10.10.11.21", + "locality": "private", + "packets": 2, + "port": 61443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.10.4.151", + "locality": "private", + "port": 161 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "gQGJtHjUcB8", + "locality": "private" + }, + "netflow": { + "application_id": "AwAAoQ==", + "destination_ipv4_address": "10.10.4.151", + "destination_transport_port": 161, + "egress_interface": 16, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 1, + "flow_end_milliseconds": "2017-10-09T20:22:20.662Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.651Z", + "ingress_interface": 4, + "ip_class_of_service": 96, + "ip_next_hop_ipv4_address": "10.10.5.150", + "octet_delta_count": 160, + "packet_delta_count": 2, + "protocol_identifier": 17, + "source_ipv4_address": "10.100.105.85", + "source_transport_port": 37265, + "type": "netflow_flow" + }, + "network": { + "bytes": 160, + "community_id": "1:JCgVF03O/JPuZMdchkd7MsulFlg=", + "direction": "outbound", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 160, + "ip": "10.100.105.85", + "locality": "private", + "packets": 2, + "port": 37265 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "17.253.24.253", + "locality": "public", + "port": 123 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "UHiF_w4I6zM", + "locality": "public" + }, + "netflow": { + "application_id": "AwAAew==", + "destination_ipv4_address": "17.253.24.253", + "destination_transport_port": 123, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 0, + "flow_end_milliseconds": "2017-10-09T20:22:20.651Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.651Z", + "ingress_interface": 16, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.10.3.114", + "octet_delta_count": 76, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "10.14.25.80", + "source_transport_port": 62427, + "type": "netflow_flow" + }, + "network": { + "bytes": 76, + "community_id": "1:nx2pvp49/72hmhlz+yyp8IVaZtQ=", + "direction": "inbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 76, + "ip": "10.14.25.80", + "locality": "private", + "packets": 1, + "port": 62427 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-10-09T20:22:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.100.101.43", + "locality": "private", + "port": 49156 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-10-09T20:22:35Z", + "kind": "event" + }, + "flow": { + "id": "czsFrOKrayM", + "locality": "private" + }, + "netflow": { + "application_id": "DQAB2Q==", + "destination_ipv4_address": "10.100.101.43", + "destination_transport_port": 49156, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 512, + "timestamp": "2017-10-09T20:22:35Z", + "uptime_millis": 2628072005, + "version": 9 + }, + "flow_direction": 0, + "flow_end_milliseconds": "2017-10-09T20:22:20.692Z", + "flow_start_milliseconds": "2017-10-09T20:22:20.652Z", + "ingress_interface": 16, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.10.3.114", + "octet_delta_count": 1340, + "packet_delta_count": 2, + "protocol_identifier": 6, + "source_ipv4_address": "10.12.150.13", + "source_transport_port": 61792, + "type": "netflow_flow" + }, + "network": { + "bytes": 1340, + "community_id": "1:zuc1AIKuUwVTrtFB2fYRrhsv2Ww=", + "direction": "inbound", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1340, + "ip": "10.12.150.13", + "locality": "private", + "packets": 2, + "port": 61792 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-NBAR-flowset-262.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-NBAR-flowset-262.golden.json new file mode 100644 index 00000000000..c667fa408ad --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-NBAR-flowset-262.golden.json @@ -0,0 +1,410 @@ +{ + "test_name": "Netflow 9 Cisco NBAR flowset 262", + "events": [ + { + "Timestamp": "2017-02-14T11:10:36Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.30.19.180", + "locality": "private", + "mac": "1c:df:0f:7e:c3:58", + "port": 2048 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-02-14T11:10:36Z", + "duration": 0, + "end": "2017-02-14T11:10:19.368Z", + "kind": "event", + "start": "2017-02-14T11:10:19.368Z" + }, + "flow": { + "id": "Bk-2FcuOyCU", + "locality": "private" + }, + "netflow": { + "application_id": "AQAAAQ==", + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.30.19.180", + "destination_mac_address": "1c:df:0f:7e:c3:58", + "destination_transport_port": 2048, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-02-14T11:10:36Z", + "uptime_millis": 4095650576, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 4095633944, + "flow_start_sys_up_time": 4095633944, + "fragment_identification": 0, + "ingress_interface": 1, + "ip_class_of_service": 0, + "ip_diff_serv_code_point": 0, + "ip_next_hop_ipv4_address": "0.0.0.0", + "octet_delta_count": 44, + "packet_delta_count": 1, + "protocol_identifier": 1, + "source_ipv4_address": "10.30.18.62", + "source_ipv4_prefix": "10.30.18.0", + "source_ipv4_prefix_length": 23, + "source_mac_address": "00:50:56:91:56:86", + "source_transport_port": 0, + "tcp_source_port": 0, + "type": "netflow_flow", + "udp_destination_port": 0 + }, + "network": { + "bytes": 44, + "community_id": "1:8cDBXH9jjYVVde053VC5trU8Cuo=", + "direction": "inbound", + "iana_number": 1, + "packets": 1, + "transport": "icmp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 44, + "ip": "10.30.18.62", + "locality": "private", + "mac": "00:50:56:91:56:86", + "packets": 1, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-02-14T11:10:36Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.30.19.180", + "locality": "private", + "mac": "1c:df:0f:7e:c3:58", + "port": 161 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-02-14T11:10:36Z", + "duration": 0, + "end": "2017-02-14T11:10:19.368Z", + "kind": "event", + "start": "2017-02-14T11:10:19.368Z" + }, + "flow": { + "id": "4Xk8GtQfUAo", + "locality": "private" + }, + "netflow": { + "application_id": "BQAAJg==", + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.30.19.180", + "destination_mac_address": "1c:df:0f:7e:c3:58", + "destination_transport_port": 161, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-02-14T11:10:36Z", + "uptime_millis": 4095650576, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 4095633944, + "flow_start_sys_up_time": 4095633944, + "fragment_identification": 0, + "ingress_interface": 1, + "ip_class_of_service": 0, + "ip_diff_serv_code_point": 0, + "ip_next_hop_ipv4_address": "0.0.0.0", + "octet_delta_count": 106, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "10.30.18.62", + "source_ipv4_prefix": "10.30.18.0", + "source_ipv4_prefix_length": 23, + "source_mac_address": "00:50:56:91:56:86", + "source_transport_port": 34220, + "tcp_source_port": 0, + "type": "netflow_flow", + "udp_destination_port": 161 + }, + "network": { + "bytes": 106, + "community_id": "1:ED1EAUtKZuzVn81q9iThMWwSfPs=", + "direction": "inbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 106, + "ip": "10.30.18.62", + "locality": "private", + "mac": "00:50:56:91:56:86", + "packets": 1, + "port": 34220 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-02-14T11:10:36Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.30.19.180", + "locality": "private", + "mac": "1c:df:0f:7e:c3:58", + "port": 2048 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-02-14T11:10:36Z", + "duration": 0, + "end": "2017-02-14T11:10:19.924Z", + "kind": "event", + "start": "2017-02-14T11:10:19.924Z" + }, + "flow": { + "id": "tfLRXnB6AOA", + "locality": "private" + }, + "netflow": { + "application_id": "AQAAAQ==", + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.30.19.180", + "destination_mac_address": "1c:df:0f:7e:c3:58", + "destination_transport_port": 2048, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-02-14T11:10:36Z", + "uptime_millis": 4095650576, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 4095634500, + "flow_start_sys_up_time": 4095634500, + "fragment_identification": 0, + "ingress_interface": 1, + "ip_class_of_service": 0, + "ip_diff_serv_code_point": 0, + "ip_next_hop_ipv4_address": "0.0.0.0", + "octet_delta_count": 44, + "packet_delta_count": 1, + "protocol_identifier": 1, + "source_ipv4_address": "10.10.172.60", + "source_ipv4_prefix": "0.0.0.0", + "source_ipv4_prefix_length": 0, + "source_mac_address": "00:18:19:9e:6c:01", + "source_transport_port": 0, + "tcp_source_port": 0, + "type": "netflow_flow", + "udp_destination_port": 0 + }, + "network": { + "bytes": 44, + "community_id": "1:t8Qd3z3L2lOoZPfQUK+zDeteU2Q=", + "direction": "inbound", + "iana_number": 1, + "packets": 1, + "transport": "icmp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 44, + "ip": "10.10.172.60", + "locality": "private", + "mac": "00:18:19:9e:6c:01", + "packets": 1, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-02-14T11:10:36Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.30.19.180", + "locality": "private", + "mac": "1c:df:0f:7e:c3:58", + "port": 123 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-02-14T11:10:36Z", + "duration": 0, + "end": "2017-02-14T11:10:19.996Z", + "kind": "event", + "start": "2017-02-14T11:10:19.996Z" + }, + "flow": { + "id": "1mfP23NPuB8", + "locality": "private" + }, + "netflow": { + "application_id": "AwAAew==", + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.30.19.180", + "destination_mac_address": "1c:df:0f:7e:c3:58", + "destination_transport_port": 123, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-02-14T11:10:36Z", + "uptime_millis": 4095650576, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 4095634572, + "flow_start_sys_up_time": 4095634572, + "fragment_identification": 0, + "ingress_interface": 1, + "ip_class_of_service": 192, + "ip_diff_serv_code_point": 48, + "ip_next_hop_ipv4_address": "0.0.0.0", + "octet_delta_count": 76, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "10.10.172.60", + "source_ipv4_prefix": "0.0.0.0", + "source_ipv4_prefix_length": 0, + "source_mac_address": "00:18:19:9e:6c:01", + "source_transport_port": 123, + "tcp_source_port": 0, + "type": "netflow_flow", + "udp_destination_port": 123 + }, + "network": { + "bytes": 76, + "community_id": "1:SGyGFFqT/UM9GzEbSqdVwvFlU/A=", + "direction": "inbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 76, + "ip": "10.10.172.60", + "locality": "private", + "mac": "00:18:19:9e:6c:01", + "packets": 1, + "port": 123 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-02-14T11:10:36Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.30.19.180", + "locality": "private", + "mac": "1c:df:0f:7e:c3:58", + "port": 161 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-02-14T11:10:36Z", + "duration": 72000000, + "end": "2017-02-14T11:10:20.008Z", + "kind": "event", + "start": "2017-02-14T11:10:19.936Z" + }, + "flow": { + "id": "g6a7KlISbtM", + "locality": "private" + }, + "netflow": { + "application_id": "BQAAJg==", + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.30.19.180", + "destination_mac_address": "1c:df:0f:7e:c3:58", + "destination_transport_port": 161, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-02-14T11:10:36Z", + "uptime_millis": 4095650576, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 4095634584, + "flow_start_sys_up_time": 4095634512, + "fragment_identification": 0, + "ingress_interface": 1, + "ip_class_of_service": 0, + "ip_diff_serv_code_point": 0, + "ip_next_hop_ipv4_address": "0.0.0.0", + "octet_delta_count": 2794, + "packet_delta_count": 36, + "protocol_identifier": 17, + "source_ipv4_address": "10.10.172.60", + "source_ipv4_prefix": "0.0.0.0", + "source_ipv4_prefix_length": 0, + "source_mac_address": "00:18:19:9e:6c:01", + "source_transport_port": 45269, + "tcp_source_port": 0, + "type": "netflow_flow", + "udp_destination_port": 161 + }, + "network": { + "bytes": 2794, + "community_id": "1:PmZN9x4ZCYdb226ilwjJYIAdKdY=", + "direction": "inbound", + "iana_number": 17, + "packets": 36, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 2794, + "ip": "10.10.172.60", + "locality": "private", + "mac": "00:18:19:9e:6c:01", + "packets": 36, + "port": 45269 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-NBAR-options-template-260.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-NBAR-options-template-260.golden.json new file mode 100644 index 00000000000..3be5e2844f6 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-NBAR-options-template-260.golden.json @@ -0,0 +1,530 @@ +{ + "test_name": "Netflow 9 Cisco NBAR options template 260", + "events": [ + { + "Timestamp": "2017-02-14T11:09:59Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2017-02-14T11:09:59Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-02-14T11:09:59Z", + "uptime_millis": 1980395436, + "version": 9 + }, + "options": { + "application_description": "Exterior Gateway Protocol", + "application_id": "AQAACA==", + "application_name": "egp" + }, + "scope": { + "octet_delta_count": 168755571 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-02-14T11:09:59Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2017-02-14T11:09:59Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-02-14T11:09:59Z", + "uptime_millis": 1980395436, + "version": 9 + }, + "options": { + "application_description": "General Routing Encapsulation", + "application_id": "AQAALw==", + "application_name": "gre" + }, + "scope": { + "octet_delta_count": 168755571 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-02-14T11:09:59Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2017-02-14T11:09:59Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-02-14T11:09:59Z", + "uptime_millis": 1980395436, + "version": 9 + }, + "options": { + "application_description": "Internet Control Message", + "application_id": "AQAAAQ==", + "application_name": "icmp" + }, + "scope": { + "octet_delta_count": 168755571 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-02-14T11:09:59Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2017-02-14T11:09:59Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-02-14T11:09:59Z", + "uptime_millis": 1980395436, + "version": 9 + }, + "options": { + "application_description": "Enhanced Interior Gateway Routing Protocol", + "application_id": "AQAAWA==", + "application_name": "eigrp" + }, + "scope": { + "octet_delta_count": 168755571 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-02-14T11:09:59Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2017-02-14T11:09:59Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-02-14T11:09:59Z", + "uptime_millis": 1980395436, + "version": 9 + }, + "options": { + "application_description": "IP in IP", + "application_id": "AQAABA==", + "application_name": "ipinip" + }, + "scope": { + "octet_delta_count": 168755571 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-02-14T11:09:59Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2017-02-14T11:09:59Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-02-14T11:09:59Z", + "uptime_millis": 1980395436, + "version": 9 + }, + "options": { + "application_description": "Open Shortest Path First", + "application_id": "AQAAWQ==", + "application_name": "ospf" + }, + "scope": { + "octet_delta_count": 168755571 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-02-14T11:09:59Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2017-02-14T11:09:59Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-02-14T11:09:59Z", + "uptime_millis": 1980395436, + "version": 9 + }, + "options": { + "application_description": "IPv6 Hop-by-Hop Option", + "application_id": "AQAAAA==", + "application_name": "hopopt" + }, + "scope": { + "octet_delta_count": 168755571 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-02-14T11:09:59Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2017-02-14T11:09:59Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-02-14T11:09:59Z", + "uptime_millis": 1980395436, + "version": 9 + }, + "options": { + "application_description": "Gateway-to-Gateway", + "application_id": "AQAAAw==", + "application_name": "ggp" + }, + "scope": { + "octet_delta_count": 168755571 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-02-14T11:09:59Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2017-02-14T11:09:59Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-02-14T11:09:59Z", + "uptime_millis": 1980395436, + "version": 9 + }, + "options": { + "application_description": "Stream", + "application_id": "AQAABQ==", + "application_name": "st" + }, + "scope": { + "octet_delta_count": 168755571 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-02-14T11:09:59Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2017-02-14T11:09:59Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-02-14T11:09:59Z", + "uptime_millis": 1980395436, + "version": 9 + }, + "options": { + "application_description": "CBT", + "application_id": "AQAABw==", + "application_name": "cbt" + }, + "scope": { + "octet_delta_count": 168755571 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-02-14T11:09:59Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2017-02-14T11:09:59Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-02-14T11:09:59Z", + "uptime_millis": 1980395436, + "version": 9 + }, + "options": { + "application_description": "Cisco interior gateway ", + "application_id": "AQAACQ==", + "application_name": "igrp" + }, + "scope": { + "octet_delta_count": 168755571 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-02-14T11:09:59Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2017-02-14T11:09:59Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-02-14T11:09:59Z", + "uptime_millis": 1980395436, + "version": 9 + }, + "options": { + "application_description": "BBN RCC Monitoring", + "application_id": "AQAACg==", + "application_name": "bbnrccmon" + }, + "scope": { + "octet_delta_count": 168755571 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-02-14T11:09:59Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2017-02-14T11:09:59Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-02-14T11:09:59Z", + "uptime_millis": 1980395436, + "version": 9 + }, + "options": { + "application_description": "Network Voice Protocol", + "application_id": "AQAACw==", + "application_name": "nvp-ii" + }, + "scope": { + "octet_delta_count": 168755571 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-02-14T11:09:59Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2017-02-14T11:09:59Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-02-14T11:09:59Z", + "uptime_millis": 1980395436, + "version": 9 + }, + "options": { + "application_description": "PUP", + "application_id": "AQAADA==", + "application_name": "pup" + }, + "scope": { + "octet_delta_count": 168755571 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-02-14T11:09:59Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2017-02-14T11:09:59Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-02-14T11:09:59Z", + "uptime_millis": 1980395436, + "version": 9 + }, + "options": { + "application_description": "ARGUS", + "application_id": "AQAADQ==", + "application_name": "argus" + }, + "scope": { + "octet_delta_count": 168755571 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-WLC-8500-release-8.2.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-WLC-8500-release-8.2.golden.json new file mode 100644 index 00000000000..8f3e89cfd20 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-WLC-8500-release-8.2.golden.json @@ -0,0 +1,3 @@ +{ + "test_name": "Netflow 9 Cisco WLC 8500 release 8.2" +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-WLC.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-WLC.golden.json new file mode 100644 index 00000000000..9782ab2e9f2 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-Cisco-WLC.golden.json @@ -0,0 +1,1107 @@ +{ + "test_name": "Netflow 9 Cisco WLC", + "events": [ + { + "Timestamp": "2017-06-22T06:31:14Z", + "Meta": null, + "Fields": { + "destination": { + "mac": "00:f6:63:cc:80:60" + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-22T06:31:14Z", + "kind": "event" + }, + "flow": { + "id": "lTcFptYSabQ", + "locality": "private" + }, + "netflow": { + "application_id": "DQAB3w==", + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-06-22T06:31:14Z", + "uptime_millis": 1336647838, + "version": 9 + }, + "flow_direction": 0, + "ip_diff_serv_code_point": 0, + "octet_delta_count": 3320, + "packet_delta_count": 83, + "post_ip_diff_serv_code_point": 0, + "sta_ipv4_address": "192.168.20.121", + "sta_mac_address": "34:02:86:75:c0:51", + "type": "netflow_flow", + "wlan_ssid": "Test-env", + "wtp_mac_address": "00:f6:63:cc:80:60" + }, + "network": { + "bytes": 3320, + "community_id": "1:UlZHnBlCtQefFmKlqGRdvpX2F6E=", + "direction": "inbound", + "name": "Test-env", + "packets": 83 + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 3320, + "ip": "192.168.20.121", + "locality": "private", + "mac": "34:02:86:75:c0:51", + "packets": 83 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-22T06:31:14Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.20.121", + "locality": "private", + "mac": "34:02:86:75:c0:51" + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-22T06:31:14Z", + "kind": "event" + }, + "flow": { + "id": "Q1JIGzkHw0I", + "locality": "private" + }, + "netflow": { + "application_id": "DQAB3w==", + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-06-22T06:31:14Z", + "uptime_millis": 1336647838, + "version": 9 + }, + "flow_direction": 1, + "ip_diff_serv_code_point": 0, + "octet_delta_count": 3320, + "packet_delta_count": 83, + "post_ip_diff_serv_code_point": 0, + "sta_ipv4_address": "192.168.20.121", + "sta_mac_address": "34:02:86:75:c0:51", + "type": "netflow_flow", + "wlan_ssid": "Test-env", + "wtp_mac_address": "00:f6:63:cc:80:60" + }, + "network": { + "bytes": 3320, + "community_id": "1:UlZHnBlCtQefFmKlqGRdvpX2F6E=", + "direction": "outbound", + "name": "Test-env", + "packets": 83 + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 3320, + "mac": "00:f6:63:cc:80:60", + "packets": 83 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-22T06:31:14Z", + "Meta": null, + "Fields": { + "destination": { + "mac": "00:f6:63:cc:80:60" + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-22T06:31:14Z", + "kind": "event" + }, + "flow": { + "id": "lTcFptYSabQ", + "locality": "private" + }, + "netflow": { + "application_id": "AwAANQ==", + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-06-22T06:31:14Z", + "uptime_millis": 1336647838, + "version": 9 + }, + "flow_direction": 0, + "ip_diff_serv_code_point": 0, + "octet_delta_count": 7760, + "packet_delta_count": 69, + "post_ip_diff_serv_code_point": 0, + "sta_ipv4_address": "192.168.20.121", + "sta_mac_address": "34:02:86:75:c0:51", + "type": "netflow_flow", + "wlan_ssid": "Test-env", + "wtp_mac_address": "00:f6:63:cc:80:60" + }, + "network": { + "bytes": 7760, + "community_id": "1:UlZHnBlCtQefFmKlqGRdvpX2F6E=", + "direction": "inbound", + "name": "Test-env", + "packets": 69 + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 7760, + "ip": "192.168.20.121", + "locality": "private", + "mac": "34:02:86:75:c0:51", + "packets": 69 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-22T06:31:14Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.20.121", + "locality": "private", + "mac": "34:02:86:75:c0:51" + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-22T06:31:14Z", + "kind": "event" + }, + "flow": { + "id": "Q1JIGzkHw0I", + "locality": "private" + }, + "netflow": { + "application_id": "AwAANQ==", + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-06-22T06:31:14Z", + "uptime_millis": 1336647838, + "version": 9 + }, + "flow_direction": 1, + "ip_diff_serv_code_point": 0, + "octet_delta_count": 10229, + "packet_delta_count": 69, + "post_ip_diff_serv_code_point": 0, + "sta_ipv4_address": "192.168.20.121", + "sta_mac_address": "34:02:86:75:c0:51", + "type": "netflow_flow", + "wlan_ssid": "Test-env", + "wtp_mac_address": "00:f6:63:cc:80:60" + }, + "network": { + "bytes": 10229, + "community_id": "1:UlZHnBlCtQefFmKlqGRdvpX2F6E=", + "direction": "outbound", + "name": "Test-env", + "packets": 69 + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 10229, + "mac": "00:f6:63:cc:80:60", + "packets": 69 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-22T06:31:14Z", + "Meta": null, + "Fields": { + "destination": { + "mac": "00:f6:63:cc:80:60" + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-22T06:31:14Z", + "kind": "event" + }, + "flow": { + "id": "lTcFptYSabQ", + "locality": "private" + }, + "netflow": { + "application_id": "AwAAig==", + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-06-22T06:31:14Z", + "uptime_millis": 1336647838, + "version": 9 + }, + "flow_direction": 0, + "ip_diff_serv_code_point": 0, + "octet_delta_count": 215, + "packet_delta_count": 1, + "post_ip_diff_serv_code_point": 0, + "sta_ipv4_address": "192.168.20.121", + "sta_mac_address": "34:02:86:75:c0:51", + "type": "netflow_flow", + "wlan_ssid": "Test-env", + "wtp_mac_address": "00:f6:63:cc:80:60" + }, + "network": { + "bytes": 215, + "community_id": "1:UlZHnBlCtQefFmKlqGRdvpX2F6E=", + "direction": "inbound", + "name": "Test-env", + "packets": 1 + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 215, + "ip": "192.168.20.121", + "locality": "private", + "mac": "34:02:86:75:c0:51", + "packets": 1 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-22T06:31:14Z", + "Meta": null, + "Fields": { + "destination": { + "mac": "00:f6:63:cc:80:60" + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-22T06:31:14Z", + "kind": "event" + }, + "flow": { + "id": "lTcFptYSabQ", + "locality": "private" + }, + "netflow": { + "application_id": "DQAAAQ==", + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-06-22T06:31:14Z", + "uptime_millis": 1336647838, + "version": 9 + }, + "flow_direction": 0, + "ip_diff_serv_code_point": 0, + "octet_delta_count": 40854, + "packet_delta_count": 225, + "post_ip_diff_serv_code_point": 0, + "sta_ipv4_address": "192.168.20.121", + "sta_mac_address": "34:02:86:75:c0:51", + "type": "netflow_flow", + "wlan_ssid": "Test-env", + "wtp_mac_address": "00:f6:63:cc:80:60" + }, + "network": { + "bytes": 40854, + "community_id": "1:UlZHnBlCtQefFmKlqGRdvpX2F6E=", + "direction": "inbound", + "name": "Test-env", + "packets": 225 + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 40854, + "ip": "192.168.20.121", + "locality": "private", + "mac": "34:02:86:75:c0:51", + "packets": 225 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-22T06:31:14Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.20.121", + "locality": "private", + "mac": "34:02:86:75:c0:51" + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-22T06:31:14Z", + "kind": "event" + }, + "flow": { + "id": "Q1JIGzkHw0I", + "locality": "private" + }, + "netflow": { + "application_id": "DQAAAQ==", + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-06-22T06:31:14Z", + "uptime_millis": 1336647838, + "version": 9 + }, + "flow_direction": 1, + "ip_diff_serv_code_point": 0, + "octet_delta_count": 35866, + "packet_delta_count": 154, + "post_ip_diff_serv_code_point": 0, + "sta_ipv4_address": "192.168.20.121", + "sta_mac_address": "34:02:86:75:c0:51", + "type": "netflow_flow", + "wlan_ssid": "Test-env", + "wtp_mac_address": "00:f6:63:cc:80:60" + }, + "network": { + "bytes": 35866, + "community_id": "1:UlZHnBlCtQefFmKlqGRdvpX2F6E=", + "direction": "outbound", + "name": "Test-env", + "packets": 154 + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 35866, + "mac": "00:f6:63:cc:80:60", + "packets": 154 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-22T06:31:14Z", + "Meta": null, + "Fields": { + "destination": { + "mac": "00:f6:63:cc:80:60" + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-22T06:31:14Z", + "kind": "event" + }, + "flow": { + "id": "lTcFptYSabQ", + "locality": "private" + }, + "netflow": { + "application_id": "AwAAUA==", + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-06-22T06:31:14Z", + "uptime_millis": 1336647838, + "version": 9 + }, + "flow_direction": 0, + "ip_diff_serv_code_point": 0, + "octet_delta_count": 12279, + "packet_delta_count": 63, + "post_ip_diff_serv_code_point": 0, + "sta_ipv4_address": "192.168.20.121", + "sta_mac_address": "34:02:86:75:c0:51", + "type": "netflow_flow", + "wlan_ssid": "Test-env", + "wtp_mac_address": "00:f6:63:cc:80:60" + }, + "network": { + "bytes": 12279, + "community_id": "1:UlZHnBlCtQefFmKlqGRdvpX2F6E=", + "direction": "inbound", + "name": "Test-env", + "packets": 63 + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 12279, + "ip": "192.168.20.121", + "locality": "private", + "mac": "34:02:86:75:c0:51", + "packets": 63 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-22T06:31:14Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.20.121", + "locality": "private", + "mac": "34:02:86:75:c0:51" + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-22T06:31:14Z", + "kind": "event" + }, + "flow": { + "id": "Q1JIGzkHw0I", + "locality": "private" + }, + "netflow": { + "application_id": "AwAAUA==", + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-06-22T06:31:14Z", + "uptime_millis": 1336647838, + "version": 9 + }, + "flow_direction": 1, + "ip_diff_serv_code_point": 0, + "octet_delta_count": 27287, + "packet_delta_count": 61, + "post_ip_diff_serv_code_point": 0, + "sta_ipv4_address": "192.168.20.121", + "sta_mac_address": "34:02:86:75:c0:51", + "type": "netflow_flow", + "wlan_ssid": "Test-env", + "wtp_mac_address": "00:f6:63:cc:80:60" + }, + "network": { + "bytes": 27287, + "community_id": "1:UlZHnBlCtQefFmKlqGRdvpX2F6E=", + "direction": "outbound", + "name": "Test-env", + "packets": 61 + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 27287, + "mac": "00:f6:63:cc:80:60", + "packets": 61 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-22T06:31:14Z", + "Meta": null, + "Fields": { + "destination": { + "mac": "00:f6:63:cc:80:60" + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-22T06:31:14Z", + "kind": "event" + }, + "flow": { + "id": "lTcFptYSabQ", + "locality": "private" + }, + "netflow": { + "application_id": "DQABxQ==", + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-06-22T06:31:14Z", + "uptime_millis": 1336647838, + "version": 9 + }, + "flow_direction": 0, + "ip_diff_serv_code_point": 0, + "octet_delta_count": 147145, + "packet_delta_count": 773, + "post_ip_diff_serv_code_point": 0, + "sta_ipv4_address": "192.168.20.121", + "sta_mac_address": "34:02:86:75:c0:51", + "type": "netflow_flow", + "wlan_ssid": "Test-env", + "wtp_mac_address": "00:f6:63:cc:80:60" + }, + "network": { + "bytes": 147145, + "community_id": "1:UlZHnBlCtQefFmKlqGRdvpX2F6E=", + "direction": "inbound", + "name": "Test-env", + "packets": 773 + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 147145, + "ip": "192.168.20.121", + "locality": "private", + "mac": "34:02:86:75:c0:51", + "packets": 773 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-22T06:31:14Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.20.121", + "locality": "private", + "mac": "34:02:86:75:c0:51" + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-22T06:31:14Z", + "kind": "event" + }, + "flow": { + "id": "Q1JIGzkHw0I", + "locality": "private" + }, + "netflow": { + "application_id": "DQABxQ==", + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-06-22T06:31:14Z", + "uptime_millis": 1336647838, + "version": 9 + }, + "flow_direction": 1, + "ip_diff_serv_code_point": 0, + "octet_delta_count": 1182695, + "packet_delta_count": 1379, + "post_ip_diff_serv_code_point": 0, + "sta_ipv4_address": "192.168.20.121", + "sta_mac_address": "34:02:86:75:c0:51", + "type": "netflow_flow", + "wlan_ssid": "Test-env", + "wtp_mac_address": "00:f6:63:cc:80:60" + }, + "network": { + "bytes": 1182695, + "community_id": "1:UlZHnBlCtQefFmKlqGRdvpX2F6E=", + "direction": "outbound", + "name": "Test-env", + "packets": 1379 + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1182695, + "mac": "00:f6:63:cc:80:60", + "packets": 1379 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-22T06:31:14Z", + "Meta": null, + "Fields": { + "destination": { + "mac": "00:f6:63:cc:80:60" + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-22T06:31:14Z", + "kind": "event" + }, + "flow": { + "id": "lTcFptYSabQ", + "locality": "private" + }, + "netflow": { + "application_id": "DQACCA==", + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-06-22T06:31:14Z", + "uptime_millis": 1336647838, + "version": 9 + }, + "flow_direction": 0, + "ip_diff_serv_code_point": 0, + "octet_delta_count": 6777, + "packet_delta_count": 26, + "post_ip_diff_serv_code_point": 0, + "sta_ipv4_address": "192.168.20.121", + "sta_mac_address": "34:02:86:75:c0:51", + "type": "netflow_flow", + "wlan_ssid": "Test-env", + "wtp_mac_address": "00:f6:63:cc:80:60" + }, + "network": { + "bytes": 6777, + "community_id": "1:UlZHnBlCtQefFmKlqGRdvpX2F6E=", + "direction": "inbound", + "name": "Test-env", + "packets": 26 + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 6777, + "ip": "192.168.20.121", + "locality": "private", + "mac": "34:02:86:75:c0:51", + "packets": 26 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-22T06:31:14Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.20.121", + "locality": "private", + "mac": "34:02:86:75:c0:51" + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-22T06:31:14Z", + "kind": "event" + }, + "flow": { + "id": "Q1JIGzkHw0I", + "locality": "private" + }, + "netflow": { + "application_id": "DQACCA==", + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-06-22T06:31:14Z", + "uptime_millis": 1336647838, + "version": 9 + }, + "flow_direction": 1, + "ip_diff_serv_code_point": 0, + "octet_delta_count": 8625, + "packet_delta_count": 26, + "post_ip_diff_serv_code_point": 0, + "sta_ipv4_address": "192.168.20.121", + "sta_mac_address": "34:02:86:75:c0:51", + "type": "netflow_flow", + "wlan_ssid": "Test-env", + "wtp_mac_address": "00:f6:63:cc:80:60" + }, + "network": { + "bytes": 8625, + "community_id": "1:UlZHnBlCtQefFmKlqGRdvpX2F6E=", + "direction": "outbound", + "name": "Test-env", + "packets": 26 + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 8625, + "mac": "00:f6:63:cc:80:60", + "packets": 26 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-22T06:31:14Z", + "Meta": null, + "Fields": { + "destination": { + "mac": "00:f6:63:cc:80:60" + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-22T06:31:14Z", + "kind": "event" + }, + "flow": { + "id": "lTcFptYSabQ", + "locality": "private" + }, + "netflow": { + "application_id": "AwABuw==", + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-06-22T06:31:14Z", + "uptime_millis": 1336647838, + "version": 9 + }, + "flow_direction": 0, + "ip_diff_serv_code_point": 0, + "octet_delta_count": 2433001, + "packet_delta_count": 20434, + "post_ip_diff_serv_code_point": 0, + "sta_ipv4_address": "192.168.20.121", + "sta_mac_address": "34:02:86:75:c0:51", + "type": "netflow_flow", + "wlan_ssid": "Test-env", + "wtp_mac_address": "00:f6:63:cc:80:60" + }, + "network": { + "bytes": 2433001, + "community_id": "1:UlZHnBlCtQefFmKlqGRdvpX2F6E=", + "direction": "inbound", + "name": "Test-env", + "packets": 20434 + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 2433001, + "ip": "192.168.20.121", + "locality": "private", + "mac": "34:02:86:75:c0:51", + "packets": 20434 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-22T06:31:14Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.20.121", + "locality": "private", + "mac": "34:02:86:75:c0:51" + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-22T06:31:14Z", + "kind": "event" + }, + "flow": { + "id": "Q1JIGzkHw0I", + "locality": "private" + }, + "netflow": { + "application_id": "AwABuw==", + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-06-22T06:31:14Z", + "uptime_millis": 1336647838, + "version": 9 + }, + "flow_direction": 1, + "ip_diff_serv_code_point": 0, + "octet_delta_count": 56599680, + "packet_delta_count": 40726, + "post_ip_diff_serv_code_point": 0, + "sta_ipv4_address": "192.168.20.121", + "sta_mac_address": "34:02:86:75:c0:51", + "type": "netflow_flow", + "wlan_ssid": "Test-env", + "wtp_mac_address": "00:f6:63:cc:80:60" + }, + "network": { + "bytes": 56599680, + "community_id": "1:UlZHnBlCtQefFmKlqGRdvpX2F6E=", + "direction": "outbound", + "name": "Test-env", + "packets": 40726 + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 56599680, + "mac": "00:f6:63:cc:80:60", + "packets": 40726 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-22T06:31:14Z", + "Meta": null, + "Fields": { + "destination": { + "mac": "00:f6:63:cc:80:60" + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-22T06:31:14Z", + "kind": "event" + }, + "flow": { + "id": "lTcFptYSabQ", + "locality": "private" + }, + "netflow": { + "application_id": "AQAAAQ==", + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-06-22T06:31:14Z", + "uptime_millis": 1336647838, + "version": 9 + }, + "flow_direction": 0, + "ip_diff_serv_code_point": 0, + "octet_delta_count": 1658, + "packet_delta_count": 15, + "post_ip_diff_serv_code_point": 0, + "sta_ipv4_address": "192.168.20.121", + "sta_mac_address": "34:02:86:75:c0:51", + "type": "netflow_flow", + "wlan_ssid": "Test-env", + "wtp_mac_address": "00:f6:63:cc:80:60" + }, + "network": { + "bytes": 1658, + "community_id": "1:UlZHnBlCtQefFmKlqGRdvpX2F6E=", + "direction": "inbound", + "name": "Test-env", + "packets": 15 + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1658, + "ip": "192.168.20.121", + "locality": "private", + "mac": "34:02:86:75:c0:51", + "packets": 15 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-22T06:31:14Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.20.121", + "locality": "private", + "mac": "34:02:86:75:c0:51" + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-22T06:31:14Z", + "kind": "event" + }, + "flow": { + "id": "Q1JIGzkHw0I", + "locality": "private" + }, + "netflow": { + "application_id": "AQAAAQ==", + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-06-22T06:31:14Z", + "uptime_millis": 1336647838, + "version": 9 + }, + "flow_direction": 1, + "ip_diff_serv_code_point": 0, + "octet_delta_count": 950, + "packet_delta_count": 14, + "post_ip_diff_serv_code_point": 0, + "sta_ipv4_address": "192.168.20.121", + "sta_mac_address": "34:02:86:75:c0:51", + "type": "netflow_flow", + "wlan_ssid": "Test-env", + "wtp_mac_address": "00:f6:63:cc:80:60" + }, + "network": { + "bytes": 950, + "community_id": "1:UlZHnBlCtQefFmKlqGRdvpX2F6E=", + "direction": "outbound", + "name": "Test-env", + "packets": 14 + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 950, + "mac": "00:f6:63:cc:80:60", + "packets": 14 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-22T06:31:14Z", + "Meta": null, + "Fields": { + "destination": { + "mac": "00:f6:63:cc:80:60" + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-22T06:31:14Z", + "kind": "event" + }, + "flow": { + "id": "lTcFptYSabQ", + "locality": "private" + }, + "netflow": { + "application_id": "DQABrw==", + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-06-22T06:31:14Z", + "uptime_millis": 1336647838, + "version": 9 + }, + "flow_direction": 0, + "ip_diff_serv_code_point": 0, + "octet_delta_count": 1495567, + "packet_delta_count": 16145, + "post_ip_diff_serv_code_point": 0, + "sta_ipv4_address": "192.168.20.121", + "sta_mac_address": "34:02:86:75:c0:51", + "type": "netflow_flow", + "wlan_ssid": "Test-env", + "wtp_mac_address": "00:f6:63:cc:80:60" + }, + "network": { + "bytes": 1495567, + "community_id": "1:UlZHnBlCtQefFmKlqGRdvpX2F6E=", + "direction": "inbound", + "name": "Test-env", + "packets": 16145 + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1495567, + "ip": "192.168.20.121", + "locality": "private", + "mac": "34:02:86:75:c0:51", + "packets": 16145 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-06-22T06:31:14Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.20.121", + "locality": "private", + "mac": "34:02:86:75:c0:51" + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-06-22T06:31:14Z", + "kind": "event" + }, + "flow": { + "id": "Q1JIGzkHw0I", + "locality": "private" + }, + "netflow": { + "application_id": "DQABrw==", + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-06-22T06:31:14Z", + "uptime_millis": 1336647838, + "version": 9 + }, + "flow_direction": 1, + "ip_diff_serv_code_point": 0, + "octet_delta_count": 80973880, + "packet_delta_count": 53362, + "post_ip_diff_serv_code_point": 0, + "sta_ipv4_address": "192.168.20.121", + "sta_mac_address": "34:02:86:75:c0:51", + "type": "netflow_flow", + "wlan_ssid": "Test-env", + "wtp_mac_address": "00:f6:63:cc:80:60" + }, + "network": { + "bytes": 80973880, + "community_id": "1:UlZHnBlCtQefFmKlqGRdvpX2F6E=", + "direction": "outbound", + "name": "Test-env", + "packets": 53362 + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 80973880, + "mac": "00:f6:63:cc:80:60", + "packets": 53362 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-Fortigate-FortiOS-5.2.1.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-Fortigate-FortiOS-5.2.1.golden.json new file mode 100644 index 00000000000..197212e152c --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-Fortigate-FortiOS-5.2.1.golden.json @@ -0,0 +1,108 @@ +{ + "test_name": "Netflow 9 Fortigate FortiOS 5.2.1", + "events": [ + { + "Timestamp": "2017-07-18T05:42:14Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2017-07-18T05:42:14Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-07-18T05:42:14Z", + "uptime_millis": 20427178, + "version": 9 + }, + "options": { + "exported_flow_record_total_count": 107864, + "exported_message_total_count": 11920854, + "exported_octet_total_count": 6871319015, + "flow_active_timeout": 1800, + "flow_idle_timeout": 15, + "sampling_algorithm": 1, + "sampling_interval": 1 + }, + "scope": { + "octet_delta_count": 1 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-07-18T05:41:59Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "31.13.87.36", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-07-18T05:41:59Z", + "kind": "event" + }, + "flow": { + "id": "SKsZNpZob60", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "31.13.87.36", + "destination_transport_port": 443, + "egress_interface": 3, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-07-18T05:41:59Z", + "uptime_millis": 20412178, + "version": 9 + }, + "flow_end_sys_up_time": 621770700, + "flow_start_sys_up_time": 621761700, + "ingress_interface": 9, + "octet_delta_count": 152, + "packet_delta_count": 3, + "post_octet_delta_count": 0, + "post_packet_delta_count": 0, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.99.7", + "source_transport_port": 61910, + "type": "netflow_flow" + }, + "network": { + "bytes": 152, + "community_id": "1:/WRdjqoOaqvaSKG3KADN7XCzjYI=", + "direction": "unknown", + "iana_number": 6, + "packets": 3, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 152, + "ip": "192.168.99.7", + "locality": "private", + "packets": 3, + "port": 61910 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-Fortigate-FortiOS-54x-appid.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-Fortigate-FortiOS-54x-appid.golden.json new file mode 100644 index 00000000000..7e2cf662d47 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-Fortigate-FortiOS-54x-appid.golden.json @@ -0,0 +1,1231 @@ +{ + "test_name": "Netflow 9 Fortigate FortiOS 54x appid", + "events": [ + { + "Timestamp": "2018-05-11T00:54:11Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "182.50.136.239", + "locality": "public", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-11T00:54:11Z", + "duration": 410000000, + "end": "2018-05-11T00:54:09.99Z", + "kind": "event", + "start": "2018-05-11T00:54:09.58Z" + }, + "flow": { + "id": "FfT-8jRRvok", + "locality": "public" + }, + "netflow": { + "application_id": "FAAAMEQAAI80", + "destination_ipv4_address": "182.50.136.239", + "destination_transport_port": 80, + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2018-05-11T00:54:11Z", + "uptime_millis": 2432100, + "version": 9 + }, + "flow_end_reason": 3, + "flow_end_sys_up_time": 2431090, + "flow_start_sys_up_time": 2430680, + "forwarding_status": 64, + "ingress_interface": 8, + "octet_delta_count": 748, + "packet_delta_count": 6, + "post_napt_destination_transport_port": 0, + "post_napt_source_transport_port": 45380, + "post_nat_destination_ipv4_address": "0.0.0.0", + "post_nat_source_ipv4_address": "10.0.0.250", + "post_octet_delta_count": 748, + "post_packet_delta_count": 6, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.100.151", + "source_transport_port": 45380, + "type": "netflow_flow" + }, + "network": { + "bytes": 748, + "community_id": "1:cc44MungwEZdPeddV0yoKBntw9Q=", + "direction": "unknown", + "iana_number": 6, + "packets": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 748, + "ip": "192.168.100.151", + "locality": "private", + "packets": 6, + "port": 45380 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-11T00:54:11Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.100.151", + "locality": "private", + "port": 44778 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-11T00:54:11Z", + "duration": 1130000000, + "end": "2018-05-11T00:54:09.74Z", + "kind": "event", + "start": "2018-05-11T00:54:08.61Z" + }, + "flow": { + "id": "bZjTG4EkhLs", + "locality": "public" + }, + "netflow": { + "application_id": "FAAAMEQAAJ54", + "destination_ipv4_address": "192.168.100.151", + "destination_transport_port": 44778, + "egress_interface": 8, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2018-05-11T00:54:11Z", + "uptime_millis": 2432100, + "version": 9 + }, + "flow_end_reason": 3, + "flow_end_sys_up_time": 2430840, + "flow_start_sys_up_time": 2429710, + "forwarding_status": 64, + "ingress_interface": 2, + "octet_delta_count": 6948, + "packet_delta_count": 10, + "post_napt_destination_transport_port": 44778, + "post_napt_source_transport_port": 0, + "post_nat_destination_ipv4_address": "10.0.0.250", + "post_nat_source_ipv4_address": "0.0.0.0", + "post_octet_delta_count": 6948, + "post_packet_delta_count": 10, + "protocol_identifier": 6, + "source_ipv4_address": "208.100.17.187", + "source_transport_port": 443, + "type": "netflow_flow" + }, + "network": { + "bytes": 6948, + "community_id": "1:pbiS0by8+CypjtPRsL9VZgvpS58=", + "direction": "unknown", + "iana_number": 6, + "packets": 10, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 6948, + "ip": "208.100.17.187", + "locality": "public", + "packets": 10, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-11T00:54:11Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "208.100.17.187", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-11T00:54:11Z", + "duration": 1130000000, + "end": "2018-05-11T00:54:09.74Z", + "kind": "event", + "start": "2018-05-11T00:54:08.61Z" + }, + "flow": { + "id": "bZjTG4EkhLs", + "locality": "public" + }, + "netflow": { + "application_id": "FAAAMEQAAJ54", + "destination_ipv4_address": "208.100.17.187", + "destination_transport_port": 443, + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2018-05-11T00:54:11Z", + "uptime_millis": 2432100, + "version": 9 + }, + "flow_end_reason": 3, + "flow_end_sys_up_time": 2430840, + "flow_start_sys_up_time": 2429710, + "forwarding_status": 64, + "ingress_interface": 8, + "octet_delta_count": 1584, + "packet_delta_count": 14, + "post_napt_destination_transport_port": 0, + "post_napt_source_transport_port": 44778, + "post_nat_destination_ipv4_address": "0.0.0.0", + "post_nat_source_ipv4_address": "10.0.0.250", + "post_octet_delta_count": 1584, + "post_packet_delta_count": 14, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.100.151", + "source_transport_port": 44778, + "type": "netflow_flow" + }, + "network": { + "bytes": 1584, + "community_id": "1:pbiS0by8+CypjtPRsL9VZgvpS58=", + "direction": "unknown", + "iana_number": 6, + "packets": 14, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1584, + "ip": "192.168.100.151", + "locality": "private", + "packets": 14, + "port": 44778 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-11T00:54:11Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.100.151", + "locality": "private", + "port": 50618 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-11T00:54:11Z", + "duration": 1040000000, + "end": "2018-05-11T00:54:09.74Z", + "kind": "event", + "start": "2018-05-11T00:54:08.7Z" + }, + "flow": { + "id": "kZjCeMUhjqE", + "locality": "public" + }, + "netflow": { + "application_id": "FAAAMEQAAJ54", + "destination_ipv4_address": "192.168.100.151", + "destination_transport_port": 50618, + "egress_interface": 8, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2018-05-11T00:54:11Z", + "uptime_millis": 2432100, + "version": 9 + }, + "flow_end_reason": 3, + "flow_end_sys_up_time": 2430840, + "flow_start_sys_up_time": 2429800, + "forwarding_status": 64, + "ingress_interface": 2, + "octet_delta_count": 8201, + "packet_delta_count": 11, + "post_napt_destination_transport_port": 50618, + "post_napt_source_transport_port": 0, + "post_nat_destination_ipv4_address": "10.0.0.250", + "post_nat_source_ipv4_address": "0.0.0.0", + "post_octet_delta_count": 8201, + "post_packet_delta_count": 11, + "protocol_identifier": 6, + "source_ipv4_address": "208.100.17.189", + "source_transport_port": 443, + "type": "netflow_flow" + }, + "network": { + "bytes": 8201, + "community_id": "1:ViaPZHKcEpCQ2WFRPBF0gJ8jknQ=", + "direction": "unknown", + "iana_number": 6, + "packets": 11, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 8201, + "ip": "208.100.17.189", + "locality": "public", + "packets": 11, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-11T00:54:11Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "208.100.17.189", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-11T00:54:11Z", + "duration": 1040000000, + "end": "2018-05-11T00:54:09.74Z", + "kind": "event", + "start": "2018-05-11T00:54:08.7Z" + }, + "flow": { + "id": "kZjCeMUhjqE", + "locality": "public" + }, + "netflow": { + "application_id": "FAAAMEQAAJ54", + "destination_ipv4_address": "208.100.17.189", + "destination_transport_port": 443, + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2018-05-11T00:54:11Z", + "uptime_millis": 2432100, + "version": 9 + }, + "flow_end_reason": 3, + "flow_end_sys_up_time": 2430840, + "flow_start_sys_up_time": 2429800, + "forwarding_status": 64, + "ingress_interface": 8, + "octet_delta_count": 1729, + "packet_delta_count": 15, + "post_napt_destination_transport_port": 0, + "post_napt_source_transport_port": 50618, + "post_nat_destination_ipv4_address": "0.0.0.0", + "post_nat_source_ipv4_address": "10.0.0.250", + "post_octet_delta_count": 1729, + "post_packet_delta_count": 15, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.100.151", + "source_transport_port": 50618, + "type": "netflow_flow" + }, + "network": { + "bytes": 1729, + "community_id": "1:ViaPZHKcEpCQ2WFRPBF0gJ8jknQ=", + "direction": "unknown", + "iana_number": 6, + "packets": 15, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1729, + "ip": "192.168.100.151", + "locality": "private", + "packets": 15, + "port": 50618 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-11T00:54:11Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.100.151", + "locality": "private", + "port": 33660 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-11T00:54:11Z", + "duration": 410000000, + "end": "2018-05-11T00:54:09.11Z", + "kind": "event", + "start": "2018-05-11T00:54:08.7Z" + }, + "flow": { + "id": "8PR91KFjFKw", + "locality": "public" + }, + "netflow": { + "application_id": "FAAAMEQAAGTz", + "destination_ipv4_address": "192.168.100.151", + "destination_transport_port": 33660, + "egress_interface": 8, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2018-05-11T00:54:11Z", + "uptime_millis": 2432100, + "version": 9 + }, + "flow_end_reason": 3, + "flow_end_sys_up_time": 2430210, + "flow_start_sys_up_time": 2429800, + "forwarding_status": 64, + "ingress_interface": 2, + "octet_delta_count": 1122, + "packet_delta_count": 5, + "post_napt_destination_transport_port": 33660, + "post_napt_source_transport_port": 0, + "post_nat_destination_ipv4_address": "10.0.0.250", + "post_nat_source_ipv4_address": "0.0.0.0", + "post_octet_delta_count": 1122, + "post_packet_delta_count": 5, + "protocol_identifier": 6, + "source_ipv4_address": "178.255.83.1", + "source_transport_port": 80, + "type": "netflow_flow" + }, + "network": { + "bytes": 1122, + "community_id": "1:f1/h2ZMHLBG8+ajVGrPeVdJVklE=", + "direction": "unknown", + "iana_number": 6, + "packets": 5, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1122, + "ip": "178.255.83.1", + "locality": "public", + "packets": 5, + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-11T00:54:11Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "178.255.83.1", + "locality": "public", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-11T00:54:11Z", + "duration": 410000000, + "end": "2018-05-11T00:54:09.11Z", + "kind": "event", + "start": "2018-05-11T00:54:08.7Z" + }, + "flow": { + "id": "8PR91KFjFKw", + "locality": "public" + }, + "netflow": { + "application_id": "FAAAMEQAAGTz", + "destination_ipv4_address": "178.255.83.1", + "destination_transport_port": 80, + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2018-05-11T00:54:11Z", + "uptime_millis": 2432100, + "version": 9 + }, + "flow_end_reason": 3, + "flow_end_sys_up_time": 2430210, + "flow_start_sys_up_time": 2429800, + "forwarding_status": 64, + "ingress_interface": 8, + "octet_delta_count": 705, + "packet_delta_count": 5, + "post_napt_destination_transport_port": 0, + "post_napt_source_transport_port": 33660, + "post_nat_destination_ipv4_address": "0.0.0.0", + "post_nat_source_ipv4_address": "10.0.0.250", + "post_octet_delta_count": 705, + "post_packet_delta_count": 5, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.100.151", + "source_transport_port": 33660, + "type": "netflow_flow" + }, + "network": { + "bytes": 705, + "community_id": "1:f1/h2ZMHLBG8+ajVGrPeVdJVklE=", + "direction": "unknown", + "iana_number": 6, + "packets": 5, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 705, + "ip": "192.168.100.151", + "locality": "private", + "packets": 5, + "port": 33660 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-11T00:54:11Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.100.151", + "locality": "private", + "port": 33646 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-11T00:54:11Z", + "duration": 370000000, + "end": "2018-05-11T00:54:08.53Z", + "kind": "event", + "start": "2018-05-11T00:54:08.16Z" + }, + "flow": { + "id": "O5vacJG8mLQ", + "locality": "public" + }, + "netflow": { + "application_id": "FAAAMEQAAGTz", + "destination_ipv4_address": "192.168.100.151", + "destination_transport_port": 33646, + "egress_interface": 8, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2018-05-11T00:54:11Z", + "uptime_millis": 2432100, + "version": 9 + }, + "flow_end_reason": 3, + "flow_end_sys_up_time": 2429630, + "flow_start_sys_up_time": 2429260, + "forwarding_status": 64, + "ingress_interface": 2, + "octet_delta_count": 1123, + "packet_delta_count": 5, + "post_napt_destination_transport_port": 33646, + "post_napt_source_transport_port": 0, + "post_nat_destination_ipv4_address": "10.0.0.250", + "post_nat_source_ipv4_address": "0.0.0.0", + "post_octet_delta_count": 1123, + "post_packet_delta_count": 5, + "protocol_identifier": 6, + "source_ipv4_address": "178.255.83.1", + "source_transport_port": 80, + "type": "netflow_flow" + }, + "network": { + "bytes": 1123, + "community_id": "1:hBHjvmVd13dLnqS0QH+QxbITN4c=", + "direction": "unknown", + "iana_number": 6, + "packets": 5, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1123, + "ip": "178.255.83.1", + "locality": "public", + "packets": 5, + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-11T00:54:11Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "178.255.83.1", + "locality": "public", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-11T00:54:11Z", + "duration": 370000000, + "end": "2018-05-11T00:54:08.53Z", + "kind": "event", + "start": "2018-05-11T00:54:08.16Z" + }, + "flow": { + "id": "O5vacJG8mLQ", + "locality": "public" + }, + "netflow": { + "application_id": "FAAAMEQAAGTz", + "destination_ipv4_address": "178.255.83.1", + "destination_transport_port": 80, + "egress_interface": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2018-05-11T00:54:11Z", + "uptime_millis": 2432100, + "version": 9 + }, + "flow_end_reason": 3, + "flow_end_sys_up_time": 2429630, + "flow_start_sys_up_time": 2429260, + "forwarding_status": 64, + "ingress_interface": 8, + "octet_delta_count": 706, + "packet_delta_count": 5, + "post_napt_destination_transport_port": 0, + "post_napt_source_transport_port": 33646, + "post_nat_destination_ipv4_address": "0.0.0.0", + "post_nat_source_ipv4_address": "10.0.0.250", + "post_octet_delta_count": 706, + "post_packet_delta_count": 5, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.100.151", + "source_transport_port": 33646, + "type": "netflow_flow" + }, + "network": { + "bytes": 706, + "community_id": "1:hBHjvmVd13dLnqS0QH+QxbITN4c=", + "direction": "unknown", + "iana_number": 6, + "packets": 5, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 706, + "ip": "192.168.100.151", + "locality": "private", + "packets": 5, + "port": 33646 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-11T00:54:11Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.100.150", + "locality": "private", + "port": 52970 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-11T00:54:11Z", + "duration": 80000000, + "end": "2018-05-11T00:51:08.63Z", + "kind": "event", + "start": "2018-05-11T00:51:08.55Z" + }, + "flow": { + "id": "wdz94oax40U", + "locality": "private" + }, + "netflow": { + "application_id": "FAAAMEQAAAAA", + "destination_ipv4_address": "192.168.100.150", + "destination_transport_port": 52970, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2018-05-11T00:54:11Z", + "uptime_millis": 2432100, + "version": 9 + }, + "flow_end_reason": 0, + "flow_end_sys_up_time": 2249730, + "flow_start_sys_up_time": 2249650, + "forwarding_status": 195, + "ingress_interface": 0, + "octet_delta_count": 74, + "packet_delta_count": 1, + "post_octet_delta_count": 74, + "post_packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "192.168.100.111", + "source_transport_port": 53, + "type": "netflow_flow" + }, + "network": { + "bytes": 74, + "community_id": "1:JzC4dDg7MOhCNcblNQngjswFxcI=", + "direction": "unknown", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 74, + "ip": "192.168.100.111", + "locality": "private", + "packets": 1, + "port": 53 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-11T00:54:11Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.100.111", + "locality": "private", + "port": 53 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-11T00:54:11Z", + "duration": 80000000, + "end": "2018-05-11T00:51:08.63Z", + "kind": "event", + "start": "2018-05-11T00:51:08.55Z" + }, + "flow": { + "id": "wdz94oax40U", + "locality": "private" + }, + "netflow": { + "application_id": "FAAAMEQAAAAA", + "destination_ipv4_address": "192.168.100.111", + "destination_transport_port": 53, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2018-05-11T00:54:11Z", + "uptime_millis": 2432100, + "version": 9 + }, + "flow_end_reason": 0, + "flow_end_sys_up_time": 2249730, + "flow_start_sys_up_time": 2249650, + "forwarding_status": 195, + "ingress_interface": 0, + "octet_delta_count": 58, + "packet_delta_count": 1, + "post_octet_delta_count": 58, + "post_packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "192.168.100.150", + "source_transport_port": 52970, + "type": "netflow_flow" + }, + "network": { + "bytes": 58, + "community_id": "1:JzC4dDg7MOhCNcblNQngjswFxcI=", + "direction": "unknown", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 58, + "ip": "192.168.100.150", + "locality": "private", + "packets": 1, + "port": 52970 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-11T00:54:11Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.100.150", + "locality": "private", + "port": 49311 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-11T00:54:11Z", + "duration": 80000000, + "end": "2018-05-11T00:51:08.63Z", + "kind": "event", + "start": "2018-05-11T00:51:08.55Z" + }, + "flow": { + "id": "KvZZ7LW-Qdc", + "locality": "private" + }, + "netflow": { + "application_id": "FAAAMEQAAAAA", + "destination_ipv4_address": "192.168.100.150", + "destination_transport_port": 49311, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2018-05-11T00:54:11Z", + "uptime_millis": 2432100, + "version": 9 + }, + "flow_end_reason": 0, + "flow_end_sys_up_time": 2249730, + "flow_start_sys_up_time": 2249650, + "forwarding_status": 195, + "ingress_interface": 0, + "octet_delta_count": 74, + "packet_delta_count": 1, + "post_octet_delta_count": 74, + "post_packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "192.168.100.111", + "source_transport_port": 53, + "type": "netflow_flow" + }, + "network": { + "bytes": 74, + "community_id": "1:RdXZTQrdCN4ZePNUM5WsT+6DRLg=", + "direction": "unknown", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 74, + "ip": "192.168.100.111", + "locality": "private", + "packets": 1, + "port": 53 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-11T00:54:11Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.100.111", + "locality": "private", + "port": 53 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-11T00:54:11Z", + "duration": 80000000, + "end": "2018-05-11T00:51:08.63Z", + "kind": "event", + "start": "2018-05-11T00:51:08.55Z" + }, + "flow": { + "id": "KvZZ7LW-Qdc", + "locality": "private" + }, + "netflow": { + "application_id": "FAAAMEQAAAAA", + "destination_ipv4_address": "192.168.100.111", + "destination_transport_port": 53, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2018-05-11T00:54:11Z", + "uptime_millis": 2432100, + "version": 9 + }, + "flow_end_reason": 0, + "flow_end_sys_up_time": 2249730, + "flow_start_sys_up_time": 2249650, + "forwarding_status": 195, + "ingress_interface": 0, + "octet_delta_count": 58, + "packet_delta_count": 1, + "post_octet_delta_count": 58, + "post_packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "192.168.100.150", + "source_transport_port": 49311, + "type": "netflow_flow" + }, + "network": { + "bytes": 58, + "community_id": "1:RdXZTQrdCN4ZePNUM5WsT+6DRLg=", + "direction": "unknown", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 58, + "ip": "192.168.100.150", + "locality": "private", + "packets": 1, + "port": 49311 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-11T00:54:11Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.100.150", + "locality": "private", + "port": 51746 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-11T00:54:11Z", + "duration": 2020000000, + "end": "2018-05-11T00:54:06.21Z", + "kind": "event", + "start": "2018-05-11T00:54:04.19Z" + }, + "flow": { + "id": "PC3a5T13Dpw", + "locality": "private" + }, + "netflow": { + "application_id": "FAAAMEQAAAAA", + "destination_ipv4_address": "192.168.100.150", + "destination_transport_port": 51746, + "egress_interface": 8, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2018-05-11T00:54:11Z", + "uptime_millis": 2432100, + "version": 9 + }, + "flow_end_reason": 3, + "flow_end_sys_up_time": 2427310, + "flow_start_sys_up_time": 2425290, + "forwarding_status": 195, + "ingress_interface": 0, + "octet_delta_count": 1071, + "packet_delta_count": 5, + "post_octet_delta_count": 1071, + "post_packet_delta_count": 5, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.100.111", + "source_transport_port": 80, + "type": "netflow_flow" + }, + "network": { + "bytes": 1071, + "community_id": "1:jKF2O4oRoWz64BmdyUfdbT1ETWo=", + "direction": "unknown", + "iana_number": 6, + "packets": 5, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1071, + "ip": "192.168.100.111", + "locality": "private", + "packets": 5, + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-11T00:54:11Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.100.111", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-11T00:54:11Z", + "duration": 2020000000, + "end": "2018-05-11T00:54:06.21Z", + "kind": "event", + "start": "2018-05-11T00:54:04.19Z" + }, + "flow": { + "id": "PC3a5T13Dpw", + "locality": "private" + }, + "netflow": { + "application_id": "FAAAMEQAAAAA", + "destination_ipv4_address": "192.168.100.111", + "destination_transport_port": 80, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2018-05-11T00:54:11Z", + "uptime_millis": 2432100, + "version": 9 + }, + "flow_end_reason": 3, + "flow_end_sys_up_time": 2427310, + "flow_start_sys_up_time": 2425290, + "forwarding_status": 195, + "ingress_interface": 8, + "octet_delta_count": 1147, + "packet_delta_count": 6, + "post_octet_delta_count": 1147, + "post_packet_delta_count": 6, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.100.150", + "source_transport_port": 51746, + "type": "netflow_flow" + }, + "network": { + "bytes": 1147, + "community_id": "1:jKF2O4oRoWz64BmdyUfdbT1ETWo=", + "direction": "unknown", + "iana_number": 6, + "packets": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1147, + "ip": "192.168.100.150", + "locality": "private", + "packets": 6, + "port": 51746 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-11T00:54:11Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.100.150", + "locality": "private", + "port": 51745 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-11T00:54:11Z", + "duration": 4000000000, + "end": "2018-05-11T00:54:00.19Z", + "kind": "event", + "start": "2018-05-11T00:53:56.19Z" + }, + "flow": { + "id": "zdGWMwGlfsg", + "locality": "private" + }, + "netflow": { + "application_id": "FAAAMEQAAAAA", + "destination_ipv4_address": "192.168.100.150", + "destination_transport_port": 51745, + "egress_interface": 8, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2018-05-11T00:54:11Z", + "uptime_millis": 2432100, + "version": 9 + }, + "flow_end_reason": 3, + "flow_end_sys_up_time": 2421290, + "flow_start_sys_up_time": 2417290, + "forwarding_status": 195, + "ingress_interface": 0, + "octet_delta_count": 1980, + "packet_delta_count": 6, + "post_octet_delta_count": 1980, + "post_packet_delta_count": 6, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.100.111", + "source_transport_port": 80, + "type": "netflow_flow" + }, + "network": { + "bytes": 1980, + "community_id": "1:VrqZzzFH8uxnbcpqL+bWFsIKuoc=", + "direction": "unknown", + "iana_number": 6, + "packets": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1980, + "ip": "192.168.100.111", + "locality": "private", + "packets": 6, + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-11T00:54:11Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.100.111", + "locality": "private", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-11T00:54:11Z", + "duration": 4000000000, + "end": "2018-05-11T00:54:00.19Z", + "kind": "event", + "start": "2018-05-11T00:53:56.19Z" + }, + "flow": { + "id": "zdGWMwGlfsg", + "locality": "private" + }, + "netflow": { + "application_id": "FAAAMEQAAAAA", + "destination_ipv4_address": "192.168.100.111", + "destination_transport_port": 80, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2018-05-11T00:54:11Z", + "uptime_millis": 2432100, + "version": 9 + }, + "flow_end_reason": 3, + "flow_end_sys_up_time": 2421290, + "flow_start_sys_up_time": 2417290, + "forwarding_status": 195, + "ingress_interface": 8, + "octet_delta_count": 2164, + "packet_delta_count": 8, + "post_octet_delta_count": 2164, + "post_packet_delta_count": 8, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.100.150", + "source_transport_port": 51745, + "type": "netflow_flow" + }, + "network": { + "bytes": 2164, + "community_id": "1:VrqZzzFH8uxnbcpqL+bWFsIKuoc=", + "direction": "unknown", + "iana_number": 6, + "packets": 8, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 2164, + "ip": "192.168.100.150", + "locality": "private", + "packets": 8, + "port": 51745 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-H3C-Netstream-with-varstring.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-H3C-Netstream-with-varstring.golden.json new file mode 100644 index 00000000000..d40a60441f9 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-H3C-Netstream-with-varstring.golden.json @@ -0,0 +1,85 @@ +{ + "test_name": "Netflow 9 H3C Netstream with varstring", + "events": [ + { + "Timestamp": "2018-07-18T01:35:35Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "20.20.255.255", + "locality": "public", + "port": 137 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-07-18T01:35:35Z", + "duration": 29695000000, + "end": "2018-07-18T01:35:02.969Z", + "kind": "event", + "start": "2018-07-18T01:34:33.274Z" + }, + "flow": { + "id": "dK1E5m-O-ns", + "locality": "public" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "20.20.255.255", + "destination_ipv4_prefix_length": 32, + "destination_transport_port": 137, + "dst_traffic_index": 4294967295, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2018-07-18T01:35:35Z", + "uptime_millis": 1871244, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 1839213, + "flow_start_sys_up_time": 1809518, + "forwarding_status": 0, + "ingress_interface": 17, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "0.0.0.0", + "ip_version": 4, + "octet_delta_count": 702, + "packet_delta_count": 9, + "protocol_identifier": 17, + "sampling_algorithm": 0, + "sampling_interval": 0, + "source_ipv4_address": "20.20.20.20", + "source_ipv4_prefix_length": 32, + "source_transport_port": 137, + "src_traffic_index": 0, + "tcp_control_bits": 0, + "type": "netflow_flow", + "vrf_name": "" + }, + "network": { + "bytes": 702, + "community_id": "1:H4Lg41gxc8Sb+0ZP09wcnLj0a/Y=", + "direction": "inbound", + "iana_number": 17, + "packets": 9, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 702, + "ip": "20.20.20.20", + "locality": "public", + "packets": 9, + "port": 137 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-H3C.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-H3C.golden.json new file mode 100644 index 00000000000..fee2e5d4e03 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-H3C.golden.json @@ -0,0 +1,1269 @@ +{ + "test_name": "Netflow 9 H3C", + "events": [ + { + "Timestamp": "2018-05-21T09:25:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.22.163.21", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-21T09:25:04Z", + "duration": 89519000000, + "end": "2018-05-21T09:25:03.677Z", + "kind": "event", + "start": "2018-05-21T09:23:34.158Z" + }, + "flow": { + "id": "6gDDasxO-4o", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.22.163.21", + "destination_ipv4_prefix_length": 24, + "destination_transport_port": 0, + "dst_traffic_index": 4294967295, + "egress_interface": 1590, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2816, + "timestamp": "2018-05-21T09:25:04Z", + "uptime_millis": 3958284405, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 3958284082, + "flow_start_sys_up_time": 3958194563, + "forwarding_status": 0, + "ingress_interface": 2662, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.21.25.142", + "ip_version": 4, + "octet_delta_count": 1027087, + "packet_delta_count": 697, + "protocol_identifier": 6, + "sampling_algorithm": 0, + "sampling_interval": 0, + "source_ipv4_address": "10.22.166.30", + "source_ipv4_prefix_length": 24, + "source_transport_port": 0, + "src_traffic_index": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 1027087, + "community_id": "1:eNQLlW0lcfh1MdwlzdboFVeTFPw=", + "direction": "inbound", + "iana_number": 6, + "packets": 697, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1027087, + "ip": "10.22.166.30", + "locality": "private", + "packets": 697, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-21T09:25:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.21.3.172", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-21T09:25:04Z", + "duration": 60005000000, + "end": "2018-05-21T09:25:03.662Z", + "kind": "event", + "start": "2018-05-21T09:24:03.657Z" + }, + "flow": { + "id": "RJbWY0zxttI", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.21.3.172", + "destination_ipv4_prefix_length": 24, + "destination_transport_port": 0, + "dst_traffic_index": 4294967295, + "egress_interface": 494, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2816, + "timestamp": "2018-05-21T09:25:04Z", + "uptime_millis": 3958284405, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 3958284067, + "flow_start_sys_up_time": 3958224062, + "forwarding_status": 0, + "ingress_interface": 2662, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.21.7.6", + "ip_version": 4, + "octet_delta_count": 6200, + "packet_delta_count": 6, + "protocol_identifier": 6, + "sampling_algorithm": 0, + "sampling_interval": 0, + "source_ipv4_address": "10.22.166.12", + "source_ipv4_prefix_length": 24, + "source_transport_port": 0, + "src_traffic_index": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 6200, + "community_id": "1:rFVeEEfyW/QNxIVODefqxH2vcCI=", + "direction": "inbound", + "iana_number": 6, + "packets": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 6200, + "ip": "10.22.166.12", + "locality": "private", + "packets": 6, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-21T09:25:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.22.178.37", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-21T09:25:04Z", + "duration": 60016000000, + "end": "2018-05-21T09:25:03.656Z", + "kind": "event", + "start": "2018-05-21T09:24:03.64Z" + }, + "flow": { + "id": "MfdYhUDA3Y4", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.22.178.37", + "destination_ipv4_prefix_length": 24, + "destination_transport_port": 0, + "dst_traffic_index": 4294967295, + "egress_interface": 2908, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2816, + "timestamp": "2018-05-21T09:25:04Z", + "uptime_millis": 3958284405, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 3958284061, + "flow_start_sys_up_time": 3958224045, + "forwarding_status": 0, + "ingress_interface": 2662, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.21.25.202", + "ip_version": 4, + "octet_delta_count": 11896, + "packet_delta_count": 21, + "protocol_identifier": 6, + "sampling_algorithm": 0, + "sampling_interval": 0, + "source_ipv4_address": "10.22.166.33", + "source_ipv4_prefix_length": 24, + "source_transport_port": 0, + "src_traffic_index": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 11896, + "community_id": "1:916CXqxTbwb6orlTyTE7PhRLUSE=", + "direction": "inbound", + "iana_number": 6, + "packets": 21, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 11896, + "ip": "10.22.166.33", + "locality": "private", + "packets": 21, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-21T09:25:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.20.100.253", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-21T09:25:04Z", + "duration": 90011000000, + "end": "2018-05-21T09:25:03.643Z", + "kind": "event", + "start": "2018-05-21T09:23:33.632Z" + }, + "flow": { + "id": "_QFogYw9xiY", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.20.100.253", + "destination_ipv4_prefix_length": 24, + "destination_transport_port": 0, + "dst_traffic_index": 4294967295, + "egress_interface": 789, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2816, + "timestamp": "2018-05-21T09:25:04Z", + "uptime_millis": 3958284405, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 3958284048, + "flow_start_sys_up_time": 3958194037, + "forwarding_status": 0, + "ingress_interface": 2662, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.20.17.70", + "ip_version": 4, + "octet_delta_count": 1041, + "packet_delta_count": 3, + "protocol_identifier": 6, + "sampling_algorithm": 0, + "sampling_interval": 0, + "source_ipv4_address": "10.22.166.35", + "source_ipv4_prefix_length": 24, + "source_transport_port": 0, + "src_traffic_index": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 1041, + "community_id": "1:ATN9Q9amiD3qSYMP+k9EmMdOQo8=", + "direction": "inbound", + "iana_number": 6, + "packets": 3, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1041, + "ip": "10.22.166.35", + "locality": "private", + "packets": 3, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-21T09:25:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.20.136.36", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-21T09:25:04Z", + "duration": 30000000000, + "end": "2018-05-21T09:24:03.629Z", + "kind": "event", + "start": "2018-05-21T09:23:33.629Z" + }, + "flow": { + "id": "-O7eEnuq5LI", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.20.136.36", + "destination_ipv4_prefix_length": 24, + "destination_transport_port": 0, + "dst_traffic_index": 4294967295, + "egress_interface": 1246, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2816, + "timestamp": "2018-05-21T09:25:04Z", + "uptime_millis": 3958284405, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 3958224034, + "flow_start_sys_up_time": 3958194034, + "forwarding_status": 0, + "ingress_interface": 2662, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.20.17.162", + "ip_version": 4, + "octet_delta_count": 1740, + "packet_delta_count": 20, + "protocol_identifier": 6, + "sampling_algorithm": 0, + "sampling_interval": 0, + "source_ipv4_address": "10.22.166.36", + "source_ipv4_prefix_length": 24, + "source_transport_port": 0, + "src_traffic_index": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 1740, + "community_id": "1:Uh1hQvm7B77MqivbmxlOAMomv1Q=", + "direction": "inbound", + "iana_number": 6, + "packets": 20, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1740, + "ip": "10.22.166.36", + "locality": "private", + "packets": 20, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-21T09:25:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.20.147.28", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-21T09:25:04Z", + "duration": 29467000000, + "end": "2018-05-21T09:24:03.669Z", + "kind": "event", + "start": "2018-05-21T09:23:34.202Z" + }, + "flow": { + "id": "pcgnaJ3iCvI", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.20.147.28", + "destination_ipv4_prefix_length": 24, + "destination_transport_port": 0, + "dst_traffic_index": 4294967295, + "egress_interface": 1285, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2816, + "timestamp": "2018-05-21T09:25:04Z", + "uptime_millis": 3958284405, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 3958224074, + "flow_start_sys_up_time": 3958194607, + "forwarding_status": 0, + "ingress_interface": 2662, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.20.17.206", + "ip_version": 4, + "octet_delta_count": 2998, + "packet_delta_count": 16, + "protocol_identifier": 6, + "sampling_algorithm": 0, + "sampling_interval": 0, + "source_ipv4_address": "10.22.166.36", + "source_ipv4_prefix_length": 24, + "source_transport_port": 0, + "src_traffic_index": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 2998, + "community_id": "1:8L5Jeq2Dap6SaVFyk8CIRCH/U3I=", + "direction": "inbound", + "iana_number": 6, + "packets": 16, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 2998, + "ip": "10.22.166.36", + "locality": "private", + "packets": 16, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-21T09:25:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.20.141.16", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-21T09:25:04Z", + "duration": 29452000000, + "end": "2018-05-21T09:24:03.67Z", + "kind": "event", + "start": "2018-05-21T09:23:34.218Z" + }, + "flow": { + "id": "_gbuwRW4AVE", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.20.141.16", + "destination_ipv4_prefix_length": 24, + "destination_transport_port": 0, + "dst_traffic_index": 4294967295, + "egress_interface": 1271, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2816, + "timestamp": "2018-05-21T09:25:04Z", + "uptime_millis": 3958284405, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 3958224075, + "flow_start_sys_up_time": 3958194623, + "forwarding_status": 0, + "ingress_interface": 2662, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.20.17.182", + "ip_version": 4, + "octet_delta_count": 55773, + "packet_delta_count": 37, + "protocol_identifier": 6, + "sampling_algorithm": 0, + "sampling_interval": 0, + "source_ipv4_address": "10.22.166.28", + "source_ipv4_prefix_length": 24, + "source_transport_port": 0, + "src_traffic_index": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 55773, + "community_id": "1:1eLIKeR0kNtd51Gm9QKpAxDjPUg=", + "direction": "inbound", + "iana_number": 6, + "packets": 37, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 55773, + "ip": "10.22.166.28", + "locality": "private", + "packets": 37, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-21T09:25:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.20.162.17", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-21T09:25:04Z", + "duration": 29449000000, + "end": "2018-05-21T09:24:03.684Z", + "kind": "event", + "start": "2018-05-21T09:23:34.235Z" + }, + "flow": { + "id": "VOe0rUor-cg", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.20.162.17", + "destination_ipv4_prefix_length": 24, + "destination_transport_port": 0, + "dst_traffic_index": 4294967295, + "egress_interface": 1472, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2816, + "timestamp": "2018-05-21T09:25:04Z", + "uptime_millis": 3958284405, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 3958224089, + "flow_start_sys_up_time": 3958194640, + "forwarding_status": 0, + "ingress_interface": 2662, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.20.19.138", + "ip_version": 4, + "octet_delta_count": 3239438, + "packet_delta_count": 2135, + "protocol_identifier": 6, + "sampling_algorithm": 0, + "sampling_interval": 0, + "source_ipv4_address": "10.22.166.35", + "source_ipv4_prefix_length": 24, + "source_transport_port": 0, + "src_traffic_index": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 3239438, + "community_id": "1:mJOXFnQdKGi0FJX8FtN1mVlaVRo=", + "direction": "inbound", + "iana_number": 6, + "packets": 2135, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 3239438, + "ip": "10.22.166.35", + "locality": "private", + "packets": 2135, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-21T09:25:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.20.171.36", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-21T09:25:04Z", + "duration": 30000000000, + "end": "2018-05-21T09:24:03.685Z", + "kind": "event", + "start": "2018-05-21T09:23:33.685Z" + }, + "flow": { + "id": "nkp7tr2MVcs", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.20.171.36", + "destination_ipv4_prefix_length": 24, + "destination_transport_port": 0, + "dst_traffic_index": 4294967295, + "egress_interface": 1513, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2816, + "timestamp": "2018-05-21T09:25:04Z", + "uptime_millis": 3958284405, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 3958224090, + "flow_start_sys_up_time": 3958194090, + "forwarding_status": 0, + "ingress_interface": 2662, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.20.19.174", + "ip_version": 4, + "octet_delta_count": 5701, + "packet_delta_count": 20, + "protocol_identifier": 6, + "sampling_algorithm": 0, + "sampling_interval": 0, + "source_ipv4_address": "10.22.166.15", + "source_ipv4_prefix_length": 24, + "source_transport_port": 0, + "src_traffic_index": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 5701, + "community_id": "1:CKdc0BQVlrSUdYIl/rZl5QGwVCA=", + "direction": "inbound", + "iana_number": 6, + "packets": 20, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 5701, + "ip": "10.22.166.15", + "locality": "private", + "packets": 20, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-21T09:25:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.22.208.12", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-21T09:25:04Z", + "duration": 29391000000, + "end": "2018-05-21T09:24:03.691Z", + "kind": "event", + "start": "2018-05-21T09:23:34.3Z" + }, + "flow": { + "id": "WxCFEmsTIh0", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.22.208.12", + "destination_ipv4_prefix_length": 24, + "destination_transport_port": 0, + "dst_traffic_index": 4294967295, + "egress_interface": 2967, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2816, + "timestamp": "2018-05-21T09:25:04Z", + "uptime_millis": 3958284405, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 3958224096, + "flow_start_sys_up_time": 3958194705, + "forwarding_status": 0, + "ingress_interface": 2662, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.21.29.66", + "ip_version": 4, + "octet_delta_count": 4255012, + "packet_delta_count": 2804, + "protocol_identifier": 6, + "sampling_algorithm": 0, + "sampling_interval": 0, + "source_ipv4_address": "10.22.166.2", + "source_ipv4_prefix_length": 24, + "source_transport_port": 0, + "src_traffic_index": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 4255012, + "community_id": "1:YvCd9zipqzFOMrFXl/Spyy0/4sk=", + "direction": "inbound", + "iana_number": 6, + "packets": 2804, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 4255012, + "ip": "10.22.166.2", + "locality": "private", + "packets": 2804, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-21T09:25:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.22.196.21", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-21T09:25:04Z", + "duration": 29196000000, + "end": "2018-05-21T09:24:03.699Z", + "kind": "event", + "start": "2018-05-21T09:23:34.503Z" + }, + "flow": { + "id": "rAIv2psXy74", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.22.196.21", + "destination_ipv4_prefix_length": 24, + "destination_transport_port": 0, + "dst_traffic_index": 4294967295, + "egress_interface": 2719, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2816, + "timestamp": "2018-05-21T09:25:04Z", + "uptime_millis": 3958284405, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 3958224104, + "flow_start_sys_up_time": 3958194908, + "forwarding_status": 0, + "ingress_interface": 2662, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.21.29.18", + "ip_version": 4, + "octet_delta_count": 37557, + "packet_delta_count": 25, + "protocol_identifier": 6, + "sampling_algorithm": 0, + "sampling_interval": 0, + "source_ipv4_address": "10.22.166.28", + "source_ipv4_prefix_length": 24, + "source_transport_port": 0, + "src_traffic_index": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 37557, + "community_id": "1:GhEcsw3dhL4icOZFUJYc5u6lf58=", + "direction": "inbound", + "iana_number": 6, + "packets": 25, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 37557, + "ip": "10.22.166.28", + "locality": "private", + "packets": 25, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-21T09:25:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.22.202.15", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-21T09:25:04Z", + "duration": 30000000000, + "end": "2018-05-21T09:24:03.753Z", + "kind": "event", + "start": "2018-05-21T09:23:33.753Z" + }, + "flow": { + "id": "lR18K-eSVNM", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.22.202.15", + "destination_ipv4_prefix_length": 24, + "destination_transport_port": 0, + "dst_traffic_index": 4294967295, + "egress_interface": 2953, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2816, + "timestamp": "2018-05-21T09:25:04Z", + "uptime_millis": 3958284405, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 3958224158, + "flow_start_sys_up_time": 3958194158, + "forwarding_status": 0, + "ingress_interface": 2662, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.21.29.42", + "ip_version": 4, + "octet_delta_count": 23676, + "packet_delta_count": 68, + "protocol_identifier": 6, + "sampling_algorithm": 0, + "sampling_interval": 0, + "source_ipv4_address": "10.22.166.25", + "source_ipv4_prefix_length": 24, + "source_transport_port": 0, + "src_traffic_index": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 23676, + "community_id": "1:0qcEq1XnhKE12NOUrXbjgRk70E0=", + "direction": "inbound", + "iana_number": 6, + "packets": 68, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 23676, + "ip": "10.22.166.25", + "locality": "private", + "packets": 68, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-21T09:25:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.20.166.26", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-21T09:25:04Z", + "duration": 89282000000, + "end": "2018-05-21T09:25:03.971Z", + "kind": "event", + "start": "2018-05-21T09:23:34.689Z" + }, + "flow": { + "id": "1XCFo-Jv19g", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.20.166.26", + "destination_ipv4_prefix_length": 24, + "destination_transport_port": 0, + "dst_traffic_index": 4294967295, + "egress_interface": 1492, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2816, + "timestamp": "2018-05-21T09:25:04Z", + "uptime_millis": 3958284405, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 3958284376, + "flow_start_sys_up_time": 3958195094, + "forwarding_status": 0, + "ingress_interface": 2662, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.20.19.154", + "ip_version": 4, + "octet_delta_count": 22821, + "packet_delta_count": 30, + "protocol_identifier": 6, + "sampling_algorithm": 0, + "sampling_interval": 0, + "source_ipv4_address": "10.22.166.25", + "source_ipv4_prefix_length": 24, + "source_transport_port": 0, + "src_traffic_index": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 22821, + "community_id": "1:djYyh9fkbHyZ086z3anBPgMpvVw=", + "direction": "inbound", + "iana_number": 6, + "packets": 30, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 22821, + "ip": "10.22.166.25", + "locality": "private", + "packets": 30, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-21T09:25:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.21.3.117", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-21T09:25:04Z", + "duration": 90012000000, + "end": "2018-05-21T09:25:03.95Z", + "kind": "event", + "start": "2018-05-21T09:23:33.938Z" + }, + "flow": { + "id": "DkV-9Meb8W8", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.21.3.117", + "destination_ipv4_prefix_length": 24, + "destination_transport_port": 0, + "dst_traffic_index": 4294967295, + "egress_interface": 494, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2816, + "timestamp": "2018-05-21T09:25:04Z", + "uptime_millis": 3958284405, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 3958284355, + "flow_start_sys_up_time": 3958194343, + "forwarding_status": 0, + "ingress_interface": 2662, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.21.7.6", + "ip_version": 4, + "octet_delta_count": 526, + "packet_delta_count": 2, + "protocol_identifier": 6, + "sampling_algorithm": 0, + "sampling_interval": 0, + "source_ipv4_address": "10.22.166.12", + "source_ipv4_prefix_length": 24, + "source_transport_port": 0, + "src_traffic_index": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 526, + "community_id": "1:BbUCV6M75DxtXVLg7BD5cEmQP/4=", + "direction": "inbound", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 526, + "ip": "10.22.166.12", + "locality": "private", + "packets": 2, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-21T09:25:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.22.145.26", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-21T09:25:04Z", + "duration": 60005000000, + "end": "2018-05-21T09:25:03.938Z", + "kind": "event", + "start": "2018-05-21T09:24:03.933Z" + }, + "flow": { + "id": "v1m_MeAqdL4", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.22.145.26", + "destination_ipv4_prefix_length": 24, + "destination_transport_port": 0, + "dst_traffic_index": 4294967295, + "egress_interface": 1349, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2816, + "timestamp": "2018-05-21T09:25:04Z", + "uptime_millis": 3958284405, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 3958284343, + "flow_start_sys_up_time": 3958224338, + "forwarding_status": 0, + "ingress_interface": 2662, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.21.25.70", + "ip_version": 4, + "octet_delta_count": 33129, + "packet_delta_count": 220, + "protocol_identifier": 6, + "sampling_algorithm": 0, + "sampling_interval": 0, + "source_ipv4_address": "10.22.166.17", + "source_ipv4_prefix_length": 24, + "source_transport_port": 0, + "src_traffic_index": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 33129, + "community_id": "1:YnxrxAyx+D+FJm1W+w8UNgPa2rs=", + "direction": "inbound", + "iana_number": 6, + "packets": 220, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 33129, + "ip": "10.22.166.17", + "locality": "private", + "packets": 220, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-05-21T09:25:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.21.75.38", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-05-21T09:25:04Z", + "duration": 60006000000, + "end": "2018-05-21T09:25:03.928Z", + "kind": "event", + "start": "2018-05-21T09:24:03.922Z" + }, + "flow": { + "id": "ru0mPvG-tKw", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.21.75.38", + "destination_ipv4_prefix_length": 24, + "destination_transport_port": 0, + "dst_traffic_index": 4294967295, + "egress_interface": 1743, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 2816, + "timestamp": "2018-05-21T09:25:04Z", + "uptime_millis": 3958284405, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 3958284333, + "flow_start_sys_up_time": 3958224327, + "forwarding_status": 0, + "ingress_interface": 2662, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.21.17.78", + "ip_version": 4, + "octet_delta_count": 5092, + "packet_delta_count": 9, + "protocol_identifier": 6, + "sampling_algorithm": 0, + "sampling_interval": 0, + "source_ipv4_address": "10.22.166.36", + "source_ipv4_prefix_length": 24, + "source_transport_port": 0, + "src_traffic_index": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 5092, + "community_id": "1:DJ1L7SqBOi1rRa0BwHHVoNY4yt0=", + "direction": "inbound", + "iana_number": 6, + "packets": 9, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 5092, + "ip": "10.22.166.36", + "locality": "private", + "packets": 9, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-Huawei-Netstream.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-Huawei-Netstream.golden.json new file mode 100644 index 00000000000..99db67a6ed8 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-Huawei-Netstream.golden.json @@ -0,0 +1,85 @@ +{ + "test_name": "Netflow 9 Huawei Netstream", + "events": [ + { + "Timestamp": "2018-01-29T03:02:20Z", + "Meta": null, + "Fields": { + "destination": { + "bytes": 0, + "ip": "10.111.112.204", + "locality": "private", + "port": 2598 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-01-29T03:02:20Z", + "duration": 327060000000, + "end": "2018-01-29T03:02:19Z", + "kind": "event", + "start": "2018-01-29T02:56:51.94Z" + }, + "flow": { + "id": "d-FUjj8eKi8", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_next_hop_ipv4_address": "0.0.0.0", + "bgp_source_as_number": 0, + "destination_ipv4_address": "10.111.112.204", + "destination_ipv4_prefix_length": 25, + "destination_transport_port": 2598, + "egress_interface": 31, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2018-01-29T03:02:20Z", + "uptime_millis": 2678492632, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 2678491632, + "flow_start_sys_up_time": 2678164572, + "forwarding_status": 0, + "ingress_interface": 8, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.108.252.41", + "octet_delta_count": 200, + "packet_delta_count": 4, + "padding_octets": "AAAA", + "post_vlan_id": 0, + "protocol_identifier": 6, + "responder_octets": 0, + "source_ipv4_address": "10.108.219.53", + "source_ipv4_prefix_length": 24, + "source_transport_port": 45587, + "tcp_control_bits": 24, + "type": "netflow_flow", + "vlan_id": 0 + }, + "network": { + "bytes": 200, + "community_id": "1:0qNFnK0G9V0IPgzhxvf+nGmenME=", + "direction": "outbound", + "iana_number": 6, + "packets": 4, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 200, + "ip": "10.108.219.53", + "locality": "private", + "packets": 4, + "port": 45587 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-IE150-IE151.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-IE150-IE151.golden.json new file mode 100644 index 00000000000..55e02042c28 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-IE150-IE151.golden.json @@ -0,0 +1,137 @@ +{ + "test_name": "Netflow 9 IE150 IE151", + "events": [ + { + "Timestamp": "2017-12-01T17:04:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.2", + "locality": "private", + "port": 137 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-12-01T17:04:39Z", + "kind": "event" + }, + "flow": { + "id": "X6k2SQeAX5c", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.2", + "destination_transport_port": 137, + "egress_vrfid": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-12-01T17:04:39Z", + "uptime_millis": 591967, + "version": 9 + }, + "flow_direction": 0, + "flow_end_seconds": "2017-12-01T17:04:26Z", + "flow_start_seconds": "2017-12-01T17:04:26Z", + "ingress_interface": 13, + "ingress_vrfid": 0, + "ip_class_of_service": 0, + "octet_delta_count": 78, + "packet_delta_count": 1, + "protocol_identifier": 17, + "sampler_id": 1, + "source_ipv4_address": "192.168.0.3", + "source_transport_port": 137, + "type": "netflow_flow" + }, + "network": { + "bytes": 78, + "community_id": "1:1DzICq61xHbOOLkFA+YUG9pmNpo=", + "direction": "inbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 78, + "ip": "192.168.0.3", + "locality": "private", + "packets": 1, + "port": 137 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-12-01T17:04:39Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.0.5", + "locality": "private", + "port": 6343 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-12-01T17:04:39Z", + "kind": "event" + }, + "flow": { + "id": "XEzNKvE_H1k", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "192.168.0.5", + "destination_transport_port": 6343, + "egress_interface": 13, + "egress_vrfid": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-12-01T17:04:39Z", + "uptime_millis": 591967, + "version": 9 + }, + "flow_direction": 1, + "flow_end_seconds": "2017-12-01T17:04:29Z", + "flow_start_seconds": "2017-12-01T17:04:29Z", + "ingress_vrfid": 0, + "ip_class_of_service": 0, + "octet_delta_count": 232, + "packet_delta_count": 1, + "protocol_identifier": 17, + "sampler_id": 1, + "source_ipv4_address": "192.168.0.4", + "source_transport_port": 58130, + "type": "netflow_flow" + }, + "network": { + "bytes": 232, + "community_id": "1:FNxXvGAyYWw3vwZ19uivr2R5TOI=", + "direction": "outbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 232, + "ip": "192.168.0.4", + "locality": "private", + "packets": 1, + "port": 58130 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-Palo-Alto-1-flowset-in-large-zero-filled-packet.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-Palo-Alto-1-flowset-in-large-zero-filled-packet.golden.json new file mode 100644 index 00000000000..35439694199 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-Palo-Alto-1-flowset-in-large-zero-filled-packet.golden.json @@ -0,0 +1,77 @@ +{ + "test_name": "Netflow 9 Palo Alto 1 flowset in large zero filled packet", + "events": [ + { + "Timestamp": "2018-06-06T13:20:17Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "134.220.1.156", + "locality": "public", + "port": 50234 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-06-06T13:20:17Z", + "duration": 0, + "end": "2018-06-06T13:20:02Z", + "kind": "event", + "start": "2018-06-06T13:20:02Z" + }, + "flow": { + "id": "A-NpGXd6eh4", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "134.220.1.156", + "destination_transport_port": 50234, + "egress_interface": 500010002, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 16777216, + "timestamp": "2018-06-06T13:20:17Z", + "uptime_millis": 1062408704, + "version": 9 + }, + "firewall_event": 2, + "flow_direction": 0, + "flow_end_sys_up_time": 1062393704, + "flow_id": 1428388, + "flow_start_sys_up_time": 1062393704, + "icmp_type_code_ipv4": 0, + "ingress_interface": 500010024, + "ip_class_of_service": 0, + "octet_delta_count": 363, + "packet_delta_count": 3, + "private_enterprise_number": 25461, + "protocol_identifier": 6, + "source_ipv4_address": "134.220.2.6", + "source_transport_port": 88, + "tcp_control_bits": 94, + "type": "netflow_flow" + }, + "network": { + "bytes": 363, + "community_id": "1:hc80jQer1W3Gz0bQrzvclI7gPC4=", + "direction": "inbound", + "iana_number": 6, + "packets": 3, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 363, + "ip": "134.220.2.6", + "locality": "public", + "packets": 3, + "port": 88 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-Palo-Alto-PAN--OS-with-app--id.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-Palo-Alto-PAN--OS-with-app--id.golden.json new file mode 100644 index 00000000000..78e7d67a489 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-Palo-Alto-PAN--OS-with-app--id.golden.json @@ -0,0 +1,581 @@ +{ + "test_name": "Netflow 9 Palo Alto PAN-OS with app-id", + "events": [ + { + "Timestamp": "2017-11-13T14:39:31Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.32.91.205", + "locality": "private", + "port": 49519 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-11-13T14:39:31Z", + "duration": 0, + "end": "2017-11-13T14:39:31Z", + "kind": "event", + "start": "2017-11-13T14:39:31Z" + }, + "flow": { + "id": "0HZ2F4aNlps", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "10.32.91.205", + "destination_transport_port": 49519, + "egress_interface": 24, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-11-13T14:39:31Z", + "uptime_millis": 1803238112, + "version": 9 + }, + "firewall_event": 1, + "flow_direction": 0, + "flow_end_sys_up_time": 1803238112, + "flow_id": 421604, + "flow_start_sys_up_time": 1803238112, + "icmp_type_code_ipv4": 0, + "ingress_interface": 23, + "ip_class_of_service": 0, + "octet_delta_count": 70, + "packet_delta_count": 1, + "private_enterprise_number": 25461, + "protocol_identifier": 6, + "source_ipv4_address": "23.35.171.27", + "source_transport_port": 80, + "tcp_control_bits": 18, + "type": "netflow_flow" + }, + "network": { + "bytes": 70, + "community_id": "1:11Kt5B6QyX5pDO/SLJ43Bphmq88=", + "direction": "inbound", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 70, + "ip": "23.35.171.27", + "locality": "public", + "packets": 1, + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-11-13T14:39:31Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "162.115.24.30", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-11-13T14:39:31Z", + "duration": 339000000000, + "end": "2017-11-13T14:39:31Z", + "kind": "event", + "start": "2017-11-13T14:33:52Z" + }, + "flow": { + "id": "GTu1zsDt3yw", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "162.115.24.30", + "destination_transport_port": 443, + "egress_interface": 23, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-11-13T14:39:31Z", + "uptime_millis": 1803238112, + "version": 9 + }, + "firewall_event": 5, + "flow_direction": 0, + "flow_end_sys_up_time": 1803238112, + "flow_id": 415347, + "flow_start_sys_up_time": 1802899112, + "icmp_type_code_ipv4": 0, + "ingress_interface": 24, + "ip_class_of_service": 0, + "octet_delta_count": 111, + "packet_delta_count": 1, + "private_enterprise_number": 25461, + "protocol_identifier": 6, + "source_ipv4_address": "10.32.105.103", + "source_transport_port": 39702, + "tcp_control_bits": 26, + "type": "netflow_flow" + }, + "network": { + "bytes": 111, + "community_id": "1:5QI8VSitrcJRweFVICeaszFbRls=", + "direction": "inbound", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 111, + "ip": "10.32.105.103", + "locality": "private", + "packets": 1, + "port": 39702 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-11-13T14:39:31Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "34.202.173.126", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-11-13T14:39:31Z", + "duration": 0, + "end": "2017-11-13T14:39:31Z", + "kind": "event", + "start": "2017-11-13T14:39:31Z" + }, + "flow": { + "id": "nUCuFEB8z_c", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "34.202.173.126", + "destination_transport_port": 443, + "egress_interface": 23, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-11-13T14:39:31Z", + "uptime_millis": 1803238112, + "version": 9 + }, + "firewall_event": 1, + "flow_direction": 0, + "flow_end_sys_up_time": 1803238112, + "flow_id": 34878752, + "flow_start_sys_up_time": 1803238112, + "icmp_type_code_ipv4": 0, + "ingress_interface": 24, + "ip_class_of_service": 0, + "octet_delta_count": 70, + "packet_delta_count": 1, + "private_enterprise_number": 25461, + "protocol_identifier": 6, + "source_ipv4_address": "10.32.144.145", + "source_transport_port": 52069, + "tcp_control_bits": 2, + "type": "netflow_flow" + }, + "network": { + "bytes": 70, + "community_id": "1:vBBJ4SjT7kXd3iaexKMtabgqSCs=", + "direction": "inbound", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 70, + "ip": "10.32.144.145", + "locality": "private", + "packets": 1, + "port": 52069 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-11-13T14:39:31Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.130.145.44", + "locality": "private", + "port": 49449 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-11-13T14:39:31Z", + "duration": 0, + "end": "2017-11-13T14:39:31Z", + "kind": "event", + "start": "2017-11-13T14:39:31Z" + }, + "flow": { + "id": "inYZm0Y9EVM", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "10.130.145.44", + "destination_transport_port": 49449, + "egress_interface": 24, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-11-13T14:39:31Z", + "uptime_millis": 1803238112, + "version": 9 + }, + "firewall_event": 1, + "flow_direction": 0, + "flow_end_sys_up_time": 1803238112, + "flow_id": 34578179, + "flow_start_sys_up_time": 1803238112, + "icmp_type_code_ipv4": 0, + "ingress_interface": 23, + "ip_class_of_service": 0, + "octet_delta_count": 70, + "packet_delta_count": 1, + "private_enterprise_number": 25461, + "protocol_identifier": 6, + "source_ipv4_address": "23.209.52.99", + "source_transport_port": 443, + "tcp_control_bits": 18, + "type": "netflow_flow" + }, + "network": { + "bytes": 70, + "community_id": "1:wTMnIMoRsRJzOmrl2DNxoGTllNw=", + "direction": "inbound", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 70, + "ip": "23.209.52.99", + "locality": "public", + "packets": 1, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-11-13T14:39:31Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.50.96.20", + "locality": "private", + "port": 5432 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-11-13T14:39:31Z", + "duration": 0, + "end": "2017-11-13T14:39:31Z", + "kind": "event", + "start": "2017-11-13T14:39:31Z" + }, + "flow": { + "id": "6vds_sLxXqE", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "10.50.96.20", + "destination_transport_port": 5432, + "egress_interface": 24, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-11-13T14:39:31Z", + "uptime_millis": 1803238112, + "version": 9 + }, + "firewall_event": 1, + "flow_direction": 0, + "flow_end_sys_up_time": 1803238112, + "flow_id": 34078638, + "flow_start_sys_up_time": 1803238112, + "icmp_type_code_ipv4": 0, + "ingress_interface": 23, + "ip_class_of_service": 0, + "octet_delta_count": 78, + "packet_delta_count": 1, + "private_enterprise_number": 25461, + "protocol_identifier": 6, + "source_ipv4_address": "10.50.97.57", + "source_transport_port": 55481, + "tcp_control_bits": 2, + "type": "netflow_flow" + }, + "network": { + "bytes": 78, + "community_id": "1:Jz7Lbm9U8/7FsldE07RUIDaIwMg=", + "direction": "inbound", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 78, + "ip": "10.50.97.57", + "locality": "private", + "packets": 1, + "port": 55481 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-11-13T14:39:31Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.50.97.57", + "locality": "private", + "port": 55481 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-11-13T14:39:31Z", + "duration": 0, + "end": "2017-11-13T14:39:31Z", + "kind": "event", + "start": "2017-11-13T14:39:31Z" + }, + "flow": { + "id": "6vds_sLxXqE", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "10.50.97.57", + "destination_transport_port": 55481, + "egress_interface": 23, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-11-13T14:39:31Z", + "uptime_millis": 1803238112, + "version": 9 + }, + "firewall_event": 1, + "flow_direction": 0, + "flow_end_sys_up_time": 1803238112, + "flow_id": 34078638, + "flow_start_sys_up_time": 1803238112, + "icmp_type_code_ipv4": 0, + "ingress_interface": 24, + "ip_class_of_service": 0, + "octet_delta_count": 78, + "packet_delta_count": 1, + "private_enterprise_number": 25461, + "protocol_identifier": 6, + "source_ipv4_address": "10.50.96.20", + "source_transport_port": 5432, + "tcp_control_bits": 18, + "type": "netflow_flow" + }, + "network": { + "bytes": 78, + "community_id": "1:Jz7Lbm9U8/7FsldE07RUIDaIwMg=", + "direction": "inbound", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 78, + "ip": "10.50.96.20", + "locality": "private", + "packets": 1, + "port": 5432 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-11-13T14:39:31Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.48.208.209", + "locality": "private", + "port": 60068 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-11-13T14:39:31Z", + "duration": 0, + "end": "2017-11-13T14:39:31Z", + "kind": "event", + "start": "2017-11-13T14:39:31Z" + }, + "flow": { + "id": "v3XVGdLaIe4", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "10.48.208.209", + "destination_transport_port": 60068, + "egress_interface": 24, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-11-13T14:39:31Z", + "uptime_millis": 1803238112, + "version": 9 + }, + "firewall_event": 1, + "flow_direction": 0, + "flow_end_sys_up_time": 1803238112, + "flow_id": 280972, + "flow_start_sys_up_time": 1803238112, + "icmp_type_code_ipv4": 0, + "ingress_interface": 23, + "ip_class_of_service": 0, + "octet_delta_count": 70, + "packet_delta_count": 1, + "private_enterprise_number": 25461, + "protocol_identifier": 6, + "source_ipv4_address": "34.234.173.147", + "source_transport_port": 443, + "tcp_control_bits": 18, + "type": "netflow_flow" + }, + "network": { + "bytes": 70, + "community_id": "1:rTQvVbrQGU0Tg6wM++r40r7jciY=", + "direction": "inbound", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 70, + "ip": "34.234.173.147", + "locality": "public", + "packets": 1, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-11-13T14:39:31Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "65.52.108.254", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-11-13T14:39:31Z", + "duration": 0, + "end": "2017-11-13T14:39:31Z", + "kind": "event", + "start": "2017-11-13T14:39:31Z" + }, + "flow": { + "id": "aenMB9Z5Tzc", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "65.52.108.254", + "destination_transport_port": 443, + "egress_interface": 23, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 1, + "timestamp": "2017-11-13T14:39:31Z", + "uptime_millis": 1803238112, + "version": 9 + }, + "firewall_event": 1, + "flow_direction": 0, + "flow_end_sys_up_time": 1803238112, + "flow_id": 35036619, + "flow_start_sys_up_time": 1803238112, + "icmp_type_code_ipv4": 0, + "ingress_interface": 24, + "ip_class_of_service": 0, + "octet_delta_count": 70, + "packet_delta_count": 1, + "private_enterprise_number": 25461, + "protocol_identifier": 6, + "source_ipv4_address": "10.130.167.43", + "source_transport_port": 62196, + "tcp_control_bits": 2, + "type": "netflow_flow" + }, + "network": { + "bytes": 70, + "community_id": "1:IZHqRmHtHCL+iLqMZ6Ge76dclyk=", + "direction": "inbound", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 70, + "ip": "10.130.167.43", + "locality": "private", + "packets": 1, + "port": 62196 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-Streamcore.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-Streamcore.golden.json new file mode 100644 index 00000000000..1a8a189fb03 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-Streamcore.golden.json @@ -0,0 +1,273 @@ +{ + "test_name": "Netflow 9 Streamcore", + "events": [ + { + "Timestamp": "2017-01-11T11:48:15Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.231.128.150", + "locality": "private", + "port": 50073 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-01-11T11:48:15Z", + "duration": 6012000000, + "end": "2017-01-11T11:47:28.879Z", + "kind": "event", + "start": "2017-01-11T11:47:22.867Z" + }, + "flow": { + "id": "wdxUeEaOBho", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "10.231.128.150", + "destination_transport_port": 50073, + "egress_interface": 1148, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-01-11T11:48:15Z", + "uptime_millis": 1721259615, + "version": 9 + }, + "flow_end_sys_up_time": 1721213494, + "flow_start_sys_up_time": 1721207482, + "ingress_interface": 1152, + "ip_class_of_service": 40, + "octet_delta_count": 128, + "packet_delta_count": 3, + "protocol_identifier": 6, + "source_ipv4_address": "100.78.40.201", + "source_transport_port": 8080, + "tcp_control_bits": 19, + "type": "netflow_flow" + }, + "network": { + "bytes": 128, + "community_id": "1:7MtHGVqegLvVBZnjbdFbAv+jNIM=", + "direction": "unknown", + "iana_number": 6, + "packets": 3, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 128, + "ip": "100.78.40.201", + "locality": "public", + "packets": 3, + "port": 8080 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-01-11T11:48:15Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "100.78.40.201", + "locality": "public", + "port": 8080 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-01-11T11:48:15Z", + "duration": 6020000000, + "end": "2017-01-11T11:47:28.886Z", + "kind": "event", + "start": "2017-01-11T11:47:22.866Z" + }, + "flow": { + "id": "wdxUeEaOBho", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "100.78.40.201", + "destination_transport_port": 8080, + "egress_interface": 1152, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-01-11T11:48:15Z", + "uptime_millis": 1721259615, + "version": 9 + }, + "flow_end_sys_up_time": 1721213501, + "flow_start_sys_up_time": 1721207481, + "ingress_interface": 1148, + "ip_class_of_service": 40, + "octet_delta_count": 172, + "packet_delta_count": 4, + "protocol_identifier": 6, + "source_ipv4_address": "10.231.128.150", + "source_transport_port": 50073, + "tcp_control_bits": 19, + "type": "netflow_flow" + }, + "network": { + "bytes": 172, + "community_id": "1:7MtHGVqegLvVBZnjbdFbAv+jNIM=", + "direction": "unknown", + "iana_number": 6, + "packets": 4, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 172, + "ip": "10.231.128.150", + "locality": "private", + "packets": 4, + "port": 50073 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-01-11T11:23:51Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.27.8.20", + "locality": "private", + "port": 53483 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-01-11T11:23:51Z", + "duration": 50997000000, + "end": "2017-01-11T11:23:34.936Z", + "kind": "event", + "start": "2017-01-11T11:22:43.939Z" + }, + "flow": { + "id": "6_Ia6lqx2cg", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "10.27.8.20", + "destination_transport_port": 53483, + "egress_interface": 1148, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-01-11T11:23:51Z", + "uptime_millis": 1719795651, + "version": 9 + }, + "flow_end_sys_up_time": 1719779587, + "flow_start_sys_up_time": 1719728590, + "ingress_interface": 1152, + "ip_class_of_service": 40, + "octet_delta_count": 3943, + "packet_delta_count": 10, + "protocol_identifier": 6, + "source_ipv4_address": "100.78.40.201", + "source_transport_port": 8080, + "tcp_control_bits": 26, + "type": "netflow_flow" + }, + "network": { + "bytes": 3943, + "community_id": "1:sO2dc+7dqGsF7s8EIdc2tq1XlhQ=", + "direction": "unknown", + "iana_number": 6, + "packets": 10, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 3943, + "ip": "100.78.40.201", + "locality": "public", + "packets": 10, + "port": 8080 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2017-01-11T11:23:51Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "100.78.40.201", + "locality": "public", + "port": 8080 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2017-01-11T11:23:51Z", + "duration": 51015000000, + "end": "2017-01-11T11:23:34.954Z", + "kind": "event", + "start": "2017-01-11T11:22:43.939Z" + }, + "flow": { + "id": "6_Ia6lqx2cg", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "100.78.40.201", + "destination_transport_port": 8080, + "egress_interface": 1152, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2017-01-11T11:23:51Z", + "uptime_millis": 1719795651, + "version": 9 + }, + "flow_end_sys_up_time": 1719779605, + "flow_start_sys_up_time": 1719728590, + "ingress_interface": 1148, + "ip_class_of_service": 40, + "octet_delta_count": 3052, + "packet_delta_count": 11, + "protocol_identifier": 6, + "source_ipv4_address": "10.27.8.20", + "source_transport_port": 53483, + "tcp_control_bits": 26, + "type": "netflow_flow" + }, + "network": { + "bytes": 3052, + "community_id": "1:sO2dc+7dqGsF7s8EIdc2tq1XlhQ=", + "direction": "unknown", + "iana_number": 6, + "packets": 11, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 3052, + "ip": "10.27.8.20", + "locality": "private", + "packets": 11, + "port": 53483 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-Ubiquiti-Edgerouter-with-MPLS-labels.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-Ubiquiti-Edgerouter-with-MPLS-labels.golden.json new file mode 100644 index 00000000000..06dc8e8c35c --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-Ubiquiti-Edgerouter-with-MPLS-labels.golden.json @@ -0,0 +1,1205 @@ +{ + "test_name": "Netflow 9 Ubiquiti Edgerouter with MPLS labels", + "events": [ + { + "Timestamp": "2016-09-10T16:23:30Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.4.0.251", + "locality": "private", + "mac": "44:d9:e7:be:ef:89", + "port": 17232 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-09-10T16:23:30Z", + "duration": 0, + "end": "2016-09-10T16:17:25.825Z", + "kind": "event", + "start": "2016-09-10T16:17:25.825Z" + }, + "flow": { + "id": "KYJ6RiyA5YM", + "locality": "private" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "10.4.0.251", + "destination_mac_address": "44:d9:e7:be:ef:89", + "destination_transport_port": 17232, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-09-10T16:23:30Z", + "uptime_millis": 409360002, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 408995827, + "flow_start_sys_up_time": 408995827, + "ingress_interface": 4, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 4, + "octet_delta_count": 174, + "packet_delta_count": 2, + "protocol_identifier": 17, + "source_ipv4_address": "10.1.0.135", + "source_mac_address": "06:be:ef:be:ef:4f", + "source_transport_port": 53, + "tcp_control_bits": 0, + "type": "netflow_flow", + "vlan_id": 0 + }, + "network": { + "bytes": 174, + "community_id": "1:NBTWKwdDGkYieqGKPdWehkSsDm4=", + "direction": "inbound", + "iana_number": 17, + "packets": 2, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 174, + "ip": "10.1.0.135", + "locality": "private", + "mac": "06:be:ef:be:ef:4f", + "packets": 2, + "port": 53 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-09-10T16:23:30Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.4.0.251", + "locality": "private", + "mac": "44:d9:e7:be:ef:89", + "port": 17232 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-09-10T16:23:30Z", + "duration": 0, + "end": "2016-09-10T16:17:25.825Z", + "kind": "event", + "start": "2016-09-10T16:17:25.825Z" + }, + "flow": { + "id": "4GHcyowN7sg", + "locality": "private" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "10.4.0.251", + "destination_mac_address": "44:d9:e7:be:ef:89", + "destination_transport_port": 17232, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-09-10T16:23:30Z", + "uptime_millis": 409360002, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 408995827, + "flow_start_sys_up_time": 408995827, + "ingress_interface": 4, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 4, + "octet_delta_count": 87, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "10.1.0.136", + "source_mac_address": "06:be:ef:be:ef:4f", + "source_transport_port": 53, + "tcp_control_bits": 0, + "type": "netflow_flow", + "vlan_id": 0 + }, + "network": { + "bytes": 87, + "community_id": "1:Dyu6ee2GSLgQQ7vGPNfn9m+ogiM=", + "direction": "inbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 87, + "ip": "10.1.0.136", + "locality": "private", + "mac": "06:be:ef:be:ef:4f", + "packets": 1, + "port": 53 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-09-10T16:23:30Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.4.0.251", + "locality": "private", + "mac": "44:d9:e7:be:ef:89", + "port": 51369 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-09-10T16:23:30Z", + "duration": 140227000000, + "end": "2016-09-10T15:22:30.891Z", + "kind": "event", + "start": "2016-09-10T15:20:10.664Z" + }, + "flow": { + "id": "GRn2z1Rao3c", + "locality": "private" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "10.4.0.251", + "destination_mac_address": "44:d9:e7:be:ef:89", + "destination_transport_port": 51369, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-09-10T16:23:30Z", + "uptime_millis": 409360002, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 405700893, + "flow_start_sys_up_time": 405560666, + "ingress_interface": 4, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 4, + "octet_delta_count": 1920, + "packet_delta_count": 15, + "protocol_identifier": 6, + "source_ipv4_address": "10.1.0.232", + "source_mac_address": "06:be:ef:be:ef:4f", + "source_transport_port": 443, + "tcp_control_bits": 27, + "type": "netflow_flow", + "vlan_id": 0 + }, + "network": { + "bytes": 1920, + "community_id": "1:8fXYyfmQTXQv1A8dwYcRyrZr5bA=", + "direction": "inbound", + "iana_number": 6, + "packets": 15, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1920, + "ip": "10.1.0.232", + "locality": "private", + "mac": "06:be:ef:be:ef:4f", + "packets": 15, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-09-10T16:23:30Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.4.0.251", + "locality": "private", + "mac": "44:d9:e7:be:ef:89", + "port": 51370 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-09-10T16:23:30Z", + "duration": 140227000000, + "end": "2016-09-10T15:22:30.891Z", + "kind": "event", + "start": "2016-09-10T15:20:10.664Z" + }, + "flow": { + "id": "iHA6jdIkqjA", + "locality": "private" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "10.4.0.251", + "destination_mac_address": "44:d9:e7:be:ef:89", + "destination_transport_port": 51370, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-09-10T16:23:30Z", + "uptime_millis": 409360002, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 405700893, + "flow_start_sys_up_time": 405560666, + "ingress_interface": 4, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 4, + "octet_delta_count": 610, + "packet_delta_count": 8, + "protocol_identifier": 6, + "source_ipv4_address": "10.1.0.232", + "source_mac_address": "06:be:ef:be:ef:4f", + "source_transport_port": 443, + "tcp_control_bits": 27, + "type": "netflow_flow", + "vlan_id": 0 + }, + "network": { + "bytes": 610, + "community_id": "1:mNTeyDMHqs2HRwBAdsSLCzMRjjI=", + "direction": "inbound", + "iana_number": 6, + "packets": 8, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 610, + "ip": "10.1.0.232", + "locality": "private", + "mac": "06:be:ef:be:ef:4f", + "packets": 8, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-09-10T16:23:30Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.4.0.251", + "locality": "private", + "mac": "44:d9:e7:be:ef:89", + "port": 44006 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-09-10T16:23:30Z", + "duration": 177102000000, + "end": "2016-09-10T16:20:32.763Z", + "kind": "event", + "start": "2016-09-10T16:17:35.661Z" + }, + "flow": { + "id": "cBjtKefzGos", + "locality": "private" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "10.4.0.251", + "destination_mac_address": "44:d9:e7:be:ef:89", + "destination_transport_port": 44006, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-09-10T16:23:30Z", + "uptime_millis": 409360002, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 409182765, + "flow_start_sys_up_time": 409005663, + "ingress_interface": 4, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 4, + "octet_delta_count": 2420, + "packet_delta_count": 21, + "protocol_identifier": 6, + "source_ipv4_address": "10.5.0.91", + "source_mac_address": "06:be:ef:be:ef:4f", + "source_transport_port": 443, + "tcp_control_bits": 31, + "type": "netflow_flow", + "vlan_id": 0 + }, + "network": { + "bytes": 2420, + "community_id": "1:/16s6/4OVEnao8jPez9fez90nkk=", + "direction": "inbound", + "iana_number": 6, + "packets": 21, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 2420, + "ip": "10.5.0.91", + "locality": "private", + "mac": "06:be:ef:be:ef:4f", + "packets": 21, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-09-10T16:23:30Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.4.0.251", + "locality": "private", + "mac": "44:d9:e7:be:ef:89", + "port": 33282 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-09-10T16:23:30Z", + "duration": 176903000000, + "end": "2016-09-10T16:20:32.666Z", + "kind": "event", + "start": "2016-09-10T16:17:35.763Z" + }, + "flow": { + "id": "EzT0lQWYBRw", + "locality": "private" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "10.4.0.251", + "destination_mac_address": "44:d9:e7:be:ef:89", + "destination_transport_port": 33282, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-09-10T16:23:30Z", + "uptime_millis": 409360002, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 409182668, + "flow_start_sys_up_time": 409005765, + "ingress_interface": 4, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 4, + "octet_delta_count": 10204, + "packet_delta_count": 30, + "protocol_identifier": 6, + "source_ipv4_address": "10.1.0.30", + "source_mac_address": "06:be:ef:be:ef:4f", + "source_transport_port": 443, + "tcp_control_bits": 31, + "type": "netflow_flow", + "vlan_id": 0 + }, + "network": { + "bytes": 10204, + "community_id": "1:6KrMdAfJt1Y285J57/II02tBqvw=", + "direction": "inbound", + "iana_number": 6, + "packets": 30, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 10204, + "ip": "10.1.0.30", + "locality": "private", + "mac": "06:be:ef:be:ef:4f", + "packets": 30, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-09-10T16:23:30Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.4.0.251", + "locality": "private", + "mac": "44:d9:e7:be:ef:89", + "port": 64642 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-09-10T16:23:30Z", + "duration": 0, + "end": "2016-09-10T15:22:36.207Z", + "kind": "event", + "start": "2016-09-10T15:22:36.207Z" + }, + "flow": { + "id": "TROGwofkmJA", + "locality": "private" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "10.4.0.251", + "destination_mac_address": "44:d9:e7:be:ef:89", + "destination_transport_port": 64642, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-09-10T16:23:30Z", + "uptime_millis": 409360002, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 405706209, + "flow_start_sys_up_time": 405706209, + "ingress_interface": 4, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 4, + "octet_delta_count": 216, + "packet_delta_count": 4, + "protocol_identifier": 6, + "source_ipv4_address": "10.3.0.100", + "source_mac_address": "06:be:ef:be:ef:4f", + "source_transport_port": 443, + "tcp_control_bits": 27, + "type": "netflow_flow", + "vlan_id": 0 + }, + "network": { + "bytes": 216, + "community_id": "1:tqJ7J04mTp1f5t9jqcuGIbqiLM8=", + "direction": "inbound", + "iana_number": 6, + "packets": 4, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 216, + "ip": "10.3.0.100", + "locality": "private", + "mac": "06:be:ef:be:ef:4f", + "packets": 4, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-09-10T16:23:30Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.4.0.251", + "locality": "private", + "mac": "44:d9:e7:be:ef:89", + "port": 9497 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-09-10T16:23:30Z", + "duration": 0, + "end": "2016-09-10T16:17:35.661Z", + "kind": "event", + "start": "2016-09-10T16:17:35.661Z" + }, + "flow": { + "id": "wLclDbADA9s", + "locality": "private" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "10.4.0.251", + "destination_mac_address": "44:d9:e7:be:ef:89", + "destination_transport_port": 9497, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-09-10T16:23:30Z", + "uptime_millis": 409360002, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 409005663, + "flow_start_sys_up_time": 409005663, + "ingress_interface": 4, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 4, + "octet_delta_count": 152, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "10.1.0.135", + "source_mac_address": "06:be:ef:be:ef:4f", + "source_transport_port": 53, + "tcp_control_bits": 0, + "type": "netflow_flow", + "vlan_id": 0 + }, + "network": { + "bytes": 152, + "community_id": "1:qoM8TuOJj+A0BLulnxvxPwcFsfs=", + "direction": "inbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 152, + "ip": "10.1.0.135", + "locality": "private", + "mac": "06:be:ef:be:ef:4f", + "packets": 1, + "port": 53 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-09-10T16:24:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.0.0.73", + "locality": "private", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-09-10T16:24:08Z", + "duration": 116000000, + "end": "2016-09-10T15:23:38.951Z", + "kind": "event", + "start": "2016-09-10T15:23:38.835Z" + }, + "flow": { + "id": "LpdyE0SSB-o", + "locality": "private" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "10.0.0.73", + "destination_transport_port": 443, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-09-10T16:24:08Z", + "uptime_millis": 409398185, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 405769136, + "flow_start_sys_up_time": 405769020, + "ingress_interface": 2, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 4, + "octet_delta_count": 260, + "packet_delta_count": 5, + "post_destination_mac_address": "44:d9:e7:be:ef:8e", + "post_source_mac_address": "44:d9:e7:be:ef:22", + "post_vlan_id": 0, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.1.98", + "source_transport_port": 55105, + "tcp_control_bits": 27, + "type": "netflow_flow" + }, + "network": { + "bytes": 260, + "community_id": "1:eh+yszc/KHzqQp5jYGjCrbErF5w=", + "direction": "outbound", + "iana_number": 6, + "packets": 5, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 260, + "ip": "192.168.1.98", + "locality": "private", + "packets": 5, + "port": 55105 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-09-10T16:24:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "255.255.255.255", + "locality": "private", + "port": 10001 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-09-10T16:24:08Z", + "duration": 0, + "end": "2016-09-10T16:18:39.443Z", + "kind": "event", + "start": "2016-09-10T16:18:39.443Z" + }, + "flow": { + "id": "32P6av-L8P0", + "locality": "private" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "255.255.255.255", + "destination_transport_port": 10001, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-09-10T16:24:08Z", + "uptime_millis": 409398185, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 409069628, + "flow_start_sys_up_time": 409069628, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 4, + "octet_delta_count": 32, + "packet_delta_count": 1, + "post_destination_mac_address": "00:00:00:00:00:00", + "post_source_mac_address": "00:00:00:00:00:00", + "post_vlan_id": 0, + "protocol_identifier": 17, + "source_ipv4_address": "10.4.0.251", + "source_transport_port": 42506, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 32, + "community_id": "1:wuo75Abni2/KMmq9G5RDRtUHum4=", + "direction": "outbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 32, + "ip": "10.4.0.251", + "locality": "private", + "packets": 1, + "port": 42506 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-09-10T16:24:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "255.255.255.255", + "locality": "private", + "port": 37868 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-09-10T16:24:08Z", + "duration": 0, + "end": "2016-09-10T16:18:39.443Z", + "kind": "event", + "start": "2016-09-10T16:18:39.443Z" + }, + "flow": { + "id": "ft_m5C7Hgpo", + "locality": "private" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "255.255.255.255", + "destination_transport_port": 37868, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-09-10T16:24:08Z", + "uptime_millis": 409398185, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 409069628, + "flow_start_sys_up_time": 409069628, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 4, + "octet_delta_count": 135, + "packet_delta_count": 1, + "post_destination_mac_address": "00:00:00:00:00:00", + "post_source_mac_address": "00:00:00:00:00:00", + "post_vlan_id": 0, + "protocol_identifier": 17, + "source_ipv4_address": "10.4.0.251", + "source_transport_port": 40295, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 135, + "community_id": "1:GCl5GOo95EWKkGa7RwFq6LQyB3I=", + "direction": "outbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 135, + "ip": "10.4.0.251", + "locality": "private", + "packets": 1, + "port": 40295 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-09-10T16:24:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "255.255.255.255", + "locality": "private", + "port": 56911 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-09-10T16:24:08Z", + "duration": 0, + "end": "2016-09-10T16:18:39.443Z", + "kind": "event", + "start": "2016-09-10T16:18:39.443Z" + }, + "flow": { + "id": "bVX88Ii80AQ", + "locality": "private" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "255.255.255.255", + "destination_transport_port": 56911, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-09-10T16:24:08Z", + "uptime_millis": 409398185, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 409069628, + "flow_start_sys_up_time": 409069628, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 4, + "octet_delta_count": 135, + "packet_delta_count": 1, + "post_destination_mac_address": "00:00:00:00:00:00", + "post_source_mac_address": "00:00:00:00:00:00", + "post_vlan_id": 0, + "protocol_identifier": 17, + "source_ipv4_address": "10.4.0.251", + "source_transport_port": 36071, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 135, + "community_id": "1:C7Lu8zD8/tm/pDhREb0JsqNmu3U=", + "direction": "outbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 135, + "ip": "10.4.0.251", + "locality": "private", + "packets": 1, + "port": 36071 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-09-10T16:24:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "255.255.255.255", + "locality": "private", + "port": 56327 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-09-10T16:24:08Z", + "duration": 0, + "end": "2016-09-10T16:18:39.443Z", + "kind": "event", + "start": "2016-09-10T16:18:39.443Z" + }, + "flow": { + "id": "bA4nBN4veuI", + "locality": "private" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "255.255.255.255", + "destination_transport_port": 56327, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-09-10T16:24:08Z", + "uptime_millis": 409398185, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 409069628, + "flow_start_sys_up_time": 409069628, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 4, + "octet_delta_count": 135, + "packet_delta_count": 1, + "post_destination_mac_address": "00:00:00:00:00:00", + "post_source_mac_address": "00:00:00:00:00:00", + "post_vlan_id": 0, + "protocol_identifier": 17, + "source_ipv4_address": "10.4.0.251", + "source_transport_port": 49829, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 135, + "community_id": "1:RxUxXSe/yIC0j4o5I9nZhC1kDXA=", + "direction": "outbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 135, + "ip": "10.4.0.251", + "locality": "private", + "packets": 1, + "port": 49829 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-09-10T16:24:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "255.255.255.255", + "locality": "private", + "port": 56239 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-09-10T16:24:08Z", + "duration": 0, + "end": "2016-09-10T16:18:39.443Z", + "kind": "event", + "start": "2016-09-10T16:18:39.443Z" + }, + "flow": { + "id": "lY5yfRKXE3s", + "locality": "private" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "255.255.255.255", + "destination_transport_port": 56239, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-09-10T16:24:08Z", + "uptime_millis": 409398185, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 409069628, + "flow_start_sys_up_time": 409069628, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 4, + "octet_delta_count": 135, + "packet_delta_count": 1, + "post_destination_mac_address": "00:00:00:00:00:00", + "post_source_mac_address": "00:00:00:00:00:00", + "post_vlan_id": 0, + "protocol_identifier": 17, + "source_ipv4_address": "10.4.0.251", + "source_transport_port": 35059, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 135, + "community_id": "1:MX45AfOFOz7aFL6GL7Ga9yfeUtY=", + "direction": "outbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 135, + "ip": "10.4.0.251", + "locality": "private", + "packets": 1, + "port": 35059 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-09-10T16:24:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "255.255.255.255", + "locality": "private", + "port": 39832 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-09-10T16:24:08Z", + "duration": 0, + "end": "2016-09-10T16:18:39.443Z", + "kind": "event", + "start": "2016-09-10T16:18:39.443Z" + }, + "flow": { + "id": "x3GfEtY3zCQ", + "locality": "private" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "255.255.255.255", + "destination_transport_port": 39832, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-09-10T16:24:08Z", + "uptime_millis": 409398185, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 409069628, + "flow_start_sys_up_time": 409069628, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 4, + "octet_delta_count": 135, + "packet_delta_count": 1, + "post_destination_mac_address": "00:00:00:00:00:00", + "post_source_mac_address": "00:00:00:00:00:00", + "post_vlan_id": 0, + "protocol_identifier": 17, + "source_ipv4_address": "10.4.0.251", + "source_transport_port": 38231, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 135, + "community_id": "1:ZY/RS9VGxN4ZyVhbQwapnUeJxb4=", + "direction": "outbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 135, + "ip": "10.4.0.251", + "locality": "private", + "packets": 1, + "port": 38231 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-09-10T16:24:08Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.2.0.95", + "locality": "private", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-09-10T16:24:08Z", + "duration": 1250988000000, + "end": "2016-09-10T15:23:44.363Z", + "kind": "event", + "start": "2016-09-10T15:02:53.375Z" + }, + "flow": { + "id": "bfT831bq5AI", + "locality": "private" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "10.2.0.95", + "destination_transport_port": 443, + "egress_interface": 4, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-09-10T16:24:08Z", + "uptime_millis": 409398185, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 405774548, + "flow_start_sys_up_time": 404523560, + "ingress_interface": 2, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 4, + "octet_delta_count": 3668, + "packet_delta_count": 21, + "post_destination_mac_address": "44:d9:e7:be:ef:8e", + "post_source_mac_address": "06:be:ef:be:ef:b9", + "post_vlan_id": 0, + "protocol_identifier": 6, + "source_ipv4_address": "192.168.1.102", + "source_transport_port": 47690, + "tcp_control_bits": 27, + "type": "netflow_flow" + }, + "network": { + "bytes": 3668, + "community_id": "1:qYI9Y2rQNRYLaB2hC3tf5xtUts0=", + "direction": "outbound", + "iana_number": 6, + "packets": 21, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 3668, + "ip": "192.168.1.102", + "locality": "private", + "packets": 21, + "port": 47690 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-field-layer2segmentid.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-field-layer2segmentid.golden.json new file mode 100644 index 00000000000..c8e2f1e00f5 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-field-layer2segmentid.golden.json @@ -0,0 +1,76 @@ +{ + "test_name": "Netflow 9 field layer2segmentid", + "events": [ + { + "Timestamp": "2018-01-16T09:45:02Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "80.82.237.40", + "locality": "public", + "port": 445 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-01-16T09:45:02Z", + "duration": 0, + "end": "2018-01-16T09:44:47Z", + "kind": "event", + "start": "2018-01-16T09:44:47Z" + }, + "flow": { + "id": "tS3zN7t_rFg", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "80.82.237.40", + "destination_transport_port": 445, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 262144, + "timestamp": "2018-01-16T09:45:02Z", + "uptime_millis": 5584000, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 5569000, + "flow_start_sys_up_time": 5569000, + "ingress_interface": 7, + "ingress_vrfid": 0, + "ip_class_of_service": 0, + "layer2_segment_id": 0, + "octet_delta_count": 52, + "packet_delta_count": 1, + "padding_octets": "AAA=", + "protocol_identifier": 6, + "sampler_id": 98, + "source_ipv4_address": "192.168.200.136", + "source_transport_port": 61926, + "type": "netflow_flow", + "vlan_id": 3174 + }, + "network": { + "bytes": 52, + "community_id": "1:V19XLX+69Hp20cyrswTBva1s5MM=", + "direction": "inbound", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 52, + "ip": "192.168.200.136", + "locality": "private", + "packets": 1, + "port": 61926 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-invalid-01.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-invalid-01.golden.json new file mode 100644 index 00000000000..a0f919aa791 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-invalid-01.golden.json @@ -0,0 +1,3 @@ +{ + "test_name": "Netflow 9 invalid 01" +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-ipt_netflow-reduced-size-encoding.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-ipt_netflow-reduced-size-encoding.golden.json new file mode 100644 index 00000000000..ec7c0c9f8a7 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-ipt_netflow-reduced-size-encoding.golden.json @@ -0,0 +1,917 @@ +{ + "test_name": "Netflow 9 ipt_netflow reduced size encoding", + "events": [ + { + "Timestamp": "2018-02-18T05:47:09Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "193.151.198.166", + "locality": "public", + "mac": "00:1b:21:bc:24:dd", + "port": 36025 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-02-18T05:47:09Z", + "duration": 8996000000, + "end": "2018-02-18T05:46:53.996Z", + "kind": "event", + "start": "2018-02-18T05:46:45Z" + }, + "flow": { + "id": "XLC-7u3wi0U", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "193.151.198.166", + "destination_mac_address": "00:1b:21:bc:24:dd", + "destination_transport_port": 36025, + "egress_interface": 7, + "egress_physical_interface": 7, + "ethernet_type": 2048, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2018-02-18T05:47:09Z", + "uptime_millis": 1289283392, + "version": 9 + }, + "flow_end_sys_up_time": 1289268388, + "flow_start_sys_up_time": 1289259392, + "ingress_interface": 7, + "ingress_physical_interface": 7, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "193.151.192.17", + "octet_delta_count": 156, + "packet_delta_count": 3, + "protocol_identifier": 6, + "source_ipv4_address": "37.122.1.226", + "source_mac_address": "90:e2:ba:23:09:fc", + "source_transport_port": 27622, + "tcp_control_bits": 2, + "tcp_options": 4026531840, + "type": "netflow_flow" + }, + "network": { + "bytes": 156, + "community_id": "1:UB3lt1Isf0aF4UrkqLFDFJF9mqs=", + "direction": "unknown", + "iana_number": 6, + "packets": 3, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 156, + "ip": "37.122.1.226", + "locality": "public", + "mac": "90:e2:ba:23:09:fc", + "packets": 3, + "port": 27622 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-02-18T05:47:09Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "193.151.199.69", + "locality": "public", + "mac": "00:1b:21:bc:24:dd", + "port": 29598 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-02-18T05:47:09Z", + "duration": 0, + "end": "2018-02-18T05:46:53.992Z", + "kind": "event", + "start": "2018-02-18T05:46:53.992Z" + }, + "flow": { + "id": "2mdiEm9z6pA", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "193.151.199.69", + "destination_mac_address": "00:1b:21:bc:24:dd", + "destination_transport_port": 29598, + "egress_interface": 7, + "egress_physical_interface": 7, + "ethernet_type": 2048, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2018-02-18T05:47:09Z", + "uptime_millis": 1289283392, + "version": 9 + }, + "flow_end_sys_up_time": 1289268384, + "flow_start_sys_up_time": 1289268384, + "ingress_interface": 7, + "ingress_physical_interface": 7, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "193.151.192.17", + "octet_delta_count": 48, + "packet_delta_count": 1, + "protocol_identifier": 6, + "source_ipv4_address": "5.141.231.166", + "source_mac_address": "90:e2:ba:23:09:fc", + "source_transport_port": 31178, + "tcp_control_bits": 2, + "tcp_options": 3489660928, + "type": "netflow_flow" + }, + "network": { + "bytes": 48, + "community_id": "1:qRS02uGU7DQQhA2eIiypcWW646c=", + "direction": "unknown", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 48, + "ip": "5.141.231.166", + "locality": "public", + "mac": "90:e2:ba:23:09:fc", + "packets": 1, + "port": 31178 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-02-18T05:47:09Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "212.224.113.74", + "locality": "public", + "mac": "00:1b:21:bc:24:dc", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-02-18T05:47:09Z", + "duration": 7652000000, + "end": "2018-02-18T05:46:53.988Z", + "kind": "event", + "start": "2018-02-18T05:46:46.336Z" + }, + "flow": { + "id": "IKsDJxZK5UA", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "212.224.113.74", + "destination_mac_address": "00:1b:21:bc:24:dc", + "destination_transport_port": 443, + "egress_interface": 7, + "egress_physical_interface": 7, + "ethernet_type": 2048, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2018-02-18T05:47:09Z", + "uptime_millis": 1289283392, + "version": 9 + }, + "flow_end_sys_up_time": 1289268380, + "flow_start_sys_up_time": 1289260728, + "ingress_interface": 8, + "ingress_physical_interface": 8, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "193.151.192.17", + "octet_delta_count": 584, + "packet_delta_count": 11, + "protocol_identifier": 6, + "source_ipv4_address": "10.233.128.4", + "source_mac_address": "00:04:96:97:b8:cd", + "source_transport_port": 53688, + "tcp_control_bits": 211, + "tcp_options": 4043309057, + "type": "netflow_flow" + }, + "network": { + "bytes": 584, + "community_id": "1:m2CtSpaQp+2xe8gg2IStCRuPvdE=", + "direction": "unknown", + "iana_number": 6, + "packets": 11, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 584, + "ip": "10.233.128.4", + "locality": "private", + "mac": "00:04:96:97:b8:cd", + "packets": 11, + "port": 53688 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-02-18T05:47:09Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.236.8.4", + "locality": "private", + "mac": "00:1b:21:bc:24:dc", + "port": 51549 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-02-18T05:47:09Z", + "duration": 16000000, + "end": "2018-02-18T05:46:53.992Z", + "kind": "event", + "start": "2018-02-18T05:46:53.976Z" + }, + "flow": { + "id": "lfpS1KL7LwI", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "10.236.8.4", + "destination_mac_address": "00:1b:21:bc:24:dc", + "destination_transport_port": 51549, + "egress_interface": 8, + "egress_physical_interface": 8, + "ethernet_type": 2048, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2018-02-18T05:47:09Z", + "uptime_millis": 1289283392, + "version": 9 + }, + "flow_end_sys_up_time": 1289268384, + "flow_start_sys_up_time": 1289268368, + "ingress_interface": 123, + "ingress_physical_interface": 123, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.232.5.1", + "octet_delta_count": 577, + "packet_delta_count": 4, + "protocol_identifier": 6, + "source_ipv4_address": "193.151.192.46", + "source_mac_address": "00:1a:4a:16:01:81", + "source_transport_port": 80, + "tcp_control_bits": 27, + "tcp_options": 4043309056, + "type": "netflow_flow" + }, + "network": { + "bytes": 577, + "community_id": "1:qBYG/gPpQslUYq/PoeUvwOTeciI=", + "direction": "unknown", + "iana_number": 6, + "packets": 4, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 577, + "ip": "193.151.192.46", + "locality": "public", + "mac": "00:1a:4a:16:01:81", + "packets": 4, + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-02-18T05:47:09Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "62.221.115.205", + "locality": "public", + "mac": "00:1b:21:bc:24:dc", + "port": 1024 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-02-18T05:47:09Z", + "duration": 1168000000, + "end": "2018-02-18T05:46:53.988Z", + "kind": "event", + "start": "2018-02-18T05:46:52.82Z" + }, + "flow": { + "id": "HRyho8QOr5M", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "62.221.115.205", + "destination_mac_address": "00:1b:21:bc:24:dc", + "destination_transport_port": 1024, + "egress_interface": 7, + "egress_physical_interface": 7, + "ethernet_type": 2048, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2018-02-18T05:47:09Z", + "uptime_millis": 1289283392, + "version": 9 + }, + "flow_end_sys_up_time": 1289268380, + "flow_start_sys_up_time": 1289267212, + "ingress_interface": 8, + "ingress_physical_interface": 8, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "193.151.192.17", + "octet_delta_count": 152, + "packet_delta_count": 3, + "protocol_identifier": 6, + "source_ipv4_address": "10.235.197.6", + "source_mac_address": "00:04:96:97:b8:cd", + "source_transport_port": 57505, + "tcp_control_bits": 2, + "tcp_options": 4026531840, + "type": "netflow_flow" + }, + "network": { + "bytes": 152, + "community_id": "1:IMkMWSeVEQtrGLMvUrWNrRloBnU=", + "direction": "unknown", + "iana_number": 6, + "packets": 3, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 152, + "ip": "10.235.197.6", + "locality": "private", + "mac": "00:04:96:97:b8:cd", + "packets": 3, + "port": 57505 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-02-18T05:47:09Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "37.146.125.64", + "locality": "public", + "mac": "00:1b:21:bc:24:dc", + "port": 3237 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-02-18T05:47:09Z", + "duration": 8992000000, + "end": "2018-02-18T05:46:53.992Z", + "kind": "event", + "start": "2018-02-18T05:46:45Z" + }, + "flow": { + "id": "jbL3H_oK7ok", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "37.146.125.64", + "destination_mac_address": "00:1b:21:bc:24:dc", + "destination_transport_port": 3237, + "egress_interface": 7, + "egress_physical_interface": 7, + "ethernet_type": 2048, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2018-02-18T05:47:09Z", + "uptime_millis": 1289283392, + "version": 9 + }, + "flow_end_sys_up_time": 1289268384, + "flow_start_sys_up_time": 1289259392, + "ingress_interface": 8, + "ingress_physical_interface": 8, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "193.151.192.17", + "octet_delta_count": 152, + "packet_delta_count": 3, + "protocol_identifier": 6, + "source_ipv4_address": "10.236.31.7", + "source_mac_address": "00:04:96:97:b8:cd", + "source_transport_port": 61471, + "tcp_control_bits": 2, + "tcp_options": 4026531840, + "type": "netflow_flow" + }, + "network": { + "bytes": 152, + "community_id": "1:x/J1qXHnaUwGcB8zD1GcpV9lWRs=", + "direction": "unknown", + "iana_number": 6, + "packets": 3, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 152, + "ip": "10.236.31.7", + "locality": "private", + "mac": "00:04:96:97:b8:cd", + "packets": 3, + "port": 61471 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-02-18T05:47:09Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "52.198.214.72", + "locality": "public", + "mac": "00:1b:21:bc:24:dc", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-02-18T05:47:09Z", + "duration": 4432000000, + "end": "2018-02-18T05:46:53.992Z", + "kind": "event", + "start": "2018-02-18T05:46:49.56Z" + }, + "flow": { + "id": "ayKjfr1z0QU", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "52.198.214.72", + "destination_mac_address": "00:1b:21:bc:24:dc", + "destination_transport_port": 443, + "egress_interface": 7, + "egress_physical_interface": 7, + "ethernet_type": 2048, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2018-02-18T05:47:09Z", + "uptime_millis": 1289283392, + "version": 9 + }, + "flow_end_sys_up_time": 1289268384, + "flow_start_sys_up_time": 1289263952, + "ingress_interface": 8, + "ingress_physical_interface": 8, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "193.151.192.17", + "octet_delta_count": 1809, + "packet_delta_count": 15, + "protocol_identifier": 6, + "source_ipv4_address": "10.233.151.8", + "source_mac_address": "00:04:96:97:b8:cd", + "source_transport_port": 58044, + "tcp_control_bits": 31, + "tcp_options": 4177526784, + "type": "netflow_flow" + }, + "network": { + "bytes": 1809, + "community_id": "1:FsZvFeVrzzIyp2g1XhIbWdMJlww=", + "direction": "unknown", + "iana_number": 6, + "packets": 15, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1809, + "ip": "10.233.151.8", + "locality": "private", + "mac": "00:04:96:97:b8:cd", + "packets": 15, + "port": 58044 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-02-18T05:47:09Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "64.233.161.188", + "locality": "public", + "mac": "00:1b:21:bc:24:dc", + "port": 5228 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-02-18T05:47:09Z", + "duration": 80000000, + "end": "2018-02-18T05:46:53.996Z", + "kind": "event", + "start": "2018-02-18T05:46:53.916Z" + }, + "flow": { + "id": "B15R8wv_tVI", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "64.233.161.188", + "destination_mac_address": "00:1b:21:bc:24:dc", + "destination_transport_port": 5228, + "egress_interface": 7, + "egress_physical_interface": 7, + "ethernet_type": 2048, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2018-02-18T05:47:09Z", + "uptime_millis": 1289283392, + "version": 9 + }, + "flow_end_sys_up_time": 1289268388, + "flow_start_sys_up_time": 1289268308, + "ingress_interface": 8, + "ingress_physical_interface": 8, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "193.151.192.17", + "octet_delta_count": 234, + "packet_delta_count": 3, + "protocol_identifier": 6, + "source_ipv4_address": "10.234.22.4", + "source_mac_address": "00:04:96:97:b8:cd", + "source_transport_port": 60583, + "tcp_control_bits": 24, + "tcp_options": 2164260864, + "type": "netflow_flow" + }, + "network": { + "bytes": 234, + "community_id": "1:b6ds1NE3TsQ0PIp+pKuGWaqwsyc=", + "direction": "unknown", + "iana_number": 6, + "packets": 3, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 234, + "ip": "10.234.22.4", + "locality": "private", + "mac": "00:04:96:97:b8:cd", + "packets": 3, + "port": 60583 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-02-18T05:47:09Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "185.209.20.240", + "locality": "public", + "mac": "00:1b:21:bc:24:dc", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-02-18T05:47:09Z", + "duration": 400000000, + "end": "2018-02-18T05:46:53.992Z", + "kind": "event", + "start": "2018-02-18T05:46:53.592Z" + }, + "flow": { + "id": "oYN-uwp504w", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "185.209.20.240", + "destination_mac_address": "00:1b:21:bc:24:dc", + "destination_transport_port": 80, + "egress_interface": 7, + "egress_physical_interface": 7, + "ethernet_type": 2048, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2018-02-18T05:47:09Z", + "uptime_millis": 1289283392, + "version": 9 + }, + "flow_end_sys_up_time": 1289268384, + "flow_start_sys_up_time": 1289267984, + "ingress_interface": 8, + "ingress_physical_interface": 8, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "193.151.192.17", + "octet_delta_count": 1681, + "packet_delta_count": 22, + "protocol_identifier": 6, + "source_ipv4_address": "10.233.36.7", + "source_mac_address": "00:04:96:97:b8:cd", + "source_transport_port": 51399, + "tcp_control_bits": 27, + "tcp_options": 4043309056, + "type": "netflow_flow" + }, + "network": { + "bytes": 1681, + "community_id": "1:w1ulQqI1NNDG8118wxe2KjecAWs=", + "direction": "unknown", + "iana_number": 6, + "packets": 22, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1681, + "ip": "10.233.36.7", + "locality": "private", + "mac": "00:04:96:97:b8:cd", + "packets": 22, + "port": 51399 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-02-18T05:47:09Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "84.39.245.175", + "locality": "public", + "mac": "00:1b:21:bc:24:dc", + "port": 18580 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-02-18T05:47:09Z", + "duration": 9024000000, + "end": "2018-02-18T05:46:53.988Z", + "kind": "event", + "start": "2018-02-18T05:46:44.964Z" + }, + "flow": { + "id": "MUPum_LUoxk", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "84.39.245.175", + "destination_mac_address": "00:1b:21:bc:24:dc", + "destination_transport_port": 18580, + "egress_interface": 7, + "egress_physical_interface": 7, + "ethernet_type": 2048, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2018-02-18T05:47:09Z", + "uptime_millis": 1289283392, + "version": 9 + }, + "flow_end_sys_up_time": 1289268380, + "flow_start_sys_up_time": 1289259356, + "ingress_interface": 8, + "ingress_physical_interface": 8, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "193.151.192.17", + "octet_delta_count": 152, + "packet_delta_count": 3, + "protocol_identifier": 6, + "source_ipv4_address": "10.233.200.7", + "source_mac_address": "00:04:96:97:b8:cd", + "source_transport_port": 61820, + "tcp_control_bits": 2, + "tcp_options": 4026531840, + "type": "netflow_flow" + }, + "network": { + "bytes": 152, + "community_id": "1:IQI7c8/Vlpqocm+uFFUkvbXPrIo=", + "direction": "unknown", + "iana_number": 6, + "packets": 3, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 152, + "ip": "10.233.200.7", + "locality": "private", + "mac": "00:04:96:97:b8:cd", + "packets": 3, + "port": 61820 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-02-18T05:47:09Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.232.8.45", + "locality": "private", + "mac": "00:1b:21:bc:24:dd", + "port": 56257 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-02-18T05:47:09Z", + "duration": 60000000, + "end": "2018-02-18T05:46:53.992Z", + "kind": "event", + "start": "2018-02-18T05:46:53.932Z" + }, + "flow": { + "id": "YStkNP0pV1E", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "10.232.8.45", + "destination_mac_address": "00:1b:21:bc:24:dd", + "destination_transport_port": 56257, + "egress_interface": 8, + "egress_physical_interface": 8, + "ethernet_type": 2048, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2018-02-18T05:47:09Z", + "uptime_millis": 1289283392, + "version": 9 + }, + "flow_end_sys_up_time": 1289268384, + "flow_start_sys_up_time": 1289268324, + "ingress_interface": 7, + "ingress_physical_interface": 7, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.232.5.1", + "octet_delta_count": 1866, + "packet_delta_count": 3, + "protocol_identifier": 6, + "source_ipv4_address": "23.43.139.27", + "source_mac_address": "90:e2:ba:23:09:fc", + "source_transport_port": 80, + "tcp_control_bits": 26, + "tcp_options": 4026531840, + "type": "netflow_flow" + }, + "network": { + "bytes": 1866, + "community_id": "1:E4w2M65VHyHNlcgPcdFLuqutRQg=", + "direction": "unknown", + "iana_number": 6, + "packets": 3, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 1866, + "ip": "23.43.139.27", + "locality": "public", + "mac": "90:e2:ba:23:09:fc", + "packets": 3, + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-02-18T05:47:09Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.233.150.21", + "locality": "private", + "mac": "00:1b:21:bc:24:dd", + "port": 38164 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-02-18T05:47:09Z", + "duration": 192000000, + "end": "2018-02-18T05:46:53.992Z", + "kind": "event", + "start": "2018-02-18T05:46:53.8Z" + }, + "flow": { + "id": "nkastJ_vPI4", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "10.233.150.21", + "destination_mac_address": "00:1b:21:bc:24:dd", + "destination_transport_port": 38164, + "egress_interface": 8, + "egress_physical_interface": 8, + "ethernet_type": 2048, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2018-02-18T05:47:09Z", + "uptime_millis": 1289283392, + "version": 9 + }, + "flow_end_sys_up_time": 1289268384, + "flow_start_sys_up_time": 1289268192, + "ingress_interface": 7, + "ingress_physical_interface": 7, + "ip_class_of_service": 0, + "ip_next_hop_ipv4_address": "10.232.5.1", + "octet_delta_count": 187, + "packet_delta_count": 3, + "protocol_identifier": 6, + "source_ipv4_address": "2.17.140.47", + "source_mac_address": "90:e2:ba:23:09:fc", + "source_transport_port": 443, + "tcp_control_bits": 25, + "tcp_options": 2164260864, + "type": "netflow_flow" + }, + "network": { + "bytes": 187, + "community_id": "1:Ukfnc8AX67bQypWSmcn5huV+6qI=", + "direction": "unknown", + "iana_number": 6, + "packets": 3, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 187, + "ip": "2.17.140.47", + "locality": "public", + "mac": "90:e2:ba:23:09:fc", + "packets": 3, + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-macaddress.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-macaddress.golden.json new file mode 100644 index 00000000000..0115c023fb6 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-macaddress.golden.json @@ -0,0 +1,1663 @@ +{ + "test_name": "Netflow 9 macaddress", + "events": [ + { + "Timestamp": "2015-10-10T08:46:56Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2015-10-10T08:46:56Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:46:56Z", + "uptime_millis": 30024, + "version": 9 + }, + "options": { + "exported_flow_record_total_count": 1, + "exported_message_total_count": 0 + }, + "scope": { + "octet_delta_count": 0 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 22 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "zQfsdfKgh-o", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.201", + "destination_mac_address": "00:0c:29:70:86:09", + "destination_transport_port": 22, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.1", + "source_mac_address": "00:50:56:c0:00:01", + "source_transport_port": 65058, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:xXTn9GECsRXx7t5CqUym4B1cCNU=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 65058 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.100", + "locality": "private", + "mac": "00:0c:29:8d:af:c3", + "port": 123 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "Tw1iOKJ-dfE", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.100", + "destination_mac_address": "00:0c:29:8d:af:c3", + "destination_transport_port": 123, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 17, + "source_ipv4_address": "172.16.32.201", + "source_mac_address": "00:0c:29:70:86:09", + "source_transport_port": 123, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:8JJSV5jQe+UfRnLVV/iA7sy8Nz0=", + "direction": "unknown", + "iana_number": 17, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 123 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 123 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "NF1W3jyrHAA", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.201", + "destination_mac_address": "00:0c:29:70:86:09", + "destination_transport_port": 123, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 17, + "source_ipv4_address": "172.16.32.100", + "source_mac_address": "00:0c:29:8d:af:c3", + "source_transport_port": 123, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:8JJSV5jQe+UfRnLVV/iA7sy8Nz0=", + "direction": "unknown", + "iana_number": 17, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.100", + "locality": "private", + "mac": "00:0c:29:8d:af:c3", + "port": 123 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "B-_-kE8PEgA", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.201", + "destination_mac_address": "00:0c:29:70:86:09", + "destination_transport_port": 80, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.1", + "source_mac_address": "00:50:56:c0:00:01", + "source_transport_port": 59157, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:9a3xSEOGeCOgc8wHkqU7yt3aKi4=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59157 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59157 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "B-_-kE8PEgA", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.1", + "destination_mac_address": "00:50:56:c0:00:01", + "destination_transport_port": 59157, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.201", + "source_mac_address": "00:0c:29:70:86:09", + "source_transport_port": 80, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:9a3xSEOGeCOgc8wHkqU7yt3aKi4=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "q6jss8DvXWE", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.201", + "destination_mac_address": "00:0c:29:70:86:09", + "destination_transport_port": 443, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.1", + "source_mac_address": "00:50:56:c0:00:01", + "source_transport_port": 59158, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:tReeXdYbJqf6jxHsV/6j7S+FoNQ=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59158 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59158 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "q6jss8DvXWE", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.1", + "destination_mac_address": "00:50:56:c0:00:01", + "destination_transport_port": 59158, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.201", + "source_mac_address": "00:0c:29:70:86:09", + "source_transport_port": 443, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:tReeXdYbJqf6jxHsV/6j7S+FoNQ=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 139 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "3TmuMjQR8Mk", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.201", + "destination_mac_address": "00:0c:29:70:86:09", + "destination_transport_port": 139, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.1", + "source_mac_address": "00:50:56:c0:00:01", + "source_transport_port": 59159, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:cdysWB0MnAlJwcBbj7j+pGVyBGg=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59159 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59159 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "3TmuMjQR8Mk", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.1", + "destination_mac_address": "00:50:56:c0:00:01", + "destination_transport_port": 59159, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.201", + "source_mac_address": "00:0c:29:70:86:09", + "source_transport_port": 139, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:cdysWB0MnAlJwcBbj7j+pGVyBGg=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 139 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 23 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "2KDgFVtVKGg", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.201", + "destination_mac_address": "00:0c:29:70:86:09", + "destination_transport_port": 23, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.1", + "source_mac_address": "00:50:56:c0:00:01", + "source_transport_port": 59160, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:6giQWS+fyjMORsdQimfi53pgwMk=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59160 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59160 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "2KDgFVtVKGg", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.1", + "destination_mac_address": "00:50:56:c0:00:01", + "destination_transport_port": 59160, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.201", + "source_mac_address": "00:0c:29:70:86:09", + "source_transport_port": 23, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:6giQWS+fyjMORsdQimfi53pgwMk=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 23 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 995 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "vwr6dNcr6FE", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.201", + "destination_mac_address": "00:0c:29:70:86:09", + "destination_transport_port": 995, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.1", + "source_mac_address": "00:50:56:c0:00:01", + "source_transport_port": 59161, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:9TricJ4d/hl365P4avkWHSCNrfs=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59161 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59161 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "vwr6dNcr6FE", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.1", + "destination_mac_address": "00:50:56:c0:00:01", + "destination_transport_port": 59161, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.201", + "source_mac_address": "00:0c:29:70:86:09", + "source_transport_port": 995, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:9TricJ4d/hl365P4avkWHSCNrfs=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 995 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "tmgCubSF_CU", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.201", + "destination_mac_address": "00:0c:29:70:86:09", + "destination_transport_port": 443, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.1", + "source_mac_address": "00:50:56:c0:00:01", + "source_transport_port": 59162, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:6RszvU1rDWXVJ74Ktg0VviC8dHQ=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59162 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59162 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "tmgCubSF_CU", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.1", + "destination_mac_address": "00:50:56:c0:00:01", + "destination_transport_port": 59162, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.201", + "source_mac_address": "00:0c:29:70:86:09", + "source_transport_port": 443, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:6RszvU1rDWXVJ74Ktg0VviC8dHQ=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 443 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 135 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "Agzgga7RAr0", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.201", + "destination_mac_address": "00:0c:29:70:86:09", + "destination_transport_port": 135, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.1", + "source_mac_address": "00:50:56:c0:00:01", + "source_transport_port": 59163, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:c+E4+ll1WxXDPNDgvxstOuxlZJ8=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59163 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59163 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "Agzgga7RAr0", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.1", + "destination_mac_address": "00:50:56:c0:00:01", + "destination_transport_port": 59163, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.201", + "source_mac_address": "00:0c:29:70:86:09", + "source_transport_port": 135, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:c+E4+ll1WxXDPNDgvxstOuxlZJ8=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 135 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 110 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "-cqFlm16mLc", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.201", + "destination_mac_address": "00:0c:29:70:86:09", + "destination_transport_port": 110, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.1", + "source_mac_address": "00:50:56:c0:00:01", + "source_transport_port": 59164, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:4qi27nfOIgyBcA6+RYnuq/tZB/8=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59164 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59164 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "-cqFlm16mLc", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.1", + "destination_mac_address": "00:50:56:c0:00:01", + "destination_transport_port": 59164, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.201", + "source_mac_address": "00:0c:29:70:86:09", + "source_transport_port": 110, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:4qi27nfOIgyBcA6+RYnuq/tZB/8=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 110 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 111 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "Txfldw7-948", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.201", + "destination_mac_address": "00:0c:29:70:86:09", + "destination_transport_port": 111, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.1", + "source_mac_address": "00:50:56:c0:00:01", + "source_transport_port": 59165, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:9grL4uqlG5JP5jXa8hCBLSZ1bAo=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59165 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59165 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "Txfldw7-948", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.1", + "destination_mac_address": "00:50:56:c0:00:01", + "destination_transport_port": 59165, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.201", + "source_mac_address": "00:0c:29:70:86:09", + "source_transport_port": 111, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:9grL4uqlG5JP5jXa8hCBLSZ1bAo=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 111 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 143 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "iaXg6w051Ho", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.201", + "destination_mac_address": "00:0c:29:70:86:09", + "destination_transport_port": 143, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.1", + "source_mac_address": "00:50:56:c0:00:01", + "source_transport_port": 59166, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:vY2zU7sBMSQd04PrR2LEa7Q2pFE=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59166 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59166 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "iaXg6w051Ho", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.1", + "destination_mac_address": "00:50:56:c0:00:01", + "destination_transport_port": 59166, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.201", + "source_mac_address": "00:0c:29:70:86:09", + "source_transport_port": 143, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:vY2zU7sBMSQd04PrR2LEa7Q2pFE=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 143 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 3389 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "cEvEMCFhKJk", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.201", + "destination_mac_address": "00:0c:29:70:86:09", + "destination_transport_port": 3389, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.1", + "source_mac_address": "00:50:56:c0:00:01", + "source_transport_port": 59167, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:Cf9adPldvSduPZshQSGGhNsc5PU=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59167 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59167 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "cEvEMCFhKJk", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.1", + "destination_mac_address": "00:50:56:c0:00:01", + "destination_transport_port": 59167, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.201", + "source_mac_address": "00:0c:29:70:86:09", + "source_transport_port": 3389, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:Cf9adPldvSduPZshQSGGhNsc5PU=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 3389 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "DnN0kX-gR3Q", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.201", + "destination_mac_address": "00:0c:29:70:86:09", + "destination_transport_port": 80, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.1", + "source_mac_address": "00:50:56:c0:00:01", + "source_transport_port": 59168, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:odV4cLKFeNM7n9PKTb6oi19upi4=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59168 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59168 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "DnN0kX-gR3Q", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.1", + "destination_mac_address": "00:50:56:c0:00:01", + "destination_transport_port": 59168, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.201", + "source_mac_address": "00:0c:29:70:86:09", + "source_transport_port": 80, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:odV4cLKFeNM7n9PKTb6oi19upi4=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 80 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 25 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "-kLcuxmRzgk", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.201", + "destination_mac_address": "00:0c:29:70:86:09", + "destination_transport_port": 25, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.1", + "source_mac_address": "00:50:56:c0:00:01", + "source_transport_port": 59169, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:ZRD9IAxw9PMwqFA3PuRYzm0karc=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59169 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-10T08:47:01Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.1", + "locality": "private", + "mac": "00:50:56:c0:00:01", + "port": 59169 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-10T08:47:01Z", + "kind": "event" + }, + "flow": { + "id": "-kLcuxmRzgk", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.1", + "destination_mac_address": "00:50:56:c0:00:01", + "destination_transport_port": 59169, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 97, + "timestamp": "2015-10-10T08:47:01Z", + "uptime_millis": 34488, + "version": 9 + }, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.201", + "source_mac_address": "00:0c:29:70:86:09", + "source_transport_port": 25, + "type": "netflow_flow" + }, + "network": { + "community_id": "1:ZRD9IAxw9PMwqFA3PuRYzm0karc=", + "direction": "unknown", + "iana_number": 6, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "ip": "172.16.32.201", + "locality": "private", + "mac": "00:0c:29:70:86:09", + "port": 25 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-multiple-netflow-exporters.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-multiple-netflow-exporters.golden.json new file mode 100644 index 00000000000..e408d9f7488 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-multiple-netflow-exporters.golden.json @@ -0,0 +1,583 @@ +{ + "test_name": "Netflow 9 multiple netflow exporters", + "events": [ + { + "Timestamp": "2015-10-08T19:06:29Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2015-10-08T19:06:29Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 147, + "timestamp": "2015-10-08T19:06:29Z", + "uptime_millis": 33990, + "version": 9 + }, + "options": { + "exported_flow_record_total_count": 1, + "exported_message_total_count": 0 + }, + "scope": { + "octet_delta_count": 0 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-08T19:04:30Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.248", + "locality": "private", + "port": 123 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-08T19:04:30Z", + "duration": 1000000, + "end": "2015-10-08T19:03:46.141Z", + "kind": "event", + "start": "2015-10-08T19:03:46.14Z" + }, + "flow": { + "id": "1E-M5OJg_go", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.248", + "destination_transport_port": 123, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-08T19:04:30Z", + "uptime_millis": 45076, + "version": 9 + }, + "flow_end_sys_up_time": 1217, + "flow_start_sys_up_time": 1216, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 76, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "172.16.32.100", + "source_transport_port": 123, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 76, + "community_id": "1:QKTFMKhaT7j1xLTKOURCTVzbKk8=", + "direction": "unknown", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 76, + "ip": "172.16.32.100", + "locality": "private", + "packets": 1, + "port": 123 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-08T19:04:30Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.100", + "locality": "private", + "port": 123 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-08T19:04:30Z", + "duration": 1000000, + "end": "2015-10-08T19:03:46.141Z", + "kind": "event", + "start": "2015-10-08T19:03:46.14Z" + }, + "flow": { + "id": "yMxFd8CW_Ok", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.100", + "destination_transport_port": 123, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-08T19:04:30Z", + "uptime_millis": 45076, + "version": 9 + }, + "flow_end_sys_up_time": 1217, + "flow_start_sys_up_time": 1216, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 76, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "172.16.32.248", + "source_transport_port": 123, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 76, + "community_id": "1:QKTFMKhaT7j1xLTKOURCTVzbKk8=", + "direction": "unknown", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 76, + "ip": "172.16.32.248", + "locality": "private", + "packets": 1, + "port": 123 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-08T19:04:30Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.201", + "locality": "private", + "port": 123 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-08T19:04:30Z", + "duration": 1000000, + "end": "2015-10-08T19:03:51.814Z", + "kind": "event", + "start": "2015-10-08T19:03:51.813Z" + }, + "flow": { + "id": "NF1W3jyrHAA", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.201", + "destination_transport_port": 123, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-08T19:04:30Z", + "uptime_millis": 45076, + "version": 9 + }, + "flow_end_sys_up_time": 6890, + "flow_start_sys_up_time": 6889, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 76, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "172.16.32.100", + "source_transport_port": 123, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 76, + "community_id": "1:8JJSV5jQe+UfRnLVV/iA7sy8Nz0=", + "direction": "unknown", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 76, + "ip": "172.16.32.100", + "locality": "private", + "packets": 1, + "port": 123 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-08T19:04:30Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.100", + "locality": "private", + "port": 123 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-08T19:04:30Z", + "duration": 1000000, + "end": "2015-10-08T19:03:51.814Z", + "kind": "event", + "start": "2015-10-08T19:03:51.813Z" + }, + "flow": { + "id": "Tw1iOKJ-dfE", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.100", + "destination_transport_port": 123, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-08T19:04:30Z", + "uptime_millis": 45076, + "version": 9 + }, + "flow_end_sys_up_time": 6890, + "flow_start_sys_up_time": 6889, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 76, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "172.16.32.201", + "source_transport_port": 123, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 76, + "community_id": "1:8JJSV5jQe+UfRnLVV/iA7sy8Nz0=", + "direction": "unknown", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 76, + "ip": "172.16.32.201", + "locality": "private", + "packets": 1, + "port": 123 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-08T19:04:30Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.202", + "locality": "private", + "port": 123 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-08T19:04:30Z", + "duration": 0, + "end": "2015-10-08T19:03:55.958Z", + "kind": "event", + "start": "2015-10-08T19:03:55.958Z" + }, + "flow": { + "id": "sNF38-obC7k", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.202", + "destination_transport_port": 123, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-08T19:04:30Z", + "uptime_millis": 45076, + "version": 9 + }, + "flow_end_sys_up_time": 11034, + "flow_start_sys_up_time": 11034, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 76, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "172.16.32.100", + "source_transport_port": 123, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 76, + "community_id": "1:SYyoe1e5BMoo9l35SqJ7wRextZg=", + "direction": "unknown", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 76, + "ip": "172.16.32.100", + "locality": "private", + "packets": 1, + "port": 123 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-08T19:04:30Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.100", + "locality": "private", + "port": 123 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-08T19:04:30Z", + "duration": 0, + "end": "2015-10-08T19:03:55.958Z", + "kind": "event", + "start": "2015-10-08T19:03:55.958Z" + }, + "flow": { + "id": "458D6voFu3E", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.100", + "destination_transport_port": 123, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-08T19:04:30Z", + "uptime_millis": 45076, + "version": 9 + }, + "flow_end_sys_up_time": 11034, + "flow_start_sys_up_time": 11034, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 76, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "172.16.32.202", + "source_transport_port": 123, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 76, + "community_id": "1:SYyoe1e5BMoo9l35SqJ7wRextZg=", + "direction": "unknown", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 76, + "ip": "172.16.32.202", + "locality": "private", + "packets": 1, + "port": 123 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-08T19:04:30Z", + "Meta": null, + "Fields": { + "destination": { + "port": 34304 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-08T19:04:30Z", + "duration": 38081000000, + "end": "2015-10-08T19:04:25.9Z", + "kind": "event", + "start": "2015-10-08T19:03:47.819Z" + }, + "flow": { + "id": "tYpw8DU5u10", + "locality": "private" + }, + "netflow": { + "destination_ipv6_address": "ff02::1", + "destination_transport_port": 34304, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-08T19:04:30Z", + "uptime_millis": 45076, + "version": 9 + }, + "flow_end_sys_up_time": 40976, + "flow_start_sys_up_time": 2895, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 6, + "octet_delta_count": 672, + "packet_delta_count": 7, + "protocol_identifier": 58, + "source_ipv6_address": "fe80::20c:29ff:fe83:3b6e", + "source_transport_port": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 672, + "community_id": "1:vK+Zeop1Y3GHxfFGVF2/COcNBWw=", + "direction": "unknown", + "iana_number": 58, + "packets": 7, + "transport": "ipv6-icmp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 672, + "packets": 7, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-08T19:06:29Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.1", + "locality": "private", + "port": 65058 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-08T19:06:29Z", + "duration": 5000000, + "end": "2015-10-08T19:05:55.015Z", + "kind": "event", + "start": "2015-10-08T19:05:55.01Z" + }, + "flow": { + "id": "zQfsdfKgh-o", + "locality": "private" + }, + "netflow": { + "bgp_destination_as_number": 0, + "bgp_source_as_number": 0, + "destination_ipv4_address": "172.16.32.1", + "destination_ipv4_prefix_length": 0, + "destination_transport_port": 65058, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 147, + "timestamp": "2015-10-08T19:06:29Z", + "uptime_millis": 33990, + "version": 9 + }, + "flow_end_sys_up_time": 5, + "flow_start_sys_up_time": 0, + "ingress_interface": 0, + "ip_class_of_service": 16, + "ip_next_hop_ipv4_address": "0.0.0.0", + "octet_delta_count": 200, + "packet_delta_count": 2, + "protocol_identifier": 6, + "source_ipv4_address": "172.16.32.201", + "source_ipv4_prefix_length": 0, + "source_transport_port": 22, + "tcp_control_bits": 24, + "type": "netflow_flow" + }, + "network": { + "bytes": 200, + "community_id": "1:xXTn9GECsRXx7t5CqUym4B1cCNU=", + "direction": "unknown", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 200, + "ip": "172.16.32.201", + "locality": "private", + "packets": 2, + "port": 22 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-nprobe-DPI-L7.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-nprobe-DPI-L7.golden.json new file mode 100644 index 00000000000..69e0a14a66c --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-nprobe-DPI-L7.golden.json @@ -0,0 +1,67 @@ +{ + "test_name": "Netflow 9 nprobe DPI L7", + "events": [ + { + "Timestamp": "1970-01-01T00:08:22Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "0.0.0.0", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "1970-01-01T00:08:22Z", + "kind": "event" + }, + "flow": { + "id": "oFN7CMNpOLQ", + "locality": "private" + }, + "netflow": { + "application_id": "AAAAUg==", + "application_name": "\u0000\u0000\u0000\u0000\u0000\"\u0000\u0000\u0000\u0000\u0004", + "destination_ipv4_address": "0.0.0.0", + "destination_transport_port": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "1970-01-01T00:08:22Z", + "uptime_millis": 91000, + "version": 9 + }, + "flow_end_sys_up_time": 104000, + "flow_start_sys_up_time": 101000, + "octet_delta_count": 82, + "packet_delta_count": 1, + "protocol_identifier": 0, + "source_ipv4_address": "0.0.0.0", + "source_transport_port": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 82, + "community_id": "1:LFE/FJ5zfsQGP8HTeu6b6rxLS78=", + "direction": "unknown", + "iana_number": 0, + "packets": 1, + "transport": "unknown (0)" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 82, + "ip": "0.0.0.0", + "locality": "private", + "packets": 1, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-options-template-with-scope-fields.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-options-template-with-scope-fields.golden.json new file mode 100644 index 00000000000..49732550717 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-options-template-with-scope-fields.golden.json @@ -0,0 +1,39 @@ +{ + "test_name": "Netflow 9 options template with scope fields", + "events": [ + { + "Timestamp": "2015-10-08T19:06:29Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2015-10-08T19:06:29Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 147, + "timestamp": "2015-10-08T19:06:29Z", + "uptime_millis": 33990, + "version": 9 + }, + "options": { + "exported_flow_record_total_count": 1, + "exported_message_total_count": 0 + }, + "scope": { + "octet_delta_count": 0 + }, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-template-with-0-length-fields.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-template-with-0-length-fields.golden.json new file mode 100644 index 00000000000..cf8c141f5c3 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-template-with-0-length-fields.golden.json @@ -0,0 +1,725 @@ +{ + "test_name": "Netflow 9 template with 0 length fields", + "events": [ + { + "Timestamp": "2016-12-23T01:35:31Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.1.80", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-23T01:35:31Z", + "duration": 0, + "end": "2016-12-23T01:34:48.299Z", + "kind": "event", + "start": "2016-12-23T01:34:48.299Z" + }, + "flow": { + "id": "BSsjrf_TZnk", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "192.168.1.80", + "destination_ipv4_prefix_length": 32, + "destination_transport_port": 0, + "egress_interface": 2, + "engine_id": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-12-23T01:35:31Z", + "uptime_millis": 4175241, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 4132540, + "flow_start_sys_up_time": 4132540, + "ingress_interface": 3, + "octet_delta_count": 0, + "packet_delta_count": 0, + "post_octet_delta_count": 0, + "post_packet_delta_count": 0, + "protocol_identifier": 2, + "source_ipv4_address": "239.255.255.250", + "source_ipv4_prefix_length": 32, + "source_transport_port": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 0, + "community_id": "1:ULB1r6mICiBbVy83sLPpCdI1WpE=", + "direction": "outbound", + "iana_number": 2, + "packets": 0, + "transport": "unknown (2)" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 0, + "ip": "239.255.255.250", + "locality": "public", + "packets": 0, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-23T01:35:31Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "239.255.255.250", + "locality": "public", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-23T01:35:31Z", + "duration": 0, + "end": "2016-12-23T01:34:48.299Z", + "kind": "event", + "start": "2016-12-23T01:34:48.299Z" + }, + "flow": { + "id": "R1Sjz_ITbgo", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "239.255.255.250", + "destination_ipv4_prefix_length": 32, + "destination_transport_port": 0, + "egress_interface": 3, + "engine_id": 1, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-12-23T01:35:31Z", + "uptime_millis": 4175241, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 4132540, + "flow_start_sys_up_time": 4132540, + "ingress_interface": 2, + "octet_delta_count": 0, + "packet_delta_count": 0, + "post_octet_delta_count": 32, + "post_packet_delta_count": 1, + "protocol_identifier": 2, + "source_ipv4_address": "192.168.1.80", + "source_ipv4_prefix_length": 32, + "source_transport_port": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 0, + "community_id": "1:ULB1r6mICiBbVy83sLPpCdI1WpE=", + "direction": "outbound", + "iana_number": 2, + "packets": 0, + "transport": "unknown (2)" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 0, + "ip": "192.168.1.80", + "locality": "private", + "packets": 0, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-23T01:35:31Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.1.95", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-23T01:35:31Z", + "duration": 0, + "end": "2016-12-23T01:34:51.469Z", + "kind": "event", + "start": "2016-12-23T01:34:51.469Z" + }, + "flow": { + "id": "FpUgB2PIhjQ", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "192.168.1.95", + "destination_ipv4_prefix_length": 32, + "destination_transport_port": 0, + "egress_interface": 2, + "engine_id": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-12-23T01:35:31Z", + "uptime_millis": 4175241, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 4135710, + "flow_start_sys_up_time": 4135710, + "ingress_interface": 3, + "octet_delta_count": 0, + "packet_delta_count": 0, + "post_octet_delta_count": 0, + "post_packet_delta_count": 0, + "protocol_identifier": 2, + "source_ipv4_address": "239.255.255.250", + "source_ipv4_prefix_length": 32, + "source_transport_port": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 0, + "community_id": "1:/vWRin3SqfXQJiLYySDX59nv1RI=", + "direction": "inbound", + "iana_number": 2, + "packets": 0, + "transport": "unknown (2)" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 0, + "ip": "239.255.255.250", + "locality": "public", + "packets": 0, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-23T01:35:31Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "239.255.255.250", + "locality": "public", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-23T01:35:31Z", + "duration": 0, + "end": "2016-12-23T01:34:51.469Z", + "kind": "event", + "start": "2016-12-23T01:34:51.469Z" + }, + "flow": { + "id": "qN8iQExOvkc", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "239.255.255.250", + "destination_ipv4_prefix_length": 32, + "destination_transport_port": 0, + "egress_interface": 3, + "engine_id": 1, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-12-23T01:35:31Z", + "uptime_millis": 4175241, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 4135710, + "flow_start_sys_up_time": 4135710, + "ingress_interface": 2, + "octet_delta_count": 32, + "packet_delta_count": 1, + "post_octet_delta_count": 0, + "post_packet_delta_count": 0, + "protocol_identifier": 2, + "source_ipv4_address": "192.168.1.95", + "source_ipv4_prefix_length": 32, + "source_transport_port": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 32, + "community_id": "1:/vWRin3SqfXQJiLYySDX59nv1RI=", + "direction": "inbound", + "iana_number": 2, + "packets": 1, + "transport": "unknown (2)" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 32, + "ip": "192.168.1.95", + "locality": "private", + "packets": 1, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-23T01:35:31Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.1.95", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-23T01:35:31Z", + "duration": 0, + "end": "2016-12-23T01:34:51.469Z", + "kind": "event", + "start": "2016-12-23T01:34:51.469Z" + }, + "flow": { + "id": "FpUgB2PIhjQ", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "192.168.1.95", + "destination_ipv4_prefix_length": 32, + "destination_transport_port": 0, + "egress_interface": 2, + "engine_id": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-12-23T01:35:31Z", + "uptime_millis": 4175241, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 4135710, + "flow_start_sys_up_time": 4135710, + "ingress_interface": 3, + "octet_delta_count": 0, + "packet_delta_count": 0, + "post_octet_delta_count": 0, + "post_packet_delta_count": 0, + "protocol_identifier": 2, + "source_ipv4_address": "239.255.255.250", + "source_ipv4_prefix_length": 32, + "source_transport_port": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 0, + "community_id": "1:/vWRin3SqfXQJiLYySDX59nv1RI=", + "direction": "outbound", + "iana_number": 2, + "packets": 0, + "transport": "unknown (2)" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 0, + "ip": "239.255.255.250", + "locality": "public", + "packets": 0, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-23T01:35:31Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "239.255.255.250", + "locality": "public", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-23T01:35:31Z", + "duration": 0, + "end": "2016-12-23T01:34:51.469Z", + "kind": "event", + "start": "2016-12-23T01:34:51.469Z" + }, + "flow": { + "id": "qN8iQExOvkc", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "239.255.255.250", + "destination_ipv4_prefix_length": 32, + "destination_transport_port": 0, + "egress_interface": 3, + "engine_id": 1, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-12-23T01:35:31Z", + "uptime_millis": 4175241, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 4135710, + "flow_start_sys_up_time": 4135710, + "ingress_interface": 2, + "octet_delta_count": 0, + "packet_delta_count": 0, + "post_octet_delta_count": 32, + "post_packet_delta_count": 1, + "protocol_identifier": 2, + "source_ipv4_address": "192.168.1.95", + "source_ipv4_prefix_length": 32, + "source_transport_port": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 0, + "community_id": "1:/vWRin3SqfXQJiLYySDX59nv1RI=", + "direction": "outbound", + "iana_number": 2, + "packets": 0, + "transport": "unknown (2)" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 0, + "ip": "192.168.1.95", + "locality": "private", + "packets": 0, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-23T01:35:31Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.1.33", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-23T01:35:31Z", + "duration": 0, + "end": "2016-12-23T01:34:51.569Z", + "kind": "event", + "start": "2016-12-23T01:34:51.569Z" + }, + "flow": { + "id": "WuFpyBG1Gt0", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "192.168.1.33", + "destination_ipv4_prefix_length": 32, + "destination_transport_port": 0, + "egress_interface": 2, + "engine_id": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-12-23T01:35:31Z", + "uptime_millis": 4175241, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 4135810, + "flow_start_sys_up_time": 4135810, + "ingress_interface": 3, + "octet_delta_count": 0, + "packet_delta_count": 0, + "post_octet_delta_count": 0, + "post_packet_delta_count": 0, + "protocol_identifier": 2, + "source_ipv4_address": "239.255.255.250", + "source_ipv4_prefix_length": 32, + "source_transport_port": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 0, + "community_id": "1:/AXSKRoRIJEcn9AsawscEIuzsn0=", + "direction": "inbound", + "iana_number": 2, + "packets": 0, + "transport": "unknown (2)" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 0, + "ip": "239.255.255.250", + "locality": "public", + "packets": 0, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-23T01:35:31Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "239.255.255.250", + "locality": "public", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-23T01:35:31Z", + "duration": 0, + "end": "2016-12-23T01:34:51.569Z", + "kind": "event", + "start": "2016-12-23T01:34:51.569Z" + }, + "flow": { + "id": "1aysHUs7BpA", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "239.255.255.250", + "destination_ipv4_prefix_length": 32, + "destination_transport_port": 0, + "egress_interface": 3, + "engine_id": 1, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-12-23T01:35:31Z", + "uptime_millis": 4175241, + "version": 9 + }, + "flow_direction": 0, + "flow_end_sys_up_time": 4135810, + "flow_start_sys_up_time": 4135810, + "ingress_interface": 2, + "octet_delta_count": 32, + "packet_delta_count": 1, + "post_octet_delta_count": 0, + "post_packet_delta_count": 0, + "protocol_identifier": 2, + "source_ipv4_address": "192.168.1.33", + "source_ipv4_prefix_length": 32, + "source_transport_port": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 32, + "community_id": "1:/AXSKRoRIJEcn9AsawscEIuzsn0=", + "direction": "inbound", + "iana_number": 2, + "packets": 1, + "transport": "unknown (2)" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 32, + "ip": "192.168.1.33", + "locality": "private", + "packets": 1, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-23T01:35:31Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "192.168.1.33", + "locality": "private", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-23T01:35:31Z", + "duration": 0, + "end": "2016-12-23T01:34:51.569Z", + "kind": "event", + "start": "2016-12-23T01:34:51.569Z" + }, + "flow": { + "id": "WuFpyBG1Gt0", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "192.168.1.33", + "destination_ipv4_prefix_length": 32, + "destination_transport_port": 0, + "egress_interface": 2, + "engine_id": 2, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-12-23T01:35:31Z", + "uptime_millis": 4175241, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 4135810, + "flow_start_sys_up_time": 4135810, + "ingress_interface": 3, + "octet_delta_count": 0, + "packet_delta_count": 0, + "post_octet_delta_count": 0, + "post_packet_delta_count": 0, + "protocol_identifier": 2, + "source_ipv4_address": "239.255.255.250", + "source_ipv4_prefix_length": 32, + "source_transport_port": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 0, + "community_id": "1:/AXSKRoRIJEcn9AsawscEIuzsn0=", + "direction": "outbound", + "iana_number": 2, + "packets": 0, + "transport": "unknown (2)" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 0, + "ip": "239.255.255.250", + "locality": "public", + "packets": 0, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2016-12-23T01:35:31Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "239.255.255.250", + "locality": "public", + "port": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2016-12-23T01:35:31Z", + "duration": 0, + "end": "2016-12-23T01:34:51.569Z", + "kind": "event", + "start": "2016-12-23T01:34:51.569Z" + }, + "flow": { + "id": "1aysHUs7BpA", + "locality": "public" + }, + "netflow": { + "destination_ipv4_address": "239.255.255.250", + "destination_ipv4_prefix_length": 32, + "destination_transport_port": 0, + "egress_interface": 3, + "engine_id": 1, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2016-12-23T01:35:31Z", + "uptime_millis": 4175241, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 4135810, + "flow_start_sys_up_time": 4135810, + "ingress_interface": 2, + "octet_delta_count": 0, + "packet_delta_count": 0, + "post_octet_delta_count": 32, + "post_packet_delta_count": 1, + "protocol_identifier": 2, + "source_ipv4_address": "192.168.1.33", + "source_ipv4_prefix_length": 32, + "source_transport_port": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 0, + "community_id": "1:/AXSKRoRIJEcn9AsawscEIuzsn0=", + "direction": "outbound", + "iana_number": 2, + "packets": 0, + "transport": "unknown (2)" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 0, + "ip": "192.168.1.33", + "locality": "private", + "packets": 0, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow-9-valid-01.golden.json b/filebeat/input/netflow/testdata/golden/Netflow-9-valid-01.golden.json new file mode 100644 index 00000000000..bcea73e1dfa --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow-9-valid-01.golden.json @@ -0,0 +1,477 @@ +{ + "test_name": "Netflow 9 valid 01", + "events": [ + { + "Timestamp": "2015-10-08T19:04:30Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.248", + "locality": "private", + "port": 123 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-08T19:04:30Z", + "duration": 1000000, + "end": "2015-10-08T19:03:46.141Z", + "kind": "event", + "start": "2015-10-08T19:03:46.14Z" + }, + "flow": { + "id": "1E-M5OJg_go", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.248", + "destination_transport_port": 123, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-08T19:04:30Z", + "uptime_millis": 45076, + "version": 9 + }, + "flow_end_sys_up_time": 1217, + "flow_start_sys_up_time": 1216, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 76, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "172.16.32.100", + "source_transport_port": 123, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 76, + "community_id": "1:QKTFMKhaT7j1xLTKOURCTVzbKk8=", + "direction": "unknown", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 76, + "ip": "172.16.32.100", + "locality": "private", + "packets": 1, + "port": 123 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-08T19:04:30Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.100", + "locality": "private", + "port": 123 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-08T19:04:30Z", + "duration": 1000000, + "end": "2015-10-08T19:03:46.141Z", + "kind": "event", + "start": "2015-10-08T19:03:46.14Z" + }, + "flow": { + "id": "yMxFd8CW_Ok", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.100", + "destination_transport_port": 123, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-08T19:04:30Z", + "uptime_millis": 45076, + "version": 9 + }, + "flow_end_sys_up_time": 1217, + "flow_start_sys_up_time": 1216, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 76, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "172.16.32.248", + "source_transport_port": 123, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 76, + "community_id": "1:QKTFMKhaT7j1xLTKOURCTVzbKk8=", + "direction": "unknown", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 76, + "ip": "172.16.32.248", + "locality": "private", + "packets": 1, + "port": 123 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-08T19:04:30Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.201", + "locality": "private", + "port": 123 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-08T19:04:30Z", + "duration": 1000000, + "end": "2015-10-08T19:03:51.814Z", + "kind": "event", + "start": "2015-10-08T19:03:51.813Z" + }, + "flow": { + "id": "NF1W3jyrHAA", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.201", + "destination_transport_port": 123, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-08T19:04:30Z", + "uptime_millis": 45076, + "version": 9 + }, + "flow_end_sys_up_time": 6890, + "flow_start_sys_up_time": 6889, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 76, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "172.16.32.100", + "source_transport_port": 123, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 76, + "community_id": "1:8JJSV5jQe+UfRnLVV/iA7sy8Nz0=", + "direction": "unknown", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 76, + "ip": "172.16.32.100", + "locality": "private", + "packets": 1, + "port": 123 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-08T19:04:30Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.100", + "locality": "private", + "port": 123 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-08T19:04:30Z", + "duration": 1000000, + "end": "2015-10-08T19:03:51.814Z", + "kind": "event", + "start": "2015-10-08T19:03:51.813Z" + }, + "flow": { + "id": "Tw1iOKJ-dfE", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.100", + "destination_transport_port": 123, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-08T19:04:30Z", + "uptime_millis": 45076, + "version": 9 + }, + "flow_end_sys_up_time": 6890, + "flow_start_sys_up_time": 6889, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 76, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "172.16.32.201", + "source_transport_port": 123, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 76, + "community_id": "1:8JJSV5jQe+UfRnLVV/iA7sy8Nz0=", + "direction": "unknown", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 76, + "ip": "172.16.32.201", + "locality": "private", + "packets": 1, + "port": 123 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-08T19:04:30Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.202", + "locality": "private", + "port": 123 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-08T19:04:30Z", + "duration": 0, + "end": "2015-10-08T19:03:55.958Z", + "kind": "event", + "start": "2015-10-08T19:03:55.958Z" + }, + "flow": { + "id": "sNF38-obC7k", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.202", + "destination_transport_port": 123, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-08T19:04:30Z", + "uptime_millis": 45076, + "version": 9 + }, + "flow_end_sys_up_time": 11034, + "flow_start_sys_up_time": 11034, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 76, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "172.16.32.100", + "source_transport_port": 123, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 76, + "community_id": "1:SYyoe1e5BMoo9l35SqJ7wRextZg=", + "direction": "unknown", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 76, + "ip": "172.16.32.100", + "locality": "private", + "packets": 1, + "port": 123 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-08T19:04:30Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "172.16.32.100", + "locality": "private", + "port": 123 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-08T19:04:30Z", + "duration": 0, + "end": "2015-10-08T19:03:55.958Z", + "kind": "event", + "start": "2015-10-08T19:03:55.958Z" + }, + "flow": { + "id": "458D6voFu3E", + "locality": "private" + }, + "netflow": { + "destination_ipv4_address": "172.16.32.100", + "destination_transport_port": 123, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-08T19:04:30Z", + "uptime_millis": 45076, + "version": 9 + }, + "flow_end_sys_up_time": 11034, + "flow_start_sys_up_time": 11034, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "octet_delta_count": 76, + "packet_delta_count": 1, + "protocol_identifier": 17, + "source_ipv4_address": "172.16.32.202", + "source_transport_port": 123, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 76, + "community_id": "1:SYyoe1e5BMoo9l35SqJ7wRextZg=", + "direction": "unknown", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 76, + "ip": "172.16.32.202", + "locality": "private", + "packets": 1, + "port": 123 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2015-10-08T19:04:30Z", + "Meta": null, + "Fields": { + "destination": { + "port": 34304 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2015-10-08T19:04:30Z", + "duration": 38081000000, + "end": "2015-10-08T19:04:25.9Z", + "kind": "event", + "start": "2015-10-08T19:03:47.819Z" + }, + "flow": { + "id": "tYpw8DU5u10", + "locality": "private" + }, + "netflow": { + "destination_ipv6_address": "ff02::1", + "destination_transport_port": 34304, + "egress_interface": 0, + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 0, + "timestamp": "2015-10-08T19:04:30Z", + "uptime_millis": 45076, + "version": 9 + }, + "flow_end_sys_up_time": 40976, + "flow_start_sys_up_time": 2895, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 6, + "octet_delta_count": 672, + "packet_delta_count": 7, + "protocol_identifier": 58, + "source_ipv6_address": "fe80::20c:29ff:fe83:3b6e", + "source_transport_port": 0, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 672, + "community_id": "1:vK+Zeop1Y3GHxfFGVF2/COcNBWw=", + "direction": "unknown", + "iana_number": 58, + "packets": 7, + "transport": "ipv6-icmp" + }, + "observer": { + "ip": "192.0.2.1" + }, + "source": { + "bytes": 672, + "packets": 7, + "port": 0 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/Netflow9-Juniper-SRX-options-template-with-0-scope-field-length.golden.json b/filebeat/input/netflow/testdata/golden/Netflow9-Juniper-SRX-options-template-with-0-scope-field-length.golden.json new file mode 100644 index 00000000000..23563687e00 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/Netflow9-Juniper-SRX-options-template-with-0-scope-field-length.golden.json @@ -0,0 +1,37 @@ +{ + "test_name": "Netflow9 Juniper SRX options template with 0 scope field length", + "events": [ + { + "Timestamp": "2016-11-29T00:21:56Z", + "Meta": null, + "Fields": { + "event": { + "action": "netflow_options", + "category": "network_traffic", + "created": "2016-11-29T00:21:56Z", + "kind": "event" + }, + "netflow": { + "exporter": { + "address": "192.0.2.1:4444", + "source_id": 142, + "timestamp": "2016-11-29T00:21:56Z", + "uptime_millis": 3566690934, + "version": 9 + }, + "options": { + "sampling_algorithm": 2, + "sampling_interval": 1 + }, + "scope": {}, + "type": "netflow_options" + }, + "observer": { + "ip": "192.0.2.1" + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/ipfix_cisco.pcap.golden.json b/filebeat/input/netflow/testdata/golden/ipfix_cisco.pcap.golden.json new file mode 100644 index 00000000000..2ff196e7950 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/ipfix_cisco.pcap.golden.json @@ -0,0 +1,2470 @@ +{ + "test_name": "ipfix_cisco", + "events": [ + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 719, + "packets": 5 + }, + "destination": { + "bytes": 0, + "packets": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "AwAAUA==", + "art_client_network_time_sum": 0, + "art_count_late_responses": 0, + "art_count_responses": 0, + "art_count_retransmissions": 0, + "art_count_transactions": 0, + "art_network_time_sum": 0, + "art_response_time_sum": 0, + "art_server_network_time_sum": 0, + "art_server_response_time_maximum": 0, + "art_server_response_time_sum": 0, + "art_total_response_time_sum": 0, + "art_total_transaction_time_sum": 0, + "biflow_direction": 1, + "connection_sum_duration_seconds": 0, + "egress_interface": 13, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564184158, + "flow_start_sys_up_time": 564184140, + "ingress_interface": 10, + "ingress_vrfid": 0, + "initiator_octets": 719, + "initiator_packets": 5, + "ip_diff_serv_code_point": 0, + "ip_ttl": 49, + "new_connection_delta_count": 1, + "protocol_identifier": 6, + "responder_octets": 0, + "responder_packets": 0, + "type": "netflow_flow", + "vlan_id": 0, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 719, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 5, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 0, + "packets": 0 + }, + "source": { + "bytes": 719, + "packets": 5 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 1477, + "packets": 6 + }, + "destination": { + "bytes": 0, + "packets": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "AwAAUA==", + "art_client_network_time_sum": 0, + "art_count_late_responses": 0, + "art_count_responses": 0, + "art_count_retransmissions": 0, + "art_count_transactions": 0, + "art_network_time_sum": 0, + "art_response_time_sum": 0, + "art_server_network_time_sum": 0, + "art_server_response_time_maximum": 0, + "art_server_response_time_sum": 0, + "art_total_response_time_sum": 0, + "art_total_transaction_time_sum": 0, + "biflow_direction": 1, + "connection_sum_duration_seconds": 0, + "egress_interface": 13, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564184154, + "flow_start_sys_up_time": 564184140, + "ingress_interface": 10, + "ingress_vrfid": 0, + "initiator_octets": 1477, + "initiator_packets": 6, + "ip_diff_serv_code_point": 0, + "ip_ttl": 49, + "new_connection_delta_count": 1, + "protocol_identifier": 6, + "responder_octets": 0, + "responder_packets": 0, + "type": "netflow_flow", + "vlan_id": 0, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 1477, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 6, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 0, + "packets": 0 + }, + "source": { + "bytes": 1477, + "packets": 6 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 1, + "packets": 1 + }, + "destination": { + "bytes": 0, + "packets": 1 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "DQACCA==", + "art_client_network_time_sum": 0, + "art_count_late_responses": 0, + "art_count_responses": 0, + "art_count_retransmissions": 1, + "art_count_transactions": 0, + "art_network_time_sum": 0, + "art_response_time_sum": 0, + "art_server_network_time_sum": 0, + "art_server_response_time_maximum": 0, + "art_server_response_time_sum": 0, + "art_total_response_time_sum": 0, + "art_total_transaction_time_sum": 0, + "biflow_direction": 1, + "connection_sum_duration_seconds": 89, + "egress_interface": 10, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564184144, + "flow_start_sys_up_time": 564184142, + "ingress_interface": 13, + "ingress_vrfid": 0, + "initiator_octets": 1, + "initiator_packets": 1, + "ip_diff_serv_code_point": 0, + "ip_ttl": 125, + "new_connection_delta_count": 0, + "protocol_identifier": 6, + "responder_octets": 0, + "responder_packets": 1, + "type": "netflow_flow", + "vlan_id": 290, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 1, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 2, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 0, + "packets": 1 + }, + "source": { + "bytes": 1, + "packets": 1 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 108580, + "packets": 79 + }, + "destination": { + "bytes": 0, + "packets": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "AwAAUA==", + "art_client_network_time_sum": 0, + "art_count_late_responses": 0, + "art_count_responses": 0, + "art_count_retransmissions": 2, + "art_count_transactions": 0, + "art_network_time_sum": 0, + "art_response_time_sum": 0, + "art_server_network_time_sum": 0, + "art_server_response_time_maximum": 0, + "art_server_response_time_sum": 0, + "art_total_response_time_sum": 0, + "art_total_transaction_time_sum": 0, + "biflow_direction": 1, + "connection_sum_duration_seconds": 0, + "egress_interface": 13, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564184216, + "flow_start_sys_up_time": 564184131, + "ingress_interface": 10, + "ingress_vrfid": 0, + "initiator_octets": 108580, + "initiator_packets": 79, + "ip_diff_serv_code_point": 0, + "ip_ttl": 49, + "new_connection_delta_count": 1, + "protocol_identifier": 6, + "responder_octets": 0, + "responder_packets": 0, + "type": "netflow_flow", + "vlan_id": 0, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 108580, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 79, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 0, + "packets": 0 + }, + "source": { + "bytes": 108580, + "packets": 79 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 342, + "packets": 5 + }, + "destination": { + "bytes": 0, + "packets": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "AwAAUA==", + "art_client_network_time_sum": 0, + "art_count_late_responses": 0, + "art_count_responses": 0, + "art_count_retransmissions": 0, + "art_count_transactions": 0, + "art_network_time_sum": 0, + "art_response_time_sum": 0, + "art_server_network_time_sum": 0, + "art_server_response_time_maximum": 0, + "art_server_response_time_sum": 0, + "art_total_response_time_sum": 0, + "art_total_transaction_time_sum": 0, + "biflow_direction": 1, + "connection_sum_duration_seconds": 0, + "egress_interface": 13, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564184208, + "flow_start_sys_up_time": 564184176, + "ingress_interface": 10, + "ingress_vrfid": 0, + "initiator_octets": 342, + "initiator_packets": 5, + "ip_diff_serv_code_point": 0, + "ip_ttl": 49, + "new_connection_delta_count": 1, + "protocol_identifier": 6, + "responder_octets": 0, + "responder_packets": 0, + "type": "netflow_flow", + "vlan_id": 0, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 342, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 5, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 0, + "packets": 0 + }, + "source": { + "bytes": 342, + "packets": 5 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 1851, + "packets": 17 + }, + "destination": { + "bytes": 9437, + "packets": 18 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "DQABxQ==", + "art_client_network_time_sum": 2, + "art_count_late_responses": 0, + "art_count_responses": 3, + "art_count_retransmissions": 0, + "art_count_transactions": 2, + "art_network_time_sum": 97, + "art_response_time_sum": 153, + "art_server_network_time_sum": 95, + "art_server_response_time_maximum": 8, + "art_server_response_time_sum": 13, + "art_total_response_time_sum": 156, + "art_total_transaction_time_sum": 100, + "biflow_direction": 1, + "connection_sum_duration_seconds": 24, + "egress_interface": 10, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564197394, + "flow_start_sys_up_time": 564184067, + "ingress_interface": 13, + "ingress_vrfid": 0, + "initiator_octets": 1851, + "initiator_packets": 17, + "ip_diff_serv_code_point": 0, + "ip_ttl": 125, + "new_connection_delta_count": 2, + "protocol_identifier": 6, + "responder_octets": 9437, + "responder_packets": 18, + "type": "netflow_flow", + "vlan_id": 290, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 11288, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 35, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 9437, + "packets": 18 + }, + "source": { + "bytes": 1851, + "packets": 17 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 51480, + "packets": 39 + }, + "destination": { + "bytes": 0, + "packets": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "AwAAUA==", + "art_client_network_time_sum": 0, + "art_count_late_responses": 0, + "art_count_responses": 0, + "art_count_retransmissions": 0, + "art_count_transactions": 0, + "art_network_time_sum": 0, + "art_response_time_sum": 0, + "art_server_network_time_sum": 0, + "art_server_response_time_maximum": 0, + "art_server_response_time_sum": 0, + "art_total_response_time_sum": 0, + "art_total_transaction_time_sum": 0, + "biflow_direction": 1, + "connection_sum_duration_seconds": 0, + "egress_interface": 13, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564184216, + "flow_start_sys_up_time": 564184182, + "ingress_interface": 10, + "ingress_vrfid": 0, + "initiator_octets": 51480, + "initiator_packets": 39, + "ip_diff_serv_code_point": 0, + "ip_ttl": 49, + "new_connection_delta_count": 1, + "protocol_identifier": 6, + "responder_octets": 0, + "responder_packets": 0, + "type": "netflow_flow", + "vlan_id": 0, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 51480, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 39, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 0, + "packets": 0 + }, + "source": { + "bytes": 51480, + "packets": 39 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 5135, + "packets": 55 + }, + "destination": { + "bytes": 36894, + "packets": 47 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "DQABxQ==", + "art_client_network_time_sum": 10, + "art_count_late_responses": 0, + "art_count_responses": 15, + "art_count_retransmissions": 0, + "art_count_transactions": 14, + "art_network_time_sum": 374, + "art_response_time_sum": 516, + "art_server_network_time_sum": 364, + "art_server_response_time_maximum": 27, + "art_server_response_time_sum": 117, + "art_total_response_time_sum": 541, + "art_total_transaction_time_sum": 512, + "biflow_direction": 1, + "connection_sum_duration_seconds": 35, + "egress_interface": 10, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564203810, + "flow_start_sys_up_time": 564184040, + "ingress_interface": 13, + "ingress_vrfid": 0, + "initiator_octets": 5135, + "initiator_packets": 55, + "ip_diff_serv_code_point": 0, + "ip_ttl": 126, + "new_connection_delta_count": 6, + "protocol_identifier": 6, + "responder_octets": 36894, + "responder_packets": 47, + "type": "netflow_flow", + "vlan_id": 290, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 42029, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 102, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 36894, + "packets": 47 + }, + "source": { + "bytes": 5135, + "packets": 55 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 6533, + "packets": 14 + }, + "destination": { + "bytes": 6400, + "packets": 20 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "DQACYw==", + "art_client_network_time_sum": 5, + "art_count_late_responses": 0, + "art_count_responses": 6, + "art_count_retransmissions": 1, + "art_count_transactions": 6, + "art_network_time_sum": 23, + "art_response_time_sum": 123, + "art_server_network_time_sum": 18, + "art_server_response_time_maximum": 31, + "art_server_response_time_sum": 78, + "art_total_response_time_sum": 138, + "art_total_transaction_time_sum": 123, + "biflow_direction": 2, + "connection_sum_duration_seconds": 64, + "egress_interface": 13, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564200378, + "flow_start_sys_up_time": 564184163, + "ingress_interface": 10, + "ingress_vrfid": 0, + "initiator_octets": 6400, + "initiator_packets": 20, + "ip_diff_serv_code_point": 0, + "ip_ttl": 61, + "new_connection_delta_count": 2, + "protocol_identifier": 6, + "responder_octets": 6533, + "responder_packets": 14, + "type": "netflow_flow", + "vlan_id": 0, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 12933, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 34, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 6400, + "packets": 20 + }, + "source": { + "bytes": 6533, + "packets": 14 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 5684, + "packets": 491 + }, + "destination": { + "bytes": 0, + "packets": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "DQAAMQ==", + "art_client_network_time_sum": 0, + "art_count_late_responses": 0, + "art_count_responses": 0, + "art_count_retransmissions": 0, + "art_count_transactions": 0, + "art_network_time_sum": 0, + "art_response_time_sum": 0, + "art_server_network_time_sum": 0, + "art_server_response_time_maximum": 0, + "art_server_response_time_sum": 0, + "art_total_response_time_sum": 0, + "art_total_transaction_time_sum": 0, + "biflow_direction": 1, + "connection_sum_duration_seconds": 109, + "egress_interface": 10, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564185840, + "flow_start_sys_up_time": 564184196, + "ingress_interface": 13, + "ingress_vrfid": 0, + "initiator_octets": 5684, + "initiator_packets": 491, + "ip_diff_serv_code_point": 0, + "ip_ttl": 125, + "new_connection_delta_count": 0, + "protocol_identifier": 6, + "responder_octets": 0, + "responder_packets": 0, + "type": "netflow_flow", + "vlan_id": 290, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 5684, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 491, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 0, + "packets": 0 + }, + "source": { + "bytes": 5684, + "packets": 491 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 4965, + "packets": 13 + }, + "destination": { + "bytes": 0, + "packets": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "DQABxQ==", + "art_client_network_time_sum": 0, + "art_count_late_responses": 0, + "art_count_responses": 0, + "art_count_retransmissions": 0, + "art_count_transactions": 0, + "art_network_time_sum": 0, + "art_response_time_sum": 0, + "art_server_network_time_sum": 0, + "art_server_response_time_maximum": 0, + "art_server_response_time_sum": 0, + "art_total_response_time_sum": 0, + "art_total_transaction_time_sum": 0, + "biflow_direction": 1, + "connection_sum_duration_seconds": 0, + "egress_interface": 10, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564184254, + "flow_start_sys_up_time": 564184154, + "ingress_interface": 13, + "ingress_vrfid": 0, + "initiator_octets": 4965, + "initiator_packets": 13, + "ip_diff_serv_code_point": 0, + "ip_ttl": 125, + "new_connection_delta_count": 1, + "protocol_identifier": 6, + "responder_octets": 0, + "responder_packets": 0, + "type": "netflow_flow", + "vlan_id": 290, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 4965, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 13, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 0, + "packets": 0 + }, + "source": { + "bytes": 4965, + "packets": 13 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 138, + "packets": 4 + }, + "destination": { + "bytes": 0, + "packets": 2 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "DQACYw==", + "art_client_network_time_sum": 0, + "art_count_late_responses": 0, + "art_count_responses": 0, + "art_count_retransmissions": 0, + "art_count_transactions": 2, + "art_network_time_sum": 0, + "art_response_time_sum": 0, + "art_server_network_time_sum": 0, + "art_server_response_time_maximum": 0, + "art_server_response_time_sum": 0, + "art_total_response_time_sum": 0, + "art_total_transaction_time_sum": 119878, + "biflow_direction": 2, + "connection_sum_duration_seconds": 239, + "egress_interface": 13, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564184362, + "flow_start_sys_up_time": 564184214, + "ingress_interface": 10, + "ingress_vrfid": 0, + "initiator_octets": 0, + "initiator_packets": 2, + "ip_diff_serv_code_point": 0, + "ip_ttl": 61, + "new_connection_delta_count": 0, + "protocol_identifier": 6, + "responder_octets": 138, + "responder_packets": 4, + "type": "netflow_flow", + "vlan_id": 0, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 138, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 6, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 0, + "packets": 2 + }, + "source": { + "bytes": 138, + "packets": 4 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 1, + "packets": 1 + }, + "destination": { + "bytes": 0, + "packets": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "DQACCA==", + "art_client_network_time_sum": 0, + "art_count_late_responses": 0, + "art_count_responses": 0, + "art_count_retransmissions": 1, + "art_count_transactions": 0, + "art_network_time_sum": 0, + "art_response_time_sum": 0, + "art_server_network_time_sum": 0, + "art_server_response_time_maximum": 0, + "art_server_response_time_sum": 0, + "art_total_response_time_sum": 0, + "art_total_transaction_time_sum": 0, + "biflow_direction": 1, + "connection_sum_duration_seconds": 44, + "egress_interface": 10, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564184220, + "flow_start_sys_up_time": 564184220, + "ingress_interface": 13, + "ingress_vrfid": 0, + "initiator_octets": 1, + "initiator_packets": 1, + "ip_diff_serv_code_point": 0, + "ip_ttl": 125, + "new_connection_delta_count": 0, + "protocol_identifier": 6, + "responder_octets": 0, + "responder_packets": 0, + "type": "netflow_flow", + "vlan_id": 290, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 1, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 0, + "packets": 0 + }, + "source": { + "bytes": 1, + "packets": 1 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 6079, + "packets": 10 + }, + "destination": { + "bytes": 1571, + "packets": 13 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "DQABxQ==", + "art_client_network_time_sum": 3, + "art_count_late_responses": 0, + "art_count_responses": 3, + "art_count_retransmissions": 0, + "art_count_transactions": 2, + "art_network_time_sum": 149, + "art_response_time_sum": 444, + "art_server_network_time_sum": 146, + "art_server_response_time_maximum": 3, + "art_server_response_time_sum": 6, + "art_total_response_time_sum": 453, + "art_total_transaction_time_sum": 296, + "biflow_direction": 2, + "connection_sum_duration_seconds": 62, + "egress_interface": 13, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564215068, + "flow_start_sys_up_time": 564184067, + "ingress_interface": 10, + "ingress_vrfid": 0, + "initiator_octets": 1571, + "initiator_packets": 13, + "ip_diff_serv_code_point": 0, + "ip_ttl": 220, + "new_connection_delta_count": 1, + "protocol_identifier": 6, + "responder_octets": 6079, + "responder_packets": 10, + "type": "netflow_flow", + "vlan_id": 0, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 7650, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 23, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 1571, + "packets": 13 + }, + "source": { + "bytes": 6079, + "packets": 10 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 2807, + "packets": 6 + }, + "destination": { + "bytes": 0, + "packets": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "DQABxQ==", + "art_client_network_time_sum": 0, + "art_count_late_responses": 0, + "art_count_responses": 0, + "art_count_retransmissions": 0, + "art_count_transactions": 0, + "art_network_time_sum": 0, + "art_response_time_sum": 0, + "art_server_network_time_sum": 0, + "art_server_response_time_maximum": 0, + "art_server_response_time_sum": 0, + "art_total_response_time_sum": 0, + "art_total_transaction_time_sum": 0, + "biflow_direction": 1, + "connection_sum_duration_seconds": 0, + "egress_interface": 13, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564184252, + "flow_start_sys_up_time": 564183878, + "ingress_interface": 10, + "ingress_vrfid": 0, + "initiator_octets": 2807, + "initiator_packets": 6, + "ip_diff_serv_code_point": 0, + "ip_ttl": 61, + "new_connection_delta_count": 1, + "protocol_identifier": 6, + "responder_octets": 0, + "responder_packets": 0, + "type": "netflow_flow", + "vlan_id": 0, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 2807, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 6, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 0, + "packets": 0 + }, + "source": { + "bytes": 2807, + "packets": 6 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 0, + "packets": 1 + }, + "destination": { + "bytes": 0, + "packets": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "DQAAAQ==", + "art_client_network_time_sum": 0, + "art_count_late_responses": 0, + "art_count_responses": 0, + "art_count_retransmissions": 0, + "art_count_transactions": 0, + "art_network_time_sum": 0, + "art_response_time_sum": 0, + "art_server_network_time_sum": 0, + "art_server_response_time_maximum": 0, + "art_server_response_time_sum": 0, + "art_total_response_time_sum": 0, + "art_total_transaction_time_sum": 0, + "biflow_direction": 1, + "connection_sum_duration_seconds": 59, + "egress_interface": 4, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564184248, + "flow_start_sys_up_time": 564184248, + "ingress_interface": 1, + "ingress_vrfid": 0, + "initiator_octets": 0, + "initiator_packets": 1, + "ip_diff_serv_code_point": 0, + "ip_ttl": 124, + "new_connection_delta_count": 0, + "protocol_identifier": 6, + "responder_octets": 0, + "responder_packets": 0, + "type": "netflow_flow", + "vlan_id": 0, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 0, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 1, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 0, + "packets": 0 + }, + "source": { + "bytes": 0, + "packets": 1 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 1877, + "packets": 11 + }, + "destination": { + "bytes": 3409, + "packets": 7 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "DQABxQ==", + "art_client_network_time_sum": 2, + "art_count_late_responses": 0, + "art_count_responses": 4, + "art_count_retransmissions": 0, + "art_count_transactions": 4, + "art_network_time_sum": 6, + "art_response_time_sum": 23, + "art_server_network_time_sum": 4, + "art_server_response_time_maximum": 3, + "art_server_response_time_sum": 7, + "art_total_response_time_sum": 31, + "art_total_transaction_time_sum": 23, + "biflow_direction": 1, + "connection_sum_duration_seconds": 32, + "egress_interface": 10, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564200378, + "flow_start_sys_up_time": 564184251, + "ingress_interface": 13, + "ingress_vrfid": 0, + "initiator_octets": 1877, + "initiator_packets": 11, + "ip_diff_serv_code_point": 0, + "ip_ttl": 125, + "new_connection_delta_count": 1, + "protocol_identifier": 6, + "responder_octets": 3409, + "responder_packets": 7, + "type": "netflow_flow", + "vlan_id": 290, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 5286, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 18, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 3409, + "packets": 7 + }, + "source": { + "bytes": 1877, + "packets": 11 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 2255, + "packets": 7 + }, + "destination": { + "bytes": 0, + "packets": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "DQABxQ==", + "art_client_network_time_sum": 0, + "art_count_late_responses": 0, + "art_count_responses": 0, + "art_count_retransmissions": 0, + "art_count_transactions": 0, + "art_network_time_sum": 0, + "art_response_time_sum": 0, + "art_server_network_time_sum": 0, + "art_server_response_time_maximum": 0, + "art_server_response_time_sum": 0, + "art_total_response_time_sum": 0, + "art_total_transaction_time_sum": 0, + "biflow_direction": 1, + "connection_sum_duration_seconds": 0, + "egress_interface": 13, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564184286, + "flow_start_sys_up_time": 564184040, + "ingress_interface": 10, + "ingress_vrfid": 0, + "initiator_octets": 2255, + "initiator_packets": 7, + "ip_diff_serv_code_point": 0, + "ip_ttl": 61, + "new_connection_delta_count": 1, + "protocol_identifier": 6, + "responder_octets": 0, + "responder_packets": 0, + "type": "netflow_flow", + "vlan_id": 0, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 2255, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 7, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 0, + "packets": 0 + }, + "source": { + "bytes": 2255, + "packets": 7 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 538, + "packets": 5 + }, + "destination": { + "bytes": 0, + "packets": 0 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "AwAAUA==", + "art_client_network_time_sum": 0, + "art_count_late_responses": 0, + "art_count_responses": 0, + "art_count_retransmissions": 0, + "art_count_transactions": 0, + "art_network_time_sum": 0, + "art_response_time_sum": 0, + "art_server_network_time_sum": 0, + "art_server_response_time_maximum": 0, + "art_server_response_time_sum": 0, + "art_total_response_time_sum": 0, + "art_total_transaction_time_sum": 0, + "biflow_direction": 1, + "connection_sum_duration_seconds": 0, + "egress_interface": 13, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564184314, + "flow_start_sys_up_time": 564184284, + "ingress_interface": 10, + "ingress_vrfid": 0, + "initiator_octets": 538, + "initiator_packets": 5, + "ip_diff_serv_code_point": 0, + "ip_ttl": 49, + "new_connection_delta_count": 1, + "protocol_identifier": 6, + "responder_octets": 0, + "responder_packets": 0, + "type": "netflow_flow", + "vlan_id": 0, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 538, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 5, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 0, + "packets": 0 + }, + "source": { + "bytes": 538, + "packets": 5 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 1487, + "packets": 21 + }, + "destination": { + "bytes": 6305, + "packets": 15 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "DQACZg==", + "art_client_network_time_sum": 2, + "art_count_late_responses": 0, + "art_count_responses": 5, + "art_count_retransmissions": 0, + "art_count_transactions": 5, + "art_network_time_sum": 9, + "art_response_time_sum": 72, + "art_server_network_time_sum": 7, + "art_server_response_time_maximum": 25, + "art_server_response_time_sum": 55, + "art_total_response_time_sum": 77, + "art_total_transaction_time_sum": 59870, + "biflow_direction": 1, + "connection_sum_duration_seconds": 181, + "egress_interface": 10, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564214304, + "flow_start_sys_up_time": 564184296, + "ingress_interface": 13, + "ingress_vrfid": 0, + "initiator_octets": 1487, + "initiator_packets": 21, + "ip_diff_serv_code_point": 0, + "ip_ttl": 125, + "new_connection_delta_count": 2, + "protocol_identifier": 6, + "responder_octets": 6305, + "responder_packets": 15, + "type": "netflow_flow", + "vlan_id": 290, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 7792, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 36, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 6305, + "packets": 15 + }, + "source": { + "bytes": 1487, + "packets": 21 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 3110, + "packets": 7 + }, + "destination": { + "bytes": 1973, + "packets": 10 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "DQACYw==", + "art_client_network_time_sum": 2, + "art_count_late_responses": 0, + "art_count_responses": 3, + "art_count_retransmissions": 0, + "art_count_transactions": 3, + "art_network_time_sum": 12, + "art_response_time_sum": 39, + "art_server_network_time_sum": 10, + "art_server_response_time_maximum": 14, + "art_server_response_time_sum": 15, + "art_total_response_time_sum": 45, + "art_total_transaction_time_sum": 39, + "biflow_direction": 2, + "connection_sum_duration_seconds": 32, + "egress_interface": 13, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564200376, + "flow_start_sys_up_time": 564184268, + "ingress_interface": 10, + "ingress_vrfid": 0, + "initiator_octets": 1973, + "initiator_packets": 10, + "ip_diff_serv_code_point": 0, + "ip_ttl": 61, + "new_connection_delta_count": 1, + "protocol_identifier": 6, + "responder_octets": 3110, + "responder_packets": 7, + "type": "netflow_flow", + "vlan_id": 0, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 5083, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 17, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 1973, + "packets": 10 + }, + "source": { + "bytes": 3110, + "packets": 7 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 2, + "packets": 4 + }, + "destination": { + "bytes": 2, + "packets": 4 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "AwAFmQ==", + "art_client_network_time_sum": 0, + "art_count_late_responses": 0, + "art_count_responses": 0, + "art_count_retransmissions": 2, + "art_count_transactions": 0, + "art_network_time_sum": 0, + "art_response_time_sum": 0, + "art_server_network_time_sum": 0, + "art_server_response_time_maximum": 0, + "art_server_response_time_sum": 0, + "art_total_response_time_sum": 0, + "art_total_transaction_time_sum": 0, + "biflow_direction": 2, + "connection_sum_duration_seconds": 119, + "egress_interface": 13, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564214242, + "flow_start_sys_up_time": 564184300, + "ingress_interface": 10, + "ingress_vrfid": 0, + "initiator_octets": 2, + "initiator_packets": 4, + "ip_diff_serv_code_point": 0, + "ip_ttl": 124, + "new_connection_delta_count": 0, + "protocol_identifier": 6, + "responder_octets": 2, + "responder_packets": 4, + "type": "netflow_flow", + "vlan_id": 0, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 4, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 8, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 2, + "packets": 4 + }, + "source": { + "bytes": 2, + "packets": 4 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 2, + "packets": 2 + }, + "destination": { + "bytes": 0, + "packets": 2 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "AwAAUA==", + "art_client_network_time_sum": 0, + "art_count_late_responses": 0, + "art_count_responses": 0, + "art_count_retransmissions": 2, + "art_count_transactions": 0, + "art_network_time_sum": 0, + "art_response_time_sum": 0, + "art_server_network_time_sum": 0, + "art_server_response_time_maximum": 0, + "art_server_response_time_sum": 0, + "art_total_response_time_sum": 0, + "art_total_transaction_time_sum": 0, + "biflow_direction": 1, + "connection_sum_duration_seconds": 179, + "egress_interface": 10, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564184580, + "flow_start_sys_up_time": 564184306, + "ingress_interface": 13, + "ingress_vrfid": 0, + "initiator_octets": 2, + "initiator_packets": 2, + "ip_diff_serv_code_point": 0, + "ip_ttl": 125, + "new_connection_delta_count": 0, + "protocol_identifier": 6, + "responder_octets": 0, + "responder_packets": 2, + "type": "netflow_flow", + "vlan_id": 290, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 2, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 4, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 0, + "packets": 2 + }, + "source": { + "bytes": 2, + "packets": 2 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 0, + "packets": 4 + }, + "destination": { + "bytes": 0, + "packets": 2 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "DQABxQ==", + "art_client_network_time_sum": 0, + "art_count_late_responses": 0, + "art_count_responses": 0, + "art_count_retransmissions": 0, + "art_count_transactions": 2, + "art_network_time_sum": 0, + "art_response_time_sum": 0, + "art_server_network_time_sum": 0, + "art_server_response_time_maximum": 0, + "art_server_response_time_sum": 0, + "art_total_response_time_sum": 0, + "art_total_transaction_time_sum": 18, + "biflow_direction": 1, + "connection_sum_duration_seconds": 119, + "egress_interface": 10, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564184326, + "flow_start_sys_up_time": 564184326, + "ingress_interface": 13, + "ingress_vrfid": 0, + "initiator_octets": 0, + "initiator_packets": 4, + "ip_diff_serv_code_point": 0, + "ip_ttl": 125, + "new_connection_delta_count": 0, + "protocol_identifier": 6, + "responder_octets": 0, + "responder_packets": 2, + "type": "netflow_flow", + "vlan_id": 290, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 0, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 6, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 0, + "packets": 2 + }, + "source": { + "bytes": 0, + "packets": 4 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 1005, + "packets": 4 + }, + "destination": { + "bytes": 174, + "packets": 3 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "AwAFmQ==", + "art_client_network_time_sum": 0, + "art_count_late_responses": 0, + "art_count_responses": 1, + "art_count_retransmissions": 1, + "art_count_transactions": 1, + "art_network_time_sum": 0, + "art_response_time_sum": 5, + "art_server_network_time_sum": 0, + "art_server_response_time_maximum": 5, + "art_server_response_time_sum": 5, + "art_total_response_time_sum": 8, + "art_total_transaction_time_sum": 12, + "biflow_direction": 1, + "connection_sum_duration_seconds": 119, + "egress_interface": 10, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564214476, + "flow_start_sys_up_time": 564184326, + "ingress_interface": 13, + "ingress_vrfid": 0, + "initiator_octets": 1005, + "initiator_packets": 4, + "ip_diff_serv_code_point": 0, + "ip_ttl": 125, + "new_connection_delta_count": 0, + "protocol_identifier": 6, + "responder_octets": 174, + "responder_packets": 3, + "type": "netflow_flow", + "vlan_id": 290, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 1179, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 7, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 174, + "packets": 3 + }, + "source": { + "bytes": 1005, + "packets": 4 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 138, + "packets": 4 + }, + "destination": { + "bytes": 0, + "packets": 2 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "DQABxQ==", + "art_client_network_time_sum": 0, + "art_count_late_responses": 0, + "art_count_responses": 0, + "art_count_retransmissions": 0, + "art_count_transactions": 2, + "art_network_time_sum": 0, + "art_response_time_sum": 0, + "art_server_network_time_sum": 0, + "art_server_response_time_maximum": 0, + "art_server_response_time_sum": 0, + "art_total_response_time_sum": 0, + "art_total_transaction_time_sum": 119644, + "biflow_direction": 2, + "connection_sum_duration_seconds": 238, + "egress_interface": 13, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564184490, + "flow_start_sys_up_time": 564184336, + "ingress_interface": 10, + "ingress_vrfid": 0, + "initiator_octets": 0, + "initiator_packets": 2, + "ip_diff_serv_code_point": 0, + "ip_ttl": 61, + "new_connection_delta_count": 0, + "protocol_identifier": 6, + "responder_octets": 138, + "responder_packets": 4, + "type": "netflow_flow", + "vlan_id": 0, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 138, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 6, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 0, + "packets": 2 + }, + "source": { + "bytes": 138, + "packets": 4 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 31, + "packets": 2 + }, + "destination": { + "bytes": 0, + "packets": 1 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "DQABxQ==", + "art_client_network_time_sum": 0, + "art_count_late_responses": 0, + "art_count_responses": 0, + "art_count_retransmissions": 0, + "art_count_transactions": 1, + "art_network_time_sum": 0, + "art_response_time_sum": 0, + "art_server_network_time_sum": 0, + "art_server_response_time_maximum": 0, + "art_server_response_time_sum": 0, + "art_total_response_time_sum": 0, + "art_total_transaction_time_sum": 59790, + "biflow_direction": 2, + "connection_sum_duration_seconds": 119, + "egress_interface": 13, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564184350, + "flow_start_sys_up_time": 564184348, + "ingress_interface": 10, + "ingress_vrfid": 0, + "initiator_octets": 0, + "initiator_packets": 1, + "ip_diff_serv_code_point": 0, + "ip_ttl": 43, + "new_connection_delta_count": 0, + "protocol_identifier": 6, + "responder_octets": 31, + "responder_packets": 2, + "type": "netflow_flow", + "vlan_id": 0, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 31, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 3, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 0, + "packets": 1 + }, + "source": { + "bytes": 31, + "packets": 2 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 13482, + "packets": 17 + }, + "destination": { + "bytes": 8989, + "packets": 19 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "DQABxQ==", + "art_client_network_time_sum": 3, + "art_count_late_responses": 0, + "art_count_responses": 6, + "art_count_retransmissions": 0, + "art_count_transactions": 6, + "art_network_time_sum": 3, + "art_response_time_sum": 33, + "art_server_network_time_sum": 0, + "art_server_response_time_maximum": 28, + "art_server_response_time_sum": 33, + "art_total_response_time_sum": 51, + "art_total_transaction_time_sum": 43, + "biflow_direction": 2, + "connection_sum_duration_seconds": 0, + "egress_interface": 13, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564184586, + "flow_start_sys_up_time": 564184356, + "ingress_interface": 10, + "ingress_vrfid": 0, + "initiator_octets": 8989, + "initiator_packets": 19, + "ip_diff_serv_code_point": 0, + "ip_ttl": 124, + "new_connection_delta_count": 1, + "protocol_identifier": 6, + "responder_octets": 13482, + "responder_packets": 17, + "type": "netflow_flow", + "vlan_id": 0, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 22471, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 36, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 8989, + "packets": 19 + }, + "source": { + "bytes": 13482, + "packets": 17 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-07-03T10:47:00Z", + "Meta": null, + "Fields": { + "client": { + "bytes": 28373, + "packets": 133 + }, + "destination": { + "bytes": 233345, + "packets": 236 + }, + "event": { + "action": "netflow_flow", + "category": "network_session", + "created": "2018-07-03T10:47:00Z", + "kind": "event" + }, + "flow": { + "id": "Vhs9T5k296w", + "locality": "private" + }, + "netflow": { + "application_id": "DQACYw==", + "art_client_network_time_sum": 20, + "art_count_late_responses": 0, + "art_count_responses": 25, + "art_count_retransmissions": 4, + "art_count_transactions": 25, + "art_network_time_sum": 58, + "art_response_time_sum": 301, + "art_server_network_time_sum": 38, + "art_server_response_time_maximum": 31, + "art_server_response_time_sum": 168, + "art_total_response_time_sum": 363, + "art_total_transaction_time_sum": 332, + "biflow_direction": 2, + "connection_sum_duration_seconds": 116, + "egress_interface": 13, + "exporter": { + "address": "10.101.255.2:52788", + "source_id": 512, + "timestamp": "2018-07-03T10:47:00Z", + "uptime_millis": 0, + "version": 10 + }, + "flow_end_sys_up_time": 564215336, + "flow_start_sys_up_time": 564184380, + "ingress_interface": 10, + "ingress_vrfid": 0, + "initiator_octets": 233345, + "initiator_packets": 236, + "ip_diff_serv_code_point": 0, + "ip_ttl": 61, + "new_connection_delta_count": 8, + "protocol_identifier": 6, + "responder_octets": 28373, + "responder_packets": 133, + "type": "netflow_flow", + "vlan_id": 0, + "waasoptimization_segment": 16 + }, + "network": { + "bytes": 261718, + "community_id": "1:idwO/QHAjbcGlF1bfQE9dPuu7T0=", + "direction": "unknown", + "iana_number": 6, + "packets": 369, + "transport": "tcp" + }, + "observer": { + "ip": "10.101.255.2" + }, + "server": { + "bytes": 233345, + "packets": 236 + }, + "source": { + "bytes": 28373, + "packets": 133 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/netflow9_ubiquiti_edgerouter.pcap.golden.json b/filebeat/input/netflow/testdata/golden/netflow9_ubiquiti_edgerouter.pcap.golden.json new file mode 100644 index 00000000000..3bd1907cc87 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/netflow9_ubiquiti_edgerouter.pcap.golden.json @@ -0,0 +1,745 @@ +{ + "test_name": "netflow9_ubiquiti_edgerouter", + "events": [ + { + "Timestamp": "2018-08-09T16:49:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "159.65.125.168", + "locality": "public", + "port": 80 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-08-09T16:49:04Z", + "duration": 287000000, + "end": "2018-08-09T16:43:00.307Z", + "kind": "event", + "start": "2018-08-09T16:43:00.02Z" + }, + "flow": { + "id": "NPZRWU1oZKQ", + "locality": "public" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "159.65.125.168", + "destination_transport_port": 80, + "egress_interface": 2, + "exporter": { + "address": "10.100.4.1:33135", + "source_id": 0, + "timestamp": "2018-08-09T16:49:04Z", + "uptime_millis": 1887990, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 1524297, + "flow_start_sys_up_time": 1524010, + "ingress_interface": 3, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 2, + "octet_delta_count": 421, + "packet_delta_count": 6, + "post_destination_mac_address": "04:18:d6:f0:81:b5", + "post_source_mac_address": "00:11:bb:7f:20:42", + "post_vlan_id": 0, + "protocol_identifier": 6, + "source_ipv4_address": "10.100.5.2", + "source_transport_port": 43376, + "tcp_control_bits": 27, + "type": "netflow_flow" + }, + "network": { + "bytes": 421, + "community_id": "1:rmH7wArXzq7zo/3zq3UF3YXPRsQ=", + "direction": "outbound", + "iana_number": 6, + "packets": 6, + "transport": "tcp" + }, + "observer": { + "ip": "10.100.4.1" + }, + "source": { + "bytes": 421, + "ip": "10.100.5.2", + "locality": "private", + "packets": 6, + "port": 43376 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-08-09T16:49:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "13.32.251.125", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-08-09T16:49:04Z", + "duration": 30209000000, + "end": "2018-08-09T16:43:01.317Z", + "kind": "event", + "start": "2018-08-09T16:42:31.108Z" + }, + "flow": { + "id": "wMmxEUF-2Sk", + "locality": "public" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "13.32.251.125", + "destination_transport_port": 443, + "egress_interface": 2, + "exporter": { + "address": "10.100.4.1:33135", + "source_id": 0, + "timestamp": "2018-08-09T16:49:04Z", + "uptime_millis": 1887990, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 1525307, + "flow_start_sys_up_time": 1495098, + "ingress_interface": 3, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 2, + "octet_delta_count": 7621, + "packet_delta_count": 131, + "post_destination_mac_address": "04:18:d6:f0:81:b5", + "post_source_mac_address": "00:11:bb:7f:20:42", + "post_vlan_id": 0, + "protocol_identifier": 6, + "source_ipv4_address": "10.100.6.93", + "source_transport_port": 54520, + "tcp_control_bits": 27, + "type": "netflow_flow" + }, + "network": { + "bytes": 7621, + "community_id": "1:a6tg/r6jNtMgP63hJDERGLq5/vY=", + "direction": "outbound", + "iana_number": 6, + "packets": 131, + "transport": "tcp" + }, + "observer": { + "ip": "10.100.4.1" + }, + "source": { + "bytes": 7621, + "ip": "10.100.6.93", + "locality": "private", + "packets": 131, + "port": 54520 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-08-09T16:49:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.100.6.80", + "locality": "private", + "port": 62323 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-08-09T16:49:04Z", + "duration": 0, + "end": "2018-08-09T16:43:01.41Z", + "kind": "event", + "start": "2018-08-09T16:43:01.41Z" + }, + "flow": { + "id": "2NG48p7EGpw", + "locality": "private" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "10.100.6.80", + "destination_transport_port": 62323, + "egress_interface": 3, + "exporter": { + "address": "10.100.4.1:33135", + "source_id": 0, + "timestamp": "2018-08-09T16:49:04Z", + "uptime_millis": 1887990, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 1525400, + "flow_start_sys_up_time": 1525400, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 3, + "octet_delta_count": 95, + "packet_delta_count": 1, + "post_destination_mac_address": "00:00:00:00:00:00", + "post_source_mac_address": "00:00:00:00:00:00", + "post_vlan_id": 0, + "protocol_identifier": 17, + "source_ipv4_address": "10.100.4.1", + "source_transport_port": 53, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 95, + "community_id": "1:cqOWsgOuN87d75n1EozS3EVeQ3w=", + "direction": "outbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "10.100.4.1" + }, + "source": { + "bytes": 95, + "ip": "10.100.4.1", + "locality": "private", + "packets": 1, + "port": 53 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-08-09T16:49:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "13.32.251.8", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-08-09T16:49:04Z", + "duration": 59651000000, + "end": "2018-08-09T16:43:02.334Z", + "kind": "event", + "start": "2018-08-09T16:42:02.683Z" + }, + "flow": { + "id": "f0LYEiUntL0", + "locality": "public" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "13.32.251.8", + "destination_transport_port": 443, + "egress_interface": 2, + "exporter": { + "address": "10.100.4.1:33135", + "source_id": 0, + "timestamp": "2018-08-09T16:49:04Z", + "uptime_millis": 1887990, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 1526324, + "flow_start_sys_up_time": 1466673, + "ingress_interface": 3, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 2, + "octet_delta_count": 3162, + "packet_delta_count": 30, + "post_destination_mac_address": "04:18:d6:f0:81:b5", + "post_source_mac_address": "00:11:bb:7f:20:42", + "post_vlan_id": 0, + "protocol_identifier": 6, + "source_ipv4_address": "10.100.6.93", + "source_transport_port": 54497, + "tcp_control_bits": 27, + "type": "netflow_flow" + }, + "network": { + "bytes": 3162, + "community_id": "1:Sqv4MaFQrlxintsHkBwirPKlFkY=", + "direction": "outbound", + "iana_number": 6, + "packets": 30, + "transport": "tcp" + }, + "observer": { + "ip": "10.100.4.1" + }, + "source": { + "bytes": 3162, + "ip": "10.100.6.93", + "locality": "private", + "packets": 30, + "port": 54497 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-08-09T16:49:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "52.22.76.61", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-08-09T16:49:04Z", + "duration": 40015000000, + "end": "2018-08-09T16:43:02.876Z", + "kind": "event", + "start": "2018-08-09T16:42:22.861Z" + }, + "flow": { + "id": "9ATz0HlBbIQ", + "locality": "public" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "52.22.76.61", + "destination_transport_port": 443, + "egress_interface": 2, + "exporter": { + "address": "10.100.4.1:33135", + "source_id": 0, + "timestamp": "2018-08-09T16:49:04Z", + "uptime_millis": 1887990, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 1526866, + "flow_start_sys_up_time": 1486851, + "ingress_interface": 3, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 2, + "octet_delta_count": 2711, + "packet_delta_count": 13, + "post_destination_mac_address": "04:18:d6:f0:81:b5", + "post_source_mac_address": "00:11:bb:7f:20:42", + "post_vlan_id": 0, + "protocol_identifier": 6, + "source_ipv4_address": "10.100.6.80", + "source_transport_port": 50030, + "tcp_control_bits": 27, + "type": "netflow_flow" + }, + "network": { + "bytes": 2711, + "community_id": "1:mXa8bnzBDCffTQexE2vr+5JpBKI=", + "direction": "outbound", + "iana_number": 6, + "packets": 13, + "transport": "tcp" + }, + "observer": { + "ip": "10.100.4.1" + }, + "source": { + "bytes": 2711, + "ip": "10.100.6.80", + "locality": "private", + "packets": 13, + "port": 50030 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-08-09T16:49:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "13.32.251.125", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-08-09T16:49:04Z", + "duration": 37121000000, + "end": "2018-08-09T16:43:02.43Z", + "kind": "event", + "start": "2018-08-09T16:42:25.309Z" + }, + "flow": { + "id": "vueGG5QVS_M", + "locality": "public" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "13.32.251.125", + "destination_transport_port": 443, + "egress_interface": 2, + "exporter": { + "address": "10.100.4.1:33135", + "source_id": 0, + "timestamp": "2018-08-09T16:49:04Z", + "uptime_millis": 1887990, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 1526420, + "flow_start_sys_up_time": 1489299, + "ingress_interface": 3, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 2, + "octet_delta_count": 20855, + "packet_delta_count": 346, + "post_destination_mac_address": "04:18:d6:f0:81:b5", + "post_source_mac_address": "00:11:bb:7f:20:42", + "post_vlan_id": 0, + "protocol_identifier": 6, + "source_ipv4_address": "10.100.6.93", + "source_transport_port": 54517, + "tcp_control_bits": 27, + "type": "netflow_flow" + }, + "network": { + "bytes": 20855, + "community_id": "1:EpAMGHXZQeADLR0iB3Wnf8ODIno=", + "direction": "outbound", + "iana_number": 6, + "packets": 346, + "transport": "tcp" + }, + "observer": { + "ip": "10.100.4.1" + }, + "source": { + "bytes": 20855, + "ip": "10.100.6.93", + "locality": "private", + "packets": 346, + "port": 54517 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-08-09T16:49:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "13.32.251.125", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-08-09T16:49:04Z", + "duration": 31322000000, + "end": "2018-08-09T16:43:02.43Z", + "kind": "event", + "start": "2018-08-09T16:42:31.108Z" + }, + "flow": { + "id": "rJySLUBW94Y", + "locality": "public" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "13.32.251.125", + "destination_transport_port": 443, + "egress_interface": 2, + "exporter": { + "address": "10.100.4.1:33135", + "source_id": 0, + "timestamp": "2018-08-09T16:49:04Z", + "uptime_millis": 1887990, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 1526420, + "flow_start_sys_up_time": 1495098, + "ingress_interface": 3, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 2, + "octet_delta_count": 7495, + "packet_delta_count": 129, + "post_destination_mac_address": "04:18:d6:f0:81:b5", + "post_source_mac_address": "00:11:bb:7f:20:42", + "post_vlan_id": 0, + "protocol_identifier": 6, + "source_ipv4_address": "10.100.6.93", + "source_transport_port": 54518, + "tcp_control_bits": 27, + "type": "netflow_flow" + }, + "network": { + "bytes": 7495, + "community_id": "1:Y3q5x6CFuoZSG9T1/sWch2r+Z/M=", + "direction": "outbound", + "iana_number": 6, + "packets": 129, + "transport": "tcp" + }, + "observer": { + "ip": "10.100.4.1" + }, + "source": { + "bytes": 7495, + "ip": "10.100.6.93", + "locality": "private", + "packets": 129, + "port": 54518 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-08-09T16:49:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "13.32.251.125", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-08-09T16:49:04Z", + "duration": 31226000000, + "end": "2018-08-09T16:43:02.334Z", + "kind": "event", + "start": "2018-08-09T16:42:31.108Z" + }, + "flow": { + "id": "pWQ3ZWUMRfU", + "locality": "public" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "13.32.251.125", + "destination_transport_port": 443, + "egress_interface": 2, + "exporter": { + "address": "10.100.4.1:33135", + "source_id": 0, + "timestamp": "2018-08-09T16:49:04Z", + "uptime_millis": 1887990, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 1526324, + "flow_start_sys_up_time": 1495098, + "ingress_interface": 3, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 2, + "octet_delta_count": 7049, + "packet_delta_count": 119, + "post_destination_mac_address": "04:18:d6:f0:81:b5", + "post_source_mac_address": "00:11:bb:7f:20:42", + "post_vlan_id": 0, + "protocol_identifier": 6, + "source_ipv4_address": "10.100.6.93", + "source_transport_port": 54519, + "tcp_control_bits": 27, + "type": "netflow_flow" + }, + "network": { + "bytes": 7049, + "community_id": "1:QznhoMOMy0XGL01aIt45mG93Ahs=", + "direction": "outbound", + "iana_number": 6, + "packets": 119, + "transport": "tcp" + }, + "observer": { + "ip": "10.100.4.1" + }, + "source": { + "bytes": 7049, + "ip": "10.100.6.93", + "locality": "private", + "packets": 119, + "port": 54519 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-08-09T16:49:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "13.32.251.126", + "locality": "public", + "port": 443 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-08-09T16:49:04Z", + "duration": 30976000000, + "end": "2018-08-09T16:43:02.334Z", + "kind": "event", + "start": "2018-08-09T16:42:31.358Z" + }, + "flow": { + "id": "M0l00u11bWc", + "locality": "public" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "13.32.251.126", + "destination_transport_port": 443, + "egress_interface": 2, + "exporter": { + "address": "10.100.4.1:33135", + "source_id": 0, + "timestamp": "2018-08-09T16:49:04Z", + "uptime_millis": 1887990, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 1526324, + "flow_start_sys_up_time": 1495348, + "ingress_interface": 3, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 2, + "octet_delta_count": 1348, + "packet_delta_count": 13, + "post_destination_mac_address": "04:18:d6:f0:81:b5", + "post_source_mac_address": "00:11:bb:7f:20:42", + "post_vlan_id": 0, + "protocol_identifier": 6, + "source_ipv4_address": "10.100.6.93", + "source_transport_port": 54521, + "tcp_control_bits": 27, + "type": "netflow_flow" + }, + "network": { + "bytes": 1348, + "community_id": "1:nz3afDxgjd58RBYRFia+GrFAvNE=", + "direction": "outbound", + "iana_number": 6, + "packets": 13, + "transport": "tcp" + }, + "observer": { + "ip": "10.100.4.1" + }, + "source": { + "bytes": 1348, + "ip": "10.100.6.93", + "locality": "private", + "packets": 13, + "port": 54521 + } + }, + "Private": null, + "TimeSeries": false + }, + { + "Timestamp": "2018-08-09T16:49:04Z", + "Meta": null, + "Fields": { + "destination": { + "ip": "10.100.0.1", + "locality": "private", + "port": 53 + }, + "event": { + "action": "netflow_flow", + "category": "network_traffic", + "created": "2018-08-09T16:49:04Z", + "duration": 0, + "end": "2018-08-09T16:43:06.28Z", + "kind": "event", + "start": "2018-08-09T16:43:06.28Z" + }, + "flow": { + "id": "lzKTutEyrKA", + "locality": "private" + }, + "netflow": { + "delta_flow_count": 0, + "destination_ipv4_address": "10.100.0.1", + "destination_transport_port": 53, + "egress_interface": 2, + "exporter": { + "address": "10.100.4.1:33135", + "source_id": 0, + "timestamp": "2018-08-09T16:49:04Z", + "uptime_millis": 1887990, + "version": 9 + }, + "flow_direction": 1, + "flow_end_sys_up_time": 1530270, + "flow_start_sys_up_time": 1530270, + "ingress_interface": 0, + "ip_class_of_service": 0, + "ip_version": 4, + "mpls_label_stack_length": 2, + "octet_delta_count": 82, + "packet_delta_count": 1, + "post_destination_mac_address": "00:00:00:00:00:00", + "post_source_mac_address": "00:00:00:00:00:00", + "post_vlan_id": 0, + "protocol_identifier": 17, + "source_ipv4_address": "192.168.1.4", + "source_transport_port": 57253, + "tcp_control_bits": 0, + "type": "netflow_flow" + }, + "network": { + "bytes": 82, + "community_id": "1:HFBHKjXNUjNcb0z2P6sMpROPSq8=", + "direction": "outbound", + "iana_number": 17, + "packets": 1, + "transport": "udp" + }, + "observer": { + "ip": "10.100.4.1" + }, + "source": { + "bytes": 82, + "ip": "192.168.1.4", + "locality": "private", + "packets": 1, + "port": 57253 + } + }, + "Private": null, + "TimeSeries": false + } + ] +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/golden/ssl_local_example.pcap.golden.json b/filebeat/input/netflow/testdata/golden/ssl_local_example.pcap.golden.json new file mode 100644 index 00000000000..f6fcd92a339 --- /dev/null +++ b/filebeat/input/netflow/testdata/golden/ssl_local_example.pcap.golden.json @@ -0,0 +1,4 @@ +{ + "test_name": "ssl_local_example", + "error": "netflow protocol version 5891 not supported" +} \ No newline at end of file diff --git a/filebeat/input/netflow/testdata/pcap/ipfix_cisco.pcap b/filebeat/input/netflow/testdata/pcap/ipfix_cisco.pcap new file mode 100644 index 0000000000000000000000000000000000000000..365e936d2eaafff8cf623af4de2aadbb55575265 GIT binary patch literal 4358 zcmb_eZ){XW5TAX$yIx;8q*7YIioH_APz*t9DlH{7M&cjDYS0R`AfXQ=pz#AjqGBS7 zAtVYh(P$*(4x0u|q==v*jT*{n#R3uOw~B_uKn2AZ4B8m+_j_;mZt1nPgida5W@l!1 z=grK{?um{)Nk>AGfsiN+$`{l$-qYsD;js89kKh%D(;qL;s%WI9u%nKhdd^sZZq~fYE_>W0E zacCZJF$N6j2!eA=FBZ1F*hS%BUMzxcguMu-v=kC&?7!xO|%EB#x70mShR83fnsqdym$*bGb?L*EnqzkAJoorZTx`k#cm1* z^5SWDu@$=i^Fl8=T%sP)mSJRM_MSfHA!I}ypfDyX)juOS@x))(LTA2pJovYP@YshX z_&2(x;A6lja2v20sCDH(fG2P*KyFPyrNEBGhZGJJi?zedh+cHKKB_q+za(7F7oG)meB^4=>b^)xHRI_Bm#Z@R=Ly z>92^nN4!Z5eHZr)nc+9%iPSXfyU$zv(5yN!7Y3#>m~jGY)CR{r?oF=ieRqi!i|k&! z4YA-UHZa{V{pgj(%GfLS=;?{8ihgR2NRO#@mGT$2sy!#3tSy1i%$ftX9b?mfUbpx+ z!1EM9$A#2Q;B_pDzW`6r=QDz{>q9Iye?t#y176e~|Cl0nL0^@*qdVpz7Tnc%;p?yd z&%LPEi12*4-tx+bJm1|yA@%jyNKFMY8@WJci#^D)i#>=jfqIgM11kB&E6>hFMm%I>|0xOw%E%eS;v{s& z3qAR2N%WXrA=kc_-lGuTQ12@OSY<$yt60(g3h7AX)#$lPrZ67`-_o>9O1C-PS#J zM=dfER2QqPe@6a@C%!T>x!^~GY-3g(M4c8JyEMg1u;_`3Z!cMOk#+7<5!^~V&jtpI zh0)v8enA?!+1-poIPPKBN~>l%qO%8qI37 ziv#Ui(NXrJO&xFaTY(iByGj$!0>}W9@oM&AEc->%_E*+f8OeGTr)I~Kb9mn~&xAE_ rh`qo(YuN|zvh{DNYS5iPe79N!oCjXpJ=G1Ku+jg|+47=KMb7;P4K$O_ literal 0 HcmV?d00001 diff --git a/filebeat/input/netflow/testdata/pcap/netflow9_ubiquiti_edgerouter.pcap b/filebeat/input/netflow/testdata/pcap/netflow9_ubiquiti_edgerouter.pcap new file mode 100644 index 0000000000000000000000000000000000000000..3b2c50bf4e20a2a1c4ebf8453702538a352a8211 GIT binary patch literal 1132 zcmb_aJxe1|6g_V;nT%r;13Du{#csiFApzGIT)$Znj27zpfh?p98rVV$-A&MDYqPAC zA}DAlqJ`Kj1PdEc2v&j!{s2Mz!p8F^ie^m)iyb)d-hFfKJ@?*|NpGzvQ1SAq5WFPf zv61PyQdB9hG2PoXx_SZM-p{&r9UV}-gA1S0>`MoYs49%87D-O(9&s1iMiDerAKr|_ z;t4=WJ!KwZjdE15lt~CemTlt6;Hi`d^Xy_wC%lA*v0}o_xMnj18hDBjjf@}gA7Dro z{~>Q5bABR1FM0L%>h+@x)r8dftl2@Y{$9OKdH>PN8O*?H{Q|3{9uRAsi>7jzid-d( zs9RZXnO)zAb9R2sUSg|Sd2*TDkI}g=Y6NQbd7pbt)y7Kd9%eIlVlO|{cFKo& zN2jE0rv!4HGH^(z=&zjeTWV2-IHjCL8^Ab2Lay2M)JfKB2wr^$e3Fp!xnOk%V1D}u zc!&8?`=%2;b6%(utEV64ri=6XLuyG5H4-p;!s&^E)b13_-36d;ih750sM+~lJ5ue@ zcd=?R5A~)nmAy);{}-uKd8oIJ)Z+l)ZhzCO6#OG|Uy%BB2^InL6ZUelHv79SR3i#; KwuWH7 event %d: created:%s id:%s for %s", idx+1, ts, id, c.cursor) + } + if len(js) > c.skipLines { + for _, entry := range js[:c.skipLines] { + id, _ := getString(entry, "Id") + c.env.Logger.Debugf("Skipping event %s [%s] for %s", c.cursor, id, c.id) + } + for _, entry := range js[c.skipLines:] { + c.cursor = c.cursor.ForNextLine() + c.env.Logger.Debugf("Reporting event %s for %s", c.cursor, c.id) + actions = append(actions, c.env.Report(entry, c.cursor)) + } + c.skipLines = 0 + } else { + for _, entry := range js { + id, _ := getString(entry, "Id") + c.env.Logger.Debugf("Skipping event all %s [%s] for %s", c.cursor, id, c.id) + } + + c.skipLines -= len(js) + } + // The API only documents the use of NextPageUri header for list requests + // but one can't be too careful. + if url, found := getNextPage(response); found { + return append(actions, poll.Fetch(newPager(url, c))) + } + + return actions +} + +func (c contentBlob) handleError(response *http.Response) (actions []poll.Action) { + var msg apiError + readJSONBody(response, &msg) + c.env.Logger.Warnf("Got error %s: %+v", response.Status, msg) + + if _, found := fatalErrors[msg.Error.Code]; found { + return []poll.Action{ + c.env.ReportAPIError(msg), + poll.Terminate(errors.New(msg.Error.Message)), + } + } + + switch response.StatusCode { + case 401: // Authentication error. Renew oauth token and repeat this op. + return []poll.Action{ + poll.RenewToken(), + poll.Fetch(withDelay{contentBlob: c, delay: c.env.Config.PollInterval}), + } + case 404: + return nil + } + if msg.Error.Code != "" { + actions = append(actions, c.env.ReportAPIError(msg)) + } + return append(actions, poll.Fetch(withDelay{contentBlob: c, delay: c.env.Config.ErrorRetryInterval})) +} + +// ContentBlob creates a new contentBlob. +func ContentBlob(url string, cursor cursor, env apiEnvironment) contentBlob { + return contentBlob{ + url: url, + env: env, + cursor: cursor, + } +} + +// WithID configures a content blob with the given origin ID. +func (c contentBlob) WithID(id string) contentBlob { + c.id = id + return c +} + +// WithSkipLines configures a content blob with the number of objects to skip. +func (c contentBlob) WithSkipLines(nlines int) contentBlob { + c.skipLines = nlines + return c +} + +type withDelay struct { + contentBlob + delay time.Duration +} + +// Delay overrides the contentBlob's delay. +func (w withDelay) Delay() time.Duration { + return w.delay +} diff --git a/filebeat/input/o365audit/contentblob_test.go b/filebeat/input/o365audit/contentblob_test.go new file mode 100644 index 00000000000..1a08c69fb36 --- /dev/null +++ b/filebeat/input/o365audit/contentblob_test.go @@ -0,0 +1,149 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package o365audit + +import ( + "testing" + "time" + + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/x-pack/filebeat/input/o365audit/poll" +) + +type contentStore struct { + events []beat.Event + stopped bool +} + +func (s *contentStore) onEvent(b beat.Event) bool { + s.events = append(s.events, b) + return !s.stopped +} + +func (f *fakePoll) BlobContent(t testing.TB, b poll.Transaction, data []common.MapStr, nextUrl string) poll.Transaction { + urls, next := f.deliverResult(t, b, data, nextUrl) + if !assert.Empty(t, urls) { + t.Fatal("blob returned urls to fetch") + } + return next +} + +func makeEvent(ts time.Time, id string) common.MapStr { + return common.MapStr{ + "CreationTime": ts.Format(apiDateFormat), + "Id": id, + } +} + +func validateBlobs(t testing.TB, store contentStore, expected []string, c cursor) cursor { + assert.Len(t, store.events, len(expected)) + for idx := range expected { + id, err := getString(store.events[idx].Fields, fieldsPrefix+".Id") + if !assert.NoError(t, err) { + t.Fatal(err) + } + assert.Equal(t, expected[idx], id) + } + prev := c + baseLine := c.line + for idx, id := range expected { + ev := store.events[idx] + cursor, ok := ev.Private.(cursor) + if !assert.True(t, ok) { + t.Fatal("no cursor for event id", id) + } + assert.Equal(t, idx+1+baseLine, cursor.line) + assert.True(t, prev.Before(cursor)) + prev = cursor + } + return prev +} + +func TestContentBlob(t *testing.T) { + var f fakePoll + var store contentStore + ctx := apiEnvironment{ + Logger: logp.L(), + Callback: store.onEvent, + } + baseCursor := newCursor(stream{"myTenant", "contentype"}, time.Now()) + query := ContentBlob("http://test.localhost/", baseCursor, ctx) + data := []common.MapStr{ + makeEvent(now.Add(-time.Hour), "e1"), + makeEvent(now.Add(-2*time.Hour), "e2"), + makeEvent(now.Add(-30*time.Minute), "e3"), + makeEvent(now.Add(-10*time.Second), "e4"), + makeEvent(now.Add(-20*time.Minute), "e5"), + } + expected := []string{"e1", "e2", "e3", "e4", "e5"} + next := f.BlobContent(t, query, data, "") + assert.Nil(t, next) + c := validateBlobs(t, store, expected, baseCursor) + assert.Equal(t, len(expected), c.line) +} + +func TestContentBlobResumeToLine(t *testing.T) { + var f fakePoll + var store contentStore + ctx := testConfig() + ctx.Callback = store.onEvent + baseCursor := newCursor(stream{"myTenant", "contentype"}, time.Now()) + const skip = 3 + baseCursor.line = skip + query := ContentBlob("http://test.localhost/", baseCursor, ctx).WithSkipLines(skip) + data := []common.MapStr{ + makeEvent(now.Add(-time.Hour), "e1"), + makeEvent(now.Add(-2*time.Hour), "e2"), + makeEvent(now.Add(-30*time.Minute), "e3"), + makeEvent(now.Add(-10*time.Second), "e4"), + makeEvent(now.Add(-20*time.Minute), "e5"), + } + expected := []string{"e4", "e5"} + next := f.BlobContent(t, query, data, "") + assert.Nil(t, next) + c := validateBlobs(t, store, expected, baseCursor) + assert.Equal(t, len(expected), c.line-skip) +} + +func TestContentBlobPaged(t *testing.T) { + var f fakePoll + var store contentStore + ctx := apiEnvironment{ + Logger: logp.L(), + Callback: store.onEvent, + } + baseCursor := newCursor(stream{"myTenant", "contentype"}, time.Now()) + query := ContentBlob("http://test.localhost/", baseCursor, ctx) + data := []common.MapStr{ + makeEvent(now.Add(-time.Hour), "e1"), + makeEvent(now.Add(-2*time.Hour), "e2"), + makeEvent(now.Add(-30*time.Minute), "e3"), + makeEvent(now.Add(-10*time.Second), "e4"), + makeEvent(now.Add(-20*time.Minute), "e5"), + makeEvent(now.Add(-20*time.Minute), "e6"), + } + expected := []string{"e1", "e2", "e3"} + next := f.BlobContent(t, query, data[:3], "http://test.localhost/page/2") + assert.NotNil(t, next) + assert.IsType(t, paginator{}, next) + c := validateBlobs(t, store, expected, baseCursor) + assert.Equal(t, 3, c.line) + store.events = nil + next = f.BlobContent(t, next, data[3:5], "http://test.localhost/page/3") + assert.IsType(t, paginator{}, next) + expected = []string{"e4", "e5"} + c = validateBlobs(t, store, expected, c) + assert.Equal(t, 5, c.line) + store.events = nil + next = f.BlobContent(t, next, data[5:], "") + assert.Nil(t, next) + expected = []string{"e6"} + c = validateBlobs(t, store, expected, c) + assert.Equal(t, 6, c.line) +} diff --git a/filebeat/input/o365audit/dates.go b/filebeat/input/o365audit/dates.go new file mode 100644 index 00000000000..5eb53d4d6de --- /dev/null +++ b/filebeat/input/o365audit/dates.go @@ -0,0 +1,107 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package o365audit + +import ( + "fmt" + "sort" + "time" + + "github.com/joeshaw/multierror" + "github.com/pkg/errors" + + "github.com/elastic/beats/v7/libbeat/common" +) + +const ( + // Date format used by audit objects. + apiDateFormat = "2006-01-02T15:04:05" + timeDay = time.Hour * 24 +) + +var ( + errTypeCastFailed = errors.New("key is not expected type") +) + +// Date formats used in the JSON objects returned by the API. +// This is just a safeguard in case the date format used by the API is +// updated to include sub-second resolution or timezone information. +var apiDateFormats = dateFormats{ + apiDateFormat, + apiDateFormat + "Z", + time.RFC3339Nano, + time.RFC3339, +} + +// Date formats used by HTTP/1.1 servers. +var httpDateFormats = dateFormats{ + time.RFC1123, + time.RFC850, + time.ANSIC, + time.RFC1123Z, +} + +// A helper to parse dates using different formats. +type dateFormats []string + +// Parse will try to parse the given string-formatted date in the formats +// specified in the dateFormats until one succeeds. +func (d dateFormats) Parse(str string) (t time.Time, err error) { + for _, fmt := range d { + if t, err = time.Parse(fmt, str); err == nil { + return t.UTC(), nil + } + } + return time.Now().UTC(), fmt.Errorf("unable to parse date '%s' with formats %v", str, d) +} + +// Get a key from a map and cast it to string. +func getString(m common.MapStr, key string) (string, error) { + iValue, err := m.GetValue(key) + if err != nil { + return "", err + } + str, ok := iValue.(string) + if !ok { + return "", errTypeCastFailed + } + return str, nil +} + +// Parse a date from the given map key. +func getDateKey(m common.MapStr, key string, formats dateFormats) (t time.Time, err error) { + str, err := getString(m, key) + if err != nil { + return t, err + } + return formats.Parse(str) +} + +// Sort a slice of maps by one of its keys parsed as a date in the given format(s). +func sortMapSliceByDate(s []common.MapStr, dateKey string, formats dateFormats) error { + var errs multierror.Errors + sort.Slice(s, func(i, j int) bool { + di, e1 := getDateKey(s[i], dateKey, formats) + dj, e2 := getDateKey(s[j], dateKey, formats) + if e1 != nil { + errs = append(errs, e1) + } + if e2 != nil { + errs = append(errs, e2) + } + return di.Before(dj) + }) + return errors.Wrapf(errs.Err(), "failed sorting by date key:%s", dateKey) +} + +func inRange(d, maxLimit time.Duration) bool { + if maxLimit < 0 { + maxLimit = -maxLimit + } + if d < 0 { + d = -d + } + return d < maxLimit +} diff --git a/filebeat/input/o365audit/input.go b/filebeat/input/o365audit/input.go new file mode 100644 index 00000000000..cafba2184f3 --- /dev/null +++ b/filebeat/input/o365audit/input.go @@ -0,0 +1,303 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package o365audit + +import ( + "context" + "sync" + "time" + + "github.com/Azure/go-autorest/autorest" + "github.com/joeshaw/multierror" + "github.com/pkg/errors" + + "github.com/elastic/beats/v7/filebeat/channel" + "github.com/elastic/beats/v7/filebeat/input" + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/common/cfgwarn" + "github.com/elastic/beats/v7/libbeat/common/useragent" + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/x-pack/filebeat/input/o365audit/poll" +) + +const ( + inputName = "o365audit" + fieldsPrefix = inputName +) + +func init() { + if err := input.Register(inputName, NewInput); err != nil { + panic(errors.Wrapf(err, "unable to create %s input", inputName)) + } +} + +type o365input struct { + config Config + outlet channel.Outleter + storage *stateStorage + log *logp.Logger + pollers map[stream]*poll.Poller + cancel func() + ctx context.Context + wg sync.WaitGroup + runOnce sync.Once +} + +type apiEnvironment struct { + TenantID string + ContentType string + Config APIConfig + Callback func(beat.Event) bool + Logger *logp.Logger + Clock func() time.Time +} + +// NewInput creates a new o365audit input. +func NewInput( + cfg *common.Config, + connector channel.Connector, + inputContext input.Context, +) (inp input.Input, err error) { + cfgwarn.Beta("The %s input is beta", inputName) + inp, err = newInput(cfg, connector, inputContext) + return inp, errors.Wrap(err, inputName) +} + +func newInput( + cfg *common.Config, + connector channel.Connector, + inputContext input.Context, +) (inp input.Input, err error) { + config := defaultConfig() + if err := cfg.Unpack(&config); err != nil { + return nil, errors.Wrap(err, "reading config") + } + + log := logp.NewLogger(inputName) + + // TODO: Update with input v2 state. + storage := newStateStorage(noopPersister{}) + + var out channel.Outleter + out, err = connector.ConnectWith(cfg, beat.ClientConfig{ + Processing: beat.ProcessingConfig{ + DynamicFields: inputContext.DynamicFields, + }, + ACKLastEvent: func(private interface{}) { + // Errors don't have a cursor. + if cursor, ok := private.(cursor); ok { + log.Debugf("ACKed cursor %+v", cursor) + if err := storage.Save(cursor); err != nil && err != errNoUpdate { + log.Errorf("Error saving state: %v", err) + } + } + }, + }) + if err != nil { + return nil, err + } + + ctx, cancel := context.WithCancel(context.Background()) + defer func() { + if err != nil { + cancel() + } + }() + + pollers := make(map[stream]*poll.Poller) + for _, tenantID := range config.TenantID { + // MaxRequestsPerMinute limitation is per tenant. + delay := time.Duration(len(config.ContentType)) * time.Minute / time.Duration(config.API.MaxRequestsPerMinute) + auth, err := config.NewTokenProvider(tenantID) + if err != nil { + return nil, err + } + if _, err = auth.Token(); err != nil { + return nil, errors.Wrapf(err, "unable to acquire authentication token for tenant:%s", tenantID) + } + for _, contentType := range config.ContentType { + key := stream{ + tenantID: tenantID, + contentType: contentType, + } + poller, err := poll.New( + poll.WithTokenProvider(auth), + poll.WithMinRequestInterval(delay), + poll.WithLogger(log.With("tenantID", tenantID, "contentType", contentType)), + poll.WithContext(ctx), + poll.WithRequestDecorator( + autorest.WithUserAgent(useragent.UserAgent("Filebeat-"+inputName)), + autorest.WithQueryParameters(common.MapStr{ + "publisherIdentifier": tenantID, + }), + ), + ) + if err != nil { + return nil, errors.Wrap(err, "failed to create API poller") + } + pollers[key] = poller + } + } + + return &o365input{ + config: config, + outlet: out, + storage: storage, + log: log, + pollers: pollers, + ctx: ctx, + cancel: cancel, + }, nil +} + +// Run starts the o365input. Only has effect the first time it's called. +func (inp *o365input) Run() { + inp.runOnce.Do(inp.run) +} + +func (inp *o365input) run() { + for stream, poller := range inp.pollers { + start := inp.loadLastLocation(stream) + inp.log.Infow("Start fetching events", + "cursor", start, + "tenantID", stream.tenantID, + "contentType", stream.contentType) + inp.runPoller(poller, start) + } +} + +func (inp *o365input) runPoller(poller *poll.Poller, start cursor) { + ctx := apiEnvironment{ + TenantID: start.tenantID, + ContentType: start.contentType, + Config: inp.config.API, + Callback: inp.reportEvent, + Logger: poller.Logger(), + Clock: time.Now, + } + inp.wg.Add(1) + go func() { + defer logp.Recover("panic in " + inputName + " runner.") + defer inp.wg.Done() + action := ListBlob(start, ctx) + // When resuming from a saved state, it's necessary to query for the + // same startTime that provided the last ACKed event. Otherwise there's + // the risk of observing partial blobs with different line counts, due to + // how the backend works. + if start.line > 0 { + action = action.WithStartTime(start.startTime) + } + if err := poller.Run(action); err != nil { + ctx.Logger.Errorf("API polling terminated with error: %v", err.Error()) + msg := common.MapStr{} + msg.Put("error.message", err.Error()) + msg.Put("event.kind", "pipeline_error") + event := beat.Event{ + Timestamp: time.Now(), + Fields: msg, + } + inp.reportEvent(event) + } + }() +} + +func (inp *o365input) reportEvent(event beat.Event) bool { + return inp.outlet.OnEvent(event) +} + +// Stop terminates the o365 input. +func (inp *o365input) Stop() { + inp.log.Info("Stopping input " + inputName) + defer inp.log.Info(inputName + " stopped.") + defer inp.outlet.Close() + inp.cancel() +} + +// Wait terminates the o365input and waits for all the pollers to finalize. +func (inp *o365input) Wait() { + inp.Stop() + inp.wg.Wait() +} + +func (inp *o365input) loadLastLocation(key stream) cursor { + period := inp.config.API.MaxRetention + retentionLimit := time.Now().UTC().Add(-period) + cursor, err := inp.storage.Load(key) + if err != nil { + if err == errStateNotFound { + inp.log.Infof("No saved state found. Will fetch events for the last %v.", period.String()) + } else { + inp.log.Errorw("Error loading saved state. Will fetch all retained events. "+ + "Depending on max_retention, this can cause event loss or duplication.", + "error", err, + "max_retention", period.String()) + } + cursor.timestamp = retentionLimit + } + if cursor.timestamp.Before(retentionLimit) { + inp.log.Warnw("Last update exceeds the retention limit. "+ + "Probably some events have been lost.", + "resume_since", cursor, + "retention_limit", retentionLimit, + "max_retention", period.String()) + // Due to API limitations, it's necessary to perform a query for each + // day. These avoids performing a lot of queries that will return empty + // when the input hasn't run in a long time. + cursor.timestamp = retentionLimit + } + return cursor +} + +var errTerminated = errors.New("terminated due to output closed") + +// Report returns an action that produces a beat.Event from the given object. +func (env apiEnvironment) Report(doc common.MapStr, private interface{}) poll.Action { + return func(poll.Enqueuer) error { + if !env.Callback(env.toBeatEvent(doc, private)) { + return errTerminated + } + return nil + } +} + +// ReportAPIError returns an action that produces a beat.Event from an API error. +func (env apiEnvironment) ReportAPIError(err apiError) poll.Action { + return func(poll.Enqueuer) error { + if !env.Callback(err.ToBeatEvent()) { + return errTerminated + } + return nil + } +} + +func (env apiEnvironment) toBeatEvent(doc common.MapStr, private interface{}) beat.Event { + var errs multierror.Errors + ts, err := getDateKey(doc, "CreationTime", apiDateFormats) + if err != nil { + ts = time.Now() + errs = append(errs, errors.Wrap(err, "failed parsing CreationTime")) + } + b := beat.Event{ + Timestamp: ts, + Fields: common.MapStr{ + fieldsPrefix: doc, + }, + Private: private, + } + if env.Config.SetIDFromAuditRecord { + if id, err := getString(doc, "Id"); err == nil && len(id) > 0 { + b.SetID(id) + } + } + if len(errs) > 0 { + msgs := make([]string, len(errs)) + for idx, e := range errs { + msgs[idx] = e.Error() + } + b.PutValue("error.message", msgs) + } + return b +} diff --git a/filebeat/input/o365audit/listblobs.go b/filebeat/input/o365audit/listblobs.go new file mode 100644 index 00000000000..5be65a8d67d --- /dev/null +++ b/filebeat/input/o365audit/listblobs.go @@ -0,0 +1,297 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package o365audit + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "net/http" + "sort" + "time" + + "github.com/Azure/go-autorest/autorest" + "github.com/pkg/errors" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/o365audit/poll" +) + +// listBlob is a poll.Transaction that handles the content/"blobs" list. +type listBlob struct { + cursor cursor + startTime, endTime time.Time + delay time.Duration + env apiEnvironment +} + +// ListBlob creates a new poll.Transaction that lists content starting from +// the given cursor position. +func ListBlob(cursor cursor, env apiEnvironment) listBlob { + l := listBlob{ + cursor: cursor, + env: env, + } + return l.adjustTimes(cursor.timestamp) +} + +// WithStartTime allows to alter the startTime of a listBlob. This is necessary +// for requests that are resuming from the cursor position of an existing blob, +// as it has been observed that the server won't return the same blob, but a +// partial one, when queried with the time that this blob was created. +func (l listBlob) WithStartTime(start time.Time) listBlob { + return l.adjustTimes(start) +} + +func (l listBlob) adjustTimes(since time.Time) listBlob { + now := l.env.Clock() + // Can't query more than in the past. + fromLimit := now.Add(-l.env.Config.MaxRetention) + if since.Before(fromLimit) { + since = fromLimit + } + + to := since.Add(l.env.Config.MaxQuerySize) + // Can't query into the future. Polling for new events every interval. + var delay time.Duration + if to.After(now) { + since = now.Add(-l.env.Config.MaxQuerySize) + if since.Before(l.cursor.timestamp) { + since = l.cursor.timestamp + } + to = now + delay = l.env.Config.PollInterval + } + l.startTime = since.UTC() + l.endTime = to.UTC() + l.delay = delay + return l +} + +// Delay returns the delay before executing a transaction. +func (l listBlob) Delay() time.Duration { + return l.delay +} + +// String returns the printable representation of a listBlob. +func (l listBlob) String() string { + return fmt.Sprintf("list blobs from:%s to:%s", l.startTime, l.endTime) +} + +// RequestDecorators returns the decorators used to perform a request. +func (l listBlob) RequestDecorators() []autorest.PrepareDecorator { + return []autorest.PrepareDecorator{ + autorest.WithBaseURL(l.env.Config.Resource), + autorest.WithPath("api/v1.0"), + autorest.WithPath(l.cursor.tenantID), + autorest.WithPath("activity/feed/subscriptions/content"), + autorest.WithQueryParameters( + map[string]interface{}{ + "contentType": l.cursor.contentType, + "startTime": l.startTime.Format(apiDateFormat), + "endTime": l.endTime.Format(apiDateFormat), + }), + } +} + +// OnResponse handles the output of a list content request. +func (l listBlob) OnResponse(response *http.Response) (actions []poll.Action) { + if response.StatusCode != 200 { + return l.handleError(response) + } + + if delta := getServerTimeDelta(response); l.env.Config.AdjustClockWarn && !inRange(delta, l.env.Config.AdjustClockMinDifference) { + l.env.Logger.Warnf("Server clock is offset by %v: Check system clock to avoid event loss.", delta) + } + + var list []content + if err := readJSONBody(response, &list); err != nil { + return []poll.Action{ + poll.Terminate(err), + } + } + + // Sort content by creation date and then by ID. + sort.Slice(list, func(i, j int) bool { + return list[i].Created.Before(list[j].Created) || (list[i].Created == list[j].Created && list[i].ID < list[j].ID) + }) + + // Save in the cursor the startTime that was used to obtain this blobs. + // In case of resuming retrieval using that cursor, it will be necessary to + // use the same startTime to observe the same blobs. Otherwise there's the + // risk of observing partial blobs. + l.cursor = l.cursor.WithStartTime(l.startTime) + + for _, entry := range list { + // Only fetch blobs that advance the cursor. + if l.cursor.TryAdvance(entry) { + l.env.Logger.Debugf("+ fetch blob date:%v id:%s", entry.Created.UTC(), entry.ID) + actions = append(actions, poll.Fetch( + ContentBlob(entry.URI, l.cursor, l.env). + WithID(entry.ID). + WithSkipLines(l.cursor.line))) + } else { + l.env.Logger.Debugf("- skip blob date:%v id:%s", entry.Created.UTC(), entry.ID) + } + if entry.Created.Before(l.startTime) { + l.env.Logger.Errorf("! Event created before query") + } + if entry.Created.After(l.endTime) { + l.env.Logger.Errorf("! Event created after query") + } + } + // Fetch the next page if a NextPageUri header is found. + if url, found := getNextPage(response); found { + return append(actions, poll.Fetch(newPager(url, l))) + } + // Otherwise fetch the next time window. + return append(actions, poll.Fetch(l.Next())) +} + +// Next returns a listBlob that will fetch events in future. +func (l listBlob) Next() listBlob { + return l.adjustTimes(l.endTime) +} + +var fatalErrors = map[string]struct{}{ + // Missing parameter: {0}. + "AF20001": {}, + // Invalid parameter type: {0}. Expected type: {1} + "AF20002": {}, + // Expiration {0} provided is set to past date and time. + "AF20003": {}, + // The tenant ID passed in the URL ({0}) does not match the tenant ID passed in the access token ({1}). + "AF20010": {}, + // Specified tenant ID ({0}) does not exist in the system or has been deleted. + "AF20011": {}, + // Specified tenant ID ({0}) is incorrectly configured in the system. + "AF20012": {}, + // The tenant ID passed in the URL ({0}) is not a valid GUID. + "AF20013": {}, + // The specified content type is not valid. + "AF20020": {}, + // The webhook endpoint {{0}) could not be validated. {1} + "AF20021": {}, +} + +func (l listBlob) handleError(response *http.Response) (actions []poll.Action) { + var msg apiError + readJSONBody(response, &msg) + l.env.Logger.Warnf("Got error %s: %+v", response.Status, msg) + l.delay = l.env.Config.ErrorRetryInterval + + switch response.StatusCode { + case 401: + // Authentication error. Renew oauth token and repeat this op. + l.delay = l.env.Config.PollInterval + return []poll.Action{ + poll.RenewToken(), + poll.Fetch(l), + } + case 408, 503: + // Known errors when the backend is down. + // Repeat the request without reporting an error. + return []poll.Action{ + poll.Fetch(l), + } + } + + if _, found := fatalErrors[msg.Error.Code]; found { + return []poll.Action{ + l.env.ReportAPIError(msg), + poll.Terminate(errors.New(msg.Error.Message)), + } + } + + switch msg.Error.Code { + // AF20022: No subscription found for the specified content type + // AF20023: The subscription was disabled by [..] + case "AF20022", "AF20023": + l.delay = 0 + // Subscribe and retry + return []poll.Action{ + poll.Fetch(Subscribe(l.env)), + poll.Fetch(l), + } + // AF20030: Start time and end time must both be specified (or both omitted) and must + // be less than or equal to 24 hours apart, with the start time no more than + // 7 days in the past. + // AF20055: (Same). + case "AF20030", "AF20055": + // As of writing this, the server fails a request if it's more than + // retention_time(7d)+1h in the past. + // On the other hand, requests can be days into the future without error. + + // First check if this is caused by a request close to the max retention + // period that's been queued for hours because of server being down. + // Repeat the request with updated times. + now := l.env.Clock() + delta := now.Sub(l.startTime) + if delta > (l.env.Config.MaxRetention + 30*time.Minute) { + l.delay = l.env.Config.PollInterval + return []poll.Action{ + poll.Fetch(l.adjustTimes(l.startTime)), + } + } + + delta = getServerTimeDelta(response) + l.env.Logger.Errorf("Server is complaining about query interval. "+ + "This is usually a problem with the local clock and the server's clock "+ + "being out of sync. Time difference with server is %v.", delta) + if l.env.Config.AdjustClock && !inRange(delta, l.env.Config.AdjustClockMinDifference) { + l.env.Clock = func() time.Time { + return time.Now().Add(delta) + } + l.env.Logger.Info("Compensating for time difference") + } else { + l.env.Logger.Infow("Not adjusting for time offset.", + "api.adjust_clock", l.env.Config.AdjustClock, + "api.adjust_clock_min_difference", l.env.Config.AdjustClockMinDifference, + "difference", delta) + } + return []poll.Action{ + poll.Fetch(l.adjustTimes(l.startTime)), + } + + // Too many requests. + case "AF429": + + // Internal server error. Retry the request. + case "AF50000": + + // Invalid nextPage Input: {0}. Can be ignored. + case "AF20031": + + // AF50005-AF50006: An internal error occurred. Retry the request. + case "AF50005", "AF50006": + return append(actions, poll.Fetch(l)) + } + + if msg.Error.Code != "" { + actions = append(actions, l.env.ReportAPIError(msg)) + } + return append(actions, poll.Fetch(l)) +} + +func readJSONBody(response *http.Response, dest interface{}) error { + defer autorest.Respond(response, + autorest.ByDiscardingBody(), + autorest.ByClosing()) + body, err := ioutil.ReadAll(response.Body) + if err != nil { + return errors.Wrap(err, "reading body failed") + } + if err = json.Unmarshal(body, dest); err != nil { + return errors.Wrap(err, "decoding json failed") + } + return nil +} + +func getServerTimeDelta(response *http.Response) time.Duration { + serverDate, err := httpDateFormats.Parse(response.Header.Get("Date")) + if err != nil { + return 0 + } + return serverDate.Sub(time.Now()) +} diff --git a/filebeat/input/o365audit/listblobs_test.go b/filebeat/input/o365audit/listblobs_test.go new file mode 100644 index 00000000000..148ee2273e8 --- /dev/null +++ b/filebeat/input/o365audit/listblobs_test.go @@ -0,0 +1,413 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package o365audit + +import ( + "bytes" + "encoding/json" + "fmt" + "io/ioutil" + "net/http" + "sort" + "strconv" + "strings" + "testing" + "time" + + "github.com/Azure/go-autorest/autorest" + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/x-pack/filebeat/input/o365audit/poll" +) + +const contentType = "Audit.AzureActiveDirectory" + +var now = time.Now().UTC() + +type blob struct { + Created time.Time `json:"contentCreated"` + Expiration time.Time `json:"contentExpiration"` + Id string `json:"contentId"` + Type string `json:"contentType"` + Uri string `json:"contentUri"` +} + +func idDate(d time.Time) string { + return strings.ReplaceAll(d.Format("20060102150405.999999999"), ".", "") +} + +func makeBlob(c time.Time, path string) blob { + created := c.UTC() + id := fmt.Sprintf("%s$%s$%s$%s$emea0026", + idDate(created), + idDate(created.Add(time.Hour)), + strings.ReplaceAll(strings.ToLower(contentType), ".", "_"), + strings.ReplaceAll(contentType, ".", "_")) + return blob{ + Created: created, + Expiration: created.Add(time.Hour * 24 * 7), + Id: id, + Type: contentType, + Uri: "https://test.localhost/" + path, + } +} + +type fakePoll struct { + queue []poll.Transaction +} + +func (f *fakePoll) RenewToken() error { + return nil +} + +func (f *fakePoll) Enqueue(item poll.Transaction) error { + f.queue = append(f.queue, item) + return nil +} + +func (f *fakePoll) PagedSearchQuery(t testing.TB, lb poll.Transaction, db []blob) (urls []string, next poll.Transaction) { + const pageSize = 3 + n := len(db) + var from, to int + switch v := lb.(type) { + case listBlob: + from = 0 + case paginator: + req, err := autorest.Prepare(&http.Request{}, v.RequestDecorators()...) + if !assert.NoError(t, err) { + t.Fatal(err) + } + nextArray, ok := req.URL.Query()["nextPage"] + if !assert.True(t, ok) || len(nextArray) != 1 { + t.Fatal("nextPage param is missing in pager query") + } + from, err = strconv.Atoi(nextArray[0]) + if !assert.NoError(t, err) { + t.Fatal(err) + } + } + if to = from + pageSize; to > n { + to = n + } + result := db[from:to] + nextUrl := "" + if to < n { + nextUrl = fmt.Sprintf("http://localhost.test/something?nextPage=%d", to) + } + return f.deliverResult(t, lb, result, nextUrl) +} + +func (f *fakePoll) deliverResult(t testing.TB, pl poll.Transaction, msg interface{}, nextUrl string) (urls []string, next poll.Transaction) { + js, err := json.Marshal(msg) + if !assert.NoError(t, err) { + t.Fatal(err) + } + response := &http.Response{ + StatusCode: 200, + Body: ioutil.NopCloser(bytes.NewReader(js)), + ContentLength: int64(len(js)), + } + if nextUrl != "" { + response.Header = http.Header{ + "NextPageUri": []string{nextUrl}, + } + } + return f.finishQuery(t, pl, response) +} + +func (f *fakePoll) SearchQuery(t testing.TB, lb listBlob, db []blob) (urls []string, next poll.Transaction) { + t.Log("Query start:", now.Sub(lb.startTime), "end:", now.Sub(lb.endTime)) + lowerBound := sort.Search(len(db), func(i int) bool { + return !db[i].Created.Before(lb.startTime) + }) + upperBound := sort.Search(len(db), func(i int) bool { + return !db[i].Created.Before(lb.endTime) + }) + result := db[lowerBound:upperBound] + return f.deliverResult(t, lb, result, "") +} + +func (f *fakePoll) finishQuery(t testing.TB, pl poll.Transaction, resp *http.Response) (urls []string, next poll.Transaction) { + for _, a := range pl.OnResponse(resp) { + if err := a(f); !assert.NoError(t, err) { + t.Fatal(err) + } + } + if n := len(f.queue); n > 0 { + urls = make([]string, n-1) + for i := 0; i < n-1; i++ { + req, err := autorest.Prepare(&http.Request{}, f.queue[i].RequestDecorators()...) + if !assert.NoError(t, err) { + t.Fatal(err) + } + urls[i] = req.URL.Path[1:] + } + next = f.queue[n-1] + } + f.queue = nil + return urls, next +} + +func (f *fakePoll) subscriptionError(t testing.TB, lb listBlob) (subscribe, listBlob) { + t.Log("Query start:", now.Sub(lb.startTime), "end:", now.Sub(lb.endTime)) + var apiErr apiError + apiErr.Error.Code = "AF20022" + apiErr.Error.Message = "No subscription found for the specified content type" + js, err := json.Marshal(apiErr) + if !assert.NoError(t, err) { + t.Fatal(err) + } + t.Log(string(js)) + resp := &http.Response{ + StatusCode: 400, + Body: ioutil.NopCloser(bytes.NewReader(js)), + } + for _, a := range lb.OnResponse(resp) { + if err := a(f); !assert.NoError(t, err) { + t.Fatal(err) + } + } + if !assert.Len(t, f.queue, 2) { + t.Fatal("need 2 actions") + } + if !assert.IsType(t, subscribe{}, f.queue[0]) { + t.Fatal("expected type not found") + } + if !assert.IsType(t, lb, f.queue[1]) { + t.Fatal("expected type not found") + } + return f.queue[0].(subscribe), f.queue[1].(listBlob) +} + +func testConfig() apiEnvironment { + logp.TestingSetup() + config := defaultConfig() + return apiEnvironment{ + Config: config.API, + Logger: logp.NewLogger(inputName + " test"), + Clock: func() time.Time { + return now + }, + } +} + +func TestListBlob(t *testing.T) { + ctx := testConfig() + + db := []blob{ + // 7d+ ago + makeBlob(now.Add(-time.Hour*(1+24*7)), "expired"), + // [7,6d) ago + makeBlob(now.Add(-time.Hour*(8+24*6)), "day1_1"), + makeBlob(now.Add(-time.Hour*(3+24*6)), "day1_2"), + // [6d,5d) ago + makeBlob(now.Add(-time.Hour*(3+24*5)), "day2_1"), + + // [5d-4d) ago + makeBlob(now.Add(-time.Hour*(24*5)), "day3_1_limit"), + makeBlob(now.Add(-time.Hour*(23+24*4)), "day3_2"), + // Yesterday + makeBlob(now.Add(-time.Hour*(12+24*1)), "day6"), + // Today + makeBlob(now.Add(-time.Hour*12), "today_1"), + makeBlob(now.Add(-time.Hour*7), "today_2"), + } + lb := ListBlob(newCursor(stream{"1234", contentType}, time.Time{}), ctx) + var f fakePoll + // 6 days ago + blobs, next := f.SearchQuery(t, lb, db) + assert.Equal(t, []string{"day1_1", "day1_2"}, blobs) + assert.IsType(t, listBlob{}, next) + // 5 days ago + blobs, next = f.SearchQuery(t, next.(listBlob), db) + assert.Equal(t, []string{"day2_1"}, blobs) + + // 4 days ago + blobs, next = f.SearchQuery(t, next.(listBlob), db) + assert.Equal(t, []string{"day3_1_limit", "day3_2"}, blobs) + + // 3 days ago + blobs, next = f.SearchQuery(t, next.(listBlob), db) + assert.Empty(t, blobs) + + // 2 days ago + blobs, next = f.SearchQuery(t, next.(listBlob), db) + assert.Empty(t, blobs) + + // Yesterday + blobs, next = f.SearchQuery(t, next.(listBlob), db) + assert.Equal(t, []string{"day6"}, blobs) + + // Today + blobs, next = f.SearchQuery(t, next.(listBlob), db) + assert.Equal(t, []string{"today_1", "today_2"}, blobs) + + // Query for new data + blobs, next = f.SearchQuery(t, next.(listBlob), db) + assert.Empty(t, blobs) + + // New blob + db = append(db, makeBlob(now.Add(-time.Hour*5), "live_1")) + + blobs, next = f.SearchQuery(t, next.(listBlob), db) + assert.Equal(t, []string{"live_1"}, blobs) + + blobs, next = f.SearchQuery(t, next.(listBlob), db) + assert.Empty(t, blobs) + + // Two new blobs + db = append(db, makeBlob(now.Add(-time.Hour*5+time.Second), "live_2")) + db = append(db, makeBlob(now.Add(-time.Hour*5+2*time.Second), "live_3")) + + blobs, next = f.SearchQuery(t, next.(listBlob), db) + assert.Equal(t, []string{"live_2", "live_3"}, blobs) + + blobs, next = f.SearchQuery(t, next.(listBlob), db) + assert.Empty(t, blobs) + + blobs, next = f.SearchQuery(t, next.(listBlob), db) + assert.Empty(t, blobs) + + // Two more blobs with the same timestamp. + // I don't even know if this is possible, but assuming that in this case + // they will have a different ID because the ID uses the timestamp up to a + // nanosecond precision while the date only has millisecond-precision. + db = append(db, makeBlob(now.Add(-time.Hour*3+time.Nanosecond), "live_4a")) + db = append(db, makeBlob(now.Add(-time.Hour*3+2*time.Nanosecond), "live_4b")) + db = append(db, makeBlob(now.Add(-time.Hour*3+3*time.Nanosecond), "live_4c")) + + blobs, next = f.SearchQuery(t, next.(listBlob), db) + assert.Equal(t, []string{"live_4a", "live_4b", "live_4c"}, blobs) + + blobs, next = f.SearchQuery(t, next.(listBlob), db) + assert.Empty(t, blobs) +} + +func TestSubscriptionStart(t *testing.T) { + logp.TestingSetup() + log := logp.L() + ctx := apiEnvironment{ + ContentType: contentType, + TenantID: "1234", + Logger: log, + Clock: func() time.Time { + return now + }, + } + lb := ListBlob(newCursor(stream{"1234", contentType}, time.Time{}), ctx) + var f fakePoll + s, l := f.subscriptionError(t, lb) + assert.Equal(t, lb.cursor, l.cursor) + assert.Equal(t, lb.endTime, l.endTime) + assert.Equal(t, lb.startTime, l.startTime) + assert.Equal(t, lb.delay, l.delay) + assert.Equal(t, lb.cursor, l.cursor) + assert.Equal(t, lb.env.TenantID, l.env.TenantID) + assert.Equal(t, lb.env.ContentType, l.env.ContentType) + assert.Equal(t, lb.env.Logger, l.env.Logger) + assert.Equal(t, contentType, s.ContentType) + assert.Equal(t, lb.cursor.tenantID, s.TenantID) +} + +func TestPagination(t *testing.T) { + ctx := testConfig() + db := []blob{ + makeBlob(now.Add(-time.Hour*47+1*time.Nanosecond), "e1"), + makeBlob(now.Add(-time.Hour*47+2*time.Nanosecond), "e2"), + makeBlob(now.Add(-time.Hour*47+3*time.Nanosecond), "e3"), + makeBlob(now.Add(-time.Hour*47+4*time.Nanosecond), "e4"), + makeBlob(now.Add(-time.Hour*47+5*time.Nanosecond), "e5"), + makeBlob(now.Add(-time.Hour*47+6*time.Nanosecond), "e6"), + makeBlob(now.Add(-time.Hour*47+7*time.Nanosecond), "e7"), + makeBlob(now.Add(-time.Hour*47+8*time.Nanosecond), "e8"), + } + lb := ListBlob(newCursor(stream{"1234", contentType}, now.Add(-time.Hour*48)), ctx) + var f fakePoll + // 6 days ago + blobs, next := f.PagedSearchQuery(t, lb, db) + assert.Equal(t, []string{"e1", "e2", "e3"}, blobs) + assert.IsType(t, paginator{}, next) + + blobs, next = f.PagedSearchQuery(t, next, db) + assert.Equal(t, []string{"e4", "e5", "e6"}, blobs) + assert.IsType(t, paginator{}, next) + + blobs, next = f.PagedSearchQuery(t, next, db) + assert.Equal(t, []string{"e7", "e8"}, blobs) + nextlb, ok := next.(listBlob) + if !assert.True(t, ok) { + t.Fatal("bad type after pagination") + } + assert.Equal(t, lb.endTime, nextlb.startTime) + assert.True(t, lb.endTime.Before(nextlb.endTime)) +} + +func mkTime(t testing.TB, str string) time.Time { + tm, err := time.Parse(apiDateFormat, str) + if !assert.NoError(t, err) { + t.Fatal(err) + } + return tm +} + +func TestAdvance(t *testing.T) { + start := mkTime(t, "2020-02-01T15:00:00") + ev1 := mkTime(t, "2020-02-02T12:00:00") + now1 := mkTime(t, "2020-02-03T00:00:00") + ev2 := mkTime(t, "2020-02-03T12:00:00") + now2 := mkTime(t, "2020-02-04T00:00:00") + now3 := mkTime(t, "2020-02-06T00:00:00") + db := []blob{ + makeBlob(ev1, "e1"), + makeBlob(ev2, "e2"), + } + now := &now1 + ctx := testConfig() + ctx.Clock = func() time.Time { + return *now + } + lb := ListBlob(newCursor(stream{"tenant", contentType}, start), ctx) + assert.Equal(t, start, lb.startTime) + assert.Equal(t, start.Add(time.Hour*24), lb.endTime) + assert.True(t, lb.endTime.Before(now1)) + var f fakePoll + blobs, next := f.SearchQuery(t, lb, db) + assert.Equal(t, []string{"e1"}, blobs) + assert.IsType(t, listBlob{}, next) + lb = next.(listBlob) + assert.Equal(t, ev1, lb.startTime) + assert.Equal(t, now1, lb.endTime) + + now = &now2 + blobs, next = f.SearchQuery(t, lb, db) + assert.Empty(t, blobs) + assert.IsType(t, listBlob{}, next) + lb = next.(listBlob) + assert.Equal(t, now1, lb.startTime) + assert.Equal(t, now2, lb.endTime) + + blobs, next = f.SearchQuery(t, lb, db) + assert.Equal(t, []string{"e2"}, blobs) + assert.IsType(t, listBlob{}, next) + lb = next.(listBlob) + assert.Equal(t, ev1.Add(time.Hour*24), lb.startTime) + assert.Equal(t, now2, lb.endTime) + + now = &now3 + blobs, next = f.SearchQuery(t, lb, db) + assert.Empty(t, blobs) + assert.IsType(t, listBlob{}, next) + lb = next.(listBlob) + assert.Equal(t, now2, lb.startTime) + assert.Equal(t, now2.Add(time.Hour*24), lb.endTime) + + blobs, next = f.SearchQuery(t, lb, db) + assert.Empty(t, blobs) + assert.IsType(t, listBlob{}, next) + lb = next.(listBlob) + assert.Equal(t, now2.Add(time.Hour*24), lb.startTime) + assert.Equal(t, now3, lb.endTime) +} diff --git a/filebeat/input/o365audit/pagination.go b/filebeat/input/o365audit/pagination.go new file mode 100644 index 00000000000..10703a0479a --- /dev/null +++ b/filebeat/input/o365audit/pagination.go @@ -0,0 +1,65 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package o365audit + +import ( + "fmt" + "net/http" + "time" + + "github.com/Azure/go-autorest/autorest" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/o365audit/poll" +) + +// paginator is a decorator around a poll.Transaction to parse paginated requests. +type paginator struct { + url string + inner poll.Transaction +} + +// String returns the printable representation of this transaction. +func (p paginator) String() string { + return fmt.Sprintf("pager for url:`%s` inner:%s", p.url, p.inner) +} + +// RequestDecorators returns the decorators used to perform a request. +func (p paginator) RequestDecorators() []autorest.PrepareDecorator { + return []autorest.PrepareDecorator{ + autorest.WithBaseURL(p.url), + } +} + +// OnResponse parses the response using the wrapped transaction. +func (p paginator) OnResponse(r *http.Response) []poll.Action { + return p.inner.OnResponse(r) +} + +// Delay returns the delay for the wrapped transaction. +func (p paginator) Delay() time.Duration { + return p.inner.Delay() +} + +func newPager(pageUrl string, inner poll.Transaction) poll.Transaction { + return paginator{ + url: pageUrl, + inner: inner, + } +} + +// The documentation mentions NextPageUri, but shows NetPageUrl in the examples. +var nextPageHeaders = []string{ + "NextPageUri", + "NextPageUrl", +} + +func getNextPage(response *http.Response) (url string, found bool) { + for _, h := range nextPageHeaders { + if urls, found := response.Header[h]; found && len(urls) > 0 { + return urls[0], true + } + } + return "", false +} diff --git a/filebeat/input/o365audit/poll/poll.go b/filebeat/input/o365audit/poll/poll.go new file mode 100644 index 00000000000..e68f0f54c8f --- /dev/null +++ b/filebeat/input/o365audit/poll/poll.go @@ -0,0 +1,268 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package poll + +import ( + "context" + "fmt" + "net/http" + "time" + + "github.com/Azure/go-autorest/autorest" + "github.com/pkg/errors" + + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/x-pack/filebeat/input/o365audit/auth" +) + +// Transaction is the interface that wraps a request-response transaction to be +// performed by the poller. +type Transaction interface { + fmt.Stringer + + // RequestDecorators must return the list of decorators used to customize + // an http.Request. + RequestDecorators() []autorest.PrepareDecorator + + // OnResponse receives the resulting http.Response and returns the actions + // to be performed. + OnResponse(*http.Response) []Action + + // Delay returns the required delay before performing the request. + Delay() time.Duration +} + +// Poller encapsulates a single-threaded polling loop that performs requests +// and executes actions in response. +type Poller struct { + decorators []autorest.PrepareDecorator // Fixed decorators to apply to each request. + log *logp.Logger + tp auth.TokenProvider + list transactionList // List of pending transactions. + interval time.Duration // Minimum interval between transactions. + ctx context.Context +} + +// New creates a new Poller. +func New(options ...PollerOption) (p *Poller, err error) { + p = &Poller{ + ctx: context.Background(), + } + for _, opt := range options { + if err = opt(p); err != nil { + return nil, err + } + } + return p, nil +} + +// Run starts the poll loop with the given first transaction and continuing with +// any transactions spawned by it. It will execute until an error, a Terminate +// action is returned by a transaction, it runs out of transactions to perform, +// or a context set using WithContext() is done. +func (r *Poller) Run(item Transaction) error { + r.list.push(item) + for r.ctx.Err() == nil { + transaction := r.list.pop() + if transaction == nil { + return nil + } + if err := r.fetch(transaction); err != nil { + return err + } + } + return nil +} +func (r *Poller) fetch(item Transaction) error { + return r.fetchWithDelay(item, r.interval) +} + +func (r *Poller) fetchWithDelay(item Transaction, minDelay time.Duration) error { + r.log.Debugf("* Fetch %s", item) + // The order here is important. item's decorators must come first as those + // set the URL, which is required by other decorators (WithQueryParameters). + decorators := append( + append([]autorest.PrepareDecorator{}, item.RequestDecorators()...), + r.decorators...) + if r.tp != nil { + token, err := r.tp.Token() + if err != nil { + return errors.Wrap(err, "failed getting a token") + } + decorators = append(decorators, autorest.WithBearerAuthorization(token)) + } + + request, err := autorest.Prepare(&http.Request{}, decorators...) + if err != nil { + return errors.Wrap(err, "failed preparing request") + } + delay := max(item.Delay(), minDelay) + r.log.Debugf(" -- wait %s for %s", delay, request.URL.String()) + + response, err := autorest.Send(request, + autorest.DoCloseIfError(), + autorest.AfterDelay(delay)) + if err != nil { + r.log.Warnf("-- error sending request: %v", err) + return r.fetchWithDelay(item, max(time.Minute, r.interval)) + } + + acts := item.OnResponse(response) + r.log.Debugf(" <- Result (%s) #acts=%d", response.Status, len(acts)) + + for _, act := range acts { + if err = act(r); err != nil { + return errors.Wrapf(err, "error acting on %+v", act) + } + } + + return nil +} + +// Logger returns the logger used. +func (p *Poller) Logger() *logp.Logger { + return p.log +} + +// PollerOption is the type for additional configuration options for a Poller. +type PollerOption func(r *Poller) error + +// WithRequestDecorator sets additional request decorators that will be applied +// to all requests. +func WithRequestDecorator(decorators ...autorest.PrepareDecorator) PollerOption { + return func(r *Poller) error { + r.decorators = append(r.decorators, decorators...) + return nil + } +} + +// WithTokenProvider sets the token provider that will be used to set a bearer +// token to all requests. +func WithTokenProvider(tp auth.TokenProvider) PollerOption { + return func(r *Poller) error { + if r.tp != nil { + return errors.New("tried to set more than one token provider") + } + r.tp = tp + return nil + } +} + +// WithLogger sets the logger to use. +func WithLogger(logger *logp.Logger) PollerOption { + return func(r *Poller) error { + r.log = logger + return nil + } +} + +// WithContext sets the context used to terminate the poll loop. +func WithContext(ctx context.Context) PollerOption { + return func(r *Poller) error { + r.ctx = ctx + return nil + } +} + +// WithMinRequestInterval sets the minimum delay between requests. +func WithMinRequestInterval(d time.Duration) PollerOption { + return func(r *Poller) error { + r.interval = d + return nil + } +} + +type listItem struct { + item Transaction + next *listItem +} + +type transactionList struct { + head *listItem + tail *listItem + size uint +} + +func (p *transactionList) push(item Transaction) { + li := &listItem{ + item: item, + } + if p.head != nil { + p.tail.next = li + } else { + p.head = li + } + p.tail = li + p.size++ +} + +func (p *transactionList) pop() Transaction { + item := p.head + if item == nil { + return nil + } + p.head = item.next + if p.head == nil { + p.tail = nil + } + p.size-- + return item.item +} + +// Enqueuer is the interface provided to actions so they can act on a Poller. +type Enqueuer interface { + Enqueue(item Transaction) error + RenewToken() error +} + +// Action is an operation returned by a transaction. +type Action func(q Enqueuer) error + +// Enqueue adds a new transaction to the queue. +func (r *Poller) Enqueue(item Transaction) error { + r.list.push(item) + return nil +} + +// RenewToken renews the token provider's master token in the case of an +// authorization error. +func (r *Poller) RenewToken() error { + if r.tp == nil { + return errors.New("can't renew token: no token provider set") + } + return r.tp.Renew() +} + +// Terminate action causes the poll loop to finish with the given error. +func Terminate(err error) Action { + return func(Enqueuer) error { + if err == nil { + return errors.New("polling terminated without a specific error") + } + return errors.Wrap(err, "polling terminated due to error") + } +} + +// Fetch action will add an element to the transaction queue. +func Fetch(item Transaction) Action { + return func(q Enqueuer) error { + return q.Enqueue(item) + } +} + +// RenewToken will renew the token provider's master token in the case of an +// authorization error. +func RenewToken() Action { + return func(q Enqueuer) error { + return q.RenewToken() + } +} + +func max(a, b time.Duration) time.Duration { + if a < b { + return b + } + return a +} diff --git a/filebeat/input/o365audit/schema.go b/filebeat/input/o365audit/schema.go new file mode 100644 index 00000000000..77519a8e953 --- /dev/null +++ b/filebeat/input/o365audit/schema.go @@ -0,0 +1,66 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package o365audit + +import ( + "fmt" + "time" + + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common" +) + +type apiError struct { + Error struct { + Code string `json:"code"` + Message string `json:"message"` + } `json:"error"` +} + +func (e apiError) getErrorStrings() (code, msg string) { + const none = "(none)" + code, msg = e.Error.Code, e.Error.Message + if len(code) == 0 { + code = none + } + if len(msg) == 0 { + msg = none + } + return +} + +func (e apiError) String() string { + code, msg := e.getErrorStrings() + return fmt.Sprintf("api error:%s %s", code, msg) +} + +// ToBeatEvent returns a beat.Event representing the API error. +func (e apiError) ToBeatEvent() beat.Event { + code, msg := e.getErrorStrings() + return beat.Event{ + Timestamp: time.Now(), + Fields: common.MapStr{ + "error": common.MapStr{ + "code": code, + "message": msg, + }, + "event": common.MapStr{ + "kind": "pipeline_error", + }, + }, + } +} + +type content struct { + Type string `json:"contentType"` + ID string `json:"contentId"` + URI string `json:"contentUri"` + Created time.Time `json:"contentCreated"` + Expiration time.Time `json:"contentExpiration"` +} + +type subscribeResponse struct { + Status string `json:"status"` +} diff --git a/filebeat/input/o365audit/state.go b/filebeat/input/o365audit/state.go new file mode 100644 index 00000000000..ecdb8fc89ff --- /dev/null +++ b/filebeat/input/o365audit/state.go @@ -0,0 +1,158 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package o365audit + +import ( + "errors" + "fmt" + "sync" + "time" +) + +var errNoUpdate = errors.New("new cursor doesn't preceed the existing cursor") + +// Stream represents an event stream. +type stream struct { + tenantID, contentType string +} + +// A cursor represents a point in time within an event stream +// that can be persisted and used to resume processing from that point. +type cursor struct { + // Identifier for the event stream. + stream + + // createdTime for the last seen blob. + timestamp time.Time + // index of object count (1...n) within a blob. + line int + // startTime used in the last list content query. + // This is necessary to ensure that the same blobs are observed. + startTime time.Time +} + +// Create a new cursor. +func newCursor(s stream, time time.Time) cursor { + return cursor{ + stream: s, + timestamp: time, + } +} + +// TryAdvance advances the cursor to the given content blob +// if it's not in the past. +// Returns whether the given content needs to be processed. +func (c *cursor) TryAdvance(ct content) bool { + if ct.Created.Before(c.timestamp) { + return false + } + if ct.Created.Equal(c.timestamp) { + // Only need to re-process the current content blob if we're + // seeking to a line inside it. + return c.line > 0 + } + c.timestamp = ct.Created + c.line = 0 + return true +} + +// Before allows to compare cursors to see if the new cursor needs to be persisted. +func (c cursor) Before(b cursor) bool { + if c.contentType != b.contentType || c.tenantID != b.tenantID { + panic(fmt.Sprintf("assertion failed: %+v vs %+v", c, b)) + } + + if c.timestamp.Before(b.timestamp) { + return true + } + if c.timestamp.Equal(b.timestamp) { + return c.line < b.line + } + return false +} + +// WithStartTime allows to create a cursor with an updated startTime. +func (c cursor) WithStartTime(s time.Time) cursor { + c.startTime = s + return c +} + +// ForNextLine returns a new cursor for the next line within a blob. +func (c cursor) ForNextLine() cursor { + c.line++ + return c +} + +// String returns the printable representation of a cursor. +func (c cursor) String() string { + return fmt.Sprintf("cursor{tenantID:%s contentType:%s timestamp:%s line:%d start:%s}", + c.tenantID, c.contentType, c.timestamp, c.line, c.startTime) +} + +// ErrStateNotFound is the error returned by a statePersister when a cursor +// is not found for a stream. +var errStateNotFound = errors.New("no saved state found") + +type statePersister interface { + Load(key stream) (cursor, error) + Save(cursor cursor) error +} + +type stateStorage struct { + sync.Mutex + saved map[stream]cursor + persister statePersister +} + +func (s *stateStorage) Load(key stream) (cursor, error) { + s.Lock() + defer s.Unlock() + if st, found := s.saved[key]; found { + return st, nil + } + cur, err := s.persister.Load(key) + if err != nil { + if err != errStateNotFound { + return cur, err + } + cur = newCursor(key, time.Time{}) + } + return cur, s.saveUnsafe(cur) +} + +func (s *stateStorage) Save(c cursor) error { + s.Lock() + defer s.Unlock() + return s.saveUnsafe(c) +} + +func (s *stateStorage) saveUnsafe(c cursor) error { + if prev, found := s.saved[c.stream]; found { + if !prev.Before(c) { + return errNoUpdate + } + } + if s.saved == nil { + s.saved = make(map[stream]cursor) + } + s.saved[c.stream] = c + return s.persister.Save(c) +} + +func newStateStorage(underlying statePersister) *stateStorage { + return &stateStorage{ + persister: underlying, + } +} + +type noopPersister struct{} + +func (p noopPersister) Load(key stream) (cursor, error) { + return cursor{}, errStateNotFound +} + +func (p noopPersister) Save(cursor cursor) error { + return nil +} diff --git a/filebeat/input/o365audit/state_test.go b/filebeat/input/o365audit/state_test.go new file mode 100644 index 00000000000..71b778d16ec --- /dev/null +++ b/filebeat/input/o365audit/state_test.go @@ -0,0 +1,105 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package o365audit + +import ( + "fmt" + "testing" + "time" + + "github.com/stretchr/testify/assert" +) + +func TestNoopState(t *testing.T) { + const ( + ct = "content-type" + tn = "my_tenant" + ) + myStream := stream{tn, ct} + t.Run("new state", func(t *testing.T) { + st := newStateStorage(noopPersister{}) + cur, err := st.Load(myStream) + if !assert.NoError(t, err) { + t.Fatal(err) + } + empty := newCursor(myStream, time.Time{}) + assert.Equal(t, empty, cur) + }) + t.Run("update state", func(t *testing.T) { + st := newStateStorage(noopPersister{}) + cur, err := st.Load(myStream) + if !assert.NoError(t, err) { + t.Fatal(err) + } + advanced := cur.TryAdvance(content{ + Type: tn, + ID: "1234", + URI: "http://localhost.test/my_uri", + Created: time.Now(), + Expiration: time.Now().Add(time.Hour), + }) + assert.True(t, advanced) + err = st.Save(cur) + if !assert.NoError(t, err) { + t.Fatal(err) + } + saved, err := st.Load(myStream) + if !assert.NoError(t, err) { + t.Fatal(err) + } + assert.Equal(t, cur, saved) + }) + t.Run("forbid reversal", func(t *testing.T) { + st := newStateStorage(noopPersister{}) + cur := newCursor(myStream, time.Now()) + next := cur.ForNextLine() + err := st.Save(next) + if !assert.NoError(t, err) { + t.Fatal(err) + } + err = st.Save(cur) + assert.Equal(t, errNoUpdate, err) + }) + t.Run("multiple contexts", func(t *testing.T) { + st := newStateStorage(noopPersister{}) + cursors := []cursor{ + newCursor(myStream, time.Time{}), + newCursor(stream{"tenant2", ct}, time.Time{}), + newCursor(stream{ct, "bananas"}, time.Time{}), + } + for idx, cur := range cursors { + msg := fmt.Sprintf("idx:%d cur:%+v", idx, cur) + err := st.Save(cur) + if !assert.NoError(t, err, msg) { + t.Fatal(err) + } + } + for idx, cur := range cursors { + msg := fmt.Sprintf("idx:%d cur:%+v", idx, cur) + saved, err := st.Load(cur.stream) + if !assert.NoError(t, err, msg) { + t.Fatal(err) + } + assert.Equal(t, cur, saved) + } + for idx, cur := range cursors { + cur = cur.ForNextLine() + cursors[idx] = cur + msg := fmt.Sprintf("idx:%d cur:%+v", idx, cur) + err := st.Save(cur) + if !assert.NoError(t, err, msg) { + t.Fatal(err) + } + } + for idx, cur := range cursors { + msg := fmt.Sprintf("idx:%d cur:%+v", idx, cur) + saved, err := st.Load(cur.stream) + if !assert.NoError(t, err, msg) { + t.Fatal(err) + } + assert.Equal(t, cur, saved) + } + }) +} diff --git a/filebeat/input/o365audit/subscribe.go b/filebeat/input/o365audit/subscribe.go new file mode 100644 index 00000000000..8077ea24622 --- /dev/null +++ b/filebeat/input/o365audit/subscribe.go @@ -0,0 +1,81 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package o365audit + +import ( + "fmt" + "net/http" + "time" + + "github.com/Azure/go-autorest/autorest" + + "github.com/elastic/beats/v7/x-pack/filebeat/input/o365audit/poll" +) + +// Subscribe is a poll.Transaction that subscribes to an event stream. +type subscribe struct { + apiEnvironment +} + +// String returns the printable representation of a subscribe transaction. +func (s subscribe) String() string { + return fmt.Sprintf("subscribe tenant:%s contentType:%s", s.TenantID, s.ContentType) +} + +// RequestDecorators returns the decorators used to perform a request. +func (s subscribe) RequestDecorators() []autorest.PrepareDecorator { + return []autorest.PrepareDecorator{ + autorest.AsPost(), + autorest.WithBaseURL(s.Config.Resource), + autorest.WithPath("api/v1.0"), + autorest.WithPath(s.TenantID), + autorest.WithPath("activity/feed/subscriptions/start"), + autorest.WithQueryParameters( + map[string]interface{}{ + "contentType": s.ContentType, + }), + } +} + +// OnResponse handles the output of a list content request. +func (s subscribe) OnResponse(response *http.Response) []poll.Action { + if response.StatusCode != 200 { + return s.handleError(response) + } + var js subscribeResponse + if err := readJSONBody(response, &js); err != nil { + return []poll.Action{ + poll.Terminate(err), + } + } + if js.Status != "enabled" { + return []poll.Action{ + poll.Terminate(fmt.Errorf("unable to subscribe. Got status: %s", js.Status)), + } + } + return nil +} + +func (s subscribe) handleError(response *http.Response) []poll.Action { + var msg apiError + if err := readJSONBody(response, &msg); err != nil { + return []poll.Action{poll.Terminate(err)} + } + return []poll.Action{ + poll.Terminate(fmt.Errorf("got an error when subscribing: %s body: %+v", response.Status, msg)), + } +} + +// Delay returns the delay before executing a transaction. +func (s subscribe) Delay() time.Duration { + return time.Second * 5 +} + +// Subscribe returns an action to subscribe to a stream. +func Subscribe(env apiEnvironment) subscribe { + return subscribe{ + apiEnvironment: env, + } +} diff --git a/filebeat/input/s3/_meta/fields.yml b/filebeat/input/s3/_meta/fields.yml new file mode 100644 index 00000000000..c937f8282e8 --- /dev/null +++ b/filebeat/input/s3/_meta/fields.yml @@ -0,0 +1,14 @@ +- key: s3 + title: "s3" + description: > + S3 fields from s3 input. + release: beta + fields: + - name: bucket_name + type: keyword + description: > + Name of the S3 bucket that this log retrieved from. + - name: object_key + type: keyword + description: > + Name of the S3 object that this log retrieved from. diff --git a/filebeat/input/s3/_meta/s3-input.asciidoc b/filebeat/input/s3/_meta/s3-input.asciidoc new file mode 100644 index 00000000000..a1982d0388c --- /dev/null +++ b/filebeat/input/s3/_meta/s3-input.asciidoc @@ -0,0 +1,62 @@ +=== S3 and SQS Setup +Enable bucket notification: any new object creation in S3 bucket will also +create a notification through SQS. Please see +https://docs.aws.amazon.com/AmazonS3/latest/dev/ways-to-add-notification-config-to-bucket.html#step1-create-sqs-queue-for-notification[create-sqs-queue-for-notification] +for more details. +1. In SQS, edit policy document to create a new policy. +2. In S3 bucket, enable and configure event notification. +3. In order to make sure the S3-SQS setup is ready, upload a file into the S3 +bucket and check if SQS gets a message showing that a new object is created with +its name. + +[float] +=== Manual Testing +1. Upload fake log files into the S3 bucket that has SQS notification enabled. +2. Check from SQS if there are N messages received. +3. Start filebeat with `./filebeat -e` and check Kibana if there are events reported +with messages from the example logs. Depends on the number of log lines in each +fake log file, check if the number of events match the number of log lines total +from all log files. +4. Check SQS if messages are deleted successfully. +5. Interrupt the s3 input process by killing filebeat during processing new S3 logs, +check if messages in SQS are in flight instead of deleted. + +[float] +=== Run s3_test.go +Instead of manual testing, `s3_test.go` includes some integration tests that can +be used for validating s3 input. In order to run `s3_test.go`, an AWS environment +with S3-SQS setup is needed. Please see `S3 and SQS Setup` for more details on +how to set up the environment. In the test, it does a cleaning first to remove +all old messages from SQS queue. Then upload a sample log file, which stores in +`./ftest/sample1.txt`, into S3 bucket. Test function calls `input.Run()` +function to read the notification message from SQS and find the log file in S3 +target bucket and get the log message. After validating the events, another round +of cleaning will be done for SQS to remove the message. + +Some environment variables are needed for testing: + +|=== +| Environment Variable | Sample Value +| QUEUE_URL | https://sqs.us-west-1.amazonaws.com/1234567/test-s3-notification +| AWS_PROFILE_NAME | test-mb +| S3_BUCKET_NAME | test-s3 +| S3_BUCKET_REGION | us-west-1 +|=== + +[float] +=== Parallel Processing Test +A basic test was done with three Filebeats running in parallel pointing to the same +SQS queue in AWS. There were 1000 messages available in the queue and each message +notifies a new S3 log has been generated. These S3 logs are simple .txt files and +each contains 10 log lines. With three Filebeats, the messages were processed +evenly without duplicating or missing messages. Test result looks like: + +|======= +| Filebeat # | Total # of Events | Total # of log files +| 1 | 3350 | 335 +| 2| 3350 | 335 +| 3| 3300 | 330 +|======= + +Please see more details in https://github.com/elastic/beats/issues/13457 regarding +to the test. diff --git a/filebeat/input/s3/config.go b/filebeat/input/s3/config.go new file mode 100644 index 00000000000..72960ad9ade --- /dev/null +++ b/filebeat/input/s3/config.go @@ -0,0 +1,44 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package s3 + +import ( + "fmt" + "time" + + "github.com/elastic/beats/v7/filebeat/harvester" + awscommon "github.com/elastic/beats/v7/x-pack/libbeat/common/aws" +) + +type config struct { + harvester.ForwarderConfig `config:",inline"` + QueueURL string `config:"queue_url" validate:"nonzero,required"` + VisibilityTimeout time.Duration `config:"visibility_timeout"` + AwsConfig awscommon.ConfigAWS `config:",inline"` + ExpandEventListFromField string `config:"expand_event_list_from_field"` + APITimeout time.Duration `config:"api_timeout"` +} + +func defaultConfig() config { + return config{ + ForwarderConfig: harvester.ForwarderConfig{ + Type: "s3", + }, + VisibilityTimeout: 300 * time.Second, + APITimeout: 120 * time.Second, + } +} + +func (c *config) Validate() error { + if c.VisibilityTimeout < 0 || c.VisibilityTimeout.Hours() > 12 { + return fmt.Errorf("visibility timeout %v is not within the "+ + "required range 0s to 12h", c.VisibilityTimeout) + } + if c.APITimeout < 0 || c.APITimeout > c.VisibilityTimeout/2 { + return fmt.Errorf("api timeout %v needs to be larger than"+ + " 0s and smaller than half of the visibility timeout", c.APITimeout) + } + return nil +} diff --git a/filebeat/input/s3/fields.go b/filebeat/input/s3/fields.go new file mode 100644 index 00000000000..3c373aeaa11 --- /dev/null +++ b/filebeat/input/s3/fields.go @@ -0,0 +1,23 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package s3 + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "s3", asset.ModuleFieldsPri, AssetS3); err != nil { + panic(err) + } +} + +// AssetS3 returns asset data. +// This is the base64 encoded gzipped contents of input/s3. +func AssetS3() string { + return "eJykjjGugzAQRHufYkQPjTsX/wi/+QdABg8fB4ORvSTi9pGBJlKkFNlipZ3dnTc1Ju4GWStAvAQaVFlXCnDMffKr+LgY/CgA+NMYPIPLGFKckTX8sm7SKCAx0GYadBSrcN2Z463GYuey2vqJ0pbh0AHZV5qS4BGTu7Q33FK/dibiABlZcpxekNGW5jNC/EeiJM873ZGveYHH7sZe2on71+zT6gP7GQAA//+k2GkG" +} diff --git a/filebeat/input/s3/ftest/sample1.txt b/filebeat/input/s3/ftest/sample1.txt new file mode 100644 index 00000000000..4e17dcfc874 --- /dev/null +++ b/filebeat/input/s3/ftest/sample1.txt @@ -0,0 +1,2 @@ +logline1 +logline2 diff --git a/filebeat/input/s3/input.go b/filebeat/input/s3/input.go new file mode 100644 index 00000000000..48da3296363 --- /dev/null +++ b/filebeat/input/s3/input.go @@ -0,0 +1,661 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package s3 + +import ( + "bufio" + "compress/gzip" + "context" + "crypto/sha256" + "encoding/hex" + "encoding/json" + "fmt" + "io" + "strings" + "sync" + "time" + + awssdk "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/aws/awserr" + "github.com/aws/aws-sdk-go-v2/service/s3" + "github.com/aws/aws-sdk-go-v2/service/s3/s3iface" + "github.com/aws/aws-sdk-go-v2/service/sqs" + "github.com/aws/aws-sdk-go-v2/service/sqs/sqsiface" + "github.com/pkg/errors" + + "github.com/elastic/beats/v7/filebeat/channel" + "github.com/elastic/beats/v7/filebeat/input" + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/common/cfgwarn" + "github.com/elastic/beats/v7/libbeat/logp" + awscommon "github.com/elastic/beats/v7/x-pack/libbeat/common/aws" +) + +const inputName = "s3" + +var ( + // The maximum number of messages to return. Amazon SQS never returns more messages + // than this value (however, fewer messages might be returned). + maxNumberOfMessage int64 = 10 + + // The duration (in seconds) for which the call waits for a message to arrive + // in the queue before returning. If a message is available, the call returns + // sooner than WaitTimeSeconds. If no messages are available and the wait time + // expires, the call returns successfully with an empty list of messages. + waitTimeSecond int64 = 10 + + errOutletClosed = errors.New("input outlet closed") +) + +func init() { + err := input.Register(inputName, NewInput) + if err != nil { + panic(err) + } +} + +// s3Input is a input for s3 +type s3Input struct { + outlet channel.Outleter // Output of received s3 logs. + config config + awsConfig awssdk.Config + logger *logp.Logger + close chan struct{} + workerOnce sync.Once // Guarantees that the worker goroutine is only started once. + context *channelContext + workerWg sync.WaitGroup // Waits on s3 worker goroutine. + stopOnce sync.Once +} + +type s3Info struct { + name string + key string + region string + arn string +} + +type bucket struct { + Name string `json:"name"` + Arn string `json:"arn"` +} + +type object struct { + Key string `json:"key"` +} + +type s3BucketOjbect struct { + bucket `json:"bucket"` + object `json:"object"` +} + +type sqsMessage struct { + Records []struct { + EventSource string `json:"eventSource"` + AwsRegion string `json:"awsRegion"` + EventName string `json:"eventName"` + S3 s3BucketOjbect `json:"s3"` + } `json:"Records"` +} + +type s3Context struct { + mux sync.Mutex + refs int + err error // first error witnessed or multi error + errC chan error +} + +// channelContext implements context.Context by wrapping a channel +type channelContext struct { + done <-chan struct{} +} + +func (c *channelContext) Deadline() (time.Time, bool) { return time.Time{}, false } +func (c *channelContext) Done() <-chan struct{} { return c.done } +func (c *channelContext) Err() error { + select { + case <-c.done: + return context.Canceled + default: + return nil + } +} +func (c *channelContext) Value(key interface{}) interface{} { return nil } + +// NewInput creates a new s3 input +func NewInput(cfg *common.Config, connector channel.Connector, context input.Context) (input.Input, error) { + cfgwarn.Beta("s3 input type is used") + logger := logp.NewLogger(inputName) + + config := defaultConfig() + if err := cfg.Unpack(&config); err != nil { + return nil, errors.Wrap(err, "failed unpacking config") + } + + out, err := connector.ConnectWith(cfg, beat.ClientConfig{ + Processing: beat.ProcessingConfig{ + DynamicFields: context.DynamicFields, + }, + ACKEvents: func(privates []interface{}) { + for _, private := range privates { + if s3Context, ok := private.(*s3Context); ok { + s3Context.done() + } + } + }, + }) + if err != nil { + return nil, err + } + + awsConfig, err := awscommon.GetAWSCredentials(config.AwsConfig) + if err != nil { + return nil, errors.Wrap(err, "getAWSCredentials failed") + } + + closeChannel := make(chan struct{}) + p := &s3Input{ + outlet: out, + config: config, + awsConfig: awsConfig, + logger: logger, + close: closeChannel, + context: &channelContext{closeChannel}, + } + return p, nil +} + +// Run runs the input +func (p *s3Input) Run() { + p.workerOnce.Do(func() { + visibilityTimeout := int64(p.config.VisibilityTimeout.Seconds()) + p.logger.Infof("visibility timeout is set to %v seconds", visibilityTimeout) + p.logger.Infof("aws api timeout is set to %v", p.config.APITimeout) + + regionName, err := getRegionFromQueueURL(p.config.QueueURL) + if err != nil { + p.logger.Errorf("failed to get region name from queueURL: %v", p.config.QueueURL) + } + + awsConfig := p.awsConfig.Copy() + awsConfig.Region = regionName + + svcSQS := sqs.New(awscommon.EnrichAWSConfigWithEndpoint(p.config.AwsConfig.Endpoint, "sqs", regionName, awsConfig)) + svcS3 := s3.New(awscommon.EnrichAWSConfigWithEndpoint(p.config.AwsConfig.Endpoint, "s3", regionName, awsConfig)) + + p.workerWg.Add(1) + go p.run(svcSQS, svcS3, visibilityTimeout) + p.workerWg.Done() + }) +} + +func (p *s3Input) run(svcSQS sqsiface.ClientAPI, svcS3 s3iface.ClientAPI, visibilityTimeout int64) { + defer p.logger.Infof("s3 input worker for '%v' has stopped.", p.config.QueueURL) + + p.logger.Infof("s3 input worker has started. with queueURL: %v", p.config.QueueURL) + for p.context.Err() == nil { + // receive messages from sqs + output, err := p.receiveMessage(svcSQS, visibilityTimeout) + if err != nil { + if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == awssdk.ErrCodeRequestCanceled { + continue + } + p.logger.Error("SQS ReceiveMessageRequest failed: ", err) + time.Sleep(time.Duration(waitTimeSecond) * time.Second) + continue + } + + if output == nil || len(output.Messages) == 0 { + p.logger.Debug("no message received from SQS:", p.config.QueueURL) + continue + } + + // process messages received from sqs, get logs from s3 and create events + p.processor(p.config.QueueURL, output.Messages, visibilityTimeout, svcS3, svcSQS) + } +} + +// Stop stops the s3 input +func (p *s3Input) Stop() { + p.stopOnce.Do(func() { + defer p.outlet.Close() + close(p.close) + p.logger.Info("Stopping s3 input") + }) +} + +// Wait stops the s3 input. +func (p *s3Input) Wait() { + p.Stop() + p.workerWg.Wait() +} + +func (p *s3Input) processor(queueURL string, messages []sqs.Message, visibilityTimeout int64, svcS3 s3iface.ClientAPI, svcSQS sqsiface.ClientAPI) { + var wg sync.WaitGroup + numMessages := len(messages) + p.logger.Debugf("Processing %v messages", numMessages) + wg.Add(numMessages * 2) + + // process messages received from sqs + for i := range messages { + errC := make(chan error) + go p.processMessage(svcS3, messages[i], &wg, errC) + go p.processorKeepAlive(svcSQS, messages[i], queueURL, visibilityTimeout, &wg, errC) + } + wg.Wait() +} + +func (p *s3Input) processMessage(svcS3 s3iface.ClientAPI, message sqs.Message, wg *sync.WaitGroup, errC chan error) { + defer wg.Done() + + s3Infos, err := handleSQSMessage(message) + if err != nil { + p.logger.Error(errors.Wrap(err, "handleSQSMessage failed")) + return + } + p.logger.Debugf("handleSQSMessage succeed and returned %v sets of S3 log info", len(s3Infos)) + + // read from s3 object and create event for each log line + err = p.handleS3Objects(svcS3, s3Infos, errC) + if err != nil { + err = errors.Wrap(err, "handleS3Objects failed") + p.logger.Error(err) + return + } + p.logger.Debugf("handleS3Objects succeed") +} + +func (p *s3Input) processorKeepAlive(svcSQS sqsiface.ClientAPI, message sqs.Message, queueURL string, visibilityTimeout int64, wg *sync.WaitGroup, errC chan error) { + defer wg.Done() + for { + select { + case <-p.close: + return + case err := <-errC: + if err != nil { + p.logger.Warn("Processing message failed, updating visibility timeout") + err := p.changeVisibilityTimeout(queueURL, visibilityTimeout, svcSQS, message.ReceiptHandle) + if err != nil { + p.logger.Error(errors.Wrap(err, "SQS ChangeMessageVisibilityRequest failed")) + } + p.logger.Infof("Message visibility timeout updated to %v", visibilityTimeout) + } else { + // When ACK done, message will be deleted. Or when message is + // not s3 ObjectCreated event related(handleSQSMessage function + // failed), it will be removed as well. + p.logger.Debug("Deleting message from SQS: ", message.MessageId) + // only delete sqs message when errC is closed with no error + err := p.deleteMessage(queueURL, *message.ReceiptHandle, svcSQS) + if err != nil { + p.logger.Error(errors.Wrap(err, "deleteMessages failed")) + } + } + return + case <-time.After(time.Duration(visibilityTimeout/2) * time.Second): + p.logger.Warn("Half of the set visibilityTimeout passed, visibility timeout needs to be updated") + // If half of the set visibilityTimeout passed and this is + // still ongoing, then change visibility timeout. + err := p.changeVisibilityTimeout(queueURL, visibilityTimeout, svcSQS, message.ReceiptHandle) + if err != nil { + p.logger.Error(errors.Wrap(err, "SQS ChangeMessageVisibilityRequest failed")) + } + p.logger.Infof("Message visibility timeout updated to %v seconds", visibilityTimeout) + } + } +} + +func (p *s3Input) receiveMessage(svcSQS sqsiface.ClientAPI, visibilityTimeout int64) (*sqs.ReceiveMessageResponse, error) { + // receive messages from sqs + req := svcSQS.ReceiveMessageRequest( + &sqs.ReceiveMessageInput{ + QueueUrl: &p.config.QueueURL, + MessageAttributeNames: []string{"All"}, + MaxNumberOfMessages: &maxNumberOfMessage, + VisibilityTimeout: &visibilityTimeout, + WaitTimeSeconds: &waitTimeSecond, + }) + + // The Context will interrupt the request if the timeout expires. + ctx, cancelFn := context.WithTimeout(p.context, p.config.APITimeout) + defer cancelFn() + + return req.Send(ctx) +} + +func (p *s3Input) changeVisibilityTimeout(queueURL string, visibilityTimeout int64, svcSQS sqsiface.ClientAPI, receiptHandle *string) error { + req := svcSQS.ChangeMessageVisibilityRequest(&sqs.ChangeMessageVisibilityInput{ + QueueUrl: &queueURL, + VisibilityTimeout: &visibilityTimeout, + ReceiptHandle: receiptHandle, + }) + + // The Context will interrupt the request if the timeout expires. + ctx, cancelFn := context.WithTimeout(p.context, p.config.APITimeout) + defer cancelFn() + + _, err := req.Send(ctx) + return err +} + +func getRegionFromQueueURL(queueURL string) (string, error) { + // get region from queueURL + // Example: https://sqs.us-east-1.amazonaws.com/627959692251/test-s3-logs + queueURLSplit := strings.Split(queueURL, ".") + if queueURLSplit[0] == "https://sqs" && queueURLSplit[2] == "amazonaws" { + return queueURLSplit[1], nil + } + return "", errors.New("queueURL is not in format: https://sqs.{REGION_ENDPOINT}.amazonaws.com/{ACCOUNT_NUMBER}/{QUEUE_NAME}") +} + +// handle message +func handleSQSMessage(m sqs.Message) ([]s3Info, error) { + msg := sqsMessage{} + err := json.Unmarshal([]byte(*m.Body), &msg) + if err != nil { + return nil, errors.Wrap(err, "json unmarshal sqs message body failed") + } + + var s3Infos []s3Info + for _, record := range msg.Records { + if record.EventSource == "aws:s3" && strings.HasPrefix(record.EventName, "ObjectCreated:") { + s3Infos = append(s3Infos, s3Info{ + region: record.AwsRegion, + name: record.S3.bucket.Name, + key: record.S3.object.Key, + arn: record.S3.bucket.Arn, + }) + } else { + return nil, errors.New("this SQS queue should be dedicated to s3 ObjectCreated event notifications") + } + } + return s3Infos, nil +} + +func (p *s3Input) handleS3Objects(svc s3iface.ClientAPI, s3Infos []s3Info, errC chan error) error { + s3Ctx := &s3Context{ + refs: 1, + errC: errC, + } + defer s3Ctx.done() + + for _, info := range s3Infos { + err := p.createEventsFromS3Info(svc, info, s3Ctx) + if err != nil { + err = errors.Wrapf(err, "createEventsFromS3Info failed for %v", info.key) + p.logger.Error(err) + s3Ctx.setError(err) + } + } + return nil +} + +func (p *s3Input) createEventsFromS3Info(svc s3iface.ClientAPI, info s3Info, s3Ctx *s3Context) error { + objectHash := s3ObjectHash(info) + + // Download the S3 object using GetObjectRequest. + s3GetObjectInput := &s3.GetObjectInput{ + Bucket: awssdk.String(info.name), + Key: awssdk.String(info.key), + } + req := svc.GetObjectRequest(s3GetObjectInput) + + // The Context will interrupt the request if the timeout expires. + ctx, cancelFn := context.WithTimeout(p.context, p.config.APITimeout) + defer cancelFn() + + resp, err := req.Send(ctx) + if err != nil { + if awsErr, ok := err.(awserr.Error); ok { + // If the SDK can determine the request or retry delay was canceled + // by a context the ErrCodeRequestCanceled error will be returned. + if awsErr.Code() == awssdk.ErrCodeRequestCanceled { + err = errors.Wrap(err, "S3 GetObjectRequest canceled") + p.logger.Error(err) + return err + } + + if awsErr.Code() == "NoSuchKey" { + p.logger.Warn("Cannot find s3 file") + return nil + } + } + return errors.Wrap(err, "S3 GetObjectRequest failed") + } + + defer resp.Body.Close() + + reader := bufio.NewReader(resp.Body) + + // Check if expand_event_list_from_field is given with document conent-type = "application/json" + if resp.ContentType != nil && *resp.ContentType == "application/json" && p.config.ExpandEventListFromField == "" { + err := errors.New("expand_event_list_from_field parameter is missing in config for application/json content-type file") + p.logger.Error(err) + return err + } + + // Decode JSON documents when expand_event_list_from_field is given in config + if p.config.ExpandEventListFromField != "" { + decoder := json.NewDecoder(reader) + err := p.decodeJSONWithKey(decoder, objectHash, info, s3Ctx) + if err != nil { + err = errors.Wrap(err, "decodeJSONWithKey failed") + p.logger.Error(err) + return err + } + return nil + } + + // Check content-type = "application/x-gzip" or filename ends with ".gz" + if (resp.ContentType != nil && *resp.ContentType == "application/x-gzip") || strings.HasSuffix(info.key, ".gz") { + gzipReader, err := gzip.NewReader(resp.Body) + if err != nil { + err = errors.Wrap(err, "gzip.NewReader failed") + p.logger.Error(err) + return err + } + reader = bufio.NewReader(gzipReader) + gzipReader.Close() + } + + // handle s3 objects that are not json content-type + offset := 0 + for { + log, err := reader.ReadString('\n') + if log == "" { + break + } + + if err == io.EOF { + // create event for last line + offset += len([]byte(log)) + event := createEvent(log, offset, info, objectHash, s3Ctx) + err = p.forwardEvent(event) + if err != nil { + err = errors.Wrap(err, "forwardEvent failed") + p.logger.Error(err) + return err + } + return nil + } else if err != nil { + err = errors.Wrap(err, "ReadString failed") + p.logger.Error(err) + return err + } + + // create event per log line + offset += len([]byte(log)) + event := createEvent(log, offset, info, objectHash, s3Ctx) + err = p.forwardEvent(event) + if err != nil { + err = errors.Wrap(err, "forwardEvent failed") + p.logger.Error(err) + return err + } + } + return nil +} + +func (p *s3Input) decodeJSONWithKey(decoder *json.Decoder, objectHash string, s3Info s3Info, s3Ctx *s3Context) error { + offset := 0 + for { + var jsonFields map[string][]interface{} + err := decoder.Decode(&jsonFields) + if jsonFields == nil { + return nil + } + + if err == io.EOF { + // create event for last line + // get logs from expand_event_list_from_field + textValues, ok := jsonFields[p.config.ExpandEventListFromField] + if !ok { + err = errors.Wrapf(err, fmt.Sprintf("key '%s' not found", p.config.ExpandEventListFromField)) + p.logger.Error(err) + return err + } + + for _, v := range textValues { + err := p.convertJSONToEvent(v, offset, objectHash, s3Info, s3Ctx) + if err != nil { + err = errors.Wrap(err, "convertJSONToEvent failed") + p.logger.Error(err) + return err + } + } + } else if err != nil { + // decode json failed, skip this log file + p.logger.Warnf(fmt.Sprintf("Decode json failed for '%s', skipping this file", s3Info.key)) + return nil + } + + textValues, ok := jsonFields[p.config.ExpandEventListFromField] + if !ok { + err = errors.Wrapf(err, fmt.Sprintf("Key '%s' not found", p.config.ExpandEventListFromField)) + p.logger.Error(err) + return err + } + + for _, v := range textValues { + err := p.convertJSONToEvent(v, offset, objectHash, s3Info, s3Ctx) + if err != nil { + err = errors.Wrapf(err, fmt.Sprintf("Key '%s' not found", p.config.ExpandEventListFromField)) + p.logger.Error(err) + return err + } + } + } +} + +func (p *s3Input) convertJSONToEvent(jsonFields interface{}, offset int, objectHash string, s3Info s3Info, s3Ctx *s3Context) error { + vJSON, err := json.Marshal(jsonFields) + log := string(vJSON) + offset += len([]byte(log)) + event := createEvent(log, offset, s3Info, objectHash, s3Ctx) + + err = p.forwardEvent(event) + if err != nil { + err = errors.Wrap(err, fmt.Sprintf("forwardEvent failed")) + p.logger.Error(err) + return err + } + return nil +} + +func (p *s3Input) forwardEvent(event beat.Event) error { + ok := p.outlet.OnEvent(event) + if !ok { + return errOutletClosed + } + return nil +} + +func (p *s3Input) deleteMessage(queueURL string, messagesReceiptHandle string, svcSQS sqsiface.ClientAPI) error { + deleteMessageInput := &sqs.DeleteMessageInput{ + QueueUrl: awssdk.String(queueURL), + ReceiptHandle: awssdk.String(messagesReceiptHandle), + } + + req := svcSQS.DeleteMessageRequest(deleteMessageInput) + + // The Context will interrupt the request if the timeout expires. + ctx, cancelFn := context.WithTimeout(p.context, p.config.APITimeout) + defer cancelFn() + + _, err := req.Send(ctx) + if err != nil { + if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == awssdk.ErrCodeRequestCanceled { + return nil + } + return errors.Wrap(err, "SQS DeleteMessageRequest failed") + } + return nil +} + +func createEvent(log string, offset int, info s3Info, objectHash string, s3Ctx *s3Context) beat.Event { + s3Ctx.Inc() + + event := beat.Event{ + Timestamp: time.Now().UTC(), + Fields: common.MapStr{ + "message": log, + "log": common.MapStr{ + "offset": int64(offset), + "file.path": constructObjectURL(info), + }, + "aws": common.MapStr{ + "s3": common.MapStr{ + "bucket": common.MapStr{ + "name": info.name, + "arn": info.arn}, + "object.key": info.key, + }, + }, + "cloud": common.MapStr{ + "provider": "aws", + "region": info.region, + }, + }, + Private: s3Ctx, + } + event.SetID(objectHash + "-" + fmt.Sprintf("%012d", offset)) + + return event +} + +func constructObjectURL(info s3Info) string { + return "https://" + info.name + ".s3-" + info.region + ".amazonaws.com/" + info.key +} + +// s3ObjectHash returns a short sha256 hash of the bucket arn + object key name. +func s3ObjectHash(s3Info s3Info) string { + h := sha256.New() + h.Write([]byte(s3Info.arn + s3Info.key)) + prefix := hex.EncodeToString(h.Sum(nil)) + return prefix[:10] +} + +func (c *s3Context) setError(err error) { + // only care about the last error for now + // TODO: add "Typed" error to error for context + c.mux.Lock() + defer c.mux.Unlock() + c.err = err +} + +func (c *s3Context) done() { + c.mux.Lock() + defer c.mux.Unlock() + c.refs-- + if c.refs == 0 { + c.errC <- c.err + close(c.errC) + } +} + +func (c *s3Context) Inc() { + c.mux.Lock() + defer c.mux.Unlock() + c.refs++ +} diff --git a/filebeat/input/s3/input_test.go b/filebeat/input/s3/input_test.go new file mode 100644 index 00000000000..b4ad597c146 --- /dev/null +++ b/filebeat/input/s3/input_test.go @@ -0,0 +1,305 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package s3 + +import ( + "bufio" + "bytes" + "context" + "fmt" + "io" + "io/ioutil" + "net/http" + "testing" + + awssdk "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/s3" + "github.com/aws/aws-sdk-go-v2/service/s3/s3iface" + "github.com/aws/aws-sdk-go-v2/service/sqs" + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/libbeat/beat" +) + +// MockS3Client struct is used for unit tests. +type MockS3Client struct { + s3iface.ClientAPI +} + +var ( + s3LogString1 = "36c1f test-s3-ks [20/Jun/2019] 1.2.3.4 arn:aws:iam::1234:user/test@elastic.co 5141F REST.HEAD.OBJECT Screen1.png \n" + s3LogString2 = "28kdg test-s3-ks [20/Jun/2019] 1.2.3.4 arn:aws:iam::1234:user/test@elastic.co 5A070 REST.HEAD.OBJECT Screen2.png \n" + mockSvc = &MockS3Client{} + info = s3Info{ + name: "test-s3-ks", + key: "log2019-06-21-16-16-54", + region: "us-west-1", + } +) + +func (m *MockS3Client) GetObjectRequest(input *s3.GetObjectInput) s3.GetObjectRequest { + logBody := ioutil.NopCloser(bytes.NewReader([]byte(s3LogString1 + s3LogString2))) + httpReq, _ := http.NewRequest("", "", nil) + return s3.GetObjectRequest{ + Request: &awssdk.Request{ + Data: &s3.GetObjectOutput{ + Body: logBody, + }, + HTTPRequest: httpReq, + }, + } +} + +func TestGetRegionFromQueueURL(t *testing.T) { + queueURL := "https://sqs.us-east-1.amazonaws.com/627959692251/test-s3-logs" + regionName, err := getRegionFromQueueURL(queueURL) + assert.NoError(t, err) + assert.Equal(t, "us-east-1", regionName) +} + +func TestHandleMessage(t *testing.T) { + casesPositive := []struct { + title string + message sqs.Message + expectedS3Infos []s3Info + }{ + { + "sqs message with event source aws:s3 and event name ObjectCreated:Put", + sqs.Message{ + Body: awssdk.String("{\"Records\":[{\"eventSource\":\"aws:s3\",\"awsRegion\":\"ap-southeast-1\",\"eventTime\":\"2019-06-21T16:16:54.629Z\",\"eventName\":\"ObjectCreated:Put\",\"s3\":{\"configurationId\":\"object-created-event\",\"bucket\":{\"name\":\"test-s3-ks-2\",\"arn\":\"arn:aws:s3:::test-s3-ks-2\"},\"object\":{\"key\":\"server-access-logging2019-06-21-16-16-54-E68E4316CEB285AA\"}}}]}"), + }, + []s3Info{ + { + name: "test-s3-ks-2", + key: "server-access-logging2019-06-21-16-16-54-E68E4316CEB285AA", + }, + }, + }, + { + "sqs message with event source aws:s3 and event name ObjectCreated:CompleteMultipartUpload", + sqs.Message{ + Body: awssdk.String("{\"Records\":[{\"eventSource\":\"aws:s3\",\"awsRegion\":\"ap-southeast-1\",\"eventTime\":\"2019-06-21T16:16:54.629Z\",\"eventName\":\"ObjectCreated:CompleteMultipartUpload\",\"s3\":{\"configurationId\":\"object-created-event\",\"bucket\":{\"name\":\"test-s3-ks-2\",\"arn\":\"arn:aws:s3:::test-s3-ks-2\"},\"object\":{\"key\":\"server-access-logging2019-06-21-16-16-54-E68E4316CEB285AA\"}}}]}"), + }, + []s3Info{ + { + name: "test-s3-ks-2", + key: "server-access-logging2019-06-21-16-16-54-E68E4316CEB285AA", + }, + }, + }, + } + + for _, c := range casesPositive { + t.Run(c.title, func(t *testing.T) { + s3Info, err := handleSQSMessage(c.message) + assert.NoError(t, err) + assert.Equal(t, len(c.expectedS3Infos), len(s3Info)) + if len(s3Info) > 0 { + assert.Equal(t, c.expectedS3Infos[0].key, s3Info[0].key) + assert.Equal(t, c.expectedS3Infos[0].name, s3Info[0].name) + } + }) + } + + casesNegative := []struct { + title string + message sqs.Message + expectedS3Infos []s3Info + }{ + { + "sqs message with event source aws:s3 and event name ObjectRemoved:Delete", + sqs.Message{ + Body: awssdk.String("{\"Records\":[{\"eventSource\":\"aws:s3\",\"awsRegion\":\"ap-southeast-1\",\"eventTime\":\"2019-06-21T16:16:54.629Z\",\"eventName\":\"ObjectRemoved:Delete\",\"s3\":{\"configurationId\":\"object-removed-event\",\"bucket\":{\"name\":\"test-s3-ks-2\",\"arn\":\"arn:aws:s3:::test-s3-ks-2\"},\"object\":{\"key\":\"server-access-logging2019-06-21-16-16-54-E68E4316CEB285AA\"}}}]}"), + }, + []s3Info{}, + }, + { + "sqs message with event source aws:ec2 and event name ObjectCreated:Put", + sqs.Message{ + Body: awssdk.String("{\"Records\":[{\"eventSource\":\"aws:ec2\",\"awsRegion\":\"ap-southeast-1\",\"eventTime\":\"2019-06-21T16:16:54.629Z\",\"eventName\":\"ObjectCreated:Put\",\"s3\":{\"configurationId\":\"object-created-event\",\"bucket\":{\"name\":\"test-s3-ks-2\",\"arn\":\"arn:aws:s3:::test-s3-ks-2\"},\"object\":{\"key\":\"server-access-logging2019-06-21-16-16-54-E68E4316CEB285AA\"}}}]}"), + }, + []s3Info{}, + }, + } + + for _, c := range casesNegative { + t.Run(c.title, func(t *testing.T) { + s3Info, err := handleSQSMessage(c.message) + assert.Error(t, err) + assert.Nil(t, s3Info) + }) + } + +} + +func TestNewS3BucketReader(t *testing.T) { + p := &s3Input{context: &channelContext{}} + s3GetObjectInput := &s3.GetObjectInput{ + Bucket: awssdk.String(info.name), + Key: awssdk.String(info.key), + } + req := mockSvc.GetObjectRequest(s3GetObjectInput) + + // The Context will interrupt the request if the timeout expires. + var cancelFn func() + ctx, cancelFn := context.WithTimeout(p.context, p.config.APITimeout) + defer cancelFn() + + resp, err := req.Send(ctx) + assert.NoError(t, err) + reader := bufio.NewReader(resp.Body) + defer resp.Body.Close() + + for i := 0; i < 3; i++ { + switch i { + case 0: + log, err := reader.ReadString('\n') + assert.NoError(t, err) + assert.Equal(t, s3LogString1, log) + case 1: + log, err := reader.ReadString('\n') + assert.NoError(t, err) + assert.Equal(t, s3LogString2, log) + case 2: + log, err := reader.ReadString('\n') + assert.Error(t, io.EOF, err) + assert.Equal(t, "", log) + } + } +} + +func TestCreateEvent(t *testing.T) { + p := &s3Input{context: &channelContext{}} + errC := make(chan error) + s3Context := &s3Context{ + refs: 1, + errC: errC, + } + + mockSvc := &MockS3Client{} + s3Info := s3Info{ + name: "test-s3-ks", + key: "log2019-06-21-16-16-54", + region: "us-west-1", + arn: "arn:aws:s3:::test-s3-ks", + } + s3ObjectHash := s3ObjectHash(s3Info) + + s3GetObjectInput := &s3.GetObjectInput{ + Bucket: awssdk.String(info.name), + Key: awssdk.String(info.key), + } + req := mockSvc.GetObjectRequest(s3GetObjectInput) + + // The Context will interrupt the request if the timeout expires. + var cancelFn func() + ctx, cancelFn := context.WithTimeout(p.context, p.config.APITimeout) + defer cancelFn() + + resp, err := req.Send(ctx) + assert.NoError(t, err) + reader := bufio.NewReader(resp.Body) + defer resp.Body.Close() + + var events []beat.Event + for { + log, err := reader.ReadString('\n') + if log == "" { + break + } + if err == io.EOF { + event := createEvent(log, len([]byte(log)), s3Info, s3ObjectHash, s3Context) + events = append(events, event) + break + } + + event := createEvent(log, len([]byte(log)), s3Info, s3ObjectHash, s3Context) + events = append(events, event) + } + + assert.Equal(t, 2, len(events)) + + bucketName, err := events[0].Fields.GetValue("aws.s3.bucket.name") + assert.NoError(t, err) + assert.Equal(t, "test-s3-ks", bucketName.(string)) + + objectKey, err := events[0].Fields.GetValue("aws.s3.object.key") + assert.NoError(t, err) + assert.Equal(t, "log2019-06-21-16-16-54", objectKey.(string)) + + cloudProvider, err := events[0].Fields.GetValue("cloud.provider") + assert.NoError(t, err) + assert.Equal(t, "aws", cloudProvider) + + region, err := events[0].Fields.GetValue("cloud.region") + assert.NoError(t, err) + assert.Equal(t, "us-west-1", region) + + message1, err := events[0].Fields.GetValue("message") + assert.NoError(t, err) + assert.Equal(t, s3LogString1, message1.(string)) + + message2, err := events[1].Fields.GetValue("message") + assert.NoError(t, err) + assert.Equal(t, s3LogString2, message2.(string)) + + s3Context.done() +} + +func TestConstructObjectURL(t *testing.T) { + cases := []struct { + title string + s3Info s3Info + expectedObjectURL string + }{ + {"construct with object in s3", + s3Info{ + name: "test-1", + key: "log2019-06-21-16-16-54", + region: "us-west-1", + }, + "https://test-1.s3-us-west-1.amazonaws.com/log2019-06-21-16-16-54", + }, + {"construct with object in a folder of s3", + s3Info{ + name: "test-2", + key: "test-folder-1/test-log-1.txt", + region: "us-east-1", + }, + "https://test-2.s3-us-east-1.amazonaws.com/test-folder-1/test-log-1.txt", + }, + } + for _, c := range cases { + t.Run(c.title, func(t *testing.T) { + objectURL := constructObjectURL(c.s3Info) + assert.Equal(t, c.expectedObjectURL, objectURL) + }) + } +} + +func TestConvertOffsetToString(t *testing.T) { + cases := []struct { + offset int + expectedString string + }{ + { + 123, + "000000000123", + }, + { + 123456, + "000000123456", + }, + { + 123456789123, + "123456789123", + }, + } + for _, c := range cases { + output := fmt.Sprintf("%012d", c.offset) + assert.Equal(t, c.expectedString, output) + } + +} diff --git a/filebeat/input/s3/s3_integration_test.go b/filebeat/input/s3/s3_integration_test.go new file mode 100644 index 00000000000..1d6a400a7f1 --- /dev/null +++ b/filebeat/input/s3/s3_integration_test.go @@ -0,0 +1,394 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// +build integration +// +build aws + +package s3 + +import ( + "context" + "net/http" + "os" + "path/filepath" + "sync" + "testing" + "time" + + "github.com/stretchr/testify/assert" + + "github.com/aws/aws-sdk-go-v2/aws" + awssdk "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/s3" + "github.com/aws/aws-sdk-go-v2/service/s3/s3iface" + "github.com/aws/aws-sdk-go-v2/service/sqs" + "github.com/aws/aws-sdk-go-v2/service/sqs/sqsiface" + + "github.com/elastic/beats/v7/filebeat/channel" + "github.com/elastic/beats/v7/filebeat/input" + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/tests/resources" + awscommon "github.com/elastic/beats/v7/x-pack/libbeat/common/aws" +) + +const ( + fileName = "sample1.txt" + visibilityTimeout = 300 * time.Second +) + +var filePath = filepath.Join("ftest", fileName) + +// GetConfigForTest function gets aws credentials for integration tests. +func getConfigForTest(t *testing.T) config { + t.Helper() + + awsConfig := awscommon.ConfigAWS{} + queueURL := os.Getenv("QUEUE_URL") + profileName := os.Getenv("AWS_PROFILE_NAME") + accessKeyID := os.Getenv("AWS_ACCESS_KEY_ID") + secretAccessKey := os.Getenv("AWS_SECRET_ACCESS_KEY") + sessionToken := os.Getenv("AWS_SESSION_TOKEN") + + config := config{ + VisibilityTimeout: visibilityTimeout, + } + switch { + case queueURL == "": + t.Fatal("$QUEUE_URL is not set in environment") + case profileName == "" && accessKeyID == "": + t.Fatal("$AWS_ACCESS_KEY_ID or $AWS_PROFILE_NAME not set or set to empty") + case profileName != "": + awsConfig.ProfileName = profileName + config.QueueURL = queueURL + config.AwsConfig = awsConfig + return config + case secretAccessKey == "": + t.Fatal("$AWS_SECRET_ACCESS_KEY not set or set to empty") + } + + awsConfig.AccessKeyID = accessKeyID + awsConfig.SecretAccessKey = secretAccessKey + if sessionToken != "" { + awsConfig.SessionToken = sessionToken + } + config.AwsConfig = awsConfig + return config +} + +func uploadSampleLogFile(t *testing.T, bucketName string, svcS3 s3iface.ClientAPI) { + t.Helper() + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + file, err := os.Open(filePath) + if err != nil { + t.Fatalf("Failed to open file %v", filePath) + } + defer file.Close() + + s3PutObjectInput := s3.PutObjectInput{ + Bucket: aws.String(bucketName), + Key: aws.String(filepath.Base(filePath)), + Body: file, + } + req := svcS3.PutObjectRequest(&s3PutObjectInput) + output, err := req.Send(ctx) + if err != nil { + t.Fatalf("failed to put object into s3 bucket: %v", output) + } +} + +func collectOldMessages(t *testing.T, queueURL string, visibilityTimeout int64, svcSQS sqsiface.ClientAPI) []string { + t.Helper() + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + // receive messages from sqs + req := svcSQS.ReceiveMessageRequest( + &sqs.ReceiveMessageInput{ + QueueUrl: &queueURL, + MessageAttributeNames: []string{"All"}, + MaxNumberOfMessages: &maxNumberOfMessage, + VisibilityTimeout: &visibilityTimeout, + WaitTimeSeconds: &waitTimeSecond, + }) + + output, err := req.Send(ctx) + if err != nil { + t.Fatalf("failed to receive message from SQS: %v", output) + } + + var oldMessageHandles []string + for _, message := range output.Messages { + oldMessageHandles = append(oldMessageHandles, *message.ReceiptHandle) + } + + return oldMessageHandles +} + +func (input *s3Input) deleteAllMessages(t *testing.T, awsConfig awssdk.Config, queueURL string, visibilityTimeout int64, svcSQS sqsiface.ClientAPI) error { + var messageReceiptHandles []string + init := true + for init || len(messageReceiptHandles) > 0 { + init = false + messageReceiptHandles = collectOldMessages(t, queueURL, visibilityTimeout, svcSQS) + for _, receiptHandle := range messageReceiptHandles { + err := input.deleteMessage(queueURL, receiptHandle, svcSQS) + if err != nil { + return err + } + } + } + return nil +} + +func defaultTestConfig() *common.Config { + return common.MustNewConfigFrom(map[string]interface{}{ + "queue_url": os.Getenv("QUEUE_URL"), + }) +} + +func runTest(t *testing.T, cfg *common.Config, run func(t *testing.T, input *s3Input, out *stubOutleter)) { + // Simulate input.Context from Filebeat input runner. + inputCtx := newInputContext() + defer close(inputCtx.Done) + + // Stub outlet for receiving events generated by the input. + eventOutlet := newStubOutlet() + defer eventOutlet.Close() + + connector := channel.ConnectorFunc(func(_ *common.Config, _ beat.ClientConfig) (channel.Outleter, error) { + return eventOutlet, nil + }) + + in, err := NewInput(cfg, connector, inputCtx) + if err != nil { + t.Fatal(err) + } + s3Input := in.(*s3Input) + defer s3Input.Stop() + + run(t, s3Input, eventOutlet) +} + +func newInputContext() input.Context { + return input.Context{ + Done: make(chan struct{}), + } +} + +type stubOutleter struct { + sync.Mutex + cond *sync.Cond + done bool + Events []beat.Event +} + +func newStubOutlet() *stubOutleter { + o := &stubOutleter{} + o.cond = sync.NewCond(o) + return o +} + +func (o *stubOutleter) waitForEvents(numEvents int) ([]beat.Event, bool) { + o.Lock() + defer o.Unlock() + + for len(o.Events) < numEvents && !o.done { + o.cond.Wait() + } + + size := numEvents + if size >= len(o.Events) { + size = len(o.Events) + } + + out := make([]beat.Event, size) + copy(out, o.Events) + return out, len(out) == numEvents +} + +func (o *stubOutleter) Close() error { + o.Lock() + defer o.Unlock() + o.done = true + return nil +} + +func (o *stubOutleter) Done() <-chan struct{} { return nil } + +func (o *stubOutleter) OnEvent(event beat.Event) bool { + o.Lock() + defer o.Unlock() + o.Events = append(o.Events, event) + o.cond.Broadcast() + return !o.done +} + +func TestS3Input(t *testing.T) { + inputConfig := defaultTestConfig() + config := getConfigForTest(t) + + runTest(t, inputConfig, func(t *testing.T, input *s3Input, out *stubOutleter) { + awsConfig, err := awscommon.GetAWSCredentials(config.AwsConfig) + if err != nil { + + } + s3BucketRegion := os.Getenv("S3_BUCKET_REGION") + if s3BucketRegion == "" { + t.Log("S3_BUCKET_REGION is not set, default to us-west-1") + s3BucketRegion = "us-west-1" + } + awsConfig.Region = s3BucketRegion + input.awsConfig = awsConfig.Copy() + svcSQS := sqs.New(awsConfig) + + // remove old messages from SQS + err = input.deleteAllMessages(t, awsConfig, config.QueueURL, int64(config.VisibilityTimeout.Seconds()), svcSQS) + if err != nil { + t.Fatalf("failed to delete message: %v", err.Error()) + } + + // upload a sample log file for testing + s3BucketNameEnv := os.Getenv("S3_BUCKET_NAME") + if s3BucketNameEnv == "" { + t.Fatal("failed to get S3_BUCKET_NAME") + } + + svcS3 := s3.New(awsConfig) + uploadSampleLogFile(t, s3BucketNameEnv, svcS3) + time.Sleep(30 * time.Second) + + wg := sync.WaitGroup{} + wg.Add(1) + go func() { + defer wg.Done() + input.run(svcSQS, svcS3, 300) + }() + + events, ok := out.waitForEvents(2) + if !ok { + t.Fatalf("Expected 2 events, but got %d.", len(events)) + } + input.Stop() + + // check events + for i, event := range events { + bucketName, err := event.GetValue("aws.s3.bucket.name") + assert.NoError(t, err) + assert.Equal(t, s3BucketNameEnv, bucketName) + + objectKey, err := event.GetValue("aws.s3.object.key") + assert.NoError(t, err) + assert.Equal(t, fileName, objectKey) + + message, err := event.GetValue("message") + assert.NoError(t, err) + switch i { + case 0: + assert.Equal(t, "logline1\n", message) + case 1: + assert.Equal(t, "logline2\n", message) + } + } + + // delete messages from the queue + err = input.deleteAllMessages(t, awsConfig, config.QueueURL, int64(config.VisibilityTimeout.Seconds()), svcSQS) + if err != nil { + t.Fatalf("failed to delete message: %v", err.Error()) + } + }) +} + +// MockSQSClient struct is used for unit tests. +type MockSQSClient struct { + sqsiface.ClientAPI +} + +var ( + sqsMessageTest = "{\"Records\":[{\"eventSource\":\"aws:s3\",\"awsRegion\":\"ap-southeast-1\"," + + "\"eventTime\":\"2019-06-21T16:16:54.629Z\",\"eventName\":\"ObjectCreated:Put\"," + + "\"s3\":{\"configurationId\":\"object-created-event\",\"bucket\":{\"name\":\"test-s3-ks-2\"," + + "\"arn\":\"arn:aws:s3:::test-s3-ks-2\"},\"object\":{\"key\":\"server-access-logging2019-06-21-16-16-54\"}}}]}" +) + +func (m *MockSQSClient) ReceiveMessageRequest(input *sqs.ReceiveMessageInput) sqs.ReceiveMessageRequest { + httpReq, _ := http.NewRequest("", "", nil) + return sqs.ReceiveMessageRequest{ + Request: &awssdk.Request{ + Data: &sqs.ReceiveMessageOutput{ + Messages: []sqs.Message{ + {Body: awssdk.String(sqsMessageTest)}, + }, + }, + HTTPRequest: httpReq, + }, + } +} + +func (m *MockSQSClient) DeleteMessageRequest(input *sqs.DeleteMessageInput) sqs.DeleteMessageRequest { + httpReq, _ := http.NewRequest("", "", nil) + return sqs.DeleteMessageRequest{ + Request: &awssdk.Request{ + Data: &sqs.DeleteMessageOutput{}, + HTTPRequest: httpReq, + }, + } +} + +func (m *MockSQSClient) ChangeMessageVisibilityRequest(input *sqs.ChangeMessageVisibilityInput) sqs.ChangeMessageVisibilityRequest { + httpReq, _ := http.NewRequest("", "", nil) + return sqs.ChangeMessageVisibilityRequest{ + Request: &awssdk.Request{ + Data: &sqs.ChangeMessageVisibilityOutput{}, + HTTPRequest: httpReq, + }, + } +} + +func TestMockS3Input(t *testing.T) { + defer resources.NewGoroutinesChecker().Check(t) + cfg := common.MustNewConfigFrom(map[string]interface{}{ + "queue_url": "https://sqs.ap-southeast-1.amazonaws.com/123456/test", + }) + + runTest(t, cfg, func(t *testing.T, input *s3Input, out *stubOutleter) { + svcS3 := &MockS3Client{} + svcSQS := &MockSQSClient{} + + wg := sync.WaitGroup{} + wg.Add(1) + go func() { + defer wg.Done() + input.run(svcSQS, svcS3, 300) + }() + + events, ok := out.waitForEvents(2) + if !ok { + t.Fatalf("Expected 2 events, but got %d.", len(events)) + } + input.Wait() + + // check events + for i, event := range events { + bucketName, err := event.GetValue("aws.s3.bucket.name") + assert.NoError(t, err) + assert.Equal(t, "test-s3-ks-2", bucketName) + + objectKey, err := event.GetValue("aws.s3.object.key") + assert.NoError(t, err) + assert.Equal(t, "server-access-logging2019-06-21-16-16-54", objectKey) + + message, err := event.GetValue("message") + assert.NoError(t, err) + switch i { + case 0: + assert.Equal(t, s3LogString1, message) + case 1: + assert.Equal(t, s3LogString2, message) + } + } + }) +} diff --git a/filebeat/module/activemq/_meta/config.yml b/filebeat/module/activemq/_meta/config.yml new file mode 100644 index 00000000000..593c6c1632d --- /dev/null +++ b/filebeat/module/activemq/_meta/config.yml @@ -0,0 +1,16 @@ +- module: activemq + # Audit logs + audit: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: + + # Application logs + log: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: diff --git a/filebeat/module/activemq/_meta/docs.asciidoc b/filebeat/module/activemq/_meta/docs.asciidoc new file mode 100644 index 00000000000..f632747c8a4 --- /dev/null +++ b/filebeat/module/activemq/_meta/docs.asciidoc @@ -0,0 +1,73 @@ +[role="xpack"] + +:modulename: activemq +:has-dashboards: true + +== ActiveMQ module + +This module parses Apache ActiveMQ logs. It supports application and audit logs. + +include::../include/what-happens.asciidoc[] + +include::../include/gs-link.asciidoc[] + +[float] +=== Compatibility + +The module has been tested with ActiveMQ 5.13.0 and 5.15.9. Other versions are expected to work. + +include::../include/configuring-intro.asciidoc[] + +:fileset_ex: log + +include::../include/config-option-intro.asciidoc[] + +The following example shows how to set paths in the +modules.d/{modulename}.yml+ +file to override the default paths for ActiveMQ logs: + +["source","yaml",subs="attributes"] +----- +- module: activemq + audit: + enabled: true + var.paths: ["/path/to/log/activemq/data/audit.log*"] + log: + enabled: true + var.paths: ["/path/to/log/activemq/data/activemq.log*"] +----- + +To specify the same settings at the command line, you use: + +["source","sh",subs="attributes"] +----- +-M "activemq.audit.var.paths=[/path/to/log/activemq/data/audit.log*]" +-M "activemq.log.var.paths=[/path/to/log/activemq/data/activemq.log*]" +----- + +[float] +==== `audit` log fileset settings + +include::../include/var-paths.asciidoc[] + +[float] +==== `log` log fileset settings + +include::../include/var-paths.asciidoc[] + +include::../include/timezone-support.asciidoc[] + +[float] +=== Dashboards + +The ActiveMQ module comes with several predefined dashboards for application and audit logs. For example: + +image::./images/filebeat-activemq-application-events.png[] + +image::./images/filebeat-activemq-audit-events.png[] + + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/activemq/_meta/fields.yml b/filebeat/module/activemq/_meta/fields.yml new file mode 100644 index 00000000000..1dde6cdd257 --- /dev/null +++ b/filebeat/module/activemq/_meta/fields.yml @@ -0,0 +1,22 @@ +- key: activemq + title: "activemq" + release: ga + description: > + Module for parsing ActiveMQ log files. + fields: + - name: activemq + type: group + description: > + fields: + - name: caller + type: keyword + description: > + Name of the caller issuing the logging request (class or resource). + - name: thread + type: keyword + description: > + Thread that generated the logging event. + - name: user + type: keyword + description: > + User that generated the logging event. diff --git a/filebeat/module/activemq/_meta/kibana/7/dashboard/Filebeat-activemq-application-events.json b/filebeat/module/activemq/_meta/kibana/7/dashboard/Filebeat-activemq-application-events.json new file mode 100644 index 00000000000..737e390eff2 --- /dev/null +++ b/filebeat/module/activemq/_meta/kibana/7/dashboard/Filebeat-activemq-application-events.json @@ -0,0 +1,548 @@ +{ + "objects": [ + { + "attributes": { + "description": "This dashboard shows application logs collected by the ActiveMQ filebeat module.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "f0cad176-b0ef-4623-bd59-a9ce65db8b73", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "f0cad176-b0ef-4623-bd59-a9ce65db8b73", + "panelRefName": "panel_0", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "7e3a3b6b-5fd9-491d-ad73-423bca90206f", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "7e3a3b6b-5fd9-491d-ad73-423bca90206f", + "panelRefName": "panel_1", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 22, + "i": "a3093cd3-7edf-4e25-949e-631f3e5e8dec", + "w": 48, + "x": 0, + "y": 15 + }, + "panelIndex": "a3093cd3-7edf-4e25-949e-631f3e5e8dec", + "panelRefName": "panel_2", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Filebeat ActiveMQ] Application Events", + "version": 1 + }, + "id": "26434790-1464-11ea-8fd8-030a13064883", + "migrationVersion": { + "dashboard": "7.3.0" + }, + "references": [ + { + "id": "a0f15d50-1460-11ea-8fd8-030a13064883", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "026da780-1463-11ea-8fd8-030a13064883", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "d784ec10-1460-11ea-8fd8-030a13064883", + "name": "panel_2", + "type": "search" + } + ], + "type": "dashboard", + "updated_at": "2019-12-02T14:59:23.454Z", + "version": "WzI0NCw2XQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "activemq.log" + }, + "type": "phrase", + "value": "activemq.log" + }, + "query": { + "match": { + "event.dataset": { + "query": "activemq.log", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Application Event Results [Filebeat ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-2d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "series": [ + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "splitColumn": [ + { + "accessor": 1, + "aggType": "filters", + "format": {}, + "params": {} + } + ], + "x": { + "accessor": 0, + "aggType": "date_histogram", + "format": { + "id": "date", + "params": { + "pattern": "YYYY-MM-DD HH:mm" + } + }, + "params": { + "bounds": { + "max": "2019-12-01T17:52:01.645Z", + "min": "2019-11-29T17:52:01.645Z" + }, + "date": true, + "format": "YYYY-MM-DD HH:mm", + "interval": "PT1H" + } + }, + "y": [ + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "radiusRatio": 50, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#34130C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Application Event Results [Filebeat ActiveMQ]", + "type": "histogram" + } + }, + "id": "a0f15d50-1460-11ea-8fd8-030a13064883", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-12-02T14:56:05.639Z", + "version": "WzI0Miw2XQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "log.level", + "negate": false, + "params": { + "query": "ERROR" + }, + "type": "phrase", + "value": "ERROR" + }, + "query": { + "match": { + "log.level": { + "query": "ERROR", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "activemq.log" + }, + "type": "phrase", + "value": "activemq.log" + }, + "query": { + "match": { + "event.dataset": { + "query": "activemq.log", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top ERROR callers [Filebeat ActiveMQ]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "activemq.caller", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top ERROR callers [Filebeat ActiveMQ]", + "type": "table" + } + }, + "id": "026da780-1463-11ea-8fd8-030a13064883", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-12-02T14:56:49.832Z", + "version": "WzI0Myw2XQ==" + }, + { + "attributes": { + "columns": [ + "log.level", + "message", + "activemq.thread" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset :\"activemq.log\" " + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Application Events [Filebeat ActiveMQ]", + "version": 1 + }, + "id": "d784ec10-1460-11ea-8fd8-030a13064883", + "migrationVersion": { + "search": "7.4.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2019-12-01T17:34:35.344Z", + "version": "WzIxOSw0XQ==" + } + ], + "version": "7.4.0" +} diff --git a/filebeat/module/activemq/_meta/kibana/7/dashboard/Filebeat-activemq-audit-events.json b/filebeat/module/activemq/_meta/kibana/7/dashboard/Filebeat-activemq-audit-events.json new file mode 100644 index 00000000000..19427198940 --- /dev/null +++ b/filebeat/module/activemq/_meta/kibana/7/dashboard/Filebeat-activemq-audit-events.json @@ -0,0 +1,507 @@ +{ + "objects": [ + { + "attributes": { + "description": "This dashboard shows audit logs collected by the ActiveMQ filebeat module.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "11105044-eb78-45ab-9206-571e86f5f10d", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "11105044-eb78-45ab-9206-571e86f5f10d", + "panelRefName": "panel_0", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "8f349d14-40d9-4a10-b7d5-0f57c2a69f69", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "8f349d14-40d9-4a10-b7d5-0f57c2a69f69", + "panelRefName": "panel_1", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 23, + "i": "f2a1e6f8-cd1a-4fbd-a0b1-da4ee9db7c54", + "w": 48, + "x": 0, + "y": 15 + }, + "panelIndex": "f2a1e6f8-cd1a-4fbd-a0b1-da4ee9db7c54", + "panelRefName": "panel_2", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Filebeat ActiveMQ] Audit Events", + "version": 1 + }, + "id": "ffe86390-145f-11ea-8fd8-030a13064883", + "migrationVersion": { + "dashboard": "7.3.0" + }, + "references": [ + { + "id": "38011a70-145a-11ea-8fd8-030a13064883", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "38874920-1454-11ea-8fd8-030a13064883", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "896ef3a0-145f-11ea-8fd8-030a13064883", + "name": "panel_2", + "type": "search" + } + ], + "type": "dashboard", + "updated_at": "2019-12-02T14:53:25.775Z", + "version": "WzI0MCw2XQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "activemq.audit" + }, + "type": "phrase", + "value": "activemq.audit" + }, + "query": { + "match": { + "event.dataset": { + "query": "activemq.audit", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Audit Event Results [Filebeat ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-1d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "event.dataset : \"activemq.audit\"" + }, + "label": "" + } + ], + "row": false + }, + "schema": "split", + "type": "filters" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "series": [ + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "x": { + "accessor": 0, + "aggType": "date_histogram", + "format": { + "id": "date", + "params": { + "pattern": "HH:mm" + } + }, + "params": { + "bounds": { + "max": "2019-12-01T16:41:18.507Z", + "min": "2019-11-30T16:41:18.507Z" + }, + "date": true, + "format": "HH:mm", + "interval": "PT30M" + } + }, + "y": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "radiusRatio": 50, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#34130C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Audit Event Results [Filebeat ActiveMQ]", + "type": "histogram" + } + }, + "id": "38011a70-145a-11ea-8fd8-030a13064883", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-12-01T17:53:57.087Z", + "version": "WzIyMiw0XQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "activemq.audit" + }, + "type": "phrase", + "value": "activemq.audit" + }, + "query": { + "match": { + "event.dataset": { + "query": "activemq.audit", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Audit Account Tag Cloud [Filebeat ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "activemq.user", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "bucket": { + "accessor": 0, + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "type": "vis_dimension" + }, + "maxFontSize": 72, + "metric": { + "accessor": 1, + "format": { + "id": "string", + "params": {} + }, + "type": "vis_dimension" + }, + "minFontSize": 18, + "orientation": "single", + "scale": "linear", + "showLabel": true + }, + "title": "Audit Account Tag Cloud [Filebeat ActiveMQ]", + "type": "tagcloud" + } + }, + "id": "38874920-1454-11ea-8fd8-030a13064883", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-12-02T14:50:22.535Z", + "version": "WzIzOSw2XQ==" + }, + { + "attributes": { + "columns": [ + "log.level", + "activemq.user", + "message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset :\"activemq.audit\"" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Audit Events [Filebeat ActiveMQ]", + "version": 1 + }, + "id": "896ef3a0-145f-11ea-8fd8-030a13064883", + "migrationVersion": { + "search": "7.4.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2019-12-02T14:46:31.288Z", + "version": "WzIzNiw2XQ==" + } + ], + "version": "7.4.0" +} diff --git a/filebeat/module/activemq/audit/_meta/fields.yml b/filebeat/module/activemq/audit/_meta/fields.yml new file mode 100644 index 00000000000..7fd64a15752 --- /dev/null +++ b/filebeat/module/activemq/audit/_meta/fields.yml @@ -0,0 +1,5 @@ +- name: audit + type: group + description: > + Fields from ActiveMQ audit logs. + fields: diff --git a/filebeat/module/activemq/audit/config/audit.yml b/filebeat/module/activemq/audit/config/audit.yml new file mode 100644 index 00000000000..0afd17317d4 --- /dev/null +++ b/filebeat/module/activemq/audit/config/audit.yml @@ -0,0 +1,6 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] diff --git a/filebeat/module/activemq/audit/ingest/pipeline.yml b/filebeat/module/activemq/audit/ingest/pipeline.yml new file mode 100644 index 00000000000..5540cdf6d76 --- /dev/null +++ b/filebeat/module/activemq/audit/ingest/pipeline.yml @@ -0,0 +1,32 @@ +--- +description: Pipeline for parsing ActiveMQ audit logs. +processors: + - grok: + field: message + pattern_definitions: + NOPIPEGREEDYDATA: "((?! \\|).)*" + THREAD_NAME: "((?! \n).)*" + patterns: + - "%{LOGLEVEL:log.level}%{SPACE}\\|%{SPACE}%{WORD:activemq.user}%{SPACE}%{NOPIPEGREEDYDATA:message}%{SPACE}\\|%{SPACE}%{THREAD_NAME:activemq.thread}" + ignore_missing: true + - set: + field: event.kind + value: event + - set: + if: "ctx?.activemq?.user != null" + field: user.name + value: "{{activemq.user}}" + - script: + if: "ctx?.log?.level != null" + lang: painless + source: >- + def err_levels = ["FATAL", "ERROR", "WARN"]; + if (err_levels.contains(ctx.log.level)) { + ctx.event.type = "error"; + } else { + ctx.event.type = "info"; + } +on_failure: + - set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/filebeat/module/activemq/audit/manifest.yml b/filebeat/module/activemq/audit/manifest.yml new file mode 100644 index 00000000000..bf124c6d70b --- /dev/null +++ b/filebeat/module/activemq/audit/manifest.yml @@ -0,0 +1,13 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /opt/apache-activemq-*/data/audit.log* + os.darwin: + - /usr/local/apache-activemq-*/data/audit.log* + os.windows: + - c:/apache-activemq-*/data/audit.log* + +ingest_pipeline: ingest/pipeline.yml +input: config/audit.yml diff --git a/filebeat/module/activemq/audit/test/audit.log b/filebeat/module/activemq/audit/test/audit.log new file mode 100644 index 00000000000..d1037c58eba --- /dev/null +++ b/filebeat/module/activemq/audit/test/audit.log @@ -0,0 +1,4 @@ +INFO | anonymous called org.apache.activemq.broker.jmx.QueueView.retryMessages[] at 27-11-2019 08:45:57,213 | qtp443290224-47 +INFO | admin called org.apache.activemq.broker.jmx.QueueView.retryMessages[] at 27-11-2019 08:45:57,229 | qtp443290224-45 +WARN | admin requested /admin/createDestination.action [JMSDestination='test' JMSDestinationType='queue' secret='4eb0bc3e-9d7a-4256-844c-24f40fda98f1' ] from 127.0.0.1 | qtp12205619-39 +INFO | guest requested /admin/purgeDestination.action [JMSDestination='test' JMSDestinationType='queue' secret='eff6a932-1b58-45da-a64a-1b30b246cfc9' ] from 127.0.0.1 | qtp12205619-36 diff --git a/filebeat/module/activemq/audit/test/audit.log-expected.json b/filebeat/module/activemq/audit/test/audit.log-expected.json new file mode 100644 index 00000000000..918c5a40eee --- /dev/null +++ b/filebeat/module/activemq/audit/test/audit.log-expected.json @@ -0,0 +1,62 @@ +[ + { + "activemq.thread": "qtp443290224-47", + "activemq.user": "anonymous", + "event.dataset": "activemq.audit", + "event.kind": "event", + "event.module": "activemq", + "event.type": "info", + "fileset.name": "audit", + "input.type": "log", + "log.level": "INFO", + "log.offset": 0, + "message": "called org.apache.activemq.broker.jmx.QueueView.retryMessages[] at 27-11-2019 08:45:57,213", + "service.type": "activemq", + "user.name": "anonymous" + }, + { + "activemq.thread": "qtp443290224-45", + "activemq.user": "admin", + "event.dataset": "activemq.audit", + "event.kind": "event", + "event.module": "activemq", + "event.type": "info", + "fileset.name": "audit", + "input.type": "log", + "log.level": "INFO", + "log.offset": 127, + "message": "called org.apache.activemq.broker.jmx.QueueView.retryMessages[] at 27-11-2019 08:45:57,229", + "service.type": "activemq", + "user.name": "admin" + }, + { + "activemq.thread": "qtp12205619-39", + "activemq.user": "admin", + "event.dataset": "activemq.audit", + "event.kind": "event", + "event.module": "activemq", + "event.type": "error", + "fileset.name": "audit", + "input.type": "log", + "log.level": "WARN", + "log.offset": 250, + "message": "requested /admin/createDestination.action [JMSDestination='test' JMSDestinationType='queue' secret='4eb0bc3e-9d7a-4256-844c-24f40fda98f1' ] from 127.0.0.1", + "service.type": "activemq", + "user.name": "admin" + }, + { + "activemq.thread": "qtp12205619-36", + "activemq.user": "guest", + "event.dataset": "activemq.audit", + "event.kind": "event", + "event.module": "activemq", + "event.type": "info", + "fileset.name": "audit", + "input.type": "log", + "log.level": "INFO", + "log.offset": 436, + "message": "requested /admin/purgeDestination.action [JMSDestination='test' JMSDestinationType='queue' secret='eff6a932-1b58-45da-a64a-1b30b246cfc9' ] from 127.0.0.1", + "service.type": "activemq", + "user.name": "guest" + } +] \ No newline at end of file diff --git a/filebeat/module/activemq/fields.go b/filebeat/module/activemq/fields.go new file mode 100644 index 00000000000..cc9d80301c3 --- /dev/null +++ b/filebeat/module/activemq/fields.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package activemq + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "activemq", asset.ModuleFieldsPri, AssetActivemq); err != nil { + panic(err) + } +} + +// AssetActivemq returns asset data. +// This is the base64 encoded gzipped contents of module/activemq. +func AssetActivemq() string { + return "eJysksFO80AMhO95ilFP/39oHyAHJC7cioQEZ2RtnO2qm2xqe4v69mhDCwktqkTxKZrY801iL7HlQw1yFvbc7SrAgkWusThJiwoQjkzKNTxVQMPqJAwWUl/jrgKAdWpyZLRJMJBo6D3ux/n1E2LyaENkXVVAGzg2Wo9DS/TU8Qxeyg5DIUnKw1G5AJw7Td0cxcjyKZ/8tnx4S9JM9IuuH/VIHSO1sA0f/RBUc/msIsXkfXkW3mVWwz8XSRVJIKwpi+P/q7NcthGm5rZcz6MHbEMGzz0LGTezSLzn3s7hWW/9JS/K8gsw5SbYGXm63Cvch3HNaCV1Xyc1uha0ribNP11ETP7vEwxDDI5K/9Uc0yxq5LavJuR49v77Tt4DAAD//6D2AuY=" +} diff --git a/filebeat/module/activemq/log/_meta/fields.yml b/filebeat/module/activemq/log/_meta/fields.yml new file mode 100644 index 00000000000..72c210e8412 --- /dev/null +++ b/filebeat/module/activemq/log/_meta/fields.yml @@ -0,0 +1,7 @@ +- name: log + type: group + description: > + Fields from ActiveMQ application logs. + fields: + - name: stack_trace + type: keyword diff --git a/filebeat/module/activemq/log/config/log.yml b/filebeat/module/activemq/log/config/log.yml new file mode 100644 index 00000000000..3171a513a0e --- /dev/null +++ b/filebeat/module/activemq/log/config/log.yml @@ -0,0 +1,12 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +multiline: + pattern: '^\d{4}-\d{2}-\d{2} ' + negate: true + match: after +processors: + - add_locale: ~ diff --git a/filebeat/module/activemq/log/ingest/pipeline.yml b/filebeat/module/activemq/log/ingest/pipeline.yml new file mode 100644 index 00000000000..c33d77295e5 --- /dev/null +++ b/filebeat/module/activemq/log/ingest/pipeline.yml @@ -0,0 +1,43 @@ +--- +description: Pipeline for parsing ActiveMQ logs. +processors: + - grok: + field: message + pattern_definitions: + GREEDYMULTILINE: "(.|\\n|\\t)*" + NOPIPEGREEDYDATA: "((?! \\|).)*" + THREAD_NAME: "((?! \n).)*" + patterns: + - "%{TIMESTAMP_ISO8601:timestamp}%{SPACE}\\|%{SPACE}%{LOGLEVEL:log.level}%{SPACE}\\|%{SPACE}%{NOPIPEGREEDYDATA:message}%{SPACE}\\|%{SPACE}%{NOPIPEGREEDYDATA:activemq.caller}%{SPACE}\\|%{SPACE}%{THREAD_NAME:activemq.thread}%{SPACE}%{GREEDYMULTILINE:activemq.log.stack_trace}" + ignore_missing: true + - date: + if: "ctx.event.timezone == null" + field: timestamp + target_field: "@timestamp" + formats: ["yyyy-MM-dd HH:mm:ss,SSS"] + - date: + if: "ctx.event.timezone != null" + field: "timestamp" + target_field: "@timestamp" + timezone: "{{ event.timezone }}" + formats: ["yyyy-MM-dd HH:mm:ss,SSS"] + - remove: + field: + - timestamp + - set: + field: event.kind + value: event + - script: + if: "ctx?.log?.level != null" + lang: painless + source: >- + def err_levels = ["FATAL", "ERROR", "WARN"]; + if (err_levels.contains(ctx.log.level)) { + ctx.event.type = "error"; + } else { + ctx.event.type = "info"; + } +on_failure: + - set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/filebeat/module/activemq/log/manifest.yml b/filebeat/module/activemq/log/manifest.yml new file mode 100644 index 00000000000..76d59425865 --- /dev/null +++ b/filebeat/module/activemq/log/manifest.yml @@ -0,0 +1,13 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /opt/apache-activemq-*/data/activemq.log* + os.darwin: + - /usr/local/apache-activemq-*/data/activemq.log* + os.windows: + - c:/apache-activemq-*/data/activemq.log* + +ingest_pipeline: ingest/pipeline.yml +input: config/log.yml diff --git a/filebeat/module/activemq/log/test/activemq.log b/filebeat/module/activemq/log/test/activemq.log new file mode 100644 index 00000000000..53f299e8b7a --- /dev/null +++ b/filebeat/module/activemq/log/test/activemq.log @@ -0,0 +1,30 @@ +2019-11-27 15:09:34,491 | INFO | KahaDB is version 6 | org.apache.activemq.store.kahadb.MessageDatabase | main +2019-11-27 15:09:34,531 | INFO | PListStore:[/opt/activemq/data/localhost/tmp_storage] started | org.apache.activemq.store.kahadb.plist.PListStoreImpl | main +2019-11-27 15:09:34,538 | INFO | Page File: /opt/activemq/data/kahadb/db.data. Recovered pageFile free list of size: 0 | org.apache.activemq.store.kahadb.disk.page.PageFile | KahaDB Index Free Page Recovery +2019-11-27 15:09:34,690 | INFO | Apache ActiveMQ 5.15.9 (localhost, ID:5338986a6080-37033-1574867374550-0:1) is starting | org.apache.activemq.broker.BrokerService | main +2019-11-27 15:09:34,712 | ERROR | Failed to start Apache ActiveMQ (localhost, ID:5338986a6080-37033-1574867374550-0:1) | org.apache.activemq.broker.BrokerService | main + at org.apache.activemq.util.IOExceptionSupport.create(IOExceptionSupport.java:28)[activemq-client-5.15.9.jar:5.15.9] + at org.apache.activemq.broker.BrokerService.registerConnectorMBean(BrokerService.java:2264)[activemq-broker-5.15.9.jar:5.15.9] + at org.apache.activemq.broker.BrokerService.startTransportConnector(BrokerService.java:2744)[activemq-broker-5.15.9.jar:5.15.9] + at org.apache.activemq.broker.BrokerService.startAllConnectors(BrokerService.java:2640)[activemq-broker-5.15.9.jar:5.15.9] + at org.apache.activemq.broker.BrokerService.doStartBroker(BrokerService.java:771)[activemq-broker-5.15.9.jar:5.15.9] + at org.apache.activemq.broker.BrokerService.startBroker(BrokerService.java:733)[activemq-broker-5.15.9.jar:5.15.9] + at org.apache.activemq.broker.BrokerService.start(BrokerService.java:636)[activemq-broker-5.15.9.jar:5.15.9] + at org.apache.activemq.xbean.XBeanBrokerService.afterPropertiesSet(XBeanBrokerService.java:73)[activemq-spring-5.15.9.jar:5.15.9] + at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.8.0_212] + at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)[:1.8.0_212] + at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[:1.8.0_212] + at java.lang.reflect.Method.invoke(Method.java:498)[:1.8.0_212] + at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1763)[spring-beans-4.3.18.RELEASE.jar:4.3.18.RELEASE] + at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1700)[spring-beans-4.3.18.RELEASE.jar:4.3.18.RELEASE] +2019-11-27 15:09:34,716 | INFO | Apache ActiveMQ 5.15.9 (localhost, ID:5338986a6080-37033-1574867374550-0:1) is shutting down | org.apache.activemq.broker.BrokerService | main +2019-11-27 15:09:34,718 | INFO | Connector openwire stopped | org.apache.activemq.broker.TransportConnector | main +2019-11-27 15:09:34,719 | INFO | Connector amqp stopped | org.apache.activemq.broker.TransportConnector | main +2019-11-27 15:09:34,721 | INFO | Connector stomp stopped | org.apache.activemq.broker.TransportConnector | main +2019-11-27 15:09:34,722 | INFO | Connector mqtt stopped | org.apache.activemq.broker.TransportConnector | main +2019-11-27 15:09:34,723 | INFO | Connector ws stopped | org.apache.activemq.broker.TransportConnector | main +2019-11-27 15:09:34,727 | INFO | PListStore:[/opt/activemq/data/localhost/tmp_storage] stopped | org.apache.activemq.store.kahadb.plist.PListStoreImpl | main +2019-11-27 15:09:34,728 | INFO | Stopping async queue tasks | org.apache.activemq.store.kahadb.KahaDBStore | main +2019-11-27 15:09:34,730 | INFO | Stopping async topic tasks | org.apache.activemq.store.kahadb.KahaDBStore | main +2019-11-29 10:59:49,515 | INFO | No Spring WebApplicationInitializer types detected on classpath | /admin | main +2019-11-29 10:59:49,779 | INFO | Initializing Spring FrameworkServlet 'dispatcher' | /admin | main diff --git a/filebeat/module/activemq/log/test/activemq.log-expected.json b/filebeat/module/activemq/log/test/activemq.log-expected.json new file mode 100644 index 00000000000..3c861831ab3 --- /dev/null +++ b/filebeat/module/activemq/log/test/activemq.log-expected.json @@ -0,0 +1,277 @@ +[ + { + "@timestamp": "2019-11-27T15:09:34.491-02:00", + "activemq.caller": "org.apache.activemq.store.kahadb.MessageDatabase", + "activemq.log.stack_trace": "", + "activemq.thread": "main", + "event.dataset": "activemq.log", + "event.kind": "event", + "event.module": "activemq", + "event.timezone": "-02:00", + "event.type": "info", + "fileset.name": "log", + "input.type": "log", + "log.level": "INFO", + "log.offset": 0, + "message": "KahaDB is version 6", + "service.type": "activemq" + }, + { + "@timestamp": "2019-11-27T15:09:34.531-02:00", + "activemq.caller": "org.apache.activemq.store.kahadb.plist.PListStoreImpl", + "activemq.log.stack_trace": "", + "activemq.thread": "main", + "event.dataset": "activemq.log", + "event.kind": "event", + "event.module": "activemq", + "event.timezone": "-02:00", + "event.type": "info", + "fileset.name": "log", + "input.type": "log", + "log.level": "INFO", + "log.offset": 112, + "message": "PListStore:[/opt/activemq/data/localhost/tmp_storage] started", + "service.type": "activemq" + }, + { + "@timestamp": "2019-11-27T15:09:34.538-02:00", + "activemq.caller": "org.apache.activemq.store.kahadb.disk.page.PageFile", + "activemq.log.stack_trace": "", + "activemq.thread": "KahaDB Index Free Page Recovery", + "event.dataset": "activemq.log", + "event.kind": "event", + "event.module": "activemq", + "event.timezone": "-02:00", + "event.type": "info", + "fileset.name": "log", + "input.type": "log", + "log.level": "INFO", + "log.offset": 271, + "message": "Page File: /opt/activemq/data/kahadb/db.data. Recovered pageFile free list of size: 0", + "service.type": "activemq" + }, + { + "@timestamp": "2019-11-27T15:09:34.690-02:00", + "activemq.caller": "org.apache.activemq.broker.BrokerService", + "activemq.log.stack_trace": "", + "activemq.thread": "main", + "event.dataset": "activemq.log", + "event.kind": "event", + "event.module": "activemq", + "event.timezone": "-02:00", + "event.type": "info", + "fileset.name": "log", + "input.type": "log", + "log.level": "INFO", + "log.offset": 479, + "message": "Apache ActiveMQ 5.15.9 (localhost, ID:5338986a6080-37033-1574867374550-0:1) is starting", + "service.type": "activemq" + }, + { + "@timestamp": "2019-11-27T15:09:34.712-02:00", + "activemq.caller": "org.apache.activemq.broker.BrokerService", + "activemq.log.stack_trace": "at org.apache.activemq.util.IOExceptionSupport.create(IOExceptionSupport.java:28)[activemq-client-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.registerConnectorMBean(BrokerService.java:2264)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.startTransportConnector(BrokerService.java:2744)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.startAllConnectors(BrokerService.java:2640)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.doStartBroker(BrokerService.java:771)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.startBroker(BrokerService.java:733)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.start(BrokerService.java:636)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.xbean.XBeanBrokerService.afterPropertiesSet(XBeanBrokerService.java:73)[activemq-spring-5.15.9.jar:5.15.9]\n\tat sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.8.0_212]\n\tat sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)[:1.8.0_212]\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[:1.8.0_212]\n\tat java.lang.reflect.Method.invoke(Method.java:498)[:1.8.0_212]\n\tat org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1763)[spring-beans-4.3.18.RELEASE.jar:4.3.18.RELEASE]\n\tat org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1700)[spring-beans-4.3.18.RELEASE.jar:4.3.18.RELEASE]", + "activemq.thread": "main", + "event.dataset": "activemq.log", + "event.kind": "event", + "event.module": "activemq", + "event.timezone": "-02:00", + "event.type": "error", + "fileset.name": "log", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "ERROR", + "log.offset": 651, + "message": "Failed to start Apache ActiveMQ (localhost, ID:5338986a6080-37033-1574867374550-0:1)", + "service.type": "activemq" + }, + { + "@timestamp": "2019-11-27T15:09:34.716-02:00", + "activemq.caller": "org.apache.activemq.broker.BrokerService", + "activemq.log.stack_trace": "", + "activemq.thread": "main", + "event.dataset": "activemq.log", + "event.kind": "event", + "event.module": "activemq", + "event.timezone": "-02:00", + "event.type": "info", + "fileset.name": "log", + "input.type": "log", + "log.level": "INFO", + "log.offset": 2522, + "message": "Apache ActiveMQ 5.15.9 (localhost, ID:5338986a6080-37033-1574867374550-0:1) is shutting down", + "service.type": "activemq" + }, + { + "@timestamp": "2019-11-27T15:09:34.718-02:00", + "activemq.caller": "org.apache.activemq.broker.TransportConnector", + "activemq.log.stack_trace": "", + "activemq.thread": "main", + "event.dataset": "activemq.log", + "event.kind": "event", + "event.module": "activemq", + "event.timezone": "-02:00", + "event.type": "info", + "fileset.name": "log", + "input.type": "log", + "log.level": "INFO", + "log.offset": 2699, + "message": "Connector openwire stopped", + "service.type": "activemq" + }, + { + "@timestamp": "2019-11-27T15:09:34.719-02:00", + "activemq.caller": "org.apache.activemq.broker.TransportConnector", + "activemq.log.stack_trace": "", + "activemq.thread": "main", + "event.dataset": "activemq.log", + "event.kind": "event", + "event.module": "activemq", + "event.timezone": "-02:00", + "event.type": "info", + "fileset.name": "log", + "input.type": "log", + "log.level": "INFO", + "log.offset": 2815, + "message": "Connector amqp stopped", + "service.type": "activemq" + }, + { + "@timestamp": "2019-11-27T15:09:34.721-02:00", + "activemq.caller": "org.apache.activemq.broker.TransportConnector", + "activemq.log.stack_trace": "", + "activemq.thread": "main", + "event.dataset": "activemq.log", + "event.kind": "event", + "event.module": "activemq", + "event.timezone": "-02:00", + "event.type": "info", + "fileset.name": "log", + "input.type": "log", + "log.level": "INFO", + "log.offset": 2927, + "message": "Connector stomp stopped", + "service.type": "activemq" + }, + { + "@timestamp": "2019-11-27T15:09:34.722-02:00", + "activemq.caller": "org.apache.activemq.broker.TransportConnector", + "activemq.log.stack_trace": "", + "activemq.thread": "main", + "event.dataset": "activemq.log", + "event.kind": "event", + "event.module": "activemq", + "event.timezone": "-02:00", + "event.type": "info", + "fileset.name": "log", + "input.type": "log", + "log.level": "INFO", + "log.offset": 3040, + "message": "Connector mqtt stopped", + "service.type": "activemq" + }, + { + "@timestamp": "2019-11-27T15:09:34.723-02:00", + "activemq.caller": "org.apache.activemq.broker.TransportConnector", + "activemq.log.stack_trace": "", + "activemq.thread": "main", + "event.dataset": "activemq.log", + "event.kind": "event", + "event.module": "activemq", + "event.timezone": "-02:00", + "event.type": "info", + "fileset.name": "log", + "input.type": "log", + "log.level": "INFO", + "log.offset": 3152, + "message": "Connector ws stopped", + "service.type": "activemq" + }, + { + "@timestamp": "2019-11-27T15:09:34.727-02:00", + "activemq.caller": "org.apache.activemq.store.kahadb.plist.PListStoreImpl", + "activemq.log.stack_trace": "", + "activemq.thread": "main", + "event.dataset": "activemq.log", + "event.kind": "event", + "event.module": "activemq", + "event.timezone": "-02:00", + "event.type": "info", + "fileset.name": "log", + "input.type": "log", + "log.level": "INFO", + "log.offset": 3262, + "message": "PListStore:[/opt/activemq/data/localhost/tmp_storage] stopped", + "service.type": "activemq" + }, + { + "@timestamp": "2019-11-27T15:09:34.728-02:00", + "activemq.caller": "org.apache.activemq.store.kahadb.KahaDBStore", + "activemq.log.stack_trace": "", + "activemq.thread": "main", + "event.dataset": "activemq.log", + "event.kind": "event", + "event.module": "activemq", + "event.timezone": "-02:00", + "event.type": "info", + "fileset.name": "log", + "input.type": "log", + "log.level": "INFO", + "log.offset": 3421, + "message": "Stopping async queue tasks", + "service.type": "activemq" + }, + { + "@timestamp": "2019-11-27T15:09:34.730-02:00", + "activemq.caller": "org.apache.activemq.store.kahadb.KahaDBStore", + "activemq.log.stack_trace": "", + "activemq.thread": "main", + "event.dataset": "activemq.log", + "event.kind": "event", + "event.module": "activemq", + "event.timezone": "-02:00", + "event.type": "info", + "fileset.name": "log", + "input.type": "log", + "log.level": "INFO", + "log.offset": 3536, + "message": "Stopping async topic tasks", + "service.type": "activemq" + }, + { + "@timestamp": "2019-11-29T10:59:49.515-02:00", + "activemq.caller": "/admin", + "activemq.log.stack_trace": "", + "activemq.thread": "main", + "event.dataset": "activemq.log", + "event.kind": "event", + "event.module": "activemq", + "event.timezone": "-02:00", + "event.type": "info", + "fileset.name": "log", + "input.type": "log", + "log.level": "INFO", + "log.offset": 3651, + "message": "No Spring WebApplicationInitializer types detected on classpath", + "service.type": "activemq" + }, + { + "@timestamp": "2019-11-29T10:59:49.779-02:00", + "activemq.caller": "/admin", + "activemq.log.stack_trace": "", + "activemq.thread": "main", + "event.dataset": "activemq.log", + "event.kind": "event", + "event.module": "activemq", + "event.timezone": "-02:00", + "event.type": "info", + "fileset.name": "log", + "input.type": "log", + "log.level": "INFO", + "log.offset": 3765, + "message": "Initializing Spring FrameworkServlet 'dispatcher'", + "service.type": "activemq" + } +] \ No newline at end of file diff --git a/filebeat/module/activemq/module.yml b/filebeat/module/activemq/module.yml new file mode 100644 index 00000000000..052ae43b923 --- /dev/null +++ b/filebeat/module/activemq/module.yml @@ -0,0 +1,5 @@ +dashboards: +- id: ffe86390-145f-11ea-8fd8-030a13064883 + file: Filebeat-activemq-audit-events.json +- id: 26434790-1464-11ea-8fd8-030a13064883 + file: Filebeat-activemq-application-events.json diff --git a/filebeat/module/aws/_meta/config.yml b/filebeat/module/aws/_meta/config.yml new file mode 100644 index 00000000000..7c9c9f0e7b0 --- /dev/null +++ b/filebeat/module/aws/_meta/config.yml @@ -0,0 +1,204 @@ +- module: aws + cloudtrail: + enabled: false + + # AWS SQS queue url + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + + # Profile name for aws credential + # If not set the default profile is used + #var.credential_profile_name: fb-aws + + # Use access_key_id, secret_access_key and/or session_token instead of shared credential file + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + + # The duration that the received messages are hidden from ReceiveMessage request + # Default to be 300s + #var.visibility_timeout: 300s + + # Maximum duration before AWS API request will be interrupted + # Default to be 120s + #var.api_timeout: 120s + + # Custom endpoint used to access AWS APIs + #var.endpoint: amazonaws.com + + # AWS IAM Role to assume + #var.role_arn: arn:aws:iam::123456789012:role/test-mb + + cloudwatch: + enabled: false + + # AWS SQS queue url + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + + # Profile name for aws credential + # If not set the default profile is used + #var.credential_profile_name: fb-aws + + # Use access_key_id, secret_access_key and/or session_token instead of shared credential file + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + + # The duration that the received messages are hidden from ReceiveMessage request + # Default to be 300s + #var.visibility_timeout: 300s + + # Maximum duration before AWS API request will be interrupted + # Default to be 120s + #var.api_timeout: 120s + + # Custom endpoint used to access AWS APIs + #var.endpoint: amazonaws.com + + # AWS IAM Role to assume + #var.role_arn: arn:aws:iam::123456789012:role/test-mb + + ec2: + enabled: false + + # AWS SQS queue url + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + + # Profile name for aws credential + # If not set the default profile is used + #var.credential_profile_name: fb-aws + + # Use access_key_id, secret_access_key and/or session_token instead of shared credential file + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + + # The duration that the received messages are hidden from ReceiveMessage request + # Default to be 300s + #var.visibility_timeout: 300s + + # Maximum duration before AWS API request will be interrupted + # Default to be 120s + #var.api_timeout: 120s + + # Custom endpoint used to access AWS APIs + #var.endpoint: amazonaws.com + + # AWS IAM Role to assume + #var.role_arn: arn:aws:iam::123456789012:role/test-mb + + elb: + enabled: false + + # AWS SQS queue url + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + + # Profile name for aws credential + # If not set the default profile is used + #var.credential_profile_name: fb-aws + + # Use access_key_id, secret_access_key and/or session_token instead of shared credential file + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + + # The duration that the received messages are hidden from ReceiveMessage request + # Default to be 300s + #var.visibility_timeout: 300s + + # Maximum duration before AWS API request will be interrupted + # Default to be 120s + #var.api_timeout: 120s + + # Custom endpoint used to access AWS APIs + #var.endpoint: amazonaws.com + + # AWS IAM Role to assume + #var.role_arn: arn:aws:iam::123456789012:role/test-mb + + s3access: + enabled: false + + # AWS SQS queue url + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + + # Profile name for aws credential + # If not set the default profile is used + #var.credential_profile_name: fb-aws + + # Use access_key_id, secret_access_key and/or session_token instead of shared credential file + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + + # The duration that the received messages are hidden from ReceiveMessage request + # Default to be 300s + #var.visibility_timeout: 300s + + # Maximum duration before AWS API request will be interrupted + # Default to be 120s + #var.api_timeout: 120s + + # Custom endpoint used to access AWS APIs + #var.endpoint: amazonaws.com + + # AWS IAM Role to assume + #var.role_arn: arn:aws:iam::123456789012:role/test-mb + + vpcflow: + enabled: false + + # AWS SQS queue url + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + + # Profile name for aws credential + # If not set the default profile is used + #var.credential_profile_name: fb-aws + + # Use access_key_id, secret_access_key and/or session_token instead of shared credential file + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + + # The duration that the received messages are hidden from ReceiveMessage request + # Default to be 300s + #var.visibility_timeout: 300s + + # Maximum duration before AWS API request will be interrupted + # Default to be 120s + #var.api_timeout: 120s + + # Custom endpoint used to access AWS APIs + #var.endpoint: amazonaws.com + + # AWS IAM Role to assume + #var.role_arn: arn:aws:iam::123456789012:role/test-mb diff --git a/filebeat/module/aws/_meta/docs.asciidoc b/filebeat/module/aws/_meta/docs.asciidoc new file mode 100644 index 00000000000..04e0ff33cfe --- /dev/null +++ b/filebeat/module/aws/_meta/docs.asciidoc @@ -0,0 +1,233 @@ +[role="xpack"] + +:libbeat-xpack-dir: ../../../x-pack/libbeat + +:modulename: aws +:has-dashboards: true + +== AWS module + +beta[] + +This is a module for aws logs. It uses filebeat s3 input to get log files from +AWS S3 buckets with SQS notification. This module supports reading s3 server +access logs with `s3access` fileset, ELB access logs with `elb` fileset, VPC +flow logs with `vpcflow` fileset, and CloudTrail logs with `cloudtrail` fileset. + +Access logs contain detailed information about the requests made to these +services. VPC flow logs captures information about the IP traffic going to and +from network interfaces in AWS VPC. ELB access logs captures detailed information +about requests sent to the load balancer. CloudTrail logs contain events +that represent actions taken by a user, role or AWS service. + +The `aws` module requires AWS credentials configuration in order to make AWS API calls. +Users can either use `access_key_id`, `secret_access_key` and/or +`session_token`, or use `role_arn` AWS IAM role, or use shared AWS credentials file. + +Please see <> for more details. + +include::../include/gs-link.asciidoc[] + +[float] +=== Module configuration + +Example config: + +[source,yaml] +---- +- module: aws + cloudtrail: + enabled: false + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + #var.shared_credential_file: /etc/filebeat/aws_credentials + #var.credential_profile_name: fb-aws + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + #var.visibility_timeout: 300s + #var.api_timeout: 120s + #var.endpoint: amazonaws.com + #var.role_arn: arn:aws:iam::123456789012:role/test-mb + + cloudwatch: + enabled: false + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + #var.shared_credential_file: /etc/filebeat/aws_credentials + #var.credential_profile_name: fb-aws + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + #var.visibility_timeout: 300s + #var.api_timeout: 120s + #var.endpoint: amazonaws.com + #var.role_arn: arn:aws:iam::123456789012:role/test-mb + + ec2: + enabled: false + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + #var.shared_credential_file: /etc/filebeat/aws_credentials + #var.credential_profile_name: fb-aws + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + #var.visibility_timeout: 300s + #var.api_timeout: 120s + #var.endpoint: amazonaws.com + #var.role_arn: arn:aws:iam::123456789012:role/test-mb + + elb: + enabled: false + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + #var.shared_credential_file: /etc/filebeat/aws_credentials + #var.credential_profile_name: fb-aws + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + #var.visibility_timeout: 300s + #var.api_timeout: 120s + #var.endpoint: amazonaws.com + #var.role_arn: arn:aws:iam::123456789012:role/test-mb + + s3access: + enabled: false + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + #var.shared_credential_file: /etc/filebeat/aws_credentials + #var.credential_profile_name: fb-aws + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + #var.visibility_timeout: 300s + #var.api_timeout: 120s + #var.endpoint: amazonaws.com + #var.role_arn: arn:aws:iam::123456789012:role/test-mb + + vpcflow: + enabled: false + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + #var.shared_credential_file: /etc/filebeat/aws_credentials + #var.credential_profile_name: fb-aws + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + #var.visibility_timeout: 300s + #var.api_timeout: 120s + #var.endpoint: amazonaws.com + #var.role_arn: arn:aws:iam::123456789012:role/test-mb +---- + +*`var.queue_url`*:: + +(Required) AWS SQS queue url. + +*`var.visibility_timeout`*:: + +The duration that the received messages are hidden from ReceiveMessage request. +Default to be 300 seconds. + +*`var.api_timeout`*:: + +Maximum duration before AWS API request will be interrupted. Default to be 120 seconds. + +*`var.endpoint`*:: + +Custom endpoint used to access AWS APIs. + +*`var.shared_credential_file`*:: + +Filename of AWS credential file. + +*`var.credential_profile_name`*:: + +AWS credential profile name. + +*`var.access_key_id`*:: +First part of access key. + +*`var.secret_access_key`*:: +Second part of access key. + +*`var.session_token`*:: +Required when using temporary security credentials. + +*`var.role_arn`*:: +AWS IAM Role to assume. + +[float] +=== cloudtrail fileset + +CloudTrail monitors events for the account. If user creates a trail, it +delivers those events as log files to a specific Amazon S3 bucket. +The `cloudtrail` fileset does not read the CloudTrail Digest files +that are delivered to the S3 bucket when Log File Integrity is turned +on, it only reads the CloudTrail logs. + +[role="screenshot"] +image::./images/filebeat-aws-cloudtrail.png[] + +[float] +=== cloudwatch fileset + +Users can use Amazon CloudWatch Logs to monitor, store, and access log files +from different sources. Export logs from log groups to an Amazon S3 bucket which +has SQS notification setup already. This fileset will parse these logs into +`timestamp` and `message` field. + +[float] +=== ec2 fileset + +This fileset is specifically for EC2 logs stored in AWS CloudWatch. Export logs +from log groups to Amazon S3 bucket which has SQS notification setup already. +With this fileset, EC2 logs will be parsed into fields like `ip` +and `program_name`. For logs from other services, please use `cloudwatch` fileset. + +[float] +=== elb fileset + +Elastic Load Balancing provides access logs that capture detailed information +about requests sent to the load balancer. Each log contains information such +as the time the request was received, the client's IP address, latencies, +request paths, and server responses. Users can use these access logs to analyze +traffic patterns and to troubleshoot issues. + +Please follow https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html[enable access logs for classic load balancer] +for sending Classic ELB access logs to S3 bucket. +For application load balancer, please follow https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#enable-access-logging[enable access log for application load balancer]. +For network load balancer, please follow https://docs.aws.amazon.com/elasticloadbalancing/latest//network/load-balancer-access-logs.html[enable access log for network load balancer]. + +This fileset comes with a predefined dashboard: + +[role="screenshot"] +image::./images/filebeat-aws-elb-overview.png[] + +[float] +=== s3access fileset + +Server access logging provides detailed records for the requests that are made +to a bucket. Server access logs are useful for many applications. For example, +access log information can be useful in security and access audits. It can also +help you learn about customer base and understand Amazon S3 bill. + +Please follow https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html#server-access-logging-overview[how to enable server access logging] +for sending server access logs to S3 bucket. + +This fileset comes with a predefined dashboard: + +[role="screenshot"] +image::./images/filebeat-aws-s3access-overview.png[] + +[float] +=== vpcflow fileset + +VPC Flow Logs is a feature in AWS that enables users to capture information +about the IP traffic going to and from network interfaces in VPC. Flow log data +needs to be published to Amazon S3 in order for `vpcflow` fileset to retrieve. +Flow logs can help users to monitor traffic that is reaching each instance and +determine the direction of the traffic to and from the network interfaces. + +This fileset comes with a predefined dashboard: + +[role="screenshot"] +image::./images/filebeat-aws-vpcflow-overview.png[] + +[id="aws-credentials-options"] +include::{libbeat-xpack-dir}/docs/aws-credentials-config.asciidoc[] diff --git a/filebeat/module/aws/_meta/fields.yml b/filebeat/module/aws/_meta/fields.yml new file mode 100644 index 00000000000..42e845dae7d --- /dev/null +++ b/filebeat/module/aws/_meta/fields.yml @@ -0,0 +1,11 @@ +- key: aws + title: AWS + release: beta + description: > + Module for handling logs from AWS. + fields: + - name: aws + type: group + description: > + Fields from AWS logs. + fields: diff --git a/filebeat/module/aws/_meta/kibana/7/dashboard/Filebeat-aws-elb-overview.json b/filebeat/module/aws/_meta/kibana/7/dashboard/Filebeat-aws-elb-overview.json new file mode 100644 index 00000000000..5d80aa7a7a6 --- /dev/null +++ b/filebeat/module/aws/_meta/kibana/7/dashboard/Filebeat-aws-elb-overview.json @@ -0,0 +1,949 @@ +{ + "objects": [ + { + "attributes": { + "description": "Filebeat AWS ELB Access Log Overview Dashboard", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "isLayerTOCOpen": false, + "mapCenter": { + "lat": 51.63808, + "lon": 17.07232, + "zoom": 3.47 + }, + "openTOCDetails": [], + "title": "ELB Requests Geolocation" + }, + "gridData": { + "h": 14, + "i": "2c97b32e-5548-429d-9ce0-1bbc3d2398ac", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "2c97b32e-5548-429d-9ce0-1bbc3d2398ac", + "panelRefName": "panel_0", + "title": "ELB Requests Geolocation", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "ELB Inbound Traffic" + }, + "gridData": { + "h": 14, + "i": "26ebbde3-ee0c-4b4d-8ab9-404cbe5786a9", + "w": 16, + "x": 16, + "y": 0 + }, + "panelIndex": "26ebbde3-ee0c-4b4d-8ab9-404cbe5786a9", + "panelRefName": "panel_1", + "title": "ELB Inbound Traffic", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "ELB Top User Agents" + }, + "gridData": { + "h": 14, + "i": "48ecb39f-57a5-4805-a8a9-77385a996d75", + "w": 16, + "x": 32, + "y": 14 + }, + "panelIndex": "48ecb39f-57a5-4805-a8a9-77385a996d75", + "panelRefName": "panel_2", + "title": "ELB Top User Agents", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "ELB Total Requests" + }, + "gridData": { + "h": 14, + "i": "9812996e-ba10-41bd-b134-c9705a0973b4", + "w": 16, + "x": 0, + "y": 14 + }, + "panelIndex": "9812996e-ba10-41bd-b134-c9705a0973b4", + "panelRefName": "panel_3", + "title": "ELB Total Requests", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "ELB Top IP Addresses" + }, + "gridData": { + "h": 14, + "i": "bb25b36e-0787-48fd-aa22-7ba8c08a9c36", + "w": 16, + "x": 16, + "y": 14 + }, + "panelIndex": "bb25b36e-0787-48fd-aa22-7ba8c08a9c36", + "panelRefName": "panel_4", + "title": "ELB Top IP Addresses", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "ELB Outbound Traffic" + }, + "gridData": { + "h": 14, + "i": "bf43580d-cc26-415b-ae36-d678a232b544", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "bf43580d-cc26-415b-ae36-d678a232b544", + "panelRefName": "panel_5", + "title": "ELB Outbound Traffic", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "ELB HTTP 2xx" + }, + "gridData": { + "h": 14, + "i": "466e825b-6ee2-43c3-b221-21abe27612dd", + "w": 16, + "x": 0, + "y": 28 + }, + "panelIndex": "466e825b-6ee2-43c3-b221-21abe27612dd", + "panelRefName": "panel_6", + "title": "ELB HTTP 2xx", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "ELB HTTP 4xx" + }, + "gridData": { + "h": 14, + "i": "d42994a6-922c-4f86-bf99-a46f87ff106d", + "w": 16, + "x": 16, + "y": 28 + }, + "panelIndex": "d42994a6-922c-4f86-bf99-a46f87ff106d", + "panelRefName": "panel_7", + "title": "ELB HTTP 4xx", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "ELB HTTP 5xx" + }, + "gridData": { + "h": 14, + "i": "f45aaa2c-c244-4d1a-8ad4-4794130b9827", + "w": 16, + "x": 32, + "y": 28 + }, + "panelIndex": "f45aaa2c-c244-4d1a-8ad4-4794130b9827", + "panelRefName": "panel_8", + "title": "ELB HTTP 5xx", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Filebeat AWS] ELB Access Log Overview", + "version": 1 + }, + "id": "3af47420-3e7b-11ea-bb0a-69c3ca1d410f", + "migrationVersion": { + "dashboard": "7.3.0" + }, + "references": [ + { + "id": "0edf0640-3e7e-11ea-bb0a-69c3ca1d410f", + "name": "panel_0", + "type": "map" + }, + { + "id": "76af8140-3e84-11ea-bb0a-69c3ca1d410f", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "73970bc0-3e86-11ea-bb0a-69c3ca1d410f", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "e50c51e0-3e7f-11ea-bb0a-69c3ca1d410f", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "ceb7c030-3e86-11ea-bb0a-69c3ca1d410f", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "bd37d720-3e84-11ea-bb0a-69c3ca1d410f", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "219c1850-3e82-11ea-bb0a-69c3ca1d410f", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "b6a308f0-3e82-11ea-bb0a-69c3ca1d410f", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "d8b1e830-3e82-11ea-bb0a-69c3ca1d410f", + "name": "panel_8", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2020-01-27T07:52:13.100Z", + "version": "WzUxNSwxXQ==" + }, + { + "attributes": { + "bounds": { + "coordinates": [ + [ + [ + -14.38966, + 60.11526 + ], + [ + -14.38966, + 39.61205 + ], + [ + 41.72167, + 39.61205 + ], + [ + 41.72167, + 60.11526 + ], + [ + -14.38966, + 60.11526 + ] + ] + ], + "type": "Polygon" + }, + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"19047c4c-18d7-4aec-b0ce-98de2828244d\",\"label\":\"Hits\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"applyGlobalQuery\":true,\"style\":{},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"type\":\"ES_GEO_GRID\",\"id\":\"1e82f50f-424a-4718-905b-ad45db14db62\",\"geoField\":\"source.geo.location\",\"requestType\":\"point\",\"resolution\":\"COARSE\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"label\":\"count\",\"name\":\"doc_count\",\"origin\":\"source\"},\"color\":\"Blues\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#167a6d\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"label\":\"count\",\"name\":\"doc_count\",\"origin\":\"source\"},\"minSize\":4,\"maxSize\":32}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"symbol\":{\"options\":{\"symbolizeAs\":\"circle\",\"symbolId\":\"airfield\"}}}},\"id\":\"1d457cd4-01be-4f96-95fd-af4ac535ebea\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"applyGlobalQuery\":true,\"type\":\"VECTOR\"}]", + "mapStateJSON": "{\"zoom\":3.9,\"center\":{\"lon\":13.666,\"lat\":50.97903},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":false,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"filebeat-*\",\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"fileset.name\",\"value\":\"elb\",\"params\":{\"query\":\"elb\"}},\"query\":{\"match\":{\"fileset.name\":{\"query\":\"elb\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}", + "title": "ELB Requests Geolocation [Filebeat AWS] ECS", + "uiStateJSON": { + "isLayerTOCOpen": true, + "openTOCDetails": [] + } + }, + "id": "0edf0640-3e7e-11ea-bb0a-69c3ca1d410f", + "migrationVersion": { + "map": "7.4.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "type": "map", + "updated_at": "2020-01-27T07:49:00.984Z", + "version": "WzEzOCwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB Inbound Traffic [Filebeat AWS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "filebeat-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "fileset.name : \"elb\"" + }, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Inbound", + "line_width": 1, + "metrics": [ + { + "field": "source.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.elb.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "ELB Inbound Traffic [Filebeat AWS] ECS", + "type": "metrics" + } + }, + "id": "76af8140-3e84-11ea-bb0a-69c3ca1d410f", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-01-27T07:49:00.984Z", + "version": "WzEzOSwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB Top User Agents [Filebeat AWS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "29527130-3e86-11ea-9067-cf383a4ea3b3" + } + ], + "bar_color_rules": [ + { + "id": "cc6d5070-3e85-11ea-9067-cf383a4ea3b3" + } + ], + "default_index_pattern": "filebeat-*", + "default_timefield": "@timestamp", + "gauge_color_rules": [ + { + "id": "2b29c940-3e86-11ea-9067-cf383a4ea3b3" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "pivot_id": "user_agent.original", + "pivot_type": "string", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "color_rules": [ + { + "id": "42e14220-3e86-11ea-9067-cf383a4ea3b3" + } + ], + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "fileset.name : \"elb\" " + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "User Agent", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "2010cb20-3e87-11ea-9067-cf383a4ea3b3", + "type": "cumulative_sum" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "user_agent.original", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "top_n" + }, + "title": "ELB Top User Agents [Filebeat AWS] ECS", + "type": "metrics" + } + }, + "id": "73970bc0-3e86-11ea-bb0a-69c3ca1d410f", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-01-27T07:49:00.984Z", + "version": "WzE0MCwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB Total Requests [Filebeat AWS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "filebeat-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "fileset.name : \"elb\" " + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Total Requests", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.elb.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "ELB Total Requests [Filebeat AWS] ECS", + "type": "metrics" + } + }, + "id": "e50c51e0-3e7f-11ea-bb0a-69c3ca1d410f", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-01-27T07:49:00.984Z", + "version": "WzE0MSwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB Top IP Addresses [Filebeat AWS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "29527130-3e86-11ea-9067-cf383a4ea3b3" + } + ], + "bar_color_rules": [ + { + "id": "cc6d5070-3e85-11ea-9067-cf383a4ea3b3" + } + ], + "default_index_pattern": "filebeat-*", + "default_timefield": "@timestamp", + "gauge_color_rules": [ + { + "id": "2b29c940-3e86-11ea-9067-cf383a4ea3b3" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "pivot_id": "user_agent.original", + "pivot_type": "string", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "color_rules": [ + { + "id": "42e14220-3e86-11ea-9067-cf383a4ea3b3" + } + ], + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "fileset.name : \"elb\" " + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "IP address", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "40c52370-3e87-11ea-9067-cf383a4ea3b3", + "type": "cumulative_sum" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "source.ip", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "top_n" + }, + "title": "ELB Top IP Addresses [Filebeat AWS] ECS", + "type": "metrics" + } + }, + "id": "ceb7c030-3e86-11ea-bb0a-69c3ca1d410f", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-01-27T07:49:00.984Z", + "version": "WzE0MiwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB Outbound Traffic [Filebeat AWS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "filebeat-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(253,161,255,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "fileset.name : \"elb\"" + }, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Outbound", + "line_width": 1, + "metrics": [ + { + "field": "destination.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.elb.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "ELB Outbound Traffic [Filebeat AWS] ECS", + "type": "metrics" + } + }, + "id": "bd37d720-3e84-11ea-bb0a-69c3ca1d410f", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-01-27T07:49:00.984Z", + "version": "WzE0MywxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB HTTP 2xx [Filebeat AWS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "filebeat-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(164,221,0,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "fileset.name : \"elb\" and http.response.status_code \u003e= 200 and http.response.status_code\t\u003c 300" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "HTTP 2xx", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.elb.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "ELB HTTP 2xx [Filebeat AWS] ECS", + "type": "metrics" + } + }, + "id": "219c1850-3e82-11ea-bb0a-69c3ca1d410f", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-01-27T07:49:00.984Z", + "version": "WzE0NCwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB HTTP 4xx [Filebeat AWS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "filebeat-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(174,161,255,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "fileset.name : \"elb\" and http.response.status_code \u003e= 400 and http.response.status_code \u003c 500" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "HTTP 4xx", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.elb.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "ELB HTTP 4xx [Filebeat AWS] ECS", + "type": "metrics" + } + }, + "id": "b6a308f0-3e82-11ea-bb0a-69c3ca1d410f", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-01-27T07:49:00.984Z", + "version": "WzE0NSwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB HTTP 5xx [Filebeat AWS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "filebeat-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "fileset.name : \"elb\" and http.response.status_code \u003e= 500 and http.response.status_code \u003c 600" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "HTTP 5xx", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.elb.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "ELB HTTP 5xx [Filebeat AWS] ECS", + "type": "metrics" + } + }, + "id": "d8b1e830-3e82-11ea-bb0a-69c3ca1d410f", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-01-27T07:49:00.984Z", + "version": "WzE0NiwxXQ==" + } + ], + "version": "7.4.0" +} diff --git a/filebeat/module/aws/_meta/kibana/7/dashboard/Filebeat-aws-s3access-overview.json b/filebeat/module/aws/_meta/kibana/7/dashboard/Filebeat-aws-s3access-overview.json new file mode 100644 index 00000000000..7f8b10f8ca9 --- /dev/null +++ b/filebeat/module/aws/_meta/kibana/7/dashboard/Filebeat-aws-s3access-overview.json @@ -0,0 +1,458 @@ +{ + "objects": [ + { + "attributes": { + "description": "Filebeat AWS S3 Server Access Log Overview Dashboard", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "Top URLs" + }, + "gridData": { + "h": 15, + "i": "1", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Top URLs", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Http Status over time" + }, + "gridData": { + "h": 15, + "i": "2", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Http Status over time", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Error Logs" + }, + "gridData": { + "h": 15, + "i": "3", + "w": 48, + "x": 0, + "y": 15 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Error Logs", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Filebeat AWS] S3 Server Access Log Overview", + "version": 1 + }, + "id": "4746e000-bacd-11e9-9f70-1f7bda85a5eb", + "migrationVersion": { + "dashboard": "7.3.0" + }, + "references": [ + { + "id": "99ffdb00-bacb-11e9-9f70-1f7bda85a5eb", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "5c93cd10-bac3-11e9-9f70-1f7bda85a5eb", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "5e5a3c90-bac0-11e9-9f70-1f7bda85a5eb", + "name": "panel_2", + "type": "search" + } + ], + "type": "dashboard", + "updated_at": "2019-09-11T15:17:53.090Z", + "version": "WzEyMDAsN10=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top URLs [Filebeat AWS]", + "uiStateJSON": { + "vis": { + "colors": { + "404": "#EAB839" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Request Uri", + "field": "aws.s3access.request_uri", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "row": false, + "size": 5 + }, + "schema": "split", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "HTTP Status", + "field": "aws.s3access.http_status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "number", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + }, + "splitColumn": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ] + }, + "isDonut": false, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Top URLs [Filebeat AWS]", + "type": "pie" + } + }, + "id": "99ffdb00-bacb-11e9-9f70-1f7bda85a5eb", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-09-11T15:11:59.518Z", + "version": "Wzk0Myw3XQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Http Status over time [Filebeat AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metricbeat-*", + "default_timefield": "@timestamp", + "filter": { + "language": "lucene", + "query": "event.module:aws AND fileset.name:s3access" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "filebeat-*", + "interval": "auto", + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Http Status", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_filters": [ + { + "color": "#68BC00", + "filter": { + "language": "kuery", + "query": "aws.s3access.http_status \u003c 300 and aws.s3access.http_status \u003e= 200" + }, + "id": "5acdc750-a29d-11e7-a062-a1c3587f4874", + "label": "200s" + }, + { + "color": "rgba(252,196,0,1)", + "filter": { + "language": "kuery", + "query": "aws.s3access.http_status \u003c 400 and aws.s3access.http_status \u003e= 300" + }, + "id": "6efd2ae0-a29d-11e7-a062-a1c3587f4874", + "label": "300s" + }, + { + "color": "rgba(211,49,21,1)", + "filter": { + "language": "kuery", + "query": "aws.s3access.http_status \u003c 500 and aws.s3access.http_status \u003e= 400" + }, + "id": "76089a90-a29d-11e7-a062-a1c3587f4874", + "label": "400s" + }, + { + "color": "rgba(171,20,158,1)", + "filter": { + "language": "kuery", + "query": "aws.s3access.http_status \u003c 600 and aws.s3access.http_status \u003e= 500" + }, + "id": "7c7929d0-a29d-11e7-a062-a1c3587f4874", + "label": "500s" + } + ], + "split_mode": "filters", + "stacked": "stacked", + "terms_field": "http.response.status_code", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Http Status over time [Filebeat AWS]", + "type": "metrics" + } + }, + "id": "5c93cd10-bac3-11e9-9f70-1f7bda85a5eb", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-09-11T15:11:59.518Z", + "version": "Wzk0NCw3XQ==" + }, + { + "attributes": { + "columns": [ + "aws.s3access.http_status", + "aws.s3access.error_code", + "aws.s3access.operation", + "aws.s3access.request_uri" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "aws.s3access.http_status", + "negate": true, + "params": { + "query": "200" + }, + "type": "phrase", + "value": "200" + }, + "query": { + "match": { + "aws.s3access.http_status": { + "query": "200", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "fileset.name", + "negate": false, + "params": { + "query": "s3access" + }, + "type": "phrase", + "value": "s3access" + }, + "query": { + "match": { + "fileset.name": { + "query": "s3access", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Error Logs [Filebeat AWS]", + "version": 1 + }, + "id": "5e5a3c90-bac0-11e9-9f70-1f7bda85a5eb", + "migrationVersion": { + "search": "7.4.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2019-09-11T15:17:42.648Z", + "version": "WzExOTksN10=" + } + ], + "version": "7.4.0" +} diff --git a/filebeat/module/aws/_meta/kibana/7/dashboard/Filebeat-aws-vpcflow-overview.json b/filebeat/module/aws/_meta/kibana/7/dashboard/Filebeat-aws-vpcflow-overview.json new file mode 100644 index 00000000000..811de036907 --- /dev/null +++ b/filebeat/module/aws/_meta/kibana/7/dashboard/Filebeat-aws-vpcflow-overview.json @@ -0,0 +1,659 @@ +{ + "objects": [ + { + "attributes": { + "description": "Filebeat AWS VPC Flow Log Overview Dashboard", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "S3 Bucket Filter" + }, + "gridData": { + "h": 5, + "i": "c802177f-038c-4a35-a82d-0fa42c857d02", + "w": 18, + "x": 0, + "y": 0 + }, + "panelIndex": "c802177f-038c-4a35-a82d-0fa42c857d02", + "panelRefName": "panel_0", + "title": "S3 Bucket Filter", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "isLayerTOCOpen": true, + "mapCenter": { + "lat": 12.09237, + "lon": 60.11722, + "zoom": 0.47 + }, + "openTOCDetails": [], + "title": "VPC Flow Action Geo Location" + }, + "gridData": { + "h": 17, + "i": "380eed85-225b-4d5d-88bc-1c70a3643ddb", + "w": 30, + "x": 18, + "y": 0 + }, + "panelIndex": "380eed85-225b-4d5d-88bc-1c70a3643ddb", + "panelRefName": "panel_1", + "title": "VPC Flow Action Geo Location", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "VPC Flow Top IP Addresses" + }, + "gridData": { + "h": 12, + "i": "3dde08df-2d7e-464e-825d-03179e43e175", + "w": 18, + "x": 0, + "y": 5 + }, + "panelIndex": "3dde08df-2d7e-464e-825d-03179e43e175", + "panelRefName": "panel_2", + "title": "VPC Flow Top IP Addresses", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "VPC Flow Total Requests" + }, + "gridData": { + "h": 12, + "i": "f7c6de04-c771-47ff-a32d-00a7940e414a", + "w": 48, + "x": 0, + "y": 17 + }, + "panelIndex": "f7c6de04-c771-47ff-a32d-00a7940e414a", + "panelRefName": "panel_3", + "title": "VPC Flow Total Requests", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "VPC Flow Reject Logs" + }, + "gridData": { + "h": 15, + "i": "b4dbbe72-0dc0-428b-b21e-91c6cc82745c", + "w": 48, + "x": 0, + "y": 29 + }, + "panelIndex": "b4dbbe72-0dc0-428b-b21e-91c6cc82745c", + "panelRefName": "panel_4", + "title": "VPC Flow Reject Logs", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Filebeat AWS] VPC Flow Log Overview", + "version": 1 + }, + "id": "15503340-4488-11ea-ad63-791a5dc86f10", + "migrationVersion": { + "dashboard": "7.3.0" + }, + "references": [ + { + "id": "247e2990-4699-11ea-ad63-791a5dc86f10", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "513a3d70-4482-11ea-ad63-791a5dc86f10", + "name": "panel_1", + "type": "map" + }, + { + "id": "75853f20-4484-11ea-ad63-791a5dc86f10", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "bad8c910-4485-11ea-ad63-791a5dc86f10", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "c1aee600-4487-11ea-ad63-791a5dc86f10", + "name": "panel_4", + "type": "search" + } + ], + "type": "dashboard", + "updated_at": "2020-02-03T16:45:00.909Z", + "version": "WzY3NDIsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "S3 Bucket Name Filter [Filebeat AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "aws.s3.bucket.name", + "id": "1565034367477", + "indexPatternRefName": "control_0_index_pattern", + "label": "S3 Bucket Names", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": true + }, + "title": "S3 Bucket Name Filter [Filebeat AWS]", + "type": "input_control_vis" + } + }, + "id": "247e2990-4699-11ea-ad63-791a5dc86f10", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "filebeat-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-03T16:42:58.806Z", + "version": "WzYzNzUsMV0=" + }, + { + "attributes": { + "bounds": { + "coordinates": [ + [ + [ + -180, + 85.05113 + ], + [ + -180, + -85.05113 + ], + [ + 180, + -85.05113 + ], + [ + 180, + 85.05113 + ], + [ + -180, + 85.05113 + ] + ] + ], + "type": "Polygon" + }, + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"842c201e-96d7-413d-8688-de5ee4f8a1e0\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"applyGlobalQuery\":true,\"style\":{},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"id\":\"97903038-e08d-4451-bbd2-eb92c894bdf5\",\"type\":\"ES_SEARCH\",\"geoField\":\"destination.geo.location\",\"filterByMapBounds\":true,\"tooltipProperties\":[],\"useTopHits\":false,\"topHitsTimeField\":\"@timestamp\",\"topHitsSize\":1,\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#1EA593\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#167a6d\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":5}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"symbol\":{\"options\":{\"symbolizeAs\":\"circle\",\"symbolId\":\"airfield\"}}}},\"id\":\"401944dd-a371-4698-be17-bc4542e9a5d4\",\"label\":\"vpc flow action accept\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"applyGlobalQuery\":true,\"type\":\"VECTOR\",\"query\":{\"query\":\"aws.vpcflow.action : \\\"ACCEPT\\\" \",\"language\":\"kuery\"}},{\"sourceDescriptor\":{\"id\":\"9c0e7cce-4f21-4bcd-bb50-ae36c0fffffb\",\"type\":\"ES_SEARCH\",\"geoField\":\"source.geo.location\",\"filterByMapBounds\":true,\"tooltipProperties\":[],\"useTopHits\":false,\"topHitsTimeField\":\"@timestamp\",\"topHitsSize\":1,\"indexPatternRefName\":\"layer_2_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#f00f0b\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#7a1a18\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":5}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"symbol\":{\"options\":{\"symbolizeAs\":\"circle\",\"symbolId\":\"airfield\"}}}},\"id\":\"b1d44a5c-3a04-4c80-8080-57585b02fd48\",\"label\":\"vpc flow action reject\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"applyGlobalQuery\":true,\"type\":\"VECTOR\",\"query\":{\"query\":\"aws.vpcflow.action : \\\"REJECT\\\" \",\"language\":\"kuery\"}}]", + "mapStateJSON": "{\"zoom\":0.47,\"center\":{\"lon\":-108.92402,\"lat\":0},\"timeFilters\":{\"from\":\"now-15d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":false,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]}", + "title": "VPC Flow Action Geo Location[Filebeat AWS]", + "uiStateJSON": { + "isLayerTOCOpen": false, + "openTOCDetails": [] + } + }, + "id": "513a3d70-4482-11ea-ad63-791a5dc86f10", + "migrationVersion": { + "map": "7.4.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "layer_2_source_index_pattern", + "type": "index-pattern" + } + ], + "type": "map", + "updated_at": "2020-02-03T16:42:58.806Z", + "version": "WzYzNzYsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "VPC Flow Top IP Addresses [Filebeat AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "29527130-3e86-11ea-9067-cf383a4ea3b3" + } + ], + "bar_color_rules": [ + { + "id": "cc6d5070-3e85-11ea-9067-cf383a4ea3b3" + } + ], + "default_index_pattern": "metricbeat-*", + "default_timefield": "@timestamp", + "gauge_color_rules": [ + { + "id": "2b29c940-3e86-11ea-9067-cf383a4ea3b3" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "pivot_id": "user_agent.original", + "pivot_type": "string", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "color_rules": [ + { + "id": "42e14220-3e86-11ea-9067-cf383a4ea3b3" + } + ], + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "fileset.name : \"vpcflow\" " + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "IP address", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "40c52370-3e87-11ea-9067-cf383a4ea3b3", + "type": "cumulative_sum" + } + ], + "override_index_pattern": 1, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "series_index_pattern": "filebeat-*", + "split_mode": "terms", + "stacked": "none", + "terms_field": "source.ip", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "top_n" + }, + "title": "VPC Flow Top IP Addresses [Filebeat AWS]", + "type": "metrics" + } + }, + "id": "75853f20-4484-11ea-ad63-791a5dc86f10", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-02-03T16:42:58.806Z", + "version": "WzYzNzcsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "VPC Flow Total Requests [Filebeat AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color": "rgba(255,255,255,1)", + "default_index_pattern": "metricbeat-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "right", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": { + "language": "kuery", + "query": "fileset.name : \"vpcflow\" and aws.vpcflow.action : \"REJECT\" " + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "REJECT", + "line_width": "2", + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "override_index_pattern": 1, + "point_size": "3", + "separate_axis": 0, + "series_drop_last_bucket": 0, + "series_index_pattern": "filebeat-*", + "series_time_field": "@timestamp", + "split_color_mode": "rainbow", + "split_mode": "everything", + "stacked": "none", + "terms_field": "aws.vpcflow.action", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": "0", + "filter": { + "language": "kuery", + "query": "fileset.name : \"vpcflow\" and aws.vpcflow.action : \"ACCEPT\" " + }, + "formatter": "number", + "id": "7ec99260-4485-11ea-9ee9-2d27e9149ae8", + "label": "ACCEPT", + "line_width": "2", + "metrics": [ + { + "id": "7ec99261-4485-11ea-9ee9-2d27e9149ae8", + "type": "count" + } + ], + "override_index_pattern": 1, + "point_size": "3", + "separate_axis": 0, + "series_drop_last_bucket": 0, + "series_index_pattern": "filebeat-*", + "series_time_field": "@timestamp", + "split_color_mode": "rainbow", + "split_mode": "everything", + "stacked": "none", + "terms_field": "aws.vpcflow.action", + "terms_order_by": "7ec99261-4485-11ea-9ee9-2d27e9149ae8", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,220,0,1)", + "fill": "0", + "filter": { + "language": "kuery", + "query": "fileset.name : \"vpcflow\" and aws.vpcflow.action : \"-\" " + }, + "formatter": "number", + "id": "8d550580-4485-11ea-9ee9-2d27e9149ae8", + "label": "-", + "line_width": "2", + "metrics": [ + { + "id": "8d552c90-4485-11ea-9ee9-2d27e9149ae8", + "type": "count" + } + ], + "override_index_pattern": 1, + "point_size": "3", + "separate_axis": 0, + "series_drop_last_bucket": 0, + "series_index_pattern": "filebeat-*", + "series_time_field": "@timestamp", + "split_color_mode": "rainbow", + "split_mode": "everything", + "stacked": "none", + "terms_field": "aws.vpcflow.action", + "terms_order_by": "8d552c90-4485-11ea-9ee9-2d27e9149ae8", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "fill": "0.5", + "filter": { + "language": "kuery", + "query": "fileset.name : \"vpcflow\"" + }, + "formatter": "number", + "id": "c8c27df0-4485-11ea-9ee9-2d27e9149ae8", + "label": "Total Requests", + "line_width": "2", + "metrics": [ + { + "id": "c8c27df1-4485-11ea-9ee9-2d27e9149ae8", + "type": "count" + } + ], + "override_index_pattern": 1, + "point_size": "3", + "separate_axis": 0, + "series_drop_last_bucket": 0, + "series_index_pattern": "filebeat-*", + "series_time_field": "@timestamp", + "split_color_mode": "rainbow", + "split_mode": "everything", + "stacked": "none", + "terms_field": "aws.vpcflow.action", + "terms_order_by": "c8c27df1-4485-11ea-9ee9-2d27e9149ae8", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "VPC Flow Total Requests [Filebeat AWS]", + "type": "metrics" + } + }, + "id": "bad8c910-4485-11ea-ad63-791a5dc86f10", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-02-03T16:42:58.806Z", + "version": "WzYzNzgsMV0=" + }, + { + "attributes": { + "columns": [ + "source.ip", + "source.port", + "event.original" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "fileset.name", + "negate": false, + "params": { + "query": "vpcflow" + }, + "type": "phrase", + "value": "vpcflow" + }, + "query": { + "match": { + "fileset.name": { + "query": "vpcflow", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "aws.vpcflow.action", + "negate": false, + "params": { + "query": "REJECT" + }, + "type": "phrase", + "value": "REJECT" + }, + "query": { + "match": { + "aws.vpcflow.action": { + "query": "REJECT", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "VPC Flow Reject Logs [Filebeat AWS]", + "version": 1 + }, + "id": "c1aee600-4487-11ea-ad63-791a5dc86f10", + "migrationVersion": { + "search": "7.4.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2020-02-03T16:42:58.806Z", + "version": "WzYzNzksMV0=" + } + ], + "version": "7.4.0" +} diff --git a/filebeat/module/aws/_meta/kibana/7/dashboard/filebeat-aws-cloudtrail.json b/filebeat/module/aws/_meta/kibana/7/dashboard/filebeat-aws-cloudtrail.json new file mode 100644 index 00000000000..32deaf88e08 --- /dev/null +++ b/filebeat/module/aws/_meta/kibana/7/dashboard/filebeat-aws-cloudtrail.json @@ -0,0 +1,876 @@ +{ + "objects": [ + { + "attributes": { + "description": "Summary of events from AWS CloudTrail.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "hiddenLayers": [], + "isLayerTOCOpen": false, + "mapCenter": { + "lat": 17.90562, + "lon": -12.20429, + "zoom": 0.97 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 15, + "i": "85d26d9a-2a71-4b98-a026-5f513094d6e5", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "85d26d9a-2a71-4b98-a026-5f513094d6e5", + "panelRefName": "panel_0", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "colors": { + "failure": "#E24D42" + }, + "vis": { + "colors": { + "failure": "#E24D42", + "success": "#629E51" + } + } + }, + "gridData": { + "h": 15, + "i": "6b3eff90-3071-451e-a827-ca569e0ac10b", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "6b3eff90-3071-451e-a827-ca569e0ac10b", + "panelRefName": "panel_1", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "952e456a-e9ae-4606-b838-e16019375336", + "w": 12, + "x": 0, + "y": 15 + }, + "panelIndex": "952e456a-e9ae-4606-b838-e16019375336", + "panelRefName": "panel_2", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "802ad09d-5883-4e41-99ac-6c356144d24d", + "w": 12, + "x": 12, + "y": 15 + }, + "panelIndex": "802ad09d-5883-4e41-99ac-6c356144d24d", + "panelRefName": "panel_3", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "3e617d87-3acf-4203-b03b-c907c9145fce", + "w": 12, + "x": 24, + "y": 15 + }, + "panelIndex": "3e617d87-3acf-4203-b03b-c907c9145fce", + "panelRefName": "panel_4", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "d6f03440-c717-4f5e-928c-72ae9d450318", + "w": 12, + "x": 36, + "y": 15 + }, + "panelIndex": "d6f03440-c717-4f5e-928c-72ae9d450318", + "panelRefName": "panel_5", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "2b82a2c9-3809-447c-8e95-52125acccb42", + "w": 30, + "x": 0, + "y": 28 + }, + "panelIndex": "2b82a2c9-3809-447c-8e95-52125acccb42", + "panelRefName": "panel_6", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "40f0a89b-7ce5-498f-a0f0-5c7edf7f8b50", + "w": 18, + "x": 30, + "y": 28 + }, + "panelIndex": "40f0a89b-7ce5-498f-a0f0-5c7edf7f8b50", + "panelRefName": "panel_7", + "version": "8.0.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Filebeat AWS] CloudTrail", + "version": 1 + }, + "id": "9c09cd20-7399-11ea-a345-f985c61fe654", + "migrationVersion": { + "dashboard": "7.3.0" + }, + "references": [ + { + "id": "dae24080-739a-11ea-a345-f985c61fe654", + "name": "panel_0", + "type": "map" + }, + { + "id": "4c23e4c0-739a-11ea-a345-f985c61fe654", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "396089c0-7399-11ea-a345-f985c61fe654", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "0f056420-739e-11ea-a345-f985c61fe654", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "7bca4f50-739c-11ea-a345-f985c61fe654", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "f8b63860-739e-11ea-a345-f985c61fe654", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "30ccde50-7397-11ea-a345-f985c61fe654", + "name": "panel_6", + "type": "search" + }, + { + "id": "8ec43590-739b-11ea-a345-f985c61fe654", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2020-03-31T22:31:45.309Z", + "version": "WzEzNjcsM10=" + }, + { + "attributes": { + "bounds": { + "coordinates": [ + [ + [ + -180, + 74.14342 + ], + [ + -180, + -58.35006 + ], + [ + 180, + -58.35006 + ], + [ + 180, + 74.14342 + ], + [ + -180, + 74.14342 + ] + ] + ], + "type": "Polygon" + }, + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"2c7b49fb-3fb5-4e18-b27f-fabe930971f3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"id\":\"7bfe2df9-9398-4f1a-8cf7-b57aa5f3f31e\",\"geoField\":\"source.geo.location\",\"filterByMapBounds\":true,\"scalingType\":\"LIMIT\",\"topHitsSize\":1,\"type\":\"ES_SEARCH\",\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"applyGlobalQuery\":true,\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#41937c\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"a10fa758-30ad-4e2a-bf9d-472e133a7f17\",\"label\":\"CloudTrail Soure Location\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[],\"query\":{\"query\":\"event.dataset:aws.cloudtrail\",\"language\":\"kuery\"}}]", + "mapStateJSON": "{\"zoom\":1.97,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":false,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]}", + "title": "CloudTrail Source Location [Filebeat AWS]", + "uiStateJSON": { + "isLayerTOCOpen": true, + "openTOCDetails": [] + } + }, + "id": "dae24080-739a-11ea-a345-f985c61fe654", + "references": [ + { + "id": "filebeat-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "type": "map", + "updated_at": "2020-03-31T21:59:12.263Z", + "version": "WzEyOTgsM10=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "CloudTrail Event Outcome over time [Filebeat AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-24h", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": true, + "missingBucketLabel": "[unknown]", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "CloudTrail Event Outcome over time [Filebeat AWS]", + "type": "area" + } + }, + "id": "4c23e4c0-739a-11ea-a345-f985c61fe654", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "30ccde50-7397-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-03-31T21:55:12.780Z", + "version": "WzEyODksM10=" + }, + { + "attributes": { + "description": "event.action values separated by event.provider.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "CloudTrail Actions [Filebeat AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.provider", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "CloudTrail Actions [Filebeat AWS]", + "type": "pie" + } + }, + "id": "396089c0-7399-11ea-a345-f985c61fe654", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "30ccde50-7397-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-03-31T21:47:31.804Z", + "version": "WzEyODIsM10=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "CloudTrail Event Type [Filebeat AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "CloudTrail Event Type", + "field": "aws.cloudtrail.event_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "CloudTrail Event Type [Filebeat AWS]", + "type": "pie" + } + }, + "id": "0f056420-739e-11ea-a345-f985c61fe654", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "30ccde50-7397-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-03-31T22:22:08.226Z", + "version": "WzEzNDAsM10=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "CloudTrail User Agents [Filebeat AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user_agent.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "CloudTrail User Agents [Filebeat AWS]", + "type": "pie" + } + }, + "id": "7bca4f50-739c-11ea-a345-f985c61fe654", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "30ccde50-7397-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-03-31T22:10:51.717Z", + "version": "WzEzMjAsM10=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "CloudTrail Error Code [Filebeat AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "aws.cloudtrail.error_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "CloudTrail Error Code [Filebeat AWS]", + "type": "pie" + } + }, + "id": "f8b63860-739e-11ea-a345-f985c61fe654", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "30ccde50-7397-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-03-31T22:28:40.294Z", + "version": "WzEzNTgsM10=" + }, + { + "attributes": { + "columns": [ + "user.id", + "event.provider", + "aws.cloudtrail.event_type", + "event.action", + "event.outcome", + "source.address", + "source.geo.region_name" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "aws.cloudtrail" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "aws.cloudtrail" + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [], + "title": "CloudTrail Events [Filebeat AWS]", + "version": 1 + }, + "id": "30ccde50-7397-11ea-a345-f985c61fe654", + "migrationVersion": { + "search": "7.4.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2020-03-31T21:32:58.421Z", + "version": "WzEyNzMsM10=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "CloudTrail Top User IDs [Filebeat AWS]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User ID", + "field": "user.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 25 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "CloudTrail Top User IDs [Filebeat AWS]", + "type": "table" + } + }, + "id": "8ec43590-739b-11ea-a345-f985c61fe654", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "30ccde50-7397-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-03-31T22:04:14.057Z", + "version": "WzEzMTEsM10=" + } + ], + "version": "8.0.0-SNAPSHOT" +} diff --git a/filebeat/module/aws/cloudtrail/README.md b/filebeat/module/aws/cloudtrail/README.md new file mode 100644 index 00000000000..e415c4967ac --- /dev/null +++ b/filebeat/module/aws/cloudtrail/README.md @@ -0,0 +1,39 @@ +Filebeat module for AWS CloudTrail Logs +=== + +Module for AWS CloudTrail logs which captures information about +actions taken by a user, role or an AWS service. Events include +actions taken in the AWS Management Console, AWS Command Line +interface and AWS SDKs and APIs. These logs can +help with: + +* Governance +* Compliance +* Operational and risk auditing + +Implementation based on the description of CloudTrail from the +documentation that can be found in: + +* CloudTrail Record Contents: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html +* CloudTrail Log File Examples: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-examples.html + +It should be noted that the `cloudtrail` fileset does not read the +CloudTrail Digest files that are delivered to the S3 bucket when Log +File Integrity is turned on, it only reads the CloudTrail logs. + +How to manual test this module +=== + +* Create a CloudTrail with a S3 bucket as the storage location +* Configure this S3 bucket to send "All object create events" to a SQS queue +* Configure filebeat, using the SQS queue url with s3 notification setup in +previous step. +``` +filebeat.modules: +- module: aws + cloudtrail: + enabled: true + var.queue_url: + var.credential_profile_name: +``` +* Check parsed logs diff --git a/filebeat/module/aws/cloudtrail/_meta/fields.epr.yml b/filebeat/module/aws/cloudtrail/_meta/fields.epr.yml new file mode 100644 index 00000000000..91c417b502a --- /dev/null +++ b/filebeat/module/aws/cloudtrail/_meta/fields.epr.yml @@ -0,0 +1,45 @@ +- name: event.action + type: keyword + description: The action captured by the event. +- name: event.original + type: keyword + description: Raw text message of entire event. Used to demonstrate log integrity. +- name: user.name + type: keyword + description: Short name or login of the user. +- name: user.id + type: keyword + description: Unique identifier of the user. +- name: cloud.account.id + type: keyword + description: The cloud account or organization id used to identify different entities in a multi-tenant environment. +- name: event.provider + type: keyword + description: Source of the event. +- name: cloud.region + type: keyword + description: Region in which this host is running. +- name: source.address + type: keyword + description: Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the .address field. +- name: source.ip + type: ip + description: IP address of the source (IPv4 or IPv6). +- name: user_agent.device.name + type: keyword + description: Name of the device. +- name: user_agent.name + type: keyword + description: Name of the user agent. +- name: user_agent.original + type: keyword + description: Unparsed user_agent string. +- name: related.user + type: keyword + description: All the user names seen on your event. +- name: event.kind + type: keyword + description: Event kind (e.g. event, alert, metric, state, pipeline_error, signal) +- name: event.type + type: keyword + description: Event severity (e.g. info, error) diff --git a/filebeat/module/aws/cloudtrail/_meta/fields.yml b/filebeat/module/aws/cloudtrail/_meta/fields.yml new file mode 100644 index 00000000000..2d3fe16a9fb --- /dev/null +++ b/filebeat/module/aws/cloudtrail/_meta/fields.yml @@ -0,0 +1,185 @@ +- name: cloudtrail + type: group + release: beta + default_field: false + description: > + Fields for AWS CloudTrail logs. + fields: + - name: event_version + type: keyword + description: > + The CloudTrail version of the log event format. + - name: user_identity + type: group + description: >- + The userIdentity element contains details about the type of + IAM identity that made the request, and which credentials were + used. If temporary credentials were used, the element shows how the + credentials were obtained. + fields: + - name: type + type: keyword + description: > + The type of the identity + - name: arn + type: keyword + description: >- + The Amazon Resource Name (ARN) of the principal that made the call. + - name: access_key_id + type: keyword + description: >- + The access key ID that was used to sign the request. + - name: session_context + type: group + description: >- + If the request was made with temporary security + credentials, an element that provides information about the session + that was created for those credentials + fields: + - name: mfa_authenticated + type: keyword + description: >- + The value is true if the root user or IAM user whose + credentials were used for the request also was authenticated with an + MFA device; otherwise, false. + - name: creation_date + type: date + description: >- + The date and time when the temporary security credentials were issued. + - name: invoked_by + type: keyword + description: >- + The name of the AWS service that made the request, such as + Amazon EC2 Auto Scaling or AWS Elastic Beanstalk. + - name: session_issuer + type: group + description: >- + If the request was made with temporary security + credentials, an element that provides information about + how the credentials were obtained. + fields: + - name: type + type: keyword + description: >- + The source of the temporary security credentials, such + as Root, IAMUser, or Role. + - name: principal_id + type: keyword + description: >- + The internal ID of the entity that was used to get + credentials. + - name: arn + type: keyword + description: >- + The ARN of the source (account, IAM user, or role) + that was used to get temporary security credentials. + - name: account_id + type: keyword + description: >- + The account that owns the entity that was used to get + credentials. + - name: error_code + type: keyword + description: >- + The AWS service error if the request returns an error. + - name: error_message + type: keyword + description: >- + If the request returns an error, the description of the error. + - name: request_parameters + type: keyword + description: >- + The parameters, if any, that were sent with the request. + - name: response_elements + type: keyword + description: >- + The response element for actions that make changes (create, + update, or delete actions). + - name: additional_eventdata + type: keyword + description: >- + Additional data about the event that was not part of the + request or response. + - name: request_id + type: keyword + description: >- + The value that identifies the request. The service being + called generates this value. + - name: event_type + type: keyword + description: >- + Identifies the type of event that generated the event record. + - name: api_version + type: keyword + description: >- + Identifies the API version associated with the AwsApiCall + eventType value. + - name: management_event + type: keyword + description: >- + A Boolean value that identifies whether the event is a + management event. + - name: read_only + type: keyword + description: >- + Identifies whether this operation is a read-only operation. + - name: resources + type: group + description: >- + A list of resources accessed in the event. + fields: + - name: arn + type: keyword + description: >- + Resource ARNs + - name: account_id + type: keyword + description: >- + Account ID of the resource owner + - name: type + type: keyword + description: >- + Resource type identifier in the format: AWS::aws-service-name::data-type-name + - name: recipient_account_id + type: keyword + description: >- + Represents the account ID that received this event. + - name: service_event_details + type: keyword + description: >- + Identifies the service event, including what triggered the + event and the result. + - name: shared_event_id + type: keyword + description: >- + GUID generated by CloudTrail to uniquely identify CloudTrail + events from the same AWS action that is sent to different AWS + accounts. + - name: vpc_endpoint_id + type: keyword + description: >- + Identifies the VPC endpoint in which requests were made from a + VPC to another AWS service, such as Amazon S3. + - name: console_login + type: group + description: >- + Fields specific to ConsoleLogin events + fields: + - name: additional_eventdata + type: group + description: > + Additional Event Data for ConsoleLogin events + fields: + - name: mobile_version + type: boolean + description: >- + Identifies whether ConsoleLogin was from mobile version + - name: login_to + type: keyword + description: >- + URL for ConsoleLogin + - name: mfa_used + type: boolean + description: >- + Identifies whether multi factor authentication was + used during ConsoleLogin diff --git a/filebeat/module/aws/cloudtrail/config/file.yml b/filebeat/module/aws/cloudtrail/config/file.yml new file mode 100644 index 00000000000..8bfbcc9f802 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/config/file.yml @@ -0,0 +1,6 @@ +type: log +paths: + {{ range $i, $path := .paths }} + - {{$path}} + {{ end }} +exclude_files: [".gz$"] diff --git a/filebeat/module/aws/cloudtrail/config/s3.yml b/filebeat/module/aws/cloudtrail/config/s3.yml new file mode 100644 index 00000000000..f587cb26d85 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/config/s3.yml @@ -0,0 +1,39 @@ +type: s3 +queue_url: {{ .queue_url }} +expand_event_list_from_field: Records + +{{ if .credential_profile_name }} +credential_profile_name: {{ .credential_profile_name }} +{{ end }} + +{{ if .shared_credential_file }} +shared_credential_file: {{ .shared_credential_file }} +{{ end }} + +{{ if .visibility_timeout }} +visibility_timeout: {{ .visibility_timeout }} +{{ end }} + +{{ if .api_timeout }} +api_timeout: {{ .api_timeout }} +{{ end }} + +{{ if .endpoint }} +endpoint: {{ .endpoint }} +{{ end }} + +{{ if .access_key_id }} +access_key_id: {{ .access_key_id }} +{{ end }} + +{{ if .secret_access_key }} +secret_access_key: {{ .secret_access_key }} +{{ end }} + +{{ if .session_token }} +session_token: {{ .session_token }} +{{ end }} + +{{ if .role_arn }} +role_arn: {{ .role_arn }} +{{ end }} diff --git a/filebeat/module/aws/cloudtrail/ingest/pipeline.yml b/filebeat/module/aws/cloudtrail/ingest/pipeline.yml new file mode 100644 index 00000000000..eef0c339b99 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/ingest/pipeline.yml @@ -0,0 +1,273 @@ +--- +description: Pipeline for AWS CloudTrail Logs +processors: + - rename: + field: "message" + target_field: "event.original" + - json: + field: "event.original" + target_field: "json" + - date: + field: "json.eventTime" + target_field: "@timestamp" + ignore_failure: true + formats: + - ISO8601 + - rename: + field: "json.eventVersion" + target_field: "aws.cloudtrail.event_version" + ignore_failure: true + - rename: + field: "json.userIdentity.type" + target_field: "aws.cloudtrail.user_identity.type" + ignore_failure: true + - rename: + field: "json.userIdentity.userName" + target_field: "user.name" + ignore_failure: true + - rename: + field: "json.userIdentity.principalId" + target_field: "user.id" + ignore_failure: true + - rename: + field: "json.userIdentity.arn" + target_field: "aws.cloudtrail.user_identity.arn" + ignore_failure: true + - rename: + field: "json.userIdentity.accountId" + target_field: "cloud.account.id" + ignore_failure: true + - rename: + field: "json.userIdentity.accessKeyId" + target_field: "aws.cloudtrail.user_identity.access_key_id" + ignore_failure: true + - rename: + field: "json.userIdentity.sessionContext.attributes.mfaAuthenticated" + target_field: "aws.cloudtrail.user_identity.session_context.mfa_authenticated" + ignore_failure: true + - date: + field: "json.userIdentity.sessionContext.attributes.creationDate" + target_field: "aws.cloudtrail.user_identity.session_context.creation_date" + ignore_failure: true + formats: + - ISO8601 + - rename: + field: "json.userIdentity.invokedBy" + target_field: "aws.cloudtrail.user_identity.invoked_by" + ignore_failure: true + - rename: + field: "json.userIdentity.sessionIssuer.type" + target_field: "aws.cloudtrail.user_identity.session_issuer.type" + ignore_failure: true +# userIdentity.sessionIssuer.userName is only set with assumed roles. + - rename: + field: "json.userIdentity.sessionIssuer.userName" + target_field: "user.name" + ignore_failure: true + - rename: + field: "json.userIdentity.sessionIssuer.principalId" + target_field: "aws.cloudtrail.user_identity.session_issuer.principal_id" + ignore_failure: true + - rename: + field: "json.userIdentity.sessionIssuer.arn" + target_field: "aws.cloudtrail.user_identity.session_issuer.arn" + ignore_failure: true + - rename: + field: "json.userIdentity.sessionIssuer.accountId" + target_field: "aws.cloudtrail.user_identity.session_issuer.account_id" + ignore_failure: true + - rename: + field: "json.eventSource" + target_field: "event.provider" + ignore_failure: true + - set: + field: "event.action" + value: "{{json.eventName}}" + ignore_failure: true + - rename: + field: "json.awsRegion" + target_field: "cloud.region" + ignore_failure: true + - rename: + field: "json.sourceIPAddress" + target_field: "source.address" + ignore_failure: true + - grok: + field: source.address + ignore_failure: true + patterns: + - ^%{IP:source.ip}$ + - geoip: + field: "source.ip" + target_field: "source.geo" + ignore_failure: true + ignore_missing: true + - user_agent: + field: "json.userAgent" + target_field: "user_agent" + on_failure: + - rename: + field: "json.userAgent" + target_field: "user_agent.original" + ignore_failure: true + - rename: + field: "json.errorCode" + target_field: "aws.cloudtrail.error_code" + ignore_failure: true + - rename: + field: "json.errorMessage" + target_field: "aws.cloudtrail.error_message" + ignore_failure: true + - script: + lang: painless + source: | + if (ctx.json.requestParameters != null) { + ctx.aws.cloudtrail.request_parameters = ctx.json.requestParameters.toString(); + } + ignore_failure: true + - script: + lang: painless + source: | + if (ctx.json.responseElements != null) { + ctx.aws.cloudtrail.response_elements = ctx.json.responseElements.toString(); + } + ignore_failure: true + - script: + lang: painless + source: | + if (ctx.json.additionalEventData != null) { + ctx.aws.cloudtrail.additional_eventdata = ctx.json.additionalEventData.toString(); + } + ignore_failure: true + - rename: + field: "json.requestId" + target_field: "aws.cloudtrail.request_id" + ignore_failure: true + - rename: + field: "json.eventID" + target_field: event.id + ignore_failure: true + - rename: + field: "json.eventType" + target_field: "aws.cloudtrail.event_type" + ignore_failure: true + - rename: + field: "json.apiVersion" + target_field: "aws.cloudtrail.api_version" + ignore_failure: true + - rename: + field: "json.managementEvent" + target_field: "aws.cloudtrail.management_event" + ignore_failure: true + - rename: + field: "json.readOnly" + target_field: "aws.cloudtrail.read_only" + ignore_failure: true + - rename: + field: "json.resources.ARN" + target_field: "aws.cloudtrail.resources.arn" + ignore_failure: true + - rename: + field: "json.resources.accountId" + target_field: "aws.cloudtrail.resources.account_id" + ignore_failure: true + - rename: + field: "json.resources.type" + target_field: "aws.cloudtrail.resources.type" + ignore_failure: true + - rename: + field: "json.recipientAccountId" + target_field: "aws.cloudtrail.recipient_account_id" + ignore_failure: true + - script: + lang: painless + source: | + if (ctx.json.serviceEventDetails != null) { + ctx.aws.cloudtrail.service_event_details = ctx.json.serviceEventDetails.toString(); + } + ignore_failure: true + - rename: + field: "json.sharedEventId" + target_field: "aws.cloudtrail.shared_event_id" + ignore_failure: true + - rename: + field: "json.vpcEndpointId" + target_field: "aws.cloudtrail.vpc_endpoint_id" + ignore_failure: true + - script: + lang: painless + ignore_failure: true + source: >- + void addRelatedUser(def ctx, String userName) { + if (ctx.related == null) { + Map map = new HashMap(); + ctx.put("related", map); + } + if (ctx.related.user == null) { + ArrayList al = new ArrayList(); + ctx.related.put("user", al); + } + ctx.related.user.add(userName); + } + + ctx.event.type = 'info'; + ctx.event.kind = 'event'; + if (ctx.aws.cloudtrail.error_code != null || ctx.aws.cloudtrail.error_message != null) { + ctx.event.outcome = 'failure' + } else { + ctx.event.outcome = 'success' + } + + if (ctx.json?.eventName == 'ConsoleLogin') { + ctx.event.category = 'authentication'; + if (ctx.json?.responseElements.ConsoleLogin != null) { + ctx.event.outcome = Processors.lowercase(ctx.json.responseElements.ConsoleLogin); + } + } + + if (ctx.json?.requestParameters.userName != null) { + addRelatedUser(ctx, ctx.json.requestParameters.userName); + } + if (ctx.json?.requestParameters.newUserName != null) { + addRelatedUser(ctx, ctx.json.requestParameters.newUserName); + } + + - script: + lang: painless + ignore_failure: true + source: >- + if (ctx.json?.eventName != 'ConsoleLogin') { + return; + } + Map aed_map = new HashMap(); + if (ctx.json?.additionalEventData?.MobileVersion != null) { + if (ctx.json.additionalEventData.MobileVersion == 'No') { + aed_map.put("mobile_version", false); + } else { + aed_map.put("mobile_version", true); + } + } + if (ctx.json?.additionalEventData?.LoginTo != null) { + aed_map.put("login_to", ctx.json.additionalEventData.LoginTo); + } + if (ctx.json?.additionalEventData?.MFAUsed != null) { + if (ctx.json.additionalEventData.MFAUsed == 'No') { + aed_map.put("mfa_used", false); + } else { + aed_map.put("mfa_used", true); + } + } + if (aed_map.size() > 0) { + Map cl_map = new HashMap(); + cl_map.put("additional_eventdata", aed_map); + ctx.aws.cloudtrail.put("console_login", cl_map); + } + + - remove: + field: + - "json" + ignore_missing: true +on_failure: + - set: + field: "error.message" + value: "{{ _ingest.on_failure_message }}" diff --git a/filebeat/module/aws/cloudtrail/manifest.yml b/filebeat/module/aws/cloudtrail/manifest.yml new file mode 100644 index 00000000000..16d188c1c0d --- /dev/null +++ b/filebeat/module/aws/cloudtrail/manifest.yml @@ -0,0 +1,18 @@ +module_version: 1.0 + +var: + - name: input + default: s3 + - name: queue_url + - name: shared_credential_file + - name: credential_profile_name + - name: visibility_timeout + - name: api_timeout + - name: endpoint + - name: access_key_id + - name: secret_access_key + - name: session_token + - name: role_arn + +ingest_pipeline: ingest/pipeline.yml +input: config/{{.input}}.yml diff --git a/filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log b/filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log new file mode 100644 index 00000000000..4c067668bed --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log @@ -0,0 +1 @@ +{"eventVersion":"1.0","userIdentity":{"type":"IAMUser","principalId":"EX_PRINCIPAL_ID","arn":"arn:aws:iam::123456789012:user/Alice","accountId":"123456789012","accessKeyId":"EXAMPLE_KEY_ID","userName":"Alice","sessionContext":{"attributes":{"mfaAuthenticated":"false","creationDate":"2014-03-25T18:45:11Z"}}},"eventTime":"2014-03-25T21:08:14Z","eventSource":"iam.amazonaws.com","eventName":"AddUserToGroup","awsRegion":"us-east-2","sourceIPAddress":"127.0.0.1","userAgent":"AWSConsole","requestParameters":{"userName":"Bob","groupName":"admin"},"responseElements":null} diff --git a/filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log-expected.json new file mode 100644 index 00000000000..9b36d634481 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log-expected.json @@ -0,0 +1,36 @@ +[ + { + "@timestamp": "2014-03-25T21:08:14.000Z", + "aws.cloudtrail.event_version": "1.0", + "aws.cloudtrail.request_parameters": "{groupName=admin, userName=Bob}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY_ID", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::123456789012:user/Alice", + "aws.cloudtrail.user_identity.session_context.creation_date": "2014-03-25T18:45:11.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "false", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "123456789012", + "cloud.region": "us-east-2", + "event.action": "AddUserToGroup", + "event.dataset": "aws.cloudtrail", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.0\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EX_PRINCIPAL_ID\",\"arn\":\"arn:aws:iam::123456789012:user/Alice\",\"accountId\":\"123456789012\",\"accessKeyId\":\"EXAMPLE_KEY_ID\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"false\",\"creationDate\":\"2014-03-25T18:45:11Z\"}}},\"eventTime\":\"2014-03-25T21:08:14Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"AddUserToGroup\",\"awsRegion\":\"us-east-2\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"AWSConsole\",\"requestParameters\":{\"userName\":\"Bob\",\"groupName\":\"admin\"},\"responseElements\":null}", + "event.outcome": "success", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "related.user": [ + "Bob" + ], + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EX_PRINCIPAL_ID", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "AWSConsole" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/assume-role-json.log b/filebeat/module/aws/cloudtrail/test/assume-role-json.log new file mode 100644 index 00000000000..c2a4a5e884b --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/assume-role-json.log @@ -0,0 +1 @@ +{"eventVersion":"1.05","userIdentity":{"type":"AssumedRole","principalId":"AROAIN5ATK5U7KEXAMPLE:JohnRole1","arn":"arn:aws:sts::111111111111:assumed-role/JohnDoe/JohnRole1","accountId":"111111111111","accessKeyId":"AKIAI44QH8DHBEXAMPLE","sessionContext":{"attributes":{"mfaAuthenticated":"false","creationDate":"2019-10-02T21:50:54Z"},"sessionIssuer":{"type":"Role","principalId":"AROAIN5ATK5U7KEXAMPLE","arn":"arn:aws:iam::111111111111:role/JohnRole1","accountId":"111111111111","userName":"JohnDoe"}}},"eventTime":"2019-10-02T22:12:29Z","eventSource":"sts.amazonaws.com","eventName":"AssumeRole","awsRegion":"us-east-2","sourceIPAddress":"123.145.67.89","userAgent":"aws-cli/1.16.248 Python/3.4.7 Linux/4.9.184-0.1.ac.235.83.329.metal1.x86_64 botocore/1.12.239","requestParameters":{"incomingTransitiveTags":{"Department":"Engineering"},"tags":[{"value":"johndoe@example.com","key":"Email"},{"value":"12345","key":"CostCenter"}],"roleArn":"arn:aws:iam::111111111111:role/JohnRole2","roleSessionName":"Role2WithTags","transitiveTagKeys":["Email","CostCenter"],"durationSeconds":3600},"responseElements":{"credentials":{"accessKeyId":"ASIAWHOJDLGPOEXAMPLE","expiration":"Oct 2, 2019 11:12:29 PM","sessionToken":"AgoJb3JpZ2luX2VjEB4aCXVzLXdlc3QtMSJHMEXAMPLETOKEN+//rJb8Lo30mFc5MlhFCEbubZvEj0wHB/mDMwIgSEe9gk/Zjr09tZV7F1HDTMhmEXAMPLETOKEN/iEJ/rkqngII9///////////ARABGgw0MjgzMDc4NjM5NjYiDLZjZFKwP4qxQG5sFCryASO4UPz5qE97wPPH1eLMvs7CgSDBSWfonmRTCfokm2FN1+hWUdQQH6adjbbrVLFL8c3jSsBhQ383AvxpwK5YRuDE1AI/+C+WKFZb701eiv9J5La2EXAMPLETOKEN/c7S5Iro1WUJ0q3Cxuo/8HUoSxVhQHM7zF7mWWLhXLEQ52ivL+F6q5dpXu4aTFedpMfnJa8JtkWwG9x1Axj0Ypy2ok8v5unpQGWych1vwdvj6ez1Dm8Xg1+qIzXILiEXAMPLETOKEN/vQGqu8H+nxp3kabcrtOvTFTvxX6vsc8OGwUfHhzAfYGEXAMPLETOKEN/L6v1yMM3B1OwFOrQBno1HEjf1oNI8RnQiMNFdUOtwYj7HUZIOCZmjfN8PPHq77N7GJl9lzvIZKQA0Owcjg+mc78zHCj8y0siY8C96paEXAMPLETOKEN/E3cpksxWdgs91HRzJWScjN2+r2LTGjYhyPqcmFzzo2mCE7mBNEXAMPLETOKEN/oJy+2o83YNW5tOiDmczgDzJZ4UKR84yGYOMfSnF4XcEJrDgAJ3OJFwmTcTQICAlSwLEXAMPLETOKEN"},"assumedRoleUser":{"assumedRoleId":"AROAIFR7WHDTSOYQYHFUE:Role2WithTags","arn":"arn:aws:sts::111111111111:assumed-role/test-role/Role2WithTags"}},"requestID":"b96b0e4e-e561-11e9-8b3f-7b396EXAMPLE","eventID":"1917948f-3042-46ec-98e2-62865EXAMPLE","resources":[{"ARN":"arn:aws:iam::111122223333:role/JohnRole2","accountId":"111111111111","type":"AWS::IAM::Role"}],"eventType":"AwsApiCall","recipientAccountId":"111111111111"} diff --git a/filebeat/module/aws/cloudtrail/test/assume-role-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/assume-role-json.log-expected.json new file mode 100644 index 00000000000..78ad7dc6984 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/assume-role-json.log-expected.json @@ -0,0 +1,46 @@ +[ + { + "@timestamp": "2019-10-02T22:12:29.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "111111111111", + "aws.cloudtrail.request_parameters": "{incomingTransitiveTags={Department=Engineering}, transitiveTagKeys=[Email, CostCenter], durationSeconds=3600, roleArn=arn:aws:iam::111111111111:role/JohnRole2, roleSessionName=Role2WithTags, tags=[{value=johndoe@example.com, key=Email}, {value=12345, key=CostCenter}]}", + "aws.cloudtrail.response_elements": "{assumedRoleUser={assumedRoleId=AROAIFR7WHDTSOYQYHFUE:Role2WithTags, arn=arn:aws:sts::111111111111:assumed-role/test-role/Role2WithTags}, credentials={accessKeyId=ASIAWHOJDLGPOEXAMPLE, sessionToken=AgoJb3JpZ2luX2VjEB4aCXVzLXdlc3QtMSJHMEXAMPLETOKEN+//rJb8Lo30mFc5MlhFCEbubZvEj0wHB/mDMwIgSEe9gk/Zjr09tZV7F1HDTMhmEXAMPLETOKEN/iEJ/rkqngII9///////////ARABGgw0MjgzMDc4NjM5NjYiDLZjZFKwP4qxQG5sFCryASO4UPz5qE97wPPH1eLMvs7CgSDBSWfonmRTCfokm2FN1+hWUdQQH6adjbbrVLFL8c3jSsBhQ383AvxpwK5YRuDE1AI/+C+WKFZb701eiv9J5La2EXAMPLETOKEN/c7S5Iro1WUJ0q3Cxuo/8HUoSxVhQHM7zF7mWWLhXLEQ52ivL+F6q5dpXu4aTFedpMfnJa8JtkWwG9x1Axj0Ypy2ok8v5unpQGWych1vwdvj6ez1Dm8Xg1+qIzXILiEXAMPLETOKEN/vQGqu8H+nxp3kabcrtOvTFTvxX6vsc8OGwUfHhzAfYGEXAMPLETOKEN/L6v1yMM3B1OwFOrQBno1HEjf1oNI8RnQiMNFdUOtwYj7HUZIOCZmjfN8PPHq77N7GJl9lzvIZKQA0Owcjg+mc78zHCj8y0siY8C96paEXAMPLETOKEN/E3cpksxWdgs91HRzJWScjN2+r2LTGjYhyPqcmFzzo2mCE7mBNEXAMPLETOKEN/oJy+2o83YNW5tOiDmczgDzJZ4UKR84yGYOMfSnF4XcEJrDgAJ3OJFwmTcTQICAlSwLEXAMPLETOKEN, expiration=Oct 2, 2019 11:12:29 PM}}", + "aws.cloudtrail.user_identity.access_key_id": "AKIAI44QH8DHBEXAMPLE", + "aws.cloudtrail.user_identity.arn": "arn:aws:sts::111111111111:assumed-role/JohnDoe/JohnRole1", + "aws.cloudtrail.user_identity.session_context.creation_date": "2019-10-02T21:50:54.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "false", + "aws.cloudtrail.user_identity.type": "AssumedRole", + "cloud.account.id": "111111111111", + "cloud.region": "us-east-2", + "event.action": "AssumeRole", + "event.dataset": "aws.cloudtrail", + "event.id": "1917948f-3042-46ec-98e2-62865EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"AssumedRole\",\"principalId\":\"AROAIN5ATK5U7KEXAMPLE:JohnRole1\",\"arn\":\"arn:aws:sts::111111111111:assumed-role/JohnDoe/JohnRole1\",\"accountId\":\"111111111111\",\"accessKeyId\":\"AKIAI44QH8DHBEXAMPLE\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"false\",\"creationDate\":\"2019-10-02T21:50:54Z\"},\"sessionIssuer\":{\"type\":\"Role\",\"principalId\":\"AROAIN5ATK5U7KEXAMPLE\",\"arn\":\"arn:aws:iam::111111111111:role/JohnRole1\",\"accountId\":\"111111111111\",\"userName\":\"JohnDoe\"}}},\"eventTime\":\"2019-10-02T22:12:29Z\",\"eventSource\":\"sts.amazonaws.com\",\"eventName\":\"AssumeRole\",\"awsRegion\":\"us-east-2\",\"sourceIPAddress\":\"123.145.67.89\",\"userAgent\":\"aws-cli/1.16.248 Python/3.4.7 Linux/4.9.184-0.1.ac.235.83.329.metal1.x86_64 botocore/1.12.239\",\"requestParameters\":{\"incomingTransitiveTags\":{\"Department\":\"Engineering\"},\"tags\":[{\"value\":\"johndoe@example.com\",\"key\":\"Email\"},{\"value\":\"12345\",\"key\":\"CostCenter\"}],\"roleArn\":\"arn:aws:iam::111111111111:role/JohnRole2\",\"roleSessionName\":\"Role2WithTags\",\"transitiveTagKeys\":[\"Email\",\"CostCenter\"],\"durationSeconds\":3600},\"responseElements\":{\"credentials\":{\"accessKeyId\":\"ASIAWHOJDLGPOEXAMPLE\",\"expiration\":\"Oct 2, 2019 11:12:29 PM\",\"sessionToken\":\"AgoJb3JpZ2luX2VjEB4aCXVzLXdlc3QtMSJHMEXAMPLETOKEN+//rJb8Lo30mFc5MlhFCEbubZvEj0wHB/mDMwIgSEe9gk/Zjr09tZV7F1HDTMhmEXAMPLETOKEN/iEJ/rkqngII9///////////ARABGgw0MjgzMDc4NjM5NjYiDLZjZFKwP4qxQG5sFCryASO4UPz5qE97wPPH1eLMvs7CgSDBSWfonmRTCfokm2FN1+hWUdQQH6adjbbrVLFL8c3jSsBhQ383AvxpwK5YRuDE1AI/+C+WKFZb701eiv9J5La2EXAMPLETOKEN/c7S5Iro1WUJ0q3Cxuo/8HUoSxVhQHM7zF7mWWLhXLEQ52ivL+F6q5dpXu4aTFedpMfnJa8JtkWwG9x1Axj0Ypy2ok8v5unpQGWych1vwdvj6ez1Dm8Xg1+qIzXILiEXAMPLETOKEN/vQGqu8H+nxp3kabcrtOvTFTvxX6vsc8OGwUfHhzAfYGEXAMPLETOKEN/L6v1yMM3B1OwFOrQBno1HEjf1oNI8RnQiMNFdUOtwYj7HUZIOCZmjfN8PPHq77N7GJl9lzvIZKQA0Owcjg+mc78zHCj8y0siY8C96paEXAMPLETOKEN/E3cpksxWdgs91HRzJWScjN2+r2LTGjYhyPqcmFzzo2mCE7mBNEXAMPLETOKEN/oJy+2o83YNW5tOiDmczgDzJZ4UKR84yGYOMfSnF4XcEJrDgAJ3OJFwmTcTQICAlSwLEXAMPLETOKEN\"},\"assumedRoleUser\":{\"assumedRoleId\":\"AROAIFR7WHDTSOYQYHFUE:Role2WithTags\",\"arn\":\"arn:aws:sts::111111111111:assumed-role/test-role/Role2WithTags\"}},\"requestID\":\"b96b0e4e-e561-11e9-8b3f-7b396EXAMPLE\",\"eventID\":\"1917948f-3042-46ec-98e2-62865EXAMPLE\",\"resources\":[{\"ARN\":\"arn:aws:iam::111122223333:role/JohnRole2\",\"accountId\":\"111111111111\",\"type\":\"AWS::IAM::Role\"}],\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"111111111111\"}", + "event.outcome": "success", + "event.provider": "sts.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.address": "123.145.67.89", + "source.geo.continent_name": "Asia", + "source.geo.country_iso_code": "CN", + "source.geo.location.lat": 29.5569, + "source.geo.location.lon": 106.5531, + "source.geo.region_iso_code": "CN-CQ", + "source.geo.region_name": "Chongqing", + "source.ip": "123.145.67.89", + "user.id": "AROAIN5ATK5U7KEXAMPLE:JohnRole1", + "user_agent.device.name": "Spider", + "user_agent.name": "aws-cli", + "user_agent.original": "aws-cli/1.16.248 Python/3.4.7 Linux/4.9.184-0.1.ac.235.83.329.metal1.x86_64 botocore/1.12.239", + "user_agent.os.full": "Linux 4.9.184", + "user_agent.os.name": "Linux", + "user_agent.os.version": "4.9.184", + "user_agent.version": "1.16.248" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/change-password-json.log b/filebeat/module/aws/cloudtrail/test/change-password-json.log new file mode 100644 index 00000000000..b3c1f2a10d3 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/change-password-json.log @@ -0,0 +1,2 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"0123456789012","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY","userName":"Alice"},"eventTime":"2020-01-09T00:09:33Z","eventSource":"iam.amazonaws.com","eventName":"ChangePassword","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46","errorCode":"AccessDeniedException","errorMessage":"An unknown error occurred","requestParameters":null,"responseElements":null,"requestID":"EXAMPLE-5204-4fed-9c60-9c6EXAMPLE","eventID":"EXAMPLE-b92f-48bb-8c4c-efeEXAMPLE","eventType":"AwsApiCall","recipientAccountId":"0123456789012"} +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"0123456789012","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY","userName":"Alice"},"eventTime":"2020-01-09T00:03:36Z","eventSource":"iam.amazonaws.com","eventName":"ChangePassword","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46","requestParameters":null,"responseElements":null,"requestID":"EXAMPLE-5c16-4eda-9724-EXAMPLE","eventID":"EXAMPLE-35a7-4c25-9fc7-EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"0123456789012"} diff --git a/filebeat/module/aws/cloudtrail/test/change-password-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/change-password-json.log-expected.json new file mode 100644 index 00000000000..02532f93aa8 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/change-password-json.log-expected.json @@ -0,0 +1,68 @@ +[ + { + "@timestamp": "2020-01-09T00:09:33.000Z", + "aws.cloudtrail.error_code": "AccessDeniedException", + "aws.cloudtrail.error_message": "An unknown error occurred", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-east-1", + "event.action": "ChangePassword", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-b92f-48bb-8c4c-efeEXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"0123456789012\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\"},\"eventTime\":\"2020-01-09T00:09:33Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"ChangePassword\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46\",\"errorCode\":\"AccessDeniedException\",\"errorMessage\":\"An unknown error occurred\",\"requestParameters\":null,\"responseElements\":null,\"requestID\":\"EXAMPLE-5204-4fed-9c60-9c6EXAMPLE\",\"eventID\":\"EXAMPLE-b92f-48bb-8c4c-efeEXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "failure", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "0123456789012", + "user.name": "Alice", + "user_agent.device.name": "Spider", + "user_agent.name": "aws-cli", + "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", + "user_agent.version": "1.16.310" + }, + { + "@timestamp": "2020-01-09T00:03:36.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-east-1", + "event.action": "ChangePassword", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-35a7-4c25-9fc7-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"0123456789012\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\"},\"eventTime\":\"2020-01-09T00:03:36Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"ChangePassword\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46\",\"requestParameters\":null,\"responseElements\":null,\"requestID\":\"EXAMPLE-5c16-4eda-9724-EXAMPLE\",\"eventID\":\"EXAMPLE-35a7-4c25-9fc7-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "success", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 720, + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "0123456789012", + "user.name": "Alice", + "user_agent.device.name": "Spider", + "user_agent.name": "aws-cli", + "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", + "user_agent.version": "1.16.310" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/console-login-json.log b/filebeat/module/aws/cloudtrail/test/console-login-json.log new file mode 100644 index 00000000000..457343adddd --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/console-login-json.log @@ -0,0 +1,3 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"AIDACKCEVSQ6C2EXAMPLE","arn":"arn:aws:iam::111122223333:user/JohnDoe","accountId":"111122223333","userName":"JohnDoe"},"eventTime":"2014-07-16T15:49:27Z","eventSource":"signin.amazonaws.com","eventName":"ConsoleLogin","awsRegion":"us-east-2","sourceIPAddress":"192.0.2.110","userAgent":"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0","requestParameters":null,"responseElements":{"ConsoleLogin":"Success"},"additionalEventData":{"MobileVersion":"No","LoginTo":"https://console.aws.amazon.com/s3/","MFAUsed":"No"},"eventID":"3fcfb182-98f8-4744-bd45-10aEXAMPLE"} +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"AIDACKCEVSQ6C2EXAMPLE","arn":"arn:aws:iam::111122223333:user/JaneDoe","accountId":"111122223333","userName":"JaneDoe"},"eventTime":"2014-07-08T17:35:27Z","eventSource":"signin.amazonaws.com","eventName":"ConsoleLogin","awsRegion":"us-east-2","sourceIPAddress":"192.0.2.100","userAgent":"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0","errorMessage":"Failed authentication","requestParameters":null,"responseElements":{"ConsoleLogin":"Failure"},"additionalEventData":{"MobileVersion":"No","LoginTo":"https://console.aws.amazon.com/sns","MFAUsed":"No"},"eventID":"11ea990b-4678-4bcd-8fbe-625EXAMPLE"} +{"eventVersion":"1.05","userIdentity":{"type":"AssumedRole","principalId":"AROAIDPPEZS35WEXAMPLE:AssumedRoleSessionName","arn":"arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed/MySessionName","accountId":"123456789012","accessKeyId":"AKIAIOSFODNN7EXAMPLE","sessionContext":{"attributes":{"mfaAuthenticated":"false","creationDate":"20131102T010628Z"}},"sessionIssuer":{"type":"Role","principalId":"AROAIDPPEZS35WEXAMPLE","arn":"arn:aws:iam::123456789012:role/RoleToBeAssumed","accountId":"123456789012","userName":"RoleToBeAssumed"}},"eventTime":"2014-07-08T17:35:27Z","eventSource":"signin.amazonaws.com","eventName":"ConsoleLogin","awsRegion":"us-east-2","sourceIPAddress":"192.0.2.100","userAgent":"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0","errorMessage":"Failed authentication","requestParameters":null,"responseElements":{"ConsoleLogin":"Failure"},"additionalEventData":{"MobileVersion":"No","LoginTo":"https://console.aws.amazon.com/sns","MFAUsed":"No"},"eventID":"11ea990b-4678-4bcd-8fbe-625EXAMPLE"} diff --git a/filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json new file mode 100644 index 00000000000..6735d4bbe9a --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json @@ -0,0 +1,124 @@ +[ + { + "@timestamp": "2014-07-16T15:49:27.000Z", + "aws.cloudtrail.additional_eventdata": "{LoginTo=https://console.aws.amazon.com/s3/, MobileVersion=No, MFAUsed=No}", + "aws.cloudtrail.console_login.additional_eventdata.login_to": "https://console.aws.amazon.com/s3/", + "aws.cloudtrail.console_login.additional_eventdata.mfa_used": false, + "aws.cloudtrail.console_login.additional_eventdata.mobile_version": false, + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.response_elements": "{ConsoleLogin=Success}", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::111122223333:user/JohnDoe", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "111122223333", + "cloud.region": "us-east-2", + "event.action": "ConsoleLogin", + "event.category": "authentication", + "event.dataset": "aws.cloudtrail", + "event.id": "3fcfb182-98f8-4744-bd45-10aEXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"AIDACKCEVSQ6C2EXAMPLE\",\"arn\":\"arn:aws:iam::111122223333:user/JohnDoe\",\"accountId\":\"111122223333\",\"userName\":\"JohnDoe\"},\"eventTime\":\"2014-07-16T15:49:27Z\",\"eventSource\":\"signin.amazonaws.com\",\"eventName\":\"ConsoleLogin\",\"awsRegion\":\"us-east-2\",\"sourceIPAddress\":\"192.0.2.110\",\"userAgent\":\"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0\",\"requestParameters\":null,\"responseElements\":{\"ConsoleLogin\":\"Success\"},\"additionalEventData\":{\"MobileVersion\":\"No\",\"LoginTo\":\"https://console.aws.amazon.com/s3/\",\"MFAUsed\":\"No\"},\"eventID\":\"3fcfb182-98f8-4744-bd45-10aEXAMPLE\"}", + "event.outcome": "success", + "event.provider": "signin.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.address": "192.0.2.110", + "source.ip": "192.0.2.110", + "user.id": "AIDACKCEVSQ6C2EXAMPLE", + "user.name": "JohnDoe", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0", + "user_agent.os.full": "Windows 7", + "user_agent.os.name": "Windows", + "user_agent.os.version": "7", + "user_agent.version": "24.0." + }, + { + "@timestamp": "2014-07-08T17:35:27.000Z", + "aws.cloudtrail.additional_eventdata": "{LoginTo=https://console.aws.amazon.com/sns, MobileVersion=No, MFAUsed=No}", + "aws.cloudtrail.console_login.additional_eventdata.login_to": "https://console.aws.amazon.com/sns", + "aws.cloudtrail.console_login.additional_eventdata.mfa_used": false, + "aws.cloudtrail.console_login.additional_eventdata.mobile_version": false, + "aws.cloudtrail.error_message": "Failed authentication", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.response_elements": "{ConsoleLogin=Failure}", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::111122223333:user/JaneDoe", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "111122223333", + "cloud.region": "us-east-2", + "event.action": "ConsoleLogin", + "event.category": "authentication", + "event.dataset": "aws.cloudtrail", + "event.id": "11ea990b-4678-4bcd-8fbe-625EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"AIDACKCEVSQ6C2EXAMPLE\",\"arn\":\"arn:aws:iam::111122223333:user/JaneDoe\",\"accountId\":\"111122223333\",\"userName\":\"JaneDoe\"},\"eventTime\":\"2014-07-08T17:35:27Z\",\"eventSource\":\"signin.amazonaws.com\",\"eventName\":\"ConsoleLogin\",\"awsRegion\":\"us-east-2\",\"sourceIPAddress\":\"192.0.2.100\",\"userAgent\":\"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0\",\"errorMessage\":\"Failed authentication\",\"requestParameters\":null,\"responseElements\":{\"ConsoleLogin\":\"Failure\"},\"additionalEventData\":{\"MobileVersion\":\"No\",\"LoginTo\":\"https://console.aws.amazon.com/sns\",\"MFAUsed\":\"No\"},\"eventID\":\"11ea990b-4678-4bcd-8fbe-625EXAMPLE\"}", + "event.outcome": "failure", + "event.provider": "signin.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 658, + "service.type": "aws", + "source.address": "192.0.2.100", + "source.ip": "192.0.2.100", + "user.id": "AIDACKCEVSQ6C2EXAMPLE", + "user.name": "JaneDoe", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0", + "user_agent.os.full": "Windows 7", + "user_agent.os.name": "Windows", + "user_agent.os.version": "7", + "user_agent.version": "24.0." + }, + { + "@timestamp": "2014-07-08T17:35:27.000Z", + "aws.cloudtrail.additional_eventdata": "{LoginTo=https://console.aws.amazon.com/sns, MobileVersion=No, MFAUsed=No}", + "aws.cloudtrail.console_login.additional_eventdata.login_to": "https://console.aws.amazon.com/sns", + "aws.cloudtrail.console_login.additional_eventdata.mfa_used": false, + "aws.cloudtrail.console_login.additional_eventdata.mobile_version": false, + "aws.cloudtrail.error_message": "Failed authentication", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.response_elements": "{ConsoleLogin=Failure}", + "aws.cloudtrail.user_identity.access_key_id": "AKIAIOSFODNN7EXAMPLE", + "aws.cloudtrail.user_identity.arn": "arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed/MySessionName", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "false", + "aws.cloudtrail.user_identity.session_issuer.account_id": "123456789012", + "aws.cloudtrail.user_identity.session_issuer.arn": "arn:aws:iam::123456789012:role/RoleToBeAssumed", + "aws.cloudtrail.user_identity.session_issuer.principal_id": "AROAIDPPEZS35WEXAMPLE", + "aws.cloudtrail.user_identity.session_issuer.type": "Role", + "aws.cloudtrail.user_identity.type": "AssumedRole", + "cloud.account.id": "123456789012", + "cloud.region": "us-east-2", + "event.action": "ConsoleLogin", + "event.category": "authentication", + "event.dataset": "aws.cloudtrail", + "event.id": "11ea990b-4678-4bcd-8fbe-625EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"AssumedRole\",\"principalId\":\"AROAIDPPEZS35WEXAMPLE:AssumedRoleSessionName\",\"arn\":\"arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed/MySessionName\",\"accountId\":\"123456789012\",\"accessKeyId\":\"AKIAIOSFODNN7EXAMPLE\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"false\",\"creationDate\":\"20131102T010628Z\"}},\"sessionIssuer\":{\"type\":\"Role\",\"principalId\":\"AROAIDPPEZS35WEXAMPLE\",\"arn\":\"arn:aws:iam::123456789012:role/RoleToBeAssumed\",\"accountId\":\"123456789012\",\"userName\":\"RoleToBeAssumed\"}},\"eventTime\":\"2014-07-08T17:35:27Z\",\"eventSource\":\"signin.amazonaws.com\",\"eventName\":\"ConsoleLogin\",\"awsRegion\":\"us-east-2\",\"sourceIPAddress\":\"192.0.2.100\",\"userAgent\":\"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0\",\"errorMessage\":\"Failed authentication\",\"requestParameters\":null,\"responseElements\":{\"ConsoleLogin\":\"Failure\"},\"additionalEventData\":{\"MobileVersion\":\"No\",\"LoginTo\":\"https://console.aws.amazon.com/sns\",\"MFAUsed\":\"No\"},\"eventID\":\"11ea990b-4678-4bcd-8fbe-625EXAMPLE\"}", + "event.outcome": "failure", + "event.provider": "signin.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 1355, + "service.type": "aws", + "source.address": "192.0.2.100", + "source.ip": "192.0.2.100", + "user.id": "AROAIDPPEZS35WEXAMPLE:AssumedRoleSessionName", + "user.name": "RoleToBeAssumed", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0", + "user_agent.os.full": "Windows 7", + "user_agent.os.name": "Windows", + "user_agent.os.version": "7", + "user_agent.version": "24.0." + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/create-access-key-json.log b/filebeat/module/aws/cloudtrail/test/create-access-key-json.log new file mode 100644 index 00000000000..d18fcffb933 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/create-access-key-json.log @@ -0,0 +1 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"EXAMPLE_ID","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY","userName":"Alice","sessionContext":{"attributes":{"mfaAuthenticated":"true","creationDate":"2020-01-08T15:12:16Z"}},"invokedBy":"signin.amazonaws.com"},"eventTime":"2020-01-08T20:43:06Z","eventSource":"iam.amazonaws.com","eventName":"CreateAccessKey","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"signin.amazonaws.com","requestParameters":{"userName":"Bob"},"responseElements":{"accessKey":{"accessKeyId":"EXAMPLE_KEY_ID","status":"Active","userName":"Bob","createDate":"Jan 8, 2020 8:43:06 PM"}},"requestID":"EXAMPLE-823a-48dc-8fa9-EXAMPLE","eventID":"EXAMPLE-3cab-40f8-938b-EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"0123456789012"} diff --git a/filebeat/module/aws/cloudtrail/test/create-access-key-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/create-access-key-json.log-expected.json new file mode 100644 index 00000000000..43fa88f05f0 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/create-access-key-json.log-expected.json @@ -0,0 +1,41 @@ +[ + { + "@timestamp": "2020-01-08T20:43:06.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{userName=Bob}", + "aws.cloudtrail.response_elements": "{accessKey={accessKeyId=EXAMPLE_KEY_ID, userName=Bob, status=Active, createDate=Jan 8, 2020 8:43:06 PM}}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.invoked_by": "signin.amazonaws.com", + "aws.cloudtrail.user_identity.session_context.creation_date": "2020-01-08T15:12:16.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "true", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-east-1", + "event.action": "CreateAccessKey", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-3cab-40f8-938b-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-08T15:12:16Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-08T20:43:06Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"CreateAccessKey\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"userName\":\"Bob\"},\"responseElements\":{\"accessKey\":{\"accessKeyId\":\"EXAMPLE_KEY_ID\",\"status\":\"Active\",\"userName\":\"Bob\",\"createDate\":\"Jan 8, 2020 8:43:06 PM\"}},\"requestID\":\"EXAMPLE-823a-48dc-8fa9-EXAMPLE\",\"eventID\":\"EXAMPLE-3cab-40f8-938b-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "success", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "related.user": [ + "Bob" + ], + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EXAMPLE_ID", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "signin.amazonaws.com" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/create-group-json.log b/filebeat/module/aws/cloudtrail/test/create-group-json.log new file mode 100644 index 00000000000..f46f6d474c6 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/create-group-json.log @@ -0,0 +1,2 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"0123456789012","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY","userName":"Alice","sessionContext":{"attributes":{"mfaAuthenticated":"true","creationDate":"2020-01-08T15:12:16Z"}},"invokedBy":"signin.amazonaws.com"},"eventTime":"2020-01-09T01:48:44Z","eventSource":"iam.amazonaws.com","eventName":"CreateGroup","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"signin.amazonaws.com","requestParameters":{"groupName":"TEST-GROUP"},"responseElements":{"group":{"createDate":"Jan 9, 2020 1:48:44 AM","path":"/","arn":"arn:aws:iam::0123456789012:group/TEST-GROUP","groupName":"TEST-GROUP","groupId":"EXAMPLE_ID"}},"requestID":"EXAMPLE-769d-4a61-b731-EXAMPLE","eventID":"EXAMPLE-37ec-425a-a7ef-EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"0123456789012"} +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"0123456789012","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY","userName":"Alice"},"eventTime":"2020-01-09T02:22:03Z","eventSource":"iam.amazonaws.com","eventName":"CreateGroup","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46","errorCode":"EntityAlreadyExistsException","errorMessage":"Group with name TEST-GROUP already exists.","requestParameters":{"groupName":"TEST-GROUP"},"responseElements":null,"requestID":"EXAMPLE-c8ae-44dc-8114-EXAMPLE","eventID":"EXAMPLE-09c6-4745-af70-EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"0123456789012"} diff --git a/filebeat/module/aws/cloudtrail/test/create-group-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/create-group-json.log-expected.json new file mode 100644 index 00000000000..1e07ca70e81 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/create-group-json.log-expected.json @@ -0,0 +1,73 @@ +[ + { + "@timestamp": "2020-01-09T01:48:44.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{groupName=TEST-GROUP}", + "aws.cloudtrail.response_elements": "{group={path=/, groupName=TEST-GROUP, groupId=EXAMPLE_ID, arn=arn:aws:iam::0123456789012:group/TEST-GROUP, createDate=Jan 9, 2020 1:48:44 AM}}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.invoked_by": "signin.amazonaws.com", + "aws.cloudtrail.user_identity.session_context.creation_date": "2020-01-08T15:12:16.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "true", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-east-1", + "event.action": "CreateGroup", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-37ec-425a-a7ef-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"0123456789012\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-08T15:12:16Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-09T01:48:44Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"CreateGroup\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"groupName\":\"TEST-GROUP\"},\"responseElements\":{\"group\":{\"createDate\":\"Jan 9, 2020 1:48:44 AM\",\"path\":\"/\",\"arn\":\"arn:aws:iam::0123456789012:group/TEST-GROUP\",\"groupName\":\"TEST-GROUP\",\"groupId\":\"EXAMPLE_ID\"}},\"requestID\":\"EXAMPLE-769d-4a61-b731-EXAMPLE\",\"eventID\":\"EXAMPLE-37ec-425a-a7ef-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "success", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "0123456789012", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "signin.amazonaws.com" + }, + { + "@timestamp": "2020-01-09T02:22:03.000Z", + "aws.cloudtrail.error_code": "EntityAlreadyExistsException", + "aws.cloudtrail.error_message": "Group with name TEST-GROUP already exists.", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{groupName=TEST-GROUP}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-east-1", + "event.action": "CreateGroup", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-09c6-4745-af70-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"0123456789012\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\"},\"eventTime\":\"2020-01-09T02:22:03Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"CreateGroup\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46\",\"errorCode\":\"EntityAlreadyExistsException\",\"errorMessage\":\"Group with name TEST-GROUP already exists.\",\"requestParameters\":{\"groupName\":\"TEST-GROUP\"},\"responseElements\":null,\"requestID\":\"EXAMPLE-c8ae-44dc-8114-EXAMPLE\",\"eventID\":\"EXAMPLE-09c6-4745-af70-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "failure", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 903, + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "0123456789012", + "user.name": "Alice", + "user_agent.device.name": "Spider", + "user_agent.name": "aws-cli", + "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", + "user_agent.version": "1.16.310" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log b/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log new file mode 100644 index 00000000000..5b9c40ad40c --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log @@ -0,0 +1 @@ +{"eventVersion":"1.0","userIdentity":{"type":"IAMUser","principalId":"EX_PRINCIPAL_ID","arn":"arn:aws:iam::123456789012:user/Alice","accountId":"123456789012","accessKeyId":"EXAMPLE_KEY_ID","userName":"Alice","sessionContext":{"attributes":{"mfaAuthenticated":"false","creationDate":"2014-03-06T15:15:06Z"}}},"eventTime":"2014-03-06T17:10:34Z","eventSource":"ec2.amazonaws.com","eventName":"CreateKeyPair","awsRegion":"us-east-2","sourceIPAddress":"72.21.198.64","userAgent":"EC2ConsoleBackend, aws-sdk-java/Linux/x.xx.fleetxen Java_HotSpot(TM)_64-Bit_Server_VM/xx","requestParameters":{"keyName":"mykeypair"},"responseElements":{"keyName":"mykeypair","keyFingerprint":"30:1d:46:d0:5b:ad:7e:1b:b6:70:62:8b:ff:38:b5:e9:ab:5d:b8:21","keyMaterial":""}} diff --git a/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json new file mode 100644 index 00000000000..1c66362a9fc --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json @@ -0,0 +1,42 @@ +[ + { + "@timestamp": "2014-03-06T17:10:34.000Z", + "aws.cloudtrail.event_version": "1.0", + "aws.cloudtrail.request_parameters": "{keyName=mykeypair}", + "aws.cloudtrail.response_elements": "{keyMaterial=, keyFingerprint=30:1d:46:d0:5b:ad:7e:1b:b6:70:62:8b:ff:38:b5:e9:ab:5d:b8:21, keyName=mykeypair}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY_ID", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::123456789012:user/Alice", + "aws.cloudtrail.user_identity.session_context.creation_date": "2014-03-06T15:15:06.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "false", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "123456789012", + "cloud.region": "us-east-2", + "event.action": "CreateKeyPair", + "event.dataset": "aws.cloudtrail", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.0\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EX_PRINCIPAL_ID\",\"arn\":\"arn:aws:iam::123456789012:user/Alice\",\"accountId\":\"123456789012\",\"accessKeyId\":\"EXAMPLE_KEY_ID\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"false\",\"creationDate\":\"2014-03-06T15:15:06Z\"}}},\"eventTime\":\"2014-03-06T17:10:34Z\",\"eventSource\":\"ec2.amazonaws.com\",\"eventName\":\"CreateKeyPair\",\"awsRegion\":\"us-east-2\",\"sourceIPAddress\":\"72.21.198.64\",\"userAgent\":\"EC2ConsoleBackend, aws-sdk-java/Linux/x.xx.fleetxen Java_HotSpot(TM)_64-Bit_Server_VM/xx\",\"requestParameters\":{\"keyName\":\"mykeypair\"},\"responseElements\":{\"keyName\":\"mykeypair\",\"keyFingerprint\":\"30:1d:46:d0:5b:ad:7e:1b:b6:70:62:8b:ff:38:b5:e9:ab:5d:b8:21\",\"keyMaterial\":\"\"}}", + "event.outcome": "success", + "event.provider": "ec2.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.address": "72.21.198.64", + "source.geo.city_name": "Ashburn", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 39.0481, + "source.geo.location.lon": -77.4728, + "source.geo.region_iso_code": "US-VA", + "source.geo.region_name": "Virginia", + "source.ip": "72.21.198.64", + "user.id": "EX_PRINCIPAL_ID", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "EC2ConsoleBackend, aws-sdk-java/Linux/x.xx.fleetxen Java_HotSpot(TM)_64-Bit_Server_VM/xx", + "user_agent.os.name": "Linux" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/create-trail-json.log b/filebeat/module/aws/cloudtrail/test/create-trail-json.log new file mode 100644 index 00000000000..ebc0c708b04 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/create-trail-json.log @@ -0,0 +1 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"EXAMPLE_ID","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY","userName":"Alice","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"mfaAuthenticated":"true","creationDate":"2020-01-08T15:12:16Z"}},"invokedBy":"signin.amazonaws.com"},"eventTime":"2020-01-08T15:30:25Z","eventSource":"cloudtrail.amazonaws.com","eventName":"CreateTrail","awsRegion":"us-west-2","sourceIPAddress":"127.0.0.1","userAgent":"signin.amazonaws.com","requestParameters":{"name":"TEST-trail","s3BucketName":"TEST-cloudtrail-bucket","includeGlobalServiceEvents":true,"isMultiRegionTrail":true,"enableLogFileValidation":true,"kmsKeyId":"","isOrganizationTrail":false},"responseElements":{"name":"TEST-trail","s3BucketName":"TEST-cloudtrail-bucket","includeGlobalServiceEvents":true,"isMultiRegionTrail":true,"trailARN":"arn:aws:cloudtrail:us-west-2:0123456789012:trail/TEST-trail","logFileValidationEnabled":true,"isOrganizationTrail":false},"requestID":"EXAMPLE-5149-4cf2-be99-EXAMPLE","eventID":"EXAMPLE-d04b-4eff-833a-EXAMPLE","readOnly":false,"eventType":"AwsApiCall","recipientAccountId":"0123456789012"} diff --git a/filebeat/module/aws/cloudtrail/test/create-trail-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/create-trail-json.log-expected.json new file mode 100644 index 00000000000..7c9bc46ca8d --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/create-trail-json.log-expected.json @@ -0,0 +1,39 @@ +[ + { + "@timestamp": "2020-01-08T15:30:25.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.read_only": false, + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{isMultiRegionTrail=true, s3BucketName=TEST-cloudtrail-bucket, name=TEST-trail, enableLogFileValidation=true, kmsKeyId=, isOrganizationTrail=false, includeGlobalServiceEvents=true}", + "aws.cloudtrail.response_elements": "{logFileValidationEnabled=true, isMultiRegionTrail=true, s3BucketName=TEST-cloudtrail-bucket, name=TEST-trail, trailARN=arn:aws:cloudtrail:us-west-2:0123456789012:trail/TEST-trail, isOrganizationTrail=false, includeGlobalServiceEvents=true}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.invoked_by": "signin.amazonaws.com", + "aws.cloudtrail.user_identity.session_context.creation_date": "2020-01-08T15:12:16.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "true", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-west-2", + "event.action": "CreateTrail", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-d04b-4eff-833a-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\",\"sessionContext\":{\"sessionIssuer\":{},\"webIdFederationData\":{},\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-08T15:12:16Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-08T15:30:25Z\",\"eventSource\":\"cloudtrail.amazonaws.com\",\"eventName\":\"CreateTrail\",\"awsRegion\":\"us-west-2\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"name\":\"TEST-trail\",\"s3BucketName\":\"TEST-cloudtrail-bucket\",\"includeGlobalServiceEvents\":true,\"isMultiRegionTrail\":true,\"enableLogFileValidation\":true,\"kmsKeyId\":\"\",\"isOrganizationTrail\":false},\"responseElements\":{\"name\":\"TEST-trail\",\"s3BucketName\":\"TEST-cloudtrail-bucket\",\"includeGlobalServiceEvents\":true,\"isMultiRegionTrail\":true,\"trailARN\":\"arn:aws:cloudtrail:us-west-2:0123456789012:trail/TEST-trail\",\"logFileValidationEnabled\":true,\"isOrganizationTrail\":false},\"requestID\":\"EXAMPLE-5149-4cf2-be99-EXAMPLE\",\"eventID\":\"EXAMPLE-d04b-4eff-833a-EXAMPLE\",\"readOnly\":false,\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "success", + "event.provider": "cloudtrail.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EXAMPLE_ID", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "signin.amazonaws.com" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/create-user-json.log b/filebeat/module/aws/cloudtrail/test/create-user-json.log new file mode 100644 index 00000000000..37e60f3f86c --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/create-user-json.log @@ -0,0 +1 @@ +{"eventVersion":"1.0","userIdentity":{"type":"IAMUser","principalId":"EX_PRINCIPAL_ID","arn":"arn:aws:iam::123456789012:user/Alice","accountId":"123456789012","accessKeyId":"EXAMPLE_KEY_ID","userName":"Alice"},"eventTime":"2014-03-24T21:11:59Z","eventSource":"iam.amazonaws.com","eventName":"CreateUser","awsRegion":"us-east-2","sourceIPAddress":"127.0.0.1","userAgent":"aws-cli/1.3.2 Python/2.7.5 Windows/7","requestParameters":{"userName":"Bob"},"responseElements":{"user":{"createDate":"Mar 24, 2014 9:11:59 PM","userName":"Bob","arn":"arn:aws:iam::123456789012:user/Bob","path":"/","userId":"EXAMPLEUSERID"}}} diff --git a/filebeat/module/aws/cloudtrail/test/create-user-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/create-user-json.log-expected.json new file mode 100644 index 00000000000..2a0bd3b19cd --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/create-user-json.log-expected.json @@ -0,0 +1,37 @@ +[ + { + "@timestamp": "2014-03-24T21:11:59.000Z", + "aws.cloudtrail.event_version": "1.0", + "aws.cloudtrail.request_parameters": "{userName=Bob}", + "aws.cloudtrail.response_elements": "{user={path=/, userName=Bob, arn=arn:aws:iam::123456789012:user/Bob, userId=EXAMPLEUSERID, createDate=Mar 24, 2014 9:11:59 PM}}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY_ID", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::123456789012:user/Alice", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "123456789012", + "cloud.region": "us-east-2", + "event.action": "CreateUser", + "event.dataset": "aws.cloudtrail", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.0\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EX_PRINCIPAL_ID\",\"arn\":\"arn:aws:iam::123456789012:user/Alice\",\"accountId\":\"123456789012\",\"accessKeyId\":\"EXAMPLE_KEY_ID\",\"userName\":\"Alice\"},\"eventTime\":\"2014-03-24T21:11:59Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"CreateUser\",\"awsRegion\":\"us-east-2\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"aws-cli/1.3.2 Python/2.7.5 Windows/7\",\"requestParameters\":{\"userName\":\"Bob\"},\"responseElements\":{\"user\":{\"createDate\":\"Mar 24, 2014 9:11:59 PM\",\"userName\":\"Bob\",\"arn\":\"arn:aws:iam::123456789012:user/Bob\",\"path\":\"/\",\"userId\":\"EXAMPLEUSERID\"}}}", + "event.outcome": "success", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "related.user": [ + "Bob" + ], + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EX_PRINCIPAL_ID", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "aws-cli", + "user_agent.original": "aws-cli/1.3.2 Python/2.7.5 Windows/7", + "user_agent.os.name": "Windows", + "user_agent.version": "1.3.2" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log b/filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log new file mode 100644 index 00000000000..5d33cd1ae3d --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log @@ -0,0 +1 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"EXAMPLE_ID","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY","userName":"Alice","sessionContext":{"attributes":{"mfaAuthenticated":"false","creationDate":"2019-11-27T15:07:22Z"}}},"eventTime":"2019-11-27T15:10:15Z","eventSource":"iam.amazonaws.com","eventName":"CreateVirtualMFADevice","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"console.amazonaws.com","requestParameters":{"virtualMFADeviceName":"Alice","path":"/"},"responseElements":{"virtualMFADevice":{"serialNumber":"arn:aws:iam::0123456789012:mfa/Alice"}},"requestID":"EXAMPLE-303b-4b0e-a8c7-EXAMPLE","eventID":"EXAMPLE-351c-472a-b089-EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"0123456789012"} diff --git a/filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log-expected.json new file mode 100644 index 00000000000..e46d89a5c6d --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log-expected.json @@ -0,0 +1,37 @@ +[ + { + "@timestamp": "2019-11-27T15:10:15.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{path=/, virtualMFADeviceName=Alice}", + "aws.cloudtrail.response_elements": "{virtualMFADevice={serialNumber=arn:aws:iam::0123456789012:mfa/Alice}}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.session_context.creation_date": "2019-11-27T15:07:22.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "false", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-east-1", + "event.action": "CreateVirtualMFADevice", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-351c-472a-b089-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"false\",\"creationDate\":\"2019-11-27T15:07:22Z\"}}},\"eventTime\":\"2019-11-27T15:10:15Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"CreateVirtualMFADevice\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"console.amazonaws.com\",\"requestParameters\":{\"virtualMFADeviceName\":\"Alice\",\"path\":\"/\"},\"responseElements\":{\"virtualMFADevice\":{\"serialNumber\":\"arn:aws:iam::0123456789012:mfa/Alice\"}},\"requestID\":\"EXAMPLE-303b-4b0e-a8c7-EXAMPLE\",\"eventID\":\"EXAMPLE-351c-472a-b089-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "success", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EXAMPLE_ID", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "console.amazonaws.com" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log b/filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log new file mode 100644 index 00000000000..bc8b0627f2f --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log @@ -0,0 +1 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"EXAMPLE_ID","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_ID","userName":"Alice","sessionContext":{"attributes":{"mfaAuthenticated":"true","creationDate":"2020-01-09T16:36:17Z"}},"invokedBy":"signin.amazonaws.com"},"eventTime":"2020-01-10T00:34:02Z","eventSource":"iam.amazonaws.com","eventName":"DeactivateMFADevice","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"signin.amazonaws.com","requestParameters":{"userName":"Alice","serialNumber":"arn:aws:iam::0123456789012:mfa/Alice"},"responseElements":null,"requestID":"EXAMPLE-801a-4624-8fa0-EXAMPLE","eventID":"EXAMPLE-1889-416b-ace9-EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"0123456789012"} diff --git a/filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log-expected.json new file mode 100644 index 00000000000..34ac136cd52 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log-expected.json @@ -0,0 +1,40 @@ +[ + { + "@timestamp": "2020-01-10T00:34:02.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{serialNumber=arn:aws:iam::0123456789012:mfa/Alice, userName=Alice}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_ID", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.invoked_by": "signin.amazonaws.com", + "aws.cloudtrail.user_identity.session_context.creation_date": "2020-01-09T16:36:17.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "true", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-east-1", + "event.action": "DeactivateMFADevice", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-1889-416b-ace9-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_ID\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-09T16:36:17Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-10T00:34:02Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"DeactivateMFADevice\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"userName\":\"Alice\",\"serialNumber\":\"arn:aws:iam::0123456789012:mfa/Alice\"},\"responseElements\":null,\"requestID\":\"EXAMPLE-801a-4624-8fa0-EXAMPLE\",\"eventID\":\"EXAMPLE-1889-416b-ace9-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "success", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "related.user": [ + "Alice" + ], + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EXAMPLE_ID", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "signin.amazonaws.com" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/delete-access-key-json.log b/filebeat/module/aws/cloudtrail/test/delete-access-key-json.log new file mode 100644 index 00000000000..63799766f5c --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/delete-access-key-json.log @@ -0,0 +1 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"EXAMPLE_ID","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_ID","userName":"Alice","sessionContext":{"attributes":{"mfaAuthenticated":"true","creationDate":"2020-01-08T15:12:16Z"}},"invokedBy":"signin.amazonaws.com"},"eventTime":"2020-01-08T19:09:36Z","eventSource":"iam.amazonaws.com","eventName":"DeleteAccessKey","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"signin.amazonaws.com","requestParameters":{"userName":"Bob","accessKeyId":"EXAMPLE_ID"},"responseElements":null,"requestID":"EXAMPLE-3bea-41fa-a0b4-EXAMPLE","eventID":"EXAMPLE-0698-46bd-998d-EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"0123456789012"} diff --git a/filebeat/module/aws/cloudtrail/test/delete-access-key-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/delete-access-key-json.log-expected.json new file mode 100644 index 00000000000..698cae731a1 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/delete-access-key-json.log-expected.json @@ -0,0 +1,40 @@ +[ + { + "@timestamp": "2020-01-08T19:09:36.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{accessKeyId=EXAMPLE_ID, userName=Bob}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_ID", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.invoked_by": "signin.amazonaws.com", + "aws.cloudtrail.user_identity.session_context.creation_date": "2020-01-08T15:12:16.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "true", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-east-1", + "event.action": "DeleteAccessKey", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-0698-46bd-998d-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_ID\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-08T15:12:16Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-08T19:09:36Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"DeleteAccessKey\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"userName\":\"Bob\",\"accessKeyId\":\"EXAMPLE_ID\"},\"responseElements\":null,\"requestID\":\"EXAMPLE-3bea-41fa-a0b4-EXAMPLE\",\"eventID\":\"EXAMPLE-0698-46bd-998d-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "success", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "related.user": [ + "Bob" + ], + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EXAMPLE_ID", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "signin.amazonaws.com" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/delete-bucket-json.log b/filebeat/module/aws/cloudtrail/test/delete-bucket-json.log new file mode 100644 index 00000000000..913b109d7c0 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/delete-bucket-json.log @@ -0,0 +1 @@ +{"eventVersion":"1.04","userIdentity":{"type":"AssumedRole","principalId":"AIDAQRSTUVWXYZEXAMPLE:devdsk","arn":"arn:aws:sts::777788889999:assumed-role/AssumeNothing/devdsk","accountId":"777788889999","accessKeyId":"AKIAQRSTUVWXYZEXAMPLE","sessionContext":{"attributes":{"mfaAuthenticated":"false","creationDate":"2016-11-14T17:25:26Z"},"sessionIssuer":{"type":"Role","principalId":"AIDAQRSTUVWXYZEXAMPLE","arn":"arn:aws:iam::777788889999:role/AssumeNothing","accountId":"777788889999","userName":"AssumeNothing"}}},"eventTime":"2016-11-14T17:25:45Z","eventSource":"s3.amazonaws.com","eventName":"DeleteBucket","awsRegion":"us-east-2","sourceIPAddress":"192.0.2.1","userAgent":"[aws-cli/1.11.10 Python/2.7.8 Linux/3.2.45-0.6.wd.865.49.315.metal1.x86_64 botocore/1.4.67]","requestParameters":{"bucketName":"my-test-bucket-cross-account"},"responseElements":null,"requestID":"EXAMPLE463D56D4C","eventID":"dEXAMPLE-265a-41e0-9352-4401bEXAMPLE","eventType":"AwsApiCall","recipientAccountId":"777788889999"} diff --git a/filebeat/module/aws/cloudtrail/test/delete-bucket-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/delete-bucket-json.log-expected.json new file mode 100644 index 00000000000..31274005d66 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/delete-bucket-json.log-expected.json @@ -0,0 +1,39 @@ +[ + { + "@timestamp": "2016-11-14T17:25:45.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.04", + "aws.cloudtrail.recipient_account_id": "777788889999", + "aws.cloudtrail.request_parameters": "{bucketName=my-test-bucket-cross-account}", + "aws.cloudtrail.user_identity.access_key_id": "AKIAQRSTUVWXYZEXAMPLE", + "aws.cloudtrail.user_identity.arn": "arn:aws:sts::777788889999:assumed-role/AssumeNothing/devdsk", + "aws.cloudtrail.user_identity.session_context.creation_date": "2016-11-14T17:25:26.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "false", + "aws.cloudtrail.user_identity.type": "AssumedRole", + "cloud.account.id": "777788889999", + "cloud.region": "us-east-2", + "event.action": "DeleteBucket", + "event.dataset": "aws.cloudtrail", + "event.id": "dEXAMPLE-265a-41e0-9352-4401bEXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.04\",\"userIdentity\":{\"type\":\"AssumedRole\",\"principalId\":\"AIDAQRSTUVWXYZEXAMPLE:devdsk\",\"arn\":\"arn:aws:sts::777788889999:assumed-role/AssumeNothing/devdsk\",\"accountId\":\"777788889999\",\"accessKeyId\":\"AKIAQRSTUVWXYZEXAMPLE\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"false\",\"creationDate\":\"2016-11-14T17:25:26Z\"},\"sessionIssuer\":{\"type\":\"Role\",\"principalId\":\"AIDAQRSTUVWXYZEXAMPLE\",\"arn\":\"arn:aws:iam::777788889999:role/AssumeNothing\",\"accountId\":\"777788889999\",\"userName\":\"AssumeNothing\"}}},\"eventTime\":\"2016-11-14T17:25:45Z\",\"eventSource\":\"s3.amazonaws.com\",\"eventName\":\"DeleteBucket\",\"awsRegion\":\"us-east-2\",\"sourceIPAddress\":\"192.0.2.1\",\"userAgent\":\"[aws-cli/1.11.10 Python/2.7.8 Linux/3.2.45-0.6.wd.865.49.315.metal1.x86_64 botocore/1.4.67]\",\"requestParameters\":{\"bucketName\":\"my-test-bucket-cross-account\"},\"responseElements\":null,\"requestID\":\"EXAMPLE463D56D4C\",\"eventID\":\"dEXAMPLE-265a-41e0-9352-4401bEXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"777788889999\"}", + "event.outcome": "success", + "event.provider": "s3.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.address": "192.0.2.1", + "source.ip": "192.0.2.1", + "user.id": "AIDAQRSTUVWXYZEXAMPLE:devdsk", + "user_agent.device.name": "Spider", + "user_agent.name": "aws-cli", + "user_agent.original": "[aws-cli/1.11.10 Python/2.7.8 Linux/3.2.45-0.6.wd.865.49.315.metal1.x86_64 botocore/1.4.67]", + "user_agent.os.full": "Linux 3.2.45", + "user_agent.os.name": "Linux", + "user_agent.os.version": "3.2.45", + "user_agent.version": "1.11.10" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/delete-group-json.log b/filebeat/module/aws/cloudtrail/test/delete-group-json.log new file mode 100644 index 00000000000..97e75c9ab07 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/delete-group-json.log @@ -0,0 +1,2 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"0123456789012","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY","userName":"Alice","sessionContext":{"attributes":{"mfaAuthenticated":"true","creationDate":"2020-01-08T15:12:16Z"}},"invokedBy":"signin.amazonaws.com"},"eventTime":"2020-01-09T02:25:44Z","eventSource":"iam.amazonaws.com","eventName":"DeleteGroup","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"signin.amazonaws.com","requestParameters":{"groupName":"TEST-GROUP"},"responseElements":null,"requestID":"EXAMPLE-66cb-4775-a203-EXAMPLE","eventID":"EXAMPLE-cbc2-4cc3-8bbc-EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"0123456789012"} +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"EXAMPLE_PRINCIPLE","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY_ID","userName":"Alice"},"eventTime":"2020-01-09T02:25:11Z","eventSource":"iam.amazonaws.com","eventName":"DeleteGroup","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46","errorCode":"DeleteConflictException","errorMessage":"Cannot delete entity, must detach all policies first.","requestParameters":{"groupName":"TEST-GROUP"},"responseElements":null,"requestID":"EXAMPLE-2a3c-4a94-b24f-EXAMPLE","eventID":"EXAMPLE-5aa2-4b5f-a52a-EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"0123456789012"} diff --git a/filebeat/module/aws/cloudtrail/test/delete-group-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/delete-group-json.log-expected.json new file mode 100644 index 00000000000..6e058b71108 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/delete-group-json.log-expected.json @@ -0,0 +1,72 @@ +[ + { + "@timestamp": "2020-01-09T02:25:44.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{groupName=TEST-GROUP}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.invoked_by": "signin.amazonaws.com", + "aws.cloudtrail.user_identity.session_context.creation_date": "2020-01-08T15:12:16.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "true", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-east-1", + "event.action": "DeleteGroup", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-cbc2-4cc3-8bbc-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"0123456789012\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-08T15:12:16Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-09T02:25:44Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"DeleteGroup\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"groupName\":\"TEST-GROUP\"},\"responseElements\":null,\"requestID\":\"EXAMPLE-66cb-4775-a203-EXAMPLE\",\"eventID\":\"EXAMPLE-cbc2-4cc3-8bbc-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "success", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "0123456789012", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "signin.amazonaws.com" + }, + { + "@timestamp": "2020-01-09T02:25:11.000Z", + "aws.cloudtrail.error_code": "DeleteConflictException", + "aws.cloudtrail.error_message": "Cannot delete entity, must detach all policies first.", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{groupName=TEST-GROUP}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY_ID", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-east-1", + "event.action": "DeleteGroup", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-5aa2-4b5f-a52a-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_PRINCIPLE\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY_ID\",\"userName\":\"Alice\"},\"eventTime\":\"2020-01-09T02:25:11Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"DeleteGroup\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46\",\"errorCode\":\"DeleteConflictException\",\"errorMessage\":\"Cannot delete entity, must detach all policies first.\",\"requestParameters\":{\"groupName\":\"TEST-GROUP\"},\"responseElements\":null,\"requestID\":\"EXAMPLE-2a3c-4a94-b24f-EXAMPLE\",\"eventID\":\"EXAMPLE-5aa2-4b5f-a52a-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "failure", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 747, + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EXAMPLE_PRINCIPLE", + "user.name": "Alice", + "user_agent.device.name": "Spider", + "user_agent.name": "aws-cli", + "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", + "user_agent.version": "1.16.310" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log b/filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log new file mode 100644 index 00000000000..47451dfe371 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log @@ -0,0 +1 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"EXAMPLE_ID","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY","userName":"Alice","sessionContext":{"attributes":{"mfaAuthenticated":"true","creationDate":"2020-01-10T14:38:30Z"}},"invokedBy":"signin.amazonaws.com"},"eventTime":"2020-01-10T16:07:08Z","eventSource":"iam.amazonaws.com","eventName":"DeleteSSHPublicKey","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"signin.amazonaws.com","requestParameters":{"sSHPublicKeyId":"EXAMPLE_KEY_ID","userName":"Bob"},"responseElements":null,"requestID":"EXAMPLE-7b34-44ae-a22f-EXAMPLE","eventID":"EXAMPLE-72ff-4d4f-9a8d-EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"0123456789012"} diff --git a/filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log-expected.json new file mode 100644 index 00000000000..b39ab00d2e2 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log-expected.json @@ -0,0 +1,40 @@ +[ + { + "@timestamp": "2020-01-10T16:07:08.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{sSHPublicKeyId=EXAMPLE_KEY_ID, userName=Bob}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.invoked_by": "signin.amazonaws.com", + "aws.cloudtrail.user_identity.session_context.creation_date": "2020-01-10T14:38:30.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "true", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-east-1", + "event.action": "DeleteSSHPublicKey", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-72ff-4d4f-9a8d-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-10T14:38:30Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-10T16:07:08Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"DeleteSSHPublicKey\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"sSHPublicKeyId\":\"EXAMPLE_KEY_ID\",\"userName\":\"Bob\"},\"responseElements\":null,\"requestID\":\"EXAMPLE-7b34-44ae-a22f-EXAMPLE\",\"eventID\":\"EXAMPLE-72ff-4d4f-9a8d-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "success", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "related.user": [ + "Bob" + ], + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EXAMPLE_ID", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "signin.amazonaws.com" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/delete-trail-json.log b/filebeat/module/aws/cloudtrail/test/delete-trail-json.log new file mode 100644 index 00000000000..f747ff2c14a --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/delete-trail-json.log @@ -0,0 +1 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"EXAMPLE_ID","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY","userName":"Alice"},"eventTime":"2020-01-09T20:09:51Z","eventSource":"cloudtrail.amazonaws.com","eventName":"DeleteTrail","awsRegion":"us-west-2","sourceIPAddress":"127.0.0.1","userAgent":"aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46","requestParameters":{"name":"arn:aws:cloudtrail:us-west-2:0123456789012:trail/test-trail"},"responseElements":null,"requestID":"EXAMPLE-d44f-4a2a-966f-EXAMPLE","eventID":"EXAMPLE-3f9d-4634-8ff1-EXAMPLE","readOnly":false,"eventType":"AwsApiCall","recipientAccountId":"0123456789012"} diff --git a/filebeat/module/aws/cloudtrail/test/delete-trail-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/delete-trail-json.log-expected.json new file mode 100644 index 00000000000..b55a58cfc54 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/delete-trail-json.log-expected.json @@ -0,0 +1,36 @@ +[ + { + "@timestamp": "2020-01-09T20:09:51.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.read_only": false, + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{name=arn:aws:cloudtrail:us-west-2:0123456789012:trail/test-trail}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-west-2", + "event.action": "DeleteTrail", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-3f9d-4634-8ff1-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\"},\"eventTime\":\"2020-01-09T20:09:51Z\",\"eventSource\":\"cloudtrail.amazonaws.com\",\"eventName\":\"DeleteTrail\",\"awsRegion\":\"us-west-2\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46\",\"requestParameters\":{\"name\":\"arn:aws:cloudtrail:us-west-2:0123456789012:trail/test-trail\"},\"responseElements\":null,\"requestID\":\"EXAMPLE-d44f-4a2a-966f-EXAMPLE\",\"eventID\":\"EXAMPLE-3f9d-4634-8ff1-EXAMPLE\",\"readOnly\":false,\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "success", + "event.provider": "cloudtrail.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EXAMPLE_ID", + "user.name": "Alice", + "user_agent.device.name": "Spider", + "user_agent.name": "aws-cli", + "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", + "user_agent.version": "1.16.310" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/delete-user-json.log b/filebeat/module/aws/cloudtrail/test/delete-user-json.log new file mode 100644 index 00000000000..ce00f5a1185 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/delete-user-json.log @@ -0,0 +1 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"EX_PRINCIPAL_ID","arn":"arn:aws:iam::123456789012:user/Alice","accountId":"123456789012","accessKeyId":"EXAMPLE_KEY_ID","userName":"Alice","sessionContext":{"attributes":{"mfaAuthenticated":"true","creationDate":"2020-01-03T15:26:38Z"}},"invokedBy":"signin.amazonaws.com"},"eventTime":"2020-01-03T15:50:52Z","eventSource":"iam.amazonaws.com","eventName":"DeleteUser","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"signin.amazonaws.com","requestParameters":{"userName":"Bob"},"responseElements":null,"requestID":"0e794d53-cdb5-4f7d-b7db-5EXAMPLE","eventID":"b89eb34b-8fcb-4cba-8439-d4EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"123456789012"} diff --git a/filebeat/module/aws/cloudtrail/test/delete-user-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/delete-user-json.log-expected.json new file mode 100644 index 00000000000..8d3c1a55edc --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/delete-user-json.log-expected.json @@ -0,0 +1,40 @@ +[ + { + "@timestamp": "2020-01-03T15:50:52.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "123456789012", + "aws.cloudtrail.request_parameters": "{userName=Bob}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY_ID", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::123456789012:user/Alice", + "aws.cloudtrail.user_identity.invoked_by": "signin.amazonaws.com", + "aws.cloudtrail.user_identity.session_context.creation_date": "2020-01-03T15:26:38.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "true", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "123456789012", + "cloud.region": "us-east-1", + "event.action": "DeleteUser", + "event.dataset": "aws.cloudtrail", + "event.id": "b89eb34b-8fcb-4cba-8439-d4EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EX_PRINCIPAL_ID\",\"arn\":\"arn:aws:iam::123456789012:user/Alice\",\"accountId\":\"123456789012\",\"accessKeyId\":\"EXAMPLE_KEY_ID\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-03T15:26:38Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-03T15:50:52Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"DeleteUser\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"userName\":\"Bob\"},\"responseElements\":null,\"requestID\":\"0e794d53-cdb5-4f7d-b7db-5EXAMPLE\",\"eventID\":\"b89eb34b-8fcb-4cba-8439-d4EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"123456789012\"}", + "event.outcome": "success", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "related.user": [ + "Bob" + ], + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EX_PRINCIPAL_ID", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "signin.amazonaws.com" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log b/filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log new file mode 100644 index 00000000000..ad22f516894 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log @@ -0,0 +1 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"EXAMPLE_ID","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY","userName":"Alice","sessionContext":{"attributes":{"mfaAuthenticated":"true","creationDate":"2020-01-09T16:36:17Z"}},"invokedBy":"signin.amazonaws.com"},"eventTime":"2020-01-10T00:34:02Z","eventSource":"iam.amazonaws.com","eventName":"DeleteVirtualMFADevice","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"signin.amazonaws.com","requestParameters":{"serialNumber":"arn:aws:iam::0123456789012:mfa/Alice"},"responseElements":null,"requestID":"EXAMPLE-af91-4d1a-aaf2-EXAMPLE","eventID":"EXAMPLE-f8e6-4d5f-8525-EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"0123456789012"} diff --git a/filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log-expected.json new file mode 100644 index 00000000000..81eae87f97c --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log-expected.json @@ -0,0 +1,37 @@ +[ + { + "@timestamp": "2020-01-10T00:34:02.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{serialNumber=arn:aws:iam::0123456789012:mfa/Alice}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.invoked_by": "signin.amazonaws.com", + "aws.cloudtrail.user_identity.session_context.creation_date": "2020-01-09T16:36:17.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "true", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-east-1", + "event.action": "DeleteVirtualMFADevice", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-f8e6-4d5f-8525-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-09T16:36:17Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-10T00:34:02Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"DeleteVirtualMFADevice\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"serialNumber\":\"arn:aws:iam::0123456789012:mfa/Alice\"},\"responseElements\":null,\"requestID\":\"EXAMPLE-af91-4d1a-aaf2-EXAMPLE\",\"eventID\":\"EXAMPLE-f8e6-4d5f-8525-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "success", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EXAMPLE_ID", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "signin.amazonaws.com" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log b/filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log new file mode 100644 index 00000000000..67cdd3ad6e6 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log @@ -0,0 +1 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"EXAMPLE_ID","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY","userName":"Alice","sessionContext":{"attributes":{"mfaAuthenticated":"false","creationDate":"2019-11-27T15:07:22Z"}}},"eventTime":"2019-11-27T15:11:09Z","eventSource":"iam.amazonaws.com","eventName":"EnableMFADevice","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"console.amazonaws.com","requestParameters":{"userName":"Bob","serialNumber":"arn:aws:iam::0123456789012:mfa/Bob"},"responseElements":null,"requestID":"EXAMPLE-adea-490a-a806-EXAMPLE","eventID":"EXAMPLE-3fdc-4b2a-9885-EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"0123456789012"} diff --git a/filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log-expected.json new file mode 100644 index 00000000000..0692ebb0222 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log-expected.json @@ -0,0 +1,39 @@ +[ + { + "@timestamp": "2019-11-27T15:11:09.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{serialNumber=arn:aws:iam::0123456789012:mfa/Bob, userName=Bob}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.session_context.creation_date": "2019-11-27T15:07:22.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "false", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-east-1", + "event.action": "EnableMFADevice", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-3fdc-4b2a-9885-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"false\",\"creationDate\":\"2019-11-27T15:07:22Z\"}}},\"eventTime\":\"2019-11-27T15:11:09Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"EnableMFADevice\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"console.amazonaws.com\",\"requestParameters\":{\"userName\":\"Bob\",\"serialNumber\":\"arn:aws:iam::0123456789012:mfa/Bob\"},\"responseElements\":null,\"requestID\":\"EXAMPLE-adea-490a-a806-EXAMPLE\",\"eventID\":\"EXAMPLE-3fdc-4b2a-9885-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "success", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "related.user": [ + "Bob" + ], + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EXAMPLE_ID", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "console.amazonaws.com" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log b/filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log new file mode 100644 index 00000000000..93c180dfe9b --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log @@ -0,0 +1 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"EXAMPLE_ID","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY","userName":"Alice","sessionContext":{"attributes":{"mfaAuthenticated":"true","creationDate":"2020-01-06T14:36:28Z"}},"invokedBy":"signin.amazonaws.com"},"eventTime":"2020-01-06T15:19:50Z","eventSource":"iam.amazonaws.com","eventName":"RemoveUserFromGroup","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"signin.amazonaws.com","requestParameters":{"groupName":"Admin","userName":"Bob"},"responseElements":null,"requestID":"EXAMPLE-0bf0-47be-bc80-EXAMPLE","eventID":"EXAMPLE-6e8b-431a-94f4-EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"0123456789012"} diff --git a/filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log-expected.json new file mode 100644 index 00000000000..36772d56aaf --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log-expected.json @@ -0,0 +1,40 @@ +[ + { + "@timestamp": "2020-01-06T15:19:50.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{groupName=Admin, userName=Bob}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.invoked_by": "signin.amazonaws.com", + "aws.cloudtrail.user_identity.session_context.creation_date": "2020-01-06T14:36:28.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "true", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-east-1", + "event.action": "RemoveUserFromGroup", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-6e8b-431a-94f4-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-06T14:36:28Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-06T15:19:50Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"RemoveUserFromGroup\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"groupName\":\"Admin\",\"userName\":\"Bob\"},\"responseElements\":null,\"requestID\":\"EXAMPLE-0bf0-47be-bc80-EXAMPLE\",\"eventID\":\"EXAMPLE-6e8b-431a-94f4-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "success", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "related.user": [ + "Bob" + ], + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EXAMPLE_ID", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "signin.amazonaws.com" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/start-logging-json.log b/filebeat/module/aws/cloudtrail/test/start-logging-json.log new file mode 100644 index 00000000000..e03d924e97b --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/start-logging-json.log @@ -0,0 +1 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"EXAMPLE_ID","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY","userName":"Alice","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"mfaAuthenticated":"true","creationDate":"2020-01-08T15:12:16Z"}},"invokedBy":"signin.amazonaws.com"},"eventTime":"2020-01-08T15:30:25Z","eventSource":"cloudtrail.amazonaws.com","eventName":"StartLogging","awsRegion":"us-west-2","sourceIPAddress":"127.0.0.1","userAgent":"signin.amazonaws.com","requestParameters":{"name":"TEST-trail"},"responseElements":null,"requestID":"EXAMPLE-1c30-4f43-9763-EXAMPLE","eventID":"EXAMPLE-aa78-4a84-a27f-EXAMPLE","readOnly":false,"eventType":"AwsApiCall","recipientAccountId":"0123456789012"} diff --git a/filebeat/module/aws/cloudtrail/test/start-logging-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/start-logging-json.log-expected.json new file mode 100644 index 00000000000..d71f69eb606 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/start-logging-json.log-expected.json @@ -0,0 +1,38 @@ +[ + { + "@timestamp": "2020-01-08T15:30:25.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.read_only": false, + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{name=TEST-trail}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.invoked_by": "signin.amazonaws.com", + "aws.cloudtrail.user_identity.session_context.creation_date": "2020-01-08T15:12:16.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "true", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-west-2", + "event.action": "StartLogging", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-aa78-4a84-a27f-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\",\"sessionContext\":{\"sessionIssuer\":{},\"webIdFederationData\":{},\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-08T15:12:16Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-08T15:30:25Z\",\"eventSource\":\"cloudtrail.amazonaws.com\",\"eventName\":\"StartLogging\",\"awsRegion\":\"us-west-2\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"name\":\"TEST-trail\"},\"responseElements\":null,\"requestID\":\"EXAMPLE-1c30-4f43-9763-EXAMPLE\",\"eventID\":\"EXAMPLE-aa78-4a84-a27f-EXAMPLE\",\"readOnly\":false,\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "success", + "event.provider": "cloudtrail.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EXAMPLE_ID", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "signin.amazonaws.com" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/stop-logging-json.log b/filebeat/module/aws/cloudtrail/test/stop-logging-json.log new file mode 100644 index 00000000000..b2c96b814b9 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/stop-logging-json.log @@ -0,0 +1 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"EXAMPLE_ID","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY","userName":"Alice","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"mfaAuthenticated":"true","creationDate":"2020-01-09T16:36:17Z"}},"invokedBy":"signin.amazonaws.com"},"eventTime":"2020-01-09T16:46:16Z","eventSource":"cloudtrail.amazonaws.com","eventName":"StopLogging","awsRegion":"us-west-2","sourceIPAddress":"127.0.0.1","userAgent":"signin.amazonaws.com","requestParameters":{"name":"arn:aws:cloudtrail:us-west-2:0123456789012:trail/TEST-trail"},"responseElements":null,"requestID":"EXAMPLE-869f-4fec-86f9-EXAMPLE","eventID":"EXAMPLE-8cc3-42db-9a0d-EXAMPLE","readOnly":false,"eventType":"AwsApiCall","recipientAccountId":"0123456789012"} diff --git a/filebeat/module/aws/cloudtrail/test/stop-logging-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/stop-logging-json.log-expected.json new file mode 100644 index 00000000000..a313846b14c --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/stop-logging-json.log-expected.json @@ -0,0 +1,38 @@ +[ + { + "@timestamp": "2020-01-09T16:46:16.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.read_only": false, + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{name=arn:aws:cloudtrail:us-west-2:0123456789012:trail/TEST-trail}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.invoked_by": "signin.amazonaws.com", + "aws.cloudtrail.user_identity.session_context.creation_date": "2020-01-09T16:36:17.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "true", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-west-2", + "event.action": "StopLogging", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-8cc3-42db-9a0d-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\",\"sessionContext\":{\"sessionIssuer\":{},\"webIdFederationData\":{},\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-09T16:36:17Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-09T16:46:16Z\",\"eventSource\":\"cloudtrail.amazonaws.com\",\"eventName\":\"StopLogging\",\"awsRegion\":\"us-west-2\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"name\":\"arn:aws:cloudtrail:us-west-2:0123456789012:trail/TEST-trail\"},\"responseElements\":null,\"requestID\":\"EXAMPLE-869f-4fec-86f9-EXAMPLE\",\"eventID\":\"EXAMPLE-8cc3-42db-9a0d-EXAMPLE\",\"readOnly\":false,\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "success", + "event.provider": "cloudtrail.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EXAMPLE_ID", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "signin.amazonaws.com" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/update-access-key-json.log b/filebeat/module/aws/cloudtrail/test/update-access-key-json.log new file mode 100644 index 00000000000..ed2b823cfcf --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/update-access-key-json.log @@ -0,0 +1 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"EXAMPLE_ID","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY_ID","userName":"Alice","sessionContext":{"attributes":{"mfaAuthenticated":"true","creationDate":"2020-01-10T14:38:30Z"}},"invokedBy":"signin.amazonaws.com"},"eventTime":"2020-01-10T15:01:23Z","eventSource":"iam.amazonaws.com","eventName":"UpdateAccessKey","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"signin.amazonaws.com","requestParameters":{"status":"Inactive","accessKeyId":"EXAMPLE_KEY_ID","userName":"Bob"},"responseElements":null,"requestID":"EXAMPLE-7d0c-45f4-b25b-EXAMPLE","eventID":"EXAMPLE-0ef0-42cd-8551-EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"0123456789012"} diff --git a/filebeat/module/aws/cloudtrail/test/update-access-key-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/update-access-key-json.log-expected.json new file mode 100644 index 00000000000..b67deb55c2e --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/update-access-key-json.log-expected.json @@ -0,0 +1,40 @@ +[ + { + "@timestamp": "2020-01-10T15:01:23.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{accessKeyId=EXAMPLE_KEY_ID, userName=Bob, status=Inactive}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY_ID", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.invoked_by": "signin.amazonaws.com", + "aws.cloudtrail.user_identity.session_context.creation_date": "2020-01-10T14:38:30.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "true", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-east-1", + "event.action": "UpdateAccessKey", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-0ef0-42cd-8551-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY_ID\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-10T14:38:30Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-10T15:01:23Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"UpdateAccessKey\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"status\":\"Inactive\",\"accessKeyId\":\"EXAMPLE_KEY_ID\",\"userName\":\"Bob\"},\"responseElements\":null,\"requestID\":\"EXAMPLE-7d0c-45f4-b25b-EXAMPLE\",\"eventID\":\"EXAMPLE-0ef0-42cd-8551-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "success", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "related.user": [ + "Bob" + ], + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EXAMPLE_ID", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "signin.amazonaws.com" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log b/filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log new file mode 100644 index 00000000000..24094717e84 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log @@ -0,0 +1 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"EXAMPLE_ID","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY","userName":"Alice","sessionContext":{"attributes":{"mfaAuthenticated":"true","creationDate":"2020-01-10T14:38:30Z"}},"invokedBy":"signin.amazonaws.com"},"eventTime":"2020-01-10T18:05:33Z","eventSource":"iam.amazonaws.com","eventName":"UpdateAccountPasswordPolicy","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"signin.amazonaws.com","requestParameters":{"requireLowercaseCharacters":true,"requireSymbols":true,"requireNumbers":true,"minimumPasswordLength":12,"requireUppercaseCharacters":true,"allowUsersToChangePassword":true},"responseElements":null,"requestID":"EXAMPLE-5ebf-4bc3-a349-EXAMPLE","eventID":"EXAMPLE-91f9-49f3-948c-EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"0123456789012"} diff --git a/filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log-expected.json new file mode 100644 index 00000000000..c643a0df09f --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log-expected.json @@ -0,0 +1,37 @@ +[ + { + "@timestamp": "2020-01-10T18:05:33.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{minimumPasswordLength=12, requireSymbols=true, allowUsersToChangePassword=true, requireLowercaseCharacters=true, requireNumbers=true, requireUppercaseCharacters=true}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.invoked_by": "signin.amazonaws.com", + "aws.cloudtrail.user_identity.session_context.creation_date": "2020-01-10T14:38:30.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "true", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-east-1", + "event.action": "UpdateAccountPasswordPolicy", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-91f9-49f3-948c-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-10T14:38:30Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-10T18:05:33Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"UpdateAccountPasswordPolicy\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"requireLowercaseCharacters\":true,\"requireSymbols\":true,\"requireNumbers\":true,\"minimumPasswordLength\":12,\"requireUppercaseCharacters\":true,\"allowUsersToChangePassword\":true},\"responseElements\":null,\"requestID\":\"EXAMPLE-5ebf-4bc3-a349-EXAMPLE\",\"eventID\":\"EXAMPLE-91f9-49f3-948c-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "success", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EXAMPLE_ID", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "signin.amazonaws.com" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/update-group-json.log b/filebeat/module/aws/cloudtrail/test/update-group-json.log new file mode 100644 index 00000000000..27f9733a712 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/update-group-json.log @@ -0,0 +1,2 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"0123456789012","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY","userName":"Alice"},"eventTime":"2020-01-09T02:23:11Z","eventSource":"iam.amazonaws.com","eventName":"UpdateGroup","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46","requestParameters":{"newGroupName":"TEST-GROUP2","groupName":"TEST-GROUP"},"responseElements":null,"requestID":"EXAMPLE-c22d-4fca-b40a-EXAMPLE","eventID":"EXAMPLE-c3aa-487b-b05e-EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"0123456789012"} +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"0123456789012","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY","userName":"Alice"},"eventTime":"2020-01-09T02:24:35Z","eventSource":"iam.amazonaws.com","eventName":"UpdateGroup","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46","errorCode":"EntityAlreadyExistsException","errorMessage":"Group with name TEST-GROUP already exists.","requestParameters":{"newGroupName":"TEST-GROUP","groupName":"TEST-GROUP2"},"responseElements":null,"requestID":"EXAMPLE-f673-4ce7-8529-EXAMPLE","eventID":"EXAMPLE-6a0b-475c-b5db-EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"0123456789012"} diff --git a/filebeat/module/aws/cloudtrail/test/update-group-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/update-group-json.log-expected.json new file mode 100644 index 00000000000..4f51063cadf --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/update-group-json.log-expected.json @@ -0,0 +1,70 @@ +[ + { + "@timestamp": "2020-01-09T02:23:11.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{groupName=TEST-GROUP, newGroupName=TEST-GROUP2}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-east-1", + "event.action": "UpdateGroup", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-c3aa-487b-b05e-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"0123456789012\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\"},\"eventTime\":\"2020-01-09T02:23:11Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"UpdateGroup\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46\",\"requestParameters\":{\"newGroupName\":\"TEST-GROUP2\",\"groupName\":\"TEST-GROUP\"},\"responseElements\":null,\"requestID\":\"EXAMPLE-c22d-4fca-b40a-EXAMPLE\",\"eventID\":\"EXAMPLE-c3aa-487b-b05e-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "success", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "0123456789012", + "user.name": "Alice", + "user_agent.device.name": "Spider", + "user_agent.name": "aws-cli", + "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", + "user_agent.version": "1.16.310" + }, + { + "@timestamp": "2020-01-09T02:24:35.000Z", + "aws.cloudtrail.error_code": "EntityAlreadyExistsException", + "aws.cloudtrail.error_message": "Group with name TEST-GROUP already exists.", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{groupName=TEST-GROUP2, newGroupName=TEST-GROUP}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-east-1", + "event.action": "UpdateGroup", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-6a0b-475c-b5db-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"0123456789012\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\"},\"eventTime\":\"2020-01-09T02:24:35Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"UpdateGroup\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46\",\"errorCode\":\"EntityAlreadyExistsException\",\"errorMessage\":\"Group with name TEST-GROUP already exists.\",\"requestParameters\":{\"newGroupName\":\"TEST-GROUP\",\"groupName\":\"TEST-GROUP2\"},\"responseElements\":null,\"requestID\":\"EXAMPLE-f673-4ce7-8529-EXAMPLE\",\"eventID\":\"EXAMPLE-6a0b-475c-b5db-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "failure", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 683, + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "0123456789012", + "user.name": "Alice", + "user_agent.device.name": "Spider", + "user_agent.name": "aws-cli", + "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", + "user_agent.version": "1.16.310" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/update-login-profile-json.log b/filebeat/module/aws/cloudtrail/test/update-login-profile-json.log new file mode 100644 index 00000000000..5dc6e47cb5e --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/update-login-profile-json.log @@ -0,0 +1 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"EXAMPLE_ID","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY","userName":"Alice","sessionContext":{"attributes":{"mfaAuthenticated":"true","creationDate":"2020-01-10T14:38:30Z"}},"invokedBy":"signin.amazonaws.com"},"eventTime":"2020-01-10T18:25:42Z","eventSource":"iam.amazonaws.com","eventName":"UpdateLoginProfile","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"signin.amazonaws.com","requestParameters":{"userName":"Bob"},"responseElements":null,"requestID":"EXAMPLE-0dc6-447a-8859-EXAMPLE","eventID":"EXAMPLE-c3b6-4498-b818-EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"0123456789012"} diff --git a/filebeat/module/aws/cloudtrail/test/update-login-profile-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/update-login-profile-json.log-expected.json new file mode 100644 index 00000000000..44d123d3591 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/update-login-profile-json.log-expected.json @@ -0,0 +1,40 @@ +[ + { + "@timestamp": "2020-01-10T18:25:42.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{userName=Bob}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.invoked_by": "signin.amazonaws.com", + "aws.cloudtrail.user_identity.session_context.creation_date": "2020-01-10T14:38:30.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "true", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-east-1", + "event.action": "UpdateLoginProfile", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-c3b6-4498-b818-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-10T14:38:30Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-10T18:25:42Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"UpdateLoginProfile\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"userName\":\"Bob\"},\"responseElements\":null,\"requestID\":\"EXAMPLE-0dc6-447a-8859-EXAMPLE\",\"eventID\":\"EXAMPLE-c3b6-4498-b818-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "success", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "related.user": [ + "Bob" + ], + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EXAMPLE_ID", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "signin.amazonaws.com" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log b/filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log new file mode 100644 index 00000000000..6a31d001b62 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log @@ -0,0 +1,2 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"EXAMPLE_ID","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY_ID","userName":"Alice","sessionContext":{"attributes":{"mfaAuthenticated":"true","creationDate":"2020-01-10T14:38:30Z"}},"invokedBy":"signin.amazonaws.com"},"eventTime":"2020-01-10T16:06:54Z","eventSource":"iam.amazonaws.com","eventName":"UpdateSSHPublicKey","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"signin.amazonaws.com","requestParameters":{"status":"Inactive","userName":"Bob","sSHPublicKeyId":"EXAMPLE_KEY_ID"},"responseElements":null,"requestID":"EXAMPLE-32f3-4a92-82e1-EXAMPLE","eventID":"EXAMPLE-5c88-4652-9ee9-EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"0123456789012"} +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"EXAMPLE_ID","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY_ID","userName":"Alice","sessionContext":{"attributes":{"mfaAuthenticated":"true","creationDate":"2020-01-10T14:38:30Z"}},"invokedBy":"signin.amazonaws.com"},"eventTime":"2020-01-10T16:06:54Z","eventSource":"iam.amazonaws.com","eventName":"UpdateSSHPublicKey","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"signin.amazonaws.com","requestParameters":{"status":"Inactive","userName":"Bob","sSHPublicKeyId":"EXAMPLE_KEY_ID"},"responseElements":null,"requestID":"EXAMPLE-32f3-4a92-82e1-EXAMPLE","eventID":"EXAMPLE-5c88-4652-9ee9-EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"0123456789012"} diff --git a/filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log-expected.json new file mode 100644 index 00000000000..fa9671014a7 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log-expected.json @@ -0,0 +1,78 @@ +[ + { + "@timestamp": "2020-01-10T16:06:54.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{sSHPublicKeyId=EXAMPLE_KEY_ID, userName=Bob, status=Inactive}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY_ID", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.invoked_by": "signin.amazonaws.com", + "aws.cloudtrail.user_identity.session_context.creation_date": "2020-01-10T14:38:30.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "true", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-east-1", + "event.action": "UpdateSSHPublicKey", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-5c88-4652-9ee9-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY_ID\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-10T14:38:30Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-10T16:06:54Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"UpdateSSHPublicKey\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"status\":\"Inactive\",\"userName\":\"Bob\",\"sSHPublicKeyId\":\"EXAMPLE_KEY_ID\"},\"responseElements\":null,\"requestID\":\"EXAMPLE-32f3-4a92-82e1-EXAMPLE\",\"eventID\":\"EXAMPLE-5c88-4652-9ee9-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "success", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "related.user": [ + "Bob" + ], + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EXAMPLE_ID", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "signin.amazonaws.com" + }, + { + "@timestamp": "2020-01-10T16:06:54.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{sSHPublicKeyId=EXAMPLE_KEY_ID, userName=Bob, status=Inactive}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY_ID", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.invoked_by": "signin.amazonaws.com", + "aws.cloudtrail.user_identity.session_context.creation_date": "2020-01-10T14:38:30.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "true", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-east-1", + "event.action": "UpdateSSHPublicKey", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-5c88-4652-9ee9-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY_ID\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-10T14:38:30Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-10T16:06:54Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"UpdateSSHPublicKey\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"status\":\"Inactive\",\"userName\":\"Bob\",\"sSHPublicKeyId\":\"EXAMPLE_KEY_ID\"},\"responseElements\":null,\"requestID\":\"EXAMPLE-32f3-4a92-82e1-EXAMPLE\",\"eventID\":\"EXAMPLE-5c88-4652-9ee9-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "success", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 800, + "related.user": [ + "Bob" + ], + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EXAMPLE_ID", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "signin.amazonaws.com" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/update-trail-json.log b/filebeat/module/aws/cloudtrail/test/update-trail-json.log new file mode 100644 index 00000000000..f8a9bc9e2a3 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/update-trail-json.log @@ -0,0 +1,2 @@ +{"eventVersion":"1.04","userIdentity":{"type":"IAMUser","principalId":"EX_PRINCIPAL_ID","arn":"arn:aws:iam::123456789012:user/Alice","accountId":"123456789012","accessKeyId":"EXAMPLE_KEY_ID","userName":"Alice"},"eventTime":"2016-07-14T19:15:45Z","eventSource":"cloudtrail.amazonaws.com","eventName":"UpdateTrail","awsRegion":"us-east-2","sourceIPAddress":"205.251.233.182","userAgent":"aws-cli/1.10.32 Python/2.7.9 Windows/7 botocore/1.4.22","errorCode":"TrailNotFoundException","errorMessage":"Unknown trail: myTrail2 for the user: 123456789012","requestParameters":{"name":"myTrail2"},"responseElements":null,"requestID":"5d40662a-49f7-11e6-97e4-dEXAMPLE","eventID":"b7d4398e-b2f0-4faa-9c76-e2EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"123456789012"} +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"EXAMPLE_ID","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY","userName":"Alice","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"mfaAuthenticated":"true","creationDate":"2020-01-08T15:12:16Z"}},"invokedBy":"signin.amazonaws.com"},"eventTime":"2020-01-08T20:58:45Z","eventSource":"cloudtrail.amazonaws.com","eventName":"UpdateTrail","awsRegion":"us-west-2","sourceIPAddress":"127.0.0.1","userAgent":"signin.amazonaws.com","requestParameters":{"name":"arn:aws:cloudtrail:us-west-2:0123456789012:trail/TEST-trail","s3BucketName":"test-cloudtrail-bucket","snsTopicName":"","isMultiRegionTrail":true,"enableLogFileValidation":false,"kmsKeyId":""},"responseElements":{"name":"TEST-trail","s3BucketName":"test-cloudtrail-bucket","snsTopicName":"","snsTopicARN":"","includeGlobalServiceEvents":true,"isMultiRegionTrail":true,"trailARN":"arn:aws:cloudtrail:us-west-2:0123456789012:trail/TEST-trail","logFileValidationEnabled":false,"isOrganizationTrail":false},"requestID":"EXAMPLE-f3da-42d1-84f5-EXAMPLE","eventID":"EXAMPLE-b5e9-4846-8407-EXAMPLE","readOnly":false,"eventType":"AwsApiCall","recipientAccountId":"0123456789012"} diff --git a/filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json new file mode 100644 index 00000000000..fec80eef8de --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json @@ -0,0 +1,82 @@ +[ + { + "@timestamp": "2016-07-14T19:15:45.000Z", + "aws.cloudtrail.error_code": "TrailNotFoundException", + "aws.cloudtrail.error_message": "Unknown trail: myTrail2 for the user: 123456789012", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.04", + "aws.cloudtrail.recipient_account_id": "123456789012", + "aws.cloudtrail.request_parameters": "{name=myTrail2}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY_ID", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::123456789012:user/Alice", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "123456789012", + "cloud.region": "us-east-2", + "event.action": "UpdateTrail", + "event.dataset": "aws.cloudtrail", + "event.id": "b7d4398e-b2f0-4faa-9c76-e2EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.04\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EX_PRINCIPAL_ID\",\"arn\":\"arn:aws:iam::123456789012:user/Alice\",\"accountId\":\"123456789012\",\"accessKeyId\":\"EXAMPLE_KEY_ID\",\"userName\":\"Alice\"},\"eventTime\":\"2016-07-14T19:15:45Z\",\"eventSource\":\"cloudtrail.amazonaws.com\",\"eventName\":\"UpdateTrail\",\"awsRegion\":\"us-east-2\",\"sourceIPAddress\":\"205.251.233.182\",\"userAgent\":\"aws-cli/1.10.32 Python/2.7.9 Windows/7 botocore/1.4.22\",\"errorCode\":\"TrailNotFoundException\",\"errorMessage\":\"Unknown trail: myTrail2 for the user: 123456789012\",\"requestParameters\":{\"name\":\"myTrail2\"},\"responseElements\":null,\"requestID\":\"5d40662a-49f7-11e6-97e4-dEXAMPLE\",\"eventID\":\"b7d4398e-b2f0-4faa-9c76-e2EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"123456789012\"}", + "event.outcome": "failure", + "event.provider": "cloudtrail.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.address": "205.251.233.182", + "source.geo.city_name": "Boardman", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 45.8491, + "source.geo.location.lon": -119.7143, + "source.geo.region_iso_code": "US-OR", + "source.geo.region_name": "Oregon", + "source.ip": "205.251.233.182", + "user.id": "EX_PRINCIPAL_ID", + "user.name": "Alice", + "user_agent.device.name": "Spider", + "user_agent.name": "aws-cli", + "user_agent.original": "aws-cli/1.10.32 Python/2.7.9 Windows/7 botocore/1.4.22", + "user_agent.os.name": "Windows", + "user_agent.version": "1.10.32" + }, + { + "@timestamp": "2020-01-08T20:58:45.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.read_only": false, + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{isMultiRegionTrail=true, s3BucketName=test-cloudtrail-bucket, snsTopicName=, name=arn:aws:cloudtrail:us-west-2:0123456789012:trail/TEST-trail, enableLogFileValidation=false, kmsKeyId=}", + "aws.cloudtrail.response_elements": "{snsTopicARN=, logFileValidationEnabled=false, isMultiRegionTrail=true, s3BucketName=test-cloudtrail-bucket, snsTopicName=, name=TEST-trail, trailARN=arn:aws:cloudtrail:us-west-2:0123456789012:trail/TEST-trail, isOrganizationTrail=false, includeGlobalServiceEvents=true}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.invoked_by": "signin.amazonaws.com", + "aws.cloudtrail.user_identity.session_context.creation_date": "2020-01-08T15:12:16.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "true", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-west-2", + "event.action": "UpdateTrail", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-b5e9-4846-8407-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\",\"sessionContext\":{\"sessionIssuer\":{},\"webIdFederationData\":{},\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-08T15:12:16Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-08T20:58:45Z\",\"eventSource\":\"cloudtrail.amazonaws.com\",\"eventName\":\"UpdateTrail\",\"awsRegion\":\"us-west-2\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"name\":\"arn:aws:cloudtrail:us-west-2:0123456789012:trail/TEST-trail\",\"s3BucketName\":\"test-cloudtrail-bucket\",\"snsTopicName\":\"\",\"isMultiRegionTrail\":true,\"enableLogFileValidation\":false,\"kmsKeyId\":\"\"},\"responseElements\":{\"name\":\"TEST-trail\",\"s3BucketName\":\"test-cloudtrail-bucket\",\"snsTopicName\":\"\",\"snsTopicARN\":\"\",\"includeGlobalServiceEvents\":true,\"isMultiRegionTrail\":true,\"trailARN\":\"arn:aws:cloudtrail:us-west-2:0123456789012:trail/TEST-trail\",\"logFileValidationEnabled\":false,\"isOrganizationTrail\":false},\"requestID\":\"EXAMPLE-f3da-42d1-84f5-EXAMPLE\",\"eventID\":\"EXAMPLE-b5e9-4846-8407-EXAMPLE\",\"readOnly\":false,\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "success", + "event.provider": "cloudtrail.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 766, + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EXAMPLE_ID", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "signin.amazonaws.com" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/update-user-json.log b/filebeat/module/aws/cloudtrail/test/update-user-json.log new file mode 100644 index 00000000000..62721399a40 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/update-user-json.log @@ -0,0 +1,2 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"EX_PRINCIPAL_ID","arn":"arn:aws:iam::123456789012:user/Alice","accountId":"123456789012","accessKeyId":"EXAMPLE_KEY_ID","userName":"Alice"},"eventTime":"2020-01-08T20:53:12Z","eventSource":"iam.amazonaws.com","eventName":"UpdateUser","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46","requestParameters":{"userName":"Bob","newUserName":"Robert"},"responseElements":null,"requestID":"3a6b3260-739d-465e-9406-bcEXAMPLE","eventID":"9150d546-3564-4262-8e62-110EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"123456789012"} + diff --git a/filebeat/module/aws/cloudtrail/test/update-user-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/update-user-json.log-expected.json new file mode 100644 index 00000000000..ace5d1290d2 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/update-user-json.log-expected.json @@ -0,0 +1,39 @@ +[ + { + "@timestamp": "2020-01-08T20:53:12.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "123456789012", + "aws.cloudtrail.request_parameters": "{newUserName=Robert, userName=Bob}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY_ID", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::123456789012:user/Alice", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "123456789012", + "cloud.region": "us-east-1", + "event.action": "UpdateUser", + "event.dataset": "aws.cloudtrail", + "event.id": "9150d546-3564-4262-8e62-110EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EX_PRINCIPAL_ID\",\"arn\":\"arn:aws:iam::123456789012:user/Alice\",\"accountId\":\"123456789012\",\"accessKeyId\":\"EXAMPLE_KEY_ID\",\"userName\":\"Alice\"},\"eventTime\":\"2020-01-08T20:53:12Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"UpdateUser\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46\",\"requestParameters\":{\"userName\":\"Bob\",\"newUserName\":\"Robert\"},\"responseElements\":null,\"requestID\":\"3a6b3260-739d-465e-9406-bcEXAMPLE\",\"eventID\":\"9150d546-3564-4262-8e62-110EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"123456789012\"}", + "event.outcome": "success", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "related.user": [ + "Bob", + "Robert" + ], + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EX_PRINCIPAL_ID", + "user.name": "Alice", + "user_agent.device.name": "Spider", + "user_agent.name": "aws-cli", + "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", + "user_agent.version": "1.16.310" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log b/filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log new file mode 100644 index 00000000000..0db4791855b --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log @@ -0,0 +1 @@ +{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"EXAMPLE_ID","arn":"arn:aws:iam::0123456789012:user/Alice","accountId":"0123456789012","accessKeyId":"EXAMPLE_KEY","userName":"Alice","sessionContext":{"attributes":{"mfaAuthenticated":"true","creationDate":"2020-01-10T14:38:30Z"}},"invokedBy":"signin.amazonaws.com"},"eventTime":"2020-01-10T16:06:40Z","eventSource":"iam.amazonaws.com","eventName":"UploadSSHPublicKey","awsRegion":"us-east-1","sourceIPAddress":"127.0.0.1","userAgent":"signin.amazonaws.com","requestParameters":{"sSHPublicKeyBody":"ssh-rsa AAAAdeadcodedeadcode Alice@localhost.domain","userName":"Alice"},"responseElements":{"sSHPublicKey":{"fingerprint":"de:ad:c0:de:de:ad:c0:de:de:ad:c0:de:de:ad:c0:de","status":"Active","uploadDate":"Jan 10, 2020 4:06:40 PM","userName":"Alice","sSHPublicKeyId":"EXAMPLE_KEY_ID","sSHPublicKeyBody":"ssh-rsa AAAAdeadcodedeadcode Alice@localhost.domain"}},"requestID":"EXAMPLE-44b9-41cd-90f2-EXAMPLE","eventID":"EXAMPLE-9a9d-4da4-9998-EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"0123456789012"} diff --git a/filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log-expected.json b/filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log-expected.json new file mode 100644 index 00000000000..bbed1e444f6 --- /dev/null +++ b/filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log-expected.json @@ -0,0 +1,41 @@ +[ + { + "@timestamp": "2020-01-10T16:06:40.000Z", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.05", + "aws.cloudtrail.recipient_account_id": "0123456789012", + "aws.cloudtrail.request_parameters": "{sSHPublicKeyBody=ssh-rsa AAAAdeadcodedeadcode Alice@localhost.domain, userName=Alice}", + "aws.cloudtrail.response_elements": "{sSHPublicKey={sSHPublicKeyBody=ssh-rsa AAAAdeadcodedeadcode Alice@localhost.domain, sSHPublicKeyId=EXAMPLE_KEY_ID, uploadDate=Jan 10, 2020 4:06:40 PM, fingerprint=de:ad:c0:de:de:ad:c0:de:de:ad:c0:de:de:ad:c0:de, userName=Alice, status=Active}}", + "aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice", + "aws.cloudtrail.user_identity.invoked_by": "signin.amazonaws.com", + "aws.cloudtrail.user_identity.session_context.creation_date": "2020-01-10T14:38:30.000Z", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "true", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "0123456789012", + "cloud.region": "us-east-1", + "event.action": "UploadSSHPublicKey", + "event.dataset": "aws.cloudtrail", + "event.id": "EXAMPLE-9a9d-4da4-9998-EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-10T14:38:30Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-10T16:06:40Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"UploadSSHPublicKey\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"sSHPublicKeyBody\":\"ssh-rsa AAAAdeadcodedeadcode Alice@localhost.domain\",\"userName\":\"Alice\"},\"responseElements\":{\"sSHPublicKey\":{\"fingerprint\":\"de:ad:c0:de:de:ad:c0:de:de:ad:c0:de:de:ad:c0:de\",\"status\":\"Active\",\"uploadDate\":\"Jan 10, 2020 4:06:40 PM\",\"userName\":\"Alice\",\"sSHPublicKeyId\":\"EXAMPLE_KEY_ID\",\"sSHPublicKeyBody\":\"ssh-rsa AAAAdeadcodedeadcode Alice@localhost.domain\"}},\"requestID\":\"EXAMPLE-44b9-41cd-90f2-EXAMPLE\",\"eventID\":\"EXAMPLE-9a9d-4da4-9998-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", + "event.outcome": "success", + "event.provider": "iam.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "related.user": [ + "Alice" + ], + "service.type": "aws", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.id": "EXAMPLE_ID", + "user.name": "Alice", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "signin.amazonaws.com" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/cloudwatch/_meta/fields.yml b/filebeat/module/aws/cloudwatch/_meta/fields.yml new file mode 100644 index 00000000000..7d80e27ed15 --- /dev/null +++ b/filebeat/module/aws/cloudwatch/_meta/fields.yml @@ -0,0 +1,11 @@ +- name: cloudwatch + type: group + release: beta + default_field: false + description: > + Fields for AWS CloudWatch logs. + fields: + - name: message + type: text + description: > + CloudWatch log message. diff --git a/filebeat/module/aws/cloudwatch/config/file.yml b/filebeat/module/aws/cloudwatch/config/file.yml new file mode 100644 index 00000000000..8bfbcc9f802 --- /dev/null +++ b/filebeat/module/aws/cloudwatch/config/file.yml @@ -0,0 +1,6 @@ +type: log +paths: + {{ range $i, $path := .paths }} + - {{$path}} + {{ end }} +exclude_files: [".gz$"] diff --git a/filebeat/module/aws/cloudwatch/config/s3.yml b/filebeat/module/aws/cloudwatch/config/s3.yml new file mode 100644 index 00000000000..44d98fd8c1a --- /dev/null +++ b/filebeat/module/aws/cloudwatch/config/s3.yml @@ -0,0 +1,38 @@ +type: s3 +queue_url: {{ .queue_url }} + +{{ if .credential_profile_name }} +credential_profile_name: {{ .credential_profile_name }} +{{ end }} + +{{ if .shared_credential_file }} +shared_credential_file: {{ .shared_credential_file }} +{{ end }} + +{{ if .visibility_timeout }} +visibility_timeout: {{ .visibility_timeout }} +{{ end }} + +{{ if .api_timeout }} +api_timeout: {{ .api_timeout }} +{{ end }} + +{{ if .endpoint }} +endpoint: {{ .endpoint }} +{{ end }} + +{{ if .access_key_id }} +access_key_id: {{ .access_key_id }} +{{ end }} + +{{ if .secret_access_key }} +secret_access_key: {{ .secret_access_key }} +{{ end }} + +{{ if .session_token }} +session_token: {{ .session_token }} +{{ end }} + +{{ if .role_arn }} +role_arn: {{ .role_arn }} +{{ end }} diff --git a/filebeat/module/aws/cloudwatch/ingest/pipeline.yml b/filebeat/module/aws/cloudwatch/ingest/pipeline.yml new file mode 100644 index 00000000000..ff7e20d1c3d --- /dev/null +++ b/filebeat/module/aws/cloudwatch/ingest/pipeline.yml @@ -0,0 +1,25 @@ +description: "Pipeline for CloudWatch logs" + +processors: + - grok: + field: message + patterns: + - "%{TIMESTAMP_ISO8601:_tmp.timestamp} %{SYSLOGTIMESTAMP:_tmp.syslog_timestamp} %{GREEDYDATA:aws.cloudwatch.message}" + - "%{TIMESTAMP_ISO8601:_tmp.timestamp} %{GREEDYDATA:aws.cloudwatch.message}" + + - date: + field: '_tmp.timestamp' + target_field: "@timestamp" + ignore_failure: true + formats: + - 'ISO8601' + + - remove: + field: + - _tmp + ignore_missing: true + +on_failure: + - set: + field: "error.message" + value: "{{ _ingest.on_failure_message }}" diff --git a/filebeat/module/aws/cloudwatch/manifest.yml b/filebeat/module/aws/cloudwatch/manifest.yml new file mode 100644 index 00000000000..16d188c1c0d --- /dev/null +++ b/filebeat/module/aws/cloudwatch/manifest.yml @@ -0,0 +1,18 @@ +module_version: 1.0 + +var: + - name: input + default: s3 + - name: queue_url + - name: shared_credential_file + - name: credential_profile_name + - name: visibility_timeout + - name: api_timeout + - name: endpoint + - name: access_key_id + - name: secret_access_key + - name: session_token + - name: role_arn + +ingest_pipeline: ingest/pipeline.yml +input: config/{{.input}}.yml diff --git a/filebeat/module/aws/cloudwatch/test/cloudwatch_ec2.log b/filebeat/module/aws/cloudwatch/test/cloudwatch_ec2.log new file mode 100644 index 00000000000..4487fdf08d2 --- /dev/null +++ b/filebeat/module/aws/cloudwatch/test/cloudwatch_ec2.log @@ -0,0 +1,6 @@ +2020-02-20T07:01:01.000Z Feb 20 07:01:01 ip-172-31-81-156 systemd: Stopping User Slice of root. +2020-02-20T07:02:18.000Z Feb 20 07:02:18 ip-172-31-81-156 dhclient[3000]: XMT: Solicit on eth0, interval 125240ms. +2020-02-20T07:02:37.000Z Feb 20 07:02:37 ip-172-31-81-156 dhclient[2898]: DHCPREQUEST on eth0 to 172.31.80.1 port 67 (xid=0x4575af22) +2020-02-20T07:02:37.000Z Feb 20 07:02:37 ip-172-31-81-156 dhclient[2898]: DHCPACK from 172.31.80.1 (xid=0x4575af22) +2020-02-20T07:02:37.000Z Feb 20 07:02:37 ip-172-31-81-156 dhclient[2898]: bound to 172.31.81.156 -- renewal in 1599 seconds. +2020-02-20T07:02:37.000Z Feb 20 07:02:37 ip-172-31-81-156 ec2net: [get_meta] Trying to get http://169.254.169.254/latest/meta-data/network/interfaces/macs/12:e2:a9:95:8b:97/local-ipv4s diff --git a/filebeat/module/aws/cloudwatch/test/cloudwatch_ec2.log-expected.json b/filebeat/module/aws/cloudwatch/test/cloudwatch_ec2.log-expected.json new file mode 100644 index 00000000000..bdc8b0c3a72 --- /dev/null +++ b/filebeat/module/aws/cloudwatch/test/cloudwatch_ec2.log-expected.json @@ -0,0 +1,68 @@ +[ + { + "@timestamp": "2020-02-20T07:01:01.000Z", + "aws.cloudwatch.message": "ip-172-31-81-156 systemd: Stopping User Slice of root.", + "event.dataset": "aws.cloudwatch", + "event.module": "aws", + "fileset.name": "cloudwatch", + "input.type": "log", + "log.offset": 0, + "message": "2020-02-20T07:01:01.000Z Feb 20 07:01:01 ip-172-31-81-156 systemd: Stopping User Slice of root.", + "service.type": "aws" + }, + { + "@timestamp": "2020-02-20T07:02:18.000Z", + "aws.cloudwatch.message": "ip-172-31-81-156 dhclient[3000]: XMT: Solicit on eth0, interval 125240ms.", + "event.dataset": "aws.cloudwatch", + "event.module": "aws", + "fileset.name": "cloudwatch", + "input.type": "log", + "log.offset": 96, + "message": "2020-02-20T07:02:18.000Z Feb 20 07:02:18 ip-172-31-81-156 dhclient[3000]: XMT: Solicit on eth0, interval 125240ms.", + "service.type": "aws" + }, + { + "@timestamp": "2020-02-20T07:02:37.000Z", + "aws.cloudwatch.message": "ip-172-31-81-156 dhclient[2898]: DHCPREQUEST on eth0 to 172.31.80.1 port 67 (xid=0x4575af22)", + "event.dataset": "aws.cloudwatch", + "event.module": "aws", + "fileset.name": "cloudwatch", + "input.type": "log", + "log.offset": 211, + "message": "2020-02-20T07:02:37.000Z Feb 20 07:02:37 ip-172-31-81-156 dhclient[2898]: DHCPREQUEST on eth0 to 172.31.80.1 port 67 (xid=0x4575af22)", + "service.type": "aws" + }, + { + "@timestamp": "2020-02-20T07:02:37.000Z", + "aws.cloudwatch.message": "ip-172-31-81-156 dhclient[2898]: DHCPACK from 172.31.80.1 (xid=0x4575af22)", + "event.dataset": "aws.cloudwatch", + "event.module": "aws", + "fileset.name": "cloudwatch", + "input.type": "log", + "log.offset": 345, + "message": "2020-02-20T07:02:37.000Z Feb 20 07:02:37 ip-172-31-81-156 dhclient[2898]: DHCPACK from 172.31.80.1 (xid=0x4575af22)", + "service.type": "aws" + }, + { + "@timestamp": "2020-02-20T07:02:37.000Z", + "aws.cloudwatch.message": "ip-172-31-81-156 dhclient[2898]: bound to 172.31.81.156 -- renewal in 1599 seconds.", + "event.dataset": "aws.cloudwatch", + "event.module": "aws", + "fileset.name": "cloudwatch", + "input.type": "log", + "log.offset": 461, + "message": "2020-02-20T07:02:37.000Z Feb 20 07:02:37 ip-172-31-81-156 dhclient[2898]: bound to 172.31.81.156 -- renewal in 1599 seconds.", + "service.type": "aws" + }, + { + "@timestamp": "2020-02-20T07:02:37.000Z", + "aws.cloudwatch.message": "ip-172-31-81-156 ec2net: [get_meta] Trying to get http://169.254.169.254/latest/meta-data/network/interfaces/macs/12:e2:a9:95:8b:97/local-ipv4s", + "event.dataset": "aws.cloudwatch", + "event.module": "aws", + "fileset.name": "cloudwatch", + "input.type": "log", + "log.offset": 586, + "message": "2020-02-20T07:02:37.000Z Feb 20 07:02:37 ip-172-31-81-156 ec2net: [get_meta] Trying to get http://169.254.169.254/latest/meta-data/network/interfaces/macs/12:e2:a9:95:8b:97/local-ipv4s", + "service.type": "aws" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/ec2/_meta/fields.epr.yml b/filebeat/module/aws/ec2/_meta/fields.epr.yml new file mode 100644 index 00000000000..3a22e7a7e80 --- /dev/null +++ b/filebeat/module/aws/ec2/_meta/fields.epr.yml @@ -0,0 +1,3 @@ +- name: process.name + type: keyword + description: Process name. diff --git a/filebeat/module/aws/ec2/_meta/fields.yml b/filebeat/module/aws/ec2/_meta/fields.yml new file mode 100644 index 00000000000..f6c21a4d7b6 --- /dev/null +++ b/filebeat/module/aws/ec2/_meta/fields.yml @@ -0,0 +1,11 @@ +- name: ec2 + type: group + release: beta + default_field: false + description: > + Fields for AWS EC2 logs in CloudWatch. + fields: + - name: ip_address + type: keyword + description: > + The internet address of the requester. diff --git a/filebeat/module/aws/ec2/config/file.yml b/filebeat/module/aws/ec2/config/file.yml new file mode 100644 index 00000000000..8bfbcc9f802 --- /dev/null +++ b/filebeat/module/aws/ec2/config/file.yml @@ -0,0 +1,6 @@ +type: log +paths: + {{ range $i, $path := .paths }} + - {{$path}} + {{ end }} +exclude_files: [".gz$"] diff --git a/filebeat/module/aws/ec2/config/s3.yml b/filebeat/module/aws/ec2/config/s3.yml new file mode 100644 index 00000000000..44d98fd8c1a --- /dev/null +++ b/filebeat/module/aws/ec2/config/s3.yml @@ -0,0 +1,38 @@ +type: s3 +queue_url: {{ .queue_url }} + +{{ if .credential_profile_name }} +credential_profile_name: {{ .credential_profile_name }} +{{ end }} + +{{ if .shared_credential_file }} +shared_credential_file: {{ .shared_credential_file }} +{{ end }} + +{{ if .visibility_timeout }} +visibility_timeout: {{ .visibility_timeout }} +{{ end }} + +{{ if .api_timeout }} +api_timeout: {{ .api_timeout }} +{{ end }} + +{{ if .endpoint }} +endpoint: {{ .endpoint }} +{{ end }} + +{{ if .access_key_id }} +access_key_id: {{ .access_key_id }} +{{ end }} + +{{ if .secret_access_key }} +secret_access_key: {{ .secret_access_key }} +{{ end }} + +{{ if .session_token }} +session_token: {{ .session_token }} +{{ end }} + +{{ if .role_arn }} +role_arn: {{ .role_arn }} +{{ end }} diff --git a/filebeat/module/aws/ec2/ingest/pipeline.yml b/filebeat/module/aws/ec2/ingest/pipeline.yml new file mode 100644 index 00000000000..0ada24c6f77 --- /dev/null +++ b/filebeat/module/aws/ec2/ingest/pipeline.yml @@ -0,0 +1,24 @@ +description: "Pipeline for EC2 logs in CloudWatch" + +processors: + - grok: + field: message + patterns: + - "%{TIMESTAMP_ISO8601:_tmp.timestamp} %{SYSLOGTIMESTAMP:_tmp.syslog_timestamp} %{IPORHOST:aws.ec2.ip_address} %{DATA:process.name}(?:\\[%{POSINT:process.pid}\\])?: %{GREEDYDATA:message}" + + - date: + field: '_tmp.timestamp' + target_field: "@timestamp" + ignore_failure: true + formats: + - 'ISO8601' + + - remove: + field: + - _tmp + ignore_missing: true + +on_failure: + - set: + field: "error.message" + value: "{{ _ingest.on_failure_message }}" diff --git a/filebeat/module/aws/ec2/manifest.yml b/filebeat/module/aws/ec2/manifest.yml new file mode 100644 index 00000000000..16d188c1c0d --- /dev/null +++ b/filebeat/module/aws/ec2/manifest.yml @@ -0,0 +1,18 @@ +module_version: 1.0 + +var: + - name: input + default: s3 + - name: queue_url + - name: shared_credential_file + - name: credential_profile_name + - name: visibility_timeout + - name: api_timeout + - name: endpoint + - name: access_key_id + - name: secret_access_key + - name: session_token + - name: role_arn + +ingest_pipeline: ingest/pipeline.yml +input: config/{{.input}}.yml diff --git a/filebeat/module/aws/ec2/test/ec2.log b/filebeat/module/aws/ec2/test/ec2.log new file mode 100644 index 00000000000..4487fdf08d2 --- /dev/null +++ b/filebeat/module/aws/ec2/test/ec2.log @@ -0,0 +1,6 @@ +2020-02-20T07:01:01.000Z Feb 20 07:01:01 ip-172-31-81-156 systemd: Stopping User Slice of root. +2020-02-20T07:02:18.000Z Feb 20 07:02:18 ip-172-31-81-156 dhclient[3000]: XMT: Solicit on eth0, interval 125240ms. +2020-02-20T07:02:37.000Z Feb 20 07:02:37 ip-172-31-81-156 dhclient[2898]: DHCPREQUEST on eth0 to 172.31.80.1 port 67 (xid=0x4575af22) +2020-02-20T07:02:37.000Z Feb 20 07:02:37 ip-172-31-81-156 dhclient[2898]: DHCPACK from 172.31.80.1 (xid=0x4575af22) +2020-02-20T07:02:37.000Z Feb 20 07:02:37 ip-172-31-81-156 dhclient[2898]: bound to 172.31.81.156 -- renewal in 1599 seconds. +2020-02-20T07:02:37.000Z Feb 20 07:02:37 ip-172-31-81-156 ec2net: [get_meta] Trying to get http://169.254.169.254/latest/meta-data/network/interfaces/macs/12:e2:a9:95:8b:97/local-ipv4s diff --git a/filebeat/module/aws/ec2/test/ec2.log-expected.json b/filebeat/module/aws/ec2/test/ec2.log-expected.json new file mode 100644 index 00000000000..c2635e6a802 --- /dev/null +++ b/filebeat/module/aws/ec2/test/ec2.log-expected.json @@ -0,0 +1,78 @@ +[ + { + "@timestamp": "2020-02-20T07:01:01.000Z", + "aws.ec2.ip_address": "ip-172-31-81-156", + "event.dataset": "aws.ec2", + "event.module": "aws", + "fileset.name": "ec2", + "input.type": "log", + "log.offset": 0, + "message": "Stopping User Slice of root.", + "process.name": "systemd", + "service.type": "aws" + }, + { + "@timestamp": "2020-02-20T07:02:18.000Z", + "aws.ec2.ip_address": "ip-172-31-81-156", + "event.dataset": "aws.ec2", + "event.module": "aws", + "fileset.name": "ec2", + "input.type": "log", + "log.offset": 96, + "message": "XMT: Solicit on eth0, interval 125240ms.", + "process.name": "dhclient", + "process.pid": "3000", + "service.type": "aws" + }, + { + "@timestamp": "2020-02-20T07:02:37.000Z", + "aws.ec2.ip_address": "ip-172-31-81-156", + "event.dataset": "aws.ec2", + "event.module": "aws", + "fileset.name": "ec2", + "input.type": "log", + "log.offset": 211, + "message": "DHCPREQUEST on eth0 to 172.31.80.1 port 67 (xid=0x4575af22)", + "process.name": "dhclient", + "process.pid": "2898", + "service.type": "aws" + }, + { + "@timestamp": "2020-02-20T07:02:37.000Z", + "aws.ec2.ip_address": "ip-172-31-81-156", + "event.dataset": "aws.ec2", + "event.module": "aws", + "fileset.name": "ec2", + "input.type": "log", + "log.offset": 345, + "message": "DHCPACK from 172.31.80.1 (xid=0x4575af22)", + "process.name": "dhclient", + "process.pid": "2898", + "service.type": "aws" + }, + { + "@timestamp": "2020-02-20T07:02:37.000Z", + "aws.ec2.ip_address": "ip-172-31-81-156", + "event.dataset": "aws.ec2", + "event.module": "aws", + "fileset.name": "ec2", + "input.type": "log", + "log.offset": 461, + "message": "bound to 172.31.81.156 -- renewal in 1599 seconds.", + "process.name": "dhclient", + "process.pid": "2898", + "service.type": "aws" + }, + { + "@timestamp": "2020-02-20T07:02:37.000Z", + "aws.ec2.ip_address": "ip-172-31-81-156", + "event.dataset": "aws.ec2", + "event.module": "aws", + "fileset.name": "ec2", + "input.type": "log", + "log.offset": 586, + "message": "[get_meta] Trying to get http://169.254.169.254/latest/meta-data/network/interfaces/macs/12:e2:a9:95:8b:97/local-ipv4s", + "process.name": "ec2net", + "service.type": "aws" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/elb/README.md b/filebeat/module/aws/elb/README.md new file mode 100644 index 00000000000..9b5d84ffbf3 --- /dev/null +++ b/filebeat/module/aws/elb/README.md @@ -0,0 +1,64 @@ +Filebeat module for AWS ELB +=== + +Module for the AWS load balancers, it supports the following flavours: + +* ELB (Classic Load Balancer) +* Application Load Balancer (V2 Load Balancer for HTTP) +* Network Load Balancer (V2 Load Balancer for TCP and UDP - UDP not tested) + +Implementation based on the description of the access logs from the +documentation that can be found in: + +* ELB: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.html +* Application LB: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html +* Network LB: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-access-logs.html + +Test files starting with `example` are copied or based on examples of this +documentation. + + +How to manual test this module +=== + +* Create an ELB and enable access logs for it. A terraform scenario is included + as example, read the section below about this if you want to use it. +* Make some requests to the load balancer. +* Configure filebeat, using the queue url from `terraform output sqs_queue_url`. +``` +filebeat.modules: +- module: aws + elb: + enabled: true + var.queue_url: + var.credential_profile_name: + s3access: + enabled: false +``` +* Check parsed logs + +Please notice that ELB logs can take some minutes before being available in S3. + + +Using terraform to deploy a testing scenario +==== + +Terraform configuration is included in the metricset to deploy an scenario that deploys +some instances with running services and a set of load balancers for these +services. + +Configuration files can be found in `_meta/terraform`, and deployed with +`terraform apply`. It will get credentials from your configuration, some +settings can be overriden using Terraform variables (see `vars.tf` file). + +Once deployed, information about the resources can be queried with `terraform +output`, for example to query the different load balancers: + * ELB (classic) load balancer, HTTP listener: `curl $(terraform output elb_http_address)/` + * ELB (classic) load balancer, TCP listener: `curl $(terraform output elb_tcp_address)/` + * Application Load Balancer (HTTP): `curl $(terraform output lb_http_address)/` + * Application Load Balancer (TCP): `curl $(terraform output lb_tcp_address)/` + +SQS queue URL needed for configuration of filebeat can be obtained with +`terraform output sqs_queue_url`. + +Remember to remove the scenario when not needed with `terraform destroy`. diff --git a/filebeat/module/aws/elb/_meta/fields.epr.yml b/filebeat/module/aws/elb/_meta/fields.epr.yml new file mode 100644 index 00000000000..f548842e70f --- /dev/null +++ b/filebeat/module/aws/elb/_meta/fields.epr.yml @@ -0,0 +1,78 @@ +- name: destination.domain + type: keyword + description: Destination domain. +- name: event.start + type: date + description: event.start contains the date when the event started or when the activity was first observed. +- name: destination.bytes + type: long + description: Bytes sent from the destination to the source. +- name: http.response.status_code + type: long + description: HTTP response status code. +- name: http.request.body.bytes + type: long + description: Size in bytes of the request body. +- name: http.response.body.bytes + type: long + description: Size in bytes of the response body. +- name: http.request.method + type: keyword + description: HTTP request method. +- name: http.request.referrer + type: keyword + description: Referrer for this HTTP request. +- name: http.version + type: keyword + description: HTTP version. +- name: user_agent.original + type: keyword + description: Unparsed user_agent string. +- name: cloud.provider + type: keyword + description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. +- name: event.kind + type: keyword + description: Event kind (e.g. event, alert, metric, state, pipeline_error, sig +- name: event.category + type: keyword + description: Event category (e.g. database) +- name: event.outcome + type: keyword + description: This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. +- name: tracing.trace.id + type: keyword + description: Unique identifier of the trace. +- name: event.end + type: date + description: event.end contains the date when the event ended or when the activity was last observed. +- name: source.ip + type: ip + description: IP address of the source. +- name: source.as.number + type: long + description: Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. +- name: source.as.organization.name + type: keyword + description: Organization name. +- name: source.geo.city_name + type: keyword + description: City name. +- name: source.geo.continent_name + type: keyword + description: Name of the continent. +- name: source.geo.country_iso_code + type: keyword + description: Country ISO code. +- name: source.geo.location + type: geo_point + description: Longitude and latitude. +- name: source.geo.region_iso_code + type: keyword + description: Region ISO code. +- name: source.geo.region_name + type: keyword + description: Region name. +- name: source.port + type: long + description: Port of the source. diff --git a/filebeat/module/aws/elb/_meta/fields.yml b/filebeat/module/aws/elb/_meta/fields.yml new file mode 100644 index 00000000000..9ddfb123901 --- /dev/null +++ b/filebeat/module/aws/elb/_meta/fields.yml @@ -0,0 +1,102 @@ +- name: elb + type: group + release: ga + description: > + Fields for AWS ELB logs. + fields: + - name: name + type: keyword + description: > + The name of the load balancer. + - name: type + type: keyword + description: > + The type of the load balancer for v2 Load Balancers. + - name: target_group.arn + type: keyword + description: > + The ARN of the target group handling the request. + - name: listener + type: keyword + description: > + The ELB listener that received the connection. + - name: protocol + type: keyword + description: > + The protocol of the load balancer (http or tcp). + - name: request_processing_time.sec + type: float + description: > + The total time in seconds since the connection or request is received until it is sent to a registered backend. + - name: backend_processing_time.sec + type: float + description: > + The total time in seconds since the connection is sent to the backend till the backend starts responding. + - name: response_processing_time.sec + type: float + description: > + The total time in seconds since the response is received from the backend till it is sent to the client. + - name: connection_time.ms + type: long + description: > + The total time of the connection in milliseconds, since it is opened till it is closed. + - name: tls_handshake_time.ms + type: long + description: > + The total time for the TLS handshake to complete in milliseconds once the connection has been established. + - name: backend.ip + type: keyword + description: > + The IP address of the backend processing this connection. + - name: backend.port + type: keyword + description: > + The port in the backend processing this connection. + - name: backend.http.response.status_code + type: keyword + description: > + The status code from the backend (status code sent to the client from ELB is stored in `http.response.status_code` + - name: ssl_cipher + type: keyword + description: > + The SSL cipher used in TLS/SSL connections. + - name: ssl_protocol + type: keyword + description: > + The SSL protocol used in TLS/SSL connections. + - name: chosen_cert.arn + type: keyword + description: > + The ARN of the chosen certificate presented to the client in TLS/SSL connections. + - name: chosen_cert.serial + type: keyword + description: > + The serial number of the chosen certificate presented to the client in TLS/SSL connections. + - name: incoming_tls_alert + type: keyword + description: > + The integer value of TLS alerts received by the load balancer from the client, if present. + - name: tls_named_group + type: keyword + description: > + The TLS named group. + - name: trace_id + type: keyword + description: > + The contents of the `X-Amzn-Trace-Id` header. + - name: matched_rule_priority + type: keyword + description: > + The priority value of the rule that matched the request, if a rule matched. + - name: action_executed + type: keyword + description: > + The action executed when processing the request (forward, fixed-response, authenticate...). It can contain several values. + - name: redirect_url + type: keyword + description: > + The URL used if a redirection action was executed. + - name: error.reason + type: keyword + description: > + The error reason if the executed action failed. diff --git a/filebeat/module/aws/elb/_meta/terraform/.gitignore b/filebeat/module/aws/elb/_meta/terraform/.gitignore new file mode 100644 index 00000000000..9e9c81cf46c --- /dev/null +++ b/filebeat/module/aws/elb/_meta/terraform/.gitignore @@ -0,0 +1,2 @@ +.terraform +*.tfstate* diff --git a/filebeat/module/aws/elb/_meta/terraform/aws.tf b/filebeat/module/aws/elb/_meta/terraform/aws.tf new file mode 100644 index 00000000000..6e4efda02aa --- /dev/null +++ b/filebeat/module/aws/elb/_meta/terraform/aws.tf @@ -0,0 +1,8 @@ +provider "aws" { + version = "~> 2.8" + profile = var.profile + region = var.region +} + +# Needed to access the service arns +data "aws_elb_service_account" "main" {} diff --git a/filebeat/module/aws/elb/_meta/terraform/bucket.tf b/filebeat/module/aws/elb/_meta/terraform/bucket.tf new file mode 100644 index 00000000000..2031127c911 --- /dev/null +++ b/filebeat/module/aws/elb/_meta/terraform/bucket.tf @@ -0,0 +1,104 @@ +resource "aws_s3_bucket" "test_elb_logs" { + bucket = var.bucket_name + acl = "private" + + # Bucket can be destroyed with terraform destroy even if it has objects + force_destroy = true +} + +resource "aws_s3_bucket_policy" "write_logs" { + bucket = "${aws_s3_bucket.test_elb_logs.id}" + policy = "${data.aws_iam_policy_document.s3_bucket_lb_write.json}" +} + +data "aws_iam_policy_document" "s3_bucket_lb_write" { + policy_id = "s3_bucket_lb_logs" + + # Required by Classic and Application Load Balancers + statement { + actions = [ + "s3:PutObject", + ] + resources = ["${aws_s3_bucket.test_elb_logs.arn}/*"] + + principals { + identifiers = ["${data.aws_elb_service_account.main.arn}"] + type = "AWS" + } + } + + # Network Load Balancers log through delivery.logs.amazonaws.com service + statement { + actions = [ + "s3:PutObject", + ] + resources = ["${aws_s3_bucket.test_elb_logs.arn}/*"] + principals { + identifiers = ["delivery.logs.amazonaws.com"] + type = "Service" + } + } + + statement { + actions = [ + "s3:GetBucketAcl" + ] + resources = ["${aws_s3_bucket.test_elb_logs.arn}"] + principals { + identifiers = ["delivery.logs.amazonaws.com"] + type = "Service" + } + } +} + +output "bucket_name" { + value = "${aws_s3_bucket.test_elb_logs.bucket}" +} + +resource "aws_sqs_queue" "queue" { + name = var.queue_name +} + +resource "aws_sqs_queue_policy" "receive_s3_event" { + queue_url = "${aws_sqs_queue.queue.id}" + policy = "${data.aws_iam_policy_document.sqs_receive_s3_event.json}" +} + +data "aws_sqs_queue" "queue" { + name = "${aws_sqs_queue.queue.name}" +} + +output "sqs_queue_url" { + value = "${data.aws_sqs_queue.queue.url}" +} + +resource "aws_s3_bucket_notification" "bucket_notification" { + bucket = "${aws_s3_bucket.test_elb_logs.id}" + + depends_on = ["aws_sqs_queue_policy.receive_s3_event"] + + queue { + queue_arn = "${aws_sqs_queue.queue.arn}" + events = ["s3:ObjectCreated:*"] + } +} + +data "aws_iam_policy_document" "sqs_receive_s3_event" { + policy_id = "sqs_receive_s3_event" + + statement { + actions = ["sqs:SendMessage"] + resources = ["${aws_sqs_queue.queue.arn}"] + + principals { + identifiers = ["*"] + type = "AWS" + } + + condition { + test = "ArnEquals" + variable = "aws:SourceArn" + values = ["${aws_s3_bucket.test_elb_logs.arn}"] + } + } +} diff --git a/filebeat/module/aws/elb/_meta/terraform/elb.tf b/filebeat/module/aws/elb/_meta/terraform/elb.tf new file mode 100644 index 00000000000..b7d4bf14437 --- /dev/null +++ b/filebeat/module/aws/elb/_meta/terraform/elb.tf @@ -0,0 +1,44 @@ +resource "aws_elb" "test_elb" { + name = "${var.elb_name}-elb" + internal = false + security_groups = ["${aws_security_group.allow_http.id}"] + subnets = "${aws_subnet.test_elb.*.id}" + + depends_on = ["aws_internet_gateway.gateway"] + + access_logs { + enabled = true + bucket = "${aws_s3_bucket.test_elb_logs.bucket}" + bucket_prefix = "elb" + interval = 5 # minutes + } + + listener { + instance_port = 80 + instance_protocol = "http" + lb_port = 80 + lb_protocol = "http" + } + + listener { + instance_port = 80 + instance_protocol = "tcp" + lb_port = 81 + lb_protocol = "tcp" + } +} + +resource "aws_elb_attachment" "instances" { + count = length(aws_instance.webserver_backend.*) + + instance = "${aws_instance.webserver_backend[count.index].id}" + elb = "${aws_elb.test_elb.id}" +} + +output "elb_http_address" { + value = "${aws_elb.test_elb.dns_name}" +} + +output "elb_tcp_address" { + value = "${aws_elb.test_elb.dns_name}:81" +} diff --git a/filebeat/module/aws/elb/_meta/terraform/install_webserver.sh b/filebeat/module/aws/elb/_meta/terraform/install_webserver.sh new file mode 100644 index 00000000000..00b0f921f84 --- /dev/null +++ b/filebeat/module/aws/elb/_meta/terraform/install_webserver.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +apt-get update + +apt-get install -y nginx diff --git a/filebeat/module/aws/elb/_meta/terraform/instance.tf b/filebeat/module/aws/elb/_meta/terraform/instance.tf new file mode 100644 index 00000000000..a17a8b6a2ce --- /dev/null +++ b/filebeat/module/aws/elb/_meta/terraform/instance.tf @@ -0,0 +1,37 @@ +resource "aws_instance" "webserver_backend" { + count = length(var.availability_zones) + + ami = "${data.aws_ami.ubuntu.id}" + instance_type = "t2.micro" + subnet_id = "${aws_subnet.test_elb[count.index].id}" + user_data = "${data.local_file.install_webserver.content}" + + associate_public_ip_address = true + vpc_security_group_ids = [ + "${aws_security_group.allow_http.id}", + ] +} + +data "aws_ami" "ubuntu" { + most_recent = true + + filter { + name = "name" + values = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"] + } + + filter { + name = "virtualization-type" + values = ["hvm"] + } + + owners = ["099720109477"] # Canonical +} + +provider "local" { + version = "~> 1.4" +} + +data "local_file" "install_webserver" { + filename = "./install_webserver.sh" +} diff --git a/filebeat/module/aws/elb/_meta/terraform/lb.tf b/filebeat/module/aws/elb/_meta/terraform/lb.tf new file mode 100644 index 00000000000..9b2251b5e59 --- /dev/null +++ b/filebeat/module/aws/elb/_meta/terraform/lb.tf @@ -0,0 +1,48 @@ +resource "aws_lb" "test_lb" { + name = "${var.elb_name}-lb" + internal = false + security_groups = ["${aws_security_group.allow_http.id}"] + subnets = aws_subnet.test_elb.*.id + + depends_on = [ + "aws_internet_gateway.gateway", + "aws_s3_bucket_policy.write_logs", + ] + + access_logs { + enabled = true + bucket = "${aws_s3_bucket.test_elb_logs.bucket}" + prefix = "httplb" + } +} + +resource "aws_lb_listener" "http" { + load_balancer_arn = "${aws_lb.test_lb.arn}" + port = "80" + protocol = "HTTP" + + default_action { + type = "forward" + target_group_arn = "${aws_lb_target_group.instances.arn}" + } +} + +resource "aws_lb_target_group" "instances" { + name = "test-lb-instances" + port = 80 + protocol = "HTTP" + vpc_id = "${aws_vpc.test_elb.id}" +} + +resource "aws_lb_target_group_attachment" "instances" { + count = length(aws_instance.webserver_backend.*) + + port = 80 + + target_id = "${aws_instance.webserver_backend[count.index].id}" + target_group_arn = "${aws_lb_target_group.instances.arn}" +} + +output "lb_http_address" { + value = "${aws_lb.test_lb.dns_name}" +} diff --git a/filebeat/module/aws/elb/_meta/terraform/securitygroup.tf b/filebeat/module/aws/elb/_meta/terraform/securitygroup.tf new file mode 100644 index 00000000000..59bb936d4ed --- /dev/null +++ b/filebeat/module/aws/elb/_meta/terraform/securitygroup.tf @@ -0,0 +1,21 @@ +resource "aws_security_group" "allow_http" { + name = "allow_http" + description = "Allow HTTP inbound traffic" + vpc_id = "${aws_vpc.test_elb.id}" + + ingress { + from_port = 80 + to_port = 81 + protocol = "tcp" + cidr_blocks = [ + "0.0.0.0/0" + ] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} diff --git a/filebeat/module/aws/elb/_meta/terraform/tcplb.tf b/filebeat/module/aws/elb/_meta/terraform/tcplb.tf new file mode 100644 index 00000000000..a0074d09c64 --- /dev/null +++ b/filebeat/module/aws/elb/_meta/terraform/tcplb.tf @@ -0,0 +1,48 @@ +resource "aws_lb" "test_tcp_lb" { + name = "${var.elb_name}-tcp-lb" + load_balancer_type = "network" + internal = false + subnets = aws_subnet.test_elb.*.id + + depends_on = [ + "aws_internet_gateway.gateway", + "aws_s3_bucket_policy.write_logs", + ] + + access_logs { + enabled = true + bucket = "${aws_s3_bucket.test_elb_logs.bucket}" + prefix = "tcplb" + } +} + +resource "aws_lb_listener" "tcp" { + load_balancer_arn = "${aws_lb.test_tcp_lb.arn}" + port = "80" + protocol = "TCP" + + default_action { + type = "forward" + target_group_arn = "${aws_lb_target_group.tcp_instances.arn}" + } +} + +resource "aws_lb_target_group" "tcp_instances" { + name = "test-tcp-lb-instances" + port = 80 + protocol = "TCP" + vpc_id = "${aws_vpc.test_elb.id}" +} + +resource "aws_lb_target_group_attachment" "tcp_instances" { + count = length(aws_instance.webserver_backend.*) + + port = 80 + + target_id = "${aws_instance.webserver_backend[count.index].id}" + target_group_arn = "${aws_lb_target_group.tcp_instances.arn}" +} + +output "lb_tcp_address" { + value = "${aws_lb.test_tcp_lb.dns_name}" +} diff --git a/filebeat/module/aws/elb/_meta/terraform/vars.tf b/filebeat/module/aws/elb/_meta/terraform/vars.tf new file mode 100644 index 00000000000..e061f650ed3 --- /dev/null +++ b/filebeat/module/aws/elb/_meta/terraform/vars.tf @@ -0,0 +1,29 @@ +variable "profile" { + type = string + default = "filebeat" +} + +variable "region" { + type = string + default = "eu-central-1" +} + +variable "availability_zones" { + type = list(string) + default = ["eu-central-1a", "eu-central-1b"] +} + +variable "elb_name" { + type = string + default = "filebeat-aws-elb-test" +} + +variable "bucket_name" { + type = string + default = "filebeat-aws-elb-test" +} + +variable "queue_name" { + type = string + default = "filebeat-aws-elb-test" +} diff --git a/filebeat/module/aws/elb/_meta/terraform/vpc.tf b/filebeat/module/aws/elb/_meta/terraform/vpc.tf new file mode 100644 index 00000000000..ecf9ab3e158 --- /dev/null +++ b/filebeat/module/aws/elb/_meta/terraform/vpc.tf @@ -0,0 +1,31 @@ +resource "aws_vpc" "test_elb" { + cidr_block = "10.0.0.0/16" +} + +resource "aws_subnet" "test_elb" { + count = length(var.availability_zones) + + vpc_id = "${aws_vpc.test_elb.id}" + cidr_block = "10.0.${count.index}.0/24" + availability_zone = var.availability_zones[count.index] +} + +resource "aws_internet_gateway" "gateway" { + vpc_id = "${aws_vpc.test_elb.id}" +} + +resource "aws_route_table" "internet_access" { + vpc_id = "${aws_vpc.test_elb.id}" + + route { + cidr_block = "0.0.0.0/0" + gateway_id = "${aws_internet_gateway.gateway.id}" + } +} + +resource "aws_route_table_association" "internet_access" { + count = length(var.availability_zones) + + subnet_id = "${aws_subnet.test_elb[count.index].id}" + route_table_id = "${aws_route_table.internet_access.id}" +} diff --git a/filebeat/module/aws/elb/config/file.yml b/filebeat/module/aws/elb/config/file.yml new file mode 100644 index 00000000000..8e366e70c17 --- /dev/null +++ b/filebeat/module/aws/elb/config/file.yml @@ -0,0 +1,6 @@ +type: log +paths: + {{ range $i, $path := .paths }} +- {{$path}} + {{ end }} +exclude_files: [".gz$"] diff --git a/filebeat/module/aws/elb/config/s3.yml b/filebeat/module/aws/elb/config/s3.yml new file mode 100644 index 00000000000..44d98fd8c1a --- /dev/null +++ b/filebeat/module/aws/elb/config/s3.yml @@ -0,0 +1,38 @@ +type: s3 +queue_url: {{ .queue_url }} + +{{ if .credential_profile_name }} +credential_profile_name: {{ .credential_profile_name }} +{{ end }} + +{{ if .shared_credential_file }} +shared_credential_file: {{ .shared_credential_file }} +{{ end }} + +{{ if .visibility_timeout }} +visibility_timeout: {{ .visibility_timeout }} +{{ end }} + +{{ if .api_timeout }} +api_timeout: {{ .api_timeout }} +{{ end }} + +{{ if .endpoint }} +endpoint: {{ .endpoint }} +{{ end }} + +{{ if .access_key_id }} +access_key_id: {{ .access_key_id }} +{{ end }} + +{{ if .secret_access_key }} +secret_access_key: {{ .secret_access_key }} +{{ end }} + +{{ if .session_token }} +session_token: {{ .session_token }} +{{ end }} + +{{ if .role_arn }} +role_arn: {{ .role_arn }} +{{ end }} diff --git a/filebeat/module/aws/elb/ingest/pipeline.yml b/filebeat/module/aws/elb/ingest/pipeline.yml new file mode 100644 index 00000000000..a206ccf314a --- /dev/null +++ b/filebeat/module/aws/elb/ingest/pipeline.yml @@ -0,0 +1,207 @@ +description: "Pipeline for ELB logs" + +processors: + - grok: + field: message + # Classic ELB patterns documented in https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.html + # ELB v2 Application load balancers https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html + # ELB v2 Netwwork load balancers https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-access-logs.html + # + patterns: + # HTTP (Classic ELB) + - >- + %{ELBHTTPLOG} + + # TCP (Classic ELB) + - >- + %{ELBTCPLOG} + + # HTTP from Application Load Balancers (v2 Load Balancers) + - >- + %{ELBV2TYPE} + %{ELBHTTPLOG} + %{NOTSPACE:aws.elb.target_group.arn} + \"%{DATA:aws.elb.trace_id}\" + \"(?:-|%{DATA:destination.domain})\" + \"(?:-|%{DATA:aws.elb.chosen_cert.arn})\" + (?:-1|%{NUMBER:aws.elb.matched_rule_priority}) + %{TIMESTAMP_ISO8601:event.start} + \"(?:-|%{DATA:_tmp.actions_executed})\" + \"(?:-|%{DATA:aws.elb.redirect_url})\" + \"(?:-|%{DATA:aws.elb.error.reason})\" + + # TCP from Network Load Balancers (v2 Load Balancers) + - >- + %{ELBV2TYPE} + %{ELBV2LOGVERSION} + %{ELBTIMESTAMP} + %{ELBNAME} + %{NOTSPACE:aws.elb.listener} + %{ELBSOURCE} + %{ELBBACKEND} + %{NUMBER:aws.elb.connection_time.ms:float} + %{NUMBER:aws.elb.tls_handshake_time.ms:float} + %{NUMBER:source.bytes:long} + %{NUMBER:destination.bytes:long} + (?:-|%{NUMBER:aws.elb.incoming_tls_alert}) + (?:-|%{NOTSPACE:aws.elb.chosen_cert.arn}) + (?:-|%{NOTSPACE:aws.elb.chosen_cert.serial}) + %{ELBSSL} + (?:-|%{NOTSPACE:aws.elb.ssl_named_group}) + (?:-|%{NOTSPACE:destination.domain}) + + pattern_definitions: + ELBTIMESTAMP: '%{TIMESTAMP_ISO8601:_tmp.timestamp}' + ELBNAME: '%{NOTSPACE:aws.elb.name}' + ELBSOURCE: '%{IP:source.ip}:%{POSINT:source.port}' + ELBBACKEND: '(?:-|%{IP:aws.elb.backend.ip}:%{POSINT:aws.elb.backend.port})' + ELBPROCESSINGTIME: >- + (?:-1|%{NUMBER:aws.elb.request_processing_time.sec:float}) + (?:-1|%{NUMBER:aws.elb.backend_processing_time.sec:float}) + (?:-1|%{NUMBER:aws.elb.response_processing_time.sec:float}) + ELBSSL: >- + (?:-|%{NOTSPACE:aws.elb.ssl_cipher}) + (?:-|%{NOTSPACE:aws.elb.ssl_protocol}) + ELBCOMMON: >- + %{ELBTIMESTAMP} + %{ELBNAME} + %{ELBSOURCE} + %{ELBBACKEND} + %{ELBPROCESSINGTIME} + ELBHTTPLOG: >- + %{ELBCOMMON} + %{NUMBER:http.response.status_code:long} + (?:-|%{NUMBER:aws.elb.backend.http.response.status_code:long}) + %{NUMBER:http.request.body.bytes:long} + %{NUMBER:http.response.body.bytes:long} + \"(?:-|%{WORD:http.request.method}) (?:-|%{NOTSPACE:http.request.referrer}) (?:-|HTTP/%{NOTSPACE:http.version})\" + \"%{DATA:user_agent.original}\" + %{ELBSSL} + ELBTCPLOG: >- + %{ELBCOMMON} + - + - + %{NUMBER:source.bytes:long} + %{NUMBER:destination.bytes:long} + \"- - - \" + \"-\" + %{ELBSSL} + ELBV2TYPE: '%{WORD:aws.elb.type}' + ELBV2LOGVERSION: '%{NOTSPACE}' # Could be used to support different log versions, only 1.0 exists now + + - set: + field: event.kind + value: event + + - set: + field: cloud.provider + value: aws + + - set: + if: 'ctx.http != null' + field: 'aws.elb.protocol' + value: 'http' + + - set: + if: 'ctx.http != null' + field: event.category + value: web + + - set: + if: 'ctx.http == null' + field: 'aws.elb.protocol' + value: 'tcp' + + - set: + if: 'ctx.http == null' + field: event.category + value: network + + - set: + if: 'ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400' + field: event.outcome + value: success + + - set: + if: 'ctx?.http?.response?.status_code != null && ctx.http.response.status_code >= 400' + field: event.outcome + value: failure + + - lowercase: + field: http.request.method + ignore_missing: true + + - set: + if: "ctx?.aws?.elb?.trace_id != null" + field: tracing.trace.id + value: "{{aws.elb.trace_id}}" + + - split: + field: '_tmp.actions_executed' + target_field: 'aws.elb.action_executed' + separator: ',' + ignore_missing: true + + - date: + field: '_tmp.timestamp' + formats: + - 'ISO8601' + + - set: + field: 'event.end' + value: '{{ @timestamp }}' + + - geoip: + field: 'source.ip' + target_field: 'source.geo' + ignore_missing: true + + - geoip: + database_file: 'GeoLite2-ASN.mmdb' + field: 'source.ip' + target_field: 'source.as' + properties: + - 'asn' + - 'organization_name' + ignore_missing: true + + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + + - set: + field: tls.cipher + value: '{{aws.elb.ssl_cipher}}' + if: ctx.aws?.elb?.ssl_cipher != null + + - script: + lang: painless + if: ctx.aws?.elb?.ssl_protocol != null + source: >- + def parts = ctx.aws.elb.ssl_protocol.splitOnToken("v"); + if (parts.length != 2) { + return; + } + if (parts[1].contains(".")) { + ctx.tls.version = parts[1]; + } else { + ctx.tls.version = parts[1].substring(0,1) + "." + parts[1].substring(1); + } + ctx.tls.version_protocol = parts[0].toLowerCase(); + + - remove: + field: + - message + - _tmp + ignore_missing: true + +on_failure: + - set: + field: "error.message" + value: "{{ _ingest.on_failure_message }}" diff --git a/filebeat/module/aws/elb/manifest.yml b/filebeat/module/aws/elb/manifest.yml new file mode 100644 index 00000000000..418becaf828 --- /dev/null +++ b/filebeat/module/aws/elb/manifest.yml @@ -0,0 +1,22 @@ +module_version: 1.0 + +var: + - name: input + default: s3 + - name: queue_url + - name: shared_credential_file + - name: credential_profile_name + - name: visibility_timeout + - name: api_timeout + - name: endpoint + - name: access_key_id + - name: secret_access_key + - name: session_token + - name: role_arn + +ingest_pipeline: ingest/pipeline.yml +input: config/{{.input}}.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/filebeat/module/aws/elb/test/application-lb-http.log b/filebeat/module/aws/elb/test/application-lb-http.log new file mode 100644 index 00000000000..88ea2d75c26 --- /dev/null +++ b/filebeat/module/aws/elb/test/application-lb-http.log @@ -0,0 +1,11 @@ +http 2019-10-11T15:01:12.376735Z app/filebeat-aws-elb-test/c86a326e7dc14222 77.227.156.41:56398 10.0.0.192:80 -1 -1 -1 460 - 125 0 "GET http://filebeat-aws-elb-test-12030537.eu-central-1.elb.amazonaws.com:80/ HTTP/1.1" "curl/7.58.0" - - arn:aws:elasticloadbalancing:eu-central-1:627959692251:targetgroup/test-lb-instances/8f04c4fe71f5f794 "Root=1-5da09932-2c342a443bfb96249aa50ed7" "-" "-" 0 2019-10-11T15:01:06.657000Z "forward" "-" "-" +http 2019-10-11T15:01:50.492440Z app/filebeat-aws-elb-test/c86a326e7dc14222 77.227.156.41:56488 10.0.1.107:80 -1 -1 -1 504 - 125 308 "GET http://filebeat-aws-elb-test-12030537.eu-central-1.elb.amazonaws.com:80/ HTTP/1.1" "curl/7.58.0" - - arn:aws:elasticloadbalancing:eu-central-1:627959692251:targetgroup/test-lb-instances/8f04c4fe71f5f794 "Root=1-5da09954-2c342a443bfb96249aa50ed7" "-" "-" 0 2019-10-11T15:01:40.491000Z "forward" "-" "-" +http 2019-10-11T15:01:22.915238Z app/filebeat-aws-elb-test/c86a326e7dc14222 77.227.156.41:56416 10.0.0.192:80 -1 -1 -1 504 - 125 308 "GET http://filebeat-aws-elb-test-12030537.eu-central-1.elb.amazonaws.com:80/ HTTP/1.1" "curl/7.58.0" - - arn:aws:elasticloadbalancing:eu-central-1:627959692251:targetgroup/test-lb-instances/8f04c4fe71f5f794 "Root=1-5da09938-d9c72660e247c36070017828" "-" "-" 0 2019-10-11T15:01:12.914000Z "forward" "-" "-" +http 2019-10-11T15:01:35.190447Z app/filebeat-aws-elb-test/c86a326e7dc14222 77.227.156.41:56448 10.0.1.107:80 -1 -1 -1 504 - 125 308 "GET http://filebeat-aws-elb-test-12030537.eu-central-1.elb.amazonaws.com:80/ HTTP/1.1" "curl/7.58.0" - - arn:aws:elasticloadbalancing:eu-central-1:627959692251:targetgroup/test-lb-instances/8f04c4fe71f5f794 "Root=1-5da09945-0eaa8050df7d96f84806ded0" "-" "-" 0 2019-10-11T15:01:25.189000Z "forward" "-" "-" +http 2019-10-11T15:02:28.837316Z app/filebeat-aws-elb-test/c86a326e7dc14222 77.227.156.41:56602 10.0.0.192:80 -1 -1 -1 504 - 125 308 "GET http://filebeat-aws-elb-test-12030537.eu-central-1.elb.amazonaws.com:80/ HTTP/1.1" "curl/7.58.0" - - arn:aws:elasticloadbalancing:eu-central-1:627959692251:targetgroup/test-lb-instances/8f04c4fe71f5f794 "Root=1-5da0997a-5add00b04bc8ae20ae96d9f0" "-" "-" 0 2019-10-11T15:02:18.836000Z "forward" "-" "-" +http 2019-10-11T15:02:41.203002Z app/filebeat-aws-elb-test/c86a326e7dc14222 77.227.156.41:56638 10.0.1.107:80 -1 -1 -1 504 - 125 308 "GET http://filebeat-aws-elb-test-12030537.eu-central-1.elb.amazonaws.com:80/ HTTP/1.1" "curl/7.58.0" - - arn:aws:elasticloadbalancing:eu-central-1:627959692251:targetgroup/test-lb-instances/8f04c4fe71f5f794 "Root=1-5da09987-cc391940b332434860dfa848" "-" "-" 0 2019-10-11T15:02:31.202000Z "forward" "-" "-" +http 2019-10-11T15:03:49.331902Z app/filebeat-aws-elb-test/c86a326e7dc14222 77.227.156.41:37632 10.0.0.192:80 -1 -1 -1 504 - 125 308 "GET http://filebeat-aws-elb-test-12030537.eu-central-1.elb.amazonaws.com:80/ HTTP/1.1" "curl/7.58.0" - - arn:aws:elasticloadbalancing:eu-central-1:627959692251:targetgroup/test-lb-instances/8f04c4fe71f5f794 "Root=1-5da099cb-3d3b17eb2b75373f4c0c36c5" "-" "-" 0 2019-10-11T15:03:39.331000Z "forward" "-" "-" +http 2019-10-11T15:55:09.308183Z app/filebeat-aws-elb-test/c86a326e7dc14222 77.227.156.41:37838 10.0.0.192:80 0.001 0.000 0.000 200 200 125 859 "GET http://filebeat-aws-elb-test-12030537.eu-central-1.elb.amazonaws.com:80/ HTTP/1.1" "curl/7.58.0" - - arn:aws:elasticloadbalancing:eu-central-1:627959692251:targetgroup/test-lb-instances/8f04c4fe71f5f794 "Root=1-5da0a5dd-4d9a423a0e9a782fe2f390af" "-" "-" 0 2019-10-11T15:55:09.307000Z "forward" "-" "-" +http 2019-10-11T15:55:11.354283Z app/filebeat-aws-elb-test/c86a326e7dc14222 77.227.156.41:37850 10.0.1.107:80 0.001 0.001 0.000 200 200 125 859 "GET http://filebeat-aws-elb-test-12030537.eu-central-1.elb.amazonaws.com:80/ HTTP/1.1" "curl/7.58.0" - - arn:aws:elasticloadbalancing:eu-central-1:627959692251:targetgroup/test-lb-instances/8f04c4fe71f5f794 "Root=1-5da0a5df-7d64cabe9955b4df9acc800a" "-" "-" 0 2019-10-11T15:55:11.352000Z "forward" "-" "-" +http 2019-10-11T15:55:11.987940Z app/filebeat-aws-elb-test/c86a326e7dc14222 77.227.156.41:37856 10.0.0.192:80 0.000 0.001 0.000 200 200 125 859 "GET http://filebeat-aws-elb-test-12030537.eu-central-1.elb.amazonaws.com:80/ HTTP/1.1" "curl/7.58.0" - - arn:aws:elasticloadbalancing:eu-central-1:627959692251:targetgroup/test-lb-instances/8f04c4fe71f5f794 "Root=1-5da0a5df-7c958e828ff43b63d0e0fac4" "-" "-" 0 2019-10-11T15:55:11.987000Z "forward" "-" "-" + diff --git a/filebeat/module/aws/elb/test/application-lb-http.log-expected.json b/filebeat/module/aws/elb/test/application-lb-http.log-expected.json new file mode 100644 index 00000000000..093cc1fc2e7 --- /dev/null +++ b/filebeat/module/aws/elb/test/application-lb-http.log-expected.json @@ -0,0 +1,464 @@ +[ + { + "@timestamp": "2019-10-11T15:01:12.376Z", + "aws.elb.action_executed": [ + "forward" + ], + "aws.elb.backend.ip": "10.0.0.192", + "aws.elb.backend.port": "80", + "aws.elb.matched_rule_priority": "0", + "aws.elb.name": "app/filebeat-aws-elb-test/c86a326e7dc14222", + "aws.elb.protocol": "http", + "aws.elb.target_group.arn": "arn:aws:elasticloadbalancing:eu-central-1:627959692251:targetgroup/test-lb-instances/8f04c4fe71f5f794", + "aws.elb.trace_id": "Root=1-5da09932-2c342a443bfb96249aa50ed7", + "aws.elb.type": "http", + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2019-10-11T15:01:12.376Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "failure", + "event.start": "2019-10-11T15:01:06.657000Z", + "fileset.name": "elb", + "http.request.body.bytes": 125, + "http.request.method": "get", + "http.request.referrer": "http://filebeat-aws-elb-test-12030537.eu-central-1.elb.amazonaws.com:80/", + "http.response.body.bytes": 0, + "http.response.status_code": 460, + "http.version": "1.1", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.as.number": 12430, + "source.as.organization.name": "Vodafone Spain", + "source.geo.city_name": "Teruel", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.3456, + "source.geo.location.lon": -1.1065, + "source.geo.region_iso_code": "ES-TE", + "source.geo.region_name": "Teruel", + "source.ip": "77.227.156.41", + "source.port": "56398", + "tracing.trace.id": "Root=1-5da09932-2c342a443bfb96249aa50ed7", + "user_agent.original": "curl/7.58.0" + }, + { + "@timestamp": "2019-10-11T15:01:50.492Z", + "aws.elb.action_executed": [ + "forward" + ], + "aws.elb.backend.ip": "10.0.1.107", + "aws.elb.backend.port": "80", + "aws.elb.matched_rule_priority": "0", + "aws.elb.name": "app/filebeat-aws-elb-test/c86a326e7dc14222", + "aws.elb.protocol": "http", + "aws.elb.target_group.arn": "arn:aws:elasticloadbalancing:eu-central-1:627959692251:targetgroup/test-lb-instances/8f04c4fe71f5f794", + "aws.elb.trace_id": "Root=1-5da09954-2c342a443bfb96249aa50ed7", + "aws.elb.type": "http", + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2019-10-11T15:01:50.492Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "failure", + "event.start": "2019-10-11T15:01:40.491000Z", + "fileset.name": "elb", + "http.request.body.bytes": 125, + "http.request.method": "get", + "http.request.referrer": "http://filebeat-aws-elb-test-12030537.eu-central-1.elb.amazonaws.com:80/", + "http.response.body.bytes": 308, + "http.response.status_code": 504, + "http.version": "1.1", + "input.type": "log", + "log.offset": 438, + "service.type": "aws", + "source.as.number": 12430, + "source.as.organization.name": "Vodafone Spain", + "source.geo.city_name": "Teruel", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.3456, + "source.geo.location.lon": -1.1065, + "source.geo.region_iso_code": "ES-TE", + "source.geo.region_name": "Teruel", + "source.ip": "77.227.156.41", + "source.port": "56488", + "tracing.trace.id": "Root=1-5da09954-2c342a443bfb96249aa50ed7", + "user_agent.original": "curl/7.58.0" + }, + { + "@timestamp": "2019-10-11T15:01:22.915Z", + "aws.elb.action_executed": [ + "forward" + ], + "aws.elb.backend.ip": "10.0.0.192", + "aws.elb.backend.port": "80", + "aws.elb.matched_rule_priority": "0", + "aws.elb.name": "app/filebeat-aws-elb-test/c86a326e7dc14222", + "aws.elb.protocol": "http", + "aws.elb.target_group.arn": "arn:aws:elasticloadbalancing:eu-central-1:627959692251:targetgroup/test-lb-instances/8f04c4fe71f5f794", + "aws.elb.trace_id": "Root=1-5da09938-d9c72660e247c36070017828", + "aws.elb.type": "http", + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2019-10-11T15:01:22.915Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "failure", + "event.start": "2019-10-11T15:01:12.914000Z", + "fileset.name": "elb", + "http.request.body.bytes": 125, + "http.request.method": "get", + "http.request.referrer": "http://filebeat-aws-elb-test-12030537.eu-central-1.elb.amazonaws.com:80/", + "http.response.body.bytes": 308, + "http.response.status_code": 504, + "http.version": "1.1", + "input.type": "log", + "log.offset": 878, + "service.type": "aws", + "source.as.number": 12430, + "source.as.organization.name": "Vodafone Spain", + "source.geo.city_name": "Teruel", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.3456, + "source.geo.location.lon": -1.1065, + "source.geo.region_iso_code": "ES-TE", + "source.geo.region_name": "Teruel", + "source.ip": "77.227.156.41", + "source.port": "56416", + "tracing.trace.id": "Root=1-5da09938-d9c72660e247c36070017828", + "user_agent.original": "curl/7.58.0" + }, + { + "@timestamp": "2019-10-11T15:01:35.190Z", + "aws.elb.action_executed": [ + "forward" + ], + "aws.elb.backend.ip": "10.0.1.107", + "aws.elb.backend.port": "80", + "aws.elb.matched_rule_priority": "0", + "aws.elb.name": "app/filebeat-aws-elb-test/c86a326e7dc14222", + "aws.elb.protocol": "http", + "aws.elb.target_group.arn": "arn:aws:elasticloadbalancing:eu-central-1:627959692251:targetgroup/test-lb-instances/8f04c4fe71f5f794", + "aws.elb.trace_id": "Root=1-5da09945-0eaa8050df7d96f84806ded0", + "aws.elb.type": "http", + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2019-10-11T15:01:35.190Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "failure", + "event.start": "2019-10-11T15:01:25.189000Z", + "fileset.name": "elb", + "http.request.body.bytes": 125, + "http.request.method": "get", + "http.request.referrer": "http://filebeat-aws-elb-test-12030537.eu-central-1.elb.amazonaws.com:80/", + "http.response.body.bytes": 308, + "http.response.status_code": 504, + "http.version": "1.1", + "input.type": "log", + "log.offset": 1318, + "service.type": "aws", + "source.as.number": 12430, + "source.as.organization.name": "Vodafone Spain", + "source.geo.city_name": "Teruel", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.3456, + "source.geo.location.lon": -1.1065, + "source.geo.region_iso_code": "ES-TE", + "source.geo.region_name": "Teruel", + "source.ip": "77.227.156.41", + "source.port": "56448", + "tracing.trace.id": "Root=1-5da09945-0eaa8050df7d96f84806ded0", + "user_agent.original": "curl/7.58.0" + }, + { + "@timestamp": "2019-10-11T15:02:28.837Z", + "aws.elb.action_executed": [ + "forward" + ], + "aws.elb.backend.ip": "10.0.0.192", + "aws.elb.backend.port": "80", + "aws.elb.matched_rule_priority": "0", + "aws.elb.name": "app/filebeat-aws-elb-test/c86a326e7dc14222", + "aws.elb.protocol": "http", + "aws.elb.target_group.arn": "arn:aws:elasticloadbalancing:eu-central-1:627959692251:targetgroup/test-lb-instances/8f04c4fe71f5f794", + "aws.elb.trace_id": "Root=1-5da0997a-5add00b04bc8ae20ae96d9f0", + "aws.elb.type": "http", + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2019-10-11T15:02:28.837Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "failure", + "event.start": "2019-10-11T15:02:18.836000Z", + "fileset.name": "elb", + "http.request.body.bytes": 125, + "http.request.method": "get", + "http.request.referrer": "http://filebeat-aws-elb-test-12030537.eu-central-1.elb.amazonaws.com:80/", + "http.response.body.bytes": 308, + "http.response.status_code": 504, + "http.version": "1.1", + "input.type": "log", + "log.offset": 1758, + "service.type": "aws", + "source.as.number": 12430, + "source.as.organization.name": "Vodafone Spain", + "source.geo.city_name": "Teruel", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.3456, + "source.geo.location.lon": -1.1065, + "source.geo.region_iso_code": "ES-TE", + "source.geo.region_name": "Teruel", + "source.ip": "77.227.156.41", + "source.port": "56602", + "tracing.trace.id": "Root=1-5da0997a-5add00b04bc8ae20ae96d9f0", + "user_agent.original": "curl/7.58.0" + }, + { + "@timestamp": "2019-10-11T15:02:41.203Z", + "aws.elb.action_executed": [ + "forward" + ], + "aws.elb.backend.ip": "10.0.1.107", + "aws.elb.backend.port": "80", + "aws.elb.matched_rule_priority": "0", + "aws.elb.name": "app/filebeat-aws-elb-test/c86a326e7dc14222", + "aws.elb.protocol": "http", + "aws.elb.target_group.arn": "arn:aws:elasticloadbalancing:eu-central-1:627959692251:targetgroup/test-lb-instances/8f04c4fe71f5f794", + "aws.elb.trace_id": "Root=1-5da09987-cc391940b332434860dfa848", + "aws.elb.type": "http", + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2019-10-11T15:02:41.203Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "failure", + "event.start": "2019-10-11T15:02:31.202000Z", + "fileset.name": "elb", + "http.request.body.bytes": 125, + "http.request.method": "get", + "http.request.referrer": "http://filebeat-aws-elb-test-12030537.eu-central-1.elb.amazonaws.com:80/", + "http.response.body.bytes": 308, + "http.response.status_code": 504, + "http.version": "1.1", + "input.type": "log", + "log.offset": 2198, + "service.type": "aws", + "source.as.number": 12430, + "source.as.organization.name": "Vodafone Spain", + "source.geo.city_name": "Teruel", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.3456, + "source.geo.location.lon": -1.1065, + "source.geo.region_iso_code": "ES-TE", + "source.geo.region_name": "Teruel", + "source.ip": "77.227.156.41", + "source.port": "56638", + "tracing.trace.id": "Root=1-5da09987-cc391940b332434860dfa848", + "user_agent.original": "curl/7.58.0" + }, + { + "@timestamp": "2019-10-11T15:03:49.331Z", + "aws.elb.action_executed": [ + "forward" + ], + "aws.elb.backend.ip": "10.0.0.192", + "aws.elb.backend.port": "80", + "aws.elb.matched_rule_priority": "0", + "aws.elb.name": "app/filebeat-aws-elb-test/c86a326e7dc14222", + "aws.elb.protocol": "http", + "aws.elb.target_group.arn": "arn:aws:elasticloadbalancing:eu-central-1:627959692251:targetgroup/test-lb-instances/8f04c4fe71f5f794", + "aws.elb.trace_id": "Root=1-5da099cb-3d3b17eb2b75373f4c0c36c5", + "aws.elb.type": "http", + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2019-10-11T15:03:49.331Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "failure", + "event.start": "2019-10-11T15:03:39.331000Z", + "fileset.name": "elb", + "http.request.body.bytes": 125, + "http.request.method": "get", + "http.request.referrer": "http://filebeat-aws-elb-test-12030537.eu-central-1.elb.amazonaws.com:80/", + "http.response.body.bytes": 308, + "http.response.status_code": 504, + "http.version": "1.1", + "input.type": "log", + "log.offset": 2638, + "service.type": "aws", + "source.as.number": 12430, + "source.as.organization.name": "Vodafone Spain", + "source.geo.city_name": "Teruel", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.3456, + "source.geo.location.lon": -1.1065, + "source.geo.region_iso_code": "ES-TE", + "source.geo.region_name": "Teruel", + "source.ip": "77.227.156.41", + "source.port": "37632", + "tracing.trace.id": "Root=1-5da099cb-3d3b17eb2b75373f4c0c36c5", + "user_agent.original": "curl/7.58.0" + }, + { + "@timestamp": "2019-10-11T15:55:09.308Z", + "aws.elb.action_executed": [ + "forward" + ], + "aws.elb.backend.http.response.status_code": 200, + "aws.elb.backend.ip": "10.0.0.192", + "aws.elb.backend.port": "80", + "aws.elb.backend_processing_time.sec": 0.0, + "aws.elb.matched_rule_priority": "0", + "aws.elb.name": "app/filebeat-aws-elb-test/c86a326e7dc14222", + "aws.elb.protocol": "http", + "aws.elb.request_processing_time.sec": 0.001, + "aws.elb.response_processing_time.sec": 0.0, + "aws.elb.target_group.arn": "arn:aws:elasticloadbalancing:eu-central-1:627959692251:targetgroup/test-lb-instances/8f04c4fe71f5f794", + "aws.elb.trace_id": "Root=1-5da0a5dd-4d9a423a0e9a782fe2f390af", + "aws.elb.type": "http", + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2019-10-11T15:55:09.308Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "event.start": "2019-10-11T15:55:09.307000Z", + "fileset.name": "elb", + "http.request.body.bytes": 125, + "http.request.method": "get", + "http.request.referrer": "http://filebeat-aws-elb-test-12030537.eu-central-1.elb.amazonaws.com:80/", + "http.response.body.bytes": 859, + "http.response.status_code": 200, + "http.version": "1.1", + "input.type": "log", + "log.offset": 3078, + "service.type": "aws", + "source.as.number": 12430, + "source.as.organization.name": "Vodafone Spain", + "source.geo.city_name": "Teruel", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.3456, + "source.geo.location.lon": -1.1065, + "source.geo.region_iso_code": "ES-TE", + "source.geo.region_name": "Teruel", + "source.ip": "77.227.156.41", + "source.port": "37838", + "tracing.trace.id": "Root=1-5da0a5dd-4d9a423a0e9a782fe2f390af", + "user_agent.original": "curl/7.58.0" + }, + { + "@timestamp": "2019-10-11T15:55:11.354Z", + "aws.elb.action_executed": [ + "forward" + ], + "aws.elb.backend.http.response.status_code": 200, + "aws.elb.backend.ip": "10.0.1.107", + "aws.elb.backend.port": "80", + "aws.elb.backend_processing_time.sec": 0.001, + "aws.elb.matched_rule_priority": "0", + "aws.elb.name": "app/filebeat-aws-elb-test/c86a326e7dc14222", + "aws.elb.protocol": "http", + "aws.elb.request_processing_time.sec": 0.001, + "aws.elb.response_processing_time.sec": 0.0, + "aws.elb.target_group.arn": "arn:aws:elasticloadbalancing:eu-central-1:627959692251:targetgroup/test-lb-instances/8f04c4fe71f5f794", + "aws.elb.trace_id": "Root=1-5da0a5df-7d64cabe9955b4df9acc800a", + "aws.elb.type": "http", + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2019-10-11T15:55:11.354Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "event.start": "2019-10-11T15:55:11.352000Z", + "fileset.name": "elb", + "http.request.body.bytes": 125, + "http.request.method": "get", + "http.request.referrer": "http://filebeat-aws-elb-test-12030537.eu-central-1.elb.amazonaws.com:80/", + "http.response.body.bytes": 859, + "http.response.status_code": 200, + "http.version": "1.1", + "input.type": "log", + "log.offset": 3529, + "service.type": "aws", + "source.as.number": 12430, + "source.as.organization.name": "Vodafone Spain", + "source.geo.city_name": "Teruel", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.3456, + "source.geo.location.lon": -1.1065, + "source.geo.region_iso_code": "ES-TE", + "source.geo.region_name": "Teruel", + "source.ip": "77.227.156.41", + "source.port": "37850", + "tracing.trace.id": "Root=1-5da0a5df-7d64cabe9955b4df9acc800a", + "user_agent.original": "curl/7.58.0" + }, + { + "@timestamp": "2019-10-11T15:55:11.987Z", + "aws.elb.action_executed": [ + "forward" + ], + "aws.elb.backend.http.response.status_code": 200, + "aws.elb.backend.ip": "10.0.0.192", + "aws.elb.backend.port": "80", + "aws.elb.backend_processing_time.sec": 0.001, + "aws.elb.matched_rule_priority": "0", + "aws.elb.name": "app/filebeat-aws-elb-test/c86a326e7dc14222", + "aws.elb.protocol": "http", + "aws.elb.request_processing_time.sec": 0.0, + "aws.elb.response_processing_time.sec": 0.0, + "aws.elb.target_group.arn": "arn:aws:elasticloadbalancing:eu-central-1:627959692251:targetgroup/test-lb-instances/8f04c4fe71f5f794", + "aws.elb.trace_id": "Root=1-5da0a5df-7c958e828ff43b63d0e0fac4", + "aws.elb.type": "http", + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2019-10-11T15:55:11.987Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "event.start": "2019-10-11T15:55:11.987000Z", + "fileset.name": "elb", + "http.request.body.bytes": 125, + "http.request.method": "get", + "http.request.referrer": "http://filebeat-aws-elb-test-12030537.eu-central-1.elb.amazonaws.com:80/", + "http.response.body.bytes": 859, + "http.response.status_code": 200, + "http.version": "1.1", + "input.type": "log", + "log.offset": 3980, + "service.type": "aws", + "source.as.number": 12430, + "source.as.organization.name": "Vodafone Spain", + "source.geo.city_name": "Teruel", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.3456, + "source.geo.location.lon": -1.1065, + "source.geo.region_iso_code": "ES-TE", + "source.geo.region_name": "Teruel", + "source.ip": "77.227.156.41", + "source.port": "37856", + "tracing.trace.id": "Root=1-5da0a5df-7c958e828ff43b63d0e0fac4", + "user_agent.original": "curl/7.58.0" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/elb/test/elb-http.log b/filebeat/module/aws/elb/test/elb-http.log new file mode 100644 index 00000000000..8199e6cc0a3 --- /dev/null +++ b/filebeat/module/aws/elb/test/elb-http.log @@ -0,0 +1,6 @@ +2019-10-14T12:00:20.694172Z filebeat-aws-elb-test 78.24.182.42:54106 10.0.1.185:80 0.000043 0.000785 0.000023 200 200 0 612 "GET http://18.194.223.56:80/ HTTP/1.1" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36" - - +2019-10-14T12:01:41.918996Z filebeat-aws-elb-test 31.135.65.4:54001 10.0.0.169:80 0.000041 0.00491 0.000027 200 200 0 612 "GET http://18.194.223.56:80/ HTTP/1.1" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36" - - +2019-10-14T12:01:49.543250Z filebeat-aws-elb-test 77.227.156.41:52406 10.0.1.185:80 0.000041 0.00079 0.000024 200 200 0 612 "GET http://filebeat-aws-elb-test-1703142762.eu-central-1.elb.amazonaws.com:80/ HTTP/1.1" "curl/7.58.0" - - +2019-10-14T12:01:50.199250Z filebeat-aws-elb-test 77.227.156.41:52410 10.0.0.169:80 0.000039 0.001184 0.000028 200 200 0 612 "GET http://filebeat-aws-elb-test-1703142762.eu-central-1.elb.amazonaws.com:80/ HTTP/1.1" "curl/7.58.0" - - +2019-10-14T12:01:50.831170Z filebeat-aws-elb-test 77.227.156.41:52414 10.0.1.185:80 0.000038 0.000787 0.000024 200 200 0 612 "GET http://filebeat-aws-elb-test-1703142762.eu-central-1.elb.amazonaws.com:80/ HTTP/1.1" "curl/7.58.0" - - + diff --git a/filebeat/module/aws/elb/test/elb-http.log-expected.json b/filebeat/module/aws/elb/test/elb-http.log-expected.json new file mode 100644 index 00000000000..f8b0d751e75 --- /dev/null +++ b/filebeat/module/aws/elb/test/elb-http.log-expected.json @@ -0,0 +1,202 @@ +[ + { + "@timestamp": "2019-10-14T12:00:20.694Z", + "aws.elb.backend.http.response.status_code": 200, + "aws.elb.backend.ip": "10.0.1.185", + "aws.elb.backend.port": "80", + "aws.elb.backend_processing_time.sec": 0.000785, + "aws.elb.name": "filebeat-aws-elb-test", + "aws.elb.protocol": "http", + "aws.elb.request_processing_time.sec": 4.3e-05, + "aws.elb.response_processing_time.sec": 2.3e-05, + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2019-10-14T12:00:20.694Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "fileset.name": "elb", + "http.request.body.bytes": 0, + "http.request.method": "get", + "http.request.referrer": "http://18.194.223.56:80/", + "http.response.body.bytes": 612, + "http.response.status_code": 200, + "http.version": "1.1", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.as.number": 35377, + "source.as.organization.name": "Ao a.b.n.", + "source.geo.city_name": "Moscow", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "RU", + "source.geo.location.lat": 55.7527, + "source.geo.location.lon": 37.6172, + "source.geo.region_iso_code": "RU-MOW", + "source.geo.region_name": "Moscow", + "source.ip": "78.24.182.42", + "source.port": "54106", + "user_agent.original": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36" + }, + { + "@timestamp": "2019-10-14T12:01:41.918Z", + "aws.elb.backend.http.response.status_code": 200, + "aws.elb.backend.ip": "10.0.0.169", + "aws.elb.backend.port": "80", + "aws.elb.backend_processing_time.sec": 0.00491, + "aws.elb.name": "filebeat-aws-elb-test", + "aws.elb.protocol": "http", + "aws.elb.request_processing_time.sec": 4.1e-05, + "aws.elb.response_processing_time.sec": 2.7e-05, + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2019-10-14T12:01:41.918Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "fileset.name": "elb", + "http.request.body.bytes": 0, + "http.request.method": "get", + "http.request.referrer": "http://18.194.223.56:80/", + "http.response.body.bytes": 612, + "http.response.status_code": 200, + "http.version": "1.1", + "input.type": "log", + "log.offset": 271, + "service.type": "aws", + "source.as.number": 43865, + "source.as.organization.name": "Intek-M LLC", + "source.geo.city_name": "Mytishchi", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "RU", + "source.geo.location.lat": 55.9089, + "source.geo.location.lon": 37.7339, + "source.geo.region_iso_code": "RU-MOS", + "source.geo.region_name": "Moscow Oblast", + "source.ip": "31.135.65.4", + "source.port": "54001", + "user_agent.original": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36" + }, + { + "@timestamp": "2019-10-14T12:01:49.543Z", + "aws.elb.backend.http.response.status_code": 200, + "aws.elb.backend.ip": "10.0.1.185", + "aws.elb.backend.port": "80", + "aws.elb.backend_processing_time.sec": 0.00079, + "aws.elb.name": "filebeat-aws-elb-test", + "aws.elb.protocol": "http", + "aws.elb.request_processing_time.sec": 4.1e-05, + "aws.elb.response_processing_time.sec": 2.4e-05, + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2019-10-14T12:01:49.543Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "fileset.name": "elb", + "http.request.body.bytes": 0, + "http.request.method": "get", + "http.request.referrer": "http://filebeat-aws-elb-test-1703142762.eu-central-1.elb.amazonaws.com:80/", + "http.response.body.bytes": 612, + "http.response.status_code": 200, + "http.version": "1.1", + "input.type": "log", + "log.offset": 540, + "service.type": "aws", + "source.as.number": 12430, + "source.as.organization.name": "Vodafone Spain", + "source.geo.city_name": "Teruel", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.3456, + "source.geo.location.lon": -1.1065, + "source.geo.region_iso_code": "ES-TE", + "source.geo.region_name": "Teruel", + "source.ip": "77.227.156.41", + "source.port": "52406", + "user_agent.original": "curl/7.58.0" + }, + { + "@timestamp": "2019-10-14T12:01:50.199Z", + "aws.elb.backend.http.response.status_code": 200, + "aws.elb.backend.ip": "10.0.0.169", + "aws.elb.backend.port": "80", + "aws.elb.backend_processing_time.sec": 0.001184, + "aws.elb.name": "filebeat-aws-elb-test", + "aws.elb.protocol": "http", + "aws.elb.request_processing_time.sec": 3.9e-05, + "aws.elb.response_processing_time.sec": 2.8e-05, + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2019-10-14T12:01:50.199Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "fileset.name": "elb", + "http.request.body.bytes": 0, + "http.request.method": "get", + "http.request.referrer": "http://filebeat-aws-elb-test-1703142762.eu-central-1.elb.amazonaws.com:80/", + "http.response.body.bytes": 612, + "http.response.status_code": 200, + "http.version": "1.1", + "input.type": "log", + "log.offset": 772, + "service.type": "aws", + "source.as.number": 12430, + "source.as.organization.name": "Vodafone Spain", + "source.geo.city_name": "Teruel", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.3456, + "source.geo.location.lon": -1.1065, + "source.geo.region_iso_code": "ES-TE", + "source.geo.region_name": "Teruel", + "source.ip": "77.227.156.41", + "source.port": "52410", + "user_agent.original": "curl/7.58.0" + }, + { + "@timestamp": "2019-10-14T12:01:50.831Z", + "aws.elb.backend.http.response.status_code": 200, + "aws.elb.backend.ip": "10.0.1.185", + "aws.elb.backend.port": "80", + "aws.elb.backend_processing_time.sec": 0.000787, + "aws.elb.name": "filebeat-aws-elb-test", + "aws.elb.protocol": "http", + "aws.elb.request_processing_time.sec": 3.8e-05, + "aws.elb.response_processing_time.sec": 2.4e-05, + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2019-10-14T12:01:50.831Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "fileset.name": "elb", + "http.request.body.bytes": 0, + "http.request.method": "get", + "http.request.referrer": "http://filebeat-aws-elb-test-1703142762.eu-central-1.elb.amazonaws.com:80/", + "http.response.body.bytes": 612, + "http.response.status_code": 200, + "http.version": "1.1", + "input.type": "log", + "log.offset": 1005, + "service.type": "aws", + "source.as.number": 12430, + "source.as.organization.name": "Vodafone Spain", + "source.geo.city_name": "Teruel", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.3456, + "source.geo.location.lon": -1.1065, + "source.geo.region_iso_code": "ES-TE", + "source.geo.region_name": "Teruel", + "source.ip": "77.227.156.41", + "source.port": "52414", + "user_agent.original": "curl/7.58.0" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/elb/test/elb-tcp.log b/filebeat/module/aws/elb/test/elb-tcp.log new file mode 100644 index 00000000000..2ef0527debf --- /dev/null +++ b/filebeat/module/aws/elb/test/elb-tcp.log @@ -0,0 +1,6 @@ +2019-10-17T13:22:51.758784Z filebeat-aws-elb-test-elb 77.227.156.41:51600 10.0.0.47:80 0.000943 0.00001 0.000015 - - 134 859 "- - - " "-" - - +2019-10-17T13:23:07.523763Z filebeat-aws-elb-test-elb 77.227.156.41:51726 10.0.1.184:80 0.000501 0.00001 0.000015 - - 134 859 "- - - " "-" - - +2019-10-17T13:23:08.477627Z filebeat-aws-elb-test-elb 77.227.156.41:51734 10.0.0.47:80 0.001105 0.00001 0.000015 - - 134 859 "- - - " "-" - - +2019-10-17T13:23:09.174797Z filebeat-aws-elb-test-elb 77.227.156.41:51738 10.0.1.184:80 0.000422 0.000009 0.000013 - - 134 859 "- - - " "-" - - +2019-10-17T13:26:14.308385Z filebeat-aws-elb-test-elb 77.227.156.41:46288 10.0.0.47:80 0.000534 0.000011 0.000016 - - 7 343 "- - - " "-" - - +2019-10-17T13:26:19.318250Z filebeat-aws-elb-test-elb 77.227.156.41:46304 10.0.1.184:80 0.001004 0.00001 0.000015 - - 17 343 "- - - " "-" - - diff --git a/filebeat/module/aws/elb/test/elb-tcp.log-expected.json b/filebeat/module/aws/elb/test/elb-tcp.log-expected.json new file mode 100644 index 00000000000..c587af8defb --- /dev/null +++ b/filebeat/module/aws/elb/test/elb-tcp.log-expected.json @@ -0,0 +1,200 @@ +[ + { + "@timestamp": "2019-10-17T13:22:51.758Z", + "aws.elb.backend.ip": "10.0.0.47", + "aws.elb.backend.port": "80", + "aws.elb.backend_processing_time.sec": 1e-05, + "aws.elb.name": "filebeat-aws-elb-test-elb", + "aws.elb.protocol": "tcp", + "aws.elb.request_processing_time.sec": 0.000943, + "aws.elb.response_processing_time.sec": 1.5e-05, + "cloud.provider": "aws", + "destination.bytes": 859, + "event.category": "network", + "event.dataset": "aws.elb", + "event.end": "2019-10-17T13:22:51.758Z", + "event.kind": "event", + "event.module": "aws", + "fileset.name": "elb", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.as.number": 12430, + "source.as.organization.name": "Vodafone Spain", + "source.bytes": 134, + "source.geo.city_name": "Teruel", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.3456, + "source.geo.location.lon": -1.1065, + "source.geo.region_iso_code": "ES-TE", + "source.geo.region_name": "Teruel", + "source.ip": "77.227.156.41", + "source.port": "51600" + }, + { + "@timestamp": "2019-10-17T13:23:07.523Z", + "aws.elb.backend.ip": "10.0.1.184", + "aws.elb.backend.port": "80", + "aws.elb.backend_processing_time.sec": 1e-05, + "aws.elb.name": "filebeat-aws-elb-test-elb", + "aws.elb.protocol": "tcp", + "aws.elb.request_processing_time.sec": 0.000501, + "aws.elb.response_processing_time.sec": 1.5e-05, + "cloud.provider": "aws", + "destination.bytes": 859, + "event.category": "network", + "event.dataset": "aws.elb", + "event.end": "2019-10-17T13:23:07.523Z", + "event.kind": "event", + "event.module": "aws", + "fileset.name": "elb", + "input.type": "log", + "log.offset": 142, + "service.type": "aws", + "source.as.number": 12430, + "source.as.organization.name": "Vodafone Spain", + "source.bytes": 134, + "source.geo.city_name": "Teruel", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.3456, + "source.geo.location.lon": -1.1065, + "source.geo.region_iso_code": "ES-TE", + "source.geo.region_name": "Teruel", + "source.ip": "77.227.156.41", + "source.port": "51726" + }, + { + "@timestamp": "2019-10-17T13:23:08.477Z", + "aws.elb.backend.ip": "10.0.0.47", + "aws.elb.backend.port": "80", + "aws.elb.backend_processing_time.sec": 1e-05, + "aws.elb.name": "filebeat-aws-elb-test-elb", + "aws.elb.protocol": "tcp", + "aws.elb.request_processing_time.sec": 0.001105, + "aws.elb.response_processing_time.sec": 1.5e-05, + "cloud.provider": "aws", + "destination.bytes": 859, + "event.category": "network", + "event.dataset": "aws.elb", + "event.end": "2019-10-17T13:23:08.477Z", + "event.kind": "event", + "event.module": "aws", + "fileset.name": "elb", + "input.type": "log", + "log.offset": 285, + "service.type": "aws", + "source.as.number": 12430, + "source.as.organization.name": "Vodafone Spain", + "source.bytes": 134, + "source.geo.city_name": "Teruel", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.3456, + "source.geo.location.lon": -1.1065, + "source.geo.region_iso_code": "ES-TE", + "source.geo.region_name": "Teruel", + "source.ip": "77.227.156.41", + "source.port": "51734" + }, + { + "@timestamp": "2019-10-17T13:23:09.174Z", + "aws.elb.backend.ip": "10.0.1.184", + "aws.elb.backend.port": "80", + "aws.elb.backend_processing_time.sec": 9e-06, + "aws.elb.name": "filebeat-aws-elb-test-elb", + "aws.elb.protocol": "tcp", + "aws.elb.request_processing_time.sec": 0.000422, + "aws.elb.response_processing_time.sec": 1.3e-05, + "cloud.provider": "aws", + "destination.bytes": 859, + "event.category": "network", + "event.dataset": "aws.elb", + "event.end": "2019-10-17T13:23:09.174Z", + "event.kind": "event", + "event.module": "aws", + "fileset.name": "elb", + "input.type": "log", + "log.offset": 427, + "service.type": "aws", + "source.as.number": 12430, + "source.as.organization.name": "Vodafone Spain", + "source.bytes": 134, + "source.geo.city_name": "Teruel", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.3456, + "source.geo.location.lon": -1.1065, + "source.geo.region_iso_code": "ES-TE", + "source.geo.region_name": "Teruel", + "source.ip": "77.227.156.41", + "source.port": "51738" + }, + { + "@timestamp": "2019-10-17T13:26:14.308Z", + "aws.elb.backend.ip": "10.0.0.47", + "aws.elb.backend.port": "80", + "aws.elb.backend_processing_time.sec": 1.1e-05, + "aws.elb.name": "filebeat-aws-elb-test-elb", + "aws.elb.protocol": "tcp", + "aws.elb.request_processing_time.sec": 0.000534, + "aws.elb.response_processing_time.sec": 1.6e-05, + "cloud.provider": "aws", + "destination.bytes": 343, + "event.category": "network", + "event.dataset": "aws.elb", + "event.end": "2019-10-17T13:26:14.308Z", + "event.kind": "event", + "event.module": "aws", + "fileset.name": "elb", + "input.type": "log", + "log.offset": 571, + "service.type": "aws", + "source.as.number": 12430, + "source.as.organization.name": "Vodafone Spain", + "source.bytes": 7, + "source.geo.city_name": "Teruel", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.3456, + "source.geo.location.lon": -1.1065, + "source.geo.region_iso_code": "ES-TE", + "source.geo.region_name": "Teruel", + "source.ip": "77.227.156.41", + "source.port": "46288" + }, + { + "@timestamp": "2019-10-17T13:26:19.318Z", + "aws.elb.backend.ip": "10.0.1.184", + "aws.elb.backend.port": "80", + "aws.elb.backend_processing_time.sec": 1e-05, + "aws.elb.name": "filebeat-aws-elb-test-elb", + "aws.elb.protocol": "tcp", + "aws.elb.request_processing_time.sec": 0.001004, + "aws.elb.response_processing_time.sec": 1.5e-05, + "cloud.provider": "aws", + "destination.bytes": 343, + "event.category": "network", + "event.dataset": "aws.elb", + "event.end": "2019-10-17T13:26:19.318Z", + "event.kind": "event", + "event.module": "aws", + "fileset.name": "elb", + "input.type": "log", + "log.offset": 712, + "service.type": "aws", + "source.as.number": 12430, + "source.as.organization.name": "Vodafone Spain", + "source.bytes": 17, + "source.geo.city_name": "Teruel", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.3456, + "source.geo.location.lon": -1.1065, + "source.geo.region_iso_code": "ES-TE", + "source.geo.region_name": "Teruel", + "source.ip": "77.227.156.41", + "source.port": "46304" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/elb/test/example-alb-http.log b/filebeat/module/aws/elb/test/example-alb-http.log new file mode 100644 index 00000000000..9e4526d2d61 --- /dev/null +++ b/filebeat/module/aws/elb/test/example-alb-http.log @@ -0,0 +1,10 @@ +http 2018-07-02T22:23:00.186641Z app/my-loadbalancer/50dc6c495c0c9188 192.168.131.39:2817 10.0.0.1:80 0.000 0.001 0.000 200 200 34 366 "GET http://www.example.com:80/ HTTP/1.1" "curl/7.46.0" - - arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067 "Root=1-58337262-36d228ad5d99923122bbe354" "-" "-" 0 2018-07-02T22:22:48.364000Z "forward" "-" "-" +https 2018-07-02T22:23:00.186641Z app/my-loadbalancer/50dc6c495c0c9188 192.168.131.39:2817 10.0.0.1:80 0.086 0.048 0.037 200 200 0 57 "GET https://www.example.com:443/ HTTP/1.1" "curl/7.46.0" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067 "Root=1-58337281-1d84f3d73c47ec4e58577259" "www.example.com" "arn:aws:acm:us-east-2:123456789012:certificate/12345678-1234-1234-1234-123456789012" 1 2018-07-02T22:22:48.364000Z "authenticate,forward" "-" "-" +h2 2018-07-02T22:23:00.186641Z app/my-loadbalancer/50dc6c495c0c9188 10.0.1.252:48160 10.0.0.66:9000 0.000 0.002 0.000 200 200 5 257 "GET https://10.0.2.105:773/ HTTP/2.0" "curl/7.46.0" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067 "Root=1-58337327-72bd00b0343d75b906739c42" "-" "-" 1 2018-07-02T22:22:48.364000Z "redirect" "https://example.com:80/" "-" +ws 2018-07-02T22:23:00.186641Z app/my-loadbalancer/50dc6c495c0c9188 10.0.0.140:40914 10.0.1.192:8010 0.001 0.003 0.000 101 101 218 587 "GET http://10.0.0.30:80/ HTTP/1.1" "-" - - arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067 "Root=1-58337364-23a8c76965a2ef7629b185e3" "-" "-" 1 2018-07-02T22:22:48.364000Z "forward" "-" "-" +wss 2018-07-02T22:23:00.186641Z app/my-loadbalancer/50dc6c495c0c9188 10.0.0.140:44244 10.0.0.171:8010 0.000 0.001 0.000 101 101 218 786 "GET https://10.0.0.30:443/ HTTP/1.1" "-" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 arn:aws:elasticloadbalancing:us-west-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067 "Root=1-58337364-23a8c76965a2ef7629b185e3" "-" "-"1 2018-07-02T22:22:48.364000Z "forward" "-" "-" +http 2018-11-30T22:23:00.186641Z app/my-loadbalancer/50dc6c495c0c9188 192.168.131.39:2817 - 0.000 0.001 0.000 200 200 34 366 "GET http://www.example.com:80/ HTTP/1.1" "curl/7.46.0" - - arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067 "Root=1-58337364-23a8c76965a2ef7629b185e3" "-" "-" 0 2018-11-30T22:22:48.364000Z "forward" "-" "-" +http 2018-11-30T22:23:00.186641Z app/my-loadbalancer/50dc6c495c0c9188 192.168.131.39:2817 - 0.000 0.001 0.000 502 - 34 366 "GET http://www.example.com:80/ HTTP/1.1" "curl/7.46.0" - - arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067 "Root=1-58337364-23a8c76965a2ef7629b185e3" "-" "-" 0 2018-11-30T22:22:48.364000Z "forward" "-" "LambdaInvalidResponse" +http 2018-11-30T22:23:00.186641Z app/my-loadbalancer/50dc6c495c0c9188 192.168.131.39:2817 - -1 -1 -1 400 - 0 0 "- http://www.example.com:80- -" "-" - - - "-" "-" "-" 0 2018-11-30T22:22:48.364000Z "-" "-" "-" +http 2018-11-30T22:23:00.186641Z app/my-loadbalancer/50dc6c495c0c9188 192.168.131.39:2817 - -1 -1 -1 400 - 0 0 "- - -" "-" - - - "-" "-" "-" 0 2018-11-30T22:22:48.364000Z "-" "-" "-" + diff --git a/filebeat/module/aws/elb/test/example-alb-http.log-expected.json b/filebeat/module/aws/elb/test/example-alb-http.log-expected.json new file mode 100644 index 00000000000..1a46cee8d85 --- /dev/null +++ b/filebeat/module/aws/elb/test/example-alb-http.log-expected.json @@ -0,0 +1,345 @@ +[ + { + "@timestamp": "2018-07-02T22:23:00.186Z", + "aws.elb.action_executed": [ + "forward" + ], + "aws.elb.backend.http.response.status_code": 200, + "aws.elb.backend.ip": "10.0.0.1", + "aws.elb.backend.port": "80", + "aws.elb.backend_processing_time.sec": 0.001, + "aws.elb.matched_rule_priority": "0", + "aws.elb.name": "app/my-loadbalancer/50dc6c495c0c9188", + "aws.elb.protocol": "http", + "aws.elb.request_processing_time.sec": 0.0, + "aws.elb.response_processing_time.sec": 0.0, + "aws.elb.target_group.arn": "arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067", + "aws.elb.trace_id": "Root=1-58337262-36d228ad5d99923122bbe354", + "aws.elb.type": "http", + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2018-07-02T22:23:00.186Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "event.start": "2018-07-02T22:22:48.364000Z", + "fileset.name": "elb", + "http.request.body.bytes": 34, + "http.request.method": "get", + "http.request.referrer": "http://www.example.com:80/", + "http.response.body.bytes": 366, + "http.response.status_code": 200, + "http.version": "1.1", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.ip": "192.168.131.39", + "source.port": "2817", + "tracing.trace.id": "Root=1-58337262-36d228ad5d99923122bbe354", + "user_agent.original": "curl/7.46.0" + }, + { + "@timestamp": "2018-07-02T22:23:00.186Z", + "aws.elb.action_executed": [ + "authenticate", + "forward" + ], + "aws.elb.backend.http.response.status_code": 200, + "aws.elb.backend.ip": "10.0.0.1", + "aws.elb.backend.port": "80", + "aws.elb.backend_processing_time.sec": 0.048, + "aws.elb.chosen_cert.arn": "arn:aws:acm:us-east-2:123456789012:certificate/12345678-1234-1234-1234-123456789012", + "aws.elb.matched_rule_priority": "1", + "aws.elb.name": "app/my-loadbalancer/50dc6c495c0c9188", + "aws.elb.protocol": "http", + "aws.elb.request_processing_time.sec": 0.086, + "aws.elb.response_processing_time.sec": 0.037, + "aws.elb.ssl_cipher": "ECDHE-RSA-AES128-GCM-SHA256", + "aws.elb.ssl_protocol": "TLSv1.2", + "aws.elb.target_group.arn": "arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067", + "aws.elb.trace_id": "Root=1-58337281-1d84f3d73c47ec4e58577259", + "aws.elb.type": "https", + "cloud.provider": "aws", + "destination.domain": "www.example.com", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2018-07-02T22:23:00.186Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "event.start": "2018-07-02T22:22:48.364000Z", + "fileset.name": "elb", + "http.request.body.bytes": 0, + "http.request.method": "get", + "http.request.referrer": "https://www.example.com:443/", + "http.response.body.bytes": 57, + "http.response.status_code": 200, + "http.version": "1.1", + "input.type": "log", + "log.offset": 386, + "service.type": "aws", + "source.ip": "192.168.131.39", + "source.port": "2817", + "tls.cipher": "ECDHE-RSA-AES128-GCM-SHA256", + "tls.version": "1.2", + "tls.version_protocol": "tls", + "tracing.trace.id": "Root=1-58337281-1d84f3d73c47ec4e58577259", + "user_agent.original": "curl/7.46.0" + }, + { + "@timestamp": "2018-07-02T22:23:00.186Z", + "aws.elb.action_executed": [ + "redirect" + ], + "aws.elb.backend.http.response.status_code": 200, + "aws.elb.backend.ip": "10.0.0.66", + "aws.elb.backend.port": "9000", + "aws.elb.backend_processing_time.sec": 0.002, + "aws.elb.matched_rule_priority": "1", + "aws.elb.name": "app/my-loadbalancer/50dc6c495c0c9188", + "aws.elb.protocol": "http", + "aws.elb.redirect_url": "https://example.com:80/", + "aws.elb.request_processing_time.sec": 0.0, + "aws.elb.response_processing_time.sec": 0.0, + "aws.elb.ssl_cipher": "ECDHE-RSA-AES128-GCM-SHA256", + "aws.elb.ssl_protocol": "TLSv1.2", + "aws.elb.target_group.arn": "arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067", + "aws.elb.trace_id": "Root=1-58337327-72bd00b0343d75b906739c42", + "aws.elb.type": "h2", + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2018-07-02T22:23:00.186Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "event.start": "2018-07-02T22:22:48.364000Z", + "fileset.name": "elb", + "http.request.body.bytes": 5, + "http.request.method": "get", + "http.request.referrer": "https://10.0.2.105:773/", + "http.response.body.bytes": 257, + "http.response.status_code": 200, + "http.version": "2.0", + "input.type": "log", + "log.offset": 914, + "service.type": "aws", + "source.ip": "10.0.1.252", + "source.port": "48160", + "tls.cipher": "ECDHE-RSA-AES128-GCM-SHA256", + "tls.version": "1.2", + "tls.version_protocol": "tls", + "tracing.trace.id": "Root=1-58337327-72bd00b0343d75b906739c42", + "user_agent.original": "curl/7.46.0" + }, + { + "@timestamp": "2018-07-02T22:23:00.186Z", + "aws.elb.action_executed": [ + "forward" + ], + "aws.elb.backend.http.response.status_code": 101, + "aws.elb.backend.ip": "10.0.1.192", + "aws.elb.backend.port": "8010", + "aws.elb.backend_processing_time.sec": 0.003, + "aws.elb.matched_rule_priority": "1", + "aws.elb.name": "app/my-loadbalancer/50dc6c495c0c9188", + "aws.elb.protocol": "http", + "aws.elb.request_processing_time.sec": 0.001, + "aws.elb.response_processing_time.sec": 0.0, + "aws.elb.target_group.arn": "arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067", + "aws.elb.trace_id": "Root=1-58337364-23a8c76965a2ef7629b185e3", + "aws.elb.type": "ws", + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2018-07-02T22:23:00.186Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "event.start": "2018-07-02T22:22:48.364000Z", + "fileset.name": "elb", + "http.request.body.bytes": 218, + "http.request.method": "get", + "http.request.referrer": "http://10.0.0.30:80/", + "http.response.body.bytes": 587, + "http.response.status_code": 101, + "http.version": "1.1", + "input.type": "log", + "log.offset": 1349, + "service.type": "aws", + "source.ip": "10.0.0.140", + "source.port": "40914", + "tracing.trace.id": "Root=1-58337364-23a8c76965a2ef7629b185e3", + "user_agent.original": "-" + }, + { + "@timestamp": "2018-07-02T22:23:00.186Z", + "aws.elb.backend.http.response.status_code": 101, + "aws.elb.backend.ip": "10.0.0.171", + "aws.elb.backend.port": "8010", + "aws.elb.backend_processing_time.sec": 0.001, + "aws.elb.name": "app/my-loadbalancer/50dc6c495c0c9188", + "aws.elb.protocol": "http", + "aws.elb.request_processing_time.sec": 0.0, + "aws.elb.response_processing_time.sec": 0.0, + "aws.elb.ssl_cipher": "ECDHE-RSA-AES128-GCM-SHA256", + "aws.elb.ssl_protocol": "TLSv1.2", + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2018-07-02T22:23:00.186Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "fileset.name": "elb", + "http.request.body.bytes": 218, + "http.request.method": "get", + "http.request.referrer": "https://10.0.0.30:443/", + "http.response.body.bytes": 786, + "http.response.status_code": 101, + "http.version": "1.1", + "input.type": "log", + "log.offset": 1719, + "service.type": "aws", + "source.ip": "10.0.0.140", + "source.port": "44244", + "tls.cipher": "ECDHE-RSA-AES128-GCM-SHA256", + "tls.version": "1.2", + "tls.version_protocol": "tls", + "user_agent.original": "-" + }, + { + "@timestamp": "2018-11-30T22:23:00.186Z", + "aws.elb.action_executed": [ + "forward" + ], + "aws.elb.backend.http.response.status_code": 200, + "aws.elb.backend_processing_time.sec": 0.001, + "aws.elb.matched_rule_priority": "0", + "aws.elb.name": "app/my-loadbalancer/50dc6c495c0c9188", + "aws.elb.protocol": "http", + "aws.elb.request_processing_time.sec": 0.0, + "aws.elb.response_processing_time.sec": 0.0, + "aws.elb.target_group.arn": "arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067", + "aws.elb.trace_id": "Root=1-58337364-23a8c76965a2ef7629b185e3", + "aws.elb.type": "http", + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2018-11-30T22:23:00.186Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "event.start": "2018-11-30T22:22:48.364000Z", + "fileset.name": "elb", + "http.request.body.bytes": 34, + "http.request.method": "get", + "http.request.referrer": "http://www.example.com:80/", + "http.response.body.bytes": 366, + "http.response.status_code": 200, + "http.version": "1.1", + "input.type": "log", + "log.offset": 2123, + "service.type": "aws", + "source.ip": "192.168.131.39", + "source.port": "2817", + "tracing.trace.id": "Root=1-58337364-23a8c76965a2ef7629b185e3", + "user_agent.original": "curl/7.46.0" + }, + { + "@timestamp": "2018-11-30T22:23:00.186Z", + "aws.elb.action_executed": [ + "forward" + ], + "aws.elb.backend_processing_time.sec": 0.001, + "aws.elb.error.reason": "LambdaInvalidResponse", + "aws.elb.matched_rule_priority": "0", + "aws.elb.name": "app/my-loadbalancer/50dc6c495c0c9188", + "aws.elb.protocol": "http", + "aws.elb.request_processing_time.sec": 0.0, + "aws.elb.response_processing_time.sec": 0.0, + "aws.elb.target_group.arn": "arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067", + "aws.elb.trace_id": "Root=1-58337364-23a8c76965a2ef7629b185e3", + "aws.elb.type": "http", + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2018-11-30T22:23:00.186Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "failure", + "event.start": "2018-11-30T22:22:48.364000Z", + "fileset.name": "elb", + "http.request.body.bytes": 34, + "http.request.method": "get", + "http.request.referrer": "http://www.example.com:80/", + "http.response.body.bytes": 366, + "http.response.status_code": 502, + "http.version": "1.1", + "input.type": "log", + "log.offset": 2499, + "service.type": "aws", + "source.ip": "192.168.131.39", + "source.port": "2817", + "tracing.trace.id": "Root=1-58337364-23a8c76965a2ef7629b185e3", + "user_agent.original": "curl/7.46.0" + }, + { + "@timestamp": "2018-11-30T22:23:00.186Z", + "aws.elb.matched_rule_priority": "0", + "aws.elb.name": "app/my-loadbalancer/50dc6c495c0c9188", + "aws.elb.protocol": "http", + "aws.elb.target_group.arn": "-", + "aws.elb.trace_id": "-", + "aws.elb.type": "http", + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2018-11-30T22:23:00.186Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "failure", + "event.start": "2018-11-30T22:22:48.364000Z", + "fileset.name": "elb", + "http.request.body.bytes": 0, + "http.request.referrer": "http://www.example.com:80-", + "http.response.body.bytes": 0, + "http.response.status_code": 400, + "input.type": "log", + "log.offset": 2893, + "service.type": "aws", + "source.ip": "192.168.131.39", + "source.port": "2817", + "tracing.trace.id": "-", + "user_agent.original": "-" + }, + { + "@timestamp": "2018-11-30T22:23:00.186Z", + "aws.elb.matched_rule_priority": "0", + "aws.elb.name": "app/my-loadbalancer/50dc6c495c0c9188", + "aws.elb.protocol": "http", + "aws.elb.target_group.arn": "-", + "aws.elb.trace_id": "-", + "aws.elb.type": "http", + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2018-11-30T22:23:00.186Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "failure", + "event.start": "2018-11-30T22:22:48.364000Z", + "fileset.name": "elb", + "http.request.body.bytes": 0, + "http.response.body.bytes": 0, + "http.response.status_code": 400, + "input.type": "log", + "log.offset": 3101, + "service.type": "aws", + "source.ip": "192.168.131.39", + "source.port": "2817", + "tracing.trace.id": "-", + "user_agent.original": "-" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/elb/test/example-http.log b/filebeat/module/aws/elb/test/example-http.log new file mode 100644 index 00000000000..676514eb326 --- /dev/null +++ b/filebeat/module/aws/elb/test/example-http.log @@ -0,0 +1,4 @@ +2015-05-13T23:39:43.945958Z my-loadbalancer 192.168.131.39:2817 10.0.0.1:80 0.000073 0.001048 0.000057 200 200 0 29 "GET http://www.example.com:80/ HTTP/1.1" "curl/7.38.0" - - +2015-05-13T23:39:43.945958Z my-loadbalancer 192.168.131.39:2817 - -1 -1 -1 503 - 0 0 "GET http://www.example.com:80/ HTTP/1.1" "curl/7.38.0" - - +2015-05-13T23:39:43.945958Z my-loadbalancer 192.168.131.39:2817 - -1 -1 -1 400 - 0 0 "GET http://www.example.com:80- -" "-" - - + diff --git a/filebeat/module/aws/elb/test/example-http.log-expected.json b/filebeat/module/aws/elb/test/example-http.log-expected.json new file mode 100644 index 00000000000..72f9a57f6e3 --- /dev/null +++ b/filebeat/module/aws/elb/test/example-http.log-expected.json @@ -0,0 +1,82 @@ +[ + { + "@timestamp": "2015-05-13T23:39:43.945Z", + "aws.elb.backend.http.response.status_code": 200, + "aws.elb.backend.ip": "10.0.0.1", + "aws.elb.backend.port": "80", + "aws.elb.backend_processing_time.sec": 0.001048, + "aws.elb.name": "my-loadbalancer", + "aws.elb.protocol": "http", + "aws.elb.request_processing_time.sec": 7.3e-05, + "aws.elb.response_processing_time.sec": 5.7e-05, + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2015-05-13T23:39:43.945Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "fileset.name": "elb", + "http.request.body.bytes": 0, + "http.request.method": "get", + "http.request.referrer": "http://www.example.com:80/", + "http.response.body.bytes": 29, + "http.response.status_code": 200, + "http.version": "1.1", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.ip": "192.168.131.39", + "source.port": "2817", + "user_agent.original": "curl/7.38.0" + }, + { + "@timestamp": "2015-05-13T23:39:43.945Z", + "aws.elb.name": "my-loadbalancer", + "aws.elb.protocol": "http", + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2015-05-13T23:39:43.945Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "failure", + "fileset.name": "elb", + "http.request.body.bytes": 0, + "http.request.method": "get", + "http.request.referrer": "http://www.example.com:80/", + "http.response.body.bytes": 0, + "http.response.status_code": 503, + "http.version": "1.1", + "input.type": "log", + "log.offset": 176, + "service.type": "aws", + "source.ip": "192.168.131.39", + "source.port": "2817", + "user_agent.original": "curl/7.38.0" + }, + { + "@timestamp": "2015-05-13T23:39:43.945Z", + "aws.elb.name": "my-loadbalancer", + "aws.elb.protocol": "http", + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2015-05-13T23:39:43.945Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "failure", + "fileset.name": "elb", + "http.request.body.bytes": 0, + "http.request.method": "get", + "http.request.referrer": "http://www.example.com:80-", + "http.response.body.bytes": 0, + "http.response.status_code": 400, + "input.type": "log", + "log.offset": 321, + "service.type": "aws", + "source.ip": "192.168.131.39", + "source.port": "2817", + "user_agent.original": "-" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/elb/test/example-https.log b/filebeat/module/aws/elb/test/example-https.log new file mode 100644 index 00000000000..8266cac0357 --- /dev/null +++ b/filebeat/module/aws/elb/test/example-https.log @@ -0,0 +1,2 @@ +2015-05-13T23:39:43.945958Z my-loadbalancer 192.168.131.39:2817 10.0.0.1:80 0.000086 0.001048 0.001337 200 200 0 57 "GET https://www.example.com:443/ HTTP/1.1" "curl/7.38.0" DHE-RSA-AES128-SHA TLSv1.2 + diff --git a/filebeat/module/aws/elb/test/example-https.log-expected.json b/filebeat/module/aws/elb/test/example-https.log-expected.json new file mode 100644 index 00000000000..ef09a37d579 --- /dev/null +++ b/filebeat/module/aws/elb/test/example-https.log-expected.json @@ -0,0 +1,38 @@ +[ + { + "@timestamp": "2015-05-13T23:39:43.945Z", + "aws.elb.backend.http.response.status_code": 200, + "aws.elb.backend.ip": "10.0.0.1", + "aws.elb.backend.port": "80", + "aws.elb.backend_processing_time.sec": 0.001048, + "aws.elb.name": "my-loadbalancer", + "aws.elb.protocol": "http", + "aws.elb.request_processing_time.sec": 8.6e-05, + "aws.elb.response_processing_time.sec": 0.001337, + "aws.elb.ssl_cipher": "DHE-RSA-AES128-SHA", + "aws.elb.ssl_protocol": "TLSv1.2", + "cloud.provider": "aws", + "event.category": "web", + "event.dataset": "aws.elb", + "event.end": "2015-05-13T23:39:43.945Z", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "fileset.name": "elb", + "http.request.body.bytes": 0, + "http.request.method": "get", + "http.request.referrer": "https://www.example.com:443/", + "http.response.body.bytes": 57, + "http.response.status_code": 200, + "http.version": "1.1", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.ip": "192.168.131.39", + "source.port": "2817", + "tls.cipher": "DHE-RSA-AES128-SHA", + "tls.version": "1.2", + "tls.version_protocol": "tls", + "user_agent.original": "curl/7.38.0" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/elb/test/example-nlb-tcp.log b/filebeat/module/aws/elb/test/example-nlb-tcp.log new file mode 100644 index 00000000000..3ff8e07a578 --- /dev/null +++ b/filebeat/module/aws/elb/test/example-nlb-tcp.log @@ -0,0 +1,2 @@ +tls 1.0 2018-12-20T02:59:40 net/my-network-loadbalancer/c6e77e28c25b2234 g3d4b5e8bb8464cd 72.21.218.154:51341 172.100.100.185:443 5 2 98 246 - arn:aws:acm:us-east-2:671290407336:certificate/2a108f19-aded-46b0-8493-c63eb1ef4a99 - ECDHE-RSA-AES128-SHA tlsv12 - my-network-loadbalancer-c6e77e28c25b2234.elb.us-east-2.amazonaws.com + diff --git a/filebeat/module/aws/elb/test/example-nlb-tcp.log-expected.json b/filebeat/module/aws/elb/test/example-nlb-tcp.log-expected.json new file mode 100644 index 00000000000..74c1c0e8cc7 --- /dev/null +++ b/filebeat/module/aws/elb/test/example-nlb-tcp.log-expected.json @@ -0,0 +1,43 @@ +[ + { + "@timestamp": "2018-12-20T02:59:40.000Z", + "aws.elb.backend.ip": "172.100.100.185", + "aws.elb.backend.port": "443", + "aws.elb.chosen_cert.arn": "arn:aws:acm:us-east-2:671290407336:certificate/2a108f19-aded-46b0-8493-c63eb1ef4a99", + "aws.elb.connection_time.ms": 5.0, + "aws.elb.listener": "g3d4b5e8bb8464cd", + "aws.elb.name": "net/my-network-loadbalancer/c6e77e28c25b2234", + "aws.elb.protocol": "tcp", + "aws.elb.ssl_cipher": "ECDHE-RSA-AES128-SHA", + "aws.elb.ssl_protocol": "tlsv12", + "aws.elb.tls_handshake_time.ms": 2.0, + "aws.elb.type": "tls", + "cloud.provider": "aws", + "destination.bytes": 246, + "destination.domain": "my-network-loadbalancer-c6e77e28c25b2234.elb.us-east-2.amazonaws.com", + "event.category": "network", + "event.dataset": "aws.elb", + "event.end": "2018-12-20T02:59:40.000Z", + "event.kind": "event", + "event.module": "aws", + "fileset.name": "elb", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.as.number": 16509, + "source.as.organization.name": "Amazon.com, Inc.", + "source.bytes": 98, + "source.geo.city_name": "Ashburn", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 39.0481, + "source.geo.location.lon": -77.4728, + "source.geo.region_iso_code": "US-VA", + "source.geo.region_name": "Virginia", + "source.ip": "72.21.218.154", + "source.port": "51341", + "tls.cipher": "ECDHE-RSA-AES128-SHA", + "tls.version": "1.2", + "tls.version_protocol": "tls" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/elb/test/example-ssl.log b/filebeat/module/aws/elb/test/example-ssl.log new file mode 100644 index 00000000000..3896428f78a --- /dev/null +++ b/filebeat/module/aws/elb/test/example-ssl.log @@ -0,0 +1,2 @@ +2015-05-13T23:39:43.945958Z my-loadbalancer 192.168.131.39:2817 10.0.0.1:80 0.001065 0.000015 0.000023 - - 57 502 "- - - " "-" ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 + diff --git a/filebeat/module/aws/elb/test/example-ssl.log-expected.json b/filebeat/module/aws/elb/test/example-ssl.log-expected.json new file mode 100644 index 00000000000..84f2748861c --- /dev/null +++ b/filebeat/module/aws/elb/test/example-ssl.log-expected.json @@ -0,0 +1,31 @@ +[ + { + "@timestamp": "2015-05-13T23:39:43.945Z", + "aws.elb.backend.ip": "10.0.0.1", + "aws.elb.backend.port": "80", + "aws.elb.backend_processing_time.sec": 1.5e-05, + "aws.elb.name": "my-loadbalancer", + "aws.elb.protocol": "tcp", + "aws.elb.request_processing_time.sec": 0.001065, + "aws.elb.response_processing_time.sec": 2.3e-05, + "aws.elb.ssl_cipher": "ECDHE-ECDSA-AES128-GCM-SHA256", + "aws.elb.ssl_protocol": "TLSv1.2", + "cloud.provider": "aws", + "destination.bytes": 502, + "event.category": "network", + "event.dataset": "aws.elb", + "event.end": "2015-05-13T23:39:43.945Z", + "event.kind": "event", + "event.module": "aws", + "fileset.name": "elb", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.bytes": 57, + "source.ip": "192.168.131.39", + "source.port": "2817", + "tls.cipher": "ECDHE-ECDSA-AES128-GCM-SHA256", + "tls.version": "1.2", + "tls.version_protocol": "tls" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/elb/test/example-tcp.log b/filebeat/module/aws/elb/test/example-tcp.log new file mode 100644 index 00000000000..b1efee6b2c9 --- /dev/null +++ b/filebeat/module/aws/elb/test/example-tcp.log @@ -0,0 +1,3 @@ +2015-05-13T23:39:43.945958Z my-loadbalancer 192.168.131.39:2817 10.0.0.1:80 0.001069 0.000028 0.000041 - - 82 305 "- - - " "-" - - +2015-05-13T23:39:43.945958Z my-loadbalancer 192.168.131.39:2817 - -1 -1 -1 - - 82 0 "- - - " "-" - - + diff --git a/filebeat/module/aws/elb/test/example-tcp.log-expected.json b/filebeat/module/aws/elb/test/example-tcp.log-expected.json new file mode 100644 index 00000000000..af89134a830 --- /dev/null +++ b/filebeat/module/aws/elb/test/example-tcp.log-expected.json @@ -0,0 +1,45 @@ +[ + { + "@timestamp": "2015-05-13T23:39:43.945Z", + "aws.elb.backend.ip": "10.0.0.1", + "aws.elb.backend.port": "80", + "aws.elb.backend_processing_time.sec": 2.8e-05, + "aws.elb.name": "my-loadbalancer", + "aws.elb.protocol": "tcp", + "aws.elb.request_processing_time.sec": 0.001069, + "aws.elb.response_processing_time.sec": 4.1e-05, + "cloud.provider": "aws", + "destination.bytes": 305, + "event.category": "network", + "event.dataset": "aws.elb", + "event.end": "2015-05-13T23:39:43.945Z", + "event.kind": "event", + "event.module": "aws", + "fileset.name": "elb", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.bytes": 82, + "source.ip": "192.168.131.39", + "source.port": "2817" + }, + { + "@timestamp": "2015-05-13T23:39:43.945Z", + "aws.elb.name": "my-loadbalancer", + "aws.elb.protocol": "tcp", + "cloud.provider": "aws", + "destination.bytes": 0, + "event.category": "network", + "event.dataset": "aws.elb", + "event.end": "2015-05-13T23:39:43.945Z", + "event.kind": "event", + "event.module": "aws", + "fileset.name": "elb", + "input.type": "log", + "log.offset": 131, + "service.type": "aws", + "source.bytes": 82, + "source.ip": "192.168.131.39", + "source.port": "2817" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/fields.go b/filebeat/module/aws/fields.go new file mode 100644 index 00000000000..d9b3afac698 --- /dev/null +++ b/filebeat/module/aws/fields.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package aws + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "aws", asset.ModuleFieldsPri, AssetAws); err != nil { + panic(err) + } +} + +// AssetAws returns asset data. +// This is the base64 encoded gzipped contents of module/aws. +func AssetAws() string { + return "eJzcXN9z47Zzf7+/YicvX9+MpE4umU7HnXRG5/M1apyLa+mS9omBwJWEGgIYALRO99d3FgApUgQl25IuneohkUVy8dnF/sbyhvCI22tgG/sGwAkn8RrGf0zfABiUyCxewxwdewOQo+VGFE5odQ3/9gYA4FedlxJhoQ2smMqlUEuQemlhYfSayIzeACwEytxe+weGoNgaq+Xo47YFXsPS6LKIvyTWoc9HT6am7NcZxavNJZrLcKnL3BkmZH0ptSJ99rmtPjkuWCld5pe4hgWTFluXk2CbgLXxeG8Iy4ywtKCn4DdZwCdULntCY4VWrTsqTh5xu9Em37t2ABh9ZitsIor0QS/ArZAAhoUJ/Zq5URJaadFkIkflhNsmoe0LuQtsmERGlCeRMKDENUHhWjkmlIUcHRPSApvr0nm8tBroRYfWZPwrVADBrZiDNcvRP2LwrxKtGwBTOWxWgq+AG/T3MmlhgwY75EqL+QgmC3C4LrRhZtt5xt8z8CtUuO1Kbyys9IZ+7dDsENBz4hLz0d6tKSVp7gbJoHPxsI50tyNxQ9iRKGHPWM+WN6zb7Gvqy5F0FaOCMl6zr1rBA1pdGo7wia0RrsYPn95WAAsjFBcFk3t7zpmU+2JtoOYcrc0ecZuJFL5z4Q/rECGYfAgIN8x6xQGnwYqlampoP2CLlow2I8PAL64XcsoKnwt4smhi8UC9ODfCrRpmYJGXJqUS0FZxMrfaMDzrhdFPIkcLQgVfQ25oZ9mRxyTdWnTcIHOYe1frVtpic8nEo32m1BTuesEyVroVUeFEPXn3ca14rqAhascTkyWCsOAM/T+KX2vnnSJo452a/74hVnuJJT1TFNFuQ5m02suwxWvYXpYWO31+/TiGHJ8Ex38F7VZoNsLiIETHrsI25er3irQ2Z64PfJDpgRteIlAi4528E2uEzQqDdXV1tysxYW3ZdcQ7XoR60o+YZ/OU3p/LXdBSlWOjPMKiIbn3hTNb8hWwlNZD5Tlvb97BuHQappz5lC1mKLeSWSc4vEemrGPy8bjr8RIy/988T5JWDODPD9jwTE/TE7jhAs4lRsyoTYdNIKhSLzlm4UFrNyB39NmiGZAWPWh5xPzr0JyOsZdgWiiHRjFJ0TZy3swIm7F3iem9h7YuHWYxnf1cgrPxw6eKo7izV4xzXaqwLT5K+H0xWuLbXlIpMRxRjiMSCCC+3RbHBQMneqPs+Xe5rseM0SbjOt+32ecXY+map+nb/SJ18I8e0KArjbLej9H1Q/jWaC1bnhPi5DCYUPI0iNSm1g810soKZtgaHZr9qHWqSHeEByRMpraDqA3kty1FghBN+rLtHVJbaGUxiwHk3EAr+nWAojSNcXrGVoH+EYGvmFqihauQ8A66BWpB2Y43+RwlUuITiLxN88XyXNB1JjNf7ues1fs4lbVxTZ6yMNZI60NzobZMpR1tlotK0yFUaR25siiqwyrV8Tyn7lBIyz3gUP4uBNqW4oQAGw14jkItu7U+kxJzWKJCw5x/XthAuseYffMnkSCcZMlt/FVl39iSCmDe2CuDXJu8R40KcXKH6ijO8f2kblMxazUXu0rFX9/YcSFumJQdSp6DGfF5QNZrptjSW1+whXPaAbzXWiJTPWq0WSHVUA1pCwv7hggNhOGuPhNgeaaVTHfkTt6KHVZhQRekJ7QjBNgvPaSldxd6/anPV9J+9DVdwzFIYb3/qGnHRgvmINROtC9tq12ul1U3sMYPn7r12rNyqXPAGMfcaZcdVxKkTCpR3J214XhENN451ZZiqp0M9Zo/qLi+Zhs7jH536JFdU7AZ0qP+7x4N5KIQZOy9Aj7FYB6wMEgJRvBdbCdjb/sGOYon71+FPWTMka/gkbLY+L6cj63zT1puAEJxWeZCLWFDqJ0RyyWaEBbSTjY0WoIOlbKPqRUzmEeezir2f/88+dCIXvNt84zDaSiV+KtEua1Uqnk9zVA8cPLCYeuQpYecKnpxG/JIpyEXiwUa+iOcn7U/UQV6qoqngmeo8kKLc4tkb4d/v7+BaiGypnDyEXOY2NDwbRbPdjcG0fNOA1O+69csWurWU9Vmmv6Q5pVrZbXETOqlSOcLrwkA8bTNFsjFQnACeRMWuqN14m6+1Pkfz48Po+4iT/vgXaJ8683oA6XLVAQc5+EQH01e1nouJPbkaW1O5iFbObEwTyQNLW4o8fdaFpDBIWQVE15nMqe/QV/h88NdZwcOC3jBstIeOSi4mGjXpXQCFow7Kh13zXzyVJuefjDEM03IS0NePslq6yx9w1yrJ/h3nqX/QVhedJZ+qCuSOEE7YrhtEBXxUUdwyN/9/RK7vXkXJjOEagB/ruBEkbE8N2hfn3skq+rQmkUHkfouA/XxCE1CmnL+fGku2euEdff+RXrVyTJPFkzz0EdqlsOcSaY49nTSTuoQJAE0z/tbALyQnt7BHf34Pv7Yk9U4ZpboMr89o24hdSLERvc7LBT0YDeJdLStRyUjdkucE3F57YmUO+k+UvqjkPfXxoXRTnO9n4+eCKqimt7Tq5VzBWgDjhc9rcK6WWs0VdVCLTMn1jiyyJNIF1KzFzpUr3faMRmOaoUCi1wryuqE4rgnvdAMDH1BYXcyLpUTEkQrNWdgcElbQsXLnPFHVD2trHjx/xCbDTboSgQITkjZ+sE6ZpyN/VEq2o60sv9mDuuWd3Pv6lqrxWV7L714pOgtmXeiC3yt0zFL6k6D9mVcRUNq7pSCtZBSRGYHkdsAXxeosMUQl9runxrXnlPajPyYXbFHvCwf1UTI7G4K9ZIkaK7XhT9D2OMLdEJLV8zCHFEBWsfmUthVH2uV+Yn9WulEDze5388iKiXaaXrotxzzwBXCQpvXd4HTXlgbV/WwTkVHLntUn4ZYx1xpTzuXTEIOhIEId83zqnm1a6DhAYqHZL9Om9CL/bMX+p/pfpGVGRfF6tyBejq9g0A3VEFCkRH8k/+53oSe1IYwXSZS0/J1tH4xLr7SFlXG0biLZlxhHaB1xMIPjUHseIYz9oYSvBa+RSPYmYUbaIIq13M0F+ZFKK7XPrxKmzGJ53YmVDwt0cQzJb3wHtyv04io820qha/sOHDlD8cjx/3hiL7lWarJdSIfBNsTD/l7DwLDOJ7SGU0u7Sdnlasjxp//NRyvv6rhjFYbTvI/YYUs76u61lRCY56ZUlI6JXRiDu3ktD1Q3W2yz51KWc//eQjtEUCxoISX7omXe05tQ5KEX5CX3fnWE4HHHnlFPMxdtkLdbpbkaqHNhpl8AAvxBfNhFRkGraHU0Wj0dgQTB5yp6l0AsPiEhskgnh47NJgLg9xlpTmzN/n8cBc9tJd4XMcfUPOq8VaL4MC4zsggs+d+uyPMEAXK1ShRvR0R34IJ2URWR7cfwtnpxTst0x/88QGaair+JW2Xeckf0WWpU8pT/QJTWgnOZBi03h2N+rX2Zu4CjJ5kzV+7XG8o0A++YH9aNlob7faSCdU/27TWDrOedLzz83NsvyiYCdHy2e096LYavtmm1uv5wSkGQ6+epWqPxFdnZBcbPOqAHoN1vi/fOtGsT9fSB5rIdud5aaj1bMZ5xbubBfHNrxxWYYQecuSSUerPLEx/G9+P6jsH8HA7nY1+ns3uszW6lc5H1eyBH3oawB+376eT2e2hW7SB9+PZzc+jD7d3t7Pb0W/v/+P2ZpZm/RHPHJ+/e8Ttd83RtV0UpuCAiqqa3IP8bvhd5YZ3oso1huk3R0U38y8F1VOLhzWtNOK8vDwEwsPPD5MWRyT72rF0Tjma0Kiuy0I5d8ZehSrXaAQPOJoF525c5cBE4BnmddO1UG2Gtz7Q3ugcm/usdIzAmvPSmN5uyNahzWzfvNmrJRbLm7rL5tfxJfoA8Es11uFFumsNP6GhfLfJxlc0useNzP+HkiorvqYle0pjiojWIdevQ5WX18Devoh/0rfKLiLJVgdsP9QKBQsplivXmBbxac0/LBRobEFp4VOPhrrSqIwZXar8m8FnrqHAtqBg3UjOt7o0xwaiF2jMuSN0q8jxuvkQ14l12PFK1b+TzJanzG8+E9pni2Y4ppUOFolxquHspWs1Cjv5UDUU68jz3GATSUzyYyFnpc+c2RADX4Zs/XUo8uE7//5ZrY34xaHKdwkXTD70tODEUjFXmr6ZllNbRRX5Sk4DmIrl7x4tfflx0H2zpJkxtpzEq/PK0J/MbCk6L0Oe2mdETsxNNVUQFu7YFg1cTad3b6um6G48H5faifoVW1L/aYo1utDTa2gNpJw20Z6OG/G8un6vtT0BE97KH5du9bO31fCCRfueYMV2AP9ZotlOQ+pN9/1Ff1e5+FVhcEi6gTmleG9fv7XeqsKiZ678q/m+Si1jq5K+HpnNc9Jexppmhinrjz+Cok2rl8quZnfTt7U3a2ha7FzuH/U1JiYXUm+e36HoTNY8t0fx+/0N0FIv6k1cRIiE5CMhudNLWy3h/0GKrS5pt+NLWH5mKA5JhxezKvkKC+/qB8Ks5BYY8NI6ve57okdXzjA4nc6s/YhtPTBdnU9WW9DXbHdoFpfoEe/6BArdRpvH3VoeW5ig9VMohi0WgscTbW3yw53XizRcq6Hk1BsyEd8Axjc3t/cz/8LubX+xLPXyUDH3aqRSL5fkSWMpF4Vbbe8AfvtlAJ9++zCejX2o/WVyT9/7tt06pi6669USXrT/6Er2FVoxqHKzmrawvrXovd5Wlz2TQY8us4azPE8HjNf06gpG4X8o8QklXGkjlkIx+bbqbXYP1SM7/Qhz674JwpyKQRVCdwNm5S4O4nwq+AU1xs/Ikx3W/2LRWb2HLecKz+92d/jDApdkwfEiW0i2PLNnmQu3ZvYxFmt14NBS6g15nNnNPfhlr+HdT9P//jT4/l/of8PxzS+D73/6OPk0+PGnh+ksDflyI5ZBatcwuX/6cUD//Wdfw91+HI/e/G8AAAD///fyPwM=" +} diff --git a/filebeat/module/aws/module.yml b/filebeat/module/aws/module.yml new file mode 100644 index 00000000000..dc4a096b4a1 --- /dev/null +++ b/filebeat/module/aws/module.yml @@ -0,0 +1,2 @@ +- id: Filebeat-aws-cloudtrail-Dashboard + file: Filebeat-aws-cloudtrail.json diff --git a/filebeat/module/aws/s3access/_meta/fields.epr.yml b/filebeat/module/aws/s3access/_meta/fields.epr.yml new file mode 100644 index 00000000000..5f5693a8279 --- /dev/null +++ b/filebeat/module/aws/s3access/_meta/fields.epr.yml @@ -0,0 +1,90 @@ +- name: related.user + type: keyword + description: All the user names seen on your event. +- name: related.ip + type: ip + description: All of the IPs seen on your event. +- name: client.ip + type: ip + description: IP address of the client. +- name: client.address + type: keyword + description: Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the .address field. +- name: client.user.id + type: keyword + description: Unique identifiers of the user. +- name: event.id + type: keyword + description: Unique ID to describe the event. +- name: event.action + type: keyword + description: The action captured by the event. +- name: http.response.status_code + type: long + description: HTTP response status code. +- name: event.outcome + type: keyword + description: This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. +- name: event.code + type: keyword + description: Identification code for this event, if one exists. +- name: event.duration + type: long + description: Duration of the event in nanoseconds. +- name: http.request.referrer + type: keyword + description: Referrer for this HTTP request. +- name: tls.cipher + type: keyword + description: String indicating the cipher used during the current connection. +- name: tls.version + type: keyword + description: Numeric part of the version parsed from the original string. +- name: tls.version_protocol + type: keyword + description: Normalized lowercase protocol name parsed from original string. +- name: cloud.provider + type: keyword + description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. +- name: event.kind + type: keyword + description: Event kind (e.g. event, alert, metric, state, pipeline_error, signal) +- name: geo.city_name + type: keyword + description: City name. +- name: geo.continent_name + type: keyword + description: Name of the continent. +- name: geo.country_iso_code + type: keyword + description: Country ISO code. +- name: geo.location + type: geo_point + description: Longitude and latitude. +- name: geo.region_iso_code + type: keyword + description: Region ISO code. +- name: geo.region_name + type: keyword + description: Region name. +- name: user_agent.device.name + type: keyword + description: Name of the device. +- name: user_agent.name + type: keyword + description: Name of the user agent. +- name: user_agent.original + type: keyword + description: Unparsed user_agent string. +- name: user_agent.os.full + type: keyword + description: Operating system name, including the version or code name. +- name: user_agent.os.name + type: keyword + description: Operating system name, without the version. +- name: user_agent.os.version + type: keyword + description: Operating system version as a raw string. +- name: user_agent.version + type: keyword + description: Version of the user agent. diff --git a/filebeat/module/aws/s3access/_meta/fields.yml b/filebeat/module/aws/s3access/_meta/fields.yml new file mode 100644 index 00000000000..7451a258831 --- /dev/null +++ b/filebeat/module/aws/s3access/_meta/fields.yml @@ -0,0 +1,98 @@ +- name: s3access + type: group + release: ga + description: > + Fields for AWS S3 server access logs. + fields: + - name: bucket_owner + type: keyword + description: > + The canonical user ID of the owner of the source bucket. + - name: bucket + type: keyword + description: > + The name of the bucket that the request was processed against. + - name: remote_ip + type: ip + description: > + The apparent internet address of the requester. + - name: requester + type: keyword + description: > + The canonical user ID of the requester, or a - for unauthenticated requests. + - name: request_id + type: keyword + description: > + A string generated by Amazon S3 to uniquely identify each request. + - name: operation + type: keyword + description: > + The operation listed here is declared as SOAP.operation, REST.HTTP_method.resource_type, WEBSITE.HTTP_method.resource_type, or BATCH.DELETE.OBJECT. + - name: key + type: keyword + description: > + The "key" part of the request, URL encoded, or "-" if the operation does not take a key parameter. + - name: request_uri + type: keyword + description: > + The Request-URI part of the HTTP request message. + - name: http_status + type: long + description: > + The numeric HTTP status code of the response. + - name: error_code + type: keyword + description: > + The Amazon S3 Error Code, or "-" if no error occurred. + - name: bytes_sent + type: long + description: > + The number of response bytes sent, excluding HTTP protocol overhead, or "-" if zero. + - name: object_size + type: long + description: > + The total size of the object in question. + - name: total_time + type: long + description: > + The number of milliseconds the request was in flight from the server's perspective. + - name: turn_around_time + type: long + description: > + The number of milliseconds that Amazon S3 spent processing your request. + - name: referrer + type: keyword + description: > + The value of the HTTP Referrer header, if present. + - name: user_agent + type: keyword + description: > + The value of the HTTP User-Agent header. + - name: version_id + type: keyword + description: > + The version ID in the request, or "-" if the operation does not take a versionId parameter. + - name: host_id + type: keyword + description: > + The x-amz-id-2 or Amazon S3 extended request ID. + - name: signature_version + type: keyword + description: > + The signature version, SigV2 or SigV4, that was used to authenticate the request or a - for unauthenticated requests. + - name: cipher_suite + type: keyword + description: > + The Secure Sockets Layer (SSL) cipher that was negotiated for HTTPS request or a - for HTTP. + - name: authentication_type + type: keyword + description: > + The type of request authentication used, AuthHeader for authentication headers, QueryString for query string (pre-signed URL) or a - for unauthenticated requests. + - name: host_header + type: keyword + description: > + The endpoint used to connect to Amazon S3. + - name: tls_version + type: keyword + description: > + The Transport Layer Security (TLS) version negotiated by the client. diff --git a/filebeat/module/aws/s3access/config/file.yml b/filebeat/module/aws/s3access/config/file.yml new file mode 100644 index 00000000000..8e366e70c17 --- /dev/null +++ b/filebeat/module/aws/s3access/config/file.yml @@ -0,0 +1,6 @@ +type: log +paths: + {{ range $i, $path := .paths }} +- {{$path}} + {{ end }} +exclude_files: [".gz$"] diff --git a/filebeat/module/aws/s3access/config/s3.yml b/filebeat/module/aws/s3access/config/s3.yml new file mode 100644 index 00000000000..44d98fd8c1a --- /dev/null +++ b/filebeat/module/aws/s3access/config/s3.yml @@ -0,0 +1,38 @@ +type: s3 +queue_url: {{ .queue_url }} + +{{ if .credential_profile_name }} +credential_profile_name: {{ .credential_profile_name }} +{{ end }} + +{{ if .shared_credential_file }} +shared_credential_file: {{ .shared_credential_file }} +{{ end }} + +{{ if .visibility_timeout }} +visibility_timeout: {{ .visibility_timeout }} +{{ end }} + +{{ if .api_timeout }} +api_timeout: {{ .api_timeout }} +{{ end }} + +{{ if .endpoint }} +endpoint: {{ .endpoint }} +{{ end }} + +{{ if .access_key_id }} +access_key_id: {{ .access_key_id }} +{{ end }} + +{{ if .secret_access_key }} +secret_access_key: {{ .secret_access_key }} +{{ end }} + +{{ if .session_token }} +session_token: {{ .session_token }} +{{ end }} + +{{ if .role_arn }} +role_arn: {{ .role_arn }} +{{ end }} diff --git a/filebeat/module/aws/s3access/ingest/pipeline.yml b/filebeat/module/aws/s3access/ingest/pipeline.yml new file mode 100644 index 00000000000..5cae87aa0f5 --- /dev/null +++ b/filebeat/module/aws/s3access/ingest/pipeline.yml @@ -0,0 +1,149 @@ +description: "Pipeline for s3 server access logs" + +processors: + - grok: + field: message + patterns: + - >- + %{BASE16NUM:aws.s3access.bucket_owner} %{HOSTNAME:aws.s3access.bucket} \[%{HTTPDATE:_temp_.s3access_time}\] + %{IP:aws.s3access.remote_ip} (?:-|%{S3REQUESTER:aws.s3access.requester}) %{S3REQUESTID:aws.s3access.request_id} + %{S3OPERATION:aws.s3access.operation} (?:-|%{S3KEY:aws.s3access.key}) (?:-|\"%{DATA:aws.s3access.request_uri}\") + %{NUMBER:aws.s3access.http_status:long} (?:-|%{WORD:aws.s3access.error_code}) (?:-|%{NUMBER:aws.s3access.bytes_sent:long}) + (?:-|%{NUMBER:aws.s3access.object_size:long}) (?:-|%{NUMBER:aws.s3access.total_time:long}) (?:-|%{NUMBER:aws.s3access.turn_around_time:long}) + (?:-|\"-\"|\"%{DATA:aws.s3access.referrer}\") (?:-|\"(-|%{DATA:aws.s3access.user_agent})\") (?:-|%{S3KEY:aws.s3access.version_id}) + (?:-|%{S3ID:aws.s3access.host_id}) (?:-|%{S3VERSION:aws.s3access.signature_version}) (?:-|%{S3KEY:aws.s3access.cipher_suite}) + (?:-|%{WORD:aws.s3access.authentication_type}) (?:-|%{S3ID:aws.s3access.host_header}) (?:-|%{S3VERSION:aws.s3access.tls_version}) + pattern_definitions: + S3REQUESTER: "[a-zA-Z0-9\\/_\\.\\-%:@]+" + S3REQUESTID: "[a-zA-Z0-9]+" + S3OPERATION: "%{WORD}.%{WORD}.%{WORD}" + S3KEY: "[a-zA-Z0-9\\/_\\.\\-%+]+" + S3ID: "[a-zA-Z0-9\\/_\\.\\-%+=]+" + S3VERSION: "[a-zA-Z0-9.]+" + + - append: + if: "ctx?.aws?.s3access?.bucket_owner != null" + field: related.user + value: "{{aws.s3access.bucket_owner}}" + + # + # Parse the date included in s3 access logs + # + - date: + field: "_temp_.s3access_time" + target_field: "@timestamp" + ignore_failure: true + formats: + - "dd/MMM/yyyy:H:m:s Z" + + - set: + if: "ctx?.aws?.s3access?.remote_ip != null" + field: client.ip + value: "{{aws.s3access.remote_ip}}" + + - append: + if: "ctx?.aws?.s3access?.remote_ip != null" + field: related.ip + value: "{{aws.s3access.remote_ip}}" + + - set: + if: "ctx?.aws?.s3access?.remote_ip != null" + field: client.address + value: "{{aws.s3access.remote_ip}}" + + - geoip: + if: "ctx?.aws?.s3access?.remote_ip != null" + field: aws.s3access.remote_ip + target_field: geo + + - set: + if: "ctx?.aws?.s3access?.requester != null" + field: client.user.id + value: "{{aws.s3access.requester}}" + + - set: + if: "ctx?.aws?.s3access?.request_id != null" + field: event.id + value: "{{aws.s3access.request_id}}" + + - set: + if: "ctx?.aws?.s3access?.operation != null" + field: event.action + value: "{{aws.s3access.operation}}" + + - set: + if: "ctx?.aws?.s3access?.http_status != null" + field: http.response.status_code + value: "{{aws.s3access.http_status}}" + + - convert: + if: "ctx?.http?.response?.status_code != null" + field: http.response.status_code + type: long + + - set: + if: "ctx?.aws?.s3access?.error_code != null" + field: event.outcome + value: failure + + - set: + if: "ctx?.aws?.s3access?.error_code != null" + field: event.code + value: "{{aws.s3access.error_code}}" + + - set: + if: "ctx?.aws?.s3access?.error_code == null" + field: event.outcome + value: success + + - set: + if: "ctx?.aws?.s3access?.total_time != null" + field: event.duration + value: "{{aws.s3access.total_time}}" + + - set: + if: "ctx?.aws?.s3access?.referrer != null" + field: http.request.referrer + value: "{{aws.s3access.referrer}}" + + - user_agent: + if: "ctx?.aws?.s3access?.user_agent != null" + field: aws.s3access.user_agent + + - set: + field: tls.cipher + value: '{{aws.s3access.cipher_suite}}' + if: ctx.aws?.s3access?.cipher_suite != null + + - script: + lang: painless + if: ctx.aws?.s3access?.tls_version != null + source: >- + def parts = ctx.aws.s3access.tls_version.toLowerCase().splitOnToken("v"); + if (parts.length != 2) { + return; + } + ctx.tls.version = parts[1]; + ctx.tls.version_protocol = parts[0] + + - set: + field: cloud.provider + value: aws + + - set: + field: event.kind + value: event + + # + # Remove temporary fields + # + - remove: + field: + - message + - _temp_ + ignore_missing: true + +on_failure: + - set: + field: "error.message" + value: "{{ _ingest.on_failure_message }}" diff --git a/filebeat/module/aws/s3access/manifest.yml b/filebeat/module/aws/s3access/manifest.yml new file mode 100644 index 00000000000..16d188c1c0d --- /dev/null +++ b/filebeat/module/aws/s3access/manifest.yml @@ -0,0 +1,18 @@ +module_version: 1.0 + +var: + - name: input + default: s3 + - name: queue_url + - name: shared_credential_file + - name: credential_profile_name + - name: visibility_timeout + - name: api_timeout + - name: endpoint + - name: access_key_id + - name: secret_access_key + - name: session_token + - name: role_arn + +ingest_pipeline: ingest/pipeline.yml +input: config/{{.input}}.yml diff --git a/filebeat/module/aws/s3access/test/s3_server_access.log b/filebeat/module/aws/s3access/test/s3_server_access.log new file mode 100644 index 00000000000..f96091a7679 --- /dev/null +++ b/filebeat/module/aws/s3access/test/s3_server_access.log @@ -0,0 +1,6 @@ +36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 test-s3-ks [01/Aug/2019:00:24:41 +0000] 72.21.217.31 arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9 44EE8651683CB4DA REST.GET.LOCATION - "GET /test-s3-ks/?location&aws-account=627959692251 HTTP/1.1" 200 - 142 - 17 - "-" "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation" - BsCfJedfuSnds2QFoxi+E/O7M6OEWzJnw4dUaes/2hyA363sONRJKzB7EOY+Bt9DTHYUn+HoHxI= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.ap-southeast-1.amazonaws.com TLSv1.2 +36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 test-s3-ks [01/Aug/2019:00:24:42 +0000] 72.21.217.31 arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9 E26222010BCC32B6 REST.GET.LOCATION - "GET /test-s3-ks/?location&aws-account=627959692251 HTTP/1.1" 200 - 142 - 3 - "-" "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation" - gNl/Q1IzY6nGTBygqI3rnMz/ZFOFwOTDpSMrNca+IcEmMAd6sCIs1ZRLYDekD8LB9lrj9UdQLWE= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.ap-southeast-1.amazonaws.com TLSv1.2 +36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 test-s3-ks [01/Aug/2019:00:24:43 +0000] 72.21.217.31 arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9 4DD6D17D1C5C401C REST.GET.BUCKET - "GET /test-s3-ks/?max-keys=0&encoding-type=url&aws-account=627959692251 HTTP/1.1" 200 - 265 - 2 1 "-" "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation" - KzvchfojYQnuFC4PABYVJVxIlv/f6r17LRaTSvw7x+bxj4PkkPKT1kX9x8wbqtq40iD4PC881iE= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.ap-southeast-1.amazonaws.com TLSv1.2 +36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 test-s3-ks [01/Aug/2019:00:24:43 +0000] 72.21.217.31 arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9 706992E2F3CC3C3D REST.GET.LOCATION - "GET /test-s3-ks/?location&aws-account=627959692251 HTTP/1.1" 200 - 142 - 4 - "-" "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation" - cIN12KTrJwx+uTBZD+opZUPE4iGypi8oG/oXGPzFk9CMuHQGuEpmAeNELdtYKDxf2TDor25Nikg= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.ap-southeast-1.amazonaws.com TLSv1.2 +36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 jsoriano-s3-test [10/Sep/2019:15:11:07 +0000] 77.227.156.41 arn:aws:iam::123456:user/test@elastic.co 8CD7A4A71E2E5C9E BATCH.DELETE.OBJECT jolokia-war-1.5.0.war - 204 - - 344017 - - - - - IeDW5I3wefFxU8iHOcAzi5qr+O+1bdRlcQ0AO2WGjFh7JwYM6qCoKq+1TrUshrXMlBxPFtg97Vk= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.eu-central-1.amazonaws.com TLSv1.2 +36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 test-s3-ks [19/Sep/2019:17:06:39 +0000] 174.29.206.152 arn:aws:iam::123456:user/test@elastic.co 6CE38F1312D32BDD BATCH.DELETE.OBJECT Screen+Shot+2019-09-09+at+9.08.44+AM.png - 204 - - 57138 - - - - - LwRa4w6DbuU48GKQiH3jDbjfTyLCbwasFBsdttugRQ+9lH4jK8lT91+HhGZKMYI3sPyKuQ9LvU0= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3-ap-southeast-1.amazonaws.com TLSv1.2 diff --git a/filebeat/module/aws/s3access/test/s3_server_access.log-expected.json b/filebeat/module/aws/s3access/test/s3_server_access.log-expected.json new file mode 100644 index 00000000000..b312118a644 --- /dev/null +++ b/filebeat/module/aws/s3access/test/s3_server_access.log-expected.json @@ -0,0 +1,337 @@ +[ + { + "@timestamp": "2019-08-01T00:24:41.000Z", + "aws.s3access.authentication_type": "AuthHeader", + "aws.s3access.bucket": "test-s3-ks", + "aws.s3access.bucket_owner": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2", + "aws.s3access.bytes_sent": 142, + "aws.s3access.cipher_suite": "ECDHE-RSA-AES128-SHA", + "aws.s3access.host_header": "s3.ap-southeast-1.amazonaws.com", + "aws.s3access.host_id": "BsCfJedfuSnds2QFoxi+E/O7M6OEWzJnw4dUaes/2hyA363sONRJKzB7EOY+Bt9DTHYUn+HoHxI=", + "aws.s3access.http_status": 200, + "aws.s3access.operation": "REST.GET.LOCATION", + "aws.s3access.remote_ip": "72.21.217.31", + "aws.s3access.request_id": "44EE8651683CB4DA", + "aws.s3access.request_uri": "GET /test-s3-ks/?location&aws-account=627959692251 HTTP/1.1", + "aws.s3access.requester": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9", + "aws.s3access.signature_version": "SigV4", + "aws.s3access.tls_version": "TLSv1.2", + "aws.s3access.total_time": 17, + "aws.s3access.user_agent": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", + "client.address": "72.21.217.31", + "client.ip": "72.21.217.31", + "client.user.id": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9", + "cloud.provider": "aws", + "event.action": "REST.GET.LOCATION", + "event.dataset": "aws.s3access", + "event.duration": "17", + "event.id": "44EE8651683CB4DA", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "fileset.name": "s3access", + "geo.city_name": "Ashburn", + "geo.continent_name": "North America", + "geo.country_iso_code": "US", + "geo.location.lat": 39.0481, + "geo.location.lon": -77.4728, + "geo.region_iso_code": "US-VA", + "geo.region_name": "Virginia", + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 0, + "related.ip": [ + "72.21.217.31" + ], + "related.user": [ + "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2" + ], + "service.type": "aws", + "tls.cipher": "ECDHE-RSA-AES128-SHA", + "tls.version": "1.2", + "tls.version_protocol": "tls", + "user_agent.device.name": "Other", + "user_agent.name": "aws-sdk-java", + "user_agent.original": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", + "user_agent.os.full": "Linux 4.9.137", + "user_agent.os.name": "Linux", + "user_agent.os.version": "4.9.137", + "user_agent.version": "1.11.590" + }, + { + "@timestamp": "2019-08-01T00:24:42.000Z", + "aws.s3access.authentication_type": "AuthHeader", + "aws.s3access.bucket": "test-s3-ks", + "aws.s3access.bucket_owner": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2", + "aws.s3access.bytes_sent": 142, + "aws.s3access.cipher_suite": "ECDHE-RSA-AES128-SHA", + "aws.s3access.host_header": "s3.ap-southeast-1.amazonaws.com", + "aws.s3access.host_id": "gNl/Q1IzY6nGTBygqI3rnMz/ZFOFwOTDpSMrNca+IcEmMAd6sCIs1ZRLYDekD8LB9lrj9UdQLWE=", + "aws.s3access.http_status": 200, + "aws.s3access.operation": "REST.GET.LOCATION", + "aws.s3access.remote_ip": "72.21.217.31", + "aws.s3access.request_id": "E26222010BCC32B6", + "aws.s3access.request_uri": "GET /test-s3-ks/?location&aws-account=627959692251 HTTP/1.1", + "aws.s3access.requester": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9", + "aws.s3access.signature_version": "SigV4", + "aws.s3access.tls_version": "TLSv1.2", + "aws.s3access.total_time": 3, + "aws.s3access.user_agent": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", + "client.address": "72.21.217.31", + "client.ip": "72.21.217.31", + "client.user.id": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9", + "cloud.provider": "aws", + "event.action": "REST.GET.LOCATION", + "event.dataset": "aws.s3access", + "event.duration": "3", + "event.id": "E26222010BCC32B6", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "fileset.name": "s3access", + "geo.city_name": "Ashburn", + "geo.continent_name": "North America", + "geo.country_iso_code": "US", + "geo.location.lat": 39.0481, + "geo.location.lon": -77.4728, + "geo.region_iso_code": "US-VA", + "geo.region_name": "Virginia", + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 715, + "related.ip": [ + "72.21.217.31" + ], + "related.user": [ + "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2" + ], + "service.type": "aws", + "tls.cipher": "ECDHE-RSA-AES128-SHA", + "tls.version": "1.2", + "tls.version_protocol": "tls", + "user_agent.device.name": "Other", + "user_agent.name": "aws-sdk-java", + "user_agent.original": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", + "user_agent.os.full": "Linux 4.9.137", + "user_agent.os.name": "Linux", + "user_agent.os.version": "4.9.137", + "user_agent.version": "1.11.590" + }, + { + "@timestamp": "2019-08-01T00:24:43.000Z", + "aws.s3access.authentication_type": "AuthHeader", + "aws.s3access.bucket": "test-s3-ks", + "aws.s3access.bucket_owner": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2", + "aws.s3access.bytes_sent": 265, + "aws.s3access.cipher_suite": "ECDHE-RSA-AES128-SHA", + "aws.s3access.host_header": "s3.ap-southeast-1.amazonaws.com", + "aws.s3access.host_id": "KzvchfojYQnuFC4PABYVJVxIlv/f6r17LRaTSvw7x+bxj4PkkPKT1kX9x8wbqtq40iD4PC881iE=", + "aws.s3access.http_status": 200, + "aws.s3access.operation": "REST.GET.BUCKET", + "aws.s3access.remote_ip": "72.21.217.31", + "aws.s3access.request_id": "4DD6D17D1C5C401C", + "aws.s3access.request_uri": "GET /test-s3-ks/?max-keys=0&encoding-type=url&aws-account=627959692251 HTTP/1.1", + "aws.s3access.requester": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9", + "aws.s3access.signature_version": "SigV4", + "aws.s3access.tls_version": "TLSv1.2", + "aws.s3access.total_time": 2, + "aws.s3access.turn_around_time": 1, + "aws.s3access.user_agent": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", + "client.address": "72.21.217.31", + "client.ip": "72.21.217.31", + "client.user.id": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9", + "cloud.provider": "aws", + "event.action": "REST.GET.BUCKET", + "event.dataset": "aws.s3access", + "event.duration": "2", + "event.id": "4DD6D17D1C5C401C", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "fileset.name": "s3access", + "geo.city_name": "Ashburn", + "geo.continent_name": "North America", + "geo.country_iso_code": "US", + "geo.location.lat": 39.0481, + "geo.location.lon": -77.4728, + "geo.region_iso_code": "US-VA", + "geo.region_name": "Virginia", + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 1429, + "related.ip": [ + "72.21.217.31" + ], + "related.user": [ + "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2" + ], + "service.type": "aws", + "tls.cipher": "ECDHE-RSA-AES128-SHA", + "tls.version": "1.2", + "tls.version_protocol": "tls", + "user_agent.device.name": "Other", + "user_agent.name": "aws-sdk-java", + "user_agent.original": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", + "user_agent.os.full": "Linux 4.9.137", + "user_agent.os.name": "Linux", + "user_agent.os.version": "4.9.137", + "user_agent.version": "1.11.590" + }, + { + "@timestamp": "2019-08-01T00:24:43.000Z", + "aws.s3access.authentication_type": "AuthHeader", + "aws.s3access.bucket": "test-s3-ks", + "aws.s3access.bucket_owner": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2", + "aws.s3access.bytes_sent": 142, + "aws.s3access.cipher_suite": "ECDHE-RSA-AES128-SHA", + "aws.s3access.host_header": "s3.ap-southeast-1.amazonaws.com", + "aws.s3access.host_id": "cIN12KTrJwx+uTBZD+opZUPE4iGypi8oG/oXGPzFk9CMuHQGuEpmAeNELdtYKDxf2TDor25Nikg=", + "aws.s3access.http_status": 200, + "aws.s3access.operation": "REST.GET.LOCATION", + "aws.s3access.remote_ip": "72.21.217.31", + "aws.s3access.request_id": "706992E2F3CC3C3D", + "aws.s3access.request_uri": "GET /test-s3-ks/?location&aws-account=627959692251 HTTP/1.1", + "aws.s3access.requester": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9", + "aws.s3access.signature_version": "SigV4", + "aws.s3access.tls_version": "TLSv1.2", + "aws.s3access.total_time": 4, + "aws.s3access.user_agent": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", + "client.address": "72.21.217.31", + "client.ip": "72.21.217.31", + "client.user.id": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9", + "cloud.provider": "aws", + "event.action": "REST.GET.LOCATION", + "event.dataset": "aws.s3access", + "event.duration": "4", + "event.id": "706992E2F3CC3C3D", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "fileset.name": "s3access", + "geo.city_name": "Ashburn", + "geo.continent_name": "North America", + "geo.country_iso_code": "US", + "geo.location.lat": 39.0481, + "geo.location.lon": -77.4728, + "geo.region_iso_code": "US-VA", + "geo.region_name": "Virginia", + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 2161, + "related.ip": [ + "72.21.217.31" + ], + "related.user": [ + "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2" + ], + "service.type": "aws", + "tls.cipher": "ECDHE-RSA-AES128-SHA", + "tls.version": "1.2", + "tls.version_protocol": "tls", + "user_agent.device.name": "Other", + "user_agent.name": "aws-sdk-java", + "user_agent.original": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", + "user_agent.os.full": "Linux 4.9.137", + "user_agent.os.name": "Linux", + "user_agent.os.version": "4.9.137", + "user_agent.version": "1.11.590" + }, + { + "@timestamp": "2019-09-10T15:11:07.000Z", + "aws.s3access.authentication_type": "AuthHeader", + "aws.s3access.bucket": "jsoriano-s3-test", + "aws.s3access.bucket_owner": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2", + "aws.s3access.cipher_suite": "ECDHE-RSA-AES128-SHA", + "aws.s3access.host_header": "s3.eu-central-1.amazonaws.com", + "aws.s3access.host_id": "IeDW5I3wefFxU8iHOcAzi5qr+O+1bdRlcQ0AO2WGjFh7JwYM6qCoKq+1TrUshrXMlBxPFtg97Vk=", + "aws.s3access.http_status": 204, + "aws.s3access.key": "jolokia-war-1.5.0.war", + "aws.s3access.object_size": 344017, + "aws.s3access.operation": "BATCH.DELETE.OBJECT", + "aws.s3access.remote_ip": "77.227.156.41", + "aws.s3access.request_id": "8CD7A4A71E2E5C9E", + "aws.s3access.requester": "arn:aws:iam::123456:user/test@elastic.co", + "aws.s3access.signature_version": "SigV4", + "aws.s3access.tls_version": "TLSv1.2", + "client.address": "77.227.156.41", + "client.ip": "77.227.156.41", + "client.user.id": "arn:aws:iam::123456:user/test@elastic.co", + "cloud.provider": "aws", + "event.action": "BATCH.DELETE.OBJECT", + "event.dataset": "aws.s3access", + "event.id": "8CD7A4A71E2E5C9E", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "fileset.name": "s3access", + "geo.city_name": "Teruel", + "geo.continent_name": "Europe", + "geo.country_iso_code": "ES", + "geo.location.lat": 40.3456, + "geo.location.lon": -1.1065, + "geo.region_iso_code": "ES-TE", + "geo.region_name": "Teruel", + "http.response.status_code": 204, + "input.type": "log", + "log.offset": 2875, + "related.ip": [ + "77.227.156.41" + ], + "related.user": [ + "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2" + ], + "service.type": "aws", + "tls.cipher": "ECDHE-RSA-AES128-SHA", + "tls.version": "1.2", + "tls.version_protocol": "tls" + }, + { + "@timestamp": "2019-09-19T17:06:39.000Z", + "aws.s3access.authentication_type": "AuthHeader", + "aws.s3access.bucket": "test-s3-ks", + "aws.s3access.bucket_owner": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2", + "aws.s3access.cipher_suite": "ECDHE-RSA-AES128-SHA", + "aws.s3access.host_header": "s3-ap-southeast-1.amazonaws.com", + "aws.s3access.host_id": "LwRa4w6DbuU48GKQiH3jDbjfTyLCbwasFBsdttugRQ+9lH4jK8lT91+HhGZKMYI3sPyKuQ9LvU0=", + "aws.s3access.http_status": 204, + "aws.s3access.key": "Screen+Shot+2019-09-09+at+9.08.44+AM.png", + "aws.s3access.object_size": 57138, + "aws.s3access.operation": "BATCH.DELETE.OBJECT", + "aws.s3access.remote_ip": "174.29.206.152", + "aws.s3access.request_id": "6CE38F1312D32BDD", + "aws.s3access.requester": "arn:aws:iam::123456:user/test@elastic.co", + "aws.s3access.signature_version": "SigV4", + "aws.s3access.tls_version": "TLSv1.2", + "client.address": "174.29.206.152", + "client.ip": "174.29.206.152", + "client.user.id": "arn:aws:iam::123456:user/test@elastic.co", + "cloud.provider": "aws", + "event.action": "BATCH.DELETE.OBJECT", + "event.dataset": "aws.s3access", + "event.id": "6CE38F1312D32BDD", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "fileset.name": "s3access", + "geo.city_name": "Denver", + "geo.continent_name": "North America", + "geo.country_iso_code": "US", + "geo.location.lat": 39.7044, + "geo.location.lon": -105.0023, + "geo.region_iso_code": "US-CO", + "geo.region_name": "Colorado", + "http.response.status_code": 204, + "input.type": "log", + "log.offset": 3280, + "related.ip": [ + "174.29.206.152" + ], + "related.user": [ + "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2" + ], + "service.type": "aws", + "tls.cipher": "ECDHE-RSA-AES128-SHA", + "tls.version": "1.2", + "tls.version_protocol": "tls" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/s3access/test/test.log b/filebeat/module/aws/s3access/test/test.log new file mode 100644 index 00000000000..abb17ce2b45 --- /dev/null +++ b/filebeat/module/aws/s3access/test/test.log @@ -0,0 +1,5 @@ +79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be awsexamplebucket [06/Feb/2019:00:00:38 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be 3E57427F3EXAMPLE REST.GET.VERSIONING - "GET /awsexamplebucket?versioning HTTP/1.1" 200 - 113 - 7 - "-" "S3Console/0.4" - s9lzHYrFp76ZVxRcpX9+5cjAnEH2ROuNkd2BHfIa6UkFVdtjf5mKR3/eTPFvsiP/XV/VLi31234= SigV2 ECDHE-RSA-AES128-GCM-SHA256 AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1 +79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be awsexamplebucket [06/Feb/2019:00:00:38 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be 891CE47D2EXAMPLE REST.GET.LOGGING_STATUS - "GET /awsexamplebucket?logging HTTP/1.1" 200 - 242 - 11 - "-" "S3Console/0.4" - 9vKBE6vMhrNiWHZmb2L0mXOcqPGzQOI5XLnCtZNPxev+Hf+7tpT6sxDwDty4LHBUOZJG96N1234= SigV2 ECDHE-RSA-AES128-GCM-SHA256 AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1 +79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be awsexamplebucket [06/Feb/2019:00:00:38 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be A1206F460EXAMPLE REST.GET.BUCKETPOLICY - "GET /awsexamplebucket?policy HTTP/1.1" 404 NoSuchBucketPolicy 297 - 38 - "-" "S3Console/0.4" - BNaBsXZQQDbssi6xMBdBU2sLt+Yf5kZDmeBUP35sFoKa3sLLeMC78iwEIWxs99CRUrbS4n11234= SigV2 ECDHE-RSA-AES128-GCM-SHA256 AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1 +79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be awsexamplebucket [06/Feb/2019:00:01:00 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be 7B4A0FABBEXAMPLE REST.GET.VERSIONING - "GET /awsexamplebucket?versioning HTTP/1.1" 200 - 113 - 33 - "-" "S3Console/0.4" - Ke1bUcazaN1jWuUlPJaxF64cQVpUEhoZKEG/hmy/gijN/I1DeWqDfFvnpybfEseEME/u7ME1234= SigV2 ECDHE-RSA-AES128-GCM-SHA256 AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1 +79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be awsexamplebucket [06/Feb/2019:00:01:57 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be DD6CC733AEXAMPLE REST.PUT.OBJECT s3-dg.pdf "PUT /awsexamplebucket/s3-dg.pdf HTTP/1.1" 200 - - 4406583 41754 28 "-" "S3Console/0.4" - 10S62Zv81kBW7BB6SX4XJ48o6kpcl6LPwEoizZQQxJd5qDSCTLX0TgS37kYUBKQW3+bPdrg1234= SigV4 ECDHE-RSA-AES128-SHA AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1 diff --git a/filebeat/module/aws/s3access/test/test.log-expected.json b/filebeat/module/aws/s3access/test/test.log-expected.json new file mode 100644 index 00000000000..61baec94c6c --- /dev/null +++ b/filebeat/module/aws/s3access/test/test.log-expected.json @@ -0,0 +1,246 @@ +[ + { + "@timestamp": "2019-02-06T00:00:38.000Z", + "aws.s3access.authentication_type": "AuthHeader", + "aws.s3access.bucket": "awsexamplebucket", + "aws.s3access.bucket_owner": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", + "aws.s3access.bytes_sent": 113, + "aws.s3access.cipher_suite": "ECDHE-RSA-AES128-GCM-SHA256", + "aws.s3access.host_header": "awsexamplebucket.s3.amazonaws.com", + "aws.s3access.host_id": "s9lzHYrFp76ZVxRcpX9+5cjAnEH2ROuNkd2BHfIa6UkFVdtjf5mKR3/eTPFvsiP/XV/VLi31234=", + "aws.s3access.http_status": 200, + "aws.s3access.operation": "REST.GET.VERSIONING", + "aws.s3access.remote_ip": "192.0.2.3", + "aws.s3access.request_id": "3E57427F3EXAMPLE", + "aws.s3access.request_uri": "GET /awsexamplebucket?versioning HTTP/1.1", + "aws.s3access.requester": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", + "aws.s3access.signature_version": "SigV2", + "aws.s3access.tls_version": "TLSV1.1", + "aws.s3access.total_time": 7, + "aws.s3access.user_agent": "S3Console/0.4", + "client.address": "192.0.2.3", + "client.ip": "192.0.2.3", + "client.user.id": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", + "cloud.provider": "aws", + "event.action": "REST.GET.VERSIONING", + "event.dataset": "aws.s3access", + "event.duration": "7", + "event.id": "3E57427F3EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "fileset.name": "s3access", + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 0, + "related.ip": [ + "192.0.2.3" + ], + "related.user": [ + "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be" + ], + "service.type": "aws", + "tls.cipher": "ECDHE-RSA-AES128-GCM-SHA256", + "tls.version": "1.1", + "tls.version_protocol": "tls", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "S3Console/0.4" + }, + { + "@timestamp": "2019-02-06T00:00:38.000Z", + "aws.s3access.authentication_type": "AuthHeader", + "aws.s3access.bucket": "awsexamplebucket", + "aws.s3access.bucket_owner": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", + "aws.s3access.bytes_sent": 242, + "aws.s3access.cipher_suite": "ECDHE-RSA-AES128-GCM-SHA256", + "aws.s3access.host_header": "awsexamplebucket.s3.amazonaws.com", + "aws.s3access.host_id": "9vKBE6vMhrNiWHZmb2L0mXOcqPGzQOI5XLnCtZNPxev+Hf+7tpT6sxDwDty4LHBUOZJG96N1234=", + "aws.s3access.http_status": 200, + "aws.s3access.operation": "REST.GET.LOGGING_STATUS", + "aws.s3access.remote_ip": "192.0.2.3", + "aws.s3access.request_id": "891CE47D2EXAMPLE", + "aws.s3access.request_uri": "GET /awsexamplebucket?logging HTTP/1.1", + "aws.s3access.requester": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", + "aws.s3access.signature_version": "SigV2", + "aws.s3access.tls_version": "TLSV1.1", + "aws.s3access.total_time": 11, + "aws.s3access.user_agent": "S3Console/0.4", + "client.address": "192.0.2.3", + "client.ip": "192.0.2.3", + "client.user.id": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", + "cloud.provider": "aws", + "event.action": "REST.GET.LOGGING_STATUS", + "event.dataset": "aws.s3access", + "event.duration": "11", + "event.id": "891CE47D2EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "fileset.name": "s3access", + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 471, + "related.ip": [ + "192.0.2.3" + ], + "related.user": [ + "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be" + ], + "service.type": "aws", + "tls.cipher": "ECDHE-RSA-AES128-GCM-SHA256", + "tls.version": "1.1", + "tls.version_protocol": "tls", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "S3Console/0.4" + }, + { + "@timestamp": "2019-02-06T00:00:38.000Z", + "aws.s3access.authentication_type": "AuthHeader", + "aws.s3access.bucket": "awsexamplebucket", + "aws.s3access.bucket_owner": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", + "aws.s3access.bytes_sent": 297, + "aws.s3access.cipher_suite": "ECDHE-RSA-AES128-GCM-SHA256", + "aws.s3access.error_code": "NoSuchBucketPolicy", + "aws.s3access.host_header": "awsexamplebucket.s3.amazonaws.com", + "aws.s3access.host_id": "BNaBsXZQQDbssi6xMBdBU2sLt+Yf5kZDmeBUP35sFoKa3sLLeMC78iwEIWxs99CRUrbS4n11234=", + "aws.s3access.http_status": 404, + "aws.s3access.operation": "REST.GET.BUCKETPOLICY", + "aws.s3access.remote_ip": "192.0.2.3", + "aws.s3access.request_id": "A1206F460EXAMPLE", + "aws.s3access.request_uri": "GET /awsexamplebucket?policy HTTP/1.1", + "aws.s3access.requester": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", + "aws.s3access.signature_version": "SigV2", + "aws.s3access.tls_version": "TLSV1.1", + "aws.s3access.total_time": 38, + "aws.s3access.user_agent": "S3Console/0.4", + "client.address": "192.0.2.3", + "client.ip": "192.0.2.3", + "client.user.id": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", + "cloud.provider": "aws", + "event.action": "REST.GET.BUCKETPOLICY", + "event.code": "NoSuchBucketPolicy", + "event.dataset": "aws.s3access", + "event.duration": "38", + "event.id": "A1206F460EXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "failure", + "fileset.name": "s3access", + "http.response.status_code": 404, + "input.type": "log", + "log.offset": 944, + "related.ip": [ + "192.0.2.3" + ], + "related.user": [ + "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be" + ], + "service.type": "aws", + "tls.cipher": "ECDHE-RSA-AES128-GCM-SHA256", + "tls.version": "1.1", + "tls.version_protocol": "tls", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "S3Console/0.4" + }, + { + "@timestamp": "2019-02-06T00:01:00.000Z", + "aws.s3access.authentication_type": "AuthHeader", + "aws.s3access.bucket": "awsexamplebucket", + "aws.s3access.bucket_owner": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", + "aws.s3access.bytes_sent": 113, + "aws.s3access.cipher_suite": "ECDHE-RSA-AES128-GCM-SHA256", + "aws.s3access.host_header": "awsexamplebucket.s3.amazonaws.com", + "aws.s3access.host_id": "Ke1bUcazaN1jWuUlPJaxF64cQVpUEhoZKEG/hmy/gijN/I1DeWqDfFvnpybfEseEME/u7ME1234=", + "aws.s3access.http_status": 200, + "aws.s3access.operation": "REST.GET.VERSIONING", + "aws.s3access.remote_ip": "192.0.2.3", + "aws.s3access.request_id": "7B4A0FABBEXAMPLE", + "aws.s3access.request_uri": "GET /awsexamplebucket?versioning HTTP/1.1", + "aws.s3access.requester": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", + "aws.s3access.signature_version": "SigV2", + "aws.s3access.tls_version": "TLSV1.1", + "aws.s3access.total_time": 33, + "aws.s3access.user_agent": "S3Console/0.4", + "client.address": "192.0.2.3", + "client.ip": "192.0.2.3", + "client.user.id": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", + "cloud.provider": "aws", + "event.action": "REST.GET.VERSIONING", + "event.dataset": "aws.s3access", + "event.duration": "33", + "event.id": "7B4A0FABBEXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "fileset.name": "s3access", + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 1431, + "related.ip": [ + "192.0.2.3" + ], + "related.user": [ + "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be" + ], + "service.type": "aws", + "tls.cipher": "ECDHE-RSA-AES128-GCM-SHA256", + "tls.version": "1.1", + "tls.version_protocol": "tls", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "S3Console/0.4" + }, + { + "@timestamp": "2019-02-06T00:01:57.000Z", + "aws.s3access.authentication_type": "AuthHeader", + "aws.s3access.bucket": "awsexamplebucket", + "aws.s3access.bucket_owner": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", + "aws.s3access.cipher_suite": "ECDHE-RSA-AES128-SHA", + "aws.s3access.host_header": "awsexamplebucket.s3.amazonaws.com", + "aws.s3access.host_id": "10S62Zv81kBW7BB6SX4XJ48o6kpcl6LPwEoizZQQxJd5qDSCTLX0TgS37kYUBKQW3+bPdrg1234=", + "aws.s3access.http_status": 200, + "aws.s3access.key": "s3-dg.pdf", + "aws.s3access.object_size": 4406583, + "aws.s3access.operation": "REST.PUT.OBJECT", + "aws.s3access.remote_ip": "192.0.2.3", + "aws.s3access.request_id": "DD6CC733AEXAMPLE", + "aws.s3access.request_uri": "PUT /awsexamplebucket/s3-dg.pdf HTTP/1.1", + "aws.s3access.requester": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", + "aws.s3access.signature_version": "SigV4", + "aws.s3access.tls_version": "TLSV1.1", + "aws.s3access.total_time": 41754, + "aws.s3access.turn_around_time": 28, + "aws.s3access.user_agent": "S3Console/0.4", + "client.address": "192.0.2.3", + "client.ip": "192.0.2.3", + "client.user.id": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", + "cloud.provider": "aws", + "event.action": "REST.PUT.OBJECT", + "event.dataset": "aws.s3access", + "event.duration": "41754", + "event.id": "DD6CC733AEXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.outcome": "success", + "fileset.name": "s3access", + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 1903, + "related.ip": [ + "192.0.2.3" + ], + "related.user": [ + "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be" + ], + "service.type": "aws", + "tls.cipher": "ECDHE-RSA-AES128-SHA", + "tls.version": "1.1", + "tls.version_protocol": "tls", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "S3Console/0.4" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/vpcflow/README.md b/filebeat/module/aws/vpcflow/README.md new file mode 100644 index 00000000000..192af7b84cd --- /dev/null +++ b/filebeat/module/aws/vpcflow/README.md @@ -0,0 +1,42 @@ +Filebeat module for AWS VPC Logs +=== + +Module for the AWS virtual private cloud (VPC) logs which captures information +about the IP traffic going to and from network interfaces in VPC. These logs can +help with: + +* Diagnosing overly restrictive security group rules +* Monitoring the traffic that is reaching your instance +* Determining the direction of the traffic to and from the network interfaces + +Implementation based on the description of the flow logs from the +documentation that can be found in: + +* Default Flow Log Format: https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html +* Custom Format with Traffic Through a NAT Gateway: https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-records-examples.html +* Custom Format with Traffic Through a Transit Gateway: https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-records-examples.html + +Test files are copied from examples of these documentation. + + +How to manual test this module +=== + +* Create a VPC and enable publishing flow logs to Amazon S3. +* Configure this S3 bucket to publish notifications to a SQS queue in the same +region when new objects are created. +* Configure filebeat, using the SQS queue url with s3 notification setup in +previous step. +``` +filebeat.modules: +- module: aws + vpcflow: + enabled: true + var.queue_url: + var.credential_profile_name: + s3access: + enabled: false + elb: + enabled: false +``` +* Check parsed logs diff --git a/filebeat/module/aws/vpcflow/_meta/fields.epr.yml b/filebeat/module/aws/vpcflow/_meta/fields.epr.yml new file mode 100644 index 00000000000..7293e8090ff --- /dev/null +++ b/filebeat/module/aws/vpcflow/_meta/fields.epr.yml @@ -0,0 +1,123 @@ +- name: event.start + type: date + description: event.start contains the date when the event started or when the activity was first observed. +- name: event.end + type: date + description: event.end contains the date when the event ended or when the activity was last observed. +- name: destination.geo.continent_name + type: keyword + description: Name of the continent. +- name: destination.geo.country_iso_code + type: keyword + description: Country ISO code. +- name: destination.geo.location + type: geo_point + description: Longitude and latitude. +- name: destination.ip + type: ip + description: IP address of the destination. +- name: destination.address + type: keyword + description: Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the .address field. +- name: destination.port + type: long + description: Port of the destination. +- name: event.category + type: keyword + description: Event category (e.g. database) +- name: event.outcome + type: keyword + description: This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. +- name: event.type + type: keyword + description: Event severity (e.g. info, error) +- name: source.as.number + type: long + description: Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. +- name: source.as.organization.name + type: keyword + description: Organization name. +- name: destination.as.number + type: long + description: Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. +- name: destination.as.organization.name + type: keyword + description: Organization name. +- name: event.original + type: keyword + description: Raw text message of entire event. Used to demonstrate log integrity. +- name: cloud.account.id + type: keyword + description: The cloud account or organization id used to identify different entities in a multi-tenant environment. +- name: cloud.instance.id + type: keyword + description: Instance ID of the host machine. +- name: cloud.provider + type: keyword + description: Name of the cloud provider. +- name: related.ip + type: ip + description: All of the IPs seen on your event. +- name: event.kind + type: keyword + description: Event kind (e.g. event, alert, metric, state, pipeline_error, signal) +- name: cloud.account.id + type: keyword + description: The cloud account or organization id used to identify different entities in a multi-tenant environment. +- name: network.bytes + type: long + description: Total bytes transferred in both directions. +- name: network.community_id + type: keyword + description: A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. +- name: network.iana_number + type: keyword + description: IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. +- name: network.packets + type: long + description: Total packets transferred in both directions. +- name: network.transport + type: keyword + description: Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) +- name: network.type + type: keyword + description: In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc +- name: source.address + type: keyword + description: Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the .address field. +- name: source.as.number + type: long + description: Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. +- name: source.as.organization.name + type: keyword + description: Organization name. +- name: source.bytes + type: long + description: Bytes sent from the source to the destination. +- name: source.geo.city_name + type: keyword + description: City name. +- name: source.geo.continent_name + type: keyword + description: Name of the continent. +- name: source.geo.country_iso_code + type: keyword + description: Country ISO code. +- name: source.geo.location + type: geo_point + description: Longitude and latitude. +- name: source.geo.region_iso_code + type: keyword + description: Region ISO code. +- name: source.geo.region_name + type: keyword + description: Region name. +- name: source.ip + type: ip + description: IP address of the source (IPv4 or IPv6). +- name: source.packets + type: long + description: Packets sent from the source to the destination. +- name: source.port + type: long + description: Port of the source. diff --git a/filebeat/module/aws/vpcflow/_meta/fields.yml b/filebeat/module/aws/vpcflow/_meta/fields.yml new file mode 100644 index 00000000000..1fbd4b37562 --- /dev/null +++ b/filebeat/module/aws/vpcflow/_meta/fields.yml @@ -0,0 +1,54 @@ +- name: vpcflow + type: group + release: beta + description: > + Fields for AWS VPC flow logs. + fields: + - name: version + type: keyword + description: > + The VPC Flow Logs version. If you use the default format, the version is 2. If you specify a custom format, the version is 3. + - name: account_id + type: keyword + description: > + The AWS account ID for the flow log. + - name: interface_id + type: keyword + description: > + The ID of the network interface for which the traffic is recorded. + - name: action + type: keyword + description: > + The action that is associated with the traffic, ACCEPT or REJECT. + - name: log_status + type: keyword + description: > + The logging status of the flow log, OK, NODATA or SKIPDATA. + - name: instance_id + type: keyword + description: > + The ID of the instance that's associated with network interface for which the traffic is recorded, if the instance is owned by you. + - name: pkt_srcaddr + type: ip + description: > + The packet-level (original) source IP address of the traffic. + - name: pkt_dstaddr + type: ip + description: > + The packet-level (original) destination IP address for the traffic. + - name: vpc_id + type: keyword + description: > + The ID of the VPC that contains the network interface for which the traffic is recorded. + - name: subnet_id + type: keyword + description: > + The ID of the subnet that contains the network interface for which the traffic is recorded. + - name: tcp_flags + type: keyword + description: > + The bitmask value for the following TCP flags: 2=SYN,18=SYN-ACK,1=FIN,4=RST + - name: type + type: keyword + description: > + The type of traffic: IPv4, IPv6, or EFA. diff --git a/filebeat/module/aws/vpcflow/config/input.yml b/filebeat/module/aws/vpcflow/config/input.yml new file mode 100644 index 00000000000..f79430783f5 --- /dev/null +++ b/filebeat/module/aws/vpcflow/config/input.yml @@ -0,0 +1,169 @@ +{{ if eq .input "s3" }} + +type: s3 +queue_url: {{ .queue_url }} + +{{ if .credential_profile_name }} +credential_profile_name: {{ .credential_profile_name }} +{{ end }} + +{{ if .shared_credential_file }} +shared_credential_file: {{ .shared_credential_file }} +{{ end }} + +{{ if .visibility_timeout }} +visibility_timeout: {{ .visibility_timeout }} +{{ end }} + +{{ if .api_timeout }} +api_timeout: {{ .api_timeout }} +{{ end }} + +{{ if .endpoint }} +endpoint: {{ .endpoint }} +{{ end }} + +{{ if .access_key_id }} +access_key_id: {{ .access_key_id }} +{{ end }} + +{{ if .secret_access_key }} +secret_access_key: {{ .secret_access_key }} +{{ end }} + +{{ if .session_token }} +session_token: {{ .session_token }} +{{ end }} + +{{ if .role_arn }} +role_arn: {{ .role_arn }} +{{ end }} + +{{ else if eq .input "file" }} + +type: log +paths: + {{ range $i, $path := .paths }} + - {{$path}} + {{ end }} +exclude_files: [".gz$"] + +{{ end }} + +processors: + - drop_event: + when.regexp.message: "^version" + - drop_event: + when.regexp.message: "^instance-id" + + - script: + lang: javascript + source: > + function process(event) { + var message = event.Get("message"); + var tokens = message.split(" ").length; + event.Put("@metadata.message_token_count", tokens); + } + + # Default vpc flow log format + - dissect: + when: + equals: + '@metadata.message_token_count': 14 + field: message + target_prefix: aws.vpcflow + tokenizer: '%{version} %{account_id} %{interface_id} %{srcaddr} %{dstaddr} %{srcport} %{dstport} %{protocol} %{packets} %{bytes} %{start} %{end} %{action} %{log_status}' + + # Custom flow log for traffic through a NAT gateway + - dissect: + when: + equals: + '@metadata.message_token_count': 6 + field: message + target_prefix: aws.vpcflow + tokenizer: '%{instance_id} %{interface_id} %{srcaddr} %{dstaddr} %{pkt_srcaddr} %{pkt_dstaddr}' + + # Custom flow log for traffic through a transit gateway + - dissect: + when: + equals: + '@metadata.message_token_count': 17 + field: message + target_prefix: aws.vpcflow + tokenizer: '%{version} %{interface_id} %{account_id} %{vpc_id} %{subnet_id} %{instance_id} %{srcaddr} %{dstaddr} %{srcport} %{dstport} %{protocol} %{tcp_flags} %{type} %{pkt_srcaddr} %{pkt_dstaddr} %{action} %{log_status}' + + # TCP Flag Sequence + - dissect: + when: + equals: + '@metadata.message_token_count': 21 + field: message + target_prefix: aws.vpcflow + tokenizer: '%{version} %{vpc_id} %{subnet_id} %{instance_id} %{interface_id} %{account_id} %{type} %{srcaddr} %{dstaddr} %{srcport} %{dstport} %{pkt_srcaddr} %{pkt_dstaddr} %{protocol} %{bytes} %{packets} %{start} %{end} %{action} %{tcp_flags} %{log_status}' + + - convert: + ignore_missing: true + fields: + - {from: aws.vpcflow.srcaddr, to: source.address} + - {from: aws.vpcflow.srcaddr, to: source.ip, type: ip} + - {from: aws.vpcflow.srcport, to: source.port, type: long} + - {from: aws.vpcflow.dstaddr, to: destination.address} + - {from: aws.vpcflow.dstaddr, to: destination.ip, type: ip} + - {from: aws.vpcflow.dstport, to: destination.port, type: long} + - {from: aws.vpcflow.protocol, to: network.iana_number, type: string} + - {from: aws.vpcflow.packets, to: source.packets, type: long} + - {from: aws.vpcflow.bytes, to: source.bytes, type: long} + - {from: aws.vpcflow.packets, to: network.packets, type: long} + - {from: aws.vpcflow.bytes, to: network.bytes, type: long} + + - drop_fields: + fields: ["aws.vpcflow.srcaddr", "aws.vpcflow.srcport", "aws.vpcflow.dstaddr", "aws.vpcflow.dstport", "aws.vpcflow.bytes", "aws.vpcflow.packets", "aws.vpcflow.protocol"] + + - community_id: ~ + + # Use the aws.vpcflow.action value to set the event.outcome value to either "allow" or "deny". + - add_fields: + when.equals.aws.vpcflow.action: ACCEPT + target: event + fields: {outcome: allow} + - add_fields: + when.equals.aws.vpcflow.action: REJECT + target: event + fields: {outcome: deny} + + - add_fields: + target: event + fields: {type: flow} + - add_fields: + target: event + fields: {category: network_traffic} + + # Add network.type: ipv4 or ipv6 + - if: + contains.source.ip: "." + then: + - add_fields: + target: network + fields: {type: ipv4} + + - if: + contains.source.ip: ":" + then: + - add_fields: + target: network + fields: {type: ipv6} + + # Add network.transport: based on IANA protocol number of the traffic + # http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml + - if: + equals.network.iana_number: "6" + then: + - add_fields: + target: network + fields: {transport: tcp} + - if: + equals.network.iana_number: "17" + then: + - add_fields: + target: network + fields: {transport: udp} diff --git a/filebeat/module/aws/vpcflow/ingest/pipeline.yml b/filebeat/module/aws/vpcflow/ingest/pipeline.yml new file mode 100644 index 00000000000..4ff3ed383fa --- /dev/null +++ b/filebeat/module/aws/vpcflow/ingest/pipeline.yml @@ -0,0 +1,103 @@ +description: Pipeline for AWS VPC Flow Logs + +processors: + # Convert Unix epoch to timestamp + - date: + field: "aws.vpcflow.end" + target_field: "@timestamp" + ignore_failure: true + formats: + - UNIX + - date: + field: "aws.vpcflow.start" + target_field: "event.start" + ignore_failure: true + formats: + - UNIX + - date: + field: "aws.vpcflow.end" + target_field: "event.end" + ignore_failure: true + formats: + - UNIX + - remove: + field: ["aws.vpcflow.start", "aws.vpcflow.end"] + ignore_missing: true + + # IP Geolocation Lookup + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true + + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + - rename: + field: message + target_field: event.original + ignore_missing: true + + # Generate related.ip field + - append: + if: ctx.source?.ip != null && ctx.destination?.ip != null + field: related.ip + value: ["{{source.ip}}", "{{destination.ip}}"] + + - set: + field: cloud.provider + value: aws + + - set: + if: "ctx?.aws?.vpcflow?.account_id != null" + field: cloud.account.id + value: "{{aws.vpcflow.account_id}}" + + - set: + if: "ctx?.aws?.vpcflow?.instance_id != null && ctx.aws.vpcflow.instance_id != '-'" + field: cloud.instance.id + value: "{{aws.vpcflow.instance_id}}" + + - set: + field: event.kind + value: event + +on_failure: + - set: + field: "error.message" + value: "{{ _ingest.on_failure_message }}" diff --git a/filebeat/module/aws/vpcflow/manifest.yml b/filebeat/module/aws/vpcflow/manifest.yml new file mode 100644 index 00000000000..2bcc4d6cbe5 --- /dev/null +++ b/filebeat/module/aws/vpcflow/manifest.yml @@ -0,0 +1,18 @@ +module_version: 1.0 + +var: + - name: input + default: s3 + - name: queue_url + - name: shared_credential_file + - name: credential_profile_name + - name: visibility_timeout + - name: api_timeout + - name: endpoint + - name: access_key_id + - name: secret_access_key + - name: session_token + - name: role_arn + +ingest_pipeline: ingest/pipeline.yml +input: config/input.yml diff --git a/filebeat/module/aws/vpcflow/test/accept-reject-traffic.log b/filebeat/module/aws/vpcflow/test/accept-reject-traffic.log new file mode 100644 index 00000000000..6355e43b480 --- /dev/null +++ b/filebeat/module/aws/vpcflow/test/accept-reject-traffic.log @@ -0,0 +1,5 @@ +version account-id interface-id srcaddr dstaddr srcport dstport protocol packets bytes start end action log-status +2 123456789010 eni-1235b8ca123456789 78.24.182.42 158.109.0.1 20641 22 6 20 4249 1418530010 1418530070 ACCEPT OK +2 123456789010 eni-1235b8ca123456789 78.24.182.42 158.109.0.1 49761 3389 6 20 4249 1418530010 1418530070 REJECT OK +2 123456789010 eni-1235b8ca123456789 203.0.113.12 172.31.16.139 0 0 1 4 336 1432917027 1432917142 ACCEPT OK +2 123456789010 eni-1235b8ca123456789 172.31.16.139 203.0.113.12 0 0 1 4 336 1432917094 1432917142 REJECT OK diff --git a/filebeat/module/aws/vpcflow/test/accept-reject-traffic.log-expected.json b/filebeat/module/aws/vpcflow/test/accept-reject-traffic.log-expected.json new file mode 100644 index 00000000000..f31e0bf9931 --- /dev/null +++ b/filebeat/module/aws/vpcflow/test/accept-reject-traffic.log-expected.json @@ -0,0 +1,194 @@ +[ + { + "@timestamp": "2014-12-14T04:07:50.000Z", + "aws.vpcflow.account_id": "123456789010", + "aws.vpcflow.action": "ACCEPT", + "aws.vpcflow.interface_id": "eni-1235b8ca123456789", + "aws.vpcflow.log_status": "OK", + "aws.vpcflow.version": "2", + "cloud.account.id": "123456789010", + "cloud.provider": "aws", + "destination.address": "158.109.0.1", + "destination.as.number": 13041, + "destination.as.organization.name": "Consorci de Serveis Universitaris de Catalunya", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "ES", + "destination.geo.location.lat": 40.4172, + "destination.geo.location.lon": -3.684, + "destination.ip": "158.109.0.1", + "destination.port": 22, + "event.category": "network_traffic", + "event.dataset": "aws.vpcflow", + "event.end": "2014-12-14T04:07:50.000Z", + "event.kind": "event", + "event.module": "aws", + "event.original": "2 123456789010 eni-1235b8ca123456789 78.24.182.42 158.109.0.1 20641 22 6 20 4249 1418530010 1418530070 ACCEPT OK", + "event.outcome": "allow", + "event.start": "2014-12-14T04:06:50.000Z", + "event.type": "flow", + "fileset.name": "vpcflow", + "input.type": "log", + "log.offset": 115, + "network.bytes": 4249, + "network.community_id": "1:Ln/vlDqu658GHymxjnRAaUF8KS4=", + "network.iana_number": "6", + "network.packets": 20, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "78.24.182.42", + "158.109.0.1" + ], + "service.type": "aws", + "source.address": "78.24.182.42", + "source.as.number": 35377, + "source.as.organization.name": "Ao a.b.n.", + "source.bytes": 4249, + "source.geo.city_name": "Moscow", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "RU", + "source.geo.location.lat": 55.7527, + "source.geo.location.lon": 37.6172, + "source.geo.region_iso_code": "RU-MOW", + "source.geo.region_name": "Moscow", + "source.ip": "78.24.182.42", + "source.packets": 20, + "source.port": 20641 + }, + { + "@timestamp": "2014-12-14T04:07:50.000Z", + "aws.vpcflow.account_id": "123456789010", + "aws.vpcflow.action": "REJECT", + "aws.vpcflow.interface_id": "eni-1235b8ca123456789", + "aws.vpcflow.log_status": "OK", + "aws.vpcflow.version": "2", + "cloud.account.id": "123456789010", + "cloud.provider": "aws", + "destination.address": "158.109.0.1", + "destination.as.number": 13041, + "destination.as.organization.name": "Consorci de Serveis Universitaris de Catalunya", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "ES", + "destination.geo.location.lat": 40.4172, + "destination.geo.location.lon": -3.684, + "destination.ip": "158.109.0.1", + "destination.port": 3389, + "event.category": "network_traffic", + "event.dataset": "aws.vpcflow", + "event.end": "2014-12-14T04:07:50.000Z", + "event.kind": "event", + "event.module": "aws", + "event.original": "2 123456789010 eni-1235b8ca123456789 78.24.182.42 158.109.0.1 49761 3389 6 20 4249 1418530010 1418530070 REJECT OK", + "event.outcome": "deny", + "event.start": "2014-12-14T04:06:50.000Z", + "event.type": "flow", + "fileset.name": "vpcflow", + "input.type": "log", + "log.offset": 228, + "network.bytes": 4249, + "network.community_id": "1:E3lDDGXG7D8azpdrN7WMLPJe30w=", + "network.iana_number": "6", + "network.packets": 20, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "78.24.182.42", + "158.109.0.1" + ], + "service.type": "aws", + "source.address": "78.24.182.42", + "source.as.number": 35377, + "source.as.organization.name": "Ao a.b.n.", + "source.bytes": 4249, + "source.geo.city_name": "Moscow", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "RU", + "source.geo.location.lat": 55.7527, + "source.geo.location.lon": 37.6172, + "source.geo.region_iso_code": "RU-MOW", + "source.geo.region_name": "Moscow", + "source.ip": "78.24.182.42", + "source.packets": 20, + "source.port": 49761 + }, + { + "@timestamp": "2015-05-29T16:32:22.000Z", + "aws.vpcflow.account_id": "123456789010", + "aws.vpcflow.action": "ACCEPT", + "aws.vpcflow.interface_id": "eni-1235b8ca123456789", + "aws.vpcflow.log_status": "OK", + "aws.vpcflow.version": "2", + "cloud.account.id": "123456789010", + "cloud.provider": "aws", + "destination.address": "172.31.16.139", + "destination.ip": "172.31.16.139", + "destination.port": 0, + "event.category": "network_traffic", + "event.dataset": "aws.vpcflow", + "event.end": "2015-05-29T16:32:22.000Z", + "event.kind": "event", + "event.module": "aws", + "event.original": "2 123456789010 eni-1235b8ca123456789 203.0.113.12 172.31.16.139 0 0 1 4 336 1432917027 1432917142 ACCEPT OK", + "event.outcome": "allow", + "event.start": "2015-05-29T16:30:27.000Z", + "event.type": "flow", + "fileset.name": "vpcflow", + "input.type": "log", + "log.offset": 343, + "network.bytes": 336, + "network.community_id": "1:H//CCQJhRqDUJ9c23S0VrQ+drxU=", + "network.iana_number": "1", + "network.packets": 4, + "network.type": "ipv4", + "related.ip": [ + "203.0.113.12", + "172.31.16.139" + ], + "service.type": "aws", + "source.address": "203.0.113.12", + "source.bytes": 336, + "source.ip": "203.0.113.12", + "source.packets": 4, + "source.port": 0 + }, + { + "@timestamp": "2015-05-29T16:32:22.000Z", + "aws.vpcflow.account_id": "123456789010", + "aws.vpcflow.action": "REJECT", + "aws.vpcflow.interface_id": "eni-1235b8ca123456789", + "aws.vpcflow.log_status": "OK", + "aws.vpcflow.version": "2", + "cloud.account.id": "123456789010", + "cloud.provider": "aws", + "destination.address": "203.0.113.12", + "destination.ip": "203.0.113.12", + "destination.port": 0, + "event.category": "network_traffic", + "event.dataset": "aws.vpcflow", + "event.end": "2015-05-29T16:32:22.000Z", + "event.kind": "event", + "event.module": "aws", + "event.original": "2 123456789010 eni-1235b8ca123456789 172.31.16.139 203.0.113.12 0 0 1 4 336 1432917094 1432917142 REJECT OK", + "event.outcome": "deny", + "event.start": "2015-05-29T16:31:34.000Z", + "event.type": "flow", + "fileset.name": "vpcflow", + "input.type": "log", + "log.offset": 451, + "network.bytes": 336, + "network.community_id": "1:cfQqw/Kh6+4yqhEKgkCw/m3WoJM=", + "network.iana_number": "1", + "network.packets": 4, + "network.type": "ipv4", + "related.ip": [ + "172.31.16.139", + "203.0.113.12" + ], + "service.type": "aws", + "source.address": "172.31.16.139", + "source.bytes": 336, + "source.ip": "172.31.16.139", + "source.packets": 4, + "source.port": 0 + } +] \ No newline at end of file diff --git a/filebeat/module/aws/vpcflow/test/custom-nat-gateway.log b/filebeat/module/aws/vpcflow/test/custom-nat-gateway.log new file mode 100644 index 00000000000..233a617bb69 --- /dev/null +++ b/filebeat/module/aws/vpcflow/test/custom-nat-gateway.log @@ -0,0 +1,3 @@ +instance-id interface-id srcaddr dstaddr pkt-srcaddr pkt-dstaddr +- eni-1235b8ca123456789 10.0.1.5 10.0.0.220 10.0.1.5 203.0.113.5 +i-01234567890123456 eni-1111aaaa2222bbbb3 10.0.1.5 203.0.113.5 10.0.1.5 203.0.113.5 diff --git a/filebeat/module/aws/vpcflow/test/custom-nat-gateway.log-expected.json b/filebeat/module/aws/vpcflow/test/custom-nat-gateway.log-expected.json new file mode 100644 index 00000000000..a1e34b59b5c --- /dev/null +++ b/filebeat/module/aws/vpcflow/test/custom-nat-gateway.log-expected.json @@ -0,0 +1,55 @@ +[ + { + "aws.vpcflow.instance_id": "-", + "aws.vpcflow.interface_id": "eni-1235b8ca123456789", + "aws.vpcflow.pkt_dstaddr": "203.0.113.5", + "aws.vpcflow.pkt_srcaddr": "10.0.1.5", + "cloud.provider": "aws", + "destination.address": "10.0.0.220", + "destination.ip": "10.0.0.220", + "event.category": "network_traffic", + "event.dataset": "aws.vpcflow", + "event.kind": "event", + "event.module": "aws", + "event.original": "- eni-1235b8ca123456789 10.0.1.5 10.0.0.220 10.0.1.5 203.0.113.5", + "event.type": "flow", + "fileset.name": "vpcflow", + "input.type": "log", + "log.offset": 65, + "network.type": "ipv4", + "related.ip": [ + "10.0.1.5", + "10.0.0.220" + ], + "service.type": "aws", + "source.address": "10.0.1.5", + "source.ip": "10.0.1.5" + }, + { + "aws.vpcflow.instance_id": "i-01234567890123456", + "aws.vpcflow.interface_id": "eni-1111aaaa2222bbbb3", + "aws.vpcflow.pkt_dstaddr": "203.0.113.5", + "aws.vpcflow.pkt_srcaddr": "10.0.1.5", + "cloud.instance.id": "i-01234567890123456", + "cloud.provider": "aws", + "destination.address": "203.0.113.5", + "destination.ip": "203.0.113.5", + "event.category": "network_traffic", + "event.dataset": "aws.vpcflow", + "event.kind": "event", + "event.module": "aws", + "event.original": "i-01234567890123456 eni-1111aaaa2222bbbb3 10.0.1.5 203.0.113.5 10.0.1.5 203.0.113.5", + "event.type": "flow", + "fileset.name": "vpcflow", + "input.type": "log", + "log.offset": 130, + "network.type": "ipv4", + "related.ip": [ + "10.0.1.5", + "203.0.113.5" + ], + "service.type": "aws", + "source.address": "10.0.1.5", + "source.ip": "10.0.1.5" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/vpcflow/test/custom-transit-gateway.log b/filebeat/module/aws/vpcflow/test/custom-transit-gateway.log new file mode 100644 index 00000000000..996e5899195 --- /dev/null +++ b/filebeat/module/aws/vpcflow/test/custom-transit-gateway.log @@ -0,0 +1,2 @@ +version interface-id account-id vpc-id subnet-id instance-id srcaddr dstaddr srcport dstport protocol tcp-flags type pkt-srcaddr pkt-dstaddr action log-status +3 eni-33333333333333333 123456789010 vpc-abcdefab012345678 subnet-22222222bbbbbbbbb i-01234567890123456 10.20.33.164 10.40.2.236 39812 80 6 3 IPv4 10.20.33.164 10.40.2.236 ACCEPT OK diff --git a/filebeat/module/aws/vpcflow/test/custom-transit-gateway.log-expected.json b/filebeat/module/aws/vpcflow/test/custom-transit-gateway.log-expected.json new file mode 100644 index 00000000000..d288b8b06db --- /dev/null +++ b/filebeat/module/aws/vpcflow/test/custom-transit-gateway.log-expected.json @@ -0,0 +1,44 @@ +[ + { + "aws.vpcflow.account_id": "123456789010", + "aws.vpcflow.action": "ACCEPT", + "aws.vpcflow.instance_id": "i-01234567890123456", + "aws.vpcflow.interface_id": "eni-33333333333333333", + "aws.vpcflow.log_status": "OK", + "aws.vpcflow.pkt_dstaddr": "10.40.2.236", + "aws.vpcflow.pkt_srcaddr": "10.20.33.164", + "aws.vpcflow.subnet_id": "subnet-22222222bbbbbbbbb", + "aws.vpcflow.tcp_flags": "3", + "aws.vpcflow.type": "IPv4", + "aws.vpcflow.version": "3", + "aws.vpcflow.vpc_id": "vpc-abcdefab012345678", + "cloud.account.id": "123456789010", + "cloud.instance.id": "i-01234567890123456", + "cloud.provider": "aws", + "destination.address": "10.40.2.236", + "destination.ip": "10.40.2.236", + "destination.port": 80, + "event.category": "network_traffic", + "event.dataset": "aws.vpcflow", + "event.kind": "event", + "event.module": "aws", + "event.original": "3 eni-33333333333333333 123456789010 vpc-abcdefab012345678 subnet-22222222bbbbbbbbb i-01234567890123456 10.20.33.164 10.40.2.236 39812 80 6 3 IPv4 10.20.33.164 10.40.2.236 ACCEPT OK", + "event.outcome": "allow", + "event.type": "flow", + "fileset.name": "vpcflow", + "input.type": "log", + "log.offset": 159, + "network.community_id": "1:ws7yjpq1Xp9e30feJWxuPgfVePc=", + "network.iana_number": "6", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.20.33.164", + "10.40.2.236" + ], + "service.type": "aws", + "source.address": "10.20.33.164", + "source.ip": "10.20.33.164", + "source.port": 39812 + } +] \ No newline at end of file diff --git a/filebeat/module/aws/vpcflow/test/ipv6.log b/filebeat/module/aws/vpcflow/test/ipv6.log new file mode 100644 index 00000000000..3b05cc9cd54 --- /dev/null +++ b/filebeat/module/aws/vpcflow/test/ipv6.log @@ -0,0 +1 @@ +2 123456789010 eni-1235b8ca123456789 2001:db8:1234:a100:8d6e:3477:df66:f105 2001:db8:1234:a102:3304:8879:34cf:4071 34892 22 6 54 8855 1477913708 1477913820 ACCEPT OK diff --git a/filebeat/module/aws/vpcflow/test/ipv6.log-expected.json b/filebeat/module/aws/vpcflow/test/ipv6.log-expected.json new file mode 100644 index 00000000000..12899b7b728 --- /dev/null +++ b/filebeat/module/aws/vpcflow/test/ipv6.log-expected.json @@ -0,0 +1,43 @@ +[ + { + "@timestamp": "2016-10-31T11:37:00.000Z", + "aws.vpcflow.account_id": "123456789010", + "aws.vpcflow.action": "ACCEPT", + "aws.vpcflow.interface_id": "eni-1235b8ca123456789", + "aws.vpcflow.log_status": "OK", + "aws.vpcflow.version": "2", + "cloud.account.id": "123456789010", + "cloud.provider": "aws", + "destination.address": "2001:db8:1234:a102:3304:8879:34cf:4071", + "destination.ip": "2001:db8:1234:a102:3304:8879:34cf:4071", + "destination.port": 22, + "event.category": "network_traffic", + "event.dataset": "aws.vpcflow", + "event.end": "2016-10-31T11:37:00.000Z", + "event.kind": "event", + "event.module": "aws", + "event.original": "2 123456789010 eni-1235b8ca123456789 2001:db8:1234:a100:8d6e:3477:df66:f105 2001:db8:1234:a102:3304:8879:34cf:4071 34892 22 6 54 8855 1477913708 1477913820 ACCEPT OK", + "event.outcome": "allow", + "event.start": "2016-10-31T11:35:08.000Z", + "event.type": "flow", + "fileset.name": "vpcflow", + "input.type": "log", + "log.offset": 0, + "network.bytes": 8855, + "network.community_id": "1:hXZclvxUJScaVf0xMIJR6yW6tBQ=", + "network.iana_number": "6", + "network.packets": 54, + "network.transport": "tcp", + "network.type": "ipv6", + "related.ip": [ + "2001:db8:1234:a100:8d6e:3477:df66:f105", + "2001:db8:1234:a102:3304:8879:34cf:4071" + ], + "service.type": "aws", + "source.address": "2001:db8:1234:a100:8d6e:3477:df66:f105", + "source.bytes": 8855, + "source.ip": "2001:db8:1234:a100:8d6e:3477:df66:f105", + "source.packets": 54, + "source.port": 34892 + } +] \ No newline at end of file diff --git a/filebeat/module/aws/vpcflow/test/no-data-skip-data.log b/filebeat/module/aws/vpcflow/test/no-data-skip-data.log new file mode 100644 index 00000000000..91b41e36304 --- /dev/null +++ b/filebeat/module/aws/vpcflow/test/no-data-skip-data.log @@ -0,0 +1,2 @@ +2 123456789010 eni-1235b8ca123456789 - - - - - - - 1431280876 1431280934 - NODATA +2 123456789010 eni-11111111aaaaaaaaa - - - - - - - 1431280876 1431280934 - SKIPDATA diff --git a/filebeat/module/aws/vpcflow/test/no-data-skip-data.log-expected.json b/filebeat/module/aws/vpcflow/test/no-data-skip-data.log-expected.json new file mode 100644 index 00000000000..456b3efca62 --- /dev/null +++ b/filebeat/module/aws/vpcflow/test/no-data-skip-data.log-expected.json @@ -0,0 +1,46 @@ +[ + { + "@timestamp": "2015-05-10T18:02:14.000Z", + "aws.vpcflow.account_id": "123456789010", + "aws.vpcflow.action": "-", + "aws.vpcflow.interface_id": "eni-1235b8ca123456789", + "aws.vpcflow.log_status": "NODATA", + "aws.vpcflow.version": "2", + "cloud.account.id": "123456789010", + "cloud.provider": "aws", + "event.category": "network_traffic", + "event.dataset": "aws.vpcflow", + "event.end": "2015-05-10T18:02:14.000Z", + "event.kind": "event", + "event.module": "aws", + "event.original": "2 123456789010 eni-1235b8ca123456789 - - - - - - - 1431280876 1431280934 - NODATA", + "event.start": "2015-05-10T18:01:16.000Z", + "event.type": "flow", + "fileset.name": "vpcflow", + "input.type": "log", + "log.offset": 0, + "service.type": "aws" + }, + { + "@timestamp": "2015-05-10T18:02:14.000Z", + "aws.vpcflow.account_id": "123456789010", + "aws.vpcflow.action": "-", + "aws.vpcflow.interface_id": "eni-11111111aaaaaaaaa", + "aws.vpcflow.log_status": "SKIPDATA", + "aws.vpcflow.version": "2", + "cloud.account.id": "123456789010", + "cloud.provider": "aws", + "event.category": "network_traffic", + "event.dataset": "aws.vpcflow", + "event.end": "2015-05-10T18:02:14.000Z", + "event.kind": "event", + "event.module": "aws", + "event.original": "2 123456789010 eni-11111111aaaaaaaaa - - - - - - - 1431280876 1431280934 - SKIPDATA", + "event.start": "2015-05-10T18:01:16.000Z", + "event.type": "flow", + "fileset.name": "vpcflow", + "input.type": "log", + "log.offset": 82, + "service.type": "aws" + } +] \ No newline at end of file diff --git a/filebeat/module/aws/vpcflow/test/tcp-flag-sequence.log b/filebeat/module/aws/vpcflow/test/tcp-flag-sequence.log new file mode 100644 index 00000000000..28ca1ca949f --- /dev/null +++ b/filebeat/module/aws/vpcflow/test/tcp-flag-sequence.log @@ -0,0 +1,2 @@ +version vpc-id subnet-id instance-id interface-id account-id type srcaddr dstaddr srcport dstport pkt-srcaddr pkt-dstaddr protocol bytes packets start end action tcp-flags log-status +3 vpc-abcdefab012345678 subnet-aaaaaaaa012345678 i-01234567890123456 eni-1235b8ca123456789 123456789010 IPv4 52.213.180.42 10.0.0.62 43416 5001 52.213.180.42 10.0.0.62 6 568 8 1566848875 1566848933 ACCEPT 2 OK diff --git a/filebeat/module/aws/vpcflow/test/tcp-flag-sequence.log-expected.json b/filebeat/module/aws/vpcflow/test/tcp-flag-sequence.log-expected.json new file mode 100644 index 00000000000..cb24fd34183 --- /dev/null +++ b/filebeat/module/aws/vpcflow/test/tcp-flag-sequence.log-expected.json @@ -0,0 +1,60 @@ +[ + { + "@timestamp": "2019-08-26T19:48:53.000Z", + "aws.vpcflow.account_id": "123456789010", + "aws.vpcflow.action": "ACCEPT", + "aws.vpcflow.instance_id": "i-01234567890123456", + "aws.vpcflow.interface_id": "eni-1235b8ca123456789", + "aws.vpcflow.log_status": "OK", + "aws.vpcflow.pkt_dstaddr": "10.0.0.62", + "aws.vpcflow.pkt_srcaddr": "52.213.180.42", + "aws.vpcflow.subnet_id": "subnet-aaaaaaaa012345678", + "aws.vpcflow.tcp_flags": "2", + "aws.vpcflow.type": "IPv4", + "aws.vpcflow.version": "3", + "aws.vpcflow.vpc_id": "vpc-abcdefab012345678", + "cloud.account.id": "123456789010", + "cloud.instance.id": "i-01234567890123456", + "cloud.provider": "aws", + "destination.address": "10.0.0.62", + "destination.ip": "10.0.0.62", + "destination.port": 5001, + "event.category": "network_traffic", + "event.dataset": "aws.vpcflow", + "event.end": "2019-08-26T19:48:53.000Z", + "event.kind": "event", + "event.module": "aws", + "event.original": "3 vpc-abcdefab012345678 subnet-aaaaaaaa012345678 i-01234567890123456 eni-1235b8ca123456789 123456789010 IPv4 52.213.180.42 10.0.0.62 43416 5001 52.213.180.42 10.0.0.62 6 568 8 1566848875 1566848933 ACCEPT 2 OK", + "event.outcome": "allow", + "event.start": "2019-08-26T19:47:55.000Z", + "event.type": "flow", + "fileset.name": "vpcflow", + "input.type": "log", + "log.offset": 183, + "network.bytes": 568, + "network.community_id": "1:HQ1oJYZ+9SJOoeju7badiLfvwls=", + "network.iana_number": "6", + "network.packets": 8, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "52.213.180.42", + "10.0.0.62" + ], + "service.type": "aws", + "source.address": "52.213.180.42", + "source.as.number": 16509, + "source.as.organization.name": "Amazon.com, Inc.", + "source.bytes": 568, + "source.geo.city_name": "Dublin", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "IE", + "source.geo.location.lat": 53.3338, + "source.geo.location.lon": -6.2488, + "source.geo.region_iso_code": "IE-L", + "source.geo.region_name": "Leinster", + "source.ip": "52.213.180.42", + "source.packets": 8, + "source.port": 43416 + } +] \ No newline at end of file diff --git a/filebeat/module/azure/_meta/config.yml b/filebeat/module/azure/_meta/config.yml new file mode 100644 index 00000000000..ab7f477b8bb --- /dev/null +++ b/filebeat/module/azure/_meta/config.yml @@ -0,0 +1,32 @@ +- module: azure + # All logs + activitylogs: + enabled: true + var: + # eventhub name containing the activity logs, overwrite he default value if the logs are exported in a different eventhub + eventhub: "insights-operational-logs" + # consumer group name that has access to the event hub, we advise creating a dedicated consumer group for the azure module + consumer_group: "$Default" + # the connection string required to communicate with Event Hubs, steps to generate one here https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-get-connection-string + connection_string: "" + # the name of the storage account the state/offsets will be stored and updated + storage_account: "" + # the storage account key, this key will be used to authorize access to data in your storage account + storage_account_key: "" + + auditlogs: + enabled: false + # var: + # eventhub: "insights-logs-auditlogs" + # consumer_group: "$Default" + # connection_string: "" + # storage_account: "" + # storage_account_key: "" + signinlogs: + enabled: false + # var: + # eventhub: "insights-logs-signinlogs" + # consumer_group: "$Default" + # connection_string: "" + # storage_account: "" + # storage_account_key: "" diff --git a/filebeat/module/azure/_meta/docs.asciidoc b/filebeat/module/azure/_meta/docs.asciidoc new file mode 100644 index 00000000000..eea82995532 --- /dev/null +++ b/filebeat/module/azure/_meta/docs.asciidoc @@ -0,0 +1,121 @@ +[role="xpack"] + +:modulename: azure +:has-dashboards: false + +== Azure module + +beta[] + +The azure module retrieves different types of log data from Azure. +There are several requirements before using the module since the logs will actually be read from azure event hubs. + + - the logs have to be exported first to the event hubs https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-create-kafka-enabled + - to export activity logs to event hubs users can follow the steps here https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-export + - to export audit and sign-in logs to event hubs users can follow the steps here https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-azure-monitor-stream-logs-to-event-hub + +The module contains the following filesets: + +`activitylogs` :: +Will retrieve azure activity logs. Control-plane events on Azure Resource Manager resources. Activity logs provide insight into the operations that were performed on resources in your subscription. + +`signinlogs` :: +Will retrieve azure Active Directory sign-in logs. The sign-ins report provides information about the usage of managed applications and user sign-in activities. + +`auditlogs` :: +Will retrieve azure Active Directory audit logs. The audit logs provide traceability through logs for all changes done by various features within Azure AD. Examples of audit logs include changes made to any resources within Azure AD like adding or removing users, apps, groups, roles and policies. + +[float] +=== Module configuration + +``` +- module: azure + activitylogs: + enabled: true + var: + eventhub: "insights-operational-logs" + consumer_group: "$Default" + connection_string: "" + storage_account: "" + storage_account_key: "" + resource_manager_endpoint: "" + + auditlogs: + enabled: false + var: + eventhub: "insights-logs-auditlogs" + consumer_group: "$Default" + connection_string: "" + storage_account: "" + storage_account_key: "" + resource_manager_endpoint: "" + + signinlogs: + enabled: false + var: + eventhub: ["insights-logs-signinlogs"] + consumer_group: "$Default" + connection_string: "" + storage_account: "" + storage_account_key: "" + resource_manager_endpoint: "" + +``` + + +`eventhub` :: + _[]string_ +Is a fully managed, real-time data ingestion service. +Default value `insights-operational-logs` + +`consumer_group` :: +_string_ + The publish/subscribe mechanism of Event Hubs is enabled through consumer groups. A consumer group is a view (state, position, or offset) of an entire event hub. Consumer groups enable multiple consuming applications to each have a separate view of the event stream, and to read the stream independently at their own pace and with their own offsets. +Default value: `$Default` + +`connection_string` :: +_string_ +The connection string required to communicate with Event Hubs, steps here https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-get-connection-string. + +A Blob Storage account is required in order to store/retrieve/update the offset or state of the eventhub messages. This means that after stopping the filebeat azure module it can start back up at the spot that it stopped processing messages. + + +`storage_account` :: +_string_ +The name of the storage account the state/offsets will be stored and updated. + +`storage_account_key` :: +_string_ +The storage account key, this key will be used to authorize access to data in your storage account. + +`resource_manager_endpoint` :: +_string_ +Optional, by default we are using the azure public environment, to override, users can provide a specific resource manager endpoint in order to use a different azure environment. +Ex: +https://management.chinacloudapi.cn/ for azure ChinaCloud +https://management.microsoftazure.de/ for azure GermanCloud +https://management.azure.com/ for azure PublicCloud +https://management.usgovcloudapi.net/ for azure USGovernmentCloud +Users can also use this in case of a Hybrid Cloud model, where one may define their own endpoints. + +include::../include/what-happens.asciidoc[] + +include::../include/gs-link.asciidoc[] + +[float] +=== Compatibility + +TODO: document with what versions of the software is this tested + +[float] +=== Dashboards + +The azure module comes with several predefined dashboards for general cloud overview, user activity and alerts. For example: + +image::./images/filebeat-azure-overview.png[] + + + + + + diff --git a/filebeat/module/azure/_meta/fields.yml b/filebeat/module/azure/_meta/fields.yml new file mode 100644 index 00000000000..158ab823bf0 --- /dev/null +++ b/filebeat/module/azure/_meta/fields.yml @@ -0,0 +1,51 @@ +- key: azure + title: "Azure" + release: beta + description: > + Azure Module + fields: + - name: azure + type: group + description: > + fields: + - name: subscription_id + type: keyword + description: > + Azure subscription ID + - name: correlation_id + type: keyword + description: > + Correlation ID + - name: tenant_id + type: keyword + description: > + tenant ID + - name: resource + type: group + description: > + Resource + fields: + - name: id + type: keyword + description: > + Resource ID + - name: group + type: keyword + description: > + Resource group + - name: provider + type: keyword + description: > + Resource type/namespace + - name: namespace + type: keyword + description: > + Resource type/namespace + - name: name + type: keyword + description: > + Name + - name: authorization_rule + type: keyword + description: > + Authorization rule diff --git a/filebeat/module/azure/_meta/kibana/7/dashboard/Filebeat-azure-alerts-overview.json b/filebeat/module/azure/_meta/kibana/7/dashboard/Filebeat-azure-alerts-overview.json new file mode 100644 index 00000000000..8674e2f3db3 --- /dev/null +++ b/filebeat/module/azure/_meta/kibana/7/dashboard/Filebeat-azure-alerts-overview.json @@ -0,0 +1,592 @@ +{ + "objects": [ + { + "attributes": { + "description": "This dashboard provides expanded alerts overview for Azure cloud", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 4, + "i": "9d1a26e6-2ff0-4d3e-bab3-7bb3c50cd060", + "w": 7, + "x": 0, + "y": 0 + }, + "panelIndex": "9d1a26e6-2ff0-4d3e-bab3-7bb3c50cd060", + "panelRefName": "panel_0", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 4, + "i": "676fd632-a9c1-46ed-829b-ca5b55817379", + "w": 14, + "x": 7, + "y": 0 + }, + "panelIndex": "676fd632-a9c1-46ed-829b-ca5b55817379", + "panelRefName": "panel_1", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "096b4eaa-072e-455f-befa-3076f71be12d", + "w": 27, + "x": 21, + "y": 0 + }, + "panelIndex": "096b4eaa-072e-455f-befa-3076f71be12d", + "panelRefName": "panel_2", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "162fb43e-fff3-4f50-aa9b-a713418bd651", + "w": 27, + "x": 21, + "y": 15 + }, + "panelIndex": "162fb43e-fff3-4f50-aa9b-a713418bd651", + "panelRefName": "panel_3", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 20, + "i": "36fb5c08-80d9-4a1c-8fde-9c063381fdd8", + "w": 21, + "x": 0, + "y": 4 + }, + "panelIndex": "36fb5c08-80d9-4a1c-8fde-9c063381fdd8", + "panelRefName": "panel_4", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Filebeat Azure] Alerts Overview", + "version": 1 + }, + "id": "0f559cc0-f0d5-11e9-90ec-112a988266d5", + "migrationVersion": { + "dashboard": "7.3.0" + }, + "references": [ + { + "id": "46544960-f0d5-11e9-90ec-112a988266d5", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "097d74d0-f044-11e9-90ec-112a988266d5", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "52c2a4e0-ec1f-11e9-90ec-112a988266d5", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "f684a750-ec23-11e9-90ec-112a988266d5", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "c704b050-f0de-11e9-90ec-112a988266d5", + "name": "panel_4", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2019-10-18T15:21:16.305Z", + "version": "WzkyNDEsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Navigation Alerts [Filebeat Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 10, + "markdown": "### Azure Monitoring\n\n[Overview](#/dashboard/41e84340-ec20-11e9-90ec-112a988266d5) | [Users](#/dashboard/87095750-f05a-11e9-90ec-112a988266d5) | [**Alerts**](#/dashboard/0f559cc0-f0d5-11e9-90ec-112a988266d5) ", + "openLinksInNewTab": false + }, + "title": "Navigation Alerts [Filebeat Azure]", + "type": "markdown" + } + }, + "id": "46544960-f0d5-11e9-90ec-112a988266d5", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-10-17T11:57:36.537Z", + "version": "WzQ5NDAsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Subscriptions Filter [Filebeat Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "azure.subscription_id", + "id": "1571250866125", + "indexPatternRefName": "control_0_index_pattern", + "label": "Subscription ID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "title": "Subscriptions Filter [Filebeat Azure]", + "type": "input_control_vis" + } + }, + "id": "097d74d0-f044-11e9-90ec-112a988266d5", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "filebeat-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-10-16T18:37:41.917Z", + "version": "WzQ0MDEsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Alerts Overview [Filebeat Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metricbeat-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "event.dataset :\"azure.activitylogs\" and event.category : \"Alert\"" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "filebeat-*", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,220,0,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "event.outcome: \"Activated\"" + }, + "formatter": "number", + "hide_in_legend": 0, + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "filter", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "event.outcome: \"Resolved\" or event.outcome: \"Succeeded\"" + }, + "formatter": "number", + "hide_in_legend": 0, + "id": "5a52f170-ec1e-11e9-b6a7-21d19b63822a", + "line_width": 1, + "metrics": [ + { + "id": "5a52f171-ec1e-11e9-b6a7-21d19b63822a", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "filter", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 0, + "time_field": "", + "type": "timeseries" + }, + "title": "Alerts Overview [Filebeat Azure]", + "type": "metrics" + } + }, + "id": "52c2a4e0-ec1f-11e9-90ec-112a988266d5", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-10-16T18:41:58.846Z", + "version": "WzQ0MDcsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset :\"azure.activitylogs\" and event.category : \"Alert\" " + } + } + }, + "title": "Alerts Count [Filebeat Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Alerts" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "event.outcome : \"Activated\"" + }, + "label": "Activated" + }, + { + "input": { + "language": "kuery", + "query": "event.outcome : \"Resolved\"" + }, + "label": "Resolved" + }, + { + "input": { + "language": "kuery", + "query": "event.outcome : \"Succeeded\"" + }, + "label": "Succeeded" + } + ] + }, + "schema": "group", + "type": "filters" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "bucket": { + "accessor": 0, + "format": { + "id": "string", + "params": {} + }, + "type": "vis_dimension" + }, + "metrics": [ + { + "accessor": 1, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Alerts Count [Filebeat Azure]", + "type": "metric" + } + }, + "id": "f684a750-ec23-11e9-90ec-112a988266d5", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-10-16T18:44:12.955Z", + "version": "WzQ0MTAsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset :\"azure.activitylogs\" and event.category : \"Alert\" " + } + } + }, + "title": "Alerts Heatmap [Filebeat Azure]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0": "rgb(247,252,245)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Provider", + "field": "azure.resource.provider", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Resource Group", + "field": "azure.resource.group", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Greens", + "colorsNumber": 4, + "colorsRange": [], + "dimensions": { + "x": { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + "y": [ + { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "enableHover": false, + "invertColors": false, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "type": "heatmap", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "black", + "overwriteColor": false, + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "title": "Alerts Heatmap [Filebeat Azure]", + "type": "heatmap" + } + }, + "id": "c704b050-f0de-11e9-90ec-112a988266d5", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-10-17T13:05:22.389Z", + "version": "WzQ5NTYsMV0=" + } + ], + "version": "7.4.0" +} diff --git a/filebeat/module/azure/_meta/kibana/7/dashboard/Filebeat-azure-overview.json b/filebeat/module/azure/_meta/kibana/7/dashboard/Filebeat-azure-overview.json new file mode 100644 index 00000000000..e15c8e0c363 --- /dev/null +++ b/filebeat/module/azure/_meta/kibana/7/dashboard/Filebeat-azure-overview.json @@ -0,0 +1,1925 @@ +{ + "objects":[ + { + "attributes":{ + "description":"This dashboard provides an overview of user activity, alerts and resource in Azure cloud.", + "hits":0, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "query":{ + "language":"kuery", + "query":"" + } + } + }, + "optionsJSON":{ + "hidePanelTitles":false, + "useMargins":true + }, + "panelsJSON":[ + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 4, + "i": "6b6e7452-979c-4f78-afc2-cc58fcf105ff", + "w": 9, + "x": 0, + "y": 0 + }, + "panelIndex": "6b6e7452-979c-4f78-afc2-cc58fcf105ff", + "panelRefName": "panel_0", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 4, + "i": "042f777a-5e41-41e8-9d6e-d842473a8aed", + "w": 15, + "x": 9, + "y": 0 + }, + "panelIndex": "042f777a-5e41-41e8-9d6e-d842473a8aed", + "panelRefName": "panel_1", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Activity Level" + }, + "gridData": { + "h": 8, + "i": "1e73bca7-8569-41b5-830e-2f762602219a", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "1e73bca7-8569-41b5-830e-2f762602219a", + "panelRefName": "panel_2", + "title": "Activity Level", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 6, + "i": "d9465e9f-49f1-4173-b1a4-fea9ee3120ab", + "w": 24, + "x": 0, + "y": 4 + }, + "panelIndex": "d9465e9f-49f1-4173-b1a4-fea9ee3120ab", + "panelRefName": "panel_3", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Access Requests" + }, + "gridData": { + "h": 7, + "i": "18ec1e20-202b-4a40-8d0d-22060ac3e23c", + "w": 24, + "x": 24, + "y": 8 + }, + "panelIndex": "18ec1e20-202b-4a40-8d0d-22060ac3e23c", + "panelRefName": "panel_4", + "title": "Access Requests", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Top Active Users" + }, + "gridData": { + "h": 11, + "i": "d2bdec0f-dde1-4925-bf7e-afbc430c0eca", + "w": 24, + "x": 0, + "y": 10 + }, + "panelIndex": "d2bdec0f-dde1-4925-bf7e-afbc430c0eca", + "panelRefName": "panel_5", + "title": "Top Active Users", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Alerts Overview" + }, + "gridData": { + "h": 7, + "i": "3bcc964d-6862-4fdd-9d82-f7510cc02162", + "w": 12, + "x": 24, + "y": 15 + }, + "panelIndex": "3bcc964d-6862-4fdd-9d82-f7510cc02162", + "panelRefName": "panel_6", + "title": "Alerts Overview", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Service Health" + }, + "gridData": { + "h": 7, + "i": "74436614-9dfc-4c38-bc58-8cb76c348f37", + "w": 12, + "x": 36, + "y": 15 + }, + "panelIndex": "74436614-9dfc-4c38-bc58-8cb76c348f37", + "panelRefName": "panel_7", + "title": "Service Health", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Top Resource Groups", + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 19, + "i": "a6f36dfe-b6d6-4dca-b63c-81f5b4f7c8f8", + "w": 24, + "x": 0, + "y": 21 + }, + "panelIndex": "a6f36dfe-b6d6-4dca-b63c-81f5b4f7c8f8", + "panelRefName": "panel_8", + "title": "Top Resource Groups", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 6, + "i": "644c6151-fd05-4b2e-b18e-30843697e932", + "w": 12, + "x": 24, + "y": 22 + }, + "panelIndex": "644c6151-fd05-4b2e-b18e-30843697e932", + "panelRefName": "panel_9", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 6, + "i": "3d5ccff8-6576-4a1c-b3ee-363ae665906e", + "w": 12, + "x": 36, + "y": 22 + }, + "panelIndex": "3d5ccff8-6576-4a1c-b3ee-363ae665906e", + "panelRefName": "panel_10", + "version": "7.4.0" + }, + { + "version": "7.4.0", + "gridData": { + "x": 24, + "y": 28, + "w": 12, + "h": 12, + "i": "1a6dce1d-d039-4d18-87c7-1b700da676c2" + }, + "panelIndex": "1a6dce1d-d039-4d18-87c7-1b700da676c2", + "embeddableConfig": { + "vis": { + "legendOpen": true + }, + "legendOpen": false + }, + "panelRefName": "panel_11" + }, + { + "version": "7.4.0", + "gridData": { + "x": 36, + "y": 28, + "w": 12, + "h": 12, + "i": "8fddd3bb-c1e6-4533-b075-1ab7361b3af0" + }, + "panelIndex": "8fddd3bb-c1e6-4533-b075-1ab7361b3af0", + "embeddableConfig": { + "vis": { + "legendOpen": true + }, + "legendOpen": false + }, + "panelRefName": "panel_12" + } + ], + "timeRestore":false, + "title":"[Filebeat Azure] Cloud Overview", + "version":1 + }, + "id":"41e84340-ec20-11e9-90ec-112a988266d5", + "migrationVersion":{ + "dashboard":"7.3.0" + }, + "references":[ + { + "id": "fe24ac90-f05a-11e9-90ec-112a988266d5", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "097d74d0-f044-11e9-90ec-112a988266d5", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "da67d650-ec14-11e9-90ec-112a988266d5", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "e4c7f4b0-f045-11e9-90ec-112a988266d5", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "709995e0-ec16-11e9-90ec-112a988266d5", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "ffe22180-ec1c-11e9-90ec-112a988266d5", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "52c2a4e0-ec1f-11e9-90ec-112a988266d5", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "bc65e840-ec1e-11e9-90ec-112a988266d5", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "71b62ca0-ec1a-11e9-90ec-112a988266d5", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "f684a750-ec23-11e9-90ec-112a988266d5", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "e37cd3d0-ec23-11e9-90ec-112a988266d5", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "d91ce8d0-53e8-11ea-b1b7-7de801e1c297", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "6db84660-53e9-11ea-b1b7-7de801e1c297", + "name": "panel_12", + "type": "visualization" + } + ], + "type":"dashboard", + "updated_at":"2019-10-18T15:20:07.860Z", + "version":"WzkyMzcsMV0=" + }, + { + "attributes":{ + "description":"", + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "query":{ + "language":"kuery", + "query":"" + } + } + }, + "title":"Navigation Overview [Filebeat Azure]", + "uiStateJSON":{ + + }, + "version":1, + "visState":{ + "aggs":[ + + ], + "params":{ + "fontSize":10, + "markdown":"### Azure Monitoring\n\n[**Overview**](#/dashboard/41e84340-ec20-11e9-90ec-112a988266d5) | [Users](#/dashboard/87095750-f05a-11e9-90ec-112a988266d5) | [Alerts](#/dashboard/0f559cc0-f0d5-11e9-90ec-112a988266d5) ", + "openLinksInNewTab":false + }, + "title":"Navigation Overview [Filebeat Azure]", + "type":"markdown" + } + }, + "id":"fe24ac90-f05a-11e9-90ec-112a988266d5", + "migrationVersion":{ + "visualization":"7.3.1" + }, + "references":[ + + ], + "type":"visualization", + "updated_at":"2019-10-17T11:56:32.153Z", + "version":"WzQ5MzQsMV0=" + }, + { + "attributes":{ + "description":"", + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "query":{ + "language":"kuery", + "query":"" + } + } + }, + "title":"Subscriptions Filter [Filebeat Azure]", + "uiStateJSON":{ + + }, + "version":1, + "visState":{ + "aggs":[ + + ], + "params":{ + "controls":[ + { + "fieldName":"azure.subscription_id", + "id":"1571250866125", + "indexPatternRefName":"control_0_index_pattern", + "label":"Subscription ID", + "options":{ + "dynamicOptions":true, + "multiselect":true, + "order":"desc", + "size":5, + "type":"terms" + }, + "parent":"", + "type":"list" + } + ], + "pinFilters":false, + "updateFiltersOnChange":true, + "useTimeFilter":false + }, + "title":"Subscriptions Filter [Filebeat Azure]", + "type":"input_control_vis" + } + }, + "id":"097d74d0-f044-11e9-90ec-112a988266d5", + "migrationVersion":{ + "visualization":"7.3.1" + }, + "references":[ + { + "id":"filebeat-*", + "name":"control_0_index_pattern", + "type":"index-pattern" + } + ], + "type":"visualization", + "updated_at":"2019-10-16T18:37:41.917Z", + "version":"WzQ0MDEsMV0=" + }, + { + "attributes":{ + "description":"", + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "query":{ + "language":"kuery", + "query":"" + } + } + }, + "title":"Activity Level [Filebeat Azure]", + "uiStateJSON":{ + + }, + "version":1, + "visState":{ + "aggs":[ + + ], + "params":{ + "axis_formatter":"number", + "axis_position":"left", + "axis_scale":"normal", + "default_index_pattern":"metricbeat-*", + "default_timefield":"@timestamp", + "filter":{ + "language":"kuery", + "query":"event.dataset :\"azure.activitylogs\" and event.category :\"Administrative\" " + }, + "id":"61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern":"filebeat-*", + "interval":"", + "isModelInvalid":false, + "series":[ + { + "axis_position":"right", + "chart_type":"bar", + "color":"#68BC00", + "fill":0.5, + "formatter":"number", + "id":"61ca57f1-469d-11e7-af02-69e470af7417", + "line_width":1, + "metrics":[ + { + "id":"61ca57f2-469d-11e7-af02-69e470af7417", + "type":"count" + } + ], + "point_size":1, + "separate_axis":0, + "split_mode":"everything", + "stacked":"none" + } + ], + "show_grid":1, + "show_legend":0, + "time_field":"", + "type":"timeseries" + }, + "title":"Activity Level [Filebeat Azure]", + "type":"metrics" + } + }, + "id":"da67d650-ec14-11e9-90ec-112a988266d5", + "migrationVersion":{ + "visualization":"7.3.1" + }, + "references":[ + + ], + "type":"visualization", + "updated_at":"2019-10-16T18:18:42.561Z", + "version":"WzQzODYsMV0=" + }, + { + "attributes":{ + "description":"", + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.index", + "query":{ + "language":"kuery", + "query":"event.dataset : \"azure.activitylogs\" " + } + } + }, + "title":"Activity Stats [Filebeat Azure]", + "uiStateJSON":{ + + }, + "version":1, + "visState":{ + "aggs":[ + { + "enabled":true, + "id":"1", + "params":{ + "customLabel":"Resources", + "field":"azure.resource.name" + }, + "schema":"metric", + "type":"cardinality" + }, + { + "enabled":true, + "id":"2", + "params":{ + "customLabel":"Users", + "field":"azure.activitylogs.identity.claims_initiated_by_user.name" + }, + "schema":"metric", + "type":"cardinality" + }, + { + "enabled":true, + "id":"3", + "params":{ + "customLabel":"Resource Groups", + "field":"azure.resource.group" + }, + "schema":"metric", + "type":"cardinality" + }, + { + "enabled":true, + "id":"4", + "params":{ + "customLabel":"Subscriptions", + "field":"azure.subscription_id" + }, + "schema":"metric", + "type":"cardinality" + } + ], + "params":{ + "addLegend":false, + "addTooltip":true, + "dimensions":{ + "metrics":[ + { + "accessor":0, + "format":{ + "id":"number", + "params":{ + + } + }, + "type":"vis_dimension" + }, + { + "accessor":1, + "format":{ + "id":"number", + "params":{ + + } + }, + "type":"vis_dimension" + }, + { + "accessor":2, + "format":{ + "id":"number", + "params":{ + + } + }, + "type":"vis_dimension" + } + ] + }, + "metric":{ + "colorSchema":"Green to Red", + "colorsRange":[ + { + "from":0, + "to":10000, + "type":"range" + } + ], + "invertColors":false, + "labels":{ + "show":true + }, + "metricColorMode":"None", + "percentageMode":false, + "style":{ + "bgColor":false, + "bgFill":"#000", + "fontSize":60, + "labelColor":false, + "subText":"" + }, + "useRanges":false + }, + "type":"metric" + }, + "title":"Activity Stats [Filebeat Azure]", + "type":"metric" + } + }, + "id":"e4c7f4b0-f045-11e9-90ec-112a988266d5", + "migrationVersion":{ + "visualization":"7.3.1" + }, + "references":[ + { + "id":"filebeat-*", + "name":"kibanaSavedObjectMeta.searchSourceJSON.index", + "type":"index-pattern" + } + ], + "type":"visualization", + "updated_at":"2019-10-18T09:14:38.537Z", + "version":"WzgwNzYsMV0=" + }, + { + "attributes":{ + "description":"", + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "query":{ + "language":"kuery", + "query":"" + } + } + }, + "title":"Access Requests [Filebeat Azure]", + "uiStateJSON":{ + + }, + "version":1, + "visState":{ + "aggs":[ + + ], + "params":{ + "axis_formatter":"number", + "axis_position":"left", + "axis_scale":"normal", + "default_index_pattern":"metricbeat-*", + "default_timefield":"@timestamp", + "filter":{ + "language":"kuery", + "query":"event.dataset :\"azure.activitylogs\" and azure.activitylogs.operation_name : *LISTKEYS*" + }, + "id":"61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern":"filebeat-*", + "interval":"", + "isModelInvalid":false, + "series":[ + { + "axis_position":"right", + "chart_type":"line", + "color":"#68BC00", + "fill":"0", + "filter":{ + "language":"kuery", + "query":"event.outcome : \"success\" or event.outcome : \"Success\" " + }, + "formatter":"number", + "id":"61ca57f1-469d-11e7-af02-69e470af7417", + "label":"Success", + "line_width":"2", + "metrics":[ + { + "id":"61ca57f2-469d-11e7-af02-69e470af7417", + "type":"count" + } + ], + "point_size":1, + "separate_axis":0, + "split_mode":"filter", + "stacked":"none" + }, + { + "axis_position":"right", + "chart_type":"line", + "color":"rgba(226,115,0,1)", + "fill":"0", + "filter":{ + "language":"kuery", + "query":"event.outcome : \"Failure\" or event.outcome : \"failure\" " + }, + "formatter":"number", + "id":"1b5f75a0-ec15-11e9-b6a7-21d19b63822a", + "label":"Failure", + "line_width":"2", + "metrics":[ + { + "id":"1b5f75a1-ec15-11e9-b6a7-21d19b63822a", + "type":"count" + } + ], + "point_size":1, + "separate_axis":0, + "split_mode":"filter", + "stacked":"none" + } + ], + "show_grid":1, + "show_legend":0, + "time_field":"", + "type":"timeseries" + }, + "title":"Access Requests [Filebeat Azure]", + "type":"metrics" + } + }, + "id":"709995e0-ec16-11e9-90ec-112a988266d5", + "migrationVersion":{ + "visualization":"7.3.1" + }, + "references":[ + + ], + "type":"visualization", + "updated_at":"2019-10-11T11:01:13.406Z", + "version":"WzI3MzYsMV0=" + }, + { + "attributes":{ + "description":"", + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.index", + "query":{ + "language":"kuery", + "query":"" + } + } + }, + "title":"User Tag Cloud [Filebeat Azure]", + "uiStateJSON":{ + + }, + "version":1, + "visState":{ + "aggs":[ + { + "enabled":true, + "id":"1", + "params":{ + + }, + "schema":"metric", + "type":"count" + }, + { + "enabled":true, + "id":"2", + "params":{ + "field":"azure.activitylogs.identity.claims_initiated_by_user.name", + "missingBucket":false, + "missingBucketLabel":"Missing", + "order":"desc", + "orderBy":"1", + "otherBucket":false, + "otherBucketLabel":"Other", + "size":10 + }, + "schema":"segment", + "type":"terms" + } + ], + "params":{ + "bucket":{ + "accessor":0, + "format":{ + "id":"terms", + "params":{ + "id":"string", + "missingBucketLabel":"Missing", + "otherBucketLabel":"Other" + } + }, + "type":"vis_dimension" + }, + "maxFontSize":32, + "metric":{ + "accessor":1, + "format":{ + "id":"string", + "params":{ + + } + }, + "type":"vis_dimension" + }, + "minFontSize":12, + "orientation":"single", + "scale":"linear", + "showLabel":true + }, + "title":"User Tag Cloud [Filebeat Azure]", + "type":"tagcloud" + } + }, + "id":"ffe22180-ec1c-11e9-90ec-112a988266d5", + "migrationVersion":{ + "visualization":"7.3.1" + }, + "references":[ + { + "id":"filebeat-*", + "name":"kibanaSavedObjectMeta.searchSourceJSON.index", + "type":"index-pattern" + } + ], + "type":"visualization", + "updated_at":"2019-10-18T09:12:32.252Z", + "version":"WzgwNzEsMV0=" + }, + { + "attributes":{ + "description":"", + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "query":{ + "language":"kuery", + "query":"" + } + } + }, + "title":"Alerts Overview [Filebeat Azure]", + "uiStateJSON":{ + + }, + "version":1, + "visState":{ + "aggs":[ + + ], + "params":{ + "axis_formatter":"number", + "axis_position":"left", + "axis_scale":"normal", + "default_index_pattern":"metricbeat-*", + "default_timefield":"@timestamp", + "filter":{ + "language":"kuery", + "query":"event.dataset :\"azure.activitylogs\" and event.category : \"Alert\"" + }, + "id":"61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern":"filebeat-*", + "interval":"", + "isModelInvalid":false, + "series":[ + { + "axis_position":"right", + "chart_type":"line", + "color":"rgba(252,220,0,1)", + "fill":0.5, + "filter":{ + "language":"kuery", + "query":"event.outcome: \"Activated\"" + }, + "formatter":"number", + "hide_in_legend":0, + "id":"61ca57f1-469d-11e7-af02-69e470af7417", + "line_width":1, + "metrics":[ + { + "id":"61ca57f2-469d-11e7-af02-69e470af7417", + "type":"count" + } + ], + "point_size":1, + "separate_axis":0, + "split_mode":"filter", + "stacked":"none" + }, + { + "axis_position":"right", + "chart_type":"line", + "color":"#68BC00", + "fill":0.5, + "filter":{ + "language":"kuery", + "query":"event.outcome: \"Resolved\" or event.outcome: \"Succeeded\"" + }, + "formatter":"number", + "hide_in_legend":0, + "id":"5a52f170-ec1e-11e9-b6a7-21d19b63822a", + "line_width":1, + "metrics":[ + { + "id":"5a52f171-ec1e-11e9-b6a7-21d19b63822a", + "type":"count" + } + ], + "point_size":1, + "separate_axis":0, + "split_mode":"filter", + "stacked":"none" + } + ], + "show_grid":1, + "show_legend":0, + "time_field":"", + "type":"timeseries" + }, + "title":"Alerts Overview [Filebeat Azure]", + "type":"metrics" + } + }, + "id":"52c2a4e0-ec1f-11e9-90ec-112a988266d5", + "migrationVersion":{ + "visualization":"7.3.1" + }, + "references":[ + + ], + "type":"visualization", + "updated_at":"2019-10-16T18:41:58.846Z", + "version":"WzQ0MDcsMV0=" + }, + { + "attributes":{ + "description":"", + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "query":{ + "language":"kuery", + "query":"" + } + } + }, + "title":"Service Health Overview [Filebeat Azure]", + "uiStateJSON":{ + + }, + "version":1, + "visState":{ + "aggs":[ + + ], + "params":{ + "axis_formatter":"number", + "axis_position":"left", + "axis_scale":"normal", + "default_index_pattern":"metricbeat-*", + "default_timefield":"@timestamp", + "filter":{ + "language":"kuery", + "query":"event.dataset :\"azure.activitylogs\" and event.category : \"ServiceHealth\"" + }, + "id":"61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern":"filebeat-*", + "interval":"", + "isModelInvalid":false, + "series":[ + { + "axis_position":"right", + "chart_type":"line", + "color":"rgba(252,220,0,1)", + "fill":0.5, + "filter":{ + "language":"kuery", + "query":"event.outcome: \"Active\"" + }, + "formatter":"number", + "hide_in_legend":0, + "id":"61ca57f1-469d-11e7-af02-69e470af7417", + "line_width":1, + "metrics":[ + { + "id":"61ca57f2-469d-11e7-af02-69e470af7417", + "type":"count" + } + ], + "point_size":1, + "separate_axis":0, + "split_mode":"filter", + "stacked":"none" + }, + { + "axis_position":"right", + "chart_type":"line", + "color":"#68BC00", + "fill":0.5, + "filter":{ + "language":"kuery", + "query":"event.outcome: \"Resolved\" " + }, + "formatter":"number", + "hide_in_legend":0, + "id":"5a52f170-ec1e-11e9-b6a7-21d19b63822a", + "line_width":1, + "metrics":[ + { + "id":"5a52f171-ec1e-11e9-b6a7-21d19b63822a", + "type":"count" + } + ], + "point_size":1, + "separate_axis":0, + "split_mode":"filter", + "stacked":"none" + } + ], + "show_grid":1, + "show_legend":0, + "time_field":"", + "type":"timeseries" + }, + "title":"Service Health Overview [Filebeat Azure]", + "type":"metrics" + } + }, + "id":"bc65e840-ec1e-11e9-90ec-112a988266d5", + "migrationVersion":{ + "visualization":"7.3.1" + }, + "references":[ + + ], + "type":"visualization", + "updated_at":"2019-10-16T18:40:07.894Z", + "version":"WzQ0MDQsMV0=" + }, + { + "attributes":{ + "description":"", + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.index", + "query":{ + "language":"kuery", + "query":"" + } + } + }, + "title":"Top Resource Groups [Filebeat Azure]", + "uiStateJSON":{ + + }, + "version":1, + "visState":{ + "aggs":[ + { + "enabled":true, + "id":"1", + "params":{ + + }, + "schema":"metric", + "type":"count" + }, + { + "enabled":true, + "id":"2", + "params":{ + "customLabel":"Resource Groups", + "field":"azure.resource.group", + "missingBucket":false, + "missingBucketLabel":"Missing", + "order":"desc", + "orderBy":"1", + "otherBucket":false, + "otherBucketLabel":"Other", + "size":10 + }, + "schema":"segment", + "type":"terms" + } + ], + "params":{ + "addLegend":true, + "addTimeMarker":false, + "addTooltip":true, + "categoryAxes":[ + { + "id":"CategoryAxis-1", + "labels":{ + "filter":false, + "rotate":0, + "show":true, + "truncate":200 + }, + "position":"left", + "scale":{ + "type":"linear" + }, + "show":true, + "style":{ + + }, + "title":{ + + }, + "type":"category" + } + ], + "dimensions":{ + "x":{ + "accessor":0, + "aggType":"terms", + "format":{ + "id":"terms", + "params":{ + "id":"string", + "missingBucketLabel":"Missing", + "otherBucketLabel":"Other" + } + }, + "params":{ + + } + }, + "y":[ + { + "accessor":1, + "aggType":"count", + "format":{ + "id":"number" + }, + "params":{ + + } + } + ] + }, + "grid":{ + "categoryLines":false + }, + "labels":{ + + }, + "legendPosition":"right", + "seriesParams":[ + { + "data":{ + "id":"1", + "label":"Count" + }, + "drawLinesBetweenPoints":true, + "mode":"normal", + "show":true, + "showCircles":true, + "type":"histogram", + "valueAxis":"ValueAxis-1" + } + ], + "times":[ + + ], + "type":"histogram", + "valueAxes":[ + { + "id":"ValueAxis-1", + "labels":{ + "filter":true, + "rotate":75, + "show":true, + "truncate":100 + }, + "name":"LeftAxis-1", + "position":"bottom", + "scale":{ + "mode":"normal", + "type":"linear" + }, + "show":false, + "style":{ + + }, + "title":{ + "text":"Count" + }, + "type":"value" + } + ] + }, + "title":"Top Resource Groups [Filebeat Azure]", + "type":"horizontal_bar" + } + }, + "id":"71b62ca0-ec1a-11e9-90ec-112a988266d5", + "migrationVersion":{ + "visualization":"7.3.1" + }, + "references":[ + { + "id":"filebeat-*", + "name":"kibanaSavedObjectMeta.searchSourceJSON.index", + "type":"index-pattern" + } + ], + "type":"visualization", + "updated_at":"2019-10-17T14:50:09.427Z", + "version":"WzYxMTUsMV0=" + }, + { + "attributes":{ + "description":"", + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.index", + "query":{ + "language":"kuery", + "query":"event.dataset :\"azure.activitylogs\" and event.category : \"Alert\" " + } + } + }, + "title":"Alerts Count [Filebeat Azure]", + "uiStateJSON":{ + + }, + "version":1, + "visState":{ + "aggs":[ + { + "enabled":true, + "id":"1", + "params":{ + "customLabel":"Alerts" + }, + "schema":"metric", + "type":"count" + }, + { + "enabled":true, + "id":"2", + "params":{ + "filters":[ + { + "input":{ + "language":"kuery", + "query":"event.outcome : \"Activated\"" + }, + "label":"Activated" + }, + { + "input":{ + "language":"kuery", + "query":"event.outcome : \"Resolved\"" + }, + "label":"Resolved" + }, + { + "input":{ + "language":"kuery", + "query":"event.outcome : \"Succeeded\"" + }, + "label":"Succeeded" + } + ] + }, + "schema":"group", + "type":"filters" + } + ], + "params":{ + "addLegend":false, + "addTooltip":true, + "dimensions":{ + "bucket":{ + "accessor":0, + "format":{ + "id":"string", + "params":{ + + } + }, + "type":"vis_dimension" + }, + "metrics":[ + { + "accessor":1, + "format":{ + "id":"number", + "params":{ + + } + }, + "type":"vis_dimension" + } + ] + }, + "metric":{ + "colorSchema":"Green to Red", + "colorsRange":[ + { + "from":0, + "to":10000, + "type":"range" + } + ], + "invertColors":false, + "labels":{ + "show":true + }, + "metricColorMode":"None", + "percentageMode":false, + "style":{ + "bgColor":false, + "bgFill":"#000", + "fontSize":60, + "labelColor":false, + "subText":"" + }, + "useRanges":false + }, + "type":"metric" + }, + "title":"Alerts Count [Filebeat Azure]", + "type":"metric" + } + }, + "id":"f684a750-ec23-11e9-90ec-112a988266d5", + "migrationVersion":{ + "visualization":"7.3.1" + }, + "references":[ + { + "id":"filebeat-*", + "name":"kibanaSavedObjectMeta.searchSourceJSON.index", + "type":"index-pattern" + } + ], + "type":"visualization", + "updated_at":"2019-10-16T18:44:12.955Z", + "version":"WzQ0MTAsMV0=" + }, + { + "attributes":{ + "description":"", + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.index", + "query":{ + "language":"kuery", + "query":"event.dataset :\"azure.activitylogs\" and event.category : \"ServiceHealth\" " + } + } + }, + "title":"Service Health Count [Filebeat Azure]", + "uiStateJSON":{ + + }, + "version":1, + "visState":{ + "aggs":[ + { + "enabled":true, + "id":"1", + "params":{ + "customLabel":"Incidents" + }, + "schema":"metric", + "type":"count" + }, + { + "enabled":true, + "id":"2", + "params":{ + "filters":[ + { + "input":{ + "language":"kuery", + "query":"event.outcome : \"Active\"" + }, + "label":"Active" + }, + { + "input":{ + "language":"kuery", + "query":"event.outcome : \"Resolved\"" + }, + "label":"Resolved" + } + ] + }, + "schema":"group", + "type":"filters" + } + ], + "params":{ + "addLegend":false, + "addTooltip":true, + "dimensions":{ + "bucket":{ + "accessor":0, + "format":{ + "id":"string", + "params":{ + + } + }, + "type":"vis_dimension" + }, + "metrics":[ + { + "accessor":1, + "format":{ + "id":"number", + "params":{ + + } + }, + "type":"vis_dimension" + } + ] + }, + "metric":{ + "colorSchema":"Green to Red", + "colorsRange":[ + { + "from":0, + "to":10000, + "type":"range" + } + ], + "invertColors":false, + "labels":{ + "show":true + }, + "metricColorMode":"None", + "percentageMode":false, + "style":{ + "bgColor":false, + "bgFill":"#000", + "fontSize":60, + "labelColor":false, + "subText":"" + }, + "useRanges":false + }, + "type":"metric" + }, + "title":"Service Health Count [Filebeat Azure]", + "type":"metric" + } + }, + "id":"e37cd3d0-ec23-11e9-90ec-112a988266d5", + "migrationVersion":{ + "visualization":"7.3.1" + }, + "references":[ + { + "id":"filebeat-*", + "name":"kibanaSavedObjectMeta.searchSourceJSON.index", + "type":"index-pattern" + } + ], + "type":"visualization", + "updated_at":"2019-10-16T18:45:10.848Z", + "version":"WzQ0MTEsMV0=" + }, + { + "attributes":{ + "description":"", + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.index", + "query":{ + "language":"kuery", + "query":"event.dataset :\"azure.activitylogs\" " + } + } + }, + "title":"Resource Creations [Filebeat Azure]", + "uiStateJSON":{ + + }, + "version":1, + "visState":{ + "title":"Resource Creations [Filebeat Azure]", + "type":"horizontal_bar", + "params":{ + "addLegend":true, + "addTimeMarker":false, + "addTooltip":true, + "categoryAxes":[ + { + "id":"CategoryAxis-1", + "labels":{ + "filter":false, + "rotate":0, + "show":true, + "truncate":200 + }, + "position":"left", + "scale":{ + "type":"linear" + }, + "show":true, + "style":{ + + }, + "title":{ + + }, + "type":"category" + } + ], + "dimensions":{ + "series":[ + { + "accessor":1, + "aggType":"terms", + "format":{ + "id":"terms", + "params":{ + "id":"string", + "missingBucketLabel":"Missing", + "otherBucketLabel":"Other" + } + }, + "label":"Creations", + "params":{ + + } + } + ], + "x":{ + "accessor":0, + "aggType":"terms", + "format":{ + "id":"terms", + "params":{ + "id":"string", + "missingBucketLabel":"Missing", + "otherBucketLabel":"Other" + } + }, + "label":"Resource type", + "params":{ + + } + }, + "y":[ + { + "accessor":2, + "aggType":"count", + "format":{ + "id":"number" + }, + "label":"Count", + "params":{ + + } + } + ] + }, + "grid":{ + "categoryLines":false, + "valueAxis":"" + }, + "labels":{ + + }, + "legendPosition":"right", + "seriesParams":[ + { + "data":{ + "id":"1", + "label":"Count" + }, + "drawLinesBetweenPoints":true, + "lineWidth":2, + "mode":"stacked", + "show":true, + "showCircles":true, + "type":"histogram", + "valueAxis":"ValueAxis-1" + } + ], + "thresholdLine":{ + "color":"#E7664C", + "show":false, + "style":"full", + "value":10, + "width":1 + }, + "times":[ + + ], + "type":"histogram", + "valueAxes":[ + { + "id":"ValueAxis-1", + "labels":{ + "filter":true, + "rotate":75, + "show":true, + "truncate":100 + }, + "name":"LeftAxis-1", + "position":"bottom", + "scale":{ + "mode":"normal", + "type":"linear" + }, + "show":false, + "style":{ + + }, + "title":{ + "text":"Count" + }, + "type":"value" + } + ] + }, + "aggs":[ + { + "id":"1", + "enabled":true, + "type":"count", + "schema":"metric", + "params":{ + + } + }, + { + "id":"2", + "enabled":true, + "type":"terms", + "schema":"segment", + "params":{ + "field":"azure.resource.provider", + "orderBy":"1", + "order":"desc", + "size":15, + "otherBucket":false, + "otherBucketLabel":"Other", + "missingBucket":false, + "missingBucketLabel":"Missing", + "customLabel":"Resource type" + } + }, + { + "id":"4", + "enabled":true, + "type":"terms", + "schema":"group", + "params":{ + "field":"azure.activitylogs.identity.authorization.action", + "orderBy":"1", + "order":"desc", + "size":15, + "otherBucket":false, + "otherBucketLabel":"Other", + "missingBucket":false, + "missingBucketLabel":"Missing", + "include":".*write", + "customLabel":"Creations" + } + } + ] + } + }, + "id":"d91ce8d0-53e8-11ea-b1b7-7de801e1c297", + "migrationVersion":{ + "visualization":"7.3.1" + }, + "references":[ + { + "id":"filebeat-*", + "name":"kibanaSavedObjectMeta.searchSourceJSON.index", + "type":"index-pattern" + } + ], + "type":"visualization", + "updated_at":"2020-02-20T13:57:45.235Z", + "version":"WzU4OSwxXQ==" + }, + { + "attributes":{ + "description":"", + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.index", + "query":{ + "language":"kuery", + "query":"event.dataset :\"azure.activitylogs\" " + } + } + }, + "title":"Resource Deletions [Filebeat Azure]", + "uiStateJSON": { + + }, + "version":1, + "visState":{ + "title": "Resource Deletions [Filebeat Azure]", + "type": "horizontal_bar", + "params": { + "type": "histogram", + "grid": { + "categoryLines": false + }, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "type": "category", + "position": "left", + "show": true, + "style": {}, + "scale": { + "type": "linear" + }, + "labels": { + "show": true, + "rotate": 0, + "filter": false, + "truncate": 200 + }, + "title": {} + } + ], + "valueAxes": [ + { + "id": "ValueAxis-1", + "name": "LeftAxis-1", + "type": "value", + "position": "bottom", + "show": true, + "style": {}, + "scale": { + "type": "linear", + "mode": "normal" + }, + "labels": { + "show": false, + "rotate": 75, + "filter": true, + "truncate": 100 + }, + "title": { + "text": "Count" + } + } + ], + "seriesParams": [ + { + "show": true, + "type": "histogram", + "mode": "normal", + "data": { + "label": "Count", + "id": "1" + }, + "valueAxis": "ValueAxis-1", + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "showCircles": true + } + ], + "addTooltip": true, + "addLegend": true, + "legendPosition": "right", + "times": [], + "addTimeMarker": false, + "labels": {}, + "thresholdLine": { + "show": false, + "value": 10, + "width": 1, + "style": "full", + "color": "#E7664C" + }, + "dimensions": { + "x": { + "accessor": 0, + "format": { + "id": "terms", + "params": { + "id": "string", + "otherBucketLabel": "Other", + "missingBucketLabel": "Missing" + } + }, + "params": {}, + "label": "azure.resource.provider: Descending", + "aggType": "terms" + }, + "y": [ + { + "accessor": 2, + "format": { + "id": "number" + }, + "params": {}, + "label": "Count", + "aggType": "count" + } + ], + "series": [ + { + "accessor": 1, + "format": { + "id": "terms", + "params": { + "id": "string", + "otherBucketLabel": "Other", + "missingBucketLabel": "Missing" + } + }, + "params": {}, + "label": "Deletions", + "aggType": "terms" + } + ] + } + }, + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "schema": "metric", + "params": {} + }, + { + "id": "2", + "enabled": true, + "type": "terms", + "schema": "segment", + "params": { + "field": "azure.resource.provider", + "orderBy": "1", + "order": "desc", + "size": 15, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Resource type" + } + }, + { + "id": "3", + "enabled": true, + "type": "terms", + "schema": "group", + "params": { + "field": "azure.activitylogs.identity.authorization.action", + "orderBy": "1", + "order": "desc", + "size": 15, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "include": ".*delete", + "customLabel": "Deletions" + } + } + ] + } + }, + "id":"6db84660-53e9-11ea-b1b7-7de801e1c297", + "migrationVersion":{ + "visualization":"7.3.1" + }, + "references":[ + { + "id":"filebeat-*", + "name":"kibanaSavedObjectMeta.searchSourceJSON.index", + "type":"index-pattern" + } + ], + "type":"visualization", + "updated_at":"2020-02-20T14:01:02.150Z", + "version":"WzU5MiwxXQ==" + } + ], + "version":"7.4.0" +} diff --git a/filebeat/module/azure/_meta/kibana/7/dashboard/Filebeat-azure-user-activity.json b/filebeat/module/azure/_meta/kibana/7/dashboard/Filebeat-azure-user-activity.json new file mode 100644 index 00000000000..33fec90f0c6 --- /dev/null +++ b/filebeat/module/azure/_meta/kibana/7/dashboard/Filebeat-azure-user-activity.json @@ -0,0 +1,1675 @@ +{ + "objects":[ + { + "attributes":{ + "description":"This dashboard shows expanded user activity in Azure cloud.", + "hits":0, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + { + "$state":{ + "store":"appState" + }, + "exists":{ + "field":"azure.activitylogs.identity.claims_initiated_by_user.fullname" + }, + "meta":{ + "alias":null, + "disabled":false, + "indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key":"azure.activitylogs.identity.claims_initiated_by_user.fullname", + "negate":false, + "type":"exists", + "value":"exists" + } + } + ], + "query":{ + "language":"kuery", + "query":"" + } + } + }, + "optionsJSON":{ + "hidePanelTitles":false, + "useMargins":true + }, + "panelsJSON":[ + { + "embeddableConfig":{ + "title":"" + }, + "gridData":{ + "h":4, + "i":"675f172f-dbec-44fe-b45c-fe854a967695", + "w":8, + "x":0, + "y":0 + }, + "panelIndex":"675f172f-dbec-44fe-b45c-fe854a967695", + "panelRefName":"panel_0", + "version":"7.4.0" + }, + { + "embeddableConfig":{ + "title":"" + }, + "gridData":{ + "h":4, + "i":"705596b5-db2e-4c45-875d-95d98bfb7ee8", + "w":16, + "x":8, + "y":0 + }, + "panelIndex":"705596b5-db2e-4c45-875d-95d98bfb7ee8", + "panelRefName":"panel_1", + "version":"7.4.0" + }, + { + "embeddableConfig":{ + + }, + "gridData":{ + "h":9, + "i":"ace19840-2084-45bd-bf86-9ab31b04a17b", + "w":24, + "x":24, + "y":0 + }, + "panelIndex":"ace19840-2084-45bd-bf86-9ab31b04a17b", + "panelRefName":"panel_2", + "version":"7.4.0" + }, + { + "embeddableConfig":{ + "title":"Users List" + }, + "gridData":{ + "h":15, + "i":"d4d708e1-d179-4688-8005-54e2162a82d2", + "w":11, + "x":0, + "y":4 + }, + "panelIndex":"d4d708e1-d179-4688-8005-54e2162a82d2", + "panelRefName":"panel_3", + "title":"Users List", + "version":"7.4.0" + }, + { + "embeddableConfig":{ + "title":"Top Caller IPs" + }, + "gridData":{ + "h":15, + "i":"5774219c-fb45-4480-bdfb-75a69bdc2cfe", + "w":13, + "x":11, + "y":4 + }, + "panelIndex":"5774219c-fb45-4480-bdfb-75a69bdc2cfe", + "panelRefName":"panel_4", + "title":"Top Caller IPs", + "version":"7.4.0" + }, + { + "embeddableConfig":{ + + }, + "gridData":{ + "h":10, + "i":"5deee186-fe00-4edc-9e5b-86d8d09f6550", + "w":24, + "x":24, + "y":9 + }, + "panelIndex":"5deee186-fe00-4edc-9e5b-86d8d09f6550", + "panelRefName":"panel_5", + "version":"7.4.0" + }, + { + "embeddableConfig":{ + "title":"Top Resource Groups", + "vis":{ + "legendOpen":false + } + }, + "gridData":{ + "h":15, + "i":"2fa13b32-c544-45f7-9132-620d09d121eb", + "w":16, + "x":0, + "y":19 + }, + "panelIndex":"2fa13b32-c544-45f7-9132-620d09d121eb", + "panelRefName":"panel_6", + "title":"Top Resource Groups", + "version":"7.4.0" + }, + { + "version":"7.4.0", + "gridData":{ + "x":16, + "y":19, + "w":17, + "h":7, + "i":"1a6dce1d-d039-4d18-87c7-1b700da676c2" + }, + "panelIndex":"1a6dce1d-d039-4d18-87c7-1b700da676c2", + "embeddableConfig":{ + "vis":{ + "legendOpen":true + }, + "legendOpen":false + }, + "panelRefName":"panel_7" + }, + { + "version":"7.4.0", + "gridData":{ + "x":16, + "y":26, + "w":17, + "h":8, + "i":"8fddd3bb-c1e6-4533-b075-1ab7361b3af0" + }, + "panelIndex":"8fddd3bb-c1e6-4533-b075-1ab7361b3af0", + "embeddableConfig":{ + "vis":{ + "legendOpen":true + }, + "legendOpen":false + }, + "panelRefName":"panel_8" + }, + { + "embeddableConfig":{ + "title":"Top Resource Types" + }, + "gridData":{ + "h":15, + "i":"84583e62-1aad-4f03-a25a-c4f9eaace8c0", + "w":15, + "x":33, + "y":19 + }, + "panelIndex":"84583e62-1aad-4f03-a25a-c4f9eaace8c0", + "panelRefName":"panel_9", + "title":"Top Resource Types", + "version":"7.4.0" + } + ], + "timeRestore":false, + "title":"[Filebeat Azure] User Activity", + "version":1 + }, + "id":"87095750-f05a-11e9-90ec-112a988266d5", + "migrationVersion":{ + "dashboard":"7.3.0" + }, + "references":[ + { + "id":"filebeat-*", + "name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type":"index-pattern" + }, + { + "id":"c43855e0-f05a-11e9-90ec-112a988266d5", + "name":"panel_0", + "type":"visualization" + }, + { + "id":"b0471750-f05b-11e9-90ec-112a988266d5", + "name":"panel_1", + "type":"visualization" + }, + { + "id":"e0203fc0-f05f-11e9-90ec-112a988266d5", + "name":"panel_2", + "type":"visualization" + }, + { + "id":"52da1700-f05d-11e9-90ec-112a988266d5", + "name":"panel_3", + "type":"visualization" + }, + { + "id":"6ece76d0-f0cc-11e9-90ec-112a988266d5", + "name":"panel_4", + "type":"visualization" + }, + { + "id":"0dd135c0-f0cc-11e9-90ec-112a988266d5", + "name":"panel_5", + "type":"visualization" + }, + { + "id":"71b62ca0-ec1a-11e9-90ec-112a988266d5", + "name":"panel_6", + "type":"visualization" + }, + { + "id":"d91ce8d0-53e8-11ea-b1b7-7de801e1c297", + "name":"panel_7", + "type":"visualization" + }, + { + "id":"6db84660-53e9-11ea-b1b7-7de801e1c297", + "name":"panel_8", + "type":"visualization" + }, + { + "id":"9ed46680-f0ce-11e9-90ec-112a988266d5", + "name":"panel_9", + "type":"visualization" + } + ], + "type":"dashboard", + "updated_at":"2019-10-18T17:27:59.187Z", + "version":"WzkyNDUsMV0=" + }, + { + "attributes":{ + "description":"", + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "query":{ + "language":"kuery", + "query":"" + } + } + }, + "title":"Navigation Users [Filebeat Azure]", + "uiStateJSON":{ + + }, + "version":1, + "visState":{ + "aggs":[ + + ], + "params":{ + "fontSize":10, + "markdown":"### Azure Monitoring\n\n[Overview](#/dashboard/41e84340-ec20-11e9-90ec-112a988266d5) | [**Users**](#/dashboard/87095750-f05a-11e9-90ec-112a988266d5) | [Alerts](#/dashboard/0f559cc0-f0d5-11e9-90ec-112a988266d5) ", + "openLinksInNewTab":false + }, + "title":"Navigation Users [Filebeat Azure]", + "type":"markdown" + } + }, + "id":"c43855e0-f05a-11e9-90ec-112a988266d5", + "migrationVersion":{ + "visualization":"7.3.1" + }, + "references":[ + + ], + "type":"visualization", + "updated_at":"2019-10-17T11:56:56.135Z", + "version":"WzQ5MzYsMV0=" + }, + { + "attributes":{ + "description":"", + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "query":{ + "language":"kuery", + "query":"" + } + } + }, + "title":"User Filters [Filebeat Azure]", + "uiStateJSON":{ + + }, + "version":1, + "visState":{ + "aggs":[ + + ], + "params":{ + "controls":[ + { + "fieldName":"azure.subscription_id", + "id":"1517598395667", + "indexPatternRefName":"control_0_index_pattern", + "label":"Subscription", + "options":{ + "dynamicOptions":true, + "multiselect":true, + "order":"desc", + "size":100, + "type":"terms" + }, + "type":"list" + }, + { + "fieldName":"azure.activitylogs.identity.claims_initiated_by_user.name", + "id":"1518843942322", + "indexPatternRefName":"control_1_index_pattern", + "label":"User Email", + "options":{ + "dynamicOptions":true, + "multiselect":true, + "order":"desc", + "size":100, + "type":"terms" + }, + "type":"list" + } + ], + "pinFilters":false, + "updateFiltersOnChange":true, + "useTimeFilter":false + }, + "title":"User Filters [Filebeat Azure]", + "type":"input_control_vis" + } + }, + "id":"b0471750-f05b-11e9-90ec-112a988266d5", + "migrationVersion":{ + "visualization":"7.3.1" + }, + "references":[ + { + "id":"filebeat-*", + "name":"control_0_index_pattern", + "type":"index-pattern" + }, + { + "id":"filebeat-*", + "name":"control_1_index_pattern", + "type":"index-pattern" + } + ], + "type":"visualization", + "updated_at":"2019-10-18T09:36:45.050Z", + "version":"Wzg0NTcsMV0=" + }, + { + "attributes":{ + "description":"", + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "query":{ + "language":"kuery", + "query":"" + } + } + }, + "title":"User Activity Overview [Filebeat Azure]", + "uiStateJSON":{ + + }, + "version":1, + "visState":{ + "aggs":[ + + ], + "params":{ + "axis_formatter":"number", + "axis_position":"left", + "axis_scale":"normal", + "default_index_pattern":"metricbeat-*", + "default_timefield":"@timestamp", + "filter":{ + "language":"kuery", + "query":"event.dataset :\"azure.activitylogs\" and event.category :\"Administrative\" and azure.activitylogs.identity.claims_initiated_by_user.fullname :*" + }, + "id":"61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern":"filebeat-*", + "interval":"auto", + "isModelInvalid":false, + "series":[ + { + "axis_position":"right", + "chart_type":"bar", + "color":"rgba(1,155,143,1)", + "fill":"0.4", + "filter":"", + "formatter":"number", + "hide_in_legend":0, + "id":"61ca57f1-469d-11e7-af02-69e470af7417", + "label":"Actions", + "line_width":1, + "metrics":[ + { + "id":"61ca57f2-469d-11e7-af02-69e470af7417", + "type":"count" + } + ], + "point_size":1, + "seperate_axis":0, + "split_filters":[ + { + "color":"rgba(244,78,59,1)", + "filter":"_exists_:identity.claims.name", + "id":"a5302500-1399-11e8-a699-f390e75f4dd5", + "label":"" + } + ], + "split_mode":"everything", + "stacked":"none" + } + ], + "show_grid":1, + "show_legend":0, + "time_field":null, + "type":"timeseries" + }, + "title":"User Activity Overview [Filebeat Azure]", + "type":"metrics" + } + }, + "id":"e0203fc0-f05f-11e9-90ec-112a988266d5", + "migrationVersion":{ + "visualization":"7.3.1" + }, + "references":[ + + ], + "type":"visualization", + "updated_at":"2019-10-18T17:27:33.254Z", + "version":"WzkyNDMsMV0=" + }, + { + "attributes":{ + "description":"", + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.index", + "query":{ + "language":"lucene", + "query":"" + } + } + }, + "title":"Users List [Filebeat Azure]", + "uiStateJSON":{ + "vis":{ + "params":{ + "sort":{ + "columnIndex":null, + "direction":null + } + } + } + }, + "version":1, + "visState":{ + "aggs":[ + { + "enabled":true, + "id":"2", + "params":{ + "customLabel":"Email", + "field":"azure.activitylogs.identity.claims_initiated_by_user.name", + "missingBucket":false, + "missingBucketLabel":"Missing", + "order":"desc", + "orderBy":"1", + "otherBucket":false, + "otherBucketLabel":"Other", + "size":20 + }, + "schema":"bucket", + "type":"terms" + }, + { + "enabled":true, + "id":"3", + "params":{ + "customLabel":"Name", + "field":"azure.activitylogs.identity.claims_initiated_by_user.fullname", + "missingBucket":false, + "missingBucketLabel":"Missing", + "order":"desc", + "orderBy":"1", + "otherBucket":false, + "otherBucketLabel":"Other", + "size":5 + }, + "schema":"bucket", + "type":"terms" + }, + { + "enabled":true, + "id":"5", + "params":{ + "customLabel":"IPs", + "field":"source.ip" + }, + "schema":"metric", + "type":"cardinality" + }, + { + "enabled":true, + "id":"1", + "params":{ + "customLabel":"Actions" + }, + "schema":"metric", + "type":"count" + } + ], + "params":{ + "dimensions":{ + "buckets":[ + { + "accessor":0, + "aggType":"terms", + "format":{ + "id":"terms", + "params":{ + "id":"string", + "missingBucketLabel":"Missing", + "otherBucketLabel":"Other" + } + }, + "params":{ + + } + }, + { + "accessor":1, + "aggType":"terms", + "format":{ + "id":"terms", + "params":{ + "id":"string", + "missingBucketLabel":"Missing", + "otherBucketLabel":"Other" + } + }, + "params":{ + + } + } + ], + "metrics":[ + { + "accessor":2, + "aggType":"cardinality", + "format":{ + "id":"number" + }, + "params":{ + + } + }, + { + "accessor":3, + "aggType":"count", + "format":{ + "id":"number" + }, + "params":{ + + } + } + ] + }, + "perPage":10, + "percentageCol":"", + "showMetricsAtAllLevels":false, + "showPartialRows":false, + "showTotal":false, + "sort":{ + "columnIndex":null, + "direction":null + }, + "totalFunc":"sum" + }, + "title":"Users List [Filebeat Azure]", + "type":"table" + } + }, + "id":"52da1700-f05d-11e9-90ec-112a988266d5", + "migrationVersion":{ + "visualization":"7.3.1" + }, + "references":[ + { + "id":"filebeat-*", + "name":"kibanaSavedObjectMeta.searchSourceJSON.index", + "type":"index-pattern" + } + ], + "type":"visualization", + "updated_at":"2019-10-18T09:05:04.252Z", + "version":"WzgwNjAsMV0=" + }, + { + "attributes":{ + "description":"", + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.index", + "query":{ + "language":"kuery", + "query":"event.dataset :\"azure.activitylogs\" " + } + } + }, + "title":"Caller IP [Filebeat Azure]", + "uiStateJSON":{ + "vis":{ + "params":{ + "sort":{ + "columnIndex":null, + "direction":null + } + } + } + }, + "version":1, + "visState":{ + "aggs":[ + { + "enabled":true, + "id":"2", + "params":{ + "customLabel":"Caller IP", + "field":"source.ip", + "missingBucket":false, + "missingBucketLabel":"Missing", + "order":"desc", + "orderBy":"5", + "otherBucket":false, + "otherBucketLabel":"Other", + "size":100 + }, + "schema":"bucket", + "type":"terms" + }, + { + "enabled":true, + "id":"3", + "params":{ + "customLabel":"Country", + "field":"geo.country_name", + "missingBucket":false, + "missingBucketLabel":"Missing", + "order":"desc", + "orderBy":"5", + "otherBucket":false, + "otherBucketLabel":"Other", + "size":100 + }, + "schema":"bucket", + "type":"terms" + }, + { + "enabled":true, + "id":"4", + "params":{ + "customLabel":"Email", + "field":"azure.activitylogs.identity.claims_initiated_by_user.name", + "missingBucket":false, + "missingBucketLabel":"Missing", + "order":"desc", + "orderBy":"_key", + "otherBucket":false, + "otherBucketLabel":"Other", + "size":5 + }, + "schema":"bucket", + "type":"terms" + }, + { + "enabled":true, + "id":"5", + "params":{ + + }, + "schema":"metric", + "type":"count" + } + ], + "params":{ + "dimensions":{ + "buckets":[ + { + "accessor":0, + "aggType":"terms", + "format":{ + "id":"terms", + "params":{ + "id":"ip", + "missingBucketLabel":"Missing", + "otherBucketLabel":"Other" + } + }, + "params":{ + + } + }, + { + "accessor":1, + "aggType":"terms", + "format":{ + "id":"terms", + "params":{ + "id":"string", + "missingBucketLabel":"Missing", + "otherBucketLabel":"Other" + } + }, + "params":{ + + } + }, + { + "accessor":2, + "aggType":"terms", + "format":{ + "id":"terms", + "params":{ + "id":"string", + "missingBucketLabel":"Missing", + "otherBucketLabel":"Other" + } + }, + "params":{ + + } + } + ], + "metrics":[ + { + "accessor":3, + "aggType":"count", + "format":{ + "id":"number" + }, + "params":{ + + } + } + ] + }, + "perPage":10, + "percentageCol":"", + "showMetricsAtAllLevels":false, + "showPartialRows":false, + "showTotal":false, + "sort":{ + "columnIndex":null, + "direction":null + }, + "totalFunc":"sum" + }, + "title":"Caller IP [Filebeat Azure]", + "type":"table" + } + }, + "id":"6ece76d0-f0cc-11e9-90ec-112a988266d5", + "migrationVersion":{ + "visualization":"7.3.1" + }, + "references":[ + { + "id":"filebeat-*", + "name":"kibanaSavedObjectMeta.searchSourceJSON.index", + "type":"index-pattern" + } + ], + "type":"visualization", + "updated_at":"2019-10-18T09:09:36.555Z", + "version":"WzgwNjUsMV0=" + }, + { + "attributes":{ + "description":"", + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "query":{ + "language":"kuery", + "query":"" + } + } + }, + "title":"Authorization Activity User [Filebeat Azure]", + "uiStateJSON":{ + + }, + "version":1, + "visState":{ + "aggs":[ + + ], + "params":{ + "axis_formatter":"number", + "axis_position":"left", + "axis_scale":"normal", + "default_index_pattern":"metricbeat-*", + "default_timefield":"@timestamp", + "filter":{ + "language":"kuery", + "query":"event.dataset :\"azure.activitylogs\" and azure.activitylogs.operation_name : *LISTKEYS* " + }, + "id":"61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern":"filebeat-*", + "interval":"", + "isModelInvalid":false, + "series":[ + { + "axis_position":"right", + "chart_type":"line", + "color":"rgba(164,221,0,1)", + "fill":0.5, + "filter":{ + "language":"kuery", + "query":"event.outcome : \"Success\" " + }, + "formatter":"number", + "id":"61ca57f1-469d-11e7-af02-69e470af7417", + "label":"Success", + "line_width":1, + "metrics":[ + { + "id":"61ca57f2-469d-11e7-af02-69e470af7417", + "type":"count" + } + ], + "point_size":1, + "separate_axis":0, + "split_mode":"filter", + "stacked":"none", + "terms_field":"event.outcome" + }, + { + "axis_position":"right", + "chart_type":"line", + "color":"rgba(244,78,59,1)", + "fill":0.5, + "filter":{ + "language":"kuery", + "query":"event.outcome : \"Fail\" " + }, + "formatter":"number", + "id":"78e85470-f0cb-11e9-bf79-0db2fc8554f1", + "label":"Failure", + "line_width":1, + "metrics":[ + { + "id":"78e85471-f0cb-11e9-bf79-0db2fc8554f1", + "type":"count" + } + ], + "point_size":1, + "separate_axis":0, + "split_mode":"filter", + "stacked":"none" + } + ], + "show_grid":1, + "show_legend":0, + "time_field":"", + "type":"timeseries" + }, + "title":"Authorization Activity User [Filebeat Azure]", + "type":"metrics" + } + }, + "id":"0dd135c0-f0cc-11e9-90ec-112a988266d5", + "migrationVersion":{ + "visualization":"7.3.1" + }, + "references":[ + + ], + "type":"visualization", + "updated_at":"2019-10-17T11:33:16.437Z", + "version":"WzQ4OTksMV0=" + }, + { + "attributes":{ + "description":"", + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.index", + "query":{ + "language":"kuery", + "query":"" + } + } + }, + "title":"Top Resource Groups [Filebeat Azure]", + "uiStateJSON":{ + + }, + "version":1, + "visState":{ + "aggs":[ + { + "enabled":true, + "id":"1", + "params":{ + + }, + "schema":"metric", + "type":"count" + }, + { + "enabled":true, + "id":"2", + "params":{ + "customLabel":"Resource Groups", + "field":"azure.resource.group", + "missingBucket":false, + "missingBucketLabel":"Missing", + "order":"desc", + "orderBy":"1", + "otherBucket":false, + "otherBucketLabel":"Other", + "size":10 + }, + "schema":"segment", + "type":"terms" + } + ], + "params":{ + "addLegend":true, + "addTimeMarker":false, + "addTooltip":true, + "categoryAxes":[ + { + "id":"CategoryAxis-1", + "labels":{ + "filter":false, + "rotate":0, + "show":true, + "truncate":200 + }, + "position":"left", + "scale":{ + "type":"linear" + }, + "show":true, + "style":{ + + }, + "title":{ + + }, + "type":"category" + } + ], + "dimensions":{ + "x":{ + "accessor":0, + "aggType":"terms", + "format":{ + "id":"terms", + "params":{ + "id":"string", + "missingBucketLabel":"Missing", + "otherBucketLabel":"Other" + } + }, + "params":{ + + } + }, + "y":[ + { + "accessor":1, + "aggType":"count", + "format":{ + "id":"number" + }, + "params":{ + + } + } + ] + }, + "grid":{ + "categoryLines":false + }, + "labels":{ + + }, + "legendPosition":"right", + "seriesParams":[ + { + "data":{ + "id":"1", + "label":"Count" + }, + "drawLinesBetweenPoints":true, + "mode":"normal", + "show":true, + "showCircles":true, + "type":"histogram", + "valueAxis":"ValueAxis-1" + } + ], + "times":[ + + ], + "type":"histogram", + "valueAxes":[ + { + "id":"ValueAxis-1", + "labels":{ + "filter":true, + "rotate":75, + "show":true, + "truncate":100 + }, + "name":"LeftAxis-1", + "position":"bottom", + "scale":{ + "mode":"normal", + "type":"linear" + }, + "show":false, + "style":{ + + }, + "title":{ + "text":"Count" + }, + "type":"value" + } + ] + }, + "title":"Top Resource Groups [Filebeat Azure]", + "type":"horizontal_bar" + } + }, + "id":"71b62ca0-ec1a-11e9-90ec-112a988266d5", + "migrationVersion":{ + "visualization":"7.3.1" + }, + "references":[ + { + "id":"filebeat-*", + "name":"kibanaSavedObjectMeta.searchSourceJSON.index", + "type":"index-pattern" + } + ], + "type":"visualization", + "updated_at":"2019-10-17T14:50:09.427Z", + "version":"WzYxMTUsMV0=" + }, + { + "attributes":{ + "description":"", + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.index", + "query":{ + "language":"kuery", + "query":"event.dataset :\"azure.activitylogs\" " + } + } + }, + "title":"Resource Creations [Filebeat Azure]", + "uiStateJSON":{ + + }, + "version":1, + "visState":{ + "title":"Resource Creations [Filebeat Azure]", + "type":"horizontal_bar", + "params":{ + "addLegend":true, + "addTimeMarker":false, + "addTooltip":true, + "categoryAxes":[ + { + "id":"CategoryAxis-1", + "labels":{ + "filter":false, + "rotate":0, + "show":true, + "truncate":200 + }, + "position":"left", + "scale":{ + "type":"linear" + }, + "show":true, + "style":{ + + }, + "title":{ + + }, + "type":"category" + } + ], + "dimensions":{ + "series":[ + { + "accessor":1, + "aggType":"terms", + "format":{ + "id":"terms", + "params":{ + "id":"string", + "missingBucketLabel":"Missing", + "otherBucketLabel":"Other" + } + }, + "label":"Creations", + "params":{ + + } + } + ], + "x":{ + "accessor":0, + "aggType":"terms", + "format":{ + "id":"terms", + "params":{ + "id":"string", + "missingBucketLabel":"Missing", + "otherBucketLabel":"Other" + } + }, + "label":"Resource type", + "params":{ + + } + }, + "y":[ + { + "accessor":2, + "aggType":"count", + "format":{ + "id":"number" + }, + "label":"Count", + "params":{ + + } + } + ] + }, + "grid":{ + "categoryLines":false, + "valueAxis":"" + }, + "labels":{ + + }, + "legendPosition":"right", + "seriesParams":[ + { + "data":{ + "id":"1", + "label":"Count" + }, + "drawLinesBetweenPoints":true, + "lineWidth":2, + "mode":"stacked", + "show":true, + "showCircles":true, + "type":"histogram", + "valueAxis":"ValueAxis-1" + } + ], + "thresholdLine":{ + "color":"#E7664C", + "show":false, + "style":"full", + "value":10, + "width":1 + }, + "times":[ + + ], + "type":"histogram", + "valueAxes":[ + { + "id":"ValueAxis-1", + "labels":{ + "filter":true, + "rotate":75, + "show":true, + "truncate":100 + }, + "name":"LeftAxis-1", + "position":"bottom", + "scale":{ + "mode":"normal", + "type":"linear" + }, + "show":false, + "style":{ + + }, + "title":{ + "text":"Count" + }, + "type":"value" + } + ] + }, + "aggs":[ + { + "id":"1", + "enabled":true, + "type":"count", + "schema":"metric", + "params":{ + + } + }, + { + "id":"2", + "enabled":true, + "type":"terms", + "schema":"segment", + "params":{ + "field":"azure.resource.provider", + "orderBy":"1", + "order":"desc", + "size":15, + "otherBucket":false, + "otherBucketLabel":"Other", + "missingBucket":false, + "missingBucketLabel":"Missing", + "customLabel":"Resource type" + } + }, + { + "id":"4", + "enabled":true, + "type":"terms", + "schema":"group", + "params":{ + "field":"azure.activitylogs.identity.authorization.action", + "orderBy":"1", + "order":"desc", + "size":15, + "otherBucket":false, + "otherBucketLabel":"Other", + "missingBucket":false, + "missingBucketLabel":"Missing", + "include":".*write", + "customLabel":"Creations" + } + } + ] + } + }, + "id":"d91ce8d0-53e8-11ea-b1b7-7de801e1c297", + "migrationVersion":{ + "visualization":"7.3.1" + }, + "references":[ + { + "id":"filebeat-*", + "name":"kibanaSavedObjectMeta.searchSourceJSON.index", + "type":"index-pattern" + } + ], + "type":"visualization", + "updated_at":"2020-02-20T13:57:45.235Z", + "version":"WzU4OSwxXQ==" + }, + { + "attributes":{ + "description":"", + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.index", + "query":{ + "language":"kuery", + "query":"event.dataset :\"azure.activitylogs\" " + } + } + }, + "title":"Resource Deletions [Filebeat Azure]", + "uiStateJSON":{ + + }, + "version":1, + "visState":{ + "title":"Resource Deletions [Filebeat Azure]", + "type":"horizontal_bar", + "params":{ + "type":"histogram", + "grid":{ + "categoryLines":false + }, + "categoryAxes":[ + { + "id":"CategoryAxis-1", + "type":"category", + "position":"left", + "show":true, + "style":{ + + }, + "scale":{ + "type":"linear" + }, + "labels":{ + "show":true, + "rotate":0, + "filter":false, + "truncate":200 + }, + "title":{ + + } + } + ], + "valueAxes":[ + { + "id":"ValueAxis-1", + "name":"LeftAxis-1", + "type":"value", + "position":"bottom", + "show":true, + "style":{ + + }, + "scale":{ + "type":"linear", + "mode":"normal" + }, + "labels":{ + "show":false, + "rotate":75, + "filter":true, + "truncate":100 + }, + "title":{ + "text":"Count" + } + } + ], + "seriesParams":[ + { + "show":true, + "type":"histogram", + "mode":"normal", + "data":{ + "label":"Count", + "id":"1" + }, + "valueAxis":"ValueAxis-1", + "drawLinesBetweenPoints":true, + "lineWidth":2, + "showCircles":true + } + ], + "addTooltip":true, + "addLegend":true, + "legendPosition":"right", + "times":[ + + ], + "addTimeMarker":false, + "labels":{ + + }, + "thresholdLine":{ + "show":false, + "value":10, + "width":1, + "style":"full", + "color":"#E7664C" + }, + "dimensions":{ + "x":{ + "accessor":0, + "format":{ + "id":"terms", + "params":{ + "id":"string", + "otherBucketLabel":"Other", + "missingBucketLabel":"Missing" + } + }, + "params":{ + + }, + "label":"azure.resource.provider: Descending", + "aggType":"terms" + }, + "y":[ + { + "accessor":2, + "format":{ + "id":"number" + }, + "params":{ + + }, + "label":"Count", + "aggType":"count" + } + ], + "series":[ + { + "accessor":1, + "format":{ + "id":"terms", + "params":{ + "id":"string", + "otherBucketLabel":"Other", + "missingBucketLabel":"Missing" + } + }, + "params":{ + + }, + "label":"Deletions", + "aggType":"terms" + } + ] + } + }, + "aggs":[ + { + "id":"1", + "enabled":true, + "type":"count", + "schema":"metric", + "params":{ + + } + }, + { + "id":"2", + "enabled":true, + "type":"terms", + "schema":"segment", + "params":{ + "field":"azure.resource.provider", + "orderBy":"1", + "order":"desc", + "size":15, + "otherBucket":false, + "otherBucketLabel":"Other", + "missingBucket":false, + "missingBucketLabel":"Missing", + "customLabel":"Resource type" + } + }, + { + "id":"3", + "enabled":true, + "type":"terms", + "schema":"group", + "params":{ + "field":"azure.activitylogs.identity.authorization.action", + "orderBy":"1", + "order":"desc", + "size":15, + "otherBucket":false, + "otherBucketLabel":"Other", + "missingBucket":false, + "missingBucketLabel":"Missing", + "include":".*delete", + "customLabel":"Deletions" + } + } + ] + } + }, + "id":"6db84660-53e9-11ea-b1b7-7de801e1c297", + "migrationVersion":{ + "visualization":"7.3.1" + }, + "references":[ + { + "id":"filebeat-*", + "name":"kibanaSavedObjectMeta.searchSourceJSON.index", + "type":"index-pattern" + } + ], + "type":"visualization", + "updated_at":"2020-02-20T14:01:02.150Z", + "version":"WzU5MiwxXQ==" + }, + { + "attributes":{ + "description":"", + "kibanaSavedObjectMeta":{ + "searchSourceJSON":{ + "filter":[ + + ], + "indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.index", + "query":{ + "language":"kuery", + "query":"event.dataset :\"azure.activitylogs\" " + } + } + }, + "title":"Resource Type Breakdown [Filebeat Azure]", + "uiStateJSON":{ + + }, + "version":1, + "visState":{ + "aggs":[ + { + "enabled":true, + "id":"1", + "params":{ + + }, + "schema":"metric", + "type":"count" + }, + { + "enabled":true, + "id":"2", + "params":{ + "field":"azure.resource.provider", + "missingBucket":false, + "missingBucketLabel":"Missing", + "order":"desc", + "orderBy":"1", + "otherBucket":false, + "otherBucketLabel":"Other", + "size":10 + }, + "schema":"segment", + "type":"terms" + } + ], + "params":{ + "addLegend":true, + "addTooltip":true, + "dimensions":{ + "buckets":[ + { + "accessor":0, + "aggType":"terms", + "format":{ + "id":"terms", + "params":{ + "id":"string", + "missingBucketLabel":"Missing", + "otherBucketLabel":"Other" + } + }, + "params":{ + + } + } + ], + "metric":{ + "accessor":1, + "aggType":"count", + "format":{ + "id":"number" + }, + "params":{ + + } + } + }, + "isDonut":false, + "labels":{ + "last_level":true, + "show":false, + "truncate":100, + "values":true + }, + "legendPosition":"right", + "type":"pie" + }, + "title":"Resource Type Breakdown [Filebeat Azure]", + "type":"pie" + } + }, + "id":"9ed46680-f0ce-11e9-90ec-112a988266d5", + "migrationVersion":{ + "visualization":"7.3.1" + }, + "references":[ + { + "id":"filebeat-*", + "name":"kibanaSavedObjectMeta.searchSourceJSON.index", + "type":"index-pattern" + } + ], + "type":"visualization", + "updated_at":"2019-10-17T11:32:13.057Z", + "version":"WzQ4OTYsMV0=" + } + ], + "version":"7.4.0" +} diff --git a/filebeat/module/azure/activitylogs/_meta/fields.yml b/filebeat/module/azure/activitylogs/_meta/fields.yml new file mode 100644 index 00000000000..c562d987d24 --- /dev/null +++ b/filebeat/module/azure/activitylogs/_meta/fields.yml @@ -0,0 +1,110 @@ +- name: activitylogs + type: group + release: beta + description: > + Fields for Azure activity logs. + fields: + - name: identity + type: group + description: > + Identity + fields: + - name: claims_initiated_by_user + type: group + description: > + Claims initiated by user + fields: + - name: name + type: keyword + description: > + Name + - name: givenname + type: keyword + description: > + Givenname + - name: surname + type: keyword + description: > + Surname + - name: fullname + type: keyword + description: > + Fullname + - name: schema + type: keyword + description: > + Schema + - name: claims.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Claims + - name: authorization + type: group + description: > + Authorization + fields: + - name: scope + type: keyword + description: > + Scope + - name: action + type: keyword + description: > + Action + - name: evidence + type: group + description: > + Evidence + fields: + - name: role_assignment_scope + type: keyword + description: > + Role assignment scope + - name: role_definition_id + type: keyword + description: > + Role definition ID + - name: role + type: keyword + description: > + Role + - name: role_assignment_id + type: keyword + description: > + Role assignment ID + - name: principal_id + type: keyword + description: > + Principal ID + - name: principal_type + type: keyword + description: > + Principal type + - name: operation_name + type: keyword + description: > + Operation name + - name: result_signature + type: keyword + description: > + Result signature + - name: category + type: keyword + description: > + Category + - name: properties + type: group + description: > + Properties + fields: + - name: service_request_id + type: keyword + description: > + Service Request Id + - name: status_code + type: keyword + description: > + Status code + diff --git a/filebeat/module/azure/activitylogs/config/azure-eventhub.yml b/filebeat/module/azure/activitylogs/config/azure-eventhub.yml new file mode 100644 index 00000000000..9b747e1092d --- /dev/null +++ b/filebeat/module/azure/activitylogs/config/azure-eventhub.yml @@ -0,0 +1,7 @@ +type: azure-eventhub +connection_string: {{ .connection_string }} +eventhub: {{ .eventhub }} +consumer_group: {{ .consumer_group }} +storage_account: {{ .storage_account }} +storage_account_key: {{ .storage_account_key }} +resource_manager_endpoint: {{ .resource_manager_endpoint }} diff --git a/filebeat/module/azure/activitylogs/config/file.yml b/filebeat/module/azure/activitylogs/config/file.yml new file mode 100644 index 00000000000..8e366e70c17 --- /dev/null +++ b/filebeat/module/azure/activitylogs/config/file.yml @@ -0,0 +1,6 @@ +type: log +paths: + {{ range $i, $path := .paths }} +- {{$path}} + {{ end }} +exclude_files: [".gz$"] diff --git a/filebeat/module/azure/activitylogs/ingest/pipeline.json b/filebeat/module/azure/activitylogs/ingest/pipeline.json new file mode 100644 index 00000000000..cb6dbf66270 --- /dev/null +++ b/filebeat/module/azure/activitylogs/ingest/pipeline.json @@ -0,0 +1,249 @@ +{ + "description": "Pipeline for parsing azure activity logs.", + "processors": [ + { + "rename" : { + "field" : "azure", + "target_field" : "azure-eventhub", + "ignore_missing": true + } + }, + { + "script": { + "source": "ctx.message = ctx.message.replace(params.empty_field_name, '')", + "params": { + "empty_field_name": "\"\":\"\"," + }, + "ignore_failure": true + } + }, + { + "json" : { + "field" : "message", + "target_field" : "azure.activitylogs" + } + }, + { + "date": { + "field": "azure.activitylogs.time", + "target_field": "@timestamp", + "ignore_failure": true, + "formats": [ + "ISO8601" + ] + } + }, + { + "remove": { + "field": ["message", "azure.activitylogs.time"], + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.resourceId", + "target_field": "azure.resource_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.callerIpAddress", + "target_field": "source.ip", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.level", + "target_field": "log.level", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.durationMs", + "target_field": "event.duration", + "ignore_missing": true + } + }, + { + "script": { + "lang": "painless", + "source": "if (ctx.event.duration!= null) {ctx.event.duration = ctx.event.duration * params.param_nano;}", + "params": { + "param_nano": 1000000 + }, + "ignore_failure": true + } + }, + { + "rename": { + "field": "azure.activitylogs.location", + "target_field": "geo.name", + "ignore_missing": true + } + }, + { + "script": { + "lang": "painless", + "source": "if (ctx.azure.activitylogs.properties != null && ctx.azure.activitylogs.properties.eventCategory != null) {ctx.eventCategory = ctx.azure.activitylogs.properties.eventCategory} if (ctx.azure.activitylogs.properties != null && ctx.azure.activitylogs.properties.policies != null) { ctx.eventCategory = 'Policy'} if (ctx.eventCategory == null) {ctx.eventCategory='Administrative'}", + "ignore_failure": true + } + }, + { + "rename": { + "field": "eventCategory", + "target_field": "event.category", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.resultType", + "target_field": "event.outcome", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.operationName", + "target_field": "azure.activitylogs.operation_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.resultSignature", + "target_field": "azure.activitylogs.result_signature", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.identity.authorization.evidence.roleAssignmentScope", + "target_field": "azure.activitylogs.identity.authorization.evidence.role_assignment_scope", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.identity.authorization.evidence.roleDefinitionId", + "target_field": "azure.activitylogs.identity.authorization.evidence.role_definition_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.identity.authorization.evidence.roleAssignmentId", + "target_field": "azure.activitylogs.identity.authorization.evidence.role_assignment_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.identity.authorization.evidence.principalId", + "target_field": "azure.activitylogs.identity.authorization.evidence.principal_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.identity.authorization.evidence.principalType", + "target_field": "azure.activitylogs.identity.authorization.evidence.principal_type", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.correlationId", + "target_field": "azure.correlation_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.properties.serviceRequestId", + "target_field": "azure.activitylogs.properties.service_request_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.properties.statusMessage", + "target_field": "message", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.properties.statusCode", + "target_field": "azure.activitylogs.properties.status_code", + "ignore_missing": true + } + }, + { + "geoip" : { + "field" : "source.ip", + "target_field" : "geo", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.identity.claims.name", + "target_field": "azure.activitylogs.identity.claims_initiated_by_user.fullname", + "ignore_missing": true + } + }, + { + "script": { + "lang": "painless", + "source": "if (ctx.azure.activitylogs.identity.claims['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname'] != null) { ctx.azure.activitylogs.identity.claims_initiated_by_user.surname = ctx.azure.activitylogs.identity.claims['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname'];}", + "ignore_failure": true + } + }, + { + "script": { + "lang": "painless", + "source": "if (ctx.azure.activitylogs.identity.claims['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'] != null) { ctx.azure.activitylogs.identity.claims_initiated_by_user.name = ctx.azure.activitylogs.identity.claims['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'];}", + "ignore_failure": true + } + }, + { + "script": { + "lang": "painless", + "source": "if (ctx.azure.activitylogs.identity.claims['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname'] != null) { ctx.azure.activitylogs.identity.claims_initiated_by_user.givenname = ctx.azure.activitylogs.identity.claims['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname'];}", + "ignore_failure": true + } + }, + { + "set": { + "if" : "ctx.azure.activitylogs.identity!= null && ctx.azure.activitylogs.identity.claims_initiated_by_user != null && ctx.azure.activitylogs.identity.claims_initiated_by_user.name != null", + "field": "azure.activitylogs.identity.claims_initiated_by_user.schema", + "value": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims", + "ignore_failure": true + } + }, + { + "script": { + "lang": "painless", + "source": "if (ctx.azure.activitylogs.identity.claims != null) { ctx.temp_claims = new HashMap(); for (String key : ctx.azure.activitylogs.identity.claims.keySet()) { ctx.temp_claims[key.replace('.', '_')] = ctx.azure.activitylogs.identity.claims.get(key) ;}ctx.azure.activitylogs.identity.claims = ctx.temp_claims; ctx.remove('temp_claims');}", + "ignore_failure": true + } + }, + { + "pipeline": { + "name": "{< IngestPipeline "azure-shared-pipeline" >}" + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] +} diff --git a/filebeat/module/azure/activitylogs/manifest.yml b/filebeat/module/azure/activitylogs/manifest.yml new file mode 100644 index 00000000000..4d5c20a7271 --- /dev/null +++ b/filebeat/module/azure/activitylogs/manifest.yml @@ -0,0 +1,18 @@ +module_version: 1.0 + +var: + - name: input + default: azure-eventhub + - name: eventhub + default: "insights-operational-logs" + - name: consumer_group + default: "$Default" + - name: connection_string + - name: storage_account + - name: storage_account_key + - name: resource_manager_endpoint + +ingest_pipeline: + - ingest/pipeline.json + - ../azure-shared-pipeline.json +input: config/{{.input}}.yml diff --git a/filebeat/module/azure/activitylogs/test/activitylogs.log b/filebeat/module/azure/activitylogs/test/activitylogs.log new file mode 100644 index 00000000000..4b47c46d236 --- /dev/null +++ b/filebeat/module/azure/activitylogs/test/activitylogs.log @@ -0,0 +1 @@ +{"callerIpAddress":"51.251.141.41","category":"Action","correlationId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","durationMs":0,"identity":{"authorization":{"action":"Microsoft.EventHub/namespaces/authorizationRules/listKeys/action","evidence":{"principalId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","principalType":"ServicePrincipal","role":"Azure EventGrid Service BuiltIn Role","roleAssignmentId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","roleAssignmentScope":"/subscriptions/8a4de8b5-095c-47d0-a96f-a75130c61d53","roleDefinitionId":"8a4de8b5-095c-47d0-a96f-a75130c61d53"},"scope":"/subscriptions/8a4de8b5-095c-47d0-a96f-a75130c61d53/resourceGroups/sa-hem/providers/Microsoft.EventHub/namespaces/azurelsevents/authorizationRules/RootManageSharedAccessKey"},"claims":{"aio":"8a4de8b5-095c-47d0-a96f-a75130c61d53","appid":"8a4de8b5-095c-47d0-a96f-a75130c61d53","appidacr":"2","aud":"https://management.core.windows.net/","exp":"1571904826","http://schemas.microsoft.com/identity/claims/identityprovider":"https://sts.windows.net/8a4de8b5-095c-47d0-a96f-a75130c61d53/","http://schemas.microsoft.com/identity/claims/objectidentifier":"8a4de8b5-095c-47d0-a96f-a75130c61d53","http://schemas.microsoft.com/identity/claims/tenantid":"8a4de8b5-095c-47d0-a96f-a75130c61d53","http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier":"8a4de8b5-095c-47d0-a96f-a75130c61d53","iat":"1571875726","iss":"https://sts.windows.net/8a4de8b5-095c-47d0-a96f-a75130c61d53/","nbf":"1571875726","uti":"8a4de8b5-095c-47d0-a96f-a75130c61d53","ver":"1.0"}},"level":"Information","location":"global","operationName":"MICROSOFT.EVENTHUB/NAMESPACES/AUTHORIZATIONRULES/LISTKEYS/ACTION","resourceId":"/SUBSCRIPTIONS/8a4de8b5-095c-47d0-a96f-a75130c61d53/RESOURCEGROUPS/SA-HEMA/PROVIDERS/MICROSOFT.EVENTHUB/NAMESPACES/AZURELSEVENTS/AUTHORIZATIONRULES/ROOTMANAGESHAREDACCESSKEY","resultSignature":"Started.","resultType":"Start","time":"2019-10-24T00:13:46.3554259Z"} diff --git a/filebeat/module/azure/activitylogs/test/activitylogs.log-expected.json b/filebeat/module/azure/activitylogs/test/activitylogs.log-expected.json new file mode 100644 index 00000000000..51e34f7fd43 --- /dev/null +++ b/filebeat/module/azure/activitylogs/test/activitylogs.log-expected.json @@ -0,0 +1,53 @@ +[ + { + "@timestamp": "2019-10-24T00:13:46.355Z", + "azure.activitylogs.category": "Action", + "azure.activitylogs.identity.authorization.action": "Microsoft.EventHub/namespaces/authorizationRules/listKeys/action", + "azure.activitylogs.identity.authorization.evidence.principal_id": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "azure.activitylogs.identity.authorization.evidence.principal_type": "ServicePrincipal", + "azure.activitylogs.identity.authorization.evidence.role": "Azure EventGrid Service BuiltIn Role", + "azure.activitylogs.identity.authorization.evidence.role_assignment_id": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "azure.activitylogs.identity.authorization.evidence.role_assignment_scope": "/subscriptions/8a4de8b5-095c-47d0-a96f-a75130c61d53", + "azure.activitylogs.identity.authorization.evidence.role_definition_id": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "azure.activitylogs.identity.authorization.scope": "/subscriptions/8a4de8b5-095c-47d0-a96f-a75130c61d53/resourceGroups/sa-hem/providers/Microsoft.EventHub/namespaces/azurelsevents/authorizationRules/RootManageSharedAccessKey", + "azure.activitylogs.identity.claims.aio": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "azure.activitylogs.identity.claims.appid": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "azure.activitylogs.identity.claims.appidacr": "2", + "azure.activitylogs.identity.claims.aud": "https://management.core.windows.net/", + "azure.activitylogs.identity.claims.exp": "1571904826", + "azure.activitylogs.identity.claims.http://schemas_microsoft_com/identity/claims/identityprovider": "https://sts.windows.net/8a4de8b5-095c-47d0-a96f-a75130c61d53/", + "azure.activitylogs.identity.claims.http://schemas_microsoft_com/identity/claims/objectidentifier": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "azure.activitylogs.identity.claims.http://schemas_microsoft_com/identity/claims/tenantid": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "azure.activitylogs.identity.claims.http://schemas_xmlsoap_org/ws/2005/05/identity/claims/nameidentifier": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "azure.activitylogs.identity.claims.iat": "1571875726", + "azure.activitylogs.identity.claims.iss": "https://sts.windows.net/8a4de8b5-095c-47d0-a96f-a75130c61d53/", + "azure.activitylogs.identity.claims.nbf": "1571875726", + "azure.activitylogs.identity.claims.uti": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "azure.activitylogs.identity.claims.ver": "1.0", + "azure.activitylogs.operation_name": "MICROSOFT.EVENTHUB/NAMESPACES/AUTHORIZATIONRULES/LISTKEYS/ACTION", + "azure.activitylogs.result_signature": "Started.", + "azure.correlation_id": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "azure.resource.authorization_rule": "ROOTMANAGESHAREDACCESSKEY", + "azure.resource.group": "SA-HEMA", + "azure.resource.id": "/SUBSCRIPTIONS/8a4de8b5-095c-47d0-a96f-a75130c61d53/RESOURCEGROUPS/SA-HEMA/PROVIDERS/MICROSOFT.EVENTHUB/NAMESPACES/AZURELSEVENTS/AUTHORIZATIONRULES/ROOTMANAGESHAREDACCESSKEY", + "azure.resource.namespace": "AZURELSEVENTS", + "azure.resource.provider": "MICROSOFT.EVENTHUB", + "azure.subscription_id": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "cloud.provider": "azure", + "event.category": "Administrative", + "event.dataset": "azure.activitylogs", + "event.duration": 0.0, + "event.module": "azure", + "event.outcome": "Start", + "fileset.name": "activitylogs", + "geo.continent_name": "Europe", + "geo.country_iso_code": "GB", + "geo.location.lat": 51.4964, + "geo.location.lon": -0.1224, + "input.type": "log", + "log.level": "Information", + "log.offset": 0, + "service.type": "azure", + "source.ip": "51.251.141.41" + } +] \ No newline at end of file diff --git a/filebeat/module/azure/auditlogs/_meta/fields.yml b/filebeat/module/azure/auditlogs/_meta/fields.yml new file mode 100644 index 00000000000..d65ca163d47 --- /dev/null +++ b/filebeat/module/azure/auditlogs/_meta/fields.yml @@ -0,0 +1,162 @@ +- name: auditlogs + type: group + description: > + Fields for Azure audit logs. + fields: + - name: operation_name + type: keyword + description: > + The operation name + - name: operation_version + type: keyword + description: > + The operation version + - name: identity + type: keyword + description: > + Identity + - name: tenant_id + type: keyword + description: > + Tenant ID + - name: result_signature + type: keyword + description: > + Result signature + - name: properties + type: group + description: > + The audit log properties + fields: + - name: result + type: keyword + description: > + Log result + - name: activity_display_name + type: keyword + description: > + Activity display name + - name: result_reason + type: keyword + description: > + Reason for the log result + - name: correlation_id + type: keyword + description: > + Correlation ID + - name: logged_by_service + type: keyword + description: > + Logged by service + - name: operation_type + type: keyword + description: > + Operation type + - name: id + type: keyword + description: > + ID + - name: activity_datetime + type: date + description: > + Activity timestamp + - name: category + type: keyword + description: > + category + - name: target_resources.* + type: group + object_type_mapping_type: "*" + description: > + Target resources + fields: + - name: display_name + type: keyword + description: > + Display name + - name: id + type: keyword + description: > + ID + - name: type + type: keyword + description: > + Type + - name: ip_address + type: keyword + description: > + ip Address + - name: user_principal_name + type: keyword + description: > + User principal name + - name: modified_properties.* + type: group + object_type: keyword + object_type_mapping_type: "*" + description: > + Modified properties + fields: + - name: new_value + type: keyword + description: > + New value + - name: display_name + type: keyword + description: > + Display value + - name: old_value + type: keyword + description: > + Old value + - name: initiated_by + type: group + description: > + Information regarding the initiator + fields: + - name: app + type: group + description: > + App + fields: + - name: servicePrincipalName + type: keyword + description: > + Service principal name + - name: displayName + type: keyword + description: > + Display name + - name: appId + type: keyword + description: > + App ID + - name: servicePrincipalId + type: keyword + description: > + Service principal ID + - name: user + type: group + description: > + User + fields: + - name: userPrincipalName + type: keyword + description: > + User principal name + - name: displayName + type: keyword + description: > + Display name + - name: id + type: keyword + description: > + ID + - name: ipAddress + type: keyword + description: > + ip Address + + + + diff --git a/filebeat/module/azure/auditlogs/config/azure-eventhub.yml b/filebeat/module/azure/auditlogs/config/azure-eventhub.yml new file mode 100644 index 00000000000..3c2ea50cf8b --- /dev/null +++ b/filebeat/module/azure/auditlogs/config/azure-eventhub.yml @@ -0,0 +1,8 @@ +type: azure-eventhub +connection_string: {{ .connection_string }} +eventhub: {{ .eventhub }} +consumer_group: {{ .consumer_group }} +storage_account: {{ .storage_account }} +storage_account_key: {{ .storage_account_key }} +resource_manager_endpoint: {{ .resource_manager_endpoint }} + diff --git a/filebeat/module/azure/auditlogs/config/file.yml b/filebeat/module/azure/auditlogs/config/file.yml new file mode 100644 index 00000000000..8e366e70c17 --- /dev/null +++ b/filebeat/module/azure/auditlogs/config/file.yml @@ -0,0 +1,6 @@ +type: log +paths: + {{ range $i, $path := .paths }} +- {{$path}} + {{ end }} +exclude_files: [".gz$"] diff --git a/filebeat/module/azure/auditlogs/ingest/pipeline.json b/filebeat/module/azure/auditlogs/ingest/pipeline.json new file mode 100644 index 00000000000..c8908d45bc2 --- /dev/null +++ b/filebeat/module/azure/auditlogs/ingest/pipeline.json @@ -0,0 +1,194 @@ +{ + "description": "Pipeline for parsing azure activity logs.", + "processors": [ + { + "rename" : { + "field" : "azure", + "target_field" : "azure-eventhub", + "ignore_missing": true + } + }, + { + "json" : { + "field" : "message", + "target_field" : "azure.auditlogs" + } + }, + { + "drop": { + "if" : "ctx.azure.auditlogs.category != 'AuditLogs'" + } + }, + { + "date": { + "field": "azure.auditlogs.time", + "target_field": "@timestamp", + "ignore_failure": true, + "formats": [ + "ISO8601" + ] + } + }, + { + "rename": { + "field": "azure.auditlogs.resourceId", + "target_field": "azure.resource_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.durationMs", + "target_field": "event.duration", + "ignore_missing": true + } + }, + { + "script": { + "lang": "painless", + "source": "ctx.event.duration = ctx.event.duration * params.param_nano", + "params": { + "param_nano": 1000000 + } + } + }, + { + "rename": { + "field": "azure.auditlogs.properties.result", + "target_field": "event.outcome", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.level", + "target_field": "log.level", + "ignore_missing": true + } + }, + { + "remove": { + "field": ["message", "azure.auditlogs.time"], + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.category", + "target_field": "event.category", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.operationName", + "target_field": "azure.auditlogs.operation_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.resultSignature", + "target_field": "azure.auditlogs.result_signature", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.operationVersion", + "target_field": "azure.auditlogs.operation_version", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.tenantId", + "target_field": "azure.tenant_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.correlationId", + "target_field": "azure.correlation_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.properties.activityDisplayName", + "target_field": "azure.auditlogs.properties.activity_display_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.properties.activityDateTime", + "target_field": "azure.auditlogs.properties.activity_datetime", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.properties.additionalDetails", + "target_field": "azure.auditlogs.properties.additional_details", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.properties.resultReason", + "target_field": "azure.auditlogs.properties.result_reason", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.properties.correlationId", + "target_field": "azure.auditlogs.properties.correlation_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.properties.loggedByService", + "target_field": "azure.auditlogs.properties.logged_by_service", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.properties.operationType", + "target_field": "azure.auditlogs.properties.operation_type", + "ignore_missing": true + } + }, + { + "script": { + "lang": "painless", + "source": "if (ctx.azure.auditlogs.properties.targetResources != null) {ctx.azure.auditlogs.properties.target_resources = new HashMap(); for (def i = 0; i < ctx.azure.auditlogs.properties.targetResources.length; i++) { String index = String.valueOf(i); ctx.azure.auditlogs.properties.target_resources[index]= new HashMap(); if(ctx.azure.auditlogs.properties.targetResources[i].displayName!= null) {ctx.azure.auditlogs.properties.target_resources[index].display_name=ctx.azure.auditlogs.properties.targetResources[i].displayName;}ctx.azure.auditlogs.properties.target_resources[index].id=ctx.azure.auditlogs.properties.targetResources[i].id;ctx.azure.auditlogs.properties.target_resources[index].type=ctx.azure.auditlogs.properties.targetResources[i].type; if(ctx.azure.auditlogs.properties.targetResources[i].ipAddress!= null) {ctx.azure.auditlogs.properties.target_resources[index].ip_address=ctx.azure.auditlogs.properties.targetResources[i].ipAddress;} if (ctx.azure.auditlogs.properties.targetResources[i].userPrincipalName!=null) {ctx.azure.auditlogs.properties.target_resources[index].user_principal_name=ctx.azure.auditlogs.properties.targetResources[i].userPrincipalName;}ctx.azure.auditlogs.properties.target_resources[index].modified_properties= new HashMap(); for (def j = 0; j < ctx.azure.auditlogs.properties.targetResources[i].modifiedProperties.length; j++) { String n = String.valueOf(j);ctx.azure.auditlogs.properties.target_resources[index].modified_properties[n]= new HashMap();ctx.azure.auditlogs.properties.target_resources[index].modified_properties[n].display_name=ctx.azure.auditlogs.properties.targetResources[i].modifiedProperties[j].displayName;ctx.azure.auditlogs.properties.target_resources[index].modified_properties[n].new_value=ctx.azure.auditlogs.properties.targetResources[i].modifiedProperties[j].newValue;ctx.azure.auditlogs.properties.target_resources[index].modified_properties[n].old_value=ctx.azure.auditlogs.properties.targetResources[i].modifiedProperties[j].oldValue; }} ctx.azure.auditlogs.properties.remove('targetResources');}", + "ignore_failure": true + } + }, + { + "rename": { + "field": "azure.auditlogs.properties.initiatedBy", + "target_field": "azure.auditlogs.properties.initiated_by", + "ignore_missing": true + } + }, + { + "pipeline": { + "name": "{< IngestPipeline "azure-shared-pipeline" >}" + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] +} diff --git a/filebeat/module/azure/auditlogs/manifest.yml b/filebeat/module/azure/auditlogs/manifest.yml new file mode 100644 index 00000000000..095371bff16 --- /dev/null +++ b/filebeat/module/azure/auditlogs/manifest.yml @@ -0,0 +1,18 @@ +module_version: 1.0 + +var: + - name: input + default: azure-eventhub + - name: eventhub + default: "insights-logs-auditlogs" + - name: consumer_group + default: "$Default" + - name: connection_string + - name: storage_account + - name: storage_account_key + - name: resource_manager_endpoint + +ingest_pipeline: + - ingest/pipeline.json + - ../azure-shared-pipeline.json +input: config/{{.input}}.yml diff --git a/filebeat/module/azure/auditlogs/test/auditlogs.log b/filebeat/module/azure/auditlogs/test/auditlogs.log new file mode 100644 index 00000000000..4b019ff3eae --- /dev/null +++ b/filebeat/module/azure/auditlogs/test/auditlogs.log @@ -0,0 +1 @@ +{"category":"AuditLogs","correlationId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","durationMs":0,"identity":"Device Registration Service","level":"Informational","operationName":"Update device","operationVersion":"1.0","properties":{"activityDateTime":"2019-10-18T15:30:51.0273716+00:00","activityDisplayName":"Update device","category":"Device","correlationId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","id":"Directory_ESQ","initiatedBy":{"app":{"appId":null,"displayName":"Device Registration Service","servicePrincipalId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","servicePrincipalName":null}},"loggedByService":"Core Directory","operationType":"Update","result":"success","resultReason":"","targetResources":[{"displayName":"LAPTOP-12","id":"8a4de8b5-095c-47d0-a96f-a75130c61d53","modifiedProperties":[{"displayName":"Included Updated Properties","newValue":"\"\"","oldValue":null}],"type":"Device"}]},"resourceId":"/tenants/8a4de8b5-095c-47d0-a96f-a75130c61d53/providers/Microsoft.aadiam","resultSignature":"None","tenantId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","time":"2019-10-18T15:30:51.0273716Z"} diff --git a/filebeat/module/azure/auditlogs/test/auditlogs.log-expected.json b/filebeat/module/azure/auditlogs/test/auditlogs.log-expected.json new file mode 100644 index 00000000000..b1d6a668be6 --- /dev/null +++ b/filebeat/module/azure/auditlogs/test/auditlogs.log-expected.json @@ -0,0 +1,42 @@ +[ + { + "@timestamp": "2019-10-18T15:30:51.027Z", + "azure.auditlogs.identity": "Device Registration Service", + "azure.auditlogs.operation_name": "Update device", + "azure.auditlogs.operation_version": "1.0", + "azure.auditlogs.properties.activity_datetime": "2019-10-18T15:30:51.0273716+00:00", + "azure.auditlogs.properties.activity_display_name": "Update device", + "azure.auditlogs.properties.category": "Device", + "azure.auditlogs.properties.correlation_id": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "azure.auditlogs.properties.id": "Directory_ESQ", + "azure.auditlogs.properties.initiated_by.app.appId": null, + "azure.auditlogs.properties.initiated_by.app.displayName": "Device Registration Service", + "azure.auditlogs.properties.initiated_by.app.servicePrincipalId": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "azure.auditlogs.properties.initiated_by.app.servicePrincipalName": null, + "azure.auditlogs.properties.logged_by_service": "Core Directory", + "azure.auditlogs.properties.operation_type": "Update", + "azure.auditlogs.properties.result_reason": "", + "azure.auditlogs.properties.target_resources.0.display_name": "LAPTOP-12", + "azure.auditlogs.properties.target_resources.0.id": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "azure.auditlogs.properties.target_resources.0.modified_properties.0.display_name": "Included Updated Properties", + "azure.auditlogs.properties.target_resources.0.modified_properties.0.new_value": "\"\"", + "azure.auditlogs.properties.target_resources.0.modified_properties.0.old_value": null, + "azure.auditlogs.properties.target_resources.0.type": "Device", + "azure.auditlogs.result_signature": "None", + "azure.correlation_id": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "azure.resource.id": "/tenants/8a4de8b5-095c-47d0-a96f-a75130c61d53/providers/Microsoft.aadiam", + "azure.resource.provider": "Microsoft.aadiam", + "azure.tenant_id": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "cloud.provider": "azure", + "event.category": "AuditLogs", + "event.dataset": "azure.auditlogs", + "event.duration": 0.0, + "event.module": "azure", + "event.outcome": "Success", + "fileset.name": "auditlogs", + "input.type": "log", + "log.level": "Informational", + "log.offset": 0, + "service.type": "azure" + } +] \ No newline at end of file diff --git a/filebeat/module/azure/azure-shared-pipeline.json b/filebeat/module/azure/azure-shared-pipeline.json new file mode 100644 index 00000000000..9bfad9cf1bb --- /dev/null +++ b/filebeat/module/azure/azure-shared-pipeline.json @@ -0,0 +1,69 @@ +{ + "description": "Pipeline for parsing azure activity logs.", + "processors": [ + { + "set": { + "field": "cloud.provider", + "value": "azure" + } + }, + { + "grok": { + "field": "azure.resource_id", + "patterns": ["/SUBSCRIPTIONS/%{SUBID:azure.subscription_id}/RESOURCEGROUPS/%{GROUPID:azure.resource.group}/PROVIDERS/%{PROVIDERNAME:azure.resource.provider}/NAMESPACES/%{NAMESPACE:azure.resource.namespace}/AUTHORIZATIONRULES/%{RULE:azure.resource.authorization_rule}"], + "pattern_definitions" : { + "SUBID" : "(\\{){0,1}[0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}(\\}){0,1}", + "GROUPID" : ".+", + "PROVIDERNAME" : ".+", + "NAMESPACE": ".+", + "RULE": ".+" + }, + "ignore_failure": true + } + }, + { + "grok": { + "field": "azure.resource_id", + "patterns": ["/SUBSCRIPTIONS/%{SUBID:azure.subscription_id}/RESOURCEGROUPS/%{GROUPID:azure.resource.group}/PROVIDERS/%{PROVIDERNAME:azure.resource.provider}/%{NAME:azure.resource.name}"], + "pattern_definitions" : { + "SUBID" : "(\\{){0,1}[0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}(\\}){0,1}", + "GROUPID" : ".+", + "PROVIDERNAME" : "([A-Z])\\w+.([A-Z])\\w+/([A-Z])\\w+.", + "NAME": "((?!AUTHORIZATIONRULES).)*$" + }, + "ignore_failure": true + } + }, + { + "grok": { + "field": "azure.resource_id", + "patterns": ["/providers/%{PROVIDER:azure.resource.provider}"], + "pattern_definitions" : { + "PROVIDER" : ".+" + }, + "ignore_failure": true + } + }, + { + "rename": { + "field": "azure.resource_id", + "target_field": "azure.resource.id", + "ignore_missing": true + } + }, + { + "script": { + "source": "if (ctx.event.outcome !=null) {ctx.event.outcome = ctx.event.outcome.substring(0,1).toUpperCase() + ctx.event.outcome.substring(1,ctx.event.outcome.length()).toLowerCase();}", + "ignore_failure": true + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] +} diff --git a/filebeat/module/azure/fields.go b/filebeat/module/azure/fields.go new file mode 100644 index 00000000000..9fb6f2799cb --- /dev/null +++ b/filebeat/module/azure/fields.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package azure + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "azure", asset.ModuleFieldsPri, AssetAzure); err != nil { + panic(err) + } +} + +// AssetAzure returns asset data. +// This is the base64 encoded gzipped contents of module/azure. +func AssetAzure() string { + return "eJzsW09v27gTvedTDHIs0P7uOfwAb9ouAmybIk3PAiONFW5kkUtSDtxPvyBl/ScpOqbkLnZ9aiPnvSdyZjh8ZN7DCx5ugPysBF4BKKoKvIHrjf7/9RWAwAKJxBt4QkWuADKUqaBcUVbewP+vAADMd+ELy6pCQ2wpFpm8MY/eQ0l22MHrjzpwvIFcsIoff2LBHML0oWT11H47oVn7vAF+wcMrE/2fW+HrTy29Dwl3HyeUKRMCCxKF8bbDslEpLEmpzmapYWwEAiWrRIoT/P6EzKA/TDHGs9WnHLyM74VmaPvU/Vfrc43fIhbdFLdh5ILtaYZiAVKN8T/NIjkZjHbHbn+6Kn085q9jtLZ8VOqZCfqzTkFR15lIpJs+NgywW/pU0T1Vh4LlcjZvxgUzQMZnkzywZeJYkBpC0IwfgtMMS0XVwTo0tryYGZg7O55NQl9GWhC6kwktqaJEYZY8HZJKTvLDLy1Anv7cGi5oueDpAA4ul2zwR/NQqj3AThAMtigfy8jpHst1tPzupeqWXLGOnO8eokbMtiqKddR89jG1Y5M+446sMDR2nmHWfXjnzDL29CemyvK4fpDMSe19LdkRzmmZH3/n+t31OdnrfKVB0V+iemxmCEJKhkwZXyMxnDT9Ncr6FpGVbNw8jRTU/VA5aUmGYlzzdoKUT34e3/T15QpWYEKkpHm5w1IlvimFwME84S3054EVCJ0Eb1SNhGe4NcvfeGuyluqOf9ySuySvL/LkELjISPbmP2AkuaBlSjkpVhf7rWE+TaZWcimhE+5GHuMo6k1F3J3MfYM77Sl7G/GqUImec6I6dyQC+YNBBjty2zAQhTkT9t3Cm2hvbYi9XTJHoSiO1/s3b0++uRDnNigSxZ6mmAj8q0LpSPa5cAwIw+81DzzUPHA3xWklKaIqmaQss6VIDC2GAAYE021ulVEVtMc9aS+rUU/ayC6VlI/P2GG7E7Oj36OQ02YnmgIbfNBm/k3c1u28z3Y8910nFiT8OtUvfjnSU9uGuht/rjjV47JMEfiD5S78sdOVZFTyghxsGRhJzabxuI5UdvdlFC8CifRsBs8S9GCwTeVSz2imcWa0nOcCEVU5zgvGUgqW57XXdlzeFguhvLbZXDTTKupo/CKo6bosK4fz/CESvWc6ujwiChX15JD+wpkJpPGlIrvpdnqm2Ys0Dk70dnUhIkedvPXBgs+mctkCC9hPj0ZVeyA2NaLCHKCZSglx7ZePvmIJc0EfWYxj/9dOu3vHF1HEo4ulHQmekCwTKG0zHFkMUA4bD1mjqZIokm5vvE7s/JAoug35fAjtWEa3FLOk62asmQtBpl6gzwxvSPYTxuDL8Z3cHVrzCbUPS3xN9qSoVjY3vuIr+GlPKFALaWyKVZhOVmSXGMj7InMIbAtI7yjz5IUrpI8ot0zsjufPmBOR0TI3PeiRmb31QJNwVzZGM+E3TorQBDp2kq1b5zwf7SuPGgKNUxNQG2GaWOvrnW0CYBgDFudpUX0bzkO84fHEry1zOu0zDY3jagHEzKcfbo7QhNIyL5hNoW0G/ONSae2TloAcotzXbi6mzNLmhvyjzXyal7SMbjVr2Pe0/M9stijwmc3/Nvf3SN+Dii7AhX0hf38Zv7tO4/MM7wuYc6lA080Tt8/+dlfutgY3CGB1/gYewPI+u1mOgzz2X8jODvNHYo3OTLMyELXUwBghPkeZ88W4Hf16n3qF8yDOw8LU6+fFqBwcXPjdbUuKpUr0wFQSl0oVQ6JHH6wkXdqWmbmARYqEpClKmdT3CZbK4JYOajpw0LU9jqA51eqWvnFxfyQC0Vy5cAc1lQktFQpzUrNQSN9J8HG07Rd7wTKhUlYoFkywR00DNY0/wwaClju+GwjynuBxwXSgGR+Y7jCx3BpuFG0LZl3XA/R8a1nMwg20hB0tCipRp5g7vgWVL0mGitBimYF6oPIFHAQDEQXusUhIngvMdReyoBxDBR4qi7CsEnoK67ZxcW01m2lS76ZsA3m6gC0U5EaQHX/8J3krLLLt33YFrbQzy8gZlvd3F3KIq41CMOG6LAdxz8w+aS6wcrXeFZrrhDMF4FKDdVS3xnHwR0M1Z6IeLQldBw5S4W55XfcNI3gYG3lPgr3O2bxRVP3mIfrF7xYoUUnlu9Ad83hfc/m7g+ZC78yV+GjXaNtHV38HAAD//3MzpKM=" +} diff --git a/filebeat/module/azure/module.yml b/filebeat/module/azure/module.yml new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/filebeat/module/azure/module.yml @@ -0,0 +1 @@ + diff --git a/filebeat/module/azure/signinlogs/_meta/fields.yml b/filebeat/module/azure/signinlogs/_meta/fields.yml new file mode 100644 index 00000000000..25f1b30d121 --- /dev/null +++ b/filebeat/module/azure/signinlogs/_meta/fields.yml @@ -0,0 +1,157 @@ +- name: signinlogs + type: group + description: > + Fields for Azure sign-in logs. + fields: + - name: operation_name + type: keyword + description: > + The operation name + - name: operation_version + type: keyword + description: > + The operation version + - name: tenant_id + type: keyword + description: > + Tenant ID + - name: result_signature + type: keyword + description: > + Result signature + - name: result_description + type: keyword + description: > + Result description + - name: identity + type: keyword + description: > + Identity + - name: properties + type: group + description: > + The signin log properties + fields: + - name: id + type: keyword + description: > + ID + - name: created_at + type: date + description: > + Created date time + - name: user_display_name + type: keyword + description: > + User display name + - name: correlation_id + type: keyword + description: > + Correlation ID + - name: user_principal_name + type: keyword + description: > + User principal name + - name: user_id + type: keyword + description: > + User ID + - name: app_id + type: keyword + description: > + App ID + - name: app_display_name + type: keyword + description: > + App display name + - name: ip_address + type: keyword + description: > + Ip address + - name: client_app_used + type: keyword + description: > + Client app used + - name: conditional_access_status + type: keyword + description: > + Conditional access status + - name: original_request_id + type: keyword + description: > + Original request ID + - name: is_interactive + type: keyword + description: > + Is interactive + - name: token_issuer_name + type: keyword + description: > + Token issuer name + - name: token_issuer_type + type: keyword + description: > + Token issuer type + - name: processing_time_ms + type: float + description: > + Processing time in milliseconds + - name: risk_detail + type: keyword + description: > + Risk detail + - name: risk_level_aggregated + type: keyword + description: > + Risk level aggregated + - name: risk_level_during_signin + type: keyword + description: > + Risk level during signIn + - name: risk_state + type: keyword + description: > + Risk state + - name: resource_display_name + type: keyword + description: > + Resource display name + - name: status + type: group + description: > + Status + fields: + - name: error_code + type: keyword + description: > + Error code + - name: device_detail + type: group + description: > + Status + fields: + - name: device_id + type: keyword + description: > + Device ID + - name: operating_system + type: keyword + description: > + Operating system + - name: browser + type: keyword + description: > + Browser + - name: display_name + type: keyword + description: > + Display name + - name: trust_type + type: keyword + description: > + Trust type + - name: service_principal_id + type: keyword + description: > + Status + diff --git a/filebeat/module/azure/signinlogs/config/azure-eventhub.yml b/filebeat/module/azure/signinlogs/config/azure-eventhub.yml new file mode 100644 index 00000000000..9b747e1092d --- /dev/null +++ b/filebeat/module/azure/signinlogs/config/azure-eventhub.yml @@ -0,0 +1,7 @@ +type: azure-eventhub +connection_string: {{ .connection_string }} +eventhub: {{ .eventhub }} +consumer_group: {{ .consumer_group }} +storage_account: {{ .storage_account }} +storage_account_key: {{ .storage_account_key }} +resource_manager_endpoint: {{ .resource_manager_endpoint }} diff --git a/filebeat/module/azure/signinlogs/config/file.yml b/filebeat/module/azure/signinlogs/config/file.yml new file mode 100644 index 00000000000..8e366e70c17 --- /dev/null +++ b/filebeat/module/azure/signinlogs/config/file.yml @@ -0,0 +1,6 @@ +type: log +paths: + {{ range $i, $path := .paths }} +- {{$path}} + {{ end }} +exclude_files: [".gz$"] diff --git a/filebeat/module/azure/signinlogs/ingest/pipeline.json b/filebeat/module/azure/signinlogs/ingest/pipeline.json new file mode 100644 index 00000000000..f802bf2e4bc --- /dev/null +++ b/filebeat/module/azure/signinlogs/ingest/pipeline.json @@ -0,0 +1,431 @@ +{ + "description": "Pipeline for parsing azure signin logs.", + "processors": [ + { + "rename" : { + "field" : "azure", + "target_field" : "azure-eventhub", + "ignore_missing": true + } + }, + { + "json" : { + "field" : "message", + "target_field" : "azure.signinlogs" + } + }, + { + "drop": { + "if" : "ctx.azure.signinlogs.category != 'SignInLogs'" + } + }, + { + "date": { + "field": "azure.signinlogs.time", + "target_field": "@timestamp", + "ignore_failure": false, + "formats": [ + "ISO8601" + ] + } + }, + { + "remove": { + "field": ["message", "azure.signinlogs.time"], + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.resourceId", + "target_field": "azure.resource_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.callerIpAddress", + "target_field": "source.ip", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.Level", + "target_field": "log.level", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.durationMs", + "target_field": "event.duration", + "ignore_missing": true + } + }, + { + "script": { + "lang": "painless", + "source": "ctx.event.duration = ctx.event.duration * params.param_nano", + "params": { + "param_nano": 1000000 + } + } + }, + { + "rename": { + "field": "azure.signinlogs.location", + "target_field": "geo.country_iso_code", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.resultType", + "target_field": "event.outcome", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.category", + "target_field": "event.category", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.operationName", + "target_field": "azure.signinlogs.operation_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.resultSignature", + "target_field": "azure.signinlogs.result_signature", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.resultDescription", + "target_field": "azure.signinlogs.result_description", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.operationVersion", + "target_field": "azure.signinlogs.operation_version", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.tenantId", + "target_field": "azure.tenant_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.correlationId", + "target_field": "azure.correlation_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.networkLocationDetails", + "target_field": "azure.signinlogs.properties.network_location_details", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.resourceId", + "target_field": "azure.signinlogs.properties.resource_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.appliedConditionalAccessPolicies", + "target_field": "azure.signinlogs.properties.applied_conditional_access_policies", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.authenticationDetails", + "target_field": "azure.signinlogs.properties.authentication_details", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.authenticationRequirementPolicies", + "target_field": "azure.signinlogs.properties.authentication_requirement_policies", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.authenticationProcessingDetails", + "target_field": "azure.signinlogs.properties.authentication_processing_details", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.deviceDetail", + "target_field": "azure.signinlogs.properties.device_detail", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.device_detail.deviceId", + "target_field": "azure.signinlogs.properties.device_detail.device_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.device_detail.operatingSystem", + "target_field": "azure.signinlogs.properties.device_detail.operating_system", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.device_detail.displayName", + "target_field": "azure.signinlogs.properties.device_detail.display_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.device_detail.trustType", + "target_field": "azure.signinlogs.properties.device_detail.trust_type", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.createdDateTime", + "target_field": "azure.signinlogs.properties.created_at", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.userDisplayName", + "target_field": "azure.signinlogs.properties.user_display_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.correlationId", + "target_field": "azure.signinlogs.properties.correlation_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.userPrincipalName", + "target_field": "azure.signinlogs.properties.user_principal_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.userId", + "target_field": "azure.signinlogs.properties.user_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.appId", + "target_field": "azure.signinlogs.properties.app_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.appDisplayName", + "target_field": "azure.signinlogs.properties.app_display_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.ipAddress", + "target_field": "azure.signinlogs.properties.ip_address", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.clientAppUsed", + "target_field": "azure.signinlogs.properties.client_app_used", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.conditionalAccessStatus", + "target_field": "azure.signinlogs.properties.conditional_access_status", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.originalRequestId", + "target_field": "azure.signinlogs.properties.original_request_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.isInteractive", + "target_field": "azure.signinlogs.properties.is_interactive", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.tokenIssuerName", + "target_field": "azure.signinlogs.properties.token_issuer_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.tokenIssuerType", + "target_field": "azure.signinlogs.properties.token_issuer_type", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.processingTimeInMilliseconds", + "target_field": "azure.signinlogs.properties.processing_time_ms", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.riskDetail", + "target_field": "azure.signinlogs.properties.risk_detail", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.riskLevelAggregated", + "target_field": "azure.signinlogs.properties.risk_level_aggregated", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.riskLevelDuringSignIn", + "target_field": "azure.signinlogs.properties.risk_level_during_signin", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.riskState", + "target_field": "azure.signinlogs.properties.risk_state", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.resourceDisplayName", + "target_field": "azure.signinlogs.properties.resource_display_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.status.errorCode", + "target_field": "azure.signinlogs.properties.status.error_code", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.status.failureReason", + "target_field": "message", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.status.additionalDetails", + "target_field": "message", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.location.city", + "target_field": "geo.city_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.location.state", + "target_field": "geo.country_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.location.geoCoordinates.latitude", + "target_field": "geo.location.lat", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.location.geoCoordinates.longitude", + "target_field": "geo.location.lon", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.servicePrincipalId", + "target_field": "azure.signinlogs.properties.service_principal_id", + "ignore_missing": true + } + }, + { + "remove": { + "field": ["azure.signinlogs.properties.location"], + "ignore_missing": true + } + }, + { + "pipeline": { + "name": "{< IngestPipeline "azure-shared-pipeline" >}" + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] +} diff --git a/filebeat/module/azure/signinlogs/manifest.yml b/filebeat/module/azure/signinlogs/manifest.yml new file mode 100644 index 00000000000..97fddae51e9 --- /dev/null +++ b/filebeat/module/azure/signinlogs/manifest.yml @@ -0,0 +1,18 @@ +module_version: 1.0 + +var: + - name: input + default: azure-eventhub + - name: eventhub + default: "insights-logs-signinlogs" + - name: consumer_group + default: "$Default" + - name: connection_string + - name: storage_account + - name: storage_account_key + - name: resource_manager_endpoint + +ingest_pipeline: + - ingest/pipeline.json + - ../azure-shared-pipeline.json +input: config/{{.input}}.yml diff --git a/filebeat/module/azure/signinlogs/test/signinlogs.log b/filebeat/module/azure/signinlogs/test/signinlogs.log new file mode 100644 index 00000000000..387bda6f369 --- /dev/null +++ b/filebeat/module/azure/signinlogs/test/signinlogs.log @@ -0,0 +1 @@ +{"Level":4,"callerIpAddress":"81.171.241.231","category":"SignInLogs","correlationId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","durationMs":0,"identity":"Test LTest","location":"FR","operationName":"Sign-in activity","operationVersion":"1.0","properties":{"appDisplayName":"Office 365","appId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","clientAppUsed":"Browser","conditionalAccessStatus":"notApplied","correlationId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","createdDateTime":"2019-10-18T04:45:48.0729893-05:00","deviceDetail":{"browser":"Chrome 77.0.3865","deviceId":"","operatingSystem":"MacOs"},"id":"8a4de8b5-095c-47d0-a96f-a75130c61d53","ipAddress":"81.171.241.231","isInteractive":false,"location":{"city":"Champs-Sur-Marne","countryOrRegion":"FR","geoCoordinates":{"latitude":48.12341234,"longitude":2.12341234},"state":"Seine-Et-Marne"},"originalRequestId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","processingTimeInMilliseconds":239,"riskDetail":"none","riskLevelAggregated":"none","riskLevelDuringSignIn":"none","riskState":"none","servicePrincipalId":"","status":{"errorCode":50140,"failureReason":"This error occurred due to 'Keep me signed in' interrupt when the user was signing-in."},"tokenIssuerName":"","tokenIssuerType":"AzureAD","userDisplayName":"Test LTest","userId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","userPrincipalName":"test@elastic.co"},"resourceId":"/tenants/8a4de8b5-095c-47d0-a96f-a75130c61d53/providers/Microsoft.aadiam","resultDescription":"This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.","resultSignature":"None","resultType":"50140","tenantId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","time":"2019-10-18T09:45:48.0729893Z"} diff --git a/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json b/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json new file mode 100644 index 00000000000..6c9aea80c36 --- /dev/null +++ b/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json @@ -0,0 +1,57 @@ +[ + { + "@timestamp": "2019-10-18T09:45:48.072Z", + "azure.correlation_id": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "azure.resource.id": "/tenants/8a4de8b5-095c-47d0-a96f-a75130c61d53/providers/Microsoft.aadiam", + "azure.resource.provider": "Microsoft.aadiam", + "azure.signinlogs.identity": "Test LTest", + "azure.signinlogs.operation_name": "Sign-in activity", + "azure.signinlogs.operation_version": "1.0", + "azure.signinlogs.properties.app_display_name": "Office 365", + "azure.signinlogs.properties.app_id": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "azure.signinlogs.properties.client_app_used": "Browser", + "azure.signinlogs.properties.conditional_access_status": "notApplied", + "azure.signinlogs.properties.correlation_id": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "azure.signinlogs.properties.created_at": "2019-10-18T04:45:48.0729893-05:00", + "azure.signinlogs.properties.device_detail.browser": "Chrome 77.0.3865", + "azure.signinlogs.properties.device_detail.device_id": "", + "azure.signinlogs.properties.device_detail.operating_system": "MacOs", + "azure.signinlogs.properties.id": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "azure.signinlogs.properties.ip_address": "81.171.241.231", + "azure.signinlogs.properties.is_interactive": false, + "azure.signinlogs.properties.original_request_id": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "azure.signinlogs.properties.processing_time_ms": 239, + "azure.signinlogs.properties.risk_detail": "none", + "azure.signinlogs.properties.risk_level_aggregated": "none", + "azure.signinlogs.properties.risk_level_during_signin": "none", + "azure.signinlogs.properties.risk_state": "none", + "azure.signinlogs.properties.service_principal_id": "", + "azure.signinlogs.properties.status.error_code": 50140, + "azure.signinlogs.properties.token_issuer_name": "", + "azure.signinlogs.properties.token_issuer_type": "AzureAD", + "azure.signinlogs.properties.user_display_name": "Test LTest", + "azure.signinlogs.properties.user_id": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "azure.signinlogs.properties.user_principal_name": "test@elastic.co", + "azure.signinlogs.result_description": "This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.", + "azure.signinlogs.result_signature": "None", + "azure.tenant_id": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "cloud.provider": "azure", + "event.category": "SignInLogs", + "event.dataset": "azure.signinlogs", + "event.duration": 0.0, + "event.module": "azure", + "event.outcome": "50140", + "fileset.name": "signinlogs", + "geo.city_name": "Champs-Sur-Marne", + "geo.country_iso_code": "FR", + "geo.country_name": "Seine-Et-Marne", + "geo.location.lat": 48.12341234, + "geo.location.lon": 2.12341234, + "input.type": "log", + "log.level": 4, + "log.offset": 0, + "message": "This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.", + "service.type": "azure", + "source.ip": "81.171.241.231" + } +] \ No newline at end of file diff --git a/filebeat/module/cef/_meta/config.yml b/filebeat/module/cef/_meta/config.yml new file mode 100644 index 00000000000..6ea927cc972 --- /dev/null +++ b/filebeat/module/cef/_meta/config.yml @@ -0,0 +1,6 @@ +- module: cef + log: + enabled: true + var: + syslog_host: localhost + syslog_port: 9003 diff --git a/filebeat/module/cef/_meta/docs.asciidoc b/filebeat/module/cef/_meta/docs.asciidoc new file mode 100644 index 00000000000..00d2ab1e791 --- /dev/null +++ b/filebeat/module/cef/_meta/docs.asciidoc @@ -0,0 +1,140 @@ +[role="xpack"] + +:modulename: cef +:has-dashboards: false + +== CEF module + +This is a module for receiving Common Event Format (CEF) data over Syslog. When +messages are received over the syslog protocol the syslog input will parse the +header and set the timestamp value. Then the +<> processor is applied to parse the CEF +encoded data. The decoded data is written into a `cef` object field. Lastly any +Elastic Common Schema (ECS) fields that can be populated with the CEF data are +populated. + +include::../include/gs-link.asciidoc[] + +include::../include/configuring-intro.asciidoc[] + +:fileset_ex: log + +include::../include/config-option-intro.asciidoc[] + +[float] +==== `log` fileset settings + +*`var.syslog_host`*:: + +The interface to listen to UDP based syslog traffic. Defaults to `localhost`. +Set to `0.0.0.0` to bind to all available interfaces. + +*`var.syslog_port`*:: + +The UDP port to listen for syslog traffic. Defaults to `9003` + +NOTE: Ports below 1024 require Filebeat to run as root. + +[float] +==== Forcepoint NGFW Security Management Center + +This module will process CEF data from Forcepoint NGFW Security +Management Center (SMC). In the SMC configure the logs to be +forwarded to the address set in `var.syslog_host` in format CEF and +service UDP on `var.syslog_port`. Instructions can be found in +https://support.forcepoint.com/KBArticle?id=000015002[KB 15002] for +configuring the SMC. Testing was done with CEF logs from SMC version +6.6.1 and custom string mappings were taken from 'CEF Connector +Configuration Guide' dated December 5, 2011. + +[float] +==== Check Point devices + +This module will parse CEF data form Check Point devices as documented in +https://community.checkpoint.com/t5/Logging-and-Reporting/Log-Exporter-CEF-Field-Mappings/td-p/41060[Log Exporter CEF Field Mappings.] + +Check Point CEF extensions are mapped as follows: +[options="header"] +|======================================================================================================================= +| CEF Extension | CEF Label value | ECS Fields | Non-ECS Field | +| cp_app_risk | - | event.risk_score | checkpoint.app_risk | +| cp_severity | - | event.severity | checkpoint.severity | +| baseEventCount | - | - | checkpoint.event_count | +| deviceExternalId | - | observer.type | - | +| deviceFacility | - | observer.type | - | +| deviceInboundInterface | - | observer.ingress.interface.name | - | +| deviceOutboundInterface | - | observer.egress.interface.name | - | +| externalId | - | - | checkpoint.uuid | +| fileHash | - | file.hash.{md5,sha1} | - | +| reason | - | - | checkpoint.termination_reason | +| requestCookies | - | - | checkpoint.cookie | +| sourceNtDomain | - | dns.question.name | - | +| Signature | - | vulnerability.id | - | +| Recipient | - | destination.user.email | - | +| Sender | - | source.user.email | - | +| deviceCustomFloatingPoint1 | update version | observer.version | - | +| deviceCustomIPv6Address2 | source ipv6 address | source.ip | - | +| deviceCustomIPv6Address3 | destination ipv6 address | destination.ip | - | +.3+| deviceCustomNumber1 | elapsed time in seconds | event.duration | - | + | email recipients number | - | checkpoint.email_recipients_num | + | payload | network.bytes | - | +.2+| deviceCustomNumber2 | icmp type | - | checkpoint.icmp_type | + | duration in seconds | event.duration | - | +| deviceCustomNumber3 | icmp code | - | checkpoint.icmp_code | +.6+| deviceCustomString1 | connectivity state | - | checkpoint.connectivity_state | + | application rule name | rule.name | - | + | threat prevention rule name | rule.name | - | + | voip log type | - | checkpoint.voip_log_type | + | dlp rule name | rule.name | - | + | email id | - | checkpoint.email_id | +.8+| deviceCustomString2 | category | - | checkpoint.category | + | email subject | - | checkpoint.email_subject | + | sensor mode | - | checkpoint.sensor_mode | + | protection id | - | checkpoint.protection_id | + | scan invoke type | - | checkpoint.integrity_av_invoke_type | + | update status | - | checkpoint.update_status | + | peer gateway | - | checkpoint.peer_gateway | + | categories | rule.category | - | +.4+| deviceCustomString6 | application name | network.application | - | + | virus name | - | checkpoint.virus_name | + | malware name | - | checkpoint.spyware_name | + | malware family | - | checkpoint.malware_family | +.5+| deviceCustomString3 | user group | group.name | - | + | incident extension | - | checkpoint.incident_extension | + | protection type | - | checkpoint.protection_type | + | email spool id | - | checkpoint.email_spool_id | + | identity type | - | checkpoint.identity_type | +.9+| deviceCustomString4 | malware status | - | checkpoint.spyware_status | + | threat prevention rule id | rule.id | - | + | scan result | - | checkpoint.scan_result | + | tcp flags | - | checkpoint.tcp_flags | + | destination os | os.name | - | + | protection name | - | checkpoint.protection_name | + | email control | - | checkpoint.email_control | + | frequency | - | checkpoint.frequency | + | user response | - | checkpoint.user_status | +.4+| deviceCustomString5 | matched category | rule.category | - | + | vlan id | network.vlan.id | - | + | authentication method | - | checkpoint.auth_method | + | email session id | - | checkpoint.email_session_id | +| deviceCustomDate2 | subscription expiration | - | checkpoint.subs_exp | +| deviceFlexNumber1 | confidence | - | checkpoint.confidence_level | +.2+| deviceFlexNumber2 | performance impact | - | checkpoint.performance_impact | + | destination phone number | - | checkpoint.dst_phone_number | +| flexString1 | application signature id | - | checkpoint.app_sig_id | +.2+| flexString2 | malware action | rule.description | - | + | attack information | event.action | - | +| rule_uid | - | rule.uuid | - | +| ifname | - | observer.ingress.interface.name | - | +| inzone | - | observer.ingress.zone | - | +| outzone | - | observer.egress.zone | - | +| product | - | observer.product | - | +|======================================================================================================================= + + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: + diff --git a/filebeat/module/cef/_meta/fields.yml b/filebeat/module/cef/_meta/fields.yml new file mode 100644 index 00000000000..1ea96f71d81 --- /dev/null +++ b/filebeat/module/cef/_meta/fields.yml @@ -0,0 +1,7 @@ +- key: cef-module + title: CEF + description: > + Module for receiving CEF logs over Syslog. The module adds vendor + specific fields in addition to the fields the decode_cef processor + provides. + fields: diff --git a/filebeat/module/cef/_meta/kibana/7/dashboard/filebeat-cef-endpoint-os-activity.json b/filebeat/module/cef/_meta/kibana/7/dashboard/filebeat-cef-endpoint-os-activity.json new file mode 100644 index 00000000000..ae3cf1074e8 --- /dev/null +++ b/filebeat/module/cef/_meta/kibana/7/dashboard/filebeat-cef-endpoint-os-activity.json @@ -0,0 +1,1998 @@ +{ + "objects": [ + { + "attributes": { + "description": "Operating system activity from endpoints.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": "*" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "colors": { + "Count": "#64B0C8", + "Destination User Names": "#E24D42", + "Event Types": "#EF843C" + }, + "legendOpen": true + } + }, + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 0, + "y": 28 + }, + "panelIndex": "3", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 8, + "i": "4", + "w": 40, + "x": 0, + "y": 4 + }, + "panelIndex": "4", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 55k": "rgb(255,255,204)", + "110k - 165k": "rgb(254,225,135)", + "165k - 220k": "rgb(254,201,101)", + "220k - 275k": "rgb(254,171,73)", + "275k - 330k": "rgb(253,141,60)", + "330k - 385k": "rgb(252,91,46)", + "385k - 440k": "rgb(237,47,34)", + "440k - 495k": "rgb(212,16,32)", + "495k - 550k": "rgb(176,0,38)", + "55k - 110k": "rgb(255,241,170)" + }, + "legendOpen": false + } + }, + "gridData": { + "h": 12, + "i": "5", + "w": 24, + "x": 24, + "y": 28 + }, + "panelIndex": "5", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "7", + "w": 48, + "x": 0, + "y": 20 + }, + "panelIndex": "7", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "/Attempt": "#447EBC", + "/Failure": "#E24D42", + "/Success": "#7EB26D" + } + } + }, + "gridData": { + "h": 12, + "i": "8", + "w": 24, + "x": 24, + "y": 52 + }, + "panelIndex": "8", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 24, + "i": "9", + "w": 24, + "x": 0, + "y": 40 + }, + "panelIndex": "9", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "10", + "w": 24, + "x": 24, + "y": 40 + }, + "panelIndex": "10", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "11", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "11", + "panelRefName": "panel_7", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "12", + "w": 8, + "x": 40, + "y": 4 + }, + "panelIndex": "12", + "panelRefName": "panel_8", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "Destination Users": "#E24D42", + "Event Count": "#64B0C8" + } + } + }, + "gridData": { + "h": 8, + "i": "13", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "13", + "panelRefName": "panel_9", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 20, + "i": "14", + "w": 16, + "x": 32, + "y": 64 + }, + "panelIndex": "14", + "panelRefName": "panel_10", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 24, + "i": "15", + "w": 16, + "x": 32, + "y": 84 + }, + "panelIndex": "15", + "panelRefName": "panel_11", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "16", + "w": 32, + "x": 0, + "y": 80 + }, + "panelIndex": "16", + "panelRefName": "panel_12", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "17", + "w": 32, + "x": 0, + "y": 100 + }, + "panelIndex": "17", + "panelRefName": "panel_13", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "18", + "w": 32, + "x": 0, + "y": 64 + }, + "panelIndex": "18", + "panelRefName": "panel_14", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "19", + "w": 32, + "x": 0, + "y": 92 + }, + "panelIndex": "19", + "panelRefName": "panel_15", + "version": "7.3.0" + } + ], + "refreshInterval": { + "display": "Off", + "pause": false, + "value": 0 + }, + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Filebeat CEF] Endpoint OS Activity Dashboard", + "version": 1 + }, + "id": "9e352900-89c3-4c1b-863e-249e24d0dac9", + "migrationVersion": { + "dashboard": "7.3.0" + }, + "references": [ + { + "id": "59ad829b-12b8-4256-95a5-e7078eda628b", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "158d809a-89db-4ffa-88a1-eb5c4bf58d50", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "77ee0e91-010b-4897-b483-7e9a907d2afe", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "0f4028b2-3dc2-4cb6-80d8-285c847a02a1", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "e06d85f2-2da4-41e2-b2ab-f685b64bb3f9", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "2726382e-638a-4dcc-94fc-0ffdc0f92048", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "92aecea0-a632-4a55-bb56-50e4cdaca036", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "677891a1-90c4-4273-b126-f0e54689bd76", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "76c088c3-486e-4420-8840-5ede667edffe", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "5f187dc8-aa7e-4f91-a2d8-1186ce254d00", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "316fdc75-7215-4c6b-8e1b-70a097b34e28", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "6437e9bb-9ed1-4e2d-bb10-e63ccd35c409", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "4a7c10c7-4abd-47b4-b4c3-dee33377fbdf", + "name": "panel_12", + "type": "visualization" + }, + { + "id": "acc915fe-b971-4795-9040-3fbfdf62abe1", + "name": "panel_13", + "type": "visualization" + }, + { + "id": "4e25b5ce-53c3-46fc-b5e5-71d3c52f1956", + "name": "panel_14", + "type": "visualization" + }, + { + "id": "8cd00d20-957d-4663-be4d-ea80b1609586", + "name": "panel_15", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2019-10-25T16:30:02.301Z", + "version": "WzEyNTksMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Source Users by Event Type and Destination Users [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Types", + "field": "cef.extensions.categoryBehavior" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination User Names", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Source Users" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Event Types" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + }, + { + "data": { + "id": "4", + "label": "Destination User Names" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "title": "Source Users by Event Type and Destination Users [Filebeat CEF]", + "type": "histogram" + } + }, + "id": "59ad829b-12b8-4256-95a5-e7078eda628b", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:02.301Z", + "version": "WzEyNjAsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Endpoint OS Metrics Overview [Filebeat CEF]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Event Types", + "field": "cef.extensions.categoryBehavior" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Outcomes", + "field": "cef.extensions.categoryOutcome" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "20", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "Endpoint OS Metrics Overview [Filebeat CEF]", + "type": "metric" + } + }, + "id": "158d809a-89db-4ffa-88a1-eb5c4bf58d50", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:02.301Z", + "version": "WzEyNjEsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Behaviors by Outcome [Filebeat CEF]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 9,000": "rgb(255,255,204)", + "18,000 - 27,000": "rgb(254,225,135)", + "27,000 - 36,000": "rgb(254,201,101)", + "36,000 - 45,000": "rgb(254,171,73)", + "45,000 - 54,000": "rgb(253,141,60)", + "54,000 - 63,000": "rgb(252,91,46)", + "63,000 - 72,000": "rgb(237,47,34)", + "72,000 - 81,000": "rgb(212,16,32)", + "81,000 - 90,000": "rgb(176,0,38)", + "9,000 - 18,000": "rgb(255,241,170)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Type", + "field": "cef.extensions.categoryBehavior", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Yellow to Red", + "colorsNumber": 10, + "colorsRange": [], + "enableHover": true, + "invertColors": false, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "title": "Top 10 Behaviors by Outcome [Filebeat CEF]", + "type": "heatmap" + } + }, + "id": "77ee0e91-010b-4897-b483-7e9a907d2afe", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:02.301Z", + "version": "WzEyNjIsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Events by Outcomes [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\"" + }, + "id": "74716d29-91c6-4095-bc7d-7f6700f12b1f", + "index_pattern": "filebeat-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": "0", + "formatter": "number", + "hide_in_legend": 0, + "id": "932c5de4-f841-4f27-99e4-60d95d3aa16c", + "label": "Event Outcomes", + "line_width": "3", + "metrics": [ + { + "id": "4c263b6d-8117-43c6-b83f-5c4145f43cfc", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": "cef.extensions.categoryOutcome:\"/Failure\"", + "id": "94371b84-a7aa-4824-b4d1-217ecbe725a5", + "label": "Failure" + }, + { + "color": "rgba(104,188,0,1)", + "filter": "cef.extensions.categoryOutcome:\"/Success\"", + "id": "31564794-9278-4f2e-bb20-557f5cfbea79", + "label": "Success" + }, + { + "color": "rgba(251,158,0,1)", + "filter": "cef.extensions.categoryOutcome:\"/Attempt\"", + "id": "10c0f919-0853-41b5-94b4-2e39932e7aa0", + "label": "Attempt" + } + ], + "split_mode": "filters", + "stacked": "none", + "terms_field": "cef.extensions.categoryOutcome", + "terms_size": "3" + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,182,204,1)", + "fill": 0.5, + "formatter": "number", + "id": "c9eca9d0-c2e0-45e6-a3ce-f158c40fdd74", + "label": "Event Count", + "line_width": 1, + "metrics": [ + { + "id": "6d8513ca-cc72-4b27-91b6-6b689558cdcb", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_mode": "everything", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Events by Outcomes [Filebeat CEF]", + "type": "metrics" + } + }, + "id": "0f4028b2-3dc2-4cb6-80d8-285c847a02a1", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-10-25T16:30:02.301Z", + "version": "WzEyNjMsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 20 Behaviors by Outcome [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Behavior", + "field": "cef.extensions.categoryBehavior", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 3 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Top 20 Behaviors by Outcome [Filebeat CEF]", + "type": "pie" + } + }, + "id": "e06d85f2-2da4-41e2-b2ab-f685b64bb3f9", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:02.301Z", + "version": "WzEyNjQsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 15 Event Types by Events [Filebeat CEF]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Types", + "field": "cef.extensions.categoryBehavior", + "order": "desc", + "orderBy": "1", + "size": 15 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Users", + "field": "source.user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Source Hosts", + "field": "source.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destination Hosts", + "field": "destination.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "listeners": {}, + "params": { + "perPage": 15, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top 15 Event Types by Events [Filebeat CEF]", + "type": "table" + } + }, + "id": "2726382e-638a-4dcc-94fc-0ffdc0f92048", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:02.301Z", + "version": "WzEyNjUsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 5 Vendors by Product [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "OS Vendor", + "field": "cef.device.vendor", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "OS Product", + "field": "cef.device.product", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Top 5 Vendors by Product [Filebeat CEF]", + "type": "pie" + } + }, + "id": "92aecea0-a632-4a55-bb56-50e4cdaca036", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:02.301Z", + "version": "WzEyNjYsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": " Dashboard Navigation [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/56428e01-0c47-4770-8ba4-9345a029ea41)" + }, + "title": " Dashboard Navigation [Filebeat CEF]", + "type": "markdown" + } + }, + "id": "677891a1-90c4-4273-b126-f0e54689bd76", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-10-25T16:30:06.345Z", + "version": "WzEzMzYsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Endpoint - OS Average EPS [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "ce9549a0-3af0-4070-b169-4b6d145d4c39" + } + ], + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\"" + }, + "gauge_color_rules": [ + { + "id": "03a2fd72-fc9c-4582-9133-20af36217180" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "94161c6c-4f48-4beb-9d78-f79f29c02a34", + "index_pattern": "filebeat-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "type": "count" + }, + { + "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "id": "89f8286e-4aec-4cb4-83ad-b139692edf3d", + "type": "cumulative_sum" + }, + { + "field": "89f8286e-4aec-4cb4-83ad-b139692edf3d", + "id": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", + "gamma": 0.3, + "id": "f46a6e6e-444f-4c7e-b5eb-e1a59568f2eb", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "offset_time": "1m", + "point_size": 1, + "seperate_axis": 0, + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Endpoint - OS Average EPS [Filebeat CEF]", + "type": "metrics" + } + }, + "id": "76c088c3-486e-4420-8840-5ede667edffe", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-10-25T16:30:02.301Z", + "version": "WzEyNjgsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Events by Source and Destination Users [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timestamp", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Users", + "field": "source.user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Timestamp" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Event Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Source Users" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + }, + { + "data": { + "id": "4", + "label": "Destination Users" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Event Count" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "title": "Events by Source and Destination Users [Filebeat CEF]", + "type": "histogram" + } + }, + "id": "5f187dc8-aa7e-4f91-a2d8-1186ce254d00", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:02.301Z", + "version": "WzEyNjksMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Sources by Destinations [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Host", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Host", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "bottom" + }, + "title": "Top 10 Sources by Destinations [Filebeat CEF]", + "type": "pie" + } + }, + "id": "316fdc75-7215-4c6b-8e1b-70a097b34e28", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:02.301Z", + "version": "WzEyNzAsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Source Users by Destination Users [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "bottom" + }, + "title": "Top 10 Source Users by Destination Users [Filebeat CEF]", + "type": "pie" + } + }, + "id": "6437e9bb-9ed1-4e2d-bb10-e63ccd35c409", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:02.301Z", + "version": "WzEyNzEsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Destinations [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Hosts", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "scale": "linear" + }, + "title": "Top 10 Destinations [Filebeat CEF]", + "type": "tagcloud" + } + }, + "id": "4a7c10c7-4abd-47b4-b4c3-dee33377fbdf", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:02.301Z", + "version": "WzEyNzIsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Destination Users [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "scale": "linear" + }, + "title": "Top 10 Destination Users [Filebeat CEF]", + "type": "tagcloud" + } + }, + "id": "acc915fe-b971-4795-9040-3fbfdf62abe1", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:02.301Z", + "version": "WzEyNzMsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Sources [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Hosts", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "scale": "linear" + }, + "title": "Top 10 Sources [Filebeat CEF]", + "type": "tagcloud" + } + }, + "id": "4e25b5ce-53c3-46fc-b5e5-71d3c52f1956", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:02.301Z", + "version": "WzEyNzQsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Source Users [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "scale": "linear" + }, + "title": "Top 10 Source Users [Filebeat CEF]", + "type": "tagcloud" + } + }, + "id": "8cd00d20-957d-4663-be4d-ea80b1609586", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:02.301Z", + "version": "WzEyNzUsMV0=" + }, + { + "attributes": { + "columns": [ + "cef.device.vendor", + "cef.device.product", + "message", + "cef.device.event_class_id", + "cef.extensions.deviceEventCategory", + "source.user.name", + "destination.user.name", + "destination.domain", + "cef.extensions.categoryBehavior", + "cef.extensions.categoryOutcome", + "cef.extensions.sourceNtDomain", + "cef.extensions.destinationNtDomain" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\"" + } + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Endpoint - OS Events [Filebeat CEF]", + "version": 1 + }, + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "migrationVersion": { + "search": "7.4.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2019-10-25T16:30:02.301Z", + "version": "WzEyNzYsMV0=" + } + ], + "version": "7.4.1" +} diff --git a/filebeat/module/cef/_meta/kibana/7/dashboard/filebeat-cef-endpoint-overview.json b/filebeat/module/cef/_meta/kibana/7/dashboard/filebeat-cef-endpoint-overview.json new file mode 100644 index 00000000000..013f1ca1589 --- /dev/null +++ b/filebeat/module/cef/_meta/kibana/7/dashboard/filebeat-cef-endpoint-overview.json @@ -0,0 +1,1765 @@ +{ + "objects": [ + { + "attributes": { + "description": "Summary of endpoint event data.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": "*" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "1", + "w": 8, + "x": 40, + "y": 4 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "gridData": { + "h": 12, + "i": "2", + "w": 24, + "x": 24, + "y": 32 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 0, + "y": 32 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "5", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "5", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "6", + "w": 24, + "x": 24, + "y": 44 + }, + "panelIndex": "6", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 8, + "i": "7", + "w": 40, + "x": 0, + "y": 4 + }, + "panelIndex": "7", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "gridData": { + "h": 12, + "i": "8", + "w": 24, + "x": 0, + "y": 44 + }, + "panelIndex": "8", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "columns": [ + "cef.extensions.categoryDeviceGroup", + "cef.extensions.categoryTechnique", + "cef.extensions.categoryOutcome", + "cef.extensions.categorySignificance", + "cef.extensions.categoryObject", + "cef.extensions.categoryBehavior", + "cef.extensions.categoryDeviceType" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 20, + "i": "9", + "w": 48, + "x": 0, + "y": 76 + }, + "panelIndex": "9", + "panelRefName": "panel_7", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "10", + "w": 24, + "x": 24, + "y": 56 + }, + "panelIndex": "10", + "panelRefName": "panel_8", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "Anti-Virus": "#EAB839", + "Database": "#629E51", + "Host-based IDS/IPS": "#E0752D", + "Operating System": "#BF1B00", + "Security Mangement": "#64B0C8" + } + } + }, + "gridData": { + "h": 12, + "i": "11", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "11", + "panelRefName": "panel_9", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 20, + "i": "12", + "w": 24, + "x": 0, + "y": 56 + }, + "panelIndex": "12", + "panelRefName": "panel_10", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Informational": "#7EB26D", + "/Informational/Warning": "#EF843C", + "/Success": "#629E51", + "Anti-Virus": "#EAB839", + "Database": "#629E51", + "Host-based IDS/IPS": "#E0752D", + "Log Consolidator": "#E0F9D7", + "Operating System": "#BF1B00", + "Recon": "#BF1B00", + "Security Mangement": "#64B0C8" + } + } + }, + "gridData": { + "h": 12, + "i": "14", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "14", + "panelRefName": "panel_11", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "15", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "15", + "panelRefName": "panel_12", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "mapCenter": [ + 12.897489183755892, + 0 + ], + "mapZoom": 1 + }, + "gridData": { + "h": 12, + "i": "17", + "w": 24, + "x": 24, + "y": 64 + }, + "panelIndex": "17", + "panelRefName": "panel_13", + "version": "7.3.0" + } + ], + "refreshInterval": { + "display": "Off", + "pause": false, + "value": 0 + }, + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Filebeat CEF] Endpoint Overview Dashboard", + "version": 1 + }, + "id": "c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b", + "migrationVersion": { + "dashboard": "7.3.0" + }, + "references": [ + { + "id": "9457ee67-895f-4b78-a543-268f9687a745", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "fe7b63d1-dbc7-4376-af7f-ace97a9f2e60", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "89998099-9a39-44cf-beba-5b97f0524cf9", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "718b074e-3dd1-4d03-ba11-7f869cdcd703", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "c5120e27-1f8c-41e3-83ee-78ec4d470c2f", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "7454c034-c5f3-48fe-8fce-ef4385c80350", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "118af639-1f37-4541-a960-5a3ff0613e0e", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "panel_7", + "type": "search" + }, + { + "id": "74d2c072-6dfd-4249-8e63-dc7b0cf3c960", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "f57734dd-0f32-42b4-94dd-5d597f6735e1", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "295986d4-d2ea-4541-8e82-7dc95c0cd830", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "5bf6e4dc-4273-4e1e-a803-04347eebeb53", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "677891a1-90c4-4273-b126-f0e54689bd76", + "name": "panel_12", + "type": "visualization" + }, + { + "id": "aaa80503-6d96-4a33-806f-b8a10aefe696", + "name": "panel_13", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2019-10-25T16:30:03.318Z", + "version": "WzEyNzcsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Endpoint Average EPS [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "85a1c642-9781-430d-b84b-b28cb2a42fb4" + } + ], + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Host\" OR cef.extensions.categoryDeviceGroup:\"/Application\"" + }, + "gauge_color_rules": [ + { + "id": "03a2fd72-fc9c-4582-9133-20af36217180" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "b7a85957-123e-4e25-9e8e-ff7992c9b2b9", + "index_pattern": "filebeat-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "type": "count" + }, + { + "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "id": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", + "type": "cumulative_sum" + }, + { + "field": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", + "id": "215c5225-5368-40e6-8fcd-2b0026babba0", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "215c5225-5368-40e6-8fcd-2b0026babba0", + "gamma": 0.3, + "id": "f4dfe09a-e397-4287-ab99-3206516cded3", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Endpoint Average EPS [Filebeat CEF]", + "type": "metrics" + } + }, + "id": "9457ee67-895f-4b78-a543-268f9687a745", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-10-25T16:30:03.318Z", + "version": "WzEyNzgsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Destination Ports by Outcomes [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "destination.port: Descending" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": true, + "mode": "normal", + "setYExtents": false, + "type": "square root" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "title": "Destination Ports by Outcomes [Filebeat CEF]", + "type": "histogram" + } + }, + "id": "fe7b63d1-dbc7-4376-af7f-ace97a9f2e60", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:03.318Z", + "version": "WzEyNzksMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Outcomes Breakdown [Filebeat CEF]", + "uiStateJSON": { + "vis": { + "colors": { + "/Attempt": "#3F2B5B", + "/Failure": "#BF1B00" + }, + "legendOpen": true + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Time", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Time" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "title": "Outcomes Breakdown [Filebeat CEF]", + "type": "area" + } + }, + "id": "89998099-9a39-44cf-beba-5b97f0524cf9", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:03.318Z", + "version": "WzEyODAsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Events by Device [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Host\" OR cef.extensions.categoryDeviceGroup:\"/Application\"" + }, + "id": "fd1ffeb6-678e-4163-9421-6a164fd59048", + "index_pattern": "filebeat-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(254,37,37,1)", + "fill": "0", + "formatter": "number", + "id": "6a10f77d-4e26-4b27-9c19-f1b0029b075b", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", + "gamma": 0.3, + "id": "59675e84-1a8e-41df-9f63-875109bd795a", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": "cef.extensions.categoryDeviceGroup:\"/Operating System\" ", + "id": "d9a580c3-eb83-4d20-a391-0934d7df8837", + "label": "Operating System" + }, + { + "color": "rgba(254,146,0,1)", + "filter": " cef.extensions.categoryDeviceGroup:\"/IDS/Host\"", + "id": "9ce8be14-6191-4c9a-a679-e3992fdab8d2", + "label": "Host IDS" + }, + { + "color": "rgba(252,220,0,1)", + "filter": "cef.extensions.categoryDeviceGroup:\"/Application\"", + "id": "262ecd54-a042-4bfb-b489-d7db8431c36e", + "label": "Application" + } + ], + "split_mode": "filters", + "stacked": "none" + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "92e98952-8e25-472f-abb5-05a7d9b830ea", + "label": "Moving Average by Device HostNames", + "line_width": 1, + "metrics": [ + { + "id": "3df841a9-5997-4a1a-ad8f-69620d23e65b", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "3df841a9-5997-4a1a-ad8f-69620d23e65b", + "gamma": 0.3, + "id": "9765367a-0fc2-45ba-88a8-e87991210edd", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_mode": "terms", + "stacked": "none", + "terms_field": "observer.hostname" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Events by Device [Filebeat CEF]", + "type": "metrics" + } + }, + "id": "718b074e-3dd1-4d03-ba11-7f869cdcd703", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-10-25T16:30:03.318Z", + "version": "WzEyODEsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Destination Port [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear" + }, + "title": "Top 10 Destination Port [Filebeat CEF]", + "type": "tagcloud" + } + }, + "id": "c5120e27-1f8c-41e3-83ee-78ec4d470c2f", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:03.318Z", + "version": "WzEyODIsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Endpoint Metrics Overview [Filebeat CEF]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Port", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "Endpoint Metrics Overview [Filebeat CEF]", + "type": "metric" + } + }, + "id": "7454c034-c5f3-48fe-8fce-ef4385c80350", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:03.318Z", + "version": "WzEyODMsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Outcomes by Device Type [Filebeat CEF]", + "uiStateJSON": { + "vis": { + "colors": { + "/Failure": "#BF1B00" + }, + "legendOpen": true + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "cef.extensions.categoryDeviceType: Descending" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "title": "Outcomes by Device Type [Filebeat CEF]", + "type": "histogram" + } + }, + "id": "118af639-1f37-4541-a960-5a3ff0613e0e", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:03.318Z", + "version": "WzEyODQsMV0=" + }, + { + "attributes": { + "columns": [ + "cef.extensions.categoryDeviceGroup", + "cef.extensions.categoryTechnique", + "cef.extensions.categoryOutcome", + "cef.extensions.categorySignificance", + "cef.extensions.categoryObject", + "cef.extensions.categoryBehavior", + "cef.extensions.categoryDeviceType" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Host\" OR cef.extensions.categoryDeviceGroup:\"/Application\"" + } + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Endpoint Event Explorer [Filebeat CEF]", + "version": 1 + }, + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "migrationVersion": { + "search": "7.4.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2019-10-25T16:30:03.318Z", + "version": "WzEyODUsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 5 Source Countries [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear" + }, + "title": "Top 5 Source Countries [Filebeat CEF]", + "type": "tagcloud" + } + }, + "id": "74d2c072-6dfd-4249-8e63-dc7b0cf3c960", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:03.318Z", + "version": "WzEyODYsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Device Types by Vendor [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "exclude": "Network-based IDS/IPS", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "exclude": "", + "field": "cef.device.vendor", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "legendPosition": "right" + }, + "title": "Device Types by Vendor [Filebeat CEF]", + "type": "pie" + } + }, + "id": "f57734dd-0f32-42b4-94dd-5d597f6735e1", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:03.318Z", + "version": "WzEyODcsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Source Countries by Event [Filebeat CEF]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 35 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top 10 Source Countries by Event [Filebeat CEF]", + "type": "table" + } + }, + "id": "295986d4-d2ea-4541-8e82-7dc95c0cd830", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:03.318Z", + "version": "WzEyODgsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Outcomes by User Names [Filebeat CEF]", + "uiStateJSON": { + "vis": { + "colors": { + "/Informational": "#7EB26D", + "/Informational/Warning": "#EF843C", + "/Success": "#64B0C8", + "Anti-Virus": "#B7DBAB", + "Host-based IDS/IPS": "#629E51", + "Log Consolidator": "#E0F9D7", + "Operating System": "#3F6833", + "Recon": "#BF1B00", + "Security Mangement": "#CFFAFF" + }, + "legendOpen": true + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "exclude": "Network-based IDS/IPS", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "6", + "params": { + "field": "destination.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "legendPosition": "right" + }, + "title": "Outcomes by User Names [Filebeat CEF]", + "type": "pie" + } + }, + "id": "5bf6e4dc-4273-4e1e-a803-04347eebeb53", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:03.318Z", + "version": "WzEyODksMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": " Dashboard Navigation [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/56428e01-0c47-4770-8ba4-9345a029ea41)" + }, + "title": " Dashboard Navigation [Filebeat CEF]", + "type": "markdown" + } + }, + "id": "677891a1-90c4-4273-b126-f0e54689bd76", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-10-25T16:30:06.345Z", + "version": "WzEzMzYsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top Destination Locations by Event [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "destination.geo.location", + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 0, + "heatMinOpacity": 0.1, + "heatNormalizeData": true, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Shaded Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "Top Destination Locations by Event [Filebeat CEF]", + "type": "tile_map" + } + }, + "id": "aaa80503-6d96-4a33-806f-b8a10aefe696", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:03.318Z", + "version": "WzEyOTEsMV0=" + } + ], + "version": "7.4.1" +} diff --git a/filebeat/module/cef/_meta/kibana/7/dashboard/filebeat-cef-microsoft-dns.json b/filebeat/module/cef/_meta/kibana/7/dashboard/filebeat-cef-microsoft-dns.json new file mode 100644 index 00000000000..68bbc36f703 --- /dev/null +++ b/filebeat/module/cef/_meta/kibana/7/dashboard/filebeat-cef-microsoft-dns.json @@ -0,0 +1,1796 @@ +{ + "objects": [ + { + "attributes": { + "description": "Overview of Microsoft DNS activity.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": "*" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "1", + "w": 8, + "x": 40, + "y": 4 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 8, + "i": "3", + "w": 40, + "x": 0, + "y": 4 + }, + "panelIndex": "3", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 18k": "rgb(247,251,255)", + "108k - 126k": "rgb(74,152,201)", + "126k - 144k": "rgb(46,126,188)", + "144k - 162k": "rgb(23,100,171)", + "162k - 180k": "rgb(8,74,145)", + "18k - 36k": "rgb(227,238,249)", + "36k - 54k": "rgb(208,225,242)", + "54k - 72k": "rgb(182,212,233)", + "72k - 90k": "rgb(148,196,223)", + "90k - 108k": "rgb(107,174,214)" + }, + "legendOpen": false + } + }, + "gridData": { + "h": 16, + "i": "5", + "w": 24, + "x": 0, + "y": 32 + }, + "panelIndex": "5", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "6", + "w": 48, + "x": 0, + "y": 48 + }, + "panelIndex": "6", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "7", + "w": 24, + "x": 24, + "y": 32 + }, + "panelIndex": "7", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "9", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "9", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 16, + "i": "11", + "w": 24, + "x": 24, + "y": 56 + }, + "panelIndex": "11", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "12", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "12", + "panelRefName": "panel_7", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 16, + "i": "13", + "w": 24, + "x": 0, + "y": 56 + }, + "panelIndex": "13", + "panelRefName": "panel_8", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "14", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "14", + "panelRefName": "panel_9", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "15", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "15", + "panelRefName": "panel_10", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "mapCenter": [ + 12.211180191503997, + 0 + ], + "mapZoom": 1 + }, + "gridData": { + "h": 12, + "i": "16", + "w": 24, + "x": 24, + "y": 72 + }, + "panelIndex": "16", + "panelRefName": "panel_11", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "mapCenter": [ + -0.17578097424708533, + 0 + ], + "mapZoom": 1 + }, + "gridData": { + "h": 12, + "i": "17", + "w": 24, + "x": 0, + "y": 72 + }, + "panelIndex": "17", + "panelRefName": "panel_12", + "version": "7.3.0" + } + ], + "refreshInterval": { + "display": "Off", + "pause": false, + "value": 0 + }, + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Filebeat CEF] Microsoft DNS Overview", + "version": 1 + }, + "id": "56428e01-0c47-4770-8ba4-9345a029ea41", + "migrationVersion": { + "dashboard": "7.3.0" + }, + "references": [ + { + "id": "7e2b0659-0760-4182-8b29-3ee69f26bc6f", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "249e2737-b41f-4115-b303-88bc9d279655", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "566d8b4e-ec5c-4b8b-bd68-3cc9cb236110", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "759e8dc3-0fdb-4cb6-ba47-87a2e2ff8df3", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "fcf798a8-db8f-4492-827b-8fa7581108a9", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "f0e60404-ddf4-4b46-8e45-e28c4fb6d60d", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "1b9cc5b7-7747-49de-96b1-a4bc7f675716", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "677891a1-90c4-4273-b126-f0e54689bd76", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "26a65f68-d7a6-4b47-befc-c5a6819bb91b", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "16aef3e9-e33b-4bab-b32f-d8c5b1263ac0", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "f3c573ad-2c16-4de5-9ec3-0a47141d4fa0", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "1b521f56-8089-433f-88f7-56aba867e07d", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "581a296e-e34a-48f1-93e4-fc4bdadfc68d", + "name": "panel_12", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2019-10-25T16:30:04.348Z", + "version": "WzEyOTIsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "DNS - Event Throughput [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3eadd451-5033-423f-88e3-814cc5e50b50" + } + ], + "bar_color_rules": [ + { + "id": "fa374805-d1ca-4261-b723-9b482a7dd43a" + } + ], + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "gauge_color_rules": [ + { + "gauge": null, + "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "id": "73968651-c41e-473e-a153-a025f49d1a1b", + "index_pattern": "filebeat-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "90d7621e-3265-4fe8-8882-8df9605ea659", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "type": "count" + }, + { + "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "id": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", + "type": "cumulative_sum" + }, + { + "field": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", + "id": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", + "gamma": 0.3, + "id": "48026f85-83c8-40e6-aff4-71f3bd6c77c9", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "DNS - Event Throughput [Filebeat CEF]", + "type": "metrics" + } + }, + "id": "7e2b0659-0760-4182-8b29-3ee69f26bc6f", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-10-25T16:30:04.348Z", + "version": "WzEyOTMsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "DNS Metrics Overview [Filebeat CEF]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Threads", + "field": "cef.extensions.deviceCustomString1" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "OpCodes", + "field": "cef.extensions.deviceCustomString2" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Activity Types", + "field": "cef.device.event_class_id" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "32", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "type": "gauge" + }, + "title": "DNS Metrics Overview [Filebeat CEF]", + "type": "metric" + } + }, + "id": "249e2737-b41f-4115-b303-88bc9d279655", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "f85a3444-8a43-4e46-b872-4e44bc25d0f3", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:04.348Z", + "version": "WzEyOTQsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top Destinations by Traffic Size [Filebeat CEF]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 18k": "rgb(247,251,255)", + "108k - 126k": "rgb(74,152,201)", + "126k - 144k": "rgb(46,126,188)", + "144k - 162k": "rgb(23,100,171)", + "162k - 180k": "rgb(8,74,145)", + "18k - 36k": "rgb(227,238,249)", + "36k - 54k": "rgb(208,225,242)", + "54k - 72k": "rgb(182,212,233)", + "72k - 90k": "rgb(148,196,223)", + "90k - 108k": "rgb(107,174,214)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "filters": [ + { + "input": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "label": "Inbound" + }, + { + "input": { + "language": "lucene", + "query": "deviceDirection:\"1\"" + }, + "label": "Outbound" + } + ] + }, + "schema": "segment", + "type": "filters" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Blues", + "colorsNumber": 10, + "colorsRange": [ + { + "from": 0, + "to": null + } + ], + "enableHover": true, + "invertColors": false, + "legendPosition": "top", + "percentageMode": false, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "title": "Top Destinations by Traffic Size [Filebeat CEF]", + "type": "heatmap" + } + }, + "id": "566d8b4e-ec5c-4b8b-bd68-3cc9cb236110", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "f85a3444-8a43-4e46-b872-4e44bc25d0f3", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:04.348Z", + "version": "WzEyOTUsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Event Types [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cef.device.event_class_id", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "maxFontSize": 50, + "minFontSize": 12, + "orientation": "single", + "scale": "square root" + }, + "title": "Top 10 Event Types [Filebeat CEF]", + "type": "tagcloud" + } + }, + "id": "759e8dc3-0fdb-4cb6-ba47-87a2e2ff8df3", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "f85a3444-8a43-4e46-b872-4e44bc25d0f3", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:04.348Z", + "version": "WzEyOTYsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Event Types by Size [Filebeat CEF]", + "uiStateJSON": { + "vis": { + "colors": { + "Count": "#64B0C8", + "Total (Bytes)": "#E24D42" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Type", + "field": "cef.device.event_class_id", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Total (Bytes)", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Event Type" + }, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + }, + "valueAxis": null + }, + "legendPosition": "right", + "orderBucketsBySum": false, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Total (Bytes)" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": false, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Total (Bytes)" + }, + "type": "value" + } + ] + }, + "title": "Event Types by Size [Filebeat CEF]", + "type": "histogram" + } + }, + "id": "fcf798a8-db8f-4492-827b-8fa7581108a9", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "f85a3444-8a43-4e46-b872-4e44bc25d0f3", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:04.348Z", + "version": "WzEyOTcsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Events Types by Severity [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "db54ebce-9dd2-4a1e-b476-b3ddb9a9024e", + "index_pattern": "filebeat-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "81da76ca-1112-4d91-82f4-c66cd3156a84", + "label": "Cumulative Bytes", + "line_width": "3", + "metrics": [ + { + "field": "source.bytes", + "id": "521d560c-321a-4410-9eb3-2b2bf3f4efee", + "type": "count" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": "(event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\")", + "id": "3f31a7e4-acf3-4f2d-8b7d-e30522325b2a", + "label": "HIGH" + }, + { + "color": "rgba(254,146,0,1)", + "filter": "(event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\")", + "id": "7949d31b-8aae-433a-b7cf-6939a8728cc9", + "label": "MEDIUM" + }, + { + "color": "rgba(252,220,0,1)", + "filter": "(NOT (event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\" OR event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\"))", + "id": "d2627211-5f9e-4c65-8a47-1cd6f085939d", + "label": "LOW" + } + ], + "split_mode": "filters", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "a5fda184-fdd6-4221-ab59-492eab162f0a", + "label": "Count by Event Type", + "line_width": 1, + "metrics": [ + { + "id": "e147ba1c-b13a-496f-9841-b99ddee81c5a", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "cef.device.event_class_id", + "terms_size": "20" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Events Types by Severity [Filebeat CEF]", + "type": "metrics" + } + }, + "id": "f0e60404-ddf4-4b46-8e45-e28c4fb6d60d", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-10-25T16:30:04.348Z", + "version": "WzEyOTgsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Destinations by Size [Filebeat CEF]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destinations", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top 10 Destinations by Size [Filebeat CEF]", + "type": "table" + } + }, + "id": "1b9cc5b7-7747-49de-96b1-a4bc7f675716", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "f85a3444-8a43-4e46-b872-4e44bc25d0f3", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:04.348Z", + "version": "WzEyOTksMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": " Dashboard Navigation [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/56428e01-0c47-4770-8ba4-9345a029ea41)" + }, + "title": " Dashboard Navigation [Filebeat CEF]", + "type": "markdown" + } + }, + "id": "677891a1-90c4-4273-b126-f0e54689bd76", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-10-25T16:30:06.345Z", + "version": "WzEzMzYsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Sources by Size [Filebeat CEF]", + "uiStateJSON": { + "P-11": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-13": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-2": { + "mapCenter": [ + -0.17578097424708533, + 0 + ], + "mapZoom": 0 + }, + "P-3": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "P-4": { + "mapCenter": [ + -0.17578097424708533, + 0 + ], + "mapZoom": 0 + }, + "P-5": { + "vis": { + "defaultColors": { + "0 - 18,000": "rgb(247,251,255)", + "108,000 - 126,000": "rgb(74,152,201)", + "126,000 - 144,000": "rgb(46,126,188)", + "144,000 - 162,000": "rgb(23,100,171)", + "162,000 - 180,000": "rgb(8,74,145)", + "18,000 - 36,000": "rgb(227,238,249)", + "36,000 - 54,000": "rgb(208,225,242)", + "54,000 - 72,000": "rgb(182,212,233)", + "72,000 - 90,000": "rgb(148,196,223)", + "90,000 - 108,000": "rgb(107,174,214)" + }, + "legendOpen": false + } + }, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Sources", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destinations", + "field": "destination.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top 10 Sources by Size [Filebeat CEF]", + "type": "table" + } + }, + "id": "26a65f68-d7a6-4b47-befc-c5a6819bb91b", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "f85a3444-8a43-4e46-b872-4e44bc25d0f3", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:04.348Z", + "version": "WzEzMDEsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Events by Direction [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "be556a57-cd1c-496c-8714-0bd210947c85", + "index_pattern": "filebeat-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": "0.2", + "filter": { + "language": "lucene", + "query": "device" + }, + "formatter": "number", + "id": "9aae7344-9de9-4378-b21d-296cb964f93b", + "label": "Inbound Requests", + "line_width": 1, + "metrics": [ + { + "id": "1cd0b964-45cf-408e-a7e4-e26955f8a3b0", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_filters": [ + { + "color": "rgba(0,156,224,1)", + "filter": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "id": "f860f6e0-fbd4-4949-8046-6300322dfe84", + "label": "Inbound Requests" + } + ], + "split_mode": "filters", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": "0.2", + "formatter": "number", + "id": "ed1abe18-e01b-4202-9db4-06fda10692e0", + "label": "Outbound Requests", + "line_width": 1, + "metrics": [ + { + "id": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", + "type": "count" + }, + { + "id": "6bc37118-ddac-41ec-85b3-9db7e1b3636b", + "script": "params.outbound \u003e 0 ? params.outbound * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", + "id": "f73f4f22-03d5-446a-b031-04eee531e3cc", + "name": "outbound" + } + ] + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_filters": [ + { + "color": "rgba(211,49,21,1)", + "filter": "deviceDirection:\"1\"", + "id": "a9c50e1b-8f11-4bc2-9077-bb8870ed0b62", + "label": "Outbound Requests" + } + ], + "split_mode": "filters", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Events by Direction [Filebeat CEF]", + "type": "metrics" + } + }, + "id": "16aef3e9-e33b-4bab-b32f-d8c5b1263ac0", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-10-25T16:30:04.348Z", + "version": "WzEzMDIsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Events by Size [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "6e634117-6b30-411c-b74c-75510befe42f", + "index_pattern": "filebeat-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "formatter": "bytes", + "id": "28b1fb5b-0f16-4519-b901-4dd2dcc39915", + "label": "Inbound Bytes", + "line_width": "2", + "metrics": [ + { + "field": "source.bytes", + "id": "f613f33f-6459-4e46-a3a0-c36c48c46b2e", + "type": "sum" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_mode": "filter", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "deviceDirection:\"1\"" + }, + "formatter": "bytes", + "id": "5a5c2529-4990-4006-b039-c94069ff6b7e", + "label": "Outbound Bytes", + "line_width": "2", + "metrics": [ + { + "field": "source.bytes", + "id": "b69501e7-56d5-4c38-81d1-34d778c81e11", + "type": "sum" + }, + { + "id": "0aaab374-5845-44ab-94f5-ac4fab25c287", + "script": "params.outbound_bytes \u003e= 0 ? params.outbound_bytes * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "b69501e7-56d5-4c38-81d1-34d778c81e11", + "id": "23b8c41c-0e98-4ace-8bca-3593e46cd955", + "name": "outbound_bytes" + } + ] + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_mode": "filter", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Events by Size [Filebeat CEF]", + "type": "metrics" + } + }, + "id": "f3c573ad-2c16-4de5-9ec3-0a47141d4fa0", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-10-25T16:30:04.348Z", + "version": "WzEzMDMsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top Destinations by Events [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "destination.geo.location", + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 0, + "heatMinOpacity": 0.1, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Shaded Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "Top Destinations by Events [Filebeat CEF]", + "type": "tile_map" + } + }, + "id": "1b521f56-8089-433f-88f7-56aba867e07d", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "f85a3444-8a43-4e46-b872-4e44bc25d0f3", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:04.348Z", + "version": "WzEzMDQsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top Sources by Events [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "source.geo.location", + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 0, + "heatMinOpacity": 0.1, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Shaded Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "Top Sources by Events [Filebeat CEF]", + "type": "tile_map" + } + }, + "id": "581a296e-e34a-48f1-93e4-fc4bdadfc68d", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "f85a3444-8a43-4e46-b872-4e44bc25d0f3", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:04.348Z", + "version": "WzEzMDUsMV0=" + }, + { + "attributes": { + "columns": [ + "cef.device.vendor", + "cef.device.product", + "cef.extensions.categoryBehavior", + "cef.extensions.categoryOutcome", + "destination.ip", + "destination.port", + "destination.domain", + "cef.device.event_class_id", + "cef.extensions.deviceCustomString1Label", + "cef.extensions.deviceCustomString1", + "cef.extensions.deviceCustomString2Label", + "cef.extensions.deviceCustomString2", + "cef.extension.cef.extension.deviceCustomString3Label", + "cef.extension.deviceCustomString3", + "cef.extension.cef.extension.deviceCustomString4Label", + "cef.extension.deviceCustomString4", + "cef.extensions.deviceEventCategory", + "event.severity", + "source.ip", + "source.port", + "network.transport", + "source.bytes", + "url.original" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "cef.device.product:\"DNS Trace Log\"" + } + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Microsoft DNS Events [Filebeat CEF]", + "version": 1 + }, + "id": "f85a3444-8a43-4e46-b872-4e44bc25d0f3", + "migrationVersion": { + "search": "7.4.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2019-10-25T16:30:04.348Z", + "version": "WzEzMDYsMV0=" + } + ], + "version": "7.4.1" +} diff --git a/filebeat/module/cef/_meta/kibana/7/dashboard/filebeat-cef-network-overview.json b/filebeat/module/cef/_meta/kibana/7/dashboard/filebeat-cef-network-overview.json new file mode 100644 index 00000000000..46d562142bb --- /dev/null +++ b/filebeat/module/cef/_meta/kibana/7/dashboard/filebeat-cef-network-overview.json @@ -0,0 +1,2354 @@ +{ + "objects": [ + { + "attributes": { + "description": "Network data overview.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": "*" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "1", + "w": 48, + "x": 0, + "y": 44 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "2", + "w": 48, + "x": 0, + "y": 68 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "5", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "5", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "6", + "w": 48, + "x": 0, + "y": 60 + }, + "panelIndex": "6", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + }, + "legendOpen": false + } + }, + "gridData": { + "h": 8, + "i": "7", + "w": 40, + "x": 0, + "y": 4 + }, + "panelIndex": "7", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "gridData": { + "h": 12, + "i": "9", + "w": 16, + "x": 0, + "y": 20 + }, + "panelIndex": "9", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "gridData": { + "h": 12, + "i": "11", + "w": 16, + "x": 16, + "y": 20 + }, + "panelIndex": "11", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 12, + "i": "13", + "w": 32, + "x": 0, + "y": 32 + }, + "panelIndex": "13", + "panelRefName": "panel_7", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0% - 17%": "rgb(255,255,204)", + "17% - 34%": "rgb(255,230,146)", + "34% - 50%": "rgb(254,191,90)", + "50% - 67%": "rgb(253,141,60)", + "67% - 84%": "rgb(244,61,37)", + "84% - 100%": "rgb(202,8,35)" + }, + "legendOpen": false + } + }, + "gridData": { + "h": 12, + "i": "15", + "w": 16, + "x": 32, + "y": 32 + }, + "panelIndex": "15", + "panelRefName": "panel_8", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "Anti-Virus": "#EF843C", + "Content Security": "#7EB26D", + "Firewall": "#E24D42", + "Integrated Security": "#962D82", + "Network-based IDS/IPS": "#1F78C1", + "Operating System": "#1F78C1", + "VPN": "#EAB839" + } + } + }, + "gridData": { + "h": 12, + "i": "16", + "w": 16, + "x": 32, + "y": 20 + }, + "panelIndex": "16", + "panelRefName": "panel_9", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "17", + "w": 48, + "x": 0, + "y": 52 + }, + "panelIndex": "17", + "panelRefName": "panel_10", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 16, + "i": "18", + "w": 24, + "x": 0, + "y": 76 + }, + "panelIndex": "18", + "panelRefName": "panel_11", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "19", + "w": 24, + "x": 24, + "y": 76 + }, + "panelIndex": "19", + "panelRefName": "panel_12", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "20", + "w": 8, + "x": 40, + "y": 4 + }, + "panelIndex": "20", + "panelRefName": "panel_13", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "21", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "21", + "panelRefName": "panel_14", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "mapCenter": [ + -0.3515602939922709, + 0 + ], + "mapZoom": 1 + }, + "gridData": { + "h": 24, + "i": "24", + "w": 24, + "x": 0, + "y": 92 + }, + "panelIndex": "24", + "panelRefName": "panel_15", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "mapCenter": [ + -0.3515602939922709, + 0 + ], + "mapZoom": 1 + }, + "gridData": { + "h": 24, + "i": "25", + "w": 24, + "x": 24, + "y": 92 + }, + "panelIndex": "25", + "panelRefName": "panel_16", + "version": "7.3.0" + } + ], + "refreshInterval": { + "display": "Off", + "pause": false, + "value": 0 + }, + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Filebeat CEF] Network Overview Dashboard", + "version": 1 + }, + "id": "dd0bc9af-2e89-4150-9b42-62517ea56b71", + "migrationVersion": { + "dashboard": "7.3.0" + }, + "references": [ + { + "id": "f5258de9-71f7-410f-b713-201007f77470", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "0abfc226-535b-45a2-b534-e9bc87e5584f", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "a97e3628-022b-46cf-8f29-a73cf9bb4e26", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "499f50ba-2f84-4f7c-9021-73a4efc47921", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "d061c7a9-7f92-4bf4-b35c-499b9f4b987a", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "b1002b5c-08fc-4bbe-b9a0-6243a8637e60", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "df056709-2deb-4363-ae7a-b0148ea456c6", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "e89a64e8-928c-41fc-8745-3c8157b21cdb", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "a729c249-8d34-4eb1-bbb0-5d25cf224114", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "3c19f138-2ab3-4ecb-bb1b-86fb90158042", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "e513c269-350c-40c3-ac20-16c5782103b8", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "8f6075c5-f525-4173-92a4-3a56e96e362d", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "013ff153-7b80-490b-8fec-6e56cba785ed", + "name": "panel_12", + "type": "visualization" + }, + { + "id": "33747d52-ec4c-4d91-86d8-fbdf9b9c82db", + "name": "panel_13", + "type": "visualization" + }, + { + "id": "c394e650-b16c-407c-b305-bd409d69d433", + "name": "panel_14", + "type": "visualization" + }, + { + "id": "8b31af8b-522e-41fe-b9d6-9a3451b54108", + "name": "panel_15", + "type": "visualization" + }, + { + "id": "4fccee0c-7193-4aa8-919f-0b0b0a16d013", + "name": "panel_16", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2019-10-25T16:30:05.361Z", + "version": "WzEzMDcsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Application Protocols [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.application", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "hideLabel": false, + "maxFontSize": 72, + "minFontSize": 26, + "orientation": "single", + "scale": "square root" + }, + "title": "Top 10 Application Protocols [Filebeat CEF]", + "type": "tagcloud" + } + }, + "id": "f5258de9-71f7-410f-b713-201007f77470", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:05.361Z", + "version": "WzEzMDgsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Bandwidth Utilization [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "filebeat-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "d27f09dc-b07e-493f-a223-a85033ad6548", + "label": "Inbound", + "line_width": 1, + "metrics": [ + { + "field": "source.bytes", + "id": "9ce9ec3a-2f11-4935-91b2-531494d2a619", + "type": "sum" + } + ], + "override_index_pattern": 1, + "point_size": 1, + "seperate_axis": 0, + "series_index_pattern": "filebeat-*", + "series_time_field": "@timestamp", + "split_mode": "everything", + "stacked": "none", + "terms_field": "observer.hostname", + "terms_order_by": "_count" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "b1ef2c75-5916-469d-8790-5b213367a5a0", + "label": "Outbound", + "line_width": 1, + "metrics": [ + { + "field": "destination.bytes", + "id": "11b1852f-9b62-4e96-8128-522e6c5bf16d", + "type": "sum" + }, + { + "id": "2a6b00bf-1658-4d02-b4e2-61ad6e4c3a9b", + "script": "params.outbound \u003e 0 ? params.outbound * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "11b1852f-9b62-4e96-8128-522e6c5bf16d", + "id": "c57067f2-2927-41d8-97f4-9f47b3b3bcae", + "name": "outbound" + } + ] + } + ], + "override_index_pattern": 1, + "point_size": 1, + "seperate_axis": 0, + "series_index_pattern": "filebeat-*", + "series_time_field": "@timestamp", + "split_mode": "everything", + "stacked": "none", + "steps": 0 + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Bandwidth Utilization [Filebeat CEF]", + "type": "metrics" + } + }, + "id": "0abfc226-535b-45a2-b534-e9bc87e5584f", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-10-25T16:30:05.361Z", + "version": "WzEzMDksMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Events by Source [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "filebeat-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "0c929603-fc92-4ebc-a963-fe2795417d89", + "label": "Firewall Events" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/IDS/Network\"" + }, + "id": "7798827b-87ab-436b-9e62-9fe36143eb9b", + "label": "Intrusion Detection Events" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "id": "490f7ad7-8218-45f9-85a9-a4dd9ed7da13", + "label": "VPN" + } + ], + "split_mode": "filters", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": "0.5", + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Moving Average by Device Hosts", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "87e21aaa-12eb-4213-bb37-41cb19219240", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "observer.hostname", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Events by Source [Filebeat CEF]", + "type": "metrics" + } + }, + "id": "a97e3628-022b-46cf-8f29-a73cf9bb4e26", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-10-25T16:30:05.361Z", + "version": "WzEzMTAsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Events by Outcome [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "bar_color": null, + "id": "23db5bf6-f787-474e-86ab-76362432e984", + "value": 0 + } + ], + "drilldown_url": "", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "filebeat-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "(cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\") AND _exists_:cef.extensions.categoryOutcome" + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "c43af7e6-3f06-48a4-a7c3-7ba8bd6214f9", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_filters": [ + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "4c7aac7d-2749-41b6-8136-40dc8636a7e7", + "label": "Firewall" + } + ], + "split_mode": "filter", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,188,0,1)", + "fill": "1", + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Moving Average by Event Outcome", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_filters": [ + { + "color": "rgba(104,188,0,0.35)", + "filter": "cef.extensions.categoryOutcome:\"/Success\"", + "id": "cb1ae397-13a0-4b6f-a848-bcdc96870f05", + "label": "Success" + }, + { + "color": "rgba(244,78,59,1)", + "filter": "cef.extensions.categoryOutcome:\"/Failure\"", + "id": "ef021c15-1b95-4334-bc3c-e2950e9b0f6f", + "label": "Failure" + }, + { + "color": "rgba(0,156,224,1)", + "filter": "cef.extensions.categoryOutcome:\"/Attempt\"", + "id": "2ff1e859-b178-4824-a0f2-69a115932b98", + "label": "Attempt" + } + ], + "split_mode": "filters", + "stacked": "stacked", + "terms_field": "cef.extensions.categoryOutcome", + "terms_size": "3" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Events by Outcome [Filebeat CEF]", + "type": "metrics" + } + }, + "id": "499f50ba-2f84-4f7c-9021-73a4efc47921", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-10-25T16:30:05.361Z", + "version": "WzEzMTEsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Device Metrics Overview [Filebeat CEF]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destinations", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "Device Metrics Overview [Filebeat CEF]", + "type": "metric" + } + }, + "id": "d061c7a9-7f92-4bf4-b35c-499b9f4b987a", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:05.361Z", + "version": "WzEzMTIsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Outcome by Device Type [Filebeat CEF]", + "uiStateJSON": { + "vis": { + "colors": { + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall Types", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 3 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Firewall Types" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "orderBucketsBySum": true, + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "percentage", + "type": "square root" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "title": "Outcome by Device Type [Filebeat CEF]", + "type": "histogram" + } + }, + "id": "b1002b5c-08fc-4bbe-b9a0-6243a8637e60", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:05.361Z", + "version": "WzEzMTMsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Destination Ports by Outcome [Filebeat CEF]", + "uiStateJSON": { + "vis": { + "colors": { + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Protocols", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Protocols" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "percentage", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Destination Ports by Outcome [Filebeat CEF]", + "type": "histogram" + } + }, + "id": "df056709-2deb-4363-ae7a-b0148ea456c6", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:05.361Z", + "version": "WzEzMTQsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Devices by Bandwidth [Filebeat CEF]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device", + "field": "observer.hostname", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source(s)", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination(s)", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bandwidth (Incoming)", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bandwidth (Outgoing)", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top 10 Devices by Bandwidth [Filebeat CEF]", + "type": "table" + } + }, + "id": "e89a64e8-928c-41fc-8745-3c8157b21cdb", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:05.361Z", + "version": "WzEzMTUsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Devices by Outcome [Filebeat CEF]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0% - 17%": "rgb(255,255,204)", + "17% - 34%": "rgb(255,230,146)", + "34% - 50%": "rgb(254,191,90)", + "50% - 67%": "rgb(253,141,60)", + "67% - 84%": "rgb(244,61,37)", + "84% - 100%": "rgb(202,8,35)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device Host Names", + "field": "observer.hostname", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Yellow to Red", + "colorsNumber": 6, + "colorsRange": [], + "enableHover": true, + "invertColors": false, + "legendPosition": "right", + "percentageMode": true, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "title": "Top 10 Devices by Outcome [Filebeat CEF]", + "type": "heatmap" + } + }, + "id": "a729c249-8d34-4eb1-bbb0-5d25cf224114", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:05.361Z", + "version": "WzEzMTYsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Device Type Breakdown [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall Types", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "legendPosition": "right" + }, + "title": "Device Type Breakdown [Filebeat CEF]", + "type": "pie" + } + }, + "id": "3c19f138-2ab3-4ecb-bb1b-86fb90158042", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:05.361Z", + "version": "WzEzMTcsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Events by Device Types [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "filebeat-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": "", + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": "cef.extensions.categoryDeviceGroup:\"/Firewall\"", + "id": "78bfdf07-ec02-4dd8-8ff4-b7e250c561c2", + "label": "Firewall" + } + ], + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(251,158,0,1)", + "fill": 0.5, + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Top Device Types by Mvg Averages", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "87e21aaa-12eb-4213-bb37-41cb19219240", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_mode": "terms", + "stacked": "none", + "terms_field": "cef.extensions.categoryDeviceType", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Events by Device Types [Filebeat CEF]", + "type": "metrics" + } + }, + "id": "e513c269-350c-40c3-ac20-16c5782103b8", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-10-25T16:30:05.361Z", + "version": "WzEzMTgsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Source Countries by Events [Filebeat CEF]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Country", + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top 10 Source Countries by Events [Filebeat CEF]", + "type": "table" + } + }, + "id": "8f6075c5-f525-4173-92a4-3a56e96e362d", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:05.361Z", + "version": "WzEzMTksMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 20 Source Countries [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "hideLabel": false, + "maxFontSize": 72, + "minFontSize": 26, + "orientation": "single", + "scale": "square root" + }, + "title": "Top 20 Source Countries [Filebeat CEF]", + "type": "tagcloud" + } + }, + "id": "013ff153-7b80-490b-8fec-6e56cba785ed", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:05.361Z", + "version": "WzEzMjAsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Network - Event Throughput [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3eadd451-5033-423f-88e3-814cc5e50b50" + } + ], + "bar_color_rules": [ + { + "id": "8d4596c5-49ad-429b-af54-5451b1c2e8d4" + } + ], + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "gauge_color_rules": [ + { + "gauge": null, + "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "id": "73968651-c41e-473e-a153-a025f49d1a1b", + "index_pattern": "filebeat-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "90d7621e-3265-4fe8-8882-8df9605ea659", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "type": "count" + }, + { + "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "id": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "type": "cumulative_sum" + }, + { + "field": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "id": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "gamma": 0.3, + "id": "92bc1447-2b30-498c-ae8a-c67904fc82b2", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Network - Event Throughput [Filebeat CEF]", + "type": "metrics" + } + }, + "id": "33747d52-ec4c-4d91-86d8-fbdf9b9c82db", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-10-25T16:30:06.345Z", + "version": "WzEzMzgsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": " Dashboard Navigation [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/56428e01-0c47-4770-8ba4-9345a029ea41)" + }, + "title": " Dashboard Navigation [Filebeat CEF]", + "type": "markdown" + } + }, + "id": "c394e650-b16c-407c-b305-bd409d69d433", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-10-25T16:30:05.361Z", + "version": "WzEzMjIsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top Destination Locations by Events [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "customLabel": "Destination Location", + "field": "destination.geo.location", + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 0, + "heatMinOpacity": 0.1, + "heatNormalizeData": true, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Shaded Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "Top Destination Locations by Events [Filebeat CEF]", + "type": "tile_map" + } + }, + "id": "8b31af8b-522e-41fe-b9d6-9a3451b54108", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:05.361Z", + "version": "WzEzMjMsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top Source Locations by Events [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "customLabel": "Source Location", + "field": "source.geo.location", + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 0, + "heatMinOpacity": 0.1, + "heatNormalizeData": true, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Shaded Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "Top Source Locations by Events [Filebeat CEF]", + "type": "tile_map" + } + }, + "id": "4fccee0c-7193-4aa8-919f-0b0b0a16d013", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:05.361Z", + "version": "WzEzMjQsMV0=" + }, + { + "attributes": { + "columns": [ + "priority", + "message", + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "network.application", + "message", + "cef.extensions.categoryBehavior", + "cef.extensions.categoryOutcome", + "deviceAddress", + "cef.device.product", + "cef.device.vendor", + "cef.extensions.categoryDeviceGroup", + "cef.extensions.categoryDeviceType" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + } + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Network Events [Filebeat CEF]", + "version": 1 + }, + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "migrationVersion": { + "search": "7.4.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2019-10-25T16:30:05.361Z", + "version": "WzEzMjUsMV0=" + } + ], + "version": "7.4.1" +} diff --git a/filebeat/module/cef/_meta/kibana/7/dashboard/filebeat-cef-network-suspicious-activity.json b/filebeat/module/cef/_meta/kibana/7/dashboard/filebeat-cef-network-suspicious-activity.json new file mode 100644 index 00000000000..a8e733d2738 --- /dev/null +++ b/filebeat/module/cef/_meta/kibana/7/dashboard/filebeat-cef-network-suspicious-activity.json @@ -0,0 +1,1614 @@ +{ + "objects": [ + { + "attributes": { + "description": "Suspicious network activity overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": "*" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "colors": { + "Destination Addresses": "#E0752D", + "Destination Ports": "#E24D42" + }, + "legendOpen": false + } + }, + "gridData": { + "h": 12, + "i": "1", + "w": 32, + "x": 0, + "y": 28 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 12, + "i": "2", + "w": 16, + "x": 0, + "y": 40 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 12, + "i": "3", + "w": 16, + "x": 16, + "y": 40 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "5", + "w": 48, + "x": 0, + "y": 20 + }, + "panelIndex": "5", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "gridData": { + "h": 12, + "i": "9", + "w": 16, + "x": 32, + "y": 28 + }, + "panelIndex": "9", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "11", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "11", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "12", + "w": 24, + "x": 0, + "y": 52 + }, + "panelIndex": "12", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "13", + "w": 24, + "x": 24, + "y": 52 + }, + "panelIndex": "13", + "panelRefName": "panel_7", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "14", + "w": 16, + "x": 32, + "y": 40 + }, + "panelIndex": "14", + "panelRefName": "panel_8", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "15", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "15", + "panelRefName": "panel_9", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 8, + "i": "16", + "w": 40, + "x": 0, + "y": 4 + }, + "panelIndex": "16", + "panelRefName": "panel_10", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 50": "rgb(255,255,204)", + "100 - 200": "rgb(253,141,60)", + "200 - 300": "rgb(227,27,28)", + "300 - 400": "rgb(128,0,38)", + "50 - 100": "rgb(254,217,118)" + } + } + }, + "gridData": { + "h": 8, + "i": "17", + "w": 8, + "x": 40, + "y": 4 + }, + "panelIndex": "17", + "panelRefName": "panel_11", + "version": "7.3.0" + } + ], + "refreshInterval": { + "display": "Off", + "pause": false, + "value": 0 + }, + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Filebeat CEF] Network Suspicious Activity Dashboard", + "version": 1 + }, + "id": "db1e1aca-279e-4ecc-b84e-fe58644f7619", + "migrationVersion": { + "dashboard": "7.3.0" + }, + "references": [ + { + "id": "fa8b26c1-6973-4381-adb3-bcde0d03a520", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "82f3fae3-1189-4f04-8ea5-47fde1d2e7b1", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "f03d734b-b85c-4e99-9c0e-9c89716a81f3", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "9bef4db9-a8b2-4be8-b2b0-6ea02fab424d", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "fff249b2-18b6-4b48-bcf7-dd4595d111e7", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "d02dd523-ce91-40e9-9209-83797f80ed45", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "589fec8c-336e-4122-8fef-a450bddf84f6", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "86bd5f13-ca6b-43fa-b209-54e7460344bb", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "1204cf27-05e0-4905-bfa1-688aaaaaa840", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "677891a1-90c4-4273-b126-f0e54689bd76", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "01c3618c-9962-4fe9-b9c5-f73dfecc6eba", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "33747d52-ec4c-4d91-86d8-fbdf9b9c82db", + "name": "panel_11", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2019-10-25T16:30:06.345Z", + "version": "WzEzMjYsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Unique Destinations and Ports by Source [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Source Addresses" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Destination Addresses" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Destination Ports" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Destination Addresses" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Destination Ports" + }, + "type": "value" + } + ] + }, + "title": "Unique Destinations and Ports by Source [Filebeat CEF]", + "type": "histogram" + } + }, + "id": "fa8b26c1-6973-4381-adb3-bcde0d03a520", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:06.345Z", + "version": "WzEzMjcsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 5 Sources by Destination Addresses [Filebeat CEF]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source Address", + "field": "source.ip", + "order": "desc", + "orderBy": "2", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top 5 Sources by Destination Addresses [Filebeat CEF]", + "type": "table" + } + }, + "id": "82f3fae3-1189-4f04-8ea5-47fde1d2e7b1", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:06.345Z", + "version": "WzEzMjgsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 5 Sources by Destination Ports [Filebeat CEF]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source Address", + "field": "source.ip", + "order": "desc", + "orderBy": "2", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top 5 Sources by Destination Ports [Filebeat CEF]", + "type": "table" + } + }, + "id": "f03d734b-b85c-4e99-9c0e-9c89716a81f3", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:06.345Z", + "version": "WzEzMjksMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Events by Severity [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "0ca18a89-9c81-4bee-835a-85e6103aec37" + } + ], + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "c39a76e5-f613-41a9-8335-c442747791e0", + "index_pattern": "filebeat-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "0.0[0]a", + "id": "da3b92b4-2c24-473b-9102-fb5a343a96d9", + "label": "Event by Severities", + "line_width": 1, + "metrics": [ + { + "id": "0d189776-3f7c-4a92-95b1-73c379a341fc", + "type": "count" + }, + { + "field": "0d189776-3f7c-4a92-95b1-73c379a341fc", + "id": "1b1c931c-a09b-4980-af81-6f9c3db56401", + "sigma": "", + "type": "sum_bucket" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_filters": [ + { + "color": "rgba(104,204,202,1)", + "filter": "severity:\"Low\" OR severity:\"0\"", + "id": "ebe970ac-5cc9-4c4a-af60-82affafc667c", + "label": "LOW" + }, + { + "color": "rgba(252,220,0,1)", + "filter": "severity:\"Medium\"", + "id": "0c4ff16a-b53d-4ce4-af76-d6b74d8788db", + "label": "MEDIUM" + }, + { + "color": "rgba(254,146,0,1)", + "filter": "severity:\"High\"", + "id": "e142c55b-6ee5-416a-8bd3-d10398044864", + "label": "HIGH" + }, + { + "color": "rgba(244,78,59,1)", + "filter": "severity:\"Very-High\"", + "id": "4b05b562-c419-4214-b814-d4c242251521", + "label": "VERY HIGH" + } + ], + "split_mode": "filters", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "Events by Severity [Filebeat CEF]", + "type": "metrics" + } + }, + "id": "9bef4db9-a8b2-4be8-b2b0-6ea02fab424d", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-10-25T16:30:06.345Z", + "version": "WzEzMzAsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Outcome by Device Type [Filebeat CEF]", + "uiStateJSON": { + "vis": { + "colors": { + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall Types", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 3 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Firewall Types" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "orderBucketsBySum": true, + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "percentage", + "type": "square root" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "title": "Outcome by Device Type [Filebeat CEF]", + "type": "histogram" + } + }, + "id": "fff249b2-18b6-4b48-bcf7-dd4595d111e7", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:06.345Z", + "version": "WzEzMzEsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Events by Source Addresses [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "a0bf5a1d-8ebf-49d4-a347-738a6ce20562" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "gauge_color_rules": [ + { + "id": "42f84a0a-ee13-4ca8-b61d-3de482ae4ab0" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "filebeat-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "117fde19-e227-4fcb-8019-e82e6677c340", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostmessage", + "terms_order_by": null, + "value_template": "{{value}}" + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,188,0,1)", + "fill": "0.5", + "formatter": "number", + "id": "3ffe652e-43c2-4a1d-ad8a-f7ab10f09f2b", + "label": "Top Source Addresses", + "line_width": "0", + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "b753ad38-c3ed-4463-8f6d-176f4d477897", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_mode": "terms", + "stacked": "none", + "terms_field": "source.ip", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Events by Source Addresses [Filebeat CEF]", + "type": "metrics" + } + }, + "id": "d02dd523-ce91-40e9-9209-83797f80ed45", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-10-25T16:30:06.345Z", + "version": "WzEzMzIsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Source Addresses [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear" + }, + "title": "Top 10 Source Addresses [Filebeat CEF]", + "type": "tagcloud" + } + }, + "id": "589fec8c-336e-4122-8fef-a450bddf84f6", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:06.345Z", + "version": "WzEzMzMsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Destination Addresses [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear" + }, + "title": "Top 10 Destination Addresses [Filebeat CEF]", + "type": "tagcloud" + } + }, + "id": "86bd5f13-ca6b-43fa-b209-54e7460344bb", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:06.345Z", + "version": "WzEzMzQsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Destination Ports [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear" + }, + "title": "Top 10 Destination Ports [Filebeat CEF]", + "type": "tagcloud" + } + }, + "id": "1204cf27-05e0-4905-bfa1-688aaaaaa840", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:06.345Z", + "version": "WzEzMzUsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": " Dashboard Navigation [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/56428e01-0c47-4770-8ba4-9345a029ea41)" + }, + "title": " Dashboard Navigation [Filebeat CEF]", + "type": "markdown" + } + }, + "id": "677891a1-90c4-4273-b126-f0e54689bd76", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-10-25T16:30:06.345Z", + "version": "WzEzMzYsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Device Metrics Overview [Filebeat CEF]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destinations", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "Device Metrics Overview [Filebeat CEF]", + "type": "metric" + } + }, + "id": "01c3618c-9962-4fe9-b9c5-f73dfecc6eba", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-10-25T16:30:06.345Z", + "version": "WzEzMzcsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Network - Event Throughput [Filebeat CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3eadd451-5033-423f-88e3-814cc5e50b50" + } + ], + "bar_color_rules": [ + { + "id": "8d4596c5-49ad-429b-af54-5451b1c2e8d4" + } + ], + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "gauge_color_rules": [ + { + "gauge": null, + "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "id": "73968651-c41e-473e-a153-a025f49d1a1b", + "index_pattern": "filebeat-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "90d7621e-3265-4fe8-8882-8df9605ea659", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "type": "count" + }, + { + "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "id": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "type": "cumulative_sum" + }, + { + "field": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "id": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "gamma": 0.3, + "id": "92bc1447-2b30-498c-ae8a-c67904fc82b2", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Network - Event Throughput [Filebeat CEF]", + "type": "metrics" + } + }, + "id": "33747d52-ec4c-4d91-86d8-fbdf9b9c82db", + "migrationVersion": { + "visualization": "7.3.1" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-10-25T16:30:06.345Z", + "version": "WzEzMzgsMV0=" + }, + { + "attributes": { + "columns": [ + "priority", + "message", + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "network.application", + "message", + "cef.extensions.categoryBehavior", + "cef.extensions.categoryOutcome", + "deviceAddress", + "cef.device.product", + "cef.device.vendor", + "cef.extensions.categoryDeviceGroup", + "cef.extensions.categoryDeviceType" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"terms\":{\"cef.extensions.categoryDeviceGroup\":[\"/VPN\",\"/IDS/Network\",\"/Firewall\"]}}" + }, + "query": { + "terms": { + "cef.extensions.categoryDeviceGroup": [ + "/VPN", + "/IDS/Network", + "/Firewall" + ] + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Network Events [Filebeat CEF]", + "version": 1 + }, + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "migrationVersion": { + "search": "7.4.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2019-10-25T16:31:42.748Z", + "version": "WzE0NzMsMV0=" + } + ], + "version": "7.4.1" +} diff --git a/filebeat/module/cef/fields.go b/filebeat/module/cef/fields.go new file mode 100644 index 00000000000..b4f8a81c9df --- /dev/null +++ b/filebeat/module/cef/fields.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package cef + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "cef", asset.ModuleFieldsPri, AssetCef); err != nil { + panic(err) + } +} + +// AssetCef returns asset data. +// This is the base64 encoded gzipped contents of module/cef. +func AssetCef() string { + return "eJy8mdtu67YShu/zFPMCyQP4YgMbORRGsQoDSdctwVAjmbXEYcmhHPfpC1I+JVFMuQqXrwxTmv/zz+FhyFvY4G4BCuvbjqrQ4g0Aa25xAfePTzcAFXrltGVNZgH/uwEA+JEehJocOFSoe22a+DS01HigHh0873xLzR28rBGGuCCrykOPpiKXoniLStdaQa2xrTxoEx/RUQiYgNd4aIlfK1RUoVBYg3Wk0Pt9GOuo1xX6uxvYP79Iv8fPLRjZ4SKSKrSkDR+bAHhncQGNo2DPfq2wlqFlkUItoJatx3fNn9w4fJ4G2OjK01EP7oNn6uCZXTSpk9Zq0/izFz8yn3P32gUvdPWu8UC+wd2W3Me2C4Dx8zNGhOXDseHzl4O4WqPa/ELT7qMerJJranDNv3ftbqJt0lrhtN9cYVtM2q3TjAtgF/CSqf+3ttVKpjyNKnefLfwI47FHp3lXHojXDiXDQXAKm26uy7AryOLo97oxkoNDWD7Adq3VOo1neQa9lR4qZFSMFbxmoQOvRYe8pkLUK+l9jJCU0PAB0zpiUtRC8FhlIJVkbMgV6vH7ffQcBJlaV2gUihZ7bEdhtGFs0M2AOapAUkld6Tpt8iaRMahY95p3wrPkjzrfZdeZDiSdLBhtdCGY5e+P+/gZiMqzsGsyKEzoXj/10DfhPKBnbYYEX65uV1EwA4ad1K1QZNjReE7Npno0jTaY9CbBlJrAlobRGdkOMrB8mETjUGmr0bCPXTdK1pJp/jvWHykhgGo4SU0i8+i9JvOr/NrLTfXNW6KRvrysP05+DWRUnYwYXv9CxYWyfuAZJHI4PRoWioIZh/muBEs6HqT3pLSMC/RW87CExw3+Zcja4d8BjSq0DD4raU4aGRatOiuicAG7lvc/VinQFIZYx5RiiLFzDFXc0vDuay/mzwJ7iUmWGJWIBL4xmjhblGF6ItdJjhlNTjc6Dv9KsszSMTZxIy1kL7TpaYMFfUv5PKhMsa6T7VY6FLXsdFtoiP0YNGDQyABZRCcaybiV4zjaziHRcYcSezBOPlELnlGF2Dvw2yCa5XN1TIO4IdadlV/M47N3xCtHsZhJNcNJEgbJHOPx3WKL9BnePoXyq98ZVvyhUP4fToRONWMUO3S5ZJYqV26fgZYbqC87m6hOYqkmBKZ9HTud1ytphEMf2kKbijSpDAI5FDSenOi+Wp/moyQB6PKLVNkDk5erDkm83aVptmTeJ4Up5c4BJlaxwZfFGTRyQOHVC3z7OLEPKNXnkv7K0yN8s9oN1WkMdpgKourhwQwgKyvqVjaFzHq5X4GVaoMMSSVHk05G0h8SDqUvtd15OenAoJMBCzb6WzSv/kwS09IqeHRlYTy6OC1aMj436EIotRQ/vu1L0ewCPFwFlJuDhouBCTNQT9qKlpqCy+tPWq5idZnijWXK8ZwO67tj3XCeKN99TfH4xk7uL69ujxdXJ+lLNxOjLiorrrql+CrIVQvleIlTT06qL0qkf8jMeL+VO3Ri8hC7EGPe/2ipmYVAzay/0ElW66lb/tEIRrKQVcWmFS60+NXJ4+RYs4MMhfbc971W8zqWAs/LUCsdmsGPGUEcVWHiweFogCgvZCo2ZgaZlad+OG2blxkeXa9jET4DpEeXPS36NwAA//+5zok/" +} diff --git a/filebeat/module/cef/log/_meta/fields.yml b/filebeat/module/cef/log/_meta/fields.yml new file mode 100644 index 00000000000..264e15e12ed --- /dev/null +++ b/filebeat/module/cef/log/_meta/fields.yml @@ -0,0 +1,293 @@ +- name: forcepoint + type: group + default_field: false + description: > + Fields for Forcepoint Custom String mappings + fields: + - name: virus_id + type: keyword + description: > + Virus ID + + +- name: checkpoint + type: group + default_field: false + description: > + Fields for Check Point custom string mappings. + fields: + - name: app_risk + type: keyword + overwrite: true + description: Application risk. + + - name: app_severity + type: keyword + overwrite: true + description: Application threat severity. + + - name: app_sig_id + type: keyword + overwrite: true + description: The signature ID which the application was detected by. + + - name: auth_method + type: keyword + overwrite: true + description: Password authentication protocol used. + + - name: category + type: keyword + overwrite: true + description: Category. + + - name: confidence_level + type: integer + overwrite: true + description: Confidence level determined. + + - name: connectivity_state + type: keyword + overwrite: true + description: Connectivity state. + + - name: cookie + type: keyword + overwrite: true + description: IKE cookie. + + - name: dst_phone_number + type: keyword + overwrite: true + description: Destination IP-Phone. + + - name: email_control + type: keyword + overwrite: true + description: Engine name. + + - name: email_id + type: keyword + overwrite: true + description: Internal email ID. + + - name: email_recipients_num + type: long + overwrite: true + description: Number of recipients. + + - name: email_session_id + type: keyword + overwrite: true + description: Internal email session ID. + + - name: email_spool_id + overwrite: true + type: keyword + + description: Internal email spool ID. + + - name: email_subject + type: keyword + overwrite: true + description: Email subject. + + - name: event_count + type: long + overwrite: true + description: Number of events associated with the log. + + - name: frequency + type: keyword + overwrite: true + description: Scan frequency. + + - name: icmp_type + type: long + overwrite: true + description: ICMP type. + + - name: icmp_code + type: long + overwrite: true + description: ICMP code. + + - name: identity_type + type: keyword + overwrite: true + description: Identity type. + + - name: incident_extension + type: keyword + overwrite: true + description: Format of original data. + + - name: integrity_av_invoke_type + type: keyword + overwrite: true + description: Scan invoke type. + + - name: malware_family + type: keyword + overwrite: true + description: Malware family. + + - name: peer_gateway + type: ip + overwrite: true + description: Main IP of the peer Security Gateway. + + - name: performance_impact + type: integer + overwrite: true + description: Protection performance impact. + + - name: protection_id + type: keyword + overwrite: true + description: Protection malware ID. + + - name: protection_name + type: keyword + overwrite: true + description: Specific signature name of the attack. + + - name: protection_type + type: keyword + overwrite: true + description: Type of protection used to detect the attack. + + - name: scan_result + type: keyword + overwrite: true + description: Scan result. + + - name: sensor_mode + type: keyword + overwrite: true + description: Sensor mode. + + - name: severity + type: keyword + overwrite: true + description: Threat severity. + + - name: spyware_name + type: keyword + overwrite: true + description: Spyware name. + + - name: spyware_status + type: keyword + overwrite: true + description: Spyware status. + + - name: subs_exp + type: date + overwrite: true + description: The expiration date of the subscription. + + - name: tcp_flags + type: keyword + overwrite: true + description: TCP packet flags. + + - name: termination_reason + type: keyword + overwrite: true + description: Termination reason. + + - name: update_status + type: keyword + overwrite: true + description: Update status. + + - name: user_status + type: keyword + overwrite: true + description: User response. + + - name: uuid + type: keyword + overwrite: true + description: External ID. + + - name: virus_name + type: keyword + overwrite: true + description: Virus name. + + - name: voip_log_type + type: keyword + overwrite: true + description: VoIP log types. + +- name: cef.extensions + type: group + default_field: false + description: > + Extra vendor-specific extensions. + fields: + + - name: cp_app_risk + type: keyword + + - name: cp_severity + type: keyword + + - name: ifname + type: keyword + + - name: inzone + type: keyword + + - name: layer_uuid + type: keyword + + - name: layer_name + type: keyword + + - name: logid + type: keyword + + - name: loguid + type: keyword + + - name: match_id + type: keyword + + - name: nat_addtnl_rulenum + type: keyword + + - name: nat_rulenum + type: keyword + + - name: origin + type: keyword + + - name: originsicname + type: keyword + + - name: outzone + type: keyword + + - name: parent_rule + type: keyword + + - name: product + type: keyword + + - name: rule_action + type: keyword + + - name: rule_uid + type: keyword + + - name: sequencenum + type: keyword + + - name: service_id + type: keyword + + - name: version + type: keyword diff --git a/filebeat/module/cef/log/config/input.yml b/filebeat/module/cef/log/config/input.yml new file mode 100644 index 00000000000..91439736fab --- /dev/null +++ b/filebeat/module/cef/log/config/input.yml @@ -0,0 +1,26 @@ +{{ if eq .input "syslog" }} + +type: syslog +protocol.udp: + host: "{{.syslog_host}}:{{.syslog_port}}" + +{{ else if eq .input "file" }} + +type: log +paths: + {{ range $i, $path := .paths }} +- {{$path}} + {{ end }} +exclude_files: [".gz$"] + +{{ end }} + +tags: {{.tags}} + +processors: + - rename: + fields: + - {from: "message", to: "event.original"} + - decode_cef: + field: event.original + - community_id: diff --git a/filebeat/module/cef/log/ingest/cp-pipeline.yml b/filebeat/module/cef/log/ingest/cp-pipeline.yml new file mode 100644 index 00000000000..eea2f8fd592 --- /dev/null +++ b/filebeat/module/cef/log/ingest/cp-pipeline.yml @@ -0,0 +1,339 @@ +--- +description: Pipeline for Check Point CEF + +processors: + # This script is mapping CEF extensions to ECS when possible. Otherwise + # it maps them to fields under the `checkpoint` group using Check Point log + # field names. + # + # [1] Description of Check Point CEF extensions: + # https://community.checkpoint.com/t5/Logging-and-Reporting/Log-Exporter-CEF-Field-Mappings/td-p/41060 + # [2] Description of Check Point log field names (sk144192): + # https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk144192 + # + # Note that in some cases the CEF extension name doesn't accurately describe + # its contents. For example sntdom/sourceNtDomain, which is used to store + # Check Point's domain_name, documented as "Domain name sent to DNS request". + # + # This script processes the `params.extensions` list below. This list consists + # of two different kinds of mappings, the simpler has a source ext `name` + # and a `to` field. It copies the given extension field to the target `to`. + # + # When the `labels` dict is defined, the target field depends on the value of + # the accompanying label field. For example, the field deviceCustomIPv6Address2 + # is mapped to `source.ip` only when the extension deviceCustomIPv6Address2Label + # exists and its value is "Source IPv6 Address". + # + # Also it can convert the destination value by simple mapping when the + # convert key exists. Values without an entry in the convert dict are not + # copied and the target field remains unset. + # + # The output of this processor is a single field, `_tmp_copy`, that contains + # a list of actions `{"to": "target_field", "value":"field value"}` that is + # later executed using a foreach processor. This is done to avoid complex + # de-dotting and other gotchas of setting arbitrary fields in Painless. + - script: + lang: painless + params: + extensions: + - name: cp_app_risk + to: checkpoint.app_risk + + - name: cp_app_risk + to: event.risk_score + # This mapping is a mix of [1] and [2] above. + convert: + unknown: 0 + informational: 0 + very-low: 1 + low: 2 + medium: 3 + high: 4 + very-high: 5 + critical: 5 + + - name: cp_severity + to: checkpoint.severity + + - name: cp_severity + to: event.severity + convert: + # This mapping is a mix of [1] and [2] above. + unknown: 0 + informational: 0 + very-low: 1 + low: 1 + medium: 2 + high: 3 + very-high: 4 + critical: 4 + + # Number of events associated with the log + - name: baseEventCount + to: checkpoint.event_count + + # Log type + - name: deviceExternalId + to: observer.type + + # Product Family (override deviceExternalId if present). + - name: deviceFacility + to: observer.type + convert: + '0': Network + '1': Endpoint + '2': Access + '3': Threat + '4': Mobile + + # Gateway interface, where the connection is received from in case of an outbound connection + - name: deviceInboundInterface + to: observer.ingress.interface.name + + # Gateway interface, where the connection is sent from, in case of an inbound connection + - name: deviceOutboundInterface + to: observer.egress.interface.name + + - name: externalId + to: checkpoint.uuid + + - name: fileHash + to: checkpoint.file_hash + + - name: reason + to: checkpoint.termination_reason + + # Possibly an IKE cookie + - name: requestCookies + to: checkpoint.cookie + + # Probably a typo in CP's CEF docs + - name: checkrequestCookies + to: checkpoint.cookie + + # Domain name sent to DNS request + - name: sourceNtDomain + to: dns.question.name + + # CVE registry entry + - name: Signature + to: vulnerability.id + + - name: Recipient + to: destination.user.email + + - name: Sender + to: source.user.email + + - name: deviceCustomFloatingPoint1 + labels: + update version: observer.version + + - name: deviceCustomIPv6Address2 + labels: + source ipv6 address: source.ip + + - name: deviceCustomIPv6Address3 + labels: + destination ipv6 address: destination.ip + + - name: deviceCustomNumber1 + labels: + payload: network.bytes + elapsed time in seconds: event.duration + email recipients number: checkpoint.email_recipients_num + + - name: deviceCustomNumber2 + labels: + duration in seconds: event.duration + icmp type: checkpoint.icmp_type + + - name: deviceCustomNumber3 + labels: + icmp code: checkpoint.icmp_code + + - name: deviceCustomString1 + labels: + application rule name: rule.name + dlp rule name: rule.name + threat prevention rule name: rule.name + connectivity state: checkpoint.connectivity_state + email id: checkpoint.email_id + voip log type: checkpoint.voip_log_type + + - name: deviceCustomString2 + labels: + # Protection malware id + protection id: checkpoint.protection_id + update status: checkpoint.update_status + email subject: checkpoint.email_subject + sensor mode: checkpoint.sensor_mode + scan invoke type: checkpoint.integrity_av_invoke_type + category: checkpoint.category + # Matched categories + categories: rule.category + peer gateway: checkpoint.peer_gateway + + - name: deviceCustomString6 + labels: + application name: network.application + virus name: checkpoint.virus_name + malware name: checkpoint.spyware_name + malware family: checkpoint.malware_family + + - name: deviceCustomString3 + labels: + user group: group.name + # Format of original data. + incident extension: checkpoint.incident_extension + identity type: checkpoint.identity_type + email spool id: checkpoint.email_spool_id + # Type of protection used to detect the attack + protection type: checkpoint.protection_type + + - name: deviceCustomString4 + labels: + malware status: checkpoint.spyware_status + destination os: os.name + scan result: checkpoint.scan_result + frequency: checkpoint.frequency + protection name: checkpoint.protection_name + user response: checkpoint.user_status + email control: checkpoint.email_control + tcp flags: checkpoint.tcp_flags + threat prevention rule id: rule.id + + - name: deviceCustomString5 + labels: + matched category: rule.category + authentication method: checkpoint.auth_method + email session id: checkpoint.email_session_id + vlan id: network.vlan.id + + - name: deviceCustomDate2 + labels: + subscription expiration: checkpoint.subs_exp + + - name: deviceFlexNumber1 + labels: + confidence: checkpoint.confidence_level + + - name: deviceFlexNumber2 + labels: + destination phone number: checkpoint.dst_phone_number + performance impact: checkpoint.performance_impact + + - name: flexString1 + labels: + application signature id: checkpoint.app_sig_id + + - name: flexString2 + labels: + malware action: rule.description + attack information: event.action + + - name: rule_uid + to: rule.uuid + + - name: ifname + to: observer.ingress.interface.name + + - name: inzone + to: observer.ingress.zone + + - name: outzone + to: observer.egress.zone + + - name: product + to: observer.product + + source: | + def actions = new ArrayList(); + def exts = ctx.cef?.extensions; + if (exts == null) return; + for (entry in params.extensions) { + def value = exts[entry.name]; + if (value == null || + (entry.convert != null && + (value=entry.convert[value.toLowerCase()]) == null)) + continue; + if (entry.to != null) { + actions.add([ + "value": value, + "to": entry.to + ]); + continue; + } + def label = exts[entry.name + "Label"]; + if (label == null) continue; + def dest = entry.labels[label.toLowerCase()]; + if (dest == null) continue; + actions.add([ + "value": value, + "to": dest + ]); + } + ctx["_tmp_copy"] = actions; + + - foreach: + field: _tmp_copy + processor: + set: + field: "{{_ingest._value.to}}" + value: "{{_ingest._value.value}}" + + - remove: + field: _tmp_copy + + # event.duration is a string and contains seconds. Convert to long nanos. + - script: + params: + second_to_nanos: 1000000000 + lang: painless + source: | + def duration = ctx.event?.duration; + if (duration == null) return; + ctx.event.duration = Long.parseLong(duration) * params.second_to_nanos; + on_failure: + - remove: + field: event.duration + ignore_missing: true + + # checkpoint.file_hash can be either MD5, SHA1 or SHA256. + - rename: + field: checkpoint.file_hash + target_field: file.hash.md5 + if: 'ctx.checkpoint?.file_hash != null && ctx.checkpoint.file_hash.length()==32' + - rename: + field: checkpoint.file_hash + target_field: file.hash.sha1 + if: 'ctx.checkpoint?.file_hash != null && ctx.checkpoint.file_hash.length()==40' + - rename: + field: checkpoint.file_hash + target_field: file.hash.sha256 + if: 'ctx.checkpoint?.file_hash != null && ctx.checkpoint.file_hash.length()==64' + + # Event kind is 'event' by default. 'alert' when a risk score and rule info + # is present. + - set: + field: event.kind + value: event + - set: + field: event.kind + value: alert + if: 'ctx.cef?.extensions?.cp_app_risk != null && ctx.rule != null' + + # Set event.category to network/malware/intrusion_detection depending on which + # fields have been populated. + - set: + field: event.category + value: network + if: 'ctx.source?.ip != null && ctx.destination?.ip != null' + - set: + field: event.category + value: malware + if: 'ctx.checkpoint?.protection_id != null || ctx.checkpoint?.spyware_name != null || ctx.checkpoint?.malware_family != null || ctx.checkpoint?.spyware_status != null' + - set: + field: event.category + value: intrusion_detection + if: 'ctx.event?.category != "malware" && (ctx.checkpoint?.protection_type != null || ctx.cef.extensions?.flexString2Label == "Attack Information")' diff --git a/filebeat/module/cef/log/ingest/fp-pipeline.yml b/filebeat/module/cef/log/ingest/fp-pipeline.yml new file mode 100644 index 00000000000..1459d521cce --- /dev/null +++ b/filebeat/module/cef/log/ingest/fp-pipeline.yml @@ -0,0 +1,27 @@ +--- +description: Pipeline for Forcepoint CEF + +processors: + # cs1 is ruleID + - set: + field: rule.id + value: "{{cef.extensions.deviceCustomString1}}" + if: "ctx.cef?.extensions?.deviceCustomString1 != null" + + # cs2 is natRuleID + - set: + field: rule.id + value: "{{cef.extensions.deviceCustomString2}}" + if: "ctx.cef?.extensions?.deviceCustomString2 != null" + + # cs3 is VulnerabilityReference + - set: + field: vulnerability.reference + value: "{{cef.extensions.deviceCustomString3}}" + if: "ctx.cef?.extensions?.deviceCustomString3 != null" + + # cs4 is virusID + - set: + field: cef.forcepoint.virus_id + value: "{{cef.extensions.deviceCustomString4}}" + if: "ctx.cef?.extensions?.deviceCustomString4 != null" diff --git a/filebeat/module/cef/log/ingest/pipeline.yml b/filebeat/module/cef/log/ingest/pipeline.yml new file mode 100644 index 00000000000..75a86ea2758 --- /dev/null +++ b/filebeat/module/cef/log/ingest/pipeline.yml @@ -0,0 +1,89 @@ +--- +description: Pipeline for Filebeat CEF + +processors: + # IP Geolocation Lookup + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true + + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + - append: + field: related.hash + value: "{{cef.extensions.fileHash}}" + if: "ctx?.cef?.extensions?.fileHash != null" + - append: + field: related.hash + value: "{{cef.extensions.oldFileHash}}" + if: "ctx?.cef?.extensions?.oldFileHash != null" + - append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" + - append: + field: related.ip + value: "{{destination.nat.ip}}" + if: "ctx?.destination?.nat?.ip != null" + - append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" + - append: + field: related.ip + value: "{{source.nat.ip}}" + if: "ctx?.source?.nat?.ip != null" + - append: + field: related.user + value: "{{destination.user.name}}" + if: "ctx?.destination?.user?.name != null" + - append: + field: related.user + value: "{{source.user.name}}" + if: "ctx?.source?.user?.name != null" + - pipeline: + name: '{< IngestPipeline "fp-pipeline" >}' + if: "ctx.cef?.device?.vendor == 'FORCEPOINT'" + - pipeline: + name: '{< IngestPipeline "cp-pipeline" >}' + if: "ctx.cef?.device?.vendor == 'Check Point'" +on_failure: + - set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/filebeat/module/cef/log/manifest.yml b/filebeat/module/cef/log/manifest.yml new file mode 100644 index 00000000000..60115d99b40 --- /dev/null +++ b/filebeat/module/cef/log/manifest.yml @@ -0,0 +1,25 @@ +module_version: "1.0" + +var: + - name: paths + default: + - /var/log/cef.log + - name: tags + default: [cef] + - name: syslog_host + default: localhost + - name: syslog_port + default: 9003 + - name: input + default: syslog + +ingest_pipeline: + - ingest/pipeline.yml + - ingest/fp-pipeline.yml + - ingest/cp-pipeline.yml + +input: config/input.yml + +requires.processors: + - name: geoip + plugin: ingest-geoip diff --git a/filebeat/module/cef/log/test/cef.log b/filebeat/module/cef/log/test/cef.log new file mode 100644 index 00000000000..1e8ab441ff7 --- /dev/null +++ b/filebeat/module/cef/log/test/cef.log @@ -0,0 +1,4 @@ +CEF:0|Elastic|Vaporware|1.0.0-alpha|18|Web request|low|eventId=3457 requestMethod=POST slat=38.915 slong=-77.511 proto=TCP sourceServiceName=httpd requestContext=https://www.google.com src=6.7.8.9 spt=33876 dst=192.168.10.1 dpt=443 request=https://www.example.com/cart +CEF:0|Elastic|Vaporware|1.0.0-alpha|18|Authentication|low|eventId=123 src=6.7.8.9 spt=33876 dst=1.2.3.4 dpt=443 duser=alice suser=bob destinationTranslatedAddress=10.10.10.10 fileHash=bc8bbe52f041fd17318f08a0f73762ce oldFileHash=a9796280592f86b74b27e370662d41eb +CEF:0|Elastic|Vaporware|1.0.0-alpha|18|Authentication|low|spriv=user dpriv=root +CEF:0|Elastic|Vaporware|1.0.0-alpha|18|Authentication|low|message=This event is padded with whitespace dst=192.168.1.2 src=192.168.3.4 diff --git a/filebeat/module/cef/log/test/cef.log-expected.json b/filebeat/module/cef/log/test/cef.log-expected.json new file mode 100644 index 00000000000..99b9348a741 --- /dev/null +++ b/filebeat/module/cef/log/test/cef.log-expected.json @@ -0,0 +1,188 @@ +[ + { + "cef.device.event_class_id": "18", + "cef.device.product": "Vaporware", + "cef.device.vendor": "Elastic", + "cef.device.version": "1.0.0-alpha", + "cef.extensions.destinationAddress": "192.168.10.1", + "cef.extensions.destinationPort": 443, + "cef.extensions.eventId": 3457, + "cef.extensions.requestContext": "https://www.google.com", + "cef.extensions.requestMethod": "POST", + "cef.extensions.requestUrl": "https://www.example.com/cart", + "cef.extensions.sourceAddress": "6.7.8.9", + "cef.extensions.sourceGeoLatitude": 38.915, + "cef.extensions.sourceGeoLongitude": -77.511, + "cef.extensions.sourcePort": 33876, + "cef.extensions.sourceServiceName": "httpd", + "cef.extensions.transportProtocol": "TCP", + "cef.name": "Web request", + "cef.severity": "low", + "cef.version": "0", + "destination.ip": "192.168.10.1", + "destination.port": 443, + "event.code": "18", + "event.dataset": "cef.log", + "event.id": 3457, + "event.module": "cef", + "event.original": "CEF:0|Elastic|Vaporware|1.0.0-alpha|18|Web request|low|eventId=3457 requestMethod=POST slat=38.915 slong=-77.511 proto=TCP sourceServiceName=httpd requestContext=https://www.google.com src=6.7.8.9 spt=33876 dst=192.168.10.1 dpt=443 request=https://www.example.com/cart", + "event.severity": 0, + "fileset.name": "log", + "http.request.method": "POST", + "http.request.referrer": "https://www.google.com", + "input.type": "log", + "log.offset": 0, + "message": "Web request", + "network.community_id": "1:e2rSLr3fJ93cIJDMtVABFxSH5zg=", + "network.transport": "tcp", + "observer.product": "Vaporware", + "observer.vendor": "Elastic", + "observer.version": "1.0.0-alpha", + "related.ip": [ + "192.168.10.1", + "6.7.8.9" + ], + "service.type": "cef", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.ip": "6.7.8.9", + "source.port": 33876, + "source.service.name": "httpd", + "tags": [ + "cef" + ], + "url.original": "https://www.example.com/cart" + }, + { + "cef.device.event_class_id": "18", + "cef.device.product": "Vaporware", + "cef.device.vendor": "Elastic", + "cef.device.version": "1.0.0-alpha", + "cef.extensions.destinationAddress": "1.2.3.4", + "cef.extensions.destinationPort": 443, + "cef.extensions.destinationTranslatedAddress": "10.10.10.10", + "cef.extensions.destinationUserName": "alice", + "cef.extensions.eventId": 123, + "cef.extensions.fileHash": "bc8bbe52f041fd17318f08a0f73762ce", + "cef.extensions.oldFileHash": "a9796280592f86b74b27e370662d41eb", + "cef.extensions.sourceAddress": "6.7.8.9", + "cef.extensions.sourcePort": 33876, + "cef.extensions.sourceUserName": "bob", + "cef.name": "Authentication", + "cef.severity": "low", + "cef.version": "0", + "destination.geo.city_name": "Moscow", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "RU", + "destination.geo.location.lat": 55.7527, + "destination.geo.location.lon": 37.6172, + "destination.geo.region_iso_code": "RU-MOW", + "destination.geo.region_name": "Moscow", + "destination.ip": "1.2.3.4", + "destination.nat.ip": "10.10.10.10", + "destination.port": 443, + "destination.user.name": "alice", + "event.code": "18", + "event.dataset": "cef.log", + "event.id": 123, + "event.module": "cef", + "event.original": "CEF:0|Elastic|Vaporware|1.0.0-alpha|18|Authentication|low|eventId=123 src=6.7.8.9 spt=33876 dst=1.2.3.4 dpt=443 duser=alice suser=bob destinationTranslatedAddress=10.10.10.10 fileHash=bc8bbe52f041fd17318f08a0f73762ce oldFileHash=a9796280592f86b74b27e370662d41eb", + "event.severity": 0, + "fileset.name": "log", + "input.type": "log", + "log.offset": 269, + "message": "Authentication", + "observer.product": "Vaporware", + "observer.vendor": "Elastic", + "observer.version": "1.0.0-alpha", + "related.hash": [ + "bc8bbe52f041fd17318f08a0f73762ce", + "a9796280592f86b74b27e370662d41eb" + ], + "related.ip": [ + "1.2.3.4", + "10.10.10.10", + "6.7.8.9" + ], + "related.user": [ + "alice", + "bob" + ], + "service.type": "cef", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.ip": "6.7.8.9", + "source.port": 33876, + "source.user.name": "bob", + "tags": [ + "cef" + ] + }, + { + "cef.device.event_class_id": "18", + "cef.device.product": "Vaporware", + "cef.device.vendor": "Elastic", + "cef.device.version": "1.0.0-alpha", + "cef.extensions.destinationUserPrivileges": "root", + "cef.extensions.sourceUserPrivileges": "user", + "cef.name": "Authentication", + "cef.severity": "low", + "cef.version": "0", + "destination.user.group.name": "root", + "event.code": "18", + "event.dataset": "cef.log", + "event.module": "cef", + "event.original": "CEF:0|Elastic|Vaporware|1.0.0-alpha|18|Authentication|low|spriv=user dpriv=root", + "event.severity": 0, + "fileset.name": "log", + "input.type": "log", + "log.offset": 531, + "message": "Authentication", + "observer.product": "Vaporware", + "observer.vendor": "Elastic", + "observer.version": "1.0.0-alpha", + "service.type": "cef", + "source.user.group.name": "user", + "tags": [ + "cef" + ] + }, + { + "cef.device.event_class_id": "18", + "cef.device.product": "Vaporware", + "cef.device.vendor": "Elastic", + "cef.device.version": "1.0.0-alpha", + "cef.extensions.destinationAddress": "192.168.1.2", + "cef.extensions.message": "This event is padded with whitespace", + "cef.extensions.sourceAddress": "192.168.3.4", + "cef.name": "Authentication", + "cef.severity": "low", + "cef.version": "0", + "destination.ip": "192.168.1.2", + "event.code": "18", + "event.dataset": "cef.log", + "event.module": "cef", + "event.original": "CEF:0|Elastic|Vaporware|1.0.0-alpha|18|Authentication|low|message=This event is padded with whitespace dst=192.168.1.2 src=192.168.3.4 ", + "event.severity": 0, + "fileset.name": "log", + "input.type": "log", + "log.offset": 611, + "message": "This event is padded with whitespace", + "observer.product": "Vaporware", + "observer.vendor": "Elastic", + "observer.version": "1.0.0-alpha", + "related.ip": [ + "192.168.1.2", + "192.168.3.4" + ], + "service.type": "cef", + "source.ip": "192.168.3.4", + "tags": [ + "cef" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/cef/log/test/checkpoint.log b/filebeat/module/cef/log/test/checkpoint.log new file mode 100644 index 00000000000..8951c3edade --- /dev/null +++ b/filebeat/module/cef/log/test/checkpoint.log @@ -0,0 +1,3 @@ +CEF:0|Check Point|VPN-1 & FireWall-1|Check Point|Log|https|Unknown|act=Accept destinationTranslatedAddress=0.0.0.0 destinationTranslatedPort=0 deviceDirection=0 rt=1543270652000 sourceTranslatedAddress=192.168.103.254 sourceTranslatedPort=35398 spt=49363 dpt=443 cs2Label=Rule Name layer_name=Network layer_uuid=b406b732-2437-4848-9741-6eae1f5bf112 match_id=4 parent_rule=0 rule_action=Accept rule_uid=9e5e6e74-aa9a-4693-b9fe-53712dd27bea ifname=eth0 logid=0 loguid={0x5bfc70fc,0x1,0xfe65a8c0,0xc0000001} origin=192.168.101.254 originsicname=CN\=R80,O\=R80_M..6u6bdo sequencenum=1 version=5 dst=52.173.84.157 inzone=Internal nat_addtnl_rulenum=1 nat_rulenum=4 outzone=External product=VPN-1 & FireWall-1 proto=6 service_id=https src=192.168.101.100 cs5Label=Matched Category cs5=Business / Economy deviceCustomDate2=1508150533713 deviceCustomDate2Label=This field is made up +CEF:0|Check Point|VPN-1 & FireWall-1|Check Point|Log|https|Unknown|act=Bypass cn1Label=Email Recipients Number cs1Label=Email ID cs4Label=Email Control cs4=SMTP Policy Restrictions cs5Label=Email Session ID deviceDirection=0 msg=Encrypted session rt=1545211330000 spt=4001 dpt=25 fileHash=55f4a511e6f630a6b1319505414f114e7bcaf13d deviceCustomDate2=Apr 11 2020 10:42:13 deviceCustomDate2Label=Subscription expiration +CEF:0|Check Point|VPN-1 & FireWall-1|Check Point|Log|https|Unknown|act=Drop cp_app_risk=High cp_severity=Very-High baseEventCount=12 deviceFacility=4 c6a2=fd00::555 c6a2Label=Source IPv6 Address c6a3=::1 c6a3Label=Destination IPv6 Address fileHash=580a783c1cb2b20613323f715d231a69 cn2=5 cn2Label=Duration in Seconds diff --git a/filebeat/module/cef/log/test/checkpoint.log-expected.json b/filebeat/module/cef/log/test/checkpoint.log-expected.json new file mode 100644 index 00000000000..1dce9c9aae7 --- /dev/null +++ b/filebeat/module/cef/log/test/checkpoint.log-expected.json @@ -0,0 +1,197 @@ +[ + { + "cef.device.event_class_id": "Log", + "cef.device.product": "VPN-1 & FireWall-1", + "cef.device.vendor": "Check Point", + "cef.device.version": "Check Point", + "cef.extensions.destinationAddress": "52.173.84.157", + "cef.extensions.destinationPort": 443, + "cef.extensions.destinationTranslatedAddress": "0.0.0.0", + "cef.extensions.destinationTranslatedPort": 0, + "cef.extensions.deviceAction": "Accept", + "cef.extensions.deviceCustomDate2": "2017-10-16T10:42:13.713Z", + "cef.extensions.deviceCustomDate2Label": "This field is made up", + "cef.extensions.deviceCustomString2Label": "Rule Name", + "cef.extensions.deviceCustomString5": "Business / Economy", + "cef.extensions.deviceCustomString5Label": "Matched Category", + "cef.extensions.deviceDirection": 0, + "cef.extensions.deviceReceiptTime": "2018-11-26T22:17:32.000Z", + "cef.extensions.ifname": "eth0", + "cef.extensions.inzone": "Internal", + "cef.extensions.layer_name": "Network", + "cef.extensions.layer_uuid": "b406b732-2437-4848-9741-6eae1f5bf112", + "cef.extensions.logid": "0", + "cef.extensions.loguid": "{0x5bfc70fc,0x1,0xfe65a8c0,0xc0000001}", + "cef.extensions.match_id": "4", + "cef.extensions.nat_addtnl_rulenum": "1", + "cef.extensions.nat_rulenum": "4", + "cef.extensions.origin": "192.168.101.254", + "cef.extensions.originsicname": "CN=R80,O=R80_M..6u6bdo", + "cef.extensions.outzone": "External", + "cef.extensions.parent_rule": "0", + "cef.extensions.product": "VPN-1 & FireWall-1", + "cef.extensions.rule_action": "Accept", + "cef.extensions.rule_uid": "9e5e6e74-aa9a-4693-b9fe-53712dd27bea", + "cef.extensions.sequencenum": "1", + "cef.extensions.service_id": "https", + "cef.extensions.sourceAddress": "192.168.101.100", + "cef.extensions.sourcePort": 49363, + "cef.extensions.sourceTranslatedAddress": "192.168.103.254", + "cef.extensions.sourceTranslatedPort": 35398, + "cef.extensions.transportProtocol": "6", + "cef.extensions.version": "5", + "cef.name": "https", + "cef.severity": "Unknown", + "cef.version": "0", + "destination.as.number": 8075, + "destination.as.organization.name": "Microsoft Corporation", + "destination.geo.city_name": "Des Moines", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 41.6006, + "destination.geo.location.lon": -93.6112, + "destination.geo.region_iso_code": "US-IA", + "destination.geo.region_name": "Iowa", + "destination.ip": "52.173.84.157", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 443, + "event.action": "Accept", + "event.category": "network", + "event.code": "Log", + "event.dataset": "cef.log", + "event.kind": "event", + "event.module": "cef", + "event.original": "CEF:0|Check Point|VPN-1 & FireWall-1|Check Point|Log|https|Unknown|act=Accept destinationTranslatedAddress=0.0.0.0 destinationTranslatedPort=0 deviceDirection=0 rt=1543270652000 sourceTranslatedAddress=192.168.103.254 sourceTranslatedPort=35398 spt=49363 dpt=443 cs2Label=Rule Name layer_name=Network layer_uuid=b406b732-2437-4848-9741-6eae1f5bf112 match_id=4 parent_rule=0 rule_action=Accept rule_uid=9e5e6e74-aa9a-4693-b9fe-53712dd27bea ifname=eth0 logid=0 loguid={0x5bfc70fc,0x1,0xfe65a8c0,0xc0000001} origin=192.168.101.254 originsicname=CN\\=R80,O\\=R80_M..6u6bdo sequencenum=1 version=5 dst=52.173.84.157 inzone=Internal nat_addtnl_rulenum=1 nat_rulenum=4 outzone=External product=VPN-1 & FireWall-1 proto=6 service_id=https src=192.168.101.100 cs5Label=Matched Category cs5=Business / Economy deviceCustomDate2=1508150533713 deviceCustomDate2Label=This field is made up", + "fileset.name": "log", + "input.type": "log", + "log.offset": 0, + "message": "https", + "network.community_id": "1:yRLApDaheTmJZHL4UUDMjcHWAik=", + "network.direction": "inbound", + "network.transport": "6", + "observer.egress.zone": "External", + "observer.ingress.interface.name": "eth0", + "observer.ingress.zone": "Internal", + "observer.product": "VPN-1 & FireWall-1", + "observer.vendor": "Check Point", + "observer.version": "Check Point", + "related.ip": [ + "52.173.84.157", + "0.0.0.0", + "192.168.101.100", + "192.168.103.254" + ], + "rule.category": "Business / Economy", + "rule.uuid": "9e5e6e74-aa9a-4693-b9fe-53712dd27bea", + "service.type": "cef", + "source.ip": "192.168.101.100", + "source.nat.ip": "192.168.103.254", + "source.nat.port": 35398, + "source.port": 49363, + "tags": [ + "cef" + ] + }, + { + "cef.device.event_class_id": "Log", + "cef.device.product": "VPN-1 & FireWall-1", + "cef.device.vendor": "Check Point", + "cef.device.version": "Check Point", + "cef.extensions.destinationPort": 25, + "cef.extensions.deviceAction": "Bypass", + "cef.extensions.deviceCustomDate2": "2020-04-11T10:42:13.000Z", + "cef.extensions.deviceCustomDate2Label": "Subscription expiration", + "cef.extensions.deviceCustomNumber1Label": "Email Recipients Number", + "cef.extensions.deviceCustomString1Label": "Email ID", + "cef.extensions.deviceCustomString4": "SMTP Policy Restrictions", + "cef.extensions.deviceCustomString4Label": "Email Control", + "cef.extensions.deviceCustomString5Label": "Email Session ID", + "cef.extensions.deviceDirection": 0, + "cef.extensions.deviceReceiptTime": "2018-12-19T09:22:10.000Z", + "cef.extensions.fileHash": "55f4a511e6f630a6b1319505414f114e7bcaf13d", + "cef.extensions.message": "Encrypted session", + "cef.extensions.sourcePort": 4001, + "cef.name": "https", + "cef.severity": "Unknown", + "cef.version": "0", + "checkpoint.email_control": "SMTP Policy Restrictions", + "checkpoint.subs_exp": "2020-04-11T10:42:13.000Z", + "destination.port": 25, + "event.action": "Bypass", + "event.code": "Log", + "event.dataset": "cef.log", + "event.kind": "event", + "event.module": "cef", + "event.original": "CEF:0|Check Point|VPN-1 & FireWall-1|Check Point|Log|https|Unknown|act=Bypass cn1Label=Email Recipients Number cs1Label=Email ID cs4Label=Email Control cs4=SMTP Policy Restrictions cs5Label=Email Session ID deviceDirection=0 msg=Encrypted session rt=1545211330000 spt=4001 dpt=25 fileHash=55f4a511e6f630a6b1319505414f114e7bcaf13d deviceCustomDate2=Apr 11 2020 10:42:13 deviceCustomDate2Label=Subscription expiration", + "file.hash.sha1": "55f4a511e6f630a6b1319505414f114e7bcaf13d", + "fileset.name": "log", + "input.type": "log", + "log.offset": 875, + "message": "Encrypted session", + "network.direction": "inbound", + "observer.product": "VPN-1 & FireWall-1", + "observer.vendor": "Check Point", + "observer.version": "Check Point", + "related.hash": [ + "55f4a511e6f630a6b1319505414f114e7bcaf13d" + ], + "service.type": "cef", + "source.port": 4001, + "tags": [ + "cef" + ] + }, + { + "cef.device.event_class_id": "Log", + "cef.device.product": "VPN-1 & FireWall-1", + "cef.device.vendor": "Check Point", + "cef.device.version": "Check Point", + "cef.extensions.baseEventCount": "12", + "cef.extensions.cp_app_risk": "High", + "cef.extensions.cp_severity": "Very-High", + "cef.extensions.deviceAction": "Drop", + "cef.extensions.deviceCustomIPv6Address2": "fd00::555", + "cef.extensions.deviceCustomIPv6Address2Label": "Source IPv6 Address", + "cef.extensions.deviceCustomIPv6Address3": "::1", + "cef.extensions.deviceCustomIPv6Address3Label": "Destination IPv6 Address", + "cef.extensions.deviceCustomNumber2": 5, + "cef.extensions.deviceCustomNumber2Label": "Duration in Seconds", + "cef.extensions.deviceFacility": "4", + "cef.extensions.fileHash": "580a783c1cb2b20613323f715d231a69", + "cef.name": "https", + "cef.severity": "Unknown", + "cef.version": "0", + "checkpoint.app_risk": "High", + "checkpoint.event_count": "12", + "checkpoint.severity": "Very-High", + "destination.ip": "::1", + "event.action": "Drop", + "event.category": "network", + "event.code": "Log", + "event.dataset": "cef.log", + "event.duration": 5000000000, + "event.kind": "event", + "event.module": "cef", + "event.original": "CEF:0|Check Point|VPN-1 & FireWall-1|Check Point|Log|https|Unknown|act=Drop cp_app_risk=High cp_severity=Very-High baseEventCount=12 deviceFacility=4 c6a2=fd00::555 c6a2Label=Source IPv6 Address c6a3=::1 c6a3Label=Destination IPv6 Address fileHash=580a783c1cb2b20613323f715d231a69 cn2=5 cn2Label=Duration in Seconds", + "event.risk_score": "4", + "event.severity": "4", + "file.hash.md5": "580a783c1cb2b20613323f715d231a69", + "fileset.name": "log", + "input.type": "log", + "log.offset": 1291, + "message": "https", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "Mobile", + "observer.vendor": "Check Point", + "observer.version": "Check Point", + "related.hash": [ + "580a783c1cb2b20613323f715d231a69" + ], + "service.type": "cef", + "source.ip": "fd00::555", + "tags": [ + "cef" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/cef/log/test/fp-ngfw-smc.log b/filebeat/module/cef/log/test/fp-ngfw-smc.log new file mode 100644 index 00000000000..a7ce1c7bbc6 --- /dev/null +++ b/filebeat/module/cef/log/test/fp-ngfw-smc.log @@ -0,0 +1,13 @@ +CEF:0|FORCEPOINT|Firewall|6.6.1|0|Generic|0|deviceExternalId=Master FW node 1 dvc=10.1.1.40 dvchost=10.1.1.40 msg=log server connection established deviceFacility=Logging System rt=Jan 17 2020 08:52:10 +CEF:0|FORCEPOINT|Firewall|6.6.1|9005|FW_Communication-Communication-Error|0|deviceExternalId=Master FW node 1 dvc=10.1.1.40 dvchost=10.1.1.40 msg=Communication error: No route to host (-3, 5, 0) deviceFacility=Management rt=Jan 17 2020 08:52:09 +CEF:0|FORCEPOINT|Firewall|6.6.1|70018|Connection_Allowed|0|deviceExternalId=Master FW node 1 dvc=10.1.1.40 dvchost=10.1.1.40 src=10.37.205.252 dst=10.1.1.40 proto=1 deviceOutboundInterface=255 act=Allow msg=Referred connection: 10.1.1.40 -> 10.37.133.35 frag\=0x4000 TCP 47413->3020 deviceFacility=Packet Filtering rt=Jan 17 2020 08:52:09 app=Dest. Unreachable (Host Unreachable) cs1Label=RuleID cs1=2097157.1 +CEF:0|FORCEPOINT|Firewall|unknown|70019|Connection_Discarded|0|deviceExternalId=Firewall-10 node 1 dvc=10.1.1.10 dvchost=10.1.1.10 src=172.16.1.1 dst=255.255.255.255 spt=68 dpt=67 proto=17 deviceOutboundInterface=255 deviceFacility=Packet Filtering rt=Jan 17 2020 08:56:21 app=BOOTPS (UDP) cs1Label=RuleID cs1=605.0 +CEF:0|FORCEPOINT|Firewall|unknown|70020|Connection_Refused|0|deviceExternalId=Firewall-1 node 1 dvc=10.1.1.1 dvchost=10.1.1.1 src=172.16.1.1 dst=192.168.1.1 proto=1 deviceOutboundInterface=255 act=Refuse deviceFacility=Packet Filtering rt=Jan 17 2020 08:56:23 app=Echo Request (No Code) cs1Label=RuleID cs1=601.0 +CEF:0|FORCEPOINT|Firewall|unknown|70021|Connection_Closed|0|deviceExternalId=Firewall-6 node 1 dvc=10.1.1.6 dvchost=10.1.1.6 proto=6 deviceOutboundInterface=255 destinationServiceName=YouTube suser=alice deviceFacility=Packet Filtering rt=Jan 17 2020 08:56:20 app=TCP in=32526 out=27366 +CEF:0|FORCEPOINT|Firewall|unknown|72714|ECA_Metadata_login|0|deviceExternalId=Firewall-3 node 1 dvc=10.1.1.3 dvchost=10.1.1.3 src=192.168.1.1 suser=bob deviceFacility=Endpoint Context Agent rt=Jan 17 2020 08:56:33 +CEF:0|FORCEPOINT|Firewall|unknown|72715|ECA_Metadata_logout|0|deviceExternalId=Firewall-10 node 1 dvc=10.1.1.10 dvchost=10.1.1.10 src=192.168.1.1 suser=bob deviceFacility=Endpoint Context Agent rt=Jan 17 2020 08:56:31 +CEF:0|FORCEPOINT|Firewall|unknown|72716|ECA_Metadata_system_metadata_received|0|deviceExternalId=Firewall-8 node 1 dvc=10.1.1.8 dvchost=10.1.1.8 src=172.16.2.1 suser=alice deviceFacility=Endpoint Context Agent rt=Jan 17 2020 08:56:26 +CEF:0|FORCEPOINT|Firewall|6.6.1|78002|TLS connection state|0|deviceExternalId=Master FW node 1 dvc=10.1.1.40 dvchost=10.1.1.40 msg=TLS: Couldn't establish TLS connection (11, N/A) deviceFacility=Management rt=Jan 17 2020 08:52:09 + + + diff --git a/filebeat/module/cef/log/test/fp-ngfw-smc.log-expected.json b/filebeat/module/cef/log/test/fp-ngfw-smc.log-expected.json new file mode 100644 index 00000000000..be322967983 --- /dev/null +++ b/filebeat/module/cef/log/test/fp-ngfw-smc.log-expected.json @@ -0,0 +1,431 @@ +[ + { + "cef.device.event_class_id": "0", + "cef.device.product": "Firewall", + "cef.device.vendor": "FORCEPOINT", + "cef.device.version": "6.6.1", + "cef.extensions.deviceAddress": "10.1.1.40", + "cef.extensions.deviceExternalId": "Master FW node 1", + "cef.extensions.deviceFacility": "Logging System", + "cef.extensions.deviceHostName": "10.1.1.40", + "cef.extensions.deviceReceiptTime": "2020-01-17T08:52:10.000Z", + "cef.extensions.message": "log server connection established", + "cef.name": "Generic", + "cef.severity": "0", + "cef.version": "0", + "event.code": "0", + "event.dataset": "cef.log", + "event.module": "cef", + "event.original": "CEF:0|FORCEPOINT|Firewall|6.6.1|0|Generic|0|deviceExternalId=Master FW node 1 dvc=10.1.1.40 dvchost=10.1.1.40 msg=log server connection established deviceFacility=Logging System rt=Jan 17 2020 08:52:10", + "event.severity": 0, + "fileset.name": "log", + "input.type": "log", + "log.offset": 0, + "message": "log server connection established", + "observer.hostname": "10.1.1.40", + "observer.ip": "10.1.1.40", + "observer.product": "Firewall", + "observer.vendor": "FORCEPOINT", + "observer.version": "6.6.1", + "service.type": "cef", + "tags": [ + "cef" + ] + }, + { + "cef.device.event_class_id": "9005", + "cef.device.product": "Firewall", + "cef.device.vendor": "FORCEPOINT", + "cef.device.version": "6.6.1", + "cef.extensions.deviceAddress": "10.1.1.40", + "cef.extensions.deviceExternalId": "Master FW node 1", + "cef.extensions.deviceFacility": "Management", + "cef.extensions.deviceHostName": "10.1.1.40", + "cef.extensions.deviceReceiptTime": "2020-01-17T08:52:09.000Z", + "cef.extensions.message": "Communication error: No route to host (-3, 5, 0)", + "cef.name": "FW_Communication-Communication-Error", + "cef.severity": "0", + "cef.version": "0", + "event.code": "9005", + "event.dataset": "cef.log", + "event.module": "cef", + "event.original": "CEF:0|FORCEPOINT|Firewall|6.6.1|9005|FW_Communication-Communication-Error|0|deviceExternalId=Master FW node 1 dvc=10.1.1.40 dvchost=10.1.1.40 msg=Communication error: No route to host (-3, 5, 0) deviceFacility=Management rt=Jan 17 2020 08:52:09", + "event.severity": 0, + "fileset.name": "log", + "input.type": "log", + "log.offset": 202, + "message": "Communication error: No route to host (-3, 5, 0)", + "observer.hostname": "10.1.1.40", + "observer.ip": "10.1.1.40", + "observer.product": "Firewall", + "observer.vendor": "FORCEPOINT", + "observer.version": "6.6.1", + "service.type": "cef", + "tags": [ + "cef" + ] + }, + { + "cef.device.event_class_id": "70018", + "cef.device.product": "Firewall", + "cef.device.vendor": "FORCEPOINT", + "cef.device.version": "6.6.1", + "cef.extensions.applicationProtocol": "Dest. Unreachable (Host Unreachable)", + "cef.extensions.destinationAddress": "10.1.1.40", + "cef.extensions.deviceAction": "Allow", + "cef.extensions.deviceAddress": "10.1.1.40", + "cef.extensions.deviceCustomString1": "2097157.1", + "cef.extensions.deviceCustomString1Label": "RuleID", + "cef.extensions.deviceExternalId": "Master FW node 1", + "cef.extensions.deviceFacility": "Packet Filtering", + "cef.extensions.deviceHostName": "10.1.1.40", + "cef.extensions.deviceOutboundInterface": "255", + "cef.extensions.deviceReceiptTime": "2020-01-17T08:52:09.000Z", + "cef.extensions.message": "Referred connection: 10.1.1.40 -> 10.37.133.35 frag=0x4000 TCP 47413->3020", + "cef.extensions.sourceAddress": "10.37.205.252", + "cef.extensions.transportProtocol": "1", + "cef.name": "Connection_Allowed", + "cef.severity": "0", + "cef.version": "0", + "destination.ip": "10.1.1.40", + "event.action": "Allow", + "event.code": "70018", + "event.dataset": "cef.log", + "event.module": "cef", + "event.original": "CEF:0|FORCEPOINT|Firewall|6.6.1|70018|Connection_Allowed|0|deviceExternalId=Master FW node 1 dvc=10.1.1.40 dvchost=10.1.1.40 src=10.37.205.252 dst=10.1.1.40 proto=1 deviceOutboundInterface=255 act=Allow msg=Referred connection: 10.1.1.40 -> 10.37.133.35 frag\\=0x4000 TCP 47413->3020 deviceFacility=Packet Filtering rt=Jan 17 2020 08:52:09 app=Dest. Unreachable (Host Unreachable) cs1Label=RuleID cs1=2097157.1", + "event.severity": 0, + "fileset.name": "log", + "input.type": "log", + "log.offset": 447, + "message": "Referred connection: 10.1.1.40 -> 10.37.133.35 frag=0x4000 TCP 47413->3020", + "network.application": "Dest. Unreachable (Host Unreachable)", + "network.community_id": "1:jVNka6fvdh9Qms3nSigb93hGP6U=", + "network.transport": "1", + "observer.hostname": "10.1.1.40", + "observer.ip": "10.1.1.40", + "observer.product": "Firewall", + "observer.vendor": "FORCEPOINT", + "observer.version": "6.6.1", + "related.ip": [ + "10.1.1.40", + "10.37.205.252" + ], + "rule.id": "2097157.1", + "service.type": "cef", + "source.ip": "10.37.205.252", + "tags": [ + "cef" + ] + }, + { + "cef.device.event_class_id": "70019", + "cef.device.product": "Firewall", + "cef.device.vendor": "FORCEPOINT", + "cef.device.version": "unknown", + "cef.extensions.applicationProtocol": "BOOTPS (UDP)", + "cef.extensions.destinationAddress": "255.255.255.255", + "cef.extensions.destinationPort": 67, + "cef.extensions.deviceAddress": "10.1.1.10", + "cef.extensions.deviceCustomString1": "605.0", + "cef.extensions.deviceCustomString1Label": "RuleID", + "cef.extensions.deviceExternalId": "Firewall-10 node 1", + "cef.extensions.deviceFacility": "Packet Filtering", + "cef.extensions.deviceHostName": "10.1.1.10", + "cef.extensions.deviceOutboundInterface": "255", + "cef.extensions.deviceReceiptTime": "2020-01-17T08:56:21.000Z", + "cef.extensions.sourceAddress": "172.16.1.1", + "cef.extensions.sourcePort": 68, + "cef.extensions.transportProtocol": "17", + "cef.name": "Connection_Discarded", + "cef.severity": "0", + "cef.version": "0", + "destination.ip": "255.255.255.255", + "destination.port": 67, + "event.code": "70019", + "event.dataset": "cef.log", + "event.module": "cef", + "event.original": "CEF:0|FORCEPOINT|Firewall|unknown|70019|Connection_Discarded|0|deviceExternalId=Firewall-10 node 1 dvc=10.1.1.10 dvchost=10.1.1.10 src=172.16.1.1 dst=255.255.255.255 spt=68 dpt=67 proto=17 deviceOutboundInterface=255 deviceFacility=Packet Filtering rt=Jan 17 2020 08:56:21 app=BOOTPS (UDP) cs1Label=RuleID cs1=605.0", + "event.severity": 0, + "fileset.name": "log", + "input.type": "log", + "log.offset": 857, + "message": "Connection_Discarded", + "network.application": "BOOTPS (UDP)", + "network.community_id": "1:gRGAPcxUiQY+cM2V/f6dU0AJnuI=", + "network.transport": "17", + "observer.hostname": "10.1.1.10", + "observer.ip": "10.1.1.10", + "observer.product": "Firewall", + "observer.vendor": "FORCEPOINT", + "observer.version": "unknown", + "related.ip": [ + "255.255.255.255", + "172.16.1.1" + ], + "rule.id": "605.0", + "service.type": "cef", + "source.ip": "172.16.1.1", + "source.port": 68, + "tags": [ + "cef" + ] + }, + { + "cef.device.event_class_id": "70020", + "cef.device.product": "Firewall", + "cef.device.vendor": "FORCEPOINT", + "cef.device.version": "unknown", + "cef.extensions.applicationProtocol": "Echo Request (No Code)", + "cef.extensions.destinationAddress": "192.168.1.1", + "cef.extensions.deviceAction": "Refuse", + "cef.extensions.deviceAddress": "10.1.1.1", + "cef.extensions.deviceCustomString1": "601.0", + "cef.extensions.deviceCustomString1Label": "RuleID", + "cef.extensions.deviceExternalId": "Firewall-1 node 1", + "cef.extensions.deviceFacility": "Packet Filtering", + "cef.extensions.deviceHostName": "10.1.1.1", + "cef.extensions.deviceOutboundInterface": "255", + "cef.extensions.deviceReceiptTime": "2020-01-17T08:56:23.000Z", + "cef.extensions.sourceAddress": "172.16.1.1", + "cef.extensions.transportProtocol": "1", + "cef.name": "Connection_Refused", + "cef.severity": "0", + "cef.version": "0", + "destination.ip": "192.168.1.1", + "event.action": "Refuse", + "event.code": "70020", + "event.dataset": "cef.log", + "event.module": "cef", + "event.original": "CEF:0|FORCEPOINT|Firewall|unknown|70020|Connection_Refused|0|deviceExternalId=Firewall-1 node 1 dvc=10.1.1.1 dvchost=10.1.1.1 src=172.16.1.1 dst=192.168.1.1 proto=1 deviceOutboundInterface=255 act=Refuse deviceFacility=Packet Filtering rt=Jan 17 2020 08:56:23 app=Echo Request (No Code) cs1Label=RuleID cs1=601.0", + "event.severity": 0, + "fileset.name": "log", + "input.type": "log", + "log.offset": 1173, + "message": "Connection_Refused", + "network.application": "Echo Request (No Code)", + "network.community_id": "1:rdTu3DxOTXebXEr+rcV80Pk9a1s=", + "network.transport": "1", + "observer.hostname": "10.1.1.1", + "observer.ip": "10.1.1.1", + "observer.product": "Firewall", + "observer.vendor": "FORCEPOINT", + "observer.version": "unknown", + "related.ip": [ + "192.168.1.1", + "172.16.1.1" + ], + "rule.id": "601.0", + "service.type": "cef", + "source.ip": "172.16.1.1", + "tags": [ + "cef" + ] + }, + { + "cef.device.event_class_id": "70021", + "cef.device.product": "Firewall", + "cef.device.vendor": "FORCEPOINT", + "cef.device.version": "unknown", + "cef.extensions.applicationProtocol": "TCP", + "cef.extensions.bytesIn": 32526, + "cef.extensions.bytesOut": 27366, + "cef.extensions.destinationServiceName": "YouTube", + "cef.extensions.deviceAddress": "10.1.1.6", + "cef.extensions.deviceExternalId": "Firewall-6 node 1", + "cef.extensions.deviceFacility": "Packet Filtering", + "cef.extensions.deviceHostName": "10.1.1.6", + "cef.extensions.deviceOutboundInterface": "255", + "cef.extensions.deviceReceiptTime": "2020-01-17T08:56:20.000Z", + "cef.extensions.sourceUserName": "alice", + "cef.extensions.transportProtocol": "6", + "cef.name": "Connection_Closed", + "cef.severity": "0", + "cef.version": "0", + "destination.bytes": 27366, + "destination.service.name": "YouTube", + "event.code": "70021", + "event.dataset": "cef.log", + "event.module": "cef", + "event.original": "CEF:0|FORCEPOINT|Firewall|unknown|70021|Connection_Closed|0|deviceExternalId=Firewall-6 node 1 dvc=10.1.1.6 dvchost=10.1.1.6 proto=6 deviceOutboundInterface=255 destinationServiceName=YouTube suser=alice deviceFacility=Packet Filtering rt=Jan 17 2020 08:56:20 app=TCP in=32526 out=27366", + "event.severity": 0, + "fileset.name": "log", + "input.type": "log", + "log.offset": 1486, + "message": "Connection_Closed", + "network.application": "TCP", + "network.transport": "6", + "observer.hostname": "10.1.1.6", + "observer.ip": "10.1.1.6", + "observer.product": "Firewall", + "observer.vendor": "FORCEPOINT", + "observer.version": "unknown", + "related.user": [ + "alice" + ], + "service.type": "cef", + "source.bytes": 32526, + "source.user.name": "alice", + "tags": [ + "cef" + ] + }, + { + "cef.device.event_class_id": "72714", + "cef.device.product": "Firewall", + "cef.device.vendor": "FORCEPOINT", + "cef.device.version": "unknown", + "cef.extensions.deviceAddress": "10.1.1.3", + "cef.extensions.deviceExternalId": "Firewall-3 node 1", + "cef.extensions.deviceFacility": "Endpoint Context Agent", + "cef.extensions.deviceHostName": "10.1.1.3", + "cef.extensions.deviceReceiptTime": "2020-01-17T08:56:33.000Z", + "cef.extensions.sourceAddress": "192.168.1.1", + "cef.extensions.sourceUserName": "bob", + "cef.name": "ECA_Metadata_login", + "cef.severity": "0", + "cef.version": "0", + "event.code": "72714", + "event.dataset": "cef.log", + "event.module": "cef", + "event.original": "CEF:0|FORCEPOINT|Firewall|unknown|72714|ECA_Metadata_login|0|deviceExternalId=Firewall-3 node 1 dvc=10.1.1.3 dvchost=10.1.1.3 src=192.168.1.1 suser=bob deviceFacility=Endpoint Context Agent rt=Jan 17 2020 08:56:33", + "event.severity": 0, + "fileset.name": "log", + "input.type": "log", + "log.offset": 1773, + "message": "ECA_Metadata_login", + "observer.hostname": "10.1.1.3", + "observer.ip": "10.1.1.3", + "observer.product": "Firewall", + "observer.vendor": "FORCEPOINT", + "observer.version": "unknown", + "related.ip": [ + "192.168.1.1" + ], + "related.user": [ + "bob" + ], + "service.type": "cef", + "source.ip": "192.168.1.1", + "source.user.name": "bob", + "tags": [ + "cef" + ] + }, + { + "cef.device.event_class_id": "72715", + "cef.device.product": "Firewall", + "cef.device.vendor": "FORCEPOINT", + "cef.device.version": "unknown", + "cef.extensions.deviceAddress": "10.1.1.10", + "cef.extensions.deviceExternalId": "Firewall-10 node 1", + "cef.extensions.deviceFacility": "Endpoint Context Agent", + "cef.extensions.deviceHostName": "10.1.1.10", + "cef.extensions.deviceReceiptTime": "2020-01-17T08:56:31.000Z", + "cef.extensions.sourceAddress": "192.168.1.1", + "cef.extensions.sourceUserName": "bob", + "cef.name": "ECA_Metadata_logout", + "cef.severity": "0", + "cef.version": "0", + "event.code": "72715", + "event.dataset": "cef.log", + "event.module": "cef", + "event.original": "CEF:0|FORCEPOINT|Firewall|unknown|72715|ECA_Metadata_logout|0|deviceExternalId=Firewall-10 node 1 dvc=10.1.1.10 dvchost=10.1.1.10 src=192.168.1.1 suser=bob deviceFacility=Endpoint Context Agent rt=Jan 17 2020 08:56:31", + "event.severity": 0, + "fileset.name": "log", + "input.type": "log", + "log.offset": 1987, + "message": "ECA_Metadata_logout", + "observer.hostname": "10.1.1.10", + "observer.ip": "10.1.1.10", + "observer.product": "Firewall", + "observer.vendor": "FORCEPOINT", + "observer.version": "unknown", + "related.ip": [ + "192.168.1.1" + ], + "related.user": [ + "bob" + ], + "service.type": "cef", + "source.ip": "192.168.1.1", + "source.user.name": "bob", + "tags": [ + "cef" + ] + }, + { + "cef.device.event_class_id": "72716", + "cef.device.product": "Firewall", + "cef.device.vendor": "FORCEPOINT", + "cef.device.version": "unknown", + "cef.extensions.deviceAddress": "10.1.1.8", + "cef.extensions.deviceExternalId": "Firewall-8 node 1", + "cef.extensions.deviceFacility": "Endpoint Context Agent", + "cef.extensions.deviceHostName": "10.1.1.8", + "cef.extensions.deviceReceiptTime": "2020-01-17T08:56:26.000Z", + "cef.extensions.sourceAddress": "172.16.2.1", + "cef.extensions.sourceUserName": "alice", + "cef.name": "ECA_Metadata_system_metadata_received", + "cef.severity": "0", + "cef.version": "0", + "event.code": "72716", + "event.dataset": "cef.log", + "event.module": "cef", + "event.original": "CEF:0|FORCEPOINT|Firewall|unknown|72716|ECA_Metadata_system_metadata_received|0|deviceExternalId=Firewall-8 node 1 dvc=10.1.1.8 dvchost=10.1.1.8 src=172.16.2.1 suser=alice deviceFacility=Endpoint Context Agent rt=Jan 17 2020 08:56:26", + "event.severity": 0, + "fileset.name": "log", + "input.type": "log", + "log.offset": 2205, + "message": "ECA_Metadata_system_metadata_received", + "observer.hostname": "10.1.1.8", + "observer.ip": "10.1.1.8", + "observer.product": "Firewall", + "observer.vendor": "FORCEPOINT", + "observer.version": "unknown", + "related.ip": [ + "172.16.2.1" + ], + "related.user": [ + "alice" + ], + "service.type": "cef", + "source.ip": "172.16.2.1", + "source.user.name": "alice", + "tags": [ + "cef" + ] + }, + { + "cef.device.event_class_id": "78002", + "cef.device.product": "Firewall", + "cef.device.vendor": "FORCEPOINT", + "cef.device.version": "6.6.1", + "cef.extensions.deviceAddress": "10.1.1.40", + "cef.extensions.deviceExternalId": "Master FW node 1", + "cef.extensions.deviceFacility": "Management", + "cef.extensions.deviceHostName": "10.1.1.40", + "cef.extensions.deviceReceiptTime": "2020-01-17T08:52:09.000Z", + "cef.extensions.message": "TLS: Couldn't establish TLS connection (11, N/A)", + "cef.name": "TLS connection state", + "cef.severity": "0", + "cef.version": "0", + "event.code": "78002", + "event.dataset": "cef.log", + "event.module": "cef", + "event.original": "CEF:0|FORCEPOINT|Firewall|6.6.1|78002|TLS connection state|0|deviceExternalId=Master FW node 1 dvc=10.1.1.40 dvchost=10.1.1.40 msg=TLS: Couldn't establish TLS connection (11, N/A) deviceFacility=Management rt=Jan 17 2020 08:52:09", + "event.severity": 0, + "fileset.name": "log", + "input.type": "log", + "log.offset": 2439, + "message": "TLS: Couldn't establish TLS connection (11, N/A)", + "observer.hostname": "10.1.1.40", + "observer.ip": "10.1.1.40", + "observer.product": "Firewall", + "observer.vendor": "FORCEPOINT", + "observer.version": "6.6.1", + "service.type": "cef", + "tags": [ + "cef" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/checkpoint/_meta/config.yml b/filebeat/module/checkpoint/_meta/config.yml new file mode 100644 index 00000000000..57f45e9c54b --- /dev/null +++ b/filebeat/module/checkpoint/_meta/config.yml @@ -0,0 +1,18 @@ +- module: checkpoint + firewall: + enabled: true + + # Set which input to use between syslog (default) or file. + #var.input: syslog + + # The interface to listen to UDP based syslog traffic. Defaults to + # localhost. Set to 0.0.0.0 to bind to all available interfaces. + #var.syslog_host: localhost + + # The UDP port to listen for syslog traffic. Defaults to 9001. + #var.syslog_port: 9001 + + # Set the log level from 1 (alerts only) to 7 (include all messages). + # Messages with a log level higher than the specified will be dropped. + # See https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs-sev-level.html + #var.log_level: 7 \ No newline at end of file diff --git a/filebeat/module/checkpoint/_meta/docs.asciidoc b/filebeat/module/checkpoint/_meta/docs.asciidoc new file mode 100644 index 00000000000..86e7c510017 --- /dev/null +++ b/filebeat/module/checkpoint/_meta/docs.asciidoc @@ -0,0 +1,162 @@ +[role="xpack"] + +:modulename: checkpoint +:has-dashboards: false + + +== Check Point module +beta[] + +This is a module for Check Point firewall logs. It supports logs from the Log Exporter in the Syslog format. + +To configure a Log Exporter, please refer to the documentation by https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323[Check Point]. + +Example below: + +`cp_log_export add name testdestination target-server 192.168.1.1 target-port 9001 protocol udp format syslog` + +The module that supports Check Point firewall logs sent in the CEF format requires the <> + +The Check Point and ECS fields that are the same between both modules will be mapped to the same names for compability between modules, though not all fields are included in CEF. Please reference the supported fields in the CEF documentation. + +include::../include/gs-link.asciidoc[] + + +[float] +=== Compatibility + +This module has been tested against Check Point Log Exporter on R80.X but should also work with R77.30. + +include::../include/configuring-intro.asciidoc[] + +:fileset_ex: firewall + +include::../include/config-option-intro.asciidoc[] + +[float] +==== `firewall` fileset settings + +Example config: + +[source,yaml] +---- +- module: checkpoint + firewall: + var.syslog_host: 0.0.0.0 + var.syslog_port: 9001 +---- + +include::../include/var-paths.asciidoc[] + +*`var.syslog_host`*:: + +The interface to listen to UDP based syslog traffic. Defaults to localhost. +Set to 0.0.0.0 to bind to all available interfaces. + +*`var.syslog_port`*:: + +The UDP port to listen for syslog traffic. Defaults to 9001. + +[float] +==== Check Point devices + +This module will parse Check Point Syslog data as documented in: +https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk144192[Checkpoint Log Fields Description.] + +Check Point Syslog extensions are mapped as follows to ECS: +[options="header"] +|============================================================== +| Check Point Fields | ECS Fields | +| action | event.action | +| appi_name | network.application | +| app_risk | event.risk_score | +| app_rule_id | rule.id | +| app_rule_name | rule.name | +| bytes | network.bytes | +| categories | rule.category | +| client_inbound_interface | observer.ingress.interface.name| +| client_outbound_bytes | source.bytes | +| client_outbound_interface | observer.egress.interface.name | +| client_outbound_packets | source.packets | +| destination_dns_hostname | destination.domain | +| dlp_file_name | file.name | +| dns_message_type | dns.type | +| dns_type | dns.question.type | +| domain_name | dns.question.name | +| dst | destination.ip | +| dst_machine_name | destination.domain | +| dlp_rule_name | rule.name | +| dlp_rule_uid | rule.uuid | +| endpoint_ip | observer.ip | +| file_id | file.inode | +| file_type | file.type | +| file_name | file.name | +| file_size | file.size | +| file_md5 | file.hash.md5 | +| file_sha1 | file.hash.sha1 | +| file_sha256 | file.hash.sha256 | +| first_detection | event.start | +| from | source.user.email | +| ifdir | network.direction | +| industry_reference | vulnerability.id | +| inzone | observer.ingress.zone | +| last_detection | event.end | +| loguid | event.id | +| mac_destination_address | destination.mac | +| mac_source_address | source.mac | +| malware_action | rule.description | +| matched_category | rule.category | +| malware_rule_id | rule.rule.id | +| message | message | +| method | http.request.method | +| origin | observer.name | +| origin_ip | observer.ip | +| os_name | host.os.name | +| os_version | host.os.version | +| outzone | observer.egress.zone | +| packet_capture | event.url | +| packets | network.packets | +| parent_process_md5 | process.parent.hash.md5 | +| parent_process_name | process.parent.name | +| process_md5 | process.hash.md5 | +| process_name | process.name | +| product | observer.product | +| proto | network.iana_number | +| reason | message | +| received_bytes | destination.bytes | +| referrer | http.request.referrer | +| rule_name | rule.name | +| resource | url.original | +| s_port | source.port | +| security_inzone | observer.ingress.zone | +| security_outzone | observer.egress.zone | +| sent_bytes | source.bytes | +| sequencenum | event.sequence | +| service | destination.port | +| service_id | network.application | +| service_name | destination.service.name | +| server_outbound_packets | destination.packets | +| server_outbound_bytes | destination.bytes | +| severity | event.severity | +| smartdefense_profile | rule.ruleset | +| src | source.ip | +| src_machine_name | source.domain | +| src_user_group | source.user.group.name | +| start_time | event.start | +| status | http.response.status_code | +| tid | dns.id | +| time | @timestamp | +| to | destination.user.email | +| type | observer.type | +| update_version | observer.version | +| url | url.original | +| user_group | group.name | +| usercheck_incident_uid | destination.user.id | +| web_client_type | user_agent.name | +| xlatesrc | source.nat.ip | +| xlatedst | destination.nat.ip | +| xlatesport | source.nat.port | +| xlatedport | destination.nat.port | +|============================================================== + +:modulename!: \ No newline at end of file diff --git a/filebeat/module/checkpoint/_meta/fields.yml b/filebeat/module/checkpoint/_meta/fields.yml new file mode 100644 index 00000000000..cdda847541d --- /dev/null +++ b/filebeat/module/checkpoint/_meta/fields.yml @@ -0,0 +1,5 @@ +- key: checkpoint + title: Checkpoint + description: > + Some checkpoint module + fields: diff --git a/filebeat/module/checkpoint/fields.go b/filebeat/module/checkpoint/fields.go new file mode 100644 index 00000000000..313ae685659 --- /dev/null +++ b/filebeat/module/checkpoint/fields.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package checkpoint + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "checkpoint", asset.ModuleFieldsPri, AssetCheckpoint); err != nil { + panic(err) + } +} + +// AssetCheckpoint returns asset data. +// This is the base64 encoded gzipped contents of module/checkpoint. +func AssetCheckpoint() string { + return "eJzUvU9zGznSJ3yfT4How2s/EbQ10+/sc/BhI9SSeloxls015e7dUwVYlWRhhAKqARQp9qffQAIoFmVKgGwz5e1L2xLp/CWQAPJ/vmF3sHvH6hbqu14L5f7GmBNOwjt2Mf1ZA7Y2ondCq3fsf/6NMcYWuoPJF1mnm0HC3xhbCZCNfYcf8v+9YYp38IBI+s/tenjH1kYP/eSnBiRwC+/YEhyf/LyBFR+kq5DEO7bi0sLBr79Amf67QXRspQ3rubFCrScMMruzUq/fTr7xkIkDRrRaiQZUDZWEDciDDyWWhHKwBvPgd3oDZmuEg3fMmQEe/PYJ/P6/i5EuQ7qsAQemEwoattyx29YAdxdSD82ek+MMcFlXnthR5Hew22rTfE/k7/V6+pEMvMa6qtaDcmZHBfASrBOK+1+zSLoA5GDBVP6vVDAvtFJQO2iYJ41ImFbMteC/OXJwPc+Ah44LWYmH2E6G+8rTY2rolmCYUMx2rvfHyDOTl4eA1g7L/0DtqCB/NGItFJeBOovUy5CCtUIrwvW9GJeSDYPIHX/YgIon7ChAqdX6e6L7EPZdrwJly7i1uhbcy/FWuBbl9+D+PQrb7mzVgbV8TXbeFjvroGORqn0an9Rruh1/FrIVF3IwUImu53Qn6LYFFij6rR/6hjtgFsxG1JAgZbb8kfU8wdv6cQPGiAYY73sp6niPXubwqZU2HX6YalXnWop6x4SyjksZcFrH3WBRueHM9lCLlajZUvImt8CS74ifsPeeIlIvguavM1ponz9nt13q9WOX+wlE87MSfw7AvObnhNvhNku9thmQHZdbbqBa8U5IMkXqvGmE/x2X08PhlZTeaFf03Gt8eSsralLBvOF1KxSwxfVFBmCPR7Dq1h3ZXfoBNb0VvpQ3XPE1dKAcW4DZgGGu5Y51+GPLXCssW0A9GC8s/+IOtjynzEaOKJd7ypHk1kUMgZejPLAVuLqFnHazlzNCBWw+Ek3njmXVsAlQyoVfpPfBirXibjAQ7YiwF9w5Xt+VQ/c4yTSKXY849+S9HdQwp9EUrt3zONC1Pm67n0hAPL0IFJpktxVbQb3R97vKmroS/fGn5+GPv01MQDVgmNWDqYFdz9lrr7yzbQt+0YVaB0D/lUFtgk/oCNrv/1DecLwfkGY0NgvQVbym1N/Og9zG09ZNIYsgEbyuwdp4H+ZsopqrqhEGSHlY1FyxkWoOIrk1/F6vS8zgINqVtlS4Pi7YthV1y9agwKD5W3xf+XNP7BO7COQQwIw1YMQGGrYyuptcWpMLgjeNAZtTSz0j5H6zz6O3rB49aE7vsT8N2Yn6DhyhAEeN//qS9WDYSsicreSkrSzqglWrraPVJz5cn118CHIBqja73q/u7fvFVErwmV7u2OdP739FA6bmDtbaiL94wRWyAdMIQsfFFQO19rZAJMzm2lqxlMA2XA5g37EbLkUt9GDPfgEl1ursyhide2282JPtShDt0U2cXWHVaFNJYUndQ4FsOJmo+PdGb0QTL8a0+sGv0aUl90KUYWcLy3QeKPXTP2DJAtm9mhcf9d9ub+fMgO21srnNqKUARXuIL5AkO584v7RhC71yaMv8InkTd2hkzHOF/twybjZgLKGK8ssgZMMiUa9tLbhqfkFD83ztWQ2wkh9tqo93/eCymiPcO1Co17w0Yx70Q+aWRm/9yR9RZrjBR8MJQi+grrlknmJad1BNiMUWbsC4cVVvdDPUjkyNey8serT3onOVsB8emJwqVJPFX/1de8HNUit2oftdUtWS+GDYKmd+cuOPcW+0t05QhaO8oD5uFRiWqCbgARSLoMafxr8GV5IR6zWY5+jaPxiP38gNHxrhqhAiIDNyPU22QJpv2QVXbAlsMQTDVhv2a1H0R2PI1fHlIy6EUxwUT8yvPF+topsGQeSOcoRK6QtrAf/x0W93CDiHt/cGKLoe0U9CiXqkzdSQd9GEkLqBWvT+wbYe8FG0J3AonXfeBPYrvKfPtq3uou9GSLbllll/BzmdM3yHvveXLjSV1OvjR/EUPKzXBtbobNjbYyFWuBIbYJ1QgwObnmHrb55gF88Ockq4alivTU6wMOhIqroG3bTAxqG9Aj/enf3BjRJqXWQb2lYbR5qTtfAUpx86+uB4+YZ7qAeXDbxIrdakHNxoAw+jjFMGXg924FLu4r+zFGrNwO8FM8CtVt42i3kIOTc2+lm9lmyrVg/Hr8sTHN595swQXEIIgTWD8byMoTMPqZyBhh93Ib4c/iYboJzA3wLc/WD4PaSc7we/XyXrmVSKLpPJvhHmyzQRz9LXSNRDjgjF6isYyovYQ34o5ewrGCqQOTw0XkuhPy6otaUnBAwglpin/NP5LxNnHq+d2Ai3+yn6XHPWzJhf8lgY9BTZwR8WYRMKtIzJP0Vmbe1zbuC+lzxqbK3eBpUu5VGsYx4F+Cezjjbkc7Nwe95V0XlPFokK6cMpZAD27ZcOeY/rTGkX/tC3wrZC5TJKA0u1Vs5oWXHF5c4KMg3xJuRuslpya/1Bx22beVsD9qE2z0/ykxedEDz1Buwg6VxiP12rYH3+dPZAoeSFmZ46pltXfw4wAGGsbczz7rV1K3Ef870RRj6Hxwh7/JE4AdJPwt7Fwo8tsLV2QUCC87RAMPTSgtnwpaS1z64/XkxIP8g6KodMJxGPAs5KwwRurbsOHsmvp8RcXnUjVOOvIE0bmffAR8olIrGH+QIv7SHar1lbAyswoOoXWuCRfDFgygTsQ6wFKTy870k9DtP4aPnue5R06eLnzylg8NCseDSb/Qc6QjUYF5Qk8NoNeiipMP92eztfsET1S+Vz8eGaeWZ0x4UK2QyvLz/kfEpTjjZcioa2jsRALSwEh9hs6iIL3E7QJRWODZgS+lP8QMrgAbaFpRUO7E9sBfjs5JzEGJ4mDThPT0XMSIwwMAqdc22KTrjKwJ8DWAdkR/k6nBOwbNuCa8Gwhjse0KBndkSELoNg7NmCeH/gB0udXpKbCWBkh9cuOmy91CHIrNe5MbrvoamcdpzM0bEPDEXyrOf1HTjLXi+1a5lQte78WeKqYXpway3UOnsfhEQZD5owKTVm/nxcPJayhBKWgU6pMU5PcoG+2Bvd+6sM6ILfE4ATn8XTMGkf4QnEV3ZiLVxfxgzlVm9ZvGNGsVhmS+IJNbGj9Zrl2gTqwQZMZUGuKkIV9/Pn68sUaKsHg+kr+dLnEW7MwqEsitTrA9ABCt5t+5XPXQ8Aja1yr/4J7ulf9i883mTCTJ7KYs9nLQfrwFRCrTTdtYw0p+HNiddT4/fsO0yk8XRiRPMsQsVYN7C65WoN9uxinnjwaur/b/xzZVw25rZTdMHonapTGbN/M4OkYZD2tcUMoBnjDt1tuWd0JSTQl8T8KiRMSmKObNXQS82bs0Zvlf9D1gBHk6BCbqz4i+zI/JoIhhY4TFiGSJhWcsfEKtRmjr+z4JjT7O+5AgXdV9zUrdhAYInUx+TfYRvSugIGFJJ3KGX+T/tUBwvKnSUHfO65444HbY2SmUtvAWDil1BYNrb0rI0MxIKy3NGOocXqZXi40F2vB9Wc/cvooWe2BsWN0LNg3iBzz2TIIyStXvhDm2YEx5a7PfSClhFkt6rfZi69gpE6heQ82NFWqQZDVhr7+dN7ZkDyWJSF94tH/No/1N4Iyd34jewrrOSkbRcwLTYtiAt7kGMWIR1KISfJiwUYidss3ZQ3V/LoyM/5vDXcwleddI/XQdd7ya5srQ1dbnCkOrlPET9DFLm+IeGiIFU6vBSc9do65qkWrKtQNfZDITXdxqrMI8XbRacf77gXwf4R/W3Xl19ctDobNvbQX0ZNSFfscw7cHumPIBnPQb4ROrRzeonA5u+J+PSDNkUF9j7BpHCWiTtsuHL7LSF79SYK/6GqGVR+oVRypSOsSZpambbp2QtdI6pgpFIxFptH1K22oKKBXIB174Wkt1JSrljJY2m4soIuacLrlmeLm9v52a+3uY6ZzRCcXYQVkmvWcXMHDeN2T76ZhRYsmKTk7e9eCje6TL5omWQBLBOOua0oiPnHd2msGv1RL/p4StGT8P/MHT8FXTm4d5WFdfeoMXAS145ag+mNUO5dasbqmYF7xxKWqaKLCoIzfLUS9XOY68HUoNxjfTpPzVlQdfcg0oaVcYJ3+z7JmLY50B/cgfGn/uxDmWK2TV+oeqMpj8OINAaMMHwb4slFukGvrXDa7CgzT/DopkT0PYTn4TVau6rnrqWC/WmkzTzZkuxfwja08OcAygkuJxeKx1DigOSyykRnT5GF8IgH+9U/XqU+xGwrpGRKO7YEZlu9Vey1wB42GDvqtPLbIdQaOWW90WsD1ha5qfaChAkLpFb2RJIKzewJXH+52KeqhU9aT4LU0eP9lcc2HvsXZiNdPl/BzmBI08NCi7dI9O0DYI8u+Gr/DldYDkpbc4ugYxTxDdajshA9LZCVKfRQjPuS2BFBOfiJoIcYJBp7LybmEwzfcmYHZYDXLebT/2hsHbW2vBI0KMzAd9qb5yW60FTwXvh2Cg06VoOUu2+5qh7cvHcCE/RegrdFoD3RTQI7S6j5EBxEOMxlnS66r3pTXk42J3mIE9mMuHJJOYi00qsKU4DJFLCHj/re+eY1rlHumgEPEVchQzmbYeTtaW+CDhKaKrRFJfTWfEAbGq/wBCJkHfG61qbByl0d+12FWNchL88RN3rFcSH+gkKpemgt+Qv8RY/Il8rXd3qdlHZHbwB678f8wNXx/V8p2wNdlvhFTIoMh8lTfv6lXCWTjOyAoB04bkO2E9CyeoGO+8WTNyb4yKdv5Gu+VlvqKUCfbcwa3XCDPQtWwsCWSxmepuwgDlq014s5k0LdsZZbrNzJniBh+8p/g+yxjN3tEtL8htthGbs8UmGMPes2vTpTWvn/Zx1vrg+aFBVEbCs1TRCesa3XpVC1bRCQv+C9CDCtmB6cV/YwMziX8NwO6o60c+5FO6j6LnnqEbp1BnhXsuppnJjQKrBHhfq2BbbkTcy23ukh6LHO7KLCF4deZXvDubqvQgVRNd0mKj4WiH9MQCgAu5L8kRZ2p1jmi3msr2JIl71e/J8PM3Z+8e8ZA1e/nWUrq2Km/0a43RMjO08UxQ3dfBRspw3RhWJbYYB1OjujS/SVfjwZ5BQu8nnMWt9n4cYytwLJIBVcv7wGhHJYj+LpH1Q+ZHs498LQlqFOBjXWUuMYlYLyU1F3/ePX8UlKNUMCDT8QWcuuL27ms5R9vtIhULIExpsm5ZSVTHJEfmrdkPGT48hj+SaOTF+j0UHFULpX/K3yaX4Rpf4NxqJiWXrObKrhjUftwZkVr4F21N4j+LHSLODPnF3Je/uIVXqKJ0h0wHpuUbESqgaP2LjSw0umWY/OjliPPOkmhQkdEKuMcw8m791gaEUCt34/GWes0gtQ3gYrDHOfQPGlTM3w4u/Db6Rer/NtvxrBO3BgKt731fUl1Zn12mLIQUgAnlFCOWKuu4b46rxMaJV2jEupt9AclN3Wuuu4avL9kUYmOrsmNS9GFqItXpKvVfdP+hlOstSf4zQ7qb06Ew6DLCzdkXpdNSDpunDinShh5dgSVhp7TUlATSxVPeSaz2D7euI467QYcNKGEieZMOxz/eUoilmwSkNw9jlzEsP44xT8egkWvaWxiurOk9zJONViEpQJWY5xmmXkJFuo3kGDk71/DJb9tcQngU1WS+DKyyhuI3f7z85CXpCwjI+LsWcnrsvzhsSM0xqqJVmvTP/KqMn4iA68LSRsd2yAxMMBPzr1BmW8fF5v61xvK6FsH0eCYi0edV7fMwtyjoOmdMcfjsB9BnSvtdB3NUlTb7iUbKUH1ZT3Nglr/eO1uNrvfmGT0i+EhjY7+AvUgTx7fR1+dPbLzpsoYd5Azicmat5XcRo/YXe6RZz/f305YzVXbKvNHdsK17JukE70EuIENTtjzgBevViXj1/LSdrIFPF8yTiHu6h9pQOjuKQNFVxHqukooHFl9LCUYFutvdJWsLCdNvB4E5RTKMS/GoBQn4DhtzAPMKuC9HL3lFJ5Cn/Zxfk8EE5aojfRZgzert+yn//+d6YN+/nv/3yG9EaBpxRgfywVznrllq3FBlSq+kP2Pn+6fhp+J7xwVVw1VQM4B5TUxrueDALhSz04FlGgErjSZstNc6Rz+A3CxvYmM3Y5+UrgZ8bm3GCCe/i7fz5ef3ETh5s3e+eOvjbSjiEQGnxhFWcEEBLZA+fnqklLlYu2xVHOhF4hbEIX6b7JOhiWRt+BqfphKYVtH0sy+q5z0ieTj5MuF1CwEQXbtprZlietO7U8nPZ2yix8GprckCkbODK5Eda/DYNnowlmxfEByvkmfPc7+rHPj819RjilqDtet0I9cWRP0g8BaX4r9B9RZAoZ+HMAuvkSlx8WgWDOf6ls9UMCm5gkwsHx+XgnG70GEjqcwgnG32f4zCQ4OTENX+HK2yDoYSJTLeeje2OKIvq5ypebehQKu94rHYk2Hnenay0ZV7rjXpHZ9/QElyt5nbBDXEU6D+RiDSm6VWsnNqir7P1PbAlSq7UtmbHYdZxwMxaB3hhWQKey0upNrbteCq4cHuFYeYxZFDj/NPRUzVmz2HkXfVMNd5yKqeToSdSZgRqbnYX25jnQXNktmJeBHGjvG7Un5DGMnziCppSXwbXaCLd7IXYiee7EZnSL5CDvS9dfBvN+FtXDbSjo22lRyyL3aQbf/r6Z+nLH8h1BVq5HBYsK7K+383E2dC7jWHRQrYwmUwTYAlQD5pVNplAJQEfWB/H9GM7BXAhTiHJJN6A9Ifzl4iKBy4+P18qlhvFUOLFdXyQcguhfOlQmqQFnnfUIZujDO2tdJ2dMdHwNZ2uxKtBM0IDha8JBSguHHh5shCNWmMcb7wWs90/xMg+MIbDCzt1U+D9Fegfd+1kLvAEzY72BDYa7t7BkvddYyk5C61xfSV2Thm8+ge21sjCiF+MACf+af/70PtQvhYInxgNDWR0xHZtGWCwaohwfNTKQZjOmoyQsg/t+NJKX4O3oXvIdWlNSKEi+2NBFPRd53giyl/93weMOYewc8yaXO7TzBdgYauD1nT8//WB6bQE1Mr7RomEWVBMPGViHBXlS675EHoNCRHYxhBAPHqvILl54M9xDr0wejKIOHmj09k3ujDELL4w7jDrdLA1d4KqRUbrL5m4kWZag1nQdaSZyjAyKv8Ywtr813e7NUje79KPJipWp23+R3jLnU6Jfbm+JILaarh/t5WTGVKqWCZI5puwc3Pwi9DTPX4sTJ4AF5187W8lHEppPdzVOMo+wEQ/OOJLA49GZRFwSyNwJ2fSKfF7YjV4KCewcs46ekeSJYKk9So+CLUmSJGwTfmu4sqF57edP77Nq13+gdpQTdSJJdn0ZRLjWxqACs/c/aAVeA/Pncd9R9XD5MT6PikzO+rRv0OlHtvppVALGsfYOR3zUhGJdYIMjF5MPlgs/pjXx+o6ysDf0dIzKvojtENvDoUIx5S+6I6FJrDawyffU5H0vSENeKafsYCxSHDkCzTczUxmIe0SX3nd0bFyaF33AaHguIsDQwC2qW6uVwEkIDWxA6j6viuBczIbwAomyuPjt/IE88vFsPesobcBQtnD9PZA7doC+l/iNe1dNJ2e+xOHyPIxoXtmDWZljyeQQc/mtWAeun72NB+PpqXi8wlHiJalsAV4aF0B3Uq6w9/GYRNGw14MSfx625hUyl4sT0FNPm59/zZD5KVRKcT8GtkAuyOc73YxVHKh4lEAM6b7E3dtvbs/HUbqTjxbtfrBJ6boRBjdodG1gdbWUwcJHYYhwcu+QMWLDJWmFdbgdImWsz7SOdzmHUlhk2kqky5CPHr0oiOCVDZWwx+bHNSDFBgw0M9YEJ28zY7G53owt9aBq/4dWy2bGFGxnoRcw1qniR/3fQDUTze3oUoRFqELrCqq1eM9tKKYdzf5AP1tRGBZlRypit0mo/HsTKlJR6MK01LhL7DUed6FCIhT69lLNKn48V84n1B32SjvK1UkbpSHpZJ8WQMVSuBbbx78M4AmAZ8Deq1eE8aVpAM0eO+YTXs7CRvx/X/7sDHPitZK5xDAuMWoDTdVrQzdpYN+XcgTAEEC+7pzXwpGVsF5EeklxLMGIn6kGysLgwwZ/z1tSxV0F9y0fbJACOkvin2/c0MtUkzliYB5DAWgzSKC8Tc5v9+M0V8JY95yaPA+YN41Tkhr3H2EajKtb/7r8zPjgdMedqBG2ZTNmodYqDioMszFSk5PQ2167FsxW2DTxNf02N9N1tPwIJ1qOrfimsbYIxIa6JrjnXS/hnd/QSa+XlluG2k9+J//531TseIz//O+ocs2CH9U6LGW27CfscwHNT7l3TDW06s/FfLqwoJqSNiiu7r32SWxyfQozpL1cPIBdS23zFZ/1WgFdbG80CLxcxGteRPhpZC+zwzJ8LOfD3H/w+F30XctgFqkSJDWDuPjXh/PbXPRUNFB9geO08OK4mnjHoZOOrxyYIsA4HMAbVFS3+2Lcw9hwSCh3jAUvIWXwQdHV+u7B+0vim6DH7ogcFUt6NTa2UyrsgxcnxFAPB1yvDaxRMZR6jdVoEYhXugIDOXPa6N6+2CJjBXjNrXvmcluoBwP3krov8O1WJ7stNnnEXtvwv98nleQd+8dbdiOwbRiva89oSHYKeenh4mmBb3ZMao7xkdjCitmdddC9ZT+/Zb/+MZ3gzfwmh5byPLXF9OtU0AOTemv33Q4t43uT8EBOUZPLdnnVhHXE88MhuYWtfrjicvcXNBXdgb9oob5jc2zmc9sa4O5C6qFhZwy6QXKnizoShFoUUuALlO3QnGcfDbMsxixx0UNdkFfakRcMHhbcXmnSCG1n9Zi9jcULCQZbGd0dxqo9sOfwQJnZPa2FQCrfk5GWW7LsxANGPOHvyknsQfEizATa38hNOk6Ex/2689b5eKpt6JJdfq7h3pl9GzXSU3GLB0Gv9hj2A5EmDce4qVuxyfcbPuCDtNTpA15Np2GE8nSfB4B4sKfYH7D1PAaID/XvgdyJdoOyZWtIufgeTHTCYXMh4QRO3a0fm95yotxG3njlg5sdw5nHqYH/0gC/86qxZjs9GKbAbbXJ6YKBGbiHeqBMZX+CDzOoSbPLOt90PrDQe4XMOlB0udNPMNFxgekIDOe3au1aLbOmeODDiI2QsIYKbM0laYHBEwytAzPrFswbHEvAejCdwMSmfAmlZ6yBFSgLFWw4ZbbfEzyFsp4l+L8m06KIldpAE0YJ/zjH3zrgMlnuUb33VkvPLRY2Fm6SsLVHSNoD9BGO4L7XFo6UKuH1BmojjFZdvq4xcOYVOMNl1ekN9gD5MRiU2sDX8VNrKYG0p+MTnEQwrOGO+7cUm3eBxWnVvG4FeDVIWLbWPBdPTdxhn27s0EacVfokm103qJA8i40ga931RncCe+2jpwBVCm0aMOELCN3bE7nxQOkhXgnpaOcnZy8Vv6tlOtHjfXGon18lerTZZkEWzdC7WWhnYp3Ru3Dm0pb5e7KAyZ4biJNvX8KQeGW/0ZSY4qf0Oe3xYy3gd8FPaDrs4Xsj4qvRW9EJKbiphK7JFIaPWIVyrS9soM/NpMLLhu7Is4dO5O4gSbmELW6q4L6i4uu34CwL3Z0fcPZV8C1mERMnLX9PBvZvE+HT8SHYmKm787dz40YPR+U1ctMJRdqS/ipGIyzbk596NHO6WYz9jkNpsFKKssH8F/WBMeyWZs+U3FRhavMkk/Mo+hONnVGPpcpyVZSMPOkqRZntFdxLB97ts5BpjWkE3EAobl/uGG86kS2vjt0SjLDHZ52eYPV/9WLuCWaw6R5oFdSPiSDreAN+CUMIkV2FB7igKW1thuUSGuoU6vMa+6GNXYhSwR1elCWYaetRxuVkvdFYHt0MpqjpL2JN1ZOkoFFqE+VQl4HBptRIoWyV8cYjzUwMEgz7JUcMKRSYKjDyyYqBAR5HhlLaXgbsIN3YTmXk5Gm8W+7fVW7IRjh/Asw9H0uyRwD7HkBRU8GBO/G9z606ylall/8BukawNzHJO1CNjVVU6mxdazl02bwD7A4W5g8/Af4kM2QegT+BVMiD0T1xvtql0T0LJJ9RDtkKMtHYFxi1wuHsJ15SC5CqCAinqsTR/og3W51rrKta4R6/mU+iBhnr/DKGx8Tb+4Mx2PlMOTCbrAdT8hdAjVWJ3wDaANZb0OrME88+KsdYoKhlM0l+t6zmCttj7AdPNQNW/PZaihobLTkui8aB484kTl9olnIkD0WVCDwO/Hr8sjtpKiRetfHeyxks1XLnHvH/nADjL1r7xzo0Ppt0W0yPPIIJQjWmHoVxssyKBlhqcldiht07ylLRBRjB5cQMTg3GQtruWFuxPyI513w412QX/NxgV3R/jBJ8/8xkBF3CI5UKp7DKPDEWoth6dVA7x177ZZ7U3ki9zs7KiX7pAy5PvchIMkAOojKbeqZjH07p39oi8ViReRk+7SEXJjPqwa31dOzXiRHudalEOV4nKZkRn6kBJ+J/nr+RohOOrQBHGBSyJFStuxdhKVH+bizh1FHSREfGbjzNUJLzmg+N0DO2EQ3oGfZp/q+M6SaorYer+15i19Vtu2Ovouko+ldMWPVqP6d62iH4dctV44nm7p6NFn3VgWs1mY/5E6yFjTHqwuavBr+C42VF/6ZvtaILFX0aabPr+Zs50i5ZVAPrMJWIUraPgC3pbYmAay4lYajhgkv55vqydCkFXS3PgYD22uSkc4+xf6TA88QYr+djl8pSqD0Y8ciRP/mKIukSoFLTzs7/XV/PUVfGopAj/f5D49MZ80dlFm+lMge3qSu8tqqgulBxNBYDh7ugZNG9vUN/cT0AWnJpNda9yJpeThyOz1lYp+mX9RjW5z0IjSBbWP8isKDA4CeEOtND0eWLSLGdGCnWhw3M0jXxTOAOTEfrTsIOd5ieENtfiw5YSfM4BJ2CerRyEYmy16HJS9aqjpqtty78G04FNtgWIpuFO4H3mNpwMnTP1BfAuqrWDZCNCLqyTnSYUYZkizDek6leV/e9KHr0EVjIQqnsX1Twzse0FxxX8QyM0VtM6cKfgI1h7Ot8jfzk6PzoYhmb81N3AsIAaZHfPaL0n3yp2E3RO6nVSpBN6LhAamWpK6NF9cSMnu/b4CcZUyaNQ9mP5c7memxI5/h9jjP82LbVFsZWJ9zA6DjUii0ufi/A/RIt2C6Lw1c93RN+PrgWlEst50NDtewCtkA6hX/S7TfQ3jdAivGoXORycC2xX3IeK92Q9mSFDweAvJ6fz5k27Op8ntNA4zh1Kvzvf76dJ5ppzLAR6zWkYfxSr7FUJf0ZB/bhyBaR1VZ7VUV/Pm27Ec/T2fW/r9gZey/UHVuALIpaxoeXesLQg8OZWqCX3SEAphJ91Ru9FGpdvUh3ajZ5TZhJYwmLLpmIn0yD2OPcz9SOMfoYgC0Yo42g19zBlj/Sive7vt03XKC7NiXXA5jQSUu4HftXgFHQLftlZeSrJSSFrpQDs+J0hfZX984rIpJdJ8ohexCbTQbH44jJ3+0fBimZWOFYnZJUawX3rmp1Tyj9H+DesVb3z1D+TH0HO8JSEmxw4bRhi16wbKCnsY4UXhi52kAhPFC12eE/VsVLnQroTeyFF5OUhFpjHDiMoEyg8KXJpiOJO6hEQxY5PZeS/a8bJrK9A2LtGV36+UUiuL8H/HpezxdQY+JRUpMGO05Buv731Sa/vmSn699XN7oB9nr+2/ni6h8zhv//OWQwvM1pprXWdwKu6a+CQLgI3Sf6m6AIXWfXdLdUOvzZ+ymYSmRH+3q+uKoT0YJ2nHHcKmHV9QWX9SDjXMMV65r/MR7kOR5vnGuOx59jZXa2TpZ4AttCuLLZZFY3mDtIiu6zulN6q2IG4XNQctKmIwc4i2r99kgpA7UHOAsCtIhSaVXrrpeCq5p6wtcHrd7siZdZuAiaW6trEQe1SFELulSu85E0S6Rzp77fbTmxz2MRaJacqgSPNFMjwisQUq6cqDbCDJYU4blygiHZopOkmpCXsRIGthiPJ8R6lV6iRL348KeRZ4Rj3BY1L7Q0wknH3mbEGON06QaUyJdnoLeIer977GIdq2Ry7ikDtbBQ4bBsKow4Vb/nxoslEi7SPUnRBZK5PhQmTIJqdMcFXQvgfRlF3wqLs4pgA8rNwjBdBDOb+CxDz3WsLLZMdD0YqxUa+m//9n8DAAD//2tLuhU=" +} diff --git a/filebeat/module/checkpoint/firewall/_meta/fields.yml b/filebeat/module/checkpoint/firewall/_meta/fields.yml new file mode 100644 index 00000000000..8323006ff78 --- /dev/null +++ b/filebeat/module/checkpoint/firewall/_meta/fields.yml @@ -0,0 +1,2418 @@ +- name: checkpoint + type: group + release: beta + default_field: false + description: > + Module for parsing Checkpoint syslog. + fields: + - name: confidence_level + type: integer + overwrite: true + description: > + Confidence level determined by ThreatCloud. + + - name: calc_desc + type: keyword + overwrite: true + description: > + Log description. + + - name: dst_country + type: keyword + overwrite: true + description: > + Destination country. + + - name: dst_user_name + type: keyword + overwrite: true + description: > + Connected user name on the destination IP. + + - name: email_id + type: keyword + overwrite: true + description: > + Email number in smtp connection. + + - name: email_subject + type: keyword + overwrite: true + description: > + Original email subject. + + - name: email_session_id + type: keyword + overwrite: true + description: > + Connection uuid. + + - name: event_count + type: long + overwrite: true + description: > + Number of events associated with the log. + + - name: sys_message + type: keyword + overwrite: true + description: > + System messages + + - name: logid + type: keyword + overwrite: true + description: > + System messages + + - name: failure_impact + type: keyword + overwrite: true + description: > + The impact of update service failure. + + - name: id + type: integer + overwrite: true + description: > + Override application ID. + + - name: information + type: keyword + overwrite: true + description: > + Policy installation status for a specific blade. + + - name: layer_name + type: keyword + overwrite: true + description: > + Layer name. + + - name: layer_uuid + type: keyword + overwrite: true + description: > + Layer UUID. + + - name: log_id + type: integer + overwrite: true + description: > + Unique identity for logs. + + - name: malware_family + type: keyword + overwrite: true + description: > + Additional information on protection. + + - name: origin_sic_name + type: keyword + overwrite: true + description: > + Machine SIC. + + - name: policy_mgmt + type: keyword + overwrite: true + description: > + Name of the Management Server that manages this Security Gateway. + + - name: policy_name + type: keyword + overwrite: true + description: > + Name of the last policy that this Security Gateway fetched. + + - name: protection_id + type: keyword + overwrite: true + description: > + Protection malware id. + + - name: protection_name + type: keyword + overwrite: true + description: > + Specific signature name of the attack. + + - name: protection_type + type: keyword + overwrite: true + description: > + Type of protection used to detect the attack. + + - name: protocol + type: keyword + overwrite: true + description: > + Protocol detected on the connection. + + - name: proxy_src_ip + type: ip + overwrite: true + description: > + Sender source IP (even when using proxy). + + - name: rule + type: integer + overwrite: true + description: > + Matched rule number. + + - name: rule_action + type: keyword + overwrite: true + description: > + Action of the matched rule in the access policy. + + - name: scan_direction + type: keyword + overwrite: true + description: > + Scan direction. + + - name: session_id + type: keyword + overwrite: true + description: > + Log uuid. + + - name: source_os + type: keyword + overwrite: true + description: > + OS which generated the attack. + + - name: src_country + type: keyword + overwrite: true + description: > + Country name, derived from connection source IP address. + + - name: src_user_name + type: keyword + overwrite: true + description: > + User name connected to source IP + + - name: ticket_id + type: keyword + overwrite: true + description: > + Unique ID per file. + + - name: tls_server_host_name + type: keyword + overwrite: true + description: > + SNI/CN from encrypted TLS connection used by URLF for categorization. + + - name: verdict + type: keyword + overwrite: true + description: > + TE engine verdict Possible values: Malicious/Benign/Error. + + - name: user + type: keyword + overwrite: true + description: > + Source user name. + + - name: vendor_list + type: keyword + overwrite: true + description: > + The vendor name that provided the verdict for a malicious URL. + + - name: web_server_type + type: keyword + overwrite: true + description: > + Web server detected in the HTTP response. + + - name: client_name + type: keyword + overwrite: true + description: > + Client Application or Software Blade that detected the event. + + - name: client_version + type: keyword + overwrite: true + description: > + Build version of SandBlast Agent client installed on the computer. + + - name: extension_version + type: keyword + overwrite: true + description: > + Build version of the SandBlast Agent browser extension. + + - name: host_time + type: keyword + overwrite: true + description: > + Local time on the endpoint computer. + + - name: installed_products + type: keyword + overwrite: true + description: > + List of installed Endpoint Software Blades. + + - name: cc + type: keyword + overwrite: true + description: > + The Carbon Copy address of the email. + + - name: parent_process_username + type: keyword + overwrite: true + description: > + Owner username of the parent process of the process that triggered the attack. + + - name: process_username + type: keyword + overwrite: true + description: > + Owner username of the process that triggered the attack. + + - name: audit_status + type: keyword + overwrite: true + description: > + Audit Status. Can be Success or Failure. + + - name: objecttable + type: keyword + overwrite: true + description: > + Table of affected objects. + + - name: objecttype + type: keyword + overwrite: true + description: > + The type of the affected object. + + - name: operation_number + type: keyword + overwrite: true + description: > + The operation nuber. + + - name: email_recipients_num + type: integer + overwrite: true + description: > + Amount of recipients whom the mail was sent to. + + - name: suppressed_logs + type: integer + overwrite: true + description: > + Aggregated connections for five minutes on the same source, destination and port. + + - name: blade_name + type: keyword + overwrite: true + description: > + Blade name. + + - name: status + type: keyword + overwrite: true + description: > + Ok/Warning/Error. + + - name: short_desc + type: keyword + overwrite: true + description: > + Short description of the process that was executed. + + - name: long_desc + type: keyword + overwrite: true + description: > + More information on the process (usually describing error reason in failure). + + - name: scan_hosts_hour + type: integer + overwrite: true + description: > + Number of unique hosts during the last hour. + + - name: scan_hosts_day + type: integer + overwrite: true + description: > + Number of unique hosts during the last day. + + - name: scan_hosts_week + type: integer + overwrite: true + description: > + Number of unique hosts during the last week. + + - name: unique_detected_hour + type: integer + overwrite: true + description: > + Detected virus for a specific host during the last hour. + + - name: unique_detected_day + type: integer + overwrite: true + description: > + Detected virus for a specific host during the last day. + + - name: unique_detected_week + type: integer + overwrite: true + description: > + Detected virus for a specific host during the last week. + + - name: scan_mail + type: integer + overwrite: true + description: > + Number of emails that were scanned by "AB malicious activity" engine. + + - name: additional_ip + type: keyword + overwrite: true + description: > + DNS host name. + + - name: description + type: keyword + overwrite: true + description: > + Additional explanation how the security gateway enforced the connection. + + - name: email_spam_category + type: keyword + overwrite: true + description: > + Email categories. Possible values: spam/not spam/phishing. + + - name: email_control_analysis + type: keyword + overwrite: true + description: > + Message classification, received from spam vendor engine. + + - name: scan_results + type: keyword + overwrite: true + description: > + "Infected"/description of a failure. + + - name: original_queue_id + type: keyword + overwrite: true + description: > + Original postfix email queue id. + + - name: risk + type: keyword + overwrite: true + description: > + Risk level we got from the engine. + + - name: observable_name + type: keyword + overwrite: true + description: > + IOC observable signature name. + + - name: observable_id + type: keyword + overwrite: true + description: > + IOC observable signature id. + + - name: observable_comment + type: keyword + overwrite: true + description: > + IOC observable signature description. + + - name: indicator_name + type: keyword + overwrite: true + description: > + IOC indicator name. + + - name: indicator_description + type: keyword + overwrite: true + description: > + IOC indicator description. + + - name: indicator_reference + type: keyword + overwrite: true + description: > + IOC indicator reference. + + - name: indicator_uuid + type: keyword + overwrite: true + description: > + IOC indicator uuid. + + - name: app_desc + type: keyword + overwrite: true + description: > + Application description. + + - name: app_id + type: integer + overwrite: true + description: > + Application ID. + + - name: app_sig_id + type: keyword + overwrite: true + description: > + IOC indicator description. + + - name: certificate_resource + type: keyword + overwrite: true + description: > + HTTPS resource Possible values: SNI or domain name (DN). + + - name: certificate_validation + type: keyword + overwrite: true + description: > + Precise error, describing HTTPS certificate failure under "HTTPS categorize websites" feature. + + - name: browse_time + type: keyword + overwrite: true + description: > + Application session browse time. + + - name: limit_requested + type: integer + overwrite: true + description: > + Indicates whether data limit was requested for the session. + + - name: limit_applied + type: integer + overwrite: true + description: > + Indicates whether the session was actually date limited. + + - name: dropped_total + type: integer + overwrite: true + description: > + Amount of dropped packets (both incoming and outgoing). + + - name: client_type_os + type: keyword + overwrite: true + description: > + Client OS detected in the HTTP request. + + - name: name + type: keyword + overwrite: true + description: > + Application name. + + - name: properties + type: keyword + overwrite: true + description: > + Application categories. + + - name: sig_id + type: keyword + overwrite: true + description: > + Application's signature ID which how it was detected by. + + - name: desc + type: keyword + overwrite: true + description: > + Override application description. + + - name: referrer_self_uid + type: keyword + overwrite: true + description: > + UUID of the current log. + + - name: referrer_parent_uid + type: keyword + overwrite: true + description: > + Log UUID of the referring application. + + - name: needs_browse_time + type: integer + overwrite: true + description: > + Browse time required for the connection. + + - name: cluster_info + type: keyword + overwrite: true + description: > + Cluster information. Possible options: Failover reason/cluster state changes/CP cluster or 3rd party. + + - name: sync + type: keyword + overwrite: true + description: > + Sync status and the reason (stable, at risk). + + - name: file_direction + type: keyword + overwrite: true + description: > + File direction. Possible options: upload/download. + + - name: invalid_file_size + type: integer + overwrite: true + description: > + File_size field is valid only if this field is set to 0. + + - name: top_archive_file_name + type: keyword + overwrite: true + description: > + In case of archive file: the file that was sent/received. + + - name: data_type_name + type: keyword + overwrite: true + description: > + Data type in rulebase that was matched. + + - name: specific_data_type_name + type: keyword + overwrite: true + description: > + Compound/Group scenario, data type that was matched. + + - name: word_list + type: keyword + overwrite: true + description: > + Words matched by data type. + + - name: info + type: keyword + overwrite: true + description: > + Special log message. + + - name: outgoing_url + type: keyword + overwrite: true + description: > + URL related to this log (for HTTP). + + - name: dlp_rule_name + type: keyword + overwrite: true + description: > + Matched rule name. + + - name: dlp_recipients + type: keyword + overwrite: true + description: > + Mail recipients. + + - name: dlp_subject + type: keyword + overwrite: true + description: > + Mail subject. + + - name: dlp_word_list + type: keyword + overwrite: true + description: > + Phrases matched by data type. + + - name: dlp_template_score + type: keyword + overwrite: true + description: > + Template data type match score. + + - name: message_size + type: integer + overwrite: true + description: > + Mail/post size. + + - name: dlp_incident_uid + type: keyword + overwrite: true + description: > + Unique ID of the matched rule. + + - name: dlp_related_incident_uid + type: keyword + overwrite: true + description: > + Other ID related to this one. + + - name: dlp_data_type_name + type: keyword + overwrite: true + description: > + Matched data type. + + - name: dlp_data_type_uid + type: keyword + overwrite: true + description: > + Unique ID of the matched data type. + + - name: dlp_violation_description + type: keyword + overwrite: true + description: > + Violation descriptions described in the rulebase. + + - name: dlp_relevant_data_types + type: keyword + overwrite: true + description: > + In case of Compound/Group: the inner data types that were matched. + + - name: dlp_action_reason + type: keyword + overwrite: true + description: > + Action chosen reason. + + - name: dlp_categories + type: keyword + overwrite: true + description: > + Data type category. + + - name: dlp_transint + type: keyword + overwrite: true + description: > + HTTP/SMTP/FTP. + + - name: duplicate + type: keyword + overwrite: true + description: > + Log marked as duplicated, when mail is split and the Security Gateway sees it twice. + + - name: incident_extension + type: keyword + overwrite: true + description: > + Matched data type. + + - name: matched_file + type: keyword + overwrite: true + description: > + Unique ID of the matched data type. + + - name: matched_file_text_segments + type: integer + overwrite: true + description: > + Fingerprint: number of text segments matched by this traffic. + + - name: matched_file_percentage + type: integer + overwrite: true + description: > + Fingerprint: match percentage of the traffic. + + - name: dlp_additional_action + type: keyword + overwrite: true + description: > + Watermark/None. + + - name: dlp_watermark_profile + type: keyword + overwrite: true + description: > + Watermark which was applied. + + - name: dlp_repository_id + type: keyword + overwrite: true + description: > + ID of scanned repository. + + - name: dlp_repository_root_path + type: keyword + overwrite: true + description: > + Repository path. + + - name: scan_id + type: keyword + overwrite: true + description: > + Sequential number of scan. + + - name: special_properties + type: integer + overwrite: true + description: > + If this field is set to '1' the log will not be shown (in use for monitoring scan progress). + + - name: dlp_repository_total_size + type: integer + overwrite: true + description: > + Repository size. + + - name: dlp_repository_files_number + type: integer + overwrite: true + description: > + Number of files in repository. + + - name: dlp_repository_scanned_files_number + type: integer + overwrite: true + description: > + Number of scanned files in repository. + + - name: duration + type: keyword + overwrite: true + description: > + Scan duration. + + - name: dlp_fingerprint_long_status + type: keyword + overwrite: true + description: > + Scan status - long format. + + - name: dlp_fingerprint_short_status + type: keyword + overwrite: true + description: > + Scan status - short format. + + - name: dlp_repository_directories_number + type: integer + overwrite: true + description: > + Number of directories in repository. + + - name: dlp_repository_unreachable_directories_number + type: integer + overwrite: true + description: > + Number of directories the Security Gateway was unable to read. + + - name: dlp_fingerprint_files_number + type: integer + overwrite: true + description: > + Number of successfully scanned files in repository. + + - name: dlp_repository_skipped_files_number + type: integer + overwrite: true + description: > + Skipped number of files because of configuration. + + - name: dlp_repository_scanned_directories_number + type: integer + overwrite: true + description: > + Amount of directories scanned. + + - name: number_of_errors + type: integer + overwrite: true + description: > + Number of files that were not scanned due to an error. + + - name: next_scheduled_scan_date + type: keyword + overwrite: true + description: > + Next scan scheduled time according to time object. + + - name: dlp_repository_scanned_total_size + type: integer + overwrite: true + description: > + Size scanned. + + - name: dlp_repository_reached_directories_number + type: integer + overwrite: true + description: > + Number of scanned directories in repository. + + - name: dlp_repository_not_scanned_directories_percentage + type: integer + overwrite: true + description: > + Percentage of directories the Security Gateway was unable to read. + + - name: speed + type: integer + overwrite: true + description: > + Current scan speed. + + - name: dlp_repository_scan_progress + type: integer + overwrite: true + description: > + Scan percentage. + + - name: sub_policy_name + type: keyword + overwrite: true + description: > + Layer name. + + - name: sub_policy_uid + type: keyword + overwrite: true + description: > + Layer uid. + + - name: fw_message + type: keyword + overwrite: true + description: > + Used for various firewall errors. + + - name: message + type: keyword + overwrite: true + description: > + ISP link has failed. + + - name: isp_link + type: keyword + overwrite: true + description: > + Name of ISP link. + + - name: fw_subproduct + type: keyword + overwrite: true + description: > + Can be vpn/non vpn. + + - name: sctp_error + type: keyword + overwrite: true + description: > + Error information, what caused sctp to fail on out_of_state. + + - name: chunk_type + type: keyword + overwrite: true + description: > + Chunck of the sctp stream. + + - name: sctp_association_state + type: keyword + overwrite: true + description: > + The bad state you were trying to update to. + + - name: tcp_packet_out_of_state + type: keyword + overwrite: true + description: > + State violation. + + - name: tcp_flags + type: keyword + overwrite: true + description: > + TCP packet flags (SYN, ACK, etc.,). + + - name: connectivity_level + type: keyword + overwrite: true + description: > + Log for a new connection in wire mode. + + - name: ip_option + type: integer + overwrite: true + description: > + IP option that was dropped. + + - name: tcp_state + type: keyword + overwrite: true + description: > + Log reinting a tcp state change. + + - name: expire_time + type: keyword + overwrite: true + description: > + Connection closing time. + + - name: icmp_type + type: integer + overwrite: true + description: > + In case a connection is ICMP, type info will be added to the log. + + - name: icmp_code + type: integer + overwrite: true + description: > + In case a connection is ICMP, code info will be added to the log. + + - name: rpc_prog + type: integer + overwrite: true + description: > + Log for new RPC state - prog values. + + - name: dce-rpc_interface_uuid + type: keyword + overwrite: true + description: > + Log for new RPC state - UUID values + + - name: elapsed + type: keyword + overwrite: true + description: > + Time passed since start time. + + - name: icmp + type: keyword + overwrite: true + description: > + Number of packets, received by the client. + + - name: capture_uuid + type: keyword + overwrite: true + description: > + UUID generated for the capture. Used when enabling the capture when logging. + + - name: diameter_app_ID + type: integer + overwrite: true + description: > + The ID of diameter application. + + - name: diameter_cmd_code + type: integer + overwrite: true + description: > + Diameter not allowed application command id. + + - name: diameter_msg_type + type: keyword + overwrite: true + description: > + Diameter message type. + + - name: cp_message + type: integer + overwrite: true + description: > + Used to log a general message. + + - name: log_delay + type: integer + overwrite: true + description: > + Time left before deleting template. + + - name: attack_status + type: keyword + overwrite: true + description: > + In case of a malicious event on an endpoint computer, the status of the attack. + + - name: impacted_files + type: keyword + overwrite: true + description: > + In case of an infection on an endpoint computer, the list of files that the malware impacted. + + - name: remediated_files + type: keyword + overwrite: true + description: > + In case of an infection and a successful cleaning of that infection, this is a list of remediated files on the computer. + + - name: triggered_by + type: keyword + overwrite: true + description: > + The name of the mechanism that triggered the Software Blade to enforce a protection. + + - name: https_inspection_rule_id + type: keyword + overwrite: true + description: > + ID of the matched rule. + + - name: https_inspection_rule_name + type: keyword + overwrite: true + description: > + Name of the matched rule. + + - name: app_properties + type: keyword + overwrite: true + description: > + List of all found categories. + + - name: https_validation + type: keyword + overwrite: true + description: > + Precise error, describing HTTPS inspection failure. + + - name: https_inspection_action + type: keyword + overwrite: true + description: > + HTTPS inspection action (Inspect/Bypass/Error). + + - name: icap_service_id + type: integer + overwrite: true + description: > + Service ID, can work with multiple servers, treated as services. + + - name: icap_server_name + type: keyword + overwrite: true + description: > + Server name. + + - name: internal_error + type: keyword + overwrite: true + description: > + Internal error, for troubleshooting + + - name: icap_more_info + type: integer + overwrite: true + description: > + Free text for verdict. + + - name: reply_status + type: integer + overwrite: true + description: > + ICAP reply status code, e.g. 200 or 204. + + - name: icap_server_service + type: keyword + overwrite: true + description: > + Service name, as given in the ICAP URI + + - name: mirror_and_decrypt_type + type: keyword + overwrite: true + description: > + Information about decrypt and forward. Possible values: Mirror only, Decrypt and mirror, Partial mirroring (HTTPS inspection Bypass). + + - name: interface_name + type: keyword + overwrite: true + description: > + Designated interface for mirror And decrypt. + + - name: session_uid + type: keyword + overwrite: true + description: > + HTTP session-id. + + - name: broker_publisher + type: ip + overwrite: true + description: > + IP address of the broker publisher who shared the session information. + + - name: src_user_dn + type: keyword + overwrite: true + description: > + User distinguished name connected to source IP. + + - name: proxy_user_name + type: keyword + overwrite: true + description: > + User name connected to proxy IP. + + - name: proxy_machine_name + type: integer + overwrite: true + description: > + Machine name connected to proxy IP. + + - name: proxy_user_dn + type: keyword + overwrite: true + description: > + User distinguished name connected to proxy IP. + + - name: query + type: keyword + overwrite: true + description: > + DNS query. + + - name: dns_query + type: keyword + overwrite: true + description: > + DNS query. + + - name: inspection_item + type: keyword + overwrite: true + description: > + Blade element performed inspection. + + - name: performance_impact + type: integer + overwrite: true + description: > + Protection performance impact. + + - name: inspection_category + type: keyword + overwrite: true + description: > + Inspection category: protocol anomaly, signature etc. + + - name: inspection_profile + type: keyword + overwrite: true + description: > + Profile which the activated protection belongs to. + + - name: summary + type: keyword + overwrite: true + description: > + Summary message of a non-compliant DNS traffic drops or detects. + + - name: question_rdata + type: keyword + overwrite: true + description: > + List of question records domains. + + - name: answer_rdata + type: keyword + overwrite: true + description: > + List of answer resource records to the questioned domains. + + - name: authority_rdata + type: keyword + overwrite: true + description: > + List of authoritative servers. + + - name: additional_rdata + type: keyword + overwrite: true + description: > + List of additional resource records. + + - name: files_names + type: keyword + overwrite: true + description: > + List of files requested by FTP. + + - name: ftp_user + type: keyword + overwrite: true + description: > + FTP username. + + - name: mime_from + type: keyword + overwrite: true + description: > + Sender's address. + + - name: mime_to + type: keyword + overwrite: true + description: > + List of receiver address. + + - name: bcc + type: keyword + overwrite: true + description: > + List of BCC addresses. + + - name: content_type + type: keyword + overwrite: true + description: > + Mail content type. Possible values: application/msword, text/html, image/gif etc. + + - name: user_agent + type: keyword + overwrite: true + description: > + String identifying requesting software user agent. + + - name: referrer + type: keyword + overwrite: true + description: > + Referrer HTTP request header, previous web page address. + + - name: http_location + type: keyword + overwrite: true + description: > + Response header, indicates the URL to redirect a page to. + + - name: content_disposition + type: keyword + overwrite: true + description: > + Indicates how the content is expected to be displayed inline in the browser. + + - name: via + type: keyword + overwrite: true + description: > + Via header is added by proxies for tracking purposes to avoid sending reqests in loop. + + - name: http_server + type: keyword + overwrite: true + description: > + Server HTTP header value, contains information about the software used by the origin server, which handles the request. + + - name: content_length + type: keyword + overwrite: true + description: > + Indicates the size of the entity-body of the HTTP header. + + - name: authorization + type: keyword + overwrite: true + description: > + Authorization HTTP header value. + + - name: http_host + type: keyword + overwrite: true + description: > + Domain name of the server that the HTTP request is sent to. + + - name: inspection_settings_log + type: keyword + overwrite: true + description: > + Indicats that the log was released by inspection settings. + + - name: cvpn_resource + type: keyword + overwrite: true + description: > + Mobile Access application. + + - name: cvpn_category + type: keyword + overwrite: true + description: > + Mobile Access application type. + + - name: url + type: keyword + overwrite: true + description: > + Translated URL. + + - name: reject_id + type: keyword + overwrite: true + description: > + A reject ID that corresponds to the one presented in the Mobile Access error page. + + - name: fs-proto + type: keyword + overwrite: true + description: > + The file share protocol used in mobile acess file share application. + + - name: app_package + type: keyword + overwrite: true + description: > + Unique identifier of the application on the protected mobile device. + + - name: appi_name + type: keyword + overwrite: true + description: > + Name of application downloaded on the protected mobile device. + + - name: app_repackaged + type: keyword + overwrite: true + description: > + Indicates whether the original application was repackage not by the official developer. + + - name: app_sid_id + type: keyword + overwrite: true + description: > + Unique SHA identifier of a mobile application. + + - name: app_version + type: keyword + overwrite: true + description: > + Version of the application downloaded on the protected mobile device. + + - name: developer_certificate_name + type: keyword + overwrite: true + description: > + Name of the developer's certificate that was used to sign the mobile application. + + - name: email_control + type: keyword + overwrite: true + description: > + Engine name. + + - name: email_message_id + type: keyword + overwrite: true + description: > + Email session id (uniqe ID of the mail). + + - name: email_queue_id + type: keyword + overwrite: true + description: > + Postfix email queue id. + + - name: email_queue_name + type: keyword + overwrite: true + description: > + Postfix email queue name. + + - name: file_name + type: keyword + overwrite: true + description: > + Malicious file name. + + - name: failure_reason + type: keyword + overwrite: true + description: > + MTA failure description. + + - name: email_headers + type: keyword + overwrite: true + description: > + String containing all the email headers. + + - name: arrival_time + type: keyword + overwrite: true + description: > + Email arrival timestamp. + + - name: email_status + type: keyword + overwrite: true + description: > + Describes the email's state. Possible options: delivered, deferred, skipped, bounced, hold, new, scan_started, scan_ended + + - name: status_update + type: keyword + overwrite: true + description: > + Last time log was updated. + + - name: delivery_time + type: keyword + overwrite: true + description: > + Timestamp of when email was delivered (MTA finished handling the email. + + - name: links_num + type: integer + overwrite: true + description: > + Number of links in the mail. + + - name: attachments_num + type: integer + overwrite: true + description: > + Number of attachments in the mail. + + - name: email_content + type: keyword + overwrite: true + description: > + Mail contents. Possible options: attachments/links & attachments/links/text only. + + - name: allocated_ports + type: integer + overwrite: true + description: > + Amount of allocated ports. + + - name: capacity + type: integer + overwrite: true + description: > + Capacity of the ports. + + - name: ports_usage + type: integer + overwrite: true + description: > + Percentage of allocated ports. + + - name: nat_exhausted_pool + type: keyword + overwrite: true + description: > + 4-tuple of an exhausted pool. + + - name: nat_rulenum + type: integer + overwrite: true + description: > + NAT rulebase first matched rule. + + - name: nat_addtnl_rulenum + type: integer + overwrite: true + description: > + When matching 2 automatic rules , second rule match will be shown otherwise field will be 0. + + - name: message_info + type: keyword + overwrite: true + description: > + Used for information messages, for example:NAT connection has ended. + + - name: nat46 + type: keyword + overwrite: true + description: > + NAT 46 status, in most cases "enabled". + + - name: end_time + type: keyword + overwrite: true + description: > + TCP connection end time. + + - name: tcp_end_reason + type: keyword + overwrite: true + description: > + Reason for TCP connection closure. + + - name: cgnet + type: keyword + overwrite: true + description: > + Describes NAT allocation for specific subscriber. + + - name: subscriber + type: ip + overwrite: true + description: > + Source IP before CGNAT. + + - name: hide_ip + type: ip + overwrite: true + description: > + Source IP which will be used after CGNAT. + + - name: int_start + type: integer + overwrite: true + description: > + Subscriber start int which will be used for NAT. + + - name: int_end + type: integer + overwrite: true + description: > + Subscriber end int which will be used for NAT. + + - name: packet_amount + type: integer + overwrite: true + description: > + Amount of packets dropped. + + - name: monitor_reason + type: keyword + overwrite: true + description: > + Aggregated logs of monitored packets. + + - name: drops_amount + type: integer + overwrite: true + description: > + Amount of multicast packets dropped. + + - name: securexl_message + type: keyword + overwrite: true + description: > + Two options for a SecureXL message: 1. Missed accounting records after heavy load on logging system. 2. FW log message regarding a packet drop. + + - name: conns_amount + type: integer + overwrite: true + description: > + Connections amount of aggregated log info. + + - name: scope + type: keyword + overwrite: true + description: > + IP related to the attack. + + - name: analyzed_on + type: keyword + overwrite: true + description: > + Check Point ThreatCloud / emulator name. + + - name: detected_on + type: keyword + overwrite: true + description: > + System and applications version the file was emulated on. + + - name: dropped_file_name + type: keyword + overwrite: true + description: > + List of names dropped from the original file. + + - name: dropped_file_type + type: keyword + overwrite: true + description: > + List of file types dropped from the original file. + + - name: dropped_file_hash + type: keyword + overwrite: true + description: > + List of file hashes dropped from the original file. + + - name: dropped_file_verdict + type: keyword + overwrite: true + description: > + List of file verdics dropped from the original file. + + - name: emulated_on + type: keyword + overwrite: true + description: > + Images the files were emulated on. + + - name: extracted_file_type + type: keyword + overwrite: true + description: > + Types of extracted files in case of an archive. + + - name: extracted_file_names + type: keyword + overwrite: true + description: > + Names of extracted files in case of an archive. + + - name: extracted_file_hash + type: keyword + overwrite: true + description: > + Archive hash in case of extracted files. + + - name: extracted_file_verdict + type: keyword + overwrite: true + description: > + Verdict of extracted files in case of an archive. + + - name: extracted_file_uid + type: keyword + overwrite: true + description: > + UID of extracted files in case of an archive. + + - name: mitre_initial_access + type: keyword + overwrite: true + description: > + The adversary is trying to break into your network. + + - name: mitre_execution + type: keyword + overwrite: true + description: > + The adversary is trying to run malicious code. + + - name: mitre_persistence + type: keyword + overwrite: true + description: > + The adversary is trying to maintain his foothold. + + - name: mitre_privilege_escalation + type: keyword + overwrite: true + description: > + The adversary is trying to gain higher-level permissions. + + - name: mitre_defense_evasion + type: keyword + overwrite: true + description: > + The adversary is trying to avoid being detected. + + - name: mitre_credential_access + type: keyword + overwrite: true + description: > + The adversary is trying to steal account names and passwords. + + - name: mitre_discovery + type: keyword + overwrite: true + description: > + The adversary is trying to expose information about your environment. + + - name: mitre_lateral_movement + type: keyword + overwrite: true + description: > + The adversary is trying to explore your environment. + + - name: mitre_collection + type: keyword + overwrite: true + description: > + The adversary is trying to collect data of interest to achieve his goal. + + - name: mitre_command_and_control + type: keyword + overwrite: true + description: > + The adversary is trying to communicate with compromised systems in order to control them. + + - name: mitre_exfiltration + type: keyword + overwrite: true + description: > + The adversary is trying to steal data. + + - name: mitre_impact + type: keyword + overwrite: true + description: > + The adversary is trying to manipulate, interrupt, or destroy your systems and data. + + - name: parent_file_hash + type: keyword + overwrite: true + description: > + Archive's hash in case of extracted files. + + - name: parent_file_name + type: keyword + overwrite: true + description: > + Archive's name in case of extracted files. + + - name: parent_file_uid + type: keyword + overwrite: true + description: > + Archive's UID in case of extracted files. + + - name: similiar_iocs + type: keyword + overwrite: true + description: > + Other IoCs similar to the ones found, related to the malicious file. + + - name: similar_hashes + type: keyword + overwrite: true + description: > + Hashes found similar to the malicious file. + + - name: similar_strings + type: keyword + overwrite: true + description: > + Strings found similar to the malicious file. + + - name: similar_communication + type: keyword + overwrite: true + description: > + Network action found similar to the malicious file. + + - name: te_verdict_determined_by + type: keyword + overwrite: true + description: > + Emulators determined file verdict. + + - name: packet_capture_unique_id + type: keyword + overwrite: true + description: > + Identifier of the packet capture files. + + - name: total_attachments + type: integer + overwrite: true + description: > + The number of attachments in an email. + + - name: additional_info + type: keyword + overwrite: true + description: > + ID of original file/mail which are sent by admin. + + - name: content_risk + type: integer + overwrite: true + description: > + File risk. + + - name: operation + type: keyword + overwrite: true + description: > + Operation made by Threat Extraction. + + - name: scrubbed_content + type: keyword + overwrite: true + description: > + Active content that was found. + + - name: scrub_time + type: keyword + overwrite: true + description: > + Extraction process duration. + + - name: scrub_download_time + type: keyword + overwrite: true + description: > + File download time from resource. + + - name: scrub_total_time + type: keyword + overwrite: true + description: > + Threat extraction total file handling time. + + - name: scrub_activity + type: keyword + overwrite: true + description: > + The result of the extraction + + - name: watermark + type: keyword + overwrite: true + description: > + Reports whether watermark is added to the cleaned file. + + - name: source_object + type: integer + overwrite: true + description: > + Matched object name on source column. + + - name: destination_object + type: keyword + overwrite: true + description: > + Matched object name on destination column. + + - name: drop_reason + type: keyword + overwrite: true + description: > + Drop reason description. + + - name: hit + type: integer + overwrite: true + description: > + Number of hits on a rule. + + - name: rulebase_id + type: integer + overwrite: true + description: > + Layer number. + + - name: first_hit_time + type: integer + overwrite: true + description: > + First hit time in current interval. + + - name: last_hit_time + type: integer + overwrite: true + description: > + Last hit time in current interval. + + - name: rematch_info + type: keyword + overwrite: true + description: > + Information sent when old connections cannot be matched during policy installation. + + - name: last_rematch_time + type: keyword + overwrite: true + description: > + Connection rematched time. + + - name: action_reason + type: integer + overwrite: true + description: > + Connection drop reason. + + - name: c_bytes + type: integer + overwrite: true + description: > + Boolean value indicates whether bytes sent from the client side are used. + + - name: context_num + type: integer + overwrite: true + description: > + Serial number of the log for a specific connection. + + - name: match_id + type: integer + overwrite: true + description: > + Private key of the rule + + - name: alert + type: keyword + overwrite: true + description: > + Alert level of matched rule (for connection logs). + + - name: parent_rule + type: integer + overwrite: true + description: > + Parent rule number, in case of inline layer. + + - name: match_fk + type: integer + overwrite: true + description: > + Rule number. + + - name: dropped_outgoing + type: integer + overwrite: true + description: > + Number of outgoing bytes dropped when using UP-limit feature. + + - name: dropped_incoming + type: integer + overwrite: true + description: > + Number of incoming bytes dropped when using UP-limit feature. + + - name: media_type + type: keyword + overwrite: true + description: > + Media used (audio, video, etc.) + + - name: sip_reason + type: keyword + overwrite: true + description: > + Explains why 'source_ip' isn't allowed to redirect (handover). + + - name: voip_method + type: keyword + overwrite: true + description: > + Registration request. + + - name: registered_ip-phones + type: keyword + overwrite: true + description: > + Registered IP-Phones. + + - name: voip_reg_user_type + type: keyword + overwrite: true + description: > + Registered IP-Phone type. + + - name: voip_call_id + type: keyword + overwrite: true + description: > + Call-ID. + + - name: voip_reg_int + type: integer + overwrite: true + description: > + Registration port. + + - name: voip_reg_ipp + type: integer + overwrite: true + description: > + Registration IP protocol. + + - name: voip_reg_period + type: integer + overwrite: true + description: > + Registration period. + + - name: voip_log_type + type: keyword + overwrite: true + description: > + VoIP log types. Possible values: reject, call, registration. + + - name: src_phone_number + type: keyword + overwrite: true + description: > + Source IP-Phone. + + - name: voip_from_user_type + type: keyword + overwrite: true + description: > + Source IP-Phone type. + + - name: dst_phone_number + type: keyword + overwrite: true + description: > + Destination IP-Phone. + + - name: voip_to_user_type + type: keyword + overwrite: true + description: > + Destination IP-Phone type. + + - name: voip_call_dir + type: keyword + overwrite: true + description: > + Call direction: in/out. + + - name: voip_call_state + type: keyword + overwrite: true + description: > + Call state. Possible values: in/out. + + - name: voip_call_term_time + type: keyword + overwrite: true + description: > + Call termination time stamp. + + - name: voip_duration + type: keyword + overwrite: true + description: > + Call duration (seconds). + + - name: voip_media_port + type: keyword + overwrite: true + description: > + Media int. + + - name: voip_media_ipp + type: keyword + overwrite: true + description: > + Media IP protocol. + + - name: voip_est_codec + type: keyword + overwrite: true + description: > + Estimated codec. + + - name: voip_exp + type: integer + overwrite: true + description: > + Expiration. + + - name: voip_attach_sz + type: integer + overwrite: true + description: > + Attachment size. + + - name: voip_attach_action_info + type: keyword + overwrite: true + description: > + Attachment action Info. + + - name: voip_media_codec + type: keyword + overwrite: true + description: > + Estimated codec. + + - name: voip_reject_reason + type: keyword + overwrite: true + description: > + Reject reason. + + - name: voip_reason_info + type: keyword + overwrite: true + description: > + Information. + + - name: voip_config + type: keyword + overwrite: true + description: > + Configuration. + + - name: voip_reg_server + type: ip + overwrite: true + description: > + Registrar server IP address. + + - name: scv_user + type: keyword + overwrite: true + description: > + Username whose packets are dropped on SCV. + + - name: scv_message_info + type: keyword + overwrite: true + description: > + Drop reason. + + - name: ppp + type: keyword + overwrite: true + description: > + Authentication status. + + - name: scheme + type: keyword + overwrite: true + description: > + Describes the scheme used for the log. + + - name: auth_method + type: keyword + overwrite: true + description: > + Password authentication protocol used (PAP or EAP). + + - name: machine + type: keyword + overwrite: true + description: > + L2TP machine which triggered the log and the log refers to it. + + - name: vpn_feature_name + type: keyword + overwrite: true + description: > + L2TP /IKE / Link Selection. + + - name: reject_category + type: keyword + overwrite: true + description: > + Authentication failure reason. + + - name: peer_ip_probing_status_update + type: keyword + overwrite: true + description: > + IP address response status. + + - name: peer_ip + type: keyword + overwrite: true + description: > + IP address which the client connects to. + + - name: peer_gateway + type: ip + overwrite: true + description: > + Main IP of the peer Security Gateway. + + - name: link_probing_status_update + type: keyword + overwrite: true + description: > + IP address response status. + + - name: source_interface + type: keyword + overwrite: true + description: > + External Interface name for source interface or Null if not found. + + - name: next_hop_ip + type: keyword + overwrite: true + description: > + Next hop IP address. + + - name: srckeyid + type: keyword + overwrite: true + description: > + Initiator Spi ID. + + - name: dstkeyid + type: keyword + overwrite: true + description: > + Responder Spi ID. + + - name: encryption_failure + type: keyword + overwrite: true + description: > + Message indicating why the encryption failed. + + - name: ike_ids + type: keyword + overwrite: true + description: > + All QM ids. + + - name: community + type: keyword + overwrite: true + description: > + Community name for the IPSec key and the use of the IKEv. + + - name: ike + type: keyword + overwrite: true + description: > + IKEMode (PHASE1, PHASE2, etc..). + + - name: cookieI + type: keyword + overwrite: true + description: > + Initiator cookie. + + - name: cookieR + type: keyword + overwrite: true + description: > + Responder cookie. + + - name: msgid + type: keyword + overwrite: true + description: > + Message ID. + + - name: methods + type: keyword + overwrite: true + description: > + IPSEc methods. + + - name: connection_uid + type: keyword + overwrite: true + description: > + Calculation of md5 of the IP and user name as UID. + + - name: site_name + type: keyword + overwrite: true + description: > + Site name. + + - name: esod_rule_name + type: keyword + overwrite: true + description: > + Unknown rule name. + + - name: esod_rule_action + type: keyword + overwrite: true + description: > + Unknown rule action. + + - name: esod_rule_type + type: keyword + overwrite: true + description: > + Unknown rule type. + + - name: esod_noncompliance_reason + type: keyword + overwrite: true + description: > + Non-compliance reason. + + - name: esod_associated_policies + type: keyword + overwrite: true + description: > + Associated policies. + + - name: spyware_name + type: keyword + overwrite: true + description: > + Spyware name. + + - name: spyware_type + type: keyword + overwrite: true + description: > + Spyware type. + + - name: anti_virus_type + type: keyword + overwrite: true + description: > + Anti virus type. + + - name: end_user_firewall_type + type: keyword + overwrite: true + description: > + End user firewall type. + + - name: esod_scan_status + type: keyword + overwrite: true + description: > + Scan failed. + + - name: esod_access_status + type: keyword + overwrite: true + description: > + Access denied. + + - name: client_type + type: keyword + overwrite: true + description: > + Endpoint Connect. + + - name: precise_error + type: keyword + overwrite: true + description: > + HTTP parser error. + + - name: method + type: keyword + overwrite: true + description: > + HTTP method. + + - name: trusted_domain + type: keyword + overwrite: true + description: > + In case of phishing event, the domain, which the attacker was impersonating. \ No newline at end of file diff --git a/filebeat/module/checkpoint/firewall/config/firewall.yml b/filebeat/module/checkpoint/firewall/config/firewall.yml new file mode 100644 index 00000000000..0655a4a1e5e --- /dev/null +++ b/filebeat/module/checkpoint/firewall/config/firewall.yml @@ -0,0 +1,36 @@ +{{ if eq .input "syslog" }} + +type: syslog +protocol.udp: + host: "{{.syslog_host}}:{{.syslog_port}}" + {{ if ne .pipeline "" }} + pipeline: "{{.pipeline}}" + {{ end }} +{{ else if eq .input "tls" }} +type: syslog +protocol.tcp: + host: "{{.syslog_host}}:{{.syslog_port}}" + ssl: + enabled: true + certificate_authorities: ["{{.cafile}}"] + certificate: "{{.certfile}}" + key: "{{.keyfile}}" + client_authentication: "full" + {{ if ne .pipeline "" }} + pipeline: "{{.pipeline}}" + {{ end }} +{{ else if eq .input "file" }} + +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] + +{{ end }} + +tags: {{.tags}} + +processors: + - add_locale: ~ diff --git a/filebeat/module/checkpoint/firewall/ingest/pipeline.json b/filebeat/module/checkpoint/firewall/ingest/pipeline.json new file mode 100644 index 00000000000..e478d54e73d --- /dev/null +++ b/filebeat/module/checkpoint/firewall/ingest/pipeline.json @@ -0,0 +1,1115 @@ +{ + "description": "...", + "processors": [ + { + "grok": { + "field": "message", + "patterns": [ + "%{SYSLOG5424PRI}%{NONNEGINT:syslog5424_ver} +(?:%{TIMESTAMP_ISO8601:syslog5424_ts}|-) +(?:%{IPORHOST:syslog5424_host}|-) +(-|%{SYSLOG5424PRINTASCII:syslog5424_app}) +(-|%{SYSLOG5424PRINTASCII:syslog5424_proc}) +(?::-|%{SYSLOG5424PRINTASCII:syslog5424_msgid}) +\\[%{GREEDYDATA:syslog5424_sd}\\]$" + ] + } + }, + { + "kv": { + "field": "syslog5424_sd", + "field_split": "; ", + "value_split": ":", + "trim_key": " ", + "trim_value": " ", + "prefix": "checkpoint.", + "strip_brackets": true, + "ignore_failure": true, + "exclude_keys": [ + "flags", + "layer_uuid", + "originsicname", + "__policy_id_tag", + "version", + "rounded_bytes", + "db_tag", + "update_service" + ] + } + }, + { + "remove": { + "field": [ + "syslog5424_sd", + "syslog5424_app", + "syslog5424_host", + "syslog5424_msgid", + "syslog5424_pri", + "syslog5424_proc", + "syslog5424_ver", + "message", + "host" + ], + "ignore_missing": true + } + }, + { + "set": { + "field": "@timestamp", + "value": "{{syslog5424_ts}}", + "if": "ctx.checkpoint?.time == null" + } + }, + { + "set": { + "field": "event.module", + "value": "checkpoint" + } + }, + { + "append": { + "field": "event.category", + "value": "network", + "if": "ctx.checkpoint?.operation != 'Log In'" + } + }, + { + "set": { + "field": "observer.vendor", + "value": "Checkpoint" + } + }, + { + "set": { + "field": "observer.type", + "value": "firewall", + "if": "ctx.checkpoint?.type == null" + } + }, + { + "set": { + "field": "observer.product", + "value": "{{checkpoint.product}}", + "if": "ctx.checkpoint?.product != null" + } + }, + { + "set": { + "field": "client.ip", + "value": "{{checkpoint.src}}", + "if": "ctx.checkpoint?.src != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{checkpoint.src}}", + "if": "ctx.checkpoint?.src != null" + } + }, + { + "set": { + "field": "client.ip", + "value": "{{checkpoint.client_ip}}", + "if": "ctx.client?.ip == null && ctx.checkpoint?.client_ip != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{checkpoint.client_ip}}", + "if": "ctx.source?.ip == null && ctx.checkpoint?.client_ip != null" + } + }, + { + "set": { + "field": "server.ip", + "value": "{{checkpoint.dst}}", + "if": "ctx.checkpoint?.dst != null" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{checkpoint.dst}}", + "if": "ctx.checkpoint?.dst != null" + } + }, + { + "set" : { + "field": "client.user.id", + "value": "{{checkpoint.uid}}", + "if": "ctx.checkpoint?.uid != null" + } + }, + { + "set" : { + "field": "source.user.id", + "value": "{{checkpoint.uid}}", + "if": "ctx.checkpoint?.uid != null" + } + }, + { + "set" : { + "field": "client.user.name", + "value": "{{checkpoint.administrator}}", + "if": "ctx.checkpoint?.administrator != null" + } + }, + { + "set" : { + "field": "source.user.name", + "value": "{{checkpoint.administrator}}", + "if": "ctx.checkpoint?.administrator != null" + } + }, + { + "set" : { + "field": "source.packets", + "value": "{{ctx.checkpoint.client_outbound_packets}}", + "if": "ctx.checkpoint?.client_outbound_packets != null" + } + }, + { + "set" : { + "field": "client.packets", + "value": "{{ctx.checkpoint.client_outbound_packets}}", + "if": "ctx.checkpoint?.client_outbound_packets != null" + } + }, + { + "set" : { + "field": "destination.packets", + "value": "{{checkpoint.server_outbound_packets}}", + "if": "ctx.checkpoint?.server_outbound_packets != null" + } + }, + { + "set" : { + "field": "server.packets", + "value": "{{checkpoint.server_outbound_packets}}", + "if": "ctx.checkpoint?.server_outbound_packets != null" + } + }, + { + "set" : { + "field": "client.bytes", + "value": "{{checkpoint.client_outbound_bytes}}", + "if": "ctx.checkpoint?.client_outbound_bytes != null" + } + }, + { + "set" : { + "field": "source.bytes", + "value": "{{checkpoint.client_outbound_bytes}}", + "if": "ctx.checkpoint?.client_outbound_bytes != null" + } + }, + { + "set" : { + "field": "destination.bytes", + "value": "{{checkpoint.server_outbound_bytes}}", + "if": "ctx.checkpoint?.server_outbound_bytes != null" + } + }, + { + "set" : { + "field": "server.bytes", + "value": "{{checkpoint.server_outbound_bytes}}", + "if": "ctx.checkpoint?.server_outbound_bytes != null" + } + }, + { + "set" : { + "field": "destination.port", + "value": "{{checkpoint.service}}", + "if": "ctx.checkpoint?.service != null" + } + }, + { + "set" : { + "field": "server.port", + "value": "{{checkpoint.service}}", + "if": "ctx.checkpoint?.service != null" + } + }, + { + "set" : { + "field": "client.port", + "value": "{{checkpoint.s_port}}", + "if": "ctx.checkpoint?.s_port != null" + } + }, + { + "set" : { + "field": "source.port", + "value": "{{checkpoint.s_port}}", + "if": "ctx.checkpoint?.s_port != null" + } + }, + { + "append": { + "field": "event.category", + "value": "authentication", + "if": "ctx.checkpoint?.operation == 'Log In'" + } + }, + { + "set" : { + "field": "event.kind", + "value": "alert", + "if": "['Prevent', 'Detect', 'Quarantine'].contains(ctx.checkpoint?.rule_action)" + } + }, + { + "set" : { + "field": "event.kind", + "value": "event", + "if": "ctx.event?.kind == null" + } + }, + { + "set" : { + "field": "event.outcome", + "value": "success", + "if": "['Accept', 'Allow'].contains(ctx.checkpoint?.rule_action)" + } + }, + { + "append" : { + "field": "event.type", + "value": ["allowed", "connection"], + "if": "['Accept', 'Allow'].contains(ctx.checkpoint?.rule_action)" + } + }, + { + "set" : { + "field": "event.outcome", + "value": "success", + "if": "ctx.checkpoint?.audit_status == 'Success'" + } + }, + { + "set" : { + "field": "event.outcome", + "value": "failure", + "if": "ctx.checkpoint?.audit_status == 'Failure'" + } + }, + { + "set" : { + "field": "event.outcome", + "value": "success", + "if": "['Drop', 'Reject', 'Block', 'Prevent'].contains(ctx.checkpoint?.rule_action)" + } + }, + { + "append" : { + "field": "event.type", + "value": ["connection", "denied"], + "if": "['Drop', 'Reject', 'Block', 'Prevent'].contains(ctx.checkpoint?.rule_action)" + } + }, + { + "append": { + "field": "event.category", + "value": "malware", + "if": "ctx.checkpoint?.malware_action != null" + } + }, + { + "append": { + "field": "event.category", + "value": "intrusion_detection", + "if": "['Detect', 'Prevent'].contains(ctx.checkpoint?.rule_action)" + } + }, + { + "append": { + "field": "related.ip", + "value": "{{source.ip}}", + "if": "ctx.source?.ip != null" + } + }, + { + "append": { + "field": "related.ip", + "value": "{{destination.ip}}", + "if": "ctx.destination?.ip != null" + } + }, + { + "append": { + "field": "related.ip", + "value": "{{destination.ip}}", + "if": "ctx.destination?.ip != null" + } + }, + { + "append": { + "field": "related.hash", + "value": "{{checkpoint.file_md5}}", + "if": "ctx.checkpoint?.file_md5 != null" + } + }, + { + "append": { + "field": "related.hash", + "value": "{{checkpoint.file_sha1}}", + "if": "ctx.checkpoint?.file_sha1 != null" + } + }, + { + "append": { + "field": "related.hash", + "value": "{{checkpoint.file_sha256}}", + "if": "ctx.checkpoint?.file_sha256 != null" + } + }, + { + "rename": { + "field": "checkpoint.received_bytes", + "target_field": "destination.bytes", + "ignore_missing": true, + "if": "ctx.destination?.bytes == null" + } + }, + { + "rename" : { + "field": "checkpoint.to", + "target_field": "destination.user.email", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.xlatedst", + "target_field": "destination.nat.ip", + "ignore_missing": true, + "if": "ctx.checkpoint?.xlatedst != '0.0.0.0'" + } + }, + { + "rename" : { + "field": "checkpoint.xlatedport", + "target_field": "destination.nat.port", + "ignore_missing": true, + "if": "ctx.checkpoint?.xlatedport != '0'" + } + }, + { + "rename" : { + "field": "checkpoint.destination_dns_hostname", + "target_field": "destination.domain", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.dst_machine_name", + "target_field": "destination.domain", + "ignore_missing": true, + "if": "ctx.event?.destination?.domain == null" + } + }, + { + "rename" : { + "field": "checkpoint.usercheck_incident_uid", + "target_field": "destination.user.id", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.service_name", + "target_field": "destination.service.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.mac_destination_address", + "target_field": "destination.mac", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.dns_type", + "target_field": "dns.question.type", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.domain_name", + "target_field": "dns.question.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.dns_message_type", + "target_field": "dns.type", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.tid", + "target_field": "dns.id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.loguid", + "target_field": "event.id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.sequencenum", + "target_field": "event.sequence", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.severity", + "target_field": "event.severity", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.action", + "target_field": "event.action", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.packet_capture", + "target_field": "event.url", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.start_time", + "target_field": "event.start", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.first_detection", + "target_field": "event.start", + "ignore_missing": true, + "if": "ctx.event?.start == null" + } + }, + { + "rename" : { + "field": "checkpoint.last_detection", + "target_field": "event.end", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.app_risk", + "target_field": "event.risk_score", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.file_id", + "target_field": "file.inode", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.file_type", + "target_field": "file.type", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.file_name", + "target_field": "file.name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.file_size", + "target_field": "file.size", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.file_md5", + "target_field": "file.hash.md5", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.file_sha1", + "target_field": "file.hash.sha1", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.file_sha256", + "target_field": "file.hash.sha256", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.dlp_file_name", + "target_field": "file.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.user_group", + "target_field": "group.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.os_version", + "target_field": "host.os.version", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.os_name", + "target_field": "host.os.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.method", + "target_field": "http.request.method", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.referrer", + "target_field": "http.request.referrer", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.service_id", + "target_field": "network.application", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.ifdir", + "target_field": "network.direction", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.bytes", + "target_field": "network.bytes", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.proto", + "target_field": "network.iana_number", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.packets", + "target_field": "network.packets", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.layer_name", + "target_field": "network.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.app_name", + "target_field": "network.application", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.client_inbound_interface", + "target_field": "observer.ingress.interface.name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.client_inbound_interface", + "target_field": "observer.egress.interface.name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.ifname", + "target_field": "observer.ingress.interface.name", + "ignore_missing": true, + "if": "ctx.network?.direction == 'inbound'" + } + }, + { + "rename": { + "field": "checkpoint.client_inbound_interface", + "target_field": "observer.egress.interface.name", + "ignore_missing": true, + "if": "ctx.network?.direction == 'outbound'" + } + }, + { + "rename" : { + "field": "checkpoint.type", + "target_field": "observer.type", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.origin", + "target_field": "observer.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.origin_ip", + "target_field": "observer.ip", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.endpoint_ip", + "target_field": "observer.ip", + "ignore_missing": true, + "if": "ctx.observer?.ip == null" + } + }, + { + "rename" : { + "field": "checkpoint.outzone", + "target_field": "observer.egress.zone", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.inzone", + "target_field": "observer.ingress.zone", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.security_outzone", + "target_field": "observer.egress.zone", + "ignore_missing": true, + "if": "ctx.observer?.egress?.zone == null" + } + }, + { + "rename" : { + "field": "checkpoint.security_inzone", + "target_field": "observer.ingress.zone", + "ignore_missing": true, + "if": "ctx.observer?.ingress?.zone == null" + } + }, + { + "rename" : { + "field": "checkpoint.update_version", + "target_field": "observer.version", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.process_md5", + "target_field": "process.hash.md5", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.process_name", + "target_field": "process.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.parent_process_md5", + "target_field": "process.parent.hash.md5", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.parent_process_name", + "target_field": "process.parent.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.matched_category", + "target_field": "rule.category", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.categories", + "target_field": "rule.category", + "ignore_missing": true, + "if": "ctx.rule?.category == null" + } + }, + { + "rename" : { + "field": "checkpoint.malware_action", + "target_field": "rule.description", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.malware_rule_id", + "target_field": "rule.id", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.app_rule_id", + "target_field": "rule.id", + "ignore_missing": true, + "if": "ctx.rule?.id == null" + } + }, + { + "rename" : { + "field": "checkpoint.objectname", + "target_field": "rule.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.rule_name", + "target_field": "rule.name", + "ignore_missing": true, + "if": "ctx.rule?.name == null" + } + }, + { + "rename" : { + "field": "checkpoint.malware_rule_name", + "target_field": "rule.name", + "ignore_missing": true, + "if": "ctx.rule?.name == null" + } + }, + { + "rename" : { + "field": "checkpoint.app_rule_name", + "target_field": "rule.name", + "ignore_missing": true, + "if": "ctx.rule?.name == null" + } + }, + { + "rename" : { + "field": "checkpoint.dlp_rule_name", + "target_field": "rule.name", + "ignore_missing": true, + "if": "ctx.rule?.name == null" + } + }, + { + "rename" : { + "field": "checkpoint.smartdefence_profile", + "target_field": "rule.ruleset", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.policy", + "target_field": "rule.ruleset", + "ignore_missing": true, + "if": "ctx.rule?.ruleset == null" + } + }, + { + "rename" : { + "field": "checkpoint.rule_uid", + "target_field": "rule.uuid", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.dlp_rule_uid", + "target_field": "rule.uuid", + "ignore_missing": true, + "if": "ctx.rule?.uuid == null" + } + }, + { + "rename": { + "field": "checkpoint.sent_bytes", + "target_field": "source.bytes", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.mac_source_address", + "target_field": "source.mac", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.source_user_name", + "target_field": "source.user.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.from", + "target_field": "source.user.email", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.xlatesrc", + "target_field": "source.nat.ip", + "ignore_missing": true, + "if": "ctx.checkpoint?.xlatesrc != '0.0.0.0'" + } + }, + { + "rename" : { + "field": "checkpoint.xlatesport", + "target_field": "source.nat.port", + "ignore_missing": true, + "if": "ctx.checkpoint?.xlatesport != '0'" + } + }, + { + "rename" : { + "field": "checkpoint.src_machine_name", + "target_field": "source.domain", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.src_user_group", + "target_field": "source.user.group.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.url", + "target_field": "url.original", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.resource", + "target_field": "url.original", + "ignore_missing": true, + "if": "ctx.url?.original == null" + } + }, + { + "rename" : { + "field": "checkpoint.http_host", + "target_field": "url.domain", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.web_client_type", + "target_field": "user_agent.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.user_agent", + "target_field": "user_agent.original", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.industry_reference", + "target_field": "vulnerability.id", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.time", + "target_field": "@timestamp", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.message", + "target_field": "message", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.reason", + "target_field": "message", + "ignore_missing": true, + "if": "ctx.message == null" + } + }, + { + "rename" : { + "field": "checkpoint.subject", + "target_field": "message", + "ignore_missing": true, + "if": "ctx.message == null" + } + }, + { + "gsub" : { + "field": "checkpoint.sys_message", + "pattern": "^:\"", + "replacement": "", + "if": "ctx.checkpoint?.sys_message != null" + } + }, + { + "geoip" : { + "field": "source.ip", + "target_field": "source.geo", + "ignore_missing": true, + "if": "ctx.source?.geo == null" + } + }, + { + "geoip" : { + "field": "destination.ip", + "target_field": "destination.geo", + "ignore_missing": true, + "if": "ctx.destination?.geo == null" + } + }, + { + "geoip" : { + "database_file": "GeoLite2-ASN.mmdb", + "field": "source.ip", + "target_field": "source.as", + "properties": ["asn", "organization_name"], + "ignore_missing": true + } + }, + { + "geoip" : { + "database_file": "GeoLite2-ASN.mmdb", + "field": "destination.ip", + "target_field": "destination.as", + "properties": ["asn", "organization_name"], + "ignore_missing": true + } + }, + { + "rename" : { + "field": "source.as.asn", + "target_field": "source.as.number", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "source.as.organization_name", + "target_field": "source.as.organization.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "destination.as.asn", + "target_field": "destination.as.number", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "destination.as.organization_name", + "target_field": "destination.as.organization.name", + "ignore_missing": true + } + }, + { + "remove" : { + "field": [ + "checkpoint.client_outbound_packets", "checkpoint.client_outbound_bytes", + "checkpoint.server_outbound_packets", "checkpoint.server_outbound_bytes", + "checkpoint.product", "checkpoint.uid", "checkpoint.administrator", + "checkpoint.dst", "checkpoint.src", "checkpoint.service", "checkpoint.s_port", + "checkpoint.ifname", "checkpoint.xlatesrc", "checkpoint.xlatedst", "checkpoint.xlatedport", + "checkpoint.xlatesport", "checkpoint.client_ip", "syslog5424_ts" + ], + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] +} diff --git a/filebeat/module/checkpoint/firewall/manifest.yml b/filebeat/module/checkpoint/firewall/manifest.yml new file mode 100644 index 00000000000..5f6cdebdf4d --- /dev/null +++ b/filebeat/module/checkpoint/firewall/manifest.yml @@ -0,0 +1,25 @@ +module_version: 1.0 + +var: + - name: syslog_host + default: localhost + - name: tags + default: [checkpoint-firewall] + - name: syslog_port + default: 9001 + - name: input + default: syslog + - name: log_level + default: 7 + - name: certfile + default: "" + - name: keyfile + default: "" + - name: cafile + default: "" + - name: pipeline + default: "" + +ingest_pipeline: + - ingest/pipeline.json +input: config/firewall.yml diff --git a/filebeat/module/checkpoint/firewall/test/checkpoint.log b/filebeat/module/checkpoint/firewall/test/checkpoint.log new file mode 100644 index 00000000000..c09c614f38c --- /dev/null +++ b/filebeat/module/checkpoint/firewall/test/checkpoint.log @@ -0,0 +1,10039 @@ +<134>1 2020-03-29T13:19:20Z gw-da58d3 CheckPoint 1930 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80a059,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"1"; version:"5"; product:"System Monitor"; sys_message::"The eth0 interface is not protected by the anti-spoofing feature. Your network may be at risk"] +<134>1 2020-03-29T13:19:20Z gw-da58d3 CheckPoint 1930 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80a059,0x1,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"2"; version:"5"; product:"System Monitor"; sys_message::"The eth1 interface is not protected by the anti-spoofing feature. Your network may be at risk"] +<134>1 2020-03-29T13:19:21Z gw-da58d3 CheckPoint 1930 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80a059,0x2,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"2"; version:"5"; product:"System Monitor"; sys_message::"installed Standard"] +<134>1 2020-03-29T13:19:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05a,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46915"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:19:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05a,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"194.29.39.10"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61794"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26680"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:19:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05a,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36749"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:19:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05a,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41566"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10012"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:19:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05a,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55799"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:19:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05a,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48698"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10013"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:19:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05a,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48658"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:19:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05a,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61150"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10014"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:19:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05a,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59800"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:19:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05a,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55110"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26681"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:19:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05a,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49780"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:19:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05a,0x5,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48718"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26682"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:19:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05a,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33536"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:19:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05a,0x6,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62206"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26683"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:19:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05a,0x5,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61767"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:19:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05a,0x7,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41596"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26684"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:19:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05a,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48728"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:19:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05a,0x6,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"19"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61180"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10015"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:19:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05a,0x7,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"20"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64364"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:19:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05a,0x8,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"21"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48732"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10016"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:19:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05b,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54002"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:19:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05b,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62222"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43354"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:19:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05b,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40677"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:19:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05b,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61188"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10017"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:19:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05b,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53589"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:19:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05b,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41624"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26685"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:19:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05b,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36166"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:19:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05b,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48758"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10018"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:19:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05b,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43736"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:19:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05b,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62246"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10019"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:19:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05b,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46065"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:19:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05b,0x5,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41638"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10020"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:19:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05b,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43388"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:19:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05b,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61224"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43355"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:19:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05b,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61851"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:19:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80a05c,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"22"; version:"5"; additional_info:"Access Control Policy : Standard"; administrator:"admin"; audit_status:"Success"; client_ip:"192.168.1.117"; machine:"192.168.1.117"; objectname:"gw-da58d3"; objecttable:"applications"; objecttype:"firewall_application"; operation:"Install Policy"; operation_number:"7"; product:"SmartConsole"; subject:"Policy Installation"; uid:"{FF0154DE-7D18-4396-B0C2-7E8951B393A4}"] +<134>1 2020-03-29T13:19:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a05b,0x5,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48776"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43356"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:26Z gw-da58d3 CheckPoint 1930 - [flags:"393280"; ifdir:"inbound"; loguid:"{0x5e80a09c,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; blade_name:"Anti Bot & Anti Virus"; information:"policy installation for blade Anti Bot & Anti Virus completed successfully"; product:"Log Update"] +<134>1 2020-03-29T13:20:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09b,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51436"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26686"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09b,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36896"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09c,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09c,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59284"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09c,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62396"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26687"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09c,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43379"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09c,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48914"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26688"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09d,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41365"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09d,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41844"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10021"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09d,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47951"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09d,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62468"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26689"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09d,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36526"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09d,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61434"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26690"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09d,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34981"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09d,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41856"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26691"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80a09d,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"8"; version:"5"; additional_info:"Threat Prevention Policy : Standard"; administrator:"admin"; audit_status:"Success"; client_ip:"192.168.1.117"; machine:"192.168.1.117"; objectname:"gw-da58d3"; objecttable:"applications"; objecttype:"threatprevention_application"; operation:"Install Policy"; operation_number:"7"; product:"SmartConsole"; subject:"Policy Installation"; uid:"{597182F7-E1BA-460F-B6E0-D4996295B5CC}"] +<134>1 2020-03-29T13:20:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09d,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61445"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09d,0x5,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48990"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26692"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09d,0x6,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64618"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09d,0x7,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62478"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26693"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09e,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61203"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09e,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41864"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10022"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09e,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35209"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09e,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61446"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43357"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09e,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35787"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09e,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48998"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43358"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09f,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41870"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43359"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09f,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46851"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09f,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37927"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09f,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62488"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26694"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09f,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45589"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a09f,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={DF903A6D-B97D-1A4D-A054-2BF3A330CB5A};mgmt=gw-da58d3;date=1585487925;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61454"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10023"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:46Z gw-da58d3 CheckPoint 1930 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80a0af,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"1"; version:"5"; product:"System Monitor"; sys_message:"The eth0 interface is not protected by the anti-spoofing feature. Your network may be at risk"] +<134>1 2020-03-29T13:20:46Z gw-da58d3 CheckPoint 1930 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80a0af,0x1,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"2"; version:"5"; product:"System Monitor"; sys_message::"The eth1 interface is not protected by the anti-spoofing feature. Your network may be at risk"] +<134>1 2020-03-29T13:20:46Z gw-da58d3 CheckPoint 1930 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80a0af,0x2,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"4"; version:"5"; product:"System Monitor"; sys_message::"installed Standard"] +<134>1 2020-03-29T13:20:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0af,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"194.29.39.10"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62122"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43360"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0af,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40928"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0af,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51957"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0af,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55424"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26695"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0af,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37029"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0af,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49026"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26696"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0af,0x5,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61725"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0af,0x6,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62514"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26697"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0af,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59562"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0af,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41902"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10024"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b0,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60754"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b0,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61490"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43361"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b0,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36577"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b0,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49042"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26698"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b0,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39956"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b0,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41914"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26699"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b0,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46729"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b0,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62534"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10025"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b0,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37133"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b0,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61500"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10026"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b0,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44417"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b0,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41938"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10027"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b1,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37245"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b1,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49102"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43362"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b1,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58966"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b1,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62592"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26700"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80a0b2,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"15"; version:"5"; additional_info:"Access Control Policy : Standard"; administrator:"admin"; audit_status:"Success"; client_ip:"192.168.1.117"; machine:"192.168.1.117"; objectname:"gw-da58d3"; objecttable:"applications"; objecttype:"firewall_application"; operation:"Install Policy"; operation_number:"7"; product:"SmartConsole"; subject:"Policy Installation"; uid:"{FF0154DE-7D18-4396-B0C2-7E8951B393A4}"] +<134>1 2020-03-29T13:20:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b1,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38300"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b1,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42004"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10028"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b1,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54848"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b1,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61586"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26701"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b1,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44510"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b1,0x5,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49138"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26702"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b1,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b2,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44596"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b2,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62626"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26703"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:20:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b3,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41730"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:20:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a0b3,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61592"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10029"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:22:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a127,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48160"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:22:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a127,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55574"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10030"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:22:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a128,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52813"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:22:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a128,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61626"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43363"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:22:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a128,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57666"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:22:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a128,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62664"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10031"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:22:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a129,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:23:04Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a138,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T13:24:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a1a0,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62739"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:24:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a1a0,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55610"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26704"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:24:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a1a0,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59093"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:24:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a1a0,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61662"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10032"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:24:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a1a0,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52496"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:24:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a1a0,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49214"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26705"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:24:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a1a1,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:24:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a1a3,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:26:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a1e8,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T13:26:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a1ea,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:26:04Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a1ec,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:26:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a218,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43498"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:26:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a219,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55640"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43364"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:26:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a21a,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59815"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:26:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a21a,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62728"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26706"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:26:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a21a,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55495"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:26:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a21a,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49244"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26707"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:26:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a21a,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:28:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a292,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34388"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:28:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a292,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55674"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10033"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:28:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a292,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39403"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:28:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a292,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49276"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43365"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:28:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a292,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51799"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:28:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a292,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61728"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10034"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:28:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a293,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:30:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a30b,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52646"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:30:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a30b,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55708"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10035"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:30:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a30b,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39486"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:30:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a30b,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61760"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43366"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:30:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a30b,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45750"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:30:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a30b,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49312"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43367"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:30:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a30c,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:30:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a30e,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:32:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a383,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64098"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:32:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a383,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55742"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10036"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:32:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a383,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54978"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:32:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a383,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61794"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43368"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:32:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a383,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54596"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:32:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a383,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62832"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10037"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:32:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a384,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:32:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a386,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:34:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a3fb,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56694"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:34:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a3fc,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42252"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26708"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:34:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a3fc,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60280"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:34:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a3fc,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49384"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10038"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:34:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a3fc,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40642"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:34:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a3fc,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62872"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10039"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:34:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a3fd,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:34:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a3fe,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:35:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a406,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T13:36:26Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a45b,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T13:36:26Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a45b,0x1,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T13:36:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a45b,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:36:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a475,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50627"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:36:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a475,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42282"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10040"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:36:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a475,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56577"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:36:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a475,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61864"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43369"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:36:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a476,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41340"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:36:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a476,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49416"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26709"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:38:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a4ba,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T13:38:03Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a4bb,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:38:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a4bd,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:38:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a4ee,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35061"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:38:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a4ee,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55846"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10041"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:38:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a4ee,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44550"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:38:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a4ee,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61898"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43370"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:38:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a4ee,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62881"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:38:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a4ee,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49450"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43371"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:38:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a4ef,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:38:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a4f0,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:40:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a566,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55586"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:40:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a566,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55880"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10042"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:40:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a566,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33975"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:40:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a566,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61932"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26710"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:40:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a566,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54064"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:40:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a566,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49484"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26711"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:40:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a567,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:40:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a568,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:42:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a5de,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61972"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:42:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a5de,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55916"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10043"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:42:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a5df,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43965"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:42:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a5df,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63004"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43372"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:42:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a5df,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58010"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:42:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a5df,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61972"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26712"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:42:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a5e0,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:42:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a5e1,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:44:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a657,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59229"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:44:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a659,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:44:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a65b,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:45:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a65c,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49784"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:45:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a65c,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42424"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10044"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:45:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a65c,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47157"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:45:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a65c,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63042"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26713"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:45:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a65c,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38716"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:45:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a65c,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62008"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26714"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:45:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a686,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44473"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:45:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a686,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51764"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10045"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:45:43Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a687,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:47:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a6d4,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63576"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:47:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a6d5,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55988"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10046"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:47:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a6d5,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39103"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:47:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a6d5,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63080"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10047"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:47:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a6d5,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56708"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:47:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a6d5,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49596"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10048"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:47:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a6d6,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:47:03Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a6d7,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T13:47:04Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a6d7,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T13:47:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a6d9,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:47:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a6ec,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46459"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:47:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a6ec,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52162"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26715"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:47:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a6ec,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64955"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:47:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a6ed,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63100"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10049"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:47:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a6ed,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51201"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:47:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a6ed,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62066"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43373"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:49:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a74d,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64691"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:49:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a74d,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56060"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10050"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:49:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a74d,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34893"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:49:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a74d,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62112"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43374"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:49:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a74d,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38260"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:49:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a74d,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49664"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10051"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:49:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a74e,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:49:03Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a74f,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:50:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a78d,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T13:50:06Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a78e,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:51:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a7c5,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37516"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:51:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a7c5,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42564"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10052"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:51:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a7c5,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59250"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:51:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a7c5,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62146"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43375"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:51:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a7c5,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34892"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:51:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a7c5,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63184"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10053"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:51:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a7c6,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:51:04Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a7c8,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:53:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a83e,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49923"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:53:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a83e,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42598"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10054"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:53:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a83e,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62435"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:53:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a83e,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62180"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43376"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:53:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a83e,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46541"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:53:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a83e,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49732"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10055"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:53:03Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a83f,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:55:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a8b6,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47365"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:55:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a8b6,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56164"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10056"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:55:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a8b6,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49238"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:55:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a8b6,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49766"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43377"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:55:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a8b6,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33657"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:55:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a8b6,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62218"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10057"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:55:04Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a8b8,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:57:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a92e,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53269"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:57:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a92e,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42668"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10058"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:57:03Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a92f,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39324"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:57:03Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a92f,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49800"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43378"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:57:03Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a92f,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53837"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:57:03Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a92f,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62252"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10059"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:57:04Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a930,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:57:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a931,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:59:03Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a9a7,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55538"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:59:03Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a9a7,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42698"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10060"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:59:03Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a9a7,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T13:59:03Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a9a7,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50693"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:59:04Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a9a8,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:59:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a9a9,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T13:59:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a9ac,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37471"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:59:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a9ac,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63318"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10061"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T13:59:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a9ad,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64329"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T13:59:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80a9ad,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62284"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43379"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:01:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aa25,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51289"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:01:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aa25,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42732"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10062"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:01:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aa25,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38700"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:01:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aa25,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62314"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43380"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:01:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aa25,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33521"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:01:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aa25,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49866"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10063"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:01:10Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aa26,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:01:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aa57,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T14:02:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aa59,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:03:10Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aa9d,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37314"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:03:10Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aa9d,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56298"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10064"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:03:11Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aa9f,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:03:11Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aa9f,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33023"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:03:11Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aa9f,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63386"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10065"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:03:11Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aa9f,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63463"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:03:11Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aa9f,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62352"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10066"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:05:11Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ab17,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49481"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:05:11Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ab17,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56340"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10067"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:05:12Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ab18,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:05:12Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ab18,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61719"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:05:12Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ab18,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49942"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26716"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:05:12Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ab18,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34989"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:05:12Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ab18,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62394"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10068"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:05:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ab19,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:07:12Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ab90,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57961"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:07:12Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ab90,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42844"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10069"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:07:12Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ab90,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44886"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:07:12Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ab90,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63462"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43381"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:07:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ab91,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39064"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:07:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ab91,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62428"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26717"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:07:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ab91,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:09:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ac0a,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39154"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:09:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ac0a,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42876"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10070"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:09:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ac0a,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64147"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:09:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ac0a,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62458"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43382"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:09:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ac0a,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37756"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:09:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ac0a,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50010"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10071"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:09:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ac0b,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:09:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ac0c,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:11:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ac75,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T14:11:03Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ac77,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:11:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ac79,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:11:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ac82,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49614"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:11:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ac82,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42908"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43383"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:11:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ac82,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38020"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:11:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ac82,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63528"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26718"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:11:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ac82,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36829"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:11:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ac82,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50044"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10072"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:11:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ac90,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T14:13:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80acfb,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54461"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:13:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80acfb,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56474"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10073"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:13:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80acfb,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33712"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:13:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80acfb,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62526"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43384"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:13:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80acfb,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39217"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:13:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80acfb,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63564"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10074"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:13:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80acfc,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:14:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ad28,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T14:14:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ad29,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:14:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ad5c,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T14:14:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ad5d,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:14:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ad5f,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:15:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ad73,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48015"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:15:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ad73,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56510"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10075"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:15:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ad73,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60068"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:15:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ad73,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50112"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10076"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:15:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ad73,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57305"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:15:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ad73,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62564"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43385"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:15:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ad8e,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59702"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:15:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ad8e,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52316"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26719"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:15:43Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ad8f,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:15:45Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ad91,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:17:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80adeb,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63542"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:17:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80adec,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43016"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10077"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:17:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80adec,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57162"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:17:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80adec,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50148"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43386"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:17:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80adec,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34120"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:17:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80adec,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63636"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10078"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:17:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aded,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:17:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80adef,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:19:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ae64,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45337"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:19:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ae64,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56578"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26720"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:19:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ae64,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48866"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:19:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ae64,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62630"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10079"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:19:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ae64,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54595"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:19:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ae64,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50182"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10080"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:19:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ae65,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:19:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ae66,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:20:10Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ae9a,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39272"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T14:20:12Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ae9c,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:21:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aedd,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65412"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:21:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aedd,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56610"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26721"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:21:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aedd,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41422"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:21:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aedd,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62662"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10081"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:21:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aedd,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64118"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:21:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aedd,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63700"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43387"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:21:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aede,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:21:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80aedf,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:23:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80af46,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T14:23:04Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80af48,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:23:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80af55,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32779"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:23:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80af55,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56646"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10082"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:23:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80af56,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50307"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:23:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80af56,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50248"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43388"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:23:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80af56,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46465"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:23:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80af56,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63736"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26722"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:23:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80af76,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T14:23:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80af78,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:23:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80af7a,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:25:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80afce,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46705"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:25:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80afce,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56682"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10083"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:25:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80afce,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54870"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:25:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80afce,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63770"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43389"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:25:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80afce,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58681"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:25:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80afce,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50286"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26723"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:25:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80afcf,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:25:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80afd0,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:26:03Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80affb,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T14:26:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80affd,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:27:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b046,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36180"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:27:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b046,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56716"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10084"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:27:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b047,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42850"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:27:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b047,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63804"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43390"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:27:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b047,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:27:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b047,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42324"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:27:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b048,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62770"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43391"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:29:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b0c0,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59101"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:29:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b0c1,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:29:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b0c3,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:29:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b0c5,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36394"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:29:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b0c5,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43218"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10085"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:29:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b0c5,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46212"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:29:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b0c5,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63836"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43392"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:29:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b0c5,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63395"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:29:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b0c5,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50352"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10086"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:29:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b0e4,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T14:31:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b13d,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57803"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:31:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b13d,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56780"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10087"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:31:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b13d,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51944"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:31:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b13d,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62832"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43393"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:31:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b13d,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40459"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:31:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b13d,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50384"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10088"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:31:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b13e,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:31:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b13f,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:33:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b1b5,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33129"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:33:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b1b5,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56814"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10089"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:33:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b1b5,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43986"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:33:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b1b5,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50416"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43394"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:33:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b1b5,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44371"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:33:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b1b5,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62868"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26724"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:33:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b1b6,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:33:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b1b7,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:35:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b216,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T14:35:04Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b218,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:35:06Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b21a,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:35:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b22d,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44581"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:35:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b22d,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56854"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26725"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:35:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b22d,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57187"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:35:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b22d,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62906"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10090"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:35:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b22d,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38859"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:35:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b22d,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50458"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26726"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:37:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b2a5,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58254"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:37:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b2a5,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43358"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10091"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:37:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b2a6,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53428"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:37:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b2a6,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50490"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43395"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:37:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b2a6,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45420"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:37:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b2a6,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63978"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10092"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:37:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b2a7,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:38:12Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b2d4,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T14:38:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b2d6,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:39:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b31e,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39836"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:39:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b31e,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43390"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10093"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:39:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b31e,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39235"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:39:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b31e,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50522"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26727"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:39:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b31e,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33725"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:39:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b31e,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62974"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10094"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:39:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b31f,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:39:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b321,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:41:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b396,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57394"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:41:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b396,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56952"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10095"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:41:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b396,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50607"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:41:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b396,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64040"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43396"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:41:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b396,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62348"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:41:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b396,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63006"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10096"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:41:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b397,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:43:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b40e,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42189"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:43:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b410,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56988"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26728"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:43:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b410,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37733"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:43:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b410,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64076"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10097"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:43:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b410,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50584"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:43:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b410,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50592"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10098"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:43:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b410,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:45:12Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b478,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T14:45:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b479,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:45:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b47b,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:45:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b489,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43820"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:45:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b489,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57024"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26729"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:45:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b489,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56938"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:45:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b489,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50626"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10099"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:45:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b489,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47791"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:45:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b489,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64114"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43397"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:45:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b496,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62929"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:45:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b496,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52830"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43398"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:46:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b4e3,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T14:47:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b4e4,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:47:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b501,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57953"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:47:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b501,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57062"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26730"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:47:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b501,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51461"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:47:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b502,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50664"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26731"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:47:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b502,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58978"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:47:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b502,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64152"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26732"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:49:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b57a,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45146"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:49:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b579,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57094"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10100"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:49:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b57a,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63616"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:49:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b57a,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50696"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43399"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:49:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b57a,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36550"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:49:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b57a,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63148"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26733"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:49:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b57b,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:50:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b5ab,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T14:50:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b5ac,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:51:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b5f2,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60745"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:51:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b5f2,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57126"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10101"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:51:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b5f2,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37614"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:51:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b5f2,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50728"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26734"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:51:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b5f2,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51443"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:51:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b5f2,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63180"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10102"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:51:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b5f3,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:53:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b66a,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54747"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:53:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b66a,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43630"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10103"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:53:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b66a,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39533"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:53:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b66a,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63212"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10104"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:53:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b66a,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54442"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:53:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b66a,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64250"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10105"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:53:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b66b,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:55:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b6e2,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44649"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:55:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b6e2,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43666"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26735"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:55:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b6e2,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56779"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:55:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b6e3,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63248"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10106"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:55:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b6e3,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38545"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:55:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b6e3,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64286"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10107"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:55:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b6e3,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:57:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b75b,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36084"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:57:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b75b,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43700"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26736"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:57:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b75b,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63543"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:57:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b75b,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63282"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26737"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:57:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b75b,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55203"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:57:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b75b,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64320"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26738"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:57:32Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b75c,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:58:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b7b1,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T14:58:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b7b3,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T14:59:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b7d3,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48575"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:59:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b7d3,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43732"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10108"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:59:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b7d3,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38693"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:59:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b7d3,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50864"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43400"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T14:59:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b7d3,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49124"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T14:59:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b7d3,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63316"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10109"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:00:12Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b7fb,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T15:00:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b7fd,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:01:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b84b,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57348"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:01:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b84b,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43766"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26739"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:01:32Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b84b,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38107"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:01:32Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b84b,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63348"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10110"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:01:32Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b84c,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49869"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:01:32Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b84b,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50900"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10111"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:01:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b84c,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:01:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b84e,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:02:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b87b,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T15:02:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b87d,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:02:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88b,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43956"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:02:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88b,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36366"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10112"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:02:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88b,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47464"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:02:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88b,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64408"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43401"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:02:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88b,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32952"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:02:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88b,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63374"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26740"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:02:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88c,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52608"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:02:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88c,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36372"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26741"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:02:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88c,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56820"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:02:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88c,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64414"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10113"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:02:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88c,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56322"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:02:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88c,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50930"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43402"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:02:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88c,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34127"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:02:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88c,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36379"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26742"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:02:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88c,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42880"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:02:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88c,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63384"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10114"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:02:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88c,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37345"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:02:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88c,0x5,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64422"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43403"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:02:37Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88d,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36384"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43404"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:02:37Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88d,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44980"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:02:37Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88d,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40901"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:02:37Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88d,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50940"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10115"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:02:37Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88d,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39722"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:02:37Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b88d,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63392"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10116"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:03:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b8c5,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59187"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:03:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b8c5,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43826"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10117"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:03:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b8c5,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46869"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:03:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b8c5,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50958"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43405"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:03:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b8c5,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43854"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:03:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b8c5,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63410"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10118"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:03:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b8c6,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:05:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b93d,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41191"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:05:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b93d,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43870"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10119"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:05:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b93d,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35180"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:05:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b93d,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63452"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43406"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:05:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b93d,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54778"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:05:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b93d,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64490"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43407"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:05:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b93e,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:05:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b93f,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:07:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b9b5,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33443"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:07:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b9b5,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43904"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10120"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:07:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b9b7,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:07:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b9b7,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50012"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:07:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b9b7,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51036"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26743"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:07:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b9b7,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40083"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:07:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b9b7,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63488"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26744"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:07:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80b9b8,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:09:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ba2f,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53383"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:09:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ba2f,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43936"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10121"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:09:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ba2f,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34089"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:09:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ba2f,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64554"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43408"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:09:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ba2f,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57901"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:09:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ba2f,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63520"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26745"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:09:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ba2f,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60261"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:09:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ba2f,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43942"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26746"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:09:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ba2f,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49844"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:09:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ba2f,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64560"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43409"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:09:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ba2f,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52907"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:09:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ba2f,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51076"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43410"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:09:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ba30,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:09:42Z gw-da58d3 CheckPoint 1930 - [flags:"166216"; ifdir:"outbound"; loguid:"{0x5e80ba37,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"1"; version:"5"; db_ver:"20032905"; description:"Gateway was updated with database version: 22032001."; product:"Application Control"; severity:"1"; update_status:"updated"] +<134>1 2020-03-29T15:09:42Z gw-da58d3 CheckPoint 1930 - [flags:"166216"; ifdir:"outbound"; loguid:"{0x5e80ba37,0x1,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"2"; version:"5"; db_ver:"20032905"; description:"Gateway was updated with database version: 22032001."; product:"URL Filtering"; severity:"1"; update_status:"updated"] +<134>1 2020-03-29T15:10:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ba83,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T15:11:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ba85,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:11:03Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ba87,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:11:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80baae,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59177"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:11:44Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bab0,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:11:46Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bab2,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:11:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bab3,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58575"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:11:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bab3,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43978"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10122"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:11:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bab3,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57875"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:11:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bab3,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51110"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43411"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:11:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bab3,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60517"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:11:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bab3,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64598"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10123"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:11:49Z gw-da58d3 CheckPoint 1930 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e80bab6,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"1"; version:"5"; description:"Contracts"; product:"Security Gateway/Management"; status:"Started"; update_service:"1"; version:"1.0"] +<134>1 2020-03-29T15:11:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bab5,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50214"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bab5,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"194.29.39.10"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64214"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43412"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bab6,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64681"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bab6,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51116"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26747"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bab6,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44087"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:11:50Z gw-da58d3 CheckPoint 1930 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e80bab6,0x1,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"6"; version:"5"; description:"Contracts"; failure_impact:"Contracts may be out-of-date"; product:"Security Gateway/Management"; reason:"Server replied with no results."; severity:"2"; status:"Failed"; update_service:"1"; version:"1.0"] +<134>1 2020-03-29T15:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bab6,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63568"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26748"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:13:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bb2b,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38880"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:13:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bb2b,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44018"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26749"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:13:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bb2b,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37253"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:13:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bb2c,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64636"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10124"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:13:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bb2b,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51535"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:13:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bb2b,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51152"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26750"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:13:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bb2d,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:13:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bb2e,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:14:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bb55,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T15:14:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bb57,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:14:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bb59,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:15:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bb9e,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41315"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:15:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bb9e,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53378"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10125"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:15:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bb9e,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53380"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26751"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:15:43Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bb9f,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:15:45Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bba1,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:15:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bba4,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42323"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:15:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bba4,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44058"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43413"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:15:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bba4,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55106"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:15:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bba4,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63640"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26752"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:15:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bba4,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51024"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:15:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bba4,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64678"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43414"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:16:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bbcc,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39685"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:16:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bbcc,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44070"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26753"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:16:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bbcc,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46147"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:16:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bbcd,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:16:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bbcf,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:16:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bbd1,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60219"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:16:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bbd1,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51204"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10126"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:16:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bbd1,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58217"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:16:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bbd1,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64692"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43415"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:16:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bbd1,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44078"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43416"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:16:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bbd2,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64974"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:16:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bbd2,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35830"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:16:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bbd2,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63660"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26754"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:16:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bbd2,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39581"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:16:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bbd2,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64698"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10127"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:16:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bbd3,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49421"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:16:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bbd3,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"23.194.24.76"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38158"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10128"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:17:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc1c,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63463"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:17:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc1c,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44106"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10129"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:17:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc1c,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57057"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:17:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc1c,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64724"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43417"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:17:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc1c,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44231"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:17:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc1c,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51240"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43418"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:17:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc1d,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:17:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc1f,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:18:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc44,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56258"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:18:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc44,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44118"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10130"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:18:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc45,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56866"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:18:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc45,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64736"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43419"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:18:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc45,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64821"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:18:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc45,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51252"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10131"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:18:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc45,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:18:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc57,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64104"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:18:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc57,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44134"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10132"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:18:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc57,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50199"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:18:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc57,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64752"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26755"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:18:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc57,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64641"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:18:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc57,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63718"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26756"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:18:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc58,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:19:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc95,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45142"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:19:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc95,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44156"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10133"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:19:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc95,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52015"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:19:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc95,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51288"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43420"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:19:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc95,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32988"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:19:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc95,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63740"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10134"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:19:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bc96,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:21:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bd0d,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33349"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:21:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bd0d,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57716"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26757"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:21:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bd0d,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42942"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:21:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bd0d,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63768"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10135"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:21:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bd0d,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64267"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:21:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bd0d,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51320"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26758"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:21:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bd0e,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:22:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bd51,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T15:22:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bd53,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:23:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bd85,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52158"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:23:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bd85,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57752"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10136"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:23:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bd85,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34576"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:23:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bd85,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63804"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43421"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:23:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bd85,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57841"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:23:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bd85,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51356"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43422"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:23:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bd86,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:23:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bd88,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:25:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bdfd,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45751"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:25:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bdfd,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57788"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10137"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:25:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bdfd,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55853"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:25:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bdfd,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64876"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43423"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:25:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bdfe,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48967"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:25:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bdfe,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51392"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26759"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:25:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bdff,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:26:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80be20,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T15:27:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80be76,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45056"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:27:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80be76,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57822"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10138"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:27:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80be76,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47096"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:27:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80be76,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51424"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43424"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:27:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80be76,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35474"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:27:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80be76,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64912"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10139"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:27:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80be77,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:29:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bef0,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55975"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:29:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bef0,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57856"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26760"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:29:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bef0,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39590"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:29:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bef0,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63908"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10140"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:29:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bef0,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50745"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:29:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bef0,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51460"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43425"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:29:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bef1,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:29:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bef3,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:30:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bf1b,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T15:30:37Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bf1d,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:30:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bf1f,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:31:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bf68,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43761"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:31:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bf68,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57886"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10141"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:31:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bf68,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63536"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:31:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bf68,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63938"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43426"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:31:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bf68,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57376"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:31:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bf68,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51490"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26761"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:31:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bf69,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:31:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bf6b,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:33:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bfe0,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37777"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:33:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bfe0,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57920"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26762"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:33:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bfe1,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40710"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:33:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bfe1,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51522"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10142"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:33:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bfe1,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44105"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:33:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bfe1,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63974"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43427"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:33:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80bfe2,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:34:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c020,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T15:34:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c022,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:35:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c024,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:35:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c059,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63924"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:35:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c059,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57960"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10143"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:35:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c059,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48564"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:35:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c059,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64012"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43428"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:35:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c059,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34922"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:35:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c059,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65050"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43429"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:35:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c05a,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:35:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c05b,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:37:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c0d1,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40810"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:37:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c0d1,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57994"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10144"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:37:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c0d2,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64873"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:37:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c0d2,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51596"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43430"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:37:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c0d2,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64955"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:37:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c0d2,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64048"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10145"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:37:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c0d2,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:38:37Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c0fd,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T15:38:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c0fe,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:38:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c100,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:39:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c14b,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44109"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:39:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c14b,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58028"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10146"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:39:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c14c,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59349"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:39:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c14c,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51630"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43431"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:39:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c14c,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63063"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:39:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c14c,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64082"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10147"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:39:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c14d,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:39:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c14e,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:41:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c1c4,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37895"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:41:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c1c4,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58058"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26763"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:41:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c1c4,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62212"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:41:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c1c4,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64110"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10148"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:41:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c1c4,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42227"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:41:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c1c4,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51662"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26764"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:41:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c1c5,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:41:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c1c7,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:43:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c23c,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63963"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:43:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c23c,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58094"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26765"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:43:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c23c,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35066"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:43:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c23c,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64146"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10149"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:43:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c23d,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43259"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:43:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c23d,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65184"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43432"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:43:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c23d,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:45:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c2a6,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43305"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:45:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c2a6,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53922"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10150"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:45:43Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c2a7,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:45:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c2b6,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56839"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:45:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c2b6,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58132"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10151"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:45:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c2b6,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33621"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:45:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c2b6,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51734"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43433"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:45:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c2b6,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37346"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:45:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c2b6,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64186"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43434"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:46:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c2f2,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T15:46:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c2f3,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:47:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c32e,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57148"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:47:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c32e,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58166"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10152"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:47:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c32f,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54846"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:47:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c32f,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65254"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43435"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:47:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c32f,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62136"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:47:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c32f,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51770"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10153"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:47:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c32f,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:49:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c3a7,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41111"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:49:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c3a7,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58200"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10154"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:50:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c3a8,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61189"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:50:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c3a8,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65288"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43436"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:50:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c3a8,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:50:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c3a9,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38942"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:50:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c3a9,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64256"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10155"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:50:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c3aa,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:50:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c3ce,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T15:52:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c421,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39280"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:52:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c421,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58236"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26766"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:52:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c421,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56564"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:52:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c421,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51838"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10156"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:52:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c421,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47861"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:52:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c421,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64290"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10157"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:52:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c422,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:54:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c499,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41127"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:54:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c499,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58266"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26767"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:54:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c49a,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39461"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:54:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c49a,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65354"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10158"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:54:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c49a,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59401"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:54:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c49a,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51870"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26768"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:54:03Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c49b,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:54:04Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c49c,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:56:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c512,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57288"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:56:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c512,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58302"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26769"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:56:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c512,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43258"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:56:03Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c513,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:56:04Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c514,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:56:07Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c517,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56481"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:56:07Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c517,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65390"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43437"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:56:07Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c517,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48552"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:56:07Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c517,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64356"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43438"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:58:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c590,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44170"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:58:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c590,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58336"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10159"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:58:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c590,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35503"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:58:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c590,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65424"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43439"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:58:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c590,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59318"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T15:58:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c590,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64390"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43440"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T15:58:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c591,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T15:58:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c5bf,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T15:58:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c5c1,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:00:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c608,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47646"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:00:10Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c60a,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:00:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c60d,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58997"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:00:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c60d,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58370"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10160"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:00:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c60e,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53053"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:00:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c60e,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65458"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43441"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:00:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c60e,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61505"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:00:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c60e,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51974"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10161"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:02:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c686,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53215"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:02:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c688,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:02:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c68b,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61509"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:02:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c68b,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58408"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10162"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:02:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c68b,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54035"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:02:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c68b,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64460"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43442"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:02:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c68b,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57779"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:02:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c68b,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52012"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43443"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:02:32Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c698,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T16:04:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c703,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49899"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:04:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c703,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58442"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10163"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:04:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c703,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59217"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:04:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c703,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52044"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43444"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:04:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c703,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52317"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:04:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c703,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65532"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26770"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:04:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c704,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:04:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c706,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:04:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c725,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58491"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:04:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c725,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44934"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43445"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:04:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c725,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54523"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:04:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c725,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32784"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26771"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:04:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c726,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49861"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:04:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c726,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64518"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10164"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:04:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c726,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53904"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:04:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c726,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44940"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10165"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:04:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c726,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51325"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:04:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c726,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32790"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26772"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:04:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c726,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64519"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:04:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c726,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52074"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26773"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:04:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c726,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63805"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:04:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c726,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44946"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43446"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:04:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c726,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49364"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:04:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c726,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64528"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26774"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:04:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c726,0x5,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35069"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:04:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c726,0x6,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32798"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26775"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:04:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c727,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44901"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:04:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c727,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44952"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43447"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:04:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c727,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63734"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:04:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c727,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52084"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26776"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:04:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c727,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35407"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:04:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c727,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64536"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26777"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:04:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c727,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46154"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:04:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c727,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44958"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26778"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:04:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c727,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41692"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:04:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c727,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32808"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10166"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:04:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c727,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47153"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:04:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c727,0x5,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52092"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10167"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:04:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c727,0x5,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53636"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:04:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c727,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44964"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43448"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:04:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c728,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48571"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:04:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c727,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64546"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43449"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:04:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c727,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41147"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:04:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c727,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32816"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43450"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:05:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73c,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65116"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:05:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73c,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44974"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26779"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:05:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73c,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52858"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:05:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73c,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52106"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10168"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:05:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73c,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34095"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:05:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73c,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64558"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10169"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:05:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73c,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53337"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:05:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73c,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44980"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10170"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:05:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73c,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47712"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:05:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73c,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52112"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26780"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:05:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73c,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59907"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:05:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73c,0x5,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32832"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10171"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73d,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73d,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61090"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73d,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44986"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26781"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73d,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36606"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73d,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64568"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26782"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73d,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60512"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73d,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52120"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26783"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73d,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46675"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73d,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44992"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10172"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73d,0x5,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55092"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73d,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32843"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43451"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73d,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58217"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73d,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64576"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43452"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73d,0x5,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73d,0x6,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59401"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73d,0x6,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44998"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43453"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73d,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39957"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73d,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52130"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10173"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73d,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"19"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34334"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c73d,0x5,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"20"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32850"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10174"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:05:32Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c74c,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60306"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:05:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c74d,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45008"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43454"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:05:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c74d,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35571"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:05:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c74d,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64590"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26784"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:05:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c74d,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49444"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:05:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c74d,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52142"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43455"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:06:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c77b,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64554"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:06:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c77d,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:06:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c781,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42474"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:06:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c781,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58554"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10175"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:06:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c781,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34177"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:06:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c781,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52156"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10176"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:06:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c782,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47923"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:06:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c782,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64608"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43456"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:08:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c7fa,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41045"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:08:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c7fa,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58588"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26785"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:08:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c7fa,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45191"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:08:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c7fa,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52190"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10177"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:08:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c7fa,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54122"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:08:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c7fa,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64642"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10178"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:08:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c7fb,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:10:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c872,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42398"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:10:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c872,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58622"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26786"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:10:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c873,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36120"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:10:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c873,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32942"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10179"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:10:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c873,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57481"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:10:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c873,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64676"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43457"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:10:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c874,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:10:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c892,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T16:11:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c893,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:12:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c8eb,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33635"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:12:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c8eb,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58656"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10180"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:12:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c8eb,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65354"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:12:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c8eb,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52258"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43458"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:12:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c8eb,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34242"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:12:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c8eb,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32978"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26787"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:12:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c8ec,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:12:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c8ed,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:14:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c963,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53123"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:14:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c963,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58688"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10181"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:14:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c963,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39257"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:14:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c963,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33008"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43459"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:14:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c963,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39958"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:14:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c963,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52292"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10182"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:14:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c964,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:14:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c966,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:14:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c978,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T16:15:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c9ae,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48561"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:15:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c9ae,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54508"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43460"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:15:43Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c9af,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:15:45Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c9b1,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:16:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c9db,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56646"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:16:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c9db,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58724"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10183"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:16:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c9db,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45349"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:16:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c9db,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52326"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43461"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:16:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c9dc,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37724"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:16:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c9dc,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33046"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43462"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:16:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80c9dc,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:18:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ca54,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40346"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:18:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ca54,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58758"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10184"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:18:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ca54,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49605"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:18:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ca54,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33078"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43463"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:18:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ca54,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59768"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:18:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ca54,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64812"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10185"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:18:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ca55,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:18:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ca57,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:20:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cacc,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51238"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:20:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cacc,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58792"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10186"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:20:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cacc,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37112"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:20:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cacc,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33112"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43464"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:20:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cacc,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44535"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:20:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cacc,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64846"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43465"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:20:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cacd,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:20:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cacf,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:22:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cb44,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50003"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:22:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cb44,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58826"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26788"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:22:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cb44,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59719"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:22:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cb45,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:22:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cb49,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43173"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:22:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cb49,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64880"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10187"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:22:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cb49,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41773"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:22:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cb49,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52432"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10188"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:22:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cb4a,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:23:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cb65,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T16:24:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cbc2,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47734"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:24:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cbc2,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58864"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26789"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:24:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cbc2,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44695"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:24:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cbc2,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64916"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10189"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:24:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cbc2,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39975"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:24:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cbc2,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33186"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10190"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:24:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cbc3,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:24:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cbc4,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:26:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cc3a,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35025"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:26:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cc3a,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58896"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10191"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:26:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cc3a,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49127"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:26:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cc3a,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33216"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10192"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:26:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cc3a,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55680"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:26:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cc3a,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64950"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43466"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:26:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cc3b,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:26:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cc3c,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:26:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cc47,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T16:28:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ccb2,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61284"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:28:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ccb2,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58930"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10193"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:28:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ccb2,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59573"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:28:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ccb2,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33250"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43467"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:28:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ccb2,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41052"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:28:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ccb2,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52534"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10194"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:28:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ccb3,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:28:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ccb4,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:30:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cd2a,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36041"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:30:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cd2a,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58964"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26790"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:30:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cd2a,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33287"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:30:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cd2a,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33285"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10195"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:30:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cd2a,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42140"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:30:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cd2a,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52568"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10196"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:30:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cd2b,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:30:37Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cd2c,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:32:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cda2,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56136"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:32:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cda2,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58998"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10197"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:32:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cda2,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32942"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:32:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cda2,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52600"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43468"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:32:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cda2,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55036"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:32:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cda2,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33320"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43469"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:32:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cda3,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:32:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cda6,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:34:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ce1a,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46558"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:34:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ce1a,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59032"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26791"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:34:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ce1b,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64926"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:34:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ce1b,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52634"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10198"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:34:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ce1b,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46479"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:34:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ce1b,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33354"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26792"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:34:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ce1c,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:34:37Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ce1d,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:35:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ce36,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T16:41:58Z gw-da58d3 CheckPoint 1930 - [flags:"393280"; ifdir:"inbound"; loguid:"{0x5e80cfd7,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; blade_name:"Anti Bot & Anti Virus"; information:"policy installation for blade Anti Bot & Anti Virus completed successfully"; product:"Log Update"] +<134>1 2020-03-29T16:41:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfd7,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52131"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:41:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfd7,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:41:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfd7,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55350"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10201"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:41:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfd7,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39858"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:41:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80cfd9,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"7"; version:"5"; additional_info:"Threat Prevention Policy : Standard"; administrator:"admin"; audit_status:"Success"; client_ip:"192.168.1.117"; machine:"192.168.1.117"; objectname:"gw-da58d3"; objecttable:"applications"; objecttype:"threatprevention_application"; operation:"Install Policy"; operation_number:"7"; product:"SmartConsole"; subject:"Policy Installation"; uid:"{597182F7-E1BA-460F-B6E0-D4996295B5CC}"] +<134>1 2020-03-29T16:41:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfd7,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33560"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43474"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfd8,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41545"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfd8,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45760"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26796"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfd8,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58263"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfd8,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52894"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26797"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:04Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfdc,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46019"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:04Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfdc,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33622"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10202"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:04Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfdc,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46917"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:04Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfdc,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65356"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43475"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:04Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfdc,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45778"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43476"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:04Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfdc,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36104"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfdc,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34824"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfdc,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52910"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26798"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfdc,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41242"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfdc,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33630"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26799"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfdd,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44457"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfdd,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45784"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10203"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfdd,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53176"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfdd,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65366"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10204"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfdd,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47078"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfdd,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52918"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10205"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfdd,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45790"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43477"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfdd,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38922"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfdd,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35413"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfdd,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33640"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43478"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfdd,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36129"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfdd,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={AFDE1595-0AEA-6E48-B48E-A69F8263607D};mgmt=gw-da58d3;date=1585488025;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65374"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26800"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:17Z gw-da58d3 CheckPoint 1930 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80cfea,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"2"; version:"5"; product:"System Monitor"; sys_message::"The eth0 interface is not protected by the anti-spoofing feature. Your network may be at risk"] +<134>1 2020-03-29T16:42:17Z gw-da58d3 CheckPoint 1930 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80cfea,0x1,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"3"; version:"5"; product:"System Monitor"; sys_message::"The eth1 interface is not protected by the anti-spoofing feature. Your network may be at risk"] +<134>1 2020-03-29T16:42:17Z gw-da58d3 CheckPoint 1930 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80cfea,0x2,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"5"; version:"5"; product:"System Monitor"; sys_message::"installed Standard"] +<134>1 2020-03-29T16:42:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfea,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfeb,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"194.29.39.10"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33272"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26801"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfeb,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45074"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfeb,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62607"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfeb,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38388"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10206"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfeb,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60335"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfeb,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52946"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43479"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfeb,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64325"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfeb,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33668"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43480"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfeb,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35272"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfeb,0x5,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65404"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43481"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfeb,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41278"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfeb,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52956"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10207"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfeb,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47884"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfeb,0x5,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38420"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10208"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfec,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52093"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfec,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33704"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43482"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfec,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53037"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfec,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65440"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26802"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfec,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56212"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfec,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59400"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26803"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfec,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33915"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfec,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53006"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26804"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfec,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49314"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfec,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33726"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10209"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfec,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35473"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfec,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38458"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10210"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80cfed,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"13"; version:"5"; additional_info:"Access Control Policy : Standard"; administrator:"admin"; audit_status:"Success"; client_ip:"192.168.1.117"; machine:"192.168.1.117"; objectname:"gw-da58d3"; objecttable:"applications"; objecttype:"firewall_application"; operation:"Install Policy"; operation_number:"7"; product:"SmartConsole"; subject:"Policy Installation"; uid:"{FF0154DE-7D18-4396-B0C2-7E8951B393A4}"] +<134>1 2020-03-29T16:42:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfec,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62759"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfec,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65472"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43483"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfec,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"19"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40385"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfec,0x5,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"20"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53024"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43484"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfed,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41203"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfed,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38504"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26805"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfed,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62866"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfed,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33778"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10211"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:42:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfed,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35163"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:42:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80cfed,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65512"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10212"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:44:10Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d05a,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.2.1"; icmp:"Echo Request"; icmp_code:"0"; icmp_type:"8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"1"; service_id:"echo-request"; src:"192.168.2.2"] +<134>1 2020-03-29T16:44:12Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d05c,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:44:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d05e,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:44:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d064,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61080"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:44:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d064,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59492"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10213"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:44:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d065,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57213"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:44:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d065,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32776"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43485"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:44:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d065,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42492"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:44:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d065,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53096"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10214"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:45:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0af,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.2.2"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43532"; service:"22"; service_id:"ssh"; src:"192.168.1.205"] +<134>1 2020-03-29T16:45:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0b0,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:45:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0b2,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:45:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0b6,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64227"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:45:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0b6,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55314"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43486"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:45:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0bf,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50006"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:45:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0bf,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50008"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:45:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0bf,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50009"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:45:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0bf,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50010"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:45:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0bf,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50011"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:45:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0bf,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50012"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:45:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0bf,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50013"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:45:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0bf,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50014"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:45:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0bf,0x5,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50015"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:45:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0bf,0x6,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50017"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:45:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0bf,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50016"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:45:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0bf,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50018"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:45:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0bf,0x7,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50019"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:45:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0bf,0x8,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50020"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:45:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0bf,0x5,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50021"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:45:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0c0,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50022"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:45:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0c1,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50023"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:45:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0c1,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50024"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:45:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0c1,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50025"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:45:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0c1,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50026"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:45:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0c5,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33599"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:45:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0c5,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53038"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:45:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0c5,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42356"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:45:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0c5,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64392"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:45:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0c5,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40108"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:45:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0c5,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56771"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:45:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0c5,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45321"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:45:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0c5,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62590"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:45:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0c5,0x5,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50880"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:45:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0c5,0x6,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56521"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:45:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0c5,0x7,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63431"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:45:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0c5,0x8,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65184"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:46:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0c8,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61320"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:46:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0dd,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53047"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:46:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0dd,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59632"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10215"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:46:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0dd,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57125"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:46:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0dd,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33953"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43487"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:46:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0dd,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63677"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:46:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0dd,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53236"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10216"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:46:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0de,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:46:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d0df,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:47:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d105,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T16:47:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d105,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.2.2"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43560"; service:"22"; service_id:"ssh"; src:"192.168.1.205"] +<134>1 2020-03-29T16:47:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d106,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:47:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d138,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50028"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:47:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d138,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50029"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:47:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d13a,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:47:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d13c,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:48:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d155,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62102"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:48:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d155,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59778"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26806"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:48:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d155,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42680"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:48:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d155,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33062"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10217"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:48:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d155,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64455"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:48:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d155,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34100"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10218"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:48:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d16a,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36791"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:48:42Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d16b,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51764"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T16:48:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d16a,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64199"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:48:42Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d16b,0x1,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52316"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T16:48:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d16a,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43446"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:48:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d16a,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55584"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10219"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:48:43Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d16a,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55586"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10220"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:48:43Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d16a,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50090"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:48:43Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d16b,0x2,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52830"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T16:48:43Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d16a,0x5,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55588"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10221"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:48:43Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d16c,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52316"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T16:48:43Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d16b,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:48:43Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d16b,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500523"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54033"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:48:43Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d16b,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35995"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:48:44Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d16d,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51764"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T16:48:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d173,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.2.2"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43584"; service:"22"; service_id:"ssh"; src:"192.168.1.205"] +<134>1 2020-03-29T16:48:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d174,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500532"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38655"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:48:53Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d176,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53378"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T16:48:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d174,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36216"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:48:53Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d176,0x1,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53380"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T16:48:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d174,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48926"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:48:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d174,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55592"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10222"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:48:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d174,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55594"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10223"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:48:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d175,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:48:53Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d176,0x2,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53380"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T16:48:56Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d17a,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52830"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T16:49:06Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d183,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53380"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T16:49:06Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d183,0x1,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53378"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T16:49:09Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d186,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51764"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T16:49:09Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d186,0x1,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52316"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T16:49:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d196,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500566"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54633"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:49:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d196,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44314"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:49:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d196,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36044"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:49:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d196,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55608"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10224"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:49:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d196,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55606"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10225"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:49:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d197,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:49:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d198,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500568"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56701"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:49:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d198,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500568"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34931"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:49:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d199,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500569"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47228"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:49:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d19a,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500570"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56327"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:49:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d19d,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500573"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60356"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:49:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1a0,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500576"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58250"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:49:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d1a2,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:49:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1a2,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500578"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52529"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:49:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1a2,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500578"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56897"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:49:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1a3,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500579"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39148"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:49:39Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d1a4,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54508"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T16:49:39Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d1a4,0x1,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53922"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T16:49:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1a4,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500580"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44337"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:49:41Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d1a5,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53055"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:49:43Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1a7,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500583"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49100"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:49:46Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1aa,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500586"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58716"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:49:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1ac,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500588"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49010"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:49:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1ac,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500588"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39431"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:49:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1ad,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500589"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48215"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:49:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1ae,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500590"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56971"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:49:52Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d1b2,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53922"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T16:49:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d1b0,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50032"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:49:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d1b0,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50033"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:49:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1b1,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500593"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59749"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:49:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1b3,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500595"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49542"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:49:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1b4,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500596"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44083"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:49:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1b6,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500598"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46826"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:49:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1b6,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500598"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49791"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:49:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1b7,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500599"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40178"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1b8,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500600"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53717"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:03Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1bb,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500603"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57022"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1bd,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500605"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52203"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:06Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1be,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500606"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59751"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d1c0,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:50:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1c0,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500608"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50901"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1c0,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500608"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47887"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1c0,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500608"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56449"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1c1,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500609"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43686"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:10Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1c2,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500610"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53250"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1c5,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500613"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46949"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1c7,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500615"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43159"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1c8,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500616"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57274"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1ca,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500618"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53008"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1ca,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500618"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55329"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:18Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d1cb,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54508"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T16:50:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1ca,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500618"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45632"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d1cb,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:50:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1cb,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500619"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50996"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1cc,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500620"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43302"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d1cd,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37471"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:50:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d1cd,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59906"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43488"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:50:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d1cd,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50910"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:50:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d1cd,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53508"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26807"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:50:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d1cd,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62453"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:50:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d1cd,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34228"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10226"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:50:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1cf,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500623"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33812"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1cf,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500623"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49138"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1d1,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500625"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34516"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1d2,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500626"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37272"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1d4,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500628"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44198"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1d4,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500628"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33260"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1d4,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500628"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34168"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1d5,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500629"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35955"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1d6,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500630"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43425"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1d9,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500633"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38689"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1d9,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500633"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39227"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1db,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500635"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43729"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1dc,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500636"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53404"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1de,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500638"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57455"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1de,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500638"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52835"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1de,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500638"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52596"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1df,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500639"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42327"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1e0,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500640"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36859"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:43Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1e3,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500643"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44150"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:45Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1e5,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500645"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42041"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:46Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1e6,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500646"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51280"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1e8,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500648"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45294"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1e8,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500648"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40892"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1e8,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500648"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42148"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d1e9,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:50:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1e9,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500649"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36931"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1ea,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500650"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36966"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1ef,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500655"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54842"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1ef,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500655"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54066"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1f0,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500656"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52067"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1f2,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500658"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53413"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1f2,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500658"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45807"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d1f2,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50034"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:50:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d1f2,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50035"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:50:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d1f2,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50036"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:50:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d1f2,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50037"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:50:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1f2,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500658"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57008"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:50:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1f3,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500659"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54465"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1f4,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500660"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49633"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1f9,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500665"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40657"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1f9,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500665"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33935"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:06Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1fa,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500666"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38324"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1fc,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500668"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52810"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1fc,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500668"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38952"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1fc,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500668"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46964"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1fd,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500669"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42085"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:10Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d1fe,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500670"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44134"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:12Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d200,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T16:51:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d203,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500675"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50033"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d204,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500676"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42620"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d206,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500678"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55061"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d206,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500678"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45467"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d206,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500678"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36181"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d207,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500679"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34289"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d208,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500680"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41793"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d20d,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500685"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56457"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d20e,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500686"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44790"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d210,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500688"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51352"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d210,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500688"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40847"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d212,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:51:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d216,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35610"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d216,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500694"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34846"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d216,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500694"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59714"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d217,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44548"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d217,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50096"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d217,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500695"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48563"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d217,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500695"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52162"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d218,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500696"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54224"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d21a,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500698"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45072"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d21a,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:51:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d21a,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500698"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52431"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d21b,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500699"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49787"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d21b,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500699"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40420"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d21b,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500699"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36548"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d21c,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500700"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34127"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d21c,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500700"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56320"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d21c,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500700"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40593"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d21c,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500700"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56113"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:41Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d21d,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500701"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33196"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d21e,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500702"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52255"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d21e,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500702"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37963"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:46Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d222,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500706"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48707"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:46Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d222,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500706"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45589"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:46Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d222,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500706"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57374"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d223,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500707"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33020"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d223,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500707"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36430"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d224,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500708"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39151"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d224,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500708"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56270"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d227,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500711"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48406"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d227,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500711"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41335"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d228,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50038"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:51:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d228,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50039"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:51:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d228,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50040"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:51:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d229,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500713"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43882"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d229,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500713"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45089"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d22a,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500714"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56267"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d22b,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500715"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40923"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d22b,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500715"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60127"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d22b,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500715"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35657"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d22b,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500715"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47915"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:51:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d22d,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33716"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:51:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d22f,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500719"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37557"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d230,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500720"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43215"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d230,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500720"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51934"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d230,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500720"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54308"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d230,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500720"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34739"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:06Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d236,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500726"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57495"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:06Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d236,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500726"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49150"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d238,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500728"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45367"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d239,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500729"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60597"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:11Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d23b,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500731"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57721"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:11Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d23b,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500731"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59391"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d23d,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:52:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d23d,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500733"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56629"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d23d,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500733"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44363"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d23f,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500735"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39459"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d23f,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500735"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56119"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d23f,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500735"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44079"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d23f,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500735"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40876"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d244,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500740"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40695"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d244,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500740"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41777"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d244,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500740"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55081"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d244,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500740"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33182"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d245,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44164"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:52:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d245,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59976"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10227"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:52:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d246,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58235"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:52:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d245,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33260"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10228"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:52:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d246,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63365"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:52:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d246,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53580"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10229"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:52:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d24a,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500746"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38147"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d24a,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500746"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45727"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d24c,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:52:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d24c,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500748"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47881"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d24d,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500749"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34184"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d24f,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500751"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52859"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d24f,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500751"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47176"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d251,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500753"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54686"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d252,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500754"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58509"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d256,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500758"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41490"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d256,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500758"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36241"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d256,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500758"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33708"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d257,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500759"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39041"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d258,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500760"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48567"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d258,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500760"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53988"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d258,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500760"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49354"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d260,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500768"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56759"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d260,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500768"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46081"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d261,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500769"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49980"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d261,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500769"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34984"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d262,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500770"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58365"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d265,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500773"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34901"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d266,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; log_delay:"1585500774"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52650"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:52:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d26b,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500779"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35306"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d26c,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500780"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49488"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d26c,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500780"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46461"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d26d,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:53:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d274,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500788"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35272"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d275,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500789"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47617"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d275,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500789"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44282"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:10Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d276,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:53:10Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d276,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500790"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43245"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d27e,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500798"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32809"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d27f,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500799"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46818"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d27f,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500799"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43579"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d280,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500800"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47669"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d288,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500808"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46309"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d289,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500809"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46114"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d289,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500809"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34166"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d28a,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500810"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54507"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d292,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500818"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51988"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d293,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500819"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33882"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d293,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500819"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46741"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d294,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500820"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47300"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:41Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d295,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:53:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d29c,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500828"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58832"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d29d,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500829"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34425"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d29d,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500829"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37611"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d29e,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:53:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d29e,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500830"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51400"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d2a1,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50043"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:53:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d2a1,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50044"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:53:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d2a1,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50045"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:53:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d2a1,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50046"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:53:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d2a6,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500838"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38270"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d2a7,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500839"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51214"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:53:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d2a7,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500839"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41662"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:54:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d2a8,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500840"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42118"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:54:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d2b1,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500849"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32849"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:54:10Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d2b2,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500850"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55943"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:54:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d2bb,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500859"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36141"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:54:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d2bc,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500860"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45077"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:54:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d2bd,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:54:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d2be,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32890"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:54:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d2be,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60032"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10230"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:54:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d2be,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64406"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:54:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d2be,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34352"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43489"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:54:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d2be,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39243"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:54:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d2be,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53636"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26808"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:54:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d2c5,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500869"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60576"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:54:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d2c5,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500869"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59345"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:54:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d2c5,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500869"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59225"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:54:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d2c6,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500870"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47185"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:54:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d2c7,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:54:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d2cf,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500879"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53512"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:54:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d2cf,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585500879"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58281"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:54:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d2dd,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T16:55:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d319,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50047"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:55:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d319,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50048"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:55:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d319,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50049"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:55:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d319,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50050"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:55:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d31a,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:56:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d320,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"9999"; service:"9999"; src:"192.168.1.1"] +<134>1 2020-03-29T16:56:02Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d323,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T16:56:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d322,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"67"; service:"68"; service_id:"dhcp-rep-localmodule"; src:"192.168.1.1"] +<134>1 2020-03-29T16:56:02Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d323,0x1,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T16:56:04Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d324,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50052"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:56:04Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d324,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50053"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:56:04Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d324,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50054"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:56:04Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d324,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50055"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:56:04Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d326,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T16:56:06Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d328,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"67"; service:"68"; service_id:"dhcp-rep-localmodule"; src:"192.168.0.254"] +<134>1 2020-03-29T16:56:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d32d,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T16:56:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d32d,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.196"] +<134>1 2020-03-29T16:56:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d32e,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"224.0.0.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"5351"; service:"5350"; src:"192.168.1.1"] +<134>1 2020-03-29T16:56:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d32e,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"224.0.0.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"5351"; service:"5351"; src:"192.168.1.1"] +<134>1 2020-03-29T16:56:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d336,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59196"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:56:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d336,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60068"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26809"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:56:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d336,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45930"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:56:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d336,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53670"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43490"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:56:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d336,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42649"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:56:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d336,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33354"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43491"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:56:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d34f,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32851"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:56:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d34f,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"195.88.54.16"; icmp:"Echo Request"; icmp_code:"0"; icmp_type:"8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"1"; service_id:"echo-request"; src:"192.168.2.2"] +<134>1 2020-03-29T16:56:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d34f,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53132"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:56:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d351,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:56:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d352,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:56:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d357,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36215"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36b,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501035"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47671"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36b,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"88.221.161.187"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51746"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36b,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34871"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36b,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"52.17.223.107"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43558"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36b,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501035"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39427"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36b,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501035"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43009"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36b,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501035"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55380"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36b,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"93.184.220.29"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46506"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36b,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501035"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35896"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36b,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"54.70.228.208"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45452"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36b,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501035"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49166"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36b,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"13.224.227.81"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39708"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36b,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501035"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43798"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36c,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501036"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40880"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36c,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"93.184.220.29"; log_delay:"1585501036"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46512"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36c,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501036"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60598"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36c,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"13.224.227.5"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45142"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36c,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501036"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60645"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36c,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501036"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38909"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36c,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501036"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60516"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36c,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"13.224.227.81"; log_delay:"1585501036"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39716"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36c,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"13.224.227.81"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39714"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36d,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501037"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43738"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36d,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501037"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44020"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36d,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501037"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59568"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36d,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501037"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56804"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36d,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501037"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40868"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36d,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501037"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58090"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36d,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501037"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51741"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36d,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"81.171.33.202"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39534"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36d,0x5,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501037"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51615"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36d,0x6,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501037"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48425"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36d,0x7,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501037"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35459"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36d,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"81.171.33.202"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33972"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d36e,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.196"] +<134>1 2020-03-29T16:57:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36e,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501038"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45724"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36e,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501038"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47374"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36e,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501038"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50265"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36e,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501038"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59575"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36e,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501038"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50747"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36e,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501038"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43931"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36e,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501038"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42662"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d36e,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501038"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38182"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d370,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501040"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35224"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d370,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501040"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41291"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d370,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501040"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56079"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d370,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501040"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36181"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d370,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501040"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44038"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d370,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501040"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40103"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d370,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501040"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51391"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d370,0x5,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501040"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57541"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d370,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501040"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36012"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d370,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501040"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39094"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d370,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501040"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48363"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d370,0x6,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"216.58.211.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44020"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d370,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501040"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39393"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d371,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"54.149.124.142"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42542"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d371,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"195.88.54.16"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51880"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d372,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501042"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33356"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d372,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501042"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55437"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d372,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"88.221.161.146"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42746"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d372,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"88.221.161.146"; log_delay:"1585501042"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42748"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d372,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"88.221.161.146"; log_delay:"1585501042"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42750"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d372,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"88.221.161.146"; log_delay:"1585501042"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42752"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d372,0x5,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"88.221.161.146"; log_delay:"1585501042"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42754"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d372,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"195.88.54.95"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38162"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d372,0x6,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501042"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46059"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d372,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501042"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59268"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d372,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501042"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47423"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d372,0x7,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"13.224.227.11"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51844"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d372,0x8,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"195.88.55.16"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52760"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501043"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59627"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501043"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57512"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501043"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56317"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501043"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44832"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"136.243.95.176"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54030"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501043"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34455"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x5,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"185.33.223.218"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54642"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x6,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"185.33.223.218"; log_delay:"1585501043"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54644"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x7,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"185.33.223.218"; log_delay:"1585501043"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54646"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x8,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501043"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33672"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"13.48.174.89"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54848"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"54.194.133.25"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45034"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"195.88.55.41"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60510"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501043"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47595"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x9,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501043"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35669"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"13.224.226.19"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57814"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47138"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501043"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33386"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"19"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"13.224.227.114"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50732"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x5,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"20"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"13.224.227.114"; log_delay:"1585501043"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50734"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0xa,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"21"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501043"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45919"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"22"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501043"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57125"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x5,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"23"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"151.101.37.108"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37516"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x6,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"24"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"151.101.37.108"; log_delay:"1585501043"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37518"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x7,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"25"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"151.101.37.108"; log_delay:"1585501043"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37520"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d373,0x6,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"13.224.226.19"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57828"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501044"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54730"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.108.173.172"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34032"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"185.33.223.209"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46472"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501044"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54587"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"52.50.107.92"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35246"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501044"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36804"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"185.33.223.206"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41264"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"172.217.17.130"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34362"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501044"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46991"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"172.217.17.67"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51992"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501044"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60554"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0x5,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501044"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33125"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0x6,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"13.49.27.73"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42782"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0x7,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501044"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43497"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0x8,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"172.217.17.34"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54060"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"23.100.50.51"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36466"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"185.33.223.206"; log_delay:"1585501044"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41276"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0x9,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"19"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501044"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37748"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"20"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501044"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50749"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"21"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501044"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37993"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0xa,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"22"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501044"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34744"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0xb,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"23"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.26.6.155"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58408"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0xc,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"24"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501044"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54681"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0xd,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"25"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"99.86.116.26"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36312"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d374,0x5,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"99.86.116.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50306"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d375,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"195.88.54.22"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38150"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d375,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"195.88.55.21"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58796"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d375,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"23.100.50.51"; log_delay:"1585501045"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36480"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d375,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501045"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48805"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d375,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501045"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45891"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d375,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501045"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40732"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d375,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501045"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46101"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d375,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"216.58.208.98"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40060"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d375,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"216.58.208.98"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40062"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d375,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"52.166.113.188"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37676"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d375,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"195.88.54.95"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38236"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d375,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501045"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51168"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d375,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501045"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34519"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d375,0x5,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.81.140.175"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38896"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d375,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501045"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57686"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d375,0x5,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"151.101.37.108"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37566"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d375,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"188.40.136.143"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43990"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d375,0x6,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"19"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"188.40.136.143"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43988"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d375,0x5,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"20"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501045"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55031"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d375,0x6,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"21"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"88.221.25.147"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34906"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d375,0x7,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"22"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"88.221.25.147"; log_delay:"1585501045"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34908"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d375,0x7,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"172.217.17.67"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52034"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d376,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501046"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51578"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d376,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"195.88.54.116"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55786"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d376,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38104"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d376,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55175"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d376,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60744"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d376,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54694"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d376,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56674"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d376,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60176"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d376,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34914"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d376,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40247"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d376,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36641"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d376,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55992"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d376,0x5,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53298"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d376,0x6,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43205"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d377,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53641"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d377,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45966"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d377,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47822"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d377,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40595"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d377,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59542"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d377,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42200"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d377,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45909"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d377,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62340"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d377,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39132"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d377,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51191"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d377,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59557"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d377,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37518"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d377,0x5,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54784"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d377,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53913"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d377,0x6,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50719"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d379,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:32Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d37c,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36362"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:32Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d37c,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48533"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:32Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d37c,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58003"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:32Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d37c,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33972"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:32Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d37c,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59081"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:32Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d37c,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45368"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:32Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d37c,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64435"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:32Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d37c,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43372"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:32Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d37c,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44361"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:57:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d380,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501056"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41202"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d380,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"216.58.208.106"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48514"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d380,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501056"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41684"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d380,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"172.217.17.67"; log_delay:"1585501056"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52040"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T16:57:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d38d,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63167"; service:"137"; service_id:"nbname"; src:"192.168.1.196"] +<134>1 2020-03-29T16:57:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d391,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50060"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:57:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d391,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50061"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:57:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d391,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50062"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:57:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d391,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50063"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:57:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d394,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"136.243.95.176"; log_delay:"1585501076"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54120"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:07Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d39f,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"216.58.211.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44134"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3a1,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:58:11Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3a3,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:58:12Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a4,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501092"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50195"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:12Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a4,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"172.217.19.196"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42728"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a4,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"185.33.223.206"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41324"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a4,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"185.33.223.206"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41326"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a4,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"185.33.223.206"; log_delay:"1585501092"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41328"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a5,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501093"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40874"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a5,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501093"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57610"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a5,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"172.217.17.78"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49956"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a5,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"216.58.211.99"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41556"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a5,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501093"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56870"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a5,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"216.58.211.110"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54412"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a5,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501093"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55908"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a5,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"172.217.17.142"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56712"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a5,0x5,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"172.217.17.142"; log_delay:"1585501093"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56714"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a5,0x6,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"172.217.17.142"; log_delay:"1585501093"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56716"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a5,0x7,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"172.217.17.142"; log_delay:"1585501093"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56718"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a5,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501093"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46625"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a5,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"172.217.17.67"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59706"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a5,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501093"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37560"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a5,0x8,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501093"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59224"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a5,0x5,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"19"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"172.217.19.206"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33986"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a5,0x6,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"20"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"172.217.19.194"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55652"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a5,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"21"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501093"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41740"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a5,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"22"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"172.217.168.194"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38354"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a6,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501094"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46529"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a6,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"34.215.75.150"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37662"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a6,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"34.215.75.150"; log_delay:"1585501094"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37664"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a6,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"34.215.75.150"; log_delay:"1585501094"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37666"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a7,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"93.184.220.29"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46676"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3a7,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501095"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53632"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3ae,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501102"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37701"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3ae,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"72.246.28.170"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58862"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ae,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33463"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:58:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ae,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60298"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43492"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:58:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ae,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45107"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:58:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ae,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53900"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43493"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:58:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3ae,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"72.246.28.170"; log_delay:"1585501102"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58864"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3ae,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"72.246.28.170"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58866"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3ae,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"72.246.28.170"; log_delay:"1585501102"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58868"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3ae,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501102"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45745"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ae,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41823"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:58:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ae,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33585"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26810"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T16:58:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3ae,0x5,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.108.169.64"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59124"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3ae,0x6,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.108.169.64"; log_delay:"1585501102"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59126"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3ae,0x7,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.108.169.64"; log_delay:"1585501102"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59128"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3ae,0x8,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.108.169.64"; log_delay:"1585501102"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59130"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3ae,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501102"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55776"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3ae,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"172.217.20.72"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41686"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3ae,0x9,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"19"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501102"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37337"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3af,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.108.169.64"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45524"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3af,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.108.169.64"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45526"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3af,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.108.169.64"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45528"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3af,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.108.169.64"; log_delay:"1585501103"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45530"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3af,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501103"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47325"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3af,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"108.177.119.154"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60980"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:58:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ba,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34118"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:58:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ba,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64726"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:58:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ba,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49768"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:58:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ba,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46809"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:58:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ba,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65208"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:58:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ba,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43244"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:58:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ba,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54999"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:58:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ba,0x5,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65306"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:58:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ba,0x6,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40105"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:58:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ba,0x7,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34061"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:58:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ba,0x8,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36499"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:58:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ba,0x9,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45093"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:58:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ba,0xa,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41373"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:58:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ba,0xb,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43583"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:58:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3bb,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35219"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:59:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3d6,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T16:59:03Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3d7,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:59:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3d9,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501145"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35380"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:06Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3da,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501146"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45096"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:07Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3da,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"209.87.209.101"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35138"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:07Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3db,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501147"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44471"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3dc,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"72.246.28.170"; log_delay:"1585501148"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58894"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3dc,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"72.246.28.170"; log_delay:"1585501148"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58896"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3dc,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"72.246.28.170"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58892"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3dc,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501148"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41652"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3dc,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"172.217.168.232"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57792"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3dc,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501148"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43073"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3dd,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501149"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53863"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3dd,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33728"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3dd,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501149"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37359"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3dd,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47294"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3dd,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501149"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37077"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3dd,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"209.87.209.101"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35152"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3dd,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501149"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38905"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3dd,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"209.87.209.101"; log_delay:"1585501149"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35154"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3dd,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"209.87.209.101"; log_delay:"1585501149"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35156"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:10Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3de,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501150"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44839"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:10Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3de,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"172.217.17.35"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49550"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:10Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3de,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"172.217.17.110"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42270"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:10Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3de,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"209.87.209.101"; log_delay:"1585501150"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35162"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:10Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3de,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501150"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38362"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:10Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d3de,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"194.29.39.47"; log_delay:"1585501150"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33744"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:17Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3e6,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T16:59:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3e5,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"67"; service:"68"; service_id:"dhcp-rep-localmodule"; src:"192.168.1.1"] +<134>1 2020-03-29T16:59:17Z gw-da58d3 CheckPoint 1930 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3e6,0x1,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T16:59:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3e5,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64032"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:59:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3e8,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57641"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:59:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3e8,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63679"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:59:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ed,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62590"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:59:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ed,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64193"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:59:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ed,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45685"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:59:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ee,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T16:59:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ef,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50064"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:59:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ef,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50065"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:59:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ef,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50066"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:59:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ef,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50067"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:59:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ef,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50068"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:59:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ef,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50069"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:59:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ef,0x5,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50070"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:59:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3ef,0x6,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50071"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:59:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3f0,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50072"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:59:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3f0,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50073"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:59:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3f1,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50074"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:59:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3f1,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50075"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:59:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3f2,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44075"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:59:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3f5,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62639"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:59:43Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d3fe,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54421"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T16:59:44Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d400,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501184"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54376"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:44Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d400,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"34.215.75.150"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37726"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:44Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d400,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501184"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47519"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T16:59:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d409,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50076"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T16:59:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d409,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50077"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:00:03Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d413,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T17:00:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d426,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48170"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:00:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d426,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60542"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43494"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:00:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d426,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44931"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:00:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d426,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54144"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26811"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:00:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d426,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50637"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:00:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d426,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33828"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10231"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:00:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d427,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:00:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d42a,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501226"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60859"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:00:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d42a,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35319"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:00:26Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d42a,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"174.138.9.187"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36152"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:00:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d42b,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36451"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:00:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d42b,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49585"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:00:27Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d42b,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:00:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d42c,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"83.98.201.134"; log_delay:"1585501228"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58699"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:00:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d42c,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"174.138.9.187"; log_delay:"1585501228"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39714"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:00:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d42d,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"162.159.200.123"; log_delay:"1585501229"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33018"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:00:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d42d,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"129.250.35.250"; log_delay:"1585501229"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42467"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:00:30Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d42e,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48133"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:00:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d42e,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"174.138.9.187"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36544"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:00:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d42f,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45504"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:00:31Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d42f,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46221"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:00:32Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d430,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37493"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:00:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d430,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"174.138.9.187"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53587"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:00:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d431,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"162.159.200.123"; log_delay:"1585501233"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34224"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:00:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d431,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"129.250.35.250"; log_delay:"1585501233"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39769"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:01:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d455,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50079"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:01:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d455,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50080"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:01:10Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d456,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:01:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d468,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50081"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:01:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d468,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50082"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:01:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d469,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50083"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:01:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d469,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50084"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:01:37Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d471,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"174.138.9.187"; log_delay:"1585501297"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36617"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:01:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d472,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"83.98.201.134"; log_delay:"1585501298"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43110"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:01:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d472,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56314"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:01:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d472,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46023"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:01:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d481,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50087"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:01:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d481,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50088"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:01:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d482,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d499,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59860"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:02:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d49f,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62674"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:23Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d49f,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60684"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10232"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d49f,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62267"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4a0,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54286"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43495"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4a0,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46243"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:24Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4a0,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35006"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26812"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:25Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4a1,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ab,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51067"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ab,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47248"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26813"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ab,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63098"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ab,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54380"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10233"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ab,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45369"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:35Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ab,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34064"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10234"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ac,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47254"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26814"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ac,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47838"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ac,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57820"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ac,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35104"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10235"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:36Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ac,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:37Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ad,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45260"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:37Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ad,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54388"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26815"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:37Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ad,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64333"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:37Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ad,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47268"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10236"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ae,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52355"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ae,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34082"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43496"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ae,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62910"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ae,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35120"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10237"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ae,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50089"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:02:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ae,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50090"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:02:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ae,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35789"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ae,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47300"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43497"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ae,0x5,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65005"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ae,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54436"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26816"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ae,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48407"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:37Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80d4b0,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.117"; sequencenum:"6"; version:"5"; administrator:"admin"; advanced_changes:" "; client_ip:"192.168.1.117"; fieldschanges:"SmartEvent Correlation Unit: Changed from 'Disable' to 'Enable' SmartEvent Server: Changed from 'Disable' to 'Enable' "; ip_address:"192.168.1.100"; logic_changes:"AbacusServer: Changed from 'Disable' to 'Enable' EventAnalyzer: Changed from 'Disable' to 'Enable' "; objectname:"gw-da58d3"; objecttype:"Gateway"; operation:"Modify Object"; product:"SmartConsole"; sendtotrackerasadvancedauditlog:"0"; session_name:"admin@3/29/2020"; session_uid:"1937d36a-e8b3-4cc5-ac5e-ffe41c58050f"; subject:"Object Manipulation"; uid:"17c04677-871e-f346-a0dd-3705cb95068f"] +<134>1 2020-03-29T17:02:37Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80d4b0,0x1,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.117"; sequencenum:"7"; version:"5"; administrator:"admin"; client_ip:"192.168.1.117"; fieldschanges:"1 Object was changed"; operation:"Publish"; product:"SmartConsole"; sendtotrackerasadvancedauditlog:"0"; session_name:"admin@3/29/2020"; session_uid:"1937d36a-e8b3-4cc5-ac5e-ffe41c58050f"; subject:"Revision Control"] +<134>1 2020-03-29T17:02:38Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ae,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34120"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26817"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4af,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50091"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:02:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d4b2,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"174.138.9.187"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39276"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:02:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d4b2,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"129.250.35.250"; log_delay:"1585501362"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37063"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:02:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d4b2,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"83.98.201.134"; log_delay:"1585501362"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58144"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:02:43Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d4b3,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"162.159.200.123"; log_delay:"1585501363"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40313"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59809"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b7,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"194.29.39.10"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34996"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26818"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b7,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48699"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b7,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47530"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10238"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38852"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47536"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10239"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39483"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35386"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26819"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57899"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54670"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10240"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55585"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"194.29.39.10"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35004"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26820"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57123"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x5,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34356"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26821"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49707"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35394"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10241"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64964"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x5,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54680"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10242"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"19"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34366"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43498"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x6,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"20"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42941"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x6,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"21"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54624"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x7,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"22"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47552"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10243"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x7,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"24"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46015"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"25"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57950"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x5,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"26"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35404"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43499"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x6,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"27"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37303"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x7,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"28"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54688"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43500"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x8,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"29"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44983"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x9,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"30"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34372"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43501"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x8,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"31"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47077"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0xa,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"32"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35411"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43502"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0xb,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"33"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.108.169.64"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50496"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43503"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:48Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b8,0x8,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"35"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61020"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b9,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34373"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b9,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47576"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43504"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b9,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63427"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b9,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54712"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26822"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b9,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38863"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b9,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34396"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26823"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b9,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47586"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26824"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:49Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4b9,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63680"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ba,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52054"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ba,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35440"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10244"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ba,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44721"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4ba,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54724"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10245"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4bd,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58832"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4bd,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40180"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43505"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4bd,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44654"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4bd,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34422"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26825"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4bd,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41806"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4bd,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35460"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26826"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:53Z gw-da58d3 CheckPoint 1930 - [flags:"393280"; ifdir:"inbound"; loguid:"{0x5e80d4be,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; blade_name:"Anti Bot & Anti Virus"; information:"policy installation for blade Anti Bot & Anti Virus completed successfully"; product:"Log Update"] +<134>1 2020-03-29T17:02:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4bd,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42081"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4bd,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.108.169.64"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50550"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26827"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4bf,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38889"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4bf,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57328"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10246"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4bf,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33161"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4bf,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54800"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43506"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4bf,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40916"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4bf,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34486"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26828"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c0,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45674"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c0,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47720"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10247"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c0,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63354"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c0,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35574"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43507"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c0,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44941"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80d4c1,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"7"; version:"5"; additional_info:"Threat Prevention Policy : Standard"; administrator:"admin"; audit_status:"Success"; client_ip:"192.168.1.117"; machine:"192.168.1.117"; objectname:"gw-da58d3"; objecttable:"applications"; objecttype:"threatprevention_application"; operation:"Install Policy"; operation_number:"7"; product:"SmartConsole"; subject:"Policy Installation"; uid:"{597182F7-E1BA-460F-B6E0-D4996295B5CC}"] +<134>1 2020-03-29T17:02:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c0,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54860"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10248"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c0,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47736"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43508"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c0,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44503"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c0,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61619"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c0,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34550"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10249"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c0,0x5,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53344"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c0,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35588"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43509"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c1,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50587"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c1,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47744"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26829"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c1,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59675"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c1,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54876"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26830"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c1,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36715"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c1,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34560"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26831"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c1,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56586"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c1,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47750"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10250"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c1,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37535"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c1,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35600"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43510"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:02:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c1,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44126"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:02:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4c1,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54884"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43511"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:03:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d1,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T17:03:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d1,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={BFDA4BB3-8525-054C-8EA5-6B575ED1D020};mgmt=gw-da58d3;date=1585500117;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T17:03:15Z gw-da58d3 CheckPoint 1930 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80d4d4,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"1"; version:"5"; product:"System Monitor"; sys_message::"The eth0 interface is not protected by the anti-spoofing feature. Your network may be at risk"] +<134>1 2020-03-29T17:03:15Z gw-da58d3 CheckPoint 1930 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80d4d4,0x1,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"2"; version:"5"; product:"System Monitor"; sys_message::"The eth1 interface is not protected by the anti-spoofing feature. Your network may be at risk"] +<134>1 2020-03-29T17:03:15Z gw-da58d3 CheckPoint 1930 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80d4d4,0x2,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"4"; version:"5"; product:"System Monitor"; sys_message::"installed Standard"] +<134>1 2020-03-29T17:03:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d4,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:03:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d5,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54740"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:03:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d5,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61496"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26832"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:03:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d5,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50541"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:03:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d5,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"194.29.39.10"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35430"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26833"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:03:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d5,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61858"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:03:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d5,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35818"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10251"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:03:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d5,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35530"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:03:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d5,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34784"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26834"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:03:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d5,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62818"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:03:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d5,0x5,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47974"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26835"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:03:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d5,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42933"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:03:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d5,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35828"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10252"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:03:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d5,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39647"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:03:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d5,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55114"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43512"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:03:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d5,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47479"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:03:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d5,0x5,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34806"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10253"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:03:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d5,0x6,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40331"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:03:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d5,0x7,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"19"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35846"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10254"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:03:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d5,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"20"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40812"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:03:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d5,0x8,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"21"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48008"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10255"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:03:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d5,0x9,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"23"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65497"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:03:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d5,0x6,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"24"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55146"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26836"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:03:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d6,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35052"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:03:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d6,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34838"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26837"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:03:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80d4d7,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"25"; version:"5"; additional_info:"Access Control Policy : Standard"; administrator:"admin"; audit_status:"Success"; client_ip:"192.168.1.117"; machine:"192.168.1.117"; objectname:"gw-da58d3"; objecttable:"applications"; objecttype:"firewall_application"; operation:"Install Policy"; operation_number:"7"; product:"SmartConsole"; subject:"Policy Installation"; uid:"{FF0154DE-7D18-4396-B0C2-7E8951B393A4}"] +<134>1 2020-03-29T17:03:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d7,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56278"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:03:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d7,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48078"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26838"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:03:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d7,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52838"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:03:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d7,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35936"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10256"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:03:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d7,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41076"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:03:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d7,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55220"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43513"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:03:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d8,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48124"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43514"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:03:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d8,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35938"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:03:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d8,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42500"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:03:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d8,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34944"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43515"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:03:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d8,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39752"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:03:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4d8,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35982"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26839"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:03:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4e0,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50092"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:03:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4e0,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50093"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:03:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4e1,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50094"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:03:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4e1,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50095"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:03:44Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d4f0,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58561"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:03:44Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d4f0,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"13.224.227.39"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58636"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:03:44Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d4f0,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585501424"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46306"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:03:44Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d4f0,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"34.98.75.36"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35972"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:03:45Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4f1,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:03:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d4f3,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"174.138.9.187"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35675"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:03:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d4f3,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33415"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:03:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d4f3,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43533"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:03:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d4f3,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33932"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:03:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4f8,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50096"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:03:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4f7,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50097"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:03:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4f8,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50098"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:03:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4f8,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50099"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:03:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4f8,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50100"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:03:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4f8,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50101"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:03:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4f8,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50102"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:03:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4f8,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50103"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:03:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4f9,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50104"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:03:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4f9,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50105"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:03:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4fa,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50106"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:03:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4fa,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50107"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:03:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4fb,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50108"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:03:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d4fb,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50109"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:04:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d502,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50110"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:04:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d502,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50111"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:04:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d502,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50112"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:04:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d502,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50113"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:04:03Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d503,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:04:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d509,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59018"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:04:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d509,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57922"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26840"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:04:37Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d524,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57938"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10257"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:04:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d533,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"174.138.9.187"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54827"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:04:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d533,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59950"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:04:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d534,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:04:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d534,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"83.98.201.134"; log_delay:"1585501492"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55664"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:04:52Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d534,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"162.159.200.123"; log_delay:"1585501492"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40539"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:04:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d53a,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43047"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:04:58Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d53a,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57980"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10258"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:07Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80d545,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.117"; sequencenum:"1"; version:"5"; administrator:"admin"; advanced_changes:" "; client_ip:"192.168.1.117"; fieldschanges:"Detect according to DC connectivity over internal network configuration: Changed from 'FALSE' to 'CLIENT_DECIDE' Enables uploading content to Check Point: Changed from 'Disable' to 'Enable' AcceptOutgoingToCpServices: Changed from 'Disable' to 'Enable' "; logic_changes:"AcceptOutgoingToCpServices: Changed from 'Disable' to 'Enable' AllowUploadContent: Changed from 'Disable' to 'Enable' EndpointVpnPreferences.endpointVpnLaPreferences: '14b88ac9-b2b3-46a6-b928-2a7f8e05c6ed' EndpointVpnPreferences.endpointVpnLaPreferences.laPreferDcOverInternalNetwork: Changed from 'FALSE' to 'CLIENT_DECIDE' "; objectname:"firewall_properties"; objecttype:"Global Properties"; operation:"Modify Object"; product:"SmartConsole"; sendtotrackerasadvancedauditlog:"0"; session_name:"admin@3/29/2020"; session_uid:"8f528c06-d338-4318-bad0-12a5be7325f0"; subject:"Object Manipulation"; uid:"da3ac1ae-c293-4c2d-a25c-81788ef9bbcc"] +<134>1 2020-03-29T17:05:07Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80d545,0x1,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.117"; sequencenum:"2"; version:"5"; administrator:"admin"; client_ip:"192.168.1.117"; fieldschanges:"1 Object was changed"; operation:"Publish"; product:"SmartConsole"; sendtotrackerasadvancedauditlog:"0"; session_name:"admin@3/29/2020"; session_uid:"8f528c06-d338-4318-bad0-12a5be7325f0"; subject:"Revision Control"] +<134>1 2020-03-29T17:05:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d544,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50118"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:05:08Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d544,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50119"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:05:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d545,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50120"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:05:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d545,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50121"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:05:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d545,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50122"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:05:09Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d545,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50123"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:05:16Z gw-da58d3 CheckPoint 1930 - [flags:"393280"; ifdir:"inbound"; loguid:"{0x5e80d54d,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; blade_name:"Anti Bot & Anti Virus"; information:"policy installation for blade Anti Bot & Anti Virus completed successfully"; product:"Log Update"] +<134>1 2020-03-29T17:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54d,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38360"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54d,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61958"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10259"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54d,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63990"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54d,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55560"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43516"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54d,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58114"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26841"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54d,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55533"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54d,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34989"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54d,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36308"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10260"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54d,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49085"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54d,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55594"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43517"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54e,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32968"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80d54f,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"13"; version:"5"; additional_info:"Threat Prevention Policy : Standard"; administrator:"admin"; audit_status:"Success"; client_ip:"192.168.1.117"; machine:"192.168.1.117"; objectname:"gw-da58d3"; objecttable:"applications"; objecttype:"threatprevention_application"; operation:"Install Policy"; operation_number:"7"; product:"SmartConsole"; subject:"Policy Installation"; uid:"{597182F7-E1BA-460F-B6E0-D4996295B5CC}"] +<134>1 2020-03-29T17:05:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54e,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35310"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26842"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54e,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38274"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54e,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41104"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10261"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54e,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60021"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54e,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36382"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43518"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54e,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40918"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54e,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55666"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26843"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54f,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41913"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54f,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41120"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26844"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54f,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33482"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54f,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35358"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10262"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54f,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44783"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54f,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36396"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43519"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54f,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64649"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54f,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41128"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26845"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54f,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55291"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54f,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55684"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10263"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54f,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48900"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54f,0x5,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35368"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43520"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54f,0x6,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50167"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d54f,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41134"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10264"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d550,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58555"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d550,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36408"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10265"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d550,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57809"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d550,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55692"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43521"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:20Z gw-da58d3 CheckPoint 1930 - [flags:"147456"; ifdir:"inbound"; logid:"134217728"; loguid:"{0x5e80d550,0x0,0x6401a8c0,0x18d}"; origin:"192.168.1.100"; sequencenum:"9"; version:"5"; additional_info:"Threat Prevention Policy : Standard"; administrator:"admin"; cu_detected_by:"192.168.1.100"; cu_detection_time:"1585501520"; cu_last_update_time:"1585501520"; cu_log_count:"1"; cu_rule_category:"Informational"; cu_rule_id:"{58144F8B-A181-AB98-A857-2A8F6CFEA948}"; domain:"SMC User"; event_end_time:"1585501520"; event_name:"Policy installation"; event_start_time:"1585501519"; is_correlated:"1"; is_last:"1"; log_id:"2000"; machine:"3232235893"; max_num_count_detected:"1"; num_of_updates:"0"; objectname:"gw-da58d3"; origin_repetitions:"1"; product:"SmartConsole"; severity:"0"; source_repetitions:"1"; time_interval:"60"; users_repetitions:"1"] +<134>1 2020-03-29T17:05:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d550,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d558,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50129"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:05:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d558,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={A355130C-7527-9840-A58E-5280C5686B5B};mgmt=gw-da58d3;date=1585501372;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50130"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:05:38Z gw-da58d3 CheckPoint 1930 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80d563,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"1"; version:"5"; product:"System Monitor"; sys_message::"The eth0 interface is not protected by the anti-spoofing feature. Your network may be at risk"] +<134>1 2020-03-29T17:05:38Z gw-da58d3 CheckPoint 1930 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80d563,0x1,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"2"; version:"5"; product:"System Monitor"; sys_message::"The eth1 interface is not protected by the anti-spoofing feature. Your network may be at risk"] +<134>1 2020-03-29T17:05:38Z gw-da58d3 CheckPoint 1930 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80d563,0x2,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"4"; version:"5"; product:"System Monitor"; sys_message::"installed Standard"] +<134>1 2020-03-29T17:05:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d563,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"194.29.39.10"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36084"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43522"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d563,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50063"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d563,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56776"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d563,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41200"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26846"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d563,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50362"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d563,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55766"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26847"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d563,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49435"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d563,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35450"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10266"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d563,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43790"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d563,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55770"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10267"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d563,0x5,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59237"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d563,0x6,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36492"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10268"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d564,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55390"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d564,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62198"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10269"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d564,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48957"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d564,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35482"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43523"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d564,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54621"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d564,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55802"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43524"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d564,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39494"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d564,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41252"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43525"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d564,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62343"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d564,0x5,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36532"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43526"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d564,0x6,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34566"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d564,0x7,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35498"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43527"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d564,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41272"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26848"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d564,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62889"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:41Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d564,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35872"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:41Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d564,0x8,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55836"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43528"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:41Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d564,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60667"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:41Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d564,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36556"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26849"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:41Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d565,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:41Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d565,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60689"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:41Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d565,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41314"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10270"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:41Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d565,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34760"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:41Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d565,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35552"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26850"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:41Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d565,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45832"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:05:39Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80d565,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"13"; version:"5"; additional_info:"Access Control Policy : Standard"; administrator:"admin"; audit_status:"Success"; client_ip:"192.168.1.117"; machine:"192.168.1.117"; objectname:"gw-da58d3"; objecttable:"applications"; objecttype:"firewall_application"; operation:"Install Policy"; operation_number:"7"; product:"SmartConsole"; subject:"Policy Installation"; uid:"{FF0154DE-7D18-4396-B0C2-7E8951B393A4}"] +<134>1 2020-03-29T17:05:41Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d565,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55872"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26851"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:05:43Z gw-da58d3 CheckPoint 1930 - [flags:"147456"; ifdir:"inbound"; logid:"134217728"; loguid:"{0x5e80d567,0x0,0x6401a8c0,0x18d}"; origin:"192.168.1.100"; sequencenum:"1"; version:"5"; additional_info:"Access Control Policy : Standard"; administrator:"admin"; cu_detected_by:"192.168.1.100"; cu_detection_time:"1585501543"; cu_last_update_time:"1585501543"; cu_log_count:"1"; cu_rule_category:"Informational"; cu_rule_id:"{58144F8B-A181-AB98-A857-2A8F6CFEA948}"; domain:"SMC User"; event_end_time:"1585501543"; event_name:"Policy installation"; event_start_time:"1585501542"; is_correlated:"1"; is_last:"1"; log_id:"2000"; machine:"3232235893"; max_num_count_detected:"1"; num_of_updates:"0"; objectname:"gw-da58d3"; origin_repetitions:"1"; product:"SmartConsole"; severity:"0"; source_repetitions:"1"; time_interval:"60"; users_repetitions:"1"] +<134>1 2020-03-29T17:05:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d571,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50132"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:05:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d571,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50133"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:05:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d572,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50134"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:05:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d572,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50135"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:05:55Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d573,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"174.138.9.187"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35307"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:05:56Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d574,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50221"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:05:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d575,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46247"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:05:57Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d575,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52273"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:06:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d585,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.117"] +<134>1 2020-03-29T17:06:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d587,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50142"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:06:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d587,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50143"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:06:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d588,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:06:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d58c,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T17:06:22Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d58e,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:07:00Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d5b4,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"174.138.9.187"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40881"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:07:01Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d5b5,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58497"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:07:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d5b6,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49175"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:07:02Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d5b6,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44987"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:07:03Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d5b6,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:07:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d5d0,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50229"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:07:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d5d0,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50230"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:07:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d5dc,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35039"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:07:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d5dc,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62336"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43529"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:07:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d5dc,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32921"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:07:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d5dc,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36656"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10271"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:07:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d5dc,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32863"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:07:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d5dc,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35622"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26852"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:07:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d5e9,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50338"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:07:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d5e9,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50339"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:07:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d5ea,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50340"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:07:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d5ea,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50341"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:07:54Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d5ea,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:08:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d5f5,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"174.138.9.187"; log_delay:"1585501685"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53049"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:08:06Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d5f6,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"129.250.35.250"; log_delay:"1585501686"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35232"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:08:06Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d5f6,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49073"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:08:07Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d5f7,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"83.98.201.134"; log_delay:"1585501687"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36221"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:08:42Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d61a,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.117"] +<134>1 2020-03-29T17:08:44Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d61c,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:08:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d62b,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50472"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:08:59Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d62b,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50473"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:09:10Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d636,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"174.138.9.187"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60146"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:09:11Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d637,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55248"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:09:11Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d637,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"162.159.200.123"; log_delay:"1585501751"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47194"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:09:12Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d638,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52385"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:09:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d648,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50489"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:09:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d648,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50490"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:09:29Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d649,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:09:37Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d651,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.117"] +<134>1 2020-03-29T17:09:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d654,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59928"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:09:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d654,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62404"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10272"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:09:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d654,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36473"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:09:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d654,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35688"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43530"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:09:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d654,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60411"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:09:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d654,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56008"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10273"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:09:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d661,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50504"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:09:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d661,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50505"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:10:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d676,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50516"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:10:14Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d676,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50517"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:10:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d677,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39299"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:10:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d677,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"174.138.9.187"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52626"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:10:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d678,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:10:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d678,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38352"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:10:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d678,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35464"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:10:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d697,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.117"] +<134>1 2020-03-29T17:11:03Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6a7,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T17:11:05Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6a9,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:11Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80d6b0,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"1"; version:"5"; additional_info:"Added License dc5kVojmZHHDrsrJp9F7toR9kd37pftQGXwb to the repository."; administrator:"admin"; client_ip:"192.168.1.117"; machine:"WinDev2002Eval"; operation:"Create Object"; operation_number:"0"; product:"SmartUpdate"; subject:"Object Manipulation"] +<134>1 2020-03-29T17:11:11Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80d6b0,0x1,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"2"; version:"5"; additional_info:"Added License ajfs3FwWLkJToKcpiUWLzpXcXGa83uB4bRbv to the repository."; administrator:"admin"; client_ip:"192.168.1.117"; machine:"WinDev2002Eval"; operation:"Create Object"; operation_number:"0"; product:"SmartUpdate"; subject:"Object Manipulation"] +<134>1 2020-03-29T17:11:12Z gw-da58d3 CheckPoint 1930 - [alert:"alert"; flags:"401408"; ifdir:"inbound"; loguid:"{0x5e80d6b1,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; fw_message:"Following a modification in your license information, the number of permitted cores has changed from unlimited to 1. This machine has a total of 4 cores. Please reboot the security gateway. "; log_id:"496026"; product:"VPN-1 & FireWall-1"] +<134>1 2020-03-29T17:11:12Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b0,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49004"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26853"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:12Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b0,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53511"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:12Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b0,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"194.29.39.10"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36472"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26854"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:12Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b0,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57919"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b0,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60284"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b0,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58696"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43531"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b0,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58700"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43532"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b0,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"194.29.39.10"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36486"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43533"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35736"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b0,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32897"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56160"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43534"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33980"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35844"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26855"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63274"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"194.29.39.10"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36500"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26856"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36626"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56180"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26857"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x5,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49934"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x6,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36902"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26858"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x7,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58058"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x8,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35868"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26859"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x9,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47040"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0xa,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"19"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56188"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26860"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"20"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63207"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"21"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36912"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10274"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"22"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64112"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"23"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35880"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43535"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"24"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35156"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:12Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80d6b1,0x1,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"2"; version:"5"; additional_info:"Performed 'Attach License' on 192.168.1.100"; administrator:"admin"; client_ip:"192.168.1.117"; machine:"WinDev2002Eval"; operation:"Modify Object"; operation_number:"1"; product:"SmartUpdate"; subject:"Object Manipulation"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x5,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"25"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46319"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x6,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"26"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56204"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43536"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x7,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"27"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"194.29.39.10"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36538"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43537"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x8,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"28"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64809"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x9,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"29"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36928"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43538"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"30"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54833"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0xb,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"31"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35902"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26861"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0xc,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"32"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55626"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:13Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b1,0xd,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"33"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56222"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26862"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b3,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38492"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b3,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36944"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10275"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b3,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58151"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:15Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b3,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35910"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10276"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:16Z gw-da58d3 CheckPoint 1930 - [alert:"alert"; flags:"172032"; ifdir:"outbound"; loguid:"{0x5e80d6b5,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; description:"Content Awareness blade is deactivated. All policy rules using it will be affected"; product:"Content Awareness"; severity:"4"] +<134>1 2020-03-29T17:11:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b4,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64646"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b4,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49102"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10277"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b4,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61606"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b4,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56234"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43539"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b4,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41425"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:16Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b4,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36954"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43540"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b5,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49108"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43541"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b5,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62004"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b5,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52007"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b5,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35922"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10278"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b5,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58616"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b5,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56242"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10279"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:17Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b5,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T17:11:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b6,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33830"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b6,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49114"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43542"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b6,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57215"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b6,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36964"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26863"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b6,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65111"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b6,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35930"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26864"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:18Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b6,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.196"] +<134>1 2020-03-29T17:11:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b7,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38864"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:19Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d6b7,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"129.250.35.250"; log_delay:"1585501879"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48896"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:11:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; conn_direction:"Internal"; flags:"4606214"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d6b8,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"174.138.9.187"; log_delay:"1585501880"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51076"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:11:20Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b8,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50528"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:11:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6b8,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50529"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:11:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d6b9,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46564"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:11:21Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d6b9,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33940"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:11:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c0,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50530"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:11:28Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c0,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50531"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:11:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c5,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53533"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c5,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49138"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43543"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c5,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57117"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c5,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"194.29.39.10"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36602"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43544"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c5,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35420"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c5,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56272"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43545"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c5,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52493"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c5,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36992"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10280"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c5,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43273"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c5,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49146"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10281"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c5,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58469"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c5,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35960"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10282"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c5,0x5,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57947"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c5,0x6,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56280"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10283"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c5,0x7,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42561"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c5,0x8,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37000"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10284"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c5,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55531"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:33Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c5,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"19"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35966"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26865"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c6,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45003"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c6,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49156"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10285"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c6,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52735"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c6,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56288"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10286"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c6,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48715"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c6,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37008"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10287"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c6,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49162"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43546"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c6,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54505"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c6,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32936"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c6,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35976"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43547"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c6,0x5,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35967"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:34Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6c6,0x6,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56296"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"43548"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6cc,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57460"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:40Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6cc,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62700"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26866"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:41Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6cd,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44030"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:41Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6cd,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37020"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10288"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:41Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6cd,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58056"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:41Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6cd,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35986"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10289"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:46Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d2,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48140"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:46Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d2,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48142"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:46Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d2,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48146"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:46Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d2,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48148"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:46Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d2,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48150"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:46Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d2,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48152"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:46Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d2,0x5,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48154"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:46Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d2,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48156"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:46Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d2,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48158"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:46Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d2,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48160"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:46Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d2,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48162"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:46Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d2,0x5,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48164"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:47Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d3,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44917"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x0,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48168"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48170"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x1,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48172"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x2,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48174"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x3,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48176"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x4,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48178"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x5,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48180"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x1,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48182"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x2,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48184"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x3,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48186"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x4,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48188"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x5,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48190"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x7,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48194"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48192"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x6,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48196"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x8,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48200"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x1,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48198"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x7,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48202"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x2,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"19"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48204"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x3,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"20"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48210"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x8,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"21"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48208"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x9,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"22"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48206"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x9,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"23"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48212"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x4,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"24"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48214"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0xa,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"25"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48216"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0xa,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"26"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48218"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x5,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"27"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48220"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e80d6d6,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"29"; version:"5"; description:"Contracts"; product:"Security Gateway/Management"; status:"Started"; update_service:"1"; version:"1.0"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0xb,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"28"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48222"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0xc,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"30"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46024"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0x7,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"31"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"194.29.39.10"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36646"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"26867"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0xd,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"32"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58920"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:50Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0xd,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"33"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56316"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10290"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0xe,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56724"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:11:51Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d6,0xf,0x60e0fe3b,0xda019994}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37036"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10291"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:11:51Z gw-da58d3 CheckPoint 1930 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e80d6d8,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.100"; sequencenum:"3"; version:"5"; comment:"No update was found"; description:"Contracts"; product:"Security Gateway/Management"; status:"Finished"; update_service:"1"; version:"1.0"] +<134>1 2020-03-29T17:11:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d9,0x0,0xbba3afa,0xd2c10858}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50532"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:11:53Z gw-da58d3 CheckPoint 1930 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d6d9,0x0,0x1cae0484,0xf99c33e9}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50533"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:13:43Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80d75a,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; product:"System Monitor"; sys_message::"installed defaultfilter"] +<134>1 2020-03-29T17:13:43Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80d75b,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; product:"System Monitor"; sys_message::"installed InitialPolicy"] +<134>1 2020-03-29T17:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Key Install"; flags:"133376"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80d75b,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; sequencenum:"5"; version:"0"; internal_ca::"started"; product:"VPN-1 & FireWall-1"] +<134>1 2020-03-29T17:13:42Z gw-da58d3 CheckPoint 8363 - [alert:"alert"; flags:"172032"; ifdir:"outbound"; loguid:"{0x5e80d75b,0x2,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; description:"Content Awareness blade is deactivated. All policy rules using it will be affected"; product:"Content Awareness"; severity:"4"] +<134>1 2020-03-29T17:13:45Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e80d75b,0x3,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; description:"IPs and Domains for Online Services objects"; product:"Firewall"; status:"Started"; update_service:"1"; version:"1.0"] +<134>1 2020-03-29T17:13:44Z gw-da58d3 CheckPoint 8363 - [flags:"393280"; ifdir:"inbound"; loguid:"{0x5e80d75b,0x4,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=InitialPolicy\]"; blade_name:"Anti Bot & Anti Virus"; information:"policy installation for blade Anti Bot & Anti Virus completed successfully"; product:"Log Update"] +<134>1 2020-03-29T17:13:45Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e80d75b,0x5,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; description:"IPs and Domains for Online Services objects"; product:"Firewall"; status:"Succeeded"; update_service:"1"; version:"1.0"] +<134>1 2020-03-29T17:13:53Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"393216"; ifdir:"inbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d75b,0x6,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=InitialPolicy\]"; dst:"192.168.1.100"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48218"; service:"443"; src:"192.168.1.205"; tcp_flags:"FIN-PUSH-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T17:13:53Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"393216"; ifdir:"inbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d75b,0x7,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=InitialPolicy\]"; dst:"192.168.1.100"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48156"; service:"443"; src:"192.168.1.205"; tcp_flags:"FIN-PUSH-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T17:13:53Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"393216"; ifdir:"inbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d75b,0x8,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=InitialPolicy\]"; dst:"192.168.1.100"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48180"; service:"443"; src:"192.168.1.205"; tcp_flags:"FIN-PUSH-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T17:13:53Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"393216"; ifdir:"inbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d75b,0x9,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=InitialPolicy\]"; dst:"192.168.1.100"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48222"; service:"443"; src:"192.168.1.205"; tcp_flags:"FIN-PUSH-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T17:13:53Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"393216"; ifdir:"inbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d75b,0xa,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=InitialPolicy\]"; dst:"192.168.1.100"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48220"; service:"443"; src:"192.168.1.205"; tcp_flags:"FIN-PUSH-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T17:13:53Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"393216"; ifdir:"inbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d75b,0xb,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=InitialPolicy\]"; dst:"192.168.1.100"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48160"; service:"443"; src:"192.168.1.205"; tcp_flags:"FIN-PUSH-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T17:14:00Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"393216"; ifdir:"inbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d75b,0xc,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=InitialPolicy\]"; dst:"192.168.2.2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43584"; service:"22"; src:"192.168.1.205"; tcp_flags:"PUSH-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T17:14:05Z gw-da58d3 CheckPoint 8363 - [alert:"alert"; flags:"172032"; ifdir:"outbound"; loguid:"{0x5e80d75e,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; description:"Content Awareness blade is deactivated. All policy rules using it will be affected"; product:"Content Awareness"; severity:"4"] +<134>1 2020-03-29T17:14:56Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"393216"; ifdir:"inbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d791,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=InitialPolicy\]"; dst:"192.168.2.2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43584"; service:"22"; src:"192.168.1.205"; tcp_flags:"PUSH-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T17:16:36Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80d7f6,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; product:"System Monitor"; sys_message::"security policy uninstalled"] +<134>1 2020-03-29T17:17:26Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e80d827,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; description:"Reports Update Web updates"; product:"SmartEvent Client"; status:"Started"; update_service:"1"; version:"R80.40"] +<134>1 2020-03-29T17:17:26Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e80d827,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; description:"Reports Update Web updates"; failure_impact:"Reports Update Web updates failed"; product:"SmartEvent Client"; reason:"Server replied with no results."; severity:"2"; status:"Failed"; update_service:"1"; version:"R80.40"] +<134>1 2020-03-29T17:17:27Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e80d827,0x2,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; description:"Small Office Appliance Types"; product:"Security Gateway/Management"; status:"Started"; update_service:"1"; version:"994000000"] +<134>1 2020-03-29T17:17:27Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e80d827,0x3,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; description:"Small Office Appliance Types"; failure_impact:"Small Office Appliance Types update failed"; product:"Security Gateway/Management"; reason:"Server replied with no results."; severity:"2"; status:"Failed"; update_service:"1"; version:"994000000"] +<134>1 2020-03-29T17:17:28Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e80d829,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; description:"Appliance Types"; product:"Security Gateway/Management"; status:"Started"; update_service:"1"; version:"994000000"] +<134>1 2020-03-29T17:17:28Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e80d829,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; description:"Appliance Types"; failure_impact:"Appliance Types update failed"; product:"Security Gateway/Management"; reason:"Server replied with no results."; severity:"2"; status:"Failed"; update_service:"1"; version:"994000000"] +<134>1 2020-03-29T17:18:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80d84e,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; additional_info:"Authentication method: Unix Password"; administrator:"admin"; client_ip:"192.168.1.117"; machine:"WinDev2002Eval"; operation:"Log In"; operation_number:"10"; product:"SmartConsole"; subject:"Administrator Login"] +<134>1 2020-03-29T17:18:40Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e80d872,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; description:"Internal trusted CAs service "; product:"Security Gateway/Management"; status:"Started"; update_service:"1"; version:"1.0"] +<134>1 2020-03-29T17:18:41Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e80d872,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; description:"Internal trusted CAs service "; failure_impact:"An unsecure server may be trusted, or update services may fail to operate"; product:"Security Gateway/Management"; reason:"Could not download from \"http://updates.checkpoint.com/WebService/services/DownloadMetaDataService?wsdl\". Server error occurred."; severity:"2"; status:"Failed"; update_service:"1"; version:"1.0"] +<134>1 2020-03-29T17:18:41Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e80d872,0x2,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; description:"Contracts"; product:"Security Gateway/Management"; status:"Started"; update_service:"1"; version:"1.0"] +<134>1 2020-03-29T17:18:42Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e80d873,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; comment:"No update was found"; description:"Contracts"; product:"Security Gateway/Management"; status:"Finished"; update_service:"1"; version:"1.0"] +<134>1 2020-03-29T17:20:37Z gw-da58d3 CheckPoint 8363 - [alert:"alert"; flags:"401408"; ifdir:"inbound"; loguid:"{0x5e80d8e6,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=InitialPolicy\]"; fw_message:"Following a modification in your license information, the number of permitted cores has changed from 1 to 8. This machine has a total of 4 cores. Please reboot the security gateway. "; log_id:"496026"; product:"VPN-1 & FireWall-1"] +<134>1 2020-03-29T17:20:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80d8e7,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; additional_info:"Performed 'Attach License' on 192.168.1.100"; administrator:"admin"; client_ip:"192.168.1.117"; machine:"WinDev2002Eval"; operation:"Modify Object"; operation_number:"1"; product:"SmartUpdate"; subject:"Object Manipulation"] +<134>1 2020-03-29T17:21:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80d907,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; additional_info:"Threat Prevention Policy : Standard"; administrator:"admin"; audit_status:"Failure"; client_ip:"192.168.1.117"; machine:"192.168.1.117"; objectname:"gw-da58d3"; objecttable:"applications"; objecttype:"threatprevention_application"; operation:"Install Policy"; operation_number:"7"; product:"SmartConsole"; subject:"Policy Installation"; uid:"{597182F7-E1BA-460F-B6E0-D4996295B5CC}"] +<134>1 2020-03-29T17:21:22Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80d913,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; product:"System Monitor"; sys_message::"The eth0 interface is not protected by the anti-spoofing feature. Your network may be at risk"] +<134>1 2020-03-29T17:21:22Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80d913,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; product:"System Monitor"; sys_message::"The eth1 interface is not protected by the anti-spoofing feature. Your network may be at risk"] +<134>1 2020-03-29T17:21:22Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80d913,0x2,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; product:"System Monitor"; sys_message::"installed Standard"] +<134>1 2020-03-29T17:21:22Z gw-da58d3 CheckPoint 8363 - [flags:"393216"; ifdir:"inbound"; loguid:"{0x5e80d913,0x3,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=InitialPolicy\]"; fw_message:"Parameter 'Connections hash table size' changed from 32768 to 8388608"; product:"VPN-1 & FireWall-1"] +<134>1 2020-03-29T17:21:22Z gw-da58d3 CheckPoint 8363 - [flags:"393216"; ifdir:"inbound"; loguid:"{0x5e80d913,0x4,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={237AAAA3-CA95-A941-82DA-D980A933F6A5};mgmt=gw-da58d3;date=1585501515;policy_name=InitialPolicy\]"; fw_message:"Parameter 'Maximum concurrent connections' changed from 25000 to Unlimited"; product:"VPN-1 & FireWall-1"] +<134>1 2020-03-29T17:21:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d913,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:21:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d914,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53590"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d914,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502484"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41768"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d914,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502484"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35034"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d914,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502484"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53048"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d914,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502484"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59937"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d914,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502484"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37259"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d914,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"195.88.54.16"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52092"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d915,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"88.221.161.146"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42958"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d915,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"195.88.54.95"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38366"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d915,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"195.88.55.95"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50194"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d915,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"195.88.54.95"; log_delay:"1585502485"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38370"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d915,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502485"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48771"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d915,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502485"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44798"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d915,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502485"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34766"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d915,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"195.88.55.16"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52966"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d915,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502485"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35133"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d915,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502485"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35651"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d915,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"52.49.248.24"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38448"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d915,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502485"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33172"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d915,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502485"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35210"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d915,0xd,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502485"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33343"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d915,0xe,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"185.33.223.203"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44544"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d915,0xf,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"185.33.223.203"; log_delay:"1585502485"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44546"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d915,0x10,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"185.33.223.203"; log_delay:"1585502485"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44548"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d915,0x11,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502485"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56783"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d915,0x12,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"19"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502485"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33252"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d915,0x13,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"20"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61095"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d915,0x14,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55762"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d915,0x15,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"136.243.95.176"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54244"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d915,0x16,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"194.29.39.10"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62020"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10001"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33138"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55788"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41787"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50638"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"195.88.54.41"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52424"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"13.48.174.89"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55058"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48429"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33204"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"13.53.104.115"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53246"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53927"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60505"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"104.81.140.246"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57354"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"104.81.140.246"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57356"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0xd,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42171"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0xe,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38516"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0xf,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"19"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39098"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x10,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"20"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60880"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x11,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"21"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39591"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x12,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"22"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"104.108.173.172"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34228"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x13,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"23"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51822"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x14,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"24"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"104.81.140.246"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57360"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x15,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"25"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"104.108.173.172"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34232"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x16,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"26"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"13.53.104.115"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53258"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x18,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"27"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"104.81.140.246"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57366"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x19,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"28"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"185.33.223.80"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46392"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x1a,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"29"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"172.217.19.194"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55770"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x1b,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"30"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45179"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d916,0x1c,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"31"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33466"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10002"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x1d,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"32"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"172.217.20.66"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59890"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d916,0x1e,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"33"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42261"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d916,0x1f,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"34"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48788"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10003"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d916,0x20,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"35"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41829"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d916,0x21,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"36"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36408"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10004"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x22,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"37"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60238"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x23,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"38"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49507"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x24,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"39"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36205"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x25,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"40"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502486"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53772"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d916,0x26,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"104.26.6.155"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58600"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36552"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39733"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43005"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56632"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45251"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52899"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42262"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"99.86.116.53"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60774"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"195.88.55.30"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44650"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"23.100.50.51"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36668"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"99.86.116.68"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47704"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d917,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65257"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d917,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48792"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10005"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d917,0xd,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39450"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d917,0xe,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61480"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10006"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0xf,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"104.81.140.246"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57384"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x10,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"172.217.17.130"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34578"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x11,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"19"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39194"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x12,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"20"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59478"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x13,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"21"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44683"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x14,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"22"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32868"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x15,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"23"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"172.217.17.66"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48744"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x16,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"24"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"195.88.55.95"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50252"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x17,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"25"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43097"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x18,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"26"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33254"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x19,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"27"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55117"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x1a,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"28"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"52.166.113.188"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37870"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x1b,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"29"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"104.81.140.175"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39088"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x1c,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"30"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"185.33.223.80"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46420"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x1d,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"31"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49331"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x1e,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"32"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"172.217.17.38"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43484"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x1f,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"33"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"151.101.37.108"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37762"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x20,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"34"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44414"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x21,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"35"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"188.40.137.18"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49820"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x22,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"36"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60192"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x23,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"37"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38597"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x24,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"38"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"188.40.137.18"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49822"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x25,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"39"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"172.217.17.35"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51528"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x26,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"40"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"188.40.137.18"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49826"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x27,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"41"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"104.81.140.246"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57410"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x28,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"42"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37940"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x29,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"43"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59816"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x2a,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"44"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"172.217.17.102"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50004"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x2b,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"45"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"172.217.20.65"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37704"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x2c,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"46"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52820"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x2d,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"47"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44623"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x2e,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"48"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"13.224.227.14"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48632"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x2f,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"49"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38065"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x30,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"50"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"104.17.64.4"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49320"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x31,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"51"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"172.217.168.194"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38520"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d917,0x32,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502487"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38808"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d918,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"151.139.128.14"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50128"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d918,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502488"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44927"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d918,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502488"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38684"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d918,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"195.88.55.116"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58546"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d918,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502488"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37012"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d918,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502488"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45944"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d918,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"216.58.208.106"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48722"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80d91c,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"52"; version:"5"; additional_info:"Access Control Policy : Standard"; administrator:"admin"; audit_status:"Success"; client_ip:"192.168.1.117"; machine:"192.168.1.117"; objectname:"gw-da58d3"; objecttable:"applications"; objecttype:"firewall_application"; operation:"Install Policy"; operation_number:"7"; product:"SmartConsole"; subject:"Policy Installation"; uid:"{FF0154DE-7D18-4396-B0C2-7E8951B393A4}"] +<134>1 2020-03-29T17:21:32Z gw-da58d3 CheckPoint 8363 - [flags:"147456"; ifdir:"inbound"; logid:"134217728"; loguid:"{0x5e80d91c,0x0,0x6401a8c0,0x216}"; origin:"192.168.1.100"; sequencenum:"1"; version:"5"; additional_info:"Access Control Policy : Standard"; administrator:"admin"; cu_detected_by:"192.168.1.100"; cu_detection_time:"1585502492"; cu_last_update_time:"1585502492"; cu_log_count:"1"; cu_rule_category:"Informational"; cu_rule_id:"{58144F8B-A181-AB98-A857-2A8F6CFEA948}"; domain:"SMC User"; event_end_time:"1585502492"; event_name:"Policy installation"; event_start_time:"1585502492"; is_correlated:"1"; is_last:"1"; log_id:"2000"; machine:"3232235893"; max_num_count_detected:"1"; num_of_updates:"0"; objectname:"gw-da58d3"; origin_repetitions:"1"; origin_sic_name:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; product:"SmartConsole"; severity:"0"; source_repetitions:"1"; time_interval:"60"; users_repetitions:"1"] +<134>1 2020-03-29T17:21:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d91d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57621"; service:"57621"; src:"192.168.1.94"] +<134>1 2020-03-29T17:21:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d922,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502498"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56496"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:21:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d922,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"216.58.208.98"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40294"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:22:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d93b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43301"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:22:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d93d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d93e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39213"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:22:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d93e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50380"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:22:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d93f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"174.138.9.187"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53666"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:22:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d93f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502527"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53845"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:22:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80d956,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.117"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; administrator:"admin"; advanced_changes:" "; client_ip:"192.168.1.117"; fieldschanges:"Calculated Security Zone: 'ExternalZone' Security Zone Name: 'ExternalZone' Topology Type: Changed from 'Internal (leads to local network)' to 'External (leads out to the internet)' TopologyCalculationType: Changed from 'Automatic' to 'Manual' "; logic_changes:"SecurityZoneSettings.calculatedSecurityZone: '237a4cbc-7fb6-4d50-872a-4904468271c4' SecurityZoneSettings.securityZoneName: 'ExternalZone' TopologySettings.manualTopology.type: Changed from 'INTERNAL' to 'EXTERNAL' TopologySettings.topologyCalculationType: Changed from 'AUTO' to 'MANUAL' "; objectname:"eth0"; objecttype:"Interface Network"; operation:"Modify Object"; product:"SmartConsole"; sendtotrackerasadvancedauditlog:"0"; session_name:"admin@3/29/2020"; session_uid:"5cc8360f-36a6-4dfc-ba84-7042e5cdd5e9"; subject:"Object Manipulation"; uid:"18c5f54f-0c75-4632-a8e1-a561618c9a0e"] +<134>1 2020-03-29T17:22:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80d956,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.117"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; administrator:"admin"; advanced_changes:" "; client_ip:"192.168.1.117"; fieldschanges:"Calculated Security Zone: 'InternalZone' Security Zone Name: 'InternalZone' TopologyCalculationType: Changed from 'Automatic' to 'Manual' "; logic_changes:"SecurityZoneSettings.calculatedSecurityZone: 'e8131db2-8388-42a5-924a-82de32db20f7' SecurityZoneSettings.securityZoneName: 'InternalZone' TopologySettings.topologyCalculationType: Changed from 'AUTO' to 'MANUAL' "; objectname:"eth1"; objecttype:"Interface Network"; operation:"Modify Object"; product:"SmartConsole"; sendtotrackerasadvancedauditlog:"0"; session_name:"admin@3/29/2020"; session_uid:"5cc8360f-36a6-4dfc-ba84-7042e5cdd5e9"; subject:"Object Manipulation"; uid:"98745c30-ac3e-4728-b7d7-634f0c115099"] +<134>1 2020-03-29T17:22:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80d956,0x2,0x6401a8c0,0x108620ab}"; origin:"192.168.1.117"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; administrator:"admin"; advanced_changes:" "; client_ip:"192.168.1.117"; fieldschanges:"@Interface Index: '1' Hardware: Changed from 'Open server' to 'software' IP Address: '192.168.1.100', '192.168.2.1' Interface Name: 'eth0', 'eth1' Leads out to the Internet: 'Enable' Monitored by ClusterXL: 'Enable' Net Mask: '255.255.255.0' Color: 'Black' "; ip_address:"192.168.1.100"; logic_changes:"ApplianceType: Changed from 'Open server' to 'software' Interfaces[{48bc1a76-5a6f-4144-8da6-a99f27cacbd1}\].color: 'BLACK' Interfaces[{48bc1a76-5a6f-4144-8da6-a99f27cacbd1}\].ipaddr: '192.168.1.100' Interfaces[{48bc1a76-5a6f-4144-8da6-a99f27cacbd1}\].monitoredByCluster: 'Enable' Interfaces[{48bc1a76-5a6f-4144-8da6-a99f27cacbd1}\].netmask: '255.255.255.0' Interfaces[{48bc1a76-5a6f-4144-8da6-a99f27cacbd1}\].officialname: 'eth0' Interfaces[{48bc1a76-5a6f-4144-8da6-a99f27cacbd1}\].security.netaccess.leadsToInternet: 'Enable' Interfaces[{56ae8c4d-c4b2-421f-8b19-094c50bc15c9}\].color: 'BLACK' Interfaces[{56ae8c4d-c4b2-421f-8b19-094c50bc15c9}\].ifindex: '1' Interfaces[{56ae8c4d-c4b2-421f-8b19-094c50bc15c9}\].ipaddr: '192.168.2.1' Interfaces[{56ae8c4d-c4b2-421f-8b19-094c50bc15c9}\].monitoredByCluster: 'Enable' Interfaces[{56ae8c4d-c4b2-421f-8b19-094c50bc15c9}\].netmask: '255.255.255.0' Interfaces[{56ae8c4d-c4b2-421f-8b19-094c50bc15c9}\].officialname: 'eth1' "; objectname:"gw-da58d3"; objecttype:"Gateway"; operation:"Modify Object"; product:"SmartConsole"; sendtotrackerasadvancedauditlog:"0"; session_name:"admin@3/29/2020"; session_uid:"5cc8360f-36a6-4dfc-ba84-7042e5cdd5e9"; subject:"Object Manipulation"; uid:"17c04677-871e-f346-a0dd-3705cb95068f"] +<134>1 2020-03-29T17:22:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80d956,0x3,0x6401a8c0,0x108620ab}"; origin:"192.168.1.117"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; administrator:"admin"; client_ip:"192.168.1.117"; fieldschanges:"3 Objects were changed"; operation:"Publish"; product:"SmartConsole"; sendtotrackerasadvancedauditlog:"0"; session_name:"admin@3/29/2020"; session_uid:"5cc8360f-36a6-4dfc-ba84-7042e5cdd5e9"; subject:"Revision Control"] +<134>1 2020-03-29T17:22:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Internal"; flags:"4606212"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d961,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502561"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51100"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:22:47Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"393216"; ifdir:"inbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d968,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.2.2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43584"; service:"22"; src:"192.168.1.205"; tcp_flags:"PUSH-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T17:22:47Z gw-da58d3 CheckPoint 8363 - [flags:"393280"; ifdir:"inbound"; loguid:"{0x5e80d968,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; blade_name:"Anti Bot & Anti Virus"; information:"policy installation for blade Anti Bot & Anti Virus completed successfully"; product:"Log Update"] +<134>1 2020-03-29T17:22:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d968,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d969,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47877"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d969,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34884"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10007"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:22:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d969,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47140"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d969,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61828"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10008"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:22:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d969,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46299"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d969,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36762"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10009"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:22:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d969,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46091"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d969,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47124"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10010"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:22:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56121"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61858"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10011"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:22:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46866"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49174"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10012"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:22:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39737"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47156"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10013"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:22:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61967"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36812"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10014"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:22:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59362"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61882"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10015"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:22:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52630"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47174"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10016"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:22:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80d96d,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; additional_info:"Threat Prevention Policy : Standard"; administrator:"admin"; audit_status:"Success"; client_ip:"192.168.1.117"; machine:"192.168.1.117"; objectname:"gw-da58d3"; objecttable:"applications"; objecttype:"threatprevention_application"; operation:"Install Policy"; operation_number:"7"; product:"SmartConsole"; subject:"Policy Installation"; uid:"{597182F7-E1BA-460F-B6E0-D4996295B5CC}"] +<134>1 2020-03-29T17:22:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47047"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49234"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10017"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:22:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50112"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36868"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10018"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:22:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49412"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47223"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10019"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:22:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96d,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55713"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96d,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61940"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10020"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:22:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96d,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51567"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96d,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49256"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10021"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:22:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96d,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37918"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96d,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47228"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10022"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:22:53Z gw-da58d3 CheckPoint 8363 - [flags:"147456"; ifdir:"inbound"; logid:"134217728"; loguid:"{0x5e80d96d,0x0,0x6401a8c0,0x216}"; origin:"192.168.1.100"; sequencenum:"11"; version:"5"; additional_info:"Threat Prevention Policy : Standard"; administrator:"admin"; cu_detected_by:"192.168.1.100"; cu_detection_time:"1585502573"; cu_last_update_time:"1585502573"; cu_log_count:"1"; cu_rule_category:"Informational"; cu_rule_id:"{58144F8B-A181-AB98-A857-2A8F6CFEA948}"; domain:"SMC User"; event_end_time:"1585502573"; event_name:"Policy installation"; event_start_time:"1585502573"; is_correlated:"1"; is_last:"1"; log_id:"2000"; machine:"3232235893"; max_num_count_detected:"1"; num_of_updates:"0"; objectname:"gw-da58d3"; origin_repetitions:"1"; origin_sic_name:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; product:"SmartConsole"; severity:"0"; source_repetitions:"1"; time_interval:"60"; users_repetitions:"1"] +<134>1 2020-03-29T17:22:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96d,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50772"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96d,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36878"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10023"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:22:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96d,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41436"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96d,0xd,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61948"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10024"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:22:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58467"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47234"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10025"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:22:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47154"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49266"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10026"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:22:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96e,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51008"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96e,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36886"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10027"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:22:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96e,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40590"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96e,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47240"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10028"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:22:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48877"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61958"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10029"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:22:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55733"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:22:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d96f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49274"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10030"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:23:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d978,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T17:23:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d98f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49858"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:23:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d98f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34004"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10031"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:23:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d98f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34450"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:23:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d98f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36944"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10032"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:23:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d98f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59259"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:23:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d98f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62014"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10033"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:23:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d990,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:23:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d990,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52171"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:23:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d990,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59349"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:23:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d990,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34867"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:23:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d990,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42640"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10034"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:23:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d990,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42642"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10035"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:23:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d99c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57286"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:23:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d99c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35118"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10036"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:23:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d99c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61175"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:23:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d99c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36994"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10037"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:23:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d99c,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50351"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:23:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d99c,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62064"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10038"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:23:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9a1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65215"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:23:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9a1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43074"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10039"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:23:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9a2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47371"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:23:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9a2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37034"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10040"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:23:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9a2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54622"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:23:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9a2,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={82AFE1F3-B461-4E47-895D-3AEC843AFBF7};mgmt=gw-da58d3;date=1585502469;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49418"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10041"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:23:49Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80d9a7,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; product:"System Monitor"; sys_message::"The eth0 interface is not protected by the anti-spoofing feature. Your network may be at risk"] +<134>1 2020-03-29T17:23:49Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80d9a7,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; product:"System Monitor"; sys_message::"The eth1 interface is not protected by the anti-spoofing feature. Your network may be at risk"] +<134>1 2020-03-29T17:23:50Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80d9a7,0x2,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; product:"System Monitor"; sys_message::"installed Standard"] +<134>1 2020-03-29T17:23:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9a9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43400"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:23:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9a9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.10"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62704"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10042"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:23:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9a9,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36326"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:23:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9a9,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62156"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10043"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:23:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9a9,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35616"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:23:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9a9,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37090"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10044"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:23:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9a9,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63442"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:23:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9ab,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34192"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10045"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:23:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80d9ae,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; additional_info:"Access Control Policy : Standard"; administrator:"admin"; audit_status:"Success"; client_ip:"192.168.1.117"; machine:"192.168.1.117"; objectname:"gw-da58d3"; objecttable:"applications"; objecttype:"firewall_application"; operation:"Install Policy"; operation_number:"7"; product:"SmartConsole"; subject:"Policy Installation"; uid:"{FF0154DE-7D18-4396-B0C2-7E8951B393A4}"] +<134>1 2020-03-29T17:23:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9ae,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34416"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:23:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9ae,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49564"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10046"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:23:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9ae,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51370"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:23:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9ae,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62252"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10047"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:23:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9ae,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37838"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:23:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9ae,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37902"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10048"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:23:59Z gw-da58d3 CheckPoint 8363 - [flags:"147456"; ifdir:"inbound"; logid:"134217728"; loguid:"{0x5e80d9af,0x0,0x6401a8c0,0x216}"; origin:"192.168.1.100"; sequencenum:"1"; version:"5"; additional_info:"Access Control Policy : Standard"; administrator:"admin"; cu_detected_by:"192.168.1.100"; cu_detection_time:"1585502639"; cu_last_update_time:"1585502639"; cu_log_count:"1"; cu_rule_category:"Informational"; cu_rule_id:"{58144F8B-A181-AB98-A857-2A8F6CFEA948}"; domain:"SMC User"; event_end_time:"1585502639"; event_name:"Policy installation"; event_start_time:"1585502638"; is_correlated:"1"; is_last:"1"; log_id:"2000"; machine:"3232235893"; max_num_count_detected:"1"; num_of_updates:"0"; objectname:"gw-da58d3"; origin_repetitions:"1"; origin_sic_name:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; product:"SmartConsole"; severity:"0"; source_repetitions:"1"; time_interval:"60"; users_repetitions:"1"] +<134>1 2020-03-29T17:23:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9af,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60169"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:23:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9af,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37206"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10049"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:23:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9af,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53547"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:23:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9af,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49590"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10050"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:24:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9b0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42528"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:24:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9b0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37948"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10051"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:24:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9b1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51873"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:24:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9b1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62322"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10052"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:24:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9b1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50614"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:24:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9b1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37260"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10053"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:24:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9b2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42002"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:24:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9b2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37972"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10054"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:24:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9b2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41503"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:24:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9b2,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49652"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10055"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:24:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9b2,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55398"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:24:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9b2,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62340"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10056"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:24:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9b3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63820"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:24:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9b3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37984"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10057"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:24:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9b3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37693"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:24:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9b3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37278"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10058"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:24:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9b3,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45989"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:24:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9b3,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49662"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10059"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:24:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9bd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41369"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:24:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9be,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33874"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:24:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9be,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:24:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9bf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36115"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:24:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9c0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52172"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:24:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9c1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49364"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:24:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9c1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41603"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:24:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9c1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60757"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:24:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9c1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53770"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10060"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:24:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9c1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53772"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10061"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:24:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9c8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50617"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:24:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9c8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50618"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:24:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9c8,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50619"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:24:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9c8,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50620"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:24:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9c8,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50621"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:24:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9c8,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50622"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:24:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9c8,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50623"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:24:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9c8,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50624"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:24:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9c8,0x12,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50627"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:24:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9d0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50628"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:24:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9d0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50629"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:24:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9d0,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50630"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:24:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9d3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50631"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:24:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9d3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50632"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:24:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9d6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50633"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:24:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9d6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50634"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:24:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9da,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50635"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:24:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9da,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50636"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:24:47Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"393216"; ifdir:"inbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80d9e2,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.2.2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43584"; service:"22"; src:"192.168.1.205"; tcp_flags:"PUSH-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T17:24:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9e2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57888"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:24:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9e2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47916"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10062"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:24:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9e3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60397"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:24:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9e3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37566"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10063"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:24:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9e3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47459"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:24:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9e3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49950"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10064"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9e4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58889"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9e4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47922"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10065"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9e4,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46948"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9e4,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37572"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10066"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9e4,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57574"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9e4,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62642"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10067"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:25:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9ed,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52158"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9ed,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502701"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59723"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9ed,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"136.243.95.176"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54328"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9ee,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:25:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9ef,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502703"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56427"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9ef,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502703"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42889"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9ef,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"209.87.209.101"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35278"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502704"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38875"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"72.246.28.170"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56338"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:04Z gw-da58d3 CheckPoint 8363 - [action:"Detect"; flags:"444672"; ifdir:"outbound"; ifname:"eth1"; loguid:"{0x5e80d9f0,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; confidence_level:"5"; dst:"72.246.28.170"; http_host:"sc1.checkpoint.com"; log_id:"2"; malware_action:"Communication with C&C site"; malware_family:"Check Point"; malware_rule_id:"{227D6BCD-3280-4894-B0EB-0FF6A5FEACF1}"; method:"GET"; policy:"Standard"; policy_time:"1585502567"; product:"Anti Malware"; protection_id:"00233CFEE"; protection_name:"Check Point - Testing Bot"; protection_type:"URL reputation"; proto:"6"; proxy_src_ip:"192.168.2.2"; resource:"http://sc1.checkpoint.com/za/images/threatwiki/pages/TestAntiBotBlade.html"; s_port:"56338"; scope:"192.168.2.2"; service:"80"; session_id:"{0x5e80d9f0,0x2,0x353707c7,0xee78a1dc}"; severity:"2"; smartdefense_profile:"Optimized"; src:"192.168.2.2"; layer_name:"Standard Threat Prevention"; layer_uuid:"{0DBE7C44-6D3F-4F28-8F2B-0E6790E57F8A}"; malware_rule_id:"{227D6BCD-3280-4894-B0EB-0FF6A5FEACF1}"; smartdefense_profile:"Optimized"; user_agent:"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0"; web_client_type:"Firefox"] +<134>1 2020-03-29T17:25:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"72.246.28.170"; log_delay:"1585502705"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56340"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"72.246.28.170"; log_delay:"1585502705"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56342"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"72.246.28.170"; log_delay:"1585502705"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56344"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502705"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49461"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"72.246.28.170"; log_delay:"1585502705"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56346"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f1,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"72.246.28.170"; log_delay:"1585502705"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56348"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f1,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"72.246.28.170"; log_delay:"1585502705"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56350"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f1,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"72.246.28.170"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59046"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f1,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"72.246.28.170"; log_delay:"1585502705"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59048"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f1,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.108.169.64"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45694"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f1,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.108.169.64"; log_delay:"1585502705"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45696"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f1,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.108.169.64"; log_delay:"1585502705"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45698"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f1,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.108.169.64"; log_delay:"1585502705"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45700"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"72.246.28.170"; log_delay:"1585502706"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59058"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"72.246.28.170"; log_delay:"1585502706"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59060"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"72.246.28.170"; log_delay:"1585502706"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59062"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f2,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"72.246.28.170"; log_delay:"1585502706"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59064"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f2,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502706"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58207"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f2,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"172.217.17.110"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42424"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f2,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502706"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46013"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502707"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52663"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502707"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60493"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"108.177.119.156"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41750"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502707"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57875"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f3,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502707"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47211"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f3,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"172.217.19.196"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42974"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f3,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502707"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33216"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f3,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502707"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52151"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f3,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"172.217.19.195"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50944"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502708"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49711"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502708"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42675"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502709"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56594"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502709"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58041"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502710"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46362"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502710"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37611"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f6,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502710"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47800"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f6,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502710"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47070"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80d9f6,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502710"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38626"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9f6,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48538"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:25:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9f7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48540"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:25:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9f7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48542"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:25:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9f7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48544"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:25:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9f7,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48546"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:25:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9f7,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48548"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:25:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9f7,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48550"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:25:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9f8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48552"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:25:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9f8,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48554"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:25:12Z gw-da58d3 CheckPoint 8363 - [flags:"18688"; ifdir:"inbound"; loguid:"{0x5e80d9f0,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; log_id:"2"; packet_capture_name:"src-192.168.2.2.cap"; packet_capture_time:"1585502712"; packet_capture_unique_id:"time1585502704.id358a8190.blade04"; product:"Anti Malware"] +<134>1 2020-03-29T17:25:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9f8,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48556"; service:"443"; service_id:"https"; src:"192.168.1.205"] +<134>1 2020-03-29T17:25:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9f9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50637"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:25:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9f9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50638"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:25:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9fe,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50639"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:25:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9fe,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50640"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:25:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9fe,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50641"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:25:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80d9fe,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50642"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:25:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80da08,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502728"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56454"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80da18,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502744"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42604"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80da1a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:25:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80da1b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50643"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:25:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80da1b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50644"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:25:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80da22,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502754"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45073"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:54Z gw-da58d3 CheckPoint 8363 - [flags:"311296"; ifdir:"outbound"; ifname:"eth1"; loguid:"{0x5e80d9f0,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; log_id:"2"; product:"Anti Malware"] +<134>1 2020-03-29T17:25:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80da22,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502754"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35591"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80da22,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502754"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53972"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80da22,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"216.58.208.106"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48772"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80da22,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"216.58.208.106"; log_delay:"1585502754"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48774"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80da25,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502757"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50145"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80da25,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502757"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33465"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80da25,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502757"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42628"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80da25,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502757"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59548"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:25:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80da26,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53818"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:25:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80da26,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34740"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10068"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:25:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80da26,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56150"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:25:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80da26,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62748"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10069"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:25:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80da26,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36934"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:25:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80da26,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50064"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10070"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:26:05Z gw-da58d3 CheckPoint 8363 - [flags:"278528"; ifdir:"inbound"; loguid:"{0x5e80d9f0,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; log_id:"2"; product:"Anti Malware"; received_bytes:"21517"; sent_bytes:"2111"; session_id:"{0x5e80d9f0,0x2,0x353707c7,0xee78a1dc}"; severity:"2"; suppressed_logs:"2"] +<134>1 2020-03-29T17:26:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80da2f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:26:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80da38,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502776"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52272"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:26:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80da39,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"185.33.223.197"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43166"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:26:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80da39,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"185.33.223.197"; log_delay:"1585502777"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43168"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:26:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80da39,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"185.33.223.197"; log_delay:"1585502777"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43170"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:26:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80da41,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35192"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:26:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80da47,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50646"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:26:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80da47,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50647"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:26:48Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"393216"; ifdir:"inbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80da5a,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.2.2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43584"; service:"22"; src:"192.168.1.205"; tcp_flags:"PUSH-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T17:26:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80da5a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:27:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80da6f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T17:27:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80da82,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; log_delay:"1585502850"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43882"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:27:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80da84,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:27:50Z gw-da58d3 CheckPoint 8363 - [flags:"18688"; ifdir:"inbound"; loguid:"{0x5e80d9f0,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; log_id:"2"; packet_capture_name:"src-192.168.2.2.cap"; packet_capture_time:"1585502870"; packet_capture_unique_id:"time1585502754.id4fcdead8.blade04"; product:"Anti Malware"] +<134>1 2020-03-29T17:27:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80da9a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40826"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:27:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80da9a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502874"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43926"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:27:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80da9a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"188.40.137.18"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49904"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:27:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80da9e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39040"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:27:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80da9e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34786"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10071"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:27:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80da9e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56577"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:27:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80da9e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50108"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10072"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:27:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80da9e,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36882"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:27:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80da9e,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37728"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10073"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:28:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80daa2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585502882"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53530"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:28:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80daa4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:28:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80dac1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50182"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:28:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dac1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50649"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:28:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dac1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50650"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:28:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80dac2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35108"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:28:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dac2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:28:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80dac3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58381"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:28:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80dac3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; log_delay:"1585502915"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49031"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:28:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dace,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56374"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:28:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dace,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43794"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10074"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:28:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dacf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:28:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dacf,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58698"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:28:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dad4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61209"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:28:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dad4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62820"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10075"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:28:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dad6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63741"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:28:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dad6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50136"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10076"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:29:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db04,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; log_delay:"1585502980"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55971"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:29:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80db05,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:29:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80db17,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55132"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:29:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80db17,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34838"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10077"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:29:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80db17,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60500"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:29:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80db17,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50160"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10078"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:29:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80db17,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54684"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:29:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80db17,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37780"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10079"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:30:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80db2f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50653"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:30:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80db2f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50654"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:30:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80db30,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:30:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80db39,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50655"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:30:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80db39,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50656"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:30:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db44,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; log_delay:"1585503044"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48428"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db5d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54659"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db5d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503069"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42474"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db5d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"188.40.137.18"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49906"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80db5f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:31:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db76,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503094"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52854"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db76,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503094"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54553"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db76,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503094"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39714"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db76,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503094"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49455"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db76,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.30"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44762"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db76,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503094"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33948"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db76,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.16"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53122"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db76,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503094"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57444"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db77,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503095"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50761"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db77,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"88.221.161.146"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43124"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db77,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503095"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56994"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db77,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503095"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44583"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db77,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"172.217.168.194"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38596"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db77,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.54.95"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38534"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db77,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"88.221.161.146"; log_delay:"1585503095"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43130"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db77,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503095"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53609"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db77,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503095"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46679"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db77,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503095"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50264"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db77,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503095"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49124"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db77,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.16"; log_delay:"1585503095"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53132"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db77,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503095"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38423"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db77,0xd,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503095"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34714"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db77,0xe,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"136.243.95.176"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54402"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db77,0xf,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"23.11.238.95"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52104"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db77,0x10,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503095"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37726"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db78,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503096"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40113"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db78,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503096"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45936"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db78,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503096"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39569"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db78,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503096"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47638"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db78,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"52.49.248.24"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38618"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db78,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.54.41"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52586"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db78,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503096"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44899"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80db78,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:31:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db79,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503097"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37283"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503098"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41500"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503098"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37168"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503098"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58116"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503098"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50860"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503098"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53741"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503098"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50628"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7a,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.26.6.155"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58738"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7a,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"99.86.116.53"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60912"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7a,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"52.166.113.188"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37994"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503099"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59409"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503099"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60843"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.95"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50380"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503101"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47205"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503101"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38203"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"23.100.50.51"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36808"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503103"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49780"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503103"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51965"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503103"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34551"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503103"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51254"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"13.48.233.241"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58790"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503103"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59605"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7f,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503103"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42076"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7f,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.54.21"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46850"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7f,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"151.101.37.108"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37888"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db7f,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503103"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52594"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db82,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503106"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52971"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db82,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503106"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55167"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db82,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.116"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58650"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db85,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; log_delay:"1585503109"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35127"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db87,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503111"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57973"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80db87,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503111"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59598"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:31:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80db88,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:31:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80db8f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65136"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:31:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80db8f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48170"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10080"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:31:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80db8f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55964"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:31:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80db8f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62888"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10081"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:31:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80db8f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56740"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:31:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80db8f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50204"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10082"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:32:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dbb1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50658"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:32:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dbb1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50659"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:32:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dbb3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:32:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dbb5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:32:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80dbc2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60977"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:32:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80dbc5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46883"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:32:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80dbc6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; log_delay:"1585503174"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48877"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:32:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80dbc7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60086"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:33:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dbf8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34115"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:33:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dbf8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35992"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10083"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:33:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dbf9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56970"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:33:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dbf9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62934"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10084"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:33:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dbf9,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:33:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dbfa,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42323"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:33:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dbfa,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50250"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10085"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:33:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dbfb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:33:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc02,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36418"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:33:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc02,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43916"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10086"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:33:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc02,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55744"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:33:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc02,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62942"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10087"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:33:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc02,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61277"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:33:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc02,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37876"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10088"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:33:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80dc06,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; log_delay:"1585503238"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55541"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:33:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc07,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44468"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:33:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc07,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34944"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10089"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:34:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc07,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47597"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:34:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc07,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50266"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10090"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:34:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc07,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43864"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:34:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc07,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62954"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10091"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:34:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc29,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50663"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:34:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc2a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50664"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:34:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc2b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:34:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc2c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:35:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc46,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T17:35:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80dc47,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; log_delay:"1585503303"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40915"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:35:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc60,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50665"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:35:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc60,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50666"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:35:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc61,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:36:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc80,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50475"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:36:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc80,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34986"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10092"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:36:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc80,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40626"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:36:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc81,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:36:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc85,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36798"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:36:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc85,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62996"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10093"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:36:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc85,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63383"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:36:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc85,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37930"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10094"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:36:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80dc88,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; log_delay:"1585503368"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38660"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:36:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc89,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:36:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dc8e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.117"] +<134>1 2020-03-29T17:36:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dca2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50667"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:36:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dca2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50668"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:37:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80dcc3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34560"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:37:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dcc5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:37:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80dcc8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48088"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:37:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80dcc8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; log_delay:"1585503432"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33334"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:37:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80dccb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35952"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:38:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dcfe,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49459"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:38:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd00,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:38:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd01,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:38:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd03,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50935"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:38:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd03,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33270"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10095"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:38:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd03,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59845"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:38:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd03,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50366"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10096"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:38:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd03,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54669"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:38:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd03,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63054"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10097"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:38:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80dd0a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; log_delay:"1585503498"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57444"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:38:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd1a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50669"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:38:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd1a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50670"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:38:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd30,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50514"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:38:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd30,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44046"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10098"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:38:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd30,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61284"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:38:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd30,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50386"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10099"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:38:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd30,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45047"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:38:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd30,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38006"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10100"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:38:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd31,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:39:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd44,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T17:39:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80dd4a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; log_delay:"1585503562"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37930"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:40:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd7b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64138"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:40:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd7b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35102"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10101"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:40:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd7c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57800"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:40:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd7c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63110"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10102"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:40:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd7c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:40:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd7d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38631"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:40:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd7d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50428"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10103"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:40:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80dd8b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; log_delay:"1585503627"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39822"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:40:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd91,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50671"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:40:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd91,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50672"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:40:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd92,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50673"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:40:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dd92,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50674"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:41:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddc4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58279"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:41:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ddc6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:41:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ddc6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T17:41:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddcc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; log_delay:"1585503692"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32982"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:41:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddcc,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50175"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:41:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddcf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34591"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddec,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33482"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddec,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503724"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44801"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddec,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503724"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49981"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddec,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503724"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32993"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddec,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503724"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38377"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddec,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503724"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34858"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddec,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.16"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53160"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddec,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.30"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44804"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ddee,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:42:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddee,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503726"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56900"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddee,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.54.95"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38570"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddee,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503726"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60255"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddee,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503726"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47035"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddee,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503726"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49589"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddee,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503726"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56374"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddee,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"88.221.161.169"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51572"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddee,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503726"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58828"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddee,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503726"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52391"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddee,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503726"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53163"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddee,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503726"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44102"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddee,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.16"; log_delay:"1585503726"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53168"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddee,0xd,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503726"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38311"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddee,0xe,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503726"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56948"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddee,0xf,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"136.243.95.176"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54438"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddee,0x10,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"23.11.238.95"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52140"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddee,0x11,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503726"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48060"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddee,0x12,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"19"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503726"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33344"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddef,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503727"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54835"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddef,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503727"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35074"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddef,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503727"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57619"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddef,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503727"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52672"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ddef,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37862"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:42:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ddef,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43776"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10104"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:42:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ddef,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43778"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10105"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:42:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ddef,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43780"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10106"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:42:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddef,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"13.48.174.89"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55252"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ddef,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503728"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49194"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503728"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43196"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf0,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503728"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45748"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf0,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503728"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39420"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf0,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503728"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54800"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf0,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503728"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49331"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf0,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.54.41"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52622"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf0,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"52.49.248.24"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38658"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf0,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503728"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48187"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf0,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503728"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51764"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf0,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503728"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46662"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf0,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503728"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38829"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf0,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503728"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36823"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf0,0xd,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.26.6.155"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58776"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf0,0xe,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"99.86.116.53"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60950"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf0,0xf,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503728"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53804"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf0,0x10,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503728"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51711"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf0,0x11,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503728"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43223"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf0,0x12,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"19"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503728"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40944"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf0,0x13,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"20"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"52.166.113.188"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38032"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf0,0x14,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"21"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.95"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50418"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503730"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38708"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503730"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45599"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503730"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41324"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf2,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"23.100.50.51"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36846"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503732"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40170"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503732"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60027"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf4,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503732"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50441"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf4,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.21"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59166"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf4,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.42.157"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33196"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf4,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503732"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60202"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ddf5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38655"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:42:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503733"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58757"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf5,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503733"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35619"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ddf5,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35156"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10107"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:42:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ddf5,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46553"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:42:14Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80ddf6,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.83.198.43"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53770"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T17:42:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503734"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46371"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585503734"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56990"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddf6,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.116"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58686"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ddfa,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"13.48.233.241"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58834"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:42:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ddfa,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38127"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:42:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ddfa,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38100"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10108"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:42:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ddfa,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39182"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:42:20Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80ddfe,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42642"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T17:42:21Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80ddfe,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42640"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T17:42:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ddff,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61743"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:42:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de0a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50675"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:42:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de0a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50676"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80de4e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33081"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de4e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49163"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de4e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43822"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10109"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:43:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de4f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:43:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de55,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40106"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:43:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de55,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36264"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10110"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:43:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de56,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47718"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:43:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de56,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50520"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10111"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:43:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de56,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50632"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:43:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de56,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38140"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10112"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:43:56Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80de5d,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.83.198.43"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53772"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T17:43:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de5c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50869"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:43:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de5c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44188"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10113"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:43:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de5d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43081"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:43:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de5d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50528"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10114"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:43:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de5d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34839"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:43:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de5d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63216"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10115"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:44:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de77,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43393"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:44:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de77,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35222"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10116"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:44:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de78,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39926"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:44:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de78,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63230"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10117"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:44:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de78,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41590"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:44:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de78,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50546"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10118"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:44:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de78,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:44:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de7a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:44:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de82,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50677"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:44:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80de82,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50678"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:45:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dec3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50680"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:45:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dec3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50681"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:45:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dec4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:45:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80dec8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60715"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:45:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80decf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41328"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:45:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80decf,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38063"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:45:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ded2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43091"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:46:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80def0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39911"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:46:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80def0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35266"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10119"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:46:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80def1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57050"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:46:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80def1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63274"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10120"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:46:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80def1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33788"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:46:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80def1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38208"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10121"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:46:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80def1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:46:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80defa,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50682"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:46:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80defa,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50683"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:47:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80df17,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T17:47:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80df17,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T17:47:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80df19,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:48:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80df51,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60964"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:48:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80df52,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:48:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80df6a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48062"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:48:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80df6a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35326"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10122"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:48:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80df6a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60020"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:48:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80df6a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38266"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10123"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:48:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80df6a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54265"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:48:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80df6a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63336"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10124"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:48:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80df6c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:48:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80df72,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50684"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:48:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80df72,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50685"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:48:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80df7e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53768"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:48:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80df7e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"18.225.36.18"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44072"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T17:48:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80df7e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504126"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37294"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:48:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80df7e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"178.20.174.135"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46336"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T17:48:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80df7e,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504126"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54085"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:48:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80df7e,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"18.225.36.18"; log_delay:"1585504126"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44076"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T17:48:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80df7f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504127"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54372"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:48:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80df7f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"5.255.95.70"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47406"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T17:48:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80df7f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504127"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58113"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:48:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80df7f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"85.236.43.108"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55780"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T17:48:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80df7f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504127"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55562"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:48:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80df7f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"80.84.224.198"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37358"; service:"80"; service_id:"http"; src:"192.168.2.2"] +<134>1 2020-03-29T17:48:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80df7f,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504127"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49139"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:48:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80df7f,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:48:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80df84,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"85.236.55.6"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37722"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:48:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80df84,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504132"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44438"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:48:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80df84,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"140.211.169.206"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55750"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:48:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80df89,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61336"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:48:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80df89,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44320"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10125"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:48:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80df89,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64439"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:48:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80df89,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38280"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10126"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:48:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80df89,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42516"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:48:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80df89,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50664"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10127"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:50:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80dfc8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54172"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:50:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dfca,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:50:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80dfd2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52529"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:50:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80dfd3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34909"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:50:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dfd3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:50:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80dfd4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48779"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:50:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dfe2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38605"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:50:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dfe2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35376"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10128"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:50:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dfe2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56170"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:50:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dfe7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55753"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:50:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dfe7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63384"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10129"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:50:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dfe7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43051"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:50:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dfe7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50700"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10130"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:50:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dfea,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50686"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:50:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dfea,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50687"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:50:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dff4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50688"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:50:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dff4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50689"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:50:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80dff5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:51:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e027,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T17:51:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e029,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:52:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43014"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504331"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52935"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504331"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41223"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504331"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54684"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04b,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504331"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52732"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04b,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504331"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53883"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04b,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504331"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38848"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04b,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.30"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44856"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04b,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.16"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53216"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504334"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55992"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504334"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50371"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.54.95"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38624"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504334"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52838"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04e,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504334"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38144"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04e,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504334"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47601"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04e,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"88.221.161.169"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51626"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04e,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504334"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33672"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04e,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504334"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57220"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04e,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504334"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33597"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04e,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504334"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52854"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04e,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.16"; log_delay:"1585504334"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53222"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04e,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504334"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33730"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04e,0xd,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504334"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34470"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04e,0xe,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504334"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44011"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04e,0xf,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"136.243.95.176"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54492"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04e,0x10,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.108.173.172"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34466"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04e,0x11,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504334"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46174"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04e,0x12,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"19"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504334"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46949"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e04e,0x13,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"20"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504334"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57480"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e050,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504336"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52439"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e050,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504336"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33492"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e050,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504336"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43905"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e050,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504336"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51103"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e050,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504336"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57648"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e050,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504336"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33119"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e050,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504336"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55401"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e050,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.54.41"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52674"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e050,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504336"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34657"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e050,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504336"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46558"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e050,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504336"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37937"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e050,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"52.49.248.24"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38710"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e050,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504336"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45107"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e050,0xd,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504336"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37101"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e050,0xe,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.26.6.155"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58828"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e050,0xf,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"52.166.113.188"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38082"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e050,0x10,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504336"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57512"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e051,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:52:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e051,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504337"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55344"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e052,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504338"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37064"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e052,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504338"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60561"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e052,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"23.100.50.51"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36894"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e054,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:52:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e054,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504340"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47813"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e054,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504340"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40621"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e054,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504340"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58545"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e054,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504340"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59370"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e054,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"151.101.37.108"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37970"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e054,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504340"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37678"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e055,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"99.86.116.53"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32776"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e055,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504341"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54736"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e055,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504341"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47921"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e055,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"13.48.233.241"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58880"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e055,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39281"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e05a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504346"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59656"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e05a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504346"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53705"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:52:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e05f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54355"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:52:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e05f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35426"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10131"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:52:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e060,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42003"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:52:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e060,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50748"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10132"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:52:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e060,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43704"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:52:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e060,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63436"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10133"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:52:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e062,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50690"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:52:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e062,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50691"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:53:50Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0af,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T17:53:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0af,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:53:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0b1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51570"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:53:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0b1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36528"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10134"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:53:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0b1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64179"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:53:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0b1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38402"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10135"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:53:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0b1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56960"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:53:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0b2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63472"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10136"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:53:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0b3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:53:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0b6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48072"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:53:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0b6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44454"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10137"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:53:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0b6,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43330"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:53:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0b6,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38412"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10138"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:53:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0b6,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52006"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:53:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0b6,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50796"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10139"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:54:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e0d6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44202"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:54:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0d8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58125"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:54:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0d8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35488"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10140"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:54:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e0d8,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34774"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:54:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0d8,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52958"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:54:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0d8,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63496"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10141"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:54:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0d8,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55269"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:54:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0d8,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38430"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10142"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:54:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e0d8,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48821"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:54:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0da,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:54:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0da,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50692"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:54:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0da,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50693"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:54:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0db,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:54:36Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e0de,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"10.39.176.168"] +<134>1 2020-03-29T17:55:30Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e113,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T17:55:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e113,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:55:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e125,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50695"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:55:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e125,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50696"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:56:32Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e151,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T17:56:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e150,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34679"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:56:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e150,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35536"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10143"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:56:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e150,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35725"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:56:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e150,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38476"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10144"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:56:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e150,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65505"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:56:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e150,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63546"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10145"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:56:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e151,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:56:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e152,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:56:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e152,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50698"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:56:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e152,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50699"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:57:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e17d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57591"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:57:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e17d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504637"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56971"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:57:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e17d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41787"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:57:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e17d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43548"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:57:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e17d,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43220"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:57:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e17d,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54890"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10146"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:57:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e17d,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"35.165.110.9"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60568"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:57:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e17d,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54892"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10147"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:57:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e17e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:57:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e182,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51468"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:57:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e182,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54898"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10148"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:57:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e196,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504662"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57050"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:57:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e196,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"99.86.116.67"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40004"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:57:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e197,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504663"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45128"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:57:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e197,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33577"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:57:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e197,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.83.198.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54904"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10149"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:57:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e197,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"13.224.227.53"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46650"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:57:56Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e1a6,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T17:57:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e1a6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:58:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e1a8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:58:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e1b4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504692"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55319"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:58:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e1b4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504692"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54638"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:58:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e1b4,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"216.58.208.106"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48916"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:58:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e1b6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504694"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48141"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:58:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e1b6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504694"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42997"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:58:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e1bb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"52.10.174.113"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46970"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T17:58:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e1c8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60218"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:58:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e1c8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35594"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10150"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:58:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e1ca,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61675"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:58:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e1ca,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38534"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10151"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:58:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e1ca,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32819"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:58:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e1ca,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63604"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10152"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:58:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e1ca,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50700"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:58:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e1ca,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50701"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T17:58:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e1cd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56601"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:58:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e1cf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:58:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e1d7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52003"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:58:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e1d8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37683"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T17:58:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e1d9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T17:58:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e1e3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58623"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:58:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e1e3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44590"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10153"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:58:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e1e3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48461"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:58:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e1e3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38548"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10154"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:58:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e1e3,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60073"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T17:58:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e1e3,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50932"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10155"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T17:59:00Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e1e6,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T17:59:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e1e9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T18:00:21Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e237,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:00:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e237,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:00:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e242,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59747"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:00:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e242,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35650"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10156"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:00:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e242,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54748"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:00:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e242,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63658"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10157"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:00:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e242,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50226"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:00:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e242,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38592"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10158"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:00:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e243,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50702"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:00:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e243,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50703"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:00:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e243,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:00:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e257,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50704"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:00:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e257,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50705"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:01:25Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e277,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:01:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e277,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:01:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e278,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:02:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54993"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504925"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36943"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504925"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34432"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504925"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38554"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29d,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504925"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58518"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29d,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.30"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44896"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29d,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504925"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35443"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29d,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.16"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53256"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29d,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504925"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52753"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504926"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34408"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.54.95"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38664"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504926"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48061"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"88.221.161.169"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51666"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29e,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504926"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49360"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29e,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504926"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53810"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29e,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504926"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49853"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29e,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504926"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60716"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29e,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.16"; log_delay:"1585504926"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53262"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29e,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504926"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55657"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29e,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504926"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42674"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.108.173.172"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34504"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504927"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41608"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504927"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55507"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504927"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60803"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504927"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33994"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504927"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59772"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29f,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"52.49.248.24"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38746"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29f,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.54.41"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52714"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e29f,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:02:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29f,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504927"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42919"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29f,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504927"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42994"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29f,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504927"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59749"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e29f,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"13.48.174.89"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55348"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504928"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59795"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504929"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57847"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504929"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46923"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"13.48.233.241"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58910"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e2a1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:02:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504930"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34754"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504930"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58264"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504930"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52654"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a2,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504930"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44484"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a2,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.26.6.155"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58870"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a2,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"99.86.116.53"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32812"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a2,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504930"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54337"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a2,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504930"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47768"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a2,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"52.166.113.188"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38126"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504931"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49772"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504931"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38269"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"136.243.95.176"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54548"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504933"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52036"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504933"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38232"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a5,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"23.100.50.51"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36940"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504935"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33428"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504935"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39229"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504935"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56200"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.54.21"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46980"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a7,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.140.246"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57656"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a7,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504935"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53745"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.95"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50520"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504937"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56288"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585504937"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57384"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2a9,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.116"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58782"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:02:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e2ba,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52251"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:02:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e2ba,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35694"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10159"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:02:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e2ba,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41224"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:02:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e2ba,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63702"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10160"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:02:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e2ba,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49963"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:02:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e2ba,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51018"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10161"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:02:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e2bb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50706"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:02:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e2bb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50707"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:02:46Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e2c8,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:02:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e2c8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:03:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2da,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56982"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:03:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e2dd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42470"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:03:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e2f4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T18:03:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e2f5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:03:50Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e308,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:03:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e30d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47151"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:03:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e30d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36792"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10162"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:03:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e30e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34189"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:03:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e30e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63736"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10163"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:03:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e30e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39702"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:03:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e30e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38670"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10164"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:03:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e30f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43282"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:03:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e30f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44716"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10165"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:03:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e30f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42389"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:03:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e30f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63742"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10166"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:04:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e310,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51642"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:04:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e310,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51058"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10167"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:04:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e311,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:04:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e332,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59727"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:04:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e332,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35750"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10168"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:04:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e332,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45059"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:04:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e332,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38690"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10169"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:04:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e332,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60859"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:04:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e332,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63760"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10170"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:04:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e333,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50708"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:04:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e333,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50709"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:04:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e333,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:05:13Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e35b,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:05:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e35b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:05:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e35d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:06:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e388,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50710"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:06:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e388,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50711"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:06:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e389,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:06:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e38b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:06:17Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e39b,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:06:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e3a1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40117"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:06:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e3a1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505185"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33661"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:06:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e3a1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.116"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58784"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:06:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e3ab,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40404"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:06:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e3ab,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35792"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10171"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:06:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e3ab,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50712"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:06:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e3ab,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50713"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:06:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e3ab,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34869"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:06:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e3ab,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51116"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10172"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:06:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e3ab,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63138"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:06:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e3ab,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38736"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10173"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:07:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e3ce,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33827"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:07:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e3cf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:07:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e3d9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35192"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:07:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e3da,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43490"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:07:39Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e3ec,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:08:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e423,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50714"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:08:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e423,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50715"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:08:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e423,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56173"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:08:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e423,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35842"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10174"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:08:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e423,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61629"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:08:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e423,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63850"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10175"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:08:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e423,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61963"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:08:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e423,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51166"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10176"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:08:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e424,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:08:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e425,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:08:42Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e42c,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:09:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e43d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61115"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:09:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e43d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44840"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10177"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:09:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e43d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34478"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:09:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e43d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63866"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10178"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:09:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e43d,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41170"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:09:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e43d,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38800"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10179"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:10:05Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e47f,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:10:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e47f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:10:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e49b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50716"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:10:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e49b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50717"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:10:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e49b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43079"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:10:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e49b,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35896"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10180"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:10:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e49c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55763"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:10:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e49c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51218"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10181"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:10:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e49c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62250"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:10:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e49c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63906"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10182"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:11:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e4b9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50719"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:11:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e4b9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50720"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:11:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e4ba,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:11:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e4bc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T18:11:09Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e4bf,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:11:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e4de,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44553"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:11:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e4e6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54220"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:11:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e4e8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:12:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e505,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40202"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e505,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505541"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40192"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e505,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.116"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58786"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505547"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59191"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505547"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41679"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505547"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55369"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505547"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47868"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50b,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505547"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45848"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50b,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505547"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45258"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50b,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.30"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44938"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50b,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505547"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36918"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50b,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.16"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53298"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50b,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505547"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43105"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50b,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.54.95"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38706"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50b,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505547"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42942"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50b,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505547"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40312"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50b,0xd,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505547"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45694"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50b,0xe,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505547"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58751"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50b,0xf,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505547"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55055"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50b,0x10,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"88.221.161.169"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51708"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50b,0x11,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505547"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38488"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50b,0x12,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"19"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505547"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43459"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50b,0x13,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"20"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.16"; log_delay:"1585505547"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53304"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e50b,0x14,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"21"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:12:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.108.173.172"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34546"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505548"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53906"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505548"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57263"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505548"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49422"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50c,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"136.243.95.176"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54576"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50c,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505548"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52064"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50c,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505548"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47527"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50c,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505548"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43245"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505549"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49151"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505549"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44720"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505549"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33553"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505549"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53773"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50d,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505549"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60019"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50d,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505549"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57758"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50d,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.54.41"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52756"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50d,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"52.49.248.24"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38792"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505550"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40870"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:30Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e50f,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:12:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505550"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47318"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505550"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54729"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505550"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40875"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50e,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505550"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54394"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50e,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.26.6.155"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58910"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50e,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"99.86.116.53"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32852"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505551"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37891"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505551"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43458"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"52.166.113.188"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38166"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505551"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33949"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505551"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45569"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e50f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505551"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40393"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e510,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.95"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50552"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e511,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505553"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47745"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e511,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505553"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48030"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e512,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"23.100.50.51"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36980"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e513,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:12:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e513,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50721"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:12:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e513,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50722"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:12:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e514,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65457"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:12:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e514,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35940"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10183"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:12:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e514,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35208"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:12:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e514,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38880"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10184"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:12:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e514,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56508"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:12:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e514,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51264"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10185"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:12:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e515,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505557"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38271"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e515,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505557"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42544"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e515,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505557"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57860"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e515,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505557"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43769"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e515,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"151.101.37.108"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38056"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e515,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.54.21"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47022"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e515,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505557"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33768"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e516,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505558"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43486"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e516,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505558"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40684"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e516,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"13.48.233.241"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58966"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e516,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585505558"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54105"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:12:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e516,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.116"; log_delay:"1585505558"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58822"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:13:34Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e550,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:13:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e550,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:13:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e552,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e556,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33052"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e556,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44606"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10186"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:13:49Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80e55e,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.83.198.43"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54904"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T18:14:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e569,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40433"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:14:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e569,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44964"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10187"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:14:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e56a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35038"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:14:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e56a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51304"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10188"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:14:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e56a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41683"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:14:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e56a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63992"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10189"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:14:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e58b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50723"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:14:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e58b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50724"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:14:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e58c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59026"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:14:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e58c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36000"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10190"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:14:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e58c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:14:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e58c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46053"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:14:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e58c,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64008"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10191"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:14:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e58c,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43736"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:14:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e58c,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51324"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10192"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:14:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e58d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:14:56Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e5a1,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:15:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e5cf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47493"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:15:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e5d0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:15:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e5d2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:15:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e5d4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T18:15:58Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e5df,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:16:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e5e3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37456"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:16:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e5e3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35662"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:16:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e5ea,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50726"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:16:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e5ea,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50727"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:16:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e603,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50728"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:16:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e603,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50729"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:16:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e604,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:16:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e604,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57015"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:16:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e604,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36044"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10193"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:16:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e605,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49785"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:16:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e605,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64052"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10194"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:16:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e605,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43344"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:16:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e605,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51368"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10195"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:17:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e62d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45816"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:17:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e62e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:17:21Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e633,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:17:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e633,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:18:26Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e674,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:18:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e674,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:18:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e67b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50730"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:18:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e67b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50731"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:18:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e67d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57674"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:18:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e67d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36102"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10196"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:18:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e67d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43976"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:18:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e682,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43177"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:18:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e682,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64112"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10197"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:18:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e682,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48118"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:18:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e682,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64114"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10198"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:19:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e696,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39345"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:19:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e696,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45096"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10199"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:19:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e696,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44490"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:19:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e696,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39054"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10200"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:19:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e696,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63585"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:19:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e696,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51438"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10201"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:19:48Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e6c5,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:19:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e6c5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:19:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e6c7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:20:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e6e5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49163"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:20:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e6e5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506021"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47088"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:20:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e6e5,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.116"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58824"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:20:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e6e8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47847"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:20:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e6ef,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506031"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37391"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:20:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e6ef,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506031"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56970"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:20:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e6f1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:20:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e6f2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:20:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e6f3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50732"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:20:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e6f3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50733"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:20:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e6fa,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34574"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:20:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e6fa,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36158"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10202"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:20:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e6fb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44476"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:20:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e6fb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51480"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10203"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:20:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e6fb,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59587"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:20:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e6fb,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39100"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10204"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:20:52Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e705,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:21:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e71b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50734"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:21:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e71b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50735"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:21:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e71c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:21:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e71e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:22:13Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e756,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:22:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e756,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:22:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e758,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:22:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e76b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50736"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:22:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e76b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50737"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:22:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e773,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33344"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:22:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e773,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36206"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10205"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:22:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e773,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42938"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:22:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e773,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51528"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10206"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:22:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e773,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39096"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:22:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e773,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64216"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10207"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:22:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e779,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35450"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:22:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e779,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"209.87.211.157"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64658"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10208"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:22:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e77a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54451"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:22:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e77a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51534"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10209"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:22:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e77a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43229"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:22:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e77a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39154"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10210"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:22:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e77a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47894"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:22:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e77a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64224"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10211"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:22:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e781,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46692"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:22:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e781,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506177"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37261"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:22:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e781,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506177"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36806"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:22:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e781,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506177"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56003"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:22:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e781,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506177"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58189"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:22:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e781,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506177"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35644"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:22:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e781,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.30"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44976"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:22:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e781,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506177"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35828"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:22:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e781,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506177"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59092"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:22:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e781,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.16"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53336"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:22:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e782,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:22:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e783,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"88.221.161.169"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51744"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:22:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e783,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.54.95"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38746"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:22:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e783,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506179"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56863"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:22:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e783,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506179"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46787"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:22:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e783,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506179"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55207"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:22:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e783,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506179"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39079"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:22:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e783,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506179"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48206"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:22:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e783,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506179"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52081"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:22:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e783,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506179"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53647"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:22:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e783,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506179"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49486"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:22:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e783,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.16"; log_delay:"1585506179"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53342"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e784,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506180"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55430"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e784,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506180"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38497"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e784,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"136.243.95.176"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54612"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e784,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:23:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e784,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506180"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44116"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e784,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.108.173.172"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34586"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e784,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506180"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53142"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e784,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506180"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48952"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e784,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506180"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55019"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e784,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506180"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43119"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e784,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"13.48.174.89"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55426"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e785,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506181"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34991"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e785,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506181"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51267"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e785,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506181"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37651"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e785,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506181"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38503"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e785,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506181"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36417"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e785,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"52.49.248.24"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38830"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e785,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.54.41"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52798"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e785,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506181"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54491"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e786,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506182"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36397"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e786,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506182"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36241"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e786,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506182"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52168"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e786,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506182"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37970"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e786,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.26.6.155"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58950"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e786,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506182"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58437"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e786,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506182"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45454"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e786,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"99.86.116.53"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32892"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e787,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"52.166.113.188"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38206"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e787,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506183"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56777"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e787,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506183"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57808"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e787,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506183"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42038"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e787,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.95"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50592"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e789,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506185"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34158"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e789,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506185"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51500"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e789,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"23.100.50.51"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37020"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e78a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T18:23:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e78d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506189"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58753"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e78d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506189"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33964"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e78d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506189"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54217"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e78d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506189"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38045"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e78d,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506189"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34399"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e78d,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506189"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57420"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e78d,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"13.48.233.241"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59002"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e78e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506190"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36179"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e78e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.140.246"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57736"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e78e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506190"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38550"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e78e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.54.21"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47064"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e78f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506191"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59288"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e78f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506191"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37335"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e78f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.116"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58862"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:23:17Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e798,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:24:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e7c2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52483"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:24:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e7c2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45226"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10212"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:24:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e7c3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33783"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:24:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e7c3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39184"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10213"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:24:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e7c3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61695"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:24:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e7c3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51568"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10214"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:24:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e7c4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:24:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e7d9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34851"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:24:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e7da,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:24:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e7e3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58799"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:24:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e7e3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50738"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:24:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e7e3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50739"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:24:39Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e7e8,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:24:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e7eb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47944"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:24:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e7ec,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50880"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:24:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e7ec,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36266"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10215"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:24:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e7ec,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56693"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:24:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e7ec,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39206"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10216"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:24:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e7ec,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60942"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:24:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e7ec,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64276"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10217"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:24:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e7ed,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:25:42Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e828,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:25:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e828,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:25:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e82a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:26:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e84c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50741"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:26:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e84d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50742"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:26:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e85b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50743"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:26:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e85c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50744"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:26:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e85d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:26:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e85e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:26:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e864,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44352"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:26:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e864,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36312"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10218"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:26:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e864,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40999"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:26:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e864,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39252"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10219"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:26:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e864,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41862"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:26:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e864,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64322"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10220"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:27:03Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e879,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:27:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e8a4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T18:27:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e8a6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:28:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e8b5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58244"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:28:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e8b5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506485"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46222"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:28:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e8b5,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"216.58.208.106"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49038"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:28:07Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e8b9,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:28:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e8d4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50746"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:28:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e8d4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50747"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:28:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e8d5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:28:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e8dd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42183"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:28:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e8dd,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36362"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10221"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:28:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e8dd,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50172"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:28:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e8dd,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39302"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10222"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:28:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e8dd,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43284"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:28:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e8dd,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51686"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10223"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:28:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e8ea,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40002"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:29:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e8ef,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45081"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:29:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e8ef,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45354"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10224"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:29:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e8f0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52343"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:29:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e8f0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39312"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10225"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:29:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e8f1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43769"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:29:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e8f1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51696"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10226"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:29:28Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e90b,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:29:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e90a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:30:35Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e94c,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:30:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e94c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50749"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:30:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e94c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50750"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:30:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e94c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:30:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e94d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:30:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e955,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45754"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:30:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e955,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36412"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10227"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:30:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e955,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34992"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:30:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e955,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51734"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10228"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:30:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e955,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39447"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:30:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e955,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64422"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10229"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:31:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e97e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50751"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:31:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e97e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50752"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:31:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e97f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:31:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e981,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:32:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e9c4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50753"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:32:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e9c4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50754"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:32:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e9c5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:32:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e9cd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50169"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:32:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e9cd,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"10.0.0.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64164"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10230"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:32:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e9d4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33445"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:32:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e9d4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506772"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37364"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:32:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e9d4,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506772"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50738"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:32:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e9d4,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506772"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42644"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:32:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e9d4,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506772"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44668"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:32:52Z gw-da58d3 CheckPoint 8363 - [flags:"166216"; ifdir:"outbound"; loguid:"{0x5e80e9d5,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; db_ver:"20032905"; description:"Update failed. Gateway can not access internet (\"https://secureupdates.checkpoint.com/appi/v4_1_1/gw/Version\"). Check connectivity and proxy settings."; product:"Application Control"; severity:"4"; update_status:"failed"] +<134>1 2020-03-29T18:32:52Z gw-da58d3 CheckPoint 8363 - [flags:"166216"; ifdir:"outbound"; loguid:"{0x5e80e9d5,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; db_ver:"20032905"; description:"Update failed. Gateway can not access internet (\"https://secureupdates.checkpoint.com/appi/v4_1_1/gw/Version\"). Check connectivity and proxy settings."; product:"URL Filtering"; severity:"4"; update_status:"failed"] +<134>1 2020-03-29T18:32:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e9d4,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"10.0.0.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37432"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:32:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e9d4,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"10.0.0.1"; log_delay:"1585506772"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37434"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:32:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e9d7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"10.0.0.1"; log_delay:"1585506775"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37436"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:32:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e9d7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"10.0.0.1"; log_delay:"1585506775"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37438"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:33:07Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"393216"; ifdir:"inbound"; ifname:"eth1"; logid:"1"; loguid:"{0x5e80e9e4,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"195.88.55.116"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58862"; service:"443"; src:"192.168.2.2"; tcp_flags:"FIN-PUSH-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T18:33:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e9e3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"10.0.0.1"; log_delay:"1585506787"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37440"; service:"443"; service_id:"https"; src:"192.168.2.2"] +<134>1 2020-03-29T18:33:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e9e5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585506789"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50154"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:33:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e9e7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32882"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:33:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80e9f0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56248"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:33:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80e9f2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:34:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ea1d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62066"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:34:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ea1d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"10.0.0.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64192"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10231"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:34:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ea1e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:34:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ea3c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50756"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:34:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ea3c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50757"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:34:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ea4c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51004"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:34:52Z gw-da58d3 CheckPoint 8363 - [flags:"166216"; ifdir:"outbound"; loguid:"{0x5e80ea4e,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; db_ver:"20032905"; description:"Update failed. Gateway can not access internet (\"https://secureupdates.checkpoint.com/appi/v4_1_1/gw/Version\"). Check connectivity and proxy settings."; product:"Application Control"; severity:"4"; update_status:"failed"] +<134>1 2020-03-29T18:34:52Z gw-da58d3 CheckPoint 8363 - [flags:"166216"; ifdir:"outbound"; loguid:"{0x5e80ea4e,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; db_ver:"20032905"; description:"Update failed. Gateway can not access internet (\"https://secureupdates.checkpoint.com/appi/v4_1_1/gw/Version\"). Check connectivity and proxy settings."; product:"URL Filtering"; severity:"4"; update_status:"failed"] +<134>1 2020-03-29T18:34:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ea4c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"10.0.0.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64208"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10232"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:34:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ea4e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:35:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ea5d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T18:36:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eaaf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50760"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:36:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eaaf,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50761"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:36:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eab0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:36:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eab4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50762"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:36:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eab4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50763"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:37:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80eaf2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38053"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:37:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eaf4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:37:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eaf6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:38:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eb2c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50765"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:38:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eb2c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50766"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:38:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eb2d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:39:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eb49,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48139"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:39:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eb49,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"10.0.0.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64304"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10233"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:39:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eb4a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:39:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eb6b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T18:40:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eba4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50769"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:40:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eba4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50770"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:40:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eba5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:40:42Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ebab,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:41:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ebe0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50771"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:41:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ebe0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50772"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:41:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ebe1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:41:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ebe3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50252"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:41:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ebe9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36838"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:41:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ebf7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37822"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:42:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ec1c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50773"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:42:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ec1c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50774"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:42:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ec1d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:42:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ec1f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"224.0.0.1"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"2"; service_id:"igmp"; src:"192.168.2.254"] +<134>1 2020-03-29T18:42:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ec21,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ec5e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36783"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:43:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ec60,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:43:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ec62,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:43:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ec63,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63482"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:43:49Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80ec67,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.83.198.43"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54898"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T18:44:02Z gw-da58d3 CheckPoint 8363 - [alert:"alert"; flags:"139328"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e80ec73,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; sequencenum:"1"; version:"5"; description:"Error occur"; product:"RAD"; reason:"Failed to fetch CP Site Resource. Couldn't resolve host name, check /opt/CPsuite-R80.40/fw1/log/rad_events/Errors/flow_5779_85_MAIN_CHILD For more details"; severity:"3"] +<134>1 2020-03-29T18:44:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ec75,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43141"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:44:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ec7a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64111"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:44:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ec94,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50775"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:44:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ec94,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50776"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:44:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ec95,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:44:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ec97,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:45:10Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ecb7,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:45:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ecb8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"67"; service:"68"; service_id:"dhcp-rep-localmodule"; src:"192.168.1.1"] +<134>1 2020-03-29T18:45:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ecc7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57621"; service:"57621"; src:"192.168.1.94"] +<134>1 2020-03-29T18:45:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ecc8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:46:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ecf6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45930"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:46:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ecf7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:46:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ecf9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:46:34Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ed0b,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:46:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ed0c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50780"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:46:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ed0c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50781"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:46:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ed11,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50782"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:46:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ed11,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50783"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:47:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ed2d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T18:47:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ed30,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:47:36Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ed4a,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:48:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ed84,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50785"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:48:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ed84,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50786"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:48:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ed85,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:49:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80edb5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39916"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:49:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80edb7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:49:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80edba,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56281"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:50:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80edeb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50593"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:50:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eded,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:50:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80edf9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35409"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:50:34Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80edfc,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:50:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80edfc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50787"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:50:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80edfc,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50788"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:51:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ee21,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"9999"; service:"9999"; src:"192.168.1.1"] +<134>1 2020-03-29T18:51:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ee22,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:51:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ee2c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"224.0.0.1"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"5351"; service:"5351"; src:"192.168.1.1"] +<134>1 2020-03-29T18:51:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ee2c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"224.0.0.1"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"5351"; service:"5350"; src:"192.168.1.1"] +<134>1 2020-03-29T18:51:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ee2d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T18:51:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ee3b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T18:51:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ee3d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:51:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ee42,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50789"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:51:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ee42,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50790"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:52:13Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ee5f,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:52:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ee5f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:52:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ee61,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.196"] +<134>1 2020-03-29T18:52:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ee74,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50792"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:52:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ee74,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50793"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:53:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eea2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.196"] +<134>1 2020-03-29T18:53:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eea3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:53:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eea5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:53:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eec2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51414"; service:"137"; service_id:"nbname"; src:"192.168.1.196"] +<134>1 2020-03-29T18:54:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eee3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55979"; service:"137"; service_id:"nbname"; src:"192.168.1.196"] +<134>1 2020-03-29T18:54:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eeeb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51124"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:54:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eeeb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51125"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:54:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eeec,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:54:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eef3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51126"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:54:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eef3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51127"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:54:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eef5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64421"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:54:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eef5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45918"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10234"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:54:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eef6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40361"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:54:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eef6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64944"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10235"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:54:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eef6,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49433"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:54:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80eef6,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39878"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10236"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:54:58Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ef04,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:55:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80ef14,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; administrator:"admin"; client_ip:"192.168.1.117"; machine:"WinDev2002Eval"; operation:"Log Out"; operation_number:"12"; product:"SmartConsole"; subject:"Administrator Login"] +<134>1 2020-03-29T18:55:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ef14,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:56:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ef4f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T18:56:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ef51,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:56:34Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ef63,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T18:56:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ef63,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51129"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:56:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ef63,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51130"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:56:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ef70,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33737"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T18:58:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80efdb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51133"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:58:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80efdb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51134"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:58:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80efdd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:58:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80efde,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:59:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f01e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T18:59:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f01f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T18:59:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f022,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46312"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:59:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f022,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46040"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10237"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:59:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f022,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37485"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:59:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f022,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65066"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10238"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:59:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f022,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63917"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T18:59:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f022,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52382"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10239"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T18:59:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f025,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51135"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T18:59:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f025,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51136"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:00:30Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f050,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:00:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f050,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:00:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f053,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51137"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:00:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f053,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51138"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:01:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f071,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60283"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:01:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f075,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44677"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:01:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f076,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:02:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f0cb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51139"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:02:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f0cb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51140"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:02:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f0cd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:03:32Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f106,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:03:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f106,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:04:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f144,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51142"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:04:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f144,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51143"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:04:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f145,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:04:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f14e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41161"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:04:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f14e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46158"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10240"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:04:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f14f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41940"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:04:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f14f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52498"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10241"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:04:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f14f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38418"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:04:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f14f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65186"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10242"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:04:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f156,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51144"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:04:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f156,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51145"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:06:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f199,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T19:06:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f19b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:06:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f1a4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T19:06:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f1a6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:06:33Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f1bb,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:06:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f1bc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51146"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:06:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f1bc,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51147"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:08:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f234,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51148"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:08:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f234,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51149"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:08:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f235,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:08:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f236,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:09:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f268,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45454"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:09:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f269,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:09:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f26c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T19:09:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f26e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:09:41Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f276,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:09:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f27b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53898"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:09:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f27b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46268"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10243"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:09:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f27b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56251"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:09:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f27b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52610"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10244"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:09:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f27b,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46116"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:09:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f27b,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65298"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10245"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:09:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f287,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51152"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:09:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f287,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51153"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:10:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f2ac,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51154"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:10:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f2ac,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51155"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:10:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f2ad,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:11:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f2e3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T19:11:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f2e4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:12:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f324,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51156"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:12:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f324,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51157"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:12:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f325,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:12:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f327,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:12:42Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f32c,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:13:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f364,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33432"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f364,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38442"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10246"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:13:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f364,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62585"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f364,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40316"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10247"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:13:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f364,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40267"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f364,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65388"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10248"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:13:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f364,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58567"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f364,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38452"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10249"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:13:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f365,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62951"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f365,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40326"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10250"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:13:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f365,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38633"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f365,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52710"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10251"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:13:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f365,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f366,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64026"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f366,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50686"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10252"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80f366,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.83.198.43"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54892"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T19:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f366,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61755"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f366,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57298"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f366,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65404"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10253"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80f366,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.83.198.43"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54890"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T19:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f366,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52927"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f366,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46030"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10254"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f366,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51888"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f366,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40340"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10255"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f366,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46034"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10256"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f366,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f366,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58413"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f366,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50696"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10257"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f366,0xd,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38263"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f366,0xe,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52728"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10258"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f367,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49426"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f367,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65416"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10259"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f367,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42162"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f367,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50702"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10260"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f367,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58606"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f367,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40352"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10261"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f367,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36324"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f367,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52736"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10262"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f367,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41965"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f367,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50708"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10263"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f368,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62132"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f368,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65426"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10264"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f368,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64721"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f368,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40360"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10265"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:13:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f372,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63391"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f372,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37426"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10266"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:13:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f372,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63272"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f372,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52748"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10267"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:13:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f372,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61586"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:13:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f372,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40368"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10268"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:13:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f375,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35008"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:14:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f394,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T19:14:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f395,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:14:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f397,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:14:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f39c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51158"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:14:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f39c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51159"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:14:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f3a8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39618"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:14:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f3a8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46430"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10269"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:14:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f3a8,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62265"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:14:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f3a8,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52772"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10270"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:14:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f3a8,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45400"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:14:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f3a8,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65460"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10271"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:15:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f3b9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51160"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:15:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f3b9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51161"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:15:43Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f3e0,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:15:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f3e0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:15:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f3e2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:16:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f414,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51162"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:16:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f414,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51163"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:16:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f415,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:17:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f445,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T19:17:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f447,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:18:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f472,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T19:18:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f475,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:18:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f475,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33661"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:18:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f485,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55824"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:18:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f48c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51164"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:18:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f48c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51165"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:18:42Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e80f493,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; description:"Contracts"; product:"Security Gateway/Management"; status:"Started"; update_service:"1"; version:"1.0"] +<134>1 2020-03-29T19:18:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f492,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37817"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:18:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f492,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.10"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33336"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10272"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:18:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f492,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45976"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:18:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f492,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32786"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10273"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:18:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f492,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44165"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:18:42Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e80f493,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; comment:"No update was found"; description:"Contracts"; product:"Security Gateway/Management"; status:"Finished"; update_service:"1"; version:"1.0"] +<134>1 2020-03-29T19:18:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f492,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52870"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10274"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:18:44Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f496,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:18:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f496,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:19:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f4d4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41406"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:19:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f4d4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46557"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10275"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:19:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f4d4,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36763"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:19:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f4d4,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32814"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10276"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:19:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f4d4,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46199"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:19:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f4d4,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52898"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10277"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:19:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f4d5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:20:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f4ea,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51167"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:20:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f4ea,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51168"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:20:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f4eb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:20:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f500,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T19:20:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f502,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:20:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f504,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51170"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:20:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f504,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51171"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:21:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f527,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T19:21:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f529,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:21:52Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f551,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:21:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f551,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:22:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f57c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51172"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:22:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f57c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51173"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:22:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f57d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:22:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f57f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:22:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f58d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42734"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:22:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f58d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50938"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10278"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:22:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f58d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33147"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:22:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f58d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40588"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10279"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:22:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f58d,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46804"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:22:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f58d,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32890"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10280"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:22:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f58e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42342"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:22:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f58e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.122.37.9"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39764"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10281"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:23:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f5c0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41097"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:23:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f5c0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38744"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10282"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:23:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f5c1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33108"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:23:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f5c1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32918"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10283"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:23:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f5c1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34979"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:23:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f5c1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53002"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10284"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:23:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f5c2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:24:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f5f4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51174"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:24:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f5f4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51175"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:24:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f5f5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:24:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f601,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64148"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:24:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f601,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46694"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10285"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:24:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f601,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56428"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:24:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f601,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32952"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10286"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:24:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f601,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63746"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:24:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f601,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40654"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10287"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:24:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f602,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:24:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f603,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42603"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:24:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f603,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51010"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10288"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:24:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f603,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36367"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:24:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f603,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40660"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10289"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:24:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f603,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63264"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:24:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f603,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53044"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10290"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f604,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38930"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f604,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51016"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10291"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f604,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37284"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f604,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40666"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10292"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f604,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53715"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f604,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32968"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10293"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f605,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:24:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f604,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51608"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:24:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f604,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.122.37.9"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39842"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10294"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:25:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f61b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51176"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:25:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f61c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51177"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:26:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f66c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51178"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:26:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f66c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51179"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:26:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f66d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35843"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:26:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f66d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:26:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f66e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:27:53Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f6bb,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:27:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f6bb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:27:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f6bc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:28:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f6e4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51180"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:28:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f6e4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51181"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:28:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f6e5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:29:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f72d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65062"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:29:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f72d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46820"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10295"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:29:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f72e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64591"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:29:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f72e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40778"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10296"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:29:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f72e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33585"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:29:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f72e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33080"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10297"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:29:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f72f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:29:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f730,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:30:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f743,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T19:30:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f74d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51182"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:30:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f74d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51183"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:30:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f75c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51184"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:30:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f75c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51185"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:30:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f75e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:30:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f75f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:30:53Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f76f,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:31:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f781,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58124"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:32:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f7d4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51186"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:32:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f7d5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51187"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:32:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f7d6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:32:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f7da,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T19:32:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f7da,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T19:32:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f7e2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35959"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:32:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f7e2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585510370"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47363"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:33:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f7ec,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585510380"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39863"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:33:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f7ec,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585510380"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52754"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:33:00Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80f7ed,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44606"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T19:33:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f7ec,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56968"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:33:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f7ec,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37686"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:33:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f7ec,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36746"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:33:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f7ec,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46544"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10298"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:33:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f7ec,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46546"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10299"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:33:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f7ec,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46548"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10300"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:33:07Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80f7f4,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46030"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T19:33:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f7f6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585510390"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53245"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:33:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f7f6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585510390"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53202"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:33:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f800,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585510400"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53664"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:33:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f800,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585510400"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40829"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:33:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f801,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:33:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f81c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45449"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:33:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f81c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39002"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10301"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:33:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f81d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55267"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:33:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f81d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33176"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10302"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:33:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f81d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58940"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:33:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f81d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53260"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10303"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:33:54Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f823,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:33:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f823,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:34:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f84d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51190"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:34:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f84d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51191"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:34:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f84e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:34:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f850,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:34:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f85a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36987"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:34:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f85a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46942"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10304"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:34:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f85a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49212"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:34:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f85a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40900"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10305"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:34:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f85a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50582"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:34:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f85a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33202"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10306"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:34:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f85d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42745"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:34:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f85d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37968"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10307"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:34:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f85d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55461"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:34:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f85d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40908"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10308"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:34:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f85d,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50126"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:34:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f85d,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53292"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10309"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:34:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f85d,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50865"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:34:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f85d,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37974"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10310"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:34:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f85d,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56490"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:34:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f85d,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33214"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10311"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:34:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f85d,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58570"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:34:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f85d,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40916"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10312"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:35:00Z gw-da58d3 CheckPoint 8363 - [flags:"166216"; ifdir:"outbound"; loguid:"{0x5e80f865,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; db_ver:"20032906"; description:"Gateway was updated with database version: 22032001."; product:"Application Control"; severity:"1"; update_status:"updated"] +<134>1 2020-03-29T19:35:00Z gw-da58d3 CheckPoint 8363 - [flags:"166216"; ifdir:"outbound"; loguid:"{0x5e80f865,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; db_ver:"20032906"; description:"Gateway was updated with database version: 22032001."; product:"URL Filtering"; severity:"1"; update_status:"updated"] +<134>1 2020-03-29T19:35:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f87b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T19:35:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f87d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:35:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f87e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51192"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:35:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f87e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51193"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:35:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f886,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53267"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:35:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f886,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42320"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:35:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f886,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62339"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:35:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f886,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46626"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10313"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:35:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f889,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50982"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:35:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f88a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:35:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f890,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585510544"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46726"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:35:48Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e80f896,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46034"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T19:35:50Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f898,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:36:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f8c5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51194"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:36:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f8c5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51195"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:36:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f8c6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:36:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f8c8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:37:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f8dc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60877"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:37:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f8dc,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38026"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10314"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:37:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f8dc,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60756"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:37:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f8dc,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33266"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10315"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:37:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f8dc,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57147"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:37:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f8dc,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40968"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10316"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:37:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f8fb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45655"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:37:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f8fb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585510651"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32915"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:37:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f8fd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:37:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f905,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585510661"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58581"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:37:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f905,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585510661"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49213"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:37:50Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f90f,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:37:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f90f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585510671"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46049"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:37:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f90f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585510671"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50500"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:38:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f919,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585510681"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52110"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:38:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80f919,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585510681"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43120"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:38:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f93d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51196"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:38:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f93d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51197"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:38:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f93e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:38:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f93f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:39:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f954,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44441"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:39:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f954,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38074"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10317"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:39:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f954,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54519"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:39:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f954,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33314"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10318"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:39:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f954,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46758"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:39:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f954,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41016"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10319"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:39:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f987,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58316"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:39:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f987,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47072"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10320"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:39:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f987,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48369"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:39:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f987,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33330"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10321"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:39:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f987,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48087"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:39:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f987,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53414"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10322"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:39:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f988,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:39:59Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f990,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:40:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f9af,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51198"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:40:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f9af,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51199"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:40:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f9b0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:40:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f9b5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51200"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:40:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f9b5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51201"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:41:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f9cc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65324"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:41:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f9cc,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38124"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10323"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:41:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f9cc,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61081"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:41:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f9cc,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33364"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10324"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:41:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f9cc,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56560"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:41:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f9cc,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53448"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10325"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:41:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80f9cd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T19:42:07Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fa11,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:42:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fa11,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:42:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fa11,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T19:42:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fa2d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51202"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:42:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fa2d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51203"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:43:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fa45,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43444"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:43:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fa45,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38178"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10326"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:43:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fa45,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36985"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:43:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fa45,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53500"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10327"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:43:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fa45,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49662"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:43:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fa45,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33420"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10328"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:43:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fa46,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:43:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fa47,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:43:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80fa75,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38126"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:43:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fa76,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:43:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fa78,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:43:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fa78,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54282"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:43:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fa78,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39268"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10329"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:43:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fa79,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41460"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:43:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fa79,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33442"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10330"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:43:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fa79,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49239"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:43:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fa79,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41144"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10331"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:44:14Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fa90,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:44:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80faa5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51204"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:44:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80faa5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51205"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:44:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80faa6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:44:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80faa8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T19:44:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fab3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45827"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:44:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fab3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47208"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10332"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:44:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fab4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57263"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:44:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fab4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53548"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10333"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:44:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fab4,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43193"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:44:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fab4,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41168"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10334"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:45:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fabd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34748"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:45:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fabd,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38238"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10335"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:45:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fabd,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57022"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:45:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fabd,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33478"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10336"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:45:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fabd,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35026"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:45:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fabd,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41180"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10337"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:45:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fabe,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:45:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fae0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51206"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:45:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fae0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51207"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:46:22Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fb10,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:46:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fb10,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:46:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fb1d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51208"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:46:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fb1d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51209"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:47:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fb35,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39743"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:47:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fb35,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38284"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10338"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:47:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fb35,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52270"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:47:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fb35,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33524"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10339"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:47:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fb35,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65045"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:47:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fb35,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53608"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10340"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:47:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fb37,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:48:31Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fb91,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:48:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80fb8f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34199"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:48:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fb91,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:48:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fb95,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51210"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:48:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fb95,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51211"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:48:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fb96,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:49:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fbad,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43357"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:49:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fbae,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38340"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10341"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:49:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fbae,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39010"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:49:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fbae,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41280"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10342"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:49:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fbae,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64865"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:49:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fbae,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33582"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10343"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:49:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fbe0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51103"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:49:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fbe0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47338"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10344"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:49:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fbe0,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56405"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:49:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fbe0,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33596"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10345"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:49:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fbe0,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49908"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:49:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fbe0,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41298"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10346"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:49:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fbe1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:50:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fc0d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51213"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:50:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fc0d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51214"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:50:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fc0e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:50:39Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fc10,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:50:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fc11,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51215"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:50:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fc11,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51216"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:51:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fc26,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38483"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:51:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fc26,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38388"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10347"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:51:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fc26,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54727"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:51:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fc26,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33628"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10348"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:51:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fc26,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48064"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:51:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fc26,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41330"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10349"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:52:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fc85,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51217"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:52:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fc85,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51218"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T19:52:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fc86,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:52:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80fc87,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58572"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:52:47Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fc90,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:52:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80fc99,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33853"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T19:52:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fc9a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:53:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fc9e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51241"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:53:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fc9e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38437"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10350"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:53:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fc9f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54358"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:53:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fc9f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41376"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10351"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:53:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fc9f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39249"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:53:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fc9f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53760"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10352"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:53:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fcd4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39174"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:53:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fcd5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:53:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fcd6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39532"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10353"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:53:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fcd6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57443"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:53:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fcd6,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41406"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10354"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:53:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fcd6,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59277"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:53:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fcd6,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33708"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10355"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:54:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fce2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T19:54:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd0c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57261"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:54:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd0c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47472"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10356"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:54:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd0d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46197"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:54:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd0d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53812"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10357"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:54:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd0d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51401"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:54:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd0d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33732"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10358"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:54:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd0e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:54:54Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd11,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:55:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd17,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62242"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:55:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd17,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38504"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10359"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:55:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd17,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56822"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:55:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd17,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53826"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10360"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:55:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd17,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48246"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:55:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd17,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41446"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10361"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:55:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd18,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:56:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd62,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T19:56:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd64,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:56:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd8b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T19:57:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd8d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:57:02Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd90,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:57:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd8f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42868"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:57:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd8f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38550"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10362"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:57:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd8f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40150"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:57:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd8f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33790"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10363"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:57:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd8f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44166"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:57:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd8f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53874"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10364"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:57:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fd90,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:59:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe07,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63707"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:59:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe07,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38594"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10365"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:59:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe07,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39918"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:59:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe07,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41534"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10366"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:59:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe07,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41319"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:59:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe07,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53918"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10367"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:59:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe08,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:59:11Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe11,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T19:59:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe11,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T19:59:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe39,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57822"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:59:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe39,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47596"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10368"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:59:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe39,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49651"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:59:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe39,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53936"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10369"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:59:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe39,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42302"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T19:59:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe39,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41556"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10370"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T19:59:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe3a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:00:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e80fe6a,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; additional_info:"Authentication method: Unix Password"; administrator:"admin"; client_ip:"192.168.1.117"; machine:"WinDev2002Eval"; operation:"Log In"; operation_number:"10"; product:"SmartConsole"; subject:"Administrator Login"] +<134>1 2020-03-29T20:00:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe6a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:00:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe7a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51287"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:00:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe7a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51288"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:00:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80fe7b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39898"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T20:01:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe7c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51294"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe7c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51295"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe7d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51296"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe7d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51297"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe7d,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51298"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe7d,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51299"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe7d,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51300"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe7d,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51301"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe7d,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51302"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe7d,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51303"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe7d,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51304"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe7d,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51305"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe7d,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51306"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe7d,0xd,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51307"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe7f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49432"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:01:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe7f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38712"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10371"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:01:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe7f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57132"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:01:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe7f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54034"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10372"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:01:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe7f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54039"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:01:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe7f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41654"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10373"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:01:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe81,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51310"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe81,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51311"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe82,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51312"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe82,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51313"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe82,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51314"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe82,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51315"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe82,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51316"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe82,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51317"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe82,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51318"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe82,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51319"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe82,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51320"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe82,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51321"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe82,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51322"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe82,0x10,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51323"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe82,0x11,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51324"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe84,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51325"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe84,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51326"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe89,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51333"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe89,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51334"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:01:19Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fe91,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T20:03:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fef7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51362"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:03:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fef7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51363"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:03:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fef7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62747"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:03:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fef8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39088"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10374"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:03:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fef8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62322"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:03:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fef8,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34328"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10375"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:03:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fef8,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62515"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:03:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fef8,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42030"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10376"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:03:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80fef8,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:03:28Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff12,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T20:03:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff26,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36334"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:03:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff26,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55708"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:03:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff27,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:04:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff50,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51367"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:04:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff50,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51368"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:04:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff51,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:04:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff5a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64101"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:04:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff5a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50516"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:04:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff5a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32949"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:04:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff5a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47199"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:04:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff5a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40779"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:04:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff5a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58204"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:04:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff5a,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33870"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:04:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff5a,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34522"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:04:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff5a,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44051"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:04:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff5b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:04:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff5d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44110"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:04:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff5d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54098"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:04:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff5d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38868"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:04:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff5d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61424"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:04:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff63,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56738"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:04:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff64,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60130"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:04:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff64,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42071"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:04:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff66,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57865"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:04:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff66,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48308"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10377"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:04:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff66,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48471"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:04:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff66,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54648"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10378"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:04:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff66,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35745"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:04:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff66,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34568"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10379"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:04:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff6a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47490"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:05:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff6d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64205"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:05:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff6f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51370"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff6f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51371"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff70,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56455"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:05:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff70,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39372"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10380"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:05:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff70,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33432"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:05:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff70,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54696"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10381"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:05:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff70,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32789"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:05:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff70,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42316"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10382"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:05:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff70,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35724"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:05:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff79,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51372"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff79,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51373"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff7c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51374"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff7c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51375"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff7c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51376"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff7c,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51377"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff7c,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51378"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff7c,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51379"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff7c,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51380"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff7c,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51381"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff7d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:05:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff7d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51382"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff7d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51383"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff7d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51384"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff7e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51385"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff7e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51386"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff7f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51387"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff7f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51388"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff89,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51389"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff89,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51390"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff8a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51391"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff8a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51392"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff8a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51393"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff8a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51394"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff8a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51395"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff8a,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51396"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff8a,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51397"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff8a,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51398"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff8b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51399"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff8b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51400"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff8b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51401"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff8b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51402"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff8b,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51403"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff8b,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51404"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff8b,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51405"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff8b,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51406"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff8c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51407"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff8c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51408"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff8c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51409"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff8c,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51410"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:36Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ff92,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T20:05:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e80ff95,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36677"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T20:05:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ffa4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51412"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ffa4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51413"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:05:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ffa5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:06:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ffb0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T20:07:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ffe7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51414"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:07:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ffe7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51415"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:07:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ffe8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37243"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:07:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ffe8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39806"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10383"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:07:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ffe8,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60801"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:07:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ffe8,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55128"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10384"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:07:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ffe8,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54893"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:07:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ffe8,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35048"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10385"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:07:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e80ffe8,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:07:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810003,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51416"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:07:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810003,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51417"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:07:45Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810013,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T20:07:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810013,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:08:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81005a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T20:09:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81005c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:09:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81005f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51448"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:09:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81005f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51449"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:09:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810060,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40272"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:09:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810060,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39930"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10386"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:09:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810060,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62840"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:09:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810060,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55252"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10387"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:09:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810060,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45304"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:09:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810060,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42872"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10388"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:09:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810077,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51451"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:09:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810077,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51452"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:09:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810077,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51453"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:09:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810077,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51454"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:09:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810078,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51455"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:09:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810078,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51456"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:09:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810078,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51457"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:09:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810078,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51458"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:09:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810078,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51459"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:09:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810078,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51460"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:09:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810078,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51461"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:09:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810078,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51462"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:09:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810079,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51463"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:09:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810079,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51464"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:09:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81007a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51465"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:09:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81007a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51466"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:09:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e810088,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47275"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T20:09:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81008a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:09:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e81008a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50561"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T20:09:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e81008a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585512586"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41684"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T20:09:52Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810092,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T20:09:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e810092,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585512594"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46959"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T20:09:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810092,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62180"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:09:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810092,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63328"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:09:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810092,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48786"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10389"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:09:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810092,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48788"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10390"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:09:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810092,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50404"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:09:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810092,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49142"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10391"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:09:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810092,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38786"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:09:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810092,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55482"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10392"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:09:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810092,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35228"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:09:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810092,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35403"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10393"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:09:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e810094,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585512596"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37130"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T20:09:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810094,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38557"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:09:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810094,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41637"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:09:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810094,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48800"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10394"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:09:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810094,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48802"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10395"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:10:01Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e81009a,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46544"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T20:10:01Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e81009b,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46626"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T20:10:03Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e81009c,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46546"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T20:10:09Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e8100a3,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46548"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T20:10:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8100ad,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41961"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T20:11:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100d7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51467"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:11:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100d7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51468"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:11:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100d8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34389"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:11:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100d8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40194"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10396"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:11:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100d9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:11:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100d9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40442"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:11:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100d9,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55518"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10397"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:11:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100d9,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37106"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:11:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100d9,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43138"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10398"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:11:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100ea,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51489"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:11:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100ea,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51490"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:11:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100eb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51492"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:11:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100eb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51493"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:11:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100eb,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51494"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:11:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100eb,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51495"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:11:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100eb,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51496"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:11:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100eb,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51497"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:11:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100ec,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51500"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:11:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100ed,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51501"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:11:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100ed,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51502"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:11:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100ee,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51503"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:11:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100ee,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51504"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:11:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100ee,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51505"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:11:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8100ee,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51506"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:11:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81010a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55214"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:11:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81010c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32781"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:11:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81010c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53566"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:11:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81010c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53647"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:11:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81010c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:12:00Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810112,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T20:13:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81014f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51514"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:13:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81014f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51515"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:13:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810151,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63412"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:13:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810151,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40530"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10399"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:13:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810151,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:13:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810151,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61635"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:13:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810151,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43472"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10400"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:13:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810151,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41157"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:13:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810151,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35774"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10401"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:13:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810164,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51518"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:13:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810164,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51519"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:13:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810165,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:13:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81017c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51520"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:13:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81017c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51521"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:14:09Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810193,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T20:14:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810193,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60005"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38934"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10402"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62316"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56030"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10403"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019e,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63798"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019e,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43650"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10404"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019e,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52806"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019e,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38940"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10405"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019e,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36154"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019e,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56036"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10406"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019e,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37879"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019e,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35956"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10407"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52089"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38946"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10408"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34145"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43660"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10409"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58192"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56044"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10410"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019f,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35464"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019f,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38960"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10411"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019f,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42038"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019f,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35974"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10412"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019f,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47584"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81019f,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43676"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10413"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40027"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38966"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10414"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a0,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58682"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a0,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56066"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10415"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a0,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64244"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a0,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35986"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10416"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a0,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42655"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a0,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38976"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10417"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a0,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38044"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a0,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43690"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10418"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a0,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60433"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a0,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56074"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10419"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a0,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38976"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a0,0xd,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38982"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10420"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a0,0xe,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60473"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a0,0xf,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35996"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10421"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a0,0x10,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63181"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a0,0x11,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43698"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10422"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48128"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38988"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10423"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62072"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56084"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10424"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49731"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a1,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36004"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10425"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a1,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46005"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a1,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38994"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10426"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a1,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48413"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a1,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43708"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10427"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a1,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47819"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a1,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56092"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10428"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a1,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62523"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a1,0xd,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39000"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10429"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a1,0xe,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35473"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a1,0xf,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36014"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10430"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a1,0x10,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58065"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a1,0x11,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43716"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10431"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a1,0x12,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"19"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45362"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a1,0x13,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"20"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39006"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10432"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48729"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56102"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10433"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63021"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a2,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36022"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10434"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a2,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37348"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a2,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39016"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10435"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a2,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56420"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a2,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43730"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10436"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a2,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56597"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101a2,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56114"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10437"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101bf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43792"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101bf,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49808"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10438"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101bf,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57071"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101bf,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36066"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10439"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101bf,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56963"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:14:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101bf,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43768"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10440"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:14:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101c0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:15:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101c8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51523"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:15:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101c8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51524"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:15:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101c9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:15:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101c9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53300"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:15:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101c9,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40852"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10441"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:15:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101c9,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37632"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:15:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101c9,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56174"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10442"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:15:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101c9,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36108"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:15:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101c9,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36094"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10443"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:15:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101dc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51525"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:15:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8101dc,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51526"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:16:18Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810214,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T20:16:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810214,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:16:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81021c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51528"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:16:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81021d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51529"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:16:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81021f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51530"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:16:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810220,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51531"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:16:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810221,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:17:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810240,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51532"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:17:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810240,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51533"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:17:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810241,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49168"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:17:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810241,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40938"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10444"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:17:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810241,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59414"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:17:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810241,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43879"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10445"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:17:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810241,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61952"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:17:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810241,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56262"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10446"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:17:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810254,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51534"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:17:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810254,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51535"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:17:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810255,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:17:31Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81025d,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T20:17:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810274,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.1"] +<134>1 2020-03-29T20:17:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810274,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T20:17:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810275,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:18:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810278,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"224.0.0.1"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"2"; service_id:"igmp"; src:"192.168.1.1"] +<134>1 2020-03-29T20:18:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810279,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"224.0.0.1"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"5351"; service:"5350"; src:"192.168.1.1"] +<134>1 2020-03-29T20:18:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810281,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T20:18:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81028b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"224.0.0.1"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"5351"; service:"5351"; src:"192.168.1.1"] +<134>1 2020-03-29T20:18:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e81028f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36815"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T20:18:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810292,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"9999"; service:"9999"; src:"192.168.1.1"] +<134>1 2020-03-29T20:18:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102af,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51542"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:18:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102af,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51543"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:18:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102b0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:19:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102b8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51544"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:19:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102b8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51545"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:19:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102b9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49040"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:19:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102be,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64962"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:19:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102be,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40990"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10447"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:19:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102be,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56594"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:19:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102be,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36230"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10448"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:19:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102be,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57605"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:19:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102be,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43932"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10449"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:19:14Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102c4,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T20:19:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102c4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.196"] +<134>1 2020-03-29T20:19:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102c4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:19:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102ca,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"224.0.0.1"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"5351"; service:"5351"; src:"192.168.1.1"] +<134>1 2020-03-29T20:19:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102ca,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"224.0.0.1"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"5351"; service:"5350"; src:"192.168.1.1"] +<134>1 2020-03-29T20:19:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102cc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51547"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:19:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102cc,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51548"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:19:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102eb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35842"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:19:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102eb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49990"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10450"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:19:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102eb,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35241"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:19:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102eb,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36248"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10451"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:19:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102eb,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52314"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:19:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102eb,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43950"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10452"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:19:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102ec,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:20:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102f5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"224.0.0.1"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"5351"; service:"5351"; src:"192.168.1.1"] +<134>1 2020-03-29T20:20:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8102f5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"224.0.0.1"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"5351"; service:"5350"; src:"192.168.1.1"] +<134>1 2020-03-29T20:20:57Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81032b,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T20:20:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81032b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:20:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81032b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.196"] +<134>1 2020-03-29T20:21:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81032c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:21:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810330,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51552"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:21:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810330,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51553"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:21:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810336,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64393"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:21:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810336,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41042"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10453"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:21:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810337,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43565"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:21:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810337,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56364"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10454"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:21:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810337,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54263"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:21:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810337,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43984"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10455"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:21:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810344,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51554"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:21:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810344,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51555"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:21:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810349,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T20:21:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81034b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51523"; service:"137"; service_id:"nbname"; src:"192.168.1.196"] +<134>1 2020-03-29T20:21:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81034e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51556"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:21:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81034e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51557"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:21:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810351,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51558"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:21:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810351,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51559"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:22:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81036c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58850"; service:"137"; service_id:"nbname"; src:"192.168.1.196"] +<134>1 2020-03-29T20:22:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81036e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:22:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810394,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T20:22:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810395,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.196"] +<134>1 2020-03-29T20:22:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810396,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:22:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8103a0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32799"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T20:23:02Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8103a8,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T20:23:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8103a8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51560"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:23:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8103a8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51561"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:23:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8103a9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:23:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8103af,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41728"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:23:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8103b4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60914"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:23:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8103bc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51562"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:23:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8103bc,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51563"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:23:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8103bf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"10.0.0.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36036"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10456"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:23:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8103c0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:23:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8103c1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.1"] +<134>1 2020-03-29T20:23:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8103c1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T20:23:34Z gw-da58d3 CheckPoint 8363 - [flags:"166216"; ifdir:"outbound"; loguid:"{0x5e8103c7,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; db_ver:"20032906"; description:"Update failed. Gateway can not access internet (\"https://secureupdates.checkpoint.com/appi/v4_1_1/gw/Version\"). Check connectivity and proxy settings."; product:"Application Control"; severity:"4"; update_status:"failed"] +<134>1 2020-03-29T20:23:34Z gw-da58d3 CheckPoint 8363 - [flags:"166216"; ifdir:"outbound"; loguid:"{0x5e8103c7,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; db_ver:"20032906"; description:"Update failed. Gateway can not access internet (\"https://secureupdates.checkpoint.com/appi/v4_1_1/gw/Version\"). Check connectivity and proxy settings."; product:"URL Filtering"; severity:"4"; update_status:"failed"] +<134>1 2020-03-29T20:23:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8103de,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"9999"; service:"9999"; src:"192.168.1.1"] +<134>1 2020-03-29T20:24:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8103e0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51564"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:24:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8103e0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51565"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:24:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8103e7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"224.0.0.1"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"5351"; service:"5350"; src:"192.168.1.1"] +<134>1 2020-03-29T20:24:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8103e8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:24:34Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810403,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T20:24:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810403,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:24:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810404,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.196"] +<134>1 2020-03-29T20:24:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810418,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38899"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:24:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810418,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50110"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10457"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:24:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810418,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35080"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:24:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810418,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56452"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10458"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:24:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810418,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55656"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:24:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810418,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44072"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10459"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:25:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810420,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51568"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:25:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810420,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51569"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:25:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810421,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:25:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810434,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51570"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:25:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810434,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51571"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:25:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810444,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.196"] +<134>1 2020-03-29T20:26:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810464,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58163"; service:"137"; service_id:"nbname"; src:"192.168.1.196"] +<134>1 2020-03-29T20:26:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810466,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:26:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81047f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51573"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:26:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81047f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51574"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:26:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810482,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51575"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:26:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810482,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51576"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:26:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810484,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"224.0.0.1"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"5351"; service:"5351"; src:"192.168.1.1"] +<134>1 2020-03-29T20:26:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810484,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"224.0.0.1"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"5351"; service:"5350"; src:"192.168.1.1"] +<134>1 2020-03-29T20:26:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810485,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57005"; service:"137"; service_id:"nbname"; src:"192.168.1.196"] +<134>1 2020-03-29T20:26:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e81048e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46647"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T20:26:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81048f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T20:26:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81048f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.196"] +<134>1 2020-03-29T20:26:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81048f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:27:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810498,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51577"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:27:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810498,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51578"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:27:14Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8104a4,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T20:27:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8104ac,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51579"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:27:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8104ac,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51580"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:27:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8104ad,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:27:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8104ba,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58336"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T20:27:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8104bb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.1"] +<134>1 2020-03-29T20:27:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8104bb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T20:28:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8104d9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"9999"; service:"9999"; src:"192.168.1.1"] +<134>1 2020-03-29T20:28:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8104db,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:28:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8104e2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"224.0.0.1"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"5351"; service:"5350"; src:"192.168.1.1"] +<134>1 2020-03-29T20:28:37Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8104f7,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T20:28:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8104f7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57621"; service:"57621"; src:"192.168.1.94"] +<134>1 2020-03-29T20:28:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8104f9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T20:28:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8104fd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.196"] +<134>1 2020-03-29T20:29:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810510,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51583"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:29:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810510,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51584"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:29:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810511,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51585"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:29:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810511,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51586"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:29:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810511,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:29:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810524,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51587"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:29:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810524,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51588"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:29:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81053e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.196"] +<134>1 2020-03-29T20:29:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810540,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:29:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810544,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35301"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:29:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810544,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50220"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10460"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:29:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810544,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35530"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:29:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810544,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56560"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10461"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:29:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810544,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59458"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:29:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810544,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44180"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10462"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:30:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810550,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T20:30:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81055f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58321"; service:"137"; service_id:"nbname"; src:"192.168.1.196"] +<134>1 2020-03-29T20:30:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810580,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55679"; service:"137"; service_id:"nbname"; src:"192.168.1.196"] +<134>1 2020-03-29T20:30:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810581,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:31:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810588,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51589"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:31:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810588,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51590"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:31:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81058a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:31:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81059c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51591"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:31:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81059c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51592"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:31:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8105b1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51593"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:31:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8105b1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51594"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:31:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8105b2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T20:31:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8105b2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.196"] +<134>1 2020-03-29T20:31:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8105b2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:31:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8105b4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51595"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:31:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8105b4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51596"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:33:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810600,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51597"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:33:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810600,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51598"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:33:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810601,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:33:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810614,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51599"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:33:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810614,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51600"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:34:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810642,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51601"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:34:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810643,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51602"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:34:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810644,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:34:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810646,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:34:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810671,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63294"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:34:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810671,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50330"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10463"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:34:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810671,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50098"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:34:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810671,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44288"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10464"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:34:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810671,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40005"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:34:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810671,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36590"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10465"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:34:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810672,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:35:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810678,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51604"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:35:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810678,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51605"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:35:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810679,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:35:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81068c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51606"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:35:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81068c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51607"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:35:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e81069f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60063"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T20:35:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8106a0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:35:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8106a2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T20:35:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8106a4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:36:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8106e2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51608"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:36:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8106e2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51609"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:36:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8106e4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:36:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8106e5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51610"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:36:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8106e5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51611"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:36:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8106e6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:37:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8106f0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51612"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:37:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8106f0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51613"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:37:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810704,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51614"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:37:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810705,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51615"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:39:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810768,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51618"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:39:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810768,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51619"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:39:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810769,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:39:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810774,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51620"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:39:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810774,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51621"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:39:20Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81077a,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T20:39:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81077c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51622"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:39:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81077d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51623"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:39:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81079d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52223"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:39:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81079e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50448"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10466"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:39:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81079e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54267"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:39:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81079e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44406"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10467"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:39:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81079e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50159"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:39:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81079e,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56790"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10468"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:39:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81079f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:40:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8107a1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:40:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8107a3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56484"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T20:40:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8107a3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43091"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T20:40:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8107ad,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585514413"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56510"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T20:40:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8107ad,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54213"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:40:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8107ad,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41225"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:40:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8107ad,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50104"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10469"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:40:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8107ad,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50106"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10470"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:40:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8107cf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T20:40:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8107d1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:41:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8107e0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51624"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:41:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8107e0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51625"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:41:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8107f5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51626"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:41:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8107f5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51627"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:41:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8107f6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:41:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810814,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51628"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:41:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810814,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51629"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:41:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810815,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:41:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810816,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51630"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:41:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810816,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51631"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:42:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81081d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T20:42:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81081f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:43:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810858,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51632"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:43:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810858,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51633"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:43:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81085a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:43:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81086d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51634"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:43:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81086d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51635"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81087e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52543"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81087e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50186"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10471"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:43:46Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810883,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T20:43:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810883,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:43:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810885,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T20:43:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810887,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.196"] +<134>1 2020-03-29T20:44:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e81088f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46162"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T20:44:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8108a5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51636"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:44:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8108a5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51637"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:44:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8108ca,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53322"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T20:44:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8108ca,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62977"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:44:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8108ca,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50566"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10472"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:44:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8108cb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61843"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:44:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8108cb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44524"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10473"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:44:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8108cb,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61368"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:44:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8108cb,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36826"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10474"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:44:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8108cb,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:45:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8108d0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51638"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:45:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8108d0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51639"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:45:16Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8108de,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T20:45:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8108e5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51640"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:45:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8108e5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51641"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:46:20Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81091e,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T20:46:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81091e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:46:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810932,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T20:47:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810945,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51642"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:47:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810945,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51643"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:47:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810946,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:47:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810947,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51644"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:47:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810947,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51645"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:47:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810948,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51646"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:47:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810948,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51647"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:47:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810949,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:47:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81095d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51648"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:47:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81095d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51649"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:49:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8109c0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51650"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:49:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8109c1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51651"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:49:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8109c2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:49:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8109d5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51652"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:49:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8109d5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51653"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:49:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8109d6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51654"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:49:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8109d6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51655"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:49:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8109f7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48360"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:49:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8109f7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50688"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10475"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:49:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8109f7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47470"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:49:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8109f7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44646"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10476"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:49:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8109f7,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50642"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:49:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8109f7,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36948"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10477"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:50:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8109f8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:51:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810a39,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51657"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:51:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810a39,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51658"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:51:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810a3a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:51:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810a4d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.117"] +<134>1 2020-03-29T20:51:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810a4d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51659"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:51:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810a4d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51660"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:52:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810a77,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51661"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:52:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810a77,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51662"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:52:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810a78,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:52:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810a79,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51663"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:52:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810a79,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51664"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:52:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e810aaa,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47967"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T20:53:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810aac,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:53:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ab1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51666"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:53:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ab1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51667"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:53:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ac5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51668"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:53:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ac5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51669"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:53:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ae4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T20:53:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ae6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:54:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810aee,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T20:54:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810b07,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51670"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:54:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810b08,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51671"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:54:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810b09,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:54:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810b23,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32945"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:54:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810b23,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50804"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10478"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:55:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810b24,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44092"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:55:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810b24,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57144"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10479"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:55:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810b24,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32961"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T20:55:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810b24,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44764"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10480"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T20:55:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810b29,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51672"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:55:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810b29,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51673"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:55:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810b30,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.117"] +<134>1 2020-03-29T20:55:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810b32,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:55:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810b34,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:55:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810b3d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51674"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:55:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810b3d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51675"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:57:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ba1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51676"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:57:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ba1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51677"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:57:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ba2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:57:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ba3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:57:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ba8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51678"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:57:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ba8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51679"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:57:13Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810bab,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T20:57:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810baa,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51680"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:57:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810baa,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51681"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:57:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e810bab,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47678"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T20:57:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810bb5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51682"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:57:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810bb5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51683"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:58:56Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c12,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T20:58:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c12,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:59:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c14,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T20:59:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c15,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57621"; service:"57621"; src:"192.168.1.94"] +<134>1 2020-03-29T20:59:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c19,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51684"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:59:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c19,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51685"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:59:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c1a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T20:59:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c2d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51686"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:59:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c2d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51687"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:59:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c39,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51688"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:59:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c39,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51689"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T20:59:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c3a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:00:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c50,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54290"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:00:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c50,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50920"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10481"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:00:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c50,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34098"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:00:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c50,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57260"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10482"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:00:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c50,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41706"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:00:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c50,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37180"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10483"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:00:04Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c56,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T21:00:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c56,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:00:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c57,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T21:00:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c5a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57621"; service:"57621"; src:"192.168.1.94"] +<134>1 2020-03-29T21:01:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c91,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51690"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:01:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c91,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51691"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:01:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810c92,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:01:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e810c98,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34425"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:01:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ca0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-29T21:01:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ca5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51692"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:01:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ca5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51693"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:01:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ca6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:02:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810cca,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T21:02:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e810cd0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47255"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:02:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810cd1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:02:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810cd9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51694"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:02:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810cd9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51695"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:02:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810cdb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:02:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810cdc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51696"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:02:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810cdc,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51697"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:03:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810d09,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51698"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:03:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810d09,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51699"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:03:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810d0a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:03:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810d0f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.117"] +<134>1 2020-03-29T21:03:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810d11,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:03:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810d1d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51700"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:03:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810d1d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51701"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:04:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810d6a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51703"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:04:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810d6a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51704"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:04:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810d6b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:05:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810d7c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32961"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:05:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810d7c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51036"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10484"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:05:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810d7d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50300"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:05:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810d7d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44994"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10485"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:05:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810d7d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42696"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:05:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810d7d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57378"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10486"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:05:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810d81,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51705"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:05:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810d81,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51706"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:05:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810d95,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51707"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:05:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810d95,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51708"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:05:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810d96,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:06:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810dbd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T21:06:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810dbf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:07:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810df9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51709"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:07:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810df9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51710"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:07:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810dfa,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:07:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810dfc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:07:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810e0b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51711"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:07:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810e0b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51712"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:07:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810e0d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51713"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:07:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810e0d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51714"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:07:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810e0d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51715"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:07:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810e0d,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51716"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:09:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810e71,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51718"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:09:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810e71,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51719"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:09:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810e72,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:09:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810e74,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:09:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810e85,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51720"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:09:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810e85,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51721"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:09:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810e9b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51722"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:09:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810e9c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51723"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:09:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810e9d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:10:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ea9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64612"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:10:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ea9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51152"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10487"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:10:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ea9,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59909"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:10:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ea9,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57492"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10488"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:10:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ea9,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32856"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:10:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ea9,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37412"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10489"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:10:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e810eb6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32902"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:10:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e810eb6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45780"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:10:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e810ec0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585516224"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42445"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:10:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ec0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34375"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:10:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ec0,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52196"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:10:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ec0,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50810"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10490"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:10:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ec0,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50812"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10491"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:10:37Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e810ecf,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50106"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T21:10:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ecf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:10:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810edc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T21:11:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ee9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51724"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:11:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810ee9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51725"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:11:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810efd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51726"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:11:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810efe,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51727"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:11:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810eff,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:12:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f3c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51728"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:12:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f3c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51729"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:12:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f3d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:12:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f3e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51730"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:12:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f3e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51731"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:13:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f61,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51732"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:13:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f61,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51733"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:13:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f76,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51734"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:13:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f76,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51735"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:13:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f77,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:13:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f84,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53678"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:13:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f84,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43328"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10492"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:13:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f85,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61039"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:13:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f85,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57584"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10493"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:13:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f85,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39774"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:13:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f85,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37504"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10494"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f86,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49002"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f86,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53522"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10495"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f86,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53524"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10496"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f86,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63920"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f86,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40500"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10497"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f86,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59072"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f86,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57596"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10498"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f86,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64591"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f86,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45216"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10499"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f87,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40948"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f87,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40506"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10500"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f87,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33624"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f87,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37520"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10501"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f87,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39466"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f87,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57604"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10502"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f87,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f87,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63683"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f87,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40512"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10503"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f87,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56534"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f87,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45226"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10504"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f87,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63637"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f87,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37528"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10505"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f88,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63407"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f88,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40518"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10506"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f88,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56682"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f88,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57614"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10507"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f88,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46477"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f88,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45234"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10508"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:13:49Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e810f8f,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50104"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T21:13:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f92,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44814"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:13:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f92,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42298"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10509"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:13:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f92,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47302"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:13:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f92,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45238"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10510"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:13:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f92,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53044"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:13:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810f92,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37540"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10511"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:13:55Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e810f95,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50186"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T21:14:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e810f9d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48492"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:14:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e810f9d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585516445"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41912"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:14:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e810fa7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585516455"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59451"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:14:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e810fa7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585516455"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55735"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:14:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810fa9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:14:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e810fad,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38990"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e810fb1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585516465"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37843"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e810fb1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585516465"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45614"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:14:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e810fbb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585516475"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33106"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:14:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e810fbb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585516475"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43085"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:14:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810fbd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:14:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810fcd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51736"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:14:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810fcd,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51737"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:15:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810fd5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52440"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:15:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810fd6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51306"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10512"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:15:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810fd6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49691"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:15:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810fd6,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45264"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10513"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:15:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810fd6,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40093"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:15:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810fd6,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57648"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10514"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:15:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810fd7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:15:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810fd9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51738"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:15:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810fd9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51739"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:15:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810fee,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51740"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:15:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e810fee,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51741"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:17:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811051,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51742"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:17:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811051,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51743"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:17:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811052,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:17:22Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811063,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T21:17:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811063,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:17:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811066,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51744"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:17:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811066,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51745"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:17:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81106e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51746"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:17:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81106e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51747"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:17:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81106f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51748"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:17:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81106f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51749"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:18:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81108f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T21:18:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811092,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:18:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811093,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:18:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e81109c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35195"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:18:42Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e8110b4,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; description:"Contracts"; product:"Security Gateway/Management"; status:"Started"; update_service:"1"; version:"1.0"] +<134>1 2020-03-29T21:18:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8110b2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45077"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:18:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8110b2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.10"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38210"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10515"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:18:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8110b3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51224"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:18:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8110b3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45360"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10516"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:18:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8110b3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38746"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:18:43Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e8110b4,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; comment:"No update was found"; description:"Contracts"; product:"Security Gateway/Management"; status:"Finished"; update_service:"1"; version:"1.0"] +<134>1 2020-03-29T21:18:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8110b3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57744"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10517"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:19:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8110c9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51750"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:19:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8110c9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51751"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:19:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8110cb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:19:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8110d3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49253"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:19:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8110d5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:19:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8110de,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51752"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:19:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8110de,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51753"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:19:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8110fe,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51755"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:19:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8110fe,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51756"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:19:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8110ff,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:20:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811102,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56144"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:20:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811102,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51438"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10518"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:20:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811102,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41475"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:20:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811102,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45396"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10519"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:20:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811102,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55219"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:20:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811102,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57780"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10520"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:21:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811142,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51758"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:21:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811142,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51759"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:21:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811143,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:21:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811144,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T21:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811156,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51760"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:21:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811156,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51761"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:21:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811157,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:22:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81119f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51762"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:22:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81119f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51763"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:22:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111a0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:22:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111a0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51764"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:22:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111a0,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51765"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:23:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111ba,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51766"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:23:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111ba,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51767"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:23:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111bb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:23:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111ce,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60373"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:23:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111ce,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55828"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10521"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:23:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111ce,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51768"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:23:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111ce,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51769"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:23:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111ce,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64660"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:23:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111ce,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37780"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10522"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:23:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111ce,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33074"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:23:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111ce,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45482"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10523"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:23:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111cf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:23:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111d6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47530"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:23:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111d6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42550"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10524"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:23:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111d6,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41243"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:23:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111d6,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37790"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10525"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:23:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111d6,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59065"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:23:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111d6,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57874"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10526"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:23:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8111e0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57972"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:23:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8111e0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585517024"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47803"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:23:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8111ea,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585517034"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52617"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:23:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111ea,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52627"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:23:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8111ea,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585517034"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52525"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:23:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111ea,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45987"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:23:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111ea,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51188"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10527"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:23:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111ea,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51190"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10528"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:23:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111ea,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51192"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10529"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:24:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8111f4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585517044"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39978"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:24:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8111f4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585517044"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34940"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:24:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8111f5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:24:07Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e8111f8,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53524"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T21:24:07Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e8111f8,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50810"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T21:24:07Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e8111f8,0x2,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53522"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T21:24:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8111fe,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585517054"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38206"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:24:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8111fe,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585517054"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54229"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811223,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47870"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811224,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40806"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10530"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811224,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60576"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811224,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45520"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10531"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811224,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54619"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811224,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57904"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10532"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:24:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811225,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:24:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811227,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:25:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81122f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36332"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:25:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81122f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51572"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10533"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:25:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81122f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42766"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:25:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81122f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45530"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10534"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:25:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81122f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58859"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:25:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81122f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37832"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10535"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:25:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81122f,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51770"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:25:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81122f,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51771"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:25:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811232,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51772"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:25:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811232,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51773"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:25:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811246,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51774"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:25:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811246,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51775"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:25:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81124e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35128"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:25:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81124e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42616"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10536"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:25:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81124e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65492"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:25:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81124e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37856"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10537"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:25:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81124e,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36412"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:25:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81124e,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45558"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10538"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:25:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81124f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:26:25Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811283,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T21:26:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811283,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:26:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811284,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.117"] +<134>1 2020-03-29T21:27:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8112aa,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51904"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:27:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8112aa,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51905"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:27:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8112ab,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:27:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8112b0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51115"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:27:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8112b0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40882"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10539"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:27:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8112b0,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56267"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:27:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8112b0,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57978"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10540"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:27:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8112b0,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43011"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:27:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8112b0,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37898"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10541"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:27:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8112be,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51906"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:27:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8112be,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51907"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:27:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8112c6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51559"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:27:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8112c6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64170"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:27:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8112c6,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42674"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10542"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:27:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8112c6,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33978"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:27:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8112c6,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57996"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10543"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:27:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8112c6,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49413"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:27:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8112c6,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45616"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10544"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:27:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8112d0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51908"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:27:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8112d0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51909"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:27:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8112d2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51910"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:27:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8112d2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51911"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:27:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8112d3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:29:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811322,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51913"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:29:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811322,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51914"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:29:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811323,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:29:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811336,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51915"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:29:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811336,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51916"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:29:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81133e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63769"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:29:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81133e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42724"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10545"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:29:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81133e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51305"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:29:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81133e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45664"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10546"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:29:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81133e,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57334"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:29:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81133e,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37966"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10547"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:30:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81135b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63862"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:30:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81135b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51718"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10548"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:30:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81135b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57406"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:30:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81135b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45676"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10549"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:30:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81135b,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36853"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:30:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81135b,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58060"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10550"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:30:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81135c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:30:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81135e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:30:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811360,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51917"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:30:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811360,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51918"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:30:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811362,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T21:31:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81139a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51919"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:31:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81139a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51920"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:31:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81139b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:31:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8113ae,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52201"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:31:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8113ae,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51921"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:31:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8113ae,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51922"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8113b6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43371"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8113b7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42778"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10551"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8113b7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36534"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8113b7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38018"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10552"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8113b7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59965"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8113b7,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58102"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10553"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:32:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8113db,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T21:32:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8113dd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:32:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811401,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51924"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:32:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811402,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51925"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:32:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811404,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51926"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:32:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811404,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51927"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:32:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811405,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:33:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811412,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51928"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:33:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811412,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51929"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:33:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811426,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51930"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:33:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811426,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51931"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:33:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81142f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42343"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:33:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81142f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42826"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10554"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:33:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81142f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58279"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:33:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81142f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45766"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10555"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:33:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81142f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59228"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:33:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81142f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58150"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10556"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:33:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811430,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:33:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811432,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:35:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811488,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54042"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:35:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811488,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51838"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10557"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:35:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811488,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41585"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:35:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811488,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45796"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10558"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:35:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811488,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38007"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:35:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811488,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38098"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10559"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:35:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811489,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:35:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81148a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51933"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:35:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81148a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51934"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:35:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811492,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51935"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:35:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811492,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51936"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:35:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81149e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51937"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:35:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81149e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51938"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:35:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8114a7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56683"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:35:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8114a7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42880"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10560"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:35:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8114a7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50396"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:35:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8114a7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45820"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10561"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:35:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8114a7,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45875"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:35:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8114a7,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58204"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10562"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:35:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8114ad,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48005"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:36:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8114d6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43657"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:36:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8114d7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:37:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811502,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51939"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:37:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811502,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51940"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:37:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811503,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:37:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811516,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51941"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:37:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811516,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51942"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:37:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81151f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61740"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:37:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81151f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42928"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10563"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:37:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81151f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51387"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:37:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81151f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38168"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10564"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:37:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81151f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35759"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:37:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81151f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45870"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10565"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:37:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811522,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:37:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811533,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51943"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:37:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811533,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51944"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:37:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811535,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51945"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:37:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811535,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51946"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:39:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81157a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51947"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:39:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81157a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51948"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:39:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81157b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:39:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81158e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51949"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:39:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81158e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51950"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:39:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811597,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53016"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:39:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811597,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42978"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10566"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:39:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811597,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59913"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:39:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811597,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38218"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10567"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:39:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811597,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50588"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:39:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811597,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58302"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10568"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:40:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8115b4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56512"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:40:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8115b4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51972"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10569"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:40:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8115b4,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55535"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:40:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8115b4,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38230"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10570"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:40:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8115b4,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50953"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:40:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8115b4,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58314"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10571"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:40:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8115b5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:40:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8115c3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51951"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:40:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8115c3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51952"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:41:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8115f2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51953"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:41:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8115f2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51954"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:41:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8115f3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:41:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811606,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51955"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:41:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811606,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51956"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:41:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811610,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50182"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:41:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811610,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43030"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10572"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:41:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811610,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34630"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:41:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811610,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58352"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10573"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:41:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811610,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34355"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:41:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811610,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38272"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10574"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811630,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T21:42:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811632,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:43:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811664,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51957"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:43:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811664,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51958"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:43:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811665,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:43:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811666,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51959"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:43:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811666,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51960"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:43:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81166a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51961"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:43:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81166a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51962"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:43:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81167e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51963"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:43:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81167e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51964"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:43:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811688,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33213"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:43:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811688,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43082"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10575"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:43:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811688,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49041"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:43:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811688,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38322"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10576"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:43:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811688,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49058"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:43:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811688,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46024"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10577"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81168e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36869"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81168e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51720"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10578"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:43:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81168f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:43:49Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e811697,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50812"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T21:44:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8116b3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T21:44:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8116d9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49590"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:44:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8116d9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36444"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:44:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8116da,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:45:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8116e1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42557"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:45:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8116e1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52096"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10579"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:45:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8116e1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60960"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:45:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8116e1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46054"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10580"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:45:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8116e1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65326"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:45:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8116e1,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38356"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10581"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:45:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8116e2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51966"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:45:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8116e2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51967"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:45:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8116e3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585518307"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43289"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:45:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8116e3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50776"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:45:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8116e3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45531"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:45:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8116e3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51752"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10582"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:45:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8116e3,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51754"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10583"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:45:20Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e8116f1,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51192"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T21:45:20Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e8116f1,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51190"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T21:45:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8116f4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51968"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:45:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8116f4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51969"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:45:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8116f7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51970"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:45:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8116f7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51971"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:45:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811700,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35739"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:45:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811700,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43138"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10584"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:45:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811700,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36701"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:45:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811700,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38378"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10585"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:45:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811700,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61288"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:45:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811700,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46080"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10586"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:47:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81175a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51973"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:47:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81175a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51974"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:47:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81175b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:47:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81176f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51975"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:47:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81176f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51976"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:47:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811778,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47648"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:47:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811778,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43197"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10587"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:47:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811778,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59776"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:47:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811778,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38437"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10588"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:47:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811778,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34509"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:47:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811778,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58520"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10589"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:48:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811795,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51977"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:48:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811795,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51978"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:48:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811797,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:48:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811797,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51979"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:48:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811798,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51980"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:48:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8117b1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37323"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:49:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8117d2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51981"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:49:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8117d2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51982"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:49:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8117d3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:49:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8117e7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51983"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:49:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8117e7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51984"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:49:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8117f0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53404"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:49:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8117f1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43248"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10590"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:49:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8117f1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54751"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:49:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8117f1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46188"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10591"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:49:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8117f1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50103"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:49:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8117f1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38490"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10592"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:50:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81180d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57879"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:50:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81180d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52242"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10593"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:50:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81180d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35253"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:50:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81180d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46200"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10594"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:50:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81180d,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45956"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:50:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81180d,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58584"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10595"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:50:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81180e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:50:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811825,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51985"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:50:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811825,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51986"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:51:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811849,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.117"] +<134>1 2020-03-29T21:51:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81184a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51988"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:51:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81184a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51989"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:51:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81184a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:51:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81185f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51990"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:51:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81185f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51991"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:51:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811869,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52404"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:51:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811869,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43300"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10596"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:51:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811869,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62799"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:51:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811869,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58622"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10597"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:51:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811869,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52504"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:51:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811869,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38542"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10598"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:52:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8118af,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42130"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:52:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8118b1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:53:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8118c2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51992"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:53:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8118c2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51993"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:53:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8118c7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51994"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:53:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8118c7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51995"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:53:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8118c9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51996"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:53:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8118c9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51997"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:53:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8118d7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51999"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:53:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8118d7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52000"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:53:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8118d9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:53:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8118e1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40593"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:53:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8118e1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43352"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10599"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:53:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8118e1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34116"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:53:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8118e1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46292"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10600"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:53:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8118e1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36305"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:53:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8118e1,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58676"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10601"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:53:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8118ea,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37948"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T21:54:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811900,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T21:54:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811902,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:55:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81193a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42557"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:55:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81193a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52364"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10602"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:55:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81193a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59123"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:55:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81193a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46322"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10603"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:55:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81193a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57087"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:55:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81193a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38624"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10604"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:55:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81193a,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52001"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:55:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81193a,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52002"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:55:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81193b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:55:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811940,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.117"] +<134>1 2020-03-29T21:55:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81194f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52003"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:55:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81194f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52004"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:55:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811957,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52005"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:55:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811957,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52006"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:55:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811959,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58000"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:55:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811959,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43406"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10605"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:55:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811959,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58297"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:55:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811959,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46346"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10606"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:55:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811959,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36078"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:55:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811959,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58730"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10607"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:55:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81195b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:56:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811988,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T21:56:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811989,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:57:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8119b2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52007"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:57:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8119b2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52008"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:57:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8119b4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:57:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8119c7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52009"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:57:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8119c7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52010"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:57:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8119d1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43955"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:57:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8119d1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43454"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10608"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:57:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8119d1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62447"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:57:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8119d1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58776"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10609"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:57:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8119d1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59802"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:57:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8119d1,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38696"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10610"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:57:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8119d2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:58:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8119f9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52011"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:58:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8119f9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52012"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:58:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8119fa,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:58:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8119fa,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52013"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:58:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8119fa,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52014"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:59:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a2a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52015"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:59:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a2b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52016"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:59:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a2c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T21:59:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a3f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52017"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:59:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a3f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52018"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:59:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a3f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52019"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:59:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a3f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52020"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T21:59:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a49,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40785"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:59:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a49,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43502"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10611"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:59:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a4a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39491"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:59:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a4a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58824"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10612"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T21:59:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a4a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51335"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T21:59:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a4a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38744"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10613"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:00:00Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e811a60,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; log_sys_message:"Log file has been switched to: 2020-03-30_000000.log"] +<134>1 2020-03-29T22:00:00Z gw-da58d3 CheckPoint 8363 - [flags:"133472"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e811a60,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; log_sys_message:"Log file has been switched to: 2020-03-30_000000.adtlog"] +<134>1 2020-03-29T22:00:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a60,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:00:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a61,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46068"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:00:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a61,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56832"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10614"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:00:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a62,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34575"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:00:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a62,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58864"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10615"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:00:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a62,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33568"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:00:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a62,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46484"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10616"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:00:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a66,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57461"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:00:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a66,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52532"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10617"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:00:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a67,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49160"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:00:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a67,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38790"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10618"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:00:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a67,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62942"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:00:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a67,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58874"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10619"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:00:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a6b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46029"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:00:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a6d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"23.194.24.76"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65336"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10620"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:00:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a88,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52021"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:00:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a88,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52022"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:00:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811a89,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:01:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811aa2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52023"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:01:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811aa3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52024"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:01:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ab7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52025"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:01:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ab7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52026"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:01:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ab7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52027"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:01:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ab7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52028"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:01:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ab8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:01:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ac2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39919"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:01:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ac2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43596"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10621"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:01:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ac2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57005"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:01:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ac2,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38836"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10622"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:01:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ac2,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52508"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:01:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ac2,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46538"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10623"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:02:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e811ae6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39178"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:02:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ae7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:03:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b1b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52029"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:03:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b1b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52030"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:03:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b1c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:03:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b2b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52031"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:03:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b2b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52032"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:03:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b2c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52033"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:03:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b2c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52034"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:03:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b2f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52035"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:03:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b2f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52036"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:03:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b2f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52037"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:03:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b2f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52038"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:03:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b3a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65413"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:03:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b3a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43664"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10624"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:03:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b3a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65267"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:03:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b3a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38904"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10625"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:03:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b3a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52177"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:03:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b3a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46606"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10626"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:04:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e811b5b,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; administrator:"Scheduled system update"; client_ip:"192.168.1.100"; domain_name:"SMC User"; fieldschanges:"Application Control & URL Filtering Update version was updated from 0 to 81202003221140"; operation:"Application Control & URL Filtering Update"; product:"Scheduled system update"; sendtotrackerasadvancedauditlog:"0"; session_description:"APPI Update"; session_name:"APPI Update"; session_uid:"ce02d033-338b-4c02-be64-563c31ba8d4c"; subject:"Application Control & URL Filtering Update"] +<134>1 2020-03-29T22:04:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b5b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:05:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b93,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52040"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:05:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b93,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52041"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:05:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b93,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60961"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:05:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b93,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52730"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10627"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:05:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b93,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33236"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:05:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b93,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59070"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10628"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:05:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b93,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65500"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:05:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b93,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38990"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10629"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:05:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811b94,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:05:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ba8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52042"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:05:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ba8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52043"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:05:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ba8,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52044"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:05:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ba8,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52045"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:05:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811bb2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59708"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:05:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811bb2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43770"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10630"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:05:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811bb2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61150"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:05:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811bb2,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59092"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10631"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:05:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811bb2,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61905"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:05:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811bb2,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46712"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10632"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:05:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811bb9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52046"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:05:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811bb9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52047"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:05:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e811bc2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49173"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:05:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811bc4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:06:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811bcd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T22:06:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811bee,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.117"] +<134>1 2020-03-29T22:06:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811bf0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:07:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c0b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52048"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:07:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c0b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52049"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:07:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c20,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52050"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:07:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c20,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52051"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:07:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c20,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52052"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:07:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c20,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52053"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:07:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c22,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:07:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c2a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46965"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:07:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c2a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43824"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10633"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:07:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c2a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48134"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:07:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c2a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46764"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10634"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:07:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c2a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65048"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:07:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c2a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39066"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10635"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:08:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c54,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T22:08:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c55,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:08:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c5c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52054"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:08:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c5c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52055"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:08:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c5d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52056"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:08:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c5d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52057"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:09:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c83,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52058"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:09:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c83,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52059"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:09:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c84,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:09:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c98,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52060"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:09:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c98,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52061"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:09:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c98,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52062"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:09:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811c98,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52063"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:09:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ca2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54377"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:09:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ca2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43870"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10636"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:09:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ca2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62341"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:09:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ca2,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46810"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10637"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:09:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ca3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50755"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:09:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ca3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39112"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10638"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:10:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e811cbc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47677"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:10:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811cbd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:10:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811cbf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45639"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:10:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811cc1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52864"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10639"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:10:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811cc1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50537"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:10:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811cc1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59204"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10640"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:10:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811cc1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37425"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:10:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811cc1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39124"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10641"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:10:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ceb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52064"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:10:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ceb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52065"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:10:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811cec,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:11:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e811cf5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53658"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:11:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811cfb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52066"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:11:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811cfb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52067"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:11:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d10,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52068"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:11:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d10,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52069"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:11:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d10,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52070"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:11:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d11,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52071"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:11:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d1b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59649"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:11:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d1b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43920"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10642"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:11:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d1b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45251"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:11:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d1b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46860"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10643"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:11:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d1b,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45011"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:11:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d1b,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59244"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10644"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:11:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d1c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:13:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d73,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52072"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:13:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d73,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52073"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:13:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d74,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:13:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d88,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52074"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:13:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d89,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52075"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:13:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d89,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52076"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:13:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d89,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52077"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:13:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d8e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52078"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:13:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d8e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52079"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:13:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d8e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52080"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:13:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d8e,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52081"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:13:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d93,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58723"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:13:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d93,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43972"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10645"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:13:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d93,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44697"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:13:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d93,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46912"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10646"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:13:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d93,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53174"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:13:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d93,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39214"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10647"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d96,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46174"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d96,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52610"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10648"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811d97,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:13:55Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e811da5,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51188"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T22:15:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811deb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52083"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:15:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811deb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52084"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:15:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811dec,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:15:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ded,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63592"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:15:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ded,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52990"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10649"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:15:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ded,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46229"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:15:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ded,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46948"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10650"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:15:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ded,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60258"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:15:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ded,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39250"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10651"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:15:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811dfc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61462"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:15:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811dfc,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45098"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10652"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:15:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811dfd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60906"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:15:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811dfd,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46972"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10653"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:15:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811dfd,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52768"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:15:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811dfd,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59356"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10654"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:15:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e01,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52085"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:15:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e01,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52086"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:15:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e0b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47372"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:15:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e0b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44070"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10655"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:15:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e0b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38355"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:15:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e0b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39310"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10656"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:15:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e0b,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41792"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:15:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e0b,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47012"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10657"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:15:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e1c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52087"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:15:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e1c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52088"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:15:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e1d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:17:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e63,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52089"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:17:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e63,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52090"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:17:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e64,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:17:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e79,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52091"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:17:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e79,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52092"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:17:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e79,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52093"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:17:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e79,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52094"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:17:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e83,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55974"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:17:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e83,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44124"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10658"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:17:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e83,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58691"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:17:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e83,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47064"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10659"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:17:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e83,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52766"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:17:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e83,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59448"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10660"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:18:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e9c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T22:18:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811e9e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:18:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ebf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52095"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:18:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ebf,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52096"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:18:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ebf,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52097"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:18:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ec0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52098"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:19:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811edb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52099"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:19:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811edb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52100"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:19:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811edc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:19:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ede,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:19:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ef1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52101"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:19:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ef1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52102"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:19:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ef1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52103"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:19:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ef1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52104"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:19:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e811ef6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57905"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:19:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e811ef6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45684"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:19:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811efb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53358"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:19:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811efb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44174"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10661"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:19:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811efb,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37133"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:19:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811efb,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39414"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10662"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:19:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811efb,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40083"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:19:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811efb,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47116"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10663"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:19:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e811f00,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585520384"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44627"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:19:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f00,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59903"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:19:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f00,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36569"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:19:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f00,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52810"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10664"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:19:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f00,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52812"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10665"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:19:44Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f02,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T22:19:57Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e811f0e,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51720"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T22:19:57Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e811f0e,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51752"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T22:19:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f0e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:20:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f1a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52155"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:20:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f1a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53172"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10666"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:20:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f1a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64415"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:20:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f1a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47130"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10667"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:20:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f1a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35276"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:20:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f1a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39432"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10668"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:20:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f33,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T22:20:47Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f41,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T22:20:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f41,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:21:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f4d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52106"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:21:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f4d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52107"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:21:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f53,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52108"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:21:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f53,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52109"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:21:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f54,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:21:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f69,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52110"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:21:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f69,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52111"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:21:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f69,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52112"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:21:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f69,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52113"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:21:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f6e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.117"] +<134>1 2020-03-29T22:21:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f6f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:21:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f74,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60501"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:21:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f74,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44228"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10669"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:21:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f74,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44703"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:21:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f74,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39468"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10670"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:21:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f74,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46909"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:21:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811f74,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47170"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10671"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:22:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e811fb3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51565"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:22:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e811fb3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585520563"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48353"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:22:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811fb4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:22:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e811fbd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585520573"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53031"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:22:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811fbd,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36348"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:22:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811fbd,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48565"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:22:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811fbd,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52888"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10672"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:22:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811fbd,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52890"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10673"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:22:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e811fbd,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585520573"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32924"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:23:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e811fc7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585520583"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39000"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:23:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e811fc7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585520583"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57449"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:23:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e811fc9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32907"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:23:06Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e811fcb,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51754"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T22:23:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811fcb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52114"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:23:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811fcb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52115"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:23:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e811fd1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585520593"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51981"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:23:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e811fd1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585520593"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56889"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:23:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e811fdb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585520603"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57369"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:23:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811fdc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:23:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811fde,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:23:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811fe1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52116"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:23:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811fe1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52117"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:23:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811fe1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52118"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:23:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811fe1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52119"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:23:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e811fe5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585520613"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58319"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:23:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811fec,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59638"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:23:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811fec,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44284"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10674"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:23:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811fec,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49371"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:23:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811fec,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39524"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10675"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:23:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811fec,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57464"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:23:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811fec,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59608"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10676"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:23:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e811fef,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585520623"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57332"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:23:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ff0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52120"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:23:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ff0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52121"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:23:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ff1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52122"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:23:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e811ff1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52123"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:23:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e811ff9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585520633"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45470"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:24:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812003,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585520643"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46191"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:24:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e81200d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585520653"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52696"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:24:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81200f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:24:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812017,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585520663"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49680"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:24:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812021,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585520673"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56420"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:25:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812043,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52124"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:25:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812043,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52125"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:25:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812045,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:25:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812046,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36433"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:25:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812046,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53296"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10677"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:25:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812047,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33390"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:25:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812047,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59636"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10678"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:25:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812047,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46006"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:25:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812047,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47256"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10679"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:25:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812048,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.117"] +<134>1 2020-03-29T22:25:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81204a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:25:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812059,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52126"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:25:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812059,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52127"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:25:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812059,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52128"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:25:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812059,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52129"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:25:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812064,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40429"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:25:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812064,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44332"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10680"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:25:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812064,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40827"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:25:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812064,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47272"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10681"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:25:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812064,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42329"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:25:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812064,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59656"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10682"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:26:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81207f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52130"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:26:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81207f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52131"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:26:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812080,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:26:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812082,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:27:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8120bb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52132"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:27:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8120bb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52133"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:27:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8120bd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43862"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:27:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8120bd,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:27:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8120d1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52134"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:27:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8120d1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52135"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:27:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8120d2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:27:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8120dc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61599"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:27:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8120dc,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44390"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10683"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:27:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8120dc,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61969"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:27:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8120dc,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59712"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10684"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:27:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8120dc,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58946"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:27:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8120dc,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39632"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10685"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:28:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8120fc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60198"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:28:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8120fe,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:28:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812122,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52136"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:28:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812122,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52137"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:28:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812123,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52138"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:28:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812123,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52139"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:28:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812124,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:28:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812126,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:29:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812133,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52140"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:29:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812133,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52141"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:29:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812149,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52142"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:29:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812149,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52143"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:29:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812154,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51934"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:29:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812154,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44436"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10686"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:29:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812155,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41569"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:29:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812155,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59758"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10687"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:29:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812155,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54917"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:29:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812155,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47378"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10688"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:29:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812156,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:30:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81216d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T22:30:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812173,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45772"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:30:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812173,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53442"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10689"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:30:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812173,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39863"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:30:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812173,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59782"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10690"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:30:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812173,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62510"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:30:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812173,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39702"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10691"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:31:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8121ab,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52144"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:31:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8121ac,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52145"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:31:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8121ad,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:31:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8121b0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52146"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:31:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8121b0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52147"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:31:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8121c1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52148"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:31:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8121c1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52149"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:31:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8121c1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52150"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:31:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8121c1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52151"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:31:35Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8121c9,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-29T22:31:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8121cd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49780"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:31:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8121cd,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44502"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10692"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:31:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8121cd,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56021"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:31:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8121cd,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59824"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10693"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:31:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8121cd,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33550"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:31:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8121cd,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39744"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10694"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:31:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8121cd,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52244"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:31:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8121cd,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44508"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10695"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:31:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8121cd,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43042"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:31:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8121cd,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59830"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10696"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:31:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8121cd,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54563"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:31:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8121cd,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47450"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10697"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:31:48Z gw-da58d3 CheckPoint 8363 - [flags:"166216"; ifdir:"outbound"; loguid:"{0x5e8121d5,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; db_ver:"20033001"; description:"Gateway was updated with database version: 22032001."; product:"Application Control"; severity:"1"; update_status:"updated"] +<134>1 2020-03-29T22:31:48Z gw-da58d3 CheckPoint 8363 - [flags:"166216"; ifdir:"outbound"; loguid:"{0x5e8121d5,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; db_ver:"20033001"; description:"Gateway was updated with database version: 22032001."; product:"URL Filtering"; severity:"1"; update_status:"updated"] +<134>1 2020-03-29T22:31:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8121d5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:32:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812209,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T22:32:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81220b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:32:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81220d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:33:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812223,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52152"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:33:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812224,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52153"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:33:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812239,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52154"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:33:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812239,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52155"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:33:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812239,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52156"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:33:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812239,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52157"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:33:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81223a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:33:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81223c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:33:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81224c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44717"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:33:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81224c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44564"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10698"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:33:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81224c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48942"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:33:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81224c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39804"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10699"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:33:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81224c,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48548"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:33:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81224c,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59888"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10700"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:33:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812253,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52158"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:33:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812253,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52159"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:33:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812254,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52160"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:33:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812254,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52161"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:35:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81229c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52163"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:35:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81229c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52164"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:35:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81229d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:35:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81229e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:35:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81229f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52506"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:35:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81229f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53578"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10701"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:35:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8122a0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40221"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:35:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8122a0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39836"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10702"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:35:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8122a0,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65327"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:35:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8122a0,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47538"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10703"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:35:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8122b1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52165"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:35:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8122b1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52166"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:35:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8122b1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52167"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:35:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8122b1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52168"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:35:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8122c4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49082"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:35:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8122c4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44616"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10704"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:35:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8122c4,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40837"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:35:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8122c4,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47556"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10705"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:35:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8122c4,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40799"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:35:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8122c4,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39858"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10706"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:35:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8122c5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:36:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8122e1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52170"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:36:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8122e1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52171"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:36:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812301,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40027"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:36:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812303,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:37:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812314,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52172"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:37:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812314,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52173"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:37:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812329,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52174"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:37:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812329,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52175"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:37:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812329,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52176"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:37:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812329,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52177"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:37:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81233c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57909"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:37:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81233c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44666"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10707"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:37:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81233c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53740"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:37:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81233c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39906"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10708"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:37:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81233c,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39098"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:37:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81233c,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59990"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10709"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:37:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81233d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:39:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812384,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52178"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:39:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812384,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52179"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:39:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812385,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52180"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:39:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812385,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52181"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:39:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812386,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:39:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81238c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52182"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:39:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81238c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52183"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:39:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81238d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:39:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8123a1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52184"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:39:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8123a1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52185"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:39:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8123a1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52186"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:39:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8123a1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52187"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:39:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8123b4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34968"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:39:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8123b4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44714"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10710"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:39:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8123b4,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51977"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:39:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8123b4,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47656"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10711"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:39:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8123b4,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58474"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:39:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8123b4,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39958"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10712"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:39:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8123b5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:39:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8123b7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:40:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8123cc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46583"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:40:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8123cd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53708"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10713"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:40:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8123cd,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37061"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:40:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8123cd,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60048"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10714"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:40:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8123cd,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62673"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:40:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8123cd,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47668"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10715"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:40:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8123d6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33429"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:41:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812404,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52188"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:41:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812404,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52189"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:41:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812405,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:41:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812412,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52190"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:41:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812412,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52191"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:41:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812419,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52192"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:41:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812419,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52193"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:41:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812419,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52194"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:41:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812419,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52195"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:41:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81242c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65193"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:41:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81242c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44766"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10716"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:41:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81242d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43074"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:41:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81242d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47708"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10717"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:41:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81242d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42928"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:41:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81242d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60092"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10718"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:41:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81242e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:41:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812430,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:42:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81243d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T22:43:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81247c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52196"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:43:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81247c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52197"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:43:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81247d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:43:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812491,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52198"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:43:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812491,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52199"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:43:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812491,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52200"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:43:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812492,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52201"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81249e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62672"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81249e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53448"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10719"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:43:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124a0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:43:49Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e8124a6,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52812"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T22:43:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124a5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43239"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:43:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124a5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44820"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10720"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:43:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124a5,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50408"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:43:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124a5,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40060"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10721"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:43:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124a5,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56753"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:43:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124a5,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60144"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10722"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:43:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124a6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:44:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124b6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52202"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:44:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124b6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52203"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:44:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124b7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52204"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:44:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124b7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52205"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:44:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8124d0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34381"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:44:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124d2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:44:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124d9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T22:45:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124f4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52207"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:45:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124f4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52208"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:45:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124f9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63034"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:45:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124f9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53832"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10723"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:45:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124fa,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54326"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:45:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124fa,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60172"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10724"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:45:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124fa,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46325"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:45:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124fa,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40092"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10725"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:45:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124fa,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:45:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8124fc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:45:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812509,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52209"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:45:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81250a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52210"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:45:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81250a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52211"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:45:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81250a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52212"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:45:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e81250e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56631"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:45:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81251d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56303"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:45:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81251d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44868"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10726"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:45:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81251d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36684"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:45:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81251d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60190"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10727"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:45:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81251d,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33588"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:45:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81251d,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40110"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10728"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:46:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812544,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52213"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:46:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812544,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52214"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:46:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812544,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:46:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812546,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:47:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81256c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52215"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:47:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81256c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52216"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:47:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812582,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52217"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:47:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812582,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52218"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:47:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812582,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52219"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:47:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812582,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52220"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:47:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812583,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:47:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812595,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52459"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:47:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812596,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44926"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10729"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:47:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812596,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51135"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:47:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812596,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40166"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10730"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:47:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812596,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43966"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:47:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812596,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60250"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10731"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:49:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8125e4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52221"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:49:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8125e4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52222"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:49:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8125e5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:49:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8125e7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52223"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:49:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8125e7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52224"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:49:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8125e8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52225"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:49:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8125e8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52226"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:49:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8125fa,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52227"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:49:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8125fa,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52228"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:49:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8125fa,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52229"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:49:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8125fa,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52230"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:49:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81260e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51317"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:49:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81260e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44980"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10732"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:49:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81260e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34652"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:49:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81260e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47920"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10733"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:49:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81260e,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33269"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:49:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81260e,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40222"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10734"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:49:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81260f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:50:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812626,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46973"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:50:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812626,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53974"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10735"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:50:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812626,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50588"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:50:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812626,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47932"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10736"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:50:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812626,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43771"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:50:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812626,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60316"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10737"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:51:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81265c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52232"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:51:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81265c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52233"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:51:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81265d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:51:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812672,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52234"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:51:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812672,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52235"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:51:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812672,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52236"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:51:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812672,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52237"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:51:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812675,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52238"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:51:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812675,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52239"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:51:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812686,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34379"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:51:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812686,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45034"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10738"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:51:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812686,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39586"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:51:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812686,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60356"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10739"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:51:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812686,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35408"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:51:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812686,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47976"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10740"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:51:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812687,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:53:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8126d4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52240"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:53:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8126d4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52241"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:53:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8126d5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:53:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8126d6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:53:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8126ea,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52242"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:53:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8126ea,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52243"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:53:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8126ea,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52244"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:53:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8126ea,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52245"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:53:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8126fe,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34211"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:53:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8126fe,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45088"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10741"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:53:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8126fe,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55514"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:53:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8126fe,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48029"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10742"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:53:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8126fe,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44176"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:53:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8126fe,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60412"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10743"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:53:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8126ff,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:54:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812708,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53028"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:54:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812708,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49503"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:54:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81270a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T22:54:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812712,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585522450"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40729"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:54:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812712,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38518"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:54:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812712,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56585"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:54:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812712,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53730"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10744"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:54:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812712,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53732"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10745"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:54:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812718,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52246"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:54:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812718,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52247"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:54:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812719,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52248"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:54:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812719,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:54:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812719,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52249"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:54:23Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e812720,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52888"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T22:54:23Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e812721,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52810"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T22:55:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81274c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52250"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:55:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81274c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52251"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:55:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81274d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:55:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812752,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55954"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:55:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812752,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54104"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10746"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:55:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812753,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51190"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:55:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812753,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48062"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10747"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:55:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812753,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43829"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:55:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812753,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60446"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10748"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:55:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812762,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52252"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:55:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812762,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52253"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:55:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812762,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52254"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:55:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812762,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52255"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:55:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812776,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39336"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:55:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812776,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45140"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10749"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:55:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812776,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57388"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:55:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812776,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48080"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10750"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:55:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812776,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54478"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:55:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812776,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40382"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10751"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:55:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812777,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:56:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8127a7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52256"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:56:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8127a7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52257"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:56:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8127a8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:56:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8127ab,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T22:57:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8127c4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52258"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:57:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8127c4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52259"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:57:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8127da,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52260"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:57:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8127da,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52261"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:57:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8127da,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52262"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:57:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8127da,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52263"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:57:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8127db,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:57:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8127e7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33272"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T22:57:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8127ee,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63646"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:57:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8127ee,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45188"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10752"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:57:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8127ef,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60424"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:57:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8127ef,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60510"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10753"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:57:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8127ef,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46396"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:57:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8127ef,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48130"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10754"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:59:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81283c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52264"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:59:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81283c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52265"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:59:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81283d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:59:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81283f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:59:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812849,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52266"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:59:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812849,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52267"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:59:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81284a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52268"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:59:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81284a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52269"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:59:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812852,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52270"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:59:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812852,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52271"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:59:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812852,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52272"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:59:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812852,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52273"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T22:59:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812867,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62637"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:59:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812867,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45238"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10755"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:59:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812867,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45050"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:59:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812867,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40478"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10756"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:59:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812867,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50598"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T22:59:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812867,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48180"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10757"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T22:59:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812868,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T22:59:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812869,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:00:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81287f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41082"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:00:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81287f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54232"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10758"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:00:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81287f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64615"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:00:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81287f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40490"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10759"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:00:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81287f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52221"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:00:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81287f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60574"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10760"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:01:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8128b4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52274"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:01:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8128b4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52275"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:01:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8128b5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:01:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8128ca,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52276"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:01:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8128ca,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52277"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:01:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8128ca,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52278"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:01:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8128ca,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52279"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:01:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8128d8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52280"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:01:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8128d8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52281"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:01:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8128d9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:01:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8128df,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65267"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:01:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8128df,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45292"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10761"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:01:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e8128df,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41554"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:01:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8128df,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35209"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:01:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8128df,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40532"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10762"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:01:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8128df,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44261"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:01:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8128df,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48234"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10763"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:02:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812912,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47681"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:02:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812914,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:03:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81292c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52282"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:03:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81292c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52283"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:03:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812942,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52284"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:03:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812942,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52285"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:03:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812942,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52286"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:03:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812942,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52287"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:03:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812943,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:03:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812957,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34130"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:03:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812957,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45344"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10764"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:03:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812957,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35251"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:03:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812957,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48284"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10765"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:03:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812957,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33955"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:03:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812957,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60668"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10766"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:04:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81297b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52288"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:04:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81297b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52289"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:04:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81297c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52290"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:04:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81297c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52291"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:04:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81297c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:05:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8129a4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52292"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:05:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8129a4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52293"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:05:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8129a5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:05:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8129a7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:05:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8129ab,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33585"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:05:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8129ab,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54358"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10767"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:05:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8129ac,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52078"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:05:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8129ac,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40616"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10768"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:05:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8129ac,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55332"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:05:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8129ac,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48318"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10769"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:05:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8129ba,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52294"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:05:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8129ba,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52295"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:05:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8129ba,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52296"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:05:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8129ba,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52297"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:05:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8129cf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49528"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:05:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8129cf,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45394"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10770"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:05:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8129cf,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53670"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:05:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8129cf,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40634"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10771"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:05:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8129cf,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34387"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:05:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8129cf,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60718"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10772"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:05:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8129d1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:06:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8129dc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T23:06:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812a09,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52298"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:06:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812a09,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52299"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:06:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812a0a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:06:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812a0e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.117"] +<134>1 2020-03-29T23:07:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812a1c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52300"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:07:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812a1c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52301"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:07:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812a32,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52302"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:07:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812a32,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52303"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:07:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812a32,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52304"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:07:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812a32,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52305"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:07:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812a33,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:07:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812a48,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55402"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:07:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812a48,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45444"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10773"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:07:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812a48,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52085"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:07:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812a48,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48384"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10774"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:07:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812a48,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37804"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:07:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812a48,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40686"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10775"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:07:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812a49,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:08:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812a74,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T23:08:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812a76,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:09:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812a94,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52306"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:09:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812a94,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52307"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:09:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812aaa,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52308"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:09:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812aaa,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52309"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:09:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812aaa,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52310"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:09:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812aaa,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52311"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:09:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812aab,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:09:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812aac,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52312"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:09:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812aac,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52313"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:09:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812aad,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52314"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:09:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812aad,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52315"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:09:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ac0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40190"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:09:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ac0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45498"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10776"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:09:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ac0,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46887"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:09:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ac0,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60820"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10777"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:09:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ac0,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59085"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:09:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ac0,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48440"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10778"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:10:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ad8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56394"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:10:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ad8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54492"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10779"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:10:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ad8,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38365"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:10:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ad8,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60832"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10780"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:10:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ad8,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62029"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:10:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ad8,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40752"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10781"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:10:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ad9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:11:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812b09,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56854"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:11:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b0b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:11:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b0c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52316"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:11:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b0c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52317"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:11:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b22,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52318"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:11:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b22,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52319"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:11:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b22,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52320"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:11:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b22,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52321"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:11:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b23,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:11:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b38,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58695"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:11:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b38,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45550"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10782"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:11:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b38,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48235"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:11:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b38,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40790"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10783"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:11:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b38,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60256"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:11:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b38,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60874"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10784"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:11:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b39,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:11:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b3b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52322"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:11:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b3b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52323"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:12:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812b62,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55037"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:12:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b63,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:12:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812b6c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585523564"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35918"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:12:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b6c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63204"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:12:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b6c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55586"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:12:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b6c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54204"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10785"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:12:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b6c,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54206"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10786"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:12:51Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e812b74,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53448"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T23:12:51Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e812b74,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52890"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T23:13:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b84,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52324"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:13:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b84,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52325"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:13:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b9a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52326"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:13:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b9a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52327"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:13:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b9a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52328"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:13:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b9a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52329"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:13:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812b9b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34581"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46664"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10787"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:13:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba5,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51248"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba5,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60920"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10788"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:13:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba5,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42788"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba5,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48540"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10789"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57861"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54240"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10790"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba6,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54242"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10791"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61334"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58904"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10792"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59094"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60936"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10793"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba7,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39463"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba7,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40856"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10794"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba7,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34282"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba7,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58910"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10795"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba7,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59856"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba7,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48560"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10796"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba7,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58676"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba7,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60944"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10797"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34253"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58916"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10798"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba8,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45861"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba8,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40866"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10799"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba8,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57986"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba8,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48568"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10800"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba8,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57684"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba8,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58922"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10801"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba8,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41403"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba8,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60954"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10802"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba8,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51232"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ba8,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40874"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10803"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:13:49Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e812bae,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53732"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T23:13:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bb0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62001"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bb0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45638"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10804"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:13:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bb0,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34503"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bb0,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48578"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10805"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:13:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bb0,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41436"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bb0,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60962"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10806"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:13:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bb1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bb3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39559"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bb3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45646"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10807"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:13:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bb3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60822"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bb3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40886"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10808"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:13:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bb3,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38771"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:13:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bb3,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48588"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10809"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:13:55Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e812bb5,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53730"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T23:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bce,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48961"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bce,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58948"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10810"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bce,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48743"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bce,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48598"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10811"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bce,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45752"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bce,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40900"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10812"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bce,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44774"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bce,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58954"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10813"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bce,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52952"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bce,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48604"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10814"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bce,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57087"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bce,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60988"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10815"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bcf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34429"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bcf,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58960"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10816"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bcf,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59536"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bcf,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40910"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10817"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bcf,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57173"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bcf,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48612"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10818"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bcf,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35013"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bcf,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58966"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10819"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bcf,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57588"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bcf,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60998"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10820"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bcf,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48444"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bcf,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40918"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10821"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bcf,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62557"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bcf,0xd,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58972"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10822"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51657"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48622"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10823"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd0,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61497"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd0,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61006"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10824"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd0,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48202"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd0,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58978"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10825"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd0,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49715"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd0,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40928"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10826"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd0,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55545"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd0,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48630"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10827"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd0,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52844"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd0,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd0,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58984"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10828"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd0,0xd,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56088"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd0,0xe,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61018"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10829"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd0,0xf,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54994"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd0,0x10,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40938"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10830"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd0,0x11,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36354"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd0,0x12,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"19"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58992"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10831"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61211"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48642"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10832"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47668"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61026"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10833"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64993"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd1,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58998"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10834"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd1,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62123"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd1,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40948"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10835"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd1,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57294"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd1,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48650"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10836"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd1,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55914"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd1,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59004"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10837"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd1,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44143"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd1,0xd,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61036"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10838"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd1,0xe,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42451"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd1,0xf,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40956"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10839"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd1,0x10,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36486"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd1,0x11,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59010"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10840"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd1,0x12,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35429"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd1,0x13,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48660"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10841"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd1,0x14,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52621"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd1,0x15,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61044"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10842"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35089"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59018"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10843"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45275"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd2,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40968"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10844"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd2,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57203"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd2,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48670"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10845"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43719"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59024"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10846"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65496"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61056"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10847"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd3,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62076"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bd3,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40976"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10848"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:14:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bdd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52330"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:14:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bdd,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52331"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:14:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bde,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52332"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:14:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bde,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52333"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:14:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bde,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:14:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812bed,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"129.250.35.250"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52068"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:15:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bfc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52336"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:15:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812bfd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52337"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:15:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c05,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59455"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:15:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c05,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54734"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10849"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:15:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c05,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37146"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:15:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c05,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48692"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10850"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:15:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c05,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37016"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:15:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c05,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61076"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10851"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:15:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c06,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:15:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c12,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52338"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:15:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c12,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52339"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:15:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c12,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52340"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:15:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c12,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52341"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:15:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c28,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64779"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:15:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c28,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45770"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10852"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:15:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c28,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59466"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:15:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c28,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61092"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10853"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:15:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c28,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35087"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:15:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c28,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41012"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10854"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:15:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c2a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:17:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c6c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52349"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:17:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c6c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52350"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:17:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c6d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:17:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c75,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52351"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:17:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c75,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52352"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:17:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812c79,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40357"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:17:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812c79,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585523833"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60023"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:17:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c7a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:17:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812c83,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585523843"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47700"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:17:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812c83,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585523843"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58686"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:17:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c8a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52353"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:17:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c8a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52354"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:17:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c8a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52355"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:17:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812c8a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52356"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:17:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812c8d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585523853"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50741"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:17:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812c8d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585523853"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47518"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:17:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812c97,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585523863"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51089"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:17:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812c97,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585523863"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39925"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:17:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ca0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48993"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:17:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ca0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45830"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10855"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:17:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ca1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48270"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:17:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ca1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48770"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10856"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:17:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ca1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42559"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:17:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ca1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41072"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10857"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:17:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812ca1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585523873"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47854"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:17:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ca2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:18:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ca9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.117"] +<134>1 2020-03-29T23:18:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812cab,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585523883"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40830"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:18:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812cb5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585523893"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53107"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:18:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812cbf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585523903"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55748"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:18:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812cc9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585523913"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35236"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:18:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812cca,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:18:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812cd3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585523923"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56312"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:18:43Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e812cd4,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; description:"Contracts"; product:"Security Gateway/Management"; status:"Started"; update_service:"1"; version:"1.0"] +<134>1 2020-03-29T23:18:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812cd3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40116"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:18:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812cd3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.10"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41646"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10858"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:18:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812cd3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38043"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:18:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812cd3,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48796"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10859"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:18:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812cd3,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40693"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:18:44Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e812cd4,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; comment:"No update was found"; description:"Contracts"; product:"Security Gateway/Management"; status:"Finished"; update_service:"1"; version:"1.0"] +<134>1 2020-03-29T23:18:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812cd3,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61180"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10860"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:18:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812cdd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585523933"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55039"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:18:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812cde,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:19:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812ce7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585523943"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60281"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:19:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812cea,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.123"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57980"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:19:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ced,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52357"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:19:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ced,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52358"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:19:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d02,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52359"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:19:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d02,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52360"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:19:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d03,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:19:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d0e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52362"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:19:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d0e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52363"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:19:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d0f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52364"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:19:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d0f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52365"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:19:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d10,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:19:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d19,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36007"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:19:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d19,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45888"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10861"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:19:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d19,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40142"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:19:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d19,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61210"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10862"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:19:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d19,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47652"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:19:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d19,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41130"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10863"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:19:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812d1b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"162.159.200.1"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33531"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:20:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d31,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57799"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:20:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d31,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54884"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10864"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:20:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d31,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59335"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:20:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d31,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48842"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10865"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:20:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d31,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43646"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:20:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d31,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41144"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10866"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:20:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d32,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:20:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812d4b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39331"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:20:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d53,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T23:20:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812d55,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585524053"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57589"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:21:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812d5f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585524063"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45041"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:21:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d61,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:21:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d65,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52366"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:21:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d65,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52367"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:21:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812d69,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585524073"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53115"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:21:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812d73,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585524083"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53951"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:21:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d7a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52368"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:21:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d7b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52369"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:21:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d7b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52370"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:21:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d7b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52371"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:21:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812d7d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585524093"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37320"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:21:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812d87,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585524103"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33822"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:21:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d89,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:21:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812d91,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585524113"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33256"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:21:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d91,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41064"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:21:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d91,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45938"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10867"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:21:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d91,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59070"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:21:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d91,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48878"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10868"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:21:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d91,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45207"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:21:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d91,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61262"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10869"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:22:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812d9b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585524123"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40104"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:22:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d9d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:22:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d9d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52372"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:22:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812d9d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52373"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:22:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812da5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585524133"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46934"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:22:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812daf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585524143"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45770"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:22:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812db1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:22:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812db2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46306"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:22:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812db2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59248"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10870"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:22:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812db2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46917"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:22:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812db2,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61280"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10871"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:22:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812db2,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49476"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:22:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812db2,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48900"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10872"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:22:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812db7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61361"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:22:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812db7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59254"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10873"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:22:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812db7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42910"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:22:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812db7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61286"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10874"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:22:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812db7,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60198"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:22:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812db7,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41206"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10875"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:22:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812db9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585524153"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38693"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:22:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812dbe,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50174"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:22:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812dbe,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.108.169.64"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43324"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10876"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:22:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e812dc3,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; additional_info:"Authentication method: Local bind"; administrator:"localhost"; client_ip:"127.0.0.1"; machine:"gw-da58d3"; operation:"Log In"; operation_number:"10"; product:"query-database"; subject:"Administrator Login"] +<134>1 2020-03-29T23:22:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e812dc3,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; administrator:"localhost"; client_ip:"127.0.0.1"; machine:"gw-da58d3"; operation:"Log Out"; operation_number:"12"; product:"query-database"; subject:"Administrator Login"] +<134>1 2020-03-29T23:22:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e812dc3,0x2,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; additional_info:"Authentication method: Local bind"; administrator:"localhost"; client_ip:"127.0.0.1"; machine:"gw-da58d3"; operation:"Log In"; operation_number:"10"; product:"query-database"; subject:"Administrator Login"] +<134>1 2020-03-29T23:22:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e812dc4,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; administrator:"localhost"; client_ip:"127.0.0.1"; machine:"gw-da58d3"; operation:"Log Out"; operation_number:"12"; product:"query-database"; subject:"Administrator Login"] +<134>1 2020-03-29T23:22:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812dc7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48967"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:22:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812dc7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.16"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33946"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10877"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:22:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812dc7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54148"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:22:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812dc7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48936"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10878"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:22:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812dc7,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65447"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:22:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812dc7,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61320"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10879"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:23:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ddd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52374"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:23:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ddd,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52375"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:23:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812dde,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:23:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812dee,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35402"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:23:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812dee,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59310"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10880"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:23:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812dee,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34691"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:23:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812dee,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61342"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10881"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:23:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812dee,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50221"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:23:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812dee,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41262"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10882"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:23:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812df3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52376"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:23:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812df3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52377"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:23:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812df3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52378"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:23:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812df3,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52379"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:23:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e09,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56778"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:23:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e09,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46032"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10883"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:23:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e09,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58185"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:23:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e09,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61354"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10884"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:23:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e09,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41175"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:23:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e09,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48974"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10885"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:23:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e0b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:24:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e3f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52380"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:24:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e3f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52381"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:24:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e40,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:24:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e41,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52382"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:24:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e41,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52383"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:24:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e42,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e44,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53871"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e44,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59348"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10886"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e44,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37430"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e44,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41298"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10887"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e44,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44679"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e44,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61382"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10888"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:25:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e55,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52384"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:25:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e55,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52385"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:25:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e5e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52998"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:25:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e5e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55056"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10889"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:25:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e5e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63047"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:25:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e5e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41314"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10890"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:25:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e5e,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34390"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:25:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e5e,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49016"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10891"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:25:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e6b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52386"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:25:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e6b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52387"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:25:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e6b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52388"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:25:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e6b,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52389"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:25:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e6c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:25:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e82,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44502"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:25:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e82,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46090"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10892"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:25:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e82,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61449"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:25:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e82,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41330"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10893"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:25:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e82,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49477"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:25:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e82,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61414"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10894"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:26:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812e95,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38839"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:26:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e96,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:26:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812e98,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:26:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812e9f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585524383"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36245"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:26:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812ea9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585524393"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48406"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:26:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812eb3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585524403"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55965"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:26:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812ebd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585524413"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36744"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:27:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812ec7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585524423"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50482"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:27:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ec9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:27:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ecd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52390"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:27:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ecd,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52391"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:27:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ece,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52392"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:27:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ece,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52393"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:27:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ed1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37768"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:27:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812ed1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585524433"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47343"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:27:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ed1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59414"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10895"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:27:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ed1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52662"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:27:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ed1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61446"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10896"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:27:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ed1,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49579"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:27:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ed1,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49066"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10897"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:27:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ed2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50845"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:27:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ed2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.108.169.64"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43484"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10898"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:27:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812edb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585524443"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50767"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:27:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ee3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52394"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:27:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ee3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52395"; service:"443"; service_id:"https"; src:"192.168.1.117"] +<134>1 2020-03-29T23:27:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812ee5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45671"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:27:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812eef,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585524463"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54505"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:27:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812ef1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:27:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812ef9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585524473"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56976"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:27:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812efa,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59657"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:27:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812efa,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46150"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10899"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:27:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812efa,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52344"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:27:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812efa,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61472"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10900"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:27:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812efa,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45922"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:27:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812efa,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41392"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10901"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:28:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812f03,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585524483"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44152"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:28:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812f10,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"83.98.201.134"; inzone:"Internal"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50523"; service:"123"; service_id:"ntp-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:28:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812f10,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585524496"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40246"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:28:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; conn_direction:"Outgoing"; flags:"6703366"; ifdir:"inbound"; ifname:"eth1"; logid:"0"; loguid:"{0x5e812f1a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"8.8.8.8"; log_delay:"1585524506"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37140"; service:"53"; service_id:"domain-udp"; src:"192.168.2.2"] +<134>1 2020-03-29T23:28:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812f1a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51575"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:28:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812f1a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50946"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:28:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812f1a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54800"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10902"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:28:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812f1a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54802"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10903"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:28:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812f1b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:28:33Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e812f22,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54242"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T23:28:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x5e812f28,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; administrator:"admin"; client_ip:"192.168.1.117"; machine:"WinDev2002Eval"; operation:"Log Out"; operation_number:"12"; product:"SmartConsole"; subject:"Administrator Login"] +<134>1 2020-03-29T23:28:39Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e812f29,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54204"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T23:29:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812f72,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39693"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:29:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812f72,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46210"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10904"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:29:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812f72,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60035"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:29:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812f72,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41450"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10905"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:29:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812f72,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33258"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:29:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812f72,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49152"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10906"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:29:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812f73,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:30:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812f8a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35926"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:30:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812f8a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55210"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10907"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:30:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812f8b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44753"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:30:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812f8b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41468"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10908"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:30:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812f8b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41088"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:30:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812f8b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61552"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10909"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:31:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812fea,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45506"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:31:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812fea,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46262"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10910"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:31:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812fea,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37488"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:31:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812fea,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41502"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10911"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:31:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812fea,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63293"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:31:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812fea,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61586"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10912"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:31:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e812feb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:33:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813059,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T23:33:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81305b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:33:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813062,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41861"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:33:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813062,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46316"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10913"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:33:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813062,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33663"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:33:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813062,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61638"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10914"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:33:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813062,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62122"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:33:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813062,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41558"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10915"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:35:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8130b7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47915"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:35:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8130b7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55328"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10916"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:35:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8130b7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54896"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:35:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8130b7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41586"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10917"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:35:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8130b7,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46798"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:35:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8130b7,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49288"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10918"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:35:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8130b8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:35:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8130ba,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:35:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8130da,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41326"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:35:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8130da,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46364"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10919"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:35:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8130db,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35345"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:35:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8130db,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41604"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10920"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:35:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8130db,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63127"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:35:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8130db,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61688"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10921"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:37:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813153,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51088"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:37:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813153,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46408"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10922"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:37:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813153,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35667"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:37:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813153,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41648"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10923"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:37:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813153,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59374"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:37:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813153,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61732"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10924"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:37:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813154,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:39:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8131cb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38075"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:39:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8131cb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46454"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10925"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:39:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8131cb,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52680"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:39:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8131cb,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61776"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10926"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:39:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8131cb,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47410"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:39:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8131cb,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49396"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10927"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:39:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8131cc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:39:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8131cd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:40:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8131e3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56515"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:40:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8131e3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55454"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10928"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:40:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8131e4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42961"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:40:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8131e4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61794"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10929"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:40:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8131e4,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46453"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:40:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8131e4,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41714"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10930"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:41:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813243,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46060"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:41:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813243,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46504"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10931"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:41:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813243,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42277"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:41:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813243,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49444"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10932"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:41:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813243,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58041"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:41:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813243,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41746"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10933"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:41:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813244,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:43:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8132a0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37677"; service:"137"; service_id:"nbname"; src:"192.168.1.205"] +<134>1 2020-03-29T23:43:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8132a0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32935"; service:"137"; service_id:"nbname"; src:"192.168.1.205"] +<134>1 2020-03-29T23:43:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8132a0,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34642"; service:"137"; service_id:"nbname"; src:"192.168.1.205"] +<134>1 2020-03-29T23:43:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8132a0,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60143"; service:"137"; service_id:"nbname"; src:"192.168.1.205"] +<134>1 2020-03-29T23:43:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8132a0,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56778"; service:"137"; service_id:"nbname"; src:"192.168.1.205"] +<134>1 2020-03-29T23:43:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8132a1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8132ae,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40571"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8132ae,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57804"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10934"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:43:49Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e8132b6,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54206"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-29T23:43:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8132bb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40537"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:43:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8132bb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46558"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10935"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:43:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8132bb,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35010"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:43:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8132bb,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61880"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10936"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:43:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8132bb,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61125"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:43:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8132bb,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49500"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10937"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:43:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8132bd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:45:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813310,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60746"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:45:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813310,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55572"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10938"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:45:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813310,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57067"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:45:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813310,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41830"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10939"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:45:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813310,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45353"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:45:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813310,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49532"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10940"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:45:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813311,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:45:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813312,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:45:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813334,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55443"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:45:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813334,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46608"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10941"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:45:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813334,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63207"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:45:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813334,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61930"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10942"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:45:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813334,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54493"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:45:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813334,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49550"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10943"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:45:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813336,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T23:47:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8133ac,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39811"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:47:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8133ac,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46658"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10944"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:47:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8133ac,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42335"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:47:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8133ac,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41898"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10945"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:47:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8133ac,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41309"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:47:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8133ac,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61982"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10946"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:47:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8133ad,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:49:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813424,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39583"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:49:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813424,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46710"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10947"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:49:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813424,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45134"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:49:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813424,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41950"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10948"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:49:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813424,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50145"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:49:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813424,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49652"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10949"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:49:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813425,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:50:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81343d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35997"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:50:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81343d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55708"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10950"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:50:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81343d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42224"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:50:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81343d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"41966"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10951"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:50:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81343d,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42564"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:50:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81343d,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62050"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10952"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:51:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81349c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54018"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:51:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81349c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46760"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10953"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:51:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81349c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44026"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:51:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81349c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42000"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10954"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:51:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81349c,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47479"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:51:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81349c,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62084"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10955"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:51:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81349d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:51:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81349e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:53:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813514,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44246"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:53:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813514,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46810"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10956"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:53:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813514,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34654"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:53:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813514,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49750"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10957"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:53:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813514,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44544"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:53:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813514,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42052"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10958"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:53:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813516,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:55:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813569,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57381"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:55:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813569,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55824"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10959"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:55:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813569,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56996"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:55:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813569,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49782"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10960"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:55:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813569,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44663"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:55:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813569,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62166"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10961"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:55:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81356a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:55:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81358d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37372"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:55:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81358d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46862"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10962"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:55:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81358d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58638"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:55:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81358d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49802"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10963"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:55:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81358d,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50417"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:55:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81358d,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42104"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10964"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:57:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813605,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39830"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:57:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813605,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46906"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10965"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:57:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813605,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59029"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:57:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813605,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49846"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10966"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:57:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813605,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38459"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:57:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813605,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42148"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10967"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:57:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813606,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:58:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813607,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-29T23:58:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81360e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-29T23:59:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81367d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34670"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:59:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81367d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46952"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10968"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:59:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81367d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61196"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:59:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81367d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62274"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10969"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:59:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81367d,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46355"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-29T23:59:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81367d,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49894"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10970"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-29T23:59:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81367e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:00:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813696,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42455"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:00:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813696,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55950"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10971"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:00:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813696,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59116"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:00:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813696,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49908"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10972"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:00:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813696,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32873"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:00:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813696,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42210"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10973"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:00:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813697,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:01:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8136f5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56989"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:01:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8136f5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47002"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10974"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:01:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8136f5,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58291"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:01:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8136f5,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49942"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10975"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:01:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8136f5,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53916"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:01:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8136f5,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42244"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10976"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:01:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8136f6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:03:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81376d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49334"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:03:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81376d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47051"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10977"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:03:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81376d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40404"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:03:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81376d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49990"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10978"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:03:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81376d,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55758"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:03:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81376d,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42292"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10979"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:03:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81376f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:04:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813770,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:05:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8137c2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38801"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:05:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8137c2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56064"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10980"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:05:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8137c3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45850"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:05:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8137c3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62404"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10981"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:05:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8137c3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37288"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:05:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8137c3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42324"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10982"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:05:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8137c3,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:05:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8137c5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:05:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8137e6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41749"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:05:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8137e6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47102"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10983"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:05:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8137e6,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63209"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:05:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8137e6,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50042"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10984"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:05:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8137e6,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51632"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:05:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8137e6,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42344"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10985"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:07:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81385e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46600"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:07:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81385e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47146"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10986"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:07:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81385e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35700"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:07:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81385e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50086"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10987"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:07:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81385e,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58769"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:07:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81385e,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62470"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10988"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:07:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81385f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:09:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8138d6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43234"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:09:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8138d6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47198"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10989"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:09:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8138d6,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38364"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:09:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8138d6,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50138"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10990"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:09:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8138d6,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62972"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:09:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8138d6,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42440"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10991"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:09:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8138d7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:10:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8138d8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T00:10:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8138da,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:10:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8138ef,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41160"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:10:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8138ef,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56196"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10992"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:10:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8138ef,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50644"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:10:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8138ef,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50154"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10993"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:10:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8138ef,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36103"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:10:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8138ef,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62538"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10994"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:11:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81394e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46974"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:11:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81394e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47248"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10995"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:11:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81394e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49262"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:11:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81394e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62572"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10996"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:11:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81394e,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47851"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:11:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81394e,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42492"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10997"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:11:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81394f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8139b6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38157"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8139b6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55920"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10998"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8139b7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:13:56Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e8139c5,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54240"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-30T00:13:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8139c6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61849"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:13:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8139c6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47306"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"10999"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:13:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8139c7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62587"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:13:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8139c7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42546"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11000"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:13:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8139c7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63639"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:13:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8139c7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50248"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11001"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:14:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8139c8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:15:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813a1c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38955"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:15:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813a1c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56314"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11002"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:15:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813a1c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61608"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:15:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813a1c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50272"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11003"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:15:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813a1c,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33953"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:15:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813a1c,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62656"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11004"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:15:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813a1d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:15:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813a1e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:15:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813a3f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35857"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:15:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813a3f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47354"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11005"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:15:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813a3f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53026"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:15:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813a3f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50294"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11006"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:15:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813a3f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38634"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:15:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813a3f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42596"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11007"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:17:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ab7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63494"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:17:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ab7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47407"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11008"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:17:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ab7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50772"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:17:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ab7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50346"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11009"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:17:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ab7,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38520"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:17:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ab7,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62730"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11010"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:18:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ab8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:18:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813aba,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:19:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813b2f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60183"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:19:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813b2f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47452"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11011"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:19:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813b2f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49364"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:19:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813b2f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42693"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11012"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:19:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813b2f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65329"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:19:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813b2f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50394"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11013"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:20:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813b30,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:20:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813b32,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:20:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813b48,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40513"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:20:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813b48,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56448"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11014"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:20:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813b48,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59229"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:20:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813b48,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50406"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11015"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:20:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813b49,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41547"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:20:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813b49,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42708"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11016"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:21:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ba7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52907"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:21:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ba7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47502"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11017"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:21:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ba7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52125"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:21:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ba7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62824"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11018"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:21:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ba7,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37296"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:21:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ba7,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50444"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11019"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:22:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ba8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:22:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813bb6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T00:24:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813c1f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42144"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:24:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813c1f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47550"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11020"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:24:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813c20,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37163"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:24:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813c20,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62872"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11021"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:24:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813c20,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49344"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:24:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813c20,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50492"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11022"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:24:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813c21,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:24:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813c23,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:25:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813c75,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48807"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:25:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813c75,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56562"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11023"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:25:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813c75,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54016"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:25:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813c75,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42820"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11024"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:25:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813c75,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40857"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:25:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813c75,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62904"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11025"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:25:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813c76,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:25:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813c78,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:26:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813c98,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54004"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:26:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813c98,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47602"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11026"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:26:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813c98,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46515"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:26:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813c98,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42842"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11027"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:26:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813c98,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32892"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:26:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813c98,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62926"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11028"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:28:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813d10,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55756"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:28:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813d10,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47646"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11029"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:28:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813d10,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44426"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:28:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813d10,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50586"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11030"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:28:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813d10,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48972"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:28:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813d10,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42888"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11031"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:28:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813d11,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:29:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813d4c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; icmp:"Echo Request"; icmp_code:"0"; icmp_type:"8"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"1"; service_id:"echo-request"; src:"192.168.1.205"] +<134>1 2020-03-30T00:29:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813d4e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:29:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813d4f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:30:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813d88,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60499"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:30:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813d88,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47696"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11032"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:30:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813d88,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60568"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:30:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813d88,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63018"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11033"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:30:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813d88,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38001"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:30:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813d88,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42938"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11034"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:30:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813d89,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:30:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813da2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35467"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:30:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813da2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56692"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11035"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:30:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813da2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36595"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:30:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813da2,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42952"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11036"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:30:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813da2,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58721"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:30:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813da2,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50654"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11037"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:30:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813da3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:32:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813e00,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34603"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:32:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813e00,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47752"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11038"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:32:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813e00,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39084"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:32:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813e00,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50692"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11039"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:32:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813e00,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59205"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:32:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813e00,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"42994"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11040"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:32:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813e02,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:32:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813e03,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:34:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813e79,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53674"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:34:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813e79,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47804"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11041"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:34:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813e79,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49377"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:34:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813e79,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50744"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11042"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:34:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813e79,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48081"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:34:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813e79,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63128"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11043"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:34:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813e7a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:34:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813e8e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T00:35:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ece,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64006"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:35:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ece,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56818"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11044"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:35:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ecf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49464"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:35:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ecf,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50776"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11045"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:35:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ecf,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61707"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:35:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ecf,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43078"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11046"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:35:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ecf,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:35:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ed0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:36:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ef1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47798"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:36:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ef1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47856"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11047"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:36:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ef1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54237"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:36:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ef1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50796"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11048"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:36:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ef1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57012"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:36:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ef1,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63180"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11049"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:38:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813f69,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44977"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:38:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813f69,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47900"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11050"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:38:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813f69,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60445"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:38:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813f69,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50840"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11051"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:38:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813f69,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46079"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:38:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813f69,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63224"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11052"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:38:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813f6a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:40:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813fe1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50076"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:40:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813fe1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47946"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11053"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:40:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813fe1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47107"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:40:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813fe1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50886"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11054"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:40:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813fe1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42555"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:40:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813fe1,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43188"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11055"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:40:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813fe2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:40:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813fe4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:40:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ffb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51167"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:40:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ffb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56944"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11056"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:40:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ffb,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56931"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:40:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ffb,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50902"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11057"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:40:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ffb,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38890"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:40:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e813ffb,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63286"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11058"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:42:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814059,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51620"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:42:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814059,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47996"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11059"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:42:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814059,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54652"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:42:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814059,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63318"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11060"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:42:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814059,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53977"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:42:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814059,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43238"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11061"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:42:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81405b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e8140c0,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54800"; service:"80"; src:"192.168.1.100"; tcp_flags:"PUSH-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-30T00:43:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8140c0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:43:57Z gw-da58d3 CheckPoint 8363 - [alert:"alert"; flags:"139328"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e8140cf,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; sequencenum:"1"; version:"5"; description:"Error occur"; product:"RAD"; reason:"Failed to fetch CP Site Resource. Timeout was reached, check /opt/CPsuite-R80.40/fw1/log/rad_events/Errors/flow_5779_140_MAIN_CHILD For more details"; severity:"3"] +<134>1 2020-03-30T00:44:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8140d2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63798"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:44:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8140d2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48048"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11062"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:44:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8140d2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55471"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:44:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8140d2,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43288"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11063"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:44:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8140d2,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44096"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:44:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8140d2,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63372"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11064"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:45:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814127,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51743"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:45:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814127,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57058"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11065"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:45:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814128,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41295"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:45:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814128,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51016"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11066"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:45:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814128,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47722"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:45:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814128,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43318"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11067"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:45:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814128,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:46:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81414a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45536"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:46:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81414a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48096"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11068"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:46:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81414a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64919"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:46:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81414a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51036"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11069"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:46:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81414a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56821"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:46:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81414a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63420"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11070"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:46:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814166,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T00:46:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814168,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:46:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81416a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:48:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8141c2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41182"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:48:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8141c2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48146"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11071"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:48:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8141c2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65325"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:48:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8141c2,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43386"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11072"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:48:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8141c2,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44063"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:48:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8141c2,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63470"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11073"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:48:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8141c3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:48:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8141c4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:50:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81423a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43696"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:50:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81423a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48192"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11074"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:50:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81423a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60300"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:50:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81423a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63514"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11075"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:50:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81423a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62544"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:50:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81423a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43434"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11076"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:50:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81423b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:50:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814254,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38123"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:50:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814254,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57190"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11077"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:50:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814254,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63913"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:50:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814254,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63530"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11078"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:50:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814254,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50240"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:50:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814254,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51150"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11079"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:50:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814256,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:52:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8142b2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38228"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:52:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8142b2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48248"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11080"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:52:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8142b3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36034"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:52:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8142b3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51188"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11081"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:52:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8142b3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46792"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:52:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8142b3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43490"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11082"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:52:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8142b4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:54:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81432b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53536"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:54:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81432b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"23.211.1.104"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54686"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11083"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:54:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81432b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46199"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:54:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81432b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43538"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11084"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:54:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81432b,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58516"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:54:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81432b,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51240"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11085"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:54:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81432c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:54:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81432d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:55:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814380,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33827"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:55:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814381,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57312"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11086"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:55:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814381,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40446"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:55:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814381,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63652"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11087"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:55:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814381,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40657"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:55:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814381,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51272"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11088"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:55:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814382,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:55:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814383,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:56:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8143a3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63619"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:56:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8143a3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48352"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11089"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:56:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8143a3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57657"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:56:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8143a3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63674"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11090"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:56:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8143a3,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51648"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:56:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8143a3,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43594"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11091"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:58:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81441b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42852"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:58:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81441b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48396"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11092"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:58:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81441b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63963"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:58:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81441b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51336"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11093"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:58:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81441b,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54111"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T00:58:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81441b,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63720"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11094"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T00:58:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81441c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:58:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81441e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T00:58:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81443e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T01:00:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814493,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45508"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:00:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814493,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48442"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11095"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:00:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814493,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51148"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:00:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814493,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43682"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11096"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:00:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814493,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55323"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:00:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814493,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51384"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11097"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:00:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814494,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:00:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814496,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:00:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8144ad,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60851"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:00:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8144ad,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57440"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11098"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:00:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8144ae,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60384"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:00:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8144ae,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43698"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11099"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:00:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8144ae,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44333"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:00:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8144ae,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63782"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11100"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:02:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81450c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59854"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:02:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81450c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48492"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11101"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:02:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81450c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51436"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:02:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81450c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63814"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11102"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:02:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81450c,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39536"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:02:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81450c,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51434"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11103"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:02:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81450d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:02:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81450f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:04:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814584,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61689"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:04:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814584,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48540"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11104"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:04:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814584,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44609"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:04:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814584,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51480"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11105"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:04:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814584,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49895"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:04:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814584,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43782"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11106"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:04:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814585,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:05:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8145da,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55064"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:05:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8145da,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57554"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11107"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:05:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8145da,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54091"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:05:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8145da,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51512"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11108"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:05:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8145da,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39850"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:05:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8145da,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63896"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11109"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:05:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8145db,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:06:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8145fc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60944"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:06:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8145fc,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48592"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11110"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:06:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8145fc,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35071"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:06:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8145fc,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51532"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11111"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:06:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8145fc,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38682"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:06:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8145fc,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43834"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11112"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:08:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814674,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61176"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:08:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814674,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48636"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11113"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:08:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814674,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60216"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:08:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814674,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43876"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11114"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:08:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814674,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59720"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:08:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814674,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63960"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11115"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:08:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814675,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:08:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814686,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57621"; service:"57621"; src:"192.168.1.58"] +<134>1 2020-03-30T01:08:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814688,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:10:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8146ec,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41537"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:10:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8146ec,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48682"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11116"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:10:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8146ec,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37946"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:10:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8146ec,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64004"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11117"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:10:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8146ec,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48933"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:10:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8146ec,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43924"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11118"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:10:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8146ee,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:10:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8146ef,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:10:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814706,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62172"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:10:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814706,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57680"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11119"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:10:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814707,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51494"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:10:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814707,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64020"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11120"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:10:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814707,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55483"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:10:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814707,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51640"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11121"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:10:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814708,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T01:12:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814764,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50953"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:12:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814764,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48738"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11122"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:12:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814765,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52159"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:12:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814765,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51678"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11123"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:12:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814765,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63433"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:12:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814765,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64062"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11124"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:12:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814766,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:13:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57775"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49842"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11125"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64951"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c6,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44016"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11126"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c6,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63675"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c6,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51718"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11127"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e8147c6,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54802"; service:"80"; src:"192.168.1.100"; tcp_flags:"PUSH-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-30T01:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e8147c6,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57804"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-30T01:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c6,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53342"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c6,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57412"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11128"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c6,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35997"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62078"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11129"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56369"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44030"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11130"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c7,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43898"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c7,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64114"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11131"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c7,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39101"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c7,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62086"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11132"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c7,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61567"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c7,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51736"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11133"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c7,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37704"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c7,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44040"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11134"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37576"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62094"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11135"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c8,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38644"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c8,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64126"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11136"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c8,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45345"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c8,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51746"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11137"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c8,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33670"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c8,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62100"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11138"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c8,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44244"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c8,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44050"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11139"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c8,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47622"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147c8,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64134"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11140"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:13:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147d4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60631"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:13:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147d4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48820"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11141"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:13:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147d4,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50639"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:13:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147d4,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51762"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11142"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:13:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147d4,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47879"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:13:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147d4,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44064"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11143"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:13:57Z gw-da58d3 CheckPoint 8363 - [alert:"alert"; flags:"139328"; ifdir:"inbound"; ifname:"daemon"; loguid:"{0x5e8147d6,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; sequencenum:"1"; version:"5"; description:"Error occur"; product:"RAD"; reason:"Failed to fetch CP Site Resource. Timeout was reached, check /opt/CPsuite-R80.40/fw1/log/rad_events/Errors/flow_5779_141_MAIN_CHILD For more details"; severity:"3"] +<134>1 2020-03-30T01:14:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147dd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65122"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:14:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147dd,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48830"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11144"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:14:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147dd,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39680"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:14:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147dd,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64152"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11145"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:14:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147dd,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52857"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:14:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8147dd,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51772"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11146"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:15:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814833,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61564"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:15:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814833,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57842"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11147"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:15:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814833,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46234"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:15:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814833,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44100"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11148"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:15:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814833,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47963"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:15:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814833,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51802"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11149"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:15:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814834,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:15:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814836,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:16:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814855,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43578"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:16:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814855,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48880"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11150"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:16:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814855,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43164"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:16:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814855,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44120"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11151"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:16:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814855,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55082"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:16:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814855,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64204"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11152"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:18:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8148cd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38236"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:18:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8148cd,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48932"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11153"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:18:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8148cd,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64270"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:18:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8148cd,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51872"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11154"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:18:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8148cd,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39080"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:18:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8148cd,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44174"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11155"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:18:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8148ce,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:18:44Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e8148f5,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; description:"Contracts"; product:"Security Gateway/Management"; status:"Started"; update_service:"1"; version:"1.0"] +<134>1 2020-03-30T01:18:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8148f4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34665"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:18:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8148f5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.10"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44744"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11156"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:18:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8148f6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44266"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:18:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8148f6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51894"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11157"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:18:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8148f6,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47919"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:18:46Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e8148f7,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; comment:"No update was found"; description:"Contracts"; product:"Security Gateway/Management"; status:"Finished"; update_service:"1"; version:"1.0"] +<134>1 2020-03-30T01:18:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8148f6,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64278"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11158"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:18:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8148f7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:18:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8148f8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:20:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814945,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46976"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:20:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814945,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48992"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11159"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:20:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814945,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54456"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:20:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814945,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44232"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11160"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:20:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814946,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63592"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:20:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814946,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64316"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11161"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:20:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814947,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:20:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814948,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:20:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81495f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59951"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:20:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81495f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57990"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11162"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:20:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814960,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62918"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:20:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814960,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44248"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11163"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:20:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814960,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43426"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:20:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814960,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51950"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11164"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:22:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8149be,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52626"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:22:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8149be,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49042"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11165"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:22:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8149be,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48512"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:22:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8149be,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51982"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11166"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:22:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8149be,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37516"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:22:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8149be,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64366"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11167"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:22:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8149bf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:22:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8149e6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T01:22:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8149e8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:23:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a0f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34954"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:23:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a0f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62370"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11168"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:23:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a0f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59454"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:23:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a0f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64402"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11169"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:23:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a0f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59465"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:23:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a0f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52022"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11170"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:23:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a10,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:24:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a36,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42322"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:24:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a36,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49096"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11171"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:24:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a36,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63775"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:24:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a36,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64418"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11172"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:24:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a36,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46809"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:24:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a36,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44338"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11173"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:24:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a64,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49616"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:24:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a64,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62400"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11174"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:24:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a65,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63727"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:24:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a65,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52050"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11175"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:24:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a65,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53655"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:24:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a65,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64434"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11176"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:24:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a66,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:25:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a8c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49843"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:25:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a8c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58114"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11177"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:25:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a8c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65264"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:25:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a8c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64454"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11178"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:25:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a8c,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34336"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:25:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a8c,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44374"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11179"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:25:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814a8e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:26:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814aae,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41521"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:26:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814aae,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49148"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11180"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:26:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814aae,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65458"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:26:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814aae,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52088"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11181"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:26:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814aae,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61960"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:26:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814aae,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44390"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11182"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:27:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814b05,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59828"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:27:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814b05,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47410"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11183"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:27:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814b05,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63970"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:27:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814b05,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64506"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11184"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:27:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814b05,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36619"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:27:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814b05,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44426"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11185"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:27:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814b05,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36437"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:27:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814b05,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.108.169.64"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46544"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11186"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:27:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814b06,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:28:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814b26,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37242"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:28:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814b26,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49210"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11187"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:28:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814b26,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53760"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:28:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814b26,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44450"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11188"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:28:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814b26,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32991"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:28:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814b26,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64534"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11189"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:28:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814b27,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:30:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814b9e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56939"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:30:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814b9e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49252"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11190"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:30:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814b9f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42438"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:30:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814b9f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64574"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11191"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:30:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814b9f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56822"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:30:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814b9f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44494"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11192"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:30:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814ba0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:30:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814ba1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:30:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814bb9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52572"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:30:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814bb9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58250"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11193"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:30:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814bb9,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41896"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:30:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814bb9,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64590"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11194"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:30:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814bb9,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59212"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:30:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814bb9,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44510"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11195"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:32:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814c17,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34708"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:32:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814c17,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49302"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11196"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:32:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814c17,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63784"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:32:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814c17,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44542"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11197"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:32:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814c17,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49053"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:32:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814c17,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52244"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11198"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:32:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814c18,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:34:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814c8f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54102"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:34:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814c8f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49358"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11199"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:34:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814c8f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41962"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:34:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814c8f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52298"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11200"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:34:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814c8f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39509"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:34:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814c8f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64682"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11201"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:34:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814c90,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:34:41Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814cb3,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-30T01:34:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814cbe,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T01:34:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814cbf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:35:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814ce5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63195"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:35:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814ce5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58372"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11202"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:35:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814ce5,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32842"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:35:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814ce5,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52330"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11203"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:35:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814ce5,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50576"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:35:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814ce5,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64714"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11204"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:36:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814d07,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56830"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:36:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814d07,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49406"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11205"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:36:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814d07,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37750"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:36:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814d07,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44646"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11206"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:36:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814d07,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47005"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:36:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814d07,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52348"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11207"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:36:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814d08,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:38:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814d7f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53384"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:38:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814d7f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49452"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11208"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:38:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814d7f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56824"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:38:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814d7f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64774"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11209"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:38:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814d7f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35387"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:38:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814d7f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52394"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11210"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:38:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814d81,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:40:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814df7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34083"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:40:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814df7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49498"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11211"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:40:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814df7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38974"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:40:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814df7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64820"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11212"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:40:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814df7,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45273"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:40:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814df7,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52440"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11213"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:40:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814df9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:40:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814dfa,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:40:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814e12,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44505"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:40:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814e12,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58496"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11214"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:40:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814e12,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41230"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:40:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814e12,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64836"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11215"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:40:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814e12,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50259"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:40:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814e12,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44756"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11216"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814e70,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58355"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814e70,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49548"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11217"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814e70,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54220"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814e70,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64870"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11218"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814e70,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57375"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:42:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814e70,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52490"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11219"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:42:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814e71,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:42:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814e72,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e814ecf,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55920"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-30T01:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814ece,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45387"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814ece,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58218"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11220"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:43:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814ecf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:44:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814ee8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44956"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:44:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814ee8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49604"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11221"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:44:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814ee8,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34336"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:44:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814ee8,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44844"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11222"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:44:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814ee8,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58086"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:44:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814ee8,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64928"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11223"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:45:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814f3e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35321"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:45:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814f3e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58614"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11224"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:45:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814f3f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47760"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:45:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814f3f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64954"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11225"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:45:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814f3f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62942"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:45:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814f3f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44874"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11226"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:45:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814f3f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:45:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814f41,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:46:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814f60,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41036"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:46:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814f60,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49652"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11227"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:46:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814f60,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59077"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:46:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814f60,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44892"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11228"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:46:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814f60,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53240"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:46:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814f60,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64976"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11229"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:47:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814f95,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T01:47:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814f97,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:48:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814fd8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58939"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:48:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814fd8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49704"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11230"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:48:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814fd8,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47746"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:48:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814fd8,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52644"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11231"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:48:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814fd8,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43168"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:48:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814fd8,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44946"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11232"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:48:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814fd9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:48:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e814fdb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:50:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815050,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36350"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:50:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815050,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49750"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11233"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:50:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815050,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36053"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:50:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815050,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52690"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11234"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:50:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815050,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63484"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:50:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815050,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"44992"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11235"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:50:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815052,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:50:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815053,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:50:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81506b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43422"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:50:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81506b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58748"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11236"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:50:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81506b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38370"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:50:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81506b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52706"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11237"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:50:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81506b,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54016"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:50:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81506b,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65090"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11238"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:52:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8150c9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58364"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:52:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8150c9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49800"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11239"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:52:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8150c9,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41687"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:52:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8150c9,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52740"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11240"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:52:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8150c9,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33457"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:52:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8150c9,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65124"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11241"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:52:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8150ca,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:54:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815141,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40364"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:54:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815141,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49856"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11242"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:54:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815141,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40776"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:54:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815141,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45096"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11243"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:54:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815141,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57249"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:54:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815141,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52798"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11244"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:54:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815142,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:54:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815143,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:55:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815197,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54449"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:55:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815197,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58870"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11245"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:55:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815198,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49215"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:55:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815198,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52828"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11246"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:55:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815198,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39100"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:55:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815198,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65212"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11247"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:55:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815199,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:56:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8151b9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55485"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:56:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8151b9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49908"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11248"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:56:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8151b9,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33935"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:56:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8151b9,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45148"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11249"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:56:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8151b9,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54117"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:56:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8151b9,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65232"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11250"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:56:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8151ba,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:58:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815231,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53390"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:58:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815231,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49952"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11251"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:58:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815231,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53879"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:58:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815231,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65274"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11252"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:58:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815231,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60216"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T01:58:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815231,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52894"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11253"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T01:58:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815232,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:58:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815234,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T01:59:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81526d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T01:59:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81526f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:00:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8152a9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51527"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:00:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8152a9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50002"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11254"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:00:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8152a9,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47729"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:00:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8152a9,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65324"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11255"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:00:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8152a9,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62049"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:00:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8152a9,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52944"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11256"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:00:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8152ab,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:00:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8152c4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51316"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:00:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8152c4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59000"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11257"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:00:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8152c4,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56602"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:00:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8152c4,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65340"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11258"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:00:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8152c4,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39300"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:00:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8152c4,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45260"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11259"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:00:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8152c5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:02:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815321,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59334"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:02:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815322,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50052"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11260"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:02:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815322,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57757"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:02:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815322,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65374"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11261"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:02:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815322,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42034"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:02:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815322,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52994"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11262"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:02:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815323,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:04:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81539a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63941"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:04:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81539a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50100"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11263"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:04:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81539a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63696"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:04:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81539a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45340"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11264"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:04:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81539a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33603"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:04:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81539a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53042"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11265"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:04:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81539b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:04:53Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8153c7,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-30T02:04:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8153c7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:05:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8153f1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37340"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:05:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8153f1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59114"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11266"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:05:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8153f1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50849"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:05:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8153f1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45372"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11267"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:05:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8153f1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50659"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:05:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8153f1,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53074"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11268"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:05:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8153f2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:06:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815412,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61954"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:06:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815412,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50148"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11269"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:06:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815412,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54255"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:06:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815412,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45388"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11270"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:06:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815412,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49150"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:06:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815412,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65472"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11271"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:08:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81548a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36714"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:08:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81548a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50192"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11272"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:08:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81548a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51130"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:08:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81548a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53132"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11273"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:08:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81548a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42221"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:08:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81548a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65516"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11274"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:08:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81548b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:10:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815502,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55007"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:10:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815502,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50238"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11275"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:10:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815502,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39780"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:10:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815502,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53178"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11276"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:10:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815502,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37123"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:10:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815502,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32794"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11277"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:10:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815503,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:10:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815505,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:10:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81551d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38608"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:10:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81551d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59236"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11278"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:10:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81551e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34124"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:10:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81551e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53194"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11279"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:10:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81551e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55664"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:10:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81551e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45496"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11280"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:11:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815537,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T02:11:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815539,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:11:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81553b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:12:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81557b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62344"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:12:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81557b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50288"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11281"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:12:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81557b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43806"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:12:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81557b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53228"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11282"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:12:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81557b,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56035"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:12:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81557b,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32844"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11283"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:12:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81557c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155d6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38109"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155d6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58962"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11284"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155d7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155f3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32848"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155f3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50350"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11285"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155f3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53556"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155f3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32904"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11286"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155f3,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33710"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155f3,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53292"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11287"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155fe,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40251"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155fe,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63650"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11288"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155fe,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59742"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155fe,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32914"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11289"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155fe,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44496"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155fe,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45602"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11290"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155fe,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57409"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155fe,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63656"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11291"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155fe,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42005"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155fe,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53306"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11292"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155fe,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47132"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155fe,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32922"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11293"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155ff,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46867"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155ff,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63662"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11294"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155ff,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155ff,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47855"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155ff,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45612"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11295"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155ff,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35490"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155ff,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53314"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11296"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155ff,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41078"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155ff,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63668"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11297"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155ff,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43356"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155ff,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32932"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11298"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155ff,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53155"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155ff,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45620"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11299"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155ff,0xd,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34586"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155ff,0xe,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63674"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11300"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155ff,0xf,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"19"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45931"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155ff,0x10,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"20"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53324"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11301"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155ff,0x11,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"21"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35280"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8155ff,0x12,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"22"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32940"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11302"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815600,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53470"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815600,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63680"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11303"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815600,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40119"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815600,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45630"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11304"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815600,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55097"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815600,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53332"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11305"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815600,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61412"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815600,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63686"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11306"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815600,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64411"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815600,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32950"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11307"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815600,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32770"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815600,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45638"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11308"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815600,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46403"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815600,0xd,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63692"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11309"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815600,0xe,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53860"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815600,0xf,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53342"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11310"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815600,0x10,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46060"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815600,0x11,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32958"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11311"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815601,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53874"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815601,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63698"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11312"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815601,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35935"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815601,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45648"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11313"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815601,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49396"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815601,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53350"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11314"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815601,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44212"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815601,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63704"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11315"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815601,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55889"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815601,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32968"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11316"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815601,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44845"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815601,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45656"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11317"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815601,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42135"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815601,0xd,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63710"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11318"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815601,0xe,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43664"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815601,0xf,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53360"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11319"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815601,0x10,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48111"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815601,0x11,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32976"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11320"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815601,0x12,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46996"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815601,0x13,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63716"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11321"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815602,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64010"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815602,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45666"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11322"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815602,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56867"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815602,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53368"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11323"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:15:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81564a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50040"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:15:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81564a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59432"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11324"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:15:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81564a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46252"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:15:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81564a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33004"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11325"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:15:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81564a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46226"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:15:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81564a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53392"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11326"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:15:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81564b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:16:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81566b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34732"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:16:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81566b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50470"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11327"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:16:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81566b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55111"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:16:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81566b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33024"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11328"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:16:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81566b,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44739"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:16:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81566b,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45713"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11329"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:16:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81566c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:18:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8156e3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39952"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:18:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8156e3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50520"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11330"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:18:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8156e3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54734"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:18:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8156e3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45760"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11331"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:18:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8156e3,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38820"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:18:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8156e3,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33076"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11332"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:18:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8156e3,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39381"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:18:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8156e3,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50526"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11333"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:18:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8156e3,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61949"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:18:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8156e3,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45766"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11334"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:18:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8156e3,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33476"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:18:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8156e3,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53468"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11335"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:18:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8156e3,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:18:17Z gw-da58d3 CheckPoint 8363 - [flags:"166216"; ifdir:"outbound"; loguid:"{0x5e8156eb,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; db_ver:"20033002"; description:"Gateway was updated with database version: 22032001."; product:"Application Control"; severity:"1"; update_status:"updated"] +<134>1 2020-03-30T02:18:17Z gw-da58d3 CheckPoint 8363 - [flags:"166216"; ifdir:"outbound"; loguid:"{0x5e8156eb,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; db_ver:"20033002"; description:"Gateway was updated with database version: 22032001."; product:"URL Filtering"; severity:"1"; update_status:"updated"] +<134>1 2020-03-30T02:20:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815761,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47198"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:20:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815761,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50574"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11336"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:20:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815761,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63441"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:20:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815761,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45814"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11337"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:20:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815761,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54802"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:20:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815761,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33130"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11338"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:20:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815763,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:20:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815764,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:20:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815776,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48491"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:20:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815776,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59570"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11339"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:20:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815777,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32800"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:20:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815777,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45828"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11340"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:20:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815777,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54535"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:20:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815777,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53530"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11341"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:22:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8157da,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54904"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:22:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8157da,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50624"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11342"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:22:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8157da,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58707"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:22:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8157da,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33178"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11343"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:22:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8157da,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33003"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:22:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8157da,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53566"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11344"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:22:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8157db,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:22:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8157dc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:23:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815815,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T02:23:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815817,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:24:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815852,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42865"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:24:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815852,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50676"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11345"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:24:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815852,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37086"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:24:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815852,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45916"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11346"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:24:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815852,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55603"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:24:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815852,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53618"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11347"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:24:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815853,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:25:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8158a3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39864"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:25:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8158a3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59688"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11348"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:25:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8158a3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37988"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:25:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8158a3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"45946"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11349"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:25:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8158a3,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43431"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:25:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8158a3,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53648"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11350"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:25:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8158a4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:25:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8158a6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:26:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8158ca,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55636"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:26:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8158ca,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50728"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11351"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:26:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8158ca,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60753"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:26:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8158ca,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53668"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11352"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:26:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8158ca,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63831"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:26:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8158ca,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33284"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11353"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:28:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815942,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39391"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:28:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815942,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50772"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11354"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:28:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815942,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45775"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:28:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815942,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33326"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11355"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:28:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815942,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51462"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:28:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815942,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53714"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11356"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:28:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815943,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:30:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8159ba,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50964"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:30:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8159ba,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50818"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11357"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:30:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8159ba,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55028"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:30:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8159ba,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33372"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11358"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:30:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8159ba,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45539"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:30:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8159ba,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46060"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11359"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:30:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8159bc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:30:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8159bd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:30:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8159cf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62667"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:30:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8159cf,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59814"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11360"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:30:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8159d0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53868"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:30:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8159d0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53772"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11361"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:30:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8159d0,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42384"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:30:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8159d0,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33388"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11362"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:32:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815a33,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35479"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:32:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815a33,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50868"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11363"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:32:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815a33,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48293"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:32:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815a33,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53808"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11364"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:32:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815a33,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36616"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:32:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815a33,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33424"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11365"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:32:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815a34,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:34:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815aab,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49203"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:34:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815aab,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50924"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11366"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:34:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815aab,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52670"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:34:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815aab,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46164"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11367"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:34:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815aab,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44431"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:34:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815aab,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53866"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11368"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:34:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815aac,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:34:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815aad,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:35:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815aed,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T02:35:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815aef,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:35:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815af1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:35:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815afc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60051"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:35:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815afc,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59940"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11369"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:35:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815afc,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35137"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:35:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815afc,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46198"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11370"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:35:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815afc,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34432"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:35:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815afc,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33514"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11371"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:36:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815b23,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46628"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:36:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815b23,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50978"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11372"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:36:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815b23,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58313"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:36:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815b23,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33532"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11373"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:36:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815b23,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40836"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:36:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815b23,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46220"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11374"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:36:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815b24,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:36:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815b26,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:38:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815b9b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53485"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:38:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815b9b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51022"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11375"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:38:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815b9b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34045"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:38:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815b9b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46262"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11376"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:38:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815b9b,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62853"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:38:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815b9b,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33578"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11377"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:38:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815b9c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:40:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815c13,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63840"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:40:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815c13,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51068"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11378"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:40:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815c14,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45594"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:40:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815c14,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46308"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11379"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:40:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815c14,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56975"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:40:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815c14,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54010"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11380"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:40:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815c14,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:40:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815c16,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:40:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815c29,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53949"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:40:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815c29,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60064"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11381"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:40:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815c29,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46348"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:40:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815c29,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46322"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11382"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:40:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815c29,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55420"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:40:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815c29,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33638"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11383"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:42:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815c8c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65080"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:42:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815c8c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51118"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11384"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:42:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815c8c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40618"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:42:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815c8c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46358"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11385"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:42:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815c8c,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45009"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:42:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815c8c,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33674"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11386"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:42:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815c8d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:42:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815c8e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e815ce0,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57412"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-30T02:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815cde,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60253"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815cde,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59784"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11387"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:43:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815ce0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:44:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815d04,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50405"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:44:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815d04,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51172"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11388"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:44:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815d04,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42430"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:44:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815d04,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33726"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11389"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:44:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815d04,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34523"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:44:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815d04,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54114"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11390"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:45:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815d55,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56709"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:45:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815d55,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60182"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11391"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:45:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815d55,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64134"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:45:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815d55,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46440"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11392"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:45:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815d55,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56949"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:45:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815d55,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54142"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11393"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:45:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815d57,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:46:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815d7c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37713"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:46:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815d7c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51222"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11394"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:46:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815d7c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51586"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:46:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815d7c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46462"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11395"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:46:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815d7c,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48993"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:46:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815d7c,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33778"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11396"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:47:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815dc5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T02:47:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815dc7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:47:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815dc8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:48:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815df4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60117"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:48:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815df4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51274"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11397"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:48:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815df4,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57217"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:48:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815df4,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33828"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11398"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:48:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815df4,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59808"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:48:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815df4,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54216"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11399"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:48:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815df5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:48:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815df7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:50:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815e6c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47312"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:50:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815e6c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51316"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11400"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:50:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815e6c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63775"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:50:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815e6c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46557"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11401"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:50:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815e6c,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60378"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:50:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815e6c,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54258"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11402"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:50:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815e6e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:50:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815e82,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33612"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:50:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815e82,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60312"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11403"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:50:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815e82,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42707"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:50:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815e82,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46570"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11404"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:50:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815e82,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52546"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:50:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815e82,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33887"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11405"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:50:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815e84,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:52:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815ee5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41310"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:52:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815ee5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51366"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11406"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:52:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815ee5,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59123"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:52:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815ee5,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46606"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11407"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:52:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815ee5,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54727"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:52:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815ee5,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54308"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11408"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:52:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815ee6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:54:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815f5d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65323"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:54:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815f5d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51416"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11409"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:54:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815f5d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52653"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:54:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815f5d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33970"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11410"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:54:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815f5d,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38481"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:54:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815f5d,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46658"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11411"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:54:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815f5e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:55:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815fae,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56551"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:55:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815fae,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60434"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11412"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:55:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815faf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50991"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:55:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815faf,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34006"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11413"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:55:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815faf,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35259"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:55:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815faf,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54394"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11414"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:55:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815faf,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:56:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815fd5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52577"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:56:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815fd5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51474"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11415"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:56:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815fd5,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53708"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:56:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815fd5,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34028"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11416"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:56:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815fd5,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33844"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:56:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e815fd5,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46716"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11417"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:58:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81604d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62315"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:58:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81604d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51518"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11418"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:58:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81604d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59674"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:58:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81604d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54458"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11419"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:58:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81604d,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54300"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T02:58:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81604d,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46760"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11420"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T02:58:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81604e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:58:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816050,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T02:59:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81609d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T02:59:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81609e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:00:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8160c5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37076"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:00:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8160c5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51568"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11421"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:00:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8160c5,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64557"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:00:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8160c5,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46808"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11422"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:00:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8160c5,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45271"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:00:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8160c5,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54510"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11423"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:00:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8160c7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:00:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8160db,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53495"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:00:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8160db,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60560"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11424"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:00:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8160db,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44115"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:00:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8160db,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46818"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11425"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:00:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8160db,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59550"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:00:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8160db,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34135"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11426"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:02:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81613d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61031"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:02:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81613d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51614"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11427"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:02:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81613e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45666"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:02:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81613e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46854"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11428"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:02:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81613e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64947"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:02:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81613e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54556"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11429"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:02:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81613f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:02:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816141,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:04:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8161b6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44139"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:04:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8161b6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51662"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11430"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:04:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8161b6,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37182"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:04:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8161b6,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54602"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11431"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:04:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8161b6,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35516"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:04:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8161b6,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46904"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11432"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:04:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8161b7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:05:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816207,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64043"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:05:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816207,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60674"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11433"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:05:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816208,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50850"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:05:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816208,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34246"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11434"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:05:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816208,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44242"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:05:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816208,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54634"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11435"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:05:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816209,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:05:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81620a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:06:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81622e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41610"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:06:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81622e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51714"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11436"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:06:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81622e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48831"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:06:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81622e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34268"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11437"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:06:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81622e,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35731"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:06:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81622e,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"46956"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11438"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:08:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8162a6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44007"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:08:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8162a6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51762"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11439"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:08:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8162a6,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33814"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:08:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8162a6,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34316"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11440"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:08:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8162a6,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60192"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:08:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8162a6,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47004"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11441"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:08:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8162a7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:10:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81631e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51286"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:10:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81631e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51806"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11442"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:10:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81631f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64751"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:10:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81631f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47046"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11443"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:10:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81631f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55035"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:10:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81631f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54748"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11444"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:10:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816320,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:10:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816321,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:10:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816334,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36108"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:10:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816334,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60802"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11445"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:10:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816334,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40643"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:10:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816334,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47060"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11446"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:10:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816334,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39712"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:10:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816334,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34376"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11447"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:11:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816367,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T03:11:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816368,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:11:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81636a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:12:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816397,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45110"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:12:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816397,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51862"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11448"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:12:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816397,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57028"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:12:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816397,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47102"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11449"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:12:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816397,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36084"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:12:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816397,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34418"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11450"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:12:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816398,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:12:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81639a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44507"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52958"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11451"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e6,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37668"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e6,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60524"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11452"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e8163e7,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58218"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-30T03:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e6,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60526"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11453"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e6,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63117"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e6,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34450"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11454"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e6,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44978"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e6,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54838"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11455"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39909"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65194"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11456"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35980"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e7,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34458"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11457"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e7,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41225"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e7,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47146"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11458"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e7,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64144"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e7,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65200"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11459"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53538"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54850"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11460"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e8,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53920"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e8,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34466"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11461"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e8,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44565"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e8,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65210"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11462"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e8,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58927"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e8,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47160"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11463"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e8,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34641"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e8,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54862"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11464"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e8,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48799"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e8,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65216"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11465"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50255"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34480"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11466"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e9,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54303"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163e9,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47168"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11467"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:13:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163eb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:13:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163f4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64503"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:13:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163f4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51934"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11468"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:13:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163f4,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45304"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:13:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163f4,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54874"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11469"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:13:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163f4,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40735"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:13:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8163f4,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34490"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11470"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81640f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49584"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81640f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51950"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11471"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81640f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62436"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81640f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54890"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11472"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81640f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48580"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81640f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34506"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11473"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:15:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816461,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36909"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:15:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816461,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60964"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11474"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:15:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816461,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36435"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:15:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816461,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47223"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11475"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:15:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816461,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61041"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:15:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816461,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54924"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11476"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:15:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816462,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:16:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816487,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37980"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:16:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816487,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52004"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11477"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:16:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816487,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61108"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:16:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816487,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47244"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11478"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:16:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816487,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39525"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:16:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816487,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54946"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11479"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:18:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8164ff,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45509"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:18:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8164ff,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52060"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11480"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:18:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8164ff,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52420"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:18:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8164ff,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55000"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11481"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:18:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8164ff,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57047"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:18:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8164ff,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34616"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11482"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:18:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816500,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:18:46Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e816517,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; description:"Contracts"; product:"Security Gateway/Management"; status:"Started"; update_service:"1"; version:"1.0"] +<134>1 2020-03-30T03:18:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816516,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42090"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:18:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816516,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.10"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47864"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11483"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:18:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816516,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55732"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:18:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816516,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47314"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11484"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:18:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816516,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58770"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:18:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816516,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55016"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11485"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:18:46Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e816517,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; comment:"No update was found"; description:"Contracts"; product:"Security Gateway/Management"; status:"Finished"; update_service:"1"; version:"1.0"] +<134>1 2020-03-30T03:20:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816577,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59751"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:20:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816577,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52114"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11486"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:20:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816578,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39541"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:20:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816578,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55054"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11487"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:20:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816578,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36394"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:20:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816578,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34670"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11488"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:20:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816579,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:20:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81658e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65313"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:20:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81658e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61110"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11489"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:20:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81658e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63734"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:20:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81658e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55068"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11490"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:20:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81658e,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38695"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:20:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81658e,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47370"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11491"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:22:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8165f0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46863"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:22:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8165f0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52166"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11492"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:22:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8165f0,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44732"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:22:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8165f0,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55106"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11493"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:22:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8165f0,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46655"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:22:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8165f0,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47408"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11494"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:22:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8165f1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:23:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816630,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43422"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:23:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816630,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65490"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11495"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:23:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816631,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61989"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:23:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816631,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55140"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11496"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:23:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816631,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40219"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:23:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816631,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47442"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11497"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:23:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816631,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:23:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81663f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T03:24:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816668,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56489"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:24:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816668,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52224"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11498"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:24:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816668,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65047"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:24:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816668,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55164"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11499"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:24:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816668,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46263"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:24:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816668,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34780"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11500"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:24:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816669,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:24:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81666a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:24:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816685,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58898"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:24:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816685,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65526"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11501"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:24:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816685,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43549"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:24:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816685,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55176"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11502"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:24:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816685,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41391"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:24:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816685,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34792"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11503"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:25:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8166ba,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56393"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:25:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8166ba,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61240"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11504"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:25:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8166ba,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36759"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:25:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8166bb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55198"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11505"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:25:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8166bb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57806"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:25:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8166bb,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47500"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11506"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:25:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8166bb,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:25:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8166bd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:26:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8166e0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39906"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:26:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8166e0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52280"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11507"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:26:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8166e0,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52038"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:26:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8166e0,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34834"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11508"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:26:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8166e0,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36263"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:26:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8166e0,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55222"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11509"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:27:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816738,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45341"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:27:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816738,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32834"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11510"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:27:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816738,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39771"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:27:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816738,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34866"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11511"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:27:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816738,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45312"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:27:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816738,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47554"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11512"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:27:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816739,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:27:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81673b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:28:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816758,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54127"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:28:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816758,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52338"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11513"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:28:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816758,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59597"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:28:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816758,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34892"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11514"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:28:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816758,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33486"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:28:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816758,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55280"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11515"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:30:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8167d1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41436"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:30:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8167d1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52376"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11516"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:30:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8167d1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50982"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:30:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8167d1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34930"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11517"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:30:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8167d1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57730"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:30:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8167d1,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47618"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11518"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:30:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8167d2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:30:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8167e7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40538"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:30:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8167e7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61372"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11519"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:30:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8167e7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35860"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:30:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8167e7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34944"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11520"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:30:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8167e7,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47508"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:30:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8167e7,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55332"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11521"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:30:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8167e8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:32:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816849,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57336"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:32:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816849,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52428"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11522"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:32:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816849,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52480"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:32:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816849,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47668"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11523"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:32:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816849,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35624"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:32:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816849,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34984"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11524"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:32:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81684a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:34:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8168c1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62034"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:34:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8168c1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.19.105.104"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43214"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11525"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:34:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8168c1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46249"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:34:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8168c1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35030"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11526"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:34:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8168c1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63911"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:34:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8168c1,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47718"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11527"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:34:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8168c2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:35:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816913,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43078"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:35:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816914,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61494"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11528"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:35:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816914,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58181"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:35:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816914,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35066"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11529"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:35:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816914,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64094"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:35:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816914,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47754"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11530"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:35:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816915,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:35:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816916,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:35:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81691d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T03:36:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816939,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61825"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:36:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816939,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52534"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11531"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:36:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816939,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49501"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:36:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816939,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47774"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11532"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:36:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816939,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59820"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:36:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816939,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55476"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11533"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:38:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8169b1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57023"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:38:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8169b1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52582"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11534"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:38:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8169b1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43495"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:38:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8169b1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47822"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11535"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:38:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8169b1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59718"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:38:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8169b1,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55524"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11536"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:38:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8169b3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:38:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8169b4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:40:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816a2a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34589"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:40:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816a2a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52624"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11537"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:40:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816a2a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52915"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:40:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816a2a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35178"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11538"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:40:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816a2a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42645"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:40:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816a2a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47868"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11539"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:40:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816a2b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:40:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816a2c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:40:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816a41,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39009"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:40:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816a41,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61620"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11540"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:40:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816a41,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33639"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:40:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816a41,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47878"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11541"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:40:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816a41,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39054"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:40:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816a41,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35194"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11542"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:42:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816aa2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51791"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:42:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816aa2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50906"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11543"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:42:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816aa2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41802"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:42:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816aa2,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55620"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11544"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:42:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816aa2,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44234"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:42:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816aa2,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35236"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11545"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:42:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816aa3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e816aef,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58962"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-30T03:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816aee,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61176"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816aee,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61342"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11546"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:43:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816aef,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:44:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816b1a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37801"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:44:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816b1a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52732"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11547"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:44:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816b1a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37271"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:44:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816b1a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35286"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11548"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:44:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816b1a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34537"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:44:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816b1a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"47974"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11549"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:44:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816b1b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:45:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816b6d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38759"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:45:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816b6d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61738"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11550"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:45:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816b6d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33472"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:45:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816b6d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35310"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11551"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:45:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816b6d,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42720"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:45:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816b6d,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55698"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11552"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:45:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816b6e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:45:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816b70,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:46:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816b92,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44801"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:46:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816b92,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52780"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11553"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:46:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816b92,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39203"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:46:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816b92,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55720"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11554"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:46:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816b92,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45737"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:46:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816b92,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48022"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11555"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:48:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816bf4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T03:48:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816bf5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:48:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816bf7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:48:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816c0a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55516"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:48:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816c0a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52836"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11556"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:48:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816c0a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50617"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:48:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816c0a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55776"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11557"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:48:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816c0a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46762"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:48:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816c0a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35392"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11558"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:50:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816c82,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59148"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:50:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816c83,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52874"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11559"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:50:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816c83,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64500"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:50:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816c83,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35428"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11560"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:50:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816c83,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44423"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:50:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816c83,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48116"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11561"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:50:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816c84,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:50:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816c85,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:50:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816c9a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58227"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:50:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816c9a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61868"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11562"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:50:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816c9a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39106"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:50:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816c9a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35440"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11563"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:50:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816c9a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47857"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:50:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816c9a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55828"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11564"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:52:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816cfb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64640"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:52:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816cfb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52926"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11565"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:52:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816cfb,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61126"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:52:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816cfb,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55866"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11566"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:52:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816cfb,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51549"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:52:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816cfb,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48168"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11567"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:52:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816cfc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:54:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816d73,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33357"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:54:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816d73,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52974"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11568"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:54:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816d73,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39189"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:54:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816d73,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35528"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11569"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:54:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816d73,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48169"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:54:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816d73,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55916"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11570"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:54:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816d74,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:55:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816dc6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54193"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:55:50Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816dc6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61984"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11571"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:55:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816dc7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51333"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:55:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816dc7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35556"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11572"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:55:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816dc7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46067"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:55:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816dc7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55944"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11573"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:55:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816dc8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:55:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816dc9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T03:56:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816deb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37530"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:56:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816deb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53032"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11574"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:56:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816deb,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58973"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:56:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816deb,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35586"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11575"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:56:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816deb,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53954"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:56:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816deb,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48274"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11576"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:58:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816e63,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58512"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:58:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816e64,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53080"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11577"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:58:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816e64,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48789"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:58:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816e64,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35634"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11578"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:58:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816e64,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40253"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T03:58:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816e64,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56022"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11579"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T03:58:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816e65,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:00:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816ecc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T04:00:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816ecd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:00:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816edc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39667"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:00:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816edc,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53126"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11580"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:00:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816edc,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58601"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:00:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816edc,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48366"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11581"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:00:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816edc,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53423"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:00:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816edc,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56068"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11582"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:00:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816ef3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59523"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:00:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816ef3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62116"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11583"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:00:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816ef3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57385"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:00:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816ef3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48374"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11584"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:00:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816ef3,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52779"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:00:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816ef3,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35690"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11585"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:00:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816ef5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:00:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816ef7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:02:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816f54,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38409"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:02:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816f54,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53174"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11586"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:02:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816f54,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55195"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:02:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816f54,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35728"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11587"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:02:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816f54,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33515"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:02:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816f54,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48416"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11588"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:02:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816f55,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:02:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816f58,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:04:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816fcc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62708"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:04:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816fcc,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.19.105.104"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"43960"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11589"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:04:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816fcc,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43801"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:04:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816fcc,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35776"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11590"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:04:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816fcc,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44702"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:04:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816fcc,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56164"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11591"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:04:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e816fcd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:05:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817020,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45511"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:05:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817020,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62232"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11592"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:05:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817020,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63193"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:05:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817020,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35804"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11593"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:05:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817020,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44964"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:05:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817020,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48492"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11594"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:05:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817021,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:06:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817044,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63517"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:06:28Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817044,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53274"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11595"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:06:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817045,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52401"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:06:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817045,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35828"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11596"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:06:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817045,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56961"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:06:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817045,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56216"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11597"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:06:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817046,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:08:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8170bd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34157"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:08:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8170bd,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53322"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11598"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:08:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8170bd,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38739"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:08:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8170bd,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56262"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11599"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:08:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8170bd,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56431"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:08:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8170bd,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48564"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11600"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:08:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8170be,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:08:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8170bf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:10:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817135,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56685"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:10:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817135,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53364"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11601"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:10:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817135,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40036"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:10:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817135,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48604"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11602"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:10:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817135,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34368"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:10:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817135,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56306"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11603"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:10:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817136,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:10:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81714c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50508"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:10:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81714c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62358"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11604"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:10:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81714c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60748"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:10:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81714c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48616"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11605"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:10:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81714c,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50081"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:10:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81714c,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35932"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11606"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:12:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817196,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T04:12:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817197,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:12:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8171ad,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43729"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:12:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8171ad,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53420"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11607"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:12:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8171ad,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46951"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:12:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8171ad,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48660"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11608"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:12:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8171ad,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61374"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:12:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8171ad,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56362"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11609"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e8171f7,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59784"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-30T04:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8171f6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51995"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8171f6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64700"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11610"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8171f7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:14:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817225,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57596"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:14:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817225,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53470"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11611"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:14:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817226,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38428"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:14:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817226,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56410"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11612"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:14:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817226,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58551"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:14:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817226,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36026"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11613"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:14:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817226,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:14:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817227,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:15:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81725c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57349"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:15:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81725c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54568"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11614"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:15:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81725d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43389"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:15:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81725d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36056"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11615"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:15:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81725d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60364"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:15:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81725d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48744"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11616"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:15:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81725e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:15:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81725f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:15:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817279,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43520"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:15:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817279,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62522"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11617"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:15:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817279,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63765"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:15:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817279,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48780"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11618"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:15:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817279,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43608"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:15:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817279,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56482"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11619"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:16:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81729e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63239"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:16:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81729e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53560"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11620"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:16:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81729e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48725"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:16:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81729e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48800"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11621"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:16:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81729e,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49733"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:16:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81729e,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36116"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11622"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:16:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81729f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:16:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8172a0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:18:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817316,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35101"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:18:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817316,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53622"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11623"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:18:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817316,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57268"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:18:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817316,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36176"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11624"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:18:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817316,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60613"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:18:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817316,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56564"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11625"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:18:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817317,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:20:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81738e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45335"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:20:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81738e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53664"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11626"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:20:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81738e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55255"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:20:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81738e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36218"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11627"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:20:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81738e,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45985"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:20:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81738e,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"48907"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11628"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:20:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81738e,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:20:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81738f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:20:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8173a5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40758"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:20:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8173a5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62658"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11629"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:20:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8173a6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56691"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:20:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8173a6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36230"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11630"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:20:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8173a6,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40855"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:20:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8173a6,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56618"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11631"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:22:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817406,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57031"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:22:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817406,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53716"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11632"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:22:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817406,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56705"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:22:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817406,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56656"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11633"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:22:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817406,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61133"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:22:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817406,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36272"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11634"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:22:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817407,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:22:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817408,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:24:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81746d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T04:24:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81746f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:24:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81747e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33442"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:24:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81747e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53766"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11635"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:24:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81747f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56037"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:24:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81747f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49006"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11636"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:24:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81747f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56389"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:24:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81747f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36322"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11637"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:24:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81747f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:25:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8174d2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57126"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:25:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8174d2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62772"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11638"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:25:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8174d2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43404"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:25:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8174d2,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36344"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11639"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:25:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8174d2,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60226"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:25:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8174d2,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56732"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11640"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:25:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8174d3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:26:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8174f7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54047"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:26:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8174f7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53814"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11641"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:26:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8174f7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54020"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:26:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8174f7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49054"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11642"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:26:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8174f7,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51779"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:26:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8174f7,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36370"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11643"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:28:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81756f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41058"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:28:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81756f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53862"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11644"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:28:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81756f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52955"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:28:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81756f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49102"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11645"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:28:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81756f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55201"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:28:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81756f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36418"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11646"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:28:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817570,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:28:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817572,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:30:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8175e7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61510"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:30:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8175e7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53904"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11647"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:30:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8175e7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43076"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:30:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8175e7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56844"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11648"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:30:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8175e7,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55714"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:30:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8175e7,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49146"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11649"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:30:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8175e8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:30:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8175ea,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:30:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8175fe,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49388"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:30:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8175fe,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"62898"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11650"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:30:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8175ff,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62989"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:30:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8175ff,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56856"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11651"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:30:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8175ff,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51310"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:30:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8175ff,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36472"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11652"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:32:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81765f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55907"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:32:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81765f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53956"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11653"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:32:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81765f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33547"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:32:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81765f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36510"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11654"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:32:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81765f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53388"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:32:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81765f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49198"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11655"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:32:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817660,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:34:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8176d7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49187"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:34:31Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8176d7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54004"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11656"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:34:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8176d7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61652"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:34:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8176d7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56944"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11657"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:34:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8176d8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58661"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:34:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8176d8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49246"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11658"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:34:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8176d8,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:35:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81772b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37496"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:35:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81772b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63014"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11659"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:35:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81772b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46474"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:35:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81772b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56972"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11660"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:35:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81772b,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35513"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:35:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81772b,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49274"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11661"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:35:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81772c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:35:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81772e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:36:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81774a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T04:36:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817750,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48814"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:36:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817750,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54060"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11662"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:36:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817750,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39477"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:36:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817750,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57000"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11663"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:36:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817750,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54199"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:36:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817750,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36616"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11664"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:38:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8177c8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59529"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:38:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8177c8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54112"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11665"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:38:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8177c8,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55205"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:38:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8177c8,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36666"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11666"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:38:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8177c8,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63445"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:38:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8177c8,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49354"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11667"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:38:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8177c9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:40:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817840,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40628"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:40:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817840,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54154"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11668"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:40:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817840,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55256"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:40:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817840,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36708"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11669"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:40:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817840,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54868"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:40:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817840,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49396"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11670"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:40:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817841,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:40:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817858,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41428"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:40:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817859,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63150"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11671"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:40:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817859,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59140"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:40:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81785a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36722"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11672"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:40:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81785a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47965"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:40:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81785a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57110"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11673"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:42:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8178b8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49816"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:42:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8178b8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54206"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11674"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:42:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8178b8,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55497"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:42:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8178b8,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57146"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11675"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:42:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8178b8,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33553"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:42:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8178b8,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36762"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11676"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:42:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8178b9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e8178ff,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60524"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-30T04:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8178fe,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43813"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8178fe,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65488"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11677"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:43:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8178ff,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:44:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817930,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47936"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:44:32Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817930,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54258"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11678"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:44:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817931,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37908"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:44:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817931,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36812"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11679"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:44:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817931,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61208"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:44:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817931,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57200"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11680"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:44:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817932,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:44:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817933,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:45:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817986,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44374"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:45:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817986,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63266"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11681"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:45:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817986,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41183"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:45:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817986,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57224"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11682"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:45:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817986,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55923"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:45:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817986,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36840"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11683"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:45:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817987,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:46:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817989,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:46:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8179a9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61710"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:46:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8179a9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54308"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11684"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:46:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8179a9,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56622"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:46:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8179a9,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57248"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11685"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:46:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8179a9,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36240"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:46:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8179a9,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49550"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11686"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:48:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817a21,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42044"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:48:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817a21,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54358"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11687"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:48:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817a21,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40457"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:48:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817a21,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36912"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11688"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:48:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817a21,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41689"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:48:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817a21,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57300"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11689"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:48:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817a22,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:48:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817a22,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T04:50:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817a99,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55843"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:50:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817a99,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54400"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11690"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:50:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817a99,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57608"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:50:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817a99,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49640"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11691"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:50:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817a99,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56435"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:50:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817a99,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57342"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11692"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:50:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817a9a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:50:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817a9b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:50:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817ab2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36608"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:50:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817ab2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63396"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11693"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:50:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817ab3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39204"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:50:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817ab3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"36968"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11694"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:50:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817ab3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47993"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:50:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817ab3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57356"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11695"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:52:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817b11,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49761"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:52:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817b11,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54454"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11696"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:52:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817b11,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47587"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:52:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817b11,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37008"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11697"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:52:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817b11,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59327"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:52:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817b11,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49696"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11698"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:52:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817b12,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:52:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817b14,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:54:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817b89,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36170"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:54:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817b89,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54502"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11699"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:54:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817b8a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49871"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:54:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817b8a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57442"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11700"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:54:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817b8a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47404"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:54:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817b8a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37058"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11701"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:54:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817b8a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:54:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817b8c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:55:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817bdf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55985"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:55:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817bdf,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63516"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11702"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:55:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817bdf,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38045"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:55:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817bdf,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49774"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11703"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:55:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817bdf,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57811"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:55:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817bdf,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57476"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11704"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:56:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817be0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:56:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817c01,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54772"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:56:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817c02,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54556"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11705"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:56:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817c02,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65220"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:56:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817c02,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49796"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11706"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:56:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817c02,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58613"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:56:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817c02,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37112"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11707"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:58:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817c7a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55873"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:58:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817c7a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54608"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11708"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:58:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817c7a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51616"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:58:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817c7a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57548"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11709"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:58:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817c7a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34083"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T04:58:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817c7a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37164"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11710"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T04:58:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817c7b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T04:58:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817c7c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:00:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817cf2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47640"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:00:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817cf2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54650"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11711"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:00:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817cf2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59597"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:00:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817cf2,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37204"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11712"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:00:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817cf2,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44530"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:00:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817cf2,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"49892"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11713"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:00:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817cf3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:00:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817cfa,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T05:00:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817cfc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:01:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817d0c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60253"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:01:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817d0c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63648"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11714"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:01:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817d0c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42086"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:01:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817d0c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37220"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11715"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:01:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817d0c,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48107"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:01:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817d0c,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57608"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11716"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:02:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817d6a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58496"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:02:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817d6a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54702"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11717"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:02:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817d6a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55860"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:02:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817d6a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37256"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11718"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:02:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817d6a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40255"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:02:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817d6a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57644"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11719"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:02:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817d6b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:04:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817de2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62296"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:04:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817de2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54748"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11720"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:04:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817de2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50124"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:04:34Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817de2,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57688"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11721"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:04:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817de2,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48298"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:04:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817de2,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37304"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11722"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:04:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817de4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:04:37Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817de5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:06:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817e38,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55458"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:06:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817e38,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63762"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11723"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:06:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817e39,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37394"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:06:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817e39,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50020"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11724"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:06:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817e39,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60387"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:06:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817e39,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57722"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11725"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:06:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817e39,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:06:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817e5b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53040"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:06:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817e5b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54802"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11726"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:06:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817e5b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40779"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:06:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817e5b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50042"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11727"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:06:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817e5b,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42004"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:06:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817e5b,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37358"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11728"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:08:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817ed3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46057"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:08:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817ed3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54848"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11729"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:08:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817ed3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61574"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:08:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817ed3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50088"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11730"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:08:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817ed3,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57313"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:08:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817ed3,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37404"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11731"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:08:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817ed4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:10:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817f4b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36460"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:10:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817f4b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54890"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11732"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:10:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817f4b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38961"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:10:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817f4b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37444"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11733"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:10:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817f4b,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38562"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:10:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817f4b,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57832"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11734"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:10:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817f4c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:11:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817f65,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40348"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:11:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817f65,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"63888"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11735"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:11:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817f65,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53950"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:11:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817f65,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37460"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11736"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:11:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817f65,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60046"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:11:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817f65,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50148"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11737"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:12:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817fc3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43160"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:12:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817fc3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54942"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11738"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:12:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817fc3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49153"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:12:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817fc3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57882"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11739"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:12:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817fc3,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46810"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:12:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817fc3,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37498"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11740"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:12:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817fc4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T05:12:36Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e817fc4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e818007,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60526"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-30T05:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818006,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51015"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818006,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33456"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11741"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e818007,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61342"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-30T05:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818006,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33458"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11742"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818007,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37847"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818007,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56042"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11743"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818007,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58995"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818007,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37530"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11744"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818007,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46602"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818007,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50218"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11745"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818007,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818007,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58440"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818007,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53210"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11746"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818008,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56037"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818008,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37538"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11747"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818008,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40145"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818008,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57927"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11748"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818008,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51834"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818008,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53218"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11749"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818009,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63788"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818009,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50234"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11750"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818009,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63418"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818009,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37550"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11751"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818009,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60494"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818009,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53226"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11752"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818009,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44387"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818009,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57940"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11753"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818009,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44857"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818009,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50242"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11754"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:13:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81800a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63079"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:13:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81800a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53232"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11755"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:13:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81800a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47305"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:13:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81800a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37560"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11756"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:13:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81800a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55891"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:13:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81800a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57948"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11757"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:13:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818015,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50033"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:13:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818015,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55016"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11758"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:13:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818015,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38825"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:13:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818015,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50256"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11759"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:13:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818015,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43452"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:13:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818015,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37572"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11760"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:13:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818016,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81802e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64726"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81802e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53254"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11761"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81802e,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39536"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81802e,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57968"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11762"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81802e,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36513"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81802e,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50270"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11763"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81802f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58485"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81802f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53260"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11764"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81802f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48599"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81802f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37588"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11765"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81802f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"32917"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81802f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57976"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11766"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81802f,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81802f,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40600"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81802f,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53266"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11767"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81802f,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62379"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81802f,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50280"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11768"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81802f,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37596"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11769"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818030,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50448"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818030,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53272"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11770"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818030,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61223"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818030,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57986"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11771"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818030,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62668"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818030,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50288"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11772"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818030,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53606"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818030,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53278"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11773"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818030,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53089"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818030,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37606"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11774"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818030,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61904"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818030,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57994"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11775"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818030,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59762"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818030,0xd,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53284"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11776"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818030,0xe,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34990"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818030,0xf,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50298"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11777"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818030,0x10,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50851"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:24Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818030,0x11,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37614"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11778"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818031,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35491"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818031,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53290"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11779"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818031,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35188"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818031,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58004"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11780"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818031,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59079"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818031,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50306"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11781"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818031,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55388"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818031,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53296"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11782"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818031,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33295"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818031,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37628"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11783"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818031,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64819"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818031,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58016"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11784"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818031,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47903"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818031,0xd,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53306"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11785"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818031,0xe,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57100"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818031,0xf,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50320"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11786"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818031,0x10,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42830"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818031,0x11,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37636"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11787"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818032,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51621"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818032,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53312"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11788"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818032,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49225"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818032,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58028"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11789"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818032,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57251"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818032,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50330"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11790"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818032,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58495"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818032,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53320"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11791"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818032,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41031"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818032,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37648"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11792"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818032,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49582"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818032,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58036"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11793"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818032,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64660"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818032,0xd,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53326"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11794"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818032,0xe,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44295"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818032,0xf,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"16"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37654"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11795"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818032,0x10,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"17"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44818"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818032,0x11,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"18"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50342"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11796"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818039,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46176"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818039,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53332"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11797"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818039,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51699"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818039,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58046"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11798"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818039,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64724"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818039,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37662"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11799"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81803b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49713"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81803f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55112"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11800"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81803f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33806"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81803f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50352"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11801"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81803f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63908"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:14:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81803f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58054"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11802"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:14:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818040,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:16:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818091,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48252"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:16:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818091,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64124"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11803"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:16:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818092,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42947"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:16:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818092,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58082"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11804"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:16:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818092,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52408"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:16:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818092,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37698"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11805"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:16:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818093,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:16:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8180b7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47734"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:16:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8180b7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55164"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11806"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:16:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8180b7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42564"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:16:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8180b7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58104"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11807"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:16:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8180b7,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54113"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:16:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8180b7,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50406"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11808"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:18:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81812f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39939"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:18:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81812f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55228"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11809"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:18:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81812f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56340"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:18:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81812f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58168"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11810"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:18:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81812f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34602"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:18:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81812f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37784"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11811"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:18:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818130,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:18:46Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e818138,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; description:"Contracts"; product:"Security Gateway/Management"; status:"Started"; update_service:"1"; version:"1.0"] +<134>1 2020-03-30T05:18:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818137,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34549"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:18:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818137,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.10"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51028"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11812"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:18:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818137,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42700"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:18:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818137,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58178"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11813"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:18:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818137,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33107"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:18:47Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e818138,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; comment:"No update was found"; description:"Contracts"; product:"Security Gateway/Management"; status:"Finished"; update_service:"1"; version:"1.0"] +<134>1 2020-03-30T05:18:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818137,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50480"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11814"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:18:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818139,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:20:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8181a7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62083"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:20:39Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8181a7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55284"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11815"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:20:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8181a7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39174"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:20:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8181a7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37838"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11816"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:20:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8181a8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37728"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:20:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8181a8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58226"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11817"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:20:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8181a8,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:20:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8181aa,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:21:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8181be,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53952"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:21:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8181be,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64284"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11818"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:21:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8181be,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55683"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:21:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8181be,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37856"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11819"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:21:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8181be,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39782"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:21:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8181be,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50544"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11820"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:22:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818220,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45690"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:22:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818220,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55340"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11821"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:22:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818220,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53746"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:22:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818220,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37894"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11822"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:22:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818220,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37894"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:22:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818220,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58282"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11823"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:22:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818221,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:23:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818251,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43716"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:23:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818251,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53596"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11824"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:23:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818251,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35584"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:23:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818251,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37924"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11825"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:23:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818251,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47653"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:23:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818251,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50612"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11826"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:23:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818252,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:24:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818298,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44188"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:24:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818298,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55392"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11827"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:24:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818298,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63093"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:24:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818298,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50632"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11828"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:24:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818298,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53976"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:24:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818298,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37948"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11829"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:24:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818299,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:24:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81829b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:24:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81829c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T05:24:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8182a5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52371"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:24:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8182a5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53630"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11830"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:24:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8182a6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54614"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:24:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8182a6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50644"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11831"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:24:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8182a6,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50443"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:24:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8182a6,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37960"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11832"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:26:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8182ea,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41413"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:26:02Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8182ea,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64412"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11833"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:26:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8182eb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40388"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:26:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8182eb,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"37984"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11834"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:26:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8182eb,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51327"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:26:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8182eb,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50672"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11835"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:26:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8182ec,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:26:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818310,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42300"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:26:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818310,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55452"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11836"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:26:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818310,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47462"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:26:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818310,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38006"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11837"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:26:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818310,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54585"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:26:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818310,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58394"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11838"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:27:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818358,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60621"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:27:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818358,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53706"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11839"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:27:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818358,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61676"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:27:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818358,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58420"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11840"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:27:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818358,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60723"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:27:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818358,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50722"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11841"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:27:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818358,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54401"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:27:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818359,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.108.169.64"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52840"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11842"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:27:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818359,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:28:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818388,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55100"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:28:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818388,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55514"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11843"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:28:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818388,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54149"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:28:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818388,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58454"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11844"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:28:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818388,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64299"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:28:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818388,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50756"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11845"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:28:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818389,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:30:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818400,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42081"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:30:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818400,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55552"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11846"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:30:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818400,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63978"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:30:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818400,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58492"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11847"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:30:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818400,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34766"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:30:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818400,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38108"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11848"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:30:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818401,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:30:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818403,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:31:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818417,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54609"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:31:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818417,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64550"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11849"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:31:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818417,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63640"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:31:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818417,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58508"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11850"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:31:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818417,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51086"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:31:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818417,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50810"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11851"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:32:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818478,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39664"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:32:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818479,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55604"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11852"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:32:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818479,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62190"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:32:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818479,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58544"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11853"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:32:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818479,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53377"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:32:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818479,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50846"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11854"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:32:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81847a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:34:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8184f1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59462"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:34:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8184f1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55652"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11855"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:34:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8184f1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35855"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:34:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8184f1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58592"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11856"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:34:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8184f1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34798"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:34:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8184f1,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50894"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11857"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:34:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8184f2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:36:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818544,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61211"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:36:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818544,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64666"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11858"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:36:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818544,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56175"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:36:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818544,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50924"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11859"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:36:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818544,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63859"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:36:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818544,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38240"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11860"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:36:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818545,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:36:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818547,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:36:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818569,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33388"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:36:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818569,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55706"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11861"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:36:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818569,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52509"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:36:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818569,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50946"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11862"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:36:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818569,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61449"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:36:41Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818569,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58648"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11863"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:36:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818579,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T05:36:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81857b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:38:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8185e2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60069"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:38:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8185e2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55752"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11864"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:38:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8185e2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61438"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:38:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8185e2,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"50992"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11865"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:38:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8185e2,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35897"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:38:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8185e2,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58694"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11866"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:38:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8185e3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:40:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81865a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35459"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:40:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81865a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55800"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11867"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:40:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81865a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34125"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:40:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81865a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58740"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11868"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:40:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81865a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38628"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:40:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81865a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38356"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11869"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:40:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81865b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:41:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818670,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58031"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:41:04Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818670,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64798"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11870"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:41:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818670,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54764"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:41:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818670,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58756"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11871"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:41:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818670,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47912"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:41:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818670,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51058"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11872"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:42:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8186d2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42720"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:42:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8186d2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55852"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11873"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:42:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8186d2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34511"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:42:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8186d2,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38406"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11874"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:42:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8186d2,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41550"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:42:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8186d2,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58794"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11875"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:42:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8186d3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:42:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8186d5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e81870f,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64700"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-30T05:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81870e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34867"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81870e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34366"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11876"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:43:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81870f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:44:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81874a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40000"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:44:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81874a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55904"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11877"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:44:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81874a,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63250"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:44:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81874a,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38458"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11878"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:44:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81874a,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58508"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:44:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81874a,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58846"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11879"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:44:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81874b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:44:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81874d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:46:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81879d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49153"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:46:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81879d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"64918"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11880"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:46:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81879d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43930"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:46:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81879d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51176"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11881"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:46:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81879d,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57488"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:46:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81879d,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58878"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11882"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:46:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81879e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:46:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8187c2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38104"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:46:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8187c2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"55958"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11883"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:46:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8187c2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56712"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:46:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8187c2,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51198"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11884"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:46:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8187c2,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47764"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:46:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8187c2,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38514"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11885"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:48:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81883a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34137"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:48:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81883a,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56008"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11886"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:48:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81883b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57158"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:48:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81883b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51248"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11887"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:48:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81883b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60021"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:48:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81883b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58950"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11888"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:48:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81883c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:49:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818851,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T05:50:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8188b3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61816"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:50:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8188b3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56050"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11889"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:50:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8188b3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44531"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:50:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8188b3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38604"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11890"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:50:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8188b3,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46517"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:50:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8188b3,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58992"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11891"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:50:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8188b4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:50:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8188b6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:51:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8188c9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41348"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:51:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8188c9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65048"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11892"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:51:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8188ca,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33427"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:51:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8188ca,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38620"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11893"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:51:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8188ca,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48140"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:51:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8188ca,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51308"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11894"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:52:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81892b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35571"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:52:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81892b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56102"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11895"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:52:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81892b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51185"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:52:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81892b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59042"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11896"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:52:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81892b,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53452"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:52:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81892b,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51344"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11897"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:52:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81892c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:52:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81892e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:54:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8189a3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55408"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:54:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8189a3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56150"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11898"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:54:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8189a3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58417"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:54:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8189a3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38704"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11899"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:54:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8189a3,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64511"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:54:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8189a3,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59092"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11900"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:54:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8189a4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:54:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8189a6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:56:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8189f6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54258"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:56:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8189f6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65166"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11901"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:56:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8189f6,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44428"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:56:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8189f6,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38738"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11902"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:56:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8189f6,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58772"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:56:06Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8189f6,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51426"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11903"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:56:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8189f7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:56:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8189f9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T05:56:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818a1b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52015"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:56:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818a1b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56206"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11904"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:56:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818a1b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63183"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:56:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818a1b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38760"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11905"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:56:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818a1b,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44863"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:56:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818a1b,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51448"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11906"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:58:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818a93,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56413"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:58:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818a93,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56252"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11907"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:58:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818a94,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46463"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:58:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818a94,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59192"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11908"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:58:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818a94,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57619"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T05:58:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818a94,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38808"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11909"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T05:58:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818a95,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:00:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818b0c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47927"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:00:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818b0c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56300"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11910"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:00:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818b0c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41665"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:00:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818b0c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38854"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11911"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:00:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818b0c,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51991"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:00:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818b0c,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59242"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11912"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:00:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818b0d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:01:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818b22,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34570"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:01:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818b22,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65298"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11913"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:01:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818b23,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59398"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:01:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818b23,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38870"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11914"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:01:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818b23,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63057"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:01:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818b23,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51558"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11915"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:01:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818b24,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:01:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818b29,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T06:02:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818b84,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55542"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:02:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818b84,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56352"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11916"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:02:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818b84,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57574"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:02:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818b84,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59292"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11917"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:02:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818b84,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33110"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:02:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818b84,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38908"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11918"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:02:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818b85,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:02:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818b87,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:04:10Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818bdb,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-30T06:04:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818bdb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:04:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818bfc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51952"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:04:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818bfc,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56402"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11919"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:04:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818bfc,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46605"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:04:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818bfc,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59342"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11920"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:04:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818bfc,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54061"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:04:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818bfc,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51644"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11921"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:04:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818bfd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:06:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818c4f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60280"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:06:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818c4f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65412"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11922"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:06:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818c4f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33137"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:06:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818c4f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51670"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11923"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:06:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818c4f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58419"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:06:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818c4f,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59372"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11924"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:06:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818c50,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:06:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818c53,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:06:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818c74,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34740"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:06:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818c74,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56452"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11925"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:06:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818c74,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59189"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:06:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818c74,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39006"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11926"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:06:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818c74,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51938"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:06:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818c74,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59394"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11927"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:08:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818cec,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64473"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:08:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818cec,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56500"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11928"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:08:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ced,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65246"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:08:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ced,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59440"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11929"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:08:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ced,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39202"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:08:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ced,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51742"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11930"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:08:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ced,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:08:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818cef,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:10:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818d65,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36657"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:10:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818d65,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56542"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11931"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:10:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818d65,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63077"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:10:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818d65,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59482"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11932"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:10:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818d65,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45047"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:10:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818d65,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39098"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11933"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:10:46Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818d66,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:10:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818d67,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:11:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818d7c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44111"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:11:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818d7c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32772"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11934"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:11:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818d7c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61061"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:11:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818d7c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59498"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11935"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:11:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818d7c,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42546"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:11:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818d7c,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51800"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11936"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:12:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ddd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52919"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:12:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ddd,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54820"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11937"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:12:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ddd,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61700"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:12:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ddd,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59534"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11938"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:12:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ddd,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48981"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:12:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ddd,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39150"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11939"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:12:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ddd,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33277"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:12:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ddd,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54826"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11940"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:12:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ddd,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54293"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:12:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ddd,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59540"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11941"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:12:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ddd,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65414"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:12:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ddd,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51842"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11942"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:12:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ddd,0xc,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:12:51Z gw-da58d3 CheckPoint 8363 - [flags:"166216"; ifdir:"outbound"; loguid:"{0x5e818de4,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; db_ver:"20033003"; description:"Gateway was updated with database version: 22032001."; product:"Application Control"; severity:"1"; update_status:"updated"] +<134>1 2020-03-30T06:12:51Z gw-da58d3 CheckPoint 8363 - [flags:"166216"; ifdir:"outbound"; loguid:"{0x5e818de4,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; db_ver:"20033003"; description:"Gateway was updated with database version: 22032001."; product:"URL Filtering"; severity:"1"; update_status:"updated"] +<134>1 2020-03-30T06:13:21Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818e01,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T06:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e818e17,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"65488"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-30T06:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818e16,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62539"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818e16,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"35114"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11943"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818e17,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:14:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818e5b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34516"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:14:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818e5b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56652"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11944"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:14:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818e5b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53198"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:14:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818e5b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59592"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11945"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:14:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818e5b,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50441"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:14:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818e5b,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39208"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11946"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:14:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818e5c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:16:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ea8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62570"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:16:08Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ea8,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"32900"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11947"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:16:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ea8,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48968"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:16:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ea8,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51926"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11948"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:16:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ea8,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39750"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:16:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ea8,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59628"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11949"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:16:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ea9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:16:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ed3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44823"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:16:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ed3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56708"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11950"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:16:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ed3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44219"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:16:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ed3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"51948"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11951"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:16:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ed3,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38769"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:16:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ed3,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59650"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11952"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:16:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ed4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:17:11Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818ee8,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-30T06:17:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818eee,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.196"] +<134>1 2020-03-30T06:18:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818f2f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.196"] +<134>1 2020-03-30T06:18:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818f31,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:18:26Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818f32,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:18:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818f4b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47556"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:18:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818f4b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56764"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11953"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:18:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818f4b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44358"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:18:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818f4b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52004"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11954"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:18:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818f4b,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38145"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:18:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818f4b,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39320"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11955"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:18:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818f4e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61103"; service:"137"; service_id:"nbname"; src:"192.168.1.196"] +<134>1 2020-03-30T06:19:27Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818f6f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58123"; service:"137"; service_id:"nbname"; src:"192.168.1.196"] +<134>1 2020-03-30T06:19:29Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818f71,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:20:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818fc3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55476"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:20:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818fc3,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56808"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11956"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:20:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818fc3,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"59665"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:20:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818fc3,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52048"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11957"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:20:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818fc3,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49521"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:20:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818fc3,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39364"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11958"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:20:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818fc5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:21:09Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818fd5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39585"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:21:10Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818fd6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33038"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11959"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:21:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818fd7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43073"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:21:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818fd7,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52064"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11960"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:21:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818fd7,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47202"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:21:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e818fd7,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59766"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11961"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:22:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81903b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37097"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:22:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81903b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56862"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11962"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:22:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81903c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42129"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:22:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81903c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59802"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11963"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:22:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81903c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42036"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:22:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81903c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39418"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11964"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:22:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81903d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:22:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81903e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:24:49Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8190b3,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-30T06:24:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8190b2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8190b4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50845"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8190b4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56910"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11965"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8190b4,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41009"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8190b4,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59850"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11966"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8190b4,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64303"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8190b4,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39466"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11967"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8190b4,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-30T06:24:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8190b4,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.196"] +<134>1 2020-03-30T06:24:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8190b5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:24:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8190b5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57621"; service:"57621"; src:"192.168.1.94"] +<134>1 2020-03-30T06:25:25Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8190d5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T06:26:05Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8190fd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-30T06:26:07Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8190ff,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:26:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819103,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45676"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:26:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819103,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33158"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11968"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:26:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819103,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60115"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:26:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819103,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39498"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11969"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:26:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819103,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44659"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:26:11Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819103,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59886"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11970"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:26:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81912c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48050"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:26:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81912c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"56964"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11971"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:26:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81912c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53586"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:26:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81912c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39518"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11972"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:26:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81912c,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56868"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:26:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81912c,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52206"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11973"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:26:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81912d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:26:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81912f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:28:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8191a4,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36587"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:28:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8191a4,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57014"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11974"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:28:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8191a4,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60568"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:28:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8191a4,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52254"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11975"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:28:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8191a4,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40853"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:28:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8191a4,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39570"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11976"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:28:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8191a5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:28:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8191a7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:30:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81921c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38050"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:30:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81921c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57060"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11977"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:30:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81921c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45682"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:30:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81921c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52300"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11978"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:30:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81921c,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62021"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:30:52Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81921c,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60002"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11979"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:30:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81921d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:31:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819230,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64731"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:31:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819230,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33290"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11980"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:31:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819230,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36304"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:31:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819230,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52316"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11981"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:31:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819230,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64345"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:31:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819230,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39632"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11982"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:32:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819295,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53062"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:32:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819295,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57116"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11983"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:32:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819295,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38562"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:32:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819295,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52356"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11984"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:32:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819295,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43592"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:32:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819295,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60058"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11985"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:32:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819296,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:32:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819298,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:34:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819302,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-30T06:34:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819302,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.196"] +<134>1 2020-03-30T06:34:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819303,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:34:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81930d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41393"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:34:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81930d,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57172"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11986"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:34:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81930d,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47499"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:34:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81930d,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39726"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11987"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:34:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81930d,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35274"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:34:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81930d,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60114"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11988"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:36:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81935c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51571"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:36:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81935c,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33416"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11989"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:36:12Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81935c,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34391"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:36:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81935c,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52442"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11990"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:36:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81935c,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49626"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:36:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81935c,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60144"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11991"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:36:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81935d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:36:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81935f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:36:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81937d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-30T06:36:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819385,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51824"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:36:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819385,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57226"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11992"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:36:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819385,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41337"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:36:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819385,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52466"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11993"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:36:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819385,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55113"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:36:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819385,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39782"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11994"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:36:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819386,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:37:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81939d,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T06:38:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8193fd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49443"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:38:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8193fd,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57276"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11995"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:38:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8193fd,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61082"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:38:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8193fd,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52516"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11996"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:38:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8193fd,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43298"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:38:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8193fd,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60218"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11997"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:38:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8193fe,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:40:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819475,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63993"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:40:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819475,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57326"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11998"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:40:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819476,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33092"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:40:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819476,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52566"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"11999"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:40:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819476,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62853"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:40:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819476,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60268"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12000"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:40:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819477,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:40:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819478,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:41:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819489,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43207"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:41:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819489,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33556"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12001"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:41:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819489,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49403"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:41:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819489,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60282"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12002"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:41:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819489,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56714"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:41:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819489,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39898"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12003"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:42:01Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8194b9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-30T06:42:03Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8194bb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:42:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8194ee,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60325"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:42:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8194ee,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57382"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12004"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:42:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8194ee,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33748"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:42:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8194ee,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60322"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12005"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:42:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8194ee,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52449"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:42:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8194ee,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52624"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12006"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:42:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8194ef,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:42:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8194f0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e81951f,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33456"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-30T06:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81951e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51438"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:43:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81951e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33276"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12007"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:43:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81951f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:44:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819566,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"65437"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:44:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819566,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57434"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12008"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:44:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819566,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36024"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:44:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819566,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"39988"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12009"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:44:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819566,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47884"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:44:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819566,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60376"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12010"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:44:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819567,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:44:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819569,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:46:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8195b5,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36977"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:46:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8195b5,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33682"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12011"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:46:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8195b6,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45284"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:46:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8195b6,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60408"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12012"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:46:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8195b6,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"61603"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:46:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8195b6,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52710"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12013"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:46:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8195b7,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:46:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8195b8,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:46:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8195de,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51754"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:46:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8195de,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57492"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12014"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:46:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8195de,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55350"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:46:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8195de,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60432"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12015"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:46:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8195de,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"45150"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:46:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8195de,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40048"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12016"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:46:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8195df,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:48:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819656,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60198"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:48:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819656,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57546"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12017"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:48:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819656,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57920"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:48:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819656,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60486"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12018"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:48:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819656,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39876"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:48:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819656,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40102"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12019"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:48:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819657,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:49:30Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81967a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T06:50:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8196ce,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37797"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:50:54Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8196ce,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57592"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12020"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:50:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8196cf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41755"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:50:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8196cf,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60532"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12021"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:50:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8196cf,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40710"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:50:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8196cf,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40148"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12022"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:50:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8196d0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:51:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8196e2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"38221"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:51:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8196e2,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33822"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12023"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:51:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8196e2,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55730"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:51:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8196e2,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60548"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12024"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:51:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8196e2,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39812"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:51:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8196e2,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52850"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12025"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:52:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819747,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42226"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:52:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819747,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57648"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12026"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:52:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819747,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40550"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:52:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819747,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60588"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12027"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:52:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819747,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43803"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:52:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819747,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52890"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12028"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:52:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819748,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:54:51Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8197bb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.94"] +<134>1 2020-03-30T06:54:53Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8197bd,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:54:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8197bf,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:54:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8197bf,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37521"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:54:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8197bf,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57704"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12029"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:54:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8197bf,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37928"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:54:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8197bf,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52944"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12030"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:54:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8197bf,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37013"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:54:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8197bf,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40260"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12031"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:56:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81980e,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42830"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:56:14Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81980e,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33949"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12032"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:56:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81980f,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34896"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:56:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81980f,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52974"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12033"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:56:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81980f,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34555"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:56:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81980f,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40290"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12034"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:56:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81980f,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:56:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819811,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:56:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819837,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50605"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:56:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819837,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57758"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12035"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:56:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819837,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41263"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:56:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819837,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"52998"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12036"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:56:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819837,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49819"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:56:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819837,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60700"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12037"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:58:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8198af,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36714"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:58:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8198af,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.19.245.252"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40258"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12038"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:58:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8198af,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36680"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:58:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8198af,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53046"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12039"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:58:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8198af,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35666"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T06:58:55Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8198af,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60748"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12040"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T06:58:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8198b0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T06:58:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8198b2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T07:00:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819928,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46355"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:00:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819928,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57850"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12041"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:00:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819928,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34361"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:00:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819928,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53090"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12042"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:00:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819928,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51682"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:00:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819928,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60794"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12043"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:00:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819929,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T07:01:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81993b,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49153"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:01:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81993b,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34086"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12044"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:01:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81993b,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42185"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:01:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81993b,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53112"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12045"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:01:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81993b,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56597"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:01:15Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e81993b,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40428"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12046"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:01:23Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819943,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T07:02:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8199a0,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57795"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:02:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8199a0,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57914"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12047"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:02:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8199a0,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62700"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:02:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8199a0,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60854"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12048"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:02:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8199a0,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47866"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:02:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8199a0,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53156"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12049"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:02:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8199a1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T07:02:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e8199a3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T07:04:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819a18,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"37804"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:04:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819a18,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"57964"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12050"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:04:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819a18,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40219"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:04:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819a18,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40518"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12051"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:04:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819a18,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50783"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:04:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819a18,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60906"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12052"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:04:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819a19,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T07:06:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819a68,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52607"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:06:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819a68,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34210"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12053"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:06:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819a68,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56594"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:06:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819a68,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53236"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12054"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:06:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819a68,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57254"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:06:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819a68,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40552"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12055"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:06:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819a69,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T07:06:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819a6a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T07:06:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819a90,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"54279"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:06:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819a90,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58020"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12056"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:06:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819a90,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55692"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:06:56Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819a90,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53260"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12057"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:06:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819a90,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46428"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:06:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819a90,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60962"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12058"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:06:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819a92,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T07:06:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819a93,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T07:08:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819b09,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53629"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:08:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819b09,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58068"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12059"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:08:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819b09,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"51133"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:08:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819b09,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53308"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12060"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:08:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819b09,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"39973"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:08:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819b09,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61010"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12061"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:08:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819b0a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T07:10:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819b81,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"46204"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:10:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819b81,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58114"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12062"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:10:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819b81,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"62262"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:10:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819b81,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53354"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12063"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:10:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819b81,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50778"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:10:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819b81,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61056"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12064"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:10:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819b82,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T07:11:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819b84,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T07:11:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819b94,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49067"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:11:16Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819b94,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34342"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12065"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:11:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819b94,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58835"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:11:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819b94,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53368"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12066"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:11:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819b94,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56304"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:11:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819b94,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40684"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12067"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:12:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819bf9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58799"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:12:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819bf9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58168"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12068"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:12:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819bf9,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47436"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:12:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819bf9,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53408"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12069"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:12:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819bf9,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41726"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:12:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819bf9,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40724"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12070"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:12:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819bfa,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T07:13:00Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819bfc,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T07:13:38Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c22,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.1"] +<134>1 2020-03-30T07:13:40Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c24,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T07:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e819c27,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"33458"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-30T07:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c26,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41471"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c26,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34058"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12071"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"425984"; ifdir:"outbound"; ifname:"eth0"; logid:"1"; loguid:"{0x5e819c27,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"2.21.41.118"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34366"; service:"80"; src:"192.168.1.100"; tcp_flags:"FIN-ACK"; tcp_packet_out_of_state:"First packet isn't SYN"] +<134>1 2020-03-30T07:13:42Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c26,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34060"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12072"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c27,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"33526"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c27,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.47"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"59266"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12073"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c27,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"44366"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:13:43Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c27,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61140"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12074"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c27,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"40369"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c27,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53442"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12075"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c28,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"34270"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c28,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38728"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12076"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c28,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55023"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c28,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61146"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12077"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c28,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64529"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c28,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40762"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12078"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c28,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"9"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41318"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c28,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38734"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12079"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c28,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"47923"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c28,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53452"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12080"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c28,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"14"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"41617"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:13:44Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c28,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"15"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61154"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12081"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c29,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50576"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c29,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38740"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12082"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c29,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"58575"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c29,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40772"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12083"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c29,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52045"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c29,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53460"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12084"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c29,0x6,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"7"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"53510"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c29,0x7,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"8"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.99.234.45"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"38746"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12085"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c29,0x8,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"10"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64322"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c29,0x9,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"11"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61164"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12086"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c29,0xa,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"12"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56992"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:13:45Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c29,0xb,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"13"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40780"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12087"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:13:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c36,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"55174"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:13:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c36,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58234"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12088"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:13:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c36,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63626"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:13:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c36,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40788"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12089"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:13:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c36,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63014"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:13:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c36,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61176"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12090"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:13:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c37,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T07:14:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c71,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48044"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:14:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c71,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58258"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12091"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:14:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c71,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35998"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:14:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c71,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40812"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12092"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:14:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c71,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"63006"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:14:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c71,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53500"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12093"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:14:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819c72,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T07:16:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819cc1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49228"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:16:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819cc1,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.27"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"34504"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12094"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:16:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819cc1,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"57230"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:16:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819cc1,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61232"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12095"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:16:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819cc1,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"36754"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:16:17Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819cc1,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53534"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12096"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:16:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819cc2,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T07:16:19Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819cc3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T07:16:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819ce9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64694"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:16:57Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819ce9,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58316"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12097"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:16:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819ce9,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64031"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:16:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819ce9,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40870"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12098"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:16:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819ce9,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"64048"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:16:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819ce9,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53558"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12099"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:16:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819ceb,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T07:17:08Z gw-da58d3 CheckPoint 8363 - [action:"Drop"; flags:"395524"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819cf6,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"255.255.255.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"3"; parent_rule:"0"; rule_action:"Drop"; rule_name:"Cleanup rule"; rule_uid:"76fd22f2-efa8-4c81-a617-40201d3f5c4e"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"68"; service:"67"; service_id:"bootp"; src:"0.0.0.0"] +<134>1 2020-03-30T07:17:13Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819cf9,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"137"; service:"137"; service_id:"nbname"; src:"192.168.1.196"] +<134>1 2020-03-30T07:18:18Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819d3a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"138"; service:"138"; service_id:"nbdatagram"; src:"192.168.1.196"] +<134>1 2020-03-30T07:18:20Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819d3c,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60640"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T07:18:47Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e819d58,0x0,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; description:"Contracts"; product:"Security Gateway/Management"; status:"Started"; update_service:"1"; version:"1.0"] +<134>1 2020-03-30T07:18:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819d57,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"49847"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:18:47Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819d57,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"194.29.39.10"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"54160"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12100"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:18:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819d57,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"35615"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:18:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819d57,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53610"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12101"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:18:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819d57,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60790"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:18:48Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819d57,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.36"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"61312"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12102"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:18:48Z gw-da58d3 CheckPoint 8363 - [flags:"133440"; ifdir:"inbound"; loguid:"{0x5e819d58,0x1,0x6401a8c0,0x108620ab}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; comment:"No update was found"; description:"Contracts"; product:"Security Gateway/Management"; status:"Finished"; update_service:"1"; version:"1.0"] +<134>1 2020-03-30T07:18:49Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819d59,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"52401"; service:"137"; service_id:"nbname"; src:"192.168.1.196"] +<134>1 2020-03-30T07:18:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819d62,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"56321"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:18:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819d62,0x1,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"2"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"104.81.142.43"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"58384"; service:"443"; service_id:"https"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12103"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:18:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819d62,0x2,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"3"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"48951"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:18:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819d62,0x3,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"4"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.31"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"53624"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12104"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:18:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819d62,0x4,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"5"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.1"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"42820"; service:"53"; service_id:"domain-udp"; src:"192.168.1.100"] +<134>1 2020-03-30T07:18:58Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819d62,0x5,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"6"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.124.249.41"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; nat_addtnl_rulenum:"0"; nat_rulenum:"0"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"40940"; service:"80"; service_id:"http"; src:"192.168.1.100"; xlatedport:"0"; xlatedst:"0.0.0.0"; xlatesport:"12105"; xlatesrc:"0.0.0.0"] +<134>1 2020-03-30T07:18:59Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819d63,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] +<134>1 2020-03-30T07:19:22Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819d7a,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.255"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"50024"; service:"137"; service_id:"nbname"; src:"192.168.1.196"] +<134>1 2020-03-30T07:20:33Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"411908"; ifdir:"inbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819dc1,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.100"; inzone:"External"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"Local"; product:"VPN-1 & FireWall-1"; proto:"6"; s_port:"60226"; service:"22"; service_id:"ssh"; src:"192.168.1.205"] +<134>1 2020-03-30T07:20:35Z gw-da58d3 CheckPoint 8363 - [action:"Accept"; flags:"444676"; ifdir:"outbound"; ifname:"eth0"; logid:"0"; loguid:"{0x5e819dc3,0x0,0x353707c7,0xee78a1dc}"; origin:"192.168.1.100"; originsicname:"cn=cp_mgmt,o=gw-da58d3..tmn8s8"; sequencenum:"1"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={880771B0-FD92-2C4F-82FC-B96FC3DE5A07};mgmt=gw-da58d3;date=1585502566;policy_name=Standard\]"; dst:"192.168.1.153"; inzone:"Local"; layer_name:"Network"; layer_uuid:"63b7fe60-76d2-4287-bca5-21af87337b0a"; match_id:"1"; parent_rule:"0"; rule_action:"Accept"; rule_uid:"1fde807b-6300-4b1a-914f-f1c1f3e2e7d2"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"43103"; service:"514"; service_id:"syslog"; src:"192.168.1.100"] diff --git a/filebeat/module/checkpoint/firewall/test/checkpoint.log-expected.json b/filebeat/module/checkpoint/firewall/test/checkpoint.log-expected.json new file mode 100644 index 00000000000..4e8517f4794 --- /dev/null +++ b/filebeat/module/checkpoint/firewall/test/checkpoint.log-expected.json @@ -0,0 +1,5509 @@ +[ + { + "@timestamp": "2020-03-29T13:19:20Z", + "checkpoint.sys_message": "The eth0 interface is not protected by the anti-spoofing feature. Your network may be at risk", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a059,0x0,0x6401a8c0,0x3c7878a}", + "event.kind": "event", + "event.module": "checkpoint", + "event.sequence": "1", + "event.timezone": "-02:00", + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 0, + "network.direction": "inbound", + "observer.ingress.interface.name": "daemon", + "observer.name": "192.168.1.100", + "observer.product": "System Monitor", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "service.type": "checkpoint", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:20Z", + "checkpoint.sys_message": "The eth1 interface is not protected by the anti-spoofing feature. Your network may be at risk", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a059,0x1,0x6401a8c0,0x3c7878a}", + "event.kind": "event", + "event.module": "checkpoint", + "event.sequence": "2", + "event.timezone": "-02:00", + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 345, + "network.direction": "inbound", + "observer.ingress.interface.name": "daemon", + "observer.name": "192.168.1.100", + "observer.product": "System Monitor", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "service.type": "checkpoint", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:21Z", + "checkpoint.sys_message": "installed Standard", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a059,0x2,0x6401a8c0,0x3c7878a}", + "event.kind": "event", + "event.module": "checkpoint", + "event.sequence": "2", + "event.timezone": "-02:00", + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 690, + "network.direction": "inbound", + "observer.ingress.interface.name": "daemon", + "observer.name": "192.168.1.100", + "observer.product": "System Monitor", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "service.type": "checkpoint", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:22Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "46915", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05a,0x0,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "1", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 960, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "46915", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:22Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "61794", + "destination.as.number": 25046, + "destination.as.organization.name": "Check Point Software Technologies LTD", + "destination.geo.city_name": "Tel Aviv", + "destination.geo.continent_name": "Asia", + "destination.geo.country_iso_code": "IL", + "destination.geo.location.lat": 32.0678, + "destination.geo.location.lon": 34.7647, + "destination.geo.region_iso_code": "IL-TA", + "destination.geo.region_name": "Tel Aviv", + "destination.ip": "194.29.39.10", + "destination.port": "443", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05a,0x0,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "2", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 1739, + "network.application": "https", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "194.29.39.10", + "194.29.39.10" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "194.29.39.10", + "server.port": "443", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "26680", + "source.port": "61794", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:22Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "36749", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05a,0x0,0x1cae0484,0xf99c33e9}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "3", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 2630, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "36749", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:22Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "41566", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "104.99.234.45", + "destination.port": "443", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05a,0x1,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "4", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 3409, + "network.application": "https", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "104.99.234.45", + "104.99.234.45" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "104.99.234.45", + "server.port": "443", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "10012", + "source.port": "41566", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:22Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "55799", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05a,0x1,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "5", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 4302, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "55799", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:22Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "48698", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.31", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05a,0x2,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "6", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 5080, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.31", + "192.124.249.31" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.31", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "10013", + "source.port": "48698", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:22Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "48658", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05a,0x1,0x1cae0484,0xf99c33e9}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "7", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 5972, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "48658", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:22Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "61150", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.36", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05a,0x3,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "8", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 6751, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.36", + "192.124.249.36" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.36", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "10014", + "source.port": "61150", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:22Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "59800", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05a,0x2,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "9", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 7643, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "59800", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:22Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "55110", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "104.81.142.43", + "destination.port": "443", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05a,0x3,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "11", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 8421, + "network.application": "https", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "104.81.142.43", + "104.81.142.43" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "104.81.142.43", + "server.port": "443", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "26681", + "source.port": "55110", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:22Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "49780", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05a,0x4,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "12", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 9314, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "49780", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:22Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "48718", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.31", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05a,0x5,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "13", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 10093, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.31", + "192.124.249.31" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.31", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "26682", + "source.port": "48718", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:22Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "33536", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05a,0x4,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "14", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 10985, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "33536", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:22Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "62206", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.41", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05a,0x6,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "15", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 11765, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.41", + "192.124.249.41" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.41", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "26683", + "source.port": "62206", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:22Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "61767", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05a,0x5,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "16", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 12657, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "61767", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:22Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "41596", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "104.99.234.45", + "destination.port": "443", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05a,0x7,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "17", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 13437, + "network.application": "https", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "104.99.234.45", + "104.99.234.45" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "104.99.234.45", + "server.port": "443", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "26684", + "source.port": "41596", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:22Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "48728", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05a,0x2,0x1cae0484,0xf99c33e9}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "18", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 14330, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "48728", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:22Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "61180", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.36", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05a,0x6,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "19", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 15110, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.36", + "192.124.249.36" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.36", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "10015", + "source.port": "61180", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:22Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "64364", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05a,0x7,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "20", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 16003, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "64364", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:22Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "48732", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.31", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05a,0x8,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "21", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 16783, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.31", + "192.124.249.31" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.31", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "10016", + "source.port": "48732", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:23Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "54002", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05b,0x0,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "1", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 17676, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "54002", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:23Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "62222", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.41", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05b,0x0,0x1cae0484,0xf99c33e9}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "2", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 18454, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.41", + "192.124.249.41" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.41", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "43354", + "source.port": "62222", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:23Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "40677", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05b,0x0,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "3", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 19346, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "40677", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:23Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "61188", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.36", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05b,0x1,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "4", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 20125, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.36", + "192.124.249.36" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.36", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "10017", + "source.port": "61188", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:23Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "53589", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05b,0x1,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "6", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 21017, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "53589", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:23Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "41624", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "104.99.234.45", + "destination.port": "443", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05b,0x2,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "7", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 21795, + "network.application": "https", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "104.99.234.45", + "104.99.234.45" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "104.99.234.45", + "server.port": "443", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "26685", + "source.port": "41624", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:23Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "36166", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05b,0x1,0x1cae0484,0xf99c33e9}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "8", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 22687, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "36166", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:23Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "48758", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.31", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05b,0x2,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "9", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 23466, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.31", + "192.124.249.31" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.31", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "10018", + "source.port": "48758", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:23Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "43736", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05b,0x3,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "10", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 24358, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "43736", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:23Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "62246", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.41", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05b,0x4,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "11", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 25138, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.41", + "192.124.249.41" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.41", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "10019", + "source.port": "62246", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:23Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "46065", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05b,0x2,0x1cae0484,0xf99c33e9}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "12", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 26031, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "46065", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:23Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "41638", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "104.99.234.45", + "destination.port": "443", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05b,0x5,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "13", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 26811, + "network.application": "https", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "104.99.234.45", + "104.99.234.45" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "104.99.234.45", + "server.port": "443", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "10020", + "source.port": "41638", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:23Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "43388", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05b,0x3,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "15", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 27705, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "43388", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:23Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "61224", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.36", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05b,0x3,0x1cae0484,0xf99c33e9}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "16", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 28484, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.36", + "192.124.249.36" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.36", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "43355", + "source.port": "61224", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:23Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "61851", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05b,0x4,0x1cae0484,0xf99c33e9}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "17", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 29377, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "61851", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:22Z", + "checkpoint.additional_info": "Access Control Policy : Standard", + "checkpoint.audit_status": "Success", + "checkpoint.machine": "192.168.1.117", + "checkpoint.objecttable": "applications", + "checkpoint.objecttype": "firewall_application", + "checkpoint.operation": "Install Policy", + "checkpoint.operation_number": "7", + "client.ip": "192.168.1.117", + "client.user.id": "{FF0154DE-7D18-4396-B0C2-7E8951B393A4}", + "client.user.name": "admin", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05c,0x0,0x6401a8c0,0x3c7878a}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "22", + "event.timezone": "-02:00", + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 30157, + "message": "Policy Installation", + "network.direction": "outbound", + "observer.name": "192.168.1.100", + "observer.product": "SmartConsole", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.117" + ], + "rule.name": "gw-da58d3", + "service.type": "checkpoint", + "source.ip": "192.168.1.117", + "source.user.id": "{FF0154DE-7D18-4396-B0C2-7E8951B393A4}", + "source.user.name": "admin", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:19:23Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "48776", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.31", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a05b,0x5,0x1cae0484,0xf99c33e9}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "18", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 30757, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.31", + "192.124.249.31" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.31", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "43356", + "source.port": "48776", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:26Z", + "checkpoint.blade_name": "Anti Bot & Anti Virus", + "checkpoint.information": "policy installation for blade Anti Bot & Anti Virus completed successfully", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09c,0x0,0x6401a8c0,0x3c7878a}", + "event.kind": "event", + "event.module": "checkpoint", + "event.sequence": "2", + "event.timezone": "-02:00", + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 31650, + "network.direction": "inbound", + "observer.name": "192.168.1.100", + "observer.product": "Log Update", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "service.type": "checkpoint", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:28Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "51436", + "destination.as.number": 25046, + "destination.as.organization.name": "Check Point Software Technologies LTD", + "destination.geo.city_name": "Tel Aviv", + "destination.geo.continent_name": "Asia", + "destination.geo.country_iso_code": "IL", + "destination.geo.location.lat": 32.0678, + "destination.geo.location.lon": 34.7647, + "destination.geo.region_iso_code": "IL-TA", + "destination.geo.region_name": "Tel Aviv", + "destination.ip": "194.29.39.47", + "destination.port": "443", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09b,0x0,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "1", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 32184, + "network.application": "https", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "194.29.39.47", + "194.29.39.47" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "194.29.39.47", + "server.port": "443", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "26686", + "source.port": "51436", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:28Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "36896", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09b,0x0,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "2", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 33075, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "36896", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:28Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "38864", + "destination.ip": "192.168.1.153", + "destination.port": "514", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09c,0x0,0x1cae0484,0xf99c33e9}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "3", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 33854, + "network.application": "syslog", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.153", + "192.168.1.153" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.153", + "server.port": "514", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "38864", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:28Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "59284", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09c,0x0,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "4", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 34632, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "59284", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:28Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "62396", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.41", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09c,0x0,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "5", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 35411, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.41", + "192.124.249.41" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.41", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "26687", + "source.port": "62396", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:28Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "43379", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09c,0x1,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "6", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 36302, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "43379", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:28Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "48914", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.31", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09c,0x2,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "7", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 37080, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.31", + "192.124.249.31" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.31", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "26688", + "source.port": "48914", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:29Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "41365", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09d,0x0,0x1cae0484,0xf99c33e9}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "1", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 37971, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "41365", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:29Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "41844", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "104.99.234.45", + "destination.port": "443", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09d,0x0,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "2", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 38750, + "network.application": "https", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "104.99.234.45", + "104.99.234.45" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "104.99.234.45", + "server.port": "443", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "10021", + "source.port": "41844", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:29Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "47951", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09d,0x1,0x1cae0484,0xf99c33e9}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "3", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 39643, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "47951", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:29Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "62468", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.41", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09d,0x0,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "4", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 40422, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.41", + "192.124.249.41" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.41", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "26689", + "source.port": "62468", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:29Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "36526", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09d,0x1,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "5", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 41313, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "36526", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:29Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "61434", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.36", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09d,0x2,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "6", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 42091, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.36", + "192.124.249.36" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.36", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "26690", + "source.port": "61434", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:29Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "34981", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09d,0x3,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "7", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 42982, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "34981", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:29Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "41856", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "104.99.234.45", + "destination.port": "443", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09d,0x4,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "8", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 43760, + "network.application": "https", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "104.99.234.45", + "104.99.234.45" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "104.99.234.45", + "server.port": "443", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "26691", + "source.port": "41856", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:28Z", + "checkpoint.additional_info": "Threat Prevention Policy : Standard", + "checkpoint.audit_status": "Success", + "checkpoint.machine": "192.168.1.117", + "checkpoint.objecttable": "applications", + "checkpoint.objecttype": "threatprevention_application", + "checkpoint.operation": "Install Policy", + "checkpoint.operation_number": "7", + "client.ip": "192.168.1.117", + "client.user.id": "{597182F7-E1BA-460F-B6E0-D4996295B5CC}", + "client.user.name": "admin", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09d,0x0,0x6401a8c0,0x3c7878a}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "8", + "event.timezone": "-02:00", + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 44652, + "message": "Policy Installation", + "network.direction": "outbound", + "observer.name": "192.168.1.100", + "observer.product": "SmartConsole", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.117" + ], + "rule.name": "gw-da58d3", + "service.type": "checkpoint", + "source.ip": "192.168.1.117", + "source.user.id": "{597182F7-E1BA-460F-B6E0-D4996295B5CC}", + "source.user.name": "admin", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:29Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "61445", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09d,0x1,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "10", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 45262, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "61445", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:29Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "48990", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.31", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09d,0x5,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "11", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 46042, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.31", + "192.124.249.31" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.31", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "26692", + "source.port": "48990", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:29Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "64618", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09d,0x6,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "12", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 46934, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "64618", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:29Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "62478", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.41", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09d,0x7,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "13", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 47713, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.41", + "192.124.249.41" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.41", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "26693", + "source.port": "62478", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:30Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "61203", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09e,0x0,0x1cae0484,0xf99c33e9}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "1", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 48605, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "61203", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:30Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "41864", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "104.99.234.45", + "destination.port": "443", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09e,0x0,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "2", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 49384, + "network.application": "https", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "104.99.234.45", + "104.99.234.45" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "104.99.234.45", + "server.port": "443", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "10022", + "source.port": "41864", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:30Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "35209", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09e,0x0,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "4", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 50277, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "35209", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:30Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "61446", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.36", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09e,0x1,0x1cae0484,0xf99c33e9}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "5", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 51055, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.36", + "192.124.249.36" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.36", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "43357", + "source.port": "61446", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:30Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "35787", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09e,0x1,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "6", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 51947, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "35787", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:30Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "48998", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.31", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09e,0x2,0x1cae0484,0xf99c33e9}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "7", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 52725, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.31", + "192.124.249.31" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.31", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "43358", + "source.port": "48998", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:31Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "41870", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "104.99.234.45", + "destination.port": "443", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09f,0x0,0x1cae0484,0xf99c33e9}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "1", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 53617, + "network.application": "https", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "104.99.234.45", + "104.99.234.45" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "104.99.234.45", + "server.port": "443", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "43359", + "source.port": "41870", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:31Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "46851", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09f,0x0,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "2", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 54510, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "46851", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:31Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "37927", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09f,0x1,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "4", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 55288, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "37927", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:31Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "62488", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.41", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09f,0x2,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "5", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 56066, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.41", + "192.124.249.41" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.41", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "26694", + "source.port": "62488", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:31Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "45589", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09f,0x3,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "6", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 56957, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "45589", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:31Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "61454", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.36", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a09f,0x0,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "7", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 57735, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.36", + "192.124.249.36" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.36", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "10023", + "source.port": "61454", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:46Z", + "checkpoint.sys_message": "The eth0 interface is not protected by the anti-spoofing feature. Your network may be at risk", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0af,0x0,0x6401a8c0,0x3c7878a}", + "event.kind": "event", + "event.module": "checkpoint", + "event.sequence": "1", + "event.timezone": "-02:00", + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 58627, + "network.direction": "inbound", + "observer.ingress.interface.name": "daemon", + "observer.name": "192.168.1.100", + "observer.product": "System Monitor", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "service.type": "checkpoint", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:46Z", + "checkpoint.sys_message": "The eth1 interface is not protected by the anti-spoofing feature. Your network may be at risk", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0af,0x1,0x6401a8c0,0x3c7878a}", + "event.kind": "event", + "event.module": "checkpoint", + "event.sequence": "2", + "event.timezone": "-02:00", + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 58971, + "network.direction": "inbound", + "observer.ingress.interface.name": "daemon", + "observer.name": "192.168.1.100", + "observer.product": "System Monitor", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "service.type": "checkpoint", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:46Z", + "checkpoint.sys_message": "installed Standard", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0af,0x2,0x6401a8c0,0x3c7878a}", + "event.kind": "event", + "event.module": "checkpoint", + "event.sequence": "4", + "event.timezone": "-02:00", + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 59316, + "network.direction": "inbound", + "observer.ingress.interface.name": "daemon", + "observer.name": "192.168.1.100", + "observer.product": "System Monitor", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "service.type": "checkpoint", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:47Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "62122", + "destination.as.number": 25046, + "destination.as.organization.name": "Check Point Software Technologies LTD", + "destination.geo.city_name": "Tel Aviv", + "destination.geo.continent_name": "Asia", + "destination.geo.country_iso_code": "IL", + "destination.geo.location.lat": 32.0678, + "destination.geo.location.lon": 34.7647, + "destination.geo.region_iso_code": "IL-TA", + "destination.geo.region_name": "Tel Aviv", + "destination.ip": "194.29.39.10", + "destination.port": "443", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0af,0x0,0x1cae0484,0xf99c33e9}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "1", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 59586, + "network.application": "https", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "194.29.39.10", + "194.29.39.10" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "194.29.39.10", + "server.port": "443", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "43360", + "source.port": "62122", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:47Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "40928", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0af,0x0,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "2", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 60478, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "40928", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:47Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "51957", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0af,0x1,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "3", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 61256, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "51957", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:47Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "55424", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "104.81.142.43", + "destination.port": "443", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0af,0x2,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "4", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 62034, + "network.application": "https", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "104.81.142.43", + "104.81.142.43" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "104.81.142.43", + "server.port": "443", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "26695", + "source.port": "55424", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:47Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "37029", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0af,0x3,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "5", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 62926, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "37029", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:47Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "49026", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.31", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0af,0x4,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "6", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 63704, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.31", + "192.124.249.31" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.31", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "26696", + "source.port": "49026", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:47Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "61725", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0af,0x5,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "7", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 64595, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "61725", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:47Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "62514", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.41", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0af,0x6,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "8", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 65373, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.41", + "192.124.249.41" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.41", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "26697", + "source.port": "62514", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:47Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "59562", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0af,0x0,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "9", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 66264, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "59562", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:47Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "41902", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "104.99.234.45", + "destination.port": "443", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0af,0x1,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "10", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 67043, + "network.application": "https", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "104.99.234.45", + "104.99.234.45" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "104.99.234.45", + "server.port": "443", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "10024", + "source.port": "41902", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:48Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "60754", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0b0,0x0,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "1", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 67937, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "60754", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:48Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "61490", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.36", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0b0,0x0,0x1cae0484,0xf99c33e9}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "2", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 68715, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.36", + "192.124.249.36" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.36", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "43361", + "source.port": "61490", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:48Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "36577", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0b0,0x0,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "3", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 69607, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "36577", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:48Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "49042", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.31", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0b0,0x1,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "4", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 70386, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.31", + "192.124.249.31" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.31", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "26698", + "source.port": "49042", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:48Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "39956", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0b0,0x1,0x1cae0484,0xf99c33e9}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "5", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 71277, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "39956", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:48Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "41914", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "104.99.234.45", + "destination.port": "443", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0b0,0x2,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "6", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 72056, + "network.application": "https", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "104.99.234.45", + "104.99.234.45" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "104.99.234.45", + "server.port": "443", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "26699", + "source.port": "41914", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:48Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "46729", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0b0,0x2,0x1cae0484,0xf99c33e9}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "8", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 72948, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "46729", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:48Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "62534", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.41", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0b0,0x1,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "9", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 73727, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.41", + "192.124.249.41" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.41", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "10025", + "source.port": "62534", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:48Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "37133", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0b0,0x3,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "10", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 74619, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "37133", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:48Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "61500", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.36", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0b0,0x2,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "11", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 75398, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.36", + "192.124.249.36" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.36", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "10026", + "source.port": "61500", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:48Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "44417", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0b0,0x3,0x1cae0484,0xf99c33e9}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "12", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 76291, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "44417", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:48Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "41938", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "104.99.234.45", + "destination.port": "443", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0b0,0x3,0x60e0fe3b,0xda019994}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "13", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 77071, + "network.application": "https", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "104.99.234.45", + "104.99.234.45" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "104.99.234.45", + "server.port": "443", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "10027", + "source.port": "41938", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:49Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "37245", + "destination.ip": "192.168.1.1", + "destination.port": "53", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0b1,0x0,0xbba3afa,0xd2c10858}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "1", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 77965, + "network.application": "domain-udp", + "network.direction": "outbound", + "network.iana_number": "17", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.168.1.1", + "192.168.1.1" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.168.1.1", + "server.port": "53", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.port": "37245", + "tags": [ + "checkpoint-firewall" + ] + }, + { + "@timestamp": "2020-03-29T13:20:49Z", + "checkpoint.logid": "0", + "checkpoint.match_id": "1", + "checkpoint.nat_addtnl_rulenum": "0", + "checkpoint.nat_rulenum": "0", + "checkpoint.parent_rule": "0", + "checkpoint.rule_action": "Accept", + "client.ip": "192.168.1.100", + "client.port": "49102", + "destination.as.number": 30148, + "destination.as.organization.name": "Sucuri", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "192.124.249.31", + "destination.port": "80", + "event.action": "Accept", + "event.category": [ + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0x5e80a0b1,0x0,0x1cae0484,0xf99c33e9}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": "2", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 78743, + "network.application": "http", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "Network", + "observer.egress.zone": "Internal", + "observer.ingress.zone": "Local", + "observer.name": "192.168.1.100", + "observer.product": "VPN-1 & FireWall-1", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "192.168.1.100", + "192.124.249.31", + "192.124.249.31" + ], + "rule.uuid": "1fde807b-6300-4b1a-914f-f1c1f3e2e7d2", + "server.ip": "192.124.249.31", + "server.port": "80", + "service.type": "checkpoint", + "source.ip": "192.168.1.100", + "source.nat.port": "43362", + "source.port": "49102", + "tags": [ + "checkpoint-firewall" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/checkpoint/module.yml b/filebeat/module/checkpoint/module.yml new file mode 100644 index 00000000000..ed97d539c09 --- /dev/null +++ b/filebeat/module/checkpoint/module.yml @@ -0,0 +1 @@ +--- diff --git a/filebeat/module/cisco/README.md b/filebeat/module/cisco/README.md new file mode 100644 index 00000000000..9aa5702d0a8 --- /dev/null +++ b/filebeat/module/cisco/README.md @@ -0,0 +1,2 @@ +# Cisco module + diff --git a/filebeat/module/cisco/_meta/config.yml b/filebeat/module/cisco/_meta/config.yml new file mode 100644 index 00000000000..b5d555b03b5 --- /dev/null +++ b/filebeat/module/cisco/_meta/config.yml @@ -0,0 +1,53 @@ +- module: cisco + asa: + enabled: true + + # Set which input to use between syslog (default) or file. + #var.input: syslog + + # The interface to listen to UDP based syslog traffic. Defaults to + # localhost. Set to 0.0.0.0 to bind to all available interfaces. + #var.syslog_host: localhost + + # The UDP port to listen for syslog traffic. Defaults to 9001. + #var.syslog_port: 9001 + + # Set the log level from 1 (alerts only) to 7 (include all messages). + # Messages with a log level higher than the specified will be dropped. + # See https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs-sev-level.html + #var.log_level: 7 + + ftd: + enabled: true + + # Set which input to use between syslog (default) or file. + #var.input: syslog + + # The interface to listen to UDP based syslog traffic. Defaults to + # localhost. Set to 0.0.0.0 to bind to all available interfaces. + #var.syslog_host: localhost + + # The UDP port to listen for syslog traffic. Defaults to 9003. + #var.syslog_port: 9003 + + # Set the log level from 1 (alerts only) to 7 (include all messages). + # Messages with a log level higher than the specified will be dropped. + # See https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/b_fptd_syslog_guide/syslogs-sev-level.html + #var.log_level: 7 + + ios: + enabled: true + + # Set which input to use between syslog (default) or file. + #var.input: syslog + + # The interface to listen to UDP based syslog traffic. Defaults to + # localhost. Set to 0.0.0.0 to bind to all available interfaces. + #var.syslog_host: localhost + + # The UDP port to listen for syslog traffic. Defaults to 9002. + #var.syslog_port: 9002 + + # Set custom paths for the log files when using file input. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: diff --git a/filebeat/module/cisco/_meta/docs.asciidoc b/filebeat/module/cisco/_meta/docs.asciidoc new file mode 100644 index 00000000000..b72070d4918 --- /dev/null +++ b/filebeat/module/cisco/_meta/docs.asciidoc @@ -0,0 +1,303 @@ +[role="xpack"] + +:modulename: cisco +:has-dashboards: true + +== Cisco module + +This is a module for Cisco network device's logs. It includes the following +filesets for receiving logs over syslog or read from a file: + +- `asa` fileset: supports Cisco ASA firewall logs. +- `ftd` fileset: supports Cisco Firepower Threat Defense logs. +- `ios` fileset: supports Cisco IOS router and switch logs. + +Cisco ASA devices also support exporting flow records using NetFlow, which is +supported by the {filebeat-ref}/filebeat-module-netflow.html[netflow module] in +{beatname_uc}. + +[WARNING] +======================================= +Some filesets in this module make extensive use of ingest pipeline scripts. +This can cause their ingest pipelines to fail loading due to exceeding the +default compilation limits: + +`[script] Too many dynamic script compilations within, max: [75/5m]` + +Check the <> section for more information. +======================================= + +include::../include/what-happens.asciidoc[] + +include::../include/gs-link.asciidoc[] + +include::../include/configuring-intro.asciidoc[] + +The module is by default configured to run via syslog on port 9001 for ASA and +port 9002 for IOS. However it can also be configured to read from a file path. +See the following example. + +["source","yaml",subs="attributes"] +----- +- module: cisco + asa: + enabled: true + var.paths: ["/var/log/cisco-asa.log"] + var.input: "file" +----- + +:fileset_ex: asa + +include::../include/config-option-intro.asciidoc[] + +[float] +==== `asa` fileset settings + +Example config: + +[source,yaml] +---- +- module: cisco + asa: + var.syslog_host: 0.0.0.0 + var.syslog_port: 9001 + var.log_level: 5 +---- + +include::../include/var-paths.asciidoc[] + +*`var.log_level`*:: + +An integer between 1 and 7 that allows to filter messages based on the +severity level. The different severity levels supported by the Cisco ASA are: + +[width="30%",cols="^1,2",options="header"] +|=========================== +| log_level | severity +| 1 | Alert +| 2 | Critical +| 3 | Error +| 4 | Warning +| 5 | Notification +| 6 | Informational +| 7 | Debugging +|=========================== + +A value of 7 (default) will not filter any messages. A lower value will drop +any messages with a severity level higher than the specified value. For +example, `var.log_level: 3` will allow messages of level 1 (Alert), 2 (Critical) +and 3 (Error). All other messages will be dropped. + +*`var.syslog_host`*:: + +The interface to listen to UDP based syslog traffic. Defaults to localhost. +Set to 0.0.0.0 to bind to all available interfaces. + +*`var.syslog_port`*:: + +The UDP port to listen for syslog traffic. Defaults to 9001. + +:has-dashboards!: + +:fileset_ex!: + +[float] +==== `ftd` fileset settings + +The Cisco FTD fileset primarily supports parsing IPv4 and IPv6 access list log +messages similar to that of ASA devices as well as Security Event Syslog +Messages for Intrusion, Connection, File and Malware events. + +*Field mappings* + +The `ftd` fileset maps Security Event Syslog Messages to the Elastic Common +Schema (ECS) format. The following table illustrates the mapping from +Security Event fields to ECS. The `cisco.ftd` prefix is used when there is no +corresponding ECS field available. + +Mappings for Intrusion events fields: +[options="header"] +|==================================== +| FTD Field | Mapped fields +| ApplicationProtocol | network.protocol +| DstIP | destination.address +| DstPort | destination.port +| EgressInterface | cisco.ftd.destination_interface +| GID | service.id +| HTTPResponse | http.response.status_code +| IngressInterface | cisco.ftd.source_interface +| InlineResult | event.outcome +| IntrusionPolicy | cisco.ftd.rule_name +| Message | message +| Protocol | network.transport +| SrcIP | source.address +| SrcPort | source.port +| User | user.id, user.name +| WebApplication | network.application +|==================================== + +Mappings for Connection and Security Intelligence events fields: +[options="header"] +|==================================== +| FTD Field | Mapped fields +| ACPolicy | cisco.ftd.rule_name +| AccessControlRuleAction | event.outcome +| AccessControlRuleName | cisco.ftd.rule_name +| ApplicationProtocol | network.protocol +| ConnectionDuration | event.duration +| DNSQuery | dns.question.name +| DNSRecordType | dns.question.type +| DNSResponseType | dns.response_code +| DstIP | destination.address +| DstPort | destination.port +| EgressInterface | cisco.ftd.destination_interface +| HTTPReferer | http.request.referrer +| HTTPResponse | http.response.status_code +| IngressInterface | cisco.ftd.source_interface +| InitiatorBytes | source.bytes +| InitiatorPackets | source.packets +| NetBIOSDomain | host.hostname +| Protocol | network.transport +| ReferencedHost | url.domain +| ResponderBytes | destination.bytes +| ResponderPackets | destination.packets +| SSLActualAction | event.outcome +| SSLServerName | server.domain +| SrcIP | source.address +| SrcPort | source.port +| URL | url.original +| User | user.name +| UserAgent | user_agent.original +| WebApplication | network.application +| originalClientSrcIP | client.address +|==================================== + +Mappings for File and Malware events fields: +[options="header"] +|==================================== +| FTD Field | Mapped fields +| ApplicationProtocol | network.protocol +| ArchiveFileName | file.name +| ArchiveSHA256 | file.hash.sha256 +| Client | network.application +| DstIP | destination.address +| DstPort | destination.port +| FileName | file.name +| FilePolicy | cisco.ftd.rule_name +| FileSHA256 | file.hash.sha256 +| FileSize | file.size +| FirstPacketSecond | event.start +| Protocol | network.transport +| SrcIP | source.address +| SrcPort | source.port +| URI | url.original +| User | user.name +| WebApplication | network.application +|==================================== + +*Example configuration:* + +[source,yaml] +---- +- module: cisco + ftd: + var.syslog_host: 0.0.0.0 + var.syslog_port: 9003 + var.log_level: 5 +---- + +include::../include/var-paths.asciidoc[] + +*`var.log_level`*:: + +An integer between 1 and 7 that allows to filter messages based on the +severity level. The different severity levels supported by the Cisco ASA are: + +[width="30%",cols="^1,2",options="header"] +|=========================== +| log_level | severity +| 1 | Alert +| 2 | Critical +| 3 | Error +| 4 | Warning +| 5 | Notification +| 6 | Informational +| 7 | Debugging +|=========================== + +A value of 7 (default) will not filter any messages. A lower value will drop +any messages with a severity level higher than the specified value. For +example, `var.log_level: 3` will allow messages of level 1 (Alert), 2 (Critical) +and 3 (Error). All other messages will be dropped. + +*`var.syslog_host`*:: + +The interface to listen to UDP based syslog traffic. Defaults to localhost. +Set to 0.0.0.0 to bind to all available interfaces. + +*`var.syslog_port`*:: + +The UDP port to listen for syslog traffic. Defaults to 9003. + +:has-dashboards!: + +:fileset_ex!: + +[float] +==== `ios` fileset settings + +The Cisco IOS fileset primarily supports parsing IPv4 and IPv6 access list log +messages. + +Example config: + +[source,yaml] +---- +- module: cisco + ios: + var.syslog_host: 0.0.0.0 + var.syslog_port: 9002 +---- + +include::../include/var-paths.asciidoc[] + +*`var.syslog_host`*:: + +The interface to listen to UDP based syslog traffic. Defaults to localhost. +Set to 0.0.0.0 to bind to all available interfaces. + +*`var.syslog_port`*:: + +The UDP port to listen for syslog traffic. Defaults to 9002. + +include::../include/timezone-support.asciidoc[] + +:has-dashboards!: + +:fileset_ex!: + +[float] +[[dynamic-script-compilations]] +=== Dynamic Script Compilations + +The `asa` and `ftd` filesets are based on Elasticsearch ingest pipelines and +make extensive use of script processors and painless conditions. This can cause +the pipelines to fail loading the first time the module is used, due to exceeding +the maximum script compilation limits. It is recommended to tune the following +parameters on your Elasticsearch cluster: + +- {ref}/circuit-breaker.html#script-compilation-circuit-breaker[script.max_compilations_rate]: + Increase to at least `100/5m`. + +- {ref}/modules-scripting-using.html#modules-scripting-using-caching[script.cache.max_size]: + Increase to at least `200` if using both filesets or other script-heavy modules. + +[float] +=== Example dashboard + +This module comes with a sample dashboard for ASA: + +[role="screenshot"] +image::./images/kibana-cisco-asa.png[] + +:modulename!: diff --git a/filebeat/module/cisco/_meta/fields.yml b/filebeat/module/cisco/_meta/fields.yml new file mode 100644 index 00000000000..8209de0cd6f --- /dev/null +++ b/filebeat/module/cisco/_meta/fields.yml @@ -0,0 +1,10 @@ +- key: cisco + title: Cisco + description: > + Module for handling Cisco network device logs. + fields: + - name: cisco + type: group + description: > + Fields from Cisco logs. + fields: diff --git a/filebeat/module/cisco/_meta/kibana/7/dashboard/Filebeat-Cisco-ASA.json b/filebeat/module/cisco/_meta/kibana/7/dashboard/Filebeat-Cisco-ASA.json new file mode 100644 index 00000000000..7a585fbf501 --- /dev/null +++ b/filebeat/module/cisco/_meta/kibana/7/dashboard/Filebeat-Cisco-ASA.json @@ -0,0 +1,1045 @@ +{ + "objects": [ + { + "attributes": { + "description": "Sample dashboard for Cisco ASA Firewall devices", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "1", + "w": 12, + "x": 12, + "y": 15 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Destination Port and Transport", + "version": "7.0.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "2", + "w": 12, + "x": 0, + "y": 15 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Source Port and Transport", + "version": "7.0.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "ASA Firewall Events Over Time", + "version": "7.0.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "4", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "ASA Flows by Network Bytes", + "version": "7.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "5", + "w": 12, + "x": 24, + "y": 15 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "Blocked by Source", + "version": "7.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "8", + "w": 12, + "x": 36, + "y": 15 + }, + "panelIndex": "8", + "panelRefName": "panel_5", + "title": "Top ACL by Blocked", + "version": "7.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "9", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "9", + "panelRefName": "panel_6", + "version": "7.0.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Filebeat Cisco] ASA Firewall", + "version": 1 + }, + "id": "a555b160-4987-11e9-b8ce-ed898b5ef295", + "migrationVersion": { + "dashboard": "7.0.0" + }, + "references": [ + { + "id": "118da960-4987-11e9-b8ce-ed898b5ef295", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "5d0322d0-4987-11e9-b8ce-ed898b5ef295", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "a3b5ab10-4989-11e9-b8ce-ed898b5ef295", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "80d0c1b0-498a-11e9-b8ce-ed898b5ef295", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "d05cdf60-498b-11e9-b8ce-ed898b5ef295", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "08ef4d90-499b-11e9-b8ce-ed898b5ef295", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "fd89b1e0-49a2-11e9-b8ce-ed898b5ef295", + "name": "panel_6", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2019-03-18T18:39:06.844Z", + "version": "WzI2MiwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Destination Port and Transport [Filebeat Cisco]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Destination Port and Transport [Filebeat Cisco]", + "type": "pie" + } + }, + "id": "118da960-4987-11e9-b8ce-ed898b5ef295", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [ + { + "id": "753406e0-4986-11e9-b8ce-ed898b5ef295", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-03-18T14:07:22.932Z", + "version": "WzI0NiwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Source Port and Transport [Filebeat Cisco]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "source.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Source Port and Transport [Filebeat Cisco]", + "type": "pie" + } + }, + "id": "5d0322d0-4987-11e9-b8ce-ed898b5ef295", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [ + { + "id": "753406e0-4986-11e9-b8ce-ed898b5ef295", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-03-18T14:08:54.141Z", + "version": "WzI0NywxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "ASA Events Over Time [Filebeat Cisco]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customInterval": "2h", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-15y", + "to": "now+1y" + }, + "time_zone": "Europe/Madrid", + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "ASA Events Over Time [Filebeat Cisco]", + "type": "histogram" + } + }, + "id": "a3b5ab10-4989-11e9-b8ce-ed898b5ef295", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [ + { + "id": "96c6ff60-4986-11e9-b8ce-ed898b5ef295", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-03-18T14:27:16.950Z", + "version": "WzI1MSwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "ASA Flows by Network Bytes [Filebeat Cisco]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-15y", + "to": "now+1y" + }, + "time_zone": "Europe/Madrid", + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Total bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "3", + "label": "Total bytes" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Total bytes" + }, + "type": "value" + } + ] + }, + "title": "ASA Flows by Network Bytes [Filebeat Cisco]", + "type": "histogram" + } + }, + "id": "80d0c1b0-498a-11e9-b8ce-ed898b5ef295", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [ + { + "id": "753406e0-4986-11e9-b8ce-ed898b5ef295", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-03-18T14:31:22.699Z", + "version": "WzI1MiwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "ASA Firewall Blocked by Source [Filebeat Cisco]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "ASA Firewall Blocked by Source [Filebeat Cisco]", + "type": "table" + } + }, + "id": "d05cdf60-498b-11e9-b8ce-ed898b5ef295", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [ + { + "id": "96c6ff60-4986-11e9-b8ce-ed898b5ef295", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-03-18T14:42:05.159Z", + "version": "WzI1NCwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "event.outcome:\"deny\"" + } + } + }, + "savedSearchRefName": "search_0", + "title": "ASA Top ACL by Blocked [Filebeat Cisco]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "ACL ID", + "field": "cisco.asa.rule_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "ASA Top ACL by Blocked [Filebeat Cisco]", + "type": "table" + } + }, + "id": "08ef4d90-499b-11e9-b8ce-ed898b5ef295", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [ + { + "id": "96c6ff60-4986-11e9-b8ce-ed898b5ef295", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-03-18T16:29:43.017Z", + "version": "WzI1NywxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top ASA Messages [Filebeat Cisco]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": 1, + "direction": "desc" + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "ID", + "field": "cisco.asa.message_id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "aggregate": "concat", + "customLabel": "Severity", + "field": "log.level", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + }, + { + "enabled": true, + "id": "1", + "params": { + "aggregate": "concat", + "customLabel": "Sample message", + "field": "event.original", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top ASA Messages [Filebeat Cisco]", + "type": "table" + } + }, + "id": "fd89b1e0-49a2-11e9-b8ce-ed898b5ef295", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [ + { + "id": "14fce5e0-498f-11e9-b8ce-ed898b5ef295", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-03-18T17:26:39.870Z", + "version": "WzI1OSwxXQ==" + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "cisco.asa.message_id:* and event.action:\"flow-expiration\"" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "ASA Firewall flows [Filebeat Cisco]", + "version": 1 + }, + "id": "753406e0-4986-11e9-b8ce-ed898b5ef295", + "migrationVersion": { + "search": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2019-03-18T14:02:44.176Z", + "version": "WzI0MywxXQ==" + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "cisco.asa.message_id:* and event.action:\"firewall-rule\"" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "ASA Firewall Events [Filebeat Cisco]", + "version": 1 + }, + "id": "96c6ff60-4986-11e9-b8ce-ed898b5ef295", + "migrationVersion": { + "search": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2019-03-18T14:03:21.558Z", + "version": "WzI0NCwxXQ==" + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "cisco.asa.message_id :*" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "All ASA Logs [Filebeat Cisco]", + "version": 1 + }, + "id": "14fce5e0-498f-11e9-b8ce-ed898b5ef295", + "migrationVersion": { + "search": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2019-03-18T15:04:09.277Z", + "version": "WzI1NiwxXQ==" + } + ], + "version": "7.0.0-SNAPSHOT" +} diff --git a/filebeat/module/cisco/asa/_meta/fields.yml b/filebeat/module/cisco/asa/_meta/fields.yml new file mode 100644 index 00000000000..2cf9a5a5afd --- /dev/null +++ b/filebeat/module/cisco/asa/_meta/fields.yml @@ -0,0 +1,99 @@ +- name: asa + type: group + description: > + Fields for Cisco ASA Firewall. + fields: + - name: message_id + type: keyword + description: > + The Cisco ASA message identifier. + + - name: suffix + type: keyword + example: session + description: > + Optional suffix after %ASA identifier. + + - name: source_interface + type: keyword + description: > + Source interface for the flow or event. + + - name: destination_interface + type: keyword + description: > + Destination interface for the flow or event. + + - name: rule_name + type: keyword + description: > + Name of the Access Control List rule that matched this event. + + - name: source_username + type: keyword + description: > + Name of the user that is the source for this event. + + - name: destination_username + type: keyword + description: > + Name of the user that is the destination for this event. + + - name: mapped_source_ip + type: ip + description: > + The translated source IP address. + + - name: mapped_source_port + type: long + description: > + The translated source port. + + - name: mapped_destination_ip + type: ip + description: > + The translated destination IP address. + + - name: mapped_destination_port + type: long + description: > + The translated destination port. + + - name: threat_level + type: keyword + description: > + Threat level for malware / botnet traffic. One of very-low, low, + moderate, high or very-high. + + - name: threat_category + type: keyword + description: > + Category for the malware / botnet traffic. For example: virus, botnet, + trojan, etc. + + - name: connection_id + type: keyword + description: > + Unique identifier for a flow. + + - name: icmp_type + type: short + description: > + ICMP type. + + - name: icmp_code + type: short + description: > + ICMP code. + + - name: connection_type + type: keyword + default_field: false + description: > + The VPN connection type + + - name: dap_records + default_field: false + type: keyword + description: > + The assigned DAP records diff --git a/filebeat/module/cisco/asa/config/input.yml b/filebeat/module/cisco/asa/config/input.yml new file mode 100644 index 00000000000..68e985ae544 --- /dev/null +++ b/filebeat/module/cisco/asa/config/input.yml @@ -0,0 +1,21 @@ +{{ if eq .input "syslog" }} + +type: udp +udp: +host: "{{.syslog_host}}:{{.syslog_port}}" + +{{ else if eq .input "file" }} + +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] + +{{ end }} + +tags: {{.tags}} + +processors: + - add_locale: ~ diff --git a/filebeat/module/cisco/asa/manifest.yml b/filebeat/module/cisco/asa/manifest.yml new file mode 100644 index 00000000000..9a87696d023 --- /dev/null +++ b/filebeat/module/cisco/asa/manifest.yml @@ -0,0 +1,33 @@ +module_version: "1.0" + +var: + - name: paths + default: + - /var/log/cisco-asa.log + - name: tags + default: [cisco-asa] + - name: syslog_host + default: localhost + - name: syslog_port + default: 9001 + - name: input + default: syslog + - name: log_level + default: 7 + # if ES < 6.1.0, this flag switches to false automatically when evaluating the + # pipeline + min_elasticsearch_version: + version: 6.1.0 + value: false + # These flags are used internally by the shared pipeline + - name: internal_prefix + default: asa + - name: internal_PREFIX + default: ASA + +ingest_pipeline: ../shared/ingest/asa-ftd-pipeline.yml +input: config/input.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/filebeat/module/cisco/asa/test/asa-fix.log b/filebeat/module/cisco/asa/test/asa-fix.log new file mode 100644 index 00000000000..00819e8eec1 --- /dev/null +++ b/filebeat/module/cisco/asa/test/asa-fix.log @@ -0,0 +1,5 @@ +Apr 17 2020 14:08:08 SNL-ASA-VPN-A01 : %ASA-6-302016: Teardown UDP connection 110577675 for Outside:10.123.123.123/53723(LOCAL\Elastic) to Inside:10.233.123.123/53 duration 0:00:00 bytes 148 (zzzzzz) +Apr 17 2020 14:00:31 SNL-ASA-VPN-A01 : %ASA-4-106023: Deny icmp src Inside:10.123.123.123 dst Outside:10.123.123.123 (type 11, code 0) by access-group "Inside_access_in" [0x0, 0x0] +Apr 15 2013 09:36:50: %ASA-4-106023: Deny tcp src dmz:10.123.123.123/6316 dst outside:10.123.123.123/53 type 3, code 0, by access-group "acl_dmz" [0xe3afb522, 0x0] +Apr 17 2020 14:16:20 SNL-ASA-VPN-A01 : %ASA-4-106023: Deny udp src Inside:10.123.123.123/57621(LOCAL\Elastic) dst Outside:10.123.123.123/57621 by access-group "Inside_access_in" [0x0, 0x0] +Apr 17 2020 14:15:07 SNL-ASA-VPN-A01 : %ASA-2-106017: Deny IP due to Land Attack from 10.123.123.123 to 10.123.123.123 diff --git a/filebeat/module/cisco/asa/test/asa-fix.log-expected.json b/filebeat/module/cisco/asa/test/asa-fix.log-expected.json new file mode 100644 index 00000000000..de470786f66 --- /dev/null +++ b/filebeat/module/cisco/asa/test/asa-fix.log-expected.json @@ -0,0 +1,152 @@ +[ + { + "cisco.asa.connection_id": "110577675", + "cisco.asa.destination_interface": "Inside", + "cisco.asa.message_id": "302016", + "cisco.asa.source_interface": "Outside", + "cisco.asa.source_username": "(LOCAL\\Elastic)", + "destination.address": "10.233.123.123", + "destination.ip": "10.233.123.123", + "destination.port": 53, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.asa", + "event.duration": 0, + "event.end": "2020-04-17T14:08:08.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 110577675 for Outside:10.123.123.123/53723(LOCAL\\Elastic) to Inside:10.233.123.123/53 duration 0:00:00 bytes 148 (zzzzzz)", + "event.severity": 6, + "event.start": "2020-04-17T16:08:08.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "SNL-ASA-VPN-A01", + "input.type": "log", + "log.level": "informational", + "log.offset": 0, + "network.bytes": 148, + "network.iana_number": 17, + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.123.123.123", + "source.ip": "10.123.123.123", + "source.port": 53723, + "tags": [ + "cisco-asa" + ] + }, + { + "cisco.asa.destination_interface": "Outside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "Inside_access_in", + "cisco.asa.source_interface": "Inside", + "destination.address": "10.123.123.123", + "destination.ip": "10.123.123.123", + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny icmp src Inside:10.123.123.123 dst Outside:10.123.123.123 (type 11, code 0) by access-group \"Inside_access_in\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "SNL-ASA-VPN-A01", + "input.type": "log", + "log.level": "warning", + "log.offset": 200, + "network.iana_number": 1, + "network.transport": "icmp", + "service.type": "cisco", + "source.address": "10.123.123.123", + "source.ip": "10.123.123.123", + "tags": [ + "cisco-asa" + ] + }, + { + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "acl_dmz", + "cisco.asa.source_interface": "dmz", + "destination.address": "10.123.123.123", + "destination.ip": "10.123.123.123", + "destination.port": 53, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src dmz:10.123.123.123/6316 dst outside:10.123.123.123/53 type 3, code 0, by access-group \"acl_dmz\" [0xe3afb522, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.level": "warning", + "log.offset": 381, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.123.123.123", + "source.ip": "10.123.123.123", + "source.port": 6316, + "tags": [ + "cisco-asa" + ] + }, + { + "cisco.asa.destination_interface": "Outside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "Inside_access_in", + "cisco.asa.source_interface": "Inside", + "cisco.asa.source_username": "(LOCAL\\Elastic)", + "destination.address": "10.123.123.123", + "destination.ip": "10.123.123.123", + "destination.port": 57621, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny udp src Inside:10.123.123.123/57621(LOCAL\\Elastic) dst Outside:10.123.123.123/57621 by access-group \"Inside_access_in\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "SNL-ASA-VPN-A01", + "input.type": "log", + "log.level": "warning", + "log.offset": 545, + "network.iana_number": 17, + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.123.123.123", + "source.ip": "10.123.123.123", + "source.port": 57621, + "tags": [ + "cisco-asa" + ] + }, + { + "cisco.asa.message_id": "106017", + "destination.address": "10.123.123.123", + "destination.ip": "10.123.123.123", + "event.action": "firewall-rule", + "event.code": 106017, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-2-106017: Deny IP due to Land Attack from 10.123.123.123 to 10.123.123.123", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "SNL-ASA-VPN-A01", + "input.type": "log", + "log.level": "critical", + "log.offset": 734, + "service.type": "cisco", + "source.address": "10.123.123.123", + "source.ip": "10.123.123.123", + "tags": [ + "cisco-asa" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/cisco/asa/test/asa.log b/filebeat/module/cisco/asa/test/asa.log new file mode 100644 index 00000000000..9f0a0b8b598 --- /dev/null +++ b/filebeat/module/cisco/asa/test/asa.log @@ -0,0 +1,268 @@ +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1772 to outside:100.66.98.44/8256 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11757 for outside:100.66.205.104/80 (100.66.205.104/80) to inside:172.31.98.44/1772 (172.31.98.44/1772) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11749 for outside:100.66.211.242/80 to inside:172.31.98.44/1758 duration 0:01:07 bytes 38110 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11748 for outside:100.66.211.242/80 to inside:172.31.98.44/1757 duration 0:01:07 bytes 44010 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11745 for outside:100.66.185.90/80 to inside:172.31.98.44/1755 duration 0:01:07 bytes 7652 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11744 for outside:100.66.185.90/80 to inside:172.31.98.44/1754 duration 0:01:07 bytes 7062 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11742 for outside:100.66.160.197/80 to inside:172.31.98.44/1752 duration 0:01:08 bytes 5738 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11738 for outside:100.66.205.14/80 to inside:172.31.98.44/1749 duration 0:01:08 bytes 4176 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11739 for outside:100.66.124.33/80 to inside:172.31.98.44/1750 duration 0:01:08 bytes 1715 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11731 for outside:100.66.35.9/80 to inside:172.31.98.44/1747 duration 0:01:09 bytes 45595 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11723 for outside:100.66.211.242/80 to inside:172.31.98.44/1742 duration 0:01:09 bytes 27359 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11715 for outside:100.66.218.21/80 to inside:172.31.98.44/1741 duration 0:01:09 bytes 4457 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11711 for outside:100.66.198.27/80 to inside:172.31.98.44/1739 duration 0:01:09 bytes 26709 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11712 for outside:100.66.198.27/80 to inside:172.31.98.44/1740 duration 0:01:09 bytes 22097 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11708 for outside:100.66.202.211/80 to inside:172.31.98.44/1738 duration 0:01:10 bytes 2209 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11746 for outside:100.66.124.15/80 to inside:172.31.98.44/1756 duration 0:01:07 bytes 10404 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11706 for outside:100.66.124.15/80 to inside:172.31.98.44/1737 duration 0:01:10 bytes 123694 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11702 for outside:100.66.209.247/80 to inside:172.31.98.44/1736 duration 0:01:11 bytes 35835 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11753 for outside:100.66.35.162/80 to inside:172.31.98.44/1765 duration 0:00:30 bytes 0 SYN Timeout +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic UDP translation from inside:172.31.98.44/56132 to outside:100.66.98.44/1188 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11758 for outside:100.66.80.32/53 (100.66.80.32/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11758 for outside:100.66.80.32/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 148 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11759 for outside:100.66.252.6/53 (100.66.252.6/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11759 for outside:100.66.252.6/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 164 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1773 to outside:100.66.98.44/8257 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11760 for outside:100.66.252.226/80 (100.66.252.226/80) to inside:172.31.98.44/1773 (172.31.98.44/1773) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1774 to outside:100.66.98.44/8258 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11761 for outside:100.66.252.226/80 (100.66.252.226/80) to inside:172.31.98.44/1774 (172.31.98.44/1774) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11762 for outside:100.66.238.126/53 (100.66.238.126/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11763 for outside:100.66.93.51/53 (100.66.93.51/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11762 for outside:100.66.238.126/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 111 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11763 for outside:100.66.93.51/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 237 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1775 to outside:100.66.98.44/8259 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11764 for outside:100.66.225.103/443 (100.66.225.103/443) to inside:172.31.98.44/1775 (172.31.98.44/1775) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic UDP translation from inside:172.31.98.44/56132 to outside:100.66.98.44/1189 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11772 for outside:100.66.240.126/53 (100.66.240.126/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11773 for outside:100.66.44.45/53 (100.66.44.45/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11772 for outside:100.66.240.126/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 87 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11773 for outside:100.66.44.45/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 221 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1452 to outside:100.66.98.44/8265 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11774 for outside:100.66.179.219/80 (100.66.179.219/80) to inside:172.31.98.44/1452 (172.31.98.44/1452) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11775 for outside:100.66.157.232/53 (100.66.157.232/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11776 for outside:100.66.178.133/53 (100.66.178.133/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11775 for outside:100.66.157.232/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 101 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11776 for outside:100.66.178.133/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 126 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1453 to outside:100.66.98.44/8266 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11777 for outside:100.66.133.112/80 (100.66.133.112/80) to inside:172.31.98.44/1453 (172.31.98.44/1453) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11777 for outside:100.66.133.112/80 to inside:172.31.98.44/1453 duration 0:00:00 bytes 862 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11779 for outside:100.66.204.197/53 (100.66.204.197/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11778 for outside:100.66.157.232/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11779 for outside:100.66.204.197/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 176 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1454 to outside:100.66.98.44/8267 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11780 for outside:100.66.128.3/80 (100.66.128.3/80) to inside:172.31.98.44/1454 (172.31.98.44/1454) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1455 to outside:100.66.98.44/8268 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11781 for outside:100.66.128.3/80 (100.66.128.3/80) to inside:172.31.98.44/1455 (172.31.98.44/1455) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1456 to outside:100.66.98.44/8269 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11782 for outside:100.66.128.3/80 (100.66.128.3/80) to inside:172.31.98.44/1456 (172.31.98.44/1456) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11783 for outside:100.66.100.4/53 (100.66.100.4/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11783 for outside:100.66.100.4/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1457 to outside:100.66.98.44/8270 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11784 for outside:100.66.198.40/80 (100.66.198.40/80) to inside:172.31.98.44/1457 (172.31.98.44/1457) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1458 to outside:100.66.98.44/8271 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11785 for outside:100.66.198.40/80 (100.66.198.40/80) to inside:172.31.98.44/1458 (172.31.98.44/1458) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11786 for outside:100.66.1.107/53 (100.66.1.107/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11784 for outside:100.66.198.40/80 to inside:172.31.98.44/1457 duration 0:00:00 bytes 593 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1459 to outside:100.66.98.44/8272 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11787 for outside:100.66.198.40/80 (100.66.198.40/80) to inside:172.31.98.44/1459 (172.31.98.44/1459) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11786 for outside:100.66.1.107/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 375 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1460 to outside:100.66.98.44/8273 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11788 for outside:100.66.192.44/80 (100.66.192.44/80) to inside:172.31.98.44/1460 (172.31.98.44/1460) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1454 to outside:100.66.98.44/8267 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.156.80/1385 to outside:100.66.98.44/8277 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11797 for outside:100.66.19.254/80 (100.66.19.254/80) to inside:172.31.156.80/1385 (172.31.156.80/1385) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1455 to outside:100.66.98.44/8268 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1456 to outside:100.66.98.44/8269 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1457 to outside:100.66.98.44/8270 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1458 to outside:100.66.98.44/8271 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1459 to outside:100.66.98.44/8272 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1460 to outside:100.66.98.44/8273 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11564 for outside:100.66.115.46/80 to inside:172.31.156.80/1382 duration 0:05:25 bytes 575 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11797 for outside:100.66.19.254/80 to inside:172.31.156.80/1385 duration 0:00:00 bytes 5391 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.156.80/1386 to outside:100.66.98.44/8278 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11798 for outside:100.66.115.46/80 (100.66.115.46/80) to inside:172.31.156.80/1386 (172.31.156.80/1386) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1275 to outside:100.66.98.44/8279 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11799 for outside:100.66.205.99/80 (100.66.205.99/80) to inside:172.31.98.44/1275 (172.31.98.44/1275) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic UDP translation from inside:172.31.98.44/56132 to outside:100.66.98.44/1190 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11800 for outside:100.66.14.30/53 (100.66.14.30/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11800 for outside:100.66.14.30/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 373 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11801 for outside:100.66.252.210/53 (100.66.252.210/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11801 for outside:100.66.252.210/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 207 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1276 to outside:100.66.98.44/8280 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11802 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1276 (172.31.98.44/1276) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1277 to outside:100.66.98.44/8281 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11803 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1277 (172.31.98.44/1277) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11802 for outside:100.66.98.165/80 to inside:172.31.98.44/1276 duration 0:00:00 bytes 12853 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1278 to outside:100.66.98.44/8282 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11804 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1278 (172.31.98.44/1278) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11803 for outside:100.66.98.165/80 to inside:172.31.98.44/1277 duration 0:00:00 bytes 5291 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1279 to outside:100.66.98.44/8283 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11805 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1279 (172.31.98.44/1279) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11804 for outside:100.66.98.165/80 to inside:172.31.98.44/1278 duration 0:00:00 bytes 965 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11805 for outside:100.66.98.165/80 to inside:172.31.98.44/1279 duration 0:00:00 bytes 8605 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1280 to outside:100.66.98.44/8284 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11806 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1280 (172.31.98.44/1280) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11806 for outside:100.66.98.165/80 to inside:172.31.98.44/1280 duration 0:00:00 bytes 3428 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1281 to outside:100.66.98.44/8285 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11807 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1281 (172.31.98.44/1281) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1282 to outside:100.66.98.44/8286 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11808 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1282 (172.31.98.44/1282) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1283 to outside:100.66.98.44/8287 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11809 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1283 (172.31.98.44/1283) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1284 to outside:100.66.98.44/8288 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11810 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1284 (172.31.98.44/1284) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11807 for outside:100.66.98.165/80 to inside:172.31.98.44/1281 duration 0:00:00 bytes 2028 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11808 for outside:100.66.98.165/80 to inside:172.31.98.44/1282 duration 0:00:00 bytes 1085 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11809 for outside:100.66.98.165/80 to inside:172.31.98.44/1283 duration 0:00:00 bytes 868 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1285 to outside:100.66.98.44/8289 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11811 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1285 (172.31.98.44/1285) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1286 to outside:100.66.98.44/8290 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11812 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1286 (172.31.98.44/1286) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11810 for outside:100.66.98.165/80 to inside:172.31.98.44/1284 duration 0:00:00 bytes 4439 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1287 to outside:100.66.98.44/8291 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11813 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1287 (172.31.98.44/1287) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11811 for outside:100.66.98.165/80 to inside:172.31.98.44/1285 duration 0:00:00 bytes 914 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11812 for outside:100.66.98.165/80 to inside:172.31.98.44/1286 duration 0:00:00 bytes 871 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11814 for outside:100.66.100.107/53 (100.66.100.107/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1288 to outside:100.66.98.44/8292 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11815 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1288 (172.31.98.44/1288) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11814 for outside:100.66.100.107/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 384 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11816 for outside:100.66.104.8/53 (100.66.104.8/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11816 for outside:100.66.104.8/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 94 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1289 to outside:100.66.98.44/8293 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11817 for outside:100.66.123.191/80 (100.66.123.191/80) to inside:172.31.98.44/1289 (172.31.98.44/1289) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11815 for outside:100.66.98.165/80 to inside:172.31.98.44/1288 duration 0:00:00 bytes 945 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11813 for outside:100.66.98.165/80 to inside:172.31.98.44/1287 duration 0:00:00 bytes 13284 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11818 for outside:100.66.100.4/53 (100.66.100.4/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11818 for outside:100.66.100.4/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1290 to outside:100.66.98.44/8294 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11819 for outside:100.66.198.25/80 (100.66.198.25/80) to inside:172.31.98.44/1290 (172.31.98.44/1290) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 9828 for outside:100.66.48.1/67 to NP Identity Ifc:255.255.255.255/68 duration 0:58:46 bytes 58512 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1272 to outside:100.66.98.44/8276 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11820 for outside:100.66.3.39/53 (100.66.3.39/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11821 for outside:100.66.162.30/53 (100.66.162.30/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11820 for outside:100.66.3.39/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 168 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11822 for outside:100.66.3.39/53 (100.66.3.39/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11821 for outside:100.66.162.30/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 198 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11822 for outside:100.66.3.39/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 150 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11823 for outside:100.66.48.186/53 (100.66.48.186/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11823 for outside:100.66.48.186/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 84 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1291 to outside:100.66.98.44/8295 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11824 for outside:100.66.54.190/80 (100.66.54.190/80) to inside:172.31.98.44/1291 (172.31.98.44/1291) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11825 for outside:100.66.254.94/53 (100.66.254.94/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11825 for outside:100.66.254.94/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 188 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1292 to outside:100.66.98.44/8296 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11826 for outside:100.66.54.190/80 (100.66.54.190/80) to inside:172.31.98.44/1292 (172.31.98.44/1292) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1293 to outside:100.66.98.44/8297 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11827 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1293 (172.31.98.44/1293) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1294 to outside:100.66.98.44/8298 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11828 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1294 (172.31.98.44/1294) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11827 for outside:100.66.98.165/80 to inside:172.31.98.44/1293 duration 0:00:00 bytes 5964 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1295 to outside:100.66.98.44/8299 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11829 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1295 (172.31.98.44/1295) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1296 to outside:100.66.98.44/8300 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11830 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1296 (172.31.98.44/1296) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11828 for outside:100.66.98.165/80 to inside:172.31.98.44/1294 duration 0:00:00 bytes 6694 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11829 for outside:100.66.98.165/80 to inside:172.31.98.44/1295 duration 0:00:00 bytes 1493 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11830 for outside:100.66.98.165/80 to inside:172.31.98.44/1296 duration 0:00:00 bytes 893 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1297 to outside:100.66.98.44/8301 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11831 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1297 (172.31.98.44/1297) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1298 to outside:100.66.98.44/8302 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11832 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1298 (172.31.98.44/1298) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11833 for outside:100.66.179.9/53 (100.66.179.9/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11833 for outside:100.66.179.9/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 150 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11831 for outside:100.66.98.165/80 to inside:172.31.98.44/1297 duration 0:00:00 bytes 2750 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1299 to outside:100.66.98.44/8303 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11834 for outside:100.66.247.99/80 (100.66.247.99/80) to inside:172.31.98.44/1299 (172.31.98.44/1299) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1300 to outside:100.66.98.44/8304 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11835 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1300 (172.31.98.44/1300) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11832 for outside:100.66.98.165/80 to inside:172.31.98.44/1298 duration 0:00:00 bytes 881 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11835 for outside:100.66.98.165/80 to inside:172.31.98.44/1300 duration 0:00:00 bytes 2202 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1301 to outside:100.66.98.44/8305 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11836 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1301 (172.31.98.44/1301) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1302 to outside:100.66.98.44/8306 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11837 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1302 (172.31.98.44/1302) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1276 to outside:100.66.98.44/8280 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1277 to outside:100.66.98.44/8281 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1278 to outside:100.66.98.44/8282 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1279 to outside:100.66.98.44/8283 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1280 to outside:100.66.98.44/8284 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1281 to outside:100.66.98.44/8285 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1282 to outside:100.66.98.44/8286 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1283 to outside:100.66.98.44/8287 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1284 to outside:100.66.98.44/8288 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1285 to outside:100.66.98.44/8289 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1286 to outside:100.66.98.44/8290 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1287 to outside:100.66.98.44/8291 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1288 to outside:100.66.98.44/8292 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1293 to outside:100.66.98.44/8297 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1294 to outside:100.66.98.44/8298 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1304 to outside:100.66.98.44/8308 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11840 for outside:100.66.205.99/80 (100.66.205.99/80) to inside:172.31.98.44/1304 (172.31.98.44/1304) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1295 to outside:100.66.98.44/8299 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1296 to outside:100.66.98.44/8300 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11841 for outside:100.66.0.124/53 (100.66.0.124/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11842 for outside:100.66.160.2/53 (100.66.160.2/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11841 for outside:100.66.0.124/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 318 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11842 for outside:100.66.160.2/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1305 to outside:100.66.98.44/8309 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11843 for outside:100.66.124.24/80 (100.66.124.24/80) to inside:172.31.98.44/1305 (172.31.98.44/1305) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1297 to outside:100.66.98.44/8301 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1298 to outside:100.66.98.44/8302 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1299 to outside:100.66.98.44/8303 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1300 to outside:100.66.98.44/8304 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1301 to outside:100.66.98.44/8305 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1302 to outside:100.66.98.44/8306 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1303 to outside:100.66.98.44/8307 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11843 for outside:100.66.124.24/80 to inside:172.31.98.44/1305 duration 0:00:04 bytes 410333 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1306 to outside:100.66.98.44/8310 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11844 for outside:100.66.124.24/80 (100.66.124.24/80) to inside:172.31.98.44/1306 (172.31.98.44/1306) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] diff --git a/filebeat/module/cisco/asa/test/asa.log-expected.json b/filebeat/module/cisco/asa/test/asa.log-expected.json new file mode 100644 index 00000000000..bfd7eadebf8 --- /dev/null +++ b/filebeat/module/cisco/asa/test/asa.log-expected.json @@ -0,0 +1,2953 @@ +[ + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1772 to outside:100.66.98.44/8256", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 0, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11757 for outside:100.66.205.104/80 (100.66.205.104/80) to inside:172.31.98.44/1772 (172.31.98.44/1772)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 150, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11749", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1758, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 67000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11749 for outside:100.66.211.242/80 to inside:172.31.98.44/1758 duration 0:01:07 bytes 38110 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:49.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 345, + "network.bytes": 38110, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.211.242", + "source.ip": "100.66.211.242", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11748", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1757, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 67000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11748 for outside:100.66.211.242/80 to inside:172.31.98.44/1757 duration 0:01:07 bytes 44010 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:49.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 535, + "network.bytes": 44010, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.211.242", + "source.ip": "100.66.211.242", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11745", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1755, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 67000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11745 for outside:100.66.185.90/80 to inside:172.31.98.44/1755 duration 0:01:07 bytes 7652 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:49.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 725, + "network.bytes": 7652, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.185.90", + "source.ip": "100.66.185.90", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11744", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1754, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 67000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11744 for outside:100.66.185.90/80 to inside:172.31.98.44/1754 duration 0:01:07 bytes 7062 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:49.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 913, + "network.bytes": 7062, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.185.90", + "source.ip": "100.66.185.90", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11742", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1752, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 68000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11742 for outside:100.66.160.197/80 to inside:172.31.98.44/1752 duration 0:01:08 bytes 5738 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:48.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 1101, + "network.bytes": 5738, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.160.197", + "source.ip": "100.66.160.197", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11738", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1749, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 68000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11738 for outside:100.66.205.14/80 to inside:172.31.98.44/1749 duration 0:01:08 bytes 4176 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:48.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 1290, + "network.bytes": 4176, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.205.14", + "source.ip": "100.66.205.14", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11739", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1750, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 68000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11739 for outside:100.66.124.33/80 to inside:172.31.98.44/1750 duration 0:01:08 bytes 1715 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:48.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 1478, + "network.bytes": 1715, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.124.33", + "source.ip": "100.66.124.33", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11731", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1747, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 69000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11731 for outside:100.66.35.9/80 to inside:172.31.98.44/1747 duration 0:01:09 bytes 45595 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:47.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 1666, + "network.bytes": 45595, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.35.9", + "source.ip": "100.66.35.9", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11723", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1742, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 69000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11723 for outside:100.66.211.242/80 to inside:172.31.98.44/1742 duration 0:01:09 bytes 27359 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:47.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 1853, + "network.bytes": 27359, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.211.242", + "source.ip": "100.66.211.242", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11715", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1741, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 69000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11715 for outside:100.66.218.21/80 to inside:172.31.98.44/1741 duration 0:01:09 bytes 4457 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:47.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 2043, + "network.bytes": 4457, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.218.21", + "source.ip": "100.66.218.21", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11711", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1739, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 69000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11711 for outside:100.66.198.27/80 to inside:172.31.98.44/1739 duration 0:01:09 bytes 26709 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:47.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 2231, + "network.bytes": 26709, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.198.27", + "source.ip": "100.66.198.27", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11712", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1740, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 69000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11712 for outside:100.66.198.27/80 to inside:172.31.98.44/1740 duration 0:01:09 bytes 22097 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:47.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 2420, + "network.bytes": 22097, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.198.27", + "source.ip": "100.66.198.27", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11708", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1738, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 70000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11708 for outside:100.66.202.211/80 to inside:172.31.98.44/1738 duration 0:01:10 bytes 2209 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:46.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 2609, + "network.bytes": 2209, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.202.211", + "source.ip": "100.66.202.211", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11746", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1756, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 67000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11746 for outside:100.66.124.15/80 to inside:172.31.98.44/1756 duration 0:01:07 bytes 10404 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:49.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 2798, + "network.bytes": 10404, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.124.15", + "source.ip": "100.66.124.15", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11706", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1737, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 70000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11706 for outside:100.66.124.15/80 to inside:172.31.98.44/1737 duration 0:01:10 bytes 123694 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:46.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 2987, + "network.bytes": 123694, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.124.15", + "source.ip": "100.66.124.15", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11702", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1736, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 71000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11702 for outside:100.66.209.247/80 to inside:172.31.98.44/1736 duration 0:01:11 bytes 35835 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:45.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 3177, + "network.bytes": 35835, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.209.247", + "source.ip": "100.66.209.247", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11753", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1765, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 30000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11753 for outside:100.66.35.162/80 to inside:172.31.98.44/1765 duration 0:00:30 bytes 0 SYN Timeout", + "event.severity": 6, + "event.start": "2018-10-10T14:34:26.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 3367, + "network.bytes": 0, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.35.162", + "source.ip": "100.66.35.162", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic UDP translation from inside:172.31.98.44/56132 to outside:100.66.98.44/1188", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 3552, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11758 for outside:100.66.80.32/53 (100.66.80.32/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 3703, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11758", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302016", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.asa", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11758 for outside:100.66.80.32/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 148", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 3896, + "network.bytes": 148, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.80.32", + "source.ip": "100.66.80.32", + "source.port": 53, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11759 for outside:100.66.252.6/53 (100.66.252.6/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 4071, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11759", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302016", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.asa", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11759 for outside:100.66.252.6/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 164", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 4264, + "network.bytes": 164, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.252.6", + "source.ip": "100.66.252.6", + "source.port": 53, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1773 to outside:100.66.98.44/8257", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 4439, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11760 for outside:100.66.252.226/80 (100.66.252.226/80) to inside:172.31.98.44/1773 (172.31.98.44/1773)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 4589, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1774 to outside:100.66.98.44/8258", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 4784, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11761 for outside:100.66.252.226/80 (100.66.252.226/80) to inside:172.31.98.44/1774 (172.31.98.44/1774)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 4934, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11762 for outside:100.66.238.126/53 (100.66.238.126/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 5129, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11763 for outside:100.66.93.51/53 (100.66.93.51/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 5326, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11762", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302016", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.asa", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11762 for outside:100.66.238.126/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 111", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 5519, + "network.bytes": 111, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.238.126", + "source.ip": "100.66.238.126", + "source.port": 53, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11763", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302016", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.asa", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11763 for outside:100.66.93.51/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 237", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 5696, + "network.bytes": 237, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.93.51", + "source.ip": "100.66.93.51", + "source.port": 53, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1775 to outside:100.66.98.44/8259", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 5871, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11764 for outside:100.66.225.103/443 (100.66.225.103/443) to inside:172.31.98.44/1775 (172.31.98.44/1775)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 6021, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic UDP translation from inside:172.31.98.44/56132 to outside:100.66.98.44/1189", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 6218, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11772 for outside:100.66.240.126/53 (100.66.240.126/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 6369, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11773 for outside:100.66.44.45/53 (100.66.44.45/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 6566, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11772", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302016", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.asa", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11772 for outside:100.66.240.126/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 87", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 6759, + "network.bytes": 87, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.240.126", + "source.ip": "100.66.240.126", + "source.port": 53, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11773", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302016", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.asa", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11773 for outside:100.66.44.45/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 221", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 6935, + "network.bytes": 221, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.44.45", + "source.ip": "100.66.44.45", + "source.port": 53, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1452 to outside:100.66.98.44/8265", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 7110, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11774 for outside:100.66.179.219/80 (100.66.179.219/80) to inside:172.31.98.44/1452 (172.31.98.44/1452)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 7260, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11775 for outside:100.66.157.232/53 (100.66.157.232/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 7455, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11776 for outside:100.66.178.133/53 (100.66.178.133/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 7652, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11775", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302016", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.asa", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11775 for outside:100.66.157.232/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 101", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 7849, + "network.bytes": 101, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.157.232", + "source.ip": "100.66.157.232", + "source.port": 53, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11776", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302016", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.asa", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11776 for outside:100.66.178.133/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 126", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 8026, + "network.bytes": 126, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.178.133", + "source.ip": "100.66.178.133", + "source.port": 53, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1453 to outside:100.66.98.44/8266", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 8203, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11777 for outside:100.66.133.112/80 (100.66.133.112/80) to inside:172.31.98.44/1453 (172.31.98.44/1453)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 8353, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11777", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1453, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11777 for outside:100.66.133.112/80 to inside:172.31.98.44/1453 duration 0:00:00 bytes 862 TCP FINs", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 8548, + "network.bytes": 862, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.133.112", + "source.ip": "100.66.133.112", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11779 for outside:100.66.204.197/53 (100.66.204.197/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 8733, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11778", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302016", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.asa", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11778 for outside:100.66.157.232/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 8930, + "network.bytes": 104, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.157.232", + "source.ip": "100.66.157.232", + "source.port": 53, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11779", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302016", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.asa", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11779 for outside:100.66.204.197/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 176", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 9107, + "network.bytes": 176, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.204.197", + "source.ip": "100.66.204.197", + "source.port": 53, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1454 to outside:100.66.98.44/8267", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 9284, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11780 for outside:100.66.128.3/80 (100.66.128.3/80) to inside:172.31.98.44/1454 (172.31.98.44/1454)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 9434, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1455 to outside:100.66.98.44/8268", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 9625, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11781 for outside:100.66.128.3/80 (100.66.128.3/80) to inside:172.31.98.44/1455 (172.31.98.44/1455)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 9775, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1456 to outside:100.66.98.44/8269", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 9966, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11782 for outside:100.66.128.3/80 (100.66.128.3/80) to inside:172.31.98.44/1456 (172.31.98.44/1456)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 10116, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11783 for outside:100.66.100.4/53 (100.66.100.4/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 10307, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11783", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302016", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.asa", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11783 for outside:100.66.100.4/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 10500, + "network.bytes": 104, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.100.4", + "source.ip": "100.66.100.4", + "source.port": 53, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1457 to outside:100.66.98.44/8270", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 10675, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11784 for outside:100.66.198.40/80 (100.66.198.40/80) to inside:172.31.98.44/1457 (172.31.98.44/1457)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 10825, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1458 to outside:100.66.98.44/8271", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 11018, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11785 for outside:100.66.198.40/80 (100.66.198.40/80) to inside:172.31.98.44/1458 (172.31.98.44/1458)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 11168, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11786 for outside:100.66.1.107/53 (100.66.1.107/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 11361, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11784", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1457, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11784 for outside:100.66.198.40/80 to inside:172.31.98.44/1457 duration 0:00:00 bytes 593 TCP FINs", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 11554, + "network.bytes": 593, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.198.40", + "source.ip": "100.66.198.40", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1459 to outside:100.66.98.44/8272", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 11738, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11787 for outside:100.66.198.40/80 (100.66.198.40/80) to inside:172.31.98.44/1459 (172.31.98.44/1459)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 11888, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11786", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302016", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.asa", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11786 for outside:100.66.1.107/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 375", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 12081, + "network.bytes": 375, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.1.107", + "source.ip": "100.66.1.107", + "source.port": 53, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1460 to outside:100.66.98.44/8273", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 12256, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11788 for outside:100.66.192.44/80 (100.66.192.44/80) to inside:172.31.98.44/1460 (172.31.98.44/1460)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 12406, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305012", + "event.action": "firewall-rule", + "event.code": 305012, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1454 to outside:100.66.98.44/8267 duration 0:00:30", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 12599, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.156.80/1385 to outside:100.66.98.44/8277", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 12769, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11797 for outside:100.66.19.254/80 (100.66.19.254/80) to inside:172.31.156.80/1385 (172.31.156.80/1385)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 12920, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305012", + "event.action": "firewall-rule", + "event.code": 305012, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1455 to outside:100.66.98.44/8268 duration 0:00:30", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 13115, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305012", + "event.action": "firewall-rule", + "event.code": 305012, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1456 to outside:100.66.98.44/8269 duration 0:00:30", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 13285, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305012", + "event.action": "firewall-rule", + "event.code": 305012, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1457 to outside:100.66.98.44/8270 duration 0:00:30", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 13455, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305012", + "event.action": "firewall-rule", + "event.code": 305012, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1458 to outside:100.66.98.44/8271 duration 0:00:30", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 13625, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305012", + "event.action": "firewall-rule", + "event.code": 305012, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1459 to outside:100.66.98.44/8272 duration 0:00:30", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 13795, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305012", + "event.action": "firewall-rule", + "event.code": 305012, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1460 to outside:100.66.98.44/8273 duration 0:00:30", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 13965, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11564", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.156.80", + "destination.ip": "172.31.156.80", + "destination.port": 1382, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 325000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11564 for outside:100.66.115.46/80 to inside:172.31.156.80/1382 duration 0:05:25 bytes 575 TCP FINs", + "event.severity": 6, + "event.start": "2018-10-10T14:29:31.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 14135, + "network.bytes": 575, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.115.46", + "source.ip": "100.66.115.46", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.connection_id": "11797", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.156.80", + "destination.ip": "172.31.156.80", + "destination.port": 1385, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11797 for outside:100.66.19.254/80 to inside:172.31.156.80/1385 duration 0:00:00 bytes 5391 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 14320, + "network.bytes": 5391, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.156.80/1386 to outside:100.66.98.44/8278", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 14509, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11798 for outside:100.66.115.46/80 (100.66.115.46/80) to inside:172.31.156.80/1386 (172.31.156.80/1386)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 14660, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "inbound", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "warning", + "log.offset": 14855, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "inbound", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "warning", + "log.offset": 15020, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "inbound", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "warning", + "log.offset": 15185, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "inbound", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "warning", + "log.offset": 15350, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "inbound", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "warning", + "log.offset": 15515, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "inbound", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "warning", + "log.offset": 15680, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "inbound", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "warning", + "log.offset": 15845, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "inbound", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "warning", + "log.offset": 16010, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "inbound", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "warning", + "log.offset": 16175, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "inbound", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "warning", + "log.offset": 16340, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "inbound", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "warning", + "log.offset": 16505, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "inbound", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "warning", + "log.offset": 16670, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "inbound", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "warning", + "log.offset": 16835, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1275 to outside:100.66.98.44/8279", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 17000, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11799 for outside:100.66.205.99/80 (100.66.205.99/80) to inside:172.31.98.44/1275 (172.31.98.44/1275)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 17150, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic UDP translation from inside:172.31.98.44/56132 to outside:100.66.98.44/1190", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 17343, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11800 for outside:100.66.14.30/53 (100.66.14.30/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "asa.log", + "log.level": "informational", + "log.offset": 17494, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/cisco/asa/test/dap_records.log b/filebeat/module/cisco/asa/test/dap_records.log new file mode 100644 index 00000000000..a02a1136b19 --- /dev/null +++ b/filebeat/module/cisco/asa/test/dap_records.log @@ -0,0 +1 @@ +Feb 20 2020 16:11:11: %ASA-6-734001: DAP: User firsname.lastname@domain.net, Addr 1.2.3.4, Connection AnyConnect: The following DAP records were selected for this connection: dap_1, dap_2 diff --git a/filebeat/module/cisco/asa/test/dap_records.log-expected.json b/filebeat/module/cisco/asa/test/dap_records.log-expected.json new file mode 100644 index 00000000000..998044932f0 --- /dev/null +++ b/filebeat/module/cisco/asa/test/dap_records.log-expected.json @@ -0,0 +1,35 @@ +[ + { + "cisco.asa.connection_type": "AnyConnect", + "cisco.asa.dap_records": [ + "dap_1", + "dap_2" + ], + "cisco.asa.message_id": "734001", + "event.action": "firewall-rule", + "event.code": 734001, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-734001: DAP: User firsname.lastname@domain.net, Addr 1.2.3.4, Connection AnyConnect: The following DAP records were selected for this connection: dap_1, dap_2", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.level": "informational", + "log.offset": 0, + "service.type": "cisco", + "source.address": "1.2.3.4", + "source.geo.city_name": "Moscow", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "RU", + "source.geo.location.lat": 55.7527, + "source.geo.location.lon": 37.6172, + "source.geo.region_iso_code": "RU-MOW", + "source.geo.region_name": "Moscow", + "source.ip": "1.2.3.4", + "tags": [ + "cisco-asa" + ], + "user.email": "firsname.lastname@domain.net" + } +] \ No newline at end of file diff --git a/filebeat/module/cisco/asa/test/filtered.log b/filebeat/module/cisco/asa/test/filtered.log new file mode 100644 index 00000000000..65390a6f494 --- /dev/null +++ b/filebeat/module/cisco/asa/test/filtered.log @@ -0,0 +1,3 @@ +Jan 1 01:00:27 beats asa[1234]: %ASA-7-999999: This message is not filtered. +Jan 1 01:00:30 beats asa[1234]: %ASA-8-999999: This phony message is dropped due to log level. +Jan 1 01:02:12 beats asa[1234]: %ASA-2-106001: Inbound TCP connection denied from 10.13.12.11/45321 to 192.168.33.12/443 flags URG+SYN+RST on interface eth0 diff --git a/filebeat/module/cisco/asa/test/filtered.log-expected.json b/filebeat/module/cisco/asa/test/filtered.log-expected.json new file mode 100644 index 00000000000..dbf8c27dc95 --- /dev/null +++ b/filebeat/module/cisco/asa/test/filtered.log-expected.json @@ -0,0 +1,55 @@ +[ + { + "cisco.asa.message_id": "999999", + "event.action": "firewall-rule", + "event.code": 999999, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-7-999999: This message is not filtered.", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "beats", + "input.type": "log", + "log.level": "debug", + "log.offset": 0, + "process.name": "asa", + "process.pid": 1234, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "cisco.asa.message_id": "106001", + "cisco.asa.source_interface": "eth0", + "destination.address": "192.168.33.12", + "destination.ip": "192.168.33.12", + "destination.port": 443, + "event.action": "firewall-rule", + "event.code": 106001, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-2-106001: Inbound TCP connection denied from 10.13.12.11/45321 to 192.168.33.12/443 flags URG+SYN+RST on interface eth0", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "beats", + "input.type": "log", + "log.level": "critical", + "log.offset": 174, + "network.direction": "inbound", + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "asa", + "process.pid": 1234, + "service.type": "cisco", + "source.address": "10.13.12.11", + "source.ip": "10.13.12.11", + "source.port": 45321, + "tags": [ + "cisco-asa" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/cisco/asa/test/hostnames.log b/filebeat/module/cisco/asa/test/hostnames.log new file mode 100644 index 00000000000..531c241da79 --- /dev/null +++ b/filebeat/module/cisco/asa/test/hostnames.log @@ -0,0 +1,2 @@ +Oct 10 2019 10:21:36 localhost: %ASA-6-302021: Teardown ICMP connection for faddr target.destination.hostname.local/10005 gaddr 10.0.55.66/0 laddr Prod-host.name.addr/0 +Jun 04 2011 21:59:52 MYHOSTNAME : %ASA-6-302021: Teardown ICMP connection for faddr 192.0.2.15/0 gaddr 192.0.2.134/57808 laddr 192.0.2.134/57808 type 8 code 0 diff --git a/filebeat/module/cisco/asa/test/hostnames.log-expected.json b/filebeat/module/cisco/asa/test/hostnames.log-expected.json new file mode 100644 index 00000000000..10d495a94d6 --- /dev/null +++ b/filebeat/module/cisco/asa/test/hostnames.log-expected.json @@ -0,0 +1,58 @@ +[ + { + "@timestamp": "2019-10-10T10:21:36.000-02:00", + "cisco.asa.mapped_source_ip": "10.0.55.66", + "cisco.asa.message_id": "302021", + "destination.domain": "target.destination.hostname.local", + "event.action": "flow-expiration", + "event.code": 302021, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302021: Teardown ICMP connection for faddr target.destination.hostname.local/10005 gaddr 10.0.55.66/0 laddr Prod-host.name.addr/0", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "localhost", + "input.type": "log", + "log.file.path": "hostnames.log", + "log.level": "informational", + "log.offset": 0, + "network.iana_number": 1, + "network.transport": "icmp", + "service.type": "cisco", + "source.domain": "Prod-host.name.addr", + "source.nat.ip": "10.0.55.66", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2011-06-04T21:59:52.000-02:00", + "cisco.asa.mapped_source_ip": "192.0.2.134", + "cisco.asa.message_id": "302021", + "cisco.asa.source_username": "type", + "destination.address": "192.0.2.15", + "destination.ip": "192.0.2.15", + "event.action": "flow-expiration", + "event.code": 302021, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302021: Teardown ICMP connection for faddr 192.0.2.15/0 gaddr 192.0.2.134/57808 laddr 192.0.2.134/57808 type 8 code 0", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "MYHOSTNAME", + "input.type": "log", + "log.file.path": "hostnames.log", + "log.level": "informational", + "log.offset": 169, + "network.iana_number": 1, + "network.transport": "icmp", + "service.type": "cisco", + "source.address": "192.0.2.134", + "source.ip": "192.0.2.134", + "tags": [ + "cisco-asa" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/cisco/asa/test/not-ip.log b/filebeat/module/cisco/asa/test/not-ip.log new file mode 100644 index 00000000000..bf8f114e6c3 --- /dev/null +++ b/filebeat/module/cisco/asa/test/not-ip.log @@ -0,0 +1 @@ +<165>Oct 04 2019 15:27:55: %ASA-5-106100: access-list AL-DMZ-LB-IN denied tcp LB-DMZ/WHAT-IS-THIS-A-HOSTNAME-192.0.2.244(27218) -> OUTSIDE/203.0.113.42(53) hit-cnt 1 first hit [0x16847359, 0x00000000] diff --git a/filebeat/module/cisco/asa/test/not-ip.log-expected.json b/filebeat/module/cisco/asa/test/not-ip.log-expected.json new file mode 100644 index 00000000000..2d23dd21421 --- /dev/null +++ b/filebeat/module/cisco/asa/test/not-ip.log-expected.json @@ -0,0 +1,35 @@ +[ + { + "@timestamp": "2019-10-04T15:27:55.000-02:00", + "cisco.asa.destination_interface": "OUTSIDE", + "cisco.asa.message_id": "106100", + "cisco.asa.rule_name": "AL-DMZ-LB-IN", + "cisco.asa.source_interface": "LB-DMZ", + "destination.address": "203.0.113.42", + "destination.ip": "203.0.113.42", + "destination.port": 53, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-5-106100: access-list AL-DMZ-LB-IN denied tcp LB-DMZ/WHAT-IS-THIS-A-HOSTNAME-192.0.2.244(27218) -> OUTSIDE/203.0.113.42(53) hit-cnt 1 first hit [0x16847359, 0x00000000]", + "event.outcome": "deny", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "not-ip.log", + "log.level": "notification", + "log.offset": 0, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "WHAT-IS-THIS-A-HOSTNAME-192.0.2.244", + "source.domain": "WHAT-IS-THIS-A-HOSTNAME-192.0.2.244", + "source.port": 27218, + "syslog.facility": 165, + "tags": [ + "cisco-asa" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/cisco/asa/test/sample.log b/filebeat/module/cisco/asa/test/sample.log new file mode 100644 index 00000000000..d583acdc132 --- /dev/null +++ b/filebeat/module/cisco/asa/test/sample.log @@ -0,0 +1,72 @@ +Apr 15 2013 09:36:50: %ASA-4-106023: Deny tcp src dmz:10.1.2.30/63016 dst outside:192.0.0.8/53 by access-group "acl_dmz" [0xe3aab522, 0x0] +Apr 15 2013 09:36:50: %ASA-4-106023: Deny tcp src dmz:10.1.2.30/63016 dst outside:192.0.0.8/53 type 3, code 0, by access-group "acl_dmz" [0xe3aab522, 0x0] +Apr 15 2014 09:34:34 EDT: %ASA-session-5-106100: access-list acl_in permitted tcp inside/10.1.2.16(2241) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 24 2013 16:00:28 INT-FW01 : %ASA-6-106100: access-list inside denied udp inside/172.29.2.101(1039) -> outside/192.0.2.10(53) hit-cnt 1 first hit [0xd820e56a, 0x0] +Apr 24 2013 16:00:27 INT-FW01 : %ASA-6-106100: access-list inside permitted udp inside/172.29.2.3(1065) -> outside/192.0.2.57(53) hit-cnt 144 300-second interval [0xe982c7a4, 0x0] +Apr 29 2013 12:59:50: %ASA-6-305011: Built dynamic TCP translation from outside:10.123.3.42/4952 to outside:192.0.2.130/12834 +Apr 29 2013 12:59:50: %ASA-6-302013: Built outbound TCP connection 89743274 for outside:192.0.2.43/443 (192.0.2.43/443) to outside:10.123.3.42/4952 (10.123.3.42.130/12834) +Apr 29 2013 12:59:50: %ASA-6-305011: Built dynamic UDP translation from outside:10.123.1.35/52925 to outside:192.0.2.130/25882 +Apr 29 2013 12:59:50: %ASA-6-302015: Built outbound UDP connection 89743275 for outside:192.0.2.222/53 (192.0.2.43/53) to outside:10.123.1.35/52925 (10.123.1.35/25882) +Apr 29 2013 12:59:50: %ASA-6-305011: Built dynamic TCP translation from outside:10.123.3.42/4953 to outside:192.0.2.130/45392 +Apr 29 2013 12:59:50: %ASA-6-302013: Built outbound TCP connection 89743276 for outside:192.0.2.1/80 (192.0.2.1/80) to outside:10.123.3.42/4953 (10.123.3.130/45392) +Apr 29 2013 12:59:50: %ASA-6-302016: Teardown UDP connection 89743275 for outside:192.0.2.222/53 to inside:10.123.1.35/52925 duration 1:23:45 bytes 140 +Apr 29 2013 12:59:50: %ASA-6-302016: Teardown UDP connection 666 for outside:192.0.2.222/53 user1 to inside:10.123.1.35/52925 user2 duration 10:00:00 bytes 9999999 +Jun 04 2011 21:59:52 FJSG2NRFW01 : %ASA-6-302021: Teardown ICMP connection for faddr 172.24.177.29/0 gaddr 192.168.132.46/17233 laddr 192.168.132.46/17233 +Apr 29 2013 12:59:50: %ASA-6-305011: Built dynamic TCP translation from inside:192.168.3.42/4954 to outside:192.0.0.130/10879 +Apr 29 2013 12:59:50: %ASA-6-302013: Built outbound TCP connection 89743277 for outside:192.0.0.17/80 (192.0.0.17/80) to inside:192.168.3.42/4954 (10.0.0.130/10879) +Apr 30 2013 09:22:33: %ASA-2-106007: Deny inbound UDP from 192.0.0.66/12981 to 10.1.2.60/53 due to DNS Query +Apr 30 2013 09:22:38: %ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2006) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:22:38: %ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49734) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:22:39: %ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49735) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:22:39: %ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49736) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:22:39: %ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49737) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:22:40: %ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49738) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:22:41: %ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49746) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:22:47: %ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2007) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:22:48: %ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.13(43013) -> dmz/192.168.33.31(25) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:22:56: %ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2008) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:23:02: %ASA-2-106006: Deny inbound UDP from 192.0.2.66/137 to 10.1.2.42/137 on interface inside +Apr 30 2013 09:23:03: %ASA-2-106007: Deny inbound UDP from 192.0.2.66/12981 to 10.1.5.60/53 due to DNS Query +Apr 30 2013 09:23:06: %ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2009) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:23:08: %ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49776) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:23:15: %ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2010) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:23:24: %ASA-5-106100: access-list acl_in denied tcp inside/10.0.0.16(2011) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:23:34: %ASA-5-106100: access-list acl_in denied tcp inside/10.0.0.16(2012) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:23:40: %ASA-4-106023: Deny tcp src outside:192.0.2.126/53638 dst inside:10.0.0.132/8111 by access-group "acl_out" [0x71761f18, 0x0] +Apr 30 2013 09:23:41: %ASA-4-106023: Deny tcp src outside:192.0.2.126/53638 dst inside:10.0.0.132/8111 by access-group "acl_out" [0x71761f18, 0x0] +Apr 30 2013 09:23:43: %ASA-5-106100: access-list acl_in est-allowed tcp inside/10.0.0.46(49840) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:23:43: %ASA-5-106100: access-list acl_in est-allowed tcp inside/10.0.0.16(2013) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 15 2018 09:34:34 EDT: %ASA-session-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2241) -> outside/192.0.0.99(2000) hit-cnt 1 first hit [0x71a87d94, 0x0] +Dec 11 2018 08:01:24 : %ASA-6-302015: Built outbound UDP connection 447235 for outside:192.168.77.12/11180 (192.168.77.12/11180) to identity:10.0.13.13/80 (10.0.13.13/80) +Dec 11 2018 08:01:24 : %ASA-6-302015: Built outbound UDP connection 447235 for outside:192.168.77.12/11180 (192.168.77.12/11180) to identity:10.0.13.13/80port> (10.0.13.13/80) +Dec 11 2018 08:01:24 : %ASA-4-106023: Deny udp src dmz:192.168.1.33/5555 dst outside:192.0.0.12/53 by access-group "dmz" [0x123a465e, 0x4c7bf613] +Dec 11 2018 08:01:24 : %ASA-4-106023: Deny udp src dmz:192.168.1.33/5555 dst outside:192.0.0.12/53 by access-group "dmz" [0x123a465e, 0x4c7bf613] +Dec 11 2018 08:01:31 : %ASA-6-302013: Built outbound TCP connection 447236 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:OCSP_Server/5678 (OCSP_Server/5678) +Dec 11 2018 08:01:31 : %ASA-6-302013: Built outbound TCP connection 447236 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:OCSP_Server/5678 (OCSP_Server/5678) +Dec 11 2018 08:01:31 : %ASA-6-302014: Teardown TCP connection 447236 for outside:192.0.2.222/1234 to dmz:192.168.1.34/5678 duration 0:00:00 bytes 14804 TCP FINs +Dec 11 2018 08:01:38 : %ASA-6-302014: Teardown TCP connection 447234 for outside:192.0.2.222/1234 to dmz:192.168.1.35/5678 duration 0:01:08 bytes 134781 TCP FINs +Dec 11 2018 08:01:38 : %ASA-6-302014: Teardown TCP connection 447234 for outside:192.0.2.222/1234 to dmz:192.168.1.35/5678 duration 0:01:08 bytes 134781 TCP FINs +Dec 11 2018 08:01:38 : %ASA-6-106015: Deny TCP (no connection) from 192.0.2.222/1234 to 192.168.1.34/5679 flags RST on interface outside +Dec 11 2018 08:01:38 : %ASA-6-106015: Deny TCP (no connection) from 192.0.2.222/1234 to 192.168.1.34/5679 flags RST on interface outside +Dec 11 2018 08:01:39 : %ASA-4-106023: Deny udp src dmz:192.168.1.34/5679 dst outside:192.0.0.12/5000 by access-group "dmz" [0x123a465e, 0x8c20f21] +Dec 11 2018 08:01:53 : %ASA-6-302013: Built outbound TCP connection 447237 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:192.168.1.34/65000 (192.168.1.34/65000) +Dec 11 2018 08:01:53 : %ASA-6-302013: Built outbound TCP connection 447237 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:192.168.1.34/65000 (192.168.1.34/65000) +Dec 11 2018 08:01:53 : %ASA-6-302014: Teardown TCP connection 447237 for outside:192.0.2.222/1234 to dmz:10.10.10.10/1235 duration 23:59:59 bytes 11420 TCP FINs +Aug 15 2012 23:30:09 : %ASA-6-302016 Teardown UDP connection 40 for outside:10.44.4.4/500 to inside:10.44.2.2/500 duration 0:02:02 bytes 1416 +Sep 12 2014 06:50:53 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.47 on interface Mobile_Traffic +Sep 12 2014 06:51:01 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.57 on interface Mobile_Traffic +Sep 12 2014 06:51:05 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.47 on interface Mobile_Traffic +Sep 12 2014 06:51:05 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.47 on interface Mobile_Traffic +Sep 12 2014 06:51:06 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.57 on interface Mobile_Traffic +Sep 12 2014 06:51:17 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.57 on interface Mobile_Traffic +Sep 12 2014 06:52:48 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.168.1.255 on interface Mobile_Traffic +Sep 12 2014 06:53:00 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.168.1.255 on interface Mobile_Traffic +Sep 12 2014 06:53:01 GIFRCHN01 : %ASA-4-106023: Deny tcp src outside:192.0.2.95/24069 dst inside:10.32.112.125/25 by access-group "PERMIT_IN" [0x0, 0x0]" +Sep 12 2014 06:53:02 GIFRCHN01 : %ASA-3-313001: Denied ICMP type=3, code=3 from 10.2.3.5 on interface Outside +Jan 14 2015 13:16:13: %ASA-4-313004: Denied ICMP type=0, from laddr 172.16.30.2 on interface inside to 172.16.1.10: no matching session +Jan 14 2015 13:16:14: %ASA-4-338002: Dynamic Filter permitted black listed TCP traffic from inside:10.1.1.45/6798 (192.88.99.1/7890) to outside:192.88.99.129/80 (192.88.99.129/80), destination 192.88.99.129 resolved from dynamic list: bad.example.com +Jan 14 2015 13:16:14: %ASA-4-338004: Dynamic Filter monitored blacklisted TCP traffic from inside:10.1.1.1/33340 (10.2.1.1/33340) to outsidet:192.0.2.223/80 (192.0.2.223/80), destination 192.0.2.223 resolved from dynamic list: 192.0.2.223/255.255.255.255, threat-level: very-high, category: Malware +Jan 14 2015 13:16:14: %ASA-4-338008: Dynamic Filter dropped blacklisted TCP traffic from inside:10.1.1.1/33340 (10.2.1.1/33340) to outsidet:192.0.2.223/80 (192.0.2.223/80), destination 192.0.2.223 resolved from dynamic list: 192.0.2.223/255.255.255.255, threat-level: very-high, category: Malware +Nov 16 2009 14:12:35: %ASA-5-304001: 10.30.30.30 Accessed URL 192.0.2.1:/app +Nov 16 2009 14:12:36: %ASA-5-304001: 10.5.111.32 Accessed URL 192.0.2.32:http://example.com +Nov 16 2009 14:12:37: %ASA-5-304002: Access denied URL http://www.example.net/images/favicon.ico SRC 10.69.6.39 DEST 192.0.0.19 on interface inside diff --git a/filebeat/module/cisco/asa/test/sample.log-expected.json b/filebeat/module/cisco/asa/test/sample.log-expected.json new file mode 100644 index 00000000000..67f16d4674f --- /dev/null +++ b/filebeat/module/cisco/asa/test/sample.log-expected.json @@ -0,0 +1,2131 @@ +[ + { + "@timestamp": "2013-04-15T09:36:50.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "acl_dmz", + "cisco.asa.source_interface": "dmz", + "destination.address": "192.0.0.8", + "destination.ip": "192.0.0.8", + "destination.port": 53, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src dmz:10.1.2.30/63016 dst outside:192.0.0.8/53 by access-group \"acl_dmz\" [0xe3aab522, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "warning", + "log.offset": 0, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.1.2.30", + "source.ip": "10.1.2.30", + "source.port": 63016, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-15T09:36:50.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "acl_dmz", + "cisco.asa.source_interface": "dmz", + "destination.address": "192.0.0.8", + "destination.ip": "192.0.0.8", + "destination.port": 53, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src dmz:10.1.2.30/63016 dst outside:192.0.0.8/53 type 3, code 0, by access-group \"acl_dmz\" [0xe3aab522, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "warning", + "log.offset": 139, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.1.2.30", + "source.ip": "10.1.2.30", + "source.port": 63016, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2014-04-15T09:34:34.000-04:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106100", + "cisco.asa.rule_name": "acl_in", + "cisco.asa.source_interface": "inside", + "cisco.asa.suffix": "session", + "destination.address": "192.0.0.89", + "destination.ip": "192.0.0.89", + "destination.port": 2000, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-session-5-106100: access-list acl_in permitted tcp inside/10.1.2.16(2241) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 294, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.1.2.16", + "source.ip": "10.1.2.16", + "source.port": 2241, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-24T16:00:28.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106100", + "cisco.asa.rule_name": "inside", + "cisco.asa.source_interface": "inside", + "destination.address": "192.0.2.10", + "destination.ip": "192.0.2.10", + "destination.port": 53, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-106100: access-list inside denied udp inside/172.29.2.101(1039) -> outside/192.0.2.10(53) hit-cnt 1 first hit [0xd820e56a, 0x0]", + "event.outcome": "deny", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "INT-FW01", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 465, + "network.iana_number": 17, + "network.transport": "udp", + "service.type": "cisco", + "source.address": "172.29.2.101", + "source.ip": "172.29.2.101", + "source.port": 1039, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-24T16:00:27.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106100", + "cisco.asa.rule_name": "inside", + "cisco.asa.source_interface": "inside", + "destination.address": "192.0.2.57", + "destination.ip": "192.0.2.57", + "destination.port": 53, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-106100: access-list inside permitted udp inside/172.29.2.3(1065) -> outside/192.0.2.57(53) hit-cnt 144 300-second interval [0xe982c7a4, 0x0]", + "event.outcome": "allow", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "INT-FW01", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 632, + "network.iana_number": 17, + "network.transport": "udp", + "service.type": "cisco", + "source.address": "172.29.2.3", + "source.ip": "172.29.2.3", + "source.port": 1065, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-29T12:59:50.000-02:00", + "cisco.asa.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from outside:10.123.3.42/4952 to outside:192.0.2.130/12834", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 812, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-29T12:59:50.000-02:00", + "cisco.asa.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 89743274 for outside:192.0.2.43/443 (192.0.2.43/443) to outside:10.123.3.42/4952 (10.123.3.42.130/12834)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 938, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-29T12:59:50.000-02:00", + "cisco.asa.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic UDP translation from outside:10.123.1.35/52925 to outside:192.0.2.130/25882", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 1110, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-29T12:59:50.000-02:00", + "cisco.asa.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 89743275 for outside:192.0.2.222/53 (192.0.2.43/53) to outside:10.123.1.35/52925 (10.123.1.35/25882)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 1237, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-29T12:59:50.000-02:00", + "cisco.asa.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from outside:10.123.3.42/4953 to outside:192.0.2.130/45392", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 1405, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-29T12:59:50.000-02:00", + "cisco.asa.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 89743276 for outside:192.0.2.1/80 (192.0.2.1/80) to outside:10.123.3.42/4953 (10.123.3.130/45392)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 1531, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-29T12:59:50.000-02:00", + "cisco.asa.connection_id": "89743275", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302016", + "cisco.asa.source_interface": "outside", + "destination.address": "10.123.1.35", + "destination.ip": "10.123.1.35", + "destination.port": 52925, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.asa", + "event.duration": 5025000000000, + "event.end": "2013-04-29T12:59:50.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 89743275 for outside:192.0.2.222/53 to inside:10.123.1.35/52925 duration 1:23:45 bytes 140", + "event.severity": 6, + "event.start": "2013-04-29T13:36:05.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 1696, + "network.bytes": 140, + "network.iana_number": 17, + "network.transport": "udp", + "service.type": "cisco", + "source.address": "192.0.2.222", + "source.ip": "192.0.2.222", + "source.port": 53, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-29T12:59:50.000-02:00", + "cisco.asa.connection_id": "666", + "cisco.asa.destination_interface": "inside", + "cisco.asa.destination_username": "user2", + "cisco.asa.message_id": "302016", + "cisco.asa.source_interface": "outside", + "cisco.asa.source_username": "user1", + "destination.address": "10.123.1.35", + "destination.ip": "10.123.1.35", + "destination.port": 52925, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.asa", + "event.duration": 36000000000000, + "event.end": "2013-04-29T12:59:50.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 666 for outside:192.0.2.222/53 user1 to inside:10.123.1.35/52925 user2 duration 10:00:00 bytes 9999999", + "event.severity": 6, + "event.start": "2013-04-29T04:59:50.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 1848, + "network.bytes": 9999999, + "network.iana_number": 17, + "network.transport": "udp", + "service.type": "cisco", + "source.address": "192.0.2.222", + "source.ip": "192.0.2.222", + "source.port": 53, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2011-06-04T21:59:52.000-02:00", + "cisco.asa.mapped_source_ip": "192.168.132.46", + "cisco.asa.message_id": "302021", + "destination.address": "172.24.177.29", + "destination.ip": "172.24.177.29", + "event.action": "flow-expiration", + "event.code": 302021, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302021: Teardown ICMP connection for faddr 172.24.177.29/0 gaddr 192.168.132.46/17233 laddr 192.168.132.46/17233", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "FJSG2NRFW01", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 2012, + "network.iana_number": 1, + "network.transport": "icmp", + "service.type": "cisco", + "source.address": "192.168.132.46", + "source.ip": "192.168.132.46", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-29T12:59:50.000-02:00", + "cisco.asa.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:192.168.3.42/4954 to outside:192.0.0.130/10879", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 2167, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-29T12:59:50.000-02:00", + "cisco.asa.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 89743277 for outside:192.0.0.17/80 (192.0.0.17/80) to inside:192.168.3.42/4954 (10.0.0.130/10879)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 2293, + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-30T09:22:33.000-02:00", + "cisco.asa.message_id": "106007", + "destination.address": "10.1.2.60", + "destination.ip": "10.1.2.60", + "destination.port": 53, + "event.action": "firewall-rule", + "event.code": 106007, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-2-106007: Deny inbound UDP from 192.0.0.66/12981 to 10.1.2.60/53 due to DNS Query", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "critical", + "log.offset": 2458, + "network.direction": "inbound", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "192.0.0.66", + "source.ip": "192.0.0.66", + "source.port": 12981, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-30T09:22:38.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106100", + "cisco.asa.rule_name": "acl_in", + "cisco.asa.source_interface": "inside", + "destination.address": "192.0.0.89", + "destination.ip": "192.0.0.89", + "destination.port": 2000, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2006) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 2567, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.16", + "source.ip": "10.0.0.16", + "source.port": 2006, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-30T09:22:38.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106100", + "cisco.asa.rule_name": "acl_in", + "cisco.asa.source_interface": "inside", + "destination.address": "192.0.0.88", + "destination.ip": "192.0.0.88", + "destination.port": 40443, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49734) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 2726, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.46", + "source.ip": "10.0.0.46", + "source.port": 49734, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-30T09:22:39.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106100", + "cisco.asa.rule_name": "acl_in", + "cisco.asa.source_interface": "inside", + "destination.address": "192.0.0.88", + "destination.ip": "192.0.0.88", + "destination.port": 40443, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49735) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 2887, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.46", + "source.ip": "10.0.0.46", + "source.port": 49735, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-30T09:22:39.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106100", + "cisco.asa.rule_name": "acl_in", + "cisco.asa.source_interface": "inside", + "destination.address": "192.0.0.88", + "destination.ip": "192.0.0.88", + "destination.port": 40443, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49736) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 3048, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.46", + "source.ip": "10.0.0.46", + "source.port": 49736, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-30T09:22:39.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106100", + "cisco.asa.rule_name": "acl_in", + "cisco.asa.source_interface": "inside", + "destination.address": "192.0.0.88", + "destination.ip": "192.0.0.88", + "destination.port": 40443, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49737) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 3209, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.46", + "source.ip": "10.0.0.46", + "source.port": 49737, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-30T09:22:40.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106100", + "cisco.asa.rule_name": "acl_in", + "cisco.asa.source_interface": "inside", + "destination.address": "192.0.0.88", + "destination.ip": "192.0.0.88", + "destination.port": 40443, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49738) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 3370, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.46", + "source.ip": "10.0.0.46", + "source.port": 49738, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-30T09:22:41.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106100", + "cisco.asa.rule_name": "acl_in", + "cisco.asa.source_interface": "inside", + "destination.address": "192.0.0.88", + "destination.ip": "192.0.0.88", + "destination.port": 40443, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49746) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 3531, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.46", + "source.ip": "10.0.0.46", + "source.port": 49746, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-30T09:22:47.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106100", + "cisco.asa.rule_name": "acl_in", + "cisco.asa.source_interface": "inside", + "destination.address": "192.0.0.89", + "destination.ip": "192.0.0.89", + "destination.port": 2000, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2007) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 3692, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.16", + "source.ip": "10.0.0.16", + "source.port": 2007, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-30T09:22:48.000-02:00", + "cisco.asa.destination_interface": "dmz", + "cisco.asa.message_id": "106100", + "cisco.asa.rule_name": "acl_in", + "cisco.asa.source_interface": "inside", + "destination.address": "192.168.33.31", + "destination.ip": "192.168.33.31", + "destination.port": 25, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.13(43013) -> dmz/192.168.33.31(25) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 3851, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.13", + "source.ip": "10.0.0.13", + "source.port": 43013, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-30T09:22:56.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106100", + "cisco.asa.rule_name": "acl_in", + "cisco.asa.source_interface": "inside", + "destination.address": "192.0.0.89", + "destination.ip": "192.0.0.89", + "destination.port": 2000, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2008) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 4008, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.16", + "source.ip": "10.0.0.16", + "source.port": 2008, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-30T09:23:02.000-02:00", + "cisco.asa.message_id": "106006", + "cisco.asa.source_interface": "inside", + "destination.address": "10.1.2.42", + "destination.ip": "10.1.2.42", + "destination.port": 137, + "event.action": "firewall-rule", + "event.code": 106006, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-2-106006: Deny inbound UDP from 192.0.2.66/137 to 10.1.2.42/137 on interface inside", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "critical", + "log.offset": 4167, + "network.direction": "inbound", + "network.iana_number": 17, + "network.transport": "udp", + "service.type": "cisco", + "source.address": "192.0.2.66", + "source.ip": "192.0.2.66", + "source.port": 137, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-30T09:23:03.000-02:00", + "cisco.asa.message_id": "106007", + "destination.address": "10.1.5.60", + "destination.ip": "10.1.5.60", + "destination.port": 53, + "event.action": "firewall-rule", + "event.code": 106007, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-2-106007: Deny inbound UDP from 192.0.2.66/12981 to 10.1.5.60/53 due to DNS Query", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "critical", + "log.offset": 4278, + "network.direction": "inbound", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "192.0.2.66", + "source.ip": "192.0.2.66", + "source.port": 12981, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-30T09:23:06.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106100", + "cisco.asa.rule_name": "acl_in", + "cisco.asa.source_interface": "inside", + "destination.address": "192.0.0.89", + "destination.ip": "192.0.0.89", + "destination.port": 2000, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2009) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 4387, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.16", + "source.ip": "10.0.0.16", + "source.port": 2009, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-30T09:23:08.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106100", + "cisco.asa.rule_name": "acl_in", + "cisco.asa.source_interface": "inside", + "destination.address": "192.0.0.88", + "destination.ip": "192.0.0.88", + "destination.port": 40443, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49776) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 4546, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.46", + "source.ip": "10.0.0.46", + "source.port": 49776, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-30T09:23:15.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106100", + "cisco.asa.rule_name": "acl_in", + "cisco.asa.source_interface": "inside", + "destination.address": "192.0.0.89", + "destination.ip": "192.0.0.89", + "destination.port": 2000, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2010) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 4707, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.16", + "source.ip": "10.0.0.16", + "source.port": 2010, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-30T09:23:24.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106100", + "cisco.asa.rule_name": "acl_in", + "cisco.asa.source_interface": "inside", + "destination.address": "192.0.0.89", + "destination.ip": "192.0.0.89", + "destination.port": 2000, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-5-106100: access-list acl_in denied tcp inside/10.0.0.16(2011) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "deny", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 4866, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.16", + "source.ip": "10.0.0.16", + "source.port": 2011, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-30T09:23:34.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106100", + "cisco.asa.rule_name": "acl_in", + "cisco.asa.source_interface": "inside", + "destination.address": "192.0.0.89", + "destination.ip": "192.0.0.89", + "destination.port": 2000, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-5-106100: access-list acl_in denied tcp inside/10.0.0.16(2012) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "deny", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 5022, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.16", + "source.ip": "10.0.0.16", + "source.port": 2012, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-30T09:23:40.000-02:00", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "acl_out", + "cisco.asa.source_interface": "outside", + "destination.address": "10.0.0.132", + "destination.ip": "10.0.0.132", + "destination.port": 8111, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:192.0.2.126/53638 dst inside:10.0.0.132/8111 by access-group \"acl_out\" [0x71761f18, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "warning", + "log.offset": 5178, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "192.0.2.126", + "source.ip": "192.0.2.126", + "source.port": 53638, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-30T09:23:41.000-02:00", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "acl_out", + "cisco.asa.source_interface": "outside", + "destination.address": "10.0.0.132", + "destination.ip": "10.0.0.132", + "destination.port": 8111, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:192.0.2.126/53638 dst inside:10.0.0.132/8111 by access-group \"acl_out\" [0x71761f18, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "warning", + "log.offset": 5325, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "192.0.2.126", + "source.ip": "192.0.2.126", + "source.port": 53638, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-30T09:23:43.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106100", + "cisco.asa.rule_name": "acl_in", + "cisco.asa.source_interface": "inside", + "destination.address": "192.0.0.88", + "destination.ip": "192.0.0.88", + "destination.port": 40443, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-5-106100: access-list acl_in est-allowed tcp inside/10.0.0.46(49840) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 5472, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.46", + "source.ip": "10.0.0.46", + "source.port": 49840, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2013-04-30T09:23:43.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106100", + "cisco.asa.rule_name": "acl_in", + "cisco.asa.source_interface": "inside", + "destination.address": "192.0.0.89", + "destination.ip": "192.0.0.89", + "destination.port": 2000, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-5-106100: access-list acl_in est-allowed tcp inside/10.0.0.16(2013) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 5635, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.16", + "source.ip": "10.0.0.16", + "source.port": 2013, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-04-15T09:34:34.000-04:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106100", + "cisco.asa.rule_name": "acl_in", + "cisco.asa.source_interface": "inside", + "cisco.asa.suffix": "session", + "destination.address": "192.0.0.99", + "destination.ip": "192.0.0.99", + "destination.port": 2000, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-session-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2241) -> outside/192.0.0.99(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 5796, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.16", + "source.ip": "10.0.0.16", + "source.port": 2241, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-12-11T08:01:24.000-02:00", + "cisco.asa.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 447235 for outside:192.168.77.12/11180 (192.168.77.12/11180) to identity:10.0.13.13/80 (10.0.13.13/80)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 5967, + "process.name": "", + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-12-11T08:01:24.000-02:00", + "cisco.asa.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 447235 for outside:192.168.77.12/11180 (192.168.77.12/11180) to identity:10.0.13.13/80port> (10.0.13.13/80)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 6142, + "process.name": "", + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-12-11T08:01:24.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "dmz", + "cisco.asa.source_interface": "dmz", + "destination.address": "192.0.0.12", + "destination.ip": "192.0.0.12", + "destination.port": 53, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny udp src dmz:192.168.1.33/5555 dst outside:192.0.0.12/53 by access-group \"dmz\" [0x123a465e, 0x4c7bf613]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "warning", + "log.offset": 6322, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "", + "service.type": "cisco", + "source.address": "192.168.1.33", + "source.ip": "192.168.1.33", + "source.port": 5555, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-12-11T08:01:24.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "dmz", + "cisco.asa.source_interface": "dmz", + "destination.address": "192.0.0.12", + "destination.ip": "192.0.0.12", + "destination.port": 53, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny udp src dmz:192.168.1.33/5555 dst outside:192.0.0.12/53 by access-group \"dmz\" [0x123a465e, 0x4c7bf613]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "warning", + "log.offset": 6472, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "", + "service.type": "cisco", + "source.address": "192.168.1.33", + "source.ip": "192.168.1.33", + "source.port": 5555, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-12-11T08:01:31.000-02:00", + "cisco.asa.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 447236 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:OCSP_Server/5678 (OCSP_Server/5678)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 6622, + "process.name": "", + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-12-11T08:01:31.000-02:00", + "cisco.asa.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 447236 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:OCSP_Server/5678 (OCSP_Server/5678)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 6792, + "process.name": "", + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-12-11T08:01:31.000-02:00", + "cisco.asa.connection_id": "447236", + "cisco.asa.destination_interface": "dmz", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "192.168.1.34", + "destination.ip": "192.168.1.34", + "destination.port": 5678, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 0, + "event.end": "2018-12-11T08:01:31.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 447236 for outside:192.0.2.222/1234 to dmz:192.168.1.34/5678 duration 0:00:00 bytes 14804 TCP FINs", + "event.severity": 6, + "event.start": "2018-12-11T10:01:31.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 6962, + "network.bytes": 14804, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "", + "service.type": "cisco", + "source.address": "192.0.2.222", + "source.ip": "192.0.2.222", + "source.port": 1234, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-12-11T08:01:38.000-02:00", + "cisco.asa.connection_id": "447234", + "cisco.asa.destination_interface": "dmz", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "192.168.1.35", + "destination.ip": "192.168.1.35", + "destination.port": 5678, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 68000000000, + "event.end": "2018-12-11T08:01:38.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 447234 for outside:192.0.2.222/1234 to dmz:192.168.1.35/5678 duration 0:01:08 bytes 134781 TCP FINs", + "event.severity": 6, + "event.start": "2018-12-11T10:00:30.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 7127, + "network.bytes": 134781, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "", + "service.type": "cisco", + "source.address": "192.0.2.222", + "source.ip": "192.0.2.222", + "source.port": 1234, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-12-11T08:01:38.000-02:00", + "cisco.asa.connection_id": "447234", + "cisco.asa.destination_interface": "dmz", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "192.168.1.35", + "destination.ip": "192.168.1.35", + "destination.port": 5678, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 68000000000, + "event.end": "2018-12-11T08:01:38.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 447234 for outside:192.0.2.222/1234 to dmz:192.168.1.35/5678 duration 0:01:08 bytes 134781 TCP FINs", + "event.severity": 6, + "event.start": "2018-12-11T10:00:30.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 7293, + "network.bytes": 134781, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "", + "service.type": "cisco", + "source.address": "192.0.2.222", + "source.ip": "192.0.2.222", + "source.port": 1234, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-12-11T08:01:38.000-02:00", + "cisco.asa.message_id": "106015", + "cisco.asa.source_interface": "outside", + "destination.address": "192.168.1.34", + "destination.ip": "192.168.1.34", + "destination.port": 5679, + "event.action": "firewall-rule", + "event.code": 106015, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-106015: Deny TCP (no connection) from 192.0.2.222/1234 to 192.168.1.34/5679 flags RST on interface outside", + "event.outcome": "deny", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 7459, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "", + "service.type": "cisco", + "source.address": "192.0.2.222", + "source.ip": "192.0.2.222", + "source.port": 1234, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-12-11T08:01:38.000-02:00", + "cisco.asa.message_id": "106015", + "cisco.asa.source_interface": "outside", + "destination.address": "192.168.1.34", + "destination.ip": "192.168.1.34", + "destination.port": 5679, + "event.action": "firewall-rule", + "event.code": 106015, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-106015: Deny TCP (no connection) from 192.0.2.222/1234 to 192.168.1.34/5679 flags RST on interface outside", + "event.outcome": "deny", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 7601, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "", + "service.type": "cisco", + "source.address": "192.0.2.222", + "source.ip": "192.0.2.222", + "source.port": 1234, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-12-11T08:01:39.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "dmz", + "cisco.asa.source_interface": "dmz", + "destination.address": "192.0.0.12", + "destination.ip": "192.0.0.12", + "destination.port": 5000, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny udp src dmz:192.168.1.34/5679 dst outside:192.0.0.12/5000 by access-group \"dmz\" [0x123a465e, 0x8c20f21]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "warning", + "log.offset": 7743, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "", + "service.type": "cisco", + "source.address": "192.168.1.34", + "source.ip": "192.168.1.34", + "source.port": 5679, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-12-11T08:01:53.000-02:00", + "cisco.asa.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 447237 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:192.168.1.34/65000 (192.168.1.34/65000)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 7894, + "process.name": "", + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-12-11T08:01:53.000-02:00", + "cisco.asa.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 447237 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:192.168.1.34/65000 (192.168.1.34/65000)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 8068, + "process.name": "", + "service.type": "cisco", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2018-12-11T08:01:53.000-02:00", + "cisco.asa.connection_id": "447237", + "cisco.asa.destination_interface": "dmz", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "outside", + "destination.address": "10.10.10.10", + "destination.ip": "10.10.10.10", + "destination.port": 1235, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 86399000000000, + "event.end": "2018-12-11T08:01:53.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 447237 for outside:192.0.2.222/1234 to dmz:10.10.10.10/1235 duration 23:59:59 bytes 11420 TCP FINs", + "event.severity": 6, + "event.start": "2018-12-10T10:01:54.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 8242, + "network.bytes": 11420, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "", + "service.type": "cisco", + "source.address": "192.0.2.222", + "source.ip": "192.0.2.222", + "source.port": 1234, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2012-08-15T23:30:09.000-02:00", + "cisco.asa.connection_id": "40", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "302016", + "cisco.asa.source_interface": "outside", + "destination.address": "10.44.2.2", + "destination.ip": "10.44.2.2", + "destination.port": 500, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.asa", + "event.duration": 122000000000, + "event.end": "2012-08-15T23:30:09.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016 Teardown UDP connection 40 for outside:10.44.4.4/500 to inside:10.44.2.2/500 duration 0:02:02 bytes 1416", + "event.severity": 6, + "event.start": "2012-08-16T01:28:07.000Z", + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 8407, + "network.bytes": 1416, + "network.iana_number": 17, + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.44.4.4", + "source.ip": "10.44.4.4", + "source.port": 500, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2014-09-12T06:50:53.000-02:00", + "cisco.asa.message_id": "106016", + "cisco.asa.source_interface": "Mobile_Traffic", + "destination.address": "192.88.99.47", + "destination.ip": "192.88.99.47", + "event.action": "firewall-rule", + "event.code": 106016, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.47 on interface Mobile_Traffic", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "GIFRCHN01", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "critical", + "log.offset": 8549, + "service.type": "cisco", + "source.address": "0.0.0.0", + "source.ip": "0.0.0.0", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2014-09-12T06:51:01.000-02:00", + "cisco.asa.message_id": "106016", + "cisco.asa.source_interface": "Mobile_Traffic", + "destination.address": "192.88.99.57", + "destination.ip": "192.88.99.57", + "event.action": "firewall-rule", + "event.code": 106016, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.57 on interface Mobile_Traffic", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "GIFRCHN01", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "critical", + "log.offset": 8670, + "service.type": "cisco", + "source.address": "0.0.0.0", + "source.ip": "0.0.0.0", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2014-09-12T06:51:05.000-02:00", + "cisco.asa.message_id": "106016", + "cisco.asa.source_interface": "Mobile_Traffic", + "destination.address": "192.88.99.47", + "destination.ip": "192.88.99.47", + "event.action": "firewall-rule", + "event.code": 106016, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.47 on interface Mobile_Traffic", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "GIFRCHN01", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "critical", + "log.offset": 8791, + "service.type": "cisco", + "source.address": "0.0.0.0", + "source.ip": "0.0.0.0", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2014-09-12T06:51:05.000-02:00", + "cisco.asa.message_id": "106016", + "cisco.asa.source_interface": "Mobile_Traffic", + "destination.address": "192.88.99.47", + "destination.ip": "192.88.99.47", + "event.action": "firewall-rule", + "event.code": 106016, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.47 on interface Mobile_Traffic", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "GIFRCHN01", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "critical", + "log.offset": 8912, + "service.type": "cisco", + "source.address": "0.0.0.0", + "source.ip": "0.0.0.0", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2014-09-12T06:51:06.000-02:00", + "cisco.asa.message_id": "106016", + "cisco.asa.source_interface": "Mobile_Traffic", + "destination.address": "192.88.99.57", + "destination.ip": "192.88.99.57", + "event.action": "firewall-rule", + "event.code": 106016, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.57 on interface Mobile_Traffic", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "GIFRCHN01", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "critical", + "log.offset": 9033, + "service.type": "cisco", + "source.address": "0.0.0.0", + "source.ip": "0.0.0.0", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2014-09-12T06:51:17.000-02:00", + "cisco.asa.message_id": "106016", + "cisco.asa.source_interface": "Mobile_Traffic", + "destination.address": "192.88.99.57", + "destination.ip": "192.88.99.57", + "event.action": "firewall-rule", + "event.code": 106016, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.57 on interface Mobile_Traffic", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "GIFRCHN01", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "critical", + "log.offset": 9154, + "service.type": "cisco", + "source.address": "0.0.0.0", + "source.ip": "0.0.0.0", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2014-09-12T06:52:48.000-02:00", + "cisco.asa.message_id": "106016", + "cisco.asa.source_interface": "Mobile_Traffic", + "destination.address": "192.168.1.255", + "destination.ip": "192.168.1.255", + "event.action": "firewall-rule", + "event.code": 106016, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.168.1.255 on interface Mobile_Traffic", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "GIFRCHN01", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "critical", + "log.offset": 9275, + "service.type": "cisco", + "source.address": "0.0.0.0", + "source.ip": "0.0.0.0", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2014-09-12T06:53:00.000-02:00", + "cisco.asa.message_id": "106016", + "cisco.asa.source_interface": "Mobile_Traffic", + "destination.address": "192.168.1.255", + "destination.ip": "192.168.1.255", + "event.action": "firewall-rule", + "event.code": 106016, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.168.1.255 on interface Mobile_Traffic", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "GIFRCHN01", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "critical", + "log.offset": 9397, + "service.type": "cisco", + "source.address": "0.0.0.0", + "source.ip": "0.0.0.0", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2014-09-12T06:53:01.000-02:00", + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "PERMIT_IN", + "cisco.asa.source_interface": "outside", + "destination.address": "10.32.112.125", + "destination.ip": "10.32.112.125", + "destination.port": 25, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:192.0.2.95/24069 dst inside:10.32.112.125/25 by access-group \"PERMIT_IN\" [0x0, 0x0]\"", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "GIFRCHN01", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "warning", + "log.offset": 9519, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "192.0.2.95", + "source.ip": "192.0.2.95", + "source.port": 24069, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2014-09-12T06:53:02.000-02:00", + "cisco.asa.icmp_code": 3, + "cisco.asa.icmp_type": 3, + "cisco.asa.message_id": "313001", + "cisco.asa.source_interface": "Outside", + "event.action": "firewall-rule", + "event.code": 313001, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-3-313001: Denied ICMP type=3, code=3 from 10.2.3.5 on interface Outside", + "event.outcome": "deny", + "event.severity": 3, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "GIFRCHN01", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "error", + "log.offset": 9673, + "network.iana_number": 1, + "network.transport": "icmp", + "service.type": "cisco", + "source.address": "10.2.3.5", + "source.ip": "10.2.3.5", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2015-01-14T13:16:13.000-02:00", + "cisco.asa.icmp_type": 0, + "cisco.asa.message_id": "313004", + "cisco.asa.source_interface": "inside", + "destination.address": "172.16.1.10", + "destination.ip": "172.16.1.10", + "event.action": "firewall-rule", + "event.code": 313004, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-313004: Denied ICMP type=0, from laddr 172.16.30.2 on interface inside to 172.16.1.10: no matching session", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "warning", + "log.offset": 9783, + "network.iana_number": 1, + "network.transport": "icmp", + "service.type": "cisco", + "source.address": "172.16.30.2", + "source.ip": "172.16.30.2", + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2015-01-14T13:16:14.000-02:00", + "cisco.asa.destination_interface": "outside", + "cisco.asa.mapped_destination_ip": "192.88.99.129", + "cisco.asa.mapped_destination_port": 80, + "cisco.asa.mapped_source_ip": "192.88.99.1", + "cisco.asa.mapped_source_port": 7890, + "cisco.asa.message_id": "338002", + "cisco.asa.rule_name": "dynamic", + "cisco.asa.source_interface": "inside", + "destination.address": "192.88.99.129", + "destination.domain": "bad.example.com", + "destination.ip": "192.88.99.129", + "destination.port": 80, + "event.action": "firewall-rule", + "event.code": 338002, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-338002: Dynamic Filter permitted black listed TCP traffic from inside:10.1.1.45/6798 (192.88.99.1/7890) to outside:192.88.99.129/80 (192.88.99.129/80), destination 192.88.99.129 resolved from dynamic list: bad.example.com", + "event.outcome": "allow", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "warning", + "log.offset": 9919, + "network.iana_number": 6, + "network.transport": "tcp", + "server.domain": "bad.example.com", + "service.type": "cisco", + "source.address": "10.1.1.45", + "source.ip": "10.1.1.45", + "source.nat.ip": "192.88.99.1", + "source.nat.port": "7890", + "source.port": 6798, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2015-01-14T13:16:14.000-02:00", + "cisco.asa.destination_interface": "outsidet", + "cisco.asa.mapped_destination_ip": "192.0.2.223", + "cisco.asa.mapped_destination_port": 80, + "cisco.asa.mapped_source_ip": "10.2.1.1", + "cisco.asa.mapped_source_port": 33340, + "cisco.asa.message_id": "338004", + "cisco.asa.rule_name": "dynamic", + "cisco.asa.source_interface": "inside", + "cisco.asa.threat_category": "Malware", + "cisco.asa.threat_level": "very-high", + "destination.address": "192.0.2.223", + "destination.ip": "192.0.2.223", + "destination.port": 80, + "event.action": "firewall-rule", + "event.code": 338004, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-338004: Dynamic Filter monitored blacklisted TCP traffic from inside:10.1.1.1/33340 (10.2.1.1/33340) to outsidet:192.0.2.223/80 (192.0.2.223/80), destination 192.0.2.223 resolved from dynamic list: 192.0.2.223/255.255.255.255, threat-level: very-high, category: Malware", + "event.outcome": "monitored", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "warning", + "log.offset": 10170, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.1.1.1", + "source.ip": "10.1.1.1", + "source.nat.ip": "10.2.1.1", + "source.nat.port": "33340", + "source.port": 33340, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2015-01-14T13:16:14.000-02:00", + "cisco.asa.destination_interface": "outsidet", + "cisco.asa.mapped_destination_ip": "192.0.2.223", + "cisco.asa.mapped_destination_port": 80, + "cisco.asa.mapped_source_ip": "10.2.1.1", + "cisco.asa.mapped_source_port": 33340, + "cisco.asa.message_id": "338008", + "cisco.asa.rule_name": "dynamic", + "cisco.asa.source_interface": "inside", + "cisco.asa.threat_category": "Malware", + "cisco.asa.threat_level": "very-high", + "destination.address": "192.0.2.223", + "destination.ip": "192.0.2.223", + "destination.port": 80, + "event.action": "firewall-rule", + "event.code": 338008, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-4-338008: Dynamic Filter dropped blacklisted TCP traffic from inside:10.1.1.1/33340 (10.2.1.1/33340) to outsidet:192.0.2.223/80 (192.0.2.223/80), destination 192.0.2.223 resolved from dynamic list: 192.0.2.223/255.255.255.255, threat-level: very-high, category: Malware", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "warning", + "log.offset": 10469, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.1.1.1", + "source.ip": "10.1.1.1", + "source.nat.ip": "10.2.1.1", + "source.nat.port": "33340", + "source.port": 33340, + "tags": [ + "cisco-asa" + ] + }, + { + "@timestamp": "2009-11-16T14:12:35.000-02:00", + "cisco.asa.message_id": "304001", + "destination.address": "192.0.2.1", + "destination.ip": "192.0.2.1", + "event.action": "firewall-rule", + "event.code": 304001, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-5-304001: 10.30.30.30 Accessed URL 192.0.2.1:/app", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 10766, + "service.type": "cisco", + "source.address": "10.30.30.30", + "source.ip": "10.30.30.30", + "tags": [ + "cisco-asa" + ], + "url.original": "/app" + }, + { + "@timestamp": "2009-11-16T14:12:36.000-02:00", + "cisco.asa.message_id": "304001", + "destination.address": "192.0.2.32", + "destination.ip": "192.0.2.32", + "event.action": "firewall-rule", + "event.code": 304001, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-5-304001: 10.5.111.32 Accessed URL 192.0.2.32:http://example.com", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 10843, + "service.type": "cisco", + "source.address": "10.5.111.32", + "source.ip": "10.5.111.32", + "tags": [ + "cisco-asa" + ], + "url.original": "http://example.com" + }, + { + "@timestamp": "2009-11-16T14:12:37.000-02:00", + "cisco.asa.message_id": "304002", + "cisco.asa.source_interface": "inside", + "destination.address": "192.0.0.19", + "destination.ip": "192.0.0.19", + "event.action": "firewall-rule", + "event.code": 304002, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-5-304002: Access denied URL http://www.example.net/images/favicon.ico SRC 10.69.6.39 DEST 192.0.0.19 on interface inside", + "event.outcome": "deny", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 10935, + "service.type": "cisco", + "source.address": "10.69.6.39", + "source.ip": "10.69.6.39", + "tags": [ + "cisco-asa" + ], + "url.original": "http://www.example.net/images/favicon.ico" + } +] \ No newline at end of file diff --git a/filebeat/module/cisco/fields.go b/filebeat/module/cisco/fields.go new file mode 100644 index 00000000000..4972abd5881 --- /dev/null +++ b/filebeat/module/cisco/fields.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package cisco + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "cisco", asset.ModuleFieldsPri, AssetCisco); err != nil { + panic(err) + } +} + +// AssetCisco returns asset data. +// This is the base64 encoded gzipped contents of module/cisco. +func AssetCisco() string { + return "eJzsmcFu4zYQhu95irkUaAHHvftQwHASIECTGPVugZ6MCTm0uKFIlRzZ67cvSMm2LCiOjCiLbGEdgpiS5v84JIc/oWt4oe0EhA7CXQGwZkMTmNU/JQXhdcHa2Qn8cQUA8OBkaQiU85ChlUbbVfU4WOKN8y8gaa0FgXGrML4CUJqMDJP08jVYzOkgFy/eFjSBlXdlUbd0qMbrLgUC5V1eK+4k4tWUaUphwH1bl9gJwaao87XmdDGFO+1pg8aMG4+29Q8EOYWAK1pqeRS5Qnmh7cb54zsncAC+ZNQgqWODlmRZK03+wNSBEkql9PeeGPQd8yLOhkAhaGf7Mz6ldjS1HqBi8vBLBO4L6kovaKktk1coaIjMLVJM2MdMg8oZgTJuA84DrcnySSxJgbXFGH9YtptD4HcB+tLQMv47BNQj5gROJYSpEBQCzJxl7wz8qQMnMeAMGXJkkZEEznToQVmPbhnIfwRrjFtx6ZAaKr06nb0ImwP9wzAbouew5lgUJJe7JVN0cLYa3yww7NEGg0xyl7v7OaCUnkI4g6VwnjtojLOr9/LE0H1IjlbswKlpjtd5+WlSfUSSmmRvZoozT8hLQ2syw+xQMR6keGke52g26Al+h2fHljiSKqXFGJ5sWg1r8ttr4zYjiH9a4XInySPTCDK9ymIZTI/HH326JZBp5fx2iJ7N6lj7wvx6z+5iud5toGvtyzCqn2n3j737hnYExOJkf4SzlkQ1kQdxEl+t/rdsWofULUy7zUkSLfJiGUU7KELWns4nGe5nD/P05tuCwsmhBGOovrl+pZ/d2VZYGl4mKzgBhSbQeUv47/ljQxuOtLt2KSyWnoTzMpwH8g7viSHolSUJN9M5tMV3YIrloKY7Gu7CbcjvissNKbKBPokTv/ty83M58Qh8ceIXJ35x4j+1E4evgeB2tqhvjS3yWBefyKB3AX5i577Hbdw/I6k/3NW/ynvx/BfPf/H8R4Jvev5AovSauyaNe/5G4nXBltxfuKk9aEruoo4Lt3H/CE2n+v87eXwkYq+Th3Zh0JPH/dPi6DMDnDxgYPJmS6NDV/F/l0eJ21Tl/GL0kzNZodCmeyafPF0sbmfnjchOCNjBJtMiqwpkfRLypMgH+FUdyuIIFo8P8xEs/lmMAG00C62wynnOfhvD9BBcoIVnAoQMvUylt/rCNAKEwjt2wpkRpDKWVx+nnGrX22g9t4Eph+AUxyBjuGeQZB3TkTWtq7zAMuxzX73a3qOqbo6v/gsAAP//XBVT9g==" +} diff --git a/filebeat/module/cisco/ftd/_meta/fields.yml b/filebeat/module/cisco/ftd/_meta/fields.yml new file mode 100644 index 00000000000..e1356d78886 --- /dev/null +++ b/filebeat/module/cisco/ftd/_meta/fields.yml @@ -0,0 +1,104 @@ +- name: ftd + type: group + description: > + Fields for Cisco Firepower Threat Defense Firewall. + fields: + - name: message_id + type: keyword + description: > + The Cisco FTD message identifier. + + - name: suffix + type: keyword + example: session + description: > + Optional suffix after %FTD identifier. + + - name: source_interface + type: keyword + description: > + Source interface for the flow or event. + + - name: destination_interface + type: keyword + description: > + Destination interface for the flow or event. + + - name: rule_name + type: keyword + description: > + Name of the Access Control List rule that matched this event. + + - name: source_username + type: keyword + description: > + Name of the user that is the source for this event. + + - name: destination_username + type: keyword + description: > + Name of the user that is the destination for this event. + + - name: mapped_source_ip + type: ip + description: > + The translated source IP address. Use ECS source.nat.ip. + + - name: mapped_source_port + type: long + description: > + The translated source port. Use ECS source.nat.port. + + - name: mapped_destination_ip + type: ip + description: > + The translated destination IP address. Use ECS destination.nat.ip. + + - name: mapped_destination_port + type: long + description: > + The translated destination port. Use ECS destination.nat.port. + + - name: threat_level + type: keyword + description: > + Threat level for malware / botnet traffic. One of very-low, low, + moderate, high or very-high. + + - name: threat_category + type: keyword + description: > + Category for the malware / botnet traffic. For example: virus, botnet, + trojan, etc. + + - name: connection_id + type: keyword + description: > + Unique identifier for a flow. + + - name: icmp_type + type: short + description: > + ICMP type. + + - name: icmp_code + type: short + description: > + ICMP code. + + - name: security + type: object + description: + Raw fields for Security Events. + + - name: connection_type + type: keyword + default_field: false + description: > + The VPN connection type + + - name: dap_records + type: keyword + default_field: false + description: > + The assigned DAP records diff --git a/filebeat/module/cisco/ftd/config/input.yml b/filebeat/module/cisco/ftd/config/input.yml new file mode 100644 index 00000000000..9d23b77f2e4 --- /dev/null +++ b/filebeat/module/cisco/ftd/config/input.yml @@ -0,0 +1,20 @@ +{{ if eq .input "syslog" }} + +type: udp +host: "{{.syslog_host}}:{{.syslog_port}}" + +{{ else if eq .input "file" }} + +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] + +{{ end }} + +tags: {{.tags}} + +processors: + - add_locale: ~ diff --git a/filebeat/module/cisco/ftd/manifest.yml b/filebeat/module/cisco/ftd/manifest.yml new file mode 100644 index 00000000000..dfcd093ac86 --- /dev/null +++ b/filebeat/module/cisco/ftd/manifest.yml @@ -0,0 +1,32 @@ +module_version: "1.0" + +var: + - name: paths + default: + - /var/log/cisco-ftd.log + - name: tags + default: [cisco-ftd] + - name: syslog_host + default: localhost + - name: syslog_port + default: 9003 + - name: input + default: syslog + - name: log_level + default: 7 + # if ES < 6.1.0, this flag switches to false automatically when evaluating the + # pipeline + min_elasticsearch_version: + version: 6.1.0 + value: false + # These flags are used internally by the shared pipeline + - name: internal_prefix + default: ftd + - name: internal_PREFIX + default: FTD +ingest_pipeline: ../shared/ingest/asa-ftd-pipeline.yml +input: config/input.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/filebeat/module/cisco/ftd/test/asa-fix.log b/filebeat/module/cisco/ftd/test/asa-fix.log new file mode 100644 index 00000000000..00819e8eec1 --- /dev/null +++ b/filebeat/module/cisco/ftd/test/asa-fix.log @@ -0,0 +1,5 @@ +Apr 17 2020 14:08:08 SNL-ASA-VPN-A01 : %ASA-6-302016: Teardown UDP connection 110577675 for Outside:10.123.123.123/53723(LOCAL\Elastic) to Inside:10.233.123.123/53 duration 0:00:00 bytes 148 (zzzzzz) +Apr 17 2020 14:00:31 SNL-ASA-VPN-A01 : %ASA-4-106023: Deny icmp src Inside:10.123.123.123 dst Outside:10.123.123.123 (type 11, code 0) by access-group "Inside_access_in" [0x0, 0x0] +Apr 15 2013 09:36:50: %ASA-4-106023: Deny tcp src dmz:10.123.123.123/6316 dst outside:10.123.123.123/53 type 3, code 0, by access-group "acl_dmz" [0xe3afb522, 0x0] +Apr 17 2020 14:16:20 SNL-ASA-VPN-A01 : %ASA-4-106023: Deny udp src Inside:10.123.123.123/57621(LOCAL\Elastic) dst Outside:10.123.123.123/57621 by access-group "Inside_access_in" [0x0, 0x0] +Apr 17 2020 14:15:07 SNL-ASA-VPN-A01 : %ASA-2-106017: Deny IP due to Land Attack from 10.123.123.123 to 10.123.123.123 diff --git a/filebeat/module/cisco/ftd/test/asa-fix.log-expected.json b/filebeat/module/cisco/ftd/test/asa-fix.log-expected.json new file mode 100644 index 00000000000..bf6c6b521da --- /dev/null +++ b/filebeat/module/cisco/ftd/test/asa-fix.log-expected.json @@ -0,0 +1,157 @@ +[ + { + "@timestamp": "2020-04-17T14:08:08.000-02:00", + "cisco.ftd.connection_id": "110577675", + "cisco.ftd.destination_interface": "Inside", + "cisco.ftd.message_id": "302016", + "cisco.ftd.source_interface": "Outside", + "cisco.ftd.source_username": "(LOCAL\\Elastic)", + "destination.address": "10.233.123.123", + "destination.ip": "10.233.123.123", + "destination.port": 53, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2020-04-17T14:08:08.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 110577675 for Outside:10.123.123.123/53723(LOCAL\\Elastic) to Inside:10.233.123.123/53 duration 0:00:00 bytes 148 (zzzzzz)", + "event.severity": 6, + "event.start": "2020-04-17T16:08:08.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "SNL-ASA-VPN-A01", + "input.type": "log", + "log.level": "informational", + "log.offset": 0, + "network.bytes": 148, + "network.iana_number": 17, + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.123.123.123", + "source.ip": "10.123.123.123", + "source.port": 53723, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2020-04-17T14:00:31.000-02:00", + "cisco.ftd.destination_interface": "Outside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "Inside_access_in", + "cisco.ftd.source_interface": "Inside", + "destination.address": "10.123.123.123", + "destination.ip": "10.123.123.123", + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny icmp src Inside:10.123.123.123 dst Outside:10.123.123.123 (type 11, code 0) by access-group \"Inside_access_in\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "SNL-ASA-VPN-A01", + "input.type": "log", + "log.level": "warning", + "log.offset": 200, + "network.iana_number": 1, + "network.transport": "icmp", + "service.type": "cisco", + "source.address": "10.123.123.123", + "source.ip": "10.123.123.123", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-15T09:36:50.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "acl_dmz", + "cisco.ftd.source_interface": "dmz", + "destination.address": "10.123.123.123", + "destination.ip": "10.123.123.123", + "destination.port": 53, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src dmz:10.123.123.123/6316 dst outside:10.123.123.123/53 type 3, code 0, by access-group \"acl_dmz\" [0xe3afb522, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "warning", + "log.offset": 381, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.123.123.123", + "source.ip": "10.123.123.123", + "source.port": 6316, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2020-04-17T14:16:20.000-02:00", + "cisco.ftd.destination_interface": "Outside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "Inside_access_in", + "cisco.ftd.source_interface": "Inside", + "cisco.ftd.source_username": "(LOCAL\\Elastic)", + "destination.address": "10.123.123.123", + "destination.ip": "10.123.123.123", + "destination.port": 57621, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny udp src Inside:10.123.123.123/57621(LOCAL\\Elastic) dst Outside:10.123.123.123/57621 by access-group \"Inside_access_in\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "SNL-ASA-VPN-A01", + "input.type": "log", + "log.level": "warning", + "log.offset": 545, + "network.iana_number": 17, + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.123.123.123", + "source.ip": "10.123.123.123", + "source.port": 57621, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2020-04-17T14:15:07.000-02:00", + "cisco.ftd.message_id": "106017", + "destination.address": "10.123.123.123", + "destination.ip": "10.123.123.123", + "event.action": "firewall-rule", + "event.code": 106017, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-2-106017: Deny IP due to Land Attack from 10.123.123.123 to 10.123.123.123", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "SNL-ASA-VPN-A01", + "input.type": "log", + "log.level": "critical", + "log.offset": 734, + "service.type": "cisco", + "source.address": "10.123.123.123", + "source.ip": "10.123.123.123", + "tags": [ + "cisco-ftd" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/cisco/ftd/test/asa.log b/filebeat/module/cisco/ftd/test/asa.log new file mode 100644 index 00000000000..9f0a0b8b598 --- /dev/null +++ b/filebeat/module/cisco/ftd/test/asa.log @@ -0,0 +1,268 @@ +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1772 to outside:100.66.98.44/8256 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11757 for outside:100.66.205.104/80 (100.66.205.104/80) to inside:172.31.98.44/1772 (172.31.98.44/1772) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11749 for outside:100.66.211.242/80 to inside:172.31.98.44/1758 duration 0:01:07 bytes 38110 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11748 for outside:100.66.211.242/80 to inside:172.31.98.44/1757 duration 0:01:07 bytes 44010 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11745 for outside:100.66.185.90/80 to inside:172.31.98.44/1755 duration 0:01:07 bytes 7652 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11744 for outside:100.66.185.90/80 to inside:172.31.98.44/1754 duration 0:01:07 bytes 7062 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11742 for outside:100.66.160.197/80 to inside:172.31.98.44/1752 duration 0:01:08 bytes 5738 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11738 for outside:100.66.205.14/80 to inside:172.31.98.44/1749 duration 0:01:08 bytes 4176 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11739 for outside:100.66.124.33/80 to inside:172.31.98.44/1750 duration 0:01:08 bytes 1715 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11731 for outside:100.66.35.9/80 to inside:172.31.98.44/1747 duration 0:01:09 bytes 45595 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11723 for outside:100.66.211.242/80 to inside:172.31.98.44/1742 duration 0:01:09 bytes 27359 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11715 for outside:100.66.218.21/80 to inside:172.31.98.44/1741 duration 0:01:09 bytes 4457 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11711 for outside:100.66.198.27/80 to inside:172.31.98.44/1739 duration 0:01:09 bytes 26709 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11712 for outside:100.66.198.27/80 to inside:172.31.98.44/1740 duration 0:01:09 bytes 22097 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11708 for outside:100.66.202.211/80 to inside:172.31.98.44/1738 duration 0:01:10 bytes 2209 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11746 for outside:100.66.124.15/80 to inside:172.31.98.44/1756 duration 0:01:07 bytes 10404 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11706 for outside:100.66.124.15/80 to inside:172.31.98.44/1737 duration 0:01:10 bytes 123694 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11702 for outside:100.66.209.247/80 to inside:172.31.98.44/1736 duration 0:01:11 bytes 35835 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11753 for outside:100.66.35.162/80 to inside:172.31.98.44/1765 duration 0:00:30 bytes 0 SYN Timeout +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic UDP translation from inside:172.31.98.44/56132 to outside:100.66.98.44/1188 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11758 for outside:100.66.80.32/53 (100.66.80.32/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11758 for outside:100.66.80.32/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 148 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11759 for outside:100.66.252.6/53 (100.66.252.6/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11759 for outside:100.66.252.6/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 164 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1773 to outside:100.66.98.44/8257 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11760 for outside:100.66.252.226/80 (100.66.252.226/80) to inside:172.31.98.44/1773 (172.31.98.44/1773) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1774 to outside:100.66.98.44/8258 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11761 for outside:100.66.252.226/80 (100.66.252.226/80) to inside:172.31.98.44/1774 (172.31.98.44/1774) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11762 for outside:100.66.238.126/53 (100.66.238.126/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11763 for outside:100.66.93.51/53 (100.66.93.51/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11762 for outside:100.66.238.126/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 111 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11763 for outside:100.66.93.51/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 237 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1775 to outside:100.66.98.44/8259 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11764 for outside:100.66.225.103/443 (100.66.225.103/443) to inside:172.31.98.44/1775 (172.31.98.44/1775) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic UDP translation from inside:172.31.98.44/56132 to outside:100.66.98.44/1189 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11772 for outside:100.66.240.126/53 (100.66.240.126/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11773 for outside:100.66.44.45/53 (100.66.44.45/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11772 for outside:100.66.240.126/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 87 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11773 for outside:100.66.44.45/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 221 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1452 to outside:100.66.98.44/8265 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11774 for outside:100.66.179.219/80 (100.66.179.219/80) to inside:172.31.98.44/1452 (172.31.98.44/1452) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11775 for outside:100.66.157.232/53 (100.66.157.232/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11776 for outside:100.66.178.133/53 (100.66.178.133/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11775 for outside:100.66.157.232/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 101 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11776 for outside:100.66.178.133/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 126 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1453 to outside:100.66.98.44/8266 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11777 for outside:100.66.133.112/80 (100.66.133.112/80) to inside:172.31.98.44/1453 (172.31.98.44/1453) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11777 for outside:100.66.133.112/80 to inside:172.31.98.44/1453 duration 0:00:00 bytes 862 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11779 for outside:100.66.204.197/53 (100.66.204.197/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11778 for outside:100.66.157.232/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11779 for outside:100.66.204.197/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 176 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1454 to outside:100.66.98.44/8267 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11780 for outside:100.66.128.3/80 (100.66.128.3/80) to inside:172.31.98.44/1454 (172.31.98.44/1454) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1455 to outside:100.66.98.44/8268 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11781 for outside:100.66.128.3/80 (100.66.128.3/80) to inside:172.31.98.44/1455 (172.31.98.44/1455) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1456 to outside:100.66.98.44/8269 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11782 for outside:100.66.128.3/80 (100.66.128.3/80) to inside:172.31.98.44/1456 (172.31.98.44/1456) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11783 for outside:100.66.100.4/53 (100.66.100.4/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11783 for outside:100.66.100.4/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1457 to outside:100.66.98.44/8270 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11784 for outside:100.66.198.40/80 (100.66.198.40/80) to inside:172.31.98.44/1457 (172.31.98.44/1457) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1458 to outside:100.66.98.44/8271 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11785 for outside:100.66.198.40/80 (100.66.198.40/80) to inside:172.31.98.44/1458 (172.31.98.44/1458) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11786 for outside:100.66.1.107/53 (100.66.1.107/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11784 for outside:100.66.198.40/80 to inside:172.31.98.44/1457 duration 0:00:00 bytes 593 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1459 to outside:100.66.98.44/8272 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11787 for outside:100.66.198.40/80 (100.66.198.40/80) to inside:172.31.98.44/1459 (172.31.98.44/1459) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11786 for outside:100.66.1.107/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 375 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1460 to outside:100.66.98.44/8273 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11788 for outside:100.66.192.44/80 (100.66.192.44/80) to inside:172.31.98.44/1460 (172.31.98.44/1460) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1454 to outside:100.66.98.44/8267 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.156.80/1385 to outside:100.66.98.44/8277 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11797 for outside:100.66.19.254/80 (100.66.19.254/80) to inside:172.31.156.80/1385 (172.31.156.80/1385) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1455 to outside:100.66.98.44/8268 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1456 to outside:100.66.98.44/8269 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1457 to outside:100.66.98.44/8270 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1458 to outside:100.66.98.44/8271 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1459 to outside:100.66.98.44/8272 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1460 to outside:100.66.98.44/8273 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11564 for outside:100.66.115.46/80 to inside:172.31.156.80/1382 duration 0:05:25 bytes 575 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11797 for outside:100.66.19.254/80 to inside:172.31.156.80/1385 duration 0:00:00 bytes 5391 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.156.80/1386 to outside:100.66.98.44/8278 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11798 for outside:100.66.115.46/80 (100.66.115.46/80) to inside:172.31.156.80/1386 (172.31.156.80/1386) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1275 to outside:100.66.98.44/8279 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11799 for outside:100.66.205.99/80 (100.66.205.99/80) to inside:172.31.98.44/1275 (172.31.98.44/1275) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic UDP translation from inside:172.31.98.44/56132 to outside:100.66.98.44/1190 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11800 for outside:100.66.14.30/53 (100.66.14.30/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11800 for outside:100.66.14.30/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 373 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11801 for outside:100.66.252.210/53 (100.66.252.210/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11801 for outside:100.66.252.210/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 207 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1276 to outside:100.66.98.44/8280 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11802 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1276 (172.31.98.44/1276) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1277 to outside:100.66.98.44/8281 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11803 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1277 (172.31.98.44/1277) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11802 for outside:100.66.98.165/80 to inside:172.31.98.44/1276 duration 0:00:00 bytes 12853 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1278 to outside:100.66.98.44/8282 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11804 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1278 (172.31.98.44/1278) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11803 for outside:100.66.98.165/80 to inside:172.31.98.44/1277 duration 0:00:00 bytes 5291 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1279 to outside:100.66.98.44/8283 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11805 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1279 (172.31.98.44/1279) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11804 for outside:100.66.98.165/80 to inside:172.31.98.44/1278 duration 0:00:00 bytes 965 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11805 for outside:100.66.98.165/80 to inside:172.31.98.44/1279 duration 0:00:00 bytes 8605 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1280 to outside:100.66.98.44/8284 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11806 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1280 (172.31.98.44/1280) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11806 for outside:100.66.98.165/80 to inside:172.31.98.44/1280 duration 0:00:00 bytes 3428 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1281 to outside:100.66.98.44/8285 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11807 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1281 (172.31.98.44/1281) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1282 to outside:100.66.98.44/8286 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11808 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1282 (172.31.98.44/1282) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1283 to outside:100.66.98.44/8287 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11809 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1283 (172.31.98.44/1283) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1284 to outside:100.66.98.44/8288 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11810 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1284 (172.31.98.44/1284) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11807 for outside:100.66.98.165/80 to inside:172.31.98.44/1281 duration 0:00:00 bytes 2028 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11808 for outside:100.66.98.165/80 to inside:172.31.98.44/1282 duration 0:00:00 bytes 1085 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11809 for outside:100.66.98.165/80 to inside:172.31.98.44/1283 duration 0:00:00 bytes 868 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1285 to outside:100.66.98.44/8289 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11811 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1285 (172.31.98.44/1285) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1286 to outside:100.66.98.44/8290 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11812 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1286 (172.31.98.44/1286) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11810 for outside:100.66.98.165/80 to inside:172.31.98.44/1284 duration 0:00:00 bytes 4439 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1287 to outside:100.66.98.44/8291 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11813 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1287 (172.31.98.44/1287) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11811 for outside:100.66.98.165/80 to inside:172.31.98.44/1285 duration 0:00:00 bytes 914 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11812 for outside:100.66.98.165/80 to inside:172.31.98.44/1286 duration 0:00:00 bytes 871 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11814 for outside:100.66.100.107/53 (100.66.100.107/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1288 to outside:100.66.98.44/8292 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11815 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1288 (172.31.98.44/1288) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11814 for outside:100.66.100.107/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 384 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11816 for outside:100.66.104.8/53 (100.66.104.8/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11816 for outside:100.66.104.8/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 94 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1289 to outside:100.66.98.44/8293 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11817 for outside:100.66.123.191/80 (100.66.123.191/80) to inside:172.31.98.44/1289 (172.31.98.44/1289) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11815 for outside:100.66.98.165/80 to inside:172.31.98.44/1288 duration 0:00:00 bytes 945 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11813 for outside:100.66.98.165/80 to inside:172.31.98.44/1287 duration 0:00:00 bytes 13284 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11818 for outside:100.66.100.4/53 (100.66.100.4/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11818 for outside:100.66.100.4/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1290 to outside:100.66.98.44/8294 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11819 for outside:100.66.198.25/80 (100.66.198.25/80) to inside:172.31.98.44/1290 (172.31.98.44/1290) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 9828 for outside:100.66.48.1/67 to NP Identity Ifc:255.255.255.255/68 duration 0:58:46 bytes 58512 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1272 to outside:100.66.98.44/8276 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11820 for outside:100.66.3.39/53 (100.66.3.39/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11821 for outside:100.66.162.30/53 (100.66.162.30/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11820 for outside:100.66.3.39/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 168 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11822 for outside:100.66.3.39/53 (100.66.3.39/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11821 for outside:100.66.162.30/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 198 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11822 for outside:100.66.3.39/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 150 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11823 for outside:100.66.48.186/53 (100.66.48.186/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11823 for outside:100.66.48.186/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 84 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1291 to outside:100.66.98.44/8295 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11824 for outside:100.66.54.190/80 (100.66.54.190/80) to inside:172.31.98.44/1291 (172.31.98.44/1291) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11825 for outside:100.66.254.94/53 (100.66.254.94/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11825 for outside:100.66.254.94/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 188 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1292 to outside:100.66.98.44/8296 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11826 for outside:100.66.54.190/80 (100.66.54.190/80) to inside:172.31.98.44/1292 (172.31.98.44/1292) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1293 to outside:100.66.98.44/8297 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11827 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1293 (172.31.98.44/1293) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1294 to outside:100.66.98.44/8298 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11828 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1294 (172.31.98.44/1294) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11827 for outside:100.66.98.165/80 to inside:172.31.98.44/1293 duration 0:00:00 bytes 5964 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1295 to outside:100.66.98.44/8299 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11829 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1295 (172.31.98.44/1295) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1296 to outside:100.66.98.44/8300 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11830 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1296 (172.31.98.44/1296) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11828 for outside:100.66.98.165/80 to inside:172.31.98.44/1294 duration 0:00:00 bytes 6694 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11829 for outside:100.66.98.165/80 to inside:172.31.98.44/1295 duration 0:00:00 bytes 1493 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11830 for outside:100.66.98.165/80 to inside:172.31.98.44/1296 duration 0:00:00 bytes 893 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1297 to outside:100.66.98.44/8301 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11831 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1297 (172.31.98.44/1297) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1298 to outside:100.66.98.44/8302 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11832 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1298 (172.31.98.44/1298) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11833 for outside:100.66.179.9/53 (100.66.179.9/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11833 for outside:100.66.179.9/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 150 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11831 for outside:100.66.98.165/80 to inside:172.31.98.44/1297 duration 0:00:00 bytes 2750 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1299 to outside:100.66.98.44/8303 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11834 for outside:100.66.247.99/80 (100.66.247.99/80) to inside:172.31.98.44/1299 (172.31.98.44/1299) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1300 to outside:100.66.98.44/8304 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11835 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1300 (172.31.98.44/1300) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11832 for outside:100.66.98.165/80 to inside:172.31.98.44/1298 duration 0:00:00 bytes 881 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11835 for outside:100.66.98.165/80 to inside:172.31.98.44/1300 duration 0:00:00 bytes 2202 TCP FINs +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1301 to outside:100.66.98.44/8305 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11836 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1301 (172.31.98.44/1301) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1302 to outside:100.66.98.44/8306 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11837 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1302 (172.31.98.44/1302) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1276 to outside:100.66.98.44/8280 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1277 to outside:100.66.98.44/8281 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1278 to outside:100.66.98.44/8282 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1279 to outside:100.66.98.44/8283 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1280 to outside:100.66.98.44/8284 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1281 to outside:100.66.98.44/8285 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1282 to outside:100.66.98.44/8286 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1283 to outside:100.66.98.44/8287 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1284 to outside:100.66.98.44/8288 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1285 to outside:100.66.98.44/8289 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1286 to outside:100.66.98.44/8290 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1287 to outside:100.66.98.44/8291 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1288 to outside:100.66.98.44/8292 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1293 to outside:100.66.98.44/8297 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1294 to outside:100.66.98.44/8298 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1304 to outside:100.66.98.44/8308 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11840 for outside:100.66.205.99/80 (100.66.205.99/80) to inside:172.31.98.44/1304 (172.31.98.44/1304) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1295 to outside:100.66.98.44/8299 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1296 to outside:100.66.98.44/8300 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11841 for outside:100.66.0.124/53 (100.66.0.124/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11842 for outside:100.66.160.2/53 (100.66.160.2/53) to inside:172.31.98.44/56132 (172.31.98.44/56132) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11841 for outside:100.66.0.124/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 318 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11842 for outside:100.66.160.2/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1305 to outside:100.66.98.44/8309 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11843 for outside:100.66.124.24/80 (100.66.124.24/80) to inside:172.31.98.44/1305 (172.31.98.44/1305) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1297 to outside:100.66.98.44/8301 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1298 to outside:100.66.98.44/8302 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1299 to outside:100.66.98.44/8303 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1300 to outside:100.66.98.44/8304 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1301 to outside:100.66.98.44/8305 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1302 to outside:100.66.98.44/8306 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1303 to outside:100.66.98.44/8307 duration 0:00:30 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11843 for outside:100.66.124.24/80 to inside:172.31.98.44/1305 duration 0:00:04 bytes 410333 TCP Reset-I +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1306 to outside:100.66.98.44/8310 +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11844 for outside:100.66.124.24/80 (100.66.124.24/80) to inside:172.31.98.44/1306 (172.31.98.44/1306) +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] +Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group "inbound" [0x0, 0x0] diff --git a/filebeat/module/cisco/ftd/test/asa.log-expected.json b/filebeat/module/cisco/ftd/test/asa.log-expected.json new file mode 100644 index 00000000000..297696b3a01 --- /dev/null +++ b/filebeat/module/cisco/ftd/test/asa.log-expected.json @@ -0,0 +1,2853 @@ +[ + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1772 to outside:100.66.98.44/8256", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 0, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11757 for outside:100.66.205.104/80 (100.66.205.104/80) to inside:172.31.98.44/1772 (172.31.98.44/1772)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 150, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11749", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1758, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 67000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11749 for outside:100.66.211.242/80 to inside:172.31.98.44/1758 duration 0:01:07 bytes 38110 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:49.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 345, + "network.bytes": 38110, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.211.242", + "source.ip": "100.66.211.242", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11748", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1757, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 67000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11748 for outside:100.66.211.242/80 to inside:172.31.98.44/1757 duration 0:01:07 bytes 44010 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:49.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 535, + "network.bytes": 44010, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.211.242", + "source.ip": "100.66.211.242", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11745", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1755, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 67000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11745 for outside:100.66.185.90/80 to inside:172.31.98.44/1755 duration 0:01:07 bytes 7652 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:49.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 725, + "network.bytes": 7652, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.185.90", + "source.ip": "100.66.185.90", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11744", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1754, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 67000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11744 for outside:100.66.185.90/80 to inside:172.31.98.44/1754 duration 0:01:07 bytes 7062 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:49.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 913, + "network.bytes": 7062, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.185.90", + "source.ip": "100.66.185.90", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11742", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1752, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 68000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11742 for outside:100.66.160.197/80 to inside:172.31.98.44/1752 duration 0:01:08 bytes 5738 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:48.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 1101, + "network.bytes": 5738, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.160.197", + "source.ip": "100.66.160.197", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11738", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1749, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 68000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11738 for outside:100.66.205.14/80 to inside:172.31.98.44/1749 duration 0:01:08 bytes 4176 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:48.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 1290, + "network.bytes": 4176, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.205.14", + "source.ip": "100.66.205.14", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11739", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1750, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 68000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11739 for outside:100.66.124.33/80 to inside:172.31.98.44/1750 duration 0:01:08 bytes 1715 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:48.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 1478, + "network.bytes": 1715, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.124.33", + "source.ip": "100.66.124.33", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11731", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1747, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 69000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11731 for outside:100.66.35.9/80 to inside:172.31.98.44/1747 duration 0:01:09 bytes 45595 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:47.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 1666, + "network.bytes": 45595, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.35.9", + "source.ip": "100.66.35.9", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11723", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1742, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 69000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11723 for outside:100.66.211.242/80 to inside:172.31.98.44/1742 duration 0:01:09 bytes 27359 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:47.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 1853, + "network.bytes": 27359, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.211.242", + "source.ip": "100.66.211.242", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11715", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1741, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 69000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11715 for outside:100.66.218.21/80 to inside:172.31.98.44/1741 duration 0:01:09 bytes 4457 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:47.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 2043, + "network.bytes": 4457, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.218.21", + "source.ip": "100.66.218.21", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11711", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1739, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 69000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11711 for outside:100.66.198.27/80 to inside:172.31.98.44/1739 duration 0:01:09 bytes 26709 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:47.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 2231, + "network.bytes": 26709, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.198.27", + "source.ip": "100.66.198.27", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11712", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1740, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 69000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11712 for outside:100.66.198.27/80 to inside:172.31.98.44/1740 duration 0:01:09 bytes 22097 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:47.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 2420, + "network.bytes": 22097, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.198.27", + "source.ip": "100.66.198.27", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11708", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1738, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 70000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11708 for outside:100.66.202.211/80 to inside:172.31.98.44/1738 duration 0:01:10 bytes 2209 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:46.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 2609, + "network.bytes": 2209, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.202.211", + "source.ip": "100.66.202.211", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11746", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1756, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 67000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11746 for outside:100.66.124.15/80 to inside:172.31.98.44/1756 duration 0:01:07 bytes 10404 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:49.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 2798, + "network.bytes": 10404, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.124.15", + "source.ip": "100.66.124.15", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11706", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1737, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 70000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11706 for outside:100.66.124.15/80 to inside:172.31.98.44/1737 duration 0:01:10 bytes 123694 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:46.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 2987, + "network.bytes": 123694, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.124.15", + "source.ip": "100.66.124.15", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11702", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1736, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 71000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11702 for outside:100.66.209.247/80 to inside:172.31.98.44/1736 duration 0:01:11 bytes 35835 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:33:45.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 3177, + "network.bytes": 35835, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.209.247", + "source.ip": "100.66.209.247", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11753", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1765, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 30000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11753 for outside:100.66.35.162/80 to inside:172.31.98.44/1765 duration 0:00:30 bytes 0 SYN Timeout", + "event.severity": 6, + "event.start": "2018-10-10T14:34:26.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 3367, + "network.bytes": 0, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.35.162", + "source.ip": "100.66.35.162", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic UDP translation from inside:172.31.98.44/56132 to outside:100.66.98.44/1188", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 3552, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11758 for outside:100.66.80.32/53 (100.66.80.32/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 3703, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11758", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302016", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11758 for outside:100.66.80.32/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 148", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 3896, + "network.bytes": 148, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.80.32", + "source.ip": "100.66.80.32", + "source.port": 53, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11759 for outside:100.66.252.6/53 (100.66.252.6/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 4071, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11759", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302016", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11759 for outside:100.66.252.6/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 164", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 4264, + "network.bytes": 164, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.252.6", + "source.ip": "100.66.252.6", + "source.port": 53, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1773 to outside:100.66.98.44/8257", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 4439, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11760 for outside:100.66.252.226/80 (100.66.252.226/80) to inside:172.31.98.44/1773 (172.31.98.44/1773)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 4589, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1774 to outside:100.66.98.44/8258", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 4784, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11761 for outside:100.66.252.226/80 (100.66.252.226/80) to inside:172.31.98.44/1774 (172.31.98.44/1774)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 4934, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11762 for outside:100.66.238.126/53 (100.66.238.126/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 5129, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11763 for outside:100.66.93.51/53 (100.66.93.51/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 5326, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11762", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302016", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11762 for outside:100.66.238.126/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 111", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 5519, + "network.bytes": 111, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.238.126", + "source.ip": "100.66.238.126", + "source.port": 53, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11763", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302016", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11763 for outside:100.66.93.51/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 237", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 5696, + "network.bytes": 237, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.93.51", + "source.ip": "100.66.93.51", + "source.port": 53, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1775 to outside:100.66.98.44/8259", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 5871, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11764 for outside:100.66.225.103/443 (100.66.225.103/443) to inside:172.31.98.44/1775 (172.31.98.44/1775)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 6021, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic UDP translation from inside:172.31.98.44/56132 to outside:100.66.98.44/1189", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 6218, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11772 for outside:100.66.240.126/53 (100.66.240.126/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 6369, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11773 for outside:100.66.44.45/53 (100.66.44.45/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 6566, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11772", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302016", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11772 for outside:100.66.240.126/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 87", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 6759, + "network.bytes": 87, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.240.126", + "source.ip": "100.66.240.126", + "source.port": 53, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11773", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302016", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11773 for outside:100.66.44.45/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 221", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 6935, + "network.bytes": 221, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.44.45", + "source.ip": "100.66.44.45", + "source.port": 53, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1452 to outside:100.66.98.44/8265", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 7110, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11774 for outside:100.66.179.219/80 (100.66.179.219/80) to inside:172.31.98.44/1452 (172.31.98.44/1452)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 7260, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11775 for outside:100.66.157.232/53 (100.66.157.232/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 7455, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11776 for outside:100.66.178.133/53 (100.66.178.133/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 7652, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11775", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302016", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11775 for outside:100.66.157.232/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 101", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 7849, + "network.bytes": 101, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.157.232", + "source.ip": "100.66.157.232", + "source.port": 53, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11776", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302016", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11776 for outside:100.66.178.133/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 126", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 8026, + "network.bytes": 126, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.178.133", + "source.ip": "100.66.178.133", + "source.port": 53, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1453 to outside:100.66.98.44/8266", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 8203, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11777 for outside:100.66.133.112/80 (100.66.133.112/80) to inside:172.31.98.44/1453 (172.31.98.44/1453)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 8353, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11777", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1453, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11777 for outside:100.66.133.112/80 to inside:172.31.98.44/1453 duration 0:00:00 bytes 862 TCP FINs", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 8548, + "network.bytes": 862, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.133.112", + "source.ip": "100.66.133.112", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11779 for outside:100.66.204.197/53 (100.66.204.197/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 8733, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11778", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302016", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11778 for outside:100.66.157.232/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 8930, + "network.bytes": 104, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.157.232", + "source.ip": "100.66.157.232", + "source.port": 53, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11779", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302016", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11779 for outside:100.66.204.197/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 176", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 9107, + "network.bytes": 176, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.204.197", + "source.ip": "100.66.204.197", + "source.port": 53, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1454 to outside:100.66.98.44/8267", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 9284, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11780 for outside:100.66.128.3/80 (100.66.128.3/80) to inside:172.31.98.44/1454 (172.31.98.44/1454)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 9434, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1455 to outside:100.66.98.44/8268", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 9625, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11781 for outside:100.66.128.3/80 (100.66.128.3/80) to inside:172.31.98.44/1455 (172.31.98.44/1455)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 9775, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1456 to outside:100.66.98.44/8269", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 9966, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11782 for outside:100.66.128.3/80 (100.66.128.3/80) to inside:172.31.98.44/1456 (172.31.98.44/1456)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 10116, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11783 for outside:100.66.100.4/53 (100.66.100.4/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 10307, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11783", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302016", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11783 for outside:100.66.100.4/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 10500, + "network.bytes": 104, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.100.4", + "source.ip": "100.66.100.4", + "source.port": 53, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1457 to outside:100.66.98.44/8270", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 10675, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11784 for outside:100.66.198.40/80 (100.66.198.40/80) to inside:172.31.98.44/1457 (172.31.98.44/1457)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 10825, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1458 to outside:100.66.98.44/8271", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 11018, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11785 for outside:100.66.198.40/80 (100.66.198.40/80) to inside:172.31.98.44/1458 (172.31.98.44/1458)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 11168, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11786 for outside:100.66.1.107/53 (100.66.1.107/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 11361, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11784", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 1457, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11784 for outside:100.66.198.40/80 to inside:172.31.98.44/1457 duration 0:00:00 bytes 593 TCP FINs", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 11554, + "network.bytes": 593, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.198.40", + "source.ip": "100.66.198.40", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1459 to outside:100.66.98.44/8272", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 11738, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11787 for outside:100.66.198.40/80 (100.66.198.40/80) to inside:172.31.98.44/1459 (172.31.98.44/1459)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 11888, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11786", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302016", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 56132, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 11786 for outside:100.66.1.107/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 375", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 12081, + "network.bytes": 375, + "network.iana_number": 17, + "network.transport": "udp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.1.107", + "source.ip": "100.66.1.107", + "source.port": 53, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1460 to outside:100.66.98.44/8273", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 12256, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11788 for outside:100.66.192.44/80 (100.66.192.44/80) to inside:172.31.98.44/1460 (172.31.98.44/1460)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 12406, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305012", + "event.action": "firewall-rule", + "event.code": 305012, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1454 to outside:100.66.98.44/8267 duration 0:00:30", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 12599, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.156.80/1385 to outside:100.66.98.44/8277", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 12769, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11797 for outside:100.66.19.254/80 (100.66.19.254/80) to inside:172.31.156.80/1385 (172.31.156.80/1385)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 12920, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305012", + "event.action": "firewall-rule", + "event.code": 305012, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1455 to outside:100.66.98.44/8268 duration 0:00:30", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 13115, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305012", + "event.action": "firewall-rule", + "event.code": 305012, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1456 to outside:100.66.98.44/8269 duration 0:00:30", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 13285, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305012", + "event.action": "firewall-rule", + "event.code": 305012, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1457 to outside:100.66.98.44/8270 duration 0:00:30", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 13455, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305012", + "event.action": "firewall-rule", + "event.code": 305012, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1458 to outside:100.66.98.44/8271 duration 0:00:30", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 13625, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305012", + "event.action": "firewall-rule", + "event.code": 305012, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1459 to outside:100.66.98.44/8272 duration 0:00:30", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 13795, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305012", + "event.action": "firewall-rule", + "event.code": 305012, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1460 to outside:100.66.98.44/8273 duration 0:00:30", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 13965, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11564", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.156.80", + "destination.ip": "172.31.156.80", + "destination.port": 1382, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 325000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11564 for outside:100.66.115.46/80 to inside:172.31.156.80/1382 duration 0:05:25 bytes 575 TCP FINs", + "event.severity": 6, + "event.start": "2018-10-10T14:29:31.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 14135, + "network.bytes": 575, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.115.46", + "source.ip": "100.66.115.46", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.connection_id": "11797", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.156.80", + "destination.ip": "172.31.156.80", + "destination.port": 1385, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2018-10-10T12:34:56.000-02:00", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 11797 for outside:100.66.19.254/80 to inside:172.31.156.80/1385 duration 0:00:00 bytes 5391 TCP Reset-I", + "event.severity": 6, + "event.start": "2018-10-10T14:34:56.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 14320, + "network.bytes": 5391, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.156.80/1386 to outside:100.66.98.44/8278", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 14509, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11798 for outside:100.66.115.46/80 (100.66.115.46/80) to inside:172.31.156.80/1386 (172.31.156.80/1386)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 14660, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "inbound", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "warning", + "log.offset": 14855, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "inbound", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "warning", + "log.offset": 15020, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "inbound", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "warning", + "log.offset": 15185, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "inbound", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "warning", + "log.offset": 15350, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "inbound", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "warning", + "log.offset": 15515, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "inbound", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "warning", + "log.offset": 15680, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "inbound", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "warning", + "log.offset": 15845, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "inbound", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "warning", + "log.offset": 16010, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "inbound", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "warning", + "log.offset": 16175, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "inbound", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "warning", + "log.offset": 16340, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "inbound", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "warning", + "log.offset": 16505, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "inbound", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "warning", + "log.offset": 16670, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "inbound", + "cisco.ftd.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "destination.port": 8277, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "warning", + "log.offset": 16835, + "network.iana_number": 6, + "network.transport": "tcp", + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "source.address": "100.66.19.254", + "source.ip": "100.66.19.254", + "source.port": 80, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1275 to outside:100.66.98.44/8279", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 17000, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built outbound TCP connection 11799 for outside:100.66.205.99/80 (100.66.205.99/80) to inside:172.31.98.44/1275 (172.31.98.44/1275)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 17150, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-305011: Built dynamic UDP translation from inside:172.31.98.44/56132 to outside:100.66.98.44/1190", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 17343, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built outbound UDP connection 11800 for outside:100.66.14.30/53 (100.66.14.30/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "localhost", + "input.type": "log", + "log.level": "informational", + "log.offset": 17494, + "process.name": "CiscoASA", + "process.pid": 999, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/cisco/ftd/test/dns.log b/filebeat/module/cisco/ftd/test/dns.log new file mode 100644 index 00000000000..ce15fb2bdfa --- /dev/null +++ b/filebeat/module/cisco/ftd/test/dns.log @@ -0,0 +1,21 @@ +2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 57379, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 145, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: a host address, DNS_TTL: 70 +2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 51389, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 193, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: IP6 Address, DNS_TTL: 299 +2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 53033, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 166, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: the canonical name for an alias, DNS_TTL: 899 +2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 55371, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 97, ResponderBytes: 200, NAPPolicy: Balanced Security and Connectivity, DNSQuery: www.elastic.co, DNSRecordType: a host address, DNS_TTL: 12 +2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 60441, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 193, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: IP6 Address, DNS_TTL: 299, DNSResponseType: No error +2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 59714, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 166, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: the canonical name for an alias, DNS_TTL: 658 +2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 55105, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 199, NAPPolicy: Balanced Security and Connectivity, DNSResponseType: Non-Existent Domain, DNSQuery: elastic.co, DNSRecordType: mail exchange, DNS_TTL: 299 +2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 57141, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 221, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: an authoritative name server, DNS_TTL: 21599 +2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 47260, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 166, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSResponseType: Server Failure, DNSRecordType: marks the start of a zone of authority, DNS_TTL: 899 +2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 58082, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 722, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: text strings, DNS_TTL: 299 +2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 205.251.196.144, SrcPort: 33973, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 98, ResponderBytes: 75, NAPPolicy: Balanced Security and Connectivity, DNSQuery: refusedthis.com, DNSRecordType: a host address, DNSResponseType: Query Refused +2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 39541, DstPort: 53, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 6, ResponderPackets: 4, InitiatorBytes: 457, ResponderBytes: 313, NAPPolicy: Balanced Security and Connectivity, DNSResponseType: Server Failure +2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 9.9.9.9, SrcPort: 41672, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 107, ResponderBytes: 180, NAPPolicy: Balanced Security and Connectivity, DNSQuery: laskdfjlaksdf.elastic.co, DNSRecordType: a host address, DNSResponseType: Non-Existent Domain, DNS_TTL: 900 +2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 9.9.9.9, SrcPort: 59577, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 104, ResponderBytes: 108, NAPPolicy: Balanced Security and Connectivity, DNSQuery: ns-1168.awsdns-18.org, DNSRecordType: a host address, DNS_TTL: 31694 +2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 9.9.9.9, SrcPort: 35998, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 101, ResponderBytes: 162, NAPPolicy: Balanced Security and Connectivity, DNSQuery: _http._tcp.security.ubuntu.com, DNSRecordType: Server Selection, DNSResponseType: Non-Existent Domain, DNS_TTL: 946 +2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 55105, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 199, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: mail exchange, DNS_TTL: 299 +2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 47260, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 166, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: marks the start of a zone of authority, DNS_TTL: 899 +2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 53033, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 166, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: the canonical name for an alias, DNS_TTL: 899 +2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 57141, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 221, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: an authoritative name server, DNS_TTL: 21599 +2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 46093, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 131, NAPPolicy: Balanced Security and Connectivity, DNSRecordType: a domain name pointer, DNS_TTL: 59 +2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 58082, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 722, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: text strings, DNS_TTL: 299 diff --git a/filebeat/module/cisco/ftd/test/dns.log-expected.json b/filebeat/module/cisco/ftd/test/dns.log-expected.json new file mode 100644 index 00000000000..ea8c71eeabd --- /dev/null +++ b/filebeat/module/cisco/ftd/test/dns.log-expected.json @@ -0,0 +1,1696 @@ +[ + { + "@timestamp": "2019-08-26T21:11:03.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Intrusion-Rule" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Intrusion-Rule", + "cisco.ftd.security.application_protocol": "DNS", + "cisco.ftd.security.client": "DNS client", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dns_query": "elastic.co", + "cisco.ftd.security.dns_record_type": "a host address", + "cisco.ftd.security.dns_ttl": "70", + "cisco.ftd.security.dst_ip": "8.8.8.8", + "cisco.ftd.security.dst_port": "53", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "93", + "cisco.ftd.security.initiator_packets": "1", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "udp", + "cisco.ftd.security.responder_bytes": "145", + "cisco.ftd.security.responder_packets": "1", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "57379", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 145, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.packets": 1, + "destination.port": 53, + "dns.question.name": "elastic.co", + "dns.question.type": "A", + "dns.response_code": "NOERROR", + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-26T21:11:03.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 57379, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 145, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: a host address, DNS_TTL: 70", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-26T23:11:03.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 0, + "network.application": "dns client", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 93, + "source.ip": "10.0.1.20", + "source.packets": 1, + "source.port": 57379, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-26T21:11:03.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Intrusion-Rule" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Intrusion-Rule", + "cisco.ftd.security.access_control_rule_reason": "Intrusion Monitor", + "cisco.ftd.security.application_protocol": "DNS", + "cisco.ftd.security.client": "DNS client", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dns_query": "elastic.co", + "cisco.ftd.security.dns_record_type": "IP6 Address", + "cisco.ftd.security.dns_ttl": "299", + "cisco.ftd.security.dst_ip": "8.8.8.8", + "cisco.ftd.security.dst_port": "53", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "93", + "cisco.ftd.security.initiator_packets": "1", + "cisco.ftd.security.ips_count": "1", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "udp", + "cisco.ftd.security.responder_bytes": "193", + "cisco.ftd.security.responder_packets": "1", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "51389", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 193, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.packets": 1, + "destination.port": 53, + "dns.question.name": "elastic.co", + "dns.question.type": "AAAA", + "dns.response_code": "NOERROR", + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-26T21:11:03.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 51389, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 193, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: IP6 Address, DNS_TTL: 299", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-26T23:11:03.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 658, + "network.application": "dns client", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 93, + "source.ip": "10.0.1.20", + "source.packets": 1, + "source.port": 51389, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-26T21:11:03.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Intrusion-Rule" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Intrusion-Rule", + "cisco.ftd.security.application_protocol": "DNS", + "cisco.ftd.security.client": "DNS client", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dns_query": "elastic.co", + "cisco.ftd.security.dns_record_type": "the canonical name for an alias", + "cisco.ftd.security.dns_ttl": "899", + "cisco.ftd.security.dst_ip": "8.8.8.8", + "cisco.ftd.security.dst_port": "53", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "93", + "cisco.ftd.security.initiator_packets": "1", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "udp", + "cisco.ftd.security.responder_bytes": "166", + "cisco.ftd.security.responder_packets": "1", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "53033", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 166, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.packets": 1, + "destination.port": 53, + "dns.question.name": "elastic.co", + "dns.question.type": "CNAME", + "dns.response_code": "NOERROR", + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-26T21:11:03.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 53033, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 166, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: the canonical name for an alias, DNS_TTL: 899", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-26T23:11:03.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 1371, + "network.application": "dns client", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 93, + "source.ip": "10.0.1.20", + "source.packets": 1, + "source.port": 53033, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-26T21:11:03.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Intrusion-Rule" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Intrusion-Rule", + "cisco.ftd.security.access_control_rule_reason": "Intrusion Monitor", + "cisco.ftd.security.application_protocol": "DNS", + "cisco.ftd.security.client": "DNS client", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dns_query": "www.elastic.co", + "cisco.ftd.security.dns_record_type": "a host address", + "cisco.ftd.security.dns_ttl": "12", + "cisco.ftd.security.dst_ip": "8.8.8.8", + "cisco.ftd.security.dst_port": "53", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "97", + "cisco.ftd.security.initiator_packets": "1", + "cisco.ftd.security.ips_count": "1", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "udp", + "cisco.ftd.security.responder_bytes": "200", + "cisco.ftd.security.responder_packets": "1", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "55371", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 200, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.packets": 1, + "destination.port": 53, + "dns.question.name": "www.elastic.co", + "dns.question.type": "A", + "dns.response_code": "NOERROR", + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-26T21:11:03.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 55371, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 97, ResponderBytes: 200, NAPPolicy: Balanced Security and Connectivity, DNSQuery: www.elastic.co, DNSRecordType: a host address, DNS_TTL: 12", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-26T23:11:03.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 2047, + "network.application": "dns client", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 97, + "source.ip": "10.0.1.20", + "source.packets": 1, + "source.port": 55371, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-26T21:11:03.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Intrusion-Rule" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Intrusion-Rule", + "cisco.ftd.security.application_protocol": "DNS", + "cisco.ftd.security.client": "DNS client", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dns_query": "elastic.co", + "cisco.ftd.security.dns_record_type": "IP6 Address", + "cisco.ftd.security.dns_response_type": "No error", + "cisco.ftd.security.dns_ttl": "299", + "cisco.ftd.security.dst_ip": "8.8.8.8", + "cisco.ftd.security.dst_port": "53", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "93", + "cisco.ftd.security.initiator_packets": "1", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "udp", + "cisco.ftd.security.responder_bytes": "193", + "cisco.ftd.security.responder_packets": "1", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "60441", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 193, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.packets": 1, + "destination.port": 53, + "dns.question.name": "elastic.co", + "dns.question.type": "AAAA", + "dns.response_code": "NOERROR", + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-26T21:11:03.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 60441, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 193, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: IP6 Address, DNS_TTL: 299, DNSResponseType: No error", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-26T23:11:03.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 2766, + "network.application": "dns client", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 93, + "source.ip": "10.0.1.20", + "source.packets": 1, + "source.port": 60441, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-26T21:11:03.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Intrusion-Rule" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Intrusion-Rule", + "cisco.ftd.security.application_protocol": "DNS", + "cisco.ftd.security.client": "DNS client", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dns_query": "elastic.co", + "cisco.ftd.security.dns_record_type": "the canonical name for an alias", + "cisco.ftd.security.dns_ttl": "658", + "cisco.ftd.security.dst_ip": "8.8.8.8", + "cisco.ftd.security.dst_port": "53", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "93", + "cisco.ftd.security.initiator_packets": "1", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "udp", + "cisco.ftd.security.responder_bytes": "166", + "cisco.ftd.security.responder_packets": "1", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "59714", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 166, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.packets": 1, + "destination.port": 53, + "dns.question.name": "elastic.co", + "dns.question.type": "CNAME", + "dns.response_code": "NOERROR", + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-26T21:11:03.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 59714, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 166, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: the canonical name for an alias, DNS_TTL: 658", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-26T23:11:03.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 3449, + "network.application": "dns client", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 93, + "source.ip": "10.0.1.20", + "source.packets": 1, + "source.port": 59714, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-26T21:11:03.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Intrusion-Rule" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Intrusion-Rule", + "cisco.ftd.security.access_control_rule_reason": "Intrusion Monitor", + "cisco.ftd.security.application_protocol": "DNS", + "cisco.ftd.security.client": "DNS client", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dns_query": "elastic.co", + "cisco.ftd.security.dns_record_type": "mail exchange", + "cisco.ftd.security.dns_response_type": "Non-Existent Domain", + "cisco.ftd.security.dns_ttl": "299", + "cisco.ftd.security.dst_ip": "8.8.8.8", + "cisco.ftd.security.dst_port": "53", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "93", + "cisco.ftd.security.initiator_packets": "1", + "cisco.ftd.security.ips_count": "1", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "udp", + "cisco.ftd.security.responder_bytes": "199", + "cisco.ftd.security.responder_packets": "1", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "55105", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 199, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.packets": 1, + "destination.port": 53, + "dns.question.name": "elastic.co", + "dns.question.type": "MX", + "dns.response_code": "NXDOMAIN", + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-26T21:11:03.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 55105, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 199, NAPPolicy: Balanced Security and Connectivity, DNSResponseType: Non-Existent Domain, DNSQuery: elastic.co, DNSRecordType: mail exchange, DNS_TTL: 299", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-26T23:11:03.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 4125, + "network.application": "dns client", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 93, + "source.ip": "10.0.1.20", + "source.packets": 1, + "source.port": 55105, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-26T21:11:03.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Intrusion-Rule" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Intrusion-Rule", + "cisco.ftd.security.application_protocol": "DNS", + "cisco.ftd.security.client": "DNS client", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dns_query": "elastic.co", + "cisco.ftd.security.dns_record_type": "an authoritative name server", + "cisco.ftd.security.dns_ttl": "21599", + "cisco.ftd.security.dst_ip": "8.8.8.8", + "cisco.ftd.security.dst_port": "53", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "93", + "cisco.ftd.security.initiator_packets": "1", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "udp", + "cisco.ftd.security.responder_bytes": "221", + "cisco.ftd.security.responder_packets": "1", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "57141", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 221, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.packets": 1, + "destination.port": 53, + "dns.question.name": "elastic.co", + "dns.question.type": "NS", + "dns.response_code": "NOERROR", + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-26T21:11:03.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 57141, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 221, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: an authoritative name server, DNS_TTL: 21599", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-26T23:11:03.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 4878, + "network.application": "dns client", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 93, + "source.ip": "10.0.1.20", + "source.packets": 1, + "source.port": 57141, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-26T21:11:03.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Intrusion-Rule" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Intrusion-Rule", + "cisco.ftd.security.application_protocol": "DNS", + "cisco.ftd.security.client": "DNS client", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dns_query": "elastic.co", + "cisco.ftd.security.dns_record_type": "marks the start of a zone of authority", + "cisco.ftd.security.dns_response_type": "Server Failure", + "cisco.ftd.security.dns_ttl": "899", + "cisco.ftd.security.dst_ip": "8.8.8.8", + "cisco.ftd.security.dst_port": "53", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "93", + "cisco.ftd.security.initiator_packets": "1", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "udp", + "cisco.ftd.security.responder_bytes": "166", + "cisco.ftd.security.responder_packets": "1", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "47260", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 166, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.packets": 1, + "destination.port": 53, + "dns.question.name": "elastic.co", + "dns.question.type": "SOA", + "dns.response_code": "SERVFAIL", + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-26T21:11:03.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 47260, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 166, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSResponseType: Server Failure, DNSRecordType: marks the start of a zone of authority, DNS_TTL: 899", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-26T23:11:03.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 5553, + "network.application": "dns client", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 93, + "source.ip": "10.0.1.20", + "source.packets": 1, + "source.port": 47260, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-26T21:11:03.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Intrusion-Rule" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Intrusion-Rule", + "cisco.ftd.security.access_control_rule_reason": "Intrusion Monitor", + "cisco.ftd.security.application_protocol": "DNS", + "cisco.ftd.security.client": "DNS client", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dns_query": "elastic.co", + "cisco.ftd.security.dns_record_type": "text strings", + "cisco.ftd.security.dns_ttl": "299", + "cisco.ftd.security.dst_ip": "8.8.8.8", + "cisco.ftd.security.dst_port": "53", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "93", + "cisco.ftd.security.initiator_packets": "1", + "cisco.ftd.security.ips_count": "1", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "udp", + "cisco.ftd.security.responder_bytes": "722", + "cisco.ftd.security.responder_packets": "1", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "58082", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 722, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.packets": 1, + "destination.port": 53, + "dns.question.name": "elastic.co", + "dns.question.type": "TXT", + "dns.response_code": "NOERROR", + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-26T21:11:03.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 58082, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 722, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: text strings, DNS_TTL: 299", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-26T23:11:03.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 6269, + "network.application": "dns client", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 93, + "source.ip": "10.0.1.20", + "source.packets": 1, + "source.port": 58082, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-26T21:11:03.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Intrusion-Rule" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Intrusion-Rule", + "cisco.ftd.security.application_protocol": "DNS", + "cisco.ftd.security.client": "DNS client", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dns_query": "refusedthis.com", + "cisco.ftd.security.dns_record_type": "a host address", + "cisco.ftd.security.dns_response_type": "Query Refused", + "cisco.ftd.security.dst_ip": "205.251.196.144", + "cisco.ftd.security.dst_port": "53", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "98", + "cisco.ftd.security.initiator_packets": "1", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "udp", + "cisco.ftd.security.responder_bytes": "75", + "cisco.ftd.security.responder_packets": "1", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "33973", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "205.251.196.144", + "destination.as.number": 16509, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.bytes": 75, + "destination.geo.city_name": "Seattle", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 47.6109, + "destination.geo.location.lon": -122.3303, + "destination.geo.region_iso_code": "US-WA", + "destination.geo.region_name": "Washington", + "destination.ip": "205.251.196.144", + "destination.packets": 1, + "destination.port": 53, + "dns.question.name": "refusedthis.com", + "dns.question.type": "A", + "dns.response_code": "REFUSED", + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-26T21:11:03.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 205.251.196.144, SrcPort: 33973, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 98, ResponderBytes: 75, NAPPolicy: Balanced Security and Connectivity, DNSQuery: refusedthis.com, DNSRecordType: a host address, DNSResponseType: Query Refused", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-26T23:11:03.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 6983, + "network.application": "dns client", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 98, + "source.ip": "10.0.1.20", + "source.packets": 1, + "source.port": 33973, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-26T21:11:03.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Intrusion-Rule" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Intrusion-Rule", + "cisco.ftd.security.application_protocol": "DNS", + "cisco.ftd.security.client": "DNS client", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dns_response_type": "Server Failure", + "cisco.ftd.security.dst_ip": "8.8.8.8", + "cisco.ftd.security.dst_port": "53", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "457", + "cisco.ftd.security.initiator_packets": "6", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "tcp", + "cisco.ftd.security.responder_bytes": "313", + "cisco.ftd.security.responder_packets": "4", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "39541", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 313, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.packets": 4, + "destination.port": 53, + "dns.response_code": "SERVFAIL", + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-26T21:11:03.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 39541, DstPort: 53, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 6, ResponderPackets: 4, InitiatorBytes: 457, ResponderBytes: 313, NAPPolicy: Balanced Security and Connectivity, DNSResponseType: Server Failure", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-26T23:11:03.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 7672, + "network.application": "dns client", + "network.iana_number": 6, + "network.protocol": "dns", + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 457, + "source.ip": "10.0.1.20", + "source.packets": 6, + "source.port": 39541, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-26T21:11:03.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Intrusion-Rule" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Intrusion-Rule", + "cisco.ftd.security.application_protocol": "DNS", + "cisco.ftd.security.client": "DNS client", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dns_query": "laskdfjlaksdf.elastic.co", + "cisco.ftd.security.dns_record_type": "a host address", + "cisco.ftd.security.dns_response_type": "Non-Existent Domain", + "cisco.ftd.security.dns_ttl": "900", + "cisco.ftd.security.dst_ip": "9.9.9.9", + "cisco.ftd.security.dst_port": "53", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "107", + "cisco.ftd.security.initiator_packets": "1", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "udp", + "cisco.ftd.security.responder_bytes": "180", + "cisco.ftd.security.responder_packets": "1", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "41672", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "9.9.9.9", + "destination.as.number": 19281, + "destination.as.organization.name": "Quad9", + "destination.bytes": 180, + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "FR", + "destination.geo.location.lat": 48.8582, + "destination.geo.location.lon": 2.3387, + "destination.ip": "9.9.9.9", + "destination.packets": 1, + "destination.port": 53, + "dns.question.name": "laskdfjlaksdf.elastic.co", + "dns.question.type": "A", + "dns.response_code": "NXDOMAIN", + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-26T21:11:03.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 9.9.9.9, SrcPort: 41672, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 107, ResponderBytes: 180, NAPPolicy: Balanced Security and Connectivity, DNSQuery: laskdfjlaksdf.elastic.co, DNSRecordType: a host address, DNSResponseType: Non-Existent Domain, DNS_TTL: 900", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-26T23:11:03.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 8298, + "network.application": "dns client", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 107, + "source.ip": "10.0.1.20", + "source.packets": 1, + "source.port": 41672, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-26T21:11:03.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Intrusion-Rule" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Intrusion-Rule", + "cisco.ftd.security.application_protocol": "DNS", + "cisco.ftd.security.client": "DNS client", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dns_query": "ns-1168.awsdns-18.org", + "cisco.ftd.security.dns_record_type": "a host address", + "cisco.ftd.security.dns_ttl": "31694", + "cisco.ftd.security.dst_ip": "9.9.9.9", + "cisco.ftd.security.dst_port": "53", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "104", + "cisco.ftd.security.initiator_packets": "1", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "udp", + "cisco.ftd.security.responder_bytes": "108", + "cisco.ftd.security.responder_packets": "1", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "59577", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "9.9.9.9", + "destination.as.number": 19281, + "destination.as.organization.name": "Quad9", + "destination.bytes": 108, + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "FR", + "destination.geo.location.lat": 48.8582, + "destination.geo.location.lon": 2.3387, + "destination.ip": "9.9.9.9", + "destination.packets": 1, + "destination.port": 53, + "dns.question.name": "ns-1168.awsdns-18.org", + "dns.question.type": "A", + "dns.response_code": "NOERROR", + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-26T21:11:03.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 9.9.9.9, SrcPort: 59577, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 104, ResponderBytes: 108, NAPPolicy: Balanced Security and Connectivity, DNSQuery: ns-1168.awsdns-18.org, DNSRecordType: a host address, DNS_TTL: 31694", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-26T23:11:03.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 9010, + "network.application": "dns client", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 104, + "source.ip": "10.0.1.20", + "source.packets": 1, + "source.port": 59577, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-26T21:11:03.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Intrusion-Rule" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Intrusion-Rule", + "cisco.ftd.security.application_protocol": "DNS", + "cisco.ftd.security.client": "DNS client", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dns_query": "_http._tcp.security.ubuntu.com", + "cisco.ftd.security.dns_record_type": "Server Selection", + "cisco.ftd.security.dns_response_type": "Non-Existent Domain", + "cisco.ftd.security.dns_ttl": "946", + "cisco.ftd.security.dst_ip": "9.9.9.9", + "cisco.ftd.security.dst_port": "53", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "101", + "cisco.ftd.security.initiator_packets": "1", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "udp", + "cisco.ftd.security.responder_bytes": "162", + "cisco.ftd.security.responder_packets": "1", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "35998", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "9.9.9.9", + "destination.as.number": 19281, + "destination.as.organization.name": "Quad9", + "destination.bytes": 162, + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "FR", + "destination.geo.location.lat": 48.8582, + "destination.geo.location.lon": 2.3387, + "destination.ip": "9.9.9.9", + "destination.packets": 1, + "destination.port": 53, + "dns.question.name": "_http._tcp.security.ubuntu.com", + "dns.question.type": "SRV", + "dns.response_code": "NXDOMAIN", + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-26T21:11:03.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 9.9.9.9, SrcPort: 35998, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 101, ResponderBytes: 162, NAPPolicy: Balanced Security and Connectivity, DNSQuery: _http._tcp.security.ubuntu.com, DNSRecordType: Server Selection, DNSResponseType: Non-Existent Domain, DNS_TTL: 946", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-26T23:11:03.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 9683, + "network.application": "dns client", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 101, + "source.ip": "10.0.1.20", + "source.packets": 1, + "source.port": 35998, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-26T21:11:03.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Intrusion-Rule" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Intrusion-Rule", + "cisco.ftd.security.access_control_rule_reason": "Intrusion Monitor", + "cisco.ftd.security.application_protocol": "DNS", + "cisco.ftd.security.client": "DNS client", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dns_query": "elastic.co", + "cisco.ftd.security.dns_record_type": "mail exchange", + "cisco.ftd.security.dns_ttl": "299", + "cisco.ftd.security.dst_ip": "8.8.8.8", + "cisco.ftd.security.dst_port": "53", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "93", + "cisco.ftd.security.initiator_packets": "1", + "cisco.ftd.security.ips_count": "1", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "udp", + "cisco.ftd.security.responder_bytes": "199", + "cisco.ftd.security.responder_packets": "1", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "55105", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 199, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.packets": 1, + "destination.port": 53, + "dns.question.name": "elastic.co", + "dns.question.type": "MX", + "dns.response_code": "NOERROR", + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-26T21:11:03.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 55105, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 199, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: mail exchange, DNS_TTL: 299", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-26T23:11:03.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 10403, + "network.application": "dns client", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 93, + "source.ip": "10.0.1.20", + "source.packets": 1, + "source.port": 55105, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-26T21:11:03.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Intrusion-Rule" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Intrusion-Rule", + "cisco.ftd.security.application_protocol": "DNS", + "cisco.ftd.security.client": "DNS client", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dns_query": "elastic.co", + "cisco.ftd.security.dns_record_type": "marks the start of a zone of authority", + "cisco.ftd.security.dns_ttl": "899", + "cisco.ftd.security.dst_ip": "8.8.8.8", + "cisco.ftd.security.dst_port": "53", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "93", + "cisco.ftd.security.initiator_packets": "1", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "udp", + "cisco.ftd.security.responder_bytes": "166", + "cisco.ftd.security.responder_packets": "1", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "47260", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 166, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.packets": 1, + "destination.port": 53, + "dns.question.name": "elastic.co", + "dns.question.type": "SOA", + "dns.response_code": "NOERROR", + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-26T21:11:03.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 47260, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 166, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: marks the start of a zone of authority, DNS_TTL: 899", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-26T23:11:03.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 11118, + "network.application": "dns client", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 93, + "source.ip": "10.0.1.20", + "source.packets": 1, + "source.port": 47260, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-26T21:11:03.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Intrusion-Rule" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Intrusion-Rule", + "cisco.ftd.security.application_protocol": "DNS", + "cisco.ftd.security.client": "DNS client", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dns_query": "elastic.co", + "cisco.ftd.security.dns_record_type": "the canonical name for an alias", + "cisco.ftd.security.dns_ttl": "899", + "cisco.ftd.security.dst_ip": "8.8.8.8", + "cisco.ftd.security.dst_port": "53", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "93", + "cisco.ftd.security.initiator_packets": "1", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "udp", + "cisco.ftd.security.responder_bytes": "166", + "cisco.ftd.security.responder_packets": "1", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "53033", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 166, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.packets": 1, + "destination.port": 53, + "dns.question.name": "elastic.co", + "dns.question.type": "CNAME", + "dns.response_code": "NOERROR", + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-26T21:11:03.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 53033, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 166, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: the canonical name for an alias, DNS_TTL: 899", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-26T23:11:03.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 11801, + "network.application": "dns client", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 93, + "source.ip": "10.0.1.20", + "source.packets": 1, + "source.port": 53033, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-26T21:11:03.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Intrusion-Rule" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Intrusion-Rule", + "cisco.ftd.security.application_protocol": "DNS", + "cisco.ftd.security.client": "DNS client", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dns_query": "elastic.co", + "cisco.ftd.security.dns_record_type": "an authoritative name server", + "cisco.ftd.security.dns_ttl": "21599", + "cisco.ftd.security.dst_ip": "8.8.8.8", + "cisco.ftd.security.dst_port": "53", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "93", + "cisco.ftd.security.initiator_packets": "1", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "udp", + "cisco.ftd.security.responder_bytes": "221", + "cisco.ftd.security.responder_packets": "1", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "57141", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 221, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.packets": 1, + "destination.port": 53, + "dns.question.name": "elastic.co", + "dns.question.type": "NS", + "dns.response_code": "NOERROR", + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-26T21:11:03.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 57141, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 221, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: an authoritative name server, DNS_TTL: 21599", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-26T23:11:03.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 12477, + "network.application": "dns client", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 93, + "source.ip": "10.0.1.20", + "source.packets": 1, + "source.port": 57141, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-26T21:11:03.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Intrusion-Rule" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Intrusion-Rule", + "cisco.ftd.security.application_protocol": "DNS", + "cisco.ftd.security.client": "DNS client", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dns_record_type": "a domain name pointer", + "cisco.ftd.security.dns_ttl": "59", + "cisco.ftd.security.dst_ip": "8.8.8.8", + "cisco.ftd.security.dst_port": "53", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "93", + "cisco.ftd.security.initiator_packets": "1", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "udp", + "cisco.ftd.security.responder_bytes": "131", + "cisco.ftd.security.responder_packets": "1", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "46093", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 131, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.packets": 1, + "destination.port": 53, + "dns.question.type": "PTR", + "dns.response_code": "NOERROR", + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-26T21:11:03.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 46093, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 131, NAPPolicy: Balanced Security and Connectivity, DNSRecordType: a domain name pointer, DNS_TTL: 59", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-26T23:11:03.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 13152, + "network.application": "dns client", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 93, + "source.ip": "10.0.1.20", + "source.packets": 1, + "source.port": 46093, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-26T21:11:03.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Intrusion-Rule" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Intrusion-Rule", + "cisco.ftd.security.access_control_rule_reason": "Intrusion Monitor", + "cisco.ftd.security.application_protocol": "DNS", + "cisco.ftd.security.client": "DNS client", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dns_query": "elastic.co", + "cisco.ftd.security.dns_record_type": "text strings", + "cisco.ftd.security.dns_ttl": "299", + "cisco.ftd.security.dst_ip": "8.8.8.8", + "cisco.ftd.security.dst_port": "53", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "93", + "cisco.ftd.security.initiator_packets": "1", + "cisco.ftd.security.ips_count": "1", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "udp", + "cisco.ftd.security.responder_bytes": "722", + "cisco.ftd.security.responder_packets": "1", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "58082", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 722, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.packets": 1, + "destination.port": 53, + "dns.question.name": "elastic.co", + "dns.question.type": "TXT", + "dns.response_code": "NOERROR", + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-26T21:11:03.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 58082, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 722, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: text strings, DNS_TTL: 299", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-26T23:11:03.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 13795, + "network.application": "dns client", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 93, + "source.ip": "10.0.1.20", + "source.packets": 1, + "source.port": 58082, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + } +] \ No newline at end of file diff --git a/filebeat/module/cisco/ftd/test/filtered.log b/filebeat/module/cisco/ftd/test/filtered.log new file mode 100644 index 00000000000..aa78fd10d1b --- /dev/null +++ b/filebeat/module/cisco/ftd/test/filtered.log @@ -0,0 +1,2 @@ +Jan 1 2019 01:00:27 beats asa[1234]: %FTD-7-999999: This message is not filtered. +Jan 1 2019 01:00:30 beats asa[1234]: %FTD-8-999999: This phony message is dropped due to log level. diff --git a/filebeat/module/cisco/ftd/test/filtered.log-expected.json b/filebeat/module/cisco/ftd/test/filtered.log-expected.json new file mode 100644 index 00000000000..d7c81ec581d --- /dev/null +++ b/filebeat/module/cisco/ftd/test/filtered.log-expected.json @@ -0,0 +1,24 @@ +[ + { + "@timestamp": "2019-01-01T01:00:27.000-02:00", + "cisco.ftd.message_id": "999999", + "event.action": "firewall-rule", + "event.code": 999999, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-7-999999: This message is not filtered.", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "beats", + "input.type": "log", + "log.level": "debug", + "log.offset": 0, + "process.name": "asa", + "process.pid": 1234, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/cisco/ftd/test/firepower-management.log b/filebeat/module/cisco/ftd/test/firepower-management.log new file mode 100644 index 0000000000000000000000000000000000000000..707bd4f4e54e9e032f2847086dd16122e3072ec1 GIT binary patch literal 5064 zcmd5=+fv&w5bZNxu^*5GUt$_GltL5AFaw>mF70DR*s@V8OCDRM;C8`t+>QGWbHJWQBeF-X8R?sZ7}q7AYBV!3~9P zT7qSO_EG!Y?PC2*>Y^&~=na+N(Rf&}q_oeb>x1CwwJt}h(xWWR-lPLe`|K_NvJJFH z91k+}M~zBW+_0jP3%f4u3suDs;*WU5ke9lxpeh6;TxeEc*F!n!{&Hovtv3Lg<+iY% z(?*wi6a)Eo z`t>(ptFR)W<{;RKY>x!Z&YeXxQ*Od4%V;sSCno5wyC`@3G>d4TxK7hj4W|BY}f*{-&{`rKv+ffdn=EyOMDlOquTj@uUN&xsGvDp>`vYjd$PX>6;W}mO5K8= zwEPPuWZYyXi6)f*UH>~$SuU8_W(c64Y{x7YY7D1BT~YC9-#KOI`HgRXj;P=riQ2Qp zUJFsvIXb@>;^H^iD^awcp(+R(P57DTn+JZhp;{RYqlUrWicVTd)O0)z%(To<^E*=>X6cMjLwBG{G~VfSB`^IA@t zSBvOY-DJGzF2>Z)@4YUA`+Z@N8$7Rt`|ieRj&oG++7B*&;bD(;y!m^u4Mc93tmo>? h;iK7x2Nr|L817#}nV9UTz$CpAEXKD7yflwH{{hFbO6C9n literal 0 HcmV?d00001 diff --git a/filebeat/module/cisco/ftd/test/firepower-management.log-expected.json b/filebeat/module/cisco/ftd/test/firepower-management.log-expected.json new file mode 100644 index 00000000000..8e55a34e1a4 --- /dev/null +++ b/filebeat/module/cisco/ftd/test/firepower-management.log-expected.json @@ -0,0 +1,615 @@ +[ + { + "@timestamp": "2019-08-14T13:56:30.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, System > Configuration > Configuration > /platinum/platformSettingEdit.cgi?type=AuditLog, Page View\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 0, + "process.name": "platformSettingEdit.cgi", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T13:57:19.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, System > Configuration > Configuration > /platinum/platformSettingEdit.cgi?type=Banner, Page View\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 194, + "process.name": "platformSettingEdit.cgi", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T13:57:26.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, System > Configuration > Configuration > /platinum/ChangeReconciliation.cgi, Page View\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 386, + "process.name": "ChangeReconciliation.cgi", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T13:57:34.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, System > Configuration > Configuration > /platinum/platformSettingEdit.cgi?type=IntrusionPolicyPrefs, Page View\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 568, + "process.name": "platformSettingEdit.cgi", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T13:57:43.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, System > Configuration > Configuration > /admin/lights_out_mgmt.cgi, Page View\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 774, + "process.name": "lights_out_mgmt.cgi", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T13:58:02.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, Cloud Services, View url filtering settings\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 943, + "process.name": "mojo_server.pl", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T13:58:02.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, Cloud Services, View amp settings\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 1072, + "process.name": "mojo_server.pl", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T13:58:20.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, System > Monitoring > Syslog, Page View\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 1191, + "process.name": "mojo_server.pl", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T13:58:41.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, Devices > Device Management, Page View\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 1316, + "process.name": "mojo_server.pl", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T13:58:47.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, Devices > Device Management > NGFW Interfaces, Page View\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 1440, + "process.name": "sfdccsm", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T13:58:52.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, Devices > Device Management > NGFW Device Summary, Page View\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 1575, + "process.name": "mojo_server.pl", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T13:58:54.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, Devices > Device Management > NGFW Device Summary, Page View\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 1721, + "process.name": "mojo_server.pl", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T13:59:10.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, Devices > Platform Settings, Page View\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 1867, + "process.name": "sfdccsm", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T13:59:15.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, Devices > Platform Settings > Platform Settings Editor, Page View\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 1984, + "process.name": "sfdccsm", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T14:00:37.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, Devices > Platform Settings > Platform Settings Editor, Save Policy ftd-policy\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 2128, + "process.name": "sfdccsm", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T14:00:37.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, Devices > Platform Settings > Platform Settings Editor, Modified: Syslog\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 2285, + "process.name": "sfdccsm", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T14:00:37.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, Devices > Platform Settings > Platform Settings Editor, Page View\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 2436, + "process.name": "sfdccsm", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T14:01:12.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, Devices > Platform Settings > Platform Settings Editor, Save Policy ftd-policy\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 2580, + "process.name": "sfdccsm", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T14:01:12.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, Devices > Platform Settings > Platform Settings Editor, Modified: Syslog\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 2737, + "process.name": "sfdccsm", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T14:01:13.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, Devices > Platform Settings > Platform Settings Editor, Page View\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 2888, + "process.name": "sfdccsm", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T14:01:20.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "csm_processes@Default User IP, Login, Login Success\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 3032, + "process.name": "sfdccsm", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T14:01:31.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "csm_processes@Default User IP, Login, Login Success\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 3143, + "process.name": "ActionQueueScrape.pl", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T14:01:31.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@localhost, Task Queue, Successful task completion : Pre-deploy Global Configuration Generation\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 3267, + "process.name": "ActionQueueScrape.pl", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T14:01:35.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "csm_processes@Default User IP, Login, Login Success\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 3440, + "process.name": "ActionQueueScrape.pl", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T14:01:36.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@localhost, Task Queue, Successful task completion : Pre-deploy Device Configuration for siem-ftd\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 3564, + "process.name": "ActionQueueScrape.pl", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T14:01:55.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, System > Configuration > Configuration, Page View\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 3739, + "process.name": "mojo_server.pl", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T14:01:56.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@localhost, Task Queue, Policy Deployment to siem-ftd - SUCCESS\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 3874, + "process.name": "sfdccsm", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T14:01:57.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "csm_processes@Default User IP, Login, Login Success\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 4002, + "process.name": "sfdccsm", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T14:02:03.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, System > Monitoring > Syslog, Page View\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 4113, + "process.name": "mojo_server.pl", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T14:02:11.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, System > Monitoring > Audit, Page View\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 4238, + "process.name": "index.cgi", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T14:02:19.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, System > Configuration > Configuration, Page View\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 4357, + "process.name": "mojo_server.pl", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T14:02:31.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, System > Configuration > Configuration > /platinum/platformSettingEdit.cgi?type=AuditLog, Page View\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 4492, + "process.name": "platformSettingEdit.cgi", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T14:02:38.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, Devices > Platform Settings > Local System Configuration, Save Local System Configuration\u0000x0a\u0000x00", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 4686, + "process.name": "platformSettingEdit.cgi", + "service.type": "cisco", + "syslog.facility": 14, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2019-08-14T14:02:38.000-02:00", + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "admin@10.0.255.31, Devices > Platform Settings > Audit Log Settings > Modified: Send Audit Log to Syslog enabled > Disabled", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "debug", + "log.offset": 4870, + "process.name": "platformSettingEdit.cgi", + "service.type": "cisco", + "syslog.facility": 14, + "syslog.priority": 2, + "tags": [ + "cisco-ftd" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/cisco/ftd/test/intrusion.log b/filebeat/module/cisco/ftd/test/intrusion.log new file mode 100644 index 00000000000..c92f6380b33 --- /dev/null +++ b/filebeat/module/cisco/ftd/test/intrusion.log @@ -0,0 +1,4 @@ +2019-08-16T09:54:00Z firepower %FTD-0-430001: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 55644, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, Priority: 1, GID: 1, SID: 17279, Revision: 12, Message: SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt, Classification: Attempted User Privilege Gain, User: No Authentication Required, Client: Firefox, ApplicationProtocol: HTTP, IntrusionPolicy: intrusion-policy, ACPolicy: default, NAPPolicy: Balanced Security and Connectivity +2019-08-16T09:57:02Z firepower %FTD-0-430001: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 55868, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, Priority: 1, GID: 1, SID: 17279, Revision: 12, Message: SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt, Classification: Attempted User Privilege Gain, User: No Authentication Required, Client: Firefox, ApplicationProtocol: HTTP, IntrusionPolicy: intrusion-policy, ACPolicy: default, NAPPolicy: Balanced Security and Connectivity +2019-08-16T10:04:44Z firepower %FTD-0-430001: SrcIP: 10.0.100.30, DstIP: 10.0.1.20, SrcPort: 21, DstPort: 39114, Protocol: tcp, IngressInterface: outside, EgressInterface: inside, IngressZone: output-zone, EgressZone: input-zone, Priority: 3, GID: 1, SID: 13360, Revision: 6, Message: APP-DETECT failed FTP login attempt, Classification: Misc Activity, User: No Authentication Required, IntrusionPolicy: intrusion-policy, ACPolicy: default, NAPPolicy: Balanced Security and Connectivity +2019-08-16T10:09:47Z firepower %FTD-0-430001: SrcIP: 10.0.100.30, DstIP: 10.0.1.20, SrcPort: 21, DstPort: 40740, Protocol: 6, IngressInterface: outside, EgressInterface: inside, IngressZone: output-zone, EgressZone: input-zone, Priority: 3, GID: 1, SID: 13360, Revision: 6, Message: APP-DETECT failed FTP login attempt, Classification: Misc Activity, User: No Authentication Required, IntrusionPolicy: intrusion-policy, ACPolicy: default, NAPPolicy: Balanced Security and Connectivity diff --git a/filebeat/module/cisco/ftd/test/intrusion.log-expected.json b/filebeat/module/cisco/ftd/test/intrusion.log-expected.json new file mode 100644 index 00000000000..0f75bd8cea8 --- /dev/null +++ b/filebeat/module/cisco/ftd/test/intrusion.log-expected.json @@ -0,0 +1,238 @@ +[ + { + "@timestamp": "2019-08-16T07:54:00.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430001", + "cisco.ftd.rule_name": [ + "intrusion-policy", + "default" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.application_protocol": "HTTP", + "cisco.ftd.security.classification": "Attempted User Privilege Gain", + "cisco.ftd.security.client": "Firefox", + "cisco.ftd.security.dst_ip": "10.0.100.30", + "cisco.ftd.security.dst_port": "80", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.gid": "1", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.intrusion_policy": "intrusion-policy", + "cisco.ftd.security.message": "SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.priority": "1", + "cisco.ftd.security.protocol": "tcp", + "cisco.ftd.security.revision": "12", + "cisco.ftd.security.sid": "17279", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "55644", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "10.0.100.30", + "destination.ip": "10.0.100.30", + "destination.port": 80, + "event.action": "intrusion-detected", + "event.code": 430001, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-0-430001: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 55644, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, Priority: 1, GID: 1, SID: 17279, Revision: 12, Message: SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt, Classification: Attempted User Privilege Gain, User: No Authentication Required, Client: Firefox, ApplicationProtocol: HTTP, IntrusionPolicy: intrusion-policy, ACPolicy: default, NAPPolicy: Balanced Security and Connectivity", + "event.severity": 0, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "firepower", + "input.type": "log", + "log.level": "unknown", + "log.offset": 0, + "message": "SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt", + "network.application": "firefox", + "network.iana_number": 6, + "network.protocol": "http", + "network.transport": "tcp", + "service.id": "1", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.ip": "10.0.1.20", + "source.port": 55644, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-16T07:57:02.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430001", + "cisco.ftd.rule_name": [ + "intrusion-policy", + "default" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.application_protocol": "HTTP", + "cisco.ftd.security.classification": "Attempted User Privilege Gain", + "cisco.ftd.security.client": "Firefox", + "cisco.ftd.security.dst_ip": "10.0.100.30", + "cisco.ftd.security.dst_port": "80", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.gid": "1", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.intrusion_policy": "intrusion-policy", + "cisco.ftd.security.message": "SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.priority": "1", + "cisco.ftd.security.protocol": "tcp", + "cisco.ftd.security.revision": "12", + "cisco.ftd.security.sid": "17279", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "55868", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "10.0.100.30", + "destination.ip": "10.0.100.30", + "destination.port": 80, + "event.action": "intrusion-detected", + "event.code": 430001, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-0-430001: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 55868, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, Priority: 1, GID: 1, SID: 17279, Revision: 12, Message: SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt, Classification: Attempted User Privilege Gain, User: No Authentication Required, Client: Firefox, ApplicationProtocol: HTTP, IntrusionPolicy: intrusion-policy, ACPolicy: default, NAPPolicy: Balanced Security and Connectivity", + "event.severity": 0, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "firepower", + "input.type": "log", + "log.level": "unknown", + "log.offset": 587, + "message": "SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt", + "network.application": "firefox", + "network.iana_number": 6, + "network.protocol": "http", + "network.transport": "tcp", + "service.id": "1", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.ip": "10.0.1.20", + "source.port": 55868, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-16T08:04:44.000-02:00", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "430001", + "cisco.ftd.rule_name": [ + "intrusion-policy", + "default" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.classification": "Misc Activity", + "cisco.ftd.security.dst_ip": "10.0.1.20", + "cisco.ftd.security.dst_port": "39114", + "cisco.ftd.security.egress_interface": "inside", + "cisco.ftd.security.egress_zone": "input-zone", + "cisco.ftd.security.gid": "1", + "cisco.ftd.security.ingress_interface": "outside", + "cisco.ftd.security.ingress_zone": "output-zone", + "cisco.ftd.security.intrusion_policy": "intrusion-policy", + "cisco.ftd.security.message": "APP-DETECT failed FTP login attempt", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.priority": "3", + "cisco.ftd.security.protocol": "tcp", + "cisco.ftd.security.revision": "6", + "cisco.ftd.security.sid": "13360", + "cisco.ftd.security.src_ip": "10.0.100.30", + "cisco.ftd.security.src_port": "21", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "outside", + "destination.address": "10.0.1.20", + "destination.ip": "10.0.1.20", + "destination.port": 39114, + "event.action": "intrusion-detected", + "event.code": 430001, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-0-430001: SrcIP: 10.0.100.30, DstIP: 10.0.1.20, SrcPort: 21, DstPort: 39114, Protocol: tcp, IngressInterface: outside, EgressInterface: inside, IngressZone: output-zone, EgressZone: input-zone, Priority: 3, GID: 1, SID: 13360, Revision: 6, Message: APP-DETECT failed FTP login attempt, Classification: Misc Activity, User: No Authentication Required, IntrusionPolicy: intrusion-policy, ACPolicy: default, NAPPolicy: Balanced Security and Connectivity", + "event.severity": 0, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "firepower", + "input.type": "log", + "log.level": "unknown", + "log.offset": 1174, + "message": "APP-DETECT failed FTP login attempt", + "network.iana_number": 6, + "network.transport": "tcp", + "service.id": "1", + "service.type": "cisco", + "source.address": "10.0.100.30", + "source.ip": "10.0.100.30", + "source.port": 21, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-16T08:09:47.000-02:00", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "430001", + "cisco.ftd.rule_name": [ + "intrusion-policy", + "default" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.classification": "Misc Activity", + "cisco.ftd.security.dst_ip": "10.0.1.20", + "cisco.ftd.security.dst_port": "40740", + "cisco.ftd.security.egress_interface": "inside", + "cisco.ftd.security.egress_zone": "input-zone", + "cisco.ftd.security.gid": "1", + "cisco.ftd.security.ingress_interface": "outside", + "cisco.ftd.security.ingress_zone": "output-zone", + "cisco.ftd.security.intrusion_policy": "intrusion-policy", + "cisco.ftd.security.message": "APP-DETECT failed FTP login attempt", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.priority": "3", + "cisco.ftd.security.protocol": "6", + "cisco.ftd.security.revision": "6", + "cisco.ftd.security.sid": "13360", + "cisco.ftd.security.src_ip": "10.0.100.30", + "cisco.ftd.security.src_port": "21", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "outside", + "destination.address": "10.0.1.20", + "destination.ip": "10.0.1.20", + "destination.port": 40740, + "event.action": "intrusion-detected", + "event.code": 430001, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-0-430001: SrcIP: 10.0.100.30, DstIP: 10.0.1.20, SrcPort: 21, DstPort: 40740, Protocol: 6, IngressInterface: outside, EgressInterface: inside, IngressZone: output-zone, EgressZone: input-zone, Priority: 3, GID: 1, SID: 13360, Revision: 6, Message: APP-DETECT failed FTP login attempt, Classification: Misc Activity, User: No Authentication Required, IntrusionPolicy: intrusion-policy, ACPolicy: default, NAPPolicy: Balanced Security and Connectivity", + "event.severity": 0, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "firepower", + "input.type": "log", + "log.level": "unknown", + "log.offset": 1662, + "message": "APP-DETECT failed FTP login attempt", + "network.iana_number": 6, + "network.transport": "tcp", + "service.id": "1", + "service.type": "cisco", + "source.address": "10.0.100.30", + "source.ip": "10.0.100.30", + "source.port": 21, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + } +] \ No newline at end of file diff --git a/filebeat/module/cisco/ftd/test/no-type-id.log b/filebeat/module/cisco/ftd/test/no-type-id.log new file mode 100644 index 00000000000..c8033fb069e --- /dev/null +++ b/filebeat/module/cisco/ftd/test/no-type-id.log @@ -0,0 +1,4 @@ +Jan 11 2018 01:00:27 beats ftd[1234]: ApplicationProtocol: http, Client: webserver, DstIP: 10.8.12.47, SrcIP: 10.1.123.45, Message: Intrusion attempt +Jan 11 2018 01:00:27 beats ftd[1234]: HTTPResponse: 404, Message: Some message here (1:36330:2). +Jan 11 2018 01:00:27 beats ftd[1234]: HTTPResponse: 404, Message: Some message here (1:36330:2), Empty: ,FileCount:, IngressZone: +Jan 11 2018 01:00:27 beats ftd[1234]: %ASA-3-430005 Message: This one has a type id, HTTPResponse: 404, Message: And two messages, SrcIP: 127.0.0.1, DstIP: 192.168.3.33, SrcPort: 512, DstPort: 64311 diff --git a/filebeat/module/cisco/ftd/test/no-type-id.log-expected.json b/filebeat/module/cisco/ftd/test/no-type-id.log-expected.json new file mode 100644 index 00000000000..6355040fe6d --- /dev/null +++ b/filebeat/module/cisco/ftd/test/no-type-id.log-expected.json @@ -0,0 +1,130 @@ +[ + { + "@timestamp": "2018-01-11T01:00:27.000-02:00", + "cisco.ftd.message_id": "430001", + "cisco.ftd.security.application_protocol": "http", + "cisco.ftd.security.client": "webserver", + "cisco.ftd.security.dst_ip": "10.8.12.47", + "cisco.ftd.security.message": "Intrusion attempt", + "cisco.ftd.security.src_ip": "10.1.123.45", + "destination.address": "10.8.12.47", + "destination.ip": "10.8.12.47", + "event.action": "intrusion-detected", + "event.code": 430001, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "ApplicationProtocol: http, Client: webserver, DstIP: 10.8.12.47, SrcIP: 10.1.123.45, Message: Intrusion attempt", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "beats", + "input.type": "log", + "log.level": "debug", + "log.offset": 0, + "message": "Intrusion attempt", + "network.application": "webserver", + "network.protocol": "http", + "process.name": "ftd", + "process.pid": 1234, + "service.type": "cisco", + "source.address": "10.1.123.45", + "source.ip": "10.1.123.45", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-01-11T01:00:27.000-02:00", + "cisco.ftd.message_id": "430001", + "cisco.ftd.security.http_response": "404", + "cisco.ftd.security.message": "Some message here (1:36330:2).", + "event.action": "intrusion-detected", + "event.code": 430001, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "HTTPResponse: 404, Message: Some message here (1:36330:2).", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "beats", + "http.response.status_code": "404", + "input.type": "log", + "log.level": "debug", + "log.offset": 150, + "message": "Some message here (1:36330:2).", + "process.name": "ftd", + "process.pid": 1234, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-01-11T01:00:27.000-02:00", + "cisco.ftd.message_id": "430002", + "cisco.ftd.security.http_response": "404", + "cisco.ftd.security.message": "Some message here (1:36330:2)", + "event.action": "connection-started", + "event.code": 430002, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "HTTPResponse: 404, Message: Some message here (1:36330:2), Empty: ,FileCount:, IngressZone:", + "event.severity": 7, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "beats", + "http.response.status_code": "404", + "input.type": "log", + "log.level": "debug", + "log.offset": 247, + "message": "Some message here (1:36330:2)", + "process.name": "ftd", + "process.pid": 1234, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-01-11T01:00:27.000-02:00", + "cisco.ftd.message_id": "430005", + "cisco.ftd.security.dst_ip": "192.168.3.33", + "cisco.ftd.security.dst_port": "64311", + "cisco.ftd.security.http_response": "404", + "cisco.ftd.security.message": [ + "This one has a type id", + "And two messages" + ], + "cisco.ftd.security.src_ip": "127.0.0.1", + "cisco.ftd.security.src_port": "512", + "destination.address": "192.168.3.33", + "destination.ip": "192.168.3.33", + "destination.port": 64311, + "event.action": "malware-detected", + "event.code": 430005, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%ASA-3-430005 Message: This one has a type id, HTTPResponse: 404, Message: And two messages, SrcIP: 127.0.0.1, DstIP: 192.168.3.33, SrcPort: 512, DstPort: 64311", + "event.severity": 3, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "beats", + "http.response.status_code": "404", + "input.type": "log", + "log.level": "error", + "log.offset": 377, + "message": [ + "This one has a type id", + "And two messages" + ], + "process.name": "ftd", + "process.pid": 1234, + "service.type": "cisco", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "source.port": 512, + "tags": [ + "cisco-ftd" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/cisco/ftd/test/sample.log b/filebeat/module/cisco/ftd/test/sample.log new file mode 100644 index 00000000000..d0a3a1649a9 --- /dev/null +++ b/filebeat/module/cisco/ftd/test/sample.log @@ -0,0 +1,72 @@ +Apr 15 2013 09:36:50: %FTD-4-106023: Deny tcp src dmz:10.1.2.30/63016 dst outside:192.0.0.8/53 by access-group "acl_dmz" [0xe3aab522, 0x0] +Apr 15 2013 09:36:50: %FTD-4-106023: Deny tcp src dmz:10.1.2.30/63016 dst outside:192.0.0.8/53 type 3, code 0, by access-group "acl_dmz" [0xe3aab522, 0x0] +Apr 15 2014 09:34:34 EDT: %FTD-session-5-106100: access-list acl_in permitted tcp inside/10.1.2.16(2241) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 24 2013 16:00:28 INT-FW01 : %FTD-6-106100: access-list inside denied udp inside/172.29.2.101(1039) -> outside/192.0.2.10(53) hit-cnt 1 first hit [0xd820e56a, 0x0] +Apr 24 2013 16:00:27 INT-FW01 : %FTD-6-106100: access-list inside permitted udp inside/172.29.2.3(1065) -> outside/192.0.2.57(53) hit-cnt 144 300-second interval [0xe982c7a4, 0x0] +Apr 29 2013 12:59:50: %FTD-6-305011: Built dynamic TCP translation from outside:10.123.3.42/4952 to outside:192.0.2.130/12834 +Apr 29 2013 12:59:50: %FTD-6-302013: Built outbound TCP connection 89743274 for outside:192.0.2.43/443 (192.0.2.43/443) to outside:10.123.3.42/4952 (10.123.3.42.130/12834) +Apr 29 2013 12:59:50: %FTD-6-305011: Built dynamic UDP translation from outside:10.123.1.35/52925 to outside:192.0.2.130/25882 +Apr 29 2013 12:59:50: %FTD-6-302015: Built outbound UDP connection 89743275 for outside:192.0.2.222/53 (192.0.2.43/53) to outside:10.123.1.35/52925 (10.123.1.35/25882) +Apr 29 2013 12:59:50: %FTD-6-305011: Built dynamic TCP translation from outside:10.123.3.42/4953 to outside:192.0.2.130/45392 +Apr 29 2013 12:59:50: %FTD-6-302013: Built outbound TCP connection 89743276 for outside:192.0.2.1/80 (192.0.2.1/80) to outside:10.123.3.42/4953 (10.123.3.130/45392) +Apr 29 2013 12:59:50: %FTD-6-302016: Teardown UDP connection 89743275 for outside:192.0.2.222/53 to inside:10.123.1.35/52925 duration 1:23:45 bytes 140 +Apr 29 2013 12:59:50: %FTD-6-302016: Teardown UDP connection 666 for outside:192.0.2.222/53 user1 to inside:10.123.1.35/52925 user2 duration 10:00:00 bytes 9999999 +Jun 04 2011 21:59:52 FJSG2NRFW01 : %FTD-6-302021: Teardown ICMP connection for faddr 172.24.177.29/0 gaddr 192.168.132.46/17233 laddr 192.168.132.46/17233 +Apr 29 2013 12:59:50: %FTD-6-305011: Built dynamic TCP translation from inside:192.168.3.42/4954 to outside:192.0.0.130/10879 +Apr 29 2013 12:59:50: %FTD-6-302013: Built outbound TCP connection 89743277 for outside:192.0.0.17/80 (192.0.0.17/80) to inside:192.168.3.42/4954 (10.0.0.130/10879) +Apr 30 2013 09:22:33: %FTD-2-106007: Deny inbound UDP from 192.0.0.66/12981 to 10.1.2.60/53 due to DNS Query +Apr 30 2013 09:22:38: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2006) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:22:38: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49734) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:22:39: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49735) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:22:39: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49736) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:22:39: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49737) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:22:40: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49738) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:22:41: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49746) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:22:47: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2007) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:22:48: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.13(43013) -> dmz/192.168.33.31(25) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:22:56: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2008) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:23:02: %FTD-2-106006: Deny inbound UDP from 192.0.2.66/137 to 10.1.2.42/137 on interface inside +Apr 30 2013 09:23:03: %FTD-2-106007: Deny inbound UDP from 192.0.2.66/12981 to 10.1.5.60/53 due to DNS Query +Apr 30 2013 09:23:06: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2009) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:23:08: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49776) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:23:15: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2010) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:23:24: %FTD-5-106100: access-list acl_in denied tcp inside/10.0.0.16(2011) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:23:34: %FTD-5-106100: access-list acl_in denied tcp inside/10.0.0.16(2012) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:23:40: %FTD-4-106023: Deny tcp src outside:192.0.2.126/53638 dst inside:10.0.0.132/8111 by access-group "acl_out" [0x71761f18, 0x0] +Apr 30 2013 09:23:41: %FTD-4-106023: Deny tcp src outside:192.0.2.126/53638 dst inside:10.0.0.132/8111 by access-group "acl_out" [0x71761f18, 0x0] +Apr 30 2013 09:23:43: %FTD-5-106100: access-list acl_in est-allowed tcp inside/10.0.0.46(49840) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 30 2013 09:23:43: %FTD-5-106100: access-list acl_in est-allowed tcp inside/10.0.0.16(2013) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0] +Apr 15 2018 09:34:34 EDT: %FTD-session-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2241) -> outside/192.0.0.99(2000) hit-cnt 1 first hit [0x71a87d94, 0x0] +Dec 11 2018 08:01:24 127.0.0.1: %FTD-6-302015: Built outbound UDP connection 447235 for outside:192.168.77.12/11180 (192.168.77.12/11180) to identity:10.0.13.13/80 (10.0.13.13/80) +Dec 11 2018 08:01:24 127.0.0.1: %FTD-6-302015: Built outbound UDP connection 447235 for outside:192.168.77.12/11180 (192.168.77.12/11180) to identity:10.0.13.13/80port> (10.0.13.13/80) +Dec 11 2018 08:01:24 127.0.0.1: %FTD-4-106023: Deny udp src dmz:192.168.1.33/5555 dst outside:192.0.0.12/53 by access-group "dmz" [0x123a465e, 0x4c7bf613] +Dec 11 2018 08:01:24 127.0.0.1: %FTD-4-106023: Deny udp src dmz:192.168.1.33/5555 dst outside:192.0.0.12/53 by access-group "dmz" [0x123a465e, 0x4c7bf613] +Dec 11 2018 08:01:31 127.0.0.1: %FTD-6-302013: Built outbound TCP connection 447236 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:OCSP_Server/5678 (OCSP_Server/5678) +Dec 11 2018 08:01:31 127.0.0.1: %FTD-6-302013: Built outbound TCP connection 447236 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:OCSP_Server/5678 (OCSP_Server/5678) +Dec 11 2018 08:01:31 127.0.0.1: %FTD-6-302014: Teardown TCP connection 447236 for outside:192.0.2.222/1234 to dmz:192.168.1.34/5678 duration 0:00:00 bytes 14804 TCP FINs +Dec 11 2018 08:01:38 127.0.0.1: %FTD-6-302014: Teardown TCP connection 447234 for outside:192.0.2.222/1234 to dmz:192.168.1.35/5678 duration 0:01:08 bytes 134781 TCP FINs +Dec 11 2018 08:01:38 127.0.0.1: %FTD-6-302014: Teardown TCP connection 447234 for outside:192.0.2.222/1234 to dmz:192.168.1.35/5678 duration 0:01:08 bytes 134781 TCP FINs +Dec 11 2018 08:01:38 127.0.0.1: %FTD-6-106015: Deny TCP (no connection) from 192.0.2.222/1234 to 192.168.1.34/5679 flags RST on interface outside +Dec 11 2018 08:01:38 127.0.0.1: %FTD-6-106015: Deny TCP (no connection) from 192.0.2.222/1234 to 192.168.1.34/5679 flags RST on interface outside +Dec 11 2018 08:01:39 127.0.0.1: %FTD-4-106023: Deny udp src dmz:192.168.1.34/5679 dst outside:192.0.0.12/5000 by access-group "dmz" [0x123a465e, 0x8c20f21] +Dec 11 2018 08:01:53 127.0.0.1: %FTD-6-302013: Built outbound TCP connection 447237 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:192.168.1.34/65000 (192.168.1.34/65000) +Dec 11 2018 08:01:53 127.0.0.1: %FTD-6-302013: Built outbound TCP connection 447237 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:192.168.1.34/65000 (192.168.1.34/65000) +Dec 11 2018 08:01:53 127.0.0.1: %FTD-6-302014: Teardown TCP connection 447237 for outside:192.0.2.222/1234 to dmz:10.10.10.10/1235 duration 23:59:59 bytes 11420 TCP FINs +Aug 15 2012 23:30:09: %FTD-6-302016: Teardown UDP connection 40 for outside:10.44.4.4/500 to inside:10.44.2.2/500 duration 0:02:02 bytes 1416 +Sep 12 2014 06:50:53 GIFRCHN01 : %FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.47 on interface Mobile_Traffic +Sep 12 2014 06:51:01 GIFRCHN01 : %FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.57 on interface Mobile_Traffic +Sep 12 2014 06:51:05 GIFRCHN01 : %FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.47 on interface Mobile_Traffic +Sep 12 2014 06:51:05 GIFRCHN01 : %FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.47 on interface Mobile_Traffic +Sep 12 2014 06:51:06 GIFRCHN01 : %FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.57 on interface Mobile_Traffic +Sep 12 2014 06:51:17 GIFRCHN01 : %FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.57 on interface Mobile_Traffic +Sep 12 2014 06:52:48 GIFRCHN01 : %FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.168.1.255 on interface Mobile_Traffic +Sep 12 2014 06:53:00 GIFRCHN01 : %FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.168.1.255 on interface Mobile_Traffic +Sep 12 2014 06:53:01 GIFRCHN01 : %FTD-4-106023: Deny tcp src outside:192.0.2.95/24069 dst inside:10.32.112.125/25 by access-group "PERMIT_IN" [0x0, 0x0]" +Sep 12 2014 06:53:02 GIFRCHN01 : %FTD-3-313001: Denied ICMP type=3, code=3 from 10.2.3.5 on interface Outside +Jan 14 2015 13:16:13: %FTD-4-313004: Denied ICMP type=0, from laddr 172.16.30.2 on interface inside to 172.16.1.10: no matching session +Jan 14 2015 13:16:14: %FTD-4-338002: Dynamic Filter permitted black listed TCP traffic from inside:10.1.1.45/6798 (192.88.99.1/7890) to outside:192.88.99.129/80 (192.88.99.129/80), destination 192.88.99.129 resolved from dynamic list: bad.example.com +Jan 14 2015 13:16:14: %FTD-4-338004: Dynamic Filter monitored blacklisted TCP traffic from inside:10.1.1.1/33340 (10.2.1.1/33340) to outsidet:192.0.2.223/80 (192.0.2.225/80), destination 192.0.2.223 resolved from dynamic list: 192.0.2.223/255.255.255.255, threat-level: very-high, category: Malware +Jan 14 2015 13:16:14: %FTD-4-338008: Dynamic Filter dropped blacklisted TCP traffic from inside:10.1.1.1/33340 (10.2.1.1/33340) to outsidet:192.0.2.223/80 (192.0.2.223/8080), destination 192.0.2.223 resolved from dynamic list: 192.0.2.223/255.255.255.255, threat-level: very-high, category: Malware +Nov 16 2009 14:12:35: %FTD-5-304001: 10.30.30.30 Accessed URL 192.0.2.1:/app +Nov 16 2009 14:12:36: %FTD-5-304001: 10.5.111.32 Accessed URL 192.0.2.32:http://example.com +Nov 16 2009 14:12:37: %FTD-5-304002: Access denied URL http://www.example.net/images/favicon.ico SRC 10.69.6.39 DEST 192.0.0.19 on interface inside diff --git a/filebeat/module/cisco/ftd/test/sample.log-expected.json b/filebeat/module/cisco/ftd/test/sample.log-expected.json new file mode 100644 index 00000000000..ca93c4fea91 --- /dev/null +++ b/filebeat/module/cisco/ftd/test/sample.log-expected.json @@ -0,0 +1,2063 @@ +[ + { + "@timestamp": "2013-04-15T09:36:50.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "acl_dmz", + "cisco.ftd.source_interface": "dmz", + "destination.address": "192.0.0.8", + "destination.ip": "192.0.0.8", + "destination.port": 53, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-4-106023: Deny tcp src dmz:10.1.2.30/63016 dst outside:192.0.0.8/53 by access-group \"acl_dmz\" [0xe3aab522, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "warning", + "log.offset": 0, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.1.2.30", + "source.ip": "10.1.2.30", + "source.port": 63016, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-15T09:36:50.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "acl_dmz", + "cisco.ftd.source_interface": "dmz", + "destination.address": "192.0.0.8", + "destination.ip": "192.0.0.8", + "destination.port": 53, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-4-106023: Deny tcp src dmz:10.1.2.30/63016 dst outside:192.0.0.8/53 type 3, code 0, by access-group \"acl_dmz\" [0xe3aab522, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "warning", + "log.offset": 139, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.1.2.30", + "source.ip": "10.1.2.30", + "source.port": 63016, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2014-04-15T09:34:34.000-04:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106100", + "cisco.ftd.rule_name": "acl_in", + "cisco.ftd.source_interface": "inside", + "cisco.ftd.suffix": "session", + "destination.address": "192.0.0.89", + "destination.ip": "192.0.0.89", + "destination.port": 2000, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-session-5-106100: access-list acl_in permitted tcp inside/10.1.2.16(2241) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "notification", + "log.offset": 294, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.1.2.16", + "source.ip": "10.1.2.16", + "source.port": 2241, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-24T16:00:28.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106100", + "cisco.ftd.rule_name": "inside", + "cisco.ftd.source_interface": "inside", + "destination.address": "192.0.2.10", + "destination.ip": "192.0.2.10", + "destination.port": 53, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-6-106100: access-list inside denied udp inside/172.29.2.101(1039) -> outside/192.0.2.10(53) hit-cnt 1 first hit [0xd820e56a, 0x0]", + "event.outcome": "deny", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "INT-FW01", + "input.type": "log", + "log.level": "informational", + "log.offset": 465, + "network.iana_number": 17, + "network.transport": "udp", + "service.type": "cisco", + "source.address": "172.29.2.101", + "source.ip": "172.29.2.101", + "source.port": 1039, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-24T16:00:27.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106100", + "cisco.ftd.rule_name": "inside", + "cisco.ftd.source_interface": "inside", + "destination.address": "192.0.2.57", + "destination.ip": "192.0.2.57", + "destination.port": 53, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-6-106100: access-list inside permitted udp inside/172.29.2.3(1065) -> outside/192.0.2.57(53) hit-cnt 144 300-second interval [0xe982c7a4, 0x0]", + "event.outcome": "allow", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "INT-FW01", + "input.type": "log", + "log.level": "informational", + "log.offset": 632, + "network.iana_number": 17, + "network.transport": "udp", + "service.type": "cisco", + "source.address": "172.29.2.3", + "source.ip": "172.29.2.3", + "source.port": 1065, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-29T12:59:50.000-02:00", + "cisco.ftd.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-6-305011: Built dynamic TCP translation from outside:10.123.3.42/4952 to outside:192.0.2.130/12834", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "informational", + "log.offset": 812, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-29T12:59:50.000-02:00", + "cisco.ftd.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-6-302013: Built outbound TCP connection 89743274 for outside:192.0.2.43/443 (192.0.2.43/443) to outside:10.123.3.42/4952 (10.123.3.42.130/12834)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "informational", + "log.offset": 938, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-29T12:59:50.000-02:00", + "cisco.ftd.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-6-305011: Built dynamic UDP translation from outside:10.123.1.35/52925 to outside:192.0.2.130/25882", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "informational", + "log.offset": 1110, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-29T12:59:50.000-02:00", + "cisco.ftd.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-6-302015: Built outbound UDP connection 89743275 for outside:192.0.2.222/53 (192.0.2.43/53) to outside:10.123.1.35/52925 (10.123.1.35/25882)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "informational", + "log.offset": 1237, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-29T12:59:50.000-02:00", + "cisco.ftd.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-6-305011: Built dynamic TCP translation from outside:10.123.3.42/4953 to outside:192.0.2.130/45392", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "informational", + "log.offset": 1405, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-29T12:59:50.000-02:00", + "cisco.ftd.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-6-302013: Built outbound TCP connection 89743276 for outside:192.0.2.1/80 (192.0.2.1/80) to outside:10.123.3.42/4953 (10.123.3.130/45392)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "informational", + "log.offset": 1531, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-29T12:59:50.000-02:00", + "cisco.ftd.connection_id": "89743275", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302016", + "cisco.ftd.source_interface": "outside", + "destination.address": "10.123.1.35", + "destination.ip": "10.123.1.35", + "destination.port": 52925, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.ftd", + "event.duration": 5025000000000, + "event.end": "2013-04-29T12:59:50.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-6-302016: Teardown UDP connection 89743275 for outside:192.0.2.222/53 to inside:10.123.1.35/52925 duration 1:23:45 bytes 140", + "event.severity": 6, + "event.start": "2013-04-29T13:36:05.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "informational", + "log.offset": 1696, + "network.bytes": 140, + "network.iana_number": 17, + "network.transport": "udp", + "service.type": "cisco", + "source.address": "192.0.2.222", + "source.ip": "192.0.2.222", + "source.port": 53, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-29T12:59:50.000-02:00", + "cisco.ftd.connection_id": "666", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.destination_username": "user2", + "cisco.ftd.message_id": "302016", + "cisco.ftd.source_interface": "outside", + "cisco.ftd.source_username": "user1", + "destination.address": "10.123.1.35", + "destination.ip": "10.123.1.35", + "destination.port": 52925, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.ftd", + "event.duration": 36000000000000, + "event.end": "2013-04-29T12:59:50.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-6-302016: Teardown UDP connection 666 for outside:192.0.2.222/53 user1 to inside:10.123.1.35/52925 user2 duration 10:00:00 bytes 9999999", + "event.severity": 6, + "event.start": "2013-04-29T04:59:50.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "informational", + "log.offset": 1848, + "network.bytes": 9999999, + "network.iana_number": 17, + "network.transport": "udp", + "service.type": "cisco", + "source.address": "192.0.2.222", + "source.ip": "192.0.2.222", + "source.port": 53, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2011-06-04T21:59:52.000-02:00", + "cisco.ftd.mapped_source_ip": "192.168.132.46", + "cisco.ftd.message_id": "302021", + "destination.address": "172.24.177.29", + "destination.ip": "172.24.177.29", + "event.action": "flow-expiration", + "event.code": 302021, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-6-302021: Teardown ICMP connection for faddr 172.24.177.29/0 gaddr 192.168.132.46/17233 laddr 192.168.132.46/17233", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "FJSG2NRFW01", + "input.type": "log", + "log.level": "informational", + "log.offset": 2012, + "network.iana_number": 1, + "network.transport": "icmp", + "service.type": "cisco", + "source.address": "192.168.132.46", + "source.ip": "192.168.132.46", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-29T12:59:50.000-02:00", + "cisco.ftd.message_id": "305011", + "event.action": "firewall-rule", + "event.code": 305011, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-6-305011: Built dynamic TCP translation from inside:192.168.3.42/4954 to outside:192.0.0.130/10879", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "informational", + "log.offset": 2167, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-29T12:59:50.000-02:00", + "cisco.ftd.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-6-302013: Built outbound TCP connection 89743277 for outside:192.0.0.17/80 (192.0.0.17/80) to inside:192.168.3.42/4954 (10.0.0.130/10879)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "informational", + "log.offset": 2293, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-30T09:22:33.000-02:00", + "cisco.ftd.message_id": "106007", + "destination.address": "10.1.2.60", + "destination.ip": "10.1.2.60", + "destination.port": 53, + "event.action": "firewall-rule", + "event.code": 106007, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-2-106007: Deny inbound UDP from 192.0.0.66/12981 to 10.1.2.60/53 due to DNS Query", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "critical", + "log.offset": 2458, + "network.direction": "inbound", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "192.0.0.66", + "source.ip": "192.0.0.66", + "source.port": 12981, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-30T09:22:38.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106100", + "cisco.ftd.rule_name": "acl_in", + "cisco.ftd.source_interface": "inside", + "destination.address": "192.0.0.89", + "destination.ip": "192.0.0.89", + "destination.port": 2000, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2006) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "notification", + "log.offset": 2567, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.16", + "source.ip": "10.0.0.16", + "source.port": 2006, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-30T09:22:38.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106100", + "cisco.ftd.rule_name": "acl_in", + "cisco.ftd.source_interface": "inside", + "destination.address": "192.0.0.88", + "destination.ip": "192.0.0.88", + "destination.port": 40443, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49734) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "notification", + "log.offset": 2726, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.46", + "source.ip": "10.0.0.46", + "source.port": 49734, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-30T09:22:39.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106100", + "cisco.ftd.rule_name": "acl_in", + "cisco.ftd.source_interface": "inside", + "destination.address": "192.0.0.88", + "destination.ip": "192.0.0.88", + "destination.port": 40443, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49735) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "notification", + "log.offset": 2887, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.46", + "source.ip": "10.0.0.46", + "source.port": 49735, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-30T09:22:39.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106100", + "cisco.ftd.rule_name": "acl_in", + "cisco.ftd.source_interface": "inside", + "destination.address": "192.0.0.88", + "destination.ip": "192.0.0.88", + "destination.port": 40443, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49736) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "notification", + "log.offset": 3048, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.46", + "source.ip": "10.0.0.46", + "source.port": 49736, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-30T09:22:39.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106100", + "cisco.ftd.rule_name": "acl_in", + "cisco.ftd.source_interface": "inside", + "destination.address": "192.0.0.88", + "destination.ip": "192.0.0.88", + "destination.port": 40443, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49737) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "notification", + "log.offset": 3209, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.46", + "source.ip": "10.0.0.46", + "source.port": 49737, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-30T09:22:40.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106100", + "cisco.ftd.rule_name": "acl_in", + "cisco.ftd.source_interface": "inside", + "destination.address": "192.0.0.88", + "destination.ip": "192.0.0.88", + "destination.port": 40443, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49738) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "notification", + "log.offset": 3370, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.46", + "source.ip": "10.0.0.46", + "source.port": 49738, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-30T09:22:41.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106100", + "cisco.ftd.rule_name": "acl_in", + "cisco.ftd.source_interface": "inside", + "destination.address": "192.0.0.88", + "destination.ip": "192.0.0.88", + "destination.port": 40443, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49746) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "notification", + "log.offset": 3531, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.46", + "source.ip": "10.0.0.46", + "source.port": 49746, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-30T09:22:47.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106100", + "cisco.ftd.rule_name": "acl_in", + "cisco.ftd.source_interface": "inside", + "destination.address": "192.0.0.89", + "destination.ip": "192.0.0.89", + "destination.port": 2000, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2007) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "notification", + "log.offset": 3692, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.16", + "source.ip": "10.0.0.16", + "source.port": 2007, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-30T09:22:48.000-02:00", + "cisco.ftd.destination_interface": "dmz", + "cisco.ftd.message_id": "106100", + "cisco.ftd.rule_name": "acl_in", + "cisco.ftd.source_interface": "inside", + "destination.address": "192.168.33.31", + "destination.ip": "192.168.33.31", + "destination.port": 25, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.13(43013) -> dmz/192.168.33.31(25) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "notification", + "log.offset": 3851, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.13", + "source.ip": "10.0.0.13", + "source.port": 43013, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-30T09:22:56.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106100", + "cisco.ftd.rule_name": "acl_in", + "cisco.ftd.source_interface": "inside", + "destination.address": "192.0.0.89", + "destination.ip": "192.0.0.89", + "destination.port": 2000, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2008) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "notification", + "log.offset": 4008, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.16", + "source.ip": "10.0.0.16", + "source.port": 2008, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-30T09:23:02.000-02:00", + "cisco.ftd.message_id": "106006", + "cisco.ftd.source_interface": "inside", + "destination.address": "10.1.2.42", + "destination.ip": "10.1.2.42", + "destination.port": 137, + "event.action": "firewall-rule", + "event.code": 106006, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-2-106006: Deny inbound UDP from 192.0.2.66/137 to 10.1.2.42/137 on interface inside", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "critical", + "log.offset": 4167, + "network.direction": "inbound", + "network.iana_number": 17, + "network.transport": "udp", + "service.type": "cisco", + "source.address": "192.0.2.66", + "source.ip": "192.0.2.66", + "source.port": 137, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-30T09:23:03.000-02:00", + "cisco.ftd.message_id": "106007", + "destination.address": "10.1.5.60", + "destination.ip": "10.1.5.60", + "destination.port": 53, + "event.action": "firewall-rule", + "event.code": 106007, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-2-106007: Deny inbound UDP from 192.0.2.66/12981 to 10.1.5.60/53 due to DNS Query", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "critical", + "log.offset": 4278, + "network.direction": "inbound", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "192.0.2.66", + "source.ip": "192.0.2.66", + "source.port": 12981, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-30T09:23:06.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106100", + "cisco.ftd.rule_name": "acl_in", + "cisco.ftd.source_interface": "inside", + "destination.address": "192.0.0.89", + "destination.ip": "192.0.0.89", + "destination.port": 2000, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2009) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "notification", + "log.offset": 4387, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.16", + "source.ip": "10.0.0.16", + "source.port": 2009, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-30T09:23:08.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106100", + "cisco.ftd.rule_name": "acl_in", + "cisco.ftd.source_interface": "inside", + "destination.address": "192.0.0.88", + "destination.ip": "192.0.0.88", + "destination.port": 40443, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49776) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "notification", + "log.offset": 4546, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.46", + "source.ip": "10.0.0.46", + "source.port": 49776, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-30T09:23:15.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106100", + "cisco.ftd.rule_name": "acl_in", + "cisco.ftd.source_interface": "inside", + "destination.address": "192.0.0.89", + "destination.ip": "192.0.0.89", + "destination.port": 2000, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2010) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "notification", + "log.offset": 4707, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.16", + "source.ip": "10.0.0.16", + "source.port": 2010, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-30T09:23:24.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106100", + "cisco.ftd.rule_name": "acl_in", + "cisco.ftd.source_interface": "inside", + "destination.address": "192.0.0.89", + "destination.ip": "192.0.0.89", + "destination.port": 2000, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-5-106100: access-list acl_in denied tcp inside/10.0.0.16(2011) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "deny", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "notification", + "log.offset": 4866, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.16", + "source.ip": "10.0.0.16", + "source.port": 2011, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-30T09:23:34.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106100", + "cisco.ftd.rule_name": "acl_in", + "cisco.ftd.source_interface": "inside", + "destination.address": "192.0.0.89", + "destination.ip": "192.0.0.89", + "destination.port": 2000, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-5-106100: access-list acl_in denied tcp inside/10.0.0.16(2012) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "deny", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "notification", + "log.offset": 5022, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.16", + "source.ip": "10.0.0.16", + "source.port": 2012, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-30T09:23:40.000-02:00", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "acl_out", + "cisco.ftd.source_interface": "outside", + "destination.address": "10.0.0.132", + "destination.ip": "10.0.0.132", + "destination.port": 8111, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-4-106023: Deny tcp src outside:192.0.2.126/53638 dst inside:10.0.0.132/8111 by access-group \"acl_out\" [0x71761f18, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "warning", + "log.offset": 5178, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "192.0.2.126", + "source.ip": "192.0.2.126", + "source.port": 53638, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-30T09:23:41.000-02:00", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "acl_out", + "cisco.ftd.source_interface": "outside", + "destination.address": "10.0.0.132", + "destination.ip": "10.0.0.132", + "destination.port": 8111, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-4-106023: Deny tcp src outside:192.0.2.126/53638 dst inside:10.0.0.132/8111 by access-group \"acl_out\" [0x71761f18, 0x0]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "warning", + "log.offset": 5325, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "192.0.2.126", + "source.ip": "192.0.2.126", + "source.port": 53638, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-30T09:23:43.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106100", + "cisco.ftd.rule_name": "acl_in", + "cisco.ftd.source_interface": "inside", + "destination.address": "192.0.0.88", + "destination.ip": "192.0.0.88", + "destination.port": 40443, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-5-106100: access-list acl_in est-allowed tcp inside/10.0.0.46(49840) -> outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "notification", + "log.offset": 5472, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.46", + "source.ip": "10.0.0.46", + "source.port": 49840, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2013-04-30T09:23:43.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106100", + "cisco.ftd.rule_name": "acl_in", + "cisco.ftd.source_interface": "inside", + "destination.address": "192.0.0.89", + "destination.ip": "192.0.0.89", + "destination.port": 2000, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-5-106100: access-list acl_in est-allowed tcp inside/10.0.0.16(2013) -> outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "notification", + "log.offset": 5635, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.16", + "source.ip": "10.0.0.16", + "source.port": 2013, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-04-15T09:34:34.000-04:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106100", + "cisco.ftd.rule_name": "acl_in", + "cisco.ftd.source_interface": "inside", + "cisco.ftd.suffix": "session", + "destination.address": "192.0.0.99", + "destination.ip": "192.0.0.99", + "destination.port": 2000, + "event.action": "firewall-rule", + "event.code": 106100, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-session-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2241) -> outside/192.0.0.99(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "notification", + "log.offset": 5796, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.0.16", + "source.ip": "10.0.0.16", + "source.port": 2241, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-12-11T08:01:24.000-02:00", + "cisco.ftd.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-6-302015: Built outbound UDP connection 447235 for outside:192.168.77.12/11180 (192.168.77.12/11180) to identity:10.0.13.13/80 (10.0.13.13/80)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "127.0.0.1", + "input.type": "log", + "log.level": "informational", + "log.offset": 5967, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-12-11T08:01:24.000-02:00", + "cisco.ftd.message_id": "302015", + "event.action": "firewall-rule", + "event.code": 302015, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-6-302015: Built outbound UDP connection 447235 for outside:192.168.77.12/11180 (192.168.77.12/11180) to identity:10.0.13.13/80port> (10.0.13.13/80)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "127.0.0.1", + "input.type": "log", + "log.level": "informational", + "log.offset": 6147, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-12-11T08:01:24.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "dmz", + "cisco.ftd.source_interface": "dmz", + "destination.address": "192.0.0.12", + "destination.ip": "192.0.0.12", + "destination.port": 53, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-4-106023: Deny udp src dmz:192.168.1.33/5555 dst outside:192.0.0.12/53 by access-group \"dmz\" [0x123a465e, 0x4c7bf613]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "127.0.0.1", + "input.type": "log", + "log.level": "warning", + "log.offset": 6332, + "network.iana_number": 17, + "network.transport": "udp", + "service.type": "cisco", + "source.address": "192.168.1.33", + "source.ip": "192.168.1.33", + "source.port": 5555, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-12-11T08:01:24.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "dmz", + "cisco.ftd.source_interface": "dmz", + "destination.address": "192.0.0.12", + "destination.ip": "192.0.0.12", + "destination.port": 53, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-4-106023: Deny udp src dmz:192.168.1.33/5555 dst outside:192.0.0.12/53 by access-group \"dmz\" [0x123a465e, 0x4c7bf613]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "127.0.0.1", + "input.type": "log", + "log.level": "warning", + "log.offset": 6487, + "network.iana_number": 17, + "network.transport": "udp", + "service.type": "cisco", + "source.address": "192.168.1.33", + "source.ip": "192.168.1.33", + "source.port": 5555, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-12-11T08:01:31.000-02:00", + "cisco.ftd.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-6-302013: Built outbound TCP connection 447236 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:OCSP_Server/5678 (OCSP_Server/5678)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "127.0.0.1", + "input.type": "log", + "log.level": "informational", + "log.offset": 6642, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-12-11T08:01:31.000-02:00", + "cisco.ftd.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-6-302013: Built outbound TCP connection 447236 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:OCSP_Server/5678 (OCSP_Server/5678)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "127.0.0.1", + "input.type": "log", + "log.level": "informational", + "log.offset": 6817, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-12-11T08:01:31.000-02:00", + "cisco.ftd.connection_id": "447236", + "cisco.ftd.destination_interface": "dmz", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "192.168.1.34", + "destination.ip": "192.168.1.34", + "destination.port": 5678, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2018-12-11T08:01:31.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-6-302014: Teardown TCP connection 447236 for outside:192.0.2.222/1234 to dmz:192.168.1.34/5678 duration 0:00:00 bytes 14804 TCP FINs", + "event.severity": 6, + "event.start": "2018-12-11T10:01:31.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "127.0.0.1", + "input.type": "log", + "log.level": "informational", + "log.offset": 6992, + "network.bytes": 14804, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "192.0.2.222", + "source.ip": "192.0.2.222", + "source.port": 1234, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-12-11T08:01:38.000-02:00", + "cisco.ftd.connection_id": "447234", + "cisco.ftd.destination_interface": "dmz", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "192.168.1.35", + "destination.ip": "192.168.1.35", + "destination.port": 5678, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 68000000000, + "event.end": "2018-12-11T08:01:38.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-6-302014: Teardown TCP connection 447234 for outside:192.0.2.222/1234 to dmz:192.168.1.35/5678 duration 0:01:08 bytes 134781 TCP FINs", + "event.severity": 6, + "event.start": "2018-12-11T10:00:30.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "127.0.0.1", + "input.type": "log", + "log.level": "informational", + "log.offset": 7162, + "network.bytes": 134781, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "192.0.2.222", + "source.ip": "192.0.2.222", + "source.port": 1234, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-12-11T08:01:38.000-02:00", + "cisco.ftd.connection_id": "447234", + "cisco.ftd.destination_interface": "dmz", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "192.168.1.35", + "destination.ip": "192.168.1.35", + "destination.port": 5678, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 68000000000, + "event.end": "2018-12-11T08:01:38.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-6-302014: Teardown TCP connection 447234 for outside:192.0.2.222/1234 to dmz:192.168.1.35/5678 duration 0:01:08 bytes 134781 TCP FINs", + "event.severity": 6, + "event.start": "2018-12-11T10:00:30.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "127.0.0.1", + "input.type": "log", + "log.level": "informational", + "log.offset": 7333, + "network.bytes": 134781, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "192.0.2.222", + "source.ip": "192.0.2.222", + "source.port": 1234, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-12-11T08:01:38.000-02:00", + "cisco.ftd.message_id": "106015", + "cisco.ftd.source_interface": "outside", + "destination.address": "192.168.1.34", + "destination.ip": "192.168.1.34", + "destination.port": 5679, + "event.action": "firewall-rule", + "event.code": 106015, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-6-106015: Deny TCP (no connection) from 192.0.2.222/1234 to 192.168.1.34/5679 flags RST on interface outside", + "event.outcome": "deny", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "127.0.0.1", + "input.type": "log", + "log.level": "informational", + "log.offset": 7504, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "192.0.2.222", + "source.ip": "192.0.2.222", + "source.port": 1234, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-12-11T08:01:38.000-02:00", + "cisco.ftd.message_id": "106015", + "cisco.ftd.source_interface": "outside", + "destination.address": "192.168.1.34", + "destination.ip": "192.168.1.34", + "destination.port": 5679, + "event.action": "firewall-rule", + "event.code": 106015, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-6-106015: Deny TCP (no connection) from 192.0.2.222/1234 to 192.168.1.34/5679 flags RST on interface outside", + "event.outcome": "deny", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "127.0.0.1", + "input.type": "log", + "log.level": "informational", + "log.offset": 7651, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "192.0.2.222", + "source.ip": "192.0.2.222", + "source.port": 1234, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-12-11T08:01:39.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "dmz", + "cisco.ftd.source_interface": "dmz", + "destination.address": "192.0.0.12", + "destination.ip": "192.0.0.12", + "destination.port": 5000, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-4-106023: Deny udp src dmz:192.168.1.34/5679 dst outside:192.0.0.12/5000 by access-group \"dmz\" [0x123a465e, 0x8c20f21]", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "127.0.0.1", + "input.type": "log", + "log.level": "warning", + "log.offset": 7798, + "network.iana_number": 17, + "network.transport": "udp", + "service.type": "cisco", + "source.address": "192.168.1.34", + "source.ip": "192.168.1.34", + "source.port": 5679, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-12-11T08:01:53.000-02:00", + "cisco.ftd.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-6-302013: Built outbound TCP connection 447237 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:192.168.1.34/65000 (192.168.1.34/65000)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "127.0.0.1", + "input.type": "log", + "log.level": "informational", + "log.offset": 7954, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-12-11T08:01:53.000-02:00", + "cisco.ftd.message_id": "302013", + "event.action": "firewall-rule", + "event.code": 302013, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-6-302013: Built outbound TCP connection 447237 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:192.168.1.34/65000 (192.168.1.34/65000)", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "127.0.0.1", + "input.type": "log", + "log.level": "informational", + "log.offset": 8133, + "service.type": "cisco", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2018-12-11T08:01:53.000-02:00", + "cisco.ftd.connection_id": "447237", + "cisco.ftd.destination_interface": "dmz", + "cisco.ftd.message_id": "302014", + "cisco.ftd.source_interface": "outside", + "destination.address": "10.10.10.10", + "destination.ip": "10.10.10.10", + "destination.port": 1235, + "event.action": "flow-expiration", + "event.code": 302014, + "event.dataset": "cisco.ftd", + "event.duration": 86399000000000, + "event.end": "2018-12-11T08:01:53.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-6-302014: Teardown TCP connection 447237 for outside:192.0.2.222/1234 to dmz:10.10.10.10/1235 duration 23:59:59 bytes 11420 TCP FINs", + "event.severity": 6, + "event.start": "2018-12-10T10:01:54.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "127.0.0.1", + "input.type": "log", + "log.level": "informational", + "log.offset": 8312, + "network.bytes": 11420, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "192.0.2.222", + "source.ip": "192.0.2.222", + "source.port": 1234, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2012-08-15T23:30:09.000-02:00", + "cisco.ftd.connection_id": "40", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "302016", + "cisco.ftd.source_interface": "outside", + "destination.address": "10.44.2.2", + "destination.ip": "10.44.2.2", + "destination.port": 500, + "event.action": "flow-expiration", + "event.code": 302016, + "event.dataset": "cisco.ftd", + "event.duration": 122000000000, + "event.end": "2012-08-15T23:30:09.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-6-302016: Teardown UDP connection 40 for outside:10.44.4.4/500 to inside:10.44.2.2/500 duration 0:02:02 bytes 1416", + "event.severity": 6, + "event.start": "2012-08-16T01:28:07.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "informational", + "log.offset": 8482, + "network.bytes": 1416, + "network.iana_number": 17, + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.44.4.4", + "source.ip": "10.44.4.4", + "source.port": 500, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2014-09-12T06:50:53.000-02:00", + "cisco.ftd.message_id": "106016", + "cisco.ftd.source_interface": "Mobile_Traffic", + "destination.address": "192.88.99.47", + "destination.ip": "192.88.99.47", + "event.action": "firewall-rule", + "event.code": 106016, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.47 on interface Mobile_Traffic", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "GIFRCHN01", + "input.type": "log", + "log.level": "critical", + "log.offset": 8624, + "service.type": "cisco", + "source.address": "0.0.0.0", + "source.ip": "0.0.0.0", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2014-09-12T06:51:01.000-02:00", + "cisco.ftd.message_id": "106016", + "cisco.ftd.source_interface": "Mobile_Traffic", + "destination.address": "192.88.99.57", + "destination.ip": "192.88.99.57", + "event.action": "firewall-rule", + "event.code": 106016, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.57 on interface Mobile_Traffic", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "GIFRCHN01", + "input.type": "log", + "log.level": "critical", + "log.offset": 8745, + "service.type": "cisco", + "source.address": "0.0.0.0", + "source.ip": "0.0.0.0", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2014-09-12T06:51:05.000-02:00", + "cisco.ftd.message_id": "106016", + "cisco.ftd.source_interface": "Mobile_Traffic", + "destination.address": "192.88.99.47", + "destination.ip": "192.88.99.47", + "event.action": "firewall-rule", + "event.code": 106016, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.47 on interface Mobile_Traffic", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "GIFRCHN01", + "input.type": "log", + "log.level": "critical", + "log.offset": 8866, + "service.type": "cisco", + "source.address": "0.0.0.0", + "source.ip": "0.0.0.0", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2014-09-12T06:51:05.000-02:00", + "cisco.ftd.message_id": "106016", + "cisco.ftd.source_interface": "Mobile_Traffic", + "destination.address": "192.88.99.47", + "destination.ip": "192.88.99.47", + "event.action": "firewall-rule", + "event.code": 106016, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.47 on interface Mobile_Traffic", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "GIFRCHN01", + "input.type": "log", + "log.level": "critical", + "log.offset": 8987, + "service.type": "cisco", + "source.address": "0.0.0.0", + "source.ip": "0.0.0.0", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2014-09-12T06:51:06.000-02:00", + "cisco.ftd.message_id": "106016", + "cisco.ftd.source_interface": "Mobile_Traffic", + "destination.address": "192.88.99.57", + "destination.ip": "192.88.99.57", + "event.action": "firewall-rule", + "event.code": 106016, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.57 on interface Mobile_Traffic", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "GIFRCHN01", + "input.type": "log", + "log.level": "critical", + "log.offset": 9108, + "service.type": "cisco", + "source.address": "0.0.0.0", + "source.ip": "0.0.0.0", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2014-09-12T06:51:17.000-02:00", + "cisco.ftd.message_id": "106016", + "cisco.ftd.source_interface": "Mobile_Traffic", + "destination.address": "192.88.99.57", + "destination.ip": "192.88.99.57", + "event.action": "firewall-rule", + "event.code": 106016, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.57 on interface Mobile_Traffic", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "GIFRCHN01", + "input.type": "log", + "log.level": "critical", + "log.offset": 9229, + "service.type": "cisco", + "source.address": "0.0.0.0", + "source.ip": "0.0.0.0", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2014-09-12T06:52:48.000-02:00", + "cisco.ftd.message_id": "106016", + "cisco.ftd.source_interface": "Mobile_Traffic", + "destination.address": "192.168.1.255", + "destination.ip": "192.168.1.255", + "event.action": "firewall-rule", + "event.code": 106016, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.168.1.255 on interface Mobile_Traffic", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "GIFRCHN01", + "input.type": "log", + "log.level": "critical", + "log.offset": 9350, + "service.type": "cisco", + "source.address": "0.0.0.0", + "source.ip": "0.0.0.0", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2014-09-12T06:53:00.000-02:00", + "cisco.ftd.message_id": "106016", + "cisco.ftd.source_interface": "Mobile_Traffic", + "destination.address": "192.168.1.255", + "destination.ip": "192.168.1.255", + "event.action": "firewall-rule", + "event.code": 106016, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.168.1.255 on interface Mobile_Traffic", + "event.outcome": "deny", + "event.severity": 2, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "GIFRCHN01", + "input.type": "log", + "log.level": "critical", + "log.offset": 9472, + "service.type": "cisco", + "source.address": "0.0.0.0", + "source.ip": "0.0.0.0", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2014-09-12T06:53:01.000-02:00", + "cisco.ftd.destination_interface": "inside", + "cisco.ftd.message_id": "106023", + "cisco.ftd.rule_name": "PERMIT_IN", + "cisco.ftd.source_interface": "outside", + "destination.address": "10.32.112.125", + "destination.ip": "10.32.112.125", + "destination.port": 25, + "event.action": "firewall-rule", + "event.code": 106023, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-4-106023: Deny tcp src outside:192.0.2.95/24069 dst inside:10.32.112.125/25 by access-group \"PERMIT_IN\" [0x0, 0x0]\"", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "GIFRCHN01", + "input.type": "log", + "log.level": "warning", + "log.offset": 9594, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "192.0.2.95", + "source.ip": "192.0.2.95", + "source.port": 24069, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2014-09-12T06:53:02.000-02:00", + "cisco.ftd.icmp_code": 3, + "cisco.ftd.icmp_type": 3, + "cisco.ftd.message_id": "313001", + "cisco.ftd.source_interface": "Outside", + "event.action": "firewall-rule", + "event.code": 313001, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-3-313001: Denied ICMP type=3, code=3 from 10.2.3.5 on interface Outside", + "event.outcome": "deny", + "event.severity": 3, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "GIFRCHN01", + "input.type": "log", + "log.level": "error", + "log.offset": 9748, + "network.iana_number": 1, + "network.transport": "icmp", + "service.type": "cisco", + "source.address": "10.2.3.5", + "source.ip": "10.2.3.5", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2015-01-14T13:16:13.000-02:00", + "cisco.ftd.icmp_type": 0, + "cisco.ftd.message_id": "313004", + "cisco.ftd.source_interface": "inside", + "destination.address": "172.16.1.10", + "destination.ip": "172.16.1.10", + "event.action": "firewall-rule", + "event.code": 313004, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-4-313004: Denied ICMP type=0, from laddr 172.16.30.2 on interface inside to 172.16.1.10: no matching session", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "warning", + "log.offset": 9858, + "network.iana_number": 1, + "network.transport": "icmp", + "service.type": "cisco", + "source.address": "172.16.30.2", + "source.ip": "172.16.30.2", + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2015-01-14T13:16:14.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.mapped_destination_ip": "192.88.99.129", + "cisco.ftd.mapped_destination_port": 80, + "cisco.ftd.mapped_source_ip": "192.88.99.1", + "cisco.ftd.mapped_source_port": 7890, + "cisco.ftd.message_id": "338002", + "cisco.ftd.rule_name": "dynamic", + "cisco.ftd.source_interface": "inside", + "destination.address": "192.88.99.129", + "destination.domain": "bad.example.com", + "destination.ip": "192.88.99.129", + "destination.port": 80, + "event.action": "firewall-rule", + "event.code": 338002, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-4-338002: Dynamic Filter permitted black listed TCP traffic from inside:10.1.1.45/6798 (192.88.99.1/7890) to outside:192.88.99.129/80 (192.88.99.129/80), destination 192.88.99.129 resolved from dynamic list: bad.example.com", + "event.outcome": "allow", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "warning", + "log.offset": 9994, + "network.iana_number": 6, + "network.transport": "tcp", + "server.domain": "bad.example.com", + "service.type": "cisco", + "source.address": "10.1.1.45", + "source.ip": "10.1.1.45", + "source.nat.ip": "192.88.99.1", + "source.nat.port": "7890", + "source.port": 6798, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2015-01-14T13:16:14.000-02:00", + "cisco.ftd.destination_interface": "outsidet", + "cisco.ftd.mapped_destination_ip": "192.0.2.225", + "cisco.ftd.mapped_destination_port": 80, + "cisco.ftd.mapped_source_ip": "10.2.1.1", + "cisco.ftd.mapped_source_port": 33340, + "cisco.ftd.message_id": "338004", + "cisco.ftd.rule_name": "dynamic", + "cisco.ftd.source_interface": "inside", + "cisco.ftd.threat_category": "Malware", + "cisco.ftd.threat_level": "very-high", + "destination.address": "192.0.2.223", + "destination.ip": "192.0.2.223", + "destination.nat.ip": "192.0.2.225", + "destination.nat.port": "80", + "destination.port": 80, + "event.action": "firewall-rule", + "event.code": 338004, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-4-338004: Dynamic Filter monitored blacklisted TCP traffic from inside:10.1.1.1/33340 (10.2.1.1/33340) to outsidet:192.0.2.223/80 (192.0.2.225/80), destination 192.0.2.223 resolved from dynamic list: 192.0.2.223/255.255.255.255, threat-level: very-high, category: Malware", + "event.outcome": "monitored", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "warning", + "log.offset": 10245, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.1.1.1", + "source.ip": "10.1.1.1", + "source.nat.ip": "10.2.1.1", + "source.nat.port": "33340", + "source.port": 33340, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2015-01-14T13:16:14.000-02:00", + "cisco.ftd.destination_interface": "outsidet", + "cisco.ftd.mapped_destination_ip": "192.0.2.223", + "cisco.ftd.mapped_destination_port": 8080, + "cisco.ftd.mapped_source_ip": "10.2.1.1", + "cisco.ftd.mapped_source_port": 33340, + "cisco.ftd.message_id": "338008", + "cisco.ftd.rule_name": "dynamic", + "cisco.ftd.source_interface": "inside", + "cisco.ftd.threat_category": "Malware", + "cisco.ftd.threat_level": "very-high", + "destination.address": "192.0.2.223", + "destination.ip": "192.0.2.223", + "destination.nat.ip": "192.0.2.223", + "destination.nat.port": "8080", + "destination.port": 80, + "event.action": "firewall-rule", + "event.code": 338008, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-4-338008: Dynamic Filter dropped blacklisted TCP traffic from inside:10.1.1.1/33340 (10.2.1.1/33340) to outsidet:192.0.2.223/80 (192.0.2.223/8080), destination 192.0.2.223 resolved from dynamic list: 192.0.2.223/255.255.255.255, threat-level: very-high, category: Malware", + "event.outcome": "deny", + "event.severity": 4, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "warning", + "log.offset": 10544, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.1.1.1", + "source.ip": "10.1.1.1", + "source.nat.ip": "10.2.1.1", + "source.nat.port": "33340", + "source.port": 33340, + "tags": [ + "cisco-ftd" + ] + }, + { + "@timestamp": "2009-11-16T14:12:35.000-02:00", + "cisco.ftd.message_id": "304001", + "destination.address": "192.0.2.1", + "destination.ip": "192.0.2.1", + "event.action": "firewall-rule", + "event.code": 304001, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-5-304001: 10.30.30.30 Accessed URL 192.0.2.1:/app", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "notification", + "log.offset": 10843, + "service.type": "cisco", + "source.address": "10.30.30.30", + "source.ip": "10.30.30.30", + "tags": [ + "cisco-ftd" + ], + "url.original": "/app" + }, + { + "@timestamp": "2009-11-16T14:12:36.000-02:00", + "cisco.ftd.message_id": "304001", + "destination.address": "192.0.2.32", + "destination.ip": "192.0.2.32", + "event.action": "firewall-rule", + "event.code": 304001, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-5-304001: 10.5.111.32 Accessed URL 192.0.2.32:http://example.com", + "event.outcome": "allow", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "notification", + "log.offset": 10920, + "service.type": "cisco", + "source.address": "10.5.111.32", + "source.ip": "10.5.111.32", + "tags": [ + "cisco-ftd" + ], + "url.original": "http://example.com" + }, + { + "@timestamp": "2009-11-16T14:12:37.000-02:00", + "cisco.ftd.message_id": "304002", + "cisco.ftd.source_interface": "inside", + "destination.address": "192.0.0.19", + "destination.ip": "192.0.0.19", + "event.action": "firewall-rule", + "event.code": 304002, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-5-304002: Access denied URL http://www.example.net/images/favicon.ico SRC 10.69.6.39 DEST 192.0.0.19 on interface inside", + "event.outcome": "deny", + "event.severity": 5, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "input.type": "log", + "log.level": "notification", + "log.offset": 11012, + "service.type": "cisco", + "source.address": "10.69.6.39", + "source.ip": "10.69.6.39", + "tags": [ + "cisco-ftd" + ], + "url.original": "http://www.example.net/images/favicon.ico" + } +] \ No newline at end of file diff --git a/filebeat/module/cisco/ftd/test/security-connection.log b/filebeat/module/cisco/ftd/test/security-connection.log new file mode 100644 index 00000000000..c81a41dfb1f --- /dev/null +++ b/filebeat/module/cisco/ftd/test/security-connection.log @@ -0,0 +1,10 @@ +2019-08-15T16:03:31Z firepower %FTD-1-430002: AccessControlRuleAction: Allow, SrcIP: 10.0.100.30, DstIP: 10.0.1.20, ICMPType: Echo Request, ICMPCode: No Code, Protocol: icmp, IngressInterface: output, EgressInterface: input, IngressZone: output-zone, EgressZone: input-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: ICMP client, ApplicationProtocol: ICMP, InitiatorPackets: 1, ResponderPackets: 0, InitiatorBytes: 98, ResponderBytes: 0, NAPPolicy: Balanced Security and Connectivity +2019-08-15T16:05:33Z firepower %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.100.30, DstIP: 10.0.1.20, ICMPType: Echo Request, ICMPCode: No Code, Protocol: icmp, IngressInterface: output, EgressInterface: input, IngressZone: output-zone, EgressZone: input-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: ICMP client, ApplicationProtocol: ICMP, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 98, ResponderBytes: 98, NAPPolicy: Balanced Security and Connectivity +2019-08-15T16:05:37Z firepower %FTD-1-430002: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 50074, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, InitiatorPackets: 1, ResponderPackets: 0, InitiatorBytes: 106, ResponderBytes: 0, NAPPolicy: Balanced Security and Connectivity, DNSQuery: eu-central-1.ec2.archive.ubuntu.com, DNSRecordType: a host address +2019-08-15T16:07:00Z firepower %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 49264, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 2, ResponderPackets: 2, InitiatorBytes: 164, ResponderBytes: 314, NAPPolicy: Balanced Security and Connectivity, DNSQuery: siem-inside, DNSRecordType: a host address, DNSResponseType: Non-Existent Domain, DNS_TTL: 86395 +2019-08-15T16:07:18Z firepower %FTD-1-430002: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 52.59.244.233, SrcPort: 43228, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, InitiatorPackets: 2, ResponderPackets: 1, InitiatorBytes: 140, ResponderBytes: 74, NAPPolicy: Balanced Security and Connectivity +2019-08-15T16:07:19Z firepower %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 52.59.244.233, SrcPort: 43228, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, UserAgent: Debian APT-HTTP/1.3 (1.6.11), Client: Advanced Packaging Tool, ClientVersion: 1.3, ApplicationProtocol: HTTP, WebApplication: Ubuntu, ConnectionDuration: 1, InitiatorPackets: 1359, ResponderPackets: 29001, InitiatorBytes: 97454, ResponderBytes: 41319018, NAPPolicy: Balanced Security and Connectivity, HTTPResponse: 200, ReferencedHost: eu-central-1.ec2.archive.ubuntu.com, URL: http://eu-central-1.ec2.archive.ubuntu.com/ubuntu/pool/main/m/manpages/manpages-dev_4.15-1_all.deb +2019-08-16T09:33:15Z firepower %FTD-1-430002: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 213.211.198.62, SrcPort: 46000, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, InitiatorPackets: 2, ResponderPackets: 1, InitiatorBytes: 140, ResponderBytes: 74, NAPPolicy: Balanced Security and Connectivity +2019-08-16T09:33:15Z firepower %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 213.211.198.62, SrcPort: 46000, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, UserAgent: curl/7.58.0, Client: cURL, ClientVersion: 7.58.0, ApplicationProtocol: HTTP, ConnectionDuration: 0, InitiatorPackets: 6, ResponderPackets: 4, InitiatorBytes: 503, ResponderBytes: 690, NAPPolicy: Balanced Security and Connectivity, HTTPResponse: 200, ReferencedHost: www.eicar.org, URL: http://www.eicar.org/download/eicar_com.zip +2019-08-16T09:35:15Z firepower %FTD-1-430002: AccessControlRuleAction: Block, SrcIP: 10.0.100.30, DstIP: 10.0.1.20, ICMPType: Echo Request, ICMPCode: No Code, Protocol: icmp, IngressInterface: output, EgressInterface: input, IngressZone: output-zone, EgressZone: input-zone, ACPolicy: default, AccessControlRuleName: Block-inbound-ICMP, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, InitiatorPackets: 0, ResponderPackets: 0, InitiatorBytes: 0, ResponderBytes: 0, NAPPolicy: Balanced Security and Connectivity +Aug 14 2019 15:09:41 siem-ftd %FTD-1-430003: AccessControlRuleAction: Block, AccessControlRuleReason: File Block, SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41544, DstPort: 8000, Protocol: tcp, IngressInterface: input, EgressInterface: output, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, UserAgent: curl/7.58.0, Client: cURL, ClientVersion: 7.58.0, ApplicationProtocol: HTTP, ConnectionDuration: 1, FileCount: 1, InitiatorPackets: 4, ResponderPackets: 7, InitiatorBytes: 365, ResponderBytes: 1927, NAPPolicy: Balanced Security and Connectivity, HTTPResponse: 200, ReferencedHost: 10.0.100.30:8000, URL: http://10.0.100.30:8000/eicar_com.zip diff --git a/filebeat/module/cisco/ftd/test/security-connection.log-expected.json b/filebeat/module/cisco/ftd/test/security-connection.log-expected.json new file mode 100644 index 00000000000..810c9574832 --- /dev/null +++ b/filebeat/module/cisco/ftd/test/security-connection.log-expected.json @@ -0,0 +1,737 @@ +[ + { + "@timestamp": "2019-08-15T14:03:31.000-02:00", + "cisco.ftd.destination_interface": "input", + "cisco.ftd.message_id": "430002", + "cisco.ftd.rule_name": [ + "default", + "Rule-1" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Rule-1", + "cisco.ftd.security.application_protocol": "ICMP", + "cisco.ftd.security.client": "ICMP client", + "cisco.ftd.security.dst_ip": "10.0.1.20", + "cisco.ftd.security.egress_interface": "input", + "cisco.ftd.security.egress_zone": "input-zone", + "cisco.ftd.security.icmp_code": "No Code", + "cisco.ftd.security.icmp_type": "Echo Request", + "cisco.ftd.security.ingress_interface": "output", + "cisco.ftd.security.ingress_zone": "output-zone", + "cisco.ftd.security.initiator_bytes": "98", + "cisco.ftd.security.initiator_packets": "1", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "icmp", + "cisco.ftd.security.responder_bytes": "0", + "cisco.ftd.security.responder_packets": "0", + "cisco.ftd.security.src_ip": "10.0.100.30", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "output", + "destination.address": "10.0.1.20", + "destination.bytes": 0, + "destination.ip": "10.0.1.20", + "destination.packets": 0, + "event.action": "connection-started", + "event.code": 430002, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-1-430002: AccessControlRuleAction: Allow, SrcIP: 10.0.100.30, DstIP: 10.0.1.20, ICMPType: Echo Request, ICMPCode: No Code, Protocol: icmp, IngressInterface: output, EgressInterface: input, IngressZone: output-zone, EgressZone: input-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: ICMP client, ApplicationProtocol: ICMP, InitiatorPackets: 1, ResponderPackets: 0, InitiatorBytes: 98, ResponderBytes: 0, NAPPolicy: Balanced Security and Connectivity", + "event.outcome": "allow", + "event.severity": 1, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "firepower", + "input.type": "log", + "log.level": "alert", + "log.offset": 0, + "network.application": "icmp client", + "network.iana_number": 1, + "network.protocol": "icmp", + "network.transport": "icmp", + "service.type": "cisco", + "source.address": "10.0.100.30", + "source.bytes": 98, + "source.ip": "10.0.100.30", + "source.packets": 1, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-15T14:05:33.000-02:00", + "cisco.ftd.destination_interface": "input", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Rule-1" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Rule-1", + "cisco.ftd.security.application_protocol": "ICMP", + "cisco.ftd.security.client": "ICMP client", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dst_ip": "10.0.1.20", + "cisco.ftd.security.egress_interface": "input", + "cisco.ftd.security.egress_zone": "input-zone", + "cisco.ftd.security.icmp_code": "No Code", + "cisco.ftd.security.icmp_type": "Echo Request", + "cisco.ftd.security.ingress_interface": "output", + "cisco.ftd.security.ingress_zone": "output-zone", + "cisco.ftd.security.initiator_bytes": "98", + "cisco.ftd.security.initiator_packets": "1", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "icmp", + "cisco.ftd.security.responder_bytes": "98", + "cisco.ftd.security.responder_packets": "1", + "cisco.ftd.security.src_ip": "10.0.100.30", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "output", + "destination.address": "10.0.1.20", + "destination.bytes": 98, + "destination.ip": "10.0.1.20", + "destination.packets": 1, + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-15T14:05:33.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.100.30, DstIP: 10.0.1.20, ICMPType: Echo Request, ICMPCode: No Code, Protocol: icmp, IngressInterface: output, EgressInterface: input, IngressZone: output-zone, EgressZone: input-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: ICMP client, ApplicationProtocol: ICMP, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 98, ResponderBytes: 98, NAPPolicy: Balanced Security and Connectivity", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-15T16:05:33.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "firepower", + "input.type": "log", + "log.level": "alert", + "log.offset": 579, + "network.application": "icmp client", + "network.iana_number": 1, + "network.protocol": "icmp", + "network.transport": "icmp", + "service.type": "cisco", + "source.address": "10.0.100.30", + "source.bytes": 98, + "source.ip": "10.0.100.30", + "source.packets": 1, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-15T14:05:37.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430002", + "cisco.ftd.rule_name": [ + "default", + "Rule-1" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Rule-1", + "cisco.ftd.security.application_protocol": "DNS", + "cisco.ftd.security.client": "DNS client", + "cisco.ftd.security.dns_query": "eu-central-1.ec2.archive.ubuntu.com", + "cisco.ftd.security.dns_record_type": "a host address", + "cisco.ftd.security.dst_ip": "8.8.8.8", + "cisco.ftd.security.dst_port": "53", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "106", + "cisco.ftd.security.initiator_packets": "1", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "udp", + "cisco.ftd.security.responder_bytes": "0", + "cisco.ftd.security.responder_packets": "0", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "50074", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 0, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.packets": 0, + "destination.port": 53, + "dns.question.name": "eu-central-1.ec2.archive.ubuntu.com", + "dns.question.type": "A", + "dns.response_code": "NOERROR", + "event.action": "connection-started", + "event.code": 430002, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-1-430002: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 50074, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, InitiatorPackets: 1, ResponderPackets: 0, InitiatorBytes: 106, ResponderBytes: 0, NAPPolicy: Balanced Security and Connectivity, DNSQuery: eu-central-1.ec2.archive.ubuntu.com, DNSRecordType: a host address", + "event.outcome": "allow", + "event.severity": 1, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "firepower", + "input.type": "log", + "log.level": "alert", + "log.offset": 1182, + "network.application": "dns client", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 106, + "source.ip": "10.0.1.20", + "source.packets": 1, + "source.port": 50074, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-15T14:07:00.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Rule-1" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Rule-1", + "cisco.ftd.security.application_protocol": "DNS", + "cisco.ftd.security.client": "DNS client", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dns_query": "siem-inside", + "cisco.ftd.security.dns_record_type": "a host address", + "cisco.ftd.security.dns_response_type": "Non-Existent Domain", + "cisco.ftd.security.dns_ttl": "86395", + "cisco.ftd.security.dst_ip": "8.8.8.8", + "cisco.ftd.security.dst_port": "53", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "164", + "cisco.ftd.security.initiator_packets": "2", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "udp", + "cisco.ftd.security.responder_bytes": "314", + "cisco.ftd.security.responder_packets": "2", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "49264", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 314, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.packets": 2, + "destination.port": 53, + "dns.question.name": "siem-inside", + "dns.question.type": "A", + "dns.response_code": "NXDOMAIN", + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-15T14:07:00.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 49264, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 2, ResponderPackets: 2, InitiatorBytes: 164, ResponderBytes: 314, NAPPolicy: Balanced Security and Connectivity, DNSQuery: siem-inside, DNSRecordType: a host address, DNSResponseType: Non-Existent Domain, DNS_TTL: 86395", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-15T16:07:00.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "firepower", + "input.type": "log", + "log.level": "alert", + "log.offset": 1821, + "network.application": "dns client", + "network.iana_number": 17, + "network.protocol": "dns", + "network.transport": "udp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 164, + "source.ip": "10.0.1.20", + "source.packets": 2, + "source.port": 49264, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-15T14:07:18.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430002", + "cisco.ftd.rule_name": [ + "default", + "Rule-1" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Rule-1", + "cisco.ftd.security.dst_ip": "52.59.244.233", + "cisco.ftd.security.dst_port": "80", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "140", + "cisco.ftd.security.initiator_packets": "2", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "tcp", + "cisco.ftd.security.responder_bytes": "74", + "cisco.ftd.security.responder_packets": "1", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "43228", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "52.59.244.233", + "destination.as.number": 16509, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.bytes": 74, + "destination.geo.city_name": "Frankfurt am Main", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "DE", + "destination.geo.location.lat": 50.1188, + "destination.geo.location.lon": 8.6843, + "destination.geo.region_iso_code": "DE-HE", + "destination.geo.region_name": "Hesse", + "destination.ip": "52.59.244.233", + "destination.packets": 1, + "destination.port": 80, + "event.action": "connection-started", + "event.code": 430002, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-1-430002: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 52.59.244.233, SrcPort: 43228, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, InitiatorPackets: 2, ResponderPackets: 1, InitiatorBytes: 140, ResponderBytes: 74, NAPPolicy: Balanced Security and Connectivity", + "event.outcome": "allow", + "event.severity": 1, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "firepower", + "input.type": "log", + "log.level": "alert", + "log.offset": 2515, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 140, + "source.ip": "10.0.1.20", + "source.packets": 2, + "source.port": 43228, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-15T14:07:19.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Rule-1" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Rule-1", + "cisco.ftd.security.application_protocol": "HTTP", + "cisco.ftd.security.client": "Advanced Packaging Tool", + "cisco.ftd.security.client_version": "1.3", + "cisco.ftd.security.connection_duration": "1", + "cisco.ftd.security.dst_ip": "52.59.244.233", + "cisco.ftd.security.dst_port": "80", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.http_response": "200", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "97454", + "cisco.ftd.security.initiator_packets": "1359", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "tcp", + "cisco.ftd.security.referenced_host": "eu-central-1.ec2.archive.ubuntu.com", + "cisco.ftd.security.responder_bytes": "41319018", + "cisco.ftd.security.responder_packets": "29001", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "43228", + "cisco.ftd.security.url": "http://eu-central-1.ec2.archive.ubuntu.com/ubuntu/pool/main/m/manpages/manpages-dev_4.15-1_all.deb", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.security.user_agent": "Debian APT-HTTP/1.3 (1.6.11)", + "cisco.ftd.security.web_application": "Ubuntu", + "cisco.ftd.source_interface": "inside", + "destination.address": "52.59.244.233", + "destination.as.number": 16509, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.bytes": 41319018, + "destination.geo.city_name": "Frankfurt am Main", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "DE", + "destination.geo.location.lat": 50.1188, + "destination.geo.location.lon": 8.6843, + "destination.geo.region_iso_code": "DE-HE", + "destination.geo.region_name": "Hesse", + "destination.ip": "52.59.244.233", + "destination.packets": 29001, + "destination.port": 80, + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 1000000000, + "event.end": "2019-08-15T14:07:19.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 52.59.244.233, SrcPort: 43228, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, UserAgent: Debian APT-HTTP/1.3 (1.6.11), Client: Advanced Packaging Tool, ClientVersion: 1.3, ApplicationProtocol: HTTP, WebApplication: Ubuntu, ConnectionDuration: 1, InitiatorPackets: 1359, ResponderPackets: 29001, InitiatorBytes: 97454, ResponderBytes: 41319018, NAPPolicy: Balanced Security and Connectivity, HTTPResponse: 200, ReferencedHost: eu-central-1.ec2.archive.ubuntu.com, URL: http://eu-central-1.ec2.archive.ubuntu.com/ubuntu/pool/main/m/manpages/manpages-dev_4.15-1_all.deb", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-15T16:07:18.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "firepower", + "http.response.status_code": "200", + "input.type": "log", + "log.level": "alert", + "log.offset": 3037, + "network.application": [ + "advanced packaging tool", + "ubuntu" + ], + "network.iana_number": 6, + "network.protocol": "http", + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 97454, + "source.ip": "10.0.1.20", + "source.packets": 1359, + "source.port": 43228, + "tags": [ + "cisco-ftd" + ], + "url.domain": "eu-central-1.ec2.archive.ubuntu.com", + "url.original": "http://eu-central-1.ec2.archive.ubuntu.com/ubuntu/pool/main/m/manpages/manpages-dev_4.15-1_all.deb", + "user.id": "No Authentication Required", + "user.name": "No Authentication Required", + "user_agent.original": "Debian APT-HTTP/1.3 (1.6.11)" + }, + { + "@timestamp": "2019-08-16T07:33:15.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430002", + "cisco.ftd.rule_name": [ + "default", + "Rule-1" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Rule-1", + "cisco.ftd.security.dst_ip": "213.211.198.62", + "cisco.ftd.security.dst_port": "80", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "140", + "cisco.ftd.security.initiator_packets": "2", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "tcp", + "cisco.ftd.security.responder_bytes": "74", + "cisco.ftd.security.responder_packets": "1", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "46000", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "inside", + "destination.address": "213.211.198.62", + "destination.as.number": 43341, + "destination.as.organization.name": "MDlink online service center GmbH", + "destination.bytes": 74, + "destination.geo.city_name": "Magdeburg", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "DE", + "destination.geo.location.lat": 52.1333, + "destination.geo.location.lon": 11.6167, + "destination.geo.region_iso_code": "DE-ST", + "destination.geo.region_name": "Saxony-Anhalt", + "destination.ip": "213.211.198.62", + "destination.packets": 1, + "destination.port": 80, + "event.action": "connection-started", + "event.code": 430002, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-1-430002: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 213.211.198.62, SrcPort: 46000, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, InitiatorPackets: 2, ResponderPackets: 1, InitiatorBytes: 140, ResponderBytes: 74, NAPPolicy: Balanced Security and Connectivity", + "event.outcome": "allow", + "event.severity": 1, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "firepower", + "input.type": "log", + "log.level": "alert", + "log.offset": 3919, + "network.iana_number": 6, + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 140, + "source.ip": "10.0.1.20", + "source.packets": 2, + "source.port": 46000, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-16T07:33:15.000-02:00", + "cisco.ftd.destination_interface": "outside", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Rule-1" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Rule-1", + "cisco.ftd.security.application_protocol": "HTTP", + "cisco.ftd.security.client": "cURL", + "cisco.ftd.security.client_version": "7.58.0", + "cisco.ftd.security.connection_duration": "0", + "cisco.ftd.security.dst_ip": "213.211.198.62", + "cisco.ftd.security.dst_port": "80", + "cisco.ftd.security.egress_interface": "outside", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.http_response": "200", + "cisco.ftd.security.ingress_interface": "inside", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "503", + "cisco.ftd.security.initiator_packets": "6", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "tcp", + "cisco.ftd.security.referenced_host": "www.eicar.org", + "cisco.ftd.security.responder_bytes": "690", + "cisco.ftd.security.responder_packets": "4", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "46000", + "cisco.ftd.security.url": "http://www.eicar.org/download/eicar_com.zip", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.security.user_agent": "curl/7.58.0", + "cisco.ftd.source_interface": "inside", + "destination.address": "213.211.198.62", + "destination.as.number": 43341, + "destination.as.organization.name": "MDlink online service center GmbH", + "destination.bytes": 690, + "destination.geo.city_name": "Magdeburg", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "DE", + "destination.geo.location.lat": 52.1333, + "destination.geo.location.lon": 11.6167, + "destination.geo.region_iso_code": "DE-ST", + "destination.geo.region_name": "Saxony-Anhalt", + "destination.ip": "213.211.198.62", + "destination.packets": 4, + "destination.port": 80, + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 0, + "event.end": "2019-08-16T07:33:15.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 213.211.198.62, SrcPort: 46000, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, UserAgent: curl/7.58.0, Client: cURL, ClientVersion: 7.58.0, ApplicationProtocol: HTTP, ConnectionDuration: 0, InitiatorPackets: 6, ResponderPackets: 4, InitiatorBytes: 503, ResponderBytes: 690, NAPPolicy: Balanced Security and Connectivity, HTTPResponse: 200, ReferencedHost: www.eicar.org, URL: http://www.eicar.org/download/eicar_com.zip", + "event.outcome": "allow", + "event.severity": 1, + "event.start": "2019-08-16T09:33:15.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "firepower", + "http.response.status_code": "200", + "input.type": "log", + "log.level": "alert", + "log.offset": 4442, + "network.application": "curl", + "network.iana_number": 6, + "network.protocol": "http", + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 503, + "source.ip": "10.0.1.20", + "source.packets": 6, + "source.port": 46000, + "tags": [ + "cisco-ftd" + ], + "url.domain": "www.eicar.org", + "url.original": "http://www.eicar.org/download/eicar_com.zip", + "user.id": "No Authentication Required", + "user.name": "No Authentication Required", + "user_agent.original": "curl/7.58.0" + }, + { + "@timestamp": "2019-08-16T07:35:15.000-02:00", + "cisco.ftd.destination_interface": "input", + "cisco.ftd.message_id": "430002", + "cisco.ftd.rule_name": [ + "default", + "Block-inbound-ICMP" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Block", + "cisco.ftd.security.access_control_rule_name": "Block-inbound-ICMP", + "cisco.ftd.security.dst_ip": "10.0.1.20", + "cisco.ftd.security.egress_interface": "input", + "cisco.ftd.security.egress_zone": "input-zone", + "cisco.ftd.security.icmp_code": "No Code", + "cisco.ftd.security.icmp_type": "Echo Request", + "cisco.ftd.security.ingress_interface": "output", + "cisco.ftd.security.ingress_zone": "output-zone", + "cisco.ftd.security.initiator_bytes": "0", + "cisco.ftd.security.initiator_packets": "0", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "icmp", + "cisco.ftd.security.responder_bytes": "0", + "cisco.ftd.security.responder_packets": "0", + "cisco.ftd.security.src_ip": "10.0.100.30", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.source_interface": "output", + "destination.address": "10.0.1.20", + "destination.bytes": 0, + "destination.ip": "10.0.1.20", + "destination.packets": 0, + "event.action": "connection-started", + "event.code": 430002, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-1-430002: AccessControlRuleAction: Block, SrcIP: 10.0.100.30, DstIP: 10.0.1.20, ICMPType: Echo Request, ICMPCode: No Code, Protocol: icmp, IngressInterface: output, EgressInterface: input, IngressZone: output-zone, EgressZone: input-zone, ACPolicy: default, AccessControlRuleName: Block-inbound-ICMP, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, InitiatorPackets: 0, ResponderPackets: 0, InitiatorBytes: 0, ResponderBytes: 0, NAPPolicy: Balanced Security and Connectivity", + "event.outcome": "block", + "event.severity": 1, + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "firepower", + "input.type": "log", + "log.level": "alert", + "log.offset": 5177, + "network.iana_number": 1, + "network.transport": "icmp", + "service.type": "cisco", + "source.address": "10.0.100.30", + "source.bytes": 0, + "source.ip": "10.0.100.30", + "source.packets": 0, + "tags": [ + "cisco-ftd" + ], + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-14T15:09:41.000-02:00", + "cisco.ftd.destination_interface": "output", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "default", + "Intrusion-Rule" + ], + "cisco.ftd.security.ac_policy": "default", + "cisco.ftd.security.access_control_rule_action": "Block", + "cisco.ftd.security.access_control_rule_name": "Intrusion-Rule", + "cisco.ftd.security.access_control_rule_reason": "File Block", + "cisco.ftd.security.application_protocol": "HTTP", + "cisco.ftd.security.client": "cURL", + "cisco.ftd.security.client_version": "7.58.0", + "cisco.ftd.security.connection_duration": "1", + "cisco.ftd.security.dst_ip": "10.0.100.30", + "cisco.ftd.security.dst_port": "8000", + "cisco.ftd.security.egress_interface": "output", + "cisco.ftd.security.egress_zone": "output-zone", + "cisco.ftd.security.file_count": "1", + "cisco.ftd.security.http_response": "200", + "cisco.ftd.security.ingress_interface": "input", + "cisco.ftd.security.ingress_zone": "input-zone", + "cisco.ftd.security.initiator_bytes": "365", + "cisco.ftd.security.initiator_packets": "4", + "cisco.ftd.security.nap_policy": "Balanced Security and Connectivity", + "cisco.ftd.security.prefilter_policy": "Default Prefilter Policy", + "cisco.ftd.security.protocol": "tcp", + "cisco.ftd.security.referenced_host": "10.0.100.30:8000", + "cisco.ftd.security.responder_bytes": "1927", + "cisco.ftd.security.responder_packets": "7", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "41544", + "cisco.ftd.security.url": "http://10.0.100.30:8000/eicar_com.zip", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.security.user_agent": "curl/7.58.0", + "cisco.ftd.source_interface": "input", + "destination.address": "10.0.100.30", + "destination.bytes": 1927, + "destination.ip": "10.0.100.30", + "destination.packets": 7, + "destination.port": 8000, + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 1000000000, + "event.end": "2019-08-14T15:09:41.000-02:00", + "event.module": "cisco", + "event.original": "%FTD-1-430003: AccessControlRuleAction: Block, AccessControlRuleReason: File Block, SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41544, DstPort: 8000, Protocol: tcp, IngressInterface: input, EgressInterface: output, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, UserAgent: curl/7.58.0, Client: cURL, ClientVersion: 7.58.0, ApplicationProtocol: HTTP, ConnectionDuration: 1, FileCount: 1, InitiatorPackets: 4, ResponderPackets: 7, InitiatorBytes: 365, ResponderBytes: 1927, NAPPolicy: Balanced Security and Connectivity, HTTPResponse: 200, ReferencedHost: 10.0.100.30:8000, URL: http://10.0.100.30:8000/eicar_com.zip", + "event.outcome": "block", + "event.severity": 1, + "event.start": "2019-08-14T17:09:40.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "http.response.status_code": "200", + "input.type": "log", + "log.level": "alert", + "log.offset": 5719, + "network.application": "curl", + "network.iana_number": 6, + "network.protocol": "http", + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.bytes": 365, + "source.ip": "10.0.1.20", + "source.packets": 4, + "source.port": 41544, + "tags": [ + "cisco-ftd" + ], + "url.domain": "10.0.100.30:8000", + "url.original": "http://10.0.100.30:8000/eicar_com.zip", + "user.id": "No Authentication Required", + "user.name": "No Authentication Required", + "user_agent.original": "curl/7.58.0" + } +] \ No newline at end of file diff --git a/filebeat/module/cisco/ftd/test/security-file-malware.log b/filebeat/module/cisco/ftd/test/security-file-malware.log new file mode 100644 index 00000000000..5a6fe1852f7 --- /dev/null +++ b/filebeat/module/cisco/ftd/test/security-file-malware.log @@ -0,0 +1,10 @@ +Aug 14 2019 14:54:25 siem-ftd %FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41522, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileName: exploit.exe, FileType: ELF, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T14:54:24Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/exploit.exe +Aug 14 2019 14:55:02 siem-ftd %FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41526, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileName: exploit.exe, FileType: ELF, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T14:55:01Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/exploit.exe +Aug 14 2019 15:00:29 siem-ftd %FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41530, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileName: eicar.com, FileType: EICAR, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T15:00:27Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/eicar.com +Aug 14 2019 15:01:41 siem-ftd %FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41534, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileName: eicar.com.txt, FileType: EICAR, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T15:01:40Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/eicar.com.txt +Aug 14 2019 15:03:28 siem-ftd %FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41540, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileSHA256: 2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad, ThreatName: Unknown, FileName: eicar_com.zip, FileType: ZIP, FileSize: 184, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T15:03:27Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/eicar_com.zip +Aug 14 2019 15:03:33 siem-ftd %FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41542, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileSHA256: 2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad, ThreatName: Unknown, FileName: eicar_com.zip, FileType: ZIP, FileSize: 184, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T15:03:31Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/eicar_com.zip +Aug 14 2019 15:09:43 siem-ftd %FTD-1-430005: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41544, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Malware Block, FileSHA256: 2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad, SHA_Disposition: Malware, SperoDisposition: Spero detection not performed on file, ThreatName: Win.Ransomware.Eicar::95.sbx.tg, ThreatScore: 76, FileName: eicar_com.zip, FileType: ZIP, FileSize: 184, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T15:09:40Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/eicar_com.zip +2019-08-16T09:39:03Z firepower %FTD-1-430005: SrcIP: 10.0.1.20, DstIP: 213.211.198.62, SrcPort: 46004, DstPort: 80, Protocol: tcp, FileDirection: Download, FileAction: Malware Cloud Lookup, FileSHA256: 2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad, SHA_Disposition: Unavailable, SperoDisposition: Spero detection not performed on file, ThreatName: Win.Ransomware.Eicar::95.sbx.tg, FileName: eicar_com.zip, FileType: ZIP, FileSize: 184, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-16T09:39:02Z, FilePolicy: malware-and-file-policy, FileStorageStatus: Not Stored (Disposition Was Pending), FileSandboxStatus: File Size Is Too Small, URI: http://www.eicar.org/download/eicar_com.zip +2019-08-16T09:40:45Z firepower %FTD-1-430005: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 55378, DstPort: 80, Protocol: tcp, FileDirection: Download, FileAction: Malware Cloud Lookup, FileSHA256: 9a04a82eb19ad382f9e9dbafa498c6b4291f93cfe98d9e8b2915af99c06ffcd7, SHA_Disposition: Unavailable, SperoDisposition: Spero detection not performed on file, ThreatName: Unknown, FileName: dd3dee576d0cb4abfed00f97f0c71c1d, FileType: PDF, FileSize: 278987, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-16T09:40:45Z, FilePolicy: malware-and-file-policy, FileStorageStatus: Not Stored (Disposition Was Pending), FileSandboxStatus: Sent for Analysis, FileStaticAnalysisStatus: Failed to Send, URI: http://10.0.100.30/public/infected/dd3dee576d0cb4abfed00f97f0c71c1d +2019-08-16T09:42:07Z firepower %FTD-1-430005: SrcIP: 10.0.1.20, DstIP: 18.197.225.123, SrcPort: 47926, DstPort: 80, Protocol: tcp, FileDirection: Download, FileAction: Malware Cloud Lookup, FileSHA256: 9a04a82eb19ad382f9e9dbafa498c6b4291f93cfe98d9e8b2915af99c06ffcd7, SHA_Disposition: Malware, SperoDisposition: Spero detection not performed on file, ThreatName: Pdf.Exploit.Pdfka::100.sbx.tg, ThreatScore: 100, FileName: dd3dee576d0cb4abfed00f97f0c71c1d, FileType: PDF, FileSize: 278987, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-16T09:42:06Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: Failed to Send, URI: http://18.197.225.123/public/infected/dd3dee576d0cb4abfed00f97f0c71c1d diff --git a/filebeat/module/cisco/ftd/test/security-file-malware.log-expected.json b/filebeat/module/cisco/ftd/test/security-file-malware.log-expected.json new file mode 100644 index 00000000000..da2bd878525 --- /dev/null +++ b/filebeat/module/cisco/ftd/test/security-file-malware.log-expected.json @@ -0,0 +1,590 @@ +[ + { + "@timestamp": "2019-08-14T14:54:25.000-02:00", + "cisco.ftd.message_id": "430004", + "cisco.ftd.rule_name": "malware-and-file-policy", + "cisco.ftd.security.application_protocol": "HTTP", + "cisco.ftd.security.client": "cURL", + "cisco.ftd.security.dst_ip": "10.0.100.30", + "cisco.ftd.security.dst_port": "8000", + "cisco.ftd.security.file_action": "Detect", + "cisco.ftd.security.file_direction": "Download", + "cisco.ftd.security.file_name": "exploit.exe", + "cisco.ftd.security.file_policy": "malware-and-file-policy", + "cisco.ftd.security.file_sandbox_status": "File Size Is Too Small", + "cisco.ftd.security.file_type": "ELF", + "cisco.ftd.security.first_packet_second": "2019-08-14T14:54:24Z", + "cisco.ftd.security.protocol": "tcp", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "41522", + "cisco.ftd.security.uri": "http://10.0.100.30:8000/exploit.exe", + "cisco.ftd.security.user": "No Authentication Required", + "destination.address": "10.0.100.30", + "destination.ip": "10.0.100.30", + "destination.port": 8000, + "event.action": "file-detected", + "event.code": 430004, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41522, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileName: exploit.exe, FileType: ELF, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T14:54:24Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/exploit.exe", + "event.severity": 1, + "event.start": "2019-08-14T14:54:24Z", + "event.timezone": "-02:00", + "file.name": "exploit.exe", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 0, + "network.application": "curl", + "network.iana_number": 6, + "network.protocol": "http", + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.ip": "10.0.1.20", + "source.port": 41522, + "tags": [ + "cisco-ftd" + ], + "url.original": "http://10.0.100.30:8000/exploit.exe", + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-14T14:55:02.000-02:00", + "cisco.ftd.message_id": "430004", + "cisco.ftd.rule_name": "malware-and-file-policy", + "cisco.ftd.security.application_protocol": "HTTP", + "cisco.ftd.security.client": "cURL", + "cisco.ftd.security.dst_ip": "10.0.100.30", + "cisco.ftd.security.dst_port": "8000", + "cisco.ftd.security.file_action": "Detect", + "cisco.ftd.security.file_direction": "Download", + "cisco.ftd.security.file_name": "exploit.exe", + "cisco.ftd.security.file_policy": "malware-and-file-policy", + "cisco.ftd.security.file_sandbox_status": "File Size Is Too Small", + "cisco.ftd.security.file_type": "ELF", + "cisco.ftd.security.first_packet_second": "2019-08-14T14:55:01Z", + "cisco.ftd.security.protocol": "tcp", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "41526", + "cisco.ftd.security.uri": "http://10.0.100.30:8000/exploit.exe", + "cisco.ftd.security.user": "No Authentication Required", + "destination.address": "10.0.100.30", + "destination.ip": "10.0.100.30", + "destination.port": 8000, + "event.action": "file-detected", + "event.code": 430004, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41526, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileName: exploit.exe, FileType: ELF, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T14:55:01Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/exploit.exe", + "event.severity": 1, + "event.start": "2019-08-14T14:55:01Z", + "event.timezone": "-02:00", + "file.name": "exploit.exe", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 450, + "network.application": "curl", + "network.iana_number": 6, + "network.protocol": "http", + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.ip": "10.0.1.20", + "source.port": 41526, + "tags": [ + "cisco-ftd" + ], + "url.original": "http://10.0.100.30:8000/exploit.exe", + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-14T15:00:29.000-02:00", + "cisco.ftd.message_id": "430004", + "cisco.ftd.rule_name": "malware-and-file-policy", + "cisco.ftd.security.application_protocol": "HTTP", + "cisco.ftd.security.client": "cURL", + "cisco.ftd.security.dst_ip": "10.0.100.30", + "cisco.ftd.security.dst_port": "8000", + "cisco.ftd.security.file_action": "Detect", + "cisco.ftd.security.file_direction": "Download", + "cisco.ftd.security.file_name": "eicar.com", + "cisco.ftd.security.file_policy": "malware-and-file-policy", + "cisco.ftd.security.file_sandbox_status": "File Size Is Too Small", + "cisco.ftd.security.file_type": "EICAR", + "cisco.ftd.security.first_packet_second": "2019-08-14T15:00:27Z", + "cisco.ftd.security.protocol": "tcp", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "41530", + "cisco.ftd.security.uri": "http://10.0.100.30:8000/eicar.com", + "cisco.ftd.security.user": "No Authentication Required", + "destination.address": "10.0.100.30", + "destination.ip": "10.0.100.30", + "destination.port": 8000, + "event.action": "file-detected", + "event.code": 430004, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41530, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileName: eicar.com, FileType: EICAR, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T15:00:27Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/eicar.com", + "event.severity": 1, + "event.start": "2019-08-14T15:00:27Z", + "event.timezone": "-02:00", + "file.name": "eicar.com", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 900, + "network.application": "curl", + "network.iana_number": 6, + "network.protocol": "http", + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.ip": "10.0.1.20", + "source.port": 41530, + "tags": [ + "cisco-ftd" + ], + "url.original": "http://10.0.100.30:8000/eicar.com", + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-14T15:01:41.000-02:00", + "cisco.ftd.message_id": "430004", + "cisco.ftd.rule_name": "malware-and-file-policy", + "cisco.ftd.security.application_protocol": "HTTP", + "cisco.ftd.security.client": "cURL", + "cisco.ftd.security.dst_ip": "10.0.100.30", + "cisco.ftd.security.dst_port": "8000", + "cisco.ftd.security.file_action": "Detect", + "cisco.ftd.security.file_direction": "Download", + "cisco.ftd.security.file_name": "eicar.com.txt", + "cisco.ftd.security.file_policy": "malware-and-file-policy", + "cisco.ftd.security.file_sandbox_status": "File Size Is Too Small", + "cisco.ftd.security.file_type": "EICAR", + "cisco.ftd.security.first_packet_second": "2019-08-14T15:01:40Z", + "cisco.ftd.security.protocol": "tcp", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "41534", + "cisco.ftd.security.uri": "http://10.0.100.30:8000/eicar.com.txt", + "cisco.ftd.security.user": "No Authentication Required", + "destination.address": "10.0.100.30", + "destination.ip": "10.0.100.30", + "destination.port": 8000, + "event.action": "file-detected", + "event.code": 430004, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41534, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileName: eicar.com.txt, FileType: EICAR, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T15:01:40Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/eicar.com.txt", + "event.severity": 1, + "event.start": "2019-08-14T15:01:40Z", + "event.timezone": "-02:00", + "file.name": "eicar.com.txt", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 1348, + "network.application": "curl", + "network.iana_number": 6, + "network.protocol": "http", + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.ip": "10.0.1.20", + "source.port": 41534, + "tags": [ + "cisco-ftd" + ], + "url.original": "http://10.0.100.30:8000/eicar.com.txt", + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-14T15:03:28.000-02:00", + "cisco.ftd.message_id": "430004", + "cisco.ftd.rule_name": "malware-and-file-policy", + "cisco.ftd.security.application_protocol": "HTTP", + "cisco.ftd.security.client": "cURL", + "cisco.ftd.security.dst_ip": "10.0.100.30", + "cisco.ftd.security.dst_port": "8000", + "cisco.ftd.security.file_action": "Detect", + "cisco.ftd.security.file_direction": "Download", + "cisco.ftd.security.file_name": "eicar_com.zip", + "cisco.ftd.security.file_policy": "malware-and-file-policy", + "cisco.ftd.security.file_sandbox_status": "File Size Is Too Small", + "cisco.ftd.security.file_sha256": "2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad", + "cisco.ftd.security.file_size": "184", + "cisco.ftd.security.file_type": "ZIP", + "cisco.ftd.security.first_packet_second": "2019-08-14T15:03:27Z", + "cisco.ftd.security.protocol": "tcp", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "41540", + "cisco.ftd.security.threat_name": "Unknown", + "cisco.ftd.security.uri": "http://10.0.100.30:8000/eicar_com.zip", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.threat_category": "Unknown", + "destination.address": "10.0.100.30", + "destination.ip": "10.0.100.30", + "destination.port": 8000, + "event.action": "file-detected", + "event.code": 430004, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41540, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileSHA256: 2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad, ThreatName: Unknown, FileName: eicar_com.zip, FileType: ZIP, FileSize: 184, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T15:03:27Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/eicar_com.zip", + "event.severity": 1, + "event.start": "2019-08-14T15:03:27Z", + "event.timezone": "-02:00", + "file.hash.sha256": "2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad", + "file.name": "eicar_com.zip", + "file.size": "184", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 1804, + "network.application": "curl", + "network.iana_number": 6, + "network.protocol": "http", + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.ip": "10.0.1.20", + "source.port": 41540, + "tags": [ + "cisco-ftd" + ], + "url.original": "http://10.0.100.30:8000/eicar_com.zip", + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-14T15:03:33.000-02:00", + "cisco.ftd.message_id": "430004", + "cisco.ftd.rule_name": "malware-and-file-policy", + "cisco.ftd.security.application_protocol": "HTTP", + "cisco.ftd.security.client": "cURL", + "cisco.ftd.security.dst_ip": "10.0.100.30", + "cisco.ftd.security.dst_port": "8000", + "cisco.ftd.security.file_action": "Detect", + "cisco.ftd.security.file_direction": "Download", + "cisco.ftd.security.file_name": "eicar_com.zip", + "cisco.ftd.security.file_policy": "malware-and-file-policy", + "cisco.ftd.security.file_sandbox_status": "File Size Is Too Small", + "cisco.ftd.security.file_sha256": "2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad", + "cisco.ftd.security.file_size": "184", + "cisco.ftd.security.file_type": "ZIP", + "cisco.ftd.security.first_packet_second": "2019-08-14T15:03:31Z", + "cisco.ftd.security.protocol": "tcp", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "41542", + "cisco.ftd.security.threat_name": "Unknown", + "cisco.ftd.security.uri": "http://10.0.100.30:8000/eicar_com.zip", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.threat_category": "Unknown", + "destination.address": "10.0.100.30", + "destination.ip": "10.0.100.30", + "destination.port": 8000, + "event.action": "file-detected", + "event.code": 430004, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41542, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileSHA256: 2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad, ThreatName: Unknown, FileName: eicar_com.zip, FileType: ZIP, FileSize: 184, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T15:03:31Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/eicar_com.zip", + "event.severity": 1, + "event.start": "2019-08-14T15:03:31Z", + "event.timezone": "-02:00", + "file.hash.sha256": "2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad", + "file.name": "eicar_com.zip", + "file.size": "184", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 2372, + "network.application": "curl", + "network.iana_number": 6, + "network.protocol": "http", + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.ip": "10.0.1.20", + "source.port": 41542, + "tags": [ + "cisco-ftd" + ], + "url.original": "http://10.0.100.30:8000/eicar_com.zip", + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-14T15:09:43.000-02:00", + "cisco.ftd.message_id": "430005", + "cisco.ftd.rule_name": "malware-and-file-policy", + "cisco.ftd.security.application_protocol": "HTTP", + "cisco.ftd.security.client": "cURL", + "cisco.ftd.security.dst_ip": "10.0.100.30", + "cisco.ftd.security.dst_port": "8000", + "cisco.ftd.security.file_action": "Malware Block", + "cisco.ftd.security.file_direction": "Download", + "cisco.ftd.security.file_name": "eicar_com.zip", + "cisco.ftd.security.file_policy": "malware-and-file-policy", + "cisco.ftd.security.file_sandbox_status": "File Size Is Too Small", + "cisco.ftd.security.file_sha256": "2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad", + "cisco.ftd.security.file_size": "184", + "cisco.ftd.security.file_type": "ZIP", + "cisco.ftd.security.first_packet_second": "2019-08-14T15:09:40Z", + "cisco.ftd.security.protocol": "tcp", + "cisco.ftd.security.sha_disposition": "Malware", + "cisco.ftd.security.spero_disposition": "Spero detection not performed on file", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "41544", + "cisco.ftd.security.threat_name": "Win.Ransomware.Eicar::95.sbx.tg", + "cisco.ftd.security.threat_score": "76", + "cisco.ftd.security.uri": "http://10.0.100.30:8000/eicar_com.zip", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.threat_category": "Win.Ransomware.Eicar::95.sbx.tg", + "cisco.ftd.threat_level": "76", + "destination.address": "10.0.100.30", + "destination.ip": "10.0.100.30", + "destination.port": 8000, + "event.action": "malware-detected", + "event.code": 430005, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-1-430005: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41544, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Malware Block, FileSHA256: 2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad, SHA_Disposition: Malware, SperoDisposition: Spero detection not performed on file, ThreatName: Win.Ransomware.Eicar::95.sbx.tg, ThreatScore: 76, FileName: eicar_com.zip, FileType: ZIP, FileSize: 184, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T15:09:40Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/eicar_com.zip", + "event.severity": 1, + "event.start": "2019-08-14T15:09:40Z", + "event.timezone": "-02:00", + "file.hash.sha256": "2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad", + "file.name": "eicar_com.zip", + "file.size": "184", + "fileset.name": "ftd", + "host.hostname": "siem-ftd", + "input.type": "log", + "log.level": "alert", + "log.offset": 2940, + "network.application": "curl", + "network.iana_number": 6, + "network.protocol": "http", + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.ip": "10.0.1.20", + "source.port": 41544, + "tags": [ + "cisco-ftd" + ], + "url.original": "http://10.0.100.30:8000/eicar_com.zip", + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-16T07:39:03.000-02:00", + "cisco.ftd.message_id": "430005", + "cisco.ftd.rule_name": "malware-and-file-policy", + "cisco.ftd.security.application_protocol": "HTTP", + "cisco.ftd.security.client": "cURL", + "cisco.ftd.security.dst_ip": "213.211.198.62", + "cisco.ftd.security.dst_port": "80", + "cisco.ftd.security.file_action": "Malware Cloud Lookup", + "cisco.ftd.security.file_direction": "Download", + "cisco.ftd.security.file_name": "eicar_com.zip", + "cisco.ftd.security.file_policy": "malware-and-file-policy", + "cisco.ftd.security.file_sandbox_status": "File Size Is Too Small", + "cisco.ftd.security.file_sha256": "2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad", + "cisco.ftd.security.file_size": "184", + "cisco.ftd.security.file_storage_status": "Not Stored (Disposition Was Pending)", + "cisco.ftd.security.file_type": "ZIP", + "cisco.ftd.security.first_packet_second": "2019-08-16T09:39:02Z", + "cisco.ftd.security.protocol": "tcp", + "cisco.ftd.security.sha_disposition": "Unavailable", + "cisco.ftd.security.spero_disposition": "Spero detection not performed on file", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "46004", + "cisco.ftd.security.threat_name": "Win.Ransomware.Eicar::95.sbx.tg", + "cisco.ftd.security.uri": "http://www.eicar.org/download/eicar_com.zip", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.threat_category": "Win.Ransomware.Eicar::95.sbx.tg", + "destination.address": "213.211.198.62", + "destination.as.number": 43341, + "destination.as.organization.name": "MDlink online service center GmbH", + "destination.geo.city_name": "Magdeburg", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "DE", + "destination.geo.location.lat": 52.1333, + "destination.geo.location.lon": 11.6167, + "destination.geo.region_iso_code": "DE-ST", + "destination.geo.region_name": "Saxony-Anhalt", + "destination.ip": "213.211.198.62", + "destination.port": 80, + "event.action": "malware-detected", + "event.code": 430005, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-1-430005: SrcIP: 10.0.1.20, DstIP: 213.211.198.62, SrcPort: 46004, DstPort: 80, Protocol: tcp, FileDirection: Download, FileAction: Malware Cloud Lookup, FileSHA256: 2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad, SHA_Disposition: Unavailable, SperoDisposition: Spero detection not performed on file, ThreatName: Win.Ransomware.Eicar::95.sbx.tg, FileName: eicar_com.zip, FileType: ZIP, FileSize: 184, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-16T09:39:02Z, FilePolicy: malware-and-file-policy, FileStorageStatus: Not Stored (Disposition Was Pending), FileSandboxStatus: File Size Is Too Small, URI: http://www.eicar.org/download/eicar_com.zip", + "event.severity": 1, + "event.start": "2019-08-16T09:39:02Z", + "event.timezone": "-02:00", + "file.hash.sha256": "2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad", + "file.name": "eicar_com.zip", + "file.size": "184", + "fileset.name": "ftd", + "host.hostname": "firepower", + "input.type": "log", + "log.level": "alert", + "log.offset": 3639, + "network.application": "curl", + "network.iana_number": 6, + "network.protocol": "http", + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.ip": "10.0.1.20", + "source.port": 46004, + "tags": [ + "cisco-ftd" + ], + "url.original": "http://www.eicar.org/download/eicar_com.zip", + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-16T07:40:45.000-02:00", + "cisco.ftd.message_id": "430005", + "cisco.ftd.rule_name": "malware-and-file-policy", + "cisco.ftd.security.application_protocol": "HTTP", + "cisco.ftd.security.client": "cURL", + "cisco.ftd.security.dst_ip": "10.0.100.30", + "cisco.ftd.security.dst_port": "80", + "cisco.ftd.security.file_action": "Malware Cloud Lookup", + "cisco.ftd.security.file_direction": "Download", + "cisco.ftd.security.file_name": "dd3dee576d0cb4abfed00f97f0c71c1d", + "cisco.ftd.security.file_policy": "malware-and-file-policy", + "cisco.ftd.security.file_sandbox_status": "Sent for Analysis", + "cisco.ftd.security.file_sha256": "9a04a82eb19ad382f9e9dbafa498c6b4291f93cfe98d9e8b2915af99c06ffcd7", + "cisco.ftd.security.file_size": "278987", + "cisco.ftd.security.file_storage_status": "Not Stored (Disposition Was Pending)", + "cisco.ftd.security.file_type": "PDF", + "cisco.ftd.security.first_packet_second": "2019-08-16T09:40:45Z", + "cisco.ftd.security.protocol": "tcp", + "cisco.ftd.security.sha_disposition": "Unavailable", + "cisco.ftd.security.spero_disposition": "Spero detection not performed on file", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "55378", + "cisco.ftd.security.threat_name": "Unknown", + "cisco.ftd.security.uri": "http://10.0.100.30/public/infected/dd3dee576d0cb4abfed00f97f0c71c1d", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.threat_category": "Unknown", + "destination.address": "10.0.100.30", + "destination.ip": "10.0.100.30", + "destination.port": 80, + "event.action": "malware-detected", + "event.code": 430005, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-1-430005: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 55378, DstPort: 80, Protocol: tcp, FileDirection: Download, FileAction: Malware Cloud Lookup, FileSHA256: 9a04a82eb19ad382f9e9dbafa498c6b4291f93cfe98d9e8b2915af99c06ffcd7, SHA_Disposition: Unavailable, SperoDisposition: Spero detection not performed on file, ThreatName: Unknown, FileName: dd3dee576d0cb4abfed00f97f0c71c1d, FileType: PDF, FileSize: 278987, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-16T09:40:45Z, FilePolicy: malware-and-file-policy, FileStorageStatus: Not Stored (Disposition Was Pending), FileSandboxStatus: Sent for Analysis, FileStaticAnalysisStatus: Failed to Send, URI: http://10.0.100.30/public/infected/dd3dee576d0cb4abfed00f97f0c71c1d", + "event.severity": 1, + "event.start": "2019-08-16T09:40:45Z", + "event.timezone": "-02:00", + "file.hash.sha256": "9a04a82eb19ad382f9e9dbafa498c6b4291f93cfe98d9e8b2915af99c06ffcd7", + "file.name": "dd3dee576d0cb4abfed00f97f0c71c1d", + "file.size": "278987", + "fileset.name": "ftd", + "host.hostname": "firepower", + "input.type": "log", + "log.level": "alert", + "log.offset": 4397, + "network.application": "curl", + "network.iana_number": 6, + "network.protocol": "http", + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.ip": "10.0.1.20", + "source.port": 55378, + "tags": [ + "cisco-ftd" + ], + "url.original": "http://10.0.100.30/public/infected/dd3dee576d0cb4abfed00f97f0c71c1d", + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + }, + { + "@timestamp": "2019-08-16T07:42:07.000-02:00", + "cisco.ftd.message_id": "430005", + "cisco.ftd.rule_name": "malware-and-file-policy", + "cisco.ftd.security.application_protocol": "HTTP", + "cisco.ftd.security.client": "cURL", + "cisco.ftd.security.dst_ip": "18.197.225.123", + "cisco.ftd.security.dst_port": "80", + "cisco.ftd.security.file_action": "Malware Cloud Lookup", + "cisco.ftd.security.file_direction": "Download", + "cisco.ftd.security.file_name": "dd3dee576d0cb4abfed00f97f0c71c1d", + "cisco.ftd.security.file_policy": "malware-and-file-policy", + "cisco.ftd.security.file_sandbox_status": "Failed to Send", + "cisco.ftd.security.file_sha256": "9a04a82eb19ad382f9e9dbafa498c6b4291f93cfe98d9e8b2915af99c06ffcd7", + "cisco.ftd.security.file_size": "278987", + "cisco.ftd.security.file_type": "PDF", + "cisco.ftd.security.first_packet_second": "2019-08-16T09:42:06Z", + "cisco.ftd.security.protocol": "tcp", + "cisco.ftd.security.sha_disposition": "Malware", + "cisco.ftd.security.spero_disposition": "Spero detection not performed on file", + "cisco.ftd.security.src_ip": "10.0.1.20", + "cisco.ftd.security.src_port": "47926", + "cisco.ftd.security.threat_name": "Pdf.Exploit.Pdfka::100.sbx.tg", + "cisco.ftd.security.threat_score": "100", + "cisco.ftd.security.uri": "http://18.197.225.123/public/infected/dd3dee576d0cb4abfed00f97f0c71c1d", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.threat_category": "Pdf.Exploit.Pdfka::100.sbx.tg", + "cisco.ftd.threat_level": "100", + "destination.address": "18.197.225.123", + "destination.as.number": 16509, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Frankfurt am Main", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "DE", + "destination.geo.location.lat": 50.1188, + "destination.geo.location.lon": 8.6843, + "destination.geo.region_iso_code": "DE-HE", + "destination.geo.region_name": "Hesse", + "destination.ip": "18.197.225.123", + "destination.port": 80, + "event.action": "malware-detected", + "event.code": 430005, + "event.dataset": "cisco.ftd", + "event.module": "cisco", + "event.original": "%FTD-1-430005: SrcIP: 10.0.1.20, DstIP: 18.197.225.123, SrcPort: 47926, DstPort: 80, Protocol: tcp, FileDirection: Download, FileAction: Malware Cloud Lookup, FileSHA256: 9a04a82eb19ad382f9e9dbafa498c6b4291f93cfe98d9e8b2915af99c06ffcd7, SHA_Disposition: Malware, SperoDisposition: Spero detection not performed on file, ThreatName: Pdf.Exploit.Pdfka::100.sbx.tg, ThreatScore: 100, FileName: dd3dee576d0cb4abfed00f97f0c71c1d, FileType: PDF, FileSize: 278987, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-16T09:42:06Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: Failed to Send, URI: http://18.197.225.123/public/infected/dd3dee576d0cb4abfed00f97f0c71c1d", + "event.severity": 1, + "event.start": "2019-08-16T09:42:06Z", + "event.timezone": "-02:00", + "file.hash.sha256": "9a04a82eb19ad382f9e9dbafa498c6b4291f93cfe98d9e8b2915af99c06ffcd7", + "file.name": "dd3dee576d0cb4abfed00f97f0c71c1d", + "file.size": "278987", + "fileset.name": "ftd", + "host.hostname": "firepower", + "input.type": "log", + "log.level": "alert", + "log.offset": 5211, + "network.application": "curl", + "network.iana_number": 6, + "network.protocol": "http", + "network.transport": "tcp", + "service.type": "cisco", + "source.address": "10.0.1.20", + "source.ip": "10.0.1.20", + "source.port": 47926, + "tags": [ + "cisco-ftd" + ], + "url.original": "http://18.197.225.123/public/infected/dd3dee576d0cb4abfed00f97f0c71c1d", + "user.id": "No Authentication Required", + "user.name": "No Authentication Required" + } +] \ No newline at end of file diff --git a/filebeat/module/cisco/ftd/test/security-malware-site.log b/filebeat/module/cisco/ftd/test/security-malware-site.log new file mode 100644 index 00000000000..3caf6780a5c --- /dev/null +++ b/filebeat/module/cisco/ftd/test/security-malware-site.log @@ -0,0 +1 @@ +2020-03-01T01:02:36Z CISCO-SENSOR-3D Alerts %NGIPS-0-430003: DeviceUUID: 1c8ff662-08f3-11e4-85c0-bc960372972f, AccessControlRuleAction: Allow, AccessControlRuleReason: IP Monitor, SrcIP: 3.3.3.3, DstIP: 2.2.2.2, SrcPort: 65090, DstPort: 80, Protocol: tcp, IngressInterface: s1p1, EgressInterface: s1p2, IngressZone: Inside-DMZ-Interface-Inline, EgressZone: Inside-DMZ-Interface-Inline, ACPolicy: COOL-POLICY-3D, AccessControlRuleName: Inside DMZ-Rule-Inline, Prefilter Policy: Unknown, User: No Authentication Required, UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36, Client: Chrome, ClientVersion: 80.0.3987.87, ApplicationProtocol: HTTP, ConnectionDuration: 20, InitiatorPackets: 4, ResponderPackets: 4, InitiatorBytes: 729, ResponderBytes: 246, NAPPolicy: State-Backbone, SecIntMatchingIP: Destination, IPReputationSICategory: Malware, HTTPReferer: http://eyedropper-color-pick.info/mk?c=1581483445764, ReferencedHost: eyedropper-color-pick.info, URL: http://bad-malwaresite-grr.info/favicon.ico diff --git a/filebeat/module/cisco/ftd/test/security-malware-site.log-expected.json b/filebeat/module/cisco/ftd/test/security-malware-site.log-expected.json new file mode 100644 index 00000000000..9be3704d462 --- /dev/null +++ b/filebeat/module/cisco/ftd/test/security-malware-site.log-expected.json @@ -0,0 +1,96 @@ +[ + { + "@timestamp": "2020-02-29T23:02:36.000-02:00", + "cisco.ftd.destination_interface": "s1p2", + "cisco.ftd.message_id": "430003", + "cisco.ftd.rule_name": [ + "COOL-POLICY-3D", + "Inside DMZ-Rule-Inline" + ], + "cisco.ftd.security.ac_policy": "COOL-POLICY-3D", + "cisco.ftd.security.access_control_rule_action": "Allow", + "cisco.ftd.security.access_control_rule_name": "Inside DMZ-Rule-Inline", + "cisco.ftd.security.access_control_rule_reason": "IP Monitor", + "cisco.ftd.security.application_protocol": "HTTP", + "cisco.ftd.security.client": "Chrome", + "cisco.ftd.security.client_version": "80.0.3987.87", + "cisco.ftd.security.connection_duration": "20", + "cisco.ftd.security.dst_ip": "2.2.2.2", + "cisco.ftd.security.dst_port": "80", + "cisco.ftd.security.egress_interface": "s1p2", + "cisco.ftd.security.egress_zone": "Inside-DMZ-Interface-Inline", + "cisco.ftd.security.http_referer": "http://eyedropper-color-pick.info/mk?c=1581483445764", + "cisco.ftd.security.ingress_interface": "s1p1", + "cisco.ftd.security.ingress_zone": "Inside-DMZ-Interface-Inline", + "cisco.ftd.security.initiator_bytes": "729", + "cisco.ftd.security.initiator_packets": "4", + "cisco.ftd.security.ip_reputation_si_category": "Malware", + "cisco.ftd.security.nap_policy": "State-Backbone", + "cisco.ftd.security.prefilter_policy": "Unknown", + "cisco.ftd.security.protocol": "tcp", + "cisco.ftd.security.referenced_host": "eyedropper-color-pick.info", + "cisco.ftd.security.responder_bytes": "246", + "cisco.ftd.security.responder_packets": "4", + "cisco.ftd.security.sec_int_matching_ip": "Destination", + "cisco.ftd.security.src_ip": "3.3.3.3", + "cisco.ftd.security.src_port": "65090", + "cisco.ftd.security.url": "http://bad-malwaresite-grr.info/favicon.ico", + "cisco.ftd.security.user": "No Authentication Required", + "cisco.ftd.security.user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36", + "cisco.ftd.source_interface": "s1p1", + "destination.address": "2.2.2.2", + "destination.as.number": 3215, + "destination.as.organization.name": "Orange", + "destination.bytes": 246, + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "FR", + "destination.geo.location.lat": 48.8582, + "destination.geo.location.lon": 2.3387, + "destination.ip": "2.2.2.2", + "destination.packets": 4, + "destination.port": 80, + "event.action": "connection-finished", + "event.code": 430003, + "event.dataset": "cisco.ftd", + "event.duration": 20000000000, + "event.end": "2020-02-29T23:02:36.000-02:00", + "event.module": "cisco", + "event.original": "%NGIPS-0-430003: DeviceUUID: 1c8ff662-08f3-11e4-85c0-bc960372972f, AccessControlRuleAction: Allow, AccessControlRuleReason: IP Monitor, SrcIP: 3.3.3.3, DstIP: 2.2.2.2, SrcPort: 65090, DstPort: 80, Protocol: tcp, IngressInterface: s1p1, EgressInterface: s1p2, IngressZone: Inside-DMZ-Interface-Inline, EgressZone: Inside-DMZ-Interface-Inline, ACPolicy: COOL-POLICY-3D, AccessControlRuleName: Inside DMZ-Rule-Inline, Prefilter Policy: Unknown, User: No Authentication Required, UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36, Client: Chrome, ClientVersion: 80.0.3987.87, ApplicationProtocol: HTTP, ConnectionDuration: 20, InitiatorPackets: 4, ResponderPackets: 4, InitiatorBytes: 729, ResponderBytes: 246, NAPPolicy: State-Backbone, SecIntMatchingIP: Destination, IPReputationSICategory: Malware, HTTPReferer: http://eyedropper-color-pick.info/mk?c=1581483445764, ReferencedHost: eyedropper-color-pick.info, URL: http://bad-malwaresite-grr.info/favicon.ico", + "event.outcome": "allow", + "event.severity": 0, + "event.start": "2020-03-01T01:02:16.000Z", + "event.timezone": "-02:00", + "fileset.name": "ftd", + "host.hostname": "CISCO-SENSOR-3D", + "http.request.referrer": "http://eyedropper-color-pick.info/mk?c=1581483445764", + "input.type": "log", + "log.level": "unknown", + "log.offset": 0, + "network.application": "chrome", + "network.iana_number": 6, + "network.protocol": "http", + "network.transport": "tcp", + "process.name": "Alerts", + "service.type": "cisco", + "source.address": "3.3.3.3", + "source.bytes": 729, + "source.geo.city_name": "Seattle", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 47.6348, + "source.geo.location.lon": -122.3451, + "source.geo.region_iso_code": "US-WA", + "source.geo.region_name": "Washington", + "source.ip": "3.3.3.3", + "source.packets": 4, + "source.port": 65090, + "tags": [ + "cisco-ftd" + ], + "url.domain": "eyedropper-color-pick.info", + "url.original": "http://bad-malwaresite-grr.info/favicon.ico", + "user.id": "No Authentication Required", + "user.name": "No Authentication Required", + "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36" + } +] \ No newline at end of file diff --git a/filebeat/module/cisco/ios/_meta/fields.yml b/filebeat/module/cisco/ios/_meta/fields.yml new file mode 100644 index 00000000000..8acb2c9cf4e --- /dev/null +++ b/filebeat/module/cisco/ios/_meta/fields.yml @@ -0,0 +1,18 @@ +- name: ios + type: group + description: > + Fields for Cisco IOS logs. + fields: + - name: access_list + type: keyword + description: > + Name of the IP access list. + + - name: facility + type: keyword + example: SEC + description: > + The facility to which the message refers (for example, SNMP, SYS, and so + forth). A facility can be a hardware device, a protocol, or a module of + the system software. It denotes the source or the cause of the system + message. diff --git a/filebeat/module/cisco/ios/config/input.yml b/filebeat/module/cisco/ios/config/input.yml new file mode 100644 index 00000000000..eea92c15693 --- /dev/null +++ b/filebeat/module/cisco/ios/config/input.yml @@ -0,0 +1,25 @@ +{{ if eq .input "syslog" }} + +type: syslog +protocol.udp: + host: "{{.syslog_host}}:{{.syslog_port}}" + +{{ else if eq .input "file" }} + +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] + +{{ end }} + +tags: {{.tags}} + +processors: + - add_locale: ~ + - script: + lang: javascript + id: cisco_ios + file: ${path.home}/module/cisco/ios/config/pipeline.js diff --git a/filebeat/module/cisco/ios/config/pipeline.js b/filebeat/module/cisco/ios/config/pipeline.js new file mode 100644 index 00000000000..c4e28d2fe11 --- /dev/null +++ b/filebeat/module/cisco/ios/config/pipeline.js @@ -0,0 +1,222 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +var ciscoIOS = (function() { + var processor = require("processor"); + + var newDissect = function(pattern) { + return new processor.Dissect({ + "tokenizer": pattern, + "field": "message", + "target_prefix": "", + }).Run; + }; + + var accessListMessagePatterns = { + "IPACCESSLOGP": newDissect("list %{cisco.ios.access_list} %{event.outcome} " + + "%{network.transport} %{source.address}(%{source.port}) -> " + + "%{destination.address}(%{destination.port}), %{source.packets} packet"), + + "IPACCESSLOGDP": newDissect("list %{cisco.ios.access_list} %{event.outcome} " + + "%{network.transport} %{source.address} -> " + + "%{destination.address} (%{icmp.type}/%{icmp.code}), %{source.packets} packet"), + + "IPACCESSLOGRP": newDissect("list %{cisco.ios.access_list} %{event.outcome} " + + "%{network.transport} %{source.address} -> " + + "%{destination.address}, %{source.packets} packet"), + + "IPACCESSLOGSP": newDissect("list %{cisco.ios.access_list} %{event.outcome} " + + "%{network.transport} %{source.address} -> " + + "%{destination.address} (%{igmp.type}), %{source.packets} packet"), + + "IPACCESSLOGNP": newDissect("list %{cisco.ios.access_list} %{event.outcome} " + + "%{network.iana_number} %{source.address} -> " + + "%{destination.address}, %{source.packets} packet"), + }; + // Add IPv6 log message patterns. + accessListMessagePatterns.ACCESSLOGP = accessListMessagePatterns.IPACCESSLOGP; + accessListMessagePatterns.ACCESSLOGSP = accessListMessagePatterns.IPACCESSLOGSP; + accessListMessagePatterns.ACCESSLOGDP = accessListMessagePatterns.IPACCESSLOGDP; + accessListMessagePatterns.ACCESSLOGNP = accessListMessagePatterns.IPACCESSLOGNP; + + var setLogLevel = function(evt) { + var severity = evt.Get("event.severity"); + + var levelKeyword = ""; + switch (severity) { + case 0: + levelKeyword = "emergencies"; + break; + case 1: + levelKeyword = "alerts"; + break; + case 2: + levelKeyword = "critical"; + break; + case 3: + levelKeyword = "errors"; + break; + case 4: + levelKeyword = "warnings"; + break; + case 5: + levelKeyword = "notifications"; + break; + case 6: + levelKeyword = "informational"; + break; + case 7: + levelKeyword = "debugging"; + break; + default: + return; + } + + evt.Put("log.level", levelKeyword); + }; + + var copyOriginalMessage = new processor.Convert({ + fields: [ + {from: "message", to: "log.original"}, + ], + mode: "copy", + }); + + var parseSyslogFileHeader = new processor.Chain() + .Dissect({ + tokenizer: "%{_tmp.ts->} %{+_tmp.ts} %{+_tmp.ts->} %{log.source.address} %{event.sequence}: %{_tmp.timestamp}: %{_tmp.message}", + field: "message", + target_prefix: "", + }) + .Convert({ + fields: [ + {from: "_tmp.message", to: "message"}, + ], + mode: "rename", + }) + .Convert({ + fields: [ + {from: "event.sequence", type: "long"}, + ], + ignore_missing: true, + }) + .Add(function(evt) { + processor.Timestamp({ + field: "_tmp.timestamp", + target_field: "@timestamp", + timezone: evt.Get("event.timezone"), + layouts: [ + 'Jan _2 15:04:05.999', + 'Jan _2 15:04:05.999 MST', + ], + ignore_missing: true, + }).Run(evt); + }) + .Add(function(evt) { + evt.Delete("_tmp"); + }) + .Build(); + + var processMessage = new processor.Chain() + // Parse the header of the message that is common to all messages. + .Dissect({ + "tokenizer": "%{}%%{cisco.ios.facility}-%{_event_severity}-%{event.code}: %{_message}", + "field": "message", + "target_prefix": "", + }) + .Add(function(evt) { + evt.Delete("message"); + evt.Rename("_message", "message"); + evt.Delete("event.severity"); + evt.Rename("_event_severity", "event.severity"); + }) + .Convert({ + fields: [ + {from: "event.severity", type: "long"}, + ], + }) + .Add(setLogLevel) + // Use a specific dissect pattern based on the event.code. + .Add(function(evt) { + var eventCode = evt.Get("event.code"); + if (!eventCode) { + return; + } + + var dissect = accessListMessagePatterns[eventCode]; + if (dissect) { + dissect(evt); + coerceNumbers(evt); + normalizeEventOutcome(evt); + setNetworkType(evt); + setRelatedIP(evt); + evt.Put("event.category", "network_traffic"); + evt.Put("event.type", "firewall"); + return; + } + }) + .CommunityID() + .Build(); + + var coerceNumbers = new processor.Convert({ + fields: [ + {from: "destination.address", to: "destination.ip", type: "ip"}, + {from: "destination.port", type: "long"}, + {from: "source.address", to: "source.ip", type: "ip"}, + {from: "source.port", type: "long"}, + {from: "source.packets", type: "long"}, + {from: "source.packets", to: "network.packets", type: "long"}, + {from: "icmp.type", type: "long"}, + {from: "icmp.code", type: "long"}, + {from: "igmp.type", type: "long"}, + ], + ignore_missing: true, + }).Run; + + var normalizeEventOutcome = function(evt) { + var outcome = evt.Get("event.outcome"); + switch (outcome) { + case "denied": + evt.Put("event.outcome", "deny"); + break; + case "permitted": + evt.Put("event.outcome", "allow"); + break; + } + }; + + var setNetworkType = function(event) { + var ip = event.Get("source.ip"); + if (!ip) { + return; + } + + if (ip.indexOf(".") !== -1) { + event.Put("network.type", "ipv4"); + } else { + event.Put("network.type", "ipv6"); + } + }; + + var setRelatedIP = function(event) { + event.AppendTo("related.ip", event.Get("source.ip")); + event.AppendTo("related.ip", event.Get("destination.ip")); + }; + + return { + process: function(evt) { + copyOriginalMessage.Run(evt); + + if (evt.Get("input.type") === "log") { + parseSyslogFileHeader.Run(evt); + } + + processMessage.Run(evt); + }, + }; +})(); + +function process(evt) { + ciscoIOS.process(evt); +} diff --git a/filebeat/module/cisco/ios/ingest/pipeline.yml b/filebeat/module/cisco/ios/ingest/pipeline.yml new file mode 100644 index 00000000000..6ffe20df8f5 --- /dev/null +++ b/filebeat/module/cisco/ios/ingest/pipeline.yml @@ -0,0 +1,51 @@ +description: Pipeline for Cisco IOS logs. + +processors: + # IP Geolocation Lookup + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true + + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/cisco/ios/manifest.yml b/filebeat/module/cisco/ios/manifest.yml new file mode 100644 index 00000000000..d429cd994b1 --- /dev/null +++ b/filebeat/module/cisco/ios/manifest.yml @@ -0,0 +1,21 @@ +module_version: "1.0" + +var: + - name: paths + default: + - /var/log/cisco-ios.log + - name: tags + default: [cisco-ios] + - name: syslog_host + default: localhost + - name: syslog_port + default: 9002 + - name: input + default: syslog + +ingest_pipeline: ingest/pipeline.yml +input: config/input.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/filebeat/module/cisco/ios/pipeline_test.go b/filebeat/module/cisco/ios/pipeline_test.go new file mode 100644 index 00000000000..53496b6a640 --- /dev/null +++ b/filebeat/module/cisco/ios/pipeline_test.go @@ -0,0 +1,261 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package ios_test + +import ( + "encoding/json" + "fmt" + "testing" + + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/libbeat/processors" + "github.com/elastic/beats/v7/libbeat/processors/script/javascript" + "github.com/elastic/go-lookslike" + "github.com/elastic/go-lookslike/isdef" + "github.com/elastic/go-lookslike/validator" + + // Register JS "require" modules. + _ "github.com/elastic/beats/v7/libbeat/processors/script/javascript/module" + // Register required processors. + _ "github.com/elastic/beats/v7/libbeat/cmd/instance" + _ "github.com/elastic/beats/v7/libbeat/processors/timestamp" +) + +var logInputHeaders = []string{ + "Feb 8 04:00:48 10.100.4.2 585917: Feb 8 04:00:47.272: ", + "Jun 20 02:42:16 10.100.4.2 1663310: Jun 20 02:42:15.330: ", +} + +type testCase struct { + message string + validator validator.Validator +} + +var testCases = []testCase{ + { + "%SEC-6-IPACCESSLOGP: list 100 denied udp 198.51.100.1(55934) -> 198.51.100.255(15600), 1 packet", + lookslike.MustCompile(map[string]interface{}{ + "cisco.ios.access_list": "100", + "cisco.ios.facility": "SEC", + "destination.ip": "198.51.100.255", + "destination.port": int64(15600), + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.outcome": "deny", + "event.severity": int64(6), + "event.type": "firewall", + "log.level": "informational", + "log.original": isdef.IsNonEmptyString, + "message": "list 100 denied udp 198.51.100.1(55934) -> 198.51.100.255(15600), 1 packet", + "network.community_id": isdef.IsNonEmptyString, + "network.packets": int64(1), + "network.transport": "udp", + "source.ip": "198.51.100.1", + "source.packets": int64(1), + "source.port": int64(55934), + }), + }, + + { + "%SEC-6-IPACCESSLOGDP: list 100 denied icmp 198.51.100.1 -> 198.51.100.2 (3/5), 1 packet", + lookslike.MustCompile(map[string]interface{}{ + "cisco.ios.access_list": "100", + "cisco.ios.facility": "SEC", + "destination.ip": "198.51.100.2", + "event.category": "network_traffic", + "event.code": "IPACCESSLOGDP", + "event.outcome": "deny", + "event.severity": int64(6), + "event.type": "firewall", + "icmp.code": int64(5), + "icmp.type": int64(3), + "log.level": "informational", + "log.original": isdef.IsNonEmptyString, + "message": "list 100 denied icmp 198.51.100.1 -> 198.51.100.2 (3/5), 1 packet", + "network.community_id": isdef.IsNonEmptyString, + "network.packets": int64(1), + "network.transport": "icmp", + "source.ip": "198.51.100.1", + "source.packets": int64(1), + }), + }, + + { + "%SEC-6-IPACCESSLOGRP: list 170 denied igmp 198.51.100.1 -> 224.168.168.168, 1 packet", + lookslike.MustCompile(map[string]interface{}{ + "cisco.ios.access_list": "170", + "cisco.ios.facility": "SEC", + "destination.ip": "224.168.168.168", + "event.category": "network_traffic", + "event.code": "IPACCESSLOGRP", + "event.outcome": "deny", + "event.severity": int64(6), + "event.type": "firewall", + "log.level": "informational", + "log.original": isdef.IsNonEmptyString, + "message": "list 170 denied igmp 198.51.100.1 -> 224.168.168.168, 1 packet", + "network.community_id": isdef.IsNonEmptyString, + "network.packets": int64(1), + "network.transport": "igmp", + "source.ip": "198.51.100.1", + "source.packets": int64(1), + }), + }, + + { + "%SEC-6-IPACCESSLOGSP: list INBOUND-ON-AP denied igmp 198.51.100.1 -> 224.0.0.2 (20), 1 packet", + lookslike.MustCompile(map[string]interface{}{ + "cisco.ios.access_list": "INBOUND-ON-AP", + "cisco.ios.facility": "SEC", + "destination.ip": "224.0.0.2", + "event.category": "network_traffic", + "event.code": "IPACCESSLOGSP", + "event.outcome": "deny", + "event.severity": int64(6), + "event.type": "firewall", + "igmp.type": int64(20), + "log.level": "informational", + "log.original": isdef.IsNonEmptyString, + "message": "list INBOUND-ON-AP denied igmp 198.51.100.1 -> 224.0.0.2 (20), 1 packet", + "network.community_id": isdef.IsNonEmptyString, + "network.packets": int64(1), + "network.transport": "igmp", + "source.ip": "198.51.100.1", + "source.packets": int64(1), + }), + }, + + { + "%SEC-6-IPACCESSLOGNP: list 1 permitted 0 198.51.100.1 -> 239.10.10.10, 1 packet", + lookslike.MustCompile(map[string]interface{}{ + "cisco.ios.access_list": "1", + "cisco.ios.facility": "SEC", + "destination.ip": "239.10.10.10", + "event.category": "network_traffic", + "event.code": "IPACCESSLOGNP", + "event.outcome": "allow", + "event.severity": int64(6), + "event.type": "firewall", + "log.level": "informational", + "log.original": isdef.IsNonEmptyString, + "message": "list 1 permitted 0 198.51.100.1 -> 239.10.10.10, 1 packet", + "network.community_id": isdef.IsNonEmptyString, + "network.packets": int64(1), + "network.iana_number": "0", + "source.ip": "198.51.100.1", + "source.packets": int64(1), + }), + }, + + { + "%SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 18 packets", + lookslike.MustCompile(map[string]interface{}{ + "cisco.ios.facility": "SEC", + "event.code": "IPACCESSLOGRL", + "event.severity": int64(6), + "log.level": "informational", + "log.original": isdef.IsNonEmptyString, + "message": "access-list logging rate-limited or missed 18 packets", + }), + }, + + { + "%IPV6-6-ACCESSLOGP: list ACL-IPv6-E0/0-IN/10 permitted tcp 2001:DB8::3(1027) -> 2001:DB8:1000::1(22), 9 packets", + lookslike.MustCompile(map[string]interface{}{ + "cisco.ios.facility": "IPV6", + "event.code": "ACCESSLOGP", + "event.severity": int64(6), + "log.level": "informational", + "log.original": isdef.IsNonEmptyString, + "message": "list ACL-IPv6-E0/0-IN/10 permitted tcp 2001:DB8::3(1027) -> 2001:DB8:1000::1(22), 9 packets", + }), + }, +} + +func TestFilebeatSyslogCisco(t *testing.T) { + logp.TestingSetup() + + p, err := javascript.NewFromConfig( + javascript.Config{File: "config/pipeline.js"}, + nil, + ) + if err != nil { + t.Fatal(err) + } + + testInput(t, "syslog", p) + testInput(t, "log", p) +} + +func testInput(t *testing.T, input string, p processors.Processor) { + for i, tc := range testCases { + tc := tc + t.Run(fmt.Sprintf("%s/%d", input, i), func(t *testing.T) { + if input == "log" { + tc.message = logInputHeaders[i%len(logInputHeaders)] + tc.message + } + + e := &beat.Event{ + Fields: common.MapStr{ + "message": tc.message, + "input": common.MapStr{ + "type": input, + }, + }, + } + + out, err := p.Run(e) + if err != nil { + t.Fatalf("%+v", err) + } + if out == nil { + t.Fatal("event was dropped") + } + + if testing.Verbose() { + data, err := json.MarshalIndent(out.Fields, "", " ") + if err != nil { + t.Fatal(err) + } + t.Log(string(data)) + } + + if results := tc.validator(e.Fields); !results.Valid { + for _, err := range results.Errors() { + t.Error(err) + } + } + }) + } +} + +func BenchmarkPipeline(b *testing.B) { + p, err := javascript.NewFromConfig( + javascript.Config{File: "config/pipeline.js"}, + nil, + ) + if err != nil { + b.Fatal(err) + } + b.ResetTimer() + + for i := 0; i < b.N; i++ { + e := beat.Event{ + Fields: common.MapStr{ + "message": testCases[i%len(testCases)].message, + "input": common.MapStr{ + "type": "syslog", + }, + }, + } + + _, err := p.Run(&e) + if err != nil { + b.Fatal(err) + } + } +} diff --git a/filebeat/module/cisco/ios/test/cisco-ios-syslog.log b/filebeat/module/cisco/ios/test/cisco-ios-syslog.log new file mode 100644 index 00000000000..fe309a798a5 --- /dev/null +++ b/filebeat/module/cisco/ios/test/cisco-ios-syslog.log @@ -0,0 +1,34 @@ +Feb 8 04:00:48 198.51.100.2 585917: Feb 8 04:00:47.272: %SEC-6-IPACCESSLOGRP: list 177 denied igmp 198.51.100.197 -> 224.0.0.22, 1 packet +Feb 9 04:00:48 198.51.100.2 585918: Feb 9 04:00:47.272: %SEC-6-IPACCESSLOGSP: list INBOUND-ON-F11 denied igmp 198.51.100.2 -> 224.0.0.2 (20), 1 packet +Feb 10 04:00:48 198.51.100.2 585919: Feb 10 04:00:47.272: %SEC-6-IPACCESSLOGNP: list 171 denied 0 198.51.100.1 -> 255.255.255.255, 1 packet +May 3 19:11:33 198.51.100.2 585920: May 3 19:11:32.619: %IPV6-6-ACCESSLOGP: list ACL-IPv6-E0/0-IN/10 permitted tcp 2001:DB8::3(1027) -> 2001:DB8:1000::1(22), 9 packets +Jun 20 02:41:40 198.51.100.2 1663303: Jun 20 02:41:39.326: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(55250) -> 198.51.100.255(15600), 1 packet +Jun 20 02:41:45 198.51.100.2 1663304: Jun 20 02:41:44.921: %SEC-6-IPACCESSLOGDP: list 151 denied icmp 198.51.100.1 -> 198.51.100.2 (3/4), 1 packet +Jun 20 02:41:52 198.51.100.2 1663305: Jun 20 02:41:51.330: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(60677) -> 198.51.100.255(15600), 1 packet +Jun 20 02:41:56 198.51.100.2 1663306: Jun 20 02:41:55.222: %SEC-6-IPACCESSLOGP: list 150 denied tcp 198.51.100.12(59825) -> 172.217.10.46(80), 1 packet +Jun 20 02:41:58 198.51.100.2 1663307: Jun 20 02:41:57.328: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(56723) -> 198.51.100.255(15600), 1 packet +Jun 20 02:42:04 198.51.100.2 1663308: Jun 20 02:42:03.334: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(54473) -> 198.51.100.255(15600), 1 packet +Jun 20 02:42:10 198.51.100.2 1663309: Jun 20 02:42:09.332: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(33568) -> 198.51.100.255(15600), 1 packet +Jun 20 02:42:16 198.51.100.2 1663310: Jun 20 02:42:15.330: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(35207) -> 198.51.100.255(15600), 1 packet +Jun 20 02:42:22 198.51.100.2 1663311: Jun 20 02:42:21.336: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(37063) -> 198.51.100.255(15600), 1 packet +Jun 20 02:42:28 198.51.100.2 1663312: Jun 20 02:42:27.342: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(54309) -> 198.51.100.255(15600), 1 packet +Jun 20 02:42:28 198.51.100.2 1663313: Jun 20 02:42:28.374: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 18 packets +Jun 20 02:42:34 198.51.100.2 1663314: Jun 20 02:42:33.340: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(43989) -> 198.51.100.255(15600), 1 packet +Jun 20 02:42:40 198.51.100.2 1663315: Jun 20 02:42:39.338: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(53432) -> 198.51.100.255(15600), 1 packet +Jun 20 02:42:46 198.51.100.2 1663316: Jun 20 02:42:45.336: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(58674) -> 198.51.100.255(15600), 1 packet +Jun 20 02:42:48 198.51.100.2 1663317: Jun 20 02:42:47.466: %SEC-6-IPACCESSLOGP: list 150 denied tcp 198.51.100.12(59830) -> 172.217.10.46(80), 1 packet +Jun 20 02:42:52 198.51.100.2 1663318: Jun 20 02:42:51.342: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(52377) -> 198.51.100.255(15600), 1 packet +Jun 20 02:42:58 198.51.100.2 1663319: Jun 20 02:42:57.340: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(42695) -> 198.51.100.255(15600), 1 packet +Jun 20 02:43:04 198.51.100.2 1663320: Jun 20 02:43:03.346: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(58393) -> 198.51.100.255(15600), 1 packet +Jun 20 02:43:09 198.51.100.2 1663321: Jun 20 02:43:08.454: %SEC-6-IPACCESSLOGP: list 150 denied tcp 198.51.100.12(59832) -> 172.217.10.46(80), 1 packet +Jun 20 02:43:16 198.51.100.2 1663322: Jun 20 02:43:15.350: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(60908) -> 198.51.100.255(15600), 1 packet +Jun 20 02:43:20 198.51.100.2 1663323: Jun 20 02:43:20.346: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(59415) -> 8.8.8.8(53), 1 packet +Jun 20 02:43:22 198.51.100.2 1663324: Jun 20 02:43:21.348: %SEC-6-IPACCESSLOGP: list 177 denied udp 8.8.8.8(53) -> 198.51.100.195(59415), 1 packet +Jun 20 02:43:29 198.51.100.2 1663325: Jun 20 02:43:28.403: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 23 packets +Jun 20 02:43:29 198.51.100.2 1663326: Jun 20 02:43:28.403: %SEC-6-IPACCESSLOGDP: list 150 denied icmp 198.51.100.12 -> 198.51.100.1 (3/3), 32 packets +Jun 20 02:43:30 198.51.100.2 1663327: Jun 20 02:43:29.451: %SEC-6-IPACCESSLOGP: list 150 denied tcp 198.51.100.12(59834) -> 172.217.10.46(80), 1 packet +Jun 20 02:43:34 198.51.100.2 1663328: Jun 20 02:43:33.352: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(54532) -> 198.51.100.255(15600), 1 packet +Jun 20 02:43:40 198.51.100.2 1663329: Jun 20 02:43:39.350: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(57831) -> 198.51.100.255(15600), 1 packet +Jun 20 02:43:45 198.51.100.2 1663330: Jun 20 02:43:44.173: %SEC-6-IPACCESSLOGP: list 150 denied udp 198.51.100.20(138) -> 198.51.100.255(138), 1 packet +Jun 20 02:43:46 198.51.100.2 1663331: Jun 20 02:43:45.356: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(42988) -> 198.51.100.255(15600), 1 packet +Jun 20 02:43:51 198.51.100.2 1663332: Jun 20 02:43:50.473: %SEC-6-IPACCESSLOGP: list 150 denied tcp 198.51.100.12(59836) -> 172.217.10.46(80), 1 packet diff --git a/filebeat/module/cisco/ios/test/cisco-ios-syslog.log-expected.json b/filebeat/module/cisco/ios/test/cisco-ios-syslog.log-expected.json new file mode 100644 index 00000000000..50f8ddcd825 --- /dev/null +++ b/filebeat/module/cisco/ios/test/cisco-ios-syslog.log-expected.json @@ -0,0 +1,1327 @@ +[ + { + "cisco.ios.access_list": "177", + "cisco.ios.facility": "SEC", + "destination.address": "224.0.0.22", + "destination.ip": "224.0.0.22", + "event.category": "network_traffic", + "event.code": "IPACCESSLOGRP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 585917, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 0, + "log.original": "Feb 8 04:00:48 198.51.100.2 585917: Feb 8 04:00:47.272: %SEC-6-IPACCESSLOGRP: list 177 denied igmp 198.51.100.197 -> 224.0.0.22, 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 177 denied igmp 198.51.100.197 -> 224.0.0.22, 1 packet", + "network.community_id": "1:Rt5RGlrNED3cg8Wokm4+KGsDz+4=", + "network.packets": 1, + "network.transport": "igmp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.197", + "224.0.0.22" + ], + "service.type": "cisco", + "source.address": "198.51.100.197", + "source.ip": "198.51.100.197", + "source.packets": 1, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "INBOUND-ON-F11", + "cisco.ios.facility": "SEC", + "destination.address": "224.0.0.2", + "destination.ip": "224.0.0.2", + "event.category": "network_traffic", + "event.code": "IPACCESSLOGSP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 585918, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "igmp.type": 20, + "input.type": "log", + "log.level": "informational", + "log.offset": 140, + "log.original": "Feb 9 04:00:48 198.51.100.2 585918: Feb 9 04:00:47.272: %SEC-6-IPACCESSLOGSP: list INBOUND-ON-F11 denied igmp 198.51.100.2 -> 224.0.0.2 (20), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list INBOUND-ON-F11 denied igmp 198.51.100.2 -> 224.0.0.2 (20), 1 packet", + "network.community_id": "1:gg8i3117u+0XZ7S0E0dl04HE4qw=", + "network.packets": 1, + "network.transport": "igmp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.2", + "224.0.0.2" + ], + "service.type": "cisco", + "source.address": "198.51.100.2", + "source.ip": "198.51.100.2", + "source.packets": 1, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "171", + "cisco.ios.facility": "SEC", + "destination.address": "255.255.255.255", + "destination.ip": "255.255.255.255", + "event.category": "network_traffic", + "event.code": "IPACCESSLOGNP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 585919, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 293, + "log.original": "Feb 10 04:00:48 198.51.100.2 585919: Feb 10 04:00:47.272: %SEC-6-IPACCESSLOGNP: list 171 denied 0 198.51.100.1 -> 255.255.255.255, 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 171 denied 0 198.51.100.1 -> 255.255.255.255, 1 packet", + "network.community_id": "1:1JDZaxA1TK/7igCVzK1nGJRzc8s=", + "network.iana_number": "0", + "network.packets": 1, + "network.type": "ipv4", + "related.ip": [ + "198.51.100.1", + "255.255.255.255" + ], + "service.type": "cisco", + "source.address": "198.51.100.1", + "source.ip": "198.51.100.1", + "source.packets": 1, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "ACL-IPv6-E0/0-IN/10", + "cisco.ios.facility": "IPV6", + "destination.address": "2001:DB8:1000::1", + "destination.ip": "2001:DB8:1000::1", + "destination.port": 22, + "event.category": "network_traffic", + "event.code": "ACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "allow", + "event.sequence": 585920, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 433, + "log.original": "May 3 19:11:33 198.51.100.2 585920: May 3 19:11:32.619: %IPV6-6-ACCESSLOGP: list ACL-IPv6-E0/0-IN/10 permitted tcp 2001:DB8::3(1027) -> 2001:DB8:1000::1(22), 9 packets", + "log.source.address": "198.51.100.2", + "message": "list ACL-IPv6-E0/0-IN/10 permitted tcp 2001:DB8::3(1027) -> 2001:DB8:1000::1(22), 9 packets", + "network.community_id": "1:MFLZEQR2gBCpxJEXRvaB0jjkxNA=", + "network.packets": 9, + "network.transport": "tcp", + "network.type": "ipv6", + "related.ip": [ + "2001:DB8::3", + "2001:DB8:1000::1" + ], + "service.type": "cisco", + "source.address": "2001:DB8::3", + "source.ip": "2001:DB8::3", + "source.packets": 9, + "source.port": 1027, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "177", + "cisco.ios.facility": "SEC", + "destination.address": "198.51.100.255", + "destination.ip": "198.51.100.255", + "destination.port": 15600, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663303, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 603, + "log.original": "Jun 20 02:41:40 198.51.100.2 1663303: Jun 20 02:41:39.326: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(55250) -> 198.51.100.255(15600), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 177 denied udp 198.51.100.195(55250) -> 198.51.100.255(15600), 1 packet", + "network.community_id": "1:7qvTEOLkmhTrK1y9mKNwCENQbeU=", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.195", + "198.51.100.255" + ], + "service.type": "cisco", + "source.address": "198.51.100.195", + "source.ip": "198.51.100.195", + "source.packets": 1, + "source.port": 55250, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "151", + "cisco.ios.facility": "SEC", + "destination.address": "198.51.100.2", + "destination.ip": "198.51.100.2", + "event.category": "network_traffic", + "event.code": "IPACCESSLOGDP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663304, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "icmp.code": 4, + "icmp.type": 3, + "input.type": "log", + "log.level": "informational", + "log.offset": 760, + "log.original": "Jun 20 02:41:45 198.51.100.2 1663304: Jun 20 02:41:44.921: %SEC-6-IPACCESSLOGDP: list 151 denied icmp 198.51.100.1 -> 198.51.100.2 (3/4), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 151 denied icmp 198.51.100.1 -> 198.51.100.2 (3/4), 1 packet", + "network.community_id": "1:9lO0Kj0TpXAVNWuiPRAyFAGtCqM=", + "network.packets": 1, + "network.transport": "icmp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.1", + "198.51.100.2" + ], + "service.type": "cisco", + "source.address": "198.51.100.1", + "source.ip": "198.51.100.1", + "source.packets": 1, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "177", + "cisco.ios.facility": "SEC", + "destination.address": "198.51.100.255", + "destination.ip": "198.51.100.255", + "destination.port": 15600, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663305, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 907, + "log.original": "Jun 20 02:41:52 198.51.100.2 1663305: Jun 20 02:41:51.330: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(60677) -> 198.51.100.255(15600), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 177 denied udp 198.51.100.195(60677) -> 198.51.100.255(15600), 1 packet", + "network.community_id": "1:Lud5gqMTFfAbEofhXpsS/o4dZys=", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.195", + "198.51.100.255" + ], + "service.type": "cisco", + "source.address": "198.51.100.195", + "source.ip": "198.51.100.195", + "source.packets": 1, + "source.port": 60677, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "150", + "cisco.ios.facility": "SEC", + "destination.address": "172.217.10.46", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "172.217.10.46", + "destination.port": 80, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663306, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 1064, + "log.original": "Jun 20 02:41:56 198.51.100.2 1663306: Jun 20 02:41:55.222: %SEC-6-IPACCESSLOGP: list 150 denied tcp 198.51.100.12(59825) -> 172.217.10.46(80), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 150 denied tcp 198.51.100.12(59825) -> 172.217.10.46(80), 1 packet", + "network.community_id": "1:chQ9+C+0W0ihrzqZ0HbcFSRdBRc=", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.12", + "172.217.10.46" + ], + "service.type": "cisco", + "source.address": "198.51.100.12", + "source.ip": "198.51.100.12", + "source.packets": 1, + "source.port": 59825, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "177", + "cisco.ios.facility": "SEC", + "destination.address": "198.51.100.255", + "destination.ip": "198.51.100.255", + "destination.port": 15600, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663307, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 1216, + "log.original": "Jun 20 02:41:58 198.51.100.2 1663307: Jun 20 02:41:57.328: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(56723) -> 198.51.100.255(15600), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 177 denied udp 198.51.100.195(56723) -> 198.51.100.255(15600), 1 packet", + "network.community_id": "1:BruAfFaynLUu6SXi7ClSR1DYOWg=", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.195", + "198.51.100.255" + ], + "service.type": "cisco", + "source.address": "198.51.100.195", + "source.ip": "198.51.100.195", + "source.packets": 1, + "source.port": 56723, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "177", + "cisco.ios.facility": "SEC", + "destination.address": "198.51.100.255", + "destination.ip": "198.51.100.255", + "destination.port": 15600, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663308, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 1373, + "log.original": "Jun 20 02:42:04 198.51.100.2 1663308: Jun 20 02:42:03.334: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(54473) -> 198.51.100.255(15600), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 177 denied udp 198.51.100.195(54473) -> 198.51.100.255(15600), 1 packet", + "network.community_id": "1:ctfS7d2xk9XtgdmEIOqsr4frBoE=", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.195", + "198.51.100.255" + ], + "service.type": "cisco", + "source.address": "198.51.100.195", + "source.ip": "198.51.100.195", + "source.packets": 1, + "source.port": 54473, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "177", + "cisco.ios.facility": "SEC", + "destination.address": "198.51.100.255", + "destination.ip": "198.51.100.255", + "destination.port": 15600, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663309, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 1530, + "log.original": "Jun 20 02:42:10 198.51.100.2 1663309: Jun 20 02:42:09.332: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(33568) -> 198.51.100.255(15600), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 177 denied udp 198.51.100.195(33568) -> 198.51.100.255(15600), 1 packet", + "network.community_id": "1:6K2VXu+wJS0lCMTaHLFjmyDVEpg=", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.195", + "198.51.100.255" + ], + "service.type": "cisco", + "source.address": "198.51.100.195", + "source.ip": "198.51.100.195", + "source.packets": 1, + "source.port": 33568, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "177", + "cisco.ios.facility": "SEC", + "destination.address": "198.51.100.255", + "destination.ip": "198.51.100.255", + "destination.port": 15600, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663310, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 1687, + "log.original": "Jun 20 02:42:16 198.51.100.2 1663310: Jun 20 02:42:15.330: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(35207) -> 198.51.100.255(15600), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 177 denied udp 198.51.100.195(35207) -> 198.51.100.255(15600), 1 packet", + "network.community_id": "1:by+lBCsBZqhTbAqRXhpllepMEh8=", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.195", + "198.51.100.255" + ], + "service.type": "cisco", + "source.address": "198.51.100.195", + "source.ip": "198.51.100.195", + "source.packets": 1, + "source.port": 35207, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "177", + "cisco.ios.facility": "SEC", + "destination.address": "198.51.100.255", + "destination.ip": "198.51.100.255", + "destination.port": 15600, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663311, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 1844, + "log.original": "Jun 20 02:42:22 198.51.100.2 1663311: Jun 20 02:42:21.336: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(37063) -> 198.51.100.255(15600), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 177 denied udp 198.51.100.195(37063) -> 198.51.100.255(15600), 1 packet", + "network.community_id": "1:frgqje80nI0kO8NX/zo7ujVEZWw=", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.195", + "198.51.100.255" + ], + "service.type": "cisco", + "source.address": "198.51.100.195", + "source.ip": "198.51.100.195", + "source.packets": 1, + "source.port": 37063, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "177", + "cisco.ios.facility": "SEC", + "destination.address": "198.51.100.255", + "destination.ip": "198.51.100.255", + "destination.port": 15600, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663312, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 2001, + "log.original": "Jun 20 02:42:28 198.51.100.2 1663312: Jun 20 02:42:27.342: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(54309) -> 198.51.100.255(15600), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 177 denied udp 198.51.100.195(54309) -> 198.51.100.255(15600), 1 packet", + "network.community_id": "1:UaC2rOjKSQBEmX+jEyiQatg9eGI=", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.195", + "198.51.100.255" + ], + "service.type": "cisco", + "source.address": "198.51.100.195", + "source.ip": "198.51.100.195", + "source.packets": 1, + "source.port": 54309, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.facility": "SEC", + "event.code": "IPACCESSLOGRL", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.sequence": 1663313, + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 2158, + "log.original": "Jun 20 02:42:28 198.51.100.2 1663313: Jun 20 02:42:28.374: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 18 packets", + "log.source.address": "198.51.100.2", + "message": "access-list logging rate-limited or missed 18 packets", + "service.type": "cisco", + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "177", + "cisco.ios.facility": "SEC", + "destination.address": "198.51.100.255", + "destination.ip": "198.51.100.255", + "destination.port": 15600, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663314, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 2293, + "log.original": "Jun 20 02:42:34 198.51.100.2 1663314: Jun 20 02:42:33.340: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(43989) -> 198.51.100.255(15600), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 177 denied udp 198.51.100.195(43989) -> 198.51.100.255(15600), 1 packet", + "network.community_id": "1:CdrzBOQ6Cohqy+Mgg9EZnl1nHFs=", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.195", + "198.51.100.255" + ], + "service.type": "cisco", + "source.address": "198.51.100.195", + "source.ip": "198.51.100.195", + "source.packets": 1, + "source.port": 43989, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "177", + "cisco.ios.facility": "SEC", + "destination.address": "198.51.100.255", + "destination.ip": "198.51.100.255", + "destination.port": 15600, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663315, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 2450, + "log.original": "Jun 20 02:42:40 198.51.100.2 1663315: Jun 20 02:42:39.338: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(53432) -> 198.51.100.255(15600), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 177 denied udp 198.51.100.195(53432) -> 198.51.100.255(15600), 1 packet", + "network.community_id": "1:twu1rKMe6bS5h4kOZe3oB9mbn+8=", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.195", + "198.51.100.255" + ], + "service.type": "cisco", + "source.address": "198.51.100.195", + "source.ip": "198.51.100.195", + "source.packets": 1, + "source.port": 53432, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "177", + "cisco.ios.facility": "SEC", + "destination.address": "198.51.100.255", + "destination.ip": "198.51.100.255", + "destination.port": 15600, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663316, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 2607, + "log.original": "Jun 20 02:42:46 198.51.100.2 1663316: Jun 20 02:42:45.336: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(58674) -> 198.51.100.255(15600), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 177 denied udp 198.51.100.195(58674) -> 198.51.100.255(15600), 1 packet", + "network.community_id": "1:D97Jg14Vzd+WyHKELBePAyVyF0E=", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.195", + "198.51.100.255" + ], + "service.type": "cisco", + "source.address": "198.51.100.195", + "source.ip": "198.51.100.195", + "source.packets": 1, + "source.port": 58674, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "150", + "cisco.ios.facility": "SEC", + "destination.address": "172.217.10.46", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "172.217.10.46", + "destination.port": 80, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663317, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 2764, + "log.original": "Jun 20 02:42:48 198.51.100.2 1663317: Jun 20 02:42:47.466: %SEC-6-IPACCESSLOGP: list 150 denied tcp 198.51.100.12(59830) -> 172.217.10.46(80), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 150 denied tcp 198.51.100.12(59830) -> 172.217.10.46(80), 1 packet", + "network.community_id": "1:1wksIVoz6RiDcVwlsvGoWvHXyFY=", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.12", + "172.217.10.46" + ], + "service.type": "cisco", + "source.address": "198.51.100.12", + "source.ip": "198.51.100.12", + "source.packets": 1, + "source.port": 59830, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "177", + "cisco.ios.facility": "SEC", + "destination.address": "198.51.100.255", + "destination.ip": "198.51.100.255", + "destination.port": 15600, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663318, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 2916, + "log.original": "Jun 20 02:42:52 198.51.100.2 1663318: Jun 20 02:42:51.342: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(52377) -> 198.51.100.255(15600), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 177 denied udp 198.51.100.195(52377) -> 198.51.100.255(15600), 1 packet", + "network.community_id": "1:UVTBuG4at1CMPYUTSTTDMq/I7yw=", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.195", + "198.51.100.255" + ], + "service.type": "cisco", + "source.address": "198.51.100.195", + "source.ip": "198.51.100.195", + "source.packets": 1, + "source.port": 52377, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "177", + "cisco.ios.facility": "SEC", + "destination.address": "198.51.100.255", + "destination.ip": "198.51.100.255", + "destination.port": 15600, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663319, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 3073, + "log.original": "Jun 20 02:42:58 198.51.100.2 1663319: Jun 20 02:42:57.340: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(42695) -> 198.51.100.255(15600), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 177 denied udp 198.51.100.195(42695) -> 198.51.100.255(15600), 1 packet", + "network.community_id": "1:WF+QN5TIBW5Lz1t1UShV4eSsXI0=", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.195", + "198.51.100.255" + ], + "service.type": "cisco", + "source.address": "198.51.100.195", + "source.ip": "198.51.100.195", + "source.packets": 1, + "source.port": 42695, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "177", + "cisco.ios.facility": "SEC", + "destination.address": "198.51.100.255", + "destination.ip": "198.51.100.255", + "destination.port": 15600, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663320, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 3230, + "log.original": "Jun 20 02:43:04 198.51.100.2 1663320: Jun 20 02:43:03.346: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(58393) -> 198.51.100.255(15600), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 177 denied udp 198.51.100.195(58393) -> 198.51.100.255(15600), 1 packet", + "network.community_id": "1:d16UFjI7hZNWrQxIuBYNrXnERBw=", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.195", + "198.51.100.255" + ], + "service.type": "cisco", + "source.address": "198.51.100.195", + "source.ip": "198.51.100.195", + "source.packets": 1, + "source.port": 58393, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "150", + "cisco.ios.facility": "SEC", + "destination.address": "172.217.10.46", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "172.217.10.46", + "destination.port": 80, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663321, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 3387, + "log.original": "Jun 20 02:43:09 198.51.100.2 1663321: Jun 20 02:43:08.454: %SEC-6-IPACCESSLOGP: list 150 denied tcp 198.51.100.12(59832) -> 172.217.10.46(80), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 150 denied tcp 198.51.100.12(59832) -> 172.217.10.46(80), 1 packet", + "network.community_id": "1:VrawQ+fBZ7zfHStQfvTOW1zQANA=", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.12", + "172.217.10.46" + ], + "service.type": "cisco", + "source.address": "198.51.100.12", + "source.ip": "198.51.100.12", + "source.packets": 1, + "source.port": 59832, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "177", + "cisco.ios.facility": "SEC", + "destination.address": "198.51.100.255", + "destination.ip": "198.51.100.255", + "destination.port": 15600, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663322, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 3539, + "log.original": "Jun 20 02:43:16 198.51.100.2 1663322: Jun 20 02:43:15.350: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(60908) -> 198.51.100.255(15600), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 177 denied udp 198.51.100.195(60908) -> 198.51.100.255(15600), 1 packet", + "network.community_id": "1:ESnVM+4vIfHJutYZl+5MbiVqE1Q=", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.195", + "198.51.100.255" + ], + "service.type": "cisco", + "source.address": "198.51.100.195", + "source.ip": "198.51.100.195", + "source.packets": 1, + "source.port": 60908, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "177", + "cisco.ios.facility": "SEC", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.port": 53, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663323, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 3696, + "log.original": "Jun 20 02:43:20 198.51.100.2 1663323: Jun 20 02:43:20.346: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(59415) -> 8.8.8.8(53), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 177 denied udp 198.51.100.195(59415) -> 8.8.8.8(53), 1 packet", + "network.community_id": "1:h/uFabgjBwU5mrrtpdTxxrh73yI=", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.195", + "8.8.8.8" + ], + "service.type": "cisco", + "source.address": "198.51.100.195", + "source.ip": "198.51.100.195", + "source.packets": 1, + "source.port": 59415, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "177", + "cisco.ios.facility": "SEC", + "destination.address": "198.51.100.195", + "destination.ip": "198.51.100.195", + "destination.port": 59415, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663324, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 3843, + "log.original": "Jun 20 02:43:22 198.51.100.2 1663324: Jun 20 02:43:21.348: %SEC-6-IPACCESSLOGP: list 177 denied udp 8.8.8.8(53) -> 198.51.100.195(59415), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 177 denied udp 8.8.8.8(53) -> 198.51.100.195(59415), 1 packet", + "network.community_id": "1:h/uFabgjBwU5mrrtpdTxxrh73yI=", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "8.8.8.8", + "198.51.100.195" + ], + "service.type": "cisco", + "source.address": "8.8.8.8", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.ip": "8.8.8.8", + "source.packets": 1, + "source.port": 53, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.facility": "SEC", + "event.code": "IPACCESSLOGRL", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.sequence": 1663325, + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 3990, + "log.original": "Jun 20 02:43:29 198.51.100.2 1663325: Jun 20 02:43:28.403: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 23 packets", + "log.source.address": "198.51.100.2", + "message": "access-list logging rate-limited or missed 23 packets", + "service.type": "cisco", + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "150", + "cisco.ios.facility": "SEC", + "destination.address": "198.51.100.1", + "destination.ip": "198.51.100.1", + "event.category": "network_traffic", + "event.code": "IPACCESSLOGDP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663326, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "icmp.code": 3, + "icmp.type": 3, + "input.type": "log", + "log.level": "informational", + "log.offset": 4125, + "log.original": "Jun 20 02:43:29 198.51.100.2 1663326: Jun 20 02:43:28.403: %SEC-6-IPACCESSLOGDP: list 150 denied icmp 198.51.100.12 -> 198.51.100.1 (3/3), 32 packets", + "log.source.address": "198.51.100.2", + "message": "list 150 denied icmp 198.51.100.12 -> 198.51.100.1 (3/3), 32 packets", + "network.community_id": "1:huj4hjTG/rbN+R5GhpV6YHP1sYM=", + "network.packets": 32, + "network.transport": "icmp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.12", + "198.51.100.1" + ], + "service.type": "cisco", + "source.address": "198.51.100.12", + "source.ip": "198.51.100.12", + "source.packets": 32, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "150", + "cisco.ios.facility": "SEC", + "destination.address": "172.217.10.46", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "172.217.10.46", + "destination.port": 80, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663327, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 4275, + "log.original": "Jun 20 02:43:30 198.51.100.2 1663327: Jun 20 02:43:29.451: %SEC-6-IPACCESSLOGP: list 150 denied tcp 198.51.100.12(59834) -> 172.217.10.46(80), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 150 denied tcp 198.51.100.12(59834) -> 172.217.10.46(80), 1 packet", + "network.community_id": "1:5enMmUgQViWG28IC5W6/9cYJ6EA=", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.12", + "172.217.10.46" + ], + "service.type": "cisco", + "source.address": "198.51.100.12", + "source.ip": "198.51.100.12", + "source.packets": 1, + "source.port": 59834, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "177", + "cisco.ios.facility": "SEC", + "destination.address": "198.51.100.255", + "destination.ip": "198.51.100.255", + "destination.port": 15600, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663328, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 4427, + "log.original": "Jun 20 02:43:34 198.51.100.2 1663328: Jun 20 02:43:33.352: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(54532) -> 198.51.100.255(15600), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 177 denied udp 198.51.100.195(54532) -> 198.51.100.255(15600), 1 packet", + "network.community_id": "1:HW2UVF4QjZyP0WvOCPDC/SaLeM4=", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.195", + "198.51.100.255" + ], + "service.type": "cisco", + "source.address": "198.51.100.195", + "source.ip": "198.51.100.195", + "source.packets": 1, + "source.port": 54532, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "177", + "cisco.ios.facility": "SEC", + "destination.address": "198.51.100.255", + "destination.ip": "198.51.100.255", + "destination.port": 15600, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663329, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 4584, + "log.original": "Jun 20 02:43:40 198.51.100.2 1663329: Jun 20 02:43:39.350: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(57831) -> 198.51.100.255(15600), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 177 denied udp 198.51.100.195(57831) -> 198.51.100.255(15600), 1 packet", + "network.community_id": "1:wnyoad/xLJtzSkYMtkPdjPFtcbY=", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.195", + "198.51.100.255" + ], + "service.type": "cisco", + "source.address": "198.51.100.195", + "source.ip": "198.51.100.195", + "source.packets": 1, + "source.port": 57831, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "150", + "cisco.ios.facility": "SEC", + "destination.address": "198.51.100.255", + "destination.ip": "198.51.100.255", + "destination.port": 138, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663330, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 4741, + "log.original": "Jun 20 02:43:45 198.51.100.2 1663330: Jun 20 02:43:44.173: %SEC-6-IPACCESSLOGP: list 150 denied udp 198.51.100.20(138) -> 198.51.100.255(138), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 150 denied udp 198.51.100.20(138) -> 198.51.100.255(138), 1 packet", + "network.community_id": "1:20RnUEbnGL+QfL5tp+byZIdFKiE=", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.20", + "198.51.100.255" + ], + "service.type": "cisco", + "source.address": "198.51.100.20", + "source.ip": "198.51.100.20", + "source.packets": 1, + "source.port": 138, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "177", + "cisco.ios.facility": "SEC", + "destination.address": "198.51.100.255", + "destination.ip": "198.51.100.255", + "destination.port": 15600, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663331, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 4893, + "log.original": "Jun 20 02:43:46 198.51.100.2 1663331: Jun 20 02:43:45.356: %SEC-6-IPACCESSLOGP: list 177 denied udp 198.51.100.195(42988) -> 198.51.100.255(15600), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 177 denied udp 198.51.100.195(42988) -> 198.51.100.255(15600), 1 packet", + "network.community_id": "1:+vR7H9Spa/zExAcx4hOFskroCOY=", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.195", + "198.51.100.255" + ], + "service.type": "cisco", + "source.address": "198.51.100.195", + "source.ip": "198.51.100.195", + "source.packets": 1, + "source.port": 42988, + "tags": [ + "cisco-ios" + ] + }, + { + "cisco.ios.access_list": "150", + "cisco.ios.facility": "SEC", + "destination.address": "172.217.10.46", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "172.217.10.46", + "destination.port": 80, + "event.category": "network_traffic", + "event.code": "IPACCESSLOGP", + "event.dataset": "cisco.ios", + "event.module": "cisco", + "event.outcome": "deny", + "event.sequence": 1663332, + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": "firewall", + "fileset.name": "ios", + "input.type": "log", + "log.level": "informational", + "log.offset": 5050, + "log.original": "Jun 20 02:43:51 198.51.100.2 1663332: Jun 20 02:43:50.473: %SEC-6-IPACCESSLOGP: list 150 denied tcp 198.51.100.12(59836) -> 172.217.10.46(80), 1 packet", + "log.source.address": "198.51.100.2", + "message": "list 150 denied tcp 198.51.100.12(59836) -> 172.217.10.46(80), 1 packet", + "network.community_id": "1:cfXjAByFKHEuSoPPIRx01/7LC0Q=", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.12", + "172.217.10.46" + ], + "service.type": "cisco", + "source.address": "198.51.100.12", + "source.ip": "198.51.100.12", + "source.packets": 1, + "source.port": 59836, + "tags": [ + "cisco-ios" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/cisco/module.yml b/filebeat/module/cisco/module.yml new file mode 100644 index 00000000000..b3a9249a617 --- /dev/null +++ b/filebeat/module/cisco/module.yml @@ -0,0 +1,3 @@ +dashboards: +- id: a555b160-4987-11e9-b8ce-ed898b5ef295 + file: Filebeat-Cisco-ASA.json diff --git a/filebeat/module/cisco/shared/gen-ecs-mapping-docs.go b/filebeat/module/cisco/shared/gen-ecs-mapping-docs.go new file mode 100644 index 00000000000..62fc5f41914 --- /dev/null +++ b/filebeat/module/cisco/shared/gen-ecs-mapping-docs.go @@ -0,0 +1,143 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// +build ignore + +package main + +import ( + "encoding/csv" + "flag" + "fmt" + "io" + "os" + "sort" + + "github.com/pkg/errors" +) + +var outputFile = flag.String("output", "ftd-ecs-mappings.asciidoc", "Output file") + +var outputTables = []struct { + Name string + IDs []string +}{ + { + Name: "Intrusion events", + IDs: []string{"430001"}, + }, + { + Name: "Connection and Security Intelligence events", + IDs: []string{"430002", "430003"}, + }, + { + Name: "File and Malware events", + IDs: []string{"430004", "430004"}, + }, +} + +type idMappings map[string]fieldMappings + +type fieldMappings map[string]stringSet + +func main() { + if err := generate(); err != nil { + fmt.Fprintf(os.Stderr, "Error: %v\n", err) + os.Exit(2) + } +} + +func usage() { + fmt.Fprintf(os.Stderr, "Usage: %s [-output file.yml] \n", os.Args[0]) + flag.PrintDefaults() + os.Exit(1) +} + +func generate() error { + flag.Usage = usage + flag.Parse() + if len(flag.Args()) == 0 || len(flag.Args()[0]) == 0 { + return errors.New("no csv file provided") + } + csvFile := flag.Args()[0] + fHandle, err := os.Open(csvFile) + if err != nil { + return fmt.Errorf("failed to open %s: %v", csvFile, err) + } + defer fHandle.Close() + + outHandle, err := os.Create(*outputFile) + if err != nil { + return fmt.Errorf("failed to create %s: %v", *outputFile, err) + } + defer outHandle.Close() + + mappings, err := loadMappings(fHandle) + if err != nil { + return fmt.Errorf("failed to load mappings from '%s': %v", csvFile, err) + } + + for _, table := range outputTables { + fieldMap := make(fieldMappings) + for _, id := range table.IDs { + fieldMap.merge(mappings[id]) + } + var fields []string + for k, v := range fieldMap { + if len(v) > 0 { + fields = append(fields, k) + } + } + sort.Strings(fields) + fmt.Fprintf(outHandle, "Mappings for %s fields:\n", table.Name) + fmt.Fprintln(outHandle, "[options=\"header\"]") + fmt.Fprintln(outHandle, "|====================================") + fmt.Fprintln(outHandle, "| FTD Field | Mapped fields") + for _, field := range fields { + fmt.Fprintln(outHandle, "|", field, "|", fieldMap[field].String()) + } + fmt.Fprintln(outHandle, "|====================================") + fmt.Fprintln(outHandle) + } + + return nil +} + +func loadMappings(reader io.Reader) (m idMappings, err error) { + csvReader := csv.NewReader(reader) + csvReader.FieldsPerRecord = -1 + m = make(idMappings) + for lineNum := 1; ; lineNum++ { + record, err := csvReader.Read() + if err == io.EOF { + break + } + if err != nil { + return m, errors.Wrapf(err, "failed reading line %d", lineNum) + } + if len(record) < 3 { + return m, fmt.Errorf("line %d has unexpected number of columns: %d", lineNum, len(record)) + } + id := record[1] + ftdField := record[2] + if _, found := m[id]; !found { + m[id] = make(fieldMappings) + } + if _, found := m[id][ftdField]; !found { + m[id][ftdField] = newStringSet(nil) + } + m[id][ftdField].merge(newStringSet(record[3:])) + } + return m, nil +} + +func (m fieldMappings) merge(other fieldMappings) { + for ftdField, newECS := range other { + if curECS, found := m[ftdField]; found { + curECS.merge(newECS) + } else { + m[ftdField] = newECS + } + } +} diff --git a/filebeat/module/cisco/shared/gen-ftd-ecs-mapping.go b/filebeat/module/cisco/shared/gen-ftd-ecs-mapping.go new file mode 100644 index 00000000000..0de448f23ce --- /dev/null +++ b/filebeat/module/cisco/shared/gen-ftd-ecs-mapping.go @@ -0,0 +1,249 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// +build ignore + +package main + +import ( + "encoding/csv" + "flag" + "fmt" + "io" + "os" + "strings" + "unicode" + + "gopkg.in/yaml.v2" + + "github.com/pkg/errors" +) + +var ( + outputFile = flag.String("output", "ftd-processor.yml", "Output file") + filesetFieldsBase = "cisco.ftd" + tmpFieldsFieldsBase = "_temp_.cisco" +) + +const begin = `#******************************************************************************* +# Code generated by go generate. DO NOT EDIT. +#******************************************************************************* +` + +const end = `#******************************************************************************* +# End of generated code. +#******************************************************************************* +` + +const painless = `boolean isEmpty(def value) { + return (value instanceof AbstractList? value.size() : value.length()) == 0; +} +def appendOrCreate(Map dest, String[] path, def value) { + for (int i=0; i new HashMap()); + } + String key = path[path.length - 1]; + def existing = dest.get(key); + return existing == null? + dest.put(key, value) + : existing instanceof AbstractList? + existing.add(value) + : dest.put(key, new ArrayList([existing, value])); +} +def msg = ctx._temp_.orig_security; +def counters = new HashMap(); +def dest = new HashMap(); +ctx._temp_.cisco['security'] = dest; +for (entry in msg.entrySet()) { + def param = params.get(entry.getKey()); + if (param == null) { + continue; + } + param.getOrDefault('id', []).forEach( id -> counters[id] = 1 + counters.getOrDefault(id, 0) ); + if (!isEmpty(entry.getValue())) { + param.getOrDefault('ecs', []).forEach( field -> appendOrCreate(ctx, field.splitOnToken('.'), entry.getValue()) ); + dest[param.target] = entry.getValue(); + } +} +if (ctx._temp_.cisco.message_id != "") return; +def best; +for (entry in counters.entrySet()) { + if (best == null || best.getValue() < entry.getValue()) best = entry; +} +if (best != null) ctx._temp_.cisco.message_id = best.getKey(); +` + +type mappings struct { + If string + Params map[string]*fieldMapping + Lang string + Source string +} + +type fieldMapping struct { + name string + Target string + ID stringSet `yaml:",flow,omitempty"` + ECS stringSet `yaml:",flow,omitempty"` +} + +func main() { + if err := generate(); err != nil { + fmt.Fprintf(os.Stderr, "Error: %v\n", err) + os.Exit(2) + } +} + +func usage() { + fmt.Fprint(os.Stderr, "Usage: gen [-output file.yml] \n") + flag.PrintDefaults() + os.Exit(1) +} + +func generate() error { + flag.Usage = usage + flag.Parse() + if len(flag.Args()) == 0 || len(flag.Args()[0]) == 0 { + return errors.New("no csv file provided") + } + csvFile := flag.Args()[0] + fHandle, err := os.Open(csvFile) + if err != nil { + return fmt.Errorf("failed to open %s: %v", csvFile, err) + } + defer fHandle.Close() + + outHandle, err := os.Create(*outputFile) + if err != nil { + return fmt.Errorf("failed to create %s: %v", *outputFile, err) + } + defer outHandle.Close() + + mappings, err := loadMappings(fHandle) + if err != nil { + return fmt.Errorf("failed to load mappings from '%s': %v", csvFile, err) + } + mappings.If = "ctx._temp_?.orig_security != null" + mappings.Lang = "painless" + mappings.Source = painless + processors := []map[string]interface{}{ + { + "script": mappings, + }, + } + body, err := yaml.Marshal(processors) + if err != nil { + return fmt.Errorf("error marshalling output yaml: %v", err) + } + var content []byte + content = append(content, begin...) + content = append(content, body...) + content = append(content, end...) + n, err := outHandle.Write(content) + if err != nil { + return errors.Wrap(err, "failed writing output file") + } + if n != len(content) { + return fmt.Errorf("short write on output file. expected=%d, written=%d", len(content), n) + } + return nil +} + +func loadMappings(reader io.Reader) (m mappings, err error) { + csvReader := csv.NewReader(reader) + csvReader.FieldsPerRecord = -1 + allIDs := newStringSet(nil) + for lineNum := 1; ; lineNum++ { + record, err := csvReader.Read() + if err == io.EOF { + break + } + if err != nil { + return m, errors.Wrapf(err, "failed reading line %d", lineNum) + } + if len(record) < 3 { + return m, fmt.Errorf("line %d has unexpected number of columns: %d", lineNum, len(record)) + } + ids := newStringSet(record[1:2]) + m.merge(&fieldMapping{ + name: record[2], + ID: ids, + ECS: newStringSet(makeTempFields(record[3:])), + Target: snakeCase(record[2]), + }) + allIDs.merge(ids) + } + + // fields that are used by all IDs are equivalent to an empty ID list + for k := range m.Params { + if m.Params[k].ID.equal(allIDs) { + m.Params[k].ID = newStringSet(nil) + } + } + return m, nil +} + +func (m *mappings) merge(f *fieldMapping) { + if other, found := m.Params[f.name]; found { + other.ID.merge(f.ID) + other.ECS.merge(f.ECS) + return + } + if m.Params == nil { + m.Params = make(map[string]*fieldMapping) + } + m.Params[f.name] = f +} + +func makeTempFields(fields []string) []string { + for idx, field := range fields { + if strings.Index(field, filesetFieldsBase) == 0 { + fields[idx] = tmpFieldsFieldsBase + field[len(filesetFieldsBase):] + } + } + return fields +} + +func snakeCase(in string) string { + // This is copied from the netflow input with two changes: + // - handle spaces + // - treat digits as uppercase + if strings.ContainsRune(in, ' ') { + in = strings.ReplaceAll(in, " ", "_") + } + if strings.ContainsRune(in, '_') { + return strings.ToLower(in) + } + + out := make([]rune, 0, len(in)+4) + runes := []rune(in) + upperCount := 1 + for _, r := range runes { + lr := unicode.ToLower(r) + isUpper := lr != r || (r >= '0' && r <= '9') + if isUpper { + if upperCount == 0 { + out = append(out, '_') + } + upperCount++ + } else { + if upperCount > 2 { + // Some magic here: + // NetFlow usually lowercases all but the first letter of an + // acronym (Icmp) Except when it is 2 characters long: (IP). + // In other cases, it keeps all caps, but if we have a run of + // more than 2 uppercase chars, then the last char belongs to + // the next word: + // postNATSourceIPv4Address : post_nat_source_ipv4_address + // selectorIDTotalFlowsObserved : selector_id_total_flows_... + out = append(out, '_') + n := len(out) - 1 + out[n], out[n-1] = out[n-1], out[n] + } + upperCount = 0 + } + out = append(out, lr) + } + return string(out) +} diff --git a/filebeat/module/cisco/shared/gen.go b/filebeat/module/cisco/shared/gen.go new file mode 100644 index 00000000000..85fd1a40d50 --- /dev/null +++ b/filebeat/module/cisco/shared/gen.go @@ -0,0 +1,17 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package shared + +// These generators will output the following files for the FTD: +// - ecs-mapping-processor.yml, an ingest pipeline processor that maps FTD +// security event fields to ECS. +// - ecs-mapping-docs.asciidoc, asciidoc tables to document those mappings. +// +// This files are not picked up by the FTD module. When generated, you need to +// manually update the pipeline in ingest/asa-ftd-pipeline.yml +// and the asciidoc tables into ../_meta/docs.asciidoc. + +//go:generate go run gen-ftd-ecs-mapping.go stringset.go -output ecs-mapping-processor.yml security-mappings.csv +//go:generate go run gen-ecs-mapping-docs.go stringset.go -output ecs-mapping-docs.asciidoc security-mappings.csv diff --git a/filebeat/module/cisco/shared/ingest/asa-ftd-pipeline.yml b/filebeat/module/cisco/shared/ingest/asa-ftd-pipeline.yml new file mode 100644 index 00000000000..babf697616b --- /dev/null +++ b/filebeat/module/cisco/shared/ingest/asa-ftd-pipeline.yml @@ -0,0 +1,1282 @@ +--- +description: "Pipeline for Cisco {< .internal_PREFIX >} logs" +processors: + # + # Parse the syslog header + # + # This populates the host.hostname, process.name, timestamp and other fields + # from the header and stores the message contents in log.original. + - grok: + field: message + patterns: + - "(?:%{SYSLOG_HEADER})?\\s*%{GREEDYDATA:log.original}" + pattern_definitions: + SYSLOG_HEADER: "(?:%{SYSLOGFACILITY}\\s*)?(?:%{FTD_DATE:_temp_.raw_date}:?\\s+)?(?:%{PROCESS_HOST}|%{HOST_PROCESS})(?:{DATA})?%{SYSLOG_END}?" + SYSLOGFACILITY: "<%{NONNEGINT:syslog.facility:int}(?:.%{NONNEGINT:syslog.priority:int})?>" + # Beginning with version 6.3, Firepower Threat Defense provides the option to enable timestamp as per RFC 5424. + FTD_DATE: "(?:%{TIMESTAMP_ISO8601}|%{ASA_DATE})" + ASA_DATE: "(?:%{DAY} )?%{MONTH} *%{MONTHDAY}(?: %{YEAR})? %{TIME}(?: %{TZ})?" + PROCESS: "(?:[^%\\s:\\[]+)" + SYSLOG_END: "(?:(:|\\s)\\s+)" + # exactly match the syntax for firepower management logs + PROCESS_HOST: "(?:%{PROCESS:process.name}:\\s%{SYSLOGHOST:host.name})" + HOST_PROCESS: "(?:%{SYSLOGHOST:host.hostname}:?\\s+)?(?:%{PROCESS:process.name}?(?:\\[%{POSINT:process.pid:long}\\])?)?" + + # + # Parse FTD/ASA style message + # + # This parses the header of an EMBLEM-style message for FTD and ASA prefixes. + - grok: + field: log.original + patterns: + - "%{FTD_PREFIX}-(?:%{FTD_SUFFIX:_temp_.cisco.suffix}-)?%{NONNEGINT:event.severity:int}-%{POSINT:_temp_.cisco.message_id}?:?\\s*%{GREEDYDATA:message}" + # Before version 6.3, messages for connection, security intelligence, and intrusion events didn't include an event type ID in the message header. + - "%{GREEDYDATA:message}" + pattern_definitions: + FTD_SUFFIX: "[^0-9-]+" + # Before version 6.3, FTD used ASA prefix in syslog messages + FTD_PREFIX: "%{DATA}%(?:[A-Z]+)" + + # + # Create missing fields when no %FTD label is present + # + # message_id is needed in order for some processors below to work. + - set: + field: _temp_.cisco.message_id + value: "" + if: "ctx?._temp_?.cisco?.message_id == null" + + # + # set default event.severity to 7 (debug): + # + # This value is read from the EMBLEM header and won't be present if this is not + # an emblem message (firewalls can be configured to report other kinds of events) + # This has no effect unless var.log_level is above 7 (default) to filter some + # messages. + - set: + field: event.severity + value: 7 + if: "ctx?.event?.severity == null" + + # + # Drop messages above configured log_level + # + - drop: + if: "ctx.event.severity > {< .log_level >}" + + # + # Parse the date included in FTD logs + # + - date: + if: "ctx.event.timezone == null" + field: "_temp_.raw_date" + target_field: "@timestamp" + formats: + - "ISO8601" + - "MMM d HH:mm:ss" + - "MMM dd HH:mm:ss" + - "EEE MMM d HH:mm:ss" + - "EEE MMM dd HH:mm:ss" + - "MMM d HH:mm:ss z" + - "MMM dd HH:mm:ss z" + - "EEE MMM d HH:mm:ss z" + - "EEE MMM dd HH:mm:ss z" + - "MMM d yyyy HH:mm:ss" + - "MMM dd yyyy HH:mm:ss" + - "EEE MMM d yyyy HH:mm:ss" + - "EEE MMM dd yyyy HH:mm:ss" + - "MMM d yyyy HH:mm:ss z" + - "MMM dd yyyy HH:mm:ss z" + - "EEE MMM d yyyy HH:mm:ss z" + - "EEE MMM dd yyyy HH:mm:ss z" + on_failure: + [ + { + "append": + { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}", + }, + }, + ] + - date: + if: "ctx.event.timezone != null" + timezone: "{{ event.timezone }}" + field: "_temp_.raw_date" + target_field: "@timestamp" + formats: + - "ISO8601" + - "MMM d HH:mm:ss" + - "MMM dd HH:mm:ss" + - "EEE MMM d HH:mm:ss" + - "EEE MMM dd HH:mm:ss" + - "MMM d HH:mm:ss z" + - "MMM dd HH:mm:ss z" + - "EEE MMM d HH:mm:ss z" + - "EEE MMM dd HH:mm:ss z" + - "MMM d yyyy HH:mm:ss" + - "MMM dd yyyy HH:mm:ss" + - "EEE MMM d yyyy HH:mm:ss" + - "EEE MMM dd yyyy HH:mm:ss" + - "MMM d yyyy HH:mm:ss z" + - "MMM dd yyyy HH:mm:ss z" + - "EEE MMM d yyyy HH:mm:ss z" + - "EEE MMM dd yyyy HH:mm:ss z" + on_failure: + [ + { + "append": + { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}", + }, + }, + ] + + # + # Set log.level + # + - set: + field: "log.level" + if: "ctx.event.severity == 0" + value: unknown + - set: + field: "log.level" + if: "ctx.event.severity == 1" + value: alert + - set: + field: "log.level" + if: "ctx.event.severity == 2" + value: critical + - set: + field: "log.level" + if: "ctx.event.severity == 3" + value: error + - set: + field: "log.level" + if: "ctx.event.severity == 4" + value: warning + - set: + field: "log.level" + if: "ctx.event.severity == 5" + value: notification + - set: + field: "log.level" + if: "ctx.event.severity == 6" + value: informational + - set: + field: "log.level" + if: "ctx.event.severity == 7" + value: debug + + # + # Firewall messages + # + # This set of messages is shared between FTD and ASA. + - set: + if: 'ctx._temp_.cisco.message_id != ""' + field: "event.action" + value: "firewall-rule" + - dissect: + if: "ctx._temp_.cisco.message_id == '106001'" + field: "message" + pattern: "%{network.direction} %{network.transport} connection %{event.outcome} from %{source.address}/%{source.port} to %{destination.address}/%{destination.port} flags %{} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106002'" + field: "message" + pattern: "%{network.transport} Connection %{event.outcome} by %{network.direction} list %{_temp_.cisco.list_id} src %{source.address} dest %{destination.address}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106006'" + field: "message" + pattern: "%{event.outcome} %{network.direction} %{network.transport} from %{source.address}/%{source.port} to %{destination.address}/%{destination.port} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106007'" + field: "message" + pattern: "%{event.outcome} %{network.direction} %{network.transport} from %{source.address}/%{source.port} to %{destination.address}/%{destination.port} due to %{network.protocol} %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106010'" + field: "message" + pattern: "%{event.outcome} %{network.direction} %{network.transport} src %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} %{} dst %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106013'" + field: "message" + pattern: "Dropping echo request from %{source.address} to PAT address %{destination.address}" + - set: + if: "ctx._temp_.cisco.message_id == '106013'" + field: "network.transport" + value: icmp + - set: + if: "ctx._temp_.cisco.message_id == '106013'" + field: "network.direction" + value: inbound + - dissect: + if: "ctx._temp_.cisco.message_id == '106014'" + field: "message" + pattern: "%{event.outcome} %{network.direction} %{network.transport} src %{_temp_.cisco.source_interface}:%{source.address} %{}dst %{_temp_.cisco.destination_interface}:%{destination.address} %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106015'" + field: "message" + pattern: "%{event.outcome} %{network.transport} (no connection) from %{source.address}/%{source.port} to %{destination.address}/%{destination.port} flags %{} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106016'" + field: "message" + pattern: "%{event.outcome} IP spoof from (%{source.address}) to %{destination.address} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106017'" + field: "message" + pattern: "%{event.outcome} IP due to Land Attack from %{source.address} to %{destination.address}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106018'" + field: "message" + pattern: "%{network.transport} packet type %{_temp_.cisco.icmp_type} %{event.outcome} by %{network.direction} list %{_temp_.cisco.list_id} src %{source.address} dest %{destination.address}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106020'" + field: "message" + pattern: "%{event.outcome} IP teardrop fragment (size = %{}, offset = %{}) from %{source.address} to %{destination.address}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106021'" + field: "message" + pattern: "%{event.outcome} %{network.transport} reverse path check from %{source.address} to %{destination.address} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106022'" + field: "message" + pattern: "%{event.outcome} %{network.transport} connection spoof from %{source.address} to %{destination.address} on interface %{_temp_.cisco.source_interface}" + - grok: + if: "ctx._temp_.cisco.message_id == '106023'" + field: "message" + patterns: + - ^%{NOTSPACE:event.outcome} %{NOTSPACE:network.transport} src %{NOTSPACE:_temp_.cisco.source_interface}:%{IPORHOST:source.address}(/%{POSINT:source.port})?\s*(%{GREEDYDATA:_temp_.cisco.source_username} )?dst %{NOTSPACE:_temp_.cisco.destination_interface}:%{IPORHOST:destination.address}(/%{POSINT:destination.port})?%{DATA}by access.group "%{NOTSPACE:_temp_.cisco.list_id}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106027'" + field: "message" + pattern: '%{} %{event.outcome} src %{source.address} dst %{destination.address} by access-group "%{_temp_.cisco.list_id}"' + - dissect: + if: "ctx._temp_.cisco.message_id == '106100'" + field: "message" + pattern: "access-list %{_temp_.cisco.list_id} %{event.outcome} %{network.transport} %{_temp_.cisco.source_interface}/%{source.address}(%{source.port}) -> %{_temp_.cisco.destination_interface}/%{destination.address}(%{destination.port}) %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106102'" + field: "message" + pattern: "access-list %{_temp_.cisco.list_id} %{event.outcome} %{network.transport} for user %{_temp_.cisco.username} %{_temp_.cisco.source_interface}/%{source.address} %{source.port} %{_temp_.cisco.destination_interface}/%{destination.address} %{destination.port} %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106103'" + field: "message" + pattern: "access-list %{_temp_.cisco.list_id} %{event.outcome} %{network.transport} for user %{_temp_.cisco.username} %{_temp_.cisco.source_interface}/%{source.address} %{source.port} %{_temp_.cisco.destination_interface}/%{destination.address} %{destination.port} %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '304001'" + field: "message" + pattern: "%{source.address} %{}ccessed URL %{destination.address}:%{url.original}" + - set: + if: "ctx._temp_.cisco.message_id == '304001'" + field: "event.outcome" + value: allow + - dissect: + if: "ctx._temp_.cisco.message_id == '304002'" + field: "message" + pattern: "Access %{event.outcome} URL %{url.original} SRC %{source.address} %{}EST %{destination.address} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '313001'" + field: "message" + pattern: "%{event.outcome} %{network.transport} type=%{_temp_.cisco.icmp_type}, code=%{_temp_.cisco.icmp_code} from %{source.address} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '313004'" + field: "message" + pattern: "%{event.outcome} %{network.transport} type=%{_temp_.cisco.icmp_type}, from%{}addr %{source.address} on interface %{_temp_.cisco.source_interface} to %{destination.address}: no matching session" + - dissect: + if: "ctx._temp_.cisco.message_id == '313005'" + field: "message" + pattern: "No matching connection for %{network.transport} error message: %{} on %{_temp_.cisco.source_interface} interface.%{}riginal IP payload: %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '313008'" + field: "message" + pattern: "%{event.outcome} %{network.transport} type=%{_temp_.cisco.icmp_type} , code=%{_temp_.cisco.icmp_code} from %{source.address} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '313009'" + field: "message" + pattern: "%{event.outcome} invalid %{network.transport} code %{_temp_.cisco.icmp_code} , for %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '322001'" + field: "message" + pattern: "%{event.outcome} MAC address %{source.mac}, possible spoof attempt on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338001'" + field: "message" + pattern: "Dynamic filter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - set: + if: "ctx._temp_.cisco.message_id == '338001'" + field: "server.domain" + value: "{{source.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338002'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}" + - set: + if: "ctx._temp_.cisco.message_id == '338002'" + field: "server.domain" + value: "{{destination.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338003'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338004'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338005'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - set: + if: "ctx._temp_.cisco.message_id == '338005'" + field: "server.domain" + value: "{{source.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338006'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - set: + if: "ctx._temp_.cisco.message_id == '338006'" + field: "server.domain" + value: "{{destination.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338007'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338008'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338101'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} white%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}" + - set: + if: "ctx._temp_.cisco.message_id == '338101'" + field: "server.domain" + value: "{{source.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338102'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} white%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}" + - set: + if: "ctx._temp_.cisco.message_id == '338102'" + field: "server.domain" + value: "{{destination.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338103'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} white%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338104'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} white%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338201'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} grey%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - set: + if: "ctx._temp_.cisco.message_id == '338201'" + field: "server.domain" + value: "{{source.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338202'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} grey%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - set: + if: "ctx._temp_.cisco.message_id == '338202'" + field: "server.domain" + value: "{{destination.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338203'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} grey%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - set: + if: "ctx._temp_.cisco.message_id == '338203'" + field: "server.domain" + value: "{{source.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338204'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} grey%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - set: + if: "ctx._temp_.cisco.message_id == '338204'" + field: "server.domain" + value: "{{destination.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338301'" + field: "message" + pattern: "Intercepted DNS reply for domain %{source.domain} from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port}, matched %{_temp_.cisco.list_id}" + - set: + if: "ctx._temp_.cisco.message_id == '338301'" + field: "client.address" + value: "{{destination.address}}" + - set: + if: "ctx._temp_.cisco.message_id == '338301'" + field: "client.port" + value: "{{destination.port}}" + - set: + if: "ctx._temp_.cisco.message_id == '338301'" + field: "server.address" + value: "{{source.address}}" + - set: + if: "ctx._temp_.cisco.message_id == '338301'" + field: "server.port" + value: "{{source.port}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '734001'" + field: "message" + pattern: "DAP: User %{user.email}, Addr %{source.address}, Connection %{_temp_.cisco.connection_type}: The following DAP records were selected for this connection: %{_temp_.cisco.dap_records->}" + - split: + field: "_temp_.cisco.dap_records" + separator: ",\\s+" + ignore_missing: true + + # + # Handle 302xxx messages (Flow expiration a.k.a "Teardown") + # + - set: + if: '["302014", "302016", "302018", "302021", "302036", "302304", "302306"].contains(ctx._temp_.cisco.message_id)' + field: "event.action" + value: "flow-expiration" + - grok: + field: "message" + if: '["302014", "302016", "302018", "302021", "302036", "302304", "302306"].contains(ctx._temp_.cisco.message_id)' + patterns: + - Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.source_username} )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.destination_username} )?(?:duration %{TIME:_temp_.duration_hms} bytes %{NUMBER:network.bytes:int})%{GREEDYDATA} + - Teardown %{NOTSPACE:network.transport} connection for faddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSDESTIPORHOST}/%{NUMBER}\s*(?:%{NOTSPACE:_temp_.cisco.destination_username} )?gaddr (?:%{NOTCOLON}:)?%{MAPPEDSRC}/%{NUMBER} laddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSSOURCEIPORHOST}/%{NUMBER}\s*(?:%{NOTSPACE:_temp_.cisco.source_username})?%{GREEDYDATA} + pattern_definitions: + NOTCOLON: "[^:]*" + ECSSOURCEIPORHOST: "(?:%{IP:source.address}|%{HOSTNAME:source.domain})" + ECSDESTIPORHOST: "(?:%{IP:destination.address}|%{HOSTNAME:destination.domain})" + MAPPEDSRC: "(?:%{DATA:_temp_.cisco.mapped_source_ip}|%{HOSTNAME})" + + # + # Decode FTD's Security Event Syslog Messages + # + # 43000x messages are security event syslog messages specific to FTD. + # Format is a comma-separated sequence of key: value pairs. + # + # The result of this decoding is saved as _temp_.orig_security.{Key}: {Value} + - kv: + if: '["430001", "430002", "430003", "430004", "430005", ""].contains(ctx._temp_.cisco.message_id)' + field: "message" + field_split: ",(?=[A-za-z1-9\\s]+:)" + value_split: ":" + target_field: "_temp_.orig_security" + trim_key: " " + trim_value: " " + ignore_failure: true + + # + # Remove message. + # + # The field has been used as temporary buffer while decoding. The full message + # is kept log.original. Processors below can still add a message field, as some + # security events contain an explanatory Message field. + - remove: + field: + - message + ignore_missing: true + + # + # Populate ECS fields from Security Events + # + # This script uses the key-value pairs from Security Events to populate + # the appropriate ECS fields. + # + # A single key can be mapped to multiple ECS fields, and more than one key can + # map to the same ECS field, which results in an array being created. + # + # This script performs an additional job: + # + # Before FTD version 6.3, the message_id was not included in Security Events. + # As this field encodes the kind of event (intrusion, connection, malware...) + # the script below will guess the right message_id from the keys present in + # the event. + # + # The reason for overloading this script with different behaviors is + # that this pipeline is already reaching the limit on script compilations. + # + #******************************************************************************* + # Code generated by go generate. DO NOT EDIT. + #******************************************************************************* + - script: + if: ctx._temp_?.orig_security != null + params: + ACPolicy: + target: ac_policy + id: ["430001", "430002", "430003"] + ecs: [_temp_.cisco.rule_name] + AccessControlRuleAction: + target: access_control_rule_action + id: ["430002", "430003"] + ecs: [event.outcome] + AccessControlRuleName: + target: access_control_rule_name + id: ["430002", "430003"] + ecs: [_temp_.cisco.rule_name] + AccessControlRuleReason: + target: access_control_rule_reason + id: ["430002", "430003"] + ApplicationProtocol: + target: application_protocol + ecs: [network.protocol] + ArchiveDepth: + target: archive_depth + id: ["430004", "430005"] + ArchiveFileName: + target: archive_file_name + id: ["430004", "430005"] + ecs: [file.name] + ArchiveFileStatus: + target: archive_file_status + id: ["430004", "430005"] + ArchiveSHA256: + target: archive_sha256 + id: ["430004", "430005"] + ecs: [file.hash.sha256] + Classification: + target: classification + id: ["430001"] + Client: + target: client + ecs: [network.application] + ClientVersion: + target: client_version + id: ["430002", "430003"] + ConnectionDuration: + target: connection_duration + id: ["430003"] + ecs: [event.duration] + DNS_Sinkhole: + target: dns_sinkhole + id: ["430002", "430003"] + DNS_TTL: + target: dns_ttl + id: ["430002", "430003"] + DNSQuery: + target: dns_query + id: ["430002", "430003"] + ecs: [dns.question.name] + DNSRecordType: + target: dns_record_type + id: ["430002", "430003"] + ecs: [dns.question.type] + DNSResponseType: + target: dns_response_type + id: ["430002", "430003"] + ecs: [dns.response_code] + DNSSICategory: + target: dnssi_category + id: ["430002", "430003"] + DstIP: + target: dst_ip + ecs: [destination.address] + DstPort: + target: dst_port + ecs: [destination.port] + EgressInterface: + target: egress_interface + id: ["430001", "430002", "430003"] + ecs: [_temp_.cisco.destination_interface] + EgressZone: + target: egress_zone + id: ["430001", "430002", "430003"] + Endpoint Profile: + target: endpoint_profile + id: ["430002", "430003"] + FileAction: + target: file_action + id: ["430004", "430005"] + FileCount: + target: file_count + id: ["430002", "430003"] + FileDirection: + target: file_direction + id: ["430004", "430005"] + FileName: + target: file_name + id: ["430004", "430005"] + ecs: [file.name] + FilePolicy: + target: file_policy + id: ["430004", "430005"] + ecs: [_temp_.cisco.rule_name] + FileSHA256: + target: file_sha256 + id: ["430004", "430005"] + ecs: [file.hash.sha256] + FileSandboxStatus: + target: file_sandbox_status + id: ["430004", "430005"] + FileSize: + target: file_size + id: ["430004", "430005"] + ecs: [file.size] + FileStorageStatus: + target: file_storage_status + id: ["430004", "430005"] + FileType: + target: file_type + id: ["430004", "430005"] + FirstPacketSecond: + target: first_packet_second + id: ["430004", "430005"] + ecs: [event.start] + GID: + target: gid + id: ["430001"] + ecs: [service.id] + HTTPReferer: + target: http_referer + id: ["430002", "430003"] + ecs: [http.request.referrer] + HTTPResponse: + target: http_response + id: ["430001", "430002", "430003"] + ecs: [http.response.status_code] + ICMPCode: + target: icmp_code + id: ["430001", "430002", "430003"] + ICMPType: + target: icmp_type + id: ["430001", "430002", "430003"] + IPReputationSICategory: + target: ip_reputation_si_category + id: ["430002", "430003"] + IPSCount: + target: ips_count + id: ["430002", "430003"] + IngressInterface: + target: ingress_interface + id: ["430001", "430002", "430003"] + ecs: [_temp_.cisco.source_interface] + IngressZone: + target: ingress_zone + id: ["430001", "430002", "430003"] + InitiatorBytes: + target: initiator_bytes + id: ["430003"] + ecs: [source.bytes] + InitiatorPackets: + target: initiator_packets + id: ["430003"] + ecs: [source.packets] + InlineResult: + target: inline_result + id: ["430001"] + ecs: [event.outcome] + IntrusionPolicy: + target: intrusion_policy + id: ["430001"] + ecs: [_temp_.cisco.rule_name] + MPLS_Label: + target: mpls_label + id: ["430001"] + Message: + target: message + id: ["430001"] + ecs: [message] + NAPPolicy: + target: nap_policy + id: ["430001", "430002", "430003"] + NetBIOSDomain: + target: net_bios_domain + id: ["430002", "430003"] + ecs: [host.hostname] + NumIOC: + target: num_ioc + id: ["430001"] + Prefilter Policy: + target: prefilter_policy + id: ["430002", "430003"] + Priority: + target: priority + id: ["430001"] + Protocol: + target: protocol + ecs: [network.transport] + ReferencedHost: + target: referenced_host + id: ["430002", "430003"] + ecs: [url.domain] + ResponderBytes: + target: responder_bytes + id: ["430003"] + ecs: [destination.bytes] + ResponderPackets: + target: responder_packets + id: ["430003"] + ecs: [destination.packets] + Revision: + target: revision + id: ["430001"] + SHA_Disposition: + target: sha_disposition + id: ["430004", "430005"] + SID: + target: sid + id: ["430001"] + SSLActualAction: + target: ssl_actual_action + ecs: [event.outcome] + SSLCertificate: + target: ssl_certificate + id: ["430002", "430003", "430004", "430005"] + SSLExpectedAction: + target: ssl_expected_action + id: ["430002", "430003"] + SSLFlowStatus: + target: ssl_flow_status + id: ["430002", "430003", "430004", "430005"] + SSLPolicy: + target: ssl_policy + id: ["430002", "430003"] + SSLRuleName: + target: ssl_rule_name + id: ["430002", "430003"] + SSLServerCertStatus: + target: ssl_server_cert_status + id: ["430002", "430003"] + SSLServerName: + target: ssl_server_name + id: ["430002", "430003"] + ecs: [server.domain] + SSLSessionID: + target: ssl_session_id + id: ["430002", "430003"] + SSLTicketID: + target: ssl_ticket_id + id: ["430002", "430003"] + SSLURLCategory: + target: sslurl_category + id: ["430002", "430003"] + SSLVersion: + target: ssl_version + id: ["430002", "430003"] + SSSLCipherSuite: + target: sssl_cipher_suite + id: ["430002", "430003"] + SecIntMatchingIP: + target: sec_int_matching_ip + id: ["430002", "430003"] + Security Group: + target: security_group + id: ["430002", "430003"] + SperoDisposition: + target: spero_disposition + id: ["430004", "430005"] + SrcIP: + target: src_ip + ecs: [source.address] + SrcPort: + target: src_port + ecs: [source.port] + TCPFlags: + target: tcp_flags + id: ["430002", "430003"] + ThreatName: + target: threat_name + id: ["430005"] + ecs: [_temp_.cisco.threat_category] + ThreatScore: + target: threat_score + id: ["430005"] + ecs: [_temp_.cisco.threat_level] + Tunnel or Prefilter Rule: + target: tunnel_or_prefilter_rule + id: ["430002", "430003"] + URI: + target: uri + id: ["430004", "430005"] + ecs: [url.original] + URL: + target: url + id: ["430002", "430003"] + ecs: [url.original] + URLCategory: + target: url_category + id: ["430002", "430003"] + URLReputation: + target: url_reputation + id: ["430002", "430003"] + URLSICategory: + target: urlsi_category + id: ["430002", "430003"] + User: + target: user + ecs: [user.id, user.name] + UserAgent: + target: user_agent + id: ["430002", "430003"] + ecs: [user_agent.original] + VLAN_ID: + target: vlan_id + id: ["430001", "430002", "430003"] + WebApplication: + target: web_application + ecs: [network.application] + originalClientSrcIP: + target: original_client_src_ip + id: ["430002", "430003"] + ecs: [client.address] + lang: painless + source: | + boolean isEmpty(def value) { + return (value instanceof AbstractList? value.size() : value.length()) == 0; + } + def appendOrCreate(Map dest, String[] path, def value) { + for (int i=0; i new HashMap()); + } + String key = path[path.length - 1]; + def existing = dest.get(key); + return existing == null? + dest.put(key, value) + : existing instanceof AbstractList? + existing.add(value) + : dest.put(key, new ArrayList([existing, value])); + } + def msg = ctx._temp_.orig_security; + def counters = new HashMap(); + def dest = new HashMap(); + ctx._temp_.cisco['security'] = dest; + for (entry in msg.entrySet()) { + def param = params.get(entry.getKey()); + if (param == null) { + continue; + } + param.getOrDefault('id', []).forEach( id -> counters[id] = 1 + counters.getOrDefault(id, 0) ); + if (!isEmpty(entry.getValue())) { + param.getOrDefault('ecs', []).forEach( field -> appendOrCreate(ctx, field.splitOnToken('.'), entry.getValue()) ); + dest[param.target] = entry.getValue(); + } + } + if (ctx._temp_.cisco.message_id != "") return; + def best; + for (entry in counters.entrySet()) { + if (best == null || best.getValue() < entry.getValue()) best = entry; + } + if (best != null) ctx._temp_.cisco.message_id = best.getKey(); + #******************************************************************************* + # End of generated code. + #******************************************************************************* + + # + # Normalize ECS field values + # + - script: + lang: painless + params: + "ctx._temp_.cisco.message_id": + target: event.action + map: + "430001": intrusion-detected + "430002": connection-started + "430003": connection-finished + "430004": file-detected + "430005": malware-detected + + "dns.question.type": + map: + "a host address": A + "ip6 address": AAAA + "text strings": TXT + "a domain name pointer": PTR + "an authoritative name server": NS + "the canonical name for an alias": CNAME + "marks the start of a zone of authority": SOA + "mail exchange": MX + "server selection": SRV + + "dns.response_code": + map: + "non-existent domain": NXDOMAIN + "server failure": SERVFAIL + "query refused": REFUSED + "no error": NOERROR + + source: | + def getField(Map src, String[] path) { + for (int i=0; i new HashMap()); + } + dest[path[path.length-1]] = value; + } + for (entry in params.entrySet()) { + def srcField = entry.getKey(); + def param = entry.getValue(); + String oldVal = getField(ctx, srcField.splitOnToken('.')); + if (oldVal == null) continue; + def newVal = param.map?.getOrDefault(oldVal.toLowerCase(), null); + if (newVal != null) { + def dstField = param.getOrDefault('target', srcField); + setField(ctx, dstField.splitOnToken('.'), newVal); + } + } + + - set: + if: "ctx.dns?.question?.type != null && ctx.dns?.response_code == null" + field: dns.response_code + value: NOERROR + + - set: + if: 'ctx._temp_.cisco.message_id == "430001"' + field: event.action + value: intrusion-detected + - set: + if: 'ctx._temp_.cisco.message_id == "430002"' + field: event.action + value: connection-started + - set: + if: 'ctx._temp_.cisco.message_id == "430003"' + field: event.action + value: connection-finished + - set: + if: 'ctx._temp_.cisco.message_id == "430004"' + field: event.action + value: file-detected + - set: + if: 'ctx._temp_.cisco.message_id == "430005"' + field: event.action + value: malware-detected + + # + # Handle event.duration + # + # It can be set from ConnectionDuration FTD field above. This field holds + # seconds as a string. Copy it to _temp_.duration_hms so that the following + # processor converts it to the right value and populates start and end. + - set: + field: "_temp_.duration_hms" + value: "{{event.duration}}" + if: "ctx.event?.duration != null" + + # + # Process the flow duration "hh:mm:ss" present in some messages + # This will fill event.start, event.end and event.duration + # + - script: + lang: painless + if: "ctx?._temp_?.duration_hms != null" + source: > + long parse_hms(String s) { + long cur = 0, total = 0; + for (char c: s.toCharArray()) { + if (c >= (char)'0' && c <= (char)'9') { + cur = (cur*10) + (long)c - (char)'0'; + } else if (c == (char)':') { + total = (total + cur) * 60; + cur = 0; + } else { + return 0; + } + } + return total + cur; + } + if (ctx?.event == null) { + ctx['event'] = new HashMap(); + } + String end = ctx['@timestamp']; + ctx.event['end'] = end; + long nanos = parse_hms(ctx._temp_.duration_hms) * 1000000000L; + ctx.event['duration'] = nanos; + ctx.event['start'] = ZonedDateTime.ofInstant( + Instant.parse(end).minusNanos(nanos), + ZoneOffset.UTC); + + # + # Normalize protocol names + # + - lowercase: + field: "network.transport" + ignore_failure: true + - lowercase: + field: "network.protocol" + ignore_failure: true + - lowercase: + field: "network.application" + ignore_failure: true + - lowercase: + field: "file.type" + ignore_failure: true + - lowercase: + field: "network.direction" + ignore_failure: true + + # + # Populate network.iana_number from network.transport. Also does reverse + # mapping in case network.transport contains the iana_number. + # + - script: + if: "ctx?.network?.transport != null" + lang: painless + params: + icmp: 1 + igmp: 2 + ipv4: 4 + tcp: 6 + egp: 8 + igp: 9 + pup: 12 + udp: 17 + rdp: 27 + irtp: 28 + dccp: 33 + idpr: 35 + ipv6: 41 + ipv6-route: 43 + ipv6-frag: 44 + rsvp: 46 + gre: 47 + esp: 50 + ipv6-icmp: 58 + ipv6-nonxt: 59 + ipv6-opts: 60 + source: > + def net = ctx.network; + def iana = params[net.transport]; + if (iana != null) { + net['iana_number'] = iana; + return; + } + def reverse = new HashMap(); + def[] arr = new def[] { null }; + for (entry in params.entrySet()) { + arr[0] = entry.getValue(); + reverse.put(String.format("%d", arr), entry.getKey()); + } + def trans = reverse[net.transport]; + if (trans != null) { + net['iana_number'] = net.transport; + net['transport'] = trans; + } + + # + # Normalize event.outcome + # + - lowercase: + field: "event.outcome" + ignore_missing: true + - set: + field: "event.outcome" + if: 'ctx.event?.outcome == "est-allowed"' + value: allow + - set: + field: "event.outcome" + if: 'ctx.event?.outcome == "permitted"' + value: allow + - set: + field: "event.outcome" + if: 'ctx.event?.outcome == "denied"' + value: deny + - set: + field: "event.outcome" + if: 'ctx.event?.outcome == "dropped"' + value: deny + + - set: + field: "network.transport" + if: 'ctx.network?.transport == "icmpv6"' + value: "ipv6-icmp" + + # + # Convert integer fields, as output of dissect and kv processors is always a string + # + - convert: + field: "source.port" + type: integer + ignore_failure: true + - convert: + field: "destination.port" + type: integer + ignore_failure: true + - convert: + field: "source.bytes" + type: integer + ignore_failure: true + - convert: + field: "destination.bytes" + type: integer + ignore_failure: true + - convert: + field: "source.packets" + type: integer + ignore_failure: true + - convert: + field: "destination.packets" + type: integer + ignore_failure: true + - convert: + field: "_temp_.cisco.mapped_source_port" + type: integer + ignore_failure: true + - convert: + field: "_temp_.cisco.mapped_destination_port" + type: integer + ignore_failure: true + - convert: + field: "_temp_.cisco.icmp_code" + type: integer + ignore_failure: true + - convert: + field: "_temp_.cisco.icmp_type" + type: integer + ignore_failure: true + - convert: + field: "network.iana_number" + type: integer + ignore_failure: true + + # + # Assign ECS .ip fields from .address is a valid IP address is found, + # otherwise set .domain field. + # + - grok: + field: source.address + patterns: + - "(?:%{IP:source.ip}|%{GREEDYDATA:source.domain})" + ignore_failure: true + - grok: + field: destination.address + patterns: + - "(?:%{IP:destination.ip}|%{GREEDYDATA:destination.domain})" + ignore_failure: true + - grok: + field: client.address + patterns: + - "(?:%{IP:client.ip}|%{GREEDYDATA:client.domain})" + ignore_failure: true + - grok: + field: server.address + patterns: + - "(?:%{IP:server.ip}|%{GREEDYDATA:server.domain})" + ignore_failure: true + + # + # Geolocation for source and destination addresses + # + - geoip: + field: "source.ip" + target_field: "source.geo" + ignore_missing: true + - geoip: + field: "destination.ip" + target_field: "destination.geo" + ignore_missing: true + + # + # IP Autonomous System (AS) Lookup + # + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + + # + # NAT fields + # + # The firewall always populates mapped ip and port even if there was no NAT. + # This populates both nat.ip and nat.port only when some translation is done. + # Fills nat.ip and nat.port even when only the ip or port changed. + - set: + field: source.nat.ip + value: "{{_temp_.cisco.mapped_source_ip}}" + if: "ctx._temp_.cisco.mapped_source_ip != null && (ctx._temp_.cisco.mapped_source_ip != ctx.source.ip || ctx._temp_.cisco.mapped_source_port != ctx.source.port)" + - set: + field: source.nat.port + value: "{{_temp_.cisco.mapped_source_port}}" + if: "ctx._temp_.cisco.mapped_source_port != null && (ctx._temp_.cisco.mapped_source_ip != ctx.source.ip || ctx._temp_.cisco.mapped_source_port != ctx.source.port)" + - set: + field: destination.nat.ip + value: "{{_temp_.cisco.mapped_destination_ip}}" + if: "ctx._temp_.cisco.mapped_destination_ip != null && (ctx._temp_.cisco.mapped_destination_ip != ctx.destination.ip || ctx._temp_.cisco.mapped_destination_port != ctx.destination.port)" + - set: + field: destination.nat.port + value: "{{_temp_.cisco.mapped_destination_port}}" + if: "ctx._temp_.cisco.mapped_destination_port != null && (ctx._temp_.cisco.mapped_destination_ip != ctx.destination.ip || ctx._temp_.cisco.mapped_destination_port != ctx.destination.port)" + + # + # Populate ECS event.code + # + - convert: + field: _temp_.cisco.message_id + target_field: event.code + type: integer + ignore_failure: true + + - remove: + field: + - _temp_.cisco.message_id + - event.code + if: 'ctx._temp_.cisco.message_id == ""' + ignore_failure: true + + # + # Copy _temp_.cisco to its final destination, cisco.asa or cisco.ftd. + # + - rename: + field: _temp_.cisco + target_field: "cisco.{< .internal_prefix >}" + ignore_failure: true + + # + # Remove temporary fields + # + - remove: + field: _temp_ + ignore_missing: true + + # + # Rename some 7.x fields + # + - rename: + field: log.original + target_field: event.original + ignore_missing: true + - rename: + field: cisco.{< .internal_prefix >}.list_id + target_field: cisco.{< .internal_prefix >}.rule_name + ignore_missing: true + +on_failure: + - append: + field: "error.message" + value: "{{ _ingest.on_failure_message }}" diff --git a/filebeat/module/cisco/shared/security-mappings.csv b/filebeat/module/cisco/shared/security-mappings.csv new file mode 100644 index 00000000000..532b888f85d --- /dev/null +++ b/filebeat/module/cisco/shared/security-mappings.csv @@ -0,0 +1,215 @@ +intrusion,430001,ACPolicy, +intrusion,430001,ApplicationProtocol,network.protocol +intrusion,430001,Classification, +intrusion,430001,Client, +intrusion,430001,DstIP,destination.address +intrusion,430001,DstPort,destination.port +intrusion,430001,EgressInterface,cisco.ftd.destination_interface +intrusion,430001,EgressZone, +intrusion,430001,GID,service.id +intrusion,430001,HTTPResponse,http.response.status_code +intrusion,430001,ICMPCode, +intrusion,430001,ICMPType, +intrusion,430001,IngressInterface,cisco.ftd.source_interface +intrusion,430001,IngressZone, +intrusion,430001,InlineResult,event.outcome +intrusion,430001,IntrusionPolicy,cisco.ftd.rule_name +intrusion,430001,MPLS_Label, +intrusion,430001,Message,message +intrusion,430001,NAPPolicy, +intrusion,430001,NumIOC, +intrusion,430001,Priority, +intrusion,430001,Protocol,network.transport +intrusion,430001,Revision, +intrusion,430001,SID, +intrusion,430001,SSLActualAction, +intrusion,430001,SrcIP,source.address +intrusion,430001,SrcPort,source.port +intrusion,430001,User,user.id,user.name +intrusion,430001,VLAN_ID, +intrusion,430001,WebApplication,network.application +flow_start,430002,AccessControlRuleAction,event.outcome +flow_start,430002,AccessControlRuleName,cisco.ftd.rule_name +flow_start,430002,AccessControlRuleReason, +flow_start,430002,ACPolicy,cisco.ftd.rule_name +flow_start,430002,ApplicationProtocol,network.protocol +flow_start,430002,Client, +flow_start,430002,ClientVersion, +flow_start,430002,DNS_Sinkhole, +flow_start,430002,DNS_TTL, +flow_start,430002,DNSQuery,dns.question.name +flow_start,430002,DNSRecordType,dns.question.type +flow_start,430002,DNSResponseType,dns.response_code +flow_start,430002,DNSSICategory, +flow_start,430002,DstIP,destination.address +flow_start,430002,DstPort,destination.port +flow_start,430002,EgressInterface,cisco.ftd.destination_interface +flow_start,430002,EgressZone, +flow_start,430002,Endpoint Profile, +flow_start,430002,FileCount, +flow_start,430002,HTTPReferer,http.request.referrer +flow_start,430002,HTTPResponse,http.response.status_code +flow_start,430002,ICMPCode, +flow_start,430002,ICMPType, +flow_start,430002,IngressInterface,cisco.ftd.source_interface +flow_start,430002,IngressZone, +flow_start,430002,IPReputationSICategory, +flow_start,430002,IPSCount, +flow_start,430002,NAPPolicy, +flow_start,430002,NetBIOSDomain,host.hostname +flow_start,430002,originalClientSrcIP,client.address +flow_start,430002,Prefilter Policy, +flow_start,430002,Protocol,network.transport +flow_start,430002,ReferencedHost,url.domain +flow_start,430002,SecIntMatchingIP, +flow_start,430002,Security Group, +flow_start,430002,SrcIP,source.address +flow_start,430002,SrcPort,source.port +flow_start,430002,SSLActualAction,event.outcome +flow_start,430002,SSLCertificate, +flow_start,430002,SSLExpectedAction, +flow_start,430002,SSLFlowStatus, +flow_start,430002,SSLPolicy, +flow_start,430002,SSLRuleName, +flow_start,430002,SSLServerCertStatus, +flow_start,430002,SSLServerName,server.domain +flow_start,430002,SSLSessionID, +flow_start,430002,SSLTicketID, +flow_start,430002,SSLURLCategory, +flow_start,430002,SSLVersion, +flow_start,430002,SSSLCipherSuite, +flow_start,430002,TCPFlags, +flow_start,430002,Tunnel or Prefilter Rule, +flow_start,430002,URL,url.original +flow_start,430002,URLCategory, +flow_start,430002,URLReputation, +flow_start,430002,URLSICategory, +flow_start,430002,User,user.name +flow_start,430002,UserAgent,user_agent.original +flow_start,430002,VLAN_ID, +flow_start,430002,WebApplication,network.application +flow_end,430003,AccessControlRuleAction,event.outcome +flow_end,430003,AccessControlRuleName,cisco.ftd.rule_name +flow_end,430003,AccessControlRuleReason, +flow_end,430003,ACPolicy,cisco.ftd.rule_name +flow_end,430003,ApplicationProtocol,network.protocol +flow_end,430003,Client, +flow_end,430003,ClientVersion, +flow_end,430003,ConnectionDuration,event.duration +flow_end,430003,DNS_Sinkhole, +flow_end,430003,DNS_TTL, +flow_end,430003,DNSQuery,dns.question.name +flow_end,430003,DNSRecordType,dns.question.type +flow_end,430003,DNSResponseType,dns.response_code +flow_end,430003,DNSSICategory, +flow_end,430003,DstIP,destination.address +flow_end,430003,DstPort,destination.port +flow_end,430003,EgressInterface,cisco.ftd.destination_interface +flow_end,430003,EgressZone, +flow_end,430003,Endpoint Profile, +flow_end,430003,FileCount, +flow_end,430003,HTTPReferer,http.request.referrer +flow_end,430003,HTTPResponse,http.response.status_code +flow_end,430003,ICMPCode, +flow_end,430003,ICMPType, +flow_end,430003,IngressInterface,cisco.ftd.source_interface +flow_end,430003,IngressZone, +flow_end,430003,InitiatorBytes,source.bytes +flow_end,430003,InitiatorPackets,source.packets +flow_end,430003,IPReputationSICategory, +flow_end,430003,IPSCount, +flow_end,430003,NAPPolicy, +flow_end,430003,NetBIOSDomain,host.hostname +flow_end,430003,originalClientSrcIP,client.address +flow_end,430003,Prefilter Policy, +flow_end,430003,Protocol,network.transport +flow_end,430003,ReferencedHost,url.domain +flow_end,430003,ResponderBytes,destination.bytes +flow_end,430003,ResponderPackets,destination.packets +flow_end,430003,SecIntMatchingIP, +flow_end,430003,Security Group, +flow_end,430003,SrcIP,source.address +flow_end,430003,SrcPort,source.port +flow_end,430003,SSLActualAction,event.outcome +flow_end,430003,SSLCertificate, +flow_end,430003,SSLExpectedAction, +flow_end,430003,SSLFlowStatus, +flow_end,430003,SSLPolicy, +flow_end,430003,SSLRuleName, +flow_end,430003,SSLServerCertStatus, +flow_end,430003,SSLServerName,server.domain +flow_end,430003,SSLSessionID, +flow_end,430003,SSLTicketID, +flow_end,430003,SSLURLCategory, +flow_end,430003,SSLVersion, +flow_end,430003,SSSLCipherSuite, +flow_end,430003,TCPFlags, +flow_end,430003,Tunnel or Prefilter Rule, +flow_end,430003,URL,url.original +flow_end,430003,URLCategory, +flow_end,430003,URLReputation, +flow_end,430003,URLSICategory, +flow_end,430003,User,user.name +flow_end,430003,UserAgent,user_agent.original +flow_end,430003,VLAN_ID, +flow_end,430003,WebApplication,network.application +file,430004,ApplicationProtocol,network.protocol +file,430004,ArchiveDepth, +file,430004,ArchiveFileName,file.name +file,430004,ArchiveFileStatus, +file,430004,ArchiveSHA256,file.hash.sha256 +file,430004,Client,network.application +file,430004,DstIP,destination.address +file,430004,DstPort,destination.port +file,430004,FileAction, +file,430004,FileDirection, +file,430004,FileName,file.name +file,430004,FilePolicy,cisco.ftd.rule_name +file,430004,FileSandboxStatus, +file,430004,FileSHA256,file.hash.sha256 +file,430004,FileSize,file.size +file,430004,FileStorageStatus, +file,430004,FileType, +file,430004,FirstPacketSecond,event.start +file,430004,Protocol,network.transport +file,430004,SHA_Disposition, +file,430004,SperoDisposition, +file,430004,SrcIP,source.address +file,430004,SrcPort,source.port +file,430004,SSLActualAction, +file,430004,SSLCertificate, +file,430004,SSLFlowStatus, +file,430004,URI,url.original +file,430004,User,user.name +file,430004,WebApplication,network.application +malware,430005,ApplicationProtocol,network.protocol +malware,430005,ArchiveDepth, +malware,430005,ArchiveFileName,file.name +malware,430005,ArchiveFileStatus, +malware,430005,ArchiveSHA256,file.hash.sha256 +malware,430005,Client,network.application +malware,430005,DstIP,destination.address +malware,430005,DstPort,destination.port +malware,430005,FileAction, +malware,430005,FileDirection, +malware,430005,FileName,file.name +malware,430005,FilePolicy,cisco.ftd.rule_name +malware,430005,FileSandboxStatus, +malware,430005,FileSHA256,file.hash.sha256 +malware,430005,FileSize,file.size +malware,430005,FileStorageStatus, +malware,430005,FileType, +malware,430005,FirstPacketSecond,event.start +malware,430005,Protocol,network.transport +malware,430005,SHA_Disposition, +malware,430005,SperoDisposition, +malware,430005,SrcIP,source.address +malware,430005,SrcPort,source.port +malware,430005,SSLActualAction, +malware,430005,SSLCertificate, +malware,430005,SSLFlowStatus, +malware,430005,ThreatName,cisco.ftd.threat_category +malware,430005,ThreatScore,cisco.ftd.threat_level +malware,430005,URI,url.original +malware,430005,User,user.name +malware,430005,WebApplication,network.application diff --git a/filebeat/module/cisco/shared/stringset.go b/filebeat/module/cisco/shared/stringset.go new file mode 100644 index 00000000000..8e1ecf3cdc0 --- /dev/null +++ b/filebeat/module/cisco/shared/stringset.go @@ -0,0 +1,56 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// +build ignore + +package main + +import ( + "sort" + "strings" +) + +type stringSet map[string]struct{} + +func newStringSet(list []string) stringSet { + r := stringSet{} + for _, value := range list { + if len(value) != 0 { + r[value] = struct{}{} + } + } + return r +} + +func (set stringSet) merge(o stringSet) { + for key := range o { + set[key] = struct{}{} + } +} + +func (set stringSet) equal(other stringSet) bool { + if len(set) != len(other) { + return false + } + for k := range set { + if _, found := other[k]; !found { + return false + } + } + return true +} + +func (set stringSet) MarshalYAML() (interface{}, error) { + keys := make([]string, 0, len(set)) + for key := range set { + keys = append(keys, key) + } + sort.Strings(keys) + return keys, nil +} + +func (set stringSet) String() string { + yaml, _ := set.MarshalYAML() + return strings.Join(yaml.([]string), ", ") +} diff --git a/filebeat/module/coredns/README.md b/filebeat/module/coredns/README.md new file mode 100644 index 00000000000..fe42b7ab07c --- /dev/null +++ b/filebeat/module/coredns/README.md @@ -0,0 +1,161 @@ +# Coredns Module + +This is a filebeat module for coredns. It supports both standalone coredns deployment and +coredns deployment in Kubernetes. + +## Download and install Filebeat + +Grab the filebeat binary from elastic.co, and install it by following the instructions. + +## Deployment Scenario #1: coredns native deployment + +Make sure to update coredns configuration to enable log plugin. This module assumes that coredns log +entries will be written to /var/log/coredns.log. Should it be not the case, please point the module +log path to the path of the log file. + +Update filebeat.yml to point to Elasticsearch and Kibana. +Setup Filebeat. +``` +./filebeat setup --modules coredns -e +``` + +Enable the Filebeat coredns module +``` +./filebeat modules enable coredns +``` + +Start Filebeat +``` +./filebeat -e +``` + +Now, the Coredns logs and dashboard should appear in Kibana. + + +## Deployment Scenario #2: coredns for kubernetes + +For Kubernetes deployment, the filebeat daemon-set yaml file needs to be deployed to the +Kubernetes cluster. Sample configuration files is provided under the `beats/deploy/filebeat` +directory, and can be deployed by doing the following: +``` +kubectl apply -f filebeat +``` + +#### Note the following section in the ConfigMap, make changes to the yaml file if necessary +``` + filebeat.autodiscover: + providers: + - type: kubernetes + hints.enabled: true + hints.default_config.enabled: false + + processors: + - add_kubernetes_metadata: ~ +``` + +This enables auto-discovery and hints for filebeat. When default.disable is set to true (default value is false), it will disable log harvesting for the pod/container, unless it has specific annotations enabled. This gives users more granular control on kubernetes log ingestion. The `add_kubernetes_metadata` processor will add enrichment data for Kubernetes to the ingest logs. + +#### Note the following section in the DaemonSet, make changes to the yaml file if necessary +``` +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: filebeat + namespace: kube-system + labels: + k8s-app: filebeat +spec: + selector: + matchLabels: + k8s-app: filebeat + template: + metadata: + labels: + k8s-app: filebeat + spec: + serviceAccountName: filebeat + terminationGracePeriodSeconds: 30 + containers: + - name: filebeat + image: docker.elastic.co/beats/filebeat:%VERSION% + args: [ + "sh", "-c", "filebeat setup -e --modules coredns -c /etc/filebeat.yml && filebeat -e -c /etc/filebeat.yml" + ] + env: + # Edit the following values to reflect your setup accordingly + - name: ELASTICSEARCH_HOST + value: 192.168.99.1 + - name: ELASTICSEARCH_USERNAME + value: elastic + - name: ELASTICSEARCH_PASSWORD + value: changeme + - name: KIBANA_HOST + value: 192.168.99.1 +``` + +The module setup step can also be done separately without Kubernetes if applicable, and in that case, the args can be simplified to: +``` + args: [ + "sh", "-c", "filebeat -e -c /etc/filebeat.yml" + ] +``` + +### Note that you probably need to update the coredns configmap to enable logging, and coredns deployment to add proper annotations. + +##### Sample ConfigMap for coredns: + +``` +apiVersion: v1 +data: + Corefile: | + .:53 { + log + errors + health + kubernetes cluster.local in-addr.arpa ip6.arpa { + pods verified + endpoint_pod_names + upstream + fallthrough in-addr.arpa ip6.arpa + } + prometheus :9153 + proxy . /etc/resolv.conf + cache 30 + loop + reload + loadbalance + } +kind: ConfigMap +metadata: + creationTimestamp: "2019-01-31T21:02:57Z" + name: coredns + namespace: kube-system + resourceVersion: "185717" + selfLink: /api/v1/namespaces/kube-system/configmaps/coredns + uid: 95a5d5cb-259b-11e9-8e5d-080027971f3c +``` + +#### Sample Deployment for coredns. Note the annotations. + +``` +apiVersion: apps/v1 +kind: Deployment +metadata: + name: coredns +spec: + replicas: 2 + selector: + matchLabels: + k8s-app: coredns + template: + metadata: + annotations: + "co.elastic.logs/module": "coredns" + "co.elastic.logs/fileset": "log" + "co.elastic.logs/disable": "false" + labels: + k8s-app: coredns + spec: + +``` + diff --git a/filebeat/module/coredns/_meta/config.yml b/filebeat/module/coredns/_meta/config.yml new file mode 100644 index 00000000000..d9ef777bde5 --- /dev/null +++ b/filebeat/module/coredns/_meta/config.yml @@ -0,0 +1,8 @@ +- module: coredns + # Fileset for native deployment + log: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: diff --git a/filebeat/module/coredns/_meta/docs.asciidoc b/filebeat/module/coredns/_meta/docs.asciidoc new file mode 100644 index 00000000000..056f45e1523 --- /dev/null +++ b/filebeat/module/coredns/_meta/docs.asciidoc @@ -0,0 +1,51 @@ +[role="xpack"] + +:modulename: coredns +:has-dashboards: true + +== CoreDNS module + +This is a filebeat module for CoreDNS. It supports both standalone CoreDNS deployment and +CoreDNS deployment in Kubernetes. + +include::../include/gs-link.asciidoc[] + +[float] +=== Compatibility + +Although this module has been developed against Kubernetes v1.13.x, it is expected to work +with other versions of Kubernetes. + +include::../include/configuring-intro.asciidoc[] + +:fileset_ex: log + +include::../include/config-option-intro.asciidoc[] + +[float] +==== `log` fileset settings + +Example config: + +[source,yaml] +---- +- module: coredns + log: + enabled: true + var.paths: ["/var/log/coredns.log"] + var.tags: ["coredns", "staging"] +---- + +include::../include/var-paths.asciidoc[] + +*`var.tags`*:: + +An array of tags describing the monitored CoreDNS setup. + +[float] +=== Example dashboard + +This module comes with a sample dashboard. + +[role="screenshot"] +image::./images/kibana-coredns.jpg[] diff --git a/filebeat/module/coredns/_meta/fields.yml b/filebeat/module/coredns/_meta/fields.yml new file mode 100644 index 00000000000..98ee91094ab --- /dev/null +++ b/filebeat/module/coredns/_meta/fields.yml @@ -0,0 +1,57 @@ +- key: coredns + title: Coredns + description: > + Module for handling logs produced by coredns + fields: + - name: coredns + type: group + description: > + coredns fields after normalization + fields: + - name: id + type: keyword + description: > + id of the DNS transaction + + - name: query.size + type: integer + format: bytes + description: > + size of the DNS query + + - name: query.class + type: keyword + description: > + DNS query class + + - name: query.name + type: keyword + description: > + DNS query name + + - name: query.type + type: keyword + description: > + DNS query type + + - name: response.code + type: keyword + description: > + DNS response code + + - name: response.flags + type: keyword + description: > + DNS response flags + + - name: response.size + type: integer + format: bytes + description: > + size of the DNS response + + - name: dnssec_ok + type: boolean + description: > + dnssec flag + diff --git a/filebeat/module/coredns/_meta/images/kibana-coredns.jpg b/filebeat/module/coredns/_meta/images/kibana-coredns.jpg new file mode 100644 index 0000000000000000000000000000000000000000..70921fa9bafb24da9a3e19bbbede5d0e43c0f0f0 GIT binary patch literal 256863 zcmeFa1zc5MmoR)TmrhCPZUhNIx*O^4Zn!iENQhz}As~o=bf`08oUG{RwM8n19hA0Kijw0Pz=%0eHO%V9r;m ze_avM5dNUR!c2qy0i)<$k;1>A(b#!H1FT0LboYAF|YYieGOI~<&} zU}|?O8$k_e*? zs8Nf$$G|kfWb40=k`-yfz4f^a$jZ9#U6EIuQtSTA52L zfiO7;%fg&guHN?*-onOSRsn>;7J_i!-cvyfgs;**v-XhD1Yt0Lgk*OYjbCLUB-^-4 zN&HG%V(tz?Kj}YtIci_wukxR;vsU;c{{ufeEnN@~))|WKZLgyO!q^~8I*Pj@KYpr1tzhnY6vG&lrs@pYRR@TxoAPn*j9k7OJ|Kbox%}V1xs)SlmI92-V21S!8CuArUNX4 z82dl(|0vxOtg90kub%yDoCL_#J+Ra(Dz88CrN;S#5?KaW8d)A$7MTT+6j2mW2=N~H zD-K3(M1DkpKWh6IJ<=-DAkrezDAEGbq^W&~`yUj4*{o#lW(8L9Em-ZmzihL-K#;>Q5ekzoh<)4viBH0qrK5 zI2!Xmro?8&=KZsVS2F!6kDpTeSyzic<@!er{&o3(J+TL@z$hn8XK5PO@7NK1GxmSd{K2m|h`B2BsvUT67IJQI zp8w3n)B3(A*lqzS7gt|*ds{nCY6(#DTT?5*EIDpbb8~VD0KnCEB>+5Kwtd}$MgYI2R8wr^M$3CyZ6uh5U(ys06KsJ_9zm7 z5}*T^L4LRaK0pW%2V?+6Ko!se^Z^sF)!BjV*&Xl!9sm!4C%_AE5+V*r1X6)aAP*=8 z%7Gf-Jt9h%E#L@q#>nJc7J{#6S`u>5zO#8Ke%<0_lPbLM9gv z{7@;VD%1dK19gW6Lc^f(&trV!_Woj7W4!W84(|m8j&4r!SaaOh?a3`Kh}DRn5Qh=JAbv-@M8ZNMM`A+~L{dP~L$XEkL3)A|kCcN{h13T2rWK?kWMpI_ zWG3XhU~kk%c0l$=4o7~AT#DR`Jczu6e29XALW07EB7&ldVvgd8@&x4#N)bvE$`Hy5 z$`4cwR4P<%R9RF5R2XUqYCLKI>Ic*z)HT#Iv>Rv)Xo6^}XjW*xXi;ccX!U6QXe(%E z=(y-i=pyJ^=nm))(G$>1(A&^w(DyMgFlaFZFw`;ZF@iA?Fy3KwVtm0k!NkL4#gxJ{ z!t}z7#LUHP#+=05$HKy5#1h9c!1Bb3#LCC|h&6}x0~;Tk16u*x3Ofip3A-A52zv(y z4Tk|o0>=c$4<{a{0;eBm>jv5l#v4*M%x?tVNV-vXWBkS;EypMQG_)vU0d?|cO{73j%_-*(r1jqzT1PTNW1TP4R3Hk`W6XFrx zA=DwfPnbm5NVq@*C1NB}AaWv#A}S{uBRaiFaZ}=^_08uuOKuL`JSHY17ALkQ4kIol z9wj~{p(c?baU_W*sUevqMI>bDl_b1OJ z|4e>JK}jJ;;Y#s_;v>ZtB@v}Kr32+F$`6zqRQOb)RQ6P_sG6uYsR^kisGX=2s6SDE zry-}2r}3gmr|F|Pqh+GirVXJjrJbcir{kxyp?gKwO81?fie8!i0evC;6ayLqKZ6~^ zYlaSnV@4)MUB;)3HH_;_#7qiIeoTc-Gt5}bV$5#L8O$Rr$SnLUjx29k23QeTd0FjP zlUV!N5ZL(G?AhM34cXB8 zar=^!m(z(ei*uR_k4up&gsYxwkDHa-k~@iega?a9mM4g(mS^`4+a2pWDR(A#@p+Yb zpYpcyUhv)JbLT7J+qg@A*X(Zc-En>bel`AZ{!RfT0ZD-%f%gI@f_#FWg5`qWgxG}~ zg$jh$g_(q{g|md0L}*3KMbbqUM5#s1MAJkU#Aw9K#WKVe#p%SY#B;>gBv>RIB#I<< zBsnGBC95Qlr39q{q?)Cn(sI&a(tR>`GTJhUGIO%DvbM5?vft%+<^1KE<&or-9 zNM^cb1!m{ws^%HyhZYJJ$rj%&r7T}tezg*}dS$g?En*#Gy=Eg~6JxV(D`FdKyJ070 z7jL&^FJ+%-zw03Hkm_*ksOp&O2zSzTDs@J6Hgm3n;lUhXpIj(i?z;@SvbjESU2qe0 zi*x(#uH>HM0r4>QsP!ZO4ffAo%wC~hU%W-Vle~ZU==fCJ$Gs1`|Jj$-_qp$ypR8ZD zKcc^-f9nI92M-^736Ka#4}=6-1hxjz1w9U036=}adx-wf@nLTWXGl!Q!6V&A^^YkY z2R~j4l?yF=g8jt($@o*Dr>V~npV>d_d(QLx&GXAJtFZ1DoG;>EoQGS6cSmqVBt*a? zZ6f=k_@Yu?BEN*a9E%o<&Wpi~@rzlCRgSHGMg1!5)j^zTTvz;^_|(_vuf1L`B-~4= zeMA4|<(ud5BL&d(vud69FG3(H-|)5!aje>XqBfV?285TVekaHGhmXrNfSxVD77B)ycV z^u;^io!7g~GPAO=a;5Ut3jT_cN`}hhD*URjYDl$j_4gXPnuS{Z+QB--y4HH3`l<$w zhTQiw?~@t{8>2p;e|Y=>-sIPG*zDT8)nePS)N0x~{Za4Z$S3treQio@o$a#iA3G#E znmR=~-**Xi)phfC*Yxo9RDb6ET-D3lTh+(cSKWWNzji=ipngzz@WYVUP|L9NaQleD zNYALs=-`<4*u=Qe_`-zM#QLPu({fbC)>E&$vezDmEXj_ zeg3ZZeP!2u7rqz1PqLqTaOa@)Q0;K;$oc5(IP3?>kGvE9la5o})3r07bCmOh3zm!e zOQp*hxHBB?YVK}+Z3|p2O(58S3l@910Dz?r0Qdu-{b2ZWoOexey>Rgh0*6A^(9i4N z;Gbi`>t}obPyzy1=DJif0K5YuV=$PvH~?Ik>RRFe0uRrh5yV^t4;votYXE}j4w@!E z;P8D406?h+fD3mx{Om0pevt)^6(#|o+3n}}@`@T699N`?UqPe9R>4=-zXy0TfQyQv zhlL4+&;kg!5GXDL{t2K0>y88(CSdr37=i#rL_$VEMMK8`394=Y2oNX~0TGIXbTuge z2>_o1h`302G+YwM`0C~;v~C3452Mpj=_Jcq2sH-3)ALxkhoGSo-6SRUZ1_TkK#e*hj2ZYHf6L%^ z8~As%0VsUnx(l|C!hx07=NP9tyiS{NV6W#A>4J^4m@UEKz)6ph*K#foq$j*1#+tl*#F_$6G;6Y~<2pUa{2}Wnm2o`WG z%;%tYN!aR#RyH8CP{LHAe0w(ME{&k~Tn1MJS5Y^9 zmES7zZl4uDF&q#*fLMgFHnx5CZZWub-T@^5Z<*5&{zWX|uylOnz*8rynym*uV&z?# zICT@pQaPIXxd`)CtaRakD#*IEIXbhX+L#yKvo9 zZJ*$tn>Ngg-+9}zf%S8_CE&Gen+ObMq&X(gJ-3MqVOt`r{o2d7v%$_j^`*tEcELYc z4Jnb8%zkVY@ht?>?&>!(@{0wK4ZUO1mC%NSy*@ePM|AuAg*tu_#otAx9(*iF!2(SF zW!uiR4M5tfkV1+dx{(9C?JAR9OrX${6aEpZMO&j2(uI0>2W;pZAaFs&qyTc(s zpf2-Q)OKumRZ-*k6e(os;f|YX^;?*k!oUr3Ta;oz8Puzg>qwaDpKmz9U36Cdkq&wX zk}hK@S8BgA!SH$}>U*zaAzPj&^`lPOV2Yo_CY!55^7r=E9F}rT?x$f8Xt^m?NLMh; zx)R$C4Bjb3ROY!DK}_~nLwu#}ZQCOKc5`p?(kx*xEkBs>7ur1>D zQi?)}VSL@opbv;kgsw1vnfzNO)Hw5<26JFHyy%pmySwRT=Pm;c;kJ0*X1A%?y>w(50x z>%zC>#i#kbZ*Tw#2PPd;s;c96%n|A6kGD|r3#2q0Z5-`CIG=wonSu0huCtX#;L)Q# z0(8{(Jd@O2P&oWgQ#G}mORXO6eJU?o4l;O9T$nJ{p3Q*9larAcS&}}mOerInHgeU4 zB25o%vhr5ofR2OWb)Q;7B0y)$I$5GO{OA_I|Hj98I#PanTLX#Dhxys3HV#>|KAb8} zBPo{vfj8A_Fn*?*Dq*hob#mg;>Q>9)R;h{+*d4v&UuxFv)$GznlWlEf2z0p)=-uH! zAuog6?b8a4pSngL7Y=k!Fz75la8N{=pcNJcy=r3k%)G~HvjL*o>cfca>i*Pw4z zGuJmPM^5z>j;UhI-YM!Avq+MO8-PGT>W6p35EF_h(aAKaH-}cwX3Ern8BOw~^Rv-6 zE=PLBL#6D^l!vLj?D-3 zvXZ{)Q?GSg&B7!)XK*%jyi|Ye1?63O$*J>~*NE-F!R>8v^V-s93e%PDn&b~J12zYn z!u4Og_gZpk$`&rnpQmJY^q&|F+V+?gdVTnJIINfiAtQ>US0fDEN}oFmY>&Ur!hC_qs*iV zn=cl|x%il4eBPIySdtG6{Jv``ddX6=`cBD}Pr%fXRd zIar+altc)HPS`AUL#cRfs_}W40O4e3`*1Sgkyw}?)QLX6nR<$r1~oa;lp>GR?Gkbo z+G)99lhpUZFy_`TAt9BBs3kXhDX>`Rm<9)IT7#xcFAztIRqS$y81C!ww;l-WFe9)P zORiF|V&rvVFGD->M4Hf_I5yfz9Ia^SmA!3L5mDA{f&(wHYR-DjBV3GwIyqEN7lYye z$*BU4gqjs!7y=xqN)A#?r|7F$38;!A6^2a?Y#&m<0fTIM7pA8f)+CcOmIqx_W7YUN z_USqO~Llv;4H3o@s04I>Y{y9IeRlA8L@!K`xLte1VGJcM01@X1`-y_*{1`F&H7E! z(9l+y{7}2)^{>M(zQE?2WaZxJbZ~#-&t81}g&zb#MbdT+dK!*cRmG5xV zdwg(uI=E$oqIOe(+Cu}QaGJ~)#!Fi~KwBc1GHUSM(zuFh3ukrI@)NFbJdoDcff<-U zcRGM%?pBfzIDz2QzMZf})qhynQz+{>98?qCK7Z6G*6+|AIoDP!z3op;=4f;0yQ>gU1cf>vD0o3ws+`Z1Y12Kj@I0q??7o2+BCo}=ih zFJ}`6Yc-_=c4B+jrpHMqqwFkk9Hp}-+7_yT5C?$f{TMHj@3wHI3_rSGDh#x)E6hdO zK9TKYa@F!vhuh94uEmV2#u==(u1`l#Msl4#it4Mnqg1!EozUk);DmgbhF0}_3QJU0 z>WLGxm`PJMk3v}p2LJLDMrZnSx)k3wfad5IC5!}@?I#}_R-wT`7nTBr!*er+n`P6TaMcd!M4KutI>UQALNVxM#3_X;uS{ryWX_xn1FH$&_B>Gn$~tP<@k2m3J@sn2lW zfQd5Ta#6nPsq_BTBbpX+w-E6S4bdFugU+2SNY+bC?BLYzxtr@{8{D#wAdIp7jvfh)@k8GRkIwwnQRcwz^DTI z7E)94csV!juq*vqHS4!Y^H^!S;uqWtX7jKn^ z6_h$V_vxD{-+Vidu-bSt0?X8w)j?HE4NMDsdQkALC{`K!)dgK##R2#n@UG6$sgB59 z=?v@1S?=cNL(L(wibL zm#!fyjo(udr|@6K>8>o{btIHey2eUgRripnYZg4+&3ov+cO zUN6pE?Y<6q>gS+P!*`=ty{}&5Gh<=_pR>bK z)Dzmd1$Q5bBW3GOhrXtdr?sXAo=aaL_V}*J02Fq8jwh2Cx3DF`*j;(aSJckwQPo>DY(Yd0n1X zAuEzSH%%rf#1soNOs2A*g~@4IF$qO-;|LU-2A$eu`Unft(J_k|S)QmNw!#685eB!M zQ2E%1&w`g;jw&NI@jhjZY86bmQd*U43C>?)#=bm;m8cLey`#9`lE%KxyCh7-E&Kl6 z`u&dmGz>h|qM5!8hY$j(kNjUx)(-MLdrsEk4VB&@mibV8cXec)TppQH;Mn<0qdJ4) zLa1iYe!*95)kq&KR=>cd@+Nmj5ns2!^_irc< z1dY!HeGp61(&ea5Jna`l{n~P{MAa9}>QI``Uf&W(_|UBT>n3F3(raAeGF@zzs=KZ? zaBt4={=)OoY42~Z)&K;d0LRQn7t%pHQ7huab2P8AUxo+u$O0EAV*P|7!(F-d)Gfh- z1(7KWq`8YSj8jZoR8$FY;H!3{(Mi2hy*sMTIX5%HGLQTbhU@%;j)vWKN5*;e`dInI z?PvSA@32KvmsFmrS1MCOsprbJr&Bz_J&Vp%Pj2pr&BK93JA@HkgW1`4wZY74VniKA z=uPJN7ddS^*~E4gwb(yM7PE)MmdS7i-~f+4DOm?aM9*jL;Pa0pOXLI4jQX)sTE{|{ zThvTwBgsLj4x>svnPxCb!hutTBLcTz#lp_s0lvO)c{6>A|l?~-1; zXpft8FCYs~nONR6FbJrvA2@$>E>U*a)$vvQrc3E#Qs0JWd(BS$h1yIbJM2X?_Q+?? zFV{QB4>k@7pAy8FvRB79M@0Grh@F1q%`KIw_O~}=BR)|u{jyf`K~N1bX4X-MnS&!l z*q1DLlji`G@MzD4HaP2$2&v0C3m!A>txhEu%5IDvE!%s7mD-w=mtojuDeRxfe3sHE zL6wk(GTT)oW3zpqFw-prnY(UdsIoHe(-gPlEQPV^qB4)x2s@do8+q8OL@2PlzdcPT z8ZJJx$P|1xXk9j#<%hS9qdkqwiOo#Fm8z^KU474wroSRW@^mBi!ZACm`QIFM|63#R z-?)E!hT?yST>jOtGCS|{*b#U4`x~`XnjMElFM5dI7m5foV|RS>0WfRU3{Jz@-7Ie@ zb+Nq^>EMm_4Y(O+n}>`vaxu4z`{X?TVFOYnQP)cAL%IFa(=m=>b4OgIFT}0<`vk72 zOebR_H#v=R-(WnU>iN2%S6_8elzmGoTqug`DK%gZvCFF-eVL2l`WSa7d2O%Quk#j% zmlay~bUOW66Y+VW$@Ltj7<}k@B)YkuVVY2bqRMsOJKn?7#Sw0YZt11JiDf9J` zx!yaqieVjjDZ`f8$*s2Hx2rKIj@v`vkshfYCz2myD8YIQR;RVjeZTE0#pUPn`6k;h zv0;r>-rF4%TuMK2vkh0cT1#0~_E&`MT+;-n%m^VH@rsj^sTRtrM@k;3HPdHh(@b9v z3klQ^n92apEb8qUvg^dwdnuTa;;LUd4&bX_zMmg&427 z6^Lj2Uds2cXin=-8?YF9Vx%;7oh$2S1hdUd8P29DJ;p>)`4mW-UOnuzP4@XA=Ui4y zkU^sipyRLP%R#g;&Q0B#oFaz(cC!Ttr2GwNr&&9^!HB*3Ouz|`zaz0vjh-KqVH4fv=6=W)<~F2 z$KGINH#WR~Su*x=B~qb(?Xd8U8nWT~lxNiYwh+Hyd8(JZ=>%L7#9@T!nQ4R!1c1(i zQ|-{6H}v5!5qWysy<&7`gsQ5yRcUOnhaMw`OuND(JI`6~z_^Q0=_alk;@DXHk%Pu8 z-xC4h*z*mTGyBc}Ln|^g*Fp?ehdB+M=+ru{@Z@F3lSBICKrgP!n!B`HrQgJxol7qPWz{Q>ZD(Rn@f_u#WNsbV>;#b47ZJI>DYkKa z9^uJ>+OWC4sS(bHd{0;En8eML%{u8fBR)>f3JRLo1cA_ct! z5K`&rb{dIL^-3Iv5H>PBGk?2b+z&pODehcf6KlY?CmNM2$V&X~W)51v(P6J~$Q+s8 zc^(1lnbwFJ62@EZ?(Org%pSiG*&x<37e}NFU++xP2LQ_yq`h7ka88*|D>4>rWv~SqZ?dUUYU{Wle+fYgA(Fl+0bQk0P55 z9(*B*>h5G>icJyOH&9I1Vm*K&#DhvEz~MH#3HIagN9%HmkCYWIKfN=NtIV5x6oP(q z!C%bE4CTEOA$oTok0v!=Y%E6!L%POM`=0C?y%ih~UaK<72&Q{Nybxjj%vpOKwAlp1 zK%oulQ!A%O%6AEz@9Ws5VO9@%js>jVZpK5|FKnNJ;!IZK+$NrmWOZPMvfptQK%>32 zjN8Rjx}>`h!e;lFvt)zfwpzFiu6^u&~ukWqU=bVY3Jd?`tr>MiwNk}z$|;t|rA zFrY`7OeNy@S-IT37`bI-J0(obc8fSEmQ5_MTiY;3<;uM+3s{h&Pr=E(W8D1Re%sNU zL;y(~B@LDvYXFLjLU4FX=Q-Nhtl?%*AM4>C>n*>pKi8dp%i*8N0r6i=oEweqL=r8V zNKhrd>1j(2H2q=>DwAFX#!xy~{o_v;EjpU1KX3@ize@z+O>Z2vi3{w@Pob37mE?p0 zxt7)x;RwtpBKnQW;6mcHfeIh~xkck2?9zW_zx|`(|Gy>p#{|Fc|H+!=KS=(!oc?>s z>3`c1;3M01dFOc-%zK#!X=u#Mfhrm8z4g6ygi%7>p3I&!46Waf ze~aaJbNJm2ert#S7FrQ4`+9fAzp3v3$=84iKKgH(b&eOq@`4&ovso0(5WC-o$N%Ul z+TVuezu(Y=kNuPGG$k<sZ%OWB; zYeNNdZ5AA#UsuF0J!=*Yq=N&+%I)8@%~=fYs;r)NMm9u0!clW)R=|@;nBY7TC^1!y zVHi0wSnGC`#d+7iUuY0?%9zRf=B&8;l00f)kkz|Zws^~hgbrsVo-E2~Uw*HRQn*9A zKfldP|6T2e+7Yt2aEhkRz>qvC_T-)Y&0C+h?nC)IzQ~o|tP;8*L4raXwpy7VecNOX znH>YOBtXWq3O|aiEQ{fD3Aoc#!d%ZsF!XZ`m;X;hU&AdYj4+ z9d{c|*e0`F{iu_C%oZ9Q6AJNVLh*W*f~CINc@Z~@RRn`%4AAZONdNe|G`nyqrv$Oc zQ&T5(FE;GHyJIV(DJag*HVp@G6aDMudfpkGChJmoT_i?BZ1g&D=GIdCN;V^h^bF-^ z^$-GU3y%ykL`uTf!^=?idh#r%>BQm`jJA(nBN91t$8&R_S@9l~w`~Aa1nIk!MRb^pwvOOQ9 zICqf9pEt-vz0I15uC0*lEi+c~L*UWkHGEU-JSML~TuZ^zj%C(;C*9?l{`p|11rB4; z?C0V2@11MxO^6qeLanV~n$dc@4NHbh9T9otRP~RS*;mW5Sw$rE;GXK2t#z+PSMO#r z9U~n@3VHSg8H|storxs9+ni@UO}(u0*s5-tR7@Z5#cHBBS)z(_QDhyrTPtMpXY@KG zQ%2`&_rmnYWAV=DsqxZ&ISJjBSEDBXT zo6gXVP_6Lp-qJVdL|DyOU4R(E+==c^DF1n4p#oF7U|X?Dct4=FGQzU%&ZPmU)U&B3v=Sw3l!m5PGIj5Ra$4&9>Mq6${4yN64Uz}J1n&@^5_(MJiV;`_?EJ96y82%7>8GG=yP=O*~kUv#TPHEhQDo3 z&AcQJmRp2edisNjaqNz(pUU?=yDNY$qDt_b-W{{OwkkhuK>f(@!fOjNQ%42u=F4u$gJl06s>+<*g2VxgY(Uwmi;azSDb5 z^$m&alBjfIbW3y;?vC=x_z0TASh+ham6>=J$7zv8F26spkERW_$=e|L*Q)g(yN ze<)NaPVjxMRo^qo3cxUpshGA0zf8tV&kNXNOC7CIVlNr4Y?4}6Vf{4reM6^Q)j5?j zI4#95(I~8^fl8=hSlaPTy3RyjdLtT1K3mjddmE~Qcn>yrRbkT6K_*}7`w443bSM)? z7cAXxi5_3-~YAzEvx_UWd$Fo`)j zAk7RpaPKJ*z7T88j1=hw#J0za_vNfsf~L%J_wu)^P+{b)Eg7$Zpy5;>$I=^^&Qv;s z#!WAfvq#uvJ|n$;Zg~>@R88*30MaRIRWclKsEQ2SdVk@6S!Hv*a83#bykB}|2Q|nG zssTN9ip$~QR=OgDeVJwkEQ|K-?qu|r?=Q6n)pbb>WuLurDXMf=3ezSXr2fNxC%& zT@=0LWoGDaGno#~9lgUua`GocQX-7{hKnC0(U3nv+S3aFw^hErId!M{z6q2YKh8|- zv}3O%K1|VnK5tfpu%1K*$M;U@t-)uRm$>1iqZwgugvv9Dia;YqLBio@@Qn&@Ib5GnT<9ZadxtwLQ4Jq`^Porw~Q7Q&=+NDvSLl#28)%K!Z@W50S4~}M-V_|~xC|M86t!8qMZ(FS2 zj*Oq4?@_&h1Eftdrb6ZN{n5tN9%FpNh;{Gc^w?}2Z@8trxzy@0eDM{LF9J4X_BPA* z99zZ{Jno~k6S}qS$dfwsrA}$Xs#Y@lVOIwUJtdaRjfNrHXd=2>u=^bwU%{0Ne`PO; zt)fcXyQC({1#%vD?xpPye33|hm${eio=&L-?u5VqH(^%RMlPF9hQB-OISmxn znI%+@d)xKOH!dy%jN#fCHO)&D+ zQ{A-t2ib7DMjMjnQhmG}UG`e7Bc4-7c6_+c>wmAN*75o65?%X1K-jBrDxhM@5Y>u0 zIkuzGxFGq^TQc;nwYNu>(S!qc-@D2}Cgl%nA{9E6EGm^TkDVU|9$|}ad^6P2I#Z=N z6XQwotQ&Tryl=_f#-RYM2^xy$-|-?FsY~P`a5D?`UrJnO&fONS!m(XT4~tgh&3%>W z#CBZPF-x&NvKX&aXcIvaQbUiq6g^g*m)&1rdE|G;%0$&4sa-nI6ER?b=j5Zr>visw)(_%fvp0Csj^z~^3eSDli)%*GSTu1AhDh#&jH&9i4IDoCt9wcm0IK#VB zph5WfQ}A+y?a6|!l8i%vS9Olc+k+2J2xsu%fZa5Ktd)3LH5wG9F8?rLIet)w;g-*% zV4jJwDuTL0)pr*u5k3N6&wRtC@0GnF;)TTSZEJs{uY3PcgUm*LWDW4*KR~EYWGSew zeq68nA%}2_N4VNr{h1N0S=e20EPJJCsyGF6A?4|eb|S0MT#8H{`-46hTVbJI===EW z+50FIK`M?0&Bne$CBZsO!N}Mmn}-A|LI(uquyh#$9h--Lo>Tk1Uii<}3xDJP&$bPe zU*~PvnB-~sO?p2ZVE05>xZ^AtjHY^74asv9r*^-U<(Yh%i4G*Lc8~45OlbzrEX4?3 zV2PVo4i#r75>9Z%b_vksYB-2hI`r&Sl?z<%)k61#2jYEhau-d#U_o^+W12-7S<6pD zJLoi+Yh_Lfxk(?O5>yNx8@-;-a=iF!QsQ@y`E|1O|7@%H-7Ej=%OB;}S@ zq02)VlNtl;g6i!LfZnfPWe*Q?2gNbxK2*Ax8UzshCsA4gYRaO)bU$+ew;DzHoenkz zI4CkBh+G$u&zy#OTv|*vK9&V;fci~#_*)>qTgdOe@XwXQe?$|hAmTVCWXMI8C?Fw^gJcs&gnRBU%ki$%i#oBsf6sIE0xGY^t9J{Ixyt7=9t38*tc zy>-g`8}ZV#ECG%$KJuY;w6P0eA$2h=a zl~Qyo30H4o zuY2$Gt0q`k1mF7U8|V)oLBFs6o#gTA?{13zfIppOr2hOYjh^-X(9AD9PWqmPGI;F* zidWy*hX#>y>B>jYK(}5Vb@Ygz&D($BxCS$**8ZU5>`Cgs!2S!bL;vXJ<-htpm*{%# zF#b*$$Ta9X$<3hV{4vA1*a5C_@n5jvz>mlWa;>)NGK3Ru{~2yc1y#=<)1C(%;9q6? zH+cL<Os|8a@<}< z3z4iVqsv4NlnV=7%}cy}4t+!R@sVq{Cg@X*G~Y`Rq-C{Bsz)MtqfppE3p2_o6+8=X z#wrBBk-V@yVAZjn|`iMwi!2;Y6tp9{RWC!p3!XxF-no^;7FAI5H z8Qf7^K1(YzL*H{o8gF~suE;NjNBrh`fg@_T?~W2D$x)6RTCFLcj(`Z)R4_*ap{)4? zzH;d2=%*se;zU{@GB1|_R|jV2^NB}7RAxeIpx-u)(S$-e@@@V?&%ZpLUH9DIiuu2y zV!l$qwijSestoLSSOeQS&Y3q&^46m^<+fe_kZRD=SnKGlo+UHWhLCs6>nJCmrCV<^ z&js$5pt`J|ZK2QlOfU^&ZgBHI67up7#*7%$tt$v}9BnilN0j~~KsEfOJP?tN?_xquZ>X;EPCkh08;)HT}&_glx0 z#5*nxVi%q{i$zm=c(Kk*tImTmgwNk;f{HKz)QD*)*8>)noYFa$)?g}dx)T`_>!|i} zkase?OpNv&F-gv};VoBIkuQ=wt^CbvRqU_$9w{q5H^-y&2<;N%A{4?Bu~fjyr`c~- zkri=FZ#0nOHel@Dod%taC$&PITd=uZg)W4&zoHpuCC+B;OUrmS<(Xfwe9(S6CE9xg z3u>%b*+{93SI^QNw}jTw(wH4)W$h)cRM&sasZ5Y_G|bQxA;d|Ua+s*g3!6&x z)FL{@HI`<0wmaj4GBC>a;yKKk&)XLCW~k3(P5Edp^rk;Frm9zwm6=BAemwDh=wZG+ zrsc&))f};zJEv0Uy-MTG%3F#N1xXe2!a))CI+&(=oXT*(=;>w8J*-XUBDSyU>@AMd z(d5J@YJ9_|Lr`yU-_}M9g-kJfHg{`JbZj!NTIZm#1HM$==RsC-+BGQUhm?cn&CR#P zi^gvd5QKB4JhYvik`23H`y@0$wGt=6r(-tJmiVf-LX$Xq9`>V9RzgO`l*iJ!XD-6J z#kkeDCl}Di@}xOC=u`;UI8Tx$G@ydhYPDzb6(63-(P8GBNEG|6Eqdf{I=T^Gv{j3{ zeB*)xVr#qunn2OlvyRF=Z{R@(y2rYspc_YSUSrCUyg3!$TvlRkkky#Rbe21h^bjWU z8Y0zKaSAWO*ZC5+rcqL;9|v5zsxIke7Z<@6&X7LJlZ4c-(V-lqVb_PX&Wt6Fp@|xI z@2(RErH;J--7#6PSupjN zzSY~uvhEV62WeP};6|+f%vbdPUK))Xs4d^biRY(o`rMi~d&bSuzWVJnEM@Fcfr+n1 z{ltBVZeWx-{!D3>RBr8)iiAni+V{e-n(CSuD~?GmPxC&J2p9U|jDc46dELA-$C{MY z`@{e(HKteLVXutSxIyS=|4DprLl?wT^hDITj~YsPGnE?o{IJ=e)>mou*gOI1O)_Sk z^dqGvGj;Oj3)`E@ywL}R36Eh0Bq~G12clKNZ*S*aElTBMJP~Vn`v&Dpc#vY?XOZ*~b-j179)(?uf$}%)PT@fESQkGDFJ8op@Dg@4 z#~NdaTi^N0Vf}${;ETTZ(RSg@x;k%EGV}sJ4GDsm4jcGot_9w)<1j3{w78wmGt(7H zQdt>gF6@tMkV-iaq@v;^S}q(KALkRERMoud!r+kg$JOl09;T`s>m}Xrj`BV-qv&jS zzCC^JFzdd%@x3~mA>Vc?|D{L2%Wk1x_(}<0$LGDwcH@eu*8CP@dIt5$YS^GrWifJ! zhCj*i{u4=w&U4n)LazPv=d+m)Pi#yM8dLHD$7NxIdSmhV1Ya3moh^3sWv!j)^h(FQ zc=6#2Xtc5%fYxgk$T)Z!xXodH@5bxza9}{jyXtQ@E>epEyHsdzLGO6xpTM05fPPh# ze=aMkwmRrQ3BA&4nC3)>F_r35Z_OS;$UOs%P&g1@PBAaD&c>bTp|tm!L-f-+<+Puu zuk3Olat`Q|=rOja_N8RBm*JsWAtOLc#R>;PbsH3h+&RcRUZRPqD=-B}R5_!Am9n$( z;-0eS8)!d9mEE1FF$!?tEgvd`ZLN&G-L$tP%?zI3ZNDSUQm5BlM?2l<$HeFR0 z-M;Egg>F|ZD=HEud+{%ANITpeU{IDT$(Wmxzl> zp5zePZ=qYvJ@&=R-eayaj%Vr#s>}~K zu+G?Euvq!Go2AlSirS#ZS4YWyt@8bSNd31ZioXx1JI6tvIZUHL3B`Vv9pnWX+L*az zBm@vm74;)j{!7StL3K@g5~GOjN!X~imfAA_8VsIr7k2B;W>D+)$Bn*+t*QxbchpWD z2wLa$`Q)Hn>4X9~IhTR)Ha29m?-sHiAR?d)Wm)NJL_%3MacF}%4~djDm2E48jyU;S z`k~SNWkq?iA=`U;!Oi<)9yel~^f# zvZL3Gn5#W?QyG|T8yRTbI@%P~2=M6GFx;D(R`F3LtvjT~*XSU3`%qJs8`znQH%B*cH z^N~2qj(nIx5&ml7Qu z3-EJJd2Y(fzUm61LCWH9-a^uN*Hlx%LqFLgKnLX=ka9+(PiP$#l8D%J1=#r?YTGUBAJTS9g=(*F*{nrWbGEejvf7!^P@3GvomL;#e4v+jYAy zm2zEtYnpm)ctMH(VZqji`awtP;$_?|H3y;>%hM+=#PlUwA&@mf#%pF?}g{Gw7%vbTpaiU3k$M#G^4~*n_WdXPJb7`fVfl-}qQW z!VF)7nyYi9FG+QtP05AkaT88WI_TW?o6h$3V)Zkb8_iU2M00X7^1G_Q|A*)UYQwDb zsAH_F`2bgNKA^=B$O zQ1{@5mu-ome?>(!8vw{bEp}-3A_%i4tQU5Z+;bL`ph3Q|s_mVz#dhkva?DyItF>%z zdT2`;fQ&)_i7uAxb>Of(`_Ach@a^(WFCnQ+{H4Uc%5qd%t^@Ao-CNGo+Iog0?!L!M z;As<@=Vs4oRGtA;p@5}{$#ij#;iekSEu84x2C=oN!VT8qpj*|7Jx;n*cO_>$OI`)b zqV}?1`39o?XH&5Mui+h^FiVp2@rxd8GDFd^^gbqd0Xi}w;+rflxju}H?GUh$TOvhy zJi6rlpl$dK2&}Bi6+J#17T6qfMB=VeS87@2%sa zTDSl4J%E5nhzv@%(kLk%BHi7H4Bd@@FbIN*Lx)IrgLJBZ(%m2ksKgM0G?M-{sONY- zpL6Tnd%pMn?#DlTIqbb>_TJC4)_c95^{m+AD)H?BYwTT)BEUXeB@d=61tV7{CCICV z)uo)-KUB4yj6W)B(A^{3oEOP*3r5Sb>qM(F?+~dXDqzXAjOxm3iz*yzYhho2N6UxH zDQN+!?NlzS6RRc*>)}>r@E6P%uT)64HD;!zDXz{n>u4icRs&-U2R@!hHPyz&%3N9 zU0VT3_Hh4hmkjiGh=IYKIGd~HMe}HbtRZ>31pcKr8>qZRUIpLa4q3c9DL5wkK9Doi zbBc-rhxM{h;NohLbFlMm+6+y%PG)u_GXm=c+@*3gychEhk&|NrWv0~`jRkfoLmW0& z?+0xwHC+<3ayd80jZ1yucRX5{b20#k?=?nCMJ+Pgj_;tsbPlW^r3}&61bqY4XW@89 zXj;}k{GqueOq-0q_7volZe(I7@R#^hF5ay;EWp^kMM+_j{qr!R?fkt;`2gwd9IGwQ z=q~~FnF~Ci>;Nsd?Jb*$8t3H@aB-AdH}yJL!dl<0$nO5bC-MkU zI@>Mb`eV5T8rqrna5mV^+s&Ma)!F1j6Dn^m#_OeDJ)vSXA775qBe^PGI0~J^2 z{MQ0>j;s2I8H|EHgj(tc?vW&u<#)_5Q2lTP4zThm%I-ccFSd6h8zx@8Qscc@Idhl? zQ^+cp=t#4CQ|9mmu(s@YnEX=S1t_K*$s8I|$}SvQoa5kC1 za0QUk|L#;neqa!P;gbK~&3+dBBy``{yI&OdzJ_;KBJn;B)?6ofT=_BU!Nysc&+7e@yT#BbMn!_t3>h^NNj9_G(*%ETt^$ z<o-3SC~_u(#=5@9#24lc5aVL)~p5b27b9VY%+_@N))+g!z7$SQIq0Z zAo~>2X%nKIGpGr18D?emW)-b*)twZt*SGi82rMrx6vSVQm~tO9z3hk6U$Uf@C4x1Q zaSeQb$g^Eb3|Xy%a{o+#)=&MO%=3MCUOnwTaz$i#n^t3mMfqExImP2}gN67)TCc7scMh%cQuymHh#sjQaZ*8%7awZR3oQZrEsI=I#jy|%BmF3A8% zy1kVSuD%adf`DJI_9cD3ubM(F%Jor28YNanlb*O6OgjnvWtA@fw}0XHZ->G$i@=xr zBdh*@$VKq;;y>(N`Oh9Y_heahGzRoUFl^w&lcsqkJDW6y;HId!^^*4+fVJXHwM=0d9r0KrQsHj6Emytq zMwe6NM`0gTPq3ulYLO6IDr?gEJH^t*JwJG4n%T!{e z+0xmniKiOhyLWrYJY0u0-_D6O)kDLx7~HrZd7$)^jhk^kbhQ+>K7gY8O(jLY0iC^u zN6|`Qn@$FnlHE2JLY2q$%tJI^ftd=Yz7EruF*>%0j4+c+pTh(H*4c&i1#bI4{|& z=CU&?t-R#Jbwn5!D!49~Ext^Y)BGS( zCP_f*hSy2xf4ezg`pMvY>mZ@6OK!hBv(qbrLtZ3BqSah<(3|uW+r}Qp5dVS48A<77 zwicW+m@Kq!rup{g^K{TiDtdZikDNI72V0(SvAi01pDuY!W=>hCWS-5M(9Kk1)QP~~ zOXz#+>i$+nPQo^rsRhLFuz=|yxbB-g2VIX#1WI+nmObnPX;&pJ=_VxTz_SzJ2DZpr z=Ag*T{N`~jTutlZ;H7Sly1bQ%&}E6j>^GTl3KP#qCJ``lcuQ`(ZWBY@bazy_{kAiF zR9t<^1drNMQa`gT2U( zkI#cTZGCo2^c7)eL~0csTjzCj@E_-&SE9`t0m%1WdwIL=C?k{Ev~F)5w|VoSSVt&9`K}%~DQavo zFyA~5MgF1UZt^BME-9whRDB$}-y9rYeLZP6P%c>d-E7r0l9Ax-R?-z5+6L=l$Zx8R zgmMd6K(^Gt1L@##z#G~N9srMnY0*C~{5d>7h2p0w{6vbM`1sQ*{9iGe-?GJfhU;f3 zuO4E20d7E_=w?==$4)zQAQIDgd*zco4fKx1HogE2@Ga__`=&3NTFlw5!#w>1Y+rCN zhP|Xea%XzX9KU<%x?LY(Z_Gmnb&49{tf$CMR@|-kfBz?IjlvrwfD>)3+VCo8sai}{)x4!PdZa{ z6Q`gAaY|YMX^8$ffFYgh=fVFmAV2zRe-6(77@Xf7kRL}3{7jtA1*k|`bc0#5ahzbG zIWt7x|J{RsyyMNc+`r$zlq^!E%oM|7^E!Ut-REXS`Zu1OFTdI!pmA|@2{_PFQm34e zf8g@zcHAq0#nL>Krj>V2K5K>isXJa@fW3Xn-H-5KO7r?JKr)zO?$i3YPuP4cR7y&L z=dy!(@LLMJDei0yn!ptk9G3S(t_Hs5>)m=8T(5!{QedZhc&AB4!1ra>KeLBQWTN3J zJ`C2DiQlo1+Y9iqLGp3Ukd!~B?os1Cw9*Aaq$4yYsM>lgVZk&8B?v5UCRf}Y28rI`pNP0oVWcA=W~?a-Do8d#NQ zY!lsaAfY6UJ|_L#B3Ry+DrB4}-iZxwXfVT%@gWEH%-f-IWmGf^f=<-A7IyiNDWZ56 zYyWL-ZYTshOoDNeW;WDW6-_xwo05$^)XEh+>bBN2k*-e$%T1HJV`@9VrpP`tG^C8` z#@2iF^qLTXJI1#CMYyMj(Kz&8Guwqb`DA4%%C9mKaco-UZRtayJUkKVp3! zT_s&3qNb)IiesXw#1g`eP^0x@kYPudpFA1b1wC*+KN%-f3a)TB-ZrkW_aS6^FyduZaCW%Mv5#*XIw#ByMMy>zjS_>s zcTjjggq*(#BhDhVIQLaPxP`z}Ia(Pl8-JPz-t>pI2qO}(CcN*2=&dg1O>@5XWu*wZ zXty>F&N%RJ2yeuRSoByXoB6|^R-H;sHdrJ+f?cjxfxLE zRzSI={w8?{S1uWQ?7~`!_7?uQxFEo;`P(%rt!OIb{Y7VYPen6ktz#lXKRGuSi&2Rs z^a)XG1vs~XyfhD2gB_G=G9t!_^_+{8hE66|hcL2}76F5{y$iY^4=vkUaS~dwmv>Fd> zLw&6XTy2U}GDTnKuyE?ERm`pKeMs&Ib;RWH5996SY8cpnP0zzXar&exou)BCPs>*@ zq1T-zZEvDNr{Je}iE0DSsxL%(&S3qT={5!zFlVtcBWQ%zQlQ}$Y)YYLjxmr81uD+t z>o=VxR{QLdi$kYUAWf_P&a)3fCUap0VPwwLTP9ZDHE}A@YW>ofvq5~4Z_q_gv8?4( z>QKgkW20N~d_79Kcf+Nwp@=2?Es0g-3U;GvIMJ#zmG>w;i!gV&7O6vQJp6eVLG{Cy z9^fAH2h=UU105*qLDI(Y6h=M#YW)|vG5rCxoD|Fp-=vajkt*o>S8>$U6@spvxf#<(73L^& zbHV$V_%SLjUZV4gi!}bY0d}?|+Q|mzv(+A30R%BnPU)%wH9@4DAwQ9C&Q66S!&9IG zCGIQAWr6Y?F-5HB@;Gvvn_7Z#F8teX;7g$?N5F`BYqHvHu?uTP>6buT0VxP-p9^nc z4>EC(ID3U1ad4tb_f}HEt7>PHomESjvs#GJ6MqYXUtta$CF``dOfnM^6NhHpyCsNi z&@f<9jGv_h1^QE@s-Pv!N5?Qr5GGV!lksh|aDt`x`UF0iwhPaLNJLC$$+Y4aE<>jB z3KIe2z6^z+>WTKw6C(L~6lA`h0~M7vgy91zj0io}Hs$I(;a*w7>^3;W=rSa-btc46 zP~63BV8Bq6G8*NtFqcdx!?Y4+Vt(?QWR7%lmF)Kt2G5j34jbxuoD-5NKu{qImtp{| zE3~8~oNcV-45(GUdZLtF=T3w!yB+Eb&=EI(v#sO)DCv3@goh2!k$ml^(;LWFGLJoz z$ww$t@C~X4!VBMF4t!;r2%@Z$(^0d* zv{{jrAR|Z~r`xrEjUt#bo(s`!kc^H9Pzu=UJlRszYSs2AwvWURU z6v)sIU$wGgfTTj{V=y`qu<`WYnAfiumH^Am<@s(q|B8K;{SI_eWcWATC96Tp1>){6 z<~0d+BS{Cezd_&|K)=h4&3BjsUzMb-AW4S|MwA7L9I}(BSNAUo75gu?^{)vP$#?S^ zN+Mkc3f$>!TTf*!tD+qD7{;bIdgX5j6PlfqP8a^AO-xX# z4hAzKc%R%YAoP}LHlH-K!+&i`^YpR}%C#}n2(Lj@S&0ipZ}^~+X_qG`QTYm<#%*+( zZ1m2zR%4KgHVB#r^S*L8I1|rtQ@7(c(0W_RN zcLWUx_E+xs`@HfiV1E57n)eb&00%R^sfC;b!2VS;R0_*64~D;k;{VnfkUJWka7XZ~ zjHem}ew7;^ru^_Lo;Lo1r{7KseLV-7-g~Sm!BuIe3Ws^BQ6~yFEOB!z9Z;9CMYDZz z!d6c~oaQTt4-*m?BOr>Ps(vS|zagX=UxAts>ekmZ5$@oVb*ikGSyXMDq0UO`8cHm< zAW;ONnf9ATo|ph*Y=7Pp^A7X{eWkN2D&H`A|Aa~eO4CHGhC6{K0fj+{1@Aj)_)1st zhWfwrk`p#7_??=3XT%8CA9%;#tFymy;_uAl)S7&?7Do!wDzY9XcdJ{3azRaIZ-h#@ zSo?W*U--_LL90RX%N5~`P`cO_&Q&X229&d`snJ#ZvquWD-*g(ZM*lKP@(ZE1rm3~L z9cBsM_|#H>Jd(=Gg3fmJgfkaCrilU#3HaD5ufLv-+v$^To^(<=vA5{8EI}$QVp&qy zzd@SEr{?Rg+aRL#jK?M5S6i_iegUb%6!)pl2=8v`ujfF9jNb}%@S`Q_W-m-J-^AKX zK>jVH`HlH{k0!|;ce~QJK33~H2|qP`VJ50lP)D2+1nLP}`-S8SSzghIob{2=&Y}E7 z0+?8p;FPT4NX@p^ceQpWAg2=P!kg;mjPjQhnT3}&9YRPMq3z5@_<;>%kyEiGstnO? z?QK04!8he9h0&dLIJxIy+UJtHLmhB=?)l#7B}`!}eA;BqbWsSP#CWh=!g{@q%C^NhVJ8pPbe$<* za3s^n*|#BituX~RFKFga%!{-2tUt{~NRw}PgmdehuA`MxW7bjD>P1aeLUmU=bR58L z$d*g?1CJ}VCyJ!fd;PKXGfkH%HilZEi9{6BPq=Z@#MW_gDIOhm1Fi)fK{^is*DEQP z+%n$DJ~&2WdYS(PpqcuPMp-TiQv0H6BS`ti#s$im7G&ml)w(sW(65hI^W>$1=C zm3oT>r-Ji-0)7gr^%k=uiQJN=0ZK$4*<0T)2LY?;F^rN6vAo-Aao$e*Zpl#hv}J`F z9K7`_PL7|BIQ5?FUK!}o3s`#GI7)C1DC~4-x zV(yL6s-iCa1fzZTD>1Fz1Ki2Q7_87l&Q)F!!y(8Uuv{)lx}jmOl`_L)L1YmwL*=lp zx1{w&(fsqUI*~~#Fe;C*i>IC|g0HmF(l|8V`It~1sO0Af&_S* zw`MS5V0R$!V9ddByrjT2K7MgVdZi6bJdS82~2P7!)KPm9O`Z_;YoD(a%+ct5cstglYq z?$upbK*he}*U&`;*}XW?=h`D=Z8WuQ9^KxX+G{T8P9jGZ`W!6sorGg$rCU1&4LIM<75fVJ z&CFgOdNbiY%R+(4a{>$U7p_n4(r1bZ*RyCjjnk37IjhmgN9RKk1sPP)Kiq#Cvvz~x zf}JVxM#~-IhLwb5S=Xe}0q~1sCtvIp7bP7gile2EB6kmc-_|>)t))AY`KGMYx2N+p zY{(UWRTY{p4jyGU;Rp}J-|I+9x#!1#T9H=6`&>$};}x^~a9{=DWO-S~ zOP%|szM$_On8>+YTXD~?mx-E|iW73UoIpWUcc;6{?fxs=vnNFhvxjNQUk>W2Fu32} zlWC((id_^XM{{cBI7?%+)d&b|XjF ze#xHpF)RXB|Gc-X%9=+hjO2gioeBGf^C+8T;`o}NCeyGv1>w&Z3W%-$6{(n7@LHT zZF70z(sr=k=c^?7&_Y#Om=qM} zCsuX>QZGCi*J!6D7Id5*jRO{Q3P_JECJfFoYa<4BDV`!J4%IdHKSth?GV3GibeIUG z`rymY&rI@K-MaJ5itHJD^Mvij=8NO`N;%!eZG^_y?&b#>SSLCdI65C8#iQBHqOxrV ze;xE@@Y9DOqs_E;{()*^eP^E1`_WeF5XvCY?#V_yorJgSN8CPWVH~?6x^PmSI6TatZdASfk;Q+bVTvHBMd?f?!9!E1J{xu zKK|=MLY~f|0HJ!=Eo1UIDL`4FlIN-i^tyV|sk?Wvp7?GVw{7lIvF zw1i+qLd~DXif&&kSxlHEGe^T;lxQh)+<8)2QfYa&{<+7>qA2MA|II)du%vf{(rpF5 zJ9aPv(Z-=In&Lstz%PJ8b@+#Q?!CSwT<@g<-8Ah*{I_}yP_6*CRbeDw3T{!*oXI*_ zNp#r6wSZdow%$R6X25Y7d4?mAa>u4`2fu@-GWsz0TS>%9zZm^mfq;Rbd)-C%%K3|S z4{{24R=!?{KC8aMoGQ6W505jG3d$`I{L(ln!)VMWXBP8^b@SNnWh1M+w6HEFXvD7M|e zb_G16G#w+fT&+1(}MoLoDS;oEFac17-qvJSeBK4K=DnUl8BtG8_;!F2LuoOEQxj^*cq-6NUz}s_?Cwk+;h_A8xXza! z_IBvWGEMuLaYo0p0#UB7u}!=geWxo+Xh@fxNu=HUq)qAj_SNhQS<=egF-xN7bR=A|r5%s7&n-L{Y|B=>thIVO$!}vOpV3k@0X=zk?Uq-8Q z&%Q~oZv-DK%I=Xrq(!WoI*yt?$^fjY<_>nW@mLM@*}waKTKMJzYftmhwL%YRdx93R zHY)f67i5@jt*sg6YRvB|mO39ub5ZI960v5td6T7w)YPgd>%tCSzul$`y;XQ6kzko5 za)~o^Qqo7+TT1M+D;H!$sQbB%%B%!!4htkZBfO216rG}#yZNndv&V<)Rq+CPMf_{N z16CJVQ`^bs5W(dM=cki+mv8`ga;7u27491Y>SkNmXAkqAjI7SpdRY_U_Va2AAA|s0 z%k{W=ugwNTSLR#lN*-?QHC&9Xa**mA`K^yEY-6)mI`;5DaK!?;@ z{%FK`4;K&F?fR02y8K0l(>X>cq;jw!uV8=yr!RtUU;Tc-nb>!@GTeQU({F@Mw`KU@P)1iK6)!`|`)mhN#qD!R9w18zwzcoKPHNLnYs9=}!X7IFod( z)gRswIdT=*#~QW=+szl1?^kW=0t+_JQirHH#S&914_}joegO<*?Fyq0E2B~2?hd_k zIwVIEZ{DE!u2|~XN!^~x)w^RgB`0B-c)zHoZQ<_K@yY}Nd&48US@FaF!&Sjo{ZPpEx#?KlH&TlE@mC^It$>eG! zv4mur`E<0=)xtc`v~cpQoTqe{^!3WcVmYq!(kAN;daEy1YRVN~i(rpTibXxNK+R68 zfq$0H2yxYWY!*bnpvTwxOwnpJHNT?p)td#fdx2aj0HUa;wm!r-#z1P+sH2ltt2jQa2EIs`sN}l+iP=j6c z3vg#>`@{)HGzu{rN(-Fz`N+tCCux6NoI7_>6SYU%*G)j3ikNPP5NFkH6;`T}TtK_kyj|*!dExLi|!(hx4V<90ga6*l?bDp3|(8!u7P#UC(T!ISJ^_B_oJC z4x|S>M~xRE7^NUlYhtq`1uQI(wyKAeyBMF9F|MaeanEgy7d);YI{$KZ-}{VKAFJ_; zirT6t>9)weO@D)802|UQLHPWPUab&Wdk5?8|MF42B=U`(-KIU=DbLAC@RSFmQ$lr)@qj{QUToc4RLEJ=V$AHzf|ilwHFr%od(a&-f#uZyG7?BWV}=Myl6V z;=1VZu87+$u_qu0D(31yf&HPMbst5!|?w+Q3=R4up@=urHOomG23^hU&Sk z?+NEOIeVKY6EnzTm0bILYuGjC9*<@>CkbeKsVQ!D8Fr8f&&bH$2CaIpK?)Wyv%*F@ zu$}Mk5sg=e!J0tnDHqm?Dh1Stao^unR?c)kv-ad zA_|R?aDHI!ITN~_(n0b8x7L8X)&7InfIh~KXQ~{|K_88)s{Dm-T2ri^>PN^FrgphX z-o+(#Kxq^TLC(urP;)Mhs!G230;o649@7RbUXJq$#VsEd@s3P-gY^F#G{(atarhd| z>xElTYM#!mspHjgQ|X}hQM-Km%8>V9bj}%xZTln4k#6NdR*IH()(q;W&TWhB-M7H_ zt6vl9{~e#fBz|t4VFPe){#}Wp$Jf2<=+tif&&K zMSIw+kK3ftk$EN2oGVaEzRZ>S;jv^a;c>sWGgmTfqscL`=I(~qR&F6{mW<*2f6 z#uk8>2oKV&KSY>0gu9APaL==({#Qg}(Iss2t?T6LA z1&ZhFbIFKSp%+U|f4s3NEa9gi+~aT_(rOJKYsRH2mU*ua%6EpTosFBcgl|Uy&YPzGvqFuE%$A5$Rw@ zX6_ri$HFeX`^Zb1gyS-31XLl~!$U6E5Y#oUk%~&=f_`d7-;A6+$3f65)z;3mI7RKT zdJpprbx9KDl1Q}V6Ly2oL45BI?)&1hC$MoEBvh{H1N6cAxbfhfiZcg`L@Gbj23?~P zMHfRQ!l(dD#to&itS?C}oF^)NXP$53V;syK_erhJ^o)E-J7SykVY8d6o}TOn8Dpv2 zeWiYunp0?DUEz6ku0{a;dI~N|>&LZ>@X5E`HcQivoV{~XwMuwWcEvK6tDaWG;!Qz@ zJdGlB0{jqBGPf5r&G{3uV6HMs$v*m(CmJKSUsfFuMwFG` zH<{@}0)Tre~k}i<@c&yW6^r%`C6bx4bieM?cY^u z*LbA#Zdf=4s=s`@tHpWlAiL@&9h&@RucDC9as|&CSDIU}ynnip`R1~MwVYOD&z-RP-5|uV z3*@zB^7>2;?7;uojLh}J$DliI6m}R4ip#M0nMVNpMF8dX(UGumU81HdPzKx^D?}Ke z!uKpQp+5jnv%28Z+?rcs@uYNhI?&iBHV@G;P^rEE{L53Am&KqD3;ff@>nSI3*cBEeSUmG57`#1CgkSJ zq;p<6n0TSVAGA%^-}~5r7Zg3%!|E!jK5l#&H@>3S+CqdU|L%ydaKZp(V8Eq1c$Vb> z)dlv$d_!%j1lvTyhT}Diy*>=Sqbf&_yD|G#rg&3kjBo%ao*r(z^GA7Ol&pNL2p4@Ykf#qg?ynPS zfp0M_8T%1kGQrFdf*MB%+@UsJm(1xN$^nv#KqD{&JHKpuxhoXg$%#%8tPQl0YXd8d zSEIOD*0qH9iIk{?y3*2Xtx&5V&j0}RGZu{>rg{N;9_kPSK-u9d zxSbU;Kp3xB7j^+Yd|r$K`B}lmvpk|Rr63X^fW{)!ZOa-QArf0GdBOlk40E%suCJ;x zM&IV$!^;8pjCLYVb}rz%XDl@I7)Ztk1l*~jl+Thg4WG1+`M3W&+4@%-V&m%u%qAz~ zH!_EFQPgMV7u0unbA0-}ZMon!U^Nx;8u>LZ*FxPO3*%};^R>6xRf@^7Mq=JhBYplv z=u$>GcurOs#a8a;X64s0#}1pF>nIY|HPZ(R-iOIP3N*Z5BGNTH4p=dzfzgxcfH&hJ zNj@>U(-9m?)Oe`fbwd2ar{fez%ysae2AL6=c#zQUhlMW-fbd0W)h`Mf(iYzJ&KKUh|+9rR?yx zheRpD)TkE5Nb5m)XkRLm$y+*`IYAkY*X3p6D)L}6WAKVMt%^6#yW>^yjb!J(V41M|nRAvNq zG!yy0p$j<@p*C=d(R8Yb(1y7Q$tWvrAKV!%Ru{9-&!HrAmTa$XbT=F8{nrMTV;l zMT)~230G*$h?{O=J$4>6xtDTC%au+=zV5Q}lGnAiBg-sI>>C6mv8`+GU>l2~WYC?L zk^y8r!X8=JKJj{#GoOc7%-+SH6JXdgmoOH=#_Jlrb@};)6wrhXdolv|Lai(-D$KMj z!b*)8$2r&sDPmJ_`9H}H544&LNcJ^cKSM4l@{V?|pSySbE^kV596cr+H#yU77X6I2 z2?Zv%zK+g)_J=SmMd|Tt(mTz7qi5Bj-_{pk7jJ_w_1WUb^aIHW|KL){f+XjjgLS5t zoDQL?ba=Gz0uv^sl59d=X|xe0EgEPyd+yvi76jYpCLf)#s(%C@9rxDTD|E#d$39mI zRYyZ&0mO$)A*q=YOM2KJJLiz3j?)w=`^smo;_J#dn^92Lq}ev%DQ;^{H^tJ8`kOL`r0+n9W zCYoNk;ele0oc*^}w!0O)Y|^CytsUv3=wO@olH*YY-9FT5mXx}08WMH7wyVSyYv{P0 z$6O2W8@#8Nq`vOB$&x zf(lAE@+zy7c?&V1K3!L)FsRwJUz8saDVtiq@U9*0p5$dz=8&mFlBKySKL@n+g4okV zafIF-dgU_7A`H<65@3$Yx-LB@ULqE(IMPYBLq_4T+${42;M4-SYx#0IPbU|14@H^h6r_0NqShjjq}O! zXH_+t>G}3LfjcdpULU}&<6u>lf7DS97Usf}wdLK)0#hoWYTwH>K%{hCxm>eVf9(6g z`Y-Tz;qL{NvY7MTomtDxqh!^U2tzU^_;7Ro+ilsOW={jux1r@=fc@1>(n|wikl}UX zeU%dLlc;M|jvIkDa4|A@Rpm%J0(pAyG8s~U0STH8KZzc^LdIWKCP2i$dA;_htr7ho z%V0f*$;XS5&0Am;6wcVoD4ScduBV4o9;kxUm=STz%`HBc*EWDXx1RjUmoDe9S?3~W z!b```>e0VC=8P16Q=0An$CXG@d_DVr5R%`>jr#4OI!Qn zp)2Y(>xauH#4KC#PA)#bdXD~u4J)WJVk9162Pfdks>lOFZWD(Ao1AqC$Y;7?zrYP3^WUODe~lC5b=LPr zy1A_*wibJsz(6-<>3+ld`j_aRx_TK)Zv0uVHa9Jb57Rtc$#h(!ng)AKh?>jbxxlrVph9opaSu z!>2vhy;|vDhY2x9S{E%YYMLa+Mtc!?SrQ#w1!)*ol$BdsJWW%TWuyyL(IC;w>Dtl4 zF7^O!&V#;gEJ?I70{5>1peXnugglvb9RUqle#RhWpL`EmDP6f)+lRPCLcH+SdjH7th+fyFyf{)5o* zPkENqjbRf@bf?d~@6|L+r;%T2xeF2s5t5qAmo6on;|y)d_z`FZQM&&d$K@}N!yi~c zP=ckLzM%^mXCrwRD_T0!Yjm*iyIK4As{H}ju&+=zN)6>c|6NDU=OG(qMX&Ucb6e2H z>}ZJU2Mv`5;zeC`6(@bQx0!?ytqf0RJ&485RU?U)wJg%^WyHJ+DPOW!R?J}kp}pbH zWzIk6T9jgWe1Vvhmm(@HLVHA=z0$#(Q361ZV7#b)fz83&QsI{jMYO2@04L_3w($G* zZiINTg|w2KQ7v$ixL*}R^n$vNalvEao?EI%t`eaP zfVLiJW~KUHwfg_b!GxgNZ_Z34K1Y)CJI0kM|LVfX`R*?HZ~hpLdYGyMqPukLmcurl!{X@R1D$nd6T^k15>4_5O^h$tU; z7Va#6+WSO*v;%KR^xcYM?tVE5I#`6j717Jy&;7rid<CGvngO6W;U`o4}V8+V^eA@ibatu%A zwrY$!dQReRy^mJBckRKkS3BrTN?uR@;ZZN54p=>v?* zLyHX=>Pgy*!Wr}F;QPuLP_7n>h$}v0K?{*E@K=2aCctPh!}>NvXu{id+PLyq4S46g!)012f~aqs`x8B_U)b1vxOAcl)YAAxL=Gl%cyL!gW~{%LqM! zVT2C9$U(?bLCUti?G~p%O^@ex%GrgqAkjaUVySa8hg+M{J$;Q|;qBxJ4+d`iR`~yy zX1uq5=8iYrK6=o4Xx+c~KZug%^IACpw#xRnIMOGt;V|?r`sPUtBTagD-u~VTI*I z@q{eL&qL8a(ikJ1zs@voPc2uDG_?Yo`kvnXpFtN6V5fQkY8ry^!U2rs4``fM@bBk6 z@;t7H>*{fuja&jzM`80_k6`m*vyhHnG}RGvr==K^Q#Sfz$dZdzl33pKM0lm@>;4+b zLYElbErM|JwvB|{V}fI-HqQQ!sj-BS-UYgEE+jA09WShG3*|qp9{Ggi)!Z2E7ildN zfJ|Kg+E1jvl;KdqBfXvOfeS)=KQb-^yp0@<$fS`^V4|Up=KGFYKtc9gsprN0@G=$kr6(ndQk7|b5}%3qDEZA zo={8G6TZ@4*4jn$J=Wc)r+lW{VP-B68{w@00>zb$E(bFNyy3y;p~qZTcggh@#GYMC z1D_>IEB-ay!~Qr=6L9O1n!QtaAcAjl|AjuhvVI62a1k{(EiNP?C4z%k=?3G_@9f!? za@S<|HI>V&Jcfihcw3+v{#BIw3kaC@PvJLlnt_3w&jlTWq1^Ye;rpZJ-#j?XJO}EP zC8YYRkzkLR&`iKmSsL|9wO*pzzVpMjN8Xp7A$6{@lqPgEhvxEun8eZxEYpNGsSWoZ zFQaa8&y~O6gKFccr9J;ZF1a&(q+S?$!%2kJ04MpON}F8s82tGQ5qt^X#hk2s<{TF) z|2Eo8e$W(ZSdW;LJ&g*xX(L81)|hhcFC+B-6ZrlCR4j@qA|=!YCzCoZIq3vpM-B~l z{4U}V;>G0CN^?GGfn&wxvw_{GkqS^Q^@3k$Oi7M-T1wcZkWX{AEjUY z;9A5qPZF@u^-v^~wC=GhqN_{Hj?AY>@-Hq-^aQ&R$A1i`jNsh#0u7^X&5{M^2h5_% z-#0(J4@TMD)xfIHg16nk+ieCsK`)T%wX`4x)Yx_A+f+)btsAYMM=u*(f27BGBPmE} z9=<=^HB5a5s)-=c*zUSvp-gD=ZWcE|8Qqoe+0lbscrQCheDK!O5Aak$Vg@_jr<@Tb zhHBRDP=G;qf~`keA}ygGh2)MsLJt-|qh+Ec_P+P?F?@d>9-B8k=K17slkzm#ezd=Q zqEjF%<~>jD4SxR~sZ3OUD~7a;UmTczj_pOpGfk3w6m$=wjXCrNCkP+8=S>;nMDPrW zyn2q;T9a+WT@ifSM9tFT4aS4p(_>m!C7?|wHrYMy(xJcF(sWNHGbPwaCd>*9jTvb^ z9ZX#Nrr?J(N}BW=lt-R3%Q@@Jch~4sV0#~GJTs`$g8HilKG~%a+<2-sP34k;y~KR$ zhu4();T3&37z*LPz9!`lF9x&~PUFE_!E9yV3n2U8hab?b6@Kbr=|10cPs@_HO{C*q zq69b@5N-aJ{2j3!Yv+RzvgFm!^+N0XfQl-wzy*I1wJ{&p`3>n!>47$?2<^`Dl(nJMiW!hi)ToD+geJn zwc`s=3vU>eIu)0{`7bb42%MPBCO)6F{n1>lm}gUzy4y_hw}0G6EV`sy ze_+rWO?>qBE}k>k0w}=V8q6#-^>0HQZ>a2Db=DW+I*B?t)$K*MTkCTeN6xoqnYuMg z!4_!@BFk~0gF(|u^3Ppv@_OFqjl|2R^ajUPh%U>&|) zpXgk!qE3|-Q@P^8-04dpe>3}F5`J|(1)HC_@C$I?lKuEO@(ApdZ9chh-EGN`=CaCS z<6%xUk-F-DGKP5iQn%f!k$3a74fLNu@Od*DJ?fEW5FdZ7$Z7p<_Ttz8j0aqCixPHQ z^OxOF$jp5WC&it5JyrRv$fwrHkr$J&8M7F@ly}*A zuEmpJ=;(~yvj;Y!uQ?;PDc?&pe6T1goq7GJJYEOaoAOY?nLwQG0#TM~!3(hz%)F!E z!;uT05OYdXhM)>RQ)fuQQ>;o7h}FCkq7k5=@BW~uLvaM*ql2!sB(guONFOH-=wf zcx|el4n8H)=bnOH%Uq&_GjVUTWA?xZ9;{KlHj}qn8R@uXC!))S!7d@gqAE@uq`}lV zL=xi5wY4IvcUI&DDdkgm&Ti2TBP@wKhPFoAgk)oXk?Y(HSyqquMm_V#=_5~h^WTW= ziRKl#Hw8bI9vt4>Lp|p1*JAyk`QZ$hY6s>ro+rzMp3Gx8Yk6m9_2C!+bAmY)oIm*o z1pBK~+AFph69A1}k1R`a6=T>d}q-aH=awf`R z@8|RR{o!HEX6AZd*K2vcp0DSta!Bhn_Z*oB9UopnPenF3T4Y4^i`Lj3`zK7pDEJ$* zKJ%;rx20KEuqC-YaH_4X;Yox%eeB(ysX+29ftjM>WEm#uI%7n0M>4jaWsEP1 zP&`&se?_T%w>NGNxL)1t;X5u992Fz=2~E>5aM5SYGb#jcE53%G6J5NOMC5rzC8ALz zk3643P~czl9x27sJy*tq)59UE6pVHUU9VpoTSz2(5tDC7 zws3W_-5sI|z1d&CgGFg)k^hYHzeoF|kiQj|KIlsfgk*UN3=T>QT2h1=WB2BnAsY+n zwdnkK*(byeO7Y6@VyiPNnhdzuo8L*!Hqdjjrsq{TOhvzk(xfRcv<(@fE~^y0hnsq7 z)UC)}`$H<=;F1-FE9z{P`Ruf%zg{TtjqklKA9V2K|nKxe*c0+Z41j<(KkcO50p zxoev*t-Mz}4r}_9TfvllLS)bqW9+%)_=l3T+z8cN=n8)k%4b(%r_3clN zX&1NG&ZTxKizqL)q@_GQB8SUy`Z`YJ>bq;=Y)xHQ3Tjrk4+?u2M`3q971}lf9g7A9 zEVYf!9eh#Db~YK}76`2FLstVK8$jkb?O@^YPERnjuZ6BO;w{MP_rEF|LSDjq-n~oE zoP9zq#X|a}+YSN4|C3)SkCz-wk9 z#%yPA62l2U11s?o$SfL)S?g-HCuf)a}{?#3tN;y z&JG1pZveWj9V7|DjwgB(a9&vw26C08gx~p+(C~VMVvtTeAn1k~B*NC)YoZ`-NMNt& z)Fd7^WH!ycSKbDr!ZB5oayVnJLwDwCI;v?R53IxQB;mhS+P-%f@RI%!#?=xX0=$6! zs?z05dhHLpT?f_8U+}#Df(8#4PvXwe_6=y8TB2IgB5aN5*&OUi0Spr913Wu2**0BI zJ28SYb+5g4ACc~KGwr&OiC~ax>olzW-QA3I4r&vCEfeci2_qL&r*pOf`m1Grt^xC< znUK*lvC4jmkxBzp1$sL@`w?_&5?;10AYxWH%G1{t<5;}rY}DK3LZ%tWe4kG>{vK_M zk+)F0uz4(n?%9R=Sxrc%1n7&FJ*QNkHwfi@mg5RwW6pz@r-G))jDs_f{vOfv7`oYx z2+QHoY{dvBfleeVw4cWB8|vRP-hbu3!?X-C)8uusH1kG>C!Ld^9Qy}a8Gl@mRXaIx z?D*KyQXt-JyUS)GXh?Ou6l>hds|=>+E{f2&io1d|&KA86+v*0+3HD-RY-a|snu_6G zIVu^jq$D;F5wv_w#M2{o(ek**9c#lieJT~|$pXDR`L8$&@fE$7Qfz1LG~$#ue}R}I zf*m*ex1$D(IksAOT2#;DIwep!uw4v&$$+2(M=IZ@0!Ea~%h~dd0mk(O(x2?}u3Map zj$QCZy~c%*HIgZ-!2Gd#j+hsOFrU{jImylZ3$c)#LF*Tl)gfp0(xzYe#-?gfQv2|b z5}`#3=5I;5Kp+ryTvk$*AeO{WxY;e1Y~DMmw5ONuV4S<)a-|oZKcf{=_l60A_*{gV z2%N7AD{&21KG5xb@G>Kt+njY*G1UxHf_N+4UALCrJIc^4HOy}69=0N80gSp<6=Sh* zG5ox2Xj>+1x=XNeQC0QpBIKSsD_2%zq5A=%4qtGer~2sd3_NzgJ|E8u?a&2m#Z<}JzqHYy;GJ|5VfF z_vdF$NiZ(;dmg!x)RF|Uf3+vajROkWzQQuo%oZ~q4-?#k*W*w;Vgx-sxtRAZnRQco zPha_#PHG@W%}Wp_#l&^9F*7i^H~vQ(zCkDdke&X`w8O5i5m!d$?LER#GueP0`(4x} z+lvk9`Ro2csfl-qqbwIj*p^2}TCny)ULhs-E}UK$EGkYM8+P1wdCripZpEoPU5aRW z<45iEW+IMt=7tZQ9gfJ+=8h$!jC44r*{3`~+C=CP-{gECtjG{{Ir7#VKMRcXIM7RJ zws758lk3cPL)&X2pAyHAo;}9jJS7>Q-9&4w-yeVB9ss0%J*)gbv@XGR#o{@~mln_weVCgW8z4=hnLQW$@*6JWDw<=pRf>j1hE_ft<%#|@e zk`~AqD;~%ZZRE|&zqoOngjINmY3JGf&oni`98@kYS!Omb7;Q38TRhF%z8Ep+N34CT zvV7=|=u4Wg?%-UnY(RJLuI#m=7flO`f86{U2w{nnNh(%rQJFqoYx1Lc?#+(eLnpqd zcX#+@*JX9IE$MXJJOBWZVgz%=R3!X*$hX2$ovkZl`<4yJl86=Od&0TyyTmiqH26j( ze)dM&Vz9jp%lQ`JVP+ATW&o20@?nQh$$~!E4Z2rQQhalh@C*ZV)oPPg-xBu z+nab2DxMO^{1sww>wiA9d8~8K*h^cLpwMY(#RRb`0E7uMI zd%vPQXogS6E67S|NVodF58FjOFOnG+Vh|Z>u}Tc?Ae`*#vJ+AY24b4%>L;XH;L2g* zuI})((oY6uQNkZLw@7oj;D^eh*ezWO4OWUoSZkCQs`5k;&%qI6y z&jV}amW*iT5za#|8WwI`**TigR}+8xms7t!qEouS1-!rbBN`ZZ2vp+Y9XP zP`pZu^$&!^v)LH&NrUewZmDH8@FMKu1=S6knkTt3OxWF*kt|l@doPhqszQj}&17Be zkWXb1oT@S4TWZRsT}gS*cq&72K}ej1aNsxbBLq%d<5H-(|5U#7%3MnE>Xi#c-tAXD z2t>~7dOF&(4z~+tTpml>AnhWXO9?dO*^s(b5lGW~96F6|cSUw?d$rZs*k~K1&tv8e z9LS}w4&=xo#Q67a<4*^hT&Du^`j1sy1(_C}SyLjS<^< zI?~}dkOz@J40|0olE3i>3m->+jfo&HG$TX)!r5R? zhhCbqDWRe&miNhA-n6gUz;Qn~8_hAtyAFy6yvr+^+=_4*9rgW~M8wp6K|F-RPtjW_ zrvpi{jY-5*@U9m~74V{9le>uBxv`E23ON9+)AcOXOui-AovCS7jm-myD~$qTfCnR% z`)g_twaelkB~d`fpdEq9DMhQwcM zXTRM2uQGt_(zX^8u4LN#hWHED^0AkevslYs-x^ z7Wi96s&g;S6tGQI$8|DNd>|2>S7pkg3zU9lETa*s&vomDGw__IJ-tr8B#dp6NlVPp zPm_0Uv0Y(TcgRAK>XfC(_$Uus7@j*WEru44U3k^jG%Pjn{CGetK@#_-;{w z1SViG7Q1u)ZClVeVuCo|73PNa`1Vxmc!FJ;ra8+zj&n2dIj`^dTs(hqPV@sbV;kP! zrXyF%i+?pOB(;kJn3e9CGXD|5mSNhhe5fia7@fp$LwZYeb;XJ`K5oT9eK*0PSp7(# z!f|S*79l?;O&34=}u9zXU>Ki zIlL^OOC?d%^~3q3UC-cGdMT|DBzZ~@daTHvs-6`^A=FFakowT)ck&Z8`%cnX3AnVD z5=$D)Z{`cff^&E2!NOhcG4A;VQXrhLuo&_Ya5H4W5QY2VE|p8o=-OwNEbesf-Ggq;a z8PV26A8T^vh-q0FqK1wa6)6+LdonI9q()3!R2*WhwOHD9g8r)&jCa1uACLU_=3K!D ziC$fQ)mmI`^XslKNm@{y&Qeq#lz4t6buE2Dg?cYk?^9kZz)Kauq^s{gs#cX{x#L_i zch2ECc;Z4#tp*H_Ux&a1tGs|(@0&9Bm(I?tQ_F%GkzMX2qN>^V$+A+#Oi^@AH+Din zKkYzn#nN3NQ$xS}Vf_|x=qq6LUA1$-TK@bm4x<;U_DZA>gNQj;o>OF7^v9|-PZR~u zOmExPX~7;(Fi)xL1UMx17V~h#?MfAc$G?Psy1p8etcmZfv0v1+u0t~nG&g>|#)k=2 zKfBhlvJcbeAPN7%8Xx(c$4NjBn>j$-erqKD?k=*QJYB$D{jM<}d+5@9zeKBTTI9v)I(bI;oDiOYES6^ArMKx%n1dqha5>Iy zw4U~KII-U_-C3G3se2!yKqdkCK#=_W{c$P-ioNC5L<9zDu4F_ojur(O7|AvSgB(^P znIPH0N7UkNCSwJFqRPpCQY^&*XQ`HKb~o?StMbb=3%&ONT+&#I1Z;X{SYf@F8I-qZ z*Ndk~8C0^h_;~_`*aTbfRwk$R65c!s-Y2eG>heqx-D{DYst%acdaS6#32K_?JDs2@ zXJ|+5nOfS|7sxMAa7~mOlKc1IFhij;flOKC3UWuyfp*y|scDJ*g(yapVQPUgE&FQ< zGC5iPM!gyWFKoPx3_HPz;-!t8%I@-`D9pMYj6`#R*f+zLn9Lhb!0|PDC(rwv$zj9e zh5CK-^=og%7-8RaeavWg;BoT&TYL zz4ZDm@(gNWZf;a%mSzkO^sm0-UU$GI z8A?&+gB!9hz9Dic-aa9qaF;Sm_o<^b*)S_k9W6$GH*h`Y0nMQ6J-N&SeXeW~QMk2@ zZqGPlXm)~R<_a^C6n~R^#3b1GIuKXbrSvp1=b~`>n1RtK)LY!QGW{0QgK$*UW@WtS zK`X~D@zgGX$tL>hNw)}xrj^VESvxgXN8Pt3Po_Sf^WGq>bzWW?=%p~3N3*;m0I*O! zSx&k|yQi?a*F2xm;^85Sd00t-xz-R_|F%o&ITB~1^ zlbSVdteIj(afN^@U(2X#eS39_y6Msf`MC($+wFT_AQ){!;njV-&Abt@Pq(dOjar=) z7pyu)1|@$fm&KYNRTP)Ew!Mg2#PL+e=x)^Co`cie9kUF(8=fEpRMPTv(y!a%xOC;7 zB#DxM?QZf&y{Q^Igv)INu6tg`z%l?37mS`yx^!Uc-F0HnZotBTUOR%9s<}U7xu1UH zhllzd^Y>RD``MWJJo7G6gHkl^71y=`PSj7zNkr-o%E_%`ng4=gs0^agM!>8Xds{VH zEj)2W81H_Zty1|$yJOAAU`F&7YztT}-B|31l!}+*$!IQ&)q%%cj3@XE(SSTAS=mI_ zyos+j!uCy+d57#@vG(r@k6Jn6hf&9G<}gARCR1mq9xWt4E_=Xa=zrP0vPvoixdE#m!Q4X*)G1ERJc(SY z*>{IbW#&gCh;OA{UBmlK2c6VLzi7qrzw|hVIH?QwnXK4MGv-6Sz&$)zs9t}C2dn$B zPv7}>WDSZUG+E*fnhcq5C*F=1W!z^h+}L$j(^6v3j_J>Fv;0VNi~_GKB+4cbvNkIj z+-Af6)=sjTv(i&fdQX2(yylcoGiD1cU|EJ_aNsrOx=bO<`&V;^Mus)7?zu91>_RiM zQ3`k>uP#($6NX1F`eJzClbSVURId0N+@!1dVQ_2aOJ*RG-b9v!rkr-wP4=>~*}9E>n4qpp8N z6%;z$22O~%*^Zi!tC6Ge9;3EdGPSR6xWcejgY)t0>~BlwSD4CZjKtL|N=-1iv6s2)oA0K z_vh@#wM;4b8XB^m?15}}pLq2zJxILOJBYbUL#GRb&g8QSL{wE2ve_ZEN0N{wfjuX2 z=pbIkyRn6bJ)8f8af#n-WC|gW4x3=`bntI*~NF?24+ z1mirIlYQ?T(%(e!ZGNaPxHQu4ZflYfwUf0o9&-!d8sw>u$ zaoD=}KIaZzdH^;MWWKoFu)m{Q|1qDw^an!6?f!tnZ=g=17~HSkFFsd$a)Z0|sb3Wd zAH}=0iKk}3TY>8OLDrs(`U07P!uI^r%o5wVI$2~dwQ{s%W~O9{>X<|qJb$m1i(h1q z`rzP^fNbghC!e&SV&L}kl4w%3)?~#n{_xFwF_5z{_rVhqoF$!V^2~sr_>R%kGu>YVfA#YyTneZxgNKnW7ZOk5FqTI{tBFu)otHn zkJ$_Ol*G6R?WqhLNABE+^-)9rHOP8OM%%x}}W>XtMdBiIzTqn<-hBi!STNI6twVQBIvmiUjvh~JO_nyXd`|Pu%=R4L}idPjZ zY@-8!ZL8pqJ|H<&5cq zEVs9FLw%{z)8~9fyB-Ah4zAn2-~EBLrBFYpTPU!D0~r>(PNi$hdQo_zw(^*2*OJel zH0#gbH;~+ENw*J1BKKM1Vs6;81rlBBJ{u(qM{4|+=4jcc)y#D#;lEL>dg5YrE+oFRt ze?oHR*zLgTB>!G*^@H=Hriv<)x$slj!twHx8a$@!7#PS7K)BTo&prWPiS#tm&t1pk zdc-BJ)zamD7xP+TXKX z?I22EN+NzUq+1j?dhMwmlaCx^;i!;hoBQVDh|8ALXJ`q1#y;g!<^s|~6H0HjU_IR+ z;pu-7yoCI5(dTe0{GZg^2#X^e;01=^GHkt}hC}2WD_Q%G1M=f;z#ccxWX;fea>|*U zm@6>B`yl@2tM-tWcraSe-n#W^*nMBzesiAkp`rnwO@bDJjir4)i6G*VE(KiWnh9;_ zo79vip}-v8&^Vh4k(`vzc6VcFBn0eX9*n9(n%S{@?We1;>|W}x6gO9Q`+4LY8dm6y zQ01^ZQQ!dEPrbI8-=^=M+yGV=kv9jJ@K&7Rw*fuyiqrTk4PNJoWqkD-<&@%kY6B|QCBuG$ia3_(c`j=BchSI zR@`~q1zejB>KJa?3m_DGu!QD2GbH)=3xo>et#(~yW19&1SRok!WwAxQpiPY>0#8|*>E zv*p6iw+VH9SQ%|!2U56;`buLSp>rs!FIXKH2;gidHx+7^+>gvabdv2`43h|? zRG;2slmiuVmfh}ecbk_1E{8kgXSsNAl+-p;e>`p{xDvP_zZ5Tkxl^#HZIef+pw~jm zf|Ov#>ryTY8a&ANSqi#0_5>c0MVr@gFh*|X>3w^)%p~JWP`J5<_)2hASU{|iB<|O# zsRDh!AfWH}P6-U;_2)aP>W`m>7o({A@cT!>wDi`@24ad=@Z!7w@m}pe{`@Y3AOh#oj-!Cfe>kEd>p>XLkF7T#G-Hob-8ADAC6}P1 zpn06n*=M@&iK2L3WFggcx^pd$SqzI@&{vA&a!SF%Rcj-MZp5)^`OIuGG5SC?f7PeL zYbPYfbsw3z5iMO%58bOP6ONkcRZ1^9qA?g2{F~*ii50Ih&@7$CE>VM$e5UlE7;F-)G2Fs+1`OD70&NVMgW?aX z$_eYX?AJyyzCfnB@}~EYx;Vvx#N?)6zuy7HA-mKy?7aki;x$HWY{7ol&zQu8u_%aj zw|e5xE+WTEHIJ}G@Fq9H*GO=i$mOW$WpW3Q?Wc35tf)HDa{zy=o5od2a`U!VE0xO zs;K+O$b)R-f_f*czWQ|mZOSc}hEV~tx)(pK&u^4#(;6I~!&^_)*_5{dXd z{JfMCZz@$SHP=Izsek}ISdFc2Ak+%5E03D}4GVR%)NWn-{Zs^KfgZ!`awE(EPTUEY z2d{$9V0X_IT*GvO(tW}zXq=&3&3&5Can>=yNJ)CdUgQigF5eR1KaS8Oe;|9Qzt@jbsQ`jcLN z8I_+(SvaZwQChE~PaYiDZ03dnw5K=*Bs%=dtlX`5$cLk37sI6mH!tMo$LI&0Gf)t1 z7VIf&1sM$OK_K;C`T3~|BC8sMNMu-Ao}`%XjZ?tc{3-Gnk#vY*eCs&(AAO#6fy`TH zImHk@56}W?&($tXP+cI`lel(G4HK}dEaHGV$i&zlW=kH~kNB{xJ*~b$v1C<%b2404 zP0f1qc&lOwg%nLd_zoqUVs1l?Xul?NG8<5{cw{COt1AFkC2E73q~{Se*V-g|^)RxG=HpDe9B9XGn6O zbFjwpp+`?w(l|RBLf3W`^=auNq^DwKK;K*bWZkF7FGdl;El|0{p0YhFH?~>z3kywa zG|2fA^SF(3dzO)PyFO2&1#EeSt(b}mv+zWk=TZJvi<+rLGzrb5Z}~OYX39Pr8;pF! z+##oKtZ(Xl<-65aLDPCu5=Xx^k#4pr>jD7Xd)g~ENegQL13 zUdtHcU3V|iE{exfF2Qxlua(0*8?FW#3Q@kshQ6P^x7`k7+@=%i zDDEx&+yn5jh!23Y19Lkz_kx^zqf zQBuBlx+caFohiKTj@VqRE-el0KTk+U0Mm2Sbv`$Zx-{Lua$y%cF!HAbC){vn>3|j6 zeu2yas`;42Av+IxjfKc&p@SehTOauXSxuGv91MzrTZp~6Zhaw|z>JJaX_MpSmm9F? zzc$D!Xm>=v_!`<4Bqb4B)$=|zDY{;}leqW}p*g)EZQ_=0k;Z4r$8%2M9+LYJ2y~eY z9?L(iNkUt(RW2Vuiuy0=TGn|tNZENZ57)7O&mdp_At3wwa5ld;Z={)75~GgD`Yi_CS~;Df7-&D>% zyta0lv*`O%yI0o8MhED!=UoSQJGoD;C>t^| z`j?@A%(pfST$VlZg7LLPf9f1}$`AQ@j4vbK#@l(&G|lTqDazvT;v2>#@h^}ExfV`&VyD-|n)b(@?I@p&7r$k_a@IdM07a=xfj^` zND9Ructgd#6xta(g#5ToRH4?$`Y>F#x~5@FP152^NPE^Znk&TD%*3tvRU;%p2fq8$39M0KN#pIsim zj=BIU_v=qmIo}puQKKbktQLeE#k0I+c(99pPy*dA+Q;n5B@0azHJnj>M!TZ->ACl8 zCP+$ttQR-J&=RrU1R!7V7+uB>j8daQwyMAXCgCE|hmQg;>vJCS*8(8vYHrFa?*>M^ z>{2_cdzCK}-paF?G=b83)I1MqSA(5D-(&uS#`xNG0+!s0k00ofsgwKB;371{fU5%I zzC60Pj$k(AGS6zSe)F-rY}Z$8NSk*gxU-8AtYFX273?TkzRMqYT~~PZvs%V%zc=3= z%dyq8_a{DpIVR5O@kOEt5Zv| z{M@Uf@gzy7y^PwJWL7)lGeZW*=@6d|HikK2_CMLNZ&Q$npS!Jl{~^G5JE3SdM58z7 zAFg21KY2@YZ02f)I*gz`!2dwsgFWKs`LHT24xT^;@{*f~<9PT;2NnJabnbskTQPu= ze`2AQeQK2w(f#UOCQr$+RzOY^PnL6NoA2#*UT9J|De0))mTS0XPH$nm6F?(^P}@m!d$P2c@=k&KZX|^zO09B#K|FzpG_yY z+1xJO5|f0PN&6yM3;!oNjFolHh%-$x*Wpk)gZ2SS_Z!i-P41r!*wic7?!V}sZm2T{ zkHM+ZtFZm-?xi;__rVSYM-398_3Vz}?J@3B!#&>XN^Xqq&UbAd^ICh*1Oi7+EB9UzpTg*7Fx) z5|AUJIPmVv>_N<^>|_yDa_l5h1b1RF1Q3h*xAF%; z1-XKyy0ZKB%0p)w<%GrFPh_2)<9qKqS4!Rrg^)}k8nY+ZGjl=>JfLHsRBh43lZbG{}tuVzOp_`m62X}bc`&&;!N3u8QBqz!ujbxAJW z%fwrU^~Yipr#%#GIm3azLDG?$N5o9WmQ1jFb#-qx5%lk*d<}kc+|0<9j#79fZQ=Fj zfil0Xn~6|Rf_7a<8$V@+Zt`UgIbfnW6B^4~3y4`x^@o=3N6+u{mQhEMrL%=+in%>_ zv8nfLM^&PvOs|?MG?TktR9udAg=(d7c8*Bvku>mdVt|Z)Wj%>-u-wcpfb`rzXyRw(j9DFeMe!r};|kdV1Zotx@o{j42Zm^Q2T#ipKmYjqe)^5c=yWCTxUPHczUQNvsV#2$zt;%Q<-y_LNrqRmuA2xKznz#$gxI`Kh?z zfucvou-X7N1oUG{?d)^^T;3DIY}@MWSvkD&>fQ|GlsrqzeKmO&N+#kXI-txddi{T2 z*YclizWGt*_$SW?#oI{FgW@gTZ0BY!b7khu*)ds0!+MgW530<`l)LmaE=d8!ZjRed z`&QNYwsp~a1`$)6j>VpMUm$urYSO>(#s18H`cI!D>R8ikdqtqEk$*D_m%iw-l=1Bk z?n;6BM^j72rmj4VAD$I*NBMsj{ryU-`;DOC-^dp`oR|Dh-ag!GaL@w(jmyG~by4Jy z%4EjR879hqX$JC7R`|cMhJcp9_$>3*XmBZJXL469sd?hspu}8K$5 zg$&LM@)0jSWE48-5(*;RO*LMfm4~)d>X(F!1v)2tH@?z$lmN&6Z|!gShxa?2r2l$M z!(aH%*x!`0E`?Icq|+xtHQzqd!)g7ukxMO?EEjf>s z%bAaXHI_;O|LyOee`MKnIe_ohYQw64Q}X*U;S({E=b^H5!l(k&a`3EFBZL6XRTx(cN)mwcj2*of#7%U3nC^H_oJX6gT6p| zn=pW~^Iq*b(RA@A?oYx~x28UP@`?39>Il(kXeuIi?HrrVam4CtAbqT@dq(*1ITH1h zl~HH5;9JtKM(TV9&eagqmGz(GA@AWs*d3+c@mOC@lzZ$wHsLb0e`?YG9UHzGbV~rh& zzVND;=K;X4#KUTG?tRq&o6Ea&qNuOGpu zm`y-o<%r*ScHYm+Hk|Zs{b%ef9$9B=zNxi-gM@f|Xaa`_CAZ3n;n#K@FG?mU>YP7x z+dAV8Qm_s=_};UVgav~hIyI}zQ{&beg>*rFucttlZic))QIT6@nfN9*77v*OkzC_6 zy37PORK$U6XQBXT&6!%!2VYepCTaZwNhWw(+#NB|&)3$&!teX~g94tSxC6#|CD`sE zDAbR1aJq+n%#SO|jy8l)N0?)o=Z-B0^Llk&Gt0Oh+DV>AH2<; z$Td`E8XURCH#tO+B|K&}<(bj0cja1V&2#=4Z#G4hW#n;z5*AxpLjebpMdfzEtMfB* z<7ZJ_IK>AGH4YYPSdu!aa1Ngi_9PQ|CojF^$inqg{x~PNI)yT^;enaGLmCaIq_*)0 z(xzsTJ+C?z7T1N@z;>kXg`R#qGH2k<)nx+ zgc-?X7yq`+{!i2i7hpf;wEfDDJ^52rxgRGkQlIKj=87bu&r&h0rn`jW0EZM1i1`3JDZdq4boC|JxmRH%`gxsByj*}`K!N+mp z!L3G}6)7evyY%`)2!aw)D6Uk7%FWYjja8uPGEQuw$Vw`|H_ux;-h_n6OUlWrcISI^=aA;%&>Pf$b2t@lO|C%TuZ|@d5+RWpl=R{hXrbW(XX6l#uPYX6v^Y5vk zAd0FhY|DA1JazXw<(0RcGnY5PPI-^x^Q<=vp$REh%a)@O) zsYOA(LT|p7^|yW-2TMaO|vXnj#lv*GW$(NXecSxP`4~x zO<~RfznQM*h0|5jh(&uwk}**Hz89F~=xJdtQWkbes3Nf$bQ%wi%r31RZBp#QNX9~t z;%X5KqZDuoZ5Eh_WzoW}BP^PMV!q2~XOa{v72qtm9+{dGBOl=JtBkI7_Lq-sOCaU} z!b%MkalSC%(+;s6vWR-1s?<$0Zd~05XyP5Su?1v#4 zW5aj)9?ob?F;=0tVxm%E34+Z+!~jJY=cUT+3SSp9dss(16+T3YWf(X!(VvRxj%<6j zPi5P(wlz5qj1Y8qmgprJRnc^Vw9@KzKrOx&y$7@hLqX$orUBZ#mhBFanQ zt<=r*4}CAqi3|Vv3h*CRbvOP=4)nud{N_1`FTW^kG5v;T^uM)0@>fDN$0ElGrY(eH zX!C%$dMq+-rF%@%@v>00q~016woTw{Og(&@gIlhMILU|tEtOVyvvRLHvxCq+^Uall zoy{ct)Q8UJOpWZ1aRYMv1a*CvwdbXA=HF7v&B^`>c2s z05V%(R~KT6I&qbEJ&6EbnD@Mr{=~kiOrO+Mn(0xbD z;}LaaezL8XO0nhDIG05XH&#~)z2&KcvIzE(c-3Vaqe>sMM*>fE8#Y?g-)-N8{lJco}utDv~q6^B#@qLJ?OC}ibiMsrpR3GLJb}|Jnyfc*|wqNYR zJjpy=4}T5wq{<07*rKxRXJ#=HREXW#eafU)r8nbUm`tW+j6=1JQL*mYW0ufC$NYN5 z`%r&af#%(sHIC~Cg#I;42u}``N+FjxWvYY(L6GycWyOV#9`i1#;plhr6G#LAtHX?I zK0^2L;WnUvLn~mLhS(*7Nat1-UoA1WW1xlBK_@lMWL~hl(I`!lkAyy3Ow>%z(QM^O zvhIRBg+~4hLp;IZD-=c(^2m$!+=m&2O1T$J2CAlS5{cZ)L1+tN$Id8 z9lb5O(>#<4V`;9{Wgt^ zxe_6$re<;}q34oTMDwxTtz2p6vZ*1O#FG&cu=*-5{|fT09jh4#6+lNjkq|R0y*0vT z2YPDB1kV889d;MGLJ$C0-C@RKUzbMbd8LJ|6*Xaq1}QP5X+7z90`1UeV)s?@-E~!G z$*8=`%UG`y&28(Ts9u7RMaSd_F0vx(^)a;kTF!1?+RHbQT0vEKcG$f`Ye~oT-ou3@ z!>8Feg5OcSD&Ne_yEsByS>zZ_EP{3*S<8ZrpD$f=lUTP8E}L{6=!t(m*iIDR&`?_+ zd9U6BRJej6qRARs(w4n#flKN>Wo8ghODYx?m%drQ7$^Iw>;wr=t)=V+I|}Xl1@gf( zxe$Dd>4Ci(FeF#)g}7DrpissA(Rb(XoU`AzT**3st#gMYkR09u!)26p2`BMiVQ z$cQt~j46k#&2Z6E+4s`Y+yQZfq;h31M&A1fWylVO3eSy>DA zBZE(@PnKN5eHVl^2jhPUcs|W%NVf4Xz9L5}D)aIlyI$L8k+Ej0*W_k76?Cc2Xr?pY zz26IodEUD}j`njp^#ziR*pgpMB9x_Vy&Co@dB=ZKdAcl$k`#j`?E0wef?dtm}IX9cng`i#^^v+(RBxMrK70^XEIYeKb`& z&Don1oQ4R*fyDH#qYlyEN4@$3n3x&%L$UGVPo<%MZ)VNxU2#kb_5KJNquTAs9Fl7G zc@ci!ZbW4-@C{{RjLmHxsW^5j*DJ~)0idn#7Lksv?Puf4n)giu7m79kyxmlIR1!0j2>3laVhBxENn5xgq)molnz20- zea`o<@~Nkjn=~GEo8MI_ajm;`-6T^&RLtcCMYCYvBCD9y;>#(qGsDCh0el!0EUCc; z=ZRxV22rX+q1w#A7;C1n*FBeek&<+co(a2bBfI|#WQ~0oF~EV2&R>N7BFUFT_^f60 z90AVtPpHP9$B~DDk>m^ zoC9f%jSmy6y)D&g%J`PV>wp2SP#E3cD1E-~e4F3Pa{m<=bcO{XS5{f>Hxqp^6t=KU z2h;47H5KHh%)MqOPvyX|9SiB|O)3OYUqkEVfbayoaTGkyk^l1Tfk>S<{sOM#3Z4$2 z5x7?g`$@4M&pD+DkML>(0abaqG?Hog{@jUs7pswqryJ{5f)ELoSKYX+#WakSy5t!(Kr7AlFl&;cu~`Q!`|!RC2chm`8wc|2-ww?-?uH{?bo4=2Up<^%MQ zV-uN+Omsa#R^2W>+myWr^k=EB^k-&Bp>|_Djw{!~2^r4Z?S0J(_t|3G?R}tZlb_g^ z1&P&O)6l*e<>XG?=qZ^oIT(3eKzAvj6T{;Qf5B__&|t#6T!}x?_G9iB2yw*3hZ?0i zSRVUn$&!$r^qPtz5@xhVr-(uIF;eB85dX~aMTOHdby&49OyMnLne{0PR-34xTds6i z7!Rd(7AseK$s^%7l9!v%;DR$0p6bjTd^17?I6OSI%Dqbs_k*crg2|g{^*<>rz}C)! z?;x}&4>&GicfUYZC?PpkPM<7JYLjxFNYZx}oJhh9#$Y@z?jzph1C^LHqJTNX(>!Jo z$5-bCat&`Au@S?tpYIe2T_;}a~@o-LrYhr70~cu!dr6HCg+ z=rVgbG7vHRf}h{C!meh>uO$ zNWe}@r!=;^@eDH=mD>B^4bXw(ErMHJT|QuQfg?+l{Jb5z@T#RvCFilEVh1?1>a{0V zXixM6Vrj(mW>#O2!*eXCD2D867IlPYq6$)H4|35{Wev8wfhFgWM{v`TK(cspTEEJ7 zC;`b@)y^9*P3&NV3&XkxiBPtmZa~U+K7~+(JLB?5GGDNKj>@0dvm}-9qG5xxILR3$7Hj@ejs}?)mQLTpxSS%AIL*qutUb3#&oZ4b9CAYMVO}&}^6IaZ0 zHA4M%?#oaCn^iCY!9uIr#)(tHu;hAz#}~*$jH-tQGWJH`%sZ10puS>{E)+R4BvZ)l zcH|;9`G`*?h-+GV=n;j(gXNu(VXza3%#6enwFWziRTCVg)Mn^QyVhwXpHE9)tB*WV zPm^R6)P?Iw@OJPfJi%Dau%4*y8up^Xdkw9U0>R6bsi7BD*0`Fs`$K_so`QaXVDk`# zq664!MldPf7pm{E=)k*|Q4F77AFo{uT~y<_R=mp3w>m{w)zF4 zr~rhqkgAoHK`qC$i8-;FcDS*w13#ScP(04#oYpGv!`twLiiVA5?M*gt3C0+*EGr(n zMvtmyvj?l6F=Q9=(*~w=iVSZLpn6HM5WN%mb4iLLpLXH*2X!74o5L@XEBiOKCu(nI zYi^B{e1UkCntXw%fFqbVEkdrT7;Q}{)rGEeFPLsx&)pZElr4EMq*qrWA~$2w2|_j1 zWzx0^m0$?r_>)YbW3|tTOncPtR!f|oxq|C5}M^WXodq4~%UbeZXw?$p2V zHx6^!luxWCc!MzJ0s_dcQnv^$1D+;OKKow%fe`}F_#iMW@#X&V85r><(4)d1&j@z5I$fq4(n#qRY~kYKUww*S5#oMtV;ydxP>ua*g8t&f)$cl6Nfl)` zrD!H@EsKJj@Yq~7+%?gXEy$mbj?N*$eU16JwIUmX`u*EE46Cf65<~soJl{>#-)*9P ziunC!;~W3IRsFq{{vWsx$Km_j7-oUPgIT>PrBc~$>HqBW z{{8`Ye;Kg*A6>&gUWY@L=Z7Qx7x#VFPzlk%Q54Jw3)EW6K4}yCezwMBElt72MRj+# zFQ;>R{@GRgzx%u_-BHhA)e@Uw`vEc+@Bc-bX@8+j=O5^i|IvFK z_&O_#v!-L0eFpeCz>F+5)E~?=SNu60ocTxLoVzymzZn?*4|pM<-7V9xzHEJAX=pl( zf0nOvTLE|QXQXj(aEiEn`RO6iE6bLa#ze~70=^oXIGAyJmdQ-F@ z9(d#EG22M&wY=Q|SDR9oRhudA$xQV8@Iz5vmoqQ5WTCq(M;AA5sH~f}b#oF2rsvbH_T5?4@e$hfhXCX$e+6fz^J?`wi%lT(aE6P~6 zT$miA8y(xNy2Tlo8sEMKE37cESL~b4vOg%=;|;Vc|8jbBHs$&Q`Nvj9mbE2<_p{ z?FfxC^qg1igf5A*V=E5XuAOb`SaD3Kw!HpBw-M_ipy_>I(EmUFCe&NbteJi0W%w-h zT)TjK6s)6^>G}W1-gn1EnPh7>NfZ$TL5ZT|APAB{Xpsz(GYx{|oP&VSqN31}5kx?8 zPD&OKK_!S}Xo3V2IV%z*wO@5N;OyMlFneeA?!Djs;ct4VdMloK&QqsO)xr5|{QeB{ zAG4GCJG9{6LBZjj+O`8>(>}y!&$PI!zRyzoR`izR=3jf%L;?LA)bGb2>_yLCfBHx7 zW-KY*6p!hN?AS{70Ymk9?~Ww%LzzqhuWrSYL~Dn5E4c6@^d}VcJggZXO(KMdAX4r) z@N>c-7h#d4qIs}Woeo4W%)@6?W?;J#)z`oXBy3 zk~h)C6QUFy=)aLUnR>7Em%fh|m}L#8^SMVotN2vosXAV-Oq6%p8$p`UhUF3%^ES4C zlZxs0PG4*G)#@3LCAoJ7=|@0I0AVzG$%HT0D%t#)xd$9>j7x9`5rMWv85;}dy%8h_ zsSfDWho%{(sRYs2(^}$PlOIe*(O+y5H8He8H}?pA`-MuRLrPkX;zjjHW|6Lv%pvw6 zcAU>L98-8J3*~8z_;&0PLiaq#-v+0_&t&M32*{C#^V_2zc z^4$=gvmuplhD5rg<-CCkYt^ffo=}2aqB`76~kb$G$O`j!y;;w_0VrKOTQZxLKfGjPlkM9U_V#)|}tP34C=Kq?Prc74bN z-%mrd_ETBWe>^?M<=8nl=7Jjjs4JLa2-*pDo}#Nl7ZZNAM*5~LrsI;LS0M zVY2rs)19Fv;a8>$;arm5E8^r7p+Djs+fZL-f{5!Boplzbi=>L=vhRV^*}CILl+ZG- z?-gK?z>diyL2m*4;Eu_o#TS>Qot#(3A!fn0SB*mC8wr0eW~Po%_V@WF-PQo9LXGHD zFSMi@upuylucoJ~#(SDC2`kpj-n?%|G)e>RK4$)U`BLP#BzCfo;N_|DGCZX2s*tB| zyihqb!Zu@r5t-=g>Ead+Cl+i`W)9!@fz+;Nqh$uNC%etQG|bQLvW_sBj!PV)MGJyr zotMuejP$y8QRFx{MoWZY{!VTreZn#7X~5k~p0tavFk*WeJ;V6!O&lY%77^x(EbV+k zgANR7m;uC<^VI%!WSqL=g6QY?DC$m$Fw9^b+0T?`(0{^@4o3qslObm9!rTou(MWAWN~S-b$N08p5JwLcB#Au;Vc^8E$&TS|pn` z9&gj~g~K?N1a=l~L^CVbNC$!<-U`dP5eQ>e*7g3Ib zf$6GpJhNjkM&^^T@{E~Aa;}2xHPJ)q`>DN{X)INvU_L^^zhFBz*E)sQ%%6ZQB7BM( zW+$Z9-P?LmgT7Sg$T}9a&Uj*BbUkALc3T2Bv+%5cL=-XANErc{m^~+t2j#f z?S%EC6twIES$nV;Rw`feH(?aVJeebeENOhG&!YM+>+m9g(OPr`3Z41M*Djg^T)(JA z&LrBh2luD5ZNRAInNC^EI>SH3durwNjdwuiR#h0x#u-T^R{B;4b$(#RlMR0x>&u8O~q)0C@f6MJmgh)Nmi0h<10?X!%Rset?nxs8EuhQcu1H<>61U3;%7Q>}wA`(ar|y!m6i#Kqjr* zL|Y71Fc`LE8dfQ88ey(kme0EWQ!R5~)iOv$pi?o+8b5rV=Arvdj;IbS#$vgFeLUGZ zKe~X6AvDV%6@wP%+~tLClqGp)SF|5S!Gvi04q@04VJk*+1Fh_iYcAS^g+Tjw%AHcQ zy3AvaVl?ih!wNM?xc($aq{GyORWKKLOhVzDhriM8<#$Z`4 zL~&1h2>w(Y>u8?Dw68r56bCID&7tioSaywkvvfALviaRU?Z$t2ym7?BfzCQDPq?^? zAG1a=iV9ae*wV42QkB2EhozBE=p8K~HI_u-s?3+QcVU~f&%m+dYLA8sp7lI3bplPU zax{O`3p z1b(gxvoFOA11XvSDqxDhC{hfGxjO|x88~A$6KHJ8638(lopDd!3>Wu*ziHhk^F<)oo=>)+|=2vjK(FQL=dB%gkabuhW4Z1tVLS^&t{*3DDWd7UN#-f zu9?aehX~{E88%c&OBop?aRE&Q8Gn5o&|vlSly8gyL_gBk{l*QODOxZ zZY@m9eHok6j++ue_~q=FD{l#r+`lE!A*NuKc-pj6Odao=oQ;e=l93okgQcA8sfQ8S zk_|4HAB)H)p^Gn*JaW>{*^wQBq~Zao`OT_>WMzgjAlizK_>Og_@cj}X4+X3qF_Wo8 z@LJPz%ppQbgLL$t1?eJXImQ?#BHT3(GN2_uWbso-mE1F^mdt+oC33LxeQe9xTF@D}b`WHTSw6F3vA)Cj(8 z7E6G{2v}uAzo&+I+>Z(M6g(@-F&VWoPPLAn;*9Xa>EaniCzfpXGJvbWU?d4Ba^mE% z1H7O9i(aWAkwNDUR<(Gb@CrZCw6h-0=qzIwDdRabQ?AwW@0m^7D@XX{o% zY?Q&pQjuo9ONVSaE{HJRiJ@xt?-2SI6rkpaA67TWybW4lEX4ap0Adx|$8?L`eKOR# zNN_PVs;Xup#U0y$;zTM78VeU$k{czVYnbN$@gLv)S@ZpanrBKm69mU{x-|QfFdIlT+Bd^o7p`{{bt|3tHVdAYKs-Y663MyAi2-@z%|k~ z>NSPvN;Ch!O$LDe66NH4-bOJ?c6zc=N+Nrm{;jHeFWNFLfUiql)BXHfu$*N3ots*9 z-f4j-FZ9fkF%wf;u*EomB~xArn*hO>Xdm*Y!7>sFb8ZvM?6v{FSsBwlM|f!5@G<_HlfvQVq| zgGBUf_hK_>%43U0>(+F88|s}`XpNi49L8c?e1RPY=++VtqA9qU|B6ueDJ*mG#VGt} zx#;3|hh&*u<&Te0HDCxz@W>^Tb}o#<$5d}YO@SV{q0ixGEBS8P-W|q8UBeOzv<8V* z=+yzF0yO_KtvS^pw0hQ{wK=*O6yPu|Dq*L{q^Rd`n-R@r66rJ=g_?Pf@%}9Tpa-Ci zs6Fy@iKK%%_r))`k)%R2x`s|0oOkF}pt%vAXtsaCF_hH@46i{qBXOT%$&;g*5p@S< zB(?=;cRK2Y+>?^aHyP0lVG;%O3Gr7b7$6`r=+TgKm)YZJ-FRhkcIV5a>f1;53D6|1 z1vM^sVgSv50FBeQZ-ciPi0Lav8$0ZAEbs&*pn?PtAlNe8siac`n`KE8Yk&e_2pYPN znc)HI#-&9n_!NkUOxSxZi$WT&X0@7CJzm{D4Nn~2EM26XxW31axZ&a6GX|lhzgwmPaAaX$)px(QrtOh@&!$ofRApEJe@ozUqXWDNg0y5V-OIAH1qGe5C6)Yh;Z)#r9XLl zj7NOnYG?QBmytr>A`F5do~)_cmN`4?5vVQn8xTP}XJRW`7)w_1X%hC{BmfsU?JEcm zX?JbEx_M4Rp|Dt(1ON2rxV==g!+ZWWW7tTIJb#ca3B~DEP|Cg|PlkW4R8DiLD%D*P zS~=Tup0xh52C2lj$4Negm*WH=0*f7^cB*12>yAR;oJq&!e(CbU6Scj%@b&U|)@{G2r9DP{fg@FA!(&>A{t^kor*l=D(mR(w2nBbIpUSuJh_~b1###b4>QxCnZ_G< zr07`x_B1v|+oh8LNB(Xsk6%9mvj6x82QWOIjlN8&7p)>$Lf@xds}OmzDmczPA~xRR z^!L;w@Jh#kF9t;L8)ruh)jKG@hFmj!>r19-YEBuvP-8r=SYGtJ;p7<$uIVS0AUb=G z!eLWtRjCOwWsJ|=u|Lm`Si=VmZu!;>Vak`tREUgZx?4Alj=Rp--yQTAafG&RO9uGA zYwfxM5A*JSbNxwH)eh+oh-Kf{Y!g0~bND8%5pC%LwK z@7MZFZ5A8Q@6aRj1L7I(9${pj(AHU~B*EPT|pc0!a^RV>E1@vwOilao>|;TOtATd|V-VTpQ9Q%BpHXU}7ctV3U40O8%1!z&UQLfB#%+A4Y4y51^6 zyx9AZwje|wgn$g2xP9YfduQsyIUV`pOGQT= ztvFUUURW@-iCEGlZTq|HqfX;32*cH8>>dXp*AoO*M!vi^rCxnAe~HGr@svjXsEUp5 zDUoB~_BB+erb76nQ+J5>r`QlCNYs#LvDcEqWVyUw9^0c}780)~PYmn)HaxmEPHiF} z!?lAn1G@{2;_HE7InfGlsJ42p6-#t{7+SinAC%-rD-`{5^m{nyY41!ls{z+fr`Cr?p&oXt1MArkaY|d@Nu36Ud_z$Lr+&blm@y~lLtOh#&8F{+$`nm z&Fcwkvh{%CT(;JHKkZ4T5V#%5U5Q17n6$CC@zbUl}nhk8J5Lg}+8r zJ04X|J#4n!aRiUPwd-54Vf!#kSyo4TcTG(Epa^s~V6+$S32LYU)g^YblaSVLX|*`u z2So4L^S&|5Dx2{bT88Kghec)=HIyB~(gfmesoXN2zE0gh#cW<7Hm_ZgC==enKXo%T z)MMm>gea=Kp^7AX*eb&AZQ#ZdU6KcDR!pOtJZE`a`_uX{^GJm?I!wxJmh2vXkF$RiJ)I<%QGo`>z4op;Rpe zr#IIrq7~O^XL(rhn|Mv)i5Iz=Ne7bG2O~!>#<2*swQ)_~U87pd88I^QPg~?!Uxr+W zoskcC@u1ExQ|YU(ki8*bKV{E;%1p2i)uafmjK@ zo^rgsi`8BI#(k=fVv0ut@IRs+%<3D=E)0A$6IpqYMD%Q?^lVr&2*s-JvYIou2_HLAH=I=vov2&3;T|HLZq^g`>B>>%?6_=kl(E_Oh3j|lZlU&tk&&(l zNx>Lrl?J*1PeBTZj!sFL;zi_L-Z3`{EAW0i-BQ&xPanZrSoX&|OB2Ly684Ucj?vN= z8Uwq&5>W5V`GV*VcV9ImC0-AKE|7jH@KDFo6bSQbPLofiqNE%6VgxB`E+$lIph-YL z!r89{dR<1`pUI#YDq8&56+^?iR1022`kbA9^KAJ0_mo@|Hi0!k5WKafBaY5ARO2C( zuv{VtR6|SS5~XZdbeE#5& ztt^S$gvPgSE9T5Toqaodl%Md-+;a9*q9^8-T$|C-w8DAnDh3dCq6~-^MY%eG z?YY89_yv89L}V^&)^)Ski`8TX@S00Z5q8lCh#k5T9BmKqHsTYO*rX>@%0&FWvH1P@ z>^MTX#;L>}Ep~!-jmF5;#>DHKF>eoQk1Px4mEx#Oy7tgS(xi-7|WK8)tMHdrFWFhXnwlw$F?|4_aGY5%{ z7emh)3;qvmMgEoBp8wSKKW9?VdGoSKKl9A#a-6FLYSzwf+MTtCRZ*rV-2-=9yVzdbGSsE85pz#UO9}d=~Ag-kWDKD@o4cURjzJogXN4Fi}Eq;O8@6#mUAm z|7*eh{>Cjn=nw2gbxzv&fF7qW)=q0o60QjVYFd@KR&{i0sMI05-7`>{n1$hoJG&9v z>(J)%+*IOuKaTNQVfT)y%8vMvs?h0ya&Qj`eS44wgSlDgO`$q22&DAizSrA@en)o= z{q(n88R55auE)=(`*J9)eqo*3dy?UAbn=hA*7%?L{xhDxQwHve46v*Wrsm}rJ#{@y zZtX4Fb+!B#X4HLi>fiq_>5txjNz7=gOQq+m3(%Ljff1&YZtZFcu)+M*>xqBlRmcC7 z^`CM6BV<5|;+78ic?fci*tJl(#Fq&D%Fyq=eoXo=3eiqnY#kc<(Ha_Skb5Q2Qvd75 zw=MLW=zoCv{Qsy7oX2oa?pisfmUdP5MMO`bBWziE4ceRayw1|O4Ca3JW7NpVyrJ6| z7Y+K~16_xDo2n9TpCd8h{-Ts-t?!k!y+zqXp<&A54_R82;|fH1EbZ5;M1}}gvyV)o z`goT%C7>Tg^Z5nZa_gfuy6{%=LzP3t*Tp!wh;)#SdR?}{I7n+~S`k5=wC#GvkekFV zr;#7|r=eQeYpF=*QyqGTb5dt_^6i!L2Hb5u+q?uu4}F@l*U~dm`qOKUa$hCohciM~TX#hB3YVNtP7E8-x0GzTOWza= zuxg@=@pg3?Wb7SUl<1mQSE>n0*lad_eQ^Wj!H#?HQLU_c@~5zS!%X7(Hv^JFk(H_| zh8fkZqOCi2J|5K;o@v7k{Cq_MOCDNPj74E<@x3-L?8R z1)<^(sl3JPZcR=qP^VG5h7w!XNwP$l>pWO86%{7j+c+G-^#m6rY~H%?#%()~ptG7)>vAp)c{|=8)i+p0$ zG0a6Sx>UrYd-U%6qHy1}<%E&UaWhL=0?HJ)m*WFwxPOfwQD*m?B6U*R8)~kU+1`W* zja*~ngokeBCl@(Aspi+xdv%k?ECX^RBrB3PSf{UeJ3l{6_>CfusVVbb=%;(qKOnd{ zZCQwk-uGaBbbpGM&WX0&>}z8yzVHTjt+pDbhq_@(Tr@sQY&Alai%&^%W(VSz{mtI? z3di63n)61lOrUrvDE|;wEgR)EnA_bo>Ou((t2dFA=4_LvlXTu(g~4>=CU3hC1@7d! z_Tb&CNf5{_6rc(FyqW)rVwD~mt77XZ*6GMo?bLh^;_^)}w@|#GHh$TVJ=_=aVnS!0 zeJPT!+93}3Pa{-?^iBlDwmMDPa1U$G@eR()W)?}*yxmpx^|zCdM_ruQ0YN#qr(ynr zmKVoGPUo;DT%GBC9$=M4d5^|U*nawm5MH-M#H5y?v1(bOaxttVt%2@hhaDH=+?)@O zWUKwlC3shs)cKJGSFYAN#h24eYiXA#`F#-`wRJX&J)gIG-6Zm>tB|o5KL|(iS3xJ# zGe(u@VL}DsYBh1w@JDFp$``ilr?}mZT=1V1kz7-g2cfmWi`Mh<+%eBK9Ugb&v!|!F z|N6lF|HuF5EGn&eh5x8av}>S9n@oXK>I_u}1ia+-yEnUpdtsZ|({o4dj>8luB0Img zYEz%_>n51v;@UPmzc~)w{i-nBcsMJW<0if074<_El$S>|s%qfe!dzsLbmmM*oh{58 z0)OxW0C*QGtVw*Is5NKhw;w3a->u(q{|Qd;f9V@yV-wMP^a0MZIMxa+tJgwTR!5tZG{bI2eJ)a}@>2SkntFUpn9Tk|E1WB#+m(nhEnE z_)MLx>mpA#y{Q#9qEWd!N=)tNfvT|TZ5@vsH4>U7RkL$kS`y|SdkbQ)Q~!WK#|mm9 zc6?gD!}+dkGp9Ij>&ksl-R0Be`DD8|%-p~o{-Q;YyC5B=7jkmH@BQaD(I=8i1F?lF z1T~G{S={^Pbx^HrBdGqUs=oRw>It>@{S$f#b944Fj`l$#FQKXxhAYFLMQ*f(c)RgF z9~ZRq6TkCJ_~gB~Im!B~91-R|Zdt|5)OeE&sQk>{iu)>D2H`O%DF$#V)}8-;zgnca zVY{Q@@I>h8Q}p?zhI8r>oNPF1;8o?dGR1e<#mZ$WM*Abq{tUdgTnGjG zGqHa2p+ZjWN~ktBjg>8PUv;byyfp0x#BaymZs@l2>Gz59E4k+7;EeQS>3BWUd_sEV zR_wEtPo{bo!GJq;T^`HIdNr}s&vXRo*!2yiQ)MvVr9ynyXT;;)YKNGgeF#sqg$tQ$ zRLsyf&4pD~U0)-|1)&Y%67f4R-{CabJ$6C}0|vL;wNAqB9}uNlKdV6k%iu-NSsg=e zT^&AA95wu}yQ2B```pr3N2`caoXbte@h8=?{q1><#vIG+t|BIZY<+=qj#N~^Y-CKQ zt0l9`mIPYjCf;P?n;lu(Nar>#4m?F$(e3%1m0Pgut61C)U(2j=CfT|d{RUjhFdpIv zVy)>;IZbtH$0k2C1N>a7X!0%J0HCyVN+s(g*3su_p6p+%IEbmwJ#*GB%h0eFt1ge>NE%;@RgulCN z|BGww(VKVorKF$2bQs)~2vA0l4{F}=(GVf>LqErx5Iv$6_kKc2pAzrugjSF7s4rJ- zh(w_tf7!^JlTt{(aL!W?)k|JJSiUlz48K}o1_U%|bXe%9Cna@7ea%^?cuu_J54{QY z1>LsAPozBM$zif*W?G=}Id-Dk#MjqMCUu>;iNBoFFr{ebpY4sN^+_H}tvz$Qp~aL_ zOZT#-?v*Tpx^J(-C>l8ENY#3y94Af%TRk#(N#~w2sS0zH8`*H-wOs7m>Q7W=3zv3v z8OfB8$WI&_b%NE#{(wyJqu{kLos@M&$q(y=VJ{wUnPt}9vK>Eq)bY%89>d$TcS9it z<*XS1o7@5z+I5ZIq2Aux9pAOrh50a-ZA;4S=3nr&FpCyfTjjIo5nqw4&N&%PXA!*_ z13T_GKGJ7{(s}6SZ5MTCPH1`)#E3unL9^<#(K({&@RWffgLeWKsHYu!8TtflikBoP z$KJ;2(}a%H?0o2~$cd)P7?Tv5rVH)oDxf}n&D~+dr0$Z#vXj1lQG>=1d@a|@ca%Q4 zilw%Wuh4Zk+{nUpXtg2t{lI2ag3lLTMZ6tE@=9YnS*p0fA;NBtT*p20B zps@n|<@o*OrvU5GV?%0rz&GtdP-;{KcWhBdd6wd7gZbrI%^^cY`}+1XOWBiZ+3dzMdS~@4Zkl~7Zk<{eDSHrb1GTd$Tb4_wXE3b1mNd=C?>=u7R`O~7d zC}CRB1|E+R^xNe*c~#-T?oHBD!|<-v`bWT};k=nC90 z%?o3)uI?hPCl?^kwqH{g$x^bWff2*|gJb(LT_A`xZ~4$QtECO2OcI@|gVOxc74&x+ zKL2Bs|Ib0izgh-vap1pU#-q-gW0nndP=%xt{u9SgID78f1wL-)7LzB67vslsv=FU# zmA^0LJQE6)8M!_xGRy~yZle2Iej&7gn9Sg{vL~(PoC~2;Ezqu)j&18q?|e_$p0%r3 zd^I+s=2GxfQe;bnp||J<#0tF74|PX*yz$UyIwMdjc4+Kr%0tP|@wC8k;mn_LhK7U3 z^=SNBk9$g^PQuOBN}UJ>_{CjL-{1YT+yC@dnoH7enN{m_`}hm^R)3n&?#7Nk6hsud z@;EfVHOs@uSlOLmWh=?^2V`D1%kAqANTEq?ae8nq;z80AmvjVY*sX)z9%sW`BP|Id755U{Dk?IF#?CG zOAxk~QJ^|1v4CR1QA2@5&ek^Jw+=^+cL_&P$56M}rS0bYfLsCL#!(dp^?+fUuTchS zuy*>E*}kKv2aMS!B0%U{gkg!c!15a5?)XlSNj{8LYK-+2f<0S(Pb1+Fe>=={fh@@@ zA3AJ~@$i@X>BIbUI}o1d%DChWA%>51!XzGp8wYtq9xpd+9QXJB}w| zH)%FoKR>ejVUEi#>1vQxjNJkdF{{A8&jVViG9AXBvaNu%tzSQ^1^0xTd@ay@=w_s# z(LhE0`QZhA9ka10pdPgZ{?W5acC{O4BU{QumJ@>Q>{NvqI`d87Eo}h|Z}UNvNjK|r z`HDi}`3UwRlGJ~4d~l+naiP0jp#$FQ@joER@F#%aKQV&m#_aYP^#d8^>}Zrg=DzXa>*^24y%oxC zJ*fW=2!q;p_*pIPQ2QMg;3GG19;v5c^c+5aYK|*6i`>SOh$DiL?SpB(mb!oC2=H!B zE2yrGhQ;OPo}3!15!tz(H-q0d1V;W4Wmq1($OOdoaTpNFLRG-WP!$)3-d4S`8dM?N z3jP5ZV|ZJgFq;ZO)i7*lY-)x)KK2eg8=~tGZ+LI#MgVSZ|DrTX5{jd3&sO~!8uD0k zw?|o_-a~UB$K`-gtJgIi*+_zmnLe+CHbV{d*dBSG>rv5@r@nl6Jx7ZjJ^wjyuxD$T zdRDI$V$oj|j(`&pan>4- zaJ+Q=?!J>pFj)d3M|Iwhz?815N3D5K`rYd?U*lVw?H;b1!Ec~+a%5Sfc#h1yU0?q^ zrgS?gsUM)NKv6nCj6eXGmk2128eK~98T^)gzt+r!F5seut2@smf+K%soL%blXkRYX zLC+5M3}?^EDT3>t=>>w5rAen4?g^wgR)9ErGw@fjJr~=m?GPcX2(@Po+unJ$590sg z^D92&d=E|Q4eu?+y=(p|+c*r1vjNjWp`l`>O>G9*0Jo&nche!RQ|G7E44B~0UcR^| zKr{oi)1}`=1%%?~`^!&HkIkL09R2};uR=d5eRfm!GE6Vv9xJ0GWQbtsEX1X}#<+G<(h=a-j4sr@5P>5JV z!r!IxD9Y+?TUKqf%xf{1v~Ex_q@{n>RI>v2_EN9?R3-x+QV-9N`a(P@VVE)A>c1&P zO@9n`ulry&a01Z_iu*g9Ggk~z^^4!FOD-Voaa}Ac)Vnt6QUka?FpUcL!p7KNok^crBeOU*Nn<3|u5y$%aEpUbjtCC00 zVr=V_aT|r^A>s=;Ov7=Hq(F!9g&F3Ue?UA21&z5|wnCs|f*sllQ%`CH_f$#&+m(5? zPrLSpNnV0kUw}g648#3*QZ4B+`pu0WiQ*1a%nWYRKj9O=@GlDfB&SkZczt_wdR7bR z2e!;~;8Y^>-$zgXqZ3=bz5IO({(6&WhARbx5sb*$fkx)VH4CE1vFb!~?t32JtAHXD zWsFjA=Sy{qggc$rTeB?AvV`kTq!=m<+*cXr7ybxs&OvomwZJ=5xVSZAc=H=iU1$i< zikk7&xqts;$d#zaZ^gC{U0Ef^M9Q-7>LlT52S&%)WLw&-_k67{djcs?q76WxiF^U1ZDdMs37sl;9sT>ky4pd0KQ&f*bd_iJ5JQI=Iv|W3SUnjvQsTiJ&DSC0F+&x{QoX_ON$2f?-E3Pd6A7ZsljtQ+ zV=LhGhN&+L#E%-*SnrhYK#LRvW)2f_Z$^A6;DyOM*Ir}u65H0vt$j=}TftT01Roy* z8d0#*Vrx*|9cZlORl$y)vwCARUKa{A-mIKH1TE4_UNY$9uka^a%dfC{KcIX&>Q(rf zupf1vVitu?dX<)1l}TOPR?3&`7mtrHoaKaz-6(uw&O~kSU`gxtqG9FWc5pcSWqotm zbXD}&(_PZboJ4vyv1}(jJ#_tpUPj%>p38{Hve6BB>>AtOqq?^bAaMQw?#+~JAsTYy zrUjjYdn>D9e&%EM=|~%NM6ILEA42ch-7SW_YZVy{&{+efCd0ZT&$E`&A5+%U_}8qp z`K$1)&IE5B(b_~{T0?IfRdx2vwr*X~M*NNHXHG2xrISIQ{KKJJYn03jS1dkv79+AO zMH3{7HXhzy*0b04k{vUqSZ+PpaytE~o4>u+{{F<8yVLFiSw(iVxx>~#nAL3k+=qEX z9eZoXaelaH1ax9-Ll5As63_cvQxEEpTIrR|k0EpVeawAY3^it?b##RR&2ma*9HW`H z7hxy8?`lmdZ`3jvws=^Wh4acAUQ&vb$JbPCY*sxtmz(<;enBt>X_Z-|+6{E!-ff3G zZ`TR=mEEb2@GxAbw+oj2pI@)AwS)M2g|;lwx?^Wsvppw}-LO`1N7dVTtA&XU;}4P^ z5m45iPQi^xIR`&KsU{?p^BtYOrPtKgBL>CjOv1?qPr?$L^CnUr>19Fx>|Hfw^=b%*-* zCIk0*)nf*lJ1BIGcblOu_jZ@R6w#Ipa<~;sMWR6@*kA15}7o?$e&C z#xoueL}hFo|estz63 zv9jQl$`8oZ4@-ax!?edsvKa0Z`2Y~;T18cK=}GVZ>_oP?b8aULWAVgpKo{6{xuK-< zh83rL@^v8~{i(gElbi1MusY#gY4~$^WD!wU9~>#X-Lgs4 zT>zt}Kv7V}cm}wc-~Q_SrQp;zs!v08CK0deu4%WfUMSFb;z@E&e==MxFS~ym#>D%L zS>)=_oV||#;rBQ;9+^yDsKzPL;4))$V zc}sheURk$lB8qN$=EJyQ#arFQJIxA}!rJ3s7FExu6>)~mG|!prE!pC@>*O9o6E{h& z=WE)2$#nQwd5Nv+y9P7ogAs2z2@0KB1@h0A!xbRbh}-zZ3y6w7X>+o0^RoYn;ndym=mMsxfCK}|=IT<#-d3%-4m z<{p{BX)ofK?rjc!crp#+Q;K0-6{T#ClzN%Bn8T|;TQVn+t4YUMks&6=j!zcV-D5~^ z1-3vX0kMw_#U5@oZRt8%a(8m3oDj~bfn7(E7=;swhdtx8^#$pABr1boH?7t)j;(J#PV$Lt(GPeRUiV!ZKivV#mYXMoGfHpmfwd zDV=`)j2Zou(%6Z%G^l=@H4qk_W;yc%@}mCLL-l9C-Q_U+J%H`j+y~*lv0`VN?$edD zN|q1TI$C`To1Qc=G3t92W6r~>4!zY2v(naV zcOftvHBn^Mg~r0Q6#ZPMUNmhNY$ar9aL`q7n#gdo*uaL$Q!n1LOHR&yQWW%*E)S|{ z`xZdIr=*}WMVK=a#wgM&HnOk&w+e9VyMV_%nKa;$< zl;m?U&(vy8M+S4Q_2V-t%il>26RNjcuas4#f8nSy%U6p%A~@0K`nX_*vxuD_7%$r1 zkY3bvU?XXxSf)h`$4Vh+RCIF2$fEAqp;qbiIRR?^s>}?5zKyf zLS9%4oGXV}kHYF|9i60R?CQA6FUQ;$tKqE3ysJ+cq49Euv%}7d&C`uGVvQVLW1mnQ zH@+*AvXn5D&+I-pMpI*LfL`AHG1;CmUr-fAV4u|c9a!%ug6vG?sHgj-W=7?sMgDF`fGt*Q6oai-OlAb0+ zox+1o6TzQe@eG*L43PBK1>2RarJkRg} zW9tq&7O%T+y(!Zlez?{D1LD2a7uTfw{mSrx@kWo|Sb$-U32YGIoErRTwJcx**co$F z9gzNr1|6EZTzE^%N6s*d4H4_F{P`v|9JZ&H5QfO5Gu0r6_ZH36eCGbIIcB%PF>+bz zIN4Bd!Cv%ZnAdSjRwvq>~k2H*&q#nBa26GtLGGlZkhq4>j z4cS@|{FP5H=2q-eXB!F^1uq39Rzu&G+ohKaWzot2vCPn{K;m8xMxA|A>{U}UwWQVd zc<{sKHw~~>BQ#+gLPqB^T@2GvI|sk(gZI}D zlotpC#jgwOw!H=6Ewa!c3PFZ7JV0W?t_@6Opi<$_p;3imAx`cC-|u_5_^j-F@brOx zGKN5ii8}kV4;$3Rp)T(=5KVS;Xdcl#Fum|b{EIzL<=XkRqo|El!4QKs_wf9UuiT{w-WM=j0soHRG8` zh<*@Vj4?CWVe`XK26z1dju)TYdwhzv7=z>_E+g0r#BfV04&#c%`U;yAIrJ+}9&>m< z#28~pjnum@y7l2{WZg5u{3KlhyVP7T zSPnGWl?k_7hMgFBW&ME736S`i{>wM>c?m3M?{9pV;nGdg4eAMteFcn6LR_N_Y{5^y zl1OcUdCZ@7>a%nd%GqGgCab5fKT25q=*)cpo%D*bYfRH-jQGvry65-L4UVVF{VTgeyjqw7Fh78B7&KVs#; zve<#PEJlxx=X_53-OU8?f#X?zDcKY@1+D_By8_*9X?OOCbiMb6F zArI>b=M6mTyqPb+YVK*eM!i|o7fh-W<;=`VtGmX!?Lw*}Qcw|-EzDCdZP;&bo}Kty z0~p2&O|q;8;xL>r5iHQSoW_o$wAZ+(=`8iC@``Gn*d%gy`-Y-!^dow>N%CDwfnoH~ zwLKMZh+t#qM%AaC{M0$lv4fvnSTnhf;HX?smn?OT4%hmKll(?7!$7&U!{gX?A+rVa za*2C?UQGRQO-h!O;jo>{N&s$|VOjXm1YJQ05rhs$S(Y+ynBopDug{@41Z0}$+6pVX zm?wkM9r8@xkKwYmb9NUZ)+l2QBs!@J6f<(eHkzO8emo}Yc|Hb@cfQ+SMc(XPrHMnt zKq_+Rj?5Y}$^=!@Q%90>-fc<(R(88HacaAuH9xj0hxP3Fv51wz&lRG1%_{;x@Q{l{ zok+7|R1Z9_lJ=I{79-{~nx*Cy(=BNW=qem%yW+vsdk@sz?4N6+3G*&$o<_+7j%T&e zgXg4AL?81M&=GW-CNV#u7U8iS@86TsTsf0nmhS(V5ZN7j@9;_iNqVY%f#=-#m+4Jy zZn#6;5$9CE+<5LzJ=73{9DAW=#zj;-W}Fzx7|K39ubt1lCTgcBYW(x8U?3n71-`)S zqbf@J)IQ1lhGFzg^NX4OJ~80%X*f{$n7=UP-dd5J>(BsZix$3+j^ zl)^=8`h0?cv!>K$@wdD0q(KWLXrkZ z#bX?!#Sc3-paV6W(?GF~e*))tyiZDq{MWY7nbls@YZ%M2BkrjeIx6ql{eaZ&+FO-W zoL?&d2%N)xzv#=Oiase+I&?#RrP!**28xsimM86WYiTcVfk5Xm>q+48%fN6mU(j!# zFJcczw83Ft@A)x`io8*&eUs>*;{GqB!X!9;DDR9$pJ>~2U4hOM_5qcq?Inacf8a5sOthW_80!NQxH%+(tONq!gqY- zb2f}>@VnAlza9_5pkLmNz>^|Xg(U00s@4Zpj8%;ed&bK|a70xAFS6BXF;7o=C?#Ind75$QfGfaEYQb14eek{3XgTyAr~!J3gZ?C zSc}+(4piEoQh~m>HdjATnb%^j1U-!2ji#v^n=dSx3o6zF=|[Bw9{NT%$a*%@=bZRmRBRfcwEMj= z{Q%~&&7W|kXm0w6zF=F_0u*zoeS_I$-%eO;N4f@_dY(fcdz7bh((-~$O9vo`skkMc zOxu$TfIS%w7dk2gtf_&HXTzw`Tb`N1X6~5TUHiwyciX4lK^dmC=-YFh4AT)@(z&3; z7!N25>~Uvty2+a3s$d%ueNZNFaM-C2{Ahr2%zFzloI@YRzQbbQ^?eO`w2C%2v zzRp{Bv1i$alqo=?Q@Rip? zUO@A@s6%85SAq)cnvx?LP0&(Sh?cSrWXWXCKuG~i%lTQomI2_KB6B+ju%J`Hzujme zl~8T^tWs-EF+U-Gv!_mqAy&Agu>P*)ptL1Gk34XYE;e0|S|VDh<^Xb==}|B@3sCHSxa@MZTz@ zcbbEK1+E#mltG&P!AU;GXiN2;JI0;}LzfvQxGtB&=(SN4(ypjo_8I{mZf(0!Ok8#oH{ z=QOH`dEx($y7vxis$H{(!G>Z%n$kf)S_GtbA|PElNq|t4CWIzc1tB(2BOL+h3WOGd z(g}#z=)HtqRC*Dm_q^YOg6}&sXU?2C-^`rr_XijIy2#Gn?ERE`t$W?;X7Z*Zf8yl1 zlSF#p>k|m{{O7iE-#%RBEUF%QId&ywtt~r=Ms)!?H6M=fEE$`wo2>6$U1`QV0KEZbPBPrfOXiU5z4owp-1Gl+= zXhKn78=)uhK(GBnsh&Pxz83!bncVsd>18pTJ&@v3n+$1OG$<_=kD+P!7Gu#1Rf^Aa z6H4>RkRBoPwjqgoMB=z3iGx$KieHiG6`|74p0`M`T(1Ih+hD1)KBZ1B9s?gwEBG#R zbgkW_RY#xD=!FkNtVpN6o5^JUmirfy>-@;x>UNh@{E9l zc~k-MH2x2=xI2Pr?{x#*ZirPoB4pes2WD`TiGi)WL!K6_G!}tshLLxMK42h}NF1*5 zft!O*&Kil39^IIvO6!A}j7NTxg)OBtsjamx;coU6aN&zz3H46ScG7KVtj@H|+L&S9 zMV>SqIze*%_9h|{ty1mSXW^g6IvK=rF}>XYce8;Q=K;*eQGcCFzxiW?(r;4vN{Ps; zAJKpbGue&qe`}wgY3>DPkR+f=4|}xPqq+wUGSui-&;7yz9@A?*yJA6V{h7aL02R}z zo`~ z_-&v;N}pW=Uuy2uflG`M&3e2E5Y3reo3O2cckez@*D2^N=jOCr8OO^_J>k?7Rn;@H zP_UV9i=41&yP;T|52JHblSJ_E29~>uh~FTAUUaab^poRs0a-IONl5(*lD-ildeQsy zg9zm6nn6oiqLe#{?&~I#L2_blu`1oeyP~%aG-i->lgSFNM8N8t_EuJF zgKUafOYT^UR$)bfU?0y`;IgHT7rpWaT9yDCZ}d1~<`)}{-6!Wtf#~ghFBs{4Yi(uUqGyYaYfOz8HD+O(s+FQ14m z%|`!y^(tC%vK@;LS<>1&^`PTzCB)RhM~!zom(10gR9iffz>3e}WD}JBoOcrO$e% zya2JZDHB3e%E*Yv#taVU`boxuWG8j&7n63ijyf*OjB-1D49F7Gr9Mt$brrNmL1$~X z(l)z?_K!MaYNFrLDgrD5atF0q`kasScSq*^;(oVM_bIUrPxEiywg)ac#V2!}z*6as zXg%RdE}t>)Oh3-0hJNh6LSJZJkPkochPnsK~GCelwz`EuDxsXe|FBG|4fG6tG+ ztC7JH9!6f!*iA~uoPT1|wFIA^51vH*c(9TKOH2Y|V8WMHiS!n__Gl?DhL8pAsRe-0 zyQA|7c9)JecvBuZ^o)aos}gD75ves-scQWPnWNqgaR*&fB*^RZxUr1vK`1}3hmC=h zty%7nrWjMznl4nfBWpZZn_0~d!^A@DR2M)I!UZLQcaymzhz+8M!w{GWPOC#*o zU8vhM_K;xbnUR``ahL!dMgglHQ!Hmx24e+Hxt-@H*`txW%>@bX@&dkk$|tlQe8EN( zwTE4|v!?9tj6EF#8s*6!*&9eZS;>m44Xa}KxdfZ|`^i(>vc{4v_k6D`D6}P0Gu7ex!N>869hVwK& z-hXCEuKNPaH)Y0U_+7n?VSauOlSHYSWHI?>tePXnbPta(Tnl$Z$(+|f z_$5*v*=`B=Dni%HFh#{4B1!usJPc$QG%p01GN}x9l{~gByClZ~ibahc-FEPT{Rx>u zuRS+M7oek2K9!-?zxnMX#PXVP$_e+ftNu>s3AK7()yC-z%#t$Yd=i9Md=mkEd_ybz zW7b6R3d2plINw(k(ATQbH)1@tIJ4%!e*}|U;&O9W5 zJjt%b`))H^(Yn0MMb2Rv?$7pxzvi?0HtKl719zTzj4Wjyxiy`Kj{SJ=Sd!XExm&;9 z`44Ar965DFU`XYVGD8ehx5_LY&ni+`EV2ilI=ZU5g*ys&MJdMXar?YbHj3{TEd&!p z`3T;}2vj!V4}skF}Svx zyXs=yj6+WM8o%tOlsnwXs91bONtIq}e)^grCctx3zgIG{LQL3pN$8ZUa08SQ*Nq|A z9E-dr7em0uhY}<@ltbEr;UNw_T2djQmc`3` zqIl|Wb-AT#Aq`T8j8dathHF%++9$=;9`k6J)KOJE(cV%KzN79AWbde(y#mqO_c$O! zWjH<1V>|IP0_rJK7IpKI^nr{kExB{KN=RAMS01!cSVR6@?z=KPM(*#u5YBN<#nMQ9d%PFPmIUJO-V3!epVYf zzyspZH$LvXn)(Ucy#Cw3t>AnYk0v9TIX_pGTTOzGfT6))Pij7TZ$m)}c)Zxe(3Yi1 z2nOyaF#j6S{40*>Eg9vfK0UNi$f>@Jc`TVprhjni-$@zv38KIE`?o&|h72O%oM(Oe zgcSMZP%CEgF_HvU^?j)jDBoorXhB1`yr58-365&YQ=d~qy1KE%o{N6 z1R47`pg2Y@x5`F{2pa+KH;a548Fcn|sZ2fBhJN?QOy2KWLt63O?q@TbclZr^3Xr&wJqv}kzbNg3xo$2Q*9)K!f2et<;+;U; ze9v`UFufQfGjffC9vW!8#fC+Rx$%s%-XlH2yj~R>G!xLh6hYNE9j1bLWM5d?*vcvv zvAx-$7Kym&j^=Dm8XZE`akGn_()b>s?@;BTmxU{VD|hq2<>E+dnH|~vrk4H9fp&}a z8g+W>Ey?H-=PGZBBBg-NV753$92Wz_v`O|gZ+E_!je7@y#1n@Z$hKb| zOmM+5SS>MwGT=dcfAbbgRX^0JVQ%^Rn!6b{%~87EY}GucHM&U_?_5^8;07v7DBkjQ zaq<8<`F*Jk1NU+(9v=VU)}+*#D|E?evzz+(98UAr7@yw1TsrrK`f7{b!P1?jYK@q) z2%0Bu&ri#tH_LER-8^3&wj~t^&jK)o6A&Gi`k=&UfNQhU zYy?(jC16kPw>-IsHxcaar{WP?-;75>=w8WWo7JD;%iTI|`mJ2x=6l^@Ve>(e-RSBC_*gz?0MU3wLoN9?nS9`V9;}5 zTVRJ8PR}Pj43rx%ra;e9^uiB7>rdr8i@De^p$4e@upilxglH3j;EBsyvn%vnF!Ibx zM>$H_Mt`14sqbF-p>Tzv@iI62JG6?~uhe*gYJ(J9#!O#h8Y$|SpWoz+7{Ff^uL1I1 ztU5%-|5=b@Q;mH+?>JEQqLPZAms)R?(uhnW1UlNLGUDO(mRRa@_N-+R5f(-Q<OC97Z1REwbE{ZHqYsV@H z+{8H4A>(@H38TaDOWGVC^SL_kk|{T2ue}WlcUfnrBD-pfH+7 zeC;&$gk0~1M{=eHD%}-$<`+vT{OuUi1qW(bN`H{XQ1Q#iajY-W9wwgf&Mph&tP|Hdkt zOl0ODnckb4KKrf0>d}_xmv#2I)N(7Qs_!-Wb`=D=w;W-DK&wx{ge42al{8vZH*;>egQ?4!}J|6 z?$<$5r;gjQfUFW_#bwwdEg^`0)_91W3bU8Qd3v=>DS4`c-vW}t@JbfisT!aUsb9Bq zyn~F0q(azwx2r;^sR7!yRXc8!L0x+L53(fr;lYUeU<;;Oy5=EE77%prnul)|`{Oi2 z7X?gU94O7%>Hv~3gGeVG@owlW3st7X%ad>Pslq*HeA`lMnGF3R%*-~96W(sje*1>t zOD$42)P!*4>ZtGB+SLb|4dfJ>smgu#P^ytmC)Q=3Ax5+!;IeS^{y*qoh{+d!G3p2S zW@Bf1vxy;BT2=-x346>TA~CK>llId9H-iMLx6l*LZ#Ryv`up_D3C9`uB5!!*}`Uvz7tUV zSc&3DdCn_|BBRAoiZ1VLcadzZ&9vkb4IY^k{TW+2H6oQ&vL%~NlVdm3tLR$irk99l zF%rF`y?m7F86VGB?i63G4hxaiksFEto(Eb5buipEh*=T$$j>qKi_XPU25cGx%_%^% zFajOHX|jD)Y5=P$ zw4ZAPh%FGTh)MjMaq;#H*R2&ZQt{_98dKt)Q8^RqoX-W%yCrTdZ)c6$7>})q(e%9u zN?Ip#{|MM^}UaB16w3D5OH-;6v5BimI06MeQ#d>@<(FmPyl@jVRJy`7yC@rFL~ z$}3N@vM@JgnInV=xSGJnLkJ^%9T&RMNtVsfqId#5{}L+n22G~G4OLU*Kr{nYO5RCR ze@Ue^2I}wCN~_GT=1HlkO&?>NuAN+|CtV0QfD;o-YSL6(ahj8|8ro6467QV({q@0t zc%N&HQiMcuo4cYqZl(jbkHu^?_YCx>2X*twC`HZq5;0h2W}{3Olij>{t;hv?ekQTr zF7NhM7y5S_Wn3@mFHb)zN&yqxve5lHcedP=y{l`SL`QX#h91yIAWOn90SQ@LrPzs}-fqK4`6gv$Rm;KQ-0z zaTCVVIZts#s;$d3u_ZC)liKQ7@Y$Wi2>a_Y9-3=7t7`<(_Zb1(PFvo|s}!Z;rjIW4 zB_So@LD1m_Mc0oVxhjq)ShDI@B;_qT{P zGj-STwn&Xy34seA=+fhz0aFUZA%9BUAilr$`+JJJqakcdmI@B4J&dIbV~o=W?7?aQ z2UQRFzz^;pPX)bZWn@STrnb;gxj?Ne!m;hwRW{gwRdg|EzOPh=JAT_Ejl6XfFz9X> zWk5^$Zs%6c#D_8TDKxc_{k3|D*R>U8?m?dG?%O$)78Z)1SI9uGgfJaeJLfH`h1BLp z+`|*j2J$V`6d;l)XSim`_xtW8=EgqRsqioW%o@nU!&0rpNiglpjXN9P@0WL?-@qEaK?JJTx0R3F$9+3GMSP zEI@$$HHaj<0<2S;CdcB>`NfR{dA5Gh@5VS5q`ZAc<%-&tyz#M)Iiag_+!?E@=P3y} z>kzO0d32n$SwAnYFtf8;O_;G?&$VmN@2sq>U&a-W`m>uQToT3CxayBx=S~_T-QO+L zX&#DQ!81E3wlZFsuWzQl!mp+|BfD4mfXnuxIj7Pd^yiKz1Br&8(o<&LOYy!sT;#LS zt2s3L4bG2!c|%972@;>Ob0_6HI}qv`_$!|E7%MTEEJc5K7F~~{IR7%xLd(B;lQL~5 zfnqITiTw-W-8(X$RDlmz3g$tebIaPr&Hr-a8sM)g?tUoXC>WEleI6m}0P3HT;Sv8Y z{QM94yu4AHv%HPc%B^dbcl{T5Uz~_IW9%@Jc7mzKLU#24y#FfQ<`_D})j&s%u_Znx zx2dqRN%Zzo$p&aIGL;%MZ_JUJdmm)J_RVkpx4h8F54UdnRkig7*r0uv5BRaZnkJ9082yfkmIFf zh>J}YPm|Lp@a986!Or(ZK_Q@6w=jy(2*1;+yqcVlCx!N+-GTUIo4m7r>ghi@`QsY` z^|eUqS6RhBV$buhFLK%kp#LxYHsDM>nf;Dl5LTiV$`SUSk>vGHwg&0`zgS8RsVNt7 z1Gj^n!+Hkals_lhdS(CX6gyez$$XD#E}Cz46+g-WhF^MEbFQX2p1BZci5X}brvxWI zaZs3J5fYY{H$YMV`SBZQft+VuK6G{-V6`sTRZ{M4CUM+PXc)Pr4Z7M6PUWEc&!mj( zP^}xc4XP;K$!L-NfyPUnDODy&0Nc!Ks-l`S+@cyc(z0_#_C9E2;ARVn<;%KO7IbGr zC(#>le`fJf@WK5W0P??%LtukLE!oF%aM}nVmyND%-=r*4kL%Ux?E@Aj+spL!Wna20 zm~z4miUZGrI#CEGSO1)xV`WQB@|JAdcHPi<)1iU8Jwx?%poS~0Ep{YlKe{e88 z+@@Fw6o2CJp&i@_SyNS`X8cTQ7cpn2^>Pd(0_lpuTY)j}K8Szh=frKUFgBaRt=ZLL z-_8Jw=ys@xX?dvz5J69y5a00g~>q8B9D z?x@I+kEm@5KC75Xw^{e|QZR-gFsR$NRI9d^^_q-x8b&?BmFB@zjMW3<^71x14wtPL zZLWn70^sXU%J8o<<^S>+_Bp(nAw1YV*H|Mfje3+dAH0tLz83M|A3c9rgmZ?5mF(E# zWZv~Z82_KTx&QeDP)Pi(K`-;k1$z4zqV#cGz{qv#U+DA* zp@IQTQi|4Kt^#7m+8?52MGZ{F{<0X4LvXv)7~q-)*&B-S1w4nqF!yBoJu!b8B&dVN z6S!!Q2Ouf1{~%fCu+z}?PT;O8FtcOXm^ z{CD^okVz7cwtaa=x0{iFu7L!*3UMTOu7*IX|Mz2roY;|tY2G%pY$;5*YP3V|1;9L1SI@aCY z_%)l&`0BiJt7FefWi6m21=9uY{fxv7q3-QVr!NWSN{B~bLu0~SzsdJ-q{Il#hk?KtGp?6Hp#cXiYmf@=Dx zdj;~2=z*PXwoSW7>Bohshvw2gt@PGI>E@q{LYU=iO<*(vwbj!Ks@2z75j|Sxiy3QlgL)MqJ zXU1gHb1pqU!j|@cM6ZQ3{lXZb!B(lNq!)8RsJ*-Pf+x>jtMG5US!^Xv1a6x&YN zJkyWS@w^^^D_t=I@~=05{i#y1b_N+Nihyof3$VEOr$g}#`=gQCoPy7nhstL z9J)wh6oE7{D0n-jHI6EDyLrCk`-OuQto}L0I`nTkCmSq!XFH00O446(P7#H~){GXR zqloW$=_P&RcW+*oS*^Bxdi)J2DM5!gq9m8}#y7Mp7+ZDMbIl%!3R>3O>3`U%W_{xY z`xPKaGQf%cz9J0gFfbSXz3Z$W+LT$C%6}bKOpy;__T%?+n^^4M*E_7^#63zSGY3bUE(1k8}F5uU zBLD#pm=E)MGAL$Jv$OH7P#m z2P^dEuOH|2F%4S?Yf|k}&<3a|VVb+6Juh=S2K0_LJ-)Ou1Jwe3rcEqBC6&XZ&O#z+ zmeM2ac*AA<BxC+@4{9E6# zQeYjAdeRI%?L-CZa+p&Yb!Qb1HL}Dp|BxoZEc0qJ2kXQ_(suG7X)z+4-@^SVof)tiIB&w5a34b;Ff7t+JV} z{7RA6K}L(o(tLt2eS_^x#(Qwm|xt4!0xakDM3mo|x>*{DQqQ zJ{OoPB0X%~TFQ@0ISNJ$jwLRw_gth)zF&@HUtiX%-Do$3I8YCkUfETq)+uASBdk@p zmg$?!%{4u?QeI3cK=@RiXUsY1>lvRIa=ct77{ZmKZ(OB1)Vr2_Q?~r2zo$e=C&MAB zJYQnnn5n)-5`+DV%BL-*cC6}LKk{z%Z^o>ORu#KK%Tpr2GTdHJ;S~P<-HEr!L4<~i z%*OG-JYT8CjpZGuR4-!DWq!G&^Lvp=&sB^?IbZ#Y6BU)p8ulV;boY7`tCHaRgTqN- zup-tq*VAx7by7Efl{e)@-dhc9j%bCfiRtk9+hixybOp==WNb}rM4?LN6@~hdCSNQT zStx50j6F2&y0B&94a&+QzpPd1e(ZRW_uNq1Q%a~hsGMLE#T7uo-jJ~RG;CvPBre+~ zpAhbP{NDF!t$w?P;1K*A)jH7Z5ar0f__E(292B_86!3+$+%;r5qBOP z$e$pxL~<~zXU`hD3UQbDfA4&~oCV3DiyUlj%)geGx3_&}?CecJlQ~yg=KG)h77R<` zJkq$F{0@>N5STVNXn!UYwO&f4Lh>{#>3?Vx9lM*GQ%BwHHBYo^S& z6AOk!C+PZ0*fiWJ9vRO8hzjxqzuSU^IWH)<)WCs<*9e~rCV65 zl+0J0bdy$WwN(2gj%T(oJ1ie~v87YHz3kT1@zF(myXKAWDlVnZ=nt~nXrN$yb@-)h zLF&+8c3ngjZOSBqlX%|n(2I*JEKET4G?CZ(R2e{Z@6CMs z`mtTCrl5d3KQ|9pnCAzx>+p_QeO4ZJ9>u1m<>7W5|bsC;M^6?Z{@uJJ_MnN(jOU zrL`!8-h0FnRpveW_zuYabF!uz9GO=rl`k>!k{L#l)#v#vE@WCi`9Rg3aoWSiwR(C* zy6xLTH^oYv!piXsdCB&v!-hC&v(}4ED2)|)%4z-JEAzenIg_uRk0f1*59#ne_XuP? zDUC9Q$P*8)6HTwi({5FBjg(HRmwhyLRm%Fv-~R_07wD!os|*(Q*Oh!9j_DfzpaMB- zvw|d{e12_01>pS-KXU`|5=`XoP1^3lKUaZ#oPRGVBi|__kv61XEb69gncc_%u&^^K zM#s8mCq|dDpaC>jG9E9#9>`%yf2oy_^K4Yp^?luI*LltQh^m8_kpiE{KGqh^R%nRl zIn60Z`s+P%2m5njC#cdPL|%Z2Mjo+uDW_jZtj9w5AwZ2nDL|3=Wc?2^F@!+!pU04R zG%bLRfM`8Ga_${n-YnBu&$}`bP3D7@jq|Q#QwjnvPhFF;-tJGkep;9rUHKyx>f3&g(mcU%vl~R;-qmIpA{_x+ zYm!c7*<~qwiO96N`OM>*Ju}rSH&U@<533nmDuahwD?p_!d1MFG;#K|$D>ShKmd5eG zy}L`*Ji{$2^Nzl0(7fJbE8(szl~%{;iSrd_Gj`VyhTR3usUk*3RO<6?h8pzonJ_35 zqR9SQE@ML@)OWUD2s#O3t&C9840LxHgYNi77d3{9N~T;z*JNwbg_nSpB7rETn)qKauQ=XRa+ zfsw(V0|E(O*9;nO08xp~fqi=AU-dgxRh1!(;Tt9fhpcJ8OkIv4Oa3QrW#2RJ{y2B! zP{$d8u{-JRttgz6xLM%KQ1_UF&X0ZXL)5a&9T%E;Q)tCSff1|Rj=C?IOL7u@Leaga z`Cqg>i~Y#;Q9?r4FrBc-CZ;QB%Fx@Joy{>XJ~|C2-t522-h%J%d+(5bS;o~gjC)6i z40s*7ERQ!pu z+Qq|)7)Wr}(L+}kPkKtdKFTXl<+TXO$h9yz*i==%0=+jd_7NYaC0yl7z2D^Av2Qcy4#nvze6>@*`WtSx@28Hu0ytu-DJyN9 zR-b_J;_kb(1!J1dwORZYe$(wa3A%$CPR}jk6qqX_(?1ZrYZz67;^Mms3sRbaBvh7c ziKhq;x~6=w5HzX^YbtSrZ9Mw2+p&eep(zfM7M~ZUm(W~F>6^*^2sH^Y(z>HH-5b2? z5;dIjM&oJM(0{z0ny^piC48_gW@wS*hT`WP9UwFr7C8Z7e*tL&q=^Fu~9?%cvW|`=-an8fIC901g{4g_$juSktn?_hmbRiH~MO?TkW|4Ux9tSY?<-R1~szSNIJX&0cJLC8^AN+04X|9_{mwp zVBhIn^k@eZSa#T#I|0xU2K+!!1GFa_z4t*QKE8%nH6FWtd=oDImfN^QWTv{f!n{8J z7OUnmz2(oLv$aKN9k2E>jujwKBkamvh8{Y`@Q&myNQYp|`su$#NT@sfW*jk}tm*~8 zDAmgK*&T?PZb!bT8N*6fzv7m|zyNzJeIw%cTGt(2!owU35|9(WEv7E6Xf|qaPy~+c zI0>Y1#c?}QEzmfwE^KtB`#+hS9( zE;wh`E~K}k-B2u{vUp2A&Z=w(`XL*kjb{JzVVVXwIm(ReSp&2G;AVL+^^Lf_9(D;wP7+gG2dp|BV_ZW)D1E7}8uuEYgBm&0gQwHv> zBecz{XP%XZvrR%%B#K$BO*?IiJHlWHJ3j>xSHqr44ATb&omgsHbFZ zO9}s>{0k4(gHT#c9pgjCfTxASs zLy>2reEjj5uc9G6`M@AY^qFcV*JMX1$Y9;k(c!6}hz#<)?f%!pWx;9Q zbN(kiny?IMH-LLs2XFD8xXI_Q+qvGOXTqgTICQ#x zSI12`jD=;)Kcf8)1Krn(lJh^$W-$1^+U(kd!%#C-vqsaVFe0cp^%$JF0P;=UP^@WA zH+o@~y(71WyVU+MnA<8B!G4qtoV9Xuh(vUE=2lgA0j?nBLok*=96;B;LC;f-8yQQE zEPQ9*daz+ktXq>%-yg6rhn_o_B&pL-+2j>13k@pIl-77$XM{!mIxN_7(lRIO<>{-Z zp3StDba6&2H~3Tm!$SIM?#?da#oT7CAv0n58;w1K@FcFEMGLpYM>(Z8abhbG zPuXieN<@6IcOUEnFC@6Dv1^j=KD~S?@3aZbeo;?!y!GX~ZRsrPXSDp-UCN*Hl8*BS*}F`{g|V@Dhv@t94S84-Teg}cRgD(ZYR_E9ohtWo zbf8gQBnc`?tVB$(KLW6ZP(GIl!Cy(wZAosiQ7F%!k%k(;amgrm4a za?r03vl@>_&eyI;Jhh;EODp55DBX{seo-&cj_mz-bnJ-h7$}m)VJ{yLug#Wb*XqvA zX&$c2%6kbA(|IuQe?~uyzfwA9N{WA`bOZqozk(%nOap`1pQ(P2>^~0)nG0g7`A>56 zVovja_6VrN@ubIX*IVj+r*XXcYi{j8@*puhdT=Ml)w^Jn+oqH&D9oCL?+$Lm9&S+E z3|8`oM-GFh&{bp{JSmJ1XyqB(3hC_K1pE3c8yckaeAUBTyQh;^`95}kE% zwtDHloqPP$8>R`jm#59?E$MbltpAx zehcr*&Wu#?$XEO1)dFqBYGuU}%tKd&+f7$H>L-f~CEXJP=;_u(FHAb!$?-M#MxVzL zx+>w2bJOGbDD$b~>>V#eb?Dk3+1w|WS)0{q=Dn(4E~@=~^I zcf#_}NoIZ_C10-rpe>74{OUeumRd+7M=)xp@%|Pc$!H%h87A!>%%l}?>C1%9$#-#m zlB0CMlU27V;Cm0-aIx~xc}IzPp-b&T$t@2^Q5fp40 zspw+lwZ653-%}=yXJ}ra+I7@U-K%wvx9xarBZQ{HTPzbKr?ge=QiodP-)*V80+Ish zIO3@)GOligRZfY}J-i9IsOj!CcG)Lun{P=-(EOP0I5dQ<-K|aLkfS%60=AKD^ z>2?9A@17|cC|ozi0F$VH|FwjvZMDeWOq%&By;+&bVj)}xZ2%4Ur0u8mUPuf; z1E1qtLjQz8zzBZ-`A%RLxHO$@dUR|6f{oaL;yoogL3mZ0j@Fw+!h4^)B7eUC&<1c{ zVwjIz;Kb&KStx{8=c2VHAX$Zg<1-;e<6WKvjmLw3I^@7Fy#v@xdvZf|_gmoZ0#35a zfBF|f2R!io#n%P-JdnhPeT55AYD0z%Lr;}vHK?db&5*g zDJ}1&4r4h*8`Bg{c7$5Lx0YD0z7B4+2A{N-*BXxf@Hl2t`!}pd2w?ZsEP1A`&1c>l z=(-0j{F$o``jrMxCtZEr>EDW@6E=c01PPHKZID4V_p4BU=r` z5&B2$b11^`gHp>950L%YY|6kvFzB^YUhD_ZQ{-=k4d zL%Xi1C zRQa7;VgI79kksU_pOOh}z+DYJ2}|SjR$KN>7yN`VTA>e+v3cei@_-68mRnJW3ra7mCF3!a~lhCjw zs@hkxNP}2qp7Nj+;aCrHFs+2w5t`<=&TCwI&(edWePUxuv2dc@)ak~9V=QXHlc~Wy z+(3seW$5ALXB2CDK!n&j1v!v|>G+x;?6`2dlq31c5<1Y!J1L{Ofa>CkXUaP-JX1sN zE6&s+&NAuyDx`Yw%6nj*DTVc6^C{!zcqeuHD~pE47uRV6zE}$6p7NGk-^*88j7i z07D^NY*$5RmI4Zv%^L7J#-t5(;BZpeBjh-`AI;rl3ieZ>s!PfI^MYkiy;EK9fyX*RgIw>Qtrin33Z`O-EUX zY;yFlwK=Jye1$!ly&qwjwwO+8DJM;BSF`u^SPij1&)s=HBfJ{jleL}o>r=d|-aTvT z6MTCgWBZKanmH?kWeC3bezZFq_I+;l)qGf!!A_F*PWuK1Wq>>!#{&wI*-!3Py_L># z)^yzB5#}JXVRf=3%oL5kbnpEoaWyF}-pgwES{^|;jC z(HHTLA_{AplC#(PGzKvmQO;541p7E?q)|v)##V1 zL1+`gm~_UzRB9>}^Yv$MPNrD`_>@)mo_I-ICqR^(_m{P0Amr)ihY%+m)JT6sZq zK?Xh9B3v_)9o?a45Gj%xVmE zIJo{$6dR!x?D?{7<#$`sT*)aaW%+!R#-;8|vMozXj$ActYdN|4C`j?$)j!BmUf`sr zpA&0;q)ckNpnec;axBycbY)Md)z9z+BcGPZ2-(@lpgZzprp|7npJd5@crDJGH`88R z>Tvw*d)^EI$wC`wTtul%t#2%a(+az2<0tJ2Z#-P8Pe=RTqD<@uCX9 z%>c?}@J42Xnp_N6_KR83!fDKOKNM5CGfPSxp4>iVnq4i2qtw&UTD6)Tnci_k|GJsg z+oR9lTqe_-Ho8r<`U=YB2FxxaeYA#@ihUYZM;6w2=HGzVPz9-Z66YJ>ZRU5~QGQC7 zDRoPssY!nI9s6Xlgg5qH->jz+Wx;_YDy>X(3Lm<1N5J&U%@9MbQWyD8Y}B-yWA<&QsQ^^f&Y$19Ei#P3_n4jT(Vb3@{5_sx%nHY zcx3-h70D}dBmWn4@Oz5EJPct-o1_@lW|X#YsDuxJq}_-B4E0@!diX@#4MxS5Aw)_Ox{_<(V-_5Tmr@7SRVU;_wF0< zjd>5QJheUCijdhp>_zl>l6X_x>E8pP*J%r91u^tJYF{rSSQ!p(^l%}4?cUjL$+4+J z_AlD?>!NSKMWY67mcHh8vt{03eR%YirCxU)bp@@D8Voh98ONrl6xR9&8POEhKD}@o z{yF(o>pDUe;Sg7iviw_M=QY4B;{fdJ>kXU!1WPVR>uUtpzX_~rVn1PGY81TB{N#T@ z*PlH`*a>NU)%4e^|4BpXE#rNE#SS~57=nfe$x!?!4b}XY>=5xS%{4%M@E;?i(Iv|> zQgX-&==@dTMTe8W;DgKNea)HloTl@<;X(n`*FynboBZUpupxz23!z&lBMgQwUn{el z(^YRHdRyl*-r^WTc&4^4NjvE-kaSn-W?&ScD&g*ERXGNg(E*L=v-l}ioybev_z84j=+j%*Ucz#Oxu6N zRMXfWX)>-}-TMVme+ucwW9HhO>FUqkaelCVk3C5d6Org`*_mS3#y)(=SjwHjmDP_n zVp-xqzS^lurMkSy?_8{Ly$1U4MO#ltpsA-&s4u9R_p0!b3!)x`}XxvusuXFDZzVyOqe zR0X?iJEdj=PxPRq56>6WIX+>SXZV+mPt=!n>SsFz93`>UA1{F_@MFAxysFZ{-0cnxkMk*acKvD%^hzdIC zQYQ$EUID_$FQQ0E$3_VlbgG0%&HFvfbIx_0>s;slo!{gBoM*`I-I(r4ZtFZyI2~_s9Zb4v{QiPi<6G% z2C{C1w<*H1EWg=R`w%Tw$W|ZqY(JB7YlUm~X?xCuksbC5k?$=PMRSDg*scht3o>cR z0+V#z4dxiaR~U=A?|3(Y<|FuJt8pQ5%Q4IEYu=~6+t#9H_>%6cleYCMT!Rk=*iK)u zIM#8X?elWCuEkYBo(NnS!MW?h(IZp+eq2zEY~=+Zuo*X3J)5O$54PQ(EnDklw!a~- z)((V>8eRen9HY76-9@|CJyb5@ouGYQAI*K5Ox5j6m3uD^eMRbN(?!`DB!NmhUUUE{J6VxgYM!#=^Jdn0yql`Rsc|i7 zcRkK>y(`HbWn-TTj+J)6f2Minzj!^v5#zM~na*Pr6|JpsbTU1%A-&jxXM8Nh8e5QE zZCfHP4}(SerCPoo;Hcp2X@{T4I#9K9weclb*u@sQrag@8>YRWCF2OcP9-I56@$&Mx zXhhc4&Fe{iPtDh$2aE4Q3D0?0(9W!%=7qbN)fHG&s9kg^1CbX3lch3NFPX65nY+Vy>vSzOWpk z*;K}-$2wlW=s>7W@`BysR`@R-5>o0pU?0iOCUTWpt%}Dgvhslp@KVed0Z8NC=6Tjy z{AT6)Noc_bb#uvlTuM=r8~1jpQbtGG0L ze)gQ>z~v`5Zl>#Bm1{=QX|b!f=ZUWcCF(nX09y`8K%$@j%MPJ&Xl`$f*oEb!7F?-+ zorFcHVgyVanoZWWLOAXy;2Se-ABeDJKX?=wa~;z8#$4mdBZGw50GGsD!7X6}TQ;NR zr$oBk&+q$QZ5{JD-rRmTh;_=mqamu+&g%skp~Yp&r9N3FT>&B0KjHk|5E_Q&>XlR~ zU#vVAH2MAhHCz1NA1cWDe6-Q_VA;<(D8>IySr%;cI?&!yeucmkpL`?H?@F(dW$` z-%mQcmNG_)17p{rHT_|r|`Bxq1Mv3hf6TSUyL-=M=qq&@w z1gnAJfT`B5gmc=5m3g02)XTkNPWSZDyDl$}qUF2E%J4@)DX}w_0bVo=B0t@-q1)wo zpW2t!k!H`uo^ClGdqHv2O~N;}`mS`Q9V=jeXb3e=DDr$^cNkZQraYwINN&k@ZXi}~ z+nS8((|AB@ejCsmu+pepi`cLM4;_p0f*iPGoE=ahC4!Re+Bfl&C1 z>ZxQOP^d3h&vFf0dmHaHO$>F}%slNZYAKvQFKIYrbZy&F2Am#%%ZO#7BNcI-Q67{4 zy#>7XX=Q>yQL)Q?mAy%=Ddbe3qy-w##`?;_w-c zzqA+t^rXN7-Fjv%+#7*vyn=ZVyhC-7D(uK=nabM?Z0CJAj&b)522 zjU~vSKZ8!d<1a3e%fNmqns6}hVli_wHxsMj9$zhjBzr^zzzPZ2++8nDKD@9xwGyd4 z=8{i*Q*rjfg=lN@l4%z|AF(ukgGt+$9>>bv!WJi4Rn6HZqt2|n(5Ktv4P!K)T)`Nx zc0x^6B&czH@~YW=n_fAN@6j)z_P*5IWU-{^A{yp+OUn?m*8$?$(9^HIi!~Y;>>8R+ z%y9Y|0SgND;AVvgNPe8TFj1kjLdTU(PNVM9?s%C)1#W`vl%U$ku1gG!|ejq;8&K2ZGJdsUyUZpZ%J<)?PAf>jY<_dKIe)BS z)(9!5l!)mrrZxl>1beKh<_;Opp2!S}4R4%;k&MZiX@ZV;c>}Z)I+E{JW>Fd{?dSu4 zCYMB9T2J-O>9$hpVV~0}eOb9V#1;Krym$#cYqNwhuhXm^FX$h=772e@-6aTh9udy; zo$P1LK(#S#*^C*EBQx+o0K~_6E2rj}^^x(RMaUCNv4!I5q>)C_X#c)MEq0dAef2~XQrfk7uG0Hqh9Ro82?mHrCT!_r<`}$v;vnb=K2^n6K~$TXM}4u>qd6Y zgq>cFIMuqs(vHIn$Cj5%Y1b9kzWyYuNQJHzXYVNjn^`Z#WMgLaO`KY5uy{f`i5SM@KkVFS;iIjKIFE}1M z6Ok?WlnR5=$=y#K^I_g?^pMYI86YqBCSsLr_#>`ZZE})lo{9)BVD|gU6*Zq2>N_b4PYv$3y7UP z1rdaU-FsY*FLLe(7WFR|;rIMZ)}OCKrCR3X2=IpI&Hz00Q^$Fd-%wQnkFek>(%NFt zCe4LQt)JxMCT`Q)9(rW8`&2`HjS1)u`$8^GHjArkGz_JJ{K|OJTz!9dOCV?Zt)<$l z=%gze`12YcjdQ*XBQA7xp7Y=b)W#H2zpa?2Zd#grcnarky`nuv$;KySUX&~;qDAX* zF&XSUO*;jL=X6ae#V(IkBFmJ3%Ddpf15KWDk{ey>se#de-3 z7YfCeJt6^IWe05k-~E2fnXb1^51>okS(Oy8_?|AGjl(4`_ibBO92nLMY1EqF4?5Qd zIH#z-()ovTwy+Lv&YFij5HwT)+{Mf^QU-IQp^?+X-ZZBjtjRBEoQo1Kh+Evy_W+tt zMASgJ=|#*%UGsvXGy8)y>g7N+PA5RgxfC58utJAduxqg}4{>ac*S_x*g41Lis$f7> zl4gqg_?H7$=3rH&IA+ys`7C%rfVQZT6Ul=~-W(bOy5tu0^-|2TBu6jdKFn3?dOAtUL8+c2{KCT4b)@ zIG*#p&b=o0uY9VeRTktCX|Fhvj;m%ZPA=q~JX;su!c5mK&^mtlRR)5b85f<94L}Bk zt{zEs6Sv_bH2vKw>B&YlHb(KhE!3^a%0|-wTW>r1)bx#asM77cOm?f(`gdbHCIAuB zT2QfW3osC(HNLqlzb`+C#hb6=VIjs>xnW7JVKCA#NPWxLRi4i#YT8M}QyR8fNX7}{ zE5B$p$>A*^9lz1@Ell~qzGF3Q8NTPDoS^X>wP@$Kq(xhYdZaDOuUs-u>1W>1WOTwKm}`#Zv$B;smAJzriy6EuQW__&t1^W=E~y6+2M3x-Vn9bp6d6 zUg1p(f9DnWujIYxZ{Ni)MPjsggze&k@r%ckO%I{O7dfuHebm02sCeT=Gm}NZUzkNM zO)rW`uHvUn^ul^+Zs#$7dj&gn=U&}<0Na?M5w_0ysMCKmEPICqRSlYZoInpEL0jmFLUSPigdKw|DkzXz#i zF`EHe{Tky?GZ>I-O0^94p!LwY$Ax!aABqhHg+XjkuUTyJ32=L3Udj}SSBtoBy@?Z6 zD#^*l#lQHocwk!_b9It?Qc{0CqFZjR#uSHj-FB~wBWi@rc$G<1TR45w|5Dgy^F9vi z5amVuj3a8mmJeVBi0!&EMVnLd3wZ_jNEf5k_*N*p79hviWd`3fS{wf`VIAXpcWwIG zCa7|iBhaV$?eWH}g|l=YxRxP@4-aO*psb>PRDnfQ*uivYzYw~OO1XVP7{`zXJQVeg zg{h8~EPj7{=h`=>b$F~{tE3)Ob70lq@J-Fwh5VJLfk{(E&;Ihl-hr2*| zZ~ULg5HWP6g;SVyDWy|fbd_7~Zu07tQ90RJz6bXvf(0J+5A40In@>66f{w~`jS*dz zS+-S_On}d2;*xqy)JnT&5|T2^3Pn`gr#zj_;33Eb_&B3h+fr%i~h2n06GiPYSzM zFt)=v=`@X1#x~H*uMHJW2>_f!@&E0@|Bt>Oo)V4=Q}3x?AV{0-SXU>j&k|wD!X|T6n4AwM}c=`dTq(#c|%Js?9AjO7xB%C?E`cC4ocpnzC6$j>j%YP>B(`=OT_`!s~q5Dqe zf5C*ubA`>lWV#-)(+Z}FoH_}xL6IO+zlj!r?`a6F4y&BuZv9BVy$1EIMPhsHqDJnY zrAs#;^)i7Z(YoF|2_={ivS<_2erOzrc`^EXQ{#(UUZbW%x7tQ8X2vgYA$`RREF$}6 z(LiUyCqJX{1VQLgO`bYX+;D|rwPUqMDM0%2@ivH#{`sz} zwU3vkktb4q5_;xBjFy$Hz`>*C>)V`-DULQkLpOg1~VbWd0w z^H}1W0+9LZ0Qc2})$>A$$jmzT4E8sB=GXTcJ$=wh?e*c#h^J}3u-O4=NAki}mVte23neqQzb{6&9P9gVNupoSO?gM|VOoU+ zDReDRV-eO+hKKLh`^TU4^Jo4C{@qQ|9(C~yKK>?gEC`+CfOZ-LO1^;5CLLLEs15K9 zYRLE0OeV8{TvSBMaWSs^$#YUG7}iA*`Zygf=2h^R0T2H5H~)CPt%AZQ>XkAiABwCH;Y`L>TCY8M_R)7yKLX-F%aRj$`o&nV)-)>p zU_rlQgT*cC)A%gstbXOI&z_%>Y+HrDCP+D-VaLjVwKFOQ#`}K+Ycgkf@rX~+jH8#4 zitAa|*55C)ye$JO)*0OoYba&u!|I~kwM9r5BQKU=$Iw`>VveD1=`0g0Yz^>Cg8;JV zO*XbbGMgj>0`rl>lfw!&>XZH*VK;*Jjmnonlk!TEW}|s~Za>}mMY`QUxVOhB63QsN z3o?e~AJ*9aiLZIZppZHO!q!20sPU=rhwCnYXY69;tk|5L{?W^71p{Qwf&O9o=Sum~tbV;?9fa~zM?UFMoF)p% zS0<#$-cmpq&IatG4L#uh>0f))887p)6X$n_J%uW)Ui`TFY7Sy+@{P%qudPebTSc@E zE}I2O?NzCHui-{aNv<}I-?ITi`~aZc*gXHl)~g^XV*ZyN`|kk5(8u)7a{8yWyWX_w zuELIMr4;t0SvQlxem&U3qg$<>##1c19x?#p>z$TjU>B>P(x2V}G+GDi|7D8zZ$-Lr z(y+75{xe1hl%TM>E#qSOH`SZl{;#kmk4tn4-o`n??hzoC>GoLJ{|#%BSYb|Ae7OF3 zEgXfo1Q=R}8|h!^>UeJ4#G2-qOI9Zk1q;kt?mlhFP}@BGU=h|*M98mjzf-A(#7^!) zFNWWqpwhO}KJa;PFf6{fYSbzse71j4uYg39RikS-`BbsRd)A5l+xzq!7zkk1+m_qk zA8P|5QpQmbJ$Xrug%RVj|<9G*%CCyIWRAfY`s+u9!-N#3EOiiP!GO?q(JhzgH z6=j9M@$&d}!zyGE_I2Jpo9@$um{}Yt>}uw5PZ0FDJ!Jx~khagEX-QG!c?IZ-Z`Ogw zCKQoZI7PUA)God#rguDGM}`w=JuOe|X3SMt*n87vg@T(Y>UyuH|Im;U_HO^!Iu`G9x0Nlq1$%qiFiWVd z7x%0aUThn>`}w+>Q=OnE`D@RqFXiW^SvFk%? zQ)ZUB_1wK^8IFfaC?a~l-puNbUO`~wHB+NPc9i6JxOiHa_4|N?R2d$g zRItDHl-4i}i|_8j*O)0szns#&oI+b+)iJ-`BY$M8x3nTcr_tGhUsiB|hlb@{xm~G` z!(^{pK4ZLZo;lC0k3GOVj#Hchco=yGjR?egvT((w@S?$%G z=p|G>ZK#zkF~E6FsYY09K}MKZO>=$p{`SdIp1}B2p6G`1G^L7b(f$31-h|`mc>&{qdX;VoQU2;mm(0%4+L`r@~!)kHF}C%uLtG;SylzSKwN*{-^AMRV--cAAy@TM zMhU!TZ=dC_Ro3RHJ--VERa%%>LvuBG7joGXR+S61cE!gZZ7jEUAG$`B@|SQcz<_{4 zAqI>;4_!fsc>_El5Tnqr-LVqKFzypgz};TgMwh|jbu6Zb8TNdd%4*7D)O{WTK>_l~ z4cSGxOsn|1IlO_pO&oVGS0UmYnA4^^thNXoRm^_Kw{yH7y_kK~C8b}m?2r=<6SEm3 zTKLenT~3QP6KqbC^L%)as0MdR2r4GQ(DJZ z)}pu#9WM2x2PHP`)NWE|a;ZJJC9&);jgJBhH!b*U@fv?QU+HnY0qWqh&*jbwZm<>F zwOsy;%;IC2#bB*P1!L5$@TMh9b~M-wH*9%gh3`{ltpA?lU&Pzt@5_plFx7AFagL*b zmMrZS!42HHn^{D@i_FPmbJo)U&_a>1B|6-#(+6w%L^<4!mbAva$?pz^CFyGFngmbL z6+wvJgAsWD6q{~N1Ks5OPpM_oW z6!)Y{CcPc7X`d#8UK`6OPw;TWXkj|GqFFdI*K-sIMDa1S@dPZ@JbeuX&xiLZ#iHtEQTpieh_9z#H`6b)UN$ zGj0jyNRvf$C)xVfnXmeLl$K4X=HM;3kn357?K1E7ikhi>-|zU2L30(lMPvwXo^wV( zNUZ-sC;YD+iiF(G_8Df2R@HUeBVAI+NF*TIE~`#j+ltwGZ!jKCfOzs#tsa$e3dV7Z zspzFr)NI17u02>}d^4M(V7hmwFuE`GB{^u~wYQXT`c}3m&pl#Ve-}X9xyxxAB)rLq zIN_t<^wrQ})f-=D!ixi>XCQs6y?@#aoa}wL{D&qgf!FH~*8#IO>&l`hcU`mEOHyB^ zT#Xqx1j415%_Y6)uFBQga?v4hM45eK`pDJy(8y0w$L!k1$sX2(%^T|2i)o|G1Gk%p<59B;CZ&P!{u^kQf0+TR!&OmQtq@ia>9%-8QUB6W5=%; zn7lH%{2?r|4&2@dTk6c^kYlW1GFf=|th|TIxY!LhbGR8r`D4t$mbQx#)U=CwuVDm7 z7hd_sG?q1vuEOe0gQHQ-i%Oe0Lx&w2N5>l|qG(|`dm3IJtqPm}iZm{Av@3E%su}*V zb_*k(9r2dikxE8j`-hx2PW?OVMwT7Y{lmhG(#nfJc6EeE`rs=AcUyH#oqY9;50cB& z9Q>QpuiP$Y4=rSU-`7&(nHu179S4_d7By-kA~u%PV`q{g6&~KP4B7E}fWp-(qJ1$a z`TEp0u#oiiu5GK_e@5wctlF*P3n$u5#*mR`)iqbT5+&~AOpUFi!9~FRz&r+Ef;Msr z4*9y3dU{Cy)UN>ANARHzonm-9V3+am3b!#rVro}1R$@nf>jEKa z@?Zha_Pzk_NIGTjo-KDCs>}d~g>xIXimrn(cVf^EFJnQPnEt!{K)I7H1PM}b;YVHi3qkl0K`n#Os`vCmwwN}x; z*dC>^6$`>KBzFOwebHsuf3r&6{(mFN-{Se?#Sc!T7pHTKa{IqtScd*l3Nnj-NI=&C zd5q_xK=R4;b?SWNZ?<{xF>!vP*}*V~Vefl=bD5c*7b$&dv(A2#;in7nm981M zpl&`%KVL{@UiEDjj8bqaRmWDyR4hUUGi6^;{Kz_L%cQJyv&9=qVW!Nm&km|lSf@CI zJ$#S+;_Y2GB9z~2O$R{zN}eWSrmbR|?+VgCajq;8C)N8N(ZVU}i2RNX!FBoRLD}KD zN2&Rp0@5lg%=>A*0{ZH5On#krX6)pBPQ+bw!$2LiF(L=`PODml**SJmVxN`%m0|C7 zOlf6Z&BcW;5SB{vaCO^z-Wim>F#a{{kLDrfhts4Vn%|4tU(EqpBBLjlx|h3(9_}_gS9>0zP#)yZ(s}U9r0NM2^Y}T){v6lc zBXB4VHR8kibuD%h7ViUZnB@DsEJQ_%V$Gv9JfRN8CE<_WZQqK`zj1R(5Vw~9<#450 zDuU#CX;PO^6_M3JadvC&yL>>j-SUcz@24>S%>jDHv+OiDtXR9!`X0+S=GRd3ngv;( zOWt0a@}1JfsEIN6(38Re1U3vF!u$?X@>;V)!cfD=+4rGV^sBu%Quk4J1@i{MO9L9& zP8`$yRfZ>f`3&gU%gQZ~MniEl*r=?C-Bfuk#X zt5OJEz9+q}@x|{jqC*JJXipSQ-iUJ|7eRHdtFvtf51Q#T7yYY>99jDPt z53%x(VM73Ll6x&P)#z9Wpm$6y5V;De(L}rSh_b#B@wCCe*rvoDRzLjZbTVe_;;N;F3n3j z3pF)JAx$Cig{mw;t50>cyFQ(IrJnT(a+t=sYTq-2cVfU)YCR?uxY{c7Of-^M2WAza z#|w3}xQ?es)N;mLug+nH{V&z3sDAxBVy64m-1rDSJ4wz{9; zRu!aX{)Sd$NoWd9Sy+;8(K-=Rw9JvelpdoV-xT3#GE7bQq*#rUTGIn6!oI;xLP0f)hhrSutD_*n*ytw=vmkdHuO!$Irdi03r98c^861Szi>5J%= z8bw82XL3ABeijz4gEiYXspfP%78C~R*5}vmI#W*pob?TlF<^&ou3swi>AlkYC&da~ ztMv&duS!2NNG^r<&MUVYvx85o^6sC|IsIC(`Itpvfq&)#W15sLcM7Lv9NTJyD=Q(o z+Hf#)50vI`^$mpV2L0to)V(kD!_mDQ68o8Fq3Zr`3;S+(UVRr?ZM@`XrEgc%%8LZd z9Fmz?LaBW=5)RfC;tLlO#d^ zXA$2;@Cp)(n!Dkim0^vbzNaOzr+#^4U?$_c#|x}ZqeYl@e?&*$>AT@*w%8R~1J3M_ zXpWO7T+s0KuF$Y|n90GeLFJHe^a+I6Y@+pc6HlX(S=b6S{`>+vDl6^iUuEX$;bo`l zt(V~}!UXL;u4DFgzNgSR3-8{JyW?5j8NR<_NA##&3%;MupXS>1)oYoijWgrY#+&g3 zKza)eD&I0FSV%J)$VpcQ1*;7&RFY<@*!0GwmlUz7KY0Mw*->WV5OKXaI`Q@jk{7wK z8p#iAHjwYWF{z$^AE0lX<>T$W2q3zjK?)H%2ca74Zr%GP337k-oOIkVM=xfb`2L}6 zQW8Qq&18)Nf33J3%2mccOZKTnB3UYc+x;*a6g=}Cx3ao$OQE!QH6gB6x41p|b9i5D zE{NA{55toT#Ng#+<|a#rO+MjBNXZ;+yE166EMHf_9k-^Oy2tSj4Db~xd03RoGsl-D zO)!yVfaGR##D2l~_wV-N@~6&Iqwy%s8MdzTdqaH$b3v4*6Q@13 zOnd%N=^2{J1HmuQv;bA=l9j%M+67++GH^fu;vQp*khX5cbadS-bm_X9w>0F8B;hm2 zolGA?He9GOJmYC^84`%vBf!p@SIYN{RA9_ErWa_ED?&W7gJDZW!nb5q+ao{N9lHE^ z=HzPVG7#Gc=w9>Jp}(iY>k)B9(rE=U3+NweiK%F?^I`&EBu9W;`>v(v9B%@#Vpa@4 z|Mo9OgT8CBcxdjbbn)7p-s&*&_?p6|Nf(pWM}r4OIn^xk;QockO}AQiJgqH*6_}%2 zfi%){wf#v+cjXhw)$-`I8+Bl&C6Ue$_;xDOrXIs?g=^R3%*z=*2X`28w1nw?j;4sK z2TT14rEcbf>i#IMBZtDEVHw;K}S-j%j9U%`{^mmR!(+cu1!msL66T{~F3bTFu zw-S!!SGQX}sg2n!A98p|IyBql1awSw$v;xtBm3#?aN~h{#N58^YzDQgzZK9gHO3cU?q2x*ysl^ z-cJ*FIh}1av>sk*W@BK!+q$`Thln7Q*My{df;l$JZO_Da4I|7LR?yE*?~B^5$AsjQ z3UM|wTGNnjpOjce5O*M#HHNwu$d`)K%aYg;504k$Yn7;0V8Cw>HYS3UQJT`O5w!bu-!6M&zw z$;cQ^XpYDkKv$LB@rmA&S}(v~QZ~@xaLjCT;75Up!FbIH4|qsoJwrxw%cGxBF~&J9 zSW+;QDUj0CKhWs;_H@;kOSI#uo{o>QSMP%sIajLXzPl7hxU8w=T}XvvX12kx`qzqw zI;YGU?%if)I!u+ne`P;0q3)2HuY~gMSNo5+k1co01vt4{xQ=kA(&L7t7I;KOoJ{g7 zoqAMHH+=VkX#=x%G5IvMSBEElS?@haT(WZxZ(Ky;-P|WvfP}^MZhMO>l~b43ht$MV zHF8{lEgz$v84V}}pjZY2c53Qn82B}a`#qQS&IPh~xyEYNgoUNNrFJTnAyhL(-|Ui3 zcGm_U%l*2O9Fv(jjQ9$UcVg2$ar98%t zkFOUX<)+lHVfZy=i;Vg+TO8R;`jvwvY(iZ+|N=PowyL?a}i>_O`OdBM3Pb5j`WM)B>^$ewD-O(~TMPVtcQQa%dcZkPpT~ zlO8YBOR5};LBHkCgu^!(GwrZ8xp+-OYSIh3%Q*MsewqiZRe4?49;f(0f zsQR&E*>_G7SgwxJ9-QcCd6RJki^&Y$DK5xXEBA34io2~>e8;o=4Xv_@5*MdCBF($^ z5@tr`xXe4-4!o|l>nWHpV)2qF98SG!>Z2je^X&YaA)BneGH&Q%>3V;n)(Y3ll45`7 z-2jwpU;vdkWiKlbh01^kTHw+nIxxY5)*dVk3X5N)6}@;|P3mbtXhCR|cFTOFawYv6 zlV2V*Gr0-~rs}>v8QAK~14wj4VHiubVE&0Z!NubddS z>(W?|jS*(3K6D*{&OcgNJ~+Zqt(7;SZAAwmo{cSBvaBuYcpdrk3%# zuHMFGm-lfWhaN1-+DjaaS0W0N{CUr6eowxpb1 zbZsV;eBs$LbV;A?Pyog4DY9>WjN&R@U#vg9jylR+AnGydE2`@u_R1~3 zU|fMEByMxH=$zi>G8aoF4)#Nv-j*uDSOyIZ*|1VS~ezqMAY1ai#s|&bkrtHlAH>w@qeyX+>3{z)1RN1XZ?N_U$ z2O>#KP6oy)R57@gGF<^RYnZQjbNaqT%p z@jqlQ8=Y{y&HKvOCx}B@|E(9YuO|$D;fVjP?)tZ1H}wNGwUetu%Usmo4NT)RYMo!B zTe_adGCOnGuAODgAz~(^QXd!wm~<^34h14Dz|us`i|3X}S=DFmbv0MS#awy@Y>*y* z^=mZn4)I!~I%ml^&m@moRCxC}uKAs$c2RuKkUnAmXjG0EQDH+Zdasr-RSIcO71H8= zcO|cBtUhCq;V{WNJAsaMGmvboJF02~PGXsr$T5o=@0H}W8^u(>rHA4Y>VQD#xOe2& zCHJLoOerL@h7Q=!K;>IH5WeSJyHJ%?T~%tSN{0!qM2=X(Jhp6EvgGGdCQ<6QH>q#)!rIK18?CqLEs(L8T=Q*?46%G-*yd7__9jT} z$oLvvaVmqDWT||YujEP~V9Ah>y1iIK-{{tEa|gOT(RC)W5i?9k?}%{q7_X(^3uTCf zQiO=)A9agxkIrvQ8@8G#gFoBh1#-IREqh&sjH;PW?!299FETAM{N%GLh z$^{2gbIMoopm`6}#K=|yeG$eNNUvK@q z85+*m|DXtu3pLWwku9skM_V5Al6PDS$OVl{(Fy$D)+V6`ka25KkxP+tkYbD4^qO3b z!!I^1BjUO;3*(3N$qz5wZYZ8-9gIzWMe(vacx3NlpXeQZLfdYZvRoZ5gr5lrI6)Sg zQhG;km%2aDzr_0qpG%53UMTfi#&X;AyT~ax`Jro55c)bmIf+Gx3&3U~$1L@XeJgBy z7BvjPk~+gMF{b@`NxnWCp$U@s$;G=RCCQ_!gxBEqNHbqi`5=Tw)D6Q{7TeF*`561& z&jrjyky=O-%J8xHBVWBZ^yRKHzac@JImxF)Ezn=qF@IuU){hEqg4__gWqETSk?n*| zPoP6-`Bv6z9EuU>qu9wDTEGs|1+dQYPqBQ>-M5-HYVzL0?Qrs2dtx~KHD5A&TSs|* zW2*?(Ar2_{uPYe7sdjv9!&iM{t#;XVHdc`Gf&bFJMKy2etq&A3PvjVa_5R=a69rogGT zO9{BJuR~dieIkKDFhGS>kum6w2tU6yWeJ)@^S^eNZ4FvH5<|3_E~<) z!)z z-)T%(N<#=aJ}%ty-3SH*F!~;&y9IYCy&%(iWODnCAs{eEGR@zdOF$omLwt=PeHw~p zTvs-`gf}S}kA0poU2Jn^-YUM{Xgdc`8iQ{2li4!|%osi+SwIsh&XO7|jvB)**)RByk8!jE6qfW#}; zB=q60Rg{7BKzt3U9Dr$mm?}h<1;*Ea_u_eV#h`Sh%6G@hv_}_mzXCW<5OzWo<@U2> z7Cg3rBJik;_k?tVLMCHNjveUbj3g1NY39_8vC1FSj!psQV7Q(W#PcO?^kFJb9olzQ-+W ztmB%3#OolfBeq#nhJ6#YgVy3}LubJum1`DfH0ICRr`-kiNy=@EqV6RIem5|58Ghh* z&)7%D!MF9jqaNe>sLWC+KyVRhdO@mg++UMN zVI8>$6PoL}7kidjKWF?rl&yx2f3$sEt2@j_N%Ew*fRYz>wCKx+nNFfRT97C{i5-XVS3b<5$-HNoVT+%Cy$ zj*1#LK*>=5djl5u9Ns3PiIL;LBSkuLF?xNEZMU%!yDtFe^q6n>y_}rOF%8bKZQG5- zyrC-&0n09QyxPqgF+qV&zGO(VOF=@nuiOpZjOcWrMP_8CI@Xf^G&FVrVpins-S}E4 zWy?Hx2;_yN=+|z@9FYDyY3eH*GP{MK|XS#QiubDW2WXVaPbIY-dE%N0Ir!K|93ePXH@N0MgiB^% zn-Rs)8TS-?q#bbT>YNPcL8gFz1MBNEYmD}MOHV{t7vy=z%-EIVwpYiTVr*6PLQWWZ@y92^Z+m&T(!T71H6cq zcKWI~{PwNMzebCo;&PSG+LW_L{7c{f*G}y57LYUChe4yT0nOWM!l45|cycA)Yy)M?EG4tO2cg+go|t z8@gsAm+V%6q&mDjZM|11ZKYdH@6H6_Q-K5HR*Oo_0ZaBtfW|!8rYt~@e)i2IEXfPf zu49Xjtn!uzmZ!z5-Yx-xp zPm*}1_ci+&A-a+|2rg^9;Z4q@qM3j>nD)d3ydV1(U?(AuqYw@Z*z>FP_iN$KT}tGy z;R1_tYnAIh`Wr<7t8O(=d92F^V1jQLj{eQqJdJRHziq z-dO*q2)~ocKNHL@axLwT1QVhI*4}rl`Hb;%!>*W36UmKOj{ykS4v4|XZ%ks0)FdBj zu6gsq#AN9j0f*itkH2{WM7fwz*(z{0?6$N`XGkrZ_~a9w+iR|Gf&no_eEt+DNpD=p zFF`G7fUkk@bFZ2F0L-fSm6PoFrpM++^UMpQvAPd?NFiO-4tLipRz^R`K-Ym?3CaQ59XQPE^72Po1O5L^ z_DB0?+2895>P?*W?F3#uP^`T~9%!;EzOlo?DnQrM(nZ_jIk6+|B;oMvoXps<$ec|0 z6LVx)tj(t#MiZ9o2$}r7`+!!di773F;KqW1KEm6~xSv)u)$S^tJN z0Z7dPd=K$`{wTy~gYtb(&1j%X2CNC_xH7J>!pN^*-Irk5=~< zdd7E7UO3o(i_XuqHV-OqhCP#M`K4(K4;g-QsC@5VeOI`W09WOKBcLh#lXx^WTghk} zv4Y6CFe9Jz-@tDN9F0Cm5I&zGOXw|zFG}}ze@_d`0J4T!44T~^0%7&t1{Tl%z}$*5 zfccD?(=U1sB;G5d?&!&#J$i1y44MYy46Yd4b=8T8#W!8PvGZ^mHph~pA$VGcp1&nP z4TWEl2FG>a-`!tf{2a;g(L$U|MJH2qN<_KIfp!9+eLVLKM0|#1Za& zN{_eNMzfW#zMId?&mu$o?DH0wL9@t9vvF(`qD)>M1Y0deG3BB4CD-dN3@?a7B9!q`PNYl zH2b%*VcyCs*xJ)eL~G{NE{Unsj?~_raf@DcZHUcBqpMCLWFbAZ!BQsOxG*@)&!nTU zFmELz8yv11my|F5vWSZo(*n>MwB>ETb4^3U+)Q@VXn{_7V78)arZK z+8-u5CgFQC6XLxSl9Fr*1>Mexzf_Rc4A^2u=!*o)Tii502s}ve&!-RK6LHB{TA4)nqKVM zGwx;SVq2!L2Ul+8DIrX($c>H!=ngEj2p8!xeE4ns2PbkLMlmNA0{!gJ8u~GTqQj`+$bwlIMa_6M`g-Ynu>QG*80+Ze zkM5v3*AKuio{vRAWKDQl>_=x19-#S+DYf$b+GNcyiiXwt2Al;21-Q6M0&>`Jj0>U5)3eu$@-3-j=07Hr(N=tVcbgQJ~ zd2jUSp67ga_u1X&?7r{&e9j-#%0-c6#Ok(0Rnh{67feE{_})wng}Lhtn)fE0I(Kb68XJ+Z`gC(6ZnPutlHTRZ5ix0Zp? z8zHH-;aUVEKjozYP%}0-bDLsl*~t@#<_H|2j#d#6mL?KHG+668M%H4S4h4K73X;Mm zF0|>i*y$VJmO{s6ZKTb?KQis{6)`jVx`1THcf5-$ith&+rrH1$@!5bimpL;hz;Oq7>9U^w`iZqOVI&mSkT5 zT^w@Sk^Y&lU*&Y!grV;Q3?{7zUi-W%0U?R~Ld=}MNXP|#6kgDI>Nn!C0cit)k2<2; z_c^}Y$MSr?9vG-Q>PtLYfcrX0xP3z$A8i6*f#72FX|i7g6>lzZhkvw_`=wtCdAjES zD>3yj^;llxALHBFti1oS*7zxQ&Pls`$L;H``Ci*5zvlEcjTuGJzpxK$BbT?oZFf$5 z(5BI=cNh;&7ctGU40AwFY5*qLQsAXG3gmRL0@oJTVy|n5OtLO_AXWI+(9U@d-N2$jE2NccbeD&e-B0(ICG! z(87O&8qk7=h3wIKQ6+)`S74-y4v(C)8pO_Q3teMwHkdVMt6rO zf7aVco1#m$G#B3D@50qtgWdPp(Tl;6=PhK1sdlYL@5#X;+VD*R5be$gE<~8F*u%A_ zHmr_J!)|?p4UVLXR0L=SqS#AOk2=xv;z}JyPFdyEg1l!Xy*=NntSrF~&N_JiWji&d zPwjE?Qe!W6t3b85c%zm6$+Wc@+-qOoobVB!6P>q3+N|So#;Q>UVvBY~Tq4;kdY7*R z&n9QEA8OT56=y9(^#-H^=}n~aIOt;E=n>m-r1E4l<3tXaFY8;4IKwG5@jmTJY}udT5@5 zOe;kGKoW)4q^*}mAWD2hz?8!G?d=ojpgu1UPMA1dx_*2Vh^R1UaHeXFOSM4`bz22} z=?E5lMcCNm4xznAJ1}7VVf%KsxW`jz#i5g!&3g*k#ec7~RW5>MNkNjpc-UwIzp|-+ zZ$+Xqd#&Yy;nZAd@nF$aV@UAkouUJMu1;tqKzk7AOqz&SJ{^po3W$8?Q72+YW$iNr zRl4D_i0K3g!as)?71f&pU9!2v{4H&jn;t-~X{-6ULH5V&`aGS|>*@ka1gjzL*aapu zleGmx0vo_ihKXaKvMo0X)XTFkUIv1yXX?6CJzUPmHtOsk*hJaMhLe*Y@&7C}{-)|! zW>qKr@eBQ9eK6bY|*ap@bhs&MzuuM$SnL zgOE$ye2d?+dB(3^-p>;6HuKmB@~O%K@{!7(h=>!54@&^SJ#|p$5vo>*?i7Ry@pDwZ zlUu!U3zRDnl-gsZ#{~gYkcmP7Fqp(N)h?x~vW#N^D~#hrR)1yTqji1x*B zttV5|IY@u`ycA9Ql(Kh>0doa)rA)8XLZNbU$tzJ1Yl4sW%pW zsDg)o>4ZPply!@~oI{xs2&n=~i#9C+mT*{|2(`+jvSpI3z@=^eUY1JFPCSMr9mD=} zrlGN3k)3rz{nDzi)W(J}Z7nwo1&%e@64RO_`HRVuqu3N9ZWFGs#nN9O?-g>s#RxEs zD&Du0FK0Z1dM!+ewG^RAmfplGt2h@faNJGb=~g=p=qtz#4pGM%+huIiKPsDb4oA$U zH^L~tqqs_awA)U^=?|cFiz#ahDQjxm3_3h9P?~+2^7(Lb>`ydy%-)a46+w;m!n3{Z*e(R}mEV);^!bgC1lqEB zLC3q49(5_cgDFw>ew)VvUTp7-$cQ_`WkoD~73Dk>BTEK?=&4h23tL#yeOPdKr8Jhc zm&rPRZ9CxC_bVx3GT$|<7D?hRF;L&zU1CvgxGUcf#U2LDls5x1GmF||p{}!S2q@^c zMs>Q31-t~!xcFcTw5orzGGd(BJ_CfzCPf67-pJUS-S~tD>`UWl?%gv*c#%a(K)VR~ zPb|LffINdnP6Meo)4(DDZ(b(O#t|ThKBZ5kJgvm2VZ|gR!;Pk<6^+xJ!i<>V<#%c^a(-)f_@6gtd(=n7Skp;uqhX{+p_|!5To=%oF;zsw;S{!3> z$w?7fMf-A~0sqp@PMPD1Mk*x=z}fHi(nU6*hU8Revo>O)myMOhIC)}J?LU~*_-O+Li(*q3YtmQD+Vdz8vF$Xigk-HYwRsC zJsa->pW0B|>UY7wdI~N|9}v@jqhH?6(NoNK1r)1maAQQt7F9Odu0yAz$$l<;BUQ=Q z%lSeTI6_3yhdaU4nUFtFTLHb1%QI0IlNbLLTE}*^s?cG4YQ{-N^@*Zzbe+(#ymXMW zOQFzVbSI!2eAInKGv_YvU9U_TGY~P+Z>U$7?wZ4iH$r(x{TV@U{U#5x=nK)?nUO_$ zK*`h#E)a^GDn9IOI`Av8eOYzi`nlE8i%~%j_dOm`>d#c6$jdI%kJT^Lm*c!2pr;cA z^*@5PdGL747!=||Svr`{)P1G9EQ7-TNc}8epmd-WT~H9=^h46694TPF^X%kHNx@L$ z-`U#B5X31WJfM^M^gaaP9|x;$A5bMNi?_*dL{u(b@J;;`Zz}I0l}wxTAx7TYcOr?0 z#W1FAZ^^#oS{x=C z9HH*#KvJKMT5&)R64_WG!IV^ycf2nVTJ3aE@o+Qftm~+_#>0iuFBB(v*T0y=Av@1w zL6qRie(uOJYfB7lthC|boa>K7eu3a)F9qmba=FOorrvX!>7k2!jT$1jEGyh91Qv%% zWQ-s!uDBxq{oMX;mdYJUc_Q_|)!P_ns|B<3lXtJEty!(WOMQ|zva=AjLlr86odb&Iwdqew?0mO{v7imUycy z-x{wm+NVKll0)x-sl4vBk^9z4Y@OdIxm4k`M)rUU{Fc&4yyAMc`)lflWofH7I8FvJ zqI_0B*_tPr5eQD7M=aNuQtB4?SQS5iqUQXvbTg|NIm+ndxm)gLCcPr=lo!7F&RyU+ z2$r3MUln{?t1O$P+xHOY1aPA zFOa?dg4)`I1+`C2l-LC_4+ps9NEtrp%UJ;lk@KDiwQ1JE#5)PRTpw`LkDbhNs_z>& zqwuCRKq~u!XhoXq#?oKUKLEVWf0KV8Iy*>I9iQ|eOo%TofjPGpY~%pGL;tAT#&bS%V$auQlYloX>f{ z^D|YER-3si6gQdr8a5*;>i{IA-v#*WzJk);}=#X z6hVsomXQlDtA#!xdH`H*{JuW9ao(4&yLnnwTsKXFXE()TJq&jS^W(?!<0rKYcGJ>` z2&O0qj?5a3h75Bpl6@p)*fU!4611E=fg2=O`1q+&U9^btq`iXSD?s)(nIG<&R&J=l z%-)9IC$|~A=emY44iJN_GSc@e?wlk?VptL>D1Xp5cETV3U{D{^Xf%)qCI}lFOC($g zJzI~nuv+@^VVC2INQ~k~lLEpjoEx$*CCpCW4K=4x4jaE+!wVM4uIK@IF<#tOK)aCa ztSHXdu+ih(W6XUrKyD4UY2{~0OJ!%3`uN!7`4a{Q<$D(S)|rtQUR2FNWUdw z|AmV3x75>r_kVIxQM^>#lSCZ)p}e@3JYJFiqIK0`jnz%2_Oy6dYQ{r;6)E(@nh(z5$X!LKL;@zBMbT0+_1uK#D+-z`&|0ip1O0|i(u3aIaAS?G_m;>T$w781_%$Qf$oxkhoD+((J= zkWAf*T!RZ+L|R1X3XUW(-zt*OiT=sF9+f?QYIodwdSqqFejy5;fa<@H)1Ds{ax+;+`JIdO@uV zDn>N3x!P)AU30$t7YN`&XTysHvLSfQiKSx^dZy=H)@Q3?ErXedhPJf~1a3|5{3c1F z%k*w4;ikRvE|L3VR`115uZcUX9`vopIMhvZy4Q#|jU_s;`*!(<8Ms>g6e5d;AgnzR zbnEUURIQ~Gj^|XPps29}|D=BQCVZC;T7OB-ppOpZ_;iYMQNqo?DNqlAOG|&!m$=6E zkyA&-YhJkiXKv)mt22}xWTB!VY(~uND0P#bk0x3xPUvEZZoqvJOFY>plrhNzj|%fg zu^P@8N+=pnq)`mftt?`%kMvyd1BK-LkW+<+dut=_w>l(0#p_@2Ow-9?z56p!l50RK zTT7sO5OP*k#k0Pqh||s;X|4@&2W>}^amd_Uds?sBeuIO!OF}9=A1`>;r~CN$N`6_U z9?1W}V$|(~XS0Ps)>wP|!g%KyA$pE^J*lk@Q$K*~+6Qa+juz_Dv>yE-Ul~ zPF5MMYTs?4H^B?c8?Ozxbae9GSOukEE2MwiiTQEB=!D$l#GB?KI!&wyQG#gbOL%kVCOmPGRs1!fh%pc-woHRJ}%UezcRAg$qOowR=HO_W} z2x@^1tZ}BkHMsaz-518Eu2$5x{G}9L+W4ChN3YaMubJ0}tCx^59BrqiZ18Q1b2^8T zR0r73SXZqAZXe2!l-w!w{F+l`p_oTIH{B^svdodcw$c%uC)CLf7YPCwfD{o%yFdtn_cY@a?dBokO ztF7~E}#sPW_0acGloso?#aE8iHpH@>c3sI`2x;`VHu zrTnE>t+d!5eNct}I+}^!8BO_9$tnawLV+P~dFzc0ZUMNb^MJdhep~srwDtA|dtNS_ z$G!%@p(AqZYRg;-8OlFo&PEna$SH2r<3E%92$)gRda*iZBHx)(i5(4G-6kp3au`8* zReSsbaRSgWyj*NOCQ5WtH8YKi`WmdjyYEe$0)5mioH$%}ma+nYx6Fc|?7()O8~qcn z-8~y~(?60NNK{b&XiIdoDm%FhT;viS|LM?9%##1Sr4?&5Cd9xN6 z-?(nrNP*Kx!7U^3CPxv?4E4TRR!3SD;MjK96-B%ziht5zsdiPGU2a9szCQ(om&5NWdVSA0`%a=T+>W1}xRg*dx2pVXMKueYkg785)unMZL zlcQ&`ti%J~Rm*abS%TtxQ1jwISR)^y6C|!HsxF`#+!vt5&Wk8bcUwAmFj$K6E zgK|RC5Zr6$|Jf}IbT{N2_jrGRhg@{7u*~+RACYFpqavN8uKu5(aBjL7v3bt>2ylJMFc9?f zO0BO?x6TTBS(qjgx!R4coofZl{m&^-@AQ9d#!kI)@jNd+ys|(~9*o^L%E5QV_+`gA zaeS+7WHSgLIL9FtOO78!$z+OHTL!`{`ey0`2M|x@{ciMqIT-fJix~ja>VU}!x%U%q z-Y{e;cQd+1QwFxfZk#k2#@<9n&4r%IQmN-l4@ZQ#IB|4YoFnvcZLWK0sYFlEDnvx1 zndcYM z396uW?LrOc>BC)CPJ-7%sI^-3MARB>VQ*n!&hR`RBW6(*3}(y(r(9FEA&P{yv8>NT zzU;SYeu3!T4LUsW&Vcr*moM2EI=ms^Xj*PJ|AMFkqmpTlD=9r=Owa5YD6W6gzeKYl zBWNbUoO|Ck$uy&xvuE*|v54fm#3gp)AM=VfgO*|zhs+}K9J{h^9jXjoSSE40>pE{2 zD*6yuok=Ep2?`_{3-<6dJn=@B$9-dWn%MT|vk9H{2<0N9_U|J#^4=lc`@`P-*w2Wd zTmfjV*U;Ble*=bFr$be_V4|dB>b=ehNoju@g=!T)j(CYkX?BK9U!IjEM_Vd05A{H$ zeJ;xNpdzDcdh7?ZeAGtssgtLt69rZn6`$5l2A<9W2e7FCy)Yuy@#!m1)t6?*4M|GD66Am$>%!v2Rmo}0TGV~2f@Y3> zz2syA^${Vm8CqDDV))>x<}IsSg`Lp$1q@KSs!%*jDg0+T`-49E(sf-qsWwGPRCi{v zJWD|yd(=hq$Kz)sQeW^WEp_hrj!3V36UnkQ4@U-_W8Jyp=f|6l+yLvT3Rk-rfl14B zdP;X@aRBufWMN#00zOSYse${`h!*WoMV00JK^JRb2nd#J;Te>Y;W84rRZxPu(yNy% z1hv%!s?WuUb^(^fiuVBG@#E|7vyWL1m0~B}G)1y91;t0DEw8N;kBIqL?L`~J2+f$H zinZ1?$_hl6tVGf$!1ly2mEv82tL2kUFt!25>8WWc+jGz{clp&S4+VtBV{`Z`9UW}l z$g1@0IDTas7eTgz!uJ+r51?Z+F|^-0%T5y9T$Xg$O%4E$ zY^|*wfuw)p@k$dCEIQH=gj|1h(E-`pAJPwS_#-p~;!C*FU0hlOR@ zmq~~$;sWl;VC@LOf2w=*9sd~FU0CNQ6Zo}7L(V#`FqOHkG9fID0AWn{?T?(qxR{pm z+lL6SQrrEPRj(DU(meSC+Fk;IK+Zu5%2FSZGB~i2OaY(K+R}Pbjwj`z9jnX0b}+KI zBR5CzDp;&jy$=ojCo2!00WebWgc$5KEwxtKxURxV*-bL`An%92Kq5L0aG_5sR}E?> zYYwUbC54pWvBv#4*@EQavr1E$C6oaD4l zP=~mhQAEcVMRXcn_A@0r7BPDTX?(SOrbwt6jbhPSR~|OSTICE6ihdA(I9?n4`joR{ zl%!=)^{#9&>8YQE$@=jlxmNpd%}vGAQdu1vYpb5s{dChFrpOh>L4=L)uXhdiez^7K z!6qVE&YKOz<yKl)v6r|&S33PD|{}58sH@`{>d-wU%nfd{JV1w3gQF#0BSM2sxxfsYd9<2Uy;=W zP5Y++CcnSL-~Y}2SN7he-=M{Scp_o>3nU1Z;j_~YSSfGKKRw$*zKpDosX7JEwm1F$ zP=EB_?AThFGvpb?bF7dM_JHyoQLpPVx)ep<3d_h#<~k}aUXE7BRjVff{63f4E9A;= zD3BrrkVfyioSKh11MV61Tr(mE@J@ITnQm`&j)8)P-XjM@@Rqr`!< zA-c=lk31-a!-6kRY8 zf09VEx(92mDiuknMY}L z$cQJo7bCTcjEOAnYyp0Zi#ObWP&PpYaLL3<4;%&4wu=6R-c!9IASC-gr|bN8$H0Ax z;I?K`Ir(b9s9>pA#7ZAn_*%6%L!Ii?iu&OlwMnmQL(n zTR)0X5p@8?LcRNkyGN^LqpIg+r!K#NonQVs(n7?UXRT5i_$_P%-~O?*??3Z7MRvl7 zDIXlA5;j)A2U0#+KGD6fCU3{vO}w|74uyB3GicD)r~N4K&5{|PP1wOi6lg{9f%L12 ztw&}A8K0g{Wx4p&!?!9?AAWgP}g}aYDmVP143%e~!GJu`2y^d(@la9_(3d^Y$;zq zr2tD|UfDy+0D?3ht?b_hBcndis!NpIw-?dN_gwMy1$K_G zRm&q-fv%Nbv4FFdF1dD<-ef{h(+pCPPNjZU_*_8?qIq@+K4>P5F|oL?P3b_}5bA}- zBkvoW_iYHBhXWOE%j(I6D}vs|1Dh9^HZLb=cnn6GJaeygjm+o2s9jL)y&mIW@v=I# zij^ia^^->Y?#0}B!VU(dq!$k$Q0jG2=h=mW8BnOYn8v3=AJ3@yCHr=5{E`y_|l+e|_}1)T9AW>~a+u$2lNgg2%mkB|K4t-SOX`cufDskViLR?dF(($jnpRFY5Jq!fob`-2gmHQOOqF$g3#Wi#Utx_ z)?=i7+5&sfOAC5Gm8YU(e$2UfDfS;sHz{xm>oO`RC|^%S0_pfLFPX@^ATbA5eX({4 z6J0Xr<%)KOjSjwj>Kk0<#$=UHhi5b)>t0&{c$MF-?!l!c2hV!5SDwQ}SU_ZDed_{w zovwpFR-*rTW#*dY7Eb*dlWMKM+%IZ7>$|RB<&f*si!07rP^N~^a}#aMeOi~+u4cg9 zgYXGYkLPWi`(%?r#Y{E?a1k=9Jhp;7WF7^c?Z#n+FD)@><79g2KGm+$xtp?gCIP(O zwL_h8Ep^_N{FpUvO5UB9v_~Xn2hdWuVOz%&1(X|?o`S8RRP%pe#{KVRZq_C{i zNzli1dveK3>YDWs(={GrX;+)gs=08?Pq;B?{)Qu-3C5{>Iix#J;3A>%3P1L z?=P(doD7JqLWKF+3nP8rUpzSeuSUe?6)y&b)0EC%1tq zD5b$v@Vi!zG0Y9~>wKl)k*J}Eo0Bw05ND5J|2yu$&sYG;!2`WPPP5V!+jCbuCdg&( zwvk1@hRS$ly4vNF&CmAeyV(z0zX}V_WXB8`xQewu91En_E>UUaeiWTX4~jss%dijT zJy|7Oo5_JGz4OW(`CZ(ZQ=9&6BY95jB`^IAT(>2%!Z=(kM8{iS`GZ_(+%fhhLP&|5 zmQoBAd2R3>W4N0JEfRHG8JrWzNeX4Iri_Q!NbgnkE#@rC6SOP7B2IQLoT{b1CTs5*y#|qB2iA9!>>^9Kp+odnsSP zePdA(ULBBY1b#Q6Tf+!GJPG!kBF92W;_jHcqUtw-`YyQk6qRCIdc|;T}x7IQ<)}wbEJrLUG0!# z_%){I80PXZt2YW~MJ$D5Jd`6*;ulB{0_s0w_n`CP`f_Y@h8uYcPF{L^CXDPEJ+$!t zkd{18=&u712aqNLBmtA$l04;h!lbCCkHm|ScOdsl6${wF&@01sgQNDZH>G#@8w8Sk zHe{#zszZh7FHp|}If*JSGk-jGR1;bBJkHd3(IAnT6$V9RaG1$u&G$&Em>>tFgCfvo zs9?!~L|yXy2*o?Y#*^_LEUbI_clCUMU6Ye z{M)58X3*}AdM9SHabt%ypMZ)p*NbMutXM80>R6*N?<}rkoT~Ck_R4Bmud8jO`E?27 zsn%8G20pVy9C@!X#RMIB@U?lh)jY1YqYPW~GY{n*cEkGknch?2AAitTjO-5`Ac3&) zy#880d`b6~oH*|>yKQ;m9yHSU37N|aFHy03v>qWr%LhryS6jb?-4p3356NnMNhsJ&yU01j-#z;mEYq|Ax$O5RO9ijdZ*dx6sczc)|2Mt-1~T&sgU)OdzYu3m~1Q;2Gq zUng>b-erNcHzkk$a|s8Mc!8HLl*^;ra&R~)^>I;c4C$1QCjM3l-_jL%hk1+$p~bXV zbqyZY*^|$hTiqPdoyM-Au*V=kd-3d(L0F$}-WmDw+u?)h9&I%U`=@st7r%x`W>}f2 z-(XPUII+kCI!(up{b@cG5uO+Eu5FjiWh4Y9Ra+Y+g>gJD`b0rpz)?`fekMh;C0v^voGwE{Uf%Wo^#`bQ*_jnw73E0jZc~lZ~-}IHW z-js>BrBA1po$MTNpzABD-CsB%$T^$t)l}FNd;F9sa4xoh_=>{rx}!R2MH`AxJgeA; z&8W*6IWT?ctpL&zj?N53RsVH#Ob>My9XOwxb=tJ;@w<(X=D!mMh3!B9T zr`7?A!8v?EP4aD0VhZ*NCOA#eWUmDwraO6?NmTk^MMVvPp$Pg5cQkx_b^>rlpET~D ztm{>01Wzt1Z-)1-4wU@@d20?Z^uFoU!J!H*MB2vaNS}}rMpW+zpv0(=f$jKro9&;G z#E*#Lf5}hyq^Rx&7^B2g3LPKV-L1X ztB_u2|IYcmRqJem#;TF^87_Zh@Vf;eH%{i4bfiS?SF3t80~74e$Qdiv)|~WBz7V+P z-_|in*^o60y{p9uW-4Z=gddS^Z6G0_Y zJzN#FPtOmI>Q{0NTL z=*dUL9GYU?A-AatbDa*Y@46bqMY-c$vM|JeoAEt%$;hJ>wK_U$J}O0QkA1XF-9EVM zz)wsppapd98%V5!`LXof)p%c#b`^SZFL|h+#!Uu|z?R6M&h03S^Cgf($s`y29uqTvh1)b;oS{)KrMzkngufxWPbPOX|oS}4@d2g{XmmG(q z!{A0a*7|mu$`+ZGwHB_o`s&@hE)BSaRbz|}0soNQkq6F*Eh=|m{@4PRN7|W0huMPE z3N!i1*Ik~O&1`7V3(^WKQe`$2&zX!|yp}y&w&;F0GO=ljTMx-;ftF@ygQR=+@^?Av z>-o_JcT)}EGefL{iAu^6Cho}XTyH$MP`F(Bj0;r-?5%v3UekYpmj*fa(w!52cx8%e z+R@nj>&~O&mJ?`15o98xkDex_{TIkxT^8^ho)I0XmNdNP-h3#uy1Z$BkPLlQE@i3HgG4Jdi2Ggn z&ik)h<_Al_|0gX8dEMofSxk0T6D~}I{$hS;%kD@Sv?}yXz}*)6*JAn?7Gz$9NfU*Y zX+C^`cE(eNBpU3>t_4)46bCD;f3?=0f25IwmyiR>FVwS)$L$!W%&GCqQr1o%j9#a`Hc6)0=_XYRWdLue)+b-qTUi3FAb+x{MhU=!c+px}lY_U0+;SZJ?X5l;`WDU9mkj zYb-Rad(LL=ZU+LV*>}O0F^SWM-B@pP&eFI>E6vzNVPv^VVa!eT6*7pyn0#4n&3NzX zy{H{=g&@a+!YqFuijjfy(@LTqfSxftsEpT|Yc|>8?vj)-D@L%a)5RuBu1eedjH&im ziCkQPy=7?{hKIkb$6p(pkh0tnw-_r8B#=sW9nh{hR@&sn%=deu?^7zz7L62Fp{)^> z!~nq07G8V_kxs1Kcl^my@?ZfCfU8y^GFE!CSn(Z44x26P&#%Ac(Ta^3_pr-jzGO?L&>l8oVYqW zwPx=wx+>r(>wq9n6MU+ru^+Zg5A6zM9Y z7#PRBrgdk0{vq~OFMpAho2^|!pdlvv862x@iB_bh(ses|*p(GG_qTU)@k9;+^pzPt zw_MAhKWnaIaQQXCh;>wMGUTX+WJy#vARYBG`+1KCA#fNx8dhObV;r;1T@_&5-Jl7G zZ?R9+l(X&8yfjYn#o(&R(q^+Ibi(7+#Zdf_M789sn>7Fmai$7%I8%P7e0DOmQp4+( zYH#K~fCTK9ns{RQr6z)}qr!P(ulQWVx*9K4Vh#dvBvWsAjueyxGlY$erN|n05ly{+ zaT3-9n#wqFO4d2k`YoXzRUQz?3UvF5e{$cUT6K5Y)Foe%&i9B1CXsxnTID$8Mcwct zfdRvy_8BxZIf*AudP!ahw7wWzPkFZ zFgIh2!2hz#MU=aUJ8L(EtF#YROe!VowwCW%D+gy||0uho-BJjIOXy5WB)OYAZOVDu zUmynA01;0YN&*`$raE46WT_uJC+5)+%PnhFsNk@zrF4$LqwPDcjpg=iB9&!$+s&xK zrQ8qPv&z?;L%8;eXVKLUH{>7(J0(j+e$Ou>Ua*{4W?x#BOZlwg1>DR6hlaF#iRm_J zCazh2@cy7PPBiKiqL@>pCEpZ56GoWJ0@7AY|DkIepbqk-~p-h%?}WWh%!D zUN5@PZ-?-!AyC8uBeGPpa!)Sqo0ZS$hovA8j1abSl~uk|?Yw#{IRYW_P-(OjfG7>c z2yM+5o9r~TNJL7>GQPNy-X4-=w*69$TxQJ#FC8Z(($B&Ic?z`$_Bi^)dT>vA>XK4j z&8Nm^?_rXxYZkoVuG*HuFD@xA`0FjjI=zNT^~0NvZwB*B84tddsyq$Z!}ut=Fsj#t z5fmPaU7EG4cO!!cP0rg?hr3#9YCH=t_z+3G<49bPoAIuR79*U*8X)~2sot8rZ^dsL zdDR{Z;8h1oABk#CzCdLSZkFZXIwr@OtNc*4z}^{2L05&Q_uf{uMXw8+Qar|cuyT2n7_8D4D($lY1`YdLY8dPT z$iNOW&bt6suOy;*2Bd`l$IoDT1$jBsxagy{?zvwk)Rr@upppv!#s*f38-B?XjuREzx?)$Ev6UL_EP^!dfw_G9K{klCqSFRQk z207;4Ue#QFze!vR;&9lKOdXb7vXO-js2r~P zj;6qe9n8@J-G0N&O}pT-{H!-4OQ;I{cXXP;$viDrguUf)rlC+%WrVKNc|3)^x(4aF?&ve&^)<~<}8xLHk}Ych>Ow6s!)({G1bF~*yXZ6 zxsz4$t5w~~mcY{G8)Fv!ZL@7l>;}ub^3_isOBT%!AlLw&7J|`-m$aXoIDaN?h+eSK zV!|(AcR8)&<+N1^VwqH7``}jWvw)>LPww;zT7Ej&JqHufk7m?PV6hR8<;!Epe8_3_ z&an#N+=1!lM=tehmfu+Y{*(i+OoL&JMD`hWM^Sbq0DRUA^2l1$X`}GCgkq5%#o^Y- zV6+eGaZ|4=kEB041FuW$;)HdS$Pbvj%NO9L)tIr&EAlet1rLjIpq1oc?`TCSI~=2m z5TLbd+X5Z0aq~ah8F{aB)FNtj#h*KVPnP015N0%S+cN1M9Xru-93Jai_=;B3t$=&V zy66|73k-e}YA`}EHA$_zW>*8v&)yWA^ z`c`RozEqetFN)(XTfyJD^1$b7+e+H`sSq&AF@x+5d0}SC)xwl_7r;ZIaVuU(U|w>%~!L|)XAaC0}h zrj@%@oLi^&xk>lHhDE}#rOuW@BUg)>4UBRZ2xzLTwR(L5+TR4muP!h#KzmJayxm{p z-O1POHODe)3q2T3BqB#;%IJC~aWk!-D;5 z>eIyj%4gTcBBeHE5@~u<)Po;1E^8N7*x$mNd(g&yZ**U;L05nn z^ecTybxAfAm615Y?b;3G73B>)-K?Zr_y~jY#+bw47WN9#-j}fEXAsE5IqU)+A&Up! z&u|XLrmp;6O1Pdi{IL&5Lyt_gLR*pSHoxVnPJ+Kx^`Jq51~c`nvF9t?*{d|p-tC32 zUEBcw=wjvvFTF+L{j?!YOGoNW;wqrY0b5c?)MFz5%4u)~j=kjR6qFM&rL$oXML9n$PP(f@*F&5t)Z2LkC9$hE)wiX*FTjVbQM2 zMdK=y?-)C_XZN8Gb0UexuY^$z?GLEG^2*>9llJ_lTA;~dUIUb>>(lD}!OB{u!2@o5Br*4j58(pKTo9P;Zs-hzs)4o-~^>Tfvf1x*PCWT(Sfq?7VL4 z0-7Pnqg#yvG&@K(_2FtRQW_bB^=Nmm=hiENT<&Pim6rlzAvICoA% zWtpi0UE?yS0OpLMi^d+;66j4IRIxR{8@Wv03>Cz<@GwWsxnh2SjKtL#n~DfeT{**y zIfbDokEn@~pGP)%h4S!f^J$g)J7+)JQ<{x+e8A|0L5Xgjma5365x6bUMkLNpK(85J z45fsS5UxCU847ZlasL)%+P?s%`13k`gAkO9DZjMjc}Z1MmO3F+Y>{&54B$)r(`jeP zUlrPapWOe0A){EhJrGyKceJAASJ9OUv66nCc@C^R%;X?mx^MAPQa}^EGZO@UVWJhx2oPX8B@-K#z{}~P=2q~j* zKP*Zn8y3H4(LWymAjrQ5!~Xf`|KUgf=aBx-Pu1{A-b$K|^sRK@jd^mDlt8hW~@}CYWMBR<`1s7Wszwx;>I)Y2TAPYCm)CZ=vy4;^sm}Y(@~ahSwD56F*5( zKL~iPF3fL)vA}CWb#!B(qWIGWvOuwBR4P%Xw9jr|J8Md<{wu@knxmbzwahi4Ug2ex zB?g)3zM(+z^<#T|fl+FCX-w2P!NZPMd)xftPNZJ!al;v*kt}fFI{0UD;LkSrf3puj zjV%{0TlZ{uWj1^dV)q~Q^8)auE#4aZg`*GpcrU6IJvXCy|Hsbw+Wh^f~RItqjM4(Ze5HTvLYny&d%e&%}p z8Hu1|lxDC43T%Ie-BLVn883Q6Gyf#HcWEMddhQd&+W8Cdt-|fucnOiO25E=2R}>m7 zt!Q?Hu?_?Dc78{TR#MV5jDgGnuRr$qx=|$Kz{O`{6w+Y#QtK9Iv z;dLS`t%pepFYf9L|7EVR{}%;vzWY)Cn}Y=qwHp%i4sXRa7Zl$?I}ppJ7kYdh8v3(H z0_^GUBHwp8k-fs07_d$dxx2noX4C(Ss?RLEE53%M!&2fU+V4%A#1azH`JrTYgUx^o-OoZ<-MpF-Yk_{5(6ijmn0l+Xx)=JH}D~P{DaTxJ%im8zkse616?5vy<(Y7 zdRbY1r4EnJ_TgIDPHo*wgz~AWyz6ENpIgV;z{WbXiiEgk`FIt*f5iGEiQ{=pwp|Vp z9(tQ zF#^@<(>jj~D?^o1t3G=QFUbo+Yik-B1+=bKa!EBrY-r4?qffd5w__$)NgkXv_A3%@ zE6}g!uqfl};lX-(lD*Xe;W)_xmgr#)f^XJ%u%(7wZ|q-V`~?yS)GP^|L<-PT7tYpl zY`HQ-Sz#9O0skGksm4#RwdN4kF~fI`m-&=wl;SIT{4FI9hB*`YcGDhKcx|SzbWPIN z969N{hJ9IP{$|y!3)`fY+ySzBMi73dh{7SViT}gicZWr_Ec?zdB#|IENDjgv8Of4^ zND|38DFTu+0)iq*QN|$+L6YR0lnf$4fgxuEi3XB@pk#@@HG`<<+fp;uD!Tv%j+bHNXyg%h{e-c87NnI?ZWlFJN%A!FNe9gepXHs5Y9YF zpFdi3lE`j&s!^WjPTNZmcw{i4r%%m;QQgB1XSSO`*tk$yDNS_IYh&QPDU!*dPjp}RIcaC<_f^uAA0+(Zuf0r_=rAjv(>WS4LLWuuSvCinr_P$@rHpx0UD-iPm+={+C ze*iSG7AH**a* zEnA$juX^>%+uabqDTWSz-a^$4B%Ra=0`CWS$#F|^MLpp@xGVa2VF)7Qfrc6WyH5{n zCFFoBSEmnN?stQ1md5TqD;<+*al61r=X>8$#hg2J?~0dZc@Q$cNjjic$i7+Q`6SoZ z9aGm7*DJ26g-r5OJ$^wjhF;24B75<~B1M%*(h{-#+UM55)oLOI)It@rr>l1~ZR3NHcQ45q3Gc!p(cRez$=Qias3!3H0wMiYYfp^3AZ>fI+nT+q~;RV-k zd;`fJRy5=S=UVRpnfALIV%&^`)11w22+Yr;cm)Op!DS!VG>gtS-05hvezTQd>Gjz@ zoeFPCpDliSeq%1rE+JCwv()+I%ncy#wnt7oad64>yuvyqNvm{(AUMX^erwbI zQDUY-FStkf;1+pC`qi!~g;&;7IcL?}10_kaIi+6SeDLs~CZ3jl^d*CT!LI%rSUrOk zT&5FASt&!=%H%Ild=9yLkpBE}hibEXzw5Hm8BhJ;D%rv;!!&HmU`pnC1$80v=3Ud- ze&gI^+;+lu+w>W@Wp3P06}RpLUm-1@rs}l=y&3+TW1sS@@p1rSI*+wNFHy0+M5j97 zQN1^5P~;&~l!0Q!YpKC7%7Ul$e383)MI#Rx4Wh@0R(yi7LDDFHI;kuV+~~5)S*#Xi zk>Ra)W6x4cDI#g&SNdt^!Q)Yz^YFnT)$Xk*x`~J6K~9W*H&+vS%1o(>)^Bx{63$c2 z4^l$GIjL{E)`XI}tHCj_dCKL4=2GLlV#Jy5icIX&AH`B;jg2n6$*kpeJe{X2&F2ty zD_@LZ9~c(gRDzLHrZ(G`b$3wj6y-LH>g+Wmxj!hK(B@x(d9-HfuCnfaZJ3nq$rv_w zE*n$B>zutWZDOebIXmz_a6+6Sf=TX$Htra8qm72L?g#s4V1QFR^BsuNZ z*{~1fK);c{o5V9_nzYDI%IkNEZ$B4HT$N`hmEwzX#o-!YI}ZhK-HE#E=I0OGXI*Pu zEQ*%wgIx_g2PIHcpWd~tsd(TH!-myiAg9U@<0;vX_UHFb z1IeM2rN6HGg)(xFUmd@SE8N@QB=C~%ZhFBIasNUY|0W|zm%m+0#gmG->kf$*JZ6$p zjLthAzP5+ay>Z=K1a?{*zf7=QDvON8X4|4ub)GV8@}-Cpc1;QtgHM-_Zw<`f%F(W< zzCJ-}L>>Hso{uhU)*NtDvR8-{l*&z|6#Qf7nY|>Eh~E@@4xm08oR=tl2SHRx?1GKL ziI#gFF1x6-seK_a1)|D|x^? z`7qlg>YyIiZ#LiWa@a&=T46{AB~8--xv#CqIpMMP_~47B)!Ps#Fje{GkrszOBs2Et z95eSki2Z;7H!HzO3!T6%D13qp0ytYw6#KP9`Q~pRKQsw^wF9-SS@Ejvj7U3(c5Twm zk$CQw^Ig=;vO{Q22`w-J!+@#1#elwL`BBa{P@C5w9_yMND9zi-k>{}Mn(K6uMUm&2 zW0Zl+b?djW+({PC7zS#5-P!X#Gb7lGUyUu&RPVnbp6wB{NT5Uql*#=6fb;)wA9OB| z?VKuq)6<`HGqWOPnV0L$c&&uTM^~BCLws$ePvh!{R5ez142Xe&vY1y&LNIYom0jE(yomTM7#t35>BdDuMY<+Szaj;=k0Olw?rb?z}(I@I_0$f$B!#KP` znclKZw0%*`HA#1o4OFIVV>ag{%L(HnB6byExhwI{HQ6mfJRsHD7=D(TAZ+hu2o`%nB?_I_@Sc zYJW)q4l3}t;dl#ba&Ea!lzB&IO6RJ6RJj9cvaV!7OH+m_Bx9k!eU8f{OhK7>?OaXK z>BEaDLHe$mg?wix9;WX4vj<$AS1)^UHU}X zIlD=y2Chkh@DomFKC_e+B;Kq(_p;+M#f|6Kcu(_o6H4Sknl*zC#p8GS1E(?=52KB3 zEA>L_DI1-&k$y&X@*p|M7ZmKXJpm(Ax!I3$6y7%*GG_zhUv!xbjE`*=#>u^5Dm3o; zi0ab`ETCV;wIj3JpTmy_O%h%=57K|mv+sw@)u?!C#rKBXToRf ztO6+>d|F9u_2>0|r!%C1>tLjia`LlM%`#F=T0q;_cFQx&vP!j3;Y7Q{-E+m7GEm2j zB~E3D@mpJ!d`VHQA8f)^OW}Uyt@N;VU}E{KVpP1SJEmyvZF%-Vd@IajmsHnzN`;e= z+nkIkG)qm5Vs|(T3T~FoGq_amJPN%citRhGyPl+*LSoc8UonVv+Ezo|P2Fx$s@KWb zJM@CjJFDy*m*Z#z=!ye3PmeW%Z}X!cpGH&W!WZ6~56{q@B=dV>3!IU+>dv%XuZf&~ zDd`F1eFdJ77Zq_AL5rT_^j_2cnxK-%Y21kO3b$3R@6fymm`+W~gUwgfqlJ-_YwnSs zleY8JQfwUWr>RduB5EXkj%GAYUHO^F9lfOr_asXo(OICRa0mP0AnmOv*gR|A63SIS zHM=un(~bj!$!>SUNy z4!I;0+-tH}(hF%m71%^o#4T_rVX^NQU$CJK%C8*XkDRmi679WOVTb-gc&DX@q=@m4 z9gF!(j(uX^fVLG+>Wl2#N(~Z!194S#Ct2WTG7G*6j3Y+sgm@{r2*82CtrEKxgDdHV9rW%s4OXzAi_=fYxs_akb%D>Ji>$}myL!Hd5 z*P7e`xjZ(@FiXW#=5q136zN7+Q9~>*fPRK;97nbPY+|1BWlsAM^#Z17E0C2qVn)Z_ z9U>h|lQc~!Sc^l00}@lVxCc3lvbBh0F>P~WPeeasnrQ5u4W1W45dp%$P%%ZNfX+@l zV9GF#quZ}=sLCe7h~gxyzbTw|T9Un;NvXDPhS~}(AN(p_@lSf~Qm7}#RE(H?l#o0d zqPXZ9wm2D&G(z055u`M*J?fiL^28ENh>c9Ne6cQhM9QVL z36Yt+WX4ti7{rJX2WgYm8t0lEy>UdP$MoSbuhL7>BNj9;3}RS-DH=k>XoECay2yAh zIYfQ3^+YR>;W;?1_XDa0_3u;+U;lswd5@b@IgCTf?%1IvXa+ILa7OvV1N!SIAMMw# z2YrAv&c_uT6}cJJ@=G87vAo9Ac09 zNDTUV>b&%PNkf{)^y6;)X_Y9t5*Aeo1DwE;*}_I?u=l7jN);g%y$;@SP1@6Oosi>n z3@yDI9E#SJ6RdFNN`;qFs7&H4iN?Do)>5xAzNcPteq7U=6oPXg@35$pJr zUs<9$=IH}vqC;p9VngWM=IEUDe_;ycLk+7AJ~z&6HZ4g+gPzmMb)Mewze?#h*rL!# zzAnupkYX2(76_K;hv?i!UGoO&l>ek>#GR+hMhL*%FLaysH^L+Gr> ziMi8j)1q6sTj;65oXoEFW*m0=n4^OuhLlV%df!9KDPLqBt__SUJ?d!Kj>IG_r}Yom z$wbakCfZk$^kF7Hm{}~}``#*IE}nMviV|X;9urxWkUM$dc+Y^_Y)zXA6J!$X@8^T951S zQCE(O{F^J7`^kYhn!oQHJV#|syd$u5mlwWMmgIpknqc}l{5Khu04C==qJEd9O?Gdr zdsz8MO`tH_a-d`=#vhQ07uuQjfU*?@wXHivTa7T*f^@|!6fSNSZlP6+p?(*_Z?XW| zj$}4nalsK5%}A6o>=7GqK>NQ?cPuHC1L-F_#Um=l)!~HM%wbpb)vn0Ch}5htUa^KPHneRAl zFf&2Kb&l3L3p0~Ql*#0QB&kCH6s>Rh1ww^kAe7n>br9p+BBXDqnDP--3vEuoOk!gETfOAj_J;M%P{2@590>-sU_f2i2P$I+$EXcKWeH8X zQsEO@f*7@6^kAQZV4%x%b+FzzjpcW+LZ%K?bO;Uf4OODM?Cp<1EtrwPUpX67i2~$u zDXN7OKwBvm3TRhBhNqQmhCx#QfStkp=I^i##l@n zg&4YK733FRHP_=F1(;T4j^zkTYeCSb{saeCm`WvIK+>R8H!hI0&AB^ip0x<1k|3ap zgvEHa@e3pvOe;Nhu)y-C5VT4^(}%Z?g>J}aa0V`_Fp4Xa3RFIzNPVf+f|8uF(qB4` z0@H>+OE)Gf4>FhGUYmTVberhzqw7`iwHIyAeMDB7cLbSF}gZJe!_(4oP;jUm?Do@*Z0=?S-urC`Rb233dle?VY(Cn&v(hR!$=&Jqc5(Jcw3TPIU z;~$zA(~O+MbY7Xz-J*-C^|G5nWN|a)apR=h`R~Hr)sU2Pt#JZj(V+eQgiE2!rVn}1 ztTTVseMvv}C%vs=!)*4knt5U{Gnl<(j&M2)BrRxlPaa4N)<{lfEK7qY|Fdmv4Cg*f zsI*gN1RwzgJ6L6)F!7^6$!;+v^F(^H9x)Bbx`NFmgCQnDuqI16>9dFSe9opD3}ubQ>qJ-p z>&Rm|`mrL6^s<*y4fDiMz;OY8!v2IX@muDO{lz3h{m1k^?Dz~pY>i|C1|Gg}yB~D) zVVTE>ZnnLA-hu6_=ZwRS?EFPhPf&k|X+}3^Sk_A=v4FYBmd_c!|)?IbFDq;t1UU%Wk0gQCxYnezVk3B(}{q7@??HmClHgqMCC^X!|QQ%G` znZwyBOPbj{Mll%tG3oP}p~fh8au%L7HI)iDZQdhIpnnqK7>*!#Ttz0kaDzd)^S}2k|HzhO8_kMC%yf@2*Q55Y3%R#FFoBs)1M9PB#~qI<32q2 z+ky*>a0l-okp&r&ZmKj*O<}ep@aX&#JpP+s&ZrDNH}MDnKtRjpgh3+Pf@sW4POjYv zL0FJOJ^Px+BVF!hAAx3U?NgRitu;CM967Oglqd}Ae{u!i;R-|E5n5q{Yd@E7r=QEj zPm_3t#xuWymAly?$8lbgoCIIF6v!)lw)4I~; zqU>yD3{Qz|2!eM1KyJpr>W*kaJ0QwV^vd*Vo?RK907_q6!F|V7&jyqp8Lz9t2O`cK zVsHR%5KQj>26`*E4}|lOgPvD9EXNSzs!`H{r(&n(PUh~9dlA>56pKKrKhErtpPVp8 zjl&|L$<6*YSa$4SY)dyHZXitRO5^~HU+H2#0(qMNZ{MvkTefm7Nr zB(Upgz_x&NRnybgXp_ZDgM!L+uHK>Px@*2dS1Pch?YL635?xpO0Q7Ep7!dc5L>&H; z#`t5`_%5?@$zl_LlHqWw^lF6aNnC}G^1mc8BoCfC`^*pllX^GqLtN8ZWz#vJQiSO&Z=?8Au=gG_zq;sGKp<+K-mWmn}&DKU|Y$Q7T((1 zIpDB+WM1|_Qa@)}s}EcI;$u=le%}#nS|9576_di_>T7pITswi zfgs;Nqc#xrJ&sm2xP4r738}CgJ$@@wuAv>@*aC@%Gf1X%dAvGlhS<%!I0(4KBK&0d zE)XZMd!m?wVTa-z5FRtV!ws^l3SrSzuJ5{&{jLOtb=%)HjD7G{=(Nj{!;~B?oZVKAn{Qig)O58&HvJw`wR)qmZo_hXt1;@hNgFYID*XK7>G| zCs`%tb2JSSGOuK#W;?mA>ew0j3Ys>V4M; zmyr=RbD&;yv7WJ76**~CDtGq%4&ajQS<;Z#h*7J7m)v5_Bt@zA*~7-%jTw=PA1=Da zwTkS2{SZedl~$OQ5*@*sv<}jN1OyGPXB#dKc6xGs=I-KA#LF$LQ{^J#G~m&*X_KwI zLX4L|xJkFFX*=S@w`gnc>@vbzrR6?If54|i9Hn2mcQu8}?1ukDgC=l2Vc8w&TMeVd zr3_!UVJX`_-$0=^W9BJ>Rrwbe2c*a}!@r&oWdPy{^U}^%CogHmSqHsbh@Cl1=_#_+ z--@tZpD2{l%5Vd7DNBkC2PZminKGWGw7R&w$-K`AQMS=ndVT?aK(X5CS-gXAG3={gTj7 zpu&qp?Y?*M%)7oqtjc>~Q&MwdCoM!nI&mV&B2u;Cb!Jt~8P8`_nar$%!!^ss8o`H) zlSMDzJfLExf+50R6jjfK@ zJ&ib|Qw2F)Tf!ZCXE@eul~_$zJGgORa`nn^8R~kx-@WZ(&n-UODrQq<7&|K`lgG?$ z&t<*x=F%u#GFjN57?w(FuL0T`QUyWF@y+Dj)|DLlH(7}sB zhBJ;7Mo4d+xa{_}4U1%{;J7nRf>cE}!lsqYDe2`H*1y7shCFTzzCLZWlL^5mQD3tc zo^B=)%)^aN91RzLur|M*E9AfRJgefT{~(KSX?iN79$0B^R%G@btK+^jR5-?BSWJ z%7>jN_Ab>i%?BhAt|t4kI|}98&MK?F*Z6tc{jH?9-qi+D)yp*TC%GwNOCHx4}r zcv6J+*=g4&s?Fp)Ab8R(LE%QAQQ%Tw&V~}hS5_WNn;Q`F$Qv$BFBDkWG@glS51oo* zUWdww*(QAY>>cs6mI(2sl@W-c;mT2YO1iU(;5^gnB)qxrGl;c#3vNpo+3H|A^o4>o z063RC@YHr}$Sa}~Rxlfl0tS=W6!mgy*vrEo4sL@;a0aIb8P>n<$h9j)S)GNl!V?8%O`kpR)eDPhJ0^|Gt!8 z|3AoyqrxzM2pr{{SiAk=S`0HT-(qXM?|m53H+WYiB!KS<#T-QZ@@mj#PF=;!1rnAJ z)zY<&o%eMLlD1nT6bv@ERqARR3A21i-#*RaJsYN8bxqL~pNUPk-kh(xijv{7F=Fgm z*7TirM$!~r$&ycY#)*%@%UQCrCuh!>PlA>QhvQ;LqD)|qTZCIW@~v^|)O^_>T2G*X zmSkYWpxq^Tgo7F=6|et~e6RhBk~f7}hqlW1_>t<_LC%e8N%-!sZ{&Rh<=&{ON}<1F ze{L$#9|)ziV*^v^4i$i8DH%7IQqRPu3*g@uK8>tZ5Lki(u^AVKx0WgIXIuvjzG>wGqFema~x>~G)MAf4jm{Ui{k4Jx3N{!WJC%Pu{KU3Gf9t>#?xONf z)HacA9}OVd{W7PDDxOOxlrXySRkQU-mA@{pxMVW`C3x$75y6mK0M)>8x3=kjh~SI9 zdU2VOLG}u@ufOP-Rlm0<56OWDAh-=OF2C@S+IunlyqI}n!xNCD!?kShYk!;zf$Xt(&>yf)d(HhvN#>S12W+A7N zvt-C&k*yrjF>-mI6y&Agpg?48dN%Ca)&2xa_dN&7D^Y5%Gamj4&p(RJf>)nms8;#~Ff2S>*z$pwl( z)DbH!Z3v~6__DpJj|QjUJgLjGz*^=W0^+l^_3V5fEhw~Xq~f!4M@~Ov{-WUb#NbVR z3?aXFe+WM6wl;VN!{(&1z82+Mbe9m1ggIQ$EOZyj)Gqk^OLamH0 zeTE~yOD=cHpg)Fktret!9j)W0LMwOk0aYg4X0E5HZBe`ryIcdvk7?-i&WeEMDQFrF zDwF32PNYu(C(>zG0oOa@DWQQqq{FWcy~LTUe!UwVw>9;E$)DlJ-v7V%%G`f;o$h~V z|B>}S)dAgi5uKEg)#nOzl*<@uQB!Y#ud+YC7qNkU=iiXO=rW*l{DZKdbZhB{1>}aA zH!*iPP8aHo51Rc5O@&ICuzH(0RbLl z0MC7)|FvLR{qCXQF337Ax!gNsNj=@4YL2yt-rQ&KV=6B2KoNMp%LYz1_vr_o1M7-^ zb3xLBm+F5>L%*<|eg3WUD}RzdEVAD%+utk*+Y3(lon!Nx@Bh{y{_cWlclYi>|MJnc z@ZH?E0sSs@{M|kI{RIb^_X7XdMw{Yu)%(9*!Iig(K)@XSbEfPsGwC<2h55nOKHLA+ zX#d}0&eX6;BUP@1uK=er{vP1UmtOmP7?_pr&op{|`x{7Bq1~@x7rp)S$g<(>0S*nz z;WyAn4j?ZLHxfv&wE=Z_4CJUx%>z=LRH__&1NCYC=l#EtpPELKc%s*PIA9o$_bha8 zG4m-fJ1G^A8%-(1GA;uLoHzbZj_$uCr3T~zqf60tIIyrEI=HHKxO5X-A%yUEQL^*F%QH{ftU#eC4lG%7|Rl;e83I6K{L8R~}>Q zNo?ihbWKx3a)`7Z~n18vzg3+smxcoWeoYf|ISgA?NHiOHC^J>A#yBQ%7 zISrad9Q{kFJCSMfx_ger%eAc=xygr85qS}Za_jjX=Fh|9DHa>XQr9JlfJ`0BDMcE# z#aW9l@zR0(mL#y7T$krXq$;8dq)S8GJ~{40egoaQd(#{9;}JU3a?q~`bU~he%rq!I z!QLBE-#Asxn$}vUI;VK>erK2!`2tHBB7&FNE#CfUFCAILlPeluj!u{*21MDhnCFf% zmEMVKs8u?P2W~gZ0MQSL4Sb^Qn&1g4An5_HG!>V~cA@jR^DA(PxQ6HKduSopHMv7) z@=r(hGSlj8#+VEDbTlKOj=ecqcEjbFvoxjYD}ivfB3$(8E`I51_Kmi~cR7EfB)=-m zfBE~$wfeXBrQ#ZV8-Bwg{k?_y<^P0HE7ZRH7>s#5x&HoFhru?ed(G?4RE*^HjzHxZ zlP3XX;o4#L9A&N*AyFkY@@5Cg3@eA(;blz+Z-<8Oj&AMyy*nBAhT>FtveNb1f$TyO zM&AK9{~3~}b>~OlAAVl6>JVehM!fpEbJy6)r`ki1YK2Oe)xvgyigBnr9`VF<&xnf=4#A$Ig0UCk8DAXcA{eS zhZP_*o?gq}+_9|4l}GS7;@!Yrs34WE@te_&*K%3a_FOXv{)GseN~^SOn5*aj%JpEJmo z$LwJMFilZ8fM4kwCP9MF2~;uTO;AhqQskiJ1!&h){-B8*6kaM!bi)@T@Q7F7S9EE? z_?v0Nk1x@7y-k017b8Z+BO&iukFNq3tka@uCtlJ9vYJtDkBTbm zJ=Otg&L!%?Qina8Trgy?ez4b&m$`;39JF@&Nj;D;na=j6Y*+VkqlaK(v=@2EjQqiv z#KVSK^>G!zZ0MLaTCQ!o500DpvwflB`O$)D9lJSXI$ zbYxiY6|hP=id`fH2P_VnP#P z{^;IHYr{ZU(vW^!Vo4f#vjCQb!}OQD0=#xY6(z3}?d2nBp~qQMqHDrSM{C6ePh0aP zlM1D!C^^D$nt7H|svKXp-TSVUq`La7VikI*od-<^(Af#RghFO=8s=;XIbUiA5-WIT zFV(;7a$?RzC&*c0fBo3{eDoZZSj_~9xw_p@QC@GnN#+VL!wp{jH&+JWqL(l!N0a*Z z@8qGK#RAf|>AzXM$Imf3W(E5Sbn79vpyJx|&hpTW;T9Y(R?Wnd`WLw+mSe5295bTcDlA1we_V0XNZ)RtU-RT08+Et;G|xs8A$_ z`A4y5`%5J4w79VRdB~t({gq=~aHO(;usoR8{qQ_k(J_aPM8c}<1=>KSv#=7Xn3-8W z12oxe&gyME!}f!Dr5gw=6+#l9);06PkD0ue6!?y`!U)ic9@N58iz?dP>~N@Aiih#_ zre++u8xKHPvm?n>1VBLYiuZ9&p#hLDg%-}Fln`jWlDUy~UAT`V#^bpIov`SnwKIJK z;-tYiCHy@?1|uhQSA;E++4bEnRAnh+nqX75-U*qBQUvV5chg0t3RS6j1HKIS-p>ly zdKZvEI8s`~vYDq?^?;HIM=hYm1PAilIJu96i57-qgq0uBzh5X0r$c)L2d;jxU_DBy zjnDkjp8@T^L>dq%@EN23ij`~9Uw`-?!vjfbO+7KT#j8NH^+kwfsNZC3*W z37j$k#t511Fw^jRT8sOB+>?-=JWypZ zGSzSw@JXXMB?x$jYR^JHjN2IShR`T?Kq91fH^c@$0?uLl@sK7)_@sWGXweOBp>5!6 z<6OE9+!>vEOCYcI6LWk;a0o|Dqhy&HMn^FA#^K1>dqBNhlr9(C+?*DAjJ7DMr=HS; znBjsXb3M>qtC~Cev1vVv$KNtCzyPhF&}5*0Im>8T5qXyY8EF}isdS<~{n?8MHA|Lf zyaFHD(bnn6V2;_6Ld$qT+Dz5KW|uFh)qE)FA|*wbKW^7!$rKM+vDq2`%s_WHVA#UB z0PAE1Ds)B*m6Ev?f;XIqv3fSFA=4etro(RK-D&#=Ov-s9b0==|+!HjrKs$f} zl=TwY*TmhW?ZRR8f>ps_3r_Ln^P>Uv`g9E|AS01vc7^p=k6# zt~JXeWmptuD3jSI-J~K{$xEtO?F#+8RNV0iMR$gHhQ6R7203j#-y}D|(yL1K z*Afw|cZlaFhVNsJmy=_U@V;yg?M+?M9${rJM+#JF*(cZOV;5e^vd9Xaqxu?Jvmt5c zGc)ZOCVz90$Rk=Kf9}aE{%SqR*Rw;9ubDjq@gr)h!(5xhU z2A0{t8!ldWHqqiGP)>hIi|woz7KG%A2KE{Cf~oOG_nzP?Q*wy=;#@7Qdopj&`T8V3 zBCw9q2Ocg9+^FCNjN#j!L_U(@#?#2i5@$2_@Oc?hBfC<%i^j%LYmaY)mW0VJ=vSN! zaU7etT4qRB4xn_}A;DuxykVBIzPDgA&Q@{whkhvVSY|-p)6eIwEtEiMLXzj$ES(P=+|YW-YD~u7ZAl=GDTGn_qdHlVx4xNY|N2Yk~CX zw^C2)<>eLLn|#i15nA66qjO_~Tt%=1B+9xE59{l+&P$}5QyO&>=n?5wEu7#Db@(u+ z9LBf&4K$L9zj1K!{c_IpT2ZCdDhQQi>soH?v|$3X_nE$=h`5>X`Q4%ItyklUysTfA zdmEUgi*(>9We1%8CrunTWJEOZ>_AiHPl_20O$qoGbA}6tonl;Bx)WZ!c*f$s1RwZ$ z{aw0(B2C6#PL_)9`|x&zf|~1;|GD4!UEtU62avxerv*0Q3Tr5yLXRI<&yIVs_|&FT z%Kcx0TYgypp-20dMUbB9xO0upr$;Hx!&&CR>nzA?dX2jTuWI|5EXCk#h4{aIT|c!6 zEq{>v^Ok0Ogh^ydbW+TAo=rMZ59l?!|KG2r`ld`)+sDP#`-WeeU#`tysz{CMz7N}^ zJ+QYsuLlp|hH9GP+(&Z+>@4|WmVrO^JpR6_zyH5BW-Ib&@B3f*$_PPkSYJUe1CJt$ zeq$d+XhH!opN<&jlKC{@Q^mSkFtYscl0^Y(`eiZ&Pay4fNqg3uG?TNRv+Jybc~um%6D)D7F{w(_rs5$fpQlgv5w08NVtz z7KhL4o5WX4bIeM;$m#_sU_q53OaO?mHpRjtxL$<)Vm8|mA@lsD*r zwlDqKHin0@i|n=}nldN<*$3AvmPA2)VfQ?syKK+SFuq`XSbR$|v7~^1LY{2Js`uHV zJ>QU6jN~HQ2afSLZ~%}zS*w60btj%HoTa_%#rYcmZ1z%%*3_PBM*Cgpqk-5+9}TR2 z;Ly{E%rtJXkqN~?SHm5zO>(`srCJ;{N;e`QR*IXFq0c#rDq53jjUQai*nOS<2@$2Q z5CZUj1?#xazw!I$tq6b*Oj+U(ona6VS>DlKC2nn za5av`03Gbu)lMemb80;@%PA&4LmL`DwnYpth`Ec$pJh%~5-O6vw2)VzqUv-%T2JUH7DPx`5kSlIQR#VKmwB27f!No&-sw?k*dIfR1BrO8OkltGth= z{3KrQiQ^Y;^RmqNy;yD+@&S^3+uCmF#aB74n>1Xpkjy_>$0MGYTioPutBn=0^0Ey` zl?@U8tS+F&Q#8xlfy<98OaCF`k!o~L)rGS7c&U%5K9XV_Am2BRR$2KTV}#S>oao&+ z)NS1{;5A7h^JM+dRcPabN3@pPcoMp@8CRHuQ424UUE&U{B_#_y;h^@%mkkTkN^M0# z0$Ax>lf_ntGsH}rTP$j8Y_H2biF+xsDO4d3(s)rq!2%2I(rVo{@!V?7lE=CC;k}d7 zJbx)68^nfci#!j=&s|ZzCm5w%>yniP>npuQfZCo@<{__gMR+To2{~H&j+#B z53)}X@_R8itQB1$oUh{sS&c4q+B2)I+=zKzl4VS?G40FwS>#nQU-)pjO)9R^BMw0) z{z6`Pb3gNHTv(0ki9?b#*Im6$D46h+q9a+;saL?E%U^bJR?w??G>AUcKKlm~?3J%SGrXAVue7KiY*ZsIGD)0htCja>fs$Yu5Db ziBo5&K{d(|KDxInZ#?9nr7)}69Xj0@+aHofY1#Tg@+0J;zwC@IyG-)?>(12_uJq*` zCvV3neKiD6PiWx0l37yGVG7|foQ-qZf#+^uWmd3wy;8eV*|_VOdXmhyNj)3*$|dE0 zwmPcg{@Xs+&BELfhwHxivwJtl&VR0wmenml7QCp#M|&O}GK~HG?zxT(|3CKjKg^iH zGY7l}dpXP>?drI=XD8V|P1_zue^`d0s)RnK!p63%?D7W1(siXPNpC2&5^xlG|Su8~qJLbNZ`J zOw;Ykt{+bGd$ZVds@#CFwgKgglG1*rd?$i^7us>%nMY~%aAE$Vjas*oME7&H^xDvi zm>1ZQZA_t=PH+J^&mqF`oOLH`i_AMIdD%LyK~?U)bE49r$|e_TYa;$0dZ7QWb!6Z{ z<-dU+ejS~^`TG}-iB@=Myq+PLneOsti=B}`-ShGXu=y0bG(86z{JxZT623&H+~-7A zt^w$vuD%kcT!lU*0?gTEM}3%pZ!0hfQ~NxuIYR^dCC^A^sO3sOe88vT?p8^MyX2ST%9{0`ElYgVrzf=GH{-P+~yXJ+DsCv-1d)qze)Qhwf?LglZ z`~#++QsujsccX(oXCPJIa3xl$ei0J8*=q+}siBp$v+DdPie?_b6bUzLWU)oLnytfv zri$fG1@p%Dy4|hd25Cj_P@EKHIBS|2HuUhrhgnPY8cK=XD1G2knXj|Pdbj4@o#D!% zlg%rVqg&@~jT?oGR~P{{6|iyMwhNbl-RfNpTuIdMbHg?%6N9$Zi7`h6}@u*#5{*nC>g5s|9Vq#pfgvT6XVj(@`I3 zi7Bm~%;se2KD*O2o1CjuP%(buDtiL!O@U7J%M#^4)QS#2<+N%L+%GmcT5%gk%AX1- zO>g9*jXqChyPya>MxUoL^3epIqmNPm4}jP~bF29XM7eHd<<8<+%`UzOfAwfwL-&gVZ_WR6eg54Vs0|AhrsuE&K5zB?kJVo9O6}FzwvW}C2lm(FIASG1-RAPh z+Fm`D@M)9HskRUj%xD)X{}A=x3O@TjmEf-IP#?Hlvm9`wC;lxzgdF_rJNuCCef;y=KpN zK})8T?}h~JCV8Lc<@|)__#N+cRz5Em`mcv`_bb9)cf2aqt$yuP44X|qds^~=^n0Ud zqpH_M*3ok73iGM1h~XzXwPnGpSe+3%vxc`A_o%bHgoZ{Q<%~%`zCZODk#w^W3NDd1 zZ(^BzvS?(|J`ZdBWX>x~m;XX~jG~HyujnOQWQNfU%lAQ_2A;gU`@p2K>&>mDo0Y3g z_qmiNy5AOapq_X!_i`tdaY3$ebZ;G$it6s$4pFQy`cTuuMjI;LS(mg{`)EH& zC5y*COJb!Ao#`RZLSLy5w}V`* z1|P78B6I0T7Bp=lIwaZ&bL=`Ai$z!=382yP=f-U>hV*2SyiIuUGLtcrtDPAY9ZGlF zCX!a$=oDx5&p$PJ)4Y{KW`3>~cSSY+u?QGSW1;dNP zS;~#ihfwg{ffdfSu4nV0=@g?fT`tG_S*1;H3w+g$s(#=Y968!Y93d3InI9oJT6?mG zBO>(WV3uDn@{d*DfAfst|FrkraZx2p+d~osBngs(1cf0;63Ia_NX`gKPLfd&5J@U9 zl941i2SFu+1VNM>1V$vIk^~u$EE4?AoPm|yRrlU~@AZ4{@4bI{m^#*}uI{dSy1J|D z>n}>;rS73HL{RihztqpW=x3p~yt(>C3;x3xL7UjSJco&nN*AF>zt78>z+y$c-mc8q zGr8qc;e3q@>=J2=Tiz8(l?>Q4@8K9V^7)T(>fgZZcNVAE!xbG-by;+IMFvf7EA8## zettW`1GAT993?;WIs@D)S&*yYxk%)>?w>LG9SuB}CN2bxl5#hEX?>qVRG*-5eY<{i|`@rvX`0fRR;=n$)1w5e2cGq?WEc>CvE!{T|u!1 zZEYFJJ6U)ZZpqK?cu7>CCZH|2UXAYI^9}crdTl>MPMyuYt zq7z$ZOKwt2q5P-uHo{a(pdFwi9kqpGur6JZms!gpB3wd)IA)R3)2mtlKq$;e1S?P>s5!{!i6 z6|GMvh{#Uk32dOiap7GfWqx7Gp{W0uWBeU80ejvkc7>2G5U4etb8bKDz64ip4=f{xg#Y0kpRd0t zdzekY^|j}%a~wM6t|AUXoUWf?r9Yfv$Q{p)nA(n9hj#Svj|ODK?COgSQxI%deXito zz1{aOQj1&%VtW}>(}9Vq7xl;X{WC!-yg1rRR(+3#E_T;zPO@Or&oUIiz3}Xq0;f&3 z=!%G1O2WIsqAeHU8u0fB5$|EBDVu+yU>J z+Ycu0{23-_3n!)%txRrZiPnjg^F+aFPPnmMQLWjer)E3eQrVZF?je!9LfomMkbgC_ zV#KcVdyz>=cwZk73q*w#ON}RLtiwN@|KO=@d%ecPU8+wq{DrpUutKQARUPlOgqKgh zLdZDQ9(K>ejH)2!13V`qA6U)r>|z54h0CTFwNfQ_1po~gOB}ZEhoApd{)W05x7ss* zR2*km7T>Q$mZC7F+_rI*C}=%o@)N>9!!4#JhNc6qE_40lk2(bO_+L=**dIch!=fXf zH4iqV|D0L@ItooAe@4MQLS=|~jYk}hxXDU*QxPdO{Q~B?gX*M)F1kCs73hQC51RjV zUPoryr(z-*q9lWQpw->B-vaClP#76_=>0G8Pf8HfbnrOy@!QGPyvUQ>#RBNr1r@E! zFNi)fig)|6|8XS!1An9aqEvHP<&rGmvc=gsP533XD$DJr-1U6m`q)2%TJ!`P%Y-QY z!Td&g7iFA|a7;`ri|o*{^j;kG?t=SBPcpSBTkq&i$GrnbtWTG--87O2c6A7)$oaH&t{laSLx!7jBhpSq!?F5vVJvD`5>f z#uGa?cguRu16OH&g%p43Q>bGATUy4?~&!7wRE`v%>XD?=*KGtnP*nL@BQk4zo^J)*&07$LPOM0TFBw{$e$J zH)R0b03d)G$>M)gwMQ_J%3g!tsR$KFt1)#8=uh5pMQD1XxM+9|N?E5DEnP?<%XKKH zRx_$_!wCOk)0hEh45!_N2LBDsaqAJo;Ci_&a~ipIQdLk(_AlQiTGue2T6?<8+I4IeYb^lclWa%^1ZlyPF0n@Aa3V zR|~B2){xXaswl-bQ-NhCOZABlq{mN?QZuAV}i`>xFMN-dUQq;`Fq`$LQp+aT4syuvl1u*QgF;aTxeaZpMzpVPu|)`cE>V>Pp*0+a3Cyh}QM za3>zd9ajbI8rx38m-7ew^3RUcHYJZ#jg&6#@hKKP<#OR?DbRQZT#un9$FZ*v$V=jf4k6T`4-P)V zo98L_<+bY;{`4>#jo8@Ca*dmcyLYFTcI`ZEl1o#cr~6LeEntR;56lWK!Dx)^EvcK!NtHld$+5zL9dDJ?rldWR zF{Nu})tNFD5{`G5*omtrySib$^V3Ya!W%JCA~7<( zJJB4hT~g=QTI%fPViFL$I2QO7a=9P_lQwJpOr4-T=PP@))FNTjObO78u92Q^?p5a_ zGrdUY?i}Jh(VUB#+lu>B7@VnjBKMy0I^Zt=XVJOW({rApagZ#PUiK;e(z|iBXG7fJ zX32sucbV1&T=1==*~Q6^f3O57HpI9kpCPkJi`&oc96$H!m~}2{qDL>hd3Ipk%FMDjJ+fvf|H0cs=ISymVpo9 z_9Ri4#xc*}eubcYRG=m^C(aC6einc<&VlOt){{rctD&0StiHQyBL`lCXTVxKGEUlx zK~uS&F9w=j1y(U%ewbZ^Q65%HM~a(^jmG#|n!uHoqLc3Bw-0m%*JyOB8W;Eq$+`J} zGHRef40dvSEsyE!h!2~!vOeDJnC;G)+i-UgChH1P4@D$4Biv**)wk+RVfRxI{6XFBCp95S# z64s7Te_0KIT1F%yn-KBe*B53@D>MaKkm^9B=5-9(xkv~UBZO9Yw@u7~6==@BSg>0D_wwqrYv zGHo$ByX4jP%24LDT)lp5*0sh>mV1+XNxEPp6PwX=-xY ztWQ%ey7RFV#vlK5rsKfcmx7|*w>7%_{9=ual_FqYpPb13G%J3G2jk{>5962~S_fCT z@&SOQtvZS&oR>zbV~SIFp?m3hB4BB`K?8n%Tjdr1)MRJ(f){)UbdcJdkBxyY>P(uj z-}mw`J(cw75UdvatufGkKcC^t2eQGmT|xKfu{Z1%jNOrPvv4L*qkZE@mjN69iM*|= z5viX5PoEFI)DJMVM0(tWu4TqfOgy@E{f|qUr{HdQx927VcWj`bQ@FEl#I;iqBlX@* zVIqZ-Vrz;;F$?&zb)+&XnPuj3pJ(EJhXrnp&A8UMQ@H{58s#Rl3dZVyjxSf-Ep{xs z?s5{ zAv8mRJ!389hpl%wYT``CnGA(yWXN-Nyv0ayty$b7J(%JXlE;A%rNGGL$U& z3TtS<6tAqsjXDA#_NokFujkbevx>zs1Ksl5zlZeUaUxqtGyQ>kO@p~^PR;3AxPcGK z=wx#?<_$vyjcW`Y0Xci3H8|=Pdm~cA4RioAO>zLl0lc3YPn%>no9an<^%CGX_ig#J zLr5G*dNF|MaW=W&1BgCh6Hq?VXeyj3zx^8!$M#&T{deY}e zHVT?BWvxFsUZl78wlD$c>?yynZK2oOk}UU#XY-pEt2T@B`I8?|D`~0AT>D`lP`i{ zON{b{b&!PCT@etNB9b6uDX_>+(bbzU&85JIvU%11`C43Tcz+c_;$&Vyi6NJ- z5G&p+gicevIAy{vY#W}$)pBu@1o-$vw$|0748k`?TZW^)$(V+F?GMrE-wz;pd5kmV z5DrpFv3?aIWfhsN z#~`dg6}(1*>`f{q>hX(3Rb1^UJ8n4v=bEbJ1`FIm@UzsghM{$}Ve=hl#-#$5mUO;t zCVnRt1IdVpLZdhTqAg&a{D^|Nfy#x%Z3d|XeFvt!y?t0o0UFI&vit}^A-uBM2VQxB^MGMR;z{ugZixwykj7a?cr#c(~)l4 zyq%9OHv6m($j-_mC>ObW<0df=8MSH3CZ4fe$jv@N?BX=s``V{@M@mZT*UbVV`$gvw zKTP~VjSltB?&4_j4mT1sW>T4*ZSO~Yj+nlZwDtEZqef+KH$&9J6M@6X5@gnSSV#YvY`+t7=fR9SL^Y42o(CaVFhXq{XsE1v#r z!K@0`TKkI_u_gz5KacDPsQ?qc0m;+=E-6|Q}Wn9+QTQE!dWAqZgBiXP(1cJWOQFLIxzj?PhP$SHzRC<;#B3(QS2UE70x_gN;aS|+I+wDB=JwM; zi5##w2KqVXp%qXkdFp6Ye>wJLMVGb-I3;lRqtykA1dN1=*zP0PMVH*UGN#A`F@OZn z6YAO)9<(Nya*kB-+ZwVfOwGqs7DDp(?xQ)tvU0rcS^}feiA!j*PRWr?{5CyuUOzXt4p%?~X$@%dZYI~^al&~X~I|gvl z|0$F-o_I?G-CcAqM*r4p_FFf+vsNCW=C8era!Gr@j0*{Y=T!>CM(a|YLKEJ#9%l)% zJm7Zh?`@_0_FEQ{uRMiVj0(k>t9KQgj*Q-+0ftkVwp^GtR_6<}9!X`GzQ(8$3#Z<) zUpEUnf>h^_g@`OG?wV>J3Bb!=YC)<>0j}zT{LN(adb>Zzu*&a|AGAI31AEzN-g;ZpV7Ylnv0EYDNnkcck8)wQ!B=>*}y#F z+C|{XV$+{Hy91|({I^J?sHQD2PCRY>;W;A&#}u;S>f_VCwwfmKvs0_1$rLt)#ckBYft}OILMB*L``J@(M`@*T^=nJ6KC{QfAs1B&F%~-k>tAH)*BG*^c2O+^y z_htQVQ2roLkDhd!dDL!osOS&jNK68I- zbIRBk|WZBD>L4{!qh+JwdzCZyiUSR;F<2@r{Y6djH)bHJV${ zG?L7-pl27}+b~vW?hQb|?w%qn?VOx8OYL0lD=aUnso1z|Yg*9pBuvQEmqnFYZ6S(~ zv=YKS{wRT)<(|!ym1utCh$IzImNEYWdU84rQ^>lmcw`>;%uA<_t!6Ft(5cu@?Let$ zu{tPlDh4ML;+BSkfO%Y=uYqL#r*;SmnBee%uMj66p~{Pci94M)Uzmx((N1jXQe})vYIX~p zJ6`HxD&NvsyvFzph-~HpC6!fX4O1`2FaY)3;p8M}8t*n6qK$nYkq6AF)Ee7wJZ5gi zUFy0-&(%nABwb055hz;Dheq_m{a#JxX>2$pbzp6%?q{?!%kK*nNL-LbY?;(rkQH$M z`gnq*>sJWv(%xKlsJ}$v7<#}Lt&oCw?P}}*W$VbvmH3-=+`!H099mDV25$GcuF>Ro z&sa}~YWb&ydF?`5$;pAb2YT6()=WJ(wR@ym7&Nu`W27aw?mnVYa@lUj1F9ds7KWC@ zm_&G~VJSVQILZBb(DacO5vsO1P@m$v0Be5(ETRSG2)SFo_t&{#2KRxVur&CZ} zR(ZBIt!E1%LDIlI(tzl_bmoKY%XfJ9$mbWhb%wO>Kg0_dPDd4vKMoX4{P~$DEP6|oW4-X2YCf2xujtM*~uw-42ef%+DO);490(zV^T6j5X9o`n( z;fp7W3}1>JSF>8%DR>FdY*m^_{M;X&mmcKx8g~cB_4DgsurzR_G|F_Q;cS>g`KfhzNtz_*GJcde?jG(Q)q)jB zs=;@1^8%l6fWL}oh}Y{jKuy6%Y#97md|p4|9rq>gwp1{~k%WYKEe|I;LUFZSZm0)* z)-HH7P_Y0^mseQyI0j9O*L3l2-F}_eM@d93$SFZ;S5Sgrq~FLhtMETPelI}cMDJfX ze{JCM5xSziw|mze5{l1n#cu^Q0}IpgMxLi5XK!8l0QE2@OcPd^B`0}D$p#F^#QfY> zSUeXl`;XCZiKV@o5}mSr)^JQboYYi46RdX4a2Hjqo4)LnbYx1w>s{cMT%H)$El@w?;v8!d{l4;v|9+*H8y`&LZ#=M&_& z)No)TVgI5_D2_9-FQUj(8lBveH<5=tIW3Yb+=r9WUKmD9FTGcHB90%1f#|T*k zYzL;_Ks2L37Z8NNTV*HO3hgl#oev*zAUQ@W9ezg8wq^i6#ex~MxX#X z2kB+67(XeZq%T_Sjc~3d34Gwcsi0*u;VVN(G|&m?Xa3t&e>_S4Z~wc4U!i1F>7fPZi?_aDtqhcx-=C>g#y1~q}fSRtGIj5h+qo{`3D#+RugGM!fz z{{p%k+*upW9@Inc=K9L-rR}9*55;klQA6WhDA84SLhdH|L2sa7C=}v1EL;2{q5TPl zSd4AokQV!bf~h#cDonRLvS_DhJ5i81_@VQuFlH$@gavKZW_zN@;xcX$&BVMP;*0in z5Y`K?V~x}STFS{IEWue+SP;2utpmm6dy8J%+C$HGgTC04@77f=iI1 zTapHP!osC@!5tGnpd2FQO1b-h)$1)zipj=RiDGj{kv(mZ*dpc!FCz5}AzoC`3Zr;SvQzA4AO)l3U_Nqs)j{gOm5aX1p zG@OCE1mfJhoIthEovQ|=@5|$QR%ean7uYWR!-I!IWCwThqk3wrw-)&9BltI^7%J0K4lH1W)2I>Z-AUeRdvR~08f|W zN@_CXcQB1-Nr2t*pKq1^IlDkz;+G{H8mf{TA_T#N!<#SlPx2Cjv257UZqmv!NV zSq&RcOfPPgh8VAB53&rhp!F$6a?ar&aaN)ZhAxIoY4YO$d?a1beAv$epTjN^Q!op1 zhTOW_w*bS1)2#AZbr2b zj-6`Y8}kqK_oYL9Nz3#b-3a+R4O8)p^YTu|*R@cO(&P&0CC)h0I1O8Y-O1NnpbN>O8efJN`5We?c#54T zqqF3Vxos%wdGOU12F03)DXpun7~-*1Nt5J!HCO=f7g8|0jd7~k#w?QAsMUov5&0X# zXhYBR-B|&k2G>3nd=*)>Z#0l0^HMy`PPtuW&T&u`xJ9Es^>; zTFE86pwlMSoP0n9)$A!B#knSU1j%88%{52LiHS{(2KaDlOQCI4=1{B9sVf zpn#wVOmg}pLev53%$>ws(st1cHg3oPq<Zr@BuC<@$jLGS{z-=hDL!Troq7 zkphB);iSU*Kw6V#PtDh_`#qBa)DIY-UbzrUoqVY+eggo zQqwbl+vpLIPgILDk@MpiM!qT+T^vPExg5<4o{GVdGasyxBL)(6BSYBS?!2qc z^eb&Ms@qU%5|`5WfjC)FGvtX^D+peJlOK&ysKDd)a>xu&Y4oCe$SiGhG-w15UV<0S z=g*vI=6wLR2`lVI4wI~FxS8?+{ol{TE1uClY>;sfkR-S+41!XM-Ym>+%Szy*@&WZg zjtoaLU)IPTlA)Du=K)kx4qo{eGnn}%fhkhHeF>g6XOF(cF?W^Wzge1e9Wa#=ozff0nv1U7>1zR~36?Ao2Vb(LC z2m{rAbY}cVH&8xJbV~k>R}z}?0Tpy=jD`*2#fg|+l#wVZ%H5hh5G!1w;9>mCcCYlG-)1W^9YCmk*4LV+=i~?%gjsmr9k#iIyGgi=#JL!G=8!omji|TIf z0MMynOhqynbvv;#qNs_WPdnF%v#0Oi8e$BOl8@w^6(H#XVE}b;=dqAklICi^D;*r& z&LJp=K*tnJyy)tuuulb%1kod7-IWfc_s@!w4t5u8K)JdP(_zLJtpswY;xV=?>g^`U zMNv-aW)zdsQz;~i_VcnXSRf3*JkN!_(s6UBnadNDVh$e*R3)|?yGv+qlHbK|bZ|gG zwwUDOt_7k;37Xw^2${kGVbM_sV}j{e5L5wopfVWsQR9GaA3scQnkrKeJ^mXV1-e#% z_5xpGa>+s>og_`rXZ{bsoAfVWghF^=&tXgg=%_ad7Gl_NrQo# zo&uj2Y=+c6nmxIX)B3X>2sqDBTV;bYi9mr^W;~D{4nWcRmxmx!7zm+MP}F|Vxyw}h zO_)|FZ1ByUMo|^ON!KSG=?-;fYo45<4AwTLr4?_^gK~i(9B^f#WNWP0az1g1IxEI5Hl9SXaFP{HFJ!d zfgcbMgvjjsSTi>hMFkz8bhW?i(NIu?3{b$IiXgHt!qcaYni005NDDy(NLhiDQYGpJ z3a5e=P5#lNL^!GqAax&2|2r5E3&&g7=M9NVAtj)fcTP0}`vDU+-!_8*I9H$!9E$#% z3=vEMJ;k{XAD)RPAn!&s;6;R~V` zuxE}go{Fhx2J|8w{gMbkTd8KUNLN9Ot&w63BB>vU)4%g#AGU#R2(m9u2q2F$o-%-1 z0RRV%|7g#JRo=q_9pE`)L#Y$?kxu{=mo;940-Ob+{^9IukT}A2dD(83;FEku>#$fP zSl5ujRNvoDihgG&@O!jha}&V9=HY+;{m0L1{8v~1dAh>>HCaLb9UA|6L*u`F_Rsej I_Sd2R2XERsUH||9 literal 0 HcmV?d00001 diff --git a/filebeat/module/coredns/_meta/kibana/7/dashboard/Coredns-Overview-Dashboard.json b/filebeat/module/coredns/_meta/kibana/7/dashboard/Coredns-Overview-Dashboard.json new file mode 100644 index 00000000000..e5c200b27c7 --- /dev/null +++ b/filebeat/module/coredns/_meta/kibana/7/dashboard/Coredns-Overview-Dashboard.json @@ -0,0 +1,464 @@ +{ + "objects": [ + { + "attributes": { + "description": "Overview of CoreDNS", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "1", + "w": 41, + "x": 4, + "y": 7 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "2", + "w": 20, + "x": 4, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "3", + "w": 21, + "x": 24, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 6, + "i": "4", + "w": 41, + "x": 4, + "y": 21 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "8.0.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Filebeat CoreDNS] Overview", + "version": 1 + }, + "id": "53aa1f70-443e-11e9-8548-ab7fbe04f038", + "migrationVersion": { + "dashboard": "7.0.0" + }, + "references": [ + { + "id": "3ad75810-4429-11e9-8548-ab7fbe04f038", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "9dc640e0-4432-11e9-8548-ab7fbe04f038", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "75743f70-443c-11e9-8548-ab7fbe04f038", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "cfde7fb0-443d-11e9-8548-ab7fbe04f038", + "name": "panel_3", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2019-03-11T20:43:54.420Z", + "version": "WzE0ODgsM10=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top Domains [Filebeat CoreDNS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "coredns.query.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "maxFontSize": 72, + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + }, + "minFontSize": 18, + "orientation": "single", + "scale": "linear", + "showLabel": true + }, + "title": "Top Domains [Filebeat CoreDNS]", + "type": "tagcloud" + } + }, + "id": "3ad75810-4429-11e9-8548-ab7fbe04f038", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-03-11T18:12:28.303Z", + "version": "WzE0ODMsM10=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Total DNS Queries [Filebeat CoreDNS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Total DNS Queries [Filebeat CoreDNS]", + "type": "metric" + } + }, + "id": "9dc640e0-4432-11e9-8548-ab7fbe04f038", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-03-11T19:19:39.757Z", + "version": "WzE0ODQsM10=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Unique Domains [Filebeat CoreDNS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Unique Domains", + "field": "coredns.query.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "bucket": { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "metrics": [ + { + "accessor": 0, + "aggType": "cardinality", + "format": { + "id": "number" + }, + "params": {} + } + ], + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Unique Domains [Filebeat CoreDNS]", + "type": "metric" + } + }, + "id": "75743f70-443c-11e9-8548-ab7fbe04f038", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-03-12T01:26:19.218Z", + "version": "WzE0OTMsM10=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "tags:\"coredns\"" + } + } + }, + "title": "Time Series Visualizer [Filebeat CoreDNS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "65ad37b0-443f-11e9-94ba-69b05a5f82b8" + } + ], + "bar_color_rules": [ + { + "id": "e1f6cda0-443e-11e9-94ba-69b05a5f82b8" + } + ], + "default_index_pattern": "filebeat-*", + "gauge_color_rules": [ + { + "id": "6996a6e0-443f-11e9-94ba-69b05a5f82b8" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": "fileset.name:kubernetes", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "CoreDNS Kubernetes", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "filter", + "stacked": "none", + "terms_field": "fileset.name" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": "fileset.name:log", + "formatter": "number", + "id": "3c8999f0-443f-11e9-94ba-69b05a5f82b8", + "label": "CoreDNS Native", + "line_width": 1, + "metrics": [ + { + "id": "3c8999f1-443f-11e9-94ba-69b05a5f82b8", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "filter", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Time Series Visualizer [Filebeat CoreDNS]", + "type": "metrics" + } + }, + "id": "cfde7fb0-443d-11e9-8548-ab7fbe04f038", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-03-11T20:51:52.103Z", + "version": "WzE0ODksM10=" + } + ], + "version": "8.0.0-SNAPSHOT" +} diff --git a/filebeat/module/coredns/fields.go b/filebeat/module/coredns/fields.go new file mode 100644 index 00000000000..7ad403cab3c --- /dev/null +++ b/filebeat/module/coredns/fields.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package coredns + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "coredns", asset.ModuleFieldsPri, AssetCoredns); err != nil { + panic(err) + } +} + +// AssetCoredns returns asset data. +// This is the base64 encoded gzipped contents of module/coredns. +func AssetCoredns() string { + return "eJy00kFugzAQheE9p3gXSA7Aopt22256gMqxB2LF8VCPUeWcvrIhBCFQpKKyikb4/8YKB1wo1dAcyHipgGijoxqv08CQ6GC7aNnXeKkA4J1N7wgNB5yVN876Fo5bQRfY9JoMTmmWbCw5I3U5eoBXV5qD+Ympoxpt4L4bJytqfsZjYxKqiRTgOVyVszeV3x5fnZsP1ZqpNJAXSj8cHtMNFrAG3CCeCW8fn4hBeVG6eAviu6eQjmJvtKCsj9RSmKZN3jrWOKVI8nyBXJyvUJx1XDsl8teLTm0MmVUh/94PlMpqPyf390tl0Q8kHXuho2azi7iHUEJbSuNUu+uvmJihtOX8//d2p5YrGC9C+osvC/7E7Ej559AQKPerqt8AAAD//23BSVQ=" +} diff --git a/filebeat/module/coredns/log/config/coredns.yml b/filebeat/module/coredns/log/config/coredns.yml new file mode 100644 index 00000000000..c085c9e3aab --- /dev/null +++ b/filebeat/module/coredns/log/config/coredns.yml @@ -0,0 +1,7 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +tags: {{.tags}} +processors: diff --git a/filebeat/module/coredns/log/ingest/pipeline-entry.yml b/filebeat/module/coredns/log/ingest/pipeline-entry.yml new file mode 100644 index 00000000000..8f55838b21e --- /dev/null +++ b/filebeat/module/coredns/log/ingest/pipeline-entry.yml @@ -0,0 +1,113 @@ +--- +description: Pipeline for normalizing Kubernetes CoreDNS logs. +processors: + - pipeline: + if: ctx.message.charAt(0) == (char)("{") + name: '{< IngestPipeline "pipeline-json" >}' + - pipeline: + if: ctx.message.charAt(0) != (char)("{") + name: '{< IngestPipeline "pipeline-plaintext" >}' + - script: + lang: painless + source: > + ctx.event.created = ctx['@timestamp']; + ctx['@timestamp'] = ctx['timestamp']; + ctx.remove('timestamp'); + ignore_failure: true + - script: + lang: painless + if: ctx.temp?.source != null + source: > + ctx['source'] = new HashMap(); + if (ctx.temp.source.charAt(0) == (char)("[")) { + def p = ctx.temp.source.indexOf (']'); + def l = ctx.temp.source.length(); + ctx.source.address = ctx.temp.source.substring(1, p); + ctx.source.port = ctx.temp.source.substring(p+2, l); + } else { + def p = ctx.temp.source.indexOf(':'); + def l = ctx.temp.source.length(); + ctx.source.address = ctx.temp.source.substring(0, p); + ctx.source.port = ctx.temp.source.substring(p+1, l); + } + ctx.remove('temp'); + - set: + field: source.ip + value: "{{source.address}}" + if: ctx.source?.address != null + - convert: + field: source.port + type: integer + - convert: + field: coredns.duration + type: double + - convert: + field: coredns.query.size + type: long + - convert: + field: coredns.response.size + type: long + - convert: + field: coredns.dnssec_ok + type: boolean + - uppercase: + field: dns.header_flags + - split: + field: dns.header_flags + separator: "," + - append: + if: ctx.coredns?.dnssec_ok + field: dns.header_flags + value: DO + - script: + lang: painless + source: ctx.event.duration = Math.round(ctx.coredns.duration * params.scale); + params: + scale: 1000000000 + if: ctx.coredns?.duration != null + - remove: + field: + - coredns.duration + ignore_missing: true + # The following copies values from dns namespace (ECS) to the coredns + # namespace to avoid introducing breaking change. This should be removed + # for 8.0.0. Additionally coredns.dnssec_ok can be removed. + - set: + if: ctx.dns?.id != null + field: coredns.id + value: '{{dns.id}}' + - set: + if: ctx.dns?.question?.class != null + field: coredns.query.class + value: '{{dns.question.class}}' + - set: + if: ctx.dns?.question?.name != null + field: coredns.query.name + value: '{{dns.question.name}}' + - set: + if: ctx.dns?.question?.type != null + field: coredns.query.type + value: '{{dns.question.type}}' + - set: + if: ctx.dns?.response_code != null + field: coredns.response.code + value: '{{dns.response_code}}' + - script: + if: ctx.dns?.header_flags != null + lang: painless + source: > + ctx.coredns.response.flags = ctx.dns.header_flags; + # Right trim the trailing dot from domain names. + - script: + if: ctx.dns?.question?.name != null + lang: painless + source: > + def q = ctx.dns.question.name; + def end = q.length() - 1; + if (q.charAt(end) == (char) '.') { + ctx.dns.question.name = q.substring(0, end); + } +on_failure: + - set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/filebeat/module/coredns/log/ingest/pipeline-json.yml b/filebeat/module/coredns/log/ingest/pipeline-json.yml new file mode 100644 index 00000000000..0b89ab35252 --- /dev/null +++ b/filebeat/module/coredns/log/ingest/pipeline-json.yml @@ -0,0 +1,32 @@ +--- +description: Pipeline for dissecting CoreDNS JSON logs. +processors: + - rename: + field: message + target_field: event.original + ignore_failure: true + - json: + field: event.original + target_field: json + - dissect: + field: json.message + pattern: '%{timestamp} [%{log.level}] %{temp.source} - %{dns.id} "%{dns.question.type} + %{dns.question.class} %{dns.question.name} %{network.transport} %{coredns.query.size} + %{coredns.dnssec_ok} %{?bufsize}" %{dns.response_code} %{dns.header_flags} + %{coredns.response.size} %{coredns.duration}s' + - rename: + field: json.message + target_field: message + ignore_failure: true + - rename: + field: json.kubernetes + target_field: kubernetes + ignore_failure: true + - remove: + field: + - json + ignore_failure: true +on_failure: + - set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/filebeat/module/coredns/log/ingest/pipeline-plaintext.yml b/filebeat/module/coredns/log/ingest/pipeline-plaintext.yml new file mode 100644 index 00000000000..fcec1fffdc1 --- /dev/null +++ b/filebeat/module/coredns/log/ingest/pipeline-plaintext.yml @@ -0,0 +1,13 @@ +--- +description: Pipeline for dissecting CoreDNS plaintext logs. +processors: + - dissect: + field: message + pattern: '%{timestamp} [%{log.level}] %{temp.source} - %{dns.id} "%{dns.question.type} + %{dns.question.class} %{dns.question.name} %{network.transport} %{coredns.query.size} + %{coredns.dnssec_ok} %{?bufsize}" %{dns.response_code} %{dns.header_flags} + %{coredns.response.size} %{coredns.duration}s' +on_failure: + - set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/filebeat/module/coredns/log/manifest.yml b/filebeat/module/coredns/log/manifest.yml new file mode 100644 index 00000000000..e41e8c30387 --- /dev/null +++ b/filebeat/module/coredns/log/manifest.yml @@ -0,0 +1,15 @@ +module_version: 1.0 + +var: + - name: paths + default: + # Change this if it is not "/var/log/coredns.log" in native deployment mode + - /var/log/coredns.log + - name: tags + default: [coredns] + +ingest_pipeline: + - ingest/pipeline-entry.yml + - ingest/pipeline-json.yml + - ingest/pipeline-plaintext.yml +input: config/coredns.yml diff --git a/filebeat/module/coredns/log/test/coredns-json.log b/filebeat/module/coredns/log/test/coredns-json.log new file mode 100644 index 00000000000..9a2f9b6dea4 --- /dev/null +++ b/filebeat/module/coredns/log/test/coredns-json.log @@ -0,0 +1,3 @@ +{"message":"2019-02-12T00:27:28.903Z [INFO] 172.17.0.4:36413 - 21583 \"A IN httpbin.org.cluster.local. udp 43 false 512\" NXDOMAIN qr,rd,ra 136 0.000102078s", "stream": "stdout", "time": "2019-02-12T00:27:28.903433597Z", "kubernetes": { "container": { "name": "coredns" }, "node": { "name": "minikube" }, "pod": { "uid": "d57d545e-2a9d-11e9-995f-08002730e0dc", "name": "coredns-86c58d9df4-jwhsg" }, "namespace": "kube-system", "replicaset": { "name": "coredns-86c58d9df4" }, "labels": { "pod-template-hash": "86c58d9df4", "k8s-app": "kube-dns" } } } +{"message":"2019-03-19T02:57:23.213Z [INFO] 172.17.0.9:37723 - 6966 \"A IN httpbin.org. udp 29 false 512\" NOERROR qr,rd,ra 83 0.000082083s\n","stream":"stdout","time":"2019-03-19T02:57:23.214583742Z", "kubernetes": { "container": { "name": "coredns" }, "node": { "name": "minikube" }, "pod": { "uid": "d57d545e-2a9d-11e9-995f-08002730e0dc", "name": "coredns-86c58d9df4-jwhsg" }, "namespace": "kube-system", "replicaset": { "name": "coredns-86c58d9df4" }, "labels": { "pod-template-hash": "86c58d9df4", "k8s-app": "kube-dns" } } } +{"message":"2019-03-11T07:16:34.013Z [INFO] [::1]:37915 - 62762 \"AAAA IN czbaoyu.com. udp 29 false 512\" NOERROR qr,rd,ra 100 0.00006286s\n","stream":"stdout","time":"2019-03-11T07:16:34.013970788Z", "kubernetes": { "container": { "name": "coredns" }, "node": { "name": "minikube" }, "pod": { "uid": "d57d545e-2a9d-11e9-995f-08002730e0dc", "name": "coredns-86c58d9df4-jwhsg" }, "namespace": "kube-system", "replicaset": { "name": "coredns-86c58d9df4" }, "labels": { "pod-template-hash": "86c58d9df4", "k8s-app": "kube-dns" } } } diff --git a/filebeat/module/coredns/log/test/coredns-json.log-expected.json b/filebeat/module/coredns/log/test/coredns-json.log-expected.json new file mode 100644 index 00000000000..637f8cb0b4d --- /dev/null +++ b/filebeat/module/coredns/log/test/coredns-json.log-expected.json @@ -0,0 +1,155 @@ +[ + { + "@timestamp": "2019-02-12T00:27:28.903Z", + "coredns.dnssec_ok": false, + "coredns.id": "21583", + "coredns.query.class": "IN", + "coredns.query.name": "httpbin.org.cluster.local.", + "coredns.query.size": 43, + "coredns.query.type": "A", + "coredns.response.code": "NXDOMAIN", + "coredns.response.flags": [ + "QR", + "RD", + "RA" + ], + "coredns.response.size": 136, + "dns.header_flags": [ + "QR", + "RD", + "RA" + ], + "dns.id": "21583", + "dns.question.class": "IN", + "dns.question.name": "httpbin.org.cluster.local", + "dns.question.type": "A", + "dns.response_code": "NXDOMAIN", + "event.dataset": "coredns.log", + "event.duration": 102078, + "event.module": "coredns", + "event.original": "{\"message\":\"2019-02-12T00:27:28.903Z [INFO] 172.17.0.4:36413 - 21583 \\\"A IN httpbin.org.cluster.local. udp 43 false 512\\\" NXDOMAIN qr,rd,ra 136 0.000102078s\", \"stream\": \"stdout\", \"time\": \"2019-02-12T00:27:28.903433597Z\", \"kubernetes\": { \"container\": { \"name\": \"coredns\" }, \"node\": { \"name\": \"minikube\" }, \"pod\": { \"uid\": \"d57d545e-2a9d-11e9-995f-08002730e0dc\", \"name\": \"coredns-86c58d9df4-jwhsg\" }, \"namespace\": \"kube-system\", \"replicaset\": { \"name\": \"coredns-86c58d9df4\" }, \"labels\": { \"pod-template-hash\": \"86c58d9df4\", \"k8s-app\": \"kube-dns\" } } }", + "fileset.name": "log", + "input.type": "log", + "kubernetes.container.name": "coredns", + "kubernetes.labels.k8s-app": "kube-dns", + "kubernetes.labels.pod-template-hash": "86c58d9df4", + "kubernetes.namespace": "kube-system", + "kubernetes.node.name": "minikube", + "kubernetes.pod.name": "coredns-86c58d9df4-jwhsg", + "kubernetes.pod.uid": "d57d545e-2a9d-11e9-995f-08002730e0dc", + "kubernetes.replicaset.name": "coredns-86c58d9df4", + "log.level": "INFO", + "log.offset": 0, + "message": "2019-02-12T00:27:28.903Z [INFO] 172.17.0.4:36413 - 21583 \"A IN httpbin.org.cluster.local. udp 43 false 512\" NXDOMAIN qr,rd,ra 136 0.000102078s", + "network.transport": "udp", + "service.type": "coredns", + "source.address": "172.17.0.4", + "source.ip": "172.17.0.4", + "source.port": 36413, + "tags": [ + "coredns" + ] + }, + { + "@timestamp": "2019-03-19T02:57:23.213Z", + "coredns.dnssec_ok": false, + "coredns.id": "6966", + "coredns.query.class": "IN", + "coredns.query.name": "httpbin.org.", + "coredns.query.size": 29, + "coredns.query.type": "A", + "coredns.response.code": "NOERROR", + "coredns.response.flags": [ + "QR", + "RD", + "RA" + ], + "coredns.response.size": 83, + "dns.header_flags": [ + "QR", + "RD", + "RA" + ], + "dns.id": "6966", + "dns.question.class": "IN", + "dns.question.name": "httpbin.org", + "dns.question.type": "A", + "dns.response_code": "NOERROR", + "event.dataset": "coredns.log", + "event.duration": 82083, + "event.module": "coredns", + "event.original": "{\"message\":\"2019-03-19T02:57:23.213Z [INFO] 172.17.0.9:37723 - 6966 \\\"A IN httpbin.org. udp 29 false 512\\\" NOERROR qr,rd,ra 83 0.000082083s\\n\",\"stream\":\"stdout\",\"time\":\"2019-03-19T02:57:23.214583742Z\", \"kubernetes\": { \"container\": { \"name\": \"coredns\" }, \"node\": { \"name\": \"minikube\" }, \"pod\": { \"uid\": \"d57d545e-2a9d-11e9-995f-08002730e0dc\", \"name\": \"coredns-86c58d9df4-jwhsg\" }, \"namespace\": \"kube-system\", \"replicaset\": { \"name\": \"coredns-86c58d9df4\" }, \"labels\": { \"pod-template-hash\": \"86c58d9df4\", \"k8s-app\": \"kube-dns\" } } }", + "fileset.name": "log", + "input.type": "log", + "kubernetes.container.name": "coredns", + "kubernetes.labels.k8s-app": "kube-dns", + "kubernetes.labels.pod-template-hash": "86c58d9df4", + "kubernetes.namespace": "kube-system", + "kubernetes.node.name": "minikube", + "kubernetes.pod.name": "coredns-86c58d9df4-jwhsg", + "kubernetes.pod.uid": "d57d545e-2a9d-11e9-995f-08002730e0dc", + "kubernetes.replicaset.name": "coredns-86c58d9df4", + "log.level": "INFO", + "log.offset": 550, + "message": "2019-03-19T02:57:23.213Z [INFO] 172.17.0.9:37723 - 6966 \"A IN httpbin.org. udp 29 false 512\" NOERROR qr,rd,ra 83 0.000082083s\n", + "network.transport": "udp", + "service.type": "coredns", + "source.address": "172.17.0.9", + "source.ip": "172.17.0.9", + "source.port": 37723, + "tags": [ + "coredns" + ] + }, + { + "@timestamp": "2019-03-11T07:16:34.013Z", + "coredns.dnssec_ok": false, + "coredns.id": "62762", + "coredns.query.class": "IN", + "coredns.query.name": "czbaoyu.com.", + "coredns.query.size": 29, + "coredns.query.type": "AAAA", + "coredns.response.code": "NOERROR", + "coredns.response.flags": [ + "QR", + "RD", + "RA" + ], + "coredns.response.size": 100, + "dns.header_flags": [ + "QR", + "RD", + "RA" + ], + "dns.id": "62762", + "dns.question.class": "IN", + "dns.question.name": "czbaoyu.com", + "dns.question.type": "AAAA", + "dns.response_code": "NOERROR", + "event.dataset": "coredns.log", + "event.duration": 62860, + "event.module": "coredns", + "event.original": "{\"message\":\"2019-03-11T07:16:34.013Z [INFO] [::1]:37915 - 62762 \\\"AAAA IN czbaoyu.com. udp 29 false 512\\\" NOERROR qr,rd,ra 100 0.00006286s\\n\",\"stream\":\"stdout\",\"time\":\"2019-03-11T07:16:34.013970788Z\", \"kubernetes\": { \"container\": { \"name\": \"coredns\" }, \"node\": { \"name\": \"minikube\" }, \"pod\": { \"uid\": \"d57d545e-2a9d-11e9-995f-08002730e0dc\", \"name\": \"coredns-86c58d9df4-jwhsg\" }, \"namespace\": \"kube-system\", \"replicaset\": { \"name\": \"coredns-86c58d9df4\" }, \"labels\": { \"pod-template-hash\": \"86c58d9df4\", \"k8s-app\": \"kube-dns\" } } }", + "fileset.name": "log", + "input.type": "log", + "kubernetes.container.name": "coredns", + "kubernetes.labels.k8s-app": "kube-dns", + "kubernetes.labels.pod-template-hash": "86c58d9df4", + "kubernetes.namespace": "kube-system", + "kubernetes.node.name": "minikube", + "kubernetes.pod.name": "coredns-86c58d9df4-jwhsg", + "kubernetes.pod.uid": "d57d545e-2a9d-11e9-995f-08002730e0dc", + "kubernetes.replicaset.name": "coredns-86c58d9df4", + "log.level": "INFO", + "log.offset": 1081, + "message": "2019-03-11T07:16:34.013Z [INFO] [::1]:37915 - 62762 \"AAAA IN czbaoyu.com. udp 29 false 512\" NOERROR qr,rd,ra 100 0.00006286s\n", + "network.transport": "udp", + "service.type": "coredns", + "source.address": "::1", + "source.ip": "::1", + "source.port": 37915, + "tags": [ + "coredns" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/coredns/log/test/coredns.log b/filebeat/module/coredns/log/test/coredns.log new file mode 100644 index 00000000000..ede11815be5 --- /dev/null +++ b/filebeat/module/coredns/log/test/coredns.log @@ -0,0 +1,2 @@ +2019-03-06T08:55:28.903Z [INFO] 172.17.0.4:36413 - 21583 "A IN httpbin.org.cluster.local. udp 43 false 512" NXDOMAIN qr,rd,ra 136 0.000102078s +2019-03-18T22:13:36.289-07:00 [INFO] [::1]:57413 - 14639 "A IN www.yahoo.com. udp 42 false 4096" NOERROR qr,rd,ra 188 0.020948545s diff --git a/filebeat/module/coredns/log/test/coredns.log-expected.json b/filebeat/module/coredns/log/test/coredns.log-expected.json new file mode 100644 index 00000000000..ba3191a9e17 --- /dev/null +++ b/filebeat/module/coredns/log/test/coredns.log-expected.json @@ -0,0 +1,86 @@ +[ + { + "@timestamp": "2019-03-06T08:55:28.903Z", + "coredns.dnssec_ok": false, + "coredns.id": "21583", + "coredns.query.class": "IN", + "coredns.query.name": "httpbin.org.cluster.local.", + "coredns.query.size": 43, + "coredns.query.type": "A", + "coredns.response.code": "NXDOMAIN", + "coredns.response.flags": [ + "QR", + "RD", + "RA" + ], + "coredns.response.size": 136, + "dns.header_flags": [ + "QR", + "RD", + "RA" + ], + "dns.id": "21583", + "dns.question.class": "IN", + "dns.question.name": "httpbin.org.cluster.local", + "dns.question.type": "A", + "dns.response_code": "NXDOMAIN", + "event.dataset": "coredns.log", + "event.duration": 102078, + "event.module": "coredns", + "fileset.name": "log", + "input.type": "log", + "log.level": "INFO", + "log.offset": 0, + "message": "2019-03-06T08:55:28.903Z [INFO] 172.17.0.4:36413 - 21583 \"A IN httpbin.org.cluster.local. udp 43 false 512\" NXDOMAIN qr,rd,ra 136 0.000102078s", + "network.transport": "udp", + "service.type": "coredns", + "source.address": "172.17.0.4", + "source.ip": "172.17.0.4", + "source.port": 36413, + "tags": [ + "coredns" + ] + }, + { + "@timestamp": "2019-03-18T22:13:36.289-07:00", + "coredns.dnssec_ok": false, + "coredns.id": "14639", + "coredns.query.class": "IN", + "coredns.query.name": "www.yahoo.com.", + "coredns.query.size": 42, + "coredns.query.type": "A", + "coredns.response.code": "NOERROR", + "coredns.response.flags": [ + "QR", + "RD", + "RA" + ], + "coredns.response.size": 188, + "dns.header_flags": [ + "QR", + "RD", + "RA" + ], + "dns.id": "14639", + "dns.question.class": "IN", + "dns.question.name": "www.yahoo.com", + "dns.question.type": "A", + "dns.response_code": "NOERROR", + "event.dataset": "coredns.log", + "event.duration": 20948545, + "event.module": "coredns", + "fileset.name": "log", + "input.type": "log", + "log.level": "INFO", + "log.offset": 143, + "message": "2019-03-18T22:13:36.289-07:00 [INFO] [::1]:57413 - 14639 \"A IN www.yahoo.com. udp 42 false 4096\" NOERROR qr,rd,ra 188 0.020948545s", + "network.transport": "udp", + "service.type": "coredns", + "source.address": "::1", + "source.ip": "::1", + "source.port": 57413, + "tags": [ + "coredns" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/coredns/module.yml b/filebeat/module/coredns/module.yml new file mode 100644 index 00000000000..e52f7f3de7f --- /dev/null +++ b/filebeat/module/coredns/module.yml @@ -0,0 +1,3 @@ +dashboards: +- id: 53aa1f70-443e-11e9-8548-ab7fbe04f038 + file: Coredns-Overview-Dashboard.json \ No newline at end of file diff --git a/filebeat/module/crowdstrike/_meta/config.yml b/filebeat/module/crowdstrike/_meta/config.yml new file mode 100644 index 00000000000..04cf80889ba --- /dev/null +++ b/filebeat/module/crowdstrike/_meta/config.yml @@ -0,0 +1,8 @@ +- module: crowdstrike + + falcon: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: diff --git a/filebeat/module/crowdstrike/_meta/docs.asciidoc b/filebeat/module/crowdstrike/_meta/docs.asciidoc new file mode 100644 index 00000000000..b389e8c78d3 --- /dev/null +++ b/filebeat/module/crowdstrike/_meta/docs.asciidoc @@ -0,0 +1,61 @@ +[role="xpack"] + +:modulename: crowdstrike +:has-dashboards: true + +== CrowdStrike module + +This is the filebeat module for CrowdStrike Falcon using the Falcon https://www.crowdstrike.com/blog/tech-center/integrate-with-your-siem[SIEM Connector]. This module collects this data, converts it to ECS, and ingests it to view in the SIEM. By default, the Falcon SIEM connector outputs JSON formatted Falcon Streaming API event data. + +This module segments events forwarded by the Falcon SIEM connector into two datasets for endpoint data and Falcon platform audit data. + +include::../include/what-happens.asciidoc[] + +[float] +=== Compatibility + +This input supports CrowdStrike Falcon SIEM-Connector-v2.0. + +include::../include/running-modules.asciidoc[] + +[float] +=== Dashboards + +The best way to view CrowdStrike events and alert data is in the SIEM. + +[role="screenshot"] +image::./images/siem-alerts-cs.jpg[] + +[float] +For alerts, go to Detections -> External alerts. + +[role="screenshot"] +image::./images/siem-events-cs.jpg[] + +[float] +And for all over event CrowdStrike Falcon event types, go to Host -> Events. + +include::../include/configuring-intro.asciidoc[] + +:fileset_ex: falcon_endpoint + +include::../include/config-option-intro.asciidoc[] + +[float] +==== `falcon` fileset settings + +The fileset is by default configured to collect JSON formated event data from `/var/log/crowdstrike/falconhoseclient/output`. It forwards DetectionSummaryEvent and IncidentSummaryEvent events. + +["source","yaml",subs="attributes"] +----- +var: + - name: paths + default: + - /var/log/crowdstrike/falconhoseclient/output +----- + +include::../include/var-paths.asciidoc[] + +:has-dashboards!: + +:modulename!: diff --git a/filebeat/module/crowdstrike/_meta/fields.yml b/filebeat/module/crowdstrike/_meta/fields.yml new file mode 100644 index 00000000000..abdc45c9f8c --- /dev/null +++ b/filebeat/module/crowdstrike/_meta/fields.yml @@ -0,0 +1,11 @@ +- key: crowdstrike + title: "Crowdstrike" + release: beta + description: > + Module for collecting Crowdstrike events. + fields: + - name: crowdstrike + type: group + description: > + Fields for Crowdstrike Falcon event and alert data. + fields: diff --git a/filebeat/module/crowdstrike/_meta/images/siem-alerts-cs.jpg b/filebeat/module/crowdstrike/_meta/images/siem-alerts-cs.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b74edfe2293f9339b63095c38f58f7692d52fdef GIT binary patch literal 399141 zcmeFZcT^PJ(l^?}kfY=z89|AXku)NbL?j9V!jNIeImo~$3J3@YC@IZDn^ za?S!GAOi{vFfh0A3Fmz0TlcQ_{qDQg{o_6xclWP%*REYvy?eTLRk!#F`~q<9hK9BV z0D%C&Q}7SKF9P?~gAk4YpsNcA0RTV>5JBhwD2O279{^zkh<;-LxB+4R8yi9{{z*ds z08t2l@J||ZaDP@n&S$;<+!MSe_=|#y`!)10OpG}r#V?ZaIQ#i|DTs@E_=?%sd)hjP z*?GE)2ibUuONd<-2b5qzUN&~F4u0IW4o(OUW!~-D23~H2y)v(DHByLtF31S#|WX08C@vu1H#?%yPSuFAZ3 zboIH_JbfIvWyGY#F7txDee4|-46kea*%v%g=KWL1z`#JUKq)a#A185%D_5?FUzQY? zloSOiM16xj{A_|mJ$(88;&9!;*Uksw<%jU};6CGMW9#Yfr_9SM4vrxH=MZP`Z&_8i z|0(}i;2#V8V}XAx@Q(%lvB3ZTEbuRH$H4=1aRNbK2EcCt^7_u6exAP0o?hHiVwVB= zYudVmXHFMbe&Y+j;kglxCzA<43E}#EvKO1!Yhm~$nvdFQYH)o+Jq_)f>c9OynpZYn zUTy^E0KnbD&&N>n8uuMDb8eEapu=`gYA5QeqLwzE{GX?KmkGQ zb%ve(z>m(b?H~BXZyIAmHIU{b=)qFj*!VaB0Cg4E&K+Rq1oEMt0P$rHdxQr7(2#;y z#m?Er9>iK87IAm?Ji{OzaMAYP_&EI=wz0AOo2QM9)8F_HUBI5;z}FGJUT!wQzYqQ= zH|}o!puK(<0dPy{?4xA}?ioP4O}KjMoMB23Z+h6?(gQIah_MJzqdzbKxwF64Z4iU> z1n2F1)y|xBCJKqZ5uPi+4=4ka|DLnjS^IAqAAiF$`T4k$K_5FKw9op2azfMnoQ=<}@fn|wb~eA|X901QgNN#$Hi23>_})2_?YCa`4%gK| z4C)U3;^1-nPko^aUVhik#yab}>*e(d$sOD@&)RuGeBL*}=+C}{Dt^v`Sv%1LPJVsqnc-h=WG1_3t#HQ+kH4fuoA7VrdI07U<0nEpQF0d9?ed%zap0n+&X-S67(vkpK2*naYN>mPkZ0mt8G1Ag~#1y;ck z+yNcH4LtS-u>;uWuhC3^uV4$}@8iElw*zH$1MAtj|GiBW)aoWU>KT>)UwpY~{-PvS zC%#UsMXW)5iI9y@g;0_3Cb+!{R!Ks6!YhAC`!9N;RiZ(nC8ANH1)@nfBHZUMiof^) zy1)WB&L6gN0PXm1IuiDj^IUTLx@Z`%{}U?fYT z2*4hcQ|C`v|E7dKhL%D*piR&&XdSc?;D$CptDwEm&u940@il&5MW??a`xj^1%LS+xV1g(#6-9y zFH2qqfV1bw84UpZWcvMlfG~Cct1Y|(0F?FcczoTz+HM8`Ksk8tk?;PiO)wPzs2l*G z6J_V`6YvK=!m}L_Kn~D=cN8nY3Ge|IL470vSwIoE3aA4&06oAMFaxZ>S?3JSXCELC zKmredNFWvrLOci30W|Oy$O8(15}*>O1Db$#pa=K@i~`f(>{$Ue01U7X977-w5(pK9 z9>NOYf?R+ILnI;c5EY0zI6*uh{tzVOAtV-(1WAWvLEb}(A=Qv3NEc)f zG6`9PtV4DoM+8s;N&*G~4gvuJaRPY)RRSFXV**P8CjxJRdjyXN;t5_5ydn5VP(jc{ z&_ggvut2auum=U86i_B84^$K?4^@NeLCv9#P#Rv_iB`Oiau~EJ!Q|-i>C&F2o_kPlz*!i-;SE2Z@)7_ee-cSV@FQ zlu7hRY)Je_B1zInK9V$$43VsmU`Z)Rxkx2RHAu}#JxIezQ%FCM){_pAu8|&-og=$I zra-1gW=|GOmOz$GRzo&GwnBDHPD?IGu1s!B?n3^6`~`U-c^ml*`A-T83SNpU6b2Ls ziu)8VC_YhiQY=y&QqoZhQL0hirSzwar_7~nq@1MuNkv5^Ky{VMoXU?Xp6WeS3)LJI zmYSYgj9Q!8o*G5{lDdL=i24T&8O;S6RT?Xrdo(FDr8EOHo9D>R37k_qXLBy>+{<&- z=f=|g7K-)$8jgEv)fKHvxp6(IdTe=pyWqK$*AH5pA9sNW4Z2C6( z6$WAkK?ZFG7lv4d0)~DD3?m(*G@}V)5aUb6&x{L9P$mH;Z6-IS1f~+EF{UGC4rWzm z2j*zzLgpdn0~U6ct1J#IF)T$aqbx_P+^p)XuB?fym8`RDgls}=25fU=dhZQdLqr(!$aX(wWi|GW0UKGEp+kGAFWfvOcnfvg>mEa@KOMPp>}Lj_p{KZO#7ZADQZ1Bl^~bf#*L<#(Upr7!PzzOSybistc|GQOzdD`zZS{2Z zISpP7Cyjg!jHZlch-RY}k(Q2DqSm-Jhqj&edu_}Oxf`K3T6HLOjC9gYy;*%heQ*6*17ZVxgO>)Yh7yKI!ww^QBe>BAqkZFR z#tFvLw=drIzujy?V{+Hzy~%;;b<-r%g*)PRLhtmLv6&&vs?15uP0Vx5_bk*co?EQk zmAM;vcg#}IGRU&aip|Q+>NA`MZUZm1CbBlQ{$P!>(X)ADvuCSq`^pw$r)HOGw_$(P z{+a!{gR(=C!bd5+;@wQ$irh)v zt=+3V=sa9KT0J>EgFFYlguNoY7Q7X_pL=6`bbNArA-d`kS(G{{4sZ z9}@Bj^8NGIKi>WLrQmu&RiS8MRuNNC>?h!p|EKT8*2QBbIwj4e@}-4k7s_6h)0f9o zKq`VOFqO`g3sq)SgVi^xn`;zn%4@}HbL)8OUVdi$oKR0*|EM0{aIayn(W`N@$*F0% z8QwhIa;Iga)u6S%O{cB1U8B9FL$#x!Q@OLQOQEZ}TfV!pN4BS;SEjeTPo}TDU$(zu zKyIMw%at!RgGz(-L$INy;p@ZgBibW9qqjx}$8L{JjNct!n6RJtHt9CGGZip(JbizL zXeMU%+-%C+`MEdqm*$HWWEVa!USI58GFqBmwp-r#>iZS9@@SQ6HD!%!?fo~&Z*}V$ z>tDWGd|%n{+Bn{f+@jrj_2c4?vhAzey_h?gl^vfQ{O*&VtUq&qN&jlz)8Cuhci%rg zh{3XA^A6VrCi3E@1Ay08&(J7~{r$83zZZNXKub!Dq2h)@cmV=h2$U9rZw0tO*@-~M1T23MLkOUR zM8qVdWaJbeLHRj=00M;)5JHKF&VmAvQ1CoJNJ~V=BcV!6Z(u{h>&+nfATf)S?^_Bgh=Kz2 zaQ-ZKkO>6j0d^(^|51^Vko|S)zrM%Mf_b(f{1iY51p_;@P+9;6oZ#L(^?Uc4Am-vf z^&cDjGY9@p=fKln@3N&K_%A2N9G9Hm+$V3|5s&uMBl(u9!neaQFe$yEo9Q=a(No#$ z9~X9K^wr7)HDn{X&0{I!+T0c)*SRJ(CMzqY5>YzZsF4|zv-V2_%nc>o zn%*d~#siVhv4VI&jq6lv4iD_az_AE;IO>-K9{3u!h6h-Rx{idu9KBL(*!YT4#RIKu zU8uD!IF6hP_u!}r4^Umg7@bCf)b~x%INJm)LN6TsOCkYBP=^PW84qDr>lnF(m9;kI zpuT&YR8T!HPbVwNxDi#>(_@-CR7CLit5PDO^7$40lmpFk96gxQcH8_B{g~Q=tOIf1 zz!J^%@kcnD#qIM5_;eUcRY)y8pGK)P{nf&*gNnn>i2F(os;r&;s?eMd<^dUY*>^0~ z@7a^NBV5_qC?(?Z9zO(wl|oxyig2|9$DBKV(JuMLH;MNR)ENK+ zb)?R*2J+T8-wqT@alJaJdu-_9+~J~ak}iKYhyJIp+}EffhtXI1i9DmSgoeLHFRdM} zQ05Zv_>bn!1tr%l%U--Jd^hZ z^SWz8=6u?bwtATRgo}CRbM91~&()>gotJNP;T{)xU_8O`Zao*NvsRgP)`FL}XF0{r zKC@Oxux78nv!h|LL`_~ds&t)0aqshZ-(;BT3ojwSGsX$;Vsjxhk3VO`^-0^Ce)xGkAc$cqPI2 z?pjL%0oHY~FpBxnFAa@qV~f~omb}cx=@rSEH6CpuV?V%}&POk6Jj1H=Wyu7tG9Eh? zyec?37?4Hsqj38WjdmCeu3#`w_eB$cTfkR^8V@A;44+Qnfp6`F>D6cwRA)5;54fX# z*_rB^-^R|rzl_y4T}|j1I27UJ!2^}zC;X8OI{7~}m)CG9H0SWZbn0o6n&qMC4m$Uc z>t)b;Jiz-HHQt5?vO9O#b_dQQ-LMvz`P)%yI}MMyhl+A5Evgn%u2`m%1YSLiW3euC zQ&@}HQ^4{qg(YThG*pVWoQU5osT^_3!IaH8l+S1@i5L5uSavQxTfEQ57Y-?M`K*0S zI5l7h#@gv~#8NXHf1&5|X)DG2<~(T-T5rTtOQa%SFx9KO zE~!|HaRM?9EPuWiij+Av#8G0zk}<14m*5Yi^Wl`(gytc&Jd2ri2~qTmH^$T)w&W3! zf%#iAtlqEaXhu<#N_yVQdQmE@I}QsJzWE4~RNn{|1L@*R$I zKAS?#EgTP?RkM4$nA9X`|0qM`PI8QfC4~*ZcQt>}93#P*S-tVoqd^G( zTEDy3@e)OL4-cg6b28w8&atAC5Y&;eo-_EATN{{2v_d@B#l{$xII3*JHC1*!4wrFX1lY1GNCi27Qn#MzsA6{M` z$QCm1j}I`xE8tBVFDJHs44VyaIeHblFq646K zTiQggI{Pn&%RUX(FqXe)7r=9$FMaNEf>5&Q3FS=2W(dubFkY-vlNE6lHahR-_&w3O zfSuGZ^ro6vaEhmg73U+IwixRa*#L1h^7&2B~vn=!nuDY2Ggb} zcbZ*2B!S5h*SRitg!`eR;3Z+z3$xS~X&*@`BVnWWIR=N*?$aXZ}|+TwHSuxV*M)(CS<{xZT<-ku-2 zY#Gvm2Z*FEk%}{RJeCQtN}M)V=hI+`SNVQp+9E$V>`iLP$(p#{mn$dJ=({+Tow?{8 z;pPADj z5zNefY3L8LCsDf9wf&R^#qfjTj*XaDwaO4nfiYHXC)!K49fH0-!76EOj@Xwc7u?FS z2Btmq>r!D z`9Z65;{n{jv>jDigiED~o8M=t!~=ul&(_;T<-{Hc{LiXp@wL$AGBwetEpo1B8Oj}3QVSu@$enikS?FOfxI1nfAXN}eA zETirh2aPw&?SH~vJMHe@Ff6Nja#CWaJX$%~eA$HD_US3cgSDyM+1UTa(PiI3wA zOSY)n$KG#}ec`l`y`{v4k{V>Y2{b`H`_{7IDkk4FoPrd|17=3n3&i8I+{GsaBN);+&voJf z)bmC$$lV_;QHspk9M?|5mf}w4&~gVC^$%%JiXivg z6lJk#gV^4xx_ANM&(qy6D4!ZXzbHolaC`7&|2X0{{BnFR=5SzPzCF&UV@mL`UjoB~ zSn{$s87t4IC<85-O@n=6cyB<`qsudm=g$R{j7K5Gu~EkcI0Pnm1S#yFwN5+H$4~E) zx)Zj$>lOGYhCk-|^*GksFLL=`Nn9cS{H(m;>YCk4&U!$~Vj1W)1EI@3zojxC&AT`}0^CXR^a^MAKa0(qcTiB{Fw(r(n~u zB2hGPNHBD$iKQ{vKnr|Q-gK-F#T0FE?2s&uZ^;!QsZU-PeN0s!5zTJE6jpHS$j{AP z-pxykq+gA;WQ~`QR@6{?sNKAMof)R;8b5f-6U5%i$v=YQ$l90+J*|Fg|D7%LbF;Ru zYdFJU@p}=p1oY{ZqG%N;&K;CU6Z>!p7K`Ijj!#_Bl@*>JSb#8tL#fTnjBm5)l9RnUgf7 zt^j7^L*wUNJ=9AL^7cCiI0oOlnE2eCdmM5tr_4is-+p+KL>6sMDPPlZ)dhWie@W@- zimb+9Tc_`_;pHPi4a+Z2zcgU<23WDDyZxdtLkqd#J>if5QF6=anX7j?s#3^!7359$ z^W5LPWRKl<6ARtOtaVJ$v~dxxtH3ZF=#$ifs~)2DL*Z8fi0u!bF##)jzLo{ZhGS+_ zS0Pdf4}7vfeLHm3+)u-1>{u-3hHp7xuPoFyuwY}2YM6>27pzoQ6yK7PUMHiTQl-QHxH(XM5%^M=EuCOXD5e5G3=M(xohH&sGCs=lSx)dV~G_oAqv<vXNW*Zt$n{o_{kPH9J-7i1M z2@^xIVFwoUh>)@+6=OC#jG4>t>TV3p&FLyO5xR=csf(A&w`&A*XgVz_OYQ%x!9>O8 z?wAxUDvHxtioH5zzpug8Kay5@ue8it@%&ZU9OO)`lNab=y5VLVvoC64mZ z?Far_FnDFj%gqD2^#d}mM4h;4mMm^rYVUQ+xG(`!liV*nkU+1OHyZ>q9JIzLsc;)C z>A1Gpp`^nh$!;c0`lM4={MTfD3C7?7XZV!j(tJk)Bl6tIE7&6Emn@7+XKGDOg-(z3 zry6x(A(oY?HzpUeY{Hm*oTV zU|$$|jjERJ>PQoLb!cEuNwvMZWs30|Y_Q+*Y&tS+g-xj~TfJRA?hAkfSfdTADkCrZ zuBuZf+oWv`n%$6Gpz65~SxVM~lWf3CJlh+l)Rs7(Q-2O#KG8HxhXz1sTRgq@sRS-& zcbB}Y`|57*;0BNg32zily6&4}m>cII2*aLt7FO8${VDbg)7#Y%_Ei?q%-)f7$8~v2 zv!4j38$4FKl>8738U<)U+2musZ>Mx4r#z?qDAql$s7eK@hN-$(-CL`xtP-aM0z>}v zYcu&$grxE_SGhBVXHa%}(_-WM;pM4KnNl$vitST=0`OU?l%sbwq3c;jXfdr_rHPVz zQEHVwxuM5KVLd8P?DB%LNsx5DD~x$^TF3X@_mn}>HN-M|s}#fZYKNHYxx?v zaW3Md&ghbaCh;lQ;%YMW!;l3IP2F@~#O}wZmUlxRn#4HqmtJUHSb0?nv^uT2NIz3E z9vBCsDb+pT=KhucH7Is>;9EZ!x6D_1M%N2q z$Bi(ljoT4XZR>Wc+Jxg_0>y()brta%Pi9m-eOV>dt8d*) zpbBF@L>3aqB$W2YiX-Di`&FDAM5I1REPa+*65N6;>9JrxpdNCS@|zs3MK8DB8;IsV z`4PL=InP~|MEUXHDzt>Llk)O(Obrd?$-8IwoNxZS2L=qOY-p62Y=h=TJaM=Yrk8==vn@>YBd4(xO z(Y|&HHP+uElsl?_4mBsJ^Z;&Qx;pm`C6NDq?t9X!&nvy9NvQR=^zh7}hiSJW$yx4s z%njBaiHYwUcxg}_iP}k6)@xnEzO%uwFNmRY?*_fmfqwX2 zlTuu}Y3`rKE!Z99?Q`SnmYb(OV=Nu|>B6Vm61SBz6omz*J-RN`x}CsTpX5g74j3Ml zCEeJnEYUh9h{0|wqS_l`%=OwMk)U!AAZ zxV@R&&Q)%rY^O@-g;}0)X-y4cR{AJMgi|t8fZFfJ$IaovoEoXQdg7pNOGOhEn$JG& z;+5J6aH@UC&@j_{Q$>ge>WHrh)K?VseU?4d6*ejv<&_Une346t8kQw)&=%gCrzyQO z-lRukFh5!Dsab+!J=Eh|!DKy&=Ov$6pC9$d=^JuBD~qhhVb$>Fh|IIp3%5ROm)md5 z_JG!>dR||sHXgRQspp)7~pF;-c|%IbYr(hXMfX4^_f@51b9#(a{UBQ||Hydj zoY7M|Xk0FLeDwzW^*s6Mg*!N{FDesR)*}T09ieWyk9-G*l@2|_HM2Uq+VxgB0vo81 zuKo++Op_bMQlV(C$XzfmEh_pdZkeO|WCe7F$bU(^kROSvDYrl+9&(X+yCZAak=Lhl z<+kCL@TtA+S!BTxT3wTJ@U9w1D>Z-oZR+@3p68LOBwu2Z>g`VxZykZpnTxEwSjAKI z9=&65>H3zf#^paBQ3%uJuP}J#6!>=T^6S1N`t_1Y%9VIZ1>H$B} zrV3nvw}+v>hPf~0;$pxQ0i5|XnXl9JCwh54{ufsyszNSY$$jaeBqALZF>~{a=4!o@ z!Ykp3&Vl|7v}#}269cPRms<$_t%89zAGdxMq2UZI-*$s%=AX-wO2-CvVOQ!e;ygwh z5bmTnek|8wpUD!3V~~;2nCI(r<`&bMyj=$mygu9r?`^XHKIBVLhHfluQ<-Dsn$6`N zeSFnL9B1Qh8{b0IR_DsO{9~f)KxW85UE!9bZ*r};L?2=-i&B6MU7E`@Thu#~@qD`E z+sBVjP1glC_wWEe>MEG<7&sBmY>?gfmAnrI=aXQsQPXRu&j;>asl=of9ikD7dbl_j zJTMN18sA;tkGc4!9(jWOPh0*!KJMwUZ+9xSv3g5fRO?}U!>gx#JCp+yE?Lb@&Yj&f z>7;^yyseLlzE(d~@OXzO&1wJ9_yd1W`k+VOiszKGhs|7M>8@3l&bSGPi)Qf@lDQ!Z zs=c)3S^2(gGX|-(sK^h#!{C8fzi%>%WLkEV8yO!VkikgS^8{YqYLu_oc68htIOdomTbPwW2)gCnq+Z0_)>8K?COO@dIhVebF34x{MR$bxV_wMKE zZfPfO*^S!V(H@W|CCEL7cz4JI?t>xLWHpT7i4QpH=~J1|rX@5n*0nv8tqOyR7D?IA zthtk9aXawAjm8arYiW`AEHj4t*?t|jgy~!19)pids^H25}z zGnJUEaJHJmJ69bR{w_PEyXUFpO`iLpqTl{vq-omFDdL<)-adIP6EtaIRnai)7xC2Q z?Wf8|YZG5Zv=ea#4F#bui-N>kR0J_)_2lDjCfn-iEU!aM0`=`4y?^3qLQVe6kkr~o zDqY%>2y54J%8<}_Boj0BEzzROr6T6X)fo5b_I*1Z5wmF9=@Q>pgIlJeHK*ZU$JQR7 zcEWc(Pr;B=VS3bQ$^cx)RA!Ne1nb*q#Ra}O`)Et0<=tc&<>lZc-Lmd2KHP3;bx*NU zal4m%VM^(%>g*{oq3({$4eRy7cB9f8)+$N51E&uym3_n5_vTJs(QAhwoK$R(&RDkS#X4b&Y@8oST?^p0z+H#3+N%1T0_XTFucJ@n3#itcj z2{)B*PbM!!MVIH#pWDb}KfaZf*MA@<6mK~hg02r;;&E%0uHKQoTg z^jI6`fhkxEFRW+7lAq4EhVk!c^eG63N~-$t#+y_2`^-N<0vzxl~lHXd2Ie;@1X zyU+m6M-n5W%pcP?G1==*1#m>`;eLXjd&XMyGmdvwmy{~_w%s|jipr4m7^g*4OFrlw zZc|U)u{>vdH{<7w(5EH}=|27#((h0pWIQwF0o9iNir(_x(6xu z=!Xxo1{0~o2P%v^fz5az;-26`#~s1PDiT2-wy)Pjc}(oR_|dkc6R|sVLE~p2ag#o2 zyN)%1Yc}@X8)pU0O`E`XSlRDC4F`t?^fJ4bb|q8kEPC>qWgRI63ym2vE)UH7klgjSoM!I$<9k=fzxdaab(wf z$k@B>Cp5Mu?>g4O7S>wOghAtr?Jo;8cT8K4Zl+hE!znn{nL8@8Ml84`Rhn9P+v&S}%tLth=}KA=*4EQ8a=IN*V%IHobnTm8*z zE&FJ@5$ozSo{)e?&*v5=Z0uRAXRq+(afhr$;4Uo=5IKLrhBVh86+F)I8ErQ+o{UBBJ7O;_odkH&Zdh>`h5GZPtQ7nZtkBMgH_PBnWcKAWyHAwBpR7Id zq%iw@flJ&x6laW?Z#yBe`i${2O)_8K?XwmWe5}dQ`bKH>yp)9H$J|wNuNK}qi+!PS z>EJM0wXAoWTvL}_l&##rALbDBreuAVel$94|ITV|Gr^Z2H`Nj#hQjT%~Sr}FbBKF zoAy82f4Bs{b&PWI8%PRc|8_4SI*c6`^5xf~U{8Sh^^o@Hl_t|H%) zG!-7KrXg11t=UQaST|_I_5p*+%-a!Lb9AVn#m;60+;NS4;;V3yiXgp46*`PkdUici z@iD!tX#xs~TzB~CVc+F+vQa;?_GSz2@)OP&*4sdYbSTtY5_N6a*xz_hSxMvWtz6Rk zbtP@+5~G~N$_wDmuC~%>ceaCH>zlDW@CowJ)Ehg$bkH^*Jw+#n<2zt#xm8g$Wulm7 z7pLkcSVZfo+?c2h^$$cB2SFDc;uXI$&mT$F$9<_2TpXYb3KJ*ChBXUQ39(G^S40VA z!4*qPkuC}SAYFZ|TqY8S&SVO5&_XNTmt-LKVz4dHO;7f> zOS#Q7nBlPWI*gdO?$!y>3OpYMFI=VGAMhb>?#n^H!rc3Q-i# z$$65YLcczi9`#sB)IB)#{r9Be>lKn3@$TvRq{jO18@L}zKSp1oLf40Jgn`Mv((z^# z<8;vcBKX4&D=E*HPLcO$DD$U?i&bFx%4ylwTb$9^>Ql|}$+Z+4h~Zn*YtHb!yCe5N z8urO$jz76?RNSGq=5yxCLEWR&nsnRRj2_v(tau71D3z|DpRgqt=-@Xgp9*}-JWWoj-l*R~rcwQ&Wki?SPtU-)Ql~_rq^p!~>hu=$V(Y{gJf}OB9V(yf zxr&nQ=}EZtzf~~*_+z+*_l@+&5B;4@&sBTGvz3NGKy21YY}?UC zPsS}AbD&l#*~P1iTaV@)73<1vksnjp2L}3lx#$}lQ1|Cql+?Ill|mPti~JuMtA%*_ z`r1k7bCF(fHM9Lmejjk`xd{Fj2n6v#vxgBG3B3bT6pcrgsasot{yTzg3LW?Bl$Ui? z#&qRc%`H17DzvGdF|}V3yThP`n_z_>*Di}jTq)p+X&{CX)@lANKC|ZG^ZS;|0@TX|A zCE)h4?CZQI-hly4Wn1Ow@lgv}vjX`W~Qy6`WsMYxw;^Jb0pHm1_S);b- zw2CXp*b~*Pm%*E-q{;^^fHUCQDQ$>&{WF0|4(=>-?|=(?5spg_jKu>R^@(^Om)+%v z*%&L188*kF-{BlbexVfG6-0|mi%055ed=!#IU3eq>lU3}$y7~wf__;9Wk;Vo0CvUz3w)!z7Le(r>5HJF+r8r9rP zSik@Pmb@pSFtZxB@v~>&9DE4?6~Tqkn}2+&f^pLkD9s5F*_$~zFb9v^aAa?%LeXl&zp%e*L*SB{lL!Xe3kkge2o8NI&CIc;+hVWnE&G)khmLE=sOsL3PQWadOC_th@B=bTFu^HOzj zU4kO5V_dBRkLIaQC4x|=w5YS0IrplB?5(y=2ft*zT$}XGr1pu0XEsl@t`NrbY5Q6} z8%u%FqTIwIz?aWeIB_aN9(rvjflKf>8H#UpRpK(v+XZjScV}~|C7@F6WD|Mjwie!v z)+`AjCxxhy(=PPh)cB$E-o8oNG5KlFJ*%kD#a|e6J@>piJ#YT;@d7Voay6q9{m0_h zO3yX)Td5is?8cCm82UxIcrXV|$0_`!enyG1dy3@9as*~~>FX9AxGfo6b*zNi2t1kh z%~1aECDUkkVE-+~hsL6dl;K|In+w^@` zFPwhw{y1TjDA!K&u%To>LM(O>&4u&dX^6=l^)Q}7?5966|EbBtZfF{LG3Qck?>TEqcK)>NhHHM$%h<6>k3PB?ZC<|keg^qXgiuT;GPi5K>|KfZ z>GXW*)|*m=7REZ8?3MVQG(dDXQ!;d8PqMC|jf+?X%!hT{BWZ1*`vykdcLXCZOXts* z&9vMn|t==Hvb0ktjO9E3+~b85_AxzJUO7x z?dt+%`W{=qkM1lL_nR0Y;++R{+=j}soJTgAj-yKkwsaO?@hZ@v z*XY|7r8}V+WhPTOslFHE12QGb`bb0T-F%jVE@f0tP4HIHOiS&{l%KqI=iSK-Uy0S* zsmLIWrOQY;DyZ@K)H`$N(~-QQ6Mp3)9uOPTgD4bjroF{#YGFfqdRsrubP(>kzSZWHxp}m`pL6oQjs&CFc(43(eSvH6GJB7i z`>z6_IRpN6rPpuzBy*5?OZ~fWkF8o${+(U14@jQ;)2?|iwC}hbRa2(0x1CU~ta7C- zx3{>-)5o96+$^!)K?gDM!<4-BlKi38d-&axeIXs2h+{VM(}9W->_EFu3mADfc+_(IwtilxGR&Oi z&T?5YSa37ADRq&{`MwjP2?<%`rnF+#>1>>4y92LJTPMiKIX^Ee|ffg zMrM*=OBX{DNRX;S)}z1j!@0Usg?6;6r}+&p(J;g&LEl2dHLs~2+NqzUsE8vK;x|;W zf;%PK%_q!af$2hQ*=Te$>GiE!k&s4&{qSletZ|uv}Lz-boO@lf5(VmQs+i9nAG_^w89dim}bol ze*GZJ3ubk`qT|D;Qg4k$JrQ~OQfI4pc8lwKu0e#|w?cqx8=9$AG@zu~;{+$7RF^?H z&Yo~?V>IV5Og7{!T{f#*{m(y}>a}H3z@Nd&##_*kAiMo!&**vfUmR*C*ubR%Sqi86 z;v_HWty{Ca5jVq$P08&Z+uW1g?Ph%%b7GZK!~fVWQB9bV(dMaURZ;iulc6B;{*RuH zuPie%&`yK1Voy#KWqSDH-n{P~*Ol@2_n-AQal^HryevzY9JazPQfFa=8`)|ng2JW{ z4U1yc4Rtzq3I$@c%xT@P@bqNAH1#E3d1+0~a+)#XtU zy1R2Kw8ih;(%VM8(dqnHB!1_{t<3a_lZm{d>ac!OU@mYH;Y|rHXY~Qt`dbJ* z`}wY3;{b6_-uI4n<~;Rx@!z)OX!c4!wOrmaCQLYZ+`&CQHhNSUHR<-vI`?s2!4_NP zo5@oVTtk8{scE|=4N2Jb?e9lnq~NtX{<%nlAO7oOm3+%dv-#Ffa8<@$R}rHRHy(`W zKtC4CQ<74he_R;#p(OnBRT;+^0Nb%N|EOLXr#aT(o2A62{F2tm%~KSj{GW_dPyXpx!DJY0)f@c&Pq-VkwxU-L!#!A=r*Ny&e21mKF@(JB z;a<+p(pSopc%j$3nD*RYsrb?7w}nAPs&8U`I*B2!1j5vsZBjTNT~x1llTo{3k$xim)3K1wH1}Rey;Daa}MekEV$!IxxX3)58gYCY_NAO(mS@q1A^dk z3&4$^^00y7j3OME0k43u*M0kpQq#;}F8b!WuMq<)pWh9GVW9s;QwifkDlhhhv{mk` zhn+7;-w(bcW^k)@U`G-CoFS0^0X#2^08@e$ZaRWTjHwFWX{pd=jzCz(c4`DS1;`J$ zY+hATBlqy*~~n z>t*~#-@)UKl4&A{7!1sQC&d3J9jd@rmV`y@Tk0?m)@S+FX|y>U=a1M?{3ubkw! zE^XWV=*6K~O*Ks!TtwS2?5`}O#`NC7*Ks*qFgp400X+MeY2&IDmvw&MNK4;vgN`Ng z`S@z+7`&sZ`<#BO`mI?{r=Rn?FxgG%S-sm&|1b95JFcmAT@#K9g3_dk)Tn?+myS{* zB3(dwFVcIJY9NXSx^xJ=C>;_?2&6FU-Fx=g@1Aq^ne)w@`OeJm z=O0TUtgP~^XWh?rx9d{Mn>L@nyGVZ1k$8WyHc$#U-Iw09<~xulRU}f=oYtd#+x?=n z+U0^XmxIbmzT^s`aHJ1hKHv1nt2gcYReA=x(=UC@Y)O4B@QYQ+F3~Jh$&8<0^WF$Q z>$PNxz$;wdAKD5No?ot3Vmuy>iK&>vnyA$VeEUm<2he0W_P6>DpeE{%x~M;I|1nDr ztbqN0lpcWov|acg4BP)ul`vA)MNo@s3yZm3-23Mf{{HzNAHeVN_pwcx|l5F7@nCN zKk02?>&D+`21+8}fI|ke18xL}_=QWg!wxopKIlJw-^$NPbd}$}Yh>HK-6+i7OLiG1 zW`tOx(%yylPuhR@g5#UO44dBD*Y;uHoZ3GFVHNdo`3K^#HWv6Cb<} z_R2r`>+REyhN#L!TOgtM*P{*tm+k_4N_1#abjo$g-J;v&7?evC2Chp2QV$bT!QUt# zjGm+)QRT$vBo=FYdnS#MMG&uy5jXGyz+mSeYyWZ`lZ=s!kuMio`hD8JJc8eY{Ci6M zet~|Qi{Hla-&mi18^_2NC{t9OpMq{*9A= z;C5y&jmz(GwvD5&xuR&x>f5P-liEmvT40k_w2=WF z{Fr=q-Gg>{YLkn)eM+P6Iu0IQlHsm@jd&LvcZbY1$w~$4mCXu!DKC>8bX7v0b^Ni| z*TV^77D$p{52=4Jp*nx6^x39N-cX*;cb7Exm!1x z$&^SDX`8e*M+{78OH3iNTouX+9gC!cl5aYn?X@N*aL{2VbLY+1%jcYf2jlNlO^OSu zi(SmkoAZ&a%at>Tsp)3BL*mujTMxgmd%X@TwrEtF#BG3@Phq~@`aE#Q#!y$q&su?9 z;hMxj?G9_c5-Mt0CF~63jG+Ef?OlKjwC&;tYFm-FKDBYBTa#09fBH!2SkN2h|A9e9 za+!he?nu1K_^psyB?d#~C7=@KBK6BN5J!>O_{$GxpzgwnBmG*sDPR^SMKI{xXDf+y zIj$-2#q4Ap?4R8B4pXs|<6D?Mf}N5Bg@7cVonZSEFNtJlppPsQC9B&=F=fYp`D5<( zDS|)(+dprZ#ZdRWA17aS22udypT7-(8v!+QiNyQrqd5uIV)8>pKvR#(8R$AU*l`@F zMdUmKy{4;L&wWQZRJjSzfY1W0#+Ow7<+vsHZvVO<_P2xUU_z{jVUUw^{8}-0|8$lV z5;!txfRgMn_h-SxSsqqp?Oc>9{SScI{}jl4@ud10zfm2|pYZMk`j)xpLYaK^xRFdL?7I*QOGXUm&nd|6 zNx4#L*jfE-MjzO3-~`xDx|OqxBL&zGsKop(M1utr!<`}r!lMZP0^|+m9B%^QJaagf{OgyW;}l-yIC@1$=lhY^RnO#;==U{m;O;#{ZV*@t^Xr{-^%U z@3Z`W^$35D*zXbhKOJ@We`t>V2bY6Ch^502e4+Bh8KO`%+Wt5q^hytDL}Z%Sj7Fix zd2>x)al4{-sgH*R6kc3bFL(3!PR4lpW$m&i?9O)owndMFZL&7k8><}bvo}w?s|&|F z6*Q73v<*s*TuZy#&|R*t+H~`@X@o3Y=SmK1t==E*;U%qhfYN)#D59SD9#JWm$SRBh zIs!hnpMiMO0iKzgll=@vTM&Q>h;RWY#s?*yfYV{_4v<4y2>!CwuMmI-i7E{Tup$2d zNSEFY$N=^EPJqg19|7piUiUf!^*R8=$=|CFNEu+(_OL@L8vJ?4DtN{ukwBt-20EX1 z0tfzUwy15bw@`9a}fxE-3NLOS~!Ucgld2q z%Z_>4q+ckZ<(F^@vnSWdKJw4?TGN{*ahi$JvXM)97A7I7Yi1!lAupfU$oi6-c3m9l5l$RicuU-Y8hb@uS^=@WUqNy8lT%1;p`~29qE8*gR_MzMR zAiRvxS9}20z5s84vTu&cwJ>dcmcQwrUVLYhe8kvNqQLX;S@nIB4_?#O=T@ot+vT~O zEX4?Lc|I2ixS8GQSpFs|>Q!z$)Ng4=PN5;p)w@Q{bWn&Sfg$N0wON{Nq%hMkgqkRc z=f#%f18mYX9jE^JzY5>DRTf%4FpIC4xoeW^hK|(9o-Q$SKImv`A~*cJJ~q7`XcPvq zm(x%kHjzjKW8sQT4fWp|Gqh2WpO7B$ZliTDAtc$WDZVvOrk%C5ZMGh!`3HSFtdbkv z<|JXEXFi4p$Pif-M}_@d6RS6U=geI+{Ke$y1zxeR>+~vES^Hm0D zw){Z(*Su&EnF65FVNkMJ;KBVBU{&G#qtEc}91T&y3)TX}^f^t(-~8R9a5b%gcl7_z zF_yoLR(`qIbn&2r$kV7nCDcli#zc3~UdiFI^y7Xt2N38I*K^W9CcGqM8?f$*0Yp6s zFj1+rQPM27LurUcU00*Z44>2!-M!?bk=mr%c~XTC+ov@A|!W6U)+Z8Tb3#2FZBNR~Nlm*-#iOdf>wE zzdVB5cGQq))lZJNH|&0>t4VbH&TQ;rr`U zgB`bfuKNV1m#SItduWSR1_hliBowSD}+$mGlgKj63T)mvwvqG|X| z`1qP5VRB?nFtlDSyJkAu3iHdNe`#mMkMMJC0<%%8)sPEVk5w>9C~|?cQSpQELSUJm z6_qQ~Ed}{^Xp6a$=4oahr4XRM=^Lb^|Ah*`B^2n53`cXSoOrj)5PMQTrAz@G*g_eDP%MsEVhjC##0|$XC^s_;U^p4%hj< zFmq*|yH7u?U$vv5H6f5Qb{P9bxOn&Cda2+i6PqO8xT22$#U>j|!@s@6|Ffn4KkIYG zJ{OL=D6OQ>bi<-$D!yKfVzqmz@RJw^&aWz79Yn^FkQ^G$9ZQ=a8QCE*ujxwWxrWao zgTXeX`uPl*Z;Ym*$Ko>7wl$P=MyutdjH@&i0V9o>cod$ER7$;tRF!_ptwnzQptWdR zP<*>rQ{pMWiE-nPEc##ZjGiCZgwW;Bp7+%Uhmyz^LLROg|_zP#C2aLo25U|U!y3BV2NaWko_7RIG4`{4LI}n=# zuscVm3lTFmu$>`7BYvpE>Ldz~BS2t&0F&zI&B0%V@2jffS&b%-$e+ev?p@Jo{^tI5 z#`NK+=8Z%B`^LocOgn?=k_DN}y0zR6kh-GLct*&^1!GxKGn$>Vs($=zcfXGKJ z13tZBPlv1~x9NRAXU6hmIf8Kv%h|?Kme^?VDNyVo1!m4>SH}4LL51AfuOv*EzjB>J z3y+iZ#pWvPG!F1uu?kCa>K%cbTe|3@aQ}Ys^3_7sQQ4rm%ek_Oy}s9}BzL|^-(^1V zHmL#AL`Pl?@XhYIb=Xw8Q-LrHzUEfZ6fD-E+)F!GlUmc1avZACp|7J9tdjj#MivXE za9MexAll*8lJT#rL&ckt>B0SdjSoHYj9;dF|86ner5xhoC_!G=XQzMtC-=48LI0Se zy+4rS8dh*+8c*Y0aI4s+ChVt&Ek3x8{TDJYXGX5pvj1f2waHO7lV^$|LP)eJg+%-O@wz+FIJ9k%`}GxT>F7qY*rxc{+kH zReeP#ed3dbn;5bFL7xGx)I^H!Yq)-mXOjpWP05-IYiFPfp}h;0L+v3C*v;BFNJnk#y2b(4W$M-5=G zKRp31mF!Q^a#z!er;roUR^T+i${6ozIEsCrE^kKwaN_E$EWjk?HAIj`j+Y^Kdk-EH zvKp;CZ7I{}qPOjNSyJ6!FPQakTKk4833PuY8Mm4N6E)jA7mg_bMz;8p5GhLxm;p6q zE_8!`e>|i18Q&u`{}QqMRmWqG*|Fv3V;!(4tlgG42tJeoA{oGduA1(9hQmk}u@N{C zEO;;o4_R(vv$9-I?{KlLt4!9|dS%0tD=u1K$p52&@@{Ks56qRB(zY|dWglUzG}KR?XPX2zVEOMgSr$&}t0h)8$S5KIbow^ZDF+Wa_$tJJo!qmCRO--%Q#K z4@HKH9I!}NxJkS}@l$q;USUNU6sFZ~*G9^}Pzgi%N-dzdt5KkZynUmN0uBoI> z1PLPVOH=&1R=dL{v`tO=j1<~~V}td43sfO4!%n^H%RX;?ALM4SDQ8WH!BP3lY61ZKOEsq4QdS znS_3Fve$~1$P$>bwD&3>JC2f{lKij|5RI3Fb2nFed`eB`)(LMgPbO#fO+IJSC;SA6 zF7cvjiHuQrLGaE6jO+<`8V_>{X#k_wR@dbHVT&@M(Cw2Vmua&vxkeX)+O#HcI%)e2 zp)?K+GI=Qi-ATRKqQl8X2<3(%BER2;13{)MTMh+lZ{qeFVsUxB;jb-f_9;2iA=!kc zH#(Ym_E<)L@w^s@%kO9(-tHMWe;a)qBM7*g?zOa=BJuNVs1^H?Lk<7y#mT%E{ARq= zIB$EYQZm|{R@9YG1&g!fUGmk0YC@&98)k~8o2rbSEpCk$XQ_3k3NKl>&tVWs^;@OU zf3Ax%%(I^Z5R!T~aR#=2^IL8mazGuJ)#nk?&F2D*TENVJjDo8b^D1!?jljJ93NXws zm^UiVBkw@QAC$(mvNhTV(MDWwSra@J_V%XAYpgY*s<^H5$zOKIfSD&D@O-n=MCcVf z3E`vQCv^(|M0 z-oko+5rQw`wj4E$9;Q3z2}*X;Hp;xDmlts!85Jtl8LZo z1pS=K8kMky#U4Z8chMB;USnwM0}-T@LMR#3>qjX4CdaLBXqCuDZFhmx z9;n8g34@8Gb*jw=@n?ZIC3QP)KQX6yLBGN{)U6$J45J3bL#gvQ3V+N>HmwD<4Gq1! ze|^8ppW)#`wsb<(YC~hz;VlB~5x8AD5vh`ZSCM*gG{E#21%I^^Jt#h>DfvG40#`@J z4I8q7uo!iG-)m|_i^F5Z|M4 zsh_C(G$&Y6lK1=|`{449z&rh0;)yOV+eK!{uTiSJcJhL%RuIadx8d}D?4rkp@P~ER zoiF!!GS;R9>fV}x^>@0lRT>1u?y9k*xN2X8~$S0 zP^7!M>a|yPl@YPBs(17&oBKUU_2WC(KY$-$>6f#t7GVkYg!jao8ui2T8j0karIOu# zo??|JB!|@fW=?Wka~!H7Ylktf<7K%-jE$fV@>qp`Ce$YH3HMmQNiV5?z7+_4P)(+5 z1RD?(WI{qRepKTW%(qyMW1);VLA(r{NQ)D6nVQ{9o-RvUb-qGo5Fxop!cY0$Jig=R zo9bw}Tq3~h4q|QZRL_F(x%Ff@YlYcBCuF(G zlnCbB0T%9Na-0~C`5%!MAiYFGAU9Gn->n0pP{6hbKD|;J^9p+VON4Jd7$3HH26_R^ zLFIbBwLb$^TCB0^L|Hn-jn^&;tNtCDNB+zXQ8GfGs%!T+m6tcg{cr z#m2pp%iDl+0dG13J!&eN4!1DBS9BEUgY>DzDI$B#)VlUG8m3KrC30ln_vn>w;DUTD zMG(7Jk6m+uUGqx!cJm9m13mSyh$UgN&P8@IOh^KlrkxEf7}tEKyzW7o(7t-HqY3*< z**H}PIWOs!(n*Y5y2%;HQJ7q|*dlC`{1S1~YPK-31w^WXyNlf-(pzCwVatFY()Jw( zo@_>8D<*e=f>Vj_iNj@%JtT3$NI1)4QYpG&%O z8!(9(D5HbnNaHsh!v&XWnJ#^T-+HA^q3uwDZ3uD!JOy49Vnqv%zMwx2Xm}Bz2{QHfeA=!~T_L1D6*Zp_Af^R!m z0gpE_0}aDS;jhC{QS-32*@MtlLeeT?N_G(Lc|cs77C8t3!eKLzAj?ivz~VNH#je+qdiT<&Chnf1X4 z*(`-tezOR_xYaB&nF81Raky3TV24&wrrn)hb+b^FvcK>?$-WlgJR4s-Cf+p@@bl=^1kFrs*JtJ&jnxTk6V~NA95Qd!71<)JU5_^42gqN zO)f`8>~g(Si+faC5SVkfIIrgMfyy1--peQV0 zJdd11hnJ<@@frS+7jLTNC>zelR;A9aKc>m#kzPbtH<8L}qF%1hyo8zrrx_yQuc}?C zlz)wfdwmz$;f!2%3VmEyDyqK&qV(?Kqq&S##B>tgL0OQ(&ml|9*b>y9CjG3bnaCX% z3VTl3ifGjLd~XN$hTY)TFLPpks#S4LBb>lUl1+FeV|OBvZX><4As<_$(rhp;Ub}Di zqb1^{w$FDBRmCLqA;k9BOx+ z_jXH)u6m*cA?Z7$Ql&l9_Y6eG58G1PU^RAZ*h+G#T(1vjp+wKP_?Y&m>h(9|#{7I8 zoi$0uR~DvBt>S`@pO9yQYN5b8Q7E$x2$QS_)ODGL)?#7zY0cG|n#U%c;V~q-47{S1 z?B!izgO|7yw`!BdY2pt4lr-OzDMS}eti6-}UG=RE_$ zGB&Jte^(~G-Uyin4JOCRf_Ku#uGz^ z@AxTSa9tS^a6d9Kc(Ti@bnA$@+!+^y)q6O(@BrJr2&aciiubCfTq7SpS8c0MnLK+x?gWnuE?19fCImoeGPu00W@S)Wb#dY-|& zrcQ1s+mi_SY^z=t8ILJ~;&O;HUdGrrD#P+3P-(PqyDRw0Bf-NRD`TJ}q<4j{vVlvP z?HD&BO0i@9btP1y+ZixDr01}L_RA?o!#2ahJfjm{lspDH!F|WysM!U3ZGRn{e`Zt? zI&YZGUQbBH+YxU7O-I8MgJxH~DDu|pU)hMPz3%qbOYj%-2jWq$j%cT$A%r|AH%@jI ztBP$N3@Vn@c_vXbf8VD@r-f5k?1Nzth|Z2LF4HK+oH&0~o@4xJ0r4hO1PyzM=P&7h zJ-u~W{WU@MyJ(4kaa-xayNIM22V>szjgaL-Cew*{+%<*ecl`%*3+oS#gf5ys*!b*8 zS46D=yT(~?vpEY`mtV{%K(@11?m8$1)V@(ozNxH!cdX=b(z<^G%}4Pu!&fhU0^s5C zLd?843f`^?$i6w(&y`f;Of12S8);OeC6z(_q?H=9RLusDm03xE2Du3$S0H>@d%GH~ z{TK}itA>#dI4-d}kS~pY7quuD<+c^Irb**rmfQLcbH8Mlfw?;DkP_SYI?(xjqHdRT z56`CSmQ}(-@O19-IkuOJ?!fA;IWnC0dMFa+Sca@v0pdEKM*b!E1>kXMCt9@!duzHJ zt5@4sRHfu48-}av^e2CEEAB0NehoV3eLU2%5KpAS5*Cf2ev6gjUMEAY0nR>*9)d!- zmj@VLXz-qxm>APB8*@xtX7jA?MT$11=o00Gz`ue-7aPpZ=M@6Xt}t z5}473AeA*K3zYkmXi#0L$50L{j+9CjPdDKF7;`m%4C}vE{mj6Jcn5710cHQFU5p*v zr=Ysc80lQ9;DiX-kFdVrHQmigmgi?}-}fq?o7z?UlIwCIg?C z(0mbko{%LALp5lQ|Eh}WK-T0svmrZICzGpJjYe-fCx!dGq~J^jb*X}qr)NWWme$(f zSD`mhkOaKgm#thQRG-RVb@q|(j0H>Pjz@b<%DTK!D(kbYUo(PmKo_8NKDIj1*wdk!fiFPJ zt7XBl>Y(&j675gqbV}}xw!+M?yMy;}ii>MqR+La@)b{CG)bh8=>@Htd*c1Qrvu2Mj zdbO&N8i!1pU!?d}pM0l#Y+K3d1LK+%xzaow z&4Wo!e4xkPrp<=w0fRS$(sr5e6K}mNM(Tx#niFss6>|D@>+D&$%Ljnt}~74tJbuVYf!og z?cg>eDY@(l`_={`{ISz(JRj=qz4P6KEJCc!lc|f$ri@&f-gWPi34Qe0zE+&Xo?v)n zqwr^_-GsZOaMWRz|L&$R*ZHuvX$QY4u`t=Zl}wwaGK|S$`P;8m=B8d|wJ=x-Civ-S zpJFedvz;JJp+{?=Cc#r-cpPlzw^jCjb_i$QUA!3psP0hUFD!#uHtOvX8N2drY0Yeg z_vdvk-P$GRV|BfAmm-dS14-5$&)k%9Ex;HrR*9dg$N@GFlnGJCTM=(2rQDHK_}WH)aP9(u((>KC~&Fg z8uuBf{Qg)Dgx=lH^;?<8GWt=@@-y$6OZg`q$z2~nj8k@A(%lT`X-n!sIuE1@jd57hH_#wyQ1p@0@|^QHXm_jq5lI`9rA zp=xI`IwnOnyDf2Qjg+_Ebusm@DP>{FzR9Od#sni+(G$cr zW$th*fs96r&VBIoQ-&JE5}p99sS*P<>B*Ojcw$UQl)>3v7_s2k%`u zPRf?LJzLjXu*zl~=7kTyshVH|y3zohMfxQR$1Wr>JNg*4k(5N5|Ly``53gY>Qh~?g zht}Lo1z83b2E@0s^j6j)<$3TAzoFjxIMt+Gt)+DundR=7@Kq7zb@~~XHp7)k*FqUQ z4yT3Q!Xg&;V&u87DJUBA;oYHV4qk~Y3d2F!Ly}VFyQ``8eI3fnqDnz$pvS!vytv`Y zh>>5=!hlLGHOq-{_j=7Ngn7Rucqu@)5?YjzI$0k(ay*Pjs??k~a}%ihUfgg$9N=f^@d7GZ3GrZg0RTgt}y zW4X1rHv%r{8@vhRPWbU1B(P%3Yjn5eG_)Be)y{XVKtVCZX#^oUZn<%!ou9Px^If8Q zl%CJ8;3DLVd{M3iv_H$2r~tSoEs(<-7L302YxpoA;P4!_{-B=kz#f%53}kN^-#_#L z>SQGF?URRS;nPa1e!0-vCI2Zn4)~%cL=4SD1kzzUdxR=Okba3N z#mh15i_}f}Yd@1~W_&0AJ@e7ecce=dV%g(6i0aP9`m~M)?dXYi|D+XnrbpxACq@Lz zvFeyhH^FmGNXYwprAyh>`{RKo669m8e0$gw#?`~7`7M1SQ;w#IneFsIk@~e-CFm9Z zn28B9IY@^8UO>puk3{OgnI&+z{EZFxHM|Ns8@GJ1Y^h0pd7`%!FZawSS<%$!3>6q%9Fvt;qGEbH?kBywLWgX=9=I4k{>{;u z^{MOYj?XIUC%xGwk@<@BhM9J&BVq3QpVAt~bmMHQ8a%bDBHk_Y8McoW-2U=;b;Nvt z@OH+>Cm1<%_{0){14`L@ynsk>97_N(QGNgN(HUs^3`Eq30%FD6)}x5SV53k+;+hd& z6#u?E?F`hU2l$%!Aq_$m?E>aCTJ&bBL*gUQxn#BS+6^leJjJN29$@JymS3Q^^^Bd4 zC0Sk!FOAXW$o#6}W081$p3Vd*!f}x@Bf5txJ8|WBCl(D}67D1zwbToxX@^pnd~gTZ%qIh65h+6_jG~Wv3F{*>NGWF5But1+Z5U6Bp z6`wh0qx-1+WC^#}y{8gG_>IyWb`x2DTfc`LArYd*WlNNqCa zxqo~oo=!Mh?b5k45Ab*+|6=0Q%*xK(!V7t}DHkFYn&<8Q#xav_@A7&_v6+pApHDL1 zi@F~tx{N(~?X>GKsz$w~M4Hf!dqUM^SQ}wx=X8s?kW`sJFQsCS7+Dg=UA{EpZL`xj*#pU@7Hf<@hpFGi`Z&m9?}po{49bRMZ+2421Sf zSkW}npwqR_2Lg4jjqqjC)N)_vyalt~&~6v^r4$Eh5_A+bV@>(1eR5eHoUJR+x{!~C zys8QjYp?%gMa$V#jWaCcDt5~$_Yh>y7htp67)t!`t^4 zHuc2o-6x>9AkMFWvubbSA{}%)7_SY=4ZR7Sfb4q_fja84Z;-=umZLjUY6e43Op8B# z+Ta!cv=eF{xW3c(vobh41p3H%bu>?1#M{7J&)cY0DA6-^=$TUp9L=;iw4I3ZRsDf? zTxk+LT0xW>mmHeO6usweu4|L6jGrWL@1s0N*!HHHy7B(4(M!BMRsvPKGTE_58yMU6 z)glnG6cD*1xGOZ!KlM#$_^O|%HW#3DpvFG)tng++Myur{=9Fg}PN^KoVzJacW;$t) zyS9ncL~I|RuU@LEMpI5m1sDYc-&^bna^-&e#Ac?tf_p#D;F?S{C*!J4S?tGTfgZ!m zLe2dx{xA757Cd>|Rh~t1d{tiKm9Q`O9>+_Ux^p@p_hOS{`#k@!oBK-bh(m4q^1iL7!2Wwm zeg=FI(u#jymYTr z?3`N)&QH#))0Agh0hQaCy9A4sl_>>^F_Xer2`2g9Xxm0|YEEQ}-ibwc4g9>XOw)U5 zxe;Q50>5YmhmJO19%*L7#>{jCvk%tg%qa>s^&7dn4Ftzv_IoZN2lE0hJom3yd#!fN zu8oPsGNCC9LTE4vSR15e14*p?GnhyC07d71ZFljCupxP<%C?)lsrQt}ptCCty*>iuD z{V16-6RU}wnKskzc5}aHU{u}Kl@ad9Zj))xFqfRX6;d{P%7aOX#Wu2?zk z4&+3+vzy@4lDqRF&dwk^`nzVa*3g~{H0g?&Ao@t#gS4GyM?%VF0Y4%)UpU$PW5*pZNR(|%DbKOd@W}yG!Zu^ico z20>|4-KWp0FMP2BbSX#|2{gyManPKL%{SE?d>k7ax+jp@E5rZP;T^K7+_>0-u={E9zh^~)Q3W}5Q~|RE&1y}hJy)MmWz%qBZOi9>Z9zyEuxAa zVrPMHlV{hQ9cZJ9fnbh_Z`)#SmnF%+`)3gfUK({%#rxp1k^eP9w0}q>xf*Ik0hy<7 zkVV)jZHWsKMlYt)53hj$iH%sqF7qFW4bxMPuZ@~ZS!7+NRBMs4+KwC_^EPQu0iAy% z;#^mslieUcXPb{PDZ#XHZ*v)oGu?YvPnC@jQmNf{5EW0uM3y*L;veE=SQ0Ub_?rv% zvCIe1B^u1Uk0gqj~w16+#(kGbjhq7+u-l*;(n)*VW)KPPH*k?pNbV zR^yu33A&qlOFGWN{Gq|yJf7p4A?y5lG))^;<#7cGg;1$r3 zh@cf3hWd9)h(LKGq7kN6DAljD(gqnfp}%fSBH*l zvS&`{=phfApS%(Iz{4$Nw)6hwLgSi|sT)rnr&41lleC`Z)1|1+Ec*1SWb*%BdV-pM{4kgeqC{cgPUd&0niETo`9%5^AXH4g2HS#u*b~!5=Ls^+~n0a=6)|gH9?g z{d6~mQH|S4q(E0t z!8M>@@{gj)-`jt|82q{K1ZYc|K&-M#;mQ7}CfAv}AOV>E*RlrkG}~B!YmEg_eSlCV zekbeC|1iXzwCr z>Cs78jZaR~=a{_&$C!9izZDtvOShZEHSE_8nocu)`cV7%_e2vLBxg)F7k=)~d|crW zz)IxdHL$MEi^4HdQD%+RK)h&MGfW_&js=?@65k+FL9yY6f-m1xZKP2 z{?*U;#U7oA!HeEMjAq^%G+*z;1y?WGZMt&ze#&ah8`vTkrz9_h#NQKbcsxD#x!JpX z2}Tjhj8{i#RR(+soLp8~h}+?*xzp+BZCz7D*)ZPtqbu@)kvoH;8+Q$e+oBShTsJfv1*7V=`&D_HZdY`I~I0wypLEp0|mf|h~qiP z6t4PLa%eZa@@?seR5(b$$A9x)SV9P>4iw5Tgtbisy8R-+_<~I!?rK@=y2wf6P^doP ziWQ%!JXmYO$xUi-xP4hMKbezwmX9~d%TMDjnR7dxJ=DJ76e^2S$}al?)j{J!`D*r; zQ z2zU44)=lhvx_nOm+%I=l##obSR;(Uw1Y2h1I8PvzliV4zQZhBDni~1&q;nM_40KvR zhQ`|-Ec!g^vF^P(p0jauKXui61xtdeXFSCoanLooD(C4Z$JwPd@z(Y)ANisOaU9IIUu@&F?Xko(J)f{MHJHuB4usMfF$oP)FFn+pUGV&vaXJ4sk0+t=|0`v zr0BNijiewD{~*NCb9x2HET0oDJ$z5(w7|k!U%7HOzxg(~B|mU%~QFS1c_MzmDnzQ$sZfb%Z1U_5q3TJFfHE)AFO3gSq7r-fcvWP`QI}EE2rf8Hy z&EQmUX1I&fCB&K4kc`3p1YBd8s0IAlwfVVwlk6xJ;Cb^l`7U3qB-9cBzu?kjbg9G{ zNO&9WfCFdmL*6tDrVY&evJIt|#^uU}Tu@@N20CGYPQU*j)k=Rt-4_QgEYn0(gUJH3 zX{wy-GcEOdsV8;G?Vidm4Y$}!OIu4zjO!R_eJU8xq8@O8zZVO4WV%$8Uk9|C<3#aK zP~-1V-Qn_LF8&;>k3L=9H-6(gsPaz2EM)Z0F`Z1Ipx|hhD>4Ee_bW-xKUV zHcgDa`PL=4b74PrL9+RrMTt@#Ij~=Tv z-+}hkDRt4caEp0q z3`{V8a!|repCVojQ~1?bi=YPQ!sb+5!aHjxCA~P?JV=z$=hTyRAUQ;)LwMh)y|h5L zS-;mx!(krCF=YN`uxTVB+0s;?yQr;nQ6*cIRn2_K`1WNv$l_2d73UIrP3|*p{OK9! zl|)b6X=!cXx9p!igX5%`IUd~Qb+2rbwLlyTN>6RX8tq+#;?>r7Lg+kZEb;<8CHtLz zN}C$Ul}K-vxm%Bsu++=qAbgnB&JGBTX|9aJlSb$|UOQcZNPll8Sy z8CH_rW7W#z`&v*U;k1)8so8is%V#gG)|PiyQLUjb#Okn~ww=Kc&2{CA>dNEj!aI!m z)*v}h@c`_>NTYU+RbYU5tyu{~w>BC1>*_kX_wv{8t85(Ps~jp4WlBLwnYrAzo3tP3 zX!=xtL<^+>i0eM;=O^M76r!`lObcbcyMhxp<)7^)`Sku~!b<;nQCx;VbS@7!&D|sI zmx#)VSExh{v}e>3;@;<^;@F+lkS#x(kQ%Ft-eZP$>mtGyfZV zZypbI-}a49QA&#v$~t9@E5AMaxe!fWw1^GiZR z@nTY5e`ZO91Aq)3N#Ek-%z7D?jVM`6h&FN%n*Ko4j-^N<)d^Ka)vN?~W0j6N;Zeag zBOMNPp)ZF%H71xJ~`L6i+_&4|a!k8Q+6Zx<$L2{sh%O^g&IuntD3;xJqtduE{ zbi+WvmK7FPd#w$BJv=`79L6UpT1=&B;*>_HiKK}sDa2r?AD{BZ#|zC8X(^%~YU=DB zHq<&qV|8rxgi3kHkUaY7yh!yjqMC1|y{qlG!&SP&RZ9KM;k_p!Ou}FJy}I`Pf;e-c z)C1;s(M|TFFk1W%UcIIjss`C$q7A*1>`ywwm-5*x_>CF$k-ep4Fg8tn|6T}wBpRmE ztx0j=#(P)9R5==@xSFTr+9Q{mY3S!9pH?+ZoO|+$d!>&dKyCJcsbW$oJQ?UC0{nK> zflwt=%d@0)_rrTm6a~IY-jlqaETk!NJnKn^U+c+yq$)+09M{~;)f`rR&|_())`c8) z`E0f==}JXu++D#~Hkpi@Ch_?OFYYRuTx|4qQH9|b-HTn{E)7i=>N*z;J{*p2OY@~S z)p^OOt6f?4su)??z<6QxYO4<-_m_~(y>mR?7!5cn=}p8V-+htu>igQogL0EayF}?e zeOvM9#%Tz{s9jPe)lf3;WOA;_sLooqU6Hz*nj`lCO%|=2DLFAe=Kn4rHWO19_8Nd8 zCa=_f4}+m}SpN|iTktvR5D3V`Fw*KO>@ey(ls*cW$d>@B*00kJz_oWQ@2mNc7KCpW z;0`|nBI;VA1>r?}p15tHD_XBRE%Kzg1Sj3lNLb>?p_HlB7R6^Z(1KnVDUm8+Zs4G@ zPBI~^0aUMfUF9?PBBjEX+XXJ!ZK1!C+I8x4rijbEFAjGpLmGxo*@oE6xy#bXAok2A zw{DAd&Ej4o&D16Dy+oFYb^q^#M5<`lb1tP(C?WWIB(B3_;bdlx4hOTk$6S=bCFu_* zM7YDlAR9|TVugF3rw0TG!3;-ptMOI1A0OHR8}%_Nj}rnVSj{75eap8X0dz5N0v~PW zVhN$Qk#LJzm%uYGj@m}ec*oZ-;)+R2O)^E3p9fB;IvBpacd<9FI~x`or4aG_%VhbN zA3CA1Bd~ENs#>4QaTLgV0L7E-B?@SfT@;-dl7~P5%{GPuKP>Ov9Wt3vJP&2Y+Uo%( zE7x)zjKkxBM|S-tHts|yCiKmaL|wSZrQ2_WclW1;xWVGv6@?O0I`vu3B zuJ#)}eu%gAnj4+5QR+IPb68y8X8F^)n<>sK+YEkrw(AM52o@Y9$YgeF6e&p7OS4m$o{~6Xk?${rc4o5Y zASAc(O*7pk*B&H0B!B!H(XiOCcVdt;$gKa`ATM{v^@SUV4hZY*gUE+ZOGeht52K%taEdnsJ08 zl@kjV%4cDNi9@S`SnE}Q%!par^C@+NFLk!h*ezJNt3KAP`5fvR7~-H}VYUTvTQ4rb zwTwqg7iG{aZmv6ZtQKRuNvkSB1PPtk_NO|fG( z#@8%WlHOBtAGv!~{21^?38;TJj=kgaafZ?%H*Dh=ci$)QBE_1@--FQ!E@F8$-{ktT>1yC{KdS~8zxSiFcg{+n0b{cn7}5Y4~6M!?yZmY z;kxzZeQsP|>!3;yet1ghr;WmA8VREPLT=?1La5k96t9m2s&1Z09X$`2I!&t%w@WBe zLn?jf%B-^ZJ{MdssIPV(iVU8&H}{<|9Uw1)yH8HN;t8iRK*E7 zS&YQ1x&jWGrFW<(Pc{DRTZ7RsMc0bb_)a)pT&FnG?9FK0JyQuiTw3CBkn!Jr4(vwn zSb8yJVV2FV7qInRV1t^cUBa~C{`$^Lf&x%W8*!qzZ$YjFQev1;ElFrv)fOZbXa7@Og`3c+VrG0gfX%KHnD=y;0*@R5~NCT}Tqv_938>gV;0S$$leH69nb$(CX_Fwk4x`^BgxJ8kw(-%tcLZ=!K2hb*r*H`NO^6{`vQ%MgC9s z&#$?9hN-sqT2|~=nvaRM-+(Am>)yIw=-?7bdimEO=T!KWYBTdE(Hwovan&ng@jw=E z>L?SH1t7F?K=0%IKZSSEb#+&Z*>o?S_&3R#yMKjy3iHA{-`gB#%!<9J5^DjAvg`e+ z67#RE`D^R`Z}|H^?LjaP+LO+s`r_!83!5G>ujHsh1DsZk`65bP0PlHu$QXB5o|=Fkoj+80ww%_OV(8VR^mXyd za0=W&>dXzVD7np3@Xl`zhH^4lE6>Wiy}Q-vBD8_$nV&ed*oADfDN{q#oxs?9rSiWm zK=nrm_sg##T+ve}!%nQewSBjAPpU`*H$Q#{Hgv*nXCJ!}o)xp%V$4Fib}#yT@+)M( zxp~DPNc2x(4efyRjK2^qV(+3WL!Pe*|ZV z0&JW+7`K{N7o?n1;TI0ToI3fV*cmmdfU_6f^{cL0am<4P0Q-`!POMXBfuZRrh3c$e z79kZZai{?o_4iMO5<(l7HwG+K`TEW4S|)*?|MNqW|M3-zBFRH-A5C~rzkTQ<)NkKl z?#Je3;=WG+{g2N?|Mm?F`AKMm}$n5MCG2 zqciHP%Ju4AvF@+w>--m!69Y`WZAEmDIqqTK-?@GL)y%!X}W1yVN!%Ns-%>Mm3`5l%e=uSIV{pwxo^E|^?H z)w5HN0jc91AX{w#M~A`h-PV1ow%Hg9px)n$X1qpO+Td0vpk%;*5tzV|?_i%n*B~%5 zFHjn71`vY382Jn+x4{57egjylPxY6Ylg2$`wD|5X;SMc`+#s#;vw*WMjKEde)E?n zR{L|0{2-<6I>v^|F-iQRWJv&t!+Z;(asp)VVOCT?bnY)tjQ(?%Ea0y*pBCAI7#G4e z_axGHNdX?Dcm*AK8L*w;Q%Iw~J}~sp9WpTVn(ekO{li_Gr>xyGHlV~;dw6UJtj+zwwKZR5r$X!8VlMmAS^SiK;qsZ-Yfn66cr?2W9T+sMBOM2-&mjdA(nC#P`NiM z8ey$`sjA2i4r%nh(erRT_lV17vV((s$AQq?hy|nW6SKk*cMlzfu5~edVNiDlSJ8Ka ztCXECks}c-9de<45woQ|@9+$D*LSpRK@#2`tQkn9MRKorJw}e?0VSzC3ms})GZX1e zsr-jTDKDu{RNRI{SC$Ayf^0@a)F-k(s>lwNJikWM(~MahDnTRt#YR*n!wdA!jhDpd zoI5Arzd!j)b_XUP^HOrEfvM(u+|?q{TK%-8*C4Go5XdwC%EY%BLBvUf(yF7pGE9d@ zN5Gz0RaD5YCGQk|%-^Yo%Q^V5ps--^-BdQ+YnH0EsQdQNA=KAIhZ1`C3U#@_Gn0fC z1Cc%{Mbb?58B^JBrr*@l^L0%I9ydi=x+5&Ty&N1|knJV;ZK8sa1(W=8cQ{*GIzKzd zb-!;+b=#Ys#4Hv=bPBB$8dE-vP?7G-mG$DEkc(c@J?4HqK7&Q_E93aZbL?m!&U=}oAK)Y*ogPbKcH;;QzMj*LiWZ#%($Obh z*|eS#TrckHx{y?uXw+l%WwP74s?_|daeMcWY=$J?iI?V9ohxNbFVEEGay2&QcIfHc z{?FFKU)RU>-~ZnV%x#aye|?7gniist&PUEeXBrzL`V;SznQM=jj(cV%Q^5-s7y-M@0!p<0GrEEbeBhE49ecxm*HTf;3_K#41{v#;)hv{fm^n@7*lHUBS zhyo_4n!CDUlJ}%$+cox84 z-G_<6T61#rj?H^$SOo+6HbS8~+$ViGx6Zuv6mGf10E3W9ET|pGWq0>b1&py(`QrFD zLE0U5cyAqHZWjBXWDV_4Jt)#jf!SP=LpDwyM(0S!11XU!@>>u|yy6xl6xgf#^hgmv z+6V9@V%*{ZVPYYNSo(x6yHL%ac$47NC`G<1o5^v8;|+*){YZE}Ee$k1ke$4x`4Yb8 zI+@r!glkY-kE9M?%=BoRh@lE@>LZTFfCQQ6kGphMOGlXObysk@OL2 zgFi1aIxr2CRMhUbw7i3U_F{^iVpOrH+@;00aYjz6h*{UM_lrb> zOw|!nDf+0pj)R=KymhhrJe%R&WKh(lG=}z`<;}F?;Hvbbo6P#PHFn@m>~Rl(&GdrY z*jA9}VD$2pLpBvQmXPiAzE}5F7xly_4=~bosKLN!XE&ESC9<~5=e;WXG?YD;E`7_M z#4t9}8SL=*q|0O1_a{Q?OQ#QS*v+^tl{K@c@u7<|GFL@#+1<$Yg+9^)mubflj_;TN zpOYSlMm{;B@RLVfMW}loMvH*!w<@sj=;qBB9f?xjZwEb&VJ=}l0nQxg+m4Q3$usn2jI#rsrgn?B!{^Qh@CA_}DgdG3{;fy*72(Xv#23 zF9Msua3O7Z4JV(-LG z>S?m>1ngMy^YY>%yPU#KC&@iQ2NnIo>krdDBgWy+4^iC-sM<0lgFV4x!PM!+c-hCw zsy7C{qnZt0l84KZ?-v~2-B|CkGBrj}PGCzHS3Wg4ATfO7R!@kYkv8gxCPIqhvGOq@ z1@Xmy?`Z3J75$NfEGV;+7dCuTZCr|VjxJ58j-2QaDm9rWJ+P=xcyD`wqLVE7K<&;R zOdL{+Vr*PHLAzXwJ5b4;=Rume`m!UoO-qy^pi)j}^a`VT9#NT-CRI@fZJ(w+-|MK^vm_|1V( z@3Xlcu1AkabJm(a?b4&fKertiEz6odhur@`P7G+zys~0N|cTYO$`Xrww!zVCh*!+2tYIrjt_@0%dp{jR*Q`B`dFd12LydKY_l#xc$P zS&yZm+RX#Uy|4|-L-4Bv`QU-^0l!M+ERTUkF|H2h^tn?X%>*E7abt?RPekP(`YGWP zo+t|B3MXh)#h68mxCWhr1$l(Woc-DIj_wc(6WFcwY*;~osTR?8(seY20kJS)!tZjN zHZi!du3~)2$4NX2U(1}}TeaVZd#@C!{MGPtk=}dqbXyy@;sR{c+PMb?#52`gM>K#I z`n1!uk(-(M@O0+)YB6$^6;X3?rnbUU)?2MUZZseprS z=a|A?*TPc!2rNJ@!rcZ!8(34tRao_{ z+Kw`%E<5>{d%>Lq`dSTC;jCG0v8xhp*fMA{Hg>~>a@nIzpJ;?<8tXXP0Aq1A*VFzi z>3R-d6l-t`5tKrw?-IRy<;u0G)5kMvF^|Xru7oUJrk{z^*aJh2#k_8c4#MhJIbdJc z<@HXv2tM$%Yw0Q;Rjx4p!L}R>UvY;s!4`Uf{%|*IH^mIq(oArnH+w;8oa|mj3zu^8 z&v~def;6pDQX3mH{R2)uZ|po)Q$-P+7B{~miKb0b8%pK(qetA2G~iaeeE>W7!$~-e z*W2P!B5$?eMauPg`PMPak#9}1EXO^}?>a053N+3J(=7U%ImA-Tbnl-FSX?uD-gr%Y(5aTqo7`7&AFOdAZvpN++7^PRcDtvD*7^lcUCRy=olt zu6?jCeVlW}v_s$}JMW-?NW)7O#!~`r-5nmldvGQG7{GgvwV`&QtmAL89IPDDSg3aT zio~z`IPX-sUc1|f_iW~(=z1g8A6{(Rh~5h*AVQO#l{*f+in-Cjmfz~h)~djIw9WHy z&0WUKnpVcJA05wIS7y7DK1hlUN#6Z7c zjVxijB}&kGvrZw2Me_dD%!u;c;S-wsvR@Z}#Rwf4whX!2XS7FPep&3aD&)!DsizV0 zKCB?wkEsERw|7lsTu@>0Z5V!|*4Lek_>$P(Y9R9Fy4UWpecnI5S9_DYtOUVXFI=Ok zIMW~i!n!%&X z6G{%|oh*^Y$l~|NmfbIJRJNdC=YTZpu``tbR#=;zwD7Evk zNSb#7*mF%}4%1uq-E7|P%<|GoS;ytV0bl-D&x6)J>EIK8C)gfSV4*(Fbuv8o3^+8| zW_>rmX#&q)^eQ0YLfBVOp=)S1BsHcw-|m$t z9E?nD<{$c6)pqOFOY`{XbAu@#qe?%FISMHI$v1-1RJCxP(bi0lm^uaIx(jR1w+nnd z_9nm_sJPOJ!=DizMem_^!FC}Jc=4r#_i-f{+av45C z6`nFCy;szOtcDej=&ITq7R{^N3tMVM42nsW*{LerNGrRYQ;hP#EZh1coyn3oZt+LF z2iHv%?xNG~InT?Jf*oew{0MP4?6hjN;@|Hak7;8-$0RymG5*32$$AHY)Ic6V^fGcq z@630;5>cmosEWy>V`a`+X4d6ot9tbm1cU1<7 zgVE#N`r>s?vWx<4A(NjRL%TYir^{m&ODB|>nz+(~RG2;Jt2Ly}wKVU`+GeViC9B2} zrb70I^>?-#Xhg)GFqUKk1y|f}cAY62`Leu}F__Y;Y2B-(_{ia`^Osgaq@nZtbh3Tg zx_!E9_7BIJkG_c7Fo+H`u^@Fz z$n};C^Bz;$wO=&iJ-7MD{K)7){}!Y_J(yfN&O#M}9Yt~z^(bbGSVEwx`_Zo|9p6Dd z%C)&f#SXZX<07r8Q&E@b1g?}&R;wKfAeEAAsr;tjxH`KEy_4}Onqr44eB@9F zPt@RJ0U+s@cz5KxqbIIomD*j(=XQ3(cIn4V*yRb_;(CV1LQ_AKm3m-e0lV8Hp|ky~ zx~tQkk6{zT;+G1XLj1Wq)y4PhTk(B2(934f-9dbmbu~pO$Ldp&*29HlEtA~G--62S za-|6ERZ~~7&Bm3xmk+-mhq3$Yw#TtoDks-x%oom8i+sNF(4Nj;pdz7H zNJS76BhR6lki-*_BqL&asH^fhsslOFbAonMGuAd(Bdp_oQrwj>P7~|?iw%g0~x zSPu-nGW>Xdo%>Q;x`vwusYfDv`O{FPj~3@ZYkpKZUi2z{XtP4m!PN^E-^EVE)=m=x z8n6t=%Ub%z7~i4U;KL5z_q~6Z^=_|H!%7LBJ~=Z~l@%oBTOyike2Ja+i$P381?r7g zd{O?|+$TNXe(mM{Rv&d>#oYQ{yKS&+8*KlR=fJhcH+#4sf2u+M*OaK!zvF~Czn4MJ zO8poOR)zlmmYx5{k+}WyzYbY%_tpR0zWQ@5*MFp){7gOh&(cr+x(>Jh{y(S`@_$m5 zWc$0G{I}-z<(}x5pPBxmz=v+L2BQES41f z;vH};3bZPa9k@p`$0pBXw}36>N8{EFadXM$0vQ_cws3d|P48 zwtBgT5gjMzGz6t{!AWO{GhqN#2Pt3AT^6}I(!xpb5?Tc+(mAc`yJv!GwG1h=!tJd? zr)Ld$cuX?eJ(+4x&>D$+6`}R;Q{M}~sxW$(TbWD@y9y2UiK<5mKW~31e)VKhvE3&_ zcl@!UxS;{3)UKypmC9IdW(1;-4c~xe)?w6dmjx{sbA#Te; z<6%&yx;t^f41VWlelm8&5Jt>R)q=Z{V>9PI0D)}u*Ge_O48u^P&{R9hQP7fEpzIUz z0eF*Acd@ZPuqhRkKweTA^n(Y;jfQWCLCM`DDFEMoMu5a+E0DOX97neygPMIV8@#UU zEwo^e`pgAVpN&Bz5BYePmF)t$K3WYw|&g1?FiG)NZxi( zZaa?oAA#KeN8^}pqkT^7mtWuxa3&cyp-e40+xa@nw*Xtqs0-T0tBI*TepHi^xPgg);5+deG6t%OL$jpR;OiqnKgNm z;}+!AW9oH~^Ylq-CTSoZ$q54FwPSD!=OZ*tEU4<}e|81-&KS$ap$Tjw4Ae6vCW1uQ zmSq+?P>Gp)2zw_gl7!s@yYrJJabALjuI%U7&jE-Ee08M=d&j$gik=Bc3KH3VZTG?U z9Qd0#kjiU+N=+9O|NT`tTE(4=p(uDDCLA-6mk%tKtK{;FYAHDfCcQq+oOZ44ggDzS z#&cu)pFM>i_86e=^#qlz0s=8gAeDU|sBMKipyDhNH)%Nh@@T=g`YxRB;ZJZMC0d0QTBK<2BU(6cPGFL zLYtVwDMl2T)|Iog;B}NOMQ<4hHo>aCV{mgTtDR&S5(l_St%>VsFl=0&0w+nP+Gfxa zDZ*{5K5f#Pg{YxnNBqZ;qRI2MbMSYvMujoNvo^lXKgB;bU=L*=?;6qoaFX+9ar3i@wNGC_J>w^C(pow+N_vs_+`1Ew4L= zqlRAqmDD_*(9*DXCoVwQsfW~OVdDb5*bV+FhKppsF(~_euz6TDl&gIB?%kCSuXU+V zNzf~?%jflG`=x}(fBL%-%cM>q_Mi%PBSOAGifwk3Q*+?d{h=x<2mjq$j(cYm9EZaz zc$rKgOCnjM7`HgT9Qpnu%`OhkTy6V5e~dUU;2dRbBPgAJo{{IU;kMbbZMyyU=0KiT zV}eMJ68m_rW@8*RO#-G-;uSl1_508>MSbUJD?i1 z*>I!1w&Sic-$QkD~^wQP0BgfDe4xovtUlOjpIk zie%Gk+hDU?P%%Z%bnU8w>={T1owuTM*dHZ<>r3~+~!(}&t&GgQFkK81>1!~LbBlIh$~5_${rzG4eP=qmj;HO@_^f4LfT;{h}UAfBIrI^3%cMNlOQ@m)jYm%fLU6taM} z!>G*g@7_R)=&zT9Zuf7dB?B%r@clmB1)@YP#j8SWsN2(tYX?}UJ7H7MVUqyR{@>&% zRo?vT15G?;;*XHg3`VQy{%l7DRkN)=B-(LIMJO3|7nIQkUH{{W}b>nXjcuH)0%8dH=gA5e<4_WZ~P z;tpxIXUT^Yclr!RZZgx(VrtJNN~QX?&yQzNPh}%}+%|5}k^_jvXFR=?RN;Z6Tac3j zvp`kEL%86lw#dJICFcr>%!@E={UNg`+V&`%_no8iJhT)AtP(WpN7hrpw+U-erJ@3_ zKU3T(Q1bc~#1#F!q9$>) zdvRhZukZr)coW%oFCQxEetPyA2a=gsJO9p$+9)M8Y(XN;$l!p!(+RAZqz;q{_Cw;L z6BK`cRLY2GPbj7GCu<3CIgtW}P(>!+G; zLEP(6U3$4k)-U9v#zJ3?O-@YOmLSir1NADmM=V|IOa|1lv8 zdA(2S+}Q$|(p)Gi&z1U?>Eq)dnf3iP^ul$2UqP<|A9EZpO{p_9P7|Gq^i81 z;fbbAh1?^iiMRWI3u z99(Zi+DwbdxKub~VX9GhQC6qL+EvIHY6U+^AJ~GF0JXUIEDzi3WrUD~lPUtG6>k;p z@i(_n#IAlkKHPSiEYSkdZ_2J7sQp+-W6+d${Q1$61fj8{X6%Z8dLuYsH_Z zyU4Tv`neNU#Ddo&c##mjC(6jdnJq(6iw;6zXiMmj+`d%ped3<_p)$>}Vo9uf7{i0w zS&}m_^`Qv*K5jQBX0rSEqdR@@fU5q$=qp>0hl&?IM9!7f{E%CMF=5Am91auJDeK~U z>h;eUrM=EB{EfWJLq~7+>VJT6rWub#A5x#UwAPL2gmf5*G5jzM%C+&b%`~aauV5Q%)6Mpip_j}$e7-|f1}^p9 z(D4?u#+yLJKh$#GzF=?eZdtNh^aAy3A8hPHd89dd5$=~SR8R`L*FQMr3Oo^$jLTaP zZv&AMrX?Hp4I2WS&Ws_rG;gL>KP8H(l@kt(^xh96nfYORo*nUH{U-jPjbrhL9kO`F z<%tYD^N`N2FNa4=TOuz@i-)&z?^e6YX=upFc(_Ht_mph^n8ysBeG>0JZVO-(F63px zr<$R>r>RCcXfw~Of= zrCzRL41!A1YcVad2+d~iu5u`{0Y?bGHFQfnFe4Z$u$ajo1?FW1n3q#l z?8x#Rv`a>l%~Uo;k_>r|J`>N%6ASL?YW!awCqj(k`2OeMD z_?%m(&mXJByX0?uA&31i(|_PLguHHQ6vMh z(FEKV1yMRdXlq<=&A7KIS2Qti9G?=%^?kzZ>HhmQ9M?E>4=L?D`eZj`ll5a)0H2i3 z3pfi>YH}8@6-17?+WW(=SlTmf2g-?OLYiXasYP*j;B0!JV5H~mZIe29>z-*;gJE>^ z2c_OF#TOGnBDJ>eZYK=%cd83RTr+Q*CSgyhNTF(t>4(TN`jJ=3mhUV)maZL3DQ%jh zNa+aj_{@!Rro}M2u7qE!H9Y>kQs*id(x#E%n(7l|bIxMh>BZtCp-|XJ#OIt4*ysiC ztTJQh$2BAHkcG>56M{P_sy97xd^DYZ-c2{BbV!bR2X~{yaMJmLiQsjDh43TBC)Wg- zH!p#iPbK~I44pz@BzJO08j`<)aBFCWlkA*mG#nP+KbbuF0Cy5!1#Q zo%i!*hU3Z5$C~apZ%)Y3`9Hdj6^I;MI$~S|k*NN^_j+1p_8z%_Rdi%Wl0h<-^a6L26 zH?#$h6R}2w_-yy_bt(r#ooPbuE}+W;8JRVdK2&f|!JPaBS)eU1S6J&<%XHIF?f#>i z9$C}3ecE(ymHJi!an%>q9KDr@v3Lz$vnze?j|`dDsH-0$Tx8sBbd$OK^!^a$e8$7( zTECYdX7B9E8nL*g9OfS^aMf7?thB6tq3Mk z4LAZ&3(E(zgMwyI<3~QjX22=L55}lb_s>lTzKs2`?w_uz>H>tLW}&MK0G0sij1w7u zX@cr|+$N=7FDa=EM^=?R@o6|pB}uJ|?swgRkKVQ(r@HvoW$Ig^w9F!l0aau=c+hXK zr`veQEk`mHA(qimJY^+ugvTE`dik4Sho+WY6R_`o*3$j&W#Mn%_kVA{Z3L5AfR*e_ zbQ%CYX0Knaw<7$E&meTgQAJ{N4!ilF7y~~J=3oLh^}!aTC;a;id_@XF-;0_Pr~WLU zzG+SOW){h-sK>HUT_-4t0OVr!@Y3&hSRAoR&{F9{q=vp`W$@JaI%fOT`<|%2-?>$- zLC+ZGhi|5RD^|{Pi7gyBTFb{w)*~dqc#+lwWcg_6goHuPngiF${IW&_x1ub}t_&p< zPPga0v0INS_@F7qjG*T0BZd@?Y=-ZqLeB>0dAJ*xY1v*aEU)OZj_V{c4KC?*+C%s8 z7aYn`_@E>rH?;+E=$RqIh2^DS6>Z+wI1;wP%XB7{7OodFaf|eQdLRzxTGBsIg^tX~ zt7x!*5WAjBNMI^W#_@WprImLzJ>~YDces-Cg!O2LK^G&}6rw-&P*)h|%qhxfE4&XU5X1X= zoZuWnl%Cc~DILL=QqOchs~KoiuV>*ddgJqAgFgt=zSx1>-$z&S$Xlo{Ia;q#l3$3Z z$ewx98BYBa-drSYGj(^211kDq=2)(?N0#wDX^e$oi0l2X1OC}Bvbkgprbudj-4+2v zcnvF6g6x+=W=8aVfnSS0*U{5t$?6#{_-;{r_yP3Tx5q{a2A^}8zf2mwskDx?K)np_R%X%||RzvkY? z!5?sYbq{@WMJ$FpB=vc+xT?Ed?wXUkL)2jR^SZuo=q_RM;Yl&r9-Zv80>`zM;u8;|zkd~pwoe+&Z#{YK^vwC?-k_NT z$yZ{RS%jB0@RC0*C|Rfda_T)%b{My_6+f!50`+!DL9?fs#k!G-gf|mRK~&xx4*-St z(EHxaDmJ}$C%q6@K^C#fFHMEpAO#p!#2&k16ml{L(&a_!)IZKHlDreG)VnhoQ_mG8 zWNXnBLBIc_^VvtgQcn|`QVClSU2>{T+D5{$9!JB@6-w7rWZ6j4jcUDXC+`;#L$VI9 zx{gielNkuf>g3kR5<*xZrg?nUunAEd+h;!G5qq>XMDg9|<(PRNeMiMGg+YJ5s8ju~ zs=gu(`}=2mDzM>wn!7AguiXrBO&I8*KOWYRX~@V6Xe<{h^{+I@@o?*;OBf!Iq<`-e zo88S{c1_Tl_1!N20fqP}cmpWV;5ETSt3{DE zvD#uAt6``qcQg73*uw7k;Od|&B0r5Y)ZBH@#tnhFKezIi*zO;(+&@HK5BdPn&u6DG z(a6gbP1Nm$%>+Qg+B1_#i}zGce?!72*oF(7#A9vm+d4W&qV+5WCs2VtdkGHI$F_lT z&=23*_QW4)iM!R*{^_7qXn=tLXBRucD5zS(ry0pMEz}dZ5XW<$0srNxk55-gwP%o}fk8U6u_f z1`z95AOi-=u`6{KMWBYA1=ks#;vM4D&g>etC2MouD%BoE+Vq8C#o*JDSwmn&@ z9SUF=%R2rx5dLoDd@kp>@}`s!yYQC@E3LSLpMk;_Oh(Ijh<`P zs(gf*Q^39f#p5S{$HTr`3~};cp~r9?hhk)5JzqTI+pzhTn$0_T5Y!c)b3~s|0;RTm zCam((cV(Fiy-TiQB{%kMoc&M~!p17yAj#$~$V_*tK1SX*Aw^{iAie5G>P%1;LKQC* z^DpQnoLs#cl@@JjpFSAC&4~7A)|lj1k2NXC-2~C8UGhYsE-<~Us~-3C-}Ni5QoG)3 zoLOr(7bQ8zRmpS zA)IG7GJ#vg=5!hqcPQ~`2Z74n#2EU%MeK$On(Sq}2;!I*oH$Wq)osA$m@~bA^a5km zN5)M6>lVl5$})&*Zqh^?FkK=Ii77^N7j-;tfW6^*d2Ofjk*o82cdK6dC{*gROb)2^ zIY@MWi8Oj|A2%@Q?gGkD7_1kJ!NL?(ZvJe10|BDJqM z)i^H%>0-%5dQcK#vT^+bYl1dT%D(jzz7cgP8ot+u-G1QZJucKUB^bgLA*#hlm~;Ek z#`fW5%k07-8=KpEj{ELu!PGb%2Ju0|JAfKW(FXBGOU&$i;L~XoceUs&c>ZcOa^ytx z#{}1sr+00yF)+#>WtDDp+GF*(O(w~fiL>(n3WhBJ;Zzn*`e-7j(nX@q1S$Q|C|^;< zQLc_})&b=oUo8b|7mHu>mqq7&+tA&0V~4Bd<_<7{oQXpHu>_|21m5Dee462<>5I!01?1iyA6~>JEKqPjwGU6qbx!{}R8_eye?&g| zQ|twuriG1K$P1Mj|?B;7x5+$dfU78`AEFdc<< z3;&w%z4{C-4^$gL9Z(VV(7Oo`JS~pidcN}oL7K1mdy~x&5(Y0hC`z9tzur_=5d6fp z4678clE#kX6ANLq9hEk~H>XI^b&~0PgA^IiaokOCvJ~iwsZGO|P#ExhMNxL%p04ql zBs=2s&i>D4-|ksJk8+wgr1~`vEk1E{d)XnKx4SN4W*GvzxdpL@hq}QEXKK-hkvipm zj(LyBhP(=WVY?b>ZF_P*uNnrM^^7gsuJ?bKp!6b44?tl(eL$_iO|s0 z=+1p9#_6GQk%HPe;gv7S?7vzXho<8~*BA-O~O+2t~yblk#Y(JmI} zDZ9yMn`_|(0rd--vco4c(|PZXx74ejO~E@y(&rW4Z9!~Qy}k5=GoTT$QurbZVbzrE zor^RhpHDXPaA`<@md4z~_O6ks*%BI^Bl|j8N6!?9J-=YS{~qIW_S+`UBv{CT>&@PX zM*2Y_Q?1SsbGa`Gtkz4-oxt~dd#c;2RWgGp71cJ$6d|ACH`_4~MK{-xovl9_X@&3f=a9Kjg3 z0koR|K%nfj1-WW6uvF~B_7jRhO~DAI^vWMt8mH|Qd4?Z_Bybc(x{?8Oc*iIJyN284 za}8Ci2eYHO8xqYii)~|>>6&J$CFR7O!!n*RrS75yrh`%1Cah;oG!Q6X}>HC-SL~a{rItS4Lr+3*{|RtCq5nE^-lQlJ2;l8bx4L zpsI!@M2kR;CBXMrvwIk66Jd>29Bqv%=PLspC6C+)x%G9<|H7Wqppn&mtx)3i`3|fi zGX`EzX+=??9wL&0r2?oXV-CAXoyOGn!N=am0fuUt%#}=WaYfntIf`5)E>XuC`d!pL zsVAdnXwRz8&O#5Xu-$Xlopmpj@_J`+#!9FtUph8N^7U;EKjZyp89#quWW~TgJJn!= zxpbPL&quk)>B(wSmoX-RHl-t#!`~V@*c%ipHe3WU&T&F`_7Ait5^g5$8YGvJG>OV< z-2vr*NbNYJd3OxogepND)dxCpr{i*8N2k^Q-%RtmI9Y=xsrGE#aMA_<6+v)buI{k3$+R0~>$$wss?=L&@w?|I4oHR0`PO6NFM<>cZJlxmnY4ky1h5gz5nQt zD1Bv)?Y>YGhk-+bK5pHEB(y zpsr}aeAQtt>*oeMMv3$u?1z9l9rWmaY+=Ba-ZdD98be7`p7C&MW%oBp6IPVCR3by^ zr}^>xV+HI;F0$Demdf6yMsF|brYn-~;H8ob!nABJ42tW8H^&OS&E3|<~ zW3K6T{M4MGLy1?9e*SzoOEvD+12LbnVci*WG|6ygF<+IH;+c3p%YS|GZ{Zyls}dea`QspYv$Bg*FyCjTnuZ;003&+?QZi9Y7uFzNx9nOa`Lfs2|2DQ>gIqa%Jq zVnKiJ<2g6F0HcbfUZo39Z->w}S=p8B>^k$#Rz=FLdeA8A&)l(8me+{A!hd&_Y!wAP z^TYCoDkxvv4SaT))uON~)|=)Uy%+jBknXCGMrtO<_f|3&a?SeM?=G8z9<$F7JM^49 z$_Y|5#a9d{?|=UDd0Sn5o@@s&7SK4`X-bzxU|KW=;F*+n@5Z5(hQ^AweFlCTb$MSO z>$rtnbnBpNoeJ@2cz7tuY0wAT(W(gE-h8x5ESxGoW(9!oNWts>p-SO@q+a;XpZ~|I zj{lF13-b{x23R6|t1GBd0DLZ>HaYihvAnDRuPp?co{Ynf(NOc2XFv~i1!)5MFIhhK z&@gfh0wFR0P>?afLYc|%xQ}?wj34PjF#1-a;T`bMG{bgHlLHNG#(v^uHXkDIU7yoj za=E}?G7Zzv=%UXzuNd%e$;i%!5Yk#22$7Zmc1`!3@a(tdWj@09r@exqd-RfXOQJIu zCRk)9u*Inr^yFK7Ovl$3AUdfpHV`_N`sU63=CsNtBnG8~U(B5u;8|5^N?boRY^v2d z7rh8LZt45c9gl`H6D`L^I$fhP738GDglzzhd9pe=jpSh0^Zn24`~wu{MZVA3nmC{^ z4uRbxi0zLm7%rz@>ZHGFsE-{z5i-+K{;o}~ZXoTO8d#AZOg-Y30-d{yB!}Jb%|#zX z?-!%GGNq8?oSp%u;rn^xBA$KhRuTt{684AXGfYo-{rcK^QcqGaL1AJ@uxLe^#y}p4@@!6<8^Qj?WN?^6+wb+8rmPdqK?DUFx63)t?VS*@R zl~4Oz#LB2HVZCb6mYWn_CK0lbde}Q!!1Lh=k`|{QNZP#4n)8y0`=wu_soh>F8Lh;L*^sDP^D6vkFjRb2kqis@O^d%2vN6EagT*6lN@MK z#9A-StW8>R1WtLjMGy~ZZ0@!HDMn{SgvE5;SxO$G-oAJsYE5ryTAVz!W0N$p_>$5C z^b9~m6@~EZgcl+OA(D->dOZyhA-weyRlD5@l1F4V1J8V*bobZw$-mYube^CAmIn-C zLOPr2wQ9RNb5DA4c%^xfRlK16;-UWbp0tw+b*6Z1_4YkQ9DJ_?OWEnuLNN+si(}q7 z*NK%Mh%tDBl_-wfq?4&T`)JYV^ss(dXe`4)E0m5}ZNeR|lOiIOo1f5>H&?M2dqek4 zNo4258y$R%ho-ETOTU!=S*G-bb|5X*r{fab0ih?cE(}S3X)?W$aKp~lyVfVhHV&%9 zBOvVjwUj#hMSbj3&)qreNPi%Lg%j(ot zcJ=aE?Z+J?bKD*A+BQ=t{%p}G7%h>EP=wVmA(UVlrjDL9V;hDf@fm&+r6w{=8iM^5 z18&t#Kbo|eLfF<#f9&B7W~b3vZ3z19G*oPhI3am%;Psz+O&0m;(8E2hP`^8r2XkCz zx=-ka4;jQBll#N>at2{niT=7;qv-7$oWWAkXQbzquM393Jdtdnqix)_#PlkN?;yKfU%S)FJ z&?r1%eoXkK`>BanfIm-hYFb5zJb2K80P*l zPUdL%mJlW01X-m$r?F}tdsp?B8Ol-5^a&>et%}Xp^ABU)Zh%k#0lqNg{1hrio#Eat z7Ww1bTDrH(DXhjdd;T*0bJqYhfB#uN&jQyh@z95}3%awpBTo(LA#?M~(jBPJ<}}#1nYU{_;NC~3C{)!L za{jfB%FCb9@vG653^UOWH#wigMM-Mk+D(%}x}lxb`|Z7;rpcAb;|>llcjl$8-4WLK z@Z<+BdIPC~gqq210u;i{mYds30?}3HuMMWoqXTLa@KZH?a{HS;f*p#xlfT1$2lp(m zYBS3It~Zl~q>Z}l4h%TQNoDw2VvT;k&1S1J8B&>QO3rKv*!M^VQ;@C%Qev+suE6Jj zjRM+fLVRv7AuqraQ!;%e@>--3wL-whq_uB+tJTlCH@a}OZLXidi~vZ6Vg=j5Ya9}N z9oRJuU$i7;B(nu4sJP0h8NX9bWllDXnWPGCx*Mc;p+|g8a99S@Z+ZBhqDyL{Ehjt= zr%dujSX#N`qgoqR;SHRi`^yp6e34;D`vXeEC!!(1TcehP7Hg7%Z1HJbQ^{9q-ab)h z#fUPOQ~fI46jr&SRK4=PJhjCC@!;Yn=RpoVu#FPu1r>K77vJKV2-2#;rI zV-2vrcK-;%Z#V(2^yx%Jf^S$)E103d)Qi4x9duNs4LLVqgHcX*CWpqji$&RcJNId% zp78pMU6KOJMad<?-m2t2| zRwQ!Hoas-A7u^*{dQ*j(wBaKE(WjU@7<^RUic4dpjEeQ}l-_v6Ws(v#fqaFpd=(?w z!&1Jh@sCNtOsR;=&sdOnV82aFjxVvx`D5wwGtQzJ;se&b{0rS3)_W{v*qEMAO~xX5 zi5(&d#kcph-gV!1<w>p4j3y#KuctQ}CKyI10`0Cx5FKcNscwtShkD;Q5}KG3t4ynM zregd-Qlvo;nde`!=(O&lVnWNwG3qA4kvARa82fUp@w!d4`l_{kVe}!A_wAK#>;Oi} z-);|#1Dn7@GjEN1#nJ4X?mK&ycpLKvIFv>?hYMyTOHbXY?YpyUERPtZ~P*1`3(;=`f>QjcXI&)4sJ+ zDN==Z@8cP`^8syUVmX$}6R+T2BpPsn>3(D3+n$`E9|FE zUO3d58rGT`_j9om<^-1rzZPgy9*agvx3P*mN@yk~cbOgljA3PM_d!StKQ5&;idLh; z1oh>8Kw~=ftaZvrjFsQ>iay2OdybteQfk-lz-+n&!LxQG&5qTS%iw(g^YwtdAkq+0 z06iPn zpScG}z%)-KJM`$oeP3&_BPFwSlfLEU^ZKyb@djL;J9+D6KeH?&L@Lz&5H#zODX^X# z3xG9dWlo+*@3mp6wFv{oI}JTi2#6*&D|E%U`c8Z@U($lOu%+QOZsoUjNoRup+>#E3 zBtwrA@s^)fA(!8jgnc0$XXz%kE%3^A=^-AyneOs`p7n{H>E^8d9u~sLWZf~O3wFEDv2Pw@ub6 zwD99*E?0TqrtRpyEcwXtDp&Z{pWbySHJ()2Frg$%@Ne(t%iP%PNPg47KvUVrd$Lpb zYhUd?6=A+r&b*|Au-S30^@(jq+CL-DAYZPyL=fZpz97M$Ow1SYCvGltXKDc7MKJRV z+~sVd_k|go4KwRV27DS++av44Bd(XyFN-@WRNKfu&#lT5*BU6rd(RKNm@9}d8mvG_ z%CsMSYSK@t-mb~|9bZJ`z5EWgQzX|YBWwaha#Wz%@77vzV~6oqpBB{w1FK>K-gD6= z(Fup-2@V!s*Y^cQgD8}kcHuWuR!3TI?puwP*uIi9|~pViAc zXlwrI;xPgvjx$9=KEk+4GjQZ+v)YLLec|_MDE&HLWY8^RZ(5w}J=0JMJ5;mZy`qcf zTkK(NVCJoss|4wQTwf2PPa9LKIu#%QY2AM{Nm0?{eIfnRN=Eo*>mBBGo0%VDZrL$$ zRqo#sorjf%ex9gHk84&nkEnuPJo-{(!Q1;yuR@n^zfy5p_X1^6K|cheh3sg3xTCZUN0LPgkSOSqLHpiv-sW z#;1uR_(R*Y;T!bIoq2aQgiW3^vku;`EcK3FT|(N~*j>iKL@6kKpnlLjv!dt6GDiVW z=}|*@)Jj3Ph%K3!_CNK(aUiaDt=2j_T5m6zrjF0B^n>M|y!;R4g=(e><*H7hjoaBt zTCbhT*i1$vqmvdBv{jBZow8ic)6dtDd(6w=+kp78dGa{O%BZ0tWiMrJ!G~4s1yjFw z<135$FHc@%EGakAM3ZSVA8lf|u`G0-TON)f(JW1ghS<%BWodSW^#tSZr9(K|#}wZg zRC;&*5vwETVaE@7tO5r(C#x}XOmZYx>hX@0q1gOlkMLJlwH5b@>w}yx$kQr;R`4Ro zh!fNoZ#h)QJmA-JxCfe+xF}LPxji~xlNRT4=RPfsqm|L*O~F@h$htgjjs`yvB0biB zt&DGM{;^)?>!vR?VPq9j6OCMd3eKBKVBq^lzy zb_GVgUw8Z^7h;6JCdXTWgVqvct;7Uu9&L?&-FXU@Rr;~*S%#tD zjlP~YP{hM*gBtcwJ3Urj*{V6$1t0j;m@%_NlZEvmA>DlQ8i+Q{56d)7Q9o0RtjR&+ zw$%w^dnV6idfsIcQM+iySI;P_^^IehYSFf)c=|vTO04rHH@t@7w)}J7R2h{szmC8n ztUPehzXp3k8ukAf_j8L?$Cvkb)}>ftpfNQ!lRx6ViYSjE-GjkU74jjAPl}J_z*kgx zkY%7wn<^U@DVLC&D23sfG-7J{65uKOP z1dQ#Y3nFA`X^!*c2{mI>t4@)YLPfOcsiB_`JZu2^L$w3>@x@A3PjdizDoJR2jwR~X z4z14zWK#k)hiM`M7i+J>yCh|iAMR_9b?KVT;T_~#nS$V3rN^2E8?X2-C`eqaKG%or zAn|#2rd7R$!)79bers2MOb1;&Tu>J6Lc})k7H{7w@$+-z&4gi%N)PB4ZlTSMDo>ct zpgskV8AnD3)|#=lAXjly4OcGaBtDggqZRaD(ZLi}vMbGkk4wIS^ z_|0VvW$HY$TqI~j!z(wjt)k_gah9}~vzOE8vmYdiTg3-LK7$yl%-E?TBt>a`L*E7| zt>{wxd?Lv6r&rHjl+8y*N zhpEK*+W7sPAVfXAem=S2ync&iJ*aArVGDk%<*F~l{CV0*p0|UX>_E4335F}f=xF5o zTRVj$a9BFL?fFeGyQkYWI$irxs0krY8PR1c-ZoZbq9&=A+I4sY+#`;O(;2n$L) zuvr%B<+F?z*zm&4t>;Zh<{1%6(nLlA_;(;%CE*Oqk71E}>)u66%J2|QaAMF{V~j{M zX7JsxF@QYDwU+<7dW}SfKq{~d!k4pJ6e$u|J0D-k?7)~HhETrJ^Mm@M*<*pD(Go2x1+1n*ZU(@sN3MO<`~#`3}SKmqK}0tYvrl@h6b z(&1r1NaU_&GUSoI=CpgASc)!Np36UXt@3@4>5sN-i6PID>`s}Y2c2)7Se!-gEb&U|%7ukze3db33P!q0eNKF}v1 zB3FoWDc*)hSoK!XhRUmRF?#dd6%7BIQRH%#`Q7RXG}JGDf?->yo1?$Jxh|QnC%3!5 zVxJG70Xf$}A0&%MGmeeG{twOH%pXo|VV(-+SjV?=ot zUIK~+A6kK^0VUfLI#T2WbPE-Wq9?KYYNJsdNCw}6*4w`G$`ek^o);0`H;MxXe0g48 zTm3+Tiw?0nRU;;-tfJ#QSm~{Rj9YS;0IF$=2&nqq*(ZsY*H{ zuTc2e?e$@W+CjIEfp5MdqVU_bf30nHZ{b8^va&5Z%-h-}S%5t&1e;Ya>N zosGsyxJ}C@t@a+O7`>}0Af%C=ET%J#4y-W^%4@vWoVSH41N;p|W~LpPcOy^H8wF6O z@j1u2u3c4%5UtT*H$Md}^4lij>%9Y~H`;{Ga9)(Nr8YH33=n}?h2C^e*Q!4)jcavyng z&M{AiG^rI5Y|oNPJ)?HhZ>B13C(NltgyVU&gr?E`yK|Er{rXHvSt6?5O%tX2S*2kq zSvs)c4Bzfsk9O0j`p#swZKKs6=CqWZ<^JEVFjXdl|E~>rWzPY5E6oVN+c}J!ft95Jp0(3lC=u;Qf73()2L zveI3=d3ghz%`q*ZTeC_I`t;B$n5Xh(fBgxU6gb2`G#G2Aic@Vr2=!Mg2?EbHNuuXD zAPa@L@8CJ}d}{JFbc^m}{F%9TFM7g=vN^t{nsKlGh;Ua{$7O`e+A11i8vFPIn#xa^VqMqKFo5UBLW}dynuDUT?nNdYh$YO@ z6CeaV((Wb$BFcY*5~*MO*UY7=TJdK<|Kg8;!2HUQD<%S9k7{wMq^=C$edRRbA3z-> z1ur2qk`6+Fj*A75e84cuPfSB~fi76Q=q_2HhXJIU;y70H=|^h<@a9ca#IftGpyog@ z9)fXxzSJ{vsFl0n2MhRlnLh2kfLRcq&_{fsL&*ts^ZsiJv-|$0Pr8flI#+Cd)3X8q zyv*J0Z3?;wAoWA&iZfSsd%We=TUG2!BxvXIDw0UIvDbrd?pY_XF8v&&%LBOLgN`hk zK>Cuvr#R>SIR`oBAGIlBjD1Eu{o&w9HI5sRvUcw&`H-2SGuqE^l$e_r&OsMAj>t^@G~MJfQ8H@A(g9rV)7Uow5%!RO)=1cQUz$xzZ_=h1?2C`;s>_wrV$Z~3Ne*mM#~ zPQYbIdLnIJpeB|s9CmMamgOGTxQplZ;!{!f1(i3iQda}5!yqbGkv~u$k<3lb{}vsW zxn6(C$cd`unL$)LFUzLy2m56%N!eCSlt^2_CcSMaVtV((Ze7upH@^i*dWogTUU6#t~jIi)y2t&?49Q(ymrhN~i z+^E!Mg`XyndC6`={(wT1l!#2Ynix9-!LEm$b}|1n8QAeV+i$EN@jlR%j#M>f(Cu+e z?&najlGJ?)gTdR(s%{>%T=O;TyxloQE80chCG@a2R=!aqxW1XG$-e&NzE5!+@ON8W zrohBVL+0!_pU6OZt0LcEK4isYsdeU>{JUpfd_!$~`V_6BQeazYQgS0E(^*I-j6SMLnPPw@ep#)Ik;j53&ihX(pil)>fUtn7lK+y?SstkEM8RiV zafJ7XSw>Ps4d4t6X3ZkTLtYTXS5!YLacw`@ZMlYHNktg-2X{`f>I^f{|B%r&X7e$) z@(ue`av5A@h)Kk{;{CCU>%;lQCQv0_dPWQM1@)KYeLvF&G;P#DnRlbB60AOYQ#uJ4 zzIPzl;U8V55II&jrMqD4*lQuNC3)|<{A}D4-&MYFqrM)~>X)i!KoB$7N4A4=d{0fl0FzdCwwnQt@p zopMiz(52p59iB-1o>8WrTTafEIr2sp*mt_7l*9lWiF0YTuek~%?7;Z@VszkVqbaje z>RSWQUYX=c7hD=%)`PKdyWl5Gn-X5&l9!IOvEA7)1FRZHYL%j{=%Sj?bEZbs`})S8 zK6O}DeE!67&J2ihKvxMPDsi3W47ls5#SRHQ8zqYw3wp|x6BXsupW7%Y?$Jr)Rg)ur z3dh&CiCC%`ZGq%TKmH{Pf{V zv0IU=fqc6C8;$|^asr&98cs(5!1%k8y9PDd^uqos5gP)A3B!wnDdLa(yLj3q^cLC| z%k0<3_UM}7&Z1|M+Q3Lg(&gk;2&GK9RJvV@cr%d zNMe3>+Q?~YXK*l%CZU{~L%mYq`3z(+{%hAWD4P771JRyE5OyVokyrqpDYF(hSA=)* zJuh(upPMw@M6yCp7RB{5Z;UxumN$j2kICMo+AD9oUHptJ^Og*v^WeY#>Q?A7tOhoe zb?Abm2Jfk3Pf6*^h&JTx(VHkVU}b1<7Bad%yrj+M8}{N#_abWU`VNPJT~$I8ul9!y z=8L`yDR^H4Q5ZNRggQ{?uAh+iz{|f-WC|~qQQio_a&&Ta$(rsYy4pltk8b$;28=m5m(al|i5 zjKDMj-G*t735q8{`2JzxUy_!iQuKybvLy^kPA9g_0#&UETHsp6ji-PgjE8?5G`u`EuUD{!e2ppv0ab;oq zO7j^Y-~r}?s7T1p=~w}UwLBO<*}XaK-e)7%`*xMr`t?CfH_Y10zc?BsQcMwLU|GOdmW-;ViwRUK zMZrc|6p&d4HPz!LKq}v*w{>e3S8ftC%;+ zf){7-2c?l^k^>IYeUnbpp7@vLI+H8lAXwd+UMPN_&vjJ4_(0?UGqy8ZtFp>H5deBF zIP}8cj|C(ciG4G|<^ZOHyP!fza?{1AH{+hPpl1`M81A=rnbgi&cvWSF+h59b$tK7Y(^_Q$R`bhsYLfA8}HbKZoY|}V=H|`Lo)o9sOEf;7fBmU zvK|Wzj<|LmgL(>YGr8X|rrLTDa}(&tLrwF^f!ZYbaOZh>Ut9 zEy!xmWuPXY?h@DqPTWu7J0=KVvd*QWr}wIXdQfyv%d zWO}@LwVg(}nN+vXQy=C#-lU^UBNAVU14ze90x%^8|Hr1=|0@}-|M}T#|DkdD|Hb1H z*mYqI@2ex!?*0UJ;P$DO48(V&Q{0&}h~?4~btz*qjra=h9ib)3z_(u=c_7YMr-8i@ zd7KPm(@|!=6oV^;1Zn05Y7pdC!C~k8p)grv-{2GQjnK+5SE7RRmuYqn;()8Wi`HV< z<96mdR4Px7T+VDGSG(V5hwE%O%QXJXNZUrHjb<3Vd$%RspQvg4vo!1YL@Ab#g*`wM zvu+*3qu@8-)z`xmkI$8g915G<7mUrjDdHJM$r|~hH~-wFSudjt1<@&ida%33gj$@Z zW7x}35-mu*YHUfSRMge_p7mhKLqP+!(4dvUMUY?43OnBnC0#crgesbL71o%P{3Q$5EKfseLQ*l9nDXw~8T6sp+q*}# zAR!%Pe_sV=1-TR<=f1_7eUv6KIs6D`R6h+(YeGk%2pZusXEbnjnR#87Q3WKR)k z*CY*}Lqdo578JWtm1hb;m-R>5uUD%BamwcWl&bW7n4~k41e8jRzyCR7SeJhG&|XG; zV$^X!?k?Rd3STg(bk%;Y`{UgG={+x@@crfRrJ%2-?zHJh*WMp|Z#{!}gr>d64=Bx9IH9;Pe$@`#bJ01FuZ?LHT|*%!3ty>=}-c?2`t` z=S8M1SwfJY;jlEz9|C$FW9d!aqf0>YX~u{>4&I$%XGWL=cQ;?1u%C-EpGTR_r^3d{ zC7axOs{g2$gwD9|QrXd3)tuN_{ zNb;nKxv(DB>-HqJNd+)Vs?X1*%Nl6iqv-fSl4(!%1N-0@SYUMTW~|!oyMpeKILcMl zFd}ny2HnMdf>O6BSQ-O&xG+rRY;c`l>snvkJL`rVc&%n-Zk0Tqy+=v6cNrt^F11=T zI-oj@$XvY9X~))2Bu)8jswuJ*%9UnK>!Dywf$o69)M6P7^5wr^ywD&q#>f^cP2!Q< zdjbE{g~3zS`ZfS)Y%!+q)GgCp&NUcPm6vss2>wl=>m=Q+!nuAqacCKRl;x@a+T*dZ z_dRR(yzl|`M2<(&WNj%Mi-+sXM$svhW^eT^VBYDI`$>r=TVrOznl$sQ%5CEr^^6+I zm6Ija$c&LuT5#bhu`f2;=M4M1>uNlA&iZcSndm`tA~(8kwPrJIj^zz6G7^=Yi6BPXLGeg z(UrK{1X1%!95@8AG47>7d33-23;NqC5a|WvdKC#>EzS$2U=T{U3l8njE5v?ycNBx* z7vLueH5$Wp}!V$V@U22EQOQY%{{>Ba@yDi)L3$sAgafPQ1w-DGw?Wh%D@K*US zPD8j`ul3M^J~e}*aIfzDK=cy|b~{W@P>E=VYlxg(^gHQ@yz1mtJ#sr%HCLxvN_yhQ zJ3oS}oMmK|4b!?VU_`grHm9ZOr^)(He{L6V9DNTy4L1#m;z!U2V;};AgB8js5-;JC zDWrBW*xvoa_4^4uW8V^AhLOU5Mmdy3mLhU(bPD@MkXA%P2 zWsX-Y?oldG;8mwD5{&h(UdhQx)HV&&)_8Xwhn~jx+)7`L(gx5$)+TPd)eJ^$`W`#p zHf=e!oNHDFYF6<)PZ0glRFBPXN(8E3mX@5vk(&of5H!%#U(%C~Fr z1~R#^GJ}y)y*&Y9xcI3S!JOv5WG8kacoJ%M7X~#uL?K1aTn`l>C!axkL2*jS)q4n+ zg(>6;^D(3qJSX&y0FugoKj#Fv8N;fRu3l)=!9|SQla^u)p630YTh0|Ky>j=el4nly zYg?+=M^V|~F)QcyTv%BRY4r`Vh15VWBqnYde4``C3mbqoPeBjalE~>NjM`faR&MGr zJ!CT%h$*n8L}%?OE|Znef;oBmK?F7>sp-AxgvaKq=$$J7te1 zxU&HfL83B#^v|4Grk5%7)6c0DmW9#wUb8#v-qB~~#&lo(sEk0l#Xtcaz9fND!`gMA zLX*w!;WA4EXHkw<`O*%__F2@dUr@aMB)l*3#Os|+NZJ> zxX#A#LgD3FkFXO}LzY{T!f%SJO8+1)TS&6z#*!t?HJ`171g>r@4I3nB|6+WnaZj~@ z9%HWJm1x*$xoD3@>qsQHXobGlw3<;ak-MQ(AlYkOjaf< zS^hFIGC49bHZrO{gq=X2fQ5jL-c-KKA<8Thp;>!azi#W-{950nso}Z%Moor<$vH?_ z19#kaq3{CBctL$nf3}`9d1333o?JhVhx5lZ*DATT$Q%A7N?#Tqn@P8t_;i4yNK}=$ z%=kPDVg8hUu{I`01IZ_v9Jz8rOvcQ)?|9rGCwSZ>$z89R>diG_jS0N>|8$8J2}fJauJfvk^2)<66F zyZ5dR0$cC+olWk|20?r5hMD@0-_J7>9GY#4Vt+54q7HV<-d%9&y8RZ|Wf~i`&x`?( zVA?-Ivn@A>E;#L06ti@Apwe$2sP`w@7uu`-Z0z!K6FHirVgvxUXMpDqfq`c0~g^rE_{GU!x? zvq2)iqI3N#tg$CO`;K`}=4Rh&&%*^Vg?Zyp`G4nt7Nui<&-Ifjwk~aIzP6_I}rBSd; z(&|2nhBV8rRfLApQ3ZNnm9t{6r(K=jVPuHzy^3|J^ z&-dxi^5U2Ur(}D{dTu;*cIDnk~B#qSU278)MJzV5l} z#+BFW-Ed_@q>-Py&AzlY5q*!#H-*mMacpw7q}o(bA=W0%QlHJ@ta+xfgn1m`Wcat7 zP&MFoIQ{DuZrn&at+*~u*#6^UqO0KG78ym;6oxA}?i=XwuPx{XI2L(NK@W%OG&rxR zr}1WC_gC=u&Y))1@cQ;?Z}_PwH^yuzgyP{96`_t_rGa#}mLDhSJ3c;5j>I(b&tc}* zT%$+a>e5`2jJHm_)y&Rjg|a*dV0_p3eiMh)GCYPvQ-vEUO=EUO*gdI2TbYGhtL1w6 zJx^$Htat)xu8(@MOcIApNFx~nd7)TTI}j6qb^YS}U3_~g8nOA!gX^m9!}#0ak#fV7 zvnXk{Gu_Cyb$}Ms%<_Tu+x?`)#Qod={=;L=*T9^P$`;s~%#8eZ^r0I;&#;X6Z}otm ze}{BystN485=R4dv8gZ1=(JYfDu3lZ+MmGPooz1tTI%{8zd;hiWsZX4vS@4?q6oHR-S*}j zeI}|k=^P5Zy-tiFvR6`|WU5n`3!6Z`#tFmjw3K#QC0ADNyqwd)TArbMQUjaSzXkL|f17MqVP3ACR87%4}Dk|ODr7dbHorTx8M~2CZ&9l zUXF`wp#{_qL6sy1XoMYU^a7HEhl|N@_r$N&5dCCFzBdQepW*NPtVxrP@?#gUe807& zUQzMm(~Y&;eiU!t>Slk+Rng0knH^d@D5^&C{t>d=nT+PvSyVRm6B+qq4|WmZF#qFu z0f~grdLjWEjR|b!&?jub!S}jyEYzVX^nIaG?rozFOz-LB36&RSyI|H9wt;0@pQn*a z`({tgIiGVN7K_z{n%3M2)c+R%=^$M2IDZyYolnV(xg|D1?t0(c8%?cNqZ^D zD0fAF##m9ncW^B>3=biw955VQXkcJ=b5bJh zm_vmmU=Iax26kUG%dXZFUR)TO`GVTQ&{>@z+BqPpr_jyS+54@UOGxeB<(hk5c@eR< zIQ#2yQ1;U^s>tmkU=Hi}`gJV2yDy?r8yDpl!73iW9R6BZqyjrsmlq9jur0A|)@}^c zyRdeU^Z9}xg0SE=7TAqAJ>3*m?DvE~F^ugibPQRF>s13EK{>JystLqvm$@hKPc`QS zVFwcFa0Xv1lfI_0{dX$V6@D)LT|Bz?6okXK`j@YCi@}_7DhoPN10NrC1ju)rG}g>R z?Ys{PG(9CU17efxr#Gu|b1Kw$P7SK7ce76?0P^TNllC- zevf$n>UI~^flhQ`>ecIQ51+OXl+MqO^qT7?s&8hl?Ccw6`sK+3?Sd?a2LqBV)s(6Y zBDV()qaRVHqF0M+oog0rCTmD4Yl5_4=z+^2e;m;t-Hp-#)lVoGgCRC zhy0|w01l%MEK!jx(zzk#glQc59(+56bYrUitVNVTu}ShX0A9W@k3d5RJap~p)O8!U zxLCx~1LzUoYA+NyDny*esf zl3HG)%R1bfX zue;6#;FSqB7dl&0Wdy|V*a_yz9SMv}uRvYM-L)>R+5rjP`k784=bF!RwT7wvQg>u>r@w=_=-}lqyA7f3OZ>7?Bt?RSvT>iDph}3&hU!b)sOqE z_O|2+to&q|voeTeq&>ir94#MUBwcAoVnp}=en2K#s$t`MAM=jtkMQ+{;>1plucdjV zrdAIuwI?Os7Q6>jcpVV9N8h~3^XPT`teLdm6`7cIs=FUz-Lh+9sJ<6)m2$fac@6_ zTTM&+`J~3ILhq7eQGwR`r_Y$|>_u=F%zh^etBQbbrgx`)os_NF&|&N!I>@ zAAm*15gD{qsB2HxEBYCXRfAk5SQ*q#!=4b5wOKARIzPWE4=#3k7yHTYb&Nt0%F)mK zOZ->(J5P+f_L#(lGrxLGSh`LG!;a`CjR$e z3AiO{M!Oqafr>kUa6ru^Dkd=}ntYmKnsUR#FAZ$d1az&06KL3o6=XB+cMs*yL72D; zW_X8*<2@Fj^7=ABq6ZF&?B*y}JOm#%r!@1Y#slBzoUTy%-D$H%_M$XWHe;Xi4tBL| z7ki4{3?W`kQ8^2g%-KGdX?Sv`;%4D`_nw93NF{7&-bYG2I9p;k7D4AN~T_#(a%tWTE*!SYUO>T!t{ z<1f<(iWH1RJ!1Ed6Ng=3r;a!?5b4GVjse=-a-R^AGdu4BYO1WLYxs)rs8FdTyKn)U z04z*VM(`ngZ~lTK5OkS(Kl!wszbwFP0DShyWNk`i?_V;g z_x{Z0zRAPaw?OE)&tUYsKqm!ej>DYvyaIw71A1Q@ivnVk`u@vk)-0^L z?F2^QV=ljum|){+k|l9*B?UDTRe)n~N&;_$aQ=L#=OL6A&)63;5q;RGHWVbJEEG)O zUlAp6PsiQQ)F!+nJ=kU~J5Yk)W4_^C7!_O&)7BU$e_p|tRj!EC6OyLv_Z%1AsvSWh^f|c%WKXG7JOtqtbVCQEO z=$dSNHzh%}b>Im<*_DrE_d2r-2vd7+sRYPy(oF5@Ukqh zAwLfvE0@t?4gV|(>2Ht|JUhTWFfAVj2ErJ~fSxA3Nc>9{kxOD2A}7I+hj+7xnx1cU ze7#96%M(Bbv@nnX4G07t^Z|;QQ9wgx3+TYWkh5FbB)$g0hfVTu$OlIt13K9rbaVo= z{{R@H6=00NR6Ye_s1d|4fYD_%V`ehvL?Y@WWl;nT3A(d$AWp;`j+21@Zy%sEGE(#w zYI=eF#{rQyjgoi?Uy}tB(!l?_2bfk?W({-Q-KW*^Au%-Hz}8-i`zHp_JN+}xVT5eH z1O&YN3Vzev1JMD&lSry<``k1kYZhCnjJzmg6a3B#55M~z>K#{9Pv3YmS1L1$)D{7B z1k*==#v=RA*Z;r9KxjjBo|~lE(}gsX{!6CCQhki^^}%p2UmEtnDTsRL7zU}d^OZS) z$>!5iJbGrfu#xrmZ8t7Fx_fFgG7p)A6qzi zRjzNIyv9cFKgryW?bL&wdy)cx4AK9`v$w&T;Quae_Gq4T^J00(N*S9Kp#b^y9BV@O zv@#|nvU<ZISZMf;X5K)%6v`iQaMp^b!TVQuzO96$z-CsOwC;q5L~`dBG`QpYu_0z%e1C6$7;30e1Y_zhpq=d9wRF zveZ`S4p27!mj=UtZew>855faXIEvJ4ucInX%?;iIWB!t@A}{@wI!GvzJRl4yp?bJs zVQqIAc8MhV0NjS2vSU1F=e}a$B$LPEGN4M}{?9(-|8q?%|66eJfA;DAKk3u`KQl%@ z8^Ux8n&l$N&UU+zmD=qfPRFrbe?YK{*=Wg#8c-0^bUZBI8NvH;FZI+rrLBU|F-qis zCaMCCwSWUkUO<${yfZd@MCJCTz}(?cq&9Ix>8D=sj~|;V{|kHX9oF==tqY@|sDOy{ z8kOFqtCWa}fCz{R2nbP7dJ&Kwh=71}0Rbrz0ciq8y3|N-0s_)|m!42UAR*rAI=i^m zUgw;B_r3Rf?zb<0 z86e6PK@wR&AiD-^$<)G@(?Iq zGl1gHqX9Q6SYAV*zr4Smzzkl5JOv(RMp6Yn+#j$16FV><@>r4k6xskO9lsld69WxX zItv6vn*Vtt2>c+sCk5R*h9psnZ_=*ZN0Z=Je~=xD+=Xz1)6yTU23(s!X*}%@vMazJ zstx#QNuGfL1|8BzbHo-Mlz0+04;d^+5b;4Ia>#~~>YrQ=oG5B541^Q_+%A6*v>>UY zJ_w}mKLAPi@8=MB4)hmj0m$O+V!@djIt!2dhs)DREWMM^eJU_)N11<+5o2KYbyW9i z6TlR?2CQ}w@fu+|_k(P68iJ=rwCqCuc)98yMz-ctTI9CB6!4;g!R!F9K7TM14rao^ zOgLB*4%USK_jU*Ut%)J3Nxe62oTENW!Q+z04Awq;;D+9tOXv;*^L3#dj!mgLbk`4OvydJ7O#V!0l|esx#IvYJ z4IB|J|EK(yKb1O{FGGIx?ho2&H=KQ;$^2xSaMx__4x&T>?4_5riAj+};S5ee>)nA3 zR5P)4&b!lsaHj#WMFAY6PavcbxvEVEHbT%mz8S#jv6!9JiH`Mw&U2v3!3JyX9!YwJ z1TaOs&VJ4`bnh_WEW&WJ8 z$+nE8N|EflHF#n7mG=y(PP30AoU}rOU4?Oq15@HZ8#j}MLlK2Kya)~i`jy{8idQR( zH+%->J)qcaYWXq`@g3(d=ddsWCtMRth4a8Sdt+6bOa$=yGm6l9Pq~Kg(xC`?O_9^3 zDD#S&d_!7^-{Bv7>Kd4wGSu5%UgoC7`Cuu7eOQTBpjP*BhZ1SI+2_<(k=wW~1Lun6 zdeh4{tP-EU<8hijG`s8JLP3*CF2Wr$c7%ZR1UdcJb-<4QrKr?@7E3+&{{O8^#ld+0 z`FQ^=r_le)&JUG^ns-sa@9w9=`7!G=sHVsl8_UB!Njal7hKQiFZd==HY=Lhaoh=w5 zJ#4c##9QYXHoiIgCqLR}$I22Km89{N@8B%mL}iaDO?$ znz07I)y#>_;>#~eQ?yzSdza5>pCAh3Ti=5cf3Pl{b4S*#trUH~lz267(fqz};KmRD zmem^2L&6=NW*`C9$T_idL9==y*l>oX@PwF@nSyWBLX1Ow9_ScmIos-)JV z7I*fN^2%_j3maU+(~qg<<9IGbAEH`u-|fOhV^kZphnfNC)aMeB1s^3FkhNr(QB#ub z?rF@_gxAcrmSgI7YKf0OvCamcs`IeD&d^k41>K0UD5B1EyuMAi*B$ke zH@fLSvi90nLw#CkD z0Uyf)d!{8UAC7EDzdi0oO;>S#ZLtj$=Tg(Kz52fKZG3HbygdzVg!l}-{XH#YLEi6R zh5YlGf3PAP*yW#@1HY}1{m-C3{;CT4(|4mig`dKR*H5r*Y233HTa$*+eec=NRmO6q z+<+~*U4;O}tg!CVqxc=N&xcQZ)Po4(b8)U%{?AAbq7XJ~Wo(judJ!(?fU2K%jnOUc z6?ZZJb|&xwPgP~bgU1ds8LyA1>IxTA9C6%}Q@NdFcszYGz7Ac~9PD!mKQoOE`&kzO zawc`${K0laC~csDjFIAPf|{Mu@$?i8;Yw3Orp-7(HGz=1(wCF6KDmG;4K($Lv_`hw z+M3Kd-Lm9W?8{2Q2d$Q!Q*Wa+B+Qj2R8HD`KmHRL2~>^+$fLi4 zRPmtR>cjsCu9U{jTLP=S{M`Xjc!3rqSO7&3pyu7^>7hNfpRS8Nn&Y2kY50WJ<4Im4 z#dG=>GovR06^ahi-SeaD$N^AaiarH-HydZH&E!C+0`uFkn+0O|PBE8g76Juj^0OaM z@^BYDfTu<>-Z*VN<-8Rbf<VZ~obR1-u~JR%DnA(~bYv7=qmdw(9w6LsgwgAZ*5 zf#Uov2D&VEqY{P_N8yO~fMeJq6~AftRSYiSm3x&ZdeQAs!dZzntbd%^;5*-IFK*-r z)kn-33{QG`Gw7)O9NGW)U?(D>%qu=e;F8~Jc$Y3ctte)*EiI7AlN8Yc#!om)A$648 z3Z5dbkC7d1!4;)ijiQ;l+%_k-IMq22X_y+MyL{f10)$ zgG)8{kszMI>Ob4k7>Z-rHu^LlEm4UN(X_I?cc_)FsFdhuSzcT30*Mx(n9P6)A&1}rWdriiN$!Hwk@zB>( z+c~9P5F$IoUHaHA??f`!G45=XGoF{A{ksZEkiR)t@i;=?TMqLRkG_xI~k z^uE@Av0^&gy4$kayJ8rZIC?l_Hw*WAKNBuRkjA^I^}AFn*_o~zR(aVNv3uNRrFP`o zH5Zu-kBSa?A{EaFPCK+!#*~r7<5LryMn=`iN@siWw$)b0{HruPPJE$zP4;tmPg)k0 zd|v+ko-Kc4(ev?q=J!WNYP`vBFNkp89_+H6M$0{g-~}>vLh>NGnC4m(lQmAKrCYHh za5-B~`kSkSl+mtNpIJAmB3>z zgK+}9v7{B#$7ThC7>f74!DOe^7m9@7#*^%S<<(fRG5(% z%zcxr;0D{xi!mp=KYWAA@kV7=4$@|VMdO!Xllp0CR}w-pJ%bh>%5ucK{+cnT0P_a4jVTKo*`JI{{)i^G{klI-Cq227l-4e z$(S_0T=uh{P6zQcm($D3ZVqIl%s)_Tv1M}QrW+V)bU@p$meIb*GD*x;AA`ovGw9ss zMK_=+#_+i1seqdF%7%Wuv<)xFxrc>EkJVQ7vOLG0!*HZ{KCu?;&bdvDvTs`(V|JUp zzf{MxU}ZeyQ8S+9roy22_;)N3jL2NrhuDm9>xe*=qO!P2Fy+qO9;7UFG;zSdrc2_R z94J(0jA)dMWd+5|OE>tU9zA$?hQ9nV%f+qynSfj&$q(@riJH5WBOB(D4R^wIRnQ)p zJsUdtZj)EA(b2YH-HfLbs0y7#S2aLqn+&?>w8?iKy>LMcpQj0-seMNrD`vsB3;A- zW!WN=rj5@HIf#o?1;@AfKIf53?0#VsJTrA4nUqDzIc9Y`{Dz%Sl=Y&Fiyc>2_ZHxd z)mo#Gm$w?Tuf7GEnDFq=iVY6F`^N%|1DpKsvB__RENQ?K{QApT`FD;Gz$g9_QF8JP zH(XesSPeO8n2TfoEzvo3%!cb&Mepf4`N6Xw=Vmc_?A`O{V*v&_NndU?FspheJib6s zy@^K?E|7Xsn9&%%H`C$bhNaje?@D79o!W6mI}y6If({oVo_tpmT0#qxeO@?P!GQ0> zBsD@ATpWhhaIj+c=>EZWx6BEHg0d8P4re>PsGGOv1$A+ou@pF&O~fiAfsxeZ8T5>( zGGoVnGwAbPO?cM*rSnT{M(j3sz3vU`o*p5eea`y?UaY#Mc*N%Esv}p*P-|t(}{HR%B-Fdow+LAvm4&6^Pqe#sXrg^Oz;scxVN@DJid3>n6P(?OEl#n{Kc`=v zZ+o@tsWj=y@8^QX3%E7GXqBdKC;Yx-~UV!oH}_*1Vv&{M-}jyl|<`w!Ag6 z2a>LSJ`;HPX>nTj+$sI%+Y=|+IVy~sA|K-rBD2>|^IoOfvK+c0nWF1^6s-V88A)fU z1i)i{q44|tRWc&ZgV3P02L`4WBh>BerL*}SE3!y;ms4L*R6a8wI=)BtlJpf(q8(0B zfZxQkV#-Y(*N{cG>>#IL{`R-xEO1&X(30j= z# z{+O$^118*9$`@;-Hu2$pjc};u?JI$=Q+4%S9b(@-JRM*Te|BisVVW`o?SL4XsP~_q zh*Z#=Lb2jK+iVQyDco3N^{La%L329<7xN^3MDG>TxT|U_ZO&BHX0MN7!8+ z=Za^seG0t9iar!lA04I^_tie(dgIe*i4waxH(s6#WJg*T<`Kh5lh7t4HIW)i8LlJ_ zfAUR1g|WQo_}fNHJ6o}}$K}DgEFw#VwyjaBF&nSOMgoqM)FM@UhD}6!iCzRcWBi1= zzJ{U?4f$OALUq_X%5r@6;pwe`O11H=aT2!{;KZ)cty2qE1J^J1AWJ2ahTjN8y zJA=Z3uTUKYr}<6OkG!CY?VOr|0zB>{7|@(8|DavK0Jr@G~E3{f}8 zwiCGhG-O;JhY5cZ=0>k>-^TI&b$*;WFWDxCKF>!8x6}j3SBJnF{(iW{q#}JI*SW82 zRWk3bWrIcMW85?NijlET&-#_h9lraKB8TFcJF1hGj>xnB5%G9}(gdGAg=#zoHv*bO z!x|p4QF$YCGrg;~Dn)Drla4dkyeZJ8`@E})85jekHxrF5q>IFJUwwE(C9<@0-gS=- z=Q7{>Ae!OMbE4s}PJ*2Hle|N-YzeDRk8Lk6e|ky~4kd)W$WQY?a=JEUM1B|Ev>+WX zvy%(n5)X#4Zrhfkrq>x-8S5oPeGgNm7pF9?-{Wu@R=luJht*9UjttliR~n@k?F;xO zz?@@s?lH?wE6Nu!`Pwr~A5qkwW&TVgPD!9T9NSkmVyMRQgKXj+i1qcrsL0!WoXLD=&A_%U9Y4AYy%tQZ_9T-h6xrRCu`T8y`huTk^+)v3^au;_ zVL);h^b8zu>8(7sGb^nznwbeT9f*>^s~J^O{QBX~9zQ_}li7Io&dAk4xrk~5HDsd~ zssU%E{f0H0N$R7f@q7C1B8Ot(IoF4DO2g)yK0i3E1n9caX5!D(G0P2r*H$L0dD7dt ze$S;d*TExGtsj?ZbIr;ue6?0W!1a)F!0pQoW*1IaFAgbw-iC!iXozx{7@QootbY9% zRX~q4iq;xoZj=+Yk^Lsc{74H$_=YUy!$uEC-TLlz@Ads)B|ZS>ShtY^sMS+dIzR~h zc=NP4oqLmqgN#}+jcJ`mYq{6E;;5O3>(GXg!|4)p2^w7L`OtugjWEIl;q*^7w$$<7 z8|@}D!afavUztSZE{wCn#0SESXYA-z`)nufY_6<}a|gN;$F9s@8x8v$-qKe8jSl93 z7oOe$Zw+R4ljS;$)rv)p8UV!?QKdzG_jI#jDGE@hCj~p=(*!MoeMY^276k<;7|m!O zUEC`zfDga?REhku$+O|GW_ok=iPBvaon~d26QKKpfVi>B+;}Qxxn9tS@ZrT%&M-o;C#wgj#zG&?hQ^Xcm>ktr?%I#gFCLllt# z2)@N<*Of8Fr_lS2yWfAz6LRlqtjohu$!Hq)_4jY5(q%mx+ zRpLG|I=bienv6WOFjorRyd(eU%m$Y#ss}YxPtx3+LhgrL;wMF2y@8;4$=#!11ei-d z6#XE3KtSy?^kE!`^z0UIUr{#I2G!HojN@%cs6w)HMgFm(w_k$KQ<|9|E(usC>e}$Mg^fwaO z7shJ5a#qB++Rm0&bU3v_`0=x|+cH@MTjG7pLcKWPdhB&rn_+7XdAj_DS+nr8z^7N^ zseuMp7Tn^g?Z0${kq5Mh2+u+QtmveI`eY=YPb>DVi87Dd$C5ZycHOOaQH_Xf_5k%$ z#J29^(peF}1u+O#kSq zp^-+;iHfb4#mZe@va>%Al=*ZbilG}BqJ&|wpVCGzrlwNeq=ulTvS%)a|YwEO6y{kW?~8C8f{L#D&)=6IGtTKhVzX% zs*u@2!FUF&$g2CvHHVGy^fMD7K4+KF%(e=MX`66~t$gby7PAl>KdrTySAa&s4VHe2 z%WN_V+skpQ=9EpOV;I!x9q1}@W|jF0HpSlo%QaDtY0a}aJ$&?Id7)sYU4%eQTkZX$ zWvm! z*`neX>GtX{8obF88goZGRH)%FiLUGft@G^nAaV@F00531InuN3K?2Gg6=nThfe%vF zjEs!!(l@z#9gg%BFjG?r?8eLJip#T#j(>&@El|KI3KT@$crhz zuv6YhoLc`=O=p}P-orUnEs~}t$ma3+t2_3q%&njFIFmZB^Dn17XWQoFpLVF<_iDNn zU%$_6Qdo^;iev?mF)csM&5?7jZa*Rqs8@R%HcKB-o)a^6kG5IcpNnxn7lp8*4H z6x|nxH)M)$?`QIs_nMwHye0~1cN7=6yPRNuedE(Iyd{yULG}-L8RXeiXfo53o zBT$C9f_U%q6+)Fs>a4l+)cG^twKsWdaZBj%R7s%2NS+KK8HRBNa5nuEf$(VQUBeu*}{C1a)-t5rE>aSG3!w*cuUet*Av?G|}>qxwbixJf}nfG~D6RKV( zaGDbo-ZsxGJ#wEjP=>#xylnZJD+xmj{xwQYzQIcA<2A5AoWa<%r~j+*B1y7mm0Fgb z-hWPQnd4UU=a*z^W30y>KYsjh23ATA34)bCKO;gbT))rPRNI}{j|m$V!E%!?84523 zO-c<{K>Q$_J__zvXNa&O{#9l^WWKdwY*>8a^|Gw@O^@%T#W^Iaa;UXn>(3lX5AW-x zbe+6TOJoqzE_1J+gaxb)xQu5^$6J<$eHxK@bq}&GUB9GSa@^~)PZEehy{P+J#sK7m zK)l-?wR=_)F=zskxYqiqc)6L0S{v^G{A3!e5y^!-Q6+5H5C)cg!9cqZEVZ#R^X&o4T0XiyHU5r>$xZ z7g^;!74{G{n{akwpoo3`UHPY_^A+*1m9d9htq% zT9z`e=O8UH=kNE#i82K59gA>qpg($s3G+?ad30CSBJwla_LJ9Wv(TpAtm_iDGJCWH z(JmP%uQdYtn#W+WTuJ>yA+6k)SG{(!H9X^Q@(WitE%M)kd5?S+ty4|2I^>S zKl-Ncoswbt-qglSs5?kLT!x{Xmt_s*=9)w-mPef=Is^E25aANuf4VI2o7G-veEJef zgy*>4!0m!ktIOiNI6y5SH=9^N(oZ>ar13?pZMEg zqq`LboM<=5P?oORjOC2Hj`Cx(@(5k8E^?x5uM!)n1HvG(1!Eq>H?`mCDaq}t?CqnF zXn8uXdjDOopjk0}OLK-Nbj6ZvKba_Ud1)_72~gGSFv_IRQU*5Y*Y$?=ynl5ckZCck zT3BQb@2wg0hBWG@s?y!ou}^ZEbFI9s;o`E8mDwCme2DMEMovvMMIM98V+LYSt?%7k zX=NK~8Eo8gwFX?5FUDB9PaBv;sNQNzWemJ~T2+3gi<6hsN;(DBRwhHgXFks_~29ht9M2srpH3ogv^8U{bEhBsE=MMyVK=Yf2XcDc}d7IG&%ZJZ<4hl!)=6I z`nL(@7b$#>VH~67^wu;g!rM-E@VKlr;#qvNToc-NZ{Wo?`?bP8+Xpqh+sD#cUUYGO zLP(x(D9p|EFOI%D`)GzgaX%0`>km#XgL;JBd=KrFdj(ma(Jut4cBAsQzw2|`&oN0% z&Llr_Md|(SN~`24!H3yqmO6SNIaK1W5>j-7b6(^>&(|H-N?zY-ARM+*c%5=PkHAp+ zjs5kc1(_TFN7VC`Diy*5BCM~(XyUkNR=x4*y1CWWw0;qEFaJo(Xp!=hdz0Z`-bZZ) zh$ze8B11~>3W8JKW{u1`#UH=pnB_LEqdj_t`CesDZd{psVlxE|YQ`n+r%PX*DaMYK z`6(!RDRd7RTJ?uYk34j}esP!Q^MkugNj!e8zG1rtG`wswj#9UD^zQf3M{AA^sqniF z#06y}_s!>O(^AUuyR{#UvC+Jrq^B`(=bI8a$eah~z^`B_YawCh4a}TqrrP@Gm%6nQE$!KC| z=|q)(dsFFYk))xNFp~%E+U7@^W=rGh+#VlBP)D)?zYW4&*C1_8)hi}!;jGif6w$HA z+JQv#EBhYLcROWQo9a!4`T{xi>^}87_Kgh*+V`)ziQ<=M z^;2a*Q0r{ewx;T|MaWYtJCt;#Z`R;YEvu|&*y|0A!r@G_7Z%W}csKN&1qf$U(CSr; zG4HwSdNIystPjsDaF);4ETi5un+i@95~T%uf~2QMVnQ6ItsF{6)_1tpPKGVd*mP#7 z8=h9@8HSx8?8`!Vs|2UkhuL7mkxiHMqNd+)(Q?$MU)xK`;{7P=JpAh8a8xtSiSe1G z$Hu_VBP5Qt85K4zhKEi;PgoinSC{6_z!)xBVLHT4ciWrYi?%8yK3j{^J@zgwd`Lm8 zcfo}0F>IuF`hw{p2b#}Ey^!MS3Ou{?(HX#VVZL zpWtWJ(xQA5V9#2rqK_Usqo4EI^!wfBDJIE8oKGjsu;SEQZiu(MWu*L(zZ-YN6l z-Pzc=VG~b5nSt`D;l72{63qDcNE6$e@t7H}tB!2O-!DB*S&ZU&fUcAFuM16W{J%%gBZ6ltoViQOaEqgVcnx!jU28noh+Uq#4RiwTEe{2of^p^7nWb; z2vCk{W|d{%%%E0u?dKYv7p=cK{Dpz>%||s}H4g8YNfiAsexQy`JalEo@?pQN=z28Y zMau?k(4f}Q8!>*K9Qsj6o$3?rFNEwxOFA^2CM>M3w{>{hecRfwF3rCr<$SvkUgWm^ zK6b2kdzVuYsGW&;pE@XE`F#n?fj$1u+2gnJpnRZO_*V+QzXPTI3YhvQVfee`xS;(= zqA0fAxB$BroFOSE5g{&W|CGo z)_*3m1m*6;tQVslBB-2v_K1c@8SSZ;Tvw}{UfOK+hm^?rH9rSV3K>z{5px>U;8XhF zcXv}Q@0rjnd#!?tp?y6vZgB;hU_2V{WUL`YpV(G_2?9YIUqq3qJNI;EmP3xacKx3G zJ?pY~y$%L_*^PqR3eP=~r4kMcqHlRCdc$syS>CzMG6M_0P-1 zv8KIbeEO3l%(s@}LC?JRWg;5GzhZ?!Hl=VP=!u;8#_3R6vSpziIkv~)8}HAxD7j}| zyd2K5YhV$ad?<*=4-kiPy1Uh~xvi#RMTk5q@wJAKz!=ri^58GsRdt#dS*yk)%;SdL z#!o`xOoYcvwDElFD+Ad}>p3IJ`HLUb8WZb!Z-FCo?U~j66{j!Eiexc+`h7?$Kq)AX z7oVEItB^RpW3BY;Nsrd3)Eyo9p$feht#}?L(=?yBaEp>LJtb0y%Nc{jc|xd2qQvX? zcQQaxRUEIq7QL_nG22jTELGYvB@NmGo^JK0+>NmETI!In7 zs%!;eL(uC9YU_GK8~+CBwXob%6O~pp@Aj!H4yXbr0fM+3a^aH2`ru~jP~?Xfvb)&I3YUkE#qjHj+GXII9fIK^kLsEwh1J#>jN9|xm*{z z79T${are6XO-5eR`Ujb2QTaFN{fS4FiN|JBCfvq1-aQseST7Fy`sTy4T{)cZeuRP? zHmOk$eVQmSO|?$$J`YHX`k&5;@Sei5-w45=6GJyda)i#`KRU{I8LI)jXYJ{M23EVR ziEt=~42sU(b6mx>H#J0Mv(&o>J~Ynzl6q=b@EEH1hG0%{9+QGm1A?OJq8CQ$7M^a3 z4@PUnd`TfuF)x&^oFJ)oOj45hs&E`{a{Q4&K*cZ9;SR(3fE0lP&LRotLK-J%ze%(9 zgyNb9ab|>To$!ewj}8*5lThQ(QI_2WQPsKg-Sv010;I~SPww(@MttbwR9!U7hGq^`0};m5`|Rl7BNS`T*|>XA9d zuXZzf#8rBR00UrGOuPK9(hN$ z6Xaf%hN4%MoIMf)ICkx2AjQ=p_5s!|Tdw-4=I78U7+eX{<*PIR=$!DXPeVC{S506s3;PiiL0>j@ zlsX7fWzJ?7T9=J87(T2%klOa5UDXuYxj8ZCT{wPEZpL*&=EMRkYm;+W2(c5BMWo-H zM)^L?`dYbjSeL_+H?o?q$&d-$huq^qt!_4}j31Gl3jW zRS%%9*!6~Wx+QShbQ!s>=ewQR@xG8FS3#?%D&Ssp>YQLqTTF*{*)$EMDpo59F@-)g ztm>U$e1lkY^EvP1EVGozLI zJcHP845~K-oNYyX9I{pfXCe>TTnhE+0~g5vpA7cjuTrjw=I${XqNz% z(hK1jp@N(sKG+Z27H5Uusl+#9vZk4`FzXGTd4fl?`*o_KMgy)z3Yn&i#W*zue2dq6 zOcP+QodGx7PyV1Jj<1~34_$|A;;4{;6)(SKC_h}F(Ik!tCOG4s6O?AG!lv&#e0Sa4 zKEmMqv0xMIFjRz#cy3$>rn)9*+AXpER_`OLt!l$wh*eP(wu)?2!O70}yJIqd&{M!s zE`*bCL+m@I6lQ!mw%rg5d2YuOj?{`6n~9qJdJZ5|ge&jSCe^U`bRjSw zl%(Lw_{x3sPsQKkqfuxaVvrbFVCyuvS+%Gzx&T?~sSG|1K>lV^{%s3CWs_vU>nhfGIZ>j>OJ2lD#Fy$+fc^=nvSnuGXZ+5j!%AcpQ4HI--iYLM z&%FgQB)JWi@%rEHHk5X^RC1`W#+i@anH{|!5ILu!oQ(gF4!AraBh#Hmr|m&D*`!X& zLvkwhQoU3~Q+`Y^#h27T=v-fOwNIR$Qq0r@?f0W|#iEj3T5^R6YnmBVPgpY)O*BK~ z%DcvG6XENwOtJuY`#at}1&0|_oi^Usgu($ZMu45i%)ZiZc@=6-(BFGAAs#>9IN)YH z>Z#v_nJxeRhO)`Bi6!oe&$KFODcf>Bbx7BhSb;r=aobBXEiGJpi5!V_* z8Ges@K|2URhM3YPY6C=(0zZl!LF*nW?l@I%LHINem8^0O4jhYsS?}IEHYa~rf+Rue zKw;^dWMOnf>9}#M2)VPf z+U_N)n{Sbk@@B0iPUrbk6VCdv>Q%S&@nvHrJq52u2<6kr7ceT@8V3CE;~YcPchs{SqAnyS9XHOo8v$ewtx5p-KCz3r z+vk|OSsj|PMEf}xW7JB%jPa$tHlv}tno?cfR9AK+$!^J0`xi5^+)5{-wuQ6d9RPhu zo5>bolb!*Lt@;uTeOW>-{4Rpd z(2Le6?>#hkX3Eiki%sviEg0LX;v)J-(iHd`U`LKtV`u7N?1)mh|J16?7D&Q%6|QgY zkUTb1YbeWUE==+2$fM=q0*(VcsCp23xn60%aifM23}Wz}_kv_!|%!SzG2Pu#`a z*-w``Za5AZUGEP~FY5C|ULvyM4>8x#Qs5(NpDbJ4jx;I%^v0YZ9))vBWPHxoD_w~T z=yVhFrZikqIzj}Xp8(Ox3q-p8-2H;NF>PlYs%Sr6$&u0_eqN)O)6IF&q*29r+Syj` z>|Na~AJ^n!!{WS@ac`RJ$DgdlPQJ2hNi?jc@7vxGHW?bRmUUj-DG0V(OLI35uTXG0 zoR>8S{B)=tfd|mE)af&Oy46jD?4g1b2_AbB%h;J# zw1~10Eg5Ccik>zPpZnw$DLq@6Di1FR+i399_LzeCp)p}ZTda1|*}VNM(rKd$tI(pF z_M#O61-Tn?zLdDjsZc@~b6*$}$QNF4AMSaz)VZcJ=P7FDHDbT)-ID%lO7QymEGmKa z1nZp=6gp)DB0|*LPY_kGncl+3Ols4Oy9+laUFq_Alrd9&;;`R$6#G%3!_n;2WTRR6 zPAMGw(c6kwn`F79@!d0_>l~WzS_+2@G}u*aqXntu?Bi}`PUh(_lGAP4vr?|I30uQe zUf)T}ZpsWckQaMYDQJ`+o)CL8^2ntRd8xT>)@vO*j@3!KT&yz_eiN7^;%$sY1CVVh zK-8VMbC*kr}EB74|Q%smh|DFYq7w!39+vZ6`S!R zrsG#Ovxo)&j8Tj{wXA;%A7B6Sx+q-PfosTc@|;Mag35-TewcdM7wWvDkPkkgX_cud zW@anp762_aWGpsNGQ8oY%2NpEsm_?f5^t<^bq*BzSbxF0!iMCUYebnmVU3X?!>AWq zR2TKGX1)`p`!wh-d84<+sB~WcVN4)pB0)pFr+Ag>Mp3u)3#R_2x?`*PZ?!8q&SziK zNqO>~EdPYCh^t+2lR#5du@TQJy~;|SSYpR{4|~Xo(d>Ma)za}4yHY@nvikUBJ)Z|B2dw1D@Fb%{;Mb2haPrm{Wgc(CPh^LFX6r&CihZ zf6WB*!HqjSbuC`=Ekk zq@|Tl;ID1b?gCc-mS_a_E~1Vf$OWKC*J6HDIZwPCVyHNd#E3S#>D> zJ@of2uyiBUV7`6N{;xWaT`d2D4CZeA^sYYm;nx;N{_g#TfDjy2C38tg_{|?$topkq zi2h~|wl|E7oxr*KrOoNT8j&dovAj-mV6?xC+kw%3nd$#FGi|O$azDf81RRRxU3d;R zo`!z3?&s1U7A4ht$#z|miB)oc`}Csfoq7%n%H)uF=oA29SN!+@kO_GL-UePhG!{@w z^aAKxro|63R?7X00KQRAVu$>8S>+Eh!9;M`xo#kN842nSzJi*cR~_K)D1a9Zys)1P z{SFq%wiFQgYQ2l7=kV!-YzcsRCvEWU?0e`8sC~);Ox!o2GiSh0(A^7&dNUHZMh-D2 z_45+Le=r#Y(+mL}Isx6i13DxGNYj5ciz?9!3J(0BSwX}{kgbIuWc;*$?6NHMXP2+K zk?zPqNGku>W$<2V$De%xjgD0WeTfER6=p#~f_9$=KlziALCe4+{-npvKYMHsdTb7E zZYlo99#2I;!31DHY-IhM0J@OBSr>wRiReWVlmDc{e;mR;^!SfMD1qDq1&^=lNs_dC z0DKn{MEqlq|77(3vB&=~dQDP4$h1MDUn8270eT#<0VYb|KXmwy!}o{&{&Do05Q~7I z{SGa@1-jTp()wSXuVC<4y7r-91Rfqt*MsT$|M7IK?yaqn#7s2M(hT7%>*SCQJr2Z) zqEV0ASJACeX^3cDRhFj@+rnnJ!`LwB->+OIWmAy>H53^8AiF6v%_7pQH;>rG2PxJT zn~)j4zWXjJd2TR8ec883*k1yakl8G8^(KOffw=yG(z0qaec7S?+*QbcH&V2wOJ;p@ zvHUy3f9dS$P7nX)?QL%#xO+dH`~x5P;9zlZ8ap_`9voqRjZ_?*`+o`V90W`L(-7Ig z?s>3#9_*e6yXV2~d9ZsPq#AzB5FO-aeoYV^B()AQfd}c+gY@a&bKd_pnZWVIHP)&cCvfBpQF3tSQ)KhXXGo&7 zvU1|h&l53|s&KGy9I#F~uV~$j%b9Fhz?2OvLCpA5IIkE^gU2JZ)b0K}>` z07P?#Xi2IcKz#p?>!b~#9lJlsUT&}0&FVzmLk@bb?;k~P=t7$!R}|ey{;*vk zaRRw}v^u;hL{gZZKx+&Xa|cK_vhdx%du%ZxY4Zo!nSp|`sOu`Gh=XG0TRN-4JNW)BgKQRB>DY!J~{K#%g2Jx=9XQM1PZ}f2!>^ zgCi~J=L&v#2juVF2vyxhLpNx=*gY5?>GA*aj`Uyq0RTdB3nXQfnZvoTkcMCF^Sf?{ zLgtA8N+WY%tOH{;9n7rXFChp2h6iib!2qYeBrJYrkPcjjzqk(ER$S+TH5%W)`*MjVZYjh&__kWce?(!f3=~wVJX-V&HECLw zHfMjq(JXC&zvt=cKU|U{V_|;&H>LKUYS@4B`5V#pz`w$BB6K{-I_6HF5pvrO->Y`Q z2Vl^mT)*xpSwVNOxtSj+}kihWzfihW2=B}jnmvrBhG?3dafWZX*mTctn9x?Ort##Zflinp{YJbmYwnfl`f$Xbt7SDlUz=T;kajO;yJ z%^}7Vnl7Tnr>QJmtZ!HC`8`@ge=)T_xS>zi?8@^yG5Q0K&~k2t+uv|dyfN}9`nxx# znRHSFutKjwFqKL)h_8gHNFoOi%EJy<0|rjjN%a0PC1#)0<*W$rw66Moa)qf%@DRXgQ#hU_eZ{!U4!2b*CPJzfkmpY^E4dw}J;-;Z;C{jB&L1 zLDp=&LllJg{UF;qgNFg_?S2H&Iud^y3fObMD`U{4RXpq|e+`|r>_e}P0LhGjo0s&j{dJw!Gy91fQ)r)o5u;E*u6?i|53$Hm;x!pb zj6wj)p+QtS_+3}^zxn%8J4porNcu^`9$4Un1?_`HwTug?!k{1K>8rwU>(DPB%70B& zMJT^(uQXRzZ(-j^_lzK3o}|*QO#nc&bhZlXc{t$xI5(HIUjp{AaAO%wSomHnZNL!* z9fMa4dOoOJtBRAcULThAC5Ei_T&l|4+@#K{rTS5b^F%a1%YLt}_zZ;v97WK_$UPyS zpSwmFY)0#|H@^ye2rwcA6Tn8(eFv=Z)TUrFsmvtxBZ`zz*~5#MU=3X~VXRj zULimZFzv6v?y7-iC<}>^DD_QxRd|{kOV!cbCz7)`Qd57KL*6za>V}TE7%TYHD z{NIB!!2d7jz{zv8yKFKJ1lPZKu)leaaQ7Wj zW4PH5GPSwf2@1q)D4vqk=*NN4D@okNKVZFenAzS;#VjH?=YU*4@ryG-UE_`MoPbSTfx{(_W2ztOTuZg83B`u&j zp?GdIF&f5&7;L5`MFV{z%gW22s-&1F!NCcR9(%$ zBX9VdFjuIoR__T89N2hwp+0OgCAd<#}sB_a3RspHs% zS~R`Q9v^zLKxVZuB0T&4FpY-Rg)gv?D~mmI%xcRz7!LtXNH?8}s!*$ZTnvvWO@-m5A;mWW!wZfdR3<%c{e zN@90EP11m|yLTJh_A;P$yW|>|Wm|Tvb(5#){Dvtv<-VC94NETi7*HlcMHKlo@1dS6 zsAJh14BZ+gI7Cy@hBH%h#z#9+^X@cCyE@7x^SpSi6Ycc;^oHb{wh)22o)vwCGMqnt z8;bzWG3Hie5afgcblR&Da@;!F-P=Jr`?)D=Hh2?&Tt6OoyWaW!m^s(^!wZPX z&fdSa?sczwt<}T$WLag#(_cn_LZ833^P{Ey)iNmr6&zT?PNVbI*a(~qM#P&f*a+A9 zW-W);Kw@?H)lls4-B;Gpwl{U_76&mK7jKWq{C=_g-PmlA;hak|B#^X}TbE0aF-vqn zj$Z7bE5cmrHmXTa?pNtQMm$=!S{%Bzsh!*<#z35Ldgc+a02HCaSz~V#n@GyrU42lt zHZeCfmWHX$C5^8(wl*yoFAf{5-{{raT!)R~pT)|_77V)D`ac@+m6}lS!eJcTOA;rP z8(o7q1noW|+{3+r`m9GbHD{d<+H0ukjXwXn*}3&pEcWLE4L&`VN_-T$dDSo?L=s1S zA1Fy*np^8~zW<})?fb5Ri;r{)$#Sah-Kg=BemMDM|`l z>e^xG3X2-8Yak>pSZ~2AKHs9PO#DRoebIDJ#6(%uVnmvmYw>;MxOWF)FJI^u1S=Ao z;a)C@J>u5Ap6IUj^Hh#k1`@QT*{@QD8?^O<9wjOvp%sn3&H^=V{7)~gPn^=`HrAN` zuEvOVLF&!-sNa0W9f5gl0!lk?`qoLDW++9bZtAA+HCHx09m~9!Q>C4#nfBx@q<*D( ztM?848c@p?Oiy?;Ho3R^z1{3!D#f6DkD~7d-9uW6^N?6O)~xw(8Rnda4@T=6|wDqo|96r@?@o#et|Dc`%FBqwu}0!vW2wN;`?`Pp1B03 zVk~@S&wjSW6tj5%y0*7`Ln+}~&_*SR$#0?{?9PBi|LB7R{q;#RHn3OeCKMq_GO%9F zAjX=noKuE84dx;igI&Gn&DTh&c;%3(^LJUKsP6`z?o@fc3JV)y%CkrNhn|O@#HtY- zYL=`XRb+EC{l;*hWTOZCOwKz7f)$5Ae=)zD|I!xq6NJ`oB0);+aVBSz|@aK1dP^O&t;kY)%Q@KGLOUE5Vxrhwll!(N_y-B}4AudXk6 zuw~Ruj$C7X!7ZaN%VyAb-Y5nCLiwY3cLgUjyB}UonpkF;0eYBG+d()3%m>_K-!s@H z8dra+DkMEZJu>kX6)B+}WFdcH>ZN2uIhqVcmV=JWLg=8gqHv;U9c=NO0MzyjtAP$! z;uQaoJpocTjw=@6UUI}BZFF5!NkB%o!V3%6K+~GpjEu+fbIAI)v;+LS9VU#fLn!rn zxnHpMB?n*$?fc?`2%1v_4!pt>8ytUomP1MUk#gjZTdZpv!*AZuWOk=MO{)t{uIDR_ za25SF1Ai)sutpJMac~r@H@4N;7ND1Of|#dZdxZ^-9CIo9qFplF7wSCUcU@1kZ&U`( zh*ZrGb5a)wcwY=j2$z3|g#x`W$bR4=zEZE%G^H@ON_@cv#SgdkG?-c(piCwFL`w7P z2g@=6tKVU+;c2#>rZTba z{{!;vya+gvJ~K2E>)_rlb`Wx0%vL*`j-cx4{*`vXTSA=me06~@WkBo))#vj~Ew1%P z%MV@~C;cIlA-+Xl!io^Tw6XrmWjuy52U|9_dNT#Q^aOQP&F^rA_t^!#WUoC=8hkvM z#cI)Q$W*=Ws%R^{_-H9&#G8>As+1}#-G zKJ18&wR(Zs-886JZmsto5fg<{=t(5U>92yjt#dhc)%X%Xd;5=8H;?=)&6d}o40vW2#D&6Cin@mx zjy947xZZX=NqAu@Tq>>s`dVYY5k+7o$9Cbu(Z$_L^zD$h$+&TC@xN@OKg zI!`YKq*>5ij<(U(6!3YJSA?L=t)DVS(Ra}=uwm1Pv2DuRP;$7NxD}KUr)`zOzJFrf z9NBVB)AwdiTU~4B{lhEXN5fZ&g}>~Z@_7@Ni-hO=X@p@>V9!GYtsyZzn9bcgzk{xL z&6`22v~d2X&(#`Z^l1i7p;SD3#QnicF1~9l?{y*fFDmNS>7Y2wn0`uSc-dq8^{~tNAU($c&!DE5W`vNM7(G zbe_weZ}!VWigz5IUi|i{9XIbRF~o@d@n zXVyROnM@}?2z7qiy0i((4(;Vr##jM}Okw{UrT_)$6(DB9Jp_}M418E~9m;L@th247 z145rX$Q7I}?+{^J6a4V0x+=x^$j{CPTNQJ*f~}oC@g&E(;8M$7%kDu|D;E3YY!2 z%?Be04SV$wD#LPvnugJFE5PFHo3BE;y>UTL!1R4FzR9RpSxZzg^}pj4+yh*_F3aZ; zQZqje3=;p4WtZRSMTU%xL(<@A(@}05qCJ;Jg#(I&UUO^XZEVEQcF8W7?#(>XWv@-E zQ&#_F`SL=?ol&{pkax9UgfsSFa$ma(&hR8y73cW{VeJZCkX|-$S1a~)r4g7I5^vkh zZY+dmX1r|AeN~ynIDB_!wGlt82~`8LK%FHKxmfLS$SOQsO=u@XaQsyi-mC!2b9cLK zl=J9W)8s)W>N6S8*ztV0VAF|)mVOF0my69cT!=zR5(KPjZd>At?>FG7n%zChew-D0 zMFxbk-cVfIqR6SJXbGi$C~vOeGYBB)uMoC20ib`BAnNd1u+*%V3b--`63KGm>)^(7#5k}K#p5c}Zc0=V$Ud``YStkpCTrr;=39RswZBiA>4I=g5aqo7-yZNEMz~^JvtUkQ5b{4848It0 z-VQ$i;{U^<`ulvB))>2BY5#K|(Eq;;MAq^uSBY5w*DKFY+zg+%U#Xn1$T}~(b>~cyuUHI#rjIUdH#+oe2U;d&X|NK)eeg4__N5Jep#~-qrrx-A) zd*vE*yDgCP8tMRv0N2rXgD&p^M{%`(JU_ZO)%}}*QXGBBkkjT8ds-T{?@Hc}cUMwG z&pC+&;Pqva5D*N?UZp20j6yy^(b~{6fi@Mur%nJ71@tB)#_fYXfeA8(1QswUW)X~2 zYxt|t1$K0P76}C=6$#KIpyxwi-6@zegK^$Ij zQ0qI9k9p|u4b$0KbO$hs;`;_pXpz0!WE2*g{_>(c_5+6=qY7Ilct@-!fTbz}eu9p@WY|%s>k!Z`wa(+fQoo1&|1MEkhrHMH2N8 zx>X)0FE#WX|epj~jV!|3_V8KA8Tu#E;x zA8kymmwqP4Ylh6jE5W_sFg0nMFF0Yfxna5{JMD+o_{oEcJVp+29{qXBNA)yO0*NoF z+%tiR)WB8XO>jc1qtr_y6FqqW@AN(5N7GmcmwU{|A0#U~Oh+F=j0W&zA$?N(`jTC- z6!$5r<@V8JbcLzD?Xc%KL$nY|p&g-mw+m$$^%PCuEUO$2NE(uD^XaC^yXh*x@8S@8 znR~+1sy{F{0faUL(Qh|p?2lr+ty`m=8phW!`a|Zs01qrh zcaf-jfW9iZ7&xiX9dsU$0QcE8S!C@)0yE;S9or455$c4}k8JQy9sk-}iZZp1zc(cC zhTQyMKR*6*rjz&A?J;dncUMLY3MpZo)fhRN_uuc(d?zD&P8kA(COZs(-LS1j1D#bi zBr3)bM~WpQE-s$Iu^nT3D);c>gvXUr4wm*&olQAMkw)zXcH}m9+j(~d^fY!Z_rsE) z$YiVd>8-uliun;lK_w>s*ogk1VBTU-n~2?ma^fM_LV)6O!Bzetvp0MXJ`M}Sxs#~L zfnC45nv3W00@l(>@dSjH{MfpC8=cX<5Kb_`q~LDfDO_|k!UfA1m!~cxjx(QSP##tBUHIY8 zd(YUcnPs#r*c4#1wTLM#V2UbN&fd~hU5CeY;tKkoZ|o_N&E`*Q83wPmT>`HD1eXqG z4w-{6oZxAF?3~JR{+3f~)k_U`tKG2DTA6)nR{iFxyC*}P@JjezEwX?)3)Ce^&lXOl z=)JF1bR+E-;_$(612jnS6gKFM6Ot$@+y&Ps_6$2{NbyMH^)TYY$x#<2s|_kFTCC+U z^>*xi?BC6*fAFvoSPDpbqaCB?8~%UDiu|Tepn$3AVGh-4UHU!d?dwWp_QGXie=Us0fKX~1h$INRSg#E;@~rFUY1CccKnD>k=Dw69ki zst2$#PwuOI&BEU}cn#Zg!kdNkLdf9GD_3!%#+Vv2UcS%rQ?(dk@;8UcAxrVpXc!mM&D+>SaF$42UY|}t>jj25t-a230L62`SCsT<%)4> zZW6R6suvcXb+})P{=Jsie)Wy_jD9PpftQQNfyW=RiT#6?Oa8nt>WYeT zSVICUh@^A+7QW|{`d7>oR#66hIyz6)N#bgjjPj%QbrtaG4Ve$@;jk9&F&JPU#3X6- z1jhnvA_}Miq>A*$b2tK*R&@QEZN@Z5yh6-U0e{6ou&;5R`L0r8@@Sm3&P!&>6|tGh zA+dM#t10Hr-ewNAE4JonNs>-t*9xBH6@+*rvh`8569_PE=*RFgB~TdrWDxM-9@@iS zi2~vZ8ow8KqhMAc(rduvZ~rtuh%jkm7Hq@;qe;ny?n@xihfIcCB9_+hi0uT5XJ8$4 z_A1btC9aRtuRXag8&ic#N|evA&Lg~SjmEG{0S@$B!)!hLjNZE2nj}hPrfCN+Od7L$&K5;h6I1} z>;#DH(FKB50G;Nf@0~UPgmhRPBD&Qr=K@NN(k~Y$hZR7*=1Q%92!(O(l{tUrQtcJV zo8rJvKT+t0MX534YLPY&)NK5|!De)MJ6}_@MFGmjQA>-vwBUPH{WG#z9}8O{3^;?u5Mx# zTlMZkUmH_sTTSjcv8IGw}tyC-{c}*&RSke9sA^c8JodbYG1Xb*C0^E#vObe{)kuj+*}$ z-AO!4-I@SHLVimwiCT57RiPVF?Kv9mkgS!5QuR8xg<7PI4I(`0l332OSuo+)ad4Zo zHIpdbCWa_LJ0K)>S93T$fgcmLKw)F9KMnrj^~^Xbeemd(bDZMA^>kLmuV>y?#AMij zBu;cTp=Mta35y_ssLk>EwwQ}6@2eEvBt8r?=65I|?qSFRd0p?VUaAD}^0gLMD29zh z-TDo;VwR*|;trx?+{9{(AH;u;MzqQBImBU}DEw>tV_FfQY=VXpm?U;PXZ?n+5;MA( zC1C7#1Q1F92QZh12jbNLYb+Bp=s*?}A)zBxzK7-Cx(i ziNBJ<*sw$fkeDHV01{a3maBir9K>?ZwZ%iiLWY((Ckgy`MS|SetGTrp;TFjv1EKUh zmIDdTl-KL+hXNDIpVupevIxLx3F`tdCNEln7+3X|7VX^d9}kgKoRRpb*0d}_+}WUc zLQXh6NcopQT|;!cQ_8Im1*POk_ipipL!wsD+5=v)hpfRi=$(GsCH@Kat+>{f`pQUh z6-UKU)HbB?1mhoktfn!bPj=fw=bny)i>{~-fhgRzA=cP?O~9bK*m!lrE&AHcyBDrme|b$`!w0MpW!wHrXDfZ?Rly>bPE$>TR_D|!>&j(cnF!|VKGk8`)L3IRvr2*8+tAP zAh`&D_}lPw*#@C4O5d29RZRf&{$mx0M?=gCK$~mSomH^iA&qeK`ozT$Vfi_0b7G?- zP@M4LzJ^eH;=8qu5avdgV28E$Uu$a8rSHvc?_6B6p#u5cW!I$czy1**oy;^f0TYKL zX24Negj>8S7}MgkH858f%W!9ZLrR|k9y`;ZQt(5~ql@f7Bu<81?p#?@!c#1)Zv#wV zKEyiZ_K_}yudTfO;)^kVi&`pqle>|%s}mm=sjjW&l*%NMq;d2!M@Pe!h`$^%>5A74 z=8jym{-_WaEWW!@S zMG>8Cf;P#bDlhMO#d#uk;f4Fw0%G7r?X}JXidd$nGQq{<;xlmL-J6pdV`UNs`w2O& z-p|{^WsPp=+J1E?5K^muw@8>M_CU!~U zZZ*{tiF5sblC91*Ag$uIvFAxp_Du&jC2u$wS^w~E4UsklcaQa|F)%N&)r|QPa zrtFb~8T|-t*4gyYh(|-eLv_r|_}&PWLOY%k7}P%Sp}o6uyzt#@T=w;~&5e=D4l+sK z6}qL4AFNkR57?x z$IAJgniJEycoY9_>}>did`bj z6DcGo;Uh5z>b=528dwHFLZP5w`tJ`ubGhEAa_p%na-~(YqevQIx%pnofjeLG>^ap& z2WZUmse2nU8XjY>qhe4n=Z5LaiH5qf3|0gp^~$K+KGamRB=(H*hAcza{*bwwWFVn? z1;{u02D!F|Rc=Zfi*Ji-sy|5&>b_(5NPtP#Zv+jVE7sjf5{ywD|e zN;l)tq7+&XkVj?~;f=EfQ6Vl-DYw&m#Fhg7x)L!57mhTf3x0@xSc}H@%m5a6M9YP&9dk_8!1;bxt9i`O<^P7pvh?%5 znA?POLIcA$)xTDfoS3m8*F9;m!tr_tIeAXIQ5Z0{3k*Y`K+TIBNG3De1gndHa3%}rWCo6?6uuBp5z4lrDk>?-BTc?7*I*i%>R?ZlD3BkKGri>pwR zGV{9ci<@J5kyqpM`eArgXvgC`Tk722Wpl*&Q;I4@IJ38jwsl+Guoc#S(W`xV^%x#+DBR+Wk@QIhi~_gKr-8un#8p zZe8%=ORBz?k{4c;n)8t;ouA_8e-C^`jSU!ff*pFu0C2@>;BRZKbFcmCuRB_~OPQW0 zG2XYZcVKqAYK_C!>FVrLm0T&@Jl=xfO>7g4MH;q4DV8k)0*_YNrqrQo?rHJiy|eWf z%xLvp)@^WN{?f3Khm7zqfQ7N;p6!hH*Q=Tedk%N62P}-|&RnV0v(zG&y8J$^s`?-G zkCU&~=wEqyzOPORkzTrPfrib)ki3a#a%4gxIwLsnL$an=Q)>rgY1ww!se*0>v~zYe z#*iy+uCfW|C0!>7;7$NIv5T9AV#1LLIr6P&#ADYhXc2uM&#STWznx3oouO`nPS`B_ z9#o18IG%ZV6JCic1lLiRQ)QoD>bL2){v&c44c2uGQe!J{_D^izZjoh`!TW9&2cMsJF zP1ErsIsTkEMdb$tE`>%xPV6zH7qao%*f;7Xg>&Jpqt)RGI_8a6;I9TKJo{{uR-`AOK%N zE|Z#+=q*Zz9~2C6pqeH0o842T80NApa?~hJ*swj3i4aWuTp?>nsqQUzNbhELev+1g zRNb0i&El{F03An+zawPTmv(A)v%VdIyVcf=2BBth(Eh95p%S&Cht&6F5w9n9@oF1S z-=X*#>(i-3&|k0J=KDb|LT3RKDNjrF|MJWH^ad9Hu%@xWh%DWOVV#USl;gwa%foVl zz#-G<5ajvI0}Grrd`2G+>n5s44gu)`eB_Njx|M|?M}Y1J2roNmuY&hQ z4fith6I>2kj`5;B5-RnU{vIOu$O$?+Ev4yQ{UL+93(5%UwZ{6)d)l%R0`XJFB7-{o zi=2eF#KJaC_gosNog=!wW0YwD2SZh6de^GnCFyK5xhps06~!4lkj6|x3qvwnIc4fw zF{j|UttYq>l=u7xTvYeDR_>~*$WRwnCIF;2u4|yRZwiEUCUxXRWnS~$9vN>zA}>A> z3yCp?B(*6J3xHnq-jN~Hka&_R`tV&1^eVCPI+Wf9_LT$`9R0v>fd^l6BtdGIN8oXcoPwmk-q+ zQ9rLdJ$YS`hzUp4!7=ovIOBrdq$jxQ`=LvaZMT%@r|({?S3c9=0JS9^RDy4x_I0W8 z;(p^DgT-)}C_~ziF%sRRoHt!Sol`w&61~Vccz0*I+@+gQ?+C zF^^He3}2;^WFqLy*o_@G9;6H^XQpVIH6-(DKDeJSFUrOHajiUf5-$iqp)YNUn%{yS z;Ub)h1N_@(kMvX&ih2Ne>)r4kKBSV`{F_mDf&E5iuGqydT!d^A4GaiQZvbdw4rTX; ztkC@UiTJm3LuY@_5-Sa;Ghh1hrfk-&OWFzQ92U+~+|yZvpc$}hF5(_4u?v98&!<{I zs2ZHJTw4yem5-lY0aA)}Y1ReD0z9f1U8;CO| ze)bB!&v^JG{a|rXR{o`4_eb;&%W8f7=SOreX^vS=bEJSgV|AVlX5%N%-fFU(ficik z-dM~KHWI_u34IS{G)L8U*rI82JS z(~o6|{+{izN+`!fVfTPIRhaA$;ypnTU7)AbTb9(n&AbplGH@e)FsVG!{n^4iN`SZF z>C zlYPI(Pj=aJ5lFd-{4D&JFrM%V-PX8f1Jyx$#jZ+;Pe-N(%>1?)70Y;m=-ay1BffS& zsYTr``d+BXwKL_n=WDi-o|xvYQ!tNL+l8Wd# zJ4B8ouY%_h*rsgkn<~uBVpxD=cN?dt|HHcJX9|q-`dm$f@}m-PL)yb>qru0|1vOxt zQP`(w`2xJB+aEI8tr-=aCVQMd-o@tT*C8l2DogOz*4}7p)SU-`K0P$FC7>!Nq?g*AjFUedXBOtcUUv;)IXf(?*<$Xk_15s1CNnJ zm|!#$qRZ!Z&4Gj}eO!g<(h$mFk>~pJjxM{HDi#ruMz-f*D;HQO*!7SVciIO)9s(C$ zm;j!UP?2GK?}4z!uvR|X=UH&AlLDsw(m%7DMR=NY9 zRr+Q4Eu`gim&EgFaNFICo`0esK%fa6z4S0&)-=O={ z{mqdNnREvWYXyAD-Rx}1P!Pkx-bR2>ROdo-pO}a7c>2s;4vVK@^mlLFdHa(z4dV2L zg+iz$LazT}Wo=4ZWSdFPr|n$5QGdlGbtBCq?#1w%tFBUwwUNj;4hM5Szr_o%{=|55 ze_%e*2K1L~AqIloM}Np1Yf=U`mJp+<>CXgGPhj4}A8NOE1I1@U)u;lX-RJYbK#|tlSq`vfg{r*MHj;>K?{Cd>DnD(y-7F-dAwGU<94x-b<=wm%`yYjHr zc-GBj>tW7Q+xjVonJ+0Oy2j4p^kI5*u5#iw#Kgu zZpOl%?ShM<(s4-V3r%ZTnOX~R+b;PrN&f<9Q7Yybh4v7tSrss9l+FFNYhYANar&%I z0#d1bYV4g@nEF>)?`1xtz2?lY3f&%m-z^YJ2y=kYnq>F^fn}|frMaqsD?jadJ!@*H zpP~0n>I9QLZ3-s~=@eSCol6Dd5ITYwu5?W@Y+1UR_!*dnpp}~JvOeS?$52}RO!-u3 zUH!xE_lFJ?l0RQ=k)`zTK3>i3fp7%7V$!zuPVp+X#E%QBV0PSySZ!OZS9fG>tuLQ$ z5Fcg8;}42}TpMG~-vD}ydklC01fPn4@UG7cGf$`G=xIh-DquVfe%6*>=}fOg-1k~( ze%`@RSC!^*`>$t!(2!VgGRT#1F#g+^f5!6!kD!gdUOjc4PB5$E?)$5~nAAJ#Qj`t7mf2!&?#Ap` z47PQkvRk~N+8YbRpzXP>0ILwhE_KjM{rBI8UOBY~K!VE4oWE+4T>A4*HL3e&wYdM8 z81uI_oc{q6Vg65>UzQFx=n-4fAF?{=Iavj^LEMmZ_Y{I1{X?eC(n=qltQzydSo2jT zuPFZR4xIIsIGF9#A?_wLA^3X5wnBl~w4_#T(Kh4V&LbWr zu2PPr2X~e^NTVu)@4T+R?Hi6k;2?N)cQqMec#Af2}ztTcQ% zAd5BN%6MjN@zpEl*Nf1HGI;U_I%{#2nx+!|Qsf+J#Z%)?8wowTlOZDuhkGYJ-&~b| z+{MS3&<;=e>QXoQ7lL1tD1X|!TBdayFomycZeFsVxcI#N!ijk|^isgkJ=}G?6lo%a zb;4;@tc`olV$of`l5r$SQ-$sJzz_2GbA{0Y;RjCCYsvUz=4*GKbaD1=%AYQL@p4#P z`*!-x<;OvYs|%#Q7ltWb^?yeo$KS!p@0!-MX31lC^U4u5u3s0Lzn-z}{Z8XG2^x}( zk9za{ZS>ZFmjAvG-jCpj=GiQe&+u_A(Esi_*;mtt{be_adiRi~^7iJ-ClXu< z^sqzj+ZtX);%hn|Qo3(MP<$>XZv?)%BE*%{0SC!#rvr?eHLe}zum-yjRa3>LqPm>x ze)L-X*uU*%OyTQ`HQsn`G4OE=3I0Ghzayj=wbDnwFaeH+R2OCJ z^%Vxl*w*2aOEd~yts*~S`3Ix+Bq@sa+n@Pc{?xJWcDRhM?o2WMUEoF02YZ(oSa zA}eh!=U-5aAH&w?9k(n;ENSuO#h0oob#>Jlq>K|wtncx3CvP28_0Xh%w^2=>-LW(+ z+SmXbe;#Qxm!<|5c`ml%o`Uf0%?mWQYiY}+a;;n6e;iuUC}?cLs3U;)z5G{InQnhz zAHB$;4ABkNLyv|+oevkxdp;}S_K~sP%mhVTjD2&}jML=fN2LBKhrVp?lAQymNQNZCG_B&G33|~z!R@m2Yj?WJlb4qx+Y$= z=b(7CZ=zt5O)raz@t%MHqMC!bM3~E=It>w8)-?tA+>*3AFM`3qXL?tzXg5P}mgNh( zM#(wD&yITQ889OgyG(H7N-lnuQ^D5S+QPfE7Afp~_v7!D5U3~(4707js9ht52P=F7 ziVy(40#Az}>#)!2=Vsqh`Iis;ZV%niU>{Y!A20QgOzJ~>JIhgTd|@yrF(c$A0P;XJ zTW`gDRWI30f1L@IT>Wt{&q`Ty4f;c~_@ShLR{UzcX1MsK z=m$QXvTHK(7fclZcndze173iTdb1^o93`{An2oisxHAh^=EsSYkX_ijr1yr-`t8}- z>fxC#C=9yy84w~AoN%H@Qn;foAm_SvpL9D|y%NsLfT0inLsoTT%2RwHV69pA-bX}o zI)VTdsc^`!SxrN>NenD({eT5&;v zPy&_+(*QF5qKKJ^#0RG<=L!bj;K+P(FntIQAkfid(gyhJpg|&eepdRjdWb)1@*EnY zMo)N+_TG0cboJS_<(YW3Ii_Oh{!HPC^?d&%!%McNl24yfm}OnqOFX+q+SEuBO7#2Y zD0Zkbe132N-_2PcTj8ly6eL$RMj(@7dtwFtZ(jPJQoXS0d6yzwF9mcOI-g zxJLUz`uj0N{HvM6QGqnmQ9A!ypxB3pHzmOp2ZG_akmU)bWlJmbMI*H@#Iq4yg+SC$ zpsM9y%hg|m->B%r!5vS8DcstvwY9uFzsjnMTV&7jof|W&s%|@n&`gBf^cBJ|ZX8L^ z6s!(V7_V`3h)zErH_piTFE|Ht*1BJgSvuu=;{tP`j2n!1@!A5ndJQjS;J)Es1O%-~ zw&yYiD4^hxC#AVeJGP)^(n5?5i`a3jY(&<%tMlSLk=}~R=d|g@U3P}MELzE$TryfQ zMI#oW7aVrp7|^(XXTY6d!b!%-NZ3~(mRYb4b0k)VaNG2((no=67|=Dg3S+?_>MD%< zJGA)Z(APyWiUIO(mMW3-;&xi0st z7sOtCe}Ch;5&LRy&voXfbeA;pDAUqv62)s40*TUZ^j72vQ*K9s<&LPl0pB>5b->>T>kBF z%Kxm9@INIi`_GE3|3(#b073kl)zSa+_5b~GF{k_nu zK2`+C%bjriUwLl-FTewiv%ikC|J{H8_aBMDaJ&scZno`aFeq!N6Qep(n!ln^W^Jt{ zBd|%4qHv#QWhgDvJf-Juf)1=iGz|lbS5ZKpb}6(;V4N1_UDIheEp^0n?OBXXHN^J1 zDal?M_&a^fnv#08Yd5`_RkeIrKkATpJ5R5Uvq)rQ+;s{2`wWx;Wr4e{Tn^SxL`BRL zU!6%T3vlS3sc#|{j#XN)E=>*x%xj2A7w)ycnDmAf?k=lSD542K$Sc3-0FiS=A~H?a$;HSdt*T9*H&(1BlJicmJg9_m&%B<%zI zV07j2l5I2+v;gnQ2%L#U=Fp?Q*5@JI%&{|4A8He5t$loM^leJ#mt1bHn&Y7iiM5Jw zV|GwcqcQ%(T>iSJ1Shen%@EK9OYu8%4c=5 zR9oj_(zsPc=IT{tO+oipF<0s$Ck}J8tU4O3RC`I`J6-5c|9k6emBnaZQ zgO!!I+3KaVy-Ob4m^$`r-g02Qo^nI6<0`-8M-AKt;pk}W8 z6{qaGN^@<$wZC-m$M?#()EbS+pY)@m@x?wasAu>S5SnI_u%hs_k*&Q*nvr4bR zxaw;42L@tpJ%8Y|KF1NI{8EW22SmNi3F|mq0O{j`irkyNmZIRyzfKjPPSX-shpcU^ z5ADY*$vGI-_+GL{jxfKSG&2jFb9;c7j==?WwlM=}KNz8vx8s$${d}joyp?tCAXK28|?@lOd8^w;*#%95HoYL}&(b$QUXzbbk zQphZ~q44$0AK!QZWvMvLmJ7S>P*K+>{6q`^jVr*=_kb8l*9h`s!E8ZF?#ui&O;cX$ zb!qv@2~qBRjdzX0D5@h7sYAjnQvtDkO&L9Jgpj!ruY$Jo8!-%EI$Kn~Y_R_jxDSDEMMjZgYjUjov+% zv5ndyVA2ND7tKGtJhOeAR^R5bU)DA%@QuR}BpbI^lyge8a5qdo{NC4kFT^FOb9&9- zTSC2tJWC-%B!=ldi9Uj0i0IVgt``smx)j;pokIOU9&+RzE$b4$Ma7Ic5VU{c@TC*X^t1F`rN$4zI@JBiVfpPd=r^JUE*L z9AaMI%PKY{I3W}~97b?2ad``_b*#@67caLtx*y^Z(^1$C7A6sCZ1~l)%h*2RuL7*(O+9gAwY6u_JiEW|)oh9c{xySC_YKBXO50 z)aI%Ae%E{L$*Yf-94+1OI&|0;5p4(7CODciqYD%YlyC6yb%vSPjYmf$zJ=+GtAZO@8Cl#=~#V-nN&MMCW8tZz|EjdHKukfBM zm;)19)z@WnV+DfokIpcfwp!~ViA}#k1Xy9>YsSm$!P2WL_Le$HDO(MfxXn{FF)}Dv zk2v%RMyO}y{ldswZvP2{OQ2dJwj{58jq)l z8u{@5!rpfWG?nH12Wg@dk={X2P^xqhiHLL&K>?{z5orP%=(=pEXni>e`h)rsHSuDkH+1cc$lA6bh#ye(`dajSKaHwkcF#{vmSL%xv6ubKZ6BQ|lA_!Jxb~=F7|+a;DH6sAV)kXrUqcgiqxaLw1O) z6iv;V3&-8F@Sn^>i)Hmd^+e-hoz?aE{qR}rHe~{rHyb7Wh1=H}_-PjV~>7@r_6-sO$Reey{UTUsGI^ z?LKb)Z3;@0!>JUVRyKYQg4QHAd zH_BWVP_&yp$I+~jygMmNV$QI{fMp6TTSn63;&&Xe!UToEy!hHwtA^c@F{6vq)V_|g zMdYoiCxOOdM2Oj$kM#n$d0h{{47 z^JFxphB7x(Gn@??kVIa5&2A_fHoVM7yp9`cisqBGU7l59EathHGAF}nztLN&b`hui zWQjwIh~8+rrLxBRt;^3oX}3OUG@*9>Tx7SP`l+gWw=Ird z_sQxj+kG*BDBdm%XriHBQji-Ua2U(C-tMzIRabSBh4yInScUC82_Ai_#s-haR5VZ> za~KV1mJ?j6{uH3uUr;7H%d~bT+Q7=BRp`Yy_Q<0XJLobA)LPA5a4W~nMnLSoRvAS@ z2~`$a?Fk5v>r=9Hm>Ng%fO^ul#VPtq?0zK(bSd~vbV;$bAE1!`ZR-EEDfi>& z#~l1(4VYXnw0=_k?8{jS=IT?vCaNEQD0~KQl($};2dhng774{!9_{~E5jx(5(jquecd9PU3YFAXE9+M())V%KX--R|G#EKplqvArHFD806(`*T(L z=MoP4)n6*lCHN9l!i)(M$SqUn#w=&;oOFC>WGUb!1^5^W5O>u}0onwt*!6=D)>cAP zr$PNu;CChr%|Y;<3?Zudme+s%x>*5o7Jz0s0Gir4sa(6v@Uhf=$HgrjWoYYb1^}P7 zS~uhA)HFq^WL12r!&bg4DuQ-2;=rd_dUDqkK z2KSySaT!^`VcyX?Sa|6h-01D>RH6GteaOz?IroIR(-4ZA)QPp}dt-a5meZo_F!3Q6 zf3^vZ>t?@!Dr0Y9>4{EuxMipai58<`SWKEO5s8y&=99S~$q;%Yzxl#!Db!)~>*bK3TWeq;#8Y_2l zuei~HIOcAXmg?j!9d7&zVL%)E8IkxX|7QMB>fA1pjnj^@m20iRd2wqL9{m|F;<*S| z4Yj9g&h}4anybyLddcTcQypt<2 zDf~EX#B(3lRfjX!ln`vs&eH&GjAamv!(kduSvYGTmkj9M8+;KDq#5_S_o?&c%afJ- zT(ThleWTz$DdCUtY$@c9(+E27>RDU#R>_B_OwX>z4SPL=nI7cMZs6+(4&&TwBNgRN z&8jFk2{cvbAPvuk&c7%sq15M`v~SyqkUqVUm2moKy`dxT{WqU)Jxx(Vyb{P-#0H|u`;EbJnHK>v&2I5KbG9+4b)XAZ`*8*6GBT5#sm({1bG>+~@_spz^ zp2EdqeIYU0%>lvA`GR(59OSsR67Cj@Rj*D}%d5BCKSp!Iu^ZU4NaT4@fG9G3FN_x@ z2#`RB00ym=!<_1w;W+DL72HVV=i8jj+lYthF|S99HKY{;`syic-+FcKX+N#ibE5I9 zRem+unP+5TqD`l02d!|DCsQ}Kyj&E$+EIM&Hv38G6jgNd`YKHxo_DAK?|C}!Ql`HJp26Hlus&b2K) zE(*P1aI=kf;V}injF?x48AbG558)*E1R(tU8#{PHdSXM|svRzuoNJ_&8v= z=YsGhkYf=I2qviSds@S?;l}+0Hl2^_UcD@~6c*g=4|*kbo5j`jj~NJ7zO1p^1N4J4 zDnu`THmKTYZJ46M-@w@drI~up)JCig047kV@hr@)Vwlw!O0`nC%QjZL$sTtbEekrL zd89E%Dii94T7S1{VDb^qG2Q9Fj)UAnCh7JkJKQag3bW`G&a8(Ni2Ui6W1}>j8`pMlXHzRpS@Zh8Lx7i)3cN9&HLG!M`R|^ zjw?^#0ozao>M^Lkv1fIr7fXb;l}uW5$4FqX169d7w#IdGw^eG<`BqiMt6gn69M25b z37pb&cE}7Dt&wMperZ`vuq|Btf^==kwI!LBu7GpzFs+5KP5yVOffcDG{QmMMMm?)> z5slSNiKU5J1HJMxHYMY4o@T0Ag>Sv!G!eb0xcDWOK_mbAA?W<$jA?jaHCO9;@Tf@8 zt5Mj6QcQM4hD~{V^q5GNEni8galG^0YdV=aXYX}9?$TKOK;`i{-ltZJW>pZ5J)$XZ zMTb*&Zd=2D`e5HYpzH2sb_kM$1z$%cd05ID)axkat={*2J`F4-jW4ZmYP{kMmGrdH zgbiRDL|LTqDsm&OjpW%q>2jir>eIumJ!xJaWw?&c;V!1(CHuD+O(kznEam4Kt<j(~ zv5=mv``FD~qvQRrC4zs(C;WH}2K|_Wf2}$Am(fI0O2)dzq}fg~4sJQnlM-6%iYtBg zonE{vcRr<5d&1y&OeLq>a4UAys|AiJv{RrP$K`8QeH0eG{wnuOfxcz+#ef$ZDs9@- zDr8K|=-~Z(dmY0!i!1vbGER<}Hes|__{hVR&viKZw(&VaE}43Df=fKZN-HYrY2Q>- zJY`k4h(pcrhS6IjBxDoaqE?qDGF#ILOVglcSh^LSTcl}Uy);x;03As=S*Cur_ZerH zg2(EZa)r};1Wupp4b1^rDH6{)4#zGn;5jhMJKV)UF5oe9$@qG_NyUKO>3&+N+|RCc z>bKr8P-b2bCvAvSl)qOwRY7<+%z5@LCOjrhHP38nN-3vlCu*_`nJnpZTEVs>xV7KSx5cAVwDz+x&uRh^;vSZb#*+>*j+Yj^#k`RTSe=^G`@d=|6k+uEe7bfU>9 znCI&AnSyh#C+VHL7mJ!KAG57<9W>b;7vZE!eB{qDl9l7RQaYtYQ?LMZYp3_$d`$s{n|DFPw`W{L=8VS0N>2L;OmwGQ*1oKu(WF z90#G3|in74@&YDA;f;=$-IqZ`2{1NrfNNvbJZ=l(b1Gq+`POOT9qIV47ku! z#83~E_Omh|i^`@`NX}J#s}=At>TP5@pPg@6?>h@wUfxI*#jUq6Q+W}&xKnwx=6qAz zvyUFUuttfw2;6jiti?Oi6Aq@SC7mY0@#f%Yu9uaSDv0zux||eEcFsyarEWp&49ItQ z@EwSWkwvU3r(30P;3hCJE%mHwtMYoeIG^LT2;R@pI};Wafh?Do%WgN&q>b;JK2|576O%BIxp8%NiacL;!Yc+S;3#u^H|<%)@T$+-26R@)(YB=t<*(cAK zZ)7lQZSO%5x%qRVqhE{w82}7eACR8w*S5RPHgd1DxI!J4K)SzXb>C1-#;}kCY?a}!7J5$&hok@kztDoB6j)H#wGBMz)(>^S|wJsnTxh3Pc3*@ zn54-3B<&`txY~zzoW$&O!^BxGW{d|ByqMOYt%#E}fo6Plgmz?k{l4VJ+*v~Rx%SVM z6JNOOhjygqQjR6<><2XLIa}Lhb)I-CpFP-(9D@~5rPvSOtg)AD4%vg6f_TaGs&At#~3ZV^qQ^GPH5EW zOy!F^nf?TDAK-%SYXIQw9vZ-LD%~6Wea&S4Q$vs+=l!2e-2GPyLEE{?3(Lb?F#2lS zw?(sF+PL=QD5M_i;giXWe(t7!zsZ6)Lp-_B_3|abMQvu=3I%3NN-^r9u!5;RTC=#a zCb)(AbQP4>l2(M6y^49}_TCXF_@W`9*X(T4bV@STfWWYm-J(H)b$!GA9=A6nY)Vh7KsDZ$JU1SxlXlQH zt&n#BaCjBotiq*U;uw*#gM4mH+N;CjLU+dl_)f)jn!hQa!9CRGg7?w^PF6r0arWFK2C-^@ zhSTCw)i4Lc4K%ciZ*1Ilh8|D$%)9I7%IC9P+bz|3E7qJOL`JSNRG&omyfNytKy)ESHkA*G z))g47-MA>WS2)8w`j)vx#$=A0rp}w{T{0gV_|MHrE7z_(6c3HxMo2K!N7G|MJ# zkD)d2e$uL36Xw$Jj!Pz+n_A?lVt4j(Iv;U>weflHaWH7tcv`vyb4vK$x)z2jP()r8 zRj6^MYQRPKieQF^b8%E5?16qZ-|{NB#Pky3p}P@;@CDputh$xEVvm%~dgUOZ5M z7rp90XfS~9N#!Fb=*OzTm$1ZafsK9Xm~D3ZiIvgSPumcjH3HyVZ;8Wa{Q#U7Z|@<9 zN(yjQ^w-8m0+rR-CzvOKH6u!I!QzDRF66=~IF26K^(EpT|CPYbjTPU0Cvm_+B?zz> z(me!8OoC^!>tz5hlXgHXoDqVLP{m6Q12D5a7VyTEPN0mt{C*(=I2O%nS0}-TAMiQR z#PGWJ*d=Bud@p&?AS9EJKb{Yt6t9F`(+_+v9^*So2thu8(+)Q_LB!6P$SwSM&b#Y zZvFtA4?xJO6$x&q)Z%aHCP#w}r{zsyDv%4qNip*_tL3X!Uw|CGD&i{v{-3l2Lc{{h zM4Hhf=$X1EGe%6Qj#gp!i4^N>HdI;AW+`dg1n-@c>-2Xbothh{ueZ%~m7HT{rJ)UU z4aP(6d+I2A-NBjfAaJQ!OU2{RV5n675%h-&=&1_NWPF7m9o52Zv2BJu&6x?f7WR68 zIZBvQ>2ylk5$)r&{-fv&>aHB0izjUIbe_w|s8&Zqr^T$r*BhpI*eJW zBe9}EFotP(K#DNdzHY|u!M+Bvtgle_HY&UY!oMnhjX95Rjs40qCUZ9X<1Mz)SE_cl z88%XzB1RD^7|SsDj1g3|L4h0lC3v+kdi`cU{?d_gkpwnxJ^L(5J-$1N$B5WNBMlXk z8mGzvd|)>LA;77VlF9t~nunkxs)9J*MwzJ7MaB2-kfwG8jaiunuQ0zn5lYQrcxBeL z(qu0&c(<_?Svvd_Pm1BXhC6U`aBp2$c*@tTF&{|iRV8UJR9qePi726{0UyGE=B&xFqa!Gw~zS+M#h% zj7YoHBOZbr=8c<+DP;9;21|wSF_u@otq)(E9piHs7)y`h;7}hAm1FlFlpbuDU$kSu z&WC_)4@9-FmVxqTr)h|wC9SJ7XA{Rv>pm7V#l^)_MDY^0?S^2fmlaEK*82h#jkCyp=i@yb&|4#86XPr*%9-=faJQQQ zvi6sEJwRlno}LK8M^4USTuly)4pX1tfr>cU!!;_U+}{O%&}(;nT+>tH4ehM-Rdc7P zaPbA^N1jLK>vbUf(Dj`+eez&*ozhH?w>%pP99Z4r|9W&7&s)AMRsOOk`c$0mr%g=G zEb(i>g)sB4K9TuTB=Fe~966!c6WAfuPi2THglk=CnH%KTEHi?R5XsJiUM6ljcta?+xt>8NC3}dL zDk32!pE{jaFIC=UqnLMBA@+t+`L3IFDm%9_>D>M7uRUQWvlOGbX?d~nrb`?T!u?GB z^=^V1fRmY%`+DX_erhLuKV1twVbvRN`y}_14RjOiR)tXR^RXWoWzo7_O?x1U{4z9{ z9nfyR*~)orzyYRdd%COoOfuZbq8w$VcY4Fk|9;ru{YI5c2TC$(xtHEgApUseOkBwo zK$X_-d}aUk(Pu*&&#gLn&=*a}IOJ$=E6CwurV;)_Vh~)Xt|m#f6Gt_Pdv?Mw3kAEz zhfi(oEo3TcZACYCo&fhn!5Nx;vK+#*!P!&}QK=X85-_;0uoqfAca`rP{vD#bki>|Jk_V?sz z?Jf|+Ye0RbCuI$F){wW%o!*@C=zEm6q@bV%V3ggnw;#W!v$K!f#l{o%=({;Wviiki z&&*x9wM~MKXz-T)frI+j!a@DJT@OL*@fPrgj4gcUWX&O{w-8cMhVw&n?Xs02_bE() z7;&g*oO1;az#C_7Y{xG+J=aloOO5gSMiGQ_b03IM+wCz^2T1rLL$g=O@NDY}5R0C! zX@u_p316lG!(NY>s|4CCV1>W|Z!3qR;d|Gv06u?8>%hN%+PD9-gZ-Z8NHI8|L``W^ zZP2ufS9WAeqOv*4Ir$Klw2D$QlRpGOA5yAj5JPeX!w@((CG7R2GZ833W~t*BjtWyQ zaJW&2Ui9Y(e9u`{$oew6Y8uO_d644^brFU3>b zMXO|laHGm(?)=4Pyu~K8W?4qVMcD-rY<{x3*#^2U%iR~G?4--qhbH1LBc6GQ*|1vr z!|fo?yiQ>=i;WlDo-h_>TN}u53!ShPk9pZPb*{FzTE*Ar_S4DwwIVu{Orz)#m=R{6 z{sb;4<9)%RZguBumm$mP8&}%dqu#c&d8<)|Qd6+JKUIZV*;W{NIUIy{!aV6m#rwf% zP}0TK*zOHe?X=4e!zMo0TC-SZ8tU`!pL)x)n}DXKfBKRgwz{Bzq)ohgf06wRN&#i3IHG(p zU($Q`_|B~X=Q=jDc54p>5T&PM{aQnF29I=*IGI@W9~n})^o}W<&-@*~)g$dml75^6 zS3o_t*9e4p4R&D`0= z#iS873ORFXtxw|}S+qKzWwa_cQProHAPH|!jucYoHa-%kXzqqyXN3~)$YXEOcvxcM zn>o)6xHKoL8?KaYs3dTsDI=u%vn3iBRxV2`P*Xu#rs%ww2_1V4o$?S;c`cOi&D++` zQC5<}r9|9Hl=xsuB#| zwyo(@7E&?hPqfdYzWJHvS#@~AE3Ywt{=DVD(9JG475ET#$>mk;6i;P;;i~JkNXGp! zlNJ`mPRWOk8_{A0W|)>Lz<`FYBBZfI(a|v*dd!$ZZWU>tBF5WPU!EBoP zHYH@wV<(~sqv@Jg`Aqgx&!h<^K%ECL^bPTy3Fbk9(6l`jEET5){CWutgGjBvaUc*fYsO8-0* zvJ!UBIm^$h!*1&0$LtH^>O$IGx8wLKB*%wBg%+xj+#>=IMg+wm*Ca^fBK@(VkFKwtQ)RnV-ZLU$1qas|upw~l8jH1^C; z8CW^fFS1(Osx96J?Gjh5W4UkITg(>gOa02XTU)%B=Mz2+S7?D)f|RJPWaU70cO|>+ zmm!!^IlGmhxzmNSabtH9p8Hc4x9J7GZ)1LsFgu7`o567bvMrDjc+;5G9qfk;59um% zl*JUT8B@UuoFiJC?YeCaf)FulxTk8Q|;tU8J0jmbQ zD+Y3pnoHK`$dfvWGh37$P-I2WFF?B3hzJ_>_sho(t1(pv_}lxf#keyxHz#*z?%sT! zIC?wt{khECdzr8KPLi>`PJC0~W#{!lfets52Uz_f0$?my`_}hH%>m(39?9mam6+A+ z3>S%O%jNrBDaw)WrNv${u&I;JweQ{B(ZG1d`JqLFQ+OajbQS2xTGuC# zB}nIN_EX*(05x{X=cilbzgC*_>sk)@`${@7M4*KE_u-9uDSmUiT%*!%j4AdL1V}2| znbj)OF*i#VmTiV&WsrMC0F3-K6f)z2Y@FaXvT}I1HUG9^Fm9YIT$fp>;pD7^`iDL| zy6{oTS)2sQRClw{Oyr}y@tIUKm}apvyE|XqDn|Krvu~}IeV3lwMF~pAvC3^8L$7D) z-tv|+Jq@eIjS8m*VJ>JbC=Q^Rl+un$b&M5eGVVliG%%-MQ8^AWj4+{=sH`aY3DnFG zn+5NjKk)245Y&HLir9r6f)G{kEWix$2Ttuj5vTUu&e;IP6bhfU9|E)tPP+k0u0}`) z+h3&trj?gQc2k4E4Qb1wALoIjXC2J{?brO${Eh{XX-~``_q_m(Ucul4%ik;luUNL! z(Tw2bfXXyrjr5fd{Q}4xOadmq%^?2Bw($RYOZ3PT86FC1S6~?e5ff@Z=cf{n7*8X; zH6m5G(%l)sPDB8?Mo9bH zx;O&*hI<^;JY1|}D4#V}+}xe?12O4z=fW8QzhNXxV0tEORR?TuF>jj!krgSHtollY3(aPH>hNq z&Dby^IVfv9f10VHW9~BGO0x*VT)m=1LMCM`!IwZ)rasoA%)Q6oP%#K&!LTVO0@b(r zm>Yeiu2EY}Pvf>{10~!A=|Gd_&c{?9+jh%)I^-!~iQj=aXEF5|o;i(KbwxQjsx}V> zO8e#Hqtx!S+4Yuoy}e^0<`H!nsN{h}o%g$MHi0og&{1@=88d{ptz?idd0R_*)`!Em z=c>b*YaF%af~`D3d-nCFI8%!}C<3h-L=bLHpIngRn2dGEGA_y>Dyu>!8_C%E(!t*A zm>*@vbf{dQBp!% zOaS%pPa1%%jY^r<r{Z8^cO;uiNW$E_fI`xPq<2Ofb762K!+CSk1n47+WDiY`}Q{SM?RMg1kYLxB3FT= zR(bfEoPoqI6t)*qwUu{Sc&yTcyY2$LW>Suu*Gq>aJL^sz$afkq@RcXX*@x>1G-64H z+b2(8xd0Kwk@f3bG%)2ED$5oEYd?h+ogrrBtee};sV-f%B$Jk_QAfz8AE^?{c6-8= z-Db|`JwL6INk6@^vQ}m+Ih4DEPrc=cdK8|C)_?i(L232Mp5zzEU{4YtJ=jkO(gw!I z^Mm)(fv)h@At?PO7JLYz=pig1GOY^h%K$C>S8#lCf+vLK5CpukaSJv9G?^7rw=}$f z9`DSBL(l|0yiq&n;AAS$DaKuge^K`2Rpv4Rgb+W13D+B!a6P++AmE0bF}MD!BV-U* zJ;4jl@!Ejf5Fo!%O&%x;ei(N;vwj24hl}7OFig? zsP(E2y#a609D-ur?A1#U;6PjD^={3t20zz~SQUxCS-^$K_d4BN1D3Dn9Q7rZPc3!q z-$bNas~TxD{P|oH!tP>IH}`=eqU!f%9GX;w)Y{I#iLJ$#IRysnR=C5@^64esQa`id zuW_|NF{%f2ZZ`Vz`ehC+hEAMlv#WwE29SxJkUo2-Y>=C-nSJJJaAuVMF+-=;d$wuS z)#Y!?<2E*K`5dLqiZf(BcZ&OTLeMmbO#KomNL$$*0U$<$<;a_pxo!;CO3^P`nCEKc zkXPRDH$SP$pO{C%!*ZXQ%76Pv-MK$^%l`tCiOn}OGQiivhsTk9-crCa{=u03F$aIx z8u-7~CHOs^gx`42KUr4!&4f)iy!3g-Ye0~x@4Fcc7{udEF$jN{^0eoJb+f*LZI-PG z!5eWOj9;I$tZ*Vaoo-2zcA9?HJeJd^?n;SEvdEN4?|P|bxwG$$^28ziQ16*DS3++^ zUcN)aLSk74a(7tS2Kb`}4O}}^+6NT*Kr6=z%x2h*(&C!&sva)qWUCEw5q`2UH0nM% zH)8tC_52Ik5!mn*3x{}$P`c=xiLI%CYW*0@su$}gGl)`7>z%zPrhIu7xokc%1;J0R z`noDoczYOVzp}zY;Yx2lrd3u}M`)J^k62bao^HxN=|{usot9i2C(Cl_HSuSM5r-B| z#@bqJkAJC-kd`AV8KPhE%&3!6J*TQ7{Csq9)SGGds{uNAZiC_N7O2d-QElKBQb8Rf z)rG`F+R8ln+%w9;X3;%2vCP?YO+}h2twLX<7-%MeZB)gU=S~-1fgHs}!N646sc_-F5UHxTweyVALA-J=s2QGGkk;Q( zIkrKx61aFO;0lX2w{Ik1vqxWYf}S!O3Oa`E8CfQ%A)bL(SX1}t^tgiIlykTc)Fo29 zmfJBLmum3R^37t~ggdtR(UpFgpBP}Ty@g{=MMaC1LBI=r_kd!@W3DIPmOTE*=l>MX z@;6~J&s{RJIFtcPtAXzqaY~^tDXi;bylS$nvAY!piFTiBX=g=tE&K+Vgsy}Z6Z3gr z9M)6@LFXImc$+7W;`p-`i8T%Js#(@TxjB+pzvx9``oJ#c7Gid)u{RP!wE<}A04%)K zO@Y?Ofvhv%iq`P-8Zv!sS$gPv_v?B`JHGBS^WkJSMsDbpyl-pUCkqB)*Zqwu!bY`M zsBCAt%#QZ1tOk{NcwX;Y&r3pnF{qn~P%jF!L-UOGbb&yuV0U$WHa3L~ zd6rr%MYmjbTaqa4uLZt{w>EHqPYAe3>L+CQ->NpSTM@ZWS{#}p?l>k%RQw}m`Vlkz zk!#>bJhl%&1$$lksbha7z4l+nW8aU8p`&cRoWk=FCUMUNOuHnVX!`0-z2|H@iARL; z`0SDEvK(5VhdPFdDrFfspJpj7vb{0glE}z-#uz^AdG-?=6gPc`6MfCF`~i4j^Mf3e zsYbtM={Vho+63;<;#mPpZbsQ@YAw+1K1oxq#+|cS3)0e~cF&cAjg78EUdd{Iz{7hi zgD?8g1%9cl+to~gcrYr2HW%lhTRJFwoPKjMU3jYr?0D~KoIzfL0YFAfsmvlUPW!W42V7=<)k{?G!m{dkbth}dQ9!8;s+ z)B}M=dYk9McZz`jS;@2C?8EB}ML%}|8X4c!pOazZOVC#L#a3|XhuE2jlb7T73eCQMaS_urteWUBUQ}wMW(ZM{^^WeMTbxls zlpW$BM`&;jnl!dgsnVHbI>vAG9eYkA8=Lk~m>2HpboUXy(q8+A&Z~w(X>4~Ysw{5B zbSiG-B-A*9sJ)$Ukc;lCnv9OZv~e!ZqiWb^AAvRq@yuPeYn!b?caFzui>P5)Oj0HG zy`Oq_)yGax1;9^8>S5!gZ)HKIc z%(OONkXM~?2=-#B0o201Vl$~k^-F6u4YX?v#@Fsx=$xYEtupaz8%y!KO&oTR#9xw% z0yh~)tVB)khs5`HKySBvtSddQqF59zto+;|2>Bo(qcTb)lZB}0KCe8dqw!xcs{+LOztKVa%^Tv6_x*Dmryuk6 z=lS}Zoq6BmZ$i=4_iH^}cy$5;jiFb-1;7%=eOLCIO_pdK{A*;A*EO#$X{kFhgcGT|Icg!3W>7{Ti=!w|H$Y6q`3NT-dhEh)ivY*H|3At ztq7>23_HNGH4$V6>v^pXK}YdKxo3OLHoO=7-r)cQ|W?4^J(ytEHv-*%^JIUR-C!D?ymShRQ*$@%%I$o%zNe`@FH>jT0PqN&?o zM7Ii!{(`UhAw%;EKf*sUz5Gud`)~HLA8n4G6wQA#iuhBT!|FR55HM^YBFgeb{SHB; z)UjB$X0}!Qg+kn8ts|NT5q$a;QRALjSCfbtPM-6weeA{=+~ldJ(@AMSD=CrQ&K4>z zOIbj3kA}=!;TncKsI<dMskp3J>>u z$VIWHwM@Byn~odSw|OVk0mGS*SxR-Oi$=Jt_H97o$QsY+l#u@&(B06`)S8~Lyu4sq zke-e=If&?!t~$FDukyJ76=sXOk%}vd%a^%$@Jw37`nV}H4Lx4G!Wd4f5N~TO6!$U7 zLoiv#kjD^h!TH9aNjTD{ShSs zfbr#Q4#9NKOH8x({eVvRdB49`Mf*8Q{Epy61~fb{g$n0%mpTK@p)Pc)Dze$WhSTst zB;{(jY;1CIR5Tf&-O}w^wy8C%V}mRU3#(60Lig4(oL&t^@`#+N+c3LIp27Sn_tGN) z;!$}PG?D^#r7yf<`atE9N-v*S&AD0!_7EREbd+B28^uO}whQbAMrxqwN8~pl5>Qsj zex!9oV4U3Jz*U5Ep~%kSiMw6{^a2lQP!cZElmOtY+Ml-iK3=0~egPZO;Yj$_yT>bXbEmdsApGVPQz^(}66<#qT& z^;pUoiJ#02_?zVRkkzp6a_#63*0R{qgyH#TI`>s>}g!REK%B+*H1dPE_4W_*YvbEd~*+^asPFFbi@2_`J)$Eun46cI5l$C7>q?8oZ$ho zd7dw6-zhyHr~L&#XzmVxK*|8LUn?9Am`ueMP3aaFki2}t^g4#2f3Fk(U=THQhQ7B! z0RtLBThF*;CV-`mK_keP0~%BKd(-1aFJ{kn$ znhkIY7YC|Ev$M5HO>ZY~tRxrpAA576e)ss%6UR%(5OL z2>J9h$t5ReO7}0xxH_`fvr088Fe`L-$Bi<3s~5EdgEkQU$YWcG02xl6>T+9;gtBg% zFSo+gR!>f>+O2iaS{1N_sIpuOwYz!nK6u;cC*hxOKsPo+e@(?-Q2`ol|D;0XkN5v( z9skEX{`NZh^(MBu`m5eh1$hlv0?UuPb;)9n{WHCe>HO@>H@gveE#cRN#NG3MqlJ|m ziW^Sb2M0hlgi~=-gqRaRd=|O?RRj7rq0Ilw|4$tF3v+iTv0wO#1#N9XqM{jt1qxdJ z?u|a9@U*}Z;QRL-!G+y$T6?KO5IfAYPvOL3;^2;NmQs2rVriJwWXiHOS$@5w`A7$m zKpMsvv_`dZbWgY592ZzU+_)Y(3TYm*W8F9E6_vaoNu}f5M%CS&W*FAw^ddkg^s?>~ z0doG+N+465I-ms8I7M3v!GxF$u1k$+of6d2RIeMjzll)jew@)2ZU_~B`1nY)#Bedu z6Rx01X6%EtfvP!qu#k4LZ$oQZh&YP!FrTIXc<1_H6p6 z1qHFUm^nmFQ3e8NMOyc1=DvE)5qIX=xu)q{IuWHip+2(QtW#tz9LB1+IuxMkI|>g( z)auP7i*!uRUCiGlj7Wtoi)R=mV2Ii#UAIhMyt}iz*HB9{U0ytM5t@mCKa(d#fyqaW z8|;nj%r&JQO=K;uv5cy-8V26+x_5n0e)?YBhWD|%aZ<9DH#{lm_i{v1E#&yckR7EB2Eh_ubJ<$|-c4q|iQJ){RVR6LB5)mNGIsv?ON$OMSZzPb7T zW-;f->)$Uy{&$?~A4&f|oAd+jF5ewINv~sOij_ba;fN%Y!PoodhRY5?CrsJ2L^XYs z{c`RTWxB?`zl{#1tqPPKr$F<8o`f-=Q)%kYPT`W85>ubb-+k3SlS*eDhn-B4cohF= z+_3FRP+9_m5~xX#5|;TiT8VT=?oW9CZ^Tsf3%|{qL4*IxH`MQO)BbUc?-LyTugvq` zGE;tNYW!JK<2M_K8ghNQ;a^Ssz9%@69%KOcO3`K;(~Jtv*sW!vE?%(PPBM0Td_;Ks z4e3}6UYATyXCUS&_fJwQ za(hDyLK7oaZE4>Cb%GJI%6^ROW@L!D{qqh1Dxc1TF>Mk05|m@!H_U;X@Etp%KuW zA@HYeEgym+04s{0{(Ml(M7bY=t|M^=Tv$Lr zHwS|ED*Hbw~f2nyQ@`G+8GK(1sW{}KFk#K9op z7E$V7W@h0pv$CE4)u`sDnF0SiD>l8CSs*{pOvF#qZB%-L%;4uK&-i(|hYA7k)c?1E zgWb!LpuqWO-8kupl-D2B82~g`xEu*HuZ|Vhmz@#{*)b6#v4lT?|NOc0hmhD+ru`7S zpZ5QeQ~bvlMY3=C#??*mh(>yx?9@wYt6(h~t7yG_0qQh=w|SBW2pcXe+VK!%lDf<4 z5|4L(4?K<8Jq7}pu0MTI{%w}S{kOI{DjO9ekAiQby&jR--peAn4gsDvlGZdMk6y)u9ppx86^vhr zc~y1{&3kdvC?1Sm72OZR=hY_w+r&Qn3n@tP-)}km;?LK0iGciRu?P2v57 z;Hwn`9|3^U_3wN~K5Oq1m>o>U*qklI#D+?K@?i9a6g2(g;3b9FlhdlGtS#81=OuyBMbjMxB0s655+cl8^`alG*CJ$ z4b~VMA@^Rumuul4ylMW=CTI`_z-gtpnNXN-wiM8Oqsc+!bftihVfk*6G0SF)<4a41 zFM14*as^=g2?_Uc^6yn-E1d*Z^Nsf;VaEZB79CH(aL^fo6Lt8Sot{_zazND!pRNP) zOwVm)>+Qtk9{vN3cI12yK}(dNhCiq}2(>RXKdFxT)F#CAx&Oms_$sOZ-bfFDf1F?< z93KPH+2Qf(R{RshflI{hP$8FL?l^d$Ac+9zrqA{PKM_yiGr^+B1^W=dnPL@4nSoH= zUjT4*NvjscGXeB2E=2w7jAf~d0ei7A@SaqBA_O0W5&gwSM~lhOIt3K%Tt) zWsu(ULC&K?knUTDT_8t~(F8;^6%=r``=T~r>RQ_zXbYHD(Q6c*8sb`F<-7Z_on~s& zn0YECK(^V_@GqMlkbQq}dY(M%Vd!e$|L&&qqo~gzZWDFRrp7D3m2lp0OZfkkaprw7 zkZaC7V@+Co1Y1at8Q4uNzeRuIg_XuZ`83%YFbKOJKTp&hp}A zmc5&=e_v7@im%KMA4&avQg1|5O=hr@O3C&2 zVtY*P--|nne_Oa!s~dRL*G#9ASgj2J-q|tSvkK z(p;873J`Dkrsw|mo)e$e7MF>T9nZ8})){@jV+)<0sJZtP7yvl2|49S#*juCBct=zF z*5}N2t)`Q^`L}*2ZB{RCxVzeC-c=q@J{FN%XI@S@um3x*46xjfl^E>~pU|%1R5TB@ zyyy=;R`&ZY2uRO31fpPddZMEJ-lrC)sECHb-}!j~z$k;guvagiXpKYkJ~niI48dUY zJInBS75YePvE(sWg8ub{4;NkXZ~d-o_Vrql8s|ewcOlYK=k(&UohmAH^k4r@6i>dJ z?M~*^iHiHdyDd%?Wk$dA&j2vYxk;mgA|A%o7cLLcVCT8Q-}$9u(BBzejbxU2*nab+ zWm?ZabHv{Z%lW4ytAF#W@R#!X_oRXSRn+Di=G{M*N;HFDJ2ysrx~bdnK!x;`p%q;6$T#b*>I zL*Z_D=eA7pMKA3A=PmC@Wl0|0;*?uPu;Q=bGUZt;F>8h}i5%N%#ldYmhZV4$<^wM7 zlAzBz6fs>?FC+IKHG)pOvy+Nmy4pzu6Twop^kXjGpItHI%#JYv!HOY|Kwok%}k_)VTwf%?pFCY{f-%FZ% z1ggEC2%AiJ_?mp!S$o_WIv{y%__y3CS4^f2=50oX9}sm2*hU8BK4PULw$z& zT13G&DljFtmHC9TjXRWtDonKImk*OuH!e zz?SH$%E08((P2&XyC=!T+BdH)6jll_x6NOoDa6YTif;D=q%aMY8D9HR?H`geVbXE= zCSSjC%i5pG@6;f zgE3atkudG<%QBpqDx;g&7<(lDMfv#jZQ-jJj-%4jHj*C;R3 zJMnz4&X=b;q@%vGrF8!N-kJVUyJ`An7flzce^j}a&*v6PIBTzMbMLPf6m)!Hi-ZCb+@6wO!E7X z?L?)v7hi^XiMLJbqr=!~>(uOqo`*+e)&7m;891b9vFzR{(z9oOiVlhEl*oF;-pMdp zmJ-cMP}n5J{pPvl%Zdt+1!Drd za2Y%_9nOdCcb4NAssQ}^4BWznGN(4#f--!b+P$!Fdh<9F!udS?+RQxM9^XrxfQt)) zrXz3S`H)SuPM_RV5$NA@m{=`SEzGq)N{Hio*&LRMn=M=Kp|42~xo_l{@>;gd%3B#o ze-0-n6}_^?yCKq$8ZZRsLbCw7i8Sp%IBHYfoGPBcp2^93AgjTYZwwZcuuxXPFZLk|Z6d>`TKOA@J8{Ck?(L zc}DSj4%;<+)yrky=~gw}YH3XU_TxB3Vvz0=VSIi@x!=8swL}Dee*-Psj`_7TH^wdV zV=S@u0?y?4)7D?K#tmk1m@i#NGR2EF{95NnvDjuiMiiVe0DhB)Pe%qR#RqX%M2Nhf zZEM3F#>)jOWp@>b5xTGsyI0@R4C)v}2A4y;7Q^|=JP~V6S9Nra3hPe7l=%?}dZI6d zV_3DeVnC!ilB5p*)(J_)0%aHhM!rAnknxb?@uiHDh(ES*v`A~a! zK!JO^6SFJW#tbs@YzfTkk1TH}uRUXP39Xbu8&IKP9iE z1bNbz7Y)9Ra2KGd0T{5t38a+chzmKI?qZGRe9Y3-+%0-rEw{B#Ca8?pUXx4GlLk$| z2L)_rpknrL3!oUUJLF6XCXL^{NJ`o6O|xHE{J6H_Xd~Ks z2!Z5vO~4jg#t0~(ie_QsD0AExD#fRHtj#7=A@WW3Ss0l;w2YJXyT<=43dE05dP&Sp z1TozCJz&2Xmbzp)*GyMJ?DrFM%~K^S=Z;Hk6xas;o)=Z#(N((@^<+qX!*fJAl(A;i ztVe@Yv-92ikGgpvQv>*8cg#QrQXBWY6JI>MF4{S(T&&h#X8aXmo`{x{KA^dNTIahi zo%8w|s1B4#9fztSuI1fGZw9k?mg?X*5~dnt8>-DB{3Vt#i83@OP4mDdcSU42@BxzY}20`0hx3KmD0jx1IK5{2~?|2#+#nU5ff4sh0$d!+b=?H)T0d$~9lz}TO+O88%A6L777L%-^Wh^I5wiVx%;p!Zf z;qdF<@tmXks9A&q4iy_589EXk)YH-6{oJhNjeOs+^wBMeBg~)gRvp_kQ(wdQytj3k zy`el;%n%r4oM=*jI}2sm&Nnuy$WZ;-m5Jr4c{03ij60awtlxA+zh=rSXK39;}d;W=nbTK&naU+eM=rQwDT_&Ue zps&s4^S2POUzC0k(*Cxl*lES{)?l`BjUDGg4bNTaB(j{C9a<2$yAr7*zyy!LC82r> z;^D!~i1c6cxP^^m!LoxEdndiK(#I!n46-}SrR$$g*%xpQQHcNVM%|#mGfT^V1zt6- zWaeYV{6zz8+#g%iS(F$shZiv*-jo@*4&=}=n9Lseip;bH){O*o;_Yaa%(Mu5Pu&E` zFYD@>K#?g1@Kd$14bHs{s-S2AfM>YQp?5)Aya-LcYJ>Y`N_q2O-IMO7bm}+jt%R-g z)IB5_EY|@aIt-;J9wD?9Keg;nv?&dEmoPCcOxn(7_1KCYRLXj|3-4JbcYVIPZIwIejz^(Tjem7bZmYjxui z^J;xC3&|2~!z4*MHR$3f71%ci`thWg;H((95?U%5uF(h--|t>fi8MOc50LR`+=>Wz z9P9Y@^v5k*e=U99QsZCHM6e7#uP&?aHm(@893Q@LmgnR9_UFYrNKM0<{dB@(QAs8jKMv!Xw2b8{?l`=OHuuOIAf@@#TV>aSzRAghElpcC|Dr!Bk^;|24+!Q`w z56D4t$DA3y63nG_pGHFOwEG9sg&4GbtLm%ql+>hX|l#-(R^ctV-4ZW8X}OL|~7VKbYn) z^itc2s+s#X_wt=N21$8Gjpb01vU`jS5tT^sIBaxQ9|!t4Ih-Q7*{9DG0o*+sF`rZ6 z#2B+5Ia&0KilyqlRMs+aqY#aa-(uH+6MK*81n^B<5<$XQJZa3qC{2a(S47uXyv@_$ zi!BDRa#)NU*CYLntXC}QZ|W%)tZXOL((pUu0Wid92UyJa+RtT~!?lj=$AL9>3|85_ zvxAj8Z*m&Q@9MenzNCZ}Q``l<;3+UhNmqQk{2WCax9}8c*nu+3`M!iMQ&S&>t(2`) zD#e;Q*NH^+hbQN&An@l(WCY-kDdYL6%N$%5?+l*LbuL{oOLLf0aqBQO5pQ$1b2WLA zwMCo5dxQ54v$-IB0T!AWj39;G{Z3F|4cPBFs`IS$j0#l{TR{6XW4o+v1jDg{>0c=j zGf=r@?+q3tC&2(Wkk}WBF(yE&fPq8RPkzsYTZ+an$mlEXXln=LQ(_rif5>>FfXyy6b z1NjY;$SBsfUcyEy;9P*YR{8fc@L8ea*BZXkQjn05rz$$Xq zXDVf%OMLgg?2lEkeMEF1lkjr?E{p#Fq&=8F3YIEMJp=2`VO~^5Xz6H9tb8o|e%JT} zVmt-5e#9EX6B1!T(LeK_ET1zI{(5vO@f2cK(D5}G_X(8FQ}_D^FNdsT@SyB`=j$h? z#zmG}Ddrm@TEitHF}K6WqPYp7xKmRguN>$&VPN%&qG2b!KVS7iW^A;mlv%k*J@f06 zr)2eil5M#}N%aK0EurG;`_Y_NEPGc>3&d~1JDT~Yv)KIMugJTf?QVPjEenQKkDr~4 zk{Tyl$N7>9MIG%->^j}XFQJO2Q``BJMzc0`ByJ;%P$r#SvsJl=!{6MRw{o^fw@k|N z3Idp>6p3hf-pY0?Ty1#&C}L z=W8*MECyi|;{&|=&ew5yt-uq>A4|b&_vh}+5{{mjHVm&gq5R%8>ir(q=R)YVE=5Ve z6@d)2FD-C9nhkUs>re28bO#>@g4pXvpx9Fir?qZDAgw(d_p*JRUbRZcij+=e~HxY<$i>8b$S~ksg zp(8AHo>pYPVDZaFWmJ>q9{2u88tPdZGf#`6Ha|FKH9#{k0)aODGwt1v=LF}4d%N1d zsR`e=GL#=I>9;Edfj|uP9*7)mwlI8ZbhHa9XQGdQF z=DSIk-)I8@6cF{^8{A-4BCR2VIpzcM>7wr~{^oJgvYWeJMu#{HbdF1k^%y^A%#Q2j z=~w)2!O*;mDD?HYQiolRIg4xRCcELplPXrzWE9+HAB4>Ft9&kyJ_oT-xg^|p^?2o` zsUNohN+21jj5CUDAZCfDUvs{x?l>{x_~=LSXwC1s$y&m}l?v?i z0T8(vrlND5wQDh$rXf=9o(Xto`Dn#Ui5{&dlezT>Uj+L7PU=Vd68Hvj>D6@nuW3G@ zNRDmyO13Lf)9{ka#@r>!inFhkVZYX8GCvk$-cm zojff`RGM;fS{+RTD(3G|I4UBfuggo4?)ON2xncxn&oLY$J{04cc|9vmd#VTS86;HO z1|oMpm*?E-Hk+VQC!;NG-{v0g#!Fx%h&Klr0g=H{p{(I>+jyUYu^)Ti4Wf0{4)?e$ zuYEab^r)iC45;Q!H3ID6ik9O%aYF!(6h$oU`L#5hFsPv!~bngHoDnRB*Yj67{XZCl# zC!%b@88I?%S{#{TDJhn$Y)6-zWr5==xLODBI}$?!DZXKVtWZlxh&Q2}d+us&U|Ml` zEN{4XnRWlN1Kls-)CVB&EaNA;NUDV$Ty(-gTd(&}Ly5w3h(%YQrEs;GI@7BRg@MUu z4Q>z(;{WSqC6ccdz~aT1Mz|4iKT4+`;^X<{l7=;-nuYBSYrJE>b>)aoJWn?qicOc@ zTBYX+t@d;{A4MeTvTAE>X7K^3y6m1&^05aF&MN6PO3TjQC0_4$2;^1y4bpCH#mKWB zfiApKF^j2Waa$C#j{Tb25TZYwVv&IDU zb}nl>$`9akY+R30HCE!5uIthRlj8`S?+93GuFVq;Y2Ns`81UtJ0i#_Zzg?$x;}Myc zS}=9@&I>*MB?B18!9LcU9d^oAoXJMURp#xct_rusVkjq`-mi8arByrXs~$y z*?%HCHlVH^ZrZa1SJ@m$@)dv8GqPs#c7J>FFxwLc5p;7@mp^`!^Nus_r9%1^D8l;x z7vfB6`^$ZX3}-ODGr6&iFWi?D7JbV@=GPy{UDL$*?HfHNovS3Tvym1qT6Qj7qJNr` z@N*c66gWBhkj6Y`R+q~=O1KM$Td+~dnKy7{HbFd)eg-$(lfOP3%1A+@C-8g*ss^(i zjb_wl!#m8Old^(G@jA8rwUd!Gdxle5H?XDOa;52C64HA~9-&I(miW`~NvHsV3J}-` zLoTv)^|ocIA3pKzS>j-pR@kCtemBJxBbY~ajSdv<#&+U!)QQhRgAr&x2(gLk#LMPk zobGQJ%{Pw4s}6iWw@tn0>np9NoSa~%ic{n`I)XPR%-`*N{&8Y58p0v!?#i4R5T zQo(iRz?%D|!tL`x`*H3O(dg)w3o-c=?rCH5y`*GGNYM-bwLgu zekN{e>Brg-iFly}YqloNTTENXllf;p_1}gw`Z;Og?Ymb3#L57p!8B*#_EF&{FoZeY zI&XeC_|J#b@ra0CHbpZQQC%rRmo1ju9MB+zpupW3=LkFmC4g(X;`feHW=u;_-enzO z;gvE|YE-y>-1#|pEz|#vZJZbP`FK`>E-nq$i;5D9gU+e+8!p{nR354u@&5Z}sT{po zq|iSq`sir<_+E$Azslt{WF! zko@GBdk*k5>*g@y7Wg&!4GmR#{E#31DX{bT`ZuCD^-G2Alw!mi!R`$fY1_cJn&KTC zvQ*EFTIYg(ggtyt$vhrek zqf)siVU9gwEAj5?%{j8wFWLxtv>4(Rv zJgJ6;AT7C8e-_3(y^4tBoV>>$+>y|9YB1%!bI5#mRMgA-(bNPLFD6DSTnbzAzg1EX zej9^TVCUmkA|Jj6|LmhH_b?;xD3kIu@w<34re>mg8KcCkHbLv|O&j`2P{3ryS>RF^ zuD65~hEe?%VELoy75=;;ux8Z>0ut)=_Nl)2BFa(TkACCTOJfi(jV_P2H+Fy=ctD(0 z8v^tDSkDfhg#9KBq*eIYKpWAwooZh6q)M8}NXsvLGbTcZ4Rgg4%?mr;oKBK!LooAk zK#BQ)=WY8#H#)TR$0ms*0oQ2V4ux;F8D1N>{$FLuMHDg0(clWndfAVZ)fOuY?Ob!VOJpHeYs}|nd8c5@TMUM#3%^dowtYF#J-#`086j!RH z`nMkGCu_NqG5f8)n4&z1&=r84qRmH%rjzTiQz*Z}EGqGcaGURAd+OBD(!moW*Wl!r z){Cm3j({;gLrOsbCrc=c6Ra1D%)qU$U>DAlWu8B)VZVr9XJ=;;6*241wq}z}I_?|d zX*kl+I$BBmRT6TF85lL^nXCjPY|DnOI6llCBCa#=sJii0!_>-A-B7VU8{2A>gR^?=|3NxLt!9d`tB)H*i zlMjFUC?1*KXpd%SE@Nd{w%=gn_*4=d?wZ__u120E7E2fu@R)(B@B71_;y1F||MH9! zt*%qzj^g+lLkf~iP4gFIC9)!VR0gdThDTh&eB#CfOI48|*y(7L7A~_AZY#>6SsK^q zdReLQlU-7Z+2<1#$FzW*fouON?p0($v|KaUsvOUt42X`$RJqi%+D` zis3QRvtzp${!b()4D>b-^xHnn1j!}hwZrqf-x_(U)}7t{ms}h>yQ;Z4PPr*pcv5QQ z$Vjr^X8Vb~R0Vi}Yrv%QQ{$IXIL0mvYbu@hCjESbT6;gJ-jGIgKT%ic8MR{H8zt%V zT$}17j$LFWqOcohf9pRGkMShq5Z{F5qn{RrB&bF2cm9b6ADd6afWKEFpDhMQr|L4p z?cJ&Yng?aW&YYTj$OiGYWv|ut)$`Y`ohh~awx76YSN~)AQGaPqJ&`x%uXsn7i*@zt9tRg#9gN2rCZ|Gpqs`iH!Nvtmh_D~aqa0# z6VS!ee-mIO{~wJO{=Yi5I`fxM`7)^HzkMV0rniZ8@iC-5p@KLJ{k~~=8B$nYnR-+2 zX4CXVM}xJ^&R>YN;0-|Q%3#v`()%A!6?c!G?S)X@lPLFjd}9uwLmJ!UQFqUUL%o$KDX2p zAb}}iG81sqo6Rk_=+VlEXs+FnhqFy>Lu3epi9PVaj*1u6WTfOLjJPg;Hf?(5{HVHp z^IC(Dh5hYd&~MQB+j`PX86#7`0COC>u7J}Woc!Lt1{?EjfKDpgieLS0YGyVJ6D^V? zpafOt^)tQ<|47l{$chpNys_(ro5$AxW)oi(GjrSb0}FzTJteBMOLBg5N|F|q$)se7 zD6$`+k)0MOUott-Y{TS}l3B%i@{d?)qlZ}zAl#wR=5}YqJFkmkU(>B< z&YQ9O`Z+W@nMN&-ynN|l4=%@bN&A>;JTK0w(BEwhX13MB9b+}V+k7EO&tdo&>U#OY z`Op9a_s6@S!Uu+QXhxzL%JI*(&z-t@A`mRzOzpqNGTykEJZAM8HxfHTz0_OQAHOXF zO)8ZIOwfl?qbzX#`C5EumfQPci>_kJRNT6kuKS2)p=b(-m(Wr%$yc>4qH>nOO7dqC zuQm>)0*iPo@=N1xI?9dhpTECk4TtrZcKHf>)|B-B zSSVSw7!n)$Ce)fd*rFHTv4-NiubL>_N+88+jSvyg6*1+Y&C?tpzAU>B_f!{E!FL)j zl6#&;xW~U^lad0HNF)pqRns39{r!D8H6!C0(qWW8^xf!|DC(!-78E;Yb=VB(Ch7%P zfWXzg=z`1maaAI7*4pst`FWt{*Hu&LSjmbE$3pu_RBvV8W>%kEiQ49II+z()8WbRJ z*C2Ml-ut2pzRj|gJwCVoHXaEV$Vtx_aup)24N#x|jGMBYkFk>A5Sd7ESSU8>g|-R~ zHG~jb9B6j-+^_$h>}oSt(Jpl4{A7Zave19%Pm+kr@lrJ9?_vbA^Zp0e&M1Q?>|Ew= z>70t1eqhMm?n#HFy=`T7RL;AtuM9Duda?SW&T_cFRwV=@Y8oOi!S!lozP0gx%ic zufqjGOq1b(Zoc)qOuLi5BIY_{`xEcAAyy4S_Hpjon^>)a(7t^nZ!fOkpgS7ffMY+t zkBk56D5(|uxufngD3g-mB}4cHioq;qIA7B60E4zJd1rca=`s(U@cQEIcMi}L zs|oH+)VAs%FUQkAgQS@oRe4T6G7my}j9u*CJg%lDeb1NXA|7+oXSP@{#ridEwQ&` zcWzQjb8vBe{L_n0N{^y+gbkSC<4g`1T{fqJfI#&5m;gPT26vnW<_Et2XkAi{d~k&|>yZEW<*j}|C`4QOo&G6LrtzR) zDe$8f-`tNgLWhoQBs|>nhuJ<@Ebr}K2!^DE_7s@57r7VSf>gG6mPJh&O%Sv5dRh6j zFIkR}a(2}xc6g^7d9F5J^@*a+O)n6jd;dM4f;mp&SH=kp%RIr3M#(Px`lLcL+57D% zRIGM_d5=DViD<+J6v z)72klLy_i{=PD)tZ08NHd%)3O(t5ML>%rX$6@^xnAFX_;!(+lXFDxkH*MX4ZVQ8yt z#s3-TPOBW$^qZ|RX@6pvhDc6Gj!ie^=$(LuO^Wz72;Y-S{URrU`;Q~))HBi7gcYb! z+N$!A4ePt*3@@W3VIvNI%LrUGK!5=2nwKUbMMZ;2r9X(LbMDYugypVC2IoiNi9EBW z$=tZv5}cMZK*y2lAV3e)V#lI1mPGsm-|n%W-`Yk$F;|#Xk~Za402NZw`;{}V*a|ok zi?k9<_e$y?&@#=K^UWS%2m`4;dtA*8F6-Vd@?$anoEz7LjjSGN+0H5dhg%^mY1}+n z0v$cl1R0kfE>N>+;0<{{VQf?yYBv``DP|jT28y*dCgb;>BYuq7C|+P?v*bKgd76W` z+wpU$G`{bc*CrMs_3=RYPp!}$o0oq}TpSfpuh)z>5;RnLHw99V902pW2F`qxO1x!W zrhW1dVwOH4676ZfPA>o2-uhK5>(D0<%cnmO-xU?weB539q_oE|lMIhytVMSETOE4h zP~PdH95;}*nKUd%3gg~B6QJGaznOn=X))hi9+5xW#P5Vo=#f&o_ft5gCd!7kn)Fo8 z4889gi(sN;tRBfw4{FN8l5bxk7YsmA z(LgRHF$GVtX_Jc!9P!p(SDmk%3o>cTk2U_$UNmlu{Cdi6@s>N;WC}(h!2|J~eMt~n zc#P+Dm<6z-0*^E1GX(Efq9(1WemolwVblypJcYoR-MfsxnhH{%kdwTY(=&fS;Z+m^ zzJ_xjU#JU=YXDpR7(Tf{Ls|h^ca1o4gFnb z&VHQl!R9*m{L*A!E3W@rcb4FvKoeil9C3ZYgQrq2{rtxwsvv`NVv~l6R^&Ff%0DFT zk?fHiKeV8j+Mo`iL9kp+m2!VQXoq}Z_Ab%f@VP2Q%RV{zu^yuEvrBgF>XQnJa1VdK z^HK+PeZ?$p^gMj32_s{tf4u>b8xRE0dWpRf_4*=wyN&UM`R6|)F5Z!WMA+emiyIZV zW;^i{?2!Q$@WQDf%311a#wJ*ur85mFz2 z9m;xAj)r_qR()*58EO9&jy9QU~a*8c$Dr+ms;$V{~ITD76);SEo6WR1o}L1sCb(oiBAzXV%r3 zH8m$p_N7i)T-H)UqKaF*QSqj}WM6o`a2wC4?oLXI@zmPtFm(M37xz;WpF;^8B28Na zcRp$hzKK6iX-lh+t*XBrBzw#+dP?@hq|z9h{y~zOK~If+S;2g?j8)k@S@&97SzIZP z{WiX%hP}Abth$ZaNTzX7(cmoU^@jxG`CIn`2Q}1}SEBW9vUR=?kBHA8`v5`+T5!ew zBKs{EQqI5+jbHAIy4jAWC4SRnsv#d%)MrHs4bsGVDqp9%Xo;?zG6X_3VHB9qq$@gt zGM-_$jJ>U6UE*uqyiemZc#8dRrl8Mf)5K=M#s+@PoF?vT>g7a5L`0aFX;KEa-3ik~ z>;z9UgJmgD&cFb8qs?v)>9+nYNNo4`Y}>Icvs%C;(9c^SY`?6u^h(hOjOpHZvCKD} zOoYz^47>T^CF>a~3yl@Njdo(6wVrQ1u}l_xPU?9kj(kmo2p&r+x{OiNJ>q3=y&Ov4 zV(GYvDv1o#Vt%cz>|T5JtrSK>s*{mx_w~18G#)!!5+6&zmYD#w(ah5pVa4w8+qtv^PrK0>`~lD;qs2Q_Ez(ovz(i^0y|VF6(crD z^aL~r#K6qi!TDYxRsI3}6-z|Es!aVK8}Ui#~4@Cu{|&p^0&cpJ@2hvNxp^4*kU{8=hIkItld z5eS}Ea5nP98fH)YNa4L%u?ZrNJS9H6p%^({m@iRsmP;y98|h74kZIE~gB!eCZG2$F z_r|82Gv~H2Vp=4p*U(sfnoqm*63a2NkrsYb86^W7cM=%Rw?)t;B_0U&jQz5BFXbQR zPj=59TAyL(BO>C-TsV!ze4W5v{&gn!e7sN6lC+rG75^8DE|V*eaVHp1I7Q6G$9X>vu&!gGTJ(I z-Zqa$lxI=Op-O$^gX%Ws(m5J*L%%Ms*;N&(rn=fQ4be7|JRshMA$w3MYTPnj!K6q1 zP9DSu;;Sdc>ZXE8m!kMRz})z}srDw=Far%xI%hlJz0Iv0F$-N|1NR2w5!gfyn`d54a>GDRN}vT!SZ(z^=*Nc9S4!f z^WnZzDAUd=`AI{9v|Go6^fbv7K;R}ZHOoYS7?oB;qu%Ub%0TI`;vAVumXVxsw3W(o zR!I2=d3HVGx&mU+cAcyMwNwVAP@b^3*W-}ZOWI}|jUE`l*uEH5dCE>j^e zagTM6S;Lf0LwkM6HO21T$T6@nHjn#;m8SfN6m6`|P&q>ik^!~Zf}i?vMNWl^BYN5k zgJ;V;E=i#&=D9!q{B;ARyZoSp_>wmqP9&}`ug?mRH=59T&xlyO1IPG3{C6)Slp7ul zeC&zNI=o{4gvkPKD<^z_^h51psh-Qdp13~=@n_aZD3l*}bajtaJ&gW9#3e6OR(unB zHinA-YHji$Th-#*&9tENET6hKZ0|J>l^T^QD|Q=%2nB#1T+1Xm=(ESujOg<9S>jGd zbm{AIA96=^dt=NV=+kC5<+aD?ijK{LjvUKDWySnex~}sIkRg&lGEafmV;fHrR#9)& z_ab*mPbZy#kxk!J@QuZw<5Xvb0)1RmVYFCHXiHN?+@M~n=lm+}x(0$h1zgT8;Qz3nYsCdw_j?OvL2gK6H>YDx9!c+^sDk7zw{ zqpb9J0$$bjPpcy5mY>zmaiw8$S$LwS4RYF3aq79 z@rIK5>Ax#u1M>lCgGk0%xYfmWCzjYl5dyeh-P4CM1Tu?1I7sB-rdtQPY~@{YA?pKW{-HKah@=x zrzS;wcxe?tp^okV{??66CvLDKs+Yj(L`r~9SgO`XcbGl@{K+>Xo~R?!?-dDs=Q@5o zr1gT#algWOU^1_2`aGFi*@ajorB`!NfvfZLB%4cD*UeL?YGDIIQJPCZI?NF~{_dXD z1K*ptS*I46G^K9b)Elyl0gZ)4C%~i8h!^WxKpN38libNrQ`^+|1*4;guE@F57yFC2 z7N@eqL6yXR?E}SasO!Aq%F2|*G`F$KBjRYC&*QJ@zrdInFxl58f-V}G)I*U1mWSOn zT@x5By)m#5YdULJqM&-{Q znNerK{`WB}_V-VpGv3m>WB5uH^^xp7^o$-n9c02P)pI z;*J4z)$Vn2klBA2o+wZo0$_!X6s(UfIu(`;7pPmc``c@?h>e95x0`Tf%QWSS2J)tJ z_`l40B`+8&zsleG7*{vCK~6k$S{BpEykAtCr&8JucTL<{ckX+5ZCdIJ>r>mCyb1d0 z={IA;F3*UtrFDFR2wU)br-RN6K!kKp!qC#Q_AeG;_v6eze4uq>A(CW&A{%1$AIC(w zO*3Jp)A{Lv46Iqi$N+Pni(DdsuWG}@g+8lJKVXjNk92>6kohvIV3O>V#1us*vCs4G7s&jNxUb{ogPrw>*w*`Xr=9jxC)B3Y;MP>Ehlk#7?=f%5Diw_Qk zV?zu_6;Kp>g(jCwc}{nUm%!xpxybm(i&+))xks)^`;@0I^R-_*nlJ+S~vE)i~94OfjD zr9w;j7=GRG3g7I^*~8F;xZg=#S6`U;B$V-C%T1q*G5oJT5toqH|BR;WbHYK!!4v>j zglaE>v+1|@pQou?8yoHI!^YF1xdsBSx2`WID|B}`wn$Xsk4HD?;1P4$e4Ef~CNkS^ z-|n4pTvT7uFGawKQ?ANCkpgSvU$lK1@g zi7Yp;gQZA-hhe7~VOki9bTJ$v?w3~Qd(DtC@{!ej=38UpN{$As#e%CfA+*mQ?vdIW z5UpWwotfq<4uTyJUg{e|5DR((L#~ z%l{Gn6z_Sd^NBBp=g8Dn!%q`u7r*eJ*G9bZm-%av!VAxBZir+~Nm`a>;s+522%v(TneONk>RA&gE>E+p;Py860e#ibGRhK;J(*=^~a zyKSmxXXu1JPsR}0Ay!$t-x7Q#zlp8N&QCaBE&Rbu8^1FoabBI>9e z2=B0`<2;A_Qx6P~Rl^!Q;K#&)NH-C!gl8}cy|3C2@yE9o2@)6`m+_8u?v~!J1(lNf zF4|OLqfdDtb_@mFZ=Jr}peY&6ee;&|nB6*9a#QjB5XDRVdY>krXP6Top-jq?`yc0p zw|=XGs6nOwAzv{R>v{~Nb(YZ`w8^mC9f&jP!}E={fE)a2R-4PbuTQH!rk3Io{fjvu zV+_M~olH~84GA#q5*-Re2aAb6CYm4CU@(yAV{V!H^LcaGrzaeri$pWkoetJ_A%T;YkUNtHd0EovTV+`(@2UJTMWD!;W`n5VRJv~^IV%w-w}CfjOZEb zqtS9~^bmKWo+am*$c!niX1GhFG02vV!R-2*Wi+sY&3E9c3W5$^r?jR?tiKNvEo=eb zPdc69wjHMJ6fz37#`X>14U_OASh-m9k;}JozYtXV^?Tfw-mpUxuq?pi8x$utY~eD;^`rMnr0PBnK;?SU&wJ+vOm0;y4V(Jyy9F8oMq%PtYj$cxdjS+XA12s@mAC z?boPY&bEH6SKYVU&BQ zemg+uACPGDP}vz-3sE;Tb*>?%%7sg!d+%cz271X89Q~JC^MZIV{NLr2{AiD|bT#Me z^U4h5o<*blyt&TIlaWoPq-z~z?))HPrECck^O>mQc%^ap^^zs4L@_dI0`~r)_5+@+p~F}=fkR?MYrD7Q~vl6IB5k|1WGF45Wt`kE`%%0 zk7oDIsQr0f6rC-s^Wp<+t2>7%R2cCXENKi)sjFWuSD3;?@^*}8+zNPBC23c}U4N?| z7J&c>i~!NkOGg|oyVw~y=7J4FDFH40f&(RpC(c}K8=>g-)TmUl`lP~;ocbRS=N^4P z&$`GWlJDmklnyBYmosmJNeveDZV|toP@F?ulk_LeNB4h?GRpG_>rEx{XPz1Rk;$bPIcyrr$rf<+sPoyXggBU7f z_aw#}LH|sbWgjWum(qA#-a22+f;|YN$epm}l6H~yQ-pYc+}X}p8TEabM|`*qxc|=o z3*u3*$$;SYSl{F;4&Zm#rW^%9C*SGT=6;96cD;6;e%*Kb>xwCbuO#8fg(1QBgSv`4 z$$0m11`4<#zP2B|kwR=MMxy9vj;mXejONO_J=>#OTWs^UF`U(-vLneuWN}~F=r_u< zAwx9Axbf_^CgiPmBq2ZZQ4f!ZCHv3%%J4cjP=R)0K1Zvis}S|r2(wIYQ`j%Fvux9r z7_C`XTj?5eQP-UN_X8b>0-AKqToef`_kPhfGHpQ%F|^Jr_alN??!O2VqhB8l%pDZ(Q{@>*)I^LA zQ0|qrVohZcq0!P;V)>sPn~FVi(A$@K#gtr`cN0LqP z*@+48Z||7IGhmQ$?|}UWfHlUKbCSp&QNThZrJK#-Stg?!J~L9eoK~hng(asyjsV?L zn;R1A4Zhdzol|jBxso{Rl`E0&Qtjy-64{Yqq}V)?7Xr8sMl*t$41KjFaQ}ct#bwNV ze0FSOd0u~=R+66hU~IuAjS|i0{f)AhOAac_6yPQ(gl$T7KM#tg_}Nq4+0)3>=gBwK zK#|Sr-&_q#BzY(LhL!8bnW~#F=3i=JTKXdJY9mnoU&KW*9D_NgVeh=c z`xCC-f)eI`cI00mAn(1KMBSM#)Cz!Lp~<>*O-Qn3hmNMYy|3#V zPM$Uy9{D}mcBiwO$ym-{b?Vhj+cj&tr_J8KsjQXY1NcvuamKV;^*1>XQxjYD_e5R*JTIwDN41ns)>|G>@P_$ z6;L*elqMR!HkcfVCfRlIS=soW%nG`%y?wCU&rB)eDI%GQAIl|mK&udsG2*b4#SB=G zKs_5p5A$&^9$)@H*n97|rnYTuIBY?>NS7Lw-W6#o5R|i@`t||nX=XzYtAvp9M2ff z^UA~}TrTdrCU<3-aX0%o@1rlQe7e+^`#^KEj?RamkA~Ca$?HrqOkF?K1zxwI{mwiT zIQ~?L1t1@=)J*G40x;)3_U@TJ8auYik=-h}3tE!tpYHVM+UXf*CUr%zta(JnQSAji z1X@AT=-Hc6nQ*SnVdF=jRseL>arFJv=}f*N+SK}F>%u$6xyN#Goo7!BiM|a$18yb| zfr(<64efxEr-kn7L6&uuiX-!R!H|BHN5IG)b$BAweqfdQD@hfnsk;(hchCI z0rh}*k`$6?;NhDiG`8v~aK~r;_27JleodJ-7f*8 zgNzLqeOx;rrz`EO@RVabxg0K;x^R7q2LH|F3 z-sSC5d9dnjedP9DjTCkFa|s^Tzkf*mj(D_}*x;03QY+qQry4uv?K0_6{h2@ByfJ$F z^R`alw9tU0YoY9AXT^)TZM#WMoW5ViZ*O&}8(v!(0Rlo%f*Ai}A}1C$P<&I1raSrd z48`eO{sS_LfCGhgsqj^zDlSIP9N8c}^h0j76(B-jyI|UOO)lYq+ir2zrr46h-v$wY z3qJ9q4{*C{3$6YVv^NKeX8Jc2)!oE(K256Zisg(qmwkJ!649Xv@u?*v=k-}vENh_! z9?Fj)qKKdaGWRmIV2NnfRoQE%r0$b(8? zEWVz7s@>`@Bvs!M0H3jwGxM&Nng|Ag#JJS41q7nndiIN7`H@qAdFQ%D+kAyYqeb2 z5BX0rUEe8tcrOsxF@ZButj6uLkkdY?m|e|8F-Q7aZv0v@?&?=qK@8IuUp(51dHbVo zq65lYF7*OIRj%_~iCMZ2^UbY%N@+`HlV819PKP^5`p$iouvxpB1%=C*#JxT;Qj|WZP7-JU#(-Hv zbn4_R%k5|PEbEt#)L10jh6=CDtFhf56=j0Ez7jdX2gzhLneOc!M2ww{24Ad#BnHaM z=QeT3+WeiP9R%o2s=TqCssrLr-qZ$My^EutF!_+~!KK3!Rre6Kk|x6XHHvqqWsNU2 zG<{zZ$e4LF#lh%t6h&b$3A7HY4kiZd)2Y!|l4LOSzV`kPX;Y>78$ZMG!W{nr$Dg6Z zG(>qGC~ z#@kIB70P>d0A0#0ybwYXLx^kvct$%NGdMHFb^ZJ5xe-}M1;Nz)9|j>8BnrOjc0KrN z1xb$FTC2$XFNS`uK$(cAaF=}a+u3jgWE=0fH+KhI&sGjra10lWdvnb;fgY^ieZS37 z^xV!DsS3N> zbOd5?-~|tqo3<|KWKkDuSFL39M6QB z_~wxd^h^bB6s4Ej^N%tq#J6e zzqy_M8`Vi0hCNPM*8?x$py)YxDxqH~^~I*NO1~=W>z2REPyFnN6 zjBf7xNp*G8s16qA`K$4T9d4xMtxvmScL{fORaujj{|>nNPl-~G$NVj>eQb~a z;r3u<8NA`jb^9tn+aU0IhN0~{CD$*4_5*)fxMEqiq;|A!7(_DCw`O!`bj*i)t?zR# zhu&Jut&esaaWG+b?(Bv_cve@Ux?H7D``rM zcl}8=^S_3eeSY{@M}91oG<$Kf`{te)YUut=Q))=a=-9x)yM^r4Cs&c9Fj+?h8cqt-DjEo!m{l5-y z9H@+ti?~)^8!Ec$TSPq1huX>f<>$z3XBKA`e|zs!2BTZhUmj8Ymme418W$cH{zngb z{5;3+$DedO-}aB!&o3VF*dHAGgJXXH?6=4M;MgDh9N`_uZ$QL)93LF}gI`Zf$ML~& zd~oa!j^l$rWl)a&!T)N1;Lyg)6s904&*1L(y)xp0$d!S0NrTZGTZhE{u}Gf3X!y6}@&D8*c>MX#byObP>3^S{MAS`g=?>kcJQ_JX z;1RL=&ovA$OE8eG1-p!}g#t`lEme;8E;i31gmZt*&PNVd-TkRwGgeI%B*Bu*a{T4k z2FLT@crE;4{K4N5!u-7|knoD;tt;Otf17->2z9%J@+D_IyAw2*E6g42)soJejJI@L zy7~d{&Eu6jdtxLX@o=S+WC`69O`FyC0f_P@ZcOfF9f43lDZ(cYxA+LEc3CfX#HioK z;mO8L14u{A>NRgt&@bc7ty${J8?zd_3UB`75&rfFO~gxgzIakA60rzika4*r8Q`Lg z+nhi#*1aPT=ZY`@Uhdx}2E}rx;dyJ1K*~kL1RY%F0RteG^BzgMl|w+@2jEEP0CbK! zYz`>i+ClBpBj!FKqQHN-ubM9a%1DYk0-c>x7di|r1jM`nR8v5oX!lnamL1Urz|ifa zJ<9W!A%A%g^}o7oVJU!b{`^pv8M}`_e|?{jzg*Yz6>#!66d);gMeF?4ZTA25bsh5o zbX96eYV*{wb$)q?$JY5}&K}R5v%^$j(3iu!Q)u@I95K6 zm5w0CBKfG|KLd-Oj- zG43Be#oz11AAkQ{7+Q|){rjxaKiTnrBIAv2THf-wOHj7OO3meb>~+Q;?a| zw35!|zHyzVX;GY1Tl+A7%|L~nlXGIns;OGZ8S>|`^CjZ2+CY^dXTwykN{JBYEMmg#c?M4fEqBHF3*_-WE;cdm=FZ21dO z7pSn6i*D?su3h9IEue_`tKvyfSK~OtED|7kr3K`aRg}14!T`Tz`1&eL;FBhLr*0sF zG0c|TTQ7g2TV=uTDIl5d1}%IwUi=SBs7vZ@V0ai>`~)__VYdTLCTH6hSF}&f_k^LJ z@z1{-#j<$ImO(F(#t@qhD3-=mlLjECCG!4SS`+GY9Ru#tO@MD89*zHOiQy5yga5Ii zlWhB3>kP%q(l~kH2O7JqqsSlXL?%a)mdgsMqu}-t=%xvBsh-Ku3#beg`I(D`>_@|8 zLMOHeotmCw4?PVt$oBEuGU^+BI3%e@Sv~$Gw1-Y@^%5xHo1X#v45HZtGM7)}J^~dQ zA@+@&p`UlO?h69kDfgcKnFRS@Z(15D5Yk!6rRb)bY-+=Nz~`9$ZiyF}`vO z5D0X<3`O@vTEAJ7V{4)s;Yc<)(B^0nQ=4#+AQM$Em{a@l*3&G*b_|8pLyX65&E&Mc zK!i+_H^w15rezH8rH3x@-J0Z~`4eJ*Fs`xsr`3PkE<%XK*Mhj#tZ#ExQLdruk zFab2#Z0~ULowT+eD|0_OcvoGrb7aA3@x0Yqpgu3iV)Ztiye=}wJtJa|84n@&V;~a{ zd=l~qvXGJ1`-rqZz`L&QGpbNRLh8ole@>YFLjLfr?T^`dnD>D$ z;)@=M@-3@+(PgU`CYz6ZNxOe1p!n zeH}f-ZzS`o(-o`l-cLv_Wp^Z6qFqN@@hgOl90neu1)=04!Ejce*7Ibtr?1ymd$qOq z*o30oNI*EA}=HRN-TdC6ErtGk|yA6B3O91RKiV zBowRl@7yU&XX23HxjjaqS49)bALD+~5r}!7DH940?g9MrebiIE1MTTP&u=?L^(C+p zsoIVD@5ElU91h>Ob!&Nz9!zEjt;kv9m`RI7FcW!ZuIZcM)We8c`A|D0p31tKG`$yE z9tfcg31>m?nBIGLW20(Wn2cG?bCwv7K;-*}pB3*rG+e+zIs__lvaP;=EM4_T#br7= zVuJkXOmU}rxwibEjJJ=<5HqPt;6YERi8Rb~l|NIDTV^MQvP_(8GrM}&GCWIvtS)1T zv{C`z(SMb{&13|j1D5^!G$vR8mJ5^9>@0N~7ZYx()n9&_eK@!w$Bm_?y12$5(e!2M zr*ATgp>8kVwMT1<$hd|=s=U{}F%q)#e7-fD@d4{uN`_}QdwRIU-LIlra&^#MFk{$3 zO6JccM%{D*0U_D50y~_~3;c6}4tj4g%P;jE&zs`qJhzX&Rx$4#4yQ^=$_4@Hj;SkD zYX#2dHO__zP;=|5rR%b)lNnqGodTuT@^=oAd`JR5j`-!nK&f&Rulj6W5v$M5-pcmr z&4s%Iux{y_>|XMBIGNAtS8CuEOY>fe;ScaILSH%&0W2**!Q6y1;GL&2&D40DW<~we z*X!rHn;*o9jE{1~J6fj9AAy{BPPMi{N>S}sdDLVRg<)d3C}C?l@{!ZBL*iuXr8l#9 z-$zF5QIe=xKTcV|zxl1bU8}hYK7&#Pk(RF|L}npSE}ginov5Zw=r|JJPZ*q)iqeDk zAWHqdq-57mEP3z0i_1irp*k4G&puP%lSr>K`nzB|!6D>>nVXsN&oNMSHTfMF*S}QiqI=&<{JzQ?FvK5UK$AZNy197a<6P zcwwG&8+({(_9Zt)+E$z|>Z;-f*7;MZUjdFIy??k` z^ou(c-$&V*)boU@16g>l7hmg@&M-x(86Qh~Nh9@2JBe)is~o(_)-H;D)0f!9`S!y5 z^lzG1s@TpWA{rl}CLCu*V&!9$ScngY6g59CJ)PG2(Cq8)tcWJFWo(rxQ+_gu$cyLN z2bt2q>wy;;03W@AT9ZJVTec!jC$i#lf?PpOc(?8IY=u_w z9$585a)YfQj^mcEzDm!TaEw<#fsj}SeCRMm5%Pfm#rqPRGwd&l%V7zo8tyC-rP-zTb&*{H*%Wl1) z-(Hb%UQ*C5CP_T}?Bpq$Igg0FcoL2G5lH9;)`;}k1c;8l8m$N4%i6mukh}Nr2t)xo zECwV1L~y5quK%F%uJ;mbm7lWXr77Dvao$+!}P zLe~(O11h2}j$t-xJqg3nnTFR5_~<}STZOG}N)<3X@$9^jZoek?h!l~UipeolxcJm8M=FCfrjePtPEV}n2|4}#ppF6&Xej{o+ zUSMFFw&Q&7Y0k{X9=il&t%wxqu#}gK^(MYZOv3{wNHy6f!?JMs<$FpjKt9?=cNSW1 zOMHU@Hk1QqnDPsjH@OjNmE8L6+4IhM@E_2kM7SvUWv zPE*kW0kSiCdA66y zhsym>piv#W_Xe@guX6+nK6?b3ceYysV~z6yj0{T$jzDOAMW|DC1PVdqSFYSEWLF^d za&&k^Mp*PJKY=5WTYCrkgazPst76t}XTraw(MVlHOVOM6uppN|m|D7>0xYigQsgeq z6rl9yAe*=f-E9SX0x4T{gafq_IZTL`7MtC3V;0P$FZ1WzZ}t@VzI_C=fmMF(7R|Wkn+@GUU3tl65?@=u73zukSRJ zEe;Q;;Dh!DnlSE=S<~0@kuZt5rJ8*#UGKd;_NS*nH8&qkf&?@{T-UoLj4nuaHXVT~ z7(0oqQfO_&LRIh)XuHtlaGhw(`x}(AI z1$9YWx^%)b8YOZkTL-+O}4HBUbtd1hhKkEr1Ea@~a-0 zjqsY(HwV{Y3~Ibru*)}H#n&c!J~u>vd!9Hro=Q2s7N%f97seto8Bu^nF+gVWQw6XF z&j?rXAy^7xgTO$eo3F2xVGBmx%(AbzI{G4Ab#p)=OZ>|)g%9h)7>Srh{==sb%h$2l zN$B=x=YP7Nf+v6|^)zc{jH+Qm1ZM1;8Ryh=K)SZI*auE;X#As2!#V|e8AEY5UM7yQ z{9+UNDM#F;S);WyTorz@Dt^Xj6*m*0)~PYfDKl&#cc3-@l_HSVP5M)_wSzGnTlQ|| zLA72Nsu)_D)+})w4=0FZz^)=aeLV|Icy>*Kd-}w`3$%@Xm7BKzV%qZQ<5LPc<$zCS z5y^sy`F6xQAntNQbT1HHfxNs)Cn=S$XmXzjBsQM8i%G4e2SN=(P6CR=$*lDiDJ&|BGX9U4B07!HoE zTn|X-BZHbWAcxv)Tz46ZYMMSzaGZ$=-RF%(&)VlWBq8Pew6f$J=cjteAJ=9HKTUM> zy>8jvyjwKNFd;?KGQ}hvzA!@VQy?y(Ealxjath>wIX09;O>=`WPH+Q5UW$4 ze1e+2wH_8a%8%6Wyj!(pGI^8EAJ@ad!+*N{tlCW8>DHHGKxXcMM2(z*M4%YT8>7MC z3Lc#{`Dt;Zp$CJOwQ*;N;bv=z%V@-ab&47Lm#(KLn%p?3(BxZS4xtZsB= zoS5JplV!t~Wr?RX>Ck$1L2MVl@I#Y8E@q5wjZ!tYCl5WbMXRm{588QD@EST< zTj~mq6ank$*#nIy(Ot_@(E&d|gd}9@}pEU3OkiIUY@F8Av z^2$3Dku{TatFO6le;zm+WP1&77ZF*LT6R-5R-5e$?zfr4E@J|e_LoAjrhTmKsX8So zm~%U_TTmivx+#gRv$?XlIU0Ln;{5Uiq_@!)ewM)8n#NqmTmVzTc{Yxh2l(}xid8p{ zPw;a~%VTTgIJgMLC&m+2<2m-S56;5Bq?Lj@(#DX@saJ;T7#`-XFpUMo7^SUwe_GHj zv!wfR(=?cB{hsF2_pFbvkE;d%yVfb&h0Nm0tEhR@%e*aaP{TCr)SY#lH!Kmj(`?S?pT~3%s`~=_{VMKr_zQjlsNK^unDRN`2+&{`>oIrcS!|kAY z&eSW^Z?B9MD)sfMcff3O zaQkNL3X~lNAji*~Nr1^t^ZI{OyeJ=Ba=0!O>6bdyjp0}e-F@3=;# za^j3yQOte$K9+4ZnsL+mbMz|H9U2Y8*8Vi>Q4#swrPiQl2QS4$SP#MWyCeJA!Ie37 z6Ypz7E@NEp#oiDhDidiBt08mDNRP}j3;f%5~e@3>C#cTcu z;x&JyXZT%(czzRspJ+kfe&z2_qRSd@|9;VsT@c@?U0zlFKsiO2k^kK1%hsSxzb%uY zyJW_GRUwM9MK3+41UvOaFDN0Mxe2^Meibgd*I8uN#BL8rw10@VrFeBB%Md570htj7 zfr3d*Md@5kzStX?xyu~d%9P)c7qbW_no=mxLo!mQ>^VILc{==W zpE>&~O>Z%OW-iyNc8hcplC5i!M^YbDb4TO zT0c#!ny{rgewbKL(#jGc2VgW$5NqzQ&V!7*L{-t5uB#LXr^G;Cn($|_svceqR9N%i z1$=OHVD`k6=N6_cSYRcs;UibkHOG&CMfcXNMX3_8d!T*oO1~8CrNi_G%91}0I^ptG zv+=2pCJ`X9xH>Flpe$GO$7Npb0m;JVu2jb}{I8fv6X#qvKS2+Ir-)b!$+vC55Jru(JR$lDV-(=Vp({xn#IL_H+M11}K?nC%3 z9Ev~pA^gi3H9%#I<&U)096!tP`}}9-!0#H8Ab$&|@NW)Dj1pmbgpv%RWJ$5SSCU_4 zUcR<-dA(?}V$Yk;MlLh;PtAMcyXQdEvOoL~YpkD^QqK;SLnGki!-^ayiykK?nnadK z%qOQpckIQ(IjP3#m7MFfS=iWeyYn*4;=b?0Bepo;{H^Tmi*V*QC#Aoo^Eg3$Gwpuz z3jMN)Uw}w@yWl(hwwDuACi8;-Ot`!?McED)86tWV5ghff?H%v3?CoidR~RnX6@7im zM)O8ZZf@JAL&-TS&>~nXkD?_)IO|t%47P$n#9VpKD>(#X#-f^$B-tUE>uKYqre6~i zM+*1OL*!H+3_Jk8B8#IUe>u9L#75NXZxC7BHNvx1U9l!5Kf#+MzVUk_>9nr@NnxGA za)9gBPQsiv@&S^tx9a@)p(I^LzVwW48W{>|2 ze;71fd&^li^H0^rzzp(@YHa)Hq9kPw6J(<+ov^!MDnD&E{>4@URwU)3yth^B?POUm z^JY}?=c@p;)0;;iF5;b_X1EmA_4$0Ue-18Ss{NC8>2tPemGsGbxu|!uPt`73q-%Xh zXnzb8HPZLp{Mf4v13)sh0Wna;JIT z9~X=|21@@p@Amfu7Jq9y=D!>U>27Uw^o77L;I#A5X<*ou`id%`EmE}c?! z|5U2h=AISYwDhu#O+SPiC?Dk#h}hM^Cav*cR~H{!Ot$khq+fWU-#@t1bYGv=7Lpc_wAzDYVa zve=5DR2af7ScizV2S)aO6d`5)>B{m!tVM-SmdNFu9g^bXS@dRJ_jDIuI^{L@MCghV z^MEWg2vx3>gx$S`^wctHg^TpByO4T5nQKWmXFfV9&DU{#?jrqL5#DsSnIdM$ znuz1oNfh+Wm#_Zq81}AbhxVA2T~1m;}Fq?G8qnHB$l8#jj9 z3Z)jRJP*v=6yJx~v}F1A5zEEiy|*kW{oWuAJB5=Emmr=%`@rncu8hmf4)}hFRYT^b zU2jEAF5hJFx58)0o$tEm8-tYzd_dN}eP00Rlxa8*Q@@ZCPPBHTt73c1>XYwWU=Vla zMDDpTHL@`NhemPkw_n8}bCmgE^Eh=3I6_H)c#h!wo*;>Tf~-@w_xw23?JTCs$8%~# z+5LGsIkhc)l~Cecv5z?R7*DB)eVt|q&EoE$ss|={c4#MA!p6>O^U23AQ|VS`*Swi6 z4?ng$!Kew0m>3Yz7{^;%q+Hgz?_^}CbcS9=FSoMpvwinHHQUIHsDe5XfnI4!$|gjh zk}wwBj$m{ooeS#uzFl4T1n6vWNfA*ltF4KfNw{a@^F`$B294&+*|Toica5rakozj- zH7RnO4f${hqF04{)k!WMc5Q!SB6946+*{*v$G7Jsy2YY>i{uFASbsA@0`^vGN6JRD zq9$)4zDg&npngl;*&6RFpwV-7FU!_ie4|=!fQ7M~6W;>~ZMg6PW7I(p*MhL|iVWlz zlqc6M0$@u>Tgyrnd=V$a@lyDja;Gekcp4iM20MqL;-|sf^_iMQaXt<_^QN)V+-<^%(ZuOQ`DlUz)XF`atK7d`>E!3m1tY; zgU1@Y`6ZYLx(-44&#w7Z*_L@!elpWh#r8KRgbVgdA675g;J2Dv$= z^ap7AJC5#iwzj}!aN5b(#Nis22@VocC^Rn zgj-y!yaF$n?b#WMPMaR+KN0Zm%xS8CQYPgEm#I;wz}bdNSX5`@Y2qW-Gb?Ef@onR$ z0u}oS{@TtqUq*(#8kp8^`f{Xd{uJ6Ons8P5;Jwih;#8d$PQHx^CDjH#DHO~^5jI}x z@Yn%tXCqPf2>iL2Vg;%Aq=3JGXLsw|)v{NIStNc3C>@;L-0=#3w{tFPvh~BbnMU>q zwWK^-k{zXZY-TAI{@@hD4V+*t2I#R%rTwnoo<^@ENeD8;)yLnEiAB9YmJLm~hiArJ zeqcbOY;$*0?&34eR))p~IhcGBChe&tQP$eM(l64z-9N`nLppY9f~UJSm!?%%gZ!h@ z%q(TQ3rzJu*D;Z8nxh1JG8sK}uTIkw!%^hy;xv3OYE#|mL@`68rSxfr6N)dg2Ewx5 zwPHeQ3kmL0l%zo=u9W%hqLQ(quqVL@DI8DMl<(%}ay)2o(mKo0p*gC}YAUb9WVes( z5W+#)i&&?Z+5Dgp=c)(F>6K_hpN}m?+);bX8d1;|tj)!t|2f2bbD|T<0@FvQ zop50LAw_0SvPdsP<@ew86bn=Db}Hr%F;G#{zOGyS(mlKe2~ z>h9Epd_wYqaW;7$CR&h@&L5&I8TXPHXPLg-e4cczNdZ%rA{CxS4;OLVUkF!{B&v-( zp_*+-oVd}yji^wiuYYT%{`ea=GhdIOyAI{q1yKY2rJ~>lEJIWhbuG zHL4#RlM`ucU(kkMq}4DJe}m()s`?fb^ww&>DiF?Qwv@(@K`1En$*~wFs=A@=3qdJ6 z!Eb;1@wGJT@l%HNS5K*3j9r@)IzHr}rJ^h(2pqHYLLG*9Da{ma3<@!^ShF@>$`#7f|q9!VLdoO={ zHC(d*5NWHqJDouW8$5Rn;QbUs+pL*2K|;Zt;!De2S2dti*UlwJ|P( z$pL$VsbDPqFg}c!PN~C4VwIbg>koB7WTO2$HNx1-d1Kx)J4LBh1ZEuD7TyZm`HV}a z3d%_EHjX!p*Q`kq3RyGsPdqIXw#GOef1)RNRpT00ob!kM;QR*lm&>U#1b^%n6gyIa zMPQ`D>QwU(PNt?Sa>#)`f$XWb!F2;9r;8oNZ$+O%LF;F%r=SK)jhjCEMTcRI0G#|C zIL@km2U;)<`=4l?97KQ136=@qGAOT09P<>rFYqp7vNn_EQPlbH+id!YkBnR%JEFwv zSTS}8d($IO7}NdP>uD{wKd5{E=GMU7thFZ$x@Zg~Bvh5YjNk1 zySP5mi(u`%zdI} z5aoWVp~mO*Fl&uFJe+Rz5aK_gA z;pgy2pSx1n%vI9+eR?cvaXR4$TQC!9cFiQ$zZ)MZ_2ybdW&>zZo;hL$=8KbRwoo8c zV4P_&G0~nyZ?H72dWyb(`dDr9VbuXeUkiXPcO8Mq zzSt-8(go_99TLHdkrD-&o%?;$u>Ru15mM@N8*|H+G-fy}Q3J;i*#P!&nCM7hc#(Rw zcItBBqtcqPhRD;saktJ$YgU)E#A!CuR(a^Tk?K`#+z@1N{&sH+0~b;LJ5kpggJKx9 zcm8CTl7M|>p~}lD5IlZQ-8trbu)>MRLb4{Eu{?CZMpPXm8W9e^h_h)7kj$YbynbNo@`tqBY=K0T$jIF7(pVgP4SHT>fA7NT~FxBFceu*6_6CS=Bl^1$st4EdX zT`bX6Zy&HJ#yx&YW|CG`^&EC%Mkgp0j4g^NP-^{Td|1^N^flT%)pKq$r;qsxcV;d+ z`chD@>YW9vwK+Xgv%Rzy6qSrfqXU>_vFOvvBOWR3(xKUx(CQRT^K=jHQcI6E>ZThL z(L;SNYSx|uM)cHSAUfdK!xS%~S<0%Ec(0gh(!Xnq;^eR}ijWuY5piP5u|FfuLO)%L zfzZLUvEH3|G2yB7SR!0-0H*q3!oI4XwyQv}%+BJ16|X%P@{twU+c;&hr&@iS4q%>b z9kvxVoR3;3Mkr`UHf+@7%?neZ(g)Q~Uf&7*M%T7^gAU{^@?}_LDrbJu@cTN6%6`B; zmF`0G?77(hiNYVwQg1&jRjs`^)2G))ub_6p88n* zVzRhJh&KpOkzngk7N~s3*kwFasINFnbt~AQd6}|*r%!LPx4rWL&`wSRv^@W}NUk5> z$MJjkf13lp6Zle2_WwVtjQg|<78eHJtbh2>t$SibdKm^Yl5fZGo{e8 zu@=mftJyQjl0fY#nh!@APE`M3-&^FEwLG4bW_d<;vna77cl;`-$ucPR?IA?f%vK=d zk(-Vihz4{5KvT0bA_9Tr?J@jlr&mfn7v@yRc z5BMPiQ`+m0FA{uj=H-;ojS-_|*Jyt^Lnu79+h^PhR1-*tEW_m^H9U7Uq*5M0r_ zAsdQN%t2qVy&SL6xTIpP;Mju3%baee+PAeI(b|{dJG9(^mYvUVE<{Tu(5PE~SORcP zBps3~^>`eCAP}n~kp4VS;=DrA*?}K{yi*o)o)_tfJ`S>PxHsVCzP2*|`8n?1Lm}#K zf=QRO3fK`k*J5-s8Xf{DQ_tZW#3InL_{Apk2-H0K zE+TYV&;K{>}FpPAYv}dzEY4v1W}#0Vop!ZHj2o0eJZ2i3W|^ zVgN7S1fs7m0ifeKfW_>98<$9((}kHGen#Q4jr7y@si%<$H0SV#&4#{D0dYX%aM@}s z&>P)9e-7+-Qd_5|_VFCeJdk!|CBy@q0}~|17=kte1K2J-^Wgjh2@XRMuv2r0kB6O5 zJZZ;I0b#kC+1CyC^xvAEhSj)xS2a%D2x+Xq$Ibt!5}SxaZZ_0S6|H*@Z7~o`(#n$# zPos#nyCy<&9!2Q7xY?S>a-$uJ(2>N_!sjd>qg=3EW;{^t&Tar`SiV?NcSW#Z>;XAtDrKN@6k>1k0~+LWz8phG07s z*C#~Q&G|vg1UTilD*Ks~of5DvUT+RBUslmjf=H4}S_`9 ziTaAQ-1Q+{Rao=(IjA6f1gHVY#!9uMs3p(TQViF5%!;8_`xwTglUaIR86~_t4RzEA z3uE}kR|voBxN?O!beK68g2FEnD3vN%mZIp}ybeek6Zhxu@hMu}`fl0awq~RyxWhcU zhwSj;<;A8Jry$n!4>WxW6rB|!9H+o71&>E+Zfm3u^KUYu$xqUUVIpVdM9x^2p1B+i z)e*>!fqn@&@-oV`olU)U|6Uw<5O;4aO>BNnPxi@5Mv8VR?iJt7+lRvneP31i`(*Qpjy{TbKw@iZ&YLl7bI}a6u7qfMSaN2F(brA%6sW& zx7P(ayRcSja#%TCI6H$?W@WrRRgBVK+K6nd1e*PyB2I5NhD=KhdaBFU2oDe7hxq&R z5lhtESMRsQ$iz68_`7)aki{wXDFY3wu`u>VEf-YV6{)atdLvB(#{kJ6{k&UuZDTDp z9^8z7@yuK^TIIc@#v`)MB;w=J^2VS450U#BULZvld-%55%!>MK(!E5v{mf6r+h^}h zUmDEk2Zm%5`0MMey5HBg&Z~cuF>!g%*q0})+N>Cr`CadBRK?okTBW4Jv__{Q5G(*^ zlQVNwLdXES5cXuz>hl5Hr?3xpj~>UAXEO1t^fbtUp1RY5Mi&~+lctnFSnn8FaA*S) z78$1K|8dcmgp6+;S#hICz7ft+{OEp$qUPpv!@b+nKt@ap|WVS7rcfjcbMJ447*E!ek7WFuMn!}FW0b5Gm5~;nJ=|W(M1bI zToSr^a(>iI0j+uY#1AmRSE#i%T1@u1Hr=yf6e0kwJrHsf=9a# zvI$H{@YZUd_wxPaY5uj&lC6{O}-AxXW#pStGIH9lWwJT z&K0g<2#^wOJErJ4guPA-M~i-Dj*+5YF}zsNQ&)9aR9sRwN3S$q>{AcN3F+WY8Bw=d zWv>9f17Ffmswg%ogeYK-1=y(vAB|wjkPmU!UOli!8p^v(elp1~%-QX9xT6nx-dvQE zk8p&ZT!NgKBlO|8)JKRy_O8B%$-M7!O`V2{T%J2DOJD?U?7c71yMK@Tkp?J*P=;T{ zdB9W-qm@_*i}p9v%xw(@*S|$tGMXlrA5>Cqi?)h%7U{bC(VoQtDTuxKNSw-iIPZ#u zaKGZUSq3V?o94=Cfmpr)&ufNbs@a{dzkF;DvQoSMR5GyNo%Zx+zWxR|_!#&U=>+W7 zAc@Feyd3M}w=ZFjJ9)%hle4AzXFF_cC!n7G*k`U3X zpXix)+l?QeA{XrFN?-Zr1l6u~nQ2&0-i3RS-2jxHpeP&Qiktp2a0DXJ=wqMJjwae6 zRVrSKMF#RSJCt^y?s*#WKBs~AUfmD9bWQ4CTzwx%eW*&Kr%FnMGJPyhV*Dq9N86Pr z(q@M*3~uVnTvSjW*9~VnXN}?lUB686)Ctxx9stYjVj&&J^_`Mj1L0^mRNq|5?_? zNKb!yE`uSdz~VQ$)zRaZB?{JEzJ1}3V>NFozti*frSwVGD9^?c&$XBcgi~5nsx(%F z9!>ka?k9}~JKNMBhrArIp-@@xBN>mQD^>0sy5>9TFxs*2e*;RHohrm`M;YBV zw%G3wiCuS2oM8*k4&zzm*G&*Vi5{qQoJU22$z`WpP0I=2ur})w3>cSSwyrEhVxL)= zg{e-X+0(9>N0(30aJyf~f6bpd{}$O%w0AXTtdX=(bSTpfHCkyn_gzscN2vtkd}~m% zI0_(N=xm*3=Qm`sOp~YWnkEXI^;eChL4TiM{7v6-Z>p6peedn|OC1A`_XG;8X+i>=v|G z>#iS`00rERmhKhB!pk9i2?p1O;w9svBj!E?d{bpHRQ*>7!0Ej;`mZDRoQu9?{QaUIn;s_oANJles_D0D7eo;0T{;q^h)R<##Y9D# zh*9YvMUW<7L|TAAklw3+fPezhA<{dM-b8u}HK8d*63`GJ)D9Xk=Jx<@^hp1PH$7M}b*M8lTCY6Vfm;6x;Fo zuRD_~#d6g7&EP@prnuwb!XrmMUw6CYVW=k|jhKXobfLmek$ub0)czXEnFWeZeXhHH zt@X^?$z>Sk_?+J4BhaCVk-t`>I*2@hsb?{EEJroWiNL7nI)hOo^cvzSTOaMK)m}L zI3o1dy+7=DnwAax=3Y3RASe>s@oe2mG$fBR_xjN7Lw!Yge#lPz z;I@#m$Gx?=8T6~9C_f|z#DztyAFML*+he1qW(omm)USHFV%8X#d)uEQH&&}rFzk_&jNu=wNJ#35sDL$B{15ZKwRl(h!2FWs6@!20dH${7UZWC6 zhCS)F7*(EBImz(M4NkMp7D~3jL70AK4-m(~_OefRd$yEPPq#!^Sx_0@B}Q1n5tUW( zA^iF$W5h>Od&TF?!QfYKyHP%FUdYP|92pOCo_r4pczrl0i2_+d7q(_s9|J{462hsr zCc!S$P=JVCzZaos;8U#kTlY9?!&h=9L6x4!>E3;wfOdmMugH-qa7hd#%t&viSlyg5 zTy)Cu7F`qmkJaym)cthb^k(;`ss8b&X1h7Jv}FUXOCF+z07dK7=szr=b>0C8%MK>J zDx;!|6v|d(@%&NBb8ErCT!T^e{$8cXJG;%-#a}w1_5MI((X8zjxP-uO!9sI;f7#gK zKIX4{*;^E??DjkssIFAr@0|3l!OUwK&)5*7J?BYIY@{1w-EnAE{mOYbv^Uf24ODc@ zf%!>GQ$zfN;3=g7!x+K(2(B{eDBp=tKV?9U^@eI!;1xRPELpJ-9@cB<>E7grU$hcO zF5H|{va#MsxccCIZR%$ODdsC{x5j{z)TOFarGi}8#eJMw)D~M=d2YGH^8_)^1*LUB z{C(mW%m$MGTTJO`eVy-h#)hy`M#Ct&E;Gow|?TLKQ8I`Ioq4U{umzN``<8 zx|>9s9`!+itEBGsh?MuTvmUtvt;91 zJbS39q|iU_!%B#x6Z(oVr`Be}C>qSRE8_i##xucJyOd6O(%lP9np_qhd8*ZBT}^rX z_{b@OIwkpO^N!RMWUUy&70d~r!ybnMyATX+7^k+X>Z0TE#vCv1xwPV;*CSWGI6Oiv zG;=?HwQ{gSl(2r}bP)va&!T}(pB2u8GwVTzS|(-&`IN&)4C}L3h+?1xEGI1KIOl_! zT69`SK`a&BhSlx;hl-jkGgDu&yLcdMt?laS_1b}bvA&68F-(@oeAo4Y#=SMO zF5CL!XzwxV;8`SEZa<62ke7B$`Eb)QG%ewq@Y|avN_$|3sZQosmhpht zKQzt~(PVU|GFUhz^-@awLoHX$a7h=fP@LweXIJ{@N{7$Cl<^jQ#8 zXgBu*RMUX!wSv*Y^Pzxb&?pFNj0vug+G$m(`C>lu)>m5~=yOp=@4E}8@g;f-tas%` zZf4W3>pdek|&REoInS9aE_8@t%JgvL}W~O!ax#2F&XYNyw zxuN)8tkr+$u>R)`XzX=hz4L$mRoqtOGO5>Pa!V$b!I!CSK6n_2n&t>v&xdH z?1pCBNjB%c*n}x+NU{GWwC&G#{P_am_}{$DClScAmt-}(U)M6*dSZ+N5{G2j^{cS6 zf*#JgX+-JCI`4W?hRh(V<~3i+@{WHop45aP3-ihCgMf+egRe*CXFiSP+s^6xp4Wv2xdd zwuNiCELr!I=N1bUb&LXUuHCQP&I@gU#N;<@hXh{+G>P*h2r4;coh|E9R&G^_Jv=c& znBv8BQ{h(!jPDFCYNpz5KIs(-HX!}W_qxs5nZ-OQ?eTeQJ4fjNuFaPE%a5pwmU7Xk zN?dErS9l)|u$}N1&-xIb|5xXwSE4}D%d|RHhu@GeP$MWLSQg$7jl@KzRFb6nezE2A zq~PdzFb3(2*5P!%TR!*ND{jg^s*PmqeFMG@Tydd@TlkXrcC$5&Rkq#ZfVs#9-pRFw znn};=xP==V-EAfg5NM z%vS5Ri(>mQX|VetH{jDPV_$5D#eR)k8Q)xW)BVP_&S5A+2yU6J>*Tg2kd?VYc zN&A7zPcy(5`pB+7ruVJ~G z6!4pofuFy4{c>)yb$%5$UM>c?_8HCaCy9Rt%!B{^4kyQL;qq4DRcn8en-J0W7k|%i z)c0j^y?eBS+P5W`n7RH6kRRjC5`5Tr5bAi<=)LN8>(3bIm6?x^A2p_>%a^%_uw~w0 zJk!UlO4$)?v(b1%bPR~86GT=f{D@f3wSA1=YVoLS*xcEv8*r7H|I+SR9{#>UHSOj@ z{<{(eA-dlcKZ;f^YPqkRhqMP3uaHKF5rpc(iaK}z%l$dy#NRu*>^=5QGfoQF6KxKv zUORR=vDiOuDAEnx9`C>e2SdDW914K*Z)Kba%%+}IrEl+tMJ8Wg{#f2tn5<*W6?+0D z$`ObWz~V_4pyP(_m7#fLt))M?_O)%Q{$xsighszC&Smqtr!fD6ytwRsf^#fI2BCAF z?vn%pswHFuLI!K7_fV#t<6az2y<>ap_qjkNL5A$3vY=CWlkYD#thQ6K7`59Dr z=0KU6>%2muEg+Swk+XpTSNJU7fzkn|>o{%|8p*JqmGLXri|a?N(!!iJt zvu6u#ASx%qai75*2d${C)5p2zB~`ER+=ez5g&600jN+~AyVMaNMZHfxsMNnm6WqjI3{eoxzL>|Z~Kt^_Pn@L5OE3LpM-;OG^~_TL_J!S6VnAoJrPtoa>82==nEc5 z#J&7|L5nMv9DQDZ3ckLZUx$p+d`jTLp`&2l=QajRRiJODveF{;D|XVUH_ z(-j3R3~dtnr@HIN$W9J;&)UJ>iR(HfniBybG@zrDV%k+phn&4UJ;V$=UV?sPD|7VJ zn#6>oZuMmUp#&K|=JuylPMw%x0j`st)aU}{Op<7q#OZ3_>- zdXCepI-(uClikt1{VOvZ?KT#LW(QvemTI_4rDxt5Y%N%>F~WAz<5J{@u_ zDWJa(5BIXi-*$8ai3NWHBzjeQVZyt-!WT(VbkT^X;3}k))$Trh+T$tv(21=>=X8_% z`~sTSfB)!gn5Fb}a^v?)2H2ukq^H0)7Z6&rFb~Wff2DH)5A`MMjzPy3uIoH+qi%>? z5{g8~`KJu~H&j>jl~2xaY^3W+zbj<`X{%fZ&_RQX}g zpD|H?$~ZI5sFgOS`FJ2E{Fl^mCYdCZ6b3XOn+9@euq!zZ{(iD`pLPP2BYGz?v`w>h zT7}(*lpdDf;&XiDkS^L#a(T)$x<(ZAa?FuyDccuyuO|^ZT z+}ARG)r$&74%(~mzba?8I+53dDv1NJl-WSi{%h%LD znv{EdK-zb*}axwMGhJVNSEf=j_^Z4rZwq{h8%D*0&!HpTsuWkU- znwya#ICNLiBHK3zucm`!kB64tEP@;NCu%HCk8qL6Lt;2WwwtESOa0S|NjhJ#g%+(n zSm?ZR520TYylg{1?Le?by?eH;6)MBqYc}g?Z9cDQPheDd3>avA*MXiEDyR*xSUrI& z|Ak=+vCFHyPz;S8At|9gFvnlo-Fua7Kh@3HFMU66`?2r?$7DTEMMv&92e-E!AN^lz zwB>7)3Mq^X_@3@O1%hqJ0Rn(OL?d)1-EB+)wyt5^mCd_TKj^S<33y_qQgUF?4!CvQS zN@q9FuR%%KAHP;CTQ05kF^4;*T$@%D5zc9E7}_0}O(Xg@G);5(sVkS z;o~nJO)k5pYNVWR`Cp0o>tNV@Cp_mC+5v`{!l}klZjuVSgH>t?a?yK#M{Vfq7am>M zC*R>YYkb+}_;mBN;N_Qj4&e0DU0dK8;Gt-ap8}A6xx`?>nFc8<88aioMUZ`MbCzgx ztIDx@X7<&DXjkUIxi?Sr21kRVQN0JWq`9XA+a44(JaKrp55rwaSi(Hm7;#oJ5~zD~ z;c!y~Jn7ps4B&8+{|$$q_zmRapCBW_+yvhWER2cdXGi=@x_~q?tF1?tZpN zZ@R>6{2LX4Ui+BO0f=^kNzipDEBwfGs$CUjzMHoE>dDUJfUDv{RlB^%qP(f+<(QlG zcAW7`@y&Dv1kgSQ-k{62_BaMCLis_VX^eW@O1Lbby5M82Yy?evlFA|W7%!bDq)Sir z67|Cb`o;JY>g79diC;0YOD|YR-@n8fp4k;FjX#cT@Ndt#6HJ_7DLfjy?Bzz`qT}7~$x8vd9`(WMt~Dx=`wezYNNYFQ2{$yf`Fc_40kirId$JBEBMXL-`Gt z(Of=qAr#KJU~z;6p4b8_Te7frp)ljm(~F*9bUgBpLk&Cy_Zkz(wTudpZ$7s=ub^S) z+e8PF{M)nG$f@I&q0Rbne{c!iVa1c!RQt9%Fd>Xsgm=otTOt!WA(IU-I#>LXflIbc z6;+&3p7(7%Y)Jab;oAERs!w(7<$8x8!0!T(TNZT76Pfq}<0m=v=F!&^xFRNff?h3% zPE~W)G+=-k(9If0!D&smWQ%lv6d)oS`hLeWPlaTJKkMtfJhSg3$57oNy1Z(h-q~m& z5yw9G$T209HvM7Vm&U)i_JQ@eD43?%nl^n8zIN~JGn=gV&(}RAPOTle%pj#7NN`q@*m7U>0ni8w+M^T8jR*37+jR}NxbeTtrPGRUzPG)dGG<zv4n0g7XzCo=tn@!`q@(-0T(rqrNxo z#rIO9KYx7J98$#Pw??<`fInJ4Cw{?>$^v@9JuBBHF9ddQnQ6!Fj?lU3^UP|@@I}12 zU(2cRi5=Px=A3KSzym%-ChLm;Iym-ib)8j8&F1-B${o6j7+>JKZ*Yx6zbV$7<~LPs zy~CEfajQ<((Zd-l`0C zA{+^5qgz+otbJE#Ka|SW@S{F_di~jeO7Dsu|4%71;`-M#EMQa@j&6|s7;$yd=XSld z=QyY3bY_YUZ&{#U>-~W9t}*H;zN5EA8g0){hoKm=?g3w#w*^58%@zb2<`^uC<* z!a`D=^0-AX>=tL9`9)dPhlR79NvQ8~^HTaPq%;B@4z;gask2BntQh_B>yk;2u9FZ{ zG|9yHOzCdY$ySeK_W7O4tyEvFdw|g_^Z!ojiv3SZ-h%(@_Z!u}1e8*5nLII&zfHwj zlyrDRHDs7A!yiC?ptZ*=^mQo^`Q_XPy|#(}7Yc|8nJG)=8Q51&dFi zU!yL*k|$NqeJk_&+{F`zliIyqUFj|?50BuN6xP4yBqn+OG)rhbvT#9sujj*A(%Qg& z)EX!*Pd*LX__@dp%t#2(+U_fYhtf8tZr;y)abdY7_X+IgaJ-T9=g=AX=LO<2n{`Yise;a8#}c-fd^KLAR$3 z9i3l)DPd|6SOEkTY4b1c<0AQ&FB%4WSrBm6i@%`cG-VjP$cSAd~E~A z|GR?&Gos3Q6<7?8#-U<0CD+~LI7x|P&u7-+4BvkfUhSEHwK*9ynh2X>YjpIt6n|Nv z>qe_O0U{2qFlp4$L7?kmw(@>Ye;A`v#_pq(rKAJJ!98e&z!-3Q1d)>NPEh0#Uig)& zGRuWmt@+U+XWZ$%L)?86O)b;y6U^>fdJZdXp`kiDuFZXtFL|AJwSxoP^6^h?qf|~4 z0sav^G7MpY8)dqeTwGZFtI>_fmmV<4pA&xjw!(=;zb>ET?mh%J2kgRgx^;@cAbI_|0H-ea|sZ&djJ5 zf6BYunn1_EWpK0bhPZ!8*taU%Sao2i5lvxo<;mwny8^9kYmzX@A}F+fvB!6El>Z&l zyMiS&r}?{x2jW8AdxZ0)8Rcm+=byhj&K{G@dXS)cP>5x9deD{a7!QZGsfLgV)ut~+Z)a}jUsYNG>F`T_pvZ;Vr^`smp4$=BJ>tQ|YtxU*6!-Y9 z(KdeyFpc)nYY=Mq=>ZlM(XNJqA6renZ!FCdZnBErYh)MKvFppijU7-~mkzkyvis({ z!UY^`Uij|XTr@?2WVN5EvU0g0Z{1{4!W=hUmCfx;PdIofY+rUAJFG(gW77^I3vrf_ z!v!VvvBhG9lL&zZBwL)z-z+PWIFl(ES@G#`qa~gU)%HzO6(=W?J6Fs%?B+bzV2mUO zD9Pu{0G@x3lH$N#*I$RZG=aIwQVw--BHRaqhB-^R@UOkt$YsN_m`4!D5? zP?u?`@REH%(y;AXVFtvKP^gAqlY(;`-B%~uhl&y&{RRwiJWocOlB7eJZr{{wTWjit zhC^6okuJ6Z2pRl9yz&(*{aG2EI+sK3K#ATt)h6Gc?hetH4hxb;q_PZdYaKT$|3>1W z8iE?o1xU9l&v?PXXoI60#$)F&7aGZHR1dAzs1=P!3xtwEuHO+v%L>zpL}V^)@w9W;Wo9n z!ul<6um#t-aGnQo1;wrblNrkU-{37iilB>3NpT@vBEH>`{R zJPR(O2#_dIk|PerU{Hp+)+8DIvOVdsYs%}QCKcb^t)d49FTcApP`wMwKH0^g;$V=M zkT|4pJ4;DXGH~)a|9~2Q+B^{vKMnt)C3{=@-D^1$Xyrroln0+aX5W82c>eet$W^X# zY{3)6ysI;sQiZS7gL6Ku=)P>qTroEo5>fP*v%tcA*~UKAjEpQj@|K#T}B5}!8<(r~Wbtct~wNcrXdME^=cS~Q0+ z&j0zvm99oAzBhi{!`nnD9E6-Ub{RR(`vfq6@RwR+BVF^2Dq0F2wYjRwQ!{j4fn&MP zG};69zCXD@ty&)8#P{n6WMp-JDRHA?3`OA&o&Yg--ay>QS!YcvMLPdfq4q4x)pCF4 zdT4ds-{GT_LZq?di~7b*N3m+DO#lke0tOqzv{F=pZH zgv@FpDfS^W@UMHUXCP~Nw)`IT5P1xUePQ{zE}uj~<)vLTE`sGWe`cN%9&}BT`{^}Zx z8@{WHXNzl>#M#oUz*8pg2&_ME;ILY*FOt416e;Y+UfN~B#LmPVOB&S_#E+SshjsFi z0@u;8zco2Leac>`t_XCh`-~o5PsP0z%e|^2Y+PfoRpy+udDA$#lC?dbkD^LuBh}%L zx5z-uF1*OOfITGuZx7N@dOP-p@hnFPwW~zBtCPGk}A&Z z5jyzQ{RoGmU)g4{Xe{ppc&5afWW)5vY1Xk(H6^GPqsf!XPp{AMZqwl!+N%9d#TDe; zDW54f&X?YL>tNPQS4q?*~ zZ);C^@lJDd=IZ@PHO9|Hb}f?p%BQM0wm39%yA%qJ>=70rNJM0m;Tp9ks#cyi{7R01 zN>`h)e&=Qo(O|!v)@P_)P%8xeNVx$xR5MdJ5Km^ofM(IdnT?J~_q7)N%JoE8qv6{W zP1AAR4)fs^7m&)#+R>CM;HHT|vQqBAyU(zHtJBNjKmeo|X!=@~>lAxO)QEo85jWuL zg3r^$CtJBWZ0&l0hXK6uIY?$nO3K1T-}AzYT%eiZsLl7{H}^bSb-*ONV0LAI!dQZ3 za9=mKeKNk4@$*wx)|?*t?&!|_-mssAllkHvFsax*;#f4K2^E64vF>5@EsqV~6y5F< zh$VW@luXEkXUtYHNL^n}9o@Wjb-uhD-JXqzu53-$8;!{)#{RRFxr zC;74~w`^u!$MoyxHej<9{Ff6I=RK!l({OoNB>=7PVhesP7NdOV{>SPAzHl=ya8p6= z4nKKdDIj-XHc`)a*RBmvr6bjy=^Nu>7q&VB5~vJJ6X z>P{;JO-M%1 zw)sc95N$sQzvh)vQb}*#rKwI?%9H>Px-{XwMiOgZ3EWpBCj7Ad-kZ}W&IwL-?;eFq zaik9!g_reXq7)&nKMP{FrT-Ot_kaE!sa!%Z04qpPtJ%uNoCL_@w$>>4@JVv-kG4o1 zox6jh-X{GBUBEuhAD47Sy#qRhN+>sj(mL7CQAiKA=vDf^Nikq1{AyIm6ymBxZ|h2l zG+a@dKCS+iRn|0)p7jJO-PJ!y-?iL+{uS*8yF$K}xo*~DOXm^*i$JJd^xQR5wP?=X zIb>&9${4R79B~!?yUx5jb|C0R+j0h!ltb?jzzyNmXM6f8HW$xEd78TpJ-YXhzJ|*_cu4dh;d4KhwUs3macOYXWHgT_xDYl3$dM3K{*>HEF9qQxl1y%C%hgH~V%`hxfI`f_&^{v3WD+)zx~~ zzVmt#3t10u+jS87)WyMw5Si;yeyssV=d$Mz`e#_gUB!=S#Qylpti< zb8r$<=c%@Ac0=5iv9_v@%WBMwUr^lOkOd@KIR3BieII^z+R6|??*O(Pmcp(l621_5ghVL@QIc>PsdAxiHsW*4 z^BMkJ@|cj(jrsw%!A*`gR9$wD!N;V1w{^CKDdKqJd9iL}1BjiZYW>wJ=&_*!sNUf9 zkW{vQm>G%VOu@BP-2iKD@plwv!)#~q zzP#RZ-=5p#qvZ8NjmYlus}6_gXz)#2vg3JcCp&4gU9ODepr34salKJ_zwx*!V|?`O z=o>+x2>5$%G%_-CS#hmUi z=_B@)&qc`moDE-xKFEwqFpszXvg$B82>|u}Fb|D8TP}VZ_lHmkTv* z&VrE_#8{{?dR2T5U)#8|$Y09^X+u!c!~F#hEiX3$GEe{Gt*igSui^qrUtdRVdz0T= z@mqHj#8dU|7l<;~$!k(k4M~1N{W!OxFlymf1gq{J^awK(Y@^$ii$*tA+=#x>jjn?y zk;i^`VEQ!Uk~d7v1vlrHFBU$eV<*9Pt!2#-~i0s!w)Cxth{uZUZcSZ z$Zmgv7jABEdmS3Bj_O6xBf$7@{439930b)m&nLj56nW%T(~Og<;SVPF>$f>=24fk&EG#I`>uqhHM)3+gNI;`Fz4)_ zk&3ijaiVfoe)SRN=EFVKLe@TeMpnlAecKmY zN5v+LCT5{9R!hH5T^O!?_LS&8Fc&k#@^^34EOFcw|B8|!`Jed#j(@Ot@BEAKo*u9$ z{>nkL{CSEe%1WBYFL00}BJ+)%qxeM)My_{gahj8}vj_8l$!8(N(b~xXTkPUX-LL8t``3iS-0c)8fLUvfEvGGkgC#@{CiBP{=AVQh6$c&B_I6+ z-$LVyd_(y(d09%`cKvx)mJPeYUawVRztBN^?*`88od+9WfNmN-iOdb~t)gNZ1g(W9 z544&>1>=6DuJESRw_Pb0zF(0s|IKTNPl#Y!bPVF|ykbed*GMw*#4+6_Tlv49d*UiF zh7p!9eS5cmd6E00tRFXR$hT|h+6|d^V+aR(`+j&w$Sbx4!?iP+fU(}>rN@~4A7y^b z*{)LFE3OUNJq7ij&<6${HoUJkj9`$pLR)&XJ~PbYxKHpj%Wh-FX zHU`BqAdKu^&1DZnfJLpXtw-S{w&A^pgJa*>o~rLSLa+~Vl}Ehh4tqxq+y#A8{Exoq$lS)3FJmO^Mwf<jp8*9bu+Nk06X{^A7g@F!g!h$PJfE*;=+ zwNl?69!TGLk~XCLt08RZE8r6H|EPS!|GPFdfH01iup-_$k|IKSebg;1S9cbihTIG) zSRGBhLU|OUfFLN`?kULQbLP{0X(k8k?z&-{$WkzpF=YN9DuO<89I|f)IXWVu|E|FD zDd_Egs4Vu6;V5W9>kZuQRBZUQNobb%^82>alix2iW%!4FyfJJTUNkUSoEmWe)&m`& z3r&;=Hgeexgq#lS5<{Gjp|))8`py7Xk{<50C(sa;Lkvu6vKg)Wk$^>}S}e0Zoqt=x zKe&CV0~5Pjmg}S}iq(982~gUUQa=9pb@3vt8^U`2i5U?WZ#IFZ>SQKCajNkR zwlQeVf2f?>Kv8~;*Lr^zxD_`iI^FFWG2gl_2KRknGFravxh*pHGl;vebpNGc5*U!} zufQJnv#|pGLcIyQ**{~-&U#;*6L4Ago{B%~9TJB%L@&iNTny_HZ67`&J|tZzC2LG} zUfvPrb4z0S*;Kp3V`^Bs8pb`nc#O_&lDe_n(fMps2Tt9YSWx%O&B-K5YBrdGEDz{m zRDp05RAEqIABMJe;TI+eQ*AW(4uRtx(l@31hsst`P7suXqG4?($>4wdLxsyt>aXY! z{0>m4+-Ead^D))BnKZi6+K6}8n_#KV{4PV=YJ(R8(l2}6s@aUgn_;sNM#uz%LWh2s z2T^C5GUN3fY#s$m**ecZH>UyH1a522F%cj{1JVUx83%A9(!^K#1@zo3YRWiP<$3$4 zlp2*o^mpK7|3vkjiHeGjhWn4l<>~BMtiulkH$Dkl(u1ZOS_54o`Hnmum*siTT+6Wa zWiZ`Wt=ZL}eRG`FDdj^tpQMmkgcYS5RQsi|<-9YG_FXaONjHNW%w`kw1U+r7Cv+8mONm7g&^>Y&fW}>T9yOsj#-q%IQ`$xP17E5`;&}}|^l1W*0 zf3z>Z&%TnBD)SH33)=E0tDOWX*0od~ylWwp^#VKX@_l zS`+XwW=2!4xq|q7as~H=<;Fewit|g)%QrPY7=OQia^ohz@Y~(kTz5F~S#y~FSu!e% ztJQ2gT5Iaj04M~$5P|AHFvb1=k2*`s9ptMP;pZ$uHQa|63zj?eKROmle%uye{}&%s z*@Qt>JUR9}6Y0ppJ79+72ByDB6zYyd43b0JuMk?=XP? z-*nVyL$Dy?CLlN-)&sDX;>fBKGJgz}ixf4VWcp=1`|LL&9e=2IX3X-VckO~rn6~lO zhIr-Wr`mVN1POk7CwSX|JjEJP1dsw4Tu)1)l@8>F+OuqBHa-q)>r{&7JL6BvNmLiU zQFo-q-e~-fD8CE5_+J(|<31cnK-;4iN^ra})d*W0j85k?_fMo-iwsP5FBPYw<_zE8 zN>Hs4ucKuiNYzJ`{VXn;?Q+P)mxQ+~u31x0b+52Z$w0K~vD6WZxghaj&Bw{! zKz_(xUp&>&zvLYd{E*Ops94Be@ z{d2bWFWyQmx)kiODFgERVOVs(2ZN?6K}svkvL+I$&LO7xtmm41>y3h!849{|Zp?|S zZgC`|GdVId=|-7B6s+*9qgT3VQe>2es+ z6a!9G{yR-K94I=Ed!n-k$HuLpU$GKYzGYiqH|XfFX&}`n{CxY^r8D<-;a$=V!1El$ z>60Ia5l$ci2{UxL%IAvizL|nQzU@IDA~XHdqYq+gdeh_%f3?5r*SB6cd@DK6q+Bv2 zfI;zY*yw$-746(&#NUR|(bk4Jwe+=ElXuIt2Aom;lD<1TnlgA@Kn9@Q2M0Lf@Qq)s zAxOshv6!BSr)MMOdsAOr!Q3VfQTb~&SnpkMPs#pkd3`IWdmxppOyb4YVF5cXIR>)E z1fF*YNMacAm3{elJ1lbV7sXD=*M4YJ69Wd@^Uc5gjxG&u$sLxH^Yzf+tU=^jh{ zV!Uy5r(I2&j#Wn{d%N&*qdyF0rz^<+AD<}JlrW+S!JV0c{eH2UN}kH%3_ zG`ePcZQ8+NzrT*lTgw- zGTqui-mPe7R3gfet$w_%3JqGCknhHfui$nuXAmrT&3Ubl{Zq?vy=*~YPxA7uo| zE*pU)LxOOvtoG(wOY8gFZSSGC^c=IWao(|PzbD>+pGFK;C*h*H*&+cEka}_aYHt-Q z%d38V&7TkA2?op``hOP3q?!*2U8z*Kt%iD7kmwv30i2zGIrIU?n=aeP;EM!Qbg(Gg zOy`U(TGM#{8p@wokrg~Sb~QaIT^e=S-z$H);M5z}@i>&d-kP4?mBVSRp&LBFFmHMP@+v52w2*nxPG z95IljivL3@g&Xv!5Iy0G2?2B&fjNOQ-&e0j;`BumA%9{n4bJeg#M@D6wn5J$kd7WI zxKkV(b@%p@SaWd;6wJ|lJ@;XAxN_HF&PD7LE4tgXv#B7_-;YUbR0$Tg%HquyS%F7B z9{&U&F*UpF#j~5(&DQ8XPbotYIgKGPCtatDEjK;ul3K-Y`h)dtx$gL%XIl<6hcZ!nVrMs9Pknx8 zg5DKmT+y=2Dn@tuhZe?gJG@`=PhlBWta<+x8zW>^1xK%exE`Y?O-MU>N_UGM8YqR> zDb+n3lMZLSM7%A;%!pIUUkF^Y2_xJImj4;dn*=3T8s7QV-q_j_E2qAr8tZ(fFf4QU zODytyg~8slE&F)qhL`;O|9|)Yf9~!_{9ExK@Z~?C#Sx@eZvL3)L;8Y?K{&5N=(W8n zmcF{>#06GVK0vyNoYR4)^QUV24egjER-MqmgLk!;h_1fbqbysnlcv{O9qO@a`JUz{JR?Mo^K|L@imEFJmdjsP)HQ1jkcc@@n@0LG zSUrQo^S{Q9EbrQGquvmrfCaM16);{2#M1uab5|M3clNeuQ(gMTB@Xwz=Y~SVxR>70 z_v+0EPKJ%`$x0V?mf;15r}1SY8bc14M$l!&y*c#0>g zJ?UXq`MT7sIhRd>5U-tQX|munklZeS>(tr(A5WF*Y^;}8`Yy(5NfnuK=?ia)a63IS zjt^xCGSL<~Xf`KV5eH$>x@Q+;!0f;Bc@XUJldm#5ji=mHrgBGeY{fI96}Ux>6SaDz zXleCNKwbItnhu1_by!b=Z8wNc7R*Ls!cq!(suW*6ZRh2!9q?r7;o;J~TstJ0oFd2R z@x;9IRv|Gmwsg9-_EM4{so@NQ5G8H06xnhi?yy!#guHNjE0KZO;tsYjbrDv*uJ@z+ z;r2(TDug6Zu~n=^=6V&A<;Sm1OrE4ye_<0p=A~6^`kw8as$;U`TfJYA7NX!bTUxs1 z`*qLXxd$1F2G|JCcQfrKB0XaaSy1mbJH94}cw>G>hon%;;_mLT4bmk50 z9`Jy#E<(?4BOoN}3b%1Lu}7`o>*h{pEbT*T>4j#uqS;Fyuu1)(GV{5~%5Z+8pj@G@ zjmw%%l*EFso?1h7Ls`hmjVY38di8xvgixNqp{y^>$+tE)~Q6e(H{x%vCO%;c0G(HMX!xpu@ze7NqU znQ9osgoQG|oxioxmPE9JimhA)3`5^H)z`=Ca#9<}f7|)qo8ge!o2oCK{j;=qVWN%vdb69oL;iR01e^{UlJq#35utz|=*@M;5u*x&a{4+&n%t~)pPrd~&qK&g z$lFS6x^P{i|M5&2B4_j1-vYqi|4_Y4LqMa}1xWT9NS-bqA~wjw%jK)5ZR?vxkS1D;9hkHK7daF>n1fOzz$BvNeBdXjolPtHxwY z1-~}Zg~nI!D{1hxD-um>)SrFJf2s1D-dld%l_k|mGgV*n3AnP8#Uy6d(ZE<1dJo)Y<2A zh1Vo}aT!ymX|Fd#ccJj5k4T7?)TN8m^vYuhIg&2^U=1DRh%f26b4AHo)~%!?l{?!l z^qBLen1;TmcrB-?vQQ%x6|-64#KYgS{6}Mb&;_G4)&3w4O#=d5H(_OGM4)%>>+|Op zqoR_G5-NxN;+WgCT_SJjh0F{-kpa|#MMec=cIUH^USWEA1imZWE4AnmACbTew+W5B z5kJ#vdD`Tk_C|@++>RGHX|-bx$h}ib`=LLgjQ+t1d)OYo#9gaL;FH%?F z$K0!z%b(8O)M73Z6A9HYW5N$$0Xk1uus|Ac$FTfC?Inm>WyuMz?(_1h<(WM2UG6_*MSfu1%7*Mn}jYDq{6wCm(`u{GeSKzxcpf(r~((WoD-B`I3!vZLRdnG#}~j z7qn?yt_HOzua^+H&(m{yA^21f_2LNymP_>X@s)1ch7fkQ{WT!J^2X#Em&|7W7;ObE znclX&f>6Zs_Kq<@LfgFxEO#(c?u)KB-^&8Wsk6s^eyXZtuc2D(Eg26IqMS`wAsw~`PxbZpG=yacZbX059m2>S zl%Ua5^Xll==ZsmbQ{F62$ssk*qdi6As^*@(vGCn7rPlw(-g`zh8Fl-F&4^b!H-0@6VOQIHNsKtMnV9h4>|^j;Mdr1z2_QUeJ{h!Em=-u>a8anFAD zx$ho(-!twVLm&NMMj#o_v(}n(t^b_=U)kOw2-nF1Ap}JzQyDC8@a|M-Ze&mM1Wv-#3YaU^ zpwY7PL;F(<@kfIJ?{Z}Su>y4w%A9f42YN^99;J)OlIk*iMe0WHxDhQx;EwdDbN1|2 z`N$`m0?a#sW?y@UMivhCoX-?P(+2|xN7h*5%G0VTOwd!Rfv>^!CPM*+q95;kl5u1KOu}T=Yx3wRT*E1^NofI zGpKgdE_(-s1Oz;r!JKbp{dF~b@848XVkP?`{OYlLiFu%7tOXZkc(jgRu|aKr0ka<4!$)LlWa7W>QOf%I zihNKTOc4p2+t6|uv*Rx;5x6eVCxF#DFw!N{XEoE}9-xzQZiE83!FI}{r_cnNOM zPf&L*Cf*{@;zZlk0?PV+jOFjZh22l6e_njRJ*282-#AgHGbbP~fBjnoOjmJl{}KoR zxde7GO=_(f#3-yEV8qt>z(9Q-jrw~rlW|A61s%C-xAwpH9O}5Z(Os^;N%ihU>^WHu zjgPRLonBqRPBjGufnUN#eAswjq*BS;?6v^i$LnOAWOPBS50n4bDzyL1|6|cBEBh<9 zw&fGQ{J8gdYn`F8EQ;oa09F@T+>)bftg(|iZ46)P?vEaS!wJKpNgZ=^N%_<{}jglo5 zo!kttJ0h@hu}(Pb_9rSm+6!IRiH0Z`D^V9~yx9kiMbs^yM5&vhRT`qLW_<*jV<)JZ zniGTBC+vHZ818>z$-Hon?Z)}$B}iL?`C!S*anuS6K@9boL_r8yL-ZR-nqIcrK9zoj zfUzdtmH+0=y&pO@yqiGoKF1cc7In!V!t{sC88Y98%1RKxg}fw!Sf5oD{myLS2(h&6 za(n8}t=N*IWBK3&;&Z&`wY?(|1|$MsBI$?<2=qHJcgc8D=;+Gag8ql|k3YO$4t~!# zqy$bF+Wh66$8L^3b)Wu644RD;^MG(E+4GFyViUaaMtnvXOYt9l33{u7F6@~8L;vyG z->q1=oxp$W)7KDeFjvqE1ov@x1PrYogPuB;w0cP!!Z+~k-8Z_l+Xgce{g3Y%4iYoI zEGEwytMtgm%z~~|lH^VE`$=-O$TME?&0K!!>(0rPxj_w!e@kM< zXozeCw>494LL6EwCeZg2A$q`M!t(^-*^-5kI^?qYeSa9IpLO$mLAK09auf-lJHS7g zZTDQgtOTK$H?A~%>a(Hg-D~sh>9_VT(uKp)#Zvv5%UlemUoS<->1w(yS*SOm;(B~z zVHc~AYNoNRDtL9(fzRz7W&r^KKS#;Q>;0rkLNz$t@iq4g6OC8@Q@QZJ%b5$Bo0{61 zGG}%ab7)fm1~99<>Ww~0@wF&M8g=Fe0L@8sp411f8_28*snlLG3eLn`O({y-$6?kv z=!Sn@vkBmJV+dv=8+_`#a7);92y{uNlLcr~RA)L<4V5&QVUd%AFnZk|3-buMG=6o% zbU|!cQh6_aGbJ5N;WEz7rq9L1N1bVx&|E8D@5Vk_6g3Q zxKC`X^1C79J^SHT0N|Zhu_5gM8lEfCO+1KrGvECc3J<0HMX1+8n z0JLy54XyR_?wGKvAtw=-ih*nk^Z3PHaC1+u<~#5Q}b z13m=ixSQ$xBnj4SH@WxBh3zK{TivxI_=oH@>`WDmvWHD+{~;3qB2{3xDr}5Et$4krx97LbGo{UI}BB1Zoqn;+lX25<#yynnyf-~07>+0V)^fx~KFWJlA zeBy8Z^*3Mrn@9iMcl_O_{oOzQ``!KD`1m(I{*8}+_%}ZOjgNoh;wBs0!_;biOH`U%yeDQzJN)A9##=`6(u`lXyvD8Bp8>XNo(r$yJiyuE#lJyMlAPg^m}?H;x6i9u^dj&3 zt+Lfcrp1uF~0w=zsC02(?K0untEP)UJ$VXdlZp%rhg*el#2fv1`c98{|yQV zRzv3`h0``Psh$E4=pSnHzmw_z%dh=VlI0J5U_hE9eeXQ%`lLB>UUZgi`}xdO9nl&W zNrbnw@!{+vRM?x?z5{k4vH$*d|LZM%|NLj|VoTP?=sZA+paqTFtN|7v83uYX zlzwvWU^Vqb#ko_wyy;V}Q9upQ#r-dt0sm*pa{leT)!O%Qn=y)T3>-s$AbCcy*R=p{ z$!Lc+I)6DU4>|aJmRq~ZHaqF(OPaj!}nc$g)wgrBX{`D4mE%7g$yXMtFu&FWutS zQy*y`Nnl0#p92jIlrN+fS^Obu@;&FUzrJnv_5Z$57Di}r{CFHwm?$atAAav^yM}jE z6UqKe{GTiE&}AjFOn`b4>^~B9Rm^JTTXX&qR!7C6t?JJ$9u?!H zCAsymuBma{p3~0wu7!ypH^(LAt@gl?9zeGWakPx_24!5084=!=aoFi!4Fc2PZLqVNyd zho03gHC4Yhjf$FT?V+43ync)<5`g6GF-d;;LzV!akDUMElfiLr0<5$1lPU8UbEX73 z+lwh5BFY9Lg(d-`63s=t?596u{cU@lmUvh$v+wa7(AkMNIeq_j0NQj0K=}w=`A}nm z5q1_O)8T>oO$^dRQcX{9B!_%19aOUxQnO>Z&Nnoy=dUo)Sv-!EZ6MV2+raQci;)9( z5FslfYnU{4!{rbE*g?FD(2ya2q4Q{iiM`$(q-;Y#I}&zWTzPFTUVw zZ(?5~Zly)PaZ*+BJg(s-J|$>jC(WV_a0f}hQW!}noz#WpWg*jz+U@{;BMBBpuICS; z$1b*ypoaQP7rgpb2)AHR zQp!@$Ss4gVk7Gxo!ShLdEM5U4p{LNM)1Z!}N~buYRs^1G(0`4o~8OXQB}_ls$?tr&^3Dopma zuT2mQw2QehdP_rcpjydvvCD`M{)dcy;-sIS`~9O&r1=)C#P*AORv&+lCIu^i7btIv zs`tuY=Ymt$VwqmFE8!&ZG}x0DMEegth1)qbF;zm|dK;-u$n3|KO&Q6_6^EncPpy2^ zFVM1W+N_i2x3O+!gb;KRjLsv6Ei+n?8xBWLssABU&`-R0s)u4vPx zxS!l2)#o~6?Vaq<+Y_3SM78glLR)vn=XYn!mZePmu`R(;tNJx7*{O zP)>rRXidzMhI7FnW4D3UjD*gIX~BzZRmC!tvezipd_*20+L{)MZ6n74B7 zhPpoyrhKO|oFaR6Cx4@_-g17L{=;S?j2W;tSr8k{1DfJuxX_n`do*dW!DUwy7|X&Q zwPp;~m)jg^vfr{$i?sZCk5lpjJVFTj;Gj)gg@e z87{>H9tlrKqZ@|)qen9TASY4IO+i*-*3bHhUtVr%QL5FmX+vrAM#=yi#-=lGq7l~a zAN|tCzFOFz_KKj8l2D01WOt78Y^|(c0^L;t)t)kEl$`kKh)G>Tyuic zCoG=>+>v&d!8a#NrST$t6GeXEmw81>?t?@C9ux;-;#glzIEFBJ;+0?Pe)Qs}Nit>s z=26D0UMShq3Q@f_3h{F>E`}>``gTEi&>dn!4lLvC9{DZlCbLrB$Mmk?@Zn}Hp;*4R z6tR5qLd}Sjh0auOtiq7Zz+P?VJE-i(&yc6$BK|gp4dMq~0y3&;a(1SBFt0G6ffjl* z@l4a%{q=AQr{=?w;w0?hyx)$5OQnxuAec8&H59g%nNl_q`9+J%QALdZ^}1F^1T+&%uKPg$W-sk z>;KVGGh@Vav=xDwjVSm0l-sukkG=1yDqS!bIUW#r-=mP4kj>j`+RV1rd5J)Q0;PcJ zBmR(KL~-=?)4rO5JEuOiRn;AgMH;OhHJ(0{!PwicgbaiZp9e0c#?n1}L}zB`DT#0= ziW1I05Q+vZ5j33=p`H+`P}1Q1LE7hGnI}qWY!L{LPc39&Nr?8BJ`T?^o^~0ru(Ftt z{YZzr!QYHVmF>M)Hvos%$j1M|Tr=s<&KY_T`>>trw^Q3g7AAh=X-rK|P*DDk#f-jp z|4jN2?XT3-D8$#q>;bX-ajbr9qyT9O)KD@OukMSr?6(n%f-;qODr_%Y?)+r?8#(EI zr+rebg46MJYBc9kR|vzy`tUNq2w~EKPzKB$+csQY2A+wNaFukRhhxuvTqUm3s4ZIc z-N)%_4^4j4C|y+dg-{qlY+xf}Xs-yxW9y{8OMC1U-axvxN&4QL?iE5=96zTKUkRFz zyH^Ly-|;g8!aI9i_SihJhL@vzEHs;+VuRX)U!!hOru4sKc>HgZh(#gL3%*!^){m3X z6tnSM5bOK?^QX5$kIkzz*Y~LSy1}ejg^%AD;7tPgWKo*O%Tzu`kZ3r7%*y3t%moVj06!Q&ofq0kOXx}et3y{ zQ#!%RVnW)-MNWD@S25(OmD`GoTFK*F(YXUDTE{OYqbiJLt;8Tg%sNmTuh}@Q$rKtv zv`1g^Kb$q4q?G&O=jJ2RcfF&3Zu9HSHfxE`nJx;hoJBBOfM>v;Ni!Q)I+j3ttT$DmQ^!N(BM2rE@xIPuWW&A8fAHs9y?Vi#CbcF}RHJ zuwYqn7EouWAj9PlfXv|9d5NYp^dSxst$D>W7{UaVT^nj@hzKy702rMzL0isXcCEXzXpBtHuSMHc)q5W(5?D!FDw(!V>aIDp zEc6F+q5-4=JQz&%i^qsh=o|8Yhw#d@Hq`6ZbB>(D?N0^EmOrh8ML2vEdZTDRzdgub z%^o3*t#T2aYaF1r2;sQ&GgZJxSFZJil7^AVQl@3FrJtcXhahL<-fzF!Aj}Y*zvKW^ za2>V)Jb~}WfaN+J@*7i6C%ac}F?J>iR#vsN(4bs7?%Ue@)P`Inv72>}MwsW8>j9Jt zE8E|72{`2(OK9r6+C`cnq_1OyEvJq#TAGgd?aH5*ZEsUsRV8KIeQKoqox}6h5ngsm z5o3gRAcQNw9UdPj$qiF}hYr1(c2n!*h^^jY!O~sd@Jt2jp1z*dcLVz1gH?4#_4Y{? zw`N;efv9(oq&(%vwideK5dq4yg2uG|$A^dp#2^3+W7+KmU(&o{W4%H+8#o6BA< zF=W8HXcFe*8+Fo}OWD}@9jfK>7(luAFeG>L=VtRgWV%o7XOt0eeap3`AGW}=M%@pi zc8BpHmx08C2{%m`FPy2|v%K3pacuoNO2uGsC}wP!cGKNWs_puD*AOTPapfnW0(CII zyJk3vftr4tGpzDF9WCN&jy9NBcjj)6;|zQ3_nb!nnqLii7656g93NR@BHwy_oisH? z64;XS7`_R+!4>JkXY&1N#2h0Ue#w|00pJg)aS@HhJ#N#QAghrwpY_1&OZ{~pPl-F< z{*aMt#^%)9_585LG7T`L0Oq4A9*_&2U{6)w1ZkqJv&L*J)Y#cmia$J8bXlWnpp{8V zbL=hKAme!E>dUx60BEj4v?ffVLD4X>AbXYGR^KRT%ve0sINZJUCBg?t7i|`M1mreu zJsNniVVlt#=Z29}41qO->}?iVUsui9U8vfh-k2HX6jESOll+(mo7ap@$KTD6j+7yN zKNa1L{;0nm+YzJ=p4;zF@$@_Y{_&QghmRL^>MWFk(1GJWLdzz0l0$uMY1N%kxuHlS zX;TyJOPw{vqdhuk;a>G8pKFpC8ka7-Y??L4HXN1~0e6G7iQD<2s%7sHe^Jx>s;h3#bju?*qkkvuYyY>(b=Vh8C zhlq;ViqBA>k-8Sv>-dL^Ee`JsTyDfZAVJ?lfPK%zFkp|dt}KM-Oj;YM?G(Jbe>I%H z!vTzjEl{t;MGIdSpGTxrc&oA#(a zlbo;&=hoI%s)EF;qkP45ch<|fDw$}Y&IHT#-$-|LHguJwjVepUj;xD++JMh1&NvU& zy}4kOubeg1d6H{23pHy8G3snsl{Fw4u2Md_Hw9JK6x}-YM;>=){;+kZ!V~&yD?`m$ z^B>G^XYmK7^*vyee zRacr&U?z`Fj%g^HH)BbmXRAxAjl-hd;++^dKkfvp;Uzg&krt-+Yu7i3meuy53hR(= z&;rPw!ZdCuk`LaSch!SNi}xgRB*dK;p5@mPkbXW_yB+g6r?H?D%(F`8&b_UARbF8g1lSkSRDJBN ziTU#aBi&8%6Z&!yw`!)6NL?t;w68iJ&aGz^Sr)(lxN$;LewQRUQM0hNXKO2Nr<}ph zYoK{hTT@_p$`b@ALr*gex_U^eJHn63=aN0cJe-9k=N_pGdk=6kOo_JcQE12 zaWWajga9KXKR@={Oo?NKwl6nCX(Q!B=FNqThj$JX1Xx^N9XoZ}OT-o5 z>cB3t&?duKU+>Fbl#uU-4dn-E?w=_%=ZjoeWBbB;DB0c4apnqGT3HSrun^_5Y{mu0 z_qys(-<5RQmKKm3hhn)GC=N4USsZphcz0YQNeD+D#8R)rqZPXnAs6>MnV~vXGF3#4 zAXjt6ildE}ndBPqbhg1M6pK#km0*<%BW)olvFLW8uEx#5ilFbm#@Tbr2u|T5?5W<3 z8C635xJ%6`BbNrUDD$3;f6nOLoZ-Jp*ucVinpBZliS3TX9+s+C7WK=uf&x=Vd_{k_ zx--9iKd_NtJ^qkgf_9MV=`+iuATSFtctWOK4JT~ShK(&liB3xsC0Us}FcTw^5}xA9 zs|sJl=om5WZ1ZV0oq<@UK2wU&P5d?iRY@4qtDhZa_)-p5lGnowH5MN=(Ri- zSv-{!?L8B@bo+$5dVu+wf2xNl>tU;^s_B(uxO_Y6Mq#4HeO(=$du-+p$$&rC#r;dl zUfcbG%?F?nNt#!;V3(0hJoW=>p&>)9D>1IyEVpVs@Zvt>l27P3Yu?TW|2R>%M1}^S zL;A)z+*MX2u(R13Od!VhU`ASBDJGv`k*r3BI0Fp)#ghsVd1WA*J^xXrbpeho*W z#u|d#ePOipMebf^ll!D<*^2w5z~`ctyDuD&kknPSc6uCQkXsq(nxk9CyG3_v3S&D< zJjy+|N3*LvXz;+4i1>CzM2JGfpYh|^^Hmk~=+l*$Y_{y+G;)cso?qztclYN!UI8-R z#ec5x{Kpzm7*jk^A1_O|3r2q;eFHAwsQ9fL;yis5&>@?p!OIxiAI1f|jyPi}Zz zTz?11#G3pnZVndbt z)}5O2j*MX=w$>X?e8msy9p_fBJGJwNR{AnTe($1a_dv5@%VN|63U+cDl1JF8kb6Ey z@=*qH@9x~9B*rvT{sJIePXLb_uWkf&J9y2M+`}S|b)4vd#?bfKEDypdgLORov$J2O zutbey41Ig8ef{Q=w(WTZi5v>TcI~ZK?M7a~;&V|EmOU2VcWka!l-ib*V36M$${%nr zmuDnb^|3n{z5cyIL9Pc5-H#~pUWd>+gw`E(XSO0MI|U~(Y4}}ZYx0)Fh1&%#k9RI- zn&rJqj5EQVL>W8@5Uo~kcQW7{T7uTb zQeb2-_lUqtnjk(xFqkehyI7DiV8vE?Ip1H?esE*d^u%eXRGofpr6O$YAW4()yh>d^ zK(sLxmj%H&WJJzVJ1xxLK{b?P!@0ao6sFny@~%Dn)m$Cfy6vEXebrL4%g;8Ur|zZyZ5@$ z&-PlR{E(X6#{~PIk1yP?#{cE&j%~byS>WKu4BOp;q(Ugw_xQ@SI7l22NPgH#GX)HuCm6)}N zoffrdNIlG_mZvz9|F9UP)x!g3g4$!diGEnuES%BW@@%hcd=k}kS6p@FaA`&)^ix{5 zSnZ)x^TInJgES$Z!8Pj;M*4d#J9+fy^?*HS#d=6WB$rW@`|B+{Wd7+EccJ~hx6R@2 zE8kv_|2EQ>40|L#`fRqHkh`7*q(T>$c4izTaIvW+c3Y<2`~_6g6Z+EaS*h9idbdM3 zGDY2V?^%_Lak3r4dQGWAbz$CPDHgj0+lA69rr3VGfwa(~x1^2E2Aao@CzB^hhF1N! z5>7@`#Hzf4`5<0#k0l3sX?WT*PWCwssu3*EG$f^22U-yck!l_s4t#{vVta!218mw(CW$SPW(B|Pl98drn(LeWBRz&Xc!h57i?lVO zZgT+44mJKx67=L(Zc7Zt9>9Y-=)O&eyl|S_yT4p$F~=$gk*mXe*$=I`p=|Ligvbgq znEXW$LL!j_J;5lNdw`pU{zrrI_{0kzKRyTI+C{3!&_%-PAbW760wJPGrUrgARYQ6zFSwIcKP|ut1ZAihlUa4a7qQdviS(J46fND_m)~O46Zs4PhM7D74nVASv zqZ;**RhoTBnyJ{gPDucV2~Jk@rY5ls?Tt}Chw7su?o8gBPS>W$0>`w7S;W?IwU^p?cE8&rTTkSc6e+ee$R%{Z?9h#js|F zBbUBE?aQp!&Eyxa>ELhD49*R2TayPZ7*KxLq{Oc$5>E++Yh%ATU&IS z=axD9X@efj$CI66y;2FQIP+iN`PBgs8;N5FZ&~9}((yC9d{NOdv$|(G1Q5QSGHUUz zCG+b-;eg%rfdioiM|ZYX(`{6f#J%X5=0OsiRT^mvZRiQ75m#id-+{T)CB3gq{V0B~ zKtE$62Uin^SO^Byu3{un?{5!kh`5ukPNR%vXk+@h!+%nxEpSmY@!rjSn0&Fv=lD*} zc;e;`B9<6lI!_e&t|=ILW?nxjfY6ydIHo^qVVPNWX^B#HGGfzRI*6fYA$vfi#-*bm z1GF*%KrUG&>5w-aGDej#Y^dn*zHLG3fX0-(HhLFA1Ayv25mMGy=c7@e+xrz!5P`Z$tvmZJdwlKtGm!{YA{b4~Um@6+56 z>b!EE-A)UvYe|vngb|z?IvDPT23_u3e{b5CiQT=d|4b31Vq$LPm~hq7>ab2;&g_VC zsQe~~sUaK`yUGc6AA8x!@PPWIGZxd?b`fy}RJWZq+j!SCQDmF*t>)TCGMe}f)(1aq zsm7|6m=&nll};vB4p z(|c5o$D}bT{w8N{wp>ZpKqJP}4HcD?1!OfE)=v z*fiy}z53`e{IiZ3f3I@J()IrIUDzkRl8BFyUq}~oNUnJX56l|%1JZ<=revHGA``ej zmha`$JxH|tbTuMIm({}gpSkq@U#}g4mtow;KUvV?QhYkU3a_PNgdjXYqjqVQjtK`HLVB^R6cEpMBct{t(eZ$=p+Y(yw_HyZN%ggQ$&8F_|=+z+?r^ zX4Q*a7SNF2zkT$b;YS`-q$2^mw%TV@LlAR0h)05$<{Wk(gg!8zwSCy!^vVbqK{qBM zPaoC!=rBskodQ;2UncPG7fBW;*4u`dA6aA1!rAsc>*~K0Za&$N1ZN_^Ow#ny?{zfP zy)+aZ4ohOKmH1q!eJvmkEHm-5A{C-#cNX0Z?Qk&6u7bbV2(~T4-m6bk`Z9zt&X^L#xN=JRJ7RU<&}m(>st({ z_YbHNhCF{$Si?B1B7uqt3aBCAByU2voyA>(&*qq`sq_(>!u*I*bjgtvN!I%`xbg6Y zh_A2!xx*rMq*oON?^KPP$)lNutxr0@`xXMrxFniXBYuR(weBx5-2=GPB3;#}0L-~B znkfpZf?~trJF4cb2!80M_dz#H&5`caiSbt8+afY;2D_RCZy4%_`_?a*iDfX`iM;@LV=R3usCSDTu#@-32h2NGxB`hJ8B5lv4O1<}o1o?=M$ zHCyG<$a?w{Y|-wGGeV8^d8@8k;0^$}>f+2nQgCOpfsNBegA~pKfATMMjB3+0lz;(~ zSpR!b4EJ%ek5if#?Sv!ibGOGYOw2xMEp+o<_Ddvmt;e=t8xQa=n6I~l_;sA0NOI3Z{~yOrcOFhxb4;DNf)`ZQbSAbwX{~oK zT0^z3B^kX^YY3CcF7@)OeVDo6s+TNBZWKlSxytunEh6cZ2LLuffXW1PoYPV3;V`pt zzs|-k?{H^q^zEovjE@Cev0iF;O7l3?x{&#|j+D;i!P7Rxdy!&^U6;5{+H^!0cqy_p6Wvq$j4 zX52y5v9u~)P8zvfT%mqNZ<$Nvw)vaWC@+&vq4Ojn6HXR&UIPz=aT4@kRH4sK?6}Kf ze}y4=A`HC++n6?cSYN9-3O~M0Zhp4(cwY>&FnVXSPfPc|;Q#gCyGYj9g&3q3r$z}~ z`1antPx3ISn}ifW){mCEFYf`o@JkD@&?;^a%%w3rZSe+!c2>M5f{U zTz?CWM(SI$u8UB-W|WXk?xZKAY?9~Nb1=|zR#+nm+w>5O%6_zeGWH>DK zn#~4UKdIe%Xqg?^r`lixdrs8H#vbWL>(55=?KY`8e8Q)H3Ak7gASmOjlYZsucDAjA z2^oD#{!6p@{s_~i^1{T=|E+bF|Jo5kjpb{=))M9fl&$rVB$@VBfotq{EHJm`H6vH? zrVEji2$-zqbd_kxdB`u=?9yGlM&P>(5fwkcQLqMh+(G9RcLxzdAG%7W&vsh0oyXN3 zlV^ZxP7`rt3B1R_^Xa12rqc0x#N@A<=U^v942%&8kHVlY`RYs_=bqc(cX-OWnqF-U zu}aqpmR^ev=_u&t)e3{D`Kz1G6i0dV6~u##dvY8 zoHV}Tp7%M0&Y$GH|KM>t@RGYUJ?IkV{gjs!2m7H^tr3qu7oVZUgSqI$qc;Q;Hqsax zY6Irn`u344a#VWYN0@?}Zzhi#{r>OZ&ES2xJW14BWEBL})nf{eWW_$26*k6p#b0`r zDs-oRzNg%j*OFQ9_fqFASCLmCa!&xgUe6O;zuGfLx-gc1HK9z(&)wL+wYe$TA)-K< z*c0rd{5yB#($G7$-+oOS)j8QRR~Q%jM@{6jq@HAuIEOJ{acK_Q-GVVw<^EZV0@fV3 zV)b&9U)}G4-R*)I(s$TpbtCMV3D$lrwpzH!+ig(Q0Ur7|LG+SaU_IAEUuq9E>aREX zDjLT-<%kkErg)~91~9va%0lB$U1aQzN{Gwo2ArC)k6O@B9dw5vhITnVfdfvpOwqpR z#e_6_(*bUmjOnSG?BqLHGiawxk$Sy?6W;W9d0tCERSM!|7o+-3teV+u`^};`0_*`c zXTg4(JLaXNZvf@EDR=%A0T$)+x!-R$KEv9{`FyYSUNh^p^nUnelYT(b-cV%KqGmks z=8Q*ze?>xJdQ`HD>+&9Y(Wt)3a_UUE-3uRu%j^K^4b~14)E!X?X_rimW2u|c3}(zN z!sCl>>QR{v4^=tsb_x@Y{fa{a?i0fDw?f8Ox0PpAxF72ET|MTUXjOkGch?vguLSZDqrLz)G-u)jm+ zwEChAm-$~gzJ=9WJe*3umu~V+Huel*r1DA;#1txNjI&HZdTB_|Vx)^Rf9^kwQqHuR zj<@f>(4QW|drAk3?i3+VqghNyw6l9kh`RMLBkPPG@hZ2sPu}qIvRr@aH__=pDEmNE zb|ZKcdaW>Z;ZBk`jEp*jbsC+#+l%Nb)0Xvx!+7M|+4VMV_P&Aw{gz_=!C+*~OJAfZ zxi$2rx0m)*)sIhg?M+*E(l=27J`el@ehOk!g zY!yYiRwCLn($7Y1vcKI4S~s>H#3j|GM;;@6mMScf`(yP;STc-Wk)}p;2Ku06K1CB# zDWlUwSH-u$(4ZEH3*yZnOI>N)Bf{3+YxhnNR{HE}TfRTiPqWt(AIGd)kw}~OZ)cDM z!uWRAYo4z%LD|r-6fhT58?B)_Y0>csCoDH;>kK z?!PSFq#5+V*PCW;2N?&r>(digwkzhlq?PQ|-k)>>1QOXk2>Xwz zhPI>*%}J|h^A2QfZIu7vvelwQojsM0!Bg8ZUd!UpvUR53Rmz>D!qEBwRfnwd%az{M zGHfooeiR01!9eSCK66cul2=C+dbZgvO(L&C|Y0lA-$>!%JT-C*1uwa9PT8Q9l52*XylI zGhNW`bVJ6C8-v5M?djniX@(~u3f=3t`Xase=p94D<&_y@ncOzyAu+OT3Tlf=5$j7q zpKCvCh|{r33n=G$vlw>&HFN*-42gkQnj1Gct8c?nU^JMZIigYk`kY_d#6ri`tu0yk zw;YmIj1H3;BO*6;haiIkX`kn5suMM8bF6=X=?E#6ztV-XDX(iRQB}QZ0=GJ*?|d~4 zfaqHjX$ZPOXKH<=#zh|c^`U`~#_I2SzM50`6~DGKJ%-#9zWGsQV)NpF@!c${IJmNq ze+WXN&eng>u3LquyFYPn-QsFgSwj50BSwchVyY{~W85(! zh?Q#KlszE#KP)!?XGQT>SH5cI^HKH&pKDUl^xw$@pJqUkb12dk5n_#abp~cX?mR zLC_RzNL{i>N1_dm8k37Hvd8krh2hk+r+9`U1)H!$d0iAin7z(UzC5Fc`dP}-i)aXh zC_he8BwX`S?HYoB+)qgvY;|84UVGrS&E{#E6eqsP+hZkdr%w_KOx(a^u!)NV`hQI}IHC)`f1-)ZA>A3ueF zMuqoYTUvzC+87*sQB!c233Wh8nADpIQe;?tjBL}(p4L3l%f6_~H~g4x4yQkWh;^Wy zDjO$4&=InF9gUNN6;dj*X5C+$Cd26ER`fqlGIQtc2PfwczZ0s~Ajzcb;|(B!C8%DV zpBx8@IhHimHkb+g7GR(c6s+&NXA55D5`G8_W57VSPqzL-zg{aiBFqi9y0%QpE!t%#$xUeX z)s+0o@$S!(WDOB7755sn0M5f(qaKTq>t9XRA{+zNYNrkrRqhTqzWeMcDzSK4(!yw7 zO~@~rZ%FkyDLk!?v{1j`wGPbn5L8zb@?e1;?~A2cN%a85xpd&vzLaXw^?B~HS~Tf0 z7_iY93XyPraST26>F+>^2ucz=Ad~nK#U`cOZ;R5?o*;5_r7}gdcHAHwQ6B;NBPh?&;!XEXv`o>cwQMK6e#AKkP-Ll35`urA1V5LU*e;j-Yze-*ah~5v-Gg?A@~OOPV4bPv6E;$axSakqoyQrh z%&zwt5d93-EW^=boCMSE9K}u{TxqRK!S?IAisjYOOl+KQYr(tc)@|2*;MuVHgRtja zv<s4)XzH|y;+Kx~FOTF~uFT0qRIP!M zA@q^rJZ}hL==Tbcw67PNV~0@=?r+{*3_au(SHCFip-utObcZ!U`XWr%tJ|=x2R7r6 z#-Dh5U(EfO)Q;RQQLFT~xds*wbkZXq)rIz3J$F z)zBVsXJuj7nlg+2acUu}Bd2|z-@-)$Ew~5vANuZU6Qn=M_4}{MOEobKUgg5dsZSDv z-M?g9T#`)x;uvN644MjgYIjCI)WxRB3zcbT>Hy4cjn(>a_Vv&(1eQY5N#=p6dHSva(dOlG{zs zY@rsjxhN*0bauPcscUMf?aEH0MdPVx#qCjUweaac*ESdVit=G7k@&MsHb#@5@CAE> z78`&hu&>esS!xUtLTwKjD(d+#53yB=SKPQnKfqUiEqOTh?hDR)^CE|2COMz%&fM$> z0PW7G&q0EpW|rt%Fz40j)I0NFWw1_Pc-_-*R5&0t#=rQ-v&5sW`3Got5=jEke!1bm zF1WJW^pA-@;_~(y<^EM{K4#6H`%c1YcH4 zau;*r9N|^Q8&n&tW!__S_e(VCj=+4}S#XFcv-9F!-snU)0>vWeogMR78fS;f!<%#; zH4HDbkMtlw0Df6}Cbut-7FU{5>G@nix&%3)I3dAMn?if>R{rBROJqN0-;(CI$9nD6 zP~O$=ap8v3P+gabU1f_LpM=6M@(!LhsZ!s2DevodXx_KB%lORm@XJObL3>>?v~;8& zOanCsb$lso|Re z`19Z>P2R@#wpple;k>?M`H}|*zxM*Q(V2Z`1Ry8L>$ZeEXIx5NSK2fGoqi??1x^gm ztBDAHpi;Dhzt4WEiX`A=6Ugj&T|bDgs?BahxWR9@^5bOY!nfp%WU^bMuHuS|JZ@XT zG3zjD0-{fQ(1Ca6NstD^kjUx+dpZCG6dHSL^g-ZB&k~b_7WKtuFH@j`DT7o|xMjhw zG+qrH1wJ8-AY->hGB>}9-uw7Lgjyg*I%TNTYu)$4R;zEHZwjJ8zqgBW2oIrcidmb@ zGI@!fG@g>FV#?+%Vrv1$+7_HXQ81IF@f~DyH1Mf`1LxxvwWwa=y~u69D${M`v(8ncg@Yuki?128 z`!W;8EbGPw#br!!Ez5O*d|I zthDW;^Ym5_YH73WO-5US<-{Z&?k(1D)Vu`-m#sHYknVmE3!%fP^Mv4RwXrqPT}bZ+ zW9wMc_Xh^Z=lcvkF<*L8IpN$JmvWABK!2`(cFNEZn8*fDgn$`z25^9lWKND!R3>?shiIz=3bLy9zug~O+ev=4B9;qK*al4x_?jN*KL*W`W?U0xvjip5<9 zl?!ay@sNEPjsbw7BMdM&cX8C{$Rcc7-?~aH^a=KE6Wz>_XRF=iezU5y8I*{;IH!HB zAY**)JLXSd*BU^KPMIf^^{K++9t_~Qkr{(=qAhLqchuq+zAl!FjBH*!#FNoVzhmH? zr2>=;ID`tALRBa@Rp_MdOprN4@5IFZP0`eQF3HZ|cDkFQDr7fnQXXMdUUa#G=hpjS zKzqNdVk>sZf2Z1Y9GUH^-#8_`FVxyx``X}$hM8ocoBZ1`UgUy9%kmZA&4FNUAoo83 za=RD)Q0dtxN=9D3jJv18V)zF;6q2m6A&M6sWYw2_Z#iVIk6NzR^sA$QYR}>700$Z(8U{? z)VB~^RS8ev-p^$lIBy8i;|UL77_Ox?fBCrmt5r38D-qI zvIWEV044kEXB2d*KURm+yPsl&9n;A};6THo6=4fZ_huqNhS<%XNKtIZ&w|peqWcY9 zjmRmX+DtXLi0$>ctJHqvY`4tKddoTXCfLSmNp#Q$sqnqU{W_-7_IxM9*J^p%feA5$jR zMHLB)r9vn!IivV$_9C!G+JpksvgM$qO?JI1b(~_>Yol^Vw`~IRV}q5;Ag?&4K4L|B zY9HZSyR8ducMX!TugT!iMdQdXo@CgVH+nkgRdsveU?c^dNq=qqaNuKmYp=hDnSO8B{vYhUXHb)UxAqNUqf75ZrAhA~#YE+ziGZLqDG>nyDUsen zf*`#_K|nwOr8kk@2_2Oty|;uSJrRk4g!rD<-us#7em=bOUi+E*-JcwXVFnlzPR{>2 z*ILIqe#=tWf@?fqQu5OR=Z$`u9-q2f*U$bO0ye<{QU1;^3LWixt0k9AUz{yjt*JFz z+~cZm+Ik&rXU0Sc;}rp$^|qZsgp3`rtY^7Cso)Wq8x)sjM~55A0%r853f!EWp8hHj zP9tmiSF)E|9^X(X;Ak%8P-CkL-#rxoY=eN(Z!qpSNdXZfjHmamc=1#_a>62o;>B!@6IXs6R`1 z(m(>6-LLnZ7GU--CqVf$-EcK4eQgCqK5b%f{iW@PZR_FN0S)O5_zW|l z@OwgfVY;Tl_G%th>Sp9*=WsLwT2Eh+xw3y`%5cl!JoTPpCkyz$9Y?`an)ZRz-ezxHh z#UL2X-BK30JRc^nw!H#3x|7T$9%2OP9%3vVd>N1KgtE9~)8YWvz(|qH?UPQ}#AHPZ#7(hjx(XAuc=1TyPLRARckqHNGe?Z?$aOA8~EmL*I#Hl)`rB z;No$NRrtF+=_m&3N7UCrIOF&MNz|-vmr8w4&=lMD)Gt@E$;jz@FVU%eT78yJAuM(` za6A1EA%B;z)0oipPm}N)MNdby3CjKHetxcJaSK|F;qt;sG5r^)HZL^0YLvOtHz9TK zu)X(K<473kFP9~8TwjL0bYfqf!^-CP*-`zX-ezrmSS%ZDrqXq~+sQhZj4L6?_~qKl zxV+PZJ&21jm4r)kUmjD2M8A@o?@P^J`saEc-Ff48A<$exL9UzQ5cUG%R5@qd16;s(PTvdf`LXIHabWqI|I%zRg;ETV`Y?}cq(Y`V5OKG)7aNG&#{T8q|Y$c1> z7gv_BC1j9$IyHu+fQU==N`_iw7RV$peI1;Qb|{ z-I(bEA)QaSDV*Dx*+uWQ10N-6mDz4_7P>WkNPX^?D4Zs8JKF8qu)Z+!w@MCTcUSh= z(IZ{t^GH!9d zeZub|?O}C_y-Ru_fsAKw+S^gt$AHZ9|? z&$l)lt9 zaSdS=(iiB_(=p31seTuDfxhJ_(K(FlKzd9L!13qslNm86ra)`G){t3W2>noz^!KLl zF^d<{i#yMSy%l@9#lsMII;OLr8s>O=B1azFmFR;%(<`H?k6Yis>$H^38%uW+!}(gw zo2{c&83t==_1>pn@x~_3fBAuogw&+((c@`W+I~~Tv{K`lWTPko_-dQ&hZf=GSF<<1 z(p$HtqV|#p$LC_B2QeJ>hitXZk6MK1>2sU{`7mNVBXe4Wzh~TlDJXxti+Irz$jhz#Q*+&$-@Wfte$`j2eAli)Od<3Tc~<$1FWJFOMwKgc%_b^*--+qf z;&#QoLW6vX7hi;*pJbR7;-L=yRGEi-Ji_fNC_!W_*lMGwLsKKD20;|B~UiAl=Np+Rb9_PC1q_0;t zYcEl8>L#0o=HjUCJvhIR3d~${VWYc|Nhe$#=)~Z@EUYAqd#fQJQ?$+AQEBIOjqr{50U!MkAsqQOjX&8haQ#P@ioeCrHOk<0o%8t_k@ zf`Q9YFRtw>rgR9y+knZQC&YgI;{yz1df#7B)Azo~)*dxf#VuY|aSdUw;m&d%?0s?2oyz2=p=1MlUpZBz2B>J1S90_h-KVDn@qVLSEnec%`sJQn- zjdMpga(aW&dnR~UOms}^72MYlSkw|L?sGUho~fch`DnPtM~7(mF=DZBYwSS;nv1gw+Y4p>=>8(JFfCEw<9pW5@fE%0>>jK3*BkEdynmDucRK>skq~&s=u$8oM?3xK%y3^xXrWW}mLwFuZ zNUIz!N$ke+tr+)Q#7x2+l=Go)&x*zHkDMz7P%f1f<6mO5tgNVm(ZAy>t8NYncr=Uio5rF=H z7)JBMweW1KfRmj$#{bfMU`hvXUqS9pgdw9y+fZLx>49|fk7p~`C;AHta@^ES_<*jQ zOJF%7(l~1+x>t{U_Ix@5Zv&_OO z_tcgB%UOzS+%tsd7NsPRwbPA0@1rtn=+aBve1xR6)(jbAlM)1Kr2XT;ILeevixO*KrS=-{kz z1@WPPntN|s+d?dhwe`dx>S}AL!ZA%T!+E}~gIIOdep%j+@#SO=eEqvsLv=TKKeCDl2T%E!J zL!{b^Uy>Ks&z9!VUF4xQ-Xg@}CA-zryIPpz16YyHE?nyD56LJnb$xA!*Ry$ip9vF_ zM$)x+wJt2Uwu1!VX?`AX129o8Jq1HX$yQ=9V!UZJuC5=tUEF^fSW#!|3wLuUUcK{* z1@-Rcu-?cVLWQ`4^I7ey;Ecdl^0=Ic7D$xE8?@x>PlEPa3JtC{Jb6UD>$ZWO`Av0u zlI&9)h$ei*r73ExsnL_o3%Z;{rQ*TO_?&#@b^|-*mJdPq?xgP! z%&1}Vr(2`!t|!*YW8Wj+>V2BZnu0oOdA{%ES9T^vh*8LyIv5-3{8qN+HyOXQ^v?#C z2OpjURqLiDwm7uwsFX-&%V&}oCZ*by$c(3n6uFu0Y{531;kzj`A2Imzwj30kQQ*dP zuV0f^xh0uJi~Gmzs0pkU&62`aMKJ%e& zs;6{(H0XfxP}t!n*_i3ogSekuBNa1Nk-Z;7e5pPa{PrFWh<(F6M^Y zS*eVKxPZ>>fNu~}q~va(qNIurDU&5u)_n~=PzeKqmBTPS7wfZ;=j+FXt*Ox7=77CW zoQ2&)JDV$z;sNp3sII7-lWQu#^l2J?j>@pdU!PZZEtdWAGi$NR&vL0s-)v630kYNA z@c#nMG5<4j=_nwB3ov&DOK--I4MLc*3TAYkG`BQ*ywc*n%=zTT1?5d3F$K+_SLJ?F z#dVWZfq#k=`)nk^IH%z>g^*LbxjZmZ7yRxhGO5H>CZ}XxJHSnSFO7E8F?M?N)pOGu zG5>qwNvP?#f}{p_z+dQxCIHM&GabMn31nPW6=6uw1zJ*%)X^{blFC zqhtp-hv}Kq^pBKLGt1Xv%}mW!n%`3d#+dTG7*N1sc%yxQ-$EvFcVi`PKX2j;B&iYaeD zhZssMA?ljdO#nH>i-w+G1pjnxFL9C$%x}~7>t**had+ubSE7dQ$9W5k%v>*s3ru#g zbxhJ`NXl2J{`C2B(nX>7Mblq@Q&q_n1eH<-K+K+%`3j#i;ZtAxYt0+(-(vku)#0FR z^0Ts3lCyl*^xw;H9RHtYI0DlXyzSSv(ab+j75~CTrHD3Qep9g`5fUz}{;M9nK1MzX#jh88Yd0B6t@|8?o#T|vg{tLT=W14{m6yT3o4AY~MC~7v*<}Nq0 z(YAP4(}J8#cWjmk@3t@bR#;+cZgA4Fzij@Wy1Tca<^;N0Q#`a7>5hC9WM@piix?n` z2>BMHx1R+Z3=hBc9C^C)y@<=%>qe56&P4k-2F(JTw|S5UiE9Rlu_ZtyNsytKhLc@j zhwBLG)M)T=D;A^MX-u?)av*r&hLl;-1+rvIq7kwxG<}#9KuEaPk5U~n7903c^DfzQ z_WeGh-dp`FpOHDt{?yx9QMjaM`C0dHN(vYx!iQ1fud z%^!Y`@`Qg=UAo5}`d(W^v|a%9ntX#Kr~97Ff=}-%tK{5P@2kQVS7w>xIX^@Ns0MsC zDM*?gqI*>$(pn{|FDCoB|J6fEADWX4S@{m;ASz-J1qFe;*4ho|aX!6p*8#mSyU@(_ zg2UXX^?}A1H5QnVg17N^LykN7k&a%#YI5q;oXB>%F-__f60CZQS4mL2nXPFiO;$K* zxmP$@Q6pPn(CFMl{B#s@RT-xn1LyTb^q;mB*lp#w&Tbq-+#^>HRXhzzs+*qc!}71D znoA{M6VB0rJ}c1ZT?F+koEmS|IjvOeYoBLpBZYKw{l+Bn*Rt5_?PmjrDpP>+HB^tR zLiSkIN+P2KMTz6(+eiiv1{1O9yz%$-&1qjb`J{!>Rt!-hX7ph#UZZSh&^Nyq7Je&- z`;e@j0{W$F7hu(9UKLqe5}5pZ%7?itQ*mo8Z~pcgxmf2;-z%-!?B~JLGcheJ_eJW% z6#9j+6DQ-s;j|gNE~A5nZS>bftS6k`|KgAq{rPDmnxcsK(hdeBn(TfoQ!L()tf3Oi z;N_CW<|4QKX{-Datz-O1lVw7(eunCshLSlNcs$COXp5`C_P>CeHluqW3CTpP9_Nof z-$LA8;Twj^#N=b#*MlFA$c>#Nb)iDq78-St4p_ijG9V~h0}M}N55j&^u^xc=hA^{d zPmbcYK5f?rsQy(?dV|gQrY-3yrT0ZjpP{KY7}|vj<3)C&qnf89T16_BATgRZr_&oK zVr?c~K`IpiJkWY2_ZhIYecFwg>l$xr6hXP)^Ec)`S(4X@AtX+KF=qxVu_iKO*D_tF zWadcsGFnAkeS8AE7acQ0;+vklTuV7rqe>G>Q#73JKTUTse&+2bH=^K^Zlj@L5(^e=BUJ13s7z|mglBZ2w>tlsc&2IOi zIMS}`fBnKPGapSaDvz4p?wn|qUQK-B+dTO*o_;G&O<%_2L&gM2vE*ur(ZIbbAdlXi z#xbuV3Ya4)LV>y%K{R%RmZ-C7g6c9?kBjk8I(|1N{Pv~`Q+n^Y-rgNp&i%$V z!*qpV-5~aJ9p7^q-a3+O+0`0y%i&ywh|j;NxX5fyvJveZWZx-Gjg<_Bc%~F^Dh%o8 z#E>xP(9jmdsdwxUbu-dfGm~%;;>;(@0H3&{?Q*@Bo_tuc&7whr9}4nFpn80f%6%7d!- z0qZeu?_qss)1G8+?&}tU5XdeHFVqjS|3D5R_Lc;0cB%Uf1_<4bHi*!-9%mj5{}Jfu zDtd3`vwOAzkM-HmNo^68@ct2q0K|Dn11l7Wv>iK||4ns)*wE!YAQSy@D@-Y^>sgtU z_g{BtAN$>-+qc7NSWUJrcQ03uB>JIvh{!%92qCr%{|k8T8?D1?ZRM4|D}`{wu3ql- zQu5#L3S#3q7pAt7W)nqHk7J)Rrx%nhCd=W?4*CToF|~qflhS~1SU<%mt4oiW5IQmJ z*xQ{WCj*RfpL`(YL6^>bogT^-IYqTgY$N%UE0YBIh=V68RV6%+s@VcPmrXp>J5gWU zXclZaw6%{7gk6Tx#M0eQe`(WsxN~ZXt#Wmv6To!s6P{o(vPlYtv28-WprYlw|D0Z( z-(#y^w}diO!_PBO^#+Rc?*?FV7;JWeA)TQ3%$%@R9t>Zsr_9fbKW8cWg~{dscP02+-#W19ex}0s04pb0?j`c79k-`sg!l@`*-9{-H?Y z6Z4q#SJiwDqLUi;a_JMGf`}m%G)p@N@qQ;*2yb3Y5y!dI#AO@!BVq;C03Cx+O&%brkDY|*{Uq6fCu3#O z2vv$#)4!aHI!|wZ>xn3H9JI!$4g-oA!p8%x#3UJtKw#hgsJoxW8}|jK*WBCOPde)+oJXIT+lx>(`!F)OqnpWNwWNqEf(%*CG_f! zy4=_5Pn~B4bAee83J*QT`Ngz3uCf!A@Gv?;^FsNE=3eeQ8G+jdEZ+KQ8j?*SR`xny z=0BB~2CxpLL4rnar&!bIem+6(zFJMejjZ-}9bDWV`+gG8z03ya-&REpTq)bEvl-bB zUYEZ-8?@xz+wtg4$K6NFp2QYhSyv7(oVpaQfq!jug2<0>uM()SHs)Dm$IG9+koZaG z*8Q)aB=o?k+Wdo3aMtB&uAbji+>EMS%e?LK+k%QX(Nr%6>}_5f71m{XpEr3eElK8S zW@j1a;}!kRS)UE*-{Zou>7V9;*@tjnt=GSOU6`}AT&gH;w$_)n21$V(H6m`0a4|J9 zXM05)Ox)iLXtV-}lTA)jTOoKpg5M~>J|KnOCrR8mFCZ_atmPte*T;2R$n~zEyOnF6 z!uivc&X;fBK01jbbNx*`Jhw+Vw+;B&JaD@YrQ74L0wPZk>&3~xI>P-2+WvZ9{fvBQ z*Pt!)gcAaW5|oJ*r9`lCBv_odSh5YKidvYT-IC0|#W?(VnzL%bPO9DaQ%5Jg_Df;< z+8{W`kpPTfMVTOiRz@Pt1?A9V%4q5=tDh(q%kFiS02ij|~pStHIZC>AM5i`Q?~wLEe!rrq-NT> zxg96&^QmfeiJqtkRF%lSoERk6-w54lfI+ky{1|62?UUdHbkxy=(*`*~ovHMh6 zff##9((uQ4^Rf?G_#CWJ9;TA?a{JN|h z`bC>vO|^0NZ)q1GG5vEgHSn{7|A=oZm3xG1`E z=Y%w-+nIy=3}w?4ZElD}Fu)&AX!5MwcoMYfadzw3HmhYkVBw#&{UR|yr((1ic_*bY z&An>>2sta%Ew-A|jfz}inJgInc@W($Hcq}%W9%s_HX%}@s97Rzb@}39>w0`xr+nC( z4v>wB@tmF%O8FljUWj$ zsvewYc(I1Pu>JMgeHST|Ff^P(pR>}2?r5`H-fI_#*KQbfgdV}J-r_BObIE8np!l_l z5h&YjUH3E*A^EhOIc3#24x#!q7!`Jq_u>^mtrx!a?Tv}g7N zq34jdir*XNR{bzs=QcR{oS9%)%?WpUE5&krID*$LmTZ>_FXSK z_+QFH9Y&3TM`9}3f}~DNh9!yP`&TQIoN=l91pZkhlnDpBhHqZ8T(UU;|ES=f^j8 zfTJkm{K*oxMPWEzt~EsWFYhG;39^B?0I#o1z>~fG_E7>#71h=-@T0{!;OQn<05OCR z#G%49kw9A88{kDO(gRL!tg>zJHjf8l@Cxd_rNw9NG}9rL7Yc)P0y9@06f6HMVE2)$ z!e^(Dt^hgI*$tuq7RGHC7;$$T*8A(lk#ZeLv?NzaBe79GE$D0?V~_Z}AV&rj{U=dP zX!UfTEXUJkVF(XJX&WqoTY4VAxT|g(mCl5cUI2y>w}*xXS$X&!t~_7pS7WF+v{-n3 zf79MEussjg-D`p7_pOZk7P$GK{+sWqsG&NH_A+Gl*L}4VE+%+KOVkl$JAOYA8OSAR zMi#+223ljIlPHQv_s}8=o13A;G)Z-L2|5d@xojB_L~#phf3kobFlxcJ1cb?me14Q+tIUp79~9{z<8XJr29E z+tpxuVj@Y&wfzP$bY+=o-fdbP6xR;weA*7eYrnS4o(c(ch@I(jr2g>suL8`W26I+K zwp%BtMl4|&V-%0SkFD%+L&XF)M6o)3tFX8mai^*}&2Q$AJNJo|umtr5`Y5V*^A;fc zQG<7Loeo$OFJ%y{5P=b_!Yi(Tdh{v$+u&;#=T3_VzUl>uM_rz0*0eRw#ktE1N2)#6 zn=^2(BASs@x6q7m0nCufflU+sLcFGLO+$>PVF;&KbEf55B3&2%i#U*coDQhzxGD^s z24rGx=TKLOYPd2AhivC5*Qzd|h)_w;&L^N@B*<**vbw(T;@WZYUVlacOs(JUY31%Q zE}Fuw+hxnO3L`WSHVGPbs`Kqb1Y^}b3kAT_ReJbjzF}zo*RWT%;`2RrQ*U>`ZD>mM zA@17$>&HKwz?m*CO-K%oEqh%j3E2}+-!WcZKP{xavYfDY$o|pm)m!I6w@w5X`5b_Q z^&n}8b;$0G>vY z+};Zaja+02fQ$MUUZgEkk5=z-6ij7w?Q(vXh=yht*ZZX=Mgj->@k}{f+MXm#{%Z;$ zLR7^p_d?@U?Ifo)g%F-s8z`TnhWmGcM*n>VxjXUf3FI#-Q!;17q3L2vU;#2WQ1D#9 zRQ8}_(eofr;Ma=M>#2G&laNisZ-`?EIC?>2&(hCdUqAQkT$eR2Hr^dJf11%d?- z8^X{oXl}$emCT$RvA9Qpt7Gk-g{;Lt-j(%J&Dm(k9M@-4J*k}&woltOjz(9bquW80 zZxjXMscXq;A&f)&>aD`i*E&*8O)mM(>BEQCL$3J=pHAmIn7XAWPR+FWccoCTD53yh zN@0>BVTjLJ8R_9^rNP)57{wb*PX3%xHqiKfMRL6aQL`{} zqAeb3LquaBf=k5yhj`HhrA6%n_vG^-IV$1|qqW}E{g*7$uCLI(FzJ3tRaxnh2OJB> z!06pQ9E`#a>PnPdMG?@11A=>l_i4-Svcn;GQey}uIh5tONJ1PBEB4>P?}ZSc#OJwz z19o_e-CuYWWOQ1)M3dW|gKo;52=nTYt@FZ74OTN31&zwt9dj^rXHd1*^4=}2I`p)k zgL4Dqx+s`$OC_M_h)*fUZ~5J@HlMIOXl%(k;KnTMFa&*><4MvNL2(o2uH`Qt{b#lC z-^@_{S4Q*CGL?@nxjF1#23{T;{olz+S6WWBY7a8{S2_VgMUmUKJCFNV;3M7ba(~PG zq}4nTqCl@N_Uf({#P=M7MwOb_cgS<}S-1vHu`6BuJSr%t47%Mgw%t5jS*(_PU@{>_ zGnlEB%ypgHWIWkG{t3+GL$u0I`$qtUOb5uosQz6a9BV*L`u{Ce9C4T=8=EM5UHmKr zXyv%*-4Z5g$ zk81Afa4HmOf3$kIRs2Q6ZchKkM*w}9q-h7$V!Jk68j!dv%9C1dQ>{CMg|s zADDM5cfWJuW-ARG0{IX_c`(DQz#sVD&^&Dq1I@niw}nLkVgbI{ZIk0QhvxDnDXU`K zoqb;==2U8TcPFP)nhp9X1gJPRpqGM`jrze0Q|VwoH=|iXpWpy8)RowA_H&3?+*`#u1AB$>A_uMREq3 zcau~Ew55fbqc$cA$N4|$b+9DgS$`vg{gD#h*v@+T4sKXTelXfD7dYMD02Z58+6gIh z9kaf;mm9bli%q<2nLmFArG%nTyou81ozVLFPo{hx?r1? zG~>urAqxhS>ICzUI|I%5#rU&?pp`l=wYWHXFfnumo|^DVYJLflE$unb+- z$3LB=&~aEy{XAvX9usSA8mlE)i`UU6_O7Mj@{PUZcZ3V5WHw1dDGyUeGn^;!szm~q zC(OU@3D6W8OWL`;X!C^6+6#$E-cdY0| z-2kc0{IJ`{N(Z~w;1-Tw^kj-FXOE=)^+0?9Vc&0y7`D5Po2n>-bRuIK1nIvW4Mevz zjTyb;Am1~-Cg?D)lvF4^^Sx0h*PZIZ)K7DI%|7wwB>np2fP{zsb6aI9Ew#%THDBdE z($OlVcsw*UgoY^Xr|j1L0E-bjaV!1&UVfgfzc_{xz- zF7@n9{`V9LLdXM$rU!`{X_8b?tz9gR#G|Ekqv3Nt8rN zbodaG%JR1!?&qkaRLstAbE;C&R($+mwfgc5_xZ$5bE>c)0d1Qo?h1^a^r%Ce^2L}i ziPGW@DkdtLuycO*F`9R;d226udV16rl<7;_YAAc~&Ykd&fBtk>F*up~;X|^AOO_|$ z>DKat!Ad3~QV&-cX}?-=e&ONPoKvg+)VFY>&sc66G2t9jBmK2QYb6uAv+LseUyb&% zCmw%z{kZ(4i8hDG|BBZC^s^uv9<`E7tiv!zH*ZZLtI?}8c#(z}cxClz-X7W+*wqw} z1xjs!Eq7x{g$)QLfLA!u2ju1kE6XfjZsh4|2F&^Axy;Md?%ifMR+X#Q5m05>FW2Sy ze3U7EC|8AB`0r=tO(Qtx;nNQu6!32=zZJnPe<3iBhNYJ*xs_u8SU^BOG{ zjiZJ`asAQoTYtA7XqN%!=Q2C89t?B{=m>@njX$0KhlG~T(*0i&+TkzZ#kcS_S4|U~ z1BDfu1gx)_Jgp+Yh+4bKlAzt?>I0Gm;RQ_aHx*O+@<81c>NDcv|t@Q5XQW47N$hV zX$e7gkC8(Oxd*B_Zc*tg**FG2cHZBFy@4!M^5ds>Yf9WQExO+sbhIls;))U}ysjp$ zyoffAgaCP)`FO{M)F-v6Usnmqxh-dzI-)-d?b2N{b$e8W7mI{A{-)x)h0p1N3Lu2x z_ge4)G4SgRqlOHbHs)!`xBNVWS+qU)6(Z|dc-}46Lo&U(1dW}r2eZ>XndrU{HhYjD;pOcl68 zOFVNT_zH0tSQ)q^f&a^79%^U%SG~W!2X|L5<7@ZP%a^J8-_xv{4S1fI#@Xyo(Sy#< zP(FiLTKPmvR-rG@+=k%aoMday-0z)={XK;l;kjyf6v2 zJ5Pel0O5#fN|U2td!%f3Tm5LM%5&tx%c*Y*+Gq7Wks-2g94vJlzwV3e$DMG-d3uz| zRjndH?H6XqzPNW$iKmrbtBVd=6MIJ$Y?gJ2PRU;>)6WtI9V_4D$bUVsyZtu7Vz_y8 zHxv)W0PpNw2xhs@t@6@RpvA-LNhuG^x4qq6c-fO>2_-p0Zr2ToH}7J9OennYn1!N? z^9#qS&xfOhDStykqcI}_WDk6Q7c?fo?#y%wMmI*OY;Z=a)N*Myf5S3je)x9zsOCpg zlg6;YT!s{AMQVH=5!T%<7_z0rC^K-^!)V)JXWSXae|~!#dXzHgV0I{i#P|;gZoGAJ z?9AI7c>#<++opHJ=mOivO{ez(QuuEw!SYQzy!4v2Q?|ZCAeNTOoAnyJPm&w4=1JoM z)gxZP4N%ypyU@&V1jVIn?ry5HR9%%Lrrr;&P~0aS_fS5h?ji<;?S40LcVc zlMbTo&Jk~g;ym@70Ef1hC&;#`?XjnyMp+%ba?eL5v*F2^2kU1((%LtYPTAG!B|$lc zBwqOa7Th3`)(?_+QrF+j9ez{Eq`+F{!<76dNtd~#L($%Q?C=7W#CE&o*CEEepxG>K zd{o9N4+XTtB}ju;4ZC6hW!y1mi5;r=&~rs)tYf!Ki6QJvxh~>POhRk&#FQek8F3V^PU=^$kB2F@r#Qo$1W`rvw0*OJdeSrbgSw@aSM(R_{MQ1b3C_fl z!oZ!LY#E|B-k;RzkC1I5d6pI0Zas68D;PM#YklAA>ap6F;|FK1^VOG@p1%LPmVt-3 zkpzej=U4m-aL?iT<&3%(lh!?4?V`FY%LC2BZ)+??{y3?&{OjcG1Af z9y`7X@D1|AX8cm(>J1%63**t%(Y@Nng0{Mm6zRcN8X5jkmrG3bgkkG7gd=vJ&r%$# z%V#JI$gZ^UR%@U>bw|1bk?B6B&7g+_jH*LxkSKMqF zHB}NFp|N)2_{|8g2;7R;;)h9e=*;YG&vWx^R^s$Ov&3a3$R0&|Pq?~SX6v&?dIAFLaSnmBN~I_s`AarZF*eXh#LNHD!6c{RCw_d#-Z zPRrX%08B8aro9B4!v^?r*Z@;e7q(;h($9Fv?#9%f2kSQdj*3PmeU_Sy&UcVhhOoG1 z)LaW9=R>*%JxH1?behu&U6lpd0WVg8KM#b!Z1Kiw%5cNgS*0QH*t9>U#Ff5Uar3(S zHNLF%g#Zh!6<7p91y}eSdkQiqrc}74gXLP<8^>k$sSj(}TN1~V>z1V=g;Eg}> z++Bwe5g(#OIl<5-A|w6`Y<7b=!i4-_3WMj@HVEvI%7HzTxl6G+vu0Rh|0DVYFm^k| zt-F2Spi=P4Tb-=^hjVElTC<;NLB*oS18 zeKtLSSkTGBml=-9c+|P&Fa(x$bLo(}DVM8l4`+<#1HvO;>a#z$2==s{*VViPpZ~vT zdKntdbyeY~BZrE{xehciA%g*9P^)c-K#EyrGNVhMg@vxur~1^dHkW zrX|xZFUs-$!^IRRzL5fq)5A~O3GgRy)U(ea_ zCrr1EYGnnV129xb$C1Qf(dR(owAl?3Jc?&NBPHv~^!7x#d@h00dEHWI0^XZ(yXb4d znR7IBxzBD0^+T%DBkO=y>yn*q={!lu795ivs?iRS0>NI_s$Si;c%}JSwROx>O6!{G z0s~dukrVrAet3UJbLDOTUeb0vm*`qfelq#7oqfJluU)`H{T$kj8^G;*KfTjs#d4-J z%IWeo8s{_Z!}HTHxJxACeVq2ZNb4uXs|GYl#d`fhsm|snGI45eERV%j zD|aU`9+DW3hCbs&L2wf>5@3D}TMO{N0}Ch&7{xsskkp0IIw>^E+pdT)cysSbMwC## zQZ#V=@qR!UK#VMN$hHg45lfGcq%HKa3>v1&6L&WijXfKrG?P#DsIt#QUF5LXyCZ)1 zsp=5b1(|K>&S9*Da&%$@Ob`2lH&OHexw!mkj#TCgC*j1$EM+Y0lKe^UwOCbI-kzh! zo&@Z^!=pMgeTb5)0sXet-AfmxuSML+(XB(b)2@IPro#HEXBfRx})r|n~MKzf1`UIg6} zDhVV@2Qe0C7C1nmc@nR!Qx$z@{3oH&H2HJd)UL^z6E@(hIxD>d$H{gae1D1~34!gh z<7mk?C~M<0&UCe``65zowA)|uL^9d9q*4F?>eJ{D|DGCc*NobjJ0d$3cOpGJ>uEiG z>!MT>KP24}I$%a8mw^fyL(lz3^VI{$fo5U7Q_Gk9Dr2E%z#>q%`h=#T#Dbf-u5q;a z_<@YY<>AZkCQY>(ll72q-gwYa*XUpxCthzxpe}5AMpY6!`29+ z@}OBhjqWe00I85qK?^;}#@}Aw+W`89hv};ayVm&bRkQX2*a`%d>{?{m;84s?Vu}reu{9bW?<=jCJbNDorwp}%_db7_WT~WDXI=3cXzbWcL zDB*xzuJ%=#*0|V}J}m~`liP8gdG>(gSeIZ#{DPHM)&%&e*pC$$=Cd@cBL$s#b2D~! zx7g0J7$cH3KQd80Uj5~FU3m}93qFSgs9VOaI9T`GDlRDuZ`0&9`>^=X_v=vm%-&=jaoha#gW=5=Gr=%9Gc#!Y zwGvYof3PP`c6Ve|mJxnss+~2k#&kl{;X<5nW79P3NG)rmrK#z1>#M|}H4i7I=aw(A zL63V{ulIXm81KQDkW>izCa_5)bwF#v%vxdeg*;`y(NwgXZT(6q>8Hb0$ z6b8MG{j@ox04?U;g?~n3+?n_n0emEf7EHDEn~D+6hLxpxI+sHh<^(HD9fdyJR9SYS zW%?M)pEh&ov|RTf@z{2jl*dmd6(N8|2B+@`odGUs9E&L8>Q+g@EGoSi-P8FXE#~at zJ{JWnEgcxJCxn$Z-Ha=u`N!^%G;|dV$fymV`;Kr&)e)<5YGNC!U?E&vJ zQ#QXIip-)EVax8=8@L;uaT3-oE!@Bg^{{{EKIw`7xqZ@>0qG|bs zqPtgmDE{kL z2}Lo#slL>;Y_zj8Np4YhqB z|N3R*zr66D_w(oa{OgVN=l=O~zW&6YKk@m`^Wr}rw148^pLqBu9{!1kf8ybvc=)IO z`ct3&sh9uM%YW)+piA|Cww?a;qyF^k{`52dtL^%yzxt>D{HH(vN5A+NndM)Vod1@- zV^+T2lsPNX60tj0AE4a|USPd2cwLQuGIQwl-!>1gOUTcoWytvkO8mz+z8{}3AM+~1 zNdCX6M*YT_Qb)nr@jn!9k7{$g`48aof03-t{Ojk}e)$CgE;PR<|EIA>|1Ouxpa19I z=lJ<^E&u<$mj9;Xs!fIbJ@r4Qe`~W-S;Uf`PEaHRVaDT{_PDX@M+TvsuA);vg?KZL zBt_|8osG0gwtP0o5d^HS#a zKk~#2#0(6!TVtXlE8w=PeDA%Sy;Yi32b5a}5^;kW8p3yfsI!FAn$qs=V2}x!P_p7? zTm?lH4$juF^jp+f>h1yaiCx;>)3_vBf9sd$xJazYh*WSRvR<-Mu5-MI`?1{q&&?31 z@8rjv5ZkAJs z&QoA1e-oqXLQy005~?S=iCOaKN)4~2=94wephCc`N;D-IQ~D{(hwvO?dT7}$0x@fX zo_2JfO*{>nPdd6sd|B|xWezsmYJri~B7t_H9wcUfl{UEnpf`g|0FT4{oP{8ePww*D z={Pd{^nE3TArRGxU>(&I2*651`$md&o!p!Q1j@>`c4*{IF>)RQD!~aJH+<|S^IXwS z@X(k#=3M}h*02k~%abg!PT#NpWpQeR^jZrYjzIW8=_s?A)3KTw_(MX-RO^*o)i~vN zYcy+H;mZbnN6&?BM>^Uyb3I&sz1|J^r3%Rb=*}&7lp7A!k4oePJnBD(xNL}gAHS=I z?hQU$coPzeG z1&7abV*(QR0^jQ*6|^mhuylW8s_D&g5HEs(?2dPigG2F$SgsgNagO#fANy6n>l19f zW9?=LUf7G<*A1U@Ov5-FI%{6?NtJl@HXS+6|DF1qtN zPyZeAXB=1W4!}!*R-^hy&My%&jd|vYqW$-3$69YaOBR`=r24?b>qAg#<~px~jOgVS z0>4~e2!;XHfNE51D-uWFg;1CPixL|Q@u4HprNhzBG+vchSOuecvG&-TTW^0XmvPTp;wAowkb_grVMa&o)! z(KX&Mq8>U;K}hW6@PN+&KqavF>}hl1rtu_$+ou~tuSaNK7OyD9ls)V?z3RRK>8w=EBB$eVk!!*}|{O~2wL%5Sw;1M*E<1gxwmh zlgE!LnGJx#VgS62v=-$6VGXH+59VaFv#vNpk0#Lr#! z0=<*Y$1lVLsIb$*D`k@}41J-=TsvZ(TQ;7iTwEky8`q@4K!}#;^Wu0KR-&8P14o}IQZjo`ntuad-9@71L00_Qo+tpJO= zH7`GhYpo9HcG@Z7wsmh%B1=+VwGXMBF+PhAOZm(4c_Z}%|Dy=I`0}k~Cd~_>AK~^> ztJPzkec2_YJNMz01W9)eUBq@iW9fN=M^yS8Khk%XFT{Wq;7{Dc`) z3QO%fe;Zp@6Qdga5Cy`a2PB z!(dDwMnlqo$MW4bS|^J`=X*tKR8G(D>6`a|gmV$sSD6#r>9YFNSr=R@ifjy>%C_d> zf>a-RtT&#wEV|$S_2QN2vwq#@O%4ypY#YLjM3K_KxK;Vmop#Bo$~qN?W-VW*2Uli( z=$V1CgHs+*7`EyGq$g#xoh9j9iuObp~K<_urX3>i4*zVBbVuD`;IZ%3{@QKt&1a#n52ik zWRTECgQM)Cc#MZH&SS^OPO`Zn12+57vL0~HOlnopn0zp#p(QR(XBxWKw2<`4zk=SJ=7b|v@=uKYCT>Pl1F$V#uN!V&OK*N z+n?1ksYV-pnPy_uY~lQRCH6GXi_6|A9mB!}lOm}k5@#%PIAZ&5bw1=s4xJM?u+uLy z#QVh53bw9a{*ujfoLaa5;Ic2Cy{XpvI_#-*>%)AyK=iGKjLEAybe+hR(AbX)luIOR z;_mx2EoGQOB}S~DO*~=zZoGlNY=z8k?ONTVyQr^|2si&kRqoT2>JQzQ=7V5g81%S7 zMfUPqRf75Ld|J8vMXJQyUNo~4xwZeKrX{t+PTI4!7U^{!YW3jO_igB-2X^UKE)!7C z5|6$UYd^lKAcx^+Fg3xth&<)5;NDvUcq2Vij3XZ&7;k5TE?qB-`7E$APUsF*VRY|N{vFS}u!9Dw4 zye#*~$;jn;%t`-qZ||+^kFu`^`ij_z-LX6;=Gon?ro7qwH@JMuKEAf{^bU1GcC4FV z{?f*Jk)7m#(-mOdtoQo1MxU=XdH%=1)yFIEZo~w?GQo%Nnca z-jgsO=-n@Ne?I}z1>~L~RZh@G2oYG*67rWY-r&oQ%|&fhwj+WyO{%QxBMEcE2Huro zVi#>_4;^c#{b6K1QdTz-7>Akzk%Ma zWOlR6kX($#5NA13u;pGR&fd7pA&!={+w!I^O;^Rq1ilpmW`x-gL0Ke*?uq99j88q! zUX(axUf1{dl{(Xi6>Ydln>rX^*bP>PMUrf==J7&8{!H-ih%29(o!A5=78E|Mx5j9x z;}@Msx}^pUM#;6a^f@Yxpqqw(HHAh~upA&=%S=!hh+_T65n9`yM_4H0=YMvGdsY;n zo1FTIml^J1gYR82G)&DNOQ%h{F~fkgfVq;^GIvzTzBUb;Ip@Jn;!YreiQD#2seBBg2a5_ zjjz>rmSz0JG6Smm;BUt%m!E;-D5~!%+FYoclg}@G`lX&z>duiaU+l@F8}Sm4d3f9J z@nD!dK~<>yAo1uOX}u4^>Wva0qOs{0(a|7w2WS;8a_Or55Lb)e__X!u&9`&k&`%Nq zhq$am#2>4Sf4Y19w@TCuX=tT2flBYu?mJ!jEV5?H{*173BAHZHo)=!>r1-$<-13cG z{sVvR^#1o@}2QVbyc3kq>r1}buR zbD1;2+9atR{^Old*!EIJYv`iP`rgl5Ji9Q4l|44c+7KsK0$qp7`|V(`~kPT<3j+pr`U|EnRIgzv5)%{>j_=wt=r-W7q8)_F~0a6Z+5_9Y(^pR*f42 z`NWTfxX!8&9`*Rrr|e`^v#DQ(Ne`5HKK-K!4FIPe-*%tOTKwvI#5$pLrg~&eyfZNs z9L}^e)tlB}F8AwnNa)vNg)!}&M}(Y@T3EbPpZ{f;7g4AXcyofjokWqJd6b*WM}`wL zo+Uh5XWqGCQ>6SQo5^S+ zsc1Sn+bU!c+Vz|3cxMRdpf|#6d;Akz#A(DQ84)IsOY^s)`iJk&;H2Y z%uuD}^O^b%F<~vaGWPLi5V(7UP0_Il)!{gKVUL0AH9U+Nr}ng z8A_=aOfHP(iSlOJi9fcM&h5BrZb>&43K9566BBzc2UyOU(5!Q1Ax;c^5pqX>TH~91 z+^1+UW}O?@{m}>4VH%7PbrcTazA*dzz1(|b#53l6f%T_h+=@-Lv8}_~AS1OqBKRx_(v;e85;&S$k9g%F~Uvq8Ki_$XJQRCsRD4h3UOyDP5ohdzyjiU<95e2 zL)-3&-!P5VWqvzeRD4~6rXFL24e+Pv$+ds7o$EkGL^79LU4a3NK_#;l^e~`c8ry&b zPnycd>gaJiN|E^nGr*4m2kagffc1?y$^|~|6bvPO$6w6w_}ie;igXrLCSTa6ka${Q-|<-h4gFb zs#4(%-!LOjE?&xHC)b{mPks1XA-fzEr%d%seHMN&7fhiVKDflV4rT%(VkUoJ?0{Xl zMy#jhq&z8vev*+p%sF)HZI*}alG|>;&ui){OwOaj^6*y{kUR({*nNoy5PC50f>dEj zG0Q?@NsgwY)??!2QJQt1h4w&?})V-di} z*`@S;1Rc+{#>}utLuCzU@z*rHyP;x6my?xyV)_bd&6rI#-#VUdCR5&%xk(VfdAs8p zxKb1Rur0T1iDQpq@}3;JupZWAPBuV&e_Z$gDX)^FHcL0}_v9>Md_$PO(*=)?6&6Hz zz2g5{TSB5wLNvgHFAk?Gf8w$}kbB48%b=JdaDTXqQKR>pSoP8UJLwY$esVteBKbCi zl=4G)GJ-2Nyt3)a9G_KV{F*dR49DmD?)1DHwo6w!qv-n-5&`3HqOaQt%>FDTtkP@$ zvOTL5G54G<>(&d%Ig0+-8%>+#^cT)jq*XL#iE9bEInz5c(>}4}B^O-g#Tu18a`>S+ z1l-|~62oTO0Gb}9VMMc&(+LU*h{xs$+(qXK9yPS&%Sp1ZZt{t8Px>?&7@1;zxH6{j zh%A*^?#>VDb+QQt%-U%}Y&6XYo$0)OF}uG60C8q3tg!Vqn57wi z{;qD*hiD8fBsM-Ezbb>KFSGP7I51S<(hb(bVh>N8j>o#vkf@MGJ-7y&e9b$A6exwAjuWlHK zPOr3`R69RZNYnH~^1LUWhsv)~jU+1UtOAj_AM!H^UySf_C#b=-Ggql=I$suTR%JO;rl z2fDpMy^d}g|22+{r&v^wpG_OZEkC366=tf@utfYJDG*9#syKu%(ail&aYRVt+OyLEb zhm80@{!V3b?~nMU9$L4eWo`0mYtBR5a%P4kzy4e?wOSx>KiTNv8f)fu6uW^X<{^DAF2hVYNP?QDZ2mJeDQxUy?2h5$oIj7bbypFP6ei5-Xb&3YJT|w z>vL4W_RpgO#UC=tzu4Bvi=7$S(VSH3KW6H!`W#*RYV?G{VGs;YrhEsYL-u}flY4IkTn(m2 z&LWIR^}%KBnwcc!=q)3)H1t~KdvMZ^X>y$2bN_wwI^};?Y!auc@^f9Y2vdC?|}@ANtQa z;NPv|Tazg|HRL6NTXPB2dg&2K{{6{|nBA@K3&Cu@4E);*-}z~!99=$xZoo%@u&NL) zI1lq9dy-`O+L6f=$@)$868qhcGx?#7ezjx^cUpZEc?K6vK}(QFqrjYB-5E zpj(#XXs@~ixM~`8i^?jTLS?+E>n^@~^x7+wWDqHk9Jj5X$NzkyBl{ohnpg1NV*)7^U3H_w8F zR7py32BI5!h4;O8#UDBOgNGiRElSny48so;X|F$i`-(ORTF4DMwA(uiu{(J(Vfg()HRzgpTpjiq}7lswtvjnJqbd(ssPwQzxuLGQp1~ zqOQ%^p^#i?SHVsD&KT=BBZ@@V15CuS&3l_wL=we-#N7-2EY-^}N;6Vr=U~c}MgQ`U ziIrhf#a^tWjNqY|pwD>K-}1_O<~i}urT>Lhthc;_0qNy|;GjqV5bQ+>vR&DbhW8>z z%;1V806jI%B_+AcN*PGlx(mvTRqt2hxx0iJrFL>jss_|~()Gk1MX0}JQ*iaLTU(B; z=)2Ni$OwW+uZOMyom>y2BWdfhH^I{N?@9nlwd#M3TX%g#Vai+XiVY{TYOQcGKs3 z0KLX>@NsDBR36cMMWVbv3f!l9l<$~tOGGCt3p2J4+$Mp_vv z^2d7=F>$93KbnAp*Hq4X*h6{@r_~e`#E~O8O!|iLnC`Th!fgEwm0y3B10h1N+h-q? z)9H``Fj}&!Tr(PDE(EhCowr-slohQXuaO6hUTSv>Y%$7P2}uy)$#K>dOcHyv+r)ru z;jmd-$1YeOA6b&Q@#%>t!YO;p(=hj1-EuGL?Ww0D)*4#2=_er|FN)p$f~x6WAOrs7gAc8f;ZK1q8fQ0*=f zwN$`soE3Q?i<4s>5K4es=RqA>iiD(K(cHT-IHUpO9 z^BiY5ucBd_-|$+f2_(I*h+_=)kVA4oxezq-z}Bvnr*G0k`fe9v_Cm_CTRR_Rl>|tH z%(*s@=Kw$r5HWbS0-HE5)N9Fd<}i{@ajCm>WBMjK+h61#jr9zppb4`M!@J7IQ4ZaR z#>6z#Rf_Rg$X-GbXzEay{(hq#L5sdmbsw^KQITU>R#fzkZsAU0TfeHW??*?Q!1+_Q zWXe2oG`4wZjs*({U0~+GU^)*uR+s1=OVJI(J6$j&t{!-9$hOdgx8^c6Q?Lj{Ugleu zu?tS+!Fcl|SlF`D!xgFR4Z;$D9(oDAeNP>ma9BOddnh$g=UYf=EBo$Lvyfp$)@XIT z!fLf29zXgcLS{d4IdS`pfJ{L*T4#`0`q1pKXDlz>Cw71R=*y`V=gJRg&UqT$E$x@$QcGr7JshsKK+>@M{3C2)VtnyvIv!2o9;9?+)<|34s6EaSc(f`u1~kH$&#m zE@u3V+$1~b&HvYi`X3zQe`8auvjK*Ody&9~8rMse2Bho?JHY(*-=x37xJCV?qr_R% zNV@-R!2|p8P{a(v>MZKlsOwC{Cj_eo7Jp`D__JEBu-lrRmX-f;>=xuT5O{!?p%Vni zb|R2tE^r`!SdrG$DcfkD+DjZCwa#I1(3_C#=*rW7nqyRIq&n!Rmh$oXIhxx%3r_Vd z@NX87OkrZ3W+VWVw<$P!Pcp!uIeS++e7W{8Dz0XeOtrcGLhpnJU-*jNvsml9}`sxHhdAG{*Xa*WBZ*H0euBbfVKf_-IlWo=@5cHTe!Z57QH|NYXp zZ+qsmbAgU$H$I{zI?YMmSYa;oQ{YT-o@iYj?7M;#^a>z{uHoIGek*)*z%;el{xvo_ zNuH-!uZ_P2&u}6z!d#suB=4gjGAr>|cgo+V(}F~A-#Di1{Z!Tx}6$RMgtCv1vGA7SmjI!C>AoO??=Xh`8DkbNNx&@+(%%!qUT>V{}bvBFuQV2 zrg0PItr|}{GL~ENB)+_*%#P9utQwd2&w7n>1BFjLm<+J4Iitz(@5!UxttiQ?{!r@W zX|4%l(#0ObT$>ZC!M6XgjtAeYc;mC(UkJ3sRQ_iyo#ubxI`_Z#U3C7kn^9~ecF~Hq zkv*Db)96o)+aJh`-ufB*ifh{nM2M;i$m9{^u&@;%a29ji&eU+=zw}OgW+rI;sbc0O zVQF{Q*k;Z&W*T*1yQ50Z!Jd*`-c#;3eU7>%7|JW@U?k42>FhYl#Ss5s_Igol4a|rS zyaOBxxM6;1I!Gdf`T35G3DHp=99*&ak)GTBJ$=GG5m~8>*8q7YAnN!?5EwguM2`AL z<7@*tu?sY|Fb28aKWR^v{?z|J8v^{l-T(jV3Rkhp#`Es(V5YBz-AqumYmBzcYZi+P zqy;1gu3Ugm%X?O{NUmNf`dUM|`;W#rr|%E%?!`B%in}-U1XKoO1Iz9v(Z72i#8Jr$ zDzbQU7GZY7)P7FiGU9OJX?x2VyXO4pt&?|;^39GHjb+T8=6+|MrlaB4DdsI?h%bKV zRRR4Z{mV|BXYWOfXyGP{NtfQNIs`Z&!(xJ`>+}etTwu&bCm)roP*Y1NUx6K?AF}WK z>$9*stMB&!bB#vqLiY$DW>w(XTm+F>h*EtKe-eE4kFn~a^Ml%ScD}e>uGjH2=hw8b zG>k>rJFmTSrs*4P)Hi^=o(2AMy5Cx5OLXZTBg#2+Z!V*Q7t32`7Ov!J5%}g| zzLf%slxgpU9%|PluQgO!8O!afGWa%qTx!s`u8TqOQZ#13p2AEcq;xDufyA6G z*%};jmgw>kqFji|^Y)eLdVBw-CxiZ6L27T-z_)pF!3sDT0tj8^yoI^RY2(M3hylzIeCsLCH{RzEMy)dUy-i*C z^w_boL0uKap0XuvKt?E3AZm-ShokRVWQe+hO>XCYWzBl z+FT|oPUsJ*Q#Gl0U^^>UdAdF@!u|x5|NAVGJ#LhE7=Bi4k~3#y z;=`hq(}m_|Q6IQ61cH>C{6sx92P|dju0?ml{%Fa39#_6N)l?v7b+x}WhvY~rC2_BU zpLZ{XfYKwclGu&Nd8cyFb?33|5SdGlZ`v!_*HqhmcaoQLY$#?kW)(U2RY$PuxbK^6 zIZ-Nx9fM{wkJeN^QZp;&EDq;O`$&7qO609#z}2%=+qYL|eU`6Wf4ceT8eh@&{3>^` z-=LzWo%5c}Nr%s-Tbi=FbmWf*uk1^!-(>IZl)d@``uY*AO1%s{?&X8*TrLAhNd_s( zKvqZcbYOsa0sEN#QeV+cAjzm& zOvYNbHh!M)FIvdQmpwLVV}w<>+F~ry-zd7i_~u(pT>2awvKiE;e`{J!!>HNMX`&rR z4ZBs0jC{tak5qd1?s;bO_}9Pf)nGFH@9aRKbL3e3Xp*`t?l^wYPEMq=sBd`eZNc}} zYmPLLPl=H;K+1qoR{1x@0$2-Y3;La}O&gS<)e>J|Rq6ajj6v@p*lF{fz4%W^ucbq+mo6Di?zm zcSRJF;l5_Gi@dvBxXlI2pydR{<%UdVTgD=z55&!osCf0t0b|9?#$(6AS|rZs_t9xw zV}IqT-GrCCyv3APChBW}ea+~P6B)b$`2k3AlFH{m(MP-lNty#N=x1d$9Q6>6iIul^ zB^-48xP=U9uC1?u6=~TLH_~H-wA#ppfJ+&!hGMM&vTX24(TlF9_t-RVbJD)MAnv0* z&=;^01b7g4DkdKqJJ#ucI`od3Xl$JDO&gYUxzVhZZ4axdeO49b6vfxxelUM%Fa5DI zb^>7DMgO<2K9Xc9q8J+XXzEXmx~cO?{~%#)&MbcVj)G)@%JUb3C@W7}T3X`efto7m z3kRot!YyH#rHjtL^TU$i7rom1C#*hto`t`!dQ%^$WJmYf{Ct=VpJ(B;R=x zRP*k|G2F*}Q#b`KL~_UM%{??EdzX?Y9EsROe~=&+QCXWBI=w&27?Ij<&9(X@(}0!! z&2`tSPk&<`Y%sh%6aI)+1X5WVGZbzTAWI`l5NG;}M8{;C9nv{k2XT)UqrtgeTUi#P;pUYR8XnTX2W=a$hXh zYux;({Nh2j)c~Wu<4p-~99(rvW(64sX3;b!EF}*S%X=eMON)wY86;0tN-G%(Y}dGs z!p`5_XlnG+OLpptnPq6sm2%TS2H6yPA~|4E)i9H35WC&L9THuhkP*C@A=aL}vb@yg&kKtpGPPpsUV_;=?aH9NeW1|NlCoD7$}I)Ox@$L^ z(_}0!J@1Lxw55C4M42n`!%{C#whzK&N#oEos{(7t%ZMN744O;FcNd4gKckVRK^b;k z`1xQt(CitxZoC=7woRU4oy47gi_gmI5-l&*CAw# zDpNuG3j@iXjkzkj->Q0fH0tAVl`l?3VIp5iHod~Mln8R+$|%QX>(O=Pom8NeA*swB zhcmr(W9aI|a`!7wv-40sad#LFY$USh7?7oJY}OQdSmLN+XSEcmK++z;J&j`ZvGt|D z0(URYCNYHF#l2+K-fa5!y=MYSa|EAO{zNI+pjOK5Q+>)^vgfG=%ptvhX3QINme?g ze4+ms!rjSo%Dp)w%%~YCg(-AnR@!6ptdROj{T7+cd@o6SjX<~*R()TkJuQGw3p-3b zXHStJai?ltuY)m@cLMY(j{A1INnP(HtmGOtW~{f7P@-}X&J=C?oaDJ7k= z;1Z~l_j2Xm>~1`?Z$tA!)4=p(T}P7759Q$q$%3$o|0*>$#g_u5#&eIqd}o%~55of9 zC@z>Kd2S_2VFlS|>fPks;wH+yUj(@$RW=Y(=q4-BnuTxQJO%z zBa^5y0M42qXzKx&{ybgQ-q!HiaXXDSV^?n3TutM4me5KU&dNka==CH!}H%mPNQNrGVJR5FTU@uyK=< zD#?JP!&!1%UVeu#ojTcSuV3y~Bc{hOqj+zGp_gCqy{lA_KIBmSW8i8iUl?#4EBOyo z@SHOs+GCDtrLwb-i~rFyp_|Z+;5DgV2=8!y1WwrPR7I1@V{B4tC4a)3p<3& zEZ#rTV#nlXQ&aH^4{d-34duu!ewkMVzUthzzdG}IX2)qm|5}wkzRKPuC5h7RJS(H# z**MBtT7r+}Q@EzbIwwpd>z`H%1jY;x8!um^$&8ZO$tS-$8X@_$e%dG!I4jV+3>syp zSaqJ#j!O;u{82-BZzWzJ-+x>w;Fn^Orgxvsuh+c|fXecUk`IZ4Sb`HO6%V!wq=~>Rdt;9pq=4zfR11_ZfhBlGHpMVfF>f3G{`2^^H5#GX<5IgQz07k*DJb< zH(2F=F24zCaLf+a50Q%rD(wv|VmN!J8A41XSih=+DUpuqD#+^3@)cNrgRY}9|It9N zzbvbFVPzc@*z?)>uGr!2%hcybSB_D@1wR-=iEavCrm~Y6tjMnjzHE#9g-&g_?x7%p1dE+bKN%ujv zTkxk+f^FV8me(aa8WHKUx)}AeQo>#;RgN@&YXicy_cX>A(mU?J|NL`feQTzMaO0g! z^CtaGo9CVGtC|Tm5dn@LQRU_2*rWC-`A)k!a@g{Euc<#l85vh=Kk7Io>y|c+<9~Uu z*6X__);yV!5mOx#QETI^+76Q^FDye|2{UmMie3aA;qEJb525XV$oqmE^cDg+Hg6}q z3<@y3p?hA36AvMp7x0@PW^H9@AfYsykz&~MmRG5Mv1qen0Fc>hLUi074}VUEd4o|2Ew1Ex88y~r`A z_u9y*_|aIZhbbwPVaBHRZo6c!gx)X6xKj1xK=bH<;ON zT9e(sY~iOTT((fObrPZ*^;;g?0Qxa*BodvOlHw}nsnKuOv6RM2mJ}vS=H&Sj4=j9b zbYqtE)A(D{2Quw)sER?(awDr~oMzWRTg$s>Ltd4Q>beJQC+&B5ftVe14L*Xnswqsw zJ|It&Q7lM4NcKNW>X55WBa-hOjDcZ6&_tj|%eA|5ZB|f1x`sNPC0Z^5nF{t|sJVUQ zO+;c$>Bcqc1Sq=o4GqMj44OrW>AhmBfC{W6e>emCmu38;*N%KcnWxNa-%C%Opm&#! zvL?W8XJV!W4^bU%2?vkTLL4GBN@GkCV%^4{KGSm|yEGSgt{T?WZ0&ylF*#7!$YZC9 z(9ku+4$D<9zQhz|^Q)UaCIeAb3wF4s{oBaAZ1Zn%`&K$&Me)-*?1%|qYvVv^Kpl>r z5@%l4!Q_e^JsP3qn3uPvUuxgkPV_yhMwCnT2oNK3my~ zMY8YsQ@8=Fx*a(z(p@&9C7$3gt5EB^8|}(C%@*$P$ge9z;+85K^*BlxNw*s< zK$V}P4xyNVv+JEoZ}X^6UnlxX9ezSzv_@6Qcn`QSJTGnd-l2P58n)j`{yFnSH+CZ8Rme@Aqfx+a2ht;3e#}7l-tWyauDiN24>HI-V6k zk1VpsoR!?#74fK*b%Y@8mOL|R;(rJ<`5KlvyzHib{V2sH`my#J+O@_(2Sq&YXF?FH zhHRnVPwm=Kq{X~2A0Kw3*umEZe6iy3H5hLh**4mg7|?@}1He53`01KvV&NAzi}-jD&c)Mp?niZzQpYGXyxl6CJfMBuC>UQ z@KH5X_@c?19Kq4m2E$eD`QFEtmucBo5gg_eCI1~=JkX*D^v`VwF_9sw(1Jeb8h@b$ z_Jpb6NJD47_k(q|;ozf^+6mp?kwAkR&bk**EnFVrhcIlm|D#Evg!$z1*~D*ab8BD9 zu}j(ia+yuH!&{Mexv;}(aE9!3YBUe+z+&;L805uG1Pkn$M8>4gwtrdL5$CyV}vw_I4+Y=bGj2cI3qe zMs+|K=Z3%~-a9KLkhG@bKRW(CS`=(=eIc~@EMwQTjjh3``BAvLPq<9Z)=U~~bmgcx z>QtNZXaeyJd}ZE9DE^5EAaa8^)C*Z9-};Km7l@kmbMU^o$?eS;A81J(w2w;5AT=Jv zjyHV~Yi?{H(PjDj(;Bm>eMrVx-P04eXhlP#e(vF5o8PhEp+>qee3BbygOM}A+w_>9 z^IBr17=6%X#0}1l2*#%&kD`UtRy*?SG^cf6zkj?OZ6XuD2fqY^j=`0>Yi(<@5O_2j z)P6(u@V_=e6-$#Zn7Q0l=<2089#;)>o^BPYIFf^+{$mejLNvfnBMIqj-h6Ssm2TgXl>%i~Dpc#SmQ%(_AXB60W z%C}Z@Vtb`M5%gST=T?1Nre@Ss_Z`}2c6MJomY4d`|LG@|fv#&iq-x3TN&&i?X4-wf z=Ua0R_&lTpFNij@==6`@j(rWZs3y0kV~}wXOwH)+bz+?<=_)GoX#GI~Zga*kVLV9e z`fZ)l#-M}DxfVdIAu{mGCJo+eg#U`br>DvtdaibmoLdP_W_wt5-_>H^q*X3eq1UCc1{?R zt0~KW`=5y70#u1+cj~0cTO^rYWaD~ojRxMoXF*6NoeP?9T?u)K?A1rlX5MyxH;>w>L(2kaZqh_J|a?1WcSH97nlWIpFu2ob36r?WV*i>rjY0U((~0 z%rD~gcmC>#U)V)+fo{O=66MwkSfZ(Xo6g`C)Qhs5EwisNvvS`=ZXlHe=ep-Ft#JPB zBV`f%cXWWpg6MYl1fa`XGq;<1X>!i=6{bkK!FI3CwK2{1mz`O@l%21M;Y-Ny#$Y^c zeBDes^XP{G{MTDsy$1&JY11nEwj=z0sXL5bPeNR$?n6aREYwPCUff=}c=ow7uoR|E z^pDmICWhG&r?9CZYE4_b?vpj^*Y0POOoRvO+m11wM#m z*VND7hj!Qyxf;(B-+RwksAX9;f6W$aXfKqwG9oIY@p?t}D*b$r14g-ypTb3)iC!b2 zfoRZUiE~q!Yr6)BFlcAkyjaRNxhpyrN4LjuFXPw*N}d?pD2c(;TIV*n48zyPAeSkY zq;PUE@dAE5Eo3SADnBQ4 zQF89G!X@g&A}tZw1%6p1NlK4{S?8ywp`XoKLk=+7L7RnEI@(`J#0= z0%~&SG3Ld$E^HD-_X}C0cwh+xeaDV@eMgIP8Qidx9x|G=)Cg?4oxTJ+)BfrT&+Xi-*Hv!$)1GoT zOOA_lx?C&Kbmqp#n*-Gv96*&Rqc*R80E&kTA}D+Vjt z|Mw3`^Jalli^p8aW*(z8G(i!{WRH3O`SR43(N5c5BpjGzfB4xs$?*XEbi^`99h_QU`s?!o^mXeYH)=0)j=G_;JLb7al`-P3-f3K};bF&DPF3O`eA{E59<)$aSC zRn=r?Yky~^eg5w$zOEO-0fhX0DuA?(syg@bP`ZDQiR{}jeIn5z@G0|p|5nR#rv8KF z*E~1+4nsJs-_AcL-CoN{^2nT(A3EuX_DN^XimugT0LJi3Y1y+-`64+w0T+Tf^xfiZ9u7#h)97APcYfGjE{1$6&(Y zwL>*d;Y94wqt2LxYaqu=*-U?rpYR>Wl;D))6R%O7@#kj_7Bg}p`+Fh&Vmq08p$G8c zc+tNmoK97N`!95%|gu z?qhYIprP>R)y-}l?b+*ZDz@tFj;?9Gu_y|5a_>uJe@Ig88Rdog-%H%#ORK@3S@w?$ zZWcZ38~K#cU+}J~b{&}eIXC%Q2K}*Y_n3EoDH_g2(P=!(`U8pAeSqvsR7Yw`ufEJ35I*w*XNqO3HWe~~aM!Z?v z(Q(7Z=dBj?2Qv!i>4E+Y&(ec?H@}5mqI~9OoNE|-_c@-T^ z(YRQAY41IWDeYs1l8&`B7w#wB6$6^|Z0))->9X}wK(1EQ4v9s3jLsJHQ571zNH5SEy_ z6A)?Zxi)PRJ8rCV`qN|JpU;2g{d|9A_|ZUN6%XTQ)19M>fUS=UEJ@||5N_d))kM@$ z97))29*XBmYT$6-W)`{HxapNyeLvUu;L`BhyRokw!rh!%B!}7 z;dk^aCc2&_^H#azJh_!iykG6=bF>DOr!0&uQ7>GV5vl5_$ZmgJRxgBC)Bct43z#>) zO_S-Cn3RWouJeC8r7wszqhLg#RV{vHXG74jaM)-(5T!rxWV5$A+y z)VU#4^?SKe*a9Mh{28{aRecK@B!}p2X}GP_l5h4Eaj~-?Nu0wINs~1eaAR_+nKNC4 zY(=DB`Evl1Bf9q)c51of!ErYGUR=lazLUAC>R%_XY&^Z^lYGrKEOV7OlHPuK&Jada-JreB-IuS7Y=7CW`<=9gh`~U4J=>T zt&)(bFM$U^!9557;L#!ZmAHq8yx0bbl0{D~zMzQQ<-_ee8V_7_(z}vI5Cpw7I#lzp1*9k-R5MOs&^O%G)c4 zLGW~_(T|B>k@^GSK67U3k0M#J9o{LpD>7wCoTe};qbFM-(vYv=IXG@%>ine zb>@7WAwGohg0$NFmw?l(J)HEzPzE9SlhJ-WX;6z*Nl=!epstvA7^_OTPgnkh`rBY_ z-A@sl)heu-hs;Dhebo(VlGQ>WPRgR=P3jxNR z^4fTvzgGGWJ>^d5^&}KT>i2E7@kICjB7t^ND^Q+F`A73Kw||LEzBtRGvB_Tr*VD7W zCljd*dwpv08N+sy!_T)P{S{QE7t-v%jV<>=U#9Xxh0V!{c(KTkKzx*?le3`KpKrDE zgDxEjZY($Yw{5p&zT{k^KCV8|(gS;(#HXjDSSjMKbC z|pnK|4mpDMe6jgGuyMO6#1TTzUZAvfkt%G@C z`GeL_(Bq7lPu=WD#WyZlaQugM zLU2shOxEkRUz-Thx!dcPnN7~~lWkuQcLy%Pg2+xJpfjT5J#`Fy{*$kA4ZPPh>+Xya zLq~k0lg<6GTjjYL8GI)E2RUN9AAVi8KE0KE=cg^%wF}7tSB5!~*FRDM$s71n2%TpU zLql6^uQPx0iIy>s8!X$%#G@b}ggd1Ym{2O(8AK34jKqE&!k>PLm@((wEDJz^KKePcHvp?z&5Utdq zv*ObYo6%DtO=SCu+b~O8tJZ;ynPcs*0mp^u=ha$~2B;s0oJ*b+bEcj^Z)n8zAI0f? zwlnK>F)nAH(e8VI`RQQ~g5?t|s%#@QkR<{35O@eA!T_4IZ5iAYuTP{U^{O4NU*DcHo zb1k3w&3`Eo-`V zb@)Q~N)j+9(P%8;0mi8Mrj#m#uNFX?aH1f zdS()g%+`CiFJuNp`I*lq%vqhK?||L@uBDrG@X7rj?R^JSQ|p>`6cqs}3L?^?0wTSG zNFXYQCek|ys3B##(*AwGXd8c(FTiQ?G?JL|J$wg!Y8p=?_m#Rh8B= z9g>*$)9Sb=Jy3=+cz|p<4Q`$8#)Il%UoXBIx;=Z}&3v2ciN5xWSC2INzIZ(2n_Lb+ zmw8s`RX2D5^c+PD>5YfBqF9ikgGy(x2uX|h-0=>K5NuV)^qCE9kwn=qpYD}N3F0I6 zEJVt-t26zSq{*`TIhgv8Bx-ybw>Z9{MaYS}+4$km-IA&S`k)Bv_y?n#(f5rX2S>Hc zl+4(zu?x5s6>n5DGX_wk@$0LKgcuxmai&*tGeyX+IXlhj8NMEC-qfM;7*ZCQjo#cl$Ng$tPT4$ z6aCSj;m5o?m=T4us8%s*r0&4$o5PSBbNkjU+}vMM5d1Y2!BJvGlftjmKe0gLPHA_I zo00SzbBKW62r-P5k2g^+A*@Chpb0v&0Uw=m?adQLSht^}g6MtjacInU^fFcILmDq# z6wPV5Vr#fhmy(MW|Ek0o+KMVyL%UltHxp5(q|pISfff34MWMB$ta-~5i*`!65X?RR z|9~^Q+lE84a0-ghQ@Ne);?JU||98&p-#WK{Gyd7~?N6{atYY()jGq(HULTf)>IU`7 z;|AO*KMX#ofkTS(L^K<`S%4^IIkZd|IlT&qRRQ4`%C6BSr5(+`RykHmwdT}|9I-aP zWum#ex{oryWemMaW@cRV--9CbtzRTDle}!^R^@KPf{;?U2qsOvFWI3%>&$K5VnFR1+6~2oh#<0-l>`W>(|1Ov>Wf4U z9FJr=t|NKdnXZ#+UGNGqZmPL>bA43`?`c5#f^XAdL_FD-?mg`wN5n4pdk6+ZDBfx) z4n@)XKmO!j^mJ_!LwPFxN!AsNLD;08t+K0B!p-EkYPn~w~6C;b`$IC z+{Kre8gx9kw&}bNT$n-o$R;!dT1p-9em@FHHKXHC93`y#qz_^g3@egOo-a&ikO7t6 zUSb&JYl%wi4IHKBouP#F-^}VW-8u1RO+hFrWF6qY`s0%gNdmb@`N6W9z5L5gV!8yI z?@vo^csXCZf}>Np_!icBoJuOFuS%E)?C~Qmgaug9l5gXaSNZVkLl%XRPT?UfJInh3^@kkPV6rlU03ab$S~1uspec`3f;i7^#?pkebtJhGTOrNZB(e z+8c9>bjX|K{VOuIma23@i5EtLW}cO60Sak+b|+(nwdq7pc%lQq^kj$GX{_g*Sc{^K z_8v5lY(gDqpkBKtTzY3Xo=D?%L-9EP+R8w7`CbOl*;#zYY9bNF}je!+-20eBZ zewHjoN}pK|Vb`}eZx4c?a!G#8*fO1C+fNCSDnyR-D4O#x0yl32k6FN=w5BrNVf|_f z-&moFKPx-S>{{V3s<~p&kMiA6A*fS;5}?J+p@qtdnnCjQM^q=VI+s-u{!Nh!G^c6Y zjV~%oW=vQK?Uz72bG{{kOG)?AkWv)^Yv*M?KHt+T8Rm(af^HRCSo|XAcj2qH1sm4V zo3PguqL}&0l;EXiMw$e-a|!)2=*A^#9dKqzQZoz2s3da|!}MT`U2WloAx;9#TQF=Z z`QTWg66qO!ye;nBsvf}(r=6R*!_7&MO@4nP{Z|{xTY^zvQ{CMi%m%q{rO)B=!mWHebrVG(bc-%EXB_7IQ!U)7Kx785a9(m zy6^_}eWl-QA{!|bZ-Gm%4+OY-+N6hYC;k>j|6M~_gKr+LYMktenASAo?WY-D6!VUF zQ`J`D!%*iA^KZzr1(f0BGv0jmafKmdIqIfDs&7luac>jgD_ilC&bD{d*di}oJ{j4j zaa2|)$$|$yI;6iic(-`x00hW46arsRj;u<^NXMfaUm?};)@T{C+MAD5(@#Wuq&rra z?OmS~zsIZ3REf=`eUD5#Gbz@D@=InhAIHVC7KRjA+?cBmmZi5l5$quRL^*wI+@g~{ zzaojF+kr!9LEI_%iqn_~y8Ii^7!;jQZ(Dc-QP==3MFjxbbl<^6uxjr_cety=qKaG$ z@9W#kkPb_nya}~ni>o2jrZ6x`oMf^GLD)3ZDFR`%lC2*3EoN8PqO!}^;Pryb=5@uw*6NC!tvqN3?K=;Dl+0$itXWqy^{R= z^2qCkPQ~x@$w2KKEz)bIceD-qlEODYX~(7aBUS7lDfJ(#jHBR)n(mt^k+VC)59Bw+ zt9F7e%&p`I2$-3s&Y?~LrNnEAdrVsR7n_=(ix6 z>JeLJ7bRbKf#kafB^$qHCoFC^=eH*0iC}7|Eh8sFh*(CDi;#(Ts%QMsx#eZi^vKTl zi#wPpzq01^%>vtCn=p;jQy~m}CKsY~{7}Fm0y)2DMoMju+bV}pr}yMKTAj9moDrNx z__R2`)DwzLF`e7Iq|kq(LFknRH06f@F-%^k7s$>tP(%^T#CP?it(oM&VJJ&kkE=@g zU|qY+{>SjONLQy~kA`i*E}lpe-jvcaJyAZ$5hZE_716hHKb>qu$eg1NeDp&|j0vHy zsMIypMWJgcd5}cK75@e$@zpRqN#p1A=F2Hfsim9X^%l)rUMi zx391#W>Hc(#O-OV#1S5sF?BI=(s$%2*dH+I8Lhb8V_ur#zyXkN*mlBnyQ-5+`3i(Kz~$?|5x#CuBotMNmM#Ggo2^@EUdh zn#2PAC7JdA^tf1H>+-%dCAVoLYFh>m-LXtW~^ct}Nls^Tg_LO-^8@53n=Ud3G7j zdN6r735Qha?J}!8H$63saD0;9d0wS#Wj)oTv_E&fw0h&JMC>D%vuCY5SYMl4*unA* zR;x=lmFUqk^(`0@Gv2Q;6Y#Br0X-J$hdGYJ(~ji_Al0%E&x&VqJ9T&7ndz>E$3`GH zIX$&1e8}2RM=oU?3lT(eo@-QAw4gJOuD%D$*tk5dE;yw;KN%dLq7y1nPTUg%YCz-}f(i_Df=+aT`Ic4tl@Z_IKD5q(KVY&`MfjozpH+O0SumY@Bg z|7H2HsbZRm=mYVIc7g7dr~Ewjya{p_#H7-N^SB{S8>1ML=p#pZNYni%Y;q_d52}M-3=o0XBBfHoMS;@2Z4dE=&dbfgGtZP&KAHvbFF*xX z4HCPF>1X?WKf~_b&2AD%o8PLd?bm~;CUt9??Yy&*%rOnFj&hPs#gu(@%FOYywn)Xn z8A*0?g<(*8v6DyxLWRFmt=xMDbMFtfZ*`ZMEW2&_0#uCOmp<^6>Kc*tfIXMuLQnl4I_mawGMI&nS)D z-dbw>_zjW=G$^z0Yjt$3PTnLeCfUL5ag5x9bEf5&oWg8;JWfxBKi9>v-3nJXO6Pde zCMX*t@+JX;oERDLoF-i5kJ2!DnLQM}lg=+9=D|{9j&*_$Oqt;2fY5uyDntuc7+TMQ zd(qyKBmzU&46G*FYF%sUf7*IFTEqA$+hkefhF?N4RXpkZ3~;vt0Z|!C)T~D^Qiguf zZyiIgql+P&k}GEFw_FuE_BQj(+PzmjK1XIwSjW{>rPMCRelbt#*A^VqurN&R%ICIF z3RUsknOMtwGZRJrIHv}r`6qQ6cF8fP9d>hgT@`Z$Zy$Ri><7D6?N>!@ z1Tk@ExcIu|X1cnnT*5=y*R@raYiroGl_;$Q_Y&zWZI=1znk%ic`5d_pDc&YdW8e$p zj>#CqWco)G)+HpOr*esg1v`K!){%CD>(uxAcy`#}JcgzV!BMoX}OC7n1X= zLTCKXUpSJ$fH?cKmfS3Z2&&e7X~VIpU~MuvSzl!)^pRnL)jUfRd&^lL6TOLfcj{e&d!`4%ztVV)XaE$aLI^70_~ zi5p!BKsLa8G)LWGoiguIzaLQsS1O%F=+op5IAA?UvKmcaM!f zMHJ@P{|s9x8IxM^(``wD`yc8~k``|a)&ZfNn<%EbQUIxe$BcJ}*=BxA4ZGdj!+2G8 z-@P9{Hytn~JzNiD1^od&$B!O`&wwDdTe$Ox{>RN(>r1doUUic$hhx1T-9C{LD!nA4c~xTjadi(AojLpFYc70KD=_YI27#QfQ9xDDojmj!+1Q&QX|1+JiW5-??wA;5&T}YW=ipOX`ZyU7DfK zGEaqbhL~2b+6uQ{0Hr;rZn9uRTS1ars{`9bm^JY+0b4aZK%A4U3?U{aG8av&CA|GA zyzrx||Ki)P2KMw@MlAAx>wcBOWlkAI9YIPTfT(I^X1L_qs%_&%TDUm~kE&}~W%1@( zJP<8U`>|MZ)O^WB^uB^$Y#F`jSTQ9>?N*tSnwz9>-xi zytpko3t0>vw^?{vB*!F3M0{b_mN;iU~4@U!kv8D#x8$ZiJ8C^6U5-3)e(tx z?6(jOA%1?)^6W8bXUy=!W1UNN?xfh+UTp4MJQ-RBe@Rq2fggEEwgi0BYlz{z0_XHS z`MV*=9dUJ}(W{Wn21#5ibMLm!AaZ>2qx^LY@vtqcETUJ|0(Ujr>L`dWXAavEVbYt$aHhLl%a z>74^JSs?&Y!fF(+ub5bnq_6@H`jIkNuzZ1QwEw)BxcyH3tXLyZYq%{$_$i;$8VbZn zILIo4<2t2%`IjS1e{^%eJVLM&pV`_5O9_)v%Ze$l*RofGB*hM#?0_z#` zDVGs96}sb-Pc18(R197&30eJ=F|{lZvA8jB%jc`x5(PdcNSvbEf3uaZIdcw;WF}}D z0)UO6y}Nj4xL`Gv@pv>jFRGE#h6nj{LpAUEg$E_sZG+aXddgWqy1=U<7zO_YZ&}#n z2?i|z!CjGif!cr$&JHHtEbo}aSshI1In~HC`!@9pi7gdTN;9hz5%MKcRVt~lVVcvM z!wZnrmc*BbL7;^WSahV#e*OKKnvSU1i!biUJDh#Y#5(5>2+&0G6rDjiDZSlU-C%8k$ad$q4P_sV&Xc6g}OZjq* zF@&u5-VuE22P#a7?#tS#Y6kctx9OsW8FZ;->yxm{S{c4DRz5jGr=bgY{ zB`&i2ehLINqh-))eey@W|6)`1RuU!~5x-|Vu%}n0DLXMd4ActiT^?g#dlvsjGJCRd zau)_92G<`KnRL~cpqt_BNa=p>OXi4iZOZ2uOOjvy_qgXf_})c_ZHGq}fq=@sm=MZY#HB%;$xDcr*FMHI!>f8)vu5WC0==Ier!7)_#hUF|)7jUTd4y3oklHc0jF@!$5i7od!aTCfte4{ZDA+}jykfyS zR@tXJ25K(TJQA4D(7jnW3e=y3v@hs{9DwX}LZ6UnNSuImU@-ljbctjQ@i5PP=`NJ( z0?*=cVg$!mt;YQ_D*N`yJ6ov45q3B;$&Q#x>L>8bss+2F1KxU5N$8R#Z|W^ zew}J{a}b@r=YLEug+)E`c9pGyDU%woGViA{7~pgwyibz4XV=k5Z2Rvir%Csx+uFLD zN4PnL%FJX=mW{oHOTTWH1`>oeZtvi=-glfDg&9Loj1*Cl!rUov85FpV4CaV(OB>Zd zHG-JGnCOR+*x{qx9HE}sQfyI5r+p_k3cJ7_oy19&s!`J&%^6DSo(8D~cYHBKiI-$^ zo8&b!`lzng?!EBv?%PzCrxs9q&n(bMUybA1Qz1v)UB4hWTEJyaYrb=PXfA|}O3{}U z(e;?da^kjppsp{EtD|#*mcaEjCaGkBB5j-7r}n8;_=SE@ecelD_8$7a2WiC7!D;N# z1gDT-H-pFZcMbP6^c(Ajm{DUzU%dy*B%l&)UAqb@F-Gxf#qpK_LQc0d?aepXIBWGL zSWXzKLP~Py1=i&A1qI}Orb7N}(wpDE13V5W9mE4g=x(nEQ$&}N$Ks;L!>OC%JST3r z4L?6y$I&x+EGp$=_q~v{Q~3)hx{$pSA#YanHsGsZd?FcaGk5$~0 zj;~^6lW|hoKjy)@U@Vw@K^Ixlaz$7}p3cmhb_4~}35K32(=uuG=J1;}@%`Zzr=_Va zM||G1Rv{(I6Q&-?d`x|g*O%jLuSjIYile}$1B|wPaSNcB+gp!yacx z^SA1B3OZ9Q&6Jd(=#5nrZ-%kGI6q(fxK!d~&aJO>;2FJ!E<*iE_FOnMky8f{ z3?gfbIyob)s(k5Nr_5v%@iM{Wi=n`q|v5l~Gf&bmIa0#?RVOQ!i8zM+@LKYjChmG%k|on^WMo-NPaGX$!% zlO1r$;BRk%iv*!dAL|OA?SJNwYqdP`;E=r1^xeA0VUY=C|(-(6BD zG$W!$>>`QH#54L~;Z6BGt=%6Qu-?%)3$N!>T|KLFyf?R5qkJUAm7WX*jcbKYpw$>SST&x3q=H zruNo)Hg9&a6~4FKQjQow5=l2j6s&v`nf++jTv4HEBTP)Oxz-JH71&7iYP>PoCw8Qw zT)s!H5z0+bAlu^QTF{|MXG%!!vxR{rme!_Auxyo_Wx4H71qZv}vf}NI}xZuBN5&!X$5OC+|wQ59rKe1>4$8 z;*)*!BMKYP@u)BY<0PkBS~9q$9^bfGm%W(ZlUBZ|qR`8JYi0htlC`4p(I?c;_Zd^r z4nn5F=%6j2Bo_5D`7}f=o1}ar6gT~Xe8Zgxuxi7tM1Vl4s@>=BZk}P;J`y`ObII?$ zrd$gFHEwvT5IR)pr{^SXX8O&1J4kv|S`m6Fi2AUwV)Y`#pPz2`o3bEX}(0k$$pZUu|^d3IocP-^h$nETNK5yGL z_p`Kd=Qz5v-XBZ7>Oa#92Kp|YgSg;Tq3npcJFcA1(Q&QDmE`Oy`N{D zGK=x+d~yJ~O*SIA5)6p1Nk`*6g58ARffV_{EqhG3oOTjLME{Gk^fsJVOR@5b{sUV! z>^RLazmPrA5P+jzWJ)Fw7Si_~0@qme10JPEGD<_J!^-D$z92PS3N5V0_-ZSe6+fn# zy<@$zdOS^NI^p#9WH!hVg4~V$xI85~Btw~#j?ruFB7AXu)B=Z|T_*1(y7&sITQ6Uq zIZJoi&fu~k7iKG(r3#o;)cEGvwLpCCEX5zc*_<27#qe3d@X>LH1mwV{8J9W-I`!#Q ziNaur5Fj$ZL9~8tMncUn1`MN^YtOo7O)PVRt3wSi0|jOCwN9%Jk6-7))h813-cxl> zNS=nOd`nBeTTDnLvy(7{RH7>Z+PseTsJ2SPi7|f~k#$+p<&R7g)^Ar#la#h&em9S1 zXbhG}tQq}^PU^%>k4K>BmGPABS=C@0+ynJhUP4|qCIM^9^UtJCAutr6DmO5g4a z@Y<>v3mXP?1qj}l2R9{`jkH>0=>W#uG#gT>4Da!h40g#bBqGf*`Kw>zCK_@EKkKEQ zDlH1oH4VjQBxdY2|41= zsBfR4syz1Uyiey^R!VvpP$3W60G}qguGZtA+9y0Z0PMvuDvUPU+i|8!KL2 zu&INMjiq6e%;biVHn z=ob?*SN8F+c5V)U@&s+5NK`nT*lex4Oc3b_>x4*^j4i)vXE`T$_u0{e7dML;B)UR& zHfPuUQI6|@U>awr9iXv*ywJCTIf40DgyLw;Gfz+GzjGcs5H}%)<$agxq_x7Zn%9v- ziym4Q*i##Ns^qc%noNT$3_z7GzJxH&!NgWp;hHa&L|2icnHyM(s;_zrH#bzr)C@L? zzeiLRrd&z+Q1e@98pEYOwiNvYU{@YhAcW*Ry(?OMZ=jlgu-{u%9Z-KN{ij-r0EgpE zYSw$kgTDQp&sQ_vX2mwF>z#j_(_lWSI&1i;`@6;>?bD-c%W_6y(s~Oa^1A0d^s2L; zrJ$wtx_oLXf9^NExm{OgO6Qy1nDZ{y(de;*DFaNovHa}E6`sHb6m=e#e0xL-zF1B05dA%_C>~9ZrM=j zCtbx>SI^WViMQWvFQ%-fa^owSBgQ7-!BKfyHDx2ztOS0MybmZv2|!747;U&=@B-R3 zBc&>tbQ>vu0D_`+Xmu!;(SH~vmn7SA64rk91qVb_(Sgv#^#jmF4FF;E|Lu4sb1V?z znJ9A>&^BwbneE-#I{_rT@^~K6JMa-R;A0=&vyFugLE(TzeSqK1>%J zrZa%_&>=oJ#0UTL@PSd@x(J5uK}{J-Qa}n*r21GL!o;X&43o`Iz49~Jj=KN|@TD39 zGIa3$bC%*ucRqnPq#dV;fQ~`R_Y5wf6febd^AG$}LWCs#DM8}Oca2-u`lt{3_m`u( z?BvY|2Ov-{rAIeW5+K8LcN~D~pnHNNTmlZ8;u6r30_fsAY8t#BeR1Ho-Fiw_#g)uY zO>JP}F9)E_4e0tb&__w__XCSJdVk_|wtxSJF?)h@6mPYC;84blCs|y@izB4FeGfol zJQP6FZzadDI9B`i4j?v)+WM{?a_18RV{-`{W3Vigd7^Uql-w@6mr#*`MUSIxaE+g) z)~a@1gJ6E|Zh5ZJuWE)D1V{=Lm2RCq*a0Y&z1ndB`A1npE$i^zXhwg4O=9*2NOFS? zw?BCf^qpDaKVCU9De!XPg{#J2s5lSwB7wdCe;)x#(N*rYcomR_inNTV3P|K%AQ=I- z(4QtG{ZD=`=P!RWOR;_w)o=^SWc?3Ix8`&=oy-(+*sHSNY0Ul|EjOLZK|oFKI{08< ze~(MR{vS6?gY-5n?$awpkL9~qu>#^M(z~>)XR0%+;)EFj5(NA{LfrD+9XF~1dMbZ$ z%$WcvsgCxv-hY%ZtxBdwbyPVVfSgc2Y)rHaOy<1Pm1l3Luoyr5pL~J-^S+xta|p=l zO_S>l`7}VO;hKSmE>$*7tK8)%pL3U^US9xA1ZY{HCTqg}$dG{tyBs^non^8uyv>J8 zMb0JFd34ziNpvCMaDZ zOYMJvXy9rRtsB7S4?wf@{SVdOa`8}3J3$RM%$S5Kuy&CTP!f%gPH!wy`QCw&1+1}i zlnCVmkgyYgyCX(i2E5`bQ>zx6VhlWLl{K@nh9#}d-C^`H~b zOO80z#iitQ%TVkR@6-N@*BsH~?BNY(B-J|$;4}4Y_0&igd?_NdsYe9UlaMiJGyp%> zRX-@k^r~+{<%{+W>?9l2ggCdbHyvfTiw0U20h)h3^V^XF<#VNQKcFvGJ*Ez5v#CO; zCtsf87!=_jAZy{&-C$0%?Iv{_V>Xx<3TlY8DVkGH6x*n2!lECD?igrIhQ2y>ZPi;ewCR{U6x$2g8{Sb)#Nig*<%!}Uu zs=D@-BhL+JdX6nb`Osd|8+fN}58{`8!{YyWLs?Ipr-Dz z_>W7Hf+9n3@O6$bzSuQLQv))gnW9|(#(PnYXYOA6Uz}k7N3Q;f4-0G--y2aN5x|PfBn1v zB%S>fALzl*?+~fdV?gMum-v#vAF}3-0wL`HBCVWC^d(a_G)bjw-=Oos^@3@KB$Y^V z`|%>R?gWP8j}JijbQBD|E6+$SE=#5;Sljd)eLeuC3318=)QaS*&0MLyNZ>KIW}DW6 zDQ0A5VG^D{ndbf4Y&&&AfN5j&BJH!b=W(O>On->n42sc|WYBcYjommhqvax|tirOm zt*UcdxFzb7hV6X~-YD3Il<0pG2ZA&MMtb2lBkkh-JHT8crQ)m2^&4RJ`JKTwxNh*r zO7KsAbfn|zIkp7Bw7@-4`fGIJXN2N#`^V?t8eplZ^Z7t5ZYgnEpo{WpODf_CeMgyZ zUw+{z`O|PWO}!a*48wpR7;%iM`8z8gJ`s)T_hMSp*I9u||6F*g7szZPiciRJY!Sz`Ud^wFxN`{qbwE` z7LeZI_D|12^KjIg4Tmd7Xc{sM;s@fd)AM6g+c8&@wwT#L4)R&C*`FLwID%9igD^ZY z*L$uri0Hk|8p}B|bVUBSU93^}AhHWov7onLWcdUBp3dqa_d}y;)m;$g@Tq@06Z(NU z@k`2m$7jA=!syZK=k^`na(pABZ=C%l>nIL$i$O3aE>R1lO@E8gu^?g0`MEKtKQh z_rZSvejd1~73zK!01ONOVE_Qg0Ad0L00Ke;;6H$X10enh1Hc6W&OcyN0-@h=2mv6* z9U%H0#~QpI9U$eS+`nH5pA-JVpyquJ`2~}pj!^OQ`ICr_6^UPl*KcOO;0A9amXo>2KolL`TFrni%S9u=kyGS zj*Kqw_z9o-3DOO5-y2T?%7|8Ol0RBQpNqgR(7x8w)PxzE8foiY)cR@n(LQzX^YbF4 z0|0NIKz~!6bG(27&3IH^3!F1kWCs&XT%@_zv`Z&A$001o+2&*}{ zIXHu`E(nWyd;1>2ARZv(_!l~^e}Nqw9RHx{;NbcP{F^LbPO#wf?g4&Y4q-oU{wIID zy@Eh}{X9;Czf^Aix~AZj3Dnz|r?37IOa;PgK8}V)Aj|;5Xm?Pe-(W%tw;)|}5C-uH zxtsztkBoE{5SDayIIj=FTp+CN<7IeM-$&_=SKYPsKp1QxgrV+%dY3@>DDPdD04*~R z2I&(%_4hUXy)43~SN%0Le$QL%;15E-;kN{NnjfVf(I0bj(fdVz`?}jDOE4Ye8A1{4 zZea+*G$70p;AwWm56A;V;JTaUQTk6D{~*&N{sq8vB^Mu^b07@z1F^g6uYDx@5x&27 z00{l$4RY7bUGFF_$R{Kt(CyMu9Uswo?d0&2e>M<)>*AyFyG|f>E&-R1c>5`rv&(rc z5C&z3d~)$I|6N|loL}I%qq2_jZu)usd^bRRA_^BTouhO<5atR9Hv2sII%h&;E6q1}N1gYV z|5d6#WB~ru`tNw;lH`QstmNwCLVwRmBTOUv2Zu*G{Y@XgY3(;&9skhlFAn~7`F}of z2b@7Z^?&E}4@}5iNI9e(@*dI&sfSbpypTr7TSzzL-4XnI`Px5g(e;ngOn=s~Cs;G? zf8hL**8xm9D)Xov1V|Q2u1I2jqY~&68VI&qK-1SR%-`MBEs$3O?D<`I^?aPfMR}zp zr6d91XdF4h0e~%*pW_1oOV^)ik?jDWYJ|t*>;Fu<7zzND;JZh$`DdD7Isj0+06+)A zDab$gH+n=z7h-?{patJ3cHjiS4+w$sNC9$yGN2A<0T%!x;1Xa3*nzFi4Q$W;KnMT_ zZUNCiJm`dY2xI_AAP2|?ihwep8mI@}18u-Z;1e(mOoFZF3$O~HfL-8_fPjFMfSQ1j zfSrJc;1q!fffRuPff|7p!9@a70xJT00#^bbf*=Ao!EJ(gf)s)bf-Hgpf>MGSg7*ZS z1pNf#1oH$d1e*j0gb+e1LMB3P!qbEjgbIWjg!+V+2yF>n39k`eC%i+LNce~_oA5PZ z72$irkA%a7bA+peI}iXu31NYpgor^DAes;(h&ALY#2*p?iG!p;vLVHgTCko6A#;#5 z$UYGX5hD>Vkr>#5b&1T0oQSRwMG)O1${@-osv>G38YG%0LJ{GJsfoFWMTnJ%^@uMM zyAp>GM-!(Jza*|CZUx__FT}efBqS^(f+X_b+h|4NL2`rS9!Vxi2}u)4KglA=4k;-q zJE;h%Dyb2v18E>>H0fi~*QAZ41EgO_(PWflJY-U2+GN&bK4g((X=Ja+8psC7mdFmt z>Bvu!E0G(KJClczCz0op*OK>*ly4|IDCa5nsTin)sWhpsPz6yXQsq%KQH@h=QBzZ&rdFr6rVgY|q%NRt zrkfOoVJg4jgFk|G@T}$16>5& z6S^9@QMw&^M*6e#M)cnF_vl~IchWC2kTRTR&|+|AxWkac(9E#N2w~)B)MRvGyv>-) z*vj~YiG)dzNsq~cDW0i_sh0`G%)l(eY{4AL{Dk=(^BfC=Pix*20OBu@u%Kj3K>8z-AOn+sbUTM64R+W|W-yB51Adop`9`!oj;hcJf;M+nC=j#iE} zP9{!ePAASd&N9vkEo@>Tsd6bTszz+xOKSwxF2&jbFZCXIiY^SgB(5ik&d3ls`WoFYG^aLVme`l0&%SX5EeM>Jb>RE$bY zLo8UVP;6eDMf{?8qey&S*)DAoWESL+={$_yuJKW`B4QX1!IMK z3LT2Xisuv&iuH>7N^(kpN@Yqvl*N=im0u|@s|c#NsN||Fs`9BisAj3osqw1Wt36kn zgPw#sK(nC>>ip`?>MzxoG|p&vXuQ_=eope7|GCO@dzwm`;hIh7A?J0@$DQxhV$d?z z%Fvq8=F@i7F4RWp$m-nCY0@Ru)z?kd9o6I3bJ8o&LtT)+5PqRWpGx0MKSO`vqVPrk zi?s%X1{Vxc4WA#)8JzjO$EDOpHyQn0z%oYYI1QH)Aw|nY}XG zy>#wU(xpjrA@d;f4;Hi*S1bxF_AJj^rdZBhmbe^#`J)wwmAlnjYf@_q>zCF$Hd;0h zZN6NQy%K$8#8%KY)V9-(!_Ld@9gG&{04ujAwzsr@Wsh+%a>#brany5s>WFgEbV_$x zbyjzN;Jo6Z>XPEJbXE0g%GG68Ro7J46*s6`n%kPYrhA6_hKH^P(qqrl$TQCq?`7## z;!Wml?_J}=;N$7j;(Nk3)VJSH#4p-!?wZoIhu2X4`u;Bi2m)*a-Uc#(277mqP*7CR ze6U*ZlVEg+MM!xleW*`pcbITkY}nFu?dvaY5Z!RP@d17kehWSyt`VLUK@i~>@d3e) zxP$m|Q|D&>Es9&7w|XKaBU2)`Z(H83y~BOy=AFeTov6ZSnrQ#%(HP|z?st1* zrDGq*;^Lg+y5c3{)8aArobGicoK1L?fKR-d*qbDm^z1&#eV_Xy$N}qdl@zLAI0*~)M#$>o<3_m&dq~s~r)7Ynbna-I5 z&(xn4Be{|B$b;wZ&&RTKvZ}IAXQ$ZfF;-=}Q(`LA4vS-iCmdwe`y_-Kj-@RbAFuCZoxcWKZGv>>kuhd`DmUxy5 zmZg^KSF~3?eY5%YWz}!>a4mYBe*Nipq3;zx)PHoNE~CC|_;27h?`^Sf?Vf(sU# zd7zzO1pthnK>NYww|U-AjGqe^zeC_u=qL2s^)K*mbHSg_aE zf+jk6Ju=lVsRM-4(tn&_%Fz*URa)vNKtSaWnkHyGev2CbNNWKA>yO7DX5#VKTyU;1 z4ggKpew$w&VUy4Sz;pE@Xqe6U=F#=92fhiQCnG^o^Fj#t077~K2t5J51>gaBCk71@ z@c4yHKnNisCLtvwr=SE8D(L`10tkeV2trJJDl4z3tg3!n zQ~RO0rM0cSqqA#ZaAXTw~;ux<$rxE;+08JvqO$DT>+Azn_9d zKxY2b#*t`0CHrTBMgEs0`$Mol<(dS|XTqNcgb=JH2n4JtBJdz4B|bVx$w0FTJji}O zD1IKG8AM45S~$NSc#sGINCV7F0{*8aCnf*&=$~Kl)8IPW0Dc0Xf`E=4dI&uL1+bXx z`++Z>6UGT0pT{~lZUg_-HgJFYMXn41{uB0)`;1%mO^Od260w0sq|51Q{2SbT<1(uT z&jM#`K2~=JB}7~ve)?sMhF~?d)n_y+VqkXjJVpl(_&^VAh%YgJPE}P&C#JgUph<30 z$=-W5cxE8QaB{W89uGu6L<`~pO&*-?3?A5sgQ4AFk%;ZHc;Iuw5*}bH={ykmbnsNU zarHAo0}r%tbRw44VHgS?%&mj>c!2s0$_y6`V&AkxVjPpu?naTw?XyW3!g@Tg$h;4= zTS3XseOYQ%4ehypf*NAv=j&=ml`y2ijyt5SM?{5vQNsnfDwG!G5e_FR^b- zmhj-`*oCG2FI0IX8$rW6W%`BTv{m^fZCeayMaKm;^#o6+cE%6x$gbc4XXp|JI)}^v zwRQ!zO^F9m@xX50S^_hA`g7~bL59kscTh8(T}>RK8Apcr3r-A(v(GvIgMM{}p)u(a z>dV@QSD`P2?g8!kS6%l^)unqO1#LGh zStN*s$(5&hoIcdMYAQWg5mGP|-hKDI>fKr+e@S+n$lXK9>^LFd_&nCZ|JiMz@Wu`I zJZt^%aA6H!Le>-=1#^?3)C;C2mN#h5dXM{9XE*3=q_-Q`m^@soKcUv_Mh>g&$jVEf zzVw+7>1We$X~T{mQQ&d?b+oPN?$?bzfj$xF*69XPsSQ%%b3V^b(7dRf`S^Ja5Ac64 z!x6SwMn2=az`Eku_-yv^fu2@`_n3$EvxmIt`tNGWuXRXX=)~MD@j>~5pKdf?|TY2Z*XwP_r#v?x#sXJV#O|xo!D@-+} zuPFajm1R{%LaybARPOH9^U%+l4_#ErWIY-Vq)aVscqoM`*7m^O?@MVAmLoQdS5i#7z?m0-<1e64WJpaQ+> z07ug5sIV0GQ|1%=vHsmwda4ASz`;y^5cIi!3A4)et{7O)=Wsz*Eh#YY|(?T6h*3 zHiZWmOTQ!qTv=*PB1C)67ss&P+1A#sxnvVx!G$Fv`$(iqe^?chiBQB1T*BKyJq-$7UZF+zV}knl+En+-SVZJ5Z8WZS!_MP0==k zG(>$rfz7_cOKB-?M+wcp5Rsg_+E^{ojFq@jRz2kP5>+wdQaPokB2gM-VcRkPVE!gQ zeWWqs3a0yY)u)u|GLI3A0*mjihr?wLO)*p`@l@2;tp(UEnL-#9I_blJX1>kT%2_ew zqwGsG+>R7c(IJKFQ|#BCGSChqs8o!uEgHqBv2VD{Q3e#cTcig>v6;w}o=JraMqFFJ zkf|3?8!#JA+3mk3{Gplq)`J?(YaSN0DSF>4-1Ek{ha*xV`e2(n+q8#puw~Y)ZuvCo zL0wDs`43334TzO1JMB*pA4^KtYXmh65KtHmBI^+oI9s^D8P52Tl4*m3ULomK%VQ`Ii5&l^8 zyZ<@u+oIq7{9cjIJ-a#D#{#Q@ytsBYxV^D;X(wKTP|Qf{;`2$(#HcGm=Tdsg_u(sm!$-wD%(T(5~<8 zNZz7j^DmBG7po863L8;&m1+;*)8f?GBDTL67f{Fc^^FQ_s*IU4a2eqn@o(w(Dh zLiSB0?^bdceVS^AmHIv@RGy^XbFn=#5E%n2i>R5Krm=baT4w(0NzWRhaz|T3c3n|s z4WNdysi|q*&ihak4|Has8F4kC2t1(6@$^jVA_sp~+YMEX$oxG(rV(`A|s}vd!T$bKz_@OqO;CpBQC$|ZGSa0h_rbQGM zu+xt9FP7dd7zym7!}Zjr)nreJ4JT~5mrwRSo)qv6ptoQLHdVFVJ{#)!kBP5M_hn(2 z7pWQBajb(F*!(z$0o3$fC;hd`p+cr0KXQWPp+c%>I@Z1k7}qR}8mbZx+*8rvZ_iul zD3M63%XM6%XJ$%HyJ`<~d>-vUmRS^r&rSQbAcHz^->^MB!mj5^f5x$0Fu*@d z?Q!c>^b_nUuZpa`NgrbcJn-@wrUxsM_i{Uu)wo0nmDEa09Xi^AJB><<6OWjj*S}NM zD6P#PEs(&MBzBvjiS3ENt%-LmjcRJln2RWhW@N%F+mp75dL`o_**h$4=D}N3(zd>B zt-f{dt}hnR#Yj1vvC8=lV?iSgP_XDq3FcKoGnW^WmE8->v?tH6R_X!B7SmA8RwdVj zdg;8-a&3lqF;n8VH!o%hkWI@A2|&;p`@V}t>kw2x3z7nElI0d5SXtNDF!&;RhA7c~ zKzFQ({T@wt4-D1VN-Z+ax>h=$#QM#I^D(Po z&ilb53rm)2Z?hYCk>=R4*KnCx2G?|r6sGD!_%jZcqTQ(5oLx@#somzE^Pbt<^Pd&F z{%~}iK1UD5vbboM>O9Eir2E7u8RgXAZUJF@%X7`P*{4bLkpj`2px*WneEC4`4MuCh zmo`-2K&d^pk}_PX)z(R#)s$=z90>w_6xdY@7bm?#cHhCMFT)M0o~VzCmhe@*gVBti zvv#elp=frxGj&D8dEqKRl`u_Xw4SDNBOfDIIx=us2AoA*s1m!8JJm+>JbhF8&BuJ_ z7W*iB9?n~BS_=JpDPD%x?b>H_SNKGe?{_uP>71k0G%U#s?4yTkqpeVRb{pxfo`=-e zz2(MzL>&inB+nSc6)+`yDW>dbVwng|3|q0&$_q{1ts8~&_-@!})uGm>A9hnBeCJm~ zIjpW$`vl*vzLx5XBHs%>!~=YTfiz=z%P2flGbK?X`= z$lO%Ws(3zXWNmalStPidmKmLDfbxy1M6!9Rx$Z{9|~%|TrK5se23MeD^j zB}9sjt1S*^kCsJe8!)5);DS9<(vH zO{kw2l}}?E#_ic^rO0+2W})AnsGe;NXNH|^-|+kZS`ccCp?xigGF+h(qS&1!1^Z0* zH89jDc1bS8piqUPZ@j5C@_wB)HL}21Ay{WzJ$m zAyp%NqSB(K3=8ruyzM7NUnl0iAxMgWOQS~*LoskP%zL3RI@s<+X_DdLc}wer1A%~5 z)@wcdYZbA#&n4%c7K-(I-odv2xWjC`AuC|#+1nrF@N+2nB!dIAh~3~$^NVh=9}(~U zQnAmRkSPXt)_otK!bKL4H=z~KHlqpUIYhiST#@Br7RDUa^W|OAlQ7Pg&t{zCW}Hiz zA1(%P1>~F_faLQ7^AQ*EKqO+Nv4X4N?1st=-Eg1~T+w&I#$f?nLZ2|)NiFesSM|*s z&h$`r=g)}`uxW`{;_irP6W9|qC^oCn4H^rr5N|wGi|B=pafm)+sgj!Yn3xyeEDPha zIDh8!aH8HFdr>LI$d;SxC*B__V$`uOeN~)FF!I&EzGGM6f1?f1{8LjG&9nOvTec2$J=Ddp z&b^%vUy~o zAN4jlgv~*st}9V&5-_OS{qB|8uAO||V|+8f9a^TAG%sefz_Yfrfiywi2zWk;E$pZm z`tIY9%JXf&ThK%;ysKPN{dPhNA^F0)_FWlJW`vuF6`XxhA#1SSJMWwe_S3lUE1SHT z3}(g6&q@3}@q+n*$|1rbvz78|<#W(PHOR2*?F&`q8{wH1)k<~+-gJq<&(79so;7Ij z@?UhI&8(Sv%h#Ygl8uUvJru$)U~_OM+$ERg8wiF1$MfWn!kxs!?PIcTFa7nUt{Bo- zeUzjEEy*0c^RnRV7@VLyeFJ)5AdgWYnD{j0?kFD6mJJ;4Ml0jAJ{lc*;(;8FT91K} zHmqLEhsZdg*IiJhdey^V^pgeOgdiw6oCbXvZkML!eBU5s!IPWi#z(i$Zapn5duLMx zY#w~hDYcW25@cSPMb$QXCLPG(0Zc<65+`fNdMJw_Lglp~#+K%LrdtM=?L_($OXZ># zY!&veM?dkaeYbkjl8E(g_3YiJbcO>((I*yBOS?BWByOvik-qnx2ol?dG3h<%hwI+d z$_Y&oXrku2BdihVFW)k$;Yb)Injf5E=^^wmA_ou52StqXYI7p?9B8I1K^tG9OQ+k66Pfd1rs?vX#hxJ;MdKGR?K#E-m=wRNd zjPU+ux#>}x`Mu!G$C)c16$Nn_XJz-7?kYZ5w$F-rxxUWXm^~dKbT~u!aURAldVYAH zp}KGtEtSb+*$%qiaWWV~M4SZ=K?C8+K~Q^~z#FCF!U9juhSof*6he4@2&+J`;YiyK z!R693`!tlqX3S>egJosjRck3WRei%7kGeuV;5!n9dIH6hHw2R22$du@uwp#XFLE(< zu$xF8ufW{VN=iun^7X2iuawGYM@x75G*dQRB2%uYi(b4h<;uh3jW{CYVGn7lV~fbBCj+2Mz<%o+KR<47ohGE^^c8u*oUK zbJYVgIq3U&pi)`Pls~4tCeBX>D{b$&oziHFI+V(UGog04u}>_vZ%DjHKG^sUqhRY; z;4SLS#9G2yiBGQR>w5m^y931!{8|7(FYe+2(2=gQv4jOzAGX(BU{0g$jnyrT(-ECB z3RP7JUou?#oe~v>%Im61oC))}Qj7o^y~3E5JG;;)cz`A}?F6B>h?YTQoYz>1gj@FXEOFROr_1|Qgg9(BkUSX%`0bAT{R*)}a=$+-#8P(iDD-St_bJgWjUZ*9*vQ8G0d%=rp{PYyq`Imn% zhiW#fDfGWU;eq(TWm#o%T_>v5%+~}2{n6}PgnnI`R8KiJ4CHq&qA6d(DA5?%-Dpdi zjVj$98;LXKgsF%F%H0*F$ zuTO!DFz=AyTDxq>ZVdS5YoY|P{$Q!N`?BHh7my@q&$eeAZ&8R?(X>^a+RG_6<{`H( zG_4BQ%ZMgsSux$r4Qw|QVQhg>V2BqQ$u5V|!Uk}|S?-b3-rj2cDiN0}@3pf2;7@k; z&cC*Gw$CiJ$MjVRLOJ&RL_3e~JYu|ivc*OZrFV)|v1$+toi0(s7PLh-mirX4Mz=m6 ze_g~4BgDhM{Js3=Y(^k{bvAJR8OvJ zGudQo(u9wKufmjT&ldd0PHy$=?ns<-v&~HVepSEZ#3bAt`&>43+{Uh|aWF9IzC+HN>N`tgpGEbO zF(!>g;ZI6JC7RU)Q56joqh1z2v@+P9->?WVcDhq=&)0&6;(;ldy}xvZj4v_TsTs$V z)N~*lH?f>-)9Fza_gy{Cd$MiU>7=Mttm9-^z|;P9OR-v9-?C_@|usODy40H3dL#VPit}~ z#D%-sB^y^7M4X0YR_)bN4Ek`lZB+vzI1^@+-)XxD@1;vAP)VLUIgvy9Owuzq&+JAp zQ}A2M4^Uzi{&^@f#uweIVv@Zw(NsCYCrNpzTU=iv<@s(>W!Sr}>fR!IQ{RQd+P8f) za8*>yot+-vmS;R~4#jg86w?;Xp7drIsht;pU)8Y|dz;_ymX2C8kziNGcWT?5)(9nx zB-%3+X=sZnd|BiBIJT3Gai zkVFMIAj0U_VdZx+q`FD%dtZe^7-3lvCsDZMg(8N%=8T=jiHh}erz5{||2To3%%A2I zNy_IP;*gJmL!XEG(2}{Q>1L=_)>I@8oEyx$uR+Y#W&4y)S2?z0)tsa10=8v7Ah8bJ zj`}v+B(}kN=s04_HG$0{OI8^tzjF7y^Y^XTeU&nKlDTc!P1t*71VyOyuEkJEgrrqB zTycTh&@+iwL!?|oAzJ7%5oc=P{U3?vE)kmFb}kP83LRIT6TSX?*s_`TO=>rt?C?jM z@4bj&_TYzoC}cX96PIP3$90y3*UMX>H_Xc-S1-Pe??@RqPr?$te!YCFy|sa|0xdg-KwriKL^u&!4RC1sI;c}uo47Eu)#K8o!!~hmPVPd5=oslW zJA>=2>zu_N5mML(GL6jNSQ=exhFEnPYZC~_ISom4iAu?=+NM(c)Kx|cS7ys%nrx*_ zZB2QoUiWdnPHw#x6re)U70_*T#`46g`3DD*6~zMlO-a zY22d*VQ}Vyaj@G~5`F04{Od+?U)dk@Q_ZhJZ7a}@jfdhsw{`sU zZ|TN}=B9I@EEPN2blNA{L2oZ@D5QxIV~S?ou-MajbD7il_Ql#dJ+bf3ll3Xrm2{O zXIy?xfFphP5vn7YitF57hyh?9fP4Kh5<0GU<=Q>dJBue?pJM4dhgMv`+O#)P)k7Ds z!PDNpJ0dWtK&^=v569*6J3n+VDc#$4uuC_doSYn=Y;|{M&>#{jZD;bJr)P37zhn;v z210HMN7wl6)*1};6ZZ1iXK5RLo%2(b&S(#Fv-@Z!-wa(5x$){*#H9ZhTC8-^7uc$; zs_Tjc(qYiM=(I#<<#~uX}GxIx~6z2i5_f`KOr~*=ZL)#CSu?( z`a^teK11i!<9o&zlM5XEFA#Tr-ZGSxalakAvG)N= zo!9l$b7Ig#3C+Ro9&gVjgKKa4_zeVq2!;uG4=D3IPL#fN6L@jvWd>1F?<`vIW_t^A zf{ONlT@10EXZD&0Er^J(mzeKkhFhXwcY{2|q;21AD8<{VZ3aeu{qpcTze}{d{XkhG zRX#bJG znwPVWtdLCbODOp@fq;+DdRAJ)x(Ylxp z+_id_+l|h?akES^jT6uoSb1;BVk^2}K0)3f?K^cSbi!Kjj{0QUT&D=rw0tTb`zcCZ z&dUzvyU14GamzVqTc$1isDV(nh7=NA?!i`UjZf*u0Ve!5oowlDz?u7JO`3QuZBgZO zz8{hz)8tursOpuyvy0}<0;DQZr~0bD#|mbCe)z!uT-pS=070rw#g!^bkL#^WCYK)^ zt$H7y$2$0byAAw(e)I1{T9{}tKi2td_Yho&j!rr}h4H{XY2f|#X_>VF7}_CwerVN{ zLjFBE>xDj(lXz!<0)aV1j*Sc6WI2i~>s#0V>FFDIjx_(x(`Pa9GCe@($kSKRLl%DI z=?guRSu-)l_m*~2dRMj*``nvvBQNqxywOHgCRsc~X4*kft^b?useS+U)Gzvxib9~{ zbi{~2sbuYO4q8VS9S%BLnT9X~Vb9Nrsq6nsH} zHpO4TPZr`jXNf>R#E+QT3ZrG>iEMrI@>74IxZbS`PUoU&1W%u|!(C$kl(itfvc>zVc3XkT+b z-tM`?mN-KO;q#&)-NQg=-Ah4{sMn@^qyOZ|K%c z3YeauWr|OMn+ zim^lA6_bG`AUVF*!{!x==j!YF#o+QzIpL*6PjzEYwbtLm*?r+mckeUS1k_)@2!6lr zw0>|DmhzubVoA@t3m*(b%-#)rVY{LH*q#>*+mhpJ)D!uPOpKsTHyn<+Cwl*h{(9;3 zI?uN}lPIUTyP^aBg-`H8sZEj5qbjU)H9HnbRX^NlBy5Tfm)Wt{=OA4pE4%g*2yV&o? zVeMYl3fy%{))b*)cDS$ewxnzG-asft?`z+yPi-?Zk*@vI;`gx1vLE>qvJ1LK4P=9Y zf~JEkyfAIpClyKKgLde7nk>ySiRh=}BBSH2Q(a*6(;-B60bG;j@e? z>{xzDO+-F8t z{-#-S=MquU-raWI(UIYU>X>n_W&6Cl`9Y^KKIC<&0u>oG*WKcnS7nis>athk0CfAp z?41S~jLt}7K$Z%J>JxfbFJCbN)q7Z`h{Jmny^!bG>LN1p~U}Y-xLZ|CTT5Z}%XbLflBvcm(t- zxMbfV(uG+1V$=Y|+*+EY^s3i+fo8lg05|vXuHZZqSY%9SatK4P9e;FrtrSEp*=PMO>psMlUY~jly zVT|w4Be;;r0&GHhKCwpdE>C;ysfzTf>TBBRofPRQ>?e)mzUZ8y0HjE}GW!5M zuCk2Xu*>2mhAn*?%E*UIAp*Bx`4NPuGPKD116b6EhREgSDm~UHciZ?5?XdU33Vj}{ z%f+I0a^?dTWoqqFp;FQMXNJuJo<1z`wDR?|#W`p(S<>&i{-bpVCKIb;W9--%{r`nA z{+}@Jjuz$!{&N1aMY@0MW%-ANn%hi@7-$dJa4x6Z2>XdU9|C>^@o%`s;@#|B2=9zZZIZ z|F0|JSSSDc>*RmQ%ktkS6hDj|Ly)1bYm4tb7A*N8fCm-|kf>-dKsg+`DT>6{1~$JC zgH2Vd7b|XG; z&NuFFL-%%#aNaFgI`Kg3sFBu*k?=A9;&yQ1n#>oB`ds>i2WH2i=vwGJ zHEI@fz;k#A&bnA_Rhe#B?KyPSakXPkHh?QtNN_@ia0Ufg#shccn-N>!2YSgz_p5o? zNuFwJik438YxNS`U8EEUY0JiWYNPMS?opTL`G>+IyZzQmn@0Xj{9~JV0Ig|un71W^ z_`rdjhCVJao)DTi6Ygl+zP9-9JQX@e6Uw`cU#b4V^u zE>5jfeEzuDpH*nzj@nqz9>UBKP zJf2n`I}!f1ALrOkKDLvO?c`%S`PfeW-_K6&CcSOE3w?|SIQq*_;ZOZzGNjb|HsrTu zXT6!;=C1ba(7K*z$B+C6E0&UhJm?+knb+K;I8}@4S1;bCz1L#8bnhs@>i9g?!Eqb- zkJ|u#^j8!cxJ3aiJGyV9`2&nt=7w^nhjNjb)yP%3j1y5W+gyi&^ovQ;shqM4TxOP{ zh-j=H+B5~RL%ot1-9l#Mzzs|>@~8mK@`{Z8we`Tk1y#d|kyGy6#rN_$-JR|+R?%rX zaR#*NAIh&J!)?*Yi$)V6Eh4*l-lkj4YBW|PrXRHiAGK_qCs#gId%y9~^?Q<}p2;vB zxZg8Q#BDX@lrR=qHO^sU={Lr9`c}-Af^}yBn$I^Ci_B9^Buh*_Ja{D@TmE%g%4m|O z*;*_n0WQDbOO0{*RN`&_&PKUN9!LMq@Y{g76@8I4bV{I1Tcc%;xK}Q<^~R6)Nr@*I z(4#psSC&hs-LLm1NLGx>h+U8-$$2sDuTqnvY93eB&Lv6Y*VR>vgnZ|%K}*kBRwth_ zN6kEB7kYm)bluUyR42$@gIj}5cB^`wGfxW@v!D}+2izNJ@++?uOoTeMiGZ=K6Q^@O z2xQokQJ>1qqH-=*jtAOb zjqF^iW*7roadH%si8@zNyvJTuLBQ_%lda8tp=*&kcB;a&<2#50GB6O3=%pKClkzr> z6c1!^j1+xdn~>Ia{o`TI+Cd|h2(d|Mk;znZv-?o31P^HNU~WDLM_Ph0b4fV$3xnB- z_R?y7g?QkT4j$k=#p5~*#v=0Lf%^;<%Q=sz`pUn7UuV;U+p&@B{6V)!N$4v?`WJDN z-EbH#61q3Rmr@=QAt#c1s7Q@Zy%bBD66Dl2x<2u`u5q6n{HAQu7fWPzk@(-{ zC|!~r`6nAme{x_QXwpscZ;KZ|@c0)SLVr+wn5V_nboEbR|01V*zs_+f#~S;+sUNqo zpZ&t|`*PgF9QT%g40C@SK99$j;}Q9%k#lTa{O@Ux2~#51^)Fk8$r76D_VOBjriFpl z<~vWEMmeGhv3=4&xejRjcbc&2KQLzhM@(jt{mL66mNkdL*hl;D2kf1Y61B=;JcA9{(ei^?y6RIWFZtJ0m>S*s;d`pY}TZf2fW9!{Oj)1F*0?!(}fj zg07P|Dmq(dHTZ!Ssa@t+<`%bkTM-?D6&wj2vto487Nk z!I{bYz-i^+I3;$$F9Ncf@xYmk5O4#y(QYQoRp=Ny3=08+@qwg$o(zQdRp>T76hi^~ z8V&{b!A?Ka16@kgG8mul2L5@Xk67^A>}5Z22binihA;FG!{~q5n z4?QFL(=4w|O`#Jh(VxB)eV3V(O=!4FEe-y83}l1+3W8gOPDRt#cbD6+OT)8ZJbJ3ss6x`M^K&cT)8a5vVSh`(Y0oVP zj=X6d{BDLs%5WB)a$lJ+ViMU$*l4thIwACN#XjJ|TMr%zk6D?_21}^N{8Z3IJ6nBv zn}v|Z&dLK~CKEe?b?{gH-#m}D@pOay`A5va4++&|v3EYR@DL*ANo%^kJ)_#7smu0o zTip8?#JyII1UJNI^m-hIQMP=82|>FQfSZE5G{ofCTED-M_boW%wd6Olfy;KX1-{!i zD%Gu?`;FTZe5Mg;Rugculg1*|ggu}<4cu;fYJ8}e*qj7-(EPfpMqQ-mwJKHXUU8yC zreq}=n{=mW3D$ln4NeYo23?c~Zt_XnauA&N^;N1@`766~HVI{uidH#Z8__1u#*1v+ zw^}~DBeQt9JT$%>Y8eT2QPtP&w~|fbK_fNa)z!YOe`17+&Ykc{@EWW^h)Y2(=Bh%olery{U3f)9<|S)H`mR(tzLfo-kKPQ)kK32F~RZ zGT5vJVQ@!u(iZO%i_HymsM@XuBGk_2!lt_`r}MC{Q!jt8vC5+kYhJ$@1^QLfLPW!M%l_Q~kCsT1cva2a?Q-z7_bKdIRpN!hiIAq2e?xPQwq; z1p4&(t%p1Brsw)oA?wnZD2t4L3DEh{}5Sx~t5 zME#>zFR375Wnt>#ipEgkIS-NGg@MC0SAE&{mr|mX`n|VJ4REeUl6}oQT1EN!O|ex7 zVw0g1+zDXzfUM}k$2zcQewc)<0{dyLOCcm4ATlqw2a?ik9Q^G311q>*;h4KF9tbKa zcB~>@c6R9jd`&LNOq*RC5wkedt&2PuM_U!Wu*!jIpVPp6!~V-pwJic`+fqqhkR++D z*N5y04QP67X7>q;>p9=c>;^~$sHiylk9R@;Z|s6j_&<@iY^P+Oqz4ZWfK4FE!@{l- zT;v*WoP!?Fy-HkWF972PZkkxlPI4ISB6kHRy&Egwjmm4!Ji>E6t~7q^#WtW@_47TH zB2wK?XT7@8?CQxvl{%$cdj2slb#IGMC$InYjAA`o5g#L|@(^*8OKY;+Q1gl;aC*pbx_Z#j#e!b1s!~~4==D1E@<0$m`A~RwVsCAL?dqXQfy6_;9i1`55$^Y2 zv$QG$Z9H~m+_K{|rGonQiTgl<>`2x?b8ze2O-dvVlst=KIY0eF+}*#r5Ip}c_TD?L zscu~tMFl|-kS;|c(z_r{DN&IwBE5rB1*CTfM3LSiNRh4-5ot=58tENGdZ-B?(i2Ju zq@2Im>RxxbgX07PQ^Pz;`Op z7M%!+qvJ>!8I1VnXLgsJW0@BU=G~KxFy7b-hV6T!Oa2RmDI$dc{Ocv=fPcFGMt{Jk zzPhbnWM#AY*YhXWoru%l7sSGvl=A9l^K7s`tcH*~D}Kba^(pK|!^7r6Kzgi#$iomz z6fG)mO_u_z3~XpzS^4iOzrk27RJ6^q8ORB_e3m`DNUYyQ1f6fI9zUYKYTmPCFfM+* zxu!XmKRnP<(Yt5GyGbgA&6G3z_O!U1X!r8kVBGtaaihWpr0c zTpx*3TR$uT*d4L`kDP3&T>ymg0T9y-en@YgmI0t(ZV?dP4e+AIO?(Wwc2TfAm&f`W z;V#oOJ8hwJsj7#_T@l2?*X2Hf6oqzdk1NlRm#*3yzNq+zp!(Z8b6Qa4&n!P;UfKs2 zmipF=L3 zRua!RIyznx{=mkYbLI}?m|^XX_QNUBf{DZU4-)0O=YLj;6`9#4`y`aT6Yk{UWN-d& ztN4FQ_5Xi0&OGSCbqoD4IV{V#3`HY6fK{n;tCV;W=g9L(-Ls3t{5`aQj%UZ(Hb_Bn z^rq)*4ckKVd&!Yt+e*U{rkvL%Gcgkh*_zwhs(RyfN^+*PIx2vW#!fwm$U~^6^CL9m zeSx+$*ACjtCdH(;2Xth7fg)$zzrE;x$1}!$NuP^0Q!KmRThA@D=0tHsh8w26OSNZu zC8TiWvNtV_49n!VY|WXmf;gc|e+(n(p9Zh8f(hq-k=V zW;8oBC$D7cS{ld|MeRJ^sK4mj%5&{2Gqn{OanG?rXcBU_N&b#L@APjN@s?-1{;2TV zZ@MU0+3?kx8On*9yN7-jaDBM0_1@xFOQr*Io2Q=HScd?&5wGNYJrn&R=k|&0F_*rQ zhXyGT0l}PU%%@kO_=`{3t+t%A^1E}nzGM7%8}g>)i#fiEq`H3VycRCM%8r31f~o^x zVRS!Vc6aQKcPU?;k2}UHq`f_$q8h(Hi%1%-GrKx1PhKia7afU$)X?ioml{o3SZUgf z)h2JD+7?c?NJMLagw2G9JDvQ zw#Ij5cf>#LXzw?2T*ry6%o6ClO8Lue>%-UF^%=>Y++L@kR;IcJYw?*zv_w^R+6tkB z)LK~s`>nt{T8F}VrNS~sMY;JO0I1U#12n}wbLt0_@CBfn8HSRy49ADsd@wozs=fZx z5aFQLW?!KKDA)drY=a)`4RqII()+z<58nfK0f{|q|5sw@U&^>p{!9DG-#WX6vKJ`E zw|#<NqJxX#`%YEGKrO2YHQyn+`ta#$b5JgbSj^qJ_4A_OyZU3G28j^R>zC=wKjLK` z{{&+;>spP(y6OReUGxOFRLVcF<*w${zTgvzcHlICW=wQ79>-;7DcchPoVYr#2vm~t z93{#lCaVy;0|$?Yxh*yxc9$|3VzwQG*wfu!Em`#QJobrD747{*K4~)tBI$H?FCAY3 zDzYV3gvwcCK}_fwOL1NqrKL)ZMZT3@y47CU4|Qd` zWY=Bt^)v?O?+4o6!)b+0vd9IsX=HC_2fPWuz=7KNkUA{0FKW|p(D}oo5@EM~g~p!X zZcXo5Rg0D5*VFc6qfrr(N1R)R23lff_w>H&C@l0ZA&<=uY80W%tgt%W*d;2+t(8!B z=_C?~EoFW1ihBA~kQm~QJoS$&4Lh9T+q4uR6p(&AC$#@dpgIW!J@sm;dcV~-B6KfZ zxmDO@%pgU(U(Rk~;N!sii;0@e4ObdAzu%&x2s{SnoL)M8T9Ngm%11NaQTP4(Z05J@ zz*4v6O;qOH^2Klry%25>NittGa>298C}d?VQ6Zo`7Zv(5IozAk6yey0SlXSs@IveNyH!Yw@Ab zQROrc5LPI-S`TR!NU0!YY z>q=P^r9?TVn9&Wy#IVgDD;O@HeMrXZceJ11=@GRkh&hfE1I$gg2Kr6O#6?c@ibKVr zw*R&A6rpo|bDo+!f}R?em~Bt18$ZtkOS2bW@X>+jK;*WY=gMYVYfVCywwL2PwZjIK6p ztE6cR9Gm*-7n#G7WsBM(;s$u~US&c%XNyA+edIZpb+JbXta`19>&d-^+SZDdb7b^vZX;J~V!i z$-PL2qYOe1qH4qVab6$9^Ox~kPC6#{vz&{?WP9mb6kc8u*?w%*ATe?VF{cKU_Mn3` zfjf7C=i0MmVNevDaY22ZMncohqw7XEj`lL*wAfm}w``?nosxdI@;~Ocs^(#xDXvd= zPMwqIYGaPeT^VJ77)`f`pw&CFM4O@_N}bELPCv~hcA-SO^zVJ#yhGlm^}6;DmQ@zgvz5~AZkhp>4#VUo$+H>iexl;f_iBD{Lp#FIP;Y)ve! zUEt|P9KVp>qjqVUYAjk1tEeb`evo%?aYyuxA-^=taU)9LNuz0RS>~^ zM!&04$Hw{h8?QNE9Q0srNDI{GUySK~S*C2t*tbq*Hx_mtF$dqF#w1}14HQj`lX)W` z11ZwQ6CgFgA|izxRRtu{KiIksv!w+*H&zP0d5U9uzDg>FPH{_jAj)s|%c>(Ub|})k zRk%rkC_lpySGwX0LnKl8?I`N$*9UrpJ7SXuuwX z3JItilu2uz9gVuEqIEC2{qYT-@X$^3xVot|7f2$ex%<@S`7bgT8}h(1Q_Z#dYBX_r zx1vyLRJyw2P*0WplEZ59BrETwJPkIPpTW92s%HZm9-@0;5RM9*l1%CS+o6j^k#@;5 zkv5WMJc3eRCH3(aI6g_K-&&b-wWyi{AzQo)v>AQ|NWHzryucK&o1irL{Bg)-8eROe zk0qT-7kBP3s-P@XIA89GKW-GDoPTjbr`4>w-(49#Z5#>%N(M^)R#|8Mdi}4N1GC_1 z!b`_rWWW~rd9O}H!W=M*pDm$5L@Fb7-%Aq(al&_SVLwQNTEqs4BPFfC9XByWhH+iR zAqM%C#I(#z*cro1DXwq)rlHS9*&m0NJOI$-U?p5yYAZwU)R!A-`VE`h_E3EV+(`|K zU#i>03A%W1_}|2ZA>6byuEg5cM8+#>+%T+Z8}gtqOzgV)7W4qeh|0BDh9)@>GfCIA zo5mKkVN{!yvb}yDH)~GF4{3)io+|M!aA`=cAI7~(ROFR3HG$kK=8#xRYDn3W=(ozJ zxS;i(KM-=Sj#A$QIxHr}iU4PStHa;5++shDhcM&C2nzWmdc2s+%=~7`Y*ogp^JPk- zNZDm_kxQADiCx!U*TpCml7Jr8WE`EnDps_<`GW`}33 z7Z{YZ3~%_kpoCXa{8Qq7ASA2ns_OPajub&y2Mk?Yiv((ql{Bg>(-x|~(s5oP_xirR zxu$e~{f@CfwP-Rkn?gV;rAvh|F#+gnJdH9TCYiwdjGfwB?}50&rj{5;*PeQdjl{p- z@Oqn+Hsy!PMu@Np`DYtosFD*{7(m(I69Mmuq~P_792}WpL#vHF>V#+ByJ_U z^#ql>!e*owimEjyfp~TR#ob1QzbRn(n`r^uOLRmk6IILIMu3F^Udy1<%aw7l5Wx?T zK20D(`0_8Z7r-7=YZ6}nBVeV+nQBZ`Wr3dw*+*l&F(F;uS1NOgUcRh5qIP(4ckv!y?&p0DT}-TJ}yZZUe?ee(Nu?2d!nZ5muJB%Z>uQ5#9}W6~usrX3w5>^Q@VV zOo3u%zd_{&KFG&f628lF>{<})T3oreTT z8}DU^?`xGinO%LUn4saPH=xgX8t4WD;b44{uXYF z#At)lfT939q@xcHnt}hYA$8y>vw_c_@&a;emYgz3lc3MNgzV@D=&ryovJ#GuH=Xz* zs~&plrIhN_x4y6FDQw2Vve707V^OBByT(c{G_YPM%IA;OqSke+z%>WC0G5If8ou%{ zA9K!d62e!$@fv5>-6WbIA+0@4Cy|_=5@;zLTk!a<=9t}g|NMbl+^@M~Oq*}(h!u7k(9v!A}ZrweHBNUVjqehdw+n0DG( zQU1*I@zK;=Z_|D#`^MNdzRIhL1(%D->-=h7{~Afd_#nHBBtEsK=TumWn-XNIl{Gkbo3&$WBwqlotV4|pHUpi_c$P}&q^MI0(96M zILNvi9k9F&rL$|n$i-ICwyq=w#`@(tT5B`DT)q2Bu{jV;Mn*G3{`~C6W1zCRI(e>T zFnqro96z$P9aI(XFj)!SxnPSZ35TLy+t8)uBlb6%f98J~Q)OPx>;E&+_GgrAFiU2# z4kIu|lQc_U@a-^wCppae4p%8V=p|j~1X^>A_by?!1komk0h*-bpWkYeoKDNv`F6Nfac_rSMWNG;QDgI?#-*W;cgXi2 ziY)6!Eh-Q{DT@ahFLl|RhX^c#qq(Rj?6cgYU95dGq}29hPtp|}B-fUFAm8}0gWgoO zs$w&sCj>s+$}%`1pJo~r9l6W8;Q)1PVNG4jV(syAiVeqt0K~EKoCEjIT|f|M`e6M?iiV{!1=s;$|Z!(Yj$AC zEl{~0m~HrK@O&j6yPG)U;rLkF{`J>#q6MlXQdugj(^?AC@Ur&ZJ2P!$t|LN6%vi=k zAwDqIJ`wWv^7}CRYeIrw)AY4qR>b5!aE*Frj?XVL1`+6%<_3qUQ}b4`OU=)w2=+^u zITvs9p>%_x=EAtOS24NMl)_cvYP9Mugv2RjR>(s%XeSzN(FJBzbceX2=;*DMc75wv z>gykwbw|XJ>oW;S)m;7Db93YZA8cDD3`!aU#BTt+riuu0wK)|ReiS_OfJj!APP!E~ zX-$u#Ua_J3-ALVth{A;r?C&bXU*q))@$(QSkKWT1>w0Hp6&fxy^(mh=7ay}zO{-)V* zXo+^Y`Dgqy&&uVv7e-Si?M9E-0+8D0ud(^=&875A_cVc`+IS#x7@HTqqYR_W^%-Sb z#w0_1&0A*_C%Et1@wy}SnaEkrc&jVmJYbZQWdUzHc(Gd2ZhZ; zx%Nj^=Ds%*?hk=_&YWSM~15P6J5rz`041F^#$ z8&e=8WMDCU;2l%Mi zBl=lLD6tsAhgY1(Y2eyMg31;3LS)Jo?|9eiedUq3`PMjyjKN+wA;%=nlC;R8%r)s- zO1ch_#6VvXL@I_}&2F96eM(a7ld2Fk?WkOO6PY~cXex9TX!LZ*YCe^Szj7D#X6RsH z>F2#8@$=^QHr{(Ml+kKKuke&!Z_5Sr@{75<;O*R%TaKy$4X-s)uB&O?ny7e`{L{ag z?w$06aqJ7Arz85&Qrx06I=@rn5JctNv`|rpH?syYZ)DI=RMZ3wQPgPD)3g~qQsW>8 z66B^xyn*>B-R(Mz?jsC1ybek+?1a4PNQIp2ld>uu=d+V~OqU_RrnJ=ub-Q4njb#~g zOp9-M73iD^)9;b*7ua;&vPrrRnk__~;e5I5254`c?_p}Rp(G$n^v4+9HFH*lv4Dpe4y<47080u@#xp3L=p{-xNHjXTdtAz zJQ;NjaQ0?)7ZWeMIL!1yTj<2h%#?x6l#BMxfz3=@$EYqby@fp8OZ1+r&@M0HhP9dd zdndb1O>oB5vVQ234~4ZDlimv1+57(W@XK`+QGCeD7aT3m%&k2FpV2Z7ICsbnwAlUn zM*{zU^xq=g(5LXrf!Q5!3PrQ3K&2v>QC*Dz(`RUTlw7)WmJ!dpIF;xPM{RT$qQ20X6Vbgool>`IGA`(x9O3T?l}0xtO{SgdzL@Jx7!DLz9nF#tQCwZ z=>UT^<5AR0y~pMf#2LMPx*m=CQj^!? z;|hJ^e|FyD!FkViO$yV{sjHrM$-*hq!@610rp4JV)Pit2cM3w2b5b_bM3k)t9I>&9H~ zVq&iUi>#niz}M_-f9nf!U$R&CUWdEZp+UV%G!Qkkbt}q-c4i^bqSJF;_8k&m@oA}B zk!t9=NQxx)y$`*(7v$&3>24FFcMeV4&N$aN$6smAJ0;dJJa?C)zA5a%lM_R3I{M7N z(x>zDtVP)TB2RQ@`~3he7BiWMcn;-n=JVmpUM(=el%PS7br6Ovj1qymk-Aa)^ZiLB zao6~D)2xthUB&w!hmv1Lom3ca$9}93w~z?Plr2B@-wHjNIb}s20~R734ycD~OE8X- z`!xQ2aX;jZqk~fe%LCM%F0W$)Pwe&2Byx!Fn6g43^wHE|_J!Jh>ABJBVK>Ei9%Ql= z@4$1}dQ&<-8MJH_iW(jX7>Vt8#TiIO1Btt~;hWgOfu?Ikax0Tl$*kSoUXCIHJ|5o; zo|WreyfIdO)$NcN^3{LZ+%9x7)aD^!FqP91R7s) z3UsYb%c(s$9WY!o!hbd{B}oK@c>$g1lCc>b(0D9}WgT<#=c(`16c^Vd@Atx%6jk5W zl$ds8y7#SuttiBK6{da`VsVyL9jr7WGIx3d^&R6XOqRJg%gUu6fZ`Vy<;n!aIaqS6lEv6@$h!`Y(T7|=~{ur}QqF3UXQ{M*!i3O2` z<;Ec4vm=33d1c|9lf!K#(f%*9;-CsP>y10(-P6VCp)PGTdfu*UA&`3c81S>FeiF5= zS(Ke{CYLb!+5pC_Z*#BNd)c_xsF+HP+6AP}7Vc3f0v?K)WAkyDTm#g4Ozp{(jxxSG zgZ0zHSyk7dEHnC%ZDtB8#g(gD8}NunPhSy)(W$r3_7Zc6@wQK9&a;^_^X7OpzDXet zGUoZ%@R0h0^P^fM-b3uC++-!94|Dx@Hzjz_hIh<5`pw)7S1ex1v2Crwnk|1${Zwmd z?rG5gg;rpLea8n?27vabNfOis^hTO80@cRH!4`g7Rhjdnc+1}M%>bb54mIH%3dFwA zWDjHRDY2usupQf9)VsjHOC`+VdgB�^C#)qT4KT)?)zHVVwtMQ8O zbp9l{tmn>r#o;56WJxxIRKNJ3 zSB>cMYORXsh5jpizsNq{nJ54=y7{?&sd7hQ9u%NLyy`EMoOGr1yd`6vvGr%0;>C;!3S^mHk)rv__Lv#l&+w%1##774TdHQ_M(( zTL7}v=FYTVyzAa&8^tVQ*RV`|9!1MDu_9-wucbCkRBW%j`l|wQX?XPw<%<{>f)ctU z`UuPs`0fegyz}Y3J(kZocB7u0g_j4sK1J$N)2EG|!P8z2W5>OvUA!?-^NTD@%(b)a zLP>8X!3U!SJcG&ThPmvnY01rAYrJO5CH^-(to@v-xj4!%%4yRHU!RElkpEZ{u2Byf%N%xS!ZRE5lTT^6Kysc^o4?==_cg~^0K7R<*+S8g)ltd+p zDbD4Bj9`QL11rbLd2)jDjRU2toR7mj2?2NwGh9GVh7Fw}Bht#L2SLhoZsy=%0R{=j)pCQI`^W zx|WbJ$D70O^-}O;K0SmV2VdTcQ|85`q3JBgc1L5lgk*B5jYkv@$t&4zt)@E+cB!GH zRD*tzJsOx2!jIKNe*Xda7*O+2(|T&stw|>rZaHKPLI&v9K+3Yyr<>xxACD0b>J1QX z-1IwwMYLgURL8-+Y3W;C?0K*cAGFK-J(^}VAH7o3(7$r|&T_s})f?sWkSEQUl6Z*r zGL$pWoQ^thOU<-oqOd`5BjAFe(d$6Iq;Gv>qAPYnCbzzxhP6TEI)$&4-c?C^`W-Gc zX}xizTavu9_6Ft_ZQ%VQxC}9;TvliW8Orq`-33gOui!&&D`uajbwW5mI6Q~`yw@ar z;D9b11H8A)nfJYcI2jp2=ky^);80>#`IoR!_ zp+hctlO$aYxL@Kb2}(@+l8w{;x*boVRx{Vh(7<3daMX?ERhq6P&;vK!R!QUp)FnHVd?@){X|a;_b)d z@WWt}FelQw2|?@4a^>jzr1F|zInx7jsY}5(Vv8A6il{H5%ee%?IT%JEJ-285L8CYpS0 z5>G3zb~g8{emt#b$&q2UgUW1A7H2*)_^M=Z+3wo$D6#ekL?4Jpf+E}a0|iVP^V?Ym z8C}>RA@@XUINPP?&e-Zd=)B&Xrg@LTsyi{vj~&;dMtA0UmCn7K6ES7ir8NGu@s>h3}iUU8PV`h=etJ z&%Tw_1DgbI9w^?uoUX0AT_vvlIc9E1GNuBcBg+y zt*CA=Djg2%pR%EAp~Gb9o(%-zTwC%{6zQLRoQsz%2Euw>+>mLGwB(p*TITxCvHMht zdU!imAa$Vx1CFf?z1i7RWJAx>T8B5T;w^ucYb-xVq2fC@WMLSF3wfxTgrA-6rCbuaFK8WX2;JjvPLX@L^7xR@7rP0@6Q{a715)emS^#y#G#eQ^S zM$>5YiFtWZ(T0$8(N35{;Ln}GwVL3(P{;%4)$w92NiQQy122;XahON^Xvovhd<^UI z=r#=Pqw$U4w9+bdv;zNZT5)KhP?pKp*4Uv~lQ>P)Ie6&|aodY#hC4IWYA0^6Hy74$761Ndkh|LVU)Uonk zWRLeiftg_(Kh0%piWXhyunIKKM!jDRdajCw+2s1jvdtvs`F*iOd%dC?$%@`aR+)x< z^9NSPvGu;|+&gUO{r5)OZ0sK3!M?$m1I3wjN|?bJVzFAwMsJ>^X9mWJ&0O1A%%UMIIzRC=(p)m9 z(Sc8fAU_}%zwj&#@26zZZ7#5V7hTw0h=j%~DpUf&n91QBM6;4F^c~*|>Q5BQ-rS7z z9A3MlMmKN))dDs{gI=_O!p7S!esAN%#m#jEUma;ISWppb9WrryHXIy>-S5AE7%2`o z_uRjF{gvkNRb6a6&;Xm-D3lJHgtJ9hHO0xAxp*DK+^mIe?=!dCMkaL~J=qaXS8a0~m=;n}wnD4sPX(}P@mNQ6 zewPzQq9=jgIja>y8?><%(^&Y)G0S`eWz zk^+I&HAb4FUw?78Cx|yy?P`|N@{qM*%B|Gi>lqHb;YDZC+lkFr=T_DRKJ)UYJ!WG3 z=4ST-m*V<;TN8}drMbhH+w}3p4v?iFUnbg?_>7D0OniyC&d8(q_^>_E^Z^ACU&l9y z+Rvut?(Dt=sdl&cGg<>%_u5)vBTa$@@CRV<@Ay#gL-=wIcuV;j;Nf5e)NjJx$SAjIDI575@l-dy|Se2~&=HFr{gy^))RqlX(egDrDMEjE? z$<_E_G~jvq0$zrm(pR`3po}-whw|&efMX*bzRUL8v0;Ad{;5R=nM>JYPO~1RsO!Y_ zu6UFFB!Fe#UgQIJw6KcMr8CClm+xE)7x@ZBCINj%Pnn?mC4fb~ZxlS?`a~ci2}CcX z+M^$=szn$ODKB*OKG_ZObGCgKmljN)kXp!Gp5r#Kda7mumrL)x0k8HAmqhZcB;F?| zu*0x0!u2JGc(wxwk`8g~ad~guaTKz9QnoF8@|tvI1q<7)~jxVoT^iRqSjH106y4H>pGC>Qw!=D;KL82O~OAp3_+A$5p?`ba}C} zt~3lk(__GPuoF2tz#}yezkGs~<$a^nVu9oOQQb4qX_v%qGX(btg$}e^11R940#c5^ zzl8n_MX~{@YZ1}I2c&5L`sSRp8Se=Uk19J3;~PhUs*DRh6~>flkp^_E%w`c=HT$w< z_j0vEG)mlzCb#iG?5b&2O{o%NcW7v*f}8IjahI0?=kEV=P69>xu|6JFD=yw z#43uEFS!8zhM*v%!c{dD(I$&_Y_`3>V(Li;Qk}Yy?fI1@8=EmBwlCZKua$jp&UhsR zPOjUVa2FE=4_cvPYI=i&w-~U`6$+`*_t?K$EfqM#+Dsyx>$KvIFM*kJg$q94$Z zJl0yc5fjzwz?Rh2PZhp6%^h{m{aM<4_nnI$P3ynUaOd5?ok87d@%sR|hqGEy$fw$5 zA9y=aK^hTv+r3Km2(SHtk`tNMW~(8RBC@e5h)rqjOalqwc(6__=&G(AIn?`#6_M5u z!-goYQ0$;b)~0ho%H@86oCg}oP0u53cF|uivyMZk(IuqIRUjaO2ZYFf2CPq0AU|GW zmQYoFqU^-w^oHaZaD;f%8@32nr7g-^E`VLfwW6W-aSerY<_q)M#hVEGf)(vawGd0pSegT~wJ2Z$@FxAFub;Ad@!)NI%P+E9;;hizA2e?c z4q#$64ONODjy6VU#|pY4KMGn0tyb!5{NZfV8A3_$r4Sf%11Wx!%G#89?;EQZ!Pg+r|O4 z*4W{72XHk~A880Lr~3vZH+m4-wwHnXPVm496%bs|^Xyg&;~Tf@b8iF1>uM!WUYiY2 zEj;Iv8d$zmd2|w9?_JRPK5j3`DK636Z$&}tf?%t(w!`{C>uHYnAbP*#wiK*ccFufr zX>EV*-3pf|PNtZkjdOKgmWY#!wrHsXLeIQBsH$@;doISujQf5}G9+xJtML-vUZxx| zU)m1Aoa<`3Z+#g9>TV|LcKTOeaH|ln#YlhXyP~Gp+bFPV+!Ji~{H-tkd)!8c6K-3o zj&0U@YazZS)M$L|#B{xD^^2lPtLXw_uFh|EcI%+=fNuNqGKdu-j@AK!A6l&5S~#c7 zY%*%nmbfbFzpvmd_qs{ppKNtD@~o=O!Zw-x4Nlrjyf8!qJyKY{5GaD$S$yeM;lj9i z)52oo;s9@E>{{Y-zh30Xd9QCKbE!sc*Shh+bx8Y7SH6Lw+?L|uEuv{!3NkeDwp8<@ z*@gFQUZ0Ur>M%Bf7W!dLz=yzTlY}{o9!Wl|c}}jsGwO=Oi23rT!Z0 zg$eE{j$!wCd?`o#-80QoGO5tAjjVScoz2}FODun$c9)yf%Oy+8u^hY&Tuba>GkbWK z+{Do)*7TW?sEWy23e@MpO7D{eh>X^Sxh%2J&E9O>x(a4Jar-b)1sMPXghxY$XpIg_ znp;`%{sW#H)wM%s$a`k))rv~ z`NF%AMtWb#j7_)Q*$oA>;@t-HJmwP^*7UUo#43X7<~(jb;9_WTRVy}3NwCjo6>1nl z9eHbR46fr?e-^}{M<4$Kz5OZU(8bv555-POx1Wm~M0Ws`BWn*GS)%?la<8`xV9%XT zD+`rN#EL7!ixp4M)C|*v+>d2>QcPYpg%kSvu8)<%VvZK7J0 z4?b%j{{08@%RX_wSIr;A?-xE<=zF9ZxSNk>g*c%Xqa`}4&JzMBYpc$}-y}P)KhP9M zhU;s0WKb(UJLmo^b$?nwLFCXj?$(Sc21-FVk7j*Ay43J>SXSr<`VhP^!mX#?nWf04n=gJoHs${cj-UEWn38CfMNoFs573$H0a@t39jSj@4Dzfj={} z3|jOKvXEWhRrW!&JuisZK4Sw8oLe>_@Pn_mP-3d^9^3io2#ck=#7wNN+)nkxBG=p0P~erE+}*1 z%gR;Sz|)IyOmDa-Fu%yK5OhQD5}lcuOMt=8rrlUi32CL^KInVrX|ghgXkoJ}1?f72 z17&B~3}I*Ev9~bCNixIiHV7V6-Fg>@_NN@RpT|3zTcTpS{C6W<(={!IuJFnle%9{{ zyySB{$uyBQBMLddL@)C~nOm&T<6Y=2kwSI!x`oaYG2@|!4e^|>&+4iV)AWbIid0EEU#$%(Gu|-*y>-3GaWM#uwm|g@n+d&!K4J z(LOykR4sm(>nq)#aq(J>V}}d(estP5In;F*A}*CS`Y127qpdWrCC;ygny7M)K30S; z!#klkLlAX~5_%4=j<>*{pRFLxt%hcg3?<=Ps-&#)L#`|?+@8LQRtMHwsMQB`zJ}O9 z1nhzf(=nAYzsMxE^BwV^ynXQN=8=ryxgU06jPm$G#n5xAtdD_A7$DQ{e`1%?HHh2t z@HrG+WF3eyFpsX*xhcomaDaANpUU1>5jpnNL0E?JT!V~o58+31k@=X_iE{+F9Ec>Rh?qcr%TPkCO{IOT+{@3lo;t(KA{(0CH zoXzsEUFU7Fp<{Dc%=J{4;O?b8adC%aE0s@u90o(SAL+a`MYTbG1+A73LldhgFZ7$$ zE)+8R*Sq)ItosaiuFhyltw&gWuWokl$2R+)nC_2;111{q96lo49)|!72(f~gb1a61 z^K8$N#%>Ois)jN+0#^1oR}_8A;nDe2aO7FcF-*~iSb^Qc=~Px!h7Dpp0BXtUpv~sy zFjOued)mbgcrdWRA}K*h*S*Vxw9WHb;;n+3oje#-B25J^DuI_r+i7@^ zSL+Ky_z0)J$YN#s6HY4|0>9*~^^Z(aBc%%Y%_=vmwBzd5G(z%$QzF!n$l3$tXi>tXhiY%{6o@tEKg8d7 zWi|YC1g+(G!1_eLKlyX@W!l>l`5*ws>xirj<#A;l8@llw-YORF_gK%)b{=xnsQJ4#(;$*ob*$3}fjRdJ8wVX^S1(h8ZUI|b7^EvNIs4)U5E#kW*6n+HQ}4x8vZnT#>K zmp^E%Jc{{vgW2#gnG#v~F!bK{7Tp4yzyQkziwdxQLki*t%TLU}#ZP^!oLp3^Te0I?{a!ubGNP!?ZCT(Mb61_sOV`MqX_*Zb=STb&~{(noRqf^c-#y5dv&q zheK&pgK;^($gW!FluqQO)NL13PL|wcOZKbZ|OYvV=OchJT3LY8pI5B{;+BF7u9wg@$%2$OIq>Cu`poFv%&BV>ju?a?q zshy(iun-vC>nDPSiRNAbNr-*~k-@z`2qY1B6B{^1x(d;3#Hfe2IQuyv-PA~KYWPn5 zxeMGWX343MsT%L@h+fQ>@Vxjoy~lYGOw2vHYS6P!(83v^24QD$QCLZ?qHh-Q*%ky} z=O^Ov@b{XRE|Bdkq=R+GwDCS1JE6@Pt?nj8epW>l&XC<+A}j(M)~~L;6i~Py&=O`0 zur}1dRxxW4Scwf21nhRz=|n~IC$iY%0D3C!+St@Ws=`Y+K5fBkAD<6L_Va&&sN$t@ zS-rjNy-97ffxGMNKDZTy<~<$>8I(;kWjs9ea~ z37L?|nNd!tzckDzP47icv+tuDWak#27PJtI#Vh#>E6f&k567O?YWl0YbI@qh>F5`g zXB=(*dk(SnjEpw zg_mDJ)#G4nK0(aN$W8eeYlc1qSiRn3C@_+}>#9~<#8Ys3BGQK4_8f<7)2ZjN|_ zma#{fF}!p`MG6wfT-xJ5W__$(H*TU`yc>D}Lx(z!`hm_T2#-dvD=vc2@ef`v4F_)V zmzL|YT+|HQNHe-8^_g3cBRPreWH(Nv=0ZeCbTl8>c(I~wr*-M*^I&YZVU==lUaS~{ zRm#usre9>yBoROZv-YynC6ETOOWQj4fP3CvbV^$f&F$P?s>AN~+^k*sHqEW-W}M@4 zcRXvX44j#EJ0)UbrD@_wHxbMTMtTs`CzY>3fxHKxd9t%uHSzT*UN-|9$P-O;%3#@< zlM5Y7Sjnr~1YLwX8vv24?0X$xmO#(Ivd&X@7I$J*Vm3moBU$j?;~cxNS;jM3nvIQO zy@S3c6qbb-3}`O#B6roMOoF|4oI*Ah*Bul`8FlGJ4ITCdj{VJ-Ldq;`RDO;=U#f-1 zDpSc|)9Y_+Epkk1x-MK_!}4gDJV}v5AlXtWAcZ0y$db-*o#xlubmmi9SS~_%aR%?7 z-dJh#Rv1EbY?*p4sxwgI^x=|aZR4=sCwJUdq{Lm`jx4ev}SA0HR%W(UzG;} z)vrbumFnlkyA~l1-DF|rXu9qSlMXQJGm?a>r)=v7)exUhKaK&h;h_eh>y3*%o;iIF z&t8^%PPXwHW7oTcu2tsVvR0A>&*mczc;WU305c^-F!obg9}8L~H$HkKu#5s!;5Kavbgib4+4Qu)Y%W(`E*aPBPbV z%dZbD+u?c|17zPCunYxRDZ94@uBYL|FlF8OSn z);PV3k_Xa_F{dI|985KyC>OlLSNH~mG#^ceLU}ZQm}c6BeObp3%gi~rXFUsxy^FUe zT>oCB8(&NJ65&@BXO*X0S2oA3X-_U4?px2m;x_yxQvd5KU77v5(caOR3>#JyZdPo_ zW)A(3H%=*f`}5b!-B<^h|9yUbLC?7n)LcW#Bx=G$oH5$-ijx49Rlj$0gG4}m#m1^H z%4goqkNMWDfS-MO>!G&6q4+Vj2d7hEBM{$m7wx0dhS8FCcVA6Ezr_2*$m+eT@vF3p zvhKzr&(C>folN&E)yl<%T_aeHDGT9}5VEk&2hta9AW+^XVljKXF98u0e>`8PH5K{L0ZSHr}h9h(@! z;w>Ojr{}=!aXnrFp*#t@M&CTNkJ`%14m^?>zl%BOBj$-K0|vwsryW+?ExgIjo4NSZ zFLPL^Kz?(BvIk_P4zi=_2gIN~2~8B{Y}=8|Fi_f5h z_7%X0t-r{Mftmp#tGe(1J@^U!HBOvyyV)h$^}eo_Ysn#D<>)Pvfv{IA9Td^8omH9)Qc*_)v%dOEgjn-^%~~gJ0p}}Zc6|D-royB{G%WQ@cw6R{q_duCW}6qR%t5ZM%v1WLDKTm zF;%AL|1j_WdjI!Zi~P@?pFig685cXb^zA$E_g)bldPJr`=*S7UGt4en@amtJobC1> zLv7aoR5Zs>8>xC%wN;1ONETraR-XbfPM(DSR9rU^5Ub&U`>-7M5-9gzLu{*>5GHH^V+Y>Xr%ABCjJoC?{D%)1%O-2AxzvS}=IOp_!?oQ^0R zVAEmdb1K8HA_!*zu$ij-Z#JO%hYNS&k1kwcA^s%pgB+)~yDk#7T1%TqTQGwA>DftU zlO2Yt(>_x=tcFYat-@4DwEU(*99jDB!WzKq-!1Nz4Wl(<#HR`Yu?_+!Spd06HE;ck zEZ3jOIB&|Tdmsr+qW=QulG|V;NBq)3Wk;M+d2?hkK<0GFvBKBY2|QjQB)=Iw^|}nt zYJm2|siBSuKLMcWE&&~Bz9@*T-epk-Ow_;sDhQp}y>~MG#IkrjNm1m9H#Wm$v${v? zlVQpos!gdlHT5tT2diG=VWDqn>QB{3G4X#o`3E@i2~L3&4mvsSLAnmZnT7#5{cod5 zce4TduJjZ^^5~l01n8LcIeh*J0Nnq0g{%ZoFeUVx3gF5f2Iw|DfP$lIUpl-DJf%0G z7^YA+s2mEU2T(f7OY^{3#()2b3%6WP;FnJmp(j|7tWW@dqXhqU zzsiL+q)>Pxp#LTQwi3S3zumOnpHGASL;zw3?$Qxn$^o@C)TgEo!nlvve~}&R5Jw5I z(7&y0;eWm3_~PE2@4FRQ_7q-;dm1Yx~!8``2@O@b4;v zzhp9?!v9Z^$rWa}m5zpEA!paH3egDRC`}&nyqDr{?Xf>1<8&W-bm>x=Q#m5(SrB-9-dn5mczZ#qOrsQCLr*QkudB#p~oikNyg`2skkyguXq>! ztKq*i-+wPd@t1V?OFH~-Djoh`vv2>m>}^^@A6XJ-HRW-i4T)TRUuIlS^+D0%a$5NB z(Dn#>+ZL1m!rprZMb)kAq9`aT8Of=YEKvmn0cjOUA|NO^v`P|Ma)yQ$kesuE(2_)A zO9nxj93|&W1A-E}iH#k+^IP9uYp-vgRqO0?YuBk;b@@S26g_9p@s2Uac*FBP&oZPL zfC|ENZuBho^H7~UKWF)_7HB8FJtGj4dbfU^vpoIii|8vQ-qMRj$yO@@;|fwDW7j5v z3kO zbV=nl@c&SW0Zkcu5pZFov#4$ylEj8w>LQZSktl(DE%p}}9Z8~w50L>3aUQ$B$w0{J z>%z^s#1}x(?guX%$AtO@{#>zpf~6yzgC}4igd32SxL;%-0xgi-T{(caF%#H;Wa=59 zw|H}r1cul@(+yPn)$tA}%>5~G^cMcydU1algagoue9Nf6jum)QLPc>m0C6Pp|1d_= zSaa^#xWgzZ;HCi5VoC2e*>zHDA8NfFjA16Jb-@2RR3Hlbt10{o169v~Hd$={q0sc4 z7?K7b42Lg?65=9(K!`BM_Y$|($|yqTW%g}dDPJqa=d73Q$Ha%-KygX= z-RqwP42>vy8s7JS;!M{FfPdrDa!9)f6wkVZVV(%-u3YnE$ zfk!k^!K6Mrg>`UtDhZ8myJxa<@W0=+SromnD6%LL-l;|-lJ26_a7F3MCxJk#leF(H z!y&L@JSWU?vPllcCtna_3`UC$Rf~QVGEoUPCH)fI=X1K|eEEiaVRMVSVEj5Q(TZ~6s> zse~uEO7voguX)L@_ih^;WrdQ{RWUq0kJ8dZy2z~_o@wR`U00O2`#rL7CX^@NH!?-Q zM=4al_ano@4>JOnr8+umI!65k< zxrPhyDbji1Q+J&1K04F=n=I=+ZS!P4F^O}}&lfgd2GH)6 zS?CbbyC{z`YGun2l75oCgvAr_!6IR#IL;IcZ9_1-Hx$Q6+&&;a(M;Q#sfmMyiq0#o zBvd?=L)T=M$jR}AQs<5p_anm!@8{<0n`mY)s#b}#JpH)y7T`dL_+)qnLo_5YXx_dq zt3E1K>!}2dMmz~LCpv@afI_YA=fCOw$ZUYWFCW0Ohfwq1H$lB>)_^L*`hT;=ATX7RtO0O_jyuYW(K zpPMz4j&c%t_}q;vknM&V8Fy)H7zG!Py)T*YCkY9MQhH4fk^3PjkEGX#P-5}{mHJYudNK+as00SJQ^S=4&sf|(>eQ*f+3+>`rkHk8M0%~{9&=4>$0jt z6|x>m_SA98!RDDRD0=X!E($Oh_?L{R$YNVsuKZ`nE)&sk&1+0oMT-7EpPWo;SC_%Ar!dT~#{~ zXtF#mpqeG%d?_uOyZ6GC=)m_AF|sVRjCNa0e~2a}(B{)d$sAVshP1N3sIq&k!zxadd7PIW&2G$L!yOLMP*J)Wt4n(+-)pY)HQkhY z?UImHWd!gfu@nf#ol6Us{wav15L|iqW{$VthjCq!`jv7W+Z{^FA5iO%lBFVHCBun< z87E{yQv1l0BS+1Q>cg>Z;gTO7{(>vI2({X;wTYy0{q<@M-GT_Sv-vBOu0a>B#7iZZ z$V5e%rhm+8QDM^iZ?31)F1yoC!~e52pvRM375WRK6OB0) zI`5H#goPfuKHQGTMaNA$EiWMQNYfTKhqn&2psgexTv=S9kr8wP@uJ>bd)@>+CAh8? z+waa)?3Qei%Zxto*%Ur#Y%@*>*g!`}?NF1FW-lKY|6923&yit#h`@zxbHSaKm zx6j`?oW%IcsAve;1oD>d68vh*RKYh4it>JwH73eYmaYA|RBQYYqsLD%h zEBq#l0o-7!Cr60@zZ(FWOY_VGP;;9l*xJ`5>CGlygdWDJLlUPdUC45S1%NzUILyla zeiI;ef(>xjeijds8=z$J7HWobxJxqJEA;MLP9yODdJ4Ug26Rcj@g3CJH;#Yfq{J%G zz!uufwL%%WbyNqk-o7ooF!>#z+d_RjLJcg~3RQOcX>0q|Gy#;*wPlmFy(G0*n0k^q z#<6q>F{5<+fQNO0zbRN58=9J?yTJD|t%A+cM=+csW$7yWrD#HL9{L8vezFf$y%pt! z2_rGc`HU$(DgDWz6@>iNS)aIbTP@Y^)>H+y8EuH2sKS6KK{TawXX|~s zp_2;qhsRR(7FNGdW!^-RwBV)VAfq8`RqeIGWMGpED0|hW5wqzszB^9u-(2yOI#xem z2BMS;USZ(%Q2LM$N&S!In*?t#COq$>>qbE{6ZlY>fJ7ZXlYGZeR^`%l% zQ(v3xsPQ6IRK@-I9KE{C>bms$ld0DCB_~w@uo67ax%S~UqGt_n`g>;a7rzSRgnn!t z__MnmO<>Ja8}PC}vqUf-KUh_aRhujMK{LFrHC=o0Hdgh*@sn;o3M+%!?K@c3uIoBW zh#)vMQu`ee_q|o?Q!!KG#IWZ_-7&}ez(I^0C}yYXvx3Ru@7raG;Xohk5tTbR0!^6A zqe2!G+Hacn(e=0+Hnl?8SGr{bqvaN(HM=GdRrBqDatcWtCV>0tLs9wC#K67(p?Z=} zpcVDKE>~>dHHhBZ4HX}m8*ZOA9~wrPMOv6NL1ABxlqP8s(HLy=lLGs4CkA=L8K*?r zbSUa(rOvh}RarngW!o1f52B;Xhtv}dls)(HLiHa-^JQbB1wLReMe7j@NHY4bzA$7c44yHuUwjsomc~g zAs1kxOT}>Z$!y^?3`@9m?l|W1NS<(9^(60uH3piJzn!#eNS@Aur<9atm#ru z3Dl)Z4~HxUwrmQ3bEzy@|dqpbW&!XyR1G99eiN#*l#bzZbS|Q$ zqL*8G(WHd~k_AF2ER@uI1pXz`*|bqw@k(6y+E}#5TH=Y@D<6Ve#){}bC{L;C($A5U zFK%+8C_}H~tTWirqiBpybCkcttZ_}#q|CM_MCjpARd`5ew!2$U>&>we?l4RPdZba7-C_fUy>A*n7jAvuP%Jye2-&q* zm6;YT4(LC@FId=RNmpa2XAmJFAH$G~b{L4M+RYw!fts_M$D(2(-8AuP>5;cxGG`%V z8~da&2%UtIFu`YpV7Q`1-KUh9H-ifhHH|1`w~~4=I+eg-P5$|^Rmj}k7JecfZ~4i| z5u}A~hP-W&v#ilH@8^ueT1*j6@~MO9lg~{z-s#;nCyx_<>mbP#DK+qT0`eMehobO4 zHpWFjX})&8%OS|r`8nvAfAt>eG>FJIym9?S$J6`YG`N9GhPPn{hzn*byA^@g!R0Q? z)M7Wc8>cV1& zd@c2;;^leMZ!HlgftqY%Jz41e=p;4XIXdTH(j~ejyUQfT+l`bfMlkA0-f5VL`_~yq z*r2H2^;Z=0Q&JkUee-*hRfHGB!X|D4$0&?-ncK2|tP0F&R^s_3Gnl^yGkX)*MC={C z6z|_ACj`C?Y#tCrbIU%!9#!IR&OkOnRk0xjgxmEPg1rAg)&l$J>aCjXORW=Xy}!vc zq}p}T_UPp5=1{k2^l^n~bH2M6x-A6S^o~84`KQKmon^2d%b)}EcHVKk{0nwX`GQn5 znPoTo54%0pCI9DWek&?# z7-Qj#3{F^CtSZ=+#fmngs*pjALg;?-4olV1G6B;*PKEn@%YppP-RHt*9+9+{W2!LI z%mDp*i?a9fU{t<`U0W2 zK{Z90?V}DlK`N9x9C;SkkAI32MN>wW1n{)wZU#tVL-Q$To((JBv6m=g;cI|u?n}(K z7`@J(6P|l|jRLRz6$@%sVyzq6R#aK$R?yC9ucY$lmXOe;If$t}ON~G%3|YCP>AwFw z2(W7^iNj2>@NF$03@6$k8x3Uk2D5))=jXhW3@T!GexZe8FIp(vyDr>I(XIIT_KgOX z)};sfQ-j$`=K@Bv7;!5_P$lLt^>KpuGJ>wC=hMsd@2KgW+=%Y8D(w89#Il1ao*BXF zt{`q>yS4$6LptwKLyTdNBHyx8_+@YBz|sY8*CBJ0srT`{<{JFj1_t~hjuhwlxnOO0 zY31U3cpvXyle*YO3&ru#)+fq7$POrTiIiFH&mv3u=4~GF-tgFw+xIU}a2)91gug3dd>!fF2&a#emSeyWx~DlVzU_Ycc06Gy>DXA?rOxKP-k4f8L7!ME z-48!{Hr6BxW38N&xh6wVKT3UctG*6%I5S&SdI!Tf!5{p6Zm9ycp-g|T>mB{hw3C^ z(Cp(B$7+B#(#Pn2gSxR`qSkkP&m812gN6m96;&G-bO>g6`3oG|$hjPM){ev%ua>td zfA}F-r%v*i>Y@6j5_Qf=U+SQ5to$%r>_wKzqr1e6MwPM$j*3Eg-k~!No*?1gkC&zM zSjlAjzLyjR(P{>cEfE1k?m0^AWE-4;G;lN{m{e#4^{r_r{5j$sz{#$+VaE;;7t`cf zn|UtDgMO_UGN6627rDXrLox6-)!S|Rk_hV238vD|Z#E(IpI$RU&JxtArlOWFsn z;om+K8eF>j!kI1v_FxprdNfJQ1bW;Uw(FZ}F~EClZ^KUG<>cVm(Y&4@vcvP{(hsm5 z)cY#20%co_ix>Dd3Tfld4STsFqOY-YCIJJUQL0KdX!h4dFUFB5uxg!g46uu%PagB| zVfqsx<~`zdnzAvCnSERteJnakiaRP#5Xm((Ucbrc6)mkX$IUap$zl)L1nR3Xq)d-O zEox5KG~>jrgcMo&hHx|L_xg9FIu>aq8-0qspJ6_pZ0gXuwcN=n<-N4S`qL#6ax62!7mG zhCb63Xi8tZwiftY#egBrjr_B~`2FZ|HkmzC8zcr!?GDr=h4L3Ne3rSDxV0x+X9mK5 zLFYOp1LmD2UIg7ZzjAe7v-n!qoI)&_+%iD{y&JqB_6G``Ad5Nflw<-2Zx@V9=8ec$ z2bqS1Juz2){B$9qkUCT-$=T*!bj|nK1XvW(#q3vQ3#6tt)MJ&IBIek|cR_`Ei$Z3wr?^8v8uKyEZ3*aw<`KcHca&0g_$G6B zL}QgXpaxOW3HOB{;%BzctZ2ZTY>!4Ast{j(gq8SjkrWM zkRJpA^yju+;4`qZm~`*jE;lo_9a~dV1qI>u$uzgm;uZWhD(HIx?^4vr-pA9G8@3~A zY&#K5u$xiM0Sp+2(D+}dn8PG%ry}U^#aGguAxruxwXh=mx&iInuR$NKM~k5 zhNdHpY|>v1JDMaWl6&kvyu2QjF(_;m!Eg3mzourW=-aFYRTU#xK0v_^!Qk!`2RU0x z5{5mg!0yz+^q))ndW2>=Sn{M$r`14|ey~YJOy7ONdyV(zy`{;aCawu-_<6uasxW8Z z6?VK@k=CxnQK>^?ZowQWc#rvmcaH59N}JHf7r-~vxJ@b5&eg@a#BA<_SrD0vHz>}z#$>s5t@*nh=k8gf=?$sFph*Ea9Ww4T62zuBP zv<}-#9+C0VYC8IPD(Fe6lr?&a!8+b}L7n-*O`7bpSzgZ!Cjz)}VHirlotzSYeJMxCv@b zE*?zVE@Fn4OA?I>pA}O3<)_ppUA4&Deymg$w^AFNhXbHPIkqIbEaga8aE*xb?LvHxS%*Z}KYD{b=+cEK;Vp>9X!E{PEG7@5p zbwIr?0Co#_UJ~39)owj%`L=Tba&%d9{p7t%?KYX&A*kVw!svIcz@x=&KCCR7u7hqm zss(XbNyHo4?t+7xVQH$;0}z&OG+%#dexDD|Pl%GXVSgSoK-phC7F3WBjMonsfio&` z6Z~=hON$qOWL*nWAFZaBd{I>+$r_oHB9_l`B&MH^URuDaGp(xQ?%1yrn4tGZ6(xc8 za>+ImG2TU;5tweC(aeLdd_fDXM{;BS%y&z{v#P%a)rlYAHeW5Dz7v1t(5T_JZr1Cm zOfU7bu>p~y=BhzPrm@7qn~Jz0wXh4f7Y8Y0b=q_;;VN5aCIZ3jQjwr;5Ec=SmZ_oMrbPD_*# zmc$~sJsuUipezx%BuQ;|#PQ0JjbiMOP4m%pZ}H0-?r)+GVk%>*MMNga4>_7%;wJHW z-k>E^xbz@}=0_-x2-dOkV%Fe&4DnM#!ws5Q^A_vYny%)@yCFi3=b=A+346F6EOfc% zD_(mBMu9W*0sKo!^O={+Bnac?tq2d#&6}YwOWHr=Iyb)}OTF6jj4ASMae3BvjKWb4 z2GNONfbyL4XEg#Gx+-Cn{++Ng(-T(Svya(X6P-UknB&%M^0-3pW^UL5iTy&?iC#|1 z{yFLEjVY_X73FeN5jK#@Q+? zf0ZL8T-*Pp!*Q2&hfH4%>6q!*l=5+Z7u= zb|sq&z2wa&VQ85Hk^)W=Z@Otg<&`3n`EXyiTI5Y*jqBI3owJ91vpZ~?{r;L5r{%O3 zD0s?#Y+)na%EU7R4b4JZWf$*@Lq8l6rN6qlqp^eG%CGP z2!Ew?7DhfU$)#*(SLW@hvF6AqZF;u7e0#4DeAk{d`AzKyvQ3iHf}o6XNQ;srC=`3^ zL2KS=r<683AhQ|NhlBZTQ)pRT*NftzO+}s@p@^axwNG|l*B4BBFUI=$uo%sqy*IO= zE_WrC&ZGzHUsLFZzGFYA442eJXg5Rx%~TD}*z4gWT9s!~D~k*P^Ao;BPi+YCCen_@}Ne~_E4o0 zXsB}#G6jiCyvj0fj(U?a#>XFMY29;@soonuj-lKN$s?FG;uI7u&g0heaAzk~zc!M_ zhn(EG<^7`Ay%I+TWhMly6YgHk2x*B1#Rnd+ZmnPxS}a5XQA9o%7_%Nzs_2rBYkU0F z1BeKE+`GkP_?&3xlqJ3M)vY<73X_pt7d2KDR-1&g1}FeD#&oToxUYpJUs97dttJwT zllL7-bKQJ<#}&vq%d0*3NSCAz7ZfAhKJGk00uvVEQR=5L?g-?`Mg4pZP?x4u(>N;G zhs}yRORHfOEo?y=0raUtK!cG($wWHoO?70d`J-IhbUuNLE zYxczlh1Q>sW*^7RJnZUZS*(?PBXNLYpTV7V&}?lTRh~pv;Ur6QQmpD3P0!WyJnXyb zN^ZrlmJ@4cwW={4GWa=wK43h60Z3|`G;waq)7CFJv2{2deL8?Jnh+DApPY@;7lkCN z@4aAuoYE(3Z6Lbto3=f@goiWZkj*BbAcFofm=R~G|7GMiS*1JlhM#!vbPxX%b2{;e z*m-Uy#^xp~vum7@I3n`3hY#TXONOO^m;w}k28d!mhFT-EM;u^a=F;|w=nD26yDjyY zn}JgoEAH=Hd6wu4pDJ4*$KMSYHMC~>rudAHF7EBsuj3cVjwoL1lu>@jTVejhgT+i9 zea3`!#D(z)Vo|~F;*PuenE2UGxaZ<+8zj5=?|Hha-$37{(7s%`XU{P2!?$$t4+$E$ z;N?3`troY22)ZTtBviojNx|xY%$$2P^(n8)@-O9FlNB5)$Q;Q1>JF~>TKY9?+ZL}n zGu`>QbtWddgZ}xW#2z=knmfkx5yyf>fV-k36C<(!ip=7uYYY`P@?Il3l`BTpp1&FB zb)jcY)zaBnZpKY3FNyphv@v&itq`lwHp7gJ2w*odg(m(qyub2vSm2zahq$8X#TS)n zaT;P8751*A; zFdgjq5RYX@#01L>*O$`ax{(9*KxmAtj!2F$Qec3;{uOJy@EIzH?GRisiK(^&g42Yf zOMzMs+h@`|9)5%*h$6)t@pLKQ{d4;V2Dj%Cjq{b9O**I!|4q#9vQUW9HE+GqP9@p~ zyne{UszOZQ`6ZdKwpyQzO=jA-S1?~JR6JF&laQ;ycTS(8^73o44Gm-$jj07zDIbs@IO_ZC zV>KcTXP>o8#gN_e7nJ)Zu_D*nsKuqm<&@B{22@{&B>`8!ZGh+IJ67Xps5ePA{OW!p zSC8+dZbPmeqX*G>aC+vwrgwP(LoA@PkfoP6*)=1r=Q5QGw@P2}%U-_y*6eK$zUKxl zQ!VG+LFNN4QI(;#K4uBir-{L9$(B1#3T`s~BSTp4SY%Dv=V4Ucd*ZmzE-`9a!NV8v zk)?Jbt>*fMK}AVwErS@gm#%wQKGcA6sIVUv=z)jKY^3)S5pCczxTwxw7HOg?UPV9S zlbn+Ao#KUpBw9n4`)%>Jma-JkpxEj-dQ#Vd#E{iKFP1gvz~53iOX9(B6x5EIjXYkD zmk+e93Y`X9u}K@jZBdtQMbclitn(e>QJ8SAtkpHY zMwei}QY0N{C6J6+6n?xYvE3ZFjv{|PyhJP|-B8O8@2E{7zaGUIFw)Oyc0iI;>}epD zjK@uBh_7P6QM1pVN0RCZD2nRP1_hPz$6Otd2@^8^**=GZsPl(z5N-gwvOt17~^ zPLU#W{l-7iG|jU-A>r+NZB*KJ58aC95>ahJenKBh51YbhJ`f&{1c;EPlqe>|#GI-! z8fYkWKaaW3KfHWyJabONx1X~R;O0mPZ z^gBYvxE^jDp2)XJP=N0I!q%mXI#K^rOO;4|l~r?`Ke@Me=T)GV*!@pC#N0{f&&zvZ zU4V8L%ohLHZYD00#A-h?V<*qq=7i4pG-CVCK%?C2yF8P3gxhiQ9_0t*r^9z7mJVzb zS|YR9o4tgf;g=_6$0(Ndz*pK}s4-`HdqtGLow z0N{A5yG?ZP$y8t$$`L~PR=+ez;dmSs`BXq$K=ON14IUDJSI83Q(90_tOImZRGANJR zSAjS+)GEui99RBCRquBCtIkYl{w#&vDbV3A0dLxRZ*5JfBDQaHs?{UqardyOWoZK7cInW-u4>7*t_|#)PadXSD|q?k#YM;UE<@4rCt%?#ES9Z>ZI+Q3@U}t$APZW7 zp^SrFE5Thh8xM7#I(*q3w6*8SpKp0J_WI2_@x67=GbfuJP^`h`(Kz-Z&W9N45v4TbS~?&)NQ*ntd%)vaC-Nv|DcFdD0>`s9h%%R4v(_fuNC$E>pbtYDTd9e7>dl z`&#F@ciF3*rTk7Q&t#d&73>*e^4{y=x5lzJLA@dpdtWU`X#*Hu!p$nFY}wCoA(MnrJEM6 zCwFjH>C$Ru=2xh*Q5H5UrD2M@vaaAlvdy79yqMJ7rJo-fpx#@DiV^wIymHBB6XFXz z<^7jbwMEyVcvEQHY^`>p_k?N<#!~a*^TfEdhZ$)@+n($Pf=yG%%hLI8vcqz8<2_(tNYY6C<3t0y?YH{EzW+J0jz^kRf9*aqK5i9bq7a_p8%sOlGN~_YBd4a(KN>I}b)7g<(AGa*%k^`s%%n@+ah+v8Be5VwF zM$i=l8|KxV1&P^r)^8pBRkv??mh0k^@5ntLQbZW(s`%jMEZen=T{}gFHLXwsziP)T z8!m=C*7!&w3zT|j>8^$~ozmsZ zc7>|%)AbBIJ-;jre)*!kpq52Y!RZ62mgRvor(D9lk;?|vRT zKT9XtV7GE*$+Bod5uD>4251J&Y)5m1X1IZpWJ-H4zHsM0W6&+veC3eB%FUGNDPGvT zFU5R!eFHLigDbvZ;N;nCWJ8tdd|Cgr#e7`4^x_o$$bF>RW5R&|qE5^`iD2#@AMg0= z2mhcPFp#-0ll45TceyYb}OO} zJ!jLkW=FQr(n!D>!-_7&F!fRCMWJ?+t!qx7EKc^pnOrZf7k`%y7v)pb zYm>ME0A;KaZ{BN}Y2yn{Fmq~+n@(GbYf(6625oGjT()U>Vs$7lPt^^-6j%l7j>4Z0DwU^m@+BR9a6x+my~hOk0`k zW?qUMCHvX0cN`oNr;Pd4#m6b`U&(zIP3L}Os=;?u89f-dVPetlu++1(hT6#&* z36YyEou8R@8i21%J-T`kkhE{z>f&^<7+>BEM$t5S$c74Gl_I!%Fb;EuGmIV56Xnx7 zXO!6=)Fw(>L&UGgvR}UuZTL}F=Uw1BoSwwwO}<>hp(8L{Tp2I&lB5BRt zeUo%ugZV0x*|BU5;aT;H<^1c8}?`jJ>lRWAZ5yuXe1b<$|iU_+xz?DW}4<( z6U}q9=X^t$%mbGJA*4-=lfh? zaEADvLUst)0nZ;W z2#C@?T#&?ey;*J;Uz?GTDBUT0mA-W4Qj>E{>h&$AGj%aIGFvjk5hmSl$K>&t_1B8b zXvvFeOJLfUHJ(a5v6MBWf!He!3)k*3ibYQED}KxTe$3h}xpk;}7883KLDh#I}R!rNNOVohe6gOx}*{4hMYz zU{M=k8|mTUv6rY4vd8a|rpl-2&IU-d=Qi`)z=nmv{Fd)XZl~|QSuh;lAq^|SZS2Y$ zPh7goH8O#Qpc;i2Ul}7Mn)kK%mX6yTD3@;`u~7A4-de0pgJVtYugIQjb}!7|Uzq-; zZrZE$Ej+&_I;r1RGv{FpS0pzVv-R`%drLtI!P+_TpzBisosde2w30>Wgwnan$j!&G z-g#&JlBl7sF1f3+#>UTe3%+|ide1&5-X$jQIgfpjW@xshEF3{BMQ_EYoS8DUx z3HVHp*jd?)6MEQ#BV;9<^JqncZgYAQa0Yh=-GI6TyEzK}e6ZP2=#+I;@fh;+39ssiV|}V2zPzB9O_GaN z%U2&*-vD{5)bTb@u~uW3BwaQ@5j?+&suADsC>mmZ?F0Cj&aa>jh^#K&A#-j*Su?f& z!OK8is2zFnd0NflAmx%KCZQP^)2uaqv1A4s-8Tv9}Co>oTYS+!}Ke^$fkv& zoy4atWPKEgBO*70`22^15lKmi2e@(!A6lmqFRBTO_(CCH_gP{h$tQ7k?%tZEx5fwW z)l0Lg-+T1#cFQquR_U!h^O0>u1|lvsT{JTL33OpKg3rg+=9_Fh+cPuMezFsm<&~&c zoT%^Rpr=jNQxZzdAW;FQ=SbMf10~Mb*-rXip#ANoshQbb9y^9yJDv;Qjku?cgQZk8 ztx|iC&N)$^6?dCamlV%nfV5RR2O_8nwY7<0T5KvP2G0l~wq+d$`UM3O@9}7s&$8*S z7d-583It!wSpI~YTL49oE?et}**C#Xx)P3FohUiQLwbk{0N=Xj!r^AJt|#Stf;LVQ zgI^I0c0$KRa2OtSzJvPlWK)A)*450qF)F^qZ?8rSu&A+#JzYwPrsp0e1@70%pr7LCUVEi=v6msSn)hE=9OAcFnGj?!6z;Aj&IfPi!; z#dR(|8Fe~{qSCzJ=s^XgxbX&3)7@&jH}%cAq|LRM>@GXk;uaAvi(5x~Z8ee33{?-K z>3F<@o{l@oJgwCneeTBB`bf$2R?j8V2UlO+8ru3+zY(ySgSeFnRHJaVyED6_*qac7 zU@088?F$b_Swlj9lQF^Wpm726Gioc~%ReUUpt9kY`$u*hYsxJfO?nYm`QxLFuJM;$ zbq(7qD$_6mgCECzw837QVeK=Zh_2@S}gYIIgJ(p#vWZ>wx}+C(-b*UM(LyVvT@ zOogH?UWhaZr-xZBC}F*V9V8FyFIDZI)H0|!_g?3C$(wRDrMyMrP1Z>>GDjFtO4xTg z1Bjq{U|RPfO&G!G^ruZiU*$s!E9~+$c8nTWE{eq_PZ6Rx z=p4rJ4B3lInNjTTXr+IfH+O(7R+iCSp_nO1A$twokQZKi=Isuy^lEvj#G->Skfhzl zShp{4m`iO>hPk)uzn9Ij#or|^i$2qcy%FtVZX2bSe!El=?U0hE>r~qqFNqQ1&;}mYeRWs5kgTGBsPeT{HIhZxn*@AzD zzw$|Q9TXcGT%Z3oBJrE-hU&L%PFMN#uS=2u7kyQ280>lerp0v}S|~yqs!_XOr*^Nl zn$=~S&o(`gMO*zgd9}Zvijvo7qm!sEAfeF($d6049|Ie)(;LeSgGT>jx0(5Qu>hOy>l&-PA@KGO-LRy7 z_hdbXug!blOR$SLttB`J3TILjMdL~ob(SR+@DGW$nco)eQf$%~G(?rz6IG}eOeECT zzuE)ug&JmaMKGv|1DBMeTr$-mnR%&ukm++@v{R(fJO1c+XV1^wz(UU*R#{l`mi=!# zMrDBSelY+9Q=DwnS%y>EL8gBpqLHfErGrON5lxe>JjSwH>1ygEyF9rV-2lh88hIX(d+LpxKjdj6LyohzhL!#n$CDTu9k zjHx#6BZ@}Q`f$B0>_ysxiJPA zN>KL8w>R0zaDcmI&vVYpYlgRnPON6@+)_MnE^+n^?p{4B`y=m+5r=FDOcuR4Z>Tp^ zH4CN6bp2tmanrPuPuB42S)U5a;uPJau`C__Boq)@brS9Z{CcVYhYC`6%2&F5+F3MEk$+ske968WgNy{9gQM-dCtCt|$7Pbv zC!smp0%p`}_Rnp1u3Aeo=V_#0=*M;sEY?24p;?eKc1Rg09 zogiszdkXMrolXmyaT&HIT7uRXfdAXpv&k|So1tnUM^QibOd*pyqhAwtiA-Xu-@jDF zmuY{?o&WowUtZ=4OL}C*7rT#>{)B;Rt5X^(YN-6~ z;y9p9A|us(F%M}R2WF;b=i47`N0FlFBtKix=t;F2?gth>bm5_&buMQ_r#3DpZzA2V$64o1Vqumwb+FjqX_N2M2&gD zbW_3f%Gn~iEi+L0QzmhySpx^@g(JIp|Ml*Lv&0k>ni`jzM=)-}`mZ&V%(l487)v_r z3ue2yaV1=2CM;ixmA2N87G08%wIl|>kk8Gza-#36W0IY@omct(2e?x}_1~d@A z$pyCN;3iQx)IS4gk&r;+DW@9;tB6Iik4_fsPyD>rIXUIFXJ>?qjI#tZG&J>D&*k7u z>}Nfl%n9v#1O;sg`P*)eB>qv~UAaz`p6X`PFqElNGt1E=5oz+}7M49$85+008)=sEhL(A7}9|`W-_0zb?;iaVt*M z>^waaNbPDAbo1V?)X0%6x2O=Em-$GM&_bEsL=EZj%#tq<%^lk(qHWq-vGQ)W9Y@!^ z9Oe}cZC?{!;Aoy>6&{ZeOtUwRd6=-F5goDhFB}U6TQ~NX_pYrMDGL@-vGb<`%cikd6A=dCKPHDKwDj>u^#L7Tj@oE826Aw)JYGQdZC7f(Zy}UMBBZW(7fav~j z#HnXbf1ldne_{>9ALQprpZPuX_eQ;cp$ByR&nC4JZc5S}gW96}x>TTd^y$Ck2Nvxu z;l~Pvh@X$)Nt9d)T-__s42g49U|~0)SWiDRu~dya4z)LP-1XypQrgGLlBDzXm#@s+ zejE-ckOS=0oA4zQfbtgJYPhWPixsFJoCW%(!jTW~(%?BJ|8&sKB~LiO8bP-wI{O4* zOo09-69j4^aSFh`g=|M0NYs+f0f;gNHG)6@KOnB^fx?J`aghf)mCD2xwdriqQqJHB z0!_NNT?p{nRs)3|_?{Zj$@bT;%Ox=au!*5Bi#QepLB&_-kLz-`fGW4Mt}S5@$ZcIY z0zk#<0L-@sb;1W!xY43mAtDt}9tyPklfU;OBm(@y+=)P?L*o5<`Oiy_Uc&2yD@nFE zc)XuIe199hx=2V^hhtK3Nu&@U0BNrJgE{xV48$VhZiekww$*@|(K`}om1hP)z(Y=eo<4q`#lPAJ{MSJk=KRgtO8s=l=UDzUIh}(J$sb9` z0F-GJcmHA{&|e23I{dfGKsI6cpeXPfJnV$B2ACD4Ns<;|G9Do8{Ac_8b?TXaApW>4 z?vDvmLF|Lu2*IZ_eLB;p@AUt=6P~`)r@QyxPq_bI?%qXdd)`SMo?)s<8Z7kM*ptey ztv%HY!CWG*-8y{Xf1KI{B`*=~FOovW-vfufiW&o3&qL`EC;_sj6e(PE`~Lrg`*eDb zQ#btoXqQXA_AejoS23Y^1`#RgoZKNzt z0I%gOxuWtdUA($+=2iofjpcLKR+Utl&b3f|GNrk_OU0J)7bxP=Wt?U}Bo4^YE$n(M z5J-Z6_|I*NqyJ;V5u}FL08euHIJoAMrP3sI6w~1O-eJI}88^EmQS6mVu)}E0CnYCp zx%Q5S0~}_CuBDB+*jQCiOh8H-Oz6!wS20z=oa&do24352Rp~R6PWgj@gSe#2uLoYD zmv$dMlr`8DEXz8s?IvOY6xzPjE|6aOha6A;fhm}t^LeGwEWn^JjMy}Vy!b;p4Yg+g z#+K%5K|FBp3V)VQ>YBw(HL3wLh)6<89N{IN6?l>#GC+U`z$arQZBXw5z^h7dzOtNp zP`NiC+Xgui1>uH|BpCqeMj&<<0Fc)lchX7LI6yeY?S$KdxtkaTsImd_FFi&8zf9ae zU9>g1FWE&1Ms#m}DpT9C0D#jUCP@#wNYeg)x#G|72q`HAvhEB{<>VkCUe#ev<(2zD{U5Dk zzE2IfN-ev|8Rl|i)Co7S==b`w6#IMhpCB`IgTKkxN#k&Og2D=oSKEI+G1PheU&`>7qTrAc8wqHp=7ehtNGh@{s3+si>H8PkC*G zXPE8tl)KtS`-uF25Q1?{`s8w0)QilAQc%M^GI+h%zz;a{GdKsK8wWtr1*8Bpb}fV` z82MFSTjW|^!1ywV?)zIMp0*d57ZqcU6q(9EIExb#Ner!F!T) z5ulp97#4w41O%3-B)1UIJ(L?Uc+FvNMV)kf6tu43HspbvFcH-^u``yM>To&#JfgWx z9I4-%%;BOvBb{zCbEHv~vb_qshgm!VKr|tK_&eSiOJD*Z!{h|ug5r$LA$UW)RL|Zm zV$?C*7XM@y5Ml*?T|+MZ+}j_(Ngc5OpHl1OV2uK!W$}ecFRx52Wi8~H0&+wpte4$kix!;w`Qs=ehL+9Z6#oFTft|dkzCrmnd_YV zI}-z&HmO?xGZ9AT*&qBwt5sm!5p#o)35ei#X}&bSJ{{P4@=m+aPP_6>*TDZ~4J3Qy z<#WFz|NRd+*MEWfrPWjhUh3zj)gjq{PV?u|nHke}9{?t;yZ@8iV1K<=u0~EmCZC5* z__lK%W8Q0LHOnBnJ27M$fQIWII<9~Is4)#|XIar!NIcxR&t|PbVdX{f3_q6qZ$&## zH532OG!swl^?%P^da+f>xt~7J{X?Kqq|ZHp`-9`14Nxr{K(EHZ4~qi%-)9}9)Qa%E z9m0FzLAc}JWF~Qc|8KEUu;UMRxRuuOofMogk zdlpl7$#VFN>#a{a>dd%Yyf8rv_ikx7E{h4f*k0ThIusz2skcCx?)6fuZ@!{XeGbiL zUc|c+$dya^-f#kr(L+T*rXW-YkPrh_-B}CVqOML=W3)cs=$0|}w`is1cQZUX`i4tO zEA1#Kh>0|42=HvDy&-@BicAju#qa=LnGkAJzv>e>FpJbd`Honq{>NoE}lF%HWZ}*Udn`@QDXOwLf@Hek7NJA z!oxf6aoS**Yc{li7jAtOmlyvEKKF$(-SY*c` z8LcSg;^9$XLfVbs znO6>#P@UL`&t;exUpKWz?(-r*;bLcN%lJik+v6pGIW|o#8PQZ`+lJtDs@eIO})OXTi4iz>B5?=b4ax9JZyO zS<|V5#wK6zwQnf+EFz1$g?ecu>C}{v4&g*VD7`BTc+Ys5gAf@V-O}Cs^XmKt;}Gsn zPF>AtasCj8_w}zp&o3UX)mZ8f^MEhNDG`Mu$i|*g;$gUzqp*$S?|Bc>rgoZ>hdqU{XM<(IHAA0ZX9d~ivT^Ua=S7~CaW^PZ z8RSVj8V(~Pl!cB5VZ$ibRrIGm6gQc1z3@`l{6OX|inC_gJc}~F@3Fjax$XTYNL#dq zd9qasx!5ga)T0BL0%am|enfl&a8wuvgIfDAn;!MgleJ1#NoQN^%r6Tb)_os2YOko7 z*KP&5eyHIkT)_Fi(>Bf-KD%ch8ec*c0JM~|K}=xFnAj+l*2yyHX^H#r zt>3JPs76SSe@x2_S3G#&S%luN%*5R3CoL-a%Brlt9E$5>#f3ON2njt^YQar!$o8?O z*u&2X`=IRhuuS_LUIrH8b`0X#>6d%uiZ0FXOENC@3_XCM;1|xzDPnt&CY$K8 z`D#s*iqX*ZWxuU~5J4}Q?^7d!`q{!MOfnpteBq+$6vR)*n9`RFTUnz2y%Cvu^VyMld5ar`;SZGN+M|LTS;n5;q^bzMUy=H*$S z$yT@}^{tHg;1T6*OX=nVrkAnDkL`}=Ry5ScX(P%2P|Q%ib9FUYlSmt0X;5qnQ-7u2 zj0zXqcQBTfTkJjTq1E@yh*?ou!#g8Mo&bJIHqaY4je+z4a6^?9F=A-N;sDIm{f6|@ zKa5vyfP#fgFVv{}W>$vD$SfJ`9el0vcINxh1m@UlxiEcy%2%SRv(?>$-CpcHJF>KECntme1j$6n#lRw;idJ3Qb zOeFq62~fUuDdFQ1C?18?L~0vUvmeE3{Ec)HYZ28K1J{A@2{I?JO~^#02YLvs6Fm#= zsH!d*jAAV#+YqBF$oexB4)3%6;IJ0`CWl3=oZj^?-(?r~V9`75w0>7qZ6vmKdWNnJ9PI7Ro#8qFIr-`fMGu>-}~rz(Y=UeCgx`~zJ-P1=4j!Cm|~ z_xvS5h8Wv;59u$g*9cqf&M(fg^$9(5n+u&AG!!s&wop)D?^gY-U27aqXgV*X2>vb* z!qujcz5QX;HJPR7rL@tzcucs=hX3l=RF!!8a|RkofTg+ zwF2-)iZH{CNi?f1eZV?4qNscBh5=3@;cC{bIQ)Ixd5y$vImYUIw-+N=s2F8@l^^Mm z&;)GcwKy-6*}}`Fg@-gsGW%5o5Ac=cfp)xI4_bED|2>>bP;cVv8#=dify(E1Bp=YLep;y9r9*ddo_~ROtO|x@$ufim4=G#v1b-8ayRqKZ znC5M}ZlP8qnkM0)dEMq}8ffH7JrV{@k1*(g#M$Sg!(J$w^6lo{LdA1er}mj>GV?_h zear>FGK9>n1)su?NfBgfqRB_fL<>a~R~GxHmeq&C-!_e&+c0WO8p)SRevQq)p_ya0 ztGPVdan&w}eq-W^odWM4#jlGvP<=*=vDrME6VgaZ*3MzQx9Lw<5j7uhxn z=e0UphaOnC{p*Dwo|vwiLam5^+Ul@DuYp`IY;^iI0ve82IGP9@uVEPjw;BQ~X>T zh$NEvit)*1yydr_lwIiVFG_S=%a@79E(yvH$VCdXrX1V|Z&HvR98ln9U2GKmbTUgD z*|1pLKqJn^S2J~of4G`8u26u&4R>iN*j{f*e9|;gU!l}*mYas*&epL1pI@lU&+W8_ z#i|jZh<+%OraYc_?AR*N%C5`j!v2ST~n*ncuT}oWZwv;bGG4QBqU# z<{)ghmgpvX(F-ZuXqpCQKIHA0+QB#4oGHKe6!_`GaHZYom452uo9S`A^#@i_9WSn` z4tUQPG{cREqqvTB=65Qq9GXV%MJ0pqgzd*CoV2^H(Q?PC&YNa01_K?3`ee}#YyN{W zdX4_^2${y2zueZyy3XK*rS=b_3VI(yX4out9Q( z8EMyo7Pfp}D0p@-)D+dUK5;P&((BC7n%&#Z^Y)VxAvg8uQc9~TUz8BFKFZ>aeHN5OS|1+Ch9Tt z{XuXF)e>C$yb_=a)W)Kh3Iy@BsnS>_LkG9HX1pWRm>T)a#hYuzlJ%f#8VjXHe4}X0 zbO|7PAQVyJydF}@e7foOeY=oR{P!nugR;>P25FtJ z^>dAWiYPwCw0wDakEaf*pcgPSngqG+c>P9P@X7n12dZeQ>y^#jBv?0+y^|3S(S>rr zA#?kGmsMMGr|pe8MzcZtnJgkIpqRQ@2O6PZ$I@CnY3<+z#-EJ{am1UvkE>mG;F<|Z zxOq2|(ZLR$nl`0CzZi;kx%Byae=Eo{iO8#qYbx9yBSrnDu;DnG@?IjY?Z_$(=Et9l zFle_)X4YyN+-`NFVD1m2WVvG{dQq3ifFTu~8@6YNFR9oSu+A>F-JSY5@}1Y8rLbf` zC|DLhSSy!Nw4MZ7aEuO;&2S`*uAg8XNLp}<`RrZ_J^p>kLFEl8=Bgh{c19Z4M{MVWqL{K{~V8HBNTAY)9WIarj&Z_aWw5!6>^73$z%udHaW;a`{LE4#&7*&CKbE2QZ^bo1n+ zo`S4>6yd?Qq;zo*O`UKDIU&_M0{Yb=pK83H#pxVr<6WFyBDMNQ#T25=j5?k(FlK7l zvVKrxU6dfW<5dz|ab1}kqZencW$3aM2)?xy&uq1FNL)|5D2|gO7tksFSwz?=);1xjXGQF-*nnMi8Btj zmyjYzO-Gx>q&yGALcPd9Uz~MoO_s!?=zlJj)CEiwN0%T+F5yHonryyLF<*3Wpol-^r$kF$5ObqlUvd3gScVlfnT4qhdJ+Ghe zJ6^R<>3uhySeeqFruqFC9D^3m1nvMr@9h@#VqKsTJs6@JyqR$`b!Am!eD&D#+3Nb> zL~bnKf->C{+M~R5FCwJ5_LEazlxsN0n18VEl~JZi)o<0johaL9sS&my)8JNu{Y z4Z&{DFIecUXX5UlyM@>SV;m3r57QtFUCfI;kbV@$!tc0WJkbm)W5JT;J#H0Yu<-jhp)8t6`SvCyfOx@mrkH)xWy081^{2HDowO zb0n>P0DnL-LA*?3ApGvRi|eSQs=tw+*+#CGF8J2;KY9+`KVjf1p}Nd-=^@9(@S5~N zD0deat~IZzwvOW4llRU~PxedAO{K~FwhC*tNm6)`$!~U0AfG3x<@Yu4^eZWdER9?3 z9)SyzjNssD-_Bb#Ug&+EJTvditJO`tMnd(Ko#wIHrmrTAV$U(gal_mYG8eB=GcjhP zc41XlVZ;|;@7fuMQiTNvjNvp5 z*E#Nss0oI?{%-7&X6w;`S{Nnx5#?(U<6VNSc+=RY%faUOXPG?Zl|K2g?T$XTmV6ku zH5kh-x?P9To4;`MBlTxh3p%oX`BTeBggW6m5lWLv8os(ZxeEsysHQ+g8Ky^hk1W*| z8>7{u>BYpjF%jw5P?D;*GfzD}=Oj%!+ju75tuc^!bV9x*Ad9=%)}+VEHG0MQ_TDeZ zPsyz#@IoynK3?MecFW{n-^YT!zuqUz$sbq=a~oeE3i)~5HmX7qCH%WhMxa4vucsKev?=E^oaW`Ql{qyr_#I9RwKw z6Ynebt%q%qZb1_nE^G*Prc1M`j4w{)G$7OlB~d^vg4S3o9E2@2PQ+0pn`UdPHx#~p zGEgcRNqxXrr6NBd_AyK0TQO5gW+wD4ii&c9tkiklgt!(aW-;{`g+slZb22cQ^ouWa z5gr@W=FaC`%A(J*dC0k+iXmZX%?A4u8zvDDW-k$qdS9Jz8ncoaUS;`FF(Jv~7PA4)TOwQ+ucm{9 zl1?=UX;b3FbCOpW>lzD6vvTd6(?or)2*#Onyt$w_(E-FYY%>SwA>rIhl-cwP!aPR*{f==+1e%s0R9 za4Z=bYnFRPUF!XAdiCX1?$=qi(MBUmSZKY<{sJzT!hh0dKaoI|DhZ3R!fU-1{(F8< z>COFXz>`1iI@;ZpE6||H%F^rG0cmM+IIDwuq5;mkQA`l2b)33jjbs>Rln z_O5VX8(-9~kl}A~Od3hMd&isvu}KUu1Sp+1%6gqxj11!ceAQvt_g&EsdCuTrMSa`h z+f#kNDlx}x?z2$Ks~)!ol~~b&Yt5OT!}5%0JMG-v{{#5G4l@c8e`()1^aR%SLpo(U z)^?O5Y`_(+d0yTHf?Lf)*7z~+Q5T5mv7M8z4%+Z*g}XT zh8Dp^vN79z%RHmK1y^uZv#H;C1+I2J6M16cIB-!&=QHEo@p^sYQimK1i{z7Tb-dDLkt+37x{hV|P0W1QzYUHsFIYTjP7t55#bmICw=A=9M7NHrnR zL*+rK*+d)B`VuwU2bK$)Mn1Pb5DQ7#WI>`Lt_LqMpd4{~tT#Lpoq2U^THlC@GU1o? zoh?KAafcC&XHpYx2zZL7DPJaJ`%F3Q_Dr7?ZNE_I3*q2=KH;xEq)@KucOwP=Zhkv` z|2A&4uMix<3Q+3`c^miqIbZ^%9k)~8HQvG}&s!lZhqU$8=3Y!zKHe9=&5~U{f#xu@q-qG^(Y=p|HsS2zt~p zy)U0NZQq&VZB75FEop1yYR)(}u-yClr=X$d+-VO$yHcAFbU`mP4bn8!2VOwg71)v` zxU=`r@7UE$8x1Q%#H6@;X!@R9(WeUvAJ3-6J|R+D7uE*`{`!r=RB=8M2@Pu_A{OE@-+aC$%go)I`o6-fd&c; zBJ;fMw^13Xa5O0O$!|+`ADDYzs*jTT@J#$Yp7->KB=>+XY2(j7Pzo4l63I%9?4^O< zoCg4oGMlKvyUP`ZJ@-xr|4^xqW*NGoEh6Xx)a&Yc{gc8F1~ zUS;7vwmWN>E-j#XjU+Z$;Z=G~6Ol}CrAkvxXW`B_nrb0Ink~`H7HX97pF(AaMc(&- z(9JEI2}r|#cKmowyvWT*_4%XY*H5QAT?jj4gXNXK_sSDx+%6T-hh#l;tbEibXmI)T zgu{yv@uiJqxwa}uG{A_wpi6?YSK9B{TaDihwa#MT3_Abi_j`|Q*sXAKp|b-6!QRFR zuHXEO=1uQ(@htN(f2m+MAas()9={16#=5?l7At(sA{W8#n77}C+W-!bMyJRDFjdpe z-&DE*z(w=P0yk9=axI2B*!tK~MJ^<*-y3~%>E+S`T7(Z=5O2_XxG;}VNg->HoWiad zuX60FH_j_}iOnbu%&cc!lNNt!rz@P*z)$m~GLOXy-+1XBLo?kzs_!td3q-625(B*k zxI@Rr`KN!8H#VDH+i%FRjJQ6kze~J~4Y7=7k<$xa<)ml=lmx{u;6!JMhDrA}C)}c3 zR%AIFhe~xPqxgUV{c?j}*f?we*nn+Hg&0>xpCoBXQzq;;mKTWGqe-Ou&94p0e%533 ztm?f!qr)RoRn`K_tX4Lb%(@|^fwk8eNsjgVI8zR9lXxU4L2a(2wgi&l3(bl-4lrF=Y2f!*2|BvuI1^7 z|6e!#bJOoqWpdSt`7h;(ugBkJwZF{v4xM~zpmix%yJ)huqV)`BNC)7o^wcYuJ zrH*RX4Eoa-CUmC%vU0(_qJj9~sO{H$%$5UI6FR`rz@bb>tI~G$OPfN+gFPgQcuY6SatxxM)s;oPTXZ-*ieK0q412h8C4dW5RVF0Qy@zSlVoSXjkoq7@ zugfD(Jm1DU#OC+GLHKLL^;eq@ic47R8rv*SW|y<0!1?ucXHpe#C!+tyuow$mb6u^2 zolnH=JVNT9Tk)wbO&ao|nXmMNw=RR^9~*)^+6w6rldCl3&}xbJPI=5**n54C1tw0t z+m%2#dO2mufG;!sQE@i9%Lp&gcTNW!wxdxWi3Q*$@7#91CNiPQFm0{JpZ;zJYiEJ0 z6!-6EYxqnDaC3U^1U2A=&%NJRrTa}lfaerbE#_1Y6k9pIH~I;J5_F=6cT-YRM^mU{ z92**cyx5(QCvQ7Hga>rM)SpVwWIX>PQm#QH0;#+#5TyUjN zJI(F8K3zAOC#7pbKIhWKX8jrxSdu@V2}IUBmIsgimUs3f+5PlZpWmM^CpP~BnKtEF zIhcs9cZQkQh;ptt@Y-%ledTUp)4t4RS{-rNZOTaWG$Pupjk(^Nl73Qq*mU&nK8lIA@I;wekOIg{1(wgfD7wCEmnF#g(VU{oc*!tq_= zqEihSJGM-ymkHb6IPCcciWi9S28b|9)j3DBvM>ST5Ji_$!KoEBeg(DD=NkntZQR#T zB19F;we0h@wQBoCn+Dd+&J6iw!3_;JeX5NoYytm~G?K_)i7pscAbC#H>5oa}BxK`0 zEyG&SDcOsAp}CAm!NGx;dIlBYES{Uds%RQ(?x@$O z)?&C|hh~qraRniR2w7(8(RRML(4`yK^CQR+yP%{Y@xZ1zX))Xhr7PW_*8jLt z{FI}k({E^S2=x@>SuY zfOT8?JCcSy+a>Tk+}s`^x#|2fLPKT$#Pg%GV@rbH;OF+qUTLIn+tGbwXZpK?35gV& zg)TZ^VZ8rBr|ZXojb*W(FJXbTj|8f6(@c674n@3^Pq4@P<14I6oo|2lfK7L}HWE|5$%`c{*1tBJ{)y8%S<_)Ys zW?d%#ymm|DX??A+W#r%^S?n|Z-PGMeo2GzDtQ+zK^4xU;*~i=ZBhY^X%*Z>d$k^|H z(_H$IVlL)>^v8f0@8Lzs!TxmbJybW(R`zP-qmP5_j^vi&41@w>n^4Mnv^1D+`px8QXTI z2fNEG>DXD_tVXj{`)|39fi`mZ(J)|`!eat0(G5&;bc%l1;X#O}+vDGt#XlvX*m|3% zv?o{i9vhcJ+S0&8;$wN<(TQ)$^MD1}qYal`e}nV@bHnPrd1TAI6HD&6hs{mCO}2e& z(PVAtF4d(d+0Si3MU(b-2iZV)v4)~SOdweBgLxlznr*OazSoW@2UAmgH~pG-@TL-P zB`=5G>{=YX~{ou-gZG^&{znTY}mreuE8iOYWg+f=e!a|=a+>tE) z%=&nkYFn5YasB_UB>* zf!DSkQt9fXT|6?Xb^l=laRxfcj&;)*vMq%UZ;*g}I_7g**~A5Va5tgSmF-!0zD0o< zNPmfUdFVmT2vLeqOk~G%jP^(5#gNTf2wfa?*%q^#$~GC*P4Dh~KcWz5j=5-Dfg)8^ zSZW=bUdXJehKEru39c2=65GWBKbfw#*3@A8xQ?g3L&xiK9ocGr7vb(KX3(oD5ef$i z0Ztez0*shgk#lj3}W1 z@xmW>7~h!A<R4LhYno3Rd2f_ohdK$e788wfE%Z>&q&fDOU`yt?Ep+M|F}P^ z?7Ll}1!TqiuT?gq{=UA!GW9)|?pI|N$u~4l=H3i41Tobvob(BJ_R22qVLba}FN)UV z#t!2@&2aSaotoe49SrHd{SlU!D^I>oEZq>c_$_uQn}`xdu#<(-c!=4UNEsgESXt(d zy!_p}{HJp(v{@eaQ~Vf!o_Cft7C?AGdXOo{W1hIh0pA`Cki?OBUCRLLwFVL^e(y z@`wdDYgsuq{6}7s0>r^)Q$SynLC7-w)>3bX(!uD(akaIy*QeR>#abEFxFlWkaE+xp z8Y+cloYw-dDC&N7WL&2n=?<~xSa(WMYA}D%H11cGdN#S#5RFzXF7UWs6si}m=NjFS zSUZ72$86Z_hisr;o=~`n25Zatf0ON--&gFMiQ7Nn@oE?pzhz8nyB}oGcA;L*(_Mn* zA~*fDYf-cRK(uT#vVSHPD$P5l{X81q`Lug++!51X;|~{n1(+PxVJt_g2*I#Wvl)qp zcYo}A6oeOEs*uTizx;Czq+lemG`~%Um8kL&_y;0$e(Dt%tiH9h;$%zo-pEK;Ex$yYVquGHKeIs}vH{WurLkKva)DufS6!LePT&c4@q}@Xh+Je~I@0gIphC0w zBVWxgi+WED>FdAXCmcWwr(E{l`mNP>MK_4>W*oACby4m|Hi{3bjYVBn8WV1`#9a3m zeS4p0aNnsH<7K~e6M)Crsn9ufMz;;`Kr{1^gRI1BU*lh()-P!B!rodp^Bk>CeDs?Y ze^dhBhycBJ9}!moawV}K0BE-_yb)YUW+m3HG5YF685rS;^U^cYpsP4+TOwueyIpjA?_=oRtA2CcipqaHPdzAMq#`s@^@QMKt&g?nTvDvk z6Oc_R-K??p{RJZUiIl4S5Y>B$RqJVy3+p!(Xv$$+rMIG41nFo*FpXL?M2TK!5u)9? zuR)*swKv7kT`j>W%5;dQI}^wEF_@rV&L=Bxt;Y^q5)%33*FPu)tOQNRv+5~!| zyWR-1S8WY@iN9D@db3indzZWSwCLTZu2Y&HpH4sOw&JL`ET6EVWvSr$IF$irTDS?| z2-!EzE6xS;=g*#m2Z0#U?q1gPqoVm#(M+$}!;PLFMm5m&9WERib>I#93l|QZvdyM7 zEdvUle2HF*iW|K9J(m;bvv{a;<`|Nr@4 z-TMER{}1MKS+7EXfc*dB$g>~-u6T@GZ7y7wWQ=^YcUAxt`}Es|=kLRBm%Sxm3p_K$ zu3=H0Pdxnsv(qhs%m6YG!GQB6M|dVGf$Nq=>ECk>=Q|F5|Hk5)8gC`WKf#T&N$Qe8 z^k;_^+UD64<0}?-WsyPifd*wOuhQ1O4eD7a&JEiPgKq^c{jC+$EXx1(O2mHuuzG57 z>&>4|;n%qNxk`)iucWK)JO}U3K949J-yWg}G*C*A6=q{%gjoQ(QdaAsPz+EJDig!8 zYozpZ_KNu(6Ry+0PguVl0&){B7cm0(xmJf*G5?Rtdq`HYw_9@rzTQ;9m|wYHXf2~+ z#f?GoRz?l~2JHj-Z3+Z2`waMf)>z&(iT%}&KIpkJO!x;Y@M+(db zH=F5_Mtoasn26b@uz6V*NJANQJzZ*~zl=$LTo4oS{chg-yT{%vR0xtQB=1zw4^PIE z2qoulC=j?($B#~pHD3b<;)|+&nLovp(G=*yik9*S;q{y4SyP<8<4A7~C<|4eW6dZi z=5#Jgn;) zzRY{)+2}{7owLZL1!p_aN8*{DIpo>QX9|tlYYk!*3iCOXaeI%qcoo8+e+r6N&jadX9L67-+94!AlXmfTX4xY~Q!(klCOz zEO6s}+VASWw%dk%1*Qkv$I~fTD>IEtN307IgzozD*JNgiZfJ@#E1m|>QRDsnEP5FQ z!xpx9gB80Rs;2ty9J@VEdpmdca;@qz>9)C|TxX)xU=@Dbm5uRc#M)o}vhnu^v93pA z1haWf7zVl6H$)L9#*`?>SMPRls?_h)EUt{NtnFCX>->5iT2gtJkF8kwj+Gj9^?4~- zFA~Q|7{u9N88I@~&Vc?ny+|u3G}x8(^^ft<5dQlO(k?@9g_8L5A`Td{N>P?OS^8O@ z3?$?A`The<-@o&z(BUWR*x{nh_retkvMX0V_*#kP^N5|_y2hJi$ssRjt@=|l%^~oimAHFYD{^oQ4g}pFKV3bO zFt45BlUZv@eAJvOnyUIRRp;{=Rd@O4Z6~&glz*VL50E48m0SNnHTedVch%l4TI_T1 z5E9J}f&)jE2`pbFD@|F?EgMWIPVV3g>#lEXWt7fN1WE1hN96-= zwpOoBtWmS5*R@lbG*?^$#LRC98n5|DYIxR2+WP^|43LxoINBjFuOuq~yt3eduY%^; z-RB0l28&_l0?=~YD zpBAsy?5UUJE_jBpEQ-2bn^BOnoz!;&HGBa*LOgdwFFNbYon#DYnw(_mv6Sty+$q13 zr0Qy0q<2@F+e)8{>IX>m!rT0aMRRZ}MSQ+fkfe@SK&ap+ung<4udYUT{l#=<7}PcG zh>x0PxlUX(^lr?EhlRWLr_IG{u-Nlbh}UbR7ho4CzU}S;&s4#gKZa$k@HIIQX&8{7 z$E5AjxM|~lUeO7AynuXTxw%YA4)OMmqPAb@6YiHi`IJNbDaz`_#geq^>#2`px!Esr zKXlO+elBzgG3ozE3t&M;$AoeA7igZp_ZP)|eTR;nOD#wH)Gs;|<$3~vt0bL-Hi<`h zk&nPRMm5<4_<1Ru9Y_m;ZNK1_tIyNQ*S}s{P%?)7oa8drv?x2U6GzHZ>nvrI(FRee zf}I|k_b}Z*+A087dMFwKCe-PhajkM~tr?CPl4o%`~A?N!p+ zqP?PmoKTLDP91gDMalSXQ#59X@B|k`zI6WSj|o(FuJig)kE^C~*V9mI_k|2M)#b*l z@+;JWgIov0YUfWXLL;JLiB?_Balb^DK6=d(3e8)E1j;m4ej99_bQ9q&Bn!$6o-!kl zn;23=6zt7qEh7dvm*pv~yX9~`w}W29csu=gWxc>B8x8wN^aBjx=y&jk6G(bA(8p8# zxpxjk8ZUhUPT}9QGB*S2P63gQRs$H6dp3>Q_x|z^GzI(i7m7B;`~wZFMmsa(3RAkk zM4$P7dm4+oUDsH-rj{M-B?oo&HVuoYYhRbz*w`-m-MQG+^D$P2gP+(yGDQ4H8 z*Pui_3V)cO`COM6Orbmf$w-L-^WS#`LA=M;5{td5KS-Jz7cFPmfYN6UUx*0cRbmiK zMA_ahd0+Hg_D4Ik^UXDiW2Qdux257Zc@Wzdap5+aG}v_Y{*$VOm8q5M0=jwfAB$Xf z11|c^a^%cr09x?>o@sXGCfy@Tv=J9^HvK4;Kc^PVIuyRGFIl?H@}b_6rW|cO=q!aN zuF*PmVkME)T+E;wa@3|HcGUm`e8wKWegz@3%lSbT_~G;|phW zM~9fM9}K)}$Up@XL`e6iLloJ4tTUWGzKbnT%Anro6KLR)za!9hK|1h5??+Gt-3RIy zHsdYE=HR!5I7`v=IA_}KwXoh9IS8_dUa}vLGge1`6G{GE5 z*V=>vs`l*t9Sn1*%@@16!W-Mu(%j-hQR#6*@W%~WRFqkE%BYBd|8sC-TzsY12}K}( z{psjlB(hOA*jqgHGHBEI^D`~S#IJVrbl%QL$KC4L)SRP=mBoPo_L%EA+`V58RH$RD zCL)(F4fO-bbL0>t1=2{@AB7w!{{&=S$zsj1A1CvVW(d`t;=2~C&0LyKLVYbQ~9%JTc)#Qc|$kXN;+ZdM#lSJAKPzO zPV5cnX|g%?|8N}48r)z?D|(e45T@8R?+YR$h$uXuViV5r{;?ERxX@GxH_ke*e5jll zsc+f&0n}>h;<=)g?5okOFHZaOHyUzr{@q+ zXo>Y)bF*3X*LU(g9OpBMI@iyrURX|V@AGKspLe`~)W@d>{sU<~Jv>)M&wr$R*9AAU z^f>}0Z*2*3N5Q7u+;Z&Tr{^YeUz~x+kAKB_#^M7ESm`wF0Raotsd6Ng#Own-`kUXr?^otDYMB@2|4kE>>zL`jTe6@6|k*k9+1sloI@Si%DP`A%j@y;v^R0 z&PeO?-M+j|b8uJ8p24(eOQcNclt$ChmTSF%tmG#-lQ-I{x0HFA&k7%68?jpBcGnu4 z;ux-~Wp1RJzXRk;Z5oQ=jhfE}TPG<9b|@Uk9!H13C^WO*nyW?fTiWw-btRXbR`sL? z>4&dey>h!RZUHDBYR+?zzZNM%$e$f9|3DuHBG0*R+F0|SwvpsniQgyCO#eXBk;rp_ z*)sz@E~6#Z{?7=>Fu>%%w&9@|rJDH28luNIw4RtF&810bwh=Kh&au#kx4AlI>8xeg zg;G1^VHrvH)6pBcb?1c;&)d9~vmSWb*~a#-*v-0V!N|yPo`)8?@_KgW&UTKpR%Vr* zEu(*GyI12@)NtF_Kz#P#*;Z<>=ZC$?Ud6>z(2-wrquc)FtN^NAsRIoYt==A|C%#3^ zEQ_!81U`7&9{-^LGf;fLFLty_xx~IM=ud?hMzNCFA8&bSLTY}aeGK&(t4s5uc#aPi zgQCU|B?bZ}9(9J)VuRc-e&6A{QZ;GU=49)+G12Rvkhl7UHx+J$%foDCen!0rd4JEu zwC@c2N+jZzLc$>CUYsmbU{yl#h*08*9iLp=2AJOm*@7B`TnvM)ucRaC`b_DdH6>Lr z-XGyoiZ5QZGu;A>37iI$!h793-RV0KZA<@kjR*W6*Lc|-8lF07p2=c!;9$9KMg5b7 z)~0ceFk=l-g*<`Mg^{`;yl_U6JzRatZ9e@aMjg@S0+NyVnfQvA%IdY$K(M0!Wy?+B zlsjgDc^hCL+a6E0S`T|_x@(ft30FHXbN>_nWEqHSA1@0_Oj-I?Q=Qg z1Ig;Iv8lyb#xQ>_S^4j&0+J1x%L)7vdqzeM59zk&vAQ_e2JZlPVY`PSTA=FRb&aST z85OiUKCZN=nD(Zv~_LCp}HIVyUti+dGQNWVMhEZ34g(mp9x zm+Zgz@KME>Sh?-V-0k5z&x-rAga z-lajrZ=hlXhEh9i)|tiny2M)@$~84g6G|J6n+%g3nr4Cw-BR5$_UVGMK6G8knHaTK z!Or7WEpeMC(f>fOLYfgzOtrd0!oi=zeV0IY1s)9^Rlkxf!(ZrU@3&pL9}%C(?p9mn z4}Qbg9^90{vqSw*}d!TAScR!%&Z^RtEa+j!>ISP!&e`n~hkKdCpjorr-XSE3XNY}e57N{_bdwcnqeYHjp~ zlK%RJte)m?9Un6dFV`Yxd@6%o-6PCa90nk{K?OciSglW&*QU2kmW#lzfK_FXxNSTu zmV2W%70OJ$6|xSFjVLW3*oRbqqqhiOsD2%89&O|IdoyESI@6y$Itca-Cy~5JU?Qes z4gpz+TT>}K6nD~Z|JKJDJpTlnyKWhFSTwpgd)6kgH~%t%-#PQ0*M{ytW9m0Yag`!FuJA~KS4+dwTW2bVJNLq?h*2BeX6G6CMBAGpT5_{E}0Dy zD3j%d{g}3ONBUcmcz|+TfSM{cdmM0fWTZbHJy}nqKYpKiS#JcGA+5Vx67mR;gZ?)} z^FPrYU;9Pvc?uV-r2^|;x_c5DRP~5gzUON87c)cJ1ZM^9iHLKCk6$$l(Vfi>dwOZqkmHdg_4+?Jz#JuciJ4Ogq9!oIl z3NoyGb-zw9Z`t@hF?@*j*TZ}Ep^{gw0Qz!_*p)uac}cN{I3Me?dHK_dV&tfP&Vzk? z^V-SInPm~sCMhCg<={6gDbL%bygAiVcsX@k^X~^9Yur*hQQG0Mv34n(9dP;lW3wUd z;2((7NPP99^=|N5y?t23Uzqc5r0k|i^VDCz?Ja1pe{ulj`?Gl@9YXcDiZ%YH(~@zC zPxD-FnBSwE79qFjVcR@w3&Z86*?aSiWJ%%)#yEGp7X7r+wqM4i3ZQx2>)Px5gK^)G2q_EewPLFQ;9lPm<%-2Z?lB z|LiZ|~%H|Kf4 z^l$JGf@_MxyEAuUjktGuXtefrue#V`LvPsJ)W^iWuo4ru`N=IXz%e{kaXoZ! z3*@#@YHDdaq*#ix?3pb?hJU+BXz-Q@@wLj!tg7FsatwU9?H`&`>Aa&n+cdd+S_s+! zM7M&sWfPS|Frfe#Qt>GF4VK7b;<>mr=m2-QV^o~^I*Vn2_o-hon*qFV!BQ6xco#8; zNd*^w_-QKPj?L;}#!}%k`VIH&FN)Y-uo28MIAyRs*}sSa9GS*;w4Y0wZ@kpjW#6(H zHzBK}gYrVN)Ju(D8r6jLJP%d4DSV3trPvOkfRW03P3o_cmcFsfG@!(z`G;-Ej(FxJ<<*4@J$dVvuWcSHSM!A~2)Xhf zPIXlRk2d-ZVxm3uZ*w8b8%$2t?!#EdpXgX-F&-qMRs!UHdET{*@wsf<%|h#9@zypvIPFXOLtFo{#|(lcvDuoz{!{V7TqAQ`dARN4Pso1IXi~ZG}w6ew6n-H_5pcwdtA$5`B=$W(zaZN{ybt8Gmbj9RLB%UHq z4EPe!dS&QgOM9XPzi6FdmAKbCL&xkk#*2EA4#Jg(5s8mtuX<-G*?|S$f%xmDCCUd( zm2>%t$G8}b?Ro6qbT&9Q@o;@{p;Ile!uYe7h*(pjL&A2N-b1w!vu`5;bq}v@WYpKM zMc>|DFT*-vAZe=tebGB!r^KPWFAx*olxmyCKRxV;RFNerMNq z*Y#Z2{d#`)@BZGu=lQ<;;dP!fW6tH6&-wWr$NP96?}IwB)A3A5TEwRs;A#7;_5RDb z9%eUqEecr&(_(_?*rg=01asm1O%*F7z4sCiu`(YsU3bCI%_!zM6pE> z1`=b2!Ga3QPMK3BIMjabLGMyQ2Ofhq-{C^N zZTUA`W-FnXDc~L$oR({nNbd{!jD)g)`$FiG$Gt9l7|*sf!NL<2F`ZGEk0Z#JnP)?oE2y!@8!uE?f*$emf}xm@IQD)LYsTm;nuVI0h@HFE+- zyQQd^vrUy}HR#2w=@zXmnp_EiJ_-6dSx1NOpJ{8>ew=t3>(qjzz3rj9xZ87s++AAY zYwT%J%(hZ&m=ZJbsYu|gx+v93vZ2dX^g^|3g{IG`Tn6XYqFtP?sC$bdcLqnfxkv|6Ij4zs|~7eNpwh+>RkCO(N4X zC|#z*=8<#igQnM>#GL#hgkSLCKi*P62+0( zL_54cHlhK-Rf~yeTyY=Fa}A{}W8B%;`Bbf-PQ%5omvE6*H2@}NSpFK3)2kwUb#)rZ z=BocloZH|32Z`{1wJn5}G_J~rfc8H9CT}XYE0j`A*8@i^w zZR4X_wMymfF0GqC5h%IRQMGka2I}t>@C0L}_Pu-}zzdS+10AWAMvrm9#^0shL8gqI z*0@;CFyRamOibk_v;`97Qap^cBGf;L@t2fEya|%CR5W}!_v)FPrNHof33_zv{D>v9 zjgqwEYOm&8Hc3zInZyJ15lONAX_bE!a4fAjucX3q>mTVWmH(W&-5)8l{d0o$ZSg;U-2I})mX!$2{wAf~H{JzI`?|kspt_(&0k4L10JUxl#iSB60hjZw zELls9%!&Yzb}i(~s>oiQJ8QUD6ad*e5#u9>LgYSx6a0-H@I-Y0L1*4y|ILLzC8cU= zMGQ%P46rD`cpXxD0RR(o?SW1M0QnKc1akZyNMc@1MdfeL$l@(ak|vvdd=?V&6=QUO$qETBp(;)jzjPi+qG1WL-E5qb0T z)q;P#+Y!`4!N$@1uD1*>{(QC2AJ1Nb?1#;Bw|~pZfAoWSSdc%T+;R_;f%+)7Z>)V| z0ngF?$ogdt*nbRvnK1X~tY4Ru{R#em;gEFT5>kNTsK`o7 zEyAhGjWGMFA}Im0^U!3+-3aT(1GPJBXu1&-rzM_WO}07;1#cPIW|q9zDoe>Hd0G3+ zsvz#~fm+*8Jw*Oe7YPfcXr91S4?q|ERLWD;J@`iC7o=%QpG8A#VY1}_PcE(38}J#;!LW58fun`rM% z1RRZvYJcqP0z^@r7f_595x4?F=ptJM`2YZMkz`U(lE_)}sjpcg<-%8E|jtEL<0qUfZ8?`^Q`wDd*pY>0Sg8q2XJ@LA?;oNJm8W5-8ZeQ zf{#h~&)YjdUkvw%KX$fml2e6{(>?eDwjqs{L%p12(;Hv`s|?Hd?HAT{lOODmig{YWSN2*z-Q1V zCPV;g-#o&$JHzV*ZNv|AKHWeI>Sp97z_k5P`3tE)n-QQfFawF3S%Ai{kd@huia|i< zxeKa30?M}@5#+~7JF?&D4%su%-Gj(4<4ClLG>c2Y94uldP-N8wkWl6aC>4Tatu`_X z@*iI?&{E-E+A)|Vn{^Og_uw*v07?Z7K&b$#?fk(%e22APM@^orhu;Iebguh){)f}3 z{rn}@0i8cC?SnNEyDZ{f_-k8hJ+Tk_q^*6@*gk3OzcB{>XrVjs+fx5mGEo0?NiHcU zGp4^l;VIcx^Hxq22|B;44x}ISfi3mx8a!gGfP9A`kPz(YAuA)v zrz7y1QqUbBt=A5?56y$#!nmUr;|tdLc4Ve51~LM<4nRLxsh_`M0crSH^X8u)sdqW^ zvs|1@dP-HnPiFv9jWm`3zY_}G0k~ZFc*Pe4YROgCQUmEfeE>y^e%b?l{kjJ_0RZ#N zYQ;%+=S{j}L*`L``T)31@E^Bnjk~$b-C5PwduRCP_kp}+36SYcN+JRxibO5m4j;c) zkK~O+0Djm{AAm8j*2oPYnfrVS=<}L7qFv~6_N%6f3+(6jf3nWL(SA10zR~ta+8@vD z&yV5$W^A*4cMCQukesA04=TKkWyn_fJ0TzH_@D5&Rxs z?T1nSh;H{?j-MCReV1b&<=96#02=;J2+;oOxxaeuub%tJ?H>sFe(bp)d;YXS?8lz_ zvFCm^>OY;rv%%ssl_Pz{J^?HVPeZl&TSrX0e@Wt<5q`HgE%{uDgOb}*bXP|?U|cA<~E~r{Lp3>mcX2roTWtp&zuLlywUs~d8R@s`$kb0(%+($*>^GHI*u;@->e zSdyK;SUhvS9wOo{f>Rtui+{hk*-Tsk@l2OD!HK}U{0rGjxu$d-F+A@H#ct7Etnd`y zb_sI{3nTErwXn1}PkfsXR;|@k2yZZ}2yOC`ZT=<|ie%OjWhyVQtiE=70L9_viPc6D2ZPW8m#*5xKTQ*G{&L{U zj;9+XeKLh8f5^lkLXsDt_VE%>3Vi#wU0BY@+SBdciZPl-bH-DMG!FIN8GYmI#&l<* z=FPIC4r_=%OsU0f@FV^rS*25(0H|xEa#q{wA!KerSO7sF%NzT;Gyn5-XZC-ifA4Q} z>!vb&vjfYwVtzVSv*$<(-QG*w`p;4KPy^luX2p<{i2fv~zsK zP@5*Msp(FNYv1nsr-YpO-cStmmw%~wr-T-TDE5YapqoHtpq4$9@LQx*xFBY2wxBg4 zXnkoEk&r!ZXM_w)>9x1N!Wr=9p^Ftugr|Mhy7-5Amh}M_zt{IkTv!=G3q%TElLkND zOH}eiYsqL)IUTcQ-?bAp*fw)KRBfzuo??zwE;7XTD#75x5+(r+ZQ28k4g;EjK*_rm z=?L<$U9}Prhx;`frFW;p&EEGm+vfqzgeIDOS2CtHN-qVKCtm+>(5Grv`v_44|KT0b zZv>bFPkJOZt}d5+laE)%ExEFQ8m{Y^`{$EL&N&A?NnExFc(vaCD=m{e?F8 z@UST@rl1k!=T+2;tcWD)%)}Ykg?r!BD0`!q+VPgxPNaib-~gvNWDCoP*Tf{X0UEHG z&mbJ+Pn;}diD5TqxDt9ocj{){x_zk&r+;BpK;O(cYqPO+skbzb=oqUdRu?(|X?Hq$ z&KKX-2PRiXCp%M6#>jf8?zfbXuNQs)>1>?Wvs<2{r~j2?tj8z(^Q1cu2N=XB=Q2q^ zbxUu!iL@3hd^d){9}sRbeDRkf>F-9^{`-IZp1b5&8aqB-C(+f!qU6;K4yASk>Kl$CK{PFLFTUt7gHN_wO|Gt07a14*eh&KW9 zzM8ik&#p>=8NcQ2oIph5BG&d=AbXD_EbzO+16m zT%MR_o>_p)Iu$g{xJT=i_KUk&4)6tB5U8!GzH8wmo&NHWnx050<)MeWvMRa>Ml`7# zagC^wwqQWidUggC28ft30NNpq{DQ#_L?}amp|r80E85JeO~cKeg8iG7YV{T zn+ocA+7DJycab$s9Gnvc_CO{U-$!TEP$@#{8cq&XqD-0^=*3whYj)!kLzZjK@e!n; z6C^FLWgr2So&7Ck`7or5VH2%odOvfR_e#!ln`!H1|M>U_1dCZl|M}Xwr87pM0*SP~#sNO$tm0IK~V_A5?3^ zKTegW!o9xArmBtO1$;3DC>AJG;)E7%qIS@L(rX2NsEoy>v(k_Q`q>Lc!~mU_#)#JB zrapi&7f6Oo%^D5p^qfWSpZmZ5CjZB6t_%DcL|-wWhaYm6OTWw914&k50~EiZB>Ei7 z6eP2lJ>VW*YW!ikdq--}RHHxf!I`CbP1mvsVv z@Zx{hTK)sa`Jo-~-|^z#RX`U<^Yo09wj6Ff&YWJ`VHbn06p+Jg7jj-<9uY%hlW@a( zAXRDCL1~2S;%``k&etS%xOTP&KUytZ!73%FJNd1Lx89%_WrwLaqBYF4E7!&$qGU%TkKr-pV?B1${Yqe!vQ6 zhXdB#Xm5NH5WF}AK{uxq5f1@{u z@jcL~VXf(cQ3~=Ar!0J@Qa|w~rj=HUZRuu7pw4USz7rwc8j)5$t>0G0ILu#jo2Mh% zd)4HZB~t3-fle+Cut0DLL+B=$hIpx0ddYuy1u;mKn%UrV>a}(8%QOSYJ8CC9DjyvQ zUoV~&nD+6b>%DU&x_(K(S;*B*PG6sclCgo(Ra)k*h6*dTpdo3@37ymi3p4uKfTFP8 z{SxPOWU3RABc~co_jzapWM=@dqkT z`q#R%MT|7#+=O=Ftct>XM0GDr645hNHq{_Ls!MYM@13K;R^)Ij{_B;2RJPGDoy1&b zm$a442C_Z?u6a3o`+`Wyt8Y1RRN!c6V>g34u0lG+tWL; zX{#Rh=n5MypD#+OWBLT0PJx!pXJed^;qn8c5rLb{gR4@;CNjH1Nw?~%%L8bpmNCX% zLicGOJg$*{msD#Yl9UJprM``DX8DL1sBf)qEO=uA(hSrROhrG)0o)s#^>cSfF1gyw z9-&t;fdN}EHoM}NQWI>gUv+9@bY7>wPje8>WmU2~!SWiU@lB+wj)n-w8xxf9#$=|R z0M15Ri7R^IVs|_Z$|Wl=Je#N5Nfopi9Z#KpVaYw*I#s^5Qi7R9OUH%Pf$Y4_Ry-=O zBQw_qj4lpcbh#J)ZcLjJVqUu>bY#5h_87%m!4MW>cb=XC1SR>?6g||shryOt5O3z@ z=4O^*O7cbL=OvCjB^zlzF8IK8$Hf#4>l$7@MR-U&Pl_e;;{6&Svc1w1*O&B%kfq7d zSD%f{-X{037{huh{rw!n5)T|#wA-GYo@!BKn6+wBq@9TiSaDn~oj`D$uJGN_abz@) zL7!-LI!RG2sd^k6;u8KcT2Us1xPc!8e*LqgH{@e>+osG#KFY1~@593B`@RJ;8yR;z z4G3SgjFPgv*|7ffF)t0}F$JK71x6o;>LGlCcl+VS$sT@<*y{wX&BzvSyTi+UJ4dbB z2$6EUFX!U~Y7X@b+KPx=9(HwN{x)QK5@?jl85@_a#50&aQ4(yH$Z<`V!|8L(0|I!$!(q=;D7w>_}Q6KDb@^3aLE#;zC3f7H=B3gqJTUl9jOe{~R zu>7Nw=3nen8)qQf!jKqo(&53~8L%g@Q~U}ix^1H^l*6GtdGBl4{Y@+OAO9XU0^nu zx>k6(;6!7#JD)|w!N)+UR1ZW5uF(r&AzmDUoU(ghGG$XOT|M5(`t+X77egK$cVUY= z77do7tOlaj55e$mvu{LZte%u=gTFnvGj`i<=poS8((`zTs|M92w?lD|#gA#uG?bj~ zebeqQbX55MYGwcZJ>j3cjiOrU9*8d#i3gJd21~B~AN4(c6jJ}I-~aDZ9{(c9<}tj& z0aX2NW1-~csbk26Ixiwnz31yq9syHBEt3x5Q=5{Qp1nJ}4TbAa~u_{=#rA<_H!rdZo2SYKpQADrzf@lUJ3l|QKAHyv$@Nrp<JSzF(HIM2sn26@y5B7vFAK`VMOx@6et8*uu35$n_R z&KebF$LgO%F(RiEIB_``C@vc4=q!pazE|LKs-bjhJvVOme4!Xq;;>9u-`DCZrDEo0 zZqOSjyQxqZCLL-8e&yDm0u!SnGN*#JaU7~P1`n&wF;mekTgl*i{$UX_`E=(fZslKTNF?sHXH)sH7o{3kq_t z7L=h%P}9ZGO_u&W&{`5b5*wc__J~QL0*56fB$Hk!n4_IWy>TA&=uV5lD3MSR`yDpU zXRT3!{&KVq&cOoC&2633UnuMo3^w~`kj*0CP;g;pXq~{qhdJdLXuxjbTfhrTl+?;> zzaK0ep*__+d0nEj3nz05$ludOBc6)9maM`)ki-zV*CvjBJ;f z3_Jhni^1rwcGDCWTo@RLKy+940 zB|QM6Coxquc^ZEJqt?pH71s#i!<>EcFs+mM3ZE9_I6U1EQ+qXn_Gt2~#a&NIPCOTx zhLW0i{!#EVImm@NV3MeGPk_DK%$Sl8KthluYk^zZBmCqe8nO*qVBHwv`TWkaiJjt5 z>!SC?c1xg<=`PCF3m;!nM)Dm$s)A@m^pROHtvMLw8Aws~0vmfAZu01`LPGXRN~{O5 zhGRrVy~EJGNZ>BUlXb@&+e6mvoEG0*NCv>UV3Dm7Trd#GAn*x5AmfhO1En$diuF?> zfMx^@0>l$&C?lK$8$KK)WpeRmJe2umpJu0eKF`f%_pjDAtU(+C(+}eb6}Z~LG6rCf z7e_QJD%VTozj|nq^5IZnk&54P?}YmEE&(ObVO=?shC9bp)ugeRM8-9;dR#bi*%rF1 z;skp)c^WerJPSU$h+xKwrNC^ATGECL%KPZj3a|U~Xg`b*jBH<&OBY-__?hSj{EGTS z8oYEKQM3+Ulxq`@41(Wr3k_u&?rn2+&3b!feMo3rB1A*4^VPYk7++tI90BNb>`#gz zvl5XQwsiCx^DF(!Te0QQ1VO`q5&r6;nz5Ik)kAnv##uBtE}D2uPe*j3zCY$rsBOtC?9^7+7yDB7$j^&fOi`Vz9}N!JpB++o&1M$e9#hX#c&<0Ng)U!Nf6v{S~OeLyoBiQv`oKlaplJr8ubGj1aDaSTf8#2QhmVzS|6tS=sD3g!a9=#B11eVaN&5Q6P6lHTu(3; zF*Y?E&(h4{Dm@U-5u+*Okei!+J4fUogV~B(!uu^D0GYkCpXm9UwCR5G=D(f1VeRmU zCb`9t$^f|3t48@0Sj7%?d%rZZ3qBbLvzuWf##$x~8@dthYDN6kM+_av6@fPZMT64_r3(m3-N| z3Z+(%B`6_2)Nx{$r;e?OLj>?(O`3=31aBJCZDWVwlVYK?8FNf3e375j7dXO}3C&5| zz^sBm45FA2e0H+D2l3(5LA81ha~7GUQ9+!n(bxM=`gYB)TgB*ImI~)R_Q(om1RwyE zTiAe-bhrZm9ceb!3D#hfnzWAg8RzlqB%KzzA2K6!kI}JvAcj}z=}FmhoB@TT7Y)$0(myb^XL_o>{eS2{6IoO3w%RshuC6ATbxut|CfaG4k< zh<1Hj=QBNAG&kaIIcQutZ?j(iZjGfQcM)cnd?SpoopmQVg!mEffK8a0S~uiyAMieaBm)YnnHuRyL$m7g z$^j{0=HrvBmQnTQTvIrQox)uQpk#A~!$uyvOB#cl7k$_@`qyfu617^0@!^F**HGqX zpP8Ix`Pl953-wHTX*CxycAXZT zoO*RJ*n_K^>q`-gesbdmGPh zmlqMbhz&dz$uBbP2H zzW#{FJUi1<-$RA?XnLxTXqLASZ?Te}nq{)&{%D&~MS7fBiBt7n_-Cmstl*1xZ=tJlVe||G_ zCT>M=+Q}b9X!{EBY^8_J(tHKSwU)DEg5vBGL%fG`;ELEsL_spu zr`iYAKCLg}x1Mr_=|A#@NPs^pe4NE&|`=sYVU- z+Ob92g4}oQGp!>PtxCs7hlU*7j`1kzQS)eTI#C`QZQv;@7S*{N%5Cj;Br6pJx&S%~ z%6J)nDkVfXXvwt)kBuN7+5;tXqHan3@ZwJKL_A+XEbz=BBfN$iy^#!farESi`0ZwK zt~+Iker7_aClre799kOaUS2sWK`SIEdVRolHwq<+a)i+tXSO9hO+1e^Ez9vRZ#1BB zOELBEQ+qk4opGn#Bozs?z_^llcU*m5Ao^49p+{LfvZ07m>Der;4DiW2e!aZ zW#HJ7`>vGMp~(c+rd&G#$9s<@=o*ynPL~|IsB~1(U^b~Of*mda%uo@{@fL%%Q*=Z- z*LcUQ9?%p^++FF?8Ox@WV$FGnP5+XiI#+xHMtoY(x0Xp790CTzeUNV#Bj_}&N0+_g zC#mmtblN}Hm``z-ye&-O=rvRK3crTY*1}FL2MRVt9F-nQ*<}b^c68+^IF`5EXComT z=vAz$Z-dqkexkzH?#y1ckX}DPDn!V5Buuw8dDAF>in?YQnC;l&A>nk9xg$}kQ~aLx zm+ar|m@9Isfm_LENtLCR*kfoAVUXgO;lU9alPm-v5#sy_Tx`%U7?P1DP zT*i-Z!T23)W<9c0(3i|i6z*S^cE?^1Rfse+%^x7RNH+?se}p_dR2imuQdqY=>;UC( zAp8!VngH=|pKT(u;ghg!Ge`4esC6h zT9vOKCu`C9(f62|t`or5+f1;nw*4@L6^y3I_;h|?Rtui*++yt#d; z%Xv&a3M@N6N^{Yp#jAqIVocVEdkkGp{s#0~)AGK7m>hN=Rhepl9b0r3D^JKEUh1E( zseZl^a{N=S|C@*-2UWXzEFdpb7GL%hL)aJgKuo1QG|F~ZE4}`$2u7N8$qAbW3Et+6 zP807^&%E|ueE1<3`V1n2oq7!6ney;M7x+6Wn9Ur+Hd$rXr^gs6f9!i#+}_(tEy8OU zOfg4UyoKPyhfc$2@mH7HyjE+>?a)gSbfXcki;eTYGCt;zb-cICa^_1c-+}lY5nMBV zVFpS=Jc)^YkBKlX>(7Hf%p0+3YOWXfWORE%MWD|4yv41;YioQfDsZ#H&Umdth5pt$ zX;LkO7JpVdY*GP*L6oG~^iWn81d1i!kEOLqQ*YN8lD;@lNf|6ayB+xQ0PAL4D{R#6 zGTt1crjF0cFw}TAi7%%;g_(?hTw`LgDB+38S>7o>1MjJbew?!*Ib4q_V{bqPk`Lnf zvprHUX_)-voHU{PBaRLZcP<|7dLiMRvPKIaZjUs_Q3{-56Bo+OlD)bT9GBIk+XR+ z9#Tn^i~75It;xxYYz4dpyr~NQ18n!XC=CxUs(;W`Rbt&%3x`@4_)SvbJrIJ6ru-!} zy#m3f%4C?;9x9@rXWgm@x^Na~=hr@K{lVca6U3BMO;lodhBDX2Un|YgtQ0Mi+cdd) zVRe?VhxPr(5Oc}5qQ~AWwO*&8$P;?6{}|}pr$1Z=C7vcFz#V3xL7ceY+@)R1*Jn#@ zTnUoTl@DJrDN$WaQT-s8aZW7+YO_P;LUbn5;fo54=*?RYqJ5?9n=6n>$sErdm@&=6 zVu=1JzLG;P~9Wzggmlb>lL7|6sL;C*i6DwEzN&Bmv3q~#~>Q3~~kA#vCw+^d>U zocbOp;3-~7Qb~I4GkwLFnPC{c*r@Ti%E|lL9%EkIOp=l`$E6ohY!Es4*-wzeOR!@W z!%_s&>239-<%1l3%E(h6Rqh1{(8t!FFWS`|j9NS()`( z=9I*A%A)c{PZ3|wY^QoK#VUv!*(gLrjztzweD^GoAF@1@$u)~pyAP|fy^@n`01?xd zzc6gz1i~da>i|S#!Arjc&Ex*H2_l1e(KqGcax>ua3C-Zkfg$q}hod-r4Q` za5#QPyy=xagqNt;-xgeV+T-Q%O%t~BG5*(;YHRr-&Wwt(oeEhS_0%(P8^#Y3pupV6 z=C~QbY9pW5_7wgQJ)+PBZmx#gZcB(?Opcd1Q^B@UIWKcpj_+75I&QiGSVdCdr)vg@ z2JaT*AYxclP@1GI`P6`p?!4Qqy+mtz>|u5a#%%t_G^1H;?q;ObCE zpwn-6Rg(z{h#}Nbq;15}OEY7-u_IfDp5EOYvSyO$23bfl7eDVDOaF5z@BvyocTod;iTTovRR)Vzja4}B2XrA4j z*%4xVZzXdws_Nk6JV%f_#hj>rN6-}bliQoQ#8jK3$(cPogLxnAM9(+QsLzGB>h%u9 zSlo3!eBor>eNsB|zV=g88C8rEdwAY_|5nW*Ve@>OF{WLX50IO2`i5^soy{LM2qa(D zDCjnZ;!ioXqG&y&p*lcC&E8pTQ zu4gX$5hRgK!bF(?GSDinQ3J>}sNtSfK}v8vg-EL%gj-n|DrSz9^3@&EQ{#?(^LeaQ zd(bs)bu}QON&FddJr;HVIjqI72fCsG%b(&EJzJ*zWQtL$Q$TXu1b@@mmqjP4Pt!s& zi((+^5PWvF;PZR94Z+X@iAw>-OZ^DILQ7zBg)aBVcFU-L0LW-aTdjm`E0U%;&qmw$ z(}NP8Q~*W;4ufITk~lrQ$;SYCEX2D#b*SGUP+wEcp}5mdtopL4^o2=Abkj=rMCWTq z4iYOVyH0uu$gfN_yuUe<@dRCly=dbyrsiV1tvYDtJJ)RLX%V7}7Px=tlIig`_2SS& z#Jj+QeI0MroG6pjilnMF7xd+?t+Wf4suH7bW-C^AZtcFE?mrWDe_Q>>9iGdeSnCTX;Iv`@ovK{T3!rKCz!y?gnt`KgYsarV2U z7f>7RqvU=ht!S;4<7KhQpERo3jHIoV z#@uX)Lmub-gm?6joTph?ZSNY0I>FdeIsZmNYZ68Szlmben28wK zp1GbnJwYJWXr{+%@J+fDi;Q{ROX%PMxw+SKy@`-x_{1P@`+qAp_ zD&@YQIMFY{SY=-IKIW-m{nrk}8=+Ds?|^h5iZV^eZ%ZZW4xKV&SFNn-b$Dyp6TAK3 z)YwPn!u!u|S8Sh%Ry>3lHAsSs<4vZKeuyLeWH3>o-@I?rLGF6{Kx~u-S6r+iLzh6l zr=@vx|6>rZ-%Y_s556l1hXI&0X#a2D2LE5ifXEB1;O>$*!HyVPT|K9uL9XunPBlN3 zXHB$zwQL4>i$nKV*L#|wpG$Do_~aQ5qQMO6P`#U76qd1MDUTI~(SZ$X0Z1xWHOzLCIK${S8Qn_Hr(9|AkM2C~*A`Lei=p&CyYi&I zKA&A3NGKfy+=wWm)u&o9-ZwJ?@iSjcjV4S~*x$HuwVWrtvSizFjch`!Q5Id8=<=aa z0l~Ag5Y0)&KC0N6nU z3!J;xP5UTZ{u6)SW|yOTC92#zG_?I|WOS!P+A>=9G1}Ni-~-Nu zhqU`q-;gdW>f>4XNVKN_4M+KX|52I(4eVr&1K}c^D|Qy`^mw%l@5)+H(O-N1Z3|zN zO1zulksY1u(|nI&##7n&R^aq5`DMNhOir%mi`T_hseQS7XNt5a#f&CfX^ppFh@VURDq>%gri>w!;^ z_rN1@4G=!R=22O{)F@n^l32x9{%V1l|G=E#y+nhs7`|hMxBc4Z>k3jr94ab#4KO{^ zagA$!1-TlSF{RKe4hYw(0Xi3L**5~-9p>FpS|N4j4p&C~9@giO86hOA)0>&rw#Wr@KVN8O$Sp z{s@D|(N2#%A1W@5MMu7Tx-Q@P`NHHoE}o@9H>f{?VhC{(P}*VL5)<#n>OZj)i+zK{ z1rN7Zyt!}4{K1ftq4L_SI2U6g0|l?23in3_2tE{3QjcVF?SiV}pJX6yM;5%o7;>1`ZDoPa!v=iYEhki2CFs&!%l9-q(h^d3&C3W1c<9ZnJ%Pq9U2;Ze$Im-=%lpxrOH+&^Zn=iab(F;lsxgj;9>U75~a^!`^v7!?}4|V8g_OMP_mu9+!e> zf)%emDaZ_3u4Sf+ljsl(5y`2kNx1dk5yPgZrN>JvyosSt&H|DVZ`DLT`$=3u47j%` z-9G8V*Vttq9p)A0zc5{3f9y!4Z`#4be4G<00b}C~AWX$F3ZvYRNQ(tG^#GiY6{6xy z@zI?7!`sE84XPjm&ySJQ4_{aahDARyO*fl{9=4f0?1!%9ye|%1wVdmV{(RXxjrO`w zq08il?vd{FnV$E&qfH!GOrET(MiOYro$-P}_pqmud{e!HPH)Tv%&f1@^a^yVt)6<7 zYC)Y+T^w=!kT;+~4h`g`#RCvW5~T;>I(eY??4)4)aCiKa%cU9hZh|NOa|bu-0FH0Y zB9$r6EU9kApN=~lFv%6gz0hNAf9>K}f^(vw*2vWMg>IKAxm<=o6oUc}P>Sh}pvJHz zk>XNrOLaNfebstc*u$?WxF+Z+aPiIO^)`dtvb? z*(QEKU;C%Gp%qf79RPZICX3ho5@$BS`A_~q=fl|sS34a;=vX|AxDAv^aS?^cNys%5Ovq^fkFMhi)N zh-!>j=@KUcv+ry;nZ;SN&}9GgfA{PB2aL}K|B>N*dlC%rCsj~H07X%@9mz^+?lcCF z?Hk{VYk%)gL=ogiRt+~MPkfhvXi9gH_^D($cykjL8O0VNl-v5Z&-L$;5dTUCl7Fev zYG2jmZ;Iajt{86r{l6{}{C{JYn*u74?uG4AyFwJFN)s&QK10uFFNZpbc)GMw>bx>)Xlg<>YB%)~}l!(-66r9N-bQsc~@3ZyUQ_weuAGgp*?g zzxC8#H+fz{`g7&?jzXP5AZ+`zkv(nFU5LGXs zU#tgFD`R^gmEmjh23K~y#M?j60)jv0e|`Y}c>TMW=kR|X9W$lCwzXC7fdbDeNKfy9 zXl-TUd6Q@CLX%`~zh^Av^a+1@&-hi)i=gd8W);W|Pj05epzTGGuSrk6lEMYCXHzX? z!vKOe7=O!1;JNM4ifx5V#aO*epPGH!nGbPvlaG&XZA$;k6XBmH#{Jj(4#)qzF>q%) zWNQmk_rxu~7HZ8l30vK^pO{zA-Y)#yy1bcu;8U-uELuDC6FwDI_9ZQK_;P7&~J6!@`cDIm?k$CYv&}9aHK$1txY7f+!bKSmx01)?t6{-Taq3ib|h-Z8JV4D!U z`5uUx4M}v5z?&pdp}zTG+Q>&mfdj1o*7uuz*bSd&&)_Y#Fu;jF{Pqk zJV%3eWNAQfit;Qnuucw}9*n{~i*tEomrE6%9>7p~#wSrjN0}KMFG)P+?k_ifV0S&f zBR`#+O8+=tm@hpD?uHq_8<>)ko!}ankVzr9hy!}CbkI@st_<$HExpW_D>t$-lz98p zc@BKLuKjt7MMBAesmX~`g_AU(awPQ|HLDniHAyirNkkKu5VUPRry-M7-$ucjtOBw? zS|I!9rbwhc(30+g_K9a6U)-ZR-puN|#EzaD*v`A!(TAGbAlJ>2UmVE!3(`7jdTd$&eqS7%}C*KK(-_ZIStIj z{6kQ*2N9Sb-wuC#&WD$p%1s?VoM(WmAV- z@)f+v4pdE2#O(y)WPo`Hasm)KY9mGreh#+ojnI9Y)RCmqM9zS2tF32?5RP8t#|Tye zSZMSAyp{gX-WN;+@d;W=-_~RoR4anMoswW2e?p=Edd*B(@J8vO_6dG-1xzZXU*g$g z&hBbQEneNI|Kt&-Txu{w;9ravStm4s%OYCnMf9G{Hs5T>`^?VkRx{S(h`zYvbma7L zchTcsAtXV}Dk=k?dASJ77I7k~=f)F3|DYy^hrNM-coa{Nw4P80S0X~Q*+Ze{mDy_i zgd$JP7P0G{P(cDhn%r;7jOUs`(c!h5ja2ip$MG4oBciI&psJX!rF!cteLM}5#=$)1 zVGMCD^eqMgmeF4PlaQ#CI&cxGs`g|xAaVCpL2DYuVU3V_+(deV4&FqcPR$W(lFTmE z^U1W$_N0Ar>1~WvLt6%%os?b*4NW{VMCM(Da1YgT%&brys;%rT`%HQBgXPC8!JzDm z&(FUVcnonnbDMkcf`+X~>cUl#86P{`V6U<9Fc3ok8VU?VlUb5%lPr_b;%IB&eSxA7 zYlbylL9th_n&@FZpH}{KXEGfroya(gd{%b`Pm?}2o>7Fhb5As`I^q-mrP)j)O7xrqR-xgx z1jlIe17YW)@m3U`|^YeeFZ@X_~L<1}!c&^@dMlnr-B6eA%J<2)e6r&;4E8j?KEd zf!buLK^K%0WecSsGN3SS88v3vw!I!hA`4OrQZHlYCi3|GXT$l&^916w6&^OShj(qT zn%Y(nrO1(Q;b#XC!hpsG;0Ft)oBAh-jw4zBe})L zM8iQi5*=#%46Wi>(8>^84QuEL*qv&AZ`(Js+o>EPY*A4*diuHMnac;)&eU=okW)P5 z36xBZ25RG@v$TE8r+XM}AV>VPss?((r0v{F`qDx^QShsFKa#r7q=y#};dy&dS;ygy z!8adG6*#Nl$^!apzXdkq4Q9BFz3zaoId|fji0e9*I=54=z3ZlVD#2G|!H2oz6#G7N zre{SKLqH2YCGyO6-MV87;l;jLNiR#^idwt9vUcKpdgqCzQpAmkvRhT(sB9{MOfgth z2gYL!EKh@x~30F0Rlp`$vZ9%H2&y+@n3aQk7pZ zQ?YVBg(#1GUjcZrNAc#S*q$&)QDkXaUn$o^@e%uNd#3TLbNbSj)8_7yvJT@3as2On zzxJ~j_`~@~Zxwg|o?8558PEH*04D`;h1f~HzOrvaeH)q{164KyMYJ3$_qd-+T*g;PMcF|(hu3m*S5}vg6z4vAw<>tInI|&W;r*qv3|uaerb>b< zW7CSvh83mw!09!1y!h2Yhm7jpG86M_=Nhtdg<$s9VSO|LTvu!@LVkjN)(pc`9reS43~682;qbFxzvst`)DW3|HIyUKsD9w zd845SNL6|d2na}1dQGsR?c#P{jae(T=-)W~Nd7lde9!KXsO z@Y>HnMv|Sx`zU1DcZSl3Wlrjebaw&`WaBRtW9#lVxQdL`wxcHJ+F)!DNe8lMRBN*+ zK{6(%yr!|T@|$Pc(zZ#bkvUbEUJR9+5FWIefk^(34beUn?}pEFoY)(MsIK+*welRnpvUmzanV)oh}lgIqimU)($ zWIJG#AN+?8_zOLAp~38~{$C&lz`OIE8+89CAQjpfpW-4wTcL+iHl~!uU!Ya(>irIT z`<}=apopdSd&Vhv<=;+7U;i7>-p{lkhaCUB3P?Qp!#BIHS>+d~ho7)biR14&PVTjA z29DOlgJ+|}9;qECciayB_t!g=U=}U^2#VP(K!Fc=ky9v=&+6_?J$P5)U&jc@U*G0%VYfu z-YZ&IeuT_IpuaY*!p5Ll`PQhw2sFCe%Mn;?HIpvhxpaN0#;;3Pv3H9;OQ77$F6s!KU+@#sVqFtwe7YkIx4+m`5Xe`iCk z{Z}>KMY}D-*ym*+dT$LK&L?)n)6j4)&uWi3diX-SutM);u0DuJV{lA~z1qC2SqDeg z52tYN%Ma$s@0*{X)0?@hJOIbe4jd-V;7TL@I3}cE$}KI~{ZvTWk0Zk`O4E(vX#xSB z7CPpU8qD+~${;iDn=K+{qkL6U0x`_PSNNv*G;|_$T&aKT9^=XDN>_h@(lJLz=|{IP zz|pGYVF3nu;N>)(ht|DC=Ins_2$EOLe| z8o43h57fveG0GoyYjJAi=-*R~kDlYlaqi?HG$23YMb3Q$WQ)kxM<~!QP=h(pI<5ds zNGK#^5&@KLD!sufqQVeN+Ee`;1Y* zcz~JR>n%G@lJ$H9GFjZ20&6q*O!f)l3c|tXCwPNd(oXz0)NbZs-XM5GC=It(qww{A^LB z^Nk6$UCK#vZTfSwrW%V32KPRlX}VsGwl}dBR%7(ezgCvFKA!Q&ebUoouCzfu48}xu zie1gf&+4wpXokd1Bo=Z<& z<;h0$>^o!P+q|{&lJBJ=oRVh6Jl8&Hk89f})wuLDt5;T~A2ZV9aX$cN|Z=a5wDr;Nm8X4KT0>j^wThk;rw3nH|wYoz%C(oAbVUz|#<)%dE^qH^R?8rlJ? zREXBTtB|N-N;}n4IBiF%z$w?&C4TjY-6Ec#yj%j(35%(WR#XMfc)r26c*eLefA4f zRcRnOLDnd?bLC%+FjjJ_uac)ZFZePdP5&n4fOnZ|Cp6;3_~$uV#2L!RJyIaaD_Yy2 zY>tTTHtW|Zh#fMh4Os9o9O8VAtRXukqsGC}NY+L^f^BPHHXY$OL&ct*^3H8DzT&g> z+hphX7!mlAnGn^Xm6MZT_{DyLSF1vlg9h<2im~x#uEcVLW8~1Rj<$(1)tPdsJGayL z*qy&G6?S_Y@@mjNy-=89^wgjOe4@JFaUQy1REBsosysT{Xn?b5A|!0E3OKhPHLeRa z7{%AVTzr-9tttILcyAFbwArlgK36fi-L4RWj57>t5#bb z3kYmz6;3?6`@~#Q;&ukb!HW_8(3FXdw*UQ9|J%6J@3SCI>{Hbloo7x}KrWwcsioK8 z`pFfw0VbVW9iBDe30rvK&?e3zcyKV3XQVKGy`Vq zHeQiKN&MlOe?~F+MXE$MjaJ14*j;0MAhvxnJ-j+bIevz$U7I%EW)|{(J|vRwopGRj zj(z2Qsc*jLpT|21rkGmeFeiy#UBbdm_=32q6%~82n@L~ltLp5(b=T3ld^)Fl?sIqv z740b&d4IpwN$?w(Kqwd4aAbFYc@@kLD2DsRHh7KzNpr$Ue13_Uo%?C_L0*SRDx~ZBrp5k&DdnAt43lkKjC1%mgofjpsrD`FGpx=h!lju~dpccH&4%U^ z6sAzeCdN2=%42I_Z0q0jnDrfQkq9GcpaiT}aeD}*dEz#%+;pY{s%^9fDkT}cARU+U2v zC?SLu{vZ+|R|{Qxt&YRc7xFKphZO)ki+TU0WTP3+|;e&~F!O_Hxj+e9!BNsV;u zmVaR^*n9yW{}A2nBvb1)@W3bO>QVFfK0D=Qsfs}VRVYpCkA0cw3_b-f2ZoL>oX

W=?+Wu%^D}OB0`=0Bo4W6v1?|{J>@h(6FL{7^Bx@q?(NQ^tQ8- z?BW{?mT#r%M_e@zG-wSGfFKDi7MXX|2&4~@hoB&BsR z8778oF>uHC=I%L;gNwwql;GY7_upFpurPeUR5tzr_5kxid@RhvyWOhtmUEX?62k$f zy>H$6cUnU{Yi<0(a?Qz33yskwQx4gT57&U%=`Gw@uBLwlhvtZoic<>VxxL+>dnr8` zgbwM>t*QuqZOC<89Oim=q1dnpQ_a*_%ZLiCK2A=-HqAY$#)&;dQND zW71!#{mvrw!W&3XSQx1dF#iYY<{HWOtlI0Y)XNU4p-3R)==obF&UTvD@H5!(__ss> zv$-zu`@=ZCifD?HjQ~*Bb>5iDD(lo)x6@T8C+v(yPd?Ho)tNbjR5!d+O}r#RW+%!c#n?QpRmK(A4eBX-Q!YdwFw7^*kP>_aa}CwpXN%lI4~)}= zxH|0l7U#+x-FV-|@+ix%c%OKOY~+4O(|Xl;>!@%N68~bY%6+wMxIwEsor z!Qi%=pW*qknv$p%am^tEp9o4h1(vhVBWM)O{Jb)z8**%SOPC~!ZWnY0Qbz>xtNaWh z&>!YvW2>4n@Z)2rJ1xk)Rb096^0;rSeA{wX+thuH4ii`?^z?X8oHa^*-MgExBf6EnlXWHJUBED{I2&uSF>W7XD9WwL($fF$eLH(?eNKgmIX|-t1+rxA>$%px# zZEZq98nZ$aYKJV6c2zm{MxvKkfXw2r{IA;c9I>%oG9WqfVQajitB>QFi^5X4tnih@m z_8LknpMBiR91-ImxZtI`=oZY_q^FZ+d~+S8ZT`!zG(1B|>9SF+cZJxVGb(W?bb-X; zR>1E4mzf#NqCBr1<<}^m4!0>;u%0|}g)?>)?wi~l(27^%j)A=3KH{l zZ4sCgSff33teE4Xelm&{2^zhG7@k%3d(!`ev1Va@<--lEN@S@VV;{@ygt+COm+xPG zB6ZFfsTy8>)Ah%U;a)ax;<(MW!&F+_O{j`a!0$cdrUE)D>n;#D_04*g`LQw=Z}&&? z)ZJ&tV`FIL$T1m#cp%6M+5*4QFZ=LfTwO`Xv)88?tXg@rlDn>%;h|bER~9}Vo52ihs2}&I8+tK4Sz6k6vQ(Dr(PszUxz)RtxoGPYK87t?cs+Ws@YSK&U1B44Yw6fQ##tvD&5H+T zVB^ovIae4!TN)mHk3E2DZ6f`A>Q+#8;0t8db?0LydDa0fujT0}htH_P6v~-A-&~y2 zp$8}1z!FaA9jpE4TW8eVt@&uVMIzK&N6$s8JbhJ9y;RvY<@VwHIRgt$O1TX*-J3K+ zLFut0xyc#-qD?=hCvJn5{c7AJQ*xh(PC zXAhgD;Ml&wx!8}3mwhhVFY^8Hv^!c)z@Mk53+mY8fs{YdhrfPp-AJ3bu`(!^7(6YkMgzj-)bAEzLTlXaQ8 zjy(VTel)`v)gA9Q>s`^U3LFaG4hZjTH+}sg$7ur~yBfX#^X<7Dpb}9_%b%}6{HH^h zSllnrjs&Fn7f5VB1kx0l3c!~aNvX2l18f9t#ha$EcHO+x5P+#!6`$aV^r0Ll!jJ!b>Y_uFoBJdLkZwY~xa%gc&P4 z8%H+;Q#PAN!GD47KE(+3nQmZd=TwM-w2ZNX(U^k$f?_-B?@v3b<&7^kMOj>147(gM zdcAC9-<{t;Hs;R2BWI}J1jz`o=*yk~Wr9@$Eb|D(2FL{>0!ML_%-nC8Ja~n5+gS1C z#iYwTuNXdA$C~tPnYPaWr0|w=WqbbHA-(1DsuiE%exeSI*5q@M-XyMqf};NKUk6G? zxk^jR6xfBEQ@FyJ-h4}YbIu6eS(waiMV~#*DH7&=GoS24j7-mn`l&@)a6pBTCGbWI zn7|*9Ilg|YvbRAO+&;yP1^)oWioT7Y?NoKL+dCn(54nAjG8u3b4}UR!uUep@+g0(_ zWJFdWIGZcVi+yAWW+C(*w^?%1!Fo19iT;0#LKQSC7gTDX;|zh_Z@zk8PM=X+QY_@b->xEXxPR{rMg z%w+@L+!kY+@~1>3F>O1*tXAd70NRcZjB29Qzw3X_re_>Bzq7ZoTmukBTPs_BejajI z0}#=D!&|8sG5Nm)>k2GJjw2Rmi8sa-J*k=o-sY}HBQjM3mrG0Fl8bIgv#5I?I_hr+ z)MDndn*GG)0zWwVD*BWe#gTf#3uSv>)o;NpU^Od6?;}(xcIl0WOCfaYN8a1T_l&1! z9t~&;xLY|X{5_)01(Mf+aZF<)@xT0f#8S0%O&OBcVn<& zevt$*-gW{-{GlU8zE@z8Kq!u!|KZi+#!xd}7xZt#28aKjr>Ke`GCYA4RqhHTW7!Bz z;8-6^Sm>c@vee$Gr)k{83c)sGXxd1U=bxE+Yy6dy^7Q|UoD}peTyGofJ&NYpJgzsa z#Noy~q}EEKgwL|aidCG|0Zzn5s>=&x>Zm|v9^5hu9W!?wy8}!ugZB9&gZgKUroQ_-XV&2X0Z2j5Y(|7)r zro`{_QZtTc{z9IK_;(ZUigV#kK3%(a7|Y%QJqF9aee(Zbee|MjYaY(T-qnXVZVbL2WyjJA)76ofHDTXmlOs)y0(h6 z8E{7EM*LQ3wz?(O>Yhyp72^B2Q3c14wrv4oR_hE5d8psx<#jI6Z*57nZKxeQj1I`j zp39Km*}W?t^=WNno>f|+gfCBa>E_H_*Ach^1M=l@n(h6-$=q+If$TA3IQX%2ae02< zYxjJcw*TR2uko+1(Prs-x=({ne+vUigDx84zYTGyRUxOUQ6pofr;{lt)X%BRWic?U z#=gTa0A5d#R9XIHDg0Z(d7Hcg%Pxerwg4Iztqj<+?RT*}FMreL3; z^t^8>K`}nUcImck#i+xLr!p(oMgXj*iPBdYVC|BFe}Vjr5x7Lslhn#pYtL`GL(&qK zi#`c$AK0Z57VOM%Zj0+0Q{xWytMIEp{*gkyFU!bxA_Q$}XxigrBSg1F^^wxT6YJZe zlawMS60#2)JtC{u0RkM;kzb$_O&%cR8Q{Y32mokO0V`td@xjVW;SMq0kBwZ52C~GH zADy(Bx)*imCT|NJKt9cVG%Lc;*(~8D?3~dW0@Z7twY_7kK;^8C#iI_^FEisZ)IvvwSzbjo#qfqX2oet{Iu zV`MkhG{+(Hg6NP^ysSjpBc6i3(Bq=($ClNOZ0vJ!!jkXTjj|iii5m-IhJ86fj`sv< zSL9{7`CjaKb%s`jXkmPu@N2vBMWh&q6(>6T5qs3ld$-aM8oO$-B)Z(Kjq2>%4py~Q zF6@%HlA^n-*>8%$^%svn9~xj66Foivu6i`Gm@m81TLKvn^QGHDwh|mniUg)pwEOG3CS(F->2h6kPyrV|o$*{Td$AjfW%uLRS9KZsa z1`h(g?57khu+rpcRujArEd0r_c|~z-^$XD=W%)`kfrU=eIa1D7QKC%AN9tqNl1rLj zMIK{%{NaAkHY@B>bNO`JURw~eyShyF$ha25AEUT0cKCeA5`%Z)3F|*k?iu8L$Fp51 zliq|C;+n7fP+j$|b=ZC)i>}FuO`R(_B#26c2tr38EP}s$#VJ)nZpgiVyFKrW*r$U% z^wq&cYT%vbjS|G(XBsz(kdA*gWAJ++C)6~sL+PGMf?mQ6deVC<5;&%e{#(LlyCr1 z$xaO+G@T^<9+mjq!{UA}bquXNE@$Sp2ji>qm&*F8Z6iWFzFx4em{Rfcut0s}TNIc6 z+m8M7eDTKx=-zMm&1v?EIKn8|6L;oPj!w)uKp3y4OTDwKrFfL$43NR z-{<6kYD9o3$7jhn&08qy`>gy2ghZ&ku za0sVR`A-KAC2Jr8sFLG)nYPsPDCHwUwy@V-$SrQKEr0*zTtBBw+n=>9Lz6kwBFduu zYS%A*qsZZ9I9b8k&-ukS&QP|bha=ZLjI0OqbrIh`v)@S0lzuz@MXc*NqXdDMZh8L| zdzJLd8ztiChk57rTx!`_Ua&{4Cu*VcCq?hGI0yd{H*aND7N zNJ!~>N$g-^zA=vtFiT$OR1MniK=+*xz424IJ$Xb!oZcdSiZes-YunLFoFfLm`J!&5 zDeOjWLT5=`vymxUvvVaHrMJ|So&SBelVn6nB;H77!0To9-f*ZI?igI*W&d7Jd0+a6 zY^-8LGs=*d6Tq8nGaF`^{yao(bQZdOGd6R4^~5qc+T!BGXahsZwcUr#*-GFjhJEtQ z1!Liog03ye8B#T%_asxGn)YLI_#;z+z@)j*eW1@G>}LS&fB-Um|6iaI;)N_cfRMyL ztQlQ&GxDjY16I7U+{<7cm=QFdXy1Qhm`soV)~S78L()FwZBp$g!h^_`w9~c8oGmqX ztREDu@gP*vh-`OV25U1pop&J|8#_*;UCq^-M8&xa>7W*F!`LcwBsZsSoBVqV*cV@V zmL(-HE1CuZ>xMOW6&8)x0(9{B&i!UDU8L^NzHgx8THP6=rwuu1H12+?ovX*c%AY zM$O0Wv_Kd;a+c=%zaJ@NPKXeqR^p#aUwL%jY9oS)`<8^_oK%y8%6wqx);^m_-!p(a zv8|%&@G*Rpo356;PR;p5v-1L{kC~a*w;7|gL^mN9cMpC=YOSymr0RojZ`ajY;FUyH zJj@bX-Y8jwUbXCjcOuv*^Ca^aCTdVw z^JMGJS>fVVs5`#{aA$=!QgA|BX6b9=wBfRlG~3I9rLpmWTXXNYSA*i2K$pCD2b0wn z_h5n}!!uE{QD!soycDxuN*S(G0I&9@3OA|%vjgI{*}G_o5B2V`}z~ZpV})mJO7-z zk_uHa+LL$aPO}#Pwr0=5{z7N|7la+ZM*a$-puzYiTyew9d2s`w(mlW%DCd!2i67My zO^D9WouoH~MvWMe#qe&p-od0UIHtxdg=mCx+H#*qQP?1^y6>FR00)%xAR4ho-%MAR z`)VbR3F092RNoe&9D4Um?wr(*Ll@-a{a z!pb;`OTIq5d#shF6B8YGcj$q@{EKRt9cpqPjNbQL{@5C(6cQlldp*-L(|Me;JgeK$ zZGweoNqp*w<3p*76!b3aNu-})D&y^I{I{bE+?-jSJyD=Yp{S4mvV#e?i8lC{bQ4eW z1*SGZb;F-oic|(`tQ-+BE9j#v_dO4!^Xsj~=qOiX2VfrE!a?UKngsP5R~D8r4%nT> z6Tj)S!+RVuR3?^!4r#XV-b>jQNQ0pVbCNgjj$fv}=qTbNB7jQWhxP(-%q7#}RitEJ zDg=(|Y2}c_#Fn5FZ*|R!qbo{oI}+uedg82&Ji^tbx>dVe6HiVT+5Kp__9w)&PMJT6 zjzddhBLjr?(SXFaIsVFn;qkcwf((~PG`xepmHeFlss$?kT*XGnzIRBlt4(J_gVI&q ztAA@K{O|n;6Ne9hOH9KF(!P@M%|+=RiHGUE)+wWR=Y8@jMO9DHEZ(QIrEGnb6J^Zm z66)Aa1u5a(Qp9#0y7npchThTGE_bJk(fqmDZr_#sDDWkY`rg~_$hNcBUbAV=wY8!r zvKBC{Y{6TC2ez_2U+b1MgdWDu3bORlPljoT2sBZDw=OYHJhpE&6~(ClF3U6crdGqS zll;P*POHkQq@{!^5UBCnty5Z8&ncbK1%cRmysxe*-`h6lGuBqW(yhk57&Dmo=vH3G zZyw*hU!cHWpsVB?M1djYV(d;c^n|9*Qq&Lm0$4k~CenY()FO>B#E)al06RrI-_7v( ziO;a}M6Za62ZI?C40V|E<^wCP^-Nkxq=ZP8D0(_>80T+GhG3O{(c1V>X5o+@trB3u9TzJ36D6 zr~|^Ghp%haqnuw`bxZ=2%U^{Tf6rw8-|*)@Ah7=b&aQ>wYH@>O%1Shswlh_M7OM5F zB(j?4JA{7J*e;oEsHE#Y_0el7;fELMg>JvhjTyBVM#2m_=cTuAymk!9Pe;|Wmg;^E zecYLDW|)-X$67uO7na(L#u2F_X#~Iu+0PJ0Z%v`|JN`gSAVoaRBXDPbR56I$$E}nX znjBJ`x%w%|`3x&*@7s}nT=`-D7)+7luVHrIIPcO0usk!k+^KSwlg5uno;N>((0;Qf zAES?eSbSJ>0 z0%hq4(7D;>>KJdG=B-d}b*X%8ab{HP(!sjbCqwBP-r<})2OqL6Dhcn}{H&bH<-y!{ zw}}isf)v{npOj4})A&~AVU>68_>4Zl3;>E%6#y+CZ2^{>^m6xO|G9H2ILDwOY@k*N z&Aw>9{ejBi_<*BO9W~D&|1)vYi~eOD(x62g2(go+3zs++$ug0MNU`@tc~9FcfpwqH z^yda1)Q@>s3q`=H7S3tgKY8S|_!$U*L_GYcEg+EXb}g6s-QBaShIlc8u>c@tJaCie z$EH8`-N>3OlyB8*+m$$RfyJWA9mZnj9RtnBIWFFXusB+SJI?v|%A><0(}kpT|!$M#$YP}P~aQjw*G)5NEW^chmxmecC|~ugi~4M zkG-aT1V9hd;n9cL0KB(=X7M6gfmDrI%&>tRp3x-nCD#xR<$x-0Ck-(I)c@p|4w#P$ zSqXf&LDHP}oghE?h}gV=TA@Ew4!MPX2PykM;D3P?Oc0_3;xEgyyf%Ky#8vkx^fKn; zwnpT_M{5^~Z<*egA0>8{db_3dXpOP6MA-V*YafnQW}|!i9LXxxc81Ac(hRzC>_$Wk z4eO=U#DCCTbz4N~)N}NnuH(iR6O?-MTBHJf&s&rh`gO>ERZz<^{S@pelEPs?T;vS> z;Y;6&xa)Q2>6rOc3?3u{I%gff6!U#>B^@Ca=`Ve!&RknM?9ozc-LaR@ot^F7seZR=4*JKX zefy)$l4VcRFMr((5*GDA=?o^@ch$+4&3s5a{spocgnI~w9J1niBR8t&IO`~m95k2Q zFQ7A81k9G>t&hPa)`eP~g>>(VbeDinL-8JeT@opli7Y@;s}=WBS&_rwq22ELKwXxJ zn6DmU8c~fR>omZ);t@4XgJi_)FVHbN;K$fmEG2&jhq@ae1UG49pv68B~Qp^tUX2>$FoD+ zeb+BUIO#7ZcbIPBNFKgiBlYC19AbWo#Omx0DT%~$f`T;>XVyRL5MzOlehfH4Z+~So z8-s(bYpkVpLhfz>>XJHhGypAHiv0pHOlQ|sJq+AUzKAW_Ir`*{`s9otMmPf@1tgZE z9^fTDg?FS4!F z>_m*iNaQYw^&a`JofKmc^xEVhe@ry|m3$Qmx&2HclJ40`utQ!3*R+%~WM78hU3Zg& z%=1_`<*xk&N`7jn^b3SA)c*w<6WB^Td=*O4hd{bXOmFDPO&RcAfLQqn*xasxt*&Yr zW5S5AG(1z2M;-5o#h8QD=dwu5?Z6M=6t7>`a|CMNKO4@c{pHy=x1q&-_3E42T2Hjc zIMoRXL{rUxWER5t7=GYdDCBaf*i?3uho(&m1NSf8Yn?djZw8BX+~Fz#^n0%W{iYgk z4sWHz5PqT6ur0Di!)HF+<;d6s)5S_^e_?usntggvIPnD}0XWt_dQ0bYa(I-$5am#Y#tTU{Qx&GsJu3^WJLwVl_r*zR)w|)8>OP z$uUI2J_PWzf3tSjg}c`*Oy~N_-z_M~yz6Z%>jFhm`vu*#U5j0Iy2BQgt6BQ!x4-w8e0$T=8&EN-K%I}e27{wKJ{&w&7V z(|4%!V>U0)l0OAnBg)`Msq`#i!^ea=)6msocTRIj^FNIH{cW~Hc@FjX-!@b za5Zzkz}f$>i)0T^i`ANUkJ)CpUiZNj`pA)9+k`niKM`_qV-jOErVS1^W%H0eho;B* zs13r?p#dXk;u$sY0)>CGF}UmsVv4TPX+VN>?@NpNon~Gl5*Uxqj+bf1Yru)b-jT#x z`LI^FP#=+Mu6l-kqv&N>vBreTOq^n)^84z0&o4FQTsy6@$HA|YEAb?;COO!{dQ}@4 z@+z)<7dB2izw0ZG?Hv_QfReA!JY&75^h2Y@gmW&CAjj1UT{$aok(le@#gQHzT8-@P zex)X-CfAXVZsQakmi3#rpSfxuSv9{!HW=Afyn>CswwWz`z{|ae)XelfjaTPw-eI`l z&fNafEmO^DhUa11U3GV^q>ji>VP>ZmuT+wN3BSvkC>QrA|2ko~W(M^T!!vb)VhC;4 zZF_OmtgMUJn*z)iP9G>V%YZPf>u*9oe-uc6xWH+ANqB@=cKQCJEX^3+sM*Lee(BT@ zN+cznd4vRI&>Q}5+4Z1Hpfg`{1aRydl6eU)mO}DIEXUknBPN>pjb>>NkXiJ59*1qf z5*wL;7`*}}-Ksz%?Khkzz~o2ru>gfj6|tW>U#Eti@l+>2#3Qietd?cej?MwZMjjY% z9THd+>COHO>1ITA$Q=3akB~iqSFQncob<%r$~2<%39t_qi2AES`(J=G{#TI5!u~(W zayL2WHS zmh-cD`UAvLY2HCcMP-H7ddw+0`9OvSq7xpKhd(;B#rMfAY8iCQ!B`*xTc$s&O5zS# zW8bK;$MJTXU7sqaT0O^k9go5i0NMpQxW;_J1fhwYPMD26ZGeX_8|4h&MLU(+qqZm) zR9h_)%-=YUhO`*b{2YNgEohGBwxDQzO;UNoOCWd^qF!zn+TMB6Zu!T&`kGaUm3xGB z#M~LR(+&@xUJ|B|J?#5v#=|H0-FN5ma}m#OSuEa`JL6)s$NCauTHof8TqKzueFf2^ ziD)b)JU~20G*XbN4-tG)q-uiZ<^-|ZsV%m3a;sOm#|!m=NRi$^kRsm4W>(JujVjRE zNqBzY;b#YR9rEx;C7yQzCf_GM+r6o{FxvV=-mZ3TCK6Vp5(4K|TOjeaC5qzX1ld=u ze7Z&o!bUHU`?VN1I)d9{mM1G;dbD`mOk3C)lOLH=iKshG6vX>yPR!urHHL1K6P{#< z7j*b}*$DP2Z8Zpge3hNS`1rCBdyIO*tKAF-%&DLCFZ2bW-v^QIg5MnYUX2N~)J3d4 z62M4lreQ2d*7`u#(`qNsJFXlY@8%|8yHFDTJl@M`OlO%ih8`OTO2le&|6FE24)TOv*%~U|A)?-%&(Kq);$CSV~>}Cog zH*<0gON;T0R66BUf*D(jSNIOjSvPQzzBUbGq#$-+Jg;dEw)bHz{w)@MxMBM9yH*ya zf4kmKxu0PvBX~j2C@9LJU_3uWY%jb8;gLg0eX*cj_Ojh|Ll>X-A&`iR0;`(i#dF)A zvE_#WILx~egJBMtk*7wVRn3`I9S$hXYa)2SQ^8i0a&dJ&XtjH}pW;h;9{mC-59UdP z^UtfRPp~XhmL+qQsb>1WPs`z8F*r^8Lg1tgFNHe~2J#n)g1AdO1`{R&g4>zlcMY~5 zZ6yo)eE1{-EHFHJBu+$wjQa&AgryU$QM($W)OcQ%H6e3b&GWE3pt4YX>T!jmUk8BF zUjXFA|2A~~---19{cHUN`TqkC{}(oxQLq&ZuPon2N{CtXd*4Nnf}yNqcl}6XZ8&S$ z<+3G0Y0dcZZ__^M8A?3h0;q?x4w02|VHa>n`Al0}C2)al%SASF`AW+Z%427yh)T3d zzU!YD7=8IIQf~XN6Di}J4!8Tq5kO91K~1QfdApOD%h^Ck(tWtZ5sw$5)d_@d?hUA# z`S6ss)VN`JOr(Cortz*7~P6*UW?)u4-naZn5 zW9JfCbaUIdEpi3;7Dc0go&mZq@(rwX`>pvL0SHFcOEgj|S&gGId1h{#7RTH=s5UIz zf8i=9rLn-JE9#ZedPU$V?HY5#kXj7aac+H`Wc}hnA&aT4godtdt9BosKxX>%h<@>F zL-FZs5^ZYDFl`uyGXJ{T0uCM6SQT*U;GV^ETG?Dx7R~HybkjAkd6liVSWF|MSks(+ z^t_+3qiRYCwIE%qaKG{8t6AEzd5a6+TlWGxwCm^j)sdGy_90oWcSPE;%pSolFJ@CQ zHJ{Gf!uK^S=lt}A3T(5R&gCiQc1cn$nLgB0Y@0N1zcw=d;!1;M#K+{a z@*Y(C7>!|#$vnF&yDV#9i5~bP-}uO$Z;p5IIyh3E8Hh`xsDY*^R&<{DOg3jriFH|Y zxw4)jPc$>((2Z5(Faf}rA_TAJjz!N)9DHP4mZR5+-f>F+k!GS+1S#)A#Hn9jezH|< zfNiYVW^Uo>3G{P^p;!Hm`UL{{HO%%pwW>l6U3Z~1;Ec&wLP-_s8ww9BzM0B0MT zi;_J&bQv|JX-IH2Yv(I4;L=SmA5+4 z*~N(-59=4-M7?ZypQ0{KC-Ol0)^2W9bOQ~{jOal^6Cw6##(3DA+ys!sWYedftDMI! z8S;d!S-%dossoHVew998=pZAa&o92~# z3)hSjep+CwU-Sz^b;Xz9e-d^d!AfF7-@%Jvx5551m)s&LX~NylTG_AZFeA6k>vWQ6 z8q`M9_X?pB>k@lj$vn{JAE^^rsgSR-_vY3tlH>yF_4E^=@%Z%P#ADN$-y4HB1f5;X zA>guvjQt8Ar!927QiThtt04{XLjAveu2!c{sKv(eoHoe=|}~? zn_vu`KzApZ6MHA>q&F!4p$K)*0xZ#Xrbsz~?GqW~&P|;tYdcR8sGsJj!g1!$RF#9c z?e2SJI9?I&)o$Ab#nek2zg=)*vrm>Au^N%+P#3#W(3pO#k9!>eVDBouBeNzHT_p$j6E9X_7H%QeX>zvR5EUG74k_ znPPsDa5iitNM}AoE#1IO8L9I8+c(kfwl^Slq=ugpcI42y5~C`C4!Uz#ApDH}anQUK zMbhI1lBtTGaUCrW^NTvis~hv{Fppz!*c`Sp9}((c`f7c;1Fq&Jgp{|(V&2!NF97|i z%^ey8b)Q?Uhgv}k6g5amItq4+uzePZLsV1mSeC-i$A+kIZjBems%9_0l0qaYDx_^O zv-gF#8RYC&Yr#tWvJf-Q_*6qhOWVthEf>!k?{~E6OD{#J$s#rEpg+w-Lv(A`llO?U z!$n|Ptbu@D3w$>V)mX~}gC1RvR=P^ZEu7lMZpT1(Ur$d9cyAyI1 zKt0Fz4vwRS>vo)#D{6b9sB;Ft&bq(eF|yx~XJZ%Xo> zKzi>Y=M0s8}kz!YQxUz70Oj_jB{is?FoQKr`Mo z@NK-p{^a>sIlqcB*KK5Z#uWF5{kQ~hksnT4aN`l&{RasM=XPic>X|#Kq2$Fsfga1v zZ3N1X56+ctZ+Rl=ZdD}|t-N<3ht?ymAWz6yj{63)JXOvcsGj5a5L>Yh5Oylu2LV%d z-#vwQNt;{YX*37rHfIPF!8pC{`PD8{x_y;}dYOo)B9G-%N>h+op4J<30IcZ=)%po* zf+Pb+ye@#k(8}QD#(ZaH0w;huU=0aaL zOf&*o9@Kjd0kpYJGn@9kmRil3rxpocN%WSJw`ni|ja=Rdcy8tQu<-J5%gUza>478D z`PjwJ9T`yxO|HBL)+p7E7Q_{xA?luq%AblGZQZA8Eyl$$hKWKIV(<8p6ORHLE8s*TXvKGR8=&Ic1ObV}7cTILmJ5VyTnXiT6_?O1F}PvMJ#uTr$t>bt ze6NCKw8&kpSCT#SxN#Xs!O}06=D&!3sbHUeR{s6C(9+Vd{IiPHe?tDjZNC7>P)W(= z&N=Huu7;qoA+Df{?}|qv#mFP&O<&(TTV5nDO)$YfmBJ{kbC@mBg>a}m(Yt^YX!CZC z&DZsKroS<@NmLos8OY1a+e5YhXreDcWW?;Q9phaN*_uz9_~i)1bT`2qmz^t+fZ=Ro z@l{z?xmx72{9&!6ys(q3a)?)xVk6s#RhEzWfJM(UdLxFwW8?O5KfXCeyQG?hA z(Wp(Q`F|@1sBne>mvto~5a2QbIDc*xWK~w3DxYEOFgH|b-%k{w@h_>SeFrAlGeIM)$ge#_t_W2$u>$QmLWrIs?T(~OX#3oH;)PebDNei zE3Lz(HmAZ?PqlaMJ!9rVlQ0}x;uQ%H=QkW&#IC^{^M&o}6OLbAR*9UBS94Zxl&oeh zp^YO?nQ`$h=*>1R=r=|!0LAs;#ke9R(c`>Xy4jB%)h#J*E(gpZH0zJb{y91RAtwjG z;=d~&@}FU`fA9b8{T5RzW8$y+B77)X89h+`y};bTKZCjb72psEg$II(yOqkkIYsFx zVln21i3Y0wj??}2ySZ+6juQi)%y|ovEJhX;_|xO05O#x`lXI{ArJ#AOO-UQ8k1CQJ zVngbbRi{R*C1qpnhx2lKzwRSx{jcM6P;1vKFq*;c?1sD!7j^g5D^t5kOP!+=*{eI) z-181;g5j4cG^uGWLcApu5+0D8|H9%?JC!4SMd@Ciidi*hg|8Cem?q>8*ujuBOW%Zt z5rlH5)_ry1Op#+lV?tMiu5m3qyT=v})GoNv;?*6sl&<}(r2Ym-@_)ja^xum2e<{oN zkMa84waW_3WO<(<6DiJw6QKDeaGbz%c;$==UPS!|3H%{=7vL|1l0F_*=qwK=o+5D1 zHtx*4(lSntk`0*GJfrCBvIwVLmuHXMe$PLr+ZfbkWkK>qQRai$hoF1?BF35oQN1mo z3Zx{_G=~ENESJTD+m(!Ru_-%oS*o1ppPehCe?_vPib#>w!CM6OW?ZhcPgg-*jq`cs z*^&LoLy9T(t0CX_fr970Z+Z9XumDRuD9j$jP;NgEK6lAcpdP%?GjbPDz~Q=;6+pZ2 z@mb9K=b`P23-6aqFDdaAeY)MPX=WTR|LF9y{PlGtU>OZ&^6&1q zuf(3FBZwFNbiJcYZ(u~rG+tL%h@6-LegPq$!Kq;l0Uh8I2e?*M_2|Px*pupbZ<<9? zWhe`Q|1=3|9pi?5gL`kgu*Mk=qOl!dA8QCabLspC=fg)cvg>GVp{@-aPYi71YSQ0u_C z`mEMjmJtWk8?0Ez+o7qea%TrP)>7rZv?G1j5N@P!y_Pne_!YHX{6KqkN0V%-Y-#_`3^(nmFKe|Y~w}?yWx#87;^^nK=>j5W8U-Dl@;+1 zzg4OCGui>l&k=~Vvylfk+k~s?G$9b&MO-v^uresc1GC*xnv;N^UOon;LdlS3=?aMJ ztr=8W%+?|+Z=^Af`*irOXy({mm8+ItUoX{P z2WPMVjS6IjQsI)sO=4CiO_W}X70zE~zce32&8$f&_my+Vrr6HorpBX}o;D|xo@6vJ zEdvyhLFrPwqF5WkGaL*rpv^;i@H&Nf9sIDk!(;@RI)JyFu+3a+kLMLTQ z3i?u!Q_&|OV?{0v>4JP+0!-}m${<8dC6cFIJpbHW5we%)*B2OT5MbBu6DaT$MeNPY zb>=$G+}`w>DML#%gDC>9<96J`n*%|OBMjdKGfJ*hYD1AS+i$@0k9iN~u)e3sh4NP) zW$Lq=KU7Xe7Xl(X{ZV!mHtC z)xFv&7VK5sUS!_Zdv>j0rc-#!WhC?MFJSkuL$Q5J$fyTzy7|-k(On~twyizmM>E2E zC05|~#Zg~blEdAd8P{u(k(nur8l}kt@wXXFX1>ugP4<4)>z&l6?>wj1towO$%r&86 zZW=0JB{}|nMH`{3tCO^Afw0_rh&P&tG!-~s)K^5oX{UC_ixb>ky1|Rx;%gr`;=kax zM+4V7`s&tMj;n|)$qNI7la09}lps+~g&-!_0zW<+Meepj2)>OuVceIL$uGy3;FI*y z&_qaBEF+ca9YHyxjk#3$_{>It78RC_bNfLeUt4vGivoHUf&D*~8hVu&;NgtN02w4l z5wiU5Tt7_Z)S>GK$=VID&p{%?zVp974-97qXc6vj7C`4Bkhnw8B$M;10?7mJDx57h z)aV)9pLe$a;wnl3hxo_dbn4KSC*BD4@ZS1CiGUBcd&E-rTIVf}A4~Y27qFk_!S!}f zuZ`Phje`1(A&F{&eLM<+o|-B0FhT~L^Dy^oAYUb>D&%07&WK^g%8wkc={S&)*-pK zQ*r&>`HRO{A(vTK*7{xA?+3pfZRBOt2=U1ws${2Ie}7yWRS=QXz&Uy%IBwyMYzJfz zlolZo5>=J1mmD0PIXJSJQ?YR+Jy&@$BvK0Bi8D2_w06szRmh!C9-20J^tO#9x~vOm z(Ua?v{9JL+u{AzVHcrs+hd^ni10yFwz8qWDb1svX?7g0S>B^K_|;PwoSXz^W(C(M}dWtOm-qRHEc>S%3U zm4js-m)!Fj{fKs!*2R8I4L-jbbdTVN6ZkCvgKY_{7fAXT(>;6Ud zRWY^5=u5wG2qXo1fhcI=FE(OPjx-Q(ml>yWA!n=CHs^47p61j}N-aSm)yZ(eys*oF zb8brt!ndTvG!XR9*XQ=+_>w7xD{g&dIdQlk&9Gj8^vlOVfo_ zkt0+}lk+5f%(tCXFPO8ddNN^jOG4e{MjOj&jzI+JJ|b3LB=DQAZ%j-_2;ma1tQ$;V zQ=9qT6IhC*!kI>==v6k0+fr0Us1o-zl@#YCUxTrLke=Iss-gXm93=D9QzeSvjCp4& zh70!dv%Z$p-lp3=*nW4gS=H*C2NkEx9pXB}a;2`9bj%VZ#l8l<=pU8l2v#*j}kMteyXclQ5uhJb@E#zlY z_DFF>Mt&+LB<(K69f86`CH+Mf`XpMgOTxC;5~E#GC#=#LID3@1K0ajzXugeTyJ-Q{ z(9UIf`E?QioF$$2OaLGrYow~RfI@QHd=fu70`SUFKoZBM`X5M zWIQD;f}({%L>?rdfR@#X%VJKv|D@%11-F;`+(s;=m5CbNaDIRcC<%=20W%@j*zJFi zyng$G1oITy!uPX{;DT4ib@&@`Hp=eiay4WLRp}Iy?Yr zf}&<+a6TwlI7>`pA}WtF2(>~}u3XYx8q92EysS#HtjW--2Yhg)CIRLvcp5}Tge5iJ zLyWt!1w3|ws4?hH59xVMxh-SL%^%h0cUbuK$Kk~ZdgG$0{Pvn(D*a6E&+_Im7o)Vz z-jja3R;j?Fa-otRYKe%ZaHEii+kNKJ)}MWFk0d(d5;!q1{69499V_#;J|1GQR#(2N zUId`FTmk%iFlyANsh`(=KG2jnI?Le*LX}Tu{vi20wza*}e&KAr{gN~uK63%QtGB`6 zUjle=uxQeGQ-kOy?)V|79}d+N=4~-F^n*dUZw2hmGc!!ds5iUY0U#1S~;Y z+AWg0n0d+rakvK-DZsMMBi;Iu6X|-DZb{+^@gv;LXyqB9|U|_cw(1e!`1t@Gb9AC?-G~Q=a$C_ zM3n)H>cmG#zRD!{Qs7%4m%-6uKSBhEV;Q$#DmaT;a_Qrf?WHGMV870)8(uFCJYqEQ zqX&K4+d1jh@*knXMpH)0Lw$VF44g3+41UQVA+bmy{DND>s5ailbs@Hna^iCHD~A^y zf^?*O3^bMB?SBs?r{Uz@!m)B^hzN&THFP__N6JU-jt_EZxI{k9lY|)960M`g*T7r0 z3oDgqEE4tRDKyta$&!|Hg~Bd$I{0)<$B z2oBygRMfsZxetlXCsw)9<#k1F%`7WXW>=;+SR7{xulJAc-wKU$^`neSfTSS*YOXvx zNmmMl#9@?0ctSpgY1wJ)tRqK3iqSp!W`-Vux#oKv|9&pQaF+0B$N@FbL-4f|iu(+x zV>Ha+-bf+#T6Um>xUSRSupQzL5**nwj37MFE_gy_2#hrgFyR^KKRGi9L+1ur4xa{i z>DP!&EnZM4ffVD{0i}`ELN97n0hSWyUK$%WVI#(*bf1{>^`zxrW6MWXN1gz+4PZYL zw+k?=zW`AB;NCb8qIVQw`7u4~W}l~09_>sy`8SG3+v+7sZozzpz*cjSCo2h-MYh4o+1_Ol0(YOI|RB(w=l+3G2dCgrFWk5WEWoO4NOg~KpuAc;`zwRf@{6vF(@8hRl`>(k#W$L99 zBr$S7NTTa`tx@XQl4dpa!nW36NQMg@B%t zdq1m4f9nDIG4!_yjJZbyL8d_l*EoXi-JW3#_}c`Hj_90o?+;~mM*!BWAONZAEI{uPn_1w*$RH$r0k(rk-tvRw2BHOt zzi0gbkg3#YiK>znlM zh(4R_q)S(A*t6m;TDspfc(|s(77S4$NS+oUZ6Kj#AJKEshZIptoZ>8>faWV6aEOXa zeLIaCt@2UfO3rv~d(j9np^=fmhX%m6i<3C+1!78yQ>tUKga5Gc&k-qb!vWUwP>#vA1qh?DW9;-Bk(>>BHmbKW>6k~WJ8jn;&{tK= zE0K!4{b?5PdWRH0V3Fm00mx2H{goe^#Z9o%AA)Evm(HUs#sg$|*yo zt1e!Zg#6GiHPuhX$7yHz;k8f})thlaH*Q3i{WR}cO89zZbAflzRyR1x&qVAvrmbjD zjA20)uTCHd(8II)du0WDsO)Q>r|@3|ZFcUt>>?RPlMxiS1QB(0D9-0>pxk*rq-AQ?Sw}-2uddJ3-i|G99%6)Uvq7xLAaz| zVd0dsO~yU^FW?#U@SY>~5j_fL2*H7>i1jQkE(2mu-%D^xd%BR_2kG zEu>DJbMI{AsR*$A1>k^9^gS9vS{(qVk3d`G3BW%20~t}n1lVkE9K*MyPsbODDyTUO zrHJP7vF2_v5Vr!Yv>-W9^Z@cAbnOh#zLg9m_`-13b0OdZ5?~A6g9P9XEPLQ4P|Cdq zY_4CVKnJ>^{>Wqcec|77R`8e2BM9u6jG#z4Obpb)F9Y!t{{EfbI-DS~+YCA(fi5l2 z0r*E2k@;wW=9C1y=eqk7A2|(&)DobbU=))Te18uX6 zK#;fMS2&POglM;Hft~gM`II?zfgdE?o&$%)xOVJ%^lHZF#5nTxM;=j54I{)ppm3B{ zTx^mw+%#_6EzwXprhce~d=an0HdrpgQ!AZl`6AI$_Oil!5byrfqFxj4+yzs06qxG% z{u;fI=Y#VZZ7>-~zL50}*tvFkzG}^q^Y-&+udYR3_PuP={(K=KoUdxF3&p|SvVwzJ z8mS6~ndqGAY#?SR<^A`t7r4mw88$LlPLup^<~$aV zRmn5nys6LdhH>j{+}eV{5;z#KsH4f#+D8yS6mCWfc$j*+*Xa3(BKuA|j};e?ErOT* zAC4vsYbc%%(U2ea-~8pH=_l&cCC;4>QgY}T&V!y7dDbC+&X1EgzXuU*wl=AH+ybp> zWi^X@y{gA?irkT^yTjpl@lQdG50JwMYUMH;R6A z)Rdgy4QqK)e{!zZB<_rLiFyC{#$y9KY-*=UlK+JHVK)=QbHGA^BZOt?U%#gT(g<%a zn$(5UL`SYhW)ICn&CjQr?UAlBSx(A4D)*_W0;9ZJur6rEH=pA79~+4BR(17#xG-HJ zXLw=WWrCa>qppJ0#5{0g81ks2i0~6@R&xTH(Yh~%6XhTxdUslz){5(4ZJ24&v=^&3 zis@cakc2VqK>@?5Yosnkd6iZYZ?a!(7V7&}+W9T4_SMo+GmxAKQsSId(Xrw73)^&@4B45E z#%XnQuKlagWkOs)yDw?vw_*1_8I{r~jiI8$0zw`J3KUP;Nqb@U3>(2^Hl zj2Q7qW5-Tj2I=9I>SZkGI={CLU6;KpMG|@3LS)WbbUvkkAIn(+@rVI`L}4uz!1p;+ zx?+L(=4V&cB8VEC;r$EV9(pNdDui-i;(t)d>BiBkHw@O(E^LFeVO@14Lxn}foYSlp zU%p0c)~M=)owJ~$F*kV@$Pg2sbmLRzK^XuMv&6GPJpjz&^=(1bSfC2Lsvh^AKhl=mbpsZs|niVLkMy)Bj; zpnAom7dO7`6-{7V*ag{$;JjKZn^9xV@AX~ygh@QR=$~(U43K?fKF7cX>W4%i%NSw) z*IoF>!=FQGZT-qvC$HO=lYNLklf>oQQT^OvyPs^wpTE7@-{kfJrc~>5dEKB||0y0( z*Rxp0mg)X!Rml__XTGqzt+oieFwypD^KA!;_u_@`#6eCa&q(RpX=Kw`r{z{#OeE)h z%jYW7&Vmo17i;{X93M!?&{a~WybE{cGsdi|YGP1H!p{ar3huBgkiE6z!IsE^5>PzS zqqhqh`?8O2#dT?lw&}obz?V-lkQmNIuh>TJ+vQ`$oE5`bRs5m92z}Kzr#!X-^h=ac z_hj>!5!Z?W7+X$uBX-)tUgyr(NpM+rSA^#HQ-2C2Bk|&X4KXM1oF*W0s>2O&8M+ki z*T+>uk5sP@s4gppK(J4eq?X@BvzHje>czh}W__Y&Q#6-(3h7JG2;*eb-q=2}q?s^Z zI5(M*3u;APzSm=J)`91dFy*dhzTo8h3DWG>)yesS?BLeN%F3#;s>uF+fGb679(jA@ z#*J&upY!H#lLBpn`2}cWymUc|+3c;HD2qCQxz&|`42nx^ayK==z&@6@O}hDC4D@LF zou{~oDh-UpCej}yDm{>EdTWB)g6L!vO)Je+TVHsHD57f0XubIoWcw<5`>h(MIsL;B z^w*`cysI=gD_9KjKmfXQ2rR%{db`v7Y0C$tpRa6;hgc-#cijR^g8X$YLlAtAmzl&H zm`|SlN9i-(d3Et4Wwc6odB7v^t(}fXrIppNmyYo*XE}?PZ)z~nzI`Yct791|zx9Pr%rJz+V5>7! z_Ai;`p7XD!=rA778khPAG>irmNzA ziJ0NxSv0iIOVc8_s9ky6iSCVIi!0I9WwLzHbdE!TEH6iIeVlM*Zhkgy9v*Qb(Yj0X zHR&5}Oy+f78&mTS5}S!*znqSH*0D z1!Sh?cN%PbBW?=4v)CLcSiMisn?DS@ljHM=TdO5M2t(_yKDRtdAt?M;mTW#AYbPv9+#)_Jf5Qcd{j%Na%Jsah^?%M01C-dx-G}Vt7nNKC6(?C7&-EmGFb)EHf5S)bmn|`p8XO#$D6VRimWOa_tY=l{Ddm@j%8^3HLss!QXAe3}dUMuzCCXgPg`#mPbTe;+ zJPS^PqU`}$IY#4{ z7h~mkll!7lPisSOJqZX7I`6iQo?Do9Y>*YqEbxtyp9Y;Wnq)K73qAW#^Flm1!9v=_ zY5TH~;grF>q)HdA%kAQyTy8(mTD$W6%t8KIW{G2!r#{e8`zODYU%Q0g>-YbdJl>Ii z-31+UqrmO3H!Mf3QScy8S$k^kEH3y_5G$P4{-o*cx-^S1)!_Xe#sRUB{QVoGuct4A zES34U$i_zWzJ9?)VN1~IiE~lqG|b+Li|S!-Cq@tCgh%-*t~}^JD32dq(vc*28y{Uc z#Gv*Zgpg+>JVcMT4V+mAU9P{$tD3Wc_K7H^Ds8zz7vFMin@gLQ)0~s@T3nE-LeYcw zb3b(g{z=UJ3vcfKI|-NuP=Ik1jN*{P@uQy+ywE%L-eRl)y8V|jR?fVHTfu$5Oiq&` zt-*_sI52uob26A1WT--`-a$yNxL3Vns97edRWP)gc;%={Y7$GA}S;{bDxt|c> z0%G>JJ*=-@qK$1gNVI;r;hN3KH-Sa;J>vCx#QtW*8mpibC=u8RK|cv#RQ(3DUxfm2 zpOZx;ap2*$=m2e^t=7C&#f?Uan$fo}bYEVy?08?EANPaAL{&oxoFRX`R&P-Q7? z$+Xqs8al3?H}0;>s(j*7=Q9`kj5YhQ*;Fa3bsHT043MK*Z>J&g=D5SKJGy&lu*fvS zc24CSpC3w@?lo}%(f;`W8U+S4xH0gK6nLv3OMjW2bV9TW6Yu%@+u|MPcvPp@?7uF> zyY{LHarg5MXH)Bcdcp0=y%F?SrHSwFuCBybipF1B`<{%4b;m;cKqM_)0f$pOXQ5dA^-x(U&#zWdD^ zW3zjVHcOQ$Ht*@4S{^56nK99Ja^67lH_{SE<%Le+9&*kLRok4_C@PH=nVgJStO3>X zwDodyo`mp+q|s*Q*axn{8l)GxiRHTTB@5f6txx!?B1C)SG#I!Fy^=7~*SL$%MSgWh zWOlhli?hT$z9k)Ao+~5Ao_)18*Loi^Je#QBCfR2qvL}P8YSp|!iuPjij}s}MSBlfgpZbz*>7fO+(1;e$Wq{s%*&#z_fa6ty!F13q z7Q0W8nNMDJ?lXU~GOhEZ@4tr^79{oNq0-+(dqdS=I)W>#Bc-8EUJ2>5HtNR%QvLS% zg+c_CV123i($CcKdBX{=E6&N!7&1#WO;PFId(}EIh#K4?00rqH@N@)4j7kga&7}J2 zY;az8+2r)(jbtcSX`2U0TvqJE)#%sP=4zPl;k$cuWvx-$*4TAi%L0-Dr}D7w3)(t7 zt;fsFoh0#k`rGL~p_mL&PyN=H%FJ&Z(!Yv0oH~#BgFoP6NAz*w>gA*S!A_TFo7h|Z zYONh2TO@ZQlOGM1$6V-hKc#M;(x}jW)MQJpaG5**;%hxwU%gxb@fJV5_bOBl<}o$L z4O3Ie@0F*fvbSsxtLG+N@iTzQF~Q~2!;%LdX-R%6y-|~pxSxdsDrXbTf0Quvw_N9M zXk9=&K*;*jSZKHX$`?hUUp0$0XB4Wl)h*{C(=}&sJw5W(K~`aX@Y4B<4+%*|+DyJp$~E zUgL8sL)vn)=wFr1RtvSNu90}I?x5=F_0ZOBpr{OvA*9W~IW>SUhzbv1O2%{9cmaEk zFQcMiO$n+a*((xnREA@b}U$9=U{<`-ybLx`kwjEu#}RZhFT13QANqhyl>f zJUpy?7iTidh#6>sho0;<0cr}~IxW8MI7F()w^JX7YuVn=I>)>6FmMp-^R#!I^2~E# z{6k}W?v{M12|)}4i7dKi??~3hA%meVTUdMaj&@yw{>B4_hvx)vOC4wH)BOV$1*gL7 zq2baTaRuI-Uww^k5bjskowjYaZLl@Iv2#hg0GX>HpSn1k|2F;zxQ%k9@g`8jOMkAB za&}%lG!|nE6s?4H-166xzU1i_?HufRy+6CZ=eQ_I>0R(NR~r*K;*;bY+Ox>=ORi1V zB(}D05-Y!+Sukmwy<8~aQW#OzUdq$Ms&pfqu!3Spy<4?PL5{Qa=pr?SG;CVZ>BVMO=OLiJO>9*G#03w+ahkK!u@|wxm zjF_ckd?2(YJrxkv&Se<<>D>35TGEsr)RbGQ0QeFQ`QJO{{zu+V^hP?vCzAH(0p6z! zEW(tjjI$|&x5oBcJMv~&mVl|fRR?)I`;g){N4{5qyWA)2#n$ce)aZ^@8p=7GOuM1G zbTKTy^+jz(nkBpI#cR>RwO=S>KMCKZ{B-%^P@)Q%i>fhE!3OcodD0Dg{-=P{3g8|= zy-=r$RZjk3%yb+^taw$X}H~|YQj|UyogFdchucJ&L?Zu zSik?mxyqq(!Qd&^%l7h-AK8_&7ojZn;(e9{nLcW|q7n;rMk?w1`)G zTuertQMn=sOC;KC7ZrU_X#<;pH- zaev5N`sWebiD7Q+wR9hX6kN9?9rWOVUCxHgAAy z+|(4`cFXStgV|(Z_?!NN_b2EIVb-I<*5D} zIF0`!vEX;SZpl+dJn2@?50Z-=-vQlVVSm^cAE?#l{?=ZjCbCYF$hVp{u3+kgUTk3` zQUTHuVTY>MlU90r8n!1=L{_@@sIn7{vZ9x$?FV^%vICgor=9>2^}^q>r})eFK!5z% z;FYwkkzS}=-dMKZAr=yCjvW@mh*e-mjX*3maT4iWJ~B^O;HoVj7}#a8Gre0r zOdBXqFc~C(KTe;w5uH2JuBU@J3qI@lvPk%NhUq~LX9hsR9ca;{_E$`~xE*)~ccEoL zFWl0h2L-;Oh;8sC$_B^T^;({RNv7NnagA=^T^~401S~`@G_u-hZ^~1mixNW#{g7?` z72`f;xd(zT_e6Q1bDD;wQl`qKYvR#HGHXSa&CFNwpurB zc&eq}gPPberd>YAj4~OC(N~_xqpH$1}P;cS#s4)KYp0dYPCQ1Qcqm`MC*U z#qxkE#0T<`uB__SZZ4GXt@=hVM@lshlJ`}zh8NYjNkakflhRamx4JaxE+pu#IMEW z)5rnz{8?~qRgM)-(gjyqSJ{$+@MaYYhRFnaZfrtHT>L0OCNFOdI~n{Lo|}G7WuM`c zT+4{>@t|x3(G#GO1vwChhvg^uM7_yCqA6(>(8bp<(4zxq8fX)5qljr2t9NP}2iwpG z2PeFU@oaA}vhzjgr4v=aO?)9UwY67@_BbECNW2t`Hfo_)@>`q%2I@P^;cFPyF$%83 zMmY=+)*wuW7my16ob$*_-V{nvEg9s4TjlD)bdLs(-GvgHMwyWj(Jj zTT0DSG#&_aA71=df}Q_hzavZh4LtH)Kxy#}&^+=y;5~GK2@k?rX~tn`1h)V~t_;1d zqa$ljTiSlgRPxT)zJ2Ngi^`Eje@>L&sa{*gZS+j*%c9CK2l@WBLN4cu);;hqY7CN` z%U?~UR~k5K`hLUSb<6{p8H|6dneo>%<&XCBKV~K3U!1xAs`yQs^zTz50nKA7;{Y9i z%gO)<-4@j`|Kwx*7K-%$6ZYo6vyAxvWPHP8p5)k4%MFA%LTH(TFUR8|AgDx%i{Qu+Xc{DnM}nR~g(NgCC_QNP$M&y5`Q zHvlRN(<{rgL49Jph{Q2BaydV zJj}`|LL}a&m^SzB;k&4~KfX5DW&SifRJ4oyBX) z0r@};iQl+SO8X7{jn-PljnNU;Jv`1C4UtY87X(<`qL4|(F(Vorp4tq1-d-qAs`;F(F%<1AV1%( zSMeLeb^LRJ6=tAW27FOvAx2}oc~ZB|&xg7QRj@5>qD>{Tg}%g(636hC*jG(QdWwr@ zq^pz=2QuUVw_R9pBON9g#z+4UbD_fQi1F%+$3}@aEmY&hZzkS~=K5f@N8>z8&EQj+#c_5cA1hbrmUH7I>w?&)He=5=qnTi*N6BN^&u1kn2VbovORB zsXvzI@K{%Q-)1^q8RaJ<=UC;HW$%Hl08GY(G3S4fM9Bm4JZ*+KbCsLY9I1K6TdaEh zwUx1YlQLAjFL|pAZ(dD(yz$Xc%(lHyJYI7bST^JGdsKn`-vZcY=-SzeoA|`!e~-t` zME3)Mh6y=T4jW> zPhtDtJ8_^t{@fx)y2S1b`BpE6x9lpw!L-VUw#;yP`_r?%NoWK?Lv?wHCo8weMej>s zFS4AwV}=e8u0_Y=rk)Mo@bS>3y?=Dqb_{HGX8Wr9@wGsG(8Yzs=U(aB#tqaJuUFRjt0VP z_$z*Yb{~(AIDXMYj7HI?j`P`Jksj%Q!GnX5Tfxq`P)-}k^AW{IJWiL|cXX@lq3`!3 z`EJ>2vKl6i+}_`xo$goNKvfvm8O+FW#K`I81`Y?3pjBcTnP!2$g(g?rJkCD~uP!}= zGE(c^dHPF>?74?Rv{n|()K@6!gJj!}P#r+mO+jG4sQ?<%oDR__sTwAL3JoW1V%4)p z6dZC`&oQ!E#svqgupS9@nQ3Si0#<$-$cs+(Vhg9-EnY+cj6_sUJxq0ok1O^8_b^9fUQ+4m0D)fFcs1hD3OM?-7fWH;9P^4~EGs-3H51!hqs1E~`-JI*E zz4|oHc)vSHg7h_0pt@X6BtV`0D(xMVVX>~EPob6~TOVT-AoZ@esIf}jz}DLD^bT5( z_z>1Ihi7nyoZbj)&@OX#BhKeGJ5nR{Sr z|Fm~&jvyyl9QzY){4J~72G7mDES{gu7Ek^OHU2kypy|Eycfkl$0sEv7A{Ry?Tp+M3 zU*GVO^k{J3SX*S@EK*v6ZrMb9)V;@osFv&S5&j5QIAjZ_lE6N*I&zTfSD=drydeYWWyO(jh^K;>ZXQ(=4m0j|je{v1wX;Rgx1ck%F+bT(|tA1B+nGO=o^ z$>Wa^`PeO;!L%qTyQEk7^l6n$$rB_`O~od5;R zkALa6LeOI1TMKAS6l2U*Bd2#qbLC`mgo7-MXL~uFf!I5hx&JZtX;?sbZVK!x>4&oo zwUM?JUpQW1)aD0Tz%kP5#Zed$MVMhlN!qlLm2FXW*!?>FPh)#ZJYj6YVUypP$w=A5 zL+b^B=XKuOPZJFfbub%tj}bUuRbCNtIZnBOj4NKXi%-=G_=juk^oq&kSK#*kgZ)7o zV!^-_+G)4A0Y4!rvSKy_99i3NYJejvJj!2vA@!F9HAnibTce5kYS-#wKE18sQ#ccL z;hWIhtp<+jb#4th_o^sQu6M$(f+QCyNzWQ_=Ln4qCrSwV-nLV<8F-cn$eaV@{KFX@q70DpzTB+r zBd?ndsNfgxGL$oB2(-CecObaaElfoGeB(u-T{5Vr?7rv|15NIwP$9@XG%N( z5HSiAKU#mXuF>_~e{E|G!HY(=vfDqaPXf{5yw{#^`DLYUNBOMC-!Mwq3mJt_RWLFj6f`ZVnlb?gRy9Jau%XW0Kigz$^ z25D%rnI)H|BVOzmd_R1|+vTr@p>Jg|&E&6_S;#7y{ADy|U@Cr?TD99DUU-^>+Lvuy z)obxOb&v;zk%&uv#8rjd<4}=1B;}?q>hL?AGtq2XTh=+L;nFg8ygl{&7*hSwVs2RL z>Gk_`%?d1*@Vo;oF4XoMXN0;?QednJ zdQ(pNp^fE2q-I6YYD()~oq06F*VSA9=LT7LJL~`Jlhy`kw%;FD^gEUAo!#JN5&rHI z#^2xSq$!o~d@7;;uFJ0G_W^YYYIn~OyU7alR2gGk$Yd!OC<^(V36dL4dCqpM`r<}RYw)Dgcx7aRbRQGZG{2t3=iv7+r zwA&Hys>yK}&G3wDNUTK;PB`E7iGFzAf9!r1NkYOn$Kjg=2*|FsJedL&aB+?IvLZ!5 zzOyXKt=f!>)pOos6K-ePt=kaZk1!w3Lx3=3tuVUv$xlfsG@%+LRv#Y$s#`WHj`eRT zXn@B{l^g53C^l+uDtuL1v}#iB{m9`t+IJ=URE>MRAH!4Do;qk7WmJFN{I|PJ@z&|6 zO+sK1IMoBi4?d=lIO01&+0&^iKm%5x%!(0VGVLxFhwxX$D8mahtv})(Z;WYe?IFPB zoR#~ouc~%tg?lRAnEEctQT^$jfwB8NuUNzs6XF|~Ah!~3=VAXH>!a(}SCyK42I;-_ z%rl>Vz}P&$5K8WSq&-R;{Xud`KEj=bw`UJL6uJtp^ZY?__)y%T`Eau?HY~X`v8GVo z!;d3b$(vXKJoQTH-b!h3s77w?$LO0!*bq;A3r~`~PP@K?nO;V9=cb8Xgsg?=wt!m0 zh2D*$$fq}Re{rk|x@W%fFjRSPpi$`GZafwEntj8H*jv2e%F+}Mp4>;;GG@G#ns%e3 zs(UGYI8b4>@q>iUU(32s%`)5j@rL-tjgr})&-%jQHM&_HW&P*zcYPOULzTTMLV?kY z<>7sUA&U-6&+hX2Fp+MGc@$EADv>)T7~j4bDb zxm!ecEsOevNgexQR7%pfU$_%C>PP&9IPE%RV2%YFCN<9LIw;h--DYIF!D}V(ujF z>9lQ-N3ad*JT5IqvS5>@&29E7pf916k1DHGB^;r}f7y#~( zb~EM$Sx9fKO${xTBL2QuFKfxF&n-Y%#A{_D4V(47A4~0FpV6lDGVms*u+}t9z+Wae z-D$1!vt#{S>5Gd}0eja?FOsrr*nuc;sLf|(NzQcZ*7wu7rr6}6QxZ96=4wSrTpu>A zM*p81{g#Jd2Rcy`P_S*l7!uIIeK3Hvo|1)cgSIaM;(1fOQ>(}Frawq(_P6?XX6&;t z;F#Q@Le6URY>LPK$KIRAL*4#;|5~*YB0C`}d$urWLy{!fw`AY5kG&`&MhGD!*|IM~ z_UvRC``E?U_n`*OaQ=?b*=fGl@4D%J+}HQI??0}`qdzmBV?W-{_v>{W$6!R1(jsm- z&nhsTf_?Lhk2ldEatdK?9k}$mc-;BB+JUiPI>k?Y;I07$!5KA90T!*zQHx<}6&3~b z`$KFYMcK`9Kia&io6xcta6PUUj>QBkuo$O^3C2A4LN88Pt>NN%y@ob1CeGFcmjz0% zBPhVUJyg3b9DgSVhN^KjLt1MZ$ri0uG!V9+fzaE7$Vr4NSg@vYHhUI8F=17p<;g8x=}SFt(KIXOX8?@*QS5(+_#1j1ef$ z-~q$$mGqMldUTArrui_`yLJX?)UN=hb;iY+5ku2+@%MU~)xlCMT@PmnT7TY}9M^T$ zVtMh{#2_^Xxr;m_Do#?jtUVQ>Bg`Zw5fHGJeRgARU9QMm@zgAbZiFl+mzOD(r{=R7 z>yTrXaeSA-nID{?5Ce~RxogYpxj=P^l(*JSM7NcvWS-p{LloM|_um=nC2@3PfK#GM zWNYKk>ROO#m{(AUIr@}xMOF@wA#$&=iM+}66=gm}5{1dkri3ov?=&c~Ic3_QYbNg> zxyXWOIz)HR=w_*t;=Q-)$un)3oMMzkT!^%-Boq2|x5MY9AM*kqb@?A*;`EFA4xCqv zqCFz+C)r#dgX{G@N9yUqZ}a z1n$5@Et_h_r)v?BB3B;f6=PC1w5e`)ZvEvmExV^f4sBuqzsIbTgBol`3JjuD^LCB- zI0`X^H!-+D#Nx3f_l)zL*n&U->qqBcQHblB+nng7q>mmz?F>3Izikr*?t)J`DaC3% z96x`5c{F0S%SJ+4%0PVeRh)3~tb-cO`;BUen{wW3+Hf(21@M~^Q`28-URRdgIx+a> zC@R^uTkZUN9N1?Q(yyCjLGR8AKd@P|0mHX=HRpNuQYT+)@l#zf6Nw`y0)KSruO;@S zX7i)fg5f&s@{TL@&mAY@()2#$@ZGMm(iH?k4@GU)a|gcJU;=Efe1tsE1k@Rzq>eP!NgO^?e@TQijuZ* z2<)xB8Hnbr#tYf=$kUY~1yc*2fIltExoJJN5P4H~J`!&-nWyX@d5d`fp2 zdqX_-`N4-Sw)NCY5Zf-%#J*pH**jo$`7G{QuVBne)|IxWjx!%`fVXDg`Kxak&sm0q z_R~+O{_qPVM@hqe{_GwwKYiROcf@dznV4+zQw#}oGZ$v&c4+{t?`{mSloPu28$sjT ziVw8(&Oo(idSB24AqP9>Pl@qH((4!hSX6^3g8;YFnmM>e>;UpZ$Vqt+;3B?0g6ibS z$Q#;+DE77CK1>H?xdu_zt3#`J1l5k+_4S z5-Dli*)JhH4i+~8>*p6|9eo+jHN*IZequiUJyo3oRx8iCU+*nQZ%kN0`oT&MHI&Fz z^c8w)O$5al28MkhW`)`6oMPmY6BMe9>#j?qGq{v9qD8TY2%A3Kzh0rU(cmiaX7TTy zT-7`6ehYmxEj7l53~D+P@j+PM9y3we?9CU$8YsdX7Ux4L5+KPuucAIBeb)nK9a@B#;=tV4#0CknDKcvxD0%eG%tQp zDtB|Ve-MFl-*hVr7B@yzuG-X(Y+ZCnFlh;LXPEW#Fr80E1HjZA5GOxNVlF3TG zyz}UN)_(d&f!_C);(5e7#=Sr>!@U?PeQ{SE2aR9oEJ+ST#29jYX~?_Xbd`u6Uf_@}-8VjHw%=0wg$WKF}3XRO2Ypd}Ift4CXN>yLd43u~YTRX1LcbZ||g zoT#|4;Xi(wSBYwbVWp#Y@veFO^kS2lAKRp`9E~**u>^@lN__osMqlKLW|ZT3%L`O= zU#C2ZSKY^BB-fiOsh4H*;$T&6V6v`)7Zk4d!nK<8(Y$`J7YAiaL@WA=;tVEE#~1{X zRdH~@`0sB-j&r;eEWf1%b*_=sg7c@-#TQ*jrVo45&t~+Qi2l3iKV57dFm8=AJl}pV z!NS;Di2q=t;9o?1$wtgnui7r=>l z)IiPotWAN}NL&{my3Przg+PPHMP3%P%4NDsjoD`m99BK2XCtqjJ6E9{5`jXNJE{R5 z@}QERr&D%L{S-GQscg-^ZS3W4a6W)x5-ShB_o2+ImI(ysDdwS? zrjnFmb$Y4yVy9SE2oZr;FL8gtD53xrd-oF z5qR*PqP81|Ub_@(V!?7WB}oa^)O5Kg6&&p_@7%+DMFSCQZ5-mhEZ2*yiFJ!H8KdA@ zTr^MYCpokC8xQBH%+Dr)h1qGai701vA~0tFI-Ml|LiA1PMOKTrDrs9WWZ(-}5H}{+ z*iqv8VIwa08k@5Gi~3U~lyqk!rnC6OdevS)+|ocU8T@-5e@l!w96Yo(dt(hTTyP1vn_%}x;)6I>9kBbagWcckX932Q>3LhG5hLRA8d#}qL@u86Ttsn|s)vIj zv?KMhq16&na&c=n;bQOwH%Pj~)L?7#)6p`A%cT#&mq8lF;a3(xjI$MT2{kOQhE>C{ z{XE|e$>weRi|Ed|IM2nwzleI6`}0pCvzEkYzxGzJK_eP8A{t~@(z?HY=YL+Y-3}Xt z8a-(E3T-|ecxMes!(fULsN~*ZuoM5K3Lu53aR55Vh)ff6}M^ zG_Mh-y}J7xMuI8;4Vv6v@?uf%$K2eNsM4<9N3T4#66oC$*^Cu0B@Xc;nvnr>?y@N1 zE{EQdl`a2X>zYrm^aK`)m3zvX&SW#j&X)Wd%dM2tx_c5}FZU?OUeshWNFu9~QFkda z4DMsy&EEPSNLsz?wtZi2@ZCF*XL3{5ow2)+NK^m*ukf5Y1E(M0LY?jb-Mv5!5A0}=IkuDxX@>w^; zPP|>;8jUfwA1JXQ-{{rhy?0KMp{uRP!B9nb#HOF`Ieo?Ene4*{U@3ybG&31I4$g1X z;x_ae&S_@8%ZEnFi=CZi?;Bg&?l0#f+3I+IC{%_NVq6SZPebw|c+LPEN_>77c;P(q zo3=Z)+k>|y%33SD!X}ro@sce|i@m`H;sx|*5UhWLD5A{1rypB_h$P24O(s8d^AcZ( zF}PgYRB?;>+f(5moB0F5r=SBKs@3wrt*v7kqMBE*uC;4`zJsG1E0eHcO#7$k4iPIu5TgYjh&t5b(s8dR+8cR z3=O{DyRwD~z6RS&dxTjUsYi)4KBqr(bfi+)P1(W3;RS-C^22A+{mYSMM+(MNn6}n& z9Q)%gg{GHtOao+v%)`OrO=Qd1O5v7iIAgu*`)S!+a4Y_JFujhMs;$CUCf9s^S&X3{ z0?SxiCBA<9IpZ~I`nBko8eO5thh0I4mj!DdbdJ+V7sX)8-X9{Z5Iot$W{_I2@Gg@bESx;> zdG?(nWuxhzaNlm1wnEgv9(Ehci({odkHn1%fXRM`%2Q^zRH`>&w353kdBioKuiagr zG2vsCOO|FVJ4RvKDsIhwQom7egyo3U*F&~lSLZI_^L|wzFP8tI%=tPPzCkxty%E|g zQJt0_N2f--Ol83z9M>EEs2^ibROZm;dZK$j?vv67*f}7Bln@I*2?kSNmNehKr8Css9pGdpYP$b**;)RHj##c z1jN1sn7(~!<5`B8$QjwOSfcrk+b@#B7A;IB`5-*~tQYb`8~+K}Q#-Vc_C!F7@Rey0 zFq*rD4s7^TPsfN!#qreZe3a{<}k8)x?vPNvF-pTa1&QjHPW)gfAP1Ev;{ zEdPY~0}|u#RQe+l;~&d@8OPisL}4|~dzyi~Tc(A_b12f~i429It?vZ6eLIkZ;<9R{ zWiyp@)y9KgiuH!OoRy?qK_eeQ*X2Y8sSwTXA^8BOp+pn5ZJY@{^~c$Li`E9-!dWei zgz1_e<5}d}KP(cPjbD=bJ9L%)gaH3cblYKTOb8sI_L1!(S1r*|ISHaHk!^~@+h4ZZ zv6r^HuuQRAv1Q<9Swv)M<65C5@anMRtd={$j(Zx4s*Ucc?XVc3-EMj+jm^i@mRym% zR(0YNrEQ$ctlWd}EJ+96nqcxdM*bBzaDS2)F@d7#FEDBxJ)vjc3h-k(XO|W0D%e+ATb?8p z`eP`}zh+!`tyAB5TRVdJY0V*1>g6zSy|6=A7L3=1J0nyp%77~)L21H4IhO$)Tl}S| zjWcEiQG43!K{s0gTFTEWm%Ee7s6?x-l>83Owd?e@z6YLhhjmfUneK>}No)lspFm^( z3CCuIZBu{@bB>FjTqKw1XvNf(tuZlM4$?n@9T$bz2Kd!hl0mK~&9MyDRM3hIrv<4GZ54C# zO}tBPV&(oqG@a1;JJmJ+P>n_^kX+()_BZ&Ixf^|VxJ1HRu=W$1b;2IYk)He`#moD` zt9<{xU+nQ;3eC$W-LLfuS@@&S!cQHj6R&m1Vc=zJ>Tzn8w%(uVCwipFa3EU~l_r$! zhvRXKxfW0jvNaYF5^6x!8**L$hnJlKP`tQD5kI*idxevi@2lU;gsm~o9-|3vHSFU@ zvcWr9i*ik)XfN zaW>%gS4|x?_d{2L%Ep}q>DTnF^lfsFGc$~8krQ4?ClOLkKxvtKZQ1`~9_h?*+R$PY zgb^uoUHvnj6k_lAtBH|_ zQ;A!%nwtD#Ga^Q*^GV(wNj+!5R2?VL4fle3RV#jAIP`TD7yLcJWqN72a_hnA7`}4X zB~-#cL3mP!u2d#~cWzidH!OHeIc;{v;5dLQhKiN1Nx^T>5p>i5ov(-?RlqA(r^V$% zm#^oGm5+xXH=Clf`u3W7GxWStf&Frz^55A4(8t@9=#hkU*(W0$9Wd{XvuCmgq^IAJ zIMdhqSPzku+b^n@R07b^m?!Ty)1?p#@)pZ*2ATS*^4o`t-gHDzvjsAKUQbZM3wj{A z7Z5P+ejRl_#mr7;M%YBH>_GxIq{ga@{1DTXTbG4l9_WD9{h;-C-WhQRh7N|++u1Jbh`huZ4_HSdb(wO-TKgQ8ET%jnFS`~+ zu~4GA%B2hdEQ@x4FxPQ!eAU+jnR4k0_=TY0=dB}g`G>WD41yY_VZGv_z&Hl;)Ghl5 zBm)A*%JzWQx%fThQ9*p@jdxLe*W_&E!Sgu-bQV)VDMI@w)_~S;5Oufq_G#WwgV9y* zdqWfBB~tq^B#>oQK{{ahVz$IeC5#8IC2EZ3iEy~osgPSUy_N6!hyj~;jTrP2wAFqM z)bW-pO8xqn08cc}t(*6^+k@B!8bHVR~efSi{36R1NLTNZETpikYr6_ixJ>-p+OQpqEB0enYT3M)!SfH8! zF_^4!S=`UJDfrEjCu$u*R$}lBJ}dF^@2tcN8P{~;9W`(CEOdPSPJV#RX)_a@*oi?l zNv}Q(`|;6|Tgje@t$>s_c zz~X!|*0`M|2V`h8CxcahxK_kiKL2TNlPbwCpPh-ci}T(eHIIL}%?f>Ww>uhHvwcpi z^}V#dBj!82nK6B`iN;z2uLxFN#JgikfrJ+y_#(@9{ikD8dAF*dQO?>at=N}CarW$0 zMI7%Qp+<6XoTx=L)zC3_#RP^UkB{lwz`3X2-E%&5>u(D92cR7(QQOSGYo{arFtqFX zN?I>h_a*sCz(7Tz2lT;*^$XAlZR3(*z53%OiOp_Fnz1rlWSZjKQ>6UP`*6>qN2Mf&Q^4Y|F>__c*AF0*56_AfxH57b&7ia z{Uq>MDsYRA+&J-ciaja$?KpNvi;EZ+wRqsrbt%54 zwQfUWG*Fu@VH@XLvgKA!Hv9ALdNe~?Pqsn-q{g!Fh_&|7EmVTa0RGFc>2}rVb})7-T1}Y>q6p) z@C5qZJGTzJmM02ylr5m61lL<7&t^J~VJR|({ZyzbO#1Co(p^H&>q?0CNS%bvt*aKr zDN>kmT#pbrdDhGHT-@W3X6qm#ZALyYTYvdtXA0C{qx*56n)0|5O<_zj9O<`kFW-sb zq2^}1(bu?4-~fhxUsm|#E?6?n7F#KTWjk89OrV8B9cT=ms z6Is#<*F2k^Gf%EJzJM~HauiLTK}hTWp)(dpgMZ`^b)y-6KkdKpQ0>6D7oB2~x~%P3 zx!`;e_m#xK%~8Wa8dY|M)$_!M4-{p$#&!Pz?ES8>_|N})y!m=R)&qdu^KXE!eW9;} zbRX6On??DHwoLo>)GX3{#8G=;yp(2}DQn;{CSaCQP)Cc!-Vhb8KVBR6pyBg$aAdZi z8_j%jRa@}m4`uUpl49kZR^P&E#N?1kAzz!B29Cr>ynizI@dh17;ECcf1Pw52Wg=g4 z-3xNkc{8vXZ(a=x0)|nS?~A`zBiIzM6yVk0&%KGc6)RB%T?3DU@Q#8QgTv#BmkfsN z8=8^P!)QfVwnGe*ZKW;Lan{f-uL1MSWHOarc=n8M6Y3y1C9>l=2Wc1omA{AreG`)! zoU=7zSymteY<;jiMq2$++031yq~`+yx6}D zC)wJxjul?(R;~9z9s6;b{bZ|M_pC^s&6?$UOgtyajcxQ9PV4)0u&4&5f4so4zzswS zk{0H)1yrun&)dR`@M0?74iwLM?9TQg>#4!FM}SqdT{R`3%;VGS6|HPvLDp=pgqBuJ zQvT}g`VRm5OT%GZ$r7{JbFLJ0^0YotIHR_$uXr%MLmMyxAr<`Ef**Y- zYpBze>~Vbnpm?lo5in2 zmr-nilyR0F`?!D8CREre^ok-8JxsK2M{x#5=eaj(G{k}A3a4$R;r!+@eP1m_B5LvK zPt|YrCwM=1>e=!)Kb(Mp-Tc4S6&rlY{U*{;Ym*x%H&&CN#l&}X(#hE!g z(=cGv4yIisX&L(D(*!{#kc3D6r}`xP@>G{~EjJuoi}Qbcy)^Ofw_rZ}udk!Dbjom% znh>)6p}0k)+F;)EUEqA^k=Kvb9>Ssy(TArytKA>aQgD7Uc-~t$LZ(Vw>8SdOz!%2w zh7FT(-scd5)aE3p&3&vW)O`}~Gty>nc&{;&P?#d878!t@|#lPwnw;T0Nh#^Ql1`wVHnYJb@N`!Hv<1A^t>Df<_ZQ z_4bMpNt;%w_ME!YN?YNi>qnUS@Bc;gMA@V_!>T|S&9-XQrP`+xRhYX~rGqVeR=Knm zXfgma>yx;fEAfHL7jjm5)(1JfrNnNn8ofIHy13=#`&C(@sqhqw7d;COdOJV%>xb>O zFKk49TRvvaDu<>@z{n@kwy>_UhfO@bCK^QJ!i;{0ly%NF!-yS63w4(Y);+Vni&fvA z{c?Gbh_{h7s2KC1t7HA-2fc+&|KZT=FfJ_> z*nyUpPuFJg$2p~{JSn7}c^Skv{BdoX0k8}nB>9AUn z&P`4C`~Cw~8GS)d&lje057`Fxo&%r^)vAxA7}zjgUkn{&4pjlQHqZSc8ghow}scRjD;}yjf1hDPOg2n4eT(RojP}`lAsaw!QsC+8gxb^8T9emVx}osGULNs zE7I4M^GX8m7^Cox+XpL(FW_>5I&KfJ+!N{6Kj?atR%tM83PjSoE=jpmks zRL?~2ly2vTGi**kQ8jVGz;??Dih(^BIlVo1yU?Yy&@1y{o0G_06g?)x!)?6iS(!k( zV#0iMe1Eo8p-ZkuoQv@0O9oHFpf{81jHIB~ohJ(uS~A^YgLfy90ur9ibZS;$K6;|k zIIpmOsu})qaO$e`=6wPB`~zRMI9aRXuC7c6Re&>}$LgjBJ?kdHfvb{G?l|kk_<0q9 z*r2Yf4HBO`=ItF$ruX&l49;Nu7~l-)t+)i`s2OOfVCog(&7V8-wr6aW!<|M&=XZ%b zEz;0O%TqSA;4_Hyc}~ZLsC_ z<=Gx6d_iR}*+kX3$+-ZcT4oslwHu^T1}JZ-+Ox@ z*G2lRD0>Ci>%*ozeJu53;*%sbz_^#*X~JJqJrBo?Vj!-MSQ~~K&o72(U4^NxPQ0?< zYordjA1A?i;x8i5^98NuiX@}vo~jA-)kpmn)(Y7k6X`V5+(W$^kLOypFsJ{DB&;*I z$moAv0_ByWKnEsTErjD(Om?BP<+!L;b0~L44fA8^8_@4*1(~hwyqQ6YyDeBuR~evt zJQo@4YYpd)j&3WgCuOn6BAG8Qlf9V;X#@H(5IW^QZrr>_Tl6vodm;UHj=wM@Ui{#- zTJzRM;&+eZxq!YZ8e&5*=9f=y6x~9{zAM_MEyfz2k(+4T)~fUSVu>#U>uY{(9C)9z z?6g&ui0^baW=`IY`;?T)yKP)yYw2@0$#t4GiP=?fZq1%kd%GI7S zzqH+C-pR$H5X{l`Qr~$@nMR3C%e%N^XbLc*EzyiH*Khx4&?e%9{&cr zR;O5QZT-yAjaG_aQL-IfftQ`$s>Hu0gNeu8-R{SbvM#LQy-rb+mZOskSe%K|$Yz63 z$3}den23)hYY#-u79(zEtWJi36o-VrJx!Sisx$=qDi)PtxQx!d{1bLh>>g_HNZO0EvR!w-sd2MX2 zK{8`-{;mTN2rKR4tr+rC4M;3>K2){4nEMjflMUJMFKClQgJ&%Q;*2fC1h79`GKZEfn2jo~w`bNUax1nWUIVc|0 zsPh`viqEZr#ND--EGu@Ws%KSWed@wWX;Kr%(go2-&dMFztmrXq>+lyA^t$3mXLw@B zSyT;Nqz*HX zUE@$Hyq4L}S!}V-_wE3y@}42Aar2%fNZ)3{?@MQAZRa&lRhs9&&HGrY33+otYw|Vc zDY9Alks^_66@?cF)^}K^Bv@>9dRf{XG8GY(u>)7fv5?t_YjSkae2GMi$#|o$A}RE; zxQn}@Gv-1mPfk3Kob%Z#n;&;J>SeW6uD0O{yG6sZ?e%thI<-tH+id$%C#tuA#4>z~$ndqGo1QYSzwT30APw!G|An6W{5^VK;{pVZ8ZmQHF;@iW5)p9hft_h|ps$ zAzbJ3AbXZUHOnVceIrKBN4tFzs}SDy7tv*%OvYvIuOeT^)b-!MWPjJ2fnXC-V|b5K zT@mqzn+i&hDq|HE@qfmfj{tvnvZw|9De!Vw)0TxnohR5fy*G-9W;-mK`_h}n|NyB*XH7Uf)6M=Fqk*g4&0@k^5Y$_%yQm*uxPsOVy#r6 zcB1CgM?0xI6M{@&u%U%BkNPFdd6|_Lk4{QsTu{T42~L}FLP{?lxJYHPrDVU>VIbJ( z)jcnxr+wWiFO=zWlwm1!{7hxTxk|ksiTwQNZorzwX>q$Z!*Q6A+v`pkA}5yi_T)fQ z_>Jr0>PM-Wf1K5H0s~$xXPIElXClRcXe+?+_IDlP2UwMfswkFKj^OhLj5j|9sXdjj zkgwAPv6J`5qF1%+@sBNX7LTnaMLxNE^e>`^!GVU3b&{HqzoLxsTnNPF*h!IAHuJIr^LM(CjXbc@-Qko$3XY$y6nQT(!_h*^ zeUrsE+2kjhc_x*;?P;&l|Lk4#g&U;Jxn2vP>8j{Bl%O=3VRQfGV(`ri|c`% zy{2+^`qnA|_9T z@P=`fhTl8hV*1T~H|U-MNBjSQ7=;|r>=IN`XZo6_W>>3CGz#;kgbqgxd=W9I7tk*9 zljPXot&0ww*=FkY>~U)BJcjd6+*D2*1{L-&yCC82Jp&Fr?G|wwKtE}<=c%%Qn%bgK zgE%N|rmHDJJNeEuf8v2g2u1V^b8m*VgAkgH+`3D%Z`i*uXX^`qn~+~{^XeWFL~(?S zRp|@PKZ@7=^zU>RPxZ)}k?Eqwm*DKvdxp}w$LURkz^POKVO5bK>d*-6f<1yMme%D; z^P48^DZxjg#NGsqB~3WSAMI6)V#FzT*_GhH?1@gCh!>{$ZGzb_BV#VJO>nGgSzGZWJK`TmtNk-n0w8?yCk zt7e{bl~|*e`vpsJcRL;n89nF^IqUd{|J|Cb|2Fs^RYmAoPqs=dLrYG^Ox)ehDPiOL z{Xx`@5BT4qcae**%*tMc8D2S3V;pN<;~E&LqD`z8IBQfX;@M(@eTTAM>O)W>fX$cb zInKm|+s`+}uzbELkYTB2b?$W6q zp)>XQVAOovq<&3eAftO5Vj|R~n5jN!YBer5F_@g0Qz~F(fb}k2w>soCJWY*&Q^f^; z)*&HS>0`kqNm9o*+E%qlPwRQ)L0Q*6DzdBRM4f!s7(mMQgv6YQ94Eix{9K6aS`9kZd;R3N-|-%B+clZ?_sR~q37@R^6&+EfWSjkz^xbCbHd=LbWg*c6%T2{@XYyi1Swp)7W2So9h{sJ?Dhz-dcTh^;D&xZQd$r=08h%EWrw*WTA

!^Cs#XDUf{s8%f_}#jHUfdsfbv(<#25%x4uZ_Hb6$&pz2`mpa79Kx>_%&!ukscf$8#M<<06~_a^6@GljbS+|goqR3$ET>a`q_5| zaXsOg_*8=*Jjz`v!(7j#`#gVo&BVQpE1ybmO>~#O=0F&6U6ZkY=azH`*1dCMRqk<^@MxEe5<^6ch_(y6WZiSF7lPCOG*zeYKtjCiguV^&gWB!6!Dl zYDR=$<9erbw%}GLxEcWbC9SG$nJ44NKu8+c_U{E}N%{U@kZc157p8ot+R1D>O2cMw}oi*n_k66}znqDTO94af?P%f!4(hFkQtbeKVLo~0yL;Nwb z8ddb!zlaRsW>jSC4Pn!dZc_(o6ceolJ_JW$t^HBrqBb}odrTv9SW^hD=oRVHK2Yry zS?0$n_?R1vd4gQU=UI^8pdHkc7_VAiM!|vOl|U~u z@D?*-G5*o2Bti<@?GUHhx~+?-tar9rerGSswbbJiWn-Va`|Fp3{c(UHg{vi$Ya^Kq z3L}i3F&Q*R(P(&&3mJ6Cwei<6Qlsw$p*W8VDV`qk$Q!s6P3#d&#ipXl=})OBLwvPC zu>4nQshnUIseucc{;Wv&BeHvcUxa3u6M!+{&#N$@V@Ns;vYL6Of?gCDn9@;VUd)9w+rO$XtRsm z26v!LmMqb#%w?O?&`3G7=Q~Fm5(K7HB_!dBC3M@7D8!#q>#6M3y1!`~^waKd{#$T+ zn;smf8E+MG3?^;Gq{}!3%H<|*hNTWNtDZ&$iZQ%tmI>sVvgXN5#Z*(KN81+Z zZ9U=~nwi;xTB((uk}8Ar!sd~Vf9dOx@oZYCTb0sa^SE1OE_c7<^G!SX&&emfKB?7T z5gP}GYWLvW@T8qQ6Szs7prg(9E`t`h_8jc&u!3U&7UN2gK;bN z)Alzb7lqZtacNEkZe>LmM>${U`#un5O8R@W|L>Ex+CJc^#x1`(cz;T@ypwCQie2+;;Q^gjS9O+pgh()txYd~tIjAA_YfyBA%-4#79 ze8#uS{85e9G%CzkRlbpGR*uKNWTaZrsimr5FUQgsT{QG}k1`ti^yHp_?4fu~cR25_ z#P`3%%T{~g?_}AYuq$^7UuQ!3NR=2U+fc14=QElc(d!F#LkXc5R*fR<(yBy*=t(>* zoN6?4yT7aBZW{2$q%k!J>yK+K=OQ4U4rYMul`q)8?RYxDc)WEt z8YN&O1s~1a;&x>1Yq?Sd3j-(iftvLL&PxL_;Ff_l{&@2#cOf)y)d+9*y|A(2n~Tmj zgx><)jH&VCL3@_VE4NXiNoI4{BOToY0b|=nBA(A^TqyngZ7Lcd=*^ClFs|ae;cW&o zhh9TDgxarXst?UrjNfJ(PKM`}QdsF@p90uo{TsGov;IS3C3|1?4W_^WI`*+ab>if_ zFyc}A8Xb_Rq!!DTgnU}QxsL{-3`mWiZ#fTM+aS9YPW)Sm z{f+cS{~$ff7)4XGc74lNI{rkGR2hLd&cyA3-0d&;J8@b;`rD*$dvtoyW&^W|8^-ci zF4+f_mKs2m&7D5$SQ1Vs=W1}9FpdKy-ed_8^1w8G3vLU6L_MxHgzw?)=yW!5I{CQR30Xk@?i|}l^ zB~QzsIuO9O2Ct2-yVQfb)4;Wodn?v=y5QAw7%|>m$|?5RhpjCVOOXXwhQk}tb2`zF zzZ9{1WOzAzqqKT@Zi1|S2&-f^gMHD#yPF+QXWWykKY6m^XWj8Rg~SaXB`o*AheiXS zR8M;PIoRf{{n)K_Izg?Ae)hnkJ~WNf&AMkwUc9v^+-oWG<;>tis->&-7ALDm&p^0Q z^8SnN0&bWltJiXuH?P#e)xXg-1H*5(h}tPHw?W#g+BM8{o4MPw*(o&- zB%MBP>Lm=*Tb6BEBzON9t&I+>xED)rCICSG`1u3(dX8)kU9C4Q_`de9S~>7t zBTjAf%D*h*cfs@)9P1*ztX}BXsP`i^s*Ut+ugyzIAXHWle2nHPPxFXaJ(GcUp=f&g z?Fz1=zPVAdVAEXhKOq_swcZQ|Zblt1m9WN~XH;?*1`sdoh{PXKiLyCRz8ceGgqqan zX-kj2LKMQ^%e-}YP*)&%<1eDjTWwEVjl)xRc6d6%7{pGJc_Zmt{7Lgr(-KS)Myv5g ze%*v3`=O`JYqE5_%s-LJnE>Sc3e4PZX2@eaB+2L?gBmLrjDAbC%dI;+Pncd(6?p-% z9YfH0q;Hdfa%{b72Evphn-*kvPzvam;&jQjFgI1nav<4^(DbCV|7cZQKo$-{`YI5R z824I|$}2Ko?J`J-LAQ(l+B4f4b~7Z&^8-D>z7A18TJ7}mHMA_(j0QTb*63MqsWdQ+ zr{6roL;i@RC4cN}cYyYHqn*ZiJ+R%4EgI{Q&eKNr|2THnd}WiO;?$?C-$kkv>fZ3t z?ZR;dX1ll_%yYXwwIkI%dfP1#EOP||j)kPyF2_%}-4FjM!2WGJK zKtyaY&8Eqw3>b)dh>Cg^n~DTAJ&GPF`llFuBM?va*8kERN@yvdO&{%({R9m~EjV?y zyN7{!LRV8v76`{7z6?8tz!)ZcI1!uP6Y_ThY!b|)M*dddv>mL&(R0>H9|E2yW(8RhD z4j-=ZN;Eg3?^~QAyU6N@cEw2pvh>+hNq zN-D5+Pmsi@9Vnn>^h?`H#(+Npg#dr`VsHxDBSR@Su?^21uLP;+Dk&qdI>fCl=vl2n zf`{dJ{vzVE2G{Ka5&g$};56)qcK+YCHUjh2rILN<+K!eKq;a4zsy;W{e@GRK3@xvI zz(UYVtL>%k2-?)@G)R1Js4`woCD`yYq$r_4A2<;@!b<_3iOH%dVEr1QQ^iNO^+1w8 z1W5_s3!=HjcT(2`%7AvTA4scm)QNp`Y-Na#1u{S~c+$ zxO3yJat>akb5iD|hGvI7Z*}0(x|cxeLb4zA=7DqkEy8B0K$pZ=6K?{_b}{a4zws9^#QXcXtBVCCu2 zt-Ps=n$C*srn$6vX_k!vVmZ`pF8GVK@FwZOe@xP<4vOq%_H+UlE$ait(x}^@yXZww z=u4G@s#1MSD`A_JXf7<%AZ{xYe@&!bOr^2NR-0{+v!zMEG>#YV2@oiYsHssKwTwH4 zo26)q;9|cqeTBuRiT+TuYHZBOOxUa4A(f?9TM7DX?DQ=&NtSNOCIobZbAr1I8ZxVzuU%*Ysq$i=B<8FGV zMz->_49V|Q+|9L8y-IwAg|T}O6IPZ_{15TaRnJYj(ae{sN{jx=dYipn0w=v=naHI_Qg(%@4(+NL@?+>(8M7A z-q3m&CXIyi=8fE-jN@f-;iEsQ7Y$6>#Jwf0dYZZI1ul+Ts){Vthc(zDEhH%$i5Bmx zPlU89;XT@fb*=&Dj3ELj4IY*i;1$+vXT1wadpy8&-mCWm-Yu(9u{YxGs^&<73>y_3 z@XZVAbImwu>fx%EF+Ql-aFgBQIDBiZ5E@))hFchZ4jyULEz zQ@w`2NisZUOb_S|^|?dxW3MU;GZUoWZrVu~RNMiHhllvYLvrUYP0?#N!}NJk4{spm zeyl^R(v5qy!C(*yTy+~JM9+#1F54ZOvB=odAZ;xG6m);DT?Q~DSQ$}rD!<0qoK>QS*6LsFKij`k{!fK-6)&=lS9e$9q6ZpYvSYbFl++vcb-E+k ztpWw?zvJJq*@JS0!$F4OM{XJc5vVcjL%uqSFLBbzP(=kRgIWrYhz=ctE0$)GCNskI zG{rxaZNb6%{~ePy)iN-ySvsP|Vlw58lk+okeH!0w|7bi>T5BZAX8+C&m<4wHpVNdQ zf{G&fMx@+|?>iwIGDVEMYKT6$rHiD~;b$*a&S+aI<&diifteh0yHhsA@w&V<*m4E>B7ma~>l0ABI<(TM({C&4BoD4=9J zj9dU-+p*JE%|}?`7a}rQs@eKh-4~7@B1;!xX0#2k2JiPgnUb#D9Y6VHd%LFXfo}Xq z7HL7dwnc!j|6)lstKJkQB z<~*$v*y@jf5twE8;JQvL^}U97NGW`dOnC__ln)(I=v5nY1B`9)N z2InoRoK|$8(en$o+Ql&T)rm;^i%rx)+As<8ViPwlpdNz#V)w+@e>-u?*Zjo9kH_*z zSX_@>RJEsi7-=CJ`aIn|?})y)#3fC9mQ5{}AnC8|v^Vn#f#c45>D6iAWxSoEL(zW` z5rkhN`+zV0*mLGL8w&GwQ&+|mOw3^H_Cr0BIEfL>b2d>Z6>1fZu%DfG{(s_m(4T>C z_WOBNN%qc1NI_B0uK$m{_l|1v|GEWHK%|NE4kA@)f)oWLDqVyq(h)+DUP2KF5)&1v zQUnA9geZuJl+e3`j);I1L4ptxq=O`&A(G-ee(${ReecYj`K>kY+%>ai?jO$|td+2m zlTSHkpS}0-j=+2bg3vJ%p0?L&FXAnmdHBCB`TwS=7>51Vb#D{g?r*=~tR<`y979&< zIPp2-tWz{gH}seJKg9L$f76luhdk;`yJ?eG%{nRY(6;#g?}L(BJOe1H~r`Tijw{#b@@B||Gb6$k74uwvxTQSten6W-zgl% zicUr&hEzX_o`xtmMW21a|9ql*ZKfp%XqkgeGWvBif49SH^Jjvq+S0DbH`j81B>`f= zf7qb^4O!p}emt4MN%DE!4odtb-Q-%Y^$2v@k72tRZ6Su1c5VQ?lo9+y@9*|f@?BJk z{h>9};_LM*nhqD!L{3~;dhuU#(TV?>iwbV46Fn1b3;go>ty3sg+2-nnR=POmz4zS!?y*STl@ zT`RePtY2cR)6T-GJTr1c-r?qTr2m$i`TvJ}dTj(5&~fl8o(!>V8%{axZ&$7gURE~@C^818S^zw20^(@4)*XJS2K z%fti>;1wKOPrR%fJp}$c(B1RDJJ9`2sl(^D+rSjvD_2YeZXEfa&;O7Zu;omcz}HA@ zDs>@a+A;43}wV!r^J9Zx%3UKuQ^nhx$m zD7MZRxDp`T!z_W&lIq;q@0|%h6vD+7MMQ?K{bV}&;2jf_`;pHaYj=%aigzrR(=(`G z4W!?1LkRYsZuZ*FZ^mjAlp*!P!OUqo;80ldQHs)AC8d%SrvLf;kBPxvyAt{Z;}l~O zNCp(s=DT$a#YwuU+AfwRozo@6K@`0NdpA6D<^D^ytMRj{+pVB}W!u89Jf%wLhd*%~ zj*JxZ^>+&}=7D=I8;3K6ujWVJj`&tM)n&~r$#_z7TuXa`jykUWNa-?Zxp|wq zh<3z*ea~eczbI}VV#>3Xx<3FPAyWTt({x%$*O9Kj+f@490#6rnXu$%W7~#(shO=u`DC0#=~5`V?WwVDykygAtN;lnK;vt(hc~y zk=+e6$e`^{DA{c($Xt67)c~En`(q6Brkm!6&VEU?u7uFL=I-E!p5?7!VBlmj>V zE5PApc2Eoh*i`tS*_|jaU{OnRTYxu6NWqkG^LsERP^f41+lL~F!O%nrL76nAmfG7? zjuc7}$PfJl#SvL;I7BWY`k+c-NV{TvbGQqBq@{hbI;8A^`R?h$gU_;31~d9swoRQ7 zvn=OWB;r1tP85m{^D9Zoj2F0hS)viOC)Rpc&Um0~4QX@A`uDNy7KoMLub-CTviK)- z<$+=)l6?Qursmcl!?C1KcOdn~B+PS;cu~cbo)A64d#TRlUPDF97q}B4gZrBq$Go3U z-}aA`UQ_CAu?n*P+VoP)odqyib)t*U1aJGrP|juD-rfRHa9wBD>#Z@Vv7vC4 z^Nff+Ff(G5nilVQMdVGw9G#EiGGHi4YDsMT!z2W=yb)(N@ypzvFt#_>GN5Jkx#IBq z$0%HJI%l4RHsnbBpNY^g1YE)`cYHrReZ(E#ISiB7HwU$e} z%}PJ)IK~_png?pi+c{4Kfq)5tfk?4V8IrH{mk@qxU@tb9UbZsYdRNWMCxtcZ#`ji}2$_48qgN3LD za>EiOix*0c`rk3p^ho%|DnnBzBo2b-FJbS!%Ggo(Z zgmWl#(q#}1^a?`X%{%g0UwQqqcWt*?@V5mXnGVEZ7qj%HeXS=D!*_dlsnF5e4>%Hz zpRCCg?3Q^H^WxgT?~wAzY!}KdDSV#65mN@|kL%Anvy_ZC%{FBhe%ikt?kdrew~DMe z!uZ1k2~qm)5%CN7Iwwhxomf%_`4MHDP%Vz%9T?}Li4vjlD_PtZe^q`}MK-3|82Bqb zCl1SvpI0E;_1_r0EK`_&X^8AW?=Y07WZ*Lf7SstWQHH9dyxvi5)JK4bTAk4mr^(+g5VU>s01Q%VJK7ccaLEvZX>YX%`T6%vyBQM_?pH&MC~wBt>RHF-~(Nu*w(AT3Bide0N4dYoV9>fLOQ&p&>y zu(h-?R98Y_)$?um{0Fv4%u<mr-%0xPzaRa$? zyv%BA#UiNnxLj~Y-Pn2X+?J0pD6;WB#ENt*(+ll4%N||6X+PnLy=@wveMOI5HWIYp z?QT|AEk=XPbSW?WK4r$9U>0iOD7 zU-bcY>#67or*PKsMKNXlTg8rd3p<|gOH@E*(O2yr@m(@wBcj&;KAk6E2ajNU(KAbd z>n?$lg$`k#)0!4m(eKQ}tex@RF0mJ+l>K#75_F^8U#69=4t*RpJ&Ye;H~qVivp^xJ zBw@%2hRPfq$@z}*1aDnr_)hVtvP zFGh_gxRq<$4siXDWU1p6E4=uwB>d`^mlKVy7j>;7E-I=Zw!=yu?Oj`YoW^`!ibAPKcFq^Y$r5+@_P7tZLVk9&a=Gf~WzM%ftG(SUzzE-vZdBY}h$gO?(2GF< z8IOdEISNe@CYdYO$$`O$dY5?nwoHX|@m8#7^%}lh%|ecUV(?65obONlHv#ven%-cy z#4b(i&Io@V3JZ>ao*v=){P9(m`GSSLsSU?d^HbmLHfhi3Cu!k^)^)pG%-p zZ&2zd{b>4C*SFrjugMRYX#VMNRX(Qx@0on(`YC%>OEu+zu2VEedMnbC=OjgW5F|?T z3MMi4xyeUcnOWX=Y@%{4P3x!^RNO?#Y=Lv|+IiU!t5U9K;+&}VXAa+I`;l02LOg~h zpp0MZQ|F?T5I{!*$Whf4K z2;c1uh5(7hO)A*(dfI7?+lB9)H`!Z+(q2GQv~MLyoVZw;89)AIQ<)fXo3c#xryP)b zC}~8VCCrn@*Pu<}meMUlOpOy&J3eXHCD7b=_p9iq>=xn&Lw>lXyiUppX@p!wRH!D7 zkk1p%lJV1svw=cS!31eROrDxArZ~zHhP4c<7l#SMvqi3tirBo=SsFTZn_gamQ8DD& z#I>M%b~D-?`oO8H$Yccbj2B>*q@&~GsI~gcoX;q{*64KohgUx7!989w(||T*Hwo9Y zHi$|GNgLc;f+m6l;TMU4J&U{rt23Mn0ehS`D=hraUzOt<7Rb7`f8m>~Yu(WC-z^~A z#iMJxtngB*4;)ScvU#E#BpD$vwH>KX`K7PVd+ep$xu7=nHq2d8GrlD~45EeT1~m<3 zbg5G+2XHJ1)c|KC(7V9f7VnMsJ3Bqu#^&U_|2Ti`%0t-%6NfCF6kEG}S$O?-p^zsG zj!Iw>(<=a>_d1qG`~J#wvVn8miWp1opa4_RI4b+40il&YnAw>U*lq7@pI@;dj1?6Y z7JC$MzUrE>rt639BPzlB$3L(f5b8nrZAkqrjYu+MaC-h>`d+Zw1yEH!%5Q_VEr=+_ zv#$;VkOt|UY+^QEx5t&O+f9+84SEuJNqaZ-urn$ut9l5lwwizJx2Lb6vpIkE;Npb= zo0NNB)ez4qLktdX;%*;9h~m2J%G@W$=qRPxVBXi)XP$QSZl{D4AhbA zqVn=Z+=Kh&x9IN}!W*DQ$&BrZy9N2A`-igq!$EI`c!Fk)?k>7}P#Zx#vl;hjM0zdK zA0$NqS-R$HNC**3}&#tum9~CT_2hDtl!Rwwg17h`K?DuJY7>yxOfNkp9{;bJ@aRD8WJ@CSSL{ z=5&JQ5w35;IJhFc+8`3Rk3;D%83Hu>j{2EStEE3oY=KioH5-c#nHAU={_dS5K^dqj zc{}%2!o84pPQC(RM>xMzR+bCbL^XW z>&0J$_wO);m^no=dPAorRi6TUR5F5Oml01pkLR{NJT%wgY1ur?m|H4vyoqJce{TNa$NTZbXaaxCRUhE z&DS1ARf-|KUvKu+-ljh)!Mw1eS0Do~3FEgx(uK=wkD`*gEzJb-3LoZayy;g*m)tV`o8u()NRI1;MQO}4c*&R*}9NepZGe2p>R z@gJUPBH-h{KdZ!xnsdd;O2tr3D4ffQGy`Qb;wEfSopPHPSXJY^2{j~n($?d5U zQ3(f}6!VmUMF~Z=?+}#QBtN4~l~fy>x1GKjRlTx(;~n^d$ZhsJT;1+omspWnxQ6H< z+))}ErH-UY9b9C}9(q!_I4szBvxjAMx+hX!-}4TfZIMl6V?01c{F^u^8tIFi=fo@S zT&&pA1NYtel69Zsc!(ONvD#+gn)RnAwN>?ZR;(jZ4ofiF3^B$eLy%HR6km2oHxz{N zK@zZ-xK0gZnBa)>ypc*aJ>dsT&PX6Yd^k%2|4>vmh2nw-4X9I;5{FO^i)Bee4?Dx4 z$8we`c73`!UYJN#zO&-)bWjZpv7a&S=Vh{sHWn?D$=^Hr;$g%gZwZFgY{!*qNxMc* zQtwh(mr`tJ-e);w6By)woaF}V`sEW_&Cn^!29;Td4ds+AW#XaX7zLBu5wOO(%a$dY#*h<;{5}^nPzv9I@pdRraBGZM#~K(nQK5 z$I;8TJAH{mWL-)ifwhH_{MO$&sQ3&?b+UiIxipr&wcw-yFo&=uLsP#*R8%K^@C5Y_ z(+NWmViE}Zj>{{=D6TO&IhYpl8rJQkP*lO{`2FE8b}@1P((I4vrre0GK`lY^= z-#0sxCXMk9{z^_)e_+vbwQbZe6NDyW6rly2EW!9uPI4ioY#A2B;D>o#pWfa5xw5xB z9r@(`Sx_ujMd=2Nx=$C@O2CjA{IrK2r|sM#Yz+fqM-^Myeq1cL<1<4OxzPyP+SpqNavXCHUITSQ-#2o#@ls!W) z!fgFvGXKLg^(m5i(>SZ%&%;E(mg)ZnJpTW!|KrF?Bni@e5d{=j;3NnqJX#DT04udE z91sg>dL-;Tb?1ZQ?8UD$$a8xSWv&Ews;yFOx|AtwTqr(-Cj1JpUfY;RX7Rr)I@RB- zx5?ji)iKD)j7Zyw*_YO05;->C7wo#+z^@0Ar0fzf8HUOM5LO0ffRGzd_dX8zIJ4i6 zkbU3evY}em1<}M}u|VAtHAbRsPllx~`$Jw3rGdA=cnHl!M3-gjQZE9SVxba(hF>J; zD|^@FuDbActzuW_KvC(Lw9Vm%500p~d^d<*0;MpRDU}s)KZ zH-hf8&nHttjtA3M1-R{qG1dZ+Ydb~@yh!%xqG~0aCkmLj&_F$NZuY5-S>_;Hu_Ix26j= ze;!SoTM&GlMs6)O+h_MIXMwkJ4&9zDor#2w?#3WYdS^Zp)v^5Kr<53~7A(+;1nIv! zEj41>#Tb9!|5>%aI68Na_Hokm=#J4C_)_Kf3`(rzw_{8qr2Het9a zvHi^?EG)ya{)>Autv`jlsQ=ikM?B|_J=0QV<`_3Z!UC_(kwHH4a^q5#!CEad&CR6e@jE^B z&FL39-=ta?yzMFTmghZJDyR9Ibrw+UVW-IIl&vM)amMH3b4>tonMd?@ph}M&Vob_A z!T)s5%M`n;FGaTj)m~<;i2bQo!}lMp?F6EW1o=Yed6uEQBl^QGJ$h8W! zKW@H{JPH+u-=tVATS8f2$i9e1XP;!THww>8yl`^mhNWMq#@+19-U*-AUilR6tYu^BYk1j; zazr3$zilp7M;KJXq5PXpK~t|FaO%X2K2%eql;RWsPc1nA;B>L#v`p8{l7K$h5!M(F zTD;?++5P=k@zsuL)*IG_-zWp5Lh^GGYI};fMPTdRe+Bbd9w>0FK1lktW6${bky~X{ zASNA0z0wbh5xaUjA=3EB6`v14Exn-)N8usZ4r3B{2SfnRWl3`fk-NCed=|V4oLboN<-{Ifjr;cCI6Ey#5hj#TJW{~bf5u_f8Ilvp zTGd|E(?b99$uCvmVeN`hXRtWeTTdOjG_hehZ{U6egTrVU`S>0>sYcB}rhMLwUTCS& zdphI8Beo2#y5tixnMos3j#J;8@qeLK#yybFZmKl#1{fRAH?YV@30|Ieyfew&wD1F6 zS#{HrE1Z2&+%h_S@-?r*Vi?RNsj4!Fn5chXqnPienTbze+t5-BRMgCJLi{pfPk{C z7c0D<(b}>sys(=(9Hu(ZQy6|s_+-C;ij#O9uHdJ%AYy?bM&T`m-7=xSxqHd%DrvE; zRIU2{oAqYW0(PFQwV3saOnV42B8yqq?S10MKTHyTm{wFkoPU_M`mFyjO+z#&APoA0-NnIU#c4KE1FKL1s$yvZw-!&t#IS6;y`KJzBztst@!Npt$OAkP!=E~ zwnF;sO2fvl5Y-ZelV)v5Qsus{=kkA2CS}6zYhDo|3v<~;w+=HcMWL?}eRm4+P$Bqj zpaiNxas}%7Q6Sz(WNgLthb3)KtU|Mcub)XBE+SK(CzrA&EavRDbVKKrm&ONBPXJ>B zWC@KouP^WL^rTwO;Ip(NR(iMNBBXdO8cd9Q7Y11Y2l+Tw7r(osj=yg- zfID&PhNYw?ZKEOW?+q~SSo&lhImy4&v@rKnOo&G4|; zK9PLC-uflB@hro`Uv~b}2H??m81b_jsfQxofTj}R0hBPR9^7XtXrOSDj5yVn^{Fn? zv!k)CE&&$jVR?F-GyVcg4Ugc)A0{zF0B!2I47x*y^rD0fl_)LONyiciPcT0*JkEV0 z4bAQbt5frl^#+O`<>c!0n{WK^WnR0ebtU2e=yasfn?b=~F@TOu6z+vS5*tI|V|OL| z+oM_{3HPr#+H-PB-kdvSpLHkeg6-LSpJ$btZx-SdI^=*As&l0%nRA}jqjqTjy0qXLyP zdEM!+c&clmQtZ@xLTEG~8Qq?unjnCk+$7y2or2?3Bt=%EQ#&sP`o@$|DuQ!$3I@s} zq6I1>t|i{phzYxp?3jFlVe0pN5;%eW_8im`q(y>uBY6PfOg%}mx#+A>q4)++L zyy+%8O>@EH1Wn3e(iYRkh*O`%E{#`=YCqcw+MGXuQ!q6JX|6%|KI^Q!r)~}u`zmmN&j08UEW4W_MRFZ0B6i@v={o2wyk_T(U!GWU{1M%D zbuRYc>sJqI(}nL28E`}3!VP20WB)Lv!F`FogE}}Knl`@NcYz{wqkrzBTw-lVuTu{vV!bTt>P z6nGX!g=7s%4y|0G13m2P+@cxi?c;V?E)L zm?Niiey(@jv-kH&aP5O5-&_o54YlEbrN*O&j89pxTg#|^h>-uiH*ti*4+BF9)gDIv zKCaxo8+(b(W~tAOlyc9AS$&uXF1f1uLs9}n zMxA$wK!Qsk^}X}niiZWK0zn>f=EUrc%R4hIj5BawdL`0J`l0T@A0`pFs}}*6v}iDc z7=39WYO(z@P)W5vPnc7*sm0;B#VN3I;MH=kqkZ9;Ktq-6nL?8w9rUB;m&xXzX*{G3 z0wi4(4tYt*T|NFw^61^`CUV5Whk>&9^SRU}WC`Xc_>4~_x=CaIA_-XGW!;_(Nw^BV z41NX;34k1f2OldkeDzB6D(P~F>Wpa`#65HhTUQ|c;-MB4mB(Ryx$SV@1Yyb;1qpT; zGG=k&fbYnf3CX7npYga|bHV>myR7pDIzL+Ln7C11QX6cFuIbUalUZtgv(66ViN^L3 z4DNvjcX<#KdeiOA9mHPoG^e!gH1Cre1Q^s^%GoSa;`2*4c2%`YtS7kC5Dys>(v8xO zkv`}neI(Aoc0@&mBlvCK8x=j{n^vLn#TW0`D{FmL>pp#|Xl_{IUMLdi1f&sh4`QpH?T4Q>ff*p>$^jxsW6o!Y!|zbyi7i866(qA1ZHvyEZ?+s|BCB<- z$EQUUrTOmjDDeph&G-I*{;lF4gbtGwmlgY^Q{42Q@(92nwuQZiAy2X#Os2esorEte z&Z0E-FCTdj+^O?rQD5VHDG8U(P^Rn?n#+igrRG=Oc)-@Psv2rwM$n(P>&gNEhJDrQ z>T1+M(602@sG`W2PR{S~BfuM49x#;sajachn>vPa0A`XkxOvc5EL-2~A{yddC;lV2 zCOG@RZ$o;l>bVFLAAn>G0Z0ZKKtS5_1~VRE@8>0h@bdLd4J7GA^^n{_%lsgRk*2oh zHsnI(Yox5o3$F{`0LX+5c*CMTrMevMPnjxrqy$ky1~*6giY4mXT{eQtx?J;gb#>2B zTcR_*+g(pRX>NnL?V`o$;^k`q_F>if_+*Q4wni@DX6rGT*FHTVQA<$+FyA=!YT6lU5Zr7MZq2Zp zO*a6&gur|(5O%q<*HX;Yg9#z2gj=i6#^^7bb@mJzmW310j8ll|#nZ%{#kys=sYWo9 zQ=rhH!{c8LwZ*IJI4!xe*(*Xy-_}@`A_js=k&&WfC68~f)Elk>KZuKZGUkMV1@RBl z4c-`Ma(=`ewC1k)o6O@Ww|}<0ID34x(}8?%rb~kY_3eSCx=DC|5*kPR8Zkot zZ(P!p9U5DVCYOah1M;q0^AfRZTL2b3+b(}ak;Q{kY5t{fBT70p;URv%L#`iflBee6Dbf;Z3@iRHz2unA z`(eM3`cY4s%!b{?G%$wf<d01R8n}=SXYY<2rFm z_c?7yC*DLZ=y`aTIa|esdx6hK{Jv4y_2t9x;ISBVHbadupt=nG>e790C>}0!7oFV2 zJ5ddVss#VUH3YP$bOyBK&hn}RYPHB7wRPZD_^wo{DZ%(UVPRELg*Z)fqueA-k-O>X zosyMXZUQq}xD*iAkMhR%Q%xQ0KdGah(*t4_m(W-nkfueZOy+}be?AkpsJQRVp%f}X z0?QVMkU|XJQ%s~?mXw{*2J@~Tcv%AAKCUx;G&md7Df1?iwD;Ci6Zg4H@HU~2QcZQI zF;OM}jMKLdiFH{*C$J?8_hO^6ec$@uldP&bjWTCF*ZkqmbEokjW98Zo)3-)awx}GW zA36ym(xr-+0Yn9ay)ATh zQ-dJ@6DQ}BKr{i%UYxk08im<*;`A5$z>)mwsv7UfpCeHdHNXkJ((%>9$AefN7J4A;h`Sa_#I=KzjD$9K4#Ftshu_$@+ z@QRiAOO>0hB5%dJ`smL(c}e8?Ug?tv*$oIAjhBdVdq4HMnV5@G%L((1fenH$^dY2H zT!V?pVtMBIuk}B0v_ijNl_EH$KMnPxm?;MY>BLBB_5fUcdf7|b%>s%D95CNfz1nxp z5x(Mo-m^mc#lvR;`^FuH!T5x8I4@cRJ-18$8&EXr)0m0F+dtqY%j(BACpHfbgB$2I z8!F!*CG%Hmfr*wjn{vnFyKGMzynBnra-5->3V~!BK}ph0>S-7+B`pvST%y@EuovV` zTr9(n3vWc9S8FSEb{rDzXl!W}dRWGqZ$NOH1cVm*R^{gFW{} zx7AAkli~;gUa+k3$31op5w?K1)9?<=8~u4`v(vbLhcAkMs6%v+Xc~qSMQ4D#Fmoq( z=9JAzIypQkr~zqW<~QtZQL%2v7-??{;Skn->OoBYn5o9%vpZSQ$KZ-odBh-6pwpFj zunbN?oOjes_=QVp_Z}-OH+tJk`qro2p9VXK=tjVnb=@p%gUsR0ADI22g`JXk=_C*f z?Mx+HmW1AZVGz449$5MOCz@XefUyDyHc?s$oH2YqF3ihwfQ4?v2bWoZCanZw&8Afl zqKwa|qg|TgR8Ck#-!O4-=sL;m)$+*wko`Uc^JIuTRkd#F$C6WsM~Y?h`OrsZHoVcN zPl`w|8X03)`|?+eaU55pRlsB{w;7li^)N6Ruv;*?^uAx`q+F(j_=6AYOO?t@S6HM1 zzplStiS$76Fcu8i01m}1;_mesjL-Y%TT@Lt96v0ecX!l?bE9wP#@>nht5nK8)l9JU z)>Lp~9qA>;###8Z zf%jcKV#>dxHt#&mlMUMhA>Nk0P(jEcun^WR9k?dF6d}p@jAZVVk0n&=_T3A~@sg}T z1*-mhI$9>mKU~Zi>2EJuJ!flP%Jf6@R*RuO8Wv5ireLUk@Y9qjk~%&C{mQY(=!ze{ zzP6*SWm0S8lIc~GU)`y%HFx)Y!ep-2wP(FMj$Y?T35ep9ek$F7>Qhe^lcov85n9rl z&>VsHkO{v;w0nH3T>WQHZX75CcG#zygp-n9tGyeDs{6o_exw2vjDCa>?Gy)?79fBF zrilM-;G~eATf13c@Gr@$e<{%&)Uc{pZc+{5oGHj{y==U?cW4FDlko)9 zBD}*&z3lIH3PT(#BbMT=3&jj8$~L3Iay$3piZaJzyalK0!7_GUC(~rpz%l?e_Cqny z4kV!G;>Zt3xo86DA&A%kXC+kpP}hoTY$}LwS14Ld)*WCS&zAG}WFtGs@<6%N-Te>K zm7h1qgg}}g_gxm+6(}Dtd=~PAaRTOr*U5>1%IBuBzRACo-l1~KI_vqG<|yj4cCwN1 zqw^|-PM7UYZ6bT@kl&}(klXH)f0$n69Gcx8e*zZ_MmRPp`*LWem1*g!qFV!a@w zFjjT?mPw>f&D*Za{5cvI4J|^C=5CDM2S|@Bhs2g-nlM!Xrrw9pm{k9%>O5n0d)%YK z#lko8WZtdzOx-@s%9`))BTqG7^Y#e-jDE!6hpSScm%hyQ;n>#QL<)ZK>E~oDd&~@uFyaWoEQ5w5hVOS53(U~Wpl`r$#W(I2=@Aa~ zZ|r}~Ij_arntIMuHcXV`KDU$x#hY|`i@{Nb$0bEA3e2n!t4>~)pXIl14c6dT-#0dL zO`<(8eypf|kR%C1&mNws*zj;JVMVmWTC|Mh&l9t zc>|ie)H^%xtL3cFx5?aciV0m zbsUyH$t^yF(3lR2EYch#?!-n;vQrIoRWxO@BD0o`WXbYXz$HI|Lf7AH0=sDxaB<%@ zJhg6kbgD~0eLGsHg2d62HB7UpSf9P+^i3|@YqUT+;lkXUp?%?w=V@fj=N+^+y&mI> zNjCzBd5*zwcIex6hKS`HFmV;k+@t5@yokFk-&Yknc)%a*H!?U?L(Gav*Qt6Sz0j^i zF8HQ`)Mn^Vz$9^i&V~@CwBX0LSE^|`#I)Q}?~~2VQ#ELHIh}*hVeQpdryf{}1$p!4 z51mc#dCs3vi40L^q6HG6J26WjtP6hk;V*Rwf4xh^#ZoxSmV%Y|(PvZnGS6LxRGwB2 zoqqQ0mFtj1W*pVbL@l)L1BJQ&UPh_`Hy&_p+&r`zdx)&^&&`{4wj=1>b_9p{9> zC5tB}4;!@!e7`FRbe-s^PBZEa#)vc@<84h*wwl^0=N0FuiHa4}}2!BfSGHM8i6<<0SL;~|MmIm9FES8BnH3iqcIYVOFixw7& z`YoYH!GY{q*LQl~tja$aI^71QD5CmMNrvq7r-;*l6R4Z$jFu!oi*%k@ZJPR}&%XU* zE!|b&qZ0Olk8x(scTEGdoogS+{ge3 zHv+ITKL$S!O7&`{p54T{p#-uP*@N+cW;ls!dm`nHr!`J1{|V(Lo?H-;r;Zx+MG1LTM`KvNWJ6 z+PkjiU>?`6r@EL55FX`SY}?{ran&ZIo=cVD4^P*~1Q!}VR0aR#+uKs6sMq02^ukUf zJSG9c6)7$5hfteVCrth-(hgArmf7o;l*KUl_no)Sb9dQhCTN@q5B+4x`YV{9Y(Z%v zZUKE|5~n55AVEehL&UelR5$&c?>FWZq}to-K0Q8T?(P6R$E;HI?nJ*w2U{rQ3kINd zM?E2XP@HkxGP8yK9!>g1mcU?CmGlrH?YR|pA8HrGmA3X0UFH`td$|ta63-IRw`PzY zMLfX$k$#stdSc&!I95@LbH>dNLn8yp8){x7eWxr0bMBlt!u0brMvK8uDI~wAr_jzU zqX0jLB}M~b=*zBJh}Qjx>j`^=G0wsyp|9VJKf7FS;jJH#cmhy#kLwey*?w}H$e*jD zV2H~2#6k4eKC%%hI{7D#eY1UNKsrhIhDo`B zlB@W3g&c=R?CAB)6vSs01hCb5jNyXPgSf9`93i+XFBb6n6V*Y;rjOXP#9C7Q)R+?X zu&^?YiOxW!Xq#isys0DvC()mwedS*hz0f`X)3MU+mo!yX+;N2;5&mLp?ng(DP!nAH-Q2zce`vu-v(emh#VY zlh@15c;~W7Cb(V|di>4hdc#X^q3&mkrLw0o7cs{E7L{@dfJXWM)6gdXb6$jBp%=h4 zmNDX(jBUU#7kWIPB`Vps!V;fmM!m49(QlSRe#Cnq0LfbjqfbC?1nAu*M_@i&H_oa$ zW_pRfrP*W?Xe(sMHU+oyqRP=6JBf+?>H-0?2quzSZbAB!ioiVn0L{5g`yko&W;MY= zzRIe6&WAaY(PG-_g8yhPRcJEAg8{MsqPgrUtqyRO?Ef#COOc)6xE%ZbYiSDCmhg$L zZ@MTYl||5Ld&3CIeX2Ihs~e#MmUaWC*DRj<609mUZk5-6m`Hx&Kk*SmQXWg5M9`El?-3&E+w8GwJ|c;+@~p?t6^U*|oV9I0_jRMspg!Slx!$36(x! zpn+V%am-PmwppSfL7zGn7xGIDgV3k2PIm1V#xAdR{6_59POeVmt2QaEBfm-q0;Hk8 za(A!)uH5~vj!*yNPA^+6*O>_>c&I~KIG-;0L^=H2J z7oAHRn-4eJl@z=db+wMR3%@?gP=Hx7IN}LtVVc5cmjOLS^65pSr(A+Ara?^ZOe7y~ z)}1}cd?tJS>0oz6czX(D?$2^260li<#}*uRweOZna#4`T*WeYwKErI_eIO4Ar=C0RK+kA_xwwgagGl&#CPlqV!va>`#D(mn#B@U6eDQ2ZnzF!qvdUS}@8 zR6$m|ztFm0?z9^Fh#)wRaWW9ogxQu3Ue1WKhaCR}l`yJYyfl+hwQ<9B)Jt;8%b;u+-e%1X*6&$YX7-~N=*v8EmIqpsKXSxO9*ZarO3^ohzoGpnwBRvOAUUqR&9DE zaRjFj&0rP;j6TeFf4nvN?kdLDue2yWV-WKM#Mz|~03u!oY}lBsiMbt-geMkSQ(+}W zZ@vvz81t?A1d}U8^P?(QR!ol!qgjEX_&6;TL%B%35Wo);cO$7M7@WaxIT~ESSDLGN zc0Jm-V^*x6wW~uGK2{UTbDUJ(A6cGXI_N70GTWN;8{6E|t6KlNhCV ztB~0~;i$t0Ei>g)HL_Da>a6u|(>F>_wt2qh(ijE=ju5|BpHvVA$R0(82>co)Om`pw zn3Hh{+Q)no$pgsweXUz-sogPZ1FN4qfJ}+!u6Hfq!oM61b38+S%hnNi?l=97ia{W!%Zmvs4C#=};P-}e~Un?}Xe!1n|Ast;+g zz+!CAc-#b?Gqd@OP#T4E83I0lxvxCRR1Cu#^XqI2#x8&4h$(SJ=@9!wpbOwRPW*T} zf}b%~%thqsf0BUe7jv!ZT@kwpn#&DL_D=a~&Us9Tq&L(jC>~nw=X_|LBClTwB#anr z%aEZE1?Y^jo+k>YcLv|57rt6Qv@g80Gn=Eru=R%WN9S=^$ihFdeSAFw&@+LSeXZGzIOa zEDb2$n}@ddNu@U^VMLzZE)fc{$mLqotc!g;(J&`kE%Wt4fUr;m3w@$ZgL~kKzMuMA83#G4Q! zn=7*8$EF%-vh`!rsJT9S_XYxm|T9XyHzujuM{c(?a!Jacf z6Z7EK;NTN5fBlsbt#2)Sz?X9IC#Uq-GYqGpJdBh4l9E_W^Q17>z!rwsgMRx>CPxS*gk5lX`nMw;f)NJ(3wTlN|`Obxu?`{v)^ zv@xzx9J=N6J zfYhLL5E1DRh=PE00RgFzCMqS;JE8X?y-5ijBtR%3kmBz+yR*;icXoHayEC)%{GMz6 z$OR;Xgq(9epS!%@uloy28ZNvE4a!M5X2dzfAV6Q8sW0a-Kx#)6oiGeNYp8k!=Q>C;Txf{=SOu_PTB2 z_*>pk#Q8=t*zPm92gfAh3sj61tG+%W07R3ZLc(p_D-0WI;?-6o$jAN>Mxp&?j=#tK#*%j`zya_0GS{KDyU6>3;<((I<6{q1k8~4H}cVJHQIDyrIrPxp-2-TtP z8$k2*JYnN@aWd`9WaOKn9IX&3>=9Snn+JVW*4!^YO4H>ZZAL(W&1xl|zy#>s06Q3% z!e^o#$+<hawrB*-bm>q=Z6CS>ba9+GhFU!KM)PU@*jnJo_GKdZ5C4pBJJK->zdZh(04KBu& z%E@%>Yh{>8Rrtr$Z)`?h_e`u@`d+uWK0Rx71qu+F-Nxdyx0=ju>y$bmV-+EiG4` z+T8d?MvbW|p4_-{(pwTxJ}9X`qMv6nXvMOEfz%$w;&LxK)dz`JA64v+>u=+d3V;&} zx6v_y)43nxl}iB2lM?ha?p1E!B&f^+84MLE`k~0StC+kHEwuBfWaOE^*Gg>x4CyA)&b*+27K@8qa=`-2*CFtaCy6V)5dBPZ*9jJEecXC z^uAwup3l{CLDA&{DPl+~V_gn3IMEJg3Y?g)tO}{8-#xp7I$MU49u{*cmW+0P7`i<- z;Q#)T^J6z*U6=DS9R=6pZz-+Db)S+@r7sN}1)>L0!ULc@0G~vlcEW(2B}|dAa=54h z!J?Sr$(npCsq#yxl1KNlOl75!kbDbYO+qhNf*ewQOMh_E2z(jXZO=i01BP@EVlP1%f` zR%^T68EoV1Odm-CMZ5C8w&}XR8(B@py=qc)C9ztrewecAARLks2xN>wZl;d&oajbL z=o4Hx48ysvQ}6tPi>r>;_4Iu{-^Yx%l8sfeLe)gyeuySNm0tX?deH2vbJpSD*3#~9 z=K{FN^(<7b&cVfg_+YYeuCLj!f-8N{%bRJy-g}1BbusZc2e<&2n6-wVKHIBUD z%{u$T05O7$ohO4*z(yZ=Y*=XKwM-DOFlYNo52d{JvA0gJe zT}@g?e3In3?JqmOeD#Wk5jpQg(qW3}XUQ+rAo7hyp%P+z;B`wM7lR`!>k$G`TlUj@%tf7Ju!9BoXHV|FlX0D*1!um|HWw2k*15x!}I#% z6(V$tF1OA4H8D|MmCZc`Pxw_6_@6&-EgpeD^$iEAfa;6a>|m5oFTsA577H7+Nu_VqTPr&4dO_UzH-C7R_# zEz>y<34KgFu+wt6`!@jt4gHHGrkf-}VBKZwDB_&az~mLq1!i2U9`O{urd^qnuj7^? zk`GB?M{`iHJf->E)Y&}G5XiWZDMtM489@HPmElJz&J`7yEK=$?omDb=$dOeqzUur| z-(s1fE~!bRKQMP97Qud&sY$ zLX{9UKty(hnDUcs-M9hBd4o*>um7eE{OitE=PehSIp#W_S`va(H!?KDGmjucMN3N zB_gLh8aM~$bxVT%yI0IiJ4)`QE!%lbN1Qc@!t4jkUeCl+jy2rHU0YD6J zhvl=__rjY0gZV?gsNAx1Yh=JEkO~$DnSGuu${5WkOM&b?j2NY-7kxo}{1NF4dkbPb z?v}CUt6{`f*t#76p9_>y99O|;kU%e9S9K3cM1sE$0F9N_k%;w8A<6!1AvxfM_4NK9 z_DcTW>zGGV#nd3wirtk-O?ZnVEDTtG%J)Io*n|~gevYqV;5>ZW z-VTUsHrhQrGgNEJRXPEsmC*U~g4r+sdHef+2J#40XZQ}m7G(xzbc$NwI}Uqf%e@_Yd6DPMIwYvlxO*whe5R3uhC zQ+ofDUJf6jTBOt5IAOD7O zrV3-#r?X3Lff;e`ZCJD~s>rC<=+!x+q>e?ocLsi^hswyDpZ(Qq%dhJuRE)p{TsO3v z@ya6oDarmbWw-466PLNPgsRjyy0|A`Vzb5MfBEwI^=lEyYtWe#)p4U=D=N@+)BLrf zYPj)9R5^1x$)uH zfTj;YQZpv{cH9dKCT-$O+CzO4KclMbA0>lQ;V|b2qgYO8?1q`e&;Wr`Ps%QX8VdReL2p;zs}95zm|Uc zbL4-vZM^dUZ_!uG!|eaS=>=T8{{g7i(hUWofoxb_$Ebyi@`V&tv_8gqs9Ikk#tTFf znjQ*vgGH&`CRo-FSr}J`691g&E6lk=VgyKwlY#BaZdLvJ(gz#^bGO$nj+Lp9`GVS9 zd4To;GUS=OiNC!qjHUjos>@=$dJ18KMG-H2ripLO@x*u#wmSto6ojql0#l})C%{gi zW8RZkV!$IHi#R~^-9EXVLw>h{?RH5W(t8RNgv;wl8PHE1X|)}zxwP?FvX`yk-57Db zs#NVe=uiHT1CWUTnc-*UpJYNXVlRY#$TA{=$ zA!>qt6$-aa!Kl)oWSe>boDBYx?8QXufj%+rHA%PqC)s;g+k?f}6QFO`eeEaN9_3$n zIkkU%wa38hF5L+5y6{gjKA`Z~1$qu^wf#vpn)Q<`5lmXiA#sV3^5_YG-2O-e3RVG4 zvFk1qAje?@6-7Znf{!4?18?L~Kr=9{6zFyugpmMo3qC0p_Y`^Z4!j5a#qSlnL}r-H zV{ifnwhH>^fA-H~R`cg4|3A;he_m(*TtWWUtG+YZUoN&{s@c2BK7&)EO15K{?q-Ku zDnT7FjpicV!GaIb^Z=8)eL&p9LC~MydA{c4D1_TMb?s(bVGja)C8S}p0Fny8G%b== z6PfibIq-u27BBtvqc8p^QP3ZrW84j^IBMqsM7J+RJmB;?*xKYbtMQZO9bVnEg+eqP zQj|hl7R(IaZd?iuhL{=ydt)W?rKB!1j#>w!lR#|_4z*9!djHKfB(LXF{GHozT&f`r z%t`Xs5XwRi=S0sJPXK!}K{pg5RD2swV=a&jnHD^ln=tS9Q+rSNz*oYTp3r@@feGc> zmf?-EkGfv}Ap1V*N}SQ&_LbKp58_uJyE@v%u*6Z{RON}NP1yg$LH5k0*~tlBe&3Q8;Be1}!Ow=| zhhJP>>zi;T)Yw#%mfWqI;!{+pX3Gy$s2wkTqb4(@;e|eAd)p9tXj5T z9Q{Ht7pD8q`{s78$)1?0Tn<1o{u5eQh>MdE@kwA)b2!7 zIiE@KQ~AN$97SnX``K@8tk}$>`_9?g+EJiKa8wwe_r65=Y8hjfV@;PK1PBM7uv=t! zwOt79bx){+=lQG!OQPi#;phheOOP{N`|B6Eb|;66JQXi5HO1_Ig4IojjAScIMr<1E?e*2SsMcDAO3^y39Me###Kdq?uT3v8Rlv4qfPzdHNV8`g>_{JZ z`)qk=w{-%Y&=?a>`*V9S?mt{vkqnxZ>-xo^P z&YyEx<}XP&y5hCq@c`oKFg+f(2=wOcl^TNezSht@uBnW(jkr_z5bepwEq-aKy3mQh zU?c=$y0xAiu_pQ7EpN&Y|6&to{5#UC`Y$`6EeJ@js#NpooBWk|JoI>SwD&x~(X%Fv z^ueYTb(67~(aXp9Kv+!%0DBC}XBqlcF8f{RH+y|i7Y?^cAdd?Q`YX)Rr~hAmZX=YK zP4NEY18xy_JdrPQ^)J%g4S$PT3X(i)@cIS&wjt$Lz9??vZ=U;Lv>b{H?cZYLhlO+9 zKjAKw@5vC`fhnX!g^~~*SfB9&~0Nb3t(E9^k-b1W!Ww^fg^r# z?@kK&Wu^i-KOs>KEDPpg`n!=(BK_(X^N&sjs>g^yPiNP_upf!_m{}#BJ^_yx*|i|U z$8TXmge4pZ03w>|z?XDspx1X__=IkQS)8Pgypxmlr>9#I&gI1L(_vEhUHQ9Dg*KO` zZ!aC#4UEePt6v8)JY!eRd&un%WPw4AM#MN47>X5BXJvz%H>5afikJZnAk}iwXQ#Jd zM)<)b{M%McSv#D8MC}7N+U*Q8nrJ(@m3-R{@zKKE7h+4r zu^}a8QN0QsHJ{s=oyTVT7Yr{hryE=2d2n^Dx5JwI>4C$NSYJDyRJG%6#T}5%=Raj( zo^@QwlBoE&!;E9#&a|Vd2>)2%U1JxEOiw(!Pw=9}cC4qh_s4d3RPbkr{7K=2f3bD_ z-lC#r+oKYlFquvPxEYCtn5QU7&>haN!MX45jgu@C?X+gX5%;881+Fn$I=5MBr8eT4O(V?%k46@ts~WaNU(^dp{u)IR7E@l;j>H3cP$!PyLhZN&Cbe5}}0gjwHxp5>RVxfEWDsDA1`h8U`q( z&#nXss7lksQ-qtU7<#5;`v7F`{op93sD(6b5e~P6(Y&}~sFVgqj$R1|Jr86geVacIRoH!?Vc}{RtUU^q{@D50H@Aigdc+#O z62~kO`nJ#5ORb0canD<~JyI5`-}nw-Z0EU(U~2M&@hE*ZYrc|rV@8|i$Hh}?&ad~` z#>_7smgchw%gh*XXO!DdPQyANKq$Do^F|(q32qU`L0Xff-hOu+Qu7d%q*~2r;iHQP zG=9=UP19b zCj-Z!Q2sZ7JReK#eDNAi?2~9Db25{ox6$;wB+TjlTNmO>Y3S5d+%ID__jMzIm}3y2 zs6koA4gm1OTpAi;KGMgqVMhgB=V_8C&$nx5-Q7u~ zrYKmAsd{w_#AeZyG~$H4V9`xu^G-EU`9kjgs~O2@<2VAq*^3uhK;TaUJNJ5tWsUiW zQG#m8udVkFgN}fD>VIla;SP)hTJ%6^?X~q5Y$`=jZBiat=6Q_ug$T^gro&j>2b@13 z@^U!KQs< z@oL?Bq>-U|IM{XY=w=yg_h7O1c0{zhLqtq7z;I^%ZMOq@ga@jf-Jns}kIl}XWNLYV zk0&FKGtM^V|RW zf8}Rl@ep#E-ufq*C2;PppGGn}W9w9ZlD$=kCHezz|HJv?xl7X^@HgU76LQg7;qp(i zs?>-2D$s5s-ETjHf5^{KUwRB*UW&TlOTlR>NWO|>3haiTk=Opz`03>S^wZ(WV>X?P z58;#P@Y%OrDF=758>CT3Ef6xOSY`ZtbLvB{7dod0U$p1dyrX+QTq9B?k7n2NJAdFO z{L!apKddZ$#-bQXq7RWUzj|%yd9~*AFQnlhU5mrYQ|<(5qGN-Z$UI`(!w zkPB(e_^dG`vGYrRo>t$kmK+)~-v6Q&!b4B$Q*^@sQnjW=cyBMt*o<0-oqtc$_m{xV`_q?U=?H@5q z15D@$1nm}Q*6N0O%xDXBKdKHIU=C7PBP)4G#wx=hkPzd1WgoTn(v#<@PqNmOLl zv=bF=-fm6qyn9d`^dje*QDsindTmG2$;G1l>A8(kA>OI)cjISDJCyXEJl6{mI>)~7 zDkkx>3fp6AMtrL!&**_ZszFPuw077?W|5W2tdsv!%ynO*as)fthVO%ihd;5&jC$eXD*8?>8_MD9(M6p1Z|Jr}I67x?{%kN)6 zz8o2QRkH3`%xm-1GtdrRFJ`#lS9XJpzUWq(7vR=!3;?vh`n#0PX(JCYNpN=wa(sql zn%)ao9Vx0*2!8aY)9-l34A8(vL$8&IT?|GMy$x);j8k0D*4A6lDG=x(<#c24nU<6e z5qG^-jbgM(z;@RhyHn}3z`6y?u~-qTSyNu=n(gk+t1a}ME~5ry{4)HmkxW)6PZj7h zLJW|>1-&Nt)JgZ_r_s7QS@o)$zay6 zVF*m-q*-8_HEe#sTJ+eZN|wR#8_(3?9AadK8DOAv{ zj?=<85)vRlN zZ(vvQGv$a!mL7>>BHzrybgrd})m=?q`^Y9d`11+FTj$b@N7|OOH`kw66QuavA8%e0 zy9!^{Rbe&?d-RViq8eOaXLBcNq^}g9Ky5V^GPU+yKQ!8$qpX{x2uD{SZtIJZP z^2|?FF$IMtSE+8O8!GRWqdL46-M&@%O^y0{pT<><6lMjl<2-HhU0gFtTQNX~)?jn-Or4p3mAVZB zdWO&C()o6s2VV4U5QzT6FB-y(iwJiv62l-p>Rv{1Vd-9T&>G0gh1B z6VDu{ZptYmLR095Rky34c9qZlc&{}M*>-1rmB}sZeiZujk|{7Jk<&K4wxLkr) zRBgo7*>@Td#}WDNHm5230<@(ych|zog(GJgnC_R2tc|YXRkkX>{^6sSTd~ozC~aFQ zeW9`KUh!++8T16bMp7R}KdvA?Xz^2+%igw$Uvw6Y5^`;$>qH0-VIhtj8{<-&?LG%Em`66d*b0gi5ya03Ni}jO$inw>Q zjn+z>If@c))j^Z!)J?(cth&u#O4yfwNdvKm47(_R1V$M@C1`w6qcN5awb*!8SQ0B_ z9OXjOH+#XJZy(6rNq;%QFIpWtQ2kpexySxR$=#=Tlb}CLq9%xADBI9>(^|bQbh9?B zLtj-h9dp$$$NEwT`r4?71ebF!EKxRH!U&+3d?~ygQJ^p{t=r*eDh6@_M_Rbv#^18a z@?3A%8CK(dIKQh$e|*dJBJ4Y03f37noFP1Jz%*2a7bUbpSOM3T)&pyf06C+I@=RZw zeg6KI^1U1i+ZM935@G2HX2U^A@U;_e*-+`t@`i%Q_=0~M=uD|O6%hmaDk1xhK-;%;Env;bmWYwJ%krgCS;>*$JJueUSm&C^s_aSN#m z3uMjw(W6pl7jC{vr`Ih8p^&YJ^H70Z%ZyzB=fFB>pS@uTn|d5?oRN%X(r~+KdAHA< zFUnWmo=3R4*w}g9@0AL(!T%LfOW_QRYq$#(gqqo5oSU(jQ-1Plj+*`ck%Vo~D{iak zPJvM}S%K5FLf1Y3wtpT>S{sC=UTsNR&ivcJE6T9d5>~G&hHjqS7_=RDLur6Kj`QpJ zFJw<`tF1f5Iv~*(!Sxurf?c!LX_1{!DA-*j-rOm^7n@<^Bb%@lbd7=ef|BmdAYhar zV`Ry$#|<1BQ+{o_V3}NE%=T7n(+oB9MT_y|fKO&l=jVm_n=zJ4BoBw7n=kp`o--zW&&egc*-Wr+L{)1Fi8ZAJq0a~aD4@e_;fkbTNbziQdXZU+Q z1KT&ECRY0cjFd^+MA$u;7;fe#8E+5da1(rD-Vz~*cuMg2OUu&V<8k5NWT^!Gf8Q-$ z^9go<0%6(F{AoZ78g&pxnsWpy5&HrMGXKc9=I`{{zejfWi$3uSQt>-v{vHp1&GqT| z`_A4Q zHAs^%hXcf9XIRJwhDjG3QkFlBdAfDhsX0aeB!i}aHZuz5yM3%B`fZ=`TwNjzsw2_} ziSuz4*A+D3=fS#?(avhS*bJ!>#JrhfCF_q`=Ykr8bJh?e@5^^iQgIWDlxXzsgBD8{ zL}==Md-CVR(;eWeqvBg5eQcM0lKI_wYrNDMt0)M)gUk2?^igp;7WL!&2Bx<%Fch*s zR_ykX*{lDxp%8=S*_oQLS&COzE=VOK^O0hwjPgFC;D9%4!?1hQu}4I$RUHn5rm zm*3uz&=GrlK@0;R0umG0WZ`U08V|73LAgS+?`>uit&xny_9+(vn6j!9!T(!lKHG^9xK8zBjG> zG}x(er8f{+_1Ey4IBH9q%5jQmKvfRQ4cz;lFsT_FTks`H3Ir?rj5Sc5kX zlN64m6u4dj-kt}|N3DQJ6tn@l3$D|NRs6BBg&lO1Gh4~|^>5*$Stla?KG4;ugU{Q@ zCL*sOhU-+gQ>KW&toIxkrkh%of^}hu%<_r6i&2Q!1V9|2CsW86*4gqC@y(*GCI&OZ zA0Ja|!AkiCELZX=Jx+>(A_PDFV{$S}M+CtdXN`(n9q~jkn6!Fw%;tjv2x$AMm^|C%{KDHQOY+`>>?Ce>ri>D_YnNjdr`rK3Vt zD^UY7IuDdR-+lYD-J!6-%zVg$owsHJz_s4y$a};azYWNf?FS}DYxFF>KF>*r82wk? zwlHgFt z`xQg~Z6M*o*+s{2sa5@oMBvaBcKo%~QP|J%e+i_QU^qcaLaKBuc$@wwS-!K-EN&%_ z|0vRh-!(`as@ahNK(?H<+<>8kjD3Oqks)HQ2UFrYcNE+qB7sBFmbYiy9;L{?2Y8#q_c*Ih@&O^50i?#v>*n8(;It{k-=FjE z4UeaqeVkEq;V1|zE~mrPW5U1^SE;4pYMnBa6bU-8UuEA>2dI#ozFe zYvWukDRP{ie*?XpdF9D;e^M+|1TB_wLTxI?}j5vEjdPA}RTIy==kUvIY2Q|RzZaIZp|2u^~|7BI!80`gY z*q8i4C)luG=2ct{q+(i{@M;V8V;V#xGakU4{dPa!>B6hl@F`PBoS&No&#$46zsGqu?g`iM&3LZtMwv>O~4_uE&yho2au^Zy%|hR&3LtL?bmiPJLK?ZOokYee-=26lxdWL zHQy;0VgBv|TNwNDgRP)eYFu zk70c?{%p0}c+D>0qx|+5Sou!<@dhb{oJTG)}xU}-w~LW$?pp60pk!m z3V-7%BrOo{M$0|eD~E%GCM~#y=G*9}mKDH0_3yh6IUp9JPQZtZ%3t; zyq&i0tF5}TKiCQ(y@y8jTj@;Ap6AVH)Dx72!ZdiTx_W#m7~U#vsc1oxA#{zRxB}Ez zPhQl=o%?#G)fDdACvf2r6vPGR1A!(OL;Vd5y$=3ah#P*r39ph{ZL%PM@0|@` zx796vK{>im#_1C+mF&6)c0&z_H?I~qiH7$qG_~aFc*?#bQ;s(z_fw<&2&WSc*76V0_=W8<<;G6;uIY@R4Y3^Rv;G z!v#88dgv#yPMpuyP*7KmraCZBXhOh3vci&_@5;bKiCzsENG@)Z$kbNtk-2%GK=kVP zs|H{E3*846gRO{*KfrWQeaA(SE5_7ZUuN&nce|Ye%Rjvt9CxIFFA9=nX_?SK(VyRJ zl*I7FhI%}TN|r8tO+oW!q@ZgqA~H#_1(|c>ZH^FA%+>En-i_m%P<{c)TN^vyh+iTW zET;Hp?&>wmY@m+&&cVwxp3j;dO#qIE-^?7z+wi!f2HBuW_ zRIr{J_l^L}60>&>Bl7?`&UHqiqXNObYj#?)}_bW!dJUa&OGo9GdBe~qPDf;#?!2c-P; zS_~@#M4L2LOYR7v_Yk}2<8^MS4(DI+Xp{8|CDl`&D>uHxNbOvR2iJxcjf4zW0tkrJ zyYGtDok7!=DbdUT7&(Ie>((BuTz&+JhTGwF`U1YgdgVRmj}12GxuH69;<#uOFwD|n zJQ-_wYAA4eLQHtoe>VKu%aDyds+Z*Pm?e44-m7n($5vjX3CZ;*HfB%CFzOScYLU3+K|qY?t_d9&j5!#oO^oX~`j>-|DuD z+r5nz;nX>ZcvPB~m`^M=DomXSFGoftdFg8h6a-|>QM1`GaEk$jo;b zG=(q+4r$~N&JHPxI(jk8I&uCmot}AA;wp?DzIh$94Z1pn4|KV{OPYmJTVR|Mg_jT>voNm=?2m^!~}- zh)3=X4#8^qxb*YKoWPvoC4q3XD8Xg-2dZh5z+$)mx~8V?!rWZ@Gj-p~k(X;vi@FZ@Nr0$a(Gv z>9#{?F72L%N<{!;~`sjV$Ch-m&PM87=Bc>#7PNo>uG2)-+1|I_wuD^0ZBA zM6}W~4iuEJ;TUWrMtVUv2$0zjsc6FCq0%H=J~1qFxEJ4Zs}o-_*mT zTVts=Qa#wbs#u4M66U+FsP-w2Zl&q0d2&2K);8U3OC4%eLuBdhQ-lb63lsZsXi{eQB)7R!YnzxVWJ#AP+HiX^yDy zL2Sqt(xtv3{@T;}Sww~WP(5>OlsGv>5Y-BFC&W+sHNY_YNk$$h;ABZz6J0EdM6oue zaQC~jLaS9iyfCq8I)`5SM7hdKLypy7_4C>m^>!K5Bo@^>E(K@-*IP)10+$9{`O(H*wk1V;&uK zzL!Ewu3i(5XO(^OMd@z4I#^smI0T1T1SXQtV-0s<(NGmTtA^wUUmF@3vJ4r})zMdH z2*RSvR=1%G=YN2m=9zuG+krx_yjYPBM89(EI;0(YPN3qgdRh{7`e)u8nyBC)xgnO_ z0#9pKZ}&0MHK@ZlL3*(O1PpNWpvP&-L;RmTo14wsb15te(-3eEIsW>b`lC#Dub>@N z3^%x_djZ!25NFzuv>+OvkHdYCj*`BzX^WW^C5LoI3F_x8>D*H4LMpzAt92iNVS7cA z8L-X=qG`FfPURq;n+Da#F7ak=&tjQ01MhLXN#cvndz*gtY(s0yPcm)-+mb7Q?WJ!y z>tcq#-8VbyG(KmxQ4$q0d38Sd$s_A0Z+)AOA4S5|#LW2Eq+oi7 z&SD`Q3ZG|CEr-oG9EMt8biyz*SU*fK;d*U?iB##`SZ=*;?x=D1X16PER#d#sUT*M; zeZMR5qQYH+m`|c#N1nfhWNa)TA3PIXE|P6p%cEqk^3WlP($?zJ)bYTDPhA30Z$pww z>Z&zOw_O0B@&}OvIWYAk6g+H$0f);wy0Xm0+{1BuA zJsH6Ym11NzLENvyII=TwbGC_-Yr>y8SM?M1FQggYNBH>WR4T( z=}T859aiz6aML*H`qiq+ig1+ISsQ-E#~ieSbAm|U5~I%r{4OHZ>2UXLA;Ih#TAF~eMGyYdv$6t?ueop*L zRpm7X0i0xEAckQI%u(nq_yuC}mDvhmnPSTeZLAFS5hmnT_KqAomi~Zxw+Jr{3_+IM zogh&IvcW~?d513s0ql=<#c;N+Q%F)cA{4o60n}!gEZYGZ1>PEbI8Ee5KN5K#e!nIR-vBWg1WH znJG!>!2LcziF@krnK<_8(}dKUPg}r?D=Gak^8eSbl!LGedO{pgjnr5OJMc4J<*lVx}pk%$_{;NP-hWTF&hW{9N|NBM| zMiuE??s`l<34}-G;1e=L#v*OjK9PPNN=>?Ya~Op8%~N4E?t_0r{pO$lw>0Sg$M;hv z5@aw6z)oE+Y`>^&AoHZAUSdbf(>BW2px)ZS&Tc(eRv>i;U^azk|0RgeO!D^lzH{0= z;JRCa@-F%ljoUK?cW2w47gdHnRUB9^V!J%D$S^H!}E@=f3_ zycGPc@)Q@68LGPozknODsKZD{AXY~Y468eNPykp2tMn;CP09=7* zeGm&_(H}=7yZJ{w&`NVlI%88hVi(dY_uRw3!RJKXt*+iUrhinF6BU0rc6Hh@W|Zj_&oHtDN;e?k-c z9bH+(qam2xe5@&HBp=6QruRLxw!&GGm!r!$_PP~TK{$aSwpEX$px!x_cbsso{n;SH zZ+bj9gBh$4F>m|cQ+d!z?rZ3<(``RAW!<%!?>9)>0R;ymP4iUp-aza#b+s2|nPmmv zjh{KLLo+U3g}{ycv%kYXf>Bf&go;pC^y%X5r>{7%-nGx5*_@6(t0iDq2TE zDtnxV^L8{kjI@l16GI?Yeam)%Cb392n#z}*#F+xSpJd-`CHv^=B33va7l@dHz7MVl)krw%}0U?H54GBpDLR#|Md1ISzx% zO@^Ay1IabDaIE!YbH30~j~8ttHq%5J#qP!GCYdfSZ zl`*83p2aUCCpk)Fz$sxSbTK`h0P486bmC5n^-Aat&(h#*!r0A0!)>;8KY~+?TKM>* z_c>WKh4~Z=U6*2B8_&$2A%STP(FES5l%ToFE9Il+D0>A~*;q&VJ4CLm;~Lkz-ZD#n zgW|*W!6}?_%os2Szy_`GuI?BNR&1;zx&nv4KJeq8zU#m1_pi^Md35?*Gi4TYxgO;! zAAl2!(^{lH8a2~S)=g5Ky)xPNI6PbyT-SPKZRl>q0f+*6bJw`F&O59n^{E#^{Iug_ zioh@NwX8_ge)(hf>AD`_VMMxhfdQ7qS);Y=S;vKzp{SZAX7~pq$-yvr1^+@*T(8%x7+s!bB_)T?>tO=%aH@T$1L z`0HIfPm5dia<^+`zuh`#aO!)2w#DczG}yQ_?f#g{n^t61&w;e_WsrZ_q9eNDUsd!f| z233B_-n#x|Ba>?v8|e%Cw0>fn5k3A{F!jXWf$^GXF306n8$Fw+W!xnK*LB^^8%uVR zQDJW+t&5#AnTN#?Q&kFWSU0(@xl%@CJ$Pre;e3Q_<`GL=$Y;P5V>%Ynm{_L83@Ip%8#jKE3SaZ5@w(cR4-No4e9~B3oZK<%s%91}P(dv+|~6 zYF?pqlJ`05)VW2;B#sM*#;Ru?f$rWgF9*?*F3vb?pm5NexwI0(h${Y+($`H@k7m}+ z^{_CWSx}Td)!}AQ#GK&ZB@3`+a1UA)#Y;HtBgzXDOvlXp+I>&o|AOOvu|w%>6&Dx0 zqk$Tv@_{sCUGj0p8l}S`v%&ISdVJ@%&PppbNlTrT=1yIA$le~OX0K%nB`Bc$HLlA` zel*!I8txgXm(l~yJK>icJsn@DFOUgvG?9N`=~LN-qh51P5cu?Px~ke*eN5DG*5~4E zX{*)g2KZ(NF#GlmezeT)ii@QZlKte$7^(CVwKwH>3!NSV>Y2H_32o}@Ue&z3C7W_a zx*-J01q4NI2~JJ<>##h*x8LzuoP64gJ6?JmFT0!gmMT2U^}U_xngQw7e9D8G5rLn%F>-;dw@Jch$yggEC_0_I}me18GImB_f1k;6o%H;77?{|7E5!y;$vYQ zwz4KlzoMDWz0wn8P+EfxU^!OWty{`R-}vCeq%|ymc_De?Aks~|a@1znQ+Pc6*6>X` zpN|ZUo!5iOUslTpL++8f=Pu$3h&4;PAn5&y#*y5K)v%tbM&ppwJ9}L#m)`Bf$Pk)J zg29z#ppk|BT=N$`kO^Klu5-;`hIp5C4kao1nih z&L1)$?4-F1PWN7{s_M33$nAEPCbz=Yf4s?VU5c=eW=MtZ>9CQ_QBH~?t$Bi=u;4rwidd`~ta#Dxkl zoM)cZ*m9dMw?~tW+x-9rBNnSyb7hV0EP^-jw;04pqQl~Nq=$P3@@%vG_y~a0<5jtJ zAHn^m-GWC)`5Jc+{iT>h4*qaES%G+6KTT3(_lx_ACZUh~sK*Xn>xgX1s2e^ti$eYy zg!J-CH&Yn3f`R@UwBS-0si3@S{1L3tQx!3yZ= zbQ`}0QU`W`m>Y$CIU7qDb`fE@t<=4^!D#{IIqIhcm42Zw-lz$gW$o`@pP)(}^28)E z^R7({J)4ielBeEmc^`MufJaSiwPLCkJ)Y0`c(;0AaNH;B{p3VpGQ+IE!)bmia)+}a zunnNw$2U?Fu8Ge-+8{R_TbzcKR|Hf^6h!e1son{_LVqcnl02xRF$K}Jk6>ebmT9c{ zlWY#Y!E%C(TQ%&feE{)2js|i&5>!Ii6G2;YtGd_3q3iN%kg}UZSuNZlNAd6w z{u*fuetD5*Z(e)XGx|Gbf6eJ}1*Hga%ly`x{1K;Odd(Bg2*SvXC7LD9`KmU}!E9*3 zwh=*xYSC%Xm!)v4@Br^o_BBY@ftOu9ONmnuYe;s!3{a=KRBrbHS3>Tub%%mYs%2mnmQzQ--j0m{1{&Ulp(0Akvm|n zLrwq2ykg_C*e&=fG#oo*|EHAdhPxz3l z19FydX2~XAi>M$X1`$9fSt(2H7&T1;6SgE>TN-a-cD9a}z?9*x<^Lah?;X(8n)M4u z1wo~#^coZp1pxs85hNS2F5WGC>nxZ1;e`graJ zZSZ&Fb2>&Xs6iT!D>^?wtq+s-3vmtv&*eIz2@+S)lSkM}cOTS%*Yvq$TB5$X#D{+<*p3=PWZ@@C5; z9YJ4)Ws`FNB-_n=<+5)|I^2MK8gKy}Huuh%lSA0@KRkz!A}jH%X>shng{bx;^46Jbn4n zD=>wg`|pbLKk@mzU-7=%Vz-mfF?d47S3p>4@H+IYZh+$LK0!x;M{OQ%Qlao7G*#K` z)e?>dc+$yahNk5optCX*)5P1BH}`z52T0)8>I=rV&#G-bMK^P2+S9VXGPJnx+Ej`n zSYG;CalSS;MIG(2aVub?294mul%k(Z&J%s5msl6!H%8|vgv)N_My;e-W>;O#g4xy~ zIkD|uFt|&p=E?euBbR_be?oL3I?0rUV0j>fiHC>QSs^+4VB)Hx_2l&*zT2HMU6yRn zwHIq@XLKrN?bDV-<6CPu=|zI*t)pxL%@!a<jowifa zX-<|Y$A~Luw@n>+b-)iT^2W|MJh5-3KPLmgO4zLo$D1@YHA0nTKopOkY-j7M48FM7 z@1P1WxLVvNG~2T>uZzN-XBTvZ-*|ebddlO6`S4KE<&+@BZF+Mvn5GDQ48ak9C!`I*x$roEJ&akGAnqD;b(rSmCX;t8KSIRuM^|t{|C~ZB|xmyRpkT#zwfJw=#m)wSX9$-+ocoYblhp z$!6x*%%Z`a&dn7lJwQwzPbTJT7m6v`*@}7x>U@^5NsZTfbcdo(!@SraSKi(=H3&hS zU?rz8P%fV|WJO)X7^&SQCpC5qI$q{AcUF;oP*?t=!R4I0qcgOx(T;Z0hmiA@bjzN; zXD)9{xrNSV?B8jfb2SzpJWtPP{91~qt5^SZzV?+Q_*T^f7X~J92gewmZuEsWJ6rf^ ztm&D-%YkholfFyq>uWCr%_=LSq}{CHBf2T!9*XQ1qHS$;6?yGIzguTHQacK;742_7%3V7CXFjt*nu} zG9`bnHM-vbO>jnMzUUR{$YmHV8TY^~P`@O%io9uJFB5#nJ$}4(jzy>J{V*A<;A5DVVDpV- z>oxH3#tc(K5WAsu2tfxsY9XTA_+sGxhzd4TEs$nMrT+r5ZlvlGZxGV(k zK4Gci7}`FO&T~wYQpH}wx9mBL*U2Taq0_f8?u^Xkz1$CBI+f!z(KcfX_Ypl`NprV7 z+?CHX*h6@2H_+nJ!#f-b=EbEYA<0p?G>gu!BA%;1QqJj}f!1+o&p`cz%2m@t-#518 z7jCukb^&;}v9{ZE7A7uQ)FJM^8^`{|c;cRuzBs!d0 z^pI85ixjr^U>2=qN^UQ$M=Uz$S(Lb@28T&hxQL1=$k|bNWNqHQq}C!;>c<8DS%*i$ zY$31b94W}oR-M~vtdH|Dq9uMMu`A9BQ&0jbLTnb;4?1IM_EU@!&eU&8C8e&Zyrlm; zW!i^Gpe5dbi1{prMT!ihA(5j!MCTQf#O9c4lNz zpOB656}zinb9K226~JO%YJH=C$F?v=HlH>J30i`|%J zmpJIa&>LOC-3?yYU62_ag(T-whcmBnd+g7>=;+>Mpx547FpZkoI^B8BKl(!)GFJIT zWT=c@IIm>;C7>1JGWUN11pws^zA0f(!mEX4Jqtr_ofo;Wyu`NlA0RbjX0o`A9JZ42 zp32iWZx4jxl%ZyR+&R6EJahH@gs!%?_(Y^XM5F6996iudg%kGN7G|=vx0tw)uUe)n zHBw6zFdX8|UzHvo`r17e%YiwSy_9v;n3A7vaaX{ zNbG>y10Q1c@qtR`-q*=?hsgc?gT%W4aQ6P;wLb^If7xn}2HH3_>i#z;YiYeAT=_iL zIa{@GnstQ<%NMnj1i5YxQnQ^15AjPl$^N?S4%IPqp}-Ure;HhR3)%po&POvZeZAEd zd#)r_KP}iaqG9c!>SYe4fCT@-n^&&FA4Aouzt*bXtZihnd0hpnrmeBq%VmZFFBhHX^;iS$}1&lRu)j*bB=gN+PuPaL&_kWZ@rM& zUZ7PVAMY}C%WVegpN}EK+nkKrdmQtej4DfGCscb|srPDQm+K5B1Bb2cq<(ZG(@k2| zdd;Rt*4Ii%INJEY7{JRs%<~}i7uCKxug2z@^jZ{f{w1v8Qft-Rs(yetNsQJ=J{)Yr zPn^S6H|Bnk2Ict)Hm%o5b_$%g6U9VsTyUpn4?AE>{*JZ0X_^vl9e1gPGJCeuFyyi( zksOhDcn8&Ng$G#o&jRH3hX-*Lm%ywezyn&=aqbRR6j6x!vyp@Tgxtnu2f!@O}mdc~xIuz^TSa>i1j-{)q7N zG4?&Ba$d#8+3X>uLCrPUUDu5fhz4Fi4Zm1hNr^8>8v8!L6oGz~iZ2{_MW@%1RlU}^ zu0P*&w=P0c$o~n|S6nAG;uhXKgW!q{^udO%Z`7TGyUy=)o`ZYMpbEV$3JdZtYCd^C z-OF;v!(@4s((oBJWw)rQMgRNQL6|=Nl=UpiZ;&L7_v2w*@TC4AQ7RO2B{(^AP5q`a z-Mi-<>~ESbyy50A-U7egb=3+uyi2$T)Q)Q1o2R0smB_l~xs|OMvp;^wGWDsRd5Ie5 zLd4ry@A~1FcW?GV$;+8C^_E5&5(~uLZPuUJo(zZaQ(Q0zIb8H#Z`sVaeZQ$HHJv~m z31}#93)p&NsAcY?EEkC=3`$;_n2{2)N#4H~)|u$JGUiKX#=ZT9>j+SYrC2| z17^5=E~Uq$e|=h4c2<>&zdO@7?*@oyy#hXlP{S(Ljp~nfk}a#I)u$S;S$lAYUi@av zH6#B>6IjvScD}U3Ev^!${V*(~W?4RLWo+4o_$f!7?63>Y9ozv4kCZ_tUmoN8ay=fY z$l@%AV(6Yl(gA6;*<}PTLs7kY5#F!fh)d2bYvpBDFVVxgyvc9Dn;G68iL4L)Bzdxl zjiNt-#E6siIpkly$yD1(r#!Pisvfd!eW=6A64gAeT7BM!_tizkg^M7$D>dZgw{yT# z+VvO@*>iXr8L1h+=v%VuHPXe76&IH;>}HnCIn&5QJTw=*)VEImjQMrB%lg|?#O-d# zb3rqGvXUaE!Ec6g%rtyK@=-bwcfU}Nf@xMC(ATt0IxG}M!3YPR8f`;btj{6aBf-ZU zR=}rk^WeRCD?T{k^m(iM^>xhrRVW+zp-76c2ASM481fUI@s_mB43p*=4*1#gOpNhj$2(pYqe?n=B-;*vhb4+CB2AU zEDcO2D}C{nxVx=2v1IsH(`etQuu*tsU14suB~^DTPp{3(V3#)fRc8esah^Tz#l4;Q6Sm$^3b3 z=2M%N6mk^pFz_3g*6f~5LA(PCM%HhLdgnj6AEzPNoC% zcgPz6sYYs=Ezfz{TAnq=m*sxKz%-S}SdG6jk3jqU=TMY`=&Ryb$@)`RIv}Ni(CZSE zBr(+Gs)+`-$|JQ7JVq5WM=!s)ucst&g6EmO%?YKzV&M(||7VJ!g6q+8z(;2k-@=l6 z2~5^7#(-pX$1+J}n#R%+;Y)1fGc@)mCD&?J`A-o9E1Q_=vfSbtH@sOlf(X)A@^Oai zo=HPG6Uu3pyCH9h3CC@pxJagJ9#i7VOs8%_pT#oy?a&@a)@tD6l#MyoDpKO9%U@3? zL~J~X8aH`NTxu(e96NoWGC3psPL>ZLhGTkYmQb}-FrL@M}3 z>=_2cQ6pP0v^$+166ua6rZ}VAi>dXwMz6&xnH_aW`N$6MS?2bFszPrJ3rtV&%%`?CT<)g*9hkP9yukH2HCFv|O_e zvQEu#a4QAY=YM)2l+-6UbMEpv;w*h&e35@f`u_W;w+HaoaD-FDkMTHRzj$jGuA<`p zlp@=Z5!H0s;rO}pX#S6pWQeSxThvlg!;@}HXCe-qWUL!8l(MY&=-E_n*|P{p7c76t zA)giFE40=cssF4Xbn4(2 zm?1+VS@d2mi$LB9E|=8Rf~ocgjWs|TLr2g(>^u+Oom(!VsU;UQ$h++;dN=c=C`e@U zTaK)TQOuW>A0T=g(iQ6i#*#03BXEhH0jcX1k0jd$>53vhJX>I26g^L7oo7K7Q}rqR z5^;R>MovX1&4BEA1OrwmGY398J5gYsVlBr)bMqT2&D6;vPMW%D6-AMw< zLOP95zZvO`6#cIEz%$E2(pe%^9d|77k#D?QGkINZLZ*}f>@NEnMevisNCFM^0AF+) z-wUW2tx4m#AL(WhZU|E)ke9}?^!qD3xSKA*IKH*E*@_s>7N19ujN&djU`ie0PD0Ef zApGn!J0}nRjipfLj4+d;II$!B`nt_?u`(AmI=a`@P9;~_03~|+X~ozf_*Nq;YW3~R zxJb_Y%~VfEC+z5WQuboK>Ei8EV~tKC0=J7B`Wj@{T)nF{M$Sy{c~(-7eCNE;H>f;7 z;H58QiZZRb0$&&(QutaoWXYV;&*eTyCebDO5=mc~I1L$2t;d`#*O-2TPW5pVXt$YF zHWSGoacuVGGZSPB&R|r2GfF~J(aJs8EL&L561TMv7_ zUZgXiJ|=CFSE4NOl&OhgpzP7sup#KWvF`OMH#-pcMTAe=9WeaWjd*}*d% z2u7~bXj{~T3MAk=r-jcV4DqVqIN zl`tEJgaH2G4p^oD+4B%jnPcgfN^;=U*|4jtSF7DV*4_`Ca6q|ATyP?LA!5c%c3iOp zo_9C0W-`w!Z~9Y=NthB=zW;5hxwUxV=kD`j9jA;0c(3p>39cK4!32GQL`0Yn97F+t zbi)7{((eM}nKdXg=>7#x07i}G1E9t|+GSb{NXcbOT2Em6_9w48yWapuIr19&H8Z{h ztu2)UK=3{ukand4Hc+5{=J+pv%1Y7l0ohydy;<)%TXHyE!+;TM4}yc}Jy&m+B!}oh zS?QjNUW8>yl#0y7m4m7ndH`sAIWYsc{2WUtUhNJbm^`Rjn`~p5T!bv$m33tyEKA*F z)(iFhkm$I&I%YDn=8|fiTB_JjuU$`)>_S-uk>kanIDZVo_12`W{IYhnFHoA%_z$`@ zTl7>qYl3+!)eWxNJ#nXZ##QUVR5BN4U}krO;xm_Sn(mDG#-HeX1!E7rrg`iM#7ObBZ`d!RVN#~tFTfdEdLJW}60OZQH z;1%Vs&|}L%sm<1~UFqSZP&ehbY8d;{X}PsVvbl5$X0&8+55%^4#@fY(PxAvkuTcK` z$&ii#Eh-vm4@$H>F&s&b&zn}OEJ5QJEC42E!R%>b#1+Ks>AQxXl7r6&@%ZoWtHMrf zoUfx9`DWBUp1IE~FKcQ|=tKkU$Elmg{|uX;1u$B_w00xP5Ytd|LCcVx9pfLM#2(DG zl@)vNp7Y89_r7z(Y#Sb_0Szwg^{~X_c*Z+UcyPpX_4q8lZQUH}D zv;}JW7*x8BO>Xf3T#08Q+&52x>~5(5HGxl%_?q7pF7mgDDSx@Q|E{mJ0(iR_fJVXs z*Xpc`N_tuU3T`?PvE0hMnGA2}YHRO4X|FCm2~hFrew8p&Bs`wI0MIv@Vd=jwDI{wd z@Zc8u_jqt?FLtgy!#!Nq^CevG20+~Mxu(&N9RP>Z{tL4ibusPklmHJW5I#bWn@8LyKvfgarp-gB4xkDhi^pZ8Qk7(8 zTZlQ&JhaX@2 z#agYWL_}+5G?Or3@i}0sX9fOL`~%E<%pmWxE#3KQ*R-HxhKz9!uELeQ^pw2wfi#gQakgT~h@+cE$#?VG%_=HA1o&rcHbAgN!6 zeBr(tXypk}ZS`hPdW|PG|56maf5x&#mFY78SN2v_9)yUQ*%(UPMd6$>FMU0@dT@VB zcK@+zu{GS#r&(5mn$^6ULEd$-7VLqdBGHbh!lncn1y0$}3)YY3sX1Pw;F9TKbT3)7 zxNv7lpx*+me=c@Ge92v}z(s}Qb2Ri*Ql?st*7oV9J{icD<-x+65t%8&6XV|ldvwMO z?y!FwDO(%sD!XDav}O>_^_f;>Frhq5j1Gz&^hRhtBSy}^L_4+e#=uP#Z}|Lgkexg| z^}31S4{RCdqG`FtvU{u~cl?`md_v547UPWo{pq;c z0Jn$HT7xoI609T#$?q3Qx;mC`DQVsf=#hER?g^rb1s%__K+z&jO#4l)2~*>(6?<%2 zm`UBn&&c!3*vNA5-TIbQO&v4>=!8J?f_jtZO8^Fb&nqF8mgaketAVqacwMtOnbQhS z`)k8GtN4$vMb%{!TT$+CPSwPP2e&6D+PEoD26$((SuFH8#+GRgu^J`lAw@)c?{ z_UuP85hMo1jnURdjNKarj8bmVe$1xf9U$`I;7Bgeu@@mDWsU(1WGY{{*zUf04Vq=% zPVJV1tuxB(j!yH{wBAy7bOUsdUQTceBsHh%XC|hPalDKZc-t}kcEeC1dAgI zY<7z7#Dt}dX>M_`hm>i7Q-dC#sUQpQotBWMBWQo(C*P(8g6h=9DSS)+)pFg$p=E5H za)2$Y2POFN=?9@xcNHD0Go!%X`Lt9z0m8Meu#|8!X3X&F7gc!C=i{TsrzP2`KAQ~G z(;JS|<~HKP0Fa~1Gdt=@-||~2R$Eoa8wKZ+9yevAUXZ&PF&wIFuy(87!HLx-CRwLG z#nS2P@NiYEffiOFSB@3ssBv49v+8+HxBNu4F@-X=$jgCR)R0cD=Y_+X?DI9=;6%Ngw&Mf(uTQwKz z8r75F_w|NuC2+rs2ZG+O%LpbaXRyf3!gtTI_$L>+c(#}{m&GhDbh<9>V1TE`n|ssz z{r2cBt+vu8*v8Yq8NrqALZz${mZ{l`1xrVF%*3vd%9>u~+*xu>4NpyW5NHZ?Wm`kZ zoN0#E8%$fS3oi}wAxI`$6@hiJw7HQ?)FVv!wM*4nZHz!)HXSp zjKOzeMBIzHnkP8zHNSr-oWp8|etq{0y965BINgBBhYfhPx9(kYEb(Zd zoL6Mo4+%e}ASET>;Wqe+$F7x4p5I%MTvx|bSDoyvtH+h?hof#DisuptVtB{t3iU(l zS`u^5^-+@DD{Esa(VY2_yP{nD%;zZ$%qy*P%JcI3V0^thl-wl+B>~g1r-GH~bCph) z-n_=&(xSxWf37<7I`Da(zN}`EDHaiDzw3#AW@OY_DP*(OiC{KS05zogXdt8rHvXq~w8bz}Axd=R-wuyF}MV zl#P2ThtaW>5CTgd>C&)8>=mp;N-1p+fx+P*$ZJQ@u*-+XFi&sn^(l!#{^QNBm8x!- zjs01ZG0oc{sCxS5<>T-j8R7m06WH)4S4U~sg2 z#qAd9u6xAp%&^nGe|t;asb-n5k&1~*6{6?1p>gfxw?+>KcVx}teM}K)U<+n@0nQhM zOoy+ON*({Uu0S&)?y8m3h670_Yj{tdgv-{dNHq%HMZ3|{*F1W#uG;ORLh zW>Wox5NEK9bw+}@cX$UrrM8QgejTfHl4#JOGL;L~v8xiF92A^=Hm!@el0FO{Ssv-U zS5X++v#DP)FmZvQ=3|qn)Wf93d8rP&Kr7?Y;)%uuzBec{G?;+I4&%{icmr=~f2@n( zyYIYh{Yy0H{_dvK_xf}}+W4iTUFO~57{wWAZ2;#1OiT->Suue}z{9c*60Q#S>vi>>o>Ylx6U{h#T)$WE zNgvvtPXL_c`T(7@GJ?=6^memN8&)rCDajA#^HTHIC@f`s>_x`TNy%McF?bAH_5>?Y zFr_B&2yaIvF#(R1bkm1lJezg3Mb1wk1DU%Gi;Q&H+$w&0h-Ok3l{~epqU$EBeS$|>FQ|bI(!n<=D;tr?|eC$+0 ztsQyaLPb$>K(6|~b$9wd0U!R8f5xeeovmdeQDd{?ympi?L@czmR;&$2i7m8jQYVM& zC;HFPSYsmBfx$Cdw?`5MUgjgNH0`^9ZLJXOj}Vzx!3D&BicX-Ki~Z?k@~T^vu(m{N z0d~M1>bEG<9hqF#?H!=~WHhGB-cRepsD|8Qx^4fW>$P zmi_2@dS;6n?{f3!56|ZXL$JbYP~0(s{HzWEY%26ZMz+l4G*Y`F_{0U-O1)`{MB5$o zhvojAwSi7SW}r*Br1PNG*qx+FRy}A2Zeq zbf35blLURQ>S&89(1T<^NcAE4@TH@*1EvXu&`GGln-KDEAte=(5>8*%>&#y(ZH-!6 z`?Y?|TI04%jTyL+c&8+0Z2HNuW}eT-pxGEQB;zPS2#aufoKcvIDs)#dttKwW>U`K! zdc)v|j@Y!wUc${rYK zXc1u-K|ht^iB0}Emn#F{r=x}wd`a-n^HNgn;}xAH%Dg5(KBDyZvXCHP)G@!fVfx&bp}BotY*7YfTCq^I13>!-cBvONJb64%gO`~=&)vXZZ5 zUI!g=4E6aw0J`~!!-a6~Vs7z+`YCk=ef(gJ9w51oO<6x{3KXZWE~rPy?^M0CTfXKt z*gN+z*5amc%7phClGR*xkXEKNae%dvAdD&@nHvJIx>97qzjXhsArJaJKi>sf8$<=g zOV$)3+4_0B^rOXu_KM6bI->=eBqB6z0>y%*(D#mf@P4(Bw-ny3Md_zJGPIxl0%<>qn`;Ths3Y5aMX>)bpT+Z31g z14KMi1jS4DWA;T$>5`^CM60==sukbd)D6FCs+Z4ws>Yyj;d4TNc&zVvy@OBy{=q$1 zu74;Ce_Y4O*C!;d_F&^sv9qi+xb=FhA+gP}B${VUUX%0nF{q-pz*HO=AS*rSb+w#r zYE*cY2v*-hw!;=$Wjk+beq+4=o%Ha~86~|@0|~JCJu^|^;fwIeHuAgvVVhG$9Ck)Q8b^l48bbnG z>a%^UMGfc?TO~ZNM8W|wFzQ{AoChkMlsnO$F)rry)aFQpf56(Sd=o( zxrP^iH*%2C>7mZBuD)ULx3+}Z*3BsS8iB=DwyNRSm)ib_qC;9Zx{h+<3f?&D!64%Z zUDAND({_HgPtS{{5c3}A6XSE~IPE?&1AP0LXAY-KUB^50^N@ci74y!(* zd;T(J@=>&_#|`lv?bT{5|K8N37doe0{;K`T!HOL3$i30oLf^9!1{ZK!H-s7#z*l&V z1;=_Pz6`bkt+`#s5N_NY017M zres}(AO#u~n8aLe z8wb15fCRF5vTkW7;mrnSWyF>U>Q{6yh2rhE&1V9DH!yy;lK#1&?tp zX7>=tyu${IwY^Cl;7tV?=^r3l%z^GLH&4V#G2%>WCZTiv!FeFcbDkkpJO zoBRJ!2m0^Oo<7#Ngc$;xLGcQ*jl@r3bM9|j4<(^-=HZ*}#NkGqxy(Z0pZM0liI-j8 zv(WuXu;6zT3tzeE^U9+2Z@ZBGo)M4%+qf1sL(H{^B`-u86s9_T*=6wsx%+ILqUd5h zjK#2%uHi8xx}f(56BxFQLhHBW=@i_nyMVo^e~??&0Zu#!Z3$kiC^=%HI(7<})spJU+r3BxbXHk(~*r8t5@y`A$!L%If+=I!EW5n%HvVG2tm zW8P_G{c)cp4N{@geliOBshRs0(9>RB+0XOIi~MA~2wlzQUcz*uKJD!z&plg8b6i;l z?jB-)`p?no+Re{DsQXH&nyH0&#aP`h#~P`6AFC1a?{*j93eB z-T*#|dg3YXHkEIkxyjoFK%aby<^+;qUo1^$+|qgPCT!bGAX?ezRPc^2_wy{sae=u! zf8o5$HSTDokwnsF44|%lXCHqw!nH>r-y(gTB2 zdw8hWftR`J*~v0Dh+^Vl(LOj6xFPP%#GC)fefjTt&wnN^MiM@gap9pMYmKw3YSD^WOKj+v%{NW8$ zGc$IBSP3XBn(VAI01-3Kn-CI21Eg{rqzHARY3MP)VF#WLv>3z=!`@-$6g>ch#S_46 z=N&K?Ux9D`UNiD&e?&J4(3%U8JpJ5W0@1ZX+eKPBjo|_f5?*FD@5Mr0a!AlJov2^a z3(77*uGvbIJ&_JDg|6T554_O29*&OTc zmCs$j?m1wtkpnwtcVv0);qfml-_hQ}=gtV@1U(&2*DvWeJ24w!GWB(Rd_JRHuUDr?#FAPNGpw?^h=mK znKcj#G*u1;JF&dOB*}W+$BpGg%-gvS=Do&@vdaRUZA)$jGLf3-F+?1jX`Eq;6;H*I zTkAY#`qh>zkSX{;B2WIX1cloXA02F+{8m|N zTh5UNkfxxjs526s`?qFO1NS$>of z4`&b?!!y9x+NcaSs?4fbf6JbSIdDN|eQ<0{A!m_vC}<=PJ*F4Ot1OoX`S6Nep!Rvj zv$)|f=&P?l9`NZW|2X$MhXPg&gAJvD!HuU-sgWlJRGl9|aD%RgGZ+yhnH8TJJ~LkF z0iz3V(X*AsdrJ`93^g)FdtffCl5_mi;iOk_oaKj7+tp@tSRP>%xZ@SCw$B31fq&No z|7U*BPZE{S0hi)RhCJ*+C*<}v@Hqu|f)JN9P{`Cne$uWs%B71Aocm(%`;d4I&be<+ci{WbWOzCCed zN|qh|YtztqlQ=SA`O2a#V&r!n<1zP2@=Y6`CiwE7J_;BAssq9#%VWeLHv{(BQ0|P$ zf?oRpa_GQ=U+3`W7x;y_WKJ5!=8d%j8RDA~$UvU;K@qk3aQ8cD9?Xd?tH7-nK&mnJ z8dz0Nti%nisObm2XU$2Pz1XQ@0yU4az@j$7pWz3Wh=>b^jCyZ{{cM%ywbgyp4;!YV z_fH>IV&dQjXj#Wckd_1t*$>d;wN0JTQ%n;-Kp%l9fJ@EzXLj%iio+-0fqV)#5tnwk zX8e2FsU3JyFqq(wjcA0LAqRGkSc~;TV95iA7w(Gdl!Owr|H@3>jm?=9Om@)1ghWER zx#LV(>RvtM$b4f;_Q_FJwJOUwPJG)K%TdO6Tu`g6=&;h>izo)oX25SGwLI;AkwS4& z`u#_+S{603PP=DLbkD4Ub{KIrZJb?RwnKPBo!|k)e+1Fs=(GMO9KSkC49Smz(66?S zvlqg*%~WA`fff6ok3d~NxtM?wiet2AXg#-4tV?mU!Zrrhv0NU@GcA;}mJmma_!vNP zPl2+d22b_mwY`XuS~9YIp%brOtA~1v5KD%utAx(z-@4etcA0bCyf`ND z&D|@ZioBn`O5KtModhijTm;7K7aBeFeQE=Dpa*rEAzgSZtK_e3TMAdr>?(hobgsdI zH}TDG*~aP*5I~5sT!5^B`C1Rv6*dt>3}mbWP-&>`^<7%#2Pio|cZvN=qJL~_at+w< z@t^>f7djJ6x&*t_s~V{;c6Tjh*k()nT-uf~UGZcjAd%*~HAzPrK%F6h@tyUY zr}3Y5J5PrUl5jg^{w3ZKgXz%>WS#&ohUrORjwHXILcz zUO1F}EVy-R$j7K>3Z(dnr7omM4cqeNJjn3|bAQ=z>yuYqwY>>R=>mp@gwg)I4$=vI zgg)MH#;-F7MaNeOFsjn^3L?D_%Tr{)YYe z<=T7;Wfms`V`(`F`UPYgluAYo3zPw(BHzniC{>mDvP? z$*Xwf7)Mm5LJuU`gOZj2O|&lwKtdi7Mv~J81O2crax2w60imD8@9Z*`&%ZYw_y zdK$B%_?ukZKKXUz7q`ELI1PlGtw1&@fR-uR60?0mlcPHvHQm}B=X)Kf0Q#dq z|6Q3T>7__J1!pt54#QM*VN=;G2J+l^a&=01;qTUTm>8XO+&3_6(Q7AEzhyYvVZ z#IPOI>ZISpVY)XNI)-|)eP5VP`~cmHBHl$;5$=AO{;Zs+&&a#%Ma zAG~7c4g)f)H%*yD>z#EBKk2+K+YgXWEbD9PQAcL8#(au)NW=*72|A_8_^_n4jhI?9 zqE$1PIic*{N}>d+9UI{EpL*Z_0|+g@g`m+uK`NE*88fwbf z9*uqoQDO}86oKPY4v8JFP^(<_RB@E{lOvqr4Y}6B{QRdU9(Nv2an4kv_yPo19bhR{ zI+{$swlCJ``gQ!q5wGvJw1xYgs75P1aRO5HFGr&f1RTe*nA1-?+Bg*+Pd83;P%)1(u$??f;DK16z7qYKW^JPvY?s7h${jmyWq{AXp>kNL_bNho zx=b^#*I|i}cHz;3W4s?j?R7u-m_4`G33U<2Jbq-*10&N64*~<^ZJ1(1B^xIbjx1Q- z8s%scy*eDBaj|k|LEiC9_~JYthd@1QI^??W!6`!kc><^b&siNL)N)dqHQGnre6ff&xLf< zl7RXu0Bq{wfq=JU#R1*IdtI0%UgsYmR4>qw2io^P|3>C&#${4Z-4Bp7E#8{|fQD}e z6HsmVK@tlc0K)$gK1uumQYR@S{^A_{EiLh<>w^4oS^w`ot>iRhixEffi@Az8jS7<> zo4e{PwjVubC8iw3cPn01UIm~N(R`6!k7zK)27A{QzNrntW3q z>gVVEyPEVU%jc*VZ-N{N06%@ zLvjM+Xz|XZHy3~$0_mE9_}>VDfKJ%YL*5@D@Q=X$N4oOYxn(Ru z2)hl?kv}8p3!FnaE-lQExlo$JdRTNq8Sd;SaXnLH-e`B_cvZ;>;6vhw?`(ih)KX^P zBYT@i<8hkawY~8w*Dq%(T;VC>O@Q(MeIR9^rtps;9)Iz^KWLJF5*$DpBKu1fcWvui zqpPlotFq~1o@?F*WQ^|(wukRQ*5VSb#nl?|$hUkm&}o_QRB2`=*#7{9BSfG*>=%4? z0eej+pe)Wh==HYp$hmH`VF#F*kcMp@d>aKd#6l*))pxFHp z{3R`2oU)`M#7h8h*)=yx=~lzs%R#_ykz?~}NrzIA6oBrw z!q@Jq_9%zd-JC@qgJpBu8brEKOur+ntR5Uv#j+Qh9FE6z#d1EYh)_EP6b8Zwumhk* zWfZ^ndlk?B)t^HFPWSi!8e&3p*nHB%4Sr4?QsN4m#qH}CD4gX=$UMJ@eQRs1zT zo-42Ib#&tIth;tpZ2RluH?`OP9aP4nx$_Sn+Pt$E$`Sll&CR%Xwn8~q6Z+ye+v_u5 zL|xLN$x0pmVB*Zeu`-MHf_}SIvF8~=;u~8zaH;@YF`5davTUioX2$V9q5QT+_3n6b zk;(bn9VbKl^~y{NH%x-c)6gGfc(H8L>a}s4OM4NqJbfMIWIaRQ2M@Ar2Kl)ig0m~@ zT^Q(drQyuYQ>+Kb6lFoL=%e-E?~$Ovq5scGR3HSWLK65G%7wGwf6rbpoYJJ$#ujY$-Vw7vWiEz z+zHq#3;&3bqZan>Hpe;=4Mr}`9`zx}fray5CMyQMMd~GiN#l6Mvrq<7u4 z-~+1Y483ii_9}^G_5-%yWxxuP;}SrzN7wB?;7YU#$tcZqZ!iV=XDM+qM@t05-sCE5 zW>WgW0O8zA085kamo|Du=0n)IHi~aw<#t{{k839&_;L9d+H#j<_(!obaI)A%*{NwJ; z;&bLV{y+BKJF2O5T^9#IK&tc(Dj+INsnQZb=^{v#jv`&UK!895lwPDOD4}?0G8Yb53BE_)hl9uiL8J-2VtG)I)=#A-_TL1U)+c6ESl)X`Q>2yguiWv zgc&A=xm&K!Zy%%p@nG2d!z-@S{MnopL*AT{9N;jkY&60lk4fjNL;8lBr)o~CsJfg3 z!%v)7T*M72`9~)sch4o90$;;)%poH0n}%8hN@(g=5R1T9W#j(${0;t@$Nn`9{4F24 zK_2)Z>^rCz@Za%{JQw2bJSR*zwr>Cp@GPI7mqaf1d-T1ft(~d|yxntv`w#Dra^3&E zZ`6Nz)BZh^xZmxO_g6VFe|$~uA3gFGdo=XzsLle($NT1{S7`9^c~Kh!Z?98KBP$_y zg~&cz!?}eOlX+o%VJ1eXRX0(3WR=8QV-eTV+HoQ3{4+x(bm0qC;U=NTZUYOJJ`XF4 zQCk!svU*J>dp657spof%vm%b0a#xB%sAn?folqBE;;BI!;JT%Wrbg;xX@)KtZI6>V ztILXqzj0I*?+e#(1;@F2y7B@aJL*KsZ-9)~pX%%UEcY`wQ_o0@O`iG#bL zGo?Bs0fdf9HRVF$-|i1l(4&)N1KUs7#L7{kG5I$thfDj!o<;0y zS8#4yTSTQh_Ey@n`VvZN?gk@V_rgu^q~wspOAS<0km+Wo-E6ybB^SQ57xQ{*E;X+| zMYAcT;(8A6#0>|S2qb4O=5oq+^YS*gqZ*R`twhG@9%K2`{mMLNcfwQxnD0c zq7~>rtq=?^C;*7edAG8 z&OU`qG$@22qE77q*3Y2~D)pbcYr>6z?JD$5sL?_y(p&cFrVp#uyVnPNpBL#)CL?*z za5DBs4=;R#q5SBTwU$Vx2}tt1OAED!?neZ+ye#I*lT8Ar1AfR%%J{Z?LhgjE{y&AR zR?sCxaiWyru1ijF94PQ}6JPY0+!2clLe*zCE5GZ=B=2Y+G|t`bWg``hNk4rn0CfDQ zwQv9RAEvgz-u7V)bGV9noN0MkcvhkU^7(c1;4|FEZlfU@&!1^{vf-U8K+sY`3kS#^ zvG&w&0f9INtiX64$Wg;?Gj5W2>aKloH=&ZUby?b@H^v0m^^jD=SyRJ$c&zq0OmbI} zF4Am2AcA`z7|)eNPg+H;e&ZWpv;3r7YEs3@v0jaxYY2P2U1q8yeV%&S6xKni+hw2*-{Oj}zLe#<39o^biY15ElSH7%>AVd6qkHW?^8HeX-;r;n z`xW~TE&UTGtd_@eQB~vNtEyVTJr!5;Fb|DdGb;;=b$@a0#6#uvd>_lcs#rU7Q{W4K z@Zk?u{Omvf)$s^JvPifSm5*o>pn$L=E&LKA1DQJ{#Qe+lXl9ouLwin(_`ZhZ3w*x! zB-%bUUW;S*dS~DB(D-Kij`>pEURaqxI|VD02{rG3WD;1dnpKmB32bL_4-EL~rc9Di zAFv#>^ieP<)7tD&vFM5+wp-2}j(;hHaan@BH)u`dt84%4ZRT6qIanqj!ejEeWEaN3`%M$W&V*|c{07roo;*o@19Ygp&Q{`FqY@IjZ6<^8l$a^ zUIo86*5vrMC{7ZME2Y~pC!KIyG6==}i9_;O9UUGQSIw(C?g{#8M)BF)?tw97M$l*d z8$WR*q&_h`blWm{^J^nih^)Pvivb&vzj0M075vnxNByyTUGawCebOrY*Q9Cw(_6dpMl~|0U!Z-R zYK1&&pX#X}fgWts3!n*uIHEfqmx^9eqBilv^ySM3Tco~x9s1}D!H@hH-~567v5u>u zfhsM@5pc2pS7(qvbC>z8W8KS2eQBBZ!f+$;y{wl(=W9Pm(r&FruC8W8n-Z;kWkb+O zg{MQy0F8|(wRGL+x6m9_(!s9?mZ<5@?rwz}xj6n?s`iBa@h}3ABvw3Vy@3eoVKK+5 z#Jcl#$8);ZR?dyPM=4%hFV=O*v8rdG&^_Dalmqcdh+rh4D)7JVkBm}9}Z@)fOUL$YJQVdUG zmN6w_*h~<#+gq)8pkq0x^<2)G`OoaR{>ZUdd_n;Mo;grin{C4;KZ6t|q#8QYKkr$md>q^FbS^N?OwaFkP$yXK1-MyoYxV8Q6QLS!^W6n?vkywqM< z!dlQ;6|q~z`J?gV@eRTq6VwPMu;n>qPbJj#GT;NhUu2>RojCX9MA7Va!SW&PX@kj- zp}-g39)S-Q7e^U&x~F>wAi@XDwbJh7Nr+$j{CdPM%pV6)-SAp1NWY+X7AjE}V4HL& zYL9nK%Th%{ZGicE=M!i5n-7`y#d#kf8;E?aU=kLg8#&LIpZ=h1@PKX|sFd!1ynDVg zQ88=m5-kePtyM*HG{W%?El>h2%!=G2OI(%-l0$bNwMgxgTO>)nAtd>+gL4zx&ZSq(ROZcL3*S)74gFOA8v0UCvglmoyu zwb#s7@J=IPiEpD+*cF@;8?1h~)u`VWQOog_$#7CPwuc3hwdNOkr{938P$%2*KMm9V z<|?n-1}?2=-78i3i9@_6m-L`jNA=kgDWM1r(ukfG@VNniCV2_8&xZ^`r3XPxSrX+n zIjM9#P5T_{mM?b(aX05uRekJLg)69~+geJayW3`G;w>!1Ib*sw_f;X{?c#D?L=NNF z$Zo96;s@oVZq&dWjCs2uVf1MKhy%DDt7>ik(lwHwAQSwT(F5UcXYs5>_qdbXS}=BL zrx|NSFZcZ~R%y?QSe#mz+Nj#d(NB-l*HhUZVDnA`mOa9ePA`Jhx>d^{(a9 z_Q(osZworNNpm(ntbKGU&pi2jHGcmx>f&l6BTtk0+*DfWrtSVY&(SZcyK(Nx-}NW| zC*My0r_OBt;?ITGUw_|LA0BW?g_&-ZxcM??!-r)QVMk2GzC(8$-NiN}-haf<1{KPH zQlrI!VXqr}DX}z>iZME<-4b9UW_>CmZcJhunv;^e=o+`E>*i3}Pg%{H_lN^WcLV5_ z>UK)U+?@)3s4>g&+6#V*xZkbdDAR=S^I_Xc=Dvu+s%2ow&}HFs2-IGy=caW%0h+6d zsxJ2IOTnul#9)%+y|xhLhdj{)GX?rhHG1~96&B}lF2~_?(8s7VaFD*P@8K+cv$4n^ zRMUw+#tSn3wE9gLE3JjR=BH(6LPk?@JdrVo{2i#+xf^Eu$&c^xATAVbKtsM9eGk)S zd_~&OZF6>kPpAj4Jio+r-LC6c3T!tLSV(xkjg|4roVQJwYR`2@T|YDalA2vNvPUQH zhoeTs-eYP&s$l-=krey(9;%|<^Xf@(y#Uq_q817D7N(lho38lmknzIcu7MHgb`QaW zyCAc>Eux^~+3nN1=^}P@01*iO_51y;!tzhn($X@m4$`vv{qO8xeyce7ThDimyY_Ln zNQkTjiA=|q3?E{Q7Z=_8N5Tn|8oRi^<4`@r!T+M$3)ldc3p8gJRgDPji1Z24lzS!J zt}A}goE6?v zj_)pPLtc0$%oreUiJel|fz&{tMPw)g- zJuR>tgRIINwm18BxwJ{Mu^39N6&_Yi`x7U;mbDP0(q673#w~j}e83U1JHiv+j1;<+ zt~_z~otSwrG0(OHWVwjqc?$(f&-1N!U%a~+ zV)dC#_QeNWnwV&(4v`H9)@7-E8=%(SaaS^s~s!Em3;?q?z@08O{XJ zF?)g=ad5_oN9`n*0IbJU&xL|*BT*%-Y;;B{&Btzu@fEpkc9~Li12+va-cD@GG=Fe= z<{>Ukgdcv<@8DYVdCN{MJ0~qtK7oUag_#;U(|dm$8`! zw~8dgDGsjkZ06qyr1e|DCfIH3F9!g+K(g88;6AjW^w5EOVEW*qcY7Wy{qS2vNe&Pg z`wyrjfh7-Lj1FZa!&TU8%PYj8aO+`r_5CId3U!$#T7Z;}4n;2i#36&ac%^(WGrN2K z49?+FKPKxIcJlg0x@X*gEYC4ht>n@`^QU@lj8c3XjjiVkkHZrw2Tn2+^~Mc6{6o|1 zhy6Yseg{YKOCB~2vjYk%li2E0Q4f!Dk}Vns_F%h9h2=I{-XDE-!tp0WgDTWCZymMc zVi$geY&Ow0Ak~O4q3u(x`t$*BGU{p)qOZR+d$z~H9(UcHbE(3R_~J72g{FV5Xsk|! z7dtgW6-cX0d_67Nnu_6hMzlO}UOI0t1P4g0Iix+VXpWrB8*1-^I-q@{ySuMaXC(=p zn%-F-SB)x#4c~W$kSg5sCTX6h@L{>^_mncei_UEIga>nKE^iz4A|gNYalA2OY-d=A;It?kKSYmtIaVU#Q`rFS@W7g?+qJ^dh0i_UuT z54USiy!oo)trL-gka^0zv5l+4{c49>7{qf->iMI-+-W!oRD$s7&@B_rS^4^>#qH_1 zuha=+=s*$jgx!J^J*5DA_{vF}XCOJf2F%sx5~gEjFuj=RKKNFp*a)1TIK@_#2XW9T zA3HP%D6cK`Ml04u$`Y+>h51q7voKxoVzkj}%9w=o)7OvR3R$BPWU99?0J=1!Fb&_3swlm|KLZP1T zmtq~aM0ULnS@wl|c(A5}^~`$AR>#I$E?IVf*Dme`XRCAWxzyxHeGp2=ZM1INMc{Uv1&s4+Fsp5Dda(ZP1TLy1KL z!e)+p6wvM4BfmND!=VxLX}&-1Mc}aDwwVpeL6huiN>HA0TpG_@+#Pg)YCPl7uLeRl z1A7O>+i+dV+&aCuVj>M}Rqxb34e9J0c(weV?fqI2LL%g@J(uDQ`Di7ETereWgn&3q zAas-XLKGu}niB~0p;NSvdWL|Ndz})Hk9G81=fIfZN4oKPQW^&s_`7ayp#X7b=h+-N z@+8qLLE>UYBw@WC7B`?Dz)-lTctbAY;RtZpdwF3vIO{kY8USrA6|kNu{r^+3j{B=H zi~C*R=s!B!a{MojPKZx{B@i4Bg8&A8s5~%|c6eU>vJvwY+2^7$(b-@*Tu?u_);~Sz zoLlEi&+F1Ca=7Be2Ew>308-m2DG7@3f{gm2iYkN7rHIYNAHh*<_osIGH-DcuvJ6xTH{X~iY+>cvafF-^e0^p_!;W+q{bafp674`s)ONTMld#4xjs6A9NnZIK8qz;~ z1SR6ox98y_Cp-27D1UoX(*7g04d)L$#_O#YgzT;%vs?JQ+Q)P@TwSsnlb<+SzD)Gc zV3=%dx>I<=0>|$W2S?5+VC&KfXXOP9#Bs19Y+Pjy^q6CVp7TPx9S*C~Egp#3=M+B? zwcEPaYQB&|mK;BNyDzGduV3>0K-7vXlDO6kmoey*1igr=V*U|EYwDqcfBg|hlnFB= z^jHrQ-IX>8Fj5&l5E zRGS8xOJJ^zs(6QWS#|oV zzkKbY{zumgEfH1a9{FMZqi|&zvdl25nSq;(*J$n;O-De~RZR-MddZid**@f8ywqop zjWmY5?jEy<#W@CuHQhKUi+GrdyZ@nLhi_>^_&p|Eti_-Ob*bZA9Y!Ce>Jz`dowc&_ zsPpMvPL_K|2gD0-S@d2z>pcom2uC{`DU(l~*&;jjM)hl#-hxGj-PSY(nK-MpNNdCU z-O-N)Y=$vhNQz)Kyg~a~>ZQ`fS)rXMx`WNJs;u2hQ%F(H#LwK-l`j`Htgi?2yiSf zuoo`N#fyfwYd2{KMNkk%nS6#bT++=#AC7mGQ}BmEdyh3)zJBfHht+?LL<>ke6IA`g zp;~omY$0CrbQ;DY0H^)=V3eVGaGQChZg9^6g4*bhF)D+dGR%UwZKvhJv1e&6`N^?siJ~-L*Xcw7VVb^bq`xR|6Nh z8Q%yeb{SRyg?W~s>8Hyth;#AP`c;%zTjW*D8K=>$qnC9Y0%p!n+=;!AE`fNX*VrmI zOtjzk=IRbgf;x6TQ!p$D38%oh)K*~WTc@XNalrUL#oP3+L%bgJ5tpJ6_Qrbi!nT3q zfQ--VuS#yt8Vt#wN1gk*o24c87rxMp6rPRh3hzLoVrSnx9Wk2)=IP00yhSa{szL=$ zDZKrySG8H9l@@SKZeuksGI$S>{2x%KL%UnCF&Z3iAF#oz2!oj~()Y=yYoJ?biY4yQ z`kS4{C(ajvDzmZQD_(KjU?VMTimPwn_aNr!%3pJ;>Pe`2EH{G<48qFg>Pdn0b~{e1 z8{~$^VX~t~N4weX{HZwuTz$RU#(J5rcDFsFJECn0X>|Q&k1SV;V`6H4vGwu)LN74x zLs=rtJ6i3$`s#EdpL{pB?UGmc_eF|61tGt0 z?#IuMn~xkhOjaOmXJ-XkrQKKzrlW;BXJ7@fj>AAPL;O}vr)$Y-U^?z}EYDMjbAs;Y0XgpkIJsLps826`WTmoyzTo@#I@Y7X}=8&i7P)erk0t=3W1 z?)^6AkftkVZ~*$J)LQ^$(hK`rAm8tK?&rTaj{e6&={Ge1f2toaE!FB^+@B9}F4wv) z?1(KAzIO!^+U%>+X5~`E?i-YMsRsZGfGq7;mg_R>GWg>i^Q2%i1gQ#AaeOg6d|Bd9 zm!7g_YLl}=_~t;|4a$;xyRrl`YhfR+wRz_*g0HV%QUi6G5@Lq$8$4Tfc;;#2*PQxy zuZyH{aH19QVoW60=gUmq^CJ!q(I8(0MpJ1_Ib7hy7@t%U^T!3++v>e}4A&oD>7?1U z&|a;`+H@|%6TdUJZ9;-2!BC^d7uiDjKYQ_21cwZOzFNBE(np(9Rx9?9uv8Km>~mwD zfl?8~=>F7&KCwkWcUe9n1*S{?W^1NdK70fdvelEbBZ{h5CyIR-`=MX-^+yl!6aA3z z8c{6`{a;PApx^%_aj;S#1it@N3NTPGW&Jgn%lLL&wMS3JSbMinAjqGUb7Nci6}^QOMr-URYNx64x4*Q-}NN8uymLpwF-gPOU>O5Jg-mxJge> zf85-~U)sg0vE4~WudyyGSjFJfee|s=SE=6WQ+tnvw;Hf*Fn<4UED?Y9lJo0$|4-fb z9|@ea1CZ?IGjP~jNjSyU$J6q0p0EfuF?QD<$L3Q07#2Udx565+S_wQ8{e^e5{j;AN z3&_K@e4ayPQ3PeEJ(C!PQT1A0l_?|Kpxs*oq!P$LdBYX8B79Wb+3=DB{<@F!kIWxs zofRC=AH5A*rm^I#6t5&B-aA4Nz4L4sLSu|qVSQwwLhPHevTpwsLwRtpTFxccX7)5b zHoz>Qnrbz&`6mwE>3JwdK1)|~`iE}XF{}pwR~63oT7m9r1%CZ6J2P-n%kJT0iWB*{ zSM{C|aikI!Weq-JyI5$L;^{D^dr~sW=sL~Wc+IW#S&ExpBOegm5s1jaa-TneN}+Fe z3Vbt>tA2yWiXx!|4O7Ih?Nw};B#r2%2lnv{4V@TUPMAwMB`#CTIf zWi_SszV>gjA{OaaUI(|NdowB#6zDEpMlO=Mw;Wt#KOW(K!_}{1pgd@~RT>s)W;~qg zGt@v;`mtypsQ=_^VVRH1(3e;_@sk_l2osHRdP4Kis z-A;Yo9m~w>oUuco1NL4m`)W=&!&3k`dwpSBTYQlPVlcWR)Z=ZTX1xC7X zV%J!+zzZJO^40PedD6G*4?Q0Y2yXCnP*Pxt!KJ&ZCAA}61<7p3wNYteu`Ok)g|F8ha;Zu?aB zj+Ou2G|XGL68|@+)3lp_6Vg_9*-xA)@S<@ksZN6E*;55S-qh1h;9N90@OCq8qqCd> zBKj}ks5cOXhU@#DclTBMPPxw}+0%5VBH)?RWpkM>WEmtUnaOhDgrlF{@ia*pohw7A zTh4b%)r5>{3?mO=v(x^2LgWh7JQSW7Jk2o?Z<~eLE&2-jVfIsN7arxA^P<}&w!MgC zt@zkgvVX85bsbbV(o*c3sLiTAy!dLr37F-L?y(`JsoBAe+QH zS-3J8jiF+p|jdhBvKty|xBj7`~QdpN_K+LI_tE{t5FNLCJN+JA=AX@JH9!v)SlT?U4%?RMU@sAouO;67ZyIBYY03E^nK4f!{Ua z5QDCvbV3*S2v`Z9L=wS;hef5jRybCp26DG0aNj+o9oL;$!CVatpKm<@%y-V{-&g7+ zYbqpXm1WlKEZ5eYoC9Zpcyj(v6qbKGmH(iU{3B4(-}AkAk-x1+S^GWJXhov#ugqJZ zqf2=SbacPEy8rG!!k>S!&;8Hm{hL+hpQ?fj33ssy`STNZ0Z(RuD>G1Kj5PvsyWh3E zYNT*PhV%2p?SLnV_m^M4w+!RCehnwa|HnZx;gAS|9V(R23}%wzu**^+7oL2hqm?|j z$nYvCv-S3^Ct#uLsfML*K9iC^7y?L_GjP&NX4`r(zghe2VN;V^-2Lr|9#jmW3x4WS z@4n+xr7T30p*vdPgg!r})LJyrCYqQe&lB~>SC4jM09UD$$23%N-7UiWlvDRx_MYIm z_$e}1WF>_o>|oU5!e9F%6*1!I$4w@TP`s>*G>7XL`j!Ny*lMH0PqyJ8=9*UlQwz(` zoK8PMg5hM*i?;LfdP$T(xX(=pbGr`-YCN=7wq5|$(aL<6d+>-k)U|Ack1K-q3ukvy zYsl8EZ+gKqlieR~*0*Nrm5+8jo4o=o3@U$X2a)$-Yi=<+5x8jU|1>+ollcK_5x{y*#Y|C|`J zDrJBqBWXVqu4WJ7YyF|reScB$HC|wN!-v3S1^nxZ($choA<--G?XEe)`Gm@OwZ`Gn zpHCgoLP*^p5VOr~$u=>G*Zp#Z`vRRyIl3&{AIbAPkMKkG&n|*Th3g~@z9*@S7B1D4 zRvJaO+}qV*S9?Cfma;F7@W15o8PG=ru-UmZb=^+SaNe^Ac_lrck0_Q0*MdwzsD+|a zsE_77_gsY+mkLO%cB8AK-QxFa-Ei%i$Wug{>n^kp=oUhJ?Ekf_``w};6E!IJMRFNC zwTA>C2N+W!yMtUTTjA%|&Ec+ff}7N~WZ{w-{Ad{|gK2)#F6&$(%Al$K;9NN{EIbo`Egt`>{K$A}OKS5ESV41gXP@nNBmiI1Y?c##Bh zY9ZCdlZ@biQL`KSr{Li57(5+1+@Wh`6;LXV7#f;&lOt88rSZa@IpWThO18Q1wkH$_ zU^Ve@2m2r+s9RQOPV4U>JbXfnu_nfyKqvYG^!@js6aOc^=68s_je`v@f0K%wQn)&L z2;}9;{wcvRL;oBc^IwE<{&7y}e_R#1hSf!ev$rR+j7aeyS}lf;9x`3~!CF{WEtuS! zL7+L|Ya&1~8QA82W}fW__?n1mjzVcIInCd~ia7;)NT1O7sifX@3m5(NL(4ZZPV1e* z(A-0mTR0l8*)zev41M$a=*|7i`}JKk`Gg9Z7t5}sf<&CAeu5NTfT{v)wujq{ z3-RO$cViBHZ=2*TyUvU9c;9yOMV6L^))Edm5I#}3p*)Bw+!uah1<#Th0$@`x;7W4i-L})U22vjIl zBrDsrf9!yHI#-rn{_(z&(9P~57JuUny%Bd$$v9fmzjt)jKVmQbvp?haNT>kH);GN0 zMp=KoEF@v=FWG{>7@dGIi}J5@6eTB4KD%$s6eVdwjP%=4QVy$EQstFS9StHX5ekTh zsL0^GBNIAEdW$<{bNLkG_jAd#?@{&R)SZ_vd9@ZI6L2A0iHDy3g{O6U0-crmQ@=3W zU%?*#P@O6C1TA*#gE|RkGBT05n_){4Z=nsCyH%P2#tD=@ThyZ?mQ|#-NEkhYz4el? z;c@`Y6*DbFz0z}%8cUAu1nHcxDmaq)lMYynnj242f(pnLKFmA-lghb*gHn z`&6Pt;7phtyq3sbE3>}0{YcY9c2Lfni-~4KAwIDfY~E8`%YP*#^}Syh3@m!$@XH`& zV(-ts&;F6e`#tw`+W(L&a`>ONT)f75L9B~fKy^Um0-ShV7xVzV7VQ3&<56jpX)j>w zTToS9>8LR^1#;ddSG++=V17WR(qU2#f6trL#&!e6?GIJSY$mN>QVTd@9vw4#?>tS` z>+^KzPCu1Yg4CTpFmmKOd|GYs(C5bFMV6E#G77nPdH^oMR*|hof}4(qYRb`-s=pjR&uY!L;XabcwW(}BnxFq=s-+SFSHogf=hM% z-dbaC3g?oo1wk2|oE#H%6CI0<^bPTZo=8Y$;{i|_`%_E<+N^QDBp3x4yk@@uXtB*^ zi_%k(QB+NzGCHOmmM7?;!JkfqUYC3H^GsrW>RA#ReQuf1z4s>C5X;se$9-&Z(?!&! zU8;7pa`LY8dcXd|O+&x$#)>)*_e%!938DdReit1uJ%b9G>8X@*mR>A;-e z@9W6(hluF^j?VGV$BFtY)ZR1eMR7i4L>HPH_F4K5FjTb!RXP^_7ES?H77el31$>_D&uE_35z zF*3)+L;zEP)Q!N>7^^y{By0osoq(gy**sh3u%u69>ACJ^A^w&7w%x6-5AWGhxSqnI zP?Lzj&ldOgQ@)CO0I_NB8V1wR$sre7Xo_Z7VDg=rvu}a6Yhb+;lag+=Tu6C5c+a9% zpq0HiAWGaC`k+wF$}`A;gBtNe;>`{3$4vY8mdlnX>6;3pS0V0xZXpWAu&V@pG-3h&X{)ayUDJLUNjN4r-owmpfK z)S4Q1JFeCj6R)nsU%Hrh5(w&`-I`;+h!vjDGe?6e_&PUV7Kh1#0u=Za&+a8|XU8vE zmfCHl9zsB*{SWw@e^|RG)SPZ%*r{~WFltDJNT|j76evz`x}0L_n?jU5?k+33X5BZk z%qJM)fHZk0#a(u2M>lEl^p!`#KoTf*nHLZ~;5H&;5E>D3V+Hkq26Ube)u7Gm?GOv= z16Ke2K!2db`%2tlJ|4CQ*N8PuvNddRfXn{G*<$euk2|anM($9w=$NVf;5GeT!Lsdp z#U50k!0X+0yZjEqCV(oA_Plc9f|<9|kr8V5J|kwY=6o&{fJ|hzKK!qX(_dMe{(g36 ze{^yE9dhLqge1lZ8Tu240HZU|;+gTW$Hl^Y?s&V8@xa`JV5qxru-%zZWIe8Ss6OmZ zHkiU&MKDi5p`nXh^Fg(^$Vfb+=?+`gxcL0Mx^A1Skvt_{ezXAPMM{-6A--wUm+?r< z-on7nRrJ{Llt8fi8GGOj)K2E;aU^@7y*+D^o@3gOHFk6+mrO6jQZZMSo=pu_jC`fR!>dYtI=QcSP$wO^Yy(kde7bIyRf ztU1kyt1x7es_J!9xjU^YOU_MkZYNJ2O2LqB{)Lw#0Q(k*!9_c$dP@tF;bWL2-PE7x z*M`<;)W|Vt$BRvulD;cQ$G8}OM&1Fxi6n#QDx+rH*shMI4!=Q`M(nTdqk5cZ6e(G| z@8xnm>cUITjxjdyLYqCmC@=!iU~vKtTA0XlndYD}Xy$2=!v3#oIK|dQS7@XUn?w~C zir+8WGY6e-HM7zDz>*-n1)Am^kA&imW)_nB`vUUdT+9@W{IvqY`a8>w#Fh3+*6J}&{>T3For-$&UN1Eb`RqaCB* zLtOpni|*;7&+Qn6){`?tsMK?0O%T$+j&#EN>);E;dE4M+*!}o>jtV{RYF+z0r9Eng z*HK0T7g1cLo=KD!na36~&W>QG<8U~5W+0&f<5Cf#R$&4gXl*!|hK1kFnERk$He`hm zJ$F69VpV|ga|LGbcx&$zlW=+NfX-RDbC}4}S3m3h69-HMSg_k&3NMd13|5c?UpslF zu-YXG=lKtU+p6Q677 zW8Xyq5<`=#-UMfNGOFCkAMk9rqZMhW@>Jwo55*Uv#sf1M1w0r=lhhs`QMa?R0pU$z z$cw;M+n!Z`BK}r>_+`1ey?qa9oZ?ItF~w0*_j?Y))f?>8D7Br61pz9E-}GZNd7L}4 zbI-`k?|4xweu579v{#g2Bv}ln`&!TSl&F1&9lXL#(0z<0D!n}#@F9B^=VF`NbOFz9 zS=MiIVeQTcXTT$>AYpiGtk~l0!CiJygmpk|wV%O!?Vz|`)_H2Ax}^E0kD0x!<8f*D zLj)s~(UdK>hls<%Hb|x3sye{pg5z}a6()UzE>eX7?vDN-h}zIvOiWCFSnt*xXHb#6 zgZTq~Eo|#uM(Mlrz(C)Mj{`Z-3a7w|)ehM^@Vg$BzOD*+qPR%!F7T#GL(naj*C~Q$ z(ImV=7esiG3S!za7K!!GvQB2H8nMUWSDUna>A1kJbTg`-KnW`+w4~N5a1ASekp(5m z#Yi05(CG+Sjj1_?bcYMh*A`Ga;=e1->6cg=igiT04Xfbg9f2~?<2(KUPcd*#a!iW4 zU_J4Dw$dqCFB$W-*AI9@^1^g+;+wcC@gDBzz>h0Y=7BBJ;6=K+%sD;P`~fF&cqT`O zNL%;x1Nl#)>by6bbS!WJ@UPkn9ehoW%i020#PucT+p*48)+RgLGbayFd^^nfMhm4} z9l-V;Pt#{CZCL&ywUz_{$)XTyu_j19@V{o2%PRd%*13rs#&_ zT3iz79meGRC4^*=JE#!K4a=UhVv581@jQ0y;;S7h!sR%ix8;q5$I=k1F&96QgfleQ zm|TT&jp;To4lNmt9q0GiT6G57vzY7Xkt;^|;@{AbRODtfM6pR>KA($X;EUrQ3N41R z&<;U!DnxHDG!@_{bVFTEpD1VfU+P%RR(#Yh$MbXf2+|x`K+`3hYeI??Lf!ygd!Y0j z73;jssN4^)zE-p*E$h5Enf^|^h7%dfo`fIHpfoo&Z0cfd?-Ph+zDR{qpwo9mJ(*^# z&kCcjSq$%8xkd`b)!o7Q?p|zcyd6 z-queXb|2;~I2qO!fstRGZ|y;DaU0}|+b!?Ewr)|l9>w+K;D%eLbJbOuwM;XexNNI! zL+;FFkE=g%c4il>M3gv&YsK@8H`MDp>IoiBoY4lww3x<`ZYpl#E_h$f#d=~~GqL;? zm>RyBVylEtDz6pMt|INLkFUtD$i(TfuqWBml<%aAoWi^p8|X3FNb))$K6HT0N`hrP z1!$JJGN-2WjAr}Us2F7Mm2QSRX7{?g1fBL1SlO0O6*LqBiLZ!T780%vA!T>6jZ;*4 zDNDJham}$?naGr#&DVK7nqwd-AVHP|(}Y@8Bi)!Xx{UH-%f32t+d?$0n3f@I<`mY)GbclPE^SU-yRy8;hCAKuCbqDjl~Z$t)aT&N64$i zo>>1YDG?bM1hxbR&at5SRx-}&5+;;N1Cv69{RWq+^nBDc1>*=G9w^R<;U*r;hr3O^ z!-%6Sjx|i4U3NEwtCPM->JNwW{cupN1pL>AkDteyG3yx`?ucT;0ZI(}arlpVVa#L2 z@5939eSjCf+6bG+&CmWFoC3`EiWNU~5&98_y*5pDI`Tf*;X}^*pRuF&w6^AvsZ9e*c|_|ou3fF1h)ogBIVk-F+(?ZuTrUC(zP)Md3n z6v0S?TU1;t@7PtkOd1B*iZO57xvDWi8HWWldn;;C@PLKSLg9m5LiwZ-9{9srOLy8t z%yV3Xr`3v%Vg6uS_NxHWYs`&~&(5A*PZSF@CR$2FMy=FEFDPm-q-#b#++M-EkK^~^ z4yO|n#m*?|;Q1I;kN%*m^zCMkCyw(K34(d?O&(E-ueDjqTW+%Y=D{mKQLYZC5}C`c zkcYzge6K{3iCz)ssMhA*>MZK zp|D#ia`@u^PEdA9crRd{TFN{F3LUJyyTk~UTsr;6&sU(UU+g!wzsMCOKbbPZ5q#T> z2>kG45ix_KqpTK3SK5fr-~qclV@B~`|2eY#)_ z1(qm8mE^^|<59ddog-u}o=QZ1lWjV0NQ4zlx{c3C#Nhv>6iD{jr+z1Ul+kU|Bf z$i&`5foU5h4$PgWZ?wJ|_p-3Oex;1WvY$VJXfAX#!f*{X2UYWJrapX$Wc^T+6KATo zVj?R4W=EsN#{CufLk+peDR_qu4JPzlk~{A_(d^THZY^o3*uh^Ot6)mT$!$^ov z>PNKT=W`R|c>v`>SNMWBAi(hAa`1;M?s1Kdv-uTDOC%`QU^d6-Z6+NC$ch08!XMgccq|)Y79xKA!Kqk z>}V40GGa1%XdB9}t2^_Y}imem|%{Rp7T&=sSnS0A{pWLjRS z;ueK_No9C{)6LImoLvHHRabWb2V2|1gP4RBwx=$WT)k+lh~%rP{S*yBkcTzeUjx&L z5BDb4kmdlRuUU!*($zCD!Zu{qOsS>~x5{Nd z75A5l8zpuE;SHM!y&FG#O+JCx1KT9(W&^h`ob~6JBkAOa+huMu4~O1m2!r(q_xr^5 z>Cd;hiN#zF{HXX6f5{sw$M6#;zG98;PRrywhGP-L=*xH`xAtA;J*r3Jq7uAsB3+jQOiL77^D>^{+^qgOf3KXG5k~wI$F>0vE05*`QI3?J z!^t<@!;5>3B$V*?S?q!oMdRWQ_U{@#SP)%I!8V-BTI<8!0hOIeV73W!?cIz?EA^&& z!41{`xTB61^ez=`lbiardkbb!&o750E(6hc$9^bh==~ACGCn!8;hp-~m$&+es>STl zWE*j}Z!~@OzmD6~q(R`6P7t4T#5WRcIqV~G@g2&JI`8o8@N@l2tsc7pzFFm){*pI< zD@yx$$O6>_X9bQWYu*UFti%89UVx`Vt29iht~f!jvdUj=m;t%`6eh=>K zeRQ*uc-D4JQkq9~4CcU-B&{xm(HK*0hO8RjlOK~E1AMAu|vNEG@jPNUOavG z_LRMT;*?E4Yf7+dtl0m|X-G(D=BmvxOek`8a}gGqOo<{4tK~z@>yY z`q9e2eE*4Ig06Vfvz@#NmVF4~1I!MvRg^@R7a^6TD7|cR)ojhcQ@eIVudjCxCP7|A zguPc*W}%tw#2=sk#TKb2vzp^YWd$y2X2Y6wUCD|Dr&fCgDntA1qGI9QF9}X@iB-NS z0tj`~iP!pd`#s~149MhXC?ldcnrLVbK-Y;rZ0$22Los;Z4jwz_bx5=k*`YOGl+zn~ zXp18!;H+vyH(PH~@3LcpV0#F_Ks>GN$0T(?>Y{*2BCM#R%_I;oj1ZougEc!9$Ymx? zzR{mG7JqGxukz44jnmnw(#KVpB~JXIL&~PXXTvQYBFxF6STlQg;DT7Is_KyuXjR76 zjO{a2HJWxiN+rIS_1tih#d#U1XK-DmPBjRb23s z`HDUbbh6fDm-x^Ok1bzlgtj2-6rnyB2s@|=GUzrFf1Gq3GWp4r&iu1*S;>g>ejs=N z+jzfoVW}6y+O|Z-zIYO{J>DVV?puagtqa&vAAMp=+d>l7>!+k0r}B_oocY~C;^YX91P`-(^x+0az&S0zKGd!YxWI)pt<4E!Xi|-PEw;ihCPhqkb`SS}f z?W~^NOD+1fo@>W$a98>>;r({Y%HY~4N(Qph8~xPt2o{pJ^2iTs%vda5@R_daDd--`*~ zPrKfoUO#aEoaq#{m=NrWV7u%GT}Lxnjd}8Y2&nTi_aaYvQ(m4x&!)^^ufvI}%h4y_ z!F=$`cI_t)1N6m3!mbY$hC>CdlPsk~Tb5bruQF_6Hm_=) z**$(-p}875r4z^>3`$G38Y)~27|S|e$Jyu0`XFJIN}>Yz9@y`SX4rLeoq};clVmo=r;0P zsjSjGitF8d4RmK^myS6paqg)vBV$KTL& zx%zWXSF9}|GBa$fp`1Ombe*yLPET@%OO$MF{l0ul z+6C6Dke@hq4FQ*I=qJ?#N!cb_I^{9KV)`F)gC6fY_SrL*2>M4=#%hM;-je|f`t(or z$K^oA7yI*bl0xg4V5D2_nw-zf;tg~@>y^{Bk6U#StI67|ZQCxv0_(5TqrVt~Ys-f0 zv&$>4*P*7X8A#`?KR64%h+%uhXxTyRHco#ou4KzM&=&kA{eeM)Z&`VOptFXcdS1+o zudn|3!#3r+ZX93BlR)n=v}iDLt$D!rk{b;Vcw1=UCCO*QuzRDvIzTBS8u{wUgqh-! zwl)X&u7&io`}8R_7q!@{q;9vTTh20DdQ%bfP({9dweI)ux$i8=*ImX7p@m3_Q{hN9 z*hE`4Y=`N1Z(H>y%=9sY7kMu8(#?EA>>~Z#r0YP;OtKa+yY_7$A)8hxlVnc$#Er$A zN6!t^HhL)uIQ!MpPhkzJYN8HRR@90!tjKzYi_Aqg7)?p@I*|bj>1Heo7WGb%$A>6M zJ;MQkfFs3S%EpS&-k^-Z7(W0=!^7>Lp}ZW0mMlrC8ZR9`!+3d93t5jP&gIi=bzRZR z_}J|Ij^xf+MV%Yq@do0=@}b4H4;BQ7F~+Oc%D#$iOYUfhQcV_!MzVI-&^$j-)?$M} zuox=a5?vyD@X3*=aL_&-lG2miej(Py%%<3y?Cc0iBNm|}$ z_5IVLo_$(8qEsb1W8oKLzFf?`eBDa{5vACEyVtFMI8*<+ZH?e*I~u}^Q#A@y?^NtP zTdrK`*1oPldGGQ+@yGvP{JZ}>rLBLqAHRHrS$Pxd5BgV@Axv!ssywj)eQ|>bi-3!G zg}$L}j+h7Zv+y&WE_WnEi~j3*#6#^Wf75cr{k<{xcvu%}`HyE1IuK296!HTjQzdvw zR>3IW)^p*65BD#(%JGpp4^ma@Y7;r@`rILGO$+M_qbkXCNm6yhV(LUONEsjjll zeK3}sFSqHd+26R7YG+NU^Bm5#>D26W5@CyI=)?tsinHAjVi%Sf7p=cI`EZNSB~Fxy zM@@>m_^jFwqbEdX;0#m^f)qc6G{H7w4r^^lZn_N?8+<{nqoZ<N+&SNqa1mU#2(_vG>cY;>LIS28U--EFy`Ns?Ly0-p-n&&@j5qDmuXOt@8g>oV~?Tka|~EBpO`uB#o_ zrS2=BBii*9IF_ zs9j{ab56x!>*Ln(WB0R9pL%}k%eHZxg7{r04|bZosO`6PtI3jfUX7Tmi& z0%fBRHu5dnd5TbAMy!QDi)1-1520NoZZ=T$P_()G|41!ls%ORt-m*v26EFVJcNv zaawt*qPjBW7;B0d>{i8BoiXyaKJ*HgJ2i*Hn`OErFuM&VL3QWzcykGMX$rn&Fucf< zl#`~X1>{xEvj$wHHC$sm9dXPQJekMb5Eqq~_B_4#e|i^}*L=8S>brnD^2 zZyjTMv z%<>d%B-?z|n(!1!qY-_5Ig)&*0J`Y7N5@Jc#^NLTTgC^oF%_A4U|9gBZmz zJ)yMmrIQ(Y@C$##lP~5t#}OJ?X4QhSM5mH5ZkbNOc~s7owvGr1`v-@@Ajk4_z63Rl zJJpXkJ$6?+$@#g&bDPH@yt$!-$J5Hb{qie+)GRg2?xNswpXM6-n1qhmM|U}pH##L6 zNwP#d+ULfORP51LDhytCq_Z>Q;+Zg9<9fx#`Es)4%jpNFbvDUYL1#7OR7SdJ-6?Ck z3+eAZmdBk}b-lvvN7f}8Z^lNE{`&59mgtiOmTw|$xb>&n%8T~G@$$L^W84OYtoOr+ z(~}LJl6{hUsFLFTg|do>lMi1;(ZM*~&hfA*)OgGmwu~hm`Nj%Fox%&4X{|4m4C|9nV@{v|U~u`Z569Q|g&ZA?2{<^AVaxpOs5 zyACjHV&HM_=k2U}yj(#%jCKBgE&`9PyKf3lX>CO4Oe=KyMNYFRcBc#&>pTX*z2x!tys@YU*5x*j%UKsE;n&4v(aKY zh7lE4W$N>9OznOk50E?U&YFi)S2(+DKqq)`zTA5D9RlTi^(i~5{>qWF%A7|-u=-qF zt=yciU2?{@RS`h9L*@X7e}_=A^oZe-hldMldmp)&Kl?CQCG-jwwuVpHhvgyZ338jB zO+GBv#-hEfeXG⪚QmcZt2SJ@bIg~-UMhBcK$3cLfNw%_@-PC^u(>U-n# z%$1GODd^ivU&c51S1Bax1+@vJuiaJAAQb}$^DKcG=RRFPX~QHmSn{;0e}_HT-b$z~ z^#X~|OKWK->(IF`!(w+erG+w-#~DJj0;LY1Vy*%qD!34be9;c9)~A?4C~Z-U)~?2jP%FiDC!vN?LYq6bc!R-ZXKan=zAOGiQ;vqfurK00*u z?x^A&NNZP|F|ic^+4#!QH@EpQtXf$5tkGEGA2&Yh(_%~RCDR(3 zqyJD#?sQW8ac88pwCrbkv&?57{M$J_uXmTjM{BX)A&F9z1(!d|Srj};VHmhH2pZ6x z$r&4ME563(=*V{|I4*-VR#CBj*6EDjA*vlJ$``X`52jNVzYu&j+doX6-x+eNW3bU& z))=cvxzPg@&A zSXab!;P1Cf*HuRYPDwenR*RrfRHySi8=Y0N##9#!rCqy@y0-2wv4$wf ztIS0lGK(H=?Tql>B%k68u5^&i6IN{A_Mnxsp)JyPlU};!ZqV#v#`V z9=t)8yv%cU$w!Cl5xXW&*h{k_zNo4lY5)9H>ec#sp6{>+y!Fj!5voxz%DLoG?xA(= zR6xwCe>nnF&qOLKtPbHW-ecc??flL*v71=_X}fNKFo_t=q*{D&cOlMsD<9nfy6c^J z2W9@UT6+%1Kjpx${XRrnT#_S;qejo+EiYR*c*w)*rNzi{E;@BY{20j>Ba`|G5lrk8 zi!b1v5Q^%}+DvCx(q+2TkPZ7!?-ZN8`wkCKd}4gjrqqV|qO)p2RVsZWWGMLF?JvF; zpz;U^K?)4be|=6RU!VK5|tK!&cf|+dQ|I;zaNkhSfUG;)jNdBT;rA5mRc!{<T9WrHz%^$gvN&BJ!`6k72(6i*Gt~#xH%_1>F{EQ zP5$;lzJi&(EeEB^16njiZ9^L>b4BmMRJKXh8iid zgpG`u+t18ghws7veSf_2PEOVlBpWxGL zd>xc!#$XG+L()7!b=W9Kj?QQuW4`zu(vr0=_m!()Fkz3BNX@xs0xH`!06s2@1AmpX zGIEwtClE2WKpY0|%k}r`a8DukUgS;@3#$n)1762Y_yqHzx6ir0S1^}8-$yruOOuPtLy=~8Y&J|t6`bcECN`dK5eSc; zp_u*D%6xW%l}CcX^@#~Nw6+mDi9rVz5V#7U9?h$wmkHSeTsyNass4`|RwAzDW%a6M zj0h*?=0<(ZTwR*pI1ALtlR*Tn>FT<2+qg-G?S-wGP(%z&T4n2Imj8*6tC~sX+cCz& z#+-ObAc~be3Y3-rdO-7gS0&#@j>2)$ALoY`jMcBeF~X^Bk|{JZSEXll%I@DUmnzbz zyHbf>tQ%ssG{Gr?3at2;Ss(v)ytoO{>gATt{xBM2B|Tp@hcEpAzq;8B?qE2#)l|)0 zWsAyUp$%^j%doxoD1RFZ?Zp|1BMBSe-=+7=cRw%dn_90clpW;9B8I+0O19)m;7I;8 z89CR5wLRjzhZB)0={{A!zq_|y0C{-DDm(yx1<`o?ep!<~YAdt3B+X1IQMxC)8xXlca zrHFm{I->Ci*qn6WHoN9-{MQtgVZmQ^=>3`x2jyA6FX#MUTSNQ*hw)I&F*Cqb^Kf!g za>3GSQ|-w2w%Ql`3}9HcYUWQ0ovl>QH`O)l%%;PLvSpimnc|J4&~?=9IxGBXVVVXp zt1#6VVK(>;R9NAxbLTO*%ru^S6oF=`U9q)XnUTY70EmNSZHkxGYUg zEYZ5t<^6l50c3GzDC)*coxd+LMki#QIR4JWr@RZ<9>Gggo5gUpQoK2R>GG7Kb4;h2 zw*?frx-!Ll7I*$&3v*3Zs~0ZE$~kO**=9|&N`^^iZ#Q)YU0#Nog?-tMG9K2vJGR~| zPk6V${02}2KJkbt8t{sSrFs;WoPTxP*C$1%b$8c_xjAV&VUfG@UtQ!j;7+^vpL)Oh zkB0Dn)&TtsG5&TztF#fR{*tC1FntMb=oA&FX*H$$810&=_E%G?MyH4OYUa z#<4%UYVl#@xYX=GzoRj!H;q$^{|DXVh29#S2$@ zlT6ls(b51}%09n$M<-D^*$q4^&k%^9TjZWcSxaJi2$O6h+aTgJplRMuDI%t+eO72ghWhv z-L1Gg+PC40#R@L9)B|7hw6}EOs%gomjz+q<`lLFE*IpYg6Fur26N9G7f~yul{Z;!E z%7fg5^G06vhj)!c_mZi!!Cbf;AtW+nHh3=MhK2Baufe|@5ITv&E7@kL#x^vRk-!5MoZLFn}9M2Bd9ow(u6_`!RXl3R709i=waEtR5I=jfJ zQCcic_v(o`9pcqJq35Iu3zWlKN#R5F&HQFEB4ZNWqngG>Q%=w5TJoHweK|gp`BPfc zamfypr`VluTZ<6TIg*r+IW6~W;!>|DM=5}20iDIx=X8yHYIt4H@Ah024I+(q_QN*X z_@E;T`Q3&VK)FLPsSy3GrEh$h^n`oSgxUDTBZ7OmiN_`OiXym48Ya(*hU-s532Lty zk6->Qa@Qx%NqT_uXl%YpihH<(hN{ z*P+Y#!a5i~y~VAGCGAYjx|`Y&?J)mO53h00zo()(nv_zpo2z~bhu7*)uP`~ksB~S| zkH%n46}E6bx$zv!X!(%>L;PLr-O^QAcW@`Jyi76-3`3F zl*8;}U6_lau7kAeAZ>n*KIVB*_uJa;)y~W;maw;xuN-z`Elx`h%BMYy9{butqW@pB z?QKYr=_^H)A{x}+Fdk{!B1G<_!WP!Y>-O)SNffB@TAxYH4fmc_4-whd_m&}Vu+n}X zY4sAepUPOC_~KZd2PW1i_ty3x?c$FqSI*d_G%GkK?1r)S?!<41NZrdZMi;jgPdK2) zD$d~1@;Rj{j$Sj2YG$~5=&INPYynPX=f-Q8u}Kv11;6zEDBwWfT`#tzE-)H%0|w6P zFx}1>+Nt73e=PuOUNm4))J?eJE+cc=l)tWowS0p1e$iHnP@@?I>T8RV{xa(N%*9L_ z7o$ZnD;?C`R9@*u2NcB-W}%x`#3Fn!A^$b)$%a~~K2hs+`lfG!pY<>KQQ?(Q+fO=Y zUOjgheKMHulS8e8i8R&1`hVC@*9-@JzUhZfsym7$i}I}aS3w;1CXUdUzmL$ zE*IUsLGJ?Xyd$%cfng3CRqNGXX~c5sRg=Brg?GK5Q`g>RlSg@ZX0BRgBnC-JC2)75 zcxQ6P^(SD`YU#sLX>!`L=HWI*5?BDEm-z)`9OM6(Pn&g@4$mlpZ!z@ z?=&_`b*{8A!LIhf5Sg$IJJMwRgIS6{BUp|&CJY)g7fE&uxog_Z`@~)GDv!TJHPc%I z-eZU;aJPfaV#K1|Xw4oKDPf<$=D8Tk7C#@WpE(}){$*wEfft7=z>ZBeMN%{tFv<=# zWX#+?pKGRphugdgKJ<3$wl`5jWi%;CM`_xGuKn#&!$M;fY+yYsBxAG#&vDj2Zt@b< zm&byA^T?uy?ky5RK8~8f0PYb0?EuMw0Ifj6B_Xk}uEP8gPT&KpR zS3DIJ?m5iw$DFv{z7ch5^BT>vs|L;lO|74oR1A$%m84wa7@FE94%Y~f?RURE60Jxs zZTaU!0~DYe1Rf+M!s$B%BpDkx5XG{?pkmD${8IW3VVba>K3XhmLF(u!$o_aFT_ui>?>AfOTmyA^_dil_N^3vHy z*XX?n!)r=`(hjmYrtIiok=|6p+)u$^m<4X8_k+b-9-od@oT%gT?!n$I7Y*txFsplm z@*oFGA7f~6lECq>SFQEgGFbXDmV>1~_s7z^FWk`a`%Z6-tS+qw3ra)UNVVrfW0|+X=-}U9@FyGx7$X@!SdbFnTevhqP^o2%lGc0^9j> z%SOzHU`7vSSuv1SRJ$2p(mV1n{9qR)njM{1=Q0~}MYj(ojAPUz3fvN*Y@40Y?n~w_ z@6p&NR&!YlVoPTOTW1a5W2pXWOq=d517_>%e1M|YQsG|r>V2JLXeL^x zN)1H;wNjDXc`u=7hQC(4)kj9}_Uwi^=7|nLZsuavlJoe=fR!@pVf~tPqif+|d8ClY zDNiz=;t=CD?Rl^%hSstQ7<**daBsGCL)x`A<9l-%hs|rimFE+3=pyQEm|!d9fm>Ip z12hNi6&S-<4K-7g+`eUayUyllMb)_g-%38gWI>(ts{{!<`WBgH9S@foX5i zo&|czmoT9uCEI5@Kb$-T|M;0}Oaj}<9rG_fcq;5`?@vQIO&2gO)7|!1n+m5{>ELn} z+E3TpV==S&l;!Ezy41_`HRm<1LFR^v-?m|?q}pmCVN_;*p{?5MvVQ&da)5 zw;5&~WU>wKlH0$mw@2>*l05oBzJ&5SiLhlZJniHQLriIx>YIuVl9qE|kkkot**#9? zlk>wH;RGuLL#uYuIPb%ZuV5Rat29bDh(RRIj%8u}e3Uv5% z7}G1Uc=^6nej<4?Q?mjrG6d!GZb`_XAW($0fG71+2lj38mU2sXu*Uj$OmBwFijy+N z&)6Dcyj+%fr_RkXx*djWf1pe{|L&Lsgdrjx`*!uM-H=58s)w6SBn~mH6ztA;S4z#h zAycXNLGwBQ>8zDQ*VvWf7)&E((2T+fJs6$HQX>vk_sy24?sG3B;%ocLd{t;h1b^9B z&P-}6bVPAbMlxhZB$9@GK9XuZ$JT9SSJ8&2Jf2W?^l`22>wC`+eOyA?&Z6WntW8xB z*^B^P-AfxTe7K7kIXAY-LXp-UA%J$CiHPrDYWeBRlsa+H%<1Dr>0{TK1Ko}kC|tS_ zt6rLieDPtk+B_`ww(>YtO=neZF3M|$dItMNcma_lcsw*WrFL7zpWTkJ7 z703fo((Xe{GCgY8=HjhMHv3UF^Arfk5rr&1!1$@8<`J+Nyvn1rYJporNJlvGDo0n% z)<%m|_iE-ZOGe}DK>ehs+RagDXrt22(sRY6$a3}x!*frE8B8mWChgEJGQeLr-dQT$FqoN-{q^jUUYet*|4p2M$ z0AcO(0#xtpM|KiBClE6W?c=ksQ87?v9pfvuyL98N6el9*%Q5qX|)W6&)Jw?+`3YRn%Mxv~L9S~7ak^0-X2 zqRI!z`qH*p>7O2K95N#}B@l@}g1@nviC16s^~8E?gF;JL;|ugI82%>pvo>DO$~HFwBg$>f zw8iBdRc}jha=lk>e*}?ObTyJD3MlW0)%o?cXOo&PiwxmPRE0wGFP3u z>}tIsnTw4#*9i6?eARq|3T;B1Ln&m~s@Z{jBWbeb=SziEcrX3ANUg2euyUrFm3MU* zKZC{hCb}buHP=na%A`Jdr?XhfiN-uY%ZUj#lZEZ{KKfx)&wu`?E%F(W6&iZGFJZ8e zNG;j%TEWyEyHncElrz^#>nP*hdjP@?5J|Oyvm`PsAU|;Tn|pjspSFla;r3~R3UB z8%f=d?!CU5J;2k)rCPUkVy!&-kSX}EX$hvw(6VaWq~)YlTD$jK{ba@cbNW)e^W=iT zkb;Dd_a9KWc+E_J_%*?iVG$fhf|~{4Ox0Hnz{oyzqk48Rpti3(#aUuZkm5}BBgwB_ zrIt8-@ zXe~yX3S^v90;~4DTh1+gySKC>15|*&o2L!v8D`^ZY#m{5k;jZ@F=&XSVvYeP;pm zt-L-ga1_dRT-N;AeFp~o4COfOQpWUxl7j-QE&%SCW!pU_9=v1rxR?Iw@Yt_t<%>@k;d-y0#dnrL>VskQbd%a_MuU-ybf64Rv8`Jl=BR3HAu5L}z6zUAjzo;_m08JTVTJoiBxOQEwkIi}(<`@%L!8doSQ#bHjhpTZAsFO5{%{TAv`(XM1P{s5Tn(?~|+C9zGFsbsd5o{w`D zk!y#$+BL2^^jtg>({jx4pO791%^mGXBy0ZD@bZ5(^m+@T0NOK3su3H;#gYm$7szeq z>60H*Q0_&&zE|P8mh>m^0;yL|<%6VK$3t#jod&Brg`O7CAn7K7y?iuqD^>u_cIZj3 zY=7x*u-?u%?Zm)Ac-{k2uh%h80VF*(Uuo->I4r(b=H1ctGUy@#`i!dl@)`8)nXLR9 z{|f8%g_8Gz>VHZnC=hy%fYZjp8k_wP9i@+5VnmveE?s3<#!5+YqY1x9 zeI^+7rZZ+L6@GH37fFmmZu0UV?F{6&o=kbP((*=iD*PFvD~8PQ{3Gl$EC>SK0z&Wg z#SS(xQA>)ZDw=^9v8s_QbPi49=;M9&4=`P=0P_s-1tG3l(>a{gHOZa37j4Y(`onv- z$w|wUTkRuUxV`=n>xmphz&|ZI3mTP#PxGqZH842~HC!ABpbZ}!?O8c3$q#UJ<<~WB z`0vq|DS*-c3VlVMf#1X&&(2D8ItR60jC~_!>WZDMZub*NWDOH%iAnLNta_l06&iY2|w1n500eHkgdpngZh{_aY6Y@I+#(MQ)7@(nYGr$%v!chnf#~I-fUqp zj}MLa&ZBLA!08e|fz@2Rc-@i(BBZi-%(-s!6(^Pi8#JtrMGg@*R@WAYvhbP-rQ~9( z$vyEIC*PM{I4d+0+dw`?sPQJy?jPnKN0za7M{ONHp{0=%w%v8>){8vn?Nna|Xq*Nn zG9Z_r@~)XuTqniG?TMZllVK#?8ri3@cmA!?gWjCnIIS~c1KhetH53?5oV;}P#U;Kw zk0>8W2I*EyfGKDSX*HYpKMidiGKKlakY( zt$FXpP#3TQlec5JM79<6^yJf8FL4d!?mMR(Vw*;-G$ssGXWQP@$3-egGQN}lR4!+$ z+OZX=ahA1o%Bhivp7U))!awjCG}K(j23 zq{k+Z2iz&LOuc1vz&tpho|BUEDYu`=jPRNf@dgRXgIi-2Jo1-=tLNE)Il1NB%bI+{ ztz?0!pBH4I+SWT2cKD9Eq4xl10Nm%@a*rW@@DA(i-0P=#v2Rh^!JSjj{vge=y}9&% zWC8BHK_Qx$DWp|1ZKL(AWvL{a69TwAK`OIs>l%-AB`c3uio{CTpjICAqwZqQq&3#+ zUf)^8yXa41_;#T{Cc9M4q63=nNZx;#w?iUy(N`=JM_Xi6I>dxDW+u;Cl5seCXHT676-C# zzX*5Gr4*#LOFYj^`_L@%p1Xc(KiwGiVZr&+FE%mB-cMqq^(=ybH%zl$n54;_ zJcZlP=ufL~I=_g%ZXI$$XYJBRMe=k} zg>D-D8fu#|!obb?@E45#pH!^E8iMj-8`?m1_i91zU%sTKKj^Ks7}hs<}# zWwy1>JKSl%Aq>@rx)dCmJ0rFL<{`yRuV@v=I#DcH$tSaoGRPuE#WM~~R*67dly;Cr9wW|y! zHzGFz^1tZv`0}nTc+Gc+>%wsIc-7~u&NUKgb+C2G&*MgXt~5wRo>|H?sGNGS+GEoinZ%GMp*#_bdVPevR)n;b%`B_gRp7T!`M%Y=Lf5pR ztO6N~QUqT~&ee>~fmrw93AOh(7WN|_K1jx=%agO5CWCdTO%>3!zq4ssXwrvu^F0lF z1ITh?jYC0`bjN0+1^XWUqND*^K2yd_0oQcSQ!?|J61K@KX{N&ih$Yr?vMJ>*x?&+R zu0XVU`X5m%2)=)0X+ZMm%s=s?hNVHknGNkUhbE!7M{L#v6%Tf-T9KbK=Zm6siJ7^T zjspe{WX8c1CI6WoEx;jKZfN$*R1fBMMnRkXM__>q4~_=Nnp;z@GvKX2jGNc-03@`4 zLP;teEUdzO5mju?lyIi5)ce+h^AJyY_y$as#w;500WeP^7@Y_J(4;&zTf*GuUsS~V z_V5s%3zp2^mnt{kS&H;>JkUIV_o~ab7TOvp z>Z+9+#pVw|my&j<3Vsh-@BK=a#{u~cc^E4gBfn_-z4VFJx{l%rM|iFTDZc4iUgb4M zNh?ML7rK81S^?E=BnGetNcS*PLGfBW=H(`*t(A=RZp0_9sanlOg{M)Zj#qPL-u51t zh?+Ty>YlFYces=6yV$`VyDb;{;W>53{ZlRw2}a=qy8Rb{#|+qGaLF!9rh6pp2Hc6X ztPdSOh-_R7AK!}PyV}Tzj*zqxeLGzM;-lNKD^uYoR@yJS3j1W+6QTu69{w`&pTNVN zs>Oy$K(&L3dtAG3X>dKPN6$%k&;H~gc>lFbmLpLh>(C1Q7wo9aAMSj)fbTZ|)=3vy z&nKe0QIMyW@%nR|9pk*(dx$f0LU!RoWFpOc-23E$19t{#a)qfbAgJs6%3g{g3Fr*B z)_gVYQ^Qx-_-4l!fHn-n&FHD3IIPz5ER=dh6%x2CWOYF-lF0cDGO= z%x9p`l|pIn^u)DLtGQa`VE~n-Aud-Js6N-v9F4hQu(x(wKdMY9@yuM2?AV^{BQ>P= z++>(%+JBL;?3;st60=PRF2hg={NSDjE3~(`xLGop~dOZM< zdRAR)JL=6EcJ8^#c<&tA%ec*}8W8LSfL0790$TBhUUYM6&>?}!6VQtK4$q5^FtxI> zeSrX4v1p`99e10R_<{Ht&qeITGbisSqkbty%k1&rAshsUjh>)e9(U?H|EG{MRSTlQ zl=(M+8Twnw5C9cNkhy%PX{0&)F3 zUj-vPh+1?&9LtWod!a$o6qRo^isbC%D&BxsV04WaSGX zXxO~yP3mne`T`1H=sI!79~d~~4+B5I832_)j-fhpaLJL^&2+~@fJ$H?p=qnyER5>I z0>{D5I*=58rQ`mHQo_(T>071`)G}{Y4mcdGW(*pOU25V#$k;gOKYuhE7YSqlB^@exaJebh+>xW& z)IbJcShQRV^rAC^0Mq@<_5dBg`E1-r{Y584re5N>f|;TLxj=K}PI)5K49ZNgs~yqX!iqcWAOm{`yLdBJN;32-3=h|^Y?mw(upgLM?i%}#(BfY>YvrA zKR7%-H;+D@M4S%LaOE*JLXnD+q&GF>>ujh~9!ZS3{^Fv|Z4qFucKI@a$y4{dGkKon zAh5XUv9RL{Tlz9Hj_S0n=$Zo@<`3k01>OHC!6+20_wUf3yDTdv(Wc7I2UmXI|tO{d(#sVK3f-!PaI*qW6S&-#MkpncJ>*F?2thH#X3mWKz=gbt=r`iT@d!E z-79gk&I48KMn|#4nvr-g+>S3UlN3p|v|vyrbS2SAeD#$)nF;)vjvoYlFTpWvN1Iww zs*Strx8Tq4JLKPsQvt{RKc*1&KNRW9t8CE z7lP=Fp1a!BFU&67Y498yEcdbe&!k~T2V4gN7xi#1ZuiI5AlifVhP^2H4A`r zKF0n*lFA&9cLa3LYg?%(rOKXR5vZR#QTKpeoMYmov~YT|mmWiI(f(__JzJ79RW~ob zhknROVZbEX>f4S({hAgBEr!*=Cd<9NIALy0jlA>cu>`~bjD-hGUbw9k{l>{eHJOad zgCGmmS|)IZZ7Ws=Ee)@M{A4QauU#Z zlBHb=Zz_=FxR17yhMrzu<9qmN3cb|@##SNEGXWu++=#TFu9RT~8;4)?S#GJx$z;j; z@mST#wG#_NuPNx;bQ>9-A1Aqu|A9ov+(6o7o_GaF@zc?c6ExissGhj<{38m;=;LBZ zZ9yKZDanEx`o_$d=Y4J!>t9!d(~SimU{g#hhYnp-kEc5(6(lj%1hrA_~V|5%yu4rsb#xC_b z$tc)c%L+tl^gKWf^4^K@K42ibV3k{iv-}(94wuaxs#r>L{}W;ZOd|Cfq#PAfbFN$E zLvJsM-F4b_k^@T7t-_}T>pcP;m5+@jtz?eb0zL3ZehhmR&P-l%tBv8)q^*G*TbKjQ zOR}|L8A-DVWMT52!WyexN-}_)N?{b+N+G*irIPOWG?7??Peg;m*Gxn;xIRK=fw$Y@2euv>rF*ud*I-vdTAt_RvDpaw=XeuscNFKan!#BPF0QYP^@|3NCd zv*FMc>57@to=jJllKMeg8N#&zk;G@Lo1Kr{7t`f?TCt_YTd$a??W3ZH8D@XL>w|)z z|Dnzs~<2l=YKLZE3bZw_*940bwFBZAnQMhG%s(Wn`At- z>Hv|K!XQcYzM(UY*+I3Y=eP#zFvEi|zdP$lKB?|$#51q;mk7qXK*Ck`QOf|Mb=i^F zM01`G==aL4S0Rk!vi2UJ9>G`BTX|$5r-y>_!b8Xrwv@*@^q?D_AL2KHRdDGB!kwqp zY^SYDH_jl;KU~@$#y>QoWoCI0pmnOEOL`|g`xa=_P7NOPbtk96>320Hv-iSDW&O7e)do zH8lkOZ#9{}nkW3*-;aF%{KqTYm0i@(>PFuqn-i(i-yzh?XP3Mb<4&e5FS|ay$pC@0 zT0WG2m&Nl*K8x*%2?VaRU%BIB_C+UDv@391eM%Y+J(ArAnI6qIXYU9L5Z?B=)^KppNmZhEHbP6Q@Mx)$0IP(mnq7iqaSI{V5 zYH+68*>;+9Iae->U%G;f54w?J`{u1(s*$~$$*{+F$T;&$eykz$81qY4j0T>)uQ0DcX|{vU%+i8HFpd8{D{U9^twm7NWG`1JH^sS)nAXF}mG9vVh%%@; zaonWCydZ={{eJzP=6)Q>F3FtXLICk1RJFx3dI)NZUyG?{PQC;a zYJU3BaQ@~s80%wD&J;JT?hj|q3g>Ln4;to65PhXItH$}U>9H$=BkDP{(`Ku$j<=M| z!ftFC@%{_(3n7cx?vMB1%IL}+GO%`-R+$^k$SbTCb}+;HRqr}L>c$snx=LLqsBr;P z{InCQrc*f^W$H(L-GXP^FPy*V8h`H4Y{a1s?mL5|IYVGpfBl*H22FJoaQZL%H*I7u z^~tunb>}w7U9yo?WIOU|#(mbm#np&?qB3J>k+W&{?rQIaW0k^dX824ar zBvf5#j4$|aWk z>skA;YntYQd*@ZQ>TXnB9fp1Doy+z$uw`f)tQ`2;x~kO;*o$;rP(Np)I%k8C=c9AT z9SVPZu`G*!%sFg;JOJf0WkP4DZa0-US*B|5r=rsu%li%uIau_aw>BgDhnKOE?YPeyl)F3}A*Qk3rS%IxsiUMGiamU%0^>C4%JMkxC1XL*}`COR3CQ{6>$9(Tr>D zO$+C+DJwQ*W8oTkT_+Vp({Ujs#nespr_Ggq`jshE2W?D^DTzA=eYm}rXMHY%>3)#| z`SZFJP2nV__}s~}aLrA*fKn9^Bk#L--r0+K(_5S|hdx;BrG>wkWokk4s&0*H%xl+l z*5Ucc*U8%=e~#C&Aa}@GU%HBz!yjdOm?v7b6nSbE;*rJUqP)m`zM)ofvo1WnBD9ej z>0oy)Twv>Ms5LwQ)WifQec1tK9~%dA7yrA7ZZt7d!pWx`?y6B6_tmz;PH00>!LuJ8 z(fV4?SV)i*fr{2akx6pv9$b)a-0C;@B{5i8@t0d|p*=9ZiPcu$`fe|nxpfM5*?t_Xy@EU6NLTWWsWN*%0Xu4y zNIkp|;{+bsnO7dZqxIwqvJ=U((e7{~UVm4L`L71cuEG|ZPK9&$xEjW-4rq@`4||j( z!qF${t{gXueQ=dzD;IGJI@xF}4pi2xU@h>}aSOy{-&5WD{G=A5qf>^C)@6CtuJ`V>yew5&0pM!vw}RSG`r$*V$mk6lTg+t@v^|R=;!`V`#Iz{ znB$chI0Mxf{lT|*-XwOdxsjd+m8a@>OcSGhxWyZ4g*P|C%_`y=sSyqa@}YuT>7h38 zm%tse58OfRt)t@;cW*jC{XIfF^1c6akLj>x6ErtvBlG0~zcQ+}_L)Upw1x+dlCvCB zoD0j83X&=^0+p!O-$K>Z9L$=|`^0t|nF-n3$XYFmwd9WNb8U603smv^ZNKXIUcmT1 znNfwUqlDeDAM=uwxM3~|rLW9SD`%-Qy$nELbUq|lmU0F;mCA8zgqS*h-cRvp3cE&H zX~sR~nsje2dF{Xl7R>&(#dI*t&qNANF6HGy{hZ#9aOYa8g>!z|KR(o-hq9w*7y%q_o(`u{@bdUN`3Ub4|w?j|Fn6+*fvYl4U9eWIG0aI6S zXp9H_VgGup=5CPU3gj`#N##VkO1$}5mD!I(gXW+Q_6H+jeJ*H7_zt0hpLEC<56tYt zE~~omo|dypA`;3vs-IfO?$Uzq!i#Hi!72FnE$}Wg7_O2Iy>W-G{8=WRJv+*j!X75; zarDWv{>10xSDSB4A*dFOg^OcBwbcH5cYVIC@c(gLt6N>RpzvX^&tvZJHclXfP8s6oVvd3+;R$A z1)i~_n72w69VaAIe5}cK;Z01ES%{->l{T40rT5=FmTo@VeHj{t8HOK(w9W@4Afz|L5H=w7)U}3uuqE3iM}Y68Xm=2eyXsmz9X66& z<-^wd{o@@y#6 zFP|o42CmBvJ5Y8wZWK*7g}iHazLdK7VFBoIc+jVsx=aA@0)8Ml%T+Oue!s=aF{ig`@-&VO3qZG2ke_XE_F>Qb> zs+Uf=?KFp~gkNZ3)nR=MW2Lfc1oQ$*FC)KbYOl86y0bf2Oavk1PH(Q|DEp%3z%N!F zqW?Bdv@Tq0lOr=vX=;>Fy`zu))o8AqRkG`)=u_*~4Or;~D!^M)FEWvq`>iw$nwW*m zeR39$W2=r=R0h*`UeRio8W{-^D((2&j(b-Z1X^Q2i`9(G8n=Dkbtk7$*jp3Lm&HE5 z8}s3gEyU$~QB&8CY%G&RCT6J$mh1XKJOpz z({cExgPH4leb4K<&d+k5*Qf4h%kCYgg#dk%Hu?7*F`uM`AyZeoVvS+3OUn*Mr6B_A zGto{$&1}I&As4KHUSON;vi0&t9s@q&BUy82(!~Zs`48!AnH~Pbu%JF(EPJuCi2wH$ zvBC@N&C+8JM5(X$k%(Jk$sxer9AmaGtTg%X**%L;XuS!r&3Y#nN7sEtJ}}H*I<%e= z?QjFw2DEd7%v|cVg8n$dq<`NS-dBKuL*#VN^gtmyqTfQoT+Ox6UFdpo>j|C7(Caf_ zLV9-tWaiHXKm%-kZ}mp z7}?*hHA}E1+_?U%A^A?FMA#s6=9?uM9>Jb_gXiQBz2;8nmT0JId8=dadWjC3IqwUw zu*qg=+5XKBYrk!aAzcXIn6BF{wv|SFDyZ_ruz{?He3( ze&QoGIc{5bRxH1|+ug3zJzRSv#SzG&eSLuQAwjVJP1lzTnk%x!3Z(ayor<0ng<=y@ z4H;)MH2DzD;R%(OoPXa6bXWr_T&9rwn(bNr*Ocl8?~gFds*6p&qT3l#(^9}_k8~WJ zn`$7WCv{_4P$gW>HQ)T!i<<*`d=FkwW{C%8qJLT8w`Db>2*#;aQBL>sb~|&cujob` zFbix-P<*;SZZ2H<_G5*e3f+(j@yQrb4DQ1GQ0%h8WyN&!PfUBz{k+rc+zy&isav-1 zokUFL)^;y0?J-{c4};Dy6j>OeRO4*L8x0k>duZRvJ+^y3ec#>UKth7Mna&gVW)Wgt z@k)x%e6VHrVtKJ^rCuG1#x{uZ>Q03|{o)>P7#cn{VMqD`Y_kA#UwoGFjI zd8o~D(rL+XfTP_v?QJ7QgdIMnq^D8Sj*6Ce&sQ|ChsYxlE2;o_V{B6U`v$04o5%!b z#$-1okF0$w&V~Y1d%g3-xjhsHv;KNbT1>ZmS~~k>wo{iPoYDMq;`5Cw9lDuIN;* zzY-nJ_pLK^dDHe_r|B=MXgLe-${R32nRi1+oe#p%#+s3YLR1YyJMjpLJ|JA)gYQ<>6 z7ckF*8+6yL5S(bDdD|^iZCb=Ryh5%K>Bs&kSk3vm)Pdz69ek>rvVQnE`N#2->xamOSndM7(YFnfR>h z_kHm-psfR;*0F9#PY3bJhw*NtXbR|kh@pMm^qijW(NSvDk+r45EMRi1C`c_k+94{|K}56h)`k4ikDXo{%HsLez6)$;N3~q zd(;IdjqWe9IDusGh%{A>8@;v##n91IG%dnggq^xYEeL6OQ|{>MUJAcTg0QT=haMVEnEJQ436u4Y1ZE$YKYB zDF6k35O^mDpa=0cszX{`!>$#(?Sam>X{*@|gEO`?~J9!2U#L)E-zgh_e6c4}XC{L(V=D@HfKY7$Wa}P8S5)nXN{ggqRzHAE4}<=k@m_MxMqHL zkm>U<;}ZSgQ0}@)wsNBN$Z`G9NIpaLncVIE8}l^ppuAeZ1bBgrkaUak(Gl+(PhIZX zVk+XfcsRI~{ifSdw+BCI4*B2qm<;qkAZ_8qXBCh)u%2ib@-3wVlK&?`m)?2>6N=!mhk zp|phjD4U{x=bF*u%nB8)a8-r8HBA5)?J%72Zoh@BR$V0kj83M}8P;i$!~2>(_{%6J zD(t;jXWiaJ^ZEf$f(#%W_Tg6KRAyq)rF{uELT4-V;0GG`v<1E8sF{^^GTHuR%irIV zk@LS|?S+be#`q=wOBf%J`$ZvpcY0CPNRZRMQ89swynLF7ir=Vk8*}c4vRj@?K%wSX zaiv2$S3x-dn?H8^j_8sxNB}p}eF)XY@iz{wq{i5G;}uK8B43H|>RvehdYbF@zX9u> zA8glyufI)mBeJF+D~Jci#|s)k;-rWcLyDmVKp8bi$s)1<8C|f3iy!rz=NeS~w*hE5 z#P@t~5^eqMoVW}6H?&>a^lu2)vGcC2PYn0(xH%pZ3a}eT3IYIvpcriG?XLK0qSf7z zAR45Sqe``|B5Y3wi@1hEymqla+KDf}&3oBw2uE7n!^hIi_IU%ino5p)(vJ59ZID{#6;?kIH7Mr^rF2PaC<*y3y+TByCF;hF!dK1Nd4VTy%+@`#2Hhd*rGG!q|BoZw z)G4x)2JU7w59&=TK2t7GSRIwzeEDvr{@&t!9^ao_EcXHAw|qII2YBgB#sjCi&Sh(M zqT@%-V~C0iQ5V%XW6vg2@w_XlxH}C#N)T3Xhikgw`OC#VBnqp!9j~_EyiRCPHM)EL zPihwO8&299a5}&eb$qULZGsEOKdr65B`V@p*SpH$ zogD9L(iOwD27p@Ve}dIHeup_$3`qJk*^MVw@GD&Bug#eBYb? zwo$Yn1xV8BwW(5n8w|Q5f8Ku|FIZdVH?kTf^Qv)11JsnV*NM-vg7JKZm4QcPwX@4_yQ!`m zCiJ-pBi4LIhljtC$hFZpuaa;he^ydgE|}}+rODTWSN`!^`wU!5ev%vMJNwmVQf4e* zPXIu33q?b`)(t4sDh*&MabABI2q?%=ZDDT~t4!tQqJiF73>BcsvC9Cm2KvM7M%F&B zy8Z3~QZctYAXfa~c;?l}G4|wc!r=rFwq&r-dvFnue0;~;Yk!5g8&-$f@4-wl^iScY ziUXBgXx8wm1hc?db$0D0b}~ks{RFUmJt`YoVZNBAb?HlLr$?Ka@$F(?dJbCL(dU!2nDbmr6)Q**3QLt6`{ zMDo%1DpCm|$&`^iN)@0LBm#}w{Vj$l6Z0$f1pGQ_j3|L#bqX#oH&xWK2IkvFfhY`G zJq*rIqD>GYk!%ey|4J;&^TFr{hTTE97cD9u~rrDf_?ErZW({gv3eop+${kg3oQD z=*Zh9({+J}S%janL;l9*uT_@0>#2*k`$J;hHe)y!;Mqz-S65^PY*ea_jcT*3o^OEC z0$rQ|xN4>?DsPh`>A&um)g8!k z7UeNU-i>Jb@PtK;f28x7Bb9nqw>oAPJN-$&6bJ3S;DKtKZ*gaW=7HI`0U*Urt1n2v^p*QN>mf50Rg044$9sk##e%uP#>;}uL(D-R*` zOB~U|n+I=LW4D+pk7VThIV7}nAHm0@m-JTMF5vo&?P|`Kg;K&%|NP_xWc>=+-lG7qibc?dZBtnL*)iqoaU%%0YMP|w=mr)V4*@4BPvzn0fq9Mh+8fSSYnSb zRoehxDmvTV*^_u?C-xhEjc-Tx4)OUX+1s#cEq=_)lQG>yhu0{$T(> zX?24t;w%Ozou1&L|j~*nob}0pkaX203e; z7Cl|~OIdsYB^8MxsdA@Az^jV9{0o0tGbLhv4*T#waJ0~8rs@1_A|3+no zvSMKnXpES@ca1Grzm#etNLz^&XXihyAZJgKcEUHEh-eNY6$jEk9s)=Rtm=seX*<$h z*~eheudQiE>K;GvUrOEaoV%p%GY5%0MolektPGhv0XH2&PM35n=*dORuKoJ(_XN{= zdD);WzJ5hn2YjpLJ4^0Ab?&>rbZ*0{iT@d$``2{b#(@Kz?GFs8X28OymtA|>KJYHP zJMoH~HB!m)I4#$39w@&)-CbdRUm$&|JhaGAS?c0Xl{@`ERBqr%PX4|Krr!{?}jBw+Q29-RAK(ihL2Ux@6=-JV5K`sDmi_$ z#?qym3y+Z#9EjLanN^8p;wOvqUje1_ZqZS*-@?HHz~Np~05x;PGSjC^qZ{@nuiuS3tpuil>8+M^G_o!3ViyQ~&OOFuks)Rf{~9(y)ERIc8R zkOnNRzs1{*9rzt((@E>sW|BeS!m-3)+NE7W>D%#{Dy~6ldC6N5??+GQOfLY{+5h}~ z{5vJfJ9_4?R}Mh_e;UF!D*B}nWPo$YX7&LHO21A24uChWGiI+hG5a3;lDcLX_Xc9P zLtFmb=Nqj+z@D44#9%3}lQuumvBKrxmEhcZf-kt8?e=4OtsU=tnqLJocSWUOIgxQJ zT2B*D^aJh{Z>Pddd2@tcTl`_p%iZ<1wM{^Sg@E|D;IL$H1Z`dLDnF&%K=CEN;p_{M zBMb{h31Pr_H?o??;*)BP@FJ~tHv-)2jr_gW08O8bYV+Jni`*B+0N3;L)#&s5<0wRQ zFAZeDHBzc`EFH=3S^#Yt5cJ)mW;tgcWu0wN<^A)?kM25+06|*>##uM=_kuPBm4`tC z$7eMdxF+Li!p1Vhc0)0AOik>&TmrJ(tcO{0Q8?3u&AKL2#tQIsjhR)Egw zO7x11t^z6Dwa~MoSZG4z*?r$Ta-dY8ej9lEu(-cR*@**x0{@>`a~7Bxwo$8eIDA~3 z3ApAer?!x{CCa$^EGPMn(vG%|N`dOguZFUqQ`P2&ZU*x?u9&qXoruq(K61<>Kvdzo z)yM7Ev>Ju_QGmqjuMu}<6%Pt1;0Cg&>N|$@7|+f;=^@vr?sr;C1gMc2stuCzn4kW{ z_Re3MUfe&8VFqYDre3Y|*W$Se)n=;I(hRGr@vd0Xp$R~ofEiZ19Wx-reqDC_loZat zZXWHJUcH0#yr8bN26=s7^hj4s#pBXi55@n))nfpzW{J-QynTR_`)dU`CUEVf*MA4K zGZRklB>=Dme;9>aJB+e zbS-|TSKW_icn-BYAA$lLY?~*`NI#*}vTt;UE5K6h`xaa7|F%C0rM-Cfw+L zAZ>nUIPAE~J&D&F*L(Z%w8^QzK2anVP_2;%e^agFccIOU{}yfD>RW#GJKBT-nl*`c zw`T38DPWn$k)LkU6d?bBt;2n%DK_vclcR($XhsM*WKK`VSyRBuiBn3*rXlD*BWskUdC5~g&0N&6I`MI|*&%_u-x*-TCUH;E{b|EC)qje(+5-=|w&O?Vn81<&mq6iA7J)s~bTUKU~-VvGsGG?*O`0gPxKs+(rF-b1R1x z8Mb-^BhKjEc-CR2OcQ>dMjEI9=O-xCa6IpUE5G*&|J?9Pr&ck!rf6~Q7YGCG3RW2} z>xR)Q_KcbWW74+IhU1{1Ps|hLmYkHe^9^2^|B5^TqlM|Nm6W4ZhXfYO)CILdj&_l4PPxB&zS>n zlxjz2gkG&gvr;5bInDv|Y{>hhJ{5>A%1%;#wdJT>Sa}^F9<+Cehj%?cFbMM3iCMA& z!4y9!1dQJ_e`)-NX5kKeO#4fR_bb3@ZYR~-wo`HOGwz#!S_{Ps(|W7?*!qc4ovycS z@X}Kw5Pl@UH~p$4b-3Req zBm*Jv1~wsfr17}`QS@zDgV|6IytB(TNXqF;#y_Ln?;8AOUiz+cU6&iVlLY=f^4-y( zmEZl9!JNHxTgw6HdCjW)o$~uZ)8&&yr@3hwqBh2050_TL49|z?tj`2O&o;4z-AcG1 z0u+@;d)v57PsL@cKYUk^o#)f^nzGq+xV+9>j?d|}XDoTpcF} z*7GYbE(u2PZrQVd_T>39ADRrgSnmY5s8JPkWHjK^&k4Bq;|J;v+?|CvO#F8vlJ5Suum7bu|H|=hV;ccr%&w=F0kfN4 ziR!-5rLYXkJC%`VbS=Z2oj%G=|RKI>ZJjy!)Jj?))LWPy9MejGTACms5_o?_}RsYYj)+ zeSqm7L6T`N5Ap;|{~Z^WfFkrjXU)I&a2x$73OKiG^`}qeGA<~I_l9Io4O0fK^Un!r zgn~NWFiM=td~|T0E$3k^5P+x)*5IQ9Cxn$hVcC+y{Ci)C;r_UT9 zHSc0EApvmHH-x{_eSs$0&kH+QtTMA;2z!))RN(`SU{G7U%JAM|&~=?1`^{#a>8{*H z{$EB=4A%md^55FGOD#MNfubm&TIkmZ|BoY1_1bNGA|_t!0`yY!ijEVDHsGQTf0_x; z-+$lx!fAsYmQ6Qr7wK>0`p=kG8fdBwoEz1*M_VzT=seM3m#15f>Lu@Jkr}!>P%9ni zh5Fq$4O}O`EB%uF7vQ_oTswQxp2@n)(t{@rA2%9L(S}$gTo^ZCwU3#;%XU{VV!P+M z$JYLC;6C7A*<$d22YhqiEa@l-{GF9NZ2OOp{|$fbsLTI`dr?5~IG`5@tHUY)ZCjxH zXjiDPzT3Vk`^{_L)po}}>mhgLQK!pPP^LeW-h}@_>CMpuD#!so8xw!$0_&x|%6|8= z53g1DPd8oEue9R5J4tV#vtu3qOOqq zlAXo4|qi75J zDTsi+oA7I;BnTV?PMF#~_vwCMnwcK45pO72~2Quj3A+@{d} zt#i8okZ=)9e<|Uz?MS%4a?$Qzx#;mB=}gXeI=I@txWa)V*$1{+;76>8l@xno#WXuU z$Kv0hu1-Sk2V?H<8pjVc&S)(_2~Y&9qr>!IQN(4ZPEb6DyJYLjW}~@t_vC22os9Q! z^apqNR`Pjkj6e-J^JE4Hp1X;q9Tgb>vAb2|_@DmhQz2Ogq!KLu z9p|3@S@XMq{H{(5!?GTPMzUp0jLLv^;AYI<)gS}CkawhUT+oIA!4bHOJA5=P=G4}m zhP#pnkg&jpYh2$YWCi70r~4kyMHR5!Rz6PkzxlK0Tle=Gb?Oa6{AYp>)>Nlg^_jh* z1$Sa7oZ8DiTaVy~>6ybfYL!bgD$2OIwletMSF}rFD_;Hj`b8F|5;c%h$!C9!>HBcb=F+t0;a zZ>P}eenxqUUhP3h!4DIb(nsNPI2|9p0+Z09g%SI}Li1x2&tDeD*%Z_A+1+(iRT&LG zuqQVG$OeE$X8T6q1_Z;&wdc{@1p2Dj9?6bd}@GP2;plu zyEk0IBoY@lo!aSBVUY?K!6rTtS2_uc*6K|iNa;;VpuLv;gol6zmqg~kLladL5rREYmT;vSA=^7~eV}k{ z1&lJd*0cgjd_ShaV<2O$kQ`>{?Xf-B8`;ViVFkME9UzoW9T`ozA`8;~M%A_7I^u~w zV@PB{rzn?Ga(6<3wof!I+(^H9iVPh54rc-DpSnb`yLc{j! z;zxi2&k@ly)zdt>BUH{p#*X8yKBUW)C;_};!RHo{NiW%&C@`wHJ`l}Hx`Hjrwwk0r zYz0mGTxM5lFB301mkO&<&kRrU!SE}G?)iYw8hn)62dot$KU}{M=TOg)@oT zMxfq(cHOX+9A4D1F+-Ic)T`vzwZs}yMadE0=7!n!=_-BA9FXlDZsWUrRHcVA%x8OA z5eJbZDUnkFP6f@G``Erh7GqDdSnL|?{;nS51t!X&*f4_a#PedaEn=Kwj>xBj-H~+C zC9Oz$k`_3q;y-Aswc%NKBGT1?q~9r>-#81tUdlJt9X>QmlEruio7Ru>V?Vu6DcTkuwneBn*BGN_~Oj_dj$X6rd2kemz$qXyMPYsA(|m9wu;8suQl7*gO3$; zQ!5j*t;)D7MuLhwBIDRa?e?;W``;Z=WU1m0L43}fF?3<>{J6Lo`~~lH=$KDfq3_H+ z3eW;aw+&5?w$eO8SZi3CN|fbkLP3I);dH9@iYpN9Kwv%rI_F&6|G)7A`quL!BbiAYWu3C90|kKT zR%|N{IpF)d*OL2C;W4g1s32-zKdz8?hlMu7NE#J%){14x$+1V0u6~$pA2qcc(C3K&6cqO>dJ>ID zT38z;cI>-kY-b(v$ZAl6Fz!P0H!8JW3px7K;d@(dP5Sj7jWI(Pl6a{4D}4 z_G|r!eF#Z#syW-Gowt+7+&5B`>NZ1uC+KaY>g0CD!r89HF)c^s;6AUT%-Z2^_BQf` z%(FF<_Df5Hp6XO$o;=*J6ZgKOCGTN@GW@Fd{$*CxLL z&xiV>v4*VQsQ3myBT!Ql^n~y+QMmFu{lynoDGyXV?YV12CWEWZbf_l7!aC>>{AyF0 zw4nr%6a+iR1wXu;Ry=q)&ntqWd_{0Oz7jIAwe7X)(fus#y0y{5n7~)zl$6+lPh>5^ z9-<2T0y(8ZAsv=DHL`ffB6XbXja)g%GDcbxHQ&12ET9Vwag@vT$Zgde)tvqsh@d6J z)qo4o%VYP`U~cs$@=+sJ;*yVXLS?Y#m~004X`7i5b$gfzNTST5*5?WAZShc#dQ|3w zhG`lse@;QKgU8M9Hp+qHHJ4Oap+nzbC`<~UKz^qr--*#=8ihM|!Kt(KT0pAUk3>VO zqOVC$PO%A;J~w=Q@6=Y0f|M8e&1z1}q`kPqFdv#p+Mrcy`{Y}+q>?11AIw>~7tuVz z8lZGyVZ;EgiQ7MFB~vh>vA;j0JyfXAyQY&VQAlXLdU)=Gjm;K)-5?01x+06!x`}P9 zr_-F)d|Jsjx;S_?9#X^NRut`~vv9^%JX$DV%!G>hdc_Nwp}CQiYiV;G2?v~XHIOlm z*~gKWkLzO4E4D-(l6?*Zy%y4@&+mc+!)4G>*bPZVsz%T*z5$cem(55 z%cScP2--&q#vay*-9r09>1H1sr0c&AIR zPgLcOA}2#v=%(f1G?Oa*_xerqqsY2%JOwYko!W@uRZoiklbM;CvS9v4-WNGs@SqueaKzeMwhFSR<=1p{e(DBpgy&Gq&w1<5-S)xoYB!(NKF7?4PRI3Q+)qZ{y9T$hBc#YFmAr@v zNdB51(AN_-kKr#$0zK!8otx0=eV`_GFLvyhhQ+yXLlt(gN6ypqGnZSEB0WY#?{-)W^ohygT9B?qP3gqt9O6UWH-0I4yLn5VkP1qG*e*3bW^q( z&0fhux{PDVodWNNMK$UToMUn6%UXF|7}X$m5lJJUCyvU0}TfC(Ws%Ro(_=wREd%{aR(bSj+2}2L?KURvV*dLScfG z2AywIJ!+X}E--ICyJ_$?Lt|ZzcUV!HXiQQjxM4GvFlj6HlhsoSwAnXnYOiYS6a5rz z^IlO@3kK?os*1e=6k(ie75%T zBYXhsU~=)?!$oN^!^F2deB{Ck-na0p1kFjHFdk~~62wwCCVRJc^LWrHL&L@F=dz6( ztgveOM;Q}kmpMgW>%Jj~<5LLc)1ASH6NE!a?@|;src%m02NK5abOp-s255x))5^A= znii6jf-q5fL7Wr;7!$sYa1uLMHPTlm{uDJ-Ay({h^;p$O;L=6+Z1bC@XP#tto1Q%U zI5|i+hSIV9>|F$)_KOg@GbWl&6&2*+xa&GR&NvtwNHKk(itSwNcHYYF0SXvQx;G5l z$oaVvgnFDs4Vs$5vxsC;v@X_2UeK^B2o!qSJGTg1>9v+R0agr5e09%k5aSZM0wG>S zbWsFxf`JvXIKLV+O`);CC30}mlI}oJuG5R_0%qPSuU9}Hqcq3-?lH*B+h4+fN8;*` zh0!FYuNbeykRCyt=2LsP!v4*fgL$f6`{z;*0bMipUz-tNXYM~xqb>Q2u8=>vUAi6B zPr1L+d$V!*YYo~T!9}RWexp()L`*R}DpM)u3Lgn9snc2s(0x|?<{{PUl@Lwl&(b73 zNxqz1TnHKFRVOrKM;llSXr5HC+dH2r^n~5c70Z58{?gdENuW4N&b4K2UE$d<`^h~Z z@E}Jq={U7XKH0wz9h|3U0ODGVjUec$$Q1?N@#k}^keFWG65?lYKDw9^In#dQ_{)!t zE}kA9A<~g3u+ID3`L~dfXnYdk_S7032~t5AodWX&>tIHVb*o<(4}TgTt(RxN>U4$c zVAl$@*}Jiq^(Sv{riI)kTKuHNb&~Hdkud5P7kgYE>k4noR#F_MEiSiXd zXLXO!ql#(mc?@&{WWt(jOs$TjdA~N$$W%(c8*zgykSm!_XvY@cAv|-!Ce+pyNf9dB z_0xJ7noEODoe8?ua9-tz`)BC7J>G?!p(ODcgyK&GR6EQ!s^=pX_4ag2p4le`&oIi} z;fzALPs0R*k5%&RmAf0OOwE7ogwKY!4+YpsbrXw0&lPEtNmsplF&Y(abnX~mKZ%Y^ zE2a{LEmh99=9(q)I$>4%C^_d+v7!OhFJ9@8>ePingZP0pfgX0j2+LL*e{~re_VZl2 z^WvlnTKIe4s1lTRmb?vw6ajg|Be@SIWpu<*CE6`wZ3cyu1?8bvc(H4fc0L#l@dhN_ z46eN)-ObkF2+nY{!!|jX-IeK_oeIWL;z@OS&Hd>+j1julV>a?AE(2Y#2iRg_1Ugl` zBKmHLBeyoP?+*7-nC+@>vR%6h5+$9QKXMqLU%bFXV~c2W!fy61{QH(l;ozRl!J7n#38i zt^22LbxO$HOW7YW328)+(AOjuilK>|a1R{g634q#sM7&|4AePTprFK)rQBQFURXj> zjiHJ0wArhD&Fsg$ZW>h#8k&sRenRw{G%k%XZwV5CmQP>?-X5iM1SJ0HfO)@5r|+Xr z)>(G@peKB*H0WliTdy{SSl&7+X>h~iFwk58#QlxRs$Cah|o%VD{ZzPjp>&zWAxlq_{^zubzowTm9-88(<-jbtW>0yimvfb0eCLpk}O_U==l@wY@=AfqdV;9NM+%Kf+SD@8r$Gz_U2pZxRy zb;m=u^-+foT7GXgLbQG2J$!2(v0fQ*85WIyLRiC1;3bLy^o$KOD8UW}D$=_<*ka=7 zBp!s*4v9|t=LlYnl@&7epDv|Mj69MVT@$-8CW!w?m?j#K)Cmx5`D8+-`y`&ys-DOR z8L4Fukvz+qeu*2#uvoa2qx7^p?P!kP4A<*eh%cBEaTab#M#FU{*XUufixX36-aMa; z7rGi*!z4Z^=Z}~P8O7N9NBGVjf6{oaGMzuu!{8g$;45;*=!{2W^#nnvu{t*x$@m5G zEP5@J|ay>`N zxKOW4*0HjIIDyLzr5z0gTYfJO9j3LNa+4j2#6hagn*lp&1cts|oVy7qqY%%~nDUZU zZWejFkT;VR_}U)Y`D*J8Rh7&*r!^VwYVooov=N~|$er#C7>TY%dXGGd_C-%|@Sa27)E`yoOEg;AX|bK)p0 zq-EH~yfmuLzO<;cNOLSX1u36@?;e#p%N9L1fgXc?Oc7p$a46AQ;Z67e&wEtMKxZ9- z>tmTAyO?<%L~LMgWcC}CYfcy`DBmGy+QI$>7W9}R0$alr#pBYZZ^oNW6-KGC)Uno8)1(rJJF#wS3W>Q zIiaQIKDEf?=d}>7)Us~t29R!J)csFFZ66JJ#WTEWLYw&~BhNA)meg$Z{^U~calyUu zsiGz_gOFR#!&wr-T-4R>H$2AtG#FnJtGaRMLE1ie32md%VDf;pefyd_LgfXjP|Q>T46H3enrL{6>ah$tKSDVCweLBV)0x2q+tk>#=Y`^|mO4s;*m@F2 zLPUC1w2WI+2cNH{8M}@S*D>Uk>bauKt-ex1C~gDqKz@Q?S>$0I$gL1{&xIx5jT*ap zFh5?{-2K6R3)LZP9}hn{2W$yBHoU0BQ-+1HSVyxgnByZ^7G|F(zlf$4X}P4(Bobis#A$ObfJE)nh{oPpQJv(PD7p$}JQ1oK z;w~0_k>!K8GhsD2vq`i)H)1x^r&ea;prrj76~t3QF>ZdkvHly?&|qyMO0a6oaj7P@ z(tA(@^O2|eK?3_pZ%qOBJ`Jv*eRLdcnF%K%zeWksaRFb32_Rj@egzOW8s9*ez%ES< zR@3Pas|}QkLic|S&dEOIAJ8HrP2{~1j#!i`qBVVdBYgIWNdjsL5$|(9L z5C*`%u)|HdJ|O6SG_}U=RXKV8TDb z-bIHZPG)Z`M9T-sKcG|EpJ1`mP6Ddv6`KG7J!0!s5lp_jHqQSzrchW&u7u(oARtuX zP^_m8j=#Or$9YIRwpY#U`4xr$TGz{LDtza~8lx^)&fIs}d>BAV$|K-#ju3({_gXc( zqMGCQfsj+p$u@yaG!%xJaw5QN1IgUJ=C9jC2Z$^z7f4pdh?n3NIGteZSIoRG;s`;u zX1)2q>+Sw!7W9b9X`XWtZ7{QNiZ@Ul?Xw?H&bc2b#S7lP*y2UD=SWwGRatDRjN@ zp$gBb#1Y!s0g4!HwhwBpb=B` zUTHKzShLnxM8CkB(lR%3RV_Q`t$tFZn^AmD$l(w86N7Jn&(#D2;_Xuo)@mWj85p?M z!@{@XQi^ra3pJTYTki02!?CE~aLXxeHEu&_<_qJ?VXqlauV)`KB3j@h$eD$j!{sJe zF~3ZL#ofWUhOg`Ts$vNTM(stDu2k=96=9DyQ}?doQKcf^hxmM>;zC-3L*(geLWeyK z088uYm)2ZnD@LU4wY+-X2@Na$_z$sHgyqJk;{ESPRU~Wdge-WTfzhpU^FcfXJXZ?VZ+5L$y$N@@+8*uZ2W)Mky`WqF^63}6EFu=LF zkoXENh@)0R=T$ewH|9In({D^K(O`CLxfhYngZyaNbPpr*sS= z*!%5s70vCBcUynhgSR}=qs|fhlqKv|O}o_Ieb$%eUn8{P@`Oer3=Suh<5;JFnd4Hm zDUuJK$xXM09+$9+l8JV#`A~nxH9xmP|q9#~L zOJE=evp1~ioNU5I7}AUytz@H5gvFrUg;!dFax}R`7OW|c6zQyRow{T+MUnu;Bl^!c zgBYM5(f(PhE`bD6(-*Rw%lY|OZBBk3Q$>lo(qQy}L*dlmGX1bP{ss9>g#__76qFBM z;m*2(G5n%7P<#7uAfMByp%=>aTG-XzD-O^Yn%K$*FDjlyChcs@$dreNQ(sN)3HN%2 zxC4Z)ypjURkWdZ0yFd@!x?D!1rJ~p)1M2VU<*x?X@F(E(#G^TwB7Q*bS7@*W*9m?yiSEg9DcITeK8bVk_QRWxgCDu}ZrZKy9QDH>gV6UwkH9UkN-6Nu(+5dV zdS6ttGd3h#jrm#MTAsP;Pz1ezam7op(1Qcl@itnwoi**ZW62W9Ilu@nY!ny_2t}^+-mXXk|bTimB}@K zR+a@T@bfRw3qbFBz7(x?Hp#b4&3C=3)#lk!rtg(vWmg!8mT)gD{mQw-0(3R{fF(k( zvZ4T$(4a67Bla-d(6uDYjr@-7qP7a}`AIkF#c^438R;aJ=>|5+kErr_Br15?%juGj z9=f*>YPq^%YogEpESZrrqNPHk>ftm<8Xi5pwx#~n2fb7yPL>)Qj73&!posK`5knJ) z6}2)J=5_MBzr=IiD*bRc%WewQznTh@`5+AMzw_#ZPXa7+*5E|xS6Of5A8 z-g^f%)wS!xSP&HuK{`lOK#;1^i$q15NL6ZpsB{8Eq(un{f)uHO0*XQeLQHA(G;^eV+Hsd}rpoXTI;eXXZC^e&>(OWM@xi@2sr7)_q_1bzOIp=Np=k zenJPV2$6ELa=`c79@6`GUCYZ;31OTua*b1N5%+ZLav568KN6G8IH*9=5t*3aBxw|X zXIMa3nDz(7A@yUFuQqHqPt;%io`2!usp+o6AZ^AWW`Gn#8YsvgdH62(1B+HnGFpIj26>ZNq{}^L!RzFcCHUwKqRP9* z+UTfsU2T2Fi~@g>{d(-Y*b`DL=v4h4l&**B$MK-O(VVLiO0@e~k@hQ@OJ=Wq&MP+M zJnR%N^eIW(-{|HNII3&cJi5J27e|Iaqxv&r^rVnRAFJc(KtbX0m!J)~nGktSmuUyb z$KDruq>QnrEw9{rb-#W}>j2%FHKKQntdvb5S)`zjQ`m>+soT>uu?_W`go3KRMr%{4 zN4k~xO=}^OyXK*8>YeL9zbm1>BT>v^mJq9V0x&1R$2}=(nvsV+{>Z}Dm<);8Mnk_T zN`*bhzL2-o5FE)P1S~{C0+8uQ~i5s-X!}_wt}|n ziMby+_r2yKHEt$>gwV5ZKouw~(INrEkA%EKMCnru2z$`j(mRO`ljkJ@y*C=hB~C2x z@!4lj%7&^u+J2pNs-9kNfYM`)V`>VM*BP#}DN*PHYD|^ZEgJU5U^T$dw|JR$HQ!2rgDX{(0kGJw42F%1Ph*V5XgtWIVsORLHEH>=&7_ql~A_ zJccvfahh>=c;^EyzJ-@2Hft)CzGDLa>32y9D3(Mg&Bs+`CP~c;O;)>J6T8=UY!l4P zLVIB+K-7GiBn3irV<}ZvQ!--}eK%Ec0*Vz~gZ5QF{7LDOPb`1LC@abE%JZHkeC`#` za#BK7Gt_CF>s%ROF6_vvSzTr*#B+C{Wboy{a;I;YMt^ZM`<$x$rkI|vxc-M zb3dEI&-u?*oM{utfveAj;M21Y>D_#m#qb0oC^MQ7silB)$)dC6B;}T4=%bzNYeppQ zefd*+uLm8>Yx+t*Zfv=^xo#_k>|(2Nv&FyJwtQ})$2toDRtr%sH zDMl>LyT94yv*-Xv4WAOE9IwazopqY#X0D1o?$90XrDSPzKHe&|`O0mvq5Uv&&n$MM zn+*MgIns1)cG`8;ckd@P>D?92z@mcm*9oBt`rNXfkISbXe39B4twBvgtAJ%MS{weU zH*mIKx;wfG$L}5J6Sy2gzWPDI&Ax}b@_kZGx*!iK6y5PRxuv+LdRo9Gc{g9pnV*KEQbivnaElVXa)=P%F-Zis$k@mRLs_F?oDA8 zBYzEK-Tv9z$IjnBUr(1dK=Go6z#y;>PXvY&#rBn@I)o;kr3j`2)SolkXQIM~228wl zZ3i9+3awN6ZvVRQ`b3(!H%b)={qr|uhqa*v^yCngHz;RgNeOvyU9dO*-LKP6kGQlZ zKqNoSKzPObb!sd(l{osCFPxZDdAJie7-k}t8ucCLO<+UZoITqpTTTg$RfUvl7$b;b zkXOAfuouJ!rl)-aMc^-#gmP3IK_YrusG;9%<*}b~?@&xTsV;J~S92R4YxFbJOPPXM z>My+y9`cq<+PKYUw%A)Gc{=+3;i-MLPKm(6*AIP+JKiFL0(R)~$2mu6*%Vk;$c!dX zp^IDM^?4{+d{^YgUAt;;?j}F}7MD5kr`fsvweqsaD~c-%V6)k_T@CFS->SHjW)Iz{id)+i;s@gBQAhbLJAm4iO}~N~A@H|I zB2A$JJ}#m(s5`Y+rF}2x!ezFmy2stVp~B-YH}1*@D)&a|yb-xk>WS)vR>yWAcF;*P z63o2dqF}#J;$scbO0h?xUr!HqkY_&WR;8TL%Dvpg=jinCsJO5beGUi+^BH3F3kaq5 zZas~`YCrQHt6|9j*94<@kwS;JG2ZRxbG-OZ*$eXtzfSGCXmo*ofi;Q-LTMkM)wgnl zYBS7CLIft=$Qp~8kv!dU;spbHhBT+SB^I*LY^c(w2c%e$KFBMy6-q*zgdza^tQ zz-a$^Fq*xF-1zDbYC0=^5otpELg64~CeI(}ln@#|OKy3UH=o`gG`3}H(5F$o^bPr) z?Y0=4yE-)a+l^&L=o~JdrAsR<0_azY?;Q{@7Vign2%eXgOdW>51pr-S4-5wLWKQaI zZ&#XhsU#Jk0zaXEFU*4DCqi4{N!m#%PryW}@`h$W6}VoS(FJ+wYe;_ud*#NQ&^Frs zaP|<}!E*Rh3IPC)0m!+mfRaC3gK;NW&`f+weHli?p2>ppv_*)()`q`d8FbfY1@yT` zMz~J{z^L~DU#LxH$$Jw-QK~B=dSZHF^!A@&Ad9MZ0mJZBH}CRop-}F6)DVE| z>*>q1!xJ$)E$0w?m;V}P5a+6+lJTE$W`FDJ35;`L@2P0^(0h%Ljq5LcW1@)NG0F@v zA_UC6nx?PV`!X|ZvQpKvH+^2rRIb)Y${n21}l=`0uDa`A#5Bv>=8~qy?&ioI+@Q~r{m+?^hbPW89M6wtS zwzn$qi$|v2A`aLi8$lg+h|X{p@A*RQO=@sA70QTTB(U@tI7ue@N6T-vJ$&Y702Iq_ z%Ma5=j;xk=YX;gg-Z62geT-W}dQu26>T8!s5`UqnmWsRE4tW?EL$dllYl$$t+IL;UD zF{3u|UN6EQ2}2<5OWj=0jQyRy{*b(7DSU783O&V$`Si^I8WwIueGi1`MGMa?lLqNL z>-%gp#tJe}!_-Lg{qWyx*4lG3Exn~ab7#^l9k&YZOPWmAPHo|mLEJzf1!qW7JlhTG zAzHfn?<~C8+atg5&-+JD9lNd&Ul1{$IG4o;q=6|M)M;iiQU^_TW%2*qOei_sQupk7 zQ%yxvW2Bacmfy2+`M2MV+rQoNOWWU@rnkx>TRH6nh^O95Yw$=b3=LYxe^DO8Q18>2 zxwLkY%*Hv&Mb2=ZF4TpOL$d=xOhfgynN=aqpj{zb%15s^C$7b(avXD2Y)g8~h^81_ zrlpX^7EXjhMC#)mx8blmG}n%ftzF0hbKCyfcvej9<3 zfPtHVupQ}s+iHA!sVP;0M#Q4p9c3Q>H2&72PX2)lB`JdSb8Nit4E&ho{ZiQR>AAzp z(T#nat^w!TC3IKYlqF~l`1YAYK$sg^;GHA)Bsa=-xSA=k?w$7BI(fk@x!*6UMm)0) z$yFR9CCZ9?|E_#%^yPz}tID?giV7K9FWVO+JiLFRd5C$5GLnFF_keqd>l$bJ}*-qeU63TaixXk!C zveE;ow71pIdbbsp(B(1NFKt{oxe`ur|1c)uym_Sr2Xr_R&sP`r*6X$W z7KR4LK1?yT1gy>E^XCRXwwgxN?)l zYb7h?$qNUQ+3jgs(cxpI}ayZH{Pjl(pc*x4rO=he2J}Y9=J>y*iX2 z-d(~=90NGWa#4n2&2+7;=-c#^4xY$8 zCwO}_RcRO+Uf8(F|K=iZ;zdT`?!|aq8GY)9_QbTodQdgK2S+=r@o6&wcev>^Y1)qD zoW28B~RkY!SU5Uzi0*alCMJUVd@AtWEdhCw(V8Ltv6+yc>yLcZV~jvT%+c zo>EfUH}^60E27LOyRoWRK1au%rPf2G?%eBErd4G-4ykQ51BRFTj>$>JGXaP=O|0<8 zeMx}RRYd8ErdzQ-J4z(bFLf6oHm%4bjkyNJ6W*dWj9S4C?@=F9L%-qi1NWS-SQ;PP zQrUB$Yk527#L~e?_5R>StsUmo_O^$L)x!lteq3ZTf!Eh5U&JClFMo=$Ws5v-2&*E) z+f!l*$KKRe)6m3h$#%<`hA)83&xmzOW&FUd_#Mx0 zyWlfm7(NCKw7aE0K%Sta#4zMbeHxBEpApvBE6BhE1h{%r{qB>zo9J=|o*% z#LXgSC&APS*lx(hKpVS<~FLnwroP*9@mW z)YzAnT}kR1IiH<_J?4wN=j8*WXyVK;UukZtQA(Y<~WlQ6hu!sr>>ibJy{a6XuEHGX5smLA)QAj zaT{;|f=*7MxDrF-fSe*$Na7M%@DXuZ*{lKh(cDuHgEWqda8FmAW%G`d1x z6|(7X%YUsd%|MCdoLszoc-aC?alJy@r0cP!_we0>qYSkX-3PgAR=?Tu(e98b^EBzs z=eAptCU7p+jq}p1O9kM(Y>=il4wxZNFDDd2Z15kqF1jnnT$qP4u1>O$sN<-t^-1 zJiET6MZ)Da$jfO)9|mL}7YjM72Enp`TEvh>q2EAt69iQ;e2mkhO)_PWp4`rY73iIo zjBRWE_YffIgdLFK?A-9IZwE3_j|SNKR)Z^6LU({z`|)vA#`E6 z)+Y2`k+(0aPw2oJ{5s>CFsgzdugN5zC-G-_U%Y6O9ynyTsVIPUPJdTQLG7o?tx&-t zD0QR;P*+t&joE>#h1v**oN3$bC`rERAFm4DVpZV*`was5SvLYrBvzhVi07%_V3b_c zs-<~U{$G^v`Im#Z*O{&l|p}~q}1h?Z(roen4y zt#6f%o$~iWA3WxPH{iT@qRSaVz(BkCK#%EGo0ckH?+5z&!cSv=1jDp`^o6D98FkZ7 z9UHEn1x7OX9fp!anA7OojME_SDy!0KS}MvLE7Zwv+l(?!OPT}+Im)`-U*S7w`N>m0 z9ef-09d}rg_LGe603RtBhFo)g;I|J4L01c-dV;yXGyBsNClhs0w64HOjt8Xthxg1^ z95?s2RBjQPHtK270K2nr;|frJwPf&;J==OMIvRwMHhx0P#5%HkLxsHI?xCT&LL*!4 z2hBg6e(vPwEuF|7-sxay@#ZhpfE?`rbw9Z~LV=<79)?mLY6|6fqUNk(Se|*ri7HBF(NDF3c5Gb;t$?UDq=nUKUb*@l~ zuAgU-qr;>wOxF#rFYxWUxa<8{N@_f#gDmmKmL47&T+;HWaBB5jzN3>q*G(g-5z6O;3y&nD9~=n0{@J{@JA#Z| zU!#mt#cBEEQBr7Rl^MKS&~YZCCP(#Szk>Ua#Q1_ctnpqArF`qV@XYk2*uvxa=vmfQ zzis)zuv+uxqKpCP8Jc{H=g7<$4Mtqr01utPfh*1r8zdlU;fe| zt-T7v(&R%QzpG9^n>hA{TkMcilIU99XYBYY&6TLkI6;^Nx2D87f;;esoe+Y(+aJjhIpw!pvuyE2(v?fAGaT=5xA>~L+)06iLP0Fx4ux zop%}{bhP)0&B%@DPhXQ8lSDJ)OVBWQf*|TREsT`pIQU6|e}G^$QmuH5jKw<*K)cL;t7c|Sqbg+`Xd*}yrh}*+7O7Mo<@ITEW{%yL-Ca*m z=j-jPad@K>s2#@z1z0sy7qMZf7|1IXrQKQ&FZ?U{&*~XA{>ds&waO?h8{Sgb{EHBu zD}dbec6b?`4qiu3JV>A$ec56S_BUa`aQv=HC7QfLYPi0gau@-WJ+4!r@qoLUl%ijm z7*A!Miips9sw#YOf3Bg)uX~W>I;>HNk92Rok`4$%AY0?vY3<#ZO5F*bM>~q99ojEP zgI1z5(!JF-z9i}P;uo%#(d{HeS4K*aUin)? z_yGBhl85Pwp0}+H^M^PFTGsP2)iY!nCBULn%+RK6b|}Y492rDOAYAPzik&%)s+ExC z3FPjUK5vaX*NT6#Rba#sHqZDy*c|RtuiYGWJyW9%ay3JAqbs4n#0`GHupBz}Ktp%#MgvlQj9wBWr`K_Cg+2!-V&5`G_Mdp!?z6)Xm78=zP9e|QBR(fmeaj&5E{g#bJFB0K2?%@p?7#UU#hO#l(=_ac< zvXv<)5iQ(wq}Z$7HuA^T))psc#(=`WoPpOyX%bQYNSf4zPjla7`mAwb@!O_^h#Xnw zGuA~!7oii(1}28k5vCnc_|arT+B`5LJ@Ucb3pE;2GteC*D0?j| zak1Y${&@Khg%9bU1$JxK;S|YkC~phbI4BOqF$9baEjagk=evS~WVLnmkeXSSYqiJQ zTBYuY*<;UsWu1yY6VT(Iim-1C0Y$>CHmSDtsv zh;`UA(aOW5`173VkON$prl6ZkTYo)NwYBTNNOTjhC;kufCa004DAsEGY-OPLo%g8F z%r(oFocFuRa4|X6NcH;=u{hVUQ7GL5lORut2h;2^Y&$qWAHq4Jm=#P-a78q%^O_1P z^Vg14m?}0J=q+|kI8K?kdVB4r>Dsj+?qmqYNlg~m1zkwCFB{2c6Gp_$j-*i5Q62KDZf%)p zwPyYHEML*%O(TjyYfq}^uG|}wpQY=Kzg>84Yd!hm_HhdrB@LU)eh6_YaZ`A4=*RBK|*YvW}XZ>0`!TAF_STHISzy!~hM z)_-BoLbZq@(9~vT64*-_w34%rW`~~h19#T)b$j2>809H66U9r_go1q^Kd^f4AZ#k0 z_}Kqc`YBN=oF)T!G$gVP)0h<4O+_b>% zW1N&>hT1lt*0md5mpaaIh$jLWfyD%S%2Iw?jym&W%P|(7CB;m(Xtg-*qwz47nvv;V zHZeJE3Ws|am;as7$XL6jr@7Y|nEkpP@_Gj+2zFDB$8e)>gSe48gAASbh}bSiOiC%k zw8VSjWXZ(ykw`!7)hS8N;HRlarA#Dcw>lCpOC9f}FBnLCS3uoD4MLBhPOTBh=0L$u zNT1wS{+^cBV?g%R(7sggczgBu7nt|aKCGXpYH|Ph)2&WL2gU8i2^Ho~N)d3XH!a`| zExv8dbZ9+@)84-XdnYXHg|y}UG=o!ih9}$E48l(sn5GZMp!kqzS`?8d8pwD60}y(5 zL&U(&Ng4B+u%1f(%3r2RnE`wtrGsgPJq;=87EU`~%4(^Y??^MiaHE-tL0v?iBeQBr z=z}IaG5(Xz9|y2f^j%jYo^7E{l(@65?5h7=o0=kF3)aTtt%^ ziQD>`anA0|0Y7CW2T5Uri@jo6M>P*<3J{jFBoc_FX9q8nH==7Y-`QXL=r}&!_7u{} z#~eyl-N$Qmn{EFG%pLn7EZ}xBM^x@KJ24l!Ve(;3kDJ0Coe~!W73_TLH0>Q~+5Y}Z zV3=fEO&KLRyTDrHpnJlB)KqAl>a8Ms&sn2SxbYLD!VdJ9XE%ZCXUZ`j2~moh%f*xq zQE5z^!s4LIqA5gH@-%zf>HYQ-_GveKXYO@yr7mT$7j|%h4|)-f?re_D%xrh>AtKx6 zIviV4f~B(uu0*Tch>>;WyPm)FvW(F@9|NIPLDo2~=F-w*y+bhE z;b5M_xL9n48N@c*(@%*+E*$UOoN$zSq}b0@Qgov4oAA2FsRQ(%2GZxt0eI7u^`+%J z*|P&3`$5jo z4j|xNV1A&WjkY7#uH%S=Xx5Q_e?K@}4Sak>L((!HVxmj9_%)P%+L_oX_|c#jOtceP%L z(spjKyGPmNbi#hKF;1XoyE`%L0E=dhyAbF>xaz_u+LEI%n=xmWg*ShYxE%}82;w#6 z^Z)w5x2N);`0de+VE$<{1wrs}@ND)7R08J-jem&ygpptH7kE6uZp#6PBzgiIcQp3Tcx1kTRUvj^;IbUnP|3IP=o| zor`l#s>0w{szBdqZr-*F5Ynhucn=h7Aqcp7U$X5Q+R;s!%y)@>y&s|NeQ{0-#;k+FSel0K$`q?{e0Ktb$LtnnI?}x;7wG>qt4LPj*{Y^irRQJasEh=L&VV+e(<-Y{dy7 zYN^>k#c@5Aq?NVXKEp+MhYbrq;?!}cX3JnL=bqrA*x^)_wyM|nyTJn*-O8~!lC)BC zEriSwt$QaUm>vd(ht=0~}GFLn}qi;Ql)6i7UlJKIiNo8GG_((apZ z8uiUP)I>ME_EfRSd-0-_g^s3cIpz`cEv7njJ(y!dp9DTYi-Ze;V}NotSK8v0qbsD{ z4X9Vz%ng5y{*j+NM-Vqn$bH%B z<*;{CriBor!YQXBzNs^+7uHj}Z+}ydJhCc3g`O>dRw^fO}AQb2vz7raQs{lXN z)gW=p5G^9_mdD9@OhVqB+YWuDnd`HrBe|*R@+0xFf zw`*UYR#_PJKJ&Sr5UZzuje=Cqw0Vw5Et%M+n=k4_azA}xw6Gqph+CTs3Cz*Hn?C%) ze$OLb_Wgf{@$J8AocrJP{e26;+nF7p@xpcq9ZDmO)zg7GOOE*v>Xq^Ed5iE6x-vOm z{MrMk*J)6I!LRU9(6qn~E5FdfQ-$%k!$j_r+ij{IsS;*$w)%=I;I`Rm3$C!}Ou!#T zUZoh8hR*T`ta!g)Zpf$)P|sJ)De!31`EZx$P%hW-BV$@NzSrIlxRo6f4xWH*#>>@@Fb!Onz_El%yBI*R>_+*y z34n}q+_nS#>pSB}3jjQ?$rgY63+H)ORo3}lOHV4puq81sK4Wsq(PWquz(ow+31gzxchkG7va$ zR5mZ-UwMIl5B(RpR$6clTF!4a8w&IZLnA<3-Y@qRPi2Gr5wVQ`)s#iPPV>XR?g=H= zV~xw;S6QFvHoJebvi`ZhXML4{(e1o=xugHe@A=>F{(qkjy03_YCz}j+Vwf_YPinhB zFER5WdyN^QG5abhJfA5q-_hTk6_;Fo$vW4gG?;9t}SP#MDXYqVfs zAM8!(;_!~4so&NAhD~eV@8N%8jrzM(@r3c8l`4#}8f5g7&7V*K8m2vzx2iUqaDrBivQ)DM@nx1$uv_(WfHRg+@T#A?W=2)y5^@We1p z@m%U{?jVaJF2`+T4(08QPi|@#-wse+DIP4878)*uH!Z)AkNiIDl_w~v_-lqt)NHd@V^{YIPufqf4@2 zP@@^lINRSBo@<)$;F*qFybV|4#eJ;@B@A?QoRq(R&x=3zUx};s%@d9RUbV9X&T$0% zR+@;v@3+R8>6iI>zSvU}4mJ&%eU}#-yXe)e44uDO+{*6%l*PR%_G8q>bX(8wTRu!) z9Q#=Jj|VQ`1R@1^;MR6^nbEX%f}A0q-a7{8(=4II@H7ykBugo zq(9v|pQt{#9^iZ|3A@~Kx|;408^*qVYPL#A%zNj~uthoBsDMJx5!(;B*Grs6R!r1e z?CReZnHjz892?Dx?-{6W7IIF0P-RMYzN+IrGZ9k#@~nMf3j5ss$I-zD-OUew{#-Vw zV*TIXtIi`&3m^i({~?+!zWw3br#*ol?laW&UXgA02Zsj!;bOC#zJxvoc+CLT+vES# z!=@P^MiE|a`@4%d*aI8mzbuX6_&xGp+(^!R$9>cr4rgMh;0@hQX8!yywD{QwvBmuob(gY}<1F>h^c_!j%q|2L}n&mtZ91-6J`x?sp5H(wzu`BXSHDhhhjt{b4yf*%Dd^U**S6!pv#<}C3XZzahq z8G^NPc_tk9dGoJ^^JnNDrD~#7-CqpYu*6uGz+w_WX{zmUr6X?#Lu0LaeS2^Oqv+b_A+|Ts4%#l{{_*wb)WY5RJ=#z+7 zKx4(&6Q;rFi``EzN}6LOAId4&W3E7JNUqm!xqV;=hPI4=^DaEimphSsW-0?XT1Bl+ zOtnAo<6fwr=BJdzh1+ypVI-jfkZRvs4z9BFXhkxe`i{9NbP|tV2=v(^*Qd~ z9G*9^2=TpWBvo#_;0QjiIq|jUsiCGC9uYg2)ZLbH04Wm%xU9zf010`gRyjJqO)fq0 zLNQ14l$6ee2TJNcZhs3%6G;li2{TR;(dtX=~HlA zu`K?Lz-*2r8=fw|#0oD3?_kV|Bdv$mJ}{o7k93zqk#JhntTKl)3@5;lX3wY$e{XPy zIDO(qgOG;kpU|9y(Zk~hfL?+0k5hCwr{&ho1 zvL>5Fnqq&zhPO67Js})1X)Fw`QBMe#VVu%a&RJx&8+`v6V`fe_lX4pC4*Bj|fAvke z*SBl(uA3FfB`OON>fcdZ(6h05K4>9b_qo6l!sU#t;N$|q;{LC{+2l;5%nv6$@_WO( zxKMX<`%c^O=Qm+!YxlF+u?!as$rhl=FJ}dBM(s3vKy-Ba^Hwx!d3!v=-MITEUp`JM zmzpT3Q9tbFq7uI+37}dc3{&DX)QDz59&EFONn8+h)6i%@T9=5Tp7C|PxcZyzi~t)E z7DK2fQ zy2P?u%Fu=P(7e`kqMuW09iNVgwBJ*|@P|1m(`1hiAQuZN5K7G*oSajm9_)tLnwvTG!Ix`Mg9^`ui3JX zG)`~5YB>7_PJe7C4I^>O12js{T-Xfzb00^Gs4CMJ)t9al7HhnftciTm&yi&s*N@H> z9W%U|riY}x^Jkqy8jP~E5h|CfhjkTaPJ{s8`t7-r?N7&po9q=m-Q-)w}tfa%c@ zLx4g7z6Tt+GGN(x5!%YM>p{LiH_IvT?idh1LTT4k{dWVWkcwKmX#)UgY?U9{nDE!>1>p2wAE5E`mvD*JXy6Da$oDtqhpvBUL_-$X$ zZzbd*GFwf95hFs5h#~t<>NckVHL7(BxrGBy(O=PnNDZKWcZUMp)6Y}?^P7wSW+_p& zAGfq6LFhUM{_E`z5Pcn;6!^UAU;2T^5?FlMVqnTH50eV+%4G2+i8W6_{~F>Y**C{h z{(QhfpWa~H1q=p(x2V5Iaa6~EEeJ|}z6>A|DRt=0a+WHN{M>8$2kEat{eI13#7bsaUl)#Z~s3~6n3^xWS=pv;gK)d;J@0XL!6*MIq>(4S)lOMjBqDf8D` z=HFK-dl=8Qj3%DzuLL}`{+?OhXkaKCr-5YzxQnt7;5_c14D*mBhdwYX&66;+zh{=| zUvqTkhw@+lLX{Crt8Nu-|JrE zr{aKKOh`i$8JRR#G1)Vr8qB^nve%a_$!@qG@#vSwW6Vq8Agz-s-)E_1)-?>RH$D=w zBc(x?E^y+5PdPn$n!qq8tiS)F#>mXX^KzMK-BI39s`qQ&EJ&#?&YK;guA<&tQ4KwB z6u|rSdhu$wO^neB^fmMVBa~ulGRW{IrbOo)vp7E8O)52H0Ti%R9f-a49sYoh+!+NJis5$f39+pSRnBvEB0SF6nDSkJ zVAG=nDOz3E0#s|gAYz)|DyLvsudNK5ou_8lt$vtvhJecn2~8^Rk>cMO(w;?-o>FfZ zYBywG_rw{a=JesOpjUSsZZ3+um%pCpUVMIcz}as8YNOBkHg>GN1H`u(6!t-^SzR8( zb@KYJrD2c8>A;gqnY>%JXFB79fQG-idjzs4piIS*Q0bTO?U>k%+O3uCi!M`U4^P*K zXc^~iyPVnbU5Il{OniUPgRp*wq{w4IE~}iCr;qtH8Sum@FZik39l7snPqe)qn{o8> zr#a12i*>lMP0~_3{s=>FL|2W}?149Et{GawfqYZ%ILu~fJ{KO3+ZI>#J*or|{-i}J zJn8l;^`#N$p%x{3287J)-5hftP)m|qD5>^Sx_=|1_NZ~!^<25JOSg{epA!+^ zVjew7BP~K$jYms`InXuVF_RIBcLY-XEIsrT1HT;SFtpYOyolmXKwycvv z+qR7La3KR^Y#9Ce8V_cDLvR9Qq3sD&6t3`&ss#cT{d?%2rgs1ly3?%dZ?@dV(ImT+ zia6xO`#T9t--pj>Iu|o2ro-5Qr72arRy4U8C58TeRhe-J05qOpT_~Uqf}l63vb4J+ z%sbD|U-6Y2;(7PB52yeAC{9+%+*FEm-uF- z%U_T2+~(EvM!32jVAUf7CSqGu(D*(K(0&WXQuD`CyJ@X{XMc62hv25N`Xd2vA+6)A z>b~6lyrMGeGDT$_y6X%kIa`zpI1YEAzInyUt1ik1V~4n=M()C`%fBWVO!#0iHdG`d(OcP%eeL?enkoP@X|MEebrAK8 z-8snz>q!zbtNfU0^|A~uF>;s)dpVZo_B=02GR;I`Tt+5qG_TG=v*7(oLrA%+`pXZF z?O~qx3(nToC%MO5yJXYfYAexkw_={08GTmU>XpIZ)beGe%!Uz3DqHSl!ExwR1n=eX z+GvT$2GMiV(ebr4whzru^iDax|la`P>137gi>tv1H~8WQ)s; z_HHj5s;Hgrh3d(a09(ZHBCid+>accVCf)96o0|GDInVsqp{UzSP{M13Y-Wm(S}<6k z;_Kf%tBNL@pA$1oxen#-CT^%PbMtYtc9j7=xYu5e1=#P{LWC*ns2SzJbqfE=9dME^PrgO&6MTlU*)s*}ZeCxG zr~H9ce8z^Cl0Y>c<%KY)7~rdmj}^VO5=@e&#k!M@D4g-zHh8!4)zN$2=F2s}mg4pS zUu5`5`+;S^bO7Lv{UXaa)Q~qjErch%CQ7HykaVPL8=C8m^Ic9e-Z=d-Prr)zT2@oD zkNaV4te!N2qjTnP0?8s)_e$Xm%@N|Qe5mAE@r1(hrQXog__z*;y)lUW@ad0Nuu%*< z@+L_sn{Eo&R8`XDXzic&ezV1^$t$Y&bh&U-)PJ3=rYr2%)GgY0jfXFFz1*5I61kJ1 za9(I}Gakyjg9p}4vKdyw2g;=@;z$0a3fK-By`{anJ|JxBR?+^zYxEi9i+{0HZRWR> z0IQ_NQH4XK2&NDjw2@0!X5648y0DQgQg)d7&UJwT&6Ng$zO@&5W+P#7t}z~$GBoan z9f08Ya6Z`a-C1gNIM9IIv#Tean0pD z?|HxG^?L4)$D>kRWsqTgTQ~xCeWJAhhrwO z*LMV@Hh!Mm;Nk_h1<5S5lsq$U>QkK+<*{X=H$Sy}JNCxu5P!L5;!&H1z(9j7rctbVojwYvO9*=cOmUWf43rR5%Dv@HFC*hA>GS+aFH4h`lU` zVu9JiU%n({(C^$`KhY|jnbR%pE(#BQGi>+rnI?b+x%n>|&>Y8HehUboM#P44gY%F~ z2~zVjQk`|+)_Q??F{y2XM^0}wzjWW3d_8a}$s^sWi^i5>p3;B+6wQIhyio@Oa~zni zK>(+3G|ttoV#W2aGg6FkoZq@vfKqFiqyyxLNSS2(1UV%a*N$R>EGWE_A9qkd@=x?t zXEP05XkZC?+k~lhe3v!tv(O|=POp>#AXUsH5FilMbJCR5#E;94`@BJsz{aOM^>QC% zu=X9*j%HAPdp%LYJ@)1es^g@@Vb4+6*%9#bHPn2ji$_skuH@?`?j{I}rtB?Yl>t4q zfvbqwprZaTAoP*|kNCq}bC^*FyK$&~(00?1c&p=5cds z)l$C^JeSr9sx)gMU!0c*3V@9??W4R2k?m|+1vcW|J?HCEJ1;|A|`9s#NLpz zD>l{Hn&+zMA`To`hwhc)(qh6teK^O;eJ7Q#$T8=Pm1sx~6&2OFCqY6)iQv)fGvpi! zJA%u4O6LLS8QzAFwa5*l znMZ&g&uvy44oq3<`l#dUprtCQP$(c13BDpAzjTy+8K8AM*E7Ex33rrYgwiY| zw7n{EoYVD`B5!yYj65EePpzyiQcs$Ehwr(2y8@ z09?~<4JWcSXKReese;buR8e{|`ks;}d)~u#XVNvT%b4yvsI4AIHk~H}0sc}DIUl@L zxPdqk6{Xtq2dxc?1oE-OR7mb1yi&?;2K}@m!zY2aBtA#x(BV^4dOiXLy%oZ~UkoL1B=EvFcLokhRpLt3+o|O~Ni_dMIJ!i!a zk6E5({xMf})C^{aJsj3hfQH>6lr9>b()7Ujb(p#pK)p6ZB!pf%3d+_sxZf)hq&M`e zt*1iIzwnG786n*v1C$rf!QuQ8 z@Kb~%bQP~}?OBuT0YF_zp?5mGCeYD7p0t6kDS>0gla+Nx}k%chWhHw|YvEMa7x%JPy6&dgiUn{HZ0< z)EdoB!W8qu4iW>3KrpE}VW--^I@uzj#5U7pXVV8ALXD$|0CA^I=Kht4JNNZzhCYma zBnaTU$mtpa1WYg=R0@6K{%PUtrM%D)Q)trin6jn+a@6Il8YLFprN!8>Wkd&pZmo$H z7`TU#PQ%dNP&W1nU-SvU^9FL6 z*Y^m?rcG-xb{c?YfY<@LbTyS{on>bmmPD&GbTo95!`@Kt9XphCQxT;W>9*Ohmh(cD zS?CTFhlL~EeF?norE9fyAB1P^s;lD7C)npX&sMO~dTG5xoevf#DG~ZG?{EpNQz2#|J+-$ducR9DHEhi1C<`H`DMv@!6Go7u?7aD^sk4e zfL8OAX;sG#OMUnke`Fi7PPs-&FK$Fuft#BFW$% zMkzjcDOKMYl>1&VIu=*|b86R0cw3n0K@gj#>p;=Klp2R$5*CL&7@(yk#Yn--dxJ|c zK8@|yIL7+~mM)ymr|yog#42{ocq|+NZsn;25b0v$06-yEtNOE1u||PgrTP<p`yOh%)6WaG$oXQRJqB+P6mqdQp0V)mt_|=fBZzP9Vt~hS6|MSgn44?(SCv;!s zs84h-2v)}?8SHGz!W`pt%#46#S@p2EJhdH?~{92#?O(jAiIKW=Z7IY z0DCip<7KUy(<0~$;60!Z+xBA;=$z5IH8pd5E@gf!T`Sru;ms{8AsWL3&(E;ugok<1 zf(}Flq`eQ^aUvfcIW=f$a8?evwI-fq?!N5lKB(5*Nj=G)_ zkc)6?*Yvh>yr9j z5hMJEw+x?af6A_;8~TxVCeZBEC*mk}*y%Y|Fy=l$4RRUhIY`@(;i4s4k>QcKbi96D zlOaKNS+wNw6I_Tc*Fr+b+`=6ceX^+z?j^78*mD4RVxBt`o691X^m^|;4?VSc+lR2~ z)4Ze<ovKrWsK-w{2IXL%PbTLL0M?8Ah_8ixPiQmEn|tWAL9br=}>&T6KnbEJ(e9 zoCeftC(AWin?5ZPgKYJ&4W;h;IuQ-(r&B%kXy?)`f|5!ZMiw6?`R6c~fiZO`yW~X> zK@*IzUk6X39Epr%>mf7HtTSlezOInU0oPs__0usUv$j%`EbRI zdTyGcX%(?yEZ#a>PlP=w^C+BWDwdZZvDHKaNOhFTF0Vtdu|QX?asT!+@G&zvA)=r3 zn+ooTBk!ulr>p`^&^Zo*1KyCF1$LUbb$tn^*h*i)sQ+-9d&U4mzRT?-6I(If6IlIn|;rGR6cb2K|_K)wY`7($a&8k`^#MR)7o6Z z(b!97_g|({wh&<>G{w!^opv%qF>ZEQ{p8V?PNg~^mx)1xJhULCRPkEi?L#U9` z7^^#t5`I&0gPl(&x*sI_afLJpy(sWfNXrWk?E2`j5V5gVn8zf;ZI%jekrr=aF(8V& z6suX>OY_>8EF-kfiW?B$_AN`yWuhmVxz`gf+&c2pYTH> ze&21&bg83XLPQ0I+0*IQ0%*A+W%dth3wz!V}* z@}DYjtvbEy8zPj?$sZY!*rnP|=)zGB;PX(p(GX@(?JQj!Ns%r}!u1MKy~2Vjh1A?d ze_w#jU%j**)DcZ}LWeP0%<3t;*Ny`ps_`*$Ok)lgfva_ww8ciKCNski8r z+a!ZIfRFvg5-K@04}WzH`_hyJS_0xAz+f7bpO4I6Q@k!z+355w`70?UEcK_&*+W-J z>@M31Ahwr4CGQpUHyxaz(K#2Ij>4R8TpDyNH?s8`$J@Uh6R(3bbm+X=Zh~@6QGf)L z<&0>XbtTSDW<8)F%B+>stjEO*kZFdB_F;8B^B*dk;o(Q+XPirBa zf8-tMEiwiL|9oQ42fA|EUqIa?EkyPv|Hl=Q0l}N-Mi6dJ1GD%5#trJwnW6LM(ElLI zXlu@)GSIa``u0-WMSo9sYCmbU^T`mH3kbIa-fTos;_ec{7W_#0Z1YG!{rWmE~0|yrshkbfB-Bbp_ zDD~;C)B1;gS9DfQxN9{Y7k+o2EWaCljBH0$u5RHlab4aEM9XzErG$I&mfP(CY9a%{ z?q^`+1u#KmwJqkFBS`|21u?N-^ciZiy%-o;{DN@uMPuXuD#`Q{2We?DoS9sPz>4DU zzTZ;QxSn@l8cm8F`NPF$-^ldCGl$7dsgdU@XZrjSN;<0h*KM4>0I-mo!5Xto#HYEB znRlkf%b7`Was`LT+>aPj_`}85wwppHR?Dg05ta%Ro$W&of|l_15K+6{-ltv(ox46d zPQE|3uG0pNv608oZIyl|Jsg#MR)b?iBUTKSa{F&ZA|w#;eOCl8HfvADC3KCBNm}J=!NG6gwir;Fz4ItG}uGU5rR{phZ&& zpjVdg=0?@}nb(WNvYR)74Cj*3CL|2qQ507%4dwlfw!y=+D~b;g&U6RQ|b;$i5(5ZSAps95jm`CBpdZt0=F zH{(mHqW5l0&{{^8;N(PZ$?oJPD`sCS%ImtW(0HrtWgOjYEa_oO&iW`oUnbi)yzX@B zW?BDb>Sa&fFAh)g#Jvn@jW~+60#;}>(lOgKS~ZRJ0~I~0XAiH(b!=7r(qWkH)w`yb z&d$S^D(r2ygs|uzB(coTuvygM_~SmV<9R>rm08VNTI#Uxi+%THTKkyk9nyzrxG5}n zZbPKNms8o1#6154rVWEIg%{|Q+<4-{UK!^ee>mCR&E+o?{6O#LtcqD5gj$2j+-Z(6 z?G~X0W1taa$oODm;Y__{V70Ct%l4F@+vRf|h7Wz2Js}X|N8j|sSQn69saXY1Ct9&8 z&y!skQ?lw_N6gO3M~nP=`RESyqd;mi$K0Hp+`lE0{(EKOfB!m7Hvq{3(wj~jj&j_! zuYA&0vpjyE>dHFRzS>Av$jZLd{E!Slvb;~E@N^St6qbZiAcL|y20huM^o^}fEW;3R zUr&;Gzj8@vb*9+>k3=QV5y|;yN#5yx|N1A|i_iXKZ~C7Ei7?f!L^{r1Ds#JS*%1Bn z4CVU8GYPrKS=+6gjALX6s>1wuTkWF5s~<%Baq@%9@T=&J%Ejlk6gtT`oNW14rN{C~ zy})qK9?V9bvcP4Hhxi{dZXc#*xsL^ex10U~SZ03;Xq}W_I0G$+(f|{{x)QYUNt@#qkdd@T;i~xaP8CL ztI*J$L%44bPGgh0`QXa#v*li*1lKXD8D9)v?2oVX8W`8(Orf5aD5Fj0-_uw`_%PTQ zeAzfDK`KtlTXyXVQb>Dpk^9d)&4<)<=)B>pxL!PBi8IP*Wme^>Y6tYc(|etc2Z8#!T^mE^=JQXd_e6s66(GMAp{!N4Y_NB1D#}Bmzdf=^6;ah(Yc?E zA6S){-TBFqO}iE^tZAk=6UCBKu_c$T0;`6jvZDLF0@)N zx8uBk+F3$72`KB)m0#z;ueKqk?h5Z!>_*l3r9vUw66#(k^C!Xr!|!ajLYo9+<{PXT z`k9UwkHGcFo*l4CA4voKG&!4ts7oFs){(ME2`I-B?>2rZEIRgJc?2f$b!x-6fCtJa zeG48wwkrTHYX&*5Z7!~!y=5qC>PS#|w`yp}!I80c037>AZ~vd*h0LM=7=8kv)Z=D+ z0AYio4XaR5Rr($m)q4{)UYKg0>RSH3bMdqv@+KCZpvHrvxknkt8dlmDTb$xpDo?lD z8$U2-zw~2n>pR_Kd7QIXnrIU0>x7wP$HV->;ZH(ziYi5x>D=UB zoN@1IOeHECdG{aG4;1Zg7ofhgWY#}k(aD~^t00vpIVYEp8e?=#Q zMsVH6bKx?);$ZPNl>sn&H}JqLU+G85ZL1-nI>(ieFR7g3;jb>Ue)6XZ`*re*R^A^# z9|9yqY^@p!IJ0&L^E%uP#}(HXHRho)poVZ&aW!D9-dRcnxQ^rAkO!}AEtmP1e0G7e zeQniqil2xuqNs?1#5%yUk0 zuxjI+bDWD?-mTY;Z(9H4sS3#np(+96bI6G0F|h3%8;q8~i0M&v5~>=SAC!x6i2li^ z2~aon5WCXZJRkWv_)c#p={;ZFWESgy%$4_(J(B^-?SW-zA#oIbv|{wf{UsgY->bLk z3kV1!90|p|m1a{3-Bq|4llDFSD0Hwm;e%_N2hV~;PRPw4eL=6bAKREkqfie0n^fy(B6cEWd()2dT1_K;2Y# zs;l1i0>kxYv^>@YuTMCOy=YpC1GOO;C7NpeLCFfmLEai4VYccf_O(g3S*tI;4y1YF z{*zX{ryFN>w6zb6XV?L}A{G8NqLf1f`S_1d@{8^j%#@q}c7Vj$2y4g!L^wiqV}jvs ztElqEhM~{3;WzImXDVa%BbvD+c|w78l(s3y03v%#YM^;~3J1Zjt%@_7Ro}_=XW~+n zn_XzotaEpn`#x;2*G`60Qcqk@e(;amkrCj7R$$$9QWg-q6N{7@)NiUwpXqwD&y&O9 z_8wG(x*;?_FIJpoBg1vh@w=j8b#)cq+kK{qAuu!QiS~J#>u29RIk(*rID%+nrg;q0 zMG0rXP)z^xx_WX?6(XkIC8G->8$QyPd z{Q$`}3p2by{KqfT&SSdnl9Kt^C%Yb5a!J!Y;zhfa-l@%0)UV8&F5;x(e2^T_WX%sw zT}*L!kWkXu+o;K02e*k2VWCRR95cr@*C~hD;7y<;j+;!^>X-=i8{v!igiUKcLb1#f zdN|)lEoMsaTQiNB$XcD@e4wg(C3RLgFT##h+9OM!8DrlpuvcJAc#6|tv^8rQf!l$Z zoWblnpX>EKI34RgaL)2L6-X^Ri@A8qMJNl1mtDZv`<|)RM$_QA{{GiL9DBSukKV$3 zgqq>4v2$CyxVt~m?W4XK=G7y`OGYxI=Bw#Db}UI8rR-%OQO(L06VJ*zJuDJ0PtK&A zhkgPSY=I04XW^2lJz!}wGi$veGuhev)e>H1bR%+E$nWy`M=8Q|90$xP3&`CGUyA3^Jhvp>fsV?v+)?-W z^V#~eFraWSGl{`_AqK^;e%3`ePG0#i&JQ+ZCA7WW9iFPKH>-8C`^JMCK-5@nt@!7y zS1C1Je;l>F1`{$7Oxza+_FoP&CzfmL6H$XCJEUg*ks#YLT4iAtFAy)`XP6ooQ!n;q zfi+yy!&AKUPR>2joiECu87nUoGf->=h$q7^kugOLo*3pc`6^AR+t;#$X2^#JzLIF6 zVoY64s>ryaXp7(VWnE-G3CRHu?ngZSPo8`R8Qw$>lP2c`v%}m7k)9ffm?;!BU>7i68qV}46%JAkC+#@VGsfbsLsx1^B%^^qpFepBuCB1pa=%Kec5 z1P68&TP5MkOudenh+1%S-)|4dA>KIxIgUu-&#sb5N$hjW$RC-uRg}T2O#8t|By}vBxL-M8? zd<^9L?Sg+SMv(=pVD*eRuOdd8YCJ zuv@_X1eQ{>J zeQrATu3KWs-6>fnnpT!~FY=khCMW{I{cyTq2`HBV!41dI_F{tq8fd36s!DQNOd8u7 zIF^22ay3!-fxxlezD(Qh^G1O`7rYa`{u@f+0-tL$U>1EYU`TqlbDb#JSI05MuPAW|Ycpk@ZxWeO{$XQ;uW zAWO<7lBj>bmS~@@XS;V~Wvz>YCI3*oW8CCkOT(W5bX|fkp<0oI2L}18Ew;M6TzH2` zckmKl>6_OY@JxI{jWnuvZqC=g1o?NLnXj`Hi@+Sc(crFbX>`!lN6{&yF~z<_XSfDM zOmHgYv7J3VpPRd&Dg2(EvEEO<``>)YRp2Kc6YNkVg^e1!f!>BY6Fnw^hy2Lt_}EoHJRE^n^PO1s zhc3E#P)2Yhi_u`NIg%_vbKVlpX+;<_9G26sFYF-(UX7tSWjtjC`*Iue-pAYJ ze41j})n1$dT>S0ioxD})P7W$MXS@B@;0{RnPAQfPQ}T@>TUA<#ONc$J@4w*kcD-G` zIB#0vN_luBt&+fcY{(8q|2*3v_w#1u+YJ3$I-3jJ*;^!M|keVlhtp|(Z zv%VVm`1_op++o#YPsM#xrq&0fgpIB>jgEA>hWw`bj0g0&U|k4mH*bg$A4dB2qjWcu7B3ivNL=^C~=(|$h21;si0`DW4$*R9*k=JpWj z@9_kNKd3{@H^npIi$ ziEdo{aWVg`Zkg0de(cBwscN8-?9x{KjCi{-quVpK;-1-yOYdJk-O}VZNP7)-JYJk| zTGR*2z0jC&JcSxrPy>182VO^x?twUEwoJaRu;3r;HUyK$`Yd~K(#jH#UG#wIfs@(j z_Frmx9|^hb&MJ&cW^eiIJ|4f#{#kH7aw0^&8uE3Z*sy}b;=zNMiGr78p2coS$-!x0 zoquWmKart?B4Yrdu26pZ;W;gwRIJ>l%UY&g6|Q``i*5Cc-39S%OD4>Boq%1ynjvWk zKu%8?!`hTP6iou9ii*E2Rn$8#*VH{q38=`=!MjTc?^ni-JXY+^s2v&5;%ImLKT(MB zhqNX9Nv~fO{P*bfk#~@)1kVMa-o^tp?QhS>f6?I$wVzGh=;7Y`1nvCQ+c!Y#WhB3r zGGI#T&-50V>~7IwH?{p|2j{`R2mZkl@&5?2gBmz5NfUeY%9XTj>UJb^{f32Bm|Ql2 z!qIQ4#GkHa%KgDWTwT$k;oY-p*U1R}Pfp(+<@sy8*(#B|T=8nhJzw`}l)hThjYlSz z^n|IXcOeRdO?*gsnT*ryIj#El_7?d2uoUn?pOR$IPp*k@s8oEg5Hta8Mz_5el-*$| zZGJ~LDu@9d)Yv~ycXxl1lm^C~Dz+Tx2?A`UqS;zqaB$?>F_?C!z`15O0MauMa71b} zaC5L8Rl6N98By&gvD^mdEB?T&b%{NY>WtlhR8DA(91 zsE1^uK3$Vn88+C~t4pzhuS#nJwtbY%9?m@GQ11wS z1-nlEeh_EbHP9q{tImF+RkFZ6fAU8_@S(C})J~h1kMI*@U$3z!nX;t|I=4hS zg5^j;07?@4dQAUJEMk&ZtZDtACsM;qI5nzPTKSObD@Dj%`XmuMw6GecA-axm!;Z{K z=H7RA6>hb*OeQaNP1mk%rl`w)cy(;*)As%Y%_`yR5d`V+gY@u?l0H{TH8>ivFE#R# z)X;ATpjK8BQvTV~_usmnkbqw&po>XT1P4Guzybp_Bsiw^9VHip>_UH@W_&U5UD=$w z?()+grqAe~Fb35^0CG!B3XcoF48iFWwCB#NoqTLuUwgIZtbb{JAZOcml z>BaRD@s7TypVxOi2=L|;8|DaJ|DXIy^$t-2e1-siE0F3s{@vH~aV}}{# zcM4S6>3JU8ZVL9VC4M$f$T{qQ2?@)~t?&M#vY0pSYDZgxxQ% zMpe3Dr`waYXTM%PUx1@+VkDT)X9?p|aLDK;agr{pbDes`C&|Q*PF}j}r=@RkwB69* zQN1KXJ^AxzJHPaids;zDzEf(3NeL`dHjTn8LjWDAnl5h#VmshMG27UT+a z%4$c1Mk)*pmpH0wLSKCO_<`~3`^DQIwwMI9uY}MYoTyDB)4U0T)lwRna8q>!_(Wd= z7mllqqDl}F=RGZLuKdh8C{q%Z8ZCX>SX0B@lMAAKsbMi;E#2* zfF|y^!}@%GQ}v|kTZ*xZH74D$GY!grJ8`|uRr7=FS7Hd1jz8!1;8@qd|CHRra&co}~+K>`|zafNAo|1p%2Kol1A>F9<3tO$;eC z0NIvs+G0Qa98k;`fBWxk9=>w&%J=8=2I-7-HkVnYFB(w(^GBa;xXjJ=n zOW|W;JblhbahnS`T-NPnyDTLher|`h#>Fyu0Yyvs1!t?M5ejRgT)xou`Nt1ieN>r$ zj9~MPnV-w*wZ3$3Zx$FTR#ptzEIbUHK5zm%gQ7WuxrQ`^ok2__6ix4Up_#P?ql$Dv zv5P(I=F_GA^{MKck;h(}H6}B*_zXgF&V0Xcm@!*je}e5~7|a&}DlGxzI8MP-N!wq)v`o!x zK5^Ga-X5n&kn9l6)su>^)j)aGQ4Q7$R}B#bI>Mz|#qOL7Ki4|XI+hh-tf=72A6Kbf)%rml(3g0{z_FAw zIK?QRZAfbqXjo01|6Scqnsl{`Wlis(znkb+k)*R+%3FFrM_hqX7*IGDoTmYlZwb@I zIV8x}U!SCObR1ZG3jZ3zs?wvV%BczZDIkc^-bP72DBw4!W9-@o>V^k!?zL`LRxv^Ru_^pafAbQR`V7ie(TV++BQw-csa;k|_QDptihy!Gs%%GvwY zu)1WNBK!)wZi!fViUA4@dRm}<~^xyhF3^r0oXO@sC-5G_rjnH8n^jppZORa zMVL)!!Thy?gqd+Rw#maQtwuAOTt$$cf^X%@o=T!7BcCgGhsjnEj_%I@;zQ2I`S*XU z-4?qJgmtGu#t+O^9YUH!p~=ljMGF1+KDjEpvh?_$0q>`hF9s>8w;-z?xlb&&jj`)>}M&NdnsX-Tlf4))){HnvS{G>O)v4qM;3+jSxxql_Tq}2C@{~MQu^G+|b3`mE#^Ecs%?HZdwrJ7?Tz`ZH2e8VDZF6txVpSwR&k8h*y6wvA zSo)wU>Lyu6wOct`=@{yTdyh5Sp24G0Tn*|tmwDm#bdrQifZR6EcF`zhL0&%)O}uCK z{zk_elXK{RuWd*k!E;My#>+zndMmz-Kdu7!4Fw3n1{@V&)TXecUZx(_JU`UMkN*!a{vKBEe&vyk@-$?WJ8dG#AfAisL25OvW!ZKE2|6> zFd&`^yGXoEx;_MUh*L)TSZcyQtx2zYtqm#>t*T8&7cPZf@T>6pep>1HRCRB2Si)U$ zs@x?rfLV?tZ(D>G=VC4H`xW{$B3djnN-&msm{yxP?C0a*k?3Xj(cu@VRgL{0f!fiE z{C_J0`YRT5B{CP0W~&Eig`k04`A^U84}ZS7zqQw7gsNAfh_8Ma)3ou!F1B$2otRR2_!mMdy9I=e;D>GwiutC1E<-0NVLIy1s%XiVb%r(ZKzALA#Mj3 zN&MmS&=!&vwKe;T6aembj>#sfoVOv_8b&Zcwk!^u3No>oS|I1 zTR)`r1Uy+&efwB0XRMS^h?$G^k(wykZ059prz7>2w=4EPT5S)fdJ{W6xlVE{cLRME zP$t+y>Zn$S@5RvtBDZ?Xuce{s>WA!Lv!3ZsgXm`aX3nQN%Hd*orwx)W?LU~{Or z)q(p-orZ0QB=_{_0Q2t-@?9I?Gffgs{zS-YADEPB#Gu}AurwV9IqQ5so%$71sX={G z|1YOi?sM_On=L1L@bncq)A+o6=gB*{mn^y$x^E9iUWI1vyB*$&U>`Nkt*nmY`Yo zQPC_?=cFoJ_W7+ek(^o{wJM`)NJ~c*j?_ZGl8N=v zx6T$JTJ;Ulr}blAai0q{zZLl+hpIlRdEH{z*q2i}7rPrdKk9(vQ?dULP&s_-?C$8S zw2!!eyMTY_uH8kmWx<4Z0q2snepP^(9!sVHGN(iOW!ldzT|`)CIi4#&W4-b1tXgus zi)plE^8(BOI|lSZV@vXyaFEECGo~w-IfUz~;`MG_7nIyn$T-C;5g_7)Qo5Gm-d$76+xV&I$=vwoVgj6-ZNZlsf1x8hFZJUUbZRc=gOF}boXO%#=zT)BQa$u>MV?K^KJ} z9!|fe5}YWw=vroBng2j#Rn@$Cx|{hj+biohcI(NOC;v@~??0)%{~$;PsJ)XP#dDW< zoUb38F}LM^gyf#&Nw2&7Q}0h|?}U8#lc21>RTcRg5#Vu;dTSZy69J*B0x=9T+uTNz z7)~c*MhK z2Oh%xQ~TuJtvQmqQb|(jmobGmHCupR)%=^x{>{F2uXmR0B{M6FN!&#pCcK*v9Hhp@ASLRot*z%OYD!dQ7i4L z`6W+9XR7a)sI%}Y9RB{W?EKH9Mk~3oB0<#c!*3Aet0ON1(<Y2f~P(7Bh0!X$JC$#&k709j1f7A>BuZC4cZi_MOsv?w14e+Y~V zzMt3NUZ&k)t}EI+54=r~%a+k=1nSUM6nq}S zYI+?l)%VG1n`i6OvSfex#L4cydAvziKm})(@xchtcrNFs{|D&p{t;aOs)yz#!+9ay zZKwG)=}HTXZ-Rt@VTtQx1j+JSSCK}HMzUI8)1$#1-bt=!UPkY3ccvd`8QWB2(enju zMq&7*DJX+hbgN}JgQxG-ko7(4AIx&$2zUQU`uhRr4lTsS+E zI~%8|Jxe|~w|odb4OO%lbyL$STnh+VDSR@}SbTsV=<;T`GxawAlV4n{pOl)SK*oj$ zQb^U+)pJ&u5I7Iv)dQwmf5~mzSia!A?!KLudgs1(h3csmFE2AC^^O-{o+i+=3+VLW z95qa1&}|_DdNsbssPe+(E&7^x({pFz1?Odbs1V*Zb6WBW8GCHe4sQsm^Qc$0*s%yn zHFJ#mHIEDHlNty&AGy)*2A6B9tK$`B=VgBUct~9~j_&rfnbBguYp`?n50d%Be-r}7 zZ-!lLKcdJ0DM^&PE+%>f+tVm9k}AD?7Z>+2Ju~P0$ZW$$w&c~%4znCg_5qNL_4>d|{p#bU zf^B6}GaYJ8dYh)cQHV)&#nssE0PWV9)6AFxBt5(vaS4K*dW8 zE@e&iS7ywfTd+=>h9o)aB}4HM|JgBjalWOPzymH8wlzV6_`K;z`8|htxC1IWn|fb( z_#m>WG(m87eWEsmdM5PMRc1de4x+49kR)BK=YjY)dHGe;EXopLo#u&mh;TA>&W9Zl z$2Pr>iMgof!Bv$|~d*34|2(gAIArena4LWOs z)xUYcl7m2NczD>Jh6|9`t|uV>&FN92uSSc|96<2T$$3Jff>i|XMPl(-K7B=_w&@D& z#rJ#YqO8RJIby*|i$}f7F6e$sHWar8aL2GfTTrN)r4qkDc>M0K-U^Yo4QUmbozdj)M&-`zRuqh#7-i>L!s8ape?M(BX7*<~;f~Hw`q$FUJ#n z+ya9~m1ElX*;XcoTbL?@_N7O}3yfYvotTYBFFzV9OGXuv(RZ*Zm@^MvI7=00HSJqO zi28Ix(r&`-Hm(yhK#ONVKkAB$+Y3O8hvoeblwDLF{07H48Ka)iX`hY&b$|40 zKzijH0TB1OSQF1t^{X#(Vus^&9KI$)XaDT8g43`X2DH^!-l)7s->!eKR_o|5U}bu9 za{n<1E!BVTI?^T?n2K~Z#TrziTRkGHwP2cloHM2r&f^M#5YL{iz^C?TFUulFO_1uT z>`tx31#efo7f_SJnFIa8V0{Yh3U}-sk(QqhY{Vy&F%Jd^Oo(6xHPw=GD|W^zoJ-tm zEG`cl`_^-Ly&LHbNvSY~jKb90#_u8Mzt@;-oOB(*bJt)tVjL>_s|XS>C&;n$q2=F_ z8ji!c7LW0Og>X_io)?kju|?kTG)<|S-Wxj630 zXqJ64=k~FH#Ulq(tBR3{J)xj8*iF1OVFstzjktwf!uzt$$K3{MO}DBh;ZgU(U@^O_ z>cM}ooxP(lkp%WUDvCv%Cwm`*Co@W>V!}OVg_@)J_`@$KD2cnQ^OC$(apBk2mmeX? z>y$)D;W7UXNMO?fB1Cam(Fq05f8ga~>F~sHb(kr7VeKjh79I;c07v$J(EZ7bOpRP0 zZ7RpYw+gWgEuwLsp&FfgKAjFD)Wd?};25qm14hK?$^#*e<9Pc{^HCMb9E+H*QA*H2 z^+LeGckTfAd9#&=--jy5k`t~6J&#?thjuznyRb6nexWky7D1-FRr~q?)?N1$;P~hz zC5lTHZ_M0D)(*&z<}sRwme803$fYBz(=(30ZeIcXNovm24GmPiXg*mJshwL>n(oWS z#cyRI(g*h!KF+vRG`~wbus2&zlzXg;6ppBLdKz5Fv2m6iVI*@SpP9hGi-ohoL~&!` z)m`wX z4(N~$VuaGBC?U z{HH!#ZGpse?ssARq6_-aEaNjj;G+RrSHS2AZt_m#2ltaClnC|ZP+%0C1>!wW*o%7SDkduQMGuU^0F;&#h0 zd*?jq*3zY=xN|d%*>b*YeJ2_ZR~TzBi$3+mZpnEs7(0aUMOzdV&|$L8UNFn>&J3Dv z60n77S>)y4wi!?U#?AYOy#M#{DMd8wQ|s6{cBTPMJ40M^7mU>06I? zSr^zJCQ3CF4)6HNv+Nvkz4(jA^&%oz(SzSZ4H~8k6@6opik<}OEAaHSGN9}A@TT>N?twcnwA z##Hztz-~bm?~W^#5imjBzwfl@>Et(e`$(-dj0YNAt|SHdL_SRkbhw344=C4LwyZ!v zy(WiukYq>O_Uu_&y3n<*R^zpTStP)=Yy*zj!=>Hk+W`WvhSyoKnrVZCfrdl_xee&Za!*9w8Kv#x9j zw@Ex8Jv4NtPf;m1klIMZ)!>i76?)7r6YYZfn;Qdftg5;^ArW4>%x#4RZzEvc=3bi#PZF*Faa9(wzljvMCe^mhruN}BPrdjZ z!Q!r8-zHCa)6Dh;CkLivUXLWS4Y(+5aW#om@R+wFd&*w}{AVZy(vxRZD zx)uQUniA-Z2nU@zb zIt(BNtLHnv^2JC+n3BFQF@%hcPCoZODUcj7&hUeO=%Y+~EDhK@Qlqc$J}BnlEjLvU zYSHt*a(%~fy{@x^2?CXG+yXcHm)ZK+YUE?v{Ig}_grp0@ghIsLHy*sYdlTT7e`QXw z-M}!vn6gx~aImTne=v+QqDuO3@4VA|CMA<9PxVH~fyIR)A{u48Nb+^D(NAOteC>5T z_66@G?pSGIhe)59zJK1EPoTT02N&>w7of9sk}DC3eKu9{Qu4xQHM%HlL*F)*?p@WI z?^JEOes;R7Icb-^OUeHRW2UlH_}YGb~0GqobSpeVGXpZ7||_}MI{ zHPy$|%ux&gBSah`=_PrhN71#uHwS9A7K5@a2AgELcYP}HzZ`rzH}9p;?SYp^gNgSRO_8Zv|Z}4agtO)lcITK)g zb;|MyvoE|d=j3AVLal?(Ms*Env*vk?F^S+$CNz>??0P6ATjpSqeLkkRe``&}tpS^_ z@j_WN!}G9Cd)b+ip@!i6M9;zxUv65top!Vi;qpt|@nLvg;exK?D*A;frZ&WSb5sIX zOFPu5+Ra=mF67_e;r>azkZqgBZKIdFPn%pBqAFIlIGki2dsxY&jwD2t(9ZRV=h0HJ z<4z;pjm1yTz;9G0ajC)RpG zp&WC^M?0K*ce9UeTeQ`y|NQX`8~*-Lu0f3vkHq&-N8IN5cWKJeM$zGAt8L;(!%b|3 z-}a$|V_pcwzbj`OW2@6aj)|h&+4!8s6N_Pz9bIzc`T4;Br`$KD2Yk7egA;K~v8(&& zxg((*{+f?(#FjhE$pZrk7-3Rr9$}T$saC&)WXN!6{d|9229{yV&7)E%u#{6X&<)(- zfbtQGls~$E#k4;egjG&)R;{X>h~v865V(QwYumU+gw<1?7c5+FO!B;_xF_Pe9c_KM z#y_;(_+W#eLzsV^BIV0IqlL6b6(G+`qv!w$s`yCuc?o&lqA5q#vX2M1g&RT6h07`4 z78=`;z=Uw9w>&ZWF>chw<1GT)46sWS; zqc5n}8Mj(|UK#w009aId3#DaId4fM(#z+st;wb|o*i8PiWvOOncw1fyyRo62yx zL`PGK`t9n$ZL4(=)nAw|^`0T?<|<&0VWwEy#Ov%xFRWZ&y2jFTN-^hrb$GsJ3V133 z6$0_LUywg}_FnF3Lp8oO;;OFq=7eq@uMtfDe2l`At)_2F=t`RZD(lO=CAwTn;K!iy zkDrUP=~~#HIxqP6(^{CuCWu)eK=6ZTr_(B=vO=n2S>yRaL9=qnsg=d!%-ip9g*2}( zrsXj?tv%7|KJA`;e!#HP?y%{Q`p4R_k|InZ|DIVkPMY@U(h*?7^;UV*aXLL7)$$;E zno7Gt?2BjV)t^LF1MvV4a4QggUXOpk2>o@X{ujKL8I<&m>6UNI-?w}L4L_sCzi9Zy zPK&n!tY!Z?V}hN-BukqymgI%%-x-{+{VtLAc!0i<2z^17cjXgzPK;yAD-qwzyWn~b zHF>D++8(mY(a>Vdl^obbdL_kRa{~zg!}3>;ZlEG2XlcOI76Ol6vk8+h5j^?&5U0H+WN+~-lTw^N8#mv=h)OIkp5hQ{K-`^bL55?nhN zOuQ?=vRpS@B+?V35$Vhg)Hxz5JlI?mfz!3+p^g_9$FEG9m8MCzDCLJM-T$(9zm^j2 z28|;AU?V!iW@G<+YlWfJ&q9Xcpb zA!2s3+6s#8-dM3jM&~rbV7pS-`}^xZ)Es&mdTyJ6fhW_pN+yr=_eoe=O<`Nat)X=* zH4eRle^UbaN1e@WrW;LdH}m6kyN-uW_D{+M-m$w*{2Y3wsmb$L=pI=zjB=6QYJ@&8 z6<1erFjO1O+C+|$wA4{~P3uuHJ>+Smj4Bx%jayewEG{f6D~jq^6pG#3o*bpfA$?w< zM*P$WP*YJ+^Wm0rGn342(={%~AxSDROSXKf&zmwSTBdc>8$eRixPeS0?NIZ*L{W$D zLXU=Kz%@oc$3t16%`5IUHZpGG#k1Feu^lUe= zi`QQptj1o{l-AJ&bX#_D+_12BVO+e?Fgkas4*$`-s5;x@?j@HtaOk3^$u(0m_!dMG zy>O2&YI_AsW~@h|R|G4?_BuI@LD%7@Ze!_})I13n$&SCTtDLmg9;sxD^HVWi|ZXxqq}HcU*h~h^QH7BBLPe9OGzK}DsQpf zu%K~>Z0)NDQ3VBfC?04aGqmlc zq~D$DIX95|Gj{laqKUO+O2dh;8p%ED*^YpilHU*Vo&8U)ia7$VL*6x$C2e=RV6U5HHg|5{o_?Yz8oR{1*aHruJ>CHD(@$;Yk$o{>jb3GJ zp1ab97gQ8K^agpvt<}kj5k+TC2S@e4!TeYk0Vkix@K-q$3S=JH?-fMRXk4Lp{$;F2 zCJ(v1Mkvv$Pd4vAG4=sS_jdt1<&WiGMW`T#0Zt{}+6rOR$Y#JjnRj=jUliDfd_rGu zXl5787|6U2nMynsoFKa;MY%{dFCa-Rm+BL}PP!k3=FXhKo-iZVczH2r)bG$53(jEg z3Z#2rV3O;+jq5CAOTy%=QLKZlQoN>+aLns?O>0fj9<1Fm+TXx?rDYD|!K2Y?0c~`i zq$F3j=E8IJ1xxW?vw^^HjeGU4cMj@_Xaaqd#nov#1GEg=Pf5U!bHrt57i$(6UHZ)I z7c~+r6KXu6$M=yyZv=e=iZI-=R%4)}waX;=t7s>wlUtG1w_YC%W-XFvL^xZk|N+5~3@*Zv{HM zxaGaDXy*mXr>z^Lsp08N%`7bZV)gi|of3rn{DKfGzdhGAIBq0VCy71c)MsT<*q+_4 zhEy&bC1?q>};^)eTbH z-{uLK=k*^^wp~9PQF$*pab9=OfbVOaE6c#(iAIi$8|{^LcEIT<15+hNUtD!rtYpfh z04W05<>m}z#v<0@+7|(7Pp?&td+({qN#!+T%+=}2oL;noGoCz;l0`&k= ziGMt`s|<{NvV=~<*B(s*~%=KL&_u^vKtEQ1)EAjkP~la z9*s?V0>TWofeTKQqs&36fr+d-%$|)R=m;>6i%Z1QB2{1=Y5sK;{TGC)|LR#h zw8(B1e3e8d060VJVNAdRNG?|4BuQDenYQ|kiHQqp&D&GPlN#@E?{+w0^ht%w^&tLjd#b@_wh#onzT?@w1;q2Z;fF75UA7vL2pts~_C+u=2J=X`-D}H(E0?_|>oUNR{rt7_xbLg{xeGqMGc`U1pB88rCoBD)O zG-j1ACN`^WVWTHKVy{J7CC>D0U5nmV<>ct6(C)Ksa4XzPXhl~fABemYj_;`!J8O7_ z>Ui`1y_*m30tO-J;%~^ISVMd+c9iKRTY4hRi_9`vNU_`mL~!=Bw;!9B#<52lC$QY~ zGgOIg#9>mk@AlOPJvS$v&(DX77KsLrJwD-!<3|bl?WJKbe5A4ELL8y!an6GW`WA+r z^5<<^9)BFw7?kJ}28ny{$?d%X)u~Y&sI*oTgA6qzr68*-WDvB9s&+b$v+)Lf)`yJr znZPx-gMzyBHw}yAG}FE0<8eQwu2?3WYzG*f)X=VQU_*Nx^I@%qRMBC#bv#_^a@ zk_SQQpCN|^Y6Q+jRBi=->MXl_AwYB@l+65DBP})|anZ~^6_JD+k$tv49ODa1H`e+( z*sm2)bAmP=F2|asQpFTVt0#Glu>ccGq8dc^cVA_B?ZPkXh4Ia;TtzSM<&0j&G?T_8 z^yf6VcctVbGGXNijWJ6>yM0k7xVD@$r)h?GZ)#{OV2__b&iyqF`lE8af8*yW$Bp9s zrKr54K2rN+E-#Cv>#1RzAQ#OP=9WttfptVZ(w z7BlyalQ zy8Tz?|LIjiQy(0qV7CH=-t-Ewu%!x$NR&)Q>QcAcY4*iMA4;F8Pf(12L#kVp7Z9nvSkx4X&4%{Hh#2TfRCZK$^zR$SWRgqs zMu?nmO+!;kfCX=v{`|W|Dn_(ncdnyC;~_=Mbum89(!DHiP1g=cEO0!!IDXLXB{etH zi~PJl8^zT*FXe7VahB2n7-g13LWhUB{HLN!jKxkoZoF;H#NUEc1t#3=t9YdzV-Gmz zb01NZZMoz;oOl1V(xS2Jp(4)_&{s&G@Gqz81!Ko>%VZQ;cDkGGoL$xd?%#RXN})P*@OceAK^OpfB@}O z>-{%xCKrdZ(YE1Qp8>P=eJ}rL(9OM-6K$0}gX6iDwy(|Ufxn{7y=S^B$5!@?3uwra zyNPU-xQgvW)>!@VX6Iw8&Z2^}yF$eH0bDYhr8he?rCRfgY6mDr)@2Pt4L^gT%Hf94@rr%XycTBVOt=8dtD^5n#6zK+8 zSY3SQE%C+c)Y`Cg#gwye74%gPPNr|L&dYJ~RDyfByk*9;>P?j@ZcL}tZqIPg5t5BA zai@Zw`$6fG^u0zCVTi|74TbxW7d_R`K6g*AWMGVa0E|70Hzwj6QwJ)hb$Kw)Ald?y z-q{Xd2#=32OyrOLtpDlvF~H0JdY+O|R0QnCzmP(BVDJ|_8Y7$g`eTZ^ofl)DcLqrMuE%a6{|HF$yK zU^H#+7aPv$*wi|8qwI-p-X)<;X`!>nW?RR_P_?nHK@lGZby9NL5+U|WyO0i!A4wH- zz2leiu#;~)d+#YWlX@`2fXH-`On2ajKKpY9|BwrXGKcH z=%J%uk`z65bAWqR)_rILa8%9emzJ^I``H^FmO<1_z+IPje*PJ!4LOIs3-cFGB>4{z zVe`e`YqL*Xt-!&95rbU*IKuivl)`##

=>r(&3k(557L@B~$>U_C z!}PE&x@d|L(}yK_yIKe{Ag*VTsh$ADRp?XrkwV=5fWCI_;Gm5wvGS|it|tpoKS?y0 z8vzj4LzC^%jN;n+lZ>4Hk9vr&)X?|I6WNOZ=)T>nPh8GU*DrX}rkzzA-icVVQA9hi zdUND2v?OIuKsW&)x6iC&5sh)&TrurCh=6`Hp%V@TNydAx!x1KdNCu6xF zjErkXV8*=wG?f-#ke7f2qmb0T@|Qi1)aqDTFTdHQ){*EGG(dTt?VPAvF4TGEvg+cO z3mmD!91{|c1=m0u+eiSl|6b9+oC-;&5BECDl{8Lq1J`l$ zvR-Y~x&eiteRRHQ%N?B?A37EcL?hLA;&h|qq0o3kYniXNJTU5*@dIbtCgLU|&l+tW z2?M672bPA&d5dQh>@EfdSXLwg=h*!A@lS-3%=M6bc|S;=tY?{xm4HNn;Ka}_KH;WN zUV8t@Z%h@hB6=#EF`Za0&-?hg3LflN$urjuyXehc~dfKj`}Zj7j`Y z9rNEx)$n_?k^X$0NCo_JQ#@60n5BE&!1<%b-A4AcDCkfkmHRQKrJo|R5!#Jt8TEx| z8rDE9y`FkEY=48I%yi-E-AU2UU$;5EuJ`L_hx*`Fa<{NMM}6aW_4qW>S#(=RfqhyD z`rZWMT!Q9p`m19IjqZ)OGk1tf=4&!7k-CkS2r7b6?_v6x z2PfHra?A6er#;~uLNs5e5Fz}uwU=xA;{NnAKp?U`)Yl{g@gDaDS-{}G9u*!sG+*b+2`k%O4TQTW5|yghPj(Is>r0OFSUL`L*Ui$fu;kAj&h8naok z1gZ@EZPP$o`8&dS$Hv^q(u;w52&=L@VK1~LmQbxQb^pGp54`3S#DqP>+W_uN;Uq;+ zG)6blM~k5kV!=rk%$v7LFEl}x2v?9i6cOz1Ru`;MgF$k;JWL~l$~FlIWizjv*B9)} zzv;2&jj00i2TQB5KT8(Dm}&Vw{#YLU562&YnHJ+M4L~Oi_xCz!T}ywXla}pIDd-gW zUd_E?uJns<{32LNrW(j|bG z5GcSqOiC?)M4KtP>ML*>7Bbk{0*JVF2F{4{gt*-a3a$F1p;}&24M<*Obtwr#Xgit` zZ%`K>CuUmV8dMsrdJnnR)|3u&+EAkJlOhy#f_XfBs?Rj$7PJ`T2wnH`JT2HP)%hh> zZtF2LRF)<>Dq#BF?oge|tR}6!9iiONWbf{k`Q8J{K*esQk9|)XeLE@Jsq)aHaPzo& z`LE*CUmAX{`DIl!7q;fhVAiq|8z5rYepnJ&IDaZb@ z2bg~AGsYiz2f`Wxsy~%|AWjz}jkZh7gBfN3>=5480 zqFuvqx0Gx_I>E-@m`cP6$`>1Ztila6eZFquXr)*@Z@j+|w9i_wZyLTIuvIIr8@~n> z%rmG*?s$@>GH;60>4EY1zMW}3cj%fB;<_vj*9y(MorAMH()Hk>bA9#vm1IippyUN0 zeh5R2LDg{^x-7SKL9a%Mx?XC~?mOR@INF}p-`sGYU^@d`K3>u9Cvw>B|AAxJ#D9o$ zx@{WU3%U&@se>D6F%jdwPns$6P_%vIiZ89NfoQKhS+Z}~8G6~akkRq_O_iemsiXn= zX-;YeixPlm(qe#wG+l)xoO5{D@{(k@kIsjkgH3KvRM#ZCn1z1AT*1gMBVR171EV_V znuqMwh5g(gC`w5m!YXiwuh6Yd>yMzKw|UORt_8MclgpQ+KEF5Z2hP;w)z5gJA3X+c zL(y;)8LRU~ygqQVqZX_pV1F0Tp?P1h+Tx9@H(Ny#LB=i!V@m}NZ?78}XsVA$Sv5B9 zQv~}$p4K{~3^$ZEjhG5+-!SpzLb^k+P{zF=vgtE&m7=u1=J)skhh=1TNvwh%ZHDV4 zO$UKCHc@@oJK)fhd{-`4=q&1T$i?^6XYd`%NF573f@BEClT)nO_kDx+bV$*aldu<^ zHrV#Nys(Vz$t+uEWPmy54)}&=&EG%I}udvg%I+?AsW}n3S|eJLlZl?3Wm6 zsYrB|%}UO>X?qf%m@RgyUPmdrDfo@)tA`pR*V57kXU<0sM|zgtJDnCjY_JwCB383} ztea<3w_jIPmyPN`6grsGn==_oQ)wA=Ivqf#%ix~j){d|p%>4SyZX+D&4SB!JmHMJa zuU4vngTC$p?AMezMr;gjrUlCS=aT|5r?Yxd*E?dbL&_!c(~DL#1+dqgh`0^gZtO>} zoTqDFE`Mj+9XcI;NQ{lL_V@`jt{Ye4I*3V=^QyRV@ae6o(&VT2A{}3N~D7O85&vu?&|y4=257{sOFwEtyx0 z^?_Ta2YC^6d~}u<<7M14ELH88)}sh&ArRsuCr$nik3_WpnuL5!iQ{};$HK9XMbInR z?KY|;u|Vn}8mjCpkfQ4@u#KJ+()l{m*_@%}`W9>bVgfjS{Kyj`X8I5oU1r-*Y`shp zS_?KuXT8O4;A^+;21X`|y&Yn#)Ot40pIxP5@yRy38T+$H@XSz+&>=ScFs-6##|cgu zzgGb9*Xz#0_tea;)9*TAix1{Pg$rV@00Ls(a$?9E`g2`i=^1Drgnj*amzAWgSt_`~ zo7v_YlW!D83PT9S?OuM}-)poXe3I6Zyfoc4mBzgZSQ?{kfYssHwq`Uxkl`CwSG1+a zC$SLbqGJ2F3PhTd_05L9#qM50)DXolM<^W9781p`y!eVpF`AAJ@z4Vf{I>{b9X+!#8+CJOQctH9%OQ>cJIYtJN~x zG}C5VUr$>bv7n`sEefam^2u~7@jZ>jXn=DCHQ#pk9qgbbs4U2VYwPSQG;OC*cQ*yU zt$n<4RBG}*G6Z{xxG0s`7SrOPi8xBT2yEh9@U5TS#Ej#p^|ZossE^c3?dwmu%xJENI}6yGN)PB96kR}pv2?jL&B*s*it~||m+g%7 zL=r_Ae*oc+&s66#pv}cURXu?HK)t&BcGBfU&)NoT6Y({MCIc{f)gQo1GFte* z#KVEg|12H`TKK{($&yOI?{NJ(qkH`aJ+@Ih;3nPQn2PA9JZsGM7sJ+vv_^F)hs>`u zF@M;(&C=I!X^LX7-qHp=Zxlh_vUW^Gx>}`+>04<&(DeOG-MC*C2bkzWA;v1Dv3_In zyFX2sBBVWEFEq~%^}EGP!MM5ZWu7Y(0Rh44MXUsNBsS{Ganj@WoXt@k#|_t*Eb`bI z1XnO!v2;V?`O@@S*<@;lI3s~w2REM#`H;Jc{XP`DZRYo^2oNW|qYz;f^k87*jO4lH zfT1LyzMULMZmsx8OG~hb=P%wd*+MwHKnaIr!{eZhh~r=NKLs4->`vRPgLF~MbIf~< zA#;qtl+d~i_<$YB%f3?^4};E`&5x+QH@kuyGT}gXV0E2VV*7Q)CQl(h&Emsa5Lvh- z1gpWlP|4`aBlLBt6)+5pDrcVC0xktwhz9>?8uFihpX-(sQ2UAg``Qm~>Tha4IeukJ zqYdAoF=mi|2#rZHT-Dl=5iU#wDmlM9`u_HN7_$Ck#o|kE_}l@&Jw$x3(D?efS7amG zQ1p;BM9dB;CbM-6*m~bFyS_FQ8Ppo=pnO);la)ibF83AueA@|LxdM zfSMwKBu>AaFF{+Pok9n@8c{>UsMs||7VWFKTJ^KJB5)jY4W#HGP>-NWy0#7ExcHV8 zv>;q?(?tu7=Ou$im8=mCk{EL~+bfR&D%@v?2e|pcW7ttibla-^8uNB3l3MDV6z$YA zU}IeMeZ+_%RXz;49oi~E^< zp};uL0K?C=qMEk<2Z}a7^POxWq=&zVi&-}RLvgWT`JpUdL4a2qAcXuoUhUb3f5WTY zQv)brL>RSmOB5(Ve-I*;1G@w?crE_LP*wp#bPAi?0o1Ba|=exE>Lq z0ShOkmU0zC>jB}eGweI+!tV*x$N?L%7asT?xHjh|O}~R3g$m$s==|~5AHE)^ui*fo z8$1h0qHbee&XLV(C(-PNML?x;<|O5GGOY&!VI-ZT9Ub4VjAmNoCR}!3-cU`H$Vt8y zXyGSic#N$cYh-Zo{f)1zY}Ht|WfP?_5DnM`18r~H=nZXaM}QqLr2F>QU*^C4Ss63h z@M4K-H);ks0eJxdKLJx|Jw-TyZ&!P zkt1%+^#CIZI9XnEo5s?3Wn{^`xJW7Tg&g!2aj_g0e0$5`!p3XzlQl`pO7ae1$1;7I$&$KBvDiW#?(Seq%CEVF9Mu#plIH zMk7ZOqM!#8AGd;soK!w-Jre%L)bGA&fLIu%-GirUknM!G=xO8T_S(_X_ZK5*kPE=B zTtL10J&PG~9(zx_T_kT*MM=5J$wy8_dFlmn<1PF+RFB?k+O~nN=RUo|*5SN+YC8WD z1t)-4#R_`bXi-^Sv$OeR-3E4eX$##xD6HDiIIRZ!HSj&9ySsIa5ecR*tDrW}A#ljM zF^E(5>4XMMjI`7`W~hX!Pda?dT`CyNUc^#*JAGF@WUiOoN0qycb(~v0ppp((I|kjx(Zqq8BT=~aWkKO5 zpyv4ei!Joy<#z1reb2Z>C#vq9CzJ~?_#Q;D-EctBY5$N9Zj=ss=#pe8x)hO6#V-ad$SlyXb(WOV}ZfnbEh`Oi3 zXd3ohV1z_lPJlp4Z+9*DII-SOSKh<$=p!U9D?K$3^0d6iLtAq(a+JaK!+F{ihtO?~QDi`b6|q`uil z)5WyF{Cl7<;>KfGFsi8PxImJ~AyB*1+B(tVg(qc z1?ETp=``v`zyH5knzs8VedC|7h)B{N>xsWxal(9%{jskz%td9n;s(t|c8qgfenI@5 zwZ&l*)y*g$6Sl9J2{g+J6U>z5=^7u_;WDMtZ%iYm^t6RCMQHy-zFnW$VkbkTqvF9v zb>PgJ?k-YZt=+YtRP({)2QQBsW0%IPn5Qgj66vi7k+K1iVqfR9mL-4SOMLFhe`cQPEzH42+_AeEz6#;u`bPxAzHIuJzOvoY2}%$)!o=%Smg3~iXP+7 z+dwGh+_Hm$oC@)I^3}(HUde~D8@D$LN6tkR9kq1++;;Kwg49BRO`*FBX3$I)bRQdlvc)E&nNKdpO2!;<_P$}=ql*`vP%SAndYeedV?a^ zme*^q>))8hHB5U#P8p>0Tp!A>SiP&V*D#ak%&?B|>>A`)#c9tlxCK$PHvV`>QJwpH zopJdrc95jtHzq{4Q`;S2^lQ2!M9ejfKU{kel742*M*Wq;r8_Cn&5Q`+(k+HFpM~~P z)ajk1hW$kI5YcO;rERy&B|cG+aHn+y7L2uO*-LHXAjMv;e(Yq!vK3LGsWD2ywqjMC zh{MvD1sO#R@=Yja7Qx)mi*|}@f;5FwrM4J3tr*<+cbL|nHOW77+_pLgP%p^-?|}t+ z*uMc56!I?On16@|*FySxxhI7Ow87lJgw3Nj(9&LG^WkWz1r^@L)eV4h%}q)E8xz|# z@f3{056(crNEY&Fk!k_0UkrT}I4xeOX*ZJhl zE5mszg;~kFD&|T6Ef*}~H{Los!T97q!-EeI1i;{c z3Gu&UZy^6IdqV<4ivE{C+pz5)2HMk+WgQj4|27SR-!o4AC#$dmU=!uIF=)UPk@?Z$ z&DNvwldX5|S%u1;o>%Ry+!lVV!3O0>cDqD6MPxSZU$}LS6h}9;#73e>Ohck{C8+P4 zkui)TRgP3Zxeci9kOB;sU&TH{KSOJmmUQMMc1ZXYdkUQ`T1u1A;?{a|?r!|28B_q_ znn0!X*|YW5gM|gj&dx*Bw)RgVit*BKmOT%sH7yRtwSyaBMFd2MR3&z=r)56aICeu%5uS!>C%EYOi1TZR}H4ju7cVyqqpkqNPT-Sm2$a z?uP|vu=nN*xCS8;zX0KIEb6bDl%pll3ED9pTd>HOTvCs)%joFiY5=ciML<7Xf|R3E zZj5mE;H2xC5H~gjxA4mlZL0G(rd@(W_elyYpn@~EBYD>=bI1GT^I7QXWO;$> zs(@jn!T{nO7|CBiio>(!W>mkLt&f?>uE@+}BumZR6Cn+hS>1BaRL<;f26aeGlVteVE%R z%;(t+RNoT8je49^oZ#8s8^mQ#kxNQ`+aoX792Y8m9duS>^Ob>JFUsn9@bHi?>!;F_ z^p2*C(WLS@OK_&a=E5o@MN3Q}HIN__4-h$v<5N6dzd{ zaH>bzcbUx9rhy$R)Ch~2cpv@C34!!{A1 z3E1J+G;8glcbHXgsctGt7KmilJ2!zsCIc?f(VidI;$xKib!`Ig{@%RKY5P{A%+4F+ z*qh;jrM)qlYKq#nh&*}|od+;IZX-RBr(b;Zwbm>+rGbeZ5QGGuO{6+amo$G}i*w$g z*10BrJjnNa5AT%#-SC}zunE~(bYug;QtA>2XO1(OTeTd{zd}kE>P!)k!4gO^?-@)U%-sX{}jyVJ-G&% zXDh%X?P(~AE77A@SUold!ai*@e3W<~eKcFgV`xS``iM-h%^_f72TNCehfP%G|3Z6rpm4XY zv8JZCHZ_*2`?~E;e~P0dHZcfD(&q!7GLmG@EkHnP=Oig)qx^6!lm%w@B^I8U*?US+ zWba0uOLF^7RbF3PS@K!SZi)(A2eKC|c}GC{?P~{O+lGavhT_L!0rRvSOI%flPA+~H zpCGk~&^w#Nt&%X}mJos|1`CVndxV*Hs)yZ6TeDM>K4l#*6nm6m0tD0lY62YAsR-Z7 zpN-j#n$h`bFW_Q6bG3!Lea%@>`YryG1wNeG&_6grUm33U@-Qsh`oebNNZWM1m_0AfjPkKI;4M3Y4(5f*#FXg!_Ur1|EZzXoFpj4 z2d;!3z zaR^8VmK)Z8O^CNq5-F^3I}khlh}2VAhlfsx{l-~n*Jhntsz*Nh-q5cdLJ-35lQ2c% zH1y-@?Y>EEi*q~K-_!ueg|b3t zECIRD7m`BHvI}agHXf+koS=n^gitH>Pc}j%SzK|P)9X_LKQ^aj+>MnlpCBJ)F=Ld< zr2YQL<`k9<36lyyF9%TXzz&2HK1eS{`VYk+%$|b(=MMLGmkTMiE7q=B2Zs zg~?5u&<@FVHBNHh>~FUT`bXvEHat3phCb(B+I}wl%GAE+$wCpm+cfhdhbuj?4KVIB zf2z=yTK;Qn&!r2G1a7jC9r4eVm??ey;v=(*;1izJFkVu|l8JS7FG!@FZP_eQ$#dQ; z3Ow%=fEkZhBuFg;cep12RcVk1I0(}+H)Hpea<`Oa{^a}e;VdBTCyjk#ME~MLNc*Mz z$h#yQ#nf&HmRxH;6E>y!Di}od3Mj!nGs1(mD@#9M+g{`45+~{YP#zZc`FTh#TjGsR z$a1LHXua+_bulh{(}A)yQAF2)h1Hak+Ld|Ry?EEF!NgP-kCc(cq(fanYgV%q;wvJf&P-+1!t4BUp zXk(K-Ur+5Az|T7Zkfl}aJhW#mljHii{)ZZ?7R1icw{6u@f!@G4a_asKC#4AC;E=}f zCgkvizD0Q9KKz0|e`cfj#zXqPUCVZGgApHO;MO_e0$rBJ`gaSedUsKpUIHP7X|gbSSGHj|D+w=6!XsHc{5R_+SMJ=!YJo?p zb+&!=2bxu#sNP>a8k+`5bHo852v=>VigAXN*AlerE#*vWR-4>G@gO9PySrl ziJ`+oM--B-KMy>Uk#UBJ{}I3VSX(bJsUAQTL~ukmY-K6AvmHEXW>GU4T6Im8zv0c; z!$gCN=W%_Uq;E`Ix1BhHH?AY*&ym*w)uS*HM8KYf8@0iKFV@vXLs!VariO~Z75)P@ z>emSQw?6;Bw$Wc&4Mrseg%t&{O)Ijo!vwiN<3T$Mz}s659&}MNPKtF_N`S;+LqV*I zbauEdPMOVxYoPy{ZEhrXqTm%?nJs?GYG3d4Xn^C2Hw^`V=^s&#BM*}#n+fqDyJ?qd zAk$m^RZ+fjw?Eqqk`KKZ`}ld@lan+G#g%cRPvgbXUPNr-N~MSrbQxrCIX(KVe-L-(~c?IZAto_X|+sl|QN51B`zADa3O z%5TVM!rYus=&-h*)f5bu=C&}tm3fNEPjPpdfY9fY_FUW}nGU{s3&MHdn835sGu761 z7n9NtZ@o&Y(4oCT-f4z}&=2z5D?aV&iB${HyYbXYr|Z(bB3Fz~j^|6My`s0WVz!#F zVQyFR*rN$)PwLb=gXpmtgtYHoUs>-QZaTx)Hqd5QL=FQYH0qY` znZIn+ZGE0QsyjRz>Y{kKm>a`&r6&S-Z=ojL;%iZ_e8Qlqt{Qx2Q_h~ethO&Bnd#&R zlL`~&E!G~r8yu0?Mkt-$7<5b!uFw#748Rn<9;7_e8?Fe(0JQY1(#(&VD)J0WQ=vZe zA&U4q87&w`@J+p^mX8D{0)?{~(eNKJzyB@o`R^PkX#YuU3!@J6=WBN{3U8-o&-;dE z1M{J#Z}z&|`>;lB9@LT-%GFA>;1byPF?`SBe&l&bKBTI7$q#hc9kl1OfR41@MvKVk zR*Q`|e~ikoG%Kw0bjrwf@vZZiD5MkQQ9Bhza+yh0$1X?Q0ozT!r0zI%%&RaZ-p?hO z?~#zc(3s*%-rb`;rz`>fSt_bzL{gaE)UaZREJ;r(Luy)rhVxOB_3?7dk^gOoqK9j&UlT!Vc1oS{qwdH9d^W!oND?%HKrHX(0yQ?BaZ_j9b z0Hh)=iElS}<;ShL^Ptlve&a4JX^jmP&q2{x%u?1#JCT$5PTaTitL`3HOv1~x*&7vx zqW-X{*b*eOXLIc^6Oj`gNEJj%#-;au@_hGvOnD`=oS!#YaC?@*vB0(a^VP-CCv_~YE%s8WifRo-bB)Ev^I-E5lcM_%Y_RoS1T+1;k*;3y29#-yHuD3uq}p zOdeBzvK*x9FlAfPvlxcWTcc82hm;%7Hr1x3j}#4Ax&^~R&>*Vfa(uNm%Wc#RqEI>= zbt_H$$Y^c!PEZ*0^SnaR~PT4AZ$TO(+AoZ6?s!@4$|D(T1VE)o^}gc$D~&Z0)2uDH1>4@@*$vlb~W>*FS-OUZ#3~ z^WkO(w@4(-n~7P?fNNj!Bc>gJHGrz=?SsMA$(**RK?W!DK|^f-gCiFBy&}90dji^j z512_?Y^eF1bz0EME&Xblmq%C_HvS9s1c0LKo8IqbdqY$C1?$NUO~GB4uWQR3e#FEV zuB!^oh2%|D-=TAoPAEtvLl;_%>{?T(heA-{Od89zd-<#G*Se^|HxJpfYVCp3y2=GWx*$g^oXU}IR<>do}`8$o1LUwmwzOem0AUt(zUwoiA zQGF>B5^v@_1l*+yzlM+7|H#6~zv;98-`GjgqrYuBFl=DdFE;R$+b=fovvjzcSmXn% zLFsU|0_1r-2yw^}w2Lk>8-L)F2~Q2OKR+`7&;!~ye0W06=i{w<0DO{c6Ku5R1U*T| zLAM9g1K3*Eq)H(oB;aYZ_wDx8!Q(qx3)*P12D>0LNtk0tFkj*43C~_lf}2VU#G-T? z*P@&4$CtjY%3K8%rg~DZP}!5-OcRwfPP}>`Y+`)N@4TN9yAEd7ZS2>Db|ASbUYZC3 z49}rnQfc)=lvVmn$KK7!xw2CtSYUpj4KH@s+x$}+^U>SiCu_C8O)Mh?dk z%cWS+naR3%Q)Y;JasRcRDa>lSg~k(Q2Ldc$SSXKZ|5Pfavq0%6o})cJnH1JV%?VYo zy=4%v)2PlBz59CGnN7=uJAbuyiH{nZ*(8ZR$y*PSDokl_kdB~zaJLSd&YXUJ@wy)3 zH>T7XyALA$V25mNzB2oC^JrAEt<}J+DgFPj_Z?tOZR@sCR8+c(bWj07X-Y2vRHO@t zN|BNXNN>_xASwz{BOo9kpmd~!-XTgaLTJ)^?WG-R#Cob#V!{Qp14F!)w9rb$M}FDOVY@+024TMj+QIUDiN|HqmC3XMOsmTDGf zlX48LpRopeYpD^kZz)aeDEv>NDsS3ST59UJklw@mFo zRMq+CxPNKmIJs&tkv$`zW)Ib`uuaGb=&1I4PW|H6)Uhx0`*1e=3oX9T0{x5W#v6P0 zcS(EZeICOECU^Z+dFzMM#0JBGQhC~ySmtJ=jFGWX*`oU)(CPHz3)yqN>ww(S=e)=L z3EA2cTDlYK$-2K4Z1#|+u3?i1BkI_u@|xJuB)ZSy1-iq=Z~|{r$AV|**p>BXAAD;( zd0$vn7Q|k9K!XXHKJa8|2zI1}+pHWjuXae6+`mHJb8PW@(0VWda$-8jQYtufaO0Du ze6KuiZ{FQ&KV0B`x*Jv&@!;iY`zPTe09E~@7%r;)8gLB(t$}9JQ-VoFfVI<4O^ILr z+2ql`^5?fufk3xEpsa33{CmpkkRT({@3&LsEqvcmQn$YY$cHlilQjF-(LbuJ@TV@| z{lX>u?vTa-G4zn7_;-^mFeYmtB#rJt*YQ_a4aZeR6}!n&?x~#fR^4XZlq7Z{S9~4< zUQM=|RlQ=io*QdO6Ca-tuXkYQrc2kC+C4A7xD-r0ewc-_G}fDv4}Cw(70Z79dzweD zBeh`%iPKiZJ?3V2^6nc6YLAoq;6=f?*z$}LpM8-%G__==% zLdRwSrwF!ppQrpR9&&smG24b&_OLD|ZLHJW$NEaAqm#q>g+i6U>q{#NKim@L^j0m` zW(l6l2aCfn7HpY*t{B;yyj{!*_u{1I#=J8O^4r~hz!?tOdrwIU+Qy#u?2W*c*{F!A zMWWQp&Lsl>BR4};hgy#1!o!CRq7pY+oE)!oT=>i`MH`@}%S4&>>^AF5>HbpU9+C1e z$L}hU#&c(sDWG(^b2v)5&e`mirfPX?Ot~3){Nx#~qMHk-Cw^37EIiMN2#w+d;*_*E`(y zy^@sylDeFH@s|<%KVP8|#HWX!<<7$xgKcG@+RXXYjF(+~rDAN~9=_^Kd`lg-ecI0X z^EjV$sfi}I&s`ZpaqLaA&Z8Rz&QVLTyL-t>8lvKu+NOqF?YrsYW3P2|n7E?8fSgs4 zuSue$0h|HM1#dfT6yoOY!aDNxez)S#;RkjuM_lWW{3~&1F1!@BTJf-eNHwzw!pDpV zQ0Qy)D%v}8s)h)++izTm%;QwJL2-jcr>F*m=SZI5!ffPB3jlf92JgA66zkINFP};^ z&o8xW3g_NvA7@hG^oLr1m83jn;=Riu65g}yuvu3tcL?;>>AlM0H#d-qKU|mbLDX1DLF&@tyoZhdqe#r60ZNG)O_$eb&;NOvde$R&qi|0Am}) zA^mhL6Tdlqv>7*HNXQLUO5ZmiAG~9?51TyJCS-pyb+UE83Yctz2+Cj3zz_yI2rnE;T@UOQHg7MSs3>0O@~#{@K61-j;WU_L51}jDwgaM>bxgAi9x^(yJdfvX zb~D}cB@N_2bjl7oh&mP)?vVH1q9kR$5;hHR38p zs0n((lRjpm_qIo-L&sxH)!RuK;;T$@W0sLrzEM+%;E4;^`m~EtzESr%7m6w_Kjo=w z=)JwO$aV|a=4sYQSuUX#<=2JWszXit$ZK#!tebANmxxUOT@2rLs(^DsYukT+$?|<8 zI${m$lTPcs+;A*i0l~_2=R}_$f%+8o%s3!U-ORHs3zBy93~!n`?@;8BO8wLys<~!9 zFe=cqOjGB-e|NiUmDMTR(&MtuBWG2f=OkvA>f!I7$SQLFcR6#c|U9oF{l z{A!O#4`ezi{Mg3u1S7h3W?8}RoQZpqt?SImn<$dBu(b6>icZbC^^m2K*ef)Vrt*bpPsd=Br}s2!KPD0DS0 zD<$~~Zj7Bt3)5P8{4O|q_d)K25VZFQ)P#CPI*;$1>Oh|IEIZfTLFll3kKrk)xPM23 zPL|2#B@Ja-_SE1Mc{AcAL=4X|lZjajxio&FX;Q1-lw)bI`&#o3c-EkF}@Nk1aa|#!AeuoG_8B^lHZOQ<8iHeRTy5lFE@attSN?sg4z7wz-e;TQC~La$JcS|bz4ON1y+6mMS@%FDQJi6I6xhOQGf8B|M<8tQuo_8<_tVyCy#z> zd~-dWAgZ4aZC2&8=f6lnv8>u+msfdT%Pzu*IuAJPaq2L6XY4R^)jMC>H}dO4S!v%C zeP5pg4!duKLspw&d-1)~b~C9Z&x-e(ke!?x*ZH<)8{wD-`W<7~ zGRsVZr6gzwR;AmqAt*;AqK;EoIn`)+g5^aKsBitEs(A8a!O#|us@J$CXPvHsg5k*? zj@$m2L2&*do>yp7)lY5hu%+KkKt`n`>i+lqk42?#EL1nR^iyt=`YO-LpNDb~RSv8C z$UQG;Sbv((m>E|CzYbJ08a=flVJvs$I=q%4UOC;58=unx5yf^+juOrDZJ7I~<_!)O zRB@I?M|;&I$i@i|o~t}Rv3cX~kvwQ5BRSsUm+ zXCm^!NP(B!)CM%|f()4bi49C72x@uy-tW1Pv4I-Ck4z2#RX z<-1ziox+WEldrn@>t(CYKs%{(=BxI13#VQ6ieYZ}$4;2c7Cq*BYKtnhoddBV$8Wzt z+>DXxsQ1%dmk76q;ABWy??-z!m6xp#MEC1hL*k9Ba|qM*zf%v4Iq(HY@$HwkL&ZRm}* z=`GP+N8r^lIS_pD%$prqUPk-NquhtfMlJSdWPQgA?p$?l=~18~FafFi(@T((nBC+6 zu#|(qT5g|Bc>bE-PWYIE2e@!|hmk%Gvp2mMP{)LK=Agpc&h{w9^XT)m?yavd-gMEI zvM=qG=$7#He|jL6)!rLYW$W6VPS4#TfLK_Z<*28jC(>i1(XVQ>=$@WTE38$#!ZK<% zZ63PqKRn2l`poD2yx8FtqA6Zxnj_4QHlaT0dY~<3o0%^&qU5oW*>RP&HE(HlHc#0% zL|Xh;j7u~8Bv^+h0Br2IRkzHKG(9m2siy|Fz7J0gYxR4|6Vb|Z5b^>)6YipTKfm9J z&H%Zv4gI{l1oJbAZGTmnnhWP_w*m@mC$^8*ArGVAmct}*{1n7iTN{pqKfisu^`7gWFlE|O z+XlHYiM=DMowb~c9z97Ds?i-x#(dU?@Oz7L62v=!kE)<#c-LG5rFXhgcQ0`{chHW| z-I?-oawYp@@`3ikAlg+MI#2DBXewf4haHODRL?Z;5dt)W$ld)q0~?yd#5CECM?a46 z|8%|G`SjGwYrM!yV>rjtL}zSfK$#(=T`WXww!PZaoa`{J(&Pwqe2m-#s)DzjZF%9g z{&w=-fnvuq-8EBwf?B1KPuU3mN-!Zes`1{UfLeU^`lTu@Xyry7!HeCUlkbzB;p2Ud z9NoQ(d-v0ua)U%4P^Lu`n47Gep6dU;@0f=7H||c`cD28=&{iBZr`F@Y3z{N{tr|$I zlh3Z-yz9|voBeTCg3b=+BdU1Hw^i&Qz;O1Iv2IUu?>i2+O`#qV<<|8%H{FsE_=`O^ z`mL@6g2rQU2L0}N#P{{g$09p=k6I3QY)gv|KLH$Rw##Sq-Vq3G3!5b!77q@Ycy3>6 z|Yb-%`gkD?b_mpUf`a z_i|g#=Wb^os)FNL;on+TqK`lkhu?M%_}Y_a9UD%tu0A;w$fwx~F4&Z}f(E(|Z$WUI z9NW#4K&A^78XX4VZ?n$nV9=VEM70&AzHF5JNSYn9LdLiWjo7p~SIGtPCm~#foE7Adb1DZa=yH{ua}LDpPh5$BTO{)oMnTW5=Mf;aG)B4Vi7)ow!iw!W!!Q=Opc* zn3V}6iItEtGcz&3P*D|eIrwI5q|({XvZ~;-SoArfCr0pf9Sc*kUM1xC2xU{Ummvkh zZ5&E#GjVB9Y#6+5dB3vOZq93~wld_dJ%^KCwy0|Hmv^I{Ox&b<#=})|z zisw;6DD|E{ixMp=1GlBg8l#aPm&lJ-#gkH}{LZFFnjGdCN^e27*HF=39=_0M1mc_1 zCLN#hH1vBtkjtqBcc=V0M7Ke|xlb}g54=F`+kZTyiIV%xAx&5M#Xr)9T^_I36DLp# z(3+1XzmDZEWBOlvB|rLS6y^S$okhRW!EN9$PckKp4eMB6E=P;aiyR;BqENi_C27Qt zw)hsFo6G3O=KAE(Ti@fsaf+&vZC18-YSqN(4IbF2KN?sfdHBhbI_o6x6nS3W@rmjU zdxDAq#gyizQN2=nJZhug~vuQ;0@za->iH?V67R-3n_3mB%RG{^s~I*Gz}f^?4xIKQQA30G40SfU+ZjBp9-qvH|hyB>N^72A%^EI;M`!x z>AoV9*AL3EnI~LFsn*P7qoJ~}&qQ2Bc~Y;JfI}+K{5>MY8KDL=e+w5S-6nrY1B5<; zFwDLh&xRF88^?_;8HA4t*qm&mvRS)%J!_SVY8&Y+!P`6w_4XTpQ>@!N+SduNpA%f#I0g|n64G6+c^dhYo`4D%(^%)+J-Z1>LSf+Y54VW2Jdq0s!C1`o ziATibk-!yHXEJ?{+A$uoNZU2kOL$RC@l23CQ5nm8&9#;#h_gT{d}GaxrR5YO8aCa! z#Be!h7wl&i`1Jv$Z^?QH{mBgc!WKDV)WD#K6G{ep4xt|Ve&#?cwj8YDpR5u8SKF!oyWW3nZt@Qu9YdtSpZF%irx^(xI18-^ z9F5T0xaMJ!UfbTDB}dbT?f4(S-OeTW5Ql9Y2@QN^k}05y0YjDSIP#!Jw-3LqO%i1#^CJth z2F2f0tO2X%Hc(yrjd8D9 z><(bkJ*i6G!<$!t4=%Z`RLUgTF1Vc6cUAj=rmz7Anx_RhJlKpnwu|D_Q-FUmR?*WM zxP0ewLN;Bi)K&&ryENix zZ4As;yj(_&E_sf7hs)4D(+N2H_VlID!RESShi|}VFxxZJ_&~PpNh@#f!yNVAjX@WK ziN(tk4;u^X<*bUxPJK01Ge>!~));)mJb0W^sxKf=as=9En9MX5mvcEE*)bwyhCzMF zBuK-!fyAH%^mRGAJT~nt%sBr}k{$o8$PoW$Eer$LE1wgzG{3P_7t4m^L5(uB5QZWl%mkNr9gX42c#e5d0%_&^?xa& z4pRMsOs!)go~;`g5wLB(*=CuE=^0^7+ao*7#{$CpbqKp>wu5cX{0_En^zAMP9@GVS zIHr)IhXXk2G(){sM7l`q#G8XKUr)-j_9d;!3=H{l+ACS|Vc4N(G7-&wdzirhSNIw0 zn^q%S#~C^2l8~H9`Rl}cKFMF6fKKH_M<*p%(+4C2mDn$zID^H`2B#K~1(!nmYB;~@ z-wTfw-pi4lKTs|rLLou07?~SMmq)E|z%E$Vy$ztLpB%A||H)qeO`XX8Q3=BTC%SEZ z3p8N2f$lmSH%6jKw+but@*9K^d$%dglIgYRa}b`mmn&g7mU0AQJ%@-?oO6{jntm=tc3_k5(gdNyw1kUV*T~MS3ytSNfp*OHQEcOY2M^ zvJ^XRdz@El@;>#z(^WQ3_2JN9`^+<)ESX18xxfuCiF4-rX;KAl=Y36gB6p#mtG1;+ z^QKg4x&BgS`TMUxz7{Xh$5r5ntaZoJC;swVehglH(kCkxJ3x5wYVX6qD9aKHN~ zo7u@Fp~x80A_mQ$EF?z+HYEobY<_{W8ff`ir;W@EY<5_L>VF&3H+XP1ty^{bc9Q#H z520#7j`9ffRVLG;d{9o@<`^x2E(>;sgw%!xabeOrr~GswqK?B+1W5L z3HE8rWes$r2F;wedx_&NZQIX)%7EygOFfB>^sSB(Z++dCIf@Eyq%_VphCLBHN$yX{RiL-LU1)(GAMNzz z1GMHUzS+Zcv~1tRijeANw^;qmf||d(6+U#1O;AnEa`jj`wM42(<{5TrS8M)rSGGg>y}sr}v*RgjXT~ zLzl^fi7jHt>%5P^{ulQz13Z5LOXML$1-!sV&sNo}aA@ zhbuCqMhnQH(|OA64BO%y9aQCvP~O*WZG=n8Yo=DvAGkac6A;oIu$$}KHMGiKPiOSZ zxWD2Hu(zRbWgFsbaE-*5g}fQSzPBp(AbkU+Gudf7v6$oEX`{Voo~zZq!Uv!OR#I1^ zSA5_LbF{8F0~NaWn${Mauv!Xh`n+_IALu^7+>|!pK`|ip_ESq1T6;Usn5YS0tz!$CdWsp|dj$wSUvEj*~ znOPvVqx=G8X$q@VZh0`9N+marQZ?sjli$q$zRRAFzC0rP!P_s|o<6-q;mn2Wbjo$) zE@Qj0tGnS$m>i~%Qdkc`5-v0fPxJHeQw|B~GNEw~M*?NxmtH~*=$8lN{=nyIk7loQ z1Z*e5-6-IFT(T{D=+5QxbRU3ZZpJ|#zUs*07e9OUrg7DNd9|P2e%1F(U87yLAz(T! z#r=}r|1-Y+JNGO6qauiZ;(mqyeL3+(ViC`YOjvR?X`!$ZTUi@)WZ`&Y5#vzk#V|xC z%PjtFz+Qe?@PpvU;-TK?$9?gM;(dl90WB{< zb*RC$;%b4zh4|y4bKY{(>riITYSNj!>1uzjiIdpZ^Fedzb=h{YHd>hpXP#&6ZH*m) zq_MV7_20lQMiNl++w#gCFzt5Rv_f$IWPBB20OhSbXHJg`3_(3X{pb@&>*IF?f@XcC zOi4!*HA9(MCGAbQPYQmrwu`bZ(+o{e$~gJyOBlcECxwfyQOkp8*iShtyc<#`f9urb zReB>jo9JXa=bJ$z+fitP_r}Ji>JiGp8^JEA&FieeI`7`LE1l-d;v7gYTKxQ1><0;& zM!$kyAVN!PZcek=J_zeNQHB!{5nzhVN}!X(G$*tMDuRzL^sX6QusA;P_@j^ zDPl)yVjb^yrz-_B1Gk1*b8`NE12m9mf*i&Gywz%eg!sXaiz+a+agX@j7rE z(q_YuNu@c}^<-X5-}hI&>yK~tzu7A<^_#)d;GWr0Sz2H8%2CWyiUew z+EZxV0FL&$m3;?114=r1OD+zx>8b}DwJJXZ9V<<607GN*tmH#Ei4yMAZo2Si@9SH?$hDpZwl}sQiAxxlTC8wycK`lPn96xBS$G zKN~3eTlXuO_lJChe%Q#G0&upDp$IdP%_TfG9OqG6EusV)hTJYG%5io2@S^jFjckT0 zR0(jG_WvU;LV(T?rim2&!w)`kM#W&%2=IfyYauK&e8p<=+sQkjQCm~xY)%k_e!qHx z(*L~F;cp8D|KaQ0Fw5ILHHubtZXLXiPh>CZP?aRDcxUgOU>-~<&QYU(vfQuQw2_n@ zE^Ix{A%M@pITR-*Eq(<$!7X^W3?|HH5BO6B$qDT(6Lnr#o(3cnUdv@w`f1zoBTz@9 zS*JgHdf#Q2r6IZR2RgSwq0GcdDGZXgSpqD!ta=0z1g8HN=v=(44O0`)?c?Pq@3k+l z=oh|cduo&ZmU-$@4IML8a*8Rnu@CVSSPsp$fG&z%NS>{9a;xfm zA@P(gT1@^lK2x#nyKBOz4sE{yu3OV!?Gdz`>qz9;@(%m5#ug3 zo(iGZh68*rgo483&a$)J9B_pct)KFdsqU@s~E2Sqk9vX~au=d*O)1o^(lP`Eeb&-5rOpk4qEm zB^RZ+KZxI_&N=&fOxaylpAe~Gs}0SWtGO9tu3dIEQmbwYE`jVYYicy((}mZ(1%TV; zhp+!kHuK-)XURE$Ou`f2xc`_z_VfKs26>6Ei^TfF`toZXeevIoEZ*FXqCa_Q0-N2f ze>QPObM((hEB>Lv8&W*dmz^RTRm4?>cxZ|mfm%Fe;33=Nuo?!k-1|O9pg(U<;;4gPlF>3{P7 zpV-P>z@Xmrx6H7yH#~Z9LvcM}55`GxOr0{&d|K*Z}5i#;reTwdn6vo&IlDkrsNTBO#&Q1BvuCvI& zE0cxbm_^46zEuR0AJ7q0H%hdXN}G7yV%BSg6eqat5sB)6VR<>e2e-PpkB=o09I;vR zygTuHoprxiaH4bljy>fRL1*?%mFJv!=gE4Oa`UbpBG)@qUtD1ompNemp8X$CLdw6k zErLvXRk_#E1vkp)6S})?s*GNsav9{H0h7DBNCfVT9psf*Y0Z4*D@v*4dvc=`6{0D; zt4cC&&Ydj=FF;?xsTK$aR0T(%XI1be{_6?c3;1THHJad0J-fK$zVHF3>awQvuq0*cm ze@69nJ_E0-##(q!Pa%~SVvuJr(o4RktF&h)f!{Z{ePWUgoE33%|CoWOHYD^~^Vx1) zC5>{RoJw!{w=n9T`QQFc)rJ32X+Ln$U<1Q}UhwYbIU`jHL)(D9wWZKzMFN+S#P+fK zsa(Vgffgg(-6tbIYu`X>r>oyg8`@Kj_$Kz~t4!LyX(gHPKbk_s9`js{pGbeOw^tMV zBlQVUz+`?!(Gxijvw`D2@-sq2o=IDR{1ALb)i%{Pq+=UAiN{%N!^Ye83X3f{JO|&x z>*Eh|P)jrLt=3)?e*L!cV2NHU6qA9n**uU;CKibz0S5+1H@VJq^1jy*s0>aJbJJrz zJ8Ij1L_@-u-tjLp5J1irH~z^jpX}%#)fST^Bm@2s>W7Iq`E@X2or9-?prtjoPw<0R zCME#vB9or}iNOz6rH0k5oly_EY-|4vh`_Xk5q>RnKZ!keaKxT0lAbAFv54L=S2mjy z8h%J(QXpMN;4L@~02vzxc&i>M$*=7QbXlHYPs$;kB#Lb@5N$#Lcdq(}(A4C!Fmo)l zX>uePQ%qum*OTG2iVp)xJnmKKQ5agJ^9Y16hw`TwhVfQq=$cci`k!n&HZ~{rl zm+uG^_UHoaHNbHIf+&x9H@N!!$9EL5xcnnfD&S|(F$rV@W_5PgPgCbK$Zu@}jc-6v z+h!#v8iOX*0GU4d!}zMtu@yj$K?R87f67LRf9w0MNu5OmxuM93JXoHf8Yvf?hPqbC zxlwc>_Ylcc&|M`r@TK=lKC_unl3W=^FjJy|!gHhM9?FtHDZ=N+b=YP!n1( z=hSr)CObo*8TD^rXGUQ%YNtCG3i?yGGW9e2%$z^@KdWC2zm=EOr;#xt@*y`jVmEVb zb!L+mzd1D-NYtCDMwQ!?Pug!UZp{Y5qrAYXTX(bkPX|kCe|Wkb1sR6$5TxdR2ZP%zpHvVX5m{$?Rtl(WoPspi~9BQ@t<;@d3(0j+`dc{X5m$Uak>#| z_y}Z1>TCT=W7{D*xqOijH;lr2JKZ0k|3kZ0P`WRZ)6hNz4iJ_NxDP1qr;?ZgNkA{t zXz~{Q5hydc2;Qni8ijubG>G9;zggXE|bU)gaIh#`C-)BPkpUHm%FcDx;%i{od7K{AP=^H@Meei#i8T~(dZ6q&#cE;H8DVw`C66 zO-_C(R+kr08qc~0+!VGY07<-t^mJ}o6XPXj4_wl`fN`lb3S;TJ5Kz;lCTdO@VFIyx-P z3ppx0ygrGqgg~8RhMSb55tb_R8jNaB2H#t94$lmb?4psPUyr62=vsRu)Smy}Cjc6y zb|8FlMKh zrSns?Tn)w0NbVrzF%#8!Hs0@I>NtDC18v?G=b=X;G2l<{P7E{WP`)(e$++3y_l{+N z_d;Y(qA`7|XL2L+L^PZY6|iHLZ%}f5(+T&kc=WQxDcQ(tJRq{_%+B!dJ%?2sYc%WB z@DftXBHZ!`Acl*Mt!~{eEZ!t0V9QZzv6{N~@?DL9CMt^6s;)c_emU-5>et7WtEB3> z%ahFJs1nTXE1&p~B-x}e1EsYcfuso3$fU42^f%`^`1QxUch-E^5uyGJB(>zCHLQkX z0Nc9^5PusZY6j5I5Vh_F)JqYUY}ulAeqpmi`~w(LGFz+0eY08SyA}meVZhC>%>*kH z*!A<3hsqNsFWHSUAD3)vn+<*Bb4{k2CK1x|xd);;1AQ}si_Hpgq{iE=x@U-)x!~qX z8X}#Oj3Q#DKrY>jBULgeW`5~2{Q~w>%^8;-pGvODFu!y$r0ZJoycA2Je=wxk+q%Lf zwIZdaynd3_&E8dq;%?Z@tv zF570Tx(u)DF0G7|He&G!x1}kyKU$>`3?{rnwfM?JPd<}sOJB>h9fGakWYvPVIR5jC z<|jPFri?5(!ZQt6#ud$!45=0bx*8p{q~3lUjq1ALw5c_O){vlf^|+w--cxVpRA!Fq zvpSycu9tqh}U1i*<47U9GxwjP&pYG z%Vi$W*COi_FB`hqE@aJOgk$Cl{ti525<*}j+Rlw)N6~7n{JlisCHn2hXG4!`sw}ea zhD<}>Fel}4*W;5Fq|Y|f)=%0PqD4P!Fb16(uVC|Dh%Jgnnr!C`0SC)kYHkB2z47kZ z+!_AUW;w%I4`Sht;iF!cF0upT$fCu%+iaUXP-9UhEm~eB`>B8T1l_yB3H!Ymb4u{w zomA7vv2dps1IdL+@eZs@8@xynOeUg~4Z04+L@j0B+Nwcu9&$mvM#~+KK#%+_z6n99 zE0%0IAo$oBdwJcYJ_XFD@42bN^ANa|vi-uwEyF!6Ci9U-q^wg?0K!aWD;VjV+#9sc5c3^Bf#7V z4cBAj9yaUSnd(J#2}=(?oS|XLPfTy~_&CA_!K%F~nXoT^dCP1;<+V}|y6)y*M>rm@ z*HS)G;z2dz%eo}Mbo=aK8pP|%qSH4O@%1mOgJK~$M0KoKQlUUh^t3{jKIi8apTkeA zEd9^by)>9iUaEWr&rZBn@+f_c21ZzoFAz%}I;hz@SKVz-jr2^vW8f%0`t{PyZLT}1 zR*RF2xszw{ID&5Ybd6SO;>lFr%g~Y#v?S|>)L+N9GFQ&chdo-+6PF2$Z%ozfkoCkx zi7MyT;PNAoW4J);7Y8_Z>V)_l_QMCCL5&%Cz;@7LInQmHz?nN9sB^K-a@aXD$1CzO zL{_E`C(@_UkjOSpzsPcSONe$V&ermy!zG^2*AY>hqrT301Z zzAGZ*a7NiH6HnjhAvAZjfNiw;d)^}8IH1~X9#-GPF>-S8eVX%V>MaKHP-aNG?n1%- z_cfpZGdl=B2UDf4aV0=0Si){-7KSOTV>3*-PQ|v}+}yv-dW&3&5sZyrTm)vX)oycve|>mMLg8N7zLzlT+`8vO+UzWrT30SiTw`4s zl#L9Yf~n7X^zKZ%OplV~jWf|}lqcZsT_zU-rjX|)N;j!2n9yuam~PkO8ubjev#wEg z&-MYjrOml6%w0$8j+4`z^}=OmFIbsi3^B};%0^1_SdhJm9`R=^+SBM|$9 z#iV@O)*b+UEj-*;fhQ(9iAS5TwFKT&~mrty!9LBOI-_DpU$Z>>u==IN*@J>PLJ z3rF%87H`%Gih{kl{S{=t;$d0J&WLRs$$J&c&eazl=v*w!jY`DT_Pl<;HOUMTR%P)H ztK3u{RvR1Okgi4CPN{LA3G%xdWn_4U$ZOiC(e`E%cyy&9e|PXCmojRDI4Y9#z1uSt zP)E@D@X*utp7h%0)#1zAq?W=PnuooY$v;q1dv(g2$qX3*V{;A|8?jlB@1nCVGkjzz z#%Gumfw8IiNJg`u^umiP)QvIU;&(6Ce_iCezEltJw2AoNx$a}kVi>%n3=ANG>tk=bB-B!=hf{cn?GZ*nb-bnfu)(CN7A_``pt;qDnZU?4Ep3 zo#*!n_uO|$vh`?^ld0~tpNeXbRvk=_Xzu{lMsm!@XQOF%Sa?Fu`ZWWQq$|&*XDR=D zLy{P&w@-Jq@uIR)wP3qF3|(rXthCK}tLDHx-=JXz8k8@VwdPpEYcGm>p9%%y@YSKO zl2PsYd#u>4MR0c(+E|=J8kou3hzt0QP1W+3T9nH?kQik?ez?^|KZ6$y4iTsAl5SiF zm=DpSDm<2LqSneaq?w<+&#Q9i*k!Fa=94mka>GqR=6o*tQs38r{V;5q;~Y`LD_7C{ zGyeWEj(V*K@?#FmHG$qvJZNT|dwzq4373bY_rwuY!^dlGrY3r&30?()oIDq$y;L;y z`mn6DX+o;ZNd011zPAp210LRNo3-pTzB&-7Qe*mcT_Pdz`MC@G5g#8`xU7HB<4J=7 z(RZPcJ|<^cA#+HksO?AeC0sbJ;HA!J776+Swj6n_k2Ww% z4aVP@F(;@LZ{2F{i@U!u9@Uq@r*|9s&LAM_G2pmE;(=cmzrdk>_z3PhP#hIT^Fu=P0WP%-o+g#ARSZ{D^NCP*8ojX;dby zv6es_m0ehDADI){)V@?c6MFsh1}ra2jkL^3 zIr{$OY=%qs{lAVc4L$5u|4y91U;{JLV9c!r3&Mlp{kvvXjaeQJZOeW1rD>k+e4Xrk zj~zwUo~TePd_E}!Vtvu<3(R2y9JQMdTOR%F1P4B9Mnm~gcpn5)*vmh3 z(+5@F;!^Nj4IwDmz}6BjZ7G&Mg9JcI6n7QgOhJ09mGv6{Qsj9wOBR%z( zFWNEI0syLV=oYtfEUQWQYzvzR0HAjJOtw>ptdIg&twuIO)ryz$luJC2;JX6+$+m{_ z0xzZkb%`=%Df()YS>Ak6{Y_+ESjNZhSX;IQjUtc}M|@7fA|iniKu?LtC%{q#23KJk z9mIaQzm&TaOCCTSW~Kdp+_zS+pdn@7shK4i^4+CL9>BF%XHFAEJ|=o!qb(`&&9ftx zk-r|ja&DM)?jcSD#alURo0P8Tq{}WGJgXRfa4@h#r6 z@78_DrE9|n04XUdn9^XW#@$iRkOs@UrF6v<$>rP=Ms%;XW$|R{IGb&QQ9ys^i`E zE#8oJZ-9fa7b<$m2a&FXKUGcfcsq5!;az|8#0Z`taK)T`?M~*^NrGnD>Ul) zvGMMW78@W4&oh(&@u`Wv30`l`fFs8R4kK{ML&VLs^+l2#tad^;Z!qLngP&cH9?P+82B)w`yh*~FY9=GoMatX@BjHl#k3mX=fDaXD;l;yGLw?cqWelg6~WtJ9-*@}7h296J`a4wbSAr=QjNSZw*0(AK zj3c0u?vrlFcIS}JKt^DJYE9)NY~W5RC@NB_rB>cdR&-3N2Z%)`zeDVLz?XgBGvyiO275Y#W~q3s!fQY9=@6_ybhW`p2H| z1H9c!sd4;6tgq_Or&-(j;NG4$Tj6)4+3@`1P4Nkb#bYS%6&?3%0kn}>cE-|A#M-?? zFAo2(Wh5MlL*i9;9)9$KKqE+zLg4jLfa83=U2MUCG#+ymi_QbcHFtQiKn!BqEPHv$ z?2IoCzrGis!w<_0Ef{J<@_cye2G9~>*^ivbk4JB07crJmkKDXnB3(NZea51i3HWrF!Sf9Jxj{Um_X z4jTDT$<#ORX+EaY1znk~-+RcXq?3jI{Vt(xr%;fAhO$EUFVzoK$w z0F@ts02rCKo6Ttixaw*AQ2__Z&7kq50<_tCmT^fL;m5dt@kAE6^e*d6J0H5$KO|J%DbG zPyU0&x; z2_j}bz)<54(Y__3)@)Eo&gl)XL?)Z_e8wXmxXfCD+4aV@y1SRAo{R6w6psLqJx$Ov z$sf4S0I-vIjtO^5km&5EvD|M#069gvnmh`UXnqb@Ku)AO_zX&s18YY$U*Hw#!cFUp zxkiBYmT=nLu4Z?P}zasWYZHUD0Uv~+t z4Y2m>UDs;FGT7WbqU_!RtlezrJ&)fqt$)`ka_|CxUe^TOY?Fc%pCz$kk+_)na>%73 zX|ZAVhqep8IcKFM0A94%SL!_Qg9oaLf;$nZTOVs5$3psVcowB=y*gaI1K$pPI$>jlxsx3q7#ZEOcE!%%SG?Q&-!f zwT!`U1l4i8=uDfR!jenQ(8dyyr2xoa*oN82uxy@X(U8sH9h@AYYb(2<$+Z9NZ`3tFzNSuoveCi4iF@U;cK;03 zJike}3KeEkdj*f@0UNpxek;G|d&N-L*8|=Lyl^ zJKfj>Woo^nFg4&Hq0d#;}>63N16Y4*EZpfOfsL%IaHNOgZRQR z&*cw07p{v8Y6SlDyyzxCg3A?A1SE8BrX<2Ux4}oCoe0ah_0i%(8#cn$xU~IZR-P|; zv$hTMJqGXj!d}OxlMBO}5^}nOm*L*Q^yR!%E%#=#($~@*fWZC(wqt9_fp}a>Wk8|f zQXi;V6a`NJtY_E&l6nR@&SjF|0;+NC@;>_=tJg@Sr5ZU7yZI^6>nXK`W2r#$J0%ooqCh@82grw~wK>!= zc6Zejk&8%-#Gue^J_HE*W%CHOpT|qXS77PH|uc_cXGvC7KaGOW=lKJ(lKC%bm=v!Dly8qRmU7yei?ei?{-7aKztWIj znY6|<;?2lJHk|u^wRh&>P_A(wSK4h6vJDj_2}M+lJ>f``C4}r-mLww#87+h|La8{& zQj#spSO;0MWXryD%-9)>U6$T^W~4fub2{&Kz3(5ct3Pt_?9X%G_xJbt+|N_!>n;wL zFu$Lxe;X~hpu{Q@VCHaFc(+6@P4=Xs?;5wwuL9r3#Y|UHx^%^df;tGXMc;7ch#Jxe zX?6Sg7m91E0kvzjT}a$eRd>H@rx?)vgFVC+M)W7WS6s0I7OuEf%<0u&iiZo9cwe}g z`<=T?n#XX^nTDWO0_C;dD^O6*!O>A)Sq#4Hcl3G+w0LA|S{XElP4xXOivdke<-t6x zlwp$jNDD!)l-v90A2Q1HrBU=Z9X(?_g>4Ku5G`rw*@OH7u%np-K>#Y_z5|t`8=z9d zTVJr51#;8odgeqa^WL875c)c3eF$}wT7MwpxRytD9Yw^`ArFogbhnCnP-`iI?-M?V z**s@i-C*YvVb43TqYA&pG;r}C5+b` z!B5)PvvP6-l7$DsZdhb(-sJV}iH<%0i}@k2x%Hxikhvt}UN|J2X`qLB@lK+3>%MZV z9mVj;^LL^_BjP%k3Qcaq5z*mW5AH>OtbmBRjUnBl{+QSuCa>1chSuYV6k;l$130jD zC7M{T#4~}naTE#6UJ**PQ|)>A?tva;P_kjK2v=z3JJZN87VJBB0Rp8?b24v0X~&jN zCjOKPyd5nwH72fCQ_J@J;TWvaezBE=KKz;b4gPtfSEb@`2T6I=f}B^OCCo!6r+I&` zd}miV#Bzp+PDvwgYyN7GF7Vn~L4EG9D9Cn`UB;k082bI9GxfQ9*Sl!*9r0HR4lD*@ zuS#eJHOfxKw;XTcQz^vn!e<3-F$Sdo;|xNbz6FWdb)0XNyz7S(MY0?wQA%qkb~2@e zmho&YusNvasa!c0fGC|x2|!=fRq-N7-G?*z9P}z^%8GC}+jWwGChvy$Tpb#Wz72?% zaimE*VDTPS(HD+aS5e(r9H*0h=@qcxGq`_5q@(B*Rw@Xa9-gy$6mfUgN1Y|_URR4t zB{lG4VtgPu8aaJC+8QVyu3JTWS$l=&^TAKh6rl>B?d^~7zynpT`9OO*RcrEuI9o+4 zpoB57=D74vD@UAcj?TMkM|RM6y5;~-Y5y~*)YN88aVeGrpmIhY{S8!BdG=!9$MQ5o zhLTSgQ-I$n47w?tHlUSu~Es0gSdUv|;?2t0^(X``O#xaHU8A3+cNNAL0Sb+Y| zXjH0cBW(EbSBQd|&tY^cXUWB>`25C@bC(O3-5sux zCS#;coWkCXMuSnVpyr%C2wCNE2oJJTkQ0p=EAA1`|9gH|TnH-E4{uwmuygGW%a^p+ zl?BGY<+;M=&89;oOE^~YzmZBNrV>CZ?Ov1c=)RxuXtOkx%jkkuRs?L{HD1|}(^QN| ztNjrsfmPT2DfBr{fD#B9?F?sVKfVe)hU4OdM!fs6>!*su%S7q2%3k<9W;5g|FC5qw zo>Tb&?s1rqm`fs+apB*E$lKEg4R%pNE?!$^9Zt&5sqaxUaO*>IT(!=;S%bZLd{`qk z%=AIsvc>FsiG}l?w94zGG8pSaB9#_IQt2JFo>?&)nN@Av5)^yUbtci-(hQ3&SA{O_ zmx46bX2H!ai}l#IpSaIautY|rqI6y>4o+{|t4{mE)1xj1*`c_k@nMY=lYsr6=SP}kDDrSo-k{bFQU;|K{7 zs*2-(hJ<4?mgv*xot5+n5})}!r^@}~$dob^&i^x|Y#ks`O0&fnGNlyxC8gBV-hxH4 z!(QnqI`rkA8p{$8j_F+LHS1*6I-)v#aObuySt&IUO)jQojiZ?i`Yyq$;!Gc_D?-+s zI~L9}DFwS*QB?BSjZF{bf2|aNy(~8Zcb2c{hj)?176PZbo}<87XEy))IA%gY^_WP>5ll=)i#BCxqoEEt1m+01 zN)-1|fUaAgP#7o@=4a zM~V~6I2laPdGSZ;UmXfeH0D+b7Um~NqK8NRiXP4lX1QzN61tD{?1qZOh9j+s zGo`*M!vYb(>lqv)^hCv$U+-b5M`0SC?Gx%yhz!~x_WMV2ikeid562r5<)lM?Sa)gM zK{BVbBymb;$q(VRfA-hglZ%mrw*lg;sT~GBp@8rXhUB@Jo)@3_P5(mSHD(VbmJY{b zkj^v&ygc7}Sn5Oo2&|Y^fs5Y)>pMUR>9?*^LdLI+@Az;E@GFGOmBrAfrs&( zUdjTUUDuM1oc6*s7K^U;LJ*ONyXX~d&~Yj)3$1Xo9c*3c6{!OqC$q=-?mX$1sNO<> z#@9UvKN9-@#ngu3WD!}yeXy6?2Xm~y(b5M8kuE-8lWVfPEV#P<@>+N6^rv1l*v9q_ z_JI1K9AA$8x%jVe8V{I~Qeka=-pYD#Mv@Yh1)Z4VhHN*N+oP zC7`6Y_U={#iN`dXP<~-B19KUSjL1P5;%ZI~%0b_PGI?l6Ov)Fdvun7^cDu%WaC_Sk zF1}hHsv*M^T15_QE(_Es$jSyO8UIjStW3iglgZl|$y>WSebPOTfSPsV z>mVWLaHjqOwnbkojfR?7&!MUMdVzDc#Y6Z?=V#lD#T3cO^_V@QyKGBFLPgY6>jP9C zWqGc0L0hJWUcY~s*`wh1JGoH~8)NiWOl7jTZNc(-OZW@AftkW#Gy|zpT}x6oR3qI6 zdLKC_+m~?do$JIzI7Am`@cl%oXcQc36E3Q@f!9vtHM zbh+dOE;|*~G-e~yb{@0eDQG7m#U!-Bizjy92QO;v;4+u)K$^}Jre{SiE=@0hSKik| zBKv#&^FLo2xmXDv|Mq$VP{;K_Oe7E!GxQ9c-`p!)P^#mZTP*cU#k4a;tlPr7rSzR+ zzz0XbejZzsK+-JU7|X2Llh<_{Eg)8LFPryb3 z^Vkn=7wfDbV6D(W_G}A)JKj#Uhn9oLS->B{Nv7Jv=139B!`9Rf!aDN0uNGD7H$C~!+a!vx=LyU&NFuD@KZvlm z{IE{atW;NNCTGV)+}B+5(PQPo@Z+bFmOw*;UcnYoN@~vG1MuBEc}KR_y2q-zei%f(AU}85Q>Su3`SY@>I9u?V(u5Y!fm;i?psG>?{pn z80m-&38nM8m}(LA+f||!Js zu(Dcgxk}iZ(W)Z&HF7Pax|6rk;7&fN6On&=U(Li-vZaFR4mpBEl+H_pD8JSCx#U{Id^F}=qQ z)0IuLTrQV@CT_k3d z0vDB-WCLQZtM(hkt=9Ch(d*$9Y9cLHH_;P_N`k@xp;WvZavp9LFIVRhF-*CCCmESIH z{GplJof0S$vhzHj=nn(OYUfn`t`T$09zGDrWWUzSp%>`cwWgwov8%+LJ+nY!d5#JC zbD#OW30#jlRU383O6Ga5%k1he1GeuZiv72Rw zGI1XGW!?iR`|bZm0HXu(l*}>&*wLeIyT+MILR*Gja8mEgYTQ0U}gkAF!U6{Xr)9%qeU+AjcS}i|s7p^@azhsBk|Gk&GDCYG5mnMCs-Pwf z(!~{U%yicV+5aqxDiajQqNqrm&d;Lg$Ofu3iN^GPFpy|EMG{3%wuY+zSrnBVQz=;! zW+NG~7Gxu~`m_WE4N#TutBm9@r$C zchdHVoIa7*cICnv43PDQJ{B_+=KVw}!QnQ3@Q`fESSOW`by68+*>Cp)sr27jMn4Kj zW#~ZsH&V&rwTeBU)%Ef;LdxbhyWrM1zmM!KHNHs} zQ6k(WlghY@>!h-3!%{`Pm`_$I`9i?}Re3WS*kRMdBrX}YL&zD>(c0oI$Dr9bYG=+f zBfr;=TPBAA$*@SlHNX#Z`|XIZUW)fA?v&$E)iv|4(x;Wm>V3&Ju;iHiFE$9SvP~QC zo^QcH6&nekRu=5A&4cw5Z9b!q?iHz)Ob-pp zVtkOW9{2C$Y)$kE{h7*iT#5uqqN?f-qG~)@RLwD@bqAxxxOjmSAE+SQM($A=m^S6) z4cQNvY}e=c*md{!78rLjuE?~U3iIKfs`Ydlj+JYuoJXfmKj++U8yEycRjs)Pj~GaH zYSWK)Y8c5*wfgrlGjTBnON)MGpg`x1fjYHuN;as@e@LJ1<+1JLF^ix8QzZR7ih(!@ ziU-X{lZEM6c!<8J^>@B#)dA6St^2&v9#>=oG(>W!4wLor&QJ76oDSlH1{jt+^rUk2yd=+03w; zv3I;8e>+@CYddd8JWzJLu+ZrMqK@OSCM2r8&VbuHLz~8b-HZwN~?B8J#~6Ag@SVtr3`{NnE3J zy73y`p13ghjl$+?H&4Rmov`^hY_4i7ka;uG15X| zwO%Va)&J~PG&E78*yPy>YX1`_wPdi5sWm+{#kL8{q*2p{#=TaMap|L^6`|k6ytorgT9}Kp zA}utd;|XCTap@S+idv#kn|rZ&E;jEA;sdt%jBK_S|NXYJ>fUn9R6I7-PfF7yrCw2F z%iEV4Z=z%WC*H_L_jjN54GI35Ft^*@N_3U(7j>9}tx{-JjOZ44o0tUKiTlZj*rVC6 z&0eAutIv#7pb)X!{9*GP{1@*7&fX+Jz9zLB`xrCSWVZjOzNxwS_y1qc7uT2e{{SKz BXmkJo literal 0 HcmV?d00001 diff --git a/filebeat/module/envoyproxy/_meta/kibana/7/dashboard/Filebeat-Envoyproxy-Overview.json b/filebeat/module/envoyproxy/_meta/kibana/7/dashboard/Filebeat-Envoyproxy-Overview.json new file mode 100644 index 00000000000..d80081b896f --- /dev/null +++ b/filebeat/module/envoyproxy/_meta/kibana/7/dashboard/Filebeat-Envoyproxy-Overview.json @@ -0,0 +1,910 @@ +{ + "objects": [ + { + "attributes": { + "description": "Filebeat Envoyproxy Overview Dashboard", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "1", + "w": 22, + "x": 22, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "2", + "w": 22, + "x": 22, + "y": 7 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "3", + "w": 22, + "x": 0, + "y": 7 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "4", + "w": 22, + "x": 0, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "5", + "w": 22, + "x": 0, + "y": 17 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "6", + "w": 22, + "x": 22, + "y": 17 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "8.0.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Filebeat Envoyproxy] Overview", + "version": 1 + }, + "id": "0c610510-5cbd-11e9-8477-077ec9664dbd", + "migrationVersion": { + "dashboard": "7.0.0" + }, + "references": [ + { + "id": "36f872a0-5c03-11e9-85b4-19d0072eb4f2", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "80844540-5c97-11e9-8477-077ec9664dbd", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "38f96190-5c99-11e9-8477-077ec9664dbd", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "7e4084e0-5c99-11e9-8477-077ec9664dbd", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "0a994af0-5c9d-11e9-8477-077ec9664dbd", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "ab48c3f0-5ca6-11e9-8477-077ec9664dbd", + "name": "panel_5", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2019-04-12T01:00:18.033Z", + "version": "WzExNjU4LDld" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "envoyproxy.log" + }, + "type": "phrase", + "value": "envoyproxy.log" + }, + "query": { + "match": { + "event.dataset": { + "query": "envoyproxy.log", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top HTTP Response Codes [Filebeat Envoyproxy]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "bucket": { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "number", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + "maxFontSize": 72, + "metric": { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + }, + "minFontSize": 18, + "orientation": "single", + "scale": "linear", + "showLabel": false + }, + "title": "Top HTTP Response Codes [Filebeat Envoyproxy]", + "type": "tagcloud" + } + }, + "id": "36f872a0-5c03-11e9-85b4-19d0072eb4f2", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-04-12T00:58:13.110Z", + "version": "WzExNjUzLDld" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "envoyproxy.log" + }, + "type": "phrase", + "value": "envoyproxy.log" + }, + "query": { + "match": { + "event.dataset": { + "query": "envoyproxy.log", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top Domains [Filebeat Envoyproxy]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "url.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Top Domains [Filebeat Envoyproxy]", + "type": "pie" + } + }, + "id": "80844540-5c97-11e9-8477-077ec9664dbd", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-04-12T00:58:53.299Z", + "version": "WzExNjU1LDld" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "envoyproxy.log" + }, + "type": "phrase", + "value": "envoyproxy.log" + }, + "query": { + "match": { + "event.dataset": { + "query": "envoyproxy.log", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Requests per Source [Filebeat Envoyproxy]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.address", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "x": null, + "y": [ + { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Requests per Source [Filebeat Envoyproxy]", + "type": "histogram" + } + }, + "id": "38f96190-5c99-11e9-8477-077ec9664dbd", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-04-12T00:58:36.398Z", + "version": "WzExNjU0LDld" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "envoyproxy.log" + }, + "type": "phrase", + "value": "envoyproxy.log" + }, + "query": { + "match": { + "event.dataset": { + "query": "envoyproxy.log", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Unique Domains [Filebeat Envoyproxy]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "url.domain" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "bucket": { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": false + }, + "metricColorMode": "None", + "metrics": [ + { + "accessor": 0, + "aggType": "cardinality", + "format": { + "id": "number" + }, + "params": {} + } + ], + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Unique Domains [Filebeat Envoyproxy]", + "type": "metric" + } + }, + "id": "7e4084e0-5c99-11e9-8477-077ec9664dbd", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-04-12T00:57:42.389Z", + "version": "WzExNjUyLDld" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "envoyproxy.log" + }, + "type": "phrase", + "value": "envoyproxy.log" + }, + "query": { + "match": { + "event.dataset": { + "query": "envoyproxy.log", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Top User Agents [Filebeat Envoyproxy]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user_agent.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Top User Agents [Filebeat Envoyproxy]", + "type": "pie" + } + }, + "id": "0a994af0-5c9d-11e9-8477-077ec9664dbd", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-04-12T00:59:11.691Z", + "version": "WzExNjU2LDld" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "envoyproxy.log" + }, + "type": "phrase", + "value": "envoyproxy.log" + }, + "query": { + "match": { + "event.dataset": { + "query": "envoyproxy.log", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset:envoyproxy.log" + } + } + }, + "title": "Proxy Request Distribution [Filebeat Envoyproxy]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "envoyproxy.proxy_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Proxy Request Distribution [Filebeat Envoyproxy] ", + "type": "pie" + } + }, + "id": "ab48c3f0-5ca6-11e9-8477-077ec9664dbd", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-04-11T22:10:51.951Z", + "version": "WzExNjQ5LDld" + } + ], + "version": "8.0.0-SNAPSHOT" +} diff --git a/filebeat/module/envoyproxy/fields.go b/filebeat/module/envoyproxy/fields.go new file mode 100644 index 00000000000..f9cd607d26f --- /dev/null +++ b/filebeat/module/envoyproxy/fields.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package envoyproxy + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "envoyproxy", asset.ModuleFieldsPri, AssetEnvoyproxy); err != nil { + panic(err) + } +} + +// AssetEnvoyproxy returns asset data. +// This is the base64 encoded gzipped contents of module/envoyproxy. +func AssetEnvoyproxy() string { + return "eJysk8Fu2zAMhu9+iv8BlhfwYcCQZcAOuyzY2dAs2hEii5pEZdOevpDluKnbokBaHpnw+37T9A5nyi3IXTj7wP9yA4gRSy0Otz1NsQ/Gi2HX4nMDAD9YJ0sYOOCknLbGjbA8RvjAOvWk8TtXcAMMhqyO7Ty4g1MTbaSlJHtqMQZOfum8oC31baZhCDxVCmZM1atBKMBxmJQ1/1WZXQZvQzzGsDx2xbzSa4wz5b8c9Np9JQrqngplHvy0mG3Gl/3+cDw2G12g6NlF6garxniv9OdCQaVsHMlHCaSmLlK4mJ46MdP2+Sy7cW0NJbO00CncLgwwzifprj875ThSz07HtyP+WkJgCYESAsY9oTxbzp9EUTqj713M96/gAXKiK2urUElOHIzk973venArrN7W1jX/6QOOq8rqeUnvUT45Ed+UeggAAP//R+geWQ==" +} diff --git a/filebeat/module/envoyproxy/log/config/envoyproxy.yml b/filebeat/module/envoyproxy/log/config/envoyproxy.yml new file mode 100644 index 00000000000..c085c9e3aab --- /dev/null +++ b/filebeat/module/envoyproxy/log/config/envoyproxy.yml @@ -0,0 +1,7 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +tags: {{.tags}} +processors: diff --git a/filebeat/module/envoyproxy/log/ingest/pipeline-entry.json b/filebeat/module/envoyproxy/log/ingest/pipeline-entry.json new file mode 100644 index 00000000000..724fcaeba08 --- /dev/null +++ b/filebeat/module/envoyproxy/log/ingest/pipeline-entry.json @@ -0,0 +1,47 @@ +{ + "description": "Pipeline for normalizing envoyproxy logs", + "processors": [ + { + "pipeline": { + "if": "ctx.message.charAt(0) != (char)(\"{\")", + "name": "{< IngestPipeline "pipeline-plaintext" >}" + } + }, + { + "pipeline": { + "if": "ctx.message.charAt(0) == (char)(\"{\")", + "name": "{< IngestPipeline "pipeline-json" >}" + } + }, + { + "pipeline": { + "name": "{< IngestPipeline "pipeline-geo-as" >}" + } + }, + { + "set": { + "field": "event.created", + "value": "{{@timestamp}}" + } + }, + { + "set": { + "field": "@timestamp", + "value": "{{timestamp}}", + "if": "ctx.timestamp != null" + } + }, + { + "remove": { + "field": ["timestamp"], + "ignore_failure": true + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "pipeline-entry: {{ _ingest.on_failure_message }}" + } + }] +} diff --git a/filebeat/module/envoyproxy/log/ingest/pipeline-geo-as.yml b/filebeat/module/envoyproxy/log/ingest/pipeline-geo-as.yml new file mode 100644 index 00000000000..1c6409bf706 --- /dev/null +++ b/filebeat/module/envoyproxy/log/ingest/pipeline-geo-as.yml @@ -0,0 +1,51 @@ +description: Pipeline for adding geolocation and autonomous system info. + +processors: + # IP Geolocation Lookup + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true + + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/envoyproxy/log/ingest/pipeline-http.json b/filebeat/module/envoyproxy/log/ingest/pipeline-http.json new file mode 100644 index 00000000000..e38875cfeca --- /dev/null +++ b/filebeat/module/envoyproxy/log/ingest/pipeline-http.json @@ -0,0 +1,94 @@ +{ + "description": "Pipeline for normalizing envoy HTTP ACCESS logs", + "processors": [ + { + "script": { + "lang": "painless", + "source": "ctx['http'] = new HashMap(); def p = ctx.proto.indexOf ('/'); def l = ctx.proto.length(); ctx.http.version = ctx.proto.substring(p+1, l);", + "ignore_failure" : true + } + }, + { + "rename": { + "field": "method", + "target_field": "http.request.method" + } + }, + { + "rename": { + "field": "path", + "target_field": "url.path" + } + }, + { + "convert" : { + "field" : "response_code", + "type": "long" + } + }, + { + "rename": { + "field": "response_code", + "target_field": "http.response.status_code" + } + }, + { + "rename": { + "field": "bytes_received", + "target_field": "http.response.body.bytes" + } + }, + { + "convert" : { + "field" : "http.response.body.bytes", + "type": "long" + } + }, + { + "rename": { + "field": "bytes_sent", + "target_field": "http.request.body.bytes" + } + }, + { + "convert" : { + "field" : "http.request.body.bytes", + "type": "long" + } + }, + { + "script": { + "lang": "painless", + "source": "ctx.envoyproxy.upstream_service_time = Math.round(Double.parseDouble(ctx.upstream_service_time) * params.scale)", + "params": { + "scale": 1000000 + }, + "if": "ctx.upstream_service_time != null && ctx.upstream_service_time != '-'" + } + }, + { + "set": { + "field": "envoyproxy.proxy_type", + "value": "http" + } + }, + { + "set": { + "field": "url.domain", + "value": "{{envoyproxy.authority}}" + } + }, + { + "user_agent": { + "field": "user_agent.original", + "ignore_missing": true + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "pipeline-http: {{ _ingest.on_failure_message }}" + } + }] +} \ No newline at end of file diff --git a/filebeat/module/envoyproxy/log/ingest/pipeline-json.json b/filebeat/module/envoyproxy/log/ingest/pipeline-json.json new file mode 100644 index 00000000000..ce2244c8b06 --- /dev/null +++ b/filebeat/module/envoyproxy/log/ingest/pipeline-json.json @@ -0,0 +1,47 @@ +{ + "description": "Pipeline for normalizing envoyproxy access logs", + "processors": [ + { + "json" : { + "field" : "message", + "target_field" : "json" + } + }, + { + "remove": { + "field": ["message"], + "ignore_failure" : true + } + }, + { + "rename": { + "field": "json.message", + "target_field": "message", + "ignore_failure" : true + } + }, + { + "rename": { + "field": "json.kubernetes", + "target_field": "kubernetes", + "ignore_failure" : true + } + }, + { + "remove": { + "field": ["json"] + } + }, + { + "pipeline": { + "name": "{< IngestPipeline "pipeline-plaintext" >}" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "pipeline-json: {{ _ingest.on_failure_message }}" + } + }] +} \ No newline at end of file diff --git a/filebeat/module/envoyproxy/log/ingest/pipeline-plaintext.json b/filebeat/module/envoyproxy/log/ingest/pipeline-plaintext.json new file mode 100644 index 00000000000..e66e7d1104a --- /dev/null +++ b/filebeat/module/envoyproxy/log/ingest/pipeline-plaintext.json @@ -0,0 +1,117 @@ +{ + "description": "Pipeline for normalizing envoy access logs", + "processors": [ + { + "script": { + "lang": "painless", + "source": "if (ctx.message.charAt(0) == (char)(\"[\")) { ctx.temp_message = \"ACCESS \" + ctx.message;} else if (ctx.message.substring(0, 7) == \"ACCESS \") { ctx.temp_message = ctx.message;} else { throw new Exception(\"Not a valid envoyproxy access log\");}" + } + }, + { + "dissect": { + "field": "temp_message", + "pattern": "%{envoyproxy.log_type} [%{timestamp}] \"%{method} %{path} %{proto}\" %{response_code} %{envoyproxy.response_flags} %{bytes_received} %{bytes_sent} %{duration} %{upstream_service_time} \"%{source.address}\" \"%{user_agent.original}\" \"%{envoyproxy.request_id}\" \"%{envoyproxy.authority}\" \"%{dest}\"", + "on_failure" : [{ + "script": { + "lang": "painless", + "source": "ctx.remove('temp_message'); throw new Exception(\"Dissect error: Not a valid envoyproxy access log\");" + } + }] + } + }, + { + "script": { + "lang": "painless", + "source": "if (ctx.dest == \"-\") { ctx.remove('dest');} else { ctx['destination'] = new HashMap(); def p = ctx.dest.indexOf (':'); def l = ctx.dest.length(); ctx.destination.address = ctx.dest.substring(0, p); ctx.destination.port = ctx.dest.substring(p+1, l);} ctx.remove('dest');", + "if": "ctx.dest != null" + } + }, + { + "convert" : { + "field" : "destination.port", + "type": "integer", + "if": "ctx.destination?.port != null" + } + }, + { + "convert" : { + "field" : "duration", + "type": "double", + "if": "ctx.duration != null" + } + }, + { + "script": { + "lang": "painless", + "source": "ctx.event.duration = Math.round(ctx.duration * params.scale)", + "params": { + "scale": 1000000 + }, + "if": "ctx.duration != null" + } + }, + { + "remove": { + "field": ["json", "duration", "time", "temp_message"], + "ignore_missing": true + } + }, + { + "pipeline": { + "if": "ctx.proto.charAt(0) != (char)(\"-\")", + "name": "{< IngestPipeline "pipeline-http" >}" + } + }, + { + "pipeline": { + "if": "ctx.proto.charAt(0) == (char)(\"-\")", + "name": "{< IngestPipeline "pipeline-tcp" >}" + } + }, + { + "remove": { + "field": ["proto", "upstream_service_time"], + "ignore_failure": true + } + }, + { + "remove": { + "field": "source.address", + "if": "ctx.source.address == '-'" + } + }, + { + "remove": { + "field": "envoyproxy.response_flags", + "if": "ctx.envoyproxy.response_flags == '-'" + } + }, + { + "split": { + "field": "envoyproxy.response_flags", + "separator": "," , + "if": "ctx.envoyproxy.response_flags != null" + } + }, + { + "set" : { + "field" : "destination.ip", + "value" : "{{destination.address}}", + "if": "ctx.destination?.address != null" + } + }, + { + "set" : { + "field" : "source.ip", + "value" : "{{source.address}}", + "if": "ctx.source?.address != null" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "pipeline-plaintext: {{ _ingest.on_failure_message }}" + } + }] +} diff --git a/filebeat/module/envoyproxy/log/ingest/pipeline-tcp.json b/filebeat/module/envoyproxy/log/ingest/pipeline-tcp.json new file mode 100644 index 00000000000..8a84954dc23 --- /dev/null +++ b/filebeat/module/envoyproxy/log/ingest/pipeline-tcp.json @@ -0,0 +1,46 @@ +{ + "description": "Pipeline for normalizing envoy TCP ACCESS logs", + "processors": [ + { + "remove": { + "field": ["upstream_service_time", "method", "user_agent", "path", "response_code"] + } + }, + { + "rename": { + "field": "bytes_received", + "target_field": "destination.bytes" + } + }, + { + "convert" : { + "field" : "destination.bytes", + "type": "long" + } + }, + { + "rename": { + "field": "bytes_sent", + "target_field": "source.bytes" + } + }, + { + "convert" : { + "field" : "source.bytes", + "type": "long" + } + }, + { + "set": { + "field": "envoyproxy.proxy_type", + "value": "tcp" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "pipeline-tcp: {{ _ingest.on_failure_message }}" + } + }] +} \ No newline at end of file diff --git a/filebeat/module/envoyproxy/log/manifest.yml b/filebeat/module/envoyproxy/log/manifest.yml new file mode 100644 index 00000000000..3ad24871b55 --- /dev/null +++ b/filebeat/module/envoyproxy/log/manifest.yml @@ -0,0 +1,18 @@ +module_version: 1.0 + +var: + - name: paths + default: + # Change this if it is not "/var/log/envoy.log" in native deployment mode + - /var/log/envoy.log + - name: tags + default: [envoyproxy] + +ingest_pipeline: + - ingest/pipeline-entry.json + - ingest/pipeline-json.json + - ingest/pipeline-plaintext.json + - ingest/pipeline-http.json + - ingest/pipeline-tcp.json + - ingest/pipeline-geo-as.yml +input: config/envoyproxy.yml diff --git a/filebeat/module/envoyproxy/log/test/envoy-json.log b/filebeat/module/envoyproxy/log/test/envoy-json.log new file mode 100644 index 00000000000..31cb674f4c7 --- /dev/null +++ b/filebeat/module/envoyproxy/log/test/envoy-json.log @@ -0,0 +1,2 @@ +{"message":"ACCESS [2019-04-10T03:49:34.451Z] \"GET /httpbin/status/501 HTTP/1.1\" 501 - 0 0 180 179 \"172.17.0.3\" \"curl/7.59.0\" \"413bf460-bd56-4515-ada4-2a69c5e78e54\" \"httpbin.org\" \"52.71.234.219:80\"","stream":"stdout","time":"2019-02-12T18:37:43.139620629Z", "kubernetes": { "container": { "name": "ambassador" }, "node": { "name": "minikube" }, "pod": { "uid": "e57d545e-2a9d-11e9-995f-08002730e0dc", "name": "ambassador-76c58d9df4-jwhsg" }, "namespace": "default", "labels": { "service": "ambassador" }}} +{"message":"ACCESS [2019-04-06T06:20:05.972Z] \"- - -\" 0 UF,URX 0 0 0 - \"-\" \"-\" \"-\" \"-\" \"127.0.0.1:9200\"","stream":"stdout","time":"2019-02-12T18:37:43.139620629Z", "kubernetes": { "container": { "name": "ambassador" }, "node": { "name": "minikube" }, "pod": { "uid": "e57d545e-2a9d-11e9-995f-08002730e0dc", "name": "ambassador-76c58d9df4-jwhsg" }, "namespace": "default", "labels": { "service": "ambassador" }}}} diff --git a/filebeat/module/envoyproxy/log/test/envoy-json.log-expected.json b/filebeat/module/envoyproxy/log/test/envoy-json.log-expected.json new file mode 100644 index 00000000000..1d0193b2cba --- /dev/null +++ b/filebeat/module/envoyproxy/log/test/envoy-json.log-expected.json @@ -0,0 +1,85 @@ +[ + { + "@timestamp": "2019-04-10T03:49:34.451Z", + "destination.address": "52.71.234.219", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "52.71.234.219", + "destination.port": 80, + "envoyproxy.authority": "httpbin.org", + "envoyproxy.log_type": "ACCESS", + "envoyproxy.proxy_type": "http", + "envoyproxy.request_id": "413bf460-bd56-4515-ada4-2a69c5e78e54", + "envoyproxy.upstream_service_time": 179000000, + "event.dataset": "envoyproxy.log", + "event.duration": 180000000, + "event.module": "envoyproxy", + "fileset.name": "log", + "http.request.body.bytes": 0, + "http.request.method": "GET", + "http.response.body.bytes": 0, + "http.response.status_code": 501, + "http.version": "1.1", + "input.type": "log", + "kubernetes.container.name": "ambassador", + "kubernetes.labels.service": "ambassador", + "kubernetes.namespace": "default", + "kubernetes.node.name": "minikube", + "kubernetes.pod.name": "ambassador-76c58d9df4-jwhsg", + "kubernetes.pod.uid": "e57d545e-2a9d-11e9-995f-08002730e0dc", + "log.offset": 0, + "message": "ACCESS [2019-04-10T03:49:34.451Z] \"GET /httpbin/status/501 HTTP/1.1\" 501 - 0 0 180 179 \"172.17.0.3\" \"curl/7.59.0\" \"413bf460-bd56-4515-ada4-2a69c5e78e54\" \"httpbin.org\" \"52.71.234.219:80\"", + "service.type": "envoyproxy", + "source.address": "172.17.0.3", + "source.ip": "172.17.0.3", + "tags": [ + "envoyproxy" + ], + "url.domain": "httpbin.org", + "url.path": "/httpbin/status/501", + "user_agent.device.name": "Other", + "user_agent.name": "curl", + "user_agent.original": "curl/7.59.0", + "user_agent.version": "7.59.0" + }, + { + "@timestamp": "2019-04-06T06:20:05.972Z", + "destination.address": "127.0.0.1", + "destination.bytes": 0, + "destination.ip": "127.0.0.1", + "destination.port": 9200, + "envoyproxy.authority": "-", + "envoyproxy.log_type": "ACCESS", + "envoyproxy.proxy_type": "tcp", + "envoyproxy.request_id": "-", + "envoyproxy.response_flags": [ + "UF", + "URX" + ], + "event.dataset": "envoyproxy.log", + "event.duration": 0, + "event.module": "envoyproxy", + "fileset.name": "log", + "input.type": "log", + "kubernetes.container.name": "ambassador", + "kubernetes.labels.service": "ambassador", + "kubernetes.namespace": "default", + "kubernetes.node.name": "minikube", + "kubernetes.pod.name": "ambassador-76c58d9df4-jwhsg", + "kubernetes.pod.uid": "e57d545e-2a9d-11e9-995f-08002730e0dc", + "log.offset": 518, + "message": "ACCESS [2019-04-06T06:20:05.972Z] \"- - -\" 0 UF,URX 0 0 0 - \"-\" \"-\" \"-\" \"-\" \"127.0.0.1:9200\"", + "service.type": "envoyproxy", + "source.bytes": 0, + "tags": [ + "envoyproxy" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/envoyproxy/log/test/envoy.log b/filebeat/module/envoyproxy/log/test/envoy.log new file mode 100644 index 00000000000..cd8cf20b66e --- /dev/null +++ b/filebeat/module/envoyproxy/log/test/envoy.log @@ -0,0 +1,4 @@ +[2019-04-08T16:50:12.533Z] "- - -" 0 - 87 254 4 - "-" "-" "-" "-" "172.27.0.2:80" +[2019-04-08T16:16:55.931Z] "GET /service/1 HTTP/1.1" 200 - 0 89 5 4 "-" "curl/7.54.0" "c219f6da-2b7f-483e-9ced-ec323d9330a9" "localhost:8000" "172.27.0.3:80" +[2019-04-11T00:31:55.439Z] "GET /elastic HTTP/1.1" 404 NR 0 0 0 - "172.17.0.3" "curl/7.59.0" "58436667-bf70-4fd0-9fe9-cdadadecfd55" "192.168.99.107:30901" "-" +[2019-04-11T00:51:07.980Z] "GET /elastic/ HTTP/1.1" 301 - 0 0 41 39 "172.17.0.3" "curl/7.59.0" "078d1daa-b786-4d6d-85a5-7e4366adaa19" "www.elastic.co" "151.101.66.217:80" diff --git a/filebeat/module/envoyproxy/log/test/envoy.log-expected.json b/filebeat/module/envoyproxy/log/test/envoy.log-expected.json new file mode 100644 index 00000000000..7699096e111 --- /dev/null +++ b/filebeat/module/envoyproxy/log/test/envoy.log-expected.json @@ -0,0 +1,133 @@ +[ + { + "@timestamp": "2019-04-08T16:50:12.533Z", + "destination.address": "172.27.0.2", + "destination.bytes": 87, + "destination.ip": "172.27.0.2", + "destination.port": 80, + "envoyproxy.authority": "-", + "envoyproxy.log_type": "ACCESS", + "envoyproxy.proxy_type": "tcp", + "envoyproxy.request_id": "-", + "event.dataset": "envoyproxy.log", + "event.duration": 4000000, + "event.module": "envoyproxy", + "fileset.name": "log", + "input.type": "log", + "log.offset": 0, + "message": "[2019-04-08T16:50:12.533Z] \"- - -\" 0 - 87 254 4 - \"-\" \"-\" \"-\" \"-\" \"172.27.0.2:80\"", + "service.type": "envoyproxy", + "source.bytes": 254, + "tags": [ + "envoyproxy" + ] + }, + { + "@timestamp": "2019-04-08T16:16:55.931Z", + "destination.address": "172.27.0.3", + "destination.ip": "172.27.0.3", + "destination.port": 80, + "envoyproxy.authority": "localhost:8000", + "envoyproxy.log_type": "ACCESS", + "envoyproxy.proxy_type": "http", + "envoyproxy.request_id": "c219f6da-2b7f-483e-9ced-ec323d9330a9", + "envoyproxy.upstream_service_time": 4000000, + "event.dataset": "envoyproxy.log", + "event.duration": 5000000, + "event.module": "envoyproxy", + "fileset.name": "log", + "http.request.body.bytes": 89, + "http.request.method": "GET", + "http.response.body.bytes": 0, + "http.response.status_code": 200, + "http.version": "1.1", + "input.type": "log", + "log.offset": 82, + "message": "[2019-04-08T16:16:55.931Z] \"GET /service/1 HTTP/1.1\" 200 - 0 89 5 4 \"-\" \"curl/7.54.0\" \"c219f6da-2b7f-483e-9ced-ec323d9330a9\" \"localhost:8000\" \"172.27.0.3:80\"", + "service.type": "envoyproxy", + "tags": [ + "envoyproxy" + ], + "url.domain": "localhost:8000", + "url.path": "/service/1", + "user_agent.device.name": "Other", + "user_agent.name": "curl", + "user_agent.original": "curl/7.54.0", + "user_agent.version": "7.54.0" + }, + { + "@timestamp": "2019-04-11T00:31:55.439Z", + "envoyproxy.authority": "192.168.99.107:30901", + "envoyproxy.log_type": "ACCESS", + "envoyproxy.proxy_type": "http", + "envoyproxy.request_id": "58436667-bf70-4fd0-9fe9-cdadadecfd55", + "envoyproxy.response_flags": [ + "NR" + ], + "event.dataset": "envoyproxy.log", + "event.duration": 0, + "event.module": "envoyproxy", + "fileset.name": "log", + "http.request.body.bytes": 0, + "http.request.method": "GET", + "http.response.body.bytes": 0, + "http.response.status_code": 404, + "http.version": "1.1", + "input.type": "log", + "log.offset": 240, + "message": "[2019-04-11T00:31:55.439Z] \"GET /elastic HTTP/1.1\" 404 NR 0 0 0 - \"172.17.0.3\" \"curl/7.59.0\" \"58436667-bf70-4fd0-9fe9-cdadadecfd55\" \"192.168.99.107:30901\" \"-\"", + "service.type": "envoyproxy", + "source.address": "172.17.0.3", + "source.ip": "172.17.0.3", + "tags": [ + "envoyproxy" + ], + "url.domain": "192.168.99.107:30901", + "url.path": "/elastic", + "user_agent.device.name": "Other", + "user_agent.name": "curl", + "user_agent.original": "curl/7.59.0", + "user_agent.version": "7.59.0" + }, + { + "@timestamp": "2019-04-11T00:51:07.980Z", + "destination.address": "151.101.66.217", + "destination.as.number": 54113, + "destination.as.organization.name": "Fastly", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "151.101.66.217", + "destination.port": 80, + "envoyproxy.authority": "www.elastic.co", + "envoyproxy.log_type": "ACCESS", + "envoyproxy.proxy_type": "http", + "envoyproxy.request_id": "078d1daa-b786-4d6d-85a5-7e4366adaa19", + "envoyproxy.upstream_service_time": 39000000, + "event.dataset": "envoyproxy.log", + "event.duration": 41000000, + "event.module": "envoyproxy", + "fileset.name": "log", + "http.request.body.bytes": 0, + "http.request.method": "GET", + "http.response.body.bytes": 0, + "http.response.status_code": 301, + "http.version": "1.1", + "input.type": "log", + "log.offset": 399, + "message": "[2019-04-11T00:51:07.980Z] \"GET /elastic/ HTTP/1.1\" 301 - 0 0 41 39 \"172.17.0.3\" \"curl/7.59.0\" \"078d1daa-b786-4d6d-85a5-7e4366adaa19\" \"www.elastic.co\" \"151.101.66.217:80\"", + "service.type": "envoyproxy", + "source.address": "172.17.0.3", + "source.ip": "172.17.0.3", + "tags": [ + "envoyproxy" + ], + "url.domain": "www.elastic.co", + "url.path": "/elastic/", + "user_agent.device.name": "Other", + "user_agent.name": "curl", + "user_agent.original": "curl/7.59.0", + "user_agent.version": "7.59.0" + } +] \ No newline at end of file diff --git a/filebeat/module/envoyproxy/module.yml b/filebeat/module/envoyproxy/module.yml new file mode 100644 index 00000000000..ec3662ad001 --- /dev/null +++ b/filebeat/module/envoyproxy/module.yml @@ -0,0 +1,3 @@ +dashboards: +- id: 0c610510-5cbd-11e9-8477-077ec9664dbd + file: Filebeat-Envoyproxy-Overview.json \ No newline at end of file diff --git a/filebeat/module/googlecloud/_meta/config.yml b/filebeat/module/googlecloud/_meta/config.yml new file mode 100644 index 00000000000..7ca54bd84c0 --- /dev/null +++ b/filebeat/module/googlecloud/_meta/config.yml @@ -0,0 +1,54 @@ +- module: googlecloud + vpcflow: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be + # configured to use this topic as a sink for VPC flow logs. + var.topic: googlecloud-vpc-flowlogs + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + firewall: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: googlecloud-vpc-firewall + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-googlecloud-firewall-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + audit: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: googlecloud-vpc-audit + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-googlecloud-audit + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json diff --git a/filebeat/module/googlecloud/_meta/docs.asciidoc b/filebeat/module/googlecloud/_meta/docs.asciidoc new file mode 100644 index 00000000000..36a4ef8bd16 --- /dev/null +++ b/filebeat/module/googlecloud/_meta/docs.asciidoc @@ -0,0 +1,161 @@ +[role="xpack"] + +:modulename: googlecloud +:has-dashboards: false + +== Google Cloud module + + +This is a module for Google Cloud logs. It supports reading audit, VPC flow, +and firewall logs that have been exported from Stackdriver to a +Google Pub/Sub topic sink. + +include::../include/what-happens.asciidoc[] + +include::../include/gs-link.asciidoc[] + +include::../include/configuring-intro.asciidoc[] + +:fileset_ex: audit + +include::../include/config-option-intro.asciidoc[] + +[float] +==== `audit` fileset settings + +[role="screenshot"] +image::./images/filebeat-googlecloud-audit.png[] + +Example config: + +[source,yaml] +---- +- module: googleclcoud + audit: + enabled: true + var.project_id: my-gcp-project-id + var.topic: googlecloud-vpc-audit + var.subscription_name: filebeat-googlecloud-audit-sub + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + var.keep_original_message: false +---- + +include::../include/var-paths.asciidoc[] + +*`var.project_id`*:: + +Google Cloud project ID. + +*`var.topic`*:: + +Google Cloud Pub/Sub topic name. + +*`var.subscription_name`*:: + +Google Cloud Pub/Sub topic subscription name. If the subscription does not +exist it will be created. + +*`var.credentials_file`*:: + +Path to a JSON file containing the credentials and key used to subscribe. + +*`var.keep_original_message`*:: + +Flag to control whether the original message is stored in the `log.original` +field. Defaults to `false`, meaning the original message is not saved. + +:fileset_ex!: + +:fileset_ex: vpcflow + +[float] +==== `vpcflow` fileset settings + +Example config: + +[source,yaml] +---- +- module: googleclcoud + vpcflow: + enabled: true + var.project_id: my-gcp-project-id + var.topic: googlecloud-vpc-flowlogs + var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + var.keep_original_message: false +---- + +include::../include/var-paths.asciidoc[] + +*`var.project_id`*:: + +Google Cloud project ID. + +*`var.topic`*:: + +Google Cloud Pub/Sub topic name. + +*`var.subscription_name`*:: + +Google Cloud Pub/Sub topic subscription name. If the subscription does not +exist it will be created. + +*`var.credentials_file`*:: + +Path to a JSON file containing the credentials and key used to subscribe. + +*`var.keep_original_message`*:: + +Flag to control whether the original message is stored in the `log.original` +field. Defaults to `false`, meaning the original message is not saved. + +:fileset_ex!: + +:fileset_ex: firewall + +[float] +==== `firewall` fileset settings + +Example config: + +[source,yaml] +---- +- module: googleclcoud + firewall: + enabled: true + var.project_id: my-gcp-project-id + var.topic: googlecloud-vpc-firewall + var.subscription_name: filebeat-googlecloud-vpc-firewall-sub + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + var.keep_original_message: false +---- + +include::../include/var-paths.asciidoc[] + +*`var.project_id`*:: + +Google Cloud project ID. + +*`var.topic`*:: + +Google Cloud Pub/Sub topic name. + +*`var.subscription_name`*:: + +Google Cloud Pub/Sub topic subscription name. If the subscription does not +exist it will be created. + +*`var.credentials_file`*:: + +Path to a JSON file containing the credentials and key used to subscribe. + +*`var.keep_original_message`*:: + +Flag to control whether the original message is stored in the `log.original` +field. Defaults to `false`, meaning the original message is not saved. + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/googlecloud/_meta/fields.yml b/filebeat/module/googlecloud/_meta/fields.yml new file mode 100644 index 00000000000..8f97f9b19c0 --- /dev/null +++ b/filebeat/module/googlecloud/_meta/fields.yml @@ -0,0 +1,99 @@ +- key: googlecloud + title: Google Cloud + description: > + Module for handling logs from Google Cloud. + fields: + - name: googlecloud + type: group + description: > + Fields from Google Cloud logs. + fields: + - name: destination.instance + type: group + description: > + If the destination of the connection was a VM located on the same VPC, + this field is populated with VM instance details. In a Shared VPC + configuration, project_id corresponds to the project that owns the + instance, usually the service project. + fields: + - name: project_id + type: keyword + description: > + ID of the project containing the VM. + + - name: region + type: keyword + description: > + Region of the VM. + + - name: zone + type: keyword + description: > + Zone of the VM. + + - name: destination.vpc + type: group + description: > + If the destination of the connection was a VM located on the same VPC, + this field is populated with VPC network details. In a Shared VPC + configuration, project_id corresponds to that of the host project. + fields: + - name: project_id + type: keyword + description: > + ID of the project containing the VM. + + - name: vpc_name + type: keyword + description: > + VPC on which the VM is operating. + + - name: subnetwork_name + type: keyword + description: > + Subnetwork on which the VM is operating. + + - name: source.instance + type: group + description: > + If the source of the connection was a VM located on the same VPC, this + field is populated with VM instance details. In a Shared VPC + configuration, project_id corresponds to the project that owns the + instance, usually the service project. + fields: + - name: project_id + type: keyword + description: > + ID of the project containing the VM. + + - name: region + type: keyword + description: > + Region of the VM. + + - name: zone + type: keyword + description: > + Zone of the VM. + + - name: source.vpc + type: group + description: > + If the source of the connection was a VM located on the same VPC, this + field is populated with VPC network details. In a Shared VPC + configuration, project_id corresponds to that of the host project. + fields: + - name: project_id + type: keyword + description: > + ID of the project containing the VM. + + - name: vpc_name + type: keyword + description: > + VPC on which the VM is operating. + + - name: subnetwork_name + type: keyword + description: > + Subnetwork on which the VM is operating. diff --git a/filebeat/module/googlecloud/_meta/kibana/7/dashboard/filebeat-googlecloud-audit.json b/filebeat/module/googlecloud/_meta/kibana/7/dashboard/filebeat-googlecloud-audit.json new file mode 100644 index 00000000000..b87e6793afb --- /dev/null +++ b/filebeat/module/googlecloud/_meta/kibana/7/dashboard/filebeat-googlecloud-audit.json @@ -0,0 +1,741 @@ +{ + "objects": [ + { + "attributes": { + "description": "Overview of audit events from Google Cloud.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "hiddenLayers": [], + "isLayerTOCOpen": false, + "mapCenter": { + "lat": 32.1625, + "lon": -48.67493, + "zoom": 1.97 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 15, + "i": "a808a985-5cf3-463a-9aad-5159cb64cef1", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "a808a985-5cf3-463a-9aad-5159cb64cef1", + "panelRefName": "panel_0", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "9e7025b6-c3bf-424f-b541-d22d00e1fa64", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "9e7025b6-c3bf-424f-b541-d22d00e1fa64", + "panelRefName": "panel_1", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "5b6a8479-2c18-495e-88fa-9e3239277e3d", + "w": 12, + "x": 0, + "y": 15 + }, + "panelIndex": "5b6a8479-2c18-495e-88fa-9e3239277e3d", + "panelRefName": "panel_2", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "46da4e61-e0bb-4595-a2c7-05210bfbea64", + "w": 12, + "x": 12, + "y": 15 + }, + "panelIndex": "46da4e61-e0bb-4595-a2c7-05210bfbea64", + "panelRefName": "panel_3", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "4d698f07-2caf-45c0-bd48-51ea72ea79b0", + "w": 12, + "x": 24, + "y": 15 + }, + "panelIndex": "4d698f07-2caf-45c0-bd48-51ea72ea79b0", + "panelRefName": "panel_4", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "c5e31da0-d4c8-4554-ab32-61da2495ab6c", + "w": 12, + "x": 36, + "y": 15 + }, + "panelIndex": "c5e31da0-d4c8-4554-ab32-61da2495ab6c", + "panelRefName": "panel_5", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "95ebbda8-9b00-4b23-b116-72569ea031e3", + "w": 48, + "x": 0, + "y": 29 + }, + "panelIndex": "95ebbda8-9b00-4b23-b116-72569ea031e3", + "panelRefName": "panel_6", + "version": "8.0.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Filebeat GoogleCloud] Audit", + "version": 1 + }, + "id": "6576c480-73a2-11ea-a345-f985c61fe654", + "migrationVersion": { + "dashboard": "7.3.0" + }, + "references": [ + { + "id": "a97de660-73a5-11ea-a345-f985c61fe654", + "name": "panel_0", + "type": "map" + }, + { + "id": "4627efa0-73a2-11ea-a345-f985c61fe654", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "eb5bf570-73a2-11ea-a345-f985c61fe654", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "33ee1320-73a5-11ea-a345-f985c61fe654", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "a8e40240-73a3-11ea-a345-f985c61fe654", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "6d90d320-73a4-11ea-a345-f985c61fe654", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "panel_6", + "type": "search" + } + ], + "type": "dashboard", + "updated_at": "2020-03-31T23:18:30.933Z", + "version": "WzE1MTYsM10=" + }, + { + "attributes": { + "bounds": { + "coordinates": [ + [ + [ + -180, + 74.14342 + ], + [ + -180, + -58.35006 + ], + [ + 180, + -58.35006 + ], + [ + 180, + 74.14342 + ], + [ + -180, + 74.14342 + ] + ] + ], + "type": "Polygon" + }, + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"866b5ce1-6ca0-47db-a6f2-54c5e0dcd2f0\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"id\":\"79ec6461-7561-45e4-a6a2-9d6fbd4cf986\",\"geoField\":\"source.geo.location\",\"filterByMapBounds\":true,\"scalingType\":\"LIMIT\",\"topHitsSize\":1,\"type\":\"ES_SEARCH\",\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"applyGlobalQuery\":true,\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#41937c\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"279da950-e9a7-4287-ab37-25906e448455\",\"label\":\"Source Locations\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[],\"query\":{\"query\":\"event.dataset:googlecloud.audit\",\"language\":\"kuery\"}}]", + "mapStateJSON": "{\"zoom\":1.97,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-7d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":false,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]}", + "title": "Audit Source Locations [Filebeat GoogleCloud]", + "uiStateJSON": { + "isLayerTOCOpen": true, + "openTOCDetails": [] + } + }, + "id": "a97de660-73a5-11ea-a345-f985c61fe654", + "references": [ + { + "id": "filebeat-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "type": "map", + "updated_at": "2020-03-31T23:16:33.861Z", + "version": "WzE1MDksM10=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Audit Events Outcome over time [Filebeat GoogleCloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-7d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": true, + "missingBucketLabel": "[unknown]", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Audit Event Outcome over time [Filebeat GoogleCloud]", + "type": "histogram" + } + }, + "id": "4627efa0-73a2-11ea-a345-f985c61fe654", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-03-31T22:52:18.713Z", + "version": "WzE0MjQsM10=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Audit Event Action [Filebeat GoogleCloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Audit Event Action [Filebeat GoogleCloud]", + "type": "pie" + } + }, + "id": "eb5bf570-73a2-11ea-a345-f985c61fe654", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-03-31T22:56:55.878Z", + "version": "WzE0MzgsM10=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Audit Top User Email [Filebeat GoogleCloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user.email", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear", + "showLabel": true + }, + "title": "Audit Top User Email [Filebeat GoogleCloud]", + "type": "tagcloud" + } + }, + "id": "33ee1320-73a5-11ea-a345-f985c61fe654", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-03-31T23:13:16.626Z", + "version": "WzE0OTQsM10=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Audit User Agent [Filebeat GoogleCloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user_agent.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Audit User Agent [Filebeat GoogleCloud]", + "type": "pie" + } + }, + "id": "a8e40240-73a3-11ea-a345-f985c61fe654", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-03-31T23:02:13.859Z", + "version": "WzE0NTksM10=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Audit Resource Name [Filebeat GoogleCloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "googlecloud.audit.resource_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Audit Resource Name [Filebeat GoogleCloud]", + "type": "pie" + } + }, + "id": "6d90d320-73a4-11ea-a345-f985c61fe654", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-03-31T23:07:43.826Z", + "version": "WzE0NzEsM10=" + }, + { + "attributes": { + "columns": [ + "user.email", + "service.name", + "googlecloud.audit.type", + "event.action", + "event.outcome", + "source.ip", + "source.geo.region_name" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "googlecloud.audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "googlecloud.audit" + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [], + "title": "Audit [Filebeat GoogleCloud]", + "version": 1 + }, + "id": "d88364c0-73a1-11ea-a345-f985c61fe654", + "migrationVersion": { + "search": "7.4.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2020-03-31T22:49:14.763Z", + "version": "WzE0MTUsM10=" + } + ], + "version": "8.0.0-SNAPSHOT" +} diff --git a/filebeat/module/googlecloud/audit/_meta/fields.yml b/filebeat/module/googlecloud/audit/_meta/fields.yml new file mode 100644 index 00000000000..df3a5552ce4 --- /dev/null +++ b/filebeat/module/googlecloud/audit/_meta/fields.yml @@ -0,0 +1,133 @@ +- name: audit + type: group + description: > + Fields for Google Cloud audit logs. + fields: + - name: type + type: keyword + description: > + Type property. + - name: authentication_info + type: group + description: > + Authentication information. + fields: + - name: principal_email + type: keyword + description: > + The email address of the authenticated user making the request. + - name: authority_selector + type: keyword + description: > + The authority selector specified by the requestor, if any. It is not guaranteed + that the principal was allowed to use this authority. + - name: authorization_info + type: array + description: > + Authorization information for the operation. + fields: + - name: permission + type: keyword + description: > + The required IAM permission. + - name: granted + type: boolean + description: > + Whether or not authorization for resource and permission was granted. + - name: resource_attributes + type: group + description: > + The attributes of the resource. + fields: + - name: service + type: keyword + description: > + The name of the service. + - name: name + type: keyword + description: > + The name of the resource. + - name: type + type: keyword + description: > + The type of the resource. + - name: method_name + type: keyword + description: > + The name of the service method or operation. For API calls, this + should be the name of the API method. + For example, 'google.datastore.v1.Datastore.RunQuery'. + - name: num_response_items + type: long + description: > + The number of items returned from a List or Query API method, if applicable. + - name: request + type: group + description: > + The operation request. + fields: + - name: proto_name + type: keyword + description: > + Type property of the request. + - name: filter + type: keyword + description: > + Filter of the request. + - name: name + type: keyword + description: > + Name of the request. + - name: resource_name + type: keyword + description: > + Name of the request resource. + - name: request_metadata + type: group + description: > + Metadata about the request. + fields: + - name: caller_ip + type: ip + description: > + The IP address of the caller. + - name: caller_supplied_user_agent + type: keyword + description: > + The user agent of the caller. This information is not authenticated and + should be treated accordingly. + - name: resource_name + type: keyword + description: > + The resource or collection that is the target of the operation. + The name is a scheme-less URI, not including the API service name. + For example, 'shelves/SHELF_ID/books'. + - name: resource_location + type: group + description: > + The location of the resource. + fields: + - name: current_locations + type: keyword + description: > + Current locations of the resource. + - name: service_name + type: keyword + description: > + The name of the API service performing the operation. + For example, datastore.googleapis.com. + - name: status + type: group + description: > + The status of the overall operation. + fields: + - name: code + type: integer + description: > + The status code, which should be an enum value of google.rpc.Code. + - name: message + type: keyword + description: > + A developer-facing error message, which should be in English. Any user-facing + error message should be localized and sent in the google.rpc.Status.details + field, or localized by the client. diff --git a/filebeat/module/googlecloud/audit/config/input.yml b/filebeat/module/googlecloud/audit/config/input.yml new file mode 100644 index 00000000000..3cc0edf9f1c --- /dev/null +++ b/filebeat/module/googlecloud/audit/config/input.yml @@ -0,0 +1,31 @@ +{{ if eq .input "google-pubsub" }} + +type: google-pubsub +project_id: {{ .project_id }} +topic: {{ .topic }} +subscription.name: {{ .subscription_name }} +{{ if .credentials_file }} +credentials_file: {{ .credentials_file }} +{{ end }} +{{ if .credentials_json }} +credentials_json: {{ .credentials_json }} +{{ end }} + +{{ else if eq .input "file" }} + +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] + +{{ end }} + +processors: + - script: + lang: javascript + id: googlecloud_audit_script + file: ${path.home}/module/googlecloud/audit/config/pipeline.js + params: + keep_original_message: {{ .keep_original_message }} diff --git a/filebeat/module/googlecloud/audit/config/pipeline.js b/filebeat/module/googlecloud/audit/config/pipeline.js new file mode 100644 index 00000000000..ac151fae7d8 --- /dev/null +++ b/filebeat/module/googlecloud/audit/config/pipeline.js @@ -0,0 +1,180 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +function Audit(keep_original_message) { + var processor = require("processor"); + + // The pub/sub input writes the Stackdriver LogEntry object into the message + // field. The message needs decoded as JSON. + var decodeJson = new processor.DecodeJSONFields({ + fields: ["message"], + target: "json", + }); + + // Set @timetamp the LogEntry's timestamp. + var parseTimestamp = new processor.Timestamp({ + field: "json.timestamp", + timezone: "UTC", + layouts: ["2006-01-02T15:04:05.999999999Z07:00"], + tests: ["2019-06-14T03:50:10.845445834Z"], + ignore_missing: true, + }); + + var saveOriginalMessage = function(evt) {}; + if (keep_original_message) { + saveOriginalMessage = new processor.Convert({ + fields: [ + {from: "message", to: "event.original"} + ], + mode: "rename" + }); + } + + var dropPubSubFields = function(evt) { + evt.Delete("message"); + }; + + var saveMetadata = new processor.Convert({ + fields: [ + {from: "json.logName", to: "log.logger"}, + {from: "json.insertId", to: "event.id"}, + ], + ignore_missing: true + }); + + var setCloudMetadata = new processor.Convert({ + fields: [ + {from: "json.resource.labels.project_id", to: "cloud.project.id"}, + ], + ignore_missing: true + }); + + // The log includes a protoPayload field. + // https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry + var convertLogEntry = new processor.Convert({ + fields: [ + {from: "json.protoPayload", to: "json"}, + ], + mode: "rename", + }); + + // The LogEntry's protoPayload is moved to the json field. The protoPayload + // contains the structured audit log fields. + var convertProtoPayload = new processor.Convert({ + fields: [ + {from: "json.@type", to: "json.type"}, + + {from: "json.authenticationInfo.principalEmail", to: "json.authenticationInfo.principal_email"}, + {from: "json.authenticationInfo.authoritySelector", to: "json.authenticationInfo.authority_selector"}, + {from: "json.authenticationInfo", to: "json.authentication_info"}, + + {from: "json.authorizationInfo", to: "json.authorization_info"}, + + {from: "json.methodName", to: "json.method_name"}, + + {from: "json.numResponseItems", to: "json.num_response_items", type: "long"}, + + {from: "json.request.@type", to: "json.request.proto_name"}, + {from: "json.request.filter", to: "json.request.filter"}, + {from: "json.request.name", to: "json.request.name"}, + {from: "json.request.resourceName", to: "json.request.resource_name"}, + + {from: "json.requestMetadata.callerIp", to: "json.requestMetadata.caller_ip", type: "ip"}, + {from: "json.requestMetadata.callerSuppliedUserAgent", to: "json.requestMetadata.caller_supplied_user_agent"}, + {from: "json.requestMetadata", to: "json.request_metadata"}, + + {from: "json.resourceName", to: "json.resource_name"}, + + {from: "json.resourceLocation.currentLocations", to: "json.resourceLocation.current_locations"}, + {from: "json.resourceLocation", to: "json.resource_location"}, + + {from: "json.serviceName", to: "json.service_name"}, + + {from: "json", to: "googlecloud.audit"}, + ], + mode: "rename", + ignore_missing: true, + }); + + // Copy some fields + var copyFields = new processor.Convert({ + fields: [ + {from: "googlecloud.audit.request_metadata.caller_ip", to: "source.ip"}, + {from: "googlecloud.audit.authentication_info.principal_email", to: "user.email"}, + {from: "googlecloud.audit.service_name", to: "service.name"}, + {from: "googlecloud.audit.request_metadata.caller_supplied_user_agent", to: "user_agent.original"}, + {from: "googlecloud.audit.method_name", to: "event.action"}, + ], + fail_on_error: false, + }); + + // Drop extra fields + var dropExtraFields = function(evt) { + evt.Delete("json"); + evt.Delete("googlecloud.audit.request_metadata.requestAttributes"); + evt.Delete("googlecloud.audit.request_metadata.destinationAttributes"); + }; + + // Rename nested fields + var RenameNestedFields = function(evt) { + var arr = evt.Get("googlecloud.audit.authorization_info"); + for (var i = 0; i < arr.length; i++) { + arr[i].resource_attributes = arr[i].resourceAttributes; + delete arr[i].resourceAttributes; + } + }; + + // Set ECS categorization fields. + var setECSCategorization = function(evt) { + if (evt.Get("googlecloud.audit.status.code") == null) { + var authorization_info = evt.Get("googlecloud.audit.authorization_info"); + if (authorization_info.length === 1) { + if (authorization_info[0].granted == null) { + evt.Put("event.outcome", "unknown"); + } else if (authorization_info[0].granted === true) { + evt.Put("event.outcome", "success"); + } else { + evt.Put("event.outcome", "failure"); + } + } else { + evt.Put("event.outcome", "unknown"); + } + } else if (evt.Get("googlecloud.audit.status.code") === 0) { + evt.Put("event.outcome", "success"); + } else { + evt.Put("event.outcome", "failure"); + } + evt.Put("event.kind", "event"); + }; + + var pipeline = new processor.Chain() + .Add(decodeJson) + .Add(parseTimestamp) + .Add(saveOriginalMessage) + .Add(dropPubSubFields) + .Add(saveMetadata) + .Add(setCloudMetadata) + .Add(convertLogEntry) + .Add(convertProtoPayload) + .Add(copyFields) + .Add(dropExtraFields) + .Add(RenameNestedFields) + .Add(setECSCategorization) + .Build(); + + return { + process: pipeline.Run, + }; +} + +var audit; + +// Register params from configuration. +function register(params) { + audit = new Audit(params.keep_original_message); +} + +function process(evt) { + return audit.process(evt); +} diff --git a/filebeat/module/googlecloud/audit/ingest/pipeline.yml b/filebeat/module/googlecloud/audit/ingest/pipeline.yml new file mode 100644 index 00000000000..6c148a0c07c --- /dev/null +++ b/filebeat/module/googlecloud/audit/ingest/pipeline.yml @@ -0,0 +1,33 @@ +description: Pipeline for Google Cloud audit logs + +processors: + - user_agent: + field: user_agent.original + ignore_missing: true + # IP Geolocation Lookup + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/googlecloud/audit/manifest.yml b/filebeat/module/googlecloud/audit/manifest.yml new file mode 100644 index 00000000000..347d8eaa1cb --- /dev/null +++ b/filebeat/module/googlecloud/audit/manifest.yml @@ -0,0 +1,21 @@ +module_version: "1.0" + +var: + - name: input + default: google-pubsub + - name: project_id + default: SET_PROJECT_NAME + - name: topic + default: stackdriver-audit + - name: subscription_name + default: filebeat-googlecloud-audit + - name: credentials_file + - name: credentials_json + - name: keep_original_message + default: false +ingest_pipeline: ingest/pipeline.yml +input: config/input.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log b/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log new file mode 100644 index 00000000000..2120a297a5f --- /dev/null +++ b/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log @@ -0,0 +1,4 @@ +{"insertId":"-uihnmjctwo","logName":"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access","protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo":{"principalEmail":"xxx@xxx.xxx"},"authorizationInfo":[{"granted":true,"permission":"resourcemanager.projects.get","resource":"projects/elastic-beats","resourceAttributes":{}}],"methodName":"GetResourceBillingInfo","request":{"@type":"type.googleapis.com/google.internal.cloudbilling.billingaccount.v1.GetResourceBillingInfoRequest","resourceName":"projects/189716325846"},"requestMetadata":{"callerIp":"192.168.1.1","destinationAttributes":{},"requestAttributes":{}},"resourceName":"projects/elastic-beats","serviceName":"cloudbilling.googleapis.com","status":{}},"receiveTimestamp":"2019-12-19T00:49:36.313482371Z","resource":{"labels":{"project_id":"elastic-beats"},"type":"project"},"severity":"INFO","timestamp":"2019-12-19T00:49:36.086Z"} +{"insertId":"-h6onuze1h7dg","logName":"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access","protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo":{"principalEmail":"xxx@xxx.xxx"},"authorizationInfo":[{"granted":false,"permission":"compute.machineTypes.list","resourceAttributes":{"name":"projects/elastic-beats","service":"resourcemanager","type":"resourcemanager.projects"}}],"methodName":"beta.compute.machineTypes.aggregatedList","numResponseItems":"71","request":{"@type":"type.googleapis.com/compute.machineTypes.aggregatedList"},"requestMetadata":{"callerIp":"192.168.1.1","callerSuppliedUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)","destinationAttributes":{},"requestAttributes":{"auth":{},"time":"2019-12-19T00:45:51.711Z"}},"resourceLocation":{"currentLocations":["global"]},"resourceName":"projects/elastic-beats/global/machineTypes","serviceName":"compute.googleapis.com"},"receiveTimestamp":"2019-12-19T00:45:52.367887078Z","resource":{"labels":{"location":"global","method":"compute.machineTypes.aggregatedList","project_id":"elastic-beats","service":"compute.googleapis.com","version":"beta"},"type":"api"},"severity":"INFO","timestamp":"2019-12-19T00:45:51.228Z"} +{"insertId":"yonau2dg2zi","logName":"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access","protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo":{"principalEmail":"xxx@xxx.xxx"},"authorizationInfo":[{"granted":true,"permission":"compute.instances.list","resourceAttributes":{"name":"projects/elastic-beats","service":"resourcemanager","type":"resourcemanager.projects"}}],"methodName":"beta.compute.instances.aggregatedList","numResponseItems":"61","request":{"@type":"type.googleapis.com/compute.instances.aggregatedList"},"requestMetadata":{"callerIp":"192.168.1.1","callerSuppliedUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)","destinationAttributes":{},"requestAttributes":{"auth":{},"time":"2019-12-19T00:44:25.198Z"}},"resourceLocation":{"currentLocations":["global"]},"resourceName":"projects/elastic-beats/global/instances","serviceName":"compute.googleapis.com"},"receiveTimestamp":"2019-12-19T00:44:25.262379373Z","resource":{"labels":{"location":"global","method":"compute.instances.aggregatedList","project_id":"elastic-beats","service":"compute.googleapis.com","version":"beta"},"type":"api"},"severity":"INFO","timestamp":"2019-12-19T00:44:25.051Z"} +{"insertId":"yonau3dc2zi","logName":"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access","protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo":{"principalEmail":"xxx@xxx.xxx"},"authorizationInfo":[{"permission":"compute.instances.list","resourceAttributes":{"name":"projects/elastic-beats","service":"resourcemanager","type":"resourcemanager.projects"}}],"methodName":"beta.compute.instances.aggregatedList","numResponseItems":"61","request":{"@type":"type.googleapis.com/compute.instances.aggregatedList"},"requestMetadata":{"callerIp":"192.168.1.1","callerSuppliedUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)","destinationAttributes":{},"requestAttributes":{"auth":{},"time":"2019-12-19T00:44:25.198Z"}},"resourceLocation":{"currentLocations":["global"]},"resourceName":"projects/elastic-beats/global/instances","serviceName":"compute.googleapis.com","status":{"code":7,"message":"PERMISSION_DENIED"}},"receiveTimestamp":"2019-12-19T00:44:25.262379373Z","resource":{"labels":{"location":"global","method":"compute.instances.aggregatedList","project_id":"elastic-beats","service":"compute.googleapis.com","version":"beta"},"type":"api"},"severity":"INFO","timestamp":"2019-12-19T00:44:25.051Z"} diff --git a/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json b/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json new file mode 100644 index 00000000000..cf665ca41d1 --- /dev/null +++ b/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json @@ -0,0 +1,181 @@ +[ + { + "@timestamp": "2019-12-19T00:49:36.086Z", + "cloud.project.id": "elastic-beats", + "event.action": "GetResourceBillingInfo", + "event.dataset": "googlecloud.audit", + "event.id": "-uihnmjctwo", + "event.kind": "event", + "event.module": "googlecloud", + "event.outcome": "success", + "fileset.name": "audit", + "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", + "googlecloud.audit.authorization_info": [ + { + "granted": true, + "permission": "resourcemanager.projects.get", + "resource": "projects/elastic-beats", + "resource_attributes": {} + } + ], + "googlecloud.audit.method_name": "GetResourceBillingInfo", + "googlecloud.audit.request.proto_name": "type.googleapis.com/google.internal.cloudbilling.billingaccount.v1.GetResourceBillingInfoRequest", + "googlecloud.audit.request.resource_name": "projects/189716325846", + "googlecloud.audit.request_metadata.caller_ip": "192.168.1.1", + "googlecloud.audit.resource_name": "projects/elastic-beats", + "googlecloud.audit.service_name": "cloudbilling.googleapis.com", + "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "input.type": "log", + "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", + "log.offset": 0, + "service.name": "cloudbilling.googleapis.com", + "service.type": "googlecloud", + "source.ip": "192.168.1.1", + "user.email": "xxx@xxx.xxx" + }, + { + "@timestamp": "2019-12-19T00:45:51.228Z", + "cloud.project.id": "elastic-beats", + "event.action": "beta.compute.machineTypes.aggregatedList", + "event.dataset": "googlecloud.audit", + "event.id": "-h6onuze1h7dg", + "event.kind": "event", + "event.module": "googlecloud", + "event.outcome": "failure", + "fileset.name": "audit", + "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", + "googlecloud.audit.authorization_info": [ + { + "granted": false, + "permission": "compute.machineTypes.list", + "resource_attributes": { + "name": "projects/elastic-beats", + "service": "resourcemanager", + "type": "resourcemanager.projects" + } + } + ], + "googlecloud.audit.method_name": "beta.compute.machineTypes.aggregatedList", + "googlecloud.audit.num_response_items": 71, + "googlecloud.audit.request.proto_name": "type.googleapis.com/compute.machineTypes.aggregatedList", + "googlecloud.audit.request_metadata.caller_ip": "192.168.1.1", + "googlecloud.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", + "googlecloud.audit.resource_location.current_locations": [ + "global" + ], + "googlecloud.audit.resource_name": "projects/elastic-beats/global/machineTypes", + "googlecloud.audit.service_name": "compute.googleapis.com", + "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "input.type": "log", + "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", + "log.offset": 945, + "service.name": "compute.googleapis.com", + "service.type": "googlecloud", + "source.ip": "192.168.1.1", + "user.email": "xxx@xxx.xxx", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", + "user_agent.os.full": "Mac OS X 10.15", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.15", + "user_agent.version": "71.0." + }, + { + "@timestamp": "2019-12-19T00:44:25.051Z", + "cloud.project.id": "elastic-beats", + "event.action": "beta.compute.instances.aggregatedList", + "event.dataset": "googlecloud.audit", + "event.id": "yonau2dg2zi", + "event.kind": "event", + "event.module": "googlecloud", + "event.outcome": "success", + "fileset.name": "audit", + "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", + "googlecloud.audit.authorization_info": [ + { + "granted": true, + "permission": "compute.instances.list", + "resource_attributes": { + "name": "projects/elastic-beats", + "service": "resourcemanager", + "type": "resourcemanager.projects" + } + } + ], + "googlecloud.audit.method_name": "beta.compute.instances.aggregatedList", + "googlecloud.audit.num_response_items": 61, + "googlecloud.audit.request.proto_name": "type.googleapis.com/compute.instances.aggregatedList", + "googlecloud.audit.request_metadata.caller_ip": "192.168.1.1", + "googlecloud.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", + "googlecloud.audit.resource_location.current_locations": [ + "global" + ], + "googlecloud.audit.resource_name": "projects/elastic-beats/global/instances", + "googlecloud.audit.service_name": "compute.googleapis.com", + "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "input.type": "log", + "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", + "log.offset": 2252, + "service.name": "compute.googleapis.com", + "service.type": "googlecloud", + "source.ip": "192.168.1.1", + "user.email": "xxx@xxx.xxx", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", + "user_agent.os.full": "Mac OS X 10.15", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.15", + "user_agent.version": "71.0." + }, + { + "@timestamp": "2019-12-19T00:44:25.051Z", + "cloud.project.id": "elastic-beats", + "event.action": "beta.compute.instances.aggregatedList", + "event.dataset": "googlecloud.audit", + "event.id": "yonau3dc2zi", + "event.kind": "event", + "event.module": "googlecloud", + "event.outcome": "failure", + "fileset.name": "audit", + "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", + "googlecloud.audit.authorization_info": [ + { + "permission": "compute.instances.list", + "resource_attributes": { + "name": "projects/elastic-beats", + "service": "resourcemanager", + "type": "resourcemanager.projects" + } + } + ], + "googlecloud.audit.method_name": "beta.compute.instances.aggregatedList", + "googlecloud.audit.num_response_items": 61, + "googlecloud.audit.request.proto_name": "type.googleapis.com/compute.instances.aggregatedList", + "googlecloud.audit.request_metadata.caller_ip": "192.168.1.1", + "googlecloud.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", + "googlecloud.audit.resource_location.current_locations": [ + "global" + ], + "googlecloud.audit.resource_name": "projects/elastic-beats/global/instances", + "googlecloud.audit.service_name": "compute.googleapis.com", + "googlecloud.audit.status.code": 7, + "googlecloud.audit.status.message": "PERMISSION_DENIED", + "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "input.type": "log", + "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", + "log.offset": 3541, + "service.name": "compute.googleapis.com", + "service.type": "googlecloud", + "source.ip": "192.168.1.1", + "user.email": "xxx@xxx.xxx", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", + "user_agent.os.full": "Mac OS X 10.15", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.15", + "user_agent.version": "71.0." + } +] \ No newline at end of file diff --git a/filebeat/module/googlecloud/fields.go b/filebeat/module/googlecloud/fields.go new file mode 100644 index 00000000000..bd307583c9a --- /dev/null +++ b/filebeat/module/googlecloud/fields.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package googlecloud + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "googlecloud", asset.ModuleFieldsPri, AssetGooglecloud); err != nil { + panic(err) + } +} + +// AssetGooglecloud returns asset data. +// This is the base64 encoded gzipped contents of module/googlecloud. +func AssetGooglecloud() string { + return "eJzsWltvG7sRfvevmDe3gLMHfc1DAUOOW6Nx4WOrKdAXgSZHWtZccsuLVOXXH/C22qssW+sAAaKnZC/ffJwZznyc9Sd4wf1n2Ci1EUiFcuwCwHIr8DP8LVyERbrK0FDNa8uV/Ax/vQAAuFfMCYS10lASyQSXGxBqY2CtVdV5v7gAWHMUzHwOb34CSSrsG/Y/u6/9da1cna6MGPa/2wA3NBUYFOmxts22XYbGckk8ZsGlsURSbB4aI3GEiP/drcGW2IYFFS9RJSXScGVHDBD4dg9CUWKRgZLhEUMqhG8Pi6sOpC25ifyBG6hV7UR4acdt6UEybWBoCRemgDsJBJ5KopF5uA4aVXLNN04HbldQa/VfpHbFGVClNZpaSWbAqkAo3QVbEgtqJ42/2oHLxq/AGUeE2MeFoN5y2rxftF7pB6IdjAOZzu0chhfc75Tu3zsSjBCQmxyAvBiqpCVc+hz1l7/dFxejbDRuuJLzMXkMeJnNpNnvSuJ8Rv+jJI6aHNsA25r+VLn/sACJdqf0y+y57/M9ci+VsT93Im9ruvL/mo+L97yPZclpmWz7+KgavW/lZoKIcc8pXjPzeWqAT6XVUFJOU5yz9EfE92R+yPYO5K+q/6vqf0jVT2k/T8H/IRn/q9b/qvXhd3Kt7zMijnF7Trrng4bS3XNGAO6cNmA0ZzIRb/jiNG8c9cVyX4cEqVHbfTFiiDhborSchk2w4nKtRuz2PfCK1esOKHhQXUX9CMOtPLlpuKS8JmKFFeFivuxYlggBEghjGo3JG6nlC2TgDGqoyEveTxr/59DY3graflSa2/3KoEBqlZ6XcIMPGR9MjZSvOTJ43rcZKn0FfA1E7gu4sz7jpbKwcUQTaREZDAyE+hZLSfJ5rMtCqB0yXwGdwSi0Gx4dP/S88P1oMhGtyf5tydRgtnMp7DLPOm1oJYvTkwt1xY2ZtY0vUwi47zV31/ctIxNJswkRGW8Kz0oJJH16r1D4d4m2RA1Kh5h3whHcpTF1YiJZi18Id2IzwTW/uSLWav7sLJpR3sNScVp+N6h5N2aDRe/5sbC2ekoUmMMUPxLXVwlGit5AJpfM9LllFiPtbHYKU/6ZbCEzcfAQxzhk+xXaUrFhZ39vJxuPQDLjM/5QBuBWabh+uANKhDBRQvarnimVEwyeMaC1kf2LEbXov+Rx8f+kqgVewWUcSBaMWOKrLhbbvxQ3zX8enfzdod5fjjlHumoVFabBFbdYmREfCSU3b3SQq5799l9DwASN1mmJLE4+CXzlxnpXBWKthcaGUdeCU/IsRsOZmsv54mDZrthNV32DLFBWzawXOyrpkNsjzDKLNRcWZ2zxtwHvJNPzLv2fnYpyTOE0DeDDCRzKypjGSA+tKrTEb73zM/I+IQF5Vs5OR+BYWvpKg3rF+60vEhpcPqEj3j309Wm0MRGeRMA4v4uRrbx8XZENSjuvwgmyOOD2aS19lW3rs6Q8u7LaC48BcKsYa4yPUao043IjRo8t08l4RntpxJHSQJUQaUQR1DEPEy6wRG+wWXmr40x1Ky+ZwdASK/wkfCz/9Xh3FdzCJRWO5dOFr8W5pfkXX2k9pkSxRfPb09+/fL1d3d389qzUixltNY2rwoSlr3jfXcIz2nE5cnTLOK1R2obXuJ58V6IuInRD8qio7EnHD1Ms7RDXqP0+ydGfTqRO2A9KI0oPUnNTUFWNrsYS68ZUxTtiHbGarN+iJkJMkj4ac8XGeweXFjeDjnpCPUrcPPBVGvUcqgmRgNJVsCXChTgkyaZrWiwU6++yg3Q1hmxmbHLXwHCLwnvs05pQH3bUWulsacicS/giN4KbsoBruQ9lN786gO9gtUB8+gv+PVVd43cEj+PVlh+eggOLNDEdgodwXvmaeIBLAwcqOMq2XjjII407ItpDm9lGabcJ+w3TNO0ErtICz98RN4ebeUvk9QZLsWFUxNISWTx7HAber5fHzgQsjFomTnGD48GA+TKOdOLcKE9LOlynDo+EDjoFvO34eN1qnqHyes+ksmdAyeigKfuMazybwk0GCWHSZL3mtB0cE4NzzA8a16hRnjdQeMwg+evZSSFIXVsTOahEb7Iez3zr/Akm4JlDXLqpG86A/raajMzh0/183Np/DzBJ8HVuyWWWDPfFmYOPTNTzaH3PsmRzhiujmPwRdJNsPY8ur1e10nY41oUjo9030eV1PN5TJUxoWYeRBHjTOTfCJNMJNK8kQlZ0/jDhBgehj0qKrPGS1fMT5AcvIyXLOctofWpcC7X7CBnw7WEBHvstMgB9EvVE5hni3nCGSbglaBb9I9SugAWRXoMhDxP5y6fHxaUXUZc3X56WrYPaGE9rixkGgl+JRUn3QAxUSIzTyOBP3o/LxUPg6Nuw2P8ZmNP5IGK5P7NKi3pLRD7SDw5m+UEUpDZeDqLdIUqvMMOBlsDTl9/DBtZIkW/jtcNHdf//68U/erD+ed58xo7n7fwZ93G59OvYoe8D8VaqDWmKGP8OgKEg++LijwAAAP//F4rICQ==" +} diff --git a/filebeat/module/googlecloud/firewall/_meta/fields.yml b/filebeat/module/googlecloud/firewall/_meta/fields.yml new file mode 100644 index 00000000000..e54bfa2ae5c --- /dev/null +++ b/filebeat/module/googlecloud/firewall/_meta/fields.yml @@ -0,0 +1,48 @@ +- name: firewall + type: group + description: > + Fields for Google Cloud Firewall logs. + fields: + - name: rule_details + type: group + description: > + Description of the firewall rule that matched this connection. + fields: + - name: priority + type: long + description: The priority for the firewall rule. + - name: action + type: keyword + description: Action that the rule performs on match. + - name: direction + type: keyword + description: Direction of traffic that matches this rule. + - name: reference + type: keyword + description: Reference to the firewall rule. + - name: source_range + type: keyword + description: List of source ranges that the firewall rule applies to. + - name: destination_range + type: keyword + description: List of destination ranges that the firewall applies to. + - name: source_tag + type: keyword + description: > + List of all the source tags that the firewall rule applies to. + - name: target_tag + type: keyword + description: > + List of all the target tags that the firewall rule applies to. + - name: ip_port_info + type: array + description: > + List of ip protocols and applicable port ranges for rules. + - name: source_service_account + type: keyword + description: > + List of all the source service accounts that the firewall rule applies to. + - name: target_service_account + type: keyword + description: > + List of all the target service accounts that the firewall rule applies to. diff --git a/filebeat/module/googlecloud/firewall/config/input.yml b/filebeat/module/googlecloud/firewall/config/input.yml new file mode 100644 index 00000000000..377223630e8 --- /dev/null +++ b/filebeat/module/googlecloud/firewall/config/input.yml @@ -0,0 +1,32 @@ +{{ if eq .input "google-pubsub" }} + +type: google-pubsub +project_id: {{ .project_id }} +topic: {{ .topic }} +subscription.name: {{ .subscription_name }} +{{ if .credentials_file }} +credentials_file: {{ .credentials_file }} +{{ end }} +{{ if .credentials_json }} +credentials_json: {{ .credentials_json }} +{{ end }} + +{{ else if eq .input "file" }} + +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] + +{{ end }} + +processors: + - script: + lang: javascript + id: googlecloud_firewall_script + params: + debug: {{ .debug }} + keep_original_message: {{ .keep_original_message }} + file: ${path.home}/module/googlecloud/firewall/config/pipeline.js diff --git a/filebeat/module/googlecloud/firewall/config/pipeline.js b/filebeat/module/googlecloud/firewall/config/pipeline.js new file mode 100644 index 00000000000..ef184bc8620 --- /dev/null +++ b/filebeat/module/googlecloud/firewall/config/pipeline.js @@ -0,0 +1,331 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +var processor = require("processor"); +var console = require("console"); + +// makeMapper({from:field, to:field, default:value mappings:{orig: new, [...]}}) +// +// Processor that sets _to_ field from a mapping of _from_ field's value. +function makeMapper(options) { + return function (evt) { + var key = evt.Get(options.from); + var value = options.default; + if (key in options.mappings) { + value = options.mappings[key]; + } + if (value != null) { + evt.Put(options.to, value); + } + }; +} + +// makeConditional({condition:expr, result1:processor|expr, [...]}) +// +// Processor that selects which processor to run depending on the result of +// evaluating a _condition_. Result can be boolean (if-else equivalent) or any +// other value (switch equivalent). Unspecified values are a no-op. +function makeConditional(options) { + return function (evt) { + var branch = options[options.condition(evt)] || function(evt){}; + return (typeof branch === "function" ? branch : branch.Run)(evt); + }; +} + +// logEvent(msg) +// +// Processor that logs the current value of evt to console.debug. +function makeLogEvent(msg) { + return function (evt) { + console.debug(msg + " :" + JSON.stringify(evt, null, 4)); + }; +} + +// PipelineBuilder to aid debugging of pipelines during development. +function PipelineBuilder(pipelineName, debug) { + this.pipeline = new processor.Chain(); + this.add = function (processor) { + this.pipeline = this.pipeline.Add(processor); + }; + this.Add = function (name, processor) { + this.add(processor); + if (debug) { + this.add(makeLogEvent("after " + pipelineName + "/" + name)); + } + }; + this.Build = function () { + if (debug) { + this.add(makeLogEvent(pipelineName + "processing done")); + } + return this.pipeline.Build(); + }; + if (debug) { + this.add(makeLogEvent(pipelineName + ": begin processing event")); + } +} + +function FirewallProcessor(keep_original_message, debug) { + var builder = new PipelineBuilder("firewall", debug); + + // The pub/sub input writes the Stackdriver LogEntry object into the message + // field. The message needs decoded as JSON. + builder.Add("decodeJson", new processor.DecodeJSONFields({ + fields: ["message"], + target: "json" + })); + + // Set @timestamp to the LogEntry's timestamp. + builder.Add("parseTimestamp", new processor.Timestamp({ + field: "json.timestamp", + timezone: "UTC", + layouts: ["2006-01-02T15:04:05.999999999Z07:00"], + tests: ["2019-06-14T03:50:10.845445834Z"], + ignore_missing: true + })); + + if (keep_original_message) { + builder.Add("saveOriginalMessage", new processor.Convert({ + fields: [ + {from: "message", to: "event.original"} + ], + mode: "rename" + })); + } + + builder.Add("dropPubSubFields", function(evt) { + evt.Delete("message"); + evt.Delete("labels"); + }); + + builder.Add("categorizeEvent", new processor.AddFields({ + target: "event", + fields: { + kind: "event", + category: "network", + type: "connection", + action: "firewall-rule" + }, + })); + + builder.Add("saveMetadata", new processor.Convert({ + fields: [ + {from: "json.logName", to: "log.logger"}, + {from: "json.resource.labels.subnetwork_name", to: "network.name"}, + {from: "json.insertId", to: "event.id"} + ], + ignore_missing: true + })); + + // Firewall logs are structured so the LogEntry includes a jsonPayload field. + // https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry + // The LogEntry's jsonPayload is moved to the json field. The jsonPayload + // contains the structured VPC flow log fields. + builder.Add("convertLogEntry", new processor.Convert({ + fields: [ + {from: "json.jsonPayload", to: "json"}, + ], + mode: "rename" + })); + + builder.Add("addType", function(evt) { + var disp = evt.Get("json.disposition"); + if (disp != null) { + evt.AppendTo("event.type", disp.toLowerCase()); + } + }); + + builder.Add("addDirection", makeMapper({ + from: "json.rule_details.direction", + to: "network.direction", + mappings: { + INGRESS: "inbound", + EGRESS: "outbound" + }, + default: "unknown" + })); + + builder.Add("conditionalRename", makeConditional({ + condition: function(evt) { + return evt.Get("json.rule_details.direction"); + }, + EGRESS: processor.Convert({ + fields: [ + {from: "json.vpc", to: "json.src_vpc"}, + {from: "json.instance", to: "json.src_instance"}, + {from: "json.location", to: "json.src_location"}, + {from: "json.remote_vpc", to: "json.dest_vpc"}, + {from: "json.remote_instance", to: "json.dest_instance"}, + {from: "json.remote_location", to: "json.dest_location"} + ], + mode: "rename", + fail_on_error: false, + ignore_missing: true + }), + + INGRESS: processor.Convert({ + fields: [ + {from: "json.vpc", to: "json.dest_vpc"}, + {from: "json.instance", to: "json.dest_instance"}, + {from: "json.location", to: "json.dest_location"}, + {from: "json.remote_vpc", to: "json.src_vpc"}, + {from: "json.remote_instance", to: "json.src_instance"}, + {from: "json.remote_location", to: "json.src_location"} + ], + mode: "rename", + fail_on_error: false, + ignore_missing: true + }) + })); + + // Set network.iana_number from connection.protocol, converting it to long + // and ignoring the failure if it's not numeric. + builder.Add("ianaNumber", new processor.Convert({ + fields: [{ + from: "json.connection.protocol", + to: "network.iana_number", + type: "long" + }], + fail_on_error: false + })); + + // Set network.transport from iana_number. GCP Firewall only supports + // logging of tcp and udp connections, added icmp just in case as it's the + // other protocol supported by firewall rules. + builder.Add("transportFromIANA", makeMapper({ + from: "network.iana_number", + to: "network.transport", + mappings: { + 1: "icmp", + 6: "tcp", + 17: "udp" + } + })); + + builder.Add("convertJsonPayload", new processor.Convert({ + fields: [ + {from: "json.connection.dest_ip", to: "destination.address"}, + {from: "json.connection.dest_port", to: "destination.port", type: "long"}, + {from: "json.connection.src_ip", to: "source.address"}, + {from: "json.connection.src_port", to: "source.port", type: "long"}, + + {from: "json.src_instance.vm_name", to: "source.domain"}, + {from: "json.dest_instance.vm_name", to: "destination.domain"}, + + {from: "json.dest_location.asn", to: "destination.as.number", type: "long"}, + {from: "json.dest_location.continent", to: "destination.geo.continent_name"}, + {from: "json.dest_location.country", to: "destination.geo.country_name"}, + {from: "json.dest_location.region", to: "destination.geo.region_name"}, + {from: "json.dest_location.city", to: "destination.geo.city_name"}, + + {from: "json.src_location.asn", to: "source.as.number", type: "long"}, + {from: "json.src_location.continent", to: "source.geo.continent_name"}, + {from: "json.src_location.country", to: "source.geo.country_name"}, + {from: "json.src_location.region", to: "source.geo.region_name"}, + {from: "json.src_location.city", to: "source.geo.city_name"}, + + {from: "json.dest_instance", to: "googlecloud.destination.instance"}, + {from: "json.dest_vpc", to: "googlecloud.destination.vpc"}, + {from: "json.src_instance", to: "googlecloud.source.instance"}, + {from: "json.src_vpc", to: "googlecloud.source.vpc"}, + {from: "json.rule_details.reference", to: "rule.name"}, + {from: "json", to: "googlecloud.firewall"}, + ], + mode: "rename", + ignore_missing: true, + fail_on_error: false + })); + + // Delete emtpy object's whose fields have been renamed leaving them childless. + builder.Add("dropEmptyObjects", function (evt) { + evt.Delete("googlecloud.firewall.connection"); + evt.Delete("googlecloud.firewall.dest_location"); + evt.Delete("googlecloud.firewall.disposition"); + evt.Delete("googlecloud.firewall.src_location"); + }); + + // Copy the source/destination.address to source/destination.ip if they are + // valid IP addresses. + builder.Add("copyAddressFields", new processor.Convert({ + fields: [ + {from: "source.address", to: "source.ip", type: "ip"}, + {from: "destination.address", to: "destination.ip", type: "ip"} + ], + fail_on_error: false + })); + + builder.Add("setCloudMetadata", makeConditional({ + condition: function (evt) { + return evt.Get("json.rule_details.direction"); + }, + EGRESS: new processor.Convert({ + fields: [ + {from: "googlecloud.source.instance.project_id", to: "cloud.project.id"}, + {from: "googlecloud.source.instance.vm_name", to: "cloud.instance.name"}, + {from: "googlecloud.source.instance.region", to: "cloud.region"}, + {from: "googlecloud.source.instance.zone", to: "cloud.availability_zone"}, + {from: "googlecloud.source.vpc.subnetwork_name", to: "network.name"} + ], + ignore_missing: true + }), + + INGRESS: new processor.Convert({ + fields: [ + {from: "googlecloud.destination.instance.project_id", to: "cloud.project.id"}, + {from: "googlecloud.destination.instance.vm_name", to: "cloud.instance.name"}, + {from: "googlecloud.destination.instance.region", to: "cloud.region"}, + {from: "googlecloud.destination.instance.zone", to: "cloud.availability_zone"}, + {from: "googlecloud.destination.vpc.subnetwork_name", to: "network.name"}, + ], + ignore_missing: true + }) + })); + + builder.Add("communityId", new processor.CommunityID({ + fields: { + transport: "network.iana_number" + } + })); + + builder.Add("setInternalDirection", function(event) { + var srcInstance = event.Get("googlecloud.source.instance"); + var destInstance = event.Get("googlecloud.destination.instance"); + if (srcInstance && destInstance) { + event.Put("network.direction", "internal"); + } + }); + + builder.Add("setNetworkType", function(event) { + var ip = event.Get("source.ip"); + if (!ip) { + return; + } + + if (ip.indexOf(".") !== -1) { + event.Put("network.type", "ipv4"); + } else { + event.Put("network.type", "ipv6"); + } + }); + + builder.Add("setRelatedIP", function(event) { + event.AppendTo("related.ip", event.Get("source.ip")); + event.AppendTo("related.ip", event.Get("destination.ip")); + }); + + var chain = builder.Build(); + return { + process: chain.Run + }; +} + +var firewall; + +// Register params from configuration. +function register(params) { + firewall = new FirewallProcessor(params.keep_original_message, params.debug); +} + +function process(evt) { + return firewall.process(evt); +} diff --git a/filebeat/module/googlecloud/firewall/ingest/pipeline.yml b/filebeat/module/googlecloud/firewall/ingest/pipeline.yml new file mode 100644 index 00000000000..8d68de684a6 --- /dev/null +++ b/filebeat/module/googlecloud/firewall/ingest/pipeline.yml @@ -0,0 +1,50 @@ +description: Pipeline for Google Cloud Firewall Logs + +processors: + # IP Geolocation Lookup + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true + + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/googlecloud/firewall/manifest.yml b/filebeat/module/googlecloud/firewall/manifest.yml new file mode 100644 index 00000000000..53e4c5dc69d --- /dev/null +++ b/filebeat/module/googlecloud/firewall/manifest.yml @@ -0,0 +1,23 @@ +module_version: "1.0" + +var: + - name: input + default: google-pubsub + - name: project_id + default: SET_PROJECT_NAME + - name: topic + default: stackdriver-firewall + - name: subscription_name + default: filebeat-googlecloud-firewall + - name: credentials_file + - name: credentials_json + - name: debug + default: false + - name: keep_original_message + default: false +ingest_pipeline: ingest/pipeline.yml +input: config/input.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/filebeat/module/googlecloud/firewall/test/rare.log b/filebeat/module/googlecloud/firewall/test/rare.log new file mode 100644 index 00000000000..e43153cc8a1 --- /dev/null +++ b/filebeat/module/googlecloud/firewall/test/rare.log @@ -0,0 +1,2 @@ +{"insertId":"1dobeotg13df9f5","jsonPayload":{"connection":{"dest_ip":"10.128.0.16","dest_port":80,"protocol":"udp","src_ip":"10.142.0.10","src_port":57794},"disposition":"DENIED","instance":{"project_id":"local-test","region":"us-central1","vm_name":"local-adrian-test","zone":"us-central1-a"},"remote_instance":{"project_id":"remote-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_vpc":{"project_id":"remote-beats","subnetwork_name":"mysubnet","vpc_name":"default"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"mysubnet","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-06T16:41:45.009675991Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"12345667","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-06T16:41:38.394575419Z"} +{"insertId":"1dobeotg13df9f7","jsonPayload":{"connection":{"dest_ip":"10.128.0.10","dest_port":57794,"protocol":"udp","src_ip":"10.142.0.16","src_port":80},"disposition":"DENIED","instance":{"project_id":"local-test","region":"us-central1","vm_name":"local-adrian-test","zone":"us-central1-a"},"remote_instance":{"project_id":"remote-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_vpc":{"project_id":"remote-beats","subnetwork_name":"mysubnet","vpc_name":"default"},"rule_details":{"action":"DENY","direction":"EGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"mysubnet","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-06T16:41:45.009675991Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"892378332","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-06T16:41:38.394575419Z"} diff --git a/filebeat/module/googlecloud/firewall/test/rare.log-expected.json b/filebeat/module/googlecloud/firewall/test/rare.log-expected.json new file mode 100644 index 00000000000..c109a99ac29 --- /dev/null +++ b/filebeat/module/googlecloud/firewall/test/rare.log-expected.json @@ -0,0 +1,130 @@ +[ + { + "@timestamp": "2019-11-06T16:41:38.394Z", + "destination.address": "10.128.0.16", + "destination.domain": "local-adrian-test", + "destination.ip": "10.128.0.16", + "destination.port": 80, + "event.action": "firewall-rule", + "event.category": "network", + "event.dataset": "googlecloud.firewall", + "event.id": "1dobeotg13df9f5", + "event.kind": "event", + "event.module": "googlecloud", + "event.type": [ + "connection", + "denied" + ], + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "local-test", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "mysubnet", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "googlecloud.source.instance.project_id": "remote-beats", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "remote-beats", + "googlecloud.source.vpc.subnetwork_name": "mysubnet", + "googlecloud.source.vpc.vpc_name": "default", + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 0, + "network.direction": "internal", + "network.name": "default", + "network.type": "ipv4", + "related.ip": [ + "10.142.0.10", + "10.128.0.16" + ], + "rule.name": "network:default/firewall:adrian-test-3", + "service.type": "googlecloud", + "source.address": "10.142.0.10", + "source.domain": "test-es", + "source.ip": "10.142.0.10", + "source.port": 57794 + }, + { + "@timestamp": "2019-11-06T16:41:38.394Z", + "destination.address": "10.128.0.10", + "destination.domain": "test-es", + "destination.ip": "10.128.0.10", + "destination.port": 57794, + "event.action": "firewall-rule", + "event.category": "network", + "event.dataset": "googlecloud.firewall", + "event.id": "1dobeotg13df9f7", + "event.kind": "event", + "event.module": "googlecloud", + "event.type": [ + "connection", + "denied" + ], + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "remote-beats", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "remote-beats", + "googlecloud.destination.vpc.subnetwork_name": "mysubnet", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "EGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "googlecloud.source.instance.project_id": "local-test", + "googlecloud.source.instance.region": "us-central1", + "googlecloud.source.instance.zone": "us-central1-a", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "mysubnet", + "googlecloud.source.vpc.vpc_name": "default", + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 1153, + "network.direction": "internal", + "network.name": "default", + "network.type": "ipv4", + "related.ip": [ + "10.142.0.16", + "10.128.0.10" + ], + "rule.name": "network:default/firewall:adrian-test-3", + "service.type": "googlecloud", + "source.address": "10.142.0.16", + "source.domain": "local-adrian-test", + "source.ip": "10.142.0.16", + "source.port": 80 + } +] \ No newline at end of file diff --git a/filebeat/module/googlecloud/firewall/test/test.log b/filebeat/module/googlecloud/firewall/test/test.log new file mode 100644 index 00000000000..28218d31fff --- /dev/null +++ b/filebeat/module/googlecloud/firewall/test/test.log @@ -0,0 +1,20 @@ +{"insertId":"4zuj4nfn4llkb","jsonPayload":{"connection":{"dest_ip":"8.8.8.8","dest_port":53,"protocol":17,"src_ip":"10.128.0.16","src_port":60094},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"continent":"America","country":"usa"},"rule_details":{"action":"DENY","destination_range":["8.8.8.0/24"],"direction":"EGRESS","ip_port_info":[{"ip_protocol":"ALL"}],"priority":1000,"reference":"network:default/firewall:adrian-test-1","target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-12T12:35:24.466374097Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-12T12:35:17.214711274Z"} +{"insertId":"1f21ciqfpfssuo","jsonPayload":{"connection":{"dest_ip":"10.42.0.2","dest_port":3389,"protocol":6,"src_ip":"192.0.2.126","src_port":64853},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-windows","zone":"us-east1-b"},"remote_location":{"continent":"Asia","country":"omn"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["3389"]}],"priority":1000,"reference":"network:windows-isolated/firewall:windows-isolated-allow-rdp","source_range":["0.0.0.0/0"],"target_tag":["allow-rdp"]},"vpc":{"project_id":"test-beats","subnetwork_name":"windows-isolated","vpc_name":"windows-isolated"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-10-30T13:52:54.473174731Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"3238409883146034900","subnetwork_name":"windows-isolated"},"type":"gce_subnetwork"},"timestamp":"2019-10-30T13:52:42.191988835Z"} +{"insertId":"8vcfeailjd","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":8080,"protocol":6,"src_ip":"192.0.2.219","src_port":2897},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Krasnodar","continent":"Europe","country":"rus","region":"Krasnodar Krai"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:31:22.738796433Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:31:19.421478847Z"} +{"insertId":"1bqgmw9feiabij","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.14","src_port":61000},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"continent":"Europe","country":"deu"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:41:35.727004321Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:41:31.079508196Z"} +{"insertId":"1jrxaqbfe48bir","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.14","src_port":61000},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"continent":"Europe","country":"deu"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:41:40.791816098Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:41:34.190831607Z"} +{"insertId":"1fw7drlfe2ty27","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":8080,"protocol":6,"src_ip":"192.0.2.151","src_port":62551},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Berdychiv","continent":"Europe","country":"ukr","region":"Zhytomyr Oblast"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:48:47.038820509Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:48:41.449552758Z"} +{"insertId":"1yre751fekaxzs","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":8080,"protocol":6,"src_ip":"192.0.2.241","src_port":44542},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Vicenza","continent":"Europe","country":"ita","region":"Veneto"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T13:10:30.804549999Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T13:10:24.214995318Z"} +{"insertId":"5kanfzfiqepkh","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.114","src_port":41293},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Tula","continent":"Europe","country":"rus","region":"Tula Oblast"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T13:35:28.934918322Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T13:35:23.504719962Z"} +{"insertId":"59z0t8fiow9vg","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.251","src_port":59106},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Stavropol","continent":"Europe","country":"rus","region":"Stavropol Krai"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T13:36:54.238077643Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T13:36:52.135887769Z"} +{"insertId":"1y7e4yzff816cq","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.189","src_port":61000},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Violès","continent":"Europe","country":"fra","region":"Provence-Alpes-Côte d'Azur"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T14:06:26.357446279Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T14:06:16.59353182Z"} +{"insertId":"lx5jlsfggpr0q","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.189","src_port":61000},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Violès","continent":"Europe","country":"fra","region":"Provence-Alpes-Côte d'Azur"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T14:06:28.203068653Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T14:06:22.930570324Z"} +{"insertId":"18ynfbufer19m1","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":8080,"protocol":6,"src_ip":"192.0.2.200","src_port":42716},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Ä°zmir","continent":"Asia","country":"tur","region":"Ä°zmir"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T14:32:14.038485761Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T14:32:07.407039908Z"} +{"insertId":"tzddthfsr6fv5","jsonPayload":{"connection":{"dest_ip":"8.8.8.8","dest_port":80,"protocol":6,"src_ip":"10.28.0.16","src_port":46418},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"continent":"America","country":"usa"},"rule_details":{"action":"DENY","destination_range":["8.8.8.0/24"],"direction":"EGRESS","ip_port_info":[{"ip_protocol":"ALL"}],"priority":1000,"reference":"network:default/firewall:adrian-test-1","target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-12T12:41:28.971534988Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-12T12:41:20.972747063Z"} +{"insertId":"1k2b7kefsnhzq7","jsonPayload":{"connection":{"dest_ip":"8.8.8.8","dest_port":80,"protocol":17,"src_ip":"10.28.0.16","src_port":58725},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"continent":"America","country":"usa"},"rule_details":{"action":"DENY","destination_range":["8.8.8.0/24"],"direction":"EGRESS","ip_port_info":[{"ip_protocol":"ALL"}],"priority":1000,"reference":"network:default/firewall:adrian-test-1","target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-12T12:42:33.671883883Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-12T12:42:26.50532921Z"} +{"insertId":"1sdfuwxfk8hq1c","jsonPayload":{"connection":{"dest_ip":"10.42.0.10","dest_port":9200,"protocol":6,"src_ip":"192.0.2.114","src_port":44666},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-kibana","zone":"us-east1-b"},"remote_location":{"continent":"America","country":"usa"},"remote_vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["9200"]}],"priority":1000,"reference":"network:default/firewall:allow9200","source_range":["0.0.0.0/0"],"target_tag":["allow9200"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:54:15.188832255Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:54:13.531819246Z"} +{"insertId":"1sdfuwxfk8hq1b","jsonPayload":{"connection":{"dest_ip":"10.42.0.10","dest_port":9200,"protocol":6,"src_ip":"192.0.2.114","src_port":44668},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-kibana","zone":"us-east1-b"},"remote_location":{"continent":"America","country":"usa"},"remote_vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["9200"]}],"priority":1000,"reference":"network:default/firewall:allow9200","source_range":["0.0.0.0/0"],"target_tag":["allow9200"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:54:15.188832255Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:54:13.551617516Z"} +{"insertId":"yot1ojetjdiw","jsonPayload":{"connection":{"dest_ip":"10.42.0.2","dest_port":3389,"protocol":6,"src_ip":"192.0.2.7","src_port":1683},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-windows","zone":"us-east1-b"},"remote_location":{"city":"Almelo","continent":"Europe","country":"nld","region":"Overijssel"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["3389"]}],"priority":1000,"reference":"network:windows-isolated/firewall:windows-isolated-allow-rdp","source_range":["0.0.0.0/0"],"target_tag":["allow-rdp"]},"vpc":{"project_id":"test-beats","subnetwork_name":"windows-isolated","vpc_name":"windows-isolated"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:54:28.477733837Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"3238409883146034900","subnetwork_name":"windows-isolated"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:54:15.771161946Z"} +{"insertId":"5a27u1g22jks9e","jsonPayload":{"connection":{"dest_ip":"10.42.0.10","dest_port":9200,"protocol":6,"src_ip":"192.0.2.114","src_port":45068},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-kibana","zone":"us-east1-b"},"remote_location":{"continent":"America","country":"usa"},"remote_vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["9200"]}],"priority":1000,"reference":"network:default/firewall:allow9200","source_range":["0.0.0.0/0"],"target_tag":["allow9200"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:54:45.189726185Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:54:35.850729583Z"} +{"insertId":"5a27u1g22jks8t","jsonPayload":{"connection":{"dest_ip":"10.42.0.10","dest_port":9200,"protocol":6,"src_ip":"192.0.2.114","src_port":45062},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-kibana","zone":"us-east1-b"},"remote_location":{"continent":"America","country":"usa"},"remote_vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["9200"]}],"priority":1000,"reference":"network:default/firewall:allow9200","source_range":["0.0.0.0/0"],"target_tag":["allow9200"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:54:45.189726185Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:54:35.85023465Z"} +{"insertId":"1dobeotg13df9f5","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"10.42.0.10","src_port":57794},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-06T16:41:45.009675991Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-06T16:41:38.394575419Z"} diff --git a/filebeat/module/googlecloud/firewall/test/test.log-expected.json b/filebeat/module/googlecloud/firewall/test/test.log-expected.json new file mode 100644 index 00000000000..161bf3dbfdb --- /dev/null +++ b/filebeat/module/googlecloud/firewall/test/test.log-expected.json @@ -0,0 +1,1287 @@ +[ + { + "@timestamp": "2019-11-12T12:35:17.214Z", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.port": 53, + "event.action": "firewall-rule", + "event.category": "network", + "event.dataset": "googlecloud.firewall", + "event.id": "4zuj4nfn4llkb", + "event.kind": "event", + "event.module": "googlecloud", + "event.type": [ + "connection", + "denied" + ], + "fileset.name": "firewall", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.destination_range": [ + "8.8.8.0/24" + ], + "googlecloud.firewall.rule_details.direction": "EGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "ALL" + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-central1", + "googlecloud.source.instance.zone": "us-central1-a", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 0, + "network.community_id": "1:iiDdIEXnxwSiz/hJbVnseQ4SZVE=", + "network.direction": "outbound", + "network.iana_number": 17, + "network.name": "default", + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "10.128.0.16", + "8.8.8.8" + ], + "rule.name": "network:default/firewall:adrian-test-1", + "service.type": "googlecloud", + "source.address": "10.128.0.16", + "source.domain": "adrian-test", + "source.ip": "10.128.0.16", + "source.port": 60094 + }, + { + "@timestamp": "2019-10-30T13:52:42.191Z", + "destination.address": "10.42.0.2", + "destination.domain": "test-windows", + "destination.ip": "10.42.0.2", + "destination.port": 3389, + "event.action": "firewall-rule", + "event.category": "network", + "event.dataset": "googlecloud.firewall", + "event.id": "1f21ciqfpfssuo", + "event.kind": "event", + "event.module": "googlecloud", + "event.type": [ + "connection", + "allowed" + ], + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "windows-isolated", + "googlecloud.destination.vpc.vpc_name": "windows-isolated", + "googlecloud.firewall.rule_details.action": "ALLOW", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "3389" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "allow-rdp" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 983, + "network.community_id": "1:I+YM7Ru3rl0RVZt/y+F/hkoY0Zc=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "windows-isolated", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.126", + "10.42.0.2" + ], + "rule.name": "network:windows-isolated/firewall:windows-isolated-allow-rdp", + "service.type": "googlecloud", + "source.address": "192.0.2.126", + "source.geo.continent_name": "Asia", + "source.geo.country_name": "omn", + "source.ip": "192.0.2.126", + "source.port": 64853 + }, + { + "@timestamp": "2019-11-11T12:31:19.421Z", + "destination.address": "10.28.0.16", + "destination.domain": "adrian-test", + "destination.ip": "10.28.0.16", + "destination.port": 8080, + "event.action": "firewall-rule", + "event.category": "network", + "event.dataset": "googlecloud.firewall", + "event.id": "8vcfeailjd", + "event.kind": "event", + "event.module": "googlecloud", + "event.type": [ + "connection", + "denied" + ], + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 2025, + "network.community_id": "1:I0VuqgaYU1tgaECjlzIRuPzILlg=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.219", + "10.28.0.16" + ], + "rule.name": "network:default/firewall:adrian-test-3", + "service.type": "googlecloud", + "source.address": "192.0.2.219", + "source.geo.city_name": "Krasnodar", + "source.geo.continent_name": "Europe", + "source.geo.country_name": "rus", + "source.geo.region_name": "Krasnodar Krai", + "source.ip": "192.0.2.219", + "source.port": 2897 + }, + { + "@timestamp": "2019-11-11T12:41:31.079Z", + "destination.address": "10.28.0.16", + "destination.domain": "adrian-test", + "destination.ip": "10.28.0.16", + "destination.port": 80, + "event.action": "firewall-rule", + "event.category": "network", + "event.dataset": "googlecloud.firewall", + "event.id": "1bqgmw9feiabij", + "event.kind": "event", + "event.module": "googlecloud", + "event.type": [ + "connection", + "denied" + ], + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 3074, + "network.community_id": "1:JXppP0Oqm+g33JYC0DKoWKxP1GI=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.14", + "10.28.0.16" + ], + "rule.name": "network:default/firewall:adrian-test-3", + "service.type": "googlecloud", + "source.address": "192.0.2.14", + "source.geo.continent_name": "Europe", + "source.geo.country_name": "deu", + "source.ip": "192.0.2.14", + "source.port": 61000 + }, + { + "@timestamp": "2019-11-11T12:41:34.190Z", + "destination.address": "10.28.0.16", + "destination.domain": "adrian-test", + "destination.ip": "10.28.0.16", + "destination.port": 80, + "event.action": "firewall-rule", + "event.category": "network", + "event.dataset": "googlecloud.firewall", + "event.id": "1jrxaqbfe48bir", + "event.kind": "event", + "event.module": "googlecloud", + "event.type": [ + "connection", + "denied" + ], + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 4080, + "network.community_id": "1:JXppP0Oqm+g33JYC0DKoWKxP1GI=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.14", + "10.28.0.16" + ], + "rule.name": "network:default/firewall:adrian-test-3", + "service.type": "googlecloud", + "source.address": "192.0.2.14", + "source.geo.continent_name": "Europe", + "source.geo.country_name": "deu", + "source.ip": "192.0.2.14", + "source.port": 61000 + }, + { + "@timestamp": "2019-11-11T12:48:41.449Z", + "destination.address": "10.28.0.16", + "destination.domain": "adrian-test", + "destination.ip": "10.28.0.16", + "destination.port": 8080, + "event.action": "firewall-rule", + "event.category": "network", + "event.dataset": "googlecloud.firewall", + "event.id": "1fw7drlfe2ty27", + "event.kind": "event", + "event.module": "googlecloud", + "event.type": [ + "connection", + "denied" + ], + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 5086, + "network.community_id": "1:Us40G9GKff9nidizV7rCFgCQb9E=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.151", + "10.28.0.16" + ], + "rule.name": "network:default/firewall:adrian-test-3", + "service.type": "googlecloud", + "source.address": "192.0.2.151", + "source.geo.city_name": "Berdychiv", + "source.geo.continent_name": "Europe", + "source.geo.country_name": "ukr", + "source.geo.region_name": "Zhytomyr Oblast", + "source.ip": "192.0.2.151", + "source.port": 62551 + }, + { + "@timestamp": "2019-11-11T13:10:24.214Z", + "destination.address": "10.28.0.16", + "destination.domain": "adrian-test", + "destination.ip": "10.28.0.16", + "destination.port": 8080, + "event.action": "firewall-rule", + "event.category": "network", + "event.dataset": "googlecloud.firewall", + "event.id": "1yre751fekaxzs", + "event.kind": "event", + "event.module": "googlecloud", + "event.type": [ + "connection", + "denied" + ], + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 6141, + "network.community_id": "1:CKIvQ4W48ZjqiomnWxipDck9Yb0=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.241", + "10.28.0.16" + ], + "rule.name": "network:default/firewall:adrian-test-3", + "service.type": "googlecloud", + "source.address": "192.0.2.241", + "source.geo.city_name": "Vicenza", + "source.geo.continent_name": "Europe", + "source.geo.country_name": "ita", + "source.geo.region_name": "Veneto", + "source.ip": "192.0.2.241", + "source.port": 44542 + }, + { + "@timestamp": "2019-11-11T13:35:23.504Z", + "destination.address": "10.28.0.16", + "destination.domain": "adrian-test", + "destination.ip": "10.28.0.16", + "destination.port": 80, + "event.action": "firewall-rule", + "event.category": "network", + "event.dataset": "googlecloud.firewall", + "event.id": "5kanfzfiqepkh", + "event.kind": "event", + "event.module": "googlecloud", + "event.type": [ + "connection", + "denied" + ], + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 7185, + "network.community_id": "1:4MspX9JxDXjbalHc/6y9GntbkUc=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.114", + "10.28.0.16" + ], + "rule.name": "network:default/firewall:adrian-test-3", + "service.type": "googlecloud", + "source.address": "192.0.2.114", + "source.geo.city_name": "Tula", + "source.geo.continent_name": "Europe", + "source.geo.country_name": "rus", + "source.geo.region_name": "Tula Oblast", + "source.ip": "192.0.2.114", + "source.port": 41293 + }, + { + "@timestamp": "2019-11-11T13:36:52.135Z", + "destination.address": "10.28.0.16", + "destination.domain": "adrian-test", + "destination.ip": "10.28.0.16", + "destination.port": 80, + "event.action": "firewall-rule", + "event.category": "network", + "event.dataset": "googlecloud.firewall", + "event.id": "59z0t8fiow9vg", + "event.kind": "event", + "event.module": "googlecloud", + "event.type": [ + "connection", + "denied" + ], + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 8228, + "network.community_id": "1:KygoHJBT+06I9CnmAPRmvl5CRO4=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.251", + "10.28.0.16" + ], + "rule.name": "network:default/firewall:adrian-test-3", + "service.type": "googlecloud", + "source.address": "192.0.2.251", + "source.geo.city_name": "Stavropol", + "source.geo.continent_name": "Europe", + "source.geo.country_name": "rus", + "source.geo.region_name": "Stavropol Krai", + "source.ip": "192.0.2.251", + "source.port": 59106 + }, + { + "@timestamp": "2019-11-11T14:06:16.593Z", + "destination.address": "10.28.0.16", + "destination.domain": "adrian-test", + "destination.ip": "10.28.0.16", + "destination.port": 80, + "event.action": "firewall-rule", + "event.category": "network", + "event.dataset": "googlecloud.firewall", + "event.id": "1y7e4yzff816cq", + "event.kind": "event", + "event.module": "googlecloud", + "event.type": [ + "connection", + "denied" + ], + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 9279, + "network.community_id": "1:20yMRdGVeNrVtL6TKhpfMDy284w=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.189", + "10.28.0.16" + ], + "rule.name": "network:default/firewall:adrian-test-3", + "service.type": "googlecloud", + "source.address": "192.0.2.189", + "source.geo.city_name": "Viol\u00e8s", + "source.geo.continent_name": "Europe", + "source.geo.country_name": "fra", + "source.geo.region_name": "Provence-Alpes-C\u00f4te d'Azur", + "source.ip": "192.0.2.189", + "source.port": 61000 + }, + { + "@timestamp": "2019-11-11T14:06:22.930Z", + "destination.address": "10.28.0.16", + "destination.domain": "adrian-test", + "destination.ip": "10.28.0.16", + "destination.port": 80, + "event.action": "firewall-rule", + "event.category": "network", + "event.dataset": "googlecloud.firewall", + "event.id": "lx5jlsfggpr0q", + "event.kind": "event", + "event.module": "googlecloud", + "event.type": [ + "connection", + "denied" + ], + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 10341, + "network.community_id": "1:20yMRdGVeNrVtL6TKhpfMDy284w=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.189", + "10.28.0.16" + ], + "rule.name": "network:default/firewall:adrian-test-3", + "service.type": "googlecloud", + "source.address": "192.0.2.189", + "source.geo.city_name": "Viol\u00e8s", + "source.geo.continent_name": "Europe", + "source.geo.country_name": "fra", + "source.geo.region_name": "Provence-Alpes-C\u00f4te d'Azur", + "source.ip": "192.0.2.189", + "source.port": 61000 + }, + { + "@timestamp": "2019-11-11T14:32:07.407Z", + "destination.address": "10.28.0.16", + "destination.domain": "adrian-test", + "destination.ip": "10.28.0.16", + "destination.port": 8080, + "event.action": "firewall-rule", + "event.category": "network", + "event.dataset": "googlecloud.firewall", + "event.id": "18ynfbufer19m1", + "event.kind": "event", + "event.module": "googlecloud", + "event.type": [ + "connection", + "denied" + ], + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 11403, + "network.community_id": "1:6fenc8+hp2KWF1J9vvGwv3iswV0=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.200", + "10.28.0.16" + ], + "rule.name": "network:default/firewall:adrian-test-3", + "service.type": "googlecloud", + "source.address": "192.0.2.200", + "source.geo.city_name": "\u0130zmir", + "source.geo.continent_name": "Asia", + "source.geo.country_name": "tur", + "source.geo.region_name": "\u0130zmir", + "source.ip": "192.0.2.200", + "source.port": 42716 + }, + { + "@timestamp": "2019-11-12T12:41:20.972Z", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.port": 80, + "event.action": "firewall-rule", + "event.category": "network", + "event.dataset": "googlecloud.firewall", + "event.id": "tzddthfsr6fv5", + "event.kind": "event", + "event.module": "googlecloud", + "event.type": [ + "connection", + "denied" + ], + "fileset.name": "firewall", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.destination_range": [ + "8.8.8.0/24" + ], + "googlecloud.firewall.rule_details.direction": "EGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "ALL" + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-central1", + "googlecloud.source.instance.zone": "us-central1-a", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 12444, + "network.community_id": "1:L+yxRTY3bxAv2hbljIrAstKlE+g=", + "network.direction": "outbound", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.28.0.16", + "8.8.8.8" + ], + "rule.name": "network:default/firewall:adrian-test-1", + "service.type": "googlecloud", + "source.address": "10.28.0.16", + "source.domain": "adrian-test", + "source.ip": "10.28.0.16", + "source.port": 46418 + }, + { + "@timestamp": "2019-11-12T12:42:26.505Z", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.port": 80, + "event.action": "firewall-rule", + "event.category": "network", + "event.dataset": "googlecloud.firewall", + "event.id": "1k2b7kefsnhzq7", + "event.kind": "event", + "event.module": "googlecloud", + "event.type": [ + "connection", + "denied" + ], + "fileset.name": "firewall", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.destination_range": [ + "8.8.8.0/24" + ], + "googlecloud.firewall.rule_details.direction": "EGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "ALL" + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-central1", + "googlecloud.source.instance.zone": "us-central1-a", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 13425, + "network.community_id": "1:c7bqGkBTPmOmWydHv/uxpk1qOjc=", + "network.direction": "outbound", + "network.iana_number": 17, + "network.name": "default", + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "10.28.0.16", + "8.8.8.8" + ], + "rule.name": "network:default/firewall:adrian-test-1", + "service.type": "googlecloud", + "source.address": "10.28.0.16", + "source.domain": "adrian-test", + "source.ip": "10.28.0.16", + "source.port": 58725 + }, + { + "@timestamp": "2019-11-11T12:54:13.531Z", + "destination.address": "10.42.0.10", + "destination.domain": "test-es", + "destination.ip": "10.42.0.10", + "destination.port": 9200, + "event.action": "firewall-rule", + "event.category": "network", + "event.dataset": "googlecloud.firewall", + "event.id": "1sdfuwxfk8hq1c", + "event.kind": "event", + "event.module": "googlecloud", + "event.type": [ + "connection", + "allowed" + ], + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "ALLOW", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "9200" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "allow9200" + ], + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 14407, + "network.community_id": "1:DAX43chSGct8LhjTchX9JgmQSEE=", + "network.direction": "internal", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.114", + "10.42.0.10" + ], + "rule.name": "network:default/firewall:allow9200", + "service.type": "googlecloud", + "source.address": "192.0.2.114", + "source.domain": "test-kibana", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "192.0.2.114", + "source.port": 44666 + }, + { + "@timestamp": "2019-11-11T12:54:13.551Z", + "destination.address": "10.42.0.10", + "destination.domain": "test-es", + "destination.ip": "10.42.0.10", + "destination.port": 9200, + "event.action": "firewall-rule", + "event.category": "network", + "event.dataset": "googlecloud.firewall", + "event.id": "1sdfuwxfk8hq1b", + "event.kind": "event", + "event.module": "googlecloud", + "event.type": [ + "connection", + "allowed" + ], + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "ALLOW", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "9200" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "allow9200" + ], + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 15594, + "network.community_id": "1:TPU3xS0q892TRpPVImmLO31ok9s=", + "network.direction": "internal", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.114", + "10.42.0.10" + ], + "rule.name": "network:default/firewall:allow9200", + "service.type": "googlecloud", + "source.address": "192.0.2.114", + "source.domain": "test-kibana", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "192.0.2.114", + "source.port": 44668 + }, + { + "@timestamp": "2019-11-11T12:54:15.771Z", + "destination.address": "10.42.0.2", + "destination.domain": "test-windows", + "destination.ip": "10.42.0.2", + "destination.port": 3389, + "event.action": "firewall-rule", + "event.category": "network", + "event.dataset": "googlecloud.firewall", + "event.id": "yot1ojetjdiw", + "event.kind": "event", + "event.module": "googlecloud", + "event.type": [ + "connection", + "allowed" + ], + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "windows-isolated", + "googlecloud.destination.vpc.vpc_name": "windows-isolated", + "googlecloud.firewall.rule_details.action": "ALLOW", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "3389" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "allow-rdp" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 16781, + "network.community_id": "1:nptqbsyCEhZhJ1ZBfy4iEMDFucI=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "windows-isolated", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.7", + "10.42.0.2" + ], + "rule.name": "network:windows-isolated/firewall:windows-isolated-allow-rdp", + "service.type": "googlecloud", + "source.address": "192.0.2.7", + "source.geo.city_name": "Almelo", + "source.geo.continent_name": "Europe", + "source.geo.country_name": "nld", + "source.geo.region_name": "Overijssel", + "source.ip": "192.0.2.7", + "source.port": 1683 + }, + { + "@timestamp": "2019-11-11T12:54:35.850Z", + "destination.address": "10.42.0.10", + "destination.domain": "test-es", + "destination.ip": "10.42.0.10", + "destination.port": 9200, + "event.action": "firewall-rule", + "event.category": "network", + "event.dataset": "googlecloud.firewall", + "event.id": "5a27u1g22jks9e", + "event.kind": "event", + "event.module": "googlecloud", + "event.type": [ + "connection", + "allowed" + ], + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "ALLOW", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "9200" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "allow9200" + ], + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 17858, + "network.community_id": "1:+KvUpcdGASPCZ5QYcOHVgid9Yjg=", + "network.direction": "internal", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.114", + "10.42.0.10" + ], + "rule.name": "network:default/firewall:allow9200", + "service.type": "googlecloud", + "source.address": "192.0.2.114", + "source.domain": "test-kibana", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "192.0.2.114", + "source.port": 45068 + }, + { + "@timestamp": "2019-11-11T12:54:35.850Z", + "destination.address": "10.42.0.10", + "destination.domain": "test-es", + "destination.ip": "10.42.0.10", + "destination.port": 9200, + "event.action": "firewall-rule", + "event.category": "network", + "event.dataset": "googlecloud.firewall", + "event.id": "5a27u1g22jks8t", + "event.kind": "event", + "event.module": "googlecloud", + "event.type": [ + "connection", + "allowed" + ], + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "ALLOW", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "9200" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "allow9200" + ], + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 19045, + "network.community_id": "1:v6u3NIKBcvTUebkWUOly9nrN/HE=", + "network.direction": "internal", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.114", + "10.42.0.10" + ], + "rule.name": "network:default/firewall:allow9200", + "service.type": "googlecloud", + "source.address": "192.0.2.114", + "source.domain": "test-kibana", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "192.0.2.114", + "source.port": 45062 + }, + { + "@timestamp": "2019-11-06T16:41:38.394Z", + "destination.address": "10.28.0.16", + "destination.domain": "adrian-test", + "destination.ip": "10.28.0.16", + "destination.port": 80, + "event.action": "firewall-rule", + "event.category": "network", + "event.dataset": "googlecloud.firewall", + "event.id": "1dobeotg13df9f5", + "event.kind": "event", + "event.module": "googlecloud", + "event.type": [ + "connection", + "denied" + ], + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 20231, + "network.community_id": "1:6Q1oPyCPH/prdYU6FXBpxAgFrP8=", + "network.direction": "internal", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.42.0.10", + "10.28.0.16" + ], + "rule.name": "network:default/firewall:adrian-test-3", + "service.type": "googlecloud", + "source.address": "10.42.0.10", + "source.domain": "test-es", + "source.ip": "10.42.0.10", + "source.port": 57794 + } +] \ No newline at end of file diff --git a/filebeat/module/googlecloud/vpcflow/_meta/fields.yml b/filebeat/module/googlecloud/vpcflow/_meta/fields.yml new file mode 100644 index 00000000000..b0e3869997e --- /dev/null +++ b/filebeat/module/googlecloud/vpcflow/_meta/fields.yml @@ -0,0 +1,16 @@ +- name: vpcflow + type: group + description: > + Fields for Google Cloud VPC flow logs. + fields: + - name: reporter + type: keyword + description: > + The side which reported the flow. Can be either 'SRC' or 'DEST'. + + - name: rtt.ms + type: long + description: > + Latency as measured (for TCP flows only) during the time interval. This is + the time elapsed between sending a SEQ and receiving a corresponding ACK + and it contains the network RTT as well as the application related delay. diff --git a/filebeat/module/googlecloud/vpcflow/config/input.yml b/filebeat/module/googlecloud/vpcflow/config/input.yml new file mode 100644 index 00000000000..3de9c7dd28f --- /dev/null +++ b/filebeat/module/googlecloud/vpcflow/config/input.yml @@ -0,0 +1,31 @@ +{{ if eq .input "google-pubsub" }} + +type: google-pubsub +project_id: {{ .project_id }} +topic: {{ .topic }} +subscription.name: {{ .subscription_name }} +{{ if .credentials_file }} +credentials_file: {{ .credentials_file }} +{{ end }} +{{ if .credentials_json }} +credentials_json: {{ .credentials_json }} +{{ end }} + +{{ else if eq .input "file" }} + +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] + +{{ end }} + +processors: + - script: + lang: javascript + id: googlecloud_vpcflow_script + file: ${path.home}/module/googlecloud/vpcflow/config/pipeline.js + params: + keep_original_message: {{ .keep_original_message }} diff --git a/filebeat/module/googlecloud/vpcflow/config/pipeline.js b/filebeat/module/googlecloud/vpcflow/config/pipeline.js new file mode 100644 index 00000000000..dd7e3e0ea7e --- /dev/null +++ b/filebeat/module/googlecloud/vpcflow/config/pipeline.js @@ -0,0 +1,259 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +function VPCFlow(keep_original_message) { + var processor = require("processor"); + + // The pub/sub input writes the Stackdriver LogEntry object into the message + // field. The message needs decoded as JSON. + var decodeJson = new processor.DecodeJSONFields({ + fields: ["message"], + target: "json", + }); + + // Set @timetamp the LogEntry's timestamp. + var parseTimestamp = new processor.Timestamp({ + field: "json.timestamp", + timezone: "UTC", + layouts: ["2006-01-02T15:04:05.999999999Z07:00"], + tests: ["2019-06-14T03:50:10.845445834Z"], + ignore_missing: true, + }); + + var saveOriginalMessage = function(evt) {}; + if (keep_original_message) { + saveOriginalMessage = new processor.Convert({ + fields: [ + {from: "message", to: "event.original"} + ], + mode: "rename" + }); + } + + var dropPubSubFields = function(evt) { + evt.Delete("message"); + evt.Delete("labels"); + }; + + var categorizeEvent = new processor.AddFields({ + target: "event", + fields: { + kind: "event", + category: "network", + type: "connection", + }, + }); + + + var saveMetadata = new processor.Convert({ + fields: [ + {from: "json.logName", to: "log.logger"}, + {from: "json.insertId", to: "event.id"}, + ], + ignore_missing: true + }); + + // Use the LogEntry object's timestamp. VPC flow logs are structured so the + // LogEntry includes a jsonPayload field. + // https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry + var convertLogEntry = new processor.Convert({ + fields: [ + {from: "json.jsonPayload", to: "json"}, + ], + mode: "rename", + }); + + // The LogEntry's jsonPayload is moved to the json field. The jsonPayload + // contains the structured VPC flow log fields. + // https://cloud.google.com/vpc/docs/using-flow-logs#record_format + var convertJsonPayload = new processor.Convert({ + fields: [ + {from: "json.connection.dest_ip", to: "destination.address"}, + {from: "json.connection.dest_port", to: "destination.port", type: "long"}, + {from: "json.connection.protocol", to: "network.iana_number", type: "string"}, + {from: "json.connection.src_ip", to: "source.address"}, + {from: "json.connection.src_port", to: "source.port", type: "long"}, + + {from: "json.src_instance.vm_name", to: "source.domain"}, + {from: "json.dest_instance.vm_name", to: "destination.domain"}, + + {from: "json.bytes_sent", to: "source.bytes", type: "long"}, + {from: "json.packets_sent", to: "source.packets", type: "long"}, + + {from: "json.start_time", to: "event.start"}, + {from: "json.end_time", to: "event.end"}, + + {from: "json.dest_location.asn", to: "destination.as.number", type: "long"}, + {from: "json.dest_location.continent", to: "destination.geo.continent_name"}, + {from: "json.dest_location.country", to: "destination.geo.country_name"}, + {from: "json.dest_location.region", to: "destination.geo.region_name"}, + {from: "json.dest_location.city", to: "destination.geo.city_name"}, + + {from: "json.src_location.asn", to: "source.as.number", type: "long"}, + {from: "json.src_location.continent", to: "source.geo.continent_name"}, + {from: "json.src_location.country", to: "source.geo.country_name"}, + {from: "json.src_location.region", to: "source.geo.region_name"}, + {from: "json.src_location.city", to: "source.geo.city_name"}, + + {from: "json.dest_instance", to: "googlecloud.destination.instance"}, + {from: "json.dest_vpc", to: "googlecloud.destination.vpc"}, + {from: "json.src_instance", to: "googlecloud.source.instance"}, + {from: "json.src_vpc", to: "googlecloud.source.vpc"}, + + {from: "json.rtt_msec", to: "json.rtt.ms", type: "long"}, + {from: "json", to: "googlecloud.vpcflow"}, + ], + mode: "rename", + ignore_missing: true, + }); + + // Delete emtpy object's whose fields have been renamed leaving them childless. + var dropEmptyObjects = function (evt) { + evt.Delete("googlecloud.vpcflow.connection"); + evt.Delete("googlecloud.vpcflow.dest_location"); + evt.Delete("googlecloud.vpcflow.src_location"); + }; + + // Copy the source/destination.address to source/destination.ip if they are + // valid IP addresses. + var copyAddressFields = new processor.Convert({ + fields: [ + {from: "source.address", to: "source.ip", type: "ip"}, + {from: "destination.address", to: "destination.ip", type: "ip"}, + ], + fail_on_error: false, + }); + + var setCloudFromDestInstance = new processor.Convert({ + fields: [ + {from: "googlecloud.destination.instance.project_id", to: "cloud.project.id"}, + {from: "googlecloud.destination.instance.vm_name", to: "cloud.instance.name"}, + {from: "googlecloud.destination.instance.region", to: "cloud.region"}, + {from: "googlecloud.destination.instance.zone", to: "cloud.availability_zone"}, + {from: "googlecloud.destination.vpc.subnetwork_name", to: "network.name"}, + ], + ignore_missing: true, + }); + + var setCloudFromSrcInstance = new processor.Convert({ + fields: [ + {from: "googlecloud.source.instance.project_id", to: "cloud.project.id"}, + {from: "googlecloud.source.instance.vm_name", to: "cloud.instance.name"}, + {from: "googlecloud.source.instance.region", to: "cloud.region"}, + {from: "googlecloud.source.instance.zone", to: "cloud.availability_zone"}, + {from: "googlecloud.source.vpc.subnetwork_name", to: "network.name"}, + ], + ignore_missing: true, + }); + + // Set the cloud metadata fields based on the instance that reported the + // event. + var setCloudMetadata = function(evt) { + var reporter = evt.Get("googlecloud.vpcflow.reporter"); + + if (reporter === "DEST") { + setCloudFromDestInstance.Run(evt); + } else if (reporter === "SRC") { + setCloudFromSrcInstance.Run(evt); + } + }; + + var communityId = new processor.CommunityID({ + fields: { + transport: "network.iana_number", + } + }); + + // VPC flows are unidirectional so we only have to worry about copy the + // source.bytes/packets over to network.bytes/packets. + var setNetworkBytesPackets = new processor.Convert({ + fields: [ + {from: "source.bytes", to: "network.bytes"}, + {from: "source.packets", to: "network.packets"}, + ], + ignore_missing: true, + }); + + // VPC flow logs are reported for TCP and UDP traffic only so handle these + // protocols' IANA numbers. + var setNetworkTransport = function(event) { + var ianaNumber = event.Get("network.iana_number"); + switch (ianaNumber) { + case "6": + event.Put("network.transport", "tcp"); + break; + case "17": + event.Put("network.transport", "udp"); + break; + } + }; + + var setNetworkDirection = function(event) { + var srcInstance = event.Get("googlecloud.source.instance"); + var destInstance = event.Get("googlecloud.destination.instance"); + var direction = "unknown"; + + if (srcInstance && destInstance) { + direction = "internal"; + } else if (srcInstance) { + direction = "outbound"; + } else if (destInstance) { + direction = "inbound"; + } + event.Put("network.direction", direction); + }; + + var setNetworkType = function(event) { + var ip = event.Get("source.ip"); + if (!ip) { + return; + } + + if (ip.indexOf(".") !== -1) { + event.Put("network.type", "ipv4"); + } else { + event.Put("network.type", "ipv6"); + } + }; + + var setRelatedIP = function(event) { + event.AppendTo("related.ip", event.Get("source.ip")); + event.AppendTo("related.ip", event.Get("destination.ip")); + }; + + var pipeline = new processor.Chain() + .Add(decodeJson) + .Add(parseTimestamp) + .Add(saveOriginalMessage) + .Add(dropPubSubFields) + .Add(categorizeEvent) + .Add(saveMetadata) + .Add(convertLogEntry) + .Add(convertJsonPayload) + .Add(dropEmptyObjects) + .Add(copyAddressFields) + .Add(setCloudMetadata) + .Add(communityId) + .Add(setNetworkBytesPackets) + .Add(setNetworkTransport) + .Add(setNetworkDirection) + .Add(setNetworkType) + .Add(setRelatedIP) + .Build(); + + return { + process: pipeline.Run, + }; +} + +var vpcflow; + +// Register params from configuration. +function register(params) { + vpcflow = new VPCFlow(params.keep_original_message); +} + +function process(evt) { + return vpcflow.process(evt); +} diff --git a/filebeat/module/googlecloud/vpcflow/ingest/pipeline.yml b/filebeat/module/googlecloud/vpcflow/ingest/pipeline.yml new file mode 100644 index 00000000000..161de8ea031 --- /dev/null +++ b/filebeat/module/googlecloud/vpcflow/ingest/pipeline.yml @@ -0,0 +1,51 @@ +description: Pipeline for Google Cloud VPC Flow Logs + +processors: + # IP Geolocation Lookup + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true + + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/googlecloud/vpcflow/manifest.yml b/filebeat/module/googlecloud/vpcflow/manifest.yml new file mode 100644 index 00000000000..6c2ec7c1da3 --- /dev/null +++ b/filebeat/module/googlecloud/vpcflow/manifest.yml @@ -0,0 +1,21 @@ +module_version: "1.0" + +var: + - name: input + default: google-pubsub + - name: project_id + default: SET_PROJECT_NAME + - name: topic + default: stackdriver-vpcflow + - name: subscription_name + default: filebeat-googlecloud-vpcflow + - name: credentials_file + - name: credentials_json + - name: keep_original_message + default: false +ingest_pipeline: ingest/pipeline.yml +input: config/input.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log b/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log new file mode 100644 index 00000000000..6e27f806daa --- /dev/null +++ b/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log @@ -0,0 +1,296 @@ +{"insertId":"ut8lbrffooxyw","jsonPayload":{"bytes_sent":"1776","connection":{"dest_ip":"203.0.113.12","dest_port":33478,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:45:37.301953198Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:45:37.186193305Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxzb","jsonPayload":{"bytes_sent":"173663","connection":{"dest_ip":"10.87.40.76","dest_port":33970,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"68","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466657665Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxze","jsonPayload":{"bytes_sent":"155707","connection":{"dest_ip":"203.0.113.134","dest_port":33576,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821143836Z","packets_sent":"78","reporter":"SRC","rtt_msec":"201","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510622432Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyz","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"192.0.2.23","dest_port":59679,"protocol":6,"src_ip":"10.139.99.242","src_port":22},"dest_location":{"asn":49505,"city":"Saint Petersburg","continent":"Europe","country":"rus","region":"Saint Petersburg"},"end_time":"2019-06-14T03:40:46.031032701Z","packets_sent":"1","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:45.860349247Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz6","jsonPayload":{"bytes_sent":"1784","connection":{"dest_ip":"192.0.2.117","dest_port":50646,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:40:37.048196137Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:36.895188084Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxzf","jsonPayload":{"bytes_sent":"1464","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":50646},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:37.048196137Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:40:36.895188084Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz1","jsonPayload":{"bytes_sent":"186151","connection":{"dest_ip":"10.87.40.76","dest_port":33692,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"251","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyp","jsonPayload":{"bytes_sent":"15169","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33880},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821308944Z","packets_sent":"92","reporter":"SRC","rtt_msec":"3","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.469099728Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxzd","jsonPayload":{"bytes_sent":"250864","connection":{"dest_ip":"10.87.40.76","dest_port":33554,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565311154Z","packets_sent":"247","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500506974Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz8","jsonPayload":{"bytes_sent":"167939","connection":{"dest_ip":"10.87.40.76","dest_port":33880,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821308944Z","packets_sent":"63","reporter":"DEST","rtt_msec":"3","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.469099728Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyt","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"10.139.99.242","dest_port":22,"protocol":6,"src_ip":"192.0.2.23","src_port":59679},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:46.031032701Z","packets_sent":"3","reporter":"DEST","src_location":{"asn":49505,"city":"Saint Petersburg","continent":"Europe","country":"rus","region":"Saint Petersburg"},"start_time":"2019-06-14T03:40:45.860349247Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz5","jsonPayload":{"bytes_sent":"11773","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33576},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821056075Z","packets_sent":"94","reporter":"DEST","rtt_msec":"201","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510622432Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxza","jsonPayload":{"bytes_sent":"65699","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33562},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.393910944Z","packets_sent":"356","reporter":"DEST","rtt_msec":"192","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074897435Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyq","jsonPayload":{"bytes_sent":"66029","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33692},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"361","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz2","jsonPayload":{"bytes_sent":"65154","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33542},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565272745Z","packets_sent":"360","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150720950Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyo","jsonPayload":{"bytes_sent":"13643","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33970},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"99","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466657665Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxzc","jsonPayload":{"bytes_sent":"34509840","connection":{"dest_ip":"10.49.136.133","dest_port":46864,"protocol":6,"src_ip":"203.0.113.93","src_port":9243},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"simianhacker-demo","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:29.432367659Z","packets_sent":"8690","reporter":"DEST","rtt_msec":"36","start_time":"2019-06-14T03:40:17.343890802Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz7","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":34836},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:48:39.076420731Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:48:38.961050187Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyu","jsonPayload":{"bytes_sent":"63671","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33554},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565311154Z","packets_sent":"367","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500506974Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyv","jsonPayload":{"bytes_sent":"51075","connection":{"dest_ip":"203.0.113.58","dest_port":65320,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220714119Z","packets_sent":"608","reporter":"SRC","rtt_msec":"220","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.560917237Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz0","jsonPayload":{"bytes_sent":"197840","connection":{"dest_ip":"203.0.113.134","dest_port":33562,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.393910944Z","packets_sent":"258","reporter":"SRC","rtt_msec":"192","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074897435Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxys","jsonPayload":{"bytes_sent":"173805495","connection":{"dest_ip":"203.0.113.93","dest_port":9243,"protocol":6,"src_ip":"10.49.136.133","src_port":46864},"end_time":"2019-06-14T03:49:58.716492806Z","packets_sent":"44438","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"simianhacker-demo","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:17.306085222Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyx","jsonPayload":{"bytes_sent":"1468","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":33478},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:45:37.301953198Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:45:37.186193305Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz4","jsonPayload":{"bytes_sent":"159704","connection":{"dest_ip":"203.0.113.134","dest_port":33548,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.393651211Z","packets_sent":"241","reporter":"SRC","rtt_msec":"50","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.147252064Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz3","jsonPayload":{"bytes_sent":"70775","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65320},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220714119Z","packets_sent":"732","reporter":"DEST","rtt_msec":"220","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.560917237Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz9","jsonPayload":{"bytes_sent":"281147","connection":{"dest_ip":"10.87.40.76","dest_port":33542,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565272745Z","packets_sent":"246","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150720950Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyr","jsonPayload":{"bytes_sent":"63590","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33548},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:48.537763242Z","packets_sent":"340","reporter":"DEST","rtt_msec":"50","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.147252064Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyy","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"203.0.113.12","dest_port":34836,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:48:39.076420731Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:48:38.961050187Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"1ulp77rfdvho4g","jsonPayload":{"bytes_sent":"1239","connection":{"dest_ip":"10.139.99.242","dest_port":22,"protocol":6,"src_ip":"192.0.2.165","src_port":59623},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:52.361155668Z","packets_sent":"18","reporter":"DEST","rtt_msec":"233","src_location":{"asn":45899,"city":"VÄ©nh Yên","continent":"Asia","country":"vnm","region":"Vinh Phuc Province"},"start_time":"2019-06-14T03:40:46.541094678Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5r","jsonPayload":{"bytes_sent":"63853","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33552},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:55.213244028Z","packets_sent":"363","reporter":"SRC","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075811571Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5k","jsonPayload":{"bytes_sent":"1458","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":33924},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:46:20.745658276Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:46:20.634435179Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho55","jsonPayload":{"bytes_sent":"252397","connection":{"dest_ip":"203.0.113.134","dest_port":33534,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597088427Z","packets_sent":"260","reporter":"SRC","rtt_msec":"311","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075942176Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho60","jsonPayload":{"bytes_sent":"205787","connection":{"dest_ip":"203.0.113.134","dest_port":33694,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565117754Z","packets_sent":"265","reporter":"SRC","rtt_msec":"216","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.566551903Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho49","jsonPayload":{"bytes_sent":"106409","connection":{"dest_ip":"203.0.113.58","dest_port":65263,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220748025Z","packets_sent":"607","reporter":"SRC","rtt_msec":"87","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.270990648Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4t","jsonPayload":{"bytes_sent":"61242","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33534},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597088427Z","packets_sent":"356","reporter":"DEST","rtt_msec":"311","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075942176Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho68","jsonPayload":{"bytes_sent":"248826","connection":{"dest_ip":"203.0.113.101","dest_port":49680,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"siem-windows","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"windows-isolated","vpc_name":"windows-isolated"},"end_time":"2019-06-14T03:49:55.705469925Z","packets_sent":"735","reporter":"SRC","rtt_msec":"113","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.711043814Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5n","jsonPayload":{"bytes_sent":"1777","connection":{"dest_ip":"192.0.2.117","dest_port":33862,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:46:11.779780615Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:46:11.655143526Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5l","jsonPayload":{"bytes_sent":"116845","connection":{"dest_ip":"203.0.113.58","dest_port":65321,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.312105537Z","packets_sent":"594","reporter":"SRC","rtt_msec":"219","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.843986502Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho65","jsonPayload":{"bytes_sent":"4614","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33524},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.461087350Z","packets_sent":"58","reporter":"DEST","rtt_msec":"0","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:24.790136141Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4b","jsonPayload":{"bytes_sent":"50379","connection":{"dest_ip":"192.0.2.177","dest_port":60112,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:18.224268993Z","packets_sent":"130","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:14.031541248Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4m","jsonPayload":{"bytes_sent":"200417","connection":{"dest_ip":"10.87.40.76","dest_port":33552,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:55.213244028Z","packets_sent":"250","reporter":"DEST","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075811571Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5t","jsonPayload":{"bytes_sent":"30233","connection":{"dest_ip":"203.0.113.134","dest_port":33524,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.461087350Z","packets_sent":"37","reporter":"SRC","rtt_msec":"0","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:24.790136141Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho50","jsonPayload":{"bytes_sent":"160693","connection":{"dest_ip":"10.87.40.76","dest_port":33548,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565451051Z","packets_sent":"237","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.147072949Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho63","jsonPayload":{"bytes_sent":"59903","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33694},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565117754Z","packets_sent":"353","reporter":"DEST","rtt_msec":"216","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.566551903Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4r","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"198.51.100.107","dest_port":33924,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:46:20.745658276Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:46:20.634545217Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4i","jsonPayload":{"bytes_sent":"129335","connection":{"dest_ip":"203.0.113.58","dest_port":65271,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:55.318940798Z","packets_sent":"605","reporter":"SRC","rtt_msec":"89","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.155378070Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5v","jsonPayload":{"bytes_sent":"1464","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":33862},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:46:11.779780615Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:46:11.655143526Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5i","jsonPayload":{"bytes_sent":"75477","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65321},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.312105537Z","packets_sent":"737","reporter":"DEST","rtt_msec":"219","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.843986502Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5c","jsonPayload":{"bytes_sent":"102119","connection":{"dest_ip":"203.0.113.58","dest_port":65316,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220838853Z","packets_sent":"600","reporter":"SRC","rtt_msec":"86","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.565831992Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5p","jsonPayload":{"bytes_sent":"1541638","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.101","src_port":49680},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:55.705469925Z","packets_sent":"949","reporter":"DEST","rtt_msec":"113","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"siem-windows","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"windows-isolated","vpc_name":"windows-isolated"},"start_time":"2019-06-14T03:39:59.711043814Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4y","jsonPayload":{"bytes_sent":"755901","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"192.0.2.177","src_port":60112},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:18.224268993Z","packets_sent":"227","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:14.031541248Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4o","jsonPayload":{"bytes_sent":"248715","connection":{"dest_ip":"203.0.113.134","dest_port":33558,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.394676451Z","packets_sent":"270","reporter":"SRC","rtt_msec":"144","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:58.492572765Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5g","jsonPayload":{"bytes_sent":"69757","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65316},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220838853Z","packets_sent":"709","reporter":"DEST","rtt_msec":"86","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.565831992Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho59","jsonPayload":{"bytes_sent":"69440","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65263},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220748025Z","packets_sent":"728","reporter":"DEST","rtt_msec":"87","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:01.270990648Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho57","jsonPayload":{"bytes_sent":"1457","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":50438},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:20.569744903Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:40:20.454046087Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5e","jsonPayload":{"bytes_sent":"1784","connection":{"dest_ip":"192.0.2.117","dest_port":50438,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:40:20.569744903Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.454046087Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4d","jsonPayload":{"bytes_sent":"2395","connection":{"dest_ip":"192.0.2.165","dest_port":59623,"protocol":6,"src_ip":"10.139.99.242","src_port":22},"dest_location":{"asn":45899,"city":"VÄ©nh Yên","continent":"Asia","country":"vnm","region":"Vinh Phuc Province"},"end_time":"2019-06-14T03:40:52.361155668Z","packets_sent":"11","reporter":"SRC","rtt_msec":"233","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:46.541094678Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5y","jsonPayload":{"bytes_sent":"60335","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33558},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:48.538257098Z","packets_sent":"353","reporter":"DEST","rtt_msec":"144","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:58.492572765Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho6a","jsonPayload":{"bytes_sent":"65565","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33548},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565451051Z","packets_sent":"354","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.147072949Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4v","jsonPayload":{"bytes_sent":"70174","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65271},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:55.318940798Z","packets_sent":"717","reporter":"DEST","rtt_msec":"89","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.155378070Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"bnj3cofh3cdk1","jsonPayload":{"bytes_sent":"1461","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":34178},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:46:51.355687385Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:46:51.237256499Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdjx","jsonPayload":{"bytes_sent":"1460","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":33602},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:45:51.090104692Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:45:50.954948790Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdju","jsonPayload":{"bytes_sent":"66736","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33554},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565131125Z","packets_sent":"366","reporter":"DEST","rtt_msec":"224","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:02.143837873Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdjz","jsonPayload":{"bytes_sent":"1776","connection":{"dest_ip":"198.51.100.107","dest_port":33602,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:45:51.090104692Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:45:50.954948790Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkk","jsonPayload":{"bytes_sent":"1464","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":52454},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:42:40.888804332Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:42:40.779893091Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk0","jsonPayload":{"bytes_sent":"259510","connection":{"dest_ip":"10.87.40.76","dest_port":33534,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597279654Z","packets_sent":"251","reporter":"DEST","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075756033Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk8","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"203.0.113.27","dest_port":52260,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:42:11.183868408Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:42:11.063146265Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkp","jsonPayload":{"bytes_sent":"65069","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33530},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565300944Z","packets_sent":"361","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.140119099Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkc","jsonPayload":{"bytes_sent":"60530","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33556},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565335113Z","packets_sent":"366","reporter":"SRC","rtt_msec":"15","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkm","jsonPayload":{"bytes_sent":"11384","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33570},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821047175Z","packets_sent":"86","reporter":"DEST","rtt_msec":"230","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.469473010Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdjy","jsonPayload":{"bytes_sent":"272063","connection":{"dest_ip":"203.0.113.134","dest_port":33554,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565131125Z","packets_sent":"247","reporter":"SRC","rtt_msec":"224","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:02.143837873Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdjv","jsonPayload":{"bytes_sent":"1791","connection":{"dest_ip":"203.0.113.27","dest_port":53706,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:43:50.822333871Z","packets_sent":"7","reporter":"SRC","rtt_msec":"43","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:43:50.703302550Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkh","jsonPayload":{"bytes_sent":"18295","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33858},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789039435Z","packets_sent":"118","reporter":"DEST","rtt_msec":"253","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.458515996Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkg","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":33064},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:44:40.243022993Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:44:40.125336665Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk7","jsonPayload":{"bytes_sent":"165290","connection":{"dest_ip":"10.87.40.76","dest_port":33556,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565335113Z","packets_sent":"251","reporter":"DEST","rtt_msec":"15","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk9","jsonPayload":{"bytes_sent":"1458","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":53706},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:43:50.822333871Z","packets_sent":"7","reporter":"DEST","rtt_msec":"43","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:43:50.703302550Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkj","jsonPayload":{"bytes_sent":"1464","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":52260},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:42:11.183868408Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:42:11.063146265Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdki","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"203.0.113.27","dest_port":34090,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:46:37.827345444Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:46:37.712749588Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkd","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"203.0.113.12","dest_port":34178,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:46:51.355687385Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:46:51.237256499Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdjw","jsonPayload":{"bytes_sent":"1776","connection":{"dest_ip":"198.51.100.107","dest_port":33064,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:44:40.243022993Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:44:40.125336665Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk3","jsonPayload":{"bytes_sent":"1461","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":34906},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:48:50.757255245Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:48:50.642206049Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkb","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"203.0.113.12","dest_port":58216,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:49:36.982303071Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:49:36.865198297Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk4","jsonPayload":{"bytes_sent":"60222","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33534},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597279654Z","packets_sent":"361","reporter":"SRC","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075756033Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkf","jsonPayload":{"bytes_sent":"61810","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33510},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565335113Z","packets_sent":"358","reporter":"SRC","rtt_msec":"16","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500418290Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkl","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":58216},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:36.982303071Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:49:36.865198297Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk2","jsonPayload":{"bytes_sent":"136558","connection":{"dest_ip":"10.87.40.76","dest_port":33510,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565335113Z","packets_sent":"243","reporter":"DEST","rtt_msec":"16","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500418290Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdko","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"198.51.100.107","dest_port":34906,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:48:50.757255245Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:48:50.642206049Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdke","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"203.0.113.27","dest_port":52454,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:42:40.888804332Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:42:40.779893091Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdka","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":34090},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:46:37.827345444Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:46:37.712749588Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkn","jsonPayload":{"bytes_sent":"170396","connection":{"dest_ip":"10.87.40.76","dest_port":33530,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565300944Z","packets_sent":"246","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.140119099Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk5","jsonPayload":{"bytes_sent":"171610","connection":{"dest_ip":"203.0.113.134","dest_port":33570,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821129119Z","packets_sent":"71","reporter":"SRC","rtt_msec":"230","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.469473010Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk6","jsonPayload":{"bytes_sent":"15186","connection":{"dest_ip":"203.0.113.134","dest_port":33858,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933164456Z","packets_sent":"75","reporter":"SRC","rtt_msec":"253","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.458515996Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"y4wffpfk2ero3","jsonPayload":{"bytes_sent":"208416","connection":{"dest_ip":"203.0.113.134","dest_port":33590,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565116665Z","packets_sent":"249","reporter":"SRC","rtt_msec":"109","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.147151100Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroh","jsonPayload":{"bytes_sent":"90977","connection":{"dest_ip":"192.0.2.177","dest_port":60108,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:54.108975753Z","packets_sent":"357","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.762958327Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erom","jsonPayload":{"bytes_sent":"187301","connection":{"dest_ip":"203.0.113.134","dest_port":33536,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565156020Z","packets_sent":"242","reporter":"SRC","rtt_msec":"194","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150481417Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2ero9","jsonPayload":{"bytes_sent":"139106","connection":{"dest_ip":"10.87.40.76","dest_port":33560,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"244","reporter":"DEST","rtt_msec":"11","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075859688Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erog","jsonPayload":{"bytes_sent":"1733360","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"192.0.2.177","src_port":60108},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:54.108975753Z","packets_sent":"708","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.762958327Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2ero7","jsonPayload":{"bytes_sent":"149157","connection":{"dest_ip":"203.0.113.134","dest_port":33874,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933099658Z","packets_sent":"74","reporter":"SRC","rtt_msec":"142","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.513551480Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroe","jsonPayload":{"bytes_sent":"11108","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33968},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.965119632Z","packets_sent":"95","reporter":"DEST","rtt_msec":"201","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.480430427Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroa","jsonPayload":{"bytes_sent":"67337","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33590},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565116665Z","packets_sent":"351","reporter":"DEST","rtt_msec":"109","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.147151100Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroi","jsonPayload":{"bytes_sent":"136375","connection":{"dest_ip":"10.87.40.76","dest_port":33538,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"246","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500483335Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2ero8","jsonPayload":{"bytes_sent":"181424","connection":{"dest_ip":"203.0.113.134","dest_port":33690,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.393929808Z","packets_sent":"241","reporter":"SRC","rtt_msec":"196","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075867049Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erol","jsonPayload":{"bytes_sent":"9303","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33874},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933099658Z","packets_sent":"94","reporter":"DEST","rtt_msec":"142","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.513551480Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2ero4","jsonPayload":{"bytes_sent":"142871","connection":{"dest_ip":"203.0.113.134","dest_port":33572,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821149051Z","packets_sent":"77","reporter":"SRC","rtt_msec":"335","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.470754779Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eror","jsonPayload":{"bytes_sent":"158811","connection":{"dest_ip":"203.0.113.134","dest_port":33968,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.965119632Z","packets_sent":"69","reporter":"SRC","rtt_msec":"201","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.480430427Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erob","jsonPayload":{"bytes_sent":"13455","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33880},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821047175Z","packets_sent":"81","reporter":"DEST","rtt_msec":"252","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.470071135Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erox","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"203.0.113.12","dest_port":57300,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:48:22.156322353Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:48:22.044604322Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroc","jsonPayload":{"bytes_sent":"71014","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65315},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220720811Z","packets_sent":"728","reporter":"DEST","rtt_msec":"210","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.844068405Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erok","jsonPayload":{"bytes_sent":"60749","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33538},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"362","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500483335Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eros","jsonPayload":{"bytes_sent":"160451","connection":{"dest_ip":"203.0.113.134","dest_port":33880,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821138391Z","packets_sent":"66","reporter":"SRC","rtt_msec":"252","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.470071135Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erod","jsonPayload":{"bytes_sent":"169173","connection":{"dest_ip":"10.87.40.76","dest_port":33574,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821291282Z","packets_sent":"64","reporter":"DEST","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466811088Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2ero6","jsonPayload":{"bytes_sent":"118762","connection":{"dest_ip":"203.0.113.58","dest_port":65315,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220720811Z","packets_sent":"615","reporter":"SRC","rtt_msec":"210","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.844068405Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eron","jsonPayload":{"bytes_sent":"11137","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33576},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"96","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510464198Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroy","jsonPayload":{"bytes_sent":"1458","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":57300},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:48:22.156322353Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:48:22.044604322Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erof","jsonPayload":{"bytes_sent":"1776","connection":{"dest_ip":"203.0.113.12","dest_port":54662,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:45:12.142682672Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:45:12.027895189Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erov","jsonPayload":{"bytes_sent":"11674","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33572},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821056075Z","packets_sent":"96","reporter":"DEST","rtt_msec":"335","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.470754779Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erop","jsonPayload":{"bytes_sent":"62831","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33540},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789112562Z","packets_sent":"346","reporter":"DEST","rtt_msec":"313","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074813982Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erou","jsonPayload":{"bytes_sent":"15169","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33574},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821291282Z","packets_sent":"93","reporter":"SRC","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466811088Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroj","jsonPayload":{"bytes_sent":"1464","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":54662},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:45:12.142682672Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:45:12.027895189Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erow","jsonPayload":{"bytes_sent":"64588","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33560},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"362","reporter":"SRC","rtt_msec":"11","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075859688Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erot","jsonPayload":{"bytes_sent":"67315","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33536},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565156020Z","packets_sent":"354","reporter":"DEST","rtt_msec":"194","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150481417Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroq","jsonPayload":{"bytes_sent":"175633","connection":{"dest_ip":"10.87.40.76","dest_port":33576,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"67","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510464198Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2ero5","jsonPayload":{"bytes_sent":"116981","connection":{"dest_ip":"203.0.113.134","dest_port":33540,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789112562Z","packets_sent":"234","reporter":"SRC","rtt_msec":"313","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074813982Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroo","jsonPayload":{"bytes_sent":"67789","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33690},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:48.542406314Z","packets_sent":"344","reporter":"DEST","rtt_msec":"196","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075867049Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"ptjoddfhmrhg9","jsonPayload":{"bytes_sent":"136166","connection":{"dest_ip":"203.0.113.134","dest_port":33538,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565124617Z","packets_sent":"245","reporter":"SRC","rtt_msec":"250","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074952616Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgh","jsonPayload":{"bytes_sent":"68262","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65257},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220614265Z","packets_sent":"718","reporter":"DEST","rtt_msec":"220","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.403388091Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgj","jsonPayload":{"bytes_sent":"1457","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":52328},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:42:20.952481728Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:42:20.842840991Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgr","jsonPayload":{"bytes_sent":"1460","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":59790},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:50.702194466Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:40:50.590894439Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgn","jsonPayload":{"bytes_sent":"73681","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65317},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220599950Z","packets_sent":"728","reporter":"DEST","rtt_msec":"62","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.740491697Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhga","jsonPayload":{"bytes_sent":"92566","connection":{"dest_ip":"203.0.113.58","dest_port":65317,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220599950Z","packets_sent":"596","reporter":"SRC","rtt_msec":"62","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.740491697Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgk","jsonPayload":{"bytes_sent":"66094","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33692},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565137912Z","packets_sent":"360","reporter":"DEST","rtt_msec":"181","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.558259934Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgm","jsonPayload":{"bytes_sent":"4900","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65262},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220741828Z","packets_sent":"542","reporter":"DEST","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.251430011Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgd","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"198.51.100.107","dest_port":52328,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:42:20.952481728Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:42:20.842840991Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgl","jsonPayload":{"bytes_sent":"63280","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33552},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:55.213081491Z","packets_sent":"361","reporter":"DEST","rtt_msec":"21","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075957044Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgi","jsonPayload":{"bytes_sent":"774029","connection":{"dest_ip":"198.51.100.239","dest_port":37292,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":24940,"city":"Bucharest","continent":"Europe","country":"rou","region":"Bucharest"},"end_time":"2019-06-14T03:49:35.841633589Z","packets_sent":"403","reporter":"SRC","rtt_msec":"102","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:35.048156283Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgo","jsonPayload":{"bytes_sent":"359272","connection":{"dest_ip":"10.87.40.76","dest_port":33876,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933338264Z","packets_sent":"66","reporter":"DEST","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466706102Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgp","jsonPayload":{"bytes_sent":"310476","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"198.51.100.239","src_port":37292},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:35.841633589Z","packets_sent":"214","reporter":"DEST","rtt_msec":"102","src_location":{"asn":24940,"city":"Bucharest","continent":"Europe","country":"rou","region":"Bucharest"},"start_time":"2019-06-14T03:40:35.048156283Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhg8","jsonPayload":{"bytes_sent":"1784","connection":{"dest_ip":"198.51.100.107","dest_port":59790,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:40:50.702194466Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:50.590894439Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgf","jsonPayload":{"bytes_sent":"209716","connection":{"dest_ip":"203.0.113.134","dest_port":33552,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:55.213081491Z","packets_sent":"262","reporter":"SRC","rtt_msec":"21","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075957044Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgg","jsonPayload":{"bytes_sent":"165643","connection":{"dest_ip":"203.0.113.134","dest_port":33556,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565214145Z","packets_sent":"256","reporter":"SRC","rtt_msec":"133","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:03.062674441Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgb","jsonPayload":{"bytes_sent":"65890","connection":{"dest_ip":"203.0.113.58","dest_port":65257,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220614265Z","packets_sent":"593","reporter":"SRC","rtt_msec":"220","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.403388091Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgs","jsonPayload":{"bytes_sent":"62620","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33538},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565124617Z","packets_sent":"358","reporter":"DEST","rtt_msec":"250","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074952616Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhge","jsonPayload":{"bytes_sent":"185520","connection":{"dest_ip":"203.0.113.134","dest_port":33692,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565137912Z","packets_sent":"249","reporter":"SRC","rtt_msec":"181","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.558259934Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgc","jsonPayload":{"bytes_sent":"33269","connection":{"dest_ip":"203.0.113.58","dest_port":65262,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220741828Z","packets_sent":"517","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.251430011Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhg7","jsonPayload":{"bytes_sent":"58811","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33556},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565214145Z","packets_sent":"358","reporter":"DEST","rtt_msec":"133","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:03.062674441Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgq","jsonPayload":{"bytes_sent":"5220","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33876},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933338264Z","packets_sent":"86","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466706102Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"bxuq05fhgmw9d","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"10.139.99.242","dest_port":22,"protocol":6,"src_ip":"198.51.100.182","src_port":41818},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:13.478093057Z","packets_sent":"4","reporter":"DEST","rtt_msec":"1350","src_location":{"asn":4837,"city":"Shangqiu","continent":"Asia","country":"chn","region":"Henan"},"start_time":"2019-06-14T03:40:11.031370298Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw90","jsonPayload":{"bytes_sent":"4580","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33524},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.461240929Z","packets_sent":"60","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:24.789945697Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw8w","jsonPayload":{"bytes_sent":"270437","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65322},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:55.408936364Z","packets_sent":"668","reporter":"DEST","rtt_msec":"92","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.703392247Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw94","jsonPayload":{"bytes_sent":"19019","connection":{"dest_ip":"203.0.113.58","dest_port":65322,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:55.408936364Z","packets_sent":"604","reporter":"SRC","rtt_msec":"92","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.703392247Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw8x","jsonPayload":{"bytes_sent":"16208","connection":{"dest_ip":"10.87.40.76","dest_port":33568,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789269849Z","packets_sent":"80","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.455711202Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw8v","jsonPayload":{"bytes_sent":"9800","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33568},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789269849Z","packets_sent":"120","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.455711202Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw8z","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":58026},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:09.114674887Z","packets_sent":"7","reporter":"DEST","rtt_msec":"40","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:49:08.995009558Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9b","jsonPayload":{"bytes_sent":"19506","connection":{"dest_ip":"10.87.40.76","dest_port":33564,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597223164Z","packets_sent":"180","reporter":"DEST","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.866699945Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw8y","jsonPayload":{"bytes_sent":"1496","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":32882},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:44:07.811355936Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:44:07.689331553Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9e","jsonPayload":{"bytes_sent":"155675","connection":{"dest_ip":"192.0.2.177","dest_port":60126,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:52.101129310Z","packets_sent":"288","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:02.019841536Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw98","jsonPayload":{"bytes_sent":"1791","connection":{"dest_ip":"203.0.113.27","dest_port":32882,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:44:07.811355936Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:44:07.689331553Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw96","jsonPayload":{"bytes_sent":"28304484","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.212","src_port":39568},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:02.085146013Z","packets_sent":"2400","reporter":"DEST","rtt_msec":"15","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:40:00.480787267Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw99","jsonPayload":{"bytes_sent":"2962242","connection":{"dest_ip":"203.0.113.212","dest_port":39568,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:49:02.085146013Z","packets_sent":"1340","reporter":"SRC","rtt_msec":"15","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.480787267Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw93","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"192.0.2.117","dest_port":58026,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:49:09.114674887Z","packets_sent":"7","reporter":"SRC","rtt_msec":"40","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:49:08.995009558Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9f","jsonPayload":{"bytes_sent":"9611","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33874},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933323342Z","packets_sent":"101","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510575555Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9j","jsonPayload":{"bytes_sent":"318481","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33564},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597223164Z","packets_sent":"181","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.866699945Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw97","jsonPayload":{"bytes_sent":"139359","connection":{"dest_ip":"10.87.40.76","dest_port":33874,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933323342Z","packets_sent":"70","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510575555Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9i","jsonPayload":{"bytes_sent":"1461","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":60640},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:42:50.942543211Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:42:50.830164366Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9c","jsonPayload":{"bytes_sent":"45","connection":{"dest_ip":"198.51.100.182","dest_port":41818,"protocol":6,"src_ip":"10.139.99.242","src_port":22},"dest_location":{"asn":4837,"city":"Shangqiu","continent":"Asia","country":"chn","region":"Henan"},"end_time":"2019-06-14T03:43:16.809366809Z","packets_sent":"9","reporter":"SRC","rtt_msec":"1350","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:11.031370298Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9h","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"203.0.113.27","dest_port":60640,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:42:50.942543211Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:42:50.830164366Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw92","jsonPayload":{"bytes_sent":"358920","connection":{"dest_ip":"10.87.40.76","dest_port":33966,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"61","reporter":"DEST","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510534141Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw8u","jsonPayload":{"bytes_sent":"653827","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"198.51.100.88","src_port":53104},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:45.312543839Z","packets_sent":"286","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.188944581Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9g","jsonPayload":{"bytes_sent":"5220","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33966},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"81","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510534141Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw91","jsonPayload":{"bytes_sent":"31140","connection":{"dest_ip":"10.87.40.76","dest_port":33524,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.461240929Z","packets_sent":"40","reporter":"DEST","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:24.789945697Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw95","jsonPayload":{"bytes_sent":"1610630","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"192.0.2.177","src_port":60126},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:52.101129310Z","packets_sent":"509","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:02.019841536Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9a","jsonPayload":{"bytes_sent":"37145","connection":{"dest_ip":"198.51.100.88","dest_port":53104,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:45.312543839Z","packets_sent":"158","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.188944581Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"198begsfh44xy3","jsonPayload":{"bytes_sent":"1460","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":53972},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:44:20.748121914Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:44:20.634231041Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxt","jsonPayload":{"bytes_sent":"1458","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":58100},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:20.632737426Z","packets_sent":"7","reporter":"DEST","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:49:20.512264850Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy8","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"192.0.2.117","dest_port":58100,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:49:20.632777660Z","packets_sent":"7","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:49:20.512407536Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy9","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"198.51.100.107","dest_port":60756,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:43:11.032929292Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:43:10.912193869Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxr","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"10.139.99.242","dest_port":22,"protocol":6,"src_ip":"198.51.100.182","src_port":14236},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:12.064908439Z","packets_sent":"3","reporter":"DEST","src_location":{"asn":4837,"city":"Shangqiu","continent":"Asia","country":"chn","region":"Henan"},"start_time":"2019-06-14T03:40:08.247072525Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy2","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"203.0.113.27","dest_port":60122,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:41:39.207635184Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:41:39.087226326Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy6","jsonPayload":{"bytes_sent":"1782","connection":{"dest_ip":"203.0.113.12","dest_port":53972,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:44:20.748121914Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:44:20.634231041Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxx","jsonPayload":{"bytes_sent":"68545","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33530},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:52.205089801Z","packets_sent":"368","reporter":"DEST","rtt_msec":"163","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.140301693Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy4","jsonPayload":{"bytes_sent":"74613","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65274},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220838853Z","packets_sent":"745","reporter":"DEST","rtt_msec":"209","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:01.270996793Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy1","jsonPayload":{"bytes_sent":"74942","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":53879},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.312105537Z","packets_sent":"726","reporter":"DEST","rtt_msec":"176","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.760414869Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxp","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":34450},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:47:38.299054333Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:47:38.189569840Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxv","jsonPayload":{"bytes_sent":"121593","connection":{"dest_ip":"203.0.113.58","dest_port":65274,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220838853Z","packets_sent":"610","reporter":"SRC","rtt_msec":"209","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.270996793Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy7","jsonPayload":{"bytes_sent":"1464","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":60968},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:43:39.777977145Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:43:39.653136947Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxs","jsonPayload":{"bytes_sent":"177471","connection":{"dest_ip":"203.0.113.134","dest_port":33530,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:52.205194199Z","packets_sent":"246","reporter":"SRC","rtt_msec":"163","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.140301693Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxq","jsonPayload":{"bytes_sent":"53315","connection":{"dest_ip":"203.0.113.58","dest_port":65275,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.316847800Z","packets_sent":"588","reporter":"SRC","rtt_msec":"82","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.565734921Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxz","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"203.0.113.27","dest_port":34450,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:47:38.299054333Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:47:38.189569840Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxy","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":60122},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:41:39.207635184Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:41:39.087226326Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxu","jsonPayload":{"bytes_sent":"102119","connection":{"dest_ip":"203.0.113.58","dest_port":53879,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.312105537Z","packets_sent":"608","reporter":"SRC","rtt_msec":"176","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.760414869Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxo","jsonPayload":{"bytes_sent":"1794","connection":{"dest_ip":"203.0.113.27","dest_port":60968,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:43:39.777977145Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:43:39.653136947Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy0","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":60756},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:43:11.032929292Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:43:10.912193869Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxw","jsonPayload":{"bytes_sent":"67013","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65275},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.316847800Z","packets_sent":"710","reporter":"DEST","rtt_msec":"82","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.565734921Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy5","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"198.51.100.182","dest_port":14236,"protocol":6,"src_ip":"10.139.99.242","src_port":22},"dest_location":{"asn":4837,"city":"Shangqiu","continent":"Asia","country":"chn","region":"Henan"},"end_time":"2019-06-14T03:40:09.257387426Z","packets_sent":"1","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.247072525Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"19im82tfdygznq","jsonPayload":{"bytes_sent":"64427","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33542},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565108524Z","packets_sent":"351","reporter":"DEST","rtt_msec":"173","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150870105Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzn6","jsonPayload":{"bytes_sent":"183366","connection":{"dest_ip":"10.87.40.76","dest_port":33690,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565311154Z","packets_sent":"242","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075665334Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznk","jsonPayload":{"bytes_sent":"185295","connection":{"dest_ip":"10.87.40.76","dest_port":33562,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:49.549471457Z","packets_sent":"244","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznm","jsonPayload":{"bytes_sent":"68961","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":49438},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220725956Z","packets_sent":"711","reporter":"DEST","rtt_msec":"114","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.398463104Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzob","jsonPayload":{"bytes_sent":"62072","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33532},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565272745Z","packets_sent":"360","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.072372604Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznc","jsonPayload":{"bytes_sent":"198326","connection":{"dest_ip":"10.87.40.76","dest_port":33590,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"246","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.146956782Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznj","jsonPayload":{"bytes_sent":"61436","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33550},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"362","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo5","jsonPayload":{"bytes_sent":"66791","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33690},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565311154Z","packets_sent":"355","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075665334Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzod","jsonPayload":{"bytes_sent":"1457","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":54812},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:45:20.708994883Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:45:20.595119257Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzna","jsonPayload":{"bytes_sent":"64466","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33562},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:49.549471457Z","packets_sent":"363","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzng","jsonPayload":{"bytes_sent":"174524","connection":{"dest_ip":"10.87.40.76","dest_port":33968,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.965294083Z","packets_sent":"66","reporter":"DEST","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.480272197Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo1","jsonPayload":{"bytes_sent":"181624065","connection":{"dest_ip":"10.49.136.133","dest_port":52780,"protocol":6,"src_ip":"203.0.113.228","src_port":9243},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"simianhacker-demo","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:58.592579489Z","packets_sent":"28344","reporter":"DEST","rtt_msec":"91","src_location":{"asn":16509,"city":"Boardman","continent":"America","country":"usa","region":"Oregon"},"start_time":"2019-06-14T03:40:17.183499423Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo8","jsonPayload":{"bytes_sent":"1460","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":51348},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:41:20.754300982Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:41:20.630975303Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzoa","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"192.0.2.12","dest_port":44128,"protocol":6,"src_ip":"10.73.186.17","src_port":22},"dest_location":{"asn":4837,"city":"Binzhou","continent":"Asia","country":"chn","region":"Shandong"},"end_time":"2019-06-14T03:45:22.081121292Z","packets_sent":"1","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"infraops-docker-data","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:45:22.080963433Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzn7","jsonPayload":{"bytes_sent":"11137","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33968},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.965294083Z","packets_sent":"95","reporter":"SRC","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.480272197Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznf","jsonPayload":{"bytes_sent":"1776","connection":{"dest_ip":"198.51.100.107","dest_port":54812,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:45:20.708994883Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:45:20.595119257Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzni","jsonPayload":{"bytes_sent":"21792","connection":{"dest_ip":"203.0.113.134","dest_port":33564,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597079770Z","packets_sent":"186","reporter":"SRC","rtt_msec":"340","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.866944869Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzns","jsonPayload":{"bytes_sent":"74370","connection":{"dest_ip":"203.0.113.58","dest_port":49438,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220725956Z","packets_sent":"580","reporter":"SRC","rtt_msec":"114","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.398463104Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznp","jsonPayload":{"bytes_sent":"138337","connection":{"dest_ip":"10.87.40.76","dest_port":33550,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"244","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo9","jsonPayload":{"bytes_sent":"30062","connection":{"dest_ip":"192.0.2.177","dest_port":60110,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:46.020466750Z","packets_sent":"124","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:10.874529937Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo3","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"192.0.2.117","dest_port":51348,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:41:20.754300982Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:41:20.630975303Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznz","jsonPayload":{"bytes_sent":"152218","connection":{"dest_ip":"203.0.113.134","dest_port":33560,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565026127Z","packets_sent":"243","reporter":"SRC","rtt_msec":"116","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.076060079Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo4","jsonPayload":{"bytes_sent":"143085","connection":{"dest_ip":"203.0.113.134","dest_port":33510,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565078274Z","packets_sent":"249","reporter":"SRC","rtt_msec":"352","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074688714Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznt","jsonPayload":{"bytes_sent":"61245","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33510},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565078274Z","packets_sent":"356","reporter":"DEST","rtt_msec":"352","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074688714Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznu","jsonPayload":{"bytes_sent":"65919","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33532},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565108524Z","packets_sent":"361","reporter":"DEST","rtt_msec":"270","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.072555233Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo6","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"198.51.100.182","dest_port":41822,"protocol":6,"src_ip":"10.139.99.242","src_port":22},"dest_location":{"asn":4837,"city":"Shangqiu","continent":"Asia","country":"chn","region":"Henan"},"end_time":"2019-06-14T03:40:40.058368408Z","packets_sent":"4","reporter":"SRC","rtt_msec":"1439","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:12.068494835Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzno","jsonPayload":{"bytes_sent":"188997","connection":{"dest_ip":"203.0.113.134","dest_port":33532,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565108524Z","packets_sent":"251","reporter":"SRC","rtt_msec":"270","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.072555233Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo0","jsonPayload":{"bytes_sent":"16783","connection":{"dest_ip":"203.0.113.134","dest_port":33568,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789035952Z","packets_sent":"79","reporter":"SRC","rtt_msec":"506","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.456732113Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznd","jsonPayload":{"bytes_sent":"18120","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33858},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789258875Z","packets_sent":"120","reporter":"SRC","rtt_msec":"4","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.458361534Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzn8","jsonPayload":{"bytes_sent":"64071","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33558},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565319136Z","packets_sent":"368","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.140109489Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznw","jsonPayload":{"bytes_sent":"175465","connection":{"dest_ip":"198.51.100.88","dest_port":53106,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.401543207Z","packets_sent":"337","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.020290305Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo2","jsonPayload":{"bytes_sent":"1987804","connection":{"dest_ip":"203.0.113.228","dest_port":9243,"protocol":6,"src_ip":"10.49.136.133","src_port":52780},"dest_location":{"asn":16509,"city":"Boardman","continent":"America","country":"usa","region":"Oregon"},"end_time":"2019-06-14T03:49:58.592579489Z","packets_sent":"26428","reporter":"SRC","rtt_msec":"91","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"simianhacker-demo","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:17.183499423Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzn9","jsonPayload":{"bytes_sent":"206824","connection":{"dest_ip":"10.87.40.76","dest_port":33532,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565272745Z","packets_sent":"242","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.072372604Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznh","jsonPayload":{"bytes_sent":"14287","connection":{"dest_ip":"10.87.40.76","dest_port":33858,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789258875Z","packets_sent":"80","reporter":"DEST","rtt_msec":"4","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.458361534Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzny","jsonPayload":{"bytes_sent":"59376","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33550},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565108649Z","packets_sent":"354","reporter":"DEST","rtt_msec":"250","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.496238286Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzoe","jsonPayload":{"bytes_sent":"11214","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33568},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789035952Z","packets_sent":"120","reporter":"DEST","rtt_msec":"506","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.456732113Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznn","jsonPayload":{"bytes_sent":"1763338","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"198.51.100.88","src_port":53106},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.401543207Z","packets_sent":"598","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.020290305Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznl","jsonPayload":{"bytes_sent":"67239","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33590},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"363","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.146956782Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznv","jsonPayload":{"bytes_sent":"250327","connection":{"dest_ip":"10.87.40.76","dest_port":33558,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565319136Z","packets_sent":"247","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.140109489Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzoc","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"10.73.186.17","dest_port":22,"protocol":6,"src_ip":"192.0.2.12","src_port":44128},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"infraops-docker-data","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:45:22.318564382Z","packets_sent":"2","reporter":"DEST","src_location":{"asn":4837,"city":"Binzhou","continent":"Asia","country":"chn","region":"Shandong"},"start_time":"2019-06-14T03:45:22.080963433Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzof","jsonPayload":{"bytes_sent":"266531","connection":{"dest_ip":"203.0.113.134","dest_port":33542,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565108524Z","packets_sent":"253","reporter":"SRC","rtt_msec":"173","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150870105Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznr","jsonPayload":{"bytes_sent":"65184","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33560},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565026127Z","packets_sent":"358","reporter":"DEST","rtt_msec":"116","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.076060079Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznx","jsonPayload":{"bytes_sent":"319459","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33564},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597079770Z","packets_sent":"180","reporter":"DEST","rtt_msec":"340","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.866944869Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo7","jsonPayload":{"bytes_sent":"519100","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"192.0.2.177","src_port":60110},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:46.020466750Z","packets_sent":"224","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:10.874529937Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznb","jsonPayload":{"bytes_sent":"139513","connection":{"dest_ip":"203.0.113.134","dest_port":33550,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565108649Z","packets_sent":"243","reporter":"SRC","rtt_msec":"250","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:02.143811431Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzne","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"10.139.99.242","dest_port":22,"protocol":6,"src_ip":"198.51.100.182","src_port":41822},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:40.058226439Z","packets_sent":"8","reporter":"DEST","rtt_msec":"1439","src_location":{"asn":4837,"city":"Shangqiu","continent":"Asia","country":"chn","region":"Henan"},"start_time":"2019-06-14T03:40:12.068494835Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"1gq7q7afe373fw","jsonPayload":{"bytes_sent":"11109","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33572},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821291282Z","packets_sent":"105","reporter":"SRC","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466742414Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373et","jsonPayload":{"bytes_sent":"173496","connection":{"dest_ip":"203.0.113.134","dest_port":33970,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821154389Z","packets_sent":"81","reporter":"SRC","rtt_msec":"308","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.470006631Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373f4","jsonPayload":{"bytes_sent":"182861","connection":{"dest_ip":"10.87.40.76","dest_port":33536,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565319136Z","packets_sent":"245","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150282980Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373eo","jsonPayload":{"bytes_sent":"12145","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33570},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"94","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466779642Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fb","jsonPayload":{"bytes_sent":"178669","connection":{"dest_ip":"203.0.113.58","dest_port":65319,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220617595Z","packets_sent":"634","reporter":"SRC","rtt_msec":"62","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.740597880Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fs","jsonPayload":{"bytes_sent":"62066","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33540},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789258875Z","packets_sent":"359","reporter":"SRC","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500483335Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ei","jsonPayload":{"bytes_sent":"13440","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33970},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821056075Z","packets_sent":"96","reporter":"DEST","rtt_msec":"308","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.470006631Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ez","jsonPayload":{"bytes_sent":"368131","connection":{"dest_ip":"203.0.113.134","dest_port":33966,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:50.800931420Z","packets_sent":"76","reporter":"SRC","rtt_msec":"0","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510698570Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fh","jsonPayload":{"bytes_sent":"66258","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33536},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565319136Z","packets_sent":"365","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150282980Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373es","jsonPayload":{"bytes_sent":"76976","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65276},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220621567Z","packets_sent":"749","reporter":"DEST","rtt_msec":"156","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.760349279Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fu","jsonPayload":{"bytes_sent":"72967","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65319},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220617595Z","packets_sent":"747","reporter":"DEST","rtt_msec":"62","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.740597880Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373f2","jsonPayload":{"bytes_sent":"1464","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":50364},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:08.797851544Z","packets_sent":"9","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:40:08.412738626Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ee","jsonPayload":{"bytes_sent":"1784","connection":{"dest_ip":"203.0.113.27","dest_port":50364,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:40:08.797851544Z","packets_sent":"8","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.412738626Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ey","jsonPayload":{"bytes_sent":"1457","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":33126},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:44:50.919744677Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:44:50.809605761Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373e7","jsonPayload":{"bytes_sent":"73215","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65318},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220599950Z","packets_sent":"747","reporter":"DEST","rtt_msec":"96","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.760345858Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373f8","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"203.0.113.12","dest_port":53096,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:43:20.813699795Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:43:20.700692281Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ec","jsonPayload":{"bytes_sent":"176465","connection":{"dest_ip":"10.87.40.76","dest_port":33570,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"65","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466779642Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373f5","jsonPayload":{"bytes_sent":"1776","connection":{"dest_ip":"203.0.113.27","dest_port":33126,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:44:50.919744677Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:44:50.809605761Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373f6","jsonPayload":{"bytes_sent":"1458","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":56478},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:47:20.566586739Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:47:20.450631492Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fo","jsonPayload":{"bytes_sent":"32764","connection":{"dest_ip":"198.51.100.88","dest_port":52430,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:53.081386115Z","packets_sent":"228","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:07.968717244Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ek","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"203.0.113.27","dest_port":34536,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:47:51.162931667Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:47:51.050074134Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fj","jsonPayload":{"bytes_sent":"137855","connection":{"dest_ip":"10.87.40.76","dest_port":33572,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821291282Z","packets_sent":"72","reporter":"DEST","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466742414Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fm","jsonPayload":{"bytes_sent":"125197","connection":{"dest_ip":"10.87.40.76","dest_port":33540,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789258875Z","packets_sent":"242","reporter":"DEST","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500483335Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373eg","jsonPayload":{"bytes_sent":"917832","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"198.51.100.88","src_port":53096},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.219496168Z","packets_sent":"230","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.853096315Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fc","jsonPayload":{"bytes_sent":"55572","connection":{"dest_ip":"198.51.100.88","dest_port":53096,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.219496168Z","packets_sent":"133","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.853096315Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373eq","jsonPayload":{"bytes_sent":"4615","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33966},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821049800Z","packets_sent":"75","reporter":"DEST","rtt_msec":"0","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510698570Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ev","jsonPayload":{"bytes_sent":"75612","connection":{"dest_ip":"203.0.113.58","dest_port":65318,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220599950Z","packets_sent":"583","reporter":"SRC","rtt_msec":"96","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.760345858Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373em","jsonPayload":{"bytes_sent":"1461","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":34536},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:47:51.162931667Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:47:51.050074134Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ew","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"198.51.100.107","dest_port":56478,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:47:20.566586739Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:47:20.450631492Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373e9","jsonPayload":{"bytes_sent":"64140","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33694},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565311154Z","packets_sent":"371","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.566359759Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373f9","jsonPayload":{"bytes_sent":"1458","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":53096},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:43:20.813699795Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:43:20.700692281Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373f1","jsonPayload":{"bytes_sent":"231764","connection":{"dest_ip":"10.87.40.76","dest_port":33694,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565311154Z","packets_sent":"251","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.566359759Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ff","jsonPayload":{"bytes_sent":"107878","connection":{"dest_ip":"203.0.113.58","dest_port":65276,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220621567Z","packets_sent":"614","reporter":"SRC","rtt_msec":"156","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.760349279Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fq","jsonPayload":{"bytes_sent":"595838","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"198.51.100.88","src_port":52430},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:53.081386115Z","packets_sent":"299","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:07.968717244Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"14iipwlfd8t01n","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"198.51.100.107","dest_port":56410,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:47:10.630345069Z","packets_sent":"7","reporter":"SRC","rtt_msec":"37","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:47:10.514594429Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01j","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"192.0.2.117","dest_port":51950,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:41:50.757658840Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:41:50.645030007Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01o","jsonPayload":{"bytes_sent":"361966","connection":{"dest_ip":"203.0.113.134","dest_port":33876,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933154111Z","packets_sent":"80","reporter":"SRC","rtt_msec":"34","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466868771Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01p","jsonPayload":{"bytes_sent":"1457","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":51950},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:41:50.757658840Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:41:50.645030007Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01e","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"192.0.2.117","dest_port":58658,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:49:50.856250208Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:49:50.733935895Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01q","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":59924},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:41:08.213471928Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:41:08.092659117Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01i","jsonPayload":{"bytes_sent":"1461","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":58658},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:50.856250208Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:49:50.733935895Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01k","jsonPayload":{"bytes_sent":"123732","connection":{"dest_ip":"203.0.113.58","dest_port":65272,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.316981133Z","packets_sent":"618","reporter":"SRC","rtt_msec":"123","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.403442252Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01f","jsonPayload":{"bytes_sent":"76342","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65273},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.316930467Z","packets_sent":"710","reporter":"DEST","rtt_msec":"115","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.155378287Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t018","jsonPayload":{"bytes_sent":"9761","connection":{"dest_ip":"192.0.2.73","dest_port":45224,"protocol":6,"src_ip":"10.73.186.17","src_port":22},"dest_location":{"asn":4847,"city":"Beijing","continent":"Asia","country":"chn","region":"Beijing"},"end_time":"2019-06-14T03:44:23.955039461Z","packets_sent":"13","reporter":"SRC","rtt_msec":"242","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"infraops-docker-data","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:42:23.705320616Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01a","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":56410},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:47:10.630345069Z","packets_sent":"7","reporter":"DEST","rtt_msec":"37","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:47:10.514594429Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t017","jsonPayload":{"bytes_sent":"51612","connection":{"dest_ip":"203.0.113.58","dest_port":65277,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.316890309Z","packets_sent":"615","reporter":"SRC","rtt_msec":"95","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.760385211Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01m","jsonPayload":{"bytes_sent":"74330","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65272},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.316981133Z","packets_sent":"745","reporter":"DEST","rtt_msec":"123","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.403442252Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t015","jsonPayload":{"bytes_sent":"1784","connection":{"dest_ip":"203.0.113.12","dest_port":59924,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:41:08.213471928Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:41:08.092659117Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01h","jsonPayload":{"bytes_sent":"76622","connection":{"dest_ip":"203.0.113.58","dest_port":65273,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.316930467Z","packets_sent":"599","reporter":"SRC","rtt_msec":"115","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.155378287Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t019","jsonPayload":{"bytes_sent":"42","connection":{"dest_ip":"10.73.186.17","dest_port":22,"protocol":6,"src_ip":"192.0.2.73","src_port":45224},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"infraops-docker-data","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:42:24.922448897Z","packets_sent":"5","reporter":"DEST","rtt_msec":"242","src_location":{"asn":4847,"city":"Beijing","continent":"Asia","country":"chn","region":"Beijing"},"start_time":"2019-06-14T03:42:23.705320616Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t016","jsonPayload":{"bytes_sent":"75263","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65277},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.316890309Z","packets_sent":"729","reporter":"DEST","rtt_msec":"95","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.760385211Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01c","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"198.51.100.107","dest_port":34646,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:48:10.529592195Z","packets_sent":"7","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:48:10.413494375Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01d","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":34646},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:48:10.529541195Z","packets_sent":"7","reporter":"DEST","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:48:10.413397239Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01g","jsonPayload":{"bytes_sent":"5044","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33876},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933154111Z","packets_sent":"87","reporter":"DEST","rtt_msec":"34","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466868771Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01l","jsonPayload":{"bytes_sent":"14132","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33574},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821056075Z","packets_sent":"91","reporter":"DEST","rtt_msec":"509","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.468484109Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01b","jsonPayload":{"bytes_sent":"151213","connection":{"dest_ip":"203.0.113.134","dest_port":33574,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821129119Z","packets_sent":"68","reporter":"SRC","rtt_msec":"509","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.468484109Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} diff --git a/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json b/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json new file mode 100644 index 00000000000..203a89dcd2e --- /dev/null +++ b/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json @@ -0,0 +1,5500 @@ +[ + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.12", + "destination.as.number": 15169, + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "203.0.113.12", + "destination.port": 33478, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:45:37.301953198Z", + "event.id": "ut8lbrffooxyw", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:45:37.186193305Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 0, + "network.bytes": 1776, + "network.community_id": "1:Eav+HA4T0zQk7MDzMdHH6Hhsx2A=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "203.0.113.12" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 1776, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 7, + "source.port": 5601 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 33970, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:51.821302149Z", + "event.id": "ut8lbrffooxzb", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:08.466657665Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 1, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 934, + "network.bytes": 173663, + "network.community_id": "1:e5cZeUPf9fWSqRY+SUSG302spGE=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 68, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.248", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "198.51.100.248", + "source.as.number": 15169, + "source.bytes": 173663, + "source.domain": "elasticsearch", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "198.51.100.248", + "source.packets": 68, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.134", + "destination.as.number": 15169, + "destination.domain": "kibana", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "203.0.113.134", + "destination.port": 33576, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:51.821143836Z", + "event.id": "ut8lbrffooxze", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:20.510622432Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 201, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 2084, + "network.bytes": 155707, + "network.community_id": "1:06oSJgliwJ21tZTkobvsHx/M+Pc=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 78, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.139.99.242", + "203.0.113.134" + ], + "service.type": "googlecloud", + "source.address": "10.139.99.242", + "source.bytes": 155707, + "source.domain": "elasticsearch", + "source.ip": "10.139.99.242", + "source.packets": 78, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "192.0.2.23", + "destination.as.number": 49505, + "destination.geo.city_name": "Saint Petersburg", + "destination.geo.continent_name": "Europe", + "destination.geo.country_name": "rus", + "destination.geo.region_name": "Saint Petersburg", + "destination.ip": "192.0.2.23", + "destination.port": 59679, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:40:46.031032701Z", + "event.id": "ut8lbrffooxyz", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:45.860349247Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 3237, + "network.bytes": 0, + "network.community_id": "1:E803d6gSw9j7F6zoCo0Ka6fb9Iw=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.139.99.242", + "192.0.2.23" + ], + "service.type": "googlecloud", + "source.address": "10.139.99.242", + "source.bytes": 0, + "source.domain": "elasticsearch", + "source.ip": "10.139.99.242", + "source.packets": 1, + "source.port": 22 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "192.0.2.117", + "destination.as.number": 15169, + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "192.0.2.117", + "destination.port": 50646, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:40:37.048196137Z", + "event.id": "ut8lbrffooxz6", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:36.895188084Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 4210, + "network.bytes": 1784, + "network.community_id": "1:IPqv9ifIl7xO904fG0KpG1HbMz8=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "192.0.2.117" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 1784, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 7, + "source.port": 5601 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 5601, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:40:37.048196137Z", + "event.id": "ut8lbrffooxzf", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:36.895188084Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 5143, + "network.bytes": 1464, + "network.community_id": "1:IPqv9ifIl7xO904fG0KpG1HbMz8=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.117", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "192.0.2.117", + "source.as.number": 15169, + "source.bytes": 1464, + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "192.0.2.117", + "source.packets": 7, + "source.port": 50646 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 33692, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.565287007Z", + "event.id": "ut8lbrffooxz1", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:39:59.500498059Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 1, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 6078, + "network.bytes": 186151, + "network.community_id": "1:yZywQ4jpdohOQ9684uKWIPHHP4Y=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 251, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.248", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "198.51.100.248", + "source.as.number": 15169, + "source.bytes": 186151, + "source.domain": "elasticsearch", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "198.51.100.248", + "source.packets": 251, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "198.51.100.248", + "destination.as.number": 15169, + "destination.domain": "elasticsearch", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "198.51.100.248", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:51.821308944Z", + "event.id": "ut8lbrffooxyp", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:08.469099728Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 3, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 7229, + "network.bytes": 15169, + "network.community_id": "1:Ee5EHtJfWgzMQEQZSyTFAwZbgus=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 92, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "198.51.100.248" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 15169, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 92, + "source.port": 33880 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 33554, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.565311154Z", + "event.id": "ut8lbrffooxzd", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:39:59.500506974Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 1, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 8378, + "network.bytes": 250864, + "network.community_id": "1:9htI9XhB+GFEM8rmtAiskiLz++Y=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 247, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.248", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "198.51.100.248", + "source.as.number": 15169, + "source.bytes": 250864, + "source.domain": "elasticsearch", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "198.51.100.248", + "source.packets": 247, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 33880, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:51.821308944Z", + "event.id": "ut8lbrffooxz8", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:08.469099728Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 3, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 9529, + "network.bytes": 167939, + "network.community_id": "1:Ee5EHtJfWgzMQEQZSyTFAwZbgus=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 63, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.248", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "198.51.100.248", + "source.as.number": 15169, + "source.bytes": 167939, + "source.domain": "elasticsearch", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "198.51.100.248", + "source.packets": 63, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.139.99.242", + "destination.domain": "elasticsearch", + "destination.ip": "10.139.99.242", + "destination.port": 22, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:40:46.031032701Z", + "event.id": "ut8lbrffooxyt", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:45.860349247Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 10679, + "network.bytes": 0, + "network.community_id": "1:E803d6gSw9j7F6zoCo0Ka6fb9Iw=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 3, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.23", + "10.139.99.242" + ], + "service.type": "googlecloud", + "source.address": "192.0.2.23", + "source.as.number": 49505, + "source.bytes": 0, + "source.geo.city_name": "Saint Petersburg", + "source.geo.continent_name": "Europe", + "source.geo.country_name": "rus", + "source.geo.region_name": "Saint Petersburg", + "source.ip": "192.0.2.23", + "source.packets": 3, + "source.port": 59679 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.139.99.242", + "destination.domain": "elasticsearch", + "destination.ip": "10.139.99.242", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:51.821056075Z", + "event.id": "ut8lbrffooxz5", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:20.510622432Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 201, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 11654, + "network.bytes": 11773, + "network.community_id": "1:06oSJgliwJ21tZTkobvsHx/M+Pc=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 94, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.134", + "10.139.99.242" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.134", + "source.as.number": 15169, + "source.bytes": 11773, + "source.domain": "kibana", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "203.0.113.134", + "source.packets": 94, + "source.port": 33576 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.139.99.242", + "destination.domain": "elasticsearch", + "destination.ip": "10.139.99.242", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:56.393910944Z", + "event.id": "ut8lbrffooxza", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:01.074897435Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 192, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 12806, + "network.bytes": 65699, + "network.community_id": "1:oDThWwe999DZ+ToL+uXcjZRio7c=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 356, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.134", + "10.139.99.242" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.134", + "source.as.number": 15169, + "source.bytes": 65699, + "source.domain": "kibana", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "203.0.113.134", + "source.packets": 356, + "source.port": 33562 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "198.51.100.248", + "destination.as.number": 15169, + "destination.domain": "elasticsearch", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "198.51.100.248", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.565287007Z", + "event.id": "ut8lbrffooxyq", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:39:59.500498059Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 1, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 13959, + "network.bytes": 66029, + "network.community_id": "1:yZywQ4jpdohOQ9684uKWIPHHP4Y=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 361, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "198.51.100.248" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 66029, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 361, + "source.port": 33692 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "198.51.100.248", + "destination.as.number": 15169, + "destination.domain": "elasticsearch", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "198.51.100.248", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.565272745Z", + "event.id": "ut8lbrffooxz2", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:08.150720950Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 1, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 15109, + "network.bytes": 65154, + "network.community_id": "1:orgrC+fuNweNF7YN8VWuWIAnY80=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 360, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "198.51.100.248" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 65154, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 360, + "source.port": 33542 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "198.51.100.248", + "destination.as.number": 15169, + "destination.domain": "elasticsearch", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "198.51.100.248", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:51.821302149Z", + "event.id": "ut8lbrffooxyo", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:08.466657665Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 1, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 16259, + "network.bytes": 13643, + "network.community_id": "1:e5cZeUPf9fWSqRY+SUSG302spGE=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 99, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "198.51.100.248" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 13643, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 99, + "source.port": 33970 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.49.136.133", + "destination.domain": "simianhacker-demo", + "destination.ip": "10.49.136.133", + "destination.port": 46864, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:29.432367659Z", + "event.id": "ut8lbrffooxzc", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:17.343890802Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 17408, + "network.bytes": 34509840, + "network.community_id": "1:Y9ynsBV313F1oc4DGZ0sYBcNoQA=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 8690, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.93", + "10.49.136.133" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.93", + "source.bytes": 34509840, + "source.ip": "203.0.113.93", + "source.packets": 8690, + "source.port": 9243 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 5601, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:48:39.076420731Z", + "event.id": "ut8lbrffooxz7", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:48:38.961050187Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 18297, + "network.bytes": 1467, + "network.community_id": "1:LQLr5Clnxf10OYhT92IBepyH/y0=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.12", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.12", + "source.as.number": 15169, + "source.bytes": 1467, + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "203.0.113.12", + "source.packets": 7, + "source.port": 34836 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "198.51.100.248", + "destination.as.number": 15169, + "destination.domain": "elasticsearch", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "198.51.100.248", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.565311154Z", + "event.id": "ut8lbrffooxyu", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:39:59.500506974Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 1, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 19233, + "network.bytes": 63671, + "network.community_id": "1:9htI9XhB+GFEM8rmtAiskiLz++Y=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 367, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "198.51.100.248" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 63671, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 367, + "source.port": 33554 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.58", + "destination.as.number": 33652, + "destination.geo.city_name": "Broomfield", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.geo.region_name": "Colorado", + "destination.ip": "203.0.113.58", + "destination.port": 65320, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:56.220714119Z", + "event.id": "ut8lbrffooxyv", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:00.560917237Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 220, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 20383, + "network.bytes": 51075, + "network.community_id": "1:aNFZC/smfQa37MQsZfMmP5cD6PE=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 608, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.139.99.242", + "203.0.113.58" + ], + "service.type": "googlecloud", + "source.address": "10.139.99.242", + "source.bytes": 51075, + "source.domain": "elasticsearch", + "source.ip": "10.139.99.242", + "source.packets": 608, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.134", + "destination.as.number": 15169, + "destination.domain": "kibana", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "203.0.113.134", + "destination.port": 33562, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:56.393910944Z", + "event.id": "ut8lbrffooxz0", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:01.074897435Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 192, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 21370, + "network.bytes": 197840, + "network.community_id": "1:oDThWwe999DZ+ToL+uXcjZRio7c=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 258, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.139.99.242", + "203.0.113.134" + ], + "service.type": "googlecloud", + "source.address": "10.139.99.242", + "source.bytes": 197840, + "source.domain": "elasticsearch", + "source.ip": "10.139.99.242", + "source.packets": 258, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.93", + "destination.ip": "203.0.113.93", + "destination.port": 9243, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:58.716492806Z", + "event.id": "ut8lbrffooxys", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:17.306085222Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 22524, + "network.bytes": 173805495, + "network.community_id": "1:Y9ynsBV313F1oc4DGZ0sYBcNoQA=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 44438, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.49.136.133", + "203.0.113.93" + ], + "service.type": "googlecloud", + "source.address": "10.49.136.133", + "source.bytes": 173805495, + "source.domain": "simianhacker-demo", + "source.ip": "10.49.136.133", + "source.packets": 44438, + "source.port": 46864 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 5601, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:45:37.301953198Z", + "event.id": "ut8lbrffooxyx", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:45:37.186193305Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 23412, + "network.bytes": 1468, + "network.community_id": "1:Eav+HA4T0zQk7MDzMdHH6Hhsx2A=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.12", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.12", + "source.as.number": 15169, + "source.bytes": 1468, + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "203.0.113.12", + "source.packets": 7, + "source.port": 33478 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.134", + "destination.as.number": 15169, + "destination.domain": "kibana", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "203.0.113.134", + "destination.port": 33548, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:56.393651211Z", + "event.id": "ut8lbrffooxz4", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:05.147252064Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 50, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 24348, + "network.bytes": 159704, + "network.community_id": "1:komMvAI/1VsC7c9d9LuzM29I9NY=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 241, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.139.99.242", + "203.0.113.134" + ], + "service.type": "googlecloud", + "source.address": "10.139.99.242", + "source.bytes": 159704, + "source.domain": "elasticsearch", + "source.ip": "10.139.99.242", + "source.packets": 241, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.139.99.242", + "destination.domain": "elasticsearch", + "destination.ip": "10.139.99.242", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:56.220714119Z", + "event.id": "ut8lbrffooxz3", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:00.560917237Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 220, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 25501, + "network.bytes": 70775, + "network.community_id": "1:aNFZC/smfQa37MQsZfMmP5cD6PE=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 732, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.58", + "10.139.99.242" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.58", + "source.as.number": 33652, + "source.bytes": 70775, + "source.geo.city_name": "Broomfield", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.geo.region_name": "Colorado", + "source.ip": "203.0.113.58", + "source.packets": 732, + "source.port": 65320 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 33542, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.565272745Z", + "event.id": "ut8lbrffooxz9", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:08.150720950Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 1, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 26490, + "network.bytes": 281147, + "network.community_id": "1:orgrC+fuNweNF7YN8VWuWIAnY80=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 246, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.248", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "198.51.100.248", + "source.as.number": 15169, + "source.bytes": 281147, + "source.domain": "elasticsearch", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "198.51.100.248", + "source.packets": 246, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.139.99.242", + "destination.domain": "elasticsearch", + "destination.ip": "10.139.99.242", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:48.537763242Z", + "event.id": "ut8lbrffooxyr", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:05.147252064Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 50, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 27641, + "network.bytes": 63590, + "network.community_id": "1:komMvAI/1VsC7c9d9LuzM29I9NY=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 340, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.134", + "10.139.99.242" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.134", + "source.as.number": 15169, + "source.bytes": 63590, + "source.domain": "kibana", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "203.0.113.134", + "source.packets": 340, + "source.port": 33548 + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.12", + "destination.as.number": 15169, + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "203.0.113.12", + "destination.port": 34836, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:48:39.076420731Z", + "event.id": "ut8lbrffooxyy", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:48:38.961050187Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 28793, + "network.bytes": 1780, + "network.community_id": "1:LQLr5Clnxf10OYhT92IBepyH/y0=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "203.0.113.12" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 1780, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 7, + "source.port": 5601 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.139.99.242", + "destination.domain": "elasticsearch", + "destination.ip": "10.139.99.242", + "destination.port": 22, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:40:52.361155668Z", + "event.id": "1ulp77rfdvho4g", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:46.541094678Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 233, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 29727, + "network.bytes": 1239, + "network.community_id": "1:n2izIhQ6f30pRxm58NLCxNXryuI=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 18, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.165", + "10.139.99.242" + ], + "service.type": "googlecloud", + "source.address": "192.0.2.165", + "source.as.number": 45899, + "source.bytes": 1239, + "source.geo.city_name": "V\u0129nh Y\u00ean", + "source.geo.continent_name": "Asia", + "source.geo.country_name": "vnm", + "source.geo.region_name": "Vinh Phuc Province", + "source.ip": "192.0.2.165", + "source.packets": 18, + "source.port": 59623 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "198.51.100.248", + "destination.as.number": 15169, + "destination.domain": "elasticsearch", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "198.51.100.248", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:55.213244028Z", + "event.id": "1ulp77rfdvho5r", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:06.075811571Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 2, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 30719, + "network.bytes": 63853, + "network.community_id": "1:U8onVg/hApWe9WsWGFifAt6Xktg=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 363, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "198.51.100.248" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 63853, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 363, + "source.port": 33552 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 5601, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:46:20.745658276Z", + "event.id": "1ulp77rfdvho5k", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:46:20.634435179Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 31870, + "network.bytes": 1458, + "network.community_id": "1:ji6ZJhSkwxeKiorTmyrgBE0/o+c=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.107", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "198.51.100.107", + "source.as.number": 15169, + "source.bytes": 1458, + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "198.51.100.107", + "source.packets": 7, + "source.port": 33924 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.134", + "destination.as.number": 15169, + "destination.domain": "kibana", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "203.0.113.134", + "destination.port": 33534, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.597088427Z", + "event.id": "1ulp77rfdvho55", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:06.075942176Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 311, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 32809, + "network.bytes": 252397, + "network.community_id": "1:pYIEYHtraTMNgdi3XDEMGSH5LV4=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 260, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.139.99.242", + "203.0.113.134" + ], + "service.type": "googlecloud", + "source.address": "10.139.99.242", + "source.bytes": 252397, + "source.domain": "elasticsearch", + "source.ip": "10.139.99.242", + "source.packets": 260, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.134", + "destination.as.number": 15169, + "destination.domain": "kibana", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "203.0.113.134", + "destination.port": 33694, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.565117754Z", + "event.id": "1ulp77rfdvho60", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:05.566551903Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 216, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 33964, + "network.bytes": 205787, + "network.community_id": "1:vLK9hCfMg91TvjmTPfnw8bfG514=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 265, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.139.99.242", + "203.0.113.134" + ], + "service.type": "googlecloud", + "source.address": "10.139.99.242", + "source.bytes": 205787, + "source.domain": "elasticsearch", + "source.ip": "10.139.99.242", + "source.packets": 265, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.58", + "destination.as.number": 33652, + "destination.geo.city_name": "Broomfield", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.geo.region_name": "Colorado", + "destination.ip": "203.0.113.58", + "destination.port": 65263, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:56.220748025Z", + "event.id": "1ulp77rfdvho49", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:01.270990648Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 87, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 35119, + "network.bytes": 106409, + "network.community_id": "1:z1VfQro/CzS/3/Jcw7ACjDX47kM=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 607, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.139.99.242", + "203.0.113.58" + ], + "service.type": "googlecloud", + "source.address": "10.139.99.242", + "source.bytes": 106409, + "source.domain": "elasticsearch", + "source.ip": "10.139.99.242", + "source.packets": 607, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.139.99.242", + "destination.domain": "elasticsearch", + "destination.ip": "10.139.99.242", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.597088427Z", + "event.id": "1ulp77rfdvho4t", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:06.075942176Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 311, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 36107, + "network.bytes": 61242, + "network.community_id": "1:pYIEYHtraTMNgdi3XDEMGSH5LV4=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 356, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.134", + "10.139.99.242" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.134", + "source.as.number": 15169, + "source.bytes": 61242, + "source.domain": "kibana", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "203.0.113.134", + "source.packets": 356, + "source.port": 33534 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.101", + "destination.as.number": 15169, + "destination.domain": "siem-windows", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "203.0.113.101", + "destination.port": 49680, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:55.705469925Z", + "event.id": "1ulp77rfdvho68", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:39:59.711043814Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "windows-isolated", + "googlecloud.destination.vpc.vpc_name": "windows-isolated", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 113, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 37261, + "network.bytes": 248826, + "network.community_id": "1:o9OoB7tVAGCzWrss+96PmO6N0FI=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 735, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.139.99.242", + "203.0.113.101" + ], + "service.type": "googlecloud", + "source.address": "10.139.99.242", + "source.bytes": 248826, + "source.domain": "elasticsearch", + "source.ip": "10.139.99.242", + "source.packets": 735, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "192.0.2.117", + "destination.as.number": 15169, + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "192.0.2.117", + "destination.port": 33862, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:46:11.779780615Z", + "event.id": "1ulp77rfdvho5n", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:46:11.655143526Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 38440, + "network.bytes": 1777, + "network.community_id": "1:PNZTJG/Xqm+YMqKIui8nRXoLovE=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "192.0.2.117" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 1777, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 7, + "source.port": 5601 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.58", + "destination.as.number": 33652, + "destination.geo.city_name": "Broomfield", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.geo.region_name": "Colorado", + "destination.ip": "203.0.113.58", + "destination.port": 65321, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:56.312105537Z", + "event.id": "1ulp77rfdvho5l", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:39:59.843986502Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 219, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 39374, + "network.bytes": 116845, + "network.community_id": "1:bN6NKWS7CM7qV5T0FRSxEVoL53I=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 594, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.139.99.242", + "203.0.113.58" + ], + "service.type": "googlecloud", + "source.address": "10.139.99.242", + "source.bytes": 116845, + "source.domain": "elasticsearch", + "source.ip": "10.139.99.242", + "source.packets": 594, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.139.99.242", + "destination.domain": "elasticsearch", + "destination.ip": "10.139.99.242", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:56.461087350Z", + "event.id": "1ulp77rfdvho65", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:24.790136141Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 0, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 40363, + "network.bytes": 4614, + "network.community_id": "1:jUDducT3iKEBK6mG6FO1bbR/lzQ=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 58, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.134", + "10.139.99.242" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.134", + "source.as.number": 15169, + "source.bytes": 4614, + "source.domain": "kibana", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "203.0.113.134", + "source.packets": 58, + "source.port": 33524 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "192.0.2.177", + "destination.as.number": 15169, + "destination.domain": "suricata-iowa", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "192.0.2.177", + "destination.port": 60112, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:18.224268993Z", + "event.id": "1ulp77rfdvho4b", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:14.031541248Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 41513, + "network.bytes": 50379, + "network.community_id": "1:h6NgISKzvTiBXyH4aX48ebaiTiY=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 130, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.139.99.242", + "192.0.2.177" + ], + "service.type": "googlecloud", + "source.address": "10.139.99.242", + "source.bytes": 50379, + "source.domain": "elasticsearch", + "source.ip": "10.139.99.242", + "source.packets": 130, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 33552, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:55.213244028Z", + "event.id": "1ulp77rfdvho4m", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:06.075811571Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 2, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 42677, + "network.bytes": 200417, + "network.community_id": "1:U8onVg/hApWe9WsWGFifAt6Xktg=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 250, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.248", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "198.51.100.248", + "source.as.number": 15169, + "source.bytes": 200417, + "source.domain": "elasticsearch", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "198.51.100.248", + "source.packets": 250, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.134", + "destination.as.number": 15169, + "destination.domain": "kibana", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "203.0.113.134", + "destination.port": 33524, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:56.461087350Z", + "event.id": "1ulp77rfdvho5t", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:24.790136141Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 0, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 43829, + "network.bytes": 30233, + "network.community_id": "1:jUDducT3iKEBK6mG6FO1bbR/lzQ=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 37, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.139.99.242", + "203.0.113.134" + ], + "service.type": "googlecloud", + "source.address": "10.139.99.242", + "source.bytes": 30233, + "source.domain": "elasticsearch", + "source.ip": "10.139.99.242", + "source.packets": 37, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 33548, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.565451051Z", + "event.id": "1ulp77rfdvho50", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:05.147072949Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 1, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 44980, + "network.bytes": 160693, + "network.community_id": "1:jiDRQHDBdyhzib4qfhhB5Y0obik=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 237, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.248", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "198.51.100.248", + "source.as.number": 15169, + "source.bytes": 160693, + "source.domain": "elasticsearch", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "198.51.100.248", + "source.packets": 237, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.139.99.242", + "destination.domain": "elasticsearch", + "destination.ip": "10.139.99.242", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.565117754Z", + "event.id": "1ulp77rfdvho63", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:05.566551903Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 216, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 46132, + "network.bytes": 59903, + "network.community_id": "1:vLK9hCfMg91TvjmTPfnw8bfG514=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 353, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.134", + "10.139.99.242" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.134", + "source.as.number": 15169, + "source.bytes": 59903, + "source.domain": "kibana", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "203.0.113.134", + "source.packets": 353, + "source.port": 33694 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "198.51.100.107", + "destination.as.number": 15169, + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "198.51.100.107", + "destination.port": 33924, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:46:20.745658276Z", + "event.id": "1ulp77rfdvho4r", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:46:20.634545217Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 47286, + "network.bytes": 1780, + "network.community_id": "1:ji6ZJhSkwxeKiorTmyrgBE0/o+c=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "198.51.100.107" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 1780, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 7, + "source.port": 5601 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.58", + "destination.as.number": 33652, + "destination.geo.city_name": "Broomfield", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.geo.region_name": "Colorado", + "destination.ip": "203.0.113.58", + "destination.port": 65271, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:55.318940798Z", + "event.id": "1ulp77rfdvho4i", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:00.155378070Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 89, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 48223, + "network.bytes": 129335, + "network.community_id": "1:32epFp/pi9XGVYf8FMJ7jpc0AzI=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 605, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.139.99.242", + "203.0.113.58" + ], + "service.type": "googlecloud", + "source.address": "10.139.99.242", + "source.bytes": 129335, + "source.domain": "elasticsearch", + "source.ip": "10.139.99.242", + "source.packets": 605, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 5601, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:46:11.779780615Z", + "event.id": "1ulp77rfdvho5v", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:46:11.655143526Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 49211, + "network.bytes": 1464, + "network.community_id": "1:PNZTJG/Xqm+YMqKIui8nRXoLovE=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.117", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "192.0.2.117", + "source.as.number": 15169, + "source.bytes": 1464, + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "192.0.2.117", + "source.packets": 7, + "source.port": 33862 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.139.99.242", + "destination.domain": "elasticsearch", + "destination.ip": "10.139.99.242", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:56.312105537Z", + "event.id": "1ulp77rfdvho5i", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:39:59.843986502Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 219, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 50147, + "network.bytes": 75477, + "network.community_id": "1:bN6NKWS7CM7qV5T0FRSxEVoL53I=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 737, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.58", + "10.139.99.242" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.58", + "source.as.number": 33652, + "source.bytes": 75477, + "source.geo.city_name": "Broomfield", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.geo.region_name": "Colorado", + "source.ip": "203.0.113.58", + "source.packets": 737, + "source.port": 65321 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.58", + "destination.as.number": 33652, + "destination.geo.city_name": "Broomfield", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.geo.region_name": "Colorado", + "destination.ip": "203.0.113.58", + "destination.port": 65316, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:56.220838853Z", + "event.id": "1ulp77rfdvho5c", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:00.565831992Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 86, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 51137, + "network.bytes": 102119, + "network.community_id": "1:inMMyMxBckhL35Xh3+nNKgSc4qA=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 600, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.139.99.242", + "203.0.113.58" + ], + "service.type": "googlecloud", + "source.address": "10.139.99.242", + "source.bytes": 102119, + "source.domain": "elasticsearch", + "source.ip": "10.139.99.242", + "source.packets": 600, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.139.99.242", + "destination.domain": "elasticsearch", + "destination.ip": "10.139.99.242", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:55.705469925Z", + "event.id": "1ulp77rfdvho5p", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:39:59.711043814Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "windows-isolated", + "googlecloud.source.vpc.vpc_name": "windows-isolated", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 113, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 52125, + "network.bytes": 1541638, + "network.community_id": "1:o9OoB7tVAGCzWrss+96PmO6N0FI=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 949, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.101", + "10.139.99.242" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.101", + "source.as.number": 15169, + "source.bytes": 1541638, + "source.domain": "siem-windows", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "203.0.113.101", + "source.packets": 949, + "source.port": 49680 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.139.99.242", + "destination.domain": "elasticsearch", + "destination.ip": "10.139.99.242", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:18.224268993Z", + "event.id": "1ulp77rfdvho4y", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:14.031541248Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-central1", + "googlecloud.source.instance.zone": "us-central1-a", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 53305, + "network.bytes": 755901, + "network.community_id": "1:h6NgISKzvTiBXyH4aX48ebaiTiY=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 227, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.177", + "10.139.99.242" + ], + "service.type": "googlecloud", + "source.address": "192.0.2.177", + "source.as.number": 15169, + "source.bytes": 755901, + "source.domain": "suricata-iowa", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "192.0.2.177", + "source.packets": 227, + "source.port": 60112 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.134", + "destination.as.number": 15169, + "destination.domain": "kibana", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "203.0.113.134", + "destination.port": 33558, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:56.394676451Z", + "event.id": "1ulp77rfdvho4o", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:39:58.492572765Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 144, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 54470, + "network.bytes": 248715, + "network.community_id": "1:dH+LewCyUH2MeBfvw4hfqQCcruA=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 270, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.139.99.242", + "203.0.113.134" + ], + "service.type": "googlecloud", + "source.address": "10.139.99.242", + "source.bytes": 248715, + "source.domain": "elasticsearch", + "source.ip": "10.139.99.242", + "source.packets": 270, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.139.99.242", + "destination.domain": "elasticsearch", + "destination.ip": "10.139.99.242", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:56.220838853Z", + "event.id": "1ulp77rfdvho5g", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:00.565831992Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 86, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 55625, + "network.bytes": 69757, + "network.community_id": "1:inMMyMxBckhL35Xh3+nNKgSc4qA=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 709, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.58", + "10.139.99.242" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.58", + "source.as.number": 33652, + "source.bytes": 69757, + "source.geo.city_name": "Broomfield", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.geo.region_name": "Colorado", + "source.ip": "203.0.113.58", + "source.packets": 709, + "source.port": 65316 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.139.99.242", + "destination.domain": "elasticsearch", + "destination.ip": "10.139.99.242", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:56.220748025Z", + "event.id": "1ulp77rfdvho59", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:01.270990648Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 87, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 56614, + "network.bytes": 69440, + "network.community_id": "1:z1VfQro/CzS/3/Jcw7ACjDX47kM=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 728, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.58", + "10.139.99.242" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.58", + "source.as.number": 33652, + "source.bytes": 69440, + "source.geo.city_name": "Broomfield", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.geo.region_name": "Colorado", + "source.ip": "203.0.113.58", + "source.packets": 728, + "source.port": 65263 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 5601, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:40:20.569744903Z", + "event.id": "1ulp77rfdvho57", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:20.454046087Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 57603, + "network.bytes": 1457, + "network.community_id": "1:W4ijXBQBwNbGcf7z2YuONE7/Z8I=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.117", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "192.0.2.117", + "source.as.number": 15169, + "source.bytes": 1457, + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "192.0.2.117", + "source.packets": 7, + "source.port": 50438 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "192.0.2.117", + "destination.as.number": 15169, + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "192.0.2.117", + "destination.port": 50438, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:40:20.569744903Z", + "event.id": "1ulp77rfdvho5e", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:20.454046087Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 58539, + "network.bytes": 1784, + "network.community_id": "1:W4ijXBQBwNbGcf7z2YuONE7/Z8I=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "192.0.2.117" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 1784, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 7, + "source.port": 5601 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "192.0.2.165", + "destination.as.number": 45899, + "destination.geo.city_name": "V\u0129nh Y\u00ean", + "destination.geo.continent_name": "Asia", + "destination.geo.country_name": "vnm", + "destination.geo.region_name": "Vinh Phuc Province", + "destination.ip": "192.0.2.165", + "destination.port": 59623, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:40:52.361155668Z", + "event.id": "1ulp77rfdvho4d", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:46.541094678Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 233, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 59473, + "network.bytes": 2395, + "network.community_id": "1:n2izIhQ6f30pRxm58NLCxNXryuI=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 11, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.139.99.242", + "192.0.2.165" + ], + "service.type": "googlecloud", + "source.address": "10.139.99.242", + "source.bytes": 2395, + "source.domain": "elasticsearch", + "source.ip": "10.139.99.242", + "source.packets": 11, + "source.port": 22 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.139.99.242", + "destination.domain": "elasticsearch", + "destination.ip": "10.139.99.242", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:48.538257098Z", + "event.id": "1ulp77rfdvho5y", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:39:58.492572765Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 144, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 60463, + "network.bytes": 60335, + "network.community_id": "1:dH+LewCyUH2MeBfvw4hfqQCcruA=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 353, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.134", + "10.139.99.242" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.134", + "source.as.number": 15169, + "source.bytes": 60335, + "source.domain": "kibana", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "203.0.113.134", + "source.packets": 353, + "source.port": 33558 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "198.51.100.248", + "destination.as.number": 15169, + "destination.domain": "elasticsearch", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "198.51.100.248", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.565451051Z", + "event.id": "1ulp77rfdvho6a", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:05.147072949Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 1, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 61617, + "network.bytes": 65565, + "network.community_id": "1:jiDRQHDBdyhzib4qfhhB5Y0obik=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 354, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "198.51.100.248" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 65565, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 354, + "source.port": 33548 + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.139.99.242", + "destination.domain": "elasticsearch", + "destination.ip": "10.139.99.242", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:55.318940798Z", + "event.id": "1ulp77rfdvho4v", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:00.155378070Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 89, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 62768, + "network.bytes": 70174, + "network.community_id": "1:32epFp/pi9XGVYf8FMJ7jpc0AzI=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 717, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.58", + "10.139.99.242" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.58", + "source.as.number": 33652, + "source.bytes": 70174, + "source.geo.city_name": "Broomfield", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.geo.region_name": "Colorado", + "source.ip": "203.0.113.58", + "source.packets": 717, + "source.port": 65271 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 5601, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:46:51.355687385Z", + "event.id": "bnj3cofh3cdk1", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:46:51.237256499Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 63757, + "network.bytes": 1461, + "network.community_id": "1:bh7TlqiDrY8ste65CJNAKtfwOT0=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.12", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.12", + "source.as.number": 15169, + "source.bytes": 1461, + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "203.0.113.12", + "source.packets": 7, + "source.port": 34178 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 5601, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:45:51.090104692Z", + "event.id": "bnj3cofh3cdjx", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:45:50.954948790Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 64693, + "network.bytes": 1460, + "network.community_id": "1:+QA68gzvBX6Rs13KKi5Sm666UiU=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.107", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "198.51.100.107", + "source.as.number": 15169, + "source.bytes": 1460, + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "198.51.100.107", + "source.packets": 7, + "source.port": 33602 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.139.99.242", + "destination.domain": "elasticsearch", + "destination.ip": "10.139.99.242", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.565131125Z", + "event.id": "bnj3cofh3cdju", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:02.143837873Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 224, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 65631, + "network.bytes": 66736, + "network.community_id": "1:BbRNTmVcGaqf/baRzluKDpJAprQ=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 366, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.134", + "10.139.99.242" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.134", + "source.as.number": 15169, + "source.bytes": 66736, + "source.domain": "kibana", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "203.0.113.134", + "source.packets": 366, + "source.port": 33554 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "198.51.100.107", + "destination.as.number": 15169, + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "198.51.100.107", + "destination.port": 33602, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:45:51.090104692Z", + "event.id": "bnj3cofh3cdjz", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:45:50.954948790Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 66784, + "network.bytes": 1776, + "network.community_id": "1:+QA68gzvBX6Rs13KKi5Sm666UiU=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "198.51.100.107" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 1776, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 7, + "source.port": 5601 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 5601, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:42:40.888804332Z", + "event.id": "bnj3cofh3cdkk", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:42:40.779893091Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 67720, + "network.bytes": 1464, + "network.community_id": "1:x8E1sBwJRB/brRn7+TWuuDv6Seg=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.27", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.27", + "source.as.number": 15169, + "source.bytes": 1464, + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "203.0.113.27", + "source.packets": 7, + "source.port": 52454 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 33534, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.597279654Z", + "event.id": "bnj3cofh3cdk0", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:06.075756033Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 2, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 68656, + "network.bytes": 259510, + "network.community_id": "1:kmlKCdqw/+vcFaSeBx9hVkJjnAE=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 251, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.248", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "198.51.100.248", + "source.as.number": 15169, + "source.bytes": 259510, + "source.domain": "elasticsearch", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "198.51.100.248", + "source.packets": 251, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.27", + "destination.as.number": 15169, + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "203.0.113.27", + "destination.port": 52260, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:42:11.183868408Z", + "event.id": "bnj3cofh3cdk8", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:42:11.063146265Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 69807, + "network.bytes": 1781, + "network.community_id": "1:MlFaFjbkXS6KKyiSbXcNDQJbn8U=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "203.0.113.27" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 1781, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 7, + "source.port": 5601 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "198.51.100.248", + "destination.as.number": 15169, + "destination.domain": "elasticsearch", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "198.51.100.248", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.565300944Z", + "event.id": "bnj3cofh3cdkp", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:00.140119099Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 1, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 70741, + "network.bytes": 65069, + "network.community_id": "1:ZvwQ2j/3ZuFaLSX6WH5V4iy9utU=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 361, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "198.51.100.248" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 65069, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 361, + "source.port": 33530 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "198.51.100.248", + "destination.as.number": 15169, + "destination.domain": "elasticsearch", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "198.51.100.248", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.565335113Z", + "event.id": "bnj3cofh3cdkc", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:39:59.500498059Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 15, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 71891, + "network.bytes": 60530, + "network.community_id": "1:88xKud9UZj+uL0CBL+jvBleTFIk=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 366, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "198.51.100.248" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 60530, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 366, + "source.port": 33556 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.139.99.242", + "destination.domain": "elasticsearch", + "destination.ip": "10.139.99.242", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:51.821047175Z", + "event.id": "bnj3cofh3cdkm", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:08.469473010Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 230, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 73042, + "network.bytes": 11384, + "network.community_id": "1:W60ErjE9kT0Dm5xlbB8kttSgelA=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 86, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.134", + "10.139.99.242" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.134", + "source.as.number": 15169, + "source.bytes": 11384, + "source.domain": "kibana", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "203.0.113.134", + "source.packets": 86, + "source.port": 33570 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.134", + "destination.as.number": 15169, + "destination.domain": "kibana", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "203.0.113.134", + "destination.port": 33554, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.565131125Z", + "event.id": "bnj3cofh3cdjy", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:02.143837873Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 224, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 74194, + "network.bytes": 272063, + "network.community_id": "1:BbRNTmVcGaqf/baRzluKDpJAprQ=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 247, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.139.99.242", + "203.0.113.134" + ], + "service.type": "googlecloud", + "source.address": "10.139.99.242", + "source.bytes": 272063, + "source.domain": "elasticsearch", + "source.ip": "10.139.99.242", + "source.packets": 247, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.27", + "destination.as.number": 15169, + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "203.0.113.27", + "destination.port": 53706, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:43:50.822333871Z", + "event.id": "bnj3cofh3cdjv", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:43:50.703302550Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 43, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 75348, + "network.bytes": 1791, + "network.community_id": "1:0BGh5oABRy6JrttDfTSBw1iBDW4=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "203.0.113.27" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 1791, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 7, + "source.port": 5601 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.139.99.242", + "destination.domain": "elasticsearch", + "destination.ip": "10.139.99.242", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:51.789039435Z", + "event.id": "bnj3cofh3cdkh", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:08.458515996Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 253, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 76282, + "network.bytes": 18295, + "network.community_id": "1:DXSnxcLrDyftjOc5jFhwTKkshsM=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 118, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.134", + "10.139.99.242" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.134", + "source.as.number": 15169, + "source.bytes": 18295, + "source.domain": "kibana", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "203.0.113.134", + "source.packets": 118, + "source.port": 33858 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 5601, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:44:40.243022993Z", + "event.id": "bnj3cofh3cdkg", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:44:40.125336665Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 77435, + "network.bytes": 1467, + "network.community_id": "1:aT1tuR31uByuIcuxfCbs1kvMBMA=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.107", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "198.51.100.107", + "source.as.number": 15169, + "source.bytes": 1467, + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "198.51.100.107", + "source.packets": 7, + "source.port": 33064 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 33556, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.565335113Z", + "event.id": "bnj3cofh3cdk7", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:39:59.500498059Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 15, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 78373, + "network.bytes": 165290, + "network.community_id": "1:88xKud9UZj+uL0CBL+jvBleTFIk=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 251, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.248", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "198.51.100.248", + "source.as.number": 15169, + "source.bytes": 165290, + "source.domain": "elasticsearch", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "198.51.100.248", + "source.packets": 251, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 5601, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:43:50.822333871Z", + "event.id": "bnj3cofh3cdk9", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:43:50.703302550Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 43, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 79525, + "network.bytes": 1458, + "network.community_id": "1:0BGh5oABRy6JrttDfTSBw1iBDW4=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.27", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.27", + "source.as.number": 15169, + "source.bytes": 1458, + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "203.0.113.27", + "source.packets": 7, + "source.port": 53706 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 5601, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:42:11.183868408Z", + "event.id": "bnj3cofh3cdkj", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:42:11.063146265Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 80461, + "network.bytes": 1464, + "network.community_id": "1:MlFaFjbkXS6KKyiSbXcNDQJbn8U=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.27", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.27", + "source.as.number": 15169, + "source.bytes": 1464, + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "203.0.113.27", + "source.packets": 7, + "source.port": 52260 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.27", + "destination.as.number": 15169, + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "203.0.113.27", + "destination.port": 34090, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:46:37.827345444Z", + "event.id": "bnj3cofh3cdki", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:46:37.712749588Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 81397, + "network.bytes": 1780, + "network.community_id": "1:Tx2SSXIplYZjqzTurpvVWc2USh0=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "203.0.113.27" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 1780, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 7, + "source.port": 5601 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.12", + "destination.as.number": 15169, + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "203.0.113.12", + "destination.port": 34178, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:46:51.355687385Z", + "event.id": "bnj3cofh3cdkd", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:46:51.237256499Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 82331, + "network.bytes": 1780, + "network.community_id": "1:bh7TlqiDrY8ste65CJNAKtfwOT0=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "203.0.113.12" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 1780, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 7, + "source.port": 5601 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "198.51.100.107", + "destination.as.number": 15169, + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "198.51.100.107", + "destination.port": 33064, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:44:40.243022993Z", + "event.id": "bnj3cofh3cdjw", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:44:40.125336665Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 83265, + "network.bytes": 1776, + "network.community_id": "1:aT1tuR31uByuIcuxfCbs1kvMBMA=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "198.51.100.107" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 1776, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 7, + "source.port": 5601 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 5601, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:48:50.757255245Z", + "event.id": "bnj3cofh3cdk3", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:48:50.642206049Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 84201, + "network.bytes": 1461, + "network.community_id": "1:jbQzsE/elxbdsdcfLH3Z+WY7yoA=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.107", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "198.51.100.107", + "source.as.number": 15169, + "source.bytes": 1461, + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "198.51.100.107", + "source.packets": 7, + "source.port": 34906 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.12", + "destination.as.number": 15169, + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "203.0.113.12", + "destination.port": 58216, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:36.982303071Z", + "event.id": "bnj3cofh3cdkb", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:49:36.865198297Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 85139, + "network.bytes": 1781, + "network.community_id": "1:5iAZA+PYVbiwpnPFNQCxKlsIp60=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "203.0.113.12" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 1781, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 7, + "source.port": 5601 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "198.51.100.248", + "destination.as.number": 15169, + "destination.domain": "elasticsearch", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "198.51.100.248", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.597279654Z", + "event.id": "bnj3cofh3cdk4", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:06.075756033Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 2, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 86073, + "network.bytes": 60222, + "network.community_id": "1:kmlKCdqw/+vcFaSeBx9hVkJjnAE=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 361, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "198.51.100.248" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 60222, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 361, + "source.port": 33534 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "198.51.100.248", + "destination.as.number": 15169, + "destination.domain": "elasticsearch", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "198.51.100.248", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.565335113Z", + "event.id": "bnj3cofh3cdkf", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:39:59.500418290Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 16, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 87223, + "network.bytes": 61810, + "network.community_id": "1:8Fb+m/uf2rxjkmtxbzg2YY6RXUU=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 358, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "198.51.100.248" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 61810, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 358, + "source.port": 33510 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 5601, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:36.982303071Z", + "event.id": "bnj3cofh3cdkl", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:49:36.865198297Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 88374, + "network.bytes": 1467, + "network.community_id": "1:5iAZA+PYVbiwpnPFNQCxKlsIp60=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.12", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.12", + "source.as.number": 15169, + "source.bytes": 1467, + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "203.0.113.12", + "source.packets": 7, + "source.port": 58216 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 33510, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.565335113Z", + "event.id": "bnj3cofh3cdk2", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:39:59.500418290Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 16, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 89310, + "network.bytes": 136558, + "network.community_id": "1:8Fb+m/uf2rxjkmtxbzg2YY6RXUU=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 243, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.248", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "198.51.100.248", + "source.as.number": 15169, + "source.bytes": 136558, + "source.domain": "elasticsearch", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "198.51.100.248", + "source.packets": 243, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "198.51.100.107", + "destination.as.number": 15169, + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "198.51.100.107", + "destination.port": 34906, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:48:50.757255245Z", + "event.id": "bnj3cofh3cdko", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:48:50.642206049Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 90462, + "network.bytes": 1781, + "network.community_id": "1:jbQzsE/elxbdsdcfLH3Z+WY7yoA=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "198.51.100.107" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 1781, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 7, + "source.port": 5601 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.27", + "destination.as.number": 15169, + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "203.0.113.27", + "destination.port": 52454, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:42:40.888804332Z", + "event.id": "bnj3cofh3cdke", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:42:40.779893091Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 91398, + "network.bytes": 1781, + "network.community_id": "1:x8E1sBwJRB/brRn7+TWuuDv6Seg=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.87.40.76", + "203.0.113.27" + ], + "service.type": "googlecloud", + "source.address": "10.87.40.76", + "source.bytes": 1781, + "source.domain": "kibana", + "source.ip": "10.87.40.76", + "source.packets": 7, + "source.port": 5601 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 5601, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:46:37.827345444Z", + "event.id": "bnj3cofh3cdka", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:46:37.712749588Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 92332, + "network.bytes": 1467, + "network.community_id": "1:Tx2SSXIplYZjqzTurpvVWc2USh0=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.27", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.27", + "source.as.number": 15169, + "source.bytes": 1467, + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "203.0.113.27", + "source.packets": 7, + "source.port": 34090 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 33530, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.565300944Z", + "event.id": "bnj3cofh3cdkn", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:00.140119099Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 1, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 93268, + "network.bytes": 170396, + "network.community_id": "1:ZvwQ2j/3ZuFaLSX6WH5V4iy9utU=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 246, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.248", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "198.51.100.248", + "source.as.number": 15169, + "source.bytes": 170396, + "source.domain": "elasticsearch", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "198.51.100.248", + "source.packets": 246, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.134", + "destination.as.number": 15169, + "destination.domain": "kibana", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "203.0.113.134", + "destination.port": 33570, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:51.821129119Z", + "event.id": "bnj3cofh3cdk5", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:08.469473010Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 230, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 94419, + "network.bytes": 171610, + "network.community_id": "1:W60ErjE9kT0Dm5xlbB8kttSgelA=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 71, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.139.99.242", + "203.0.113.134" + ], + "service.type": "googlecloud", + "source.address": "10.139.99.242", + "source.bytes": 171610, + "source.domain": "elasticsearch", + "source.ip": "10.139.99.242", + "source.packets": 71, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.134", + "destination.as.number": 15169, + "destination.domain": "kibana", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "203.0.113.134", + "destination.port": 33858, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:37.933164456Z", + "event.id": "bnj3cofh3cdk6", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:08.458515996Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 253, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 95572, + "network.bytes": 15186, + "network.community_id": "1:DXSnxcLrDyftjOc5jFhwTKkshsM=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 75, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.139.99.242", + "203.0.113.134" + ], + "service.type": "googlecloud", + "source.address": "10.139.99.242", + "source.bytes": 15186, + "source.domain": "elasticsearch", + "source.ip": "10.139.99.242", + "source.packets": 75, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.134", + "destination.as.number": 15169, + "destination.domain": "kibana", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "203.0.113.134", + "destination.port": 33590, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.565116665Z", + "event.id": "y4wffpfk2ero3", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:05.147151100Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 109, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 96724, + "network.bytes": 208416, + "network.community_id": "1:LSB085+2dyGfQIXV+wF0qEVVBbM=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 249, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.139.99.242", + "203.0.113.134" + ], + "service.type": "googlecloud", + "source.address": "10.139.99.242", + "source.bytes": 208416, + "source.domain": "elasticsearch", + "source.ip": "10.139.99.242", + "source.packets": 249, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "192.0.2.177", + "destination.as.number": 15169, + "destination.domain": "suricata-iowa", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "192.0.2.177", + "destination.port": 60108, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:54.108975753Z", + "event.id": "y4wffpfk2eroh", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:00.762958327Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 97878, + "network.bytes": 90977, + "network.community_id": "1:kjDd+NEFkosMxZFp790k2Cervw4=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 357, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.139.99.242", + "192.0.2.177" + ], + "service.type": "googlecloud", + "source.address": "10.139.99.242", + "source.bytes": 90977, + "source.domain": "elasticsearch", + "source.ip": "10.139.99.242", + "source.packets": 357, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.134", + "destination.as.number": 15169, + "destination.domain": "kibana", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "203.0.113.134", + "destination.port": 33536, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.565156020Z", + "event.id": "y4wffpfk2erom", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:08.150481417Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 194, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 99041, + "network.bytes": 187301, + "network.community_id": "1:c/u5Mg/PGR6riBWo0YXGpZWs3cI=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 242, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.139.99.242", + "203.0.113.134" + ], + "service.type": "googlecloud", + "source.address": "10.139.99.242", + "source.bytes": 187301, + "source.domain": "elasticsearch", + "source.ip": "10.139.99.242", + "source.packets": 242, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.87.40.76", + "destination.domain": "kibana", + "destination.ip": "10.87.40.76", + "destination.port": 33560, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.565287007Z", + "event.id": "y4wffpfk2ero9", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:06.075859688Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 11, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 100195, + "network.bytes": 139106, + "network.community_id": "1:daatd5jK/QqBAjEYb64ySmXIcOU=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 244, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.248", + "10.87.40.76" + ], + "service.type": "googlecloud", + "source.address": "198.51.100.248", + "source.as.number": 15169, + "source.bytes": 139106, + "source.domain": "elasticsearch", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "198.51.100.248", + "source.packets": 244, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.139.99.242", + "destination.domain": "elasticsearch", + "destination.ip": "10.139.99.242", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:54.108975753Z", + "event.id": "y4wffpfk2erog", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:00.762958327Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-central1", + "googlecloud.source.instance.zone": "us-central1-a", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 101347, + "network.bytes": 1733360, + "network.community_id": "1:kjDd+NEFkosMxZFp790k2Cervw4=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 708, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.177", + "10.139.99.242" + ], + "service.type": "googlecloud", + "source.address": "192.0.2.177", + "source.as.number": 15169, + "source.bytes": 1733360, + "source.domain": "suricata-iowa", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "192.0.2.177", + "source.packets": 708, + "source.port": 60108 + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "203.0.113.134", + "destination.as.number": 15169, + "destination.domain": "kibana", + "destination.geo.continent_name": "America", + "destination.geo.country_name": "usa", + "destination.ip": "203.0.113.134", + "destination.port": 33874, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:37.933099658Z", + "event.id": "y4wffpfk2ero7", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:20.513551480Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 142, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 102512, + "network.bytes": 149157, + "network.community_id": "1:5AIfpIZXAUHToCeVBhXgBuugIac=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 74, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.139.99.242", + "203.0.113.134" + ], + "service.type": "googlecloud", + "source.address": "10.139.99.242", + "source.bytes": 149157, + "source.domain": "elasticsearch", + "source.ip": "10.139.99.242", + "source.packets": 74, + "source.port": 9200 + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.139.99.242", + "destination.domain": "elasticsearch", + "destination.ip": "10.139.99.242", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:37.965119632Z", + "event.id": "y4wffpfk2eroe", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:08.480430427Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 201, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 103665, + "network.bytes": 11108, + "network.community_id": "1:dMHgvk8guroE0eXkr19X6xQ6X24=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 95, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.134", + "10.139.99.242" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.134", + "source.as.number": 15169, + "source.bytes": 11108, + "source.domain": "kibana", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "203.0.113.134", + "source.packets": 95, + "source.port": 33968 + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", + "cloud.availability_zone": "us-east1-b", + "cloud.project.id": "my-sample-project", + "cloud.region": "us-east1", + "destination.address": "10.139.99.242", + "destination.domain": "elasticsearch", + "destination.ip": "10.139.99.242", + "destination.port": 9200, + "event.category": "network", + "event.dataset": "googlecloud.vpcflow", + "event.end": "2019-06-14T03:49:59.565116665Z", + "event.id": "y4wffpfk2eroa", + "event.kind": "event", + "event.module": "googlecloud", + "event.start": "2019-06-14T03:40:05.147151100Z", + "event.type": "connection", + "fileset.name": "vpcflow", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 109, + "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", + "log.offset": 104817, + "network.bytes": 67337, + "network.community_id": "1:LSB085+2dyGfQIXV+wF0qEVVBbM=", + "network.direction": "internal", + "network.iana_number": "6", + "network.name": "default", + "network.packets": 351, + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.134", + "10.139.99.242" + ], + "service.type": "googlecloud", + "source.address": "203.0.113.134", + "source.as.number": 15169, + "source.bytes": 67337, + "source.domain": "kibana", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "203.0.113.134", + "source.packets": 351, + "source.port": 33590 + } +] \ No newline at end of file diff --git a/filebeat/module/ibmmq/_meta/config.yml b/filebeat/module/ibmmq/_meta/config.yml new file mode 100644 index 00000000000..320922d37e0 --- /dev/null +++ b/filebeat/module/ibmmq/_meta/config.yml @@ -0,0 +1,8 @@ +- module: ibmmq + # All logs + errorlog: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: diff --git a/filebeat/module/ibmmq/_meta/docs.asciidoc b/filebeat/module/ibmmq/_meta/docs.asciidoc new file mode 100644 index 00000000000..98c67383b63 --- /dev/null +++ b/filebeat/module/ibmmq/_meta/docs.asciidoc @@ -0,0 +1,50 @@ +[role="xpack"] + +:modulename: ibmmq + +== IBM MQ module + +The `ibmmq` module collects and parses the queue manager error logs from IBM MQ in the standard format. + +include::../include/what-happens.asciidoc[] + +include::../include/gs-link.asciidoc[] + +[float] +=== Compatibility + +This module has been tested with IBM MQ v9.1.0.0, but it should be compatible with older versions. + +include::../include/configuring-intro.asciidoc[] + +The following example shows how to set paths in the +modules.d/{modulename}.yml+ +file to override the default paths for IBM MQ errorlog: + +["source","yaml",subs="attributes"] +----- +- module: ibmmq + errorlog: + enabled: true + var.paths: ["C:/ibmmq/logs/*.log"] +----- + +:fileset_ex: errorlog + +include::../include/config-option-intro.asciidoc[] + +[float] +==== `errorlog` fileset settings + +include::../include/var-paths.asciidoc[] + +[float] +=== Example dashboard + +This module comes with a sample dashboard. For example: + +[role="screenshot"] +image::./images/filebeat-ibmmq.png[] + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/ibmmq/_meta/fields.yml b/filebeat/module/ibmmq/_meta/fields.yml new file mode 100644 index 00000000000..9dc4f1013e2 --- /dev/null +++ b/filebeat/module/ibmmq/_meta/fields.yml @@ -0,0 +1,10 @@ +- key: ibmmq + title: "ibmmq" + description: > + ibmmq Module + release: ga + fields: + - name: ibmmq + type: group + description: > + fields: diff --git a/filebeat/module/ibmmq/_meta/kibana/7/dashboard/Filebeat-IBMMQ-Overview.json b/filebeat/module/ibmmq/_meta/kibana/7/dashboard/Filebeat-IBMMQ-Overview.json new file mode 100644 index 00000000000..737cc4e76b6 --- /dev/null +++ b/filebeat/module/ibmmq/_meta/kibana/7/dashboard/Filebeat-IBMMQ-Overview.json @@ -0,0 +1,931 @@ +{ + "objects": [ + { + "attributes": { + "description": "Overview of IBM MQ", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "1", + "w": 24, + "x": 0, + "y": 7 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.0.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "6", + "w": 48, + "x": 0, + "y": 16 + }, + "panelIndex": "6", + "panelRefName": "panel_1", + "title": "Top 5 Errors [Filebeat IBM MQ]", + "version": "7.0.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "8", + "w": 13, + "x": 0, + "y": 0 + }, + "panelIndex": "8", + "panelRefName": "panel_2", + "version": "7.0.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 27, + "i": "9", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "9", + "panelRefName": "panel_3", + "version": "7.2.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "10", + "w": 24, + "x": 24, + "y": 7 + }, + "panelIndex": "10", + "panelRefName": "panel_4", + "version": "7.2.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "11", + "w": 7, + "x": 13, + "y": 0 + }, + "panelIndex": "11", + "panelRefName": "panel_5", + "version": "7.2.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "12", + "w": 7, + "x": 20, + "y": 0 + }, + "panelIndex": "12", + "panelRefName": "panel_6", + "version": "7.2.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "13", + "w": 21, + "x": 27, + "y": 0 + }, + "panelIndex": "13", + "panelRefName": "panel_7", + "version": "7.2.0" + } + ], + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-2M", + "timeRestore": true, + "timeTo": "now", + "title": "[Filebeat IBM MQ] Overview of error log overview", + "version": 1 + }, + "id": "ba1d8830-7c7b-11e9-9645-e37efaf5baff", + "migrationVersion": { + "dashboard": "7.0.0" + }, + "references": [ + { + "id": "4b2794c0-d901-11e8-aa1c-3fc8e6195a8e", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "b6308f30-7c7e-11e9-9645-e37efaf5baff", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "bf8e5de0-7c7f-11e9-9645-e37efaf5baff", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "82db7ba0-adec-11e9-8358-1517661d7c84", + "name": "panel_3", + "type": "search" + }, + { + "id": "df35c4b0-adf0-11e9-8358-1517661d7c84", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "3ff778d0-adf0-11e9-8358-1517661d7c84", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "57eae940-adf0-11e9-8358-1517661d7c84", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "845fca50-adef-11e9-8358-1517661d7c84", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2019-07-24T09:05:03.616Z", + "version": "WzI4OSwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Errors over time by Queue Manager [Filebeat IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "filebeat-*", + "default_timefield": "@timestamp", + "filter": "event.module:ibmmq", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "filebeat-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "stacked", + "terms_field": "ibmmq.errorlog.qmgr", + "terms_size": "50", + "value_template": "{{value}} Errors" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Errors over time by Queue Manager [Filebeat IBM MQ]", + "type": "metrics" + } + }, + "id": "4b2794c0-d901-11e8-aa1c-3fc8e6195a8e", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-24T08:44:22.220Z", + "version": "WzI3OCwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.module", + "negate": false, + "params": { + "query": "ibmmq" + }, + "type": "phrase", + "value": "ibmmq" + }, + "query": { + "match": { + "event.module": { + "query": "ibmmq", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top 5 Errors [Filebeat IBM MQ]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Occurences" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "aggregate": "concat", + "customLabel": "Description", + "field": "message", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + }, + { + "enabled": true, + "id": "5", + "params": { + "aggregate": "concat", + "customLabel": "Explanation", + "field": "ibmmq.errorlog.explanation", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + }, + { + "enabled": true, + "id": "4", + "params": { + "aggregate": "concat", + "customLabel": "Recommended Action", + "field": "ibmmq.errorlog.action", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Error Codes", + "field": "ibmmq.errorlog.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 5, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top 5 Errors [Filebeat IBM MQ]", + "type": "table" + } + }, + "id": "b6308f30-7c7e-11e9-9645-e37efaf5baff", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-24T09:03:08.635Z", + "version": "WzI4OCwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Control [Filebeat IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "ibmmq.errorlog.qmgr", + "id": "1558522305526", + "indexPatternRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "label": "Queue Manager", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false + }, + "title": "Control [Filebeat IBM MQ]", + "type": "input_control_vis" + } + }, + "id": "bf8e5de0-7c7f-11e9-9645-e37efaf5baff", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-24T08:20:32.926Z", + "version": "WzI2NSwxXQ==" + }, + { + "attributes": { + "columns": [ + "@timestamp", + "message", + "ibmmq.errorlog.explanation", + "ibmmq.errorlog.action" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.module", + "negate": false, + "params": { + "query": "ibmmq" + }, + "type": "phrase", + "value": "ibmmq" + }, + "query": { + "match": { + "event.module": { + "query": "ibmmq", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Errorlogs [Filebeat IBM MQ]", + "version": 1 + }, + "id": "82db7ba0-adec-11e9-8358-1517661d7c84", + "migrationVersion": { + "search": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2019-07-24T08:36:18.357Z", + "version": "WzI3NCwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Errors per code, queue manager and host [Filebeat IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Errorcodes", + "field": "ibmmq.errorlog.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Queue Manager", + "field": "ibmmq.errorlog.qmgr", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Host", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Errors per code, queue manager and host [Filebeat IBM MQ]", + "type": "pie" + } + }, + "id": "df35c4b0-adf0-11e9-8358-1517661d7c84", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "82db7ba0-adec-11e9-8358-1517661d7c84", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-07-24T08:56:55.163Z", + "version": "WzI4NiwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Different error codes [Filebeat IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Different error codes", + "field": "ibmmq.errorlog.code" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Different error codes [Filebeat IBM MQ]", + "type": "metric" + } + }, + "id": "3ff778d0-adf0-11e9-8358-1517661d7c84", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "82db7ba0-adec-11e9-8358-1517661d7c84", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-07-24T08:51:38.844Z", + "version": "WzI4MSwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Number of Queue Manager [Filebeat IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Queue Manager", + "field": "ibmmq.errorlog.qmgr" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "aggType": "cardinality", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Number of Queue Manager [Filebeat IBM MQ]", + "type": "metric" + } + }, + "id": "57eae940-adf0-11e9-8358-1517661d7c84", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "82db7ba0-adec-11e9-8358-1517661d7c84", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-07-24T08:52:19.027Z", + "version": "WzI4MiwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Last error [Filebeat IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Last error", + "field": "@timestamp" + }, + "schema": "metric", + "type": "max" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Last error [Filebeat IBM MQ]", + "type": "metric" + } + }, + "id": "845fca50-adef-11e9-8358-1517661d7c84", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "82db7ba0-adec-11e9-8358-1517661d7c84", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-07-24T08:46:24.117Z", + "version": "WzI3OSwxXQ==" + } + ], + "version": "7.2.0" +} diff --git a/filebeat/module/ibmmq/errorlog/_meta/fields.yml b/filebeat/module/ibmmq/errorlog/_meta/fields.yml new file mode 100644 index 00000000000..14886cb3f61 --- /dev/null +++ b/filebeat/module/ibmmq/errorlog/_meta/fields.yml @@ -0,0 +1,34 @@ +- name: errorlog + description: IBM MQ error logs + type: group + fields: + - name: installation + description: > + This is the installation name which can be given at installation time. + + Each installation of IBM MQ on UNIX, Linux, and Windows, has a unique identifier known as an installation name. The installation name is used to associate things such as queue managers and configuration files with an installation. + + type: keyword + - name: qmgr + description: > + Name of the queue manager. Queue managers provide queuing services to applications, and manages the queues that belong to them. + type: keyword + - name: arithinsert + description: Changing content based on error.id + type: keyword + - name: commentinsert + description: Changing content based on error.id + type: keyword + - name: errordescription + description: Please add description + example: Please add example + type: text + - name: explanation + description: Explaines the error in more detail + type: keyword + - name: action + description: Defines what to do when the error occurs + type: keyword + - name: code + description: Error code. + type: keyword diff --git a/filebeat/module/ibmmq/errorlog/config/errorlog.yml b/filebeat/module/ibmmq/errorlog/config/errorlog.yml new file mode 100644 index 00000000000..1e230b93c9e --- /dev/null +++ b/filebeat/module/ibmmq/errorlog/config/errorlog.yml @@ -0,0 +1,10 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +multiline: + pattern: "^[\\-]{5}.*[\\-]{10,}$" + negate: true + match: after diff --git a/filebeat/module/ibmmq/errorlog/ingest/pipeline.yml b/filebeat/module/ibmmq/errorlog/ingest/pipeline.yml new file mode 100644 index 00000000000..80db3a86a86 --- /dev/null +++ b/filebeat/module/ibmmq/errorlog/ingest/pipeline.yml @@ -0,0 +1,76 @@ +description: Pipeline for parsing MQ error logs. +processors: +- gsub: + field: message + pattern: ^[\-]{5}[a-z0-9\. :]*[\-]{5,} + replacement: "" +- gsub: + field: message + pattern: |2+ + + replacement: ' ' +- gsub: + field: message + pattern: '[ ]{2,}' + replacement: ' ' +- trim: + field: message +- rename: + field: '@timestamp' + target_field: event.created +- grok: + field: message + patterns: + - ^%{DATA:log_timestamp} - +- grok: + field: message + patterns: + - 'Process\(%{DATA:process.pid}\) User\(%{WORD:user.name}\) Program\(%{DATA:process.title}\) + Host\(%{DATA:host.hostname}\) Installation\(%{WORD:ibmmq.errorlog.installation}\) + VRMF\(%{DATA:service.version}\)( QMgr\(%{DATA:ibmmq.errorlog.qmgr}\))?( Time\(%{TIMESTAMP_ISO8601:@timestamp}\))?( + RemoteHost\(%{DATA:destination.address}\))?( ArithInsert1\(%{DATA:ibmmq.errorlog.arithinsert1}\))?( + ArithInsert2\(%{DATA:ibmmq.errorlog.arithinsert2}\))?( CommentInsert1\(%{DATA:ibmmq.errorlog.commentinsert1}\))?( + CommentInsert2\(%{DATA:ibmmq.errorlog.commentinsert2}\))?( CommentInsert3\(%{DATA:ibmmq.errorlog.commentinsert3}\))? + (?=AMQ[0-9]{4})%{DATA:ibmmq.errorlog.code}((?<=AMQ[0-9]{4}[A-Z])%{DATA:log.level})?: + %{DATA:ibmmq.errorlog.errordescription} [^\ ]+:( %{DATA:ibmmq.errorlog.explanation})? + [^\ ]+:( %{DATA:ibmmq.errorlog.action})?$' +- date: + field: log_timestamp + target_field: '@timestamp' + formats: + - MM/dd/yyyy hh:mm:ss aa + - dd/MM/yyyy HH:mm:ss + ignore_failure: true +- append: + field: ibmmq.errorlog.commentinsert + value: + - '{{ibmmq.errorlog.commentinsert1}}' + - '{{ibmmq.errorlog.commentinsert2}}' + - '{{ibmmq.errorlog.commentinsert3}}' + ignore_failure: true +- append: + field: ibmmq.errorlog.arithinsert + value: + - '{{ibmmq.errorlog.arithinsert1}}' + - '{{ibmmq.errorlog.arithinsert2}}' + ignore_failure: true +- remove: + field: + - log_timestamp + - message + - ibmmq.errorlog.arithinsert1 + - ibmmq.errorlog.arithinsert2 + - ibmmq.errorlog.commentinsert1 + - ibmmq.errorlog.commentinsert2 + - ibmmq.errorlog.commentinsert3 + ignore_missing: true +- rename: + field: ibmmq.errorlog.errordescription + target_field: message +- set: + field: event.kind + value: event +on_failure: +- set: + field: error.message + value: 'pipeline-entry: {{ _ingest.on_failure_message }}' diff --git a/filebeat/module/ibmmq/errorlog/manifest.yml b/filebeat/module/ibmmq/errorlog/manifest.yml new file mode 100644 index 00000000000..619ae0834f0 --- /dev/null +++ b/filebeat/module/ibmmq/errorlog/manifest.yml @@ -0,0 +1,13 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/mqm/*.LOG* + - /var/mqm/qmgrs/*/*.LOG* + os.windows: + - C:\ProgramData\IBM\MQ\errors\*.LOG* + - C:\ProgramData\IBM\MQ\qmgrs\*\errors\*.LOG* + +ingest_pipeline: ingest/pipeline.yml +input: config/errorlog.yml diff --git a/filebeat/module/ibmmq/errorlog/test/AMQERR01.log b/filebeat/module/ibmmq/errorlog/test/AMQERR01.log new file mode 100644 index 00000000000..c5b308a7927 --- /dev/null +++ b/filebeat/module/ibmmq/errorlog/test/AMQERR01.log @@ -0,0 +1,356 @@ +11.10.2018 10:39:30 - Process(9884.1) User(felix) Program(setmqinst.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) + Time(2018-10-11T08:39:30.731Z) + CommentInsert1(Windows 10 Professional x64 Edition, Build 17134 (MQ Windows (x64 platform) 64-bit)) + CommentInsert2(C:\Program Files\IBM\MQ (Installation1)) + CommentInsert3(9.1.0.0 (p910-L180709.TRIAL)) + +AMQ6287I: IBM MQ V9.1.0.0 (p910-L180709.TRIAL). + +ERKL�RUNG: +Systeminformationen zu IBM MQ: +Host-Info :- Windows 10 Professional x64 Edition, Build 17134 (MQ +Windows (x64 platform) 64-bit) +Installation :- C:\Program Files\IBM\MQ (Installation1) +Version :- 9.1.0.0 (p910-L180709.TRIAL) +AKTION: +Keine. +----- amqxeida.c : 6278 ------------------------------------------------------- +11.10.2018 10:39:30 - Process(9884.1) User(felix) Program(setmqinst.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) + Time(2018-10-11T08:39:30.729Z) + CommentInsert1(Installation1) + CommentInsert2(C:\Program Files\IBM\MQ) + +AMQ8576I: 'Installation1' (C:\Program Files\IBM\MQ) als prim�re Installation +festgelegt. Sie m�ssen das Betriebssystem erneut starten, um die Aktualisierung +fertigzustellen. + +ERKL�RUNG: +Alle Tasks, die zur Festlegung der Installation 'Installation1' als prim�re +Installation erforderlich sind, wurden ausgef�hrt. Wenn die Installation noch +nicht als prim�re Installation festgelegt wurde, dann wurde auch die +Konfiguration der Installation aktualisiert, um die Installation +'Installation1' als prim�re Installation zu identifizieren. + +Damit die Aktualisierungen systemweit wirksam werden, m�ssen Sie das +Betriebssystem erneut starten. +AKTION: +Sie m�ssen das Betriebssystem erneut starten, um die Aktualisierung +fertigzustellen. +----- amqiprm0.c : 402 -------------------------------------------------------- +11/10/2018 10:46:25 - Process(16776.1) User(MUSR_MQADMIN) Program(strmqm.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) + Time(2018-10-11T08:46:25.924Z) + ArithInsert1(90) + +AMQ7125I: There are 90 days left in the trial period for this copy of IBM MQ. + +EXPLANATION: +This copy of IBM MQ is licensed for a limited period only. +ACTION: +None. +----- amqzlic0.c : 435 -------------------------------------------------------- +11/10/2018 10:46:26 - Process(8480.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) + Time(2018-10-11T08:46:26.343Z) + +AMQ6776E: Queue manager recovery log not correctly configured for advanced +format disk. + +EXPLANATION: +The queue manager recovery log is located on an advanced format disk, however +the recovery log is not configured correctly to provide full write integrity +with advanced format disks. Advanced format disks require 4KB alignment for +reliable writing, but the current queue manager was created at an MQ version +that did not yet support advanced format disks and did not enforce 4KB +alignment. +ACTION: +MQ has only supported placing the recovery log on an advanced format disk since +MQ V9.0.4. MQ V9.0.4 introduced the MIGMQLOG command that can be used to +migrate a pre-existing queue manager recovery log to a format suitable for +advanced format disks. Any queue manager created on a version of V9.0.4 or +higher will have been created with a recovery log suitable for advanced format +disks. Investigate migrating the queue manager recovery log, using the MIGMQLOG +command, to a format suitable for the current log location. +----- amqxfdcp.c : 832 -------------------------------------------------------- +11/10/2018 10:46:26 - Process(8480.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) + Time(2018-10-11T08:46:26.346Z) + ArithInsert1(8480) + CommentInsert1(QM1) + +AMQ6184W: An internal IBM MQ error has occurred on queue manager QM1. + +EXPLANATION: +An error has been detected, and the IBM MQ error recording routine has been +called. The failing process is process 8480. +ACTION: +Use the standard facilities supplied with your system to record the problem +identifier and to save any generated output files. Use either the MQ Support +site: http://www.ibm.com/software/integration/wmq/support/, or IBM Support +Assistant (ISA): http://www.ibm.com/software/support/isa/, to see whether a +solution is already available. If you are unable to find a match, contact your +IBM support center. Do not discard these files until the problem has been +resolved. +----- amqxfdcp.c : 874 -------------------------------------------------------- +17.10.2018 13:50:15 - Process(39420.1) User(felix) Program(CRTMQM.EXE) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) + Time(2018-10-17T11:50:15.982Z) + ArithInsert1(84) + +AMQ7125I: Der Testzeitraum f�r dieses Exemplar von IBM MQ l�uft in 84 Tag(en) +ab. + +ERKL�RUNG: +Dieses Exemplar von IBM MQ wurde nur f�r einen begrenzten Zeitraum lizenziert. +AKTION: +Keine. +----- amqzlic0.c : 435 -------------------------------------------------------- +17.10.2018 13:50:18 - Process(34720.1) User(felix) Program(STRMQM.EXE) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) + Time(2018-10-17T11:50:18.439Z) + ArithInsert1(84) + +AMQ7125I: Der Testzeitraum f�r dieses Exemplar von IBM MQ l�uft in 84 Tag(en) +ab. + +ERKL�RUNG: +Dieses Exemplar von IBM MQ wurde nur f�r einen begrenzten Zeitraum lizenziert. +AKTION: +Keine. +----- amqzlic0.c : 435 -------------------------------------------------------- +18.10.2018 16:13:58 - Process(28832.1) User(felix) Program(STRMQM.EXE) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) + Time(2018-10-18T14:13:58.401Z) + ArithInsert1(83) + +AMQ7125I: Der Testzeitraum f�r dieses Exemplar von IBM MQ l�uft in 83 Tag(en) +ab. + +ERKL�RUNG: +Dieses Exemplar von IBM MQ wurde nur f�r einen begrenzten Zeitraum lizenziert. +AKTION: +Keine. +----- amqzlic0.c : 435 -------------------------------------------------------- +28/10/2018 15:12:07 - Process(7160.1) User(MUSR_MQADMIN) Program(strmqm.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) + Time(2018-10-28T14:12:07.685Z) + ArithInsert1(73) + +AMQ7125I: There are 73 days left in the trial period for this copy of IBM MQ. + +EXPLANATION: +This copy of IBM MQ is licensed for a limited period only. +ACTION: +None. +----- amqzlic0.c : 435 -------------------------------------------------------- +28/10/2018 15:12:07 - Process(7144.1) User(MUSR_MQADMIN) Program(strmqm.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) + Time(2018-10-28T14:12:07.789Z) + ArithInsert1(73) + +AMQ7125I: There are 73 days left in the trial period for this copy of IBM MQ. + +EXPLANATION: +This copy of IBM MQ is licensed for a limited period only. +ACTION: +None. +----- amqzlic0.c : 435 -------------------------------------------------------- +28/10/2018 15:12:08 - Process(7360.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) + Time(2018-10-28T14:12:08.663Z) + +AMQ6776E: Queue manager recovery log not correctly configured for advanced +format disk. + +EXPLANATION: +The queue manager recovery log is located on an advanced format disk, however +the recovery log is not configured correctly to provide full write integrity +with advanced format disks. Advanced format disks require 4KB alignment for +reliable writing, but the current queue manager was created at an MQ version +that did not yet support advanced format disks and did not enforce 4KB +alignment. +ACTION: +MQ has only supported placing the recovery log on an advanced format disk since +MQ V9.0.4. MQ V9.0.4 introduced the MIGMQLOG command that can be used to +migrate a pre-existing queue manager recovery log to a format suitable for +advanced format disks. Any queue manager created on a version of V9.0.4 or +higher will have been created with a recovery log suitable for advanced format +disks. Investigate migrating the queue manager recovery log, using the MIGMQLOG +command, to a format suitable for the current log location. +----- amqxfdcp.c : 832 -------------------------------------------------------- +28/10/2018 15:12:08 - Process(7360.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) + Time(2018-10-28T14:12:08.665Z) + ArithInsert1(7360) + CommentInsert1(QM1) + +AMQ6184W: An internal IBM MQ error has occurred on queue manager QM1. + +EXPLANATION: +An error has been detected, and the IBM MQ error recording routine has been +called. The failing process is process 7360. +ACTION: +Use the standard facilities supplied with your system to record the problem +identifier and to save any generated output files. Use either the MQ Support +site: http://www.ibm.com/software/integration/wmq/support/, or IBM Support +Assistant (ISA): http://www.ibm.com/software/support/isa/, to see whether a +solution is already available. If you are unable to find a match, contact your +IBM support center. Do not discard these files until the problem has been +resolved. +----- amqxfdcp.c : 874 -------------------------------------------------------- +29/10/2018 16:48:52 - Process(7356.1) User(MUSR_MQADMIN) Program(strmqm.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) + Time(2018-10-29T15:48:52.594Z) + ArithInsert1(71) + +AMQ7125I: There are 71 days left in the trial period for this copy of IBM MQ. + +EXPLANATION: +This copy of IBM MQ is licensed for a limited period only. +ACTION: +None. +----- amqzlic0.c : 435 -------------------------------------------------------- +29/10/2018 16:48:52 - Process(7364.1) User(MUSR_MQADMIN) Program(strmqm.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) + Time(2018-10-29T15:48:52.663Z) + ArithInsert1(71) + +AMQ7125I: There are 71 days left in the trial period for this copy of IBM MQ. + +EXPLANATION: +This copy of IBM MQ is licensed for a limited period only. +ACTION: +None. +----- amqzlic0.c : 435 -------------------------------------------------------- +29/10/2018 16:48:53 - Process(7660.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) + Time(2018-10-29T15:48:53.368Z) + +AMQ6776E: Queue manager recovery log not correctly configured for advanced +format disk. + +EXPLANATION: +The queue manager recovery log is located on an advanced format disk, however +the recovery log is not configured correctly to provide full write integrity +with advanced format disks. Advanced format disks require 4KB alignment for +reliable writing, but the current queue manager was created at an MQ version +that did not yet support advanced format disks and did not enforce 4KB +alignment. +ACTION: +MQ has only supported placing the recovery log on an advanced format disk since +MQ V9.0.4. MQ V9.0.4 introduced the MIGMQLOG command that can be used to +migrate a pre-existing queue manager recovery log to a format suitable for +advanced format disks. Any queue manager created on a version of V9.0.4 or +higher will have been created with a recovery log suitable for advanced format +disks. Investigate migrating the queue manager recovery log, using the MIGMQLOG +command, to a format suitable for the current log location. +----- amqxfdcp.c : 832 -------------------------------------------------------- +29/10/2018 16:48:53 - Process(7660.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) + Time(2018-10-29T15:48:53.369Z) + ArithInsert1(7660) + CommentInsert1(QM1) + +AMQ6184W: An internal IBM MQ error has occurred on queue manager QM1. + +EXPLANATION: +An error has been detected, and the IBM MQ error recording routine has been +called. The failing process is process 7660. +ACTION: +Use the standard facilities supplied with your system to record the problem +identifier and to save any generated output files. Use either the MQ Support +site: http://www.ibm.com/software/integration/wmq/support/, or IBM Support +Assistant (ISA): http://www.ibm.com/software/support/isa/, to see whether a +solution is already available. If you are unable to find a match, contact your +IBM support center. Do not discard these files until the problem has been +resolved. +----- amqxfdcp.c : 874 -------------------------------------------------------- +29/10/2018 16:49:35 - Process(7032.1) User(MUSR_MQADMIN) Program(strmqm.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) + Time(2018-10-29T15:49:35.477Z) + ArithInsert1(71) + +AMQ7125I: There are 71 days left in the trial period for this copy of IBM MQ. + +EXPLANATION: +This copy of IBM MQ is licensed for a limited period only. +ACTION: +None. +----- amqzlic0.c : 435 -------------------------------------------------------- +29/10/2018 16:49:35 - Process(6984.1) User(MUSR_MQADMIN) Program(strmqm.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) + Time(2018-10-29T15:49:35.553Z) + ArithInsert1(71) + +AMQ7125I: There are 71 days left in the trial period for this copy of IBM MQ. + +EXPLANATION: +This copy of IBM MQ is licensed for a limited period only. +ACTION: +None. +----- amqzlic0.c : 435 -------------------------------------------------------- +29/10/2018 16:49:36 - Process(6780.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) + Time(2018-10-29T15:49:36.447Z) + +AMQ6776E: Queue manager recovery log not correctly configured for advanced +format disk. + +EXPLANATION: +The queue manager recovery log is located on an advanced format disk, however +the recovery log is not configured correctly to provide full write integrity +with advanced format disks. Advanced format disks require 4KB alignment for +reliable writing, but the current queue manager was created at an MQ version +that did not yet support advanced format disks and did not enforce 4KB +alignment. +ACTION: +MQ has only supported placing the recovery log on an advanced format disk since +MQ V9.0.4. MQ V9.0.4 introduced the MIGMQLOG command that can be used to +migrate a pre-existing queue manager recovery log to a format suitable for +advanced format disks. Any queue manager created on a version of V9.0.4 or +higher will have been created with a recovery log suitable for advanced format +disks. Investigate migrating the queue manager recovery log, using the MIGMQLOG +command, to a format suitable for the current log location. +----- amqxfdcp.c : 832 -------------------------------------------------------- +29/10/2018 16:49:36 - Process(6780.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) + Time(2018-10-29T15:49:36.448Z) + ArithInsert1(6780) + CommentInsert1(QM1) + +AMQ6184W: An internal IBM MQ error has occurred on queue manager QM1. + +EXPLANATION: +An error has been detected, and the IBM MQ error recording routine has been +called. The failing process is process 6780. +ACTION: +Use the standard facilities supplied with your system to record the problem +identifier and to save any generated output files. Use either the MQ Support +site: http://www.ibm.com/software/integration/wmq/support/, or IBM Support +Assistant (ISA): http://www.ibm.com/software/support/isa/, to see whether a +solution is already available. If you are unable to find a match, contact your +IBM support center. Do not discard these files until the problem has been +resolved. +----- amqxfdcp.c : 874 -------------------------------------------------------- \ No newline at end of file diff --git a/filebeat/module/ibmmq/errorlog/test/AMQERR01.log-expected.json b/filebeat/module/ibmmq/errorlog/test/AMQERR01.log-expected.json new file mode 100644 index 00000000000..7ccc74ea50b --- /dev/null +++ b/filebeat/module/ibmmq/errorlog/test/AMQERR01.log-expected.json @@ -0,0 +1,662 @@ +[ + { + "@timestamp": "2018-10-11T08:39:30.731Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Host-Info :- Windows 10 Professional x64 Edition, Build 17134 (MQ Windows (x64 platform) 64-bit) Installation :- C:\\Program Files\\IBM\\MQ (Installation1) Version :- 9.1.0.0 (p910-L180709.TRIAL) AKTION: Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ6287I", + "ibmmq.errorlog.commentinsert": [ + "Windows 10 Professional x64 Edition, Build 17134 (MQ Windows (x64 platform) 64-bit)", + "C:\\\\Program Files\\\\IBM\\\\MQ (Installation1)", + "9.1.0.0 (p910-L180709.TRIAL)" + ], + "ibmmq.errorlog.explanation": "Systeminformationen zu IBM", + "ibmmq.errorlog.installation": "Installation1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 0, + "message": "IBM MQ V9.1.0.0 (p910-L180709.TRIAL).", + "process.pid": "9884.1", + "process.title": "setmqinst.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-11T08:39:30.729Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Sie m\ufffdssen das Betriebssystem erneut starten, um die Aktualisierung fertigzustellen.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ8576I", + "ibmmq.errorlog.commentinsert": [ + "Installation1", + "C:\\\\Program Files\\\\IBM\\\\MQ", + "" + ], + "ibmmq.errorlog.explanation": "Alle Tasks, die zur Festlegung der Installation 'Installation1' als prim\ufffdre Installation erforderlich sind, wurden ausgef\ufffdhrt. Wenn die Installation noch nicht als prim\ufffdre Installation festgelegt wurde, dann wurde auch die Konfiguration der Installation aktualisiert, um die Installation 'Installation1' als prim\ufffdre Installation zu identifizieren. Damit die Aktualisierungen systemweit wirksam werden, m\ufffdssen Sie das Betriebssystem erneut starten.", + "ibmmq.errorlog.installation": "Installation1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 849, + "message": "'Installation1' (C:\\Program Files\\IBM\\MQ) als prim\ufffdre Installation festgelegt. Sie m\ufffdssen das Betriebssystem erneut starten, um die Aktualisierung fertigzustellen.", + "process.pid": "9884.1", + "process.title": "setmqinst.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-11T10:46:25.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "90", + "" + ], + "ibmmq.errorlog.code": "AMQ7125I", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "This copy of IBM MQ is licensed for a limited period only.", + "ibmmq.errorlog.installation": "Installation1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 2045, + "message": "There are 90 days left in the trial period for this copy of IBM MQ.", + "process.pid": "16776.1", + "process.title": "strmqm.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-11T10:46:26.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "MQ has only supported placing the recovery log on an advanced format disk since MQ V9.0.4. MQ V9.0.4 introduced the MIGMQLOG command that can be used to migrate a pre-existing queue manager recovery log to a format suitable for advanced format disks. Any queue manager created on a version of V9.0.4 or higher will have been created with a recovery log suitable for advanced format disks. Investigate migrating the queue manager recovery log, using the MIGMQLOG command, to a format suitable for the current log location.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ6776E", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager recovery log is located on an advanced format disk, however the recovery log is not configured correctly to provide full write integrity with advanced format disks. Advanced format disks require 4KB alignment for reliable writing, but the current queue manager was created at an MQ version that did not yet support advanced format disks and did not enforce 4KB alignment.", + "ibmmq.errorlog.installation": "Installation1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 2589, + "message": "Queue manager recovery log not correctly configured for advanced format disk.", + "process.pid": "8480.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-11T10:46:26.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Use the standard facilities supplied with your system to record the problem identifier and to save any generated output files. Use either the MQ Support site: http://www.ibm.com/software/integration/wmq/support/, or IBM Support Assistant (ISA): http://www.ibm.com/software/support/isa/, to see whether a solution is already available. If you are unable to find a match, contact your IBM support center. Do not discard these files until the problem has been resolved.", + "ibmmq.errorlog.arithinsert": [ + "8480", + "" + ], + "ibmmq.errorlog.code": "AMQ6184W", + "ibmmq.errorlog.commentinsert": [ + "QM1", + "", + "" + ], + "ibmmq.errorlog.explanation": "An error has been detected, and the IBM MQ error recording routine has been called. The failing process is process 8480.", + "ibmmq.errorlog.installation": "Installation1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 3952, + "message": "An internal IBM MQ error has occurred on queue manager QM1.", + "process.pid": "8480.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T11:50:15.982Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "84", + "" + ], + "ibmmq.errorlog.code": "AMQ7125I", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Dieses Exemplar von IBM MQ wurde nur f\ufffdr einen begrenzten Zeitraum lizenziert.", + "ibmmq.errorlog.installation": "Installation1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 5058, + "message": "Der Testzeitraum f\ufffdr dieses Exemplar von IBM MQ l\ufffduft in 84 Tag(en) ab.", + "process.pid": "39420.1", + "process.title": "CRTMQM.EXE", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T11:50:18.439Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "84", + "" + ], + "ibmmq.errorlog.code": "AMQ7125I", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Dieses Exemplar von IBM MQ wurde nur f\ufffdr einen begrenzten Zeitraum lizenziert.", + "ibmmq.errorlog.installation": "Installation1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 5626, + "message": "Der Testzeitraum f\ufffdr dieses Exemplar von IBM MQ l\ufffduft in 84 Tag(en) ab.", + "process.pid": "34720.1", + "process.title": "STRMQM.EXE", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-18T14:13:58.401Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "83", + "" + ], + "ibmmq.errorlog.code": "AMQ7125I", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Dieses Exemplar von IBM MQ wurde nur f\ufffdr einen begrenzten Zeitraum lizenziert.", + "ibmmq.errorlog.installation": "Installation1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 6194, + "message": "Der Testzeitraum f\ufffdr dieses Exemplar von IBM MQ l\ufffduft in 83 Tag(en) ab.", + "process.pid": "28832.1", + "process.title": "STRMQM.EXE", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-28T15:12:07.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "73", + "" + ], + "ibmmq.errorlog.code": "AMQ7125I", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "This copy of IBM MQ is licensed for a limited period only.", + "ibmmq.errorlog.installation": "Installation1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 6762, + "message": "There are 73 days left in the trial period for this copy of IBM MQ.", + "process.pid": "7160.1", + "process.title": "strmqm.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-28T15:12:07.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "73", + "" + ], + "ibmmq.errorlog.code": "AMQ7125I", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "This copy of IBM MQ is licensed for a limited period only.", + "ibmmq.errorlog.installation": "Installation1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 7305, + "message": "There are 73 days left in the trial period for this copy of IBM MQ.", + "process.pid": "7144.1", + "process.title": "strmqm.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-28T15:12:08.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "MQ has only supported placing the recovery log on an advanced format disk since MQ V9.0.4. MQ V9.0.4 introduced the MIGMQLOG command that can be used to migrate a pre-existing queue manager recovery log to a format suitable for advanced format disks. Any queue manager created on a version of V9.0.4 or higher will have been created with a recovery log suitable for advanced format disks. Investigate migrating the queue manager recovery log, using the MIGMQLOG command, to a format suitable for the current log location.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ6776E", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager recovery log is located on an advanced format disk, however the recovery log is not configured correctly to provide full write integrity with advanced format disks. Advanced format disks require 4KB alignment for reliable writing, but the current queue manager was created at an MQ version that did not yet support advanced format disks and did not enforce 4KB alignment.", + "ibmmq.errorlog.installation": "Installation1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 7848, + "message": "Queue manager recovery log not correctly configured for advanced format disk.", + "process.pid": "7360.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-28T15:12:08.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Use the standard facilities supplied with your system to record the problem identifier and to save any generated output files. Use either the MQ Support site: http://www.ibm.com/software/integration/wmq/support/, or IBM Support Assistant (ISA): http://www.ibm.com/software/support/isa/, to see whether a solution is already available. If you are unable to find a match, contact your IBM support center. Do not discard these files until the problem has been resolved.", + "ibmmq.errorlog.arithinsert": [ + "7360", + "" + ], + "ibmmq.errorlog.code": "AMQ6184W", + "ibmmq.errorlog.commentinsert": [ + "QM1", + "", + "" + ], + "ibmmq.errorlog.explanation": "An error has been detected, and the IBM MQ error recording routine has been called. The failing process is process 7360.", + "ibmmq.errorlog.installation": "Installation1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 9211, + "message": "An internal IBM MQ error has occurred on queue manager QM1.", + "process.pid": "7360.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-29T16:48:52.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "71", + "" + ], + "ibmmq.errorlog.code": "AMQ7125I", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "This copy of IBM MQ is licensed for a limited period only.", + "ibmmq.errorlog.installation": "Installation1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 10317, + "message": "There are 71 days left in the trial period for this copy of IBM MQ.", + "process.pid": "7356.1", + "process.title": "strmqm.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-29T16:48:52.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "71", + "" + ], + "ibmmq.errorlog.code": "AMQ7125I", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "This copy of IBM MQ is licensed for a limited period only.", + "ibmmq.errorlog.installation": "Installation1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 10860, + "message": "There are 71 days left in the trial period for this copy of IBM MQ.", + "process.pid": "7364.1", + "process.title": "strmqm.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-29T16:48:53.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "MQ has only supported placing the recovery log on an advanced format disk since MQ V9.0.4. MQ V9.0.4 introduced the MIGMQLOG command that can be used to migrate a pre-existing queue manager recovery log to a format suitable for advanced format disks. Any queue manager created on a version of V9.0.4 or higher will have been created with a recovery log suitable for advanced format disks. Investigate migrating the queue manager recovery log, using the MIGMQLOG command, to a format suitable for the current log location.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ6776E", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager recovery log is located on an advanced format disk, however the recovery log is not configured correctly to provide full write integrity with advanced format disks. Advanced format disks require 4KB alignment for reliable writing, but the current queue manager was created at an MQ version that did not yet support advanced format disks and did not enforce 4KB alignment.", + "ibmmq.errorlog.installation": "Installation1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 11403, + "message": "Queue manager recovery log not correctly configured for advanced format disk.", + "process.pid": "7660.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-29T16:48:53.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Use the standard facilities supplied with your system to record the problem identifier and to save any generated output files. Use either the MQ Support site: http://www.ibm.com/software/integration/wmq/support/, or IBM Support Assistant (ISA): http://www.ibm.com/software/support/isa/, to see whether a solution is already available. If you are unable to find a match, contact your IBM support center. Do not discard these files until the problem has been resolved.", + "ibmmq.errorlog.arithinsert": [ + "7660", + "" + ], + "ibmmq.errorlog.code": "AMQ6184W", + "ibmmq.errorlog.commentinsert": [ + "QM1", + "", + "" + ], + "ibmmq.errorlog.explanation": "An error has been detected, and the IBM MQ error recording routine has been called. The failing process is process 7660.", + "ibmmq.errorlog.installation": "Installation1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 12766, + "message": "An internal IBM MQ error has occurred on queue manager QM1.", + "process.pid": "7660.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-29T16:49:35.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "71", + "" + ], + "ibmmq.errorlog.code": "AMQ7125I", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "This copy of IBM MQ is licensed for a limited period only.", + "ibmmq.errorlog.installation": "Installation1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 13872, + "message": "There are 71 days left in the trial period for this copy of IBM MQ.", + "process.pid": "7032.1", + "process.title": "strmqm.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-29T16:49:35.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "71", + "" + ], + "ibmmq.errorlog.code": "AMQ7125I", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "This copy of IBM MQ is licensed for a limited period only.", + "ibmmq.errorlog.installation": "Installation1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 14415, + "message": "There are 71 days left in the trial period for this copy of IBM MQ.", + "process.pid": "6984.1", + "process.title": "strmqm.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-29T16:49:36.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "MQ has only supported placing the recovery log on an advanced format disk since MQ V9.0.4. MQ V9.0.4 introduced the MIGMQLOG command that can be used to migrate a pre-existing queue manager recovery log to a format suitable for advanced format disks. Any queue manager created on a version of V9.0.4 or higher will have been created with a recovery log suitable for advanced format disks. Investigate migrating the queue manager recovery log, using the MIGMQLOG command, to a format suitable for the current log location.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ6776E", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager recovery log is located on an advanced format disk, however the recovery log is not configured correctly to provide full write integrity with advanced format disks. Advanced format disks require 4KB alignment for reliable writing, but the current queue manager was created at an MQ version that did not yet support advanced format disks and did not enforce 4KB alignment.", + "ibmmq.errorlog.installation": "Installation1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 14958, + "message": "Queue manager recovery log not correctly configured for advanced format disk.", + "process.pid": "6780.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-29T16:49:36.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Use the standard facilities supplied with your system to record the problem identifier and to save any generated output files. Use either the MQ Support site: http://www.ibm.com/software/integration/wmq/support/, or IBM Support Assistant (ISA): http://www.ibm.com/software/support/isa/, to see whether a solution is already available. If you are unable to find a match, contact your IBM support center. Do not discard these files until the problem has been resolved.", + "ibmmq.errorlog.arithinsert": [ + "6780", + "" + ], + "ibmmq.errorlog.code": "AMQ6184W", + "ibmmq.errorlog.commentinsert": [ + "QM1", + "", + "" + ], + "ibmmq.errorlog.explanation": "An error has been detected, and the IBM MQ error recording routine has been called. The failing process is process 6780.", + "ibmmq.errorlog.installation": "Installation1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 16321, + "message": "An internal IBM MQ error has occurred on queue manager QM1.", + "process.pid": "6780.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + } +] \ No newline at end of file diff --git a/filebeat/module/ibmmq/errorlog/test/AMQERR01_QM1.log b/filebeat/module/ibmmq/errorlog/test/AMQERR01_QM1.log new file mode 100644 index 00000000000..55929d93688 --- /dev/null +++ b/filebeat/module/ibmmq/errorlog/test/AMQERR01_QM1.log @@ -0,0 +1,36942 @@ +13.07.2018 07:06:00 - Process(13440.3) User(felix) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ6287: IBM MQ VC:\Program Files\IBM\MQ (Installation1). + +ERKLÄRUNG: +Systeminformationen zu IBM MQ: +Produkt :- Windows 10 Professional x64 Edition, Build 17134 (MQ +Windows (x64 platform) 64-bit) +Version :- C:\Program Files\IBM\MQ (Installation1) +Host-Info :- 9.0.0.2 (p900-002-171004.TRIAL) +AKTION: +Keine. +------------------------------------------------------------------------------- +13.07.2018 07:06:00 - Process(13440.3) User(felix) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: Die WS-Manager-Task 'LOGGER-IO' wurde gestartet. + +ERKLÄRUNG: +Die Task 'LOGGER-IO' wurde vom Task-Manager für kritische Dienstprogramme +gestartet. Diese Task wurde jetzt 1 Mal gestartet. +AKTION: +Keine. +------------------------------------------------------------------------------- +13.07.2018 07:06:00 - Process(13440.1) User(felix) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: Die WS-Manager-Task 'LOGGER-IO' wurde beendet. + +ERKLÄRUNG: +Die WS-Manager-Task 'LOGGER-IO' wurde beendet. +AKTION: +Keine. +------------------------------------------------------------------------------- +13.07.2018 07:06:01 - Process(23240.3) User(felix) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: Die WS-Manager-Task 'LOGGER-IO' wurde gestartet. + +ERKLÄRUNG: +Die Task 'LOGGER-IO' wurde vom Task-Manager für kritische Dienstprogramme +gestartet. Diese Task wurde jetzt 1 Mal gestartet. +AKTION: +Keine. +------------------------------------------------------------------------------- +13.07.2018 07:06:01 - Process(22920.1) User(felix) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7229: 4 Protokollsätze wurden auf WS-Manager 'QM1' während der +Protokollwiederholungsphase aufgerufen. + +ERKLÄRUNG: +4 Protokollsätze wurden bisher auf WS-Manager QM1 während der +Protokollwiederholungsphase aufgerufen, um den WS-Manager in einen zuvor +bekannten Status zurückzuversetzen. +AKTION: +Keine. +------------------------------------------------------------------------------- +13.07.2018 07:06:01 - Process(22920.1) User(felix) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7230: Die Protokollwiederholung für WS-Manager 'QM1' ist beendet. + +ERKLÄRUNG: +Die Protokollwiederholungsphase des Neustartprozesses wurde für WS-Manager QM1 +beendet. +AKTION: +Keine. +------------------------------------------------------------------------------- +13.07.2018 07:06:01 - Process(22920.1) User(felix) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7231: 0 Protokollsätze wurden auf WS-Manager 'QM1' während der +Wiederherstellungsphase aufgerufen. + +ERKLÄRUNG: +Während der Wiederherstellungsphase des Transaktionsmanagerstatus wurden bisher +0 Protokollsätze auf WS-Manager QM1 aufgerufen. +AKTION: +Keine. +------------------------------------------------------------------------------- +13.07.2018 07:06:01 - Process(22920.1) User(felix) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7232: Der Transaktionsmanagerstatus wurde für WS-Manager 'QM1' +wiederhergestellt. + +ERKLÄRUNG: +Der Status der Transaktionen zu dem Zeitpunkt, als der WS-Manager beendet +wurde, wurde für WS-Manager QM1 wiederhergestellt. +AKTION: +Keine. +------------------------------------------------------------------------------- +13.07.2018 07:06:01 - Process(22920.1) User(felix) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7233: 0 von 0 unvollständigen Transaktionen wurden für WS-Manager 'QM1' +aufgelöst. + +ERKLÄRUNG: +0 von 0 Transaktionen, die zum Zeitpunkt der Beendigung des WS-Managers QM1 +unvollständig waren, wurden aufgelöst. +AKTION: +Keine. +------------------------------------------------------------------------------- +13.07.2018 07:06:01 - Process(23240.8) User(felix) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: Die WS-Manager-Task 'CHECKPOINT' wurde gestartet. + +ERKLÄRUNG: +Die Task 'CHECKPOINT' wurde vom Task-Manager für kritische Dienstprogramme +gestartet. Diese Task wurde jetzt 1 Mal gestartet. +AKTION: +Keine. +------------------------------------------------------------------------------- +13.07.2018 07:06:01 - Process(4128.3) User(felix) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: Die WS-Manager-Task 'ERROR-LOG' wurde gestartet. + +ERKLÄRUNG: +Die Task 'ERROR-LOG' wurde vom Task-Manager für wieder anlauffähige +Dienstprogramme gestartet. Diese Task wurde jetzt 1 Mal gestartet. +AKTION: +Keine. +------------------------------------------------------------------------------- +13.07.2018 07:06:01 - Process(4128.6) User(felix) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: Die WS-Manager-Task 'APP-SIGNAL' wurde gestartet. + +ERKLÄRUNG: +Die Task 'APP-SIGNAL' wurde vom Task-Manager für wieder anlauffähige +Dienstprogramme gestartet. Diese Task wurde jetzt 3 Mal gestartet. +AKTION: +Keine. +------------------------------------------------------------------------------- +13.07.2018 07:06:01 - Process(4128.4) User(felix) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: Die WS-Manager-Task 'APP-SIGNAL' wurde gestartet. + +ERKLÄRUNG: +Die Task 'APP-SIGNAL' wurde vom Task-Manager für wieder anlauffähige +Dienstprogramme gestartet. Diese Task wurde jetzt 1 Mal gestartet. +AKTION: +Keine. +------------------------------------------------------------------------------- +13.07.2018 07:06:01 - Process(4128.5) User(felix) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: Die WS-Manager-Task 'APP-SIGNAL' wurde gestartet. + +ERKLÄRUNG: +Die Task 'APP-SIGNAL' wurde vom Task-Manager für wieder anlauffähige +Dienstprogramme gestartet. Diese Task wurde jetzt 2 Mal gestartet. +AKTION: +Keine. +------------------------------------------------------------------------------- +13.07.2018 07:06:01 - Process(4128.7) User(felix) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: Die WS-Manager-Task 'APP-SIGNAL' wurde gestartet. + +ERKLÄRUNG: +Die Task 'APP-SIGNAL' wurde vom Task-Manager für wieder anlauffähige +Dienstprogramme gestartet. Diese Task wurde jetzt 4 Mal gestartet. +AKTION: +Keine. +------------------------------------------------------------------------------- +13.07.2018 07:06:02 - Process(22920.1) User(felix) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8048: Standardobjektstatistik: 86 erstellt. 0 ersetzt. 0 fehlgeschlagen. + +ERKLÄRUNG: +Dies sind Informationen zur Anzahl der erfolgreich erstellten oder ersetzten +Objekte sowie zu den Fehlschlägen beim Erstellen der Standardobjekte. +AKTION: +Keine. +------------------------------------------------------------------------------- +13.07.2018 07:06:03 - Process(22920.1) User(felix) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8003: IBM MQ-WS-Manager 'QM1' wurde mit V9.0.0.2 gestartet. + +ERKLÄRUNG: +IBM MQ-WS-Manager 'QM1' wurde mit V9.0.0.2 gestartet. +AKTION: +Keine. +------------------------------------------------------------------------------- +13.07.2018 07:06:03 - Process(4128.1) User(felix) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: Die WS-Manager-Task 'APP-SIGNAL' wurde beendet. + +ERKLÄRUNG: +Die WS-Manager-Task 'APP-SIGNAL' wurde beendet. +AKTION: +Keine. +------------------------------------------------------------------------------- +13.07.2018 07:06:03 - Process(4128.1) User(felix) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: Die WS-Manager-Task 'APP-SIGNAL' wurde beendet. + +ERKLÄRUNG: +Die WS-Manager-Task 'APP-SIGNAL' wurde beendet. +AKTION: +Keine. +------------------------------------------------------------------------------- +13.07.2018 07:06:03 - Process(4128.1) User(felix) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: Die WS-Manager-Task 'ERROR-LOG' wurde beendet. + +ERKLÄRUNG: +Die WS-Manager-Task 'ERROR-LOG' wurde beendet. +AKTION: +Keine. +------------------------------------------------------------------------------- +13.07.2018 07:06:03 - Process(23240.1) User(felix) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: Die WS-Manager-Task 'CHECKPOINT' wurde beendet. + +ERKLÄRUNG: +Die WS-Manager-Task 'CHECKPOINT' wurde beendet. +AKTION: +Keine. +------------------------------------------------------------------------------- +13.07.2018 07:06:03 - Process(23240.1) User(felix) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: Die WS-Manager-Task 'LOGGER-IO' wurde beendet. + +ERKLÄRUNG: +Die WS-Manager-Task 'LOGGER-IO' wurde beendet. +AKTION: +Keine. +------------------------------------------------------------------------------- +13.07.2018 07:06:03 - Process(22920.1) User(felix) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8004: IBM MQ-Warteschlangenmanager 'QM1' wurde beendet. + +ERKLÄRUNG: +Der IBM MQ-Warteschlangenmanager 'QM1' wurde beendet. +AKTION: +Keine. +------------------------------------------------------------------------------- +13/07/2018 07:06:03 - Process(12828.3) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'LOGGER-IO' has started. + +EXPLANATION: +The critical utility task manager has started the LOGGER-IO task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:03 - Process(2244.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7229: 5 log records accessed on queue manager 'QM1' during the log replay +phase. + +EXPLANATION: +5 log records have been accessed so far on queue manager QM1 during the log +replay phase in order to bring the queue manager back to a previously known +state. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:03 - Process(2244.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7230: Log replay for queue manager 'QM1' complete. + +EXPLANATION: +The log replay phase of the queue manager restart process has been completed +for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:03 - Process(2244.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7231: 0 log records accessed on queue manager 'QM1' during the recovery +phase. + +EXPLANATION: +0 log records have been accessed so far on queue manager QM1 during the +recovery phase of the transactions manager state. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:03 - Process(2244.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7232: Transaction manager state recovered for queue manager 'QM1'. + +EXPLANATION: +The state of transactions at the time the queue manager ended has been +recovered for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(2244.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7233: 0 out of 0 in-flight transactions resolved for queue manager 'QM1'. + +EXPLANATION: +0 transactions out of 0 in-flight at the time queue manager QM1 ended have been +resolved. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(12828.8) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'CHECKPOINT' has started. + +EXPLANATION: +The critical utility task manager has started the CHECKPOINT task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(24404.3) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'ERROR-LOG' has started. + +EXPLANATION: +The restartable utility task manager has started the ERROR-LOG task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(24404.6) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 2 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(24404.5) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 3 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(24404.4) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(24404.7) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 4 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(2244.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8003: IBM MQ queue manager 'QM1' started using V9.0.0.2. + +EXPLANATION: +IBM MQ queue manager 'QM1' started using V9.0.0.2. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(24404.8) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'DEFERRED_DELIVERY' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED_DELIVERY task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(24404.9) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'DEFERRED-MSG' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED-MSG task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(12828.19) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'ACTVTRC' has started. + +EXPLANATION: +The critical utility task manager has started the ACTVTRC task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(23168.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9410: Repository manager started. + +EXPLANATION: +The repository manager started successfully. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(24404.10) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'STATISTICS' has started. + +EXPLANATION: +The restartable utility task manager has started the STATISTICS task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(12828.20) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'ASYNCQ' has started. + +EXPLANATION: +The critical utility task manager has started the ASYNCQ task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(12828.21) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'EXPIRER' has started. + +EXPLANATION: +The critical utility task manager has started the EXPIRER task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(12828.22) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'DUR-SUBS-MGR' has started. + +EXPLANATION: +The critical utility task manager has started the DUR-SUBS-MGR task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(12828.23) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'TOPIC-TREE' has started. + +EXPLANATION: +The critical utility task manager has started the TOPIC-TREE task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(12828.24) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'RESOURCE_MONITOR' has started. + +EXPLANATION: +The critical utility task manager has started the RESOURCE_MONITOR task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(20568.3) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-CTRLR' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the QPUBSUB-CTRLR task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(20568.4) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-QUEUE-NLCACHE task. This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(24404.11) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'MARKINTSCAN' has started. + +EXPLANATION: +The restartable utility task manager has started the MARKINTSCAN task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(20568.5) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-SUBPT-NLCACHE task. This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(20568.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'PUBSUB-DAEMON' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the PUBSUB-DAEMON task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(20568.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Controller' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has started. +ACTION: + +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(12828.25) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'Q-DELETION' has started. + +EXPLANATION: +The critical utility task manager has started the Q-DELETION task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(15568.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5022: The channel initiator has started. ProcessId(8832). + +EXPLANATION: +The channel initiator process has started. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(12828.26) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'PRESERVED-Q' has started. + +EXPLANATION: +The critical utility task manager has started the PRESERVED-Q task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(12828.27) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'MULTICAST' has started. + +EXPLANATION: +The critical utility task manager has started the MULTICAST task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(15568.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5024: The command server has started. ProcessId(22112). + +EXPLANATION: +The command server process has started. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(20568.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Fan Out Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has started. +ACTION: + +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(20568.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Publish Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has started. +ACTION: + +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(20568.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Command Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has started. +ACTION: + +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(7360.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5806: Queued Publish/Subscribe Daemon started for queue manager QM1. + +EXPLANATION: +Queued Publish/Subscribe Daemon started for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(8832.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8024: IBM MQ channel initiator started. + +EXPLANATION: +The channel initiator for queue SYSTEM.CHANNEL.INITQ has been started. +ACTION: +None. +------------------------------------------------------------------------------- +13/07/2018 07:06:04 - Process(15568.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5026: The listener 'LISTENER.TCP' has started. ProcessId(9172). + +EXPLANATION: +The listener process has started. +ACTION: +None. +------------------------------------------------------------------------------- +18/07/2018 11:24:26 - Process(8544.3) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +18/07/2018 11:24:26 - Process(8544.3) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +18/07/2018 11:24:26 - Process(8544.3) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 8544(29244) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +18/07/2018 14:25:37 - Process(8544.4) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +18/07/2018 14:25:37 - Process(8544.4) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +18/07/2018 14:25:37 - Process(8544.4) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 8544(28140) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +18/07/2018 14:25:47 - Process(8544.5) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +18/07/2018 14:25:47 - Process(8544.5) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +18/07/2018 14:25:47 - Process(8544.5) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 8544(20284) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +20/07/2018 15:40:17 - Process(23168.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9411: Repository manager ended normally. + +EXPLANATION: +The repository manager ended normally. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(8832.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9542: Queue manager is ending. + +EXPLANATION: +The program will end because the queue manager is quiescing. +ACTION: +None. +----- amqrimna.c : 1071 ------------------------------------------------------- +20/07/2018 15:40:17 - Process(15568.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5025: The command server has ended. ProcessId(22112). + +EXPLANATION: +The command server process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(24404.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED_DELIVERY' has ended. + +EXPLANATION: +The queue manager task DEFERRED_DELIVERY has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(12828.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(15568.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5027: The listener 'LISTENER.TCP' has ended. ProcessId(9172). + +EXPLANATION: +The listener process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(12828.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(15568.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5023: The channel initiator has ended. ProcessId(8832). + +EXPLANATION: +The channel initiator process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(12828.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(12828.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(12828.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(12828.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(12828.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(12828.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(12828.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(20568.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(20568.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(24404.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(20568.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(24404.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(20568.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(24404.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(24404.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(20568.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Command Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(20568.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(20568.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Publish Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(7360.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5807: Queued Publish/Subscribe Daemon for queue manager QM1 ended. + +EXPLANATION: +The Queued Publish/Subscribe Daemon on queue manager QM1 has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(12828.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(12828.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(12828.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(12828.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(12828.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(12828.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(12828.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(12828.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(12828.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(24404.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(24404.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(24404.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(20568.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(20568.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(20568.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(20568.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Controller' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has ended. +ACTION: + +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(20568.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(24404.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(24404.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ERROR-LOG' has ended. + +EXPLANATION: +The queue manager task ERROR-LOG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(12828.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'CHECKPOINT' has ended. + +EXPLANATION: +The queue manager task CHECKPOINT has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(12828.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'LOGGER-IO' has ended. + +EXPLANATION: +The queue manager task LOGGER-IO has ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:17 - Process(2244.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8004: IBM MQ queue manager 'QM1' ended. + +EXPLANATION: +IBM MQ queue manager 'QM1' ended. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8072.3) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'LOGGER-IO' has started. + +EXPLANATION: +The critical utility task manager has started the LOGGER-IO task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(7640.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7229: 5 log records accessed on queue manager 'QM1' during the log replay +phase. + +EXPLANATION: +5 log records have been accessed so far on queue manager QM1 during the log +replay phase in order to bring the queue manager back to a previously known +state. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(7640.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7230: Log replay for queue manager 'QM1' complete. + +EXPLANATION: +The log replay phase of the queue manager restart process has been completed +for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(7640.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7231: 0 log records accessed on queue manager 'QM1' during the recovery +phase. + +EXPLANATION: +0 log records have been accessed so far on queue manager QM1 during the +recovery phase of the transactions manager state. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(7640.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7232: Transaction manager state recovered for queue manager 'QM1'. + +EXPLANATION: +The state of transactions at the time the queue manager ended has been +recovered for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(7640.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7233: 0 out of 0 in-flight transactions resolved for queue manager 'QM1'. + +EXPLANATION: +0 transactions out of 0 in-flight at the time queue manager QM1 ended have been +resolved. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8072.8) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'CHECKPOINT' has started. + +EXPLANATION: +The critical utility task manager has started the CHECKPOINT task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8208.5) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8208.3) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'ERROR-LOG' has started. + +EXPLANATION: +The restartable utility task manager has started the ERROR-LOG task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8208.6) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 2 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8208.4) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 3 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8208.7) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 4 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(7640.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8003: IBM MQ queue manager 'QM1' started using V9.0.0.2. + +EXPLANATION: +IBM MQ queue manager 'QM1' started using V9.0.0.2. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8208.8) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'DEFERRED_DELIVERY' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED_DELIVERY task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8208.9) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'DEFERRED-MSG' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED-MSG task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8652.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9410: Repository manager started. + +EXPLANATION: +The repository manager started successfully. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8072.19) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'ACTVTRC' has started. + +EXPLANATION: +The critical utility task manager has started the ACTVTRC task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8072.22) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'DUR-SUBS-MGR' has started. + +EXPLANATION: +The critical utility task manager has started the DUR-SUBS-MGR task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8208.10) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'STATISTICS' has started. + +EXPLANATION: +The restartable utility task manager has started the STATISTICS task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8072.20) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'ASYNCQ' has started. + +EXPLANATION: +The critical utility task manager has started the ASYNCQ task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8072.23) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'TOPIC-TREE' has started. + +EXPLANATION: +The critical utility task manager has started the TOPIC-TREE task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8316.3) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-CTRLR' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the QPUBSUB-CTRLR task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8072.21) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'EXPIRER' has started. + +EXPLANATION: +The critical utility task manager has started the EXPIRER task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8316.4) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-QUEUE-NLCACHE task. This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8072.26) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'PRESERVED-Q' has started. + +EXPLANATION: +The critical utility task manager has started the PRESERVED-Q task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8072.27) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'MULTICAST' has started. + +EXPLANATION: +The critical utility task manager has started the MULTICAST task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8072.24) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'RESOURCE_MONITOR' has started. + +EXPLANATION: +The critical utility task manager has started the RESOURCE_MONITOR task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8208.11) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'MARKINTSCAN' has started. + +EXPLANATION: +The restartable utility task manager has started the MARKINTSCAN task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8316.5) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-SUBPT-NLCACHE task. This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8316.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'PUBSUB-DAEMON' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the PUBSUB-DAEMON task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8316.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Controller' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has started. +ACTION: + +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8072.25) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'Q-DELETION' has started. + +EXPLANATION: +The critical utility task manager has started the Q-DELETION task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8316.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Command Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has started. +ACTION: + +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8316.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Fan Out Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has started. +ACTION: + +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8316.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Publish Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has started. +ACTION: + +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8916.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5022: The channel initiator has started. ProcessId(9112). + +EXPLANATION: +The channel initiator process has started. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8916.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5024: The command server has started. ProcessId(9152). + +EXPLANATION: +The command server process has started. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8916.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5026: The listener 'LISTENER.TCP' has started. ProcessId(9172). + +EXPLANATION: +The listener process has started. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(8924.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5806: Queued Publish/Subscribe Daemon started for queue manager QM1. + +EXPLANATION: +Queued Publish/Subscribe Daemon started for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +20/07/2018 15:40:53 - Process(9112.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8024: IBM MQ channel initiator started. + +EXPLANATION: +The channel initiator for queue SYSTEM.CHANNEL.INITQ has been started. +ACTION: +None. +------------------------------------------------------------------------------- +24/07/2018 08:17:28 - Process(20344.3) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:17:28 - Process(20344.3) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:17:28 - Process(20344.3) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(21224) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:17:38 - Process(20344.4) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:17:38 - Process(20344.4) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:17:38 - Process(20344.4) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(1096) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:22:04 - Process(20344.5) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:22:04 - Process(20344.5) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:22:04 - Process(20344.5) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(18064) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:22:14 - Process(20344.6) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:22:14 - Process(20344.6) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:22:14 - Process(20344.6) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(15760) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:22:24 - Process(20344.7) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:22:24 - Process(20344.7) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:22:24 - Process(20344.7) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(8488) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:22:34 - Process(20344.8) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:22:34 - Process(20344.8) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:22:34 - Process(20344.8) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(10384) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:22:44 - Process(20344.9) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:22:44 - Process(20344.9) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:22:44 - Process(20344.9) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(13476) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:22:54 - Process(20344.10) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:22:54 - Process(20344.10) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:22:54 - Process(20344.10) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(19856) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:23:04 - Process(20344.11) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:23:04 - Process(20344.11) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:23:04 - Process(20344.11) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(15140) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:23:14 - Process(20344.12) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:23:14 - Process(20344.12) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:23:14 - Process(20344.12) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(14464) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:23:24 - Process(20344.13) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:23:24 - Process(20344.13) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:23:24 - Process(20344.13) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(22460) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:23:34 - Process(20344.14) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:23:34 - Process(20344.14) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:23:34 - Process(20344.14) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(22128) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:23:44 - Process(20344.15) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:23:44 - Process(20344.15) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:23:44 - Process(20344.15) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(13368) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:23:54 - Process(20344.16) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:23:54 - Process(20344.16) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:23:54 - Process(20344.16) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(17264) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:24:04 - Process(20344.17) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:24:04 - Process(20344.17) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:24:04 - Process(20344.17) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(20920) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:24:14 - Process(20344.18) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:24:14 - Process(20344.18) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:24:14 - Process(20344.18) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(1328) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:24:24 - Process(20344.19) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:24:24 - Process(20344.19) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:24:24 - Process(20344.19) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(2672) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:24:34 - Process(20344.20) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:24:34 - Process(20344.20) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:24:34 - Process(20344.20) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(18008) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:24:44 - Process(20344.21) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:24:44 - Process(20344.21) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:24:44 - Process(20344.21) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(22264) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:24:54 - Process(20344.22) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:24:54 - Process(20344.22) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:24:54 - Process(20344.22) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(9120) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:25:04 - Process(20344.23) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:25:04 - Process(20344.23) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:25:04 - Process(20344.23) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(21044) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:25:14 - Process(20344.24) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:25:14 - Process(20344.24) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:25:14 - Process(20344.24) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(7460) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:25:24 - Process(20344.25) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:25:24 - Process(20344.25) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:25:24 - Process(20344.25) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(21508) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:25:34 - Process(20344.26) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:25:34 - Process(20344.26) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:25:34 - Process(20344.26) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(17712) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:25:44 - Process(20344.27) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:25:44 - Process(20344.27) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:25:44 - Process(20344.27) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(7612) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:25:54 - Process(20344.28) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:25:54 - Process(20344.28) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:25:54 - Process(20344.28) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(21232) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:26:04 - Process(20344.29) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:26:04 - Process(20344.29) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:26:04 - Process(20344.29) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(22376) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:26:14 - Process(20344.30) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:26:14 - Process(20344.30) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:26:14 - Process(20344.30) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(20984) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:26:24 - Process(20344.31) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:26:24 - Process(20344.31) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:26:24 - Process(20344.31) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(17716) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:26:34 - Process(20344.32) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:26:34 - Process(20344.32) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:26:34 - Process(20344.32) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(7072) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:26:44 - Process(20344.33) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:26:44 - Process(20344.33) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:26:44 - Process(20344.33) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(22024) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:26:54 - Process(20344.34) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:26:54 - Process(20344.34) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:26:54 - Process(20344.34) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(20948) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:27:04 - Process(20344.35) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:27:04 - Process(20344.35) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:27:04 - Process(20344.35) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(17532) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:27:14 - Process(20344.36) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:27:14 - Process(20344.36) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:27:14 - Process(20344.36) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(16076) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:27:24 - Process(20344.37) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:27:24 - Process(20344.37) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:27:24 - Process(20344.37) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(9608) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:27:34 - Process(20344.38) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:27:34 - Process(20344.38) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH.CHL' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH.CHL'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:27:34 - Process(20344.38) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(17984) for channel +'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:28:16 - Process(20344.39) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LISTENER.TCP' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:28:16 - Process(20344.39) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LISTENER.TCP' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LISTENER.TCP'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:28:16 - Process(20344.39) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LISTENER.TCP' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(10372) for channel +'LISTENER.TCP' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; +in some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +24/07/2018 08:34:42 - Process(20344.40) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +24/07/2018 08:34:42 - Process(20344.40) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +24/07/2018 08:34:42 - Process(20344.40) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(21648) for channel +'LOGSTASH' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +27/07/2018 10:23:15 - Process(20344.41) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9780: Channel to remote machine '127.0.0.1' is ending due to an error. + +EXPLANATION: +Channel 'LOGSTASH' between this machine and the remote machine '127.0.0.1' +encountered an error and will now end. In some cases the channel name can not +be determined and so is shown as '????'. + +This message will be accompanied by other messages which explain the cause of +the error. +ACTION: +Tell the systems administrator, who should attempt to identify the cause of the +channel failure using problem determination techniques. For example, look for +FFST files, and examine the error logs on the local and remote systems where +there may be messages explaining the cause of failure. More information may be +obtained by repeating the operation with tracing enabled. +----- amqrcoba.c : 1324 ------------------------------------------------------- +27/07/2018 10:23:15 - Process(20344.41) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9519: Channel 'LOGSTASH' not found. + +EXPLANATION: +The requested operation failed because the program could not find a definition +of channel 'LOGSTASH'. +ACTION: +Check that the name is specified correctly and the channel definition is +available. +----- amqrcoba.c : 1361 ------------------------------------------------------- +27/07/2018 10:23:15 - Process(20344.41) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'LOGSTASH' to host 'felix-elastic (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 20344(26652) for channel +'LOGSTASH' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +27/07/2018 10:34:16 - Process(8168.51) User(MUSR_MQADMIN) Program(amqzlaa0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5540: Application 'org.logstash.Logstash' did not supply a user ID and +password + +EXPLANATION: +The queue manager is configured to require a user ID and password, but none was +supplied. +ACTION: +Ensure that the application provides a valid user ID and password, or change +the queue manager configuration to OPTIONAL to allow applications to connect +which have not supplied a user ID and password. +----- amqzfuca.c : 4341 ------------------------------------------------------- +27/07/2018 10:34:16 - Process(8168.51) User(MUSR_MQADMIN) Program(amqzlaa0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5541: The failed authentication check was caused by the queue manager +CONNAUTH CHCKCLNT(REQDADM) configuration. + +EXPLANATION: +The user ID 'felix' and its password were checked because the user ID is +privileged and the queue manager connection authority (CONNAUTH) configuration +refers to an authentication information (AUTHINFO) object named +'SYSTEM.DEFAULT.AUTHINFO.IDPWOS' with CHCKCLNT(REQDADM). + +This message accompanies a previous error to clarify the reason for the user ID +and password check. +ACTION: +Refer to the previous error for more information. + +Ensure that a password is specified by the client application and that the +password is correct for the user ID. The authentication configuration of the +queue manager connection determines the user ID repository. For example, the +local operating system user database or an LDAP server. + +To avoid the authentication check, you can either use an unprivileged user ID +or amend the authentication configuration of the queue manager. You can amend +the CHCKCLNT attribute in the CHLAUTH record, but you should generally not +allow unauthenticated remote access. +------------------------------------------------------------------------------- +27/07/2018 10:34:17 - Process(20344.42) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9557: Queue Manager User ID initialization failed for 'felix'. + +EXPLANATION: +The call to initialize the User ID 'felix' failed with CompCode 2 and Reason +2035. If an MQCSP block was used, the User ID in the MQCSP block was ''. +ACTION: +Correct the error and try again. +----- cmqxrsrv.c : 2378 ------------------------------------------------------- +31/07/2018 09:40:05 - Process(8652.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9411: Repository manager ended normally. + +EXPLANATION: +The repository manager ended normally. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(9112.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9542: Queue manager is ending. + +EXPLANATION: +The program will end because the queue manager is quiescing. +ACTION: +None. +----- amqrimna.c : 1071 ------------------------------------------------------- +31/07/2018 09:40:05 - Process(8208.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED_DELIVERY' has ended. + +EXPLANATION: +The queue manager task DEFERRED_DELIVERY has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8916.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5025: The command server has ended. ProcessId(9152). + +EXPLANATION: +The command server process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8072.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8916.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5023: The channel initiator has ended. ProcessId(9112). + +EXPLANATION: +The channel initiator process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8072.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8916.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5027: The listener 'LISTENER.TCP' has ended. ProcessId(9172). + +EXPLANATION: +The listener process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8072.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8072.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8072.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8072.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8072.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8072.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8072.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8072.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8316.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8316.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8316.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8316.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8208.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8208.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8208.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8208.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8316.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8316.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Publish Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8316.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Command Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8316.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8924.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5807: Queued Publish/Subscribe Daemon for queue manager QM1 ended. + +EXPLANATION: +The Queued Publish/Subscribe Daemon on queue manager QM1 has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8072.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8072.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8072.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8072.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8072.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8072.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8072.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8072.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8208.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8208.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8208.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8316.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8316.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8316.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Controller' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has ended. +ACTION: + +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8316.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:05 - Process(8208.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:06 - Process(8208.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ERROR-LOG' has ended. + +EXPLANATION: +The queue manager task ERROR-LOG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:06 - Process(8072.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'CHECKPOINT' has ended. + +EXPLANATION: +The queue manager task CHECKPOINT has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:06 - Process(8072.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'LOGGER-IO' has ended. + +EXPLANATION: +The queue manager task LOGGER-IO has ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:06 - Process(7640.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8004: IBM MQ queue manager 'QM1' ended. + +EXPLANATION: +IBM MQ queue manager 'QM1' ended. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8236.3) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'LOGGER-IO' has started. + +EXPLANATION: +The critical utility task manager has started the LOGGER-IO task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(6788.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7229: 5 log records accessed on queue manager 'QM1' during the log replay +phase. + +EXPLANATION: +5 log records have been accessed so far on queue manager QM1 during the log +replay phase in order to bring the queue manager back to a previously known +state. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(6788.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7230: Log replay for queue manager 'QM1' complete. + +EXPLANATION: +The log replay phase of the queue manager restart process has been completed +for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(6788.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7231: 0 log records accessed on queue manager 'QM1' during the recovery +phase. + +EXPLANATION: +0 log records have been accessed so far on queue manager QM1 during the +recovery phase of the transactions manager state. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(6788.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7232: Transaction manager state recovered for queue manager 'QM1'. + +EXPLANATION: +The state of transactions at the time the queue manager ended has been +recovered for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(6788.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7233: 0 out of 0 in-flight transactions resolved for queue manager 'QM1'. + +EXPLANATION: +0 transactions out of 0 in-flight at the time queue manager QM1 ended have been +resolved. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8236.8) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'CHECKPOINT' has started. + +EXPLANATION: +The critical utility task manager has started the CHECKPOINT task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8400.3) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'ERROR-LOG' has started. + +EXPLANATION: +The restartable utility task manager has started the ERROR-LOG task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8400.4) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8400.5) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 2 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8400.7) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 4 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8400.6) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 3 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(6788.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8003: IBM MQ queue manager 'QM1' started using V9.0.0.2. + +EXPLANATION: +IBM MQ queue manager 'QM1' started using V9.0.0.2. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8400.8) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'DEFERRED_DELIVERY' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED_DELIVERY task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8496.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9410: Repository manager started. + +EXPLANATION: +The repository manager started successfully. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8400.9) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'DEFERRED-MSG' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED-MSG task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8236.21) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'EXPIRER' has started. + +EXPLANATION: +The critical utility task manager has started the EXPIRER task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8236.22) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'DUR-SUBS-MGR' has started. + +EXPLANATION: +The critical utility task manager has started the DUR-SUBS-MGR task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8236.19) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'ACTVTRC' has started. + +EXPLANATION: +The critical utility task manager has started the ACTVTRC task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8400.10) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'STATISTICS' has started. + +EXPLANATION: +The restartable utility task manager has started the STATISTICS task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8236.20) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'ASYNCQ' has started. + +EXPLANATION: +The critical utility task manager has started the ASYNCQ task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8236.23) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'TOPIC-TREE' has started. + +EXPLANATION: +The critical utility task manager has started the TOPIC-TREE task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8400.11) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'MARKINTSCAN' has started. + +EXPLANATION: +The restartable utility task manager has started the MARKINTSCAN task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8456.5) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-SUBPT-NLCACHE task. This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8236.24) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'RESOURCE_MONITOR' has started. + +EXPLANATION: +The critical utility task manager has started the RESOURCE_MONITOR task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8456.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'PUBSUB-DAEMON' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the PUBSUB-DAEMON task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8236.27) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'MULTICAST' has started. + +EXPLANATION: +The critical utility task manager has started the MULTICAST task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8456.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Controller' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has started. +ACTION: + +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8456.3) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-CTRLR' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the QPUBSUB-CTRLR task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8456.4) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-QUEUE-NLCACHE task. This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8236.25) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'Q-DELETION' has started. + +EXPLANATION: +The critical utility task manager has started the Q-DELETION task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8236.26) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'PRESERVED-Q' has started. + +EXPLANATION: +The critical utility task manager has started the PRESERVED-Q task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8456.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Command Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has started. +ACTION: + +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8456.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Fan Out Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has started. +ACTION: + +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8456.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Publish Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has started. +ACTION: + +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8596.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5022: The channel initiator has started. ProcessId(8676). + +EXPLANATION: +The channel initiator process has started. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8596.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5024: The command server has started. ProcessId(8704). + +EXPLANATION: +The command server process has started. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8596.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5026: The listener 'LISTENER.TCP' has started. ProcessId(8724). + +EXPLANATION: +The listener process has started. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8628.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5806: Queued Publish/Subscribe Daemon started for queue manager QM1. + +EXPLANATION: +Queued Publish/Subscribe Daemon started for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +31/07/2018 09:40:41 - Process(8676.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8024: IBM MQ channel initiator started. + +EXPLANATION: +The channel initiator for queue SYSTEM.CHANNEL.INITQ has been started. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8496.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9411: Repository manager ended normally. + +EXPLANATION: +The repository manager ended normally. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8676.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9542: Queue manager is ending. + +EXPLANATION: +The program will end because the queue manager is quiescing. +ACTION: +None. +----- amqrimna.c : 1071 ------------------------------------------------------- +08/08/2018 13:59:28 - Process(8400.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED_DELIVERY' has ended. + +EXPLANATION: +The queue manager task DEFERRED_DELIVERY has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8596.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5025: The command server has ended. ProcessId(8704). + +EXPLANATION: +The command server process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8236.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8236.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8596.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5023: The channel initiator has ended. ProcessId(8676). + +EXPLANATION: +The channel initiator process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8236.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8236.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8236.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8236.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8596.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5027: The listener 'LISTENER.TCP' has ended. ProcessId(8724). + +EXPLANATION: +The listener process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8236.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8236.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8236.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8456.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8456.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8236.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8456.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8456.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8400.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8400.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8400.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8400.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8456.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Command Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8456.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Publish Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8456.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8628.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5807: Queued Publish/Subscribe Daemon for queue manager QM1 ended. + +EXPLANATION: +The Queued Publish/Subscribe Daemon on queue manager QM1 has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8236.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8236.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8236.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8236.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8236.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8236.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8236.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8236.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8400.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8400.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8400.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8400.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8456.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8456.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8456.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8456.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Controller' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has ended. +ACTION: + +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8456.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:28 - Process(8400.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ERROR-LOG' has ended. + +EXPLANATION: +The queue manager task ERROR-LOG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:29 - Process(8236.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'CHECKPOINT' has ended. + +EXPLANATION: +The queue manager task CHECKPOINT has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:29 - Process(8236.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'LOGGER-IO' has ended. + +EXPLANATION: +The queue manager task LOGGER-IO has ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 13:59:29 - Process(6788.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8004: IBM MQ queue manager 'QM1' ended. + +EXPLANATION: +IBM MQ queue manager 'QM1' ended. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:03 - Process(9976.3) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'LOGGER-IO' has started. + +EXPLANATION: +The critical utility task manager has started the LOGGER-IO task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:03 - Process(9364.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7229: 5 log records accessed on queue manager 'QM1' during the log replay +phase. + +EXPLANATION: +5 log records have been accessed so far on queue manager QM1 during the log +replay phase in order to bring the queue manager back to a previously known +state. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:03 - Process(9364.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7230: Log replay for queue manager 'QM1' complete. + +EXPLANATION: +The log replay phase of the queue manager restart process has been completed +for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:03 - Process(9364.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7231: 0 log records accessed on queue manager 'QM1' during the recovery +phase. + +EXPLANATION: +0 log records have been accessed so far on queue manager QM1 during the +recovery phase of the transactions manager state. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:03 - Process(9364.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7232: Transaction manager state recovered for queue manager 'QM1'. + +EXPLANATION: +The state of transactions at the time the queue manager ended has been +recovered for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:03 - Process(9364.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7233: 0 out of 0 in-flight transactions resolved for queue manager 'QM1'. + +EXPLANATION: +0 transactions out of 0 in-flight at the time queue manager QM1 ended have been +resolved. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:03 - Process(9976.8) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'CHECKPOINT' has started. + +EXPLANATION: +The critical utility task manager has started the CHECKPOINT task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(7816.3) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'ERROR-LOG' has started. + +EXPLANATION: +The restartable utility task manager has started the ERROR-LOG task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(7816.6) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(7816.7) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 2 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(7816.4) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 3 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(7816.5) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 4 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(9364.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8003: IBM MQ queue manager 'QM1' started using V9.0.0.2. + +EXPLANATION: +IBM MQ queue manager 'QM1' started using V9.0.0.2. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(7816.8) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'DEFERRED_DELIVERY' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED_DELIVERY task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(7816.10) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'STATISTICS' has started. + +EXPLANATION: +The restartable utility task manager has started the STATISTICS task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(9976.20) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'ASYNCQ' has started. + +EXPLANATION: +The critical utility task manager has started the ASYNCQ task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(9976.21) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'EXPIRER' has started. + +EXPLANATION: +The critical utility task manager has started the EXPIRER task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(7816.9) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'DEFERRED-MSG' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED-MSG task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(10488.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9410: Repository manager started. + +EXPLANATION: +The repository manager started successfully. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(9976.19) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'ACTVTRC' has started. + +EXPLANATION: +The critical utility task manager has started the ACTVTRC task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(9976.22) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'DUR-SUBS-MGR' has started. + +EXPLANATION: +The critical utility task manager has started the DUR-SUBS-MGR task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(9976.24) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'RESOURCE_MONITOR' has started. + +EXPLANATION: +The critical utility task manager has started the RESOURCE_MONITOR task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(10348.4) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-QUEUE-NLCACHE task. This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(10348.5) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-SUBPT-NLCACHE task. This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(7816.11) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'MARKINTSCAN' has started. + +EXPLANATION: +The restartable utility task manager has started the MARKINTSCAN task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(9976.25) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'Q-DELETION' has started. + +EXPLANATION: +The critical utility task manager has started the Q-DELETION task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(9976.23) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'TOPIC-TREE' has started. + +EXPLANATION: +The critical utility task manager has started the TOPIC-TREE task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(10348.3) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-CTRLR' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the QPUBSUB-CTRLR task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(10348.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'PUBSUB-DAEMON' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the PUBSUB-DAEMON task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(10348.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Controller' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has started. +ACTION: + +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(9976.26) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'PRESERVED-Q' has started. + +EXPLANATION: +The critical utility task manager has started the PRESERVED-Q task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(9976.27) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'MULTICAST' has started. + +EXPLANATION: +The critical utility task manager has started the MULTICAST task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(10348.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Command Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has started. +ACTION: + +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(10348.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Publish Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has started. +ACTION: + +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(10348.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Fan Out Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has started. +ACTION: + +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(10676.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5022: The channel initiator has started. ProcessId(10940). + +EXPLANATION: +The channel initiator process has started. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(10676.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5024: The command server has started. ProcessId(10988). + +EXPLANATION: +The command server process has started. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(10676.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5026: The listener 'LISTENER.TCP' has started. ProcessId(11004). + +EXPLANATION: +The listener process has started. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(10696.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5806: Queued Publish/Subscribe Daemon started for queue manager QM1. + +EXPLANATION: +Queued Publish/Subscribe Daemon started for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +08/08/2018 14:00:04 - Process(10940.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8024: IBM MQ channel initiator started. + +EXPLANATION: +The channel initiator for queue SYSTEM.CHANNEL.INITQ has been started. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(10488.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9411: Repository manager ended normally. + +EXPLANATION: +The repository manager ended normally. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(10940.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9542: Queue manager is ending. + +EXPLANATION: +The program will end because the queue manager is quiescing. +ACTION: +None. +----- amqrimna.c : 1071 ------------------------------------------------------- +15/08/2018 17:33:27 - Process(7816.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED_DELIVERY' has ended. + +EXPLANATION: +The queue manager task DEFERRED_DELIVERY has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(9976.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(10676.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5025: The command server has ended. ProcessId(10988). + +EXPLANATION: +The command server process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(9976.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(10676.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5023: The channel initiator has ended. ProcessId(10940). + +EXPLANATION: +The channel initiator process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(9976.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(9976.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(10348.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(10348.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(10348.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(10348.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(10676.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5027: The listener 'LISTENER.TCP' has ended. ProcessId(11004). + +EXPLANATION: +The listener process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(7816.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(7816.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(9976.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(7816.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(7816.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(9976.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(9976.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(9976.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(9976.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(9976.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(9976.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(9976.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(9976.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(9976.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(9976.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(9976.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(9976.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(7816.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(7816.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(10348.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(7816.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(10348.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Command Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(10348.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Publish Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(10348.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(10348.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(10696.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5807: Queued Publish/Subscribe Daemon for queue manager QM1 ended. + +EXPLANATION: +The Queued Publish/Subscribe Daemon on queue manager QM1 has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(9976.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(7816.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(10348.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(10348.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Controller' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has ended. +ACTION: + +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(10348.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:27 - Process(7816.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ERROR-LOG' has ended. + +EXPLANATION: +The queue manager task ERROR-LOG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:28 - Process(9976.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'CHECKPOINT' has ended. + +EXPLANATION: +The queue manager task CHECKPOINT has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:28 - Process(9976.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'LOGGER-IO' has ended. + +EXPLANATION: +The queue manager task LOGGER-IO has ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:33:28 - Process(9364.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8004: IBM MQ queue manager 'QM1' ended. + +EXPLANATION: +IBM MQ queue manager 'QM1' ended. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7812.3) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'LOGGER-IO' has started. + +EXPLANATION: +The critical utility task manager has started the LOGGER-IO task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7608.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7229: 5 log records accessed on queue manager 'QM1' during the log replay +phase. + +EXPLANATION: +5 log records have been accessed so far on queue manager QM1 during the log +replay phase in order to bring the queue manager back to a previously known +state. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7608.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7230: Log replay for queue manager 'QM1' complete. + +EXPLANATION: +The log replay phase of the queue manager restart process has been completed +for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7608.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7231: 0 log records accessed on queue manager 'QM1' during the recovery +phase. + +EXPLANATION: +0 log records have been accessed so far on queue manager QM1 during the +recovery phase of the transactions manager state. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7608.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7232: Transaction manager state recovered for queue manager 'QM1'. + +EXPLANATION: +The state of transactions at the time the queue manager ended has been +recovered for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7608.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7233: 0 out of 0 in-flight transactions resolved for queue manager 'QM1'. + +EXPLANATION: +0 transactions out of 0 in-flight at the time queue manager QM1 ended have been +resolved. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7812.8) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'CHECKPOINT' has started. + +EXPLANATION: +The critical utility task manager has started the CHECKPOINT task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7952.3) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'ERROR-LOG' has started. + +EXPLANATION: +The restartable utility task manager has started the ERROR-LOG task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7952.4) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7952.5) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 2 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7952.6) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 3 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7952.7) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 4 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7608.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8003: IBM MQ queue manager 'QM1' started using V9.0.0.2. + +EXPLANATION: +IBM MQ queue manager 'QM1' started using V9.0.0.2. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7952.8) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'DEFERRED_DELIVERY' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED_DELIVERY task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7952.9) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'DEFERRED-MSG' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED-MSG task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7812.19) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'ACTVTRC' has started. + +EXPLANATION: +The critical utility task manager has started the ACTVTRC task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7952.10) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'STATISTICS' has started. + +EXPLANATION: +The restartable utility task manager has started the STATISTICS task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7812.20) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'ASYNCQ' has started. + +EXPLANATION: +The critical utility task manager has started the ASYNCQ task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7812.21) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'EXPIRER' has started. + +EXPLANATION: +The critical utility task manager has started the EXPIRER task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(8076.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9410: Repository manager started. + +EXPLANATION: +The repository manager started successfully. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7812.22) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'DUR-SUBS-MGR' has started. + +EXPLANATION: +The critical utility task manager has started the DUR-SUBS-MGR task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7812.24) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'RESOURCE_MONITOR' has started. + +EXPLANATION: +The critical utility task manager has started the RESOURCE_MONITOR task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7812.23) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'TOPIC-TREE' has started. + +EXPLANATION: +The critical utility task manager has started the TOPIC-TREE task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7996.3) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-CTRLR' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the QPUBSUB-CTRLR task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7996.4) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-QUEUE-NLCACHE task. This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7996.5) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-SUBPT-NLCACHE task. This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7812.26) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'PRESERVED-Q' has started. + +EXPLANATION: +The critical utility task manager has started the PRESERVED-Q task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7952.11) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'MARKINTSCAN' has started. + +EXPLANATION: +The restartable utility task manager has started the MARKINTSCAN task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7812.27) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'MULTICAST' has started. + +EXPLANATION: +The critical utility task manager has started the MULTICAST task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7996.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'PUBSUB-DAEMON' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the PUBSUB-DAEMON task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7996.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Controller' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has started. +ACTION: + +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7812.25) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'Q-DELETION' has started. + +EXPLANATION: +The critical utility task manager has started the Q-DELETION task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7996.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Command Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has started. +ACTION: + +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7996.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Fan Out Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has started. +ACTION: + +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7996.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Publish Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has started. +ACTION: + +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7504.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5022: The channel initiator has started. ProcessId(5364). + +EXPLANATION: +The channel initiator process has started. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7504.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5024: The command server has started. ProcessId(7288). + +EXPLANATION: +The command server process has started. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7504.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5026: The listener 'LISTENER.TCP' has started. ProcessId(7584). + +EXPLANATION: +The listener process has started. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(7456.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5806: Queued Publish/Subscribe Daemon started for queue manager QM1. + +EXPLANATION: +Queued Publish/Subscribe Daemon started for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +15/08/2018 17:34:02 - Process(5364.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8024: IBM MQ channel initiator started. + +EXPLANATION: +The channel initiator for queue SYSTEM.CHANNEL.INITQ has been started. +ACTION: +None. +------------------------------------------------------------------------------- +29/08/2018 09:45:12 - Process(24256.3) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9208: Error on receive from host picmention (127.0.0.1). + +EXPLANATION: +An error occurred receiving data from picmention (127.0.0.1) over TCP/IP. This +may be due to a communications failure. +ACTION: +The return code from the TCP/IP recv() call was 10054 (X'2746'). Record these +values and tell the systems administrator. +----- amqccita.c : 4155 ------------------------------------------------------- +29/08/2018 09:45:12 - Process(24256.3) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'CLI.LOGSTASH' to host '127.0.0.1' ended abnormally. + +EXPLANATION: +The channel program running under process ID 24256(34660) for channel +'CLI.LOGSTASH' ended abnormally. The host name is '127.0.0.1'; in some cases +the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 938 -------------------------------------------------------- +06/09/2018 09:12:31 - Process(8076.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9411: Repository manager ended normally. + +EXPLANATION: +The repository manager ended normally. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(5364.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9542: Queue manager is ending. + +EXPLANATION: +The program will end because the queue manager is quiescing. +ACTION: +None. +----- amqrimna.c : 1071 ------------------------------------------------------- +06/09/2018 09:12:31 - Process(7952.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED_DELIVERY' has ended. + +EXPLANATION: +The queue manager task DEFERRED_DELIVERY has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7504.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5025: The command server has ended. ProcessId(7288). + +EXPLANATION: +The command server process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7504.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5023: The channel initiator has ended. ProcessId(5364). + +EXPLANATION: +The channel initiator process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7812.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7812.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7812.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7812.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7812.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7504.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5027: The listener 'LISTENER.TCP' has ended. ProcessId(7584). + +EXPLANATION: +The listener process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7812.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7812.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7812.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7812.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7996.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7996.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7996.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7996.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7952.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7952.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7952.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7952.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7996.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7996.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Publish Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7996.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7996.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Command Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7456.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5807: Queued Publish/Subscribe Daemon for queue manager QM1 ended. + +EXPLANATION: +The Queued Publish/Subscribe Daemon on queue manager QM1 has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7812.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7812.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7812.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7812.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7812.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7812.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7812.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7812.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7812.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7952.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7952.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7952.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7996.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7996.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7996.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Controller' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has ended. +ACTION: + +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7952.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7996.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:31 - Process(7952.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ERROR-LOG' has ended. + +EXPLANATION: +The queue manager task ERROR-LOG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:32 - Process(7812.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'CHECKPOINT' has ended. + +EXPLANATION: +The queue manager task CHECKPOINT has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:32 - Process(7812.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'LOGGER-IO' has ended. + +EXPLANATION: +The queue manager task LOGGER-IO has ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:12:32 - Process(7608.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8004: IBM MQ queue manager 'QM1' ended. + +EXPLANATION: +IBM MQ queue manager 'QM1' ended. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:08 - Process(9632.3) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'LOGGER-IO' has started. + +EXPLANATION: +The critical utility task manager has started the LOGGER-IO task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:08 - Process(9572.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7229: 5 log records accessed on queue manager 'QM1' during the log replay +phase. + +EXPLANATION: +5 log records have been accessed so far on queue manager QM1 during the log +replay phase in order to bring the queue manager back to a previously known +state. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:08 - Process(9572.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7230: Log replay for queue manager 'QM1' complete. + +EXPLANATION: +The log replay phase of the queue manager restart process has been completed +for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:08 - Process(9572.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7231: 0 log records accessed on queue manager 'QM1' during the recovery +phase. + +EXPLANATION: +0 log records have been accessed so far on queue manager QM1 during the +recovery phase of the transactions manager state. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:08 - Process(9572.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7232: Transaction manager state recovered for queue manager 'QM1'. + +EXPLANATION: +The state of transactions at the time the queue manager ended has been +recovered for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:08 - Process(9572.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7233: 0 out of 0 in-flight transactions resolved for queue manager 'QM1'. + +EXPLANATION: +0 transactions out of 0 in-flight at the time queue manager QM1 ended have been +resolved. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:08 - Process(9632.8) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'CHECKPOINT' has started. + +EXPLANATION: +The critical utility task manager has started the CHECKPOINT task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:08 - Process(10532.3) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'ERROR-LOG' has started. + +EXPLANATION: +The restartable utility task manager has started the ERROR-LOG task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:08 - Process(10532.4) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:08 - Process(10532.7) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 2 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:08 - Process(10532.5) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 3 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:08 - Process(10532.6) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 4 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(9572.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8003: IBM MQ queue manager 'QM1' started using V9.0.0.2. + +EXPLANATION: +IBM MQ queue manager 'QM1' started using V9.0.0.2. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(10532.8) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'DEFERRED_DELIVERY' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED_DELIVERY task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(10760.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9410: Repository manager started. + +EXPLANATION: +The repository manager started successfully. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(9632.19) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'ACTVTRC' has started. + +EXPLANATION: +The critical utility task manager has started the ACTVTRC task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(9632.22) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'DUR-SUBS-MGR' has started. + +EXPLANATION: +The critical utility task manager has started the DUR-SUBS-MGR task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(10532.9) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'DEFERRED-MSG' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED-MSG task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(9632.20) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'ASYNCQ' has started. + +EXPLANATION: +The critical utility task manager has started the ASYNCQ task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(9632.21) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'EXPIRER' has started. + +EXPLANATION: +The critical utility task manager has started the EXPIRER task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(9632.23) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'TOPIC-TREE' has started. + +EXPLANATION: +The critical utility task manager has started the TOPIC-TREE task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(10532.10) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'STATISTICS' has started. + +EXPLANATION: +The restartable utility task manager has started the STATISTICS task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(10620.3) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-CTRLR' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the QPUBSUB-CTRLR task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(10532.11) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'MARKINTSCAN' has started. + +EXPLANATION: +The restartable utility task manager has started the MARKINTSCAN task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(9632.24) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'RESOURCE_MONITOR' has started. + +EXPLANATION: +The critical utility task manager has started the RESOURCE_MONITOR task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(10620.4) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-QUEUE-NLCACHE task. This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(10620.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'PUBSUB-DAEMON' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the PUBSUB-DAEMON task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(10620.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Controller' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has started. +ACTION: + +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(9632.26) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'PRESERVED-Q' has started. + +EXPLANATION: +The critical utility task manager has started the PRESERVED-Q task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(9632.27) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'MULTICAST' has started. + +EXPLANATION: +The critical utility task manager has started the MULTICAST task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(10620.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Fan Out Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has started. +ACTION: + +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(10620.5) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-SUBPT-NLCACHE task. This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(9632.25) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'Q-DELETION' has started. + +EXPLANATION: +The critical utility task manager has started the Q-DELETION task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(10620.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Command Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has started. +ACTION: + +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(10620.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Publish Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has started. +ACTION: + +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(10924.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5022: The channel initiator has started. ProcessId(10996). + +EXPLANATION: +The channel initiator process has started. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(10924.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5024: The command server has started. ProcessId(11016). + +EXPLANATION: +The command server process has started. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(10924.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5026: The listener 'LISTENER.TCP' has started. ProcessId(11048). + +EXPLANATION: +The listener process has started. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(10876.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5806: Queued Publish/Subscribe Daemon started for queue manager QM1. + +EXPLANATION: +Queued Publish/Subscribe Daemon started for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +06/09/2018 09:13:09 - Process(10996.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8024: IBM MQ channel initiator started. + +EXPLANATION: +The channel initiator for queue SYSTEM.CHANNEL.INITQ has been started. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10760.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9411: Repository manager ended normally. + +EXPLANATION: +The repository manager ended normally. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10996.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9542: Queue manager is ending. + +EXPLANATION: +The program will end because the queue manager is quiescing. +ACTION: +None. +----- amqrimna.c : 1071 ------------------------------------------------------- +14/09/2018 17:36:27 - Process(10532.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED_DELIVERY' has ended. + +EXPLANATION: +The queue manager task DEFERRED_DELIVERY has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(9632.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10924.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5025: The command server has ended. ProcessId(11016). + +EXPLANATION: +The command server process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(9632.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10924.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5023: The channel initiator has ended. ProcessId(10996). + +EXPLANATION: +The channel initiator process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(9632.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(9632.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(9632.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(9632.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(9632.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10924.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5027: The listener 'LISTENER.TCP' has ended. ProcessId(11048). + +EXPLANATION: +The listener process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(9632.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(9632.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10620.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10620.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10620.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10620.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10532.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10532.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10532.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10532.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10532.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10620.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Publish Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10620.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Command Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10620.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10876.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5807: Queued Publish/Subscribe Daemon for queue manager QM1 ended. + +EXPLANATION: +The Queued Publish/Subscribe Daemon on queue manager QM1 has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(9632.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(9632.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(9632.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(9632.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(9632.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(9632.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(9632.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(9632.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(9632.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10532.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10532.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10532.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10620.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10620.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10620.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10620.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Controller' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has ended. +ACTION: + +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10620.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(10532.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ERROR-LOG' has ended. + +EXPLANATION: +The queue manager task ERROR-LOG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(9632.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'CHECKPOINT' has ended. + +EXPLANATION: +The queue manager task CHECKPOINT has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(9632.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'LOGGER-IO' has ended. + +EXPLANATION: +The queue manager task LOGGER-IO has ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:36:27 - Process(9572.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8004: IBM MQ queue manager 'QM1' ended. + +EXPLANATION: +IBM MQ queue manager 'QM1' ended. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:01 - Process(7964.3) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'LOGGER-IO' has started. + +EXPLANATION: +The critical utility task manager has started the LOGGER-IO task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:01 - Process(7760.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7229: 5 log records accessed on queue manager 'QM1' during the log replay +phase. + +EXPLANATION: +5 log records have been accessed so far on queue manager QM1 during the log +replay phase in order to bring the queue manager back to a previously known +state. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:01 - Process(7760.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7230: Log replay for queue manager 'QM1' complete. + +EXPLANATION: +The log replay phase of the queue manager restart process has been completed +for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:01 - Process(7760.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7231: 0 log records accessed on queue manager 'QM1' during the recovery +phase. + +EXPLANATION: +0 log records have been accessed so far on queue manager QM1 during the +recovery phase of the transactions manager state. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:01 - Process(7760.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7232: Transaction manager state recovered for queue manager 'QM1'. + +EXPLANATION: +The state of transactions at the time the queue manager ended has been +recovered for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:01 - Process(7760.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7233: 0 out of 0 in-flight transactions resolved for queue manager 'QM1'. + +EXPLANATION: +0 transactions out of 0 in-flight at the time queue manager QM1 ended have been +resolved. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:01 - Process(7964.8) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'CHECKPOINT' has started. + +EXPLANATION: +The critical utility task manager has started the CHECKPOINT task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:01 - Process(7280.3) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'ERROR-LOG' has started. + +EXPLANATION: +The restartable utility task manager has started the ERROR-LOG task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:01 - Process(7280.4) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:01 - Process(7280.7) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 2 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:01 - Process(7280.5) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 3 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:01 - Process(7280.6) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 4 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(7760.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8003: IBM MQ queue manager 'QM1' started using V9.0.0.2. + +EXPLANATION: +IBM MQ queue manager 'QM1' started using V9.0.0.2. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(7280.8) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'DEFERRED_DELIVERY' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED_DELIVERY task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(7280.9) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'DEFERRED-MSG' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED-MSG task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(7964.19) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'ACTVTRC' has started. + +EXPLANATION: +The critical utility task manager has started the ACTVTRC task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(7280.10) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'STATISTICS' has started. + +EXPLANATION: +The restartable utility task manager has started the STATISTICS task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(7964.20) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'ASYNCQ' has started. + +EXPLANATION: +The critical utility task manager has started the ASYNCQ task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(7964.21) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'EXPIRER' has started. + +EXPLANATION: +The critical utility task manager has started the EXPIRER task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(7964.22) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'DUR-SUBS-MGR' has started. + +EXPLANATION: +The critical utility task manager has started the DUR-SUBS-MGR task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(7856.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9410: Repository manager started. + +EXPLANATION: +The repository manager started successfully. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(7964.23) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'TOPIC-TREE' has started. + +EXPLANATION: +The critical utility task manager has started the TOPIC-TREE task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(7964.24) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'RESOURCE_MONITOR' has started. + +EXPLANATION: +The critical utility task manager has started the RESOURCE_MONITOR task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(5356.3) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-CTRLR' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the QPUBSUB-CTRLR task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(5356.4) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-QUEUE-NLCACHE task. This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(7280.11) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'MARKINTSCAN' has started. + +EXPLANATION: +The restartable utility task manager has started the MARKINTSCAN task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(5356.5) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-SUBPT-NLCACHE task. This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(5356.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'PUBSUB-DAEMON' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the PUBSUB-DAEMON task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(5356.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Controller' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has started. +ACTION: + +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(7964.25) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'Q-DELETION' has started. + +EXPLANATION: +The critical utility task manager has started the Q-DELETION task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(7964.26) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'PRESERVED-Q' has started. + +EXPLANATION: +The critical utility task manager has started the PRESERVED-Q task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(7964.27) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'MULTICAST' has started. + +EXPLANATION: +The critical utility task manager has started the MULTICAST task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(5356.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Publish Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has started. +ACTION: + +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(5356.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Command Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has started. +ACTION: + +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(5356.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Fan Out Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has started. +ACTION: + +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(7972.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5022: The channel initiator has started. ProcessId(8220). + +EXPLANATION: +The channel initiator process has started. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(7972.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5024: The command server has started. ProcessId(8244). + +EXPLANATION: +The command server process has started. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(7972.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5026: The listener 'LISTENER.TCP' has started. ProcessId(8260). + +EXPLANATION: +The listener process has started. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(8100.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5806: Queued Publish/Subscribe Daemon started for queue manager QM1. + +EXPLANATION: +Queued Publish/Subscribe Daemon started for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +14/09/2018 17:37:02 - Process(8220.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8024: IBM MQ channel initiator started. + +EXPLANATION: +The channel initiator for queue SYSTEM.CHANNEL.INITQ has been started. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7856.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9411: Repository manager ended normally. + +EXPLANATION: +The repository manager ended normally. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7280.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED_DELIVERY' has ended. + +EXPLANATION: +The queue manager task DEFERRED_DELIVERY has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(8220.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9542: Queue manager is ending. + +EXPLANATION: +The program will end because the queue manager is quiescing. +ACTION: +None. +----- amqrimna.c : 1071 ------------------------------------------------------- +21/09/2018 14:02:49 - Process(7964.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7972.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5025: The command server has ended. ProcessId(8244). + +EXPLANATION: +The command server process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7964.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7964.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7972.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5023: The channel initiator has ended. ProcessId(8220). + +EXPLANATION: +The channel initiator process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7964.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7964.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7972.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5027: The listener 'LISTENER.TCP' has ended. ProcessId(8260). + +EXPLANATION: +The listener process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7964.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7964.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7964.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7964.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(5356.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7964.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7964.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7964.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7964.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(5356.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7964.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7964.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(5356.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(5356.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7280.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7280.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7280.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7280.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(5356.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Publish Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(5356.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Command Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(5356.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(8100.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5807: Queued Publish/Subscribe Daemon for queue manager QM1 ended. + +EXPLANATION: +The Queued Publish/Subscribe Daemon on queue manager QM1 has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7964.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7964.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7964.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7280.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7280.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7280.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7280.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(5356.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(5356.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(5356.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(5356.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Controller' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has ended. +ACTION: + +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(5356.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7280.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ERROR-LOG' has ended. + +EXPLANATION: +The queue manager task ERROR-LOG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7964.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'CHECKPOINT' has ended. + +EXPLANATION: +The queue manager task CHECKPOINT has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7964.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'LOGGER-IO' has ended. + +EXPLANATION: +The queue manager task LOGGER-IO has ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:02:49 - Process(7760.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8004: IBM MQ queue manager 'QM1' ended. + +EXPLANATION: +IBM MQ queue manager 'QM1' ended. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:25 - Process(7524.3) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'LOGGER-IO' has started. + +EXPLANATION: +The critical utility task manager has started the LOGGER-IO task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:25 - Process(7156.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7229: 5 log records accessed on queue manager 'QM1' during the log replay +phase. + +EXPLANATION: +5 log records have been accessed so far on queue manager QM1 during the log +replay phase in order to bring the queue manager back to a previously known +state. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:25 - Process(7156.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7230: Log replay for queue manager 'QM1' complete. + +EXPLANATION: +The log replay phase of the queue manager restart process has been completed +for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:25 - Process(7156.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7231: 0 log records accessed on queue manager 'QM1' during the recovery +phase. + +EXPLANATION: +0 log records have been accessed so far on queue manager QM1 during the +recovery phase of the transactions manager state. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:25 - Process(7156.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7232: Transaction manager state recovered for queue manager 'QM1'. + +EXPLANATION: +The state of transactions at the time the queue manager ended has been +recovered for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:25 - Process(7156.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7233: 0 out of 0 in-flight transactions resolved for queue manager 'QM1'. + +EXPLANATION: +0 transactions out of 0 in-flight at the time queue manager QM1 ended have been +resolved. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:25 - Process(7524.8) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'CHECKPOINT' has started. + +EXPLANATION: +The critical utility task manager has started the CHECKPOINT task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:25 - Process(7716.3) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'ERROR-LOG' has started. + +EXPLANATION: +The restartable utility task manager has started the ERROR-LOG task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:25 - Process(7716.4) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:25 - Process(7716.7) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 2 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:25 - Process(7716.5) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 3 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:25 - Process(7716.6) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 4 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:25 - Process(7156.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8003: IBM MQ queue manager 'QM1' started using V9.0.0.2. + +EXPLANATION: +IBM MQ queue manager 'QM1' started using V9.0.0.2. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:25 - Process(7716.8) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'DEFERRED_DELIVERY' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED_DELIVERY task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:25 - Process(7992.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9410: Repository manager started. + +EXPLANATION: +The repository manager started successfully. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:25 - Process(7524.19) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'ACTVTRC' has started. + +EXPLANATION: +The critical utility task manager has started the ACTVTRC task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:25 - Process(7716.10) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'STATISTICS' has started. + +EXPLANATION: +The restartable utility task manager has started the STATISTICS task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:25 - Process(7524.22) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'DUR-SUBS-MGR' has started. + +EXPLANATION: +The critical utility task manager has started the DUR-SUBS-MGR task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:25 - Process(7716.9) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'DEFERRED-MSG' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED-MSG task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:25 - Process(7524.20) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'ASYNCQ' has started. + +EXPLANATION: +The critical utility task manager has started the ASYNCQ task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:25 - Process(7524.21) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'EXPIRER' has started. + +EXPLANATION: +The critical utility task manager has started the EXPIRER task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:26 - Process(7524.23) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'TOPIC-TREE' has started. + +EXPLANATION: +The critical utility task manager has started the TOPIC-TREE task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:26 - Process(7940.3) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-CTRLR' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the QPUBSUB-CTRLR task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:26 - Process(7716.11) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'MARKINTSCAN' has started. + +EXPLANATION: +The restartable utility task manager has started the MARKINTSCAN task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:26 - Process(7940.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'PUBSUB-DAEMON' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the PUBSUB-DAEMON task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:26 - Process(7524.26) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'PRESERVED-Q' has started. + +EXPLANATION: +The critical utility task manager has started the PRESERVED-Q task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:26 - Process(7524.27) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'MULTICAST' has started. + +EXPLANATION: +The critical utility task manager has started the MULTICAST task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:26 - Process(7524.24) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'RESOURCE_MONITOR' has started. + +EXPLANATION: +The critical utility task manager has started the RESOURCE_MONITOR task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:26 - Process(7940.5) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-SUBPT-NLCACHE task. This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:26 - Process(7628.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5022: The channel initiator has started. ProcessId(8232). + +EXPLANATION: +The channel initiator process has started. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:26 - Process(7524.25) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'Q-DELETION' has started. + +EXPLANATION: +The critical utility task manager has started the Q-DELETION task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:26 - Process(7628.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5024: The command server has started. ProcessId(8244). + +EXPLANATION: +The command server process has started. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:26 - Process(7940.4) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-QUEUE-NLCACHE task. This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:26 - Process(7940.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Controller' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has started. +ACTION: + +------------------------------------------------------------------------------- +21/09/2018 14:03:26 - Process(7616.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5806: Queued Publish/Subscribe Daemon started for queue manager QM1. + +EXPLANATION: +Queued Publish/Subscribe Daemon started for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:26 - Process(7628.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5026: The listener 'LISTENER.TCP' has started. ProcessId(8308). + +EXPLANATION: +The listener process has started. +ACTION: +None. +------------------------------------------------------------------------------- +21/09/2018 14:03:26 - Process(7940.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Command Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has started. +ACTION: + +------------------------------------------------------------------------------- +21/09/2018 14:03:26 - Process(7940.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Publish Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has started. +ACTION: + +------------------------------------------------------------------------------- +21/09/2018 14:03:26 - Process(7940.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Fan Out Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has started. +ACTION: + +------------------------------------------------------------------------------- +21/09/2018 14:03:26 - Process(8232.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8024: IBM MQ channel initiator started. + +EXPLANATION: +The channel initiator for queue SYSTEM.CHANNEL.INITQ has been started. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7992.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9411: Repository manager ended normally. + +EXPLANATION: +The repository manager ended normally. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(8232.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9542: Queue manager is ending. + +EXPLANATION: +The program will end because the queue manager is quiescing. +ACTION: +None. +----- amqrimna.c : 1071 ------------------------------------------------------- +02/10/2018 15:28:59 - Process(7716.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED_DELIVERY' has ended. + +EXPLANATION: +The queue manager task DEFERRED_DELIVERY has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7628.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5025: The command server has ended. ProcessId(8244). + +EXPLANATION: +The command server process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7524.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7524.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7628.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5023: The channel initiator has ended. ProcessId(8232). + +EXPLANATION: +The channel initiator process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7524.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7524.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7524.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7628.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5027: The listener 'LISTENER.TCP' has ended. ProcessId(8308). + +EXPLANATION: +The listener process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7524.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7524.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7524.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7524.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7940.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7940.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7940.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7940.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7716.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7524.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7716.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7716.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7716.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7716.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7940.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Publish Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7940.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7940.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Command Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7616.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5807: Queued Publish/Subscribe Daemon for queue manager QM1 ended. + +EXPLANATION: +The Queued Publish/Subscribe Daemon on queue manager QM1 has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7524.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7524.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7524.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7524.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7524.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7524.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7524.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7524.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7716.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7716.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7716.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7940.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7940.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7940.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7940.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Controller' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has ended. +ACTION: + +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7940.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7716.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ERROR-LOG' has ended. + +EXPLANATION: +The queue manager task ERROR-LOG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7524.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'CHECKPOINT' has ended. + +EXPLANATION: +The queue manager task CHECKPOINT has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7524.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'LOGGER-IO' has ended. + +EXPLANATION: +The queue manager task LOGGER-IO has ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:28:59 - Process(7156.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8004: IBM MQ queue manager 'QM1' ended. + +EXPLANATION: +IBM MQ queue manager 'QM1' ended. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:31 - Process(10232.3) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'LOGGER-IO' has started. + +EXPLANATION: +The critical utility task manager has started the LOGGER-IO task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:31 - Process(9376.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7229: 5 log records accessed on queue manager 'QM1' during the log replay +phase. + +EXPLANATION: +5 log records have been accessed so far on queue manager QM1 during the log +replay phase in order to bring the queue manager back to a previously known +state. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:31 - Process(9376.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7230: Log replay for queue manager 'QM1' complete. + +EXPLANATION: +The log replay phase of the queue manager restart process has been completed +for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:31 - Process(9376.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7231: 0 log records accessed on queue manager 'QM1' during the recovery +phase. + +EXPLANATION: +0 log records have been accessed so far on queue manager QM1 during the +recovery phase of the transactions manager state. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:31 - Process(9376.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7232: Transaction manager state recovered for queue manager 'QM1'. + +EXPLANATION: +The state of transactions at the time the queue manager ended has been +recovered for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:31 - Process(9376.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7233: 0 out of 0 in-flight transactions resolved for queue manager 'QM1'. + +EXPLANATION: +0 transactions out of 0 in-flight at the time queue manager QM1 ended have been +resolved. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:31 - Process(10232.8) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'CHECKPOINT' has started. + +EXPLANATION: +The critical utility task manager has started the CHECKPOINT task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:31 - Process(8508.3) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'ERROR-LOG' has started. + +EXPLANATION: +The restartable utility task manager has started the ERROR-LOG task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:31 - Process(8508.4) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:31 - Process(8508.7) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 2 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:31 - Process(8508.5) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 3 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:31 - Process(8508.6) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 4 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:31 - Process(9376.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8003: IBM MQ queue manager 'QM1' started using V9.0.0.2. + +EXPLANATION: +IBM MQ queue manager 'QM1' started using V9.0.0.2. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:31 - Process(8508.8) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'DEFERRED_DELIVERY' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED_DELIVERY task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:31 - Process(10500.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9410: Repository manager started. + +EXPLANATION: +The repository manager started successfully. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:31 - Process(10232.19) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'ACTVTRC' has started. + +EXPLANATION: +The critical utility task manager has started the ACTVTRC task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:31 - Process(10232.22) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'DUR-SUBS-MGR' has started. + +EXPLANATION: +The critical utility task manager has started the DUR-SUBS-MGR task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:31 - Process(8508.9) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'DEFERRED-MSG' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED-MSG task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:31 - Process(8508.10) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'STATISTICS' has started. + +EXPLANATION: +The restartable utility task manager has started the STATISTICS task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:31 - Process(10232.21) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'EXPIRER' has started. + +EXPLANATION: +The critical utility task manager has started the EXPIRER task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:31 - Process(10232.20) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'ASYNCQ' has started. + +EXPLANATION: +The critical utility task manager has started the ASYNCQ task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:31 - Process(10232.23) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'TOPIC-TREE' has started. + +EXPLANATION: +The critical utility task manager has started the TOPIC-TREE task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:31 - Process(10292.3) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-CTRLR' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the QPUBSUB-CTRLR task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:32 - Process(10232.24) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'RESOURCE_MONITOR' has started. + +EXPLANATION: +The critical utility task manager has started the RESOURCE_MONITOR task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:32 - Process(10292.4) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-QUEUE-NLCACHE task. This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:32 - Process(8508.11) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'MARKINTSCAN' has started. + +EXPLANATION: +The restartable utility task manager has started the MARKINTSCAN task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:32 - Process(10292.5) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-SUBPT-NLCACHE task. This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:32 - Process(10292.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'PUBSUB-DAEMON' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the PUBSUB-DAEMON task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:32 - Process(10232.26) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'PRESERVED-Q' has started. + +EXPLANATION: +The critical utility task manager has started the PRESERVED-Q task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:32 - Process(10232.27) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'MULTICAST' has started. + +EXPLANATION: +The critical utility task manager has started the MULTICAST task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:32 - Process(10292.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Controller' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has started. +ACTION: + +------------------------------------------------------------------------------- +02/10/2018 15:31:32 - Process(10608.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5022: The channel initiator has started. ProcessId(10692). + +EXPLANATION: +The channel initiator process has started. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:32 - Process(10608.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5024: The command server has started. ProcessId(10704). + +EXPLANATION: +The command server process has started. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:32 - Process(10232.25) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'Q-DELETION' has started. + +EXPLANATION: +The critical utility task manager has started the Q-DELETION task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:32 - Process(10292.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Command Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has started. +ACTION: + +------------------------------------------------------------------------------- +02/10/2018 15:31:32 - Process(10292.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Fan Out Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has started. +ACTION: + +------------------------------------------------------------------------------- +02/10/2018 15:31:32 - Process(10608.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5026: The listener 'LISTENER.TCP' has started. ProcessId(10752). + +EXPLANATION: +The listener process has started. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:32 - Process(10292.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Publish Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has started. +ACTION: + +------------------------------------------------------------------------------- +02/10/2018 15:31:32 - Process(10620.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5806: Queued Publish/Subscribe Daemon started for queue manager QM1. + +EXPLANATION: +Queued Publish/Subscribe Daemon started for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:31:32 - Process(10692.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8024: IBM MQ channel initiator started. + +EXPLANATION: +The channel initiator for queue SYSTEM.CHANNEL.INITQ has been started. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:55:03 - Process(19256.1) User(MUSR_MQADMIN) Program(amqrcmla.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +02/10/2018 15:55:15 - Process(15296.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:55:19 - Process(15296.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +02/10/2018 15:55:19 - Process(15296.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 15296(12488) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +02/10/2018 15:55:19 - Process(18912.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:55:22 - Process(18912.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +02/10/2018 15:55:22 - Process(18912.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 18912(17252) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +02/10/2018 15:56:19 - Process(15192.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:56:22 - Process(15192.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +02/10/2018 15:56:22 - Process(15192.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 15192(7340) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +02/10/2018 15:57:19 - Process(11580.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:57:22 - Process(11580.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +02/10/2018 15:57:22 - Process(11580.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 11580(11568) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +02/10/2018 15:58:19 - Process(18272.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:58:22 - Process(18272.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +02/10/2018 15:58:22 - Process(18272.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 18272(19180) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +02/10/2018 15:59:19 - Process(7192.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 15:59:22 - Process(7192.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +02/10/2018 15:59:22 - Process(7192.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 7192(9568) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +02/10/2018 16:00:19 - Process(7976.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 16:00:22 - Process(7976.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +02/10/2018 16:00:22 - Process(7976.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 7976(12976) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +02/10/2018 16:01:19 - Process(15820.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 16:01:22 - Process(15820.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +02/10/2018 16:01:22 - Process(15820.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 15820(744) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +02/10/2018 16:02:19 - Process(4316.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 16:02:22 - Process(4316.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +02/10/2018 16:02:22 - Process(4316.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 4316(7092) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +02/10/2018 16:03:19 - Process(19256.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 16:03:22 - Process(19256.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +02/10/2018 16:03:22 - Process(19256.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 19256(17056) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +02/10/2018 16:04:19 - Process(14412.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 16:04:22 - Process(14412.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +02/10/2018 16:04:22 - Process(14412.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 14412(5960) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +02/10/2018 16:24:19 - Process(15500.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 16:24:22 - Process(15500.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +02/10/2018 16:24:22 - Process(15500.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 15500(7264) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +02/10/2018 16:44:19 - Process(13636.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 16:44:22 - Process(13636.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +02/10/2018 16:44:22 - Process(13636.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 13636(16556) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +02/10/2018 17:04:19 - Process(16328.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 17:04:22 - Process(16328.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +02/10/2018 17:04:22 - Process(16328.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 16328(3860) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +02/10/2018 17:24:19 - Process(13504.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 17:24:22 - Process(13504.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +02/10/2018 17:24:22 - Process(13504.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 13504(5448) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +02/10/2018 17:44:19 - Process(14020.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +02/10/2018 17:44:22 - Process(14020.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +02/10/2018 17:44:22 - Process(14020.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 14020(8552) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +03/10/2018 20:11:27 - Process(20060.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +03/10/2018 20:11:30 - Process(20060.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +03/10/2018 20:11:30 - Process(20060.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 20060(20064) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +03/10/2018 20:31:27 - Process(22944.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +03/10/2018 20:31:30 - Process(22944.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +03/10/2018 20:31:30 - Process(22944.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 22944(14664) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +03/10/2018 20:51:27 - Process(3656.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +03/10/2018 20:51:30 - Process(3656.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +03/10/2018 20:51:30 - Process(3656.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 3656(2680) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +03/10/2018 21:11:27 - Process(23840.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +03/10/2018 21:11:30 - Process(23840.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +03/10/2018 21:11:30 - Process(23840.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 23840(24236) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +04/10/2018 00:23:53 - Process(28308.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +04/10/2018 00:23:56 - Process(28308.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +04/10/2018 00:23:56 - Process(28308.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 28308(28312) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +04/10/2018 08:33:58 - Process(12656.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +04/10/2018 08:34:01 - Process(12656.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +04/10/2018 08:34:01 - Process(12656.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 12656(29620) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +04/10/2018 08:53:58 - Process(24696.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +04/10/2018 08:54:01 - Process(24696.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +04/10/2018 08:54:01 - Process(24696.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 24696(27092) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +04/10/2018 09:13:58 - Process(29328.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +04/10/2018 09:14:01 - Process(29328.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +04/10/2018 09:14:01 - Process(29328.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 29328(7048) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +04/10/2018 09:33:58 - Process(1224.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +04/10/2018 09:34:01 - Process(1224.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +04/10/2018 09:34:01 - Process(1224.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 1224(29544) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +04/10/2018 09:53:58 - Process(32464.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +04/10/2018 09:54:01 - Process(32464.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +04/10/2018 09:54:01 - Process(32464.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 32464(32468) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +04/10/2018 10:13:58 - Process(18796.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +04/10/2018 10:14:01 - Process(18796.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +04/10/2018 10:14:01 - Process(18796.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 18796(34812) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +04/10/2018 10:33:58 - Process(37860.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +04/10/2018 10:34:01 - Process(37860.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +04/10/2018 10:34:01 - Process(37860.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 37860(37864) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +04/10/2018 10:53:58 - Process(38128.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +04/10/2018 10:54:01 - Process(38128.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +04/10/2018 10:54:01 - Process(38128.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 38128(38124) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +04/10/2018 11:13:58 - Process(40568.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +04/10/2018 11:14:01 - Process(40568.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +04/10/2018 11:14:01 - Process(40568.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 40568(38864) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +04/10/2018 11:33:58 - Process(35532.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +04/10/2018 11:34:01 - Process(35532.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +04/10/2018 11:34:01 - Process(35532.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 35532(42884) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +04/10/2018 11:53:58 - Process(41496.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +04/10/2018 11:54:01 - Process(41496.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +04/10/2018 11:54:01 - Process(41496.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 41496(43964) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +04/10/2018 12:13:58 - Process(34044.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +04/10/2018 12:14:01 - Process(34044.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +04/10/2018 12:14:01 - Process(34044.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 34044(45504) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +04/10/2018 12:33:58 - Process(46108.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +04/10/2018 12:34:01 - Process(46108.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +04/10/2018 12:34:01 - Process(46108.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 46108(46172) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +04/10/2018 12:53:58 - Process(48216.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +04/10/2018 12:54:01 - Process(48216.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +04/10/2018 12:54:01 - Process(48216.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 48216(48220) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +04/10/2018 13:13:58 - Process(12244.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +04/10/2018 13:14:02 - Process(12244.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +04/10/2018 13:14:02 - Process(12244.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 12244(51172) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +04/10/2018 13:33:58 - Process(35372.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +04/10/2018 13:34:01 - Process(35372.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +04/10/2018 13:34:01 - Process(35372.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 35372(42064) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +04/10/2018 13:53:58 - Process(34888.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +04/10/2018 13:54:01 - Process(34888.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +04/10/2018 13:54:01 - Process(34888.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 34888(43108) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +04/10/2018 14:13:58 - Process(52948.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +04/10/2018 14:14:01 - Process(52948.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +04/10/2018 14:14:01 - Process(52948.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 52948(16232) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +04/10/2018 14:33:58 - Process(16232.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +04/10/2018 14:34:01 - Process(16232.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +04/10/2018 14:34:01 - Process(16232.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 16232(54764) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +04/10/2018 14:53:58 - Process(55516.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +04/10/2018 14:54:01 - Process(55516.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +04/10/2018 14:54:01 - Process(55516.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 55516(56112) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +04/10/2018 15:13:58 - Process(58232.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +04/10/2018 15:14:01 - Process(58232.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +04/10/2018 15:14:01 - Process(58232.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 58232(17280) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +04/10/2018 15:33:58 - Process(59068.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +04/10/2018 15:34:01 - Process(59068.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +04/10/2018 15:34:01 - Process(59068.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 59068(51152) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +05/10/2018 10:33:04 - Process(65448.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +05/10/2018 10:33:08 - Process(65448.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +05/10/2018 10:33:08 - Process(65448.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 65448(59844) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +05/10/2018 10:53:05 - Process(56532.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +05/10/2018 10:53:08 - Process(56532.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +05/10/2018 10:53:08 - Process(56532.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 56532(62168) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +05/10/2018 11:13:05 - Process(67380.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +05/10/2018 11:13:09 - Process(67380.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +05/10/2018 11:13:09 - Process(67380.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 67380(67388) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +05/10/2018 11:33:05 - Process(69780.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +05/10/2018 11:33:09 - Process(69780.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +05/10/2018 11:33:09 - Process(69780.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 69780(69364) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +05/10/2018 11:53:05 - Process(72140.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +05/10/2018 11:53:09 - Process(72140.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +05/10/2018 11:53:09 - Process(72140.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 72140(71224) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +05/10/2018 12:13:05 - Process(70604.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +05/10/2018 12:13:09 - Process(70604.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +05/10/2018 12:13:09 - Process(70604.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 70604(71164) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +05/10/2018 12:33:05 - Process(73608.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +05/10/2018 12:33:09 - Process(73608.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +05/10/2018 12:33:09 - Process(73608.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 73608(58192) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +05/10/2018 12:53:05 - Process(72956.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +05/10/2018 12:53:09 - Process(72956.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +05/10/2018 12:53:09 - Process(72956.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 72956(75180) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +05/10/2018 13:13:05 - Process(59972.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +05/10/2018 13:13:09 - Process(59972.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +05/10/2018 13:13:09 - Process(59972.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 59972(75152) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +05/10/2018 13:33:05 - Process(77920.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +05/10/2018 13:33:09 - Process(77920.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +05/10/2018 13:33:09 - Process(77920.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 77920(79492) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +05/10/2018 13:53:05 - Process(80876.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +05/10/2018 13:53:09 - Process(80876.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +05/10/2018 13:53:09 - Process(80876.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 80876(70764) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +05/10/2018 14:13:05 - Process(82412.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +05/10/2018 14:13:09 - Process(82412.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +05/10/2018 14:13:09 - Process(82412.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 82412(82008) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +05/10/2018 14:33:05 - Process(17224.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +05/10/2018 14:33:09 - Process(17224.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +05/10/2018 14:33:09 - Process(17224.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 17224(84160) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +05/10/2018 14:53:05 - Process(84188.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +05/10/2018 14:53:09 - Process(84188.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +05/10/2018 14:53:09 - Process(84188.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 84188(67680) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +05/10/2018 15:13:06 - Process(80596.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +05/10/2018 15:13:09 - Process(80596.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +05/10/2018 15:13:09 - Process(80596.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 80596(84468) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +05/10/2018 15:33:07 - Process(77232.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +05/10/2018 15:33:10 - Process(77232.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +05/10/2018 15:33:10 - Process(77232.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 77232(89616) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +05/10/2018 15:53:08 - Process(91548.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +05/10/2018 15:53:11 - Process(91548.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +05/10/2018 15:53:11 - Process(91548.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 91548(91552) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +05/10/2018 16:13:09 - Process(89168.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +05/10/2018 16:13:12 - Process(89168.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +05/10/2018 16:13:12 - Process(89168.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 89168(80428) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +05/10/2018 16:33:09 - Process(94516.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +05/10/2018 16:33:12 - Process(94516.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +05/10/2018 16:33:12 - Process(94516.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 94516(94836) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +05/10/2018 19:48:37 - Process(98936.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +05/10/2018 19:48:40 - Process(98936.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +05/10/2018 19:48:40 - Process(98936.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 98936(98940) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +06/10/2018 07:47:31 - Process(101260.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +06/10/2018 07:47:34 - Process(101260.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +06/10/2018 07:47:34 - Process(101260.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 101260(101264) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +06/10/2018 11:20:39 - Process(102396.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +06/10/2018 11:20:42 - Process(102396.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +06/10/2018 11:20:42 - Process(102396.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 102396(101868) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +06/10/2018 11:40:39 - Process(100060.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +06/10/2018 11:40:43 - Process(100060.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +06/10/2018 11:40:43 - Process(100060.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 100060(79488) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +06/10/2018 12:01:54 - Process(102608.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +06/10/2018 12:01:58 - Process(102608.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +06/10/2018 12:01:58 - Process(102608.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 102608(102612) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +07/10/2018 14:40:43 - Process(95860.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +07/10/2018 14:40:47 - Process(95860.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +07/10/2018 14:40:47 - Process(95860.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 95860(97060) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +07/10/2018 15:00:44 - Process(104748.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +07/10/2018 15:00:47 - Process(104748.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +07/10/2018 15:00:47 - Process(104748.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 104748(101524) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +08/10/2018 05:34:53 - Process(81048.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +08/10/2018 05:34:56 - Process(81048.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +08/10/2018 05:34:56 - Process(81048.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 81048(97116) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +08/10/2018 05:54:53 - Process(104580.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +08/10/2018 05:54:56 - Process(104580.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +08/10/2018 05:54:56 - Process(104580.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 104580(93388) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +08/10/2018 06:14:53 - Process(82108.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +08/10/2018 06:14:56 - Process(82108.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +08/10/2018 06:14:56 - Process(82108.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 82108(105128) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +08/10/2018 06:34:53 - Process(54568.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +08/10/2018 06:34:56 - Process(54568.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +08/10/2018 06:34:56 - Process(54568.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 54568(80980) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +08/10/2018 06:54:53 - Process(106200.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +08/10/2018 06:54:56 - Process(106200.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +08/10/2018 06:54:56 - Process(106200.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 106200(102084) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +08/10/2018 07:14:53 - Process(113536.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +08/10/2018 07:14:56 - Process(113536.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +08/10/2018 07:14:56 - Process(113536.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 113536(112712) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +08/10/2018 07:34:53 - Process(114744.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +08/10/2018 07:34:56 - Process(114744.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +08/10/2018 07:34:56 - Process(114744.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 114744(115080) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +08/10/2018 07:54:53 - Process(119012.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +08/10/2018 07:54:56 - Process(119012.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +08/10/2018 07:54:56 - Process(119012.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 119012(119352) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +08/10/2018 08:14:53 - Process(101940.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +08/10/2018 08:14:56 - Process(101940.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +08/10/2018 08:14:56 - Process(101940.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 101940(112564) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +08/10/2018 08:34:53 - Process(116116.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +08/10/2018 08:34:56 - Process(116116.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +08/10/2018 08:34:56 - Process(116116.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 116116(92624) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +08/10/2018 10:07:32 - Process(125312.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +08/10/2018 10:07:35 - Process(125312.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +08/10/2018 10:07:35 - Process(125312.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 125312(125308) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +08/10/2018 11:54:33 - Process(127496.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +08/10/2018 11:54:37 - Process(127496.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +08/10/2018 11:54:37 - Process(127496.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 127496(127844) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +08/10/2018 12:14:33 - Process(121348.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +08/10/2018 12:14:37 - Process(121348.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +08/10/2018 12:14:37 - Process(121348.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 121348(119440) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +08/10/2018 12:34:33 - Process(125416.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +08/10/2018 12:34:37 - Process(125416.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +08/10/2018 12:34:37 - Process(125416.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 125416(117524) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +08/10/2018 12:54:33 - Process(125404.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +08/10/2018 12:54:37 - Process(125404.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +08/10/2018 12:54:37 - Process(125404.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 125404(122932) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +08/10/2018 15:00:43 - Process(109012.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +08/10/2018 15:00:46 - Process(109012.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +08/10/2018 15:00:46 - Process(109012.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 109012(121580) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +08/10/2018 15:20:43 - Process(128304.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +08/10/2018 15:20:52 - Process(128304.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9788: Slow DNS lookup for address 'test'. + +EXPLANATION: +An attempt to resolve address 'test' using the 'getaddrinfo' function call took +7 seconds to complete. This might indicate a problem with the DNS +configuration. +ACTION: +Ensure that DNS is correctly configured on the local system. + +If the address was an IP address then the slow operation was a reverse DNS +lookup. Some DNS configurations are not capable of reverse DNS lookups and some +IP addresses have no valid reverse DNS entries. If the problem persists, +consider disabling reverse DNS lookups until the issue with the DNS can be +resolved. +----- amqcrhna.c : 581 -------------------------------------------------------- +08/10/2018 15:20:52 - Process(128304.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is 0 +(X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +08/10/2018 15:20:52 - Process(128304.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 128304(122692) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +08/10/2018 18:25:41 - Process(119224.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +08/10/2018 18:25:44 - Process(119224.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +08/10/2018 18:25:44 - Process(119224.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 119224(128588) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +08/10/2018 20:28:50 - Process(130232.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +08/10/2018 20:28:58 - Process(130232.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9788: Slow DNS lookup for address 'test'. + +EXPLANATION: +An attempt to resolve address 'test' using the 'getaddrinfo' function call took +7 seconds to complete. This might indicate a problem with the DNS +configuration. +ACTION: +Ensure that DNS is correctly configured on the local system. + +If the address was an IP address then the slow operation was a reverse DNS +lookup. Some DNS configurations are not capable of reverse DNS lookups and some +IP addresses have no valid reverse DNS entries. If the problem persists, +consider disabling reverse DNS lookups until the issue with the DNS can be +resolved. +----- amqcrhna.c : 581 -------------------------------------------------------- +08/10/2018 20:28:58 - Process(130232.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is 0 +(X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +08/10/2018 20:28:58 - Process(130232.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 130232(129844) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +08/10/2018 20:48:50 - Process(109236.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +08/10/2018 20:48:58 - Process(109236.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9788: Slow DNS lookup for address 'test'. + +EXPLANATION: +An attempt to resolve address 'test' using the 'getaddrinfo' function call took +7 seconds to complete. This might indicate a problem with the DNS +configuration. +ACTION: +Ensure that DNS is correctly configured on the local system. + +If the address was an IP address then the slow operation was a reverse DNS +lookup. Some DNS configurations are not capable of reverse DNS lookups and some +IP addresses have no valid reverse DNS entries. If the problem persists, +consider disabling reverse DNS lookups until the issue with the DNS can be +resolved. +----- amqcrhna.c : 581 -------------------------------------------------------- +08/10/2018 20:48:58 - Process(109236.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is 0 +(X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +08/10/2018 20:48:58 - Process(109236.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 109236(122436) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +08/10/2018 21:08:50 - Process(131124.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +08/10/2018 21:08:58 - Process(131124.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9788: Slow DNS lookup for address 'test'. + +EXPLANATION: +An attempt to resolve address 'test' using the 'getaddrinfo' function call took +7 seconds to complete. This might indicate a problem with the DNS +configuration. +ACTION: +Ensure that DNS is correctly configured on the local system. + +If the address was an IP address then the slow operation was a reverse DNS +lookup. Some DNS configurations are not capable of reverse DNS lookups and some +IP addresses have no valid reverse DNS entries. If the problem persists, +consider disabling reverse DNS lookups until the issue with the DNS can be +resolved. +----- amqcrhna.c : 581 -------------------------------------------------------- +08/10/2018 21:08:58 - Process(131124.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is 0 +(X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +08/10/2018 21:08:58 - Process(131124.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 131124(132060) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +08/10/2018 21:28:50 - Process(129480.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +08/10/2018 21:28:58 - Process(129480.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9788: Slow DNS lookup for address 'test'. + +EXPLANATION: +An attempt to resolve address 'test' using the 'getaddrinfo' function call took +7 seconds to complete. This might indicate a problem with the DNS +configuration. +ACTION: +Ensure that DNS is correctly configured on the local system. + +If the address was an IP address then the slow operation was a reverse DNS +lookup. Some DNS configurations are not capable of reverse DNS lookups and some +IP addresses have no valid reverse DNS entries. If the problem persists, +consider disabling reverse DNS lookups until the issue with the DNS can be +resolved. +----- amqcrhna.c : 581 -------------------------------------------------------- +08/10/2018 21:28:58 - Process(129480.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is 0 +(X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +08/10/2018 21:28:58 - Process(129480.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 129480(133040) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +08/10/2018 21:48:50 - Process(104604.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:28:44 - Process(104604.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9788: Slow DNS lookup for address 'test'. + +EXPLANATION: +An attempt to resolve address 'test' using the 'getaddrinfo' function call took +38394 seconds to complete. This might indicate a problem with the DNS +configuration. +ACTION: +Ensure that DNS is correctly configured on the local system. + +If the address was an IP address then the slow operation was a reverse DNS +lookup. Some DNS configurations are not capable of reverse DNS lookups and some +IP addresses have no valid reverse DNS entries. If the problem persists, +consider disabling reverse DNS lookups until the issue with the DNS can be +resolved. +----- amqcrhna.c : 558 -------------------------------------------------------- +09/10/2018 08:28:46 - Process(104604.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +09/10/2018 08:28:46 - Process(104604.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 104604(131720) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +09/10/2018 08:28:46 - Process(126160.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:28:49 - Process(126160.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +09/10/2018 08:28:49 - Process(126160.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 126160(131964) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +09/10/2018 08:29:36 - Process(10500.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9411: Repository manager ended normally. + +EXPLANATION: +The repository manager ended normally. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10692.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9542: Queue manager is ending. + +EXPLANATION: +The program will end because the queue manager is quiescing. +ACTION: +None. +----- amqrimna.c : 1071 ------------------------------------------------------- +09/10/2018 08:29:36 - Process(8508.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED_DELIVERY' has ended. + +EXPLANATION: +The queue manager task DEFERRED_DELIVERY has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(8508.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10608.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5023: The channel initiator has ended. ProcessId(10692). + +EXPLANATION: +The channel initiator process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10292.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10292.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10608.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5025: The command server has ended. ProcessId(10704). + +EXPLANATION: +The command server process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10292.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10292.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10608.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5027: The listener 'LISTENER.TCP' has ended. ProcessId(10752). + +EXPLANATION: +The listener process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(8508.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10232.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10232.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10232.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10232.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(8508.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(8508.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10232.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10232.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10232.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10232.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10232.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10232.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10232.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10232.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10232.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10232.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10232.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10232.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10232.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10232.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(8508.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(8508.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(8508.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10292.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10292.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Publish Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10292.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10292.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Command Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10292.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10620.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5807: Queued Publish/Subscribe Daemon for queue manager QM1 ended. + +EXPLANATION: +The Queued Publish/Subscribe Daemon on queue manager QM1 has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10292.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Controller' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has ended. +ACTION: + +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(8508.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10292.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(10292.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:36 - Process(8508.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ERROR-LOG' has ended. + +EXPLANATION: +The queue manager task ERROR-LOG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:37 - Process(10232.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'CHECKPOINT' has ended. + +EXPLANATION: +The queue manager task CHECKPOINT has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:37 - Process(10232.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'LOGGER-IO' has ended. + +EXPLANATION: +The queue manager task LOGGER-IO has ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:29:37 - Process(9376.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8004: IBM MQ queue manager 'QM1' ended. + +EXPLANATION: +IBM MQ queue manager 'QM1' ended. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:11 - Process(8816.3) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'LOGGER-IO' has started. + +EXPLANATION: +The critical utility task manager has started the LOGGER-IO task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:11 - Process(7980.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7229: 5 log records accessed on queue manager 'QM1' during the log replay +phase. + +EXPLANATION: +5 log records have been accessed so far on queue manager QM1 during the log +replay phase in order to bring the queue manager back to a previously known +state. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:11 - Process(7980.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7230: Log replay for queue manager 'QM1' complete. + +EXPLANATION: +The log replay phase of the queue manager restart process has been completed +for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:11 - Process(7980.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7231: 0 log records accessed on queue manager 'QM1' during the recovery +phase. + +EXPLANATION: +0 log records have been accessed so far on queue manager QM1 during the +recovery phase of the transactions manager state. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:11 - Process(7980.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7232: Transaction manager state recovered for queue manager 'QM1'. + +EXPLANATION: +The state of transactions at the time the queue manager ended has been +recovered for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:11 - Process(7980.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ7233: 0 out of 0 in-flight transactions resolved for queue manager 'QM1'. + +EXPLANATION: +0 transactions out of 0 in-flight at the time queue manager QM1 ended have been +resolved. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:11 - Process(8816.8) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'CHECKPOINT' has started. + +EXPLANATION: +The critical utility task manager has started the CHECKPOINT task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(9120.5) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(9120.6) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 2 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(9120.3) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'ERROR-LOG' has started. + +EXPLANATION: +The restartable utility task manager has started the ERROR-LOG task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(9120.4) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 3 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(9120.7) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 4 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(7980.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8003: IBM MQ queue manager 'QM1' started using V9.0.0.2. + +EXPLANATION: +IBM MQ queue manager 'QM1' started using V9.0.0.2. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(9120.8) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'DEFERRED_DELIVERY' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED_DELIVERY task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(9272.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9410: Repository manager started. + +EXPLANATION: +The repository manager started successfully. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(9120.9) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'DEFERRED-MSG' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED-MSG task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(8816.19) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'ACTVTRC' has started. + +EXPLANATION: +The critical utility task manager has started the ACTVTRC task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(9120.10) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'STATISTICS' has started. + +EXPLANATION: +The restartable utility task manager has started the STATISTICS task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(8816.21) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'EXPIRER' has started. + +EXPLANATION: +The critical utility task manager has started the EXPIRER task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(8816.22) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'DUR-SUBS-MGR' has started. + +EXPLANATION: +The critical utility task manager has started the DUR-SUBS-MGR task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(8816.20) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'ASYNCQ' has started. + +EXPLANATION: +The critical utility task manager has started the ASYNCQ task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(8040.3) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-CTRLR' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the QPUBSUB-CTRLR task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(8816.24) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'RESOURCE_MONITOR' has started. + +EXPLANATION: +The critical utility task manager has started the RESOURCE_MONITOR task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(8040.4) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-QUEUE-NLCACHE task. This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(8816.23) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'TOPIC-TREE' has started. + +EXPLANATION: +The critical utility task manager has started the TOPIC-TREE task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(8040.5) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-SUBPT-NLCACHE task. This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(9120.11) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5037: The queue manager task 'MARKINTSCAN' has started. + +EXPLANATION: +The restartable utility task manager has started the MARKINTSCAN task. This +task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(8040.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5052: The queue manager task 'PUBSUB-DAEMON' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the PUBSUB-DAEMON task. +This task has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(8816.25) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'Q-DELETION' has started. + +EXPLANATION: +The critical utility task manager has started the Q-DELETION task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(8816.26) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'PRESERVED-Q' has started. + +EXPLANATION: +The critical utility task manager has started the PRESERVED-Q task. This task +has now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(8040.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Controller' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has started. +ACTION: + +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(8816.27) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5051: The queue manager task 'MULTICAST' has started. + +EXPLANATION: +The critical utility task manager has started the MULTICAST task. This task has +now started 1 times. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(8040.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Fan Out Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has started. +ACTION: + +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(8040.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Command Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has started. +ACTION: + +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(8040.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5975: 'IBM MQ Distributed Pub/Sub Publish Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has started. +ACTION: + +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(9560.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5022: The channel initiator has started. ProcessId(9644). + +EXPLANATION: +The channel initiator process has started. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(9560.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5024: The command server has started. ProcessId(9656). + +EXPLANATION: +The command server process has started. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(9560.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5026: The listener 'LISTENER.TCP' has started. ProcessId(9664). + +EXPLANATION: +The listener process has started. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(9524.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5806: Queued Publish/Subscribe Daemon started for queue manager QM1. + +EXPLANATION: +Queued Publish/Subscribe Daemon started for queue manager QM1. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:30:12 - Process(9644.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8024: IBM MQ channel initiator started. + +EXPLANATION: +The channel initiator for queue SYSTEM.CHANNEL.INITQ has been started. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:48:46 - Process(2516.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 08:48:55 - Process(2516.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9788: Slow DNS lookup for address 'test'. + +EXPLANATION: +An attempt to resolve address 'test' using the 'getaddrinfo' function call took +7 seconds to complete. This might indicate a problem with the DNS +configuration. +ACTION: +Ensure that DNS is correctly configured on the local system. + +If the address was an IP address then the slow operation was a reverse DNS +lookup. Some DNS configurations are not capable of reverse DNS lookups and some +IP addresses have no valid reverse DNS entries. If the problem persists, +consider disabling reverse DNS lookups until the issue with the DNS can be +resolved. +----- amqcrhna.c : 581 -------------------------------------------------------- +09/10/2018 08:48:55 - Process(2516.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is 0 +(X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +09/10/2018 08:48:55 - Process(2516.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 2516(14768) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +09/10/2018 09:08:46 - Process(15456.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 09:08:54 - Process(15456.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9788: Slow DNS lookup for address 'test'. + +EXPLANATION: +An attempt to resolve address 'test' using the 'getaddrinfo' function call took +6 seconds to complete. This might indicate a problem with the DNS +configuration. +ACTION: +Ensure that DNS is correctly configured on the local system. + +If the address was an IP address then the slow operation was a reverse DNS +lookup. Some DNS configurations are not capable of reverse DNS lookups and some +IP addresses have no valid reverse DNS entries. If the problem persists, +consider disabling reverse DNS lookups until the issue with the DNS can be +resolved. +----- amqcrhna.c : 581 -------------------------------------------------------- +09/10/2018 09:08:54 - Process(15456.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is 0 +(X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +09/10/2018 09:08:54 - Process(15456.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 15456(6244) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +09/10/2018 09:28:46 - Process(17112.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 09:28:54 - Process(17112.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9788: Slow DNS lookup for address 'test'. + +EXPLANATION: +An attempt to resolve address 'test' using the 'getaddrinfo' function call took +6 seconds to complete. This might indicate a problem with the DNS +configuration. +ACTION: +Ensure that DNS is correctly configured on the local system. + +If the address was an IP address then the slow operation was a reverse DNS +lookup. Some DNS configurations are not capable of reverse DNS lookups and some +IP addresses have no valid reverse DNS entries. If the problem persists, +consider disabling reverse DNS lookups until the issue with the DNS can be +resolved. +----- amqcrhna.c : 581 -------------------------------------------------------- +09/10/2018 09:28:54 - Process(17112.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is 0 +(X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +09/10/2018 09:28:54 - Process(17112.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 17112(8060) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +09/10/2018 09:48:46 - Process(10272.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 09:48:54 - Process(10272.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9788: Slow DNS lookup for address 'test'. + +EXPLANATION: +An attempt to resolve address 'test' using the 'getaddrinfo' function call took +6 seconds to complete. This might indicate a problem with the DNS +configuration. +ACTION: +Ensure that DNS is correctly configured on the local system. + +If the address was an IP address then the slow operation was a reverse DNS +lookup. Some DNS configurations are not capable of reverse DNS lookups and some +IP addresses have no valid reverse DNS entries. If the problem persists, +consider disabling reverse DNS lookups until the issue with the DNS can be +resolved. +----- amqcrhna.c : 581 -------------------------------------------------------- +09/10/2018 09:48:54 - Process(10272.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is 0 +(X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +09/10/2018 09:48:54 - Process(10272.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 10272(5624) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +09/10/2018 10:30:58 - Process(21428.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 10:31:01 - Process(21428.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +09/10/2018 10:31:01 - Process(21428.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 21428(21432) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +09/10/2018 10:50:58 - Process(14484.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 10:51:06 - Process(14484.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9788: Slow DNS lookup for address 'test'. + +EXPLANATION: +An attempt to resolve address 'test' using the 'getaddrinfo' function call took +7 seconds to complete. This might indicate a problem with the DNS +configuration. +ACTION: +Ensure that DNS is correctly configured on the local system. + +If the address was an IP address then the slow operation was a reverse DNS +lookup. Some DNS configurations are not capable of reverse DNS lookups and some +IP addresses have no valid reverse DNS entries. If the problem persists, +consider disabling reverse DNS lookups until the issue with the DNS can be +resolved. +----- amqcrhna.c : 581 -------------------------------------------------------- +09/10/2018 10:51:06 - Process(14484.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is 0 +(X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +09/10/2018 10:51:06 - Process(14484.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 14484(15952) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +09/10/2018 11:20:33 - Process(10080.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 11:20:37 - Process(10080.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +09/10/2018 11:20:37 - Process(10080.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 10080(13212) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +09/10/2018 11:40:33 - Process(20856.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 11:40:41 - Process(20856.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9788: Slow DNS lookup for address 'test'. + +EXPLANATION: +An attempt to resolve address 'test' using the 'getaddrinfo' function call took +7 seconds to complete. This might indicate a problem with the DNS +configuration. +ACTION: +Ensure that DNS is correctly configured on the local system. + +If the address was an IP address then the slow operation was a reverse DNS +lookup. Some DNS configurations are not capable of reverse DNS lookups and some +IP addresses have no valid reverse DNS entries. If the problem persists, +consider disabling reverse DNS lookups until the issue with the DNS can be +resolved. +----- amqcrhna.c : 581 -------------------------------------------------------- +09/10/2018 11:40:41 - Process(20856.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is 0 +(X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +09/10/2018 11:40:41 - Process(20856.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 20856(22336) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +09/10/2018 13:29:55 - Process(19448.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 13:29:58 - Process(19448.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +09/10/2018 13:29:58 - Process(19448.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 19448(22380) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +09/10/2018 16:41:22 - Process(17172.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 16:41:26 - Process(17172.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +09/10/2018 16:41:26 - Process(17172.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 17172(16800) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +09/10/2018 17:01:22 - Process(6768.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 17:01:30 - Process(6768.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9788: Slow DNS lookup for address 'test'. + +EXPLANATION: +An attempt to resolve address 'test' using the 'getaddrinfo' function call took +7 seconds to complete. This might indicate a problem with the DNS +configuration. +ACTION: +Ensure that DNS is correctly configured on the local system. + +If the address was an IP address then the slow operation was a reverse DNS +lookup. Some DNS configurations are not capable of reverse DNS lookups and some +IP addresses have no valid reverse DNS entries. If the problem persists, +consider disabling reverse DNS lookups until the issue with the DNS can be +resolved. +----- amqcrhna.c : 581 -------------------------------------------------------- +09/10/2018 17:01:30 - Process(6768.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is 0 +(X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +09/10/2018 17:01:30 - Process(6768.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 6768(9856) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +09/10/2018 19:22:40 - Process(22856.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 19:22:45 - Process(22856.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +09/10/2018 19:22:45 - Process(22856.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 22856(9244) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +09/10/2018 19:42:40 - Process(21664.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 19:42:48 - Process(21664.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9788: Slow DNS lookup for address 'test'. + +EXPLANATION: +An attempt to resolve address 'test' using the 'getaddrinfo' function call took +7 seconds to complete. This might indicate a problem with the DNS +configuration. +ACTION: +Ensure that DNS is correctly configured on the local system. + +If the address was an IP address then the slow operation was a reverse DNS +lookup. Some DNS configurations are not capable of reverse DNS lookups and some +IP addresses have no valid reverse DNS entries. If the problem persists, +consider disabling reverse DNS lookups until the issue with the DNS can be +resolved. +----- amqcrhna.c : 581 -------------------------------------------------------- +09/10/2018 19:42:48 - Process(21664.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is 0 +(X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +09/10/2018 19:42:48 - Process(21664.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 21664(8740) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +09/10/2018 22:43:37 - Process(2288.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +09/10/2018 22:43:41 - Process(2288.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +09/10/2018 22:43:41 - Process(2288.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 2288(17976) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +10/10/2018 08:17:36 - Process(24292.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +10/10/2018 08:17:44 - Process(24292.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9788: Slow DNS lookup for address 'test'. + +EXPLANATION: +An attempt to resolve address 'test' using the 'getaddrinfo' function call took +6 seconds to complete. This might indicate a problem with the DNS +configuration. +ACTION: +Ensure that DNS is correctly configured on the local system. + +If the address was an IP address then the slow operation was a reverse DNS +lookup. Some DNS configurations are not capable of reverse DNS lookups and some +IP addresses have no valid reverse DNS entries. If the problem persists, +consider disabling reverse DNS lookups until the issue with the DNS can be +resolved. +----- amqcrhna.c : 581 -------------------------------------------------------- +10/10/2018 08:17:44 - Process(24292.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is 0 +(X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +10/10/2018 08:17:44 - Process(24292.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 24292(24296) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +10/10/2018 08:37:36 - Process(23436.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +10/10/2018 08:37:44 - Process(23436.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9788: Slow DNS lookup for address 'test'. + +EXPLANATION: +An attempt to resolve address 'test' using the 'getaddrinfo' function call took +6 seconds to complete. This might indicate a problem with the DNS +configuration. +ACTION: +Ensure that DNS is correctly configured on the local system. + +If the address was an IP address then the slow operation was a reverse DNS +lookup. Some DNS configurations are not capable of reverse DNS lookups and some +IP addresses have no valid reverse DNS entries. If the problem persists, +consider disabling reverse DNS lookups until the issue with the DNS can be +resolved. +----- amqcrhna.c : 581 -------------------------------------------------------- +10/10/2018 08:37:45 - Process(23436.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is 0 +(X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +10/10/2018 08:37:45 - Process(23436.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 23436(19380) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +10/10/2018 08:57:36 - Process(18844.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +10/10/2018 08:57:44 - Process(18844.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9788: Slow DNS lookup for address 'test'. + +EXPLANATION: +An attempt to resolve address 'test' using the 'getaddrinfo' function call took +6 seconds to complete. This might indicate a problem with the DNS +configuration. +ACTION: +Ensure that DNS is correctly configured on the local system. + +If the address was an IP address then the slow operation was a reverse DNS +lookup. Some DNS configurations are not capable of reverse DNS lookups and some +IP addresses have no valid reverse DNS entries. If the problem persists, +consider disabling reverse DNS lookups until the issue with the DNS can be +resolved. +----- amqcrhna.c : 581 -------------------------------------------------------- +10/10/2018 08:57:44 - Process(18844.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is 0 +(X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +10/10/2018 08:57:44 - Process(18844.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 18844(23556) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +10/10/2018 09:17:36 - Process(20400.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +10/10/2018 09:17:45 - Process(20400.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9788: Slow DNS lookup for address 'test'. + +EXPLANATION: +An attempt to resolve address 'test' using the 'getaddrinfo' function call took +7 seconds to complete. This might indicate a problem with the DNS +configuration. +ACTION: +Ensure that DNS is correctly configured on the local system. + +If the address was an IP address then the slow operation was a reverse DNS +lookup. Some DNS configurations are not capable of reverse DNS lookups and some +IP addresses have no valid reverse DNS entries. If the problem persists, +consider disabling reverse DNS lookups until the issue with the DNS can be +resolved. +----- amqcrhna.c : 581 -------------------------------------------------------- +10/10/2018 09:17:45 - Process(20400.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is 0 +(X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +10/10/2018 09:17:45 - Process(20400.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 20400(3388) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +10/10/2018 16:00:26 - Process(4300.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +10/10/2018 16:00:29 - Process(4300.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +10/10/2018 16:00:29 - Process(4300.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 4300(11004) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +10/10/2018 16:20:26 - Process(23824.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +10/10/2018 16:20:29 - Process(23824.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +10/10/2018 16:20:29 - Process(23824.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 23824(19004) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +10/10/2018 16:40:26 - Process(23780.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +10/10/2018 16:40:29 - Process(23780.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +10/10/2018 16:40:29 - Process(23780.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 23780(19628) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +10/10/2018 17:00:26 - Process(7956.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +10/10/2018 17:00:29 - Process(7956.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +10/10/2018 17:00:29 - Process(7956.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 7956(20224) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +10/10/2018 18:42:04 - Process(19848.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +10/10/2018 18:42:07 - Process(19848.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +10/10/2018 18:42:07 - Process(19848.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 19848(10348) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +10/10/2018 19:02:04 - Process(22640.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +10/10/2018 19:02:07 - Process(22640.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +10/10/2018 19:02:07 - Process(22640.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 22640(3544) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +10/10/2018 19:22:04 - Process(14584.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +10/10/2018 19:22:07 - Process(14584.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +10/10/2018 19:22:07 - Process(14584.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 14584(21408) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +11/10/2018 08:15:20 - Process(7012.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 08:15:23 - Process(7012.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +11/10/2018 08:15:23 - Process(7012.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 7012(15400) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +11/10/2018 08:35:20 - Process(6716.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 08:35:23 - Process(6716.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +11/10/2018 08:35:23 - Process(6716.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 6716(22344) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +11/10/2018 08:55:20 - Process(14260.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 08:55:23 - Process(14260.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +11/10/2018 08:55:23 - Process(14260.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 14260(9340) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +11/10/2018 09:15:20 - Process(4560.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:15:23 - Process(4560.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +11/10/2018 09:15:23 - Process(4560.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 4560(16512) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +11/10/2018 09:35:20 - Process(19988.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9002: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:35:23 - Process(19988.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9202: Remote host 'test' not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1664 ------------------------------------------------------- +11/10/2018 09:35:23 - Process(19988.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9999: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 19988(19760) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1095 ------------------------------------------------------- +11/10/2018 09:55:07 - Process(9272.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9411: Repository manager ended normally. + +EXPLANATION: +The repository manager ended normally. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(9120.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED_DELIVERY' has ended. + +EXPLANATION: +The queue manager task DEFERRED_DELIVERY has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(9644.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ9542: Queue manager is ending. + +EXPLANATION: +The program will end because the queue manager is quiescing. +ACTION: +None. +----- amqrimna.c : 1071 ------------------------------------------------------- +11/10/2018 09:55:07 - Process(8816.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(9560.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5025: The command server has ended. ProcessId(9656). + +EXPLANATION: +The command server process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8816.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(9560.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5023: The channel initiator has ended. ProcessId(9644). + +EXPLANATION: +The channel initiator process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8816.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8816.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8816.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8816.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(9560.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5027: The listener 'LISTENER.TCP' has ended. ProcessId(9664). + +EXPLANATION: +The listener process has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8816.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8816.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8816.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8040.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8040.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8040.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8040.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(9120.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8816.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(9120.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(9120.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(9120.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(9120.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8040.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8040.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8040.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8040.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Command Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8040.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Publish Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has ended. +ACTION: + +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(9524.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5807: Queued Publish/Subscribe Daemon for queue manager QM1 ended. + +EXPLANATION: +The Queued Publish/Subscribe Daemon on queue manager QM1 has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8816.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8816.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8816.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8816.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8816.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8816.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8816.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8816.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(9120.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(9120.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(9120.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8040.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8040.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5976: 'IBM MQ Distributed Pub/Sub Controller' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has ended. +ACTION: + +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8040.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(9120.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'ERROR-LOG' has ended. + +EXPLANATION: +The queue manager task ERROR-LOG has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8816.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'CHECKPOINT' has ended. + +EXPLANATION: +The queue manager task CHECKPOINT has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(8816.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ5041: The queue manager task 'LOGGER-IO' has ended. + +EXPLANATION: +The queue manager task LOGGER-IO has ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 09:55:07 - Process(7980.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.0.0.2) QMgr(QM1) + +AMQ8004: IBM MQ queue manager 'QM1' ended. + +EXPLANATION: +IBM MQ queue manager 'QM1' ended. +ACTION: +None. +------------------------------------------------------------------------------- +11/10/2018 10:46:26 - Process(11140.3) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:26.396Z) + ArithInsert2(1) + CommentInsert1(LOGGER-IO) + +AMQ5051I: The queue manager task 'LOGGER-IO' has started. + +EXPLANATION: +The critical utility task manager has started the LOGGER-IO task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:26 - Process(8480.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:26.431Z) + ArithInsert1(5) + CommentInsert1(QM1) + +AMQ7229I: 5 log records accessed on queue manager 'QM1' during the log replay +phase. + +EXPLANATION: +5 log records have been accessed so far on queue manager QM1 during the log +replay phase in order to bring the queue manager back to a previously known +state. +ACTION: +None. +----- amqalms0.c : 1010 ------------------------------------------------------- +11/10/2018 10:46:26 - Process(8480.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:26.433Z) + ArithInsert1(5) + CommentInsert1(QM1) + +AMQ7230I: Log replay for queue manager 'QM1' complete. + +EXPLANATION: +The log replay phase of the queue manager restart process has been completed +for queue manager QM1. +ACTION: +None. +----- amqalms0.c : 1015 ------------------------------------------------------- +11/10/2018 10:46:26 - Process(8480.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:26.442Z) + CommentInsert1(QM1) + +AMQ7231I: 0 log records accessed on queue manager 'QM1' during the recovery +phase. + +EXPLANATION: +0 log records have been accessed so far on queue manager QM1 during the +recovery phase of the transactions manager state. +ACTION: +None. +----- amqatmra.c : 713 -------------------------------------------------------- +11/10/2018 10:46:26 - Process(8480.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:26.444Z) + CommentInsert1(QM1) + +AMQ7232I: Transaction manager state recovered for queue manager 'QM1'. + +EXPLANATION: +The state of transactions at the time the queue manager ended has been +recovered for queue manager QM1. +ACTION: +None. +----- amqatmra.c : 718 -------------------------------------------------------- +11/10/2018 10:46:26 - Process(8480.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:26.453Z) + CommentInsert1(QM1) + +AMQ7233I: 0 out of 0 in-flight transactions resolved for queue manager 'QM1'. + +EXPLANATION: +0 transactions out of 0 in-flight at the time queue manager QM1 ended have been +resolved. +ACTION: +None. +----- amqatmra.c : 1315 ------------------------------------------------------- +11/10/2018 10:46:26 - Process(11140.8) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:26.510Z) + ArithInsert2(1) + CommentInsert1(CHECKPOINT) + +AMQ5051I: The queue manager task 'CHECKPOINT' has started. + +EXPLANATION: +The critical utility task manager has started the CHECKPOINT task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:26 - Process(1728.4) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:26.993Z) + ArithInsert2(1) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:26 - Process(1728.3) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:26.993Z) + ArithInsert2(1) + CommentInsert1(ERROR-LOG) + +AMQ5037I: The queue manager task 'ERROR-LOG' has started. + +EXPLANATION: +The restartable utility task manager has started the ERROR-LOG task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:26 - Process(1728.5) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:26.994Z) + ArithInsert2(2) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 2 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:26 - Process(1728.6) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:26.994Z) + ArithInsert2(3) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 3 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:26 - Process(1728.7) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:26.994Z) + ArithInsert2(4) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 4 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(8480.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.191Z) + ArithInsert1(1) + CommentInsert1(0) + +AMQ8048I: Default objects statistics : 1 created. 0 replaced. 0 failed. + +EXPLANATION: +Information on the number of objects created or replaced successfully as well +as any failures that occurred while creating the default objects. +ACTION: +None. +----- amqzcdo0.c : 7074 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(8480.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.195Z) + CommentInsert1(9.1.0.0) + CommentInsert3(QM1) + +AMQ8003I: IBM MQ queue manager 'QM1' started using V9.1.0.0. + +EXPLANATION: +IBM MQ queue manager 'QM1' started using V9.1.0.0. +ACTION: +None. +----- amqzxma0.c : 4119 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(1728.9) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.195Z) + ArithInsert2(1) + CommentInsert1(DEFERRED_DELIVERY) + +AMQ5037I: The queue manager task 'DEFERRED_DELIVERY' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED_DELIVERY task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(1728.10) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.318Z) + ArithInsert2(1) + CommentInsert1(DEFERRED-MSG) + +AMQ5037I: The queue manager task 'DEFERRED-MSG' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED-MSG task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(11140.19) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.318Z) + ArithInsert2(1) + CommentInsert1(ACTVTRC) + +AMQ5051I: The queue manager task 'ACTVTRC' has started. + +EXPLANATION: +The critical utility task manager has started the ACTVTRC task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(1728.11) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.318Z) + ArithInsert2(1) + CommentInsert1(STATISTICS) + +AMQ5037I: The queue manager task 'STATISTICS' has started. + +EXPLANATION: +The restartable utility task manager has started the STATISTICS task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(11140.20) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.319Z) + ArithInsert2(1) + CommentInsert1(ASYNCQ) + +AMQ5051I: The queue manager task 'ASYNCQ' has started. + +EXPLANATION: +The critical utility task manager has started the ASYNCQ task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(11140.22) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.319Z) + ArithInsert2(1) + CommentInsert1(DUR-SUBS-MGR) + +AMQ5051I: The queue manager task 'DUR-SUBS-MGR' has started. + +EXPLANATION: +The critical utility task manager has started the DUR-SUBS-MGR task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(11140.21) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.319Z) + ArithInsert2(1) + CommentInsert1(EXPIRER) + +AMQ5051I: The queue manager task 'EXPIRER' has started. + +EXPLANATION: +The critical utility task manager has started the EXPIRER task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(9592.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.320Z) + +AMQ9410I: Repository manager started. + +EXPLANATION: +The repository manager started successfully. +ACTION: +None. +----- amqrrmfa.c : 2195 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(11140.23) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.334Z) + ArithInsert2(1) + CommentInsert1(TOPIC-TREE) + +AMQ5051I: The queue manager task 'TOPIC-TREE' has started. + +EXPLANATION: +The critical utility task manager has started the TOPIC-TREE task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(14396.3) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.334Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-CTRLR) + +AMQ5052I: The queue manager task 'QPUBSUB-CTRLR' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the QPUBSUB-CTRLR task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(1728.12) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.334Z) + ArithInsert2(1) + CommentInsert1(MARKINTSCAN) + +AMQ5037I: The queue manager task 'MARKINTSCAN' has started. + +EXPLANATION: +The restartable utility task manager has started the MARKINTSCAN task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(14396.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.335Z) + ArithInsert2(1) + CommentInsert1(PUBSUB-DAEMON) + +AMQ5052I: The queue manager task 'PUBSUB-DAEMON' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the PUBSUB-DAEMON task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(11140.24) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.334Z) + ArithInsert2(1) + CommentInsert1(RESOURCE_MONITOR) + +AMQ5051I: The queue manager task 'RESOURCE_MONITOR' has started. + +EXPLANATION: +The critical utility task manager has started the RESOURCE_MONITOR task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(14396.5) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.334Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-SUBPT-NLCACHE) + +AMQ5052I: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-SUBPT-NLCACHE task. This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(14396.4) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.334Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-QUEUE-NLCACHE) + +AMQ5052I: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-QUEUE-NLCACHE task. This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(14396.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.335Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Controller) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Controller' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has started. +ACTION: +None. +----- cmqxzmup.c : 3951 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(11140.26) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.335Z) + ArithInsert2(1) + CommentInsert1(PRESERVED-Q) + +AMQ5051I: The queue manager task 'PRESERVED-Q' has started. + +EXPLANATION: +The critical utility task manager has started the PRESERVED-Q task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(11140.25) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.334Z) + ArithInsert2(1) + CommentInsert1(Q-DELETION) + +AMQ5051I: The queue manager task 'Q-DELETION' has started. + +EXPLANATION: +The critical utility task manager has started the Q-DELETION task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(11140.27) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.335Z) + ArithInsert2(1) + CommentInsert1(MULTICAST) + +AMQ5051I: The queue manager task 'MULTICAST' has started. + +EXPLANATION: +The critical utility task manager has started the MULTICAST task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(14396.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.339Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Fan Out Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Fan Out Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +11/10/2018 10:46:27 - Process(14396.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.339Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Command Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Command Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +11/10/2018 10:46:27 - Process(14396.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.346Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Publish Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Publish Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +11/10/2018 10:46:27 - Process(6864.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.451Z) + ArithInsert1(11932) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ5022I: The channel initiator has started. ProcessId(11932). + +EXPLANATION: +The channel initiator process has started. +ACTION: +None. +----- amqzmgr0.c : 2932 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(6864.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.481Z) + ArithInsert1(9596) + CommentInsert1(SYSTEM.CMDSERVER.1) + +AMQ5024I: The command server has started. ProcessId(9596). + +EXPLANATION: +The command server process has started. +ACTION: +None. +----- amqzmgr0.c : 2941 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(15688.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.482Z) + CommentInsert1(QM1) + +AMQ5806I: Queued Publish/Subscribe Daemon started for queue manager QM1. + +EXPLANATION: +Queued Publish/Subscribe Daemon started for queue manager QM1. +ACTION: +None. +----- cmqxfcxc.c : 1397 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(6864.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.520Z) + ArithInsert1(17532) + CommentInsert1(LISTENER.TCP) + +AMQ5026I: The listener 'LISTENER.TCP' has started. ProcessId(17532). + +EXPLANATION: +The listener process has started. +ACTION: +None. +----- amqzmgr0.c : 2949 ------------------------------------------------------- +11/10/2018 10:46:27 - Process(11932.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.635Z) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ8024I: IBM MQ channel initiator started. + +EXPLANATION: +The channel initiator for queue SYSTEM.CHANNEL.INITQ has been started. +ACTION: +None. +----- amqrimna.c : 866 -------------------------------------------------------- +11/10/2018 10:46:27 - Process(4288.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:27.732Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +11/10/2018 10:46:31 - Process(4288.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:31.027Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +11/10/2018 10:46:31 - Process(4288.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T08:46:31.028Z) + CommentInsert1(test) + CommentInsert2(4288(18184)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 4288(18184) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +11/10/2018 11:06:27 - Process(17604.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T09:06:27.718Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +11/10/2018 11:06:31 - Process(17604.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T09:06:31.013Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +11/10/2018 11:06:31 - Process(17604.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T09:06:31.013Z) + CommentInsert1(test) + CommentInsert2(17604(11944)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 17604(11944) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +11/10/2018 11:26:27 - Process(2352.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T09:26:27.728Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +11/10/2018 11:26:31 - Process(2352.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T09:26:31.029Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +11/10/2018 11:26:31 - Process(2352.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T09:26:31.030Z) + CommentInsert1(test) + CommentInsert2(2352(16440)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 2352(16440) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +11/10/2018 11:46:27 - Process(4136.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T09:46:27.745Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +11/10/2018 11:46:31 - Process(4136.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T09:46:31.041Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +11/10/2018 11:46:31 - Process(4136.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T09:46:31.042Z) + CommentInsert1(test) + CommentInsert2(4136(16388)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 4136(16388) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +11/10/2018 12:06:27 - Process(18688.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T10:06:27.765Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +11/10/2018 12:06:31 - Process(18688.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T10:06:31.051Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +11/10/2018 12:06:31 - Process(18688.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T10:06:31.052Z) + CommentInsert1(test) + CommentInsert2(18688(18576)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 18688(18576) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +11/10/2018 12:39:31 - Process(20684.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T10:39:31.074Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +11/10/2018 12:39:34 - Process(20684.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T10:39:34.373Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +11/10/2018 12:39:34 - Process(20684.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T10:39:34.373Z) + CommentInsert1(test) + CommentInsert2(20684(20688)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 20684(20688) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +11/10/2018 12:59:31 - Process(15044.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T10:59:31.072Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +11/10/2018 12:59:34 - Process(15044.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T10:59:34.371Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +11/10/2018 12:59:34 - Process(15044.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T10:59:34.372Z) + CommentInsert1(test) + CommentInsert2(15044(19824)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 15044(19824) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +11/10/2018 13:19:31 - Process(11252.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T11:19:31.089Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +11/10/2018 13:19:34 - Process(11252.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T11:19:34.387Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +11/10/2018 13:19:34 - Process(11252.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T11:19:34.388Z) + CommentInsert1(test) + CommentInsert2(11252(12668)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 11252(12668) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +11/10/2018 13:39:31 - Process(4288.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T11:39:31.099Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +11/10/2018 13:39:34 - Process(4288.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T11:39:34.395Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +11/10/2018 13:39:34 - Process(4288.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T11:39:34.395Z) + CommentInsert1(test) + CommentInsert2(4288(11148)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 4288(11148) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +11/10/2018 13:59:31 - Process(18492.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T11:59:31.102Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +11/10/2018 13:59:34 - Process(18492.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T11:59:34.397Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +11/10/2018 13:59:34 - Process(18492.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T11:59:34.398Z) + CommentInsert1(test) + CommentInsert2(18492(5916)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 18492(5916) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +11/10/2018 14:19:31 - Process(264.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T12:19:31.115Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +11/10/2018 14:19:34 - Process(264.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T12:19:34.404Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +11/10/2018 14:19:34 - Process(264.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T12:19:34.404Z) + CommentInsert1(test) + CommentInsert2(264(18444)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 264(18444) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +11/10/2018 14:39:31 - Process(3452.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T12:39:31.138Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +11/10/2018 14:39:34 - Process(3452.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T12:39:34.437Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +11/10/2018 14:39:34 - Process(3452.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T12:39:34.438Z) + CommentInsert1(test) + CommentInsert2(3452(9756)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 3452(9756) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +11/10/2018 14:59:31 - Process(18648.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T12:59:31.146Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +11/10/2018 14:59:34 - Process(18648.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T12:59:34.441Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +11/10/2018 14:59:34 - Process(18648.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T12:59:34.441Z) + CommentInsert1(test) + CommentInsert2(18648(7976)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 18648(7976) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +11/10/2018 15:19:31 - Process(18356.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T13:19:31.156Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +11/10/2018 15:19:34 - Process(18356.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T13:19:34.455Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +11/10/2018 15:19:34 - Process(18356.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T13:19:34.455Z) + CommentInsert1(test) + CommentInsert2(18356(17996)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 18356(17996) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +11/10/2018 15:39:31 - Process(18012.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T13:39:31.166Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +11/10/2018 15:39:34 - Process(18012.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T13:39:34.466Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +11/10/2018 15:39:34 - Process(18012.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T13:39:34.466Z) + CommentInsert1(test) + CommentInsert2(18012(5992)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 18012(5992) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +11/10/2018 15:59:31 - Process(2036.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T13:59:31.183Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +11/10/2018 15:59:34 - Process(2036.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T13:59:34.490Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +11/10/2018 15:59:34 - Process(2036.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-11T13:59:34.491Z) + CommentInsert1(test) + CommentInsert2(2036(16884)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 2036(16884) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +12/10/2018 08:12:54 - Process(24048.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T06:12:54.838Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +12/10/2018 08:12:58 - Process(24048.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T06:12:58.133Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +12/10/2018 08:12:58 - Process(24048.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T06:12:58.134Z) + CommentInsert1(test) + CommentInsert2(24048(18912)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 24048(18912) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +12/10/2018 08:32:54 - Process(23056.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T06:32:54.856Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +12/10/2018 08:32:58 - Process(23056.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T06:32:58.151Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +12/10/2018 08:32:58 - Process(23056.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T06:32:58.152Z) + CommentInsert1(test) + CommentInsert2(23056(9584)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 23056(9584) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +12/10/2018 08:52:54 - Process(24384.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T06:52:54.866Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +12/10/2018 08:52:58 - Process(24384.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T06:52:58.158Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +12/10/2018 08:52:58 - Process(24384.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T06:52:58.159Z) + CommentInsert1(test) + CommentInsert2(24384(23972)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 24384(23972) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +12/10/2018 09:12:54 - Process(21664.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T07:12:54.881Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +12/10/2018 09:12:58 - Process(21664.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T07:12:58.172Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +12/10/2018 09:12:58 - Process(21664.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T07:12:58.173Z) + CommentInsert1(test) + CommentInsert2(21664(20908)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 21664(20908) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +12/10/2018 09:32:54 - Process(7856.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T07:32:54.992Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +12/10/2018 09:32:58 - Process(7856.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T07:32:58.293Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +12/10/2018 09:32:58 - Process(7856.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T07:32:58.294Z) + CommentInsert1(test) + CommentInsert2(7856(3552)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 7856(3552) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +12/10/2018 09:52:54 - Process(20432.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T07:52:54.919Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +12/10/2018 09:52:58 - Process(20432.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T07:52:58.212Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +12/10/2018 09:52:58 - Process(20432.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T07:52:58.212Z) + CommentInsert1(test) + CommentInsert2(20432(21896)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 20432(21896) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +12/10/2018 10:12:54 - Process(10276.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T08:12:54.933Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +12/10/2018 10:12:58 - Process(10276.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T08:12:58.233Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +12/10/2018 10:12:58 - Process(10276.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T08:12:58.234Z) + CommentInsert1(test) + CommentInsert2(10276(21204)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 10276(21204) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +12/10/2018 10:32:54 - Process(14704.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T08:32:54.961Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +12/10/2018 10:32:58 - Process(14704.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T08:32:58.266Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +12/10/2018 10:32:58 - Process(14704.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T08:32:58.267Z) + CommentInsert1(test) + CommentInsert2(14704(21576)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 14704(21576) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +12/10/2018 10:52:54 - Process(18872.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T08:52:54.968Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +12/10/2018 10:52:58 - Process(18872.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T08:52:58.255Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +12/10/2018 10:52:58 - Process(18872.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T08:52:58.256Z) + CommentInsert1(test) + CommentInsert2(18872(18632)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 18872(18632) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +12/10/2018 11:12:54 - Process(16720.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T09:12:54.984Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +12/10/2018 11:12:58 - Process(16720.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T09:12:58.280Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +12/10/2018 11:12:58 - Process(16720.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T09:12:58.281Z) + CommentInsert1(test) + CommentInsert2(16720(21880)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 16720(21880) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +12/10/2018 11:32:55 - Process(8732.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T09:32:55.000Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +12/10/2018 11:32:58 - Process(8732.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T09:32:58.291Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +12/10/2018 11:32:58 - Process(8732.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T09:32:58.292Z) + CommentInsert1(test) + CommentInsert2(8732(4400)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 8732(4400) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +12/10/2018 11:52:55 - Process(18032.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T09:52:55.012Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +12/10/2018 11:52:58 - Process(18032.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T09:52:58.309Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +12/10/2018 11:52:58 - Process(18032.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T09:52:58.310Z) + CommentInsert1(test) + CommentInsert2(18032(14648)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 18032(14648) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +12/10/2018 12:12:56 - Process(24124.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T10:12:56.025Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +12/10/2018 12:12:59 - Process(24124.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T10:12:59.328Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +12/10/2018 12:12:59 - Process(24124.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T10:12:59.328Z) + CommentInsert1(test) + CommentInsert2(24124(12076)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 24124(12076) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +12/10/2018 12:32:57 - Process(20780.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T10:32:57.046Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +12/10/2018 12:33:00 - Process(20780.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T10:33:00.345Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +12/10/2018 12:33:00 - Process(20780.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T10:33:00.345Z) + CommentInsert1(test) + CommentInsert2(20780(12812)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 20780(12812) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +12/10/2018 12:52:58 - Process(22292.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T10:52:58.066Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +12/10/2018 12:53:01 - Process(22292.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T10:53:01.386Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +12/10/2018 12:53:01 - Process(22292.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T10:53:01.387Z) + CommentInsert1(test) + CommentInsert2(22292(15136)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 22292(15136) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +12/10/2018 13:12:58 - Process(20820.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T11:12:58.094Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +12/10/2018 13:13:01 - Process(20820.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T11:13:01.454Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +12/10/2018 13:13:01 - Process(20820.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T11:13:01.455Z) + CommentInsert1(test) + CommentInsert2(20820(7108)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 20820(7108) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +12/10/2018 13:32:58 - Process(4800.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T11:32:58.116Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +12/10/2018 13:33:01 - Process(4800.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T11:33:01.625Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +12/10/2018 13:33:01 - Process(4800.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T11:33:01.625Z) + CommentInsert1(test) + CommentInsert2(4800(12036)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 4800(12036) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +12/10/2018 13:52:58 - Process(17964.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T11:52:58.134Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +12/10/2018 13:53:01 - Process(17964.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T11:53:01.446Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +12/10/2018 13:53:01 - Process(17964.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T11:53:01.447Z) + CommentInsert1(test) + CommentInsert2(17964(20820)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 17964(20820) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +12/10/2018 14:12:58 - Process(18868.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T12:12:58.261Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +12/10/2018 14:13:01 - Process(18868.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T12:13:01.865Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +12/10/2018 14:13:01 - Process(18868.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T12:13:01.866Z) + CommentInsert1(test) + CommentInsert2(18868(21584)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 18868(21584) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +12/10/2018 14:32:58 - Process(14828.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T12:32:58.233Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +12/10/2018 14:33:01 - Process(14828.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T12:33:01.575Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +12/10/2018 14:33:01 - Process(14828.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T12:33:01.576Z) + CommentInsert1(test) + CommentInsert2(14828(4244)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 14828(4244) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +12/10/2018 14:52:58 - Process(23884.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T12:52:58.310Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +12/10/2018 14:53:01 - Process(23884.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T12:53:01.630Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +12/10/2018 14:53:01 - Process(23884.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T12:53:01.630Z) + CommentInsert1(test) + CommentInsert2(23884(5304)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 23884(5304) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +12/10/2018 19:55:21 - Process(23512.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T17:55:21.501Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +12/10/2018 19:55:24 - Process(23512.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T17:55:24.834Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +12/10/2018 19:55:24 - Process(23512.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-12T17:55:24.835Z) + CommentInsert1(test) + CommentInsert2(23512(26648)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 23512(26648) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 08:19:17 - Process(31732.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T06:19:17.296Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 08:19:20 - Process(31732.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T06:19:20.602Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 08:19:20 - Process(31732.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T06:19:20.603Z) + CommentInsert1(test) + CommentInsert2(31732(30932)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 31732(30932) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 08:39:17 - Process(26136.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T06:39:17.356Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 08:39:20 - Process(26136.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T06:39:20.662Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 08:39:20 - Process(26136.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T06:39:20.662Z) + CommentInsert1(test) + CommentInsert2(26136(19888)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 26136(19888) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 08:59:17 - Process(29580.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T06:59:17.283Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 08:59:20 - Process(29580.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T06:59:20.588Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 08:59:20 - Process(29580.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T06:59:20.589Z) + CommentInsert1(test) + CommentInsert2(29580(30916)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 29580(30916) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 09:19:17 - Process(28384.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T07:19:17.330Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 09:19:20 - Process(28384.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T07:19:20.631Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 09:19:20 - Process(28384.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T07:19:20.631Z) + CommentInsert1(test) + CommentInsert2(28384(11612)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 28384(11612) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 09:39:17 - Process(21324.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T07:39:17.330Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 09:39:20 - Process(21324.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T07:39:20.632Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 09:39:20 - Process(21324.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T07:39:20.632Z) + CommentInsert1(test) + CommentInsert2(21324(26780)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 21324(26780) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 09:59:17 - Process(24352.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T07:59:17.319Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 09:59:20 - Process(24352.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T07:59:20.629Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 09:59:20 - Process(24352.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T07:59:20.630Z) + CommentInsert1(test) + CommentInsert2(24352(26080)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 24352(26080) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 10:19:17 - Process(25852.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T08:19:17.366Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 10:19:20 - Process(25852.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T08:19:20.673Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 10:19:20 - Process(25852.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T08:19:20.674Z) + CommentInsert1(test) + CommentInsert2(25852(26636)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 25852(26636) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 10:39:17 - Process(30016.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T08:39:17.410Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 10:39:20 - Process(30016.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T08:39:20.704Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 10:39:20 - Process(30016.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T08:39:20.705Z) + CommentInsert1(test) + CommentInsert2(30016(16404)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 30016(16404) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 10:59:17 - Process(15140.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T08:59:17.384Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 10:59:20 - Process(15140.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T08:59:20.678Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 10:59:20 - Process(15140.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T08:59:20.679Z) + CommentInsert1(test) + CommentInsert2(15140(24424)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 15140(24424) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 11:19:17 - Process(8976.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T09:19:17.370Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 11:19:20 - Process(8976.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T09:19:20.663Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 11:19:20 - Process(8976.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T09:19:20.663Z) + CommentInsert1(test) + CommentInsert2(8976(10872)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 8976(10872) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 11:39:17 - Process(26656.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T09:39:17.374Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 11:39:20 - Process(26656.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T09:39:20.671Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 11:39:20 - Process(26656.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T09:39:20.671Z) + CommentInsert1(test) + CommentInsert2(26656(20828)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 26656(20828) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 11:59:17 - Process(5980.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T09:59:17.382Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 11:59:20 - Process(5980.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T09:59:20.682Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 11:59:20 - Process(5980.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T09:59:20.683Z) + CommentInsert1(test) + CommentInsert2(5980(19300)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 5980(19300) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 12:19:17 - Process(26200.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T10:19:17.924Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 12:19:21 - Process(26200.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T10:19:21.219Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 12:19:21 - Process(26200.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T10:19:21.220Z) + CommentInsert1(test) + CommentInsert2(26200(28384)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 26200(28384) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 12:39:17 - Process(29064.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T10:39:17.941Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 12:39:21 - Process(29064.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T10:39:21.232Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 12:39:21 - Process(29064.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T10:39:21.233Z) + CommentInsert1(test) + CommentInsert2(29064(20376)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 29064(20376) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 12:59:17 - Process(25424.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T10:59:17.969Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 12:59:21 - Process(25424.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T10:59:21.273Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 12:59:21 - Process(25424.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T10:59:21.274Z) + CommentInsert1(test) + CommentInsert2(25424(29688)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 25424(29688) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 13:19:17 - Process(30240.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T11:19:17.977Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 13:19:21 - Process(30240.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T11:19:21.281Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 13:19:21 - Process(30240.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T11:19:21.281Z) + CommentInsert1(test) + CommentInsert2(30240(26340)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 30240(26340) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 13:39:17 - Process(29780.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T11:39:17.994Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 13:39:21 - Process(29780.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T11:39:21.282Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 13:39:21 - Process(29780.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T11:39:21.283Z) + CommentInsert1(test) + CommentInsert2(29780(15160)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 29780(15160) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 13:59:17 - Process(28560.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T11:59:17.999Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 13:59:21 - Process(28560.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T11:59:21.303Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 13:59:21 - Process(28560.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T11:59:21.303Z) + CommentInsert1(test) + CommentInsert2(28560(27508)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 28560(27508) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 14:19:18 - Process(27424.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T12:19:18.010Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 14:19:21 - Process(27424.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T12:19:21.300Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 14:19:21 - Process(27424.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T12:19:21.301Z) + CommentInsert1(test) + CommentInsert2(27424(15212)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 27424(15212) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 14:39:19 - Process(14936.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T12:39:19.029Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 14:39:22 - Process(14936.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T12:39:22.320Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 14:39:22 - Process(14936.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T12:39:22.320Z) + CommentInsert1(test) + CommentInsert2(14936(22376)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 14936(22376) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 14:59:20 - Process(31316.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T12:59:20.041Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 14:59:23 - Process(31316.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T12:59:23.341Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 14:59:23 - Process(31316.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T12:59:23.342Z) + CommentInsert1(test) + CommentInsert2(31316(30608)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 31316(30608) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 15:19:21 - Process(19708.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T13:19:21.059Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 15:19:24 - Process(19708.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T13:19:24.361Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 15:19:24 - Process(19708.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T13:19:24.362Z) + CommentInsert1(test) + CommentInsert2(19708(17844)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 19708(17844) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 15:39:21 - Process(20116.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T13:39:21.068Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 15:39:24 - Process(20116.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T13:39:24.365Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 15:39:24 - Process(20116.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T13:39:24.366Z) + CommentInsert1(test) + CommentInsert2(20116(29584)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 20116(29584) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 15:59:21 - Process(25916.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T13:59:21.091Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 15:59:24 - Process(25916.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T13:59:24.386Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 15:59:24 - Process(25916.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T13:59:24.386Z) + CommentInsert1(test) + CommentInsert2(25916(14784)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 25916(14784) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 16:19:21 - Process(23512.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T14:19:21.109Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 16:19:24 - Process(23512.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T14:19:24.409Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 16:19:24 - Process(23512.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T14:19:24.409Z) + CommentInsert1(test) + CommentInsert2(23512(28560)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 23512(28560) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 16:39:21 - Process(23584.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T14:39:21.134Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 16:39:24 - Process(23584.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T14:39:24.426Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 16:39:24 - Process(23584.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T14:39:24.427Z) + CommentInsert1(test) + CommentInsert2(23584(31400)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 23584(31400) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 16:59:21 - Process(24000.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T14:59:21.155Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 16:59:24 - Process(24000.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T14:59:24.451Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 16:59:24 - Process(24000.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T14:59:24.451Z) + CommentInsert1(test) + CommentInsert2(24000(20828)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 24000(20828) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 17:19:21 - Process(28856.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T15:19:21.165Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 17:19:24 - Process(28856.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T15:19:24.468Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 17:19:24 - Process(28856.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T15:19:24.469Z) + CommentInsert1(test) + CommentInsert2(28856(15144)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 28856(15144) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 17:39:21 - Process(256.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T15:39:21.183Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 17:39:24 - Process(256.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T15:39:24.476Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 17:39:24 - Process(256.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T15:39:24.476Z) + CommentInsert1(test) + CommentInsert2(256(19632)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 256(19632) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 17:59:21 - Process(28368.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T15:59:21.198Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 17:59:24 - Process(28368.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T15:59:24.501Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 17:59:24 - Process(28368.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T15:59:24.502Z) + CommentInsert1(test) + CommentInsert2(28368(31596)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 28368(31596) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 18:19:21 - Process(27248.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T16:19:21.223Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 18:19:24 - Process(27248.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T16:19:24.520Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 18:19:24 - Process(27248.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T16:19:24.521Z) + CommentInsert1(test) + CommentInsert2(27248(21692)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 27248(21692) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 18:39:21 - Process(1048.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T16:39:21.245Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 18:39:24 - Process(1048.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T16:39:24.543Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 18:39:24 - Process(1048.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T16:39:24.543Z) + CommentInsert1(test) + CommentInsert2(1048(28088)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 1048(28088) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 18:59:21 - Process(29948.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T16:59:21.268Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 18:59:24 - Process(29948.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T16:59:24.564Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 18:59:24 - Process(29948.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T16:59:24.564Z) + CommentInsert1(test) + CommentInsert2(29948(30788)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 29948(30788) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 19:19:21 - Process(27748.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T17:19:21.288Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 19:19:24 - Process(27748.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T17:19:24.578Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 19:19:24 - Process(27748.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T17:19:24.578Z) + CommentInsert1(test) + CommentInsert2(27748(28408)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 27748(28408) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 19:39:21 - Process(29572.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T17:39:21.303Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 19:39:24 - Process(29572.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T17:39:24.604Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 19:39:24 - Process(29572.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T17:39:24.604Z) + CommentInsert1(test) + CommentInsert2(29572(22032)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 29572(22032) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 19:59:21 - Process(34548.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T17:59:21.678Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 19:59:25 - Process(34548.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T17:59:25.002Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 19:59:25 - Process(34548.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T17:59:25.003Z) + CommentInsert1(test) + CommentInsert2(34548(22420)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 34548(22420) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 21:02:56 - Process(32136.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T19:02:56.780Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 21:03:00 - Process(32136.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T19:03:00.072Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 21:03:00 - Process(32136.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T19:03:00.072Z) + CommentInsert1(test) + CommentInsert2(32136(35152)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 32136(35152) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 21:22:57 - Process(21928.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T19:22:57.050Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 21:23:00 - Process(21928.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T19:23:00.395Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 21:23:00 - Process(21928.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T19:23:00.396Z) + CommentInsert1(test) + CommentInsert2(21928(35344)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 21928(35344) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 21:42:57 - Process(21964.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T19:42:57.839Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 21:43:01 - Process(21964.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T19:43:01.194Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 21:43:01 - Process(21964.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T19:43:01.194Z) + CommentInsert1(test) + CommentInsert2(21964(34556)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 21964(34556) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +15/10/2018 22:02:57 - Process(20244.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T20:02:57.879Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +15/10/2018 22:03:01 - Process(20244.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T20:03:01.183Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +15/10/2018 22:03:01 - Process(20244.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-15T20:03:01.183Z) + CommentInsert1(test) + CommentInsert2(20244(5524)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 20244(5524) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 08:11:18 - Process(37148.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T06:11:18.466Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 08:11:21 - Process(37148.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T06:11:21.773Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 08:11:21 - Process(37148.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T06:11:21.774Z) + CommentInsert1(test) + CommentInsert2(37148(37144)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 37148(37144) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 08:31:18 - Process(28084.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T06:31:18.558Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 08:31:21 - Process(28084.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T06:31:21.865Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 08:31:21 - Process(28084.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T06:31:21.865Z) + CommentInsert1(test) + CommentInsert2(28084(25452)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 28084(25452) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 08:51:18 - Process(34652.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T06:51:18.435Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 08:51:21 - Process(34652.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T06:51:21.720Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 08:51:21 - Process(34652.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T06:51:21.720Z) + CommentInsert1(test) + CommentInsert2(34652(22120)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 34652(22120) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 09:11:18 - Process(37208.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T07:11:18.431Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 09:11:21 - Process(37208.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T07:11:21.744Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 09:11:21 - Process(37208.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T07:11:21.745Z) + CommentInsert1(test) + CommentInsert2(37208(37664)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 37208(37664) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 09:31:18 - Process(27344.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T07:31:18.457Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 09:31:21 - Process(27344.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T07:31:21.747Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 09:31:21 - Process(27344.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T07:31:21.747Z) + CommentInsert1(test) + CommentInsert2(27344(33668)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 27344(33668) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 09:51:18 - Process(10260.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T07:51:18.487Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 09:51:21 - Process(10260.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T07:51:21.795Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 09:51:21 - Process(10260.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T07:51:21.796Z) + CommentInsert1(test) + CommentInsert2(10260(36724)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 10260(36724) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 10:11:18 - Process(20728.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T08:11:18.471Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 10:11:21 - Process(20728.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T08:11:21.771Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 10:11:21 - Process(20728.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T08:11:21.772Z) + CommentInsert1(test) + CommentInsert2(20728(29336)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 20728(29336) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 10:31:18 - Process(26880.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T08:31:18.460Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 10:31:21 - Process(26880.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T08:31:21.753Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 10:31:21 - Process(26880.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T08:31:21.753Z) + CommentInsert1(test) + CommentInsert2(26880(4872)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 26880(4872) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 10:51:18 - Process(18036.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T08:51:18.468Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 10:51:21 - Process(18036.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T08:51:21.753Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 10:51:21 - Process(18036.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T08:51:21.754Z) + CommentInsert1(test) + CommentInsert2(18036(25664)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 18036(25664) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 11:11:18 - Process(14404.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T09:11:18.473Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 11:11:21 - Process(14404.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T09:11:21.768Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 11:11:21 - Process(14404.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T09:11:21.768Z) + CommentInsert1(test) + CommentInsert2(14404(28448)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 14404(28448) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 11:31:18 - Process(28168.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T09:31:18.487Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 11:31:21 - Process(28168.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T09:31:21.785Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 11:31:21 - Process(28168.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T09:31:21.786Z) + CommentInsert1(test) + CommentInsert2(28168(34244)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 28168(34244) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 11:51:18 - Process(28388.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T09:51:18.494Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 11:51:21 - Process(28388.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T09:51:21.781Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 11:51:21 - Process(28388.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T09:51:21.782Z) + CommentInsert1(test) + CommentInsert2(28388(37408)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 28388(37408) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 12:11:18 - Process(31632.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T10:11:18.512Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 12:11:21 - Process(31632.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T10:11:21.813Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 12:11:21 - Process(31632.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T10:11:21.814Z) + CommentInsert1(test) + CommentInsert2(31632(34700)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 31632(34700) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 12:31:18 - Process(2880.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T10:31:18.520Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 12:31:21 - Process(2880.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T10:31:21.812Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 12:31:21 - Process(2880.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T10:31:21.812Z) + CommentInsert1(test) + CommentInsert2(2880(34092)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 2880(34092) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 12:51:18 - Process(35544.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T10:51:18.529Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 12:51:21 - Process(35544.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T10:51:21.818Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 12:51:21 - Process(35544.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T10:51:21.818Z) + CommentInsert1(test) + CommentInsert2(35544(27136)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 35544(27136) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 13:11:18 - Process(20748.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T11:11:18.543Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 13:11:21 - Process(20748.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T11:11:21.840Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 13:11:21 - Process(20748.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T11:11:21.841Z) + CommentInsert1(test) + CommentInsert2(20748(6968)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 20748(6968) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 13:31:18 - Process(23508.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T11:31:18.550Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 13:31:21 - Process(23508.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T11:31:21.854Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 13:31:21 - Process(23508.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T11:31:21.855Z) + CommentInsert1(test) + CommentInsert2(23508(37012)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 23508(37012) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 13:51:18 - Process(35092.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T11:51:18.564Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 13:51:21 - Process(35092.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T11:51:21.870Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 13:51:21 - Process(35092.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T11:51:21.871Z) + CommentInsert1(test) + CommentInsert2(35092(33952)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 35092(33952) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 14:11:18 - Process(26368.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T12:11:18.582Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 14:11:21 - Process(26368.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T12:11:21.885Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 14:11:21 - Process(26368.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T12:11:21.886Z) + CommentInsert1(test) + CommentInsert2(26368(26296)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 26368(26296) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 14:31:18 - Process(14360.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T12:31:18.594Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 14:31:21 - Process(14360.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T12:31:21.909Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 14:31:21 - Process(14360.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T12:31:21.910Z) + CommentInsert1(test) + CommentInsert2(14360(33224)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 14360(33224) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 14:51:18 - Process(31904.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T12:51:18.615Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 14:51:21 - Process(31904.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T12:51:21.914Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 14:51:21 - Process(31904.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T12:51:21.914Z) + CommentInsert1(test) + CommentInsert2(31904(36992)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 31904(36992) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 15:11:18 - Process(6964.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T13:11:18.633Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 15:11:21 - Process(6964.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T13:11:21.931Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 15:11:21 - Process(6964.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T13:11:21.932Z) + CommentInsert1(test) + CommentInsert2(6964(18416)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 6964(18416) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 15:31:18 - Process(15228.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T13:31:18.668Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 15:31:21 - Process(15228.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T13:31:21.971Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 15:31:21 - Process(15228.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T13:31:21.972Z) + CommentInsert1(test) + CommentInsert2(15228(27896)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 15228(27896) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 15:51:18 - Process(36752.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T13:51:18.680Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 15:51:21 - Process(36752.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T13:51:21.968Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 15:51:21 - Process(36752.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T13:51:21.968Z) + CommentInsert1(test) + CommentInsert2(36752(33768)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 36752(33768) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 16:11:18 - Process(31216.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T14:11:18.691Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 16:11:21 - Process(31216.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T14:11:21.986Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 16:11:21 - Process(31216.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T14:11:21.987Z) + CommentInsert1(test) + CommentInsert2(31216(8624)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 31216(8624) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 16:31:18 - Process(31904.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T14:31:18.712Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 16:31:22 - Process(31904.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T14:31:22.007Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 16:31:22 - Process(31904.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T14:31:22.007Z) + CommentInsert1(test) + CommentInsert2(31904(11260)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 31904(11260) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 16:51:18 - Process(29136.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T14:51:18.779Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 16:51:22 - Process(29136.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T14:51:22.099Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 16:51:22 - Process(29136.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T14:51:22.100Z) + CommentInsert1(test) + CommentInsert2(29136(13648)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 29136(13648) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 17:11:18 - Process(29424.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T15:11:18.804Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 17:11:22 - Process(29424.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T15:11:22.136Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 17:11:22 - Process(29424.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T15:11:22.137Z) + CommentInsert1(test) + CommentInsert2(29424(24152)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 29424(24152) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 17:31:18 - Process(26920.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T15:31:18.841Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 17:31:22 - Process(26920.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T15:31:22.174Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 17:31:22 - Process(26920.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T15:31:22.175Z) + CommentInsert1(test) + CommentInsert2(26920(30024)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 26920(30024) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +16/10/2018 19:49:05 - Process(1072.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T17:49:05.065Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +16/10/2018 19:49:08 - Process(1072.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T17:49:08.397Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +16/10/2018 19:49:08 - Process(1072.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-16T17:49:08.397Z) + CommentInsert1(test) + CommentInsert2(1072(35172)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 1072(35172) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 08:37:03 - Process(27060.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T06:37:03.252Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 08:37:05 - Process(27060.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T06:37:05.619Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 08:37:05 - Process(27060.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T06:37:05.620Z) + CommentInsert1(test) + CommentInsert2(27060(5188)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 27060(5188) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 08:57:03 - Process(26468.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T06:57:03.829Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 08:57:07 - Process(26468.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T06:57:07.127Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 08:57:07 - Process(26468.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T06:57:07.127Z) + CommentInsert1(test) + CommentInsert2(26468(33444)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 26468(33444) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 09:17:03 - Process(32984.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T07:17:03.703Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 09:17:07 - Process(32984.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T07:17:07.004Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 09:17:07 - Process(32984.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T07:17:07.005Z) + CommentInsert1(test) + CommentInsert2(32984(19656)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 32984(19656) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 09:37:03 - Process(1224.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T07:37:03.829Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 09:37:07 - Process(1224.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T07:37:07.125Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 09:37:07 - Process(1224.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T07:37:07.125Z) + CommentInsert1(test) + CommentInsert2(1224(39584)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 1224(39584) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 09:57:03 - Process(34728.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T07:57:03.730Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 09:57:07 - Process(34728.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T07:57:07.033Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 09:57:07 - Process(34728.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T07:57:07.034Z) + CommentInsert1(test) + CommentInsert2(34728(38536)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 34728(38536) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 10:17:03 - Process(31320.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T08:17:03.753Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 10:17:07 - Process(31320.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T08:17:07.042Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 10:17:07 - Process(31320.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T08:17:07.042Z) + CommentInsert1(test) + CommentInsert2(31320(21964)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 31320(21964) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 10:37:03 - Process(2076.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T08:37:03.765Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 10:37:07 - Process(2076.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T08:37:07.065Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 10:37:07 - Process(2076.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T08:37:07.065Z) + CommentInsert1(test) + CommentInsert2(2076(29224)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 2076(29224) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 10:57:03 - Process(35848.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T08:57:03.778Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 10:57:07 - Process(35848.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T08:57:07.065Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 10:57:07 - Process(35848.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T08:57:07.066Z) + CommentInsert1(test) + CommentInsert2(35848(38676)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 35848(38676) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 11:17:03 - Process(36736.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T09:17:03.790Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 11:17:07 - Process(36736.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T09:17:07.086Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 11:17:07 - Process(36736.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T09:17:07.087Z) + CommentInsert1(test) + CommentInsert2(36736(19652)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 36736(19652) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 11:37:03 - Process(25312.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T09:37:03.808Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 11:37:07 - Process(25312.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T09:37:07.106Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 11:37:07 - Process(25312.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T09:37:07.107Z) + CommentInsert1(test) + CommentInsert2(25312(29336)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 25312(29336) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 11:57:03 - Process(14872.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T09:57:03.829Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 11:57:07 - Process(14872.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T09:57:07.128Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 11:57:07 - Process(14872.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T09:57:07.128Z) + CommentInsert1(test) + CommentInsert2(14872(28904)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 14872(28904) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 12:17:03 - Process(19812.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T10:17:03.836Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 12:17:07 - Process(19812.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T10:17:07.147Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 12:17:07 - Process(19812.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T10:17:07.147Z) + CommentInsert1(test) + CommentInsert2(19812(32684)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 19812(32684) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 12:37:03 - Process(34728.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T10:37:03.859Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 12:37:07 - Process(34728.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T10:37:07.157Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 12:37:07 - Process(34728.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T10:37:07.158Z) + CommentInsert1(test) + CommentInsert2(34728(21388)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 34728(21388) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 12:57:03 - Process(2640.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T10:57:03.862Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 12:57:07 - Process(2640.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T10:57:07.156Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 12:57:07 - Process(2640.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T10:57:07.156Z) + CommentInsert1(test) + CommentInsert2(2640(34032)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 2640(34032) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 13:17:03 - Process(1224.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T11:17:03.880Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 13:17:07 - Process(1224.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T11:17:07.180Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 13:17:07 - Process(1224.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T11:17:07.181Z) + CommentInsert1(test) + CommentInsert2(1224(22640)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 1224(22640) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 13:37:03 - Process(38608.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T11:37:03.894Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 13:37:07 - Process(38608.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T11:37:07.184Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 13:37:07 - Process(38608.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T11:37:07.185Z) + CommentInsert1(test) + CommentInsert2(38608(27456)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 38608(27456) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 13:57:03 - Process(35276.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T11:57:03.914Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 13:57:07 - Process(35276.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T11:57:07.208Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 13:57:07 - Process(35276.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T11:57:07.209Z) + CommentInsert1(test) + CommentInsert2(35276(39508)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 35276(39508) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 14:17:03 - Process(28104.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T12:17:03.911Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 14:17:07 - Process(28104.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T12:17:07.205Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 14:17:07 - Process(28104.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T12:17:07.205Z) + CommentInsert1(test) + CommentInsert2(28104(17844)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 28104(17844) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 14:37:03 - Process(39196.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T12:37:03.945Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 14:37:07 - Process(39196.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T12:37:07.244Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 14:37:07 - Process(39196.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T12:37:07.245Z) + CommentInsert1(test) + CommentInsert2(39196(18420)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 39196(18420) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 14:57:03 - Process(32808.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T12:57:03.949Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 14:57:07 - Process(32808.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T12:57:07.241Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 14:57:07 - Process(32808.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T12:57:07.241Z) + CommentInsert1(test) + CommentInsert2(32808(28292)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 32808(28292) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 15:17:03 - Process(15680.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T13:17:03.958Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 15:17:07 - Process(15680.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T13:17:07.256Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 15:17:07 - Process(15680.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T13:17:07.256Z) + CommentInsert1(test) + CommentInsert2(15680(37068)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 15680(37068) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 15:37:03 - Process(38908.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T13:37:03.970Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 15:37:07 - Process(38908.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T13:37:07.256Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 15:37:07 - Process(38908.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T13:37:07.257Z) + CommentInsert1(test) + CommentInsert2(38908(1420)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 38908(1420) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 15:57:03 - Process(33612.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T13:57:03.983Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 15:57:07 - Process(33612.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T13:57:07.274Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 15:57:07 - Process(33612.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T13:57:07.275Z) + CommentInsert1(test) + CommentInsert2(33612(27652)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 33612(27652) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 16:17:04 - Process(36204.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T14:17:04.006Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 16:17:07 - Process(36204.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T14:17:07.313Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 16:17:07 - Process(36204.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T14:17:07.314Z) + CommentInsert1(test) + CommentInsert2(36204(37020)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 36204(37020) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 16:37:04 - Process(33740.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T14:37:04.010Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 16:37:07 - Process(33740.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T14:37:07.312Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 16:37:07 - Process(33740.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T14:37:07.313Z) + CommentInsert1(test) + CommentInsert2(33740(11612)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 33740(11612) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 16:57:04 - Process(21424.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T14:57:04.019Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 16:57:07 - Process(21424.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T14:57:07.319Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 16:57:07 - Process(21424.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T14:57:07.319Z) + CommentInsert1(test) + CommentInsert2(21424(25256)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 21424(25256) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 17:17:05 - Process(14352.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T15:17:05.023Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 17:17:08 - Process(14352.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T15:17:08.317Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 17:17:08 - Process(14352.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T15:17:08.317Z) + CommentInsert1(test) + CommentInsert2(14352(32620)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 14352(32620) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 19:59:50 - Process(1396.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T17:59:50.417Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 19:59:53 - Process(1396.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T17:59:53.735Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 19:59:53 - Process(1396.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T17:59:53.736Z) + CommentInsert1(test) + CommentInsert2(1396(34708)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 1396(34708) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 20:19:50 - Process(25464.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T18:19:50.399Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 20:19:53 - Process(25464.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T18:19:53.716Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 20:19:53 - Process(25464.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T18:19:53.717Z) + CommentInsert1(test) + CommentInsert2(25464(10044)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 25464(10044) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 20:39:50 - Process(27516.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T18:39:50.377Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 20:39:53 - Process(27516.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T18:39:53.684Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 20:39:53 - Process(27516.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T18:39:53.685Z) + CommentInsert1(test) + CommentInsert2(27516(41508)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 27516(41508) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +17/10/2018 23:45:46 - Process(41508.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T21:45:46.964Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +17/10/2018 23:45:49 - Process(41508.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T21:45:49.124Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +17/10/2018 23:45:49 - Process(41508.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-17T21:45:49.124Z) + CommentInsert1(test) + CommentInsert2(41508(27516)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 41508(27516) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 08:06:39 - Process(43944.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T06:06:39.999Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 08:06:43 - Process(43944.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T06:06:43.294Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +18/10/2018 08:06:43 - Process(43944.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T06:06:43.295Z) + CommentInsert1(test) + CommentInsert2(43944(43948)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 43944(43948) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 08:26:40 - Process(42636.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T06:26:40.960Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 08:26:44 - Process(42636.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T06:26:44.253Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +18/10/2018 08:26:44 - Process(42636.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T06:26:44.254Z) + CommentInsert1(test) + CommentInsert2(42636(38256)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 42636(38256) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 08:46:40 - Process(40936.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T06:46:40.992Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 08:46:44 - Process(40936.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T06:46:44.282Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +18/10/2018 08:46:44 - Process(40936.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T06:46:44.282Z) + CommentInsert1(test) + CommentInsert2(40936(40832)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 40936(40832) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 09:06:41 - Process(40336.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T07:06:41.968Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 09:06:45 - Process(40336.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T07:06:45.267Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +18/10/2018 09:06:45 - Process(40336.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T07:06:45.268Z) + CommentInsert1(test) + CommentInsert2(40336(35204)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 40336(35204) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 09:26:41 - Process(14348.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T07:26:41.998Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 09:26:45 - Process(14348.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T07:26:45.297Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +18/10/2018 09:26:45 - Process(14348.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T07:26:45.297Z) + CommentInsert1(test) + CommentInsert2(14348(31404)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 14348(31404) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 09:46:42 - Process(40168.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T07:46:42.031Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 09:46:45 - Process(40168.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T07:46:45.326Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +18/10/2018 09:46:45 - Process(40168.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T07:46:45.326Z) + CommentInsert1(test) + CommentInsert2(40168(41136)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 40168(41136) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 10:06:43 - Process(25724.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T08:06:43.009Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 10:06:46 - Process(25724.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T08:06:46.307Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +18/10/2018 10:06:46 - Process(25724.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T08:06:46.308Z) + CommentInsert1(test) + CommentInsert2(25724(33000)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 25724(33000) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 10:26:44 - Process(41716.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T08:26:44.009Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 10:26:47 - Process(41716.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T08:26:47.317Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +18/10/2018 10:26:47 - Process(41716.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T08:26:47.318Z) + CommentInsert1(test) + CommentInsert2(41716(43944)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 41716(43944) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 10:46:45 - Process(35144.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T08:46:45.019Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 10:46:48 - Process(35144.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T08:46:48.311Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +18/10/2018 10:46:48 - Process(35144.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T08:46:48.311Z) + CommentInsert1(test) + CommentInsert2(35144(42640)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 35144(42640) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 11:06:46 - Process(39816.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T09:06:46.024Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 11:06:49 - Process(39816.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T09:06:49.329Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +18/10/2018 11:06:49 - Process(39816.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T09:06:49.330Z) + CommentInsert1(test) + CommentInsert2(39816(37532)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 39816(37532) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 11:26:47 - Process(22024.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T09:26:47.155Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 11:26:50 - Process(22024.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T09:26:50.463Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +18/10/2018 11:26:50 - Process(22024.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T09:26:50.464Z) + CommentInsert1(test) + CommentInsert2(22024(41732)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 22024(41732) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 11:46:47 - Process(38988.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T09:46:47.074Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 11:46:50 - Process(38988.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T09:46:50.392Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +18/10/2018 11:46:50 - Process(38988.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T09:46:50.393Z) + CommentInsert1(test) + CommentInsert2(38988(26480)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 38988(26480) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 12:06:47 - Process(32996.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T10:06:47.063Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 12:06:50 - Process(32996.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T10:06:50.368Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +18/10/2018 12:06:50 - Process(32996.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T10:06:50.368Z) + CommentInsert1(test) + CommentInsert2(32996(42664)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 32996(42664) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 12:26:47 - Process(13020.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T10:26:47.081Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 12:26:50 - Process(13020.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T10:26:50.392Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +18/10/2018 12:26:50 - Process(13020.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T10:26:50.392Z) + CommentInsert1(test) + CommentInsert2(13020(40760)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 13020(40760) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 12:46:47 - Process(10164.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T10:46:47.086Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 12:46:50 - Process(10164.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T10:46:50.378Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +18/10/2018 12:46:50 - Process(10164.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T10:46:50.379Z) + CommentInsert1(test) + CommentInsert2(10164(39992)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 10164(39992) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 13:06:47 - Process(42232.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T11:06:47.113Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 13:06:50 - Process(42232.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T11:06:50.400Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +18/10/2018 13:06:50 - Process(42232.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T11:06:50.401Z) + CommentInsert1(test) + CommentInsert2(42232(41712)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 42232(41712) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 13:26:47 - Process(39700.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T11:26:47.123Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 13:26:50 - Process(39700.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T11:26:50.411Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +18/10/2018 13:26:50 - Process(39700.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T11:26:50.412Z) + CommentInsert1(test) + CommentInsert2(39700(30912)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 39700(30912) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 13:46:47 - Process(13800.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T11:46:47.121Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 13:46:50 - Process(13800.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T11:46:50.410Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +18/10/2018 13:46:50 - Process(13800.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T11:46:50.410Z) + CommentInsert1(test) + CommentInsert2(13800(40928)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 13800(40928) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 14:06:47 - Process(37652.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T12:06:47.129Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 14:06:50 - Process(37652.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T12:06:50.434Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +18/10/2018 14:06:50 - Process(37652.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T12:06:50.434Z) + CommentInsert1(test) + CommentInsert2(37652(40064)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 37652(40064) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 14:26:47 - Process(28940.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T12:26:47.145Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 14:26:50 - Process(28940.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T12:26:50.441Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +18/10/2018 14:26:50 - Process(28940.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T12:26:50.441Z) + CommentInsert1(test) + CommentInsert2(28940(40852)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 28940(40852) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 14:46:47 - Process(42408.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T12:46:47.150Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 14:46:50 - Process(42408.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T12:46:50.439Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +18/10/2018 14:46:50 - Process(42408.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T12:46:50.439Z) + CommentInsert1(test) + CommentInsert2(42408(23192)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 42408(23192) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 15:06:47 - Process(37224.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T13:06:47.175Z) + CommentInsert1(test) + +AMQ9002I: Channel 'test' is starting. + +EXPLANATION: +Channel 'test' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 15:06:50 - Process(37224.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T13:06:50.471Z) + ArithInsert1(11001) + CommentInsert1(test) + CommentInsert2(TCP/IP) + CommentInsert3(test) + +AMQ9202E: Remote host not available, retry later. + +EXPLANATION: +The attempt to allocate a conversation using TCP/IP to host 'test' for channel +test was not successful. However the error may be a transitory one and it may +be possible to successfully allocate a TCP/IP conversation later. + +In some cases the remote host cannot be determined and so is shown as '????'. +ACTION: +Try the connection again later. If the failure persists, record the error +values and contact your systems administrator. The return code from TCP/IP is +11001 (X'0'). The reason for the failure may be that this host cannot reach the +destination host. It may also be possible that the listening program at host +'test' was not running. If this is the case, perform the relevant operations +to start the TCP/IP listening program, and try again. +----- amqccita.c : 1671 ------------------------------------------------------- +18/10/2018 15:06:50 - Process(37224.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T13:06:50.472Z) + CommentInsert1(test) + CommentInsert2(37224(40080)) + CommentInsert3(test) + +AMQ9999E: Channel 'test' to host 'test' ended abnormally. + +EXPLANATION: +The channel program running under process ID 37224(40080) for channel 'test' +ended abnormally. The host name is 'test'; in some cases the host name cannot +be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 15:18:48 - Process(1184.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T13:18:48.392Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 15:19:11 - Process(38088.3) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T13:19:11.936Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +18/10/2018 16:13:46 - Process(38088.3) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T14:13:46.832Z) + RemoteHost(127.0.0.1) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)) + CommentInsert3(QM2) + +AMQ9525E: Remote queue manager is ending. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is closing because the remote queue manager on host +'picmention (127.0.0.1)' is ending. +ACTION: +None. +----- cmqxrfpt.c : 680 -------------------------------------------------------- +18/10/2018 16:13:46 - Process(38088.3) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T14:13:46.833Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(43628)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(43628) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +18/10/2018 16:15:01 - Process(1184.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T14:15:01.797Z) + RemoteHost(127.0.0.1(1415)) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)(1415)) + CommentInsert2(TCP/IP) + CommentInsert3( recv()) + +AMQ9208E: Error on receive from host picmention (127.0.0.1)(1415). + +EXPLANATION: +An error occurred receiving data from picmention (127.0.0.1)(1415) over TCP/IP. +This may be due to a communications failure. +ACTION: +The return code from the TCP/IP recv() call was 10053 (X'2745'). Record these +values and tell the systems administrator. +----- amqccita.c : 4350 ------------------------------------------------------- +18/10/2018 16:15:01 - Process(1184.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T14:15:01.797Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(1184(44732)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 1184(44732) for channel +'CHL.QM1.QM2' ended abnormally. The host name is '127.0.0.1(1415)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 16:15:01 - Process(34116.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T14:15:01.859Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 19:00:08 - Process(38088.19) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T17:00:08.391Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +18/10/2018 19:01:02 - Process(38088.17) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T17:01:02.066Z) + CommentInsert1(CLI.LOGSTASH) + +AMQ9528W: User requested channel 'CLI.LOGSTASH' to be stopped. + +EXPLANATION: +The channel is stopping because of a request by the user. +ACTION: +None. +----- amqrmssa.c : 3331 ------------------------------------------------------- +18/10/2018 19:01:02 - Process(34116.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T17:01:02.503Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9528W: User requested channel 'CHL.QM1.QM2' to be stopped. + +EXPLANATION: +The channel is stopping because of a request by the user. +ACTION: +None. +----- amqrmssa.c : 3331 ------------------------------------------------------- +18/10/2018 19:01:02 - Process(34116.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T17:01:02.504Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(34116(37608)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9001I: Channel 'CHL.QM1.QM2' ended normally. + +EXPLANATION: +Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended normally. +ACTION: +None. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 19:01:03 - Process(38088.19) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T17:01:03.016Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(21020)) + CommentInsert3(127.0.0.1) + +AMQ9001I: Channel 'CHL.QM2.QM1' ended normally. + +EXPLANATION: +Channel 'CHL.QM2.QM1' to host '127.0.0.1' ended normally. +ACTION: +None. +----- amqrmrsa.c : 945 -------------------------------------------------------- +18/10/2018 19:38:23 - Process(23792.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T17:38:23.273Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 19:38:24 - Process(38088.20) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T17:38:24.605Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +18/10/2018 20:20:28 - Process(38088.20) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T18:20:28.928Z) + ArithInsert1(1) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(40732)) + +AMQ9544W: Messages not put to destination queue. + +EXPLANATION: +During the processing of channel 'CHL.QM2.QM1' one or more messages could not +be put to the destination queue and attempts were made to put them to a +dead-letter queue. The location of the queue is 1, where 1 is the local +dead-letter queue and 2 is the remote dead-letter queue. +ACTION: +Examine the contents of the dead-letter queue. Each message is contained in a +structure that describes why the message was put to the queue, and to where it +was originally addressed. Also look at previous error messages to see if the +attempt to put messages to a dead-letter queue failed. The program identifier +(PID) of the processing program was '38088(40732)'. +----- amqrmrca.c : 1576 ------------------------------------------------------- +18/10/2018 20:26:54 - Process(38088.21) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T18:26:54.637Z) + ArithInsert1(38088) ArithInsert2(20) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +18/10/2018 20:26:54 - Process(38088.21) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T18:26:54.638Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(43224)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(43224) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +18/10/2018 20:27:54 - Process(38088.22) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T18:27:54.714Z) + ArithInsert1(38088) ArithInsert2(20) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +18/10/2018 20:27:54 - Process(38088.22) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T18:27:54.715Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(39340)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(39340) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +18/10/2018 20:28:49 - Process(38088.20) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T18:28:49.463Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +18/10/2018 20:28:49 - Process(38088.20) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T18:28:49.464Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(40732)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(40732) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +18/10/2018 20:28:49 - Process(38088.23) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T18:28:49.708Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +18/10/2018 20:32:53 - Process(23792.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T18:32:53.588Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9528W: User requested channel 'CHL.QM1.QM2' to be stopped. + +EXPLANATION: +The channel is stopping because of a request by the user. +ACTION: +None. +----- amqrmssa.c : 3331 ------------------------------------------------------- +18/10/2018 20:32:53 - Process(23792.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T18:32:53.589Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(23792(45236)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9001I: Channel 'CHL.QM1.QM2' ended normally. + +EXPLANATION: +Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended normally. +ACTION: +None. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 21:40:15 - Process(20520.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T19:40:15.192Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 21:40:29 - Process(20520.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T19:40:29.439Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9528W: User requested channel 'CHL.QM1.QM2' to be stopped. + +EXPLANATION: +The channel is stopping because of a request by the user. +ACTION: +None. +----- amqrmssa.c : 3331 ------------------------------------------------------- +18/10/2018 21:40:29 - Process(20520.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-18T19:40:29.440Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(20520(35316)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9001I: Channel 'CHL.QM1.QM2' ended normally. + +EXPLANATION: +Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended normally. +ACTION: +None. +----- amqrccca.c : 1131 ------------------------------------------------------- +19/10/2018 07:55:20 - Process(21500.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T05:55:20.342Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +19/10/2018 07:56:16 - Process(38088.24) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T05:56:16.675Z) + ArithInsert1(38088) ArithInsert2(23) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +19/10/2018 07:56:16 - Process(38088.24) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T05:56:16.676Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(39800)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(39800) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +19/10/2018 07:57:16 - Process(38088.25) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T05:57:16.676Z) + ArithInsert1(38088) ArithInsert2(23) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +19/10/2018 07:57:16 - Process(38088.25) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T05:57:16.676Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(12096)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(12096) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +19/10/2018 07:58:16 - Process(38088.26) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T05:58:16.677Z) + ArithInsert1(38088) ArithInsert2(23) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +19/10/2018 07:58:16 - Process(38088.26) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T05:58:16.677Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(36668)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(36668) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +19/10/2018 07:58:22 - Process(38088.23) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T05:58:22.323Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +19/10/2018 07:58:22 - Process(38088.23) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T05:58:22.323Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(17820)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(17820) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +19/10/2018 07:58:56 - Process(38088.27) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T05:58:56.685Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +19/10/2018 08:05:16 - Process(38088.28) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T06:05:16.819Z) + ArithInsert1(38088) ArithInsert2(27) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +19/10/2018 08:05:16 - Process(38088.28) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T06:05:16.819Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(23244)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(23244) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +19/10/2018 08:06:16 - Process(38088.29) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T06:06:16.823Z) + ArithInsert1(38088) ArithInsert2(27) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +19/10/2018 08:06:16 - Process(38088.29) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T06:06:16.823Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(15136)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(15136) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +19/10/2018 08:07:16 - Process(38088.30) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T06:07:16.823Z) + ArithInsert1(38088) ArithInsert2(27) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +19/10/2018 08:07:16 - Process(38088.30) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T06:07:16.824Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(25228)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(25228) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +19/10/2018 08:07:17 - Process(38088.27) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T06:07:17.260Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +19/10/2018 08:07:17 - Process(38088.27) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T06:07:17.260Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(43112)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(43112) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +19/10/2018 08:26:56 - Process(38088.31) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T06:26:56.816Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +19/10/2018 08:35:17 - Process(38088.31) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T06:35:17.329Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +19/10/2018 08:35:17 - Process(38088.31) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T06:35:17.329Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(38772)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(38772) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +19/10/2018 08:46:56 - Process(38088.32) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T06:46:56.817Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +19/10/2018 08:55:17 - Process(38088.32) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T06:55:17.320Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +19/10/2018 08:55:17 - Process(38088.32) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T06:55:17.321Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(33744)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(33744) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +19/10/2018 09:06:56 - Process(38088.33) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T07:06:56.855Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +19/10/2018 09:09:32 - Process(38088.33) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T07:09:32.998Z) + ArithInsert1(1) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(23404)) + +AMQ9544W: Messages not put to destination queue. + +EXPLANATION: +During the processing of channel 'CHL.QM2.QM1' one or more messages could not +be put to the destination queue and attempts were made to put them to a +dead-letter queue. The location of the queue is 1, where 1 is the local +dead-letter queue and 2 is the remote dead-letter queue. +ACTION: +Examine the contents of the dead-letter queue. Each message is contained in a +structure that describes why the message was put to the queue, and to where it +was originally addressed. Also look at previous error messages to see if the +attempt to put messages to a dead-letter queue failed. The program identifier +(PID) of the processing program was '38088(23404)'. +----- amqrmrca.c : 1576 ------------------------------------------------------- +19/10/2018 10:05:52 - Process(38088.34) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T08:05:52.470Z) + CommentInsert1(CLI.LOGSTASH) + +AMQ9528W: User requested channel 'CLI.LOGSTASH' to be stopped. + +EXPLANATION: +The channel is stopping because of a request by the user. +ACTION: +None. +----- amqrmssa.c : 3331 ------------------------------------------------------- +19/10/2018 10:05:52 - Process(21500.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T08:05:52.956Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9528W: User requested channel 'CHL.QM1.QM2' to be stopped. + +EXPLANATION: +The channel is stopping because of a request by the user. +ACTION: +None. +----- amqrmssa.c : 3331 ------------------------------------------------------- +19/10/2018 10:05:52 - Process(21500.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T08:05:52.957Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(21500(42132)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9001I: Channel 'CHL.QM1.QM2' ended normally. + +EXPLANATION: +Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended normally. +ACTION: +None. +----- amqrccca.c : 1131 ------------------------------------------------------- +19/10/2018 10:05:53 - Process(38088.33) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T08:05:53.222Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(23404)) + CommentInsert3(127.0.0.1) + +AMQ9001I: Channel 'CHL.QM2.QM1' ended normally. + +EXPLANATION: +Channel 'CHL.QM2.QM1' to host '127.0.0.1' ended normally. +ACTION: +None. +----- amqrmrsa.c : 945 -------------------------------------------------------- +19/10/2018 15:34:14 - Process(18548.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T13:34:14.781Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +19/10/2018 15:34:16 - Process(38088.36) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T13:34:16.748Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +19/10/2018 17:20:32 - Process(18548.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T15:20:32.063Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9528W: User requested channel 'CHL.QM1.QM2' to be stopped. + +EXPLANATION: +The channel is stopping because of a request by the user. +ACTION: +None. +----- amqrmssa.c : 3331 ------------------------------------------------------- +19/10/2018 17:20:32 - Process(18548.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T15:20:32.064Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(18548(11320)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9001I: Channel 'CHL.QM1.QM2' ended normally. + +EXPLANATION: +Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended normally. +ACTION: +None. +----- amqrccca.c : 1131 ------------------------------------------------------- +19/10/2018 17:20:32 - Process(38088.36) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-19T15:20:32.302Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(35684)) + CommentInsert3(127.0.0.1) + +AMQ9001I: Channel 'CHL.QM2.QM1' ended normally. + +EXPLANATION: +Channel 'CHL.QM2.QM1' to host '127.0.0.1' ended normally. +ACTION: +None. +----- amqrmrsa.c : 945 -------------------------------------------------------- +22/10/2018 08:08:28 - Process(32128.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T06:08:28.188Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +22/10/2018 08:08:29 - Process(38088.39) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T06:08:29.232Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +22/10/2018 09:01:58 - Process(38088.42) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:01:58.326Z) + ArithInsert1(38088) ArithInsert2(39) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +22/10/2018 09:01:58 - Process(38088.42) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:01:58.326Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(33276)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(33276) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +22/10/2018 09:02:58 - Process(38088.43) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:02:58.231Z) + ArithInsert1(38088) ArithInsert2(39) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +22/10/2018 09:02:58 - Process(38088.43) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:02:58.232Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(42364)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(42364) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +22/10/2018 09:03:34 - Process(38088.39) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:03:34.004Z) + ArithInsert1(1) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(33892)) + +AMQ9544W: Messages not put to destination queue. + +EXPLANATION: +During the processing of channel 'CHL.QM2.QM1' one or more messages could not +be put to the destination queue and attempts were made to put them to a +dead-letter queue. The location of the queue is 1, where 1 is the local +dead-letter queue and 2 is the remote dead-letter queue. +ACTION: +Examine the contents of the dead-letter queue. Each message is contained in a +structure that describes why the message was put to the queue, and to where it +was originally addressed. Also look at previous error messages to see if the +attempt to put messages to a dead-letter queue failed. The program identifier +(PID) of the processing program was '38088(33892)'. +----- amqrmrca.c : 1576 ------------------------------------------------------- +22/10/2018 09:03:34 - Process(38088.39) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:03:34.011Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3( recv()) + +AMQ9208E: Error on receive from host picmention (127.0.0.1). + +EXPLANATION: +An error occurred receiving data from picmention (127.0.0.1) over TCP/IP. This +may be due to a communications failure. +ACTION: +The return code from the TCP/IP recv() call was 10053 (X'2745'). Record these +values and tell the systems administrator. +----- amqccita.c : 4350 ------------------------------------------------------- +22/10/2018 09:03:34 - Process(38088.39) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:03:34.011Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(33892)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(33892) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +22/10/2018 09:03:38 - Process(38088.44) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:03:38.222Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +22/10/2018 09:09:58 - Process(38088.45) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:09:58.358Z) + ArithInsert1(38088) ArithInsert2(44) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +22/10/2018 09:09:58 - Process(38088.45) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:09:58.358Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(40728)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(40728) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +22/10/2018 09:10:58 - Process(38088.46) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:10:58.364Z) + ArithInsert1(38088) ArithInsert2(44) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +22/10/2018 09:10:58 - Process(38088.46) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:10:58.365Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(39840)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(39840) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +22/10/2018 09:11:58 - Process(38088.47) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:11:58.386Z) + ArithInsert1(38088) ArithInsert2(44) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +22/10/2018 09:11:58 - Process(38088.47) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:11:58.387Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(37084)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(37084) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +22/10/2018 09:11:58 - Process(38088.44) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:11:58.724Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +22/10/2018 09:11:58 - Process(38088.44) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:11:58.724Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(1520)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(1520) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +22/10/2018 09:12:38 - Process(38088.48) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:12:38.369Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +22/10/2018 09:18:58 - Process(38088.49) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:18:58.507Z) + ArithInsert1(38088) ArithInsert2(48) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +22/10/2018 09:18:58 - Process(38088.49) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:18:58.508Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(31940)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(31940) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +22/10/2018 09:19:58 - Process(38088.50) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:19:58.500Z) + ArithInsert1(38088) ArithInsert2(48) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +22/10/2018 09:19:58 - Process(38088.50) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:19:58.501Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(36876)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(36876) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +22/10/2018 09:20:58 - Process(38088.51) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:20:58.506Z) + ArithInsert1(38088) ArithInsert2(48) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +22/10/2018 09:20:58 - Process(38088.51) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:20:58.507Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(30376)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(30376) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +22/10/2018 09:20:58 - Process(38088.48) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:20:58.842Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +22/10/2018 09:20:58 - Process(38088.48) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:20:58.843Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(6180)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(6180) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +22/10/2018 09:40:38 - Process(38088.52) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:40:38.491Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +22/10/2018 09:48:59 - Process(38088.52) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:48:59.040Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +22/10/2018 09:48:59 - Process(38088.52) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T07:48:59.041Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(29828)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(29828) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +22/10/2018 10:00:38 - Process(38088.53) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T08:00:38.520Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +22/10/2018 10:08:59 - Process(38088.53) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T08:08:59.145Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +22/10/2018 10:08:59 - Process(38088.53) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T08:08:59.146Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(44896)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(44896) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +22/10/2018 10:20:38 - Process(38088.54) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T08:20:38.526Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +22/10/2018 10:28:59 - Process(38088.54) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T08:28:59.237Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +22/10/2018 10:28:59 - Process(38088.54) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T08:28:59.238Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(44224)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(44224) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +22/10/2018 10:40:38 - Process(38088.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T08:40:38.552Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +22/10/2018 10:48:59 - Process(38088.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T08:48:59.073Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +22/10/2018 10:48:59 - Process(38088.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T08:48:59.073Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(19340)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(19340) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +22/10/2018 11:00:38 - Process(38088.58) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-22T09:00:38.880Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +24/10/2018 06:16:01 - Process(38088.58) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-24T04:16:01.479Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9545I: Disconnect interval expired. + +EXPLANATION: +Channel 'CHL.QM2.QM1' closed because no messages arrived on the transmission +queue within the disconnect interval period. +ACTION: +None. +----- cmqxrfpt.c : 700 -------------------------------------------------------- +24/10/2018 06:16:01 - Process(32128.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-24T04:16:01.479Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9545I: Disconnect interval expired. + +EXPLANATION: +Channel 'CHL.QM1.QM2' closed because no messages arrived on the transmission +queue within the disconnect interval period. +ACTION: +None. +----- amqrmtra.c : 2465 ------------------------------------------------------- +24/10/2018 06:16:01 - Process(32128.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-24T04:16:01.481Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(32128(14272)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9001I: Channel 'CHL.QM1.QM2' ended normally. + +EXPLANATION: +Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended normally. +ACTION: +None. +----- amqrccca.c : 1131 ------------------------------------------------------- +24/10/2018 06:16:01 - Process(38088.58) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-24T04:16:01.481Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(15716)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9001I: Channel 'CHL.QM2.QM1' ended normally. + +EXPLANATION: +Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended normally. +ACTION: +None. +----- amqrmrsa.c : 945 -------------------------------------------------------- +24/10/2018 08:21:40 - Process(85944.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-24T06:21:40.649Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +24/10/2018 08:21:41 - Process(38088.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-24T06:21:41.311Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 07:41:43 - Process(38088.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T05:41:43.950Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9545I: Disconnect interval expired. + +EXPLANATION: +Channel 'CHL.QM2.QM1' closed because no messages arrived on the transmission +queue within the disconnect interval period. +ACTION: +None. +----- cmqxrfpt.c : 700 -------------------------------------------------------- +25/10/2018 07:41:43 - Process(38088.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T05:41:43.951Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(85132)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9001I: Channel 'CHL.QM2.QM1' ended normally. + +EXPLANATION: +Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended normally. +ACTION: +None. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 08:23:27 - Process(85944.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T06:23:27.249Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9545I: Disconnect interval expired. + +EXPLANATION: +Channel 'CHL.QM1.QM2' closed because no messages arrived on the transmission +queue within the disconnect interval period. +ACTION: +None. +----- amqrmtra.c : 2465 ------------------------------------------------------- +25/10/2018 08:23:27 - Process(85944.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T06:23:27.250Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(85944(85948)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9001I: Channel 'CHL.QM1.QM2' ended normally. + +EXPLANATION: +Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended normally. +ACTION: +None. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 08:52:51 - Process(120120.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T06:52:51.045Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 08:52:58 - Process(38088.84) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T06:52:58.264Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 14:42:06 - Process(38088.84) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:42:06.124Z) + ArithInsert1(1) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(117404)) + +AMQ9544W: Messages not put to destination queue. + +EXPLANATION: +During the processing of channel 'CHL.QM2.QM1' one or more messages could not +be put to the destination queue and attempts were made to put them to a +dead-letter queue. The location of the queue is 1, where 1 is the local +dead-letter queue and 2 is the remote dead-letter queue. +ACTION: +Examine the contents of the dead-letter queue. Each message is contained in a +structure that describes why the message was put to the queue, and to where it +was originally addressed. Also look at previous error messages to see if the +attempt to put messages to a dead-letter queue failed. The program identifier +(PID) of the processing program was '38088(117404)'. +----- amqrmrca.c : 1576 ------------------------------------------------------- +25/10/2018 14:42:36 - Process(38088.84) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:42:36.154Z) + ArithInsert1(1) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(117404)) + +AMQ9544W: Messages not put to destination queue. + +EXPLANATION: +During the processing of channel 'CHL.QM2.QM1' one or more messages could not +be put to the destination queue and attempts were made to put them to a +dead-letter queue. The location of the queue is 1, where 1 is the local +dead-letter queue and 2 is the remote dead-letter queue. +ACTION: +Examine the contents of the dead-letter queue. Each message is contained in a +structure that describes why the message was put to the queue, and to where it +was originally addressed. Also look at previous error messages to see if the +attempt to put messages to a dead-letter queue failed. The program identifier +(PID) of the processing program was '38088(117404)'. +----- amqrmrca.c : 1576 ------------------------------------------------------- +25/10/2018 14:44:16 - Process(38088.84) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:44:16.275Z) + ArithInsert1(1) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(117404)) + +AMQ9544W: Messages not put to destination queue. + +EXPLANATION: +During the processing of channel 'CHL.QM2.QM1' one or more messages could not +be put to the destination queue and attempts were made to put them to a +dead-letter queue. The location of the queue is 1, where 1 is the local +dead-letter queue and 2 is the remote dead-letter queue. +ACTION: +Examine the contents of the dead-letter queue. Each message is contained in a +structure that describes why the message was put to the queue, and to where it +was originally addressed. Also look at previous error messages to see if the +attempt to put messages to a dead-letter queue failed. The program identifier +(PID) of the processing program was '38088(117404)'. +----- amqrmrca.c : 1576 ------------------------------------------------------- +25/10/2018 14:49:56 - Process(38088.84) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:49:56.660Z) + ArithInsert1(1) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(117404)) + +AMQ9544W: Messages not put to destination queue. + +EXPLANATION: +During the processing of channel 'CHL.QM2.QM1' one or more messages could not +be put to the destination queue and attempts were made to put them to a +dead-letter queue. The location of the queue is 1, where 1 is the local +dead-letter queue and 2 is the remote dead-letter queue. +ACTION: +Examine the contents of the dead-letter queue. Each message is contained in a +structure that describes why the message was put to the queue, and to where it +was originally addressed. Also look at previous error messages to see if the +attempt to put messages to a dead-letter queue failed. The program identifier +(PID) of the processing program was '38088(117404)'. +----- amqrmrca.c : 1576 ------------------------------------------------------- +25/10/2018 14:55:51 - Process(120120.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:55:51.725Z) + RemoteHost(127.0.0.1(1415)) + CommentInsert1(127.0.0.1(1415)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1415)'. + +EXPLANATION: +A connection from host '127.0.0.1(1415)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 14:55:51 - Process(120120.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:55:51.726Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(120120(120064)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 120120(120064) for channel +'CHL.QM1.QM2' ended abnormally. The host name is '127.0.0.1(1415)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 14:55:51 - Process(80808.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:55:51.923Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 14:56:12 - Process(80808.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:56:12.033Z) + RemoteHost(127.0.0.1(1415)) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(picmention (127.0.0.1)(1415)) + +AMQ9558E: The remote channel 'CHL.QM1.QM2' on host 'picmention +(127.0.0.1)(1415)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM1.QM2' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +25/10/2018 14:56:12 - Process(80808.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:56:12.034Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(80808(54628)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 80808(54628) for channel +'CHL.QM1.QM2' ended abnormally. The host name is '127.0.0.1(1415)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 14:56:16 - Process(38088.89) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:56:16.817Z) + ArithInsert1(38088) ArithInsert2(84) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +25/10/2018 14:56:16 - Process(38088.89) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:56:16.818Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(99812)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(99812) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 14:56:51 - Process(98976.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:56:51.852Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 14:57:11 - Process(98976.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:57:11.916Z) + RemoteHost(127.0.0.1(1415)) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(picmention (127.0.0.1)(1415)) + +AMQ9558E: The remote channel 'CHL.QM1.QM2' on host 'picmention +(127.0.0.1)(1415)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM1.QM2' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +25/10/2018 14:57:11 - Process(98976.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:57:11.917Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(98976(75032)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 98976(75032) for channel +'CHL.QM1.QM2' ended abnormally. The host name is '127.0.0.1(1415)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 14:57:16 - Process(38088.90) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:57:16.825Z) + ArithInsert1(38088) ArithInsert2(84) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +25/10/2018 14:57:16 - Process(38088.90) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:57:16.825Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(100152)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(100152) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 14:57:51 - Process(59372.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:57:51.856Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 14:58:11 - Process(59372.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:58:11.922Z) + RemoteHost(127.0.0.1(1415)) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(picmention (127.0.0.1)(1415)) + +AMQ9558E: The remote channel 'CHL.QM1.QM2' on host 'picmention +(127.0.0.1)(1415)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM1.QM2' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +25/10/2018 14:58:11 - Process(59372.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:58:11.923Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(59372(51352)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 59372(51352) for channel +'CHL.QM1.QM2' ended abnormally. The host name is '127.0.0.1(1415)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 14:58:16 - Process(38088.91) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:58:16.843Z) + ArithInsert1(38088) ArithInsert2(84) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +25/10/2018 14:58:16 - Process(38088.91) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:58:16.844Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(6592)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(6592) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 14:58:17 - Process(38088.84) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:58:17.191Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 14:58:17 - Process(38088.84) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:58:17.191Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(117404)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(117404) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 14:58:51 - Process(60196.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:58:51.848Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 14:58:56 - Process(38088.92) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T12:58:56.841Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 15:04:51 - Process(60196.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:04:51.901Z) + RemoteHost(127.0.0.1(1415)) + CommentInsert1(127.0.0.1(1415)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1415)'. + +EXPLANATION: +A connection from host '127.0.0.1(1415)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 15:04:51 - Process(60196.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:04:51.902Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(60196(49092)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 60196(49092) for channel +'CHL.QM1.QM2' ended abnormally. The host name is '127.0.0.1(1415)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 15:04:51 - Process(59512.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:04:51.959Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 15:05:12 - Process(59512.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:05:12.020Z) + RemoteHost(127.0.0.1(1415)) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(picmention (127.0.0.1)(1415)) + +AMQ9558E: The remote channel 'CHL.QM1.QM2' on host 'picmention +(127.0.0.1)(1415)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM1.QM2' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +25/10/2018 15:05:12 - Process(59512.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:05:12.021Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(59512(47292)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 59512(47292) for channel +'CHL.QM1.QM2' ended abnormally. The host name is '127.0.0.1(1415)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 15:05:16 - Process(38088.93) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:05:16.985Z) + ArithInsert1(38088) ArithInsert2(92) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +25/10/2018 15:05:16 - Process(38088.93) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:05:16.986Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(90932)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(90932) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 15:05:51 - Process(53444.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:05:51.972Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 15:06:12 - Process(53444.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:06:12.034Z) + RemoteHost(127.0.0.1(1415)) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(picmention (127.0.0.1)(1415)) + +AMQ9558E: The remote channel 'CHL.QM1.QM2' on host 'picmention +(127.0.0.1)(1415)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM1.QM2' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +25/10/2018 15:06:12 - Process(53444.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:06:12.034Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(53444(68328)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 53444(68328) for channel +'CHL.QM1.QM2' ended abnormally. The host name is '127.0.0.1(1415)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 15:06:16 - Process(38088.94) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:06:16.992Z) + ArithInsert1(38088) ArithInsert2(92) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +25/10/2018 15:06:16 - Process(38088.94) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:06:16.993Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(56216)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(56216) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 15:06:51 - Process(71504.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:06:51.987Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 15:07:12 - Process(71504.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:07:12.042Z) + RemoteHost(127.0.0.1(1415)) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(picmention (127.0.0.1)(1415)) + +AMQ9558E: The remote channel 'CHL.QM1.QM2' on host 'picmention +(127.0.0.1)(1415)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM1.QM2' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +25/10/2018 15:07:12 - Process(71504.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:07:12.043Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(71504(26500)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 71504(26500) for channel +'CHL.QM1.QM2' ended abnormally. The host name is '127.0.0.1(1415)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 15:07:17 - Process(38088.95) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:07:17.014Z) + ArithInsert1(38088) ArithInsert2(92) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +25/10/2018 15:07:17 - Process(38088.95) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:07:17.014Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(58824)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(58824) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 15:07:17 - Process(38088.92) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:07:17.382Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 15:07:17 - Process(38088.92) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:07:17.383Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(101284)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(101284) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 15:07:51 - Process(72680.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:07:51.998Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 15:07:57 - Process(38088.96) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:07:57.008Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 15:13:52 - Process(72680.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:13:52.049Z) + RemoteHost(127.0.0.1(1415)) + CommentInsert1(127.0.0.1(1415)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1415)'. + +EXPLANATION: +A connection from host '127.0.0.1(1415)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 15:13:52 - Process(72680.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:13:52.049Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(72680(97780)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 72680(97780) for channel +'CHL.QM1.QM2' ended abnormally. The host name is '127.0.0.1(1415)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 15:13:52 - Process(52864.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:13:52.112Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 15:14:12 - Process(52864.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:14:12.172Z) + RemoteHost(127.0.0.1(1415)) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(picmention (127.0.0.1)(1415)) + +AMQ9558E: The remote channel 'CHL.QM1.QM2' on host 'picmention +(127.0.0.1)(1415)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM1.QM2' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +25/10/2018 15:14:12 - Process(52864.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:14:12.172Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(52864(65744)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 52864(65744) for channel +'CHL.QM1.QM2' ended abnormally. The host name is '127.0.0.1(1415)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 15:14:17 - Process(38088.97) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:14:17.135Z) + ArithInsert1(38088) ArithInsert2(96) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +25/10/2018 15:14:17 - Process(38088.97) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:14:17.135Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(60228)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(60228) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 15:14:52 - Process(44664.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:14:52.138Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 15:15:12 - Process(44664.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:15:12.198Z) + RemoteHost(127.0.0.1(1415)) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(picmention (127.0.0.1)(1415)) + +AMQ9558E: The remote channel 'CHL.QM1.QM2' on host 'picmention +(127.0.0.1)(1415)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM1.QM2' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +25/10/2018 15:15:12 - Process(44664.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:15:12.199Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(44664(70120)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 44664(70120) for channel +'CHL.QM1.QM2' ended abnormally. The host name is '127.0.0.1(1415)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 15:15:17 - Process(38088.98) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:15:17.157Z) + ArithInsert1(38088) ArithInsert2(96) + CommentInsert1(CHL.QM2.QM1) + +AMQ9514E: Channel 'CHL.QM2.QM1' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM2.QM1' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +25/10/2018 15:15:17 - Process(38088.98) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:15:17.158Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(56236)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(56236) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 15:16:17 - Process(38088.96) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:16:17.516Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 15:16:17 - Process(38088.96) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:16:17.517Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(96080)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(96080) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 15:34:52 - Process(78744.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:34:52.147Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 15:34:57 - Process(38088.99) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:34:57.158Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 15:40:52 - Process(78744.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:40:52.211Z) + RemoteHost(127.0.0.1(1415)) + CommentInsert1(127.0.0.1(1415)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1415)'. + +EXPLANATION: +A connection from host '127.0.0.1(1415)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 15:40:52 - Process(78744.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:40:52.212Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(78744(73360)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 78744(73360) for channel +'CHL.QM1.QM2' ended abnormally. The host name is '127.0.0.1(1415)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 15:43:17 - Process(38088.99) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:43:17.723Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 15:43:17 - Process(38088.99) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:43:17.724Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(57792)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(57792) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 15:54:52 - Process(121736.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:54:52.165Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 15:54:57 - Process(38088.100) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T13:54:57.162Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 16:00:52 - Process(121736.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T14:00:52.214Z) + RemoteHost(127.0.0.1(1415)) + CommentInsert1(127.0.0.1(1415)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1415)'. + +EXPLANATION: +A connection from host '127.0.0.1(1415)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 16:00:52 - Process(121736.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T14:00:52.215Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(121736(102028)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 121736(102028) for channel +'CHL.QM1.QM2' ended abnormally. The host name is '127.0.0.1(1415)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 16:03:17 - Process(38088.100) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T14:03:17.721Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 16:03:17 - Process(38088.100) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T14:03:17.721Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(102308)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(102308) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 16:14:52 - Process(109468.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T14:14:52.191Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 16:14:57 - Process(38088.101) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T14:14:57.190Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 16:20:52 - Process(109468.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T14:20:52.228Z) + RemoteHost(127.0.0.1(1415)) + CommentInsert1(127.0.0.1(1415)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1415)'. + +EXPLANATION: +A connection from host '127.0.0.1(1415)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 16:20:52 - Process(109468.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T14:20:52.228Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(109468(110544)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 109468(110544) for channel +'CHL.QM1.QM2' ended abnormally. The host name is '127.0.0.1(1415)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 16:23:17 - Process(38088.101) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T14:23:17.752Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 16:23:17 - Process(38088.101) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T14:23:17.753Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(108804)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(108804) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 16:34:52 - Process(118976.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T14:34:52.194Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 16:34:57 - Process(38088.102) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T14:34:57.197Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 16:40:52 - Process(118976.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T14:40:52.238Z) + RemoteHost(127.0.0.1(1415)) + CommentInsert1(127.0.0.1(1415)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1415)'. + +EXPLANATION: +A connection from host '127.0.0.1(1415)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 16:40:52 - Process(118976.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T14:40:52.239Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(118976(106944)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 118976(106944) for channel +'CHL.QM1.QM2' ended abnormally. The host name is '127.0.0.1(1415)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 16:43:17 - Process(38088.102) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T14:43:17.734Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 16:43:17 - Process(38088.102) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T14:43:17.735Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(28028)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(28028) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 16:54:52 - Process(44388.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T14:54:52.220Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 16:54:57 - Process(38088.103) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T14:54:57.228Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 17:00:52 - Process(44388.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T15:00:52.265Z) + RemoteHost(127.0.0.1(1415)) + CommentInsert1(127.0.0.1(1415)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1415)'. + +EXPLANATION: +A connection from host '127.0.0.1(1415)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 17:00:52 - Process(44388.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T15:00:52.265Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(44388(82844)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 44388(82844) for channel +'CHL.QM1.QM2' ended abnormally. The host name is '127.0.0.1(1415)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 17:03:17 - Process(38088.103) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T15:03:17.765Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 17:03:17 - Process(38088.103) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T15:03:17.766Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(71280)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(71280) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 17:14:52 - Process(34848.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T15:14:52.245Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 17:14:57 - Process(38088.104) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T15:14:57.223Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 17:20:52 - Process(34848.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T15:20:52.296Z) + RemoteHost(127.0.0.1(1415)) + CommentInsert1(127.0.0.1(1415)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1415)'. + +EXPLANATION: +A connection from host '127.0.0.1(1415)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 17:20:52 - Process(34848.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T15:20:52.296Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(34848(81128)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 34848(81128) for channel +'CHL.QM1.QM2' ended abnormally. The host name is '127.0.0.1(1415)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 17:23:17 - Process(38088.104) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T15:23:17.754Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 17:23:17 - Process(38088.104) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T15:23:17.754Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(31472)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(31472) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 17:34:52 - Process(41664.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T15:34:52.250Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 17:34:57 - Process(38088.105) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T15:34:57.239Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 17:40:52 - Process(41664.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T15:40:52.299Z) + RemoteHost(127.0.0.1(1415)) + CommentInsert1(127.0.0.1(1415)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1415)'. + +EXPLANATION: +A connection from host '127.0.0.1(1415)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 17:40:52 - Process(41664.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T15:40:52.300Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(41664(28944)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 41664(28944) for channel +'CHL.QM1.QM2' ended abnormally. The host name is '127.0.0.1(1415)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 17:43:17 - Process(38088.105) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T15:43:17.687Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 17:43:17 - Process(38088.105) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T15:43:17.687Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(41180)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(41180) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 17:54:52 - Process(27836.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T15:54:52.252Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 17:54:57 - Process(38088.106) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T15:54:57.258Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 18:00:52 - Process(27836.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T16:00:52.305Z) + RemoteHost(127.0.0.1(1415)) + CommentInsert1(127.0.0.1(1415)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1415)'. + +EXPLANATION: +A connection from host '127.0.0.1(1415)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 18:00:52 - Process(27836.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T16:00:52.305Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(27836(28076)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 27836(28076) for channel +'CHL.QM1.QM2' ended abnormally. The host name is '127.0.0.1(1415)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 18:03:17 - Process(38088.106) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T16:03:17.768Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 18:03:17 - Process(38088.106) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T16:03:17.768Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(49188)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(49188) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 18:14:52 - Process(82172.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T16:14:52.266Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 18:14:57 - Process(38088.107) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T16:14:57.268Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 18:20:52 - Process(82172.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T16:20:52.317Z) + RemoteHost(127.0.0.1(1415)) + CommentInsert1(127.0.0.1(1415)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1415)'. + +EXPLANATION: +A connection from host '127.0.0.1(1415)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 18:20:52 - Process(82172.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T16:20:52.318Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(82172(38864)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 82172(38864) for channel +'CHL.QM1.QM2' ended abnormally. The host name is '127.0.0.1(1415)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 18:23:17 - Process(38088.107) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T16:23:17.743Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 18:23:17 - Process(38088.107) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T16:23:17.744Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(51136)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 38088(51136) for channel +'CHL.QM2.QM1' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 18:34:52 - Process(70356.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T16:34:52.331Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 18:34:57 - Process(38088.110) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T16:34:57.430Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 20:32:36 - Process(70356.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T18:32:36.561Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9545I: Disconnect interval expired. + +EXPLANATION: +Channel 'CHL.QM1.QM2' closed because no messages arrived on the transmission +queue within the disconnect interval period. +ACTION: +None. +----- amqrmtra.c : 2465 ------------------------------------------------------- +25/10/2018 20:32:36 - Process(70356.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T18:32:36.561Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(70356(78080)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9001I: Channel 'CHL.QM1.QM2' ended normally. + +EXPLANATION: +Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended normally. +ACTION: +None. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 20:47:50 - Process(38088.110) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T18:47:50.815Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9545I: Disconnect interval expired. + +EXPLANATION: +Channel 'CHL.QM2.QM1' closed because no messages arrived on the transmission +queue within the disconnect interval period. +ACTION: +None. +----- cmqxrfpt.c : 700 -------------------------------------------------------- +25/10/2018 20:47:50 - Process(38088.110) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-25T18:47:50.815Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(99356)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9001I: Channel 'CHL.QM2.QM1' ended normally. + +EXPLANATION: +Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended normally. +ACTION: +None. +----- amqrmrsa.c : 945 -------------------------------------------------------- +26/10/2018 11:05:08 - Process(61604.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T09:05:08.914Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +26/10/2018 11:05:11 - Process(38088.112) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T09:05:11.632Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +26/10/2018 15:57:07 - Process(38088.113) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:57:07.951Z) + RemoteHost(127.0.0.1) + ArithInsert1(10054) ArithInsert2(10054) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3( recv()) + +AMQ9208E: Error on receive from host picmention (127.0.0.1). + +EXPLANATION: +An error occurred receiving data from picmention (127.0.0.1) over TCP/IP. This +may be due to a communications failure. +ACTION: +The return code from the TCP/IP recv() call was 10054 (X'2746'). Record these +values and tell the systems administrator. +----- amqccita.c : 4350 ------------------------------------------------------- +26/10/2018 15:57:07 - Process(38088.111) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:57:07.952Z) + RemoteHost(127.0.0.1) + ArithInsert1(10054) ArithInsert2(10054) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3( recv()) + +AMQ9208E: Error on receive from host picmention (127.0.0.1). + +EXPLANATION: +An error occurred receiving data from picmention (127.0.0.1) over TCP/IP. This +may be due to a communications failure. +ACTION: +The return code from the TCP/IP recv() call was 10054 (X'2746'). Record these +values and tell the systems administrator. +----- amqccita.c : 4350 ------------------------------------------------------- +26/10/2018 15:57:07 - Process(38088.111) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:57:07.954Z) + CommentInsert1(CLI.LOGSTASH) + CommentInsert2(38088(40480)) + CommentInsert3(127.0.0.1) + +AMQ9999E: Channel 'CLI.LOGSTASH' to host '127.0.0.1' ended abnormally. + +EXPLANATION: +The channel program running under process ID 38088(40480) for channel +'CLI.LOGSTASH' ended abnormally. The host name is '127.0.0.1'; in some cases +the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +26/10/2018 15:57:07 - Process(38088.113) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:57:07.953Z) + CommentInsert1(CLI.LOGSTASH) + CommentInsert2(38088(15476)) + CommentInsert3(127.0.0.1) + +AMQ9999E: Channel 'CLI.LOGSTASH' to host '127.0.0.1' ended abnormally. + +EXPLANATION: +The channel program running under process ID 38088(15476) for channel +'CLI.LOGSTASH' ended abnormally. The host name is '127.0.0.1'; in some cases +the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +26/10/2018 15:58:43 - Process(9592.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.964Z) + +AMQ9411I: Repository manager ended normally. + +EXPLANATION: +The repository manager ended normally. +ACTION: +None. +----- amqrrmfa.c : 2108 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(11932.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.976Z) + +AMQ9542W: Queue manager is ending. + +EXPLANATION: +The program will end because the queue manager is quiescing. +ACTION: +None. +----- amqrimna.c : 958 -------------------------------------------------------- +26/10/2018 15:58:43 - Process(61604.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.976Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9542W: Queue manager is ending. + +EXPLANATION: +The program will end because the queue manager is quiescing. +ACTION: +None. +----- amqrmssa.c : 3316 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(1728.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.976Z) + ArithInsert1(2162) + CommentInsert1(DEFERRED_DELIVERY) + +AMQ5041I: The queue manager task 'DEFERRED_DELIVERY' has ended. + +EXPLANATION: +The queue manager task DEFERRED_DELIVERY has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(61604.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.976Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(61604(30868)) + CommentInsert3(127.0.0.1(1415)) + +AMQ9001I: Channel 'CHL.QM1.QM2' ended normally. + +EXPLANATION: +Channel 'CHL.QM1.QM2' to host '127.0.0.1(1415)' ended normally. +ACTION: +None. +----- amqrccca.c : 1131 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(11140.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.981Z) + CommentInsert1(ACTVTRC) + +AMQ5041I: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(11140.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.981Z) + CommentInsert1(ASYNCQ) + +AMQ5041I: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(11140.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.981Z) + CommentInsert1(EXPIRER) + +AMQ5041I: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(11140.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.981Z) + CommentInsert1(DUR-SUBS-MGR) + +AMQ5041I: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(11140.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.981Z) + CommentInsert1(TOPIC-TREE) + +AMQ5041I: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(1728.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.981Z) + CommentInsert1(APP-SIGNAL) + +AMQ5041I: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(1728.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.981Z) + CommentInsert1(DEFERRED-MSG) + +AMQ5041I: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(1728.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.981Z) + CommentInsert1(STATISTICS) + +AMQ5041I: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(1728.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.981Z) + CommentInsert1(MARKINTSCAN) + +AMQ5041I: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(11140.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.982Z) + CommentInsert1(RESOURCE_MONITOR) + +AMQ5041I: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(11140.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.982Z) + CommentInsert1(Q-DELETION) + +AMQ5041I: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(11140.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.982Z) + CommentInsert1(PRESERVED-Q) + +AMQ5041I: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(11140.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.982Z) + CommentInsert1(MULTICAST) + +AMQ5041I: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(14396.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.981Z) + CommentInsert1(QPUBSUB-CTRLR) + +AMQ5041I: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(14396.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.982Z) + CommentInsert1(QPUBSUB-QUEUE-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(11140.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.982Z) + CommentInsert1(ACTVTRC) + +AMQ5041I: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(14396.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.982Z) + CommentInsert1(QPUBSUB-SUBPT-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(14396.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.982Z) + CommentInsert1(PUBSUB-DAEMON) + +AMQ5041I: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(14396.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.985Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Command Task) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Command Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has ended. +ACTION: + +----- cmqxzmup.c : 414 -------------------------------------------------------- +26/10/2018 15:58:43 - Process(14396.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.986Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Fan Out Task) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. +ACTION: + +----- cmqxzmup.c : 414 -------------------------------------------------------- +26/10/2018 15:58:43 - Process(14396.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.986Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Publish Task) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Publish Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has ended. +ACTION: + +----- cmqxzmup.c : 414 -------------------------------------------------------- +26/10/2018 15:58:43 - Process(14396.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.987Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Controller) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Controller' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has ended. +ACTION: + +----- cmqxzmup.c : 4347 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(38088.112) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.991Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9542W: Queue manager is ending. + +EXPLANATION: +The program will end because the queue manager is quiescing. +ACTION: +None. +----- amqrmssa.c : 3316 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(38088.112) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.992Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38088(17868)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9001I: Channel 'CHL.QM2.QM1' ended normally. + +EXPLANATION: +Channel 'CHL.QM2.QM1' to host 'picmention (127.0.0.1)' ended normally. +ACTION: +None. +----- amqrmrsa.c : 945 -------------------------------------------------------- +26/10/2018 15:58:44 - Process(15688.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:44.007Z) + CommentInsert1(QM1) + +AMQ5807I: Queued Publish/Subscribe Daemon for queue manager QM1 ended. + +EXPLANATION: +The Queued Publish/Subscribe Daemon on queue manager QM1 has ended. +ACTION: +None. +----- cmqxfcxc.c : 1583 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(11140.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:44.007Z) + CommentInsert1(ASYNCQ) + +AMQ5041I: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(11140.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:44.007Z) + CommentInsert1(EXPIRER) + +AMQ5041I: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(11140.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:44.007Z) + CommentInsert1(DUR-SUBS-MGR) + +AMQ5041I: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(11140.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:44.007Z) + CommentInsert1(TOPIC-TREE) + +AMQ5041I: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(11140.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:44.007Z) + CommentInsert1(RESOURCE_MONITOR) + +AMQ5041I: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(11140.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:44.007Z) + CommentInsert1(Q-DELETION) + +AMQ5041I: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(11140.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:44.007Z) + CommentInsert1(PRESERVED-Q) + +AMQ5041I: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(11140.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:44.007Z) + CommentInsert1(MULTICAST) + +AMQ5041I: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(1728.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:44.007Z) + CommentInsert1(APP-SIGNAL) + +AMQ5041I: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(1728.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:44.007Z) + CommentInsert1(DEFERRED-MSG) + +AMQ5041I: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(1728.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:44.007Z) + CommentInsert1(MARKINTSCAN) + +AMQ5041I: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(14396.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:44.008Z) + CommentInsert1(QPUBSUB-CTRLR) + +AMQ5041I: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(14396.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:44.008Z) + CommentInsert1(QPUBSUB-QUEUE-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(14396.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:44.008Z) + CommentInsert1(QPUBSUB-SUBPT-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(14396.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:44.008Z) + CommentInsert1(PUBSUB-DAEMON) + +AMQ5041I: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(1728.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:44.035Z) + CommentInsert1(STATISTICS) + +AMQ5041I: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(6864.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:43.989Z) + ArithInsert1(9596) + CommentInsert1(SYSTEM.CMDSERVER.1) + +AMQ5025I: The command server has ended. ProcessId(9596). + +EXPLANATION: +The command server process has ended. +ACTION: +None. +----- amqzmgr0.c : 5567 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(1728.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:44.042Z) + CommentInsert1(ERROR-LOG) + +AMQ5041I: The queue manager task 'ERROR-LOG' has ended. + +EXPLANATION: +The queue manager task ERROR-LOG has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(6864.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:44.042Z) + ArithInsert1(17532) + CommentInsert1(LISTENER.TCP) + +AMQ5027I: The listener 'LISTENER.TCP' has ended. ProcessId(17532). + +EXPLANATION: +The listener process has ended. +ACTION: +None. +----- amqzmgr0.c : 5578 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(6864.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:44.048Z) + ArithInsert1(11932) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ5023I: The channel initiator has ended. ProcessId(11932). + +EXPLANATION: +The channel initiator process has ended. +ACTION: +None. +----- amqzmgr0.c : 5556 ------------------------------------------------------- +26/10/2018 15:58:47 - Process(11140.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:47.592Z) + CommentInsert1(CHECKPOINT) + +AMQ5041I: The queue manager task 'CHECKPOINT' has ended. + +EXPLANATION: +The queue manager task CHECKPOINT has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:47 - Process(11140.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:47.612Z) + CommentInsert1(LOGGER-IO) + +AMQ5041I: The queue manager task 'LOGGER-IO' has ended. + +EXPLANATION: +The queue manager task LOGGER-IO has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:47 - Process(8480.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-26T13:58:47.619Z) + CommentInsert3(QM1) + +AMQ8004I: IBM MQ queue manager 'QM1' ended. + +EXPLANATION: +IBM MQ queue manager 'QM1' ended. +ACTION: +None. +----- amqzxma0.c : 1947 ------------------------------------------------------- +28/10/2018 15:12:08 - Process(8064.3) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:08.923Z) + ArithInsert2(1) + CommentInsert1(LOGGER-IO) + +AMQ5051I: The queue manager task 'LOGGER-IO' has started. + +EXPLANATION: +The critical utility task manager has started the LOGGER-IO task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:09 - Process(7360.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:09.145Z) + ArithInsert1(5) + CommentInsert1(QM1) + +AMQ7229I: 5 log records accessed on queue manager 'QM1' during the log replay +phase. + +EXPLANATION: +5 log records have been accessed so far on queue manager QM1 during the log +replay phase in order to bring the queue manager back to a previously known +state. +ACTION: +None. +----- amqalms0.c : 1010 ------------------------------------------------------- +28/10/2018 15:12:09 - Process(7360.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:09.146Z) + ArithInsert1(5) + CommentInsert1(QM1) + +AMQ7230I: Log replay for queue manager 'QM1' complete. + +EXPLANATION: +The log replay phase of the queue manager restart process has been completed +for queue manager QM1. +ACTION: +None. +----- amqalms0.c : 1015 ------------------------------------------------------- +28/10/2018 15:12:09 - Process(7360.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:09.150Z) + CommentInsert1(QM1) + +AMQ7231I: 0 log records accessed on queue manager 'QM1' during the recovery +phase. + +EXPLANATION: +0 log records have been accessed so far on queue manager QM1 during the +recovery phase of the transactions manager state. +ACTION: +None. +----- amqatmra.c : 713 -------------------------------------------------------- +28/10/2018 15:12:09 - Process(7360.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:09.151Z) + CommentInsert1(QM1) + +AMQ7232I: Transaction manager state recovered for queue manager 'QM1'. + +EXPLANATION: +The state of transactions at the time the queue manager ended has been +recovered for queue manager QM1. +ACTION: +None. +----- amqatmra.c : 718 -------------------------------------------------------- +28/10/2018 15:12:09 - Process(7360.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:09.156Z) + CommentInsert1(QM1) + +AMQ7233I: 0 out of 0 in-flight transactions resolved for queue manager 'QM1'. + +EXPLANATION: +0 transactions out of 0 in-flight at the time queue manager QM1 ended have been +resolved. +ACTION: +None. +----- amqatmra.c : 1315 ------------------------------------------------------- +28/10/2018 15:12:09 - Process(8064.8) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:09.332Z) + ArithInsert2(1) + CommentInsert1(CHECKPOINT) + +AMQ5051I: The queue manager task 'CHECKPOINT' has started. + +EXPLANATION: +The critical utility task manager has started the CHECKPOINT task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:09 - Process(8452.3) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:09.387Z) + ArithInsert2(1) + CommentInsert1(ERROR-LOG) + +AMQ5037I: The queue manager task 'ERROR-LOG' has started. + +EXPLANATION: +The restartable utility task manager has started the ERROR-LOG task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:09 - Process(8452.4) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:09.387Z) + ArithInsert2(1) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:09 - Process(8452.7) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:09.387Z) + ArithInsert2(2) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 2 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:09 - Process(8452.5) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:09.390Z) + ArithInsert2(3) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 3 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:09 - Process(8452.6) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:09.391Z) + ArithInsert2(4) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 4 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:09 - Process(7360.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:09.844Z) + CommentInsert1(9.1.0.0) + CommentInsert3(QM1) + +AMQ8003I: IBM MQ queue manager 'QM1' started using V9.1.0.0. + +EXPLANATION: +IBM MQ queue manager 'QM1' started using V9.1.0.0. +ACTION: +None. +----- amqzxma0.c : 4119 ------------------------------------------------------- +28/10/2018 15:12:09 - Process(8452.9) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:09.848Z) + ArithInsert2(1) + CommentInsert1(DEFERRED_DELIVERY) + +AMQ5037I: The queue manager task 'DEFERRED_DELIVERY' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED_DELIVERY task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8788.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.191Z) + +AMQ9410I: Repository manager started. + +EXPLANATION: +The repository manager started successfully. +ACTION: +None. +----- amqrrmfa.c : 2195 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8064.20) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.219Z) + ArithInsert2(1) + CommentInsert1(ASYNCQ) + +AMQ5051I: The queue manager task 'ASYNCQ' has started. + +EXPLANATION: +The critical utility task manager has started the ASYNCQ task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8064.21) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.221Z) + ArithInsert2(1) + CommentInsert1(EXPIRER) + +AMQ5051I: The queue manager task 'EXPIRER' has started. + +EXPLANATION: +The critical utility task manager has started the EXPIRER task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8452.10) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.261Z) + ArithInsert2(1) + CommentInsert1(DEFERRED-MSG) + +AMQ5037I: The queue manager task 'DEFERRED-MSG' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED-MSG task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8064.19) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.272Z) + ArithInsert2(1) + CommentInsert1(ACTVTRC) + +AMQ5051I: The queue manager task 'ACTVTRC' has started. + +EXPLANATION: +The critical utility task manager has started the ACTVTRC task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8452.11) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.273Z) + ArithInsert2(1) + CommentInsert1(STATISTICS) + +AMQ5037I: The queue manager task 'STATISTICS' has started. + +EXPLANATION: +The restartable utility task manager has started the STATISTICS task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8064.22) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.274Z) + ArithInsert2(1) + CommentInsert1(DUR-SUBS-MGR) + +AMQ5051I: The queue manager task 'DUR-SUBS-MGR' has started. + +EXPLANATION: +The critical utility task manager has started the DUR-SUBS-MGR task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8064.24) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.315Z) + ArithInsert2(1) + CommentInsert1(RESOURCE_MONITOR) + +AMQ5051I: The queue manager task 'RESOURCE_MONITOR' has started. + +EXPLANATION: +The critical utility task manager has started the RESOURCE_MONITOR task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8680.3) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.324Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-CTRLR) + +AMQ5052I: The queue manager task 'QPUBSUB-CTRLR' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the QPUBSUB-CTRLR task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8680.4) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.335Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-QUEUE-NLCACHE) + +AMQ5052I: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-QUEUE-NLCACHE task. This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8452.12) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.337Z) + ArithInsert2(1) + CommentInsert1(MARKINTSCAN) + +AMQ5037I: The queue manager task 'MARKINTSCAN' has started. + +EXPLANATION: +The restartable utility task manager has started the MARKINTSCAN task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8064.25) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.339Z) + ArithInsert2(1) + CommentInsert1(Q-DELETION) + +AMQ5051I: The queue manager task 'Q-DELETION' has started. + +EXPLANATION: +The critical utility task manager has started the Q-DELETION task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8064.23) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.361Z) + ArithInsert2(1) + CommentInsert1(TOPIC-TREE) + +AMQ5051I: The queue manager task 'TOPIC-TREE' has started. + +EXPLANATION: +The critical utility task manager has started the TOPIC-TREE task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8680.5) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.363Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-SUBPT-NLCACHE) + +AMQ5052I: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-SUBPT-NLCACHE task. This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8680.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.364Z) + ArithInsert2(1) + CommentInsert1(PUBSUB-DAEMON) + +AMQ5052I: The queue manager task 'PUBSUB-DAEMON' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the PUBSUB-DAEMON task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8064.26) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.364Z) + ArithInsert2(1) + CommentInsert1(PRESERVED-Q) + +AMQ5051I: The queue manager task 'PRESERVED-Q' has started. + +EXPLANATION: +The critical utility task manager has started the PRESERVED-Q task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8680.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.365Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Controller) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Controller' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has started. +ACTION: +None. +----- cmqxzmup.c : 3951 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8064.27) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.368Z) + ArithInsert2(1) + CommentInsert1(MULTICAST) + +AMQ5051I: The queue manager task 'MULTICAST' has started. + +EXPLANATION: +The critical utility task manager has started the MULTICAST task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8680.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.393Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Publish Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Publish Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +28/10/2018 15:12:10 - Process(8680.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.411Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Command Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Command Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +28/10/2018 15:12:10 - Process(8680.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.515Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Fan Out Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Fan Out Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +28/10/2018 15:12:10 - Process(9008.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.563Z) + CommentInsert1(QM1) + +AMQ5806I: Queued Publish/Subscribe Daemon started for queue manager QM1. + +EXPLANATION: +Queued Publish/Subscribe Daemon started for queue manager QM1. +ACTION: +None. +----- cmqxfcxc.c : 1397 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8972.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.516Z) + ArithInsert1(9148) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ5022I: The channel initiator has started. ProcessId(9148). + +EXPLANATION: +The channel initiator process has started. +ACTION: +None. +----- amqzmgr0.c : 2932 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8972.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.687Z) + ArithInsert1(8672) + CommentInsert1(SYSTEM.CMDSERVER.1) + +AMQ5024I: The command server has started. ProcessId(8672). + +EXPLANATION: +The command server process has started. +ACTION: +None. +----- amqzmgr0.c : 2941 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8972.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:10.698Z) + ArithInsert1(8652) + CommentInsert1(LISTENER.TCP) + +AMQ5026I: The listener 'LISTENER.TCP' has started. ProcessId(8652). + +EXPLANATION: +The listener process has started. +ACTION: +None. +----- amqzmgr0.c : 2949 ------------------------------------------------------- +28/10/2018 15:12:11 - Process(9148.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-28T14:12:11.308Z) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ8024I: IBM MQ channel initiator started. + +EXPLANATION: +The channel initiator for queue SYSTEM.CHANNEL.INITQ has been started. +ACTION: +None. +----- amqrimna.c : 866 -------------------------------------------------------- +29/10/2018 16:48:17 - Process(8788.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.289Z) + +AMQ9411I: Repository manager ended normally. + +EXPLANATION: +The repository manager ended normally. +ACTION: +None. +----- amqrrmfa.c : 2108 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8452.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.309Z) + ArithInsert1(2162) + CommentInsert1(DEFERRED_DELIVERY) + +AMQ5041I: The queue manager task 'DEFERRED_DELIVERY' has ended. + +EXPLANATION: +The queue manager task DEFERRED_DELIVERY has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(9148.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.310Z) + +AMQ9542W: Queue manager is ending. + +EXPLANATION: +The program will end because the queue manager is quiescing. +ACTION: +None. +----- amqrimna.c : 958 -------------------------------------------------------- +29/10/2018 16:48:17 - Process(8680.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.313Z) + CommentInsert1(QPUBSUB-CTRLR) + +AMQ5041I: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8452.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.315Z) + CommentInsert1(APP-SIGNAL) + +AMQ5041I: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8064.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.314Z) + CommentInsert1(ACTVTRC) + +AMQ5041I: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8680.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.318Z) + CommentInsert1(QPUBSUB-QUEUE-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8452.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.318Z) + CommentInsert1(DEFERRED-MSG) + +AMQ5041I: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8680.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.318Z) + CommentInsert1(QPUBSUB-SUBPT-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8680.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.318Z) + CommentInsert1(PUBSUB-DAEMON) + +AMQ5041I: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8064.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.318Z) + CommentInsert1(ASYNCQ) + +AMQ5041I: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8064.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.318Z) + CommentInsert1(EXPIRER) + +AMQ5041I: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8064.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.318Z) + CommentInsert1(DUR-SUBS-MGR) + +AMQ5041I: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8064.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.318Z) + CommentInsert1(TOPIC-TREE) + +AMQ5041I: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8064.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.318Z) + CommentInsert1(RESOURCE_MONITOR) + +AMQ5041I: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8064.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.318Z) + CommentInsert1(Q-DELETION) + +AMQ5041I: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8064.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.318Z) + CommentInsert1(PRESERVED-Q) + +AMQ5041I: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8452.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.318Z) + CommentInsert1(STATISTICS) + +AMQ5041I: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8064.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.318Z) + CommentInsert1(MULTICAST) + +AMQ5041I: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8452.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.318Z) + CommentInsert1(MARKINTSCAN) + +AMQ5041I: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8064.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.318Z) + CommentInsert1(ACTVTRC) + +AMQ5041I: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8064.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.318Z) + CommentInsert1(ASYNCQ) + +AMQ5041I: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8452.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.318Z) + CommentInsert1(APP-SIGNAL) + +AMQ5041I: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8452.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.318Z) + CommentInsert1(DEFERRED-MSG) + +AMQ5041I: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8680.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.319Z) + CommentInsert1(QPUBSUB-QUEUE-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8680.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.319Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Publish Task) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Publish Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has ended. +ACTION: + +----- cmqxzmup.c : 414 -------------------------------------------------------- +29/10/2018 16:48:17 - Process(8680.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.320Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Command Task) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Command Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has ended. +ACTION: + +----- cmqxzmup.c : 414 -------------------------------------------------------- +29/10/2018 16:48:17 - Process(8680.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.337Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Fan Out Task) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. +ACTION: + +----- cmqxzmup.c : 414 -------------------------------------------------------- +29/10/2018 16:48:17 - Process(8680.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.338Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Controller) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Controller' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has ended. +ACTION: + +----- cmqxzmup.c : 4347 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(9008.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.340Z) + CommentInsert1(QM1) + +AMQ5807I: Queued Publish/Subscribe Daemon for queue manager QM1 ended. + +EXPLANATION: +The Queued Publish/Subscribe Daemon on queue manager QM1 has ended. +ACTION: +None. +----- cmqxfcxc.c : 1583 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8064.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.354Z) + CommentInsert1(EXPIRER) + +AMQ5041I: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8064.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.354Z) + CommentInsert1(DUR-SUBS-MGR) + +AMQ5041I: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8064.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.354Z) + CommentInsert1(TOPIC-TREE) + +AMQ5041I: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8064.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.354Z) + CommentInsert1(RESOURCE_MONITOR) + +AMQ5041I: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8064.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.355Z) + CommentInsert1(Q-DELETION) + +AMQ5041I: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8064.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.355Z) + CommentInsert1(PRESERVED-Q) + +AMQ5041I: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8064.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.355Z) + CommentInsert1(MULTICAST) + +AMQ5041I: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8452.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.355Z) + CommentInsert1(STATISTICS) + +AMQ5041I: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8452.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.355Z) + CommentInsert1(MARKINTSCAN) + +AMQ5041I: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8680.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.355Z) + CommentInsert1(QPUBSUB-CTRLR) + +AMQ5041I: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8680.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.355Z) + CommentInsert1(QPUBSUB-SUBPT-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8680.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.355Z) + CommentInsert1(PUBSUB-DAEMON) + +AMQ5041I: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8972.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.314Z) + ArithInsert1(8672) + CommentInsert1(SYSTEM.CMDSERVER.1) + +AMQ5025I: The command server has ended. ProcessId(8672). + +EXPLANATION: +The command server process has ended. +ACTION: +None. +----- amqzmgr0.c : 5567 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8452.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.369Z) + CommentInsert1(ERROR-LOG) + +AMQ5041I: The queue manager task 'ERROR-LOG' has ended. + +EXPLANATION: +The queue manager task ERROR-LOG has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8972.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.369Z) + ArithInsert1(8652) + CommentInsert1(LISTENER.TCP) + +AMQ5027I: The listener 'LISTENER.TCP' has ended. ProcessId(8652). + +EXPLANATION: +The listener process has ended. +ACTION: +None. +----- amqzmgr0.c : 5578 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8972.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.373Z) + ArithInsert1(9148) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ5023I: The channel initiator has ended. ProcessId(9148). + +EXPLANATION: +The channel initiator process has ended. +ACTION: +None. +----- amqzmgr0.c : 5556 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8064.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.709Z) + CommentInsert1(CHECKPOINT) + +AMQ5041I: The queue manager task 'CHECKPOINT' has ended. + +EXPLANATION: +The queue manager task CHECKPOINT has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8064.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.723Z) + CommentInsert1(LOGGER-IO) + +AMQ5041I: The queue manager task 'LOGGER-IO' has ended. + +EXPLANATION: +The queue manager task LOGGER-IO has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(7360.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:17.742Z) + CommentInsert3(QM1) + +AMQ8004I: IBM MQ queue manager 'QM1' ended. + +EXPLANATION: +IBM MQ queue manager 'QM1' ended. +ACTION: +None. +----- amqzxma0.c : 1947 ------------------------------------------------------- +29/10/2018 16:48:53 - Process(8084.3) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:53.546Z) + ArithInsert2(1) + CommentInsert1(LOGGER-IO) + +AMQ5051I: The queue manager task 'LOGGER-IO' has started. + +EXPLANATION: +The critical utility task manager has started the LOGGER-IO task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:53 - Process(7660.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:53.657Z) + ArithInsert1(5) + CommentInsert1(QM1) + +AMQ7229I: 5 log records accessed on queue manager 'QM1' during the log replay +phase. + +EXPLANATION: +5 log records have been accessed so far on queue manager QM1 during the log +replay phase in order to bring the queue manager back to a previously known +state. +ACTION: +None. +----- amqalms0.c : 1010 ------------------------------------------------------- +29/10/2018 16:48:53 - Process(7660.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:53.658Z) + ArithInsert1(5) + CommentInsert1(QM1) + +AMQ7230I: Log replay for queue manager 'QM1' complete. + +EXPLANATION: +The log replay phase of the queue manager restart process has been completed +for queue manager QM1. +ACTION: +None. +----- amqalms0.c : 1015 ------------------------------------------------------- +29/10/2018 16:48:53 - Process(7660.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:53.660Z) + CommentInsert1(QM1) + +AMQ7231I: 0 log records accessed on queue manager 'QM1' during the recovery +phase. + +EXPLANATION: +0 log records have been accessed so far on queue manager QM1 during the +recovery phase of the transactions manager state. +ACTION: +None. +----- amqatmra.c : 713 -------------------------------------------------------- +29/10/2018 16:48:53 - Process(7660.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:53.660Z) + CommentInsert1(QM1) + +AMQ7232I: Transaction manager state recovered for queue manager 'QM1'. + +EXPLANATION: +The state of transactions at the time the queue manager ended has been +recovered for queue manager QM1. +ACTION: +None. +----- amqatmra.c : 718 -------------------------------------------------------- +29/10/2018 16:48:53 - Process(7660.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:53.696Z) + CommentInsert1(QM1) + +AMQ7233I: 0 out of 0 in-flight transactions resolved for queue manager 'QM1'. + +EXPLANATION: +0 transactions out of 0 in-flight at the time queue manager QM1 ended have been +resolved. +ACTION: +None. +----- amqatmra.c : 1315 ------------------------------------------------------- +29/10/2018 16:48:53 - Process(8084.8) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:53.798Z) + ArithInsert2(1) + CommentInsert1(CHECKPOINT) + +AMQ5051I: The queue manager task 'CHECKPOINT' has started. + +EXPLANATION: +The critical utility task manager has started the CHECKPOINT task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:53 - Process(8344.5) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:53.902Z) + ArithInsert2(1) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:53 - Process(8344.6) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:53.916Z) + ArithInsert2(2) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 2 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:53 - Process(8344.3) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:53.918Z) + ArithInsert2(1) + CommentInsert1(ERROR-LOG) + +AMQ5037I: The queue manager task 'ERROR-LOG' has started. + +EXPLANATION: +The restartable utility task manager has started the ERROR-LOG task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:53 - Process(8344.4) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:53.919Z) + ArithInsert2(3) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 3 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:53 - Process(8344.7) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:53.919Z) + ArithInsert2(4) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 4 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(7660.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.070Z) + CommentInsert1(9.1.0.0) + CommentInsert3(QM1) + +AMQ8003I: IBM MQ queue manager 'QM1' started using V9.1.0.0. + +EXPLANATION: +IBM MQ queue manager 'QM1' started using V9.1.0.0. +ACTION: +None. +----- amqzxma0.c : 4119 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8344.9) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.089Z) + ArithInsert2(1) + CommentInsert1(DEFERRED_DELIVERY) + +AMQ5037I: The queue manager task 'DEFERRED_DELIVERY' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED_DELIVERY task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8668.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.224Z) + +AMQ9410I: Repository manager started. + +EXPLANATION: +The repository manager started successfully. +ACTION: +None. +----- amqrrmfa.c : 2195 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8344.10) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.225Z) + ArithInsert2(1) + CommentInsert1(DEFERRED-MSG) + +AMQ5037I: The queue manager task 'DEFERRED-MSG' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED-MSG task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8084.21) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.226Z) + ArithInsert2(1) + CommentInsert1(EXPIRER) + +AMQ5051I: The queue manager task 'EXPIRER' has started. + +EXPLANATION: +The critical utility task manager has started the EXPIRER task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8084.22) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.229Z) + ArithInsert2(1) + CommentInsert1(DUR-SUBS-MGR) + +AMQ5051I: The queue manager task 'DUR-SUBS-MGR' has started. + +EXPLANATION: +The critical utility task manager has started the DUR-SUBS-MGR task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8084.19) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.233Z) + ArithInsert2(1) + CommentInsert1(ACTVTRC) + +AMQ5051I: The queue manager task 'ACTVTRC' has started. + +EXPLANATION: +The critical utility task manager has started the ACTVTRC task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8344.11) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.234Z) + ArithInsert2(1) + CommentInsert1(STATISTICS) + +AMQ5037I: The queue manager task 'STATISTICS' has started. + +EXPLANATION: +The restartable utility task manager has started the STATISTICS task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8084.20) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.235Z) + ArithInsert2(1) + CommentInsert1(ASYNCQ) + +AMQ5051I: The queue manager task 'ASYNCQ' has started. + +EXPLANATION: +The critical utility task manager has started the ASYNCQ task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8084.23) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.258Z) + ArithInsert2(1) + CommentInsert1(TOPIC-TREE) + +AMQ5051I: The queue manager task 'TOPIC-TREE' has started. + +EXPLANATION: +The critical utility task manager has started the TOPIC-TREE task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8612.3) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.258Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-CTRLR) + +AMQ5052I: The queue manager task 'QPUBSUB-CTRLR' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the QPUBSUB-CTRLR task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8084.24) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.259Z) + ArithInsert2(1) + CommentInsert1(RESOURCE_MONITOR) + +AMQ5051I: The queue manager task 'RESOURCE_MONITOR' has started. + +EXPLANATION: +The critical utility task manager has started the RESOURCE_MONITOR task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8344.12) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.264Z) + ArithInsert2(1) + CommentInsert1(MARKINTSCAN) + +AMQ5037I: The queue manager task 'MARKINTSCAN' has started. + +EXPLANATION: +The restartable utility task manager has started the MARKINTSCAN task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8612.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.264Z) + ArithInsert2(1) + CommentInsert1(PUBSUB-DAEMON) + +AMQ5052I: The queue manager task 'PUBSUB-DAEMON' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the PUBSUB-DAEMON task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8612.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.265Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Controller) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Controller' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has started. +ACTION: +None. +----- cmqxzmup.c : 3951 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8084.27) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.266Z) + ArithInsert2(1) + CommentInsert1(MULTICAST) + +AMQ5051I: The queue manager task 'MULTICAST' has started. + +EXPLANATION: +The critical utility task manager has started the MULTICAST task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8612.4) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.277Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-QUEUE-NLCACHE) + +AMQ5052I: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-QUEUE-NLCACHE task. This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8612.5) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.280Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-SUBPT-NLCACHE) + +AMQ5052I: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-SUBPT-NLCACHE task. This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8084.26) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.282Z) + ArithInsert2(1) + CommentInsert1(PRESERVED-Q) + +AMQ5051I: The queue manager task 'PRESERVED-Q' has started. + +EXPLANATION: +The critical utility task manager has started the PRESERVED-Q task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8084.25) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.282Z) + ArithInsert2(1) + CommentInsert1(Q-DELETION) + +AMQ5051I: The queue manager task 'Q-DELETION' has started. + +EXPLANATION: +The critical utility task manager has started the Q-DELETION task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8612.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.285Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Command Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Command Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +29/10/2018 16:48:54 - Process(8612.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.287Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Publish Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Publish Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +29/10/2018 16:48:54 - Process(8612.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.308Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Fan Out Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Fan Out Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +29/10/2018 16:48:54 - Process(8880.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.440Z) + ArithInsert1(9064) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ5022I: The channel initiator has started. ProcessId(9064). + +EXPLANATION: +The channel initiator process has started. +ACTION: +None. +----- amqzmgr0.c : 2932 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8880.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.444Z) + ArithInsert1(9080) + CommentInsert1(SYSTEM.CMDSERVER.1) + +AMQ5024I: The command server has started. ProcessId(9080). + +EXPLANATION: +The command server process has started. +ACTION: +None. +----- amqzmgr0.c : 2941 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8880.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.448Z) + ArithInsert1(9088) + CommentInsert1(LISTENER.TCP) + +AMQ5026I: The listener 'LISTENER.TCP' has started. ProcessId(9088). + +EXPLANATION: +The listener process has started. +ACTION: +None. +----- amqzmgr0.c : 2949 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8888.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.532Z) + CommentInsert1(QM1) + +AMQ5806I: Queued Publish/Subscribe Daemon started for queue manager QM1. + +EXPLANATION: +Queued Publish/Subscribe Daemon started for queue manager QM1. +ACTION: +None. +----- cmqxfcxc.c : 1397 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(9064.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:48:54.657Z) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ8024I: IBM MQ channel initiator started. + +EXPLANATION: +The channel initiator for queue SYSTEM.CHANNEL.INITQ has been started. +ACTION: +None. +----- amqrimna.c : 866 -------------------------------------------------------- +29/10/2018 16:49:02 - Process(8668.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.126Z) + +AMQ9411I: Repository manager ended normally. + +EXPLANATION: +The repository manager ended normally. +ACTION: +None. +----- amqrrmfa.c : 2108 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(9064.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.151Z) + +AMQ9542W: Queue manager is ending. + +EXPLANATION: +The program will end because the queue manager is quiescing. +ACTION: +None. +----- amqrimna.c : 958 -------------------------------------------------------- +29/10/2018 16:49:02 - Process(8344.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.152Z) + ArithInsert1(2162) + CommentInsert1(DEFERRED_DELIVERY) + +AMQ5041I: The queue manager task 'DEFERRED_DELIVERY' has ended. + +EXPLANATION: +The queue manager task DEFERRED_DELIVERY has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8084.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.156Z) + CommentInsert1(ACTVTRC) + +AMQ5041I: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8084.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.157Z) + CommentInsert1(ASYNCQ) + +AMQ5041I: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8084.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.157Z) + CommentInsert1(EXPIRER) + +AMQ5041I: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8612.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.157Z) + CommentInsert1(QPUBSUB-CTRLR) + +AMQ5041I: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8612.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.157Z) + CommentInsert1(QPUBSUB-QUEUE-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8344.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.157Z) + CommentInsert1(APP-SIGNAL) + +AMQ5041I: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8612.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.157Z) + CommentInsert1(QPUBSUB-SUBPT-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8612.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.157Z) + CommentInsert1(PUBSUB-DAEMON) + +AMQ5041I: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8344.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.157Z) + CommentInsert1(DEFERRED-MSG) + +AMQ5041I: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8344.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.157Z) + CommentInsert1(STATISTICS) + +AMQ5041I: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8344.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.157Z) + CommentInsert1(MARKINTSCAN) + +AMQ5041I: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8084.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.157Z) + CommentInsert1(DUR-SUBS-MGR) + +AMQ5041I: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8084.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.157Z) + CommentInsert1(TOPIC-TREE) + +AMQ5041I: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8084.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.157Z) + CommentInsert1(RESOURCE_MONITOR) + +AMQ5041I: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8084.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.157Z) + CommentInsert1(Q-DELETION) + +AMQ5041I: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8084.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.157Z) + CommentInsert1(PRESERVED-Q) + +AMQ5041I: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8084.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.157Z) + CommentInsert1(MULTICAST) + +AMQ5041I: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8084.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.158Z) + CommentInsert1(ACTVTRC) + +AMQ5041I: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8612.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.158Z) + CommentInsert1(QPUBSUB-QUEUE-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8612.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.159Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Command Task) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Command Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has ended. +ACTION: + +----- cmqxzmup.c : 414 -------------------------------------------------------- +29/10/2018 16:49:02 - Process(8612.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.159Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Publish Task) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Publish Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has ended. +ACTION: + +----- cmqxzmup.c : 414 -------------------------------------------------------- +29/10/2018 16:49:02 - Process(8888.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.168Z) + CommentInsert1(QM1) + +AMQ5807I: Queued Publish/Subscribe Daemon for queue manager QM1 ended. + +EXPLANATION: +The Queued Publish/Subscribe Daemon on queue manager QM1 has ended. +ACTION: +None. +----- cmqxfcxc.c : 1583 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8612.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.209Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Fan Out Task) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. +ACTION: + +----- cmqxzmup.c : 414 -------------------------------------------------------- +29/10/2018 16:49:02 - Process(8612.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.234Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Controller) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Controller' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has ended. +ACTION: + +----- cmqxzmup.c : 4347 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8084.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.327Z) + CommentInsert1(ASYNCQ) + +AMQ5041I: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8084.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.327Z) + CommentInsert1(EXPIRER) + +AMQ5041I: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8084.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.327Z) + CommentInsert1(DUR-SUBS-MGR) + +AMQ5041I: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8084.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.327Z) + CommentInsert1(TOPIC-TREE) + +AMQ5041I: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8084.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.329Z) + CommentInsert1(RESOURCE_MONITOR) + +AMQ5041I: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8084.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.329Z) + CommentInsert1(Q-DELETION) + +AMQ5041I: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8084.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.329Z) + CommentInsert1(PRESERVED-Q) + +AMQ5041I: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8084.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.329Z) + CommentInsert1(MULTICAST) + +AMQ5041I: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8344.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.342Z) + CommentInsert1(APP-SIGNAL) + +AMQ5041I: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8344.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.342Z) + CommentInsert1(DEFERRED-MSG) + +AMQ5041I: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8344.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.342Z) + CommentInsert1(STATISTICS) + +AMQ5041I: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8344.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.342Z) + CommentInsert1(MARKINTSCAN) + +AMQ5041I: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8612.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.343Z) + CommentInsert1(QPUBSUB-CTRLR) + +AMQ5041I: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8612.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.343Z) + CommentInsert1(QPUBSUB-SUBPT-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8612.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.343Z) + CommentInsert1(PUBSUB-DAEMON) + +AMQ5041I: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8880.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.444Z) + ArithInsert1(9064) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ5023I: The channel initiator has ended. ProcessId(9064). + +EXPLANATION: +The channel initiator process has ended. +ACTION: +None. +----- amqzmgr0.c : 5556 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8880.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.448Z) + ArithInsert1(9080) + CommentInsert1(SYSTEM.CMDSERVER.1) + +AMQ5025I: The command server has ended. ProcessId(9080). + +EXPLANATION: +The command server process has ended. +ACTION: +None. +----- amqzmgr0.c : 5567 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8344.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.467Z) + CommentInsert1(ERROR-LOG) + +AMQ5041I: The queue manager task 'ERROR-LOG' has ended. + +EXPLANATION: +The queue manager task ERROR-LOG has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8880.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:02.512Z) + ArithInsert1(9088) + CommentInsert1(LISTENER.TCP) + +AMQ5027I: The listener 'LISTENER.TCP' has ended. ProcessId(9088). + +EXPLANATION: +The listener process has ended. +ACTION: +None. +----- amqzmgr0.c : 5578 ------------------------------------------------------- +29/10/2018 16:49:03 - Process(8084.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:03.103Z) + CommentInsert1(CHECKPOINT) + +AMQ5041I: The queue manager task 'CHECKPOINT' has ended. + +EXPLANATION: +The queue manager task CHECKPOINT has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:03 - Process(8084.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:03.125Z) + CommentInsert1(LOGGER-IO) + +AMQ5041I: The queue manager task 'LOGGER-IO' has ended. + +EXPLANATION: +The queue manager task LOGGER-IO has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:03 - Process(7660.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:03.137Z) + CommentInsert3(QM1) + +AMQ8004I: IBM MQ queue manager 'QM1' ended. + +EXPLANATION: +IBM MQ queue manager 'QM1' ended. +ACTION: +None. +----- amqzxma0.c : 1947 ------------------------------------------------------- +29/10/2018 16:49:36 - Process(7624.3) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:36.617Z) + ArithInsert2(1) + CommentInsert1(LOGGER-IO) + +AMQ5051I: The queue manager task 'LOGGER-IO' has started. + +EXPLANATION: +The critical utility task manager has started the LOGGER-IO task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:36 - Process(6780.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:36.640Z) + ArithInsert1(5) + CommentInsert1(QM1) + +AMQ7229I: 5 log records accessed on queue manager 'QM1' during the log replay +phase. + +EXPLANATION: +5 log records have been accessed so far on queue manager QM1 during the log +replay phase in order to bring the queue manager back to a previously known +state. +ACTION: +None. +----- amqalms0.c : 1010 ------------------------------------------------------- +29/10/2018 16:49:36 - Process(6780.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:36.656Z) + ArithInsert1(5) + CommentInsert1(QM1) + +AMQ7230I: Log replay for queue manager 'QM1' complete. + +EXPLANATION: +The log replay phase of the queue manager restart process has been completed +for queue manager QM1. +ACTION: +None. +----- amqalms0.c : 1015 ------------------------------------------------------- +29/10/2018 16:49:36 - Process(6780.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:36.664Z) + CommentInsert1(QM1) + +AMQ7231I: 0 log records accessed on queue manager 'QM1' during the recovery +phase. + +EXPLANATION: +0 log records have been accessed so far on queue manager QM1 during the +recovery phase of the transactions manager state. +ACTION: +None. +----- amqatmra.c : 713 -------------------------------------------------------- +29/10/2018 16:49:36 - Process(6780.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:36.669Z) + CommentInsert1(QM1) + +AMQ7232I: Transaction manager state recovered for queue manager 'QM1'. + +EXPLANATION: +The state of transactions at the time the queue manager ended has been +recovered for queue manager QM1. +ACTION: +None. +----- amqatmra.c : 718 -------------------------------------------------------- +29/10/2018 16:49:36 - Process(6780.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:36.674Z) + CommentInsert1(QM1) + +AMQ7233I: 0 out of 0 in-flight transactions resolved for queue manager 'QM1'. + +EXPLANATION: +0 transactions out of 0 in-flight at the time queue manager QM1 ended have been +resolved. +ACTION: +None. +----- amqatmra.c : 1315 ------------------------------------------------------- +29/10/2018 16:49:36 - Process(7624.8) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:36.726Z) + ArithInsert2(1) + CommentInsert1(CHECKPOINT) + +AMQ5051I: The queue manager task 'CHECKPOINT' has started. + +EXPLANATION: +The critical utility task manager has started the CHECKPOINT task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:36 - Process(8188.3) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:36.828Z) + ArithInsert2(1) + CommentInsert1(ERROR-LOG) + +AMQ5037I: The queue manager task 'ERROR-LOG' has started. + +EXPLANATION: +The restartable utility task manager has started the ERROR-LOG task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:36 - Process(8188.6) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:36.830Z) + ArithInsert2(1) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:36 - Process(8188.7) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:36.832Z) + ArithInsert2(2) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 2 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:36 - Process(8188.4) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:36.849Z) + ArithInsert2(3) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 3 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:36 - Process(8188.5) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:36.849Z) + ArithInsert2(4) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 4 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(6780.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.121Z) + CommentInsert1(9.1.0.0) + CommentInsert3(QM1) + +AMQ8003I: IBM MQ queue manager 'QM1' started using V9.1.0.0. + +EXPLANATION: +IBM MQ queue manager 'QM1' started using V9.1.0.0. +ACTION: +None. +----- amqzxma0.c : 4119 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8188.9) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.161Z) + ArithInsert2(1) + CommentInsert1(DEFERRED_DELIVERY) + +AMQ5037I: The queue manager task 'DEFERRED_DELIVERY' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED_DELIVERY task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8592.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.354Z) + +AMQ9410I: Repository manager started. + +EXPLANATION: +The repository manager started successfully. +ACTION: +None. +----- amqrrmfa.c : 2195 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(7624.19) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.379Z) + ArithInsert2(1) + CommentInsert1(ACTVTRC) + +AMQ5051I: The queue manager task 'ACTVTRC' has started. + +EXPLANATION: +The critical utility task manager has started the ACTVTRC task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(7624.20) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.382Z) + ArithInsert2(1) + CommentInsert1(ASYNCQ) + +AMQ5051I: The queue manager task 'ASYNCQ' has started. + +EXPLANATION: +The critical utility task manager has started the ASYNCQ task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8188.10) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.388Z) + ArithInsert2(1) + CommentInsert1(DEFERRED-MSG) + +AMQ5037I: The queue manager task 'DEFERRED-MSG' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED-MSG task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8188.11) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.389Z) + ArithInsert2(1) + CommentInsert1(STATISTICS) + +AMQ5037I: The queue manager task 'STATISTICS' has started. + +EXPLANATION: +The restartable utility task manager has started the STATISTICS task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(7624.21) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.391Z) + ArithInsert2(1) + CommentInsert1(EXPIRER) + +AMQ5051I: The queue manager task 'EXPIRER' has started. + +EXPLANATION: +The critical utility task manager has started the EXPIRER task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(7624.22) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.392Z) + ArithInsert2(1) + CommentInsert1(DUR-SUBS-MGR) + +AMQ5051I: The queue manager task 'DUR-SUBS-MGR' has started. + +EXPLANATION: +The critical utility task manager has started the DUR-SUBS-MGR task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8484.3) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.422Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-CTRLR) + +AMQ5052I: The queue manager task 'QPUBSUB-CTRLR' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the QPUBSUB-CTRLR task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8484.4) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.422Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-QUEUE-NLCACHE) + +AMQ5052I: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-QUEUE-NLCACHE task. This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(7624.25) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.426Z) + ArithInsert2(1) + CommentInsert1(Q-DELETION) + +AMQ5051I: The queue manager task 'Q-DELETION' has started. + +EXPLANATION: +The critical utility task manager has started the Q-DELETION task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(7624.26) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.427Z) + ArithInsert2(1) + CommentInsert1(PRESERVED-Q) + +AMQ5051I: The queue manager task 'PRESERVED-Q' has started. + +EXPLANATION: +The critical utility task manager has started the PRESERVED-Q task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(7624.23) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.437Z) + ArithInsert2(1) + CommentInsert1(TOPIC-TREE) + +AMQ5051I: The queue manager task 'TOPIC-TREE' has started. + +EXPLANATION: +The critical utility task manager has started the TOPIC-TREE task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(7624.24) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.439Z) + ArithInsert2(1) + CommentInsert1(RESOURCE_MONITOR) + +AMQ5051I: The queue manager task 'RESOURCE_MONITOR' has started. + +EXPLANATION: +The critical utility task manager has started the RESOURCE_MONITOR task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8484.5) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.447Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-SUBPT-NLCACHE) + +AMQ5052I: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-SUBPT-NLCACHE task. This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8484.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.450Z) + ArithInsert2(1) + CommentInsert1(PUBSUB-DAEMON) + +AMQ5052I: The queue manager task 'PUBSUB-DAEMON' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the PUBSUB-DAEMON task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8484.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.450Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Controller) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Controller' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has started. +ACTION: +None. +----- cmqxzmup.c : 3951 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8188.12) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.452Z) + ArithInsert2(1) + CommentInsert1(MARKINTSCAN) + +AMQ5037I: The queue manager task 'MARKINTSCAN' has started. + +EXPLANATION: +The restartable utility task manager has started the MARKINTSCAN task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(7624.27) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.454Z) + ArithInsert2(1) + CommentInsert1(MULTICAST) + +AMQ5051I: The queue manager task 'MULTICAST' has started. + +EXPLANATION: +The critical utility task manager has started the MULTICAST task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8484.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.489Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Publish Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Publish Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +29/10/2018 16:49:37 - Process(8484.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.517Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Command Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Command Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +29/10/2018 16:49:37 - Process(8484.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.530Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Fan Out Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Fan Out Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +29/10/2018 16:49:37 - Process(8848.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.600Z) + ArithInsert1(9076) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ5022I: The channel initiator has started. ProcessId(9076). + +EXPLANATION: +The channel initiator process has started. +ACTION: +None. +----- amqzmgr0.c : 2932 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8848.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.604Z) + ArithInsert1(9092) + CommentInsert1(SYSTEM.CMDSERVER.1) + +AMQ5024I: The command server has started. ProcessId(9092). + +EXPLANATION: +The command server process has started. +ACTION: +None. +----- amqzmgr0.c : 2941 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8848.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.607Z) + ArithInsert1(9104) + CommentInsert1(LISTENER.TCP) + +AMQ5026I: The listener 'LISTENER.TCP' has started. ProcessId(9104). + +EXPLANATION: +The listener process has started. +ACTION: +None. +----- amqzmgr0.c : 2949 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8868.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.642Z) + CommentInsert1(QM1) + +AMQ5806I: Queued Publish/Subscribe Daemon started for queue manager QM1. + +EXPLANATION: +Queued Publish/Subscribe Daemon started for queue manager QM1. +ACTION: +None. +----- cmqxfcxc.c : 1397 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(9076.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM1) + Time(2018-10-29T15:49:37.803Z) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ8024I: IBM MQ channel initiator started. + +EXPLANATION: +The channel initiator for queue SYSTEM.CHANNEL.INITQ has been started. +ACTION: +None. +----- amqrimna.c : 866 -------------------------------------------------------- diff --git a/filebeat/module/ibmmq/errorlog/test/AMQERR01_QM1.log-expected.json b/filebeat/module/ibmmq/errorlog/test/AMQERR01_QM1.log-expected.json new file mode 100644 index 00000000000..45a57fffd05 --- /dev/null +++ b/filebeat/module/ibmmq/errorlog/test/AMQERR01_QM1.log-expected.json @@ -0,0 +1,3272 @@ +[ + { + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Produkt :- Windows 10 Professional x64 Edition, Build 17134 (MQ Windows (x64 platform) 64-bit) Version :- C:\\Program Files\\IBM\\MQ (Installation1) Host-Info :- 9.0.0.2 (p900-002-171004.TRIAL) AKTION: Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ6287", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Systeminformationen zu IBM", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 0, + "message": "IBM MQ VC:\\Program Files\\IBM\\MQ (Installation1).", + "process.pid": "13440.3", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "felix" + }, + { + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5051", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die Task 'LOGGER-IO' wurde vom Task-Manager f\ufffdr kritische Dienstprogramme gestartet. Diese Task wurde jetzt 1 Mal gestartet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 550, + "message": "Die WS-Manager-Task 'LOGGER-IO' wurde gestartet.", + "process.pid": "13440.3", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "felix" + }, + { + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die WS-Manager-Task 'LOGGER-IO' wurde beendet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 1052, + "message": "Die WS-Manager-Task 'LOGGER-IO' wurde beendet.", + "process.pid": "13440.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "felix" + }, + { + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5051", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die Task 'LOGGER-IO' wurde vom Task-Manager f\ufffdr kritische Dienstprogramme gestartet. Diese Task wurde jetzt 1 Mal gestartet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 1474, + "message": "Die WS-Manager-Task 'LOGGER-IO' wurde gestartet.", + "process.pid": "23240.3", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "felix" + }, + { + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ7229", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "4 Protokolls\ufffdtze wurden bisher auf WS-Manager QM1 w\ufffdhrend der Protokollwiederholungsphase aufgerufen, um den WS-Manager in einen zuvor bekannten Status zur\ufffdckzuversetzen.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 1976, + "message": "4 Protokolls\ufffdtze wurden auf WS-Manager 'QM1' w\ufffdhrend der Protokollwiederholungsphase aufgerufen.", + "process.pid": "22920.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "felix" + }, + { + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ7230", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die Protokollwiederholungsphase des Neustartprozesses wurde f\ufffdr WS-Manager QM1 beendet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 2572, + "message": "Die Protokollwiederholung f\ufffdr WS-Manager 'QM1' ist beendet.", + "process.pid": "22920.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "felix" + }, + { + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ7231", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "W\ufffdhrend der Wiederherstellungsphase des Transaktionsmanagerstatus wurden bisher 0 Protokolls\ufffdtze auf WS-Manager QM1 aufgerufen.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 3048, + "message": "0 Protokolls\ufffdtze wurden auf WS-Manager 'QM1' w\ufffdhrend der Wiederherstellungsphase aufgerufen.", + "process.pid": "22920.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "felix" + }, + { + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ7232", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Der Status der Transaktionen zu dem Zeitpunkt, als der WS-Manager beendet wurde, wurde f\ufffdr WS-Manager QM1 wiederhergestellt.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 3597, + "message": "Der Transaktionsmanagerstatus wurde f\ufffdr WS-Manager 'QM1' wiederhergestellt.", + "process.pid": "22920.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "felix" + }, + { + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ7233", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "0 von 0 Transaktionen, die zum Zeitpunkt der Beendigung des WS-Managers QM1 unvollst\ufffdndig waren, wurden aufgel\ufffdst.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 4126, + "message": "0 von 0 unvollst\ufffdndigen Transaktionen wurden f\ufffdr WS-Manager 'QM1' aufgel\ufffdst.", + "process.pid": "22920.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "felix" + }, + { + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5051", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die Task 'CHECKPOINT' wurde vom Task-Manager f\ufffdr kritische Dienstprogramme gestartet. Diese Task wurde jetzt 1 Mal gestartet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 4646, + "message": "Die WS-Manager-Task 'CHECKPOINT' wurde gestartet.", + "process.pid": "23240.8", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "felix" + }, + { + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5037", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die Task 'ERROR-LOG' wurde vom Task-Manager f\ufffdr wieder anlauff\ufffdhige Dienstprogramme gestartet. Diese Task wurde jetzt 1 Mal gestartet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 5150, + "message": "Die WS-Manager-Task 'ERROR-LOG' wurde gestartet.", + "process.pid": "4128.3", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "felix" + }, + { + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5037", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die Task 'APP-SIGNAL' wurde vom Task-Manager f\ufffdr wieder anlauff\ufffdhige Dienstprogramme gestartet. Diese Task wurde jetzt 3 Mal gestartet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 5661, + "message": "Die WS-Manager-Task 'APP-SIGNAL' wurde gestartet.", + "process.pid": "4128.6", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "felix" + }, + { + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5037", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die Task 'APP-SIGNAL' wurde vom Task-Manager f\ufffdr wieder anlauff\ufffdhige Dienstprogramme gestartet. Diese Task wurde jetzt 1 Mal gestartet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 6174, + "message": "Die WS-Manager-Task 'APP-SIGNAL' wurde gestartet.", + "process.pid": "4128.4", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "felix" + }, + { + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5037", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die Task 'APP-SIGNAL' wurde vom Task-Manager f\ufffdr wieder anlauff\ufffdhige Dienstprogramme gestartet. Diese Task wurde jetzt 2 Mal gestartet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 6687, + "message": "Die WS-Manager-Task 'APP-SIGNAL' wurde gestartet.", + "process.pid": "4128.5", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "felix" + }, + { + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5037", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die Task 'APP-SIGNAL' wurde vom Task-Manager f\ufffdr wieder anlauff\ufffdhige Dienstprogramme gestartet. Diese Task wurde jetzt 4 Mal gestartet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 7200, + "message": "Die WS-Manager-Task 'APP-SIGNAL' wurde gestartet.", + "process.pid": "4128.7", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "felix" + }, + { + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ8048", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Dies sind Informationen zur Anzahl der erfolgreich erstellten oder ersetzten Objekte sowie zu den Fehlschl\ufffdgen beim Erstellen der Standardobjekte.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 7713, + "message": "Standardobjektstatistik: 86 erstellt. 0 ersetzt. 0 fehlgeschlagen.", + "process.pid": "22920.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "felix" + }, + { + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ8003", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "IBM MQ-WS-Manager 'QM1' wurde mit V9.0.0.2 gestartet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 8255, + "message": "IBM MQ-WS-Manager 'QM1' wurde mit V9.0.0.2 gestartet.", + "process.pid": "22920.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "felix" + }, + { + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die WS-Manager-Task 'APP-SIGNAL' wurde beendet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 8691, + "message": "Die WS-Manager-Task 'APP-SIGNAL' wurde beendet.", + "process.pid": "4128.1", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "felix" + }, + { + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die WS-Manager-Task 'APP-SIGNAL' wurde beendet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 9114, + "message": "Die WS-Manager-Task 'APP-SIGNAL' wurde beendet.", + "process.pid": "4128.1", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "felix" + }, + { + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die WS-Manager-Task 'ERROR-LOG' wurde beendet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 9537, + "message": "Die WS-Manager-Task 'ERROR-LOG' wurde beendet.", + "process.pid": "4128.1", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "felix" + }, + { + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die WS-Manager-Task 'CHECKPOINT' wurde beendet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 9958, + "message": "Die WS-Manager-Task 'CHECKPOINT' wurde beendet.", + "process.pid": "23240.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "felix" + }, + { + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die WS-Manager-Task 'LOGGER-IO' wurde beendet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 10382, + "message": "Die WS-Manager-Task 'LOGGER-IO' wurde beendet.", + "process.pid": "23240.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "felix" + }, + { + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ8004", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Der IBM MQ-Warteschlangenmanager 'QM1' wurde beendet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 10804, + "message": "IBM MQ-Warteschlangenmanager 'QM1' wurde beendet.", + "process.pid": "22920.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "felix" + }, + { + "@timestamp": "2018-07-13T07:06:03.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5051", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The critical utility task manager has started the LOGGER-IO task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 11236, + "message": "The queue manager task 'LOGGER-IO' has started.", + "process.pid": "12828.3", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:03.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ7229", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "5 log records have been accessed so far on queue manager QM1 during the log replay phase in order to bring the queue manager back to a previously known state.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 11721, + "message": "5 log records accessed on queue manager 'QM1' during the log replay phase.", + "process.pid": "2244.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:03.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ7230", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The log replay phase of the queue manager restart process has been completed for queue manager QM1.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 12290, + "message": "Log replay for queue manager 'QM1' complete.", + "process.pid": "2244.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:03.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ7231", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "0 log records have been accessed so far on queue manager QM1 during the recovery phase of the transactions manager state.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 12770, + "message": "0 log records accessed on queue manager 'QM1' during the recovery phase.", + "process.pid": "2244.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:03.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ7232", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The state of transactions at the time the queue manager ended has been recovered for queue manager QM1.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 13300, + "message": "Transaction manager state recovered for queue manager 'QM1'.", + "process.pid": "2244.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ7233", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "0 transactions out of 0 in-flight at the time queue manager QM1 ended have been resolved.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 13800, + "message": "0 out of 0 in-flight transactions resolved for queue manager 'QM1'.", + "process.pid": "2244.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5051", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The critical utility task manager has started the CHECKPOINT task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 14293, + "message": "The queue manager task 'CHECKPOINT' has started.", + "process.pid": "12828.8", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5037", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The restartable utility task manager has started the ERROR-LOG task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 14780, + "message": "The queue manager task 'ERROR-LOG' has started.", + "process.pid": "24404.3", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5037", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The restartable utility task manager has started the APP-SIGNAL task. This task has now started 2 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 15268, + "message": "The queue manager task 'APP-SIGNAL' has started.", + "process.pid": "24404.6", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5037", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The restartable utility task manager has started the APP-SIGNAL task. This task has now started 3 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 15758, + "message": "The queue manager task 'APP-SIGNAL' has started.", + "process.pid": "24404.5", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5037", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The restartable utility task manager has started the APP-SIGNAL task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 16248, + "message": "The queue manager task 'APP-SIGNAL' has started.", + "process.pid": "24404.4", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5037", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The restartable utility task manager has started the APP-SIGNAL task. This task has now started 4 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 16738, + "message": "The queue manager task 'APP-SIGNAL' has started.", + "process.pid": "24404.7", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ8003", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "IBM MQ queue manager 'QM1' started using V9.0.0.2.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 17228, + "message": "IBM MQ queue manager 'QM1' started using V9.0.0.2.", + "process.pid": "2244.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5037", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The restartable utility task manager has started the DEFERRED_DELIVERY task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 17665, + "message": "The queue manager task 'DEFERRED_DELIVERY' has started.", + "process.pid": "24404.8", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5037", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The restartable utility task manager has started the DEFERRED-MSG task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 18169, + "message": "The queue manager task 'DEFERRED-MSG' has started.", + "process.pid": "24404.9", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5051", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The critical utility task manager has started the ACTVTRC task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 18663, + "message": "The queue manager task 'ACTVTRC' has started.", + "process.pid": "12828.19", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9410", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The repository manager started successfully.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 19145, + "message": "Repository manager started.", + "process.pid": "23168.1", + "process.title": "amqrrmfa.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5037", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The restartable utility task manager has started the STATISTICS task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 19554, + "message": "The queue manager task 'STATISTICS' has started.", + "process.pid": "24404.10", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5051", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The critical utility task manager has started the ASYNCQ task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 20045, + "message": "The queue manager task 'ASYNCQ' has started.", + "process.pid": "12828.20", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5051", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The critical utility task manager has started the EXPIRER task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 20525, + "message": "The queue manager task 'EXPIRER' has started.", + "process.pid": "12828.21", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5051", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The critical utility task manager has started the DUR-SUBS-MGR task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 21007, + "message": "The queue manager task 'DUR-SUBS-MGR' has started.", + "process.pid": "12828.22", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5051", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The critical utility task manager has started the TOPIC-TREE task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 21499, + "message": "The queue manager task 'TOPIC-TREE' has started.", + "process.pid": "12828.23", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5051", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The critical utility task manager has started the RESOURCE_MONITOR task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 21987, + "message": "The queue manager task 'RESOURCE_MONITOR' has started.", + "process.pid": "12828.24", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5052", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The publish/subscribe utility task manager has started the QPUBSUB-CTRLR task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 22487, + "message": "The queue manager task 'QPUBSUB-CTRLR' has started.", + "process.pid": "20568.3", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5052", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The publish/subscribe utility task manager has started the QPUBSUB-QUEUE-NLCACHE task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 22989, + "message": "The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has started.", + "process.pid": "20568.4", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5037", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The restartable utility task manager has started the MARKINTSCAN task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 23507, + "message": "The queue manager task 'MARKINTSCAN' has started.", + "process.pid": "24404.11", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5052", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The publish/subscribe utility task manager has started the QPUBSUB-SUBPT-NLCACHE task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 24000, + "message": "The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has started.", + "process.pid": "20568.5", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5052", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The publish/subscribe utility task manager has started the PUBSUB-DAEMON task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 24518, + "message": "The queue manager task 'PUBSUB-DAEMON' has started.", + "process.pid": "20568.6", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5975", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "'IBM MQ Distributed Pub/Sub Controller' has started.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 25020, + "message": "'IBM MQ Distributed Pub/Sub Controller' has started.", + "process.pid": "20568.6", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5051", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The critical utility task manager has started the Q-DELETION task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 25457, + "message": "The queue manager task 'Q-DELETION' has started.", + "process.pid": "12828.25", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5022", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The channel initiator process has started.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 25945, + "message": "The channel initiator has started. ProcessId(8832).", + "process.pid": "15568.1", + "process.title": "amqzmgr0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5051", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The critical utility task manager has started the PRESERVED-Q task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 26376, + "message": "The queue manager task 'PRESERVED-Q' has started.", + "process.pid": "12828.26", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5051", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The critical utility task manager has started the MULTICAST task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 26866, + "message": "The queue manager task 'MULTICAST' has started.", + "process.pid": "12828.27", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5024", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The command server process has started.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 27352, + "message": "The command server has started. ProcessId(22112).", + "process.pid": "15568.1", + "process.title": "amqzmgr0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5975", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "'IBM MQ Distributed Pub/Sub Fan Out Task' has started.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 27778, + "message": "'IBM MQ Distributed Pub/Sub Fan Out Task' has started.", + "process.pid": "20568.7", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5975", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "'IBM MQ Distributed Pub/Sub Publish Task' has started.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 28219, + "message": "'IBM MQ Distributed Pub/Sub Publish Task' has started.", + "process.pid": "20568.9", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5975", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "'IBM MQ Distributed Pub/Sub Command Task' has started.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 28660, + "message": "'IBM MQ Distributed Pub/Sub Command Task' has started.", + "process.pid": "20568.8", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5806", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Queued Publish/Subscribe Daemon started for queue manager QM1.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 29101, + "message": "Queued Publish/Subscribe Daemon started for queue manager QM1.", + "process.pid": "7360.1", + "process.title": "amqfqpub.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ8024", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The channel initiator for queue SYSTEM.CHANNEL.INITQ has been started.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 29562, + "message": "IBM MQ channel initiator started.", + "process.pid": "8832.1", + "process.title": "runmqchi.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-13T07:06:04.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5026", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The listener process has started.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 30002, + "message": "The listener 'LISTENER.TCP' has started. ProcessId(9172).", + "process.pid": "15568.1", + "process.title": "amqzmgr0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-18T11:24:26.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Tell the systems administrator, who should attempt to identify the cause of the channel failure using problem determination techniques. For example, look for FFST files, and examine the error logs on the local and remote systems where there may be messages explaining the cause of failure. More information may be obtained by repeating the operation with tracing enabled.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9780", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' encountered an error and will now end. In some cases the channel name can not be determined and so is shown as '????'. This message will be accompanied by other messages which explain the cause of the error.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 30430, + "message": "Channel to remote machine '127.0.0.1' is ending due to an error.", + "process.pid": "8544.3", + "process.title": "amqrmppa.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-18T11:24:26.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Check that the name is specified correctly and the channel definition is available.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9519", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The requested operation failed because the program could not find a definition of channel 'LOGSTASH.CHL'.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 31487, + "message": "Channel 'LOGSTASH.CHL' not found.", + "process.pid": "8544.3", + "process.title": "amqrmppa.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-18T11:24:26.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Look at previous error messages for the channel program in the error logs to determine the cause of the failure. Note that this message can be excluded completely or suppressed by tuning the \"ExcludeMessage\" or \"SuppressMessage\" attributes under the \"QMErrorLog\" stanza in qm.ini. Further information can be found in the System Administration Guide.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9999", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The channel program running under process ID 8544(29244) for channel 'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; in some cases the host name cannot be determined and so is shown as '????'.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 32040, + "message": "Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended abnormally.", + "process.pid": "8544.3", + "process.title": "amqrmppa.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-18T14:25:37.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Tell the systems administrator, who should attempt to identify the cause of the channel failure using problem determination techniques. For example, look for FFST files, and examine the error logs on the local and remote systems where there may be messages explaining the cause of failure. More information may be obtained by repeating the operation with tracing enabled.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9780", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' encountered an error and will now end. In some cases the channel name can not be determined and so is shown as '????'. This message will be accompanied by other messages which explain the cause of the error.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 33020, + "message": "Channel to remote machine '127.0.0.1' is ending due to an error.", + "process.pid": "8544.4", + "process.title": "amqrmppa.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-18T14:25:37.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Check that the name is specified correctly and the channel definition is available.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9519", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The requested operation failed because the program could not find a definition of channel 'LOGSTASH.CHL'.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 34077, + "message": "Channel 'LOGSTASH.CHL' not found.", + "process.pid": "8544.4", + "process.title": "amqrmppa.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-18T14:25:37.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Look at previous error messages for the channel program in the error logs to determine the cause of the failure. Note that this message can be excluded completely or suppressed by tuning the \"ExcludeMessage\" or \"SuppressMessage\" attributes under the \"QMErrorLog\" stanza in qm.ini. Further information can be found in the System Administration Guide.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9999", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The channel program running under process ID 8544(28140) for channel 'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; in some cases the host name cannot be determined and so is shown as '????'.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 34630, + "message": "Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended abnormally.", + "process.pid": "8544.4", + "process.title": "amqrmppa.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-18T14:25:47.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Tell the systems administrator, who should attempt to identify the cause of the channel failure using problem determination techniques. For example, look for FFST files, and examine the error logs on the local and remote systems where there may be messages explaining the cause of failure. More information may be obtained by repeating the operation with tracing enabled.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9780", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "Channel 'LOGSTASH.CHL' between this machine and the remote machine '127.0.0.1' encountered an error and will now end. In some cases the channel name can not be determined and so is shown as '????'. This message will be accompanied by other messages which explain the cause of the error.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 35610, + "message": "Channel to remote machine '127.0.0.1' is ending due to an error.", + "process.pid": "8544.5", + "process.title": "amqrmppa.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-18T14:25:47.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Check that the name is specified correctly and the channel definition is available.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9519", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The requested operation failed because the program could not find a definition of channel 'LOGSTASH.CHL'.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 36667, + "message": "Channel 'LOGSTASH.CHL' not found.", + "process.pid": "8544.5", + "process.title": "amqrmppa.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-18T14:25:47.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Look at previous error messages for the channel program in the error logs to determine the cause of the failure. Note that this message can be excluded completely or suppressed by tuning the \"ExcludeMessage\" or \"SuppressMessage\" attributes under the \"QMErrorLog\" stanza in qm.ini. Further information can be found in the System Administration Guide.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9999", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The channel program running under process ID 8544(20284) for channel 'LOGSTASH.CHL' ended abnormally. The host name is 'felix-elastic (127.0.0.1)'; in some cases the host name cannot be determined and so is shown as '????'.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 37220, + "message": "Channel 'LOGSTASH.CHL' to host 'felix-elastic (127.0.0.1)' ended abnormally.", + "process.pid": "8544.5", + "process.title": "amqrmppa.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9411", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The repository manager ended normally.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 38200, + "message": "Repository manager ended normally.", + "process.pid": "23168.1", + "process.title": "amqrrmfa.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9542", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The program will end because the queue manager is quiescing.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 38610, + "message": "Queue manager is ending.", + "process.pid": "8832.1", + "process.title": "runmqchi.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5025", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The command server process has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 39031, + "message": "The command server has ended. ProcessId(22112).", + "process.pid": "15568.1", + "process.title": "amqzmgr0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task DEFERRED_DELIVERY has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 39453, + "message": "The queue manager task 'DEFERRED_DELIVERY' has ended.", + "process.pid": "24404.1", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task ACTVTRC has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 39895, + "message": "The queue manager task 'ACTVTRC' has ended.", + "process.pid": "12828.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5027", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The listener process has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 40317, + "message": "The listener 'LISTENER.TCP' has ended. ProcessId(9172).", + "process.pid": "15568.1", + "process.title": "amqzmgr0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task ASYNCQ has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 40741, + "message": "The queue manager task 'ASYNCQ' has ended.", + "process.pid": "12828.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5023", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The channel initiator process has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 41161, + "message": "The channel initiator has ended. ProcessId(8832).", + "process.pid": "15568.1", + "process.title": "amqzmgr0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task EXPIRER has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 41588, + "message": "The queue manager task 'EXPIRER' has ended.", + "process.pid": "12828.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task DUR-SUBS-MGR has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 42010, + "message": "The queue manager task 'DUR-SUBS-MGR' has ended.", + "process.pid": "12828.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task TOPIC-TREE has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 42442, + "message": "The queue manager task 'TOPIC-TREE' has ended.", + "process.pid": "12828.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task RESOURCE_MONITOR has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 42870, + "message": "The queue manager task 'RESOURCE_MONITOR' has ended.", + "process.pid": "12828.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task Q-DELETION has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 43310, + "message": "The queue manager task 'Q-DELETION' has ended.", + "process.pid": "12828.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task PRESERVED-Q has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 43738, + "message": "The queue manager task 'PRESERVED-Q' has ended.", + "process.pid": "12828.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task MULTICAST has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 44168, + "message": "The queue manager task 'MULTICAST' has ended.", + "process.pid": "12828.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task QPUBSUB-CTRLR has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 44594, + "message": "The queue manager task 'QPUBSUB-CTRLR' has ended.", + "process.pid": "20568.1", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task QPUBSUB-QUEUE-NLCACHE has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 45028, + "message": "The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended.", + "process.pid": "20568.1", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task APP-SIGNAL has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 45478, + "message": "The queue manager task 'APP-SIGNAL' has ended.", + "process.pid": "24404.1", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task QPUBSUB-SUBPT-NLCACHE has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 45906, + "message": "The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended.", + "process.pid": "20568.1", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task DEFERRED-MSG has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 46356, + "message": "The queue manager task 'DEFERRED-MSG' has ended.", + "process.pid": "24404.1", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task PUBSUB-DAEMON has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 46788, + "message": "The queue manager task 'PUBSUB-DAEMON' has ended.", + "process.pid": "20568.1", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task STATISTICS has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 47222, + "message": "The queue manager task 'STATISTICS' has ended.", + "process.pid": "24404.1", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task MARKINTSCAN has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 47650, + "message": "The queue manager task 'MARKINTSCAN' has ended.", + "process.pid": "24404.1", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5976", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "'IBM MQ Distributed Pub/Sub Command Task' has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 48080, + "message": "'IBM MQ Distributed Pub/Sub Command Task' has ended.", + "process.pid": "20568.8", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5976", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "'IBM MQ Distributed Pub/Sub Fan Out Task' has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 48517, + "message": "'IBM MQ Distributed Pub/Sub Fan Out Task' has ended.", + "process.pid": "20568.7", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5976", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "'IBM MQ Distributed Pub/Sub Publish Task' has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 48954, + "message": "'IBM MQ Distributed Pub/Sub Publish Task' has ended.", + "process.pid": "20568.9", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5807", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The Queued Publish/Subscribe Daemon on queue manager QM1 has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 49391, + "message": "Queued Publish/Subscribe Daemon for queue manager QM1 ended.", + "process.pid": "7360.1", + "process.title": "amqfqpub.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-07-20T15:40:17.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task ACTVTRC has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM1", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 49855, + "message": "The queue manager task 'ACTVTRC' has ended.", + "process.pid": "12828.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.0.0.2", + "user.name": "MUSR_MQADMIN" + } +] \ No newline at end of file diff --git a/filebeat/module/ibmmq/errorlog/test/AMQERR01_QM2.log b/filebeat/module/ibmmq/errorlog/test/AMQERR01_QM2.log new file mode 100644 index 00000000000..01ca10c0ff3 --- /dev/null +++ b/filebeat/module/ibmmq/errorlog/test/AMQERR01_QM2.log @@ -0,0 +1,33354 @@ +17.10.2018 13:50:16 - Process(39452.3) User(felix) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:16.332Z) + CommentInsert1(Windows 10 Professional x64 Edition, Build 17134 (MQ Windows (x64 platform) 64-bit)) + CommentInsert2(C:\Program Files\IBM\MQ (Installation1)) + CommentInsert3(9.1.0.0 (p910-L180709.TRIAL)) + +AMQ6287I: IBM MQ V9.1.0.0 (p910-L180709.TRIAL). + +ERKLŽRUNG: +Systeminformationen zu IBM MQ: +Host-Info :- Windows 10 Professional x64 Edition, Build 17134 (MQ +Windows (x64 platform) 64-bit) +Installation :- C:\Program Files\IBM\MQ (Installation1) +Version :- 9.1.0.0 (p910-L180709.TRIAL) +AKTION: +Keine. +----- amqxeida.c : 6278 ------------------------------------------------------- +17.10.2018 13:50:16 - Process(39452.3) User(felix) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:16.330Z) + ArithInsert2(1) + CommentInsert1(LOGGER-IO) + +AMQ5051I: Die WS-Manager-Task 'LOGGER-IO' wurde gestartet. + +ERKLŽRUNG: +Die Task 'LOGGER-IO' wurde vom Task-Manager fr kritische Dienstprogramme +gestartet. Diese Task wurde jetzt 1 Mal gestartet. +AKTION: +Keine. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17.10.2018 13:50:16 - Process(39452.1) User(felix) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:16.377Z) + CommentInsert1(LOGGER-IO) + +AMQ5041I: Die WS-Manager-Task 'LOGGER-IO' wurde beendet. + +ERKLŽRUNG: +Die WS-Manager-Task 'LOGGER-IO' wurde beendet. +AKTION: +Keine. +----- amqzmut0.c : 3555 ------------------------------------------------------- +17.10.2018 13:50:16 - Process(3452.3) User(felix) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:16.700Z) + ArithInsert2(1) + CommentInsert1(LOGGER-IO) + +AMQ5051I: Die WS-Manager-Task 'LOGGER-IO' wurde gestartet. + +ERKLŽRUNG: +Die Task 'LOGGER-IO' wurde vom Task-Manager fr kritische Dienstprogramme +gestartet. Diese Task wurde jetzt 1 Mal gestartet. +AKTION: +Keine. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17.10.2018 13:50:16 - Process(25240.1) User(felix) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:16.713Z) + ArithInsert1(4) + CommentInsert1(QM2) + +AMQ7229I: 4 Protokolls„tze wurden auf WS-Manager 'QM2' w„hrend der +Protokollwiederholungsphase aufgerufen. + +ERKLŽRUNG: +4 Protokolls„tze wurden bisher auf WS-Manager QM2 w„hrend der +Protokollwiederholungsphase aufgerufen, um den WS-Manager in einen zuvor +bekannten Status zurckzuversetzen. +AKTION: +Keine. +----- amqalms0.c : 1010 ------------------------------------------------------- +17.10.2018 13:50:16 - Process(25240.1) User(felix) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:16.716Z) + ArithInsert1(4) + CommentInsert1(QM2) + +AMQ7230I: Die Protokollwiederholung fr WS-Manager 'QM2' ist beendet. + +ERKLŽRUNG: +Die Protokollwiederholungsphase des Neustartprozesses wurde fr WS-Manager QM2 +beendet. +AKTION: +Keine. +----- amqalms0.c : 1015 ------------------------------------------------------- +17.10.2018 13:50:16 - Process(25240.1) User(felix) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:16.727Z) + CommentInsert1(QM2) + +AMQ7231I: 0 Protokolls„tze wurden auf WS-Manager 'QM2' w„hrend der +Wiederherstellungsphase aufgerufen. + +ERKLŽRUNG: +W„hrend der Wiederherstellungsphase des Transaktionsmanagerstatus wurden bisher +0 Protokolls„tze auf WS-Manager QM2 aufgerufen. +AKTION: +Keine. +----- amqatmra.c : 713 -------------------------------------------------------- +17.10.2018 13:50:16 - Process(25240.1) User(felix) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:16.730Z) + CommentInsert1(QM2) + +AMQ7232I: Der Transaktionsmanagerstatus wurde fr WS-Manager 'QM2' +wiederhergestellt. + +ERKLŽRUNG: +Der Status der Transaktionen zu dem Zeitpunkt, als der WS-Manager beendet +wurde, wurde fr WS-Manager QM2 wiederhergestellt. +AKTION: +Keine. +----- amqatmra.c : 718 -------------------------------------------------------- +17.10.2018 13:50:16 - Process(25240.1) User(felix) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:16.740Z) + CommentInsert1(QM2) + +AMQ7233I: 0 von 0 unvollst„ndigen Transaktionen wurden fr WS-Manager 'QM2' +aufgel”st. + +ERKLŽRUNG: +0 von 0 Transaktionen, die zum Zeitpunkt der Beendigung des WS-Managers QM2 +unvollst„ndig waren, wurden aufgel”st. +AKTION: +Keine. +----- amqatmra.c : 1315 ------------------------------------------------------- +17.10.2018 13:50:16 - Process(3452.8) User(felix) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:16.746Z) + ArithInsert2(1) + CommentInsert1(CHECKPOINT) + +AMQ5051I: Die WS-Manager-Task 'CHECKPOINT' wurde gestartet. + +ERKLŽRUNG: +Die Task 'CHECKPOINT' wurde vom Task-Manager fr kritische Dienstprogramme +gestartet. Diese Task wurde jetzt 1 Mal gestartet. +AKTION: +Keine. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17.10.2018 13:50:16 - Process(23324.3) User(felix) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:16.810Z) + ArithInsert2(1) + CommentInsert1(ERROR-LOG) + +AMQ5037I: Die WS-Manager-Task 'ERROR-LOG' wurde gestartet. + +ERKLŽRUNG: +Die Task 'ERROR-LOG' wurde vom Task-Manager fr wieder anlauff„hige +Dienstprogramme gestartet. Diese Task wurde jetzt 1 Mal gestartet. +AKTION: +Keine. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17.10.2018 13:50:16 - Process(23324.7) User(felix) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:16.811Z) + ArithInsert2(1) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: Die WS-Manager-Task 'APP-SIGNAL' wurde gestartet. + +ERKLŽRUNG: +Die Task 'APP-SIGNAL' wurde vom Task-Manager fr wieder anlauff„hige +Dienstprogramme gestartet. Diese Task wurde jetzt 1 Mal gestartet. +AKTION: +Keine. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17.10.2018 13:50:16 - Process(23324.4) User(felix) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:16.812Z) + ArithInsert2(2) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: Die WS-Manager-Task 'APP-SIGNAL' wurde gestartet. + +ERKLŽRUNG: +Die Task 'APP-SIGNAL' wurde vom Task-Manager fr wieder anlauff„hige +Dienstprogramme gestartet. Diese Task wurde jetzt 2 Mal gestartet. +AKTION: +Keine. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17.10.2018 13:50:16 - Process(23324.5) User(felix) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:16.812Z) + ArithInsert2(3) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: Die WS-Manager-Task 'APP-SIGNAL' wurde gestartet. + +ERKLŽRUNG: +Die Task 'APP-SIGNAL' wurde vom Task-Manager fr wieder anlauff„hige +Dienstprogramme gestartet. Diese Task wurde jetzt 3 Mal gestartet. +AKTION: +Keine. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17.10.2018 13:50:16 - Process(23324.6) User(felix) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:16.812Z) + ArithInsert2(4) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: Die WS-Manager-Task 'APP-SIGNAL' wurde gestartet. + +ERKLŽRUNG: +Die Task 'APP-SIGNAL' wurde vom Task-Manager fr wieder anlauff„hige +Dienstprogramme gestartet. Diese Task wurde jetzt 4 Mal gestartet. +AKTION: +Keine. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17.10.2018 13:50:18 - Process(25240.1) User(felix) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:18.019Z) + ArithInsert1(87) + CommentInsert1(0) + +AMQ8048I: Standardobjektstatistik: 87 erstellt. 0 ersetzt. 0 fehlgeschlagen. + +ERKLŽRUNG: +Dies sind Informationen zur Anzahl der erfolgreich erstellten oder ersetzten +Objekte sowie zu den Fehlschl„gen beim Erstellen der Standardobjekte. +AKTION: +Keine. +----- amqzcdo0.c : 7074 ------------------------------------------------------- +17.10.2018 13:50:18 - Process(25240.1) User(felix) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:18.040Z) + CommentInsert1(9.1.0.0) + CommentInsert3(QM2) + +AMQ8003I: IBM MQ-WS-Manager 'QM2' wurde mit V9.1.0.0 gestartet. + +ERKLŽRUNG: +IBM MQ-WS-Manager 'QM2' wurde mit V9.1.0.0 gestartet. +AKTION: +Keine. +----- amqzxma0.c : 4119 ------------------------------------------------------- +17.10.2018 13:50:18 - Process(23324.1) User(felix) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:18.100Z) + CommentInsert1(APP-SIGNAL) + +AMQ5041I: Die WS-Manager-Task 'APP-SIGNAL' wurde beendet. + +ERKLŽRUNG: +Die WS-Manager-Task 'APP-SIGNAL' wurde beendet. +AKTION: +Keine. +----- amqzmut0.c : 3555 ------------------------------------------------------- +17.10.2018 13:50:18 - Process(23324.1) User(felix) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:18.130Z) + CommentInsert1(APP-SIGNAL) + +AMQ5041I: Die WS-Manager-Task 'APP-SIGNAL' wurde beendet. + +ERKLŽRUNG: +Die WS-Manager-Task 'APP-SIGNAL' wurde beendet. +AKTION: +Keine. +----- amqzmut0.c : 3711 ------------------------------------------------------- +17.10.2018 13:50:18 - Process(23324.1) User(felix) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:18.135Z) + CommentInsert1(ERROR-LOG) + +AMQ5041I: Die WS-Manager-Task 'ERROR-LOG' wurde beendet. + +ERKLŽRUNG: +Die WS-Manager-Task 'ERROR-LOG' wurde beendet. +AKTION: +Keine. +----- amqzmut0.c : 3555 ------------------------------------------------------- +17.10.2018 13:50:18 - Process(3452.1) User(felix) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:18.202Z) + CommentInsert1(CHECKPOINT) + +AMQ5041I: Die WS-Manager-Task 'CHECKPOINT' wurde beendet. + +ERKLŽRUNG: +Die WS-Manager-Task 'CHECKPOINT' wurde beendet. +AKTION: +Keine. +----- amqzmut0.c : 3555 ------------------------------------------------------- +17.10.2018 13:50:18 - Process(3452.1) User(felix) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:18.214Z) + CommentInsert1(LOGGER-IO) + +AMQ5041I: Die WS-Manager-Task 'LOGGER-IO' wurde beendet. + +ERKLŽRUNG: +Die WS-Manager-Task 'LOGGER-IO' wurde beendet. +AKTION: +Keine. +----- amqzmut0.c : 3555 ------------------------------------------------------- +17.10.2018 13:50:18 - Process(25240.1) User(felix) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:18.228Z) + CommentInsert3(QM2) + +AMQ8004I: IBM MQ-Warteschlangenmanager 'QM2' wurde beendet. + +ERKLŽRUNG: +Der IBM MQ-Warteschlangenmanager 'QM2' wurde beendet. +AKTION: +Keine. +----- amqzxma0.c : 1947 ------------------------------------------------------- +17/10/2018 13:50:18 - Process(7220.3) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:18.779Z) + ArithInsert2(1) + CommentInsert1(LOGGER-IO) + +AMQ5051I: The queue manager task 'LOGGER-IO' has started. + +EXPLANATION: +The critical utility task manager has started the LOGGER-IO task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:18 - Process(6008.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:18.803Z) + ArithInsert1(5) + CommentInsert1(QM2) + +AMQ7229I: 5 log records accessed on queue manager 'QM2' during the log replay +phase. + +EXPLANATION: +5 log records have been accessed so far on queue manager QM2 during the log +replay phase in order to bring the queue manager back to a previously known +state. +ACTION: +None. +----- amqalms0.c : 1010 ------------------------------------------------------- +17/10/2018 13:50:18 - Process(6008.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:18.806Z) + ArithInsert1(5) + CommentInsert1(QM2) + +AMQ7230I: Log replay for queue manager 'QM2' complete. + +EXPLANATION: +The log replay phase of the queue manager restart process has been completed +for queue manager QM2. +ACTION: +None. +----- amqalms0.c : 1015 ------------------------------------------------------- +17/10/2018 13:50:18 - Process(6008.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:18.815Z) + CommentInsert1(QM2) + +AMQ7231I: 0 log records accessed on queue manager 'QM2' during the recovery +phase. + +EXPLANATION: +0 log records have been accessed so far on queue manager QM2 during the +recovery phase of the transactions manager state. +ACTION: +None. +----- amqatmra.c : 713 -------------------------------------------------------- +17/10/2018 13:50:18 - Process(6008.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:18.818Z) + CommentInsert1(QM2) + +AMQ7232I: Transaction manager state recovered for queue manager 'QM2'. + +EXPLANATION: +The state of transactions at the time the queue manager ended has been +recovered for queue manager QM2. +ACTION: +None. +----- amqatmra.c : 718 -------------------------------------------------------- +17/10/2018 13:50:18 - Process(6008.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:18.828Z) + CommentInsert1(QM2) + +AMQ7233I: 0 out of 0 in-flight transactions resolved for queue manager 'QM2'. + +EXPLANATION: +0 transactions out of 0 in-flight at the time queue manager QM2 ended have been +resolved. +ACTION: +None. +----- amqatmra.c : 1315 ------------------------------------------------------- +17/10/2018 13:50:18 - Process(7220.8) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:18.834Z) + ArithInsert2(1) + CommentInsert1(CHECKPOINT) + +AMQ5051I: The queue manager task 'CHECKPOINT' has started. + +EXPLANATION: +The critical utility task manager has started the CHECKPOINT task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:18 - Process(31504.3) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:18.907Z) + ArithInsert2(1) + CommentInsert1(ERROR-LOG) + +AMQ5037I: The queue manager task 'ERROR-LOG' has started. + +EXPLANATION: +The restartable utility task manager has started the ERROR-LOG task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:18 - Process(31504.4) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:18.907Z) + ArithInsert2(1) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:18 - Process(31504.5) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:18.907Z) + ArithInsert2(2) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 2 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:18 - Process(31504.6) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:18.907Z) + ArithInsert2(3) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 3 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:18 - Process(31504.7) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:18.908Z) + ArithInsert2(4) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 4 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(6008.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.011Z) + CommentInsert1(9.1.0.0) + CommentInsert3(QM2) + +AMQ8003I: IBM MQ queue manager 'QM2' started using V9.1.0.0. + +EXPLANATION: +IBM MQ queue manager 'QM2' started using V9.1.0.0. +ACTION: +None. +----- amqzxma0.c : 4119 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(31504.9) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.012Z) + ArithInsert2(1) + CommentInsert1(DEFERRED_DELIVERY) + +AMQ5037I: The queue manager task 'DEFERRED_DELIVERY' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED_DELIVERY task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(7220.19) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.108Z) + ArithInsert2(1) + CommentInsert1(ACTVTRC) + +AMQ5051I: The queue manager task 'ACTVTRC' has started. + +EXPLANATION: +The critical utility task manager has started the ACTVTRC task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(31504.10) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.108Z) + ArithInsert2(1) + CommentInsert1(DEFERRED-MSG) + +AMQ5037I: The queue manager task 'DEFERRED-MSG' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED-MSG task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(7220.20) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.109Z) + ArithInsert2(1) + CommentInsert1(ASYNCQ) + +AMQ5051I: The queue manager task 'ASYNCQ' has started. + +EXPLANATION: +The critical utility task manager has started the ASYNCQ task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(31504.11) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.109Z) + ArithInsert2(1) + CommentInsert1(STATISTICS) + +AMQ5037I: The queue manager task 'STATISTICS' has started. + +EXPLANATION: +The restartable utility task manager has started the STATISTICS task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(7220.21) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.109Z) + ArithInsert2(1) + CommentInsert1(EXPIRER) + +AMQ5051I: The queue manager task 'EXPIRER' has started. + +EXPLANATION: +The critical utility task manager has started the EXPIRER task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(7220.22) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.109Z) + ArithInsert2(1) + CommentInsert1(DUR-SUBS-MGR) + +AMQ5051I: The queue manager task 'DUR-SUBS-MGR' has started. + +EXPLANATION: +The critical utility task manager has started the DUR-SUBS-MGR task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(9848.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.110Z) + +AMQ9410I: Repository manager started. + +EXPLANATION: +The repository manager started successfully. +ACTION: +None. +----- amqrrmfa.c : 2195 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(7220.23) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.123Z) + ArithInsert2(1) + CommentInsert1(TOPIC-TREE) + +AMQ5051I: The queue manager task 'TOPIC-TREE' has started. + +EXPLANATION: +The critical utility task manager has started the TOPIC-TREE task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(33244.3) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.124Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-CTRLR) + +AMQ5052I: The queue manager task 'QPUBSUB-CTRLR' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the QPUBSUB-CTRLR task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(31504.12) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.124Z) + ArithInsert2(1) + CommentInsert1(MARKINTSCAN) + +AMQ5037I: The queue manager task 'MARKINTSCAN' has started. + +EXPLANATION: +The restartable utility task manager has started the MARKINTSCAN task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(7220.24) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.124Z) + ArithInsert2(1) + CommentInsert1(RESOURCE_MONITOR) + +AMQ5051I: The queue manager task 'RESOURCE_MONITOR' has started. + +EXPLANATION: +The critical utility task manager has started the RESOURCE_MONITOR task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(7220.26) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.125Z) + ArithInsert2(1) + CommentInsert1(PRESERVED-Q) + +AMQ5051I: The queue manager task 'PRESERVED-Q' has started. + +EXPLANATION: +The critical utility task manager has started the PRESERVED-Q task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(7220.25) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.124Z) + ArithInsert2(1) + CommentInsert1(Q-DELETION) + +AMQ5051I: The queue manager task 'Q-DELETION' has started. + +EXPLANATION: +The critical utility task manager has started the Q-DELETION task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(33244.5) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.125Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-SUBPT-NLCACHE) + +AMQ5052I: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-SUBPT-NLCACHE task. This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(33244.4) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.124Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-QUEUE-NLCACHE) + +AMQ5052I: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-QUEUE-NLCACHE task. This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(7220.27) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.125Z) + ArithInsert2(1) + CommentInsert1(MULTICAST) + +AMQ5051I: The queue manager task 'MULTICAST' has started. + +EXPLANATION: +The critical utility task manager has started the MULTICAST task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(33244.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.125Z) + ArithInsert2(1) + CommentInsert1(PUBSUB-DAEMON) + +AMQ5052I: The queue manager task 'PUBSUB-DAEMON' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the PUBSUB-DAEMON task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(33244.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.126Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Controller) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Controller' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has started. +ACTION: +None. +----- cmqxzmup.c : 3951 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(33244.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.131Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Publish Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Publish Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +17/10/2018 13:50:19 - Process(33244.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.131Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Fan Out Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Fan Out Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +17/10/2018 13:50:19 - Process(33244.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.132Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Command Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Command Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +17/10/2018 13:50:19 - Process(27056.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.238Z) + ArithInsert1(9264) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ5022I: The channel initiator has started. ProcessId(9264). + +EXPLANATION: +The channel initiator process has started. +ACTION: +None. +----- amqzmgr0.c : 2932 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(27056.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.269Z) + ArithInsert1(19060) + CommentInsert1(SYSTEM.CMDSERVER.1) + +AMQ5024I: The command server has started. ProcessId(19060). + +EXPLANATION: +The command server process has started. +ACTION: +None. +----- amqzmgr0.c : 2941 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(21220.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.349Z) + CommentInsert1(QM2) + +AMQ5806I: Queued Publish/Subscribe Daemon started for queue manager QM2. + +EXPLANATION: +Queued Publish/Subscribe Daemon started for queue manager QM2. +ACTION: +None. +----- cmqxfcxc.c : 1397 ------------------------------------------------------- +17/10/2018 13:50:19 - Process(9264.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.401Z) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ8024I: IBM MQ channel initiator started. + +EXPLANATION: +The channel initiator for queue SYSTEM.CHANNEL.INITQ has been started. +ACTION: +None. +----- amqrimna.c : 866 -------------------------------------------------------- +17/10/2018 13:50:19 - Process(27056.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-17T11:50:19.638Z) + ArithInsert1(37632) + CommentInsert1(LISTENER.TCP) + +AMQ5026I: The listener 'LISTENER.TCP' has started. ProcessId(37632). + +EXPLANATION: +The listener process has started. +ACTION: +None. +----- amqzmgr0.c : 2949 ------------------------------------------------------- +18/10/2018 15:18:48 - Process(44852.3) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T13:18:48.524Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +18/10/2018 15:19:11 - Process(37368.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T13:19:11.833Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 16:10:06 - Process(44852.4) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:10:06.407Z) + RemoteHost(127.0.0.1) + CommentInsert1(CLI.LOGSTASH) + CommentInsert2(127.0.0.1) + CommentInsert3(MCAUSER(felix) CLNTUSER(felix) ADDRESS(picmention)) + +AMQ9776E: Channel was blocked by userid + +EXPLANATION: +The inbound channel 'CLI.LOGSTASH' was blocked from address '127.0.0.1' because +the active values of the channel were mapped to a userid which should be +blocked. The active values of the channel were 'MCAUSER(felix) CLNTUSER(felix) +ADDRESS(picmention)'. +ACTION: +Contact the systems administrator, who should examine the channel +authentication records to ensure that the correct settings have been +configured. The ALTER QMGR CHLAUTH switch is used to control whether channel +authentication records are used. The command DISPLAY CHLAUTH can be used to +query the channel authentication records. +----- cmqxrmsa.c : 1363 ------------------------------------------------------- +18/10/2018 16:10:06 - Process(44852.4) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:10:06.407Z) + CommentInsert1(CLI.LOGSTASH) + CommentInsert2(44852(28928)) + CommentInsert3(127.0.0.1) + +AMQ9999E: Channel 'CLI.LOGSTASH' to host '127.0.0.1' ended abnormally. + +EXPLANATION: +The channel program running under process ID 44852(28928) for channel +'CLI.LOGSTASH' ended abnormally. The host name is '127.0.0.1'; in some cases +the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +18/10/2018 16:10:12 - Process(44852.5) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:10:12.046Z) + RemoteHost(127.0.0.1) + CommentInsert1(CLI.LOGSTASH) + CommentInsert2(127.0.0.1) + CommentInsert3(MCAUSER(felix) CLNTUSER(felix) ADDRESS(picmention)) + +AMQ9776E: Channel was blocked by userid + +EXPLANATION: +The inbound channel 'CLI.LOGSTASH' was blocked from address '127.0.0.1' because +the active values of the channel were mapped to a userid which should be +blocked. The active values of the channel were 'MCAUSER(felix) CLNTUSER(felix) +ADDRESS(picmention)'. +ACTION: +Contact the systems administrator, who should examine the channel +authentication records to ensure that the correct settings have been +configured. The ALTER QMGR CHLAUTH switch is used to control whether channel +authentication records are used. The command DISPLAY CHLAUTH can be used to +query the channel authentication records. +----- cmqxrmsa.c : 1363 ------------------------------------------------------- +18/10/2018 16:10:12 - Process(44852.5) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:10:12.046Z) + CommentInsert1(CLI.LOGSTASH) + CommentInsert2(44852(22352)) + CommentInsert3(127.0.0.1) + +AMQ9999E: Channel 'CLI.LOGSTASH' to host '127.0.0.1' ended abnormally. + +EXPLANATION: +The channel program running under process ID 44852(22352) for channel +'CLI.LOGSTASH' ended abnormally. The host name is '127.0.0.1'; in some cases +the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +18/10/2018 16:10:28 - Process(44852.6) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:10:28.071Z) + RemoteHost(127.0.0.1) + CommentInsert1(CLI.LOGSTASH) + CommentInsert2(127.0.0.1) + CommentInsert3(MCAUSER(felix) CLNTUSER(felix) ADDRESS(picmention)) + +AMQ9776E: Channel was blocked by userid + +EXPLANATION: +The inbound channel 'CLI.LOGSTASH' was blocked from address '127.0.0.1' because +the active values of the channel were mapped to a userid which should be +blocked. The active values of the channel were 'MCAUSER(felix) CLNTUSER(felix) +ADDRESS(picmention)'. +ACTION: +Contact the systems administrator, who should examine the channel +authentication records to ensure that the correct settings have been +configured. The ALTER QMGR CHLAUTH switch is used to control whether channel +authentication records are used. The command DISPLAY CHLAUTH can be used to +query the channel authentication records. +----- cmqxrmsa.c : 1363 ------------------------------------------------------- +18/10/2018 16:10:28 - Process(44852.6) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:10:28.071Z) + CommentInsert1(CLI.LOGSTASH) + CommentInsert2(44852(4436)) + CommentInsert3(127.0.0.1) + +AMQ9999E: Channel 'CLI.LOGSTASH' to host '127.0.0.1' ended abnormally. + +EXPLANATION: +The channel program running under process ID 44852(4436) for channel +'CLI.LOGSTASH' ended abnormally. The host name is '127.0.0.1'; in some cases +the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +18/10/2018 16:13:20 - Process(44852.7) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:20.545Z) + RemoteHost(127.0.0.1) + CommentInsert1(CLI.LOGSTASH) + CommentInsert2(127.0.0.1) + CommentInsert3(MCAUSER(felix) CLNTUSER(felix) ADDRESS(picmention)) + +AMQ9776E: Channel was blocked by userid + +EXPLANATION: +The inbound channel 'CLI.LOGSTASH' was blocked from address '127.0.0.1' because +the active values of the channel were mapped to a userid which should be +blocked. The active values of the channel were 'MCAUSER(felix) CLNTUSER(felix) +ADDRESS(picmention)'. +ACTION: +Contact the systems administrator, who should examine the channel +authentication records to ensure that the correct settings have been +configured. The ALTER QMGR CHLAUTH switch is used to control whether channel +authentication records are used. The command DISPLAY CHLAUTH can be used to +query the channel authentication records. +----- cmqxrmsa.c : 1363 ------------------------------------------------------- +18/10/2018 16:13:20 - Process(44852.7) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:20.546Z) + CommentInsert1(CLI.LOGSTASH) + CommentInsert2(44852(34856)) + CommentInsert3(127.0.0.1) + +AMQ9999E: Channel 'CLI.LOGSTASH' to host '127.0.0.1' ended abnormally. + +EXPLANATION: +The channel program running under process ID 44852(34856) for channel +'CLI.LOGSTASH' ended abnormally. The host name is '127.0.0.1'; in some cases +the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +18/10/2018 16:13:46 - Process(9848.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.803Z) + +AMQ9411I: Repository manager ended normally. + +EXPLANATION: +The repository manager ended normally. +ACTION: +None. +----- amqrrmfa.c : 2108 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(9264.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.821Z) + +AMQ9542W: Queue manager is ending. + +EXPLANATION: +The program will end because the queue manager is quiescing. +ACTION: +None. +----- amqrimna.c : 958 -------------------------------------------------------- +18/10/2018 16:13:46 - Process(31504.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.821Z) + ArithInsert1(2162) + CommentInsert1(DEFERRED_DELIVERY) + +AMQ5041I: The queue manager task 'DEFERRED_DELIVERY' has ended. + +EXPLANATION: +The queue manager task DEFERRED_DELIVERY has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(37368.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.822Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9542W: Queue manager is ending. + +EXPLANATION: +The program will end because the queue manager is quiescing. +ACTION: +None. +----- amqrmssa.c : 3316 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(7220.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.824Z) + CommentInsert1(ACTVTRC) + +AMQ5041I: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(7220.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.824Z) + CommentInsert1(ASYNCQ) + +AMQ5041I: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(7220.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.824Z) + CommentInsert1(EXPIRER) + +AMQ5041I: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(7220.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.824Z) + CommentInsert1(DUR-SUBS-MGR) + +AMQ5041I: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(7220.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.824Z) + CommentInsert1(TOPIC-TREE) + +AMQ5041I: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(7220.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.824Z) + CommentInsert1(RESOURCE_MONITOR) + +AMQ5041I: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(7220.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.824Z) + CommentInsert1(Q-DELETION) + +AMQ5041I: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(7220.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.824Z) + CommentInsert1(PRESERVED-Q) + +AMQ5041I: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(7220.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.824Z) + CommentInsert1(MULTICAST) + +AMQ5041I: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(37368.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.823Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(37368(31284)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9001I: Channel 'CHL.QM2.QM1' ended normally. + +EXPLANATION: +Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended normally. +ACTION: +None. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(31504.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.825Z) + CommentInsert1(APP-SIGNAL) + +AMQ5041I: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(7220.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.825Z) + CommentInsert1(ACTVTRC) + +AMQ5041I: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(31504.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.825Z) + CommentInsert1(DEFERRED-MSG) + +AMQ5041I: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(33244.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.825Z) + CommentInsert1(QPUBSUB-CTRLR) + +AMQ5041I: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(33244.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.825Z) + CommentInsert1(QPUBSUB-QUEUE-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(31504.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.825Z) + CommentInsert1(STATISTICS) + +AMQ5041I: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(33244.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.825Z) + CommentInsert1(QPUBSUB-SUBPT-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(31504.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.825Z) + CommentInsert1(MARKINTSCAN) + +AMQ5041I: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(33244.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.825Z) + CommentInsert1(PUBSUB-DAEMON) + +AMQ5041I: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(33244.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.827Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Publish Task) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Publish Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has ended. +ACTION: + +----- cmqxzmup.c : 414 -------------------------------------------------------- +18/10/2018 16:13:46 - Process(33244.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.828Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Command Task) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Command Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has ended. +ACTION: + +----- cmqxzmup.c : 414 -------------------------------------------------------- +18/10/2018 16:13:46 - Process(33244.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.829Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Fan Out Task) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. +ACTION: + +----- cmqxzmup.c : 414 -------------------------------------------------------- +18/10/2018 16:13:46 - Process(33244.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.830Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Controller) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Controller' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has ended. +ACTION: + +----- cmqxzmup.c : 4347 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(44852.3) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.830Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9542W: Queue manager is ending. + +EXPLANATION: +The program will end because the queue manager is quiescing. +ACTION: +None. +----- amqrmssa.c : 3316 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(44852.3) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.830Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(44852(43444)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9001I: Channel 'CHL.QM1.QM2' ended normally. + +EXPLANATION: +Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended normally. +ACTION: +None. +----- amqrmrsa.c : 945 -------------------------------------------------------- +18/10/2018 16:13:46 - Process(21220.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.846Z) + CommentInsert1(QM2) + +AMQ5807I: Queued Publish/Subscribe Daemon for queue manager QM2 ended. + +EXPLANATION: +The Queued Publish/Subscribe Daemon on queue manager QM2 has ended. +ACTION: +None. +----- cmqxfcxc.c : 1583 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(27056.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.830Z) + ArithInsert1(19060) + CommentInsert1(SYSTEM.CMDSERVER.1) + +AMQ5025I: The command server has ended. ProcessId(19060). + +EXPLANATION: +The command server process has ended. +ACTION: +None. +----- amqzmgr0.c : 5567 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(7220.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.855Z) + CommentInsert1(ASYNCQ) + +AMQ5041I: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(7220.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.855Z) + CommentInsert1(EXPIRER) + +AMQ5041I: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(7220.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.855Z) + CommentInsert1(DUR-SUBS-MGR) + +AMQ5041I: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(7220.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.855Z) + CommentInsert1(TOPIC-TREE) + +AMQ5041I: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(7220.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.856Z) + CommentInsert1(RESOURCE_MONITOR) + +AMQ5041I: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(7220.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.856Z) + CommentInsert1(Q-DELETION) + +AMQ5041I: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(7220.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.856Z) + CommentInsert1(PRESERVED-Q) + +AMQ5041I: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(7220.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.856Z) + CommentInsert1(MULTICAST) + +AMQ5041I: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(31504.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.857Z) + CommentInsert1(APP-SIGNAL) + +AMQ5041I: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(31504.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.857Z) + CommentInsert1(DEFERRED-MSG) + +AMQ5041I: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(31504.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.857Z) + CommentInsert1(STATISTICS) + +AMQ5041I: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(31504.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.857Z) + CommentInsert1(MARKINTSCAN) + +AMQ5041I: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(33244.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.857Z) + CommentInsert1(QPUBSUB-CTRLR) + +AMQ5041I: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(33244.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.857Z) + CommentInsert1(QPUBSUB-QUEUE-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(33244.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.857Z) + CommentInsert1(QPUBSUB-SUBPT-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(33244.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.857Z) + CommentInsert1(PUBSUB-DAEMON) + +AMQ5041I: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(27056.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.858Z) + ArithInsert1(37632) + CommentInsert1(LISTENER.TCP) + +AMQ5027I: The listener 'LISTENER.TCP' has ended. ProcessId(37632). + +EXPLANATION: +The listener process has ended. +ACTION: +None. +----- amqzmgr0.c : 5578 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(27056.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.873Z) + ArithInsert1(9264) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ5023I: The channel initiator has ended. ProcessId(9264). + +EXPLANATION: +The channel initiator process has ended. +ACTION: +None. +----- amqzmgr0.c : 5556 ------------------------------------------------------- +18/10/2018 16:13:46 - Process(31504.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:46.874Z) + CommentInsert1(ERROR-LOG) + +AMQ5041I: The queue manager task 'ERROR-LOG' has ended. + +EXPLANATION: +The queue manager task ERROR-LOG has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +18/10/2018 16:13:50 - Process(7220.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:50.389Z) + CommentInsert1(CHECKPOINT) + +AMQ5041I: The queue manager task 'CHECKPOINT' has ended. + +EXPLANATION: +The queue manager task CHECKPOINT has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +18/10/2018 16:13:50 - Process(7220.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:50.412Z) + CommentInsert1(LOGGER-IO) + +AMQ5041I: The queue manager task 'LOGGER-IO' has ended. + +EXPLANATION: +The queue manager task LOGGER-IO has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +18/10/2018 16:13:50 - Process(6008.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:50.428Z) + CommentInsert3(QM2) + +AMQ8004I: IBM MQ queue manager 'QM2' ended. + +EXPLANATION: +IBM MQ queue manager 'QM2' ended. +ACTION: +None. +----- amqzxma0.c : 1947 ------------------------------------------------------- +18/10/2018 16:13:58 - Process(35732.3) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:58.836Z) + ArithInsert2(1) + CommentInsert1(LOGGER-IO) + +AMQ5051I: The queue manager task 'LOGGER-IO' has started. + +EXPLANATION: +The critical utility task manager has started the LOGGER-IO task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:58 - Process(27128.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:58.858Z) + ArithInsert1(5) + CommentInsert1(QM2) + +AMQ7229I: 5 log records accessed on queue manager 'QM2' during the log replay +phase. + +EXPLANATION: +5 log records have been accessed so far on queue manager QM2 during the log +replay phase in order to bring the queue manager back to a previously known +state. +ACTION: +None. +----- amqalms0.c : 1010 ------------------------------------------------------- +18/10/2018 16:13:58 - Process(27128.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:58.862Z) + ArithInsert1(5) + CommentInsert1(QM2) + +AMQ7230I: Log replay for queue manager 'QM2' complete. + +EXPLANATION: +The log replay phase of the queue manager restart process has been completed +for queue manager QM2. +ACTION: +None. +----- amqalms0.c : 1015 ------------------------------------------------------- +18/10/2018 16:13:58 - Process(27128.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:58.871Z) + CommentInsert1(QM2) + +AMQ7231I: 0 log records accessed on queue manager 'QM2' during the recovery +phase. + +EXPLANATION: +0 log records have been accessed so far on queue manager QM2 during the +recovery phase of the transactions manager state. +ACTION: +None. +----- amqatmra.c : 713 -------------------------------------------------------- +18/10/2018 16:13:58 - Process(27128.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:58.873Z) + CommentInsert1(QM2) + +AMQ7232I: Transaction manager state recovered for queue manager 'QM2'. + +EXPLANATION: +The state of transactions at the time the queue manager ended has been +recovered for queue manager QM2. +ACTION: +None. +----- amqatmra.c : 718 -------------------------------------------------------- +18/10/2018 16:13:58 - Process(27128.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:58.882Z) + CommentInsert1(QM2) + +AMQ7233I: 0 out of 0 in-flight transactions resolved for queue manager 'QM2'. + +EXPLANATION: +0 transactions out of 0 in-flight at the time queue manager QM2 ended have been +resolved. +ACTION: +None. +----- amqatmra.c : 1315 ------------------------------------------------------- +18/10/2018 16:13:58 - Process(35732.8) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:58.900Z) + ArithInsert2(1) + CommentInsert1(CHECKPOINT) + +AMQ5051I: The queue manager task 'CHECKPOINT' has started. + +EXPLANATION: +The critical utility task manager has started the CHECKPOINT task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:58 - Process(14556.3) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:58.991Z) + ArithInsert2(1) + CommentInsert1(ERROR-LOG) + +AMQ5037I: The queue manager task 'ERROR-LOG' has started. + +EXPLANATION: +The restartable utility task manager has started the ERROR-LOG task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:58 - Process(14556.4) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:58.992Z) + ArithInsert2(1) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:58 - Process(14556.7) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:58.992Z) + ArithInsert2(2) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 2 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:58 - Process(14556.6) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:58.992Z) + ArithInsert2(3) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 3 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:58 - Process(14556.5) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:58.992Z) + ArithInsert2(4) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 4 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(27128.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.169Z) + CommentInsert1(9.1.0.0) + CommentInsert3(QM2) + +AMQ8003I: IBM MQ queue manager 'QM2' started using V9.1.0.0. + +EXPLANATION: +IBM MQ queue manager 'QM2' started using V9.1.0.0. +ACTION: +None. +----- amqzxma0.c : 4119 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(14556.9) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.169Z) + ArithInsert2(1) + CommentInsert1(DEFERRED_DELIVERY) + +AMQ5037I: The queue manager task 'DEFERRED_DELIVERY' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED_DELIVERY task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(14556.10) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.269Z) + ArithInsert2(1) + CommentInsert1(DEFERRED-MSG) + +AMQ5037I: The queue manager task 'DEFERRED-MSG' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED-MSG task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(35732.19) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.269Z) + ArithInsert2(1) + CommentInsert1(ACTVTRC) + +AMQ5051I: The queue manager task 'ACTVTRC' has started. + +EXPLANATION: +The critical utility task manager has started the ACTVTRC task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(14556.11) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.269Z) + ArithInsert2(1) + CommentInsert1(STATISTICS) + +AMQ5037I: The queue manager task 'STATISTICS' has started. + +EXPLANATION: +The restartable utility task manager has started the STATISTICS task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(35732.20) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.270Z) + ArithInsert2(1) + CommentInsert1(ASYNCQ) + +AMQ5051I: The queue manager task 'ASYNCQ' has started. + +EXPLANATION: +The critical utility task manager has started the ASYNCQ task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(35732.21) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.270Z) + ArithInsert2(1) + CommentInsert1(EXPIRER) + +AMQ5051I: The queue manager task 'EXPIRER' has started. + +EXPLANATION: +The critical utility task manager has started the EXPIRER task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(35732.22) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.270Z) + ArithInsert2(1) + CommentInsert1(DUR-SUBS-MGR) + +AMQ5051I: The queue manager task 'DUR-SUBS-MGR' has started. + +EXPLANATION: +The critical utility task manager has started the DUR-SUBS-MGR task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(22128.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.270Z) + +AMQ9410I: Repository manager started. + +EXPLANATION: +The repository manager started successfully. +ACTION: +None. +----- amqrrmfa.c : 2195 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(35732.23) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.283Z) + ArithInsert2(1) + CommentInsert1(TOPIC-TREE) + +AMQ5051I: The queue manager task 'TOPIC-TREE' has started. + +EXPLANATION: +The critical utility task manager has started the TOPIC-TREE task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(26304.3) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.283Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-CTRLR) + +AMQ5052I: The queue manager task 'QPUBSUB-CTRLR' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the QPUBSUB-CTRLR task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(35732.24) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.284Z) + ArithInsert2(1) + CommentInsert1(RESOURCE_MONITOR) + +AMQ5051I: The queue manager task 'RESOURCE_MONITOR' has started. + +EXPLANATION: +The critical utility task manager has started the RESOURCE_MONITOR task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(26304.4) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.284Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-QUEUE-NLCACHE) + +AMQ5052I: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-QUEUE-NLCACHE task. This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(14556.12) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.284Z) + ArithInsert2(1) + CommentInsert1(MARKINTSCAN) + +AMQ5037I: The queue manager task 'MARKINTSCAN' has started. + +EXPLANATION: +The restartable utility task manager has started the MARKINTSCAN task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(35732.25) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.284Z) + ArithInsert2(1) + CommentInsert1(Q-DELETION) + +AMQ5051I: The queue manager task 'Q-DELETION' has started. + +EXPLANATION: +The critical utility task manager has started the Q-DELETION task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(26304.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.285Z) + ArithInsert2(1) + CommentInsert1(PUBSUB-DAEMON) + +AMQ5052I: The queue manager task 'PUBSUB-DAEMON' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the PUBSUB-DAEMON task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(26304.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.285Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Controller) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Controller' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has started. +ACTION: +None. +----- cmqxzmup.c : 3951 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(26304.5) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.284Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-SUBPT-NLCACHE) + +AMQ5052I: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-SUBPT-NLCACHE task. This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(35732.26) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.285Z) + ArithInsert2(1) + CommentInsert1(PRESERVED-Q) + +AMQ5051I: The queue manager task 'PRESERVED-Q' has started. + +EXPLANATION: +The critical utility task manager has started the PRESERVED-Q task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(35732.27) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.285Z) + ArithInsert2(1) + CommentInsert1(MULTICAST) + +AMQ5051I: The queue manager task 'MULTICAST' has started. + +EXPLANATION: +The critical utility task manager has started the MULTICAST task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(26304.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.290Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Command Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Command Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +18/10/2018 16:13:59 - Process(26304.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.290Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Publish Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Publish Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +18/10/2018 16:13:59 - Process(26304.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.291Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Fan Out Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Fan Out Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +18/10/2018 16:13:59 - Process(28524.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.424Z) + ArithInsert1(23120) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ5022I: The channel initiator has started. ProcessId(23120). + +EXPLANATION: +The channel initiator process has started. +ACTION: +None. +----- amqzmgr0.c : 2932 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(28524.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.454Z) + ArithInsert1(27936) + CommentInsert1(SYSTEM.CMDSERVER.1) + +AMQ5024I: The command server has started. ProcessId(27936). + +EXPLANATION: +The command server process has started. +ACTION: +None. +----- amqzmgr0.c : 2941 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(13788.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.469Z) + CommentInsert1(QM2) + +AMQ5806I: Queued Publish/Subscribe Daemon started for queue manager QM2. + +EXPLANATION: +Queued Publish/Subscribe Daemon started for queue manager QM2. +ACTION: +None. +----- cmqxfcxc.c : 1397 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(28524.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.484Z) + ArithInsert1(31224) + CommentInsert1(LISTENER.TCP) + +AMQ5026I: The listener 'LISTENER.TCP' has started. ProcessId(31224). + +EXPLANATION: +The listener process has started. +ACTION: +None. +----- amqzmgr0.c : 2949 ------------------------------------------------------- +18/10/2018 16:13:59 - Process(23120.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:13:59.624Z) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ8024I: IBM MQ channel initiator started. + +EXPLANATION: +The channel initiator for queue SYSTEM.CHANNEL.INITQ has been started. +ACTION: +None. +----- amqrimna.c : 866 -------------------------------------------------------- +18/10/2018 16:14:10 - Process(9628.3) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:14:10.783Z) + RemoteHost(127.0.0.1) + CommentInsert1(CLI.LOGSTASH) + CommentInsert2(127.0.0.1) + CommentInsert3(MCAUSER(felix) CLNTUSER(felix) ADDRESS(picmention)) + +AMQ9776E: Channel was blocked by userid + +EXPLANATION: +The inbound channel 'CLI.LOGSTASH' was blocked from address '127.0.0.1' because +the active values of the channel were mapped to a userid which should be +blocked. The active values of the channel were 'MCAUSER(felix) CLNTUSER(felix) +ADDRESS(picmention)'. +ACTION: +Contact the systems administrator, who should examine the channel +authentication records to ensure that the correct settings have been +configured. The ALTER QMGR CHLAUTH switch is used to control whether channel +authentication records are used. The command DISPLAY CHLAUTH can be used to +query the channel authentication records. +----- cmqxrmsa.c : 1363 ------------------------------------------------------- +18/10/2018 16:14:10 - Process(9628.3) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:14:10.784Z) + CommentInsert1(CLI.LOGSTASH) + CommentInsert2(9628(33608)) + CommentInsert3(127.0.0.1) + +AMQ9999E: Channel 'CLI.LOGSTASH' to host '127.0.0.1' ended abnormally. + +EXPLANATION: +The channel program running under process ID 9628(33608) for channel +'CLI.LOGSTASH' ended abnormally. The host name is '127.0.0.1'; in some cases +the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +18/10/2018 16:14:14 - Process(9628.4) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:14:14.131Z) + RemoteHost(127.0.0.1) + CommentInsert1(CLI.LOGSTASH) + CommentInsert2(127.0.0.1) + CommentInsert3(MCAUSER(felix) CLNTUSER(felix) ADDRESS(picmention)) + +AMQ9776E: Channel was blocked by userid + +EXPLANATION: +The inbound channel 'CLI.LOGSTASH' was blocked from address '127.0.0.1' because +the active values of the channel were mapped to a userid which should be +blocked. The active values of the channel were 'MCAUSER(felix) CLNTUSER(felix) +ADDRESS(picmention)'. +ACTION: +Contact the systems administrator, who should examine the channel +authentication records to ensure that the correct settings have been +configured. The ALTER QMGR CHLAUTH switch is used to control whether channel +authentication records are used. The command DISPLAY CHLAUTH can be used to +query the channel authentication records. +----- cmqxrmsa.c : 1363 ------------------------------------------------------- +18/10/2018 16:14:14 - Process(9628.4) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:14:14.132Z) + CommentInsert1(CLI.LOGSTASH) + CommentInsert2(9628(33860)) + CommentInsert3(127.0.0.1) + +AMQ9999E: Channel 'CLI.LOGSTASH' to host '127.0.0.1' ended abnormally. + +EXPLANATION: +The channel program running under process ID 9628(33860) for channel +'CLI.LOGSTASH' ended abnormally. The host name is '127.0.0.1'; in some cases +the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +18/10/2018 16:15:01 - Process(9628.5) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T14:15:01.876Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +18/10/2018 19:00:08 - Process(39792.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T17:00:08.383Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 19:01:02 - Process(9628.5) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T17:01:02.503Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(32964)) + CommentInsert3(127.0.0.1) + +AMQ9001I: Channel 'CHL.QM1.QM2' ended normally. + +EXPLANATION: +Channel 'CHL.QM1.QM2' to host '127.0.0.1' ended normally. +ACTION: +None. +----- amqrmrsa.c : 945 -------------------------------------------------------- +18/10/2018 19:01:02 - Process(9628.15) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T17:01:02.814Z) + CommentInsert1(CLI.LOGSTASH) + +AMQ9528W: User requested channel 'CLI.LOGSTASH' to be stopped. + +EXPLANATION: +The channel is stopping because of a request by the user. +ACTION: +None. +----- amqrmssa.c : 3331 ------------------------------------------------------- +18/10/2018 19:01:03 - Process(39792.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T17:01:03.020Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9528W: User requested channel 'CHL.QM2.QM1' to be stopped. + +EXPLANATION: +The channel is stopping because of a request by the user. +ACTION: +None. +----- amqrmssa.c : 3331 ------------------------------------------------------- +18/10/2018 19:01:03 - Process(39792.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T17:01:03.020Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(39792(38844)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9001I: Channel 'CHL.QM2.QM1' ended normally. + +EXPLANATION: +Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended normally. +ACTION: +None. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 19:38:23 - Process(9628.21) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T17:38:23.307Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +18/10/2018 19:38:24 - Process(32096.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T17:38:24.515Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 20:20:28 - Process(32096.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T18:20:28.928Z) + ArithInsert1(2) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(32096(36232)) + +AMQ9544W: Messages not put to destination queue. + +EXPLANATION: +During the processing of channel 'CHL.QM2.QM1' one or more messages could not +be put to the destination queue and attempts were made to put them to a +dead-letter queue. The location of the queue is 2, where 1 is the local +dead-letter queue and 2 is the remote dead-letter queue. +ACTION: +Examine the contents of the dead-letter queue. Each message is contained in a +structure that describes why the message was put to the queue, and to where it +was originally addressed. Also look at previous error messages to see if the +attempt to put messages to a dead-letter queue failed. The program identifier +(PID) of the processing program was '32096(36232)'. +----- amqrmrca.c : 1052 ------------------------------------------------------- +18/10/2018 20:26:34 - Process(32096.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T18:26:34.523Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +18/10/2018 20:26:34 - Process(32096.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T18:26:34.523Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(32096(36232)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 32096(36232) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 20:26:34 - Process(17308.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T18:26:34.583Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 20:26:54 - Process(17308.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T18:26:54.646Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +18/10/2018 20:26:54 - Process(17308.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T18:26:54.646Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(17308(27956)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 17308(27956) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 20:27:34 - Process(7756.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T18:27:34.651Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 20:27:54 - Process(7756.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T18:27:54.729Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +18/10/2018 20:27:54 - Process(7756.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T18:27:54.729Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(7756(27736)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 7756(27736) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +18/10/2018 20:28:34 - Process(6720.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T18:28:34.661Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +18/10/2018 20:32:53 - Process(9628.21) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T18:32:53.585Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(20128)) + CommentInsert3(127.0.0.1) + +AMQ9001I: Channel 'CHL.QM1.QM2' ended normally. + +EXPLANATION: +Channel 'CHL.QM1.QM2' to host '127.0.0.1' ended normally. +ACTION: +None. +----- amqrmrsa.c : 945 -------------------------------------------------------- +18/10/2018 21:40:15 - Process(9628.22) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T19:40:15.213Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +18/10/2018 21:40:15 - Process(43880.1) User(MUSR_MQADMIN) Program(amqrcmla.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T19:40:15.500Z) + ArithInsert1(2042) + CommentInsert2(QM1) + CommentInsert3(QM2) + +AMQ9509E: Program cannot open queue manager object. + +EXPLANATION: +The attempt to open either the queue or queue manager object 'QM1' on queue +manager 'QM2' failed with reason code 2042. +ACTION: +Ensure that the queue is available and retry the operation. +----- amqrcmsa.c : 617 -------------------------------------------------------- +18/10/2018 21:40:29 - Process(9628.22) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-18T19:40:29.436Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(21372)) + CommentInsert3(127.0.0.1) + +AMQ9001I: Channel 'CHL.QM1.QM2' ended normally. + +EXPLANATION: +Channel 'CHL.QM1.QM2' to host '127.0.0.1' ended normally. +ACTION: +None. +----- amqrmrsa.c : 945 -------------------------------------------------------- +19/10/2018 07:55:20 - Process(9628.23) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T05:55:20.375Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +19/10/2018 07:55:22 - Process(33724.1) User(MUSR_MQADMIN) Program(amqrcmla.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T05:55:22.829Z) + ArithInsert1(2042) + CommentInsert2(QM1) + CommentInsert3(QM2) + +AMQ9509E: Program cannot open queue manager object. + +EXPLANATION: +The attempt to open either the queue or queue manager object 'QM1' on queue +manager 'QM2' failed with reason code 2042. +ACTION: +Ensure that the queue is available and retry the operation. +----- amqrcmsa.c : 617 -------------------------------------------------------- +19/10/2018 07:55:56 - Process(6720.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T05:55:56.565Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +19/10/2018 07:55:56 - Process(6720.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T05:55:56.569Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(6720(39772)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 6720(39772) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +19/10/2018 07:55:56 - Process(45976.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T05:55:56.629Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +19/10/2018 07:56:16 - Process(45976.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T05:56:16.694Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +19/10/2018 07:56:16 - Process(45976.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T05:56:16.695Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(45976(34252)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 45976(34252) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +19/10/2018 07:56:56 - Process(4256.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T05:56:56.638Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +19/10/2018 07:57:16 - Process(4256.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T05:57:16.694Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +19/10/2018 07:57:16 - Process(4256.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T05:57:16.694Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(4256(22276)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 4256(22276) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +19/10/2018 07:57:56 - Process(2688.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T05:57:56.639Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +19/10/2018 07:58:16 - Process(2688.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T05:58:16.692Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +19/10/2018 07:58:16 - Process(2688.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T05:58:16.692Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(2688(18988)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 2688(18988) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +19/10/2018 07:58:56 - Process(16836.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T05:58:56.655Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +19/10/2018 08:04:56 - Process(16836.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T06:04:56.710Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +19/10/2018 08:04:56 - Process(16836.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T06:04:56.711Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(16836(14112)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 16836(14112) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +19/10/2018 08:04:56 - Process(37164.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T06:04:56.777Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +19/10/2018 08:05:16 - Process(37164.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T06:05:16.837Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +19/10/2018 08:05:16 - Process(37164.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T06:05:16.837Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(37164(42508)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 37164(42508) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +19/10/2018 08:05:56 - Process(19404.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T06:05:56.782Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +19/10/2018 08:06:16 - Process(19404.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T06:06:16.837Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +19/10/2018 08:06:16 - Process(19404.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T06:06:16.838Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(19404(36368)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 19404(36368) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +19/10/2018 08:06:56 - Process(26392.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T06:06:56.787Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +19/10/2018 08:07:16 - Process(26392.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T06:07:16.842Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +19/10/2018 08:07:16 - Process(26392.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T06:07:16.843Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(26392(45872)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 26392(45872) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +19/10/2018 08:26:56 - Process(21752.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T06:26:56.796Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +19/10/2018 08:32:56 - Process(21752.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T06:32:56.850Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +19/10/2018 08:32:56 - Process(21752.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T06:32:56.850Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(21752(43804)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 21752(43804) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +19/10/2018 08:46:56 - Process(27216.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T06:46:56.800Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +19/10/2018 08:52:56 - Process(27216.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T06:52:56.847Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +19/10/2018 08:52:56 - Process(27216.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T06:52:56.848Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(27216(10684)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 27216(10684) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +19/10/2018 09:06:56 - Process(44388.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T07:06:56.830Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +19/10/2018 09:09:32 - Process(44388.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T07:09:32.998Z) + ArithInsert1(2) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(44388(20812)) + +AMQ9544W: Messages not put to destination queue. + +EXPLANATION: +During the processing of channel 'CHL.QM2.QM1' one or more messages could not +be put to the destination queue and attempts were made to put them to a +dead-letter queue. The location of the queue is 2, where 1 is the local +dead-letter queue and 2 is the remote dead-letter queue. +ACTION: +Examine the contents of the dead-letter queue. Each message is contained in a +structure that describes why the message was put to the queue, and to where it +was originally addressed. Also look at previous error messages to see if the +attempt to put messages to a dead-letter queue failed. The program identifier +(PID) of the processing program was '44388(20812)'. +----- amqrmrca.c : 1052 ------------------------------------------------------- +19/10/2018 10:05:52 - Process(9628.23) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T08:05:52.953Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(39944)) + CommentInsert3(127.0.0.1) + +AMQ9001I: Channel 'CHL.QM1.QM2' ended normally. + +EXPLANATION: +Channel 'CHL.QM1.QM2' to host '127.0.0.1' ended normally. +ACTION: +None. +----- amqrmrsa.c : 945 -------------------------------------------------------- +19/10/2018 10:05:53 - Process(44388.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T08:05:53.228Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9528W: User requested channel 'CHL.QM2.QM1' to be stopped. + +EXPLANATION: +The channel is stopping because of a request by the user. +ACTION: +None. +----- amqrmssa.c : 3331 ------------------------------------------------------- +19/10/2018 10:05:53 - Process(44388.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T08:05:53.228Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(44388(20812)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9001I: Channel 'CHL.QM2.QM1' ended normally. + +EXPLANATION: +Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended normally. +ACTION: +None. +----- amqrccca.c : 1131 ------------------------------------------------------- +19/10/2018 15:34:14 - Process(9628.25) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T13:34:14.888Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +19/10/2018 15:34:16 - Process(39900.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T13:34:16.384Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +19/10/2018 17:20:32 - Process(9628.25) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T15:20:32.063Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(41136)) + CommentInsert3(127.0.0.1) + +AMQ9001I: Channel 'CHL.QM1.QM2' ended normally. + +EXPLANATION: +Channel 'CHL.QM1.QM2' to host '127.0.0.1' ended normally. +ACTION: +None. +----- amqrmrsa.c : 945 -------------------------------------------------------- +19/10/2018 17:20:32 - Process(9628.26) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T15:20:32.073Z) + CommentInsert1(CLI.LOGSTASH) + +AMQ9528W: User requested channel 'CLI.LOGSTASH' to be stopped. + +EXPLANATION: +The channel is stopping because of a request by the user. +ACTION: +None. +----- amqrmssa.c : 3331 ------------------------------------------------------- +19/10/2018 17:20:32 - Process(39900.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T15:20:32.310Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9528W: User requested channel 'CHL.QM2.QM1' to be stopped. + +EXPLANATION: +The channel is stopping because of a request by the user. +ACTION: +None. +----- amqrmssa.c : 3331 ------------------------------------------------------- +19/10/2018 17:20:32 - Process(39900.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-19T15:20:32.310Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(39900(25568)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9001I: Channel 'CHL.QM2.QM1' ended normally. + +EXPLANATION: +Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended normally. +ACTION: +None. +----- amqrccca.c : 1131 ------------------------------------------------------- +22/10/2018 08:08:28 - Process(9628.28) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T06:08:28.371Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +22/10/2018 08:08:29 - Process(33840.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T06:08:29.145Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +22/10/2018 09:01:38 - Process(33840.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:01:38.122Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +22/10/2018 09:01:38 - Process(33840.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:01:38.123Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(33840(29256)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 33840(29256) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +22/10/2018 09:01:38 - Process(30816.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:01:38.292Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +22/10/2018 09:01:58 - Process(30816.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:01:58.350Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +22/10/2018 09:01:58 - Process(30816.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:01:58.350Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(30816(22840)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 30816(22840) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +22/10/2018 09:02:38 - Process(17740.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:02:38.191Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +22/10/2018 09:02:58 - Process(17740.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:02:58.255Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +22/10/2018 09:02:58 - Process(17740.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:02:58.263Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(17740(43768)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 17740(43768) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +22/10/2018 09:03:38 - Process(21020.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:03:38.209Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +22/10/2018 09:09:38 - Process(21020.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:09:38.260Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +22/10/2018 09:09:38 - Process(21020.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:09:38.261Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(21020(40976)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 21020(40976) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +22/10/2018 09:09:38 - Process(12816.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:09:38.321Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +22/10/2018 09:09:58 - Process(12816.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:09:58.373Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +22/10/2018 09:09:58 - Process(12816.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:09:58.373Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(12816(43788)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 12816(43788) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +22/10/2018 09:10:38 - Process(38864.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:10:38.327Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +22/10/2018 09:10:58 - Process(38864.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:10:58.384Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +22/10/2018 09:10:58 - Process(38864.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:10:58.385Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(38864(40384)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 38864(40384) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +22/10/2018 09:11:38 - Process(28412.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:11:38.343Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +22/10/2018 09:11:58 - Process(28412.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:11:58.411Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +22/10/2018 09:11:58 - Process(28412.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:11:58.412Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(28412(45492)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 28412(45492) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +22/10/2018 09:12:38 - Process(15400.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:12:38.353Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +22/10/2018 09:18:38 - Process(15400.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:18:38.393Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +22/10/2018 09:18:38 - Process(15400.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:18:38.393Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(15400(34972)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 15400(34972) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +22/10/2018 09:18:38 - Process(32.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:18:38.467Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +22/10/2018 09:18:58 - Process(32.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:18:58.525Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +22/10/2018 09:18:58 - Process(32.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:18:58.525Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(32(22812)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 32(22812) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +22/10/2018 09:19:38 - Process(28364.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:19:38.463Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +22/10/2018 09:19:58 - Process(28364.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:19:58.523Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +22/10/2018 09:19:58 - Process(28364.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:19:58.523Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(28364(31688)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 28364(31688) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +22/10/2018 09:20:38 - Process(36676.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:20:38.472Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +22/10/2018 09:20:58 - Process(36676.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:20:58.522Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +22/10/2018 09:20:58 - Process(36676.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:20:58.522Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(36676(2112)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 36676(2112) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +22/10/2018 09:40:38 - Process(14152.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:40:38.468Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +22/10/2018 09:46:38 - Process(14152.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:46:38.536Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +22/10/2018 09:46:38 - Process(14152.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T07:46:38.537Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(14152(6936)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 14152(6936) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +22/10/2018 10:00:38 - Process(41932.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T08:00:38.500Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +22/10/2018 10:06:38 - Process(41932.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T08:06:38.559Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +22/10/2018 10:06:38 - Process(41932.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T08:06:38.559Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(41932(42832)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 41932(42832) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +22/10/2018 10:20:38 - Process(2952.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T08:20:38.513Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +22/10/2018 10:26:38 - Process(2952.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T08:26:38.560Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +22/10/2018 10:26:38 - Process(2952.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T08:26:38.561Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(2952(18740)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 2952(18740) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +22/10/2018 10:40:38 - Process(22564.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T08:40:38.536Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +22/10/2018 10:46:38 - Process(22564.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T08:46:38.576Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +22/10/2018 10:46:38 - Process(22564.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T08:46:38.577Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(22564(38468)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 22564(38468) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +22/10/2018 11:00:38 - Process(44796.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-22T09:00:38.856Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +24/10/2018 06:16:01 - Process(9628.28) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-24T04:16:01.479Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9545I: Disconnect interval expired. + +EXPLANATION: +Channel 'CHL.QM1.QM2' closed because no messages arrived on the transmission +queue within the disconnect interval period. +ACTION: +None. +----- cmqxrfpt.c : 700 -------------------------------------------------------- +24/10/2018 06:16:01 - Process(44796.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-24T04:16:01.479Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9545I: Disconnect interval expired. + +EXPLANATION: +Channel 'CHL.QM2.QM1' closed because no messages arrived on the transmission +queue within the disconnect interval period. +ACTION: +None. +----- amqrmtra.c : 2465 ------------------------------------------------------- +24/10/2018 06:16:01 - Process(44796.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-24T04:16:01.481Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(44796(18696)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9001I: Channel 'CHL.QM2.QM1' ended normally. + +EXPLANATION: +Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended normally. +ACTION: +None. +----- amqrccca.c : 1131 ------------------------------------------------------- +24/10/2018 06:16:01 - Process(9628.28) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-24T04:16:01.481Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(44112)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9001I: Channel 'CHL.QM1.QM2' ended normally. + +EXPLANATION: +Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended normally. +ACTION: +None. +----- amqrmrsa.c : 945 -------------------------------------------------------- +24/10/2018 08:21:40 - Process(9628.46) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-24T06:21:40.659Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +24/10/2018 08:21:41 - Process(85992.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-24T06:21:41.304Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 07:41:43 - Process(85992.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T05:41:43.950Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9545I: Disconnect interval expired. + +EXPLANATION: +Channel 'CHL.QM2.QM1' closed because no messages arrived on the transmission +queue within the disconnect interval period. +ACTION: +None. +----- amqrmtra.c : 2465 ------------------------------------------------------- +25/10/2018 07:41:43 - Process(85992.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T05:41:43.951Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(85992(85996)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9001I: Channel 'CHL.QM2.QM1' ended normally. + +EXPLANATION: +Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended normally. +ACTION: +None. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 08:23:27 - Process(9628.46) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T06:23:27.250Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9545I: Disconnect interval expired. + +EXPLANATION: +Channel 'CHL.QM1.QM2' closed because no messages arrived on the transmission +queue within the disconnect interval period. +ACTION: +None. +----- cmqxrfpt.c : 700 -------------------------------------------------------- +25/10/2018 08:23:27 - Process(9628.46) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T06:23:27.250Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(85972)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9001I: Channel 'CHL.QM1.QM2' ended normally. + +EXPLANATION: +Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended normally. +ACTION: +None. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 08:52:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T06:52:51.054Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 08:52:58 - Process(117916.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T06:52:58.256Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 14:42:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:42:01.120Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:42:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:42:01.121Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:42:06 - Process(117916.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:42:06.124Z) + ArithInsert1(2) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(117916(119072)) + +AMQ9544W: Messages not put to destination queue. + +EXPLANATION: +During the processing of channel 'CHL.QM2.QM1' one or more messages could not +be put to the destination queue and attempts were made to put them to a +dead-letter queue. The location of the queue is 2, where 1 is the local +dead-letter queue and 2 is the remote dead-letter queue. +ACTION: +Examine the contents of the dead-letter queue. Each message is contained in a +structure that describes why the message was put to the queue, and to where it +was originally addressed. Also look at previous error messages to see if the +attempt to put messages to a dead-letter queue failed. The program identifier +(PID) of the processing program was '117916(119072)'. +----- amqrmrca.c : 1052 ------------------------------------------------------- +25/10/2018 14:42:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:42:11.134Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:42:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:42:11.134Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:42:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:42:21.145Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:42:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:42:21.146Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:42:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:42:31.156Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:42:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:42:31.157Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:42:36 - Process(117916.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:42:36.154Z) + ArithInsert1(2) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(117916(119072)) + +AMQ9544W: Messages not put to destination queue. + +EXPLANATION: +During the processing of channel 'CHL.QM2.QM1' one or more messages could not +be put to the destination queue and attempts were made to put them to a +dead-letter queue. The location of the queue is 2, where 1 is the local +dead-letter queue and 2 is the remote dead-letter queue. +ACTION: +Examine the contents of the dead-letter queue. Each message is contained in a +structure that describes why the message was put to the queue, and to where it +was originally addressed. Also look at previous error messages to see if the +attempt to put messages to a dead-letter queue failed. The program identifier +(PID) of the processing program was '117916(119072)'. +----- amqrmrca.c : 1052 ------------------------------------------------------- +25/10/2018 14:42:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:42:41.167Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:42:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:42:41.168Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:42:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:42:51.178Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:42:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:42:51.178Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:43:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:43:01.189Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:43:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:43:01.190Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:43:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:43:11.199Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:43:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:43:11.199Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:43:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:43:21.212Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:43:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:43:21.212Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:43:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:43:31.224Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:43:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:43:31.224Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:43:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:43:41.233Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:43:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:43:41.233Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:43:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:43:51.244Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:43:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:43:51.245Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:44:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:44:01.256Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:44:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:44:01.257Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:44:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:44:11.271Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:44:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:44:11.272Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:44:16 - Process(117916.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:44:16.275Z) + ArithInsert1(2) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(117916(119072)) + +AMQ9544W: Messages not put to destination queue. + +EXPLANATION: +During the processing of channel 'CHL.QM2.QM1' one or more messages could not +be put to the destination queue and attempts were made to put them to a +dead-letter queue. The location of the queue is 2, where 1 is the local +dead-letter queue and 2 is the remote dead-letter queue. +ACTION: +Examine the contents of the dead-letter queue. Each message is contained in a +structure that describes why the message was put to the queue, and to where it +was originally addressed. Also look at previous error messages to see if the +attempt to put messages to a dead-letter queue failed. The program identifier +(PID) of the processing program was '117916(119072)'. +----- amqrmrca.c : 1052 ------------------------------------------------------- +25/10/2018 14:44:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:44:21.282Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:44:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:44:21.282Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:44:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:44:31.293Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:44:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:44:31.294Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:44:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:44:41.303Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:44:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:44:41.303Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:44:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:44:51.314Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:44:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:44:51.314Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:45:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:45:01.326Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:45:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:45:01.326Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:45:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:45:11.341Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:45:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:45:11.342Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:45:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:45:21.354Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:45:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:45:21.355Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:45:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:45:31.366Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:45:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:45:31.366Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:45:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:45:41.376Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:45:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:45:41.377Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:45:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:45:51.387Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:45:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:45:51.387Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:46:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:46:01.397Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:46:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:46:01.397Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:46:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:46:11.412Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:46:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:46:11.413Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:46:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:46:21.425Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:46:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:46:21.426Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:46:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:46:31.435Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:46:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:46:31.435Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:46:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:46:41.461Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:46:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:46:41.461Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:46:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:46:51.498Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:46:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:46:51.499Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:47:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:47:01.510Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:47:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:47:01.511Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:47:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:47:11.522Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:47:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:47:11.522Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:47:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:47:21.533Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:47:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:47:21.533Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:47:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:47:31.544Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:47:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:47:31.545Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:47:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:47:41.554Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:47:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:47:41.554Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:47:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:47:51.565Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:47:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:47:51.566Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:48:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:48:01.576Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:48:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:48:01.577Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:48:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:48:11.586Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:48:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:48:11.587Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:48:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:48:21.596Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:48:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:48:21.597Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:48:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:48:31.606Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:48:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:48:31.607Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:48:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:48:41.616Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:48:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:48:41.617Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:48:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:48:51.626Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:48:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:48:51.627Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:49:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:49:01.637Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:49:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:49:01.638Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:49:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:49:11.648Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:49:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:49:11.648Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:49:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:49:21.659Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:49:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:49:21.659Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:49:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:49:31.670Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:49:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:49:31.670Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:49:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:49:41.680Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:49:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:49:41.681Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:49:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:49:51.691Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:49:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:49:51.692Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:49:56 - Process(117916.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:49:56.660Z) + ArithInsert1(2) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(117916(119072)) + +AMQ9544W: Messages not put to destination queue. + +EXPLANATION: +During the processing of channel 'CHL.QM2.QM1' one or more messages could not +be put to the destination queue and attempts were made to put them to a +dead-letter queue. The location of the queue is 2, where 1 is the local +dead-letter queue and 2 is the remote dead-letter queue. +ACTION: +Examine the contents of the dead-letter queue. Each message is contained in a +structure that describes why the message was put to the queue, and to where it +was originally addressed. Also look at previous error messages to see if the +attempt to put messages to a dead-letter queue failed. The program identifier +(PID) of the processing program was '117916(119072)'. +----- amqrmrca.c : 1052 ------------------------------------------------------- +25/10/2018 14:50:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:50:01.702Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:50:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:50:01.702Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:50:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:50:11.712Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:50:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:50:11.713Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:50:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:50:21.724Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:50:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:50:21.725Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:50:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:50:31.734Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:50:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:50:31.735Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:50:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:50:41.745Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:50:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:50:41.746Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:50:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:50:51.756Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:50:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:50:51.757Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:51:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:51:01.771Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:51:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:51:01.772Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:51:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:51:11.781Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:51:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:51:11.781Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:51:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:51:21.792Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:51:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:51:21.792Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:51:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:51:31.801Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:51:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:51:31.801Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:51:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:51:41.812Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:51:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:51:41.812Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:51:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:51:51.823Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:51:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:51:51.823Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:52:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:52:01.835Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:52:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:52:01.835Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:52:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:52:11.845Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:52:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:52:11.846Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:52:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:52:21.856Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:52:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:52:21.857Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:52:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:52:31.867Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:52:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:52:31.867Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:52:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:52:41.878Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:52:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:52:41.878Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:52:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:52:51.889Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:52:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:52:51.889Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:53:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:53:01.900Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:53:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:53:01.901Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:53:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:53:11.911Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:53:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:53:11.912Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:53:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:53:21.922Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:53:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:53:21.922Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:53:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:53:31.933Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:53:31 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:53:31.933Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:53:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:53:41.943Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:53:41 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:53:41.944Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:53:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:53:51.955Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:53:51 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:53:51.957Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:54:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:54:01.968Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:54:01 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:54:01.968Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:54:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:54:11.981Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:54:11 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:54:11.981Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:54:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:54:21.992Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:54:21 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:54:21.993Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:54:32 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:54:32.003Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:54:32 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:54:32.003Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:54:42 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:54:42.014Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:54:42 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:54:42.015Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:54:52 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:54:52.026Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:54:52 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:54:52.026Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:55:02 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:55:02.037Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:55:02 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:55:02.037Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:55:12 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:55:12.047Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:55:12 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:55:12.048Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:55:22 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:55:22.055Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:55:22 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:55:22.056Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:55:32 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:55:32.066Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:55:32 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:55:32.066Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:55:42 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:55:42.076Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:55:42 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:55:42.077Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:55:52 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:55:52.086Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:55:52 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:55:52.087Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:55:56 - Process(117916.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:55:56.702Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 14:55:56 - Process(117916.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:55:56.703Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(117916(119072)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 117916(119072) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 14:55:56 - Process(56188.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:55:56.776Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 14:56:02 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:56:02.097Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:56:02 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:56:02.097Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:56:12 - Process(9628.61) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:56:12.007Z) + ArithInsert1(9628) ArithInsert2(55) + CommentInsert1(CHL.QM1.QM2) + +AMQ9514E: Channel 'CHL.QM1.QM2' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM1.QM2' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +25/10/2018 14:56:12 - Process(9628.61) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:56:12.007Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(70456)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 9628(70456) for channel +'CHL.QM1.QM2' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 14:56:12 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:56:12.109Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:56:12 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:56:12.110Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:56:16 - Process(56188.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:56:16.835Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +25/10/2018 14:56:16 - Process(56188.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:56:16.835Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(56188(74368)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 56188(74368) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 14:56:22 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:56:22.122Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:56:22 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:56:22.122Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:56:32 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:56:32.132Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:56:32 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:56:32.133Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:56:42 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:56:42.143Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:56:42 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:56:42.144Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:56:52 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:56:52.153Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:56:52 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:56:52.153Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:56:56 - Process(92840.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:56:56.791Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 14:57:02 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:57:02.163Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:57:02 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:57:02.163Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:57:11 - Process(9628.62) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:57:11.890Z) + ArithInsert1(9628) ArithInsert2(55) + CommentInsert1(CHL.QM1.QM2) + +AMQ9514E: Channel 'CHL.QM1.QM2' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM1.QM2' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +25/10/2018 14:57:11 - Process(9628.62) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:57:11.890Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(62140)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 9628(62140) for channel +'CHL.QM1.QM2' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 14:57:12 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:57:12.177Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:57:12 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:57:12.178Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:57:16 - Process(92840.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:57:16.846Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +25/10/2018 14:57:16 - Process(92840.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:57:16.847Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(92840(59456)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 92840(59456) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 14:57:22 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:57:22.186Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:57:22 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:57:22.186Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:57:32 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:57:32.197Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:57:32 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:57:32.198Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:57:42 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:57:42.208Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:57:42 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:57:42.208Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:57:52 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:57:52.219Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:57:52 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:57:52.220Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:57:56 - Process(97412.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:57:56.798Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 14:58:02 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:58:02.230Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:58:02 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:58:02.231Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:58:11 - Process(9628.63) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:58:11.899Z) + ArithInsert1(9628) ArithInsert2(55) + CommentInsert1(CHL.QM1.QM2) + +AMQ9514E: Channel 'CHL.QM1.QM2' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM1.QM2' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +25/10/2018 14:58:11 - Process(9628.63) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:58:11.900Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(36436)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 9628(36436) for channel +'CHL.QM1.QM2' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 14:58:12 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:58:12.238Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:58:12 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:58:12.238Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:58:12 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:58:12.247Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 14:58:12 - Process(9628.55) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:58:12.248Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(119472)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 9628(119472) for channel +'CHL.QM1.QM2' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 14:58:16 - Process(97412.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:58:16.862Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +25/10/2018 14:58:16 - Process(97412.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:58:16.862Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(97412(69008)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 97412(69008) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 14:58:51 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:58:51.868Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 14:58:56 - Process(52812.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:58:56.820Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 14:59:01 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:59:01.886Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:59:01 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:59:01.886Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:59:11 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:59:11.901Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:59:11 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:59:11.902Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:59:21 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:59:21.911Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:59:21 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:59:21.912Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:59:31 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:59:31.924Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:59:31 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:59:31.925Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:59:41 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:59:41.952Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:59:41 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:59:41.952Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 14:59:51 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:59:51.962Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 14:59:51 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T12:59:51.962Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:00:01 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:00:01.972Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:00:01 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:00:01.972Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:00:11 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:00:11.983Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:00:11 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:00:11.983Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:00:21 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:00:21.995Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:00:21 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:00:21.996Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:00:32 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:00:32.007Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:00:32 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:00:32.007Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:00:42 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:00:42.016Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:00:42 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:00:42.017Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:00:52 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:00:52.026Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:00:52 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:00:52.026Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:01:02 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:01:02.037Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:01:02 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:01:02.037Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:01:12 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:01:12.049Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:01:12 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:01:12.049Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:01:22 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:01:22.061Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:01:22 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:01:22.061Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:01:32 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:01:32.073Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:01:32 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:01:32.073Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:01:42 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:01:42.092Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:01:42 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:01:42.092Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:01:52 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:01:52.103Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:01:52 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:01:52.103Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:02:02 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:02:02.116Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:02:02 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:02:02.116Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:02:12 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:02:12.127Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:02:12 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:02:12.127Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:02:22 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:02:22.139Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:02:22 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:02:22.139Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:02:32 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:02:32.151Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:02:32 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:02:32.151Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:02:42 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:02:42.162Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:02:42 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:02:42.163Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:02:52 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:02:52.175Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:02:52 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:02:52.176Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:03:02 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:03:02.186Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:03:02 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:03:02.187Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:03:12 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:03:12.198Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:03:12 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:03:12.198Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:03:22 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:03:22.211Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:03:22 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:03:22.212Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:03:32 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:03:32.224Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:03:32 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:03:32.224Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:03:42 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:03:42.236Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:03:42 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:03:42.236Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:03:52 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:03:52.248Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:03:52 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:03:52.248Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:04:02 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:04:02.260Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:04:02 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:04:02.261Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:04:12 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:04:12.271Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:04:12 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:04:12.271Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:04:22 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:04:22.280Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:04:22 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:04:22.280Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:04:32 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:04:32.289Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:04:32 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:04:32.290Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:04:42 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:04:42.298Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:04:42 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:04:42.299Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:04:52 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:04:52.308Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:04:52 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:04:52.308Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:04:56 - Process(52812.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:04:56.883Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 15:04:56 - Process(52812.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:04:56.884Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(52812(113104)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 52812(113104) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 15:04:56 - Process(69776.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:04:56.947Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 15:05:02 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:05:02.319Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:05:02 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:05:02.320Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:05:11 - Process(9628.65) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:05:11.998Z) + ArithInsert1(9628) ArithInsert2(64) + CommentInsert1(CHL.QM1.QM2) + +AMQ9514E: Channel 'CHL.QM1.QM2' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM1.QM2' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +25/10/2018 15:05:11 - Process(9628.65) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:05:11.999Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(58352)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 9628(58352) for channel +'CHL.QM1.QM2' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 15:05:12 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:05:12.329Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:05:12 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:05:12.329Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:05:17 - Process(69776.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:05:17.007Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +25/10/2018 15:05:17 - Process(69776.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:05:17.008Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(69776(49972)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 69776(49972) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 15:05:22 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:05:22.340Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:05:22 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:05:22.340Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:05:32 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:05:32.351Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:05:32 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:05:32.352Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:05:42 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:05:42.363Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:05:42 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:05:42.363Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:05:52 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:05:52.372Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:05:52 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:05:52.373Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:05:56 - Process(83712.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:05:56.958Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 15:06:02 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:06:02.384Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:06:02 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:06:02.385Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:06:12 - Process(9628.66) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:06:12.011Z) + ArithInsert1(9628) ArithInsert2(64) + CommentInsert1(CHL.QM1.QM2) + +AMQ9514E: Channel 'CHL.QM1.QM2' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM1.QM2' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +25/10/2018 15:06:12 - Process(9628.66) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:06:12.012Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(59788)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 9628(59788) for channel +'CHL.QM1.QM2' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 15:06:12 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:06:12.393Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:06:12 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:06:12.393Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:06:17 - Process(83712.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:06:17.014Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +25/10/2018 15:06:17 - Process(83712.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:06:17.015Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(83712(61916)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 83712(61916) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 15:06:22 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:06:22.403Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:06:22 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:06:22.403Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:06:32 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:06:32.412Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:06:32 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:06:32.412Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:06:42 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:06:42.422Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:06:42 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:06:42.423Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:06:52 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:06:52.432Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:06:52 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:06:52.432Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:06:56 - Process(87108.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:06:56.976Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 15:07:02 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:07:02.444Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:07:02 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:07:02.444Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:07:12 - Process(9628.67) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:07:12.021Z) + ArithInsert1(9628) ArithInsert2(64) + CommentInsert1(CHL.QM1.QM2) + +AMQ9514E: Channel 'CHL.QM1.QM2' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM1.QM2' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +25/10/2018 15:07:12 - Process(9628.67) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:07:12.022Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(61136)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 9628(61136) for channel +'CHL.QM1.QM2' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 15:07:12 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:07:12.454Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:07:12 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:07:12.455Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:07:12 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:07:12.457Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 15:07:12 - Process(9628.64) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:07:12.458Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(50648)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 9628(50648) for channel +'CHL.QM1.QM2' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 15:07:17 - Process(87108.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:07:17.035Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +25/10/2018 15:07:17 - Process(87108.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:07:17.035Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(87108(72684)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 87108(72684) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 15:07:52 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:07:52.017Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 15:07:56 - Process(77592.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:07:56.993Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 15:08:02 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:08:02.030Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:08:02 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:08:02.030Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:08:12 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:08:12.041Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:08:12 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:08:12.042Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:08:22 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:08:22.053Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:08:22 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:08:22.053Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:08:32 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:08:32.064Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:08:32 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:08:32.065Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:08:42 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:08:42.074Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:08:42 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:08:42.074Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:08:52 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:08:52.086Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:08:52 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:08:52.087Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:09:02 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:09:02.095Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:09:02 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:09:02.096Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:09:12 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:09:12.105Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:09:12 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:09:12.105Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:09:22 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:09:22.114Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:09:22 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:09:22.114Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:09:32 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:09:32.125Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:09:32 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:09:32.126Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:09:42 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:09:42.137Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:09:42 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:09:42.137Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:09:52 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:09:52.148Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:09:52 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:09:52.148Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:10:02 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:10:02.159Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:10:02 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:10:02.159Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:10:12 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:10:12.170Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:10:12 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:10:12.171Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:10:22 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:10:22.180Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:10:22 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:10:22.181Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:10:32 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:10:32.189Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:10:32 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:10:32.190Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:10:42 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:10:42.200Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:10:42 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:10:42.201Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:10:52 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:10:52.210Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:10:52 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:10:52.211Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:11:02 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:11:02.222Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:11:02 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:11:02.222Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:11:12 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:11:12.233Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:11:12 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:11:12.233Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:11:22 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:11:22.243Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:11:22 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:11:22.243Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:11:32 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:11:32.252Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:11:32 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:11:32.253Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:11:42 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:11:42.262Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:11:42 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:11:42.263Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:11:52 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:11:52.274Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:11:52 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:11:52.274Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:12:02 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:12:02.283Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:12:02 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:12:02.283Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:12:12 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:12:12.293Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:12:12 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:12:12.293Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:12:22 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:12:22.303Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:12:22 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:12:22.303Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:12:32 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:12:32.314Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:12:32 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:12:32.315Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:12:42 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:12:42.325Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:12:42 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:12:42.326Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:12:52 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:12:52.337Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:12:52 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:12:52.337Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:13:02 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:13:02.345Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:13:02 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:13:02.345Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:13:12 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:13:12.356Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:13:12 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:13:12.357Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:13:22 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:13:22.364Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:13:22 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:13:22.365Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:13:32 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:13:32.383Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:13:32 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:13:32.384Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:13:42 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:13:42.393Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:13:42 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:13:42.394Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:13:52 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:13:52.403Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:13:52 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:13:52.404Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:13:57 - Process(77592.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:13:57.042Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 15:13:57 - Process(77592.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:13:57.042Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(77592(19332)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 77592(19332) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 15:13:57 - Process(92472.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:13:57.100Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 15:14:02 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:14:02.414Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:14:02 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:14:02.414Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:14:12 - Process(9628.69) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:14:12.150Z) + ArithInsert1(9628) ArithInsert2(68) + CommentInsert1(CHL.QM1.QM2) + +AMQ9514E: Channel 'CHL.QM1.QM2' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM1.QM2' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +25/10/2018 15:14:12 - Process(9628.69) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:14:12.151Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(63384)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 9628(63384) for channel +'CHL.QM1.QM2' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 15:14:12 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:14:12.426Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:14:12 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:14:12.426Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:14:17 - Process(92472.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:14:17.156Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +25/10/2018 15:14:17 - Process(92472.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:14:17.156Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(92472(93696)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 92472(93696) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 15:14:22 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:14:22.436Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:14:22 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:14:22.437Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:14:32 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:14:32.447Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:14:32 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:14:32.448Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:14:42 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:14:42.458Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:14:42 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:14:42.458Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:14:52 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:14:52.469Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:14:52 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:14:52.469Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:14:57 - Process(68048.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:14:57.118Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 15:15:02 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:15:02.478Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:15:02 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:15:02.478Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:15:12 - Process(9628.70) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:15:12.173Z) + ArithInsert1(9628) ArithInsert2(68) + CommentInsert1(CHL.QM1.QM2) + +AMQ9514E: Channel 'CHL.QM1.QM2' is in use. + +EXPLANATION: +The requested operation failed because channel 'CHL.QM1.QM2' is currently +active. +ACTION: +Either end the channel manually, or wait for it to close, and retry the +operation. +----- amqrcsia.c : 1312 ------------------------------------------------------- +25/10/2018 15:15:12 - Process(9628.70) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:15:12.174Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(57828)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 9628(57828) for channel +'CHL.QM1.QM2' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 15:15:12 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:15:12.489Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:15:12 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:15:12.489Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:15:17 - Process(68048.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:15:17.172Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(picmention (127.0.0.1)(1414)) + +AMQ9558E: The remote channel 'CHL.QM2.QM1' on host 'picmention +(127.0.0.1)(1414)' is not currently available. + +EXPLANATION: +The channel program ended because an instance of channel 'CHL.QM2.QM1' could +not be started on the remote system. This could be for one of the following +reasons: + +The channel is disabled. + +The remote system does not have sufficient resources to run another instance of +the channel. + +In the case of a client-connection channel, the limit on the number of +instances configured for the remote server-connection channel was reached. +ACTION: +Check the remote system to ensure that the channel is able to run. Try the +operation again. +----- cmqxrfpt.c : 690 -------------------------------------------------------- +25/10/2018 15:15:17 - Process(68048.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:15:17.173Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(68048(91696)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 68048(91696) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 15:15:22 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:15:22.500Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:15:22 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:15:22.500Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:15:32 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:15:32.509Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:15:32 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:15:32.510Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:15:42 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:15:42.519Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:15:42 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:15:42.519Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:15:52 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:15:52.530Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:15:52 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:15:52.530Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:16:02 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:16:02.549Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:16:02 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:16:02.550Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:16:12 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:16:12.560Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:16:12 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:16:12.560Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:16:12 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:16:12.572Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 15:16:12 - Process(9628.68) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:16:12.573Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(60984)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 9628(60984) for channel +'CHL.QM1.QM2' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 15:34:52 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:34:52.177Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 15:34:57 - Process(69424.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:34:57.134Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 15:35:02 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:35:02.191Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:35:02 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:35:02.191Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:35:12 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:35:12.204Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:35:12 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:35:12.204Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:35:22 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:35:22.215Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:35:22 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:35:22.215Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:35:32 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:35:32.226Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:35:32 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:35:32.226Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:35:42 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:35:42.237Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:35:42 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:35:42.237Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:35:52 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:35:52.248Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:35:52 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:35:52.248Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:36:02 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:36:02.261Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:36:02 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:36:02.262Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:36:12 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:36:12.272Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:36:12 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:36:12.273Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:36:22 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:36:22.285Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:36:22 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:36:22.285Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:36:32 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:36:32.295Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:36:32 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:36:32.296Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:36:42 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:36:42.306Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:36:42 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:36:42.306Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:36:52 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:36:52.316Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:36:52 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:36:52.317Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:37:02 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:37:02.329Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:37:02 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:37:02.329Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:37:12 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:37:12.340Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:37:12 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:37:12.340Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:37:22 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:37:22.351Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:37:22 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:37:22.351Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:37:32 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:37:32.363Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:37:32 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:37:32.364Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:37:42 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:37:42.375Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:37:42 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:37:42.375Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:37:52 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:37:52.386Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:37:52 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:37:52.387Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:38:02 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:38:02.398Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:38:02 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:38:02.398Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:38:12 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:38:12.410Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:38:12 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:38:12.410Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:38:22 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:38:22.422Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:38:22 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:38:22.423Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:38:32 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:38:32.433Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:38:32 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:38:32.433Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:38:42 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:38:42.445Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:38:42 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:38:42.445Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:38:52 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:38:52.457Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:38:52 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:38:52.458Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:39:02 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:39:02.469Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:39:02 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:39:02.469Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:39:12 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:39:12.479Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:39:12 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:39:12.480Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:39:22 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:39:22.491Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:39:22 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:39:22.492Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:39:32 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:39:32.503Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:39:32 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:39:32.503Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:39:42 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:39:42.515Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:39:42 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:39:42.515Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:39:52 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:39:52.526Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:39:52 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:39:52.526Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:40:02 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:40:02.538Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:40:02 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:40:02.538Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:40:12 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:40:12.550Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:40:12 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:40:12.550Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:40:22 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:40:22.561Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:40:22 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:40:22.561Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:40:32 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:40:32.573Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:40:32 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:40:32.573Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:40:42 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:40:42.583Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:40:42 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:40:42.583Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:40:52 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:40:52.593Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:40:52 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:40:52.593Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:40:57 - Process(69424.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:40:57.192Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 15:40:57 - Process(69424.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:40:57.193Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(69424(62100)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 69424(62100) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 15:41:02 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:41:02.604Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:41:02 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:41:02.604Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:41:12 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:41:12.616Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:41:12 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:41:12.616Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:41:22 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:41:22.628Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:41:22 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:41:22.628Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:41:32 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:41:32.640Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:41:32 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:41:32.640Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:41:42 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:41:42.652Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:41:42 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:41:42.652Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:41:52 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:41:52.664Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:41:52 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:41:52.665Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:42:02 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:42:02.676Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:42:02 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:42:02.677Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:42:12 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:42:12.689Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:42:12 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:42:12.689Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:42:22 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:42:22.700Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:42:22 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:42:22.701Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:42:32 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:42:32.711Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:42:32 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:42:32.711Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:42:42 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:42:42.723Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:42:42 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:42:42.724Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:42:52 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:42:52.737Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:42:52 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:42:52.738Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:43:02 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:43:02.749Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:43:02 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:43:02.749Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:43:12 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:43:12.760Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:43:12 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:43:12.760Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:43:12 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:43:12.772Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 15:43:12 - Process(9628.71) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:43:12.773Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(84052)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 9628(84052) for channel +'CHL.QM1.QM2' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 15:54:52 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:54:52.182Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 15:54:57 - Process(102156.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:54:57.149Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 15:55:02 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:55:02.196Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:55:02 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:55:02.197Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:55:12 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:55:12.208Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:55:12 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:55:12.209Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:55:22 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:55:22.221Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:55:22 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:55:22.222Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:55:32 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:55:32.233Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:55:32 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:55:32.234Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:55:42 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:55:42.246Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:55:42 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:55:42.246Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:55:52 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:55:52.258Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:55:52 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:55:52.258Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:56:02 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:56:02.269Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:56:02 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:56:02.269Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:56:12 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:56:12.280Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:56:12 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:56:12.281Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:56:22 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:56:22.293Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:56:22 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:56:22.293Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:56:32 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:56:32.305Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:56:32 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:56:32.306Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:56:42 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:56:42.316Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:56:42 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:56:42.317Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:56:52 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:56:52.328Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:56:52 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:56:52.329Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:57:02 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:57:02.341Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:57:02 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:57:02.342Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:57:12 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:57:12.354Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:57:12 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:57:12.355Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:57:22 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:57:22.367Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:57:22 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:57:22.368Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:57:32 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:57:32.379Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:57:32 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:57:32.379Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:57:42 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:57:42.389Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:57:42 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:57:42.390Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:57:52 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:57:52.401Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:57:52 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:57:52.401Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:58:02 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:58:02.413Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:58:02 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:58:02.413Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:58:12 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:58:12.423Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:58:12 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:58:12.423Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:58:22 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:58:22.434Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:58:22 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:58:22.435Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:58:32 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:58:32.447Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:58:32 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:58:32.447Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:58:42 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:58:42.458Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:58:42 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:58:42.459Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:58:52 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:58:52.469Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:58:52 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:58:52.470Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:59:02 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:59:02.481Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:59:02 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:59:02.481Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:59:12 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:59:12.523Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:59:12 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:59:12.523Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:59:22 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:59:22.534Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:59:22 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:59:22.535Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:59:32 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:59:32.545Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:59:32 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:59:32.546Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:59:42 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:59:42.555Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:59:42 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:59:42.555Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 15:59:52 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:59:52.564Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 15:59:52 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T13:59:52.564Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:00:02 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:00:02.575Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:00:02 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:00:02.575Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:00:12 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:00:12.586Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:00:12 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:00:12.587Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:00:22 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:00:22.597Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:00:22 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:00:22.598Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:00:32 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:00:32.609Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:00:32 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:00:32.609Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:00:42 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:00:42.621Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:00:42 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:00:42.621Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:00:52 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:00:52.632Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:00:52 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:00:52.632Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:00:57 - Process(102156.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:00:57.205Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 16:00:57 - Process(102156.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:00:57.205Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(102156(26448)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 102156(26448) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 16:01:02 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:01:02.644Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:01:02 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:01:02.645Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:01:12 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:01:12.657Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:01:12 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:01:12.657Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:01:22 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:01:22.668Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:01:22 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:01:22.669Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:01:32 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:01:32.679Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:01:32 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:01:32.680Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:01:42 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:01:42.691Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:01:42 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:01:42.691Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:01:52 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:01:52.701Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:01:52 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:01:52.702Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:02:02 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:02:02.714Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:02:02 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:02:02.714Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:02:12 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:02:12.724Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:02:12 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:02:12.725Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:02:22 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:02:22.736Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:02:22 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:02:22.737Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:02:32 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:02:32.748Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:02:32 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:02:32.748Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:02:42 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:02:42.759Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:02:42 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:02:42.760Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:02:52 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:02:52.772Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:02:52 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:02:52.772Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:03:02 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:03:02.783Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:03:02 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:03:02.784Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:03:12 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:03:12.794Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:03:12 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:03:12.794Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:03:12 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:03:12.799Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 16:03:12 - Process(9628.72) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:03:12.799Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(99316)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 9628(99316) for channel +'CHL.QM1.QM2' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 16:14:52 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:14:52.205Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 16:14:57 - Process(116320.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:14:57.174Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 16:15:02 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:15:02.219Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:15:02 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:15:02.219Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:15:12 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:15:12.230Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:15:12 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:15:12.231Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:15:22 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:15:22.242Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:15:22 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:15:22.242Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:15:32 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:15:32.253Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:15:32 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:15:32.254Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:15:42 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:15:42.265Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:15:42 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:15:42.265Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:15:52 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:15:52.276Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:15:52 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:15:52.276Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:16:02 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:16:02.289Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:16:02 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:16:02.290Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:16:12 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:16:12.302Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:16:12 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:16:12.303Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:16:22 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:16:22.314Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:16:22 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:16:22.314Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:16:32 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:16:32.325Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:16:32 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:16:32.326Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:16:42 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:16:42.338Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:16:42 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:16:42.338Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:16:52 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:16:52.350Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:16:52 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:16:52.351Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:17:02 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:17:02.363Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:17:02 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:17:02.363Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:17:12 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:17:12.374Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:17:12 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:17:12.375Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:17:22 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:17:22.386Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:17:22 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:17:22.386Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:17:32 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:17:32.395Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:17:32 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:17:32.396Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:17:42 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:17:42.407Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:17:42 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:17:42.408Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:17:52 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:17:52.420Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:17:52 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:17:52.420Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:18:02 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:18:02.431Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:18:02 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:18:02.432Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:18:12 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:18:12.444Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:18:12 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:18:12.444Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:18:22 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:18:22.455Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:18:22 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:18:22.455Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:18:32 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:18:32.472Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:18:32 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:18:32.472Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:18:42 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:18:42.485Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:18:42 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:18:42.486Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:18:52 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:18:52.497Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:18:52 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:18:52.497Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:19:02 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:19:02.509Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:19:02 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:19:02.509Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:19:12 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:19:12.520Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:19:12 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:19:12.520Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:19:22 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:19:22.531Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:19:22 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:19:22.532Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:19:32 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:19:32.543Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:19:32 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:19:32.543Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:19:42 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:19:42.554Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:19:42 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:19:42.554Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:19:52 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:19:52.565Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:19:52 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:19:52.565Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:20:02 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:20:02.575Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:20:02 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:20:02.575Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:20:12 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:20:12.586Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:20:12 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:20:12.586Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:20:22 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:20:22.598Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:20:22 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:20:22.598Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:20:32 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:20:32.609Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:20:32 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:20:32.610Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:20:42 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:20:42.620Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:20:42 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:20:42.621Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:20:52 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:20:52.630Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:20:52 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:20:52.630Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:20:57 - Process(116320.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:20:57.216Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 16:20:57 - Process(116320.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:20:57.217Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(116320(107788)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 116320(107788) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 16:21:02 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:21:02.640Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:21:02 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:21:02.640Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:21:12 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:21:12.651Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:21:12 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:21:12.651Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:21:22 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:21:22.662Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:21:22 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:21:22.663Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:21:32 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:21:32.674Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:21:32 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:21:32.674Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:21:42 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:21:42.685Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:21:42 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:21:42.685Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:21:52 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:21:52.698Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:21:52 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:21:52.698Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:22:02 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:22:02.710Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:22:02 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:22:02.711Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:22:12 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:22:12.722Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:22:12 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:22:12.722Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:22:22 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:22:22.733Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:22:22 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:22:22.734Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:22:32 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:22:32.744Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:22:32 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:22:32.745Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:22:42 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:22:42.756Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:22:42 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:22:42.757Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:22:52 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:22:52.769Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:22:52 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:22:52.769Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:23:02 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:23:02.781Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:23:02 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:23:02.781Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:23:12 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:23:12.793Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:23:12 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:23:12.793Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:23:12 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:23:12.798Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 16:23:12 - Process(9628.73) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:23:12.798Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(103704)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 9628(103704) for channel +'CHL.QM1.QM2' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 16:34:52 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:34:52.212Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 16:34:57 - Process(94612.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:34:57.183Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 16:35:02 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:35:02.222Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:35:02 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:35:02.222Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:35:12 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:35:12.233Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:35:12 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:35:12.234Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:35:22 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:35:22.244Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:35:22 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:35:22.245Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:35:32 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:35:32.253Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:35:32 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:35:32.254Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:35:42 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:35:42.263Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:35:42 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:35:42.263Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:35:52 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:35:52.274Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:35:52 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:35:52.275Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:36:02 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:36:02.287Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:36:02 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:36:02.288Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:36:12 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:36:12.299Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:36:12 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:36:12.299Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:36:22 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:36:22.309Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:36:22 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:36:22.309Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:36:32 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:36:32.319Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:36:32 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:36:32.320Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:36:42 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:36:42.329Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:36:42 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:36:42.329Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:36:52 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:36:52.338Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:36:52 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:36:52.339Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:37:02 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:37:02.348Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:37:02 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:37:02.349Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:37:12 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:37:12.358Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:37:12 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:37:12.358Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:37:22 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:37:22.371Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:37:22 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:37:22.372Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:37:32 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:37:32.383Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:37:32 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:37:32.383Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:37:42 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:37:42.393Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:37:42 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:37:42.393Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:37:52 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:37:52.405Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:37:52 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:37:52.405Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:38:02 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:38:02.413Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:38:02 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:38:02.414Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:38:12 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:38:12.424Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:38:12 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:38:12.424Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:38:22 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:38:22.434Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:38:22 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:38:22.434Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:38:32 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:38:32.445Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:38:32 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:38:32.445Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:38:42 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:38:42.454Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:38:42 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:38:42.454Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:38:52 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:38:52.465Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:38:52 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:38:52.466Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:39:02 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:39:02.477Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:39:02 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:39:02.477Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:39:12 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:39:12.486Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:39:12 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:39:12.487Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:39:22 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:39:22.496Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:39:22 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:39:22.496Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:39:32 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:39:32.507Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:39:32 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:39:32.508Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:39:42 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:39:42.518Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:39:42 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:39:42.518Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:39:52 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:39:52.529Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:39:52 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:39:52.529Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:40:02 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:40:02.541Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:40:02 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:40:02.542Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:40:12 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:40:12.553Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:40:12 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:40:12.553Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:40:22 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:40:22.563Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:40:22 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:40:22.564Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:40:32 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:40:32.574Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:40:32 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:40:32.574Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:40:42 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:40:42.585Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:40:42 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:40:42.586Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:40:52 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:40:52.597Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:40:52 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:40:52.597Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:40:57 - Process(94612.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:40:57.227Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 16:40:57 - Process(94612.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:40:57.228Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(94612(120288)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 94612(120288) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 16:41:02 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:41:02.607Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:41:02 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:41:02.608Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:41:12 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:41:12.619Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:41:12 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:41:12.620Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:41:22 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:41:22.631Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:41:22 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:41:22.631Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:41:32 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:41:32.643Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:41:32 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:41:32.643Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:41:42 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:41:42.655Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:41:42 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:41:42.655Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:41:52 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:41:52.667Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:41:52 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:41:52.667Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:42:02 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:42:02.679Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:42:02 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:42:02.680Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:42:12 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:42:12.691Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:42:12 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:42:12.692Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:42:22 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:42:22.702Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:42:22 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:42:22.703Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:42:32 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:42:32.715Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:42:32 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:42:32.715Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:42:42 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:42:42.726Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:42:42 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:42:42.726Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:42:52 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:42:52.737Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:42:52 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:42:52.738Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:43:02 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:43:02.748Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:43:02 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:43:02.749Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:43:12 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:43:12.760Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:43:12 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:43:12.761Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:43:12 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:43:12.764Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 16:43:12 - Process(9628.74) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:43:12.764Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(117488)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 9628(117488) for channel +'CHL.QM1.QM2' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 16:54:52 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:54:52.238Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 16:54:57 - Process(32296.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:54:57.210Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 16:55:02 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:55:02.250Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:55:02 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:55:02.251Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:55:12 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:55:12.263Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:55:12 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:55:12.263Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:55:22 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:55:22.274Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:55:22 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:55:22.274Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:55:32 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:55:32.286Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:55:32 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:55:32.287Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:55:42 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:55:42.298Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:55:42 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:55:42.299Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:55:52 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:55:52.311Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:55:52 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:55:52.311Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:56:02 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:56:02.323Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:56:02 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:56:02.323Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:56:12 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:56:12.335Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:56:12 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:56:12.335Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:56:22 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:56:22.346Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:56:22 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:56:22.346Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:56:32 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:56:32.358Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:56:32 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:56:32.359Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:56:42 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:56:42.370Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:56:42 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:56:42.370Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:56:52 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:56:52.382Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:56:52 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:56:52.382Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:57:02 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:57:02.394Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:57:02 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:57:02.394Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:57:12 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:57:12.404Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:57:12 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:57:12.405Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:57:22 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:57:22.415Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:57:22 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:57:22.416Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:57:32 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:57:32.427Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:57:32 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:57:32.428Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:57:42 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:57:42.439Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:57:42 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:57:42.439Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:57:52 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:57:52.449Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:57:52 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:57:52.450Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:58:02 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:58:02.462Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:58:02 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:58:02.462Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:58:12 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:58:12.473Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:58:12 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:58:12.473Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:58:22 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:58:22.485Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:58:22 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:58:22.485Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:58:32 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:58:32.497Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:58:32 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:58:32.497Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:58:42 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:58:42.508Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:58:42 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:58:42.509Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:58:52 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:58:52.520Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:58:52 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:58:52.521Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:59:02 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:59:02.530Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:59:02 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:59:02.531Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:59:12 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:59:12.543Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:59:12 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:59:12.543Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:59:22 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:59:22.555Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:59:22 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:59:22.555Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:59:32 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:59:32.566Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:59:32 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:59:32.566Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:59:42 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:59:42.576Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:59:42 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:59:42.577Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 16:59:52 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:59:52.587Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 16:59:52 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T14:59:52.588Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:00:02 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:00:02.601Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:00:02 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:00:02.601Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:00:12 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:00:12.612Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:00:12 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:00:12.612Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:00:22 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:00:22.620Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:00:22 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:00:22.620Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:00:32 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:00:32.632Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:00:32 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:00:32.632Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:00:42 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:00:42.644Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:00:42 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:00:42.645Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:00:52 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:00:52.656Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:00:52 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:00:52.657Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:00:57 - Process(32296.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:00:57.267Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 17:00:57 - Process(32296.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:00:57.268Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(32296(35936)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 32296(35936) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 17:01:02 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:01:02.667Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:01:02 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:01:02.668Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:01:12 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:01:12.679Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:01:12 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:01:12.679Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:01:22 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:01:22.691Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:01:22 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:01:22.691Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:01:32 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:01:32.702Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:01:32 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:01:32.702Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:01:42 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:01:42.713Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:01:42 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:01:42.713Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:01:52 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:01:52.723Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:01:52 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:01:52.724Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:02:02 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:02:02.735Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:02:02 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:02:02.736Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:02:12 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:02:12.747Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:02:12 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:02:12.748Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:02:22 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:02:22.759Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:02:22 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:02:22.760Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:02:32 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:02:32.770Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:02:32 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:02:32.770Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:02:42 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:02:42.781Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:02:42 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:02:42.781Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:02:52 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:02:52.792Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:02:52 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:02:52.793Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:03:02 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:03:02.803Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:03:02 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:03:02.804Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:03:12 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:03:12.813Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:03:12 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:03:12.814Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:03:12 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:03:12.825Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 17:03:12 - Process(9628.75) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:03:12.826Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(19600)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 9628(19600) for channel +'CHL.QM1.QM2' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 17:14:52 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:14:52.264Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 17:14:57 - Process(51308.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:14:57.209Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 17:15:02 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:15:02.278Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:15:02 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:15:02.278Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:15:12 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:15:12.288Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:15:12 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:15:12.288Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:15:22 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:15:22.299Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:15:22 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:15:22.299Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:15:32 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:15:32.310Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:15:32 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:15:32.311Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:15:42 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:15:42.321Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:15:42 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:15:42.321Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:15:52 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:15:52.331Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:15:52 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:15:52.331Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:16:02 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:16:02.340Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:16:02 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:16:02.341Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:16:12 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:16:12.352Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:16:12 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:16:12.352Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:16:22 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:16:22.363Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:16:22 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:16:22.364Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:16:32 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:16:32.374Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:16:32 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:16:32.374Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:16:42 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:16:42.384Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:16:42 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:16:42.385Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:16:52 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:16:52.395Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:16:52 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:16:52.395Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:17:02 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:17:02.404Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:17:02 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:17:02.405Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:17:12 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:17:12.423Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:17:12 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:17:12.424Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:17:22 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:17:22.434Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:17:22 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:17:22.435Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:17:32 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:17:32.445Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:17:32 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:17:32.446Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:17:42 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:17:42.456Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:17:42 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:17:42.457Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:17:52 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:17:52.470Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:17:52 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:17:52.471Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:18:02 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:18:02.483Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:18:02 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:18:02.483Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:18:12 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:18:12.494Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:18:12 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:18:12.494Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:18:22 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:18:22.503Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:18:22 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:18:22.504Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:18:32 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:18:32.514Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:18:32 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:18:32.514Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:18:42 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:18:42.523Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:18:42 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:18:42.523Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:18:52 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:18:52.534Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:18:52 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:18:52.534Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:19:02 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:19:02.547Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:19:02 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:19:02.548Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:19:12 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:19:12.561Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:19:12 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:19:12.561Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:19:22 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:19:22.571Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:19:22 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:19:22.571Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:19:32 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:19:32.581Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:19:32 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:19:32.581Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:19:42 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:19:42.593Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:19:42 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:19:42.593Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:19:52 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:19:52.606Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:19:52 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:19:52.607Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:20:02 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:20:02.621Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:20:02 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:20:02.622Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:20:12 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:20:12.636Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:20:12 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:20:12.637Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:20:22 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:20:22.648Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:20:22 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:20:22.649Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:20:32 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:20:32.661Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:20:32 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:20:32.662Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:20:42 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:20:42.672Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:20:42 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:20:42.672Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:20:52 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:20:52.683Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:20:52 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:20:52.683Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:20:57 - Process(51308.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:20:57.258Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 17:20:57 - Process(51308.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:20:57.258Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(51308(32040)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 51308(32040) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 17:21:02 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:21:02.696Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:21:02 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:21:02.697Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:21:12 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:21:12.709Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:21:12 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:21:12.709Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:21:22 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:21:22.720Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:21:22 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:21:22.720Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:21:32 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:21:32.732Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:21:32 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:21:32.733Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:21:42 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:21:42.742Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:21:42 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:21:42.742Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:21:52 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:21:52.752Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:21:52 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:21:52.752Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:22:02 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:22:02.763Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:22:02 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:22:02.763Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:22:12 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:22:12.774Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:22:12 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:22:12.774Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:22:22 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:22:22.784Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:22:22 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:22:22.785Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:22:32 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:22:32.796Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:22:32 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:22:32.796Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:22:42 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:22:42.806Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:22:42 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:22:42.807Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:22:52 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:22:52.817Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:22:52 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:22:52.817Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:23:02 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:23:02.826Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:23:02 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:23:02.827Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:23:12 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:23:12.836Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:23:12 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:23:12.837Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:23:12 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:23:12.840Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 17:23:12 - Process(9628.76) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:23:12.841Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(72872)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 9628(72872) for channel +'CHL.QM1.QM2' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 17:34:52 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:34:52.264Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 17:34:57 - Process(41392.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:34:57.223Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 17:35:02 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:35:02.274Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:35:02 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:35:02.275Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:35:12 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:35:12.284Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:35:12 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:35:12.284Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:35:22 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:35:22.295Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:35:22 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:35:22.295Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:35:32 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:35:32.303Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:35:32 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:35:32.304Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:35:42 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:35:42.313Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:35:42 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:35:42.313Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:35:52 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:35:52.320Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:35:52 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:35:52.321Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:36:02 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:36:02.332Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:36:02 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:36:02.332Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:36:12 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:36:12.342Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:36:12 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:36:12.342Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:36:22 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:36:22.350Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:36:22 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:36:22.351Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:36:32 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:36:32.360Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:36:32 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:36:32.361Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:36:42 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:36:42.369Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:36:42 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:36:42.370Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:36:52 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:36:52.377Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:36:52 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:36:52.377Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:37:02 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:37:02.386Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:37:02 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:37:02.386Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:37:12 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:37:12.395Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:37:12 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:37:12.395Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:37:22 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:37:22.405Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:37:22 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:37:22.406Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:37:32 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:37:32.414Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:37:32 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:37:32.414Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:37:42 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:37:42.424Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:37:42 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:37:42.425Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:37:52 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:37:52.435Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:37:52 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:37:52.435Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:38:02 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:38:02.443Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:38:02 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:38:02.444Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:38:12 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:38:12.455Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:38:12 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:38:12.455Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:38:22 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:38:22.464Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:38:22 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:38:22.465Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:38:32 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:38:32.474Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:38:32 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:38:32.475Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:38:42 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:38:42.483Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:38:42 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:38:42.484Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:38:52 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:38:52.493Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:38:52 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:38:52.494Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:39:02 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:39:02.503Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:39:02 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:39:02.503Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:39:12 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:39:12.512Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:39:12 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:39:12.512Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:39:22 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:39:22.520Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:39:22 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:39:22.520Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:39:32 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:39:32.530Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:39:32 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:39:32.531Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:39:42 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:39:42.539Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:39:42 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:39:42.539Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:39:52 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:39:52.549Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:39:52 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:39:52.549Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:40:02 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:40:02.560Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:40:02 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:40:02.561Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:40:12 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:40:12.571Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:40:12 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:40:12.571Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:40:22 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:40:22.579Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:40:22 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:40:22.579Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:40:32 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:40:32.589Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:40:32 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:40:32.590Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:40:42 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:40:42.600Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:40:42 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:40:42.601Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:40:52 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:40:52.609Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:40:52 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:40:52.609Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:40:57 - Process(41392.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:40:57.279Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 17:40:57 - Process(41392.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:40:57.280Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(41392(30600)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 41392(30600) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 17:41:02 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:41:02.619Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:41:02 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:41:02.619Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:41:12 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:41:12.628Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:41:12 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:41:12.629Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:41:22 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:41:22.638Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:41:22 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:41:22.638Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:41:32 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:41:32.647Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:41:32 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:41:32.647Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:41:42 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:41:42.657Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:41:42 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:41:42.657Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:41:52 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:41:52.666Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:41:52 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:41:52.666Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:42:02 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:42:02.678Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:42:02 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:42:02.680Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:42:12 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:42:12.687Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:42:12 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:42:12.688Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:42:22 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:42:22.696Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:42:22 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:42:22.696Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:42:32 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:42:32.706Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:42:32 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:42:32.706Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:42:42 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:42:42.715Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:42:42 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:42:42.715Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:42:52 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:42:52.726Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:42:52 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:42:52.726Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:43:02 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:43:02.738Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:43:02 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:43:02.739Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:43:12 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:43:12.750Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:43:12 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:43:12.751Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:43:12 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:43:12.763Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 17:43:12 - Process(9628.77) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:43:12.763Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(79392)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 9628(79392) for channel +'CHL.QM1.QM2' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 17:54:52 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:54:52.269Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 17:54:57 - Process(82004.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:54:57.236Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 17:55:02 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:55:02.281Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:55:02 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:55:02.282Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:55:12 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:55:12.290Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:55:12 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:55:12.291Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:55:22 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:55:22.300Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:55:22 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:55:22.300Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:55:32 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:55:32.310Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:55:32 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:55:32.310Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:55:42 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:55:42.318Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:55:42 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:55:42.319Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:55:52 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:55:52.328Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:55:52 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:55:52.328Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:56:02 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:56:02.336Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:56:02 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:56:02.336Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:56:12 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:56:12.344Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:56:12 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:56:12.344Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:56:22 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:56:22.355Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:56:22 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:56:22.356Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:56:32 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:56:32.364Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:56:32 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:56:32.365Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:56:42 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:56:42.372Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:56:42 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:56:42.373Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:56:52 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:56:52.383Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:56:52 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:56:52.383Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:57:02 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:57:02.394Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:57:02 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:57:02.395Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:57:12 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:57:12.406Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:57:12 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:57:12.406Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:57:22 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:57:22.415Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:57:22 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:57:22.416Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:57:32 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:57:32.425Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:57:32 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:57:32.426Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:57:42 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:57:42.436Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:57:42 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:57:42.437Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:57:52 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:57:52.448Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:57:52 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:57:52.448Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:58:02 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:58:02.460Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:58:02 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:58:02.461Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:58:12 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:58:12.470Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:58:12 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:58:12.471Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:58:22 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:58:22.480Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:58:22 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:58:22.480Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:58:32 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:58:32.491Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:58:32 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:58:32.492Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:58:42 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:58:42.501Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:58:42 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:58:42.502Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:58:52 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:58:52.512Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:58:52 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:58:52.513Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:59:02 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:59:02.523Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:59:02 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:59:02.523Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:59:12 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:59:12.533Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:59:12 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:59:12.533Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:59:22 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:59:22.542Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:59:22 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:59:22.543Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:59:32 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:59:32.554Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:59:32 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:59:32.555Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:59:42 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:59:42.566Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:59:42 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:59:42.566Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 17:59:52 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:59:52.621Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 17:59:52 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T15:59:52.622Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:00:02 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:00:02.631Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:00:02 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:00:02.632Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:00:12 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:00:12.642Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:00:12 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:00:12.643Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:00:22 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:00:22.654Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:00:22 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:00:22.655Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:00:32 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:00:32.667Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:00:32 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:00:32.668Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:00:42 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:00:42.678Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:00:42 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:00:42.679Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:00:52 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:00:52.690Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:00:52 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:00:52.691Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:00:57 - Process(82004.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:00:57.299Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 18:00:57 - Process(82004.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:00:57.299Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(82004(57796)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 82004(57796) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 18:01:02 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:01:02.702Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:01:02 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:01:02.702Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:01:12 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:01:12.713Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:01:12 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:01:12.714Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:01:22 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:01:22.724Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:01:22 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:01:22.725Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:01:32 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:01:32.736Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:01:32 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:01:32.736Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:01:42 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:01:42.746Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:01:42 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:01:42.746Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:01:52 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:01:52.757Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:01:52 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:01:52.757Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:02:02 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:02:02.767Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:02:02 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:02:02.768Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:02:12 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:02:12.779Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:02:12 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:02:12.780Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:02:22 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:02:22.790Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:02:22 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:02:22.790Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:02:32 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:02:32.800Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:02:32 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:02:32.801Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:02:42 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:02:42.812Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:02:42 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:02:42.813Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:02:52 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:02:52.822Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:02:52 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:02:52.823Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:03:02 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:03:02.833Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:03:02 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:03:02.833Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:03:12 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:03:12.844Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:03:12 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:03:12.844Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:03:12 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:03:12.857Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 18:03:12 - Process(9628.78) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:03:12.858Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(81888)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 9628(81888) for channel +'CHL.QM1.QM2' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 18:14:52 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:14:52.281Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 18:14:57 - Process(87228.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:14:57.254Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 18:15:02 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:15:02.294Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:15:02 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:15:02.294Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:15:12 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:15:12.303Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:15:12 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:15:12.304Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:15:22 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:15:22.313Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:15:22 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:15:22.313Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:15:32 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:15:32.325Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:15:32 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:15:32.326Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:15:42 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:15:42.334Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:15:42 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:15:42.334Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:15:52 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:15:52.345Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:15:52 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:15:52.345Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:16:02 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:16:02.355Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:16:02 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:16:02.356Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:16:12 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:16:12.366Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:16:12 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:16:12.366Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:16:22 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:16:22.373Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:16:22 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:16:22.374Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:16:32 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:16:32.384Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:16:32 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:16:32.384Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:16:42 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:16:42.396Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:16:42 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:16:42.396Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:16:52 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:16:52.408Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:16:52 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:16:52.409Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:17:02 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:17:02.420Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:17:02 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:17:02.421Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:17:12 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:17:12.431Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:17:12 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:17:12.431Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:17:22 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:17:22.441Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:17:22 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:17:22.442Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:17:32 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:17:32.451Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:17:32 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:17:32.452Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:17:42 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:17:42.462Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:17:42 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:17:42.462Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:17:52 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:17:52.472Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:17:52 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:17:52.472Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:18:02 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:18:02.482Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:18:02 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:18:02.482Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:18:12 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:18:12.492Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:18:12 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:18:12.492Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:18:22 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:18:22.502Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:18:22 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:18:22.503Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:18:32 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:18:32.513Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:18:32 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:18:32.514Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:18:42 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:18:42.524Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:18:42 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:18:42.524Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:18:52 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:18:52.533Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:18:52 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:18:52.534Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:19:02 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:19:02.542Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:19:02 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:19:02.542Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:19:12 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:19:12.553Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:19:12 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:19:12.553Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:19:22 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:19:22.562Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:19:22 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:19:22.562Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:19:32 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:19:32.572Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:19:32 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:19:32.572Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:19:42 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:19:42.580Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:19:42 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:19:42.581Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:19:52 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:19:52.591Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:19:52 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:19:52.591Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:20:02 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:20:02.600Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:20:02 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:20:02.601Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:20:12 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:20:12.612Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:20:12 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:20:12.612Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:20:22 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:20:22.624Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:20:22 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:20:22.624Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:20:32 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:20:32.635Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:20:32 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:20:32.635Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:20:42 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:20:42.645Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:20:42 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:20:42.645Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:20:52 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:20:52.655Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:20:52 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:20:52.657Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:20:57 - Process(87228.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:20:57.300Z) + RemoteHost(127.0.0.1(1414)) + CommentInsert1(127.0.0.1(1414)) + CommentInsert2(TCP/IP) + CommentInsert3(select() [TIMEOUT] 360 seconds) + +AMQ9259E: Connection timed out from host '127.0.0.1(1414)'. + +EXPLANATION: +A connection from host '127.0.0.1(1414)' over TCP/IP timed out. +ACTION: +The select() [TIMEOUT] 360 seconds call timed out. Check to see why data was +not received in the expected time. Correct the problem. Reconnect the channel, +or wait for a retrying channel to reconnect itself. +----- amqccita.c : 4793 ------------------------------------------------------- +25/10/2018 18:20:57 - Process(87228.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:20:57.301Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(87228(93912)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9999E: Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended abnormally. + +EXPLANATION: +The channel program running under process ID 87228(93912) for channel +'CHL.QM2.QM1' ended abnormally. The host name is '127.0.0.1(1414)'; in some +cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrccca.c : 1131 ------------------------------------------------------- +25/10/2018 18:21:02 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:21:02.666Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:21:02 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:21:02.667Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:21:12 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:21:12.678Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:21:12 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:21:12.678Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:21:22 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:21:22.690Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:21:22 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:21:22.690Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:21:32 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:21:32.701Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:21:32 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:21:32.701Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:21:42 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:21:42.712Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:21:42 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:21:42.712Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:21:52 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:21:52.720Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:21:52 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:21:52.721Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:22:02 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:22:02.730Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:22:02 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:22:02.731Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:22:12 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:22:12.742Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:22:12 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:22:12.742Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:22:22 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:22:22.752Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:22:22 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:22:22.752Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:22:32 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:22:32.762Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:22:32 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:22:32.763Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:22:42 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:22:42.773Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:22:42 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:22:42.774Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:22:52 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:22:52.782Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:22:52 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:22:52.783Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:23:02 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:23:02.792Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:23:02 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:23:02.793Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:23:12 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:23:12.803Z) + ArithInsert1(2053) + CommentInsert1(Q.DRESDEN) + CommentInsert2(QM2) + CommentInsert3(CHL.QM1.QM2) + +AMQ9565E: No dead-letter queue defined. + +EXPLANATION: +The queue manager 'QM2' does not have a defined dead-letter queue. A message +cannot be transferred across channel 'CHL.QM1.QM2'. The reason code is '2053'. + The destination queue is 'Q.DRESDEN'. +ACTION: +Either correct the problem that caused the channel to try and write a message +to the dead-letter queue or create a dead-letter queue for the queue manager. +----- amqrmmqa.c : 383 -------------------------------------------------------- +25/10/2018 18:23:12 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:23:12.803Z) + ArithInsert1(2053) + CommentInsert2(Q.DRESDEN) + CommentInsert3(QM2) + +AMQ9511E: Messages cannot be put to a queue. + +EXPLANATION: +The attempt to put messages to queue 'Q.DRESDEN' on queue manager 'QM2' failed +with reason code 2053. +ACTION: +Ensure that the required queue is available and operational. +----- amqrmmqa.c : 1800 ------------------------------------------------------- +25/10/2018 18:23:12 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:23:12.815Z) + RemoteHost(127.0.0.1) + ArithInsert1(10053) ArithInsert2(10053) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3((send)) + +AMQ9206E: Error sending data to host picmention (127.0.0.1). + +EXPLANATION: +An error occurred sending data over TCP/IP to picmention (127.0.0.1). This may +be due to a communications failure. +ACTION: +The return code from the TCP/IP(send) call was 10053 X('2745'). Record these +values and tell your systems administrator. +----- amqccita.c : 3247 ------------------------------------------------------- +25/10/2018 18:23:12 - Process(9628.79) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:23:12.815Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(68552)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9999E: Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended +abnormally. + +EXPLANATION: +The channel program running under process ID 9628(68552) for channel +'CHL.QM1.QM2' ended abnormally. The host name is 'picmention (127.0.0.1)'; in +some cases the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 18:34:52 - Process(9628.82) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:34:52.375Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +25/10/2018 18:34:57 - Process(79036.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T16:34:57.411Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +25/10/2018 20:32:36 - Process(9628.82) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T18:32:36.566Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9545I: Disconnect interval expired. + +EXPLANATION: +Channel 'CHL.QM1.QM2' closed because no messages arrived on the transmission +queue within the disconnect interval period. +ACTION: +None. +----- cmqxrfpt.c : 700 -------------------------------------------------------- +25/10/2018 20:32:36 - Process(9628.82) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T18:32:36.567Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(62728)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9001I: Channel 'CHL.QM1.QM2' ended normally. + +EXPLANATION: +Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended normally. +ACTION: +None. +----- amqrmrsa.c : 945 -------------------------------------------------------- +25/10/2018 20:47:50 - Process(79036.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T18:47:50.815Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9545I: Disconnect interval expired. + +EXPLANATION: +Channel 'CHL.QM2.QM1' closed because no messages arrived on the transmission +queue within the disconnect interval period. +ACTION: +None. +----- amqrmtra.c : 2465 ------------------------------------------------------- +25/10/2018 20:47:50 - Process(79036.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-25T18:47:50.816Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(79036(100496)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9001I: Channel 'CHL.QM2.QM1' ended normally. + +EXPLANATION: +Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended normally. +ACTION: +None. +----- amqrccca.c : 1131 ------------------------------------------------------- +26/10/2018 11:05:08 - Process(9628.83) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T09:05:08.924Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9002I: Channel 'CHL.QM1.QM2' is starting. + +EXPLANATION: +Channel 'CHL.QM1.QM2' is starting. +ACTION: +None. +----- amqrmrsa.c : 285 -------------------------------------------------------- +26/10/2018 11:05:11 - Process(21052.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T09:05:11.624Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9002I: Channel 'CHL.QM2.QM1' is starting. + +EXPLANATION: +Channel 'CHL.QM2.QM1' is starting. +ACTION: +None. +----- amqrccca.c : 439 -------------------------------------------------------- +26/10/2018 15:57:07 - Process(9628.85) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:57:07.953Z) + RemoteHost(127.0.0.1) + ArithInsert1(10054) ArithInsert2(10054) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3( recv()) + +AMQ9208E: Error on receive from host picmention (127.0.0.1). + +EXPLANATION: +An error occurred receiving data from picmention (127.0.0.1) over TCP/IP. This +may be due to a communications failure. +ACTION: +The return code from the TCP/IP recv() call was 10054 (X'2746'). Record these +values and tell the systems administrator. +----- amqccita.c : 4350 ------------------------------------------------------- +26/10/2018 15:57:07 - Process(9628.85) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:57:07.954Z) + CommentInsert1(CLI.LOGSTASH) + CommentInsert2(9628(38440)) + CommentInsert3(127.0.0.1) + +AMQ9999E: Channel 'CLI.LOGSTASH' to host '127.0.0.1' ended abnormally. + +EXPLANATION: +The channel program running under process ID 9628(38440) for channel +'CLI.LOGSTASH' ended abnormally. The host name is '127.0.0.1'; in some cases +the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +26/10/2018 15:57:07 - Process(9628.84) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:57:07.958Z) + RemoteHost(127.0.0.1) + ArithInsert1(10054) ArithInsert2(10054) + CommentInsert1(picmention (127.0.0.1)) + CommentInsert2(TCP/IP) + CommentInsert3( recv()) + +AMQ9208E: Error on receive from host picmention (127.0.0.1). + +EXPLANATION: +An error occurred receiving data from picmention (127.0.0.1) over TCP/IP. This +may be due to a communications failure. +ACTION: +The return code from the TCP/IP recv() call was 10054 (X'2746'). Record these +values and tell the systems administrator. +----- amqccita.c : 4350 ------------------------------------------------------- +26/10/2018 15:57:07 - Process(9628.84) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:57:07.959Z) + CommentInsert1(CLI.LOGSTASH) + CommentInsert2(9628(99224)) + CommentInsert3(127.0.0.1) + +AMQ9999E: Channel 'CLI.LOGSTASH' to host '127.0.0.1' ended abnormally. + +EXPLANATION: +The channel program running under process ID 9628(99224) for channel +'CLI.LOGSTASH' ended abnormally. The host name is '127.0.0.1'; in some cases +the host name cannot be determined and so is shown as '????'. +ACTION: +Look at previous error messages for the channel program in the error logs to +determine the cause of the failure. Note that this message can be excluded +completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage" +attributes under the "QMErrorLog" stanza in qm.ini. Further information can be +found in the System Administration Guide. +----- amqrmrsa.c : 945 -------------------------------------------------------- +26/10/2018 15:58:43 - Process(22128.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:43.964Z) + +AMQ9411I: Repository manager ended normally. + +EXPLANATION: +The repository manager ended normally. +ACTION: +None. +----- amqrrmfa.c : 2108 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(9628.83) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:43.978Z) + CommentInsert1(CHL.QM1.QM2) + +AMQ9542W: Queue manager is ending. + +EXPLANATION: +The program will end because the queue manager is quiescing. +ACTION: +None. +----- amqrmssa.c : 3316 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(9628.83) User(MUSR_MQADMIN) Program(amqrmppa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:43.979Z) + CommentInsert1(CHL.QM1.QM2) + CommentInsert2(9628(66924)) + CommentInsert3(picmention (127.0.0.1)) + +AMQ9001I: Channel 'CHL.QM1.QM2' ended normally. + +EXPLANATION: +Channel 'CHL.QM1.QM2' to host 'picmention (127.0.0.1)' ended normally. +ACTION: +None. +----- amqrmrsa.c : 945 -------------------------------------------------------- +26/10/2018 15:58:43 - Process(23120.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:43.994Z) + +AMQ9542W: Queue manager is ending. + +EXPLANATION: +The program will end because the queue manager is quiescing. +ACTION: +None. +----- amqrimna.c : 958 -------------------------------------------------------- +26/10/2018 15:58:43 - Process(21052.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:43.994Z) + CommentInsert1(CHL.QM2.QM1) + +AMQ9542W: Queue manager is ending. + +EXPLANATION: +The program will end because the queue manager is quiescing. +ACTION: +None. +----- amqrmssa.c : 3316 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(21052.1) User(MUSR_MQADMIN) Program(runmqchl.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:43.995Z) + CommentInsert1(CHL.QM2.QM1) + CommentInsert2(21052(71440)) + CommentInsert3(127.0.0.1(1414)) + +AMQ9001I: Channel 'CHL.QM2.QM1' ended normally. + +EXPLANATION: +Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended normally. +ACTION: +None. +----- amqrccca.c : 1131 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(14556.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:43.995Z) + ArithInsert1(2162) + CommentInsert1(DEFERRED_DELIVERY) + +AMQ5041I: The queue manager task 'DEFERRED_DELIVERY' has ended. + +EXPLANATION: +The queue manager task DEFERRED_DELIVERY has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:43 - Process(28524.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:43.999Z) + ArithInsert1(27936) + CommentInsert1(SYSTEM.CMDSERVER.1) + +AMQ5025I: The command server has ended. ProcessId(27936). + +EXPLANATION: +The command server process has ended. +ACTION: +None. +----- amqzmgr0.c : 5567 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(28524.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.011Z) + ArithInsert1(23120) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ5023I: The channel initiator has ended. ProcessId(23120). + +EXPLANATION: +The channel initiator process has ended. +ACTION: +None. +----- amqzmgr0.c : 5556 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(35732.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.008Z) + CommentInsert1(ACTVTRC) + +AMQ5041I: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(35732.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.008Z) + CommentInsert1(ASYNCQ) + +AMQ5041I: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(35732.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.008Z) + CommentInsert1(EXPIRER) + +AMQ5041I: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(35732.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.008Z) + CommentInsert1(DUR-SUBS-MGR) + +AMQ5041I: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(35732.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.008Z) + CommentInsert1(TOPIC-TREE) + +AMQ5041I: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(35732.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.008Z) + CommentInsert1(RESOURCE_MONITOR) + +AMQ5041I: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(35732.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.008Z) + CommentInsert1(Q-DELETION) + +AMQ5041I: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(35732.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.008Z) + CommentInsert1(PRESERVED-Q) + +AMQ5041I: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(35732.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.008Z) + CommentInsert1(MULTICAST) + +AMQ5041I: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(26304.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.008Z) + CommentInsert1(QPUBSUB-CTRLR) + +AMQ5041I: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(14556.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.008Z) + CommentInsert1(APP-SIGNAL) + +AMQ5041I: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(26304.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.008Z) + CommentInsert1(QPUBSUB-QUEUE-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(26304.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.009Z) + CommentInsert1(QPUBSUB-SUBPT-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(14556.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.009Z) + CommentInsert1(DEFERRED-MSG) + +AMQ5041I: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(26304.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.009Z) + CommentInsert1(PUBSUB-DAEMON) + +AMQ5041I: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(14556.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.009Z) + CommentInsert1(STATISTICS) + +AMQ5041I: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(14556.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.009Z) + CommentInsert1(MARKINTSCAN) + +AMQ5041I: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(26304.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.012Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Command Task) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Command Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has ended. +ACTION: + +----- cmqxzmup.c : 414 -------------------------------------------------------- +26/10/2018 15:58:44 - Process(26304.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.013Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Fan Out Task) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. +ACTION: + +----- cmqxzmup.c : 414 -------------------------------------------------------- +26/10/2018 15:58:44 - Process(26304.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.013Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Publish Task) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Publish Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has ended. +ACTION: + +----- cmqxzmup.c : 414 -------------------------------------------------------- +26/10/2018 15:58:44 - Process(26304.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.018Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Controller) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Controller' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has ended. +ACTION: + +----- cmqxzmup.c : 4347 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(35732.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.034Z) + CommentInsert1(ACTVTRC) + +AMQ5041I: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(35732.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.034Z) + CommentInsert1(ASYNCQ) + +AMQ5041I: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(35732.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.034Z) + CommentInsert1(EXPIRER) + +AMQ5041I: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(35732.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.035Z) + CommentInsert1(DUR-SUBS-MGR) + +AMQ5041I: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(13788.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.035Z) + CommentInsert1(QM2) + +AMQ5807I: Queued Publish/Subscribe Daemon for queue manager QM2 ended. + +EXPLANATION: +The Queued Publish/Subscribe Daemon on queue manager QM2 has ended. +ACTION: +None. +----- cmqxfcxc.c : 1583 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(35732.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.035Z) + CommentInsert1(TOPIC-TREE) + +AMQ5041I: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(35732.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.035Z) + CommentInsert1(RESOURCE_MONITOR) + +AMQ5041I: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(35732.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.035Z) + CommentInsert1(Q-DELETION) + +AMQ5041I: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(35732.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.035Z) + CommentInsert1(PRESERVED-Q) + +AMQ5041I: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(35732.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.035Z) + CommentInsert1(MULTICAST) + +AMQ5041I: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(14556.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.035Z) + CommentInsert1(APP-SIGNAL) + +AMQ5041I: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(14556.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.035Z) + CommentInsert1(DEFERRED-MSG) + +AMQ5041I: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(14556.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.035Z) + CommentInsert1(STATISTICS) + +AMQ5041I: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(14556.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.035Z) + CommentInsert1(MARKINTSCAN) + +AMQ5041I: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(26304.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.035Z) + CommentInsert1(QPUBSUB-CTRLR) + +AMQ5041I: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(26304.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.035Z) + CommentInsert1(QPUBSUB-QUEUE-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(26304.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.035Z) + CommentInsert1(QPUBSUB-SUBPT-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(26304.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.035Z) + CommentInsert1(PUBSUB-DAEMON) + +AMQ5041I: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(28524.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.025Z) + ArithInsert1(31224) + CommentInsert1(LISTENER.TCP) + +AMQ5027I: The listener 'LISTENER.TCP' has ended. ProcessId(31224). + +EXPLANATION: +The listener process has ended. +ACTION: +None. +----- amqzmgr0.c : 5578 ------------------------------------------------------- +26/10/2018 15:58:44 - Process(14556.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:44.059Z) + CommentInsert1(ERROR-LOG) + +AMQ5041I: The queue manager task 'ERROR-LOG' has ended. + +EXPLANATION: +The queue manager task ERROR-LOG has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:47 - Process(35732.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:47.407Z) + CommentInsert1(CHECKPOINT) + +AMQ5041I: The queue manager task 'CHECKPOINT' has ended. + +EXPLANATION: +The queue manager task CHECKPOINT has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:47 - Process(35732.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:47.435Z) + CommentInsert1(LOGGER-IO) + +AMQ5041I: The queue manager task 'LOGGER-IO' has ended. + +EXPLANATION: +The queue manager task LOGGER-IO has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +26/10/2018 15:58:47 - Process(27128.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-26T13:58:47.443Z) + CommentInsert3(QM2) + +AMQ8004I: IBM MQ queue manager 'QM2' ended. + +EXPLANATION: +IBM MQ queue manager 'QM2' ended. +ACTION: +None. +----- amqzxma0.c : 1947 ------------------------------------------------------- +28/10/2018 15:12:08 - Process(8132.3) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:08.875Z) + ArithInsert2(1) + CommentInsert1(LOGGER-IO) + +AMQ5051I: The queue manager task 'LOGGER-IO' has started. + +EXPLANATION: +The critical utility task manager has started the LOGGER-IO task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:08 - Process(7296.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:08.996Z) + ArithInsert1(5) + CommentInsert1(QM2) + +AMQ7229I: 5 log records accessed on queue manager 'QM2' during the log replay +phase. + +EXPLANATION: +5 log records have been accessed so far on queue manager QM2 during the log +replay phase in order to bring the queue manager back to a previously known +state. +ACTION: +None. +----- amqalms0.c : 1010 ------------------------------------------------------- +28/10/2018 15:12:09 - Process(7296.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:09.056Z) + ArithInsert1(5) + CommentInsert1(QM2) + +AMQ7230I: Log replay for queue manager 'QM2' complete. + +EXPLANATION: +The log replay phase of the queue manager restart process has been completed +for queue manager QM2. +ACTION: +None. +----- amqalms0.c : 1015 ------------------------------------------------------- +28/10/2018 15:12:09 - Process(7296.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:09.119Z) + CommentInsert1(QM2) + +AMQ7231I: 0 log records accessed on queue manager 'QM2' during the recovery +phase. + +EXPLANATION: +0 log records have been accessed so far on queue manager QM2 during the +recovery phase of the transactions manager state. +ACTION: +None. +----- amqatmra.c : 713 -------------------------------------------------------- +28/10/2018 15:12:09 - Process(7296.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:09.121Z) + CommentInsert1(QM2) + +AMQ7232I: Transaction manager state recovered for queue manager 'QM2'. + +EXPLANATION: +The state of transactions at the time the queue manager ended has been +recovered for queue manager QM2. +ACTION: +None. +----- amqatmra.c : 718 -------------------------------------------------------- +28/10/2018 15:12:09 - Process(7296.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:09.127Z) + CommentInsert1(QM2) + +AMQ7233I: 0 out of 0 in-flight transactions resolved for queue manager 'QM2'. + +EXPLANATION: +0 transactions out of 0 in-flight at the time queue manager QM2 ended have been +resolved. +ACTION: +None. +----- amqatmra.c : 1315 ------------------------------------------------------- +28/10/2018 15:12:09 - Process(8132.8) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:09.154Z) + ArithInsert2(1) + CommentInsert1(CHECKPOINT) + +AMQ5051I: The queue manager task 'CHECKPOINT' has started. + +EXPLANATION: +The critical utility task manager has started the CHECKPOINT task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:09 - Process(8404.4) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:09.414Z) + ArithInsert2(1) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:09 - Process(8404.5) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:09.417Z) + ArithInsert2(2) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 2 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:09 - Process(8404.3) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:09.542Z) + ArithInsert2(1) + CommentInsert1(ERROR-LOG) + +AMQ5037I: The queue manager task 'ERROR-LOG' has started. + +EXPLANATION: +The restartable utility task manager has started the ERROR-LOG task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:09 - Process(8404.6) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:09.544Z) + ArithInsert2(3) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 3 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:09 - Process(8404.7) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:09.544Z) + ArithInsert2(4) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 4 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:09 - Process(7296.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:09.854Z) + CommentInsert1(9.1.0.0) + CommentInsert3(QM2) + +AMQ8003I: IBM MQ queue manager 'QM2' started using V9.1.0.0. + +EXPLANATION: +IBM MQ queue manager 'QM2' started using V9.1.0.0. +ACTION: +None. +----- amqzxma0.c : 4119 ------------------------------------------------------- +28/10/2018 15:12:09 - Process(8404.9) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:09.907Z) + ArithInsert2(1) + CommentInsert1(DEFERRED_DELIVERY) + +AMQ5037I: The queue manager task 'DEFERRED_DELIVERY' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED_DELIVERY task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8804.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.328Z) + +AMQ9410I: Repository manager started. + +EXPLANATION: +The repository manager started successfully. +ACTION: +None. +----- amqrrmfa.c : 2195 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8132.19) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.373Z) + ArithInsert2(1) + CommentInsert1(ACTVTRC) + +AMQ5051I: The queue manager task 'ACTVTRC' has started. + +EXPLANATION: +The critical utility task manager has started the ACTVTRC task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8132.22) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.374Z) + ArithInsert2(1) + CommentInsert1(DUR-SUBS-MGR) + +AMQ5051I: The queue manager task 'DUR-SUBS-MGR' has started. + +EXPLANATION: +The critical utility task manager has started the DUR-SUBS-MGR task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8404.10) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.392Z) + ArithInsert2(1) + CommentInsert1(DEFERRED-MSG) + +AMQ5037I: The queue manager task 'DEFERRED-MSG' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED-MSG task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8132.20) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.392Z) + ArithInsert2(1) + CommentInsert1(ASYNCQ) + +AMQ5051I: The queue manager task 'ASYNCQ' has started. + +EXPLANATION: +The critical utility task manager has started the ASYNCQ task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8404.11) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.392Z) + ArithInsert2(1) + CommentInsert1(STATISTICS) + +AMQ5037I: The queue manager task 'STATISTICS' has started. + +EXPLANATION: +The restartable utility task manager has started the STATISTICS task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8132.21) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.393Z) + ArithInsert2(1) + CommentInsert1(EXPIRER) + +AMQ5051I: The queue manager task 'EXPIRER' has started. + +EXPLANATION: +The critical utility task manager has started the EXPIRER task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8132.24) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.413Z) + ArithInsert2(1) + CommentInsert1(RESOURCE_MONITOR) + +AMQ5051I: The queue manager task 'RESOURCE_MONITOR' has started. + +EXPLANATION: +The critical utility task manager has started the RESOURCE_MONITOR task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8712.5) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.413Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-SUBPT-NLCACHE) + +AMQ5052I: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-SUBPT-NLCACHE task. This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8132.25) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.413Z) + ArithInsert2(1) + CommentInsert1(Q-DELETION) + +AMQ5051I: The queue manager task 'Q-DELETION' has started. + +EXPLANATION: +The critical utility task manager has started the Q-DELETION task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8712.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.414Z) + ArithInsert2(1) + CommentInsert1(PUBSUB-DAEMON) + +AMQ5052I: The queue manager task 'PUBSUB-DAEMON' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the PUBSUB-DAEMON task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8712.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.414Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Controller) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Controller' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has started. +ACTION: +None. +----- cmqxzmup.c : 3951 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8712.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.445Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Publish Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Publish Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +28/10/2018 15:12:10 - Process(8132.23) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.454Z) + ArithInsert2(1) + CommentInsert1(TOPIC-TREE) + +AMQ5051I: The queue manager task 'TOPIC-TREE' has started. + +EXPLANATION: +The critical utility task manager has started the TOPIC-TREE task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8132.26) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.455Z) + ArithInsert2(1) + CommentInsert1(PRESERVED-Q) + +AMQ5051I: The queue manager task 'PRESERVED-Q' has started. + +EXPLANATION: +The critical utility task manager has started the PRESERVED-Q task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8712.3) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.455Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-CTRLR) + +AMQ5052I: The queue manager task 'QPUBSUB-CTRLR' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the QPUBSUB-CTRLR task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8132.27) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.456Z) + ArithInsert2(1) + CommentInsert1(MULTICAST) + +AMQ5051I: The queue manager task 'MULTICAST' has started. + +EXPLANATION: +The critical utility task manager has started the MULTICAST task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8712.4) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.462Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-QUEUE-NLCACHE) + +AMQ5052I: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-QUEUE-NLCACHE task. This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8404.12) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.464Z) + ArithInsert2(1) + CommentInsert1(MARKINTSCAN) + +AMQ5037I: The queue manager task 'MARKINTSCAN' has started. + +EXPLANATION: +The restartable utility task manager has started the MARKINTSCAN task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(8712.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.490Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Command Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Command Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +28/10/2018 15:12:10 - Process(8712.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.538Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Fan Out Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Fan Out Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +28/10/2018 15:12:10 - Process(9076.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.834Z) + ArithInsert1(5228) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ5022I: The channel initiator has started. ProcessId(5228). + +EXPLANATION: +The channel initiator process has started. +ACTION: +None. +----- amqzmgr0.c : 2932 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(9076.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.843Z) + ArithInsert1(5372) + CommentInsert1(SYSTEM.CMDSERVER.1) + +AMQ5024I: The command server has started. ProcessId(5372). + +EXPLANATION: +The command server process has started. +ACTION: +None. +----- amqzmgr0.c : 2941 ------------------------------------------------------- +28/10/2018 15:12:10 - Process(9076.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:10.849Z) + ArithInsert1(5040) + CommentInsert1(LISTENER.TCP) + +AMQ5026I: The listener 'LISTENER.TCP' has started. ProcessId(5040). + +EXPLANATION: +The listener process has started. +ACTION: +None. +----- amqzmgr0.c : 2949 ------------------------------------------------------- +28/10/2018 15:12:11 - Process(9116.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:11.211Z) + CommentInsert1(QM2) + +AMQ5806I: Queued Publish/Subscribe Daemon started for queue manager QM2. + +EXPLANATION: +Queued Publish/Subscribe Daemon started for queue manager QM2. +ACTION: +None. +----- cmqxfcxc.c : 1397 ------------------------------------------------------- +28/10/2018 15:12:11 - Process(5228.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-28T14:12:11.230Z) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ8024I: IBM MQ channel initiator started. + +EXPLANATION: +The channel initiator for queue SYSTEM.CHANNEL.INITQ has been started. +ACTION: +None. +----- amqrimna.c : 866 -------------------------------------------------------- +29/10/2018 16:48:17 - Process(8804.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.289Z) + +AMQ9411I: Repository manager ended normally. + +EXPLANATION: +The repository manager ended normally. +ACTION: +None. +----- amqrrmfa.c : 2108 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(9076.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.318Z) + ArithInsert1(5372) + CommentInsert1(SYSTEM.CMDSERVER.1) + +AMQ5025I: The command server has ended. ProcessId(5372). + +EXPLANATION: +The command server process has ended. +ACTION: +None. +----- amqzmgr0.c : 5567 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(5228.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.309Z) + +AMQ9542W: Queue manager is ending. + +EXPLANATION: +The program will end because the queue manager is quiescing. +ACTION: +None. +----- amqrimna.c : 958 -------------------------------------------------------- +29/10/2018 16:48:17 - Process(8404.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.312Z) + ArithInsert1(2162) + CommentInsert1(DEFERRED_DELIVERY) + +AMQ5041I: The queue manager task 'DEFERRED_DELIVERY' has ended. + +EXPLANATION: +The queue manager task DEFERRED_DELIVERY has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8132.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.315Z) + CommentInsert1(ACTVTRC) + +AMQ5041I: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8404.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.315Z) + CommentInsert1(APP-SIGNAL) + +AMQ5041I: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8132.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.320Z) + CommentInsert1(ASYNCQ) + +AMQ5041I: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8132.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.320Z) + CommentInsert1(EXPIRER) + +AMQ5041I: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8132.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.320Z) + CommentInsert1(DUR-SUBS-MGR) + +AMQ5041I: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8132.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.320Z) + CommentInsert1(TOPIC-TREE) + +AMQ5041I: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8404.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.320Z) + CommentInsert1(DEFERRED-MSG) + +AMQ5041I: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8712.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.315Z) + CommentInsert1(QPUBSUB-CTRLR) + +AMQ5041I: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8132.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.320Z) + CommentInsert1(RESOURCE_MONITOR) + +AMQ5041I: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8132.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.320Z) + CommentInsert1(Q-DELETION) + +AMQ5041I: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8132.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.320Z) + CommentInsert1(PRESERVED-Q) + +AMQ5041I: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8132.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.320Z) + CommentInsert1(MULTICAST) + +AMQ5041I: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8712.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.320Z) + CommentInsert1(QPUBSUB-QUEUE-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8712.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.320Z) + CommentInsert1(QPUBSUB-SUBPT-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8132.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.320Z) + CommentInsert1(ACTVTRC) + +AMQ5041I: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8404.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.320Z) + CommentInsert1(STATISTICS) + +AMQ5041I: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8712.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.320Z) + CommentInsert1(PUBSUB-DAEMON) + +AMQ5041I: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8404.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.320Z) + CommentInsert1(MARKINTSCAN) + +AMQ5041I: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8404.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.320Z) + CommentInsert1(APP-SIGNAL) + +AMQ5041I: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8404.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.320Z) + CommentInsert1(DEFERRED-MSG) + +AMQ5041I: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8712.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.321Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Command Task) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Command Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has ended. +ACTION: + +----- cmqxzmup.c : 414 -------------------------------------------------------- +29/10/2018 16:48:17 - Process(8712.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.321Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Publish Task) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Publish Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has ended. +ACTION: + +----- cmqxzmup.c : 414 -------------------------------------------------------- +29/10/2018 16:48:17 - Process(8712.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.337Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Fan Out Task) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. +ACTION: + +----- cmqxzmup.c : 414 -------------------------------------------------------- +29/10/2018 16:48:17 - Process(8712.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.338Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Controller) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Controller' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has ended. +ACTION: + +----- cmqxzmup.c : 4347 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(9116.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.340Z) + CommentInsert1(QM2) + +AMQ5807I: Queued Publish/Subscribe Daemon for queue manager QM2 ended. + +EXPLANATION: +The Queued Publish/Subscribe Daemon on queue manager QM2 has ended. +ACTION: +None. +----- cmqxfcxc.c : 1583 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(9076.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.337Z) + ArithInsert1(5040) + CommentInsert1(LISTENER.TCP) + +AMQ5027I: The listener 'LISTENER.TCP' has ended. ProcessId(5040). + +EXPLANATION: +The listener process has ended. +ACTION: +None. +----- amqzmgr0.c : 5578 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8132.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.354Z) + CommentInsert1(ASYNCQ) + +AMQ5041I: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8132.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.354Z) + CommentInsert1(EXPIRER) + +AMQ5041I: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8132.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.354Z) + CommentInsert1(DUR-SUBS-MGR) + +AMQ5041I: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8132.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.354Z) + CommentInsert1(TOPIC-TREE) + +AMQ5041I: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8132.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.355Z) + CommentInsert1(RESOURCE_MONITOR) + +AMQ5041I: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8132.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.356Z) + CommentInsert1(Q-DELETION) + +AMQ5041I: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8132.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.356Z) + CommentInsert1(PRESERVED-Q) + +AMQ5041I: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8132.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.356Z) + CommentInsert1(MULTICAST) + +AMQ5041I: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8404.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.356Z) + CommentInsert1(STATISTICS) + +AMQ5041I: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8404.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.356Z) + CommentInsert1(MARKINTSCAN) + +AMQ5041I: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8712.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.356Z) + CommentInsert1(QPUBSUB-CTRLR) + +AMQ5041I: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8712.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.356Z) + CommentInsert1(QPUBSUB-QUEUE-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8712.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.356Z) + CommentInsert1(QPUBSUB-SUBPT-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8712.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.356Z) + CommentInsert1(PUBSUB-DAEMON) + +AMQ5041I: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(9076.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.360Z) + ArithInsert1(5228) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ5023I: The channel initiator has ended. ProcessId(5228). + +EXPLANATION: +The channel initiator process has ended. +ACTION: +None. +----- amqzmgr0.c : 5556 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8404.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.372Z) + CommentInsert1(ERROR-LOG) + +AMQ5041I: The queue manager task 'ERROR-LOG' has ended. + +EXPLANATION: +The queue manager task ERROR-LOG has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8132.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.688Z) + CommentInsert1(CHECKPOINT) + +AMQ5041I: The queue manager task 'CHECKPOINT' has ended. + +EXPLANATION: +The queue manager task CHECKPOINT has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(8132.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.702Z) + CommentInsert1(LOGGER-IO) + +AMQ5041I: The queue manager task 'LOGGER-IO' has ended. + +EXPLANATION: +The queue manager task LOGGER-IO has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:48:17 - Process(7296.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:17.711Z) + CommentInsert3(QM2) + +AMQ8004I: IBM MQ queue manager 'QM2' ended. + +EXPLANATION: +IBM MQ queue manager 'QM2' ended. +ACTION: +None. +----- amqzxma0.c : 1947 ------------------------------------------------------- +29/10/2018 16:48:53 - Process(8144.3) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:53.449Z) + ArithInsert2(1) + CommentInsert1(LOGGER-IO) + +AMQ5051I: The queue manager task 'LOGGER-IO' has started. + +EXPLANATION: +The critical utility task manager has started the LOGGER-IO task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:53 - Process(7704.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:53.525Z) + ArithInsert1(5) + CommentInsert1(QM2) + +AMQ7229I: 5 log records accessed on queue manager 'QM2' during the log replay +phase. + +EXPLANATION: +5 log records have been accessed so far on queue manager QM2 during the log +replay phase in order to bring the queue manager back to a previously known +state. +ACTION: +None. +----- amqalms0.c : 1010 ------------------------------------------------------- +29/10/2018 16:48:53 - Process(7704.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:53.536Z) + ArithInsert1(5) + CommentInsert1(QM2) + +AMQ7230I: Log replay for queue manager 'QM2' complete. + +EXPLANATION: +The log replay phase of the queue manager restart process has been completed +for queue manager QM2. +ACTION: +None. +----- amqalms0.c : 1015 ------------------------------------------------------- +29/10/2018 16:48:53 - Process(7704.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:53.600Z) + CommentInsert1(QM2) + +AMQ7231I: 0 log records accessed on queue manager 'QM2' during the recovery +phase. + +EXPLANATION: +0 log records have been accessed so far on queue manager QM2 during the +recovery phase of the transactions manager state. +ACTION: +None. +----- amqatmra.c : 713 -------------------------------------------------------- +29/10/2018 16:48:53 - Process(7704.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:53.601Z) + CommentInsert1(QM2) + +AMQ7232I: Transaction manager state recovered for queue manager 'QM2'. + +EXPLANATION: +The state of transactions at the time the queue manager ended has been +recovered for queue manager QM2. +ACTION: +None. +----- amqatmra.c : 718 -------------------------------------------------------- +29/10/2018 16:48:53 - Process(7704.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:53.605Z) + CommentInsert1(QM2) + +AMQ7233I: 0 out of 0 in-flight transactions resolved for queue manager 'QM2'. + +EXPLANATION: +0 transactions out of 0 in-flight at the time queue manager QM2 ended have been +resolved. +ACTION: +None. +----- amqatmra.c : 1315 ------------------------------------------------------- +29/10/2018 16:48:53 - Process(8144.8) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:53.638Z) + ArithInsert2(1) + CommentInsert1(CHECKPOINT) + +AMQ5051I: The queue manager task 'CHECKPOINT' has started. + +EXPLANATION: +The critical utility task manager has started the CHECKPOINT task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:53 - Process(8160.5) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:53.816Z) + ArithInsert2(1) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:53 - Process(8160.6) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:53.816Z) + ArithInsert2(2) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 2 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:53 - Process(8160.3) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:53.828Z) + ArithInsert2(1) + CommentInsert1(ERROR-LOG) + +AMQ5037I: The queue manager task 'ERROR-LOG' has started. + +EXPLANATION: +The restartable utility task manager has started the ERROR-LOG task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:53 - Process(8160.4) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:53.830Z) + ArithInsert2(3) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 3 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:53 - Process(8160.7) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:53.840Z) + ArithInsert2(4) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 4 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(7704.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.088Z) + CommentInsert1(9.1.0.0) + CommentInsert3(QM2) + +AMQ8003I: IBM MQ queue manager 'QM2' started using V9.1.0.0. + +EXPLANATION: +IBM MQ queue manager 'QM2' started using V9.1.0.0. +ACTION: +None. +----- amqzxma0.c : 4119 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8160.9) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.132Z) + ArithInsert2(1) + CommentInsert1(DEFERRED_DELIVERY) + +AMQ5037I: The queue manager task 'DEFERRED_DELIVERY' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED_DELIVERY task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8692.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.240Z) + +AMQ9410I: Repository manager started. + +EXPLANATION: +The repository manager started successfully. +ACTION: +None. +----- amqrrmfa.c : 2195 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8160.11) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.242Z) + ArithInsert2(1) + CommentInsert1(STATISTICS) + +AMQ5037I: The queue manager task 'STATISTICS' has started. + +EXPLANATION: +The restartable utility task manager has started the STATISTICS task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8160.10) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.244Z) + ArithInsert2(1) + CommentInsert1(DEFERRED-MSG) + +AMQ5037I: The queue manager task 'DEFERRED-MSG' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED-MSG task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8144.19) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.245Z) + ArithInsert2(1) + CommentInsert1(ACTVTRC) + +AMQ5051I: The queue manager task 'ACTVTRC' has started. + +EXPLANATION: +The critical utility task manager has started the ACTVTRC task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8144.20) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.245Z) + ArithInsert2(1) + CommentInsert1(ASYNCQ) + +AMQ5051I: The queue manager task 'ASYNCQ' has started. + +EXPLANATION: +The critical utility task manager has started the ASYNCQ task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8144.21) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.254Z) + ArithInsert2(1) + CommentInsert1(EXPIRER) + +AMQ5051I: The queue manager task 'EXPIRER' has started. + +EXPLANATION: +The critical utility task manager has started the EXPIRER task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8144.22) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.256Z) + ArithInsert2(1) + CommentInsert1(DUR-SUBS-MGR) + +AMQ5051I: The queue manager task 'DUR-SUBS-MGR' has started. + +EXPLANATION: +The critical utility task manager has started the DUR-SUBS-MGR task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8144.23) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.272Z) + ArithInsert2(1) + CommentInsert1(TOPIC-TREE) + +AMQ5051I: The queue manager task 'TOPIC-TREE' has started. + +EXPLANATION: +The critical utility task manager has started the TOPIC-TREE task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8144.24) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.272Z) + ArithInsert2(1) + CommentInsert1(RESOURCE_MONITOR) + +AMQ5051I: The queue manager task 'RESOURCE_MONITOR' has started. + +EXPLANATION: +The critical utility task manager has started the RESOURCE_MONITOR task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8572.3) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.273Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-CTRLR) + +AMQ5052I: The queue manager task 'QPUBSUB-CTRLR' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the QPUBSUB-CTRLR task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8572.4) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.279Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-QUEUE-NLCACHE) + +AMQ5052I: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-QUEUE-NLCACHE task. This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8144.27) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.280Z) + ArithInsert2(1) + CommentInsert1(MULTICAST) + +AMQ5051I: The queue manager task 'MULTICAST' has started. + +EXPLANATION: +The critical utility task manager has started the MULTICAST task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8572.5) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.290Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-SUBPT-NLCACHE) + +AMQ5052I: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-SUBPT-NLCACHE task. This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8160.12) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.291Z) + ArithInsert2(1) + CommentInsert1(MARKINTSCAN) + +AMQ5037I: The queue manager task 'MARKINTSCAN' has started. + +EXPLANATION: +The restartable utility task manager has started the MARKINTSCAN task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8144.25) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.292Z) + ArithInsert2(1) + CommentInsert1(Q-DELETION) + +AMQ5051I: The queue manager task 'Q-DELETION' has started. + +EXPLANATION: +The critical utility task manager has started the Q-DELETION task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8572.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.293Z) + ArithInsert2(1) + CommentInsert1(PUBSUB-DAEMON) + +AMQ5052I: The queue manager task 'PUBSUB-DAEMON' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the PUBSUB-DAEMON task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8572.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.293Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Controller) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Controller' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has started. +ACTION: +None. +----- cmqxzmup.c : 3951 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8144.26) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.294Z) + ArithInsert2(1) + CommentInsert1(PRESERVED-Q) + +AMQ5051I: The queue manager task 'PRESERVED-Q' has started. + +EXPLANATION: +The critical utility task manager has started the PRESERVED-Q task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8572.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.302Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Command Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Command Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +29/10/2018 16:48:54 - Process(8572.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.310Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Fan Out Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Fan Out Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +29/10/2018 16:48:54 - Process(8572.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.325Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Publish Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Publish Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +29/10/2018 16:48:54 - Process(8948.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.425Z) + ArithInsert1(9032) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ5022I: The channel initiator has started. ProcessId(9032). + +EXPLANATION: +The channel initiator process has started. +ACTION: +None. +----- amqzmgr0.c : 2932 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8948.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.430Z) + ArithInsert1(9048) + CommentInsert1(SYSTEM.CMDSERVER.1) + +AMQ5024I: The command server has started. ProcessId(9048). + +EXPLANATION: +The command server process has started. +ACTION: +None. +----- amqzmgr0.c : 2941 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8948.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.433Z) + ArithInsert1(9056) + CommentInsert1(LISTENER.TCP) + +AMQ5026I: The listener 'LISTENER.TCP' has started. ProcessId(9056). + +EXPLANATION: +The listener process has started. +ACTION: +None. +----- amqzmgr0.c : 2949 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(8956.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.467Z) + CommentInsert1(QM2) + +AMQ5806I: Queued Publish/Subscribe Daemon started for queue manager QM2. + +EXPLANATION: +Queued Publish/Subscribe Daemon started for queue manager QM2. +ACTION: +None. +----- cmqxfcxc.c : 1397 ------------------------------------------------------- +29/10/2018 16:48:54 - Process(9032.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:48:54.636Z) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ8024I: IBM MQ channel initiator started. + +EXPLANATION: +The channel initiator for queue SYSTEM.CHANNEL.INITQ has been started. +ACTION: +None. +----- amqrimna.c : 866 -------------------------------------------------------- +29/10/2018 16:49:02 - Process(8692.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.111Z) + +AMQ9411I: Repository manager ended normally. + +EXPLANATION: +The repository manager ended normally. +ACTION: +None. +----- amqrrmfa.c : 2108 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(9032.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.132Z) + +AMQ9542W: Queue manager is ending. + +EXPLANATION: +The program will end because the queue manager is quiescing. +ACTION: +None. +----- amqrimna.c : 958 -------------------------------------------------------- +29/10/2018 16:49:02 - Process(8160.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.137Z) + ArithInsert1(2162) + CommentInsert1(DEFERRED_DELIVERY) + +AMQ5041I: The queue manager task 'DEFERRED_DELIVERY' has ended. + +EXPLANATION: +The queue manager task DEFERRED_DELIVERY has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8144.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.139Z) + CommentInsert1(ACTVTRC) + +AMQ5041I: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8144.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.139Z) + CommentInsert1(ASYNCQ) + +AMQ5041I: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8160.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.139Z) + CommentInsert1(APP-SIGNAL) + +AMQ5041I: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8144.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.141Z) + CommentInsert1(EXPIRER) + +AMQ5041I: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8144.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.141Z) + CommentInsert1(DUR-SUBS-MGR) + +AMQ5041I: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8144.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.141Z) + CommentInsert1(TOPIC-TREE) + +AMQ5041I: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8144.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.141Z) + CommentInsert1(RESOURCE_MONITOR) + +AMQ5041I: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8144.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.141Z) + CommentInsert1(Q-DELETION) + +AMQ5041I: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8144.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.141Z) + CommentInsert1(PRESERVED-Q) + +AMQ5041I: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8160.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.141Z) + CommentInsert1(DEFERRED-MSG) + +AMQ5041I: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8572.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.139Z) + CommentInsert1(QPUBSUB-CTRLR) + +AMQ5041I: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8160.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.141Z) + CommentInsert1(STATISTICS) + +AMQ5041I: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8160.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.141Z) + CommentInsert1(MARKINTSCAN) + +AMQ5041I: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8572.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.141Z) + CommentInsert1(QPUBSUB-QUEUE-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8572.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.141Z) + CommentInsert1(QPUBSUB-SUBPT-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8572.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.141Z) + CommentInsert1(PUBSUB-DAEMON) + +AMQ5041I: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8572.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.144Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Command Task) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Command Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has ended. +ACTION: + +----- cmqxzmup.c : 414 -------------------------------------------------------- +29/10/2018 16:49:02 - Process(8572.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.144Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Publish Task) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Publish Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has ended. +ACTION: + +----- cmqxzmup.c : 414 -------------------------------------------------------- +29/10/2018 16:49:02 - Process(8956.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.151Z) + CommentInsert1(QM2) + +AMQ5807I: Queued Publish/Subscribe Daemon for queue manager QM2 ended. + +EXPLANATION: +The Queued Publish/Subscribe Daemon on queue manager QM2 has ended. +ACTION: +None. +----- cmqxfcxc.c : 1583 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8144.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.141Z) + CommentInsert1(MULTICAST) + +AMQ5041I: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8144.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.163Z) + CommentInsert1(ACTVTRC) + +AMQ5041I: The queue manager task 'ACTVTRC' has ended. + +EXPLANATION: +The queue manager task ACTVTRC has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8144.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.163Z) + CommentInsert1(ASYNCQ) + +AMQ5041I: The queue manager task 'ASYNCQ' has ended. + +EXPLANATION: +The queue manager task ASYNCQ has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8144.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.163Z) + CommentInsert1(EXPIRER) + +AMQ5041I: The queue manager task 'EXPIRER' has ended. + +EXPLANATION: +The queue manager task EXPIRER has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8144.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.163Z) + CommentInsert1(DUR-SUBS-MGR) + +AMQ5041I: The queue manager task 'DUR-SUBS-MGR' has ended. + +EXPLANATION: +The queue manager task DUR-SUBS-MGR has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8144.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.163Z) + CommentInsert1(TOPIC-TREE) + +AMQ5041I: The queue manager task 'TOPIC-TREE' has ended. + +EXPLANATION: +The queue manager task TOPIC-TREE has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8144.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.163Z) + CommentInsert1(RESOURCE_MONITOR) + +AMQ5041I: The queue manager task 'RESOURCE_MONITOR' has ended. + +EXPLANATION: +The queue manager task RESOURCE_MONITOR has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8144.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.163Z) + CommentInsert1(Q-DELETION) + +AMQ5041I: The queue manager task 'Q-DELETION' has ended. + +EXPLANATION: +The queue manager task Q-DELETION has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8144.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.163Z) + CommentInsert1(PRESERVED-Q) + +AMQ5041I: The queue manager task 'PRESERVED-Q' has ended. + +EXPLANATION: +The queue manager task PRESERVED-Q has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8144.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.163Z) + CommentInsert1(MULTICAST) + +AMQ5041I: The queue manager task 'MULTICAST' has ended. + +EXPLANATION: +The queue manager task MULTICAST has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8160.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.163Z) + CommentInsert1(APP-SIGNAL) + +AMQ5041I: The queue manager task 'APP-SIGNAL' has ended. + +EXPLANATION: +The queue manager task APP-SIGNAL has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8160.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.163Z) + CommentInsert1(DEFERRED-MSG) + +AMQ5041I: The queue manager task 'DEFERRED-MSG' has ended. + +EXPLANATION: +The queue manager task DEFERRED-MSG has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8160.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.163Z) + CommentInsert1(STATISTICS) + +AMQ5041I: The queue manager task 'STATISTICS' has ended. + +EXPLANATION: +The queue manager task STATISTICS has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8160.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.163Z) + CommentInsert1(MARKINTSCAN) + +AMQ5041I: The queue manager task 'MARKINTSCAN' has ended. + +EXPLANATION: +The queue manager task MARKINTSCAN has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8572.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.163Z) + CommentInsert1(QPUBSUB-CTRLR) + +AMQ5041I: The queue manager task 'QPUBSUB-CTRLR' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-CTRLR has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8572.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.163Z) + CommentInsert1(QPUBSUB-QUEUE-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-QUEUE-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8572.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.163Z) + CommentInsert1(QPUBSUB-SUBPT-NLCACHE) + +AMQ5041I: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended. + +EXPLANATION: +The queue manager task QPUBSUB-SUBPT-NLCACHE has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8572.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.191Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Fan Out Task) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has ended. +ACTION: + +----- cmqxzmup.c : 414 -------------------------------------------------------- +29/10/2018 16:49:02 - Process(8572.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.399Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Controller) + +AMQ5976I: 'IBM MQ Distributed Pub/Sub Controller' has ended. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has ended. +ACTION: + +----- cmqxzmup.c : 4347 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8572.1) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.404Z) + CommentInsert1(PUBSUB-DAEMON) + +AMQ5041I: The queue manager task 'PUBSUB-DAEMON' has ended. + +EXPLANATION: +The queue manager task PUBSUB-DAEMON has ended. +ACTION: +None. +----- amqzmut0.c : 3711 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8948.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.391Z) + ArithInsert1(9048) + CommentInsert1(SYSTEM.CMDSERVER.1) + +AMQ5025I: The command server has ended. ProcessId(9048). + +EXPLANATION: +The command server process has ended. +ACTION: +None. +----- amqzmgr0.c : 5567 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8948.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.545Z) + ArithInsert1(9032) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ5023I: The channel initiator has ended. ProcessId(9032). + +EXPLANATION: +The channel initiator process has ended. +ACTION: +None. +----- amqzmgr0.c : 5556 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8948.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.547Z) + ArithInsert1(9056) + CommentInsert1(LISTENER.TCP) + +AMQ5027I: The listener 'LISTENER.TCP' has ended. ProcessId(9056). + +EXPLANATION: +The listener process has ended. +ACTION: +None. +----- amqzmgr0.c : 5578 ------------------------------------------------------- +29/10/2018 16:49:02 - Process(8160.1) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:02.572Z) + CommentInsert1(ERROR-LOG) + +AMQ5041I: The queue manager task 'ERROR-LOG' has ended. + +EXPLANATION: +The queue manager task ERROR-LOG has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:03 - Process(8144.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:03.124Z) + CommentInsert1(CHECKPOINT) + +AMQ5041I: The queue manager task 'CHECKPOINT' has ended. + +EXPLANATION: +The queue manager task CHECKPOINT has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:03 - Process(8144.1) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:03.145Z) + CommentInsert1(LOGGER-IO) + +AMQ5041I: The queue manager task 'LOGGER-IO' has ended. + +EXPLANATION: +The queue manager task LOGGER-IO has ended. +ACTION: +None. +----- amqzmut0.c : 3555 ------------------------------------------------------- +29/10/2018 16:49:03 - Process(7704.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:03.167Z) + CommentInsert3(QM2) + +AMQ8004I: IBM MQ queue manager 'QM2' ended. + +EXPLANATION: +IBM MQ queue manager 'QM2' ended. +ACTION: +None. +----- amqzxma0.c : 1947 ------------------------------------------------------- +29/10/2018 16:49:36 - Process(7536.3) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:36.369Z) + ArithInsert2(1) + CommentInsert1(LOGGER-IO) + +AMQ5051I: The queue manager task 'LOGGER-IO' has started. + +EXPLANATION: +The critical utility task manager has started the LOGGER-IO task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:36 - Process(6260.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:36.400Z) + ArithInsert1(5) + CommentInsert1(QM2) + +AMQ7229I: 5 log records accessed on queue manager 'QM2' during the log replay +phase. + +EXPLANATION: +5 log records have been accessed so far on queue manager QM2 during the log +replay phase in order to bring the queue manager back to a previously known +state. +ACTION: +None. +----- amqalms0.c : 1010 ------------------------------------------------------- +29/10/2018 16:49:36 - Process(6260.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:36.402Z) + ArithInsert1(5) + CommentInsert1(QM2) + +AMQ7230I: Log replay for queue manager 'QM2' complete. + +EXPLANATION: +The log replay phase of the queue manager restart process has been completed +for queue manager QM2. +ACTION: +None. +----- amqalms0.c : 1015 ------------------------------------------------------- +29/10/2018 16:49:36 - Process(6260.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:36.404Z) + CommentInsert1(QM2) + +AMQ7231I: 0 log records accessed on queue manager 'QM2' during the recovery +phase. + +EXPLANATION: +0 log records have been accessed so far on queue manager QM2 during the +recovery phase of the transactions manager state. +ACTION: +None. +----- amqatmra.c : 713 -------------------------------------------------------- +29/10/2018 16:49:36 - Process(6260.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:36.405Z) + CommentInsert1(QM2) + +AMQ7232I: Transaction manager state recovered for queue manager 'QM2'. + +EXPLANATION: +The state of transactions at the time the queue manager ended has been +recovered for queue manager QM2. +ACTION: +None. +----- amqatmra.c : 718 -------------------------------------------------------- +29/10/2018 16:49:36 - Process(6260.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:36.409Z) + CommentInsert1(QM2) + +AMQ7233I: 0 out of 0 in-flight transactions resolved for queue manager 'QM2'. + +EXPLANATION: +0 transactions out of 0 in-flight at the time queue manager QM2 ended have been +resolved. +ACTION: +None. +----- amqatmra.c : 1315 ------------------------------------------------------- +29/10/2018 16:49:36 - Process(7536.8) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:36.444Z) + ArithInsert2(1) + CommentInsert1(CHECKPOINT) + +AMQ5051I: The queue manager task 'CHECKPOINT' has started. + +EXPLANATION: +The critical utility task manager has started the CHECKPOINT task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:36 - Process(8024.3) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:36.569Z) + ArithInsert2(1) + CommentInsert1(ERROR-LOG) + +AMQ5037I: The queue manager task 'ERROR-LOG' has started. + +EXPLANATION: +The restartable utility task manager has started the ERROR-LOG task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:36 - Process(8024.4) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:36.569Z) + ArithInsert2(1) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:36 - Process(8024.7) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:36.571Z) + ArithInsert2(2) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 2 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:36 - Process(8024.5) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:36.620Z) + ArithInsert2(3) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 3 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:36 - Process(8024.6) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:36.620Z) + ArithInsert2(4) + CommentInsert1(APP-SIGNAL) + +AMQ5037I: The queue manager task 'APP-SIGNAL' has started. + +EXPLANATION: +The restartable utility task manager has started the APP-SIGNAL task. This task +has now started 4 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:36 - Process(6260.1) User(MUSR_MQADMIN) Program(amqzxma0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:36.997Z) + CommentInsert1(9.1.0.0) + CommentInsert3(QM2) + +AMQ8003I: IBM MQ queue manager 'QM2' started using V9.1.0.0. + +EXPLANATION: +IBM MQ queue manager 'QM2' started using V9.1.0.0. +ACTION: +None. +----- amqzxma0.c : 4119 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8024.9) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.010Z) + ArithInsert2(1) + CommentInsert1(DEFERRED_DELIVERY) + +AMQ5037I: The queue manager task 'DEFERRED_DELIVERY' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED_DELIVERY task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8532.1) User(MUSR_MQADMIN) Program(amqrrmfa.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.307Z) + +AMQ9410I: Repository manager started. + +EXPLANATION: +The repository manager started successfully. +ACTION: +None. +----- amqrrmfa.c : 2195 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8024.10) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.324Z) + ArithInsert2(1) + CommentInsert1(DEFERRED-MSG) + +AMQ5037I: The queue manager task 'DEFERRED-MSG' has started. + +EXPLANATION: +The restartable utility task manager has started the DEFERRED-MSG task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(7536.19) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.325Z) + ArithInsert2(1) + CommentInsert1(ACTVTRC) + +AMQ5051I: The queue manager task 'ACTVTRC' has started. + +EXPLANATION: +The critical utility task manager has started the ACTVTRC task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(7536.22) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.326Z) + ArithInsert2(1) + CommentInsert1(DUR-SUBS-MGR) + +AMQ5051I: The queue manager task 'DUR-SUBS-MGR' has started. + +EXPLANATION: +The critical utility task manager has started the DUR-SUBS-MGR task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8260.3) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.348Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-CTRLR) + +AMQ5052I: The queue manager task 'QPUBSUB-CTRLR' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the QPUBSUB-CTRLR task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(7536.23) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.348Z) + ArithInsert2(1) + CommentInsert1(TOPIC-TREE) + +AMQ5051I: The queue manager task 'TOPIC-TREE' has started. + +EXPLANATION: +The critical utility task manager has started the TOPIC-TREE task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8260.4) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.348Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-QUEUE-NLCACHE) + +AMQ5052I: The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-QUEUE-NLCACHE task. This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(7536.26) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.350Z) + ArithInsert2(1) + CommentInsert1(PRESERVED-Q) + +AMQ5051I: The queue manager task 'PRESERVED-Q' has started. + +EXPLANATION: +The critical utility task manager has started the PRESERVED-Q task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(7536.27) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.351Z) + ArithInsert2(1) + CommentInsert1(MULTICAST) + +AMQ5051I: The queue manager task 'MULTICAST' has started. + +EXPLANATION: +The critical utility task manager has started the MULTICAST task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8024.11) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.370Z) + ArithInsert2(1) + CommentInsert1(STATISTICS) + +AMQ5037I: The queue manager task 'STATISTICS' has started. + +EXPLANATION: +The restartable utility task manager has started the STATISTICS task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(7536.20) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.372Z) + ArithInsert2(1) + CommentInsert1(ASYNCQ) + +AMQ5051I: The queue manager task 'ASYNCQ' has started. + +EXPLANATION: +The critical utility task manager has started the ASYNCQ task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(7536.21) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.372Z) + ArithInsert2(1) + CommentInsert1(EXPIRER) + +AMQ5051I: The queue manager task 'EXPIRER' has started. + +EXPLANATION: +The critical utility task manager has started the EXPIRER task. This task has +now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(7536.24) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.374Z) + ArithInsert2(1) + CommentInsert1(RESOURCE_MONITOR) + +AMQ5051I: The queue manager task 'RESOURCE_MONITOR' has started. + +EXPLANATION: +The critical utility task manager has started the RESOURCE_MONITOR task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8024.12) User(MUSR_MQADMIN) Program(amqzmur0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.375Z) + ArithInsert2(1) + CommentInsert1(MARKINTSCAN) + +AMQ5037I: The queue manager task 'MARKINTSCAN' has started. + +EXPLANATION: +The restartable utility task manager has started the MARKINTSCAN task. This +task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8260.5) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.378Z) + ArithInsert2(1) + CommentInsert1(QPUBSUB-SUBPT-NLCACHE) + +AMQ5052I: The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the +QPUBSUB-SUBPT-NLCACHE task. This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(7536.25) User(MUSR_MQADMIN) Program(amqzmuc0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.379Z) + ArithInsert2(1) + CommentInsert1(Q-DELETION) + +AMQ5051I: The queue manager task 'Q-DELETION' has started. + +EXPLANATION: +The critical utility task manager has started the Q-DELETION task. This task +has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8260.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.379Z) + ArithInsert2(1) + CommentInsert1(PUBSUB-DAEMON) + +AMQ5052I: The queue manager task 'PUBSUB-DAEMON' has started. + +EXPLANATION: +The publish/subscribe utility task manager has started the PUBSUB-DAEMON task. +This task has now started 1 times. +ACTION: +None. +----- amqzmut0.c : 1655 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8260.6) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.381Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Controller) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Controller' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Controller' has started. +ACTION: +None. +----- cmqxzmup.c : 3951 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8260.9) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.417Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Publish Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Publish Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Publish Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +29/10/2018 16:49:37 - Process(8260.8) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.431Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Command Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Command Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Command Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +29/10/2018 16:49:37 - Process(8260.7) User(MUSR_MQADMIN) Program(amqzmuf0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.518Z) + CommentInsert1(IBM MQ Distributed Pub/Sub Fan Out Task) + +AMQ5975I: 'IBM MQ Distributed Pub/Sub Fan Out Task' has started. + +EXPLANATION: +'IBM MQ Distributed Pub/Sub Fan Out Task' has started. +ACTION: +None. +----- cmqxzmup.c : 383 -------------------------------------------------------- +29/10/2018 16:49:37 - Process(8708.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.520Z) + ArithInsert1(8968) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ5022I: The channel initiator has started. ProcessId(8968). + +EXPLANATION: +The channel initiator process has started. +ACTION: +None. +----- amqzmgr0.c : 2932 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8708.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.526Z) + ArithInsert1(8980) + CommentInsert1(SYSTEM.CMDSERVER.1) + +AMQ5024I: The command server has started. ProcessId(8980). + +EXPLANATION: +The command server process has started. +ACTION: +None. +----- amqzmgr0.c : 2941 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8708.1) User(MUSR_MQADMIN) Program(amqzmgr0.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.548Z) + ArithInsert1(9008) + CommentInsert1(LISTENER.TCP) + +AMQ5026I: The listener 'LISTENER.TCP' has started. ProcessId(9008). + +EXPLANATION: +The listener process has started. +ACTION: +None. +----- amqzmgr0.c : 2949 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8732.1) User(MUSR_MQADMIN) Program(amqfqpub.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.571Z) + CommentInsert1(QM2) + +AMQ5806I: Queued Publish/Subscribe Daemon started for queue manager QM2. + +EXPLANATION: +Queued Publish/Subscribe Daemon started for queue manager QM2. +ACTION: +None. +----- cmqxfcxc.c : 1397 ------------------------------------------------------- +29/10/2018 16:49:37 - Process(8968.1) User(MUSR_MQADMIN) Program(runmqchi.exe) + Host(FELIX-ELASTIC) Installation(Installation1) + VRMF(9.1.0.0) QMgr(QM2) + Time(2018-10-29T15:49:37.769Z) + CommentInsert1(SYSTEM.CHANNEL.INITQ) + +AMQ8024I: IBM MQ channel initiator started. + +EXPLANATION: +The channel initiator for queue SYSTEM.CHANNEL.INITQ has been started. +ACTION: +None. +----- amqrimna.c : 866 -------------------------------------------------------- diff --git a/filebeat/module/ibmmq/errorlog/test/AMQERR01_QM2.log-expected.json b/filebeat/module/ibmmq/errorlog/test/AMQERR01_QM2.log-expected.json new file mode 100644 index 00000000000..3d6ef8e7d4f --- /dev/null +++ b/filebeat/module/ibmmq/errorlog/test/AMQERR01_QM2.log-expected.json @@ -0,0 +1,3402 @@ +[ + { + "@timestamp": "2018-10-17T11:50:16.332Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Host-Info :- Windows 10 Professional x64 Edition, Build 17134 (MQ Windows (x64 platform) 64-bit) Installation :- C:\\Program Files\\IBM\\MQ (Installation1) Version :- 9.1.0.0 (p910-L180709.TRIAL) AKTION: Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ6287I", + "ibmmq.errorlog.commentinsert": [ + "Windows 10 Professional x64 Edition, Build 17134 (MQ Windows (x64 platform) 64-bit)", + "C:\\\\Program Files\\\\IBM\\\\MQ (Installation1)", + "9.1.0.0 (p910-L180709.TRIAL)" + ], + "ibmmq.errorlog.explanation": "Systeminformationen zu IBM", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 0, + "message": "IBM MQ V9.1.0.0 (p910-L180709.TRIAL).", + "process.pid": "39452.3", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T11:50:16.330Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5051I", + "ibmmq.errorlog.commentinsert": [ + "LOGGER-IO", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die Task 'LOGGER-IO' wurde vom Task-Manager f\ufffdr kritische Dienstprogramme gestartet. Diese Task wurde jetzt 1 Mal gestartet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 857, + "message": "Die WS-Manager-Task 'LOGGER-IO' wurde gestartet.", + "process.pid": "39452.3", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T11:50:16.377Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "LOGGER-IO", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die WS-Manager-Task 'LOGGER-IO' wurde beendet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 1499, + "message": "Die WS-Manager-Task 'LOGGER-IO' wurde beendet.", + "process.pid": "39452.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T11:50:16.700Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5051I", + "ibmmq.errorlog.commentinsert": [ + "LOGGER-IO", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die Task 'LOGGER-IO' wurde vom Task-Manager f\ufffdr kritische Dienstprogramme gestartet. Diese Task wurde jetzt 1 Mal gestartet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 2023, + "message": "Die WS-Manager-Task 'LOGGER-IO' wurde gestartet.", + "process.pid": "3452.3", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T11:50:16.713Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "4", + "" + ], + "ibmmq.errorlog.code": "AMQ7229I", + "ibmmq.errorlog.commentinsert": [ + "QM2", + "", + "" + ], + "ibmmq.errorlog.explanation": "4 Protokolls\ufffdtze wurden bisher auf WS-Manager QM2 w\ufffdhrend der Protokollwiederholungsphase aufgerufen, um den WS-Manager in einen zuvor bekannten Status zur\ufffdckzuversetzen.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 2664, + "message": "4 Protokolls\ufffdtze wurden auf WS-Manager 'QM2' w\ufffdhrend der Protokollwiederholungsphase aufgerufen.", + "process.pid": "25240.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T11:50:16.716Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "4", + "" + ], + "ibmmq.errorlog.code": "AMQ7230I", + "ibmmq.errorlog.commentinsert": [ + "QM2", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die Protokollwiederholungsphase des Neustartprozesses wurde f\ufffdr WS-Manager QM2 beendet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 3394, + "message": "Die Protokollwiederholung f\ufffdr WS-Manager 'QM2' ist beendet.", + "process.pid": "25240.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T11:50:16.727Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ7231I", + "ibmmq.errorlog.commentinsert": [ + "QM2", + "", + "" + ], + "ibmmq.errorlog.explanation": "W\ufffdhrend der Wiederherstellungsphase des Transaktionsmanagerstatus wurden bisher 0 Protokolls\ufffdtze auf WS-Manager QM2 aufgerufen.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 4004, + "message": "0 Protokolls\ufffdtze wurden auf WS-Manager 'QM2' w\ufffdhrend der Wiederherstellungsphase aufgerufen.", + "process.pid": "25240.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T11:50:16.730Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ7232I", + "ibmmq.errorlog.commentinsert": [ + "QM2", + "", + "" + ], + "ibmmq.errorlog.explanation": "Der Status der Transaktionen zu dem Zeitpunkt, als der WS-Manager beendet wurde, wurde f\ufffdr WS-Manager QM2 wiederhergestellt.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 4649, + "message": "Der Transaktionsmanagerstatus wurde f\ufffdr WS-Manager 'QM2' wiederhergestellt.", + "process.pid": "25240.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T11:50:16.740Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ7233I", + "ibmmq.errorlog.commentinsert": [ + "QM2", + "", + "" + ], + "ibmmq.errorlog.explanation": "0 von 0 Transaktionen, die zum Zeitpunkt der Beendigung des WS-Managers QM2 unvollst\ufffdndig waren, wurden aufgel\ufffdst.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 5274, + "message": "0 von 0 unvollst\ufffdndigen Transaktionen wurden f\ufffdr WS-Manager 'QM2' aufgel\ufffdst.", + "process.pid": "25240.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T11:50:16.746Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5051I", + "ibmmq.errorlog.commentinsert": [ + "CHECKPOINT", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die Task 'CHECKPOINT' wurde vom Task-Manager f\ufffdr kritische Dienstprogramme gestartet. Diese Task wurde jetzt 1 Mal gestartet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 5890, + "message": "Die WS-Manager-Task 'CHECKPOINT' wurde gestartet.", + "process.pid": "3452.8", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T11:50:16.810Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5037I", + "ibmmq.errorlog.commentinsert": [ + "ERROR-LOG", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die Task 'ERROR-LOG' wurde vom Task-Manager f\ufffdr wieder anlauff\ufffdhige Dienstprogramme gestartet. Diese Task wurde jetzt 1 Mal gestartet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 6534, + "message": "Die WS-Manager-Task 'ERROR-LOG' wurde gestartet.", + "process.pid": "23324.3", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T11:50:16.811Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5037I", + "ibmmq.errorlog.commentinsert": [ + "APP-SIGNAL", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die Task 'APP-SIGNAL' wurde vom Task-Manager f\ufffdr wieder anlauff\ufffdhige Dienstprogramme gestartet. Diese Task wurde jetzt 1 Mal gestartet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 7186, + "message": "Die WS-Manager-Task 'APP-SIGNAL' wurde gestartet.", + "process.pid": "23324.7", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T11:50:16.812Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "2" + ], + "ibmmq.errorlog.code": "AMQ5037I", + "ibmmq.errorlog.commentinsert": [ + "APP-SIGNAL", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die Task 'APP-SIGNAL' wurde vom Task-Manager f\ufffdr wieder anlauff\ufffdhige Dienstprogramme gestartet. Diese Task wurde jetzt 2 Mal gestartet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 7841, + "message": "Die WS-Manager-Task 'APP-SIGNAL' wurde gestartet.", + "process.pid": "23324.4", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T11:50:16.812Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "3" + ], + "ibmmq.errorlog.code": "AMQ5037I", + "ibmmq.errorlog.commentinsert": [ + "APP-SIGNAL", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die Task 'APP-SIGNAL' wurde vom Task-Manager f\ufffdr wieder anlauff\ufffdhige Dienstprogramme gestartet. Diese Task wurde jetzt 3 Mal gestartet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 8496, + "message": "Die WS-Manager-Task 'APP-SIGNAL' wurde gestartet.", + "process.pid": "23324.5", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T11:50:16.812Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "4" + ], + "ibmmq.errorlog.code": "AMQ5037I", + "ibmmq.errorlog.commentinsert": [ + "APP-SIGNAL", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die Task 'APP-SIGNAL' wurde vom Task-Manager f\ufffdr wieder anlauff\ufffdhige Dienstprogramme gestartet. Diese Task wurde jetzt 4 Mal gestartet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 9151, + "message": "Die WS-Manager-Task 'APP-SIGNAL' wurde gestartet.", + "process.pid": "23324.6", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T11:50:18.019Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "87", + "" + ], + "ibmmq.errorlog.code": "AMQ8048I", + "ibmmq.errorlog.commentinsert": [ + "0", + "", + "" + ], + "ibmmq.errorlog.explanation": "Dies sind Informationen zur Anzahl der erfolgreich erstellten oder ersetzten Objekte sowie zu den Fehlschl\ufffdgen beim Erstellen der Standardobjekte.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 9806, + "message": "Standardobjektstatistik: 87 erstellt. 0 ersetzt. 0 fehlgeschlagen.", + "process.pid": "25240.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T11:50:18.040Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ8003I", + "ibmmq.errorlog.commentinsert": [ + "9.1.0.0", + "", + "QM2" + ], + "ibmmq.errorlog.explanation": "IBM MQ-WS-Manager 'QM2' wurde mit V9.1.0.0 gestartet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 10481, + "message": "IBM MQ-WS-Manager 'QM2' wurde mit V9.1.0.0 gestartet.", + "process.pid": "25240.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T11:50:18.100Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "APP-SIGNAL", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die WS-Manager-Task 'APP-SIGNAL' wurde beendet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 11059, + "message": "Die WS-Manager-Task 'APP-SIGNAL' wurde beendet.", + "process.pid": "23324.1", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T11:50:18.130Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "APP-SIGNAL", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die WS-Manager-Task 'APP-SIGNAL' wurde beendet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 11586, + "message": "Die WS-Manager-Task 'APP-SIGNAL' wurde beendet.", + "process.pid": "23324.1", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T11:50:18.135Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "ERROR-LOG", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die WS-Manager-Task 'ERROR-LOG' wurde beendet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 12113, + "message": "Die WS-Manager-Task 'ERROR-LOG' wurde beendet.", + "process.pid": "23324.1", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T11:50:18.202Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "CHECKPOINT", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die WS-Manager-Task 'CHECKPOINT' wurde beendet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 12637, + "message": "Die WS-Manager-Task 'CHECKPOINT' wurde beendet.", + "process.pid": "3452.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T11:50:18.214Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "LOGGER-IO", + "", + "" + ], + "ibmmq.errorlog.explanation": "Die WS-Manager-Task 'LOGGER-IO' wurde beendet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 13163, + "message": "Die WS-Manager-Task 'LOGGER-IO' wurde beendet.", + "process.pid": "3452.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T11:50:18.228Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Keine.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ8004I", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "QM2" + ], + "ibmmq.errorlog.explanation": "Der IBM MQ-Warteschlangenmanager 'QM2' wurde beendet.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 13686, + "message": "IBM MQ-Warteschlangenmanager 'QM2' wurde beendet.", + "process.pid": "25240.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "felix" + }, + { + "@timestamp": "2018-10-17T13:50:18.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5051I", + "ibmmq.errorlog.commentinsert": [ + "LOGGER-IO", + "", + "" + ], + "ibmmq.errorlog.explanation": "The critical utility task manager has started the LOGGER-IO task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 14214, + "message": "The queue manager task 'LOGGER-IO' has started.", + "process.pid": "7220.3", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:18.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "5", + "" + ], + "ibmmq.errorlog.code": "AMQ7229I", + "ibmmq.errorlog.commentinsert": [ + "QM2", + "", + "" + ], + "ibmmq.errorlog.explanation": "5 log records have been accessed so far on queue manager QM2 during the log replay phase in order to bring the queue manager back to a previously known state.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 14838, + "message": "5 log records accessed on queue manager 'QM2' during the log replay phase.", + "process.pid": "6008.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:18.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "5", + "" + ], + "ibmmq.errorlog.code": "AMQ7230I", + "ibmmq.errorlog.commentinsert": [ + "QM2", + "", + "" + ], + "ibmmq.errorlog.explanation": "The log replay phase of the queue manager restart process has been completed for queue manager QM2.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 15541, + "message": "Log replay for queue manager 'QM2' complete.", + "process.pid": "6008.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:18.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ7231I", + "ibmmq.errorlog.commentinsert": [ + "QM2", + "", + "" + ], + "ibmmq.errorlog.explanation": "0 log records have been accessed so far on queue manager QM2 during the recovery phase of the transactions manager state.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 16155, + "message": "0 log records accessed on queue manager 'QM2' during the recovery phase.", + "process.pid": "6008.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:18.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ7232I", + "ibmmq.errorlog.commentinsert": [ + "QM2", + "", + "" + ], + "ibmmq.errorlog.explanation": "The state of transactions at the time the queue manager ended has been recovered for queue manager QM2.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 16781, + "message": "Transaction manager state recovered for queue manager 'QM2'.", + "process.pid": "6008.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:18.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ7233I", + "ibmmq.errorlog.commentinsert": [ + "QM2", + "", + "" + ], + "ibmmq.errorlog.explanation": "0 transactions out of 0 in-flight at the time queue manager QM2 ended have been resolved.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 17377, + "message": "0 out of 0 in-flight transactions resolved for queue manager 'QM2'.", + "process.pid": "6008.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:18.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5051I", + "ibmmq.errorlog.commentinsert": [ + "CHECKPOINT", + "", + "" + ], + "ibmmq.errorlog.explanation": "The critical utility task manager has started the CHECKPOINT task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 17966, + "message": "The queue manager task 'CHECKPOINT' has started.", + "process.pid": "7220.8", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:18.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5037I", + "ibmmq.errorlog.commentinsert": [ + "ERROR-LOG", + "", + "" + ], + "ibmmq.errorlog.explanation": "The restartable utility task manager has started the ERROR-LOG task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 18593, + "message": "The queue manager task 'ERROR-LOG' has started.", + "process.pid": "31504.3", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:18.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5037I", + "ibmmq.errorlog.commentinsert": [ + "APP-SIGNAL", + "", + "" + ], + "ibmmq.errorlog.explanation": "The restartable utility task manager has started the APP-SIGNAL task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 19221, + "message": "The queue manager task 'APP-SIGNAL' has started.", + "process.pid": "31504.4", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:18.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "2" + ], + "ibmmq.errorlog.code": "AMQ5037I", + "ibmmq.errorlog.commentinsert": [ + "APP-SIGNAL", + "", + "" + ], + "ibmmq.errorlog.explanation": "The restartable utility task manager has started the APP-SIGNAL task. This task has now started 2 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 19852, + "message": "The queue manager task 'APP-SIGNAL' has started.", + "process.pid": "31504.5", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:18.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "3" + ], + "ibmmq.errorlog.code": "AMQ5037I", + "ibmmq.errorlog.commentinsert": [ + "APP-SIGNAL", + "", + "" + ], + "ibmmq.errorlog.explanation": "The restartable utility task manager has started the APP-SIGNAL task. This task has now started 3 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 20483, + "message": "The queue manager task 'APP-SIGNAL' has started.", + "process.pid": "31504.6", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:18.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "4" + ], + "ibmmq.errorlog.code": "AMQ5037I", + "ibmmq.errorlog.commentinsert": [ + "APP-SIGNAL", + "", + "" + ], + "ibmmq.errorlog.explanation": "The restartable utility task manager has started the APP-SIGNAL task. This task has now started 4 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 21114, + "message": "The queue manager task 'APP-SIGNAL' has started.", + "process.pid": "31504.7", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ8003I", + "ibmmq.errorlog.commentinsert": [ + "9.1.0.0", + "", + "QM2" + ], + "ibmmq.errorlog.explanation": "IBM MQ queue manager 'QM2' started using V9.1.0.0.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 21745, + "message": "IBM MQ queue manager 'QM2' started using V9.1.0.0.", + "process.pid": "6008.1", + "process.title": "amqzxma0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5037I", + "ibmmq.errorlog.commentinsert": [ + "DEFERRED_DELIVERY", + "", + "" + ], + "ibmmq.errorlog.explanation": "The restartable utility task manager has started the DEFERRED_DELIVERY task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 22324, + "message": "The queue manager task 'DEFERRED_DELIVERY' has started.", + "process.pid": "31504.9", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5051I", + "ibmmq.errorlog.commentinsert": [ + "ACTVTRC", + "", + "" + ], + "ibmmq.errorlog.explanation": "The critical utility task manager has started the ACTVTRC task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 22976, + "message": "The queue manager task 'ACTVTRC' has started.", + "process.pid": "7220.19", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5037I", + "ibmmq.errorlog.commentinsert": [ + "DEFERRED-MSG", + "", + "" + ], + "ibmmq.errorlog.explanation": "The restartable utility task manager has started the DEFERRED-MSG task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 23595, + "message": "The queue manager task 'DEFERRED-MSG' has started.", + "process.pid": "31504.10", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5051I", + "ibmmq.errorlog.commentinsert": [ + "ASYNCQ", + "", + "" + ], + "ibmmq.errorlog.explanation": "The critical utility task manager has started the ASYNCQ task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 24233, + "message": "The queue manager task 'ASYNCQ' has started.", + "process.pid": "7220.20", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5037I", + "ibmmq.errorlog.commentinsert": [ + "STATISTICS", + "", + "" + ], + "ibmmq.errorlog.explanation": "The restartable utility task manager has started the STATISTICS task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 24849, + "message": "The queue manager task 'STATISTICS' has started.", + "process.pid": "31504.11", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5051I", + "ibmmq.errorlog.commentinsert": [ + "EXPIRER", + "", + "" + ], + "ibmmq.errorlog.explanation": "The critical utility task manager has started the EXPIRER task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 25481, + "message": "The queue manager task 'EXPIRER' has started.", + "process.pid": "7220.21", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5051I", + "ibmmq.errorlog.commentinsert": [ + "DUR-SUBS-MGR", + "", + "" + ], + "ibmmq.errorlog.explanation": "The critical utility task manager has started the DUR-SUBS-MGR task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 26100, + "message": "The queue manager task 'DUR-SUBS-MGR' has started.", + "process.pid": "7220.22", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9410I", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The repository manager started successfully.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 26734, + "message": "Repository manager started.", + "process.pid": "9848.1", + "process.title": "amqrrmfa.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5051I", + "ibmmq.errorlog.commentinsert": [ + "TOPIC-TREE", + "", + "" + ], + "ibmmq.errorlog.explanation": "The critical utility task manager has started the TOPIC-TREE task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 27196, + "message": "The queue manager task 'TOPIC-TREE' has started.", + "process.pid": "7220.23", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5052I", + "ibmmq.errorlog.commentinsert": [ + "QPUBSUB-CTRLR", + "", + "" + ], + "ibmmq.errorlog.explanation": "The publish/subscribe utility task manager has started the QPUBSUB-CTRLR task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 27824, + "message": "The queue manager task 'QPUBSUB-CTRLR' has started.", + "process.pid": "33244.3", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5037I", + "ibmmq.errorlog.commentinsert": [ + "MARKINTSCAN", + "", + "" + ], + "ibmmq.errorlog.explanation": "The restartable utility task manager has started the MARKINTSCAN task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 28470, + "message": "The queue manager task 'MARKINTSCAN' has started.", + "process.pid": "31504.12", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5051I", + "ibmmq.errorlog.commentinsert": [ + "RESOURCE_MONITOR", + "", + "" + ], + "ibmmq.errorlog.explanation": "The critical utility task manager has started the RESOURCE_MONITOR task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 29105, + "message": "The queue manager task 'RESOURCE_MONITOR' has started.", + "process.pid": "7220.24", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5051I", + "ibmmq.errorlog.commentinsert": [ + "PRESERVED-Q", + "", + "" + ], + "ibmmq.errorlog.explanation": "The critical utility task manager has started the PRESERVED-Q task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 29751, + "message": "The queue manager task 'PRESERVED-Q' has started.", + "process.pid": "7220.26", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5051I", + "ibmmq.errorlog.commentinsert": [ + "Q-DELETION", + "", + "" + ], + "ibmmq.errorlog.explanation": "The critical utility task manager has started the Q-DELETION task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 30382, + "message": "The queue manager task 'Q-DELETION' has started.", + "process.pid": "7220.25", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5052I", + "ibmmq.errorlog.commentinsert": [ + "QPUBSUB-SUBPT-NLCACHE", + "", + "" + ], + "ibmmq.errorlog.explanation": "The publish/subscribe utility task manager has started the QPUBSUB-SUBPT-NLCACHE task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 31010, + "message": "The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has started.", + "process.pid": "33244.5", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5052I", + "ibmmq.errorlog.commentinsert": [ + "QPUBSUB-QUEUE-NLCACHE", + "", + "" + ], + "ibmmq.errorlog.explanation": "The publish/subscribe utility task manager has started the QPUBSUB-QUEUE-NLCACHE task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 31680, + "message": "The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has started.", + "process.pid": "33244.4", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5051I", + "ibmmq.errorlog.commentinsert": [ + "MULTICAST", + "", + "" + ], + "ibmmq.errorlog.explanation": "The critical utility task manager has started the MULTICAST task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 32350, + "message": "The queue manager task 'MULTICAST' has started.", + "process.pid": "7220.27", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "1" + ], + "ibmmq.errorlog.code": "AMQ5052I", + "ibmmq.errorlog.commentinsert": [ + "PUBSUB-DAEMON", + "", + "" + ], + "ibmmq.errorlog.explanation": "The publish/subscribe utility task manager has started the PUBSUB-DAEMON task. This task has now started 1 times.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 32975, + "message": "The queue manager task 'PUBSUB-DAEMON' has started.", + "process.pid": "33244.6", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5975I", + "ibmmq.errorlog.commentinsert": [ + "IBM MQ Distributed Pub/Sub Controller", + "", + "" + ], + "ibmmq.errorlog.explanation": "'IBM MQ Distributed Pub/Sub Controller' has started.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 33621, + "message": "'IBM MQ Distributed Pub/Sub Controller' has started.", + "process.pid": "33244.6", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5975I", + "ibmmq.errorlog.commentinsert": [ + "IBM MQ Distributed Pub/Sub Publish Task", + "", + "" + ], + "ibmmq.errorlog.explanation": "'IBM MQ Distributed Pub/Sub Publish Task' has started.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 34193, + "message": "'IBM MQ Distributed Pub/Sub Publish Task' has started.", + "process.pid": "33244.9", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5975I", + "ibmmq.errorlog.commentinsert": [ + "IBM MQ Distributed Pub/Sub Fan Out Task", + "", + "" + ], + "ibmmq.errorlog.explanation": "'IBM MQ Distributed Pub/Sub Fan Out Task' has started.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 34771, + "message": "'IBM MQ Distributed Pub/Sub Fan Out Task' has started.", + "process.pid": "33244.7", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5975I", + "ibmmq.errorlog.commentinsert": [ + "IBM MQ Distributed Pub/Sub Command Task", + "", + "" + ], + "ibmmq.errorlog.explanation": "'IBM MQ Distributed Pub/Sub Command Task' has started.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 35349, + "message": "'IBM MQ Distributed Pub/Sub Command Task' has started.", + "process.pid": "33244.8", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "9264", + "" + ], + "ibmmq.errorlog.code": "AMQ5022I", + "ibmmq.errorlog.commentinsert": [ + "SYSTEM.CHANNEL.INITQ", + "", + "" + ], + "ibmmq.errorlog.explanation": "The channel initiator process has started.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 35927, + "message": "The channel initiator has started. ProcessId(9264).", + "process.pid": "27056.1", + "process.title": "amqzmgr0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "19060", + "" + ], + "ibmmq.errorlog.code": "AMQ5024I", + "ibmmq.errorlog.commentinsert": [ + "SYSTEM.CMDSERVER.1", + "", + "" + ], + "ibmmq.errorlog.explanation": "The command server process has started.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 36512, + "message": "The command server has started. ProcessId(19060).", + "process.pid": "27056.1", + "process.title": "amqzmgr0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5806I", + "ibmmq.errorlog.commentinsert": [ + "QM2", + "", + "" + ], + "ibmmq.errorlog.explanation": "Queued Publish/Subscribe Daemon started for queue manager QM2.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 37091, + "message": "Queued Publish/Subscribe Daemon started for queue manager QM2.", + "process.pid": "21220.1", + "process.title": "amqfqpub.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ8024I", + "ibmmq.errorlog.commentinsert": [ + "SYSTEM.CHANNEL.INITQ", + "", + "" + ], + "ibmmq.errorlog.explanation": "The channel initiator for queue SYSTEM.CHANNEL.INITQ has been started.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 37649, + "message": "IBM MQ channel initiator started.", + "process.pid": "9264.1", + "process.title": "runmqchi.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-17T13:50:19.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "37632", + "" + ], + "ibmmq.errorlog.code": "AMQ5026I", + "ibmmq.errorlog.commentinsert": [ + "LISTENER.TCP", + "", + "" + ], + "ibmmq.errorlog.explanation": "The listener process has started.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 38202, + "message": "The listener 'LISTENER.TCP' has started. ProcessId(37632).", + "process.pid": "27056.1", + "process.title": "amqzmgr0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T15:18:48.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9002I", + "ibmmq.errorlog.commentinsert": [ + "CHL.QM1.QM2", + "", + "" + ], + "ibmmq.errorlog.explanation": "Channel 'CHL.QM1.QM2' is starting.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 38778, + "message": "Channel 'CHL.QM1.QM2' is starting.", + "process.pid": "44852.3", + "process.title": "amqrmppa.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T15:19:11.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9002I", + "ibmmq.errorlog.commentinsert": [ + "CHL.QM2.QM1", + "", + "" + ], + "ibmmq.errorlog.explanation": "Channel 'CHL.QM2.QM1' is starting.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 39288, + "message": "Channel 'CHL.QM2.QM1' is starting.", + "process.pid": "37368.1", + "process.title": "runmqchl.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:10:06.000Z", + "destination.address": "127.0.0.1", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Contact the systems administrator, who should examine the channel authentication records to ensure that the correct settings have been configured. The ALTER QMGR CHLAUTH switch is used to control whether channel authentication records are used. The command DISPLAY CHLAUTH can be used to query the channel authentication records.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9776E", + "ibmmq.errorlog.commentinsert": [ + "CLI.LOGSTASH", + "127.0.0.1", + "MCAUSER(felix) CLNTUSER(felix) ADDRESS(picmention)" + ], + "ibmmq.errorlog.explanation": "The inbound channel 'CLI.LOGSTASH' was blocked from address '127.0.0.1' because the active values of the channel were mapped to a userid which should be blocked. The active values of the channel were 'MCAUSER(felix) CLNTUSER(felix) ADDRESS(picmention)'.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 39798, + "message": "Channel was blocked by userid", + "process.pid": "44852.4", + "process.title": "amqrmppa.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:10:06.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Look at previous error messages for the channel program in the error logs to determine the cause of the failure. Note that this message can be excluded completely or suppressed by tuning the \"ExcludeMessage\" or \"SuppressMessage\" attributes under the \"QMErrorLog\" stanza in qm.ini. Further information can be found in the System Administration Guide.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9999E", + "ibmmq.errorlog.commentinsert": [ + "CLI.LOGSTASH", + "44852(28928)", + "127.0.0.1" + ], + "ibmmq.errorlog.explanation": "The channel program running under process ID 44852(28928) for channel 'CLI.LOGSTASH' ended abnormally. The host name is '127.0.0.1'; in some cases the host name cannot be determined and so is shown as '????'.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 41028, + "message": "Channel 'CLI.LOGSTASH' to host '127.0.0.1' ended abnormally.", + "process.pid": "44852.4", + "process.title": "amqrmppa.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:10:12.000Z", + "destination.address": "127.0.0.1", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Contact the systems administrator, who should examine the channel authentication records to ensure that the correct settings have been configured. The ALTER QMGR CHLAUTH switch is used to control whether channel authentication records are used. The command DISPLAY CHLAUTH can be used to query the channel authentication records.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9776E", + "ibmmq.errorlog.commentinsert": [ + "CLI.LOGSTASH", + "127.0.0.1", + "MCAUSER(felix) CLNTUSER(felix) ADDRESS(picmention)" + ], + "ibmmq.errorlog.explanation": "The inbound channel 'CLI.LOGSTASH' was blocked from address '127.0.0.1' because the active values of the channel were mapped to a userid which should be blocked. The active values of the channel were 'MCAUSER(felix) CLNTUSER(felix) ADDRESS(picmention)'.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 42182, + "message": "Channel was blocked by userid", + "process.pid": "44852.5", + "process.title": "amqrmppa.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:10:12.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Look at previous error messages for the channel program in the error logs to determine the cause of the failure. Note that this message can be excluded completely or suppressed by tuning the \"ExcludeMessage\" or \"SuppressMessage\" attributes under the \"QMErrorLog\" stanza in qm.ini. Further information can be found in the System Administration Guide.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9999E", + "ibmmq.errorlog.commentinsert": [ + "CLI.LOGSTASH", + "44852(22352)", + "127.0.0.1" + ], + "ibmmq.errorlog.explanation": "The channel program running under process ID 44852(22352) for channel 'CLI.LOGSTASH' ended abnormally. The host name is '127.0.0.1'; in some cases the host name cannot be determined and so is shown as '????'.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 43412, + "message": "Channel 'CLI.LOGSTASH' to host '127.0.0.1' ended abnormally.", + "process.pid": "44852.5", + "process.title": "amqrmppa.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:10:28.000Z", + "destination.address": "127.0.0.1", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Contact the systems administrator, who should examine the channel authentication records to ensure that the correct settings have been configured. The ALTER QMGR CHLAUTH switch is used to control whether channel authentication records are used. The command DISPLAY CHLAUTH can be used to query the channel authentication records.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9776E", + "ibmmq.errorlog.commentinsert": [ + "CLI.LOGSTASH", + "127.0.0.1", + "MCAUSER(felix) CLNTUSER(felix) ADDRESS(picmention)" + ], + "ibmmq.errorlog.explanation": "The inbound channel 'CLI.LOGSTASH' was blocked from address '127.0.0.1' because the active values of the channel were mapped to a userid which should be blocked. The active values of the channel were 'MCAUSER(felix) CLNTUSER(felix) ADDRESS(picmention)'.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 44566, + "message": "Channel was blocked by userid", + "process.pid": "44852.6", + "process.title": "amqrmppa.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:10:28.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Look at previous error messages for the channel program in the error logs to determine the cause of the failure. Note that this message can be excluded completely or suppressed by tuning the \"ExcludeMessage\" or \"SuppressMessage\" attributes under the \"QMErrorLog\" stanza in qm.ini. Further information can be found in the System Administration Guide.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9999E", + "ibmmq.errorlog.commentinsert": [ + "CLI.LOGSTASH", + "44852(4436)", + "127.0.0.1" + ], + "ibmmq.errorlog.explanation": "The channel program running under process ID 44852(4436) for channel 'CLI.LOGSTASH' ended abnormally. The host name is '127.0.0.1'; in some cases the host name cannot be determined and so is shown as '????'.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 45796, + "message": "Channel 'CLI.LOGSTASH' to host '127.0.0.1' ended abnormally.", + "process.pid": "44852.6", + "process.title": "amqrmppa.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:20.000Z", + "destination.address": "127.0.0.1", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Contact the systems administrator, who should examine the channel authentication records to ensure that the correct settings have been configured. The ALTER QMGR CHLAUTH switch is used to control whether channel authentication records are used. The command DISPLAY CHLAUTH can be used to query the channel authentication records.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9776E", + "ibmmq.errorlog.commentinsert": [ + "CLI.LOGSTASH", + "127.0.0.1", + "MCAUSER(felix) CLNTUSER(felix) ADDRESS(picmention)" + ], + "ibmmq.errorlog.explanation": "The inbound channel 'CLI.LOGSTASH' was blocked from address '127.0.0.1' because the active values of the channel were mapped to a userid which should be blocked. The active values of the channel were 'MCAUSER(felix) CLNTUSER(felix) ADDRESS(picmention)'.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 46948, + "message": "Channel was blocked by userid", + "process.pid": "44852.7", + "process.title": "amqrmppa.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:20.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "Look at previous error messages for the channel program in the error logs to determine the cause of the failure. Note that this message can be excluded completely or suppressed by tuning the \"ExcludeMessage\" or \"SuppressMessage\" attributes under the \"QMErrorLog\" stanza in qm.ini. Further information can be found in the System Administration Guide.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9999E", + "ibmmq.errorlog.commentinsert": [ + "CLI.LOGSTASH", + "44852(34856)", + "127.0.0.1" + ], + "ibmmq.errorlog.explanation": "The channel program running under process ID 44852(34856) for channel 'CLI.LOGSTASH' ended abnormally. The host name is '127.0.0.1'; in some cases the host name cannot be determined and so is shown as '????'.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 48178, + "message": "Channel 'CLI.LOGSTASH' to host '127.0.0.1' ended abnormally.", + "process.pid": "44852.7", + "process.title": "amqrmppa.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9411I", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The repository manager ended normally.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 49332, + "message": "Repository manager ended normally.", + "process.pid": "9848.1", + "process.title": "amqrrmfa.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9542W", + "ibmmq.errorlog.commentinsert": [ + "", + "", + "" + ], + "ibmmq.errorlog.explanation": "The program will end because the queue manager is quiescing.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 49795, + "message": "Queue manager is ending.", + "process.pid": "9264.1", + "process.title": "runmqchi.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "2162", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "DEFERRED_DELIVERY", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task DEFERRED_DELIVERY has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 50270, + "message": "The queue manager task 'DEFERRED_DELIVERY' has ended.", + "process.pid": "31504.1", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9542W", + "ibmmq.errorlog.commentinsert": [ + "CHL.QM2.QM1", + "", + "" + ], + "ibmmq.errorlog.explanation": "The program will end because the queue manager is quiescing.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 50863, + "message": "Queue manager is ending.", + "process.pid": "37368.1", + "process.title": "runmqchl.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "ACTVTRC", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task ACTVTRC has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 51389, + "message": "The queue manager task 'ACTVTRC' has ended.", + "process.pid": "7220.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "ASYNCQ", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task ASYNCQ has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 51910, + "message": "The queue manager task 'ASYNCQ' has ended.", + "process.pid": "7220.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "EXPIRER", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task EXPIRER has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 52428, + "message": "The queue manager task 'EXPIRER' has ended.", + "process.pid": "7220.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "DUR-SUBS-MGR", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task DUR-SUBS-MGR has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 52949, + "message": "The queue manager task 'DUR-SUBS-MGR' has ended.", + "process.pid": "7220.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "TOPIC-TREE", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task TOPIC-TREE has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 53485, + "message": "The queue manager task 'TOPIC-TREE' has ended.", + "process.pid": "7220.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "RESOURCE_MONITOR", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task RESOURCE_MONITOR has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 54015, + "message": "The queue manager task 'RESOURCE_MONITOR' has ended.", + "process.pid": "7220.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "Q-DELETION", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task Q-DELETION has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 54563, + "message": "The queue manager task 'Q-DELETION' has ended.", + "process.pid": "7220.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "PRESERVED-Q", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task PRESERVED-Q has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 55093, + "message": "The queue manager task 'PRESERVED-Q' has ended.", + "process.pid": "7220.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "MULTICAST", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task MULTICAST has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 55626, + "message": "The queue manager task 'MULTICAST' has ended.", + "process.pid": "7220.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ9001I", + "ibmmq.errorlog.commentinsert": [ + "CHL.QM2.QM1", + "37368(31284)", + "127.0.0.1(1414)" + ], + "ibmmq.errorlog.explanation": "Channel 'CHL.QM2.QM1' to host '127.0.0.1(1414)' ended normally.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 56153, + "message": "Channel 'CHL.QM2.QM1' ended normally.", + "process.pid": "37368.1", + "process.title": "runmqchl.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "APP-SIGNAL", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task APP-SIGNAL has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 56800, + "message": "The queue manager task 'APP-SIGNAL' has ended.", + "process.pid": "31504.1", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "ACTVTRC", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task ACTVTRC has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 57331, + "message": "The queue manager task 'ACTVTRC' has ended.", + "process.pid": "7220.1", + "process.title": "amqzmuc0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "DEFERRED-MSG", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task DEFERRED-MSG has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 57852, + "message": "The queue manager task 'DEFERRED-MSG' has ended.", + "process.pid": "31504.1", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "QPUBSUB-CTRLR", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task QPUBSUB-CTRLR has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 58389, + "message": "The queue manager task 'QPUBSUB-CTRLR' has ended.", + "process.pid": "33244.1", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "QPUBSUB-QUEUE-NLCACHE", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task QPUBSUB-QUEUE-NLCACHE has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 58929, + "message": "The queue manager task 'QPUBSUB-QUEUE-NLCACHE' has ended.", + "process.pid": "33244.1", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "STATISTICS", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task STATISTICS has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 59493, + "message": "The queue manager task 'STATISTICS' has ended.", + "process.pid": "31504.1", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "QPUBSUB-SUBPT-NLCACHE", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task QPUBSUB-SUBPT-NLCACHE has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 60024, + "message": "The queue manager task 'QPUBSUB-SUBPT-NLCACHE' has ended.", + "process.pid": "33244.1", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "MARKINTSCAN", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task MARKINTSCAN has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 60588, + "message": "The queue manager task 'MARKINTSCAN' has ended.", + "process.pid": "31504.1", + "process.title": "amqzmur0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.action": "None.", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5041I", + "ibmmq.errorlog.commentinsert": [ + "PUBSUB-DAEMON", + "", + "" + ], + "ibmmq.errorlog.explanation": "The queue manager task PUBSUB-DAEMON has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 61122, + "message": "The queue manager task 'PUBSUB-DAEMON' has ended.", + "process.pid": "33244.1", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5976I", + "ibmmq.errorlog.commentinsert": [ + "IBM MQ Distributed Pub/Sub Publish Task", + "", + "" + ], + "ibmmq.errorlog.explanation": "'IBM MQ Distributed Pub/Sub Publish Task' has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 61662, + "message": "'IBM MQ Distributed Pub/Sub Publish Task' has ended.", + "process.pid": "33244.9", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5976I", + "ibmmq.errorlog.commentinsert": [ + "IBM MQ Distributed Pub/Sub Command Task", + "", + "" + ], + "ibmmq.errorlog.explanation": "'IBM MQ Distributed Pub/Sub Command Task' has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 62231, + "message": "'IBM MQ Distributed Pub/Sub Command Task' has ended.", + "process.pid": "33244.8", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5976I", + "ibmmq.errorlog.commentinsert": [ + "IBM MQ Distributed Pub/Sub Fan Out Task", + "", + "" + ], + "ibmmq.errorlog.explanation": "'IBM MQ Distributed Pub/Sub Fan Out Task' has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 62800, + "message": "'IBM MQ Distributed Pub/Sub Fan Out Task' has ended.", + "process.pid": "33244.7", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + }, + { + "@timestamp": "2018-10-18T16:13:46.000Z", + "event.dataset": "ibmmq.errorlog", + "event.kind": "event", + "event.module": "ibmmq", + "fileset.name": "errorlog", + "host.hostname": "FELIX-ELASTIC", + "ibmmq.errorlog.arithinsert": [ + "", + "" + ], + "ibmmq.errorlog.code": "AMQ5976I", + "ibmmq.errorlog.commentinsert": [ + "IBM MQ Distributed Pub/Sub Controller", + "", + "" + ], + "ibmmq.errorlog.explanation": "'IBM MQ Distributed Pub/Sub Controller' has ended.", + "ibmmq.errorlog.installation": "Installation1", + "ibmmq.errorlog.qmgr": "QM2", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "", + "log.offset": 63369, + "message": "'IBM MQ Distributed Pub/Sub Controller' has ended.", + "process.pid": "33244.6", + "process.title": "amqzmuf0.exe", + "service.type": "ibmmq", + "service.version": "9.1.0.0", + "user.name": "MUSR_MQADMIN" + } +] \ No newline at end of file diff --git a/filebeat/module/ibmmq/fields.go b/filebeat/module/ibmmq/fields.go new file mode 100644 index 00000000000..98fdbfffa32 --- /dev/null +++ b/filebeat/module/ibmmq/fields.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package ibmmq + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "ibmmq", asset.ModuleFieldsPri, AssetIbmmq); err != nil { + panic(err) + } +} + +// AssetIbmmq returns asset data. +// This is the base64 encoded gzipped contents of module/ibmmq. +func AssetIbmmq() string { + return "eJy8VM1u2zwQvPspBjknfgAfvsPX5hCgCRogRXulyZW4CLUrk1TkvH1ByUkkR3brS3WyxeH8cKi9wTO9bsDbptmtgMw50AZXw/+rFeAo2chtZpUN/lsBGLG4V9cFWgGRAplEG9RmBVRMwaXNALyBmIY+yMuTX9sCjdq1hzcLCnOaKRXFqDFo/b5wtP/u/3vcP44wBK3TBPhZeklpYltSNiGYwjxZPuH47XnynMAJ2dOMYSBF79l6WCPYEmp+IYHJc1zmhtbvpEfst8b6OVyrt9Aq+PFw9+sa31i6/TWMOPxkcdqna3iTYNAJ7zoCO5LMFVPEs2gvKIvy2e4aT4spOKFL5JAVJiW1bDIhe5Y6IXXWF75dRx2hMWJqimkwY1Uqrrs4MlUcKKHn7I+1T6Qf+3um116jW+hr19Tx73t6KEG0GnqaeV3jcW69jfrCbkSx1EgUX9hSGuK3bWA7uE7jiY/b0gdv+WkythRU6rIne2rWFyUzkcvpJor5dMAv3khd/FmVTJKxNaUjlfFrWLO7SNNq05Rb8m9Vh00TgdPC34epA+McTuFpb5q2jLMJ9vBuwVSmfV5ytG+DkT8MgdsCYjnUPk4fFjQaCY6y4XBZ3/a83FeqBrG+XKyscIrek0zE1doupgsLd3Qm4UBbMOeu7u8AAAD//yFO4G0=" +} diff --git a/filebeat/module/ibmmq/module.yml b/filebeat/module/ibmmq/module.yml new file mode 100644 index 00000000000..7551ba72055 --- /dev/null +++ b/filebeat/module/ibmmq/module.yml @@ -0,0 +1,3 @@ +dashboards: +- id: Filebeat-ibmmq-errorlog-Dashboard + file: Filebeat-ibmmq-errorlog.json diff --git a/filebeat/module/iptables/README.md b/filebeat/module/iptables/README.md new file mode 100644 index 00000000000..a00e35f0c84 --- /dev/null +++ b/filebeat/module/iptables/README.md @@ -0,0 +1,3 @@ +# iptables module + + diff --git a/filebeat/module/iptables/_meta/config.yml b/filebeat/module/iptables/_meta/config.yml new file mode 100644 index 00000000000..0de64687f6e --- /dev/null +++ b/filebeat/module/iptables/_meta/config.yml @@ -0,0 +1,10 @@ +- module: iptables + log: + enabled: true + + # Set which input to use between syslog (default) or file. + #var.input: + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: diff --git a/filebeat/module/iptables/_meta/docs.asciidoc b/filebeat/module/iptables/_meta/docs.asciidoc new file mode 100644 index 00000000000..f95425b7148 --- /dev/null +++ b/filebeat/module/iptables/_meta/docs.asciidoc @@ -0,0 +1,79 @@ +[role="xpack"] + +:modulename: iptables +:has-dashboards: true + +== Iptables module + +This is a module for iptables and ip6tables logs. It parses logs received +over the network via syslog or from a file. Also, it understands the prefix added +by some Ubiquiti firewalls, which includes the rule set name, rule number and +the action performed on the traffic (allow/deny). + +When you run the module, it performs a few tasks under the hood: + +* Sets the default input to `syslog` and binds to `localhost` port `9001` + (but don’t worry, you can override the defaults). + +* Uses ingest node to parse and process the log lines, shaping the data into + a structure suitable for visualizing in Kibana. + +* Deploys dashboards for visualizing the log data. + +include::../include/gs-link.asciidoc[] + +include::../include/configuring-intro.asciidoc[] + +The module is by default configured to run via syslog on port 9001. However +it can also be configured to read from a file path. See the following example. + +["source","yaml",subs="attributes"] +----- +- module: iptables + log: + enabled: true + var.paths: ["/var/log/iptables.log"] + var.input: "file" +----- + +:fileset_ex: log + +include::../include/config-option-intro.asciidoc[] + +[float] +==== `log` log fileset settings + +include::../include/var-paths.asciidoc[] + +*`var.syslog_host`*:: + +The interface to listen to UDP based syslog traffic. Defaults to `localhost`. +Set to `0.0.0.0` to bind to all available interfaces. + +*`var.syslog_port`*:: + +The UDP port to listen for syslog traffic. Defaults to `9001` + +NOTE: Ports below 1024 require Filebeat to run as root. + +include::../include/timezone-support.asciidoc[] + +[float] +=== Example dashboard + +This module comes with sample dashboards showing geolocation and network +protocols used. One for all iptables logs: + +[role="screenshot"] +image::./images/kibana-iptables.png[] + +and one specific for Ubiquiti Firewall logs: + +[role="screenshot"] +image::./images/kibana-iptables-ubiquiti.png[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/iptables/_meta/fields.yml b/filebeat/module/iptables/_meta/fields.yml new file mode 100644 index 00000000000..797e069697d --- /dev/null +++ b/filebeat/module/iptables/_meta/fields.yml @@ -0,0 +1,10 @@ +- key: iptables + title: iptables + description: > + Module for handling the iptables logs. + fields: + - name: iptables + type: group + description: > + Fields from the iptables logs. + fields: diff --git a/filebeat/module/iptables/_meta/kibana/7/dashboard/Filebeat-Iptables-Overview.json b/filebeat/module/iptables/_meta/kibana/7/dashboard/Filebeat-Iptables-Overview.json new file mode 100644 index 00000000000..066c8f16221 --- /dev/null +++ b/filebeat/module/iptables/_meta/kibana/7/dashboard/Filebeat-Iptables-Overview.json @@ -0,0 +1,759 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "b3f1b010-1f26-11e9-8ec4-cf5d91a864b3-ecs", + "title": "Events Timeline [Filebeat Iptables] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "time_zone": "Europe/Berlin", + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Events Timeline [Filebeat Iptables] ECS", + "type": "area" + } + }, + "id": "4c913eb0-1f51-11e9-93ed-f7e068f4aebb-ecs", + "type": "visualization", + "updated_at": "2019-01-23T20:56:04.891Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "iptables.length:*" + } + } + }, + "savedSearchId": "b3f1b010-1f26-11e9-8ec4-cf5d91a864b3-ecs", + "title": "Top Source Countries [Filebeat Iptables] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Country", + "field": "source.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Source Countries [Filebeat Iptables] ECS", + "type": "table" + } + }, + "id": "2599f5e0-1e98-11e9-8ec4-cf5d91a864b3-ecs", + "type": "visualization", + "updated_at": "2019-01-23T20:51:02.293Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "iptables.length:*" + } + } + }, + "savedSearchId": "b3f1b010-1f26-11e9-8ec4-cf5d91a864b3-ecs", + "title": "Source Map [Filebeat Iptables] ECS", + "uiStateJSON": { + "mapCenter": [ + 45.02695045318546, + -44.82421875000001 + ], + "mapZoom": 3 + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "source.geo.location", + "isFilteredByCollar": true, + "mapCenter": [ + 0, + 0 + ], + "mapZoom": 2, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "colorSchema": "Yellow to Red", + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + }, + "selectedTmsLayer": { + "attribution": "\u003cp\u003e\u0026#169; \u003ca href=\"http://www.openstreetmap.org/copyright\"\u003eOpenStreetMap\u003c/a\u003e contributors | \u003ca href=\"https://www.elastic.co/elastic-maps-service\"\u003eElastic Maps Service\u003c/a\u003e\u003c/p\u003e\u0026#10;", + "id": "road_map", + "maxZoom": 18, + "minZoom": 0, + "origin": "elastic_maps_service" + } + } + }, + "title": "Source Map [Filebeat Iptables] ECS", + "type": "tile_map" + } + }, + "id": "c4394ec0-1efd-11e9-8ec4-cf5d91a864b3-ecs", + "type": "visualization", + "updated_at": "2019-01-23T20:51:02.293Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "iptables.length:*" + } + } + }, + "savedSearchId": "b3f1b010-1f26-11e9-8ec4-cf5d91a864b3-ecs", + "title": "Destination Map [Filebeat Iptables] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "destination.geo.location", + "isFilteredByCollar": true, + "mapCenter": [ + 0, + 0 + ], + "mapZoom": 2, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "colorSchema": "Yellow to Red", + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + }, + "selectedTmsLayer": { + "attribution": "\u003cp\u003e\u0026#169; \u003ca href=\"http://www.openstreetmap.org/copyright\"\u003eOpenStreetMap\u003c/a\u003e contributors | \u003ca href=\"https://www.elastic.co/elastic-maps-service\"\u003eElastic Maps Service\u003c/a\u003e\u003c/p\u003e\u0026#10;", + "id": "road_map", + "maxZoom": 18, + "minZoom": 0, + "origin": "elastic_maps_service" + } + } + }, + "title": "Destination Map [Filebeat Iptables] ECS", + "type": "tile_map" + } + }, + "id": "d8cea010-1efd-11e9-8ec4-cf5d91a864b3-ecs", + "type": "visualization", + "updated_at": "2019-01-23T20:51:02.293Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "iptables.length:*" + } + } + }, + "savedSearchId": "b3f1b010-1f26-11e9-8ec4-cf5d91a864b3-ecs", + "title": "Network Type Breakdown [Filebeat Iptables] ECS", + "uiStateJSON": { + "vis": { + "legendOpen": false + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.type", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Network Type Breakdown [Filebeat Iptables] ECS", + "type": "pie" + } + }, + "id": "b57b7370-1f1d-11e9-8ec4-cf5d91a864b3-ecs", + "type": "visualization", + "updated_at": "2019-01-23T20:51:02.293Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "iptables.length:*" + } + } + }, + "savedSearchId": "b3f1b010-1f26-11e9-8ec4-cf5d91a864b3-ecs", + "title": "Network Transport Breakdown [Filebeat Iptables] ECS", + "uiStateJSON": { + "vis": { + "legendOpen": false + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Network Transport Breakdown [Filebeat Iptables] ECS", + "type": "pie" + } + }, + "id": "35fe0910-1f26-11e9-8ec4-cf5d91a864b3-ecs", + "type": "visualization", + "updated_at": "2019-01-23T20:51:02.293Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "iptables.length:*" + } + } + }, + "savedSearchId": "b3f1b010-1f26-11e9-8ec4-cf5d91a864b3-ecs", + "title": "Top Destination Ports [Filebeat Iptables] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Port", + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Destination Ports [Filebeat Iptables] ECS", + "type": "table" + } + }, + "id": "683402b0-1f29-11e9-8ec4-cf5d91a864b3-ecs", + "type": "visualization", + "updated_at": "2019-01-23T20:51:02.293Z", + "version": 1 + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "kuery", + "query": "iptables.length :*" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Events Search [Filebeat Iptables] ECS", + "version": 1 + }, + "id": "b3f1b010-1f26-11e9-8ec4-cf5d91a864b3-ecs", + "type": "search", + "updated_at": "2019-01-23T20:51:02.293Z", + "version": 1 + }, + { + "attributes": { + "description": "Overview of the iptables events dashboard.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "1", + "w": 37, + "x": 0, + "y": 0 + }, + "id": "4c913eb0-1f51-11e9-93ed-f7e068f4aebb-ecs", + "panelIndex": "1", + "type": "visualization", + "version": "6.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "2", + "w": 11, + "x": 37, + "y": 0 + }, + "id": "2599f5e0-1e98-11e9-8ec4-cf5d91a864b3-ecs", + "panelIndex": "2", + "type": "visualization", + "version": "6.6.0" + }, + { + "embeddableConfig": { + "mapCenter": [ + 47.15984001304432, + -47.02148437500001 + ], + "mapZoom": 2 + }, + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 0, + "y": 15 + }, + "id": "c4394ec0-1efd-11e9-8ec4-cf5d91a864b3-ecs", + "panelIndex": "3", + "type": "visualization", + "version": "6.6.0" + }, + { + "embeddableConfig": { + "mapCenter": [ + 49.15296965617042, + -27.949218750000004 + ], + "mapZoom": 2 + }, + "gridData": { + "h": 15, + "i": "4", + "w": 24, + "x": 24, + "y": 15 + }, + "id": "d8cea010-1efd-11e9-8ec4-cf5d91a864b3-ecs", + "panelIndex": "4", + "type": "visualization", + "version": "6.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "5", + "w": 19, + "x": 0, + "y": 30 + }, + "id": "b57b7370-1f1d-11e9-8ec4-cf5d91a864b3-ecs", + "panelIndex": "5", + "type": "visualization", + "version": "6.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "6", + "w": 18, + "x": 19, + "y": 30 + }, + "id": "35fe0910-1f26-11e9-8ec4-cf5d91a864b3-ecs", + "panelIndex": "6", + "type": "visualization", + "version": "6.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "7", + "w": 11, + "x": 37, + "y": 30 + }, + "id": "683402b0-1f29-11e9-8ec4-cf5d91a864b3-ecs", + "panelIndex": "7", + "type": "visualization", + "version": "6.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 19, + "i": "8", + "w": 48, + "x": 0, + "y": 45 + }, + "id": "b3f1b010-1f26-11e9-8ec4-cf5d91a864b3-ecs", + "panelIndex": "8", + "type": "search", + "version": "6.6.0" + } + ], + "timeRestore": false, + "title": "[Filebeat Iptables] Overview ECS", + "version": 1 + }, + "id": "ceefb9e0-1f51-11e9-93ed-f7e068f4aebb-ecs", + "type": "dashboard", + "updated_at": "2019-01-23T20:59:43.614Z", + "version": 1 + } + ], + "version": "6.6.0" +} diff --git a/filebeat/module/iptables/_meta/kibana/7/dashboard/Filebeat-Iptables-Ubiquiti-Firewall-Overview.json b/filebeat/module/iptables/_meta/kibana/7/dashboard/Filebeat-Iptables-Ubiquiti-Firewall-Overview.json new file mode 100644 index 00000000000..94b0e96fab8 --- /dev/null +++ b/filebeat/module/iptables/_meta/kibana/7/dashboard/Filebeat-Iptables-Ubiquiti-Firewall-Overview.json @@ -0,0 +1,848 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "c4e80aa0-1fd4-11e9-ae2a-939083c6a64e-ecs", + "title": "Ubiquiti Firewall Event Timeline [Filebeat Iptables] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "allow": "#64B0C8", + "deny": "#E24D42" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "2019-01-24T15:47:12.171Z", + "mode": "absolute", + "to": "2019-01-24T15:47:52.785Z" + }, + "time_zone": "Europe/Berlin", + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "top", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Ubiquiti Firewall Event Timeline [Filebeat Iptables] ECS", + "type": "histogram" + } + }, + "id": "758b3620-1fda-11e9-ae2a-939083c6a64e-ecs", + "type": "visualization", + "updated_at": "2019-01-24T16:37:11.788Z", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "9f7d97c0-1fe9-11e9-ae2a-939083c6a64e-ecs", + "title": "Ubiquiti Firewall Top Blocked IPs [Filebeat Iptables] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source IP", + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Ubiquiti Firewall Top Blocked IPs [Filebeat Iptables] ECS", + "type": "table" + } + }, + "id": "1ba82fd0-1ff0-11e9-ae2a-939083c6a64e-ecs", + "type": "visualization", + "updated_at": "2019-01-24T16:06:20.635Z", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "7862cab0-1fdb-11e9-ae2a-939083c6a64e-ecs", + "title": "Ubiquiti Firewall Allowed Traffic Map [Filebeat Iptables] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "source.geo.location", + "isFilteredByCollar": true, + "mapCenter": [ + 0, + 0 + ], + "mapZoom": 2, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "colorSchema": "Yellow to Red", + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + }, + "selectedTmsLayer": { + "attribution": "\u003cp\u003e\u0026#169; \u003ca href=\"http://www.openstreetmap.org/copyright\"\u003eOpenStreetMap\u003c/a\u003e contributors | \u003ca href=\"https://www.elastic.co/elastic-maps-service\"\u003eElastic Maps Service\u003c/a\u003e\u003c/p\u003e\u0026#10;", + "id": "road_map", + "maxZoom": 18, + "minZoom": 0, + "origin": "elastic_maps_service" + } + } + }, + "title": "Ubiquiti Firewall Allowed Traffic Map [Filebeat Iptables] ECS", + "type": "tile_map" + } + }, + "id": "5bd53050-1fe9-11e9-ae2a-939083c6a64e-ecs", + "type": "visualization", + "updated_at": "2019-01-24T15:04:34.005Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "9f7d97c0-1fe9-11e9-ae2a-939083c6a64e-ecs", + "title": "Ubiquiti Firewall Blocked Traffic Map [Filebeat Iptables] ECS", + "uiStateJSON": { + "mapCenter": [ + 19.228176737766262, + -22.851562500000004 + ], + "mapZoom": 3 + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "source.geo.location", + "isFilteredByCollar": true, + "mapCenter": [ + 0, + 0 + ], + "mapZoom": 2, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "colorSchema": "Yellow to Red", + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + }, + "selectedTmsLayer": { + "attribution": "\u003cp\u003e\u0026#169; \u003ca href=\"http://www.openstreetmap.org/copyright\"\u003eOpenStreetMap\u003c/a\u003e contributors | \u003ca href=\"https://www.elastic.co/elastic-maps-service\"\u003eElastic Maps Service\u003c/a\u003e\u003c/p\u003e\u0026#10;", + "id": "road_map", + "maxZoom": 18, + "minZoom": 0, + "origin": "elastic_maps_service" + } + } + }, + "title": "Ubiquiti Firewall Blocked Traffic Map [Filebeat Iptables] ECS", + "type": "tile_map" + } + }, + "id": "8853aa20-1fef-11e9-ae2a-939083c6a64e-ecs", + "type": "visualization", + "updated_at": "2019-01-24T15:50:31.689Z", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "c4e80aa0-1fd4-11e9-ae2a-939083c6a64e-ecs", + "title": "Ubiquiti Firewall Traffic Breakdown [Filebeat Iptables] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "deny": "#E24D42", + "icmp": "#F29191", + "ipv4": "#65C5DB", + "ipv6": "#D683CE", + "ipv6-icmp": "#EA6460", + "tcp": "#447EBC", + "udp": "#F2C96D" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "network.type", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "network.transport", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": false, + "show": true, + "truncate": 100, + "values": false + }, + "legendPosition": "top", + "type": "pie" + }, + "title": "Ubiquiti Firewall Traffic Breakdown [Filebeat Iptables] ECS", + "type": "pie" + } + }, + "id": "fdea1ad0-1ff4-11e9-ae2a-939083c6a64e-ecs", + "type": "visualization", + "updated_at": "2019-01-24T16:27:50.397Z", + "version": 1 + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "kuery", + "query": "iptables.ubiquiti.rule_set :*" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Ubiquiti Firewall Events [Filebeat Iptables] ECS", + "version": 1 + }, + "id": "c4e80aa0-1fd4-11e9-ae2a-939083c6a64e-ecs", + "type": "search", + "updated_at": "2019-01-24T12:37:10.858Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "c4e80aa0-1fd4-11e9-ae2a-939083c6a64e-ecs", + "title": "Ubiquiti Firewall Traffic by Port [Filebeat Iptables] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "event.outcome", + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "row": false, + "size": 5 + }, + "schema": "split", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination port", + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Ubiquiti Firewall Traffic by Port [Filebeat Iptables] ECS", + "type": "table" + } + }, + "id": "190bcb50-1ff6-11e9-ae2a-939083c6a64e-ecs", + "type": "visualization", + "updated_at": "2019-01-24T16:35:45.413Z", + "version": 1 + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "kuery", + "query": "iptables.ubiquiti.rule_set :* and event.outcome : \"deny\"" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Ubiquiti Firewall Blocked Events [Filebeat Iptables] ECS", + "version": 1 + }, + "id": "9f7d97c0-1fe9-11e9-ae2a-939083c6a64e-ecs", + "type": "search", + "updated_at": "2019-01-24T15:35:33.942Z", + "version": 2 + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "kuery", + "query": "iptables.ubiquiti.rule_set :* and event.outcome : \"allow\"" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Ubiquiti Firewall Allowed Events [Filebeat Iptables] ECS", + "version": 1 + }, + "id": "7862cab0-1fdb-11e9-ae2a-939083c6a64e-ecs", + "type": "search", + "updated_at": "2019-01-24T15:04:12.010Z", + "version": 3 + }, + { + "attributes": { + "description": "Overview of the Ubiquiti Firewall iptables events dashboard.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "colors": { + "allow": "#64B0C8", + "deny": "#E24D42" + }, + "legendOpen": true + } + }, + "gridData": { + "h": 15, + "i": "1", + "w": 33, + "x": 0, + "y": 0 + }, + "id": "758b3620-1fda-11e9-ae2a-939083c6a64e-ecs", + "panelIndex": "1", + "title": "Event Timeline", + "type": "visualization", + "version": "6.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "2", + "w": 15, + "x": 33, + "y": 0 + }, + "id": "1ba82fd0-1ff0-11e9-ae2a-939083c6a64e-ecs", + "panelIndex": "2", + "title": "Top Blocked by source IP", + "type": "visualization", + "version": "6.6.0" + }, + { + "embeddableConfig": { + "mapCenter": [ + 39.095962936305476, + -22.148437500000004 + ], + "mapZoom": 2 + }, + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 0, + "y": 15 + }, + "id": "5bd53050-1fe9-11e9-ae2a-939083c6a64e-ecs", + "panelIndex": "3", + "title": "Allowed Traffic Map", + "type": "visualization", + "version": "6.6.0" + }, + { + "embeddableConfig": { + "mapCenter": [ + 46.31658418182218, + -34.10156250000001 + ], + "mapZoom": 2 + }, + "gridData": { + "h": 15, + "i": "4", + "w": 24, + "x": 24, + "y": 15 + }, + "id": "8853aa20-1fef-11e9-ae2a-939083c6a64e-ecs", + "panelIndex": "4", + "title": "Blocked Traffic Map", + "type": "visualization", + "version": "6.6.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "allow": "#7EB26D", + "deny": "#E24D42", + "icmp": "#F29191", + "ipv4": "#65C5DB", + "ipv6": "#D683CE", + "ipv6-icmp": "#EA6460", + "tcp": "#447EBC", + "udp": "#F2C96D" + } + } + }, + "gridData": { + "h": 18, + "i": "5", + "w": 24, + "x": 0, + "y": 30 + }, + "id": "fdea1ad0-1ff4-11e9-ae2a-939083c6a64e-ecs", + "panelIndex": "5", + "title": "Traffic Breakdown by Protocol", + "type": "visualization", + "version": "6.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 27, + "i": "6", + "w": 48, + "x": 0, + "y": 48 + }, + "id": "c4e80aa0-1fd4-11e9-ae2a-939083c6a64e-ecs", + "panelIndex": "6", + "title": "Event View", + "type": "search", + "version": "6.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 18, + "i": "7", + "w": 24, + "x": 24, + "y": 30 + }, + "id": "190bcb50-1ff6-11e9-ae2a-939083c6a64e-ecs", + "panelIndex": "7", + "title": "Traffic Breakdown by Port", + "type": "visualization", + "version": "6.6.0" + } + ], + "timeRestore": false, + "title": "[Filebeat Iptables] Ubiquiti Firewall Overview ECS", + "version": 1 + }, + "id": "d39f0980-1ff3-11e9-ae2a-939083c6a64e-ecs", + "type": "dashboard", + "updated_at": "2019-01-24T16:38:35.174Z", + "version": 4 + } + ], + "version": "6.6.0" +} diff --git a/filebeat/module/iptables/fields.go b/filebeat/module/iptables/fields.go new file mode 100644 index 00000000000..d0d03470bf4 --- /dev/null +++ b/filebeat/module/iptables/fields.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package iptables + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "iptables", asset.ModuleFieldsPri, AssetIptables); err != nil { + panic(err) + } +} + +// AssetIptables returns asset data. +// This is the base64 encoded gzipped contents of module/iptables. +func AssetIptables() string { + return "eJy0l09vozwQxu/5FPMB3ub4HnJYqWq2UqV2W2nTvUaOPYAVY1N7SEQ//comUBKIQ0OWI3+e38x4/Ay+gy1WC5AFsY1CNwMgSQqP7gh03MqCpNEL+DEDAHgxolQIibGQMS2U1ClQhu1XoEzq5jOARKISbhE+ugPN8mNpf1FV4AJSa8ricGcA6K/HoAWJNfkwzF9dYBeKlKFde1b7qEEro9POzTN0f/1hqkQwScAHRY0UVGouSIGaZFI19dBIe2O3oFiFFgpryHCj5q1oL8xEmf1asQ2qXphSE6Zox0X69Lb7P4hBEIsRLUtz1LROFEtdj7rFam+sGEtt5SDIzeEeuMk3UjP/vi/dw8//YPkITAt4eRwTl0kShzRh1V6DQLNsvLTWx9eJNRKF5HnRQ3d79VJFHl7eDj057zw47dLOo4bMjcAjqcG0o/AD3isNpNhJUtwG9LSMYgpmWY501MITaK1cFGpRSIucBpiy+Cax0QImhEXnomCHH7fJ0+FHiZoj6DLfXMj2xN8mUP2HsX0hJmzIN8a3SI1ZysGcWpDmJi8UEq43FWHfoMZjf4X6eR/4EoUgGuUXJa0F7iTvT45vmeMyaABljMAiR7lDERypCOWIxFD414XvgfVGUr8ELjOWRjv0lxp4tQiXzJRyB9jKz0aTwG+0IftgfBGkQp1SNr23ap0IyJT0Lxa2lh23rMQnjZbVw5WT5XTQn0/6wvqGCMKYjzuwQ7tDcdq757p3BLSRPNfAt3VhT/yOCTO+vQnznm+12SsU9Q/VCPJeamH2k+H3YoeWpEMR4qhVwcnP2EQgmvjLupI5wsrAs9xd9olSTNo778sr907Pn66r8HOQaX5JfTQZMoE2/BYXrFKGRbPfyI9SkpxSguY0ZSy8H+Ta40rtimNrczosP43Gk3zPG8yFQgE8eU3wmoOt33P029Jfaz8fgbelwnW9R6/E9+CrDIPsYevDXlImdWiZcNsNjpdeUMenp9tE5A9UHjGf/Q0AAP//R0INxw==" +} diff --git a/filebeat/module/iptables/log/_meta/fields.yml b/filebeat/module/iptables/log/_meta/fields.yml new file mode 100644 index 00000000000..6b1617ab450 --- /dev/null +++ b/filebeat/module/iptables/log/_meta/fields.yml @@ -0,0 +1,163 @@ +- name: ether_type + type: long + description: > + Value of the ethernet type field identifying the network layer protocol. + +- name: flow_label + type: integer + description: > + IPv6 flow label. + +- name: fragment_flags + type: keyword + description: > + IP fragment flags. A combination of CE, DF and MF. + +- name: fragment_offset + type: long + description: > + Offset of the current IP fragment. + +- name: icmp + type: group + description: > + ICMP fields. + fields: + + - name: code + type: long + description: > + ICMP code. + + - name: id + type: long + description: > + ICMP ID. + + - name: parameter + type: long + description: > + ICMP parameter. + + - name: redirect + type: ip + description: > + ICMP redirect address. + + - name: seq + type: long + description: > + ICMP sequence number. + + - name: type + type: long + description: > + ICMP type. + +- name: id + type: long + description: > + Packet identifier. + +- name: incomplete_bytes + type: long + description: > + Number of incomplete bytes. + +- name: input_device + type: keyword + description: > + Device that received the packet. + +- name: precedence_bits + type: short + description: > + IP precedence bits. + +- name: tos + type: long + description: > + IP Type of Service field. + +- name: length + type: long + description: > + Packet length. + +- name: output_device + type: keyword + description: > + Device that output the packet. + +- name: tcp + type: group + description: > + TCP fields. + fields: + + - name: flags + type: keyword + description: > + TCP flags. + + - name: reserved_bits + type: short + description: > + TCP reserved bits. + + - name: seq + type: long + description: > + TCP sequence number. + + - name: ack + type: long + description: > + TCP Acknowledgment number. + + - name: window + type: long + description: > + Advertised TCP window size. + +- name: ttl + type: integer + description: > + Time To Live field. + +- name: udp + type: group + description: > + UDP fields. + fields: + + - name: length + type: long + description: > + Length of the UDP header and payload. + +- name: ubiquiti + type: group + description: > + Fields for Ubiquiti network devices. + fields: + + - name: input_zone + type: keyword + description: > + Input zone. + + - name: output_zone + type: keyword + description: > + Output zone. + + - name: rule_number + type: keyword + description: + The rule number within the rule set. + + - name: rule_set + type: keyword + description: + The rule set name. diff --git a/filebeat/module/iptables/log/config/input.yml b/filebeat/module/iptables/log/config/input.yml new file mode 100644 index 00000000000..c1008a7fcc8 --- /dev/null +++ b/filebeat/module/iptables/log/config/input.yml @@ -0,0 +1,53 @@ +{{ if eq .input "syslog" }} + +type: syslog +protocol.udp: + host: "{{.syslog_host}}:{{.syslog_port}}" + +{{ else if eq .input "file" }} + +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] + +{{ end }} + +tags: {{.tags}} + +processors: + - add_locale: ~ +{{ if .community_id }} + - dissect: + tokenizer: "%{} SRC=%{source.ip} DST=%{destination.ip} " + field: "message" + target_prefix: "" + - dissect: + tokenizer: "%{} PROTO=%{network.transport} " + field: "message" + target_prefix: "" + - if: + or: + - equals.network.transport: TCP + - equals.network.transport: UDP + - equals.network.transport: SCTP + then: + dissect: + tokenizer: "%{} SPT=%{source.port} DPT=%{destination.port} " + field: "message" + target_prefix: "" + else: + dissect: + when:or: + - equals.network.transport: ICMP + - equals.network.transport: ICMPv6 + tokenizer: "%{} TYPE=%{iptables.icmp.type} CODE=%{iptables.icmp.code} " + field: "message" + target_prefix: "" + - community_id: + fields: + icmp_type: iptables.icmp.type + icmp_code: iptables.icmp.code +{{ end}} diff --git a/filebeat/module/iptables/log/ingest/pipeline.yml b/filebeat/module/iptables/log/ingest/pipeline.yml new file mode 100644 index 00000000000..68b4c62f6ae --- /dev/null +++ b/filebeat/module/iptables/log/ingest/pipeline.yml @@ -0,0 +1,259 @@ +description: Pipeline for IPTables +processors: +- grok: + field: message + patterns: + - '%{SYSLOGTIMESTAMP:iptables.raw_date}%{GREEDYDATA}\[%{UBIQUITI_LABEL}\]%{IPTABLES}%{SPACE}' + - '%{SYSLOGTIMESTAMP:iptables.raw_date}%{GREEDYDATA}%{IPTABLES}%{SPACE}' + - '%{GREEDYDATA}\[%{UBIQUITI_LABEL}\]%{IPTABLES}%{SPACE}' + - '%{GREEDYDATA}%{IPTABLES}%{SPACE}' + pattern_definitions: + UNSIGNED_INT: '[0-9]+' + ETHTYPE: (?:[A-Fa-f0-9]{2}):(?:[A-Fa-f0-9]{2}) + ETHTYPE_DISCARD: (?::[A-Fa-f0-9]{2})* + NETFILTERMAC: (?:%{MAC:destination.mac}:%{MAC:source.mac}:%{ETHTYPE:iptables.ether_type}?%{ETHTYPE_DISCARD}|%{MAC:destination.mac}%{ETHTYPE_DISCARD}:%{ETHTYPE:iptables.ether_type}?) + IPTABLES_ETHERNET: 'IN=%{DATA:iptables.input_device} OUT=%{DATA:iptables.output_device}?(?: + MAC=%{NETFILTERMAC})?' + IPTABLES_PORT_PAIR: SPT=%{UNSIGNED_INT:source.port:int} DPT=%{UNSIGNED_INT:destination.port:int} + IPTABLES_TCP_FLAGS: (CWR |ECE |URG |ACK |PSH |RST |SYN |FIN )* + IPTABLES_TCP_SEQ: SEQ=%{UNSIGNED_INT:iptables.tcp.seq:int} ACK=%{UNSIGNED_INT:iptables.tcp.ack:int} + IPTABLES_TCP_DETAILS: (?:%{IPTABLES_TCP_SEQ} )?WINDOW=%{UNSIGNED_INT:iptables.tcp.window:int} + RES=0x%{BASE16NUM:iptables.tcp_reserved_bits} %{IPTABLES_TCP_FLAGS:iptables.tcp.flags} + IPTABLES_INCOMPLETE_PACKET: INCOMPLETE \[%{UNSIGNED_INT:iptables.incomplete_bytes:int} + bytes\] + IPTABLES_UDP_DETAILS: LEN=%{UNSIGNED_INT:iptables.udp.length:int} + IPTABLES_ICMP_EXTRA_ECHO: ID=%{UNSIGNED_INT:iptables.icmp.id:int} SEQ=%{UNSIGNED_INT:iptables.icmp.seq:int} + IPTABLES_ICMP_EXTRA_PARAM: PARAMETER=%{UNSIGNED_INT:iptables.icmp.parameter:int} + IPTABLES_ICMP_EXTRA_REDIRECT: GATEWAY=%{IP:iptables.icmp.redirect} + IPTABLES_ICMP_EXTRA: ( (?:%{IPTABLES_ICMP_EXTRA_ECHO}|%{IPTABLES_ICMP_EXTRA_PARAM}|%{IPTABLES_ICMP_EXTRA_REDIRECT}))* + IPTABLES_ICMP_DETAILS: TYPE=%{UNSIGNED_INT:iptables.icmp.type:int} CODE=%{UNSIGNED_INT:iptables.icmp.code:int}(( + %{IPTABLES_INCOMPLETE_PACKET})|%{IPTABLES_ICMP_EXTRA}) + IPTABLES_PROTOCOL: PROTO=(?[a-zA-Z0-9]+) + IPTABLES_IP_PAYLOAD: '%{IPTABLES_PROTOCOL}( %{IPTABLES_PORT_PAIR})?( (%{IPTABLES_TCP_DETAILS}|%{IPTABLES_UDP_DETAILS}|%{IPTABLES_ICMP_DETAILS}|%{IPTABLES_INCOMPLETE_PACKET}))?' + IPTABLES_IP_FRAGFLAG: ((?<= )(CE|DF|MF))* + IPTABLES_IP_START: 'SRC=%{IPV4:source.ip} DST=%{IPV4:destination.ip} LEN=%{UNSIGNED_INT:iptables.length:int} + TOS=0x%{BASE16NUM:iptables.tos} PREC=0x%{BASE16NUM:iptables.precedence_bits} + TTL=%{UNSIGNED_INT:iptables.ttl:int} ID=%{UNSIGNED_INT:iptables.id:int}(?: + %{IPTABLES_IP_FRAGFLAG:iptables.fragment_flags})?(?: FRAG: %{UNSIGNED_INT:iptables.fragment_offset:int})?' + IPTABLES_IP: '%{IPTABLES_IP_START} %{IPTABLES_IP_PAYLOAD}' + IPTABLES_IPV6_START: SRC=%{IPV6:source.ip} DST=%{IPV6:destination.ip} LEN=%{UNSIGNED_INT:iptables.length:int} + TC=%{UNSIGNED_INT:iptables.tos} HOPLIMIT=%{UNSIGNED_INT:iptables.ttl:int} + FLOWLBL=%{UNSIGNED_INT:iptables.flow_label:int} + IPTABLES_IPV6: '%{IPTABLES_IPV6_START} %{IPTABLES_IP_PAYLOAD}' + IPTABLES: '%{IPTABLES_ETHERNET} (:?%{IPTABLES_IP}|%{IPTABLES_IPV6})' + UBIQUITI_FIELD: '[^-\]]*' + UBIQUITI_RULESET_NAME: '[^\]]*' + UBIQUITI_LABEL: '%{UBIQUITI_RULESET_NAME:iptables.ubiquiti.rule_set}-%{UBIQUITI_FIELD:iptables.ubiquiti.rule_number}-%{UBIQUITI_FIELD:event.action}' +- rename: + field: message + target_field: log.original +- grok: + field: iptables.ubiquiti.rule_set + ignore_missing: true + ignore_failure: true + patterns: + - '%{UBIQUITI_FIELD:iptables.ubiquiti.input_zone}-%{UBIQUITI_FIELD:iptables.ubiquiti.output_zone}' + pattern_definitions: + UBIQUITI_FIELD: '[^-]*' +- date: + if: ctx.event.timezone == null + field: iptables.raw_date + formats: + - MMM d HH:mm:ss + - MMM dd HH:mm:ss + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- date: + if: ctx.event.timezone != null + field: iptables.raw_date + formats: + - MMM d HH:mm:ss + - MMM dd HH:mm:ss + timezone: '{{ event.timezone }}' + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- remove: + field: iptables.raw_date + ignore_missing: true +- lowercase: + field: network.transport + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- script: + lang: painless + params: + mappings: + - source: + object: iptables + key: ether_type + destination: + object: network + key: type + map: + 08:00: ipv4 + 86:dd: ipv6 + - source: + object: event + key: action + destination: + object: event + key: action + map: + D: drop + A: accept + - source: + object: event + key: action + destination: + object: event + key: type + map: + drop: denied + accept: allowed + - source: + object: network + key: transport + destination: + object: network + key: transport + map: + icmpv6: ipv6-icmp + source: >- + for (action in params.mappings) { + def src = ctx[action.source.object]; + if (src != null) { + Map map = action.map; + String key = src[action.source.key]; + String mapping = map[key]; + if (mapping != null) { + Map dst = ctx[action.destination.object]; + if (dst == null) { + dst = new HashMap(); + ctx[action.destination.object] = dst; + } + dst[action.destination.key] = mapping; + } + } + } + +- script: + lang: painless + params: + hex_fields_to_convert: + - ether_type + - tos + - precedence_bits + - tcp_reserved_bits + source: >- + def iptables = ctx['iptables']; + if (iptables != null) { + for (key in params.hex_fields_to_convert) { + long value = 0; + def field = iptables[key]; + if (field == null) continue; + char[] hex = field.toLowerCase().toCharArray(); + for (chr in hex) { + long v = -1; + if (chr >= (char) 'a' && chr <= (char) 'f') v = (long) chr - (char) 'a' + 10; + else if (chr >= (char) '0' && chr <= (char) '9') v = (long) chr - (char) '0'; + if (v >= 0) { + value = value * 16 + v; + } + } + iptables[key] = value; + } + } + +- set: + field: event.kind + value: event +- append: + field: event.category + value: network +- append: + field: event.type + value: connection + if: "ctx?.source?.ip != null && ctx?.destination?.ip != null" +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +- rename: + field: iptables.tcp_reserved_bits + target_field: iptables.tcp.reserved_bits + ignore_missing: true +- split: + field: iptables.tcp.flags + separator: "\\s+" + ignore_missing: true +- split: + field: iptables.fragment_flags + separator: "\\s+" + ignore_missing: true +- set: + field: observer.egress.zone + value: "{{iptables.ubiquiti.output_zone}}" + if: ctx?.iptables?.ubiquiti?.output_zone != null +- set: + field: observer.ingress.zone + value: "{{iptables.ubiquiti.input_zone}}" + if: ctx?.iptables?.ubiquiti?.input_zone != null +- set: + field: rule.id + value: "{{iptables.ubiquiti.rule_number}}" + if: ctx?.iptables?.ubiquiti?.rule_number != null +- set: + field: rule.name + value: "{{iptables.ubiquiti.rule_set}}" + if: ctx?.iptables?.ubiquiti?.rule_set != null +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/iptables/log/manifest.yml b/filebeat/module/iptables/log/manifest.yml new file mode 100644 index 00000000000..b93377397b9 --- /dev/null +++ b/filebeat/module/iptables/log/manifest.yml @@ -0,0 +1,23 @@ +module_version: "1.0" + +var: + - name: paths + default: + - /var/log/iptables.log + - name: tags + default: [iptables] + - name: syslog_host + default: localhost + - name: syslog_port + default: 9001 + - name: input + default: syslog + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/input.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/filebeat/module/iptables/log/test/geo.log b/filebeat/module/iptables/log/test/geo.log new file mode 100644 index 00000000000..1755a7853c0 --- /dev/null +++ b/filebeat/module/iptables/log/test/geo.log @@ -0,0 +1 @@ +Oct 10 07:25:12 Hostname kernel: [wan-lan-default-D]IN=eth0 OUT= MAC=90:10:20:76:8d:20:90:10:65:29:b6:2a:08:00 SRC=158.109.0.1 DST=10.4.0.5 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=38842 DPT=443 WINDOW=2853 RES=0x00 ACK URGP=0 diff --git a/filebeat/module/iptables/log/test/geo.log-expected.json b/filebeat/module/iptables/log/test/geo.log-expected.json new file mode 100644 index 00000000000..19f0b2a7143 --- /dev/null +++ b/filebeat/module/iptables/log/test/geo.log-expected.json @@ -0,0 +1,67 @@ +[ + { + "destination.ip": "10.4.0.5", + "destination.mac": "90:10:20:76:8d:20", + "destination.port": 443, + "event.action": "drop", + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "denied", + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.ether_type": 2048, + "iptables.fragment_flags": [ + "DF" + ], + "iptables.id": 0, + "iptables.input_device": "eth0", + "iptables.length": 52, + "iptables.output_device": "", + "iptables.precedence_bits": 0, + "iptables.tcp.flags": [ + "ACK" + ], + "iptables.tcp.reserved_bits": 0, + "iptables.tcp.window": 2853, + "iptables.tos": 0, + "iptables.ttl": 63, + "iptables.ubiquiti.input_zone": "wan", + "iptables.ubiquiti.output_zone": "lan", + "iptables.ubiquiti.rule_number": "default", + "iptables.ubiquiti.rule_set": "wan-lan", + "log.offset": 0, + "log.original": "Oct 10 07:25:12 Hostname kernel: [wan-lan-default-D]IN=eth0 OUT= MAC=90:10:20:76:8d:20:90:10:65:29:b6:2a:08:00 SRC=158.109.0.1 DST=10.4.0.5 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=38842 DPT=443 WINDOW=2853 RES=0x00 ACK URGP=0 ", + "network.community_id": "1:RGJPRWtru8Lg2itNyFREDvoRkNA=", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.zone": "lan", + "observer.ingress.zone": "wan", + "related.ip": [ + "158.109.0.1", + "10.4.0.5" + ], + "rule.id": "default", + "rule.name": "wan-lan", + "service.type": "iptables", + "source.as.number": 13041, + "source.as.organization.name": "Consorci de Serveis Universitaris de Catalunya", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.4172, + "source.geo.location.lon": -3.684, + "source.ip": "158.109.0.1", + "source.mac": "90:10:65:29:b6:2a", + "source.port": 38842, + "tags": [ + "iptables" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/iptables/log/test/icmp.log b/filebeat/module/iptables/log/test/icmp.log new file mode 100644 index 00000000000..6ab1f8c7ee6 --- /dev/null +++ b/filebeat/module/iptables/log/test/icmp.log @@ -0,0 +1 @@ +Jan 8 03:37:09 DENY: IN=eth0 OUT= MAC=90:10:28:5f:62:24:90:10:18:5a:89:2a:08:00 SRC=192.0.2.71 DST=192.0.2.83 LEN=88 TOS=0x00 PREC=0x00 TTL=118 ID=21684 PROTO=ICMP TYPE=3 CODE=3 [SRC=192.0.2.83 DST=192.168.173.191 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=UDP SPT=21458 DPT=62936 LEN=40 ] diff --git a/filebeat/module/iptables/log/test/icmp.log-expected.json b/filebeat/module/iptables/log/test/icmp.log-expected.json new file mode 100644 index 00000000000..fc5e515461c --- /dev/null +++ b/filebeat/module/iptables/log/test/icmp.log-expected.json @@ -0,0 +1,43 @@ +[ + { + "destination.ip": "192.0.2.83", + "destination.mac": "90:10:28:5f:62:24", + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.ether_type": 2048, + "iptables.icmp.code": 3, + "iptables.icmp.type": 3, + "iptables.id": 21684, + "iptables.input_device": "eth0", + "iptables.length": 88, + "iptables.output_device": "", + "iptables.precedence_bits": 0, + "iptables.tos": 0, + "iptables.ttl": 118, + "log.offset": 0, + "log.original": "Jan 8 03:37:09 DENY: IN=eth0 OUT= MAC=90:10:28:5f:62:24:90:10:18:5a:89:2a:08:00 SRC=192.0.2.71 DST=192.0.2.83 LEN=88 TOS=0x00 PREC=0x00 TTL=118 ID=21684 PROTO=ICMP TYPE=3 CODE=3 [SRC=192.0.2.83 DST=192.168.173.191 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=UDP SPT=21458 DPT=62936 LEN=40 ]", + "network.community_id": "1:T79jBEYlbFhpnIGt2rOuzIv31hE=", + "network.transport": "icmp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.71", + "192.0.2.83" + ], + "service.type": "iptables", + "source.ip": "192.0.2.71", + "source.mac": "90:10:18:5a:89:2a", + "tags": [ + "iptables" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/iptables/log/test/iptables.log b/filebeat/module/iptables/log/test/iptables.log new file mode 100644 index 00000000000..26a169f56ff --- /dev/null +++ b/filebeat/module/iptables/log/test/iptables.log @@ -0,0 +1,10 @@ +Jan 8 03:37:09 example-host kernel: iptables DROP_INPUT: IN=eth0 OUT= MAC=90:10:35:5a:1e:3a:90:10:9e:ec:2c:71:08:00 SRC=203.0.113.36 DST=172.16.54.114 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=15743 DF PROTO=TCP SPT=17805 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 +Jan 8 03:37:57 example-host kernel: iptables DROP_INPUT: IN=eth0 OUT= MAC=90:10:35:5a:1e:3a:90:10:76:e0:e2:d5:08:00 SRC=198.51.100.198 DST=172.16.54.114 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=17703 PROTO=TCP SPT=47091 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0 +Jan 8 03:38:45 example-host kernel: iptables DROP_INPUT: IN=eth0 OUT= MAC=90:10:35:5a:1e:3a:90:10:9e:ec:2c:71:08:00 SRC=203.0.113.201 DST=172.16.54.114 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=19619 DF PROTO=TCP SPT=59319 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 +Jan 8 03:39:25 example-host kernel: iptables DROP_INPUT: IN=eth0 OUT= MAC=90:10:35:5a:1e:3a:90:10:9e:ec:2c:71:08:00 SRC=203.0.113.246 DST=172.16.54.114 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=4255 DF PROTO=TCP SPT=44181 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 +Jan 8 03:40:21 example-host kernel: iptables DROP_INPUT: IN=eth0 OUT= MAC=90:10:35:5a:1e:3a:90:10:76:e0:e2:d5:08:00 SRC=203.0.113.208 DST=172.16.54.114 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=27150 DF PROTO=TCP SPT=64358 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 +Jan 8 03:40:25 example-host kernel: iptables DROP_INPUT: IN=eth0 OUT= MAC=90:10:35:5a:1e:3a:90:10:9e:ec:2c:71:08:00 SRC=198.51.100.160 DST=172.16.54.114 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=7264 PROTO=TCP SPT=58830 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 +Jan 8 03:41:17 example-host kernel: iptables DROP_INPUT: IN=eth0 OUT= MAC=90:10:35:5a:1e:3a:90:10:76:e0:e2:d5:08:00 SRC=198.51.100.115 DST=172.16.54.114 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=6101 DF PROTO=TCP SPT=51985 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 +Jan 8 03:41:23 example-host kernel: iptables DROP_INPUT: IN=eth0 OUT= MAC=90:10:35:5a:1e:3a:90:10:76:e0:e2:d5:08:00 SRC=198.51.100.167 DST=172.16.54.114 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=6319 DF PROTO=TCP SPT=4099 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 +Jan 8 03:43:18 example-host kernel: iptables DROP_INPUT: IN=eth0 OUT= MAC=90:10:35:5a:1e:3a:90:10:9e:ec:2c:71:08:00 SRC=198.51.100.19 DST=172.16.54.114 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=48624 PROTO=TCP SPT=59287 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 +Jan 8 03:43:42 example-host kernel: iptables DROP_INPUT: IN=eth0 OUT= MAC=90:10:35:5a:1e:3a:90:10:76:e0:e2:d5:08:00:45:00:00:00:00 SRC=198.51.100.68 DST=172.16.54.114 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=53296 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 diff --git a/filebeat/module/iptables/log/test/iptables.log-expected.json b/filebeat/module/iptables/log/test/iptables.log-expected.json new file mode 100644 index 00000000000..5589e8dc602 --- /dev/null +++ b/filebeat/module/iptables/log/test/iptables.log-expected.json @@ -0,0 +1,480 @@ +[ + { + "destination.ip": "172.16.54.114", + "destination.mac": "90:10:35:5a:1e:3a", + "destination.port": 445, + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.ether_type": 2048, + "iptables.fragment_flags": [ + "DF" + ], + "iptables.id": 15743, + "iptables.input_device": "eth0", + "iptables.length": 52, + "iptables.output_device": "", + "iptables.precedence_bits": 0, + "iptables.tcp.flags": [ + "SYN" + ], + "iptables.tcp.reserved_bits": 0, + "iptables.tcp.window": 8192, + "iptables.tos": 0, + "iptables.ttl": 115, + "log.offset": 0, + "log.original": "Jan 8 03:37:09 example-host kernel: iptables DROP_INPUT: IN=eth0 OUT= MAC=90:10:35:5a:1e:3a:90:10:9e:ec:2c:71:08:00 SRC=203.0.113.36 DST=172.16.54.114 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=15743 DF PROTO=TCP SPT=17805 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 ", + "network.community_id": "1:VD3aeZ6cGYX6uwOAUQ9NuxbobMI=", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.36", + "172.16.54.114" + ], + "service.type": "iptables", + "source.ip": "203.0.113.36", + "source.mac": "90:10:9e:ec:2c:71", + "source.port": 17805, + "tags": [ + "iptables" + ] + }, + { + "destination.ip": "172.16.54.114", + "destination.mac": "90:10:35:5a:1e:3a", + "destination.port": 1433, + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.ether_type": 2048, + "iptables.id": 17703, + "iptables.input_device": "eth0", + "iptables.length": 40, + "iptables.output_device": "", + "iptables.precedence_bits": 0, + "iptables.tcp.flags": [ + "SYN" + ], + "iptables.tcp.reserved_bits": 0, + "iptables.tcp.window": 1024, + "iptables.tos": 0, + "iptables.ttl": 243, + "log.offset": 259, + "log.original": "Jan 8 03:37:57 example-host kernel: iptables DROP_INPUT: IN=eth0 OUT= MAC=90:10:35:5a:1e:3a:90:10:76:e0:e2:d5:08:00 SRC=198.51.100.198 DST=172.16.54.114 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=17703 PROTO=TCP SPT=47091 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0 ", + "network.community_id": "1:r9MnuXFtcWUKzbVQ2vXn7XSQ2Fg=", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.198", + "172.16.54.114" + ], + "service.type": "iptables", + "source.ip": "198.51.100.198", + "source.mac": "90:10:76:e0:e2:d5", + "source.port": 47091, + "tags": [ + "iptables" + ] + }, + { + "destination.ip": "172.16.54.114", + "destination.mac": "90:10:35:5a:1e:3a", + "destination.port": 445, + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.ether_type": 2048, + "iptables.fragment_flags": [ + "DF" + ], + "iptables.id": 19619, + "iptables.input_device": "eth0", + "iptables.length": 52, + "iptables.output_device": "", + "iptables.precedence_bits": 0, + "iptables.tcp.flags": [ + "SYN" + ], + "iptables.tcp.reserved_bits": 0, + "iptables.tcp.window": 8192, + "iptables.tos": 0, + "iptables.ttl": 115, + "log.offset": 518, + "log.original": "Jan 8 03:38:45 example-host kernel: iptables DROP_INPUT: IN=eth0 OUT= MAC=90:10:35:5a:1e:3a:90:10:9e:ec:2c:71:08:00 SRC=203.0.113.201 DST=172.16.54.114 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=19619 DF PROTO=TCP SPT=59319 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 ", + "network.community_id": "1:vgBSpDUKSSgxOm6Y52jw6tCgiN8=", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.201", + "172.16.54.114" + ], + "service.type": "iptables", + "source.ip": "203.0.113.201", + "source.mac": "90:10:9e:ec:2c:71", + "source.port": 59319, + "tags": [ + "iptables" + ] + }, + { + "destination.ip": "172.16.54.114", + "destination.mac": "90:10:35:5a:1e:3a", + "destination.port": 80, + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.ether_type": 2048, + "iptables.fragment_flags": [ + "DF" + ], + "iptables.id": 4255, + "iptables.input_device": "eth0", + "iptables.length": 40, + "iptables.output_device": "", + "iptables.precedence_bits": 0, + "iptables.tcp.flags": [ + "SYN" + ], + "iptables.tcp.reserved_bits": 0, + "iptables.tcp.window": 14600, + "iptables.tos": 0, + "iptables.ttl": 240, + "log.offset": 778, + "log.original": "Jan 8 03:39:25 example-host kernel: iptables DROP_INPUT: IN=eth0 OUT= MAC=90:10:35:5a:1e:3a:90:10:9e:ec:2c:71:08:00 SRC=203.0.113.246 DST=172.16.54.114 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=4255 DF PROTO=TCP SPT=44181 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ", + "network.community_id": "1:PCNGbo6CtVQoE5Hch+6oMfbeTP4=", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.246", + "172.16.54.114" + ], + "service.type": "iptables", + "source.ip": "203.0.113.246", + "source.mac": "90:10:9e:ec:2c:71", + "source.port": 44181, + "tags": [ + "iptables" + ] + }, + { + "destination.ip": "172.16.54.114", + "destination.mac": "90:10:35:5a:1e:3a", + "destination.port": 445, + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.ether_type": 2048, + "iptables.fragment_flags": [ + "DF" + ], + "iptables.id": 27150, + "iptables.input_device": "eth0", + "iptables.length": 52, + "iptables.output_device": "", + "iptables.precedence_bits": 0, + "iptables.tcp.flags": [ + "SYN" + ], + "iptables.tcp.reserved_bits": 0, + "iptables.tcp.window": 8192, + "iptables.tos": 0, + "iptables.ttl": 110, + "log.offset": 1037, + "log.original": "Jan 8 03:40:21 example-host kernel: iptables DROP_INPUT: IN=eth0 OUT= MAC=90:10:35:5a:1e:3a:90:10:76:e0:e2:d5:08:00 SRC=203.0.113.208 DST=172.16.54.114 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=27150 DF PROTO=TCP SPT=64358 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 ", + "network.community_id": "1:Wb/3DTwtWE8C20/hm2JpmBAhsro=", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "203.0.113.208", + "172.16.54.114" + ], + "service.type": "iptables", + "source.ip": "203.0.113.208", + "source.mac": "90:10:76:e0:e2:d5", + "source.port": 64358, + "tags": [ + "iptables" + ] + }, + { + "destination.ip": "172.16.54.114", + "destination.mac": "90:10:35:5a:1e:3a", + "destination.port": 445, + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.ether_type": 2048, + "iptables.id": 7264, + "iptables.input_device": "eth0", + "iptables.length": 40, + "iptables.output_device": "", + "iptables.precedence_bits": 0, + "iptables.tcp.flags": [ + "SYN" + ], + "iptables.tcp.reserved_bits": 0, + "iptables.tcp.window": 1024, + "iptables.tos": 0, + "iptables.ttl": 242, + "log.offset": 1297, + "log.original": "Jan 8 03:40:25 example-host kernel: iptables DROP_INPUT: IN=eth0 OUT= MAC=90:10:35:5a:1e:3a:90:10:9e:ec:2c:71:08:00 SRC=198.51.100.160 DST=172.16.54.114 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=7264 PROTO=TCP SPT=58830 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ", + "network.community_id": "1:+s7vkEgPnzTAoksA2Q0gAzgymfI=", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.160", + "172.16.54.114" + ], + "service.type": "iptables", + "source.ip": "198.51.100.160", + "source.mac": "90:10:9e:ec:2c:71", + "source.port": 58830, + "tags": [ + "iptables" + ] + }, + { + "destination.ip": "172.16.54.114", + "destination.mac": "90:10:35:5a:1e:3a", + "destination.port": 445, + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.ether_type": 2048, + "iptables.fragment_flags": [ + "DF" + ], + "iptables.id": 6101, + "iptables.input_device": "eth0", + "iptables.length": 52, + "iptables.output_device": "", + "iptables.precedence_bits": 0, + "iptables.tcp.flags": [ + "SYN" + ], + "iptables.tcp.reserved_bits": 0, + "iptables.tcp.window": 8192, + "iptables.tos": 0, + "iptables.ttl": 117, + "log.offset": 1554, + "log.original": "Jan 8 03:41:17 example-host kernel: iptables DROP_INPUT: IN=eth0 OUT= MAC=90:10:35:5a:1e:3a:90:10:76:e0:e2:d5:08:00 SRC=198.51.100.115 DST=172.16.54.114 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=6101 DF PROTO=TCP SPT=51985 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 ", + "network.community_id": "1:6Pvyzf2+vqgsRxWx+eU9MXEhAFE=", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.115", + "172.16.54.114" + ], + "service.type": "iptables", + "source.ip": "198.51.100.115", + "source.mac": "90:10:76:e0:e2:d5", + "source.port": 51985, + "tags": [ + "iptables" + ] + }, + { + "destination.ip": "172.16.54.114", + "destination.mac": "90:10:35:5a:1e:3a", + "destination.port": 445, + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.ether_type": 2048, + "iptables.fragment_flags": [ + "DF" + ], + "iptables.id": 6319, + "iptables.input_device": "eth0", + "iptables.length": 52, + "iptables.output_device": "", + "iptables.precedence_bits": 0, + "iptables.tcp.flags": [ + "SYN" + ], + "iptables.tcp.reserved_bits": 0, + "iptables.tcp.window": 8192, + "iptables.tos": 0, + "iptables.ttl": 45, + "log.offset": 1814, + "log.original": "Jan 8 03:41:23 example-host kernel: iptables DROP_INPUT: IN=eth0 OUT= MAC=90:10:35:5a:1e:3a:90:10:76:e0:e2:d5:08:00 SRC=198.51.100.167 DST=172.16.54.114 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=6319 DF PROTO=TCP SPT=4099 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 ", + "network.community_id": "1:g+bRFDuqViJEc5vzlOapz2LPhFo=", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.167", + "172.16.54.114" + ], + "service.type": "iptables", + "source.ip": "198.51.100.167", + "source.mac": "90:10:76:e0:e2:d5", + "source.port": 4099, + "tags": [ + "iptables" + ] + }, + { + "destination.ip": "172.16.54.114", + "destination.mac": "90:10:35:5a:1e:3a", + "destination.port": 139, + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.ether_type": 2048, + "iptables.id": 48624, + "iptables.input_device": "eth0", + "iptables.length": 40, + "iptables.output_device": "", + "iptables.precedence_bits": 0, + "iptables.tcp.flags": [ + "SYN" + ], + "iptables.tcp.reserved_bits": 0, + "iptables.tcp.window": 1024, + "iptables.tos": 0, + "iptables.ttl": 245, + "log.offset": 2072, + "log.original": "Jan 8 03:43:18 example-host kernel: iptables DROP_INPUT: IN=eth0 OUT= MAC=90:10:35:5a:1e:3a:90:10:9e:ec:2c:71:08:00 SRC=198.51.100.19 DST=172.16.54.114 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=48624 PROTO=TCP SPT=59287 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ", + "network.community_id": "1:a/4LVq88msR/LgVGzZeIkmlNXz4=", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.19", + "172.16.54.114" + ], + "service.type": "iptables", + "source.ip": "198.51.100.19", + "source.mac": "90:10:9e:ec:2c:71", + "source.port": 59287, + "tags": [ + "iptables" + ] + }, + { + "destination.ip": "172.16.54.114", + "destination.mac": "90:10:35:5a:1e:3a", + "destination.port": 8088, + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.ether_type": 2048, + "iptables.id": 54321, + "iptables.input_device": "eth0", + "iptables.length": 40, + "iptables.output_device": "", + "iptables.precedence_bits": 0, + "iptables.tcp.flags": [ + "SYN" + ], + "iptables.tcp.reserved_bits": 0, + "iptables.tcp.window": 65535, + "iptables.tos": 0, + "iptables.ttl": 250, + "log.offset": 2329, + "log.original": "Jan 8 03:43:42 example-host kernel: iptables DROP_INPUT: IN=eth0 OUT= MAC=90:10:35:5a:1e:3a:90:10:76:e0:e2:d5:08:00:45:00:00:00:00 SRC=198.51.100.68 DST=172.16.54.114 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=53296 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 ", + "network.community_id": "1:1l65fWlqrJCJB7vBaqSgHnJoMbQ=", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "198.51.100.68", + "172.16.54.114" + ], + "service.type": "iptables", + "source.ip": "198.51.100.68", + "source.mac": "90:10:76:e0:e2:d5", + "source.port": 53296, + "tags": [ + "iptables" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/iptables/log/test/ipv6.log b/filebeat/module/iptables/log/test/ipv6.log new file mode 100644 index 00000000000..5541c810644 --- /dev/null +++ b/filebeat/module/iptables/log/test/ipv6.log @@ -0,0 +1,11 @@ +Jan 22 09:05:05 ubuntu-bionic kernel: [16571.459614] IN= OUT=lo SRC=2001:0db8:0000:0000:0000:0000:0000:0001 DST=2001:0db8:0000:0000:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=868225 PROTO=ICMPv6 TYPE=128 CODE=0 ID=3427 SEQ=1 +Jan 22 09:05:05 ubuntu-bionic kernel: [16571.459695] IN= OUT=lo SRC=2001:0db8:0000:0000:0000:0000:0000:0001 DST=2001:0db8:0000:0000:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=770819 PROTO=ICMPv6 TYPE=129 CODE=0 ID=3427 SEQ=1 +Jan 22 09:05:06 ubuntu-bionic kernel: [16572.482458] IN= OUT=lo SRC=2001:0db8:0000:0000:0000:0000:0000:0001 DST=2001:0db8:0000:0000:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=868225 PROTO=ICMPv6 TYPE=128 CODE=0 ID=3427 SEQ=2 +Jan 22 09:05:06 ubuntu-bionic kernel: [16572.482476] IN= OUT=lo SRC=2001:0db8:0000:0000:0000:0000:0000:0001 DST=2001:0db8:0000:0000:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=770819 PROTO=ICMPv6 TYPE=129 CODE=0 ID=3427 SEQ=2 +Jan 22 09:05:07 ubuntu-bionic kernel: [16573.506336] IN= OUT=lo SRC=2001:0db8:0000:0000:0000:0000:0000:0001 DST=2001:0db8:0000:0000:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=868225 PROTO=ICMPv6 TYPE=128 CODE=0 ID=3427 SEQ=3 +Jan 22 09:05:07 ubuntu-bionic kernel: [16573.506356] IN= OUT=lo SRC=2001:0db8:0000:0000:0000:0000:0000:0001 DST=2001:0db8:0000:0000:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=770819 PROTO=ICMPv6 TYPE=129 CODE=0 ID=3427 SEQ=3 +Jan 22 09:05:08 ubuntu-bionic kernel: [16574.533989] IN= OUT=lo SRC=2001:0db8:0000:0000:0000:0000:0000:0001 DST=2001:0db8:0000:0000:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=868225 PROTO=ICMPv6 TYPE=128 CODE=0 ID=3427 SEQ=4 +Jan 22 09:05:08 ubuntu-bionic kernel: [16574.534007] IN= OUT=lo SRC=2001:0db8:0000:0000:0000:0000:0000:0001 DST=2001:0db8:0000:0000:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=770819 PROTO=ICMPv6 TYPE=129 CODE=0 ID=3427 SEQ=4 +Jan 22 09:05:09 ubuntu-bionic kernel: [16575.553704] IN= OUT=lo SRC=2001:0db8:0000:0000:0000:0000:0000:0001 DST=2001:0db8:0000:0000:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=868225 PROTO=ICMPv6 TYPE=128 CODE=0 ID=3427 SEQ=5 +Jan 22 09:05:09 ubuntu-bionic kernel: [16575.553722] IN= OUT=lo SRC=2001:0db8:0000:0000:0000:0000:0000:0001 DST=2001:0db8:0000:0000:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=770819 PROTO=ICMPv6 TYPE=129 CODE=0 ID=3427 SEQ=5 +Jan 22 10:52:34 ubuntu-bionic kernel: [ 307.757925] IN= OUT=enp0s3 MAC=90:10:12:34:56:78:90:10:aa:bb:cc:dd:86:dd:ff:ff SRC=fe80:0000:0000:0000:0084:88ff:feae:790a DST=ff02:0000:0000:0000:0000:0000:0000:0016 LEN=96 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0 MARK=0xd4 diff --git a/filebeat/module/iptables/log/test/ipv6.log-expected.json b/filebeat/module/iptables/log/test/ipv6.log-expected.json new file mode 100644 index 00000000000..8bed25072d7 --- /dev/null +++ b/filebeat/module/iptables/log/test/ipv6.log-expected.json @@ -0,0 +1,422 @@ +[ + { + "destination.ip": "2001:0db8:0000:0000:0000:0000:0000:0002", + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.flow_label": 868225, + "iptables.icmp.code": 0, + "iptables.icmp.id": 3427, + "iptables.icmp.seq": 1, + "iptables.icmp.type": 128, + "iptables.input_device": "", + "iptables.length": 104, + "iptables.output_device": "lo", + "iptables.tos": 0, + "iptables.ttl": 64, + "log.offset": 0, + "log.original": "Jan 22 09:05:05 ubuntu-bionic kernel: [16571.459614] IN= OUT=lo SRC=2001:0db8:0000:0000:0000:0000:0000:0001 DST=2001:0db8:0000:0000:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=868225 PROTO=ICMPv6 TYPE=128 CODE=0 ID=3427 SEQ=1 ", + "network.community_id": "1:u2vMS3HiWth2lIMKHB1fjELshpQ=", + "network.transport": "ipv6-icmp", + "related.ip": [ + "2001:0db8:0000:0000:0000:0000:0000:0001", + "2001:0db8:0000:0000:0000:0000:0000:0002" + ], + "service.type": "iptables", + "source.ip": "2001:0db8:0000:0000:0000:0000:0000:0001", + "tags": [ + "iptables" + ] + }, + { + "destination.ip": "2001:0db8:0000:0000:0000:0000:0000:0002", + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.flow_label": 770819, + "iptables.icmp.code": 0, + "iptables.icmp.id": 3427, + "iptables.icmp.seq": 1, + "iptables.icmp.type": 129, + "iptables.input_device": "", + "iptables.length": 104, + "iptables.output_device": "lo", + "iptables.tos": 0, + "iptables.ttl": 64, + "log.offset": 236, + "log.original": "Jan 22 09:05:05 ubuntu-bionic kernel: [16571.459695] IN= OUT=lo SRC=2001:0db8:0000:0000:0000:0000:0000:0001 DST=2001:0db8:0000:0000:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=770819 PROTO=ICMPv6 TYPE=129 CODE=0 ID=3427 SEQ=1 ", + "network.community_id": "1:YDcnf7YthUKAbDNo6Cs3rX4jq4w=", + "network.transport": "ipv6-icmp", + "related.ip": [ + "2001:0db8:0000:0000:0000:0000:0000:0001", + "2001:0db8:0000:0000:0000:0000:0000:0002" + ], + "service.type": "iptables", + "source.ip": "2001:0db8:0000:0000:0000:0000:0000:0001", + "tags": [ + "iptables" + ] + }, + { + "destination.ip": "2001:0db8:0000:0000:0000:0000:0000:0002", + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.flow_label": 868225, + "iptables.icmp.code": 0, + "iptables.icmp.id": 3427, + "iptables.icmp.seq": 2, + "iptables.icmp.type": 128, + "iptables.input_device": "", + "iptables.length": 104, + "iptables.output_device": "lo", + "iptables.tos": 0, + "iptables.ttl": 64, + "log.offset": 472, + "log.original": "Jan 22 09:05:06 ubuntu-bionic kernel: [16572.482458] IN= OUT=lo SRC=2001:0db8:0000:0000:0000:0000:0000:0001 DST=2001:0db8:0000:0000:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=868225 PROTO=ICMPv6 TYPE=128 CODE=0 ID=3427 SEQ=2 ", + "network.community_id": "1:u2vMS3HiWth2lIMKHB1fjELshpQ=", + "network.transport": "ipv6-icmp", + "related.ip": [ + "2001:0db8:0000:0000:0000:0000:0000:0001", + "2001:0db8:0000:0000:0000:0000:0000:0002" + ], + "service.type": "iptables", + "source.ip": "2001:0db8:0000:0000:0000:0000:0000:0001", + "tags": [ + "iptables" + ] + }, + { + "destination.ip": "2001:0db8:0000:0000:0000:0000:0000:0002", + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.flow_label": 770819, + "iptables.icmp.code": 0, + "iptables.icmp.id": 3427, + "iptables.icmp.seq": 2, + "iptables.icmp.type": 129, + "iptables.input_device": "", + "iptables.length": 104, + "iptables.output_device": "lo", + "iptables.tos": 0, + "iptables.ttl": 64, + "log.offset": 708, + "log.original": "Jan 22 09:05:06 ubuntu-bionic kernel: [16572.482476] IN= OUT=lo SRC=2001:0db8:0000:0000:0000:0000:0000:0001 DST=2001:0db8:0000:0000:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=770819 PROTO=ICMPv6 TYPE=129 CODE=0 ID=3427 SEQ=2 ", + "network.community_id": "1:YDcnf7YthUKAbDNo6Cs3rX4jq4w=", + "network.transport": "ipv6-icmp", + "related.ip": [ + "2001:0db8:0000:0000:0000:0000:0000:0001", + "2001:0db8:0000:0000:0000:0000:0000:0002" + ], + "service.type": "iptables", + "source.ip": "2001:0db8:0000:0000:0000:0000:0000:0001", + "tags": [ + "iptables" + ] + }, + { + "destination.ip": "2001:0db8:0000:0000:0000:0000:0000:0002", + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.flow_label": 868225, + "iptables.icmp.code": 0, + "iptables.icmp.id": 3427, + "iptables.icmp.seq": 3, + "iptables.icmp.type": 128, + "iptables.input_device": "", + "iptables.length": 104, + "iptables.output_device": "lo", + "iptables.tos": 0, + "iptables.ttl": 64, + "log.offset": 944, + "log.original": "Jan 22 09:05:07 ubuntu-bionic kernel: [16573.506336] IN= OUT=lo SRC=2001:0db8:0000:0000:0000:0000:0000:0001 DST=2001:0db8:0000:0000:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=868225 PROTO=ICMPv6 TYPE=128 CODE=0 ID=3427 SEQ=3 ", + "network.community_id": "1:u2vMS3HiWth2lIMKHB1fjELshpQ=", + "network.transport": "ipv6-icmp", + "related.ip": [ + "2001:0db8:0000:0000:0000:0000:0000:0001", + "2001:0db8:0000:0000:0000:0000:0000:0002" + ], + "service.type": "iptables", + "source.ip": "2001:0db8:0000:0000:0000:0000:0000:0001", + "tags": [ + "iptables" + ] + }, + { + "destination.ip": "2001:0db8:0000:0000:0000:0000:0000:0002", + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.flow_label": 770819, + "iptables.icmp.code": 0, + "iptables.icmp.id": 3427, + "iptables.icmp.seq": 3, + "iptables.icmp.type": 129, + "iptables.input_device": "", + "iptables.length": 104, + "iptables.output_device": "lo", + "iptables.tos": 0, + "iptables.ttl": 64, + "log.offset": 1180, + "log.original": "Jan 22 09:05:07 ubuntu-bionic kernel: [16573.506356] IN= OUT=lo SRC=2001:0db8:0000:0000:0000:0000:0000:0001 DST=2001:0db8:0000:0000:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=770819 PROTO=ICMPv6 TYPE=129 CODE=0 ID=3427 SEQ=3 ", + "network.community_id": "1:YDcnf7YthUKAbDNo6Cs3rX4jq4w=", + "network.transport": "ipv6-icmp", + "related.ip": [ + "2001:0db8:0000:0000:0000:0000:0000:0001", + "2001:0db8:0000:0000:0000:0000:0000:0002" + ], + "service.type": "iptables", + "source.ip": "2001:0db8:0000:0000:0000:0000:0000:0001", + "tags": [ + "iptables" + ] + }, + { + "destination.ip": "2001:0db8:0000:0000:0000:0000:0000:0002", + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.flow_label": 868225, + "iptables.icmp.code": 0, + "iptables.icmp.id": 3427, + "iptables.icmp.seq": 4, + "iptables.icmp.type": 128, + "iptables.input_device": "", + "iptables.length": 104, + "iptables.output_device": "lo", + "iptables.tos": 0, + "iptables.ttl": 64, + "log.offset": 1416, + "log.original": "Jan 22 09:05:08 ubuntu-bionic kernel: [16574.533989] IN= OUT=lo SRC=2001:0db8:0000:0000:0000:0000:0000:0001 DST=2001:0db8:0000:0000:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=868225 PROTO=ICMPv6 TYPE=128 CODE=0 ID=3427 SEQ=4 ", + "network.community_id": "1:u2vMS3HiWth2lIMKHB1fjELshpQ=", + "network.transport": "ipv6-icmp", + "related.ip": [ + "2001:0db8:0000:0000:0000:0000:0000:0001", + "2001:0db8:0000:0000:0000:0000:0000:0002" + ], + "service.type": "iptables", + "source.ip": "2001:0db8:0000:0000:0000:0000:0000:0001", + "tags": [ + "iptables" + ] + }, + { + "destination.ip": "2001:0db8:0000:0000:0000:0000:0000:0002", + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.flow_label": 770819, + "iptables.icmp.code": 0, + "iptables.icmp.id": 3427, + "iptables.icmp.seq": 4, + "iptables.icmp.type": 129, + "iptables.input_device": "", + "iptables.length": 104, + "iptables.output_device": "lo", + "iptables.tos": 0, + "iptables.ttl": 64, + "log.offset": 1652, + "log.original": "Jan 22 09:05:08 ubuntu-bionic kernel: [16574.534007] IN= OUT=lo SRC=2001:0db8:0000:0000:0000:0000:0000:0001 DST=2001:0db8:0000:0000:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=770819 PROTO=ICMPv6 TYPE=129 CODE=0 ID=3427 SEQ=4 ", + "network.community_id": "1:YDcnf7YthUKAbDNo6Cs3rX4jq4w=", + "network.transport": "ipv6-icmp", + "related.ip": [ + "2001:0db8:0000:0000:0000:0000:0000:0001", + "2001:0db8:0000:0000:0000:0000:0000:0002" + ], + "service.type": "iptables", + "source.ip": "2001:0db8:0000:0000:0000:0000:0000:0001", + "tags": [ + "iptables" + ] + }, + { + "destination.ip": "2001:0db8:0000:0000:0000:0000:0000:0002", + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.flow_label": 868225, + "iptables.icmp.code": 0, + "iptables.icmp.id": 3427, + "iptables.icmp.seq": 5, + "iptables.icmp.type": 128, + "iptables.input_device": "", + "iptables.length": 104, + "iptables.output_device": "lo", + "iptables.tos": 0, + "iptables.ttl": 64, + "log.offset": 1888, + "log.original": "Jan 22 09:05:09 ubuntu-bionic kernel: [16575.553704] IN= OUT=lo SRC=2001:0db8:0000:0000:0000:0000:0000:0001 DST=2001:0db8:0000:0000:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=868225 PROTO=ICMPv6 TYPE=128 CODE=0 ID=3427 SEQ=5 ", + "network.community_id": "1:u2vMS3HiWth2lIMKHB1fjELshpQ=", + "network.transport": "ipv6-icmp", + "related.ip": [ + "2001:0db8:0000:0000:0000:0000:0000:0001", + "2001:0db8:0000:0000:0000:0000:0000:0002" + ], + "service.type": "iptables", + "source.ip": "2001:0db8:0000:0000:0000:0000:0000:0001", + "tags": [ + "iptables" + ] + }, + { + "destination.ip": "2001:0db8:0000:0000:0000:0000:0000:0002", + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.flow_label": 770819, + "iptables.icmp.code": 0, + "iptables.icmp.id": 3427, + "iptables.icmp.seq": 5, + "iptables.icmp.type": 129, + "iptables.input_device": "", + "iptables.length": 104, + "iptables.output_device": "lo", + "iptables.tos": 0, + "iptables.ttl": 64, + "log.offset": 2124, + "log.original": "Jan 22 09:05:09 ubuntu-bionic kernel: [16575.553722] IN= OUT=lo SRC=2001:0db8:0000:0000:0000:0000:0000:0001 DST=2001:0db8:0000:0000:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=770819 PROTO=ICMPv6 TYPE=129 CODE=0 ID=3427 SEQ=5 ", + "network.community_id": "1:YDcnf7YthUKAbDNo6Cs3rX4jq4w=", + "network.transport": "ipv6-icmp", + "related.ip": [ + "2001:0db8:0000:0000:0000:0000:0000:0001", + "2001:0db8:0000:0000:0000:0000:0000:0002" + ], + "service.type": "iptables", + "source.ip": "2001:0db8:0000:0000:0000:0000:0000:0001", + "tags": [ + "iptables" + ] + }, + { + "destination.ip": "ff02:0000:0000:0000:0000:0000:0000:0016", + "destination.mac": "90:10:12:34:56:78", + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.ether_type": 34525, + "iptables.flow_label": 0, + "iptables.icmp.code": 0, + "iptables.icmp.type": 143, + "iptables.input_device": "", + "iptables.length": 96, + "iptables.output_device": "enp0s3", + "iptables.tos": 0, + "iptables.ttl": 1, + "log.offset": 2360, + "log.original": "Jan 22 10:52:34 ubuntu-bionic kernel: [ 307.757925] IN= OUT=enp0s3 MAC=90:10:12:34:56:78:90:10:aa:bb:cc:dd:86:dd:ff:ff SRC=fe80:0000:0000:0000:0084:88ff:feae:790a DST=ff02:0000:0000:0000:0000:0000:0000:0016 LEN=96 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0 MARK=0xd4", + "network.community_id": "1:XZrSeKYMvsI3xGPWG5JqrtsD87U=", + "network.transport": "ipv6-icmp", + "network.type": "ipv6", + "related.ip": [ + "fe80:0000:0000:0000:0084:88ff:feae:790a", + "ff02:0000:0000:0000:0000:0000:0000:0016" + ], + "service.type": "iptables", + "source.ip": "fe80:0000:0000:0000:0084:88ff:feae:790a", + "source.mac": "90:10:aa:bb:cc:dd", + "tags": [ + "iptables" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/iptables/log/test/ubiquiti.log b/filebeat/module/iptables/log/test/ubiquiti.log new file mode 100644 index 00000000000..c795c77a516 --- /dev/null +++ b/filebeat/module/iptables/log/test/ubiquiti.log @@ -0,0 +1,5 @@ +Jan 5 20:17:05 MainFirewall kernel: [LAN_LOCAL-default-A]IN=eth0.90 OUT= MAC=90:10:92:6e:ea:a7:90:10:73:ba:d6:77:08:00:45:fc:02:1c SRC=192.168.48.137 DST=255.55.174.225 LEN=540 TOS=0x1C PREC=0xE0 TTL=64 ID=27223 PROTO=UDP SPT=48689 DPT=48689 LEN=520 +Jan 5 20:17:01 MainFirewall kernel: [WAN_OUT-2000-A]IN=eth0 OUT=eth2 MAC=90:10:20:76:8d:20:90:10:24:67:f4:89:08:00 SRC=192.168.134.158 DST=192.0.2.25 LEN=265 TOS=0x00 PREC=0x00 TTL=63 ID=51768 DF PROTO=TCP SPT=43189 DPT=443 WINDOW=159 RES=0x00 ACK PSH URGP=0 +Jan 5 20:17:01 MainFirewall kernel: [source-dest-default-D]IN=eth0 OUT=eth2 MAC=90:10:20:76:8d:20:90:10:65:29:b6:2a:08:00 SRC=192.168.110.116 DST=192.0.2.25 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=50093 DPT=1443 WINDOW=2857 RES=0x00 ACK URGP=0 +Jan 5 20:17:01 MainFirewall kernel: [WAN_OUT-2000-A]IN=eth0 OUT=eth2 MAC=90:10:20:76:8d:20:90:10:65:29:b6:2a:08:00 SRC=192.168.110.116 DST=192.0.2.25 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=50093 DPT=1443 WINDOW=2853 RES=0x00 ACK URGP=0 +Jan 5 20:17:01 MainFirewall kernel: [WAN_OUT-2000-A]IN=eth0 OUT=eth2 MAC=90:10:20:76:8d:20:90:10:65:29:b6:2a:08:00 SRC=192.168.110.116 DST=192.0.2.25 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=50093 DPT=1443 WINDOW=2850 RES=0x00 ACK URGP=0 diff --git a/filebeat/module/iptables/log/test/ubiquiti.log-expected.json b/filebeat/module/iptables/log/test/ubiquiti.log-expected.json new file mode 100644 index 00000000000..486a34c850f --- /dev/null +++ b/filebeat/module/iptables/log/test/ubiquiti.log-expected.json @@ -0,0 +1,275 @@ +[ + { + "destination.ip": "255.55.174.225", + "destination.mac": "90:10:92:6e:ea:a7", + "destination.port": 48689, + "event.action": "accept", + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.ether_type": 2048, + "iptables.id": 27223, + "iptables.input_device": "eth0.90", + "iptables.length": 540, + "iptables.output_device": "", + "iptables.precedence_bits": 224, + "iptables.tos": 28, + "iptables.ttl": 64, + "iptables.ubiquiti.rule_number": "default", + "iptables.ubiquiti.rule_set": "LAN_LOCAL", + "iptables.udp.length": 520, + "log.offset": 0, + "log.original": "Jan 5 20:17:05 MainFirewall kernel: [LAN_LOCAL-default-A]IN=eth0.90 OUT= MAC=90:10:92:6e:ea:a7:90:10:73:ba:d6:77:08:00:45:fc:02:1c SRC=192.168.48.137 DST=255.55.174.225 LEN=540 TOS=0x1C PREC=0xE0 TTL=64 ID=27223 PROTO=UDP SPT=48689 DPT=48689 LEN=520 ", + "network.community_id": "1:3qoibVBmc9hsnHpP4Ms5HO6ls7Q=", + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "192.168.48.137", + "255.55.174.225" + ], + "rule.id": "default", + "rule.name": "LAN_LOCAL", + "service.type": "iptables", + "source.ip": "192.168.48.137", + "source.mac": "90:10:73:ba:d6:77", + "source.port": 48689, + "tags": [ + "iptables" + ] + }, + { + "destination.ip": "192.0.2.25", + "destination.mac": "90:10:20:76:8d:20", + "destination.port": 443, + "event.action": "accept", + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.ether_type": 2048, + "iptables.fragment_flags": [ + "DF" + ], + "iptables.id": 51768, + "iptables.input_device": "eth0", + "iptables.length": 265, + "iptables.output_device": "eth2", + "iptables.precedence_bits": 0, + "iptables.tcp.flags": [ + "ACK", + "PSH" + ], + "iptables.tcp.reserved_bits": 0, + "iptables.tcp.window": 159, + "iptables.tos": 0, + "iptables.ttl": 63, + "iptables.ubiquiti.rule_number": "2000", + "iptables.ubiquiti.rule_set": "WAN_OUT", + "log.offset": 252, + "log.original": "Jan 5 20:17:01 MainFirewall kernel: [WAN_OUT-2000-A]IN=eth0 OUT=eth2 MAC=90:10:20:76:8d:20:90:10:24:67:f4:89:08:00 SRC=192.168.134.158 DST=192.0.2.25 LEN=265 TOS=0x00 PREC=0x00 TTL=63 ID=51768 DF PROTO=TCP SPT=43189 DPT=443 WINDOW=159 RES=0x00 ACK PSH URGP=0 ", + "network.community_id": "1:7bPQdYPL4yePwQJZt0I1dvVXLHc=", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.168.134.158", + "192.0.2.25" + ], + "rule.id": "2000", + "rule.name": "WAN_OUT", + "service.type": "iptables", + "source.ip": "192.168.134.158", + "source.mac": "90:10:24:67:f4:89", + "source.port": 43189, + "tags": [ + "iptables" + ] + }, + { + "destination.ip": "192.0.2.25", + "destination.mac": "90:10:20:76:8d:20", + "destination.port": 1443, + "event.action": "drop", + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "denied", + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.ether_type": 2048, + "iptables.fragment_flags": [ + "DF" + ], + "iptables.id": 0, + "iptables.input_device": "eth0", + "iptables.length": 52, + "iptables.output_device": "eth2", + "iptables.precedence_bits": 0, + "iptables.tcp.flags": [ + "ACK" + ], + "iptables.tcp.reserved_bits": 0, + "iptables.tcp.window": 2857, + "iptables.tos": 0, + "iptables.ttl": 63, + "iptables.ubiquiti.input_zone": "source", + "iptables.ubiquiti.output_zone": "dest", + "iptables.ubiquiti.rule_number": "default", + "iptables.ubiquiti.rule_set": "source-dest", + "log.offset": 513, + "log.original": "Jan 5 20:17:01 MainFirewall kernel: [source-dest-default-D]IN=eth0 OUT=eth2 MAC=90:10:20:76:8d:20:90:10:65:29:b6:2a:08:00 SRC=192.168.110.116 DST=192.0.2.25 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=50093 DPT=1443 WINDOW=2857 RES=0x00 ACK URGP=0 ", + "network.community_id": "1:6BwNFzns3BNljtYZJCwhPO5Qoq0=", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.zone": "dest", + "observer.ingress.zone": "source", + "related.ip": [ + "192.168.110.116", + "192.0.2.25" + ], + "rule.id": "default", + "rule.name": "source-dest", + "service.type": "iptables", + "source.ip": "192.168.110.116", + "source.mac": "90:10:65:29:b6:2a", + "source.port": 50093, + "tags": [ + "iptables" + ] + }, + { + "destination.ip": "192.0.2.25", + "destination.mac": "90:10:20:76:8d:20", + "destination.port": 1443, + "event.action": "accept", + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.ether_type": 2048, + "iptables.fragment_flags": [ + "DF" + ], + "iptables.id": 0, + "iptables.input_device": "eth0", + "iptables.length": 52, + "iptables.output_device": "eth2", + "iptables.precedence_bits": 0, + "iptables.tcp.flags": [ + "ACK" + ], + "iptables.tcp.reserved_bits": 0, + "iptables.tcp.window": 2853, + "iptables.tos": 0, + "iptables.ttl": 63, + "iptables.ubiquiti.rule_number": "2000", + "iptables.ubiquiti.rule_set": "WAN_OUT", + "log.offset": 774, + "log.original": "Jan 5 20:17:01 MainFirewall kernel: [WAN_OUT-2000-A]IN=eth0 OUT=eth2 MAC=90:10:20:76:8d:20:90:10:65:29:b6:2a:08:00 SRC=192.168.110.116 DST=192.0.2.25 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=50093 DPT=1443 WINDOW=2853 RES=0x00 ACK URGP=0 ", + "network.community_id": "1:6BwNFzns3BNljtYZJCwhPO5Qoq0=", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.168.110.116", + "192.0.2.25" + ], + "rule.id": "2000", + "rule.name": "WAN_OUT", + "service.type": "iptables", + "source.ip": "192.168.110.116", + "source.mac": "90:10:65:29:b6:2a", + "source.port": 50093, + "tags": [ + "iptables" + ] + }, + { + "destination.ip": "192.0.2.25", + "destination.mac": "90:10:20:76:8d:20", + "destination.port": 1443, + "event.action": "accept", + "event.category": [ + "network" + ], + "event.dataset": "iptables.log", + "event.kind": "event", + "event.module": "iptables", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "connection" + ], + "fileset.name": "log", + "input.type": "log", + "iptables.ether_type": 2048, + "iptables.fragment_flags": [ + "DF" + ], + "iptables.id": 0, + "iptables.input_device": "eth0", + "iptables.length": 52, + "iptables.output_device": "eth2", + "iptables.precedence_bits": 0, + "iptables.tcp.flags": [ + "ACK" + ], + "iptables.tcp.reserved_bits": 0, + "iptables.tcp.window": 2850, + "iptables.tos": 0, + "iptables.ttl": 63, + "iptables.ubiquiti.rule_number": "2000", + "iptables.ubiquiti.rule_set": "WAN_OUT", + "log.offset": 1028, + "log.original": "Jan 5 20:17:01 MainFirewall kernel: [WAN_OUT-2000-A]IN=eth0 OUT=eth2 MAC=90:10:20:76:8d:20:90:10:65:29:b6:2a:08:00 SRC=192.168.110.116 DST=192.0.2.25 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=50093 DPT=1443 WINDOW=2850 RES=0x00 ACK URGP=0 ", + "network.community_id": "1:6BwNFzns3BNljtYZJCwhPO5Qoq0=", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.168.110.116", + "192.0.2.25" + ], + "rule.id": "2000", + "rule.name": "WAN_OUT", + "service.type": "iptables", + "source.ip": "192.168.110.116", + "source.mac": "90:10:65:29:b6:2a", + "source.port": 50093, + "tags": [ + "iptables" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/iptables/module.yml b/filebeat/module/iptables/module.yml new file mode 100644 index 00000000000..3129ecbdbc3 --- /dev/null +++ b/filebeat/module/iptables/module.yml @@ -0,0 +1,5 @@ +dashboards: +- id: ceefb9e0-1f51-11e9-93ed-f7e068f4aebb + file: Filebeat-Iptables-Overview.json +- id: d39f0980-1ff3-11e9-ae2a-939083c6a64e + file: Filebeat-Iptables-Ubiquiti-Firewall-Overview.json diff --git a/filebeat/module/misp/README.md b/filebeat/module/misp/README.md new file mode 100644 index 00000000000..5dd8b462ab3 --- /dev/null +++ b/filebeat/module/misp/README.md @@ -0,0 +1,27 @@ +# MISP module + +## Caveats + +* Module is to be considered _beta_. + +## How to try the module from distribution install + +You should already have MISP installed and running. Information about the MISP platform can be found here: https://www.circl.lu/doc/misp. + +``` +./filebeat setup --modules=misp -e --dashboards +``` + +Enable the MISP module + +``` +./filebeat modules enable misp +``` + +Start Filebeat + +``` +./filebeat -e +``` + +You can see the MISP Overview dashboard and the imported threat indicators in Kibana. diff --git a/filebeat/module/misp/_meta/config.yml b/filebeat/module/misp/_meta/config.yml new file mode 100644 index 00000000000..5353bf28b48 --- /dev/null +++ b/filebeat/module/misp/_meta/config.yml @@ -0,0 +1,17 @@ +- module: misp + threat: + enabled: true + # API key to access MISP + #var.api_key + + # Array object in MISP response + #var.json_objects_array + + # URL of the MISP REST API + #var.url + + # You can also pass SSL options. For example: + #var.ssl: |- + # { + # verification_mode: none + # } diff --git a/filebeat/module/misp/_meta/docs.asciidoc b/filebeat/module/misp/_meta/docs.asciidoc new file mode 100644 index 00000000000..c8082cb9ee5 --- /dev/null +++ b/filebeat/module/misp/_meta/docs.asciidoc @@ -0,0 +1,30 @@ +[role="xpack"] + +:modulename: misp +:has-dashboards: false + +== MISP module + +beta[] + +This is a filebeat module for reading threat intel information from the MISP platform (https://www.circl.lu/doc/misp/). It uses the httpjson input to access the MISP REST API interface. + +The configuration in the config.yml file uses the following format: + + * var.api_key: specifies the API key to access MISP. + * var.json_objects_array: specifies the array object in MISP response, e.g., "response.Attribute". + * var.url: URL of the MISP REST API, e.g., "http://x.x.x.x/attributes/restSearch" + +include::../include/gs-link.asciidoc[] + +[float] +=== Example dashboard + +This module comes with a sample dashboard. For example: + +[role="screenshot"] +image::./images/kibana-misp.png[] + +:has-dashboards!: + +:modulename!: diff --git a/filebeat/module/misp/_meta/fields.yml b/filebeat/module/misp/_meta/fields.yml new file mode 100644 index 00000000000..7ef3187de90 --- /dev/null +++ b/filebeat/module/misp/_meta/fields.yml @@ -0,0 +1,10 @@ +- key: misp + title: MISP + description: > + Module for handling threat information from MISP. + fields: + - name: misp + type: group + description: > + Fields from MISP threat information. + fields: diff --git a/filebeat/module/misp/_meta/images/kibana-misp.png b/filebeat/module/misp/_meta/images/kibana-misp.png new file mode 100644 index 0000000000000000000000000000000000000000..1f13779c702f983cbafbc9284fe22652c31fa065 GIT binary patch literal 1893360 zcmeFYXIN9));5fyq9EW#0i~)m=>k%uDj+5Fl0c{;y-NwbC@5??0s#aG(jlSu9+lpu z1PE1n2^~Uc32!{-Jmq`7^IX^7-=FW#n_MevX0AEboNKl*#y##8p{=P*NzOn{LPA2R zs-mb%LP8}?LUL>H=2c=24^QeM2?=?hy@G;Uu(!)`WuRu_4G4sQ6v!55_m&YoE|< z33NZsE{(d*=rDJk#RAuII49*g`1vr{d*?#raQ^TT*H8U|&4VL>PoMOm@fY40s#~u) zIXOgBXJ1?qe)@v(tqDy1M`UCqiMmo3vM-$KMOdftu|fp_j}NBRXnoO1`Xc+O=1QLr z`aWx0btc!R)vLd}EWN548WJA0eyFIu$9rccQ954^$`$$p=UaxJH4jFzS(!q7fw zKB@MAkd#PVN^D2gjW=6QR-@YQTMqr|yX$^>-_qAY-s||wqn-9iNvxpT$R(W!@Ihjq zhQUF%QP@YOCkd*R^@o>3L;FY$DK*)&HX1#+HUmRUjG<|FOaJo)09}D*43qUA!IQzM z9}j-k>#X)n_T==h-3a4dv(bpTzw%7ysqzD^l)F;BSHar-Pt?{Fc|Gz}(ZxEefUbjH zk)&kLH&e!hk(&4w% zZI!vS-erkMRdUP;g$+IaQ7>#`taJUBhe?+9m-|&8XGtW!Tzyf*SOp%s_H+Guy=MYf z%4*DHSnS<9<;eGv$AUje*`AU*mXq1OC3W2ke|R%g<`K6$0-H7nBxwx1+i3w$OY5N}C$zA3DKVDY(y-@9_-k86(}J^K*5{;2cM>ul=-(@-u;<=gr6IqS_d(`^MdG<$~nV)_JnFHBLQd1l1Q)E;}6HGF{P_tJ9U;2{5lA2gh5l$v61PkS^11S zSv48+7JYo-83b#zK>v&cyJ@=iIwxB3cFV zYe|}1q+R7!Z|{SnYoghrsX9~K!j=q|t}TIL5D&aPW|U|58wrh9XCKcR%}O01%S)8c_Wsx0X0B%ftFgEfO~<4pDVQN@Ff{x-e=ryOt;7}-#9dhhV#Dr%LQPoGbk?*m;rzY)Kz zkr9~Fu(aB#JisN-v7@554qoeLrBQWUHCRzv-Ri7Ry|JB7Aa74d zzx&Mg$xqcj?tc3Qy~I&tTVq?8$Hzlw`ZTrjKAIGz6!F9@&Rd+$nVv(?9mx(zo?{e7 zT-;l{$T-G0v#G&9@*IR~VwqymVL`|U_|iy|N~ie1jxM%VR-qV3J4VaZe^-4MKR3i> ztU;$fC(|(9H5QJk8Z8)2*+^eJuW~KOj9{H88`&*FewLdLjtds-3xj@_{N~5}>;6N^ zLW+~_<2QnD#K{(~DqM}aIvr9SvKZ1E3cHqmqkznS3>RJ>#&^@6isM6Acqw&DpV0E2 z1n>*tDX#pL#adg@g3!Xsf)<+-TkankdOx`>^u*MCpP}BseH;|n72O|;E6T=JM)pQX z3dKn9I~a9T+YW0EQ{)(1t_xLJ9(M)&N%^NK!QX$BH55_Tx{#Kv5$T==F=f=0JAQq;JhJCo{YzWEt2 zoz8fDM?haAzj@!s6>pxaJPvgXPNp^3B{4#6`ZT_7V(aOQPV-XVPW zjH>5#ov51KZ!!+vKgn~5Bfu7A=8q$BUOQ29-mSeYa0ldfLJi8UrnzzVTQsRS)eRP> z;)*gfxUZ03_FDLIxEYh?^BFhx3za^dxE#?gzF6myoC#VK8}<-$&iH{cBStl5yQ?j> z?wPMRD&wt01unOzCsI$cU>uhJML?oNA~D$JD|qB$)9DPolZ@u49^!yC1qMx>)>16c z3z*(+^(lp-{8kf&@)A>81Xz)aZg~svY1Elx>BMFb1Yc7+P*Or@JjZr2!o<_2xau-n zH@pwGO1>G>yLz~ow}@ah{gq9+TAD<5yylkX{e$E%gmf}r>Km*Afr>u*M}|vo8+Svw zph)xuXnJGZ7tULbnHo(kpl6J=g}@m$|v3Jl58@&O^>!no|kcYkA8n zzYss~)*AW4p@@i4R39x+IX`cUiSh##y!L>GKGBR`vpeY!!uu z-l`|L+RY-@9*SNGNaVQ}I(;wFbu#0MH|y8uwz(;+G;CXDLZ)|bCJ!?kSgS3VFSDwI z(A{25GbP%&B+1r>sx}%LBs|3QO_J+ZXh=wjsVl@U$rT2Y>;FiTkN~bQ{%2bE%9DSU zAzH`b_9WN-RmO;T{{4w39z^MXokay>VkX(h>>l=C+YN$(Ex;hJ3 zSh>Ej7VvR?`};m5(ms;Jq_efB#X}!wCl?P%ADPGhC?QEq|IQYC{O}(|JRM~o8)|4j zRB&~-ekdyNOyKEbS@MSuA4K^=^|Od)Tb@pKfy=ot38BX7t-sMUY*+`S2ad-}{NZ_ttB9u{h>$ ziV-V%_v+nGo=nnfcV3WO`CC8X6nBgu5<>KUSMJ)Kht<8df3q@T%f2mK{QzRt?7#lE zTYBwg$-#ra-^{o5Bw4`lyB>e9TmI39@`!*Nf4`Yb0x#@P3+*Oxx8*Ddk-O?5?r%z!Bx-Lm~Ym?q2+e$XOg{s5G z?QhoAo$xLZ?KC*@4MW+R2S5l6&bfNNEdgHmO*h00W;O+EESRRRb}7v#$UrCs2$n07 zr>48#JP-Ky7qkE7_W$etdnvxY^;4@TDc%ad^#I*-eni{i(#p1ol+CNTk)VhNy z;DAkmTFMvQfvOxfTxX`SQJuXIpwx`F{g1z=X>Km(zw>Z0+u|&PmT8&d{CVb)MLRAw;&mo~;$98O=RGTY^rD}SyE6Ux-?$3QOQb0L-K{P9s<*lwsswU9 zt`!??jKohb^hAhc$Mwn%>@?gr5N%ZP1PV9{YeYyhB`4WQD=_}=>-pagU$@44DYoiO z-K@g3M1J>C4&_p;!t!_hD)iRk7ys*^Z5)3C(3T6``JpiMm}}$Z-)+9T@-M2JC6Z)k zzA+BF%bN*OkDvQMky=cNsD6PupEVl;19aGwI@KJr+M~a#@xk=Lbn0^Nlsq^7AVfmX~a!~j#@5b8p`CIQ#3ijBXI7>Md3J<;FR) zQ)VuDDkhNL>IXcfMzXmkh-3}ScoFSAru$6yo_O>4j;F3q4j9++8@EdG zNy}#=5}dau3f6wTj9blbb7nAtAj{la&k<{!*Cymi-p|}qQE7aVa(K*MotD07Lh;wf zdPn~K$;pSTHf6XGJVUY;GhJZYLHc#>5_<>Qq#{xwNwL6>E)N>e9M6>T^Ya%G5M8 zATvP22k)g+UJx7=2r@Cvb1(gE5Px-p`%Iz2uuO0X9khw zZYO>he#O~)WD=D$;{^p}sGa&FM+SRP9i4x+HFG|-?=8k#kU8y4p-`xyp}P3s_exkt zAY6NJwK#`*z~)ejHNaPhBhP6gAx>_Jmp3I!D(C>=8k`)V!GPNKG{+RHHw<*C!(?rD zTc4tr5ku66`}>1)E{TH$x%p|cvnDex%Ut+V`pW_y1KXfsH}l}d#l?g#0j+8ivMGYb zi}1EES;FMI@Uh|vg&#BKnDNjtSyhcK zuqhjqfsr0-u#BeTFA{E#pFAliu2dAlz!{xw|6=&DSmR@ z|NGvV1b3LE^J?dSaUQv!{F{)ty0|2zGK0G0i>AcvSLD-98=BHH6&|>y(9DF4K4jeK zN`Wgvzto3o?z+FyU)%(rk{2={cnqPbsrQ-h8c+C0j@I5z<`!1WSIZi22-Y0<=!d8? zutO2``T0PsW-MQ8>W1;Ro@tfWu6FI{s{La|$)H93_V;a!V$QguqxBgAY@D9~9p|PU zcW*1{4xBHDU05_13+e^7 z$hg?OM>&oc-Emm0vWory^4^|9kX_<&!pugdwE?J(DDF!6rdssS9oOkrkG}EkN|pCl zgFd@*iVt;mb}~Pw;WjwJ3ErpC6=O`9tGAD86#UHihg-Q?!Lg>M=I7!n$aHL8u;3^u z`%%#}&Doe*hD6W^XSF1*?Bi}MOAeVDo3OAEEQ;>(5ItEYcfO40jA6V#WJ4IgJe&3` zGA4|+yDoReR8`KkdTxxIvj!bcG{5TPwjIhyTx$)?N(??X1>_?Mn};qgE}d7rP5e&} zP<}%P3NP(|jz9n1ruuL4cC@cpz5&kuklGF8ixJ3}?!z>nMsWzxGSCUot}j1*^5m=h zX*`HO9kSz@$pkP`qD-!p)_1`+xmhx27`J4|BVaBGh7f_IfvFhs*oh{sZ>Wxr9yEAI zZ4(NpRiFQwG;*;tbp2eOElhS!@X#&;Cch;1hl+aZ6RG`UPw)01{r*bLZ3f*2BfQi* zvK?elhqm$-d&&gU;f4V(sPt15VDT`jVw|S{Jr}wxI#E3Pvs$%H9Tfk}meY1rhC{An zH-=!f)BJG*2GxvUkP|t8a)na|RR_;UcTVE^kf%P&!(5zN41zTV+e0>U9>-e^Tw!rZ z@h+TgtAd7=uED8E3WC}XgE`w=4)vI&YSW+jrcLFxzjZyFt(5tT%IZCaTs=dK?HQju zS>BjWM0VK6SA5150Ba!jvHO#u6<$zW=AH+FZXjPXvq(!-f$meD)%QoCWcSZKnggdl zfK0!%nA@-EHfqPtFJ#oc#wn{844KT(*@X z*aYzM-nXDe1OmYm&fNi`A3V2Qf!E{#=*kQ$n(-=rrMwSm)kSWVz+?lJtgXtLV%@%t zATLKFfZWN_ZzjJgQDWBm)>s4l$U3^l*eGj28{t~79FIv!qs4-Qss1yRK@%k6i+%Q{>&RQNnG*tfNwXE67S6SP8eaD~?>cW?hL7s0sJ zy=UZd%<946VxQ~99-jVl3B*5>*P!<30vR-4ZsE~(0}^$wf}q>dQrExpSG{N9d-3wF zJU(X|UAus3Lopzh?8c3w?a>^U3?o|J58XUOB_{5Q7K2QwN0d&ngXT}>)ecO%6qKd8 z@EKBdDPCa)EgN^A(-}Fl;=)rB5p{{_DT(QEQT`87E`T%SKrh~V%V~LKcW_KIV>O`t z^wx}~H@_E>%M)(&J-6(Xn()Pt@73#f*E4C8cbSQHP&rRM5hC>7vd_JtPo-@Tcvm+SZ+? zH>}vpeGhBvExSk~=~TVH^~N*heQ#rHbNK3i{Lyu)QH1Z}*T*RCQ+xpLhoqhT7yh=k zw&~9IsV|KyT+RnuhAX;qt(>mN&395_W=1P3+}>3Lo*t}xR7-K4uD}&<$%&#Sx|*EO zy0cByYTlQ^I-Qp_d-H+kY`Irgi0X+3%?EybLWp$^xf;cg5)&J7ep&|}8Qo|Faj4xp zw?#V?f&5pUnlsCAY=MoyC+5Tr97V@xRtxE3u}GS|LB~In4Gs;%Iy^|}HIouT9~jHa zBhcwEEZ96ygfLmLB;4v>Cs5;v>h4wS5gg1!Du%=r*?2Sv=V2zw^y)MRFypy1t$`EB zK9I|N1!nPM6bIm5Q<-V{cuAV-H_2Jv&b}`9agzsp^MGC0P|M2}$pddC6c034$*FOP zn)SJ)_m2Fj0ab;Y8w>_}f8~{Nox|Mm90>lkIPIXv);v?j-)r_PX7eqkmN{pRiGO>s zBT`1l>fL7l9Oh`F3Kq0^>%8IMQ>xg&0e9nYm&K`b@^QRFzGMZQzCv5Sq}d;5w(*?d zLEgEDy$W=^Za$#KGR4fHKbe2p^+~nlPE&+Kc2v~ivg-V_Ymt5r4N`-!@ZKd5cx%#a ziL>x0JU}Jr!oD(1YQ2JxH&*7@rnFLZw6^67U;11SMkf$Z6YFDTb;K%SL!1Hemv&E# zs{ah=-$a#g=s2}Gsp%0YUbGbOr->6yuA-zY{M!7Al-CY79n-U;i1)^IJMl8z<-*ng zIk8`l`aU?aTFT-#O^hg~Hc^P9pC|maXRmWe9vCbQW&Vbmr{`07MdY zvjj4x#O=Nk7<+u&rv9p_EzVaS(Bbfz?G<`V{T3`N?4wq?iz-$f_RI`u04#7a>+DfOQ3ZAX^6&wbwOty1s`D)o-ubLCk|L%#Qqmqs+w zdqFB~&P^Dh$3A>*GiFpf%bKRWUDNt`*(>Nm*hYuA`fx>l1Tt+T>eFnIxX;~lmJ^jB zoGd|!PJ(Ft9h@G*SXlfjA`%Ic&5#1wBqd$lN-L$55|hiZp9CmRk_b%F{h8mExE#O* z=-vCPeu-KqQB;89c_n9 z-!KIeetaCY9Rw)V5+NK@sX7$q1FHnl0A&le_#-?hO^R_*ETWe7JS;F~D9pYW%07AOh0o@^5w;3Be zCRkejROCX@qt&juE{n7YlS2u@_V9p|78orZ%l>XKZzMf6Y!9FEaVzq1nNiEm#}q=r zVw^+d7#%dMovbTJ*yte5kJ+A`D>Hbh1ed~ZZoM^AC#dhI6uj4?b+-%n#1(&kC>?2d z@TXs@x=Hm3>+>Y%87n(TXYq5kFlu)~!gsLodlQ?OvLvgU>YI@B+UW99kkk~hVvIo`R- zr$^3l0vysE6cnVEOhCxp($yx0olFjL{73`+Ah?5rF-L&HK{4`jzhIMFFTdKMy_4Cz z{B4AToRH5~p=t(3M%>#=uISyOBq+49zVdX!EYK|S7aU9j9jA95D{sA+W zGY|Imo`!)qvP-nETl?=|@}z&!nSMBZm4@@vPovX#_wO&?`~3kGhcY0Dw#WLQC!_F- zFx3{|=YxxGF4X;vr0X14IHKwt(0sEI;`8MR=XA8FT8|`o_WF#GT?u~-{{Gc<`H5pxT z%`eg=Gzc22qr<~tH>Fz?LE>(aEH+MCQ+MGs2;Fz1hCIOR!rg!qD7#BcD96y*Lc#pz zHFz}c5IYQ&;<^wvmCx(kPf*C%Uz3+H6WcX^ikw3w1n2rJaxVFxl5dvvdiMJCWcMi0 z>e7A@%Dnt~7m-Y9-qYqhQ>nl+JS7Ol!jjZdhRmCnx3-p77KpkimW4Yr(!k7rI@M6r zOy@^%&RoF!WX?23+)0QN1VJW^Y|Y|?B4jZv_A1iDoE7jPfT#PnCAP;@Od~QQ_b=K< z52k;YKj@?k2=Gxi`fM?4KmXRdkJCM|lXA@A;1gkOp7xmcx6_3J7kFv(h)z*=7b+9p z=oKvQ)^h7z-Z_m{n$t#(Ldm=61cXtb?k7LMg+otg0wQi{B)&f={ z9hO5rsyXL(@7^^%Id1jBZL%tz@;$hV=ma0^V=mY4UUk{h-$r|^q626oy&KDnCkFj; z2f!N>k96$k=NnpBKD#J5==60Br5d8z*k9v!{4H1eO~3jr%ek?$7EdL78*j^fgtR_d zNUN?cl^tW7ot=%g0Li?&@fVS%Z!zSB?J7iY3EPfb7GlXJiJjPG3=kf$)<(F z%X5iHmbZtL6Y1uQN(S{?R%V`rU)jr{c+$=2`>1*DdH%_^n4MFv2lM%P_CLyWL1Wd{ zO-1%O)7A!co~%S8SBk;Dh>;4r-=ql~2X=6SE{MO`P871`2Z<#u)yR(-OUL5-B=$WtEbyp(l(S++BAZHnEVOJ|V9 zbb5aDhY|Zp+4W04lSUIxz`(?;e;XVmP$u@(d?kCtWiB^po~%hl;c=F3GGr>+cSLY| zmrFCyOVQ{t+A2YCBgnO1oJWxtJiP{E(C?l<;GY{g-2N~x-$vbwk~?=_G%l0l?a|*z zp=~7uB|KYxbZhEm+%XlmF@Sl~y(&S=dAuIBIaXE~8&K02ZO{b8!1b0oFL?@b`Gv*_ zflcE@Kn)j=Unl-4*hPbS6f>jE_NXU;`{=lTZP`=dkV)!fv|_&4utCXmX-=#pcdlmn zk37&yIBQ_guV0TgF3&TqopK~$ccg&l4sQlE*8lB!tRsMdQF*G)UuF{W+i3{iqMs)S zc?^ciu-J{}L-j>!Sif|z_|jXcIlP^1tf`bx3sbE%q!a*W*CVsqi}2*9hv!g!J)^+; zu}m@gq`A2m*sx_T|L3K>J<>;ytg(tk6>!Xk7cxNr8VnU)9W5J6bzkZ2_BTSBZR-_i zT?*T$-2*~{PL~4?&;~hX!8&C*3_K&JP!NwjPZ2tnxfG6}+?DqX$2%xI$fHH^=_;iT2zgZjLoazIwOiQZ+{j zi}D|X13iFkK;U~|)$)?<#r^IWCb=N_pvPlqC~t}HI1#mh2UEYEA#whzkb%?9!Vqr= z#zdpYDfPRXvLIzr^?xD^;)dJ4 z;7d=HmN0|87}906Mg*wxp<>4>B$5|r&L{Cgbm&XX*bX!t8T@`#1Ec2lGod3i^MULO z4p83wXxq|;1t}k!Iw$Z*zou?`2Eh=A+s&gvxIdx2qAYvr^Zn|nBdSohOcNsd?PRJ( zO)A3>N)TY4PU6?orMyWYXU9}DO}RO)9|7F>)EkxXczblzh*u}OuyG87cSB*wA5D73u01?=OhHORBJMh$1bj z$ehdAF$%7LpDKUZvWvtw+b4$6_NF9$o6j|GO`(n>y4^bgwBku^LYVXA=* zu+orTL9rZ_TURV1q9YPaA%=l$F@FF49SI9GRbKS>Ii0)MH4XW5%x@ zD%?1(&~gBLsdmO7AW&4X61F4@VtRgYudY47G0tlu(9EK~)Z(m=OVF zW|;%RKs8oYD&U<%co^$Q#`e^+;B&04+ygwkt}cbBK3G^zbNM^&Z706f&8>Z#72=oc za1ofd;}ip@&C@Iy0CO8Vj(X&TN2n(MgzFo%3`dA9C>mAfasH%#wmHF5I0%!nw zB3e&=j1n!aN&gMN5Uk}KXbM~+u}7Z#(370x3Qsup$HW+*?nmsGfSb&wLXcjwH&Ca` ze?B65=z7lBsb=s}B(1!@|9(O+aH-YHnLW4OuVc~IBY)aTi-QxIYaE(wD#>zA-+*k6jcrU4&7z;SdHJjTU=NhV{G3dsj)We3DCmTcE(Uy^XSgwg zq>~j2SjNwu^~hpZoEV6xwT$m(wI5)1H2Bi^bn+|L+Msb^SWnu@Xm19KWPoBw!ULJR zcS~3k^bC5V0K${2^2gzl!vfsu5YUhB18HKQ?N?D{VW5>RXOx4Z^Dr69df^SH*;<7) zfSk`IB{enm5(kV))-W(~S)|IP1#9r0JKTb#WOKFwMk z+fo31ChWVuxsxE*S^)7_QsEvx>uw9wkAq+5-A)rlV5pn#B>`=LI%f7{WZ>Ye5)*6M z$@1Yd3XQ=zyLK@DAn#u^xZbtAV-LyID-g{s>CM?>Pr%b+K@Czeym4Y9t#vYSbN+sHfd_z~2{!Yy z4ynY1gf?oHh}hVu$k^H7yc=+R9#j;t=-%U%S1WJZ^0$fTQ=QZJi^^OvdmR}=(SQJ_ zs;m+7?0W2Ida6~-5QA+IpsLh{XFRq+k^-i~tw0nZDaO>)W zV#TQ99g6Y*$xn|}jNzr5u)RM?ON_*%JlD%h73?)NYLJnL^co3Aef??}f`Ogv)ql{O z0>*fndsdD=+$DEDcs)cmlHoI}SyadKN_@g~QrdPWgcuLnxNe=DbTe@Ca|(<>DEE?W zygt`Wlsk(@%QDWTFXrN4w4RZC`0V6Fr3Y5&u|=f`RVFiM^^k%(|c!ztzc~FXBOK*v%3|3bavMCx#Fv?$uDr-2Kh!D$Htm& z9-vUN{*a!}e&U!#RA<5$s$RnG=nSfQew(67DU+ks^|EIS`6AY|2*4YGB4YB0`b{{{ z@f^FsO;Ku8qscF|87xS}xZhlzcY@d){thbQcD#!Ok@~#)i?O+Gy{mN(CB?F>Q}RiR zpR-uYJoa3RUJ^P8sIlr^uY~fMD-E)-y)UemPQ1iouG&<8GaVP)P=_ctM#3eDE|{PfLywQdGaI2Ut9`yQJ#-%k86e(~zEMjZ z>f!D^dCh+S_t#gDNA!V=4$Rg@#2!+rX7nPWqM~>b;9(EUiSDaZGKgDjXEGvzBLu~* z+Dah8p!h5@_Ad@hUsR1ZYo{_bRI0;Fw)=|V-&)i#7O*BnZJTei=S8E zNpH%;v^pOVr_&gMP-E$fl)Ktn_eKiUJNs}yQh1H0B)%G!qvj{Mg4AF18uv}$=0;(T;rU*aSKIEz9`J?}1R5H8~h9roYnl`E~ z-5?NZp?+1Zyr(Ck4u)DVVUEX(Uz1XyAw{|}1|@qa@g;>`sQsHiFKt>Y*+E?RqYSD$ za=5KMTNp#y@I7&HjCsJT$a~4TMYj{Z#d5wkn#bLG8qmog3KvWPS&Y7lB0P}Ya(jS$ zy`U?qMw3V52y$jVOKR(vv+4ZgP?};O$?Xe)E91`P7|&y>IoRR4TL(h1(bdE$q=yKz zKJp`6_-2$51DsH45eDwhrl+Pn$P}w@EzU+oPd1ZFruFpn5{EJkqUCkUT$~%M(eF|f znIzcd1RHNU5^WT#Y6<*bh7Wlj(zgHj!M3ax3SqAJ_U+x|WIaA>0W4U{6S~qUtYdEa zgG)^2OkY#fU8;JjNUckPydMw86{inCo4hID#&dC5><jcCbGH#kfikvkh$)CiQ!v|ssd%dKMu{Oh6AFuVVW0gjmT^lp`9(?H+CUfx ze{m5KQcB3KZs?6+fwx26t=ro##&LmWc%ygcXB%#C47mM^+=Kf69w;hKC)>6!*GW?`!Kj zpaGwBELC-SKyV-HRey?`(#bnWd_MS->9H@0j3XE-{py6V?-lv~t)k zxbI&{=t%-s3Vobu23ywrY2t~41xh*;pRH`CUQF)_zs7DtWarEdR6(J}H4dc=&5!>g z)oG^rT`xQ=ENr60Sgiz#27TS*s%(o0niA$4=B(qakCPr!&A`d7c~K(Jkj^Xo+Kg|gQXA_XDv?$6Y8|W zH7N2>kNNex&8bh;L+fJp0kdTcl1isY@ww3`74<5jm9CL4#$(#3Sd_qF+y5oQw*izc zx>A107Puu{nyQpYYrTlo83d`B2a6i|Xdh6}R7-2_D zZN{<3x!epc;t}cAdDX;dwQ5d7Fn>}5O>0ufS6ubrQy}-pSCCgDoEi-G1-Zaxv_?=I zru^wECCn%0={gh}h56}im1oDJLOBp*U`~Jv_29%9-vX0s|m5I0Y=&If{H(j1==8GWvc3v zZYO_&U<@tGMnFR2OnlsS$ix|n63{-?ef(j8K-k%*^ra!$djBf4iyme$!@kiP8!4%Q z?3CT8T!j@Y9zDjdGa=dv2HHFPIT5Y$7KE2LXHFJbqYFd%D8|XRr?53 z>ZIk%_pg8j`=a{*^q@Q;nVV63SKF4TQ~fbDwpfEq#NdYyic2$?TKq)-@U{5kmY?wT z4TQNjcls68H9;bmKxW2tR=7~pK}2?fDm0WdPrKG+Z~z4iG!7gWWTvANSm8QcY2pm? zKe9_Qd-+j2^!D{?3i{(RofbGtyo-V?YO@acWqYIn&v@zIBf%%IQ@{T+Ya0&aMY#H> zAk>LLwy^{K6#v5cP;~vy*oFx5%Jc#*p78tKFLW(B8zVpA#Z@x^0@E@euL ziDAGbJsG!yB%^XSBa4Ym6r2Z@(d32s;>h{_b;|>Wzp4qr^zpeH)f-jGWri|VdnBT2 zAxcYJ7c_V8iW39g#mgY;)Z0|IZ^uWRHCBGDUTN}zXvK<`>V@$alp3^mIBrpA`rSK1 zQ7D{NTSosQ|xS~_iM0_ua;!ussz6J553qMT33Pw)%*J);_-FtHvSpW1=F_GR<> zYww}UQo|+>To5YI6@d_{thXG0TqMJ?{#wNTu+|jb< zH_w&nqsR=CurG0f5832A8t#lSF5b|UF{R0C!i5#JaZ+Lml~jxzKvR{x#E5~-WsM@a zZ*Nxc_Y2+6x(r1BK*!c`qSztP5b8q=oU5VreRFNL3yNF@92_osMbp_41yg5`?~B%( zn~hwUf5f~dr+LlC3zi4F#|>I*0@g}pvMiF1;QJM}y96RtPHJPqo>9!DLQ7h0&h41V zabHIUlOvRgsU15=s$G_aJn{X}u6kDN5HumswiUL3oxS`be(ZT{z~;_e_uLb6SG^W4v*d%X$VaM)SzGBcz1`*gZb}qKtPqb zofZRWqT}JCL792e@IP2HAF@`tA}@9FGo^^HC5j!k5eZcQ75&beTaG!!HT@jQy!KQ5 zT<|L0`#{m4^n>s~<`v&VdgS?Bs+>*#C&{Kxl#zK6ph@nT2`x`@bp;&3lWwn#EWMqK zF9tWg92k+a?tEp(_7~NsmGKMryn~gx1nqAep{G3yYkaL+@_w^M=Cp$)PTMwax4**n?ipT5sv3{Li*cZJtzy^Qu|c!TF3{ z!4N}1@G({q8k(e=L4*di3nZ%@ix|kLnN4fmTih-_KDzfJIb;+IGnYp)Ms;SV?nF6+-f8EH#K6z)*PU!S~1@6?SnbH;1i(Ae873=$EeF>Vz8KEgTKV2MKdm` zGgS*YlJ_hIKSFi8e0*iL$~%(^JQdy3X%T+x4CK@ug6@8uFh4IPYT`ouie|IT>0Qpq z(26hc_Q$NO7fExz>HfuXH^JcN)0VJ68z16ZuGIAbqk+4vajH)GuMAeWR0s^kRN=aR4uJNr79j4~-5%60V86;wPavn|+1!E{cPs}w5nD)t>wz3iXOLKmnP6sBfzskt}#d%%-h4lrs90Ec}t5b0( zgCDoy!&O+gbFeE(x3z7pBh~e{i$-l!+Bk6u!;jHB-UG+|e43s@QZX#Y`gzI8jgDu- zmbleG)$yzGjiaqX0%vankylBtmRQK1U-9-Bf|k7#_w`L9KTYpV5vg%>h8r0F(Dptw zE%0_t%k~SaDWoQ^~W11XDOVLQb(Z>c2nOVCOrW9 z2H_e*Xx0gxdStEEL*>0qiJ}!cKWa{U$_vb%#53<^G<~Bny9gY=kU9UcIZo zCQZJ{m=aY>=4&OAC1Xhg9Vw*1;|}9oSH&!8mP!bC-PuZQ}q)dS)UairoM~&`S3Kl zr^d|3J}HS43O)#PnQqlHM>zbZQv)kL`^+kEV;k-E8{CYkeN^}_sHCysoUNi<*M`%QBd#}!yXFm zLNs30@eQ`t#X}^V!W;eyS37do6#yo68J7OuU^uGug>6wd}hRy`rUB<7GG9JDJ$xl}El}#g&j| zTH}={9TPQHW}IWuV$=ycb~a{`b8~k#QUtbEn!!4&h}m(!{jD<3a z6>=@e2Np6yFk=bG=bjC&XySZv#G=#fk1)8eR3(5;{SYYHY?}zYQ?W=sRyAn}kufFm zJ-Y%A?H^r+_(dx)ioy*t&ZZT89TnBhRSHyqabt#fiwk;dK*|WI69WySXc(vo(z5C* z)6%Ua7mGpJeuWDX+2`7@PRP}(kwIdsGL~9&)5Q2!JoDz5YaW1>T{*p@LAcmps8m{eVqWZ`uY` zj>zuK`o_ky)3awThHLmbGatW6lJs`Cgi85A$pq|^QLY##fpFa{*zE(tv}o#J1t52M z^z~hK?E}FEZNw_2d9Yjka)ncJZ>Pnl9|XY|ro~T!nQo=UGbL(G@2PRmyx_-dflWOq zXD{CGT|7{EGk=TJffEA0QOym+NDdC@{w6D)WIEc{x_9)I`0_zS?#`#M%*?oNaCn{j z`s%8Kbh@vU&}sJV_@54|ZNhSnRhj){j6;oiII1a6u|jj(nTbq*A4)=JDuIm&dltnS zd{X-XfaNw-6d^jT#Be;{CEd$RT|L==%YiOd|Mp34XY}QSdC*LqH}$!eeixOqt$L=_ z?NGpuwjX<|y@?`cuMN?c$(5X)E!|IglRTP#;iH9F^+P25NIGlnq!o5`w7@xH-X!xH z8y)AY%Kjhr-ZLD|t!)_Ise)jKgy=~G(SztU5fNQ5L)1j?z1I{Zh~B$I8D1Hz?!fH6C$?tHRHm2Ez z$Ous`Wk};%^Hu5ST9twNqCLDuBT*pUy-w9cXi|AZr7=ZLF{hj08g`u_p=#WM@qpN8 z>i}|`D##Pp1XYRYhx&Y)SFo3+Jd7_AK1jkWNcBrWZ)1uEXKzq*INP`?k*~|#-!!#hja8a!!Tr3N~@{Q#+02PH`lw8_^Sumc6mh~>e~2$ zayPSJn}xRyE{sBx=3Cs>xkmIS?J)_CZr7G7X2urq+|!a|Dr=L!_W}qIj7rBLQ!>oV zi~TCUQ!q$-Ef?hSuzpXS?h)C3j@9y9eyXi9;e2vF0K}!!yVBWdIk`MKQcWeXx8~{T z$^$CXU5RZL%;K$jF{-)7A2(`Hpz&28PsxnQI4%bNh$2~avHeE-rAuQi7=gw_!sy`O z;DvXQOralkx3Ewn_$SD_cZ6i_-5@4$5B>$0QOe+YNr6rQ3ug`m3JKRmJ8kWqQP-`h zDWm4_OEjGGSqWT9!fw;Yy`)Qg*ZH2U)tn5~B;PhDM2 znvbismHlaCx!*x_r_3)lFl=cIHjg7o^Ue7SQc~q7#pVkwjuxE@9fd$xS{{f8s6V|z z%%NZQ*g0)xu8TW!9jU0;_N=e(8?RgQo44-k<92+>8;{)+1|Z#{wW35sK%kZfn$xlp z*@Nh=t~S*y(vj}DL^_`o(I(T{hER6BeL9+$aiIKxD9X4SUgNe7YryOL!WuS~=Zfc6 zIu>$_8Po;6t*@_V?Mx+gzNQcih8VnPL^Jb?+h zhC4kIBg&`L986_=h8vquv0)G`-pa{_jn2GyyP|wZr;NAV98wTRAX#Pt{3T8bSMIVI zNBbXoA*Zj^n#Y|UUa!7nu+FTmvgB$0R)AT!26!OdkS%p&{!O&DulD zNJURiRps4L38+TFA@Wb7uImEDk_yw(QszFzlaA!?z=oY_7@2Lmlok|@EH^h_DFU@Q ze|Iu&y#=rE?W73IH$IT^{+IJrk8klS27?PLe3bXkQp-6(I8Q0bDBvZ#)V| zylqo7m#i_RFfd?+dhP>OPZ59H|U!GrNxIHs(hV4=Bow!y}6nX|C%jI*jjVoNi zaKMMf;#@`CpmHgx-y6NUM9q~925aAa{~#qYoq3(c`#Gn`)a|JLsfNUiDJ&VpK0AG^ zlkrij@U>IwCI8k{W_YQ7l=h+v6q)I*6SKq)mK*F_G8wG1knv^9gIf&GIccboB~H(f zVFPg9O0?TbtlivHMc4c{Ls#O{Nu56ftzV3O>nH$30eo=vio}K<4%PF?Bsp49@++j1 zixCf-+eIbB#0=Hy6Pm$53BGo@ovG87K$RHH_!*1gU)SpXHqqGfs;R@S#}AK!~;3 zWTR`_Bqv=H?ym0ov*wU;@~yH;k*0p-M_;QmH_buvMaO*v>98-EBj}cnr6v}2Ix%Q* zh{bo7gjmR9WR+dayC4X3u)14%|79%_X@iQsg<%I*LY zqKXXodLm;sm$}S2e+c%FIL)0wF#d+4=%h>O+t@Bw%o*PU{Dw#tSt}vWbR@|cN#a&C zyT0HnZZS^VbAlwb{D z#rtr5Y4MCF2+&;N8bAsX-3FIVSqSon4EQksU}bw}yr=85zWP7V^8YjFKSVbG26alP z6-n#z9{b|7{pjcXe6A7M8WMmj3LbPUDLZ=zMD8iK5DYU8SG7r7hx=YEST$iXKS9sE?4nm*S}e@-8@`q4 zj4PfY|1~<-M$clKe8k4V&iMpL&O$@g)Vhc6z^?0ek$D!s{wvP-lED&P)mVn^_RbpN z_-o-ZUn#4{gu-U*C6?6cG|RDm;CRQ&+l_T{b#?Aq=b4-uc6IltYyt(Vc%`dQi@z*i z)N#bX%O%b(H71J;3$tb~`Uq0CKw)oH_;jVst=Umtr=f8!57I%+rCwwB zgBwmQCPs*#qBRfaS$WDi1NBUjtwB1fiLsw}gTN)Mao0=2%j00Kdbjly;d3MU zOXT0lW4+^ImeOb)2?T?GFhhd&~4Smv=|SCX^MyDK}tK0st*>lk+3W zcGI9ATNn#=Pjso!bVq4MCibF*9-kc}!sm4;Vg2@P1$yUUSjd4*)t~`ug%4Tkj4nx^ zk^!nso-UCHm@P>3Y-&BQfnt{IhB+gpckQCCdMlvvQ57p3olqz&Uy3L2CiC#s*+2Jq z+Fvtaufp<-#QFo3)P&%((8q#26zq>+sUfFz&;QAIU&u&xwF)b@wZS->l5G?l&sn(y zSTX~kqM`VUi^Bf=>?wb}02(XWe91nGRrW7Vo4E;`k&({kptCRcEzlzI!e!O7zt{>K z=sdM1 z4n4Ib`(vM%0i0aEntJvZBLTGqeNzW~+Fam2Iq*J!6QLKqk59`ue~feb0FXgzbr~lh z?V^b;@A+&{kZUkj<`ILBT->Ze6IVHlS)t5$=o0sd82 z15p4`iH?Cb?2jYfv35|0p3}ke`Z#F67>E%peE$Ae zDVm@DBZ{$a%h#03O!*pbsE_GMaF%w)fs_{!qJ6#py|`-wDruEGt0sRlx6T+F-#MMs zLBT`Y_hopqrEA(%r9SOz08>?m)C3d0+KU6x8pIPmfF1Qwpy5k1o#Q*IQ6IXJ>zt}jk{4J!CnelH+idFBn|;+r_(UCt`Q3^6PuO=J zC)u1s-(S<6?N0Wxrs13E%hrCq>hSj5=}A1A=3*J0PCF@eWJ4=GZy9=-thC|6MQ~6S zbbmtthzo6rr$uFwdHX(Z3cYK}ZtwfLdY|;hw4pu z`=zrx4~5RsZbCSEmHfzFAuFr0eS1Y_cUkS!$zA}tw_Yk3NQq;9WnoSr65)v12-7r0 zeUEtWR3q%E4jHvW^S>;QKM$(9YiuL~^?!=EH7!+2ELhpxIqkn@W)hYzo{`=k*uRVF z5o++=m^kOzzmZ1v%(7=SI4x-#qa{-P_*|46Bz9@z1K#(9*j)(?6+X7ZRVJma#ynWN z6yRN*?++Bd8*S#J@sVhawWQsol$e!k|k zjLFM4CoEXI%9Eds@*lx=*&^3zADAl)rjWWsK=c#P8Vl$uYvm|E$WgC#?chRSU{Pg> zLS(&!<~g^+#N~va5MgF18gDk_=MrD!qp6+>&dED>2?Z(FFA}V*_t6(DKXtR=7hU1T zoPn_DZ-%y)_YG@V{rMa{IgLNPT2fz)>K>t{2RfNFf0CZVgDE&>^ETwarB1`eC4uJi zgDKk^#cJ+K^Nz;I_d%khUNwd1c1uV-nDGI)n9aG+vTdw<{WyrTztE_R6YUC*qb*4T;|#SMa(VXPR;(X{E*U>~G5nO&Y?5 zUM={aI4SO@zP0SWYwYIg-T?9YNDd0CxXO`BbTi4_3jenGr;WcQ`#^qDD(D{C-c>B- z`L;ov9y45%K%cfcE=N}Z0@;*tk=tH)}o?i<KZ zGC2C>jj@Su z_P+OI+~S55j>~SNHw$w+EL`g;FEQB~)S04e1D>yR*%rK+D%R@P9HStV;k0M-coce| z{Iw?C?l-G|3x7zx0|shSGoPM8YsO~FMmFEs&Nke2@NUmvR<=I)x_JAN{UeyfF_23C zMcx_i&!EGhdFdgv;L3Z$wR-x9mIni>E>r_)Es0G#O*BC7n&Kqovc)ZJa9YtJ;k zC=s1oQJwKmEWbL(dj}*Nh#w8NwCGM3+nzN1HbuY)I@7{fKF~<@@Njz+p+L1AmPyGe zGRNQ7iKxgfNuzi;V6tIa$E7mP?;TfB6clCgFS0i(y(}j(!sWDEO5NNWt`iX)EGO2? zsaGw@fmX9j?+3dVphiq_(o-=h#n_(z7wG|qWs;{ zqi6bj5m|5N9Pz@BrIH4Hymj|l&6T?Pwlc<#a9@6bZ}$zR2U5^x>7+&F8y@zN+Yeyy zlsw0lemj99H#}SS4qNL}yaK9!R=-6w^X=`>543^CVGZ=FIhti8AA0hLLOk!Q7eR^L zwp|!{r=HskwVPNOJbC6E+MLp37U!KRgBT=z`TXgd^hxNu%V_+G=W?zOe+aupdrrQ5 zM4q~V&vDE5!Yn)S28))N;!N_x`dpreXh)AG8?LC_c{{1Z-P!gZY7QPSCc61K1BDWs z^>{2I>bWwH;;?Eow*DkxO7Zj3M7ED$ zbfl+^e4o3>t9H&bxEW|;#1~SYsA0N9GqgelJ1kEWofIPVSRF2kP!SU>)oXYrP)L{_ z*};6B$AZk^VjbTqnxIA79yX)3hFsQnEpJ>6=n z{`BxS0X2di6~syN$J;$VAw%A!c=9s6k^_* z5BIREHAzS@<9@86lkO4lWc#c;&JzU1HzKP3pQTB9!R?4tUn1 zBfLxn8=JV>P`6+Ot<-(nGD0Otv**InMP;7@^K<;CKL2Nc4wGuLHI{#Qz zpaf)Ejw(mET{2$nYd59X3&q>SMZ?rhBtxmRe9hY2CbWI9Y zB*?F9&ojTvzvvA;F7sLy`Kp<%O(y+qdg1ux`a68>T7+ugOe;ZiN^?j#xFcBq6NYI_ z4c8Ztzd)@Nql)aVy14TSy>lYY_{`3$xI=<)&hXy{ooMz5OmLnft-|IjD);eJd+Fi=N65fvQW8aLjQ) zmhh53k(c`V(j?5DD^$5*S3Ul`F&)DR4*qaaOpW6;hlc0XUD}Zb+}Ea}S|!#z{;fGi zv~yLd-EFbHRUcnr$El-mcps)jCZF7Gv{i!2xc;$(RlV>$2c*T*^Rt7#wY8@AqLq4P zJH&00#&@^rCZ8^5$%dU>TDTY2)0=xqU#;N7V*kuV<0LsgMPc5+`;>Q^Qldsad2bWcBOV~@YQ3utb+;$g z=KKuS;Q`e-QQ}SR{&i0-S9^FnXTTBiBI>P0l5=?@7(E8)4NN>N561P40_&bRHjQ7D z|EjsH?UA&m=jYRqyQgA--!}9wSzGyN%rV-qtmSRfWht^-XZk+MW?H1EeqKPLv09Dw zWJ=F}evaPv2OF`ul9L85#t$y6&&R%3u+(y~(-`Ig(@aN6R&e^-CkvUqAhJZ%&R>zJ z|GeR4Q_S6Bd2=aS7`3Wi$a=6xxDZlTFK-(E3F4CUwjK48wcK|p+9SdER=^Z%0H2XV zr)pSW_B(=U2L)8jQ93pM5iGVhfg7`H3d!Bt_d20rBZ87gMQ)cP%A%oFW%nv;)p9#b zA;Q)&3v?SqS+w>7?`j)Fq&LdkJJLT&)sgk-BJ0KSY>k;A*3?NNB*PPhc^XDEeRWiPwm4CPa{?R!4B7fIu106+k z?TKMJbP)NVQ8~D|BK=#<&4w}4>q*TW^EQjn&5v~7Ci}#3IO13xyyv0pjo^5$w?s(^ zpBQLHp0I)ubN()J>Y+hOLC-euvjP=3D1TEGLeT^?6j=M+E5@_!$T}2+GXCaNMJ8aO z8%QdYPb@R$redG4oSUc%vc3Cg?<;N+q~ETeZ;@uwei1lt(83tXKveYpVrc&kRIdn= z^-vlf+0D$d%`X;hz<8VodKS=AQojOw;mxg536(E&Is7&+$m!orH~EYt2dZyX6l2)m z(>OhBjLyt&bS?yD@xQxf3-mWl;f#dwKwGquJOmVrltNrQEBHT%I{Li=Mi3mCX6#jX zg>83H!gCjF1S~T6Z1@s|-L=!Uzeltp6qTU5#;=C@T3ogsm?rBVK6QQ$hYaa@xvIl? z$h@Idyrh*OtY$FP*e58G7~V!mqf(KLucDQ{R3z3;`=_J*z=3u0iKeElHt2=WJL6rp z0tO^^Lx8)^x^t5JHU0ajXzrzuQ#$H?3vmoSd8GtH^x2-rM-sacR%K&Tt)_=XaJ$y5 zNg-K-C_|9kVAiXIBs&BAbgpFOFfsCB%@vR4rJOc z3S_@->C<@{3BEmPI8CgF@*Ad)4G{1J9 z!>bTuTw+h0P@E;C8(W5fOVn`Rr()zT5PcS zm3V5~r%bjzQ|>VwdRa5cSCK$Vm)j-h6Ko>HtvivaZdRMkQhiTYQ`!atrr5Tx0U|Mx zIHl!IHJkqPvpBGzcVw*)oJyc|7I)sIBtzJw8FQns2b*no&#WAacwN=5)eeWLgNvg| zOJ~-13t`goavSI86nhZ%i&nG^rW`FF3ROCDClff%^$a@~S1Z~ihbszf2~w;!Vry;Ob6Q-zT@M1FPj>Ch zB~4UDx#T524H8gedO3M{D{mnBd`b4#A&tM1SlWhP9@y&Qq*knXXG|<_EIa672kOQT3|NM7QzwH35{;w>?#2g* zM)UKrY4IKLeB)`G3tbOgh`pZ2J<}W4?CO#n)14H9EYYDgz*~v>x@P7tQ*?B-n~!e{ z{R*FLSZYkWURZBwC4qd`Y^iqS1qmZ49-w+hIx}lrKBH1cNV)ECT}>X-t^6Tj`0zDK z>9P!HK>?aw;KQQh(%UX_AUYn@M8}!Hq}7f$bw{vyu`(A-xh zhwZ~;PGOxTs@TqH3eTN3F7CwlXqk7hRg6;ZcbmO3JX5|`VB~y!B$Ry03~lMxd#|;P zvgN5DR6%x6SCrt8>)G{{Rgg-n{%B4(C2f2{cO^LGAY=ks628u*<0ib4Z(LXR?p;7> zVMSiSddc1{J$8s%=x5{iSQ~1+NuLL*S-NCark<+NOB#(sgfR(k(aMUn@-jVyj(>Uw zb77Ce+KQE_v#|QfHi&1xorx)s@oB8}k8Rhs;%bSI{d9XJisR~&G)De15H^0RAr?0I9RSZ9;JwL;tsr_J+f`bC6)2vgFu|)F^yZLLs`HJq9vtD;Tg6l zaLc1ctblfNlqy?Xy7|4p4ze@&*b7R5d;+=wl#>En_h(<(e1UN9VZn8{;Sw1=j9T*< z=msc4y(g=jdo3yYqIs z6T~ZEq+wR=Qg47eu8}r6gx{zf7axC|WRz}rxkTxNgvfd%f!sCXbsx;vn-`fAbztV> zBW450Vmgy}p=ttCYQb*oQh%k`cb_WTJhE6VpgV07bgdw8!e6h7VY*qB9{!O|3-2ql zsa2rlE>k9{LcK6*E1mLYpgC3-)Ke-_o-?#}o@~|_t zEklHb>wVHWf?V`&-);<(5YBX9)El>sBaT!QAs$vj6LeLxO2GWM)~D<7W)3Ml%0oNV z=8z?sV9+ZwBmKJO+Yu+^t4nP9Nx^q_d`;uDi4*XF@7mu%&Azc58KQymT~ic8%;8Vlg{SqHZSQ^(N7j}m7i$w3_P%;}v!yXS&CCMyuzVo3btUoGUR8XV z#&OxUQ$_g%aw3{LeRo}=aT)?g<~3Fg6@%wm8WtqFjjvgkIVyR4l=NlZ=XdL?OeV>? z$wr_zduB|2u+hB0W+Q+plG2-$tQg~m^zI<0Z&|iJJiSvhn;!_kNKHq*DG4u4|2RLw z=3gh6^Pme!7%42~gAcb$4WZIgMI4Wpu}*Ct93(u@izRRKz@LP%H3ipsHbns2O)qdS zdKY?IkQTd3T_{^foyWF3Y5rB3zJr>omJV;50~$#d9MXaJNEk})zFj{on##gcG3y67 z$?IYPVTm!Ogx09i&$A?fb=J9L#t{ji}}e5ir!vHQTy|y6dY6pO9k>zBz)OOs&Mo~H!abV_73={UB|o$5In^h?0(u#Chv*?A4|5dAGgB0` zb%3DU(*`akq2rsP9o|ABd`&*|{JL^5k*k)#prfV{Zq?Xu_#^D|T@*4mck~-iU&kJ; zGI{Noegw&VHaHh8{F|z#HKM$>er)G3@Ll656U;r%Z+&^Mvb}sS9L~STO*~0s`{TXH zH~s9|dWfmAQ0d#yQEcy0BB5npOf=v)jO2V*Lb|+!B|SojQ>?WP>c%QjMtpif#rxu1 z$F{eF^A<7C$<(MZK+D1c{CNJQnA;2XKm~<&&vHVd=)^k5VIi~)+ukGynIV=raij8H z-6z^EcJ@psI&V^I!e9uQM+aBH)LkXZKeueH+0;3~HJx}!RFsy!Wm=blChnRhPx*eJ zj^}8=(O_afCnVO`EpXPDqcJtr@Mc;jgv`gDxo5G(tgy0pHpIZ{I3+a0$iTWloR%`J z@8_t{LwkLsn65G%C~&7L-%Sf&RaR=SHS)L7sfC-jdBR|%RjD}_at*z z(g0tpoV_42F$NfI$DbwCGBSc<*#m2o1sa&(dW+Yu=b6zgGcQP7#{anRtUSeNx^)#5 zNXEw;%82hV=87t8Oj|$RFZ#T%Lbwf;-X9-!izAYc?JDc|mo1F5UotSzEW|)9L;p7x!qVHqjSn(6FSdu zf?8!g&t2MbE+zDwCxtbH(J(d!@MIx!Iu0RxWXU64s`LtIgX8<~sLFfRjWQH>0f(cU zpMImKzb9PI)OO^#zFn%+W3FqQ13+`dtw94ZbKE@`v2rD@Jk91eTxX=a7k-Xst`@*PqnwuJYL z(#82!uLhPr756gLMvsb@pCR>=m-4mE(zwmcos>a5b1KVEZC_t}Tav2R+=Q-#0DnS#Z$|=by{-_J{3eZ+VW5fzhzp7btgX=ek|3 zu73KKq_?Tk@Ffx4btC^kZ$yZUR1E^~GU!gXUQ{|iajoYAHOab2DA3Gt{&N7$*lGC^ zsAMT6e!#~emgDkrGBeP^Vkl=j^O-X$&9TMWt?_iW z$T6n599QJDSEEOpmTY2fZEbG-^5siw>%LFH6L|$MgaivgS)HMS1{|$7mp8Kc6m@Zv zFqBri)Du=q1vX2|B^t8j8NcpNvEISWKZ#Q`7qofd(w#l>cdSt2>E25P^XWh4xy5Rd zv^sd1B9|l=_IHlnDn4fyBu!uEmZ+7e5b2;xW&TtOS8U_Gs{G@_)6QKhbE%2x=7Y{# zFETp8VSSesEOqsTF{nyVcCG(JoT99yxo=KwV0BA5%G;v zfi$?z*@b)PK1!@dG+#NOlc{(ct@t0xB`vXd{_~I{W%QT0l5~J(rcxK`q{XraAkrS*{f%^`Z}P zX$w0~qUem$;Lv=9}v3ByC-NY&?au?OR?NpM9T~ zX+9T4(LR36l=xDD=yJO2=DD}6X#7PF?8))?C7XybL$W-~+3%{9&2A$eRL(;|@41m| zieSK+CJm87zvKV+UHp|B=6^m@HOe;Pge%<=5Df6pM76w8gd*-Pe}ol3&t~=dyeXmfyy6_oZ-U6f7{gAF;@nafp$3^<&Ig| zMMZ1OiAM(I+rNF1_HhVw^vW7gi+M(z^m<)HvsQ3IJTa419X-qeM++K{wcUHb9x;sO zC1T~w(2a(jGpC~eY87-IcSCP|xMWXN#E1o@i3xP_0PGG_kAZjxFCe?7#O`OKCHl{v z)0o{yGN@w(QuEqaTk*$VR6N>g=g@-bI)Z8xEl1@&;wS0hbW~@q0Qif~Bm$X&09e4>>D*3x|J0w-&Z_f#m$H%)+Bd+le*0%Eb5h$g z28K0-C^}wGb@iz3*XPQfD8bn7-YwQ|R0Pyy(9ne2oDi9=sgN*#b9;Y(d;hm@-}?JM z$&(^QL?+N_@3&5G&i^Z8?=`9Zj9(B~-f3^6K8w$wf?YJ1QkCPgxaF=KXQ!TGmCxj3 zD}<3ZEyL;U$^RlnUcJ}b*Y!XRfK{pa%$;!9m6Gy2=Gi-QbI33MHYyblK#qJpmjiEJ zfeY`;eL1Tbn|X6xwB#eIh3}~qVoT;p=dWj6VCpB?@O)A0#Sdp^hzcOZR~X(JK6+*; zuBr)?HO2XjBtJMa7yiGVbjMwQ{`X!0=l{Q0!2jK(+-XB@^y79^vvYLg@yQhb05^Bu znUw`YIR60yT+iUY@gtxupa{Oz!Vp(Up*;ewRrqm!P?PzP1;egm24|(P%`y@P*=2G?^mZ9`$qTlsR+T4oe)#h#T<#> zVWF{i9&zAXT~kiGdB_HZfoUR+$?n}kf;folwo8AaQsu&JaQTAgfoGVuf&P9vr}GSS zf6pzix7ofxOqU{3FZ^-wGa0Xjrlx@9^W@v5di^u5FVA1mex9A1B5A!)$fZ8Ri5d9N zYlDKT_<~8t+$d zx(LPf=_15MZePs*vwFb^I4<_Gsxc)JCZFMI$oBBv(wQdukFU0f4G<~U^x&yf^{01N z|0Yrkw9XZ(KL^}HTTZDjwW0Th3VGgUh@A62-!V`f)(i%&wybIm{u8XHI*c`VZ#9D! zm?)E;H-u52S5=kG{DMv~NC>6UgNIT2pK*Q4ulxJsu{qVeMCRNV=^lO25YRn85^E?m z9MOwL28~4ij-CIhmi>oy$`Y<<-(J*_A+pfEh*rx+tD8Q83F(w5-K$>ADgP%kA>v84 z9&-c;=9(iW&-UM}pfArap)u+Pp@%ngq&7TaP3O<^xAUi-sm5rT!fESNKVd|Mw@^n!lL+Ih0rP_2D5^74qW) z^8~1tQSN5CN8Gjh(s8g&&D#}YW=z^_e^Ty0R3iQc3#XUFPuojK9yXG$ri-PKKFfyo zm_35g%;xln{lV9#1!aT^aCEWw$|jTlE_P0_fd3leberT?z4~97LEUF?O8*OJR%Sqf z3jOGXZ*G4D#J_v?n)KPLUUcw&fs5K{cli4_Sr)2W6=Oe`e$9XT*97(Z!2k2F2JeCO z@--VTC7PIOTNcRL49PlXLJpRu0Z)q0*pkVkHKKuhvtgz=}bs0BX^0klZ>uLS&IL3~COIeV3!vWmx_ z_Eh!Fi}Sw5Iymgj$u`t5s<kyKqK%LE(jU+U_L)n7~BFI8W$>G9_WVVndj8LC$x;p&0pi- zBCZ@%u7#&@|1$l3bNk47>Zjo_E7}40q0P={G}U} zR#Owr-JHGOUjoT{RJF(zUz>GTre~|86?8yesrh+a_ z_v5I%_v)iq?ogx^4f07J>>DsMI}%b!t9h8oyM2$4MQdxX33#1hLZP&7!wjYHddCVTe{6` z77vf7uy6^1tQMPF|qfVZmkFi79i(Nf87tO$5p_}u9 zV4*jc_}J;?AAFk*24uRIY%2Ep>>QP`-vQ1w^L1kuWh^kKTpHKjeo$`mNYF#V zLREiCV`4=>MD1;ia=D9(StRueZG>-rC;5NWK3|h6ycqa7_&JDMEQ^I*wZw{#i*@!s zb`t)TKjdV!L4Ml;V>GN9xCo=jsI&OGk^arZ-rQLcxb*9xCK!5k6^Mm3uDlgTj@#;k zaaF7bg( z$(bbYx>^l)w+@uQx#`I|(9zxIZFQKQJ0I6?x!?PBQA(%yh)*h~jN)5a*;T$4(iLi& ztY7J=xGV?jeMKZB^a+KEd6^Mul|Sgx5_xc|*8kOCVGu5>Y4H^Z=RRSh$KFJH)Kr@} z+J#Ke*o8LuzZky+kZ7yQkbI_gAVX$5fBduBXa})N^60@aX7!RTZ~G5Qs@=Sw%d7(A z<)`#C0boCi)*< zOjvJieDXSuqfp=TA`K1wNl8{Bct}{7Cp;|71-J#Zy(xD-P{)x$#G*P_K8I_+Gw1ID zkE&`j=pIj46SUK>jnN;7&7jnNmaDSo^GRj%=;=R55*G*3n<+m;-wi5?QtrXv&@GM3 z4B6AltARg-A|Z5|jfZqFG(!*A6cG!zi54%pP!cG_I%ke?GS36WoZ6yg?#inq!y=Ojfk#_=!{O8&M~#QGbG(M<(>6ly zy8_2^b|}eOs2cP3l<+#&6UsT;C6lxaMer(UsDtBAF+nI5amflWpb>Ml%tSO{aznrXblU8n|)h~)IuVjFI{iQ5?R zk>b0o185*=oq`{cM-II8s_CM~wU|Kdbw#RHoq+RP;3NFvI7XS-))t1d)zO|hxHC~> zt6o3?X&)vdB3qtY(+;qYFZkX{&hWsXmR&?f=E2$vOs1t@-@%=V+4w*8)c@mj%T7GM z$46}V+#|HD#{tceR5^Hg!vBsTkSnynAyfSkFJ!LIT6(zBLZyBba3AAVTETZ>wiHU! ziX5YdGCRuw&KxfcK|PUh==<=iSbHC9(hUNwh{w*+QdZq94pENZRHD}{Y)&1+z917s zT-qeo7f*y%n&BH`^2Jc#=V4EXsLG9vZs3m0Gw8YbDf^!J7&FP-cT^|HFI6v|m5T1JPHBAw?^YQWccLUOHAU0oe!H z1z>6GsGG#{V~><@K^!dlNqKe1rXG-xjvYyB6G+RMR}Bsh_MB^-Knb;(<Hn@({4WLCN%%F5&SU>lp(pnK>+Rj1 zxe5iQt{svJRhw6Rzn; zYl{n3j`r6wqk*KuP30U;5wUg+8Jd*MpY!QZ3~OubfLm#K?7J7n1{NUl!JCKaG5xkz zscL>K^-2_2mSi(6J$CZ66+9>-URrzduKkkczz1(Xb_F7!Y3NvKj$I|2qr$()>L2b?OSMp>Hku=6H{( z2F5YOJ=jNB4Wk5;|Iy?0ig#DhX&G^@^HvppiWLRbKfX={Y<`jEfx|%}ggzc_ZasvH zo8#OaDu=0~qJ;&jIJK5$_H-37kXy~u$PF}lqTbdrE(iAY;O{&c?p&LI;y?qYE8b+Q zLe7bIGcG~K&`bR@UO0Ye1}I#Jf})=tjBv2eum|_t99%_3ls#!DZ(9&Wv0@P9576N3 zlhw3-S9QL6n4=@}_ts5R{dz=O^>Mfqkf15SOb?#)r~e$NqB2p^NN`?T4jri$rPtR7 zt}0ZFYoVZ()Q~0>%mM)(Yv7jF@8m)67$wcD%~8eh;gQlDz-?XZZ-96?w~)gK(*pTm(?tV?(}y8I%QwS@i^e~{bX8HYd--#v(!L(QyW+l(5VyW&hucot?aymuxgfw8IFyu>RrcdZdwj8JYZTsnCt=RWa~+hJxWK&3cWAK%9CzeFjM{JO@W0mv_eu)wx_=#hcina2MjWT#J=QyQ0pIg45Pg%Q2wGZN2(_GU zc&Js}@X1_xP9ctMz~UO9`czw8dNlWehKqRvV*;dAvWe_$`4FbRKR=MS*B{p|a0Ar) z(Wxe&q|w*3Kd;(U-Lchsj<8@EoMFBIsBcli3{gtmi89KP`iOX-r+@OV*@jGp;&;ud zCw3z~E-w5kv$VvP@oXH_u(s1EAEL^;n-~tk#e^Jt5NN)pctaL?x{WdG5aYngN;6EZ zpPiLK{?*mR7yi~dRS;e>QGH9qv8>->8Z0V^-J&&rK{355BYb^QZftU7See8ON**lF zI?O%7BQw{(Z5DC8Fk`<@4Y5L4tp(V+z5Q+I^OB;lG3Km<wUZvG~9jbM#|T$%75b@F%_gTV15U2hY23>C{8B^KzS ziLoQhXb|NW1T8smRyUx)boVzVMC4tRLU0$-eQh0mV#HQOhV5&7s#Qh`7zdfP+y;U1 zNxYb&!6w1XmSNmhY%O|wYAmNbfH-dV)5)batA4M=9=S%0^3m?DGnjVWi^4kst%$4Ny zi~t4i2<~d+@RdLs9&R?{ka*L{aN!MTnJwMSKryBlPq^kv2o+?WTMStnsOGPwC1Fxb*SfK61?tT`+&ib>}7OZ&iS za>8MUZ=%tnxq-}~*+Uo2va2quJR%6|IY1{55waDzdza0FGPq>)ieG? zJ84+#wt9ZPJfoQO=fLRl0os$L;5wSgI(HqPMcS9UN8iqK%+UqhL&x%e$6@wN=Hk@M zZyvWRK2;fFp4IjV*(IOeSq=_HdV7Zgops+uMKDM|JzsbjTDW_>Dfccay?3ai&s@5% zbnE-Ot5yrk*>K3;xrg0(HI<2PCh~JK6UUgHho~;Nk_pHo z{+f98VB17b>n(3@Z@zk<3{PkkMGA|<%oh3B(O4Cq&qwHSR8xWIT#&K``m{F|<#M(YCxaq!l9Otvrw z=pG*99o?*^)!--FB?+;dLx({@L3D4PcBLM8EWcpVBM_o)lr-!n4n1ee0Pa1lns3dL z@xqYBslQ%$m?E~yPxt}c1Drq{*f0YFwmH`>U|iyz1wWTJ8iii;fs$FBd~xb6TF zt`kCU@^nl!&B@LuQ@TRj^7#l5kg=T%dSn(fJ9eulxN4{0k}5B%Nx!wB(U7eWm(=IM zAc5OOvs~+mOmuu>y=r~$97nm2uk}5EyeuDogf6oL3M!l6fZ}lINaOD04#==R-A=$A zp_X@LwaoVrQ7OSf!>-_ls7e(a!h|$Tc?Qs6F%SPA_P+D4sWxl(v7(|PDxy>iMY?nW z2_g#8Yl3v?HAH$3Dx#7CF^LXi?WM3mlJ=p<4?htNVGA>`zlcV^yq=A3!X`2)_k z{R=xcJNLcT+N)gaS_|vh_2PFHr%4%Eo6`+xJCeDbHr8tz{23?2?bmyk>qkwR;E5fF z!eFjF(gDja>DqniuHayw06Yy}Pl_K-@Cn_0(V;p!L+iOM`Z)vNs94KV8m6=?86&&s$W@a5^?RJPXmz6V=G{5*V?6YMm6{#kOcR^Cg}NrwNzj zrb`y^h$ADAQwvpgknsj%?NK%8WNA4UGP1mdg(@&&WEP;58X}bB znCu@bSe{QMH z6s7N^TO1dj$+3G(!>9)qy8@>B@;D!=_3;6Jb~J`m+mT*cFd3WOig^?L0fh8W7>I!3 z*8;leKK^#}@<13{NfwqY{7e<_tsU6=Y_Ri&re@WE@+p}|KYn(v4YnxlX2k^FJp3JA zXA!(pE;U*@+rluAQg92mP+;EV-_5JjK-`G#-z{IrhCq|N$$b^T?oc&lae)VW&ppEh zyE{_MF(12uA#?|Z{H$Vp8V|i$PkqY;$P+p;J1WA-F+-2~!lHkjmOJWE^NRf{jG_J( zjDIB=zJTWq*NxT{EB^iDQBXe-3(Y#uH~niHqPN?1N1QYMV^dQQ9rl2aS3mdVH)HCI zhe$95UGPz>FNLr=i-?cacky)bcRZJNm3?Yb?zYp2=N6kzebaHrmVApz&E_{-Lqlc} zkpbGoZ9+?_jV10Klw4w1RZ4>eNYD7Dl2&v;B(l%`{`Lgxb^hgy)Kuc)h)5u5N6y&( zzvyl#({g-gFFtSnet&mTTp%@LLE^8-SfF`{%VGf+AGZsC&G?B-pr15Rk$vEy zu@A1Gfd<3%5LM! zA~?nIpk=;W(?8MtAZr(}Y>9}QLPuV=FwQp=y6S+h+Rb_=B-A6qc$c8Y{cICwBS__y z)I>EjY5&-BHn=PyDsG{6p{IEl_f+zIoCL@#*j5zqz@lUnYL5B!YCw1FW}4LV1+I{0 z8=thb@0&xG>}EZ%n&Eq*l~1n<4S1~H1wye&!(eUC_WG9#zza6ESnraPz}IirGS7cj z>!$%Zzbzu*muC8U<~roaW(S|=@UpR~-kVp8fPwdg#=F|})SJ~b4rpE6`+>G0UBVGg zL*Go6y~{5;Fb92mxTvpkjFtm)9MT3 z*b{#W;S09rC3TfSp~7Zodbr5U zpc7o7?k`!Acaj+HQe6)>XWqw1&)U_G&X5K$EvnXnwzuBt5uf!UdNMsie+=5|BXXro zmX)pMeM4SllCs$~H1nIxiRz6Lj~ST7_^wm1P_nweniYC#O3f**8^>)cdhgy2&JYu~ zSXxEPz}YkE=XCLUd2smYy)Y*4U-ZZ2*{7#pndCW2+YgBX#15F}xzQRDsN0l8Eqn87 zT|%tsEp+;5=stsaL1Inpdd&AM3|uoJd_6H~@4l+eC602sdcH5GuG>X~Jt;m19tTh4UPmm5+>wW1*aGB!Eyw5`IP}l( z;?CwJAp%e2aPY3BPp|)MJALDJ>6JZWS{tXTsMF=FMt%o7zz@Yc1RXA)p>oLbt#1|^7yJ2sKR#FZLt)bQcn)@j zX)yOoFdcKMTly8ts8o_)k?;EatQ%=?Z7iqAN#uwxF=+e~2zPziX=L-vm9B9$*IkN$ zP&w&G*nxI9gU*q{QL6oDg9$FYmuU7~#vg1Xh^OIE@V7T|O1a(~+GtU!(_EJNs>l*tJ5#0twv#EIcH20F|#TZ(FERI2;^c!&y%DiAx29+Fhb!hxJZltLXT3n zet*P_jhbUOh=(uPAc$!=wB{^rI4F&12WuAKxfd<5%A>jtf#Bt{5UE+44z!6P=F-97 zL#3?{LdT+T1a@mZ*jD=&XT8ABm_WF?+K z7N4)tSwL)*IM?^HEbwYW>O^Ym3=58&kuCO7J0sT-A|>I+E+e0l^!+M;JdN{N?}Dc9 zm>g$vhfAl-jg{QXAtiua8o|kE3XPDXr>Mx#fdSG%z2YK(%Bkv)D6yQ(i8ZuN z)j!kED^>oaXXfolVXTtE&S9F7IOkzNn*wbDWXvfXxGPE_Q0R()v-75ND87+cZaS&R z?m9D}8_R1kg;Za*?ubO~ERo&WFByqo3)sZ%T5HR5@=8!$WHzHltKC*8h1`vN*4Tr| zJgMLCL2EWYl=11`e|Ltoytq_q)O12&P>3h&eq2VBq0pG>RXUf#gCEeQG4Mo!5lKk( zV$?@YSwWwRS@lRa0?`@oa^S7IRA-Ne#&gF1SpNZ4oa*KFlJy=P1R|tgJ~P1l=pnx% zoS4?Baat0P{t?_jL%(1_ye&3%`Rb*H(o4 z`+t2(2-bhDypAncJ}?W&vv)Dgre#z?-s^0c+#uU>=jFF?aaD1{>oK%h7uSuMZn*yE zZ0KmoTZ64T$4hoc56wQtJN!)fM5l^=xHmmCocq3*=muDL7P};mW;t4szbB6R8TMn+ z+cK!{><8ob1vG;vHPj0Ky}vQ!HC1JDa^j4hC2BOd4Esi?1C~>cwnGL6f?tenC|t`A z1xdR|1pZtZg`>U3&GWnx);m$8ZVw9)l4a|5OR2E%6p7^AnivYA`Ka#Ck0d;niv4Kl zeb*?CSvcTSS1temiChzb?aRyhEGbZn6W-@kEX}Pl6t=>v>rem-qS^_Ed;fLC))PPt8DppG0Z7R)05;vx%N{0%{wh*7cvdc4I>0w@H1*Ty*( zFmCW($X3z;D%9dOU|HVx(X&txvIOYZc=&U~*a}F}ZuB&L+1ZTCyEF6B%)x7u#rk6D zC;KOvG;UiXwd2k$ZTUSbET)M>lmx96bt|s^iDxjqd>W>;c_%uplHib%R=g<4dF+Uq z$pfq`a%}l9fXCZ@9rmD}UAmZEk}TSpUA2+z`E7laDjxLu$FbKiz|=d`&5_skR$#@> z2Z==SzZu*OuBfJB`_2@RDB?GYqP<@oh?AlRY-} z0eVr>oAbtsKk*tYujQh))&*bRsbW(I*4hd#&EgWc>J8mn-)vN1NbUXGoETS0N&TNQ8kVvi4y zAII(9rp|7NvSW>$3&kHw^X0->s2_M0_Uu16^=K!5x3Lf5=X+{NK z>J>_gM>US@_c1^~X~}qYaZ}%DWE;P8V@N&m1U}YDRz2d#bs}!fuBX0$VZF&s{52%X zeBMHPBq()XLE-rKl~_Daeu4dSWp+@|B7N8{lZInYYI%`yru$F#n}K$ZS##X}=K8uOOdH;L~B zp8^8k-{XVD_;=6tZNE7CIri!rXRd70u>rS%x*Th}MBR~>O974gMU$`SBPw8Vtj6aE zcG@YT;FAd!BhRJeV(Un%PjJiqiCD|0xQx@dr9k51SAxI3`3qq8yLu*H3hKesTlcJC zT1TqNx!VA_M|ExXx9`*FR^L>CBD#ZRCymt{fTYD+w_ufG&NwB>x)PAMp@WBTAS9-W z*2g`acRm8X3`%vi0=|0kWCq``e6=q1MiE1!P0*`}mYu|KUH0PQVs0jWFI5KiFSG(t zqr=xY=JJ;IjMUL4`pIrh_GMw9A^IMd4C!b0OFlq7X|PLOT|m?6++7j8 z<-;dNT_v=RY0^WbBZaO>Vd(~|w``K9B*^k>^Kyvm)Gc>~U@hz4tJiV9sloTX{FqdPnFL!(^%l=<{D0%7kb zVTx7-hL~bIk{lz|`s-ZhT=$~!)O!Zzr`PU?WrlcMd4||MQKzxfUA=eiEn3~g+#xaW zJB`wUMii7M3w|RPU$luHyT%BrS?WtcC}##7sTN7@F5(Y2SO~|`2Y@};nH^dWEPSe# z=f3Uu=lzpBWHMzI9!Ia>F}hb{!{RCztg`fy>0)O_1JjdAGHH|f`Uyo9VfAL%tdeBzA3^K`SaQifC_*j!^?NxDcjM_%ru6>1_lBu#rv zyA8#0t`ma~A@5GH<1)T^?sg8{*xhX3-FLEV+4?<5gLKf4JVl>-r1^kZ`U3RodU=#l=N60|@~E_3pC#{5v-a+id-ef|keZc5rDkPxu!2gIvHaRX-3==B}(Y zW@PnE@Sl_}@v%8h%n4(C=&`?=>G+Oxt#)_BOm`s4&EpY8VKW_EJUYi^qZ7ZtV{=eC`vPfD-DLntUw8?^rmIG;S++Pke6~*{W6G;n4yFP?o0KfT*iB zQ5pHRMkPG}TMsWUQJI8@l86tWuV1@GzOr#ZX@q1wx+$IsFZfK>x5ju>O9zr-_@imP z?Qr~qI!j7+RZ~-Vs8_E0x2}8-VegHJmd2=>nw{9z-f#`@`tO!AW2Mt~zj6ju{6-w|Vo+0;v^v*&$L*z;(@Cn*G`lIQB z394`kPy*(L@`I1`b)5Fpt=C1ZlWf!=3&HgJ0jf^kg%;~fmLEI6n37D}u9RKfJ$&6X zCwEcr^=|(?!0=%}aLjSs>2Ko7KHmo6Rf$`l4YSZNZ&v4M3}9lgGR7p$#+o~Hyg1oV zfHgi;ay4-856IpiTorb>A6T@<5}nk<%R{LN`Y86sy+`;Vm7&mBe{O&f-F`W~?Cb2u zit6Tqi1<*!ZZ6!zHTX(wLmgPwWkTKRJ?bM@FZ;SrkcG%O1UA}x_R`ta_eoxoyX%HN zC4q%Ba8vOmkpWlLP9TBmjM{Out7tg;6c^>~chpJh{(3)kqfqE$TOyS)uO#l{EnzHc zEQdbHeGCHJL@{s`4Z@q--x#=i!-g&Bn@g(|Xd{VN6&O@O!0DQpR``CjQ@62p&;v0( zlTc8TF>}=IHfnD%h z@ph^U^EVhisCeR89;Q}QM7&U?*J9q9VAtzf=-$zo*G zZlU2_-Cp(tjATYPj2OVv&FYu1FKY;_Qe9>&=?!PK>i1)Mcr+chJ9A8z zPAERu+9g>f)pXjvAp9NB-Ea^r1EwbZoNiHEzwSv6EznMvJ@?W9IHvvv*pu6xt@;+Y z`6`v+6+64eSFf%lCa9Hf8}0^`6o76HBIo_e3Sk@o5Gy2XT&+7I>es$>0RR{$vE#q- zXBFza4zqBs>*3*Zq^cugnGyVcU4Nf1y`Fz9<|lg)m;bp3HTG~^ua6o<9yLBq2Q9p z=}h()EWF+AAxTztcLpZ3qcnkOzZ1)!yX2)8GFNyA6h!PzqclhTiQ zW_!BKWG|4%r>(EX^H8~zo-8b%ai_KU;bv#;qc$g++$%;(;IQny%GN{#8p7*s#F3TC=|4}CvdW94ZX#`&A*=Kx<2J) z;_iu+2d3v;E{SuF-$ooY+neN2IL`|4U&_h=i;Vrnw4$dW7dpKR4CNo|09Y*Kt>64O zMxJ}Y?S7>@8O7#Ht=}RY`6k5wkhx}P&ZvY{#9~;%f`$5)Z0z}?%Z!O9>qA( zg|#W%Yh1zM?#<~QHR|Q_5-;gzc>%az%+1u#zl~<=&qG$qI%pYXrOCpSyy)Vh1Qm`} zHfe2{fOAdE?~Y%wXwKdycL6?|5E;Iby=vR`daKz%SR zNaOmQdw-*=_Tn($Bh1z1z#8uOJ@ZSWFupG7PcArE~HQDyb9**Y#kC+qs{TzHccKh9L(QpO+ zfzRGHdKgHnj&z${lIclgGUSw%*;_tCnnIB3Zl#s#)mc%5Bj9E`_&8E2H(nnVkibw|z0bmX4-3v~Wy?2nwp!-x%=!&-wV@Y18>z*i05lI7s-Cb@Ae7{Zh#|LCHE*8MI$izrRg? z`1kK24a5&Fvz<_I(vKL;x_$~KHCK5 zkz6!1HYOvPyjrhOp11T0|&Ogr8gY7Of|k(BX>sbS@_Zt z!tNVMy31@IuKq1gbpP(>dWh>fMWxVmq~YaBVzSTFP(Dwcpmaw9T+8W=XFYt;>1P9P z`=JmI=kl(>`UhcG)CaCkY;4QW9R)hxPGP;IV3*7}g${kPe-A8k_>lYYJ>g%sZ`IpA zHHo$CV@8sq>E87&vZ{o3!MAeGPB7STLIZ4RKU06ftJ|ms63{`d`^22`q<18uG0cf zW?nSteZiZfd#pWQYbqh~AQ}eeu(A?q+bsv_yy4njcf1dhA|V#jni1624}ZiC!u{Ij zWz)K3KEcPB9*yejvhEcrT)jw39zYiws-wq?tIeUXmwAinQCCplAq=+LYGrDSK2tZ= zB9i%sqsOKDzlZCQr0O(N_yP^{THKmTYYJDZPH|ad8ny14FSD|muXdf~Xq5IG$Y|Of zGay9!Jf`jYCe=I@QlYLSv~?9zR%$$4;KNW5k?_>-C_x%<7LIUo39~H>J#3VMZ-CK1-cjxGfIkrY z1E1c-wun7XaAAtedaO8e|M8k@$(IH%;E*vGQC(d%{xlH7?8JWl;g2rI!IjnX?zJ-F^D@k9V2^ zgVjb0`==vkk()ox)HE#j8H`1ZY;h7+B`Gx`P2qOKcS~1DJPCyW^;t`VNi;+b?}dqT(KvrZT*|_QYAA2y)$W+8r2!IbqL&+tKLL@z0}gle1GRDBzSLfng0Ha$5O8mnE%UU z`eQdeG3&3locr31o7CaM4sxEWY{XM%B1HrR>v3ap=Ds_)6&h|tgxy5A9c0 zkj7`#{SSJdk=`%eus3AG?k+9wiB0q36c?7bLYGA_ytn1@mrV(>4h{F8bbY z_n3vSfArRZ0%n5UJZn0u{Ku4XEKVfa+^Ht9=SuAEs~o}bOfzDy6Fm;552lvewbJwz z@4D9=B&V7gOGZR?-AyK-&6{z^0g+8Cw_hI-kKu>v`g`|=?+cEoi68Q$j-wuJ!SDqq zLd6TWc1G4GOweZH^oi9y+LSeE--`eIr4H~G>w^oc7q$iGD9 zrRmQHpI=3o^`$O%Sm&xl1R|onB!#*39$ACP)kS5wHW;2D(Y)`4h3d96l67s~p zbwD<7_dz-CyQ75TuwFKqZkoHN9FZVsR&UkzW#8(Yh;(+p$^_;_wu4|uu)8MJlRurF>>51#bs-z@ zjIA`laz-R-HKSM@U==m0^9ulD9hZ_P_0M@Q3u<29^K`*H&VDUDSMCBYirs)GR~qK? zR8ra#V{6gADI8F_cpdT6&*zV(0zHa(?y9;Ec19QrTS*?|FBqwh#O9@R&;dCkk9-fq zbU(3=iCD44GR}(vI2#WemZ^u`7SCmNr;6`X)xXw7&l?OsFnsl@!e$j5e4@Vb<*Ymd z#>c)+3XhWJ0jz%Q_THQtn^K9TkT~}zmv2}PledBo;V^SuSJeS|Dt1vVDS)_|&U7(B znpFM9Qqs5mJq-$VXZ-Z0&$i+!(+ieaPRa^dmB!LBe71ho>=JFq3YSkmXg*$xxL6d{ z%WBRNOuW-jR3yc=hwE9vtl2N{M74zgznkW6IiY8k3g_P^9w_Eq^>L2Ai^pam*(sb{6QLK#9 z&*_=B8O93?H)UUgcrNIjNe1i_U;l#(pd(Vw1bZj*eAQ43(*{2ea)+O$)P(7 z3IWHT3xb0e`lL_h5_(BtVe(Wtdv3{{zMo#f?BbQynu*g$0Wypjo?O{{SaIwndrR=u z;o5KMSV@U)%{Dj>ZnI`R>85gcVDQ{ebhG&*kFm5N&OnK|JrVOe5}s>S6>mgFNQR$B$Cr%2MSPp>y(0p4@qR2oWQ+S4B zzQ)@>{#^n8_Q~3Zr_YO;NFkI5eZXS7;j|aaC!0CySGjWf@ zejxbR7&#r(2|XzxxHYVFN?vAWaUGMYu>N2XsUTk$c^u!bb~)Ks>TR z_$JZh2n9TyBDJKb1pM+s zc3g5pzLvn@ES?%Sn&#epF}VS59NFW@V}=P1miKEMliS^26>lbN(z`Zo_QNbF>z!9q zC!xd3wyKssvw0gT`b*}2TB=c#cQ=R*iELynCV3YxDLlbmbd5+}7|c~{^HXh~%C_jJctOt97Ax$kS z1RRXKiwYWCf+xnBE!YdsQ1hjOiP(#0ID>-cH_*@gl{JOGmQU81RrV^z-FVko&a&#l zuuA);wLZR#-%rj51xD4WG_3ee#;M_V4NAFUeZ@ryyQ#1~&GyOQPq&=Ef)pG&60kE(8+0$1av5ErJ1vOj^9dU) zCvC^ETYf%WyA?iDpAKG91SWpEzMroC&RcanS7ml5@y<~84r1sO-A1CT+e>OQO^cQm z1wI;@`w@g{j-egw^;`kVy~$(>=LuJ7(atXQJZ{m3ibqi+pJ%N`Itx5kMo;5wq zm-{<{7m{+>P{qwM8|k?-f$JsHHD$joeowU*50N-#ebNrw7CS!})3_$qC{gX2Nu%|^ zy^_7XueXHL6w2Og9Utk!1YeJvfhf;0Nc$)mkEMZRX~@wRCMv5$mHwv#aJ3^-R(7XUKV_$_HRJ z>O7RZItP7XCLh!|E4K8$@)k3oCH3GE`7{UWZ=U4;rlwCfFL*j&4)NI4pket3*7Y4K zT3X)j?z!q`lw8e#fN5i+?v|6IL#a&tbc!P) zhJcmd|LTK!Nd8_u!$@$L7Tm2)K+J4Nv7T&)?x)1EA>xZveTrbAs2MN(SYN84?*SHa1hcpQlX`U(|>3MZ+?HaG6m z8FIL_TFMbu4u(`<&7z(YCXmF?AvW*Bd#mQr5t1SzA^^WYd=mq7cf^8Lu$;{Z*cc;b zo*BL(Rr{vQNO6<`J9)eTugx{^WG}8aEgzVEf2shm-9(6d zcudHkv+GNqtx_Gaj+D7ik%7dY50|Kt57@fd6>bGSBSLEV%o`X412jF@=^xC3oZ#aX zyL438y?o=_N0Vqq)TH{ykC1BW0u>+-=G!|TbBY)_Q{eHnY;#oh{W1WC+}`}WXMXH! zH_Cgu23Fs5UcXg3{k(?Gs(Rf*5Q+Tya_qKDY1c`o zOh7{F{B(ei8r=ZWaja1PtHHK|``1@Z>eO=n;_Z#$^}4c|x>8iIpC_@woN5Kl)e#V0 zJxXm+A-DuAVc3_1O;3Ky#g2%+$B{VE9;pGJG_QV6FJ;}|43cB7aZX(g?J+-gP|p2k z+NEEr5^}>EBE8#lq#JN-hF4B}IOAzGP{NY;EdIpL5|%N}aCL9Iy>H8tAYcducbHEv zsk~Y9u(oU7@9MS5964C~wrIaOW`|%mfe>9>6YI({}$ z5A5lnp1d}2MFK|}wi>;DzraRWJiCu}2>e>=gO{(tmX7dRcXSXLN1FO&$R?U8#U$*j zdT8HIw+@c@tHzXBJj8#$oc93JKpf>e_dq#P4Js5atitBDlEN+x)O6L-qJ|sD98QqQUXB_42m8B3V$(`F!UG`wO9kS$TIHLPjT|Pc=5Af9O7VN%9e>mJBs6h+%zfx*D9y!H7h#C=C|51bNjC} z(?Br3D+~Z^bkJ>)Qd{T~^O{E)KW{IXYjF*)q2BB?Q`AD1yEoy-OIz%F)F54$HFek3 z^Yi0T&xcN8&vNI2$sKg@WOMzEFQag5K(=6+-}6X2t#SS`ORlHsV!>_(-n3w+Sv9`S zhc=}S7y6Ybvp4_|GSj_IwC~V}3aF>x7^@GbmRI|7w?`h-Q>+aXTkF~>k@sTfGhAu8 ziJUumiZ!c5rmoU3VM?F+g4J|(<^W7Nq*t`8bH9VP-aaeS!W!AWf9NQfI;D}Nb+VwknnlM)xz^ypJ_(3-3jjEo) z#$Mg3O&5y1)DP3Jc;sNZ#v1PSHK!JD63{9e+ea*b#^0>Y?Lapt)^W2ZS*xB+kpjE- z4yoiy&I^R^nBX?zFDfpideqDullL))@nWUG=sV?8C<`n;%?DK9Qco{rEJ5ufpkCH| z#)I0+RDWUodD+YB$IY9B*?i6G70n(l;=o?L(VtwViD~VziLkAE?39>PNZayuG#>XJ>t8y}S8%6A+xfEiwwt z^K?5cwt5QCnM3z0{FRf1x|1CT$q{sy9|J(wcZzm~%KZ8Fmpeno`fQLi2_J@3?$uejWAw95|nImK65F!X)gi7=Hp5F z))B6H?z`)R(C%-*?sk(iPcV449>~__g*tg5q(X6>&|P^!OWjS~40~Pi9?QjI61Sr;f8iDlmvb-LSgbNA zZeV3(4#~M?Q7Sfh866coq|kI&$R<&`VcenXnutA27hqUxXa~-wF4}e65S=dwihc9L zrm(5nnIod7M9RCZ(qpzT|~`nAFPGMq&oA&D5w9BUBek=81V4y(_@K z6Gzvo@Wp1lI6DvJS1$ND~ye;QUXK}1J*(q=(?^$FI z(qaIMz`0d-c23{l(I^TEC1M;$`uTjuwFyV;O5};{^HB+}-xDFWdvV6}Es6@CcRTUv zKOwoP*m6LrN>Qr!b%Ia!I6Fk1C2x-4hH|i|^)0&YplH!%4VmA$kc^;%JF9lAI!UsU zd9!W{RpX)%%c1vvd(B^L5Pc~)q;rF2j#}WR`wO?7nYz6%mzY~o*(>M@+dbdSV(^#F zD%qg+;_P$ud#O02Myf1L`>f9{zle`XUi-CIEjIT$o>pDB9f=G8X$yb5o=PnBh zD$a+$nCEYg3>C8aHKOIFl!fzSW}QhR<&ufzE|V2*)*Z~fNkdsdrkh$xbq`C`f(Ijo_EJYXsX(;sAU|}GNvS>5?j5Vgv+Yo zwII(-AoHxuR64xyvc)RvhESbblZ|*z%xzk9d}&%?C%s8)5}{PFUOLWecI<2Pey;HI zD|DxBePjWdu;UR)?vYbHKeqpyTJL~g@PRO=26KuM!s(Rr)?C!J7q!!K_CGlg z!N*OfV#0G#17?j7S%9P&Ojski=CE@bds3MB(Ch|d4aC%KkR!cY#kYVpP@-g|H2@Q# zQM#J4GtM#Pm1^KZ8aN?z;Vm-0m1;A)vVZSkV3@rpg(U@IPDx+U93R)R#NZi3t~6?d znwADADS%eE&j z4>w3<>b!a-;bnXbkh4yubt~`DgKhH*DHc5fmHgoUi) z9%mn`&%SITSsrtR{0+Jg0;)M$?P1K7+ap>`)B52)S2BB{Ty+-tS*Zvmr}u>)+xJ&r zU1?!S_5Tu##DDdZ~b_S4tanuCrOr_pMB{!!^aiakdf445h|-#080` zKCd37O-VcYl*rrr(Ad~@du6xsL4(QMweu$07QJTsC~Z5l?G-X^N`+&L zD|*{M1O%hJChY_V)tC}fFgL5}-~BZ49$Y)0J(}za6)F?g4h{Vewu7coFJJ!x)5opu5|_$iB4bssrL8s z7fJBDCH|8DA4oa`Bv5xKJ1zKL@c}#j>a+`!VQJV#MJWTlR=dN1;dN=jQ`{2e}3zq7nxcYpL?Tyf`^HRvr}HKXiw`~w`L!7tQ|TtI1W|K zwTI`3{7d4-rSYu>f)(O$_TQ==|6K5I7jTQa^B@>Ytsx=G`T4)xIr03oSc&U>-;wKo z`B?wD+*<70Of+fVMGo{YYyI^KKX|TRtE&I}TT}gC7yHjj_-A=S`}BLz`bg#GtN-*u z`j_4K`{|{=d^)(s^Ilr$|MbWI;IL)_E?zJ$(H^L_=Kk-){J%b_%l%Wd0R94o#%TPP zlJh^8d`IHC>wpBvPe;c8Lumf5|A!`fpU(dQBE}#yOjm%m2 zU7bAU@0n=+PA9eh2T}SjVT5aE<|>B7G|N?KTzPffR{C@*?CC1~V}e>~@9?=2kg_W4 z|Fd%Il$_?iQlSQ6=J*bFnkg=JVxN6|)=BlQ`HwDvIx$Pcdyw<0k!W8#eU*z5Dd>F! zXXk~#(wDWyx7r=zr?nzZnA^fztqX1e0CtKNMFg@2R65+Tgo| zH)u>GYNI0HlU+1e5}B!HW*ekmIx|Bs%iQ2jVG^10U2UhY-H&Ho1&uSrHk|OFr>wTW zWrdtaiGqz4EiGx~yBk&;G-{xwW$E?7EXq9!`2g>ugX{;XhiInCA`|SyG(*nsE%mqk z#nXK^x^Tz_UV!nyBEgMWjQ_AMUPgD{AK(8iLP$y{!05eEbHTA&98$<(8G-fPXrt*{ zLOLvI{&T0;%TA1!eQ9GU+v8=HieqA?!n!kLOMYhraDI7%&dxr!{t8rS=f_y@-)5Wm z{PwzR3VNpWZ_!X6I4LzYHa0aiHl3X~s{P?hPViTCHM^S{h`P4h$$w$4p0YDKOgAg> z`)J`@0V;^JSkOODI5pyFJchyWr0~A42<8bhGqZ?=ZlmYqZe9;a(5QN&$4{N(j*Rt0 zZdtpA0Gx&oyk02zZdO)8E^}`Ti$QF93$aMMPJGw>m8Q(-eWxYC%_N}F*541wSj932 zk2;}rahW0mYDz!tD-;fxH_3XsQ2TBSgnJ#YC#w`_3f&fU-_LAO>WI+BnMVww#kCdu zexF;;H8gS#+Mqly#bay$6r!XE3xGAg5TAvt-@9yK{#pNIPvI;3AcHg;k%Uh#4CjOe_jo?>tpHKv+`lXTb1$;BH<(?8I{7(uijMuUd zGR++cS48aW-G%x@eMgUKhcT(vI<1u}u5~oof^kihe!l^gL6!)rspB7~4FH96zqohMC8IxGie6j~vIo(s?AWSE@YYWS8d5 ztupc34tU8}(@qs?{#=F-o0F^P_&dN!fYu8ezGIR59@GF9aX{|c8UKY_WYF+*O{p|Y zGh#+Y^?G{J-J^ZCGj{NVfg!2a=4Ss;SQ=WX@TpfbXX!D^e7Z+#iLx;|Oi%MCP+tc0 z;F?g~c1;qxTi?kj_H>cOb=Ej2N)&3{+y7++&E+ZC9c_z@VMLVwNV#Mj!G`F7`6@pz z_QsD9%7TmBe~zv|huRXOSQYNggQ%2VYh(iC&jT!agpQws7wyA$EF6LSjZOU8)LK>X zY(HW@7%{AB@>gev=KB`d$rM%e13gR~&O#KWz-QpJBZK!A{kI?WF5-G&JMGMjRrnWO zY*!|~7!*6LRbcauZs=zf7hOQYo9>hiFS6Vyta@r14`4#3v=;F287>U7?ethpibTdA zBg>WFgB~nOxEDvVOW(T>;tX2MP~+4;`e+Xgc->lZu!12_Dd1mpdY&qPYy9y_`HUC>=TYTu zJ;n7;v#XPH8hr?@Ra@7 zx1oe{0ugV|(K7%6p@-m8&@*Bs`2{au)OD1=2c9}owH35&jb|O{l0oV+PyX>1{cpkl z=O-?*?}iyV^ch(9TMW;wW0D4j_-|`5{lg6W@h;_N;Q>vi%v>hP%cGJ%)En}fK}*V+ zt{38(dDKyBNyY;oDgCeh7klp+4`;va58o-$1d&Aak_e(F7`;Xiz0P0+5qqqihPk1{$V(MRu$_P^}&?0xpRZ}&dQyXVDuH$G;r>sMA^-?i3Z9E6z@ z_9$UbgYL5ktphJfSM>#`)&>ocmDQQswAl+wUJL*r|SGj6NW zTyOuLPEsX_GbC@Q!!PO6Ujx(@shsJ*R^1mNjjm%Xz*qLJq#(BpJ;A!4B>di;M=-yt zBm_V%l2OwH*R1-xa6+BGx{-x=?KEh9zNnsfttt%XIl#jWH7^VP1b_^w1xt+nlivKx z(w@4I=gg#HWdd+-1dwA@ZezI$n62yW2Gw)MjPU16HoU6wLPBG^#pei_ZHl*FzdO?$ zl5#D8v8T?VqULX-cKm34S$we_nOvAdT&9S z3(1Ry@tA=F0{U3~3!Y&~Y!v>}`Uc$9Ey8wdbbMcD@By{s;^1Y9Ww7FZV35E3OQV?x zA<_%e)YPPN3<_Nua2mwairn1>R7!qx;)f})k7M8JB`APIv>}G7UQoGU-2Bb`zgg)& zyRZMas6JIc7%7xqj3@f)Rsvfxb=YT|ms^Kvr~ndEv*p#7%?wFD_@3i2xiayIcls+dogt8 zBF3smAeU>0O7`nZ&A6*Z_9)f=q&WWFI665*ze?T@1~tm8}6nufR zSKOGf$5or3&p!gV7E`hU+40d4}z2@7Xq|} zH4M-sk$+D&maUEgU1p%!ve(&O{%#$V;P7S+d(UC4TyaV-`sjqtB?V0rN=?WYn zNZNnrhX3ug^%iU&3~M+gGvGKXN5I^-Ar+h3xU6V|{ZO9X`31V{;apXbtj*Y^<+0g(j@d53Y%A&Bb_@Vn}HtY_}JRCo5`p z-U1j5wrmm?&0~p%VF2(0Fw7iWb<$h@o|?G*|>}1PUDGi`1+4Eu@wT| zlah?kxx>L&6wkmxE$GtDom<^Yy7aS_g+AQ$cQ#{o#SG}4Z)WfCqN1>Hj+QO4=xM`0 z6;8{`}5Hj04AK6uFpyRDtoW&bf@LvYYbqTb*yu&dy`+W%zV{)O2t^~v}F&SXTq0pzYq&D_tn z6V;==x#ID?p15-e&{LbPe{wP^c0M)8zLrd z`)G+4X7kE#GQD)FMF1p{Xw0W80B`_vi2wwPMcA?-**p#dxPZeRRy!vyU_4x6!>XZl z9)Q0v2<(Oc9?_3{ph>1>vgAag->iHE&?FIJLp|#HXYuv-QbAgRJSQX-oBBQqDKzH1 z5BQal-?8W)fPT4sNJi+Mj_r5$$8LI^&(C7N`M=4NeJq=|Ujw3p5DyHp>v@_ph;iTmSWC z`E}?pdGi}$%y0aHV*D4a*vg-+Na%)QGBR)7xtr(Cy%FRg*bH` zTwHE`6n9v|DX94PG$!r^$E=jA_NLHx=X;M-3xBvhIcqym+(Md<8Kxs^jsImPs(%dx zaL4XrLY6>NTb}>}qrk8#lzup~IbPJxYxLQ`2{fue=iANQX&2Mut%l7U5t|e>DajYj z?S|33$CmAz$YXxNVcheBPKA}8EIxY6Til1kOAZQckvq2Vjt66$z0;XtmdVe%-b{aG zQJfT#O7VuRgp!wf?HVXgmK-hiY!+ zNX$1N03wx8GdJmVAI9gaS@?PhJeMT1ZFEd&BOh8&a)!DStKvRpmPn)44_#P9s{O zD#C0|7J16CmHhRhVE{kWATivtpa0Cgm*P9DI3MqNJ6DA!gEQUxYQ%UR zCh(Y6oPA@^!Dnfsy+ai2YiFx3y(H%&##kuZre}bxe%*24WLsjXbb6Q8|EedSn6 zq1OChzk#-Q!I86>#u%M1unL0#yD|=4)5w39I{%R(0l5K4$5nO)(0YyQ7nsV8AKCMl z`T$HEyHwp!yo-YQ;yWW$-I_&3jpk6c2Ws4VNxz^r*>-%ZiLxbJ-oIyvI95^w@zm3) z<(O7-tNL7-VNiWAW5+>V!wt4}s9w35C&q65!lwOkz>#5px1_tz6AjnT@MidZv?HXu z2T0qAdd&(-Ng+lmtIU=q){@Bq8m^PtLT0S*AMX}wZ)9mozR2!BVc&b=heiz&vUTqp z4YODJE5NXUcnqV|##&JCyPkj()VtY-jcwd^UyZ0)SxU*%p%r5Wsm&5kAXVRL6IJ5f zoUcAy;!`2mEqR{D=jZ2pPu!+LB}S&DHan-XiwEL*INL@w;J+11{Zr0Ifd=X6a$DP7!ZGMdPbkDWaEC;h$g7Dv zP0f<~F;Tw!-u3`n0k;*}s^y(8hJ=v& zLSn&t9`es##|FldPDe)bt!|V?yH@f}EeKWstafc@(5Ny^_%iem$VQ{yCsBZ$ZUWwt zkL{PfkD?MvULTT|Hu%nIrO@*qM(xX6s0rE6G+ufak~+dxSE9R9<~dI;?;|1=w^^73 zP4U9zR0PMcRE;NS-FlK>pZkjf1kk@QAb|%XX%Ku4RJz@`vvzGOL%GXvF2C69h(n%UIU9&ij4E%8HZ z{t7twZW8-^d|3w#H?%CxvE|*zxi3{X)d5shp>oi{S7lw5q<@qzSq(|nIh8btXueTF zE-Zhn@W6F)OC}kW&M@tJ=u>R%k58fam?5TV6f7)?IX35q8J=$>X#2W6Paj=uH%UK0 z&Nj)v9=<2g+5#KCkG?PT%l5p6*a??@5$Va3Tno!Koojj<2j;3J6P^{lYTaV9cVrZ-3`<0JeSHeB2CESi8 zE|u17wveqz`s_HDJo*Alun0*OhojCZm5j5V$(tS?{B=_obX!A`+*Gw)ldPF;o$wvV zaMXA&b$g>E2Ap=g>Q-?soi(fVwZ_5TH=nuChy25J3TYVVwhbQL+I?f);^c#In9W%I zEbH<33RyMCvqQFa3*8mjx=>f!yLZt(_EDaEhseIeeyny|vlA;fd~38ko_nwZ;~*I&66=B=D)6U`f{ZA=4xn? z@{X?h0y^$0HJ|IjD;+v~NL`(M$GN)AeceYoWP4PCcO0-Hi+ z+Phv%?gr5PndfZ>sezF7c&R`9rseY3TBf>1)`-J!J~SlBoWf@nW{hwWftm$=S34-1Ci!S!2=V!E`>d z?KQS!B_N3IyNcS|>xeLsh3)!cK>A7X($%c-uerV@0?5!E{y5z|igazKCh zZWhi97v)@@CsOBp@+2-53xIu&tN5U$iuT*4D{87?-(Mh$bys@Ri5YhLlgUHkM_IcJ zqHYpwG0txRU8s2e*Zph1JyLGCsq zV8bn-z?+j_=T&{y#%te|w+|@X-*V-4g~s_FESuXHmAlIIQrW=!U$&|G5&_sue2LvPzieiO zP~RV4V*wMdLF(X$u&ENR4CH%sL57h$uDl_3s{b%YfdIW}sN@~~2v7~Cfa2&yYeAi4 zfr1yft6JBw!^PBeW1xAP>bnj23y>pC$QsE@cWkDO>@O0kStyga(JO;o!q`Xjg&jB_ zQG0u+U=%5{e9^*&YFCotW8L-~p_&zjEi)O>xq6(V25r&v*kzzDUrcSpjlKlamhif_@62mi@3!K^?jmpj1 z`x>pND>PF8VGpXxyT>jvT^k<$&TY=pP>k*5g7#Qe%_NwSu>Lx32TYM8ODTcE_bmAC&nCm? z_b87NVq-l3nPX8e4s2!^au9UhZ@w?SsJMm5}8JkFQdk%K|1~{Rq8nZVd@r z9-0|694YWTZn9t6UKj;1oc3GeCdRC+-CXR|k|x{b)WoeaAt@D(n^WsD$PSv>yYtGF zJeXdNC+#8~OixRNJ~RDe0|@3eUa2l+?}x#(&g4eS%aUrd+q z&Tv6pVrhQaA}Gu~u{@&=O8xyuj$T;4_Z=du8vu;WcI!~F<($FltuirUV%;h#A6t3z zMbV|wGjU6R-*X*w!ZH;$Z9KR-KGLoIAXoj7aHAKi+bsokwVJnnRJuiuN{HFfN0YaB zZ6>Ycy{UtY-=ST2xi6nL3SC-pSm}K*R6E6J+8XE$@DLsJrX3@`iUdWxGBHnQ~Y<;udfrj2HKyB$My&BQJmAu^d$Zb_L4x z!Gi0!IH2D#D`%SN6Rv1>R42LPU;e}EJWSl+@d9f3m`Op)nr}{=Pe47yQ*m5)Z^9om z?BAANcL0;`?h&rH2yrG|8uzkO@N!-utr*fT@)&IooPXLIR9mCaBk3IOUQLJ&W;~wQ zBeQ(8-kpSEJaB4&`8Cd)phPOYH&`o*DyqxPVregsm3vG@re}?9%*6UQP`l%3Ds+2m zV5N>qE88u*7_vB5!nyQL_~zlI$EvUbVcQ^7ENfJferf3f%D8GhF6_jhejDD~>Ggc` z6Q(Bm)jUvyQx3b_4|9a7gNdk6%>2f-$>RQN>~-ghRZtHhmB*^Pp3h3gXq+zz`W@oJZ^80s>v?)n7xwV8hxQLb>+YP8pzSIR8N;DS%`cwW*&IysD8 z8I6>UiOSBVckb0H5|?5^VwpGJzBc8i$V8Tqf?6`8W*LSgnQA9P()0ae9AzEG!6M{; z5XXfK*PGhX1$LtFW2 z(aJ9`yM?I%<7wgP^mcx{k>_rxlS3@7T&d05UWJ1cWFNbQyUm`rwASOB6ltg)njB;A z;)Lrwt}N_w=Z?>?N&A2ko`uIQdsu}PAEbx4K)erEdMm!pAqh*kOgW3#OYaWH*2Kmf zUvMl7+J`_^B6JG&1_gvHJ6cI{sC}>v&5J!*0+F_e9kIw(zI=HRPGmzW<1!qmzKncS zGT)HC_SU=fcolynhC%M4V}HxH(q=+tWMl}=A}3u`<0Pw0?15UB#Kc6P01YUCu*|dv z8@dA^CPg;5O@lv?$H89KiF1!#rYK_sVgbs&tLcDEk)3h?w;{I8FEo`vCEmCBv9DbV z>le1fkQ#Vc8RgawQ3opH68PZV#Xpzr*1gJbo1aqF95!oOjH3na4ORH~_P$0E4L3zr zxq1SA`jyH1>D8YF4VJVt6TFUS9Cv@!&(@#>gk8ZlmyYgt*j29;AF{FIdR(Q)$l9li zK$GK8k}=`gQR3#1<9|j?Z0D#5zmqZ(43XZ;3rVn`F!-4VI8&*HRqo^#G~LLSHC4`g zK+)hKV2rsemS0|w{AqQqBhATG5!%G`K<6se=YlF!&9CkPaEtv!?=kh_Vd_dC3uuT_ zP_^VHBIOWW?Bq`8@Y#vav9b_s2b+jLKqN;W5A*;b zPmE7yTF=;CMk|b_&%A|;8|vvrjYso50>U{R8Ro8vEAKu%%F6=%M)caRLz&5A1G;R1 z89tFA>MKTLl^z{k4lzatEU`upV4M4Z1J+}mP5M}uH82N|*4N099;3c4Ub>HpLm7o+ zzQAZ6`Ta?}|5>X28%qx^o;QQ$uVr)jtMUULb#1Sj@>hi9(Ibv@AjqW^2k7c|%Xc8X zG$*}H{=;Mb{a^Jn_n55QZiw3)l1k3IdlGJKpEu>_Fx3_KmZ$rxq0bZjWxEUn z!1vGCW-ZhKp<9RDCB~Ji;~$hpdK4H@x8Y6U#6ff%L)32t)%#h2_1W=(3>YhP96GA_ z*AYNDX;yW$xHW`d=GPs^Km535PgviqO*jH3^6syAzr4PD=mnumzpRD-fo3xs7-9C9 z`1R8Ut{M&O2i>2e`sjZn-G95noVpVr_=?NQw_i>O{NJ1YMdkl@djBM)|D(PClC}T; zrwEM>8RSsifzzms-4^SeUymIF09~&0&O$#p9BQXSWn{s z1AY%w@|xJp;rT$w!d?o{s^AQR=k9X3!VjsgY{6g8ZJpd_*<(M|7;AKf8K}#;H%ozP zVIWKlh8~9E25U``uPZ7@T!0bh&Mq#+%=54egJ^4Xf6B!hzkx_Hh_BCTDJ2X}s&nfV zGI7=UYzI22YruiN2q&o22tPMvQ+M&-&;fn~ZjF&R2r+T6eeG80UB0by(=a-L=T^HZ zo`jdc&^4UTifp(8=%MZjOqrNh*kicVU*Y)3%-6RBD7fAP;0C!k^~iL#-=GTH@w56Y zEG*dP=TC_0J>ibQ>*F zIGS5m-q=Vm7v$6p{fisCTIq%W)J^$pZO{q9C{6-br(^DAE&Cg4pGiZA=;ZNIT{SnG559f&Xf}P7 zB4`t%+wul$1^-d+GPyR?Lw@HOXy`r7ucu8;Ebb1?)C&O+WhKZt>;AkU*hnVr33lZ` z;viplV3fiS@eDj*rujQd9i$^Fwz2O9;3Z5K!sw7rVGr-Bv<(6_tMqK>Ep$59-hy_iwwx3^nWX3Z6Mvt|7^`!wYYC%m3h{jsRGz9&ETY3ktKjhs*acs)8)YAWa6Vi$sX{QpZ8|I11{`QUej2sXEvnToxF9x#qe+)zEMJ^8|EzGbRM zyQL_7b455ekt4%CccX=qpZSZ0e32{W;%Tu#e2VnY(C43T3=BOx?{5+9y?lI>(J3O& z&aatB_Q48F+{5*_H& z=Ob^-hLpsh?(sY+H*08QQ3g8G@$h(emVG$qPW3Fuf3DT?U-v zsLmX02s6|6OmE-@2ES--C!slW3WP#q<-FkfqWN>|^Y8eWokX+b4OMzW#ehqi+#f;k zhO|tB@dnX5r|lo6&(tZz^Q4+~sxee5>8C(pK(jU!|PUC@rWxcQ_S#8hdEOp10^s zL@UNbMn^{{B#Z##1@nOEImX=a{BV;eqt^4A6hO5=bY~gVYc2cTBqXV3^ln$Y;wkq4 zEaOc~A_$X%u;lH1WYzuTfY%j6KzD2V(KnXn)M(~Y zBtmMUbfUu(h*vPdLX`#stL^y0?h?bL&j5@>upZ)a&SRz4jns~sCa@-S8bQ9LMVv;I z`0H;#p+bU6rElnZ}I5SHIG-Aa*`vr zWT~^#gRJgCs~ZbXrPc<7~)F<8zC~ zo%PfFg^y_!N#5y3aXl#&Ae7oCW5$zdPK`UHBF-wuaM_LLIc;)4O9j*($4o=HbMFrU zdlX_p0>n;{&W9gfle`2_}G9B{uNa5 zv&bo(#xie+nNReu0`<&UH!Y@UHT0&=RIz!RsUHi;yOQGmxVQB~ZK8YP(3^k#g&(&T zQ-!>bd6!Yl^}LM(3v76q{pelM4uk3(yy1dZ7+81Uo%ZLiUvpKEEMHmNe6alrr^x&I z8E%d0XZm#Y@A~Gy^;x$Fi^N?~3E}OxWZ8pgn_Kc~U$H+`SQJRBx#Ml8D}lEgXabP+ zlj?(y6JHb<6NMerD&orCcjy=e^l@`K1JzXLPS^T)LYu5fZ ziHbZ5YqrNVq|eJ0zI^wRsmFVTrN`z{ZpMf44M~&FW))RWcz#@p-K{$IXrIvQeb+hSnIXWQ;Z$u4*C`c_BF zrOqMmHlDUV(kGd7MimsNKHys6?K77ji$3v*GcwA-lvKrMdL1slF)~_dAU}Qlz|BZ$ zziwp^87Ha~(ZszKxR|$?h=%Mj{b{t!KmYuChv|&sWo4){ds=MFz3vNVPF+PF%Tv$I zhz#tVkF&N7EF*UMHyL;uS6%;Z2>1K*&SxV;OceKezwjXk;&0Scvo@rhJ{wZw$=Mh= zUKb159vFGb+ZYV=OQ-AK4Sl=9`5~bQ>L`>JOGMj!_HR~t@2S(tN*^NI7@p`3Jou*H zS@u0?{-4|Z^CE64PQavl)chkY?nFM~4SuA|cIy7GmES(2oEAGw^cc!bS1L(oYe8Jl zNTOtO`j@3sna=n~Ycb~N9BxJvnhd39UOi!`_Y zX0<}BPfhfC8ZCqbDZTz~c#7xQTd!FZp&iWp#;rr{oGUJ4GDaYlzkC18l_?@N@OLeW z0wWPrLr2o3^uK%Vz-8c@C^F~_=#Dk0%m4c6#P@ep1{{06>UAdTE!GA;uHXKtbn;76 zqj2DrgCC`Jbo$yI>cp-;cm1;Z$pfg&Gc7R{{qwB?Z-c9);$GfnUGe-{jMJ$>59gd= zk5W4G5T3bSKhHZ7PwdzS1)@U)8nBO#tEW0*Y9kJ8dor%5(gIyg`7$7I-e?D_z%J#lM{ zj{O^|p@80C>Ro^3Xg)oggoMvxc{5j{EKah9!D~*2n6~%oDLgZAf#^uWYw=fUJ&%!d9H`y=;jlrl_K?+tol1s?0nwlCe*Za6dDGCC=x=Dbg$MUFzPZI|AOv206 z`+46bw;bMAfq`|qJvYJHRqpvhMkxr=;EF=`F@ooYZ$A%Vv_u``FrN33t$zBH$q{#m zfulF8q{Tm9pUQPx5X!lI7c5YhfpxHGk9Z}AE%rUEgz8H*-ZxZA=~EV+7;>4_iIoi^ zZPO*KOWf`_V62O!gG`d^n6l?Rsepke^Syc_Al%hHpg3ACGmDuqTR+)c+}>G(oAM(X6`Bv?C*JJ!o^V5bim(ZjGZGn;nqxb*hA_)@g( z5%9PrG7=K)NNVxt*A$Wc(Ut;#Vg2&lvv>2yb&QlR#)@};`0$}Mnv>S`gSebe6QV(X z^0VED$5qe!Y$~?v%xnDxW6OlumCTNK5NN1Ab-jYpNUiG|6)<*E#wS-iQPKtSbfRuJ zpM+8Hpb0mQn9>lzqqHu{Kzx zv@Lu;i#7JZp*F9&&>4&OUa1&KjhhO?V;=Dfdq4uOamE~Exs>aH;Wrg9b+^9A_(Z-p59PGiL?T?;hREAa&s!)4YICI@<8Y6^-P zfNzIQDx9Y;j7e!EIlH=Ut~%-l-Mqr`JyUu1Ml)%f@keeApoHVYhuLBCu}Z!Y+e;&iFXpv?u5AWr*pEfqXS%%ezCXXTd{#JXPFg%% zBtV>_-#gL2NtyZn6bi6EbNK?zmmS|Db3ZPr+%a?md*n@vhwz^92qrBEq(520n`N8D z+MfhJ;4oAi_$ouisEwnDHxu0eHhBS!K0Nu5bLmu2eAHFE0QKt=SmQiN_G zFuP%8uwuV4kQi-)g^iSc`ONv0$;iQdST?) z=x|Jt@26#ouTFonLQ`zvu;~pp8%i2}i#~@sU~2iY_>x9rxVDj}W~*|{!Pd_t@#3)K zD)%*Z5U1`zW&|XRUP{uWaniCYNt-*9iIVVRUq4CIT_d``@-S05wq~{G=D8*4nKQVq zJ&6AV-dSDpFtJ}=tz~5}J#1R?ks`ZM(Tle*NRI!({wsp{htU1)MGceXkAs6j3Srvm z^pfQY#|g}Jr4jE4fYp(6L2GyJ^UiBBS_CSbZd8FyZM@hVS*vxoZuh|S&{+OZzxB_u zj_IXz-5J>{j|w3PXL-$RNZNyr%*u!^gin!d7fmvN9fWO!?vZC#NWI9$4Ua>McsE{t zWh4X#2g7Z9rc@Kks8klW2C~FOZ}ZZyT2dZuH&?Cr-19T{Q69QvLl6Qw=l5xHOxJk% z*s8*6kAEoaDV6K7*EPs`*!9Vn;3rAxesAdFVyRf{LKPu4?Fj9o$>jsSrn{Nl55kk$-2C0 zNRwc?oTx`j7+mW}|KhsDbl`cX1RW%Gt8*Na>>dAQs0bhUo%~Sl3i5TK1n9&*Tln(fdvo5op1H|on zlDthBs4mo#d>F+c`{j1Uo@4|yzgJX-Hw+l2i-hh2Ev0foWheu{LmYvtZ{Bp9Hqn|% z12)n&Fm4*e0Pk($CcN+QJGT-p*s}|OvIVJR@GSPi&-$1N1h(WCO~R&N=<-k%%5+xD zyyEO6=lIi(_YQTvmU*pKd@14S43{ro)?`-xLo=m_W2^XSz{i{mGsLrl2RXseB#i^tPOL&s6p%VtCr@Y`_I6v(>PR!|a}4fa#(UkeHMJ#&3qxx>!A< z4|Dj#9TJ@-j2$jncRWTn=7srN8>F_@V2KAxrU{`_3mB~WDbk=w^Ct>YeB(@};Lg^L z(3Ja%#Z6%4D}N=jKhDNny2-I=$@k`N5$Y3Jhybam;(dIr44IOAUi@qDGh>*5@|CaG z2$3(bpG}*nft_uh7%iSdM&oP!SsbXJQv0L9gq!O5Mlc3C(VtykZ`H^a$kBwLStJF2 zbT@B>3rw4?=eEoknl`Hogz71w_M{Hi`+B=_m-i^lhA&Vfdz>5magqmf+CH&6+ zMRF0t3Xah($;rw1!{@n?=*Lw%i@jAVFUcei%w{{sIO08ltdCTz@mPqVO?Q@?vWqG) zT*v_wG(>fw{r%+HOfEdTa?0`u{Av5(WrY6c3ncO(bUe8s(2&K^&E2VNbnzln zRt$Ueg>|)Kmo7<`m40L`6q06pkr(NJAfL+P>R|^JFT}vCJ!RTn_Jw6_C2fuEKxHD7 zSTv9qqCgPyXnn~KHVnf%JmxHkrmb}}8ma)VaT9eco(sbnHx#&3IdBwdzP5Pj#3>n7Rkafroqi{~A)+u)0qo;shs^YsP z%u4&%++<{KBsQw}eBkC836Ndnr#j?=j0OM4O+~z(6vjlGcd1xBkpOe><(*KN*R5Oj z?sMu{Cf5opk(OkKY6=lKUURGD)~uISs`vfk%f8^uk~AqSV*s<(H#P+@CZmP3ea~NJ zQVw}^b2`tjOjvnN{p?Ga-rEd%;pdO(VMLSJtXrtsBPn2@rq%ZTO3mSyDMgNZY`m+C zQofB(=_X}8Yn!^&TI9hMC4dv`OL(u3NdIzJ3L-6~QM8D@fX{>67cmGBB*@nMC^m=N zWNT?@ft7Mv^nAMSnmaBDwNBW*0A}L$??jgX#cDmg7nzdR7pH8h+wr0FRT(vB2eP=O z5@9V(8Hq^U*y*um8VGIO7ufYv=Hx4{KKiLftsf5U%Vh~B!U-x?$ zcy!hOF=24v`^AgOeG5q#+-S9RzU@(gA#|OFMf$Ee@=GmO1$}^^5NI=-Os~aF7e(-1 zCd1i1sUu)>Q90ImH8kB3V?~u73mnuj*9W`^xh=TP18Bq}^MU6S=Oh0>Rl~-sJ^A0d zC|%QXgPU#M%MEYRN*{=MJSoK)qjW;fcTmF%p92s*6S<0qwLTa7hSa6@G$7O;?hd1} zeQqa=wHf@p&KmMI1WdBd`S_*B?6&H4ol&%D$(3!T$)y2*?8eMt9>HD@qx91kr?UTZ z;wVusXFCpL6S_7`(o|B@Kl&vF=tC5_J^XgaWd;@q1Y?jRy){fdtsy*hr>1MLkgaFF3fCAHcO_k1FVcAW47`9CBB+RY+XCT46^FT$4w}F@45kCt+i( zoh2BKE3(t>Vi+UZ-kj$TzQqmc=u8qrwf1v74z)e@^`WPyKRh^KpypR1@jiO8e5aW3 z^|INgOO%wB){~Qy-0YtaMRAQshn{OV%4B#J(D}Sak7s9;U)^nKSZ-hb(M;Z5SoFw% zjnwA%fc0-?X8OH5elk0`it$fEH!CbtV#J|wAM4;iT*!*(wia=&lI!kjxHR?bT({}E z`pw~&#ij;X$Z^ zG=!@Bv+599P+x00Bg5^t*?=1(A|l6OE{llcuRWT?7-MXWb{aRjT5ZM~8e(tp?kP`0 zloASUP_;GzRL6Y^G(f9-N$y70wbD~oW;gl$4lLhv2jp2sRfu?1O zNW-lzK2PN*&M>jjaB-oPfW3k_u4;60&K1Y!Lci!Tyh0+8 zw>lzo98gH&W+mFUer*oH_#BG&mNws|;Z_a~LNK%CO!KeW-0OQl+!IQBnRdI9(=r?y zpdQYm5JJcL_A4KBtkR94r^xuKU^Q_7Ck@@Zk(rKu^vWwBgjPR9-p#r7UI32HhfcGc$JnG`)?#2!pA2S>bk@oR&mjD`piIi_IkNeV0T_qW zu?#0>kS|csrQ?aQS3(pUYYyasndgXiMqMyUlYopuo;MM)8&9Jd_3ruu3<*>^I*Opm zClzxoHwMe?%~rP-_}pzB`=o6|wGDOaOj(zNhtOcRKusms z6c7(tC453`r51%fKG;Cn+ZPO9zpS(}p-W3Sx|mh$wZ5cs@|!qTrJ! zhzc8uKq7+}I2$UiCx}jG(i*e&PJ!v@ zH+pJEfRI5*e)?pBu+6##bYle^TPZ2ugS$Qv$T*&UQE=A#AQ~lj0@U1W%G?by z-WJQEj5Wb>fOUpcWNrn6EhQvWxp)zsX!G<3p4!GFMrhc$ZC53Fox8r5?6H5_fN+DPGZIFzNOjFH!nue=1p?KGa z5JwqvT+_H4H4XBz^KsOA)>fS8muHF~p}57spiz?Ls~3>Xnr-IP-&b17uD!8cJTQzh zs)5uNt9+(Rfpa;DA2KzW`*2lOr=-;Seevdg@-f8as_Q7%R@#3b?Sv3CT;9vJo>sL?GQ3`aKCPEv&PUY&E;w z6scp%=pqiMO1~Y_51H!b+WGs8R9?tu?qGxtjuH7<8_gc$aV2~!T@CpMKL zBFFdjbwaOuuCtRfcC4UFZwZUct{xaGlsPw~YBfd}jjh=lQ;pdg_B%crscB4t zmdwprQ7Fd5!@wJ5{CpyzkiFF$a*0ZhNaV_RiSD*=Pgo%k-SQai_5^|%7L{$e_4ROU zzgBZtiblw^o%?0wew48~_OX_A%6LuRr`qqUP@N~n`h)AMKga-0)uTyK={nEVFxb~8 zFxj2QX)P`Z`s>!D*>5meV<8N46BjQ4KO$U~xIgE6_-U_rF^C131GDqpGY2f)y4>N} zYQv@Eojcx2O7BE7DMURM2dj1rFGLGIzgO|GSUWnVkcytZ7vsSAwgs^GSD!GY-DPdAsPF6ASWa8#(~`Li_`_y!*ym*_$5bHZi!SzU zMwZzb*hC9$&AvQyh|U04w2H0xq!zGjA#62-ukShlwiUXS+W?bWqM9&c>zH+CLMvwa z#s$)91(2}kdei~!%UDe80nhwEESTipDW1@!(W_^C7LkgROqdvG=~Az6IE(+NpQuY$U||^8^cl@ACU4NcnV@~)U>ljqI=RikWTf0MO;*^}QhSqtNYJ`zi zmQm{ryXJlFvYch4F;0>|AFku$8#vPukI*j0<3ASN@I7?<;TI4D7|EVg0?&+Hqg*sR3+bbnA5?ZW5*v*tz!q8{n`Vqs}#dr68ZGInkW$hQ`n-HQ%n4*@XR z0qBMPHq{oUloy0RJP+@o!NT?k+79^|n5`Su*yw!g`Cy6Vin`P>0>9;v!I5ud)mfzk&s(9JD*S~O$o&LV{`%_fk0=X1jEoT4=KR8!@GEns<+#_`vwJ@rXhC^t5Ev$hx=jR)*K&@h+% zzJc*l$fB}g83hcA9?4hKu^>8|So85R^ zos-LGJ@(xjBeA%RY~PeL^R}Z-#kKb#(F8~(-B5*8C-BVJKPD6yeGrw(G({Y^i1SXYGY_?j6PwFTfYF@@A^TG`mSE3+sJm9C z6=a)Q3MAK{0TUC-K7{dJq{s1y*m!rjwX%o~eejbH8H3@>uNSJ6pAS7<;XBknOd5Za z;j5CrxVV_XVb06d!c7W95Kl9v{H}A#CKO}O!dr`s zon%o~Psz!apX<%momPtOGkMGTjdqXt))5ailFy~3<8WyQNCtq+7w)++Uzc9Qp-@~O z^fC5H+S$%Aw?349t@7G(7%l%nAW2v^umH!{X%MHL1a{XC-Dd^>j6(KnG(@JX;@EzB zXV}V_a%WU5M}rwip|1g1u>L0oN(v&(CjBT#vj?-_UAoa%3$BpvC+TtDm-p_el5>J6lU#V*f$+g2ic z9RC=k5CbF~&*x>SdCrgRNcJV-ypNgpXg=EHMuyOUM$3GH++l-ny6MGAk9TmU5q(zQ z^~Cakj1D5UV|iN4Vl&5M+_%KEc?6uH`Rd}hkRGV_%603~yYlpaAtDZV7mB>p3Pwb+ zO9{_R3+7@q=WwX7hKZ)29*?;~%?n%C7wLr^Uqbc{T-3wpqG?f)hS}rr<4L|`^U_O& z{i#6a3}53B;B>`Xc<#ur*z6@9WWPu?bY6v?=4Kv?_5D0LC4@Z-98OUL6jtQuEaR$5 zfV^N+$Z0O0(z`!6^M}7j;=9um$^vWJ6(4FwBBCnd((|J*f|ayCemB z>$lZ`2!PvKTHqC>hjCDGosNTSPh6Fep`hFP&5=ec zV17TyDQf+6-mxy>|8e%!aZz<$+lr#niU?Aobfa{qN;fmWkV?1GHH3f&0@9t*GYs90 zNOug~-AFfl$2*>q`+lG2<1c)PvZOghq{-6vKh8kTtJ25>(pH_Tk6 zOev|)_T+6!l))8H^>v2^mOWYjHc+MgCM!U|=t>JTWh)qxZ+pf0xLpSP9)L?1)QO9u zh);HWN5}GfHa`-65@M@we7+F@bx zvjh*h_46yz@8-~&@Nc3$+(n5V8>R59aCuG0m2pk9O#9#`yCJq^VP+T2V*5>Os5yB&|U>IM!(EB zu3QTTi#kX3f&GCmLic4j$aqR@+qV0)kXawhXW8ASj-1N?bP-krn^_5#X5wIGW`=1$ z3a}DMP(oEtum!*&AZP_4G08ZA|DDV}#gdH9j&1u@YhPV#s2ASL(pH-5F1)|0BaNS( zV_-Jv2IOB<(vJ0$!%VykQHjSRj(!i;xd=M8AHc`=Lck+`_5vu*Pri!ib;#DKOBCE- zCag3Se-33sXd;}Ebx}-UEd6h|>e}VHwP~|!#C4Zr;Q)8X^nM9JBLJZN=;#qDSTI== zPratNe9ncs`x#?(o}a!yR7WqcdvX#w^<`Q*HdXMDDpMbI2(_*|3YDeAaL6A@$j<`Z z?-3zD8;s4?c)pS@RNc^rSmaZ9pw(qIGF#bYGS?dEpG4x$-PjIlFe~4E`Zd=9a@i`tNohDbX;kf}|Dg55;^C3P?CR@l zn9{B-WT?=xOw3Z#x|pCAVk;_SWo7-)IKO}&JBZLX<09V+S@rSp(W!ME?dg&KYIo9v zFn_lcDNhIdv9rs#0r4Jq3L2H8Ghd7Ah6S7@1L7@BkmM1&rLF=61D9qk$>QcFQ-h|L zGFT`)#@E|h3Y^szL*Q5ekjQ@g_~iZFdv`bB;#{V*Y;MzR45-;B8nm}ssq`(GTZcxf z201%!R2~o)AL9DC9mdccK;`4PM{A6>UhCC39{`{=BM&hF0oj8G5AG`r$msJkFffpl zv+`2EzRXqK%~QerqAg_cYpGV(3ne5Z%EA;pTd>NS1bb9N*`E0}Qk5dAB1M`fj<~v$ znXs<|#i?XO)!aNMtpLC|+w}E&{0s6>mX$~Da6LX9Kmn`fYKE9gI5}xFWnpDJo7F)J zma@;jErBIRNM@P_;18jnO`hvIJ6GNgn}3L_8K1B>!1<)N9B9ditBHk!bF_O1(?-O` ze2O0`)Aq_RrJ9r`=#eroHH9cB1e=$ofpxT026I zpfcf~U0GQ6-ML zn#NM*jJ?f;^+&0U<>Ykk2gpcj*u5{^uT^mXDz&Vp6m3#Z_v=0DMSoJ9{9XZ_Nz_IX4S_|x?O9?5#!Dg4 z`eo37Or?rFpq@qY@;!_qgz&M=R&O@eLiB15B7h7b`QXRlA!||rM9I?I>6c6a_?lL^ zxv{S=C9N~^*RTJOGL>jDP=?6KF;_1yemUXSK*`2hq`!M7g5;O`{c%C$y^+z;ljGx7 zXLuxg2G%u^$8SIMph5{+B9>grJh@Zq3Z}NQ>Ve!VJ^vI(|ltmg#IF_d&IfBV%I{yMjRTSiYMD&c<9Z0Gn1 z%>Pvd0Siru7+bP=1OCey{lyo;*}%zx5)}bC%WLBOzZ2-~`}wjz>3Vw=&l&#LHA+@N z0APU3|cPLxYBs3M-3 zApK$g`#|yHJZkLn!lR>UZ$Y^906cOX0dXh|xQ1f3GFSN&iuve`zoUd zSsiC4$lRZBS%%vAB44kMFXzU+VAT8HE%=1_O$Hi75KtL6Jnw1en4Nt9j<3uqpa=Z- z445P`<^OAd?UHa-6Gwj40O;#QJ7(WCzEIedmc}{t%#N1}Ok_oy#I%#M$ z3+j%?*xfm#UtZUH;}ZK<78e!$drQWq<|FG>ne)Zog*0#5X>?1sh)JTdJ+uDWYEt50 zf>!Zcw=F|FBErD#f`vMk`e!3FaiE;=X;M;boK5a!29sx2zA_{BXFkRQc)* z!Ffr0^Hwx+NpSU=_Ou;}96|0|*DGN?6J9xPM5S?a83KK|!M_vbZ~X%(cJ2-(916ZgAB`v5%)Jw!`eoZv8gD zqq{pz=6dKUD;ry8^@-#ZRNI~H=;sT#wK~?#$+0v#}LX_R|J7QZQ@0*k+@nJ3-)NG&LhD5=WVe+h9M6$x zSwzs;x9_q<`qx4Y;Hr7kurYmo!`ClgLw6S)E}W;G9Fn$Ri6|&#QuV;LEnDL(XTD}^ zfG%UV#JgR!ei8usd7z~Y4n{q8~8xAwPktXJQ*`Q@KHKc z(`DnkiHnO1;O~yw)v>iZ@Yb!y7F_~0|+(`7ICSt(D_S2sx$HZd%*@dBNA$$%a?m14e#HhZM*Gv@#P6+8sd@QW<+R|nXkECkmo2(e>D+9Dxr6% z<_@!hwX`(HN-eVQ_Mw&2&1)Z_ntW4l5J~5f?-{d=b)uJgWArsn_ zTzuMVHZB=R%28fVn5$kVJLc#V>7*yMWsR7uvLC5A>YYd;kh}<8G}Cr96!rA#z2O;0 zue+EAk~bPYE)H*;P3fWsw_8nFgXKVbyKQ+l53UPi%A|A;v(tA7C4DMSD|>4;FJjpl zG+OlYq@TUvvnR_hDk8SEB11F`k-7kTD2~JO>GuBJCjw5~KaLl(jO(mxal;VWh{84z z^c;S--Oj`d@vmR?s%!WS*mCY1m@W@f(er|H9e4LD0Dw&0Fxh1|$N*Yh+$=&MX1~p6 zd*~WWVrXD+QLsQpr*fFryK^{n68KsGP&@^8&myB9NPhts0f}T!{Uv9+df=HPBoO)mmF&!>4 zNLe$aAX>%x2Bwf$#z*;%qiYxhELv3)>XL>QgUQ_s;^JEHf)#nRhjnK=`@y~Mkj_1| zja_-uxY7xy&>erQI0u-RWQKF=S5$P`pRC7o9jdhc@9BdV!fGN)Cig#G+bOPCo zTNss^Pb=41GD%W`B6fM9aC}+UY5`CnxV5_*At5QLn5jPtqN}P}q)LG)-|^vCFOvxL zX2-JDPv0$xq9$fvy6>q$1*knT+hKyrVRvBmf?)pbUKN$P9*7lO5_wXRa^3z+K1Ln- zxJ5Vi3g>l_zf2(0w$dkr-67e%&eqQGjyBOuLc*9rR?l#%#)C4Ut0&g(?j4ys2W5Mp zW*BBfObpeTDJieD%#c0Dby*g2^v-D`-{tcwyVpf>Jh2b+dInT4bx&5DpN6No`sg4=n0_Mp_k@`)k{UlD} z6yS|dpX$bXqZ{a}5)cRp>8J;(;L1}0M;8uR+0Z3K@{`drvlBWxP%0|m9YOK~P!khT|tI8)t)7_=;jvT2P zHx{~>fI&y+Nc95K`MMVQrlzLhEO5F-+)@|OFxRIK&CSiy9j_18(=v@VMjck_XHyHM z;OwqI(1M7J&denuaQPbi5ayazRQ87pXi^&{`RP>klhK68p5T8u8wu{@$T z0c5468K227lwF;ar^){8+0G_TUF0A#P{SSxf7ts~okH5M&~!5rc)_f+v^vj>PiAvf zWu?SP=O~7bOcES5_P}dn)cqy4ft`2HRMJ;O$U7=#x3w$5i2D7B6Zh)g z9?6EHfR=R@q1oA4W&`ykyEToZjP&%5xIYk@-jOFiif>Ds$**9T!KM8?}AI_PL& zd0@gvq*YhFb=}=^R&q}5E#uN9GSc!D#)J> z{AK-Rq-MnD>%y;*WZ{=mG9gAF@7ge$fI(L9;#XWY=waLYv2Qmt95zbc5mg;N362cH z#_kb#0dCST8-~3&uB~mRFjgG%AOZo!k16d$dBMXUsbBc_=hz+wj4OLx6Gj5SM=8bq zN3ogkjOH{W;YLVdt)Fy;*B^Fe5e-L^hE4*4LuY~<%&#TAKG)`I45)Kgsu^J%HPD0Zm zCH?^GR>)~l`*kqoaM@H+WN>s^AT?9T&LYU237?+fo0JOxUz$ASu&TXEw|(JcLjQnP z?&f-4F|Wl~0Ko6`^?9}6Kzw=m==5+^z@@W|;0P(3;lPN+)@gP*g5jM2$5uIl14p zwKBMM)O3}ln`LBFfv&?QbR$kj6sPeEG6ASAzqsGwsVJQPy}E z*2KwYy6o)fp0mw1ztnW?NF9(7aAJ4LaZz%*a0=2Tp47ujhDSmWmH(rst}E{l_Bt6T z<39YED5(x)ut16j&uyua4ty*2s0v&u38{Iz~OBc8tqr z4=F^ zHP0%8h2>b!X{Iksi2|M_N5ZA)F2!n0R=HD z*{Tr*u>;4eJ1o_wo{R_1yMyY8n?er&`vc$vS{2raiO%2AlZ0ulgnvO#IE2WrNlrX9 z$Q7oLnXQuWMJ-v%l-LT4`RF`$=Jk0hA%lnTfB;N!aq&?J>2aJ6-T25Z>(T+GD$AHo zcRPF50J>=)wuysx^e>v>hFOb_IU!R71YA`G0hH8X_ zfiLK_%9O(@3H;D&_fCu0md~wEJ5k#NB8>Haq(47l)~UGML8BlVtYSu$+Z6}3oTC@& z!Xn*ZL=r51pp1+d?KM!WV=+baP+q86hqRhOBm#&5xUFjp<7^00zW#EfqbrThwmav)H)P=K&%==s7#)}WtodB zB4~5@RfKJHg}zTkDQ74r)ZOPM)TLDwUjsTn$)cn@AeU65`y9phx)>O!mnoxY-BHon znUCr0-1ycF1F5?A6m~DUNH!a-N6IcTbVXj)7$V1*ltv1n@>f%noeqOZ0=5g$B<;Kz zWOaLmj8K>yDylE6u=Xiot`L(ZJqO^;lyzJu^grZK_AzVjmlcOhem!s3DjP@cgc+r2 ze@hE3fMKoA&p#q1CC10kCS7w+Vj@>aUopA{|s!1DoL$qi?9)X@AidBFZ$FAueO!r-0CH03!gUr*q+lD9|p zy5*F@Vk1lSPl%v;Z9z!R3YgNUj*dJbV03=woDN6vk2vHKx+Ukjw^I`kY6TyL>IZm? zN@g2povt9d6N-EqT@2Hp*uW}<>mmlAp4ex%mAkU0krjk9xT4)sWSUZG99Z%QLq8L- z5FQ?3#tGQgib3g5U{oIrlD))Bfnv_-&e*#59l87a0ma3(ghof&jkNi3ab}L+4cf#K zIBlj*l66-jf}{6)Vr5(87H$`wGeoKmo2unSf-l`J$x_}t@WGOSzo)$(EB3HM{V0gc zcQq&z4Rkt+=Dmqkv$u|mi~p>OGl3s!IqGjmr>ZO`AJ2PsnaNgisKr;-k(b&Abn#o0 zuBpxyx*Bd`%?YQfKi+B?(0e%Av`{2(5?P48O!0F3&c8K_X(_? z82~})^Rck5!*eZP)=xGZ#JtA2*zVm}=!^&5L_aUywRqr6hL5@Q{BH7 z{UY_X5WgnktLbj!LQZi=XlO9MdZ!M`RMilkGhQyKtOI>4OZ!(|{GAggufWu%e zDva+sUEq^Du3>NN%SK~NR%cdpcg+#8$SvYt>2D=#IjO1hGiRq9R$~fCHKmnNMA%D1 zDl`y>{kwOM`AqXE%3o6^^G+ztztWQmPcRRGr7dBX1bOK1-GW9;cSN*o*qgdPw8 za-jSL1YTZ(f?RW!OPDN>+KfMV+2wwUi4%QnDP2{4BgJnC@QM6_Z_=u70U+(!nTqRC&9>FD9WKi`>b<+QHC9n0qKEyUoC?LMVwRdE zDLmA&ur^JlvWoYSDJ<$+YCH*P0?A?$=Yr6K!^7PO_m=WQGPINJR-}Bly8>%bp*~;5 z%nxqDI>|{XpGx$=YtYtrgsdC5Ws3Ucy2 z_t3HZ0&C_L7uETaD+RmFdX-8?Lnj;PfmC4$5E@d zWHJreP&y2!a8@_(SPI^w#z1 zi7`s|p`4egEwNh7y64J65x?0Gx)*+gZEnnhi&`C=M+lA4t{!>?T&9Q(Br%y3>xn+v zP3h+M*4E*gAZbYZTezLsaB&)y#dVhHH+(8yYvW8vv#RG4#FLNQtLMA84;4+5(eY{3 z=}8rb>GHCUfCECgBU7b&SiCl}jB8p+^s|Kq7u$4(vC(26bdO~d{$|k*iXoN(!$7_5 z|MMj4-1{Z^|6EFdqvD76F2Bf1IXA^sdSN4m{a5(nr-2IB1}HIAO9>3EW&2a)4j+Z- z@bX!Fj=nSfRq^K62mP5jk3<7Sdd@@PXzX7fr7(sXpO64>^fWa!rOpDa-T(SFPv0eY z%-e~R{KH`W>rdZ>p$fX5rN_CVeiZ+kI+q5XZaPTAmA>;YB97~Y^YezZ20u9!g?HOG zuYLYs*!16qSV{|UDwqTxEqVXBBLD3z!dZWEDn@TD+W+;y{-PwS@sm@5pM-AnzjG>L zesU@{Jgxcub%FnGf`9(bgXt%y;=`ue#6^FtVq}Tb6zx%8n|0k!SDf3(W z|GGw=O4LB5o6aS9;u^*L`}yjAMhPnAru(Nv!+AaT!^;B(xldvuVzy>A2HKDsRZVOS zXiqGIE*CXR8uLMB9n*cl@ljbm%}4gxW$qE@&!>3#Y3h_AHE^$@Dld3dD%>{}t|8a( ziZ47iejBOW-+cZw{?*@T^S>-h4mqG>pvQ#&VEVN_YHgR0l?@2sE_%W7jC?r`FCo&A zhl%Gk4qmUlOyE#zajf@3z;PO8L~$%GequsQx|Ml`EBj%5Oc8#fb$-#2{UIY9s>KhD zw{90?PORV5(^ZFO$EuK#ka*-%gc?#cM5fq_xns#Qm({%$G1z(0DXQK>%V zWja){b~LtrX)N_pLdsF!)YjhqFtaNYxMrNMvfN1(OQ?dHj+3^IxKl>Hds}5^*vQc6 zRi<``m0Q%I-46Zw#^UnY{PxoNHYE2eJP*%R%UadHE05sXTF{?*`p<3X;VFDm5{`{+ zuTDtCVFIGIdRO*Omfb7-?hckkebiFNik_iObsar zN9_Zz*cCwViGDak!+c{r$5j#V74ViRH9Qae!)7O>SPRN_y-WGU40zxI{5j;5;032N zR~E=?OroJ7F&>TB2~XzMZyAy&E=4d2Ns{9;=AHA1G>rGzA(Da98w(4YU%M{V&Q~|1 zj$$gpz6Vf76t8W}8f6%Oo&9;&XP3%Pg!Ml=3qk_rKO3%vGZC;BvU!D(FTj)10AS$J z(JoSe9=w;OHrZGgD~>9uhvZ8B3(DSqEZ~)aCrT(7Xk9=;y1~XOtvv;k(V)K4aVwtS z`@_=X(FTV^C%&VnzSOt+-OugRzGB3T#)$a6*#$YwF3l*_1h~r)!K=~=mMDvyxtEw;}x&9vvmM13cH1~F3&$ftDAlUJ2&W=dxB)3 zOrbZ;mYPbsTZK~=QUF~7f+ZWIpjYV_Ee+{vmr-U4#85X`>Lw~F@nmaL@oxlTU2c}8fwS#Uy^{(sdP=OGt)fVA@I=h*cd7@jZW>7vND_eGKcVR zWV|ijpPc3&(~l(N+c43paZjx@TSFM0T{Rn|>HEKGtUA}?x4DY?qAE5m(GdzxE!C;q ztSBWikUfGe$+7@1Z@a_%#0@6%Ovp1}qf_}k!6KaFhplzqGAK3INDjr!q6e0X-F;%0 zc3m;-R}(7r)gxUJZfzBcxwc@uZ5s!btd?K;Q|Z$+o(ht4a4B;9kow-{I3E{?Ed?7K zk%k|csxe#Jam*PD=m^Tb8RxzhQfQX>ovGRFD1 zO-L_XH3y?}A2FnP`@kEoRGtY6nCJ|?IBC}!A0Hj2SFSJ_9g}r69o~a&>Fa#DLY^jx z&Kq76$p5=C{|rY&P|o+<(VW%(p}e^dTO~Ts1s}V(sqR;hM&)^DXgYMS2t(FF!59UY zriRv)UM`mQCU#%i4S}w5ElFM7-KABPYgJ)!d3|`f@YZgrx=l#`S~rCv&S6eQg8f0> zagrdMsF5!$=jN8(9rco^0JYs@$#*c?9QrB~_HeNM_YT9k?dM?&u*xJl_al9NWuR z_Dd5@-rg^bj54JjF<=r73MGH^Bjt=_)G0cu4~dRu*uC0{U{NgvitJjvi(9QJK=)I| zxlA8vG0{e4NE{)fCyDm0JQ}JXLtp&oweWi=PaBZ#^e6 zGBQ|l@OQrDxt|k2@xo}~Y~2DbK%zywte-bz3Mmb$)8O%n{HIp|o-LgHV5Hn&*vkD9 zVF`2#zBq1U%d0+V1GpaRi|VhDd6W5@J$2yh#^{l9rtzcOsJ_+5`?ohEMD3(>B&4L= z)*DR#b_m1(0yza>62X(*D!=)UTqY{=)4S_d%cKHs5O~NiUL!@S+l8LGifw28&6@qL zZmoNl=3^w1xk&nlVWD3VxcA2Rl72#|WZM(6Li?L^*Y=auN@C}sv9ye}3eK&hg0iCWxjWqcF z*?HKN^I1t|b~znY%9?HE71L>C(%lFS148(N*_0lElisSm!~{X4+O3kDYJdO4UCRV7 z`8u_BRV=RWdXT3s8=i4=^OB1f7qzI+#)0MEi6Z3ojI>LV$?2Vha!s(!Mwx0w4 z`El|QdX}yK!%(l5xI?YPcShmdA*9Cr3&COIYtHX_t^LMWI^(b~B{0GW%6M7*it~AF z{pnOWQmWEGK60x}c!ef47vCnys$i7LCQqgn`Jtx zR+6MGh%%cMJox^ZSBp31;ZdQR3T@7xL*y2_86)aWn~A8@26_k6gFepO=m~y08|*ok za;s@erRE6+Fjmi^r}>7P_^}+!oNE;{Pu>nF6VVDVd%?1XhB#;iE!{D*ByF%=2Y|GNt<@c*5BQgNTasgR%n+6TJ0Om+fcm8R^F- zG-Uok{>dIn=C@GJ@!gBQO7<&(w1|lxHaX9cqD-QPcbKgnO;}cG(URWzlnQuM*Ax<_ zpohQf%pVddzmHmsU@GA&ZSC-nu;bvZ=%nHAry-};@BH3d@Nkk}p>s#{oT2H(5ynkQ z#Np>U!+6Ty#WwQ|*BFdkWZz8HM1ELe6cc|S>z+4LMSb1Lxw)BKwAX(>Fkr# z)(4S8dRWyOWs-0Uh)I60N+XCCd;S*RUEaX2HWX$i9bFhi0-;T9t!kV8ZC|z0he^y^ zQ=+QkTugPpjRZH$i~4@|3($F_=lO@m%*fmxTL6ec>qWb1&QQLj%u12XCF<#fJ`$n@ zyV11ZY`x0ri;p+}f%TqnJ>AU`h_Zr;l-O4Frd8xEtFtq69Wtw$hU8&FvQl9m#l79n zbjjb9BMaJjr|k#Kr69=FgEMS>nFRiB>pS>>?FvL8`o;=Y*Hh5FL6x$!umoW7(Nu_~ zMFKiJsWIm>rr`p?eYpc=BOSXo9H9%aI!H`|PA8J6%zRpQ`_`PEdNchxzv;_ZHOA16 zN8wYatzHfVudBt9U2dvZWi{AxnI9#%Kygy~8<|Rn$*8dJ|GRXaqq28}e%-FinyyOK zGID!NZIIVLs$!uw|Bx`@-F$pBLs#9PgI%OA>zB)FLyF17D*%+UL*CuI@8MyF8eF^v zk?*|ohn*1aL2XZWs*t@K#I*$vf27t0Sh|A)uS?l!Y^AEQBqNnr_f52HP?Du;2ezc+ zHwF-7vs7rkHy$Lf<5Q?5e(LR1;bJ=8h4Z;MHcfGWRhXoOsAiKIL9|cQQDBN_81Jx! zCp~BPw%Xm>pL_Aa5_N2HOujU-&+JuOhvq9fsqBsJSPe)rzHauT z>pVj7$Ov9p!0^GI%S(j;?S5=6olHF5m{%Hdg2|3;nYw6SS@ErhuYzu`ZH)IDLEMCf zK&j78v58RWCh+Hl#U(_hxE=joRLIoaj{&a4Qp1R17&0adEWhp>k%&GBkL3byrbg98 z8A~01%ATdTdzV^)ZYZ(a_x*3~=Z5DcRj?|#PBpBMf-ooUVNZ7$XQ}a%Ix~;V`l%}; zn>}>-c*gx7Ke)#w;VRl8yCbn0kl^C6u4xiZv19^_K_sy|*Z$taykmpOts38v5X;fh zIMYtArBEsoF|FzJ-& zn1Cp_j8>>yPIeUUX)-@W(wC}`xn8uY+Tgey>$PRzs+V*)c%nV~-LOMtl3&3zN=utV z0zme25hZI#jrG&VC~|jE?sI=Z2@GterweBTyguMLXwf1dv|Rf|d2Zb5x~`pMOb4VD z2vLn`9@JxEHreqpbD?Chl;=ZA1~x=Ayd}q{$NBjg-O<<#tF2B4M*#kAc^Q`8#>vj9 z7$%deOZ=@d$Grs;11m!|e9H8R-@SiZ&fk2#C)+~>E{^!ut(oGDjus$eY@yQJK*({;?CL09cMa? z5-_w<%L1;9+7g#|c|RC`$oaeGV`R4)C_(e_+tb}pdc@eOI(^=P#-=I+=v}>va3go6 zoHsXmVXRb^3m*~7qn++Gc|eir^CjTHDEy-fJ`Sp~*zbXrb6Gu1w!}L97V0Wf_gi=S z^{j?Vu~73g`v_H)Od}FHW{x2k*JI4O^U@F$n4s}NrzL$;Y)pdKm%R-3!f=sW)bfuT zGc$d?t}a`^5Lu%8T$Y{prsNtt#ndA}&0j#nIyNT-^G;L-5&c0lP9-I6BSEjRi9^R$ z(Pkpqo_@S>+c`zpMw)^2(Z%;9Z_0bT5~!5g@XuaAA>lb*(AvFapUf- z^7Rd5?a@v|8A}@;XD)xc(%OE6YkTtfaa;^mre1P(4!($Zs+`feqNMNlQfDW1d5QEl zCJ!T|3y8YGpFhivmT{JSeekQSZpNXUB=rnS1x8_$WItAF{<9Z=j%jHQP7*7H{=T=R zZ!aPXj`zhpG;29_txsEJ`Xh!@w_=$ZaL2x8xOv9 zei5{|WMsIQgpv=4hp~5{O=qPqe7rK>HbM{^qkOdq;A*m_m;{-VVmD|` zZV{4$ok^?q<6F~;laKIWs|h(K^M?WfahsojLICT-YOxs<+#h_PiG4DM$xc@A>dY!e zocI-V+n3CpN|kmMgVM_CjbnL1Azcq)34cQ*ST7Ld?mmuF^5bA<$h0IBfA0&B+R|4P zKIQFqbkWdFF3@CPNo(gUa5y#fM*&N4P;v)z07gRm)kk%EvrzT{SQjKea`OHkJMB+% z`O`qmBzqKQ!06^Zyb_qIK!~f7@igQ^8VsR}w{&E$M&Y(?JAJ;}B~sJpX2Un7o-cA` zCvvO592Qaz3wz?eASf7#Qn^u~JIj^67*YLVU1IB0cKigZ5^sR1%G?YjOIkzwgqPAM z*RvOiBW03~j9zI?a#QbNQ6~{_vu<3f+p0S%Rc!SAVPa;wzS_qgZr!dCL@FfNxGH!B z&y8*%R=p~fMD(@l`&&f#=qO)ZhkR|oYe8_Efv0jfMZbj_QmOw$3@ zbWB6F>h@!2*jCYp0|*))qLR)w;sCFj;eR_y_Tu)&J;#yJkFvkJQ9$T3ov8MzTsce} zLcvhS6%{ghpw$@3sA76fu!D5`hH*O`nW)H4?dw`Vt1ebv*S66ccW@X8DY$%SRh!R* zr)y7scNcnpbl(x(!u^$0;{hank+m48ba-Y0a!7fM#~+Ectrkv}kjnRwxJnSzvRdu4Tt zB8V7;5zR{s-X~+UKYox9ydRxfE9sUU?&B-k>iO=GV*V5e_8TyLT!>ax@11UiH9Px$ zu14`5RR|b3LtcL6o^ms)iE9|>+7G^GRrfC8dow{iyVuwB_#QUe?!0_a zd?Mp>4ln#S67q6^flV$ww}Z;?2BbGu*(j_x3>4?*zc+8U7W{!(oMs9;b(xe6aR&*@ z*X3q`d~QRgi^b%lzYYUQ)N3l$)yn0L9>KRfG+J%xQa1)!p<~`WTyd5YnP+EpXYVhjdfO{t(@8&CJ4fqs*f{HoRU zW2J7JFx0dfE79%9eL0n71qJ1iKstK1-fP0TvxYO;ag(i-SnFXpOje?Nbqs{Ou=edx4pd0G*wETwm`msg_-yizp~?mqnz zC+@4q)>Ni{=0@{ap+D?si6x_1%LPYWD<>Jv7e_WdvA86?WE06npn%V)b&*UtS*8tT zO`gx@xQlI2K%;3fU0^j+Q>G{nnYx@|1M3|$oLQ0y^k<1+EDmmsx<}{w=bRpV0f3P% zq8;p;;pYk*QHk6yvd+xOq}Z2ifxdk;Bu>IjjRvBUZggqq~{v2ob-O8{YKO!LILDF zZ-r{UgCDoH6>s|diY_XA_mR-_z!rrPI0j?j_381h<-P7w56#RmwUX`C0D0{;?Q>O& zkC17o=-#LxWhc(>W|R8}MHZ2f$#Yq}4BVO$uPpSY+I{e^l*BKY}70%zDo zx{eTZ)O`ynm9!lPfT=dtI5v7#nsBy?@z|dw=EZ1XLW`=_n{y@KS|xh=7t=BlVzk7G zW8#>y1_Cre#7(uUDVYa51$a5@YUxt+;pgpREnf&lZVF&23@Ca=aP%Lk<@B#DM#&g3 zIr{#pqBEGNDs~(Ki6S5!Gxv?04(7Ln@WH@bwDV=1=4HMV>_JizC*WGqwm*60VvD7T&o9F+5OIM9Up+Ql0ey6(tA* zU=X}#*!TW3vq%)yF0#E0IgjJqa-m_{mPkF&!zUo)8qQBK&3-1Rc(}CoR--B|1vJpg zMJV>^M4YKV7{AO4Z&RepHp2H5-R%$o;B-&43 z#_cO2qR}*W&VfVfc(neZq)EvJdxwYr_6GXzVfMSJ+xqwp$J{RWm1tV}nT{E0><&Ru zYMY-QQ6@L{@6wn06%K4A+T3bV@%KnnP2ZwjzRGi-YRm11V71T#n6C&%ugwaOVaR6w z=&&Nr-e=__Xs6ZM>EQKWt-7!6c2Egt$;6j>cV!>*A|YWee&U?Nj7vE6-$h!2wd{k+=`?-o@@1r26!XJ4ZnuZ{l!^>^}uv4YtVa})SCRal;M2RO`7Ty zNESMJ=G0?~`)(H;QGGq+^bNa9E=h%wu^MAjm%0xub`SA?Ld8b_`}`m9^q>FM z$J{g4K-7J-cjc5dE4t_oqYfz85LU%eBQnJQTaEmn!*1Vzpjq(^i*vs%+27~!BIut|=xZ}{YUMA*l3tG+TVEJj9p=_lMC7U^aU;|^OabZ~Ps zHn&|8KGTupH1FIyUrAB!mnWlUDTojCX-eI=*lIyatLCKGyqVroz+PedB2X_MnAjB+ z8~<|pF=;!$Gxz#qsDo%sYH>v6q)p4T6PNQ7vWxv>J7eNk%ZN`8v=1Yu*gDbd|N-=u1cml#555;Q9LL2NqdJ;K2a8SqMNaC zK1jYNh-CsR^NDtBl$=udb_getepOWyb${rnz zjIv@>c*WKOU9(dj$QBye`t(VvpfJu`-l8Gtem;$d6#UROAM4Kynhym%!Sa>c$)*N& zwcWAzMF5Dit(M3pWYAABqo2cmsjR|8<3zq%fE?Mw)%!V*_wm9NsK@0L2aD%`C%$YH zI~=4`+u)Xtyi>9&$G5i4guR?VAgG9d2ndRVK@A`xC0!!j z3`2u-cc*}eh=7vP%>YBg5W~;{(m8Z@cMkR4y7k@f^X|RB-}B!ba~yD7bKlpsuC>l} zp63!=Tc#`L>uRN{vY9(kR5^K9OY!Ds8_A}2FT-fd%q??woGH$?mP+4%f&4N6df80r z(fUG_Vc-C5@vQEUc0e{fkDMQOJ0FttDL5qSK-rtDDKM+{ptDKUD5(&kf1PH`9XEje zvr*nhv0C}giyJUhyKxim-}0nCFiq%Z$onFe-AWSC2@PtT*I;}P9+LH*GNnD1oyLVY zY6Ya=JGRZGG0gL0x5T}4M5U!FmRQ)JrENSb?K--l0A7X!@iAq#2ii?@=J0Q==5y_Cf}K7y<$qI`?z!_Vh5rKK3vJFOdxSSM$s3eWw* zKRw~DqPwNGwu}fFU*Uc}0F|9F=y|G!G!(Od?Uwr>I$ZYN^)(GB-FW(~|A}esrM1!0 zmwA&HrHdn9S3V%nuMw?Zt$X2?%dFan)Zj;+09gh>0`TT4UakDTr{1d1m@2RL1dwa|#9*Zfx1Rk;KPN)ifU^u?ic#b?xDFBcN*RFcGq~#&X<5CpxJg zJh=PS)v0p<=Zz@;#O{WlgF#r$&qAr5`|j5lJhuC_EurLliR1Ixk1j7CFI!Jj2{=9< z4;0CHn5drzHT6+Pc;fLhCZM05^ z&RRd>^oWKGDV!CR4R&j;uHVZ=0Mu;-!|If-sV4S#o%~E$IebM- zGgz8Y;QWN~)={Pj0%QiyYdo2B)Jv&DZC)If9(I)8_n(Y`ek7etJL$Sw#fE`O`%VZmg3n0@`b&yFAjgE3p@l=aPh75A==?U;W(EF6N>5c~}E6 z^9^tXKDV`MwvLq>4Gz5>i1{msvibfY*kdPZ#W&r4nWys2dkJg2N@zpza06Mcp=`-0S7q-T( zC$UCto_@9lxj;17KhZ|;*)xS{G&afT^4nZG9OD-H>})V@uQKmhtk!DTiA%v$Xe%Dd z6~F4YM9t0Q>X@9j#7fm`96>wB)*kE+2s3jXGEs7S-XuTiD$&g|Rx8?xU)J^V8I`Y7 z|1%o`NU+m4G=IgwJI`@H;Sqd1F0EzjM2`Bd1R|A^(5uWl6oj0UzQRM=N5kiDlD_q@ zxqoHVZOF-FYC2C9r0%kI#!iNq*bc;ptL8B45I0q*VF%dnbGx5juX0ILvFOb?RnxUu zZV%t}z1dwTRGMW4z^j1-$hth&C(X;pdPTs4`hjb_g<)AE9=~A!UKJl)fS|V&Dho@z zCLvAny}aM3D{jm^$;^Gxh%LKD7UZ$Hd8NqP41iM|<&)%`+X^`-I^2(5UNQsTM<@cz z_u`buU_YO$eSCLlSODPAV6?fB2ylC-Bibr10iS}5QKpI?B|94Wwzq=~^a3!aol1X> zhTiUe@V9ee+klh7x05Ze5;Kh&<4gQDzO^eaSz6VW(-NHZ$s|Cfq<+v;{==tESQ2ND?#%R= zHWV00LCnR;;d8nvk1dwz=v0wX^zHKY$Sn*;-)F(^)DN408sg7@cOffOsHAG6p;@~G zWza1=*m2PP`ZvxHbP40nFN>D)Tn`|h-X^g%YTTA0@qEB=8R3=W?n<-K|rX44~5tN7Ps`t7k2cbbVix=6tJ*UPIb zs;lo?1oh2rlBR|am5i)ur^S8$X*0LRIL z2!xoG>B7>BiN7_!4kPF1d%_!di{5&=>Z(6hIr~fW{Q=tkh+KNLQfIcB6`nnc3Z3a< zY@0i8g|0|k0qV`!cH4aC@6+;|RHDq(wewxLv_CZJJ0 zMt1p{co-SN!UiE%Xu`EAc$$0`aRYxwvl{PNo#9$|rl4|#5#vyA@NosAw|(5>VXv>^ zGbZik%!M(i&Pn0oeMQeJ{)!`4fl4h73IGrRgM(DjUdKDwu?o@3u6L!+b?uT4y_zev=v z00E%N?3Un2>it2drB?QloHD61#dWx+&6K{f2FPaCw;?TFrC@$j;0qy7)hUE2^@c!^ zUAzv3DINl-fT#q^^!nO#bBXb4&}w$JzdFrZSo%+Dl51I5X(y_yL#<Fe9)z** zJs`INHGM14QF^@k_GH9mnV+0&rpIH-dmpY$8Lq?)hp95yk>);HpQ zA=9Ir9OlDvZYiF*JH-NxzLUHHp=DVXy*FJ188z=FTHJK@^N5kX^^uK)iy6%a(??12 zCXQw`^vHdz^S zl*o-MQD$q^#PjaEi^U^tmhtVk`ODI8r8ebmle>#Hc0LtcPLi{)#V0!p_!H?FA?{rp ztDuV9=rA{ninS@46AbeWoyp#GVlrax(7U`CY)YA-Ss=2@G5?se*acQR7c z3)q{>aa~9o?NxrIpN*Y#Fmn6+;gKyRw*9S7VS&NHw|6!wE!zszossc%9?!LrmaV9c z{S(r~c5T3>cX)W1?kQPv?J)U0^z~^=31AYpTQD5?}X^oYwn^hf1HEQ8YYhb)H%XzXw#dc}OYfu$b7p z)>fxj?$}3qT=x3Rhg*i9vdN%yy+YsY?GJF?{!x&L$zwk_{8NqNWT4UoE&IkI4K)6 zZ!^NU3eyRWRc~Goc^w`_$z%P(qV5sH(iu`Iq#@O$Swps2we&$8-K)5d@u6XHDE|y_ zQ10t=2oAP@WuxyvW2nt@Z~yfZrTF2N2-R!-jS~|Hc@3)$iv>v-&SQ_*5BYJNNo647 zfrWBXf1M_-lhZln`>iXu7>hU$E&1dM`ySW0we zWY?&K^{_Wq3pqvl++M!w7%5#=foA;}BlH2NVG zq64NxF$r7h8bo5kv%oAoxvg??rG$Wp zJix^OYs;R-k#P7}TMm!Yr!?P`dxq9)57!-$)qc#6I{aZq*x{}T-a)GaE4qK0x%)@fFC=(3 z#qX?1`FsTx)_os(>))P@)=kVUOyQAlW(SBn`1e|GV%+?S#Yg=+i503N=`CX?^*r5e z5Z_9}ggL)ZZ4)10`a-hkkgXXp-zA^2kdJ?(St&rpLhf_oL$8n~(Jl%Cl=UoQ5RvFa z;<-XZU8yf+Vw>?!D6t#1qb{8cm}XuSfbEgdAi>*|gEHxK1~{cn44?H^-V}fBgfcM!^G~xs+LLnOf(k}t3|lX>&M!XsaKG=O ziS&dr#J52f#=aB%c2+wpdQYH5SgI6^q;IhYhD4`k&%&HRK%p<8u_$-(Si*+y@?ch8 zK(Gp-i0WsNBcsFlw}<|7y?^2KFSYAevAzrh8vI6{d~s#!QwG2VKrdRqs2+4UU z2=G0MbEgu5x#?&cc8e1|yxovrp$TXlez02;8)rmXHR7TjN2c;xc!a+w(V?j zqR^zF99syfmF~!|?nt@tN&-Zi{(jW`l#A*jQM8EN) zFNY-s^eff2X-*jR=Vr`3-{u6-NWj?W^7ovvyp)873#PT4X8I1oRHLn<))T%{Y)3qJ z$?)H8mleSuEIdJ<;g`xk|6pYp;D|K^CcE!^^Q%xfTw2TM{wRUJJs{N;lvF{}%FF9- zbmc^Y@^mshxt&@c2!MT-jG7G{@b`Gc!AUT!!{9FGU~bmVp?}mqhO(3d+W^ z*p|x?9ygJmn5Xm|LeMXo1;D73F`f?aH(>czy#)-@r>5w@x|r>>O8KNGa=)4izafmj zcF6yE3qVz!0hY%571n(P=&2bQI^9oq({1=f8)B1nP74`No)SF~oxAWn%`I(c_p=xE z;3Z#NeDsjQySS9C%=`iSb%&_-r*y&jLkneaa+w=53`ciqPFy_xU>5ImE7(mVkz{I8$|u)BFC_$x>vR5r^zjc17plASGFcMF>%5f;snctb z6#4Vib_c#KDd%yyj91ZvA69mR&w{))bB41|M<-%=-nMpMzs^+=!K@@;4j?sr&V2M1 zybZi`viQK(_ANnaO}(II&Kp!rH)(nb=-s9NB?R0UZT6Q(+92F#3p){EW2Z*?+3m$R^g zs^h`!sV(Q+xExq$#!(NRXKu&*WB+$Lo~Y3o;1U%uRG7&YN*!oRT;(7?y^S;PKbd%L zI-th1+;pw~;deLG{fUFDxjgn>xndM&{-++M4IVR83YSS2`ev8-_UdwL;1ghf23V1> z7wtN&*={Qaq~>|-uXd~k5fwE;?_bL`-66u8)B?$3@xy?*@? zbh*$)EyWG0%ep;O$N1qA-C*@jByOGhpmlF44mRahMds53*FAryyCF%Sf(N87F2|I_ znqApfr8Sf6{xMW(y5*W{fsnYovrv?S2g-E1(OF<8iL#|3ADef*nf#Jzkcw6o3BG+ z87QiK3%Txl=wliB@uSxHDWyvNR4mIm-LXFxdzY+#)^z2AyBu{3dM>`a zx|<+{;n?6(+7J5GYpR9j3-KE&8dh9iUs$`DVBMhxdfBCEh8+=s0^O!O7(nOu|6ED` ze1L_L3131bVRZYrKSs2l`=v!L2zSJIalGV+)gkT$arD!!^_m#kJ^ocJIWVL^7=mNG z-B$WM#`o;I8@%@guZn7F5;r9l7TvVr;V58QH5?gVQMoP!qt9%Mz2kT{8zL$2@^b!+yW;_v zIgvB%H@W-&b%EK=;v`gOpeT5c&(~+^%+1$~b=fRV33N}-&RCgmnMOS@BXUZyCQW)A zO7VylC_c6{!%qw5k~s4mQ*(9`8>Iql_qDgdH!r?Sr|axSM!-%bEamWB)jM-!c8BHU3pbMF2F-^p z1~8#?%O&PV7~K@yR3B1oa1Ev81l&&M;Uv|Eo7o-X6<4`-&j0`W?AL2V*S=kkP|eXW zU-rxS6%UMFoDzizo}*zsF3y>+$6irnlRK5K={d;31k`>NDhHw%Vn%LDxL0i#rb$_- zgfmy`hkN&Gdz8hRylPm2gI9LFuk!Nd4O+!?wq~Erz(TR|bqoaTQ)5p3WAn1#5da*l5aDX1;XZC` z@U1aW%I~!8pZDEg-&WdU^J#mmP%*2W47BT-b+4>^UpLm}@HmQM?Nj^_Gth#Zr4-C3 z(72F8;%BT0=Lsf9+uJXDJYn6offn>&&5g_MBKZ!&4nBn`tA%cNSd9%$*-5^di^)m;F{`LH_7x7#Ft}`PwgOf88u_>p z57Ty7N*zvQ$GT3}RRh5uyBrj#Z=vFY86wa5OQuKjVygxVduKu4{Mg^u*bvcPw>B@-Iai9GTnKlUV$Gm6>xM9LRA~9X|0ObbG9EN<4!ts7wZss}2WD=oDFl0F+3EMUB z=i{5iLmYMUmW(P@rl($J5=mO&v(g`8epwY&@uP1s?g!zqSHf{8 zCPr@yT=un>=XRIgcUfIW;G?7K8w#>T_#PKuhXSiK^{9lH# z`T**gxeTxrBtJi2^Ze8=ZcQWibKDoVcd87FjuVxNc?eK!LMMxseEf@01xiqUN&awm zt+}oFi~N#Ym?dKur}YMX?#KfQqQeUE?GzNQFY%A+r8%AYEyMuSq29#PuVXr>g13T=Zno{MHd9JB|Tw zcaQK}$SqKhExVU0lyybrI*TsGxORPSQP#CdVsn&4WbI?0AweDDM3nu+Qfe-q`Iq__ zfcJn4s7Z2F+4qWzXS2GI*ce!rx5~^Hlb7o8bADkaD-i$ON93P6b`EgRZ-s!7D~^r%ANzph$$~52*gZ#w&Qz%kcF`5oZ{Je*rgsI%Q(P`&y^}5otCN@s_2F~QF2ecmj)!~j z+hXci+?Ze!vVB>Xjj{Pg?$dXc_QTzuMt=b$r0@P9QRCkmQ>G)Worb+o4JvS--*%4* zCs!&4Q}U88NNAjX-c^L`jWke0?O3*B*+;9!B2cZJ)kpH{-g$YwS}i~@G%s!8%P$Jf z0M~TqwT4k)U_B)6ec;F_T~Yh_R6Q!Kq2bZWZ{5^ivF|?*@^8EbkW&=MX>8JmBP@mm zhLi5b7dc?74sT(X{z{nKp+cLwn*GaD1D@=qE|fZlOHSwY&q6|O?i22Tp?)@Ukvo?` z7^0${X(zc)8p`)b00V+N6I-Oj!=-O;h&OVVt8bE-S3d=93kk2YI$WI;Fy?dS(s)L? zKqO%gNVd~e*4+Tjawskkm6CYQchOR$)0|5u7%6oBU1lUyFZ?4Qq0i1TpAw{bC3mto z?%YIdwq&K5neAEgrvEO^Sa3`=G(&4HM5gGr56UrN(chb;Nh{W6N24(bjy1#QnJaiG zsjSSwE1l}`5ov{Xo=k@-D`P6|+*IM7iZ8>e@j#`TZjCVLNC#K<^yMAN*ZkX5i$q(C zTV|y`A^i#CYs}?dd>^Cj1#P8Uo!59?q+d?dNM0kaP!`|_&cEf&o}Y1OntK? z%yEJVu0k8-x>&0cbF1`6Xot@g850q7kv3@mqQ+cbEjRKZqm$6ABh?cW^6e?IGfeVcF%W0)>~ ziImJDFDr|-dTnJ?#Zm*(73B77v(;$L05xV#eXiWpqAYdI+R46vR}6%b#LZ17nRuYI z>1@uGFq!T0Tko{V&3cC{N)jTa}?1=au{H^gRPl(}oNt0H?Cv;SQ& z8r{RAQf)IZOhj8I^j$qRrc@2OGy*30^3q=gX4~NS74yG4xzsaCKQ_|VNR>Ek1oSC^ zJ@R=jcoy7*Bp3}&rj->V>MsK(ZXpRVepUN6xLEiu&vf_C&B@r~h9=U_$*iSAk8NEZ zzlkKUR5FVjTr%v%Q7k>7757VMsd?|rzs|6;_koIN<2(Hjl&>__1z!Sp(GKE^7)n@( zqb^Cz@JQ=Q@Mk1;in?i0FfxX!?ZwA1!G009m(+IhR62ZnL+Ici2#$X}`~Q`J16F## zFIie9@5s~PbBJ3M*38V*u(p40Ok`~M*bF87-0`P8$ro3Ldg-Huzj#R9TeNz zgL*czi*|(kyeG0oaL<{Q57K=6NZ?!x*NE8-WJo>=z5T{3)Fyj2vAIon%g;L8deLa< zR*p7J{@R$6H8ji4#f9`E;$@QaLcYBR)-xj0zVA~V>WB>6L@66NESJ%Zum7N@`o~PW z_sNf+U~EX4+C;|X>==gM^74aGWq#0I~7i{!p|khbK5x8GkIFFzD5wGNnG1 z!MY;bmQI;O>7Aqf^lQ?C-soXRkYn(6T0h9Cm#hpZ7+xl{M*Hd%mTQUK#vr|AnJ;j% zFdOEe@lpFFUDhu+^nX47fBtx&_Tyyp3*g`WMd3U!@vS==x|%N*JryfiUZz-Nh;OW? zZr7}Nt0w1N`CT3`h?A6qLT8SCP(L4(S8~GBMy8y$t@%f z^RHKet09y>bhX{#Cp#{C|FgI~VD)WLX{dq4oAbGkD9uD$v()GU+b-0KF4R1prtyw4 zV%dsecl9uw^5N;nh(#88vi9rv_>?S1w<0YxDH6m}EtJ0VT6d)@&o(0;7>nHq*!@KXKKTJB>rgAk=h1Mgp*yl+0ik0;~w zRI23NdS9z|rC~So&jI_+$~DXv0hbDLnoc!R0J$jlb^}JzBjLtJ*P2CdeB`a|*t`b) zp!`;dirChze{H2OnrX7iV%wi!VqJte?z1sDS9xGi(KEigGQU84+f*U9sJX=}N?0~0 z>3l}pve#E$=U29RZ%M}$+b^!n1j18uVRp0LJyR;p9Wl3K&zRzUEM0f%|FE-*ud>Yb zKbuqqU!7O7%M%y~WCvF3i7ez%L<#b~j7E^aA5suH6Rsz}YzxXj_4~^*ur-d>TQlY> zarsNJ>~MHRek2tem(j3Nsn?U4At_8NP72E#uggu;I%7U^AD4{MIe$xTnm6cOTr13{P+zmo2S9%2hLE4X^8Z zUWo3yC3(L9+S?ZG-&mm)Rhzt@iw)%6t+f5+p!>u(MMV6zYUgQ(DUm43;(rDEpZjuF zd2b$}^Z0UfY-)2MR-T9~PnXvYrk{t6B1E!6aWF{%c{47ymew8rTX`P=-m~B1oWT?9 z*97;%Aj!ro0?}D%IA&v%5SvBiN54TCO5c!ib4u5}B5(_c7kP#J+Lmm${fHRfW67xk zci~ylm=(E`lmq@&!r;3kUlWcvShU;+M1PLt5x8*vV!jp2&GkWqE`_?>rFze(m%#;A z+CVrNPfv>3i)1rD`YeYV<~d-F9p_YCvM}arA!%*)B&=B7NkZv}Mfe8GFnGh-h3#t1 z`^Y&k_GeBoBSQMU$J%@S((6Wril%X%MiMcJ&c$x}1dDE$Dub2+w@x9~cSC!36pBk@ zYw@;0fXL~ZCN6z-S*oJ`iW+?i3NjTZZ&nf=0Raz7^5Vaxc#rZB%RJOJtjizYYigfn zgqhPDL@o8L9vdun`sz{!h=;{-57J}T%lPId$ z%wobf0wT3*t~;n*{VDDi8-;h@gBFJQBoV2Tk(`fq_9VziJE0|1E9}>6#uC~{Urso` zQ4t6#Y4;441Cms5yT;UXHB1WTj<@X(a5*)Frmatk4fj2`I}CXoh7L!k7?ytC%)pYV zxoXTV=U1)5w*<2dH?q%G`W(^pC|-Gosp{l%rwR4M@Preeii^!q%|dyZ=l3XVEFx+y zE+2Oo6y$Mw*^_e_W08R2?je+4j7MW%C<7i0qRc>}e*h|135Xs6j+%NPVAQ)n8mZ>| z`rn_s0(If5T2rwqm8pxGgHgAB`Iwk>CaK~vzE2a#MnH+kR^ni3?eu0o^;3FTx@fGp z){jf9K7hVg7N?jpAza2-W@cyqc-{bSUtob1TP}YuXQV88|A(OWM;fQ~0h4BNFXqZ4 z53yC2E0-w00HgZIl5~%fXt9HnX3AL}7>QCc=hw~ep()+AN3+W{u{3LT{%Ll0%Ue^b zG0i}3x?QOk6k+ak38ft2;dVb7OY5N!9N-aCFLR|{PiE&XJ4pG~P|S>KFY?tN;-+R+ z3Afgk@35y-f8+4|sj|6CsLN(M+u!#bXW!>xgH(k60}f}RW2 zR1oF!addu0Lttwtt zntM6+jcn-UBl{slTJxqgepTP+4Rm6kWL5@Bc%bnTJGZ{3K{n^eYXjtPi7F zY}ZIU`%vPcy*Lu9C`$K!Pm<@xb^qCKZD|uozqL4Yz0g%zgFkHu)npYpysV-^+3K1* zZHx+SSXgkDQWl`1PW0epmpY>8%+9guHHW`ReMBmsOibZ4Mpy7dzC)i>Y_4%}2DqPO zx&jh7k{B6-5U0ZsVpr!0&t?sTJ5;eud<;F(bX@WYJmdh7!Q(473-T?pbJ!N^oH?%j zSyTP}js4-9gp)U>!U*9x-rT?37*h1V2z(lwORBzAflTA!pO>&RsPae-ndo;duml7U;#?4yaUEe4J&X*n z4BVtLsW4xC-Ur;466S!L$DMC?R_HLF$!Sa$I}kKFOTx-Y*b|S1ecarbY_49J(91t>-YVB zjB*+?g@1*Rt%1_U9_BpM6B^ADM%qJpXLHNCGjpHldgl92ybRn6Gq-s`s@hSmg=UtO zF1AP;hX7G|5tfO`=X>tTS(f#-;{l4NtP(HQ7!v(9Y1-)~IwqCJ3+6S|6`k-$%40T1}v(kt%DV(fr7BwcwS3z7w?S2l63gqEhgsNMbebpSG?o+jpL9GDPLN2Sx z!(;LSgkuY_w+c_<7C>LUM;x_xkENPU!A+(h{<0#3jaM* z%b}%v_xA-7wVf%f%VWzB+j>g{HLITGz+^RLnV3u0e$Zk@?d}%cT}j++(Tet~y>VK1 z9p$kZL-T{ZJ(-@Dpoq5B;CWxkYkvMR71P6iirje=I=Z;DYP{#2&EG`OM}o?q08Xy$ zZwL<C=Z-3F4_ylrw2&t* z+kNt>Y7IT3IDcwhh<5-2cN8;uyK>RBx;ZW+?cEc{%u$8FRQ8ipETdW{uRrjYN@c62 zkt>1hcG#EiHFZTAv}^D+>j(prIikV8*)X6o>3z_->__C&g z!YiUsaxR`HPdqN(cioR21u)ed27e{x2$m$bz7f{+mHw-4Z4Wa>tM=^`8BL% zj#L44bn=LhfJf_r4#!~R0(ZqlB5j5luvhr?ep@QN9LKcaRPj2JP3?YM-Iv2Ja0y%n zMgsvN175Ud^2kVl$G}syi+ebQOgP_YlGJ4~0ZaJT1eDG_;ffmO@u**yhEb96d=7bV zUqJNh)tA>cym)E*odL|F>5V2OM;Vf->UAp4TLz_K%&1c=*J4==Q4tl?Q8rvD z!C~0gakrlK(uSx?Z|fJcY<>aJ7j=iob^+c1j$Q6k(qU&OuBCv3)<0Y~KNH($#Po%% zg6(ZNW;yp1#qvQm`V7ngZ)s-%6eM3A_MI$= zv{4xr@s9T$X6Lqby)G5aA4Wz#H-Gg&JC=#DFpYOS@TamI2FOzI6L@_23xn{W)zhmY z`mbC+ph8DFT?2)#2yN~9L7Ca%lXaBde%PH~fVK|&GOUYJeRPO~5#ll>710|El-(Xt z|iRcso+VLe$P+Tj{F^|9Xj1sQyqbTgmR$%JE_`we%60(^xBN%PRW7Bc&&aXuO^F+hkWl|2P{|ih>**n@pA_0 zfR{rz)z@ZDMG95GqJX(#irvGQ^=Qo+Wiu>o@$1Zhwzp?w(DxZ@X_>}H25FARd@9fZ6qkf4NXkC(xEs2! z50?$`LZ>qgRKHJP0`RGXYcLECN!Fts>fp$C+?k9^FOJ{e%_ZeAm1$2 z`HKa9&8PVfOm0wiwWUAuSH8aY39OL`D4V?wJ&ve=6ek1rVIx%uP;GZ8v(%=e%l--_gIMp{36pGHs2B&$GxA{kkeKs1%?1!j)*UI87aMLnJ9Y;C)rK(Vf@fVacm~6 zf8k=b5Nr9*-jQ`b z`N&N8g=}boy_jk#w;2cX;N=}Rb=cMCJ419j#8#yarGQkG&d=&DdQ?IqO66fW_nnYC zfa<*tvH=QL72w#A)5Tb80;pvhKPbaOHiV`YcIbX)!Gm(+aRUbKLxmQ_wbwZ56%*|7 z{Mx|+^g700n%e2^3$O>YGTp?*Dag%9U*6ww2FdOC+*?#(_)>-}L6lFaA>Q6|XM(7i zJ`c{H5sUz0S%?Eue=UfOEo)a65j%%>h)BH8| zr32h}wiH6lWhH7TU_jX^)`M5g``U0mdA*A7?gs8pG_X5H$o8v?s1reQF$uBpS$QB( z=Z#i6L6vgS9Q&K4qdjh6DJss+zYeQ3Y+2|gk!%u?<-)eZNUiv+-!8MrOdJVTu^K~^ zBGa;DLGxlt%)E}FK4>E^Icotp;2v~wmh7V8oMO=$*~Bw;&@g~pjBTZKy@Ve#5WtaX zad3?xTd&>NK(`iTd9Vl&+Gyjw;>AK&y$$T>NzTkh zIFFUGLM_7X{LUmR>yIW6!)hWI8v*ez;BIHQzrBhrP}`K`HrZ8EA=p^GbJm<-OZDtvRwnvq6*b~~74tEZAq|3F_ zgAZ-G^X9M3ds#s=@>PfS1*Ya~Dffj6H{U4TOvb>#(qdGAMj}5Sj(%Cf9F`0Ivv)cp zLU=ReXmdC9y%THnUH)nJ!?wtUSE>*p=rBYTb$Qu31l2jW(W%{S;EfJ`0>6>1x8|`= zO2r*LJkbwW#hFD`^nM*5Ly4%DRv%>zs1~aoG%6FgpzSeED>uNfFKB17w)AMG9B5nh*M zUutbGQ6#ZfR(z%bk1ZQREtm$@yAdm_b8J&;y6?Z0ws~M%T&-!-6DAm@Fv0ThM;!tx86e;rE3>8huM*#-Dy?jIh*m^}7er+q&;k(c*@Xv%B%CbU>s z=$?IOZh2MW_TT}{u3cZ5a(hE&#~^?QczRP}-MCM_`Xo&%KTCOO^Iwy8K=k=TR{ZiP zu@F^@MQMFaKe1X{&`qxq7|?B&)Jj#`BW=p7&dE9ExceE=$06!IL^Qp~+hzW_IYo~V)kW=gyYkPk<(K0{{}rM9U}1u;uHY!T6YO_KG=%^$u{ zFFrEymSHn!Z1UWQs+;3y_Ad-2-Q@wN*7o6Cwn#xjnSe4Yiw*jjR*okhKRWUL8gA!t z(t}7*M03hjy~V6qesoBjaUj7p#mY@QB=%BxpliC20ztZwEtktaI6mJfzuY3_z@3wF=3h8pAZ#o2Wg8^E3-GNs52)tqP3*5Jr5dsYe94QUydUO)_xmYF))KI!T8_+W~X_~XOgzEgq&>YE% z=<)({gG~`xrwc6jI>VFRMNHlj0)C1!VI48W7;%w5ep;d@(#~vH^B+tgHe@DmaBy&N zFUQR+jro+Fj0YxrzM17sHs|`vXNI)@ny7pw_GI&VSCn*zd0i{b*^jw;I_x)M@GVOtV&_M)g)n_1e@$U}lQfY?Vn^ zbll#@k4AM#B`Zv$#dP5V3z2onVaPq9zZ>`e80Bz8VrySS_HgnW#b*slvD$Q>q27Cf zOwos35t^B*V3dzFV@Fu~t&F3~oOYqQ0xh=v;!_(yK*drglq1RW1-;#ND9Iv!tUj=9 z>tq*=M)_P!>g_651)3<@<=B%H-XzNhSoW{ahS=%`WoGE9 zH%w<`db+t$13K-Ae;J#a6+4E_6E_ZbJRa#^KwGI_+l-Uj&St$}0h0K^u_NLhsXl z`U0W+WxNmMk^lQs?-nK`VR>__AK{hQO*K!rVKE@`wB~VBWNEVJu0IoJZfsUW_kFrU z>;N%`C6-8ch7P}syjulo@Pa&~);(?%`Li0J%8(*Bp0Z0P-m10AMYgvujBooC3^EpC zT*7r-SU{jlgH6Hy)DmRQeD+B0$8#-gTj*;tWD3XBwRjcvnlzqf(QOatSy_9VWluxw zg7QDE&0mNY-rk4QIvZQe_KtfkB<0mPtBU^ zt*mJ9M%x9V1=ZQAVm(wZ#cN^a318>Tdj{e7-d)$AzF4HCY-VAdA4y{dM^?@z8d{hG zhQ3OnQeK4L8G3v`&V5aN!{XKN)}&>=`TlsSy3iC^ z0xItGMKZEzoLFyi!s@Pyb&~cx644Zo1a-G(>a%=;%nO=|)87}M9nu%Vtw--M%EP(f zDLN;kF@hils8Z>{AhSvoXSfG?jxCISvDzjP-A+!Ws-i;sP&yns7DU`lF6iE<{seAe z9q*iP`A}0^yT+>3+RZ!}an#;+adt3Rkoq5kBK~^)n>2bBR!4Om7t`mUVq}^|jDW|n z?bnxMHH*>L&W<_R&J?51^j)@N0AJW~HhH-i>25(AEmgU#EM``F@hmr%nn^uuz{Zpg zq*;7fGS_qNH{)Sotvc^xtVN4|UwS&m|JseR_+N7hqaA7G$KMnl*s%I=% z+LWg`M&@i#Qv&!z<>!iOfot%pL{({anzeu-eAxq4#W95DTyBk`P|5(7RBrpywmOo= z!3G-gUFheEv>ES^&7LfXr=K^;Ur8^W4hK&0`=po!Gs=7+Of6}68)2YrBh``{8#|gk z>!0MlFg4UYIND~{Jx}nGXM~XyRMV!h6BUzGIH;yJXw~U6HqFx|?_Dfa)jr*`Tm_{H zhv3NINwy#s8i50C7_N~{?EVg0Q1JMTkFL$8I~Qb`0ix|V^mTSDD)OJFlcacIpV#D5 z)zWOjcA>kk~50|=8fpsHo;@0%yUYNv%N{C z8yYU7$qRXwHx&D2YOk|Q7svR8zz+{K?q?4a)HU{(I6Gtlj-xcIMN)x^gm1WHYbGX; z))@OMIl4)Zv7L`^S#J(*TfVtn%D?$AVxW|nnTd&cA<*Bm{*5uMykz**ws_3>3ioOD zWR1GAwl)~-^tk4z#lh=wTrKI2SztQGk4Pj`aqq;jt+=O-cL=Qf(j#(tfIu8}^`(8R z+-!Sa-WmKHN-^AyvRY^r%0p98Its%|h!y(BmaQ!r;of#t0bd3m{N)xr*o zyS~F(cfBj@%jrwc(=9l;hLx%>Cj!&aG6iSb9!E=&{PLE)0v=MMjT?C=2uwM?^0K8p z?)~_dH~T@e?U~+UZqpSq3b_nbc7M)#-|@6sZmQ;i%9{O4qb6kpdpaKGCcUlp$~Wn2 zt#E@t$ABM)KBWhfWD(`#>EPJZBk88T7&5=XJ#yhkF0u&U%~>*EsMV09Q(AC=exCWG z?S@rBZ0KQgGtC(RV_V*&TZCMY6DmI9vYfm*k-O@wT~zlFW0r2#$`3!oy?)y+sTMN1jf3j63OZ#OKezOkYA` z;=yLSb1tN3|I+H}=``Whv?6BaeY@DJp-JVE^p=%x-d0}j?)W)1bhHG2#^9gV8ZZcP z5*q|FAF}KkEn{P;%br~>eW7ajVY2GU#3CF#-yUutrSZP70-BL&u1nwXHi%B?1)D=> zSC=2=1^sNwebKJ(3$Ir)ugb+VVZ2lxp0S689W_aoo-Sne3PnEM#PKh{QhQ zvgW=BS#ny z`2QID?s&MiuKz@$B!Uznx+Fv=AzJiEqIX6wiQaqfkwo-P^j=4aF$~5a62$1kD5EBN z7iDyQhur%<_rCY}z0dQH&*3o6S$psA{;svYYp*k<#1!Z<>BJk_4>q3Q;wP0wM`;4h zJ$n|vSoq@-9IKGdXrPJ7(Ie3x;34%zZgLEL7731AWO)y3@0np#7=zSvx}W#)E(i(n z-OmudRAG+eW2zRcU61fB!%yiT9aXKldE=QM##AC*Uzrx;U3K*zIJ!H>6moL7T0Rt_ zyFoLql$2OzI|Fn}SJE$!JRJxNw_d7&8QX^l*QimtNM*7F4+!X z3#njd8K@Q1MOK-ALL{YXP_@M}wtw7=ZX-u>8%Zk%2vcQR=|+qT%4XQY6TvqhUjkYe z5=|?ZT))7tbXH|8^@GJKI0-f9>Yz$0tWa{D%{i@f`L>c|FnlQ% z>gD2Gv#OH!!g|TZcE;E+amc2`+Vu7N1aJg*61`AUn+$l#bk{yK0USiEYF@8Y}vqQmk9p7iEdhuT;}1ads!1C zJeJFI2rxy(+mBcB9Pj;M(x98tvMhDmKkoT{*Sf1%w=h#`?j~cG|J?eu`IPsN9>SC} zG>WZPTJ0;GF9*HHf9!Flvb$weXkf=Dy8OEHeeF1nRZ#Q~4!hKn8lERCT&N-`MTAa$ ziE!=Cs@NwvSN zu0O~3@57x-4xIG3ct&vPf|q4gHOJ(>+!Ka801sxRYStq&7_{(4JIhXH-? za_9eJ`M>xDS)I5pvY5p!=4-!SEs&F3z@v5=*s#g&YPxzd5aD>trAvAq+_f@Y9MoM4 zdXAPvu$tJ9scUOxPVwdMrk2^sc7n{Gb}jf+k2?WGO;5v>CMLPg^7~_0;uxEGoZEbH zcUlh6=Z`}`i%!ExO{lEx?$E|9>zR>nc$F!#HDL8h78j;KC~9?7NbEav=bEC#9k#!* z+y6y&e}5}Jd=2R6;ED~uU`2htSFyBRnZI_*V^N2;qPwhEZ@MuRef`{bCT5nSM=^B; zWMp1%O!Is~wQLK*}CV}%5oKzYx+$JyND2lAA zPQc5s&#oUGo;=a$eab$&_FWnL*5+goqQhLos@hp#Hctj3Ud~pfx2(QQ5IiAG4;Hq^ z_Pk`0T|Ogo$(_FTXIH$x&y~MTr>r=j_vV_3!w1Q8>o5A@RC;gIrc{AT<&}6qxKA0& zR%a@1t7{9LWqqcy(4>PSg zKdU?g`o*L(mlc=8zmH>D?vHD%WlLl;REjI)S66*@t#Y#L6DMW^uk0;WyKUO^W##1g zRSe-33cL_M!`)&FTlnS|t)-W_PyLGc9YgI{(A7F@g@WJ9L%Kn7y!lqJAuLfG zXnSA}Y|cX8M}r#*M$Uip^QfgS7Q$2N`b|dv(I)czIscqh>E}I63srb-p8rgI@6HHB zL>crlZ8qN#Dk)ixwN_A2$TjcbgH;cF{S@W1rKsRKQByrMKc5tQ0Au~m zMNF$Upj6gvd*m68p4+mDD|s7wI3X_?42usear@+%C(R+WYqb;`n#Nsi8YctB)!1ce z9m3LD8Rsi&r%Yviki1%-E?!*VGr6vWoo{uAf4>HZ`u~rabFo?hstZh?r&f3uJ!%)t zaHwD=q6aMo5e42RrPu9V$IQ3#lMFGr)YnN(h^UeDTbGnTV78zuad{eqYHGWi(D%rc zly`3rulC&+jZ^dvK}{R=@Ku|Bw37k1*US|q3GCXiSXMu+Q?{kBSO6!YpDVu1(5bPC zhg!Ws*`9tXuF47!Hx3M4Mv`NF8byx8XVeD&$FBdf@IS8TamwKLxlDfl{9Z_NN(99= z`Fch97z{cle^?PgL9Vbv)z|(qWW;(^Fj<$+%uc7m{*J)Tr1kpOSDkL3Z+`+;qYu7_ zHqpwVMZVkryq!r+Sq6=AqOq}G($n)iOqV^A)#D!D!|$-#>+JBiR*7N;zRqs{m2b_*0LMV?TD2ISd&EGtddV^B`BM zFVFUVeV>S#oMk+KSIHL)rC)=VbsM-=x;RxiIl|noecpAgaoK@vDRa4CmnQ7DI+tGu zli75a&5dr|JVa9xm0v=H* zhx~O7{_FMsdSwI!8bwg9>GpoRaG6rb_FY|()*G$7zU4xL$o0=r-D4+*4VRIpS!8b5 zejfAoo{Vh!N;;s6b+$bx=lD*nTtPvR5??oo}o;3=FWSm z=jq;Tn(reW#B5O|&@LqoSHc=iPRG@yNdZfA%Or~PTiq+QCbo*qvOP>y5_6JEn5Ma$ zx911JL;jB-yWI?}G`|MsT`kAu%ACP(Inb?TB%ZCni!7PT9lE}IeNkj)^AAOi_(lU{ z|KmEobb02y+qA%xyII5qhC-WBcRTC>7+Z3lD0CZcJZ|DMOB3qRy*8TP8xQ~--&%Q$ zk4TZ|2>AvXG|_Fk#8|=-6IdpzbK+q57NE%sH`h(c<5glkFxTvq49gyseF!h=^t3%F zfnIs9BLl8Z(t4&XxVP)FJoAHe&5mx>X2~bTS6+ABFtb-DSsUwcBf5~%#L6kdNWeL93D8w4kT=1l!Y;PT(Xrpz*l>)|Bzz4`>@ZFrS|^9d*&1&*y2H*{ zjzjj-_!2ws$7j1&B=Ktng|u0D2;jdWS3i~Iv&eYyW`Ctapf{G1;-e311*Pf)XpwA# zPg=enynLUa5t-=P)Dga!ek^zFU5Ic~Lvm?KDe^ygl91@e2{O1vOc5NW)5v<7S-QCG z8_$8@toX^{nCoEU|}@%x8u+pjDi-SQb8qIVL?3fO@-bS&>O1~aaV=v z*)p9^DI~ieL2NAl1(MyX3P^sUlu`G)^<&m`pI;}AK^!f-)jjWG!pAzi^8_lVl37UMyPa{b39hvvDNes0Y)Fl_BU^;Gtc$jgal zK7u8c$^B^Q$>o+SQ#PF#dlw$_mcK5kf8x!>U4?7W@_q5wT`#_Q^=NbQ=l+J@P=&s9 z?=g+EEa%Bj_zb^3RgTNtO=>c)ueR4R{T=2-V8$d;P1@9+g*LuANB3q{ei#GAzp4e) z8Q9$*-)nI}z6uJ~Fa_7oP9aWIPLCI+1`J#uyN^jvg~gizFM4{iRqGXkNY$98*F5v< z@$*fakX%E1U4M36D^>U9Gu#d}%ZlQD>hEGT4;T8drB^6S>z=ti=lOc4FRe@0w|0-{ z%ESXAd$+FtpL6k7imL(ONKI&1+r{hQF&jlwfRRT#OZ@GR!gq-`t2BtOaHYmpn;J`u zUq109R|B0=`)%vb5Aj{FtoV;v@8LgPZd81Rup*#(TY3rDbE*{!t>;|w23lUns-^qd z3O}U2f?t1?*ad))0Y{6Jr3XfKR+H_FdKvuh^*`yP+>P^9zO6+vN0&tUN}sbZ;{LVo zsi&C63feViHN#;C$rN&DiGS}}{1rPa$^sPmQMR^)P@tF|xRC`X@Y&i``8sB-L3P&H zZu~TbGXE7HV?+k;@HnVRl}AmJL-R`GC}Q$b@06+ni_}i@IG>-!U-oO+B9o;=9jN zV^UM;j~szYhZ__9II*z9pOd|rOa9&;gY2cEUY`BU-v53`yqKF6!Cw0XH*a5X-C#m$ z0lmk23BL7=uiQKyr$27qDRcv=4=&(feKsB0G+~POG~4h0ob=V0AROvPZnaEb4qSl+1l}s@4dyxYuw%WXkWhQC`JK()<~|8>iXJd8awr|{ZKw`O>-l( z;Q@wGT~!Cpa2s#!YM_%s>#;~?LDIZS%Xy*dU%2?ce}^o4VErzS2|X9SxKG0w{Yj78 zdVRfw^U8F86 zQ4O;NwKoZ_W}D-WJC<)emN8q4tfHSMy9z;WXN+xI78f+U=S#bA1^$A5{{~hb3tuMu zntGe(_pfFN2Il-^?a=D(DYGaKd_COj={dE<)h;kH3p5@kRwZ1mmA#i{*^?=I5md!`k<~7Ez!0CKTyWEYcaUmwFIh>nRNM(@0va9X~FP zog#g)z)3zLQw+V~PgXGBU7h`}F5}IgaOb-Wwe<8*T7c3jP*dM6(9O52M}!Sj(c9HE zq^=1U5WT3yVJNX;)W^*LDUWhq{oo4bp3tC0xwgH5_bq^H}?B>sDk#i$Es z-g%*icm9C?llN=K;=1HyVI@&{g>DlX2(~{fnHoux2nK@*L#^F|x18K<#serXkop{A zN)yA;?`B#L$+XPds$8Y8jB&^DXVB!7RQS$PX8ob&L4}TaTi>`AV~33B3=@mFh;5lM zw-b-7F6R9cO!v}!#{DRgb-|Ii)bISkRsy@1-3*Ky4l@^oy3oicO^}a5om6eQsTvvn z4FbOLnucm|kNl?i!Ueer|J*9F5LdaKLi5;|@K-RdopEf55VPWA|2WBe&C7Fpa+>NO z4PHMC26KZ7WthI3X?=EZ2sdQ-1wEW?vh747@5HHMX+Khlym5$IsYkwNWXyLq^pMm6 zQdP1Muhh~Fm1{j$BB#auxs=?iomm=AP8W1*S`!l!Wwh19Rw$aDQQEXXofxSyfeq71!6|hx$ z!c7)Sey+yOPT=uq%i)uFH#Oq%&^&tk513H64t3iFGRdhXdAHA3Wpm%v60r4rBV=Pb z=DB357TZD`5FZ=Mj4RM1%hOu`m<#t@Vy>b8IMVJ}p6BE`&79!qkezELvBAJYqm8D6 z2q~w^nl#c`XNhS0&$;?DRfG3x0;&?e&Ia^v$+Ii!W;QxY9`>{#AMqJ*+g!bpsxOZX zBmqwGpzy2<><(M{7h6or4lway73r$o@F#Lo($`;(6EM{sIM2XvFb?bhnVML&rZPRa z<3P3K3=B0#dG*i-Y6jcqJbQ;)5y%+VI$MBh^vjnreID0G1o=D@&7>QI$ zDta<%Y_N;nYiQhmBNe1?;9c>x+&8cMl=pZZ&SA4sqm1Bt;2>d>Hoor^UIElAU|lPw z6bh|pOk6~6J?7`7S`iV?fICMW$3h+L4H`18zPeX-cmH(X&~8X^#upEUeU7>CN?anv zO(jg1>j!gYUglHeYqV#YIg>ko5@%%4k6Vu) z1;#@$_64JuA>S!TNAd9BAa%H0v|6l3iAgDIcRAt>grN*%`82iWTR3I^H?HKS(tSA{ zBqNYNbxJtqO=1{C9L=0gLiJ^IMDCFrs;VBnM6zfamO^7RN3pJ32Qy8_W}_jq>Vj+s z5Y;-b?pK~f#5tE*%|WQs8uPRy&E`iJ$^QR{Xldc+FdVqB~yae zFBdNN`P<(D2otLGTun~9^-utJi zJ8)}F4a81VzvY#`5GHwyl0$M`+ugPL<&2CZ2oi-SiHi->ZV7|p>yN*+btij+txMpV z$1m7$=)Q5pHK0$+Z&_SG#A1T@OM})Qy(EQaaRzD{xp ztJyM_o_Vj>gNL-Wb%gg^CL)h)7xN^!4tzRL9B1qC_i1arb$Y*V64QkB+!7bRE3MQU z3&{;a%zjuOrDLMXioEyiv&4F>kMKiJFlu$YN~t3x?uDu)i*A~1n21Yy?d*K zxRCTw8n0?BNKSU85#_o6{YfzlR<(Q7y|{`i%~U3$EwIvbhnNMm{wd zMm4oU)w`v^5*$fdqH>VooqZI2Yxy-f+3m*TqWM{cy9xK~!iX7-s|lwf*Lht&25p>( zRCqd%bP*m)X{S1#eOcdKPaga<*wE-NV`XV;h4VXUDst=lSQ2bEyUcQB0LlZZHfB@c z64^ifB2uy5A8!R+(bY&ytIEkaZ)OG3M<+)_(I}~Y81vthHjnJoBDhy44pJ;9$SW`v zK3nz%6hpgX$m*&Ej!(ZvoI_+-O2Q#j;N;}wh=^*PV$yL%yNI;()Zr`x!FW0$)lKY{ zg#({J5g(x;M5VKnEstI-YZl$nQ7OSQYJ*0WU=67)nRu-8m0h%PHIE@78iyMglkcQ4kwkOVFdft(|}KlNqNh4sts2sqSE7nARS zs^;GC*zjaVmX($cFL|CBgE-5(p=%9Rx`t<{9gK**2YnykWfJQo%OB*8LO)}yC3~D9 zP3np)~!Vy+56{Kv6 zjTxwhn(S^8b3z8K9g&V#?eHm^u1uhsra^Q@3(07uLMVa`?d~TW7dq_>7o^hX+ww08y1g$-Ius5I!UWmQTGC#!HqK^ z-JC3q{^^qdaH7%0rQ&%nbX> zREReD#ga?+hNG{pa@cT@JX^^L=%*Sm_7|*tQU=9Vnb00`MFU!&twyfQ^*u3XHRqG4 zM1u1LdWDR+mvaj4P$6@&2PhkdTi&(QM$LFlqPL%})h{e+lxa-NB8e%cX+Y> z13a>D1G`qY4hV@C8{IYZeEL)AX#5t}i^vXF4GL#F5m8;Wx!$evP=cp7Eovi&rk@61 zOj82DIXX~8ca2uIGFHwV9C6t(HR_>9||$QLQZCM3{q&RGJe(7(ty| zO8e)2ntnlF%Bq0;0d9w3sK#BlO^D-RRb(AYKJ zb~9hdI8`h-yzQ9O_G|xGq_c_I*j{swO(N=SBIyns!7ftm{MKn{LTquFYW$F7DecF- zRsmdj1$lh_xnIU7Ms*N(kTemhJ7CGz@GD0(HwJ0tdfNk&3Csr#B>7VY|^yEMp>DO1dE zEAN+8K6`e#c9S;ogr0um={kA7!Fpn~%fYg@UDKELvF%avDOI(;yx=L#3ja4lBC@f` zsC{@Q$Yy`RP+I_W6puDxk_ra!A#0LRkLIO<&WYnF5)d25#-b`3j|6$x7MdJq&a{qt zzg;utgnQ&*r~u!>!Y~k60Z68&TkarH-)lEEHB{xmPbm+IUU7F;x3e;{$4Y7@)w`&! zsj0d-d``mC9tCo^jCA^zEJS%($FL40)m8;^hY>yh)JHi@2er zjfdEzg^Uaqma(jtq~X;+NjdEuxw^87FXP8Y>JZeh$AW*qzhz}(rh;w zW@24ZGJ0|DRNo6~4nZ?v__|lqM@^GWyY=CAGaz1L4Za)EyJ{VeJ3G41%;n@~@)0a<*$D)vRZh;~9%nCR(YUD8xyxJHMtv%9kjYbUZZ z-vDu3;hH*RJDyW|jC3nA$XJ&}rRG6I&VW*~s`=|@ZL5hcPe+TyA;yfo8kRL)-BV7I z+w+{~0U{Uj=(6}ICPukOMOa33NAZ;Qj@Rg!KWvGo&|u^9>vVYo1xLNhsCR0 zIrBKIyB4Hpv_V_;Kf&q0pWx~i|T^skOsR_otex_bWn;)YjG$D>cj=+dEb zMU7nt;WN?Hh7xd#Hxm)$G+!S|me(zfz%tVv+ZEi6X6EhyIh{%4M=sB;YzA&ATaV*h z#u_N?!cC=mvbpYn3gQQC^GwDW4h6hNiS{C{Oo@msu3v%|Y~R>PKTC)qauKIy&CqqaC5a8UNB`G+F}*AvoF$g1x_rE3M6HXs{o+I?c@A94l94BhY4Ykw02W*0GMw(O0;d%&% zuVQ0)>~y#t_|Ih}-1rpadJmn~rkwCasz(i1_}LB?XWAo_*{TT_GTjqxuLcP}aRa`Z<{C_i>zu=mK84mtfy%&qOAk8z?Mc+1X5}hx$j5~;p zGudT*zh726RzdTuT4jjLZGBSAY&JUPD;{#Y(>}2y5e)GdF;W`vhi&M2QxpMO zVyX412d3IEpScJUQw66E_of@mQ@Wr>boFPT;wB*3FzRnLyD2fO=a|h6BCNO_P+HKF zDl&jVJ$F;|Jxy>&@l+*j{8VgONc{d$xejDCkJwLy#_K9}kj77n98{?t20M{yql1qIk0V-n_shVzYd6^b#4-2skg0wnjlIM>?44E(@uPY0|yMz0N+nH*V5;6H|a~FU`ifk=~mnW7I95yzLhg z^xjs;O-^%-Sy@H@pe3XCI&0WirBeMxjJxk;*3+4IB3#$H7q)7NDg}wvgsC+{wr@R# z%ZAU_)6kd6^~z*-OMW%viqfQ@9GNqn*EF9izM3Ij1>7#ZWJ3I?r6aD5jRLId**!*~!ueR|<ReiW3jOP@xA=y24wfqEK^h-tjBwa zBR>u})#soB=+`*A(3^GHcQBFkk67Hl;BZ?0s_HHz}1x_}mcyLYFM@q{9_g*!DtWDi*=O?--3lpT-8T;c9!tB-~-y6wji; z1u%~0$?r5w78`D8D45pYPRUe5K@+b(y}fa-pGIzy?zNd2YusaAo)r=6^%{J;^72xf zB*A2DZF~bSg=teY_SIEPzT`6rAX3q#(EaEj>fVgVbm6yZwm6uDm15nm#pFFD5_8UI z{fslzB-cE)sT&pUUy~-tByzqQ>#wWN!%p~{Lytor1q-?zzZ>iN$q%&Yz>FH*MKPFO5t+$s-uOyy{5YQ>e^g(X)kNx zvCoRz1}DIZNVSUN&64zmRS?S8AsjyggQVh9;-TS(wp7(rCz^>TGzlW0GjNfx4i14dPQ6JClIcOF@9qG(T;jEl3>ir9EM&@m_$k`l=xp&jZMLISBybLb z_fe0?7EF~}YOXXdR58^nAH&WeqIMv@xLWy;!PsEgKHaUm#a%R^H*g-YQ)4qx;4wUiw)Q9g88m_8}T3CYOKv!|`g0!;o~fe@7%@|E;s1_OHUcvR;o>K^dzG z;e!gx4im(|;o;*!>_2BxmMxB_`Dd@>Fzi}iDZ&#@O)DqAev7PhNKG6V>HVF(E~2H25OdZFu8CNJAlF9c_mU|#=!)^O z-K~$4N15$YzRvoTfn`ydtD%%Ii!T&Cl3Rwpy{XhrYfssRF>wAZaq+2h*W2y}+$d*b zvm&zmkl#A9@x7GrulG!%0u8H^Mc}N9sLbNi%hvoWsGUQuQJ9sU^>Doc5tUwk=~pjr zuct*xl6ClrZm5z~Wi11h)B{RN>JbxT866EfSeY*fAqi8}KH@FKAg(U2_vvd|mZ-By zxmFzDzGnlK3AqT|2a53Qmdkt2OKLq;0C?stfQeMc<6aa&Jt(O@)2cMhEVz_-_oRZB<&atL|! znXJXBBAxggQDQE`x?!S8FWlyWC=Rk6zj&Ib`%en2^)SLu>PC4CeYYPT$mGAfpZ?vC zVQ<_o$c=}k^F1-Kn;54qi`cjLa1C#vF(LbOB-1mZtbYWn02~n>FH=Qf_VXP{U_AN= z^#>KDrLkP?NWY>{!8%jZISgS4X6{iTOD7&uL5G3DWnhSg2*Vsk(owubwCpMzzp>3f zifWsWuO=P+Dhtkzt3$7LifSSRhscv|JTJaKvtb|h!B|iwTw9V%>b6wqsY@JROn|PWXwsj`f@9+`;C6#y* zfwa|r8WU}Nb`)dA=NgDAR@#pH_Gq_yMr^-DH*?}A^&`1Pa3{+Vf2UnB zm*~+)V81cD4~cP}k$1_zbI`C561<8K^`N(I z&r4!+Fj;}riHUB@hbB(4`jIxyzoeyc-@lKT$-@iexkYceE5B3wTfoS5^^Mz{A9n2t zf*}70|5tOIP$DO-?d#VC^7+HzOlOF_wvwMYLp@zcG=~pnV$wW)3`1xc1?WXy2;%qB zdBF0dIR)#V!QT3Nx&F}YcUWwd@*{L7AaLHX_IPW2F}TDx9U|PiCk7HXf|7MUJ$soE zd$Zsb6P$#Mlr-ObaB{EYi)4)ey8PPpq9aSLu?NJ9?nr%bUh-^U2e{03AgmK}l2*g+ zU0Ol`hFIo|N3i8c6`7QEyx;5cID{q*0Q=uFHF^eS@uVNK6`u=b)~0^8MSZ(dtU3zU zG?`Izni8RLzaHajKxH^t`-;yzf`G(QPl@Os)=jGuZ?agZSu-E6%i$Ah&`_C%2`8=^5`#f7QKv3f*1DOoq3(=g0_!geEF-7;(HF7+Jk}*5f_x z&@0**$A_$HIE){=x*`+(>fVQfSKG^{T!xe`nYoN&TH%`~=173PjpCdx9MGNou!tx? z@73;6{xF>zpB7bf{c?2R(GhA3a#Nh?U>>6@*@ZN)@eguxvP39JtFxh>TUi0Z%c!Ja zoq_olz&S@&yPs~GwSIBDjUSN$_xzNLbrWm6RuM{UnK7j6%uDZsbZfx}|oq}NFC^7Cu1?=rxwt`Q9_ zS=VE7U0&2Fxx}MvWh|EhKK4c4dnnYWOIi044xE@PRtenFW?NBC2Ha-X+3uF0`y%X zBxsM8P8KeYljc~;IFPwA1<5U*m%u<_h8zTRx1D>>r>b{RB=&vcF!#L};E?W`8cyvci}WN@@pcJlorH8KyODUEak6 z1J#AikFS=pbNDof_%@8)pPP6r{t5SgPsa)M<_Yw2TBSi5(d6LZY)ROaRJiOOx-;jD zTWw-O59&Quy&#@Ypn`fEZuLf0|Gerie_~{~knfZRj_v5qg09R&J?imTtxGcSZ~9VS z1nuas>@2H<3fX7d*xE8GS#EZdH1S!S$4q$WQqO?Q1JyVeSb~T6mPHUy8*VE;bNj-{ z_PynCP!=S0$65?F-`|K+l`*OhGC0$9jndtya@(`(*JF zGjZdkh4E{~l!j zqT()M?icU(=a*?H4#_y}j|F3Aj2VWgK%WZ5)}jJ`1uq3q*603EOAfYt-kRS=FxElu zdP0K6%Gu;0kava(sUy#exLcSEj{%Z|>?t1Om(@Ot$3@j`PkjW~62{_bN;(|d^lSZ% zHlawyCw9+rEBnYutm>ry=0~5ivlmV!I#Z4BWfsEYh)n}sdXC>C%Zg-WWdT3Yv9-h% zQdP>(kHJ8R8+^a!@&}O?orHb6auNLqTxb65qk%M}vbHBd=1$-O!U|enx4o7HJmw{w zdA=HidH2MxecwmC3LB2hx|JWMd|>Ypl5nZ#!2~XK%|JN)%EZGdk)4^0@qJE`510I8 zF!$z2g+~xfq!%lghSlh`dA~bo>eJ|x6x1OXclG0(_M1_CV4ZsVcm!fXa&HRz^X*Fr zDI5p~ZK-=ZJG=IDbZe62-=tpj2abL9+g##LNJxQ^x*~WhA!V%s&*2eS|mC)+W{IreYA9&SR| z(;bUeKLxMM(BlA~+1!UqElCrM;O@G=zcVF!y-~P!D)&SY-a>kBnoX{fh>RaNSIrA3 zSAN6NnT5%@a`;jSF&~Q;kxorR+pu7^2KP?Y{bX&JpQzBSxTH`F6RyL38=ru zhvdUmTxN5Ca9Xp0fe^Dqu}Ug0e<(`+2n|X0fQ~8uGr)H7l02k~x0W|g!ICX+t=;e2 z9z59%&03({Fm|gy7MRfFvQP19-FJK#FM+Q3V(9Zl5SdssKfn91gMTwK%{9v88*4;$ zQ@z+{{~aPV&Zyjk9V(+g9?VH8=o4Mw5KxZZnlLLApIX=qx;%ud00K*IGlQR?KXzC_R2@+*h;b728d+4B~(Nwv9d7P-VwpT&Ysf zu`N7{#CZ?4?c>)cGGyi|mcDbJ;mx^&aYG}kKId@1w>?giDQO{|KO>3&_SGDeXKgqU&c-dPlSIQ0R`lAQd$!y>~9(@T&Z>si*l__I^%FPG7V*5aQrj z3bnqqs2qq0wzj`SKE1|3fnH9T>qzK4WM8Xq?W6>83GI|EHuT)NeVdz``|aDe&+NaG zNkM>5-Py6Jyv8&pLGP=%Iy7ux8yvZlOPDDU^g$uBn6C2X-!`6mDdL_lcVV5eKsdDr zY5Bm}$U$tlSQC$EdAR=NOJI!eL^8@41NHLSn(9s>soNZ!oH8<OMT%Sw3Z% z4i?IYN6o$MQ@w@ncTqDk9cBe)mrpsWE&DvFh)oSgzTII-P8N*yr6OINl8}Sg5`@d` z7>XyM<<_)aBv4lJ@~ahWpw?EJ5FtJ9F!cA2o8Q0FlIsgtZcbmu#JI{N=b<@Yn=1p; zF-rr-Y2lEf%Jk@1&F(&?gw~=IE}qr2_7nD@LsKALPB!)qthctT9)jYeFB%R~62N{$ zA=q>t7(K=T60%}pXJthtgGOe9G)&wrRlPd~YW2pm-_8paU8Djj6%??Mt1UC{O({$h zUMAFJ)bJUct8vzjSNN_iM#eob11iA+I6E5|%G}_v>bU?J9ox}%<=$ARRnZ1JaCrX( zLjQ(o;@f=|RyE&Dn5elFJDJ(oOLnl(U%wy}e0?0z=uYC>g}PT$Zugn)svbQfTnmci zqze_=I&5)&AM#U|C`7C;fe$hd`eA?q@BO7^b{Bas%tI= zfU@iJ;bv}CSZFBFq-dko7c(t!CH`2w!z5z#*3p;XOd0MKeSoR&=6fD~p0ncjBD|=& ze9Rg+g77pv`(&Z6w!YQj2boN^v@d~1GE>IrOirWE1w;-gmflxBtM&Db(PX! z`JSzgWRbB*Z7L{uB;s0(CVz<*GN_|F?z+nP5SEU!WKqnnMr;e=SEUzHBT@LCTXW)78tl#>lR_ng!Z)GyTKNn z33>yd%bMn${0k%vzm}(K+?rhp?xhDL7mvDT-=SM^jw`FH?pJ7(V@d;Jmww|YPNKjs z|Ik?c1wZ~k5|`VH;dvUPiW+Z1LRYh2K#iqriC5AJ>2|kwV+u)UmAh3nQd(o6B}Tt4 z3Ve;;K(HI(3TI{y`;#vQ>~Q{bV}DP&AhYp(qkA}4#vd5ob5Y7dz+TH2!n@v_W5JRT zTn_qo#ooWQ6`&P0XDDN>egFQYY<58b_Kb#xI$m;3mId7XCpbOU32ZnH#SQxz?sk|i z=E%b{Fjh{YzqxwJoT;;iF8$W6$2Tt1>Fym|*`Qn>ZGT)apl|l8BW8}mRB(b(=jT6! zQ~v_fKd!>nvUp-a553+I+UbqodhfA0eX9CtcX2g-@TsS$&<3MmczCJpLz4Vtrx4Yz z7j^0ZPYAmVJ+g{wk)Lp%Ij`H5gX~4bHV?sX6%>S=wc4IHU&1ZzVmIGOadO@_aUST| z_Z_>0t1FfdltHWXe;vv5uNxgXB1xUC)T+CY^wUg^U*TkpJV-UVB2ans;P0^uTj*{ z|KJC3(x{J5!yF5)V7#m#Be3d8UI{J1WVo z#&0vSv)YhEhB&Ifai6860&%Q2Q<)d2uGr|1qlemO=e?MOuNWWOe+h&*t#6J0*Z_3? zORLF<9@;hZkB3h#;k2<%n^=m$&TQo(f!y^Dtdi1YvH@)M)Sm9}^<;n$fS^M5>aYH~ zDgR?e{Z6FxDP-}u=_E+c_xN@F9=2fve|TMUM)F?l(`YkbG%M=(1}`MLKt(iA{Rzj; zQFNHV9a4y~WcFQj;%!#sjkq^#8E^p7GaQ^D2Hx8png_k&p5siLk9nJSmx<5y^`+nS zRsT0y_oaz5F_r=G$%ZonK>liG$9~0?Jlt_v2V`jEz?o0?Rwq~TCH4+S>Z!)Q3Hdip(H`+svBS38O<$bv zc>f<${Ba{N5%<|cOWul7^$dV~WcV%L3Yi~WFff3f#_Q%H&-YJD`tHcNIiDJ5?@mYO zi*RDI^0_aX0jL^HO{=pNm6hhvLdd0{VZ0-c(M1{IcYy&h1k!EGghA^|Yq!l9w%1B5 zLF$@~-iz(!l}Zr@E?RquJsWhG_00=FK43jTQ#D6Fb4 z*y!VBz-pg)VSYIq(ATtx2-~0O!c#yw+Nty?rXvWL|Nj;i{~D?E%jE|Lgh^IZ+i7rfK3|N7o0qrFS!YCzC#SnxVV8;ZfkgAjRUk=b{z6Hx z-Th;wLPOlb5xQSPa1J+JnEC5}rUe90`o13B(hkvLh{$qFHxcvUK)@SX%(Jl+O@oerz%da;<8E-Tdds;`g z(#i2-fwqtvmyI9xNl%wdUyH40y;d60queiw1L*ln<)->YeftUj^Gs-_AcSr!f^SFF zE0x$J)c??G;jz~2Yy+zv00X`3cdp{wXxckWckhkH0%XVaLHm}|SROM~QrsiC0;s#f_Tf_n+gkE14)cG9tc2DX#;?knD3J;^qX8l#%mnx<}fdM?~( zXZ|lnoP)qc9aX}emzP#fh>(J)ER<`Xc&@t1NGB|4-~Ry&SK%P=jJ63b=-u|831Bc@x3o-dG|4_m+&0%~Es&sMf6U*x4K9-*3GopM!2I=XR{K>r}ZFZ6xNSunW~ zo)i1briB5Zyzs+yFlcFqPU##PVMtLC>F(|sdgvCUySqDwu3?z7hW&28Z@+t=bDe*<;F^nB zYyH;K&;8ub(0ghw;Y@(_Nt?kkD&e0{S9hXv*u#zDAM

Pi+B)X3=a~Ae4_p-+JTGtNYKBEx*QlZwHjeL0 zwru#x9hDY7)-Ro`k9gnk3CGo9I*I(#=*4u>GvX}r-duj;Oy6cxkIV~5;_Pk@X`sUY zhbYHBG+9jtk-l}5j>y_dV(i6lB}`PSR=1VQ5K~kEl8OPvRoUoga=iRb-Dak2rog%5 z@2F}Aro%eaXtf+PC87sXCOoe?aGpQ3RkqV7%SGJx97eVR4czTbM zt3BZvC=TqMPd12EpZ%ascOn*t`=={o)Bv9dpZdf)Fmw6;AkSXY9Dyq%sNak;zcyCZxT75np)U0Y5TA=(0UuVs4YEy9G$+|5iCSa&&$(g`V_ zkg6Qy)QKuv6qwZms1veGTTQQWbS2ylTfhjPvYfPqG=?wzXncc5O^qk)fxb_JEf(;S zi-W(EMg0GA<|3;%KPWF{(B`wUN<3$g&4V%*7af!p9oQU@t?Y1g{YnpjMFI1tK8ry| zzJXgcrY{Jw#OV5pBw@EQ)00^1KK@urVVx?m+3T?kjpv&mJbC5-dZiI@T`J&Ve6D4> z(Rp@JI*e?b`c0-E5SKDx=JSAo|HT9kye`*;@tGjOzQLhzL1q3wqFC>*Xwf~!u&8NaQR|OmZ

+B3rGNa#e>i*g3>|EcLT!mRF+Oqe(xt^GPxvT(_}~Hj3a5-MWw>F0BNPGo z3dM5z)M@nrU&b@%FP!J?6(>Ncs$0t+Tosm0%^%!Q*0qMT|_8W*g-6RH96?y;p zzy9gQjT^Ub-{wDxqhecKN4 z(I<-~$J>Wb9Lpz+-ia;y`5(m15Kd?#Zgv*bIe(2OKYV477lO7JJDVsCgVh@~AHFtw zS7IAbn4L7xMgVT!r{f{Df}gOe#3nbZC=aBM0-kIsf5`sr?b~r_{M~ooks;o?a^*{K zb8d_?t_MUUq6voZ)vH%|eRhDsxPw@2>4C_%Wd12eAdxw$Ce?_mp5f*g5n5XiH5U)k zML%YMuN&^H3i&=}HXUl?Rx;BwK%3FOxV++H!jp`rBbnb>9@sMn^Xcw83cL#i$N>{Q z;e7Y*J@+IAr2-G)F`uh9(Uho+rr~T4xh;Vk^K#1^yAr3AK(jotYO?0`-h}%uMR#dX z!1$e=9Dg?6Ggy`KlMM@UgO%9WckKw(QQ)Xkfc9-JGY`TeMa9h~-E;1k;7~!DtV@A% z2oNHtl-uw>=J%If!n`$1{W!joFP-Mp*820I6GH(L9fhFI^mRsQqkC(8J?)1!>O-cZ z(Xy?r>0&wx91RK>kG^&3i@zmvGVyL(?@jCRZPN@!cIg{6nz4nw}f zLlTnn1qMAnH$BNe5ph@IF~&(Zbjzs;>(giVALSI4-Z5q99WQf!=X=vOh{;JYB`q^Y zICQ|nxArWJl7j@X&TX7aOp%%dAD8e>hMKBmSkY{e2}3xh zrP*r^{SND%cs1~~7X(yyy)SG^)Nk+m(q{+hHx<3-Kf4w9o|E+L8D@a=#@EZlMqT@n zoe;w>P}K~ox`1F>-mV+&FJCx(cR(>iC+x~NpN{@*pmp>oACRKshmIc(v%d6B z{F!sPJ?+rsJ`O%mK16}WU`!uAdU$I26z`Ro-G}B^pa~y509mk10#}9m6dYnnL9tad zcIaJ2QWCs->C#2trvLe;pSdfA{$%q9m!z3f#x7oDUxx($)v=i>cvYJTMlW0 z=9jU)ht+!#0LskFj2D@oV9Ti5lDS`4m_L8v!k1ruK`Dnu#%ady!6q4~eIcY4<&Cc=&1EG#pwk_RLTZP=FUb}Yf?%lg& zg>3)$$3OCp%qro&pJ#hrpWe7}^S9rA1BcbcgpAScW>e-~+!WJ(Zpy8n=5^`&3HmpK zIc$DQp_`_${%adIgRi%^&6#YZ^zYWh0}o$&D?@}EeB6dVdDOQ+R#Ecw&<}+pMaaLERl2_d24wlm0cNEw}0W8$!lh_<9Fa*&IO9@;v zkDF>~jAfS#Ts4{@Z^{K-rSEwilGW%o&tg;@YrNA;%5%MgB&+mIa;7O}uahvFs`QEf zjH!3@72(h)hygD2e|9$=1&%HSaB@3QXNlIZLpIONcGOBG;$_x#!kU3;l zc8_B%&E5y?*B|+FRN&lNK;Dv~)t1cigZjUprHqCEXhF$pidKGip`$=YfxV^x8Nyx# zg9x!2#C%lmjLH_?ydFP1`=_Mlq1`_^w&A^p{^CFMMP$xWSz_FywgnDU(@d~Uqog9) z*iad^@YwNqELwjy4%qrs@5IyrMkQ5qV%l4UiES%b9;^UKiA|P8xgd)iazJ8egy&QF z6RHvm?fSa@Eq&KA>lu8P^Y7|L4tq>&Mqldc1;?l*f_QKGwQR_#bfoyS7{W?ihecuA^Y`$tUT`IGQIw=K?xl@E}HQ!jrCWu zp=xdvX{Ot1EW`tC5<2x5)IU5NVWjyHzGY@=Z7uNs-ulp6(KblEVU8c0IWhMD^YJ7fra(HZeBmTS9!LV&o@knwSDv?Y62q^bW zgG3^IVVv?S4Um@|#e?(Zz!qpdQmP(4~)S+h{)yDgJ@-ubZUQy~*(^liPcEDU?=%1MjKygsWYWF6cL9$~%2Qy8Gt*EDunU`8o8K|>$n(tEvzH$| z_9=N^lf8B8Ht(07(N1Zz+r9NNE-F(_3_dgYzl?qVJCnM~D_vz`y(!1-S_EXN=9`q; zXlQFsmul_s=;1?OqW|-s|NQ;;Kk&8ci>#1X=gys*oA*`v@lxudi?(nWFlo z-~avJfA!T@s-$kz1`P)e2?T9!PL~P5BHFI8V9Kze|L_mTpZxWc4brwI1$BD<+&P#M zBIeSi0+ zlo z8I{4S2UVZFDmTMzeB59$z_k%44CdTKho=yw?u|Qx;tj2qgW)CR!-o%V-MV$>&RyP- z4KXVwfcci%v@aXSK7%tS75>KB6ynTh6abKbUXtzP2K& z;H{;|Mt!z-khA>fJPLC=vGffr5 zXP7SHTs+m28oQv>`nCSf!7Nkx+(Sp_|pwrzjO2)!&5zB^%!*VV9<(z|p1v z`Owrq!U2ZU_J_GoBrS|m=%+cZ4F|KO$t@Fji6HZ5_AP2cXX%ylNbQNozo4eo4Bl(t zU`L`rLPgO5x_Nz&INg0mfxV>w4f^rYO8KM%vQrfRL%t|9$DRqxAbruvcs@`&(3(`vwKtAjVrgf2(DLDwgsDr?uy< zdBK49Z^36`L*2;ZF#h}O#k1qjhSra*N8M;-zeMsPs%W4X@51Ny<9+6W`gf)Uxw#k{Ps=sdcGw`_5wiPrndICUaYW#%He(`s* zw7f!59XS!;NF;cm77VG8-3>JM5g4Z$q0Bk!&vHgwyPl1Om`Jowt&4~(3x4>y3wuNX z#B5x>ORDO0hF9K%4IivNJC!dAfkp0S!B&GVXI$ts5N5AyF*#;*(>f$5N%p#gZ;wZW zUf9MY|Mu4pPYPWSlw?#22kWz!LlEhVIK!V9^QW5*q_&a6(FhY%z=&oc#et0p52Q+a zQYc=n&)j4NVV&`z9DM6`WH@4N5tk&O;sWq zduKDQCNcl?D=ZCShI9j)hV8|A(w^^odc~++3{~ao*h&PO&CN_qPmF~JGanyVXmu;v zWi{J=S|Y*M+G{Ve_Xuj1Zk~y`KytjqX8VCv`kf1I!YZ<=`kM+fH2l;~q%PM+lHCMt z)W36nZ%;^)@W87FSihw^haNpCj(PuEsAW^`5f zko@1LTE9LAJ083GboB4|-zezDVh*Fax5C`(d{38_`&4MJt{yF(5G**|M=sN4<0-;KT3K2{5gL3#>O};aEvg0BHMOT z_xZ_80WWy!^eO%<<>{-kuDq5~Tp=4;dZu1}F5w$^;NyM|BtpeF&QuW0C{!Y-=*~VM zOGa4*z@Gl}(@*TnSu2*V2pFg49CNBz<0XiTR{!6A`(0U&9z9}ac=YJu_3Jkf;nvOD z=6ya^zxeVCAFPMMq#*QN;j}g%tUOeQ48JsRcy?~?%2!|U9@-YGYEDH1B=zBY05$5A zcuNR9?jO;oPM-$Wv>n{iH&UR69fHZJN#=O!UtI7`PUy9n*%>V1DV`BO2J?F95)5d0 zs)%aDohkiL=7>8wHZHgEvGJ5UJhE`=q#E$Isuyqt6pKhuw}t~&^=Mw8w9lW<&T+ZQ zYv2jx!d=FIR^OCh=9kyy&pyKvS%FGj%glxO1tqGULu@FZWl+UBSKA9=W0hLS!xzU+ zpE`}>HDPQb{)4>|r@3NIj7sUZY9UbuM2WLLPakamzWaDjcMp#o8-?|?S(4AH#yA*n z0YO~4Hbjwl?bWN`M5yR3eJ8jP5JYG(AK==!x1pm9SU+JCO7RX4sNsjK%%=8+8oa&o zNQ|p}3(L4#Ss^OhDA<(v2>q-c&OjKfv&OccO{Pg>kPaqz-Mtqxbc>PnBgd;|4OALs zqpoF?7el=`@P6beKwF)T7(q{Ewc@12mR4bAgq775jM@MzB?_D|7$ZrXgia|v`$nqc zUCHDlc*X0|X9dRr&-gf49ci$*_(U2pIuXxTtC_9Vb!B@+3^{<;Zr{FD)!C@hMuU-} zy-q5c4c&V}C&Nnv}(~5b^=zd2O(^8~MHIU)dV7ZOJLae$rMkYt^e2bq)RXkaU`V9>ekP#yXh$KRtjKgnplIM;&eYZPN$4J-Qj2f z9^WKGkg48US&8`$17lrG+5qlMF1U0lpw%(Vxiz1+R_{n87#zZb6&@U| zgYoZvzxy2Cy{s-}M}ZGdfi~r}5k!2L7X6v$%yp4Q&tI7L9NVa=FWVv>(Fpu6##H>_ zE4(KqT6t)jmPX!g*?;j=DUBv1KyCR%Z{L%myG%L?bQI`QAgcKKa}KSTAhKIz)MfNF zoxC^V+DJSq_JOVPaVPd^#XH>s6M2|reyd=Mtuq^Ky6Ie}1+r$ES_uB8{O z8>MMzkTM{6rSJ*0_LMj~u^gS|d$~_xTWhU!!cT2)KlE(!snGV>oAed=I{J{qv{~gk zRGn{IyNjh_NI@+tbykGZb&8T|F&}G}cg2vgP;>=)dCn$v=H$%G zgztI1fLFD9#3(R5J2y5lW!Hg-Bwi7hEM~wWJU3ad4lR-2T(QPeC^j+~dNP8bC%BTg zAb#Hb?#`Yn#cq~&-Rvxf?yap9Kulb{d#V~olhyCEgHZ~}LN;1r8H+B^WX#sW-yUP= zB~iO*4XI6^d!KXExLZ1_q{<77P=QBO=|AE=I>kX9;Sx^owm6* z+FMl1nFu4=Nw#cLRHy7=aqpFWDbu9@06+jqL_t&)In26Bb46q!3hKa~+%Iol=B$i=+PqxhMAe!ufDqS)s-uA zbMqE=TW4oQ^z{MINI86Y9-dpciZU_&B)Os8{KewJw8}W&t}s zJ3lvjY_1Gf(ew~BZZ@7lJRhek)0Y?dc-z1nYYS9vu(R?NvI~&y4Ou0(cw)4ZL9Yum zcbebU*_nRMNm*plOvw~vM?r}yEak-1wA_;Ch?b@rN!z-%uI<->^sh>)d_S~Gy{B3K0&~2SD6RH1b!Fu7S40E&by5`$j|B zkiUNYCQ(pC&qd```nDhLwQGXzMC$P1D766nFy#SVf*Z&WR$7jgQ90@_AM#Lu{0g z$yj|`rXm{+7Se!EdNR{_B-a>Njvt?!n`PDU$PnX8o7iVdT70r7@(tBE>W?xN*LUGu zGk9y4aL0{mGP4Bcj`QeV>?m*qC_rKmCSiE$!Fr}YTE6+t+)pBz^n6y-UVtqpjgi=( zsJZS%IoQjm{|q+AvLx{E2sF5=sJ$9$v8J(Egp^v|ue_&iSt15iw9#MxX?N36prgQE zQNS2{w79&qk`rk$1+;-zv$?_7FU6C3m?SS_%bsbQU$RY;btTWp-kM(0P2=6`AANcb zrnJ$T$3aDc+Pzkn@}sMZOfQY>8#4sMcx`XTYF*(GnUu-7q$cz5-9 z5(_PV&r`<0`b^I9Zws(IdJX+$B?m?LR|Oc@`n{YgDrhwcQ~(CS8EpnKIjfA1XT#3M z`WicpzoEjg=9sR;oA~G5`Jq}6XXB|bsGT-stN92AO+hr)tku=DCI4?3U++$zki}g3 zKI3b@Y1e^P_nX4o+1djz**AuCe$;J2wWGRp?%IQyYBk+V7h-6x+m4h$+re z8C=z826uy*Zp>_ur}8Bn`z0Qs8w0aEEDqW7qf7MKQRCEB;+}N(4yb{u0^6wIhOxtE zABBUe&kmaKhF3!KoZRASWQ0YgV5UH;+;5MX9Wpi{C}%Z|qv=Ty za9=|nUeTR73seeOSxEVQ)qR0AP!iJ3>F11!{o(({MP2?Sk3N+A(W9+j+qLW8B8WlI zDDffXf5-nl5kt;&^zX)FNu~^nUGoEDrnxPDYwI)+Gg>=?2ZFG0a^cdYOJ9HUwMnh{ z!}FnMFe8bSY&B%Y=V0~npx!k>PrxWJTgmV%P?Pv27}Aj*+CmiIZMC2ptFvh zJ$LT22M;e@y12B+wH9zsz9v5n4m%QfC15D@j}l?R$`f7`cSexAckcSu^pnLUs+E}5 zdI~L2-SqSn#KY{&4D3V|l{##M0PotI>m%eqKtG!}aR$WN3jUJ9^ z@;S~xJN@fNIvx2=fTzYNA2Zjp=PdGNxZ>fpJ{;`pY;~MlIn4#49L*@tqt)jiP!^7A zeS8=XMV)%_V%Xw7SXpWKT+G+u!w^|n3Ta(l$T6xMm`}G>n?W>H)9JRvRH&pmZPjuX zC&oT+w!Z5>G4e`$K3Ng-ovZ>1d%kXTLfXB~eA(DH8OTNJ+bD`HiFs8Kq4r*fH8=>G$Zo*KU?D}lf z)MV9UqV>^!S7Y1!v4mi$h9HPT=BOm$vu)y!CQ_4k&=#Bn_X)2?p5MNG=Zi1CY$Byd zID~W}O()3MP{T8qhR`xTOze$qpffH*M!BM zVENf3Pu{9G$x5|iLm-o62dT=2FgrQU?630j?`PV-cjHle>b`}3vhJp%z#Axl=?nyu zAc<^ao=i5T2xK91eH~T8QQPK#n|8JMnQ;v-Zy9J=I2`&=Ee#HU(8vPC?zdx29kpI$zlo(4wV(A? z6o3rka$rXmZD>tNl2I+2$|)IFR-49qi_G=oO^-svnnl-ImNIS0QZz35AWT!D8vR4E z$nwZTl5yRVi|MC=w@nK5B;@2FC_NUtR!{iX0>AoNnzsN+t=L z`YXv;QC8U)*G(`9tv6LHPg3i=I>Z-vf@Ph>osHt9<)`MXochYvV?biH+zVngZL8*a zv5Ma;|6AnN`k3_cYE{ykif+YM#gF6#HO^$jK`|oWKo(>L&vkU zGJ6$irN&n@F%(mJ8Pl6sZSC{0{vwzEfA;RI$Fd{a4}0ZQIoCXJo{D5&b*rzS+m;0A z#R3Fa{sw-LAMFQQ`UbXa*b+Pl*Ltu%f?-IOAQ`qF{9?eb8gPw!TYbCPY?4hD=OS5S zW>${n-+#q9Cr^%*nUz_URot7&UHin2y<)|Rh!rbV{P)^oM%b^R&DtYP)s~)WTQUj= zP}N;JRk0SkN(=0DW%=$8w|U~m^M#~*qDZ;fBq*fJ^w`-8^Fi~p{io9^*F*3{Cd5u0 zO+<%y@~BxO`f@k4Mm{Q;?z!y}cyf8RJ}~GH+Y5N&-#F}<7qnIBvh3+rRC(40gq%NM zCUDhbflVudkybkLiCKR}1W3#g?N|1h8WEJgCcS6ElosR(M9ioVE0G>&xE}v zERtG<-@nu!V z!>V0l_*NVD=l3>exi>iI=qfg|{qg2UPT?Sun$rb0H+ZfnnDZiwOzwm!3^;nK7v>9E z!pb%~>o|67Enfoe^+}kGWrM*+9qPJ) z4Y>+-HNol;melpq!{zEhzz`e97;hCep=}AfIJS!IAY>2$4cjsR?eN*)GTLtL+D#aa3}w#D*vs* z*BYJtJNXYQ@2)>Qd4FI~C2%Fv%E#8nCT#o7&rI`T_z7?H%B!#Z(Z>2q*ROr`^*29! z{{!R@dq5K~z{Jp>o=={0!SFc?WcrPxOTD2+8g#)_c)mLBklmmCoNDY^DczkwlF2D2a2``ZCe5t(rpXIYaaUw!+gP>04eTSg#ca3fd?9%=Fb-To;d4Mpnz&rUpHZ z+IVR{Vv7b$n$}7kWlFwkygDU)t3A`ZYcFAC1!Rm53OZKY)ajYIk?{!@kw;ij$U;MI ztdHGWc<57lv74&B%4@!kCQ-M=i2NxE6Lokn6K({KBP;~~UEJ46xohkE`|`4udj?^a z1x$io1VO~w5qhEB9vrMk@}8KYd*oWliVTf#A-&xV$=)7u648_+ou`g|A=~AX`*J=t z`y{1pIkvUefFDey4vt<0>cN07Cj>5?IXiBY<*Q9;)786o^NDtOHHV+v9M`U1d35oD zaWQDMqIFUyLy1m+YEq&ox);u$pPrf43b@70)8S$Ny5Rv(o_-)7|LYk0=l`+YZN1C{ zasB#riuBg4TNU&)FDLZ%%!qm9>#x7^W`frV+Pc!+>Uf$u1GX}J^Cy4u|3RQi@%93I zsy+bk2F%)`qCz&m{r1~8ZoK1d1;g0%^k;weXP z78Wl0sUR5E-~ay8k3RZ{62EcdhLETx1%N!+w4I#j`04DY=Jp6E>dl)s0cvYH0)D-& zC$x7h4O`p&S#@g4scLHKJUQ^W16Pr5Nwb6U7nd#iVxw+1rd@h zVcTY??wP4}_>iLRQcAYDGq@Pe)?IfJ*i{1hJfDwl@2tb?#*D*x-*uV<5!*Dkc71j@ zQ75F;sd3{@5A@UHt#dNce6;8G?K{eHclfF2_nPt3>>?ipG=lFhat+3l)a)!5ejC$7 z0QzfBL7bUjd_X~U*DVc`l9Y1$d-66>f15dN#ImTpp8EGLSM6d z7>HrMW9*R5P#KKA9_VK)>!#-3QBSn&D6jysr#7A-FSc6|+*k*RTF(onbrkt$x!>CA zv6nxgc|>+DVU9U}mRcBzq3EC9De_6lMBk+EM`fVs`)aVV$YvMZ0;=6@?d6fGS}Fg2 zei<~!FnxJi%htIWYe}kSH&1)iS0Q;%0_U4qbCu^gwDP%AyY?F!_ZOD#KUlK1bHld^ z>}Bf`O0)>|!lV3q&{v~S+n=A2M@Vf1F;>3Z*5wf2%F^@nOQnTG=*`?!ktdN40vV6w zxOF}qmdG~x!?#Z2x&y7Agj63x(@-qEoB`iPR4xKiHU5lMY3T;(C>eK#uCT0t<#HX} z>o*vOrJEkZ;Zbj^&Y97y%`>YY;@={L?J8e=qS><3QwenDWUc3h8 zac*ZLk-_*nUP(qh)krt# z8=onthOMQt@O$9k31eJeA$h`bRRnQ50G%VthX*=-G*ob*j zy9feo;E>NR%-5k(F-bNOZ&fyb_rOg?M$XUL+e=)HCqEQn(!yyq%0P z(bSsaKa*A|r0l~u8T5aH!aDHG60gJhhHM61-tr$GTNWjZo+-nyXTKds|Ho>&P^!>DDANo^(HW6#)DQ0lON^H-m0(cor-cNq=KH_;Q6hX$eKIwT+FR^>!O!X=QOF*3V5_q0l2Kr>w^n4^;oqBDz3Z zi)F1LN14iL8Ewe);CYhl|gz&u@#gxh_Sph?PE>j;)cTBRo_Ye!Y8lXxf|%7 zhHJ-wZe=*0Q)FEsEx|y&iqFGI{#1cb%~V7K3m#8N$3cbYsxS9^3nw9v<6!ey(jX!V zle*StpiY5PTeMMtHPBIwyR@_4Zl0RAZVt6`vHA6gU+U)Eq=Di*Kzb z$RfYkT;>s;^tg$+%?5^#UnPrVjL1`7^x#nnzxT0FE zOj)W9`qmep_z*Y~(2;^+=WR5lG?lw8z5CfoU|0gJPwK0NjH51cUHj;(Y(L#m2ZL1= zVAa_m8h-q-*Ph+=kwz0mLq-vXm9riz{joGpX9kiaKEBhyQsX6yjlHQ*#A9 zPpnne23Q?U zXV07w9LgFk+04!L_vFkx1q$>8*E7!5Q7zi6PIpK*!Ao(`s!tSDW%;gq5_k&ibwzX% zc;O{rc5aAOF;;`ejn_iHj5drR`{pHfH}(KV!PG}^xEnsH{==4-;;mzWAeCF9~?^SBwPN?g;OKZ@=KD|QU>&s zzjx%R;rzMox9?u<70y%EW`8J-@)%9s=&68d%VOA+G+STEKv~zY?yJYsarUBr5Pm%0 z)`F^1wq+*D=l6)XYVI~tBF1WyCy~!#@d+m_x(>8@(h}ZMd%KTsd$v^*R|NMWK{O*l+{^9@d-|V=*OM->sfA`=2Pyg}X z{*T^z>y2G*@0JuDgUza)I)?fDgi(cpvbmF+eJvv;n?0p0D$`bi#+uk&LEfyz+6J@t zX@k5SmR*)6E>A_Ax4tgQ!L0MR`~u|1|J!fZQ~PbgL6qV^Rt!4gQew)v6^^J`Y^U5f`Y#XF+G|$ym1~?Qua3=lXQvCocUcD&<)za!MlwM zdxZAz#6R=XCb!sHs~aN$Dr6;*u41|M@Zr+KiP81r`?wnc9?N{OYXt|1+GApzJr=Xh zwc1pFOO&-VVl(naN2bqCj*aGxTOGc=x4`4T4H0D%D243pd~E%{Q9QZv)zPn3>)Pun z>GQ6?b^YyW+7DfSdu)HR??*}%)iN$rlfKE%L>Syc-uhafniMf_>XnzTGsPGH5DX@{ zW*fjC04~%a&>br@?q%702l=(vU%z_oDj<=ZU^;TPpro*iT&O;aHZwc(?tAaP{nneD zw4OEPq9f`a=+EWLmzS4c5xdVU)yXtg#Win6?MH0Pfe*BYZSAZ+z{-WD znwlI3Gi4Ruuh+O@`Ig*0TOw*L(37wq(p%Etq7tnK>q)OL)f%$|oP|#lGEyynqj^m7 zM=WHY3w=cnO>R12%+X@Hw})MuHNB+lidl5Xn_L9d^n*lrJ{=n@J1eew9Bk;pg9X7X z!408^0%ji{)BlZwR@O0|6>6~GfA9d1(KtmJC<L*~#)6K8lqCtVP;M}hI2>r3 zV)^p-+nMsGJSsK|{Q?|MT+ zBDD`zr*ueM#bLW4U$OW8`|qu+yxArTmBOmKT=8Fg@udpNtjYtKH2Qm;n?J!~v$+w> zgC-e&X6VV8V9kA9$B3-qJl0~YBGnY&UNpP(P6CgWfKF?83UqBmwo$1M8!1MRXZ7mY z*~u0y^%y4t-Po{gmL%=ExU@92D7NuaitYVanH(X50oxF(zPv4|; z*pRR=0@yD2rcniQGpPL?p~UWyP69tR3B*PpItJBe!kRd(_S`fnE(up&>(=t@4sxCL ziw2mZKvYLXtUwE@^> z^=O+o$Nbw?)_%3?wg!=y)wMr2tfs}>F>KeD4DYx&>Q(D4`TKc$j*%j}AN?->{_;N! z^1-1FVE_8!xjAne>R>uc^J{Ug!gskF#}=KQ-gNZ-z)e%Tm%;hg`%uHSC(6&?K_umc z9UEV3h&WX^x_pefL-mJ~mRD!=pR|N`p`Y$E(n27_H>y9Cd#E-DN{RPU45HpnM6!Wa zuB{&tkNCwGUw!`hm%FgCN0MEb|Kjic{a0Ro>EMXfP|Dj`j?6>(sY0%MOHV-{qGRGy zZ}$qcTB1mb3+KU<=BEdm&)wqOCd#9AyC#uaWo$%H6XGs-7k`KwU5Rg&4~#tWCAy`h zg^l%9=Be->wt`5|gi1Z3!cPs>d6J5_PXD{^26H0GT1^%ojB=rm*AJk&!#bdcr@obF8OzY`W z7k<&M^exF(@cc)?_KoMIv}W7wMYa)P`PuWJ>SfbZoS`q?uF^o%>NtG8mt=NL_aKS2 z^FaQ7wu8y*=G57^SpzkwDSI%#%QK+aeNT9(~yS=32$-75ab^%FF|;uHB70 z)7rTLts11m3=BAVh8Ot36VwN8Cjc6Jhp^wP&D7Gpt0J6dMf5DV?U2--A=~>D&Ekos zi=S^4CKJC}#O{ShTsWum#4KWf!jtM^;6;&@Cso43s8Ns$aV`$h|%uBL4w)cPixlu)Mz;=;u3ET4@ zcD!`?BlO;}i~KwJbnt`YU+3p%+iY4{di*r5q+=Ua33`c58PuwE zLCv}?vvcyG#k|Su_g}HO*hpW}{IHT!6hiR8pOBOGMT1}P8A*3Rq)Q&ut|DV7f zKBfAn%%#akQ)?^Jd}Ab$=n(MA@W<d{tCp1%#4R3@)Ten+!7cQk0q=A7_mx& z;!wVK|NfmjcfA^?7Br5SmqslHh9xt||Ew-bdWkXY&$YOrxP0;43&$c}V)4R&=A(Pz zo*_+d-MR(YssG%&7x<>Ob{A+B5*j{rxKLPC`GHU+LI#VpDx7w$CP z&;cNZ2L+0iUpEE6e&v-{pijL5(eKhVE%o)rpdgvSNu5zZ^R?Grd+W_NAy&PMG3a#} zQPKH%hr{GW@nmN)(TL&l$CagvMy=%-Q#+#uZ%&rLt}7=`RHD6t00IKK$h6QV(g7n-aAwWBMV!eGXGiN&8q^bRszLMMSv0!Ng9 z@n!r`COe;}b`HCKXXMaGneMZLRv#*Cjw4>8a%?DN;19|5G5H6I)zCZ5^f4K)-fl}H z4j7!bV<4YY3N|Zlj{d#;n;%*&im`U(TK>XPk!M8=3aV<;0+Xwzj9$userTP5{FTKG ziMWX?F^qh3yQ;^R2ZHRC*m~^+d(HJMric!@NM8##RlXHmH){NG#>x z^SD7|8ecl0j5@pH5J;Fn#f{^KJ=+_)bqp}TyH1W1pHlxbVjJm#_P_P!E0kz9zLWg^`Fk-++3qMXPiH32&cQ$AQ|-ODqyr0nTXE0!Cs_g15>zaJ z>cGQNE$yKvMu9k-o-MZrDIL3Z@@%}>MNk*J$VO<}c*|CtFKqY{?1YcO29g`-syJj5 zLNQI)Z}85jtxDIa?UPmZ2_HX5P32M9;r42ULSihG{+aR(m$i{Q_idHv8(OE9WoFv$iJU>)lxM>G!+0?|`Vy&Y8zK6WHWE^h_BzafS3J zsxsDlB_(F++FEd>Jh08mi78*MpO}$}v>N0b1Mi`iKgxT86ceH?tk9ILPr0`c(36$n zDJueOBg-(J>lA*8G5tzZO|zL^v8W|dVbo@mg4%;znWf12MX z_o}YWVKGOzO145>G+$7SyG{Cot4eQ$4AOG(oaP7Z8oh84sKvY25Ly8>g14+JuRUCR z_~0&7O9S%-xfNghhCpiPFJ7KF3mMs(WQ!1*97+@|gl)P(^}3PCF%86Ln7xQ*{5Od? z*F{=k_^8C;gx+;d-LNduXB`)9~HlYa47J zM9hAObx0<++Ix7zd5-HE2K3u+zgt*XY;aXLMHejWy_)j4$~`O{z^+;WiH-9}_nsE< za;oz%>@LN&ek32UMfD#b)UUpp13%TTpjTl`CBne9_^HF_G>uMafJ%$cst?GZGqeo! zE>%qO7cN{VbZLS*L$89XqUjMdtvccAfQjh}s(ip4HBZ&{dVi&Yy5b6-sA24_x84*T z98#_{e@{ngao}2EUuFC3vzwly&vaB^S?uBM<(FR)fwkb>8~O%#t_ZBofVqCE$oJoW zCq?N&1#aXW-~mhfT*!v^aNEli$3b}?U9{_*_o2|;>Ljqg1dJV?9J&{7dvP(Ljw{~r zL-vytWJeC$7ES#I4+n@i_d6zTjuDGd% zRVB%0D7JU6`eV7rICa4MZgZ=E3>W67eZYsK^K{m$7!#KA}Y8m3#7gGJgBfi=2LzV{k#Ur)Uz3?nytoRJT|=DlDcBai=p6;3O(hO>e%Zf z@M1_{+jtyQs?rC)HZP=Sa-W)HL|LsFDfUU zzX1a8TGy&1BdtHOYH((Ng0SYE^Jw7phdKU_|MUOmNbic)Q ze|MEYn?l^mEYTguBmu%~@@(g0qIx`J+K^$;JcVT~Ys0X`H>?|5jM?P6eaq~4D)ZE- z3@e<26s`j>p(rkPdwoaQIaj+|)S2KoVuTXmh{k`LfXJhj`<%7^_=@J<_7z@r;GQ{=R$i(}zs_8XE?X*Qx**-)WI>B{HYUbO3 z1banK0WXM8Ffmze*U8vcpzV>?&73`qY)FJu){PR|Yc>|~t}R4kRMmk8DULx=$9~a> z?<_)!3bAClI`zh-hvPW*8iPK`*1{o9CN|F4U6(VxxV9)7d+HT~t*kp|ZM6T2@!;d7 z(eLs%IqY@r^Wz<;JAGjQAnXA<-@egjT}N9zl|dYxkh z;0Dw%CUh-`GGuDL9>~Ol!>bsxU%bRT8l$7gGTmD^fzA9io2S4ErEkUzsI^|FMZDPw zCiymR$~!zAyH*xYG|Frnldp9X3&*k`)~Vc_GkYGr;a*h^5j^CH{(-o|uV!L|RvrEO zTmEei_8-o#mXb`Ugqz)u7pecWI;OgTuuQCuuV}vw91q zEMK!`%k_gsY!lNK`P42B`kqBii#6%WGvpQ<5NPc-___PV7W%tq*^+v4`Bh0tt!ggR z30|9s`ib$H_PX;>XL<}jqBk}%#18MtjYpD^>P51nIW*8=ds{(A=&o7!S%wesv_)V? z{1G`6b_(>+%Kh?XSi}o3hn5>hr1&%*(~Hwyh4)&Xoa}*Xk6k!Vqbes>23=_S0D8N2 z?J9RYlqaYvoT%ph`s=U2OhMnEMO!phJ#Cl~c|hnO>ZHSi7JS)yuuz;MakxXf!cyy; zmYJq2vz7kitUKwm^~BkD6NdCW%=_TohSuxk#|BcDE?t7G)$^vOXG-OmeR}N3$)|*W zC|f91sftsUGbU9Kdzi$k#IL{p`iCEGtE2q*$D79i0nJ;6k^Ecv8Lsi>wLBC=&c#Y@ z=vXxdqXdlZy4#XBAM36<36unM8~^HT&2`hx()1xi(&1L!?Kw;JWF6I!ZE)`!)$Wq9 zXc+-3e7{qgFiUbC)XUy7|Ex&mn>=bA4|r9&wb5H9nTeZJ*qG(>Wz~QkQD{FCo-#}nj#9Og@$?!1;6YZQo+AoL%}sBw&ncAb%%1ST(c`z(LJh z%^rnM^*;3M^jR0?GV@vkC>(_0A7LJ%gX_*$gzCe)%y=fj;?fG?UAr`YkjTUb7n(i7 zbLZw+9uF24#MN3K88a}g_nKo(J3<#Q@@9P2^X#~7JV)($j~J5fvPrU(OC+}S+R|HN z7wKL17Zz<-T)K3@{oD6*ef{!<>8XiQ4eKqchsO@i=W*rK@fcJ%cVP%L%PR3kDnwi> zrRAB~2%=Y81g=rLKI{jt$jbw%LDzYwHY?Tc=p@idpp!r+fldO?P6C;m#8|Zm5mIY> zTzIG1sfh%TySMcH54TOtSTpTfj6f8@<@jk*+sUt(Quh~=ndgBOf9v*rmcZOhLOcfl zuw%YMq*3v2-1g-Uk;2M1bq-t>{al*`N?|8>w+&4uA{^fAWP+WuCAecZ^X+;y;5@jE zI7R~J*!t9<=tf{C1KS91%A$yG{@j-DMgK`|kc?+XCjB!qHZgv7N~=$>nqs|kwdch% z=3G0(=3iV{UoFVy{(@obiO0&m)ScpoS`pFc0NYn5$o&t0hRNHX@L9Jagb6_~2G%2E-BR}wo)>Jna13AFC5Pl}#uxOsm_ ziVkcr>P4l}y_M7hRZ9;d_3T-SS9h(Ls=c79Py}u6mdA0@(xUc_8rv>LWnjQGs? zd4>$o)4UV)O4K-4ByAlZNN>|QYP{WbVLe2DS5(yKJ^J0V3{=A8Gx_1}ecnhuBBaQ+ z*{hie`U^nU?WF~(l_T-{JNGT8u3kD{K>s*l_ItN7>8FboohV1djLu)t*t0)qBy`4r#lPzkwyf0a5@^;@Fj_w-l*iJHa@~q#ZIA4gzLQ{!%|KKraVL!M zE1aDi_Zg#7XBod6kH#lPZ5P#>nq%?SZ9jIVY|qjC-X?)9&Ashj_w(oy_)&L7_Et=g zm6fICcoG>>OH0eXCPb4+nO$w_<$QIA_SwUQPYS4PQg9{)w)$k05UJnMna- zMrNiaNoKE3$GOQOwE4jmNYC4D=bzmxbC-TV3B*9G&(rjq=zz~1G@BM5Y~O11+IdZ| za1$9A1P87`;W#L{A7ws+hYYivGo02ptnsXkKuJJ;*VcV%Eo18mW!N64xNIue)1aLg zM5AM?AP8RcYkeaoPDL9{kSsZBfvEJy7L9pW6oJ$#-13>b50(sk%&)IcG8kPa*jrGd zdyf5+Yjz!SIC|~?6EIw2%hOaARW?4h30lBXXmYs0Au2YL&=b#KXiWNf~-Q`_@WF?0&aw*f55(yRr2{b&qA0 ztlDr;RSz#bTrmL4P(O2F?s2H@J*cCQ*Uk#?)LIawX>;hJ#MYLjR;F#L3LxA{cmoXdOz@pUsTvh zzf0*P&`F?4pf{V>K9}Lvrte+GJ@BWQMZW^plb3R_=qgmxW=!x=WqJLJ_cd)O|{x1cdGr|WGJI-0@f(kB-^+Kz);4sr5nD}@OUoQsaAD81m7Yf7OcO9W ze~hhG9$j79%$qa`Nl1^uu3ea);Q?gg`?I&V7iT=M_wL;%(0s{CzM)-*y&mb(A1eVZ zqIuf<^4QEr$e_77lCnhE*kF!p>$&MkVOFzoG@j+i5orDh9|>e2n{)Z6_QbPMN2Jb< zClsT{?cyQk&nVL{mS8i})4sN}yq-ui1fD!&$pe+CT)s99Xb;39vCW>toXG5_4H9S1 ziubWGI>9-2W^8Sh zH#f(e-qn_dShb3QST&uoGuG}cn%Dv=&Gc;&kL6~*iwUw969-O5gb7-!rM%Y!-q#R* z2PV+V$jLi>cEZZ4c#0$VIJi437cXXhJ<4tY3sg(#5%=pQ%yWPkQROOqIB!pFW*;g)-*u1nX}xhk@Ws9$mWvlJnoWRH#UlOo+i&$N z_)aj;D_5>uzaE_E$jJSzLhvqkUOe_JoGU~r>|IZe>E-qv#W#HbHVPqXdJ@XiR0Sl8 zKH0+RajAL4<4yS>UY$0rfIwIa(m0FkEwD6Mvr9r!72K~WKVkCjUSf;^f8^;R|miP>KnbzjI0xu z_MXz=4UO`&K}iZ1?W?M1xmJu3J*tk)psE=m&*&&aV!{SrDc5D&e8!IB8L@MeVoCJ; z?6fiK@O%?ygulMN_;3{#4Tw1U2O6V7t+R2?%}&kFOf$%jQeO8=CxK1^LlQ8!9PDYf zR&441D>2r#>{%1*P~KB|$#} zl|41u&zUO%1=;+JA95ohz*tl9QjDBI77^`4Pr6GzvU1G}6~uoH?tcW5w2-Vw2`%Fm z7gOHlN}-$W+oqCoLjOkeFogVIahW`?U7S~42$>~s;#EzX%#W+|(?I8WTI8Gtc^wN6 zQ3Sr%mhry3{S>Tu?ndLt?6N^X>ybmS@c;fl|5wZX5C8ao{@?!DzjXcDYp?vvfBwI0 zBf-n__x|g@|F8eepIF9kyLG6a;Wj?AVi?;ayw9pxSdpmKokxT~1Vv{>f;|1c002M$Nkl6JyqnQ!81eSe&ju3f=|hoclPoub)iyg3b;e zPglY~KAWO0nYVOkgsC$V>TW%@Hc~;}iv7cmmoESD>Yq-Yojiy2NY@{_{_rC8hvB;P zEPysEao2jmqE;GaTMG~n0r&s_HBshfW~ZTf9D5;Fo29{ekMpoh#FdpGR{h{hwRrM} ztXnbfhSxL0*Tc-U>z!6gKR+T?Ma&G8?a%Q?vkG<+*gqxy;c}1g%D83~VHwYs51S8e zXgI|QVoQ_5xcSU8>#%=?|S)u8)2E~|28;Prm2dkTW z2sntM*ydX}C|OOOCA=8Yk!Oxg`b|IEElIDf%@4Pgk{l)FdMfUIUER9*Xz=coS>U{^ z0xZqO#w@F|zfy;C1Y>TigW^qUcxZ;Yv%-@UjuQ6IYND=l@_!wM!xag^Qko2L(m_?z`_HUjajn7vl(ARjgLA zQ8gSoAZ}(WG=KQv2d%KQwDj$_x8z6MBk6_F0Bgm`O!`Xi_0Cbi**D&J1K3pjS5Mu% zc~j4+wXM&X#nX-}XAg=Ttq2TDX+5nEkX=Sjp(fClj&tQ+zI<6CmQ>j-7w)FuJ&tzE z;DuPVZ9AAWn?};BGvXh`!DWWEvi7%^Lu`){y5tvG0{V}Gg7WJAojcz6^*Zqy`^_Kl zck_tSNV=kI_KCb3U}y|LtEWUXZNyQf6Zz6k4g&|nr-Z!&vSIS$*Q)tB)AvC0GeW2n zGs5^WmDpoK_e(8eCrt8&$OY z(#sjksU^U!;cSi)74^{;IMyxoqxH_Dg<-|6)s(&C*uLsb*f)XaL*< z$F*)289~(+r&rESY`88zbH*Q@pMHNnQ9*T}hZ7a=!HKu=6V*sz)t`bWo9_ zN!x=INA%W?43%s1RQa1Ul7Dcc>C3@S7cyn+l3_eqJ{Z)d)Ls_pN*vDLT^~vU1W1>9 zBogk9U1Z1y zOCj4c7*?Clv5Za!>t&bo`to`D@qw+BXY{_0iQc0X^i?@D)jG@=RyH z?JBTdqESO}S*JAnK2S(wDYl6Z7X}a?t+Kx1r8N4)Vy~7r`w`rB&sKrW4=5JK4%1@F zC*!83*cSu;`*40^lciB{w!9gcjrRMC%i3{%X6npjGGg_9tvuwk!0U~4@rtI;UOFdo ze2(aW(gw9%Tq<&O4CvL~;qx_|tN-^_wgUq!{oFf6>o!C!aeLn;?o~YY;X%hs1l8ql zg4^TV$!8D2^pZRIbn+RNK-V9JrLpt+d6&p;rzLC=g+}9FsBFkP057gXXfS-6I#u#uy|>fyt|f7=S9muJJEA5@~I9U@Kmln z?XTDvW+uc_LecJ>Dm$-H97i>W2Jj~UpEGM@IOjgsgDSKMI{26}gdGBw-bs4^9k@_nuwZzfC zcc}XIB!3utiHt2Q?H`c6Z|4MMxbJZ&eo)$(ACtAmkTKDgGjp@nrWW_j`kdZ1fH|N8JY1XDn8reRj7x~}noFgPaNf~9`&!3SS|{q;v5eWV+_{PN4%1@Nv?K1Rw6b@Ac_)Xtwjrzz3b zb?)7}_sJ)p7#456^%j^ZY97(Y$R7obGAK^}xq9^qA`c%feg63u2x?#1G^K#4t-U<% z(808+(mjj+2M-oneu;XTbkziYHD2_S79G}@SXg-Q#TQ?G`st^74hl7v2Ze9H(9aZP zM%XqfRQVRjVLQDStQN;ZTLaq(b-#an5=hV4*q{S%-TI#9p>1d#gQE0OPkXmK^qHX{ zsX9?^okD39HehpVJB1wX!xA~08I5J0GN#dRht!L&NeGC6%1wu^F9Q- zTb%?t2^>lS#uPi$OuGJ%4K^x%LIb-*2iD)Nw)dfmIHAnggVYI5$I-(`!~|tIo=#nT zLUQQHb`m%}5}+=qk>C1>^UCM#yT* zJ4N`E8Ns}(TkA(8`Bg?H^3e~WKc(_qvhCP+AuH_8(sH>LS%9PH6;~rVkEuvm3eg8- z^SJF%D?fKIo@lJqd2q!q8O}$12urz%?~8~XQ7LgLwu!8ewTe`CJ}%F0>krb~U)(RP zuX-c_40mxo?b9t!?v~~wRp^fjq1sI28c^o$IE~J3dx~ zN&dZP9#?t?dN?jg9)gZhai+pZQQiX=Wly8mFpJ-sAr_}=8*~O)t`AYh!Lm{WVyr@} z{+<8qKM{@fU=Qt?i@zvL;@S7^5(!LBp0;Q;IwAiJsQ{xQNrqbjn+^{#Rqn-JC7(fI zvTR=W@+SpN`N=caJMu?-b-19#=sSO#Txf_=?2V4IZ2k|e?l_nP$loDvJ0I+!F4uD= z0h452>ySMY+lTbjq#Q7j9+FD^JsGv zKWDN$D7$o`WjXV&riLgbnn^>ru)_xH=3_~ac9kA2=VI3}*mNL!v2C8k9hi5VHaFTm z*d0fcK<10GfNPS;&ZQ>UXFh7B^yj9CXAH0E(@(?gQ#9gE2yY8s!i*>pPhFtYSBl8ISyNnMz{Co$fBvnRGqShLaOzRT)3>@ z`msF(tKP^u5CQ~mFe^SEES;{yk4Dw79>K8XoU!j(UF@lQ1VME2A&`0z$X8}nkeRr$ z=JmUcvq^p~kEYYKOX^n()Vj`3^;M<(lfQ$Hmo9&L!cKd*^^Z=Td#x8b`A~x=Fn@L9 zu^W$@^V4b5KW6XD*=1kp|G6462FyE*F0Kv14JG zOkRdTiU&Dy!}3C*xQvH3Y{Gm+nPtzIk*yY_*o|>hF>^Mlz)&<$v>WG+f^p?N_`RFuaBd_{q zdiAm5ggG6HTIq(y*qO8IqmNd{&MZAzgGFxz4bFoL4{p8Q@)JljaV>(s5l3WYVPO%R z6#5Wo@B8n6Xdy7YFG>lt16)-!$_g`i368Mg3%~j1TYq4D=(MsFDnDsly?V7i4L|bD zx3>h&wA>(^Fb^|0p75LkaRMC*S{ZdzUyA?q)6W!5Z25-!^mKciL~(fM_MP8<`l*k+ z%Z#$Kf<(|1bQ55)@ri+S&WY3lV)Ej}OCXPUCSpjhTerUZ^2@JO7nBwScrQ6UQcVEW zy7<{=H&L^HWaLW6WT76f0yz4K0th3qK-M|{$W$kKa(W8ES6_X_8JgAzz}Sm@kVb1p z7p_O|_!;I!CXWTcRR*S@b>1 z#HyK^@;uO+PY+o#4+OgxsV@D6k$^s+F3!|WJ6ei9FgSES(jVN>c@fj5_YDLS=|pngn)cc*-gG(F9tD&M|3f1sZ@2&?XW3q_N6>X7JYdj_1=; zCVEvcpr10sU2&ZRUT6ul8MO3-SomkXQIyXtl&zRgEoTL}n__w9GQlBlIpaSo=qMEx z=_$H_{r}9F>=@`I@MDvJ`MTbmW|d@fP4$^4MrMX+xrAbrmr9{@9%en^n;{v(e){3o zVEhhyu8z_F@Ep-E{AMr@B*RR)XW6vub<Oq+>58&E=y zV$VvkwiG!j{A4R~F3At>DFqbLZ4Sfec}-UfOO3&$VLg>rJTszD%C`Axc!wYeObbd0 z{=?^70@V-;AJ%k4Hbgz!T!M=7>5eQD3(k=eELscON^Q3otHP|(;)o~(r&9s6@;;8^ z85`LN4NTYjv{CV`ENAwig`Vm(hY89i0bjD>E{p%FZuuG7wM&kuqPcige3$;Fm)6~N z&^0uDPX^Yd<@UfcJ@7-An#tC%4~#h5?Zwg1h{%`Q$xI@j%W8#@9lE<)eao48LgVYC zrPYB}Pg=se&^P=_7wmFN2hHGY|7W8_LISSVfYteSdF04R!-&-*6B&Lmb5c3kqe0DA z&CMO%1K*aZYB+PdmcI@aG>lq?p7-;y`I|I~YUH_B{^;61qKmTgH^`}Iy!AL~>=idV z`Rr2mk^o_vgWMfRb+4RV`k^Fn+T>|)n-M{*m=T7Q>mTkd7+DO2+IQP!bRVj|+cGnA z;4)EWcF=xeqC9*!zOlM&08eK-wr6;4d+J5{sn%r8MllJL5{-T>qiyWkrE?IgHuwhh z-D^UTfof&g4fc@Okp}E(>s^D2Ja-p{K>jkxXeeqhBHw2|8q9YGoWCl+l}T-3W;-Xv ztgZo(uiEfFGm-G&&z;atnqjR$KC$xS)zUOs6W2vrNrEL49*E9|LG5o0@62SqqzpN%`aH zS26(n3^Bgk$|j==iG$28{4|N0Gu>iiBxYrv*&WT$^0&wPXI4u6hnf0MdW!SCoT`f| zutQ>)giUwyPxveVqH=X&X(=*3mgMn&{%JpoVcAr_e9)mIC-3t>;=}n}D~)4)W%bNP zzH*i$#pQTj#|!cCq{shn;XF2G5qEA*fU#JH?H~&RjA4I(wvap}%g3)T zh^Y0BZTUl|Hg^Y|tw~eAZ8n$YPD;M!k*?O~tM_kYpW{j7uPIX_8xgva5+Ka3T$qF5 z)?qXFs+Fsz+u`HG%*d!~*9TX^PdKhVGF)FbeE5E4<)J#eUy+W(y&B4_t3a&FYT2ydxs$p9dF}6qtJr#)?*=4B#7KP*KH2Rr+Ybd& zZA$~C^Iljly!`S@fA9xCdFP$CUw!pe0KS_yKbO-Pp05oc`~dOH&d&YhC-1?Aa(MtU ze(;;$e)Y9DmrF)AhI9v5PY}a5-gy0IKl`aO^r{cC|M{Q)M%+r`eCzGE6x2S~uIV`e zzP)wp-~QV_0WN&y<(J=k|Gk%9x~`I6fBns`e)a2*KKj_Rw3aFp5;iPtE?>U%=9_Q4 z_ujid{pnw5_*#h7fAz2awc7pUC+~Y!2H4itG`fYFs>lZ){1&O@hs!d|pF0PND)TF^ zyrS+tVgLKz|NfW1{C6q~y-HRpqC|DU>RecVBUx#Maqd-fqU%w_%w;{=v$Ava(Kw-WdIf?5Rzxc(?n>QguKhlaHe=KKd z;~lPr`|rOGj!e&Z7UmU7^-urwPph*<2zc`p z^sQc}puw}dT-5j_km#UNXZSPtYYR5hlaEYZy*R(kKeh{{6O!=DY7b!)a2Ml3d6m`C}~ zr&eQ;KklOo$HmLx=&(9)nBB-)aZ@bq`BHLwu8$5^Mwh#jKqrAiN`T4HtPTcxX7IiT zi49@`N35A4v0lor)iO6rzJGVm@msWePtaX2e0~)ye`I`yUcVKqh-N-NKXcv(Nyb^T z!tt!h<6U2h8b%_@JRi&nW*}j`N<=I_c}mBx)8^%53A$9=)}@D{pKd_7=H2OfL7i}A z)*KDe3S{8=P9Z%snOiI|zM3l+&v8Kbi8KTV_o<&gO8@;GM3<|XdJU}u@bFx|Fwd>f z9&uI+A!B7-D8y=)*8Gu=|E zr@5+8izl`4FWY`E4yz%YWK^x>Druec_}Yt|<4J!mS8K;p^=C(=b)pQmbfne=bt??D zI|WrpcS}NTL*$>jJT|6TdV?6N$3`?f<9BoeUNw6>aeY=L)Q(c9T4dPN@EO!EKIDuk zwQUM0R2r_gXNZQu%HGS_&);KwD1XbP2xUaDb;e6CM7Ezsy|EwvIK9}<)*}?&dKz$$ z(p~H?0TLrhc{BTFDIBeO(=$S=dtOVFfG?s(f6UF{6+#Oc1=&&ACHf#F6Zjn-#vE*vc`=DIy!q6T` zY}UyjbfeIGINPPjCW9EO?V-Ku;t?FjA(4fBES1uF{@v5c*@KHNd3On{_?QbIS>(&hZCiFJaw*GIA}VZAA6bNWP}R7l8;u(}bJ}f~LEWh(Jz0ILYCYR5 z-cv_ASO52;MnSK6a`TAx;bsFP;zy(0(eLEh^@qXO=*CxRhE6~9dc+IgA9&YIoSA-o zvWjI@pU+l#h#X)Vz@Roe^Jr|W0l_V=-d}-k zu$=yDWtFuMkA`puXD0z_XC}%LknQfB#nqLBX6&_P{gVYiJ_R;WMW}Z;VZ8MI8_H^C zL?lf4&iccLJ`8TYc0Zhh`4)%DotmCe1XDy!kTb8=Q~3ZihSBA&mKV&|$Hu+mhyu>B zP2g5E(6A5ggOViXB00(r797bZpu@;00-33w`|+4QqK0*-PZM+6KA!&^%`PGnhMaVk zswfz|ROPA;dX@8vBuW@1jrE?#%(H#@v@-ImrLNP=fnN*n3(tk%WFv(wWV$oeyI-mP2T{r>l#J$P{c+O=yyIl4WhCd{a~ zl6*YIAjqi)IcX+=V88g{OMy;_;iZ>ff*Dea`}ZGwck33Mt3aDjl1f)8 z7(@WXJGXBG7#wQKJEUoJLg^kgtBEH+uwdD(yHp$kx0{&r1-C@Nn@lLUg(3$ou8irC)FY@W@ZxaR`(+fVQpV~?bY|* zdsi#J{q|eBjcFkF3hoU3>5`_`Nyu5>FrA2l`|i6pv>GA9t!fl9)U5iO{1C%$z4eyH zLOf$&WE9Tz%{SlFSy0ebbROLRDL=uf8-7$2A;^pv?iEYS$S82Xu* zDh4n*4h&;JH7$+nscTTPzQe9krab6Yv0(MOLAk0hJw2m`=<~<|)HZI>*><#18W_J( zTe~Bc#kG*kgd$qA_dnTtKsAtoA!F6}M_ zsC(+wdZQtuvpuI`QT-SO;z%)~_{z6Bb(?SqfnHTX!_9z-6t-r23Uwc}5f#y*t9t38 zY5TkP?zv0jl*VWi@-7@jq13Ucl^JndO51_y5~9xbQ0KI0=@Y<&YTv*a_0=* z7Tr-ib?i2NhrCw3Vcg9AIu8oo9Pck&eyhIt7%GA$MV)QRkrDfRV5X|i7iZf~23lI4 zxGzV&b&xmY$wZhVde6fi@iW?TZ9QJX(a}cg!9u)wyade`Qd+ZI9uaTeyp;`9bbLaj z+-!}?z=RVX)%AsQvm7r9MGhPT1#U?nhfLVim9>V@P_zNWb-3DT71o+_@e zwIRP*25;7eEl*YC(Gs5kTXDr_DTOVI&uU~nFXSsu3f=BM%qYlDGnYD|R@Hfg8LSE> zTeg25aZ`P3io?;C{^t4CQP+!<`LM|l@n?A8((DFayqM@q{Jm*GHEk@pAOqKNScUz_ zVKB|LY}Ka8wynN?XMQ}H@zU5kxpN0vJvrI#Nm&=tzv7xrCrfwpy)2_9ovZp6bXeVr zo=A>#IYTn{_9S|k8^+}EBUaU-7~P;(9*yZ(>eF+_*NE9r&(yc7?q({tdDNYrUD@QL zs!c$Hnzh^!MyZ(1^pa=gZvyK*Sox#EC{{|+W8e|6KF}dbPo%<$9>`42Vytm7AlzLX zNCMlM=|InPnI0#Br|(_bl_LYgy0C>0>W|>c*b9>rJLx1kKpX7TU`3tD`$k;#=jLaW z#kkp()q^A+d8E_7jD{Ba)V?&$#()sezS)t2!d|;HKR$hQ#&$BV%3e`o8nP7Wt|nw> z9m96x&ip%5s7hYT*lA^>O!>xm9XoS&DMyw-dQ{(zY($=5{@OADwIQJGjDobgC@Fvr ztBJ>HB5UzA#p^m?XE<^NpT`Hy_#{J`u@%ldnwdOn4BWmKh-54;3%q=>_Yu%XdoPeY zFQ1<~tYR^kY!xd()v_{7iqSk4I3II>TXWv5n`a_LEk-zxXhCT$NOf zTF2H!jIlBg3AJp>J?*{S$4f*sRE=XFj~#vb=t%bYaI^I6|Fm(}UY$Jq>%p!+bo#0( zZ)(Bu6#9dAT5G0$#3=~$^Wkql6bDYx@MJgMy>a=$A^p!lg+UmGH{dE5aNCa#b`zX*rf2EPa0S zrqFkQVz551z4jV-kemz*`jL}Y@vs;ZxW>C|EcQXe1yf&z>7U zhlx9P?tbu_-`x84+dhCJa%E|tk8{AF>({UPs<=Rmphab1Zqd&&vriC#KNE{lp{|!6 zE@21MLvbDy3vgz3=Dqjci=QP=$Jr7f-FM&llsV*_cv@1iC-e1}t^-S9Q(i`Gd%{2W z@7(|3Hy?mcd62VM{wtR+zyFi>FJHN8wc}@Rsz`Tu8vQ{j!-6=L@mRcvc@ZS9u7v^RLjyQ?EZd4-bm%RJG#cBez;{D+YWNLO?NDF-uQvhfxIQ8h*MAbSG>4bB= z2qHM`ksR_n&{06E-S8Qyl5^5xqqJl5s-I$Xl4)xX5m+ne9q=V+4vQUS1&M9>*Z$gH zh5IxTjSHwv@K6Cq=jLYLe)}yMJdP6x0qDKI`d9zTYp=cHXLQckxKO4N4fjUM(1S$$ zD}UwRGk6v8#TQ@v`JeyB2>t!lN7Lv! zKCzl+ObQYKJv9=YX}+*nbj!e?-o?`;Sb~;L1BaRwbLY;VzaZxy{n1|*6VZbOJe^HhmeSMHZ@>Mv zxd|KQ5qV7|f8%fb`$j-E37lg)xMziqeS1;xpL=bv|{N2S1DFNL;r=?DHQ2_5i5WhiH zE4b=I|4>|})Vvr}G3<>LIdu;`EtuBQd)}P6bm^jzp=Un7!ZF2>fOGcxcYHfbI^n>D z)2k$45;4~ph6dMDt}>}>7f5%^Kn%BefkB9EUz(*N@TNI-)%iHjta1Qj;3-$CE3T8k z3m^gWH6OD*q8PBXfOVl>ZC15WK0lKg`BWXz=M}+$HZP4H+k1H7F<6fj+ivc(flpP1 zI%YZvyf_jtS+g-}($1UMDrNw(Mw;O*{}Ckx#(cFKsNx(o4Q5*Ju1gLM)h<~Rjx(Bs8F|*nIi+xqQ0m~V zl{rmwH{WKY`GZ)!cy1O1R;u@zDb#AcQFdkM2jjW!J;00S=QvD&9qv6?{2_5q8*~z- zc!-LDNB15qJy=+>y7bk`OBd$RR5ax1H{ajY!bm9sQ|g1JN4%))Cy*;;?h$eJt=jUA z1P5Y$_r_CDr^>RE3#)bM{G1Hxi4L~$A75BreUHmXr@$+FxbV7sYwPML5x`eaR*+d6 zzG!(@3i5Yne^h;r!<34N-eD{3&c?v;DGVbIVVIq7`5t0(|ZE-U)z zBoM2qQw^$cSWC??PvNGjS53E6wmOYb+aD2x3!; zLErdg%1llk2JNglEsuYJ&PcC9F|8R*-s4*r_p9C*@)iwM zkp1(eWmP*roA5$vroM-&U*+%Vli>#&9h8M|buQT|Gu9BP;?Nt6Bpc9XeaS+x_>83U ziP((viAVWREDk9g=L%|*Mp240`m(vOdEq|vEmbLYl}C?Ii($@B`dal>2a>>g%vlwh z_+sJKk(6}3{3AhoM3~hsy(H;}w-5IkUmgAEoFmIq3$=D?=dQg|rN4}a&=$o!?CF%X{yC=}`a`}bMepjVz^V*>{)ExiT-=Gtz(4{G~lHr%Jo zpb|pgiChXZD%M?3W%84*EJMor0{G{je=a5|6auu-qsy1@CfF+E>w`Os-+%W#j2h4z zd?z3*R)rEklhJ_G`E&E|UVNHYuUr|ua31A_2MafE-u&oy9{~vAt;~=t9|}Bl)@QpR z#(-SKRus4qLKm8^ywFiP=)gY#!(r*>&CkF3>TB#(4BAz9)oW^c8rBLYKv69)9#|6K z5nIQz07(G2AAIn^x8HnAmCeq~T)TcvoHHEG&dr%H!iP3E^Jr~#RW!$sKmPcWk3WHE z2z+W}*gq;4iT7tw7ZDEAZZuD@ zT63%R23)K#YwJBy-EHt-6XifYRmv872_d=t>9(o#J0f#68)COV1gJ%t7m__>G#*G_>m=vseR))HcC2a6Q z_yKpm`Q{rUR>B#7^wB3E>_2?}17Is$d%rqLjuEl#=xuLRj~c#(K55`w>F>V#EBa24eS3O#ZkA$!)}<=d_tvfNKK=ct-+Xfm zPzh=i5SCaJYSa@22IwNSQ^%c@U!0V9o72!*7Fvts{Y)RMwIRG63Do-xQL}1Y4QcAi zs{-_AYu4UVxtIOmY3g{|=gu!^BWl*!gTxqxEQ)rXsUclm!n0EedOZc4%9k*RkgB*| z{*pChs&3#ieItJREYCQSu;*xHc?zS}K>lm=)ua)Ci-Sh>FXiAu2Aifm3f(`? zg9Mt6)zEeLm6${Nc?+uQBG;v$)COj?fu6IsU0z>L(J&5o^*7zm;A>j)i7%Pbw~cHXm$Bi$GXTr+7GmZSq>z~L57 zguP7&^q9&$U_IV;7KOKV?7Y>bbQ0(!aAXNk9VSFmWah`h643;ip3B=$MOe*RVlaD; zT*L`Ih+mAg<&Ro0Drhlm`(KGt!m(5NGxMtwPKcR~Y$t(E0s{$T81|25jTnG?&EN*I zzhu}kekF2#NX}my(8x+H;#>1agJt}ek)N_EPg4S+-X5y-_V}=VH~{@td{3Wj%is7{ zgbT&Ct+!*Ok7lb7XAgz!x=g2}#l+%+h?^#k4uxiqFy58qai$Ol1|d&{$7OH}x4@uo zGmm*fxL?2mKvX?kRmdw|DCZ5tjo>|?q6GM3Eh;1%!94+|gm$=XK_X15jckk{6<^=#2Ife#(T|3Yc8}W%wc_N=Dja9U zj#VQRkc==AEPNf()ujtoW@9EHiZ-Nky9SxNwg05$s;r)AnP_<9eOUMeAVEJd|I$kM3tAX0Q%)H}ERW(>hh3%HjXj_fH71ikFOs;?URN zQh|6~Q<+EkB5wFEeN(uN9_LYNDxCD*5n*IlO7Fe2-IGu6iTWqPsiVr=%97F=7%GV>O zoza8jKe;@{w1HA9*u3r`-f3x}iU~1wRtQ5z!wHq%=Fm2NsR%!93@dAP_7KJdW9%+G z*UDO^?&zVIHAcPR@7gBT^^51mXCCjuW;8rpSwp9B#V$ezK~~!3^Ru?!T!i}RI54RT z#Y`y0?*$v5|Q^fKDk&JU2IGq{GWTUz79owDbXW3j=KbI z87Tu+t=xR-%^!!MHn8Yosbm>uGd{cXn+F@H=^UJ+Ci1R|*^mQGcWX1>>AS-1gQdJd zXj&ne(#kz9^Rsl9_8Kt0m%X>=c-g}~?D98}9J&+cBmpqC9MFMp-x3$5}0taaoV$iq0 zNzq-I*%~js{PN7~Y(8IJPy<#M5RYiAUw-i=IK^9Uzr`3JKvpF`^U~tt?>_Y3?|%2& z58*`Z|HFDV9jgLnOrVUrcV?`_&tEvtmVpLf&G@1epjZV-{T`|VKA<53N@3(v)Cy{l zvKu$v`T5WPBD@;7EwVUQagiWD_~64|{_@{_e)IE%#YGf6f}b`)uim=##pj>@?sp%d zDV`rX@7#C?0x_!pOkB^RYN-pzD{5*DTH*Zu`|oQ2a!9sOp*YrjMjc*F5g&j2u|n0l zF$V1G8UXf%vIkT;>Y0bnVj=HSsbA|S?X1e}Q0tb`S~=1Rx@%1DC6NTZSa`%P%px>f z&Ra~ro%(;U=0$dL;_Suw8Sw}inaElKBYR&USFd8$B3Ytrjxxax;eXpX-di111=rYi z(l=PV{zTf~b7QX#SN~Ag1R_70RwWMeUbGY&`0Rw@+)@Q*vsff+YY;LCBxxCJH>HgN z)!bH`ly)@A9&bbj7wzY6iD9FywVCe#IYy-pj~cZpzmi-VT#$uOL@+Je9wax8#@7sO453=nbg+tbx-w%&n?R`iIO7MP*!FrBve0SXuK4O#RKmpAPgvOjG&w%jf0} z;PKm8XqWP=B%lR(TA&{L@JIMZftF$du@<7(Cnx9T=S*$>bCe3wFET+msvA0$D$Ywv z0cW>c&+l2?%@M@%<(FT3k13;|-fGX#D79d2kw*6t2*{{fn{H(zH;3zU)cyKoq4L{I>5^kGeqC5Mlx;G|w<&|+{I?RQRyFmySvRfK?*@WWGSNZFkB#08@FqwRO1Sv56aYeRN$sR~!R}C48(}WxAYxkqY7 z%Y?C`zZG94$?Ad%O;sDyIDYDf!rKlhnHD1vbIoO0hF6O>S*G1G*VKhw)}GNN!%Zk*O1{Wh+6C*7fXVv_kBb$;y9A(MXa zw@=yQ8wx>S)@S~Puwb||(7XRVj`kQ>C+j8#pGdy}GlZJC|XeBKH z8&c1zZ|YRlEk%*+y_{_*@{YNY41@f2kxY$#DLS z$V^X9GEgezaFh<1+n6;^*9bN~Gx}r6Hf?YK5^azg;Fh;bg?42}vXB741YH+!nhEHS ziMBtn0Ub7zMp1D#malSps%^goC|1Vu{&bFfw;8ET0*@uqxQ+2=*L}6Un`H+r`+ARk zw##r>31}3D2GRj^0YjGL2lJ7(NUz;Ge`Vq-vw7$IwNL(5P@XKXg`9dcdv@`W566%C z#6yZX>VcY`ZCvC_1oaYgQ$B2W@NOL*VdF(VhXKuwKz}pfs0E(*b86JesLlLR9WA99 z8>PO+&a~BCEE9@>lg=Z=s~y$UfZ2yj^fk1jWw8uu4s;F4YO8`P;Pjw?U+N+uz80+4>`@#nTr<$!GL4EF25L3`JI8g;L z#ocm14=DYsuhvB|1Y@0@o0n6JJUp2hIdI`tWph!$g4i&oLh%&EEB)ZNzy0-}|5^xG z?19YA`|$Ssyt1r4SO-w8EPP+_Rzz%lKvz!JjYkjz_a8jCd-pEJ1V+V@wE!NZ0}Tkx z=$1gI%7rNPtVoCOA2LY)=%bH+^{YSs&2K)CO=L3RRDGws-c22WngzXui2e4PZ;<-s zpZ)UH*IpGhPtGBwiw8Fa1IHaIP6APn3-MyRv=# z6Z#Qdqm!4km{Q(mI(ya^Kc^s8EnQ`huD7_!lC^KZ$cMF#lk5y0BlX_%5*o!m{k`V9 z;wKL}nl`MK9yxnvytN}+bb4~aMo6|F`q4=}b=afNPH*Fcd>RGi8UR&(Omv|Y?c+$3 zAw#1U!h_6%LL0UAbNG6Y;m{X_rb4QT(HIf36nxxR0MVvTFfu(oV+ey!wG#1cAcMLJ z%xnM`vtgNv0O;%sJgrhV_ylTg7nb=N7ae;}JF9j;&XFaqK=Z%;hStIWIBa70jgDQs zbV-0u8UQy35KbJf*y#1(>SH=D;+nPGMu^;kvDw`NeX@GiA=A{dFj2kDjufTU7x%JG?qg- z+QPAGfh~`-#_AuL?)!p>LULp?C zP_-uBnyY(qmWQoK*zI*7*ic^Kig4`JAU6|+++pTugAs+AG$U~09i$&bZmpRxV?Hw9 z(eq{#Kx4)V;))iMUvZ!loLT6jX`+#?6r5};Vy_;uEnD}qlRzhdBS^qV&oHz|tJ^^LtAZCUG-aLYF{uP1|aJ%JBPX3fEFpvn+zNg2*gJ*IWgt^t`WgU z6Ms}GXnL^GS2~$sOn!HnjtDB9&?;vfN!rEHTBJRNCFw;h_mmiqWk9Rm+;@b|dcAn& z1!F&~+CWa15*{dREwR-q1y|f3#9=%<7zxRgPvFGmWe&rtyX(t7Mw!V@c_oneC}gg` zHeaNFje5Nk>@{EH4hp%^PZ>|~C~@Yi;CbJ2%MPj9rovnKm$1ux7b5CYxoZO7S>I&w zfAS!4toe)N37)nu6;80Ij&xrF<$u;u(qR~i&go#fSu+qbtf~{`ZF569CM7kZ--)E$ zr*ZUuZ{GakkN?p>-sgGF&_RaRUwh@R|MkDNPv+rUB7xC8f`gbgDny8CrC#-Y>qjPy z-p_(uc(BbaE|T6xWQ|G+C8Ma0cF{8Q6;1NDBTwa!pE}9|+w#j+k zZFUg;V@733A4`a?VCKPH+2+15KZ62o!orA%wtD}!F>|z^Dyz`;?BHU5QfkeD^KQM1 zXt%yca{s5gyGNElGrKu|^#nu?FdxaKG1IKoMISqVZRU67(VQEJka4txBc63{ZlDGw zG&$<(4z!&0K6B;mdkbD)Gxo(s5~XQuvNtM^Sl&~4tW`l#Jpt9y(hz25)nb-fJ2NtA zD(~6A-`#oO5t(i3U%NEFe=HXIfN$Q};4(r>H}2jB2sS{B^>w zHF9nwo{IRl6cYAS+spkT1Q!yzEwGzvt~)v5)`kbpJzVGlP1PpBUNicqG9O~Rbora? zoNFd&-KUeM{zwSvPE8ihoqU==PIUh2#$(stdJ|dw^ECT|vdoM|yd_Lb`c;A60uEy% zPZzqBhno^GOAa`6Wuk|n{QTz4-~9U5pM3nu^26n8*RKBTXMe%Btwjoy0giKWa>~cK zVZ0av;Htm)#UK6r=Rfm-dv-X)r^!#FLsx)}a{d5siI)1i-+ctN=70vnS8sOjp$uc< z`NIo*8^r1-pM3J0U;pO!pM1iq2OfR@C-1%a=9_{Px@H*& zJJ>b1-h1!ecW>Ny^Q|`uKQ{_s3UsRq|L*^1?_Pd9OR_wnhljg|zdfEA5g8Hresx#X zbhTiHZa^b6EH#o;7ytl307*naR0b9ZkU&CWF+ySivzQGMe+5E9nhg>{uz&?j4p*SFg*`iHPzGISyh=;nHiZ88CjX}@>lpH_C;FJ@EJJQP7aht2Uy58bAmgG@3eWMDZ$=)YHaLig=#=rxn-Ac0DXU)uw7d)1Ss2 zgsMV%X2HxhfL`S4u|*EwBryk^y-f`AQF7J)P5Ow@!wW!wARBqoSu=v@+)O-YSi_Ph zy%H2LF%b!N;?e58hfA^%DVt#|2*YUXTi;5Y&aQA$oU#?;{1=BAbOm<6m8D$x7-F3WDCwqz=p!g}UmTU2g6VB*ERcTh-GA`ur@vsdjVurD z-@p0wHweyEGX}y>Dh?wD%-!6%^WC5P$)6aQKwvC}+eaULfTehpM$wWPLEJWDBf`zE zZek`%JAdK)rArst04*;s?Tg{|1i-?LLG90e_A@S)HGLT#Eg1VZZd`xwy?0>J48peO zJxB}=gNwo(kHQV6r>0!lp@~5Xiz6LE9s8hK*Gup1LPvpN3WR~gqmus8c#K`lk!S467=Ydr(Jw9NqP2+$q80AF4$Qn#1%eRh16(1W0E>a%w zR#n!GwY*H#u!RQ8bzl9)_Vmz5?&eb!6O_6o6z8H#8zA*P@yTp6IM4rLL;QBvFJ zSOFP{S*rBbR;ge(YT5vBRgUyoiWf>93pBE2*;z!Gm&IFn%GgU&N-HV+RHW4fstjd8 ztccVUaNY!D^n19t^k8Ah7jvOag>`;@)|*EqH+l~TxY<$!pV&F+TRNjLf#v*lZevQN zLV{SNfv+wNYuDlVB6EcA2uIym8<8(?rl?lVY=v~y+BvC?%)vM~*Cp3s{A)g}wn$y; zRdtyckUrEt&d{wEj+45(z}BUVOk=*raF4Bo8Ko2IaJhsLGFhnphi&=Ce_QK|yFh*M z(a@`!x#Ug-!rH1f;RQ7to9 zgO~$0n)rg>u2NTosg12kn6IQJH9J)UB|gsB((HAuVhbimvQ^$*sZYeaP@!6;T~9=v zPf{ffH!=nh!OpBE_LXphX!+3^U6_q1!oe{SqlQ|aQ&bsZNF;6t!+GzbVH?rOpC0E3 zzm3>c-cm%wdtbI`4{$*mM!&MW<1_vW6fRc#MA zFX1bLMWY}i%2>;(Tq-51a3y54np%!=zHH4Isf8KJ5~I>2Le5V01-wZnM!i;W8UP&W>!_FZP+{|9%*~W4(uxx?s7GaU-~Kda%{H@U7->hbBc9 zv?^+cwc5-;)aU^U%cmPJd&`FdS}LJ~kI=1awO&!g>GidaKIy(4ebOh=7rOq?^@mrG zKcwH9CZkr(#6-5Kj$D(DS-7v}>-F&VXL)InedjNK`KvF!_>!^a`Sa)Bd+*(kKmO?b z_upg4B@Ow2u@~!1qJa5}7ggqH*RNj}!>UY7o4*)?axREypQ&^6^W3#^mnEaw zrwuIt1=D&4*~lqpQ10Bh^VL^h-MV#4=@J9}JHPWgAAR)Em8(~5`77P*S{5F0ZRJy| z{xuKSe1rMyqeUaf#@n8#6Lsxcd3$zh+bW!H4fdn^#nY-n{uW z6FQSP7pm&}lb`&UjhzqgkZ9D414u=)ZDl0)%{Sk$Ke%(}+q-w)WP{s8q1HXrnwv&b zIa>w>YVpo`?;cBt=y%E>m?a;hRi#Y&64}fQRjp6Tnui+R0m2!*I+hevFui#t`A_gJ z)%oetKdXMpL=n{@U`L9K$fu62?mJ%fB`eYFD%2`qI86~JFiYaf`6#;%p5)@n>dnrVQ$XXEJWn_t&}T9kK^HT;DO z@4WLi&cH%w3m%7hghNB1uGS9ep{@{)PNAG19}3_gF(7pyEvi>!sZGVWUll10O6j9D ztOq%|n~nloDbU6*euj$~-`2~RC$H1^P8d{a%;KM>{08Z}#!+;0rPIKDSgh9fA~zTE zTMOu(kAVW{FW`Z^Z{i`*m{{Z|Y%)ol29pu!RaPJQw_1KxbJd92RxXB*B!?+HF8_rX ztsVouuLekZT|u80VBBuD+_wn`Ro##ziC$>fCMH?LGYj@g3{{c5TE~sk1w>7f8*lzY z{;zi>i;UWrd9gW;-Kr)76K=jf3j%>qQ+aGiV)Et_rD!_`HvCRQTw5s_|YWL9rOnFfIam`dqr%HcZZpqrmV4p zs5=NA<%iBaoSWjv@XyvJCDN&pRbFATCJfY-F+Q(Fc0J z7EcWye+Ca>)Wr`kBeSW<<1XK;wg0$5 z%r}()*cSVZ1DAfOj-utrSx%kt>I2yN>7E)^L$q2;@5gY9$??+i3cJ{I^HF;Winpvo zb!FM=1c!EuXC?8BT$|UP+Q1F<(&AYd7S3Dei;B%96+^LVy?T7U7c@oX!3;NCINH`A z5LehfmHohh`tvixA4dDg?@#WM@5o7caDdhMu#Um7&)_%Sb(JuJdK!i%r7ZYh@;p_T z%|^mLdHXyl1q>4V-rT_p#G7_3q@cN|SgT5En1PoU!K!JOGEnQAxxO1lwS@V4zWsR<*!_Z$L8JeR>?e6ne-GQo z(2%6kki#@cZHB)XV;&b#BP{2;dk^(pyvXj_rL(hRQ(G76(v$7{TV~_F~yje znGtIoCWwmIZ9ZyK#&#SIoxUV>I;GXs)63j|EkC;T-93k-uk7a^bbHY)Mo+WTQy(Mf z4HogO%f)}m<17r!$QRDe*z-1B?groA^01DAjp4!hB&OW&x}(PxMbUH@tG)bIf6-FM?< zsGoH7IevL2bK3J8k0j!;b^1|S=FB@}fwm|Zp5KRC-8TH6{n?-Y`JewqS*A{X^2tZP z_j^Bi_uY3`Z4$7VSdg)s{&+Z-dsPw!k&FPYT)9lsTK=f+F$v`o_3gLbI(v@4)U(4W z2U(~`_&elDQQ)Nz1h%jrfAaAspM3K6J8yf8c+cW6a>#frKG%K!Yn02<24Ne_`ry~( zWDE&rd}1cL>UzIGa*dbZk}qm^i2%s{+PwAAQ8p>icr>(h2zJ=)AlfC4TY6 zmqe4F{p_DHV+G{<-+q7jjW;5SH0@4#Oa}p03Sv{sMAdiFFJ8Jt^^8L7cfb4YJ4UOr zu)UKjORWC9E=%-Y(s^A%(SS0;HxfP1{xc}L${jpy-t2~t6xAKlC9?J$-EbL|1jL3T&+d6R4yq_o7&QFdehZb2>5ZlA>^9n_8`}> z-Y8cX^rBXlm}4z;N8p7>N=9=d)Xq$Fn2#SD@z<_j!$X>xDZ^8d(izUPvok;b@sF-w zzb3t4lZnITW=9@Cu}EHL_Im5~?YV_nm}ME9H)u>>CNVHe#O6f%LU& z*XZ+DApQE+zu_R6<5k&3O4GKT_Jg(qsjGI?75WX~uSh}N^`a+Xg0Lm#$@ksU38p|e zRgCXPeer2|<<#1#_0h*sQMN&p#d9s68z*G*=qL#j9L#Orq<5Sr?N4x<>{WFV0x`zf zn6JOS)jTU>bmRxj&42gUBXddO0mDZDto8~6oSK@qch1JWQr2XWBSyWOy-GbX@AP(c zb=Cg|l^)!SN5<)?Nxo~Fi7NlBL^26bTca#IT%gMWgWTZA^9q$;eMIQ|`LpJl0l+iFB&nG;V9GmfgJ>DkjNvm#0VAv-*kL19yJ6xv(sUX2vs=mNS2CsAyvlrVQrv2o*o~&aCY|G z?9{8Wf3aiLy2y?KuLlK)Dy8Vj&iinUng+x0ZX5K&V|@62I7{(@a06l_d4t4J`}@&2 zN!GLu?%S#XPvdVD^JprIVK}?NuXvY%NY%?UNKe1v6R=8CDMdm9E_yZhLfqoABI#c2pm|j)&5d9}i4z`3?U1h*S_Bcu z)SU>nxU?ccCHE#aJTw4AJ}V~K5y}cn0^|im<+F!ZJDxT@Q?#gRz0|e}^4K^tvCj>= z2<#eIpkih+vU@ndYFZvBut z2Cwwz?ICCfcU64iWyL=c(;kjH{SHMQX;f#ldZgq$7_b}(O7{vYs6V+HhOt+5TbFil zIBz93v|aVJr(NCs&Hwa2_5*E?@L&9wfBS#_JAY4t8#k`~y+8UN_DH$wD?FbyoltK z*%T!3;ej4pY2KAJC{fuEfJnI|NFst@RKmyRW3^!zA-3uqA{22vX%xhWt`dF~j*2WV zEgZEZ7VBrJ@h;iSQ=iPhQtj3^-+cMym)y15;2$b>^OkVItn;_u{nn2$2M=SstKPVA zqkOE+FhSrGOLaCg#JT1;`;QVrpP1`CnEyy+66E7)<8h)OBP-JR`FZxH%oo1s06qY4t#x*%hR@e!A5M7ZYZ1fJluWY6t7C~B7R#_q7g@^rXO%$Tx+v|fE8m50`<{H zAJF$0ml`JQ|c{k85nHQoG^SPlgd~oV`(nQo{dj_pm4fm+E zFJ+Cg$de{Je13a-i6H^gHkw%grrp*bS_f#?Jxl9eb`o7h}+Ut3HI=?tCzAeQJH(^lnzJx!FDaP^o*vM~&|O$rWQaJ5zJ@dpwRo!qFK#}son;p^zuMy zcus*TG!Rf*gX67boxSH3wi)FPPvSa%7+slUel2?e3Ms*CO*%O~>2xAGoLb7 zq|5m!=!Gag%P|~==%47Q9opV2Tq`8R z$MnN!9_4*!w0e}(JX%;ij=l-B*NHbHUdFp8kSs;y&Vy|jcbpN6F-Kv87#7!Y^x(Kp zaj5XqOk%d0>SJ~i59i(E9y9F^{IW9(j}3aQI7MKQTlf*C#>T>Lxsx50KH%4q^7zVml^`FMCdMqU zikOK(t)51|F>5C;RE>kfo*5_sjkLt2e3`K4GnBHFkVkmR=SU(C6$1jH(aTNgSH*MM zI>yK9+1W`OvqweEhJ&s2_Q`T!gFzFae8X{l9G^|e)7&eF{}PBl4s ztm6@e4pEgC*iZ#ZFhmpbUKql}IG+|sO$6P-V2_GKFBKfE;27T+Q-K4|O-GBrf^~(1 z!_<#6)z%RX-Ap@b!9jMfJQMe|tQpeMg{x70jE`Z7HGO(x*;TtL*D^*|lnVp|kXJHG zqbnEYxBD#~l=4DuAUfmIA=Xs=ja#FNS*PU;!%&e1J7TI4^iC!0B7J**X z7VMM-B)b-iF19F7$EX2BC;%^h}za0fS3Un0cD9};h=_z2ADc@d^mrOc@pOM97Qw|BB(sP6_n>p%>8Ht4J>rN@E%L3gF%@T~#`KL#SB4QRRJi7{U|}h{ytI7% z`gIFlHm^t|OACXtUb7org3wdmA95nv&~-`Uq&XxaO_8L? z+r%wF7C;DjZb+5V@VeoKOtl-d-Qo#kgk(^&{^hzgwvJ@GeCbFtF?g&3$(eE2M7GTG zATpeqWnX~^_Y{ThhRmxR-M~CX=$;{#p0V;kY!MGmBka@)VXu#IegWq+%5B+{LQV~fEc{Z3F5xZvB_dKlcuM+1Xwm>}4P^6KPLmbK>2n7W!t zdf_>v{n`|VlBkNY6UVUMMqafe)Lpsq1{+ofmROPEy{%nXM_jvh)hsiRa(5$zEG7kw z%PlvF6u`_#(OEJ+Q;Y)Tv9BLD3FMfrY*+g3%W5;<2 zum>rR78Y0F=BLqQ;&4VvU$j;n@DgX=FRpkVD=PS(&RMm^)wMg{-;?<4 zEHw$EuV^GZ(l@X%!0>}ZG*R^}N}JI$Q*uHEIImPt`gE5VV>FkpF(9UtqWCCt*yc?( zeaR8Ibgx~yQ=nA`l3fzX8mb3rsiR7xwbi-oYY*DzkE-Zb1F~N*8VN89e3HEm z(~5=wUWs*@L#4)fG4#TxyYwi4hGs(4(?G4UT1#~VdPWKicg|-7^?GF2uMF8%m)76* zu9qQi2-|8KB*PP|!NUt8Bgg!;^oDO23)21N%jj# zLiLLTHYn(bZi1;FXl-Qa63q-BhlJOlJRj6nc!^`ZEg#CkV;Y7qffBMTIrh2|3ps(= zALbdH%5o8U;^#JU>}e;}VJv;Zq)e9T1;2LO`clw=m;7|s+XpTdMn9b%MI|T z?ivMF$rKiK8}^O$VdvWnV*|db|M(1ffaj{Ub#{}i3NWA8?v|$(BeCr$H=|YCz@TN_ zcgXGzpR54KSa4=hr`*s`7edUUaHvY}2J%?s7FGz&Xf?$ZYmy$2w4Tq1jKqFLXbf#` zI>rR>w-Srf+e6}}h|>sK z@NnVFFTZrdl(Srup60MBd-Ad1++j<8xSC2a&DFJcF|kvvvIF3-(31Jv+qdoXe|__7 zj;WZ#vOn{-&iVJiBz+0htN|E}L4(M_!jJ{fjTYG?v9%L^L83mMyZpGDi4Owh<-o)btd)@HQ?$GZJTJW|_c#_~8dOsRp*` z13DW=N|~FTV-@uM4|jj_o8Mq=val2S`s=T6-u%W*agte_2eh_$F{-tzCA?9obbKJT z^7kJY(I87E=u6tX6=YCL!{VIjtz;A<*eW^RAE?U9X`eK-sFGoHhCdc}>C#1Y!Ore{ zd*`#yKF3PSpf>EZaT}@Pj{Fl}mBX)+Us=4(E)$*7u37C)tc zxg}S71W@U+O9qa)#x!Sk5EFxo$xH;oj(NMtjshJ8j*0@L_&95bLN*IJgV7)2oB7hV z7_pzy+l)DL+DVV2D)VXJgw@nn2U)Df-$B+nTZ1LZmMFPuR@ty7A|5ym=+p}9)h)@o z$BqIW1zr>dqDL4E+-4)#-vY~GvK@ilNeFD36lhCEMx+wiIE_o>$#d_|F0}%d>5oq+ z+WLI*i25!W4ieoLRD0$D2g!1DzHvXwXchhpF`L52x144LskAp!AOv9ZGB>?+`+W1x7ujSBHj(nk1U){Ne<1L8R9+7?x)8B z61!NzEBqKwRtlq4n6O(_xXDF3zzPf&t6ZN-nfTfeq&qr2#{bS3jGAj3*+r&12t}Dv zezoTm;T7Pra3yO4RQi-(j=<$mDOjnOg50!P%+B!J6^1Wy>lLbyyWNAAEk)swa{aQk zzk8M=eAB9)dAasd`;<7s5?&Kf15Na6QlG9GPfdY;```LE-+t@5?6y6g8pu;;#4E!+ zsqtCTtgYjGOvkW{W>P~7k43R0Gm>$lL&=`_6h^>+B7BxkKde9JuC{2{y;7FxAji4N zVVJroP8d{b_&$-IUnaYp0iMtQCTzXtoV{m-=a1N{TjJKv_UhK;=rGs2kfnu#^t2|0 zMCKU^vK#Cr8N{ZFM;Q(qNJ2y+93tNz=^L!eChrrO3yz{Op^ecp;M>^1G{|`X9F!D3ARA#X?XsAzI%M4x+xv{9Ma>0R6V%m5rgvWZd#0S(N;ulH##Pg)_7*m$7K*%BSOk70O}KyO`z8g)^WV30lhwuCzIFvoA5zhtzE<%fUwrxH7Z)#HT3zjZ zDYfO4-n3rk0a4H@$UK+{vks)O0{QaGFF*bCQx;>a4M3KQ5b@!M@AF!E`HjnGHg@awJ}dzXy@f394s5}(*Hu%AN{$rLe+;cIiR?oF+vf}~B}Fxi$;iDzHH($T5EIxF?< z_YVl47thURleNUR-6)_%VvRLIPK~_R=!SUhMx-{=I=f}xJ6@+C!|Ml2%d4d1)A3Rf z0bl2kQ7NQ8(!QXFSXM~PR(5ZgC;6>*(iUvCI9oM-Z{Gac;AOOG?672I5MPvxa)Y_& zpZ@$$Z{PmbSZK}1>D^!c%l{(zxwR}Z4v)$~WW`62wnv1+e0%%bTeolX>iWlj{Ero6 zd@&INR$!9O#p%_nS6vOdX0+N`hp*+o_=`_@SA}kw)qcUQ$mnOo#PQzQv-2WbO1AQN z*Xh&0#1f5Pk<=fcm0i@NQXV{bsKlk^Wn=vF&p%fkisd)nc;ou@YxnQng9yLO0w>cf zsf>9{jIHe_pM3oG+izi#?3aeC)(Y*e9R;>fK<8|nigp8!^|mp_O!18PGr!YI7&}|? zb&t=90!FbZo~Yw$u;YQaM2QWYugCqf1VUP^AD$CtC#D$el#wWji+G0e$Uap4V z|HG?Sv+elQI<#T<-F-)ajskmAz_Qopn{5XW;|cPnM?;;+Nw7C@lJ)OCSQJJ1Jgo8F z8|HDmg^vXhQ>fbP+OkaFxj?gt3dKUIH1@;;juF^tk*9ag(8YEX=qT_4C=kJKP%PoZ z-m$$l8YEUayqQpI7{Y#oH0?$%EX#eA2y~4u{=<*GUa5xWG7AqixBOji?$8NV#FDL zJ=qBKn6E~cwhh3xnb=T9oQvn?@y_@vsxyJuC^d!s$IBPbN~2v|ABDg6T0wDg%{tFN zIWae#vY`zbxe9GMz53)m{a0aSApm7K!CFQcpz7X77p2$UFs#NOV>s(=>m;fNZRyci z-6@?yfig=K`NoB_a8?&}Y-C~Ji(C!)R#WkN_l+d*gL;)|*{BHR?w?K0BMK@DXTPnT z{)phe24Fg))fdo+hUGqNEu)@lI6XI)1Bq(ST9Hpa`N;2Cp;Z2c^W*5`+cc67avub8 zWA{cZR#k5NOhx!cCMeg&yuj%bq>bx9#%Okg-;0lv2vB+u@M2*wxdAH>;u%``VTR$y zNgFg83&!>AEI7@8=?@ChID`8WdxMOKgSJSeSGOIt6HASws<^&ay}q{vbyQ$q12|YB z${4>$G#J7=)~k3=Ng+5!r7)-s>yr7v;B>zUf)hD}RNtsxU5U9oo`VAnU~cCvAd`)J zUce1jfm1Ep;hWyfGRXUMH^rY~O>4c~V@0@*3O6I#nhr8E9BetR|L68cj#GnAu$m(!gB4-ay?0uB)&e8>qI>4U*&_(UyWef(~H*~(joY} z>Md!qg}obrwMw&CU0jZ^za?3NUjTc^>p^<>z)@4C;1t#iZAA3eW))qiKnQ_+#Y`qP9FG6~` zFk?B>t^6;Z?5tPy=h*nCj@$(Py|14Bx+U z{L|#p0_B34lB7y;>&MDvP_Im;<)NxAY3T)+SlzmH>*mdy7tWu*`sP*p>x0AxyNM=; ze%a^0*=^joas9#l`=H&qbLTg|`GOxZc3=t}fFcc)j9oK&X7dObCG!V;FKd}#^0&pf zcJJ;zLWmfKWzB|l6Hq~vr6$n<_=sxM$2n`V>UeMz$7;%wVEhbOji3>EGLAeeC|6E0 ziG@aktgMm*a$?7;mR&wK7)ce@E30Zf-n>QLzIBVa?cKXS@cziM?fdV)2bp)Z=Jb&o zdlSFi?_Rn7rYZ=6T#;w8ZY4U!(p0=hw0?A&bE6SEHpD0dX<863f&%givdn{bJN|gWyV|m6Kvo!b1@)U*;h-^R2TV52Uo__J- z4_B{V0pz2PK7`NbpZ}V*6SG&=Y|Wvp?xn;x-@M8kYI=GJ%u-{(E@4YeyT^_KjRHD} zRk5FWtT%h>EKMnurD2wcU3gIxz-{D8?N8FpBNG>qTLB63QjZ347O+OeJWV z`MKHov-8A2={29L#%dhcBt^(HEs!wF!K#zWkGwK>m?oNCEbhN|LEbieWK5AXY@Bkh ztbG6dUGVuGZ?1N`9>GU!+h8SVyt^t#6P%=$!qWwddCXDRNm zdEsDL0S%k-w%Dwmh7lfyhKG17hSD3J4ONj9(-RMx=6pC;ci&Nnz^NLo(dm^4W2`n2DUMY)PM0Pro^{mN6?EH$ z7SYy0&1gzZu}xn=1_QN6PmQX)G?*$b2}!_$ZGAU2);p)D`y!N@8w(qGyaLmo#pa;zmo=!KI!p2gE4IqzBDg zm_egKkY1N4_8x$-(u&P$cs_%Tl{Xipiu^Cj3NIj3bP!=ld;A9dMNf0=vX~>OPESSGX-j%~kjx zMMLXpuN6_J^}7v?9YlJ&M-~Q{j=!3BHgW)P69uW0LN}Mr-TD zA!mksH)PH}i*1wfQLh+YMYh^?b=(6~!cC+u0e2um`IJhNhx$bw!C!J1=c({~6gNC@ z51Wb*U%f)<#QKTHqr5CS6Xl+~*wn$WI)dVN0ij&93NjNpgoJ32g5Pj*#S<`LJ{69r)n$7t(D>-#SBPrusaDt!2|0nSM7SL#!+dqx#t~O~zGCd|J(- zC_THh)h&H{wPVH>DS53N;)pbPM@G14da$qzDnJYrFJG7&o7zWjz6bmxe>JEPREL4r zV=u-Vk4f3~z?uLtl-gS(PJ|KQUKo0Lh+BZO=*luJty45S^>8ty)2vK9nJ+N$9B$vV zSB@=ak)L%|j11EH4QJ1XDE^R1t(G4w=9{57C*tt2s%!1ouXHIQ0fvgDLQndc>50^( z`0d`sD&?UQ_H>p;RD{6ZflIu(u|QQ;aeFa4ZcA<%FMF5eZI^y;5_R_2W2Q)Il zIabH%V4X!1V}Z@$lerl6>&)!TyYIehgWs0FuZ{oW(_h@V^Icmr4%0bs`p+io3cY7Q z*oU!Ed+^YwdmqvJs*&|Ow_DJ2FNP)U!s0^Qq?I-~Q+atl$jm!N7rX`^w!9!p%rH*i zl(Q8;Lg|-$idh4LJf*u~=)j0gUVa}LtxCg9m$x;WA5=tqf&FJtso|S_@lkgKk0?W) z9LtHsxv3m46tNJWAE8wf-lX8yU&`L9ljNk|Yg|0Upyo@JO^*T9xC*bOAAkIjS9~p_9@A}OJm#Tuv)8Y^NnkeIjiv$l z#%uRZ3i*&CZTs&z}M%AuRfKyn&1znfxhS;M-ZA1j*5?kw-dQ36R&1%Gz^74h}xA}pskzARNS(cx|g!0DFC$-T53s&k)3o% z!`DF3RxPjO{8FXQWq?=%p7hn4vEnKhgfvS1^aJfh%8|Z>ejQ=e$0>P}00OCFt@0i& zEXmdG`-LhYpwblSKe?B@Dc{;WBK?l-D3757sNxT?#yF}XJ2=Ke&ys4$$b@xjm~p)_!16OD{f!+%KL1+7Zz~6Xxrm7o z1YgeIQW1zVTg71G79{NLl<%1h5KgjQ$c^MK7%bEH_0&98q)hwUB$N*n*H;Xrj9Mym z328hQKk9i%88#Iff}dh=BA{B4gy4sZE9NaDxw-pNmapqJ6IF?W`%v(x6xnIV0;>y8 zQUIw;NHiMM^c&93bfKfbaZw;*Nd8sWt&sM%ca;`fs-$8FPh~{4K0Z25Xr7;$vU0}? zynl2mM~9kZ)40blKWSyPcyJ;;m53y!ZRLg^^*PdRh#fG#Af<>LUgE(d4j@y5lH*5R z-7D9)^Cw2DXT~PWYLx=e7(8GpPnS%s?GI36PCa%KE?g0_9$T+MAIIKK3>sQga1ZJJ z=}LJOb7?ip1g(=fFHQ7>|L@jwTD=ZCe{D~%H)#FpaP3H0TE2D29Z8q;1*LUSX@>A= z-EDI|Wp4~ri&djG3I^$0e1jvIkeXJIt-e&BQ6{5t;T5}(mSso8jwCYUA|LsU?@wjX z!MPv!B|Uf%NC0QQqO2O1BjL)ge%nV@ixh9%YmTPk_b42^P$?A$f5j%G@NE4S(RyGE zGy{78b3o5_qRi z3Iv%cd=C0AKXM)bJtAI&ETK&a#c}?@NE@#i6gudiVz!T$;~tM4{Eq%@2pEI4-bu$C zmLEF$boA-^Lu1!31Angh+MFVclblGZWLk~}8iqzOfy#zFe}udPvh?EP(AQAy)-y1* zQ_ou=GcRtXq8dHSv}@+FAJ34BVcCNR_rLn`tFOQQhT$6F;mw$=*)EK>p`nq)F(Zht zM&_-YT)7HYu3iP<`i<)llZCw(15ow^D%CRXac!_Q0gF{OxV|CI>Xg_4AOp1)n4*Hr ze2p0ai&dX2fAH`@%*!GK(V~QE{If1RTu>-?iHc*AA}>UJ^(zUU#6XpO5SE@B#QiGJ?V+e)QJLXp_w zPI4lR6Fp)OcGYLo$`J(-l>Fmpke={DHjEqM>M}Y(xZQX(J;e|3!_>jb?o?LH&MMb- zk>lUN(D>Q!oL+-@a<2OPrArst!Ix*{Gwd~+H7bj6T%}omGUbe&cNu(NzI=&sCrNh; zi7sEhY=G+?Ohu(M#(ibmXhQTJqiCbewZ^tI%>-N)DRBnQR&9BamW^??q}Q%p1rt_q zP!>F~IQ-}GsRyxRyO)(+5a^-R?Q0L|p4T8tt`JGR=MBRd?a%B+-h+63EEde}P zH8uCrZkWsh0va4Rg2h9O3rhl#NW}RohJX%Oh_R4`&+a^73j*Ea38a9Iis!~=wbsHO z^-}z^E#k2y%!;B9dukoBH)KvArCvmpwS|2F0rByKzQ<^dfH`Go4-6t-1a@7Sp+IXI zt)ocU3?#>ar)5^%&E%GdB3158B5^kP`)2gR1Y~ zI(##H-_q!==B#d}c;$MChO-Tn^=Fg{{g4f~jZ>?v24nDJVVKwLQpy$`p!z^lK{e5Z zv~N4AOmxQLGzXLFsn3!*K^DN=-~(XB*wT{Io|MlMVjC-s2X3m)s;H!q1)lrr^Na1o z-4&emMvsp-B1i4WuL>W)4+For)lFL?~NkktP?421?6?6xyl z)$O%c(x)0v^n!l+fY`Nt`+KSMc>vnw)TUEsS|=SU`*?1l+yk7Mtm-mUg#+RLa-=^V z@@zuwj8->k@!alkhzzPh9~~+fqtQEigPhT4({cCs+fcff^%kEG&NV|+1ywR8tBs9p z!P*#2ePfj?OYWjt8jW(lr6hNelWxfkB#`va0G7wjJW%{=wpUeWk0zi}K?!?_b2z=kT;MGa~7zEbpB^xClAg+y!G=y zAvQfZQ4880xa2C<;+jHs;?LssbNs51ASed~9DBf$u%SdfTY!mDNSyd%PQH#2o1hcO z#U{h1yrm0f#-*E3AW|$^xwSs?Y=s{vw}!A)N$$ri8&)k_XjrTq!nn6I2Lkt6B&t@^ zENKx9v19*{rh?|}&2p_(51W1fT%Q0i-LK&8Mo8G$Sza5b3Cap>&{&l_IS2Sa-lGI9 zS&g{OE-jhiqmKT=JX&X{SAdd?=I55cBePK-I5mMAWhU9(aC`Q6tI&H3apZG$X3EO( z+wUK^=i7C5dRH5W0Re|gxAY}r_~9N1Y6xZ-T1F%Ym=@hOy2Yq9ZM%68aZrY-2YL*H z-S=Lu#g&vx4gt-XMa3%D<-y{LBKRov2!RGFc(i^~O({!z+_#`3NdO647>({fT!NJi zLI|ijj0fnIlvQ8CJvG7&@cH>^ZmnZiPp2@nvf2?JN=mIsU&&rI4S_lp^ebdedlXF0 zIBcXyhVBD6FsYCX)r;{>FZY!XyY%VZ12PV7I(l~fXV4kkbp4_053hQE!0AjwdU8x# z);6dDtOd@_&9ptdR=dov+0|o+Ie+ciwdRuWn_IVeF8u1|&B>`r2BVBtnR&G}uf)S- z>EG`dnU`g}b(KNrZ+`Oy!_Du%|A9con$4tTD(YvC7&$dL#iWdjLh7W@NtS^G^|aSsgZB^@?w|p{cpdA$#-|YlaZ;eitz8n%j3Q_3LsZ_n)!O= zi$8|a#M^&xB=P_>^q=~zY38XjW43kY$U5Vr=jpPd5b3eu*&lNy@lnKwHN-40)u6CCPu42IE(lAG4D)gXB|h(2%~8{rBHvX-YXpMPRjTjOgLG4I5B{%Paj@OdFEv(-nq^;}s)LgWb(v z`b$6g=%ak%fNdz|!%V!i5J|2xmEm+IXeq_;mWOdE=z|a5w>$w@ykRIWfK3)p&Qqs& zf&J*CkKTIgt+s?|krKD`hO-roT)L%z;jpshbrl0?DTmWbAeXYz#VZt;Sf{DGDoYFp z)qw$SgEEEy;$$1HY+faU295+i7qjE*&hI_JNrnsU?mG(T>pERcYw7lSi$$Y#G$#}u zrzg%_I6Ffv@M2w7pX6rJBD5&%9gS-OfB}wiwSYr9jbq@SWcs}Dx;H+r71q}oj;=6E z)nweMI#A(8JciHpDX*xS&k-gFJGY?W+Pt7CpQQ?>1HcX8@zJpu#6EaH%B7=sDx>Qg z&qCNPZ%2WBDUcIr7A)(d%PZC_7M_vUEMbgC0zN_R-ovG+#HS`4{5VISK5;nB_Pz-0 zn1I5UUf1Fx4iTEhcgJ+rQngLyN{A)`vp#slY3znoN!Czw&bIjDm8Q&dcY)DGzjPF6 zD+t%&(BB6b#HD}gsFo7VWA{r}jSivxC_umvT8rA>p)px$nv-n(Z0f;)v81&7BeDAk z`lUa?t}1Uf;%Oi<&})MU6HAhQD1MUVz~sc3<>rIM>=pX_BV`S6_M;Y;9kWbvg-#En zw(cxQ`|KZC!`icpI*}(A$4Y5$`pfV>3cbHi2ftBh7$4xmskd#V?FN5)dW&w6N0q)U z{Cky5+axHWAJR(0_#ZrdYi*qU!1YbjgCCEH2c}OCpOlfcq#oA#n>Ov?T{U_>mny$U z!!0Eqke-8FFDU(>{A0N}K{h4FLcga1+Io`dc7&U}bk4>;{PCtncU{^b7iIX_yU%0a zEa0h%J@!mhuizO4sc~QCr}4`Hdv*gOryHZ>H#VrG=C)75&hk`B)n?$&>_fLDfn)&A|K!t%A_Ws9<8oOLj^xIvCi_rj0h&U z%uifXfmp1THtcjJMKbj1kwsbHK#NQDEcKwc6MNH$-ZN^KyP*SK;vq(4CyVfC$i7Np~;acVN>O%ln?7tTB_eeK3{M-&5#WvqBo@bd(O&V zym8BMtkzct&9q|!z21?nXRJFMeayp zxagUdRQga>SIn%9iOjmK@S36vBde`m_wEB~v$k}CkwtUe7I&Z8& zdwc3^zc>hFg(;L}7#_$?_-gjvA3Pv9)M89t?Adef`8#Atdg;b>hr=R{3&fF`q zJw-ZnV8;5{uRiVsV50lO5AbIm!8CzE zFgh^8L#rL-nIcA!||*5ErP?dow0^3UzD6%8j+Gyym|J^S0X2}>SU4MJ(X&EoU9VfBg>r0L`F zRM4r|Y%v3362z8N7hwY`@Gg9)x)}9?^qajRcM-T_wOT!;br)UCh!fJK`rUhwz1=h* z13X*G;a9`yQ$m@&8mhwZtHa)h`|S>dv6SxQ9Q^%z_gBkDV>9;MkvSZ;=q~;1M}e@> z>g3q01+k8rzDngEZ`S$pkKtjhN-Kafx9VeJ7+S}*j=M7$vltz_q50L>g@vWXr6mV! z41a=?A5o0>blf;}@b{*GHX;zZ63Ixp5*tip!nVdVvN#K0TqMIp^(_HzTw>csTqEy@WQcv}+o#Z-rc~n)m*pCkuU zUhE2-()dK%Bj~)tKoZkqSIIT}YH#?5#piWO->k#fd+b5~qpGh~(+$!KYi6nb@S^l@ zx<`Fqz28gHM_-Zt(?|KZ{&q&I$3@va;9^|fG6e69j@qA~W+|J=9$RZ%uK|h8XD_Obx#wPS;g;v+VFDtg9=VtvIaB{ElKRPnn4rnNWx=Jza(*w7Edw*hL+*~KG;)La8 zCNGxCQE82ghl#b%-6`6!vxiG7&TpNcpK-NO0orDHC-M#@sTEL9s}LEtG{K1^$q`gq z*QLGz$juRedtE?a1-cm)V3j&H7AGZJYDPk})wkqhCmU9hL3xyLkdR7NM_IpEq$-1&*e`;X}BnOdW6Xqx(%m!-S0EW?J*y< zrgR;i-=8jhkIE$5{)Y_qU=!|n7>AE?e3KTvPeMu%%VyU*kcRXM;{-fBZ1M!Wr*Pb zf^zLoBZU~#;=VPOhhaSpos88Sy&P$;e1dg@87@rj-gjE&)P?z(0dGOx7G!Xo2@2$xVW-@Dz-QR zDxrfS@ajwFX6I+(<^!GCi&U3Ag;4h%EI#VV&_^)7cI5vMXbn9~@uwTV9sKl|j-JnJ zzUcZ}*WcPKaANtDiK-p6&=X8xe6X3=P3y7A%g$DtNrtA%(pFFfG`EPKeDX1aD&G}h zZTX8|{L&1>ZdJH>^J`|T9HzFZ!Ob_{++v71K29`>)?xs$;PrIbX6@Oz*>~T4m%;0; zTerRj<>uEAW7)<4)J<|dcIsy0%H_+PCW^dw?;iV6oBAw2KKtym_9<;k0ma?FcaI1$ z$W_wZpxE3n82RSwuT5LO`sEoS#l3rXS)D3V=`dlU`oV`Ey!-AuT-xO z*S=T&?d{tj5F6r}_0mPwt|;t7;aepc^$8t%nxcBzXZ~IO;{RRz`5!HQ`u88NY&BGU z0;QGvD_{HrzX$*5zh%HW{qbL){>i^T@zx(G;vn<8WT+iq@b%RW=fOys_H^U#Cz5oD z)=oa3@`ayBj8=`R7Bi`_(+iJR$i(Agw%D?nsyHis0NH=m2a}0@S*7Z$5uUB@wk>jp zD{|cT5K}~x?Nu%PDwTs>B>NorbY$zqE5Ww3LWnjr>NPQ2Eu&j9>}Ig97Q5!B3)Lut ztgVgGI1S*FZ0yOWL8i@{0UA$2t=8U5mAgU8C!-Jfw6&OR*&pj$r>QuY`RZfwx_ADZ zb*4_ZEom3gQJ^h74FZ9UOU4wwG@g^~2@jVZ(e;V6EN%Xf+*{H6#@ZfVV(G|wBoruF zVwR+I@xldi!tLANa@Bb>aQT_6B>tU_7dG|K0>}N+W7ZgS+Q?Y!KymT>OqUQiKbe3bDPPdcNhc5O2i_0ulYi~b0Q+E7)$dKOe+#I2Ta%E(4WXy45 z+oQ~TxM`-|0DqX#?5i)8Lys-?n0{JHn-OJg;g{jA#j;!v1;0y=`#+!ki%cceU-bc< zrtLZI-GPtxthFxs7Q*Z+ zaNS@+lH9okn=20&mJuR^p>@hUkTNo`L!Uqo;QG_2XQ-Bl-n(8oEm`uGF^!j|8Ss`& zgM{42rmr}H1>f}M3V-K4;y8m{S`u&Ye}aWQS|hyMU`W-NR&@G$baKE6v5*LDQPqdN zLcOwGOEY!hDJjsAZY$w*r>w4v32c2=&ql7VGLlN&=#YkLagK0QV_R;#1@kbFF_VSm zM@IL#Icc5jT#IDeAQuDKjh{4rqqN93wIn7PD`>I2ArhVKKYHusju;*!QrLERPu!WCUzDI=vm#UASlT`T=Li^fxyk1;kZPTmrW zln*rDc$=N^&7k-kmn-o5$qKQ}n5x0?UXSYBPTyyfxAP+nNfmoyI*U|t7NPO(un z!#kEDhL=#)^r(V6LK9Dwk8T1gwVO6bWfykLH5?hETVxy|X7s$#r@2mN-P>d#tu_p3 z0CR9N4DGn@6^c4g)qz@N+ZDEY4ib2)It*KxmZF}0`XGM*IyB7nxYn9z81Z)_$NrIM zZ9P4Wy1^%(u-OJve9Hv~$vkEB9mV)M?07u6>5*H%A6yZ?qyORg`N{1+t?zXG=h@_e zuK)D7(C+-FE%1AD7Pprr$+UUIwec`F5qrk+g)awHOerQ`r!KfTeE)x=%yBre?HSKemjpA|a!^D+#1YEKO)h z?;2sN>MTxyAkZIGW~I5(5_c4l&Vc7AS#7>X6M{W7c!9ES&diU(!JTysCUjz%~=szuRI4yU(x1e94R|=+2+b* zEksm~rni3XYk}6}=e7WWJhw^SWLmG&TM*91^m9P^we1>5Q?b^9Y0JJB)&APqCTxsW z3Hca4V~_mL7DD!+TDR1y>6g)A42MLvd7&UsWAFuTvfvavK*$wDjy9FF?r}6V>7X1P z1-7({#}+Ulg)o&Tco@)adq-Ou`BW{@$2kZ7*w$o@^-5`*%zls^y0rN=2?0lFJNr5z zmcrmQ3xJIcYz?naBIz@oDcekA9QxQ8l>jFZ-IfQ%eWHhgPFWsB3Tj0M&wO>zQX{-a zuZ97|4xhgu*Fqz38k;JfRh%nPrCci3Gz`DJ>C(R_`n2{XgMZ^EqC<(tm#q82_ok#g?%q+Yw!~ zouLmC|Lxto(^Hps0s11NzyIMr{Bi%93NjtQJaYo%Y4KAr-xl*Xvr$#atNfK}5LyMA zd~9x_f#S`}mvfz#7&x4eI7L(l+2Yio2$-YQRa~AngM`7PlGYqjDyr1*>Rj|i2wpUgfgFU88?&?DWNZ6+TaHlMRVqhJ{Qw$;O zBZhiDgR<7nlFHV^6f){|e&TKE&S0WtYGW0{J8gx{C*s-}P)Isq7Y-HBBX}GF=+PxrZlfNMgPS9%_|f6`{2;X{r<$xOPqN0@-hUcGZEh@D zg>rk(U$SgZ--FY-u?}4J*?ZJhF}jU`pw(!fILc&~+0uKZ=ifJ_t;SPVt?C$X`&#`f z)4+>o<5L`}g>6s;#eGyl>4NE?ZG3?bAPC;-mM#4rC>`M|V}Qi~l%_Va)7emRlG2R{ z-1Q)3LD*zJKRu};h7>IxUo6PQl`Ol2eXApZ#42v$8xUk)Isjag=V=qBaucdIKp8Nd z${88Vil}03+)Nn`QkP>*gTffm%A-fj^cR;_l!fIv`jf+~TyczzHYEb<(ui0?1~do9 zN`q<(hk_>S;A|UQxjv2}m3jhU^E4DZXfl03T;Iu#cK7r&<4ak`I(}a(_|+1_jk}#+ zy;k*oa($uVU46Uu?fQRBkuN*HH9_S3!!20B!7zdF9)0zs1&*$HYv3D=SP_KmGIcAc1-yLkD%bC<5oU%1XfX808Z*H$0h|NiFP z@4o)+x1X;pJ!o$ifBtvvIK(?Ytyk$yQ{#x+GPO7hy5~)cD zDAOr3$9w!4JH4iMPI#%*`MIn^n}urm2#0J@J|);~?Pt{IsQteJu+a+T20jW4bYA+lZ)5|7I`LUuT)eciB&ARZy4G zzO#ADidbZF*1GJNQ0>4TkOEDTXG>ZRRkwOn)lz1Y3S)FE?M8nbbWWwTCf;_F@^w_A z#lwe`6Hd1+x^mR*(|G64odb=+!BmoTU3gh3FlgL{AePh=9>%VlW;EZ_E>hAD*;JBJ z_t39=+(x9mGyP=`JxO-c_*3gCZ%T%dx*h>(yLF5L>^D&l+SOX|jc1F5AQTp&kA<0J zHIXgp zW6N2rv5Y;-QZ-xcRMj#6#PmpCIO+PMsEM(~Pk;HvTW`LMMyr4Et1mL(YYH;tnmp`J zDrtTx>~nFe&Z&8^pwc&~SEUcXXwjwtGm*48a<#f9`}in21gs>I^>0Eff@%Qv=-CP> zau&3f64)?+hDafas#Rzp2- z;g6Z1QB`MnORe{XxA@=hiWcNLCzDg0Mv5wBm_Mh8^xo>Y^)?21aH*@#AB8xxd}T5F zqXDE4k0IJK_wxo{(JdHO_P<>{qC?aSHNLiz;JG}*ZMYmLHEcz0c{QBuHNH<9_4r#l zX&!f)k5DHwSj~5?_1kOy+C9BDA!oC{R&@9H-7$ zsdglF_!%`)>dejIXv^Mmxq{J$kYUwI9~9JXp4$~B@IUno+KE;dRcfAA!(=RCr}Ih5 z7WSJ+>%vjEr#XYJ7co=@vxQ8Fy%{35iiQGG<>;dlz(sZ&i+o zDxWoG`63i<8S@$#;(R=-o|~Vh>5OZP{_Ou0rK`M+#X2eCVz` zJZ3TcnA>1PtHI^^bmJ@F{jWimo8F*0vhmx&F9y`nv+JKVeRSii<5$PcZ_O7}2sv}( zApHi(XFW4T&D!L4H~9VZ%nVb`OvLN!JdehnGT%uiky{T_&V#NH1Qz`R(m*rOf18f$=M3yafE+ci)j1 z0`~AgxN_yn`|m&WabBwUNP9FVjAADySO)k4?B&as-+c3`9|x#v3b6*zmA&cJtCwqq zF)HQPUw{4m_dnPivPI;rc=ilF+byq}e)z!$iW@6~*Cq)-=F+8$?|<Mo0`f(Uwk9>qtdeW9V%rJ(?S&DThgeqI>9Q0!if!W#|sWPHHJt&U_B z&vV?-V&6&ud=IdDrx|YR2IL^no+9OdYbkMip#Zjc!$E(e@W^9E);=q#Ju2S4dW|WN z)#xhCo3F#@uvxQJ7s_8dj$z!18J)5q9gpI!A|BUi$`{OCU*ksEQZ+-Ku7E872AI)Y zQ(n^zXb!VUn>x4T>K>1e0$PO9&zG2eIhW|0adGPOnW?Ff@iS}r?%>GE8kIO*bF4$i zA*8|MLuLRO8rXi5H2l?P2%O|WbHdbgL`2i5>mYr1(@~(Kz|&E{SZf&#w;EZaV{6Vy zj;udk9a)dUvw3l{n??;jF&=^6kbJtb4wB1U&4wOFip47Lh|z;*>TVJ(WOKihKGv&Z zUrAtYp-9I;@&UM7e;uUgF3mAfz|3yOcSx^3>eBP4Dy9YEnTEsCDJvX`n6m!Q|F&~* z2tE&*m4ZI3d$5aD;KD<@FOTV4XdwV>Z`DzPw))WLg=4C92ln6;7;vFM7Hvd6G?EQ` zzqVaEc-tCoOD>UHVm8y;MXIwd64;l+5-b$xWM-y0`)~XB-o)(=7agKpy{^G=;_9F9El`&7Kjs@X2!^}0k=ct!h9AN}L{+ZnAM7iIT=OG<1;l6Y2T zSAQaul_6$?vw8?WvxbW`00u}7+puOE-MIU3;j3GBZd`q15BSgj6_oBhTp(`{9iYkz z19L7m&Wtq!vk9MSl!x%@aPXRJ+-8!hD6zTAL)bc4r^f8djO4sUrjsN})*GSHGKx`*5c7Ic`^Mv?l}DEJW+vX|W(h!NqP1_? zAx8_=2iE;fyCB{4^y!|ETCQJc3h6sEG)+AkNzfXvqu0I^81%G#Q=YU0ZMD-z`j)y| zsX8x(U2u77{bB)JLs_Q_e`tIIbFz?Wk9y|ArIpjmapqslA)AW_;3oj~ITdL*>m>)U zax~}R;tCw*My5v39ND5sSp;S4vF5ZXoF_{6nDB3@{)>8ic`$iV6v%{;nfrkK2b#Su z)bbr<{%T#WpT0NE1xjxxCYv<+ut{w@5j4v0P`+~XY z2`)2z#4Xcsp(}lrmP?Cq1xX46&?(5pbo*uV36u@IjtcNV~7iIBZB3kvFkc)Big|oA|P4tG50#lu*!$B)l-IKl1 z-?iNg0JfNRl^$2OF{#8@(w-u0^wN8E0Dj)e36Z<>1DbD)iY-qf8UJ`OI4)H$%*y z{`B`4hT171Czx);V~OrbU;d=B^+~(AxjA|5ny~WZQj}FFlMRn^bMvmH6O9W8zZiXf z_#vOHOgSY6kbN6FQ8u!yVo7w?CT3cus1uWu7cX6U@X054@80E^)p9_&4KYXp3lv*V z-b~%YjqB4N|M*8dxdKZjfhX)t%@WVevd-ngbw*isifTcTT_5-l0*UeB#n{gB!^(dN zJKYBl9`cw5XRqW{$NBj=2^6aOgh*E;Vblu;2p}dxad|R-_N-)#cv;B0VM@z56%f8- z)kwVQT77@=lOMnJ)(t?oT9lF}S7L@rreRz{Y^_(9n%^JY{?l9kt08zS*^2t<=lNNP0Os0L1I_!Fv+DSG5(A}IU3dCFFB3HcZTzbdOYnnK% zo5kNnnb%v8T9z`tX_V1hu;Q2GyCo-~u@JmeBC%Wb&*Kkw@6jxgJxC7BN=R0N+4Ce2 z6L@g#t^E19piWpK!8$bMlLB|{e8>FA4NRI7 z*5`skS4c;J6F~vP%8UTwKpnrC)l0s(ZDt%D87KSs#Mf%pFP1a$g_$h?H^)a2^Z3K1 zWgN+tgt^;)(}d!oV)fS-inIQLLt{$N&incx2`e+K%#)o9yB72Q+n(<&7>^I@4)R_U zu=dBd@7}#9IDufjFHkkmJe)h18=+18Ssm+n**55fz2H9iPOfs%Iz|`4I#!9+4!$Y_ zkeGAlC{Ch$@Mz^_Dv_H4#N(4-x~G?d0>zHfG+UO*Exxr{8~z7D*Csh{tc{Oh9UB`{ z?y(ddty%9hfMGSYk9m6Z)LagAm;b5NwPog~t5M;|it&_wE2n)dvu*mb2ja;tT{=5n zIoTeqB5lw37`X~NJza8?m;t}4oA%@y-c=>m$-6V~jEWo_5C5#2K{6fHn86agjg6HA zrgFS8ryV!)!TQm$(|`O=|MdJ{`@@;3o(g7=`95~ew55V;3x}#gBT*v=Zq!J9KnN}GVJSIWL~Dx!7WXX4P(}~2 z7tb0)mm?zSITrBe=BAmh4j?}xJ_BMlI6FdXk??UtZGe%dpYs-CBtFyl+FzdR;A14i zjpDvSXy4Jl269IqJ)-LmJ^8a6FE0ass2Q_lCpwDe@$|I4dNwW_S>R7iy?Oom8+FE# z(~r5?I84RReVam2e<)F(LP18i)hz7L^^n@^r0{Uq#twAD_8P)UmxIW%MeAdDyTB! z(p7fK*0qgCwcVJxm`7OEWO%Fk07~zXLWkLbT<0%bU}GeiIwE++g`K3y$v3ZEyYxoR zW22j788#cMQHhoQ)}IRAho>z3{Exo--~KZH^h*>0Lkc<hY<}X!QJp#9oof}e8|c6xP$otT|5UnS*JEE4e$N8Mp!IA*#Sze+G;3J~FJwSD(ld}Q1M z`+POW2|zV~tx^%fcAD&txlSGUjshJ!0V&GU4x3QnM$2nxo)K=g8 zLouUw_M~Lao-i2%6ra*-FmKa08r0Hf9;t&UlV{8_XMF67b6BQh-E8ur`kd7bMFHbc z7OPIWG6T?v_&EmNJgSC|$ERw~CCanlSyDrMvH${pYxMYcU0dVm$7x&p6MVRe*HNfV zB%{?(bm=5qx_?tV@M#X?gr+KUsm$twXQba;e%#h4Oy|BW4Qj}6sLg3|pw?DOwpTAi8Xq2=|wNa*= zdL$8>Ts*dxtGFY$;6*w|Ca>DKr_A-JZ-_4iNUyx%LJP4L@v`@yBOuW3AdbecW_S4A zn;j@n{Vw{+8VhY`v?~`|m|kUZP0x(9#sD-*a%)P9%8k+WQ|tfx|M?I9>L2{x<%{PV ztF3g;`_hWOedmY&>mU70*}jquy{L=qxwxbnRe{EsGT_w3wNn3iF$0 zF=Jxz9&wVtKa&k|6zKM55SN>Ze)=sZJHRM6YqWwX;lfEaG)Eom)Zi=2R4b#mx6~Fm7xa-n4 zQgrkgqC?kzo}9@Bqoo^PeNuGeyYAofUVw#?_B;*qpYddNcIpzP=xMk9DMGprbq1*I$~C^d7e zj%`?>DVC0Wa%%ca9J=Q%oXyDDg&7}XjS7;CZ~!bGa^_|wl2A+_Cd4R~R0mQ^))1DX z_b+wJKYxQ!g|cvEMmCWm>!UygL|M`1w=_jV6uV z?4gN!H>`5eyyBCvYL}-}{YjabkJW+2>gf2yPyg`WoteKR>48I&E?^e~n`Q|aZ@l~C z3m2~blmGkguB~Qs>(jsUpPzl}r*m)pwD9j$Q&TZWl-Rx~8(ikOtn0Q*KIkKtD>!b1 z1LO8GCJdd*#;7_#j}$K>qQ{R@HD#|g-7{HT;eU7~&Wsgqd2X;XSJ(Dv*4iBhh!Hj? zzIF7Jxp^Cs4Ou4IbD4TYi-8ii`Tf0?a{`D?++XtNx4YZ(o=`} zGuYQVRtvm?qt~VEDDaX{z;szsXa0l(6KNwJCOiiWS*+e)Sh8_u85kipp9F~wfhjx) z_2gTBGrbQ7v%B;dmw7%*;K?%==BN4D$O0{!AU(l&I7@f`d?;XY$Fa-D>U}Nu#v7OF zYYEX$=u~N*{`F|_u|RMzhD5=;>f*xU!+ft{2`0LZLI-`wy)^T4vjh@Lc-(ruyGyWoZN-1#*#a;We&&W&2_|Kor5ucjv_fBED0u3x^$ z>ndjYoK_F-F-H7kaq0H`hkx?pUp(=Zx7d=2&61E5!!vA*cVI_@5eep=eKa{_R8KQY zLDWAKt6cDLScrWUT_(szzeD{R^FeQs4l<*zEEAFag>DVe;zoSeH-u(QP>1Q02mr7a zEJoaC2PB4Tm4=H+ZCXxv8}_q5IL=CL(>W=S>bw-_-WG(GSRe(KgNBnsZ{qE&^!>2< z0W*cM7DWw83l**vN!}R`iHfdP`Y1jY^#{O;SiTN_a($zoN5l{_NkL zFjDmwKJt^PNDM{CC~z*2W_EnkHr`+gNvwB9L4(oGo5=SO?<*BX<~|y2vwGib+mz~y zoSe4_?X+OJVTOj|oXz8FfVqv@VXA$=H@5@v(>&cvM7sv8c2$KTG(`ff-LN~Zc7NKf zBYrhhTi_@lWUnr(*?SGWwe3BwA)8Bk&%fWC`-NYA0fsARZp#?id<**>Uv2&YudWBT zEq+@3^p3Tb9$I=hee^(j_u9w_=T^=+o+@toHg|_gW3=OllynuZHs^DbZN%MerFXMW zrEkB=nL>NoW}SQH8;F)CwF(|SANo+CD=Tz<(|JBXLQu4(P&qMAE;-d74=7Pc8T=8B zIx8~5N34ZG+Oc&OM6zXmD!vd+>$cN}O%S6Rq4N{5xDRD%=QrVri!NwEq%TCi0Mh3m zd{L5#TOh_P5g{wf8p2&cEXN|XQ$eL~_!d?rbRTu{Lr|`LvakBmqu|L^O!DDPg*Z}+b z>u=`g=k=~Ckqw3D5!f^#NCCV&-+p@wY~TkuctE8Hq(L1t%3v7U+rDriKIo~`;^N}t z$B!R8c<5=abQlCX4?lG=a$JxzP6bdBcLsJ}r`y|C0s|%*-Xfc>77?P)hD4i3ZRBNP zz`HQ&u`Ck@&cpwiu(-Hn>>Jm(9OaBJV$RIY;0d^gvH!9_eMQ>!ItY@qd&Y|q#M5f9 z;x%6XeI?9iwTGR4KMANXVewFIyOaHsX~^WYygVUscM1uKh3XG=N$6|~LyLizf&ptEV}!!rD%2Pu-TJ7gK~}r^M+cHoX~SZ1W!2ug%{yzdn!c;W zoWo-!*#)4pa?HKFfRm!#*)Q6DyYv=ebJG)ZOd?u;>Ro)jl;2z`u5yo!V-xI6Ggd=Z zH^g-$6|>G!2J?bIgwQBiLUYy>Az`4BI4KuPCv*kK<>jS?_^LxlAXY16lLGIkAw0_7 zpM|;`xxI-Tb+3xgl>Q2lP@3UFxs4cx0$cb`?Ca6Nt@|I505P~zFQ^qqMfOhp1@Nf_ z+o=~@>fb3-PkNib2N?sR2fE}6+V&uOO_WdkhxB)rOFl%`J$&-KfFa9Xhh2gP-8eJ8oPR~7xP{ykcmV>9B;r96}AWT`ru^q{TV53^=2h000*Mt!bsDbYLID0+JWH9;7?9Uhv-RX zPy`e`x9*ze_7c&xI0u^EI4n5h1GID;wGXqG^83jHD{3YU2fJE7pDyIj&yJk8oArcn z{cP>wLTH39%uJpi?}}f6%IvNO(M{=5d_T>e!Mw0vaP|GB?S1w2q6I5G5mr*Y#W4?5@JMtKN=e&NeC_?s&v@1`0&>1pMM7= zd)&sq<&mbJEG}E~bN_G<>#l^8$h2nc7)s5u>iN)|j2y5XxCkXkXBi*`qM$moj@w@1 z$$||^Lq3MLx{ ztYO>B!wqK`>`gf!LTOvx-`+&?ysvNF z+iJ6W*X?Kj?@CIZ+;tH_>)Ey*Rd++Y?1qYU(j|5ub<(APn$%R?@0L2pV)dK9``a7K z^HTU&eZIwNQ*uy56N#I63s4wX96C2SJ@;pS^RN8B|M>6nx5{qy_y5+v{~Q0s|H*E( zDgaSzgXOx6aw7_y>5zJxC5D4cMu?YoA8P~hOm}*R&Ux4Qy6FfRUER8M>nA_?XzjuLD)y$>v-F_&SBw=q9*L;do#?53OpQE1LGS4+fu{X;5=tRTxx*#${R491O6-Ig>EzC|I(uX`Z>!_9fq7$wpR)(GahmV|NwwKvkidn~ud)^*E9t&f0v9vt8HXZe0eHa5^wRIwd6#5A1@Gnw)Q;XCS81YY>pkvxB>_Q+jXiZFxdUiMICV$chxLR*(=H zZSm22x&>y)Z@E|?N`rhyP!puxpJtZ+%N~n_x$5dODu04ke-(#)|KOke?Uh?UtXhBV zH~+)u_*mUf>nRK?5WnnJf8*czYwT9V7ry+XPyV<6=DUCWZxuGY!IbFMZSz``otY)f zPN*Vb##a`f#`oFn>ZMzn*!g?ag6@~1&o57b-+c4!&wlpvAN=5lUw`$ry-#8%Vvxh| zv}J26)YYJbCFYwbhe7v)2M<_he)ZK?>^SY764Z-$Ca0#RVnN>zxwLypZw&f zj5`^6LOzaS#Cs`BW>v@w9ZN5P9qRr2_kaHLpED0-SITz~N6}TkcUIf9zyKJqy-r4B zzS>FO(c7YU^pbXYeVv)?=bwKr^YW5|e{poyqwjp@qiff$QTA3IRzzQX@x@Pn`Uz0A zmCjtxW2bk8J9m){NM3(E7C~zJ`OkkL+5YjBD_0bUF7Z>GjuNlfp>) zlTUu89OQu_+veYJ!Qs0UL|+p5PJH z6X1>aMtxB>@h7%NX9=(xJ0_trO-tR$hNIo9*=yjIfW80S&0|&u?aYQ9vZUGNc&wk4qq;`d@ z8VP>2!c_xcN^IV#HlrJ-vRbF!SI#cm?DROZ`_{+mP8d6$baTB)9E-N_v7E8Eu^jMG z1jeAn#*YUKtpo|B-Kr&qnZlwKY{7*OMplwGgWel8H6Qqerp6u*RvS&9Q;n zHgs|@U}YV)s__k^6jToY85zUkc67vcWdHj50JXM7j{^h2I^sX)XQ6Qo+cWbG1?)bJ zm6R2fC3u?YEOd~Ty=n8E+1A2m2etBX^zl@;(KWm~)txx~z$0I4_uO=dHGBmF$Dpwr zu{Ojig&Ae|Fy+C2V{9b8*EAL$)mGOHrD1kfKHtOk+~d%98< z3!&oGM1(z++HWR|DR`4EGs#T@SuMdPj^j^luCX^$=QrckBpijK{Wf;`^T+GX51+Bg z(i^wYr=6#J?~brYMs%oJQJ(;#eLnqYIFcTiBrO0`T_?kiq>a;AspSU}>cdQMhU5#b zHB<+7uERNEaWYJrVBz{~C>AqZV1_l@*ywbAWBu`Bcnk^^-oRQ0C1L~(XHt%`EGu}y zb6Va$4R40nL`MUbUb;A_<&&63IGeW^Tv;u?2|4!K11I6gY8|#O&Q66dtMP+4qCG(! zHv`1H5h0**@z&zoIwKtl;``Gd;*>}!jQp&hI<_|zOw_=J=JhxG8wUtpDz36LV7#iSYM6-9E@Ro!&x_j z8m{JMCXdw1Lh)_ywD`7Ld&!R;&fBRS^D)_}N$`-D4h3hbqRrQqD@t&9n3yy(b7=J+ z3XsQH32bB9$Jt`rR*Qia11$zx44i5Vm^BCuw!w%_w!V06xo8tC&7_W^UqrLr*C{(S z3QqDJFx3D)aFWs(iat5Fa=@=T?9}2O(;qz!fA+^P`96F2<@_J~PC@mZf8*bqzHoJq z5bl(Xl-!ZgQxFf)J>_@#XD?p+)nEThfBY~1k@#o-*MI-cU;NJ}F25}oDq)x?ks$Xf z7_C}|+J>~T$6t;ONT!B6A@l5~cNbMuSU>vFkAL{XKl$0ue$Mpj%{SiQK$KA_5tJ*_ z+qdp;r<&ipM=k3!Gc&etjahocvdwz!HHNI$nP=HUg)|vhVcK0CxW-3vUIAU%haY}; z{rWYu#{iV&t1C-Zi=4OLev5tp7+PokWi4?1+O_L9uJcI8$W{Fs;_y`s>NiY%8B;cy zcY0s)(6RW8!`-|0o<4oT0iw)z!VvWyGg&TO8Qtb8W=OiP+qn7|C&Sq{Z@yuxP9Em7 zpMUY?)5Rq?0gvuuTNda66d7cWhGxUz-)^2;x$rlui_C96Ja zS{F2=YwhmxPOq;`Z!vH}Fn}qsYsX2N(PTg+Bwr-vJ1WOyUyt%%7tojfHi&X~< zYSMpM-P3yQk^mrxE$2APB6Esm5#w4*Iag8&Iiy^AzbsJOc3&a}xYC@Nv>!dhEnSGD z2LlC9;~IzKXOV-|)Ruk;7^qokEi^Xa3XNv?1t>xhJMpx&Hr6R=DL~K_9chW#2PCkU zfRq!{{w65sTh(_>u4{7+Tt}0IjM!KizhEegj~kV|pI>I)$=GDmr2< ztpTli8k369(Yp5Jk6H$VPW`bPAv`a?4rj)0BW}XvUQes)Fpe>?tuu%@Cow*(5N7!a zYvy3sszu0A11o!JN9x_JpgQI&+Q{Wb_PR`0gGhr|>iuko2XzQ#traJEd2h($yiuwR z+b|F&S8dpa0b>f;NEWGwML(Di$0DoGhM7$xt$b7&g1QZ}jN{-}d}K8(d&mJYg^uy&~#*fi9mBO8%_eRyVi0yr#I zIUB2~c9*gz=TT7^+&WK!%pev{9pup$GY*q!8ZOHQ02|{+>SX~WUFH+$G0m}s@t!k1 zhP8;`(TmM`RXhkOgN@tZTBD;;^|R=pN73*r85*v;(|FklD{cN4<3BAv3j;0vwDi+E z7Fv2ZE%Z=t%KU5vKt=_&uX-^6t=)Q)Y03}1@Ak#xHSh1G{C4{3Ek(|>93VrA(1&ti zHnKX*$RHD%Ik30Hk;lnbgqr%NF+DADS3K5b0c%Ld@{oi=9NG%e_WtffKisTV(F>Q~ zxbfz9Lw2sPoA?|#dXXPWif(>T(cPpF?qpraPGJopG4x?WZ@lxpuRi^g`**)|^T|K> zufO-7{tqE&UeG`BmP14!yWfuW>Lt7GnSm=oFLE5pYV2nj6l4OaP}+y9_O``9i-D7a0Ylyp_GkJ46&8g1 zg)9(!CI-F~BN}(|RGL98<#6Fwe@Y{+=K0_`Qu5@_(AnFUc>&bryNI2vUWMU_G6F+0 zrWGV)zBALYF)BX}JDpq5qv%e4D4{D`z5rs{A}t192@K$e)z69;KEjdqym)db>bq^% zimyg%cgz-40ZH?ea7cU&E28*DVt4?l-3lwrBL%pvd>0H5-K{L@bP5sO3~xebv1(Cc zHb3+UeHTc!KN<*tL`xC}`q;CYL>@jI_L&ODG664LFym~ms!ch=7$B26rjFxS@M4GL zL#!tIyUBm{-hKR&7@KnL07kkKf7_}4Hvdlgz{1$!;>WwATICo(Knvy0z)ZE%+u1!G z4baWnj1F&7X_unfz9NSUe_!QpkH7xyFdSk^YqWZZ$b7-7XwXw>j+A3yplN~}dzR4g zi$tOetQv(@$CaTY5ZL-c^mv3ObYR#g_ZrX>@m>1tG6El6cF zvuWI53h#`g%nQom%q1c6Hj>bLFli)$&)%1UE{fy z=arbdV%CWv;>VOWGPV&n;Jo|b@ws!4CC*MwT)!NL{+s?VnVEkQ?gZwhCa|en_ZK{p zXJ+c`h(UpleB*_>n4h~L;;0~8{}#5p54yi_MU#$yLnM`!+g3pA;%4&~f@=dqWHYsm z==W?d^9hzC?zEO+)|{cbSK(JZ@n3iikUGe za5Z%Cyk5cjrQvB5*qd!&+`HiN7O{h2WMk;+h1}yTgNUuY7+Cz|BtooU&JIP`4q!oX zAJf<&>FIw)qF5rAch@)1YEtq{Yubv^0q=ei~E^jI{U}h?XYt=;MD-v1@}Ix|PomMUzyEh$`*Z*C z^t-?5bWkqMWZ2YubRjuYzk#e)AjUXF2?diVt z)?3^WRSG>AqVm6osv~m~JW7YGSH{ODi2dwAS(KI$XOpKQp*k2HrDS8bTJ?Ktig<&- z?#n#zR!&Y;{pD9a&tJKE#fY|*OEtj=mBUrlGNRoqi!#!kDxa@RROjaA)WE3MRSnQ} z`EsmwE69nce9OjDb#{|Cf8h|W95eJM&f->Iz`#ANuIY=bf_yk_mT6-x23ic9JPbJS zF#l*C-?(sLZpN91sY!ec2PjDMH{yo5t8}CL(7!E4*q{=QPvqriI_YN3^Yf3FoTWL^ zukM_@w{cn_su|OaGd(?J;$R(xPMikG>2g4)2*Ke`=UM3Ai7+;+24rfJS`4%p=wbi| zt{}m1Yglym`62&yd9t;Xg>3&~xC=?G?>6`A$&H;aqBtdW{``fR$+?*cA4q&z%icpq z%Biice5^XiSDg9El`9u6&Q0Zq9gdoi4v4c{RZUxN@D6J|;#3}h9r-iA9I)oL`02tx z2%p2}c_#rfgj$w`T z7*0o!#(*s+Uo|l z;p}Z~Ek3yXZ0+&W_>{R1`8BO~GoI$(q?VmJ5E%9sZUlpDV7>b8TDTe=8)JG*(uKpR zsZc}jR8^baVqgFUigRs!fC;71s%7me_G6C}@fm=@z6{`GpB;XZwxq+sCf5yYUXl4L zGG?uZZLMytb@T2y{3K8CqkILhh@kqQ`_1BejDeX}&eiAkEU1LjI67d}>7u|ua(_Q* z#XF2EN^?4vBv)*9k7zmJ*}Qj?ATJ#RGiu_ka?Q?5Fi>{sq`Mr|< z%V9R;(AuZigS@x*@l~&?&5ydE0u9Hw>ft{ve)h7yXz8b=pOQb@@p5v;i)oaw#5_s_ zXCrN!QVCD&8y1&+uG+Dpk^I}@hN|A+ey=e*=jWnoc2a!r^iYyRL0F}jgXEeeBt7Yj z3MZcVP(-f^XTJcxcz$N7#4TpNu4Z6=E32{YBIHkujd;qYmbQf4LcSCs0E4^q16ti9 zJuLju?-q#HZ+@4j)trtZA*8Aj^LoXrUcoQKX`t0-gM5mpn=jO36%XblOB^c;ZBOJ? zvC1!ByUE|`*Ps1RoZafXZ~i*aEy|e9k+`DyvmSJFd~6&>tV{{9c~FXj|5LnDILI4A zw;b{?7=7^Y0fg{o$~N?kH(tMX?V4(l5o=VgPp@CUe&;q>zK-4)k zH6`2budFys0idk_{?1*7qmxrpmoHy7#F*!D?&<^0{Jg&N&f6?gWsafOUDW8irU9l= z+$orq6Lq8E%BZJu(HK@RAYisJ@U{kUGE`-v#7GzFkR0>bTeohp^wnQ|$xn`k&TxC# ztu?iGEe2W)yc`UeB@J-gz`+$IK6C*S_^iG&3*@d6n{eMn|2}amFx<4<2rety`3dh5>tP6+waKf5v=~&O#1G@ru)9)O6bV&- zSb#~8Q5FL_7J)`0i`5w1>1g#_tP-Qj+>@zYZQm?bA`;luZVuRJw?e=aAvi(<4-92H zodQ}UnBp4_=gXHesx(j)Hq^8wf4A=V&1zkMuV|zs7(3?I1$$IFm(Wx>NDW*os(4hC z_9D6s2{H%HdIGmC)e{>y*{gU~J2Wcq$#`0$Nn#KZy{?{CystmFd~B+vg%*s-jqyw2 zdjHCW8AZsrillrvz}-S$ZLivGk*r=9hF`Vr@6ulgu_Lk_Gr=WB&OggTmzdII*hQ~D zT7AZT&w!R6OWCE`9OKCd!^ALzjM#wPRzT|+f(i8U6ZEXn5hjT#=rC%>8Jq;&R>5-; zR8H0Fim}@4*&XKR)b;Wn1DwhJ_-JQGs+f69B#BV3sQg8}JOB^B<#=Vo;i=d3`DAI; z959e8#;g$&7#fSAjVq!fh%reH%r8%detPSjAB##OTb!;4>WxWy>#Vd>hZXA3Tb9`= z+sRMYUvx#21-UFD%r#-T3ne)@#{`}j*&9|4+FhHrW;YF*-R#qdz_V9)(0a4Hs!BJc zTDq0m5*C-3Dx}ygrgm|AD9xRgO7t2DgSJrJ$De!0OK*>4&am6~YV+@1es1xZ9A?M$ zMT?&nKP^8wIsAm25H?mTA#xMUOsD3NCrjZU-51d<+e!6Y(Oa?73G}|W7l>O>_@qNR z*$>5lhPGF-cmANbV9Fy_C`H;~ia{fB?x0|92kQALmu9C(TY5*zp{t?v-(ZqDw$46a zYQhmUhHK<9{f&c#OoVM%${f1jwZQxy>EY>5{!xK)^W8sVp6`N{I<7&;>}JRoqCor; z+-LRy`0p0k^84DpJ{!@66pKfeqWz<397@BYs808x7l$ zlsXNFmqBVT8_8sBMl-BJnPY*42SIzZEZ5wRBi!$180xG%M~TU=UJgGS$e`|a<3 z_dD0GUt`M2r)h$)p~Wx0_|nVz=}$i?z?jwk`mg_+>{d&2(p&k!I8(D*w{LT`sx#aU zdHde=jT_gPp*^_&fc+@vsm5&ex2a)aVc|zV`mq){m;L(dZ@_cu(j|>5Zaq@jjJp!W z3EUQ*bTcaHtH+9lMXaYh(b`6a!@KwHef#aVItxqeW#4-1CVSSV-8Rx!Iy*VOHr`o`^Oj(KMh^rRBFq7SX^XcQI7=A7rG=8jM2@a&_Jwg`8^Jy| z7wf;RT5$m6VsKMip0LDbn{%X?wg`*W8&~Fh4Ff1$^!|bRH%*ETRdP7Aiqh-WesG zc$&GS1x6TyM#1xT2gq&fe11leFjvhGCClGxXfkDFLTSLMC%)W%Zb-}3uH3;tTz%G> z*cyt}o{?!drLsSAB@4HU6E3X`>M-pBL=5C;wKS$tsXCO2)aXMe0FEWB`r|<^9s_`q zP+b$of+&Gpk9ndjU!?|kDNrn<6UKML{0h zRB z)N#(KP^2D%ADhThk-oPO1+qwR*HgPG2-CK%u|0j!ca+?Oy`kY$=Bi%f_XJdAhCWPd z+j|mZ=*@Otbp8&QkBSVM`LU1Q&>xg`=ErVT*_PTPY;X4rr&NCpe`f1?&eN#Dr@szz z*ZiB)^yb(N#DUp+7r?*Uc**Lj?4HI~n?Lx|CM$zF z_nZ8u#ZQZ$mL7JM58Lr_Qu%GDB4|p?Y_SK%>-@QMds^%pjsNiB_jL)quz$Fy6akt)HqK1}`Nd|mjhncx<2yki{pTwo421NrJa=M*_F zgwg8o5EnR_VDD=&MQ$)z6!2_nb6p$#g@@JnH8_Ol%rA?d{_~CHd38=q&Q8r;Dg3!D zm6cl5-z?~QdKY+AwVx_Npvl`TNEg)`nrEA^c)T%l;p*hn+~U*uwWUYj{`mVFbMNX7 z!7gUNGac%c(binJc!7w;4AGX}{QQC!$}^4YneP4I&LP)E-j*ZwHpj;MP~leU=vY`} zX6D%SK;cD#1a@1zckbM|fB$|E?YVQW-MDdu4bG*D?1OhgDzO&+iT%D{#O#&TETdS( ziwHZ!P5Y3fE;GZ^)z$dUgA`s%S!DpOUDmj9zwN4<9`Ibm%j2URt%z`>&G!NFj7f43v!R8rWi^6(e-QV}DS*uEi@95YC5b1#em^8)XxW)_o?S=Dqf zxwzy+RLya{)yCu!d!eC)4#j^4#Z5iZ<*YfVw@4drG4RS_pcxKLPRp&6#D&cQfwY8$p*=XO?dOm%hgu+H7YA1Nck^EJ&a7e{v=C z(0M>r6@L9Vt&49?*B)74_vOU1LgExl)t29=E_Vv*+7yW_t^WLk;m2!@zwngGoMYXI z3A0sLHSBZApj$EJg-`MDV%YoA&ni7MeLSMbaW5l}s2iuOT3iaB%C(b70&nr$k<<`3 z@(yRHY4jPnNNoOdtSYbkS;W{erZ!^Rf~AzL08)aQY7s88V8nIST^&5m#mtL+fi;z^aP!s{ox&^yQB#G6eiJKj=|6(eEz# zv#EqS!Ape6UaH>cAfpI>swF`C$Th`>h}&~i$*XG%PnS4Zq@b4P!Ti(QpIWn_W7o#y z)&s&Rjz(wWb$8xi$FOBvhxFH07SdTv|G03f0DQvFod*kcv*xCz%a#aw2?X_)w^j3s zCP0W?F`XBAMNzOrw;{ypXgg+*rNB^h0(IHTd@ zLVfKRs=Txs^SRGd1HY3cTL^9-vYnrJRVoa2mvoK^gv^SQr{Py$D?8nSuvSW^eKdu2#0_+EbW&~%WNt6N@mOo!pLJFwAU27-F$yQY8)mB)2Ey*2Zrr%e%& zpw6u+y-)k%V78YazlhNH^wizz0S=IpZ7eyKhdK1Z3eKCUV|ISBIB3KlW-lR=V%-ISBob&8^_mu9DZ5n5=7c5QiTO)U}l54cNnw8w`7@0n<~i3}Ridl?|l6 zW#{>&Bce64dmh6B@K7vhHke{8uZ|Y*4ML7B0#z6qC4NZy377@G)*&{nbOl z1GN;u!4UT_UqAiH|54q!eEmI@_3}>@(+|ZU>Pzj&#T|`VW~(|XKceg82q3%gc}@PB z7cPnpuH1O<%U}GFEZ=VdH?6%4-GmFm~*RNl_cGWVZ48=G*<(kw& z#PbHofe~OZHDj)N_wHThp_i{*0VgM~>ao^P;n!a?xApMuYp>l%d)BDX8bm2}2usUL z_$CjsT&4cfFMa&Wzx+$@zWWaARZj;rw=*o*8ZWKC`m4Wk`SRsA-gy19&pzk6Rj+^W zgFm@->kb242>j@ykJQ|U`2nr8Ni7Ci3>-TKa77I2+3GXqsuUun{WxYQ7|%RjTz<+( z3SSE?0dPWCB9>g7neugMkz)p_ZSI9JU{Wv*Ie_7~0@C8W+#$2eBbREUq_o4YB!aJJ=Bd%j?=4sexHdR~(}jAsbqe;ntBgH;8?&V|rqI zW_o;PGCtjL)X=u|?-2v_)?68V-oO8V0jn9`+7Mf|Hpyl3N#DY*nZ+Xa^5sh`R{iNa z$b~&3q0M$SFo2A4pH!o5DwAR%pY}*NQLOfpL0P;zhczB9X$GugX^mv_SD}zoBcfN)6v;%92+0P+yaf+K>9|+;Daby+qP}nwr!gywms+jXU*;0)^TJ`SzKBQ)(q|`{aoc-f_3l$lQ zKk&lr@WTTUO?g?(uD8dc4o8L=_Z94`UKODtlR5<#HrqyM%#=YR1s0?XmgLu*qc6Hy z+{yednKLmL>~ZlEdvM!>EJ;AsO1#E3;(@`d9;ak*>3wCOy9BrgS`2E!+w_Nxe&PU(;jc!1 zIV38Xlw`sIIriZhOJ8n#SX^(}NUn}WuG+SSbk$Y1iY|{m@4STdu%B$X@`>=mhTK(t zCb2kqN5T|=^CZFs?EaN*X1ffsN&2SvI{0pw*1iGY*M2#=Q1uWRgHVF)2m}LE1~aoC z-IJY-DC3Jp(Az)U(a zP9;ywcgu_A?a#kA`F8_U61;@&ML|ZB*>0UA!qpVjnR9xIz@rOG;2q`FIjrjZ*(!C785Q}8rY_(ui>L}`{05flEA7)M^{b# zivuV+o)&5GSO(IWr(c9uCtkGL9tX+~_Lo@e=P8fXwVbOkRFBN7{o=<_dXIcksGHIV z7C{9+B0jXEQVyj>H#@p)Uz-@!w_I8U!dk>gmHm^_~kOg3sU_`GiIH!ou+tEuqMu7B3Wzvr$tf7xX^QPAg#*|CTa zo#N9ichX~~$Khi@WfsB+Vt=_;mQ*wPKD|AjhvS+?Dmd){6J8#GD)$%Q1$B3dMnP-J z>RKSs;Bi+GfUP=@)(rJ0%Dl(#Vb`kfA!{+ z?*?>3*Xme&_P$eZ5|~gjLxx5n;fh`Y3%F&U#w6Q@-#@tlxa+U`2mtZHKT)8j7&CA0 zTR(q>+#eRokcBKvB&fj2H*?PKsrN00-(tkTCSX#u>fuxbOZnr!oHa&8P-FGPC60Ag zA*y+pK#Zwb>=WWd(V0Q5MDG2ZWXl#>$_`A{PB)P&*ur7WlR)sw zx4AZ+t}O=xL$ExI3yvu1nTy&Ji>S;F{9?cvMHXy%!;Sv>Bl^DeyJtf(Y*@n7>IN;z z(726UL_yamAGC3v?Z=0l0alKhPs`cIR@c||$C;eQ8pdguvZ6+oY{FH5Uf`D16()n+ zA0Il}s^P^VNw1sfXH!*~K)Er<8bcmKdRFc>x{4;6+??_ZSGU{djs>1>Ud9Ux#OiyQ zSTq&Tja=F>ZI^aXFu>=w59)et3RU{c zTC=1eGd!d;#ny!R559ol9KXDep%( zM!mZE3AFdPsdoWq&QfkhrG(A4=l#q_nhwlF?RCunoQ3*N-~%Z{HH?%HA0P;o=3T{? zC~vD zII|=V%JjTX?*J*eF`$&FDF>Ak(v87c=2>DeIsXjXCa_AZ1li(+STi^gM?j=E2J`fK z4ITITGyf%X+Mo4keb}O3?83`}9RBtk&TMZA4fLKq?F6{S@`x9+D z#xRwfo}tEV_mAj{vV8={`AxvpnH6B!o=RaeZdw47`p1&%;GkmKQDgozxNb%otfoUee=CYN}^&( zF>e>hsJcf~CT(hGMltoi!|8z`HzqV><=ZW&4E*%a@#^Ay*hs1M@j3BgbHb2k%ioA! zqZb|kCx+)7mECjT_p1(wG^m;qWBf>|4k}raZH78XB=K3T3C6)ckHo&hG0+>x?i+Pq zwu=2>lf;3p9nB4oNd3p5cz(fa5j(i-_MG-7%a(;NvYQ#^K!63dppdcc(2}Zi(?o){ z#(~>*a2)P znNk?_O$nKomcyDs^4OvLeXaBB!x_@ShH>%>UT!MR&D3I8PP0o3y5aNqMD6Z$qd-XZv%`j21Q%zk(0~>7p`jMksPE)#?DS7QSqd{X6<;FD-ul{U+L_w1H%CUz zA}S|Xa~5WNh~xJusDLl~t8J_E6R!m8T=vR<{eq|iLn%tMt#-7uBv~rBb&Sc=T{Qrp zWmIhoP8#n2 z*Kd7qa0riK^-)#zu594xpL|LQqH39uSTV%pBSqo}P=h9Ug+>%~r)a`3r{(b`AwjnT z-Og*Q<}^20r*$28Dmka(3XykH@{gUIQ-_KE2Vf^4kiwMGvAb=Gh<)kjIy&-vtf?uv z-9~H5lMMYPWOlB* z#fmr+Z&1EMfpzkTj|!!uTHChRseTl;YfT<3Ntnn)WS^BkoLXK&{aSgkOyAKmU;ljK zo~15Oi({3-q1n59g@@Qst}i$C#w@|UBr`S!3N zL$K)sLi68hZ=k8w>|_O=3a+Bj4=-c0(`|L6FOhLM2TZsf7*^rtA-2xJ^-Jm?eX22E zAYUykF;Lg3gKp5}U+ASpN7t{wTIzdR{|_CN81yBKd9R|bp}#O$h{*w#%LUn5%A!zS z@R%Y$=cf!Ig^3-uubqx@O?Z07{?bU9@e~B;poNDKH_BUBL>6IJ0WOQp^oF1BUG*-<7D~1$er_uP626zq>6R&$aWE;A zoqL;G^tr)a5|F;f^1>J3VC18!s&iLW5jDKy@!Frn`s)1S4UVZ;hPbxEC^;TiqoYv! zHaXN>mafN&?^t|@2uRPajV^Y~IJK?2{}P1cd5qZ@Vt^h}xqlTgdVFhppAbCPTyqya z+;}ejq80^;GwDCNWX&+6ML_kH+sSctD*eneg-Fz}z5v0-s3w{OupLTcbwvV01SW3= zzsOgUz#IY*=Gtn;E`dq6`QEP>k&qmc&7`}CJy9bl?a9nA$sc!+3s;9q$vH~8Sfk#{ zcGiEuS4*4kMEyq7Igzy<0|^N}X*SkD$bN_6JDH0QTbHB$(YtF(@BnKXEcS=Acxan7X*lrk#?70 z*6c39$BK-UTyNaIniCbCI#FAoF*TXZ6-N9{otIbIq`6QcI<=#*tk%x~CWv7_9h3fH z(LDIuh2cyIlk(f_#)jHMJwyoiYvBl?>w^TcOF;7;8#!DT3G*z}!^@Ze3c;X_2PLCk z3-I$MdmALgx90rxa%h{-W|WRcAEP<`n81pf)`~0QHJ5V-o!%SHWatMWzApDTOs6sMWdgFL_AQxtMli3MI*6q1auP0C$Z-lDsr1OGCh&P?H9n?o(@OQZIUxA#uE7p<=zq)bdGxuU5KO@! z7(CQZzMgr1zVi8;V&(mQrNdTEHjt}4+U|OfWd4*>*le{6P*BQY5~0+3>^C+NzPSp3 z?#NrLn<@}5uF!oM!u}iU{l&FXjsv8)YiK}S8THXEa+n`}{-pN2X!E|GqPYm(O8q;W zn?kFjPqK~?IkTn(V0r{vxQznMGceOM_{-CNo&)vt!=xB`JDsn9obP*|=mLc^ww7`4 z*CUnheVq@`1m)yn-#W;-5lGh|W)n@%V@`rM#2<9Eu{Q}hAB)9w3reI_E7e*G_dq8k zKQwl5`E0+%MU2k}nsdc&r|m5mmG;feJ!J-<7iMX;VpK)P%j#9K6?Ezc_plHpgRN@*%1|0b6=yj5 z6C`^B0k8TxCQ>LU-86~m{_ftjndg98m;~3^awg*2`BQtwX_?o-=c?JY2K+AuNHLQq zx16^J(=6mmv+7}ku}Wo>mxe4j3B&x-$BV}ahXw_-RaY@*!Yu3HY>xGluwD=r2_dp$ z4PwJpWS^TGxf9NQ@q7p4U7_ALuHTY>lz-_qE9&L+K9{!z(<>albfOtt>&?rM7}zEXwPONCz3}T-;%-u@Kgp zBBF8cQO}xtD*YTDayW)IqRKVy2EIX0*7qb@j65p*BkF6J{Fi^bw7vMDFup7-Jq$Y*|b7lVE>94A=4PV zPk%YqavQihK6HAG9||)_D-b$g;cihXPVZ>bqYyoeZ@9mmKiIg7A>&PEUQds zP0;242$|x-gC25$U1}_uyC_2_!Fjb`CBO@n-lJ%4 zk1u5wUHm&rIYm{gb{HD&M1|OqeuK$Ya@_AaJMmy7u#P}^aPPL1sq}dop;=JFOAZ64 zVEVp^grdp85@+h4qeq@sN$Cgx)j8CxoS>J@0QvrgsdJL2&e8b;$ft1^=}}vpda*j} zg5~NbXubT>*49$jhKK?Ak~%FXe#1BQ#3)p9lUG1I9>DFf`lPoF{iq!>iIB1MTQ!=* zWcVS#L6}eDt*!PE3yTa=2b7G7!=YhEC|PUC3g;Wu?6-e(g#6|Y&we04qkSfJi7jM5 z3%b=oE@$iUJkMC)9E_fljtcljMzC_ZUU@2EZf-8Iktxe8Q)7hR%LmL|UFW{KzusS~ zaAVQ-$OW)kTNt`*D}9jEQyK7FpQy7a4F2X-3A{DlmkPwB(sozCYvT^A_?U$$_aoJVL(7$q`!L0v5I@XJ@|PI!Jr@_D}f%sGXNSn_#q`6{^E zJ$H7#8h^yK`CQm}_qb4g)kwO$y#91Pjv`G167(2eAqq=LOG%B$pT@VR3u_;(Bs2a< z1U&w~wpDk$uD4pY+szIVY_koSBaO)+^=cIKLY~eLWz6GQi5Ux+ceV^^#1}^-RU_(C znC-1MTb=K#GJwnT_IRBy4}_47 zH*NgCEC8fFQY03ltvS1lrilrONtqqbgU1-&uW3;NFY*A6rV5PZA}aV<@Z zNHP4rSaP2VYW<#%{fZHp)oJgEcId!iI7PAVhlQC`9IxAX0wtMjD_ zmA0vSAjEQ<<2CJ$q3pCH8>DKXAyUVx-7yVOiH<2D3(8b$)u4u^yDFrKYw=%3$`9S% zS}BtXg%K7m1}JeDov{NH@EGwpy5e`zOpwaP-<{BqX9)XG#Ta&I;~xbG319#l()f8r z_1o=4fE=#bf3FZ@=rxY0#Nkm+QL(&x3U96pJfU4OAEEiJhP%%?Q9dhu8?^Q>I?A|s z{~S}w7`zQ{LiBB1yVX8Y<%Gt%opt4S(BcYVrLE*>3v`1FFS#mUI%uw3%*!#qCZH?J z>HtW$mnJF?Os|wbd-13oxM42hCA`W1Tr+Dr8p2zmCDGEXxMNKu_JLf5r6}6ECja<5 z=#YPt;D1<5uf_+~YD}BUqI->6r*RgeTr##Jl*l3X$*t+?+&9)o&_tOXaA3Q`OtJ^* zK;1D+X+y8rzG0X=wt@{Wi@dQHid4$bJ`UP@E(q`P^Ps12661AKBufq@8dsPr;>=v< zceYKirF5|+O}qiue4uf3C_+k=Icclo;Y4K*oAu#yt_ClyrdFxADyN~6-EmGP`!1CX zSJ-N9Urre95J7$P=&wHfp&jMxYZIv~;!uR8P&UiOew4#x9%%fwl`-jKJah5oR zTav~T{sfaA(`lz>r04eG(-d(n4i3w)kp$=0LVF9_F3ExgCRGy8lQg4X`yzWxVyqDh zAj<@fW<5!=>1TE#x%JPhmosE)gAbT9GaAK`nbHT;bCHguY`0l%Vcy}jjV`&V4c&P9 zD0*uwsh6d^iQ={1sHD zAC$7gyq>>QHdpiS`v%w z9$|IR!n((I8$A+~J$CGSACyi$OQWry#`V{5kBjMuDx5*)+3AqamcUNW;X%6M?ec|i ziW@1@H9$khAPM_7(qVul$#`LFEC(I~vnqUkc+`sdc%?jsS`KE&j^A`1x3c z{n9Pd>~l~@&LZ4_K~tUTW#|5!T^R4jfe)a0Z28^!(t`2i5Y5rp88AWDbLjSfxG>@I zOgS_7G6?it-vG%DAZ93f-FeTVA;Z`sN*)q1JBzdY+CPOO_z(9xuv=I+kzCN zh*lSy7?aKiYbb$u97L_G#RHdWRvoX`q!`P32QMI5r1S_xS3SntL;su~jKGDTNV>FiC79MIW)gBTu70@&Yq7>iy9So(;u_hT+q;{O$B*A~ z!4XY_I~&>c>ul!viUzPSGeo<$dD0GLnQ!UK61DLlL7<4zd{t_>m^nuD@dGx(VvO7u zMvarKzWRqG`edpx^t+IYE%5O4OsPLF5&7 zTg*K)CD3s%45iZ%vkX(X#doj~1w*je;j34XM~RgebKIp{2KM}!??kMA89FUyzoHG$ z65ZlH789CX@0P_av@IK`-5y_+UK+L1vhDuL8PoI2~5b>>qKAU;O=&i;|Q&GiBkJBql7Vc$_;s zVd*5*?&&iB#iEQ1bBq@=g(MxjKqvorJ$w5Avx*+%6SP6#`Hh?dt?X9>alQY8*%q$j z>+o1O@Z+>*Mn_jE>1_H}?FrMRW=1;I{DchUP&64PvQC+Cb$fI7FRGlm57nh?baPNO zTxlA}aLZMy5hy+O;=dT_%`S*t5BDEy7AvoFB%BY_#_O?FUgl&mkXM^`YTo-az+{)x ztRIkWy{X#j+K3v^o~E7y7r}KTk+;)RE=?lUiGaB$T9O0U+kxd8`DnLT(X+ylVUb^w zyo0k4fXuKB0j()MfU`iOt0&9O6>siKYXo@q`=PJ*UM^^Y& z*WdoXmcqIlwDw`-7r}k9_$5cc@}$VWOI?uy-)){_7Ntwnuym$WG&`Zoi@9M`|Qm?k}#n#l7(bw@1I^y_J8JJ-ZVI*G(YG6(`?yDG zc+$kA_L{prg-Q%Fp_jY)+x(G)B`dH;s!1Y+*35s5;$ZQ=a2z-+0N7%7?{P)%xG48Z zH3WQTwe=KQb4j*)kF)vGFy(Vq2CGrR_F^HOFDQrtp~>Oq`1iKQwRW4muntH;%y@k? z#`nv?b#1g!8NebV+x-VfaSPmj}lHb<#&Q9mjOo#p+9IG%*VT zDAN2xi~5h$Op)`u;o+wu@|}1NTs5@WAT$4%@jp1Qwv_0;W@>LhoFc6F0yJ4tgY(7ZINX+i$fOx^n$A4v$Kh~(`oou4QYC#b& z)3BcP$kM{HxL}jJRf`o1-~MTNqK9Ano5~uuh0Ci37uW6lZVlz%=%K$P%gyO()zNZP))f`spC+0(L5UMd`%scMCQI&dtUOuzPdF!YHszc%hf^2ku|Wdd9uc(3rub ziz-11e|o_M!Fq;!uqarY^f0=!;puGgVkti`t5#K z*Id`gX^OEg8ZV2FR^7lnx%xI>r6#!4$|{SE|3@w|)c59OVA#xq3;82~;GeKq`gV-y z#x_g8MuCY7!Jm5J=08PnVw4Yl8GHaPA?bMQQA)*^e8t{`Yw%?k%58!PrG2uAFDJ)J zGkeES<33(*_K0h)$CE$-*<|4Jf`R!V;sNmH3q+M%YW|GF?)OuyYSq@rH75LYl(ryK`DnWxJ#a9iN4c^hcFKe(m zVZLW(WhA`-$Le74I;3C7;U`Z;YGhgCvZa<)s-?CH&+juEKJmso^*wp&~Z6 z3N{0^QMZFAR#!_1O6!v82MA7zjE^(LjQxg&h5HyxHU}e;=aV^4mbo$$3#g5b|I&k^ z!NCEd4d8U6!v!ejy*OJUT_{m#_)tHraBDyyYu(NNlKp-8UBZ2U^E=Cn0MHVw4NBdt z#ib04Unr^-?h;BjuzGLBX;}2?Y?VZ?NGk8~s;|1z_@#jlK4L!^{W^Kr+8UW0_%PPR zqZ|Ww*qkLe46@$5Om1FMvnm1+vbmY30`)Q$24hjp;cYPHd?M9|k*x|ps6Fpkx`@xM zo!>#l7LfWW6XWzZ#3;F50xSOdk)cPcz9mMQ2+}-xc)KTsO?PtZy+-*SenQ};!(TXVB> zZ$~`?5^wkjYAwya%B65r%%C0|=kG%s`Bpv}Zgw6HZieCJ0;amC;8{|v#@UwPw1{lk zlY~67%Sh3x1yx8Mhl{fh`V@3h5SyEi;hXjKh7p+qDuHA>g#+RRG_=`2RELW!zIY`> zRZP*jUsp~ddOmj*UNNX*sJ6DY@$^rMhUg=#;?BdA`wbhXt+{oY%hh5kPukN98h#(- znf#W<+t39|b8%x~+-3{)E`8*P+Z|b)i#+W1@Pi(abcOIS`?eIPPx8}pe`9bQh{Av3 z@)syUBIvS(H?MO%NBgBd%(pK#@%RPezZllP$iZ;jE}M#Eo?z6Wbu#=iF2ipt;uxFH zh!>ofugp3Rlggb&Z*%e0CO7d%xu>5l21A);>Wq4+jtR9`#$qhkx4bd? z|Neg($Y$N%z>d1?3YjrdIvoP5K^@}qLZa#+~uW|(Y3L5BDpD~Si)**+# zIb=V2pi*oQcMEuBWR>Oj{M|!fcwBVydb$&hx&DShjfZO_?8!J(?aK52BB5P(75QRv6#n;7Ccw#l^`13cn1kDSzl-Mn#KNx~pC? zMoqaYZv5~vu^(r{prm$Nmd9mdXEyrVhx>zw45ZdJ>2f?tb$)qVOle%X*^;~uo)_`J zcIF6w;ZN~^{2pj|1(tnt-hbn_V3_Zw`vaMN3KC5KP#!tTJRXfaGLWd+oAU2XPH=wt zn^G6VV`VDy4j=@0eb8bvA*~*OFOkD>!`NQ0*c2s-y+X5rrbO=)LSM|t7e6l0FacpN z_Eq1kQ=O`buuQU6Se$yi1N@Y(u&IW8=n{GO$tSP@fn7UTHpBastzCv}tM$1>FAfs?w=^YO_wfSXY zh_BP=TmSCt#Dnz-umkdk%L5bAAcN%A-osv5ofmKXs=@yf^pl>%-K^b1!wl1SSiFq% z6uImsKe%40DznTz2EK_upO#_$Mary>6(7FEd?TM`OY#B?yUKWYJZqp?_q4d2MK^(F zF>#F}mA#^rlB3F%s7^ttf_kT|0gCs%(xVZ3MhiVAi+^mv@s?J_Dh#xyT|2$g z>HNjRVe7`cKg0OHkkrEvsWa}3($iC5g)!ZDNpUw>Th#C}#MI(81KPv#+MhFBB(t@C zL!r>zS>4R{#-Wc+y;4MjwBH?_sGOr6oiL9Z1kCkv?9qK&fYs6Qp)_t9k9x}+*f_0p zQ-Um8czTtrjBFvAT_FRa2R0c@mCD^1X#36hpS}ZAp$S9f%g4r~!qKH|&FfxzzRvZ{ z;Z`-2rlKKl_0oUr*o3MKI??d31$C9J?+2>2rsx0`JVA|vJ-*6^;q+zajal7q^j zpA@%G1*X{<`cyTXph+S7tf}7ydpE%T(?A?Ud6Dw^q`J1+3h(el3hJjMun?J)%DM};Z3s9UGN0+T$;OCaj+i-8J&NOP^g zb+Pf%{v%pFC^{2#r}4@~KfUgd+W1B~h{}t?&F*Y(UzTZ_-CjMd{dtoi19nF6eR{3a zbGs}S^XH*q$tY}zc0StuEMo%2Y1^t^QkTZ zq9W3P$g#)nciPh>!XOE&t^#ih@M&j4-pSn~_gbaGX&fZN(DO`O;34*i&}V@U-O%PK^M3lf>q?={25novnm zT$bW{q4KrG1{s*63lB0&v}*mbaHJHWe=DMSF_Av6nMopPR(-AK;ekodCnh@Imc)-s zfaoHlQUhWWx3N`x+KR%irDdAO%?9bu?__~8F=Uc3>qURUy4%VRRoij51tk!oyU;3(Td;ANOUVe7{ZD}29;=sg>;q@bMl z={b=+?BF6E5M&G%b~VPRH%_64n{~*5s<^~WL1po^Jnrg zLa+hL;y??BY^ImHT(0pq-`5;jC9Ie>=QN_q%jf}@F+Ay$X_*CF-yS2yGR{h^EGpqa z7aEf98WNUSf#K-zVc*2Vz1pTQGi-x6yvZkgHVy~bJeE$&XquH1 zw~i#EG2sC^c$$Qb4N@?4%N^MIdSLj<)57pX9g0U~k>n+;F@=qOh&8-FBDz{_k=pU_ z2>pcsCJeew()bL4@4=m-eSd;ixckeLv$^k6@+A`I9qCBC?3|XBuPOwOy|CGETg37| zc+L>DFc>AaouYjx9u~M;)hu~W^yu!jLP+%6rS2~E%Z&#L4KYLoo1t5G)3XcVEZoGf zr05=3vJvq9AfK#teLXa)-+Rx37!!gID9Z$BKp3deX~i(TW{aaAK9ovNry^k7mZBbs zsvb`}@w`zuC<)Y;&I@xXDJcl)A5}tkuWu@UnWOhAA#qG)>PdAtOutN8GZW7AW>U(P zaE*->DC{$0xiVL93OBHyaqR$}3fOYVck6J5fzL~)QOra`XcGc7oBb8P_c82Dy@0|=9-*&H7 zQfxYRc8=5)l^}$y&nN|gG%6bI?L_K?N~?;}gH&N~Gzgrp7xT(Dc0Te^hiks&)rL@( z+SRo4bmmj|-~-f52}_DfmxtcV`Uf|5-Y;u>?vU6ujJRH9zOQ?pw{+g3(%Nna-(0`? zVt~!5f5K-pzxbMIw#4I9r(4>cW?(ib zyUhX!o|O_u^gEiu992+pE{?FbIPSd`XOV~4u&gLx@8aZ6JQQfLwy<;tis^IvFMP za3?inO2|}KnT#N2ujgQbi-!2&%niR7Ow&enk;z1vYEHLBPo&V@oo6zMR0MOhv)-I7 zM>b-A51EC`$+0ZRtb$2LW*`QtU{P4j$dEwZ{3A2372ST$;nAY5OG6KIcys2@Ut7rMoCYGuZupJvt&)%7%dwH5l6OP*sccE zNvc!law0*njDXIdZsMvFKp}xGdAn@vy@miEDm#>X)NsjaONsAtV|mrFF&})+zdoZ` z0QiKxeav_5>TZ{?BRVwLti3xokIW$%u zV0xV5R7Mfjc1DI@xBL3Yo5gZl_{W@!+6q-4qitAZ{90z=gmCJa>DWUC{~(U|%UMlu zeJHSR#>dAAx3^}IJ3>f&k;5nL`ULG|+R5|e=Sztv!AMx#35qTzjLW81%!bki7eY|! zL&;SUw8?rh5n(;jv&n)N3t-kgV-!y?bL^ZVxY@CY_ATowgp9P@&*S8Qv5bG&ho~Bg zm8g-dEDt3YG-lE>>y>;zECr@xQ%Fll`2`1(YP0BW6gNBtB(lv>hDrNcrmii!q>wo` zzg_15uF!^S0bVgR=*mkjs7Etr09qAOn?0M`1>M}D5J(JgVj6EqV5S3CD!{L>m9T=YnP-%95b8tmQjY~L@<5&ipNLF>m%j(d)LMB>Z>Zp z=cdc2BBRZ{Lm2xhU(kdanPr|Hv3mD&2suGwi113Q;^kt*r_AXH19}>{kjwL}nFLq- zC28laru+N(J6MCXocHCxXSt9S}aFW8+zDt2;-Diarm*cwV&P-)O@CJM!_U-$y(w~ zG5^CH*&yLHhW9nK-U?V!vyH1broM~hEJ1KGGAz$_qnel-v4NSWmH1tCDJ)wr=}i4h zc$O1Oq(BLG8ust$y@WtC0YoFxZLzyHuXjX5c2-tV$J>?!_j{xMu9jv8;m&@2X0J*_ zRg`mTin%0DDt+Z$dq2sIX+#gfo3gPZjFFK)*|hUOvq5WJmE>O^bBn;QcjSZze!&FBl)k|*$IsnHl znm@sHom-Na|2ir{Zs69GvXoOrg+((_NBH#d!X(V8%{?h1n2f?0kQ^ykA{Mx?UdsP! zJl)*asd~6jqE5WhJG#b!j32-yJ{3w@shpK^A3b}2v`DGeX=~MB5`CRambrM-%4KM|WlrvTdi0C8X8ZcM z#oYH1g*YGs)JEOSmHOcMM77Ta+1<0Y6P$v>U*tD1B9b?%eMAm9radNm31rb$p6Tw= zU|h?aoBSsF+0RGy2NHVZA7|NPWmk7RHXklSaqR4Nr1FvFXc;nq<%CKGbdV2mJHNiP zfzITprlJb{okp*{eOQDtaJnvT*A$jR7VT}VaH)M*>jNRdp3%ostnn$s;UDe-y<$d~Q1`Qi25GCQ5AXKwX&>ViW8?V}Jihv@qT2CrGTQF8b|^J6 z0jE?LFl&^-g4B9q;%0(tx6eK}xAYFL1v?)VJ@)}S?-?IePkl2Zlo3il-{zm4;DjN$ zV9^=!(cCgF1eEB3;Vyw6?l=Ox)%*OznuZFScl=@vGohu;xaBA-rWFE16}sTI1WK%@ z7;B$qI>s#>$51R5EWtu>a4{+>D#j)zYN$amC$%jxv!78)Ntry{ph&&OEqb0|mNs@J z=xIt8E+6wn5$(LZyfs^GZENfH%gfRb8xQ|MkBFh5#9hI!3q!(!DM8_Sqt;D|m{66S zG{9gxEcnI0eltw!%rU@Tm07dnM%wUuB!Iuxcr$Ry{6c~hmnYh*Ep;vpZpO4hm%peZ zaUWiF_udY^;{c4&Um1?mEWu4sq7W)o)=8p)C-!x)}V##DiF z9JJo`l79tDyBi+oHaDx~2P6QQ)%{7~`~A+G^p;M^eO3)j8?)VrSh}qvMDJ7Zh|Img z+*l!lTw*+@)DQ;-MKqcwp1;HTkp7=!FT?(1+>s`|?D|q>HuoW=)ZVJq7|I>Le~4|= z;1pk)H|_D-teSsX3+n@63ZwnJDL|8?28?!1$FTEfN8F>T>IxDLnm!?zRktv(cz@jm zox&|7L{iI0mdG&tPPB!SNp|cNYl-lD_g<~I+KT*7TOj7Q0i|I1G8-1b?hM_TG zlY68&sADikzbI_36Q=C>RL5;R9NKmtG^%wXQ4vqKqw*nkZZ9Hqs>;NW^KsC4t&k?z zsdS&5NMq_Oy2@nw5HPby;oxq!)lxyz$R8 z^{gLEQX>Be4VlNR^!uI4MBI=}E}MFj#j6Z@(lC@(1xfwILvC@uDu3p<6c6kdJ)(9P)=mF` z%NeK7>lndzO}Ni%1n=8)&1c7!yErL~KJ>4QkNc+BnN0ddZM0Ls<|C_)JkEw%bx=`m zEb3^R&c}n!%H>0dkDa^wo04;@05xG^J)ECGyouGnL< zFPT1GkJo~=3WDy>t{tAl?%q^CYGfU~$`}d0qbd!T@p=W8Lle)@FivJr?Al8?G|HIu zdDGN5LF@oVXKaax5b?x2)EzjZt$~mjRkKi#7%YYeXfHY#okAFQGC6$Zl6{Egl6T>5 zoK#v0qlry?;3Y6$&UDj8$?EIB0rC_II$jNl(G{DUG|Q%G~HR!l$dAZeds z>JlbVLjd+@?@#wvopA@@;8N#fy(9g8UgM^n7giB<_7OX)kSq{HyD|CaF}(dqwT)MS z9p7UWQC3#Q)xr1%*8c(1mlu@k_Cr`>C{@io$X-C#qK}OOUe`$S=2Op9{a-ew$$HtP zXUY=GLc)+yWCYCeOIx3R^%2z&+L8i+prR7wM|}Z|#p7$&^=;uEl%<~M=90*wC)B8R zYRkw}L?#aXYcKpMu|iB~yfqCs#Fx+071wYB^#qdpaQsgRk;86fBWD$56)BgPlr?G( zLj(F|kvr_p(EzJX1W0(WpBwtID9PV_A26t>H(0+xo8kNMiHAFe7*$=VYcJC5W@fn+ zwwhFol&&l;e!}HAOkY3mV|fS}3mH;hD=kO7cU;pRXM0?=9dEyT9pg1VU7>Pw(`*Lp zz6n|*QJP0+0zk%cfj;{s@UDuuSeZMw5kDyY7_XP^UXq8Dw@$aqeo+2Or0 zPFg?_LvU-!6jw)n^%({9wd+H(=u(~1sb;SEoSimUm#Zd>Z9d-0JnZIX#$ zR^qdVfqZg+9kLgKXhg%HyVr1T-UpQwJbhsyTpy8AA7Ph8UdOR2=q+5zJmek-EwQjT zF*WO_!}3#0u}bff)6mihM0`@ZQG(SO+TVwV10}0)t3wt%r%w85->0UDt?hx5TdA#s zXvsY4({%DlF)D}Ll1bo(v5_HPW;;AwIS`Z@#Rh52<#i=df`;}~oY2RlW1sHngfCt8 zogK4%u>`jHDx@3Wn~ZTv$>k`h?q1omUKY+8SJYc)+pj{&LC&iS($Jc>-Pud0c-=*{ z>Y(Y_IS3!yp%O$7cDu1jUxftsHnF#R=7lyr)?q^4i<@z8`Ps@(cXYM#aNyRbt$y1` zUp3RZ85@@Z%b4&}8;cC5RB)l&PMz$T9vWqrCKmJFM8ho%r5NweFLYiJp(IOBc9QoL zQ1RXI(n;2h++zPn`6>ycE-!lv77l4G*j_O4p*ac^!y2)f-Zcz*h+Y$n45`w~>QI0r zvGRE}GiFUa%Mlohy9jn+S@4hv<#$dcMNF4J+tMeef9)SA(CWS0zk2n?*UwydLuIvd zptNX6?i|#_e!y1F852po?JsK#S6uWw@(! zZJD=C&~jk!IAH%aZMJYE50mO{Zs9C|K}0ys9c&esNQNKNg+Um0OW4>8gqbPWd&M-< zbL}13N~XhOp_Xg6S{cP`m+{tgR;K>d@ppVsHCJ46^`3uKWUcR%X5nW^>+S%f``M8A z99&}$?`d<|!uON|DFU$`fy{pX{Q30sv=~ATeqD0Dr?u~0;YOPQYA_nPrWMXX_O7nB zM*Io1UUEpYb#()(Qs-_ib9o4&e3 zmvt5+8}7%(8l~yGP18rRn1$oqJ@&qG@3qOgI#Bbby<*3a`GQ6+Ds^KD!!bEOTFsQ* z{=FaDSi4R0p)b#nG7b!=7z=rYX3R}7P4-3WyDGIs%(mL^Z<`j6=U{2 zaTl&B{_%u&(d(VmjMT@i9I+{dNfK$t}lw)4d1N9&YIm1rY)lnxc0!w*6J2o9t=%!{}VS z-f#J{&*MdP?0jqwn}1-ywC)7W#l%smV7i zxg7gdtjLOQvcI(atHc_?ilfT6XfVgcCQy>2&N%!F{Tq#fXYDRcnwr-MAV#Y_;HuRh z+Z4h~&{ur-W}TY4QOLHc0t}9=-n63Ja|IuhwQHyRId$_lj{KURnEv+vBJU^P`=`JD zH~pS0CQ8DKC@p^Ht^2^=wT4o!>@^ATwz!?=!YAsR?uz{EqhG8vmw)76z41f8bHhWp z-fB7v%%7&{KPtoZx3uyMW7g-oX&DBDg{L zw#v0GfxWF;H^I?})J$*$s|v<^uq(dR6c>QPgZmF*R-NW^QD`sA`Dmc&^TOoZIP@c= zRUxigl8{oRxdH@`>y`SMc5t{nbcxp|@>(o_l#QPmzjFD~zJXRXjk`N|T%=ySaOK?j zb7;s$@A(af`Fg~whYug|2RuGDR%l(!-}AcL3Jxa+NGYsa4xa^M1gI#->AJH-v{3qj zp$m{J0%nvR&Zh4I)m#Q%zI+MC9z1vme~%TE4}XE}h}#9`wnc2417}6QOG}aU$xxIC!M$onL`CBvZdsl$g-es zA=V3(tkH)8y{ij@NBOaz*Si(7yy|by7hWHKvhSj^bp2Aeh^kGPjr!dL$M+d1h?LTF zwrsLzk5B(@#GKuVZ$YcO#mOC%Q`R4ej-g<;z2sW~lvx%N@ICs=A-(4r7h|RG#KQcG z8`m!Gpr(CHdhPPLk3Rj$6&OZ%*iUY;8 z*O*>6MX#hwP=wP;u{|s@JF8j)y9TJHSD{%GN`c-Y9PTaN{$vKN(uHWWg!{n8p}{nimhsgPC~2>fU=bt^8wg3;)O$Os?m#E5Zpb4;D?{pUPrJfuRdvZJDJqbVX^cR)Qz2$!^ZyU^CheMugz_s#xl=Nr5 zLRRx;%_Js~ni;}=ieStVO`pf?FFs#cv8WH5Aoi}8_)q9fmiaQH?C~i7y}JBZt;8(f zj|3Ba87IxTAxaVl8f05dATCW2TQ8j@Nm1C`k*=}eZQ3D{=_2Fo?7VfxX=jM11}%Sz zCry@J37``yczPx_a4}Gs*oBx^nSamx=08)Q)n|`x-~Hmft8adzG)>;gtHoH}ebOgP z1?&@QIxYLB)3#1OM#lKhRU0{BSm8XwPDx*U`kki_Z&!|Q{{H`DczC3fyZ2A0q@Dsp z3^uxW8j7b~h6{J9?_|iQ!eXl_O?(#GQ*uwR8qgHfq-Y+f5jpVILNtp;gbc7SCO#i>QLU3tLI@S7-=%tjJvgIjz$cDx2QU|Y zfj)aa!8H-o0??`>-h?j%OkvB07c5no0R@Q5;snAVs_|oPF3!n}IJ}M6_yj>8XQx#% z`R>YIj7OL1+(mj+S0$)NRhKjy?q04WSJf&77)4A#08fv?4=HwKs@?w;d=6Jnfe#jT zMceY){mR-Bj|2xwJmSO6&z?_Dg?lh##0Uipf)FC`0ySz%qKKB!Bz*&NmEhbtBX^_* z&XM5C&KhBi8{k+6voe*yt70RLVPLO5*;%=5>XrjL;Q(PXhmyKSkI3OPSKsNwGF}4N zNil8OmIJ%M0dmM1A%}%n^%@U3q$kguIRkRq*mz}h)kGuy)KGj+LoRtuH4GUk8E~aV zg$D+vq#79=kytLj>(MSy+%1Ck7F4xmuPyO74~vCxBDcC}djDF5)=wGhYSwr4Q&TKp z>!brvb!>Flm&$w&F34}kW-lubVK}5C-{B#&&#Y%ACW)@se#Xb4l1b@4y{ooIoHM?d zb~Dp6k6t+2jT3oyb=CT4k1B18eJvb_{g^z1XxW{gu?%tkCIkr7u28ud~S9 z0DmGOy(rU9MDv8H-L~M~oJ&pd1WqF(a_3|frAUh#%Iz8kfJ7v`k znI3h{B?GkDN!9&xjQV#KXLkK(3tHWEmTs#+qD=AS{(5H0=7%p@aqFVzFhTPMGarOQO@VQI*yX7hDB<9pz`oM>$hi>lak| zo>H489{oTt(?6$6(fgb2EJ%qU2X-$->)Qv^#?2M~O}$JP?AFmsv@2ES*b!`~)X0f@!P=PdGsd&p=k%bt+6orF5yZ z0ut+~DlKF&ER~RIe*b92utV zbwfCDMWb0tsw=YjW zj(0{(N4i@6mwv9Lz$)gn@_E$cf2HuZ{d)lWx1*SP{={o1Lnj>whS$;g1=hYh!^uBW zJO`{Go;J1YI&q_dUYNSP@lDO@lEYS6^g z;MnL;x~_?h@}4Gkf;nT(nKbQDm?*7Dw2lGe(D20hFmmGfFjdvsysr`yIxrVQMR{kI z&Y5~uvD=?72F|>B`iK9->d6A*4moU3A@_S`BnK481u9NW^Ef&Y`w9(?=f|MyDx)!*@_Phb67uIGAkW>ChJQMGMXrLM3c zB|}w*l;vFUX7|bx;#ZUsf1)7~&h%B6n0VBCRa(hB>PZ z0LlRLcJbnc@<_COtDbP$2a{e={6rhnIjWZL8DqnE0W|i>lc(x(qU>iZA40{&r)euq z-4W?gf+v=NdWiJYHk7==+w`8OsM;6J(gIqcAG`-@9+5*j=V04Hhy(cnG|I6rI{*Ak5AM2tDYI~ayDs7OQcZ1^!-D%!mpz<2^g;4j3j{t^y~#5;5Qfu*3+Kt_x^jNF8f-ig z)}i5{z>w$nE3|jlhuh)e$x)@2#!JMiqa`0y%#AXO0iB(POHHe7a#+pMkXGCh*<17F zqO}W5$!sv@W>n;FvR7dH`(15%lgaDdPtN_V=m*mr)VjHN-TAQO$7Gj)ug+Wgjr_zm zT;lz5r)~9gdc@?Rgm&-lEogP`c)MZAdDIb-U;j%Nfzo`8yV(3C#-iiUq7z@Cl54})X4pjOgJ?;q2 zE8iB=SU&S;vmje^0$jo-a0hotFH(!Iw-lLVJa@W)}SEK5fe3Z@|}aY4~A`kGxRh1M%AI;!=59 zJ?$05P2SMjz+uuhTiPZ&m>ej9Dd8!36DA%s{p3l@rP%R__@rK-#~u*X%#V>KS3#X5 zBurYOW$q!dC#Pn-#LNR|ESZj?R@{ru#Y%%Sb|w7j(Yjcwy0pilT0Q8JxLmJcGJUdm zDo&vH=u(|dbdeKPs9KEOd6&Q*ReC^*4f!rZu{dw{fC224eOeS^b#|UBCptB$^(3wc zhy5IX>L=DI$td*0F?lD~mIZ21#X-}2{BtRLI)-stCj@2}4E-5D$~Xd(s~ z=6CL7O#L<-Sx_R)`+kCiS||8t(&?h>SX!C0bCY(j^bhx^HSehkG2QdPs5nf$q|jgX z%HnKVDd~`vHOTUFCTR0P8hb{jNE4;+ooSs_Ozb0tsS|+CfnjMnE!nLNipbsW(PhY6a^DqoqbAw4)4a0D#Xci^h}PN(ds^&wPSIb_XB=baqG@s!vI z$mOb?G#!Vw=2E8p3LVsy(tuVF2_g-J#*ij9VmwtsL#^z>Ig%nEnHZfeMlIw#;rIKo zI~VmX%tICuHnpEUd-nYKbB>&mq-hPoZJ^~q!vRBpPV?<%a-I?!-py-cS)^o!54nmAvK%g#pn?O_Dkql_2c2NuC8x;W0U15jhAHwlo|E4wx@okbK~(CK1LT zGmllw_oNAe4qTTBq}S!CZy1<>ED_8s<{g)#s4(FuQ_$7?Vun`^t>pY0n_)WciPu$H z-5T=bK)(f4Y_e*STX%1~_E^z>kEZ|tKmbWZK~#Gi;(0FhqV3|{vxEWm--#hV!wwuD z9rkLa!!IqZS);dvHhdU4Kt3&b$vL}7xAOs^ios80pky%qLcEENiAo?+S1G(&0EZQvFQ;T$c~0%x3+UG zX_45-k0d!QcC$pGAqYoM9+p|NH=*@SsJ*GHEw#e|o7il;65>#XIV$oFAyNC(qH~~x zoX2NsNk1Q^CFhyrAl`D<-!1fU*D#H3@$QA@YHoMHc7QeA;hUp46U$ZeM5?nce=s4F zzP|K`E5@_wyKU4`apt^OU^oiuk5|g<*0Rn`TH-ZJk28MwYh1V6!tF%YS%ujw(&P$Y z-NZ*S5?`xRH)&n*nLywt{*n+MBakb1;g6ag)2=*P=!}$2*mB$+Rgb5Z2tPX8yySBE z6z193+ZufOeA-YoB%SgF^m%b9%**aMqB13>Z2Ti_EER?EitO7Qe~ zUvjZ08#>wvbCkJsf@IpqjdJ?q z4|Alw20*7n%3RJ)5u`$2M1T7Daj=WYa6s+J?ugc*Shi}sS7bJ@rN8A*40=M+$^#~} z7uCjkO_$a?9LMHiXY5f(!BxDS3P&*P ziM3U{bPT@La;Y|OV;WvnR&eeW^!e!dD?jnye)-@1_|h!rk+a|V`M>x5zv0J+M&MRE ztypdhLr&Fr6lSwv5TZ{VOz?-ml*p6c0N9nuhoNa@4J<9peeak5&-wXqYcw!?X7)G! z#h?ATe+v1>Mqkww85~95xN+l0e&mP1F+cwJlg~c;{LY;_g?W-Vdg|m!X(P}Z);0UGp<~P3q<68-i!=3msSYf$rC=e3d)6urDE?v3^ zv*E=y5B;Y6M>eVaa^;&)LQ!+$? zQ>^v3Dof)00`9LZ8mnZHvKt*D_o8)c%T$q1P-wDCy%#P3exF75z7epNq&DV&bAbAy z9w(kpkP{=3hcE&xlJ*u4#}5YQi}%o~fmcoRf8p|>%*hpCoa@=MXS1_2dFU}-GVfm3 z@sT|()no{&YuB#Q`IH8Zfo+L2F97CyQNdIEG&T>oRJ7zBUJlsOhng~>8L?UcDVUCu z4{w87$`2U_%KoAKnA6_WVtuhgOfHrHl;L(7BN@zJy)U6Orj!-jv&oshld~s>PkUto zBKz6Y%(Lf{L#G}?tx~XLzFrU5W)+*0VLj;l`t0cutHa4yKgP$7nRJ`yG6jSUnH#gn zrswUx`k2X($@QeS_Tn2RUZ>m@3OA>ueY$TPu#$fKkjkp;C+}bev!1jHvBDTwX{ABJ$YzB3&v}!3c=Px3cC`L+*qML~me&0ME@9&KEzS!J1d5UW(L_<~1xdS7X4uzYVBBT*^W}i*+^<}WJNY-}YdUC} zT$On^noo6B9rKtzA`{hQCopKT3BS2v-L-ZPWi|5 zmw=TMyvUT1ckLCAqNoI2M6c5l9cHafeDq?Xo0nTvY>2+^xgxTA3EP;qQ62)4CyV4x zq^p~x{d<%-(CzE!f7dpfY8aaByf-IcoH8x~?YDG-`w`2)PahFb`AWxvnx+0r|0}!7gngQI!xMr zySCZ57-df#ftK6Sfqr)wI`QVK@!=>RMLD1?BSOF8l!E0 z9nAGwE1#`=)-2JH1T#hFcmBa0b1DOX4Q6glwB<4|G3KF8`WWD8Yvteiu|N8Gxx!AU z_DL9kb_$BZ@B)(Waqy+8c_XJzBHSbiHVU*FA3KZPiLeaAtXYaF61LR>M5{G_O${#} zq5NDc&Ci&xRh&ndSsVt2D3&-@1;TmxwSD~=SqIPFxcW!_+MWOY$Au@KKlp`z_}6~m zM}Obxvlr762xA}*2|6YOn<8F4Omku(KF<=4CxJD&GO~xjw8$=&ILzHJ99~R){44(e z#5XD$IeX)e{FQ(B%Xi*;?>*Qi=`HbkZ7@g6W8-5YL7L=!{P^*wpMLt?_r53Kr<5)M z$$T3WS`?-S$O+;Tgw!dYJ_0EG_~Vadfqz092Hm>#*0t-`(siqE^(=o&R25%-@#S~F z``r)T|M1ZxP}CFBeC?gL9ak&R&*lOly>sX82OoU+op1jNL@9Qt`svfB5+I-#w2A?+ zSzmtn<*$6_S8m__LIMDz>u+3Fm*aK^kjU3Z;$gWQ!+-M0rysokK^#F348Y5xUrWWn zCk>Ab!zx|9dKFT{&KG_X%g2u%Bjda8efQq|2lm5my?yJ_#f!DVZKyrk0o)@VF1=ty z1&*MXgNQIX%N;^v$G+Pn6Gw{T!cwr8${Spb=S*;$A~z2^0A*f zR9ZWG zy)9rQ!u{mC1gFTe(F&aa_ZE27K4;nSmL$2N#;HV!sW>|%!oEc=rKyA(_o0?l_x21z z0^REpHfjhbM68kzJL}e^zgkL}U=DSm$&%$eA)yT-yfAN0G3A*WLL25ZTFKTeu#Idv z@Ddy#S0s?InYqZDtK3_*lJ*kJY_q%s2h1#H4dTa?B6Wq=-;w5*%T-mg#28o$_BCf0 z22Y(BupHdvwDDtC$Lcs& zkhviaxFafeXx*jszZo;LgiDuGF~LOw**SrQd$r2!I^5sQmF6~^(Xz$u{9PLZ@HAn@s<sn= z|2nE4lC3ZHM$CUP7cXyV#yn>>BsQ}z;v-$*9U!N|j^vam983OJ)A#6pG?&nO#H`&a zHuV;@75-D3G7W&zh+zrFF+lD<(}wt;Qqn!`9RIWsmqHZp8mrqe)wa;ECi zyUyS0`X*WY#LLux>!d!?QPuVUYNfbr)K+UT_Hj%aVH3n*Qp3HCvK*rLkgE=utg8D!ORuiH);sqyVl}IB!!<2%a=QuS!9AJas zWcA3pjf?cwHbZ?p7==%x0J%EF=^Xf}h-R?-SArdfC(ox8;=Fh*tWW|5uBV&SwJrf| z-4>WWB8@ITr)5>IlUFdw`}%RX=gEB8oFePeTKCvzce)GJ7<6yHD2t z%L)&KD`lHoP5wqWx181mRj*<Hr9(cu|IvZll>!P*o$`#Y7z!^a?8l zLkiwu11`4zdgkti&&mp$Cb+$RvAYPA_KW)keZVQTnL4%fKc!0 zr;1}Vayc+~(vGY^Q+9M)IKz&Y9TlRxeD&D5n12${qQqH(WZvqzBIBEqmIH12;zi4! z9zI}3D?jTiyLPk0Ix7w&no9L)Hp z)K&4zKbz1_(>EE{4JfSxJF}yj%ZDcu(_F?TLHRCI&Wv%=nJWw5f3eT*9}|luxo(*+ z9ckj8oSwCTi;^&C)3B`47^|xkX!2p5sy5+I^j8_Em%e`Ccl~FN{_dZXe_?+17k=)q ze%}xL_A76GBdZK!HeWUh)7X)3^{-t5z|eG>XOlTT(JrsL@(M|i;Mt>3AAJ6;q6uR4 z8-MUWpStkwC!IF98`Edxo1`Cu6uN{XW9s^Z@L`wt#G0ML<=aTx|oKx3mW zNKmd)zyJHc2}=>%7g1>do@4+j<(WwukM7;O2h|D!$RVpVMGy4P-Fx>w`;_0(&mTPw zuc$Viz+0J1l}6r5sT`oy&p-PdC6K1#K@YR`^W5NJO0~NZBOC4tsPyvytu74>4L^DM zRAO#fePdmFeKcN5$rOTtnl^ayBsQj3v$N6ag@uQY9%;MRh2DMl9S#fq)7>y(2>#%M z58wabL#OyW$cn#m^|FRn)yLt^bO&z3uHlJc9OD5LJPy2%*Z;a?8rcD!G&EEH`1}%wya^I9zI5qA z4Fuu@vS0|%gaRRAc~wfSmSA#%TIF)}c}@f(YB0sC64s+IJ2Lt}^rg!eWj$Ps+7Y#Q zLJuUD0y{W2cZtTRIrqW+hn|`fsh#w?I=X$=gFB+3O?;d=V0_g(A&&>2n3z}{1~rj0 zHyvlTv~Axv4ls<^R}&Kx%p~(j!T8K6FGql76etWID7k`&m4N+E<@PajP7XU4F#lL> zO;0~$`V)TAPSj8FZ|det4RMda%MoCC=oEktrkKwPKD)4#-=~OuTJxMnSzx`GXU(3V z&%>{3n3J)e?*G_~4G#jH{q>jQK%47eazO7}X8L@DJL#fhbE$X)%^L#Dq|shRBYTGR zaxite&nu-rGdctNLUG;egM%fqYVvr*|t@Hxo z`jt`Qs>KB(=#afiHFua34>!>9E1Uaz)B6-Su!R)`jm0>3Ou>bTyE$x`OuZY7sJ1Uh zuL`Y75E$j|>DsE4$KdA{yutydfc2Pj6x)tAsYgcRvuj6&GlZdQ zoO-@dHxS28u4WYXmLR#Ly)k)xfCRIv@dCl4O)_s zDeJM$pqHbZeola+1o7Q+JgidVdGX4<)SU-2S-egihO{Mmppo#>W7 zEq{7B(8@zEH`a#tkw43o$KrY$S3}z->6S6|YY3@=}tXo5O_#6vC9-LQSaZo4?PPm7`;3*3n}FwO_oaJ9;`mGJrI@X4N}NhdYF2ulWM~}oOD9l#wv&RR+p+Fx45LmD3^Vkpfe3T#UAae0HcsJ zdclQtPC!fK_Mzb_a_I||R&_c;KT-#}1I_?FsA?!78)9T3SNh0NbooyrY~@ta;Y_X& z!y>nM6qYxuP{5J<==0xackC$b_}gg>R+haA9kq{wLo}{Ep4klXdECyE(TJ% zS$$#3@FD~`d=+iaiUEeDErQ) z`s|#l&1++0i-v&kPBpEuU=dmCMD^#c_|o7!<8UFC6ehWFp&g&Vc6kTVzg$sdJ)31nw-~?=QYvNR=fKgpxGRN+IpeT)|TG8 zA5~B7v(coMm;ACitMZa|ETOHkd)Cngg~VcqPn~j9!}CfL=(GFw3rvEH=0ZkdNXvZv)6w1oL+@n+@p^yxF~8ieFJ z86H87#-(-D9D$?JqFro-?#32t@H~=Oe@yMDIt7Bp#eP*Tx9v1%jMK(It&uS&iZl6c z=|;uc?Bct~Q&3mq-4;RT%%qzkX;zEx^u?$86t?agT2XJ>z5?B>JNwJ>wx>{o;}FBHC2-(+g4JLOgPTV7shNs)rVi}=$FX3%oo;9yfXot zlC(9&tcYN6Pxu6$*OJf3()_AX z?GsZo){rn5pcR+TyE$LqqAjmTNT>XjmEZ{SkcAIT`Nd{@mIYCHUzx2*+6Fe@0AVhC zDm7(8Ho-I@y0Ht;gJErQW3spP9i)q)pPTsDqJ?t>+5kX_ErW2dYMVfMvLsT;tyLf5Qu?)|Rk6Nn0s_g{_VjXmPcx2%u zL(a=cGvSFb4+FwH-Gz(a)Y-Y2+4v&!oE6~c*{@yy*Z=;*pZT|E?|fV7&mP_W&ZFCx zuDx^h=J$`Cxzv|{Jg)KLe8CD%zUdi9x%N>ku0fHUwAn+LoqF=cC%=66_InL|0~g=@ z^?&N`jKA?##suMI>4BO4;1B-5yYIf!0GO;8l>p%c+viNHDFKG{>Xj?+y!+1Azy5um zLacuD(I>y~3%_{h&YcGjAANEAi@SI4UcP(@s~Dz z-UGjQ^5hAJtWFB~E9E7V7u8y?HkD=|z^ss|o^qIKPvk;;kA74)Jb3sJiuB>bhn}Jq zSZHNNXsS~XrOJHth+El*@4x>6^1xCz`h>kxaD2d-uYUEb5RH!N!EHbJW)v!fB^DFObiS$ zvXnU8eFd$eNOMq_8>KYg^8Ryg8{6=)!e{ z0wL||Ax%XBCjo4nJAc+*fy6FFRiN(q#=^6?xmm9w%+Aand4H=7C$X`#jTz+fWgx0q z%7K>fdV@KrKwWeZ_p42oHqdh5)j42Ff)`W{c{2vjo;$lynXwgbWU?t|_zUasn0Na;53W&`$*9Pc z9>d&}6onnJE1Oiz$@XpCMy7+S+*epGdjE+T&AzNc>VBx1q;-dy{=Fk!=hn4bRa9wK z-C$3KvvZ~R!1{?kuTzOM+Uy!|Uo<&AmuY;OW%YrRu|IIC^Z84qrEEGr>3{+2Z5V2S zeA?ND)AEnGb1FV(x8e;gEt2cy+C>W$8Vm%GnmD--FT=)nLUU&!UV-&S*akvXgHFAO z4;oU#bkM<-iXj>fLwW z0Zx7P>=}5|C!c%*Hp&kx%npPr_zpN}6<#GMq)IE$sszj!G0vWqAks0RzC1I2W`1NI zCNdl)sIE#fr>`fePjxS#aCh6?iL1}AQ=S>L;P@dWNM0YM?L;p8mrz-P-33eRr0KV3#+Hg zd_mp1Gce!YoD2_%v7wN+@XV?$!T>Z{!3XPU))_Pr18)>Ss+EK^ROXOf;h(s9v?@?T z+gMl?Uq8(?F4g%7DQg0HrqZMCZ?)Q913$)Jc>9Yu%@-EHkPLHyIfOrzzP+~`*ewna zv$3%;Fq=N+XXpnKJ2O3Fc(QitDskN{s@ignHU~%)=(EeD zV~N4as#ld>vDG<;Rc8WD%I6I-$y z4$!U6r0kMye@`m5xg57Tb)8>wnB^$HTu{}PS5vY8DUrApm0q44qHyi3>OfuSUv6EJ zmU*u@kr|-XSsNZLihX~3v<0p1FTb~{t#^m7v#aY*Vpj5R@AIw7+W7hHFTVV#|KKnD z*pL0Tf8{5Buf52P6YlJZ4R%C2qX@KWn$>b5_8uO}6~{t}>TAl}X25Cg(@Cy` zoXh4A>UzyY|IFMx?@DLKMh1q~M?#~jY<61`$Sz;40dnm*a}ue1#GE}nV%>K4QJnSe zsVB~DHvEt#vr3wnnw^@p{ErU+SqsO%bnQ8Gs?RIbIjcnDLT2C&x-VSQlI9tm0}!zE zB0zgkoz_MAU0>I=B~PRz?Vx^x{XA1HF}`I{4!rBa;%PPdNj`TS-=JJgVfRnYaG6zr ziV)W#7*%RChoT3>;O@g`(p%oEsk@GXVNtdR&pZ{n2uuP-9GZVKz`X&FG#zL`T z$lTPUCT3OO+Hd+}U;UkbzHjUr`k@xmkd~yo_mZi@YH401&P^LDq@G36iXz!0Xe&?@ zC@06IPQPGDkx}-~iq!Eo;Gpd|xu8qITOA5oZ$er)8uT%1{{);4o*p~RF^F>$l&mVj zT7sX{2M-=_%c|qY&x~KYewBk*FxHbFf9x3h9_;G<2Ry2l|5R;kO3-AWQadWopFih` z@Xnokr%!);>(*OPuW+|bvQ+^`^VhFmS1G5enx=4A)!VnffFAtlqmOx()l?YYx8J_? z)vtb~0qMpr)~+tzS5bA)e(G5#yU$c7#gSmX&*B&mZuCd?(c;(M=3 z1EK+?OSi~^-;)^edqA>X!9T~y%P=uBZK3P68a(uj9?gP&c zauqbBPA8C{{19yZ`3YSOI!~wZ5JowZZNj`4tsr$uCV`hPUo>`jT0MsTRvX6RGtbR_ z8lHN@MB})mcLHiswt%)tSA$#sku@I{~{<3r2?YkPD9^ISe zZ?&IV@Vbr{ct~uMz74b-*qj4Q3y4*6F&NJ9*3la8fn+1h1~ZBBptwB^8dI6$;=2KVw$tYuhG6y_0Dl}46vzz%u!?!lg!Q=o%3U?UadR()evI)U#SG!x`XD43^cam$%%Td&-Pnve@+vQ!B zO^R$E9Z(MFM34`g8Fnr0Lpr&hUtBV!3inRU2bB6FM^oH~Y?@h)GJ^ z)1fL2YKnwE3KtWB=yQ)BuX;hO{=0wbr@s91?tlH?{11QWFaOU!@%w-GAN!+!=+eat zuUfABNJJ!=3iXfHcpt^f2Ab3#t3`hsXR86kX*Mh(S6p=u1z!mFj9lk-aMA=#ZX*)ZPeuW)CUq%zt66ur7($*9yd!QLq6WS+sg1xp&)aSOV0K&$ zZ3bSU0IMQru6h2uoS;d$Do{gK_Ksfb=(i}X3ZyI8JpT1oSB0z^@2g7Q*{42%9wYfUSLQ0z4%fDKODZzy}M9@tK~S zY$c=fqVFcBWBC-Y%bqRTwFE>7xhD&l93`iys<#&&`qHAfwmLCtA)*Ay`j8-bJrTq( zn-j@9ftUw6<141Vgaxcy+U`bLf|6vMbl!?HzTS!FClUb}JWr3dK-(_Scw2bim7wn3 zrRb=YR$X5@gnH4ut`!$8-HyFif|2EPyvLDM+XR%)`03C;rJM~J`wvm*A+#rx?1nQn z5DbEC@uzKXac}LtD`_o1*YYM}TK;TD|Fq+4ed%fCXMgpx(dr7TPrbR?4Pzy2rMN2K zohRKQoyJ6>G(a=? zyR&+U1}}LfSTM}vkyC@CC;MK^hJP$Y!5k^~#JM*|fBSztHvN+`-~HQ>F>q0d=Y?R0;(P zvU>OKy<4~5LgcC|Y~Z1xvGMV%SFd`c9L`fe`sfpwS2aclgl(RGyE&~*@QJUTYuB#5 z`Q{tXp7FGLNBJLq_>uVAw{NQvSmcfC*Lh>*q!x&z@?%f%=-6D2JmFyU2-w`j#0df; z28(K+>Y%Y9w$E0=`1~Yzo70&iW{~Zj9++N?jE>Yn@8-F7_bH~5c4azHC!7W#o(s6= zOQG|IlE47+Kn=gx_*k7fuWIJ*64RFU8aY5!>TBD=bgzqRRsYNvBth4MSr~&V#}@+-WJkwpy5CYa=6oGJDCWWZDQD5VwyB*n>~YPH5`nOdL+_i zj+UN_`X+H3XgRPY2M7{`D80%EA!?N9mRYt;z(mf~9z`BHU3%(0&jljdvd;(feBLwH zfAPTwS5qb#rfem1C)EPYqc+fT;H5c0&Y4n_suE1%G-oN#moD&tXJj53R%xybLU)u^ znL}-PtR3(swB)VJfl`U?EMdn+jfU*qkE$)8-u>ZDcrkWeYI950IF^bcR@76EGgTyP z9&TR#iX!qyo4%L-`_CUeXf_{QN)X!;2Tyh;Kbe(Pe&Yz5=MOmrzTy8;xJ{4G2dz)9V@l#(1E5vFgv77Th{!c&s(|`SEe(&%3 zT|fE9|M0b|Yrl!Maan7hte|$0LyUzbAP;9Jo!PxdarXq5_rgo7$1cy>vRB2>7~NUm zb*4wEB?{VjM}%ns6g#+xb9B+$sy6e+Uq ze$jqm;m*TngHI-Y;QMZ_EU*2wH3vc#ye&P@e`a(TW2a`EnD_IBH8$cfo4eCR07~z4 z@k(Wd%+1XlcyPYh5SGA+B`@`b(qkxCEaiMcX7tPb$In^SS1ybXj%>E5CJ%HZDg_9q z@1+Wp$F1pp*%VrYu$j4R6h)oO#8rifEZ<;+cXasVl?!LioHii#>T9-5?HX=$V>?#l zQiSlE*<%96M};Mgx6^wHce>hX;`stpykiHY-u7} z{xqyuH_-BDUA8olEq@wTtQ$B){4ojU1c>B-rLqGVAG{2ArZA{Ni$_h06uT{&7+1bg7XYAUc(XoNS`1}R>$3};} zEEJA~PAtv8I2VR*7;AC)>nzQ}e{AgQ!@v3WS^htH|L5+1>u){#^q)QZ?4Qj~KV4N_ z->I?j8$U4m#;={Z@WaoCZ#`R>e>%1F$v^w0ENT(H@Yb!jSlv)Hl`$(>0wn#`w|?pK z&pvOUPF$JZxN$?`HITjl5BWy<2OoU+*=L{gochTpp9whChL_@yl221;PINZqOYbKD zDB~s(s}rEHGAbF)iG$RK4;~_e!%H4pp|Fsr)tP#eUqc!0eo{U1PgUAubK7vYQBO_t)7pSZ!7 z>aAOEDV9rD-phXVSKrg=V6W~_vv1vc>&lfY+S{qIXJy)ycC-To378Vc0AlnJtc>3QL!(o)s2MjPs1$9u3Wif{93Ek=`y%RK{x7{Sr_;TR$KfpCAmMe zwYBUg2lO&k^yD$D$!+@ z$0mRJHu5vCIO?%qZA}-u(CYzY$ukSgQczx0br%bpH==#oa$pM%FfD2o!;Z3qDg470 zc@F<$29oxgA~c`jRHw9uzgfq<1+*&d%5rw~@`8@t^8Bduu#9n*>NJ0__q(LMg>_wD z_0+MQ@_UPD)Aw>?ZFo=lqknBb##wOs2+)nS^SG9bCT36RQOiLtzhS~21zOPR9x-;a zVncW3rhS7S4Q( zy|~grFyO!{{-{0Dcdz2lK}fF!)S2}|5VsV7iT*yXb;1%YKvW1sS9d#6;_TM|DtYab z8Pwr(&6iznbX&RE-^du84aA3Ze$*>@o8>u*&x(QWHox3!c{V#6h)+9W#oFs%mqIaWn5iD_L!E zPHadwt6I|j+=>GZOir0QP7HWk+M4HdIKk?J(S)9q z6^m;^&>d0|JM-my*ak~JPhf!*&OUt%=#&$EesE)hRkDNyaELo6*XH%>>t>A=;S|M? zfR~#3H?ND#6GT!2_YCix;dZ%SeVUs)(wTzBg1FMAyxxQyV0vDuTIZVDnZXuB{qAed=_x-MQss;+Mp=Y zf{Dhiw1?xt8hbA$cX}zXFN^&HeWOFC&W(=}kHX?C^evJZ;QM?JQsJe&LXjRKdooxN ztU-KB{|f)IYvrK?sO{g5%&ZwNEq|Kzb&RQ&KdErr@p5>_OHK{3VOpS7_Tk{bAdmZ; z#0%#NSog-Ktb{v@UuI#x9k+I^QGD3zJ1rF08T0asdD|mJc{F6rcw`t9F&0T6M^lrN z+A=(1o{!cI0i=3qaO9NfUh^0gF6k=}^F2FxV4zn0;xB&vU%2$m-!9tj*0;a?ouB!c zzj^;VKMRX6aP0?w_wW9fe&~mO5Lkgj)1UwOU-_rpWdi?B@4#bN;T+~qZ>eyI(9v3EqvsDe}EJw*nZ8XFcG%WZ|?l9o2`{$p3uBba--udX<$6x!} z+e*U8N|}j+^9hTJS31>ozH98vFz!*&bnugts zpQxgS1Y8Ce+61iP8jZ34)V4M51qZT+7j^p6Cr{}^Tfw?sM+416r_pRA#9-Wusy8V! z1v8G@*7dh4J|U!B0>>-L2$r5&*p6ncvvU-1VlLl_{5o(jjc`c*>Uzb_3O={a@hnE9J5X;A)AnioX z_?nrqMdb5HG4{zJfp=#YT{wS!Aa-I;7$!yyTT6OlVQMN4>0H|!3uWFYQz3N;imygWb7l&3@m9A969t?rg)BR{bx9)c9=x^_WDh$okh0Q{rE*K$6jj>hjF;8@$| z!%8^UCTn9_4s4SHM94+Ly`5OEUs@HC_U%|H+pOZiCNq*oPmgN8SwwryEEW!7C+)#` z*@0!k5hIKab&wrrpve5Ucz>ta;Lju+8x||JL98TYvlS|BJuv zxBkh0l^zcn(2Xnd%t*GNx=g_ynJwO3k(z;l1|S`#W@8 z2)XLQ$POLx`#>=MxKvd4U8&I!CNF@Q3-+?$KEqm#6XH1ONSLX!VMnJF_eRx82HzH# zJXz8bPG#j5KXbdG<9=1)@orYAjTNO;QsoP5RLe&3@eR=7Q?@TAr{@R{TpjEwN~8yc z^wYX)qr51gvgjp-H3cPEUtio22(BtzE%GNe!&AxF{PVHValU8M)$~RsxA7Zsz+RJ1 z(b4(Y(}Bz9$4LbVtn@gKvxFeNr5=Vr%m@x!1Rg!*Az*xHlm@4-^Fp%l-UFb&&1R$xGMP}JtaTQQvoqr1a4>o(?)W2;p}P5X}Hmw zc<;h`1V6n~_jF=uA-<;+c#A0z;3S-9Rei+AYWQg({c8~Cdq>!zE}31#i|`aV4$yn5 z!qkoAS-S{c&UFNK9f^%Th%5A`{Cp3mLgQdym@nb8V}WQX=E$%6{L93le`V{=4~NE{ z%*J-wTQfj%rKP_!0$TpG^3bacTX|^Z;rPe{X*aQ1VweTB+AB{Zr%r~)_mc$&tWW*c zXCh-httquayOd1kZS#zt7|qQDbCoXyR7nQLt1)cLbx zW_fQ2u?)@cWp_0jXthjMj=ZX?pKBTz_1vDjG%+)AE7P#vq=8-g{PWxIz4yI5go}?y zi;PX17cai?jjv~!QEXiX8b_f(hXA0_y0lh&2GkNRN_Vo6LotI8NV9kD+_Mp3|A8qI zAjSTE2-ll8Z+!o+`TpudUTZY!Ta|g_$TGsa?l|1+O=yV zBcs=^Uk8?b{N%}}pMLt$M;~3je8q8HZ*>ym7*I&X^QFoG&$Vk;xryb{Ri*q*UAlDX z)~&a0-nE7fa~~*ctJq@>&`Z=WP^N!6{rdH5=}9pW;wcgv%n^G`Ru)g^ukyEw zR57&WoxAs@JKr%M;T4h(Gpf7hl+7ulgtgQw4V;n?X>*5+=1Oy+jP@P9`Cu%-mv~D7 z8kX>T9m3Q@7Xepcm)eVI;C-h~Juj4=&GWrrl!_n%-OcE@u@_Zr&aU?9G2sBwBHqRk zoH}EYaUzB)Al^7oGVjiQ6K|lANkhpO#B!#1@%ZsmJC!4meMkx06x0%Lb4y}gr-{0O zM$U~jcB7)US-o7vgVB)0*H_8nG*6I2_~ar&G~ zk5$!qn)ASbO>Cc`RKltR?a!72JK_Loq#)TC)-S}#Hw}8f7P6zF4qakH>5MOyyqNb& zgEeoh8fxM=bZuz~E)LMC-tlr?FHkWgJg?HX5to{E{qq+o!*ot;fD=~=pUSOrdha4_ z{?O4d1>GFmDqkU4yjz<-EVN#(R(OB-qb{|hz*LKfbt&0TdJeoitnH}XjA=ouyUERM zmQ_l~gtru?r%_-ZH(jVf9VR|CPxi~}4ZWU^56W)@Bil4HyNT$t_tK>;+$-L!2s7LEktkb=~KG#PH(~#YJP|| z2c9*WEYQ1^-SDUUZ*>cgd|5?3?@Tip8A?4?gFWn#Xdlw60)I?arlmx41tJHuf`WBk zFuxEV@+-H6fwqYA8z0DfF+VbNem=Yb1WR&e>fD1N5tDJz)|fN%C@Ld2yG1v_ttQfL zvvf!I83AxHF5Ru`nAfp&w;M~x{pT6!?F#U+obNvw2ewAc(Z$FsF6|1PcCKKY=Lh3c z;H6KfrYJc^Rs`Zjsn9c9Y(_{*TO01~z4{8Nvb%@2PtdBP#I@S>rCSt6)nNb7!oWf} zRqcoT3tco8=P}@a;I`404K8Ga-^hMYTCENGaYI_PmU{L>1V*IBip0u1Jvy}i$ifX; zaQLFDzpA_SmyewH3WKmY#eNjWQnLg7v+=s01NA}f%FQ62j*ZS)DJ48LKA)=ndPK+N zTOwR=Z6T$-{8AbM#Pkx-o8YCxMVN6gap-p4rh&h%X2O|$<) z20{pm3hIU-EG8syQ~OO8CYIe-DXFQ@Kk1XW%28ry-Q1k58Ztg=k#RfaS2=C^;zM;% zcgl($Yx%Ree75{)`O}Vl2sO~WRTb563u!|TAn z`3rqxCIP&4 z%Io0Mp)W}za+c*T9dt}Mus_W#sZPOP!PpX1G#K5&MrHNL{!rD{vOgT4hv_Bwz`|Y{g#p1F$ZxNR)yGqQK^?Jq*0V)n3hxL7FGm3 zUlX6|&?$>cQERWNsA~5#Ik92W)@E;GS`O@p12NzOw|Z)9?DWKhH9wBUiZUH(q#Y1221U$?(rg+EHx`+B+hS5c6A+11P4{VL^eN8S!m`AtXc zQJ@8_?h#`*E0*G-=epa~n2!E@ImWqx2Zl=wOU;Qi)tAF~> zz4zVsS3lVF_s{*K|JT1C{Y}5&zxpr!(@hgDKeS^)IWP9be*u0SxYrg z6x_>9dK!tR)t;if8}>IFlDrYlB}&{A$-1g(J(+rf!N3l{t|#_*1+8_xO>3thSHBA! zogBucuYPA4>$wtx-i_GKJe3>C4GigyaP$e~ z(z!8_jX%N_saO68HI?3=wGnVI@R5Z%3;1m)>OirkE>fEF^4L(1v)hjAqm_lVzqaN; zus21enL&En&}|aEQyEUD?vWFB1J~mwU;%faatF&G1A{t}dQE4H&vp`ge&Nhmz~q=c{T#wo4P-+wyaM>}5j?ZCA^mR(@)1w(`*7L#t1c5v@GDqCBLf z6sO>3AePeEu@Rq8;4>6st7P|La@|+WUrn0L1K#^Elg=-C_swg!3(qEJl*aP3DB#$f zVYbeqrKiN0^yj^)^1?exvMVhNzgS8Hk)7Egr*DydW}1%gSVdc0_)-f3S-3lOe1$shUx$Wy^BNr+8w2qalL-Tdbp6`3H{X2Y(&bAKiof(rzswU}`QMVj zfuFm?tFGL;I3p6!3Xux@;)^e=aFu{ymM0A8<;$1hB35Pe6GY^`#I-Jweci(*n4e68h*@qu~4D+Pb zz!_=9=cZPACc{S9RRoB)BIKo&E1J7^@8k2u3xQ$9WO!D#bI{x)sPXfdU3lx17jmUO zTdX^D4gQEfW}J9E%{3@e6#J}1$a5fy7HsV-E6>+MR$J??a)6F9vM5{1t-j()bFQmz zceUCb6b7|+`SL~EXZP?XI;2(fpP%3lYZUOYZvs%9Uem#^P?WGcixr3uqZbzisk zibQSV|CXxWO<0}OqJ_I|E{me@b}wZU#C79f1 z**6Zv)Euvr#K}}wwT7M)?p3U!Z0oE#@2K>WqL!)9ys@>G_;~7MHh?)%_BP8`PN$0P z(bJ}HIKOUxt;?UBR-;?i_HS?cD%p59rRo$LUb@{cJ>OK?n|?d;bA;3P@?LN*zn6{yJ2fd<0jQhfS7hed1#FN*Mwy4$hcX>G>G>P``>O#?pu0M|$+DXm9p3mSn^PyKBmZKmGaY6FLnEe6 zECz@)n@XJUoxT?f;rL|puaoyub!@|?76${CzEhL&M!CH|qb6CqqSp=se-0hNhk>aZ z(@01R#{}C)q8RcyoawU~@jh}b#=sn1IOS~Bw(F|Gq6B&%zcggH$3V`(ELTb(^*}xP z6^K3Cwu&IGy@iOc7=hmS?S!)mSlE22E6GsQD*v5ZmJ_Y+J24nWb`Tc+CA$uRj3X{w zJ@o-~{++miuqU!*fo+0U;Q)49@bIJsL+m@B9BY|oNT9g{FC}BV6B|XX9sqpMH zeW$YR{b|-|0&);Af|SD|@>g5L7&vekXU0Z=!uQ|DYSR>i6>Y)M)BwgP|5L`a@fx%B z&Ie{w`0)wgp`L|sn0YbJF>r%eZFn1OOip jY?61>#?tLmgS^vdquyjZo37pwPZu zp^p;kr68NdbMe+}r<1l_e$=`XdfN2SM@@g_Na^jbmOm@_vqqj<{+~n zWJ-thAglHkcvn3gj>b=UOV*>BBu#=9C=3FDQP#s(uq?GCSDz~;bs3{E``|N;99?SJo4Z*tEif)grtyhU_Zn^GrF1G zTUg_xLoWvVX2wo)&FV9&&!5IOxg3~TQX$?^S>X(N8?qraakv}qRL92wb;bb)pfC(-cH?Cg2x;c&kg^Im;?b^HVe9d>N z0ZEsZKCvnB+K+g{mN(Ry}S2Z(5sSlyS-DS1d<_-htvlTZhY{;M_iPl z839Z$F2p)QC0h!fB2NtsWxs%E;4`L#l zpLMO`|B+|HYiuCS6L^wIDuL}nrNpbnuaTm*>fPZ$YNK%cT$m@P9(tL=hcK`MtlxL1 znq4Y|dQ1(ugwE&B7pA5recZ_x#k~>Y0CS~;72Z&aC(3j^p?2~cO6HeyXCdd#Dz+DLQMr__ZnFvK7)n59i+fdXQ*6eQsD!h^MZ#lDDVnEFD6_Hsi zC4r>c3`}U1&sL!#44j7BWq<*#5@Q3<_$tsUp=IY3NloJVX&AC#C!Q1SN$DN&DMXnh zJP@$~Xw9h(zIYKYuGHvTRp4$l{7{rrdb>z1?M)?my{cl^y%oS@S_oJ5 zW~spg*t!xP%Pjg6un%7O6^X>0yrP&8zV7EK{J;%g)x(cw7j$i1?btS6ys z8`s9{D+fvtDY|FR>vf>vRhn~Osd*ih)o3y=u(E_LiY*+xe^?9cvXNc~U2UB&!vXRv zo4qNoOq1%+jAAM_m2FJQX=#V#OBzpCoKHoT+%)r0VjC-)Y>U;?C@Kr1%(pDRDvkU0 z=xNh$-e2qTC(asUPime16`7qCf3pWNQFLHuFEslwdNO1q6IF(`zi?nrujR$tQq zzKR1e6cWQ>|3QfCM@$HRTnXO{m6=|pBBq`(ni@4ffEt&?t$;;paV z+~CQ&(VZ>npr2Nz#-%DCX6&;V?;;mFUxo`iyz@eX^pQHYmZZs)LfmCV{!W>_^;LRV z_Ah<9TC5I2Y>=B5s(0`idIZmDMmbQM)%T(Ho-nq_k1W7X-*Yb3Zs zRZ^H;5WN7M?tfc^2a30^olBb#5dA*C81R>wIcgIuCAwLsrx@(iep3-CQl>HCsLNR3 zjLq2TbXIzClb~J`U_Dz$>N{6T+<~+wQFfs0+gG7SH)OXq^03qXZPVBKE+>J5vEF$V zc~~h7q@wNLwtpMt(8@#1WIG&R?2);2Tnc3c*?E5a^tm(Ko`$EB#wIbr7L!eUG1*2P z5hEO)Bx+sLAM1`uWXTH1-M{HsAku}*oKtIWk7l@H zWmK)zQ+cnbRHD-E>ngV{skIpbj%vq*eRc8NnC%W`?OcDKk2*sbIKYP8ft6(Uf(|fo zp*HKhzcB#T5YmlM3!1zQH8R3SDZnT9qJRZoe(~k)t5?4Am7DOOywiafsEDI12!kTN z!^dthYyL)=Ya&-fL<)YqMn|r{ab20Puz2_3M;`-=zW3gD(E~#3z9LU-mBorcF0{gx zYCEd9{?f%7&hZ{MtLM(0D;#Q*H)&qdF0JE0Rls>U7pJNSBD(1`>iM&0z(cP44<7Kt zsvJ0@#uS%O8b4WUYIHbv{rdHrH{S%u0Ed0_=n;@d^z33lhh0o!qU6xdN?cF}sXCU7 zojQxIxOYi7?tihuN(~^4NE>k}dm~$m@o{I{F1Me28co!4`sI>{jNC z6xB>2(zUA0Dp@jUJnp-BkxW$I!0FQ?CMjgVcE}}}!G%=Gq)EhToM@Q7%}t!GRypmx z<-p!?pyZ!6Aaz8MxH43jJ$@Q$Y(E2`sXeBKlQ9YkwEFbv2{zc=Tnxh*I9HEjSC&cT zZ)EakZgy^Batcn7sFUh5${Y>vtvSPVpxY`kC=6%wK8MHdYQJ&g%`;~jW2qtGcm?!` z6^*-QmqLU7#UfE)VH6Z@TaREbC3fl31)OAUuB(n-JLB{?Br-7wk(ii7>MN2|c5}#F zUZG4K#1J~Cf`j3}$m@HaY*LG-c;zZRY_1`fn`haiwD!@l+Z)!jja zC&6Pk>+A^^cUUMxyoO2)ha4E80n7SiWd?M+@ScX0^MxfYJWu$HQQ{-FUzNA|AXdNi zt^aTPS=Od}>#eV>joc`PLQb$izy{)MBQNdK+|mHi%FHYfnjlPY26(82N}nnMh^Ho$ zu+mqi4~9kZOrMGU*pKvi=o4E-RFxX7rkv&YXHkV3QAtexN%|rrKHE{VB0>|R*4LkV z{(u~l)3f|cYq&ETfYq_S<ODZK>RUg}X zh*e@enbfw`9KhIEu;Q)wx*rPWSZW>$I$sNs`Z4uJYLQ)~0Nb6Of>}ABEiGlZErpW; zz^V9(WySMnDP~=Nt4U6z4+Yn~P#YfQX+>`+r13*7yARvHJL5pGx_hn4S<%Fx_-|J64{VYr zi{TTUFOrmyRClk+en5VruttrUupx;~hN2+jnl@~(rOVjS;US1s)0>7jDfd61cJdB5 zySNkxhQ-A}n}a#&gFc)pK>7Ytb%<&VrX^yPgH5{M?Hy_+#b7gg zPYRFgpRVD^W&Cuw<7IsnTRfWO6@y-mw+zCb3}d<@MO&A@Q+nF;2hctzbrg*M^|vd2 zlmxt{^+J%-(xWF@{_o5Bw3W9bJl^BW4QWR?-i;aX)S!1Z%z*WdQYyUVo8<$~5ouwC zP?!cOB0p_Xlx?E~2E7cXONqT(V*i0jW|~%h6{I?WN+y@HcST7#?-lD9)0JxVy*uZ| z{!jDF%w6Gi^`S_01)2Tv$>7r?(JlsU6mVu-02(F^ho+`^`Q*OHp%Iiptx8s5Zkig` z20#|BUAubi`qfWA3ty_7jDGOJhYsEx!i|iKs=hqHalI(q%^qYe|H{}Gb90X$KmPK| zFJ*-Lsgzo+e7;e;8M}X(>nBe_F?jmUJ705*4Jrx)@yREj@J0H@8`s6JI`-4(Fo}nU zFJ8Rp8?v8#`YAN6H0sjoix)dzi(Zurm+CYTV)fC(M>^Ai;#+Thl`B~+RUm@2L^9Y@ z@L#wt&<$`{Kq8c|#k&-Dk~x(W1K5F#x88aS#)50uKv1QJS9Qrn2=szu^8`NyrdAhf zuSg6jsWSnpRB5r&tt&Bt9;35k=8OHc?x4i|OyQ=*? zpjA5m;iE?szU-d5nweJ#io$LTm)=C_o}Mh9dH-c(*whxwbELY&ONM48AS1ASXO1J} zrI+E@LUwV^U064{r!C}fm{|6j92oiM>dn}Ocf^5`|MZY|1}6#g;9yu~{?QKvz9~&g z;T$Wzffkp+WhBbtieAY}vPxM$jRMxGn1o`FgESeWnPl0vkyj*mldXRmiz`ui4Q(+l zHC9o_>W**N%bhLWQXSe(OE5JV;j|3H$TRv1>kJSFpm-(TB4zaSJYzUMx6pOx+;m41 zcrBdNk7U41^mytqx~aS2;rST7FFSs<(1->D+O-{DS4h{!m zPVa0$m0I1_esySMIa4zW)_wm*<{Q`E6778_lX?BM*XO~04tP0^RV<;U+j zMT+k1^l47N5w1>8J258WPRh&@X`^G?{_WVwn6XD!t7`X%v6~f}U&{*61{v?@zLfZq zcPmyKzlMZCVAGe%vzfv446V1k4%)2zdiLl4!e4wv#Hw<93T^9}x+#268j&sysR1us zy50Fm4CrV;M0A=fS*h`k9`9_gQyN`!J@kU&Gkw4jDr54Y!jWJf(jx&N*BZ*nj)lZv zIw0W{&f>{Whdm$@vHQ?vMfWe-JP!wB$b~lbC6XXF8!$EV;_1Y6ZsW&ypPfY&5>A3V zPx3bc;H{QwiIwF&G|rZylq{iJOZ#^<2N;pwmu;5BY|RkML&Y@fgw?HTe|I?$LnBXE z1-fy&@RyJ{cMDIJ0sWi-gDRPEw?E)+^Z`gs&&}O^_p{*{jDk|UCtmW%+oAH zV97p9s006u>$!PF*>`BrS5nvFP{6wArQ4(Sm&=PzBPFQ~z1lluq77ZOTjjrWEiXsg zk<3*r-K1%lY}?dEm@NZ|*L{1t(kLW)=zys>qtlR?Gk@jWh&+EyW*M_MI(+KfcmNQ^ z8yZ7H%OC36geQCY2qn&q#(ddpDAaGSaxpXxf*065ZT_nlPPy^lHk0qodt`{>QX9&8&9@Vex|8} z?pxE-rr*53TK=^BX@*{7`Q*TA$5$vN;?eS_m4{peY)c;Es4~PRKGR@8d1r$gsF7jc z;fOVD6tVI$8$O$yp2_!JOV~V@z58EB0u^gOmJKhNS-VMW8inPOD~^S`RmAA+%(pA+ z+xD-ju4<{WGRBDNe>f{@TB>~L=JF4Cq7R5djJO;P=RwnG@uLw z=gpfpee6Emmp*tfGaH{Oh8%^lvh8+1I$RioZ` zYzeh)Nrms%ouWZO>_+c5|89fBT{<{yw|W-kyuo>mJ{-R`p; zke=BY8HNuRp7uuQ7U+S84;~p!)E%dWpks~d+gYLen3@_7=*O_vbmNpHH7BT6e3rx( zgjU!Cq&X8jI(6sHU7FvE78}hXPLmX3RpKqxY3UzL6xgVt6qEubpsvk6Uw&~% zEv2<6ZMD<+917Z9=PMd*C_w{iH3wn9sUoXzh17*Gxoln~QqWh?l^54WG#rO`R+jA% zc3OUiCd@5Hn3szjB)PM^>~i?3o{bLf^p68W_Oy*`MK%?+z?hbPC!PG9t~iIMOsExzvS zvVA|9r8iAFrleW#>gP)Zq=Mif?Cem^oxLmm*fFeF zv0|+i5i8d2Cl3583znOkY5pxcC|RPYf40|O?>zSjPnUo9@!CIrQs%~XYmCjdQ1x`< zwI@DhIMHya*NrEN*5Nk(eP0NAM&6 zKgImDY_Q-3P>QVVS`JHrW)Fg`hLMYb(xrl};LeVURwX6yV#Cx|`NF$NTvMK09k+$y zdSRNrB8)5cGW?@jAJ~;G7TeKuZz)q)=vCkSvke1KU1wU>X?bw6B0^=T(4(OiX>F^Z zOBj6&G^*qAfLc_6LRg}+tFxcD{(2RSG<=D5srk3cHS*f}i)EkL8e5$ARr9#*+MbW% zcz}A6zT%DPY%Yh#nf$8z)bxZS=la@sylw^cBUcF`t>gnlqwU<|7^r#oDw@m{u_7%1 z{A>r6__=#k-P?U)U_Y3Y2O;$Y$2O8^YLI82jh=Eg6dy8Q_y8NT5pYKFJ-FS85 z)o`jLhHkzGKDzmmNGOVkX#9VQ`w9EOKad2{FWqs46m;IWFgv}-mVwzvOXVwFrG)Rx zSF3Krt}x}v;?1LHmzpb)Jb*_7JokqSh$hcYksfAtdcD8&-o#6B+mxsQ$UT#g>?Pm5 z6{|e2U*B{{<|Np%NM@^eaq#oWFHh;lQEY3q$_7p{RisQ7-hcl+9#7T7Sd-=DuYdgo zSEDy?++a4e`YO)kUM?^5!X>j)D0M0*s94;BNMLI4?YG}DkP5I9K8e7S?WaHeEv2M+ zqXsEdmHy8#LVfq$cRu*weJAl>e)*e+4c(;-54X;;T=c9OKce`Hp1^%gFVkk3M8w)GQ6co$lJ&TW`Jj;6Z#* znw{>$?;o<6Z~~_iRsw>Epoky>0LHa2^Vw&=WQwE}rUn{qasp2_odvw$m7uJCfw_6B zU1*1MAAXhYsyEkTDv`4aUXo|w2U-e0P=TTv>|GKhoOw5kL=m_Z17P64hCuq6!`1WcsDo-J5^+HaejkS2YM3djR-(-llF}bP zl5TV#rLC@P8v|sn&`#MsUNXWQWQ|>pX^b6`R?4$N#gRA4Hv#L*^+T&I$x<*V%hZW& zcVqB0w8(`_)OY|5A-mKZJ{-&mV!qes7eZ2OMAF|6p8Jo6Rp?Hk-&h)VV`ukgw zy%HCAd>fpcMC1T^{7E!_IqS?hfQwoGm<*wV_Mg5&T`aMtVZNyuQ(mZ9h3-52xj*-3 z{>Q)ZKilircZnexKm6eRA*nkhnebtxnpRqkPMo|w_p|jf-e>9L0{XT;l~@Y6GQ zZN2DWqLot7Q^>CgVS;t3rGuNt>5q_ETYOzAzZ=fCiERk*I0o`TVc)lqEf`(!zaGSf zR-%mw5y}2+OsLk1!UjH54_iUcUc{c18X`Sio-8o{iEWK_=5f3|`pcz3pfO;|qmf<% z-9K9~V6A93!8V^2GPT?4k#@zS zdNuAvwNYZu+Ar9+TIN}{9eGP#%Za(UIa096*_5^UuUbXo*oCb zuykcLti_}B>nLTb>Gq2Bh_$t`*ToNq0mI>ZLfQ7X9ImQUE=APYd`z3w5Livn5ffx8 zJRZd9_^8nsct#DR26ZDF!QB{-(t}*H31ujER|{H0JXF)Gw~1td*iI20CG&FxlH&)j`lQLjB24ejJ9IFPFjp)mL9T&vx`B#d&rZ zyuQ978$4)QolI2k-o3*gs{AZgIfcD0>)rQQ{A>ImZsHmsbm3bsTHF1M`wv+8UCpbG%dI;^sqs#a*|Z@u-_C!c)G#^Q@F zzHoA>PJ<#_)VnR{Z0@>*ajj0NP!I>?s}Wxr2Ei_r0q&2 zjh!d>&pWI|qVSL4A-|py&wIZv8~irZh=XU(p67s$<9KtkvkQw0=VgPp#w$4C-0a-) zvcAL?VJv0qs%N}USrCSvEJcVa;pNNKWUw=L?%XD5N&-qb-qFXj1D|tq_wM;#x8n!T zfQ=Mz?}7+^{KFG7$Sbmd#VRXdqX6@Yw0T-hD>*|Rx@)?F)Hq(?N47RwBKAhowQ4xC z_tPVGO8O)2Sc#anCB}>7;@q^S_{etW!UKj}5jLHwWOS&Lz2jO6Rj>DNJ%eK73@{sf8CFjRPH|d_H*aJ-)q~j!Ua@ zj5t1jpmvd5@P*t&jdS%Z90?n+LB|fGRqLMqn;q+p#oT0k${aAIc!NaBLE+i4fz}Ja zS*b?CM3^AA-gMD(i~*!b`lBD)`Y74ovFjV>3p=`x!_;Ed`W@MyFZerX3j+i4)2(kJ}7n*&JnMR+r zK8hs&r-5V4q49p6D8EOzee33*{OA7Zzx-GJ>K^%aevQX+*s$~a!8c()S)Nm)X90MG zP^JpZ#9cjaOK@`#@`umxngu9 z0yZ!@;y>tE#3+}=>dGolZ>&feaWs|mHMHTy^@~tyfnoWnc2X%ikJ=A<+&$Ly*!+>hRM-#*k=-pCL$TC3W~|A!A7N zGT^5+wNt9b4gl#!N1C0QyuL8wqp|MD!Ao;eLbDy6m23 zyuW!fG~0m^n|76IH?5DcF;W{raTSn4xMep(e!aGSujZ`cZL(OrOL0)-#K>2OCtgf2 zRC0>O$}$!$+a!G4c!~0HaO?2+lTSWo=yU!0bq1l|efu4YC$)k?LE5Oj9VVX)M&Eny zoyEmPDN6eCA8(^9F4+t@`Ym9ZC!3+H?F|u4I4OVUop+q@f%6Ua2)Az+{8sag zHt6rX`wr_OU!Mc;M<0K5@6CH^{^+BR^n#g?t_cOLKC&p%7w%5g;OFhzx17DPos~sf ztYf{^7Qg_k6m&Y#k@BM-ec~qsvRDGJg7@y-)etxvREYSgX7;tJV!9-v7aD~bKLDyg zRlmo_)1I0exwOp%0OT9TbW{^IwR)#=gYH$k+6xdj3bC!{P(QnD5JlKGz|6(#?1+yS zgrhOEYI5aptnfgV%qNZwE1*ME>N&J8l}A}rErZ&MZbgRX?-KWqfx>Og6r~K)E~5bd zI4!he9e8g!J2a>E-`tt!WXef?=`XU>S8~L&;R*UK6s?vhDG7-8V)%?i^}We_jD684 zDNwd#=sd0*gs0coIp^IrHZxb(OrNk=U085Aq3%?B+beU7pj?QmP&I9bF6T~f_%Db( zjZlC*;{$!^#Kd6`XC-B&O2_l(bxxC>bg z4?%%A>xy)gR7#c>Wxy4QgQnV3h!h_-Y4r#{U*eB?Ij*S9%&g#(hX4R)rSw`jXXIw`L$WsOeF;g;yWHq^samo;M%^ed4@K~eS-zFMT zX>0$gw<|$yi|vVE_x_E&qYytkhms4Pm^oG$XI1^ZxTt0`zH2T0`n&vnObq|`aQHE% zrg08OjEBK$)w89cR(dyHTQE~UTKF0A_E?g-MbWXK@ko{I!te;is=91j58BM1`P2XW zU;l6Z2iJ2CTCnolamHs4TDAcd@H-x=zo!=y<nHPuV=}aaaRLwPN8Ol;4V2pY0ro z-;|+wWh2<|rs2rWg)aUZn|-;A4E4hL%1Y7(oMmKf0*-9|QOd}|cIJQ?%33((L_B_Q zV!t4rs>b1Pp9yQm#KZvv+Xwbeo;-gEfc%itmW}d&%3r^rxg60l%8!~uc^wM0e0hc! z)_y}XbcvS`1Lu?~lH}3xCMicsj-Lq<%f*~0mvBHYSeI!oPGb0YW3d`r%3Cjz9=fwQ zFZIU}j|gteT=mxVIoq{mwWC@MY1dzD1azUpK!<@2104oB3|t5dlvK?d8Lurd?%iJG ze9LKITfEW?2}e138)pyEeswNz0Djt`O%1Ev-50#^cH#K6&a$Sjq<< zyypN(hEOM4LDha!IHilrQ@)qpeDj`Db052Rj%$O(t2h##m~@EFj!=b6f&}{m>b!pA z`tSbk?|k~{Cr)Icx>bEdWr*#C>(?2HT9AJ5!TYuvKK=AZz+=ZFok?gF@$;>>?y>LD zI-gORvjxG0s@5es6cmy9&fPnclVPX(=9_Q+-tYanV}z+TmSjR&qh2k4w02+u$$9X}`1t<) z?`t$A8d+uQth){N1&A9d=uKnmup1Cij{Ytz3>yAkfX&^ z4nv&tXHKCDm?X$CUj4-Y(b7PdOUg(@V`Pw@x~$;o&|9^REt6^DR`}!yNN{@*&jBeg z;skak;MqgAG2$dB&V%Cfe5kx1&9YIXH1-Im%I9H8tkIF_o8CJrfmKfpyI2~y<0A%;`h!`+ikqtJ5u+b7l<#0?CyGajLC%jU5OBozd!n&~>tzgO`={zIK8a_M6*`^;7ouuO-31_%Hma|KvaY z&-RynFxT5}y*Ze)&)pwoph8O5}YboWbrZPyWjC= zc@fK%*FN}SaTTkqjkqybgNj8~aL5!PYpj1U&8naFuS|S)?)B@5v2piq{na(x$}sd< z=*{QVD@<4qwO$%p^Z8A*Ftf7>y>Q8G2`wB!&Wtu@Kx_EnyiXnH7yTy!IkXgJ>Ur#K znAB4f6Kj)Z^ya=vwUQ>MKGu1~9wA4q9MD@5Jkf9cH97@osBl`-nhSq2=6B1%Tsfc=#rMy}_;g z`UYv~a{PLHiy@Y9JIsUaIJh_|4aNo-0FPhwv$~qU276ujiV4%#s-(bSrDtNk z3OkS<_bIKT_l(qNMM$+JveiI{fWb4D*1H|P_A8LL=S$vU%o5|#SF7Pb>X-zpR%k%+ zw-#O#!VB8$HO$jKb%Gl1SIP3Y5p+x~Mt{1{VW7i6hk*_Q9R|(<0~Q;ar3+ZAvT|TR zMUq?hJEUaOKn{kuBN|hL$G;&Z!)q657&`{%M-&$Dp`@fHLmO!nlA(y#cPk@jpNxAv z9g;$kBkGNf=d1wL=B;xz`zQI_>bVNOLeXU8CdHe0RcUDv7W$+s3dBA25nr@9^U#I})cuBe@^lxT{txp&y87GNa6lBXHkpc`| zlOk^K?)~@Q14E|s`^ZEoGW$XdYf%JqgMM-fE2p*~P>M(e75d4%K%*-3Gt)zLS8cOfCDALj>0R5wl|0U?VLk^X&fTk( z1ST$oI@edUFvVE!sm<462ctEkQ(RfW#4G&3Y+T90m^U86ZW(z3RUW`(s4wDV@Cr zEBE3&7Xd+M+6NdmLGT2o63~tV7ehz}vW2S~FVjZ`*~AAJ*O_+W0F75KkQwVw#fs4l zl$S^FDtYO^%MT{!?7$yB4m1%r5o+@aQT7O=2Ak z>V!WW?9{MWtWvKrMk_Ku38q5;poks^*ssG#gBlWRirm+oNiVDW>=6JU8P1c{gqbO* z=%VU}9}K+o7Q#iIUFwt>+lS!{p(a5!B=6x1{kFU<7ubE*`(J7PhIn1$Y$rOXmP1WE7S(D`}`EkYi##056^ zLBPAup!3zi%K$B@5P!M2J79m4{(Ij%HX9=BUV~P`a$uaN)i49vJ#+W=G%%2ZP-9om zYSc#LX|&$8aaas=MyrR#+|kMepM@n83_%!7&D+{)ulOMu-JklCf8xLTumAd^ zM?V|_-VZ-`@1Ujn+&H_|TPkc`ENCe@y-w+-&bHDI+TfYxr?QlbFB|GCR&OoNl1VRI zt-E@ab*VK56r?%G)V2IdTWwY7tcY_ai>}zkh%a5_mtwZ{LrzP$up>#k*t%M`lUAhG zAePpuBT;%avD>GvZB1OZ1lThou~ZuQVBoF#fayN&$OC%@051Zm(!^Ultc{pU9mmX_u|dK45|sEXYM;F}X{V~>9r)3J5OVFjb>|pKFfb5k z2#3wo0F$CIJqeK?GQV$|L~ z*JAWDw5G6D42XIm3M!SaycL@Ky_}gC_N*cWty5lyA5A5hAz-c$Rit{jva$>_tR!dC zeQCY5-y~A{q9=R`BGwnut1ZPd-h)Sd*)J__S+`azk+TYBk07dztIAW5L#YS=*r*yo z*)+{IH*FeTK7IC#@v4nVHm~K$&spG;C(jTDGbv-rHCZ8{fIKfx_|Xyes^5I`9a?2f ztk-;B=_4u?PZXV(-dr3wO~aeFZcI#0+`s>TT?HGPFp7z36%z?fe*gVLW~n!CUT5=x z{?q(o**J#r@rxyYvLRzMDJ5oExStHW!!8^J1GuhB2rO0&3Y?2WGK=|S3oWjmCjMSw z(fEn+D)w@erq8M@4uFb^4~#gA!?anOp?q)(=EYed?R>RMQK8S->Vdij^4P8^u^yk4 z2|uiKzvgWhxxg5p!eMAw7Di`N?#9g_e(}$5_w@@yu8Rj8tdfr@D~ZQx+=DuuAq;if zeYBS0QpVpdvjCH%K+#BZukrQsm*M!I4JYN_k!w$totg~O@U)uMZt>N2L#Gf=46whA zFFLwuP}BSn?dn(fTTM?W`odf_<9jcZ2HJud-$sCNx7}hqUM$hH`J*L3ecpi*?r&f? z25KlJmIhmv)?BPwrRtZO6;zM<*c-m#g z$x-lmR%J0Iff`0g1V1`dC_31)s7d57)btL^|2=be8BPlWhR;T8NvK$aomRVDJBP-= zmR-n0*U}X{5C&Kc!vw!+O{Ez9IS&?IcILIzRSoh*e> zNy{8W`grd+BLEeWMMkOB@vE=af=Q~xFiWXOW%EpV8V_|U#X2PIH?~UF6qr$Md05G# zkfw$%(#AkwGO=pa6f!C=4$?A5R?$QjZTP$RX=1>{bPODuA3V763!gSDYG%QeuWmm5W^+;+Oa|g7n07~^nlvYH~Eg# zizC#(e&g^d_t#AclR#Wb=8IPqs;VBALKg`04k0dI&=L9;tC<$B#wDf7;VmW=O^2jY zbATa4EWR)}wuXOYUG$JRE-@chcpHk!b6>b`BGK+l##Q3qsO!oVHNOl8t3LhegfWZ~ zDjY?B+vKzXbKJ(k85lY6UJtx#U0chq)_jdBGHeS~0~qto+31IDpgMStLJw_BR=mS! zhtD=ubo9{C!+EC%G%R?~hij!z#D_}E$c?K%-+xap<|Wc}w(=8yB(HU?vc!3cyz?RN zsw2^7=11XG=<0s7K^jYQwn|ZPTqMQGpCeUHeqav<;6$R(nAA|M1W0p4D!sOhy!Y24 zn^28HiP>PQy6SL_n@_cAF4V0(&Jj1yJn9f+v)WXansKQOB6%u<-m6?ZpS99#M!2^H zv{@B>re22TC-f@mXUMduBQqhS)wSo(p6iHnW@n;ac(TCbvsZV-1(8zudLTqy(TaV? zh(-vD-#*v{VWrnI2e8-2*sD@q`*p-)h(qr*9LzNRa>DoI$fgK5<`sD#oPmo@`{&zjviUG`xN<+^q#o*b~xSV5V71P7ywq`#Ezp!pBIzxEb zT=v!Y`gZ*Cip%iPwaLk8I?wd<)bx!1rluxxIt+GgcTSj7XpGsTY$-0>?(-|o(@Xh; zIyi((Dkb!SgzP>|mSrmI5ToSjj<%^_@w2{YKC;be%`;y?cKz@Y~$|80_Dk`^h0~`XP5)`agF5m+F^Bt8u`# zXZ-`!boq~ce>;R)nq8$BGA3qj3{Awgg%1A*#s4-G9%sU(mOaOb$m6antrsW>=F5g@ zR2p7?)B0eI{Zs$sKk=9U%3uBZn{N+R?8=q5-+J>vMG8Ein)twWOi&`hk;|U-=xXeb z2g?|?@x85l<l=@sElFn=+cPMsD(L+iv3N+FZ*tq97XJrZ-ls^->Mp^9LTMS9E2uTN zv3?s(71Ov|lzi)X002M$Nkl+_7M_A5sB98J|CPJOhjnM^9gH(g?BhGuIYpJ69z` z2p+lwFX}lY$EYTeVl|I!avAHCeLniRPAtVYgLc@s9M#?&1};SYf+LtTuMBxCs3yg7 z{gCK)n8DZY-pd&4p~IcUUk3*1ORr;dwzBn~0c0(z8+}X**-DSAM0;1R@chBbBWii| z`dNAbSy^2-SSmCwwt)*CWkssecvi>+QPtAK${f~DzdW~@Q&gEP&pq`wYEM*~5K<$7 z6r0bfJ4wbas7#RBgKbOQ@ng^W2TFAL2M{vwv%}8-LI!?z_!&URz|Rgp0|*)T+2LmZ zAp<`zJbnl=%X}87&I74>?#tzNLTsecj>pLAIGf!PyowEn_%LSJefHP;XR{x&1+x9g z-%=~8puR*`2Wr{%rv;#o(K{%0glf?QKMnx-5OS!-X^n-US9QAPxU@bt&AXN3w^V<6 zkER7R)MpSYGasc!ME#RDChTOT6fB}0qpk&sT69_tI7Ec%dY zSWJdX7$I=(7LcxmAKEQpi&|w^2H$UH-ppw@cgR_JY_{CF^Tx!)W4LuztqP!&?&!vr zQ`)!Qy2qL!)`w}S=D^#j_v{tdN1fo7wee=V=Ouqq4^lQefySPLw+7n z?|0weyma<_!HND^o!+~5$27^cbxa3cK(1zuQF9vo^yyRCuo_Ps#;D;cjB-`^ueZ3L~x{%&t84_E2sY%4P_kQzNST@h1UgI}uEBA7RmiWO8(ap~`bB-6o4XFf z#Ib;YZOiJQpk_hS>X(kf*VnI8jmjw2@=9Et#q>Ol5rPpEA;d3AydFwmmn6}6L5oi-SkD?qYXr!FqSrTL zNn2CklAz*Tchfl91i`kPG?6Inz8KB^-ps!C)7oW+#UEr26XIL19 zDju)W#(>#pn5ub+ zS?rJA2_)bZ`=idsuG+Ru%qSI$w77j6AXJ)6tF}Hg z8+21B^GfRl$l8X5Vtw{EytB&Fg#ipuD6O?z`Aat{?)K%kHwH3wKSv$|Ica*_v*82B z2z5@&xa4ZO#ayl6PU?D?m9K9EBQq6QtonAR3E9uF`L7!MDA+2sQZ{o8i^*@{I#6&} z#&ecNhjS#4i8+z6M|h%Kg-}+nQvZ&o zzajX9C6vZs!ps(2LrNaf}|v}IYRJ-k5#ww$UBROtLZ?rCFu%>MN9TitUc7wlb5;kFyivA`U~K& zGmXxU+0w9>ik*#vXoGY}M?{wJDv8?G*PW{R6LGHQ37MXCGRkMC{LYVsLg2uYg6g>4 z(QH}1sz=RZV>g^mr3w+c#Q6&Lf*daD@3ZI6Az}L3^!$7%-i}3WgS1zp#hG{N-R^JO zrFPG$X$Bca#3?mn0$yO9>l<-fG1KX;>DKLA&bb|>8wFmPaseIsn><1dXvA{+tKIHs z#_Oow`LwQ?LhjHpZJc*U={tF-NJT|&={)@T*Ya$g@zy{8Hms6vcnPLbGk*G z;$eC5e91<;Pr0<8=QyJVdk4?) zV<73_Ds9I{)saC8nh-ZWSwvMMS)3Z;aw5dX@i%`=H3C?m_2JC)=klycwZn~d5b*T9 z@yV&xjWK>!eM8glbL^1ga({aHBp z(j7a?SOIKVIFz2LPBJ;C*p}0o!hFoelL-(46&4Z15y@{51z?;^YX_?p7?2|{DlM<5 zlP_LC#nO_UYEZ8kJELj%z?@abYE(zO^Hy;M%c?b37GbeE6q6GBHAFR4Lpi>MpBfZT zSn{@Pi?v%tMx5poEeC$+osL5+JVG+x@UF3$=?Gk}(MjG^U9CL1_KA^#w`2uDKf-}q zJ*EOiQz#hfc}x|b*J=t0bkyrNuG2f8Jbh+Nd7w4EM)17$>Qcg8gstl(UkV4i?@w;o z#dW|GhkC*u(=$ZdcpCh4`=4iFueEi2<4fQb5P$*caksp)+M|IHvp3rc|45&276MQ1 zIb^@)T2&f8;Oy7ysoifBE@N8MddJ z%66BWoPs_JK!l#^fdjdT6w80&9^r7 z9xpYtaW$~Y?qzvpl>vv-9W651U<&j6R9J$dm``Yqlx!jSHGE{JR&vU8mR z+qOAjzPa`{n%yZ10b3EtXaaeLP(e$D6NQ2GtB78}2GB==_kKw1*rQ0iO-u>|Og^u4`n1$QX?8uowh3Z^h z*R)fdGXdbxjj}I%`r>6;0<5m2-D+AIjx9`05>h)Ed>^{G5h;ji+#(An6e~q3Ev@`CT)Vw zxZ=4V64K^e%y+Vzi04z5T13?+;uq(q7iOo2UjN(H-Cjbi<(>IOw=+;e9EZ~oyb|Pd zF34QfAFnn(^L^{q&7EqKlLt`QoIgRPBSW547*4T^72m1UD5pDMzH{d`;GGRGja_9x z00Yofm^ppOwX1bty!qxmcz*Qg@$%y*&TAc?8y8++7ucu?;gNKP8HDLzmnKbzIU+(b zF{}=8&kFv7Vhlw+c<_)VG{{jA&q>J1?$bf*>GGdG29OyqO8i~1k8u=@4pAf83>(Qb zCql^?o^J(Jdp+WoFy0~o-^c$X(WSn9hSL44qH_ctD3VtC;7>x*8|g$7EE&QDyou7~~N z7r!iNSR7lw@NMFftn^i_CvNSpZP>D-@H;)B`P=6=0qp$8=6^q!5#C$(aAjaY^KvCl z!uv0K|Iz}TfyT$_H)NZ*xj1)YVTMRBjRE7c*m&p6MeK4^|UmAe?9fx3n(>f zP$-`M9Gbzdqqm~7|o@V}F+-+|r+uz1Wrw`hCETz6O94j8DB#w*Jo zRUJ>nu|=3FB{$nVgXmF3`CJWurH2jw#=rjO|H8laZ|z>X7_lAXk3ahGkNlC}wsW+5 z{(-j%D_-y7AY0X|;cr#nD%Fnj7}LvyzdlBmQ7?5^u3#hmP>JSAA3yOzVm>$V)6d?+ z+9~JPIW`0XCu4|$oWj`lx1*e5WXUN) zkiha~jIalI{o3LA!rb(%)9Kch!ps?wq`y{q%c`dC^*!MJ_Efp0<*)b^?ON{wu z7*b&KWyEs9*2w)Pd#N8y`j#@qzA!qMW11Ij4Wyr#+E-{gO+8Kh;Q&~u-(V2&^U(Sj zQb#lXAZ=o5e2&qo@BEJ2$c_+dPtW=}^qzu8dcm13XTDUX`-w+_r>R7wUw?GB(lfEE zKL)+SPmu&v9EJXyN;-TtsOa$7&95ScoD>&oe$~k87a>e&mSQiG8$wrJ_rH_5Rk#N- z`UPP_G(shcjPiU5`Cgvg*Ej4J&(E+}ojHUy7&^;V`y?l$P{<(Gp&%mwM}SUY8A3S) zbdU@=QVL6@_5>39et?|GIhXUS^C!9~W6Cm9t8C})>7-N8<)=>U zD3IX-k4hqr`B~&TdluQP*a^Jr(RuQYUiE!dd9$_l+s)K|?CAOXHEsUeZn0f|JAE_v z&armc%5~TpiY+uP6?Ijj(Zoi)Lb}qMJQYE}MwZzJCS$ChJb4Bv!|mSsfwT z3_;ifENh^)%lQ*Wf@DTBY&A@C#vH7*%FLzEg+HKVmkKZq{_|iFKE0A?`ok)w9VV-* zs}hCFiN>ziBa4CJBxEp~b}WDxmV$awettP`j02Pb+q;qNO9$9-VF2S|@r0G(b%sBM zHPh9w9Yh#fAv?Ul;)LUB^jPWv9+peq(amsdd|M|#%Lb7m=ioREBEv~G8`D?o?6WCv zvDwd00fSTV`pD!kU|vtUgfKDTM3wWO%3!hxy@f+MrJTJsIX^RfW7wDO3adWsMIy6q zb!!NyidR+e$yO5136VmqSGv;=y`@tsp=#RKZIi0JL5LNH5uBZwhKK&J4(sTdrd8iz z0~CZW;8XsF<5k@uPV;cPa`7?GEAR}zl7@AkIB9ndVGotd8lqE?;fS8L3;>te6ckaU zANuR!)SUn%y4C~2@Ox$rl?GW&zk>Fq5`PA9jcNtyyHxSq* z=@audS!>$Y^@Pje=;5IBb0PB|Vp1Ha$lw;tfeLq-4~GFPP{EB*#-f5`UlB{=!*n_t z-bpt@{OF?(7^;5q$w!}j{88<= zHQDwb!Ta(0jWJ7<@UW^2)r)|i0Y>z8qc}De;bjO47Vn9T%Gt^v7N9)@^&!aoDoaJJ zpXlGL|FrXit-uSe*8(Qs>30gCTi?VlrP`WzpdjpD-L(yuA-v32H>;qUT?X);Wc6{4 zC(o9oFyo+_vQjOB7;-mOhE&Xr*H*rkSy(YnTs3sh?HH&bkX|FWJ;Rx&ppaTmcFTjI zW0ClY?}DB52(~9UH7j^jkkli$)gYHVLmyTwQrJVSJ7D z-P?;dVzcJLDxan;59o1srPjltu{0(o4LWq_m+%}w8Bq4D^EQ~eEvENbEPL$ z!LZf1b$xDe&Y9dXSQ-^7oVPisF6W5U2q%Ti0C=%!)FB#A8(q#69dG-CYv@BpvrCfVnm`c5O!}7OtHdXYB49nl-X(CMxn+@fXq{$#subQ0OUu`Zq+V3*nF4b;g zFk=te*s< z_=(wy`2s(X>Ce0_f;^cgC8&JYze zHyoP<9=ke6j}DQ`Uw(Oo#KT+M`|9HC^!jvMVn^`n8?&WZFd1zef>cLLiV}|Y9_;c_ z()0eiqwiP)S}??-VSU|{@nwcv*XKDtNWTZB&K8|RLx5SlzIZR3p7MGccZW(w09z|% zdq<{}CJZWahots@+f+Rm>x&C{(P*D)TZyOdzkgKbhO7r&yf_oB?+{c0V@ZTm z>u|gZ$+`nkg4!z5m_=6NAzB$)L~Tal-o3js(@*(ZHB#1V$iSdF#?BD1nF2Ll#!lkU zszx&rK`~;kKZrF!OcsPucBs0hqYdQZuyOb98?prlc(HW<{sUU&8*kj!eQ%9R(rS?_ zRhk5fJV6{7Jd0Q{@}%D?n){@Z`?R|*efoS|O5>fU6)=tPPIPkzoQ^wfSwdp%~iDg$l3PY~JHgz$5=9BYPA>%`f^1BYi1#6ch^$|ufz_>41&Ym-;` zRVApfwHxz3i4&)QCmqmIxjeTugshlKXpyTX0$Svtb8|n?R*OD_r7b3_iqLv;72F!W z-dM&z^?%gd(r4nQcRlT5i~eJ7)B@YYZ`6-yKxb;7F;~*nShZ74c;8E`%Cp5N)r7t& zew)y;29NwVYfeBb7K!zLRu-B^)}0l^y94WQwO3$kPtYeW<*_)IdALQu?j%WWELM|$ z^fYFjkRkQ2@W%iuWJW(bB0M@9f7PL?%d=8j;}wWKRDUl>{n`COLebbr=;sYo-FRJc z`t0VfDbVq&gUh2+;?JgMKNzK4zQ=Ng6bq@6|NEJjoQKGx%5awBTd+3I?fkYjwxT0- z0v%F<%Q2ea!raXK?6gZwQjQ)hC7f(o|Ib)ldo^}*XBS@Vg4*3FI{UE=S zX6JLfe6pW(a0{iZqa59p4Z*<4V!zz^__xj)>*!SXb4* z?Gce8fRm}8v2cC_j0=dV3~^vkE;|3c=)H$I)e z^`rOy&_A=Eg1h9QxFRQq%}$zmg)HPd>xJ-LN}a?j*bvM-=wgt;+z%$xKKL4w4i*6# z1uP&PfP*;^UZ3=JId;{IfL=9}xqzu5zjR%bAMy=c*>lLIc+&;-c%|dsno54Dq}7BW?~ddkJJoGcoZ0*R_v zkt(IR1`H9e${0cog^l*xiWlUbMPS=ANbyQwD{%8>Y@};QfK`drK^?(H^vhduIm`Q6 z!2^s6@(->5G9=a*m8CD@gd$YYbR1?3B_of;#YOIG;TCmZ8(6f05R0f72^me8tRZX4 zc99MPqlSUd;es;a^mV_80u_>otltC-%Sllp-p4i#O>#WzLEQTRECMG z<93g)`#8f)*zzheP@6=7SZBsZBs_ld6iUfl6He~jq2*O{S=}@lB13T*V4GOUXDA;} zuZ~HQjV4p|Hw`JGHt97eg%HAs%H)sHv2;dPU!%!NYFko9!HJ7Oz3f+`qxTML*e=p+eau8daO8csD-*f0cw z;Xw0G)tE#QYOgKeEe(xwCY~?i zpUv~E>{8@EcrYW$wbiK!raa-;Z)p8lbJX5%V-I+`{I&VB(|B#e57g#d4e62`vIakh zAZp5C?eM=N{cpqP0DUI@PVg}*s_+SRaU`oYC2-A}WqrPAOF#Y-h(C-oO+90;*7jYG zsrJ2Y9Ij7)-|zg9|K)%F?+#aXKcxzKGap9?rVt#V*Qx4nbj{&QC|FzSi~PM1(ji31 zR{U(qogAmK7hgY{{ITy4P(-IvUnw9hx3~|P+K8FOIEIng(-#gvR^?+ZU|g57=SAuYmqX_{HhIb6SvbeH#24WFeuDjzOX)IgVFu`oMr zBl7;EXX1Bmx?+DVRFe}3T73R;Wyw{Ql*L-mccWGeq}O1h^w)25pda?sXY_(sb>+sc z#r|DZ&{LaaQPaboex>$E1W&aS&nU8~!$gUMuE*;#UrfoS;+_eo7X^HPvKcb} z;q|wEbAd1wQ=ek@j`q_ZEUEsy&JgyyHXY=QUA~ENyU5@ym-F!jqtKlK@PJ>erEfQ| zSESKDyZnLRqJS2T_P~#vTZ`E~YL-v&r-M+FQ_oS!z z8e#bb{;e#%&Ce+t;I9iO?ko}9#5&jMK9;^P>mZDk=&@;oG)xE8j?X~^Z=SRV$85}@ z(#|PvIa-6%tHgRdY@0Y!bj0YG*?}M1Cx>=ROFyuF^V6U>2xK+YvryWI zi#EXa{`>Fy!m?}2T`@`!*3jN;YQ8xjpMQv;@^X71d%U62ojvuM5{b&;Xj zB*uKm;NZg=VY=_6spd=U3Z|Pn8-3S!LD+TH5CjAQaqOe^DI**-#BLz?LCz2`m0?{7 zy#>yx{qU?#KjjI#y}T=>RIS1aFi)d%le5gUN%d1jut5t_VW> zQuNV!jm~53gSz~2ys8u`&E*dIcaLip*-~ne>q^>8Q=$~q3f-IHEe>P*#1(9-2eiIx zVfAaKX!_QzTgF8_(Qw~Zd!H3vl57w~!xv)lvnxlsBnUYd-K2y$IdV!T5CMj-y@l1@ zzrz1RWwXWAoF8Qm6*2S&>MSm2{epqzfw&X>-Z|W0{oAVD1D-B_-+nAMBDas%HvD9E zg1#nf%-)1RIZch7^2=HI zMb0XJ0Uu)$A%0ch9?TyJ=O_5tm^v@<6lcn!WBj~%MSAh6+8gZZc`(tjYm=^6O~iLF zNVNXyPPQtgIANKe$%wNbb=GN6<_}tm8Z-2u8SQ`i@cTDHU@T2i^dJ=beJk9f-OIy3 z2OFVCB?%p-{3R%pBokOdEhp67?KMlmj<=^D7XUE{Y9hpJ*u0+XS18y?5}3e?mn-_r zI6fvxUJy7g0FJ#L3L);7R(!$L`@M@;p)p1;JA3R+UziGu>U8Ji2=CZ&Rs7skDaqw0 zv4>uD;naFzzPRS0X}23KP+cIwR&B!MC6Hs5FV$ZyhMU#?1?U!5>wQmAh#!T89y0c; z&qVfQcWNlRSQu`sIwj@|^XP}vuMkd8ze<6U`c+ND%oc?rzg!9j`#CKLgN{NnEU=pagyA=Ks9 zjW@Ny`m3Tg{JX=`daN~sSin}G_zU;}tsy{pUy{;a|KTg+JFELteP81xr z<*D0*Gd~+Kj-us}!EvBhRE265coiJaIje&%hl0%J_-M?5j$G~h#{ujq)uCUG8!5X1 z|5*5&v}R6C@00)-+Dt(;^i`7x>#{_fxX1E>EV zee@y1zH{eJH4T{zJ=uwV_0`wlgvPSZW)%3VUw!Vx-CU68gAd-%t}T7_)mMM;2S5Av z+i%g5uitvh!r({S? zS^XeXIrH3~{p@Fcn&H4xgq`TmfAQHjUw^GgED~_RWQ6*gMx~Q)z4cbXc9f@@D^&Nj zr6Hy*V2CB*ayVXn{`?BNOdhjdyomV-U@anM7Bu3>8{QN=3K-|Etd1LW=2-%^#Cu*@ z^ltA6%%B9B4YyLJn}C@?IMgv*E(C5b*rjwBICBgH+sRN7bSokh(-1jx2s;2y2Lpz_ zwy;Pe@!G_5mL~uJC17;y9a%l%Zy2NWk`#M_hd1J)cFzV8WTDRx%Crswd1VD| zW2+FtB~p!G4F1VzEed%lf|!o!nLW@8A7NPj;qevcx=^948$MJliXYe@gXZH8S_azf ze(r<;c=HP8g_#*{>BFz8ae-dJDvVwyK{~?Y%w?x~MkgKE$PCyB11-5s!;q9W;<{9W zX7&UX5ejk&{xzf3Bf?@8l@_fAy-rO*9xGoBY4q9i@al>_)lYdgGoiGWepTDhc2%w{ z+yXdg`S}YeKm~JAGG?Oq(6U`(VF1RAxL`~=oQysO@OEMnlfl)+^Z(@XRI=bkd!1)R z54T9PkQON+ikof6K&6|~?lSO5=Ud7732lvSIsb~rL)M)3eqC;JY5Y>aV=Q8vGvuK4 zP@cH&@DBrf(f_XW*`V=+BAwCd2_bg3YU^u6c>vMpbUjX)TqF2Z7(IqA$7=QJ`0Fuz zjeiKf_x4tIc5C>A-^CI^A^lbEW4kVl>s zDu^`lwBOTsuNB$zZNww=?K_)x3;oT{(T~6hzj5q}>S7&$t+;umg@-q8%umdml%foI zaHYA#;wa(?OJzZU`#rfJhFhiTpob(KB8XAZoFB@P>gbEpBrMkZH_-R}tzO^t%`VM41;?Jnx zO4yt=Yx{KteaH4RP98~x6N%!XB}JruReTS9Cfp0KnZgP-!lkGdZL&^tN-)WbShyff zKclXVMq3A{zXwDEPj8YIz^A5P87Z!6<6|x1W;IP)X0A2Eq=SYpaGNW7x+QQ6pKy}8 zR4_t2c@ybCCvuj&bfKh7RE;=_6L6CU^Nc-Y|}shyz7%XP+#b_@UvbrjE25?OHZ*<^l|-fbE-%&hQ-OrPgu78Q%6I z@M>lBpALN)ck;V=(+TR_Y;H-7KGXqWGdd!E8Um3#xScXajtSWxpe25ZoUQJsOTYg& z|NY8#^VXa1fB0Jq3%A$SR-Qfm02D#%zTszo@PF~?HI|Mu_eCR0=%G5KL?oSR->Ty%(Tx`pWsW00$3=%6eOzqa9d^>$QXnO2DCf}d+YDA8M_!$Jl3C)VmY)h zKX0R>X8O?KKx0geF>nKy*oI@mB&3N~LyL5Y9R@}R1Bf>Cxn_lyk9ALSJ? z#&1igvDDn9Dx@y6XA^eG?3HY~?^&uyW%jdPi8QtCUe8W%3%6tqAyQ3bol$KCKlRA! zfOKxu19MjJlhVRK_0glp@XT@-TyzqzEGTG1c}eLUf0kh2)=EEhq2ZeWR}8=vPtlK5LdAA3&@0a2;1xfTA!P=m%B7n3<>v zOOG$V{7So!<|3K0lxnO%5LaSoyQn%=E7pV4Fkf~mIJCA)m}pS2 zXu5sr`G(^XBH=uC8G8Y?;j2xz1Dw}HZ$l&r30VhE7*?(XI!QK6=V+0XhD2@?%!r)y`L!Bzy_baKCO3B$3 z1)DBs{z}M7($aTy@;7j{Bfzx+b8B#QEf^w$3!d0y5aIrfLg>k3Vrii=8)jniH$?(=7e6$djUoZxh3*nzPQZ>R=2Sukw*~PNC zG+PJwk%o>-pTQhZLdeS1JZ%k6W@*Y9mxbb$6F-m_uZTz*yKjMKg!QYjjnEPceRLIS zK&VFJJ=OrR2GRXgV+x-eS70En1mc0SJ|%X|rSrHNM9aCdo?PXC`eBW@N<@xpykg|D zzNqtn@O1fOd=q`m&~*45o%K#fpB;U6^YIwxBN35*#qG{YUi4ZI8Q2RUyW;93weY)~MrrrT|)uPiy|Dk`j|8|dmgXYtlrgPtC`AJ!jI6|%ubQU~&RB?i@V=3S$n)B3jRmGoWE&#H{ zpo$H?tX7(YJfAHXYNA}-;|483I{q#q7@7@X1!pTVu$@$>H1BhZWf~jcY`v>34uQp>U z4+~UYSNW2n$@5|M+RU7ryLpq7s#y&IV};S@3h$&Vpk*iWo8SCK{l6kTP&=Q0dbhY ztcI&mWd+MrXix*lE2VihwOyo$(Mju{mqvk+1T5_|9PpsyFlkybDng>>wfs^FMHdMz zU0*IF28xE8u61;4fE?yj=F4TFP zkg-NxUQSgym7$`dddi^Ml-;iwt1*?sPBn##wgvqW(TmyEMGFu!9|Vnd$tl7aE8g>> zMbY{Gsa;MT_0)>c0ADrKt0wWFkwoFuouo`tn@%;Y7YwCRLiNOxiSnQcCqPofNYVG` zAw*cIrcFIv+NO3)#&t>RIy7HqQ#Kl;rPks zhF7G<|GVyYF?5WA2M_imlEa1RdF+&p@Od2Q+I) z&ldk$Ke^But)3iicdR+*eVFeQ+f31x?9U@Ta@hrK7mi7VtwuNumuy#cqVces2$nVk z$Pm`yX3x8LTZXyG5r<}uN^;Gz1>UTDOG^EyMn@-qK@|hs4-97~1AUWt)4tg00`_R23th49lR zo{P~bJ#w;WtIJ%rwe^y3oUrH4jwUgL${Xr3^Yry+HoUH0U7Q=~FVPq#cKK`JZQ8nS z%P4iUy#*aR|46C`K_Ieou916lCgW?aFdl^_W}FSW%50iol^()(`PIa;CGwZ>9lsWA z_UJ)vuA{tsHRLXM;=!WkgKfagB6t|3cFQya$bSg3AYrHlZNx;>ZdSL zkg9ji+BY^vdd;{WJUA@m-P1Sro;>-^$?NUgw`}Iro{8dm%6pIqGlC}3&u8C%R+aOy zT9M}I!<#?(t>61QfBS!LXKUW>645S{G8Xyn{sYIu<)+9%CbDTay-N+F{EDS1GgIf^ zzyJIH-#6cU!-n+3k3RhE-~Q=)@4efAZ7i7RzW>1ofA|mowkgAJ>(77w3vOARgg<=v zkR^?`rVrm!`SUR~{^qTl#)!G<(`RAE`u+D0!^n4jp7kn^u=nrZms6OVpa0;4_dovl zBjamo+Uztj-+JpU2CP3ke*D7^Km6)fpDPIG(i?cTM{JOq&hNha?(hEY@4Wfun=*hI zTVR{Q@@9MflSn}ffJ7B&lIrFs4BWhV15;u&kgRDLFnS6w>pHvX#d+jB*UV=ZWLnPo z9xcaUY4pQ@c#i`qsDKk=SGwq0*^93HV!*z|t>a!QicH!#u(~g{d zIa`G`?&z63w$PTH{oPpDqL1Nn#Hbq%_#54ZYEgVIuXP0XYts)-NSh@>$ys92D}r=k zaehx;y8j+gZ_0BdAyt-|sUF821Ay&WPaE1jGgk&hgktjTA`;s_PdZ-BHBX%_(L*{j z-7O)0`_|3rnOH0sFKpM2wKc-Cf%;CnJ>uW#+&zU z-MVQmpEP)I!eTPaWT&R?yzz$XSg6qo2r!=I44C3%RZ@RuE*#=5Ua_wQEy(F$i;MH_ zaWQ`FD0!blR(lJxGtVCV@OUXcX0l3$H|U|m_d?uh6i_mv#g_NUHuniYm+f#EaQIS2 znYelhn&R`@Ys++xE#inP@a;MGnUa(cdtz}hI=mASYJ>HwD$|El+2t>!bogoEVT9;s z2+1C6Qm11bD?0aAS(r%2@c>p;|KNt9i{qk^5Py{+-=ao)R#&;B>)EmGuaPszRW_>u zY93A$1i;6W^O=#p(JJ!<8TvM?5w8%)=|`JbKV`_jqn5uwY(aH}Eq@#CvOwD+09*12 zjx2m;UQZFIEHEr_w-jzy)Grmdef>I3*}~HpuOM>S-c2*DJf|%*LW^{2>=k1CW<9vkQFDejYy&P25^P|s=pbOJX&KjFw< z#G#R+cZYeb@xb7G&KZ(;ocJxTuzV|ZuGTE#B0NAk3*6oXubN&|spjXXMVywg&ojRI zsQbL>aN`BYb{9qs=H1}|d0YY?yTYE*;j3d;gUcLHPo3bV_nT+_B`8DEH2WO5#OJ$yk#Xdl@{sZQ!j8+x*EmRR6+zgq43*W0ZZ*cEw?#7_=i#$2!6||dvUw`$D3_gW? z`}S=qJM~3DMI0nEE^%xxo6%9Zuzg|%`3C7W+^tX(WsYuqTuN z%VF$`Tx9?lej=M7#kz@Z4}K{etXjDsZye;5v3h=+LzYGvmAZ-Nb^$L#&z{Ap1RXv< zFd3B6uvOiJ_{Hmsn8uk<@A<{^u|pmMla<=hDl?>^P3*MaHMX`(p`kTJVhIrqx(2=K zi;4D^HqWZIDgisx(dFL(F}>stKO=*m-2plL+dcLO4qtIsvco`!fj$PvN9##uB_c$V zW$Mkvx%gP#K*_!JdT$A3twJ8T8!S;Na6#J;r!t69WliZ#g^D`L_9!SICk^1Ppsy&6H*VEO|VW7i6hk*_Q z9R|(?21ruIe-s#Em$Y5*zXkF}$k~0uFCX29t|dP`pZ38-ln%D<3ijE~X11QN9=g?^ ztqy2nR10VAWnITDjbnKBQViy3gHGket+>ldKria_(ea*Eu7yX&IAq#vJC7d{fZ9d~ zEDbc*&V1%^J578#g3w3XU0@PtFE^SyLi@xO`w5n*{Nw7B!TR>w?>ygq_Z{Qw>@eJL zK6)&VI5(U=XK(b|HLtBPS)OmFY>n@i?3F5N@pRnle4Wv%$N;r$t^7Rw;w|+L{@?|B zO2}lB`qQ8O)=z%&V|JoCi2mExy-Xhm=S*83J!0Sz$M&es(YPl{V^UMbsmm{yc_uR= z((l~8^XQ@Mj||_ZpMGj6;hlFnYnk-l5Qqv@KQ19=Vw(PV!0_Aeylr|a`>S7l{^5ro z$cX@U!mN71!}RB8Kl}ODUw3VhF+Ya6_gen!X?DR zeyHo{c?#Pm&%(ko_42_39}<0b=Z)LfZ-hh8v$363K5Cb$21E$YckjMIUFWuz4)1y%=73Q*0jjZYj8x9m^|f0!Z^HIj zQSYT1ouQpII+%C-e}vGsTFnY$#P?HQo>-$J_ zcQ+=710Id5o_!Ca3&Ww%@g3d_&wt)iOGes(WoIJfMr0UdKmvPoH4QRP&Vorzp998nXr(o{GGU`=G~~_uvyaUA;{e% zg^gFMv9Pc6GYFA>>|j$CE&Frf!Q^p;em|0$`tf)C*fDvA6&7KXvbc3}oFP!h(6lMw zh{mkXa~sDRgJfVrnCV)=6ddrpc)4ue+x9Bcu491USgSCBF{F*DVD_dtPn1|wbt#fE zgp^Cq+on6-b;%?{9}BzwdlGDL*9Oni%bNaX47H+rF!T(*;Ruidu)Z;K&DOT9 z=BqwRBTvXuNXQ%ks4xP997AQo87}HN}Axgp|B-WKO*zf=P3V z#*3G(pImW^=GZUHhLleWfKcA(`$Tyr@* z6ROLn0KhRe!IHv|IecZw;T+cH&Fb2ixIyuyc>T(Q!xu#uvKbc#wB8#1g+*J}QMPMTlu)lKvq1-vXPA;i@b8ve=*QUi z)2xamivxJ5=9HLOi;g20AFtp3!BgF5tNPt{_jMkGUw-);A4oM8Z@zhtNhm8`LtrX> z_uY37A3l_UA66&&Y!19lpSVxGVja7@atA@ykko{R)n1^_=P9G~jVsK3rr)^p23zwV ze)!?Rg9pF<^%q72cq(rXO@l7PpcgXhP66q3pIr_&rXp9aoSD%oXdwr|=y=7Gs+XbE zY%QDvzUjz?i5OP>(#`B$d^lAYI(8SP%Uwr040IT{R2Z=5W@G-f+h4iihS@dUC+6@# zKX+n!B*KCl3lrl+Bt3_iAiPS`@N_>zm8xKBN(CZP@lO)XD-Q*fl0ve0HjQqNC_+af zYgR)G<_dN*6m!O*QCjQKOahA38h8IS>_85rdrIn-Xo)cp@?!>Do`~~ znp6N|dg2VGusDzPJgu6c+SR%M0|1m^#z!`Cm6X5(Jtnoq%Iw^%dCkhUN*x+wm$M); z({V&7z^5UQ!fq9MF@K{V^!6hhPGPgI_C0xOEh8tYR<@A>#aE9=x0iDi4$*7UvxM?N z%eGIBl&xK%B7=Qag(9r?rY1I)$Bx0%%03&tyxD3)q58kMhj)4Lao&608Lf`W2!`mo z1T(4>%27f3X~99H5mc6X1SKU#vu<04t?Jr3Lkd`HIU&yHW)Tnm+7v8l;%2S2_N zp7tR~+m2YZ#^p{*w9ke3R){;96spb2Hw&L>%)yugE%3+pQ@9+s zHYxHl@1ee2epNnbPr?)rF6@{)ud?e+kF*?;a;BIVY#fm|{E%AIGWhz^|IP^&{wGkl zRfC@w10}lQX6A&M8b(~v%f43J>z^c6cbJK*+bgbhzFPh6p~IdvH@5MQ5kx}pvAOBl z+^u6H_~dzfprkimxm>FU$ZD|Qo z)wEfC{qV^PZc688r{`y{@lJ|kT$#LLtC^Qs5_W0j6@Y06uyjW7ZfO=6MhZwcgBR45 z>+>^nVN@{@F5`n6?h$fZC{!%t8Xn?akJ(2o28yHZG;6B!7esRGfuZhohk*_Q9R@lK zbQl#x)xp@+3L|=eAt=^oe!F)A;C!KR0GHcypH6z(dTuO zKTIRb`p^n`Am`}+G~)bzaZAa(&lu^K;du7^8QTjUZj8P$_0&7PPRrwE>2gY0c;iRk zd=_2&`QQD&Z{2!p>}u_?gxQgb~`cFvFAd+%M8{N(&@~-C4HngvKuYL@{7NM?3QL)pg$d>2fb#ys$c>kh>E_ zIS=J9^~H*ySfsmM58OYHrWN(F?lgub%%nR*L|?6H#q2P%w2~&=vE-!LPEAgkCg3p{ z^VNwjugq}^A1b%5fnkPe`LsKtTU04O0R&pigoj#1tf3gS!;d8}U0ph8kAklKBlZI4 zgn#_j{Q<<2>=Z_OI|h1S$1wz+YVFxU60DcUDzT);H=D%B4?cD{S7HRz%J)=pOAlp_*7-+hD_L0WdukUquHnwAA0RL#S0sJPg^n zjz#}g74z7eJ6wfT8VvYzh*@sQ)M))-`~t?D@w{e(l+nEYd7tWlFK#N^UN0MFR!3(Uyji9dunyq_R1 zBiDiMpCne}^Z*%{W}#H42C$PgWLgb(@Y{>0ueLjVn)Gm9 z^!W}y=0PH%qyIK7M7*0X9Y1W-#OTulXekdQp*07ukyHpjsSVcS1KeZWJG$Y_AM2NZSMYM7WFGVC*UY#$xD(sISq|550A;!cjs zC72owXpO1k?RS6rC%*dG-+1xEuh!O9|BwIezyJ7?-?wMK0rm3VNFy@p$XXVpdx32QZ_U4;!vQM?u#=?LVCYPvuof;b1zW(}a zHH1m=(n~cv?qyi~_{n3|r~$*4$+~4$*#M!s%g;=l!z<2QZI>{+VRvlAQ3y~6dI3Bs zf);Pyya@maELO$KLES({&g3Ur5(=ws>amv4ku!nhbQ;w=1Y`YK-SiZU(do3_wbEgr z!$60Dlg0psMiYKLNqMF_Owgpm#LeD*ZbDMCT_6{yXybnNCrfQEsHibSXB$F!qG0+> zcm)*Xa)7eB`T)nHk^vS7JujODzh0XSOV$ClKdiDY?Wh9a?KnBcl=HD!d5j%CFI8cwK=rK1c>%kDGvJO5D4I}wzP3rr^cgohJSN{BYKJtfn>pLxI#2bE^)~g$nD{N>&yoK~@1-2B7Sy@rgo^1#(EiTgF01WvB?^PQ1!RR)^U!up2eV&lVm;?lc_?ZX2I1BqQ58Zh&kS$EML$+GUP$ z?u(+Nd)jsad2Gz|jK8JzG;NtfRuYz5CGXIlDrK&vRcIK7vQzaF^~Rp+MqCtWO8Jc~ z<hSBSIf|_F{Q;eVy}lPhW)v@Z9V*`pmq}q%wnz@aQ}T?K$H1gR%=(Fq!8| zuU0lTzr&J)7`q8DphettDn8;CM$Ahu*Q6}YP1^^L4a*wW0o3HrQ^SuDL$t#{*pk-4 zvjrX7esuWRhLSA_9e%c;W804oKig2UC85L57IbX;G5Yu+_+sbXf0o1R>+X({u$CCE zk5Unw+__ysOw($%%Oi4t+(#A4 z?88S74sUagWHj~*>CPJ?;16Cl-Fg{bs}*uDkhu*k#j4BPiV{A5}! zzhZv!um9J7{J;J;8C2AN{;wU=s=fKW_3{7wfZg2rxtu^mg|~AZMwd3$fn^Z{j%4A< zTnzo*4@c4;t-2ic)K#wGGc@5;afNha?Jqy7?X00bdi3bC&p(s*fB1)g|NO;^zx?H| zfS$5n8>_Y12E?niK6?B}DL}yd(?9(e)I#!!m;qzej-Xv3yg|%abs|iD(t|u!nwC4n z{PmY#*;`#=(rurGhST))gj?LihCSfVzxZ6ieEsz|KmPdB)2AQGk*?@)xv2AZ@813V z^Uwapzxd~R1MJ~hh$de+(Ss?qzph9Eic8m;^)M=;ep}I8QQB=Xtpr*Lv=SJ;1S~vS z*V4aj@3?DmZ+o|6Z&i0!x2663?3Km30dGt5mBH7DX$V7&6JoTLj~dtBd+*W9mor9K z>WWv=JyKWkA$7>;OmXu0llLC8!iYkz%l^0%fD|`;Y4xW-AAbYe>!fp-wwcJX3 zF~zW67uGG^C3OSzvHsk(zXz89z0Q2iezBVGyp!r}I`G?X&(!2FR?xwX(H~+pTU|9r z&{7&l^Q7z*#?)KYx-V(X!2v}YtizCW)P{(36OEd)iG*2gac2 zeGWN$OmA$k9UQsDiaoD5ub0bd*;5_*v_Ifve)?nQOuxFpcK;{^9!1&P;kWWUTxWVi zE+U^^I>YdvVKsRe$-kR4qob_;uxAPo7>ZQ4vLme?6@)xIBFCdX8DWv-Adsw1VAtKd zW7bD?=2Xhc9oS~Wenjs4@UKk!9V^b9f8)#OZV$xY|285={D?F1@q2So`KpZIJd|C> zYiu5DY=LEfX(XUzU+)yhb>T!fJ{I@f8S0FVDvG~Yx5} zDAP3UwBP$3$nrb=gPdx#tmiu|i^G|(-arLnW_2=6Z3)@q)tP7P8YpXGS&|fiJ51`x z5OviM>giig;0z`?JuRpDS;Xlh&9|wXL}VdSIa!|(4UHrd`j2)H-|a>->D3$tq#p}+ ztTboV(8M0_rC%-wk^?loGVn=Aiz@>ULLx8n(apk{_($_1@#V4vCF4kOq#A(WEjKQO z&O`FDVAUFv8x!LN)5mik6h=sb-J{S$nv-EFHRI9cpYnhp`&kZvxIL?6`e*n;rAo{1}fh+{>k;fl}{_5wtcnzi8^qO@y=J}+Wz?> zKHvuFk0KNbI`{Ij?2e07a zVBqZM*#Q#B=wm=&^KC=$$SuZ3j9{rYIKvp^+M4x*b|z!}F7zlV$~cdo^n%J> zL;uL!7X2e%4LcCybxhYD=kjtG*>csUV}gp+W^Sp4Co?~64v(W>bpzW>f-$XxRhU$u zLr*otTl_O0tK3mgD77;!FS4xoD8j3&n|bB>=IZvn`+xVpzx?a}xwr9CUvd+3@8A05 zf4TecPe7S=$Ey`6FO=CWTMnFbm|kMx31x5X6I(J;F|M&p`?ApYQ|k#+P$7<~_4P5^ zqClb$-VmQ+$`pB$s_cl8(Wc3>h!7oA=!1t3zWnlYRpo~teq_)THq_Sm)2AP1#ycm$ z#8ePqtHPN*e)iilGH2cvMwP6T4#X-aE&eo)J7>*}j-TwsJ*s|c$l`qb@yF4$@(&vX zo3c$!yJuxiE1aI1RslZ!9yEuGaFF(Uey^26daq?@)OMk1rDU{(Q+EQ*M&`O|{z|~8D78|Fz z;;zNXv8^4bRj@Z~=;WTYGy~c3R9@kjG{@?+t_6B2jFwfgq$MZ_K4LoLQfroO&k#mN( zcj&yvvbf%)Q)P>XN=|8157Y;$srsN%bR8Z;Yl^DED$3ZV3a_4vw!R+6sPa>j)Nn~K zR6+4kqdLB!u&%69iG5Z2a7`slDSTOqG>>m9xoZ>%4mmt)<}x@x&mPq+VmZtbQE=K3 zL9uS*7^Bn+6+cMPm%duNiu} zQ`NIw|0D!%82f7-%DKfk4ElrDpI%Nn{@6^66<0s?1~+{_s4_LY=Mf{^@Dgh&mjv`y z$7wt&Zgghxh&tS@%;BwX|Kp$gS6W9(s=+_zZEft1hs~?Fh}J*5dE&FJj1u z495o<>)0dL89zR$`0{?U;`bJo;mQP+T;#`k`>)Smdp>z^$GodIT4XhcH|SM%#bUUm zi3gH{PM%Wh#zrRx#QZnG9|g|v+sJzF_JSjcAR0AHc0aoQe^m_gd1zf~8g9%uF>J?6 zcpot3a(Sg1ntqt8P#@K!oW+n$Xb+>{j%+WZz*x(}@Fbw-YwYUc+^t)BQhQ3Kqjq;@ zcH>?iQ*8r*ilNh>0YkcbTEx-1wQJMr(W$+?BC7tVuRhCyiGPl9p}TA8B8*zs)SHWI z^ea{yu^1T5^1VjM^d_z0Sck2UT2yM@s%+)&v@cby8`8u%!DIf(RJj4y=RqMJvD|F9 z4Xvfe#hY+mcHW$zpH$Rbgzd~`v;G@^tfNIU?;+gr)+eXZ_bn~LNQw(jN>W-|51#$h z*7Oy1JO;RAb~>#!Z$@?oq~9=hDe=RkYUFl`6yQ^1MIe^)ckeFF3%0Dbnm4KF>sGgS zqRVrq?cB`b!W?x-E*oZeil6vCou9F?nFWTFumCmy#qR7_cU+uDWH#gwMB-CI6OGvh z&vLoa7hvCVMgLU!ccWjAJOlEqm@iO&TK-j)YS|~WUs7u8Lo1)Av9$Gp1lsy=L+eAa zO=;K-Yfy0m42@?hZA8sX&Ft(<<|rC!3FWF!5zSYjT_ED6*RgpV5ZD8wbFX9$`zdcM z+(4lIr~mYyOw1oXcmN(}^G0%qBR3(%&w~dK{{HX({^`@FQZ!$(_w&~K~5Ga!^E?BXjfBto0 zVfpdnN36Wa+>vU-m9yEOpc1r713(OH5q0C?5~H5xL{-5&`Gu3KFa0d%XB6CSR9a_2 zS;keD64dzM$-nwPc3%8HJ8M6#z5dE4^LIXU%VtP zt)r?je{oI}S~Bc7)1)f(7hintY6-?tzxwJcxKEVD@6DrxKKkfGHR`+XzW>{|fBV~a z-vj2n_ugYA1@H>DstA~T`_rHPsIo;1%O;`{PEGyAmMw%UW2*%F-~-n} zPmUeH#@_1hudOj&(CVR4vIc!4uTwf<+x*3*B#b6hR&R~MR2SjY7)x!`bp5a~`cxZ@ z*D1hUX{iZ_u|M+Y|Hx?=;;}aCFZK}UX71l%JKaX&gb3HjaGUh-B%m@=5&$$)@eaGY z8dN2xN|Z;S3U94A{^R_! zyE$>LeVB3^a#jf_sXQR+_^7Kqnqz6>6kw&2^Pm?>=)r^gM;7H-lWXIjAc1bTu^%Oe zW)CH!SBdcKQ4Z{tehy;hKg5O)0?#oO-#Gd>VQ~@f!J8hbkiFc7ret<`Cl*~WO;*U5@0c0`^a z0lP=U8;8uofn=oU>KFOYM?>rh(MS{IG5R`J1!m)4#HFR@YLY;F6r3r2;ZK4$(~>S2 zg(f#-_M$qP*O&m1iJ44D`MRBAQlPlt8NLLrJGbXe|80_z;#TA_pUmFVsZLFFeQk|w zV!{o#s;3BJgwbzs;z6x%Ie#3p=zx9qf!!FujWYTk-4YJJpo z36mUZ`>GYl2}M9STyOoU$O3sP+*7B~gy$EX26ZH5O;SSx4tF})a!-xiL9It!=@O5Z zNxu?l;wHQ`r>PF_h$B%=*&lxl=hVQkw;qPgqKR7|tADT^V|I-1@jRpcBb8WzO1y_} zOR+H7)`fVc3_?~q4UF;>^C_Nw{_FSf^f9akSJ@Sq#T)-C%lbD-vqDiw)>vXoa|>Xm zw-@FY;zqC|<}a0(kZlnJQQg|Iav(Mt*CGPMs?TrVn!6Q5LIbN>QJ_^t5Yk2{#1f)M zs>oi8d?by%;mNb z*6g(Hz5O|{S4N^3j52;lINkBl*iCuqdDB#)evcj|w$8fqT(4g*FaP+{Pv3qE@Afxf zrk{TPnI*--t$K?lS4sC_xdhr`{P4pMzx?tGesg&^HanVZH~#$d&!CEPbMt@v;~!aq zr1*Htq+f1N=J^%&W6hqX;z~Y=`iehuXWF&RHl&!6r40bonup<91j%6u^S)9s@Dm$O zTU&B&lfp_umws%ihC(;RY<%vJ&Vc02Q1Ivz{Sq1eZvvDE{<#v=-rj4wWvmOiqFokj ze0H~K2VDb^eGb_ypP)Yshqp9cNNbwj*Gg{1Tqgty!9Cll~bko{`*gG61+Ws z4v?Cq(B-KsXszBWX)P@LSMXWEic;UQw6vtc_w^^;kFNAz6^}Dj(Rt{;s@suk!01t6 z@6u(V0?1djWu;l>eqpCBJ)xFhD}h!5tpu)70{Xgg*8I|5Xe=txd<9yggS+IYsnlBcs;_Ts&_!udjt$(sd&gjU z*0ioBKD`atHwMQ5+r=_zjqbuJo$|Y}+1clG;5`DJBAcJJl6p1lwW(aO1XO0414nZ^ zE@`!e%BTK=p{n`dV=*N&m5W(hG?1)LU}G_fqr^rn+SuSn*6g6}a4;Jh*+wDbF((R} zuys#DOiT_7M83qd=xqtz7KXdZt)fR45vrzE(?J@ntZj(KP!t0W*27!q>T&hz;^C%O zoLQ&x>ZN9SYUbi#Va;Et{i3OUDr9f8)_*Ayh=#8jlsn`8j*oN{x)2_vrpXwdta=q= zT9$P)ZOydxPpAXS#n$FSArTniyZ`(T?>FJ2 z=K1QIudoP%VQF!~HN6(Hlf~fQE=XiIa2WnI*Wk}#BeX`bDrOU3B%$#|kLySXwM2L{ zZ_vL%@iAYV%UujqkpUF$zzNM)ii)?OyJDm0X#enBF+Q*4rc{^Jde?)wK<+HM)rG984lznQ7|nM5S|~HG%P#(^x#S zhY0lN!Jcxo3hqeeDhn9REcEyD6+T+oxIS*kN>!IW&-HOJ>M0vct=bR~&yiKG1XvA+ zU$hfqR&GsAYq=*{eYUb~#YAnBR?^p;34Q6K-V)fDe+l;U};o243{=c$DZW!}4f?AFA zG`K6r$vOH`fK%CEcyRX?#47953PPjmh}6gFe2$Zql#frnz2yAfD1EgfoP8OGuBHyX zt@?SJ-?n_)_TCIhMA6oVccDJehf2eVqK{EAH^0q7W9;0o4#I0dG*p)Ep3zG}0y>^k z|3TLFjD5tQp92bv>0kf)*RQ|+`sK@)V5Z<}cG(|4etdgzQKIHPws1I`J%=}P4EOfz zpiZUl9!GkhLI3&lPduSuQHC;<7CJWU0rh_U6)Nr}pqrT$Z49n%Y3ad-AASJX3gB4# zNl>c);XnLGOg?=Yb|rsL_u|D1X))|7PBAa1uzJvp;&=sc1}Tev+Ok@K7_dQQRlzHV=n1Nq9wEp5$Y($o`_T_6!3~ zASYa$jAD~`*ISb8g~K*PuGXW~OsU%%(HCEQP6FS5_x)f0@>ej>;w@Lb)R8y1KmN=zE#W+Q@&u$+1Y#7Q6CXih{P~w(7)D86#akr zcmIIT*}1TWMWH{yo88}u$@}-0zWCw`WubwhlNHkAz;tbWeGMQ!&BT6<4Mf0avGK=0 z{sE#_ztKzfTKvSAm1;Td9|IzU=`6gJMX_sP=?W564>eEat9pH+V=*3# zeTHLkIJhXMK@2f^VBc7DvfctJUq@+mwrNIoFKSlCjvlr5VPeGOa^xsu=-wE6*-! zE85~n;|1|e-8DZoO~!onFo%oD?3%?2HdZaC^XqM7-xD6vU))2s%U1FFn^h3@DXZcS z?k>vtVLENdP$i&We)#Z#>T2=8Jj<+H897cc;+1fyG8rCmvegu_M~Eg-2?@;bXd}G~ z8RD7THv1jE3UEd?C4;q*$sNJXsBMjbja8d#wPRQoPY!292c>s1cy-f^D9xaDCVm>? zNh&gRGXL*jd;-Z_$G@$7`s(wg*N2ASkUU51`wl6kmTV(|Xh1PhslD(HTs6DSPUDIm zlNwcexjrb-D!SQj+iNI|m`CT{9RPxT>yp(eXMXYTYU})q`C6hl#Lm1{f345XrTiZG zcpLjCL7<3ajw7@yA2PXF@q^z)n{~>U=?nK{cb&t62E1I*jXWy+v@afmsOfAN$cUW# z;s1%9z+7yiMgm2aBEG)1y1TOtv?^k1=Yjc9ht?-1HrHo%H`iIy2>4s~Xh=%*Iv-Vj zr9dd{xLvT9wPrIpKpx%Ut{cDwf5Tgn%BHMVlIs7n$b?da#RdIZCcW#kCLv_5EeRKGQAY`;cE6u<`d908>34LC z3D+`=;E^65#-?4)MiRwrTNR?WJ|JM+PG)qlA z(M1MhfKE`&QIj74E5CoKkT!%k&QN7u%gc>caXt`LoEAP8MpF=3`#AuFzlzALz<~`z zYV78TX@rc?+Q8?r|Fo8;%pvH9?j@ooN?{c`*6rEQ*3$C%&hA;(A^7bNXor5Qs6e0* z^oYzR)lWR9?>+im2Oow!s3OhzFeCC{2>ghw@9b;P3-x|W?n9_}0$j?-d!;4q2{nKL z2akML87FijXGa}G1(HeOp5>B~2vB0u;nv;xO864BDhER3G?*YtEi6BX)IR_YeQ|W<Z>NK+0Tnp4tftP3LPw@J`;Rx@Z^tl&@+9EiFV3j(&> zQ(Nv55iv}1F2D>X;at9}NJOY=lY~X%sE8D`U!sG_8a~@j7wdztkp&aF;894#u57Dy zP(%<=4P0=7KOX%q2l;Q}yRytY^Ot+oF~fvSL1WR36*S8lhf7C?pj;_kr~HAvDJ!hh zX=)?%6|K-C`&o0gWY=~Bq`hLF;}k-(X%&!IR3CwPLa*BnLXMMh?BVFUU#G^ygIM`_`cOAAL#?Wv2z zb(8k6np~byF?JHU;)qzVvbnDt6Ti)8(h)MLd%YYtr!Vy^^aT0EB?A7RXeVLm8q)0) zf4cEp0q5v>C9$l?AC=V8D&XskZPP8uQg&lU#)Cg?8FgJEVpn=FXi_2E;e>2m_j}#< z7cO{)W6^F#X1*>5XGB?y@yg!7h}6Eg_JVzeUT#T;lfjH~w#J-}?W2z8r9kvylVjM~ zP%%jm+6E>KWQz zyrjeG4g6vS@NBg!qKKu`a&5-k(%GM_Z}p%UPgEvqvv3iBVi%%~f^cQOCs%*^P;AlK z29g+a5f$vvtUdX1ctuxq33un>U}Ra{%t1>Y5Yza^3pvtg-rTc{{`7T0L(YXaYc^AL zt?dnE?0&Ht0YQffjJcC2=m$4#M_xN@8%cb9PH9ItdBf62)BTNif1Yd{nFUXBiAk)Q z?ei?L(K=7MDcYRRtNpg;r_@z8gbG_pP@XUZq@v?8Q3`c+_brxi_aLo-{q8)R1-00B zzf)fE_sgcbJ}a(_H$=axWp&(sJLqmL4Xf|yJT$8Xmy`L|H>(QR%h9}F5z1=2RojUG`<#s?+?XFUgt8{H04NYW1*zT((-CDm90*8F>dW}A*8{1E3*^gtoM z0RFeNZvg97jKpSWw=34C56YuH7-t4^P_!>T;!D26Vcu~vtLG07fGZG`5%q23ue5%N zyG?(nhU&wjBmFkGKyO5zR_vTfQwwyVaxrm9xf%zqDU6`@Gb61ERb?gc_WgYI;Hy2S z*7zH`pqwzrV$)_1`dQ#O=oT1&a4CAKchI)>cMV{cgZvG}JW*UL3D+zMOhwx@NcEXS ze$#-aO&jH%{Qci<`=BU}FHuHaWgSRd>>t2l_oMc6egi-;j4mmmJzA~_L||7bhD78? z5&%CpIaUM<#Duo2tQ%@3{Zqg};ofymmt+wo1fWXny`Zk&pap9`TzJ&8@>lvDVLbIQ z}A08yT~n^1i)Z)?oYliy1n|JS8baumk|&iB<5 zJuNM);`l{U0UxBLi-`((ke`ZFY6Ck_H!S@jT9-0XxtohzK&)&Prf#a%#DCaFw-Qpl zr5Wn#ncL*ag+rQ8zV5+qLVCjpyNO{z8Xh`^)x1?FJrNEH5FSkLo2_0O1V-1*b0_g( zrY-|faI5^{7RA6J7J`)rB1*UqEonu<>d51#L?Fo)Dye7`u#5&ab#B~gzVH^+$%wzl zl_h>or1DNcumQfJ))I(kX1j3g=>>LEs?1;QnZ*SmaF45-AjQS+|2x)92u9uu))~C9Qa1lvW@gBa(0Naeg!FSf~@)Hz5 zU;lx6b5-+o*YePn&)tsnaQ?dV@;c+U>xb|;^XPRA?5wTFfFt=XY_uByvGqggn<^##lX*h3w4Hp zlNepgMY9nK+bqtJ#nxcqWG0F;R5?saXrK}oeYF>OXjMFX628FWXiOsrE2>y!a1aG&}ZF%080#P`tKBw?*!LS1)~Uwufqmndw;S zcZv-Zbc<+N->8zmg}roe@MW99*&9aj^!5NH3|E&eGep~{G*rbb$N z5LyE~rnx!5>Lx@>kq)r!e007%ldQN#^H2Y}D}6Nd6yOdf5N$~L!V_u}6E73qkwy{& z)nVh_M14{va8x%l{i~}w7Z~ItnjvZ-;?;fv(nbuYa+^h;y%BUM_ta(O5mCoS+&TTJfRFy zZq^ZLs!X%`dFku>-uK(ksFv21o8?!&e}wk7ndMj*n#|NGGy+T4O?Gf>mU@QCMj8D_ zLQ4sFzyuqWQ(5a3va+O2zHHdEGMf68tWZ;d^`@iA5v=U@b6a0SRpgmkoo>gFw$Ld7 z#Qq7bH9ipz4}KssbJHLxp+dFeBkzO|*kGR|SS_3gJlU+)e(?(=awDsqYJiPjV3MV|Wl>(H4ae#cWbctjY zAId2+4?#Hiu+H+hR`D2HQaH^N;GIeHb<_yIhSyWX4n(I9S6&k?rrj`iEhPX?xVeJT zf^!U87Wd;Xey_UTPd$=NF5g2#FvAL{ZV`DSA}Uqtm~l46m<(zaj;B{lH!Sg4Fw>u# zf$o;i${>Nxd+z9F&CLH{cmSuyoJ;l8s*j9)6FJkVd9e9F2Qa&WLo)1S^T`As0 ztqsu3)X+HHm&df9%U%$I_2Hw0KoX+j>?^z8=&U7w+11Tb+fzn|nJhndo>6y63r*dSF3H*=H=R0{Bx@Brsf9)*#qFcs{NHZf;*{!e*LQ&0GKGqpw z0J$!$v7%RTO1YuaH{z&X?#n!r9FT);=i!d{&z~*K9vJUWpNE#MH_Bv~sKPoa)`W`O zptUkc5G{G_XH8li8Yy@fgX-3FR^#Yd4$d)i8K=3UiHXtCDFjYym_Q_0cd0pRbJmXN z#AbDEYRUW9qPKL2A2X^;$LVxS(<^|o>Vq3;@baK8k}mWyDXwR-At(8WOsk@*DAZi~ z`zA(4{>G-5^3Ro{q6zg?UR5`ViOgAMeINja>dq}^tz}YY)$>CN?wpuq*&Gp=T1?6v zPO8g%{d3MQnwqIRAM1sN8*SW&h+kq#>iH%N#GTlSG5pPWP=vAQbwCtpzOne=#QZ(i zTzx|c3}g;BAyh^NdVnr~A1=giU+PJUO?ovZ_D*c1b5^j$@tU+seKDa^v{(~P9At3a zn)TP|gk9-^Br--S%}nZNJA=OY=}%D2^JeRxLh}n@EquDFAGI{sQ5%yGMcnUdt_6}YEbK$2|y`aI3?z)RXi*ldh~)of<2W*^Kp1SM zW4GTbw-P!y-1HmL{5P(`;J4NMcF&Q+*g218WZo9|qFpm5f!4DdMEs56epUKV0<$J% z8Gub60Q`q3a2LFF9fch9sNQo*U zHBA|ufL_VW7k$ewlqLz3yJKM<0*Zk^e>2U26cp+wPcXi&CMWvENaE9Mnv0Pk5q0;x zq+kw=Q|P|bJgmUhP=lVBTzTRJL|&iwfK2*&5g*!USV{$*ft$Vy>$G{b-TVw>4;~~F z#$uW_V=cf`+r5lLp85fLc?SvM!Q9ZY4J;eF9Fk$1n z3UT-{^E+zF)SB64IpWabt)w7p<1f*On-oEhNAR>A#CSCRCU#za?Dt3q1-h*fG29Ad zd^1gK@3Kn6to1fA;8M}ax-?ef_j*jU?N@u`m06m)>P_*5br#Gz^AL5goVFBSZkXMv zv%u;qFD+~&na>rcVI+A_F5|D~F#KLSF_^S!es=fj+Fqt6)s^cZ21K@|6;fSBJ3ARi zR`j_#xnyTdY8ZQE%plSkZ-LpXKNM z8@nQRNU{__*Ct*}%n{ZHiMGJwbJp2$Wt>5Ug5;u)n;!a|Yy-!je;c_|w3Odw!;epUD1ZpOB<}Khp6Z1K~%*oY8f<7;peXoB-7D?X zOUR^M@YPb>xm?mH-!!W*OmLnXebatd>~UDOiDHrpp|`R8s2;1asVK~V3U5wLvdtLv z6FX=E@u)<}aJQUI$2_UgHy^2AZ)9z`)(R%M(0s&}WL}S7Uaeh6pfVyWqfnIls|EB( za+iYI3jP80YJGM<;&;o1jI$kNn_nqTI+$k}UmVy@BQA0j{BzBngY%gN*M#js^Cj|$k>F$)j=Y(--epms zG!xvfu9cGNmVgxo=f~u`H=h=PwM*^T!<1{)m0N)KJc1{#cmAcntH)U=I1Yzd#_+&s z{3ZFLpo0vgSzQ)$77HnXPJj5*Cj5g_{@wiMV|Gkz<8$f?VdDia(fqU@x&&^WnrSd3 zS*_{1!3(wU>&auw!O}CEnMpik!vZexTvF}#9X(eM|Lh67T-ar>^#=e33262O#3=j~ ziY2@5if~%z@iIfzCDi>th+kiDy4OvGR*rr4Ni89N0V)+z|*-NgeK~HaF~apLEBC zB5@HYHU=5A(k><*8D7&IH&dUm_2BDv;h(IfHe{*`rqtHf2-hXrPzZE&6$?VZ<_U2~ z(e+n2S}upU7hK4zdo%&No!F=q8^DI!OSKMZ?~4ZniCziEpt@N{0ojDMel~bSwQe z!*$+ud)$we)V?a*p}4+R&XVyXC&Pk@wK~8F$HXTYIF%Z@WLU!Hv=GB7KG(8?k7Qpw z7l}v%_o$5{Vc=wU%g=Guz5F4rI6Zm>sU0VG%Z^U}F19GKXt~IA$MkH(;;{Dyq8Hei zWV)VHvO)fDatwf=RV4b`f$O0-M~c+i$m~QXH_%0aTu8d8RxzvnJF1 zpi{(uxVfA?-7pkFVfYKN2yM+Q{!5-szD_K8(Nf z`ZM<(8)I%{<%_OHu#vhD7+pu?q&pm`aS|vWAkn)p1|iYyi(hKDKM9_TYuU@e=-Y)q zKS5qKAznLc=7Yat^6b?t ztX#+M&)P7h$)7af*FB*vx;h2MMW}%Em0hnBG23a`5U|l}l|!Pxw+)(=)MIG%ZQMY|s3Oe~>0P$A z{9YZOrZywIBJ$3*RQ$W|7&x@P@}_YJo^#shBh-5l5vn*OeH_h(C(v^Ez3VMSm>7To z3+XRp5Fv^LBtX9;0hE-n)=3eR2*U~xx+(s4A1|xlJ>GIcMU04kEph*YOiiuUK=c@Rk5(BLlH*FnNi18NZ79H^|et^Edxy@U$m$M4tLcKEMZ^01Ni;=}nop-}t`AwPnN z3MahD*(1Q5H1Qla2&DFTA17xs0yG`D z{VvSq^-?t-mIT}S4@v$4K)A2t(tdT%Ge(3?gdDwX&%fJ7eO23C@JhsfOOdn5|adUa(_-E@vW7`z|-xOXVsPpj% zb&(Q{-ieF}Kv(va&Y+CnZ&gaU|(F4fyl( zO-gg?@C8p{uUwboEQ+6qUm_YC(NvR76H>bfR9aT1lp?ZJ3Z?Aua#77{-m(xxa@5E~ z;792K#KkQG7AsuEXO8u_T&7bFSW-sKTDPKWg_gVatins}Q6t}HelyQ3-e0A$`E-ay zB7;}kI$mcxCJU|V&~m=V47S3)%wiSG?|eUfr<MJ^`LQU33ndXq{W zz_*ZP?VE0MpG(fQTtWt_LCe3?l2=f;CA!~W;$TYk_=p49?=HpQe)t&L$RA&;w;o?d zkD?)vtp928c- zl;(O8?iUnoqe145X9zfN_qnNQwM`}4jjC@qcQo|0SZGlBJ2YsajpCB!pSrrWZq;MD zLK$5wlNT6`!aWwx3|KEO=DnSB&ZwSS-UhKZklO>Too`d<~p zYX-lAy|A4MM0DRl7ar$}!UU=qil%ZrZ-Q}?&zsEpgp&hP(Q+5Q@!d&%G#x2ReH0|X zG_?MdFR$e15sLf$IhC{?k=qpUzW*12!WcwmUi~^(#n1xN;s~MO%77&zHf4~~OBa`4 zRlBEPmF@xrRvMyUDG~k}A;O{&#P}rXeQyBUCRqkm+bCKYk8GcVYI$a$go5v|4{Y^vy--3*90UEkQRF?>G5BQ18x{Mt%|;sHe$5}6 zKIiWwk$OfajU_Hukn-N*!6UP)<7d*YuH$oUruIs?NjY(fOi|15+;EHC8{N| zj!_$`5zmS&nfA$7A1}1Sc7T{7v?rE)@_gA+&CVF{0e^NBpcC156T9iD4XOPMX>LR& zOpC;UarjQbEqk2ejZy(K zLz6Z@<2#s&=mH!3zpjClET%e*K5N$aq zXuMWuq&q*2VPFQ>h*r?wH2Pz#o@4TBOxCkD*1LPT+Tz)^>@S`aJcG(-#t3t;IW3#s z+8D-Um!)z*8kioR>aa|Rm=o4WvO9{RPh@kI8oP_dbxr;gr)_x;I=H?rS&w0$^tu1n z;6fT2e%~4%lSZ%m{d{3Z+|p; zrG?!JTi^A1gRd<_R?Gdk^M0)8MDXN0Cqya492^M)0cY+2Bi&*-SgHb+3{ixUk*=;` zcxH$^`kzDpfYKWe4p0@)XN)epZ1Nb`4<|u-7$rVB5|VCuh=9Dhi$srY4I0@3Ghxt_ z;BP=P@yFW*YS-k89li97E~R;jG{&HJ(=l6RaM?49jkG2*A^VYaI1n3{gf>nd_0WSu z2Om>6S4?1EWn0&bAqF^mo7xK75IfUOW|mH;R}`t5(Ln;rZigT z>*DgvZQbTqoIOcDFoHe;^3jr7)qbN%KN|16v40LIVkFt86O@t+TLL=ZBw0qvtkuh= zdJV9ho^B3!5a~S7k381jC9;D+Uk*Jt$E~t}70R`c_Upfl&;Lag+d*OS#UwHX%u79< zi)1IKMtd9?(?eCW)sU+>^B`^63bQW;Or2R{SfG`*Q6=?t9g{4p4gYJoE7Fc>k0X8C`F zAfA}fVlYtF*ZO(u&kwFd9aCSB9Fqv|4CMBefMR_HJxDb>YoEh)a_pMV=L*5AlM+)O%{`}oosAosLTdk#HkHlun* zC*j4c{aTPP#DSOJt8dHg-qK#gwAMVlbXZz1K|VTT+t^2KX8yb2?rkLbVT+UVG?J6~ zMoX2ZEts~eTv@`J9Lo#Vt1_b(yJ`=kdXAqmINa2n9m8jrgPIm>4*!Fi80tZv=dD5f7R0Ro z1DvQx^nXS3TbklQF^<@lu_7=_|6mE8EJXsULdfcV(SvK zxHWxRQNbRXT-xr$Hj=Bd$Eh(9>G9eoGcVjfqe%&%*5s`A^!U5zMlw^jP+GY{WpFV! zadCD8T1)e~xv{f@bdKs($-0)Zud=(gwLM};Cl0Rco8e5&7)UX=eDoTCdO7+mnp}A0 z8}{;ow1-ftuW4%QcYe{KC;*RaDF@sUpF?yv~7EB>QFAzf`%DJe;t z$bFAqu6M6^b^kn5!x^r>z*l=o$Nr#5xV`fa#Wg8-L*;wVbWA>%Y<^`CFmVw0FE4Ua z4QdI)^j>_8Y$RWfAD_Ia6kWNZmCjkFZX?18lxQYkh=82bs}r<>7i@51+0h;c#)?vo zJff%YVXXD;R3QhGy(+$qe$wch*}WFv1xVL0EzofjRFKn9%0#&+cKkBa_U+OBwL&}) z1uPTm{d$z92dE)T<73ATWMvU|ONU`i{%$jC0~E&oJOk7vgC?1Z+g)xifI=w$6h#9? zWyfBwWPrk5e(P*Qhh|K_6lPSYwAUR_3)^H?-8ne+eLqDCQN{i?G*5L;RJFAXrHC zOTICX7+;iLO?qz)L!(=emhYF7`DCv5| z4cYl3DYmBG4gwIA;3KDNd_(XurF=BCzxT^x{=1X?%i;n?ab1*bY%)2==-RT5ml~2% z>#4x5u4T>~KuwcU8c#^v$X(CW+T!llU6ZwBWj0hjNbfL3C5>M~-Emi)f|xOj@W8kK636UfnJfPQAh+^6}NtB(PDU35rE^bbw&O@%&0sJC{+A2 z4?@59l|^Bzo7K(k4hGGDP;mXx>2Ywkx+W?; zR9SyiOw|XOnrvtlo zOYZ;M4Y-?;>TfaP&6n^(1~|6Va~zgS?{Mbr2|q$V;-f6)M-HFJxzZ@|C&YWlwrqIF8< zUbpwtf@wDdxd2EF{E!cllanzbR}fG1m8V$jy*V;i^04Zwf`!lR0C=AF{oQ|v@H-`B zrWk;eW6lyF9ChN#1J2F};-G71$8Czk9H|9}d3peC)t3OU_j45R`L9&ke;GKo_|AF8 zIrJGbAVUF(1Lx%60Qi>KAdrv2N3yj}w?~x-=>#6~1o;3+s12qlH-#Q0xwMD9Rnv&9 zt3lyZZmFA#y2WXzY9_;$VCbb=D(RaKSD8+y2V{TC@{vLj|)Qh$jg ze|HQd8*XyCQ|MnXTdkBs{PIxnA9_H$L5_|bXQPus6?jo$^QsF^bP5ivHgYv=Y5cG;XNBhYO$7B#goc6KAQzrAF`uB;>a#vM;eM`vo@ z{L#sVZeglSL5_v=KMny-c5Xjy3LKGlY{_`QSf)qpTA} z31en8Z9WyWjj0Njw|(lz@{lq<2B^-D=KdI1Mr}N<7+a!w68`4v_(!`;4K^K|Ohngg zWp~cE-^c{2OHzHsMPQ8U+TnSbr95lF$uwp+D0Bx7D@DXbHCAJF zUn7e4e&Xq~5xekrnCRTSpGeLnq7rqUDj)B1!MxVS^A2^2kKd+l=&G(|J~JC;TKP@t zByQ%tn-yQ^Bo;*+_LJcZ10!1-cMoe9$i1YVM9y@5*P;Hb_a~<}YFJlnQN7-X@GYjU zk%Ey|mhAK1Kw@8+TppkA<66u^>#hb#2%|~$(lbox)iP@2g}B(Q92%~&mD%fcwqRke zh)}@$_HSQNOvlIPEAE%;?XDd5)svB*jdRPB%iV-WIoM>fq5>FI8(SM9=%@&rG3Ji` z&zD{BU+A9>U_5SCAIg?$ID{chDSrqm_*2tM7b0g_wrCMR)*b)JMe|fDQ_OR&Cy!<( z<)#=oM~Ww}qkKN%lm|PWCGTmB=P>pnDZr{`xSRZQF#@?&?&Q=+?wBYvJMBSHR*&!L zVaJgE_mU2e3aDqSjJZsUbRT&PL&asz{v9H*b+0CwqIVQ!X42EkH%t$gp;ndPGt5ZS zs@Vx5E`VrmH6KP(rJ2g;ycQ6Nx3`#uC5oIh8mwibt+ClxF=+YrpLu7GOp@R+dwr zHABT{L)nq5S5~+oxhQtsN_LM-)F-E`V-bd}uc^w=`7}UKTu~q0pbPa-PY!XerPA@M zpxA;$1;B%h>wKNsCp0oP4vFbrBH*p@a7jP3KTT;KCEaL~gxe4lN2h0LDHSJ)*}UJe zg+)Mf#(pOxY`&5(bU!V(Ve_l9o}XWAIFXSqy$z4h7rydPm71rh2d%dlz&oUESpKwm$b?cp- zi1H>WOb|UA?TEG`xPzjx+Vj=1I#>Cdjn-D&VfSX~ zuuKPprLW((i7$9rMOETugq$U#r6)(N?%?@q^OANNhx>!q4Q&dpALy#jSzbR3A_ETc zZxgw%vn}S))R)KchMFT75hgS8Z7*k)&SF3eck-nKkoq87M@_984Bfes+NZdC`8q(m z8U?1#6ER`Zr!>c=T4v^ohB1?wp<+xD0tn9=#@`ia{^iQXhCwk!IVEr(Ljrv9JxGeI z^j`v51WJ9Ppwe6zAfEOvj(i_IXMO3Loy^_L&4AURh-|DyLr7CQyMSQ=wSyVgcW=~Q z{hZXG7VhLG3-3&qqyZ)iBiB;MnZ3cLrOr7|f6B%g29T+z-)7 z1^%!oa8jligzoYsvceTof%xltmfkqF>fw?lVz63#v|mZk_5Z2K{(r+$ zv>seDQ(r~`$gTZ?+2|{`E69|g%>~0TpSs=&(maGA3<+(Gbp0fjh-0Q);TDA zG{HwIn*DDQFOzxku1lA7Y`}ZdwU-&9?MdV&$(x8@%KP?jUxozoKV{y;YqH^V

S&3(gcbu=JNxdDq}3SRDn7XK9t&^Z$H zc)u}C(6Wor3)n63t6-~e&RK|4dYJv2by~`>eY5)Ch*TeGZaAb!UcGK}vxHZjEgLth zFdHk)&#&X)tcUql4sQz+v{~}S{d?>6c4FYS5!ZG!a8hTI$$od({Q0f*+8BPYAizIl zznd?dQGoQCCwXa&s&g6yp9>Hd{0YOk)T?RwHht5{Oa*>RQ#b6lbFP}TEyERNV6Ikm$*hH961doJRJ_UVvegeuDwU`qa>t$cB|Rjn8_HJ>pv z9H;sgxc`eBunh>a68hBC1sxf>0C&L=wHMHuT0fRdY`^~dMxl66yBvX&JZ3Mo&wjl# z=~sgvvSV6Jk%PFiiOE}++d7YyDP@pE>r#D-KUupqKr-?qYZDms#)U)*;Vqw@eyXXF zfvELNX*?f8o>q60I{^{L@snj~BvMU$#L-Z*X1^R~qKL~AXme~xRD+qFo^3(TWhKHw zjLTfF2;O#$Wqg`bBJ|8#ykuP6rf9RHzijBnPwjI{lup)%dF(&dG0~ z7>7H02Z@&9j0aOo*XL_uw46}SWzpKx@^ZdReXK@)KsN2M1Scm{d6*EaCfZ84Q|z@C z6mzb-*DG+E1raDbJu6G&10=jEvn~(UsIkOjcJ(8%t=1mryf|`xzELXLznSD@WVWRY zW=yk3%%Ot^6fU(7se)=UhrESo*h0r>$K=9__Y_%s-22EPcBWQF+?ToZp_ssNCo3m2 zl*;^3bh#B9qM;YqNK-|S*kKN)y%cznI3)j(g9{HdNjGnNX*M}g`rGKu{6 z1B?bC*Ju;S2MW2W78%)66KBDnRl2Dw=eU8rx22}{%=`J5B5E6zhIUFXVy9#^(w@$8QL3_3h}5Qx!IP7+0~Yrq(p8 z2tCe7-vX34P=6|lM$jT4lhEI`x1*zwe>gHII2`3I#Vag$_KM%j{E7ASdFd=$_(DC=z+f`?RKZ!0>g-}j>F?^ zzHmyPSq{@z$Ib6g^1muyZJ-=>KBYk@lcD@D=%LXO*}f`SJR#>TksoT}GpsC9dK%{0 zm9y-FDWrrnA>q_W)hk!pgW-@Jp7w|B-*V75d0I^AGBP5>xkD5LDruh*vC2+In7Wri ztUGyA=Y3IA33r^}Gz*bX`x3kk$hOi62`yhuS6N?@$>qRdzez1&(vdbk6T z+1u)F!H1&*Qc0dvOjkWhE}|+EX&;E#%1_7Y^%av*g5Otdk;&zN$y}bD#ZFF3UH;!2 zbuuW$O2;7XMD*cx=<53!E$xtawy^6~7D@1ahWs_S)4GbHn%?5ZW0K3iQfD@hKQ6hy z69&RV`1%zB%)tbz>U6sVa3~^|mwTRCT*8u_XSV#8=eL$EGDHvt=*@YyOv znQXM5TNbLO)8}eS6{PgTCJH=~ahfc8-O9%|Pa`jpI8eFGpZtqc=R3VV*v^k`t4=3JOWRai>J7?dX89<^}j_Xy=!*eeSrvB5}W3Cl43_U+)&rfb0n zTnt{!^s=`;vk>g?a_oIlteGiI5yLQceOWPVj%+neZd0Qm`TgdG*Z0_3J9_T8`Nh}r z6@1^bHR6@NvDrc3$dN~kS_rT5)bUpvleRl%hJht%ivV8E9sUpA07AB@oGs?M` z+Rr9#ywkvRhM5uY7JJ+u)O5_wqyAvp=6Eu}0u@Vd}gUfr3 zb{i7NF%t;~%+`u55GHIVjq!ZF3^H^c3wrxPuQi%kINzTiR-vbO^xL6WoQfMoN&~lB zGy~{r&T(qg(zCH4xP0G7D!yLYMj+}&m^t1(Pua>^CC3vLqG+h=OmKac7b-@)3e(=u zA_^HPh`Ey!aJ23Ad9u=$lQ6=CFtuf(II@MB4ka^o!U!nQE;9(MP7I64G%)LPhA)n; zwyxf8C(BVMSyt4C*SI}5wNu11R~emaNlEfHZm?@orxUE>nYgd5uXjrh>yhhQ`q`$q zptGrk+&emjUOFPmNjfP-+{s1C=GlLW1%WS zM@%BSybM+?O+5{A6K2{IUFP?JtkMAAQ`)$Xh5z8Vubka2^WqD+cdXend4k#8zr z8rZ2XsCo)W=xbH57z4pi3i?Ho*b&A9(Sy(>6>e#l3#{!|kfH+-(iviXMqDTrHcyCo z3xO}^dh!we5WP5(u9B8z)y_osiZ_rgaXKf?@xXQF&jD=+RmTFB^6fsSiy2xY%RP}; zYfo^<>~HGCDd()_hQQ4o`sIHqEi%kDU*vw$;oR51FZdyef0OMf@&kkUT7B;nDmoRd z3shZICV@~f%mrwCq?f()R5Lh*ksy98)5g>9udt!ce zF~1&Y%k45ku(xzIzh?{Jao9OppWd!=>HAWSsFjp)PZ)9g7_Su|*ABHbvi<%K0HZ)$ zzjWW=IdhJw6E&mJG8GE*`s%CizWWYA&Q_3D4<9~!{`@%)^HqJR zB&!D$vnE3ESxLtjv%3qQ`u+Fc+v(x2q{ZQumhON4`DdSe@=4+&8>O$Ibk!d0LD`zz z!PG+87RHglS=b_ztKmkOy3iIIzyJO`cgVtENmYPLVE|$kf|Hu4h%G)yPFgS@5Uc)_ z+LI@D?%oNDV#g&{*2qkLNePEyatP7KnI%J?+!((RSXK16N_ZUoi-+SuA+j2~x?)Ap z--;0Y*j5Az#J@@yjmsg!Fw7R~237QHtNvp{XM-qMW(8ik$I9;AJ1hi?c5%j93g?i3 zjzZa~RJsxV+@;<>mV6F^Bm0TD^amfjuXzGtMde*tRq-A_e#G)030!?U8d*WLjI|PI zC2)fz0K8(+D3*53Ir^E;Ab#Am{S~W8{u3`v|ey>9(t7 zYo*rStn%5f9Ppm58&qdnR$B?2ECFr7M5gwDtUt$;^5AB{ai9CptHI+RN2d+Hb_wX| zEp*fl1)xWj?4@&stbxYF&`g>0)B~GN8f&Blv}y;Lif*>(w5K`d=ZdMPiGA5>$-UFereq|hn(W)IHQZk;Nn|^PB4#H0xzuk`; zvHI3qB`@E9>}uWRC)HByN}zfo-CE)C3)Lgg`)Yo+J7af_g_0^A<389aYtA1G)iYf8{C6Qm75w0M2I#UgLy|QlO%Mw6k zbClSBhk3EwkT88B(9H9MvC~M*e}=h!<){>ums(mf;-O`7xsiF3PS&cNjRs#?ZmR2< zir=?!WJ_0?@Vi{&+FRdr&EGE2Dp|2daTtwRX*FV$A^`@}FVSFOlgSlD`d=oRw|9Wr zCGf^t(C&_fFyH!VMr3Bf-%O8f^4ZuzYGY&GR#q;Jbqu%k=IGX~TlKSes8WU`)6eK= zqNmEy_enDJx5*IQ2fy`9LNm_88`N>m&ZZesmu`6q!C!u7P@OnQX+ zla`;T4LOcnOMjk8xAoyF##6%(O~nXB+@TfZys3`y*!ecy&5Ce_2T~Qg@ton~%ZMsn zPQH%Y8aEN(j>XUIxngDd?%jLuzyGB0b}&x}(h!d3Zf^`)^y$+N#j*DTrDtj*b@U7mu7c{Tsy$`mY3gs!qV3i4=HM%190wxEcS|7tjqkg@|`Q?+r0 zC5~W2)Ms~9^q$%XYM!!YgUzH9O|^x>N%;geO@wY>ogw7p`h@)AgcAW-LgPUSyaRn7 zk{)!jR4|KqAzpC`U7`YcR3xsd$Jz6A(ic^WRAYeJM9>o8y16_7l;KzrWH}hhyMtw< z;Y42I1m4OF#O>s`9#i%Ueks;XsJ;VFVV1{sq< z+rG|{d74REFrk)P#}LQR;AR>#XfyZu`3>X6#W@)sg%~$uINq{PWZTGwQ7#OG^vr6{ zz5iu!j46HG*2rQy=^3b4@3A@;BITre5&GCeB%df1y-oqutCoH%A2p%esMWVFU&H$M zJd15)#>ODJER@z~JjKpTJoI2CUDJ8TwF-fVNwIXQAoR~`fJf^#J9v-UC4lsst zNfZc5P$NfJZrqpgDEj2uO!oDguon^X+1dH!`RmP{z4zFTUAUrsmr<0($8{MuaW|sV%O#FENWkT{+Xv}o*XVQA2wCZe)6A9(7W{wGKqz@ z>8ZK-`SFRkfD(Y#p>%g$_+v@QG$^3<*h}1MlaZtv8R23WjPY^b#gt(p_Smw2i;;$u z^ai>$5{o^crhnZ3=xCpPJ>o^*Yx0?lv+-l5XZAe3>f`5V5<>`;uDr1p8ad3o6o*4d z>U5Ii&xuDMcNStEt4IlK_Q7ofwhiYJw>X&OFpTAV#3$m*!|BN!j8UY7CAA`UFh-g5AmTsXiVy4d>MnFut3iGmAOd`B)N*3!#Y9^wbq1KDZYDq9;(to2u()( z{!|D1twre8RLEL=E!p@q*xL>Eyyb^JF}}laDrW~caiZaSTcSiHa}!_n@_~e$jJUoe z6SALwVPlm@?<~%N9{k&X`)@^aBu^ZBHaR^F zg;oM!tbg}+fA{(4pYzixog$>1fBNaCAAR)Hlq%4dag{`XR-pk9K!n3XX!5C`_H%hv zzbQGOob`u8nGFM*cW&2_#Y;g#444(dk(?s1^+j9?WqBD8`6Sb)CsS64a)cD=n|PYS zF27y|h0O*O%U^VOGr58$OVpp5qeM<7i%Ie^&|p|(4ncuRmYGr$=bwIhZLvZe(`SED zF?SYUTIh2^PEO(+Z}A`ri(e4fl5ZBS|KNi_bz=bAO)7p80>;!y z;7E~~_Ou9~>Z%@IA!5$U4lN|^RaS|H!*|o8j1-n4Fz?`3ns2cjWKd0e^ymQuhWcif zE7wu+T0_5YajCaiYbEejOTZ#sto6mQ>R7jr#k(GT&zjZTL>%&`sM!A4-g)gXyt{_t z@~G)COIky{-3c zEs)0W5ZmCf^w+vp0`HCl^dMApaMhoG`bCqZESa)tr*x-5dVsfEhkSRcft>370=&Po zqw}}maKVzT`J?lSrhZmA)FlIzJtlL&vaV|C=kLLTB~Q-I9v;l8sp#UH+nQ5ekcVLx zpK;a>5o4&am6KaXF&^h|e3AV!xvrU+A&JD?=jg6U6YR=P&>#8zIIOAwRR=tK=b0`4 zopNmDlY%&FeJJS-@7aP@hbP-(DTm%|8NGu*?Z8#3?AeXPSJ8v$6suoMJ-wQbXS^O+ zr?c*I80=eg%jMn5uMsg$Bg9|Y46Q!1@*3GKU`t9v2E_^akVM88kb#x|2<^%zB=fe% zul&X2H!wgGR0wwknh(bsA47&P!YM`~^Iwdo1V0%T6KOa;>9_z_q&yR}I_Zcz!*9${ ztZ!03C?IDy*MhIBbF>XP>gJ_tj~wkf=VHNA9q?DMm~2XCV~iZ&+k8V0lLR{aA(N?& zg`2aHyMeLg8rMWuao4wSYtJN#7d?L`aSp?L49zA(b z&LWFGY0o4lK1|Af;*n35KU~*Ig=y98ysO==q0PRzxq#Hy2HV>B2Gt++tt}l_ zH0j-)>75z2WKk3+@*}xSGM-sUBDkB=&a3Dfqs?M0CK3scj&1(k=`ckVW6|krd?sN~ zgR;QkWqdBI=Ga8Jnq|Ap+|iF@zH=r%B+!w{(UGqp6a!I{x+3+H&8&tio|2(w!>z!< z(Zh$cfK)^O@Y^OtG!@8CX=PQ9{@k&Sm|l+uUUqzIOhwFS9z8A>1+sIBnms)kh*dUL z?}Ra?fEr{GbQ+W-d?^)yhq#Hda$qodRb8%%=6}rUa21Wtq>+ED=; zV|8r}sFHRImjG}HEq7%+R6?Z6*@azPbb|4X=_m0JV2W#?+Ff#1lK&KB4$eo z9F4c-6B&g*vM2w{>eEq2Bd3fm2SPfI0V_v2+T5C_vtmi0bEk1+G|s;6NU=99Omeco zdXC7o2w-1aM$FnvT$@vyCUu0CXEq}XJ~^4a_U*+bpokGsZPeSC=e(t^YNJZUsm9aO zGwPnoRl1k-;hptmgt=9aeXC|%kS;@b6PFo7C1a681qSe`whFe`;rYV`cn5@y*wZRjz z5FO1?E>$cIE~co+_C@hk&J3b~x7vQ6aIXEQzEJ0ESTQp&5S+V!a^|>YVi;#TSyWw% z&EKLH+ccX_+lF;jGfJx~4v|)6s|fi@XS}2T=g!T;u!X5^=ce0sAXZsJwULv{XVQ&I zpKCa^GJWRt-Y)AJ3x`@S;Y*;Ot+JS`_NgUH$p6WBy?%%Hn_Bsdc75o!k750L(y%wI zG+VmaZ_@i2IYs0M zki)B$xb5!lt$A|z<@qxIMJ(4wdF9eWH05-D(jZ^2#HI5DZVkdSRLZQGWF05CCMR%0 z)r8&r<@ZvN9F)xRXwC<6Mo^P2uI`gmr^lD zn21~I2V1zQ_EHH2nOt)6v&4v$SqFw~U4>++(Ns?S~a9Au?!&#L`iKw0=Cg}<lj?m&Z37t@8R}xmGKovf^kEpg%cj&3t`pE0w0WStb`dqQE=i&*~DQ?^KB!Ab)kFPXL!(A5cG- z#3j=|NL*?y{i|%heTCb~f5iLSw!Gf5{=pcd${CD2=`BWmiVXe4Q4NZUBZYn4`@8Uy zEMgU@6rjv-g!KG8EQA=U^FlbEQ6b<}V;n~$Z{%)`snOayh5K^l#21#9p>p5<{v(MU>~%ZR$L(?ounj< z0ie&{etTxx$X|%PnDCtDWQ6ejnYuz-`dsep=W#x#Vge}B;1vNC&iv95WXR4!VTuq% za{)*BFYv3odhx(gY2rS^f-g>JsA%(Za%7gx*$AwsZ)yH#O$y2q zZ;?eD27Og965v$GUw?fjCJ$lQ=RQuJ*nn3icDX>!PoLviT5Rx0Vu77t#+|H%wI(pn zT3~04Z_l_;$an7ER+`5Z*%_(cfan^crr1oBZve+Fi>(A&3A7S8Bmr=*IOskbh8iqD zQv;Yl2|Xi}jTl&Y>7UlDYOpq5zgS*f|nRJ*woR4|k5ez!5-rk(ejy@t1s;Nq= z?e|G$6n+{nOz4!L%Al{Vq2wHlnQNP9C$`sX1uqLW116Osg-b&ph z5gR6h;*9JJ#kc|bQixR>YDCu+RCq43ejej@&fG2X)Ic1&gXsiICq^tujOu<|Epv6H z5&ynr>!q#ydkgpK%eOD}OaFNZd%c&=(_2r_f_b#7gb_v$7^~&c&4oYuz6hy*7zm3V zr3;zxMZ6nrm)r(Oq}FS7@YX+_M~Hsh^ds^a&_mD2M>nFcx|xU5&1Khv@(F6)_+nOk z9#r4@`0l=@RX92lLL<$nEc>=6`Lp_TB$Pr5J=at)hSiA)2Hrpb(|DzbR1;%utm%)9 zZ|yScxECi;%nyC||Fd`BU2@$>g6PY8I?+lZ)gtBEP4AquGuv<9*{}Zo-8W}m&rVNU zNiC9+NQvH)<%{)x5s`VB%yLh%DkzJ$cW!NTH- zo=0-Zp_%-gJT^U*zFaNc)C0B#L>7Sxs}yJ_$H(Y`YE5U0MZ!DNLd8qBc#cF{4h^s7 zCZa@pwA$tQ{F0>#V6p?yE*qD1ni7vNQZ@CAZdNM3XKG{-%t(C5U~wgmU$c7UjzsK8 zZ0bIf{+Bye9}Shah!Gd*43(l?C>9H0CMV*8?>{Kfl+}@It7CP>&J@L~+=q*a4Lqgf zO`w+ISl-&b`wsw&jxJH_p=Xerj)U4u0X$Z@pH56V8ycm^u85Yl(xBsGsuwqHEG;6M z_o}?U_z8v^>-hL&`MH+Hmn%DW{Q~Z<^gp_Ubu7vfV!;a)?yMzLMXjz~KmnJmuAi8> zsYGQpgIb}P|jnwwfX8FKdV4(;y6plo+QT{;$aFr52+R$6{ zmp1{A8$$6`c{IN@=aa`~j?GTj?cHszG!3#{1aJjyv^Fxdk`5?z7Y(*uww~WX&M3;8 zn&XOFCQ<4z%&*3ZHiInGNhy?Q34iat{i&L2oRuBaH{_{L`WG^^$AF%Je3FDd)c*td z+}d8%dF|LhM_HAP>Fg4*%_czF<8i+ApsQ5eo3=VdLuAd!mUPT)iT#5yd zc4*QibjI87H~F`~aNZ73x(_Y^D%(#a+u^l_=n?HEB^`8rJ=BS)fG{$U;{D_sm3*{ z$_1lPnQd>2@b@hu5e9P?hQZHXI8d$GJd4T2RoOG*r1*|-t{{bpVinsym4&63 zBVp37#K(){fHc)7CrFFcmMg`|xsgIeyMOgz9Vhogl88pgDSq4Z`*cKqZEP$^Ix;Q?Ke)cJX*CGVELX zbnQvBZX5;VZh;TER<1qw=%&y?+X$a!^~HYN-s(G`e|vct@TZGE7;>oL zV77Y?mBe=sxy4D9N`)DUQ#>>!M+YbWefBI8_%9eiN@I?!hdE)dB5soFXKuuZYD!`0 zHB@+N^1Nv^RDTR|@n3jmM9rdZY7I<{YJ|wtTEq1$4*^_B{see{RlfXH@c_WdcN^Y! zvU98*j+2P%>+_2%rnJ_)lN%us6$y@X1Px$?nYZ84a-2AEfhNbCWLIR#@iqQwF*Txn z9jazXBnl*qtLpS5N8Ta+FHClc{O3l=*-JC()*jw2>%*biDnd$BbkA@qie-kBz+Iwx z`@k7@?pWoqYJtU~2|s4{5t28aM(jVSL$Oi%Y6{eQ4NaWv#6))w^)M25xblI`S(cx; zs}y?BG7W%e$8;KA9eEj>R%@*i?>~w=UqNttI`_e`vFW`~(mTz2hAgco`)8$Z!s_ z2@#a9CFK^~hUccIIwh(_XA5w1cC}x=p?`D9GHxc;1aGLw9*QYO;eMxFRlIVGR~z}+ zM0!BHIY=kw%^@-sm^B>|>sQJ~EP#fHq_l{c#A!*^kZJQj7j= zs=v)Ed1;KOQZiv1$X&hCR$4ZXQsgxcxjNrw?2sl?oN}{CTSaFZz2o+0@_10+5T$LA&R?Wpw36?6CWPZr#59{P}a= zC3K(A$&)@!I0axU{H4g6*#&0_)ckT2IZSgLn(iHrTc*W&8B#cNrAH zy%S@{$B&;ocNSx1L?K_3^r;Q!&)6+~5|^aPWv394x-%F-6L2k+%iXs%e}M|5%|-68 z+(-D20zuJ7M_@HACA*)U7h#7=b*t_D>jY@2FY z^-H}8tzaZ9m78$%(JiL5p+b6xN%df8O+F0L)!UKGz zrm)p>Z)oLpO1sI68@W)!$ubgM{Wv?li|>JUQqmc3@HY_?6~SzzN$HH#+e$$a@z829 zJzifMae3D&f$mn=n(>oCxFTTU*xL$Qn`Giia*^!YIJaa64h%OT|IhO>~ zH^pt|)&8E|KfX4}3osA=+1_Z47lE!dUc?w$x`B|mL^@t&kPMN(*3T5_kf_D{l;qeb z!Be3YbVu`T&#?yn4MbF}re0kPd;>*qT0|#jI^!FGw|~14eyfyT@H8;QweXN4e9KWU zTE76awWZJk2-Oz{`lI=EG+y$&D)YjywWrU;3=bkx4HfnRyE#by97AqD^Xi?A?f_7 z6`IzOG4)&U9|``T^B2vW35pit?R#T?s_US>A!IpUYb1y4WeDC3_%qW8ia%30Imj? z(+FuyjxNMZM;ncv(gD|YV>L$^gw;SzytAcZ$jQ)|*x+y8HYppyz#t5OSM@gC3&KAv z-5H|*FwNTr)sB&-^g_EMd;t_aom5rnR-()nr8~`!+xVMeBjM?j zr<^JznQrDqp>a9urghmBk?pd!{I}?jNkKdCD3usqvtwf%PZ7hvQ=#6gix2w(a3(lS zM_*TrjHDs~T9XJr3qTbdegi3m(MnX#+@RBA%ZCiNEPR?ic8I`r-=5GcZ+X; zqRQT#?8uNS3D~4w;DvfowL_t+Tg`85bti2LDLH*~Y;u!oY@3AXR=U&<+dcE_V(3h> z1B|J)rfm`I>m?p?2w0e3z)id@CVMs!X<$f@UF3AXe$5McUuE}qW`d{6>P|>?XTDJ4 zxPfZos)6$P+M~ZK^iEONljiKSF4|+(-nmfN_K#;H1)X$yyU!we!PW`0&*C;#XG02Q zvLS7da0DFCYr-xZ9=5K?wuzst@s$ySP7MCpOtpeE@^Z)$VGam!nZojVSOv#sa~{5y$@d?;f9>wnw>5_Q9(G2i{cBII1CNup^T%)KB1 z15y^2lj)>ssflNg8Q&O~k<`kVZ*0c>Tb&-O2ex0Mo8_8YESyB&iGf~cIWYV!R>7LV z&uHQS{^E8cNCW-^EBbQ1y=kMvhzy)o4}+^a;MCcy#(2Rny)+)8US&7Y+n3SYC?gSQ(#)eAof{mZ=JUo6d z8!fG_j#_o~!Sppge8*PYEHO0d7S^^wnSAKxk0G3G!vV~ToO$|wx05K=p^fP44p*H$ zHRtX|uAkjG`{}n@Fu7DP%!CXKX%}ngF16M?Jr%11%S!>kSXaMYnPO08H#BE1pS&n1 zcAETdm)KAI*e@+Ag^%&fi%y@-FNKlUzWh&L#Y|<`u&~1N^u+=RbpMFF6CubiHlUAE_Dk<9;=#@t&uGwYjq6Q_|(1xJeQ zO{lC4r{-m1YQO9FH`6@|{i_#84o{PX;b&fz_G|94zgqu7Zs>z_1r;r&7Z&7ZYT;F_ zQk8(I+!et@Mvg-lY1D*2y`P?P>D{MK%xSky3|(;w%`M|{=P1MXK5PJgiqfV`k5w(~ z<_wLR^mS!Vf*Xonz0CAiKbzP9zF0BfPX`|c^7H=A?;6c8kcUoI4D>^nJosioj7Pbf zYc8BwlugoA1shB5 zrn0}tnskA``)~59l9;a4ym)vtrY$TC&ykq_b8o;p_l5*j;kMjc;Uo}c{HF+>!YW*-wTF5gy9MKY<|(i0KZHbp1oMWThl#@0Ni3m zCk|Ih;$hrz_54NlHZ6$9(Twe;9Hz8sYi%Tm^dSQei6s5~)Tt9h>)Es0d9mM`siL{L z;=IBNeSsK@SENhS4~eP)S{!JP3!S4tF{Z81H?nCX>_(VgQhLRMl5Ie{- z@$A_%H})~nm=+S*w+V)>b-qxwSlv5ehCnRJLD@QLb%7|(Zpei*$KA1d&pH~aG0`s2q>Sdu!L4s!3_ee;Ey_4uh=CMES?ZsD}saHaJyqn;AxUG98KqH( z+w1o5Z~m>3)!ww5wsHq&lk$mlj%MAXXr}iBpS`cL#|=$6k9%b|?jL^<(K|f@_|9e< z@c(G#p|dRxBfb|Wq{E=&y}}v$_+gn-bK$fa-bry`b5_O z)c3`LixcAhOM6lq*&+p`VcQa|(YwyA+aU-@E*NIW{&#L>B+fGW>vz#=i%?TjGNby< zPxOb-4aKz(;eEOGk~JnY0NY1ob=n9_K7Gr09P6waa4-s+@GTGOQa8zklF1M{rWJ-b z>)8GzQ4(S~Bw^Ir1$D&36e#?G7MHg&0e9q0piRfG!VDg_g(jn&rivE;j^jK^!nrU7 z7BL!EIsnx1l|(HBok$8_r9c-2bQIB)^#&p;TMO=0>mExig85?ce3L~Lv=QbW7DBTqV02K?#d#>V)7KO1?{nKIx{ zCpR|62mIN{lg^Yr=TB=2pA?(d`x7n8fnihk2uc}WwNMa4sv**tB_#&WH+83AQukgw z!WKx2fHBDqsnFCsHi{M&eM;3{5&vSq>`P_|*HxCJoD4mNAcNDZ{Pay+waAR{CmoDd z3v4aRLThSdtr{DaEmO0-gl1+WZ%sKXZx~h%4B5hDAo-Txa#&V~_15ke9%K0$vcOarO7GV~B%7j$v=B)8<*D*+z9dT8VH>G|y0 zILP#hi0g#W*|OHsW+U?c^}n*hHFG*#GYbiF8{!Wm5-fQ6(te>f)wtnYn#C8TTAXVF}HkHQgLsA95|9)TaB05P1 zCH&E;(w71Qi+dcyb#RxB)iT-a~<&BI1! zysiG7C9c7#qk-3t$VrxEWi0Zdu(ODYdlqEiiBgTQ5X7Aq=&zc>135^q=y{>x1Gy!K z-bNns+SZVr1qIezOaN9j!i;2T@hzw=JZhxGf=!xZ2!OM&p;LX;sIAUos8uh;!XR(b zITGs^gK(rA(9p`SXAvTWMlXn3a{W zJWaP`K$Jpb7%6nvXU|_4MQ7&boMs!Jm~@%M=-SZe_z-R5KI52QjGG&pnGX9PfFrSW z->QOUW?KFF{a|*V)>2cN02=5uw+1x>WhR#r-jQM_Bsr}zVCZKP5RRu^v(z0i6hLO@ z0KG^8Q_@Ur|&lkDL5|io}cH=6?7=Zm~#@$1re{X0}B{0`m?F<8vt?+oon6r4a zxcEYrGUc}d?n-BM#7&~>W9G>&V!$u}ZeQ?|MbZWQ*8Oa5k_*Z^mOG;P(_5$nBz%2y zB_+7$BV}<_&$z?~kDoIEYjJS5bx#?Ky`?C*HxxEXPR#m>^w`tq3oKA1q9;}{hB*&e z;#qgiu#{ZpZ!HeRHeX#v?cb1=xV1Erjv`>9$)u8P7ww^Z_HX6#Pu#)N2OU$}6Cvxq zvCbUpvthS~PU)zgHg>*K6W0Z++w{|pOj|~y?P9$w)~qL|rd_tmWi_60vCV>Xx2~FX z$KqBlf^Ugv!wVFufJ&%?`G(CZe^$*l0QOM=n$1oT)YXHkUsLkvSE+@CSPCUSuGevS zw$;zAdOdy|fNc$RLbNz7|Y?@{q&z-{Ak-}vj2fGuX}o~dE- z-whPk*d#e#w>$3!sO|(Kjs^lx6uF*g3;hXI;nrD=IK|a67P#}Tx#OxEPe1=wJ6(*< z*4b1F|J6}qwMgjlj!<$)r-(GFg)ond29nqc8ym4vN!0y;(UKffV|fDC;`*)_Wo%4| zX=8t2?D0r^Zv8F0PjMLbS2O@hHCChqtMkSSbQxcOi3I(|FJEVlVWpMWLHHm#;J|Fpc4Q}D>R@WuwY#Pm8GfeU8QeZ<2)31pV-O*46n;|;1t*Tg|@y+E``s5FV};yS~4rKdAlOhXbj?%XOGiUSH#cOJTm>q4SLH^i{uq^kuwaR$3&VNSV9(f%1z z&0ZSw4qE%Bqoc>MOA6Y62}MjpWE1hqwWf6&P?Ok6z`@2bACp}^`t#4X(U$(Q>KCj~ zN0eY}FD2rtELAUL3+n6s8x^T-X$5IPF1$0dGhQhpSHQa4X#28c(bh_F!6!S{6|mdG zZ+t6n`D2ku);Bsg!n_qJDk9{<#mk{pC!b^9U{*4`634ci8OOoarKCmI<1V0U>yA3+ zxpQX-cDA|F^50s(${)J6Ks*kXl77a91*)v?oId@5r)Kh#z!SAxZi?j^oz9c0k?!iS zGiOhie(UFYy&JUA=NuGhyoCh=PXpzn9);B@7#f59s!B@L!YSX zD0&d>FAjtZj0{;~WZW!Iu3D3_8tKV+tVL`;oe}xq#O%pApKN|j|EE4=gIT){BU5iW z!n&ylgXH}Aa|9k4EP}Gr*ez(I7Q%cDm+@W~)nhHx_M77|d2@=G{^hz^bC$04*dwg< zpy&Yyj*tU}8%n+gFC&zZNH;V98RHCvHR(v(+=yc;nO|>zZg80A;cAT5B`vob^rmNL zX6NS2KmD{^ZvJIi;OwbmF6^M1{DjI##88eg{|N`#m>a5i&9IJ;1B0S*KwFp{lZ2;F z!+rVT!$+04BXgKxq{6^KT3nB6#=2vcO#w(CB(4FkSs{hb6ruAs1%AVcCUnMAN8S!; zHdobw+}5G8Y*iVd^cubj`ST4|cTn7b1MedT22QK*W2+D9{5EockNnt3Oy?Lbe3%y2 zUQUd2#xRD)iceXVo%J%RT8-t>Y~_+3HFAZ`{f=~&U|yz6V~>v?^}SdvT)dSN0A~db!ZEeH>)0|QWh_~9F4p4 zM)>N@4=u-4n^6Z@{IwdKP=nBjz9@5qBHb`~w;U@DG`WHu$&)7K4M$9LC>R1j(O6Sk zfS1RTYh^4>*syW|hb4#^WCln3a24 zDQMJD7h|z82Ay37*vPCAW@*yhTG7!FgVc#}8asw;8W{gIs14P?9UyO6P>Wo29$Ou; z-8d4=PrC#EgY{{*w5pUe%S`T71(p-Bx`fIj&YE#=#!~ z+-8g>rJ*Fkk71!jI9vFgJS+}3MFddx0>U3?(_gvD^@8S;x0=Qg3SD%aA3fJ{^dZ8K{2#8A#O)X;=-@c>WoiIPb@iDem{P|Batgi4y zSbqBC>FwLM!JBH^Sh{rS;_1_;`3ICE3pXHJm5&}h;^|^%@uQDEG?qbj}#9lLTUqBi{N?h6BdF& zitryXLJ_~Qpd(MA<&w;rEWJjKhV$DqzP^wOFjQhnyobpFR;yrv9aIICL{#)jzN$P2 z%J*7daKVvnW0BWLe7}F-xj-y&hPo@~RNmhb=~W+ra>1p4N38sIBa zfR%ok;j~H-8I|Ovl;Cd&0_>+YmF4{T^K)~@@;pOa_H5Mn>8GFRUU>m1%fLao838K0 z^cy#BR*8H-Pn#ept7p!fA?JY6 z`R%v=fEKWEoQMOXV{4S8k&vyvHRdwa_z0E>0R|*eSqs;$UFW%C=;7U~76YeMoax&@ z5(L6(PpLL9nBOFsELkOsjVHF*_}HzSl=pO;u1dVuXeU ziBts5%v8`j*cke+&;V>7!35R~#DzRr(TcMGx6eCxJK(_kzyU*vpr*!0-QQDZ;jwCh zVBWzN>S6**DY|I-Ce}$0y5^WWoTq1atr}l*2ZYT$HZwiJW7Q@|VbB$woq${^`f{DG zs8@sgR=b$|hJTiN00u$%zSOF032_Ry%!Xdb(5$jB739sicCX603wg<&VaV9UEGd$@ zV2qfj z;6Q(JfR#|QJ7cG*tEE3L{@^Uo175g`! zQ+0ZAMrE8??o^YQ2lpK8-__A05oMJH&m`*^L7xIz$A31z=(-(Kl;B~qQG^8>Tb8j< z5W&;BNw}#^#?#V?ea-knjmz!EV;2dG19=I%yGM#^EX_nIn@Q=W=fC}pUA8;zjXHQI7$7ZI07ulQQKh#77ShZ2at|ahKN!l}V%HhSr5~pXb zU^cvCr)M*d)xxjQ_FT|58OiC`xGl+1mlDP1g_{$W7OfDwuEzyCCgE;fwWQahbO8%d z;*7W&a}RgNa{ZqhaVhC8)WtT`9>%M!B#PRvZmXF%F4XCKU0nxB|2lQ8{{0$Jn)2z3 z1>*u3P3Hbfi=nnMtu#8_u6f;LECU@Fmrsw=3~%eYA?=}RTpQiBX;w*kixFyVj#(AKsXAOTs5rD1GfXoXGr`5JR~`GbOWtMuA*5Jn~=lsZd?OIq&Pi$y(e zmstA+9KUj_TdiWZTh-{0B94e|N+mG+JWfwEZ>0bxuJUR%KTD=__c=ziSD?9DreU=> zMWt(yZ~;IyeZdAcyVofUkTH#7C~Wr>5m{_%F9jAyX~TQ?gA>PKYi?|X2R$e>#JuJz z)DS(03^*|0z<>h-4h%SObR39LEeFB%vA7(m}sfw933Aueg#!vM8`Lld|SR-=1m|uvcnbno$#dTLq`A+=P zCr^I(@yEaX`7hjApyJ~5```bo228)zFx2_P{P^RK*REZ^dE@4>~n9w{`y;QZ8UOWshh4i$MCcH)1UtQk3T+p_RNC^ z5C8Co|G0krdmcY-N91^FOZ6AO_~eT(zWCsSQ%F*}owk4cKL@AO3S^~weEl7ah@>W zy?gJEfBY};|MuU0#~;*iAo1$eYk&XyH-G)>->9hH{qCQPSv0nWGn#P6G_qX3{)1PV z$-pPCv4Df7D)aKxj^BR!4?{*>;97j3YA7ohj0?Z~Vy;sB>uhZFf4%wBPnMw|p?OF?F1dVN#;_1x%&Rg=9z1ve&*jUX z9y=B{>KRG>q{5y)dxpcjS`GKyRjWjK2ciEtz{m;5PPeV+t_pe9JGhRCSc%<8Kk+bX zkP3klKj4ipN0_36Q_t)QnweVA7Yug0r3X*m$vwE;@?ii!;J{WKp!uDY(B1Skx}qk4 zo6b9oJ85c;8^T!rMiV$4^^rHuMdS?5c*hDhK+{E?CDvf%vkXiwm#vyL=+|Z-S>i5k zQ0~Mzh#wRO$bfkS1-rU>X14Dln(k ziGUTblM#7-iZ#KZ*cgc| z&TtR)$I%%>q;SgtzfZc$w%)PrI!i%MOryrZ|w^d?uAzO|XBrkX4jc-%yokoDZJe%73t zmpG0OO^hwa9-fwWXJ#x7FD(Uj8>n_SN5|6bx^)|3Lu$P5pa(qvGhUtK#~+tmy`a3- zQgZsS=Qk21(pfKJ&#zRX8PnL>$kh0lCgW^pB~%yQYF?_=6oRQ85b&HjZOB1X5Am{a3VC^jWt%$3RTQ+?h9#4o%NJ7?>>`)-22=`|2YJ@l~EzE~*v;Y)q z$=QDa+d&DzJ~Vxzkwz!tm_*U$SxqcO(`Xba8$+i&%K@OPKXzp~DtJ`6_PmprP};Be z$4>ei@$T{jl_y%u-{$;yRRRox_QF@Gh%M>`;01BVdd=H5Snr1>K+gk7{fdj!GUjqb1S?^bF*uQ#J;97j>93P2MlHR#zvw zceB&#wxc6RVNcejIBs;)D6COdCREHz)(V63#q$NeDL>!*>Bfzlw{G21kj)|2ym7mM znZH7qvdb&B4>{jly>?ytS6_YU1|9oGS)yxK;_|j1fB4ajSK8OE658(FyZ^%vKYsJg zKYT|R5~om^LspCypDs?u{cwv2Lj_6{2R=WG96m$HPS?p9rqtr%0%V+Gd82alDK|~l zlTx_lx!YAnPDpL1inx}KpAeid)J0ilBgGc=QU!J7T~s`T!Oqu<7eO-V-HwMNx|j^k}5Wid5~Sc=>Ml8RkA0>P#( zY%{yOiohJ3oAY7KhMof~?j1ly8h7kUT8hGkhRFdInvM;gr9~ zl`GH1`LYmiPLo%^yK2$Jn@=t&=gyz6Rq^5>QYm>gg~~Au zapR-<@`ZKQ;_;(LRu;~jKCKrU^3(#6f?CV2doM{{4tOK4lym3em|@TJERdWrPzL4y&UPKbGsq$GObHLzy2xjydYPWc1|4>+)tp z63VLzgJ=J9fKM_n zuAUN)s=dBs-BquypO)h)#aPgec7eQKKZ|?C$=++e+gyhYUzGP!O2KSj)7^4odu(sl zTRKB9pg7!v@>t{EqMu|BiZgH1(?csO@o5#^ksGTN8Mo(i<<0w6Pa2CjywW+3pFEY# zkvDk@;O%1FJ40>Bz?-a&9w#uv*d&C3S;fR6OH7)s6^}PbRcBeq%hfH*Cfs4V4WWZw zPu7nVSJOuwf**xb$M#!m!>&A62kW=5wNA(Wdl@?e{=D1#>8#y>#|IPs183>MAgpPL zXGIPM=^MlnbjMW8B*bl1JFksqHEVe>OrjkrE%*d`-{514Yc;V%%iBwFOc|HZvZ+)wS{G3SB7eG@(6K_ovp&mewi z$UdtL30~K+U6?5(U+uIqYQw2+d~9Nd?I=V=UC=zzGymKF_S2PZoL(S1l9U!5Etucjc--mv4lN>xR%t z5ApC`UC7dl#U)j#p$X#EeYU47s~^qDWkKu8A|rJn zT}GUF^fb=qV$AW`>2n_(8=LNz&ExIs)%n)^_1XLqr&YpS>FVfLekXSg-`qDgH8DE> z;>CTti*ci>o1bD=!+MQ@qqLT7X^IjbXdjD28->5K#68E!XK_9|5WTm~MRH*Y;n5r$ zL#I6VGRD2_@EbX>X^M6#k8N)?nV+3tm{1b#mBAvERR-<|$^2q^d7%(R!o?efBfa}33pf4**V zRCY!Jzmsxc73Y62GB?Y}Oj|oZof$>0%z>A#DAZoOc+s^h0w*3caQFH9-@oPu zV?*@J*|S%!eCmEUH3EPnFwioOzx?tGH^bTcl*0Ga^V+p*vb#kO{O^AETf}e)dir!o zaqd|C?Qef``SPc{g=FW<#LM;JgNG(<>LnM?p}TkQE7U91>}MCWl~qnrPdOxEh!*F( zn^S|MTxY<*UV>IWbLO+h70gGT{s7&%3PD_+mgYQW%MhFZb@< z=W|JQa22(F;=sebyLTyn`jZav;hKN??Qbq#{McY*%rZ0>M`$NUEQ~>V;^oVq8i1V5 z5QmV~;sxs*hI_}ISO59eEqJ8(gN;J&;#GOs-oAbN&wu_4w^~lBt||T1uYUQ}S6|YE zhVN}UI~77{R46>Wa&Ojh~N(fPp9H1 zCMF%jVTzXz^pV%gL@)OBmh&pB&8Q*vHgodLe)nsrAN?*ywmj;nXlQvWxMXHw$*-RJ z*8$SAS#=L<|Gg<|K!3xEO(X9!e>P>v0Vci$D{co^+de@RCRFLqj#aWa4bakq-dk() zXUjYyp&Y~UtWU__l8hj^NF71$Fq*0Jv@pe^cE0@DWX}54FBPjQ$0SEE*{LhFI{onj zLp!wj6DjW#eAYi4^+x!s;wR0RL-ndJjTCQTQO1REoza zq%VaoiC7gHlh=0UrKPyDXUy%r`2oQm^>ZK%4AHWX*Q5gSZS=plQ3MUhc`QB(w!UOS zwdBgxWwUA6;29sE2;=XLs`9}ZH7#g}&9)Nbi;2n(!6_Lw!%gZCnL0mM~Hu|bni-7SLbx2|c_HFdXR*P=X z&jWtq%z!_G{<5il3)vXxlUOKz?SAn=f7z1Z>ECrsq$eJmC+@*#(6@n#@}WJj^C*ZgRCe!Y8IoUmq;? zJz`hlsnO}vAAIq}=O2Ca5o*!q);bYrQN?Wt9$$!tBo7SEyZeyCDGM~bA$~X=IoXdTPVPAoRXKjjJ$*&EBNfH`;K{E zBjV70peJNL=XW9ZgeOm$S=f}Uig`TywQ71%ooQ{t7US@-86PP*;Nysj#xzgdD`~MP zgd+11C7R={t%Zcgb+_5G#5Ia=XncAX5YrFbe`zp|k$IQ&BBg<`MDbmyUfZ>muQ6TDSKtsA8^xnPu1`b1s%TOg=yLO%G;LJ(|X)*)EhaY`- z=Ij}-bQ4+laq^0QP5V-?pMU<@FMjb0W0T@6&g6-XM}|p$pRzoD@_21+)u^E$;|q9+ zoq?)CfLvFvUgHZpJ2U&qCzq~VxqR{B$BL%YnvSM)qnja8cDd^8M-8b`s=nL=`OETA zC1%RvHVTh84dcwb#Y6@`j$H9E076x@7}rl_|apP zojQ%2xSQ5V7IiV*~^zd#g+!9AP3L4kpqno?npdgBMBOv zxQaLOxnssR27s#U*OMwmhQp(KdAVqQV>I+>LD9^^4B8m-YdJ9+-os3wp?M>Wd02h` zG3R1|AYcm*0bs-U$#}qdmYnP@R4o(2o=R@nBv=&H3Dd@t_L6sy)ZToS(LxmK44N{m zsND34f`q^yW##{`sEWcegaL2EF^HmOvx05#%oVo)0FHQ@Dp-R4!2F8lHWl%2vZ}2W zgZLmyX`c1A)@8+81VyHHNSOAIci~^$5PGi(U^Wu?VpoqDv$02VNRJ%se*?PvR$)7F zGLBXjK#$l4U~eM_s+Td(7%hww!D59CRyN6;i?61`lsejap-`~dXB(G*QVB(mIbcIr zP7q(|iv8~|=zDqrRU?%1jOn9ENU5d$<45_S(m%kTBGDQ<2JLmQ^3e3VLy8QXRu74> z+o5G_QF%fqke{Ul!|-d{V>DO%31zW%X6VZ}N`rW2>&xMnVTAH<^3TiRJnoLdN#kv z>&WGBjErZ`7UYV1HS>5@Fs(rIS@PBYhJ8vzC*d7+=!lXW%RtPmx*6j5@t8YxynkP! zW^qH~F3E^Hc=@WbuXt+BO~=Oy?Ksq0`BuDW_pZzd56!|#5gocT@t! zuqs73WAv+Kkm%w&=<`7C0`IZ0shPR)$*EO-iRRNwOY`;=7Zy-5H8aDFc_{8R$%#eB zcu_nfD!dYv7*%u4!~Bxs%O@??2KzvYf_LqpzBuofNIPx6{~AG#&rWIJXD=3(R#v%h zHZJU8Z8&j)J0tNCtMJt8GluL~d2;&HcjSEawBwFdLt!}LuEuTC_9^-9j|{E*^r_tx zpIWn>53OAXVEHi}auwf0vC-~nK(WVQFW;>hzR`9VV+!3>`j&9(8X6@WOI~kr{Uw9s z9r{*+27S7EXr00=!DOIcb3V0A5R-bW^gO|UWOC@7dDR;71yh#hA zJww_06|W(>))+R<*X3w(C4B5w3VVYrY#lR=Hl__Yi_%sp^-r7lBxCbOD_2+o8RFmI z=lFQtwOOC*wOen-*ULmtb_IDF@K`hWUvcg-JZyO9urF-|DMAXbP_99&Q^uzP*qn;+ zO7L&eFs0mj)dc`17@Z-ll-PbYWy>$x&vI9Vt@a&x)G>*@ss$e-o<_`Rm${xhe-8ZQ zcd=HZ?!J_K^3=(4dkSIbp>Z~EvO`G4MJ&=H_U+K@v(cQ8RPzvuIuw-nuOWEZ@*#E? z;N!<3Q3N>KDqLZ{d90329-o=yVBDH7rJ|`-4SkVdf}tLn_XkK4ROE!rcw$j-$yd&~xUIx2-s+q5 z=L<_HPk&hpbfJw=Qa$BhDS4N$Q6?M&G1fet(xRFwg($vD)$H54kXvgZbolk_;e^U{ z{gYpO^6TIHijQgIIZC(iK&8@+0?szj6?&ouatK$V0YIXkhL}>J^s1r9AaeEUwV!{! zH8V5IT@^xZrbZ}Uq})$S?HCiB-;mes+&oPmK6s#@FTVJEBfDs-AAa~jxey}bv(G>K z?Qeh0)3nZPbdD}Xt)UeXa>X?VF)|iTc?p;jjg0!{lc!Ja-nqkJw_I0^0z*S5YK-$V zOc>gtv$sR2rW|L%Q#IC50TA80_xPtiz zfB!wU;A*>&!N2c52TG7UDLu!CNJYQZxhT|Am~ez#w|)M6Vz(=$kn~%<_Dhc{MWtdN zA})bQ#UdpP7E9}4D0gh)bi>5u8nMli7)(M$_>o$~#$n0|Z7uB-yI-x7_5l;Y*V5wR z9(n_qvdkYEn5fjNvO>j~UPQ)t5g|()T3d~)6AB4}t%~zkLwLO{z@o|qK3m7JF6vZ? z2}}~guQ9=1Jy2$W-ByyMqAClEb}!14NlyDnXvhKCqA*f(3Wk%IK%*8O)@)G~)5)m) ztGoaPp~alt_b+Xv9WfA79aa&X(?~Dpa8lpcz5`ajOB_ghkHzxz_N_Y(Eiy%@^!mmK zRZliLRKd~In^%$4Z3gu?$o(?4u7Qe{ff#aAw>tJ1+eU-^pmrM^ z693!iLn&oA;PxHh-(P=e_;)Cg174{)6dK<-q}9*ZtL_t};aWzP)aZlJ{Zb94nNXma z9MMpS{Tqt@b?&OMAWx0Q1$uTulKk+~t@~4>0%2FjzxB$$sp}&}sKl^`ItHN1ko>9l zuUPS3!DA!Id1?NVj51F9YcI$a|6Y3<#d)t+!$)Z{S3R;Es~Dr9#y&}^>nq$ zYnb264~;7*3&|a`sx1pAHi9XQr=DaU1=OsJfwg6xcl1R#=M25{A!O!M@lZvRJ@IJU zU7J+it0rvndiP0+lL^kRFx zGltg|2nqzTJLqQ+QHht<;7oyQ9Bh#v1(dVz*7~1Hpa(7b=-R@{=(1tMSBVfRySN)Q z$77?{wXE3kO8%{Q6mtB^ITu~J&Y6)oA!nZqJf!ScBtTxAX@2glI2GriisP=ASsfYX zu8QBVN3$lQFeIBfyrQwi7!iu(EeR#VuEpT7N|H+s@y%M8wK9L|p;C^CPK}Q)E%I5N zClA(Nj-NQD+V&EbmgB$!c)3FEGmuqlZ8piOA!MmZ`+;z!Y0#i^EoR_xtw+dmYwtuU zUgcBCqVa5suHT_!JLGo{@Ump60uCPkX7pF3HtFx}DrZ%Ltf;Pkf>-{{W#6v)CJ?x4 zqUiF;tH`NJl(83$Lq%aLPL{k!0Z~NUP@om$CH4+Qxa7o8lYzXdez~1sH$rG z43lGRC{8uT2@PXw%(P-sRghr}G@OYn?GRB2G8i)}62HSzZKazxD6U?4!f)8j&wjKg z4QbYTWg^g7kV29eM0P<&S1ribV5*EZHo1T~vfBw+2<0kRuNqX9()BF-RUh*pzBP8@ z*?~AYJ3DP}J{>^g7Bmx(uDm<`ggo#MkC@vrLAet0+OZ3J{KRpdg-GSx!{Nr&biPf@ z1;^!Tm8E%VBC8s)jXc3gG~!V~pLR8K}OSD0q5 zYElWH@ty%wh?5TsjAWiSjASl8c*u3h%`5C-V7MA{uA(BSiFPcCFp#s6dV!feHs|_P z5x22EedeZBZb^49UAow&J@U63zMXb-|Ejf`R%Nv{M%g28>UDH<^;&YaLwGs!G&QH- zddm^PQ(bm+D*+?GfC<{`+0$qEAaB^e*`0eOVgp>w)FgAufY~ypXBpcPmAE0t<_U6z z6GX0w=<+lfuMYDk+R5D3C90mj!&4KcLaP_UrMvixYP3ak^8)si8dM3%wY*#)7HQpY z4cXdwC?50Eq5%O2MwnSS72Ss`T6qXS=3H;EbaTe_;}{Mt-NQ9xklb{ghfX=vl`I~l@>sN zKF9U*#*a7kKE$BmqmM3Jy!dfB%PJx)ngoOV!Tkr{efJ&0@6!9&KVkkV}w2B)l#U7w|xvnaaz*`|gaFsQ9_5%mVUWp$Wqv4H^1VbPL zB@BBeQbX5Z5(8ErxC(8oNL7%imy4TA*;xKh zq$BIR>HBpuHBx@_E$SFBj)&>vnw#380DYVt46d52(7gbBrTyvCC&oVVAWtzoto-A? z*F8(+*5r!>GSR6`stg$W{M@;75JF2QNpYvqo!fVxJ%5Hg`i&yeSehUUTBaE5{%ORB zqlXMb4i9>2`cNv@o(p2AHHwQ$)b1+i6|I$!ac#CZI;(w?54X%6h%w{;{Dt$%O%@?) zh)$!@QLeI7G0w?lYNJFHLKQ$m>q-PeTdG~r?>1|6nR>)~a`f7qHPYVau%Di#DTU7a zR+-kOt8fxIEn5KZGkf3Ry6ar#N|cFPR{7lPV)dup`=r)pRko^KvugfWyL&}gsg(8_ z4+Zv0BY0H`t-Wd$Id%(A{)OOA;P&B;+>DNWqR>A3$G=;82JnqQV#R>}M<@?XLmX0M z*Nd%(M8|uDR+m!WaO_MgJzQ+ujvqVg@n3Yf_?_>PFH#~g())Ujnq;CJnLb7k6{tD{ z{c+o>>c*csrT1ZId{(JyMM~DRfd?VA#h`rUk?_TyZgb9do^70C**sL+UtKSF;OG)$Hn7T^08h19t@L%C*f; zWOy6BeK(S&k8Eb{U7su{g57#6MriX^~TxQ=zV$6wk1CyNLnbA{`$<^ zT(*wx*{gnTBr~Xn+W&3pq1c5!58uDXg@hDgO?@%l^}OM0v%c<1BnHyl%p{p9{E{OC zO|RBPH|6J^>znBNi2nn62JKsYuia~i|3E$m^V1k6gn@qOcl{8~sB!v;C!)cBd1-}N z-|Ep}UBpNgKV#fqTV9WYt@#xK^Ov}nzS_6o4XjYvL}Y@ppZ%tC-J){HAQ zRrAVbtu1ZldJf00APJGHI+fKxDuU^ytWHR8O=dxQ!jFc!Uni;W#1=BiT5C!NX~Q+0 zDqmg5$KFL-XYHEOE5hoNDd%p(OviioIFz`CKR$VU_UvgJy||Qo=&pMgp3a}ht`Lb4 z8-dW~>%DvTe52SLB|U6DRB?3_Tx`QvraW&lV}lImt1Z|ju^$YT|C`q$=)8FGW82A` zUHtw1?_Yb`+;xAdd+d0Ko;h=-oV_}8Z4=ko?MXj;@bK!@Ydm`x!`H8WZ*RMHlu>R| z89!U%v;on={6gHoci#cyLmX(RIj8{}lt zq=4I;Ds*xCP1Cgd@<=lJZ91C2a2nwKps`4JIy&rtPL)l0$}d^B(o(7qTQ7OHLQS>! z8iw{}V-xjzkDhD&GpFXPM(%392~VtAkwz8aD1(O;e+TN-=T#umIzD$*bXo>6lv_5T{0%hpp+o@Ab?|86 zh50nSMR`i`yRryR?HI+J!7v1XX=-ZdH^6=S?LWTz$9IMjU|)Rs#g|`x!6Bw#j5v4h z-gT)e-@j9*PVtVluz%sg1(e*rb=zqNPP8)ezGte5yLFC9eKwyX;@qX~&5u3s2I6dQZ6UWUs;?ju09_Ss?Aw3;_y6zv?|+~S>6XtvyYl(xSLhZ2 zqs*0PEsp#D_HX|VW_fA(#K{w1eDOI$JzIR18l+UOes}H18#m}ZT8nj|zSIt9)e9e9 z_~g>1&py9G-_j@CJxv@K=l}5^{|OkF&l>#mKmU%tqCWvh0r2O){Po6-n}GSm)8T^j z(oxKN&hcpGUSDpn3Zix>^I!bp(&fvS(dOU*foDcuyLRn|A8sI?=9itU!ZSNFbNb8~ zy79BmF7r2~uVnW&`S1r%{lbmfGqW>Qt}KEv;_I)!F~4w%fRa?loHNd#{Qvs>|Cs)T zDdDIIpkoZzu3i7@-~L7)5;p4b_rL!iV2m2bEL4N%0dhd=YcI_$kQ{awfh4yzK6)Nt zSp!sk#Q_6X9!?|zqbw7~_O2EU4!bU9e?Ajr&-#t+m+1mb%^J`)(xrP@XL-Yis_D+15RSEpaX7 z$moPm*~VGV*wYvt<(rkK{*5>Wo?8v|pupPm61So0T5o~*aLW20J5#S1Yd+oQRgPX9_Xg z-KoLnJRoR~&;WslvFpb-Ic8fCfO*D@tay}({ro^DKULDJBIb=Dw$acLYz?X!-no}q zef^PLL&MVI5*WK6d4b3D%F39vLPFvV4qHvLK&aiWQT>nkgLb8=#T2fGQq3* zws?{k0|&Ae16sX0-e$lULQrN8Ug_YWY1*$;HW{3A&rW_)c_}(H9j8^ck%C=(yBJqF zhy6;AC@}sMjjDs=e+$(v`J+O+;^)D`!`NoRp~~mm%AbH z>Tad~2mP!1=sU(A4Q`mK!H=WEo!fEWk3p^kp==Ko7nt`<9orIi0a-PVAGzl939m~xc*J=vIPG`ZMn#^twcFYT;L_^zzOLWnkjH1{xm`~ioZhni)0X351F_pj zkDC;@@GSj7U)8R`BZ3B7%dV00H0fa|!o~$n#g8AK<6EQRo$x!xvF;U2a>Z*R7^tW=iPP3rRL(LinbT=+uisYJ+6mn)AJOy^(Pvr{Q z2=UB*mDThpJiHPQyb29MGz+R=vZGOSZ7ry?5CFYiziuEmM!eNha$yC#xg2Or{Wn7P zo}xjQ;%hE1C&x!EIfMi2`Z~u=vr(t+J$FO}UVbw>lRh&(^uU&Gplhssr}pQjC;1p} z#8cCJ)e$zn-BpSb%{t2)6+QBL3JY=cHzpFxF(-{_wI2=Unuy4@m|y?kw2BgVbY>iA zzy^^`IY45$MwuiVGH7@@KaM2qB*UAcY7#YBNKY=Q)jFFLZ^b1NlUP)b0~_&_UXoKV z4U#6Zf4OQ<^;IOe#KSV&--F}SH60=t7c@%f$-DrMbE;8>hl3H*=tgq}YhS(;r{|5% z1#c9l`FX)!{qCxCeohxJUi|daU%0xJwo!3eo;`c&6@;hU^@aA&wwk_J(vY^!Cl0 zKfB}BD=S)|!1k@gHl=ouxLXbo9u1^%(`L5(Y*boaTv(jQtDv=G3Y!NN5@wsQV-awY zb~yDK$eE*-D^omn%z6X>2y=2t#c5`0xioWC{0OM&k0SL`z1y6N8|b&+{zD^DLE=%_@*ZfD8X0L1 zZuI#rAfoe z>Xj>o>^a$W4SWz>+K3orAiL=ZXn>a3nB{TbH*f@(KKcleIVeYe3Ci!?>{?4*y`HV=m%8P08JlpAcm+|WQcx830VCo z?a>b;GS``brdhFHR&y}wL+4LJtu+%%LQ$_4WhNyA?EoyS#Q56-d}5E>iHT~0-|#*) zIW8XaK6AbO;1Bf`s7r+%JpBXw2P+Q)es=IP``jTucClW0h*Z3Ps3{}%WzJc0fjN~^ z#)21?Mr}LW2x*G zbKO8-G1o;Qbyr9id;9QbN>i`%{DywU^xW*M8I*M^bD_8En{G`l_8B1w`c}ihePY`~ z_UhR(itH+TWh~3hvqIsiSGz^HtJ3!aT!axhNRYiRR5=g?!ZsfN1}oa$mU{g-U%dV8 z+p+$iy;!XKDH+^?F0(NI!nR7ddyct))S%S5+qU#GBIuL2NMvQDaat`RH_^}8c=S5t z>Jt8A=|+Y#5XX-U`_$)HRd>OTPfogTHE4@P!v)i=>Df7#iq@%7 zj%fbSv7eSYyu4UMl_A&a3>q~^vqrzSLbY#Hyd5TO8=8?$EI*xJbk!$OBe|Ld)Qg2> zV~X)&Zw0-{T;{EA+)3A4BVEXF^pe=r@(L6~T6scK2{tiL-2X=T7WBoI7{spq6aV%w?R@YSJFkiTdbD z8<@CB|Jt{`)HdCs547b%6er#ed#vbhcqPIs$4+*%yN#dGk=S)?yHJF1q=&AASGA3* zN2ee+SWd6{6VoV(>AN-~VQNQqgQA zx!mz7yKRq_V`7pEm@mtJ{^x($D7B->>;dq}Czt-^U;g{$%b%uU7XBz@{qk-7!yo>S z-Bwp#Dw^kL`O;PCDy3?%Bl_bFJErA2;FZ$T-S7l&7`cA=%daG=of2)JK6(74sa@e= z_@VRS#~=U8zy9}&7eDrs(<<}KrtjIarE#$_gI1xwuE05|cXqYW z^wGbFC%_0IZ|X%1OqNdf_SFdOOJHC~0n1Tme>Ed7u(&0Ml}<~EKc8Qs%Y6N*S;^d{ zgpvx2pL{|~^lJ()ucN#t+~ArwC3{tG>seCjS&?n<_wp)co%2hsQjH-vq$LD~hw8Iu zFT7%_x>kV4Y8Bmu5CN7Wh_VO>6V;lnbb$?ic5#5-pd@GKcsWiRXq-^MKzd_)4cUdH z>u1RlCF6*=6QkZnD;hL?YiK3DGUSQ}Uo@JX;U60d?@jhjp#m@6M6-GOjztV8XU?24 zDEn$P*CGQG52s6)E>ixkLFHORhsQOmacCsIS99}5oLZse-K9<27?F=1yTdQaTi#l{ zU5&zDfBmgdoA7`B#pl2I&94nu+?zBp{#&9kRPkQobVc*jEvE+Gh531&qe{`@iZgm5 zpjfS?Kr#$2U;b3NUw{1#$nUHPV%+0i+^$Kbm^GAKF0GUyQIT!#*jy>YDp6ZtzPBbjgwT{N&n$(~$f;ros^FLGW*-#tzyJFmJQ3lZ z;7gZ2rr3!rY>>D(_~ONn&zw0;c~WBZHmc0skY3Y38j@_&^J+&!UcGu%T&0ktbV!t? z*1R5PrZ@S_1ugga=U0Hq0t^RE96$c6U;m1VR$pBP+0uFTtF^arm&fWVd^D$F!q*#+ z8Z4!`8DxWSpd8SbYhYrjm!hM=s5LEqpydpZ^%nSC6uL+uE}>gQ7Ar1miZ) zd9eEh$_ZAqnGx3dYu;!uJ$L#F>SDW0JiNAe?Jt;AQFavSWgziQ=tJ@HU~wKh=7K_Kdagdm(Y zSIy4)*2@BvDLhs2l!oSn`}gt z%JpRb<`zx<8_3(^Rw(k<^|KurNG;@nZ3Ch`gfo9eToB) zBIK7Q63Hdkm)!KK)eIq0;+uv!f>-I-B?IBxkL>M%>`k+T#J;rm8F#FrGX*Wkly0Zl zf}ouzwc{%hr!^+Vcw}2jGaOiLv4d-w)t~?~Zp_YxXMl*%RhBLQ4AZOw!fDM8NG%<9 zLGJmdLUG%lfqKd1=wUQPP?w-dOsnNTs*|0?b6@sSVUK4Ue-*P8{-7iaZr~4=o~Ya& z>YKTu202&|PJecbrG&1`eZ;ba3VEv*3Ex@YWOH0j56sFk#Y%)|+UN6bM0!c5z&|~? zMuF7vFI(gX7oVd@EwdF+5ET{f0Zvg5wi*2VLr8 z@5&bDhabLn52#tTjdnYWJX)?@yFN2L<@Ap+S31WFJBy4ir^|BCjw3OE6@)6cf!eN( zUC(FFxz8%%tFx&-FH{{w))wO@@3j6 z)J`zxmCKhuRR@*w5zKGC`PRN~t9AwF99=lAhDWDu+J%MKpoNNqrj#@nUvnra0`~S~ zx2n4hSDvY?RMrKD9>z94YoIXuIIZ4yJKY`Csr^EfOH9jFTlt_w1V6b1+3XfaNzB?b zQUo6tp0>@LPDQqr!>|&r-QQl?& zo%Z9o7P+sKz#Kom5{;EktB@?`b$wphbyj_i4xu{26oy>b@FpW`re;a@Howe_>G>m0Q>Mz7VO%DL|5urf5Fgv?OlC^@$A%rsx8IVqFwxP>g zV4m1gQdiBiRl9G4$}0j|^G{BvggX`-8(8NgH;&^U zpPN25>k{9fHebd=E~Hi{4C1{M)CB`oN@g6vC5k>z8P29TZHca!(`E_dli_{t^e5mb zI!C5LCBI0r(WB+*=sv!Qi8wjgRovib7YDSdz_fAz;W&7$U z8{pIjr_P)?V=Oji8Q&d);JRddF&y)?3J=mefI;N(incdKM}NtAGHq{21yC+WhF}=J z|NeU!4Njka`iWyLP-#T9mdJ@JJXRk*wAjKPz(be+QB&T!^-mF1qC(jTO$P@6$>qzR zN-=u!1~cSwhXP}8NePKY0!Ev&M!xvsbBAQIMC(E>pmE59G zgBq|%f`}~SfyDzG{iYw$H*61ngoGA^okL(`UARSKyJL2ej&0j!#ZEf5ZQEwYwr$(C zZ6`1P;JxXqX^rX*&Z+x-Yp>mtQ95faC6MYXIAk8rb8P}p@+v>RLO*T?u1;#CXwQ72 z&vSjF-r%ehv@p!f8&2(d(3hMlI3lI2a|NP5e-(K7g3O`FU8VK1A7w66$v$lJ_F6*? z{=8UI7AyPjmkZ@}2qv;~TP89ya-u!$*Wy%>7MfA?yKYhv!TgglBTRq&8T%TmJuvZk zL(X-5+}*=sY$(XC#L1!h3WYCKnr-75A5XP z^C%D`L0UK}^$$gMg{qs=Iea#<|7DfCV(FyWjEz12f{>u<0WUAiQ9yYr>3;hAGmDas z-^_|)sx07tkgTmjep~kePpUfXrqJzc!W+qzV+9lysa+$pjxve6XK)~as$dS}eInINU%XSe+qfYH>S?my#@NlA!)w9ijJ}Ewn>KxX& z-<(AQ@V&>MAPfckmYi8L1u+DJ6_bqwgwEF0q6|BSHSe9Ha3#{l$6`Jd%UcEp|?YPvC>1j}5d0gr;e&JPO*UtbG@z)w}a zJdvnvehj?eB(L>kk`a`VPqe zS7I1(1~5+tgCHjIQmVB(2dz(Y!MCeQ!$U~TL%=Ci{@7>$o-rS#2)x|@S057b*|4PfO`rT=D-UVvmJBVBR$^{(b@yTu#2d-j za{Lno4fBjxIY2EuZU(27Kdg_CBF5)dS(bZi&S=6OU>z-GXb?s?5v3$JgeCMm0S0C7 zEW&CC*WC+eZ+2dUZ*2_?cV)Ua9N6b4M|?te$q?m^c@pxhz$ex&wr}ydQq;g_F1LVC z=p}|z!t?~<5Lra^g1?4sgiuTWiHiB!A*<%;;7~t&_r+xAaYCy&UT$@DpR)t=+Wocs zO(RulF?uK-gQxD1_93FSJv^1gA`|*PbH!IM!SR?4>~PX0fFGj)$hJw{!3M)hmq4We0N$42X2k&X`lQTsJYZ~^OK)Q zEizEskEyg!OTsC7d2_cK-gCGM??jeKa7fofJsK&Ix%Ao3cGQDH7j9sTz?*b#*<>1C z4Go#BHS~G^d7VadWv2{i}vZZbGnJ((a_+Pg8B`k_2Ww%A*#5^tBXlMr7$ z#4n@sp~q-;L=FC>N~{BZ7>}aJDA3QFW#g5aRiB!!w;$lED(&%AmEsDwXF{n2cM?r= z7*BBvE4#Unbb%Kt$S= zlT^;euI(zz6rk=^w1DpK*~$O*0vt*v;X#_p@QgIA78kzUh~UR4^=ii5HWmD`bnibK z79-G3O-t+adS{IRoZYrxS7|65Cj@#xcwy##b;6s7b1m_DV!9;H-;2T;5}3?a ze}6?0#?ZFittQFwz77Cm(xmpk)%1b@c|uU6ssAR(3?F|g`|caP#6L$3i4O{*D}>rY z0qPl|kjzLZpEl>47+3j0y2J+y>zAqEb3KR_Yf7H)st+kwN_WjT@{>@lE=JRmMg+>W z8cy5wt2$iuz2XvfRe12|`|g%jTF_@lBG}lSsi(ZbD0%h0c|E=&agZ85909$l$ADiW ztYZA2hlNtxOvxLSC64_G>8$htBeV9tvGi!nnL~3$2fAF6()YpP;Wp;&Op8i3H{lgU z6T#~E*u>Mqt*{9eEdptIQg?@n6l*^^T&00v;3Y@D{K^Z~LWdO|m#d2OH%$$gY1YTZ zab>p*t?PcOvi*%$hqceO#`Dat+YtC_Sc|`SIfrunsdwTPDx}pz*vYVSv> z0gnhvY?hr6v99l3Naa$z)VY;)X6BFZXbICSzR{TYd5B7O#x&tJZpxmK)CP zlDdbFO)i()%AshhaLkT1GRP5>u*DWpDtjp<1sDIOb+RLYC+~gV>_O|Pyi-Hcs*AhJuF|e5XsDRbgO=n23ub6pp;L3x zHa*z2(1Ae$cihPlj^7wu*#7%C)bEo$jVXO0b?BeI>#jiUh-1dycb4l`XF|ls)f*l6sp+zKn@WiZFw8OKL5|&YkV_ zJItd>r2gF6=g)n68yRdT+?@1Uq_n83pbm$WE>!6S+GG9*xR$eHbWF|F zd+BJ3QE;$^l^QS>#uS{d3)H`L0m7|{3tf_W?MD#CCfoIvy}Jn9YgvuYkIyWva4p-H z0c^B~LOS8s$}V%V3IStskH;=WCt=6;6Yan#Q(`LouS2OTOUQ^OR>1C@MY9p5MPIVn4VC%qiqTBeVYKyR zSLCOXk`3Y3bF$aGoZqYB(!@5rtLS1@WRICyFI@=oh!8<=@4c(DS3q|}N#ob$&FXnL z;-|+{i@v2e6bl*A7{f^Kf1};odEEbPh20$c)Nc09w_4$uQi@a>jxadyV|$|s1v)Ee ziTd8g`7TLpfs%-K34^;uOD~XW0XBHx33U8mvI6-IEa%(QJhWgIqJh%pQj82bQxpV_ zJq;f{n|sM`#U{@e{A_pJu^n^^ea2gnU z`w7d^lu)i?+VDU}Ut!OM4s+Zhf>72-&%W{GprX90KlY1f<$}bxJse|-mSf5zr9k(S zw%5U3Wo@xX9_BnE0%g`LW_XDZLNmc27wc^_>vA)-TdRDU7{<4Km`6jx(A&m+m@Zpt z{er|kdr{VficF~$GuCdfv54tb9wrAggLqU(17qqDF3r|V{(S|BgwbhcW zn*oy`fOJeO;&)oFQT&%x@LQ2WZ+v(6}6qnmqv$ga>?_HRs|V{a$= zLXO!=LaS{XB{ufZ;LhYzn5-BWDiPyGawPh`J8my@yhRixR=KcQ`8w;kS|j@Ff(xl^ zG7*`s0@sObRMw4$tcm3HV^M^zng5g**m}vdCq>g`y{6kNTGQ_*n1S?FW$Rj&oK}J3kSNX{uK4C zx0JE|@wpNl_7aU1>s+1LnrJ!0e*HbCF>`kN3%N?hW55!L>1{|=IIBE|9nzDud#{?R z;Sl3IU0oUB`;Qz0=-03Z^2D-xzVz;A+JnY*ZQ*m=L{}Zch4DJjWFUv^;sCQ7S34fB|G&u0eVyizw(YN0J#awwd7qk=jK8S&VWpUS7XcpW3VIK#4w_mCGv`+DgH2>@p-)4keNp5W2MG};kjEfBBl#U65d)sjFj4TNQByjv-ojZa8> zQfO?Hh+9Z>mp_t*h5j=mKmeEu8xR6wEUWHSvHYH=`;zcN8I=X2NWLhjyG%MfJqL1d zk=Px)D^Ybo@{oCB;i4P805cdMVCe_hQ>`_5P00&zbF4|&WBu~6`A)Zfy4|+>;(*&< ze6VA)ejA^#mVd-^D*6qTP*#rnf}2|Xe)-KDzf9il(Uwsm(>1UrLF5j7r(k4 z{ZRht{^tC^dgt!vR1UjMBG+7;McKxe(H#Qc#Tm_M*?Ac+@xLyBM|T0OXti=CGP2Bu zvDP{HBI_A3bEWxd{8X>6U*}4R0oqMLZdih3a`?r85^y-}B8<;&)rb)86RO5FUG(+{ zqA{%Vu$@E3zhelt=V=BfcU0(|X>>ZWcTo>~IbtB)K1vo}xk?q}sod3@7X!;%2cQDP@38F{9~2!D~7(kQi2TM6)U< z;1FyW|Efq-^Rt)xT#T^p3bBG-_DdnLpDd=zN*d@L9Ec|Nx;Uk#b$5vEtQ~*}7@h0u z$oE9Y*tLBdi1zxd@3j@PMp{iqddT5JG}-;Z-CfKwa`TwlVH0fe9XfNPbq2JKNH4BJ zFU7l?w4op9Q<+roniDWlE`!Wn<8I0eZMmcI2(E&w5W3v4aIEUgis1R645wU3g!*znU-V#!AQF}`ji|-Ui+wE$_Rr+AA8)1uV*BE&;orM3&*HYK zv2ClhIHgY*Ve(gQ;vG+){gZS%qaz39Z;1-RG3s_~lUL8UrdM{Po5KH@KciDY3 z`@FLe*~}s0)z&xLY`@ZdA9mkyMsTx6Bj2azeAG8Sjy?Y}PAlBwFesMdx#}!Geq=KD z>d?U~#=J@fs*-%)#zV5jSdp($vo+e zAg8I|Mfg~p*e3LCUhCKlr~d??E)%CjLzz7=TenfXC6Si#o^f6AaB%bupRUM~o+0dQ zSl#^o7EyzffC)>&U=_Gq=UqF{UwJ9U8eZEl#c{MygwL^;wdh;Xhn&#EF|uXgT~NBY z35%)`nAkhtVwicU|1!IJiN_%L=g&g*-NFbBtS?u^X06qn=&EpVG)ZuOaP*%z2YE;M zFhxoCtKH|@<`k|Cy&MD+I zZ5m(Wgfz?F}U%zT0#IcaGF4 zA7Gy362&7G+65W#&x}dM9yM`rE6!@#U^Dou^W}hKRqAC#30;|gps|Kazeta=QWPop zaHu#umUPRxhjT=>WmqJw#o>op(=7ghF;3Ru-=HOHwCf>qLpr(k)&HebUk<(;;jx#1 ziY{fErr>BX7#(+CLvy+EIJ5cvb|Vtb>!smn+G6->+&yc8RlnJK4q17Hpv_jnBDf=T z;PgiqqB?j47F^0(2jV`|FpU|ac#48(Rd~B*5AkCrTV_R%7Ryj`C2)wC=__Is?Rzj> zpzK)Y*knT$X3x`5|N4D3FD>KK+z{dMd)`%9rmZ5_12=wT{~H&n)FNL_921wO4Q42 zT=XVBD{f^>8Y3EqUIp>`LgO=2=Z+QOWi7GCJ>(;%UbW8y^|nT+-(AdLP0#~}bPz|3 zdO+5;3G|vR!Y)?y1xFmBHN)KJdWH2b;785@mX}sKu#7-7nwp(V(e_^d5}ux4d5YQ8aKNYpl~8f%pe zN00$$>}hJmCzNaMY#@xi-n=`?eiyV~Pi;Pg5^dPkQE{^FP2u@^=i9pX==y1=F=-6K z#h%6c%;F#{u2T0^CJ6!fZBNZH*bmd^jKo1#_3; zW`sCV#}4g>YBKpT=!(KHSIgp;)wwsFDFpt#0UbJ8Oy6R zym!7rZJoA@oC%6*6IbAV0&utb;BE!%tX0ohuBFeoZ=doV5X-6QNka>c*=b?o?NN40 zlF0vn+ObjltpwA&q6gz!?N;42lu}&W{E8`Lfsi*oLQwqD zFqYziFi0>e5@_3r9boVi_%+<*qGJ}2k-_LZHW8@EW4{l}z!}SgX6wdD2Gm4Eu=WEYK>+s|>?pX?|Ku1{gOZBD!;feF*VqL|Q5R-lnT994(ND zSp)Hdh&0@1czF)^}+bN`U)o6HG3&~OJv+yuk z%(^js58dsaeX7>pp|{`Og3l_99IW&rG#cX6B`{w)K{aZ(-u*;-behZ)*K$$Db9^bc zwJ`YS;nDx3@6E65nTh`q=M0!hw|~7O5sCrdNYFU?hbXJ${SXAy5Y8MpS4R4vTqH(W zI{`g?C)wSk)9sC>|I}(37QyLuHK4j&DQ|pG2`2Ph1Aq2SBS4%4CLG4c2AmT;0X&|h(^I zBhFt>#tMnN5VJun$vIr?dLTUPpeq}fiohYqb?2!+dx!VWLjsekCtBI&imKRLvzlx6 zsxQ9PvJ*(1D?!IN^u0N+q-5nUqW@rRrvlTMwVw4b@-}ANnaF`7;zbEQun?nCf4<}Z z2F=3r-YMS^NL7DkaQ2pkGv@YVXbs~1W649Hr-FIyp2}m(+tn%WfZMdZAmq7kX%vs? zqa|*KKp=_?H=Xa40~HvGpBX#je>;MvTY1+m*Hp_L2{v7w|n7zKX&v#h@(i2`J% z6=lUawf-Q%LPS=Kg|X2bk}57Jru`v}BZ}PW7V7*)?2U!3m;gHtsij_G;7KM_uRi$PY-w4-Q*y2@6@ zSu$05dF&5e(gV+>ZW&N`MF#J}tD92s`%GMs8jkfTm)1ozqD7ZeX4U-b;!~K`9&q_Y z?E7kB@qrRZ>sWTYe>1g_+pF{^oXd@;3(&J|R2`W5R`7|hTh{iX*N3-yY(k-7^sxHXQC!z73xj)`RH3C7AceR>HVTqb({?|42Gt;V`|{;-Qg>FIV-8y)HZV2Y?e;)j zsV#d~Vz}^iR)e_z z=L8_eekMhlij%9A}?zf6oQ>FjpwG$EWrTsHEBlbw5>$0(5G}n5Thi zpl+X@_u!wV=0fT~UQOqVrN|+gr?`K6Z2jg{sZzn?_Bvv2z*8Aco5YC7-k50f)k>k& zK3Eq8=vc)i+@LsB{c$}AmF z-lo#kNlR}dN*q>VF6}a1Fq1fQiT`DOuh8@^ZiT*Z9sz5uh=Gk->Tr36nl1zvjJq4% z!BpXWhKz?Zxe43G(jYCHG+vQl(3r$KliTE;iE%z(V$0kom_mM5ESsZ)i)mynf049E zH0bSVxqy{!jjdT1wL7(iF&j9L7lVxaFKNOd_i4#KW-oPmYKqSz;O?XY3)=uF0Xt-e zVIN27aZpMZl<(Tx) z{_i^MFGFI(=q0JrU4@Cg!4+q{Wa}afi#{Y%4U?k*0p4BIq}q;g1sOomJBx)HlTsYB zhM`Tt6!g;@Ew^Dnp+!!WdQDC%DfkF(M1(l@H

x7+?ediEl`Vh)-4Y(RdnSECOm7yLE6cju zzbgVcM^U}NSInt~vH!eLmM3BCLb>aMcc2%ibzrcY;k{3?b#vI=732auWO_#U ztF21h%+15w3_2t3vXF8@-8#KLsgf4m8qOAor7eWiCVlI-5-0oS7HMpkHe1jZ~Ij7=%*X>{P;ZX z(oHU4ca)5@%ZuIPPRX6YWfPg9e9?haRB=DWm>}gHgWx>cGA12HExk!CLJl0E-M|=+ z6rT)=JtGEi`EYLINLD|brK`evy|u<$02g#tB~(A2aEy$&*e;|L-~j4xu)4ku{gs{w zhkaDF2^^w=_aub}X7<%@kk7I=RQ3kc6Ua*ZwY+PW58@)=J1&D93;Qf5m)Vc)N~uG-bdDx{H_`i992WxD76_Kr$ymo`9?FW~|;5!U(k{>(H#6Sqgn51KOLJbmsvNw~?^$2;+p2 zeUCJ5LbIj}8xM?*jOssu+E&XPm$H+Nlj*XNHD$Kyn^Kd8smN zqAi=8>z}5k?yQv;%{Zy~m8+=K9hBhB`$y4}9cQ=E#;L4ljw&h1%M2txm zp9u`|BZ0HPkm$Grz45)Ho+#zY`SF6kp}we*BZc41q2z#JZ2w3?hN1^0w3FS+-oo}1 zhGXQQ1T3C|5QbU@`ze7GI!d8t-}yfOl=bh8q= zQ~qGKUlo=NSTR0cd+eDXaEDlsfo=;8Kf+v(ANS>Lnz9}uKKD)Bc4;Zy;eGzhE%r_a z2Z-X2#OQ^NCn%-_;X5}`Wt`Eojg`xa1ekG!h}+gCr`whG2<1y_q)a9m)A~iAauTjC}Wo4?sTgGsirO zgRvO-ryCLBA0^xlvXgHwn2iprL@OZ-Lp>zDBZJ^-&pD zsAs4r1KSXUma{qJtdc|-n0{r0(oNa^s;FsY(fJltG0QNs$O0vPIku~tW=*+`W~&6| zb+(U&Y3O7kgWiu(6rKnG1ob5u8}G}EP%6qK22GhJjCMKXmXcbD(6cG;7Sn*UYNuts z2*@Mdn>yvMkN6paW1#mL1F{T(SbU zbmo3;U;hL0{v843Nw9#aON9UlN zCFQ0Wg~9?Yc=YjnIj~tnlmTC_(n1iS?zb#dzI5`GR^xf-bIHbDMgwOVk$x#O-|2vQ zp`%RR#ZfMaDAdKzeI)wJPS&K0%^xAzzQmj=MfJqvmh_*pzU$S7`p5|I3_>T3wDZ1( zJqp=9^J|-e+%GHWQ?NbkZJpGGT*owW<%}|**oXomb)4m(!8QIRKnw_DTE86Ii)fKk zkB~Hp)*>enQ9+t|P=Gk{wr-yX;O*dmf$a6^0`lqiQ#PMdGCRsk(Dx`2vCd0%Rnw@A zHO!E3Y&hUx$LP5{!bg~c6uc;Df-%#wE$!uPW&Sp%M2yRyGW!pwTn>i_?rf$V0%RD~ zSS)2c#Y`*|yj`Mny$&fvzwyY59!f%A@5DrXYb#h$@~{B+9jqwDt1y-w;qeh7TMoC| z-TY@xHeb#Og4mCP5p0OL`GHb)h74%b416>>+~VUkMHhEOu80Ckhe}09^~a~M#Y`So z-j|77?*zmu%S!R5j~Dx#w7xOIc-i!f_v{rG;rn;Wd?NvenUnX{s}Mpdjah|Qwz+~4 zjjzQ|q+xkoX*Tb}?1?bir~oM!EFxz~a<>cu;Zcy}jP#}lj=?NT&%v7#hv6Zh))*L& z8=CXcs@sRPyClaY2)u877Z2Ki`qO6DNU%hFuOaD;(CIDa-c~3H13VV8+KXBkf)uZ; z#R?v{g%3a6=AkDhD&!Z&Lbs5B=zEs@wg`Epv}2gpGhB)8L#@1ppN(bvtB-cF`DJ|- zZC%I7Ljk6Vu(TcO9hvXlEQP$sMRC1FMUskGNZT`YpM1awuf}LmPLtM|VXN5UFPLJt zn!Iw3Jo_Cy6FMcTMzyhJWcL0rE`cG7 z5}QlS;A7cbc%ml`ZL?RMy3$JvqX_9x%xe4y%_BRvFGdh0FAtXqqQZp-_(ZLduIzNJ z!YAAsj9KIRH!JUu5e_&7@cZcA-+9|1DDa8^TZ3_LdIL4>&u;uAm1Ed2$6y%GyT4zD z%WkSdO%9lFAJQw4t}`WGING6B-LCt1Fu)cO^RKiv+i)>>5jMeV^1wWtth|nnu~^JC zEl7QTdsi{-bQ&cgo(k#tu{sT4khR?7-qqVtJk9KC(=#*K(U~u;3EC@jAd)A8JMb^f z86)icY3??X!k4L{WF4%dtgO$o_yJnO717|c$65)O?lmxmj7_^+_SVRctto4ubur#& zP-_U?kIkxTX);H|QZFNYJ#qQ90p07aAuRZiL!s|YyDXt?HI%F?mqmQ8pAfmd`j2YN zF>h@D_gduzbKwJ%h<0g)rmNk)b_EWZR5P{SY|XVD z%}QgsILp-$00V=Id~~)W_l%NK_A)4D_oF$U0{6p~U8=y8Jl_8JxEGqO_@@D00P>4> zPNg4)ikDtLP6L^5EbHlEwZ8qw(DKu`ONZ`B{zAnD#I6cvEvd`}#U7#D08^P--2}RZ zD(+BWg8VGsF!}k8sMF=?bbk~R6hlRGyVh7vME&aCD-6K05r7p*d+896VlbVT{M`CX z*tbax-#1q=*a#BM?0zfX_W68t8q55RMp(ez-WGeK5SV>k!v^esLbrY5D?nhF2;8W9 zhkeJ@H$MM>CkjL~Q696W_mj|mTQ$k4MP+XUu8%=dxtI3R6%0IA@^Q2pKi}%B)Laf;}}tuX*DTiK%t+pRgY2JwD5ohB>$4l1c^0 z-4bPnha&Xw?8;gEIXrh^my=^WGt=Qf!D>%CndO|tQoJ?4G>zQEY9YwGbWsCE(8)Fl zZSIYtu-&r-T(ShVOD;&ItQspJx{ALxxKYh`8E!=h2qO{8#$}*au!AsXJ%QD{NnWk( z$%zf4WdEXPNL|F15G8Z;(_j*h`f~+h0wLQUjMem90VxBJN3DUVC#Tlu;0(#AyTI3B zogtj}De>SFc&JVTM(H?&0^4aLo31EaSV?&Av$p%Gs}TbY}KQ8~_KH?+-1{Vr`GDUXqt z`uv^dPzlZ1-uM9Pl-|a9EDX2@S50`U-82ia8##3m_%3Lsd9J0S^|3QLjlbkiR7k?c zMtRix(Z2mQn~eu68g2GhcP~L#i5mFB+Dmy>MJM+{hLDtpjxO*a*FVZ zFu{|!X(6SDzM}y^dmdSoEKBt4;Z%3*vA;T0R$MA4Zkc7IB!fn?5i1|#Xq*{Q3A7bK zg%W&)jwFAqpHg2ImZwiBKD(XwhXqQ-9WitoCt=AA$H>;>6u(#_=yWl@X~2y7n3!c< z^YgSH*|Bxr;5kA9DW_zssxBJb0*4#H4_WmU4OF8h?1{7FPG3*@}Ey1j8v z@nLFv5Zs|)8?55}nhLfbOh!(@wkgdT;BF})j4RbHV{d)9I8{1p!&t;rUr30DuwJ37 zC^MPXEil3)^E6!mnF?)ykT4#pClCKh~K3N1H7h*-dXPwCm#Ya(~~`VZlsbUO+ZG ziif%fi=zCaELTz7LdrDEl~CqztwYEA#hQGDn#5q$`47nqA!ZkMaJKdLCb`IY-2R*fNh{0sKBqp|3LFuZz z6)&I;w#`3*DVCD1-O@Y}VQ32_(2 z7mLmtoS^j?tE~dR3_p3HTP1f@prbOaL^$fnth@exUMsnDU$mj>ZB@KmV&EgCaU&gp zOwIvyXGX_3aBS?YfD~`ypGFUwG4MF>IbyiCPEy{s8VM6oPK|Fk2X069%uSgaLLJz# z3XuC{-}(hK6QLURCnoc<*D&+dm^Q5>kye}Clz1ghKb+jW)GFwZ>;|AMsd#NuCab^^ z7E5CBR+Td0ENleOM6^p?fB$qp1}9WPe~}c0gHi;o5>c<#WlzbOt5fY9iUgEJyh}cLS|(3lEoM-XVw)Zc&^o3ZU=>eDZLS^t%g{9?y5nK` zExV>}-%|3Q1 zf)%mh`Z>eXH{);Cuk+&^pCb!uWiw=1F^5B4)LqOsW*I8FL}^{1Z!(~O(qyklX=yKs*DDN%eMb@GT2_r5hX60K7J1ii+HbV%l z17&j12bripqr8~1__Q{6j2(WG4Y9}|spM>9wf+%V4oo#*udtVNEjEhQd|_Ip-8;xZ z;Zso%;;RfC4g7+l2!|cCMKDQ=9i>_YyBZAPGg@rkH2JRrz%Il>P%)WJDhQ>y_5>?b zLgcBe1Bu*Km9Mc%aB+`BmAc?MbEEC=063ptX#oV=%s(sl+Xb)18Mls0K9;L9c#r`k zM{`MP!VmUCXr@(e~jmsW3j#rkvP~Hd<5>0;+5b%Xj%?Fdpf_o*u>`apqK4O&NNBHC+4E9W8~0D|O{G`%m|DcV@Sr zls1x3h>0pE?beYY5WzvDdsbJ(GtoNcDs;M6zY|y%wSm`fvhpo_+db6?U&8mg9L#{NxY2poIBBxTZ zh@@k0Htfbp#-x|6>1h+TFtw6#fb2vSsL6acYFoLEBi_3NtXaZ_^9T=xk~wHaIyUUoBHp zU)O6&ECld0%MwoZmoZx)R-apbzgBmT+1n>}lXaBqSh!xXWtlqnH>ZjxO9$k8H3L4! zUJdD-NH#1b_CJ#2?tSi)O0VDj3gC$3y&hn>Ey<%;VxTYx8Atun-)q{8GYgXo>@GMFB?Mdy-(z#@5l>BXqKqC|^8Jx0m&MGKucO8B&skx{ zHdg~Lm{A)xa+^N|Koi|j)AJ5tA{haFI*@YG?0u|qUeTb!|BhT6Dhn$59Vs;&jlEYg zKDPiC>!1LtK1sB>v+zcCc0z)j;Az#fOZq-Rt1n;X;eMB7_K;^+qk+ZqwrZV$ttd}= zyZfWbxwsz&}Ap*w!^#D9ML z7?d&xqLBik${}J4uJ7vldK>x=u*@DWsyD#O!haZ_M&!Wexc-@!^f#UwslYVVl@{S2 z(tz%-M=w|Fs?y_x!Ibe-DoqE`|EJb4&0kTmEC12WMR-%CH=({Xg#l;Z(ariA3|A!n zgCIQX3uo*100N7Q(kbuSJ02ZUkqimyWHwSBDY&xTOkcxMhn5S}h zc|9#xIejHGaK>d&Sswg7&<0x)aJKQ4TS0SpymU+kIL#y+vTPxplZiQvO>#coEY6-1 zc-Kk;$dRfc5X3gji(s~)3uUclW%|*g=!oTQMb;3aK1Q^LO4n|Dx6BF+C2gSwJv@<3 zVZ#xbrj%v2ZBHiS6&~U@K0fA)r?Ch`DZP?!vkk1JL^s7@C~Y`XQ3?LWWY)j$HQH!V zQy3G@-Fxg67#G`51FI`M@2}H{>Bd1%Ec@t50^|0+zI_Bw>X>T$c*}D!q z{W32x;^#^nMa&juHdsj+2UAT>0-2LhnB~fk;qsdR-yG4ma{D7>>ULM7H(z$-mnyTzEaqt}ZVExj)z<$~BX4s_Y6D(i5 zCw`0y8js#8DEo{uV%%p9==6nIj6LcAGU9==HWI7Xh)FXQI#84ov%YPhoVLsiLwsHK{_{>6P~`<{%co`Z{?!>0a`s2@zu=?Q;KC*HIzmq+i_Jf!9(P;k#k=*Un19C*?X*DLoTA{r z`}ww$LR~*+Mp?5A2sKckvBBFSdcyl^>phu8c~vT$%$K|{m-y(9vMSB?mc8rtsLIwK zV&uP%gz)a_fOVWnn>{ADek#NB006aACneivs2b79bw^@I0(wX**biG@3c;L$OU=ZM ziNL`J*gewrhHijI^sS2q}C2a0&bigUI6xIEmqL>IAVn?x@71% zQZHUa?h9n(EVWaFZ9fD|lV0Ed0MtM$zp^Nue-*zSW_lllzMGz}UQfFcCT5(0-VeQ^ zS}-cp3a?jiA=PVtt%+x&pS%w|<~IXk7Q`uh5wyzx7&&QQ^t5X-nNy|9tX70}1fQN3 z+dupDx2duEzE7XkG->C&4}IG8?8f~L?*Z)wiU+SwvahV}c6@h8K1OgpN*Rc4BCC@} zPR27w-@REj_4gBL>@bEfha{}Us|vS`udz@@_0^}g;^OqM24!H~`|6}(p$|zBNtOG_ zJ@o0qYXoq>%Q?*OC_s_)PgJn2F`Gg0)u{~9LLI~jJAWPXz9Htva+B<|%s)GVHdUKh zSPI#JA=HjgW(O-l*fMGMhQg&Fni?cTM6=}#D9Kb3V+XsoK~*}7uUzTtJ?YRSE)L7{{(Og%e$9*I#S(5nka2jX*1D)uSP zI^}}NKm>Els4%NpZfnb(=@w8A!r2pav+!0xsujT^lK*w_7iZ4v=k*N-O@f0GmzLd0 zn~AGETh%+%sPJ5!96qwNFh4OfG#Cy{6{Sh`RtTuGg?vVHV6a9@o#bkWh@w%8l3iqX z=5KVXmioNQUUt^fY9MoB&4WnbKNRNxc~mDJ>7b2?Ks1w|m39WXRxPS+{o2XfBtRS; zTD}c2kxbJ#|0Z6!?k;mq;dP*Io~vqT>_i)PNL1PNu)(?x!j%E$Sb z*^IMa#EIMBroY&rb7oe)uWwwy08nITDGs3p5E>FGm}WK!fy1IueKvO!`c)K6A3S%H zvgCmo zJg>UU&&n|jJz-TH_@L|3-0U1LuRhA;J`|2B+EI5r;;-dd<@ zg_7UuZR67+c%W+=FhWE*p!G<9HBnWmM2=QO=o&zyAiw&kT&3vIP9`sU#Tl{AZQ_-O zN!6`Uts8poTWp4xYDQr1v>oO!s-c9f1Z}0j*V%g*Rgnz$3`@jQo^?^$_@Dk9taai9 zpFJ2os*z!gfDycFA{ZYOz-ga+@(Bd0`!e~M@87@gY$SC8@NHFd(*(qja#Ypr#joN6 zbb@xnD9(ev zP=i2#Sj+=2{u!jVM*IyN%oL7r6GVl&qc+s=TtUW&K%Wd|i>OmM&3cz3t3=HmGzoZ_ zz)(y>SSmjA9#%wrNyAeC;uU-3e&eK`H35q9VM)cYevt}HFjjMRU^JiEIf-+Yyw7^A zI}0Xq9P_Cyb{vV}rZ8C($$sW0DL|G=fN`mzB(Mog)5;7D(LFdk>y>I}A?3ymur}{i z6EzCExBkKk-^T)Bq0H?mfbXL5k)E((iwYdgDJQCn1% zyH9N%E8x)G60)|ctZeoP>lA}6(V$S(BLWsq`0uj7{MW||MLtkQ8g)lrazz{ok?p!IK zu2wXVN+B8rOzliZ|>{`}x)x~tPhJ*9U&d-}}HxpQZyu1*09^DP}u)sUKt8^O@= z=%U{6V6vqu9;V#!v`svPmC#ZjxVUoVimAywxqttGv7=k+9b<&P2L^7Xt5c6f$wEN< zYbm{4(a`f0df;7^y?o{J)vH&b2R?fm$~IOoQ|ZahXLWY0`r%BuMGzG-Ky(%bU`6c& z01ZC{q#_zkcxvj)Z@&2rTeWbLkBrcRhJAiE7xf+(wf3Fka*zOuN;TcgzDyyh7%xm7 zvXKRW&S}4gZ8AAAaq9G`G+u(!R+B;|=D~rhAN6w%HU&&H?<6vbGWdIS5d2>E9vf3Q zy-zupuh4`lk~<+-bkF=vRNQ7x(N~CPRNy76rQgHW=1S0q7BqM?oY#_qfokb3{=~m{ zu$TDnp1sqL*IKEI9_sN8cHhm^UyXK?y6eAZc?3ex5Gp_ccnT!iTmhsEj-cP+%W`_ z-3p~+}Ao8F7&yFJ8Fgc2MeLrU$Q z;YXFX6+Ar?KIX9uaeMx1M(d}zn8!xEx!%LuRu^lFZ8zvi^%R~xVBLPisMQ>CBa^tb zQ)h=k%{-B@k(mTnys51z`<^!%iZeAAJB~WFX^hZA(o7vMlZNdc<~C*QBCc)}ZXU>o zyc$sC&FJvR@DY9vQU%?3IA&*NoZW}o$ zt6%yP9Zc6+983}Sh>!3w1nwPmz@_J{6(egm7QyiqN26^T29iUMc<(uqr5zuOZFFj@ zMRe01u|U;XwyE=qa&^OCdW{AKz#g>YcAUG@L=tbN38b@4W6#SrjlC_D*-WYZ0D})L z>llE;pzsM+h!i{_Ck_|O4Ro}sQ;DL8&;9uS=umo0eNQcT2tC1Lk|TpO%G9jZV&C34r7cXAqmHfNE`){I11-F5`a^LBw^rt^- zPE}O8`p%<<9{(E0;qX~1lCgT#`{k?5Pe1)sK;D&f*8cMFkyzNDe)`Ey631sM@*QBh zuAo6UK%UB6{?6H1r(VTNT-9{JyI*dgb;oegeaH6jgYq1!frdjssSq0Kp*qgRHyK{| zD&4UYC>O>+L~Hg`n2TApqLAo7YI%8@)sqTRXic@`v0v!zT#2t7TRSlUbN6UVjnbk% zA|P@Z4xVOL)j~;&idQAA9<00t&_b->S3;yYoG_lMS(j`eLFswMmud$|xtaN=Wl|k^ zju8P?d3^&7Z;XvkOq@OyE>Cn`yOoS8Q_46#*V734e2uCOl+q&N%+AajRvp(CUZR|< zszJ3VS=T1>J#XMIkoxA$TmSHff6#QNwj&X1B6ic)QE|8 zzk2zSpI@njkFTR%zWha|OXi4tBlyQZ{_77v+{E6-Q6<-|T{VIn_6_Dj>;Cm$|MdO$ zH-CNn*!&XqeeK${|L`C1NVwR|BWCr32M_-4@BW)Jw6G0Nvsi?wsVP;RJQ?$}+lwFn z@P~hlW4ZgRC9{uJwUyA_1kdSlGFUG+YcmZ*YEDRUs7K979 z;owA>Fkth;CgxEOV}MBmw__|M`*i}~!WOqN?%3C3B8^6v^KTc%!O6)m*5-g=Xl^!D z>kSKO;MGi+g1KoL^GIwXRJD>858NU%H$^nNhPVKjDY{YOG@(}PSDQY}FU9ppTaTZ< zV9q*Ma(pbN@Mcl(!@Y|Frl%MelS}vxJ|tXRod9ivc-Yz0V?xQtJ0~}0RWWAaP7%!- zY1`x5#%n!(2sTOwM;rJ6+}8{;f5cw7zMRJ3&R33gHWs#(J!~>Ojai&aX6@&ghBhr< zPtN<6(ZsQ}$6{q={a+u30ycZ{Y%|Af8{eK0jxjft^R8WychrG2gDQI`}>?v=Pj8bd7 z_JHr!EcMPz?b-ph`KIrHD{R++`w(+Jw{79mCng->y6~2MI7iuxxI1r+49Ah}@2vd5 z0|aBFDr@;e4uaZ0Lw(>ozGerhTU4xxai2t^BZZv>jKX>D?33BKS!$a=(z9pc@KhY+ z1tkj0 zsK->z=VD~@YYYSnHCTwPUI4~IwC)R{YtNsfUHh51dD-$4FpM}>m9kHMeL`{7T#*9I zVMy!(vBI<z8KYq=40?^=VW3aHk6Wcc@(Bj{@Io6mTaM%X zs95B&HX%bUK~SGo*kA2Fn*NyzKAyY}yr#6L2LIEApkWdfG8(9MJt{#LaM@sra9FS_ zqHi(KUZzDv65C>IPt+Vok93%+x_!b#~L77oxwmhivmbdpScIjE~0L&-Vq^ zXr!oANUrgCRTfBjO1Uvv;^t^LW@K8*%%h@lRah`9b@x>@ZX$z3%d=6#ky!}qZx}6t zN*$7#E_H3$6}6)gp5#-RSD*j@KmbWZK~(Pc=<2!)Y+xi-7B+{lMwUM53I?Dm7qh?JO5?8 zro%$gzo+9`2Vi7Lb&bMGrcL3IVLMG+^$UE;!QpwjIewE<#FwY_=t-u{VA7zp$2U65 zD8afFd@eTDWbW4`Z`Eqnf_&8UD z4SYkBA~iWK8j5yYn{L)`IQR9p?s)a-)7R(w^Q9vp`tqTKc3%7PGuAIu=&u*M#1F_D zHAlcftjTz+ITVkdIR4pZpMCxH4PmC7owO+@ z;s}7_P*m#DrAwmR1fdFMK~FNgb34QmRM( zQq*M%A5=;p9u0@G@2Q4DamqvMBh+tkDYVduVwkx zasZ#7$Rf}oh_f^xSd$v>J{7zOT18BbTbJ?0V@T2TqEITdH@LRxvmRIj(~u(dWHFiZ zut7{z<>L%2e4}7^Xzs{tY}Cb674JAG#M2Q?>3t3gH?_IfJ1MlsHxYfyW6F&x=^zc9 z+xyfhk-x)=JR2Ag#_G^kgMv^Mg62_cXqJa*y^d^-!{z_|4>#}M zzwe+Xoz;5y(+7?SOBJ<=Im5e~=bj4v{Qmo!-+%wZ{d@NXq()mYcLra-dTo4Th@W#3 zPt%Nr0_dIos{GFFI|8gVgodjA`s*8f>{z!ZqKP8}_SW3-K|Mxo)UM{bh3 zrc9i_Saw{Rq00tFaY#yf;E}KOw8g{o=c!BvJ=(GgTe}P+ zqbcO;$dTBP(MB9BS^en>pDqghzgwn2%;=1|Fk4GP+CrIs`8t@#B6buf#s-RdQNFGr zyo_!R_O{2j5bf5fjSllP9jHgxAh#z;4urWc3##z0f~Bt#&nQARq11i{t1@4db+#crNH?F}MU z29=Mxcw(6aL zUC0+5oCr&|^b(wc4L{%w>o_pSqr#aaICuV>r;2D-GP#_x>ID@T`YZ-|(z+|)RVnnD zp1w?TW>6?de^;=n{J`JPGnpPNsh2NbF%44OhM3J{A}-;FiHT#z+PD}9>A=&Z-@)xs zAlRjom{VbGN!zPx2TNJ#8E*c?3Y!>B~= z5-B%dttmjN#ZGER`YB50<<4EoU)x=sWx}7xiD(os{yly1>i#c}FMbmG-2O>WdiLU# z)4jr;jGdwg+3EBTmMNjb^o;&S*XynX{j#|4JdYY0(ckW4LDmY9HFX{yLipf@T(r4Q z&^dN?g;>qU=7N0Nb{ryjCk`zbA3ZfWJ~a9fE2*Jkr@@oV(;oRYcWn6{q3HUq90M$z zLuKS_nON^ppy;duH}6r+ri!M}2@WB02nrf5*;%b>eGd@m!4eL&YvZQp(T@DAlMi@e zVk_5|6whQac_tjmt@n^>mQOv1^TpJ)$U;vVSor|A#8B7^_AF}K+Xq|)8 zePvn;>c~$`Y*6_IkE*3MKuCVEc=;9wtgM)xs^5J|!A&<5-@80wQ*~f8kS8`@OwY>^ z_Zp2FsilS3fAqo1{0Q3XnfdA2_#R>NiDQ-YTqit`K% zo+!h#fLyAosy{~|^6d01OwU2UnWMIbZAKUfyEY!>)~!=T<88z$i(-Z&9hq?ezzCWOY_TI5uFBvSR!kp9&fpJ}Spapyy8=KYQ*prPR|N zT{KZz^sW^RTwtQ!=`Y7B#ak=2)lkj32SYJ~yp*2lVg2%r96!~=M@vnGbGuZ7>W<%N zMc*OdpZCQ?tU3uPUE~qV3#DVIGdbasDK;l{s?us?z~~)*P#c1~0YmjRntb6=`B*67 zLWEU5I{KWS_19k`DEa(_b7xMUHgH<(QH@r&vYDL3WX`p0QVd+B7lUM}7tN>JQ>i|KVq$O?}JBj@*m?Dl| z2yMo(ss$|Al-FN;0Cob93VehPvkg$Yh=1e84ZU+D6>A8#jxnB^`chzlf*>KOX_2_X zsV{tSUYLof1+yD*G*PF2kr`=K#MW8Z{OLi2l@@hbtN=^ac0}z+$j8i5q21gQJ5i)^ z!>kGO!I^xl4Uz;CE|T7thww_mjM00??nOpaCGG8_~hhUK9r#m!UuUxc1(glU7OnLZV&YB zYA8lIoz=A|htC>JKHi&RU6aeqGN()*lO2(rF6@NM@mMZ~bL+;3_9D975MX!FM=px^ zmwS(1M;}(CVz@tEY8*(+F=~Bdha`=#69?|jfF)x;Lrx3To zRjq>tzA2cJ*5p(D@rT^(a{YM00fMo1oXu^N}*Z<4)>tA77ij$X@Tuly)N zzrNvv0wS$FHCd>y45fMsJ*cwsgut?2sFyIwI@vqkiHg%+6R(b0mv+`=F{5AKxDJ|n zsZJB0K3rGc#5DP5?_CTMf!It)8Hf7R$=rC#iqEl%3g;M0MWj}fv zaH;LMeh~a&-XdEcpAIqhjDHRZ{o6dY8~6R7)!m@#JL(L%7Pe6Qjg)p#h&@_dWR^s; z*C@JkY0&F^BAiK^(DA%$IPmxX??3}_`F6NQRo1)p0Xk#`8;b=p2FI>q_5 zxf02-9V^%NfsJn;HE|ySb4!c%5p1G1r;i2W2-Fo2s@ z+BcP7McVmtD#@&V6{Krn(o-Q|k`Ov^Nvz;w3(bA(lm~sX8U!4+%kxH-(`6Qiq3vr= za~>MGXbaASgF||9A5(D+iIKGjkPK|WkB>Y#LL1$^j2K~6T7#{Dpfo6 zZG@GDjeqfdM3t#6i-3tAnN$;HV{Ek^*Q~qaAB{rY=wS^>RVwhwv2aEFchbKpwFfs4 z){0>whG*u(A}ym78?#M4;%@Z$Egy^Y>V=tyh^eji`0UN4GyWsnR<<2)+-=J{ zWfu>dYC*ST3|v#pflmQdn zucqhBI9UtvnT?1}P?!2N#q?FThB)cbc7ASNOu2~@(W`^QqO6$N2n*J`rb;n}yb39n zPHllum)LA8&Z{UsD-%xPMti zff`?9z9e#abnMvTfL9Gn@EpU~hKix=uGdDmGuH1hzExpVT5O~8ZvB<#QTIvkc(7RV zn5Q3m!q)a8Y|i9|aALDcvRk6OfGhS|;2kDW9 zqVglCvpBQ(W^U>2(8Aov&=DGrf0Vs;C5QPw1}RfeGWaJFg2+33WI2*Sr5RM66u?A? z;0)9Y7lJ0GFQ5$0qNma5icskj2y%HuC8i2`%0m$%H`$WrhUE&Z$Xmc5!PB>^auv8K z0M;3;(#uyl8nHsf=5cqs*gZ|PYhlHaD_W{bqNNbm%RBHY)RBx~ome^-h67<>v}*!t z2-*!+Dv{9P(xp-SP(Pb%a)nEWH`=9|Ou+IB;ih0hBF@OEQxWW21r>pqdy8)ac_434 z64`0*%nD`{J)b7b&A|XMSTzv-x|fV#4fKH|MZZ%!LV;o@Z?VR?L)$gOcLbBFBy@}g zCSm6kn_Nm#Af~LyIUaIh+xA+NRYCk;5^)WEzNw!pHx-glL8?T`m{s;{8=ve(ft4^) zGKx1fWJP;}e=G!B>2Dw2;Pl6<;s4F>L-PABUbeO!xr>M#vZ@I$CQ%ylv8PeJZ-fbj zOHM?53RjI&t3tq$dLiZF;}mcIkN@+({;z-YSD&0elbLcqK&qyHe)#17{`)`Z%*fEl z5npG@?MNz8YK^HN<*tz)hJ_i&%P#jfr9p0~#ui^F&b4lYfzzRnezoB{-2@6=I<)XX zh%lhT7nP)_5`{@g6^Bp65Nm4iCo%!?&nIMvxq?~t$mCn>xv*nx#KAKmP&$d%Y#^!2JFBG#Hs{aTRjdu1sEH+vCA1T zta9x5pYqksJc2c==@bSgD3e>T&^CewRMkPZh1fg=2WE7_XgfteFy!F&fnas3d6#>)c z4Q(N(Bf^JMc1@>IFmQbFEdcC&o<1=#K03-7Y(nLmu5k`-7LUzVey0veb6UWpufO#S z>jBqS^>(EgJmCFZ*;&2s_t*NA_H3|14>R=X)0c;Mpq={jWiRJTXyCzuxqZ|ghSJqD z$7=3ed&-1gBa3v*LHfZeITuPVcjgygd?B9i&YinL{Y3AHuKVM^{Ohyl&u`zpEppCJ zUe8ZHy>RvF)b;CMITWYbq;sjmCV_ebsVYI8+E0H;1Y$6bJYhZuU?xH zpyreA+676=E%gI1-Gfr+#LTb0x~67Hkn6YKe(yY2r@#ua1ppYTuo9wo{ra`bm%nJW zGT_nupMG*m(5)YD(W;YBp-5}@-~Ic4du8;pk5(QZ_r3TLJ1UycT!jgC`W0ITv3sDP zlm2Gs1RXws23IaHzTu#)58KVnJ$m#jHTV4avjFQgDpo42!pk@|#ziE*R4F$CAR^3; zRkBLYZzI1W_XfowPXhxd>5Umt`I3rQ0jBWLwJo*6&n=X2I%1cH1wiXWjp9In3`Ae5BDb>_z0JRd9?1Y#Bfi*D-X$=MA$p@VL`B;~k7>q=x5yRGM zF3MKKtdMjC1#g37N?YTb%9|T=ILzLN2^Ll1$YFtm3D&}-fLF_Z`H&1tBI8Q^)T6L9 zgec8Gw!?wlP94#P57EAc+>6&58X0Ah%nJoJj<9xwECS0X}vmR6^cp z!UI>>`IjJmMhhkRwyn>oB@CzBqtGEp%)c3&6=XaA=JB&vx}=*Vtfu?v{V9OUp1*cP zgT+fStW035Lkx1K@*3K_?#TFVM!(f`@>Q@C_QQkH`*-$(*I>%nfkIwWGo(-MN@XZ^ z%p4s4;?<0;ikO8l*CMLEaE>smETxc*9iMLZrJ(J7Ip>2D;Q%9G5Dk;9IA50{e*Gk` zXfL%Egl*UDycGKs z6;!RRvHLxeyP$zd%z5=&A6?r`x9i{heY6`Juo$;9=w_wJj32c;$zNtvkU1AjvVe~V z9UjZlG4~Q8qO=9K;_?nuR##=?Hlgzp6RqZ0Wp^q}kZd}k03}rX=uXC_HtkeHfltR_ z)NY}3UxLBxpxAhkFk#JBzW?Y#q)yrT5o==SuKA;k{&utD*IFs^wb><9fi(S6rYTqy zUaO7+l}9?2y+aq)cLtY#F>2xZ3mUpM>Cnx-12xop)EOH%OjH{kEZo|K*rSHmX@&;! zI=|f!)?ms&^S@X+1i^dTYmLxr+Fxy-hRDg!Uu&0?D~)$E@X9q{O+y>hAMjlv+!XA? zH}vn*2UqNKerWi1mu`CF9(Jjjezk21kb0qgru;3{EPiyfGz>{|>nL?(Gb?OxX~BV7 zgErX)7CdxNo4A_){D1xZs=4N8W%jQ-LxE&aV`+SAh&QHl zF-bMOCS(J!`e{8fs$L4kYqVUON;SH6PG;ufbWAg%D&L@QQyM zUEvPin+Nf^BA-S|jXs-O8k^^kiZ3*Ewi~j&!o*~Z4dwiR%T^~*)4S%T=?FKNd#zTE z`gxU>-ionnK;i}tT6Yknt1$}8Iw!jdD>cx57Q7p!>ZdE53#O27x)3$Tu4O!|ja0kj z@lm$7Z#mNBs1Jplcaqie7lu5vM)?;^lHyTJ<6GymEG_yhJ-1s_6&+YQ>flx9s`^ss zN>`KCv>Q#fQf%U8di$oNnN|W#UB-dfFF$LQ{yDi-Ft%R<8N3PC5Yw==?B^+@IbP8U zQh9mSa2r{29(=3W4rjJWR8M2Db3fNlco`Qk$X=w2mOfn4SrMxTy-$G2} z41&fKKEmZ5k0T}<<0}!B_4T)2dZw9~#Oc!~_^MBzl>L~Y&kucm2(j7c2TM>aVZjc4 z`LLt>kV`r0qOFx$%%ylr>YpgIQoobr@lv0aJ;37Zw2sn6u?I{gt5b9A;K&h6_t|Hk zO-+6I>g6kes)GE!{q{RSpALg`F9uFvpAW2m{`u#wfS7rG^1OlEtb6OmnH^UrC zDh`!0;gPUV_#Df#MZ3z#5w$rFQdsPN40f3-S5vzhS`Rh*{pL{Ve0Qna$2JB#XsvgReChTnD-ibyQbaHJRuZY_9RZ|hGx)2@9s$4NjnTUE9B1Y0ig{7pGrMMTE zHHzlS;x~b!e0X}{j8d`APR4Q%%pfW)2-_qQVCp#1f-F?wuSZb}?1zQ~n+gUM1MQb0 zs)Y;=_B^m^C3RvkL91#La_RhF2f<<|5;1~DADJ}2LLf+4f-*n)dEvr21T(ELFy=pg zoZtE+{MFXft$?aK%PErY$R4EgapFJ)%HjpZmRR*d4n5K9KPcu#*J_Lz+7 z>>NoY3g3}o7z-aqUzcK^1WJXS`qE&^ikI8f#{1eY#DS{S3m3g|L!L0#!{wSAAgy7E z*86Fz6bL$|lHe~c5V7hzEh_1lp!pS@7+lO0$&-e!c3^y?A?@+B}F5gpLG1<4;>%D|e0!M?%voU3A*7#YrfAKIH=p7k{$nHIjx2@l1P`jRI@g#$q zf?k5i9a)~|ar$zO@5#Sgw(n)H`)w5kjH8XX`OX$-ut2eVJ@vDbGBY`L4{^9e6`|oX_h^z`$i3F*6Om|~6!UT8 zrP!P42(-`xLR$#om;YAUj~%EeTP4zM`(g0ci@>!6bKy<1imdm-Cl&va$_6MptRa81 z;vJ~J?@#===$S0GizZ54p^zM*i^lAi(mFEp?ZX{CVu$q2 zV(z*5c+%S=i$e>dTLxZE&-_1s{|_n3Bb1?p1;L*Ca!k$8MLQ~HRhm*n-NZ>qmDDfo zMpS!p;!*za$1h>BaWYp(AOD9rR_FzqX(HwalH+*Kh^CPuB*&i!sZo0vENSMc%I7qi zfYrppB?M(w?N78^_FgUz$P)NVFy zjSv%iqbDc0pzPqM&9OuUv0-g&f~I?t;6Mk`u3c}K7`wnKBVFv}!^H3vfUBRL@^r|o z*HxQ6cR8Nw2&a-BQ=$A!U%>nJ1;07uB=^+9LsRUuC$u?SjpQiDXWE=8<6h@CCN)lw z3akgx&*tgc^+dV&pX_-vu;64(yhmIRC(mDobJRwu?`FKa9#wQx)1p#RH#`3N**vYE z?WgWBym)J1)$yLE@BdRbGm0@Hbc<-NNUcTPY}cQo5K(7{fb-3u)jqQ}{QKN%UHw|o zMA4^xtrtVp&%n0LmqBmlbPURxjaI&E-83-mpJs75u`)Ih&F93``H>s#99s=#v?BZY zt6AbmG$cW!NlyVgR?<0~Mikl$BMV|k$uAMFp3cwBTE4>XwYg39#Pof?0IR!AYm*^?9L)rd_`SZoi^hUXQhjl`Zuzyt^-tL{L$l^Ki+cBNLT;)^XD8nDXLYlsh{Anw5ulk6b$Fl zrArs7qm+MWR2V2sPMtnYJr!_QrJ|)w;sTu|DV)*anZRhUwlXRnlyXuqHVv*^x#B5D z%kA5DoZ;%Qkm>0N4AnD=pNN99=gyuxcTVW4`e93XQM1o;+5`yegJz^NnSxZlIa~SN z`*Y`fFnvG(;`DUHbaLm6jzzqw5YcmAvx#5`#=&RZqz3k)W3 z)_S$uzAC6Ma;k~;qg}c;7O;v~PbTwdjJ{M|+hU7BGMzFy{=Ksj0Colj2TvMS-m-MT zzGNf8#HqBK>AtYe2M>NxHaRyWs8RxyCD*E<_$|&*otu?I#|7+%FwpGy^mpHVFDeuc z7#NpgPP7mPn*0_YT9p_OMGCd~DK=CSax`sw3jfzo;&(HMt>LMzJ%9F0M5$<0)WDg( z<9U2?A~q=A#PidH zf^J6sWgU1abY_k*otr#5Mv&yA;-bdB$mtSH;$b!(H}O0E#%=xC;2NW8_C;jyNPU!q zfy0O))(5wRC$em}hj1q>l(i+`r@3THO5$J!NxnjF>rtFaDy#bE5deVSiG5djci$-$+z zGJM|0Qt%#~{s2WyUvt^~@$US|r}8StC9 z!}(`UPPn=^1?)w9fG+i$+>in$iD9W-q5_mdkQ?m$XC!fSY-1X6Hz36x+f<*J7&Ef= zf&e!KORzQ#_WYDD$81~;Q29+&1zBJ*dviNI=5hCA`l{KrQd8l!Z`6ZJ>mL~s3u&uz z>jn7|s}vgKB1@U1%SmmVx83@|C}?y_EFhpkjy?9bZx0)N5MleHscctA+Cn8;Ew$V5 zh5BY%>B4N>+4myp##Mi8Pt7mh9HuVYleOsmKqC0CO|g${(DpCBZ059kdW+U6B)I^0*Di1bVqZL`m4=9pTqfPnkzpT)jl;MG zha6BK4vIe`_ig`w_U^MyjwHzsJW4C*RwW^QgFuS7K=RwZd>$-QY|*H?4pFyl*A z=>eS#(t{^}*DRQ*DRwHN;m`e-nLb@noen=!*)SReU7;I@&=3>tQXCDs^2ux3?dqD~ z?8Yy^w1C?8^juy2`0mwdX74?uQHK$IU5cG0k2kGF-k7FMogd5(Id2NsN0#2WHxcPL zbg0+5%b-2@_gEjB^XRIEXL>+3!kxI|JC_)bit_dq<;ZU=D0=T8?l@TgnGt<>P|4dn zdj^Ls1k=cC%XxQrLawE$nGT35^5$-kU{pI3@QMpE8;tBG)mdkxKG)d*R4$!0K$YID zj)RSU>(N{A?Cl+yne4R9rtgeWb{a}j>hgpum%RO|?;fpzWwe@2vIsd$=!%58oZ)V~ z$9&jib$rSp4F4=%q0Z=EsVSFNP@@Z)pa`fC7jxFShC)Kk1xAu)jY|o#2+(qhsb$G> z*S}ez8tiUh31D^NyePb={d8}6Nxc26cF3_0i4e3goZBm*cou-B@3J>+(CJrqSlOG)-e+ zK;RwAOyAFGFuw#c#N+#Hp~=jC!P3s2o#A}D4Y^tCp{_xia8PJ?T2#}j2@qYP$0=>b z<64?AS*0hbn^a_mrGzt2O1OwJCv+}-jSv|kiB-O7uE|*VW%6Sh-}r=$Deh}333f!( z|C%dC{EYY+>0ul%nG`11I6pweIDgKI9;j)ursKz#7VbZI@YPpeF?zFFu}kyG@@4`j z#28u3%I<&6TP0vE$|MfA_UO^$r=NT((p#l5_x#Ooeyv>}kO$aoM2vw&!!1k$h#)zD=$|39is?5nS|Zi{2i zF66?UYe`uYs9iXFcwp1{%{SjElfZ%jV-e}?kjqXF<3%ttNz@h)_FG8NaLF7rdUnqd zIKTV&()#qCgK}5zGHRo1DEt-zAlE27bGW>^-jrKbLc?h|_toXNzXJYA(mLV@Q2?-W z=Cm_p>UxjRD87qQPM0Pgw9#!Haf$jfZ=l;dJMr|!z;iVp>Sb`LbM=Cl&IKr$X(_v1 zvOatMV)^TDzW?s~GR^#6$%yKAzx#^SW+aq4;3q)S$?8$D+SLtFLRW+m#DEr6BxQA3 zG#+tIyli}l`SFJznZvRum5br&^JmWtL&T$Alt5S8WonBw-+lLkwy<86p#0pBS*Z0^ z5EhbVJo-0(vx|T`i@P$70z1}Ue)$(38CC!5zy9G*fBH9crNANCD*`|*(tQp{M!Jt5 z#XYb{7&dA&)24X9e*WBuFu)bnN*e(^?jnAm8i(kJmA<0lIcYNKG|M}wynC={;UYiW z>8J9`B>j~?lQbu>)>R-u`jiid<5-10dbqi|ym)lL)$R*gLc>fKYKErxGtwOJn^ZI* z$c89!`F}I~dFD^`Maz&Pb9k6qJc`+sCEpKOH%WbH#*0^W#CwTsV$-Y9UmRsWyKGh` zBd9?tx|=A6tAo?G`F}J0dp4E5lAfbPDiX*?br|!-o^L{R?*(&jRw>A%LyP+Bg!9yW z;ZlUTdsG(9K+mGEYI&SB%2x8rpuF<^Y@@$}ks zDF{V%hJCrz6(cD4Phr6?yt`Erhp-G z&62B|3?+!U+Xn#CNz}~8M;QXy_nhPY+8aTBM-t;7`Vf?r8W&{UyTRVMBW;{F7_-Ch z`gOf&u6d_#$gfk&b<$iP4cp;(qwM4E_xZJsz({A}`#E9Q zHrC0Nwq@s6-D^v>uSKYI5)#)juq0sXjJL_pw|=tfHN0{O_hi*!kFS8Il6S(%{nhEK zqUO8qZu$X8JpvV2Mhd%b>F^5lL(D7iGp2`uj|o5Bp#a4|I=^$ek4CF=LhP%Gt#Rx| z0*Vk+cRx|kPfY>Dm)5V366WdN>9VQ8&&fS%ZZ7jE4v$W_Y~vJbk(gO0Tl2bS_bK-m zOVP^iSB{j^KPkV8?ZQ1y6ZQ*l383;O705~tEhOyVTntv3tkT9uCFcY?2be5v5*@L% z63Zx{)QWIR<*BkO$jka)QM0#7>NWs0dD%tGrtI)9FnwbOK?u|p%)(bXe}d$wiinHo zp|_MyPR=ylmvQ)xG0i}ib?gCQ6(nk}&4wi!a1eI+-J@O&F()V4KkG+@NJhT(DAMIo z*yRe9 zyTcRBdfACir#>Lx_SMQGcO#4X$eiHnUbszA^dJD#>uyI))dFS=JCwS$p}G!>imY5rsReuq10u{tKiv^ml>O5nELpI5`KQM$RWq)PabS- zE_dQdIi2k$?x5iKhmOOyCY5*pet@w$fK+_%4eOMfsOmLkkV0SV?h{9KuD&xbFfW&f z_gmgL9^c=@PrRmxYrHo4P?rs0WdAbbfNK=F< z>C^q#X}^@EZ|I-47w|=itTj{lOJsW`&6DRaiJ2gtuZcqARBwQ77rQZwY97AR^v)0MyQ^uhVqx+M*m)`;xnqnn~(Wj)s>pBfGUVc6fGT6#F-S z^Vfivtbs2$&)vEek^_K*s>v{>-ox!9R+77Wdu`G;Fy*8Hw(yLlW|LRwtW7^w$ z5dW!SxCBNv-nzP2>GAel!u;(2Gv<^8nr%wR$84(~KiVjB;TQ)ZxO3u6S`^6YLT~J? zcXoDKTGU`}P5<-%^`HL!@BdDX{F_dxH)2{}*J()7lmv=?lq2KUfBu>aUZ$up%9|-z z|KiKP0Gr*xjKt{$9%iZEe*3MejVXkIgixA!3RD+=lCZAaeu04W*kSOJaYDpi`_ z|Ni&VC|u+#WZ^DBU1co$J)9ftUw#==Y*Y%K9xou^{Iz@x@9GZqB%{U@QiuR{6@Amj zC)!IE=$ApU_gzKb#mqhq;g`h^30@XZI^l>XM?}ZK=+V~3{mnHG+gs~!!5F=iMF-rj zGN(N}IH0ZO`*-Npm(^SGZWq80Ssf$}1(|NNyG3~f(_SaD9O{Jd}7;4eibk+VGmws9K)AV=f z7m|P8-lf!nVFSGGnc5BT9APa=PKyfU9^@$7#NTa@gY`P)jw~i6^zX|#j8-pv{pk)h zcm$;|pntdb4)V#P8HG~Ots6>+LY=+11#WX?_0z`>eA!R`hRAcaBG)Y-vg(-(^10TC zg?MzI<<6>su*Y;eA1aHUO{JN~t@ANjJ+`RW0Uef=Tfo2vQAP1rKjO{s+t`NYmPago z5PdfSdG|43aW%xSwZ@d0%HdA~&18J{As->Un;1Y%q&%9LCr=(x(Y$wy2&x{eNbM3% zmfb7yRy=?kF7@2|m+=N~oxVyx<8ZEDez8So8P7pk>_pw>4*!kgXMh+gsAjHe*M+z| zzBT@D9R3Dwgl7g19Xxk`Q~aFEJcozTXmt)qeO;0CDwQPmT84028BPw|$M!Tf*BPJw zqZc~}ghDo03p(p0I+^1m@ry?bM@z?xM~m!uSVond4r}+5<?U&+9u0Cz>KglJ zm}~mcz36iCvK}Xu10vfU_78yMOnWSPa)7>M)ZC*Lj?HR*{4cFsQWe~3Cg3xhbyL#b z1QVb8#9Gnga7~dTBKcl>{bJLnUnUJRtCO)tr2`g(%h>C60z zia=htpH11XycNJM_tlY|jDBiJ)8&c>z@?poNu_V`L%mKBZ<7gk1pvBrg}+5Pon_LH zvYu>NdKUiKw!d{1V@4Q&Nt;IkO;-bAr?Wt20z^8cxQZSgq^?;YzmqHF=zUL(-pl2f zFA+YKDP=K&j%y1(sks9v<3bv!t&Mzr{k7#3>~9H=5ve*5hDvK%Y-n%u4ggmh&Z^h2 zHePIT8I`vQhPt}5`mT03X#jwy8)LS3aHu<6()3+|9*^ESZ?_i%#~jY^D87n{K*-R7dk5KJ{CBco6U4g~GCmwETTnMJ%i21U14bz=4{3}v|dD8}* zU|0G8W%nsO+2jL*aca}?!RGqA`&jK><51RywmWT(ZSS6i-U@RUGeKQdkvo%(Fkrln zF<7qsNWFhC!#g~y0)E<~jC0j5cH?Dcb8&rjAq-e*Tv$d!D%GQqX?&!%x=kRt1djAQ zD4PZ(YbveySy<2I44sE;LMO{LrUh(o$UV@~bTldCT38s<&!YQsc*M_ToXp0I_?gAV zp8D-rskCrhoJuB@}sJH^R@FK+xPzd;%`3j4=3u$e+&BhGu zL`PyvCAg4gHhs$qm>5>D{-zAcP<8m5+4P-FGI0M3|h^ z4ws(Rxvj1D*`xv#tf8= zuM>VVI+odffx`i4_@SI3MA$}UKZ-#O#!H%*O*W*z9FWWvtj4wNQsk-AXDmv$x3@jA zEp}I6Cv#UFQ`H@oRb@+}Mi!P^_qQHDdCXe$g2nJq9gqj8i-uQ-1|jhN&O^Bn)`MVB zLhLMJvYbyD&^v(vy1J;2+1=UIm14@cGsex+iel!f5IcX(jx*h0km@b-PHd-a2bX~)gc%{sHq4pv1h4_~~PDWe2nG(Aq>?|y-uSIfX6i0lPQL71*)Y5uq zcW1|UrkED(@9pXoM(ZXnN=bs#l~v5ZGf>Kv2`7=W=?U|o0#c?^b(Nz&c3lpmzN(1v z-AgcloS?C;EMYEqMP{uI;?ws+zG+{)s^g|Ay%LUIP-pu)vzr%+~ZUAE2%%RdpRZ1g=Q*&QV=B zQeIjsB^&0Wl=yWnBT6>tIR?m0*lq9(T(UC(!&)T9XS9~tl%Lw+vze~87!V9 z8bc!nMhv_I1_&c$pWZl&)KoIdJCrwO{pDi7a)z8t+T>ibxAVZYU-tIK74L}308?LL zwDVWCVt8poO^%q;a$>SEbFT0cPal&pK?{n9d{?n4+EH8?+KVwR%`~g z$(zeRGim1DUmpxUXVCN!;b*2*HyV6zv(k;W;=?YCYOf7UTm5YYsK=fd%+^tWMn=s4 zm?k*2>#J*QvFHgHpBx?feANlfxmiBxxMIzG64TJ+%*+y#f(&5)r}NC!D60g?kohEa zMeW#?Do?=8*d@V+(IA%!ybntj`0@liiV)I7E?Krv0cl<`8!Dxl1CVmxZ=h2?1I zN%>BCaU9~_r*pcZDC+9EP|jOFg32BPPMu;Mcn=>^D7^g)21xKL2h7T8iCQG^F1P)y zVIDIg0Rk1DzbIs&tEP}yJU8YWT|+NOFoe5bJnAp^&f9@2%i%X>Kj*@ogkGj*T3tom zC#KG9Ew0#)v+sDVa@0G(aD8|(77ya&mA(dX8B@1U2|zGTjq4)s3>Ns;9k&n3%W4D? z0jc&oV~SUTx46k*>|FGxI!-@&%vxdBX^4YG##_LeHgp zea&Nv5d$LzMhuJ?7%?znV7?fzIAaXl51hHOTF=P!B3-0l+=XSmo&aN&$8N`=nwYXq z%ZHe;A_Qg3tu=pjC2UTyy|3VRO8=B};SP#Jh=NF&rT%$Y#wvAExO}-@l54_rq`+LI zQez009GEsir^u@XGsH0rqmft&gXZVSS1nGs&J2$2E)0uxU9*bao`~a^b8S z`CIj=d4iafc<;+;ZZifGixn?s+{Ypg4*AZ%w`h;(`S$L62aewW06+jqL_t&^|NI>$ z^UGg-x^n*7``N{O7MvR4NOhUYhIF#rxN9fBTzX{pt(3I2rwa|KIEF0V z^{3>=bqQz@Z=;$fqDv;LYU+8YQDze5Zl|>+|RL z)%)Fd-!VXeF7pZ3syn8M_I6p;Oqwtmke4gD=@^rhDavs{b+U?k@^FjfNRIA$wEh0p zhPESYk`cQiBK*#a=bE>^wY9McG52|kzGq0xd}S zNWHbGj#cDzXnmdBtOeC~vk8H@)EX$0bj-X}{|e=$=2sIM|TzlZYIS68fe{15v`fEFL{h*6$aah4|wj{1D$c({Hio2T&% z&bm0qg!$q8-X_QmYG1Dp$(VA)z{iRKvIa4sr7aQ@Vf15d>DaD$W1wZd7Anoy&T5kK zt|>>)12(M4)Z=>{k(oywW0~)a0o>p_moXMFV&Kg%a84chW?9G7?~DOszQn(bd@`b+ zikM6UlNlklq6>^tiz(4x*-Th2i_&AxRu_+>lvBzHdn|`y?LQ0}+ez6iVNQXqx-Lni z)7j@tQcXU0aU=e(=;%3nq9JRsd!N25Z*w*|J_9wpKdz zks~POqQh>%!on^Lpy4<h#^8v75d$LzMhuJ?7%?zk3|Pn84q+kgFE6so&9;F+verW3JVfGcq!ovw z!~gn|216>2*=n(@ojkn3g$A6l(^KY9f=)Dj`RI`7flj$=>-yv7dXXpuW#i+ z=c)%^r=OiXjuA%e|4PV$phaEGk13^e{(++Fz+2-F3fd^p8UEykV=D37N<{`jMmt$w^r zahv)z_`Fpzqh|m#>cn8P``qT& zfBu@?@A}%RT|>1)Lcc9><^{V_<**%P0|K{0MFNUqPO7fo{q8TfU%dFI-~Y3|c=Gr# zXpF2^VsAM=YgamIR3?)4=nghEwFT-X>)Wl(O+tpDVou=awfs4?Ve5Bae);A7`wt?O zmvI}}WEPCMh9}BR#8AQ!Xh}e%Ei&Wd`x~>8BicZD@E=`|`_kfznz&GP(U1b(WD>YW ztH30cVhs&~o4JN;bc6EjH9+`Ck_3lFdudUilAeG^RnH03GA6+dcixR+u4o`uwgNOM zn{*m=hWSP-nM+|oY*aw8M|UL0O1MGV$IjGkX(6b^>|Xs!D*L zQ35%XMm>F7bRtF}0cA=n^J?xyK_6EW=pOG*DpvbjREIsXRUo5)OM81KN!t~!*>*&1 zNW4YKW0qMAG;YNZu4d!s7iQY^^Y$*qD-$mNOBt7K*S7ImF9M!l?Ml|<8bJ&YqqRXx zw=ga)wW^=uDm_pVV@0~Uq z@cc#9qPoC}_449q=DYvkk&lh;?d=}y@9n&J!C#A6Z+$b)T4p`9WRq--mmS@nCHUF) zE?f&-6KF`_oWk@;`)_0X*)|K(!<`44Up#$qe{+tS2=z851!xs(-m@GW7^lOl>!4ag zwLJU!w!n9HJt|EhdbZ1f7(=oJ(K4)@D8`}7ByNz(VwI7@-;F4LP3+~RX~*_CzeK1J=CE{u-Ur*KhcXb^PR$Co;V+^+MRX!(-nE z(5>~2^>nBXiKW`J#9&AM(xp#8JiziD>S|G-kS|PcH z$nFy6R14?t%Ld-o&euc)ctZ>&xzZSwvUpG$*`%v*kF0S*F%_fL2#P*CRaJ{6+)>?N zR9)AsQMZ2f*(U^qzx>O8_xs=fGv}u8z>@X1zx^%S&@aCD;^D)G>{ZvKmYUp{$Ky=|JmK!gMap^YMgCg z_1&WQ-~H})694NT{@9*VnGQ3Mg&$QA&3K1pi>yHSM8*tKHAK7q_=i9K^y81h`lT?&%!g0uxiaq$dyc_e3-qz zxyHdN-_O}%MQBrbM4%AANCe$nTajk>;r$=Bwpil>t@DNK7=D*;OzbP%k(xJ6vL>S6baYqsc~MFX}W}65ohEXQ*@x%n1Vq8g-L#C-AZ= zbn(#9tpXaR+?Qqf$l?v;{?x$k!oB^K9EWgn=d-7eo<0rR^N}_7t($`r!#N-%dSGXM zEQN1f)R=L^z=(la448s3;opAyJwBhvKnQwp|Ng_#lkqH$#_$_rz>IDCm0(CRBKi@f z-mrihOODmFW91|*a4?@?|Ho^@z=(kn15*r)Mypdy+~P0o3uBqt3Ym41`WXaJ9k3fb zIgU<{mZnWeJxE`(cbs6|J6Swsta`GW50@R-t}wD7!$0tRksmZEHmF2e`6UEo)lQowf=h_vT5>0bOXS>`3fo8&(ME z^xhT{(%uSReM|aWeXlZqsp*66AasK6%WHhA&LyIIat#QbP{s6FGM5bq+f|ayeC2GK zqJFEoI9luU?y3HEFEs)HkPLCve4!z43X5_mN8K@P?yb%ih~6g|z&m;qyB=Y2u)GTb$U{T7e{ zHRdKgCETWa>A}qTXA}NeffaY1^`iQ}_r1zezijYgTDi28O}rZJ2qrXB>x;RKm7XcC z$G;hY&7cn+El^n6*Ken!6!TJKI?SA?41`DdE3e0wLDl8YHpeuofNJ|a`^f$j_sOHJ zfnv|vdqbgFN&r1c6}85h)Zrn(AzT8NSMFWs1c9}GEV3WH>ID5bq=^W8bRxgEN+W^l zO5&)EsG$WC!Yxio5iN_=2b;FqZP}k;%&C#3 z)oe8lRUe<^AW_J3AwD$3pDxE}mA3t`eB_sdqPX4ls{2&3rNx|*;+AN(vpRvz;E?$F z>oPsRjPg6*n1001ECr49Fw(y^wOk8{o`O!iA^;^B#mN3X8^@L1eP6P7hX1 za$OGKhD+XwP{2wTtd1r!T9y4D|M8#r9A#k2*y6L#K4lyFyWf4K#+~i$Z@>K(8L%1E zUMc_l=WhrapMU<@S6_Yg+u#0%r&VBdT@tYUEecs#U0r+n^r>9WpZ{5N9zA^U$tRyU zN(YC4RJ%y!bMjiAlXiflUX}ib|L`9ek19~RUOaz69%Lr_{rBHX$^HhaZ0Y?9)%B(J9DPynb;c+vj?DR246y(#S_z%19R^+`H;NHm|?_^_PG9w|}E{ zXp~I@9n$=lfBDyc{g>Fh);Yj!f}M_-)#5h&+~9l#!oIrX?sudb`G@n}e4HfT zaEp_>9B`ezKu#2*GLL(_`YyTd)+O6}`)D4viKVmY-yMFXDK>;zsspBbITKqQJX_Hi zek}&fJ;Yop6yIZM@pG0Jn)Xx|(<@c96SHY9S24|X3+bclm<8a}{!FIRi3(-*)%y(( zbEyfOZlUh9Tloymvllyu$ET}nYjjd{5%qUso~rM!)M4x*@|pztlP?rsSv_>v_U?h< zX-LvJM4>R%9lhVij8BWwbX{LGp0}S!GV=! z7|F(H(Bm%%`K96HGHJmMb^=1;yWkByAY3kOj2SWTOTa+pl(4rYeEGR5Ab}kezFkOR zSbF?F&q_osu8heMzXU9eZM<0wn5au|-ffC%QTn~m5`wpaM#bdYFVqPhY6x6z?`8hv z&hY<$y;JhYeBhb%OUY9?T?U`{$o%89i@oolCl_)pudg z-Db~1yH69^xUzjk))gN1)ov4vYt{v6JtGNpmdG&qWK{$hXlzVQM|?jSrT)%sL0ws$ zNkax>ycUA293JW6ZGCanl8O$GC)*^HZP~G%t}pSi#5wPZuN*o3x4*j+S4(yrS64PS z?~7bnS>;WlE6swKIacStW?nigzY=%)WUGZ#A&LQ&zi9vGd_lOGP?h;?>CsUI0*Xyl z1cQo%MS|IE*?zb?20jI-PGUP*XEX&wA~r^=2ge7;r`gre7I}4|u2fF0loc3`VqPply&6%rJg0CYpI3)6XE|ir|Q!E08i1HR5Lm z8CL{H{9J*QnWzyzGsw6iIO69Dq|8M9a`1y&zz4eHK=5zeb7JIdDt!L*!ScopFl;kO zy}LmSBu)~1G!GcyAAb0WJo$9$XY}sEJ%x-30aIhVW$}Kv%Bc+sCNB(TuAIs{I`mBm z2lK+%$2w#2=wSc!_=t7n&dL5a$9w3&D-52y^IDk173caE77YhHE7<{B4$6{aTJsJ6 zsya=ecdV;RCv-e|^pH^|t4dqB3?&%OzM^8i$xxNSssIib{9K>@?ss32lyUOg+b{m` zhd&UO8Jlvs`rrQBKRkW_|;c``S|hU)^haQ zwbfNH5J2v4ZE=|T!w)||7ZcSle#Lp~=O83Rs$DV&g#7Qn|3Qorl=FF#eD16r7?hSI ztE-=X{y7WU$X|Q=TFQjfD_;f0b1O$UeX+6vW)`%6{WpIl<#*qIFP0@MXr*Ups};PZ zN+yPz)j$2|PwDqMupN)KpMC;Vbgo_yl4!hTVhbGGb?SINOmFkN^{rt3u4s=I@D^#v|KJl8yVBBSG4H%Um^HR zCj0!V?(S^6#l5OWmu13CwR!)+^4j{z!V(n@Y@=#yfTp4Iqgpcx|Gu0~ySv&S(s|A* zoVD?TjW3?kPn;b#xc%0RHNGhZtg947v`&at-V5`gnT-mWj#R+J`>RhL(m`E5E%2t5 zexT{CBbI!E*dzpN#&{%N`w<(CZs-tUmH?l`FPCFkfS`*Tmm#a-q9@0vU^!gG#t`eCG>E08i1^)C3CDP}Igx7=T! z3oO5wLNguLgv_+mHJP1bklNFA7{{7}+G zk*Ab}4T4;xNt38)C7M6o)YM1_emE|vP@8YG4;8ucl3cU+=f$_b$Ya+U2h7mj7oq36Eq~^ z*r>p0uzGS=TL-nSns56zyAeV~7Lln2 zo19RQ&6b6Q{p_yX`cX&}u3j+g?YSZHSMB7@0~OaSbD$Fd3%h8%(2gF2y;wR1cz-D` zOHCO;qAxl^S!BA-dQlkYRYwgm!c(MP;p0=-Jfd*=`fR-}_$H&_p9)o%EwAd%<)yar z-#M^{wtuj@u#-t*ePiV~mYt4r)O34({+*&gUDM#j^(*UZ<+QAteT2KIubW9U@10d|u4MD=i^V0L#7DepL#|iZU)PKsz8I!zB!0zRl;Oe#wD3Je`o4Zt9d02y_?@JsNR5BxnG1)|*M? zATgPa{8%Hr=AsaFBQTuu$gjS9ejD+FPF^wpkN6q!Q&Y+~pPVh7<9N9{>kG!imvz7s z=j(?jFOCmzAWt4{Vg-vyIP0}uA3wf3mdUlXb!I&XP~p0>P1Z-) zY(7;T$=g44#w?JAcbTr&f_a)=)OZvj%PSa~Qt&Z_TxNu~?2fHxugZdwk6B?kcJ}s{ z4h~DahJi5QkpX7d%bP_@bEw**fBu?BQnf%AgOx{* z9)I!0XTSN)Z#Xyo$=}VdUrm{13mw4|@fvDK(aAk_fJC7JdMA|4MKMf5_hdiEg~YrNVw$dYHk#byZzoiD~_HiyCZ-8?S3)01jjBl&_RuEpHa8 zGhgXLr8fTWko;9b_r2*ijhqw!BxsTA;G6u~$hfhD0C2(U^oo5<>{H81HI}N*7(1*$ z{Z-l;$qo+o@&Pg%Jv@{|slgRM)KjJ%UEob2KlnGe^wzz@dpTi#6z3^yR;BUk#u_jd zG-nJ%&FG9eWgH^lALrPF*Ik_XP5)9!8JM83+&eSi48WWrdjG`_L#C=+SAD{<0I~tuN$g#QO*Ry+Qy(aD~I^Nv5&)ULhJQA2D!uF;J^*mS8i9H8|^Q zT?WpDK&LUjHa0eK=Ke@2cei09WVeoi3F%BZH0xAx$Pt8^8$(in66w*+B<&2O6O6=9 z0x#*0sMx~nt-%iFFc^o&c0B#rglZsX0eH3ibvyh&c!1j2I|m!!@^>fYk&;iZj~_&# zAq)8!$+<6u&f?#^)KgQaDBJPZ+JFBz@T0-dbA5dN0@Ke9jd_G$rSzFcePfw0V8Cav zUlQr9A_jI}H7UffQ(SBXlA0!s-2uB*k!6Euri@vZF%;Vt8Kq6C{0YQFG?#cYO9oq) zUyBvVD|2kZ^_LoAAT!C5YU{Nur5;M^vN;Q1C>5mxFX9}0J= zj;WXlgTA%CQGO8PxjA1*$f-4i%E5^I#S$_C=+n*A7$o=%OZ@{bx4@KR001nNECnpp4+l@MiGZRjCYS&ry z_xGNfqNHg88}1F2T!iJ#we_RZd$#z=q0MV_Kjbry$L*OWoC%zB-oUu@wSGe{HyHp( zq`~l3x%O6l9~0U9>Q|pXee%QtaXHsb#zcad9C%n;<25N-?U$90ig!6NwdWn@zNgQ( zciq`cOV9n!LFgR4#oTwc1YM50?I`#YsKlY%%jjw<^2)x0F7ODkPanF4qQuCn;~HI^ zc(x+pK)4tChK4~NpmfSB(<`bjWsm&W6=QS6&&Z$84zZCQMtT_Oq4}}maYlK6mK?6; z4+sA9T+(`&_k5xfRk&OI@gA55>_Zm&;-4`IPTX9{7+ePRBZ$FFGEZbm=%eb)6kM2L zn>~iW%Zegg>&svc3V@*h8XgltW}a;d1z zVWrWN-hu>R40gSR98D0=I#8*I7zld|TX}UtF3bvLoL+L@JpZpuL>oAe*1gk~t(;RQ zCvnNc3J`d&xHQluLEj^p*W+xK^YCY6_^(naBgkdKJIB?ZPoI*SpXoqXAdR6GpnHW& zs`0um2H+p!VDC!g75;-+|GUJ-fBNZC=SuLh{+eg{i0by$R!(BynNOV_9KP7ydw752 z(?|E;mv3_D;z%{tbtW;^`h_x0V-U zt(eoc&Am;P35E512GHeJlS0%8dN2d%s!q8sDU9iE5d(Tk|E@0Qn>P zdTCy75uiIzl>uVNWVr0^nK7)n)^tn1u*=H$`RAWv0eDHr4&e>39}f5Uy92PlPY`Ud28V+&qh;Ou?2obTyNvQ z!*BDew&rtg3hVf?+QC_uwPhk8G=I|L<#Mi@O5dYTl`RzG@WrU^rpli;{MRqP{XuD6 zJo1$H!&$6Ov5#u9Q;&!m57#gMcKU0Cr+e)^(dR75+y3`UdFjT4NgpMx-rzzDO zzg{GXmy(Mv$P2gv%&VkyZwa|UO7c>nwmth08K^4dn7;ATh-yqiPSmXDb*zoL3-|Qk zhk12-i(fHv!og$6-nuD}<+_|*EqPI&%7&`}y_ZvtG1tUEW{tY8nf~3Ab+0w0n_J8> z^sNjKS+n7a%{lYFP^JqQdwbc>3zt_qVrZCm)kFDRmwVIsZB{+NaQy)AXuF78bmk|g z2gmmoZM0IL)1WHEDv^6ui=6t4Ig$vLxbt?6M=A|7@2cH(-+*C1_9QrZtl zPGGvePauEY`Xx(*$!Y}Q&7ni&T8%z^@?dk?vU&Y#l&eeEqTsCPb|6^bNuZCW7-16hIV5N~3~hvIoOHTmmADa*`%u1D zo-6$jH)&G6>Gxy$e7|70MtshqVx*su9!7c?=ZA5b+5u>@&zE7dP`d6{GZ*AqWMpg3j=g(C-H7H$I+BBOcElQ(N zj~_oOzPl8fRFkJCVwJ-%MPBK<2}+Ai*Xk<63u){q_gg9L?I~?q^5j<}m#8NvpBl9w z?*tDY#wKjY*etZ_e)X#_DqGT30G`r6c}~nZ)sxn>iE6)ZOfsvj^tt)p*;&olfMi`= zk10vwhGb}6m)}_cCS?gz`6`Ac^SdKb8c1-5D}N<_ryj2uqaZ47p&X7Q7^t~t2?Y*i z2EupaZ$ag1@In~n=+O^JiRh$F0;Z+Nqb;6v^)vTsW}Z8MhIzYGpuunyY^C@#SyT*F z+bj>@xw`FnRicfg%1PeHX-OR2cIm%i%)26|g|*u2a}cq9FOtU$Xk+jq1{%Zea6X`Y zNHl$$?$B%f*l+VZA9*vi6u~z=*d-C@UhhxH0kno)L}pj0qI5X!r%U&aoV_k-opkRs z>&b&*_HDp#{@!SDN0T#GCN4&+)GxXG9v&cjZ82Y&HJPe!Y;KtQ_m57UZdh7gU08C= zwQNuMUOm`1$~53$KNbxPA{zf`V=%83J^X9CrK!YJr0g|R3YJ$kEv zM$2sie+TQbbUH-?X_T>SJbdy(%*OAN##}SD^g%+P$ia46q-qTnbWpuhQy}2 zT(kI@#20FQf$5>5uAl|3qM7zHi^@jO$8y(LJQ>bDEJJG#=hL(l{t`X-d@B5COKr-e zCGo17&#&~kG4}U&{vZ|ZNqgB zWI>4s(Dl{L^|iYDWZRizQHflpPcq4a&2{q(`@)IwXm%g60Ckty7hKr1SG&R&h0jSI z?Cl>vII=Q@(&|!CU$b2-yGs@Bvy-%_Uhis3I~yaNSP3#H&D=g)+PuR(!Mc~CWEC(y z>vsHWYd2Bv9r~cy$w3ek?4kdi-92)trton61XnbUpm4 zA`;-~FL&a%ZJ2gGWVkiuU&wn?kKI9JR|RSykX)}=o4{8mN||Nn8$jf9h>=&vHhmRf z6LfWaaZ-sM$Vs4*o!x-p0g_>$aBymq31R0WZW}h}AtAgaRJeCJmka6QGCI~)R8YQJ zCkE5pZYZJ5H4x`n?MidKf}StbGNx}N5958r&qzN=Vx))3xTpzYoKHr280q0`m3^=C z1Ad0Vjdg0XzQ&DHW2c5~A%t)5#Fm9T^QOm*x^q9oJ8V3E{=%OC-m;7&@3fm$NH(Y9 z2{D?O!x@}6FP66#=39M@<6q(Uvvhb%Y*<#-7ME8U3ofnrb_tf=UIww~Q(>*|X<7pMC%Rk3!^H#uiisYh@$hrTL0n@_# z%a!O*nJ+}Q~+lHrMuCdi4 zY;^e2g#$XA81687BcX5a>>jXKW#GoxcgZo(v+D-eFIs9M2_Q8MT_H`u>~S6*Ki}Cy zZx8Noka5WJ7i9m2W`cn!Xbh`;cEUl`=Q}aaO`DHT%xBRl9-nwi4mHm)#9u}BaXfjd z7RP4OXLU&oH-Zu{;D^k}boEJfw>);2be;yGo~ltu!SWiU}?)YPLQP0hS^I}N^3?ER7p zL$RhgYdE4kSVahR>C^r-3uhvpo#{UkY$4;UYX`oYwYM8b#O+-*nrCCf7%`Po^6l>a z=s3rtM~^TD(!0zISPr8MB9@oq?A%20ks#$An$i3ie17+x&rip6wb5v@=?Q1V(mP;x z%=+DBOXwoA+g{wW^777xUJXS4pbast#gR?sZqQ!C-Hvmdq0tf}$sz(}q99pc>~xc*CG4zPa z<~D2Zx{MdHvG4^R^!6cnS&coi3};t1#mm|1y;d#c&!+FHNAxxQsvY5J9i3xL_MT3F7$ql{#y+R`%B z_PMjHN1?7|wt!2{$;zvOo`}!N0m?+^%JM6IxC>-e%Q}2{K2IwP8}+JNQiY1F__G@3 z8tS_G4!xAN*Qrj^Tu^P}!;WT-PDaYh#-0lrvpd52cyVcKbM4{Q#zWmu8$s78{6ZSa z(C5#d)Ai7eB82W7r&*~c^{8trTVz(7C0)q{Zrt?f@vr?SNx{WY=- z!&6&0L4pl>bCK`zaUEPJ31QfRZ5}GSJ{7Mmu41D^gc4@EUU*2a{7$UlsQKPXQS8Ek z?NZKuY@n{iN!)Ma)^4t=;_4^)PgPN9EiVC3Gm6jr7HoHLaVn`+$kAZskVk>++E+rMYoAV zNewSmAYf=+QrdXK@GF5|FNG*sB!+wdNrTVALueX_EiT)w=+In;hx;#H_>cydgvT2( zPmVMJdvG^FRp}>f$^>%ZBA1RN0avTZA^FajLlAeeQ?ApZZjWoY@&2?A~+{G6`2w|3fJWfEm z3H~4WrAZEgbG1r5+pgI`j8~p}K8GT3#MqR{DNu)|OFo1$kIrGTpnYqp_5#4a zv_~{$xVezlwC(Rtex(1Y?=k@fT{+B&z%s{7MQISC{?(JrIb^)azgU%IvO<~Y&G11R z`v+MxWt=wZW`0AL5!)w7Yt)(XOns(M6Kq_nW|~FqjOvz5!c6(CTrOdATCZPP0p&C{ zDb4@P^cnJ2i`A&(az;fVjPuenRAaH^tMkA$!~#T=2e~v%oK|c5%`|c>Ya-+%)}vgcux~G*1jzuyB3M zRgsfb$vza>+^JBU*~;qS@}8JoyOw5QJ2_>uYESd{=wLs4qthvOo&a7^wyNooe72*v z#-ym#*)2?{%Y7ob_PZ)0v0fF2*-4Y;Cgjavw z-;v--HmNX~GTTq2f?6Y@ZxF5A>9kc@k}w+VEFGOZ^`!QsS90ZPH#ajSjY|oAgri9v9H{(L8D| z9UKy&MCdJw`85q?60o~`^}eZ0GC#mRtdezBU$+Ui&Z3RAftF!%dXH6`IfsFqJq|4L zZ9<|hgyfEd+@a!@YgZkHyU&7CSl@o_Z(3szw76u2IXXCiGc#JuQK7LA*lS0YBRdC) z5s}%?RjXJ!e0IHnaPehEnT-cpdLN@_E@@+l_N=?6Ary8E!+dy@o%$Z-9K`SH#qv8( z`n9eAo6pImn`^yOc3#l+1FJVJy5zps+jHrqRY)(O6Tqe<)Q@-ho|ZCvWEg&Y%011| zi48@YeA(kJG%h`U$SqF3oXB9_PhOm zyOOV;%K~91-uP<&TT}*%OW!ZAtZr;>J$n2|fWK0uwQV#c*kpweSn4X!z=gWJ3h_*? zdWnsjQjBbZs3?4vam}+7kHmEA_ZBwRSMG0YqG}XnyhsAJ?2=7)kA#N0F4U_wKmnEF zfQKbT!tG?=a55m+F9c?=O;iX&Srw3~VZ2PwVrIu<=Nr?{&JQ0vest=Tq{se+i3{`p z1>``{NdF%d{hufPv42PU?`d$jf4Jj4oJcL|ID&8*#ZF-14h|g!JhIt<2^pICQ3hIi zaz5&(pMS>SK?Zvr$D**EjDGHZlQDj4D~@X}9v$K>r=3;ZI&hyC=(BZx;W1C5yK~M8 zpGjOA`Wmx`r&Y#5TyLK2?jNqMT%-g{Bzx5#fBMO}GR`Vx;X~+)&yTRM-+ud@4WRxU zA*P*N=B>hGWOZ=Bo|Wez8$@c1byfLZwF7r0sZ#Jc2Y+}*_dvGZp(G(Y%Wo= zkC(&MuI0s;Bd-vdZ6`l}{%m{ug>T({`sq`f%9pcDVw60?%)hpxbLC9)UN_e?eHZfj zT+{RyQ%>W%9K8*V@ClQ)JQ-)F%ec>7k1yfAq!c(hUf=T9FjZ=4yeo*#1z zD}i~6DtBvV<`QRlTt-}Wqwo%5HNrqW4tQEZcJ6OZtXd)`$t z;xuQn3^Q%UPh|O36-oPH5;LMpJ(7SJ7t%CfUBie5FlO_05Ho z)wP9F2X6hv{#E40)_rDaH7aGFh&ahm*JP;n!+8HdFrYUl=DP5RHT2SCGCv^4 zl1B_&69cH%NJqfKGS?YVcr(e@ET@yT#VSdMlp*GmPo6$`^7t*vd810l#2+yR2)`t2 zTT$rK`n7fcfqC}%3k%oY@sWcVzM=6#^Q~@+P8==8P0G_n~?$|L)UI57NG0=&#vV^9Wz93Y_%!jnBI>FLM zdJ!9_k~I!BQYXx{mB^F8+-hp|W*`*7zI&xg>nkMQ{9+Z_k3;#=2zR~xs>ALc`)w!o zC~{Dj+?{e7PTY@c0B>mE`~t8+k~IJE5F}iaiup6#+x#lMvgFiWQ)Tzpg|4|W%Z*2( zGWahrZoKT9EU=LSV>DV8gbej~QC+6rDm3<)h{<{ZttiR}h1e*-MAx_wpBb@6R*ITl zHAJ%2%9Bby|95ET9lG)=h#vle+2!p4Iw{#NSog}zHeZ6vzgO*4+-DKP!Mzs4~0#>chxA$<0 zgO5pEB})*yyfTr_2ty229W#@i?XSEJ9+%-Sx0dnl2{r~KJKJP}Y@7htju4JodPThg z)zag@7Z)E9Hk2%}Vo3q=69-1WI7wi9OKfH5wFGotkoc_ZJkI3~AAp0jOxgc^<*nXKt}9Nj$me^5oV$Sop%3hZ>!{wVZAMAl8dD#X%x5U`86c&FM6(TJl6*VPzp{?`L=v4alDh|o+(_YBXDjL9MI6w&9%%w$NhPub)Q^S0L;aoYpWbNt z79mxU@>6lD^FM2lrHO>Rv4+pTx3^DJoQMPSgy&}3JHc}yw=tS!w^q{Wv<8c=K?F+< z&$o{Mn`v+QY=r-I_h$>`bG&^3TGu(Y{yi0KmWcMZ^kCKuP)w$e$w#y?=mnVxI@5&- zk^9s#Kdr~iAnbU=*UX*iwC!P7uXg%)NR6sE_nP-po(L0t5>Mv+uC$V|D^p1fwSgf;>gkz06$F6DxX~-hD4=bM2Ty;@89WhGBuV+x_F5|oh6W_*3(O=O z@H3lU`IV*ixTd@t zLgQvMI3lCUnX z{Z0~b0z|s=!TSQBX}I5lC*b*PV$5qZ4!hC|>sPH>DNW)ozsgQfWHQdIU$vCiw#U6w zJ7E%(S-{b=on6U!`&e4Nv59EXz<2vGO*t-XN1v;Y97HY)NV6tEP9HT_(Ji%?a=24_ zifK6BV7O+2lQ{lFC-@l>T?m-v%q^@%H@C7YLkHcpTu62ck2Z(C_~NstPoDtE=KZrB z-&@hXC8(G*JY&D-zEFw(ybg+)?4zEs<6Ev(k4%Yx0+vCN)lT(O0+l7?IYXZX{A6?t<8hk&3VI&XPv??! z$%xO99!7c?=aZfa#`$xc5AX7Ph)OXdRN8ogum`0XqOXr(;?W}a7`hJ^A@Jz_hVVyu zVThPsGIxLtrU{>Y_Sxgd56M$4w%`3G+mK*RmsaqgANEdXzLtOEO*V%-8L4yw@t4IP z#-$#j=t!I@N+6vv{9xVk_4m*A4vxNf`r!U%#1_>w(l`)mT#*#)s{w*lBx?o?Gs9nn zxZu`6fYq%{A1(-E-}WVqd5^6Oxr}Y4Nn@9e_CpqW7472&_wkd*5`)cN^5tBwjRB8x zn82zUsQ0(F6!qF%A58*{Me2IQ_$MR0*xe^_Y;CN<_IE$Mu*-<3FtfD14A$ny&*+8W zx)Qe($Ynwr!Zr~--`)q-1Atxn)e?`3m0At`~7%=dm6uo8FAX0D=zL)jU*yryxI-gUW zyYy&lJOW@Fh*O{+194rFxs=l>r_nd|Yij!X>u-Mk`I#9{MP@&jxvu?x zn@C+ou>n%|iRIVJsyA0ddwkqxdWU=pw}L-|qfRbF3%9nuwR!L4cyDK$XUZ4Pp0P&T zeDHwRWm*Z%Y$Uv_iZT9!z(Do>gtk%8gUxlM6H+)m-B@3 z?tA89nqyqFBh}5#M=>`uylcpyz4|2G}%J~yC|pNuMhCaEh#$i@ zi~%%h(y-0Jlcfc>Ckk~SXRk1XPKK~LCFx+BUt4#V#=)x6gyr(rXCUXqExZ<_F~J9l z0rMlVm$Pu@s)TD|vUQ5rUPh~!XiObiU0XY`*qy9zZapy5Mzr?-V1M74W0#$_)wPYK z)phA_6A3Iilr~(voXNXi+eREJM1UHENcq$QB+a2m5G& zO(!u+y;m<0M_Gv0tYTs`x6m6%V1pq(QoWa!?xAL)$<(8&t|WD~?JC>TN)s(bl~Uj& z47M_XtTPP><u@3C;rtVtcGk5zr2uN>8H`~vVLCC4T)ZkUA7_;tF{};zyi-wq9 zTc?Wn>~Gm#B4*64xdW)ucX$X4kG1Tkyk5v=vjBiBW1A%aad=rPodgm$JeNxo(~(!M zcd`!UYn%ZCewzs|cCsNytqOS5du0=bjPnju)1s~=B>V7_y%Rbe!gI~i_yOOKGjr;T zrDhMbH$7AsmKS)o!}rR_zw9LCL0+4(B4p_(nZ5EBfSd1{`5|JtT<%vDhXgc5be^j1%jBR@7pWpI)! zIL`kOKO=uW(!)4EjPt`dA6~`p)nf4huNPqjCT++s1_PVH{}d)<)$zZr*tpPqPs#t| z{KaS52Xd|WTyD;nX6eUpx;}^oSI1$e!yo#8#8KLm+ne<5C4NS{rp1F^NmVUtgfl$P zUE|dWUs5vY<*W=NiBbLJ(N=T9IC=ttw>ETHeL|P*UedU2vj-0zw5wVS{45T^h?y7D z+8)A%-8h$f7d4xB8kWYjXAf8!0bE(RZpjC-wYS?cO?<82Aqy}{Q4?^wQP;}<;V07L zE`4R!b9eucPy+#k4qeQju0w8w5dvCs!t>*YAyQxTbpff(doP}5QeqiMgz>k%yKjJk zZT495gc>VsDJzMy z(C%&27{jMZeF5O{@f8?IryQ|Z8PiX>MAZNJ$X`k~)z!e)`}a&D z5AJU~*yIp8x|hIIWZCxyXaZ9~CP6<+Fu#kkh1TV#pMRzth~d`S8k@QJRLwQ<5P2Oi zg5$}c;DIYHxQ4cfudSR!X$U=6j8n4)Buo3~V*22<7%Kt&SK2!g|NMG={w3@ECID3- zt%bF8ed~vu1u!T~vqr(7Ynneq?^;8MHHzg!Mm@~V$`{?C6~ZcE)C@xgD}w!aMP=Sz znE*qxv616jSVWk4MG3#OSFiymms?$IRe5a2v4tT_SO?)QrdLd>WYlqP;XUf~RP$rf z#IBg)e{au^>27Ol%U$n$C_MRPoQyGd69ZxWPfmyxKmBO2eb#5^5L!O)i0OP<;v4+UiWE_gburVbii~->`~+$EC*o6$NA8nou^{z&StFv_?rr- z3*$)fZHq+!T1`*wJV31`OaPd-_yl@*e*@lcs@`jsGxW|i)8Ak+)Jq|xz$W7xEcs@O zvS0ChXRo^N7&TKWW)aCkRR1chms?`9zaiGwoG8oLB+;;dA^BOI#r*Z+XbKIxV>K> z>6&!t1zMSakXgDhkTfs3;K5kv4N=@iXG*j2b2@ z<~W~RF*DE5$%vm3Ka)XoBlD-lyDm&sb`wZU4*T&rhlS2Y-AY`)OArZm@`0e)A^Y)! zN$EISjl?n88~XO!@7=%n;&aY73(p@wOTp>NVK+N3%L|N98fcL(gC3jequ9%**?N&o z&ZN95{e*|aM^;%)G_r^%_~Yv7YRCl`dc3+z0vog*T`#M>ppC@?v@FLqkRUxBBWrI++&S-KQ&L9#^IQ+tM#KkEl8Q%XFm zsHDX_l9haWha**ga!{?8Jav}xLP+_S^)?MsMnpDG77%AXqP=^txVWuM`lThNedF~e z7?@~&9KOtnWfvT~-j#k7aU~QL|I+f+YO)Eb+qtbXv=+Yg_0`(+xLDwoRg{dMc3k=P zN|4?(64hCTfb{EMf5}gqDJ}zHdR->kmzA%nTAI-_Gi(}c_qbWD7I)h{TS0s}owjFn zedBD2`CE5 zzNU|UCl@8N<=edH+1;g2c}&2J@GNK!d}~hc7lQV&nQwss#KtI)hvu)p`PK$B15;uJ zBk2}i(5eJ>KpdGfx9k!|;@EQH0GQMxEG0Te^9Y!iNwdE=bjx~#1H*=4#F`Z=>cWvC!$>r-VReo*rv&oZ zlTRK$c=TWkrQQxc!|iYH?cnz7l+@))0a>6LUgus`{JEHZxP|m^X2tU9Pah?;MzIDC zzZ@?@i|vh`q)ZIFHF(|}KiQCksJ>?4yaJycg-$MXfV@|xu6VZ#$zLk|jOkyE{|_BM zR}#q$Mvg|SH;ByZ7L~;$*V!B}JKQZa!($emRu^aWIqltn!Q8Y>S0%2sDRvSe_b#=j z)X5x^x&PvHGd%mk({RlMGb2yp%WQT?WAct&ibb(~jeZ@ui0|3r{xxCU+H9ZUQ#6shZRw0FoBD z-w2m-xnwE!abiB0eVg0j6yFHin@X(7&HA{*XQT9{3Lna$#=r+tX;68W(Q5X}u$U4= z3tni)X)@`eYx9Bi`x|SlzlQ9$6X@Q*ow_d60`0Iba!&ZaP~BTRLXLjYcZ}-nC&lW~ zHQj5RfL$vFaiJ7f$5|Nr>fsq}S9Thdqpgk>(yq3{6#<$qg_t=Q{qr>=HwViC! z;3Wo~v*phtT+Pf8Pcn0Vk;IvJ6Y|#mEqX(e^EE5o-r+szlrv-+9@C;gMk8^S z>!EDa)+3soYLHNTp*d}UL1a@aBq>UVy>H5xOoO30qL3QqE#t(&wT`?(O39d*kgL#MWxt!-8P?}2`veo%F7oSS_ zijsjavb=n>wYjCC+#M|}cqH$ydAykC+RxJ_IFh%_M9dbnz%1knccsB4TzfV9_S*H_ zxrAEeA}Ej-Y{i)bG?D~CrhrvMA4%gSG%yoC7kS|_vI^Lc9D#9GX4EyU5YP~5Wb{ZQ zV!nMsQ=0e8taTWtXU3{z_MDueH z{fW0z%t;TiYDH zZ;RwGnMkh0oagA18%vRh)UrrqXd$r|N+pP4X6==UNFh(2JYfPW&tac(4ar#3}J-hanyS7X@-r|m(LPE!<_m+-rvigGGDQ76mupew~ z+`^u?!9w!N9{s_A-Kaq$F^ljiv;q9x`T5zBJN$O#^9~o;evw2O&4x`h;PV?sBp?@H zc4L5B!h)|*Pp=z;KXNSG9h4Z0-yno%|MyzuPk~8t_|%3O44l2Z5b8896MknC&y;p8 zc*gXz*t;D5i12f{aW@n58lB+HR5F(GIt(<=J*1jGnhZ?@Y(QHFARJvln}^0iwXHy> zQ~Oj;aB1$CwSk`|9_l(5I4k08>QzbLNxH6GAf*g5+T>*tNHM8k`nI#2tFUHT4=%Bua={fDufy|b0_{81CTB|k^^q2jKHqx@u!uBhFo9oxqKHngy z0P`IO1-_Rahku_HSNoe1?G0k!)kTqHw)cE3!UkC^R$F6E29OKc%;qhDA)Ckiuo|0m zko{JSLQ0lkuS|^dwZ7$tTN_Ltz3Syta+~h6rCld17b9myI7(-y>p~Xb5g``&eLama z?WCp)iOwF+wdE}Os*s{kvNxJQG-^vjMypWrU}OE>dvbN4jZSv{{PS}@RvkemE&J9d zb5(u|uD^w^Y1!OZT{|W>+xf`$p*@dNesQU9HrCfzXhOSgyb3WHMD}akkqVOTi3Kr8 ze1Tf7%s%f(orX#-63R7d)!q4|3ly`kUtZ#~heE+0R~Nk%I+UT!lg-iafD0^rp;X(4 zyRk3~2ZKU5R|(b9T&XM=3LgU_21X2w7#J}yVqnC;FBt>aj20QN4kW3UZ8Q85P=wKK zhjvi|)HXSWv%h+O$D5Ct%$NA~^Xcstjc*p$484Z>&7o)d7|J==glX$V1@ zsr~4IZs*R5*aOVh36K#=k>WRUjQ^yuLCR=}>pJDkI}J+f@kkP+;o$_@-(X^;2~-NU zNTUKO@4^}qDQGHLzaw}^E9T$JOdB0rjooT}@?!De;3&rZ@wtTr-&o=Bj!=DA+06~@ z&DS(Bp|cuR} zq=;M^25(oWvUE?A5iv;zaiJ z^-HWWVe|4H@w>NDhwbn09qx1ObKqRq*8K-%wEAWRkIUhk;cHBNS1~Xet=`d|F-uyU zN?{nogeVX4(42U}Z7MpLu1YLRHzpaU>V>52*z4S(U6thTaU{Uxad|c0 zv*?)+4U}8+hMk7uXg;0>UcV)HT`X>&J0-~Dgj<}yehKd@CB`!T zGE25Kx_`L1w|umAxJ-H@priUyW}FGCHweZDT9gs0S8T(k zk6LQJ11;$pZ}B8Yg@FS|)U~tcsBknb?ib|oI{@;#f>4@`iwYAX%b@9TQwpfbXN$VB zrhGI_1sC0yZyfoM%l<(dQylE=_+s+PQXGIqITkhENcr#DO=JGI!$5f0obg`iBStS? zWbH0;-T(RLXSA9)htjgWtD^Yrz#DVD0t0%=+rD2;w!Yqd7k?ZaSmMpvI5CsY zjdPoqVHjgRRt#7HH4T%GsGLk=9$ly7CO%fX)lHe^78kZ3^KTJ!#dtMWyc8(`7vWN% z)v$L=6m|U_laCd{W4qoO1I<&BO-ZS2pplcJX6H%7<`M6e%}EYIkzZ9NUM@T>X$4zm zo9X`M8i9RwkLj(UdPPP6;PweeELQh?O!Gr?*JT}o^F)c~@s}EPSqH*pc1aR10 zuvmVwZdTs3!DvH|#i|2h%UmOEZoLB4mtSS-K@aCCAKq4tx2aw>I>FNc&K)C&PxTa>OYDg(Df}NIFzh_3Rd41VjwekeKX|5#8 zbvdTv$NRfr0RLe{{r}m!)9pxd9YN6AcZFif%)6ZKnwc~GYx@0PVt)6W)2FJJ>guYx znRz2JLJ`{6`2d)kOp;4-N$!$MGKPnVMx&7+2$BE+10Peu)V^y_;QNuy`r4XC5=5UK zRO|||1mi^-38S%;Kt`wJ;Mnpl5u!EtV<+#;?B(e}2n*Y^$ppktQ!%?7bBl^_#+Y)9 zn)KzR@bF595ileeSLWEsKy>1=%tOP>^>Z1@W-X@xDLFyrPn+PmDJoEK~Q|? zw**~$X;&H-Qi1qbZr+sbEs5Pc71yY+kv}09%@8cLs6@~LW_SPa^S2#&K5cD;cNto- z%ZR#O;3HE^T&z_oZhh2lG9xPcp(VR8McX5mud#+>Oov*n0TnVuVmg&#p5K{4phMB7ucgvh^A&MTEl|+EY!Ub8`h`S ztE;-af_f1H#hBjI*LD+-M=3kIZz8+oC{sfq@xA7?pL@C6Iq?xCz_TF_N zX>uS?MbM#7RsEF05souSY9pwg-n;0LUoaJr#kk>d# z(qx|9<1MCPVPAWyfJ-Ri6Nx2mPW6;v5fI;J*G&2{$TO!DNG(E8cT+~L8&`RVb_j~~Cyo*(Y-fBg8tl$g7C)3x7tr3wA*tH(gla5%nRuzY{` zu!V)Ql>hqcZ@#^^u{j~u=+$HOc^jDgUf3dIDf7#yZG7ghzy4mFCqu3)e(|3d+P?M| zhXE3w$pLBMP#Cr&r(2|nnqg8+ygJbK#@>7Aa2mVSbK(iH0xx(kjme9{TMzI=F@Ok} zNAt&%WEN+@A~WQ7rBW2%72U1^BkAdgGz{}oTdmfxUx>gH@Dd>7JH7iLU*uK=9XsY6wOny^NycHG^@p8>T z89k2$$&<3D&u16qN9yI->Pq>M{|Y=EcdAuxOqDaram|vO0*9NcMgt>*mzw-l{uMBk zT;Xnb208ou4gM1mf!=hg3$Zuh_A=&P-W`Svr{jv#k8`rGF=tQEB)G*X+VT+KyhIW4 zsye8A5Ihp3S9eshTYOqUo;$Q5$+WNM)6fv4Ua2W4w&80d-hSbfnHW~9?{`J0m#3in zy?$$M)?}E)^rjkzhN~xB%Y*?}XfpCpt8jzC6!Ku{h(+T}=rx`+#Nf>4*Y!#3&QHWr zmJX_eA96TStN@Z{0qF_`aMP%~WEn%;%3(M#8SKJljSws;q=$OlI24hVPqZusrgE4U zQW5!GsbvzkAk0r0=hf{bOd!-+c6B`+)NS|&VTL?O*EOG-tXM+GS7pS`dx4 zA#!$hwLlGM`;hw^fgh55?AugFJvINJ-%ECm9?aQE1j$?QJQBCNQYk=f{jJJCJbw+l zvK=~%v7Y;B#=2xUfEjxW;##`8Vm4jiUy8%-m=Zeu1wXMfzUYYA*qfUnua`%xh zuI(7(WKA%K{=~x@r+$TnvYZZV_{+2nIWQXwZ%M!jYp`6mWTU+`R-YW6s1arXzw&)-^ zmflTDO+o!S*dnKoJOBgcF)NpVEKw=yLa1cbE?w1JCqpTc$lTaDb)BYyjmI1;9QP89&1(c=XMby z|1f5KkU!p5ezWaYWyL#9EUi@C);>jn7Wvaua*(IZ9SH%m8aw4T@DBx}DIzUVuC=#) zI3#kt{2`e-Nv|(|(;3m5c`C&hxlCWPlqPMW&cT#4ftv7(E6X~fDcS}Gjm6jPokQI;7alLFkACbPpdM`c1VFf> zNC4zevA%DGFTRB;7Py|QeD`h{_PHiE9 z!;`r6jbY4qDX_VPQTYdWO>#@|qJ8o45mn#VZ2&PT)d3s>hssbrv{IxP296=NoiF%w zZiZXU@C_rsF411fHYSJl9&Q3H+T+b4MN2u4%p4|PeD z=8Mv$MaA5N`4M4*TTNvAsV~$*Gv!5+HbfU((J_pqqZ5kitOJo&*S3}*nC3~6>M(ln z8bV;P>U2@L?Le%pEN*S^5X?8paQaccKIdK47JycJ3uMZ11y)8|5H3XmoV(z;^g_>% zT|vjSTQm@)5TW63uVuNE(C5E|j%znPey*Y9QbLcPOX#?E)8pqFN-ibz__>6RYd1Z9 zuAl_RKu{=#lK{KE8VAX}GE1E+O}^!pT8L||I;w)`R3{8PjQhQ%mPtIqC@#*=9WTtC z9S>N*Vbwf_{#B7I>jHwYZ$Ub73dH96%Dc5?o=OqV_BJbmAH;_`hqpB&7zW70(+CAD zN^P)&wP^<80N5U0VjQ**UTthW+4)g2At-#S?(IXDR!DT*1Z(C${`h9w2ayPg$;Z?= zCGTQxLuwF4k*c!QPt6a9+!vPgvn39H=iw$Lqmbin5r>8$c#QBTR8a>p5g2?AyAsa{ z@_vsb$YHR*)U=XHYwu=^_#cXnq2-h7IZSfZDbYceH#<2=^Z{EI6kWyupOJd%-GBY^ z-PiBGyzpJwD=4atNECSj8KJ(3-K8+;n`Pp#zQVCr^T`T?nHgGqLR0Q&&Dg$KV%oF5 z#&6f0eUzgkyGCEWEbzC=>!Eq_MJ$(BFw@_@J`CU!d`RO96Dv42!6Gg)${P3jQ1NP7 zq#sQ(RBU<^ljf(3F>1D{KYjYZZoXf3Urk>>O+!kWz}x2}5#od?;sI3Tt--gVmU@wA9Nb!QvpBls>jFK&*y8PmDW}GWJNMs@|~;(#=209M$K)4f}6fe|kG+9{;pAT75hY?_Gk)&0#7+*IwKF*C|Mr z*fNMbVVw}OWxh~(GM*)r;yg1)eh)JL+@So6A}^O88uzyR$W-R79ZUSmpCClmu%^xz z8h9G`FRUwUV<;x(^e9^93;3DEnr6LyQ+u!Ek9IWWXG;UV)|xxxm&<>P`K$ku9N;L~ z=?h#X!d}V6>R9Kmp`TG!)5$ek?L-&lhtUxGx!KvWodRK)bLAf2(Ao`(e77-UEyad+ zb3DZxHrQFLa+N2NX0MzyoY)*xs-vQlvmD7XW@zoto>JYO`r?y98NyC61ueatPs3Ab{L-1P*M;`2$43;4XmWI4D$Ek( zKI($KS~o3YVNMyQw{!k^+F4H#Ug&fQZf9qVr|C$T4YLAp4!rhqEUPud$atKx5Hfb_ z4sv8jeX!DFRdtX&`*tz6CXJ=VI3xZNaF4jD9sxwu7$WiE_wPTxe*12l7Z~%4_IZ~V zS12*4a))~Zy}fdMbJ0JEym@k8SpLnx2_0k!fmaFvl>oOuLb?G-1`#>+f`|;_nK7v7 zN(rOf!aR#rN_ToGD1~HfOZI+nU{SbV5`(xJyZu}Ako5-)ipuOV2LCpMpGkTMMfb_6 zHm@x&n(9sVsT>*te68y9{{A0%H=aYUu>FJ?X@Ru@wVlVNcp=LNcpI?~emIHHwDGhGp?S5tc8<#-$!+e z8RK|_5=^^VlpoDJ^I_GY_{ySB@)owyKPmnML0riDYB7!xM2rQWpxeMaI`*j{=`luP zewoS0I|q6T>Hy?7^VhsocA}}tMq_@>j>?nK8}cq14`60&KE%;CdaVL@Y%3rqK`(|u zbowB8m0bk?*z}s*;>4iyb04+OF2=sx#(LQ8+nI^fV&!x1I$jChKDIjq!_1=S^y8Jq zx%rvX!~MOo<7Yrt7&Du&4(wX+yh=>=jhb={pjEsaYBU?CMH-Uq_25(9X?K8EETw)d z&Rpk~cNpJF;ixGP%jHe6bLR6la!0xSqt);(WUfFn4?qTDt5x*@@Aj|s z7`ToB6eST+Var5tSqBFP6~B@h^Gd5)iNT=_LX|MMo77)5;-&G-amFb{mzxd@W88mu z0(s#Y#=77)2-IGJ1CE%{YG8Yo&$84VXREs}6cb%NqU1Z_A7~Pzf_yhFRjWdxoP=)x zWTgeSE)NnIq+jajwgjp7g{RNo@8{n_KbPoi0yjOgJ^`fORivp612lXpsR;)~m>6>_ckCz}m=_BJ=EpO;AnL<;sC9j(M1_Ap<2AWtCrnW+h0l5@%fJ7 zHW;)q4phWxsO>_>Mn6bmnhK0*W`-vMCi`NB=T7G(>>Y+nLN0>r!~Xs2kC+voBY>gy z#YCQ?{-#bOO3j885pVg0v6Yh>J(rG_czOuYzg`nm4MoOG%UMLm zG>;-*W{$BIa@tst3=(qJP3F!4WuDhy3XV3|>PW@5RtN*w<8Qzp2g--yn!)Gh+S0~q z3~K3eqD;Q5R+ksE-RUPLn{Nj2g`&4giKv2TBc(tFbJ+1-YX87dk6LLfEoUTha9g{t-iE0BY3ZbizE+b$^G$HU?YlBx%+IH*oK-F6#~Pq*kC$QUn@DPZ_OvFyr1N(ao;M2=2w#9s9c8@ImY=} z1zO=86XFt+5O%A0&3Eg|B=OD7&8@AyFe3el9kfpD3`z8%Q?g>X#a)vfQY;YX$%jN&e`ZhpyLNyfilgjH%!0Y3eU$X1?$4 z8xa68%vt}ht}J@merx?AsA9Z8nvg6gI?7H|VE?iBk3PN*;Z5^fW!B^QNvaQn!EY5JQy1DV=hYg$EuU~B<9dJ+n(@&pjBlP9ss)xMC zK#zgx#DKXP_k|hrL6K?4*$8;ffB*MiZ8EQ|uNB*w?semnvr>gjXG40Zo*e^NU%Wku z55w%{Jb>VCn$6zKO zDSzFM|F=>+OkMym_`ORCP=->fIZ^~qDKaTB^^VODewPjokIuNh8H9(m7j6cjZho70KU4o+5ZEMQz0v9Tc1Q2-Jig&2J2mYke+{VJOms~!4|qRJsuI#lywmvE7t z+(PVXKT~7Ji{PNv(9JzjfV9S8VRnrZx3SFSCgEB11Vtel-}d+uA)-@FRgIe#B&T&{ z=%h{ah#5gjf3A@Q9s^teWGp-9;Q+&}wF=Iv5i#NhOA*Uew{7D}@gTump%L@3!9E6J z0|8C5Zv+Vj`JEtmE-Ebm20(>+Lkg@?^uwf<1TxcbQMv%tOi#6;Y|uAWS5}vo3QkW! z9D3!20NYT}dXFTCllr)6aq^*T!5_r54?Tv{toerKi=JD~78@f*qO{9FT@b8lr8@!h zk3YU{Z-1v_hTg?xTY*b+P8wNUiWYNA zYE$lo-a4|Uo2}w9SN`jdZcnKfmCuhU0UMU97rbR;bo<>xE3s0#=~Y7X&mgolN&x?L zde9z^w3zmeCo>u%c_g(Sx$;FN1{np4>Kshn;}g!oxTr^RCSEU4Cnex)22E6y@KoX@ zcrraEfo^`3Q0bZ2=kM{;)5G2JT04}w230;Hb|B zsE6gnE}2B>!O=2W#r%hK5VoFFP+_)eGa;Qa2GjVspu_Ok)pJ+)RRy>F;X~*xSVq7% z5CRo>;FdM6KJ(kzJ5cr3Mwkn1ZM|c;N4qvVyZb(UuRg9>H@>ZQ_GNhF3JKJBh*nW7 z9)z}TAJM60f1khAs3JJ^&a&QSd&bCs?GF&HQ|5KRvGtmW8ukU`#slHaWzs8(R|5rwm=0j_KBR zm&S5wLrDf}C}h@VquW0880az3V_;kuXs2sV@$t~f1AI62_*x40LxH%kaA@)=RUJl- zJz~sMy`SB2b-?Q?Cl@%Ei=CO*)xN$pFBk*nIu5Y7AHrGrB8Z4_Q)7yNgO1a>F__&a z38r5hHH%fsQ`*n0(@<(^2aJ@G(K?b^FL{jz zei}mAZabnlgbt1O z@VEU76;p+u7O)9LdZX0|A@;Unkr*D@05tD(^C7;XKi7H?8QAgMmcNA2-O~%!91`&CL><*E`nNA`dYEz-YRJ$$?pm|wfKM05t<>NXfszW4Z+3+cXStOgQssA5qE8E_56HA*Fbm$ zV2CuF!Cf%PNo=lHDz8mIN7yr3#oQ<<%%sj|n99k?o~iZ|?<#dlpBDl1rl2ia@&r&; zFPMd3b$ymI%h+RGn3?(!-F-3tk19B&^hB1phJf2zCN^s32B`Td`PH-2u#e70R2NXeskuLUgR{r%6M|GQ@@C>1jJ3(b?|jDG zs_4v+C6&RU5fMWoMEVGZ%=exB?VWvF0gM8F`M9~UHYxh78mIPZ{(-RA_FP)nH#6pe zTA-bLf5nFax_+t3KRc#@4~d=`}ZHe{`x!X3ce4) zY(IZ;bMm-w(wEa?pvS-q#ehkh-Rh@LA298>K|G0VGw~;Yl>!C zUozY5GA~54Gy8MA4xNQQFGJH2oj31=O>O^mS|}M?xmX zwNlM?xwIgNLFC5#F&ho?$DEZ#WwCAfaprPNU|D>m4)Vvyj7JGl>^v7dm00;vWb6<6 zp1mz2UTWdLlo}-uE5DO}P~iZc#KKj0`uuHw4Z#om=i=1x0kKIm59_ZmBy+ZmrsyGv z5Va(0XHwZSw6`|n##^zSK0Bm#1AXeRU0khbp6`>?Vn5N-@mBZ5r4_AeSIsmNt-Ywi zRe(1r6_Tr)TUdQg-2l3sXv6PSI2smU22>S{EJoqthMS-?Pw!Rc=$XkdF^&f-j7n`J z0RTX0eChOgK8MN+Q7w5f6Ur8S2{sGk0K8baI0ub3g#N==32}lN8s~9%94~N~W}J?QV5Sd>MIg=wziI-@otgg(7K*bB%>1 zUl)?coUrtMb8Ty56_SU6JaSq#1ftYV{}H9zS>CC&{~ryr;KoQF z;;735p}9F%81$WSi%LQRS1G9%iO-p&dl#oiAj1Fq>Tde$;4+S5hRAq&2O$Hr%b5c>wre5X3)j{=EXJQhz=NK zzY9eLa4fIGf)S7WNZ+~U1XmnHD`!jvArr-~5;8F!Rq7M-&q--nrzR$xc?e_CV1b-G zea>SE>QloHcY_e47Ydt=`PdhLlH9# z8fZE$ROJ!PDMm5&vyic$CCdcpUBQIIv_c_F$80O@?Cg5OLRp2&aHahIw#UFL!$1r% zzh)J!1@o0Pak`pQbDEh)Fx9v+S`GFreEuEJ9vz#p#P|32<^1WVPtyf`56yI7zzVhQ zgS3;A^kjL6g2)kQsb90EqkrBy6zGtnXg^XOTomhULKAL6&FxQbdg}q{CRke;rrXqW zg_+>|2@>CQiKHKLZmdDK?p(#IJZ34KR`B9R3 z!-{xvC4csewCb9B;U~(x4?g?+FN^-~)n5amo7CU&tN$kj>FX*N$=bWBSt1DHatO=$ z3^lLB#-j{PuGl8HoITvUwfXHO-Y>Rh#%bOpV(gVC+R7=?R5o>vw=qb)T~#~MtxRnO|b`U zUuhhoFPjKCI}Lp0EYX%QdPFbq z|D+pKp}It2RBeNA=lc(vH1kpR!ui|+ZJ=IY3H;O6`qt(;<@e~d49%%;R2m*RW*yHL zMyol=#gTlWFS$J9Ap$#$t~QK_Y=w~P#UkD7iKC~$w{P%aBYMg%fO|D1B-yRax>McK zp$bhILJv3dKheL+*CGgq1JsTlT8fQfklY=#u+DYeKRD7UK4T~e8BG=961pPtq)eF_ zw(VZ<0H@F2^Q%GE59haoh=Q=&a5MeO($iZ{Z;zw5%fyDHdU|`*`0ep|UA}(IeE9P5 ziJXcL!DhhCSlH=yb$GcE;?iIL`e*hx0v{**#`)S#Z{tic%UfITT)XGMl%(UVhWbM3 z(i(Xg3-BD)sq=HZ-C^V~qJBIw(vJ8@41bs(wLXyXj=~q`H;F~Fv)^|abY9vFeE9t7 zliHB7lV=U7Cp>>Rks=uAvokuK5AW6iPcFlpk z8Vi9s=&NhV+Vc&z9=C7Z(`67Co{#Nx3VL#+t2JVYX zrpev?BiHD#C!x38dq6v&h^{hJ({%M{Pse=S;Ueni51X7_x5V~}BM1@>^hjbN5psEo z2oyyMqp$e#A(`$u(@TvwsIz^yxv^^h4SC0|PA8c8&4;S^{P~M{DW{{= zcx@PnF%$coF|wMikHHd^DX*=))7GAtm)3%NE+*B&LY06!@dJT118onXiq~S=$vMY0Y~*EV^EV=p87SYn zGk*ic@bVLe*{1xcIR2-IH9Y@Scx-QYBL%YN-BIAVS9_!U`{3s-6l99%EDv2AmnvK8D^d&y@o&-10^^G zxodF_zytOa+VX^V#)o8>TOh0|uAp6$mzT`$@zI{rmQOo6Dv?A4 zU@B9q;)vhDzeR4DizEoMsjizZgVZc3+|JVXYpd(g+{xY&54&N|06+Rio}~PiKaA3@ z@P}1Jmp*|Nc#byt_4%{&iq7unulx3IpZ{+8rKit+Jesvkr2fa8S(9l$9{c&Zr-vz6 zk1!d<4;q-b5lk26qxN}nu)f_3CZE|~GNQq|hU2E=keK}O84`U$eD9P2gGa-`01J;z zj&NJd+fBF&yQySdp}N>nqKEe!G-qCvvU;*evZ4CG1m9H1&~&d0IL_mvLuwC#L2U1Z z(NRvlkEJ(rcnD%yV$>gz5E!D;ybT*xY`b<5SU6jSH=jp(gr?dMZ$3IGt-3%h=^lxA zqf-{uIH3cn^*iea9t4vxHksjS1P@-W%yR(~W9OdzH3}NENH)Y41Q`A)iEBZD1f@#J z>v2l2dO8d>*wK2$bI3`TQL&i@V8fFpSzqy`IwGhQy$(9% zdVBLxsN|QNz%vuu5f&z>veMa~U>oM+3j1%@Y1k_)_{~Dw+uuz=KYsjx+nRHfDO|6s zPw6o*Aq=25i?XZr(He^8Csa`s8`Ry*Fgewj$D+CzXf>@(ukhYdS(qrIZ7%27$XC;!7V2FX0 zc%{J30(9lc_;0Oi%_L$bqvOOpDTVW@giQKoK8nSCo4Sf49*yB3RLXb75Td14`LTCqOn_(9jw5m zr8uyLvbm~=k0HCfbJlwq{@^sOl%GBFlJMWd|FXu*^+7S-l-_7{y!afcG>U+n+aq(3 zV~RGexq)L6YG$N%?lb!h&z~k9mA_pD6nJC)#v)|o@^8ow(&6yjkblzfyutG48EoZJ zYSDsq%co!UYfx1mrWgY_%aWo+S}^t9tL#3FG9Tg0v{a;R@1!G%&Zv6Q6^&Sax35Qh zaL5%tSgZUik#%po(Vx5+87Qu29RVBtzB zh1>ihkUG;Lj}Y15Io=I51B^AAhNiR>al|bi#Hn!3v%jZ5pqf9}xrL=P-91xx6h6Me zR1MJC>J9W{>#j7XZV>>oENG+SZ^$WI(v>~vFd!aU)X+pEM7rKTaDFSCrQ?vSqphgL zbET;0k^F{o!bSm8m-2jfin53=Eh3dTP)}R^oI(<9XQG|Z$E(eEmQjqf$HNolXHkjW zpy#~n%MXl0Z;zjz9%Ay#5!lm1KR-Nj{_p3Lem&yB9mmazP?`0Ec1H6D3B7PI439~mF(;tvPfh96jDH9t=10FHrr5SCKI@Dz7SFp z`GJ3qoxKCT_6ay2->qLa2^v~RH&Jy=g?|72?=(rvE30f@PePE1#tcSc0rfC`k{MGY zX!|p}ID0x5LK(jL+mAi%Cvj|^hxK`N45W4!I|#%l(7> zfBW~p9qb>_H0!komwD5RJe&Uh`)6%o6pJ1hW+8^Z{p~jZl>I0dUpKw`$aKwA1#hzK zz_|W})zY%Vs?l0bUbR{eLq&ODWyt&G%O9|vhS!ULl;QpRt#n0p(F;lzfQM{^ymOsu z{$~JfjVw?%3I0q2{J^*pjBzKW%*}DA{6_t)>ZBU@MQrdh8#EYak08Fo_)Il$R)4BT z$10yH-7g5G8&m;+v$OfwDmgv(6{}x>)y?!8<1j41w(Cvp^T_@c=h6 zUqQS2CcF*|)LQ0>UnK)t*Pgdsq(oXYu5jXmTQDU*X{oi^O_-mbpnM9Ygq70S)nDS9 z-z})tBNmkE7t4*v($ehK{5+iaK@L@;Ykct)JisOSI=F%`X-(C(eT>j6AGyU|)5)@; zCpZ=B4K4zUYs*CpB;N!%Z#=qEem!#?t2{M9{P*yqpBL0$K%Ho~hjxFWaJ;F)k)TO1 zXOr4xYg(V_E^hOG8I+_*b!UEWnNPhLyNj_t#6)J%sN$-E2b6EUxdKm>eEVY$A(c_bG_!>pW?})xyb>Dyy#$9b>Z(0(j2_qhc7;^b=BT(Gbh@rs%R8a z2@di&yyN&{&8$gh(y4ZeWkv@cihIt^*8OlkbMkP>!%aBUw%d93I}K6 zDL{0af$LfDhd4x8-pY+th%13f1{-!7qKf!faHg4vG>on4!QRf%(IG&o6PA}&&c)K( zQJxfF1bHIZ^Xhez5Tg(O9V zEkTwKU3{#vTTOh1@pRRqvC-mAo5#h^1SK$YPU-;yF#LjWvo55C#-kqt^I-suYzkBW z1jZs;U}IeHw73cgB1GAJ`3Oeu6gmn;iJTrkfecexkDs0%f)qxRPlIN9d9a^PV$1|B z^z<;b^Jj8U!HGp5rI+``g~#&MS=fue)P#?J!|k)VIXPMNkryi*U5Qo0mSfu-_U)E; zRR`py$>!Bhy^{WiqoSE1Nuxe%4?%+lXy%9k^zT&A%&gcuNka5Mk7J>RQfFcqYNl{S}oI6 zpfVTW$|%IC`?TnK8`~5ug)bJFY;z^*k%FwvFqViiRmAFLZ*R{xb-(#lqJ%8Bt`;dMPoo5=!1QqeOdJz6rm*0}V)fx^+O{5TH z0x)wRKiD`)GUNqDm&(y<)#tt9;WBO0NMy2;m5p# z?^v^ZpN7FkDi2r$p9B29&R33soXvb>m4aI+v{ANM) zCwBe9U@I2V0R~^)U(32}dd;%Q^$Hqyb)>z5Cf(eGWGd+`cJG z1oO{)(!6z6{+t%V78BntuM9$qE(c&lVrWAzHWtlx`iNg2IWhU{4kBTcgq0O(YaOpZv0Z6(?Xu~2Ecuq=_ne345^N8X(_BR~)8L(#7I<1thL1_q35nY=inkIZWxEnL$*K%3}5K@L+dmM`4@q-mh+K@CwTZ zK}bdM$zbS2z1|k}$Vh{VhW8j03o7sq?o<)2%01sE{|&WznqY?XeiM+o%3xPKnUhHU zV~=$~=z8G`#`L2MNn)g(s3zOm0i{!QR^bA)PHMa|QvN{b!o13=t8^hciY2`BI&Jcg z-GlVh6@u)gYOdWp5}vlaE&y$!NMC+oqsLDN50LRd`fo|A$7hevmKa2Odg$q)r-v>E zo{JtZ)T+jI;98ero1O!;3Dgl{m#WJNfdoju$?V4X@<3Wu}@81mhH=QD&0jr>Ba z%evh(zukmA9HDP1m(CZ%tRgL__%6k%@^v@AeDChim0;S7V=m`Ee%NB$$PsF3mr9Ch z!ALk=9=^T@H;$(beCloB{kD+LmaKPS{SpkD@7U*Zg(#Jr!?p) zJPZsqGCqdAuV1&x>5AmT_NSjeu?Egss*;Pk0HZFcK;jOzT&}XThIZ-bmhV;eth$Nt z!E^&uq>U>Q$K&at8k^+|Y4=+zzeRyrb#-NlI7$}v<>YUl_3801A2&DF?rj&?mieM1 zMo4W?)c(m8!FR0mGo0I0yQ5A7(}?XIUanQTw!-xMnO#`D=x#0GEs^GVGiO=@bLGy$bVt&@4>wf2GD~w%eP)D z+bg(btTOt+NcVJdA1wBH-wFn>&3gyOeyL4sTK&@HyWGh+XTLxhPQOfK8)@*5%xt^85T(QIq#QJ_{{3(a%t%jWKb|CMjct>=hT)m^_<& zMrh<9v#fpoA^3Wu_&E)gQX4FdY4kD*LA5Wvu*mcX`Hw_ga4PBZZ)l62YbAJOqi%U! zi|mTrl3_xRZpUOHAHT@hQQR@yY}yzs0_MZJwXuVAJ1}Ff?qLO*Mg)qn)MCO)caC{j zk(b^oB-j~RSz166{_`9p2VR{IAty+x(9m$LS)EOzr{T56#vlJf>=!$PPBDq@h~c9dVaf9?LBVjRu7Jy6ipcMKWCerTL7C9?lFmytvv?jHa@<4bx#Se-0m!aYa)I6=}4`4pqLv33s=O#Gz! z^2qp&jL)vFEU(eMEH4vrbZgqJUPurfI3LGP1~)$Azz0n1>Dghj=d&wIi@u6vrAkEN z<_ZFxZjamqx?x5G*!YpKb8{wbR0yTAE87$b=Cw7}t7En~12CzSDKS8pI&g8?3MpEF zHUze_^xP$w1T;eaDF|KLppZ76k><9Wu111+diLF6?5l83nc8UJ$B!Qvtt#HT60Zl? z03MLm*TZ5gkLPwS$UG}sKbEZDzHKW!Ov+|veJtnWzS+6>2s41W82C4oe!0Fr|7CpK zb_Z8{D$7BlH%c0Rt4pDju^D2d-}dsWcy^s)gXHWE1l3KN-iBi^wmatH8)ILSn!9w0 z>&oe=^y|fua^)b6KZ$c4jc%XvVFD3<(KO z14ds8zd1qI+C`quxQ7|bkxP?NHFyB`>kl|;&YVQyw86t zI`6&Dd3$L?pH75LA6iqN*kho_z$7qWA!MZT&((20oOx-z>?4q zcvIvd@4vKnf(1(pxoK-}Fo%O45Xsv({M}IU8zY+WnxtF>ij1+?2^9rMdbr6!OEvj! zJv=TL%Q`^Z720(HYgsanj_5W`PCJWI>cGeLQOtYue6Tj<;PUg;OYgRsM~r}EAfjBn zA(0eDoB$ZYU|G1n8lG0;+qkrQOh`f@NxG0(xOllU%w>BFS*e{}HL;LIW16dm4Qms+ z_1!;C`?|Ngb98XP6A~8$Asumo8`4xXMc0H$@zUZr2ZiqzoiNVsICa~Fml$%LVHf>= zbj)O#YBs-tAINz(G!UpQQFXHr1$ld7;~V|Q_ig&+rAY7QdCE9KK|%|s;nEd;zkc7{ z-r1A5xxVsgYXe=4?ql^S!S3toG01Qh*@E}udCrMs-+A3ly{D(2)m_K?b0X~t8u{n z{=RGi->4-f-&XEj&qxZJo102wh@ch*vP@Ss_OAEt_gwk$DW#JgBE;xm1HpdOjr4T& zddkykj-!iS-e136hee)ejFl4{3NOor(eTMsE zK<_hA)is8;vtoYx^4)lR%l=kTCaR0&=a~Yk*D20iHNwrAy2CGI_THrF(LKU?p3!Ph zJFmjW$DAFSAElU-9$ohE0+g>V=82YUvvirs4$s=Bz8MUlx8g&P#oq3oWpr{)j}@B1KT+s>|Qs@THs`uLdG`$F^t`OQD30=$sffU8{$8+*k3 z@@ULoH$6dH`YI-k0jg&!ly&6y-~VnAAyb$xOdwYV&ZNQU%kMETwHTl)w3FZ$U+hjT zl=lbBDjaft?uHQxNZX87iRAY$>Bct{JG&UV?DM5q^ZkdweXG*`flUP8#(L9iV;g{Y zeq$;9gB}BK0|UL$>f7k&zLl>I10e{<`bJd}$7Ea6Uh)2NO4hMp_j1AuBILHSFnv=9 zwy{$q$dz6#{o~Lo&9HJ4_vKRy|097{j$M)$M7;&=BU^pb>oHj^4Pp92b;`7m((KB9 zS*ZHbIP`M5Y@s*wCv9Gr7w4B2l|7{7n;^NK9;#N3a~2o!Yr#hNLJU=p(w%Y1xR3>B z^{FXIrl1poM``#<VX=BqNeUc!xkwu+X84cruh_?3U-wlXG{#8ihFD!50(`fOHV)5hm)(k3xu8^>Qm9)&X@B8&ePgk{ zY;Io{(Pjdj-WS(={dL4e?&0C${5;d!${8rip$%!&ft{}Cmh{wd)I$4(mcXVTkv#&F zs41(lZ#vJ%D%t-Tm3B{!k-okj13dGVs4f(yG z!&T#{v@ZCx`8hmQ@U~MNfLek87>nhWBA&g|2w&p@Ke)})@P)s-$Cu{GSrk9#>^LUA zp{}Xw$5mN!$XbE*)7#`-*4em{m#Jfw5PxQ8$rm9=j0t|t8~OBD5^>WUcI7Z5p{5mbAEoH34kGuP>~fT zM=ZI|_81HpDT{N_Bj~{xr1uqPBI(xL8@swUgvV4mweOnIf=Xv?Za;(7YE%q>I5{W2 z+Ku6GdbYdIzjX}u-e~plWCO8+DUrqfj~_dGdwZsuGP^e~>3UVv6xm(}k%lLczcV0m z^DQr(#3t%RUk0-Mzi{r&|+k$cXD{ z5-vxlX){_Pg*V5^)*i; z2CN`f4Th?&g4G1&m^3CkB&QJ*Jxo0YZp1(+<4#VA@|0QPH|Bd;4`N3l0xhFP8S+E` zpZVHdD8ad&KJr>CFZ=f^cCdC0Vk0Dkj*tZH4%h*hA4u+xth9f<$H2?QKyS4Aa{I1_ z{7qxPUUw*JN->jrY8}DzwP6OwVCB}TS0F85Q;O*+e&w}w)wT9aXWu1MHGpiAp3^>t zXO!Hp**!S4rOBJ-;|w4#5HXz?xPb3k>{&*cO6?60esWgpz%&>yv6t5g1PPl7O#XD= z^3vk_ckAyrR@tp~vfMkW-?y9qvAFPkXP+Eqgr1y7EucagtILZ&eb{`r&Rx&~Vj)rx zDngzqMT=1#+P+lypK`fWkZ4vT{U}WfF12Aa0AYkGi`gZU-a0};nZ%gmr6Otai;mqMjc#WHhL6%cbCz>?xls+dBNy$9Hl= zdmv~K><#gj1hCcg%rr=D{<2u*k(46BJ$Y`A5rF}GaKN` z9&xL&A(g^K0;mPsyZbcyL2S>UuzN&H`d51l^cd(d&|{#-z-z|F50+TW*OU4Mfl6jFtK$vqw zh8IZ|VDC5Mggu5zTU#teW?8K6{P^K}v+TI{5AcK+eVsv<$GFTudCplCrDrm#U~SU(xATxF)MTf7~BG|y{2hvfgIOLuLzt;$T;CHgawvf zTU+l|SL5q8HeL|>m_{kVSBm^dZNA&gy3P>5_np1db6#?Ts>ecOkAd**yjvp$IhDWF zU%wa@3mYr*IeKCSj?D!d4ukMoyGFavoz~_G^gJsnWG|&DxUp$f+1?4?#^x-C{k$E5 zoM=l;{+~X5)XRL=9UuQNbBgC&v}n3Z^Pt$wv1XW;n3PpY-OA98hZ+$zHYzbE#n_nh z&-`x`aZSyWqFGvt)T_YbV_!^6(6{SEQP&qf77U=4wY4>*g+fd<*oLtbJBC8cHL*?H z?1bV6e6Cb%#25;{Rz#HVe6Y^G>*VUXR{1k0;D4}c=9WMH_zILMqJd{dOkaJ20kpxI z*@+O}zHJjFa3-rOE6AotP>+Er!9dBF&kIbsd1A1NTaE?g6@}VLvaw)6HvHr3wI|sP z!_%5-s4{u5IoR9Z-`llq5W-&`IQ)tb+&87i!2K}LufF%g*I07L40x*+K!&WSuAwjJ z^LH`d<0qHWkS-C2r8M?#{OL-bU3@)v{0bjaw=J}71CtERiuq8^bWvgxDx_TtB!Whf3r)#%Yv7l02xBRMQ?AK}|eVzJ3@jPg9TM==g zjf>R$U-~>7Zh?pJHXTNm-E0qtLpp<0FCH)RdlUVBnj#8KC@OHcC5u(o%+kqeRU>dg zRCU1>SVG;Rn}z{%Uz^py$>|wA78kUx#6ml3K~k~v?%oM&{L>N@ugQvC9NtC1$Z2ue zX^<-mi%Ua3<{P;59-}2?;(4(;4wfl|pssLu<(lMoFeGKFA>gSiV9BiX<3?!U4^R`Bssm`PTKT9_l(fbmFv zBX+%oyu|t+H~Aon9&lNmx1M5sFLooDujES-kHzVce=sNMWUe6X;&@u(`UB?k>$Q|u z5|x#xFGvI!W}l*keP5V;HOL3Or>^(fHc>2Y6D!Ua{vl3{d)39|c}Ab)SpskaoXkCCN_Ji$mOk+;n8&=&_(eK&o^wv=%)o5h}l-aDWRC?Q+Ixz!U5=z7-;)x96F@ra~^qB?c4 z=w)uj2KV+VMtoXjY6bHhl@cqL_YU}3Wh53uB`CrS7KM$Ao(r(i>F4d_uaTm?Iszf@ z?Cc)Qo*yoA?L#7ut*8jOfN=GL%v!7ENY1V*T)p(G*6a@7=PazpAl{lzwyrxJyXG&7`l&7a8L zqZkws42&2B8LxXYmZkrM#i~W2(kp|BI{G)ANt;pcoUUIP=KJOp2K2kHSJ6yXU z-*vdA;&MTOlbLg%!D2Zd-P=FXU7K?&Wd(RS`~B`5Q_o>1Z$N|BnzLU~Lz%QnS2glL zGof5eRa5j+DM+IUO(WXIgo(nSxY7UW;!v3!G#0B0wuQg9yK_K>se{#Qyr!`!I_?$= zl4c`vF#5Vruf$`6KjomJF;^Khpy`U)7$(AfEpD&W(!E97Xjtn|xXEy+irN67*zlG} z_uYy!MA%$kp>+7M$4+(b)$?q?IM{9-kGGdU$y$wi`gibmdcvh>3S92l)z`x zr{l~It9-hEA2{d(p1YOa5}yz}ZH;~TEh>gadi)GUOPko^r$xokNROYPXlWCB{IsYT z8tL&f6fJGy*ztp5ASU>c6)?n{?)%clk0VJw4{^wqfkmV3d#ic4D?Rl;LPB+(Z1fza zznml{_wT*nEipnk$=vrpW3_Y|mP^5Z<%{FwH?HF+7!NfCm*`;}r!J`3#sYSFX(>$_ zAHuq}RZTWRPeNY9B*&*)!K4M-3+ExwrC9gJdDusi=AyGW_;fRm-D2l@8oVOz>oVtj z3%L4-k5v|{`5BZi&qFk-{&lU04wZaMA@wMbJaYe*^apG$R15nl04#Hbd1p1FWq=1D zbGW*?v>?vqs?#fOfAwDQV{6Gxg&!C*h%oJ%uQ>EB0RW^LFwZDHaqXFd{T{Mdc|@`WL`xyF`|r${>K+TRGKB}Rrt z>VybIli_DD7(xy%6wqbcyG*`=D76170J+IZT47YuAM!`VR#*+0K zQJGhd@FD3dUHT}mKV_ceXG<1%%4%PKUHTdUuw6FQ1TX4qr-MVcQ%D1^zcZ$$g=Pca zQCKO`yXrm_9`?%z6&cp7S!J}^vjJ1nV?7|xg8`cnoISZZmooNSPA@hM@K>YnZ-9OZ z^J5nauu|q4?@!72+ge&)Tv%USi7m&#?eWpU;kQ4&Ser=b%d4v!n_D*-txhLCUphVX z@ZU1abjR;4*~ao{h&8}i%Iyoe1p_e~=Jd`~q|G+4&W?oqfFZW0#m$uANUqO+;j`pT z;|E1F8_KCzqEt%Lx~E-HTdKV)f`$d$jHMS_lf=v{FKoMT0Crm~%uIId$==Qpcv_O= z?b+@EXL_Dr4E*VVX+n@70CJ$hMJ80m!-_>qVTPC+7U)wUwnt4fl*e?>4l*=7bFTTA z(jDg(7?&NfSU6{=X`GYD;T{AjreT=c6`b&{oC2M_* z{<6m%Gs&zO#>s}v2iDTGy<75q(z?5>ez_}8XpTwYzX^VS-z zdQk{87XJYBTW439wGl|59RLie4UAx>rm@7Vukj%?66B+_E-<{fsNXb98$&PAQBh|L z0s`AZK)a57k1QCF>8au6c7sX6{Oq>{5Qf{`Dgn-nWjg-2z2F~$(u8d8v+-Ajr7#vA z^jt&R7jRzkZ`6VRP4hn}2f_CIa8D08gr9Bv_W1Ad-^=f{ioJ#X3M>O2EPp42R_2cz zt4mBFF-XN<84hLsNT!e(1BUMicDA^U^WXrnQsiBHi)(N^A@y3$!owvF)~#zWdZ+Ov zTfCU~jXb3O1exv9mWzL9-p)yCKcOSt%kkYc7V_06K*2|S2CR7HsjO8aF{AZ zS7L7UNcEkRp`l7^e5_(9-DfXUv5C(BDJvPBKZ(90S`b^Vv$$2V0{!DEc4=`DD~tRP zp0@x=Dylp~0UkXu!45Fu?CWB-!>%+p9HSJ^^MBOX02NJzsmP%3DFPn&8N>ScbxOPf3UA) zkU*DrjWD}QLcx9U+L&TWrpyKaS4@=L^{MBb-uoIPCasJKkVh4xBTDs%o}xE0XjJvD zyPn^M-^+6;mxp_nK^!Ut-6=Oam*D#>80bsny!GuDvMU!M6 z(})soqK0_nr(c_qdsD{eOb4XT3S!2dYj%5z%bGO)FP9&anUMG@gbjSCk7`I?1@zb9 z7|_dtsgn6M4y62{23e+|JTkT(oBsu@lF7Uig2-dikJY~$Y7Z{Hf)+e>HUG0U+SuGM zORGzwa_XD>96{TPSE)ya&u~Ed)K`iDk1q4)G3g`R#w**PN`619|#E7;cq*=m*0E*jD5f2 z7J8e^fVe2N7u7Cs@nkWx4_0a30jeg39%3OjEZKlXJvki#(`5Lz#` zIzIhEPESU?_o_&LVQLs%?e4RGJ3;eqoqlD%75ubf?>E;d#^QU|j?vQfDr!hb7rFlQ zWu>H?9Nsdfw%5js&tSIFv#iK?OMZN5^p|`l(aY@YTZNkqX{3ohzkJ(a5BKL!VHE!0 zin6a`c$QKDl^X(R*tJ5HOc<_2w-xb<4B|rNsoTO~QI1DVDFg9iEajY^ukcTkys_g^ z9C|qMeR@lsX#vh_yEzuU4At<$p*Zbm;==_RLMVcyh4Z4SNc^7 zyUS>EP-eIwQTy8ZhRwFswRL8zs!MHDPLF^HF{Px)KwA6;p;J+`ules!22ZUleu6m4 z|FF4ciJ{aNCq#8#e^eA!jfiN@NwlTBXtyP*UAm_U`*2Q4X4z!mmj!9~^5N)+v#2N| zQ8D;ZqHRo;9u142>~>gr@NE250(Ef#SR%d|02dDiv4Va;|B>4BhXdTi-yT0bJ@oX@ z&kxoY%Sx9LD&Efz{ru3SiqYvoP7G>(V{G9FAu z4aFuYoUNivYEds1iK0EMHuc6;4V2%sKQ52$8?x*i!M3%s=_XQ4rz2 zHJLo6`c_HKu$NVLHZ@>KD2ofsXjD;;kB^V`c79OX%Y=<|T>I+U+J~);bv|X57lFjj zUl(K35Z8p*MqsXbz(ZCzRBe#c0WRM2bGgSNWY zDdmRF<4%ho6jd}szP2T4*z+p=YI zg52a6uU<2PYzLuo8Dbo;@D5T8QzQi(9_)SF-ccp@cwrA7P9|^b7w?9}2@|A4!q*v3 zr}JxTWp@%_r*KgN4Gd!sDq;?$YnZG0DPN5rKYn;w-uqarZtw21BDOh!#vJnqbwZ)5 zUoX036Vx0b@RM{sX8FrVipj)zkmqNH;@ZZ$IfF4rpHaUS?!Dtwj=g>1V0(Mp42J>@ z7RG<+RQSf@&SNyr7%CX35L07<$Rxic9Q{DlChQEnM#! zBY*z$FFdV&{``ea((k|j-P-ZfPoLx&1>iosf765Yz)R567y=hspl7hN}s>SPpzQvfI8~n zB$1`Ld1si@E#1oyN+C}W5H0PFt#GR=XMy+|_FLE*JdOo7HBB^gXB%rHou?M1CF3RX z1i(+aigxR5(iQdP-;M#SAyo~{*z)38xS1&y?92&_;h=G6@8J7Nm=~wS8u~-w_5!aw zjq-CJHqW5Bs+hczd3tX1%i}m^kwWeXMw}{43;E4n=xjnuoBP!5`bZ^T!#>$T*<+Q2 zTRjrqo5MWx9IU!bIi{Tl^wfQkj}9#0BnHr^lkT52sc~(OoQzRxIk6%%+~?=>3voUs z)BO7yKu6)BGmb(cWNFcG%HG(IXH&4GM!?6z5U(P*3u}hh>KAIqpKU|hKv&L7YWHkH zLYl?11g+xdd{h8zieu}GVwnik?CUo4?6<0uZ^x%50AED~`IXG-%5Dt*#DdIMGPJkR z(P;!Mhb9A9`*aG7QH_U09rgs(8+9%Is<6})<3?%#^Mw4Ey4BlWtBnb&#OSFfhGzgw z&wu7ndUAT`@!t+=sCfGE*yF#)|5MKYJ-tmUz2QA#{=qNdF0dcC9Zb}`&!c$iN@ini zh4GLtdD728hdGg-UC>Ng*=7IED@Ujat=gNMj{+k!DgI<37#N393oE>dFect3cYodfPViug=S8(#4_;6>H8UOa_V#xw zoESy34rg#4^rrkje*DmC>SxBU!u4{Z%CsyeYY1+=UuLoaSt6$Lw6#}ad#gptzKx0SY$n{u}4x4bTo#zz;1;7q_Qy{3)`(=Hty z6GI|Ib(*Ot>EiWbz~C-!q8CEoj^pcV2*k9BT(n-U8Z7l^Zfw5o)v|IYR)t(Lc*=A1yPjfPN|2 z2^Uvy+bfW0h^a||kt>7v^n^q}kW{XGF$>i!DjkqTIg_WKsw=LD*}Q;e&7d($#91zV z7!L*vc>&RyE36kt6tjhZC61?pYo#ch!#qS~uvj2m#n+6oScqeUU3=s0Ce%no^X8VI z{M?eVu2l!czszP`^cCvfCd;QB66H0WPkYZ zes#693a^2}$Be93TAbc558O^{D2r8ws`V`pgJ$BxD{Xh*te1*`S|zZ_NY@q1M8dWx z$EqFtF=;*|EmK(WuF_?Y#MqR?y)nBIxigH2f~qn05l+wPhW8FwP9DdOi0aZdqa>J@ zCErz}prIlqSv1$O#JwylJu%m#k8H>Juvy=pEaFp6b?CwFt`4Sh_OoFT`+$l1yrKn7 ziEG=fbstRit@}}Z{vJPF`hPGzv@cF5(i^Q#2(h;nYf7xZVK~+Bi_O*4aI{d-me|#{O=LZ0 z%cUXhqoI)+7aoZW&G51kb>hnc_%YDpmTYw?VRCzsj{#3#U|Bh_psLxAV-6x1P{H?| zpa1>q4ky7M->o|dG~B*ip0O+QEmt$VR<{$E_?0>TmUo~1(UbL;F-?n1|7_C6to;B0 zKmbWZK~#6t{2o(VXMNNW(H9a^ofGk#|1FUqq>>J#hHf;R{V0bJXW#q2J=J2n+hr1O zK|&)dq=n^4cn>-yINH+n7U=@SfQh|$4jz`5;`sWzX1NxIHUgOXkS=jhmh?7#1LN@VLS7P!NGiNFjH)YNETWyFoBDJ$y@;z1CPn2N`o{z)9`QS9;lnX zE?!+oHaypSHqh<*&j3An=fiVZBk1LPyUZPGx_+b^bHPQ7^yb z+|ko#O`$zKGwekyEfPT-@OolOs1Roh#%+ux;UyF?D9r^gD~QJ2n?YF!lT2(KmPdRVE|0_ZLr zqCCOmhmFnEZ4<=oecNWB!?+DM>|LDw`}gnV@o8d8H&uMdEPOZe zLdR<<#40^}?tb_X-^HcmqB;`7o})8&_Yh1m-YcuCpFVw};tkzN{tN5cIKlkj+qZ9r z2M53f62l;+t&mn2p+z{YrfVjUT%$(}wi$AbZ<-H(|NK?&fROXl7AM_^BB+@``?tUS zhH60zJVr=bU8b&{vg-Te59OTRVBR63HlFjomCnQ<6-F;L3$ERDZ{`9Ax&GWzg z_IHaNV>OjBTtjS+FZ|V%5DUb~32RQ@gqUG0ZMuo;K~|m?%GZG_t?-cvwgHc1T`HF5 z8GFzuh@HP?rEUPp#AgKRl~!%k z^=ThU806~z_86EV4AcT`zOraw`%9cBT-mblotu3UF2iv9AkK{vxx(L>-3@jm**=V~i+x5NQubh-x(0s(VJ}}7B6|EZc$n~h%cKWJ zzaCE-!$ZoCi7-}>FiVJE2r9LunXyVW6Xj$SBW=p_CwK*9TwfggF9rWaB&lr*r9${s znZ0It{G zGN7@2Z^{b0vEct~;$!H;XJ?sFp2oTJMWVh=n_s$LL$cV$-;($g;^8`Go<1eE3rkk0 zwGag6A4zdgTloI*FjmdPW?jsFXLDta8U8hwkB-;o=vg1q4h7b0-JWU_ zua{T=0QK}Fyq-`3Q3QcK6zZBp1;~DMapB$iDx>FnO>|W$YNVq&J6rIHodRRpXOcQ& zi|u^pM|fC)sX~zmhfT34_&9HAA)KV9rA0LaB;FkuttPeuI^s-T&gM@RLMsMpyU{FG zNlL3LOYl#t$-h)|ke8z`;@yyjQ+IwHA@@ts$-xB;7Pi65U{YP(-Guz>>A3;DV%X9{ z0QumU=UvitbVJk-6qPIefPTW>||50-W_t>Dv>?~Mm% zVaQAU65M-M4Mnsw2WhTUIisemE3Or*QJM(9041K@G5>?149L{X^6Y>A%m4oJ{lZBoTTgLTt+?9onHt}m1p>;XRitU5*z7DroR1$r{^?J@@HSdTt5orS``fR6 z-@k7&&H(b(*1LcBhky9XU;Zp-SqoKl%Kq}@k6(ZN?d#XC@W86|=bwLZU0Q0)M#~5i zzIJzae*5h=hOppy_ihW5{nO7s^S8<{4mi%7@aXg3|NgK4`fq!CyTI7mdjHqI{)I(d zaDLHSL4$-gt<0uG{V}wBfw;1Ka=gAbGqb=e&>&=Uqhy(bxIM^WoM42JidMsUn8+O+xi!vF0(G@l0<6HZ zF%(_pPKp5jAR28*=;dU$s+lq|Af!&(-`kH{&W|%F#9O@MR?o_xCJ_omBvootvTTLq zwh9%swG{AR3Lq}$tZbF8d~zsY>Nc-on=4P7lEgbhiqi;9TOn4@Mji&NM3Jaq08v2e zpb*VZ(>>&;907y{Sj-sdic(S16DD zTYXpMZ}GXw$H2!oT2*m_K0QL%Wtoi(o{t%@1j% z4?PB^6$7;pTe~chIMGHnoN?sB8H-iN!jy}dn!c}9y?%Hp;o*&d9uhyZR>FWne?;AB+ zOjvs*hR~It4XVz^fa|LdaXfS@YKJ^5lqSNlC;?xhHY7L!$K{(wDKyT){^@Jx>Wf_2xvw)vdsZR@N8ZV!$vp^B-oy+RlGHTk z2XW3jZ4+J?{Fi~BTKorKez_TqHgZoqwm1D+%ui1QR4dC1wjX(tXF$df%C`BQ4@PEY zK5fyEv54ZyCXSgN1?FgOHZupsC~r)4p4ZWe(NSEC*Xa45EGMGE?iZU#TZ1EHUCq(V z91p=U)@JQu0)BgEAHR-PM1K7ZLBd`T}3+gKU&T!>_^#5gq#@;Nc73+8K@E4vD{nQuRAuGx75RZul#g^!ZZ9HwY_zK{n#!mJLBkZl|M4eSRF>4@?mLMj<0 zC}?Yb{&?jy>{inNm+0#|%hLSbf}9Z_sm`Xc%pzA_DZruu$s}EQ+TMCvV=6PU)?Ff2 zb1X%)<{^zf7Qj(d)7<7g?W+7m-52zx@u5gA+_aTUmLH3gH4_^3flKAj3lA`+3O_wO z(@qb1=<<;1>BkK6dgQyyo!gJcX&;Y$e?4e@XCZ^P!nXNhjW&K`mA`r48ilEw^87;9 z?l^uk5UvEvxRknzU_5YQT^6g&-{z^5T>l%BQ*p0U29XM~6_3xoG!rK zcPf67C*NCGoLzCk%>2UHa*V=6zWr+^H22Mtt61;oi*^*{gT|A*CP$!>BnhyCY&{$Ky~zy8;M|95t)-FEuYdY!apUSX5eQYp*^6Q~HWq&Q#2Y+YoSN?ZXvmPBy*mzD+*MoBgH5U95Uvcx_c+<=S zW;u?QO?tYUjNqd_Oz#^B3=(aVtzb5PYFJ+^yb)auWkj7y@I~L>lm(xXb zH%YUuxmy_1PObv3;gg`x-{S{8kf@Op8kwKtyL7=XRWB{KaGlnkEd@E-54Xj>y2N+M z`RdZ*$^4vcJ^*d3#g^ZFA&W8cDgw;Zwn&ZmSJ9^18i6S+Zz#3~ib1rv!ay}&x7NnG zTRki;5>5=_Hu^kQ;u!sI=u>h&j7=rC60en0hF?*pJZc=26PYV`(H2#=9675;q8Y)5 zAN!7J)(M8RaZwQ#5#W#AK~t{~RlI}%S8!4Q*Hy~o0JrSva{YdCs@lPNmrJ0V>dmMf zQ~^b^J{Cyc;>OvQr)+V2-qO*#JjnII(2m&BL=lr&$HmSeT!1keU0Pn<52g2+$(b{P zFj`$-$z9)v@LHyKV$#xiC^%DeM7fl{9J_}1UvV+gi%6A@;C&HDgaw-b1NshHgf2ED z*36OBb%R-zn5=DW8>}1UmxA1fe9B&-7rF#=82yZIC;Ph0a;@}SLDTK_Y z<`v?yNs%M-b?GPR>pA(W1R7ioaL*3UmGRZX6Eu^9XwXHM=ARxvJ$|NYKIzA=!Fs_z zgn?Q=eqo^Dm-_kY7J9%!hBv$5mColDX0dW>D^7}!FLYv=9&ki~&1;sy< z8coVWiK|%P%+CjGZ1t2t4q~Imc#a7jOfg$5gSo0&Heq1uN1GDvC;eLBMR2clE#4Bq zQ#@WUu3UOX2n)G-MMHoMDgk)0ac?)jkr3l->!?6j#Fw72HH;GN;~#UB8*CqmfIXs< zX!t8tuHF9DPBLYUXc5DV!-Fs-WVjb4vGrS6By_3;(p0CM0>0rRBO!~|P7k7a@#g{i zbzZ4nQ-%NoTJi1MH(GP;01J!NbRZf=h0rcBF>xrHILwQ%P}DRRz$=8!aU!bW_GO@v z{kMPnxBvCO{>AZ^RPtUF94!9v<0sxvt7+8~RWPh%xB4&t@-N~j7(! z4208~==z->e5o>o{q*V6y4;(aNJ1u#>;Cm$|MkEB_y6%f|HuE7O%pVb!bgD75a=6u zqLEEvIE8c{S4a?ir0A-5m=npowz}#Xdbu#54k=F?S)Amt#rsmZ#Zo^DylRdsXaS=@ zjg?@UskvNuYCu{#ddv_M&X_6d< zz3#iKs=NA}s=jA>mb=THA+;pU#hMGjrT~+$3>X4eFkl+CNWB<(GNCs;*^hd$9|h_` z6s#8$hHcuC1;G!yA}D}da%XmCXJ%)n@B8k$kFLYN$oSX4|8;g%byatD_m|W2RsQqK zFEcVSGBYA0GV;6H<&)E=PxtjjrS;&$g5ek%dREgEGCnpALU1ZU7XyG!{n)W%rKP?I z%7dl*_aEpreFt)~FtRy!?(D#Tp_j8Ax3$yPuis$w+&J7~Ty%E!_V%%GJ#_G(%S;|U ze1P_haf1#pDuvsFg9lHZI*Gn?6JIu*yF7Ws9q%1L%5&gA|H#P5;K4yOs$Wx7FJmU| zI1Y*_qesr@W#G!R)A8ct^6w2_-=QfnRilm4hmhwQ6&q14i{@&FR~MNM$6(?WxUH?H ztF61I!z^HkWfzAkStzo9p)1h{@y8U(pHRFE!)Wt^0vUYg9D;`Rd#&nM`lqZ*rSY#w z{t8kR3cbQ-s{B1&<`dX0hj?RcE4f}Ns;bI&f`ME(3;~m^8P7_Q#*6wkhMSWNU0w3* zr0Cc18?ynZ%^sKp|D1KPAfj@3=q|yuAjNVcFqdg*8S{xZvHQ9lekN=&^@U;XghnaKF%qll+tb}U z#@?IvVG!73SF6`eb#mvQIJ)3Bk$`${K7#4}cTk5Wk%RpXa~D}F8HwLp06^DI(m!l843 zft=((SOB|ns5vySHl=bWa06^@FF8;aau|Dtcm^IDIib>7C}3u8o{2D=2Qd`33TRj@ zn_05^3ZIk}M*-QFuN(fe0TukO%XryJe{F9tY(MwgB9d(%Gkf@j4eBywMHOYfs!cd4 zniVn4o0vQ^gH@)=4;61YevnEz;}Vo%>FVk3@XtaEGy67Rx134`o``=(4jvG<{BIXv zTm}BjSBs0?+x>PQ=3mQ$?n5AV3nWZ<*%l059EXi5N5FKGXjlZ-NYkc&{lo&}(hPH2 zA}I1ox;#?6_0w*G6op7snnYXe@nP_Pq3h111(96TZ>LX3hMNtB#uBf}rU(fwypJV_nJcD0kuR)3~ zj$Y0OHTjD5F19c;ME3#44-iFC?GJ}HlsU~!WB_7Yx&_^9n6ql4PFH(tClx1|r>%9+ zHId!ji=&gY=sct{&F8Eu?%#WXSvs4px-tsl{2ylE>73hKyF(WnXDXX!o`zFVw^K5# zJ~YtB0Z9ETxf4{8jOWi%U}VdmnZKT)o<}4NXEWlsO>bA6LVl4J`8-3RvC!SFqA}w| z!=yLrp=;l)`IAkkC!-NJs?IkXsxJ5lGAWOECRSF_Pr=FxdaLp;<1CO?;isa9iXJNY ztC~M^p{eG>H+MeFonLH1FugdsG*=bRu!_@whg}cJhSiI$^JDdhSL=e2iS<{7N<%rp z4uC|%1i`iMmo8mq38w_6Z|}bQE@wit9rPknXzs6Hzkd66Tn(REe3ppszkh+ggao7< zfkE5XT!BtaGM+nfHm)$8DbfE@Zdp;Kp^Mad=mHW z-DUE3@9y1uDHy^yO(EZ1KvFWRJEDio%4cfH$*9}y8Ocd0>JhiMhtaLVj~qQRFfc$c zo1c3c#oglv>;cv>(FK_BIyulkbZCeRQdX5Zv;mT4*!cOUKfizfzC-{h4a`T59_{Mt zCXW_%42F97i)5t1P_QBOMfu4PtU~I6Wd2G&{P07#`q{_r>S2RO1U`4}+&8}Q{=4tJ z3#C-4FvBDls>!)vzI^Gjt~qpY5ZFhL9+lrR&1)h@s@mccNTAlDgNGL8k4!(=x3SY8 zIN!f_A6C6xZriiJz9LEsB4yo=S0bR20$N?uKQJ&nJPgRYckb#z7P0jG@0@r?UnpFS z%wBI?zoGoWg9k@OhDT1008cSl2>c-vh{WeBQ@Q01aM3_*sgAWVd+Mfzr*kZ5Za?Up znO{8E-%F%oRICcdCa4i@kkiAfXlV6T&{(zysD}>^sak#_zo)>67PN>>b?j>?hx*(4 z;S@p`+J61j#V4bqDiuwis)UJ0U;8^X|Nq{8`Wwei{t62BN$p*rH#zN)dW_RA zzx)bH@7}pHIyRmiA*Z%5oIQK?%y+;0tEWz#vhQIRFv^^ox^(IC*I!>m5)cmBVzD~F z3a3cbaK2%U%q|&How1YShdJa zsprn0LzXsD{B%6>(Zffu^vNfm7?OUTc<01#{KjvbZ#~~XIKbYh)h5ZWpLFScD z3ANyzp*P2Di+S3_Bx`1i-N8ftJ2)`d-^oyKxrF5}Ucp}&FxzAkULpNt%K=~$2U24v zad8RSrLz%+w>;JI3J_FP`C=GI_Q1?$&UDkNfnYz)fWUQ_8_l1`jvZ;7rC+SJ*W+so z5RdHEO3NHB!s^K^)mno^(EwZJR$HedWPm8EiFB(2*24d?!6dB88PiJ~H=4CPVOPp@ zve_fC1MQ9>DYGoUc2t7{kDm>;I~z@mTgNZhbg?Epc=*V=ubKD(-K`;7o$znHv?}MD zfdS_|@K-2MbDZ3>CX$25Bj^GBy*Smq8CZIgT7k93FyrxBUe6M@>=Y9TiB4D=sx@rZ?q^tY-Zs296pZFRb}7_E|v7sscF1AK>uU8!Zxb9v%= zw)n0pXOo|Vb2h3DF)NZ@73-VF3H>YI8k+pWmE*85K1GPRgg9OgmdV{2$h~JulPc0?k)_G z%TMTG<3c3CSCxDX35C$#`27J5t#$f7Y;O|q-aWT%J+^nCygenCNhY>qOiVf5WZO%6 zCd3?+XMCGt>5;9guD9$UTep*#lEe(QE9Zh zRlPQ)8TL3%;KulW3j&5JXSV&^)`U=x;QS0OT&w+yxNMLDn-;d$j$AvZmNQFXT#JXz z?yL7;y-#C=uR9n;_1i(-xca{A^~1EUk!R&(FUm2YBjfCRO@uVjxQ5E-Pff zI&G9p(UJ&$JfokAzp5iJu~XqE=%eDd0|^)-6_ROyclGCr%uv zs;BCpsl~S{hq8p4_WJef*REY>ivSM{4Y`n%i$tTVDJ*!G{4(s`#;9`1G76#A1bMwt8WB_?-|VIy;UXKdzZH zRSZwH?)I(QTH!;kH`%u8ECp#Dvl2!a8eSA&qYoZ%!}-`5P8|`ZqUD$%w~wR3Ib7;l4gtX9{`c@)f4S_wU_92JgN1u(z*=zgyOyrE?#l z2d2*>BO}L;9cRx%DvN)%uW(mIw8Z-dNHyF_t^wk$8~OMNeVAb}10ezWa>!l*Kn8D>344rGAW%yLkSN)!fx&1SN<)5EuU(@x3}c-4-`#r9GduGu z%aA_%%f#o_t=ktbUi|dapTj3}A5f(kjgB?|{WN^kQvar;q$l00Y=!v@2D2s`s>OD> zI}Kau=J`gwa^)(UT_|RpfjpEMWN`PMF{l;DrugDneDe4SyH!{UL)Fu#VG`;};F)+1 zDmd;1-mROr`~(aOS_8bNua~b`SSCj3(>>4l2uZ01W`VYpSRhu|AL8@v;iU;|<`|hGR>BJ+;Z=RELrt)159}wYyed%kxLyquEFUJi$;q(( zXF*^UaEu}RmUq}e+K}@17_@B{pS@O=3B4x-?^m{>W8o9FQldgEtkwwbz5DultqA^M z!|Ej{x4|-X+>DV+uym_2ltHG|$C3&XORW`625}{q5UfRkB>vWtmiIMdK({O~jVTb< z7oDg)N{s*Gjdta8WyG%tk-H(!My*!06%}kY=N1eqzGRoKrM(0egu&CWe}LTVi6n+BUr0JIP!4eV#& zE7;y(43MYtG>C|WOiOX~$kk7jDPl1#VbK{IM=rgyQuANK@{!L_mjEzXT^B#5Da&V5 zZ1#vY$u>3PFiGU~)2r~TQ{)SYA#N4{nSdu7zpWCatSLEWzdDncKg!R-qvtu&eY{_~ z3^3L`m?h4I2tILYrYr={8n&j{FPH$6bgb01j8?;=R=HpniuG@T6rGZNQFcp+9`zJk zCXuJ`Id~|Hk$A$B-@ZopM^Ip{BeQ}(P_d84%hvm=-luyJsfKTiimijB0Y4=+ zmXmz7g1r*=6-GZl%*^8X6Qlp!a^#c;D=9)1V>^wUAjK|T(euR?297gJCR9*d$*APq zxhtQCa+JmhB<<~ebx@-{uR|#K3`}Ml_YUNs2l$E*m6Sgos;$*Yvl6k={$v5l z*x>yxCujfK>g_IW1{iwwbajyafL^SW!wh0uRl+rV`&Xv=5M)9|jTC7?a-}yGC&ng; zJtZyi1%IlF3r7QsiO1!NGbOR<`E-79awg`V11(_|aR2ed?9+LADtBfc=;@@AdGKVy z+rxulg6oXms?wHAUH|XHAOHB_kACdkgCG6K^Qmp2k3X(w?f>9|_Q63v5C7l?o(I17 zn;jp9`Zi&!XVZ|J8%64g&y5&^Zu^>|#9O2&6#^NJC2!P_lJ3!%w|u`6jdcL3{E3PR zpAC4Z=x4);q8cv^bW)#1o<%DBRQP#D4eRkg6@FdsL*7WbX^_oq3jCNnY!GsG)bneLIBs6S4f z8Yw<058B072!lEHYOME2KoovHQ4WWf_wPSYGV$CEt7JWF*i$|jpU(I7_70B>U%2qz zhaY~&Mf1=|2h4Exv(G;N^pl@IeDsK22(DRau&EqowO@YuH5*OY-hclBvq%h?TG)|X zyME*T{rllmwX-wooqx(cPyE>Nu-Bw(WUQ%5)|`xPS?{qdWI%zr~5Jr}o{{H*# zfB4}Cy}eN#LodaG{MOBzw{P8o2Ve{AE>531t-~?X3(X<=Q5fL6{b8(GjPagzeY{*R zlyr~h^OLy!+|p4UAhSEdFqg$iyIb$$R(dk8S3SKwP^v|=>3ZSuqsLG!o6NpCfBqbQ znSSax>H0#*2I@@_U=9upz_p6>BZb$!dvT|{SITd9d~IcjW|xq}pK;KV&)xL^w_I$p zZn<>vk`hGpogf<-`TF(i5ANUB9js|jojN%(GIIFHVGh$sE*hZwRFwsi=d$YZGm;Yu zrjH$LKo{m+MnA6)r>7=!R4yzUq3x~F%;I2%Bp!PUY-`xctZc!vUtY1jCbL5%gJwpV zXc)bLL=Pb2W@X z8YKq09{wL$x4t=f`rAW8M*;BY(Syqu|AuzltD&WTzqs_nI(*umasBf7=bwN2>1VJ? zm&M@w#PQ=tkMa8(v|Vg~X3_-Qknxql!79jC?2jkLCzu#L?GDexpk-R>smYz4VZ2zN zjmut8l%a9q!n-0cz~ESCvA$L8`FGEsI(Z5)Fy_`M!;R7ThrjY6RB+|1)oP5HZ-q0ta$p+S2nm_B$lI{V_dRj!P{43D0@&`OS zRccN$u7t6PX?~Z+JK9-wAL{Q-wd=|+YQJh&j@#{9%`ObK1`iJU*sU$}_U55n2c^bgO#Gbv~3PpStCsRmNw_r%>aY^4jP29qAjmbBDt8F`ArU1 zJ*yIG!I?PZ;E&Jcw_y1K7-|H7%vp%fg#;tx`7`6vW3ZQpbFJ*#QPa zLr7Pw;W7ZZ7Usu;&3*h_x5=t2Iorxo9z|PipUpDsep4mB9T-442phSU0riwwc3ay- zp(Y0wYAhe7&-ju7O5`l07(|GulAhlVRK3QnjQNDo-qaLs*$hT5umqSab)pV^jT=^h z{+eUJGH1@Q`f*)uGNC(0pF*zV=+-)mZu7W^S%@5Gg(vY-d(F*macq z>Gj3W(tMcoh2&mVI9rx>&|bn4+km`R8Qo|~eU&inwC>~`clz~y{BD!pAqu+O(Cmf1 z7T+24$?&dUOU{d{G#>S8R?V6lWm`9Y$(&qe?g<)zU?^bV6zQnqrB6d3FtaSzC7VQS zeFkwm8iGjX7uo+ob3jXu3I%Qndk1qMs$g&J{9JHb_;N7h>Af{@L?=W)pfX|2>pe@b zqe_INwk!@CLNl6ri_I%+q=5uiig_KXLor=!Cj1d;6dglFTK3Dxv@_G;76REV23HUo zW}9a0WeK0itPutExCpW&v~tWc`!v+99dX~|{P@&N=w484TsF}nN&yC!BsE{FfqzHP5~Z6ww?4jLAVRUy;GdGIDZ@wH zdy#{}YF10*zmASBY<*`(eZ`P*}7f7euH+6(JGr- zy5eFEMw41m#(mmHEMJf0N#7=Jy%r29@5sEjD(nq!hC}26XXpl$ajU~ zJHziNM~52bdR8b#-r?aG8oUx=kHr+}{Q2{qJmgB$cRrE-o#EkgX9uDE(9ogY+jo$M zF?iy{38*k~QMH~kG>mHo(;U)(5HhvQ2x6mbNFF>GM^9tal%P7~Bf9yh+4^`*M6VXynQv0kv5MB-Ua*8^{cePG$NdD^zn#u-+4h2$kVc7g2AYe?hg z`!JrdYgM?zW6b+Z9!5u^k2-`eqQ7}O2+4f;17M{W# zF%K2+KmI;V-(9grH%qe8SsruwL!BC%VQtgUKo)3LHU7*A!m3uIe8IO0L>o|KuCOqv zWqP`{SDYXz4Ll{A<0oub*@-r;3#Fj)P@2Cg^7L)+3E>bun$yfBL{pRHmhHNkt+w*o z-D`QOB?gzCGRuWi=+ZPrX`NpnXNXp>quz>aBU}NP;g6aj2XmzyiAq3b9F_YFCN4 zx2wMLd43{&)wk8p%`pJ0iCEK!Y0|8Pr^mhMINXbaYPwkOZ(d0Cw!*+3VIar5fsZnY zn0OM@XtxHflJcyxR$EoaN*`T9acy5A z=J7`0cQFo^Av?ux52;}tpSTSTe^%|<#7x-==ChQB67~iDD|nvu?s~B|2tVsJZ#U9* zXhO6bRaa$H7^pC?4GaVivAp{n!c5tXd`qMkEw|u9R-oWD54sFUXOhM(LgT0hnnJ~-dM@5Y3TEe&x-=s*SKK~r>#}A{kuSsmXr)qWL{PEzWS*l zIC#oiLOxKnTG%59)n!vh`E}$sRwUiVr<9EVD3~nd;rm)>EMO1g_PC4D>KtvNu;X11 z!eX(LchH@sM^F?MK@mo|&3tR$yxv6}EPCE;Y9<#(BXe{#_3Z^bPcN zQzu?Js+lRiM__=z*9` z$d^c@2Pn4^hTO#TQzB_(szQZ<3Ii1eDhyN@s4!4rU<(+a#IkwKtkIolc%jE*Q`n)w zzMj_3z2bhi0MyR2V4^Unj6vC@*^@tX@F1RwFv4V$B`e;kv1ob=CUKM^A*VDoUAuY> zTYLQYafxYvfJYCGblJWkxY80ZX)c2Q;KL72o*eO3U0;8Fk<(V*H!oklERh)j`&8)? z83MA1U<~)&U;FNvGpAL73uR;HlfV4SpRfR z9Tsw*efHVqOPBB5y?g)O{U@Vgd8rUEWB& zSY=U9dfsEodjA3S5B(7POT4A_N@A`DEzAr<4NaY+!~kJW*vY_TAk*LV<-vmLuqRG^ z5;!8n)=$Q~FC`RPGT>%vKDC00;k~8TxMZ3*n(j%_mtvQJ}R1WwO;PRxd5AXL?<~SPWZ>Bov0iLgw^@e?L)_JjTe}#PxhN zaPSN}ng!%XR^XESJ;5(j*1&>;&GX;Ao zz|L=t(_-p<-zPAN+Ra@YDzolE#zw~Q@Nl`Brm?DMI7%>-C_EX0>w2cBa6&(-feexK zZE0c%bncm_!nb1F_l?wa`XG?$-w7Pk9TYRfI97vfId5|(|Z1Jm?kS)+v z4%QkbS)CMmXeI-8Ps~UXS*-GRJ2cR@$WR>Ph)+yE@4z9q4Ca+pdUouo%sm>g$*UI|)z|b_%wZ*_RV*}n&%Xh4y zswgR#9KqV*X}yzkRTa6!c$)XM9s#V%u6nKuWB#GtJ^8A zvFLptH}J_yT*Ql*$K5A6G|=1E<5HzPG>5Z9kjwnjSMaRE_C1~|04ogaM-1%YDBX|E ztzfD!@Y-S^#hfsh3nfRWI{b4C9{;g}HboId;o(r9&lT>crBrFJ#ToG(G`ad@uP}fD zg9r)m_Kk`PuIy3~uu1Bn#0ZxUC@b>VflB!wFj7)17e|aK|D(f%Grq%A+8utTKdaSJ zh(9(Flu)vTUWdS6|29jADoZHkdl?~Lt^1T$X=DR$?Z1I@Rd%1-74ue3kmpvHR%eUi zZ3!Sz4n9>LL0n6G6W>L}O08K6mLHpe6xm-zhz6GH|8gskw680*S9A6PoPzm8&g$Y5 z)lx-Pzk3zGqnBgPG&Yzf%C&m>oa@s0rEm?<7LI8_`V3T=?Xr3{0=tS1(ODX;@_Oo$ zEjj6;<54zoV_3y@aCkxSP&Yblr_OBeY-*uX4EG*3km;y6TWzdmZ9I@^o4%t>jlgVb zYwGLiv>i->^~(IOT{8I4alnq5wgWvYz^)g_RqChz!ym0RSM46?J8@xz@^k3aahcmY z+xw3ls(&?h_tDeY&>26xddJ@Oov&_8kH*!d8OHwNFZ{dp&;HrSKlvwZzx*92GH#Y% zZuD2K+VBB((C5O^?0iVw5WXMB)kf{8(kl#97^pB%VW7f5g@IRrfjo-FcRfZIPk|}I z)=x}_FP1JMF)Ni~kM$}*+kTxj{&Q*BtRXDhSgg`{;2v2Oa30Bclmd^D0sTi-fZf7D zQRC6#<0>CLe$3qS-n-`+@R5m%AQPNz2`fPImTjL4&Ci`Xr)GW}<)I^Fw95F2AswSh zDJ(*m&#Lsq@ng*9Sgf8qca~Wm>4_no5}CAeY{~YK^&V>sCIxjSj<%Nt-q6rtMzjnr zx$^`nzL*sPWec`7_&{}sGNz5^R0f)dhK4k)x3>@Ep$wi2r-14bh%@)gMdz9fwxdUn zO1yIU%2-?+|HyOj(816O5#o3o6yCmRv84$#MM}h}uI5#PuMHcHv}!Ft z7mi(OG_nLB_)MN;cSBNM4%!RPx|sh?bxTeF?-90^BO$!S;5hQUxG2h7RjZH|9N9~AL zrpXEC{o)p5KLO7%FhWh*u7e=6Ca`Aa8W;eKo{K$DGa@;Bc*s{MD#59LQVCH4!a&dK^`(>nZ=SR?g@dh$-uy`zu5ijN3fEB`Rq6miKZQW`m%w0DfMZlfPq1}h}NvAy&5ag z&zAzi4l6MRtq$z!EamnFja_5V)A-dKtd4T^sceFAiZU}&j7`J!c<{8#L1qoNPHVU2 z_qlB^Xsd0NX9JQ{EDFfUQ(+*%!U1Vj3+0p&tV@L8UP_2u=&o=W_A~*}+7wgULTj8` zk0Ay;T!g|yiQpC{=HvE1`DHg(6oWs_^v}A6$+5~?*T7k?9Zt+(NL>c;-roMW9H1OZ zspqL86$Xq6vjJwWvva~?2O&wZXvr&dWqc)FAxR#ADT@jL2QfD_WqwO&tdjW&n)IP~ zERFGh#D)4QsfwWPLfc4GuoW%z}uu^2kE&jX)F0y+X$9MGf{pUh3pSDdyje{c2dfAO2{vT=O7#L)Xr#?#VS9m z66Y4@NlXG5WQG|iiOFkp3DY*|_;>I1tG)<2t#n=P0dgKsIda61#rwVyaMCSuaqvyQLuPUc( z;+f697-ZUt%5NJGfw2$kQYn~zd4z_y>qH3yb}PI{2PCU<D__ zsRRS9(*y;UZM*oWR(r&X)#~$rSylVX{0Xt(hq|`5Q1O=2#w~{qIXAzKHtq!h)3vdI zv(r-aXuVSd%R4V=OAwG`NFW@VJQ*DueKLv|T~^sLF|*V*4Ot`@r>bdf>SdwRaDNiE z+WNZ=X$|N?Fp;+iN1?`E{xD{Fdo8@H@-;LwHDyyv`3MTxQRf;It_7KQVJNR8o$bt3 zHrv?{u)nELN|C8r3 zobk8+=%G{JId|yfu|^Zs#ta#+za2Vt6ae4&+rK(`=i%cU_iuc9dHnw4%rp7vr@#2& z4+p>h{WJgg9}oTDx3V`q5#-vQH3Q^+Q+*$hbjj(gxoGLBg|Y$LYoV!9DhyN@s4!4r zpu#|ffeHi57{DeiwK;thDghdSiK*GH4!&2LUDCek?)38auljHOh#!%J@}3PFYf<9W zz~BIXsN^92HJLLC#U^i(r7yeM&!rsm;#^D^d#&YBNu!UqyCV;9Q8ylstB!w{n z?Cj`drx7Bgi_Y)f1DnseSv_&$IEhjoIa%hh#OpiIM{bLjl3wxmyB)ybe$j>E$hBjs ztx+s!s4Cc3IU{e#33Va3A&V$$HJ!>dGmfDJ5+IGDODnXIbuv}g;i14S2bs8KIMJbS z=q+rMrdJlX;uqyS`J#C~iVYA@NcfxzSDGZ-qsNYpjh%8ay)J=Fq6#=@f{&j#ar(^Z z<0p>mWva0N&kG=GNytE3Wy>{($kWpsebLnu1}VZU$E(wmH2kddbkF$2bXWH*&C}Yk zi3ZTQK24!DQ02@l1M1y%9A$ADfo zQtgPLVIz*=Sm#_^e7Sa9Yy^vrGfOx1)GYg840cmW z?hYZ~;<}9AvKS*KX9Gu>8&$VSIs&ql(!OZBqtz-Lli>Eo*Cu7}{;L@LwGf5?)ZWjv z72bUyc2uH%WQ?x+%yL$Iy$sR1o8`0qH7~JLHiz%gzTb{O-qVj_hSZa0)G~?f>p9Fq zhF7tu8I>k~Bhjo5?6OZ5Tg~PH{cHKd`{mPc)~8-!)f#-S`YxQIYCA@wl(3UAs|4Sg z4Lp_PCp4;PqYeX}T}S(((t^Kev0y27>4g|OB^X~O(hL&vCz3;r^+cbbb)`kYB`69vl|ee< zBw8vE^~!B<>6duGr&SD#n+LQ^nEK9K$5h=Dm!g+V z1h7~Cq>5A+cqJGx%EOv^b`CY7Ndr7*AykTJ%QQ0Y1=r%u?Va4R%q`4W4K0c>>*V6N zQ@GW%(@$Tg?;wd*(B$lxE4ZEPv8_jK>Yw?Pl;P${>2?xQWHQ^<41&wn#nYI;1Jh+9 zj;$6Fio6GUx>`FnL!fWyi#b?Li&e$GPFSm8tuV09Fi@@5ub@NHq-m3iWhig+8O(A0 zjPJT%Rr%iz{G{iD(4km3!_)ZOd>pEMwuQbfb*!IgDRpclgEqQbSNIyA>iYsmeX8CfZWi#5bTVjYuMyQ(Zg=HQ~5)lHp;BkPcV7$Bvkw z>oDasC6uN%kI3D0Gn6HE!|fc|Z=#+lo_NNPw-0Gz>?;iq4^uZTm(Xk*j>1wkG$puo zwb*!)Q^_==_FfBTS=%zh`cve1i`VpuRDkEKbNCsl_d@oIE!vTh5pkuluO;Z(EGT)N z5uPEZQDE~l{vJJiq)DKnMoKtKW22XOu1N5}sTDQ~nH@$RB~lG2a=-4y0}%G0NGr6_ zPdY+7q?mr%2(PlGDKSNBN)VC1{!^N`oFa0HB<1^=@qFtQXE`&xc|-__!Z)!qREo7> zW9QY+j*eUq(+g>o8vhq#&%~ltfZ8UG%I(c8kzgaRv{=n8h#0;2Q zdP30)Htiw{aan4b^+b6R>mgTdWlD|q)?kiZFyfI$`={aYZ+6!2Vg_B@p>(N$tJEe) zXLj1r-sUzsvX+L|3tu;)3O(1GE608F)Yc zqd&U-FaD%nIFG95e(f7)zxzw=&-3tF|D+aK)?5!99~wMy`24SblLywzKl%L9Uwy$N zmOM}X{Ler7^FKfN-~9f!{^>t$9}Erdst|Zvawe5-ECy7KR0yT9DIfHHx`2jh^43o>7d6S%t5@9zeeK$H zDa=`Xg^O2g1`J^_=`3t|Vf&LA^OhAwF}yoSGuYHLN@`#hGd?sygNVO34-?Ad@loM8 zL)N34As#v6NEmdQDn}i550=I?~CPkcDUuKCG)k1)f3=Q_S5uRXomt~DKmI@j9@e{3Ja0ZQ} z?Dmd!2xOlGrK;9*`j=H}@wPkW6|^^&nek|Rh*SYvq5>=dMv>+W5d8&#r%s(>DWYHW zuP+>{8yOised-j`MsZ!NMi0_Nh857StyTGD|1;a|Jf0mRYZV*1V%#y z@%$w4vn<|bV$Z<2=_i-H<-V}1yJibsFQ2#HjCb^%sV9o~w%98`Rk-E?80e&whL%jk05>udjl=&0=e={1vhTol%n_H zqPMSacx3pUcitH~JfzH3q*XJ_(41LbT_4;pw<;&nRH{!jA4*&&@2vv+2M6qUkQNu> zI^AHr*9}`AFZp?u|2gY#AxM2;sD@L6LZnmEbLiW@t*=>8Lb*PuuP+Qf5SYWOrK7{S zugxn{bc)-?QBuBrEw9Q%?f3y3kys$iCrQR=&(eWl6uT}ZY?K&~#1b4n&W(=nU|KE& z+n@9Rs+<)JAAX57HurxvYTbTFPcsP9BSS|2V$U`lIdj!%8eqB_wo-xlm^sHZ$4}`w z_Ot8vLo0R{2E!QRkDR{Wz$DiVaIzs*Dm66TJH=`nR9hEHl+wN zGjaMPBGWVcD{HYhjuD)?dk0;dpA_O>XRw1)$=1%YhMLi1r;ZNGE@PO6Y--7|JpV7F z(3)#Pq(jkBt!_+af7Z=en%B5KjY7|sPBh)o-mXQOrbU9de=_)qn2Xg~O*gSzboIBw zK&n~Ut%kW6+ROEehg2lA33kwxMbn7$v=nBjN0xtv-xln%;b5MTS%KweI8{-CDpaRx zPp`5}%wMslrMOX~wNeIm1XcF_?~>HHb@mVw$ZT3@)=#?M7l;QYcIpm*RGc zI6M$1oEzs8r9qiIl)rAIh&7>1-ERgy_qxBT@;4fi`=5R`f_zufE2Gt2LF4Wh66;fq zISYG{=T=bV-yB760Ddg~mPumGd^635jl4O#?$5msdLy)0KUrD1$iF=XWdP`o*hzX(f;huiv=w#TQ>vc47+8pFelu z!g~~Ec~&etF7jNz@rz%4dHwoz9Qph2U--s1-alAwlcY_dAN{Mp`fIO<`u4lsW+($6 zJmk#at_y#Sxo7tJ)mL9D1W%}nk&zK>C=Ja|e)5xR*KXkZF^48kDlWo57b5%y$$9bO zC90g<8h{fixn%&;4;PYpDft2vK}3*x;ri zlfe#YZs?d)ZJt6S9Kt8GYg+CFNE9UcT%vff7+zA86mo#p=Vp+fKD7Nh$(`s7+r^L{ z%t9Rb#E0ZMyRQ7Z*vjdAw!>JT&!I5Szlo3-Lb18rp=;an;wf50)i*jeP8&Y@_=$GW zw6}J2EjG9ERQh-@#xF*B=+nwFccsSsBJ#&v7g{04b3wxx=9Ra-6LUDXa4+_trM z^bHI^h?rek2*n+!PJ78qeLbCr`g`NN;7%{p|ny$@NbzW-Sb4 zM?d=bSN{1Q_kZv~z216c1?DKKIa=VYdDe->%@CfS*XaicweeUlcfClJe?6=`ORMnn z3>WLgD*UX6m1k)cexBiCy;y~x^|10Rt-{YUT&x$X@UtFPo~5nA57q+D&$_RfGLcnQ zk+m^e&pz1Cv1N{uD8!iT-n|E`5r{Sp@3A8UI13dLsJD55(CNEnRx0>Uj@F7x&NjAe zgtc2YZ()#}<>N<_oV8KAgOLm4fC%D*KL3bO;vor?VDsPSa;d#2WtSKcxVDy3HYMVe z2;?a?Gx3dn!6uL`ZboYNs#I3?IDD+y@ND@DvLdcL;;$RVH0_6 z75!|4B>*wN3UOd@5mVjQ-P_;SL*JoM>x&1apm>$+avXD95en}d{Y@e$r_5T|ZEDNC za{g0u?CU6;@J0URIuSPR+_?iON@1!bMSu_}T2b!u4?9j|F#-W2TMTv}Bos68xpm!5oB6|O;Y|*7MdrXj8FCVb{{=-psyz^W+?gCNf$j|pjt~+FWtr&xAlR=sefkt3t86dSKZ-~K<8RO4*@ssn zW%SV%zJnvy5XMLE5OY8~8+Ws_IT{;hSQaMN+JZhck9oCL zvI~TcTeohDF!a`5wyJ57Yzw6fw5Sb`(4q=?^acEAz7h1zZ~l@VL;%JhnM}5Xt?^mr z3N&?JLYWXHWA3%vgYV02*JwhN{{u*#Pstikigq zSD7T8Dw$-?XM4@YW?CWZFBmh)JbLuR^Uj?)d$6`rJ-yP#ebtuT0wy}K1P#mydACa5 z-Eu4naT;fI48T?~U1pEGKF>GSr4@#uE@O_2{fjl&1%2UrRq*#I8hAASM7!m&H=FZ6 z4s9>G*h=iWDLabALrO4ahK!Y5dLzu6$9+Okg`E&_;Afz(yT7N)aLcbuT&66o);#;w zH)d{WzUfQT{I5~EH=iP#S5&=y%Q1k8(2OCLQ^9jbgbcYxdioB5`BrF%Jo_n8DC5z? zfefzuTH;_NL#i@hm#d2bva*o)3M(Cs|MLG@IrB!el^3IEX(rRHJ0ZLleVXmnJp3xz zFb#ks9tLM&S9$`(fy^&F0_47%-= zzg>9tI=?9s%TpK!dkIa!6*aFqiiDEc6Gc!@e zw8%~_ADf(}@a^yGKG5UrPwmibb`5+fkWmd4ux+143FZyJ=U(?$RepVduZ`?y`dJI@ z?xs{mtGkQOEtM9lMd7;|w{DlMr=tXnZuu9Bgej8cPnEyI52}eBVgEOU>`nOZD#u2* zM04w9${mUzwGey41xPtiQXB< zj7|Br!IwAmP54Qr0pi5;>#r}_N25d>85vGN6xU8g_sZ%Fydl&Um zF$4@oe~N9RZmd=Yo&!Nvkr$wHB7Ll2|` z4p41r0hk{fF(#6Vu{+N1$l`yrY$fL3Ui0XRD9IKEBK(1XI&?m`&Y zC?N*A96&;Xu1MR^BW77q*-1g}Ug4)qm*G+W29 zP=+3y0Bf$b27Vrv2%+p*322Q9#9_m*IE_%?X(GuwlbMFUdYDv5 zH#}4V?QlpmK{k4oSi{AXHkD7eu>a{>L2dC-xub(Q7v{8ACfN}nE z5&dK)v((M42xy%8qDVy{KW~v4ICXu99;H}bdTR|XKaCL^7pyrE4!k8* zDoDIs0}`#`I;)t%7y(Dl|K01K|5?-AUGwM7Yd>vm`F3;DF-|HUKfZh8>gTgFV=9_m zIyiXhcSI70A|TmDQ1PH9a+b z>*h`S7e)s?Xc`V0vvwrXPCXk4Z2jfHt#L6n%7J2RdT1uIL{)23X3Hn={Dv_#GETi; zZphJGg{WDF%0>`|4W&JB+sys@95XKt>DstFv4qmb(tSG^FLhul{^Ys)|9SzM^B@^)cfV^L3^z`8@}o0M0+_PDwBz?CMVm_UTET{XONAJH3SK^ z<&4|=t3U^rHKDV^Zc6N^*rry*exrvN0{)LK2+9wyOQjq9EYQYw(3%jh$^c|g7~7BA zL(MjGg9L<8V{sY{lRQwHRcu{CsX5jw*fp`pX|Gl9ivWzpko5v1VdgPy>P?A`oB&ww zcp?nn=5w1s?Z@n;4{Imw_hF-wiVQK<#)g>jWq(_L8G!3zQxo)&P~WXJR~wi{t3hf9 zTj$L*VZmY!m!1cT6svRBEpW$)$d8eS9Z~-*)-j&ftP2~<<1vB?4M)WOs)??*y|bsg zBkq{$2}fsIDub5hPIca{W|h>a@+x>&bRM6VkOl6zIn{@6JO&JbZH)qCCO``!+#ERw zHR%vd25*dkY+6cNN<$Azw#nx?PJLCzYkVsdrA+uf7dNzhZoJErrD;V1wn?!s`BfbQ zIT*`Nj|ebR4`HvmJX)9k#yn7<&FA`n%WN(4&T55$A>HIW>F4?%RH+pPULpoixS@(m ze(ZkE*qn)gXbEIibK5WGkeE%v`F&Wi8wR*Fayth;Gt+IYon0aDmrw>xjGEXUD4f_9 z_iwGJncvFE1$x9A1i&{>UW49{)#pQa&&HZ{gKsbM39dpMGmJASUX>QHyRxkcfugd7 zkzWN@Gap}>VwJ=smf32JJ1!?=a%%z`g88Wzwcq5I3ZCc6*9Aq}8(+Cj8Nyo}k8e!= zI-T!PWHa_?kE*PSHM?!ZN9GEYoLll{g$=Iq*Qn+##}BdzzQUaq3mpE%PJOPOI~Y?o zoqD?1IW6&S*yJo4W2>k0qm$Dx98T1qIw&7}(+*1Bi%)_fn2T$piD7$D{!1=1*Qb|U z>C353(}FQ9A!{^`<*-ezS{!>Q4+>m`hwNn?En-WK+Ksj7l`B^~hlhuId!MaVnG<#5 z8tquIG-aat&2N4~**+(?D_P=u@4b8W>=_y~DO5hn!QGQ)sWV9nw{M4>&ri?6!Egr~ zw-C0puyf^3K6z4AD8ta*nT-x$y zrubHbBqri*{>*qCdyw4euB*|>mf5GaSY)#!p2aS7ET~Cb%5t&rU7PtrY$&JYkeRLY z{@yMp-W;P<{;mgI{A6tW;lszYh1>;%qn@5#{(9`8(wR28mIW=fD9p+d*{@jy=|s zueQ~EKFYyAO7z5j$b&rt-{x4h6nAHp7gLP z19MoWtH<6u`O*LL7cLKDEX!{7!+-wACx8F&kGKy6=S&Y`uPgZjHG{riY723oDeXY~eSY+k}3}{B5jIyUx1s0UJ zL48}Qi^>#o^5jWww1{#5EM?TM)8?(yKl;JR+GC-G zb*OHThp@hG_Nq!yBc6Ye>S$+yVM>t#+zhUO*v1*1xaInfJ9pukyyl+xG-HjH#C3IU zy_imW4iq9Agd96|Y?I2VVFJiz=P*O=DlkX(h>%CRNkTn(qIU3;5oEca)GOJGh!c{H zZ+#MyB0n(^S%->B*&g~f>QQ56EAd)>hxZOR_Q^T!%ru#>tEaoErA_y-Pr37OY;?S> zue*JAdg{^Ra3FW&=n<4a#tsw}+SA2|6A3Z>Q8taWIT5CnqKu zWuhE$PZ<>DJ1q+HylG%W;YtJc(}DlI{r(>-jEHmf^2b*%FPFRg_uk_70k-@r{wmPc zgu0ktv!!;nwj8frV6pnQ{?@O!q~*&mzfv-qOl;^=*$hlJqsDUXiHX3LY%E8OQ^Tat z`CX@Evn~J|Q_PFM{q1ihsO+lcS`Ka`-e3SEUwWUiI_0jfqAfEQcY6O&jn^nc_Crws?UWr?L-hN`Ep ztc-{gcZ47nTWnY3Xa`>F#dj1N!4@|-_(Y!$Z}67Q7{v7q8DDpnhhL5$N*b1dl%1?+uOS66KUse@5P zDh#|d3>bh2-ZQ-0m$Beyrfd#Fj$Z^%1Cv7|zAt0MxWbEK(y;whPG;%DhlfnpMtW_4 zY+m$Bd}|CEjyP~!tEYGo5MnM8^A;?D4RDvE5&jmA8@jgSAvH0{+%F{&-%scnM7wS;kxJqLkS+QpD>> zST`a=bGvibai-3{xKVRvjw-gNt8jwolbt%bu6dyH0;vTQ$R!QQ;&y?C2luHgC$+JOiVPFy{LvZUik)gaG9l*NIN4Wb@ksVBhD7YTHW8kR_nYpH&Tx0JxWws> zffD*#4YWbavp{cmhubizhF=i#*|Uk{klC7vuVDo%@E7duM}P1K*Z;+zWG!q-f9=2g zLI1JUw_d&=3>$sUH1>M~zx`ML`;Vqa>A;#k`UijT@W(&?@Q*_uym`nqu}DYH#urTb zY8CxtIf3MgAFJ@QOjQ*ELK&y3 zoUoGny1VaOxpH-OW)?_-yXoh|KLr*ksg$7S$RB1H}o-O0uiv zm8gU$W=SW8QA=7hLZ-S%!SI%{ZI&#NOakGl-X;aJM}+pIkb3PRvguGk+*e_5QbZ9j z69zpYUDcH0#K6*&XpVANl6dAGx3m3ERgjEmv0+hRVX{+{PXx57 zaFy$Bi^^UuxTRHI*;u%7Z}HBx58og9>`-5AXJEPDrpJ?=AKf@NbfSyR zG#Tcf#8)p)=qw*Vi%=w>^RK8KOyKw|eUqC#|{LUcw1#tE7VJt)l8<`MCvdJ%g&vDs9b8t-!2_)Ftf4jjF!Lucg=|A9pgGp=f~8rln`)YxogHVJi=(pwDtzm} zzg{^TvC#;5j_byhD*o~@kiC$@VY{{aYLl^PPEOvBj;3(1ZpM2`1fcv%Ce!m((Eyqh zVm*o>IcGfjC*r4}9m6{xWd=_6!`c(eO9^G62@CbDzz;>fb5e1Ov*LDpp~_!jU}qRG z1gtx_Eb^313~QSejV8}(W$?OSo&hU*uM@e|ky{(i$vV4xI%el5re?~q3&|_wsr;EB zWfewHB~L9gbWk4XinB<$K~{v*Kw^U&0q60$>`#CKE>=CmlY#$eXqkx~*Pwd${eioi@_sor zdA^XdM-{)##hRjGQ>pAVH{t>sH15|X-@ zy(KEOi+c9VX+3`R+I1R{OP4OY++%q7MDc7I^tlRDDP&Y%rK&PDon}$;Dj%!E!|zaD z${>t&p;2;8n$K2S_ivm#J%4 z;At#`%7K#|7OR}Bx_yzFv$eeg`B=o&&c3s|uiN}dIME2^s?)R0vD50eu;8ki**V^g zrl%Y(rZWi3)S{=1P22))Y{t<0h9)=^+C^#&|4ue^!fi2sCrjZ5)%@&AEQ$itwY-fG zzDPW~wLrQ;&(vtK+JE%WZ~j-mP5t{K71h6mrEGZg`Nn~P>~HD+)(8f@XR)zF0+Xb#O}dD!)-y@vA`;6+Pt8sOX`Fhe8n5 zd{WUvMGtS(dYa>UsR{okibG)z7B}7->Sc3zbEYMU;nhB|Kuk=E6=*m|92p)S3W*+wN1(-bumn67oWJ#!$9HnCDdQ8h!iGTF|1e? z*t5V4t6Zjpnhg2B`m5osvre>R3P^zepZ@eC*w$n=lu!gAt18ehiYgz*8-pQ)E|!$t zU1Vyq;4-vp!IF~T*Pg&l6qP0@Cwz_8LCVHtR!A0kK0Y1c>mWXBwPMKK>F9Kc!@$w$ z*_I_&lXtbWwNK2&7$=Vr(m5HeV^igj6Nb*Svq(;c zt5>exfAByyREJdTLZDcrj_Sz%?5B$ZxOo%{4kHfzJb5y8{qFnU|4z%fk)GCty9!@u zJ^IC^(SQFj!|0Btj)xzA{0W;>>Cv+-EsC-y0HsC*T_zjSFMshRu@M-mLlw3x*w@nU z`vh{>mFhC~rsDed*MI%H=g*%rU;!+}Cc{sD@;5hc+#DMp=R_B&2LQDrzTrZKKOY+- zYD5X>!~pr~%dbdHywa*ger@NNj@6x!LeA8e@<5B75Ec1%^ysm^a&Zci@tZepT)cQ` z{Bs|U8pSMSJ39DDZbd49Vd-8UHGW3Q7W;RZfU5j4%C?{{C_^Sjq5)x0Fo1_TcaOO2 z#XvF7c=d9E9wvgDJ&Hw2T+8z!^~UgS4o}IpcaX7lO8L*9A6_E;m`pUV-bk>q%6UA- z3$igZW&E0XgyQWj9=wPfs@h^ph-s0{MoTS&bz{nm?bVB*Yt^?@=8wmW-LOWD^<`<1 z73~xbU}lynJD;ko*!vIkv6wg4nN@&iMrtesNY-N8s=zCoez7T)5e0%)y3b8wzHR*Q zb&Th10|UaU~4FJ z700MO;omfj=~+=bR^mFdIJ$3sP-_W|m6n`w&3Bl6EG*)k?0@#TN~^cKk7-X=r_Iua z{AImqm}<0wCADo;&L|`+f_rtNz^FvQot^Dc8a}V06$V~=3>d<$`orKM^%TeOlU5e< z1OAZoC+zO}vUQXh&M|#WPrD5P--y*T*``6Q_0VVq7%pY`cJ0E}Cv*QSy3Q=IE&!QN znZmjms>BKduLJ{V-s*$vBP!yL?PnO9l*0Bg(5fLIpx!!c)PG}>(^QIhx2D!Mmza3P z_|j;~kQ~di4=|!zlNah$ye0Xe7Y|P4E<8f)=|EaAAGO~xXFS76BqwT%tWiX&$FW|k#@V_SbM-oXCg@+H% z8~`u3OfOnC-dp?fTix;X*O84x>_bYd{{8_s@f|*VI5Qw}FnEs&G?SIM0bI4r9pF*GJt!foG_MuAI)C;RvU2&Ruvo6TRa#=tHU8dTxCU%(c9H|z>T6kaotT|Nm!=O zHNfs9A*nskz8r4+$)D7Hte*Vk^B?@~_m(Ch%7UKY_C4?s?7l!wUY_i=W?a zf7L0oqR%o$bEwwWuh(9_+b%s+`QPmE{-*b@`3(DjiDP-gLmE!bedbfm^G_IJEzGAS zCHA9{1M$he3N-y}F4>TckB?*Rj-NPw_Usu~$>yOumNZ-^Vl`bMPkBhf!iwTj8=HW^ z)KUlV++V>S?eQ1xvKtMLSLF~@V@`3JNCtdgef70W%27C*Jc=12+v(G%SgbOwBZbN4 zC$WyghIh{|zW4?34jkxLCQz?mzafLmhuv%86V6t##Ms=#vu6RR_weB(+`7Fp{0@&< z%DHm+iZX`|4dJhYrz}BEk|4>?Ksx=0~$7V%IVRs;iO z68Y}d&0G9+g6IDI`@_S-2l~SZ4968RNN(BfjQ$y|y1iRjVgB4i2{rpPY$gi-zXYCJ zx9?oPb{!g77y$+<*!~h5ySlpdAfeJ04W72Z66lXrrXc_kkm&UZi`9n@IPBCMMwYt% z!uuD_ojXfjfJ|QyVO--*g8<<`9>1-RrlxMvY9j!ht7M{_H5_>8hu2JotqOt3dOg(M z2m1SAnN zNpy%>kQu{kWa)F4GM_zrrWlXjWxu7Hd;*#@Q|s>OLBI!wf9c$>|2oQt)nEML7Y~2& zZ#p|Js(ohK<*m067_j|BtLl=U^770XWzHf*`yPc#ryZ%yVkK&kf4)+$VT($UD+}*; z-#!10Z@dpG{R_8-Z5V$~PCb0|5d4Ouk?t$4&_`jp(Ahyxinfi=YuBzZGc{m=p`~nk z3{MT0%hM3hPdW~we5>szPo6w~{`~P1CvrPQ;T`Rc_|6zLh!fR4e)44K@L{IjKGfCm zuh?N%@{19o7a(Pi_`@84G07l<*glEf1J_fs=eA?e^rAa7VBcy$OSa2mV`yQ)Yz7`< z%61t#6wv%u3u?$`r^Lp`d|T^m+{hVIM@}w#htI9|7ciq&%iK2qG<*-YEG}5u;x5%h?=v&D=@v~^Rtgn)Yldw6 z>UE4K#^5Iq7lzl&qr)5-#R@sTUZh=HDj`?Y#%h37?7aZSeiJ#F$p`xTkqwq6_=yZV zh0xbp7Zt9mx=d7!fUJmbC38a_!@ez!R7Aj9qkc5*$skoqumMqj&X8G8cyd3zMW>Ag?Gg_Ie5=D&ylwXG}Gh6jAAdaWRosDJPZ*~P^S2xDqJRY1$ z<|}Jw43;w0M|Gv9U68N0SbjFF{(R-|Bm&mJLu(ou`?9U4W%Sn&Ry?Z)B6S!XV$dZj zK+5tnii;ELv3SN3ngthR=ZYHX^th%`>`Lqzsv_pyxO+31vO*8_?kc+;zAr_TdV)$` zUVlY{%GOLYF+w(@f+sN%eNo}(1?aQT)E+*bO_Y0BNmcY33>X%s$(*%vkThl?M8-rI zuVY?`6>vZ22YPMxt2N>^gMTIP+OUt|kChX3v@W&8&I++)-UTT0u@~P+KwFFFnpFy1 zA=_{Awe@(C{S_99y=gz)uQhp75i;UK~^1xVJm#pGk31z;^U_}iO3M1X`=&BHMtHif;i4-?K}vAXbd)_tiHE~c8BjaymW zRnyI=y1gSdYl%6rrAocDNXj8M&pR5kdw#FN=j+9v?{$9}R4c2f##hWc zZ;X7mvU6kBt?0k%--ZSC4Wx&18wSpno^5_^c9A7YYxCr2=j7l3rn?E}Oa%73gW`%wd0W7jr7ejmzz?fMO@ z33;EcC3uvTfqZ0BfF?$Pg&&h;iM%#4GR!LU%$YNUAnY+4R@QYyhEG5JIXk(JKKj|u zfBre|KUg&COguI=o*}6`=g*&Qw3V#aM$m9| zAr6I5{{bbRJ9kb_=N>O!yaYT#gZ4^cfj2TTa`x;w4kkfM$-wLtY&^L-R#-ex-V58D z;8BCmm#46-JLD&!49kve=uWiMo&c$#?488U249|k^EZF<$tRy)x^$U2qwZrx`pM5e zoty|eLS4gjxTE7hV*?W>pc08^seodb?@t1zE(3Fa+&IrxIsWDSIWlYe)KvJ@(;dYP z?IeTeKNF}dDzQh> zX$n(10*yy(8STpYSVTnC7VFPAfZfK(Wu{nZu(jlh)j?BI)cEAg^z2-Uil7QA>gsZ$ zwUBEVdLnEpLg`GebUMQ>m=B?>rPbKsN0125Xf;ex%e5`A`kn9mviPM-mzexg!-vso z5sk_EC<@u1J$sfuQkk#>hcY8Map1CB4I68al$*76v2Nq?! zG&wS?H^caNVZn}sQLI>ns|%=}j8Idz3PPVpu}6;dmsiM5$NN_8HaAYZbAn|Y+w0LM zqX;azByDBFW;HhM8p9j7UhEfsAhfWyVGTgkZhD!TndQ6FVczgc{IUYGOQ#(=JI5_C z<{4CkP7t;g0dd+B+W{cxslD8#GuO_+v(}Y4rp$cCFKXPC`6L0`E`8=#hMqNOdTxGh zax`2@*b(aJ?Cu+2h7;31tJ`v1!LEdLhN)_MtD^{gJw3g1c8I2?@7;TlUhzyCY}4i6 z0hSs+G43oJOoX01el#{V!Gm2aKM`8llrJ^4EHV3Q>zJ5+%Iy3=4@;H<_Q2gG9PS$&@(=SvAzU^{jy=iJ3t7(AdZgZK(b%UO<;!cT}kEg(A6BjTZ`gG}4wydLy) zb=XqgbldecYi|W^BL>hpW4M?Ty1GoyrZUHqtObT18Zcj&$>Z!2!|g8rIA)EwiLSAb z-HNLe0GLA(O*!|t5JRuK`|wa4p%e$Lsts5nBYOnNZndZ?r^3J{7$_`6oU;(bh2_5y zci<-nBjqnP4@+zatR;9O)s6EGTe^}Z&UKXf3=fv)R!G0Bqjea9wJ4!1pf6p26ws_# zG+!}1D}e!B!h@eKk?0g%Gd&Z3Erpb^b1^lhRcd4jZleTog{?1N1j4Z>y6%}O*0x|X z?Ql6eYNm}F7#5?bU}J*$sfC0mzAv24`sFWY_P5H9ykN8Nr#sw#Yd~j(&ln+lhtEb- z??rqa?td?;smg4`K$!|nVliXoL>52F92T=+B-N+RnAeKuwJLv^vfg(56wODF3VJ9P z{Y*`_m9@`~UXVz!sPjJKK}k8&%U!sf{3%_A%;Om=cG*nN4>LU%Zlf#`|oo}S3#M4R9J3iyrnQ?02002M$NklThf4n~1_t3S({cq{=CpykVkh551Tb}>LC3_XhfpGKOM*Ju@ zGVJnDLI6M_gN9nOHf0qRL|Dg0U0@>agc4&y)J}nLj=vKBvZ=js#>#nL``KUpy}y^A^dCL+%m3MbB!B+&l)1#!UYegcsK0)0qzE0$pl0s; zRr|7(zak}HeCKz5bM)@x@%xYc{OjNQ;jjIhf8GDV2jcPzIWt38@emZKaZ{>8k2P4A zNvKXg%lP-c;;)M642cDs75`cB+cEqqdWiY0njd2Jt>~dzFH8x@Al8UCnjV6q#DRvn zYH0fyFWBDWzQ3g@++p&8hJj}vK+^^r0@f%)iO0`O^n@srC~hr{9(0nN zL!429c2Rb+Vw8c8MkNRem#!$ejvqUA_S_k!ehdY&?aT#EojM6c_}J^$Zxlb5v%KyY zT)rCUA7E(*B%UMlCJLzbA^q#f$S`q<45ePe7k!Uny`=>8WSpg&_z_|k1%8Y&13QgM zG40HmGfsiYh85=|PPb@+VuweD)x!9am8w3EdukUJ*m^1%8yPnmgmG2b5UBB(u}$$J z^ba|SrN*aG6$U^vGc1!srF0?T!j>r^6VfyU1c7wG!+?uH*!T_%4u)N+ z18?Mz;!7+|i1d*>@OJFj@!kUmoR>p{+C{9;kHxC&2&&MtnhaHRY0Qrl&bE@2ouJA| z_|0z36d%H&tBF;Yy#`?a(3RU!d+QXB_b#u-&>s0?XTY^B$IqQRBfqYR)(2Mm&z?PldhM5?|196rD;q)Z zrn52_I{;&i$_p}sKkbmMjHxaI830C;9k2kkzu(Ma7s9xJ_A;tSsNwZc)jlkA-l|1v z$zh1jj~zeCQUD?tvB>}`K(cHz)yW1Ms*VY*Y~mppiBb5{B6C&7&jvdRDb`VeeNye< z!9h-2ktlzTuwm%IYC&`$KZ9a}5c~*Qh(9l~o)$q_;kEuPbwxcT#5 zGBfWYJo`yri1ww@6t$xUI`7VoP|3!NmlY6T+H36gSNXS z1|8aY>u9n+B0dw+eJr(Vc;)zSUW~nBJ3iJKoAPEl5ZdZ#54*Ttcj&-F(mkLT%=hJ3 zG9_$RlQpz8juVuPL6ZZ62FTGamSwW?GyT zURa6~!<1a%W%PhSh1&|Igl?{pgh}iD73gEY?mo$!>O&MK-tIrtj4(nmglx zZNRV%!!QiPi(~_aUcEdTuwMk|&9LQX8~O+IAVbywhDUx7;6=Ct$rvqnq`|#2_ulSi zFI<{yb1zmES&M%W@qMSh`f6d3tSW9NSv+5!JeiS^k&&5^k#XV(z4+)R5C0+Q37;Sl5k+$y6wv%OipmLUp5{iSMM zZ=_W1#y|HwBbO64?(CWcr%$I^LS|%Rir)pRH<gKgsKVQe@ zwm5G<0b`_sMRs&sj96U5_a(F77UYKpXrNFC9ff^v>E>fJ8&Jf5YJ6Gpe zpJVklB0MrYNyxT}R_9)ss#<4$_P#+mx-wl$1jp47j(s$-Ef&ex-bi}!{nSgBpJT1> zoQG=DF3R&JEQEXF<11e1T3k}+pbvDW2Y6)GK|$({^-9UHo8u#EWYG`ZuE?Gk+LuPF zp-zhKPJqD|kzHu}Yd8BBeRq|ATKF;N#2DF1pOaa3@v^#^*~Lm)&}%7RcT{^b$u*ss z{KRw5B~o{;kr)%+3N1!1Q*HjB$y-gITv_8>&EE9!@?xm97oYfc9i2RB32~?%>;!57 zPNs@|LG4d)5@`wfJar{4*||z|Yl*GQZnuELOX%!F@Bf6^Xoyx0_2MPY#et>8xv9~? zeerHLXlew_76nV&3#nA10C?3Rt}J$@K`4Br2R=ClJne%Mh0{*XE=xo<*V3veUQLjw zu6pF@+PdN#LS3FBg(6TA7kc4DeBrT|;)#+T_2KY*ZAr>M@tr7Vpl}*kLNJsg&c?}# zD1{|_p!enmT~TkzY^#YfBbrmgW5PlbAjkX@#}lC{ zEXl_h+H^^Z)9<{+<8x?+;B+%Z8+A ztT~{e-q>iE|Hdn-onx(z#E@OoR2S_~q2jH4RitR?)AEDCfCw!=Bn{g6p)*&v{Lu14 zP7H4WKcr0n3GUJT_`o{Rb7Fk#$UBGlT;M2%7_#_;3>Z#H4GIwl?W8i>U`OsfA*|-) zA)YyycRsKg=f|s1W#+>0oVQ=8EI)Q6`S8Apw& z6ILCINhXOU#up8>4y}-aKU%gU=)=m;yPc2%%8Dfe0)G6-$3+LWxmrOKX1HMU;p@7t zs$+r6g`W!x|O|WZes>`$7S>+<;P?PaHoUw#?1c z6s~1rL{#&o+c<{8QT~zr1{erw5L_9C4RCyGu$ULwMbq1uAGA>M44s%(^z@gzc<4u4 zo^}7F6bxhETxz8NQ*{N%p8vh@v!1+UjwrEH_&h8AyPe-Qcqu;Ff=XVP4~3(d$L*d4 zEK{SvkU4Z{fdLua1)~+eKl~5_$~eL{X1r~#i2&+4_|q0M9>mql`{q|3$IHzbLJhT} z^NFg0qx@_OKJ|>(Cgx|K%+FEnSpN*M(XsLUBVl9LOZKEpoN~vs;~j~)g@JtsjvgAH znhcvfHj5TSKATM_<^f9~TJ;v+ejM87j~h2{-Mjz56f-_GMF)lO@p=O!D7WMDU!jS9 zwD8zsR4d^2;mfIt5_m+A%hi|!`I&&cQkiv@jw6uhh&xJZ-l+`Y%Rtw4ZTqc5viAq5?K@4cCsxOCaOoe*Qt|LVjm|FBClgJTb!Rt0kel0 z#{6LP>2bmMjX+Ry$v`YD>wGyaK*j3nAQZf)G+TY*v4B5yrvYWF=C~2U`>$I3hZ4>-drUTBn(L#aAR#l0gtgOw^k0Y z?6VqD#Jbg$a%J51M@>Wr z*-=M_rDmz^uZE=Cp=U~uXtwSBS7dDS2lpXw(Zcm*%@2XcZieUF67METZ$9i8UIQ_s zVKA|#!I@qOISSKqe_xt5wfRx0r4J&IenP>V6OuKS4|y&-b7_2LZBfvZj){x_ZZ573 zD{c|Nwenl$2bKmN$3{35+72hSDDvWuw3m2CcQ3p+w9O!BT5RZJV6F;_n`Pc+dNOUT zAC8nlg!QhJ#3TH0i=eAFW=k3Z> z1_*8l;WPN6I!+v)2vW9#Nsco|u(d@G&z&)9wpVsL@b^9sh?LU5{8hX#7X1KJkuLcQq)+jC0Cg4BpJCoRY2x9|NTGs=YRN92XPO7{_`*Y`d|O_Z~ZN7 zLhlNbf>R7hC&o>QbunHG=mO5FDpvw*<*Qcy44&vRSj!JBKeYVN?l)_FYWJIO<$M?u zK!%bUY}d$dya{?C^U>@hhkXo7$exbeunE~Cg}(U7xTCsA5lCw?uqO~i((WNV%n4oo z+Ld3@vTdeAL3WLd2-V??r0fQWMkUJ;CY>EJYa^U8Wy9$n)#){vn_Zmqd%NvIm9YZr zhmSrwZzI--g7#(14gjB-IpJy35^$uek>MK4iIRAmrvR!EZpwkcnXgxxR`x zG$kw7$WscQDq?UjH9d`^(XG-!iZ_=x7F3_Gy%-dWZ2Gsnio? zRSKVnX%mD#>^a6p$5~Fv1A?y7X?7PxaMhjq@Iww?)z0%A$(``4$6(&we5`h##0>I2 zU7kcb(!cG3BGE@tA~u1s7v%ePeEj%v)}`9s39^YHCTycS(kG~#L6gZzq|3H1=rxuf zsF(d71}n@5!Sp%%ay`p|s2zwl`XYV0*c-5|uvY?;aU@$wmX4^W7ImpqZ~AaN+nO#S zYkt9Jk*P)`^#D!SpE079^6|$X)z_slTOb^7#Dyi3?iyl42fsSMNflPyMhI#&6^Lh$ z@N{}crj7F3V=>HH+8@@*wva0ePZ&4*5KvP~Uql|3EBIEskWsr(xG#^}z;$f^mZdaL ziuov9(1krfYA13O*c-0G0T#or1+ej*;l?qp?#RbUqiAXWE?dV{c{%KISh?YD7OS#W zAL&gTk~)XZ78Pz~x2j-HP+oKoKde{_dNL=`1FDXS>8r;RThtOe+}Nwu>?TFmX`>@R z_IdsapCT1f1b_^vQI9t4uczv_yI|vc_fcu~d#E3CNTQ1j;&lx=WwlW%(x8)^mKU#z z>n2iVpN^$5k?A58p50_-WZf%g8u$gnXqHi{(35RRXj+_8I5(DH3m3e5;w4{gH~ zgBN9d7@FlJ=Xwy@pKnbw=MNgjTrxO7Vlfivu@(ajuQY^7K3uw^bwkL#iJ(9jdJ@eo ztTe>Upb~qty+(1ZIe3s!bU3!CIilL72`02)ukKXye2qeHaM+1{`Q=yFu3jSr>5Pv) zI_Gr*HlXY*|KcwgV%{i{!a*k*CXARZuT}&y8)50zty^+__0*2#nw}C*g}Rm&evam15a3ysh|o;O16d|s01-EDMG!`Azc+#D6M7)tCUA3 zCJmpOp2DAy)KbjD?Y;B76qP~K}AuE^&aY7Muh3-%zYuZbfu6*&umrev!=QSH6 z1>+^}g-{A5_P7oUE?l^vAsGI{4?lzq0?JwQj3I`Mw|}_pH6bMP@`i$MK)|>RR(Vz} zc_pqZIdgjP#BvZvh2dt^^$loj+k`DB5Ho!qo0=jjn@%^@3?c*BAsT6LXef@-3`vQP z9z`yX3=>PXvTlQ2LSX6~cvW!#4WgQ+qD(h<3RFT1XVtab8;qtGMT}o_2;d5Cw$^tc zwZAO|UKI+MHlb3yEsmLMSk(YokEOw4a9K%Z2$2rEd&AS5n;`~{cVl8D8fyk-0|a~% zxEBsOb9h$WJnc#!P>3`?86q10U+MkG%aPC5)5lj41O&@#XP**lq&aHeU@niH{o%9F zGrFTUD60m5bW848<6$Bb)wca*3}JQLUF0azwe$%(yb#?nO&>W-WD~FM3$H1G^i=q#H;ECj_p?Mrkq|7HrM0u zd~FG3%E*(Yfq3=m(BznRo$o#JwXE>E=&xzAr*CKo!aq~f^rnvBY``Jn>C+$D{a(26 zHQn5WuP)dRculS8h-U)3{meBpL%YuNKKbNh2Xe+;!ydNZaC2L1ydmVK)tW;opx2G9Lgc%q-eDLT&*elS?##V$5ha)aW558@q?NCCBFjo!tT(e=W%EPpy z<*8|kW6n10StDCc%e_>>6;9B)Zd~{Ij21)HDNZ`__4jOX7-MoqQj?o2&Idt_f?M&1 zi`-U9J*s%~wCc@rHFK_+rKMNS+kgDW*Z=O{t<1mm@BP7{4~`a`N@;*(B%WxvpJ!qK z6M^bFpgL`7?kW;n@H*A++;@NIS`WT|9GX zIKLpaJUzuVHf&S4=3;5uP4^peZqOnG#Cs!|?y^DCVFp(l7ghzlVfk>4 zTR5;oJ$L@x$;YP(P6N1b2uqZa5lBK5nHU+&C5E?K z$K-kl(VWP^GrHD?BL;_-haJTQo4G}@I1P&LXY|(~LoXSdc&1nBCM_Zx=EpUv-p@V} zwB$fr#hZ5?*aaXpW5))B>J3VUGI&%3hieO7iu0z;LNC(6WgYgmTaDTV9QiNYxPDUv zkf~`FU_+6q6Xfbfo8PEveRYwuH#b9|%+{YX>_{DOE-Y|r^}{V6JKm=i26dj4#+U%T zp|Z?+ws=NgGbXgle#~+XJFYw)9EhP&xHLtyse@hOqd%j3Fk+`AMvq?TBN#M5NWO|4 zvTb5O-lV^}>3}rVX6~N+!IS9@S=|(7w)%|x#={yiI;*LEeWU}iOH4ovI&(>UB01gS zc4}JtlW<%%#b<5y;=@-ce;;};_tuz7Z7LtV<9BY~y?kYH?tZvl!?a#Rr!lsySV6k4 zD{O^qPyenAvLaZRyMN~{{qw%0Zt{U=P#dRKK#aa2oXrxEm&(+iQA!6j#yj%J zfn2^~{VFoLS{SgniP31dKRa)_m>M4&8d%in(c9Ves20FLo74D(azMiZv8G((bY z_}r~qAjqtPgfnMO<0WRJzxvg$fA+IK1yB=|1y+%eEYb_C$&p%{bivk>z3PRpzhU0S z`cqx9F~kAk!i5W0u3Xg+Z!vjiL)9$cnw2fqBQFxo&)>Oww;Ibd78=?j0tXT!4q2FA z$fv<|rU*D&c^$+^eEc|^4MXq!_thEiLU@F2Jra)kn{a^YZ1(@)%8Civk4Y;dAHi9WSJb7jR|YfDp^?x@Jg9K{rJ*@0pD3 zcPd3hSeLO)cw;GG7}Qt`5k1_mP8vQ0A;ZBG#Ejdh_h(u#5^K>h^_deKUgiGPFbP@C z?4-ERM=9eD9Ls?}#Z(8#(W6JqCR zUn+}bCJj{$4Qomq5vE5~%j^R>@wQ9P-lD2#dNJYjJnTlF6@Ht) zDA&@nhYpCbUH;r{{^|1dZvF0xoyTq=`=-F{nDB>^^XZ|RSFm@!b?K{>*3=)Pd zoH(WbW^J)Dl-52@WQ@r?6<`)c`9kwZ54a&+z3e)XknP?`y-d@hme=2MvA3~!4-xWz z99m!xJK|bM8@bJG?342}3-RP9H?C(|45lx9VavZWr%!v2{Q9+P_a8jGc*hA{A|Mc4*MSq+4n47Ne7v&0nGH<6(kgSKDL56I#JA zccQ9>Ikf&6Yg;mj3&ca703Rwt4#!!`BPo-B}q!c<$sVqCd=a5}Y)*L6hTxd9`z`@+9 zDx%VW%%Xv6$G&!9-XjEYNH8`&!BtZn#rM#sPWv8FaP3ePrv#f|K`Vk_wPkEZ0KY@dpvt2aEoKx47R4SbP$c)tKqGaAL@PFAVBum zDkV0Kwe;DTF5T3YK3z&|{M*uJW4d%xTl#bODZrNqX+&rBa;gAal` z(O+5_@*QkY2Zw!#nC%ryz43BYRHAPfHHMv~P`lsG9yk)hh?TtI>J*S<>L8zl=#~Hj zB&lR$bax~*-x_6D*bgkEquR3u29yT=Do^24;?ruWlApsGk1@nLXqnG;hELMfBCD~i zt0RD~rdA9^M zerynAk`;XEh#nncPoJ#_IWQz}!gxT7eQFwR`Yo75_Cm}T$Roq@a`^1z9xTPkbvUm{ z*qYyXxPp)d0_v;XR5)pkr@@2c6O(Ci5zwHq1}Hm>$RC@R2!s5n`CIJ~CZRr1U!`n3 z{J~bnXlAxFj-12CQoIHTl!s1e*jMqOCfoYzqLwUP5!dy3stS*=bev#!&#U3yJ7{ z$5d%)S_EsLt&4PUF5>n+)jn0=Dw}<6cCCZ|+P$;!TSxA{)+^eQsfJWu7D9 zaCp4F;Cg)4=jly()$+qF`8gV=vF1JYNgZZ*+KBFL*G|Qg-Qp6Rcz`=qZ&3J%OE}>+ z^O}(uxTwoIf+H;na&B04^>PeUYUlZdM-Lx*McDj3IJ95)XD@8R2W!FYaDRoKGfe!$ zP=5c2Io$gLTG6ZX>8-zN=j|y*Us#-n75Jlt$5dY9L*b#kW>Fq#`5bvj0W9)hO$l;SGPjDEY<6?z3P*P*VA`jo3jMAAa!sL{j zRYs^-i-*x;{(bPl(c?r9);wqJWT1Bl>oYg+rO5hB%EPgM-w*45qagWO;NDXhMis;VL2=$pedS zuw|4CrOLyy7Qz@8hQen3^?Ie7XPra!*n2I`L+wT`F-8t7oBa6^oT~$$2c~miZPKj z%Vs^QCO>O?8$yX>*&hDreb$XXEBrQpmvS5bw)EMUF5T2Uq))fXo&H@X-R^V+ExeWj zEd_Ri0wum!gY)zy4kxU;yHQauOiIP6i8w3~;X~uS!&CF)BeaKhJa#?3IbX*(VWoC- zy;4hGL+su-NAxPx0>_#8QEywihmRJh9Z_R=Y-3AA)^!KVP<6iyD@PB7D;GujfWOwa zh?Z*Sa57|z8($ppk(y8jg^6A@EjPpQKzim6qrMHPts^)jrK&r9=Cm(ze*5i3YCh_! zQX_iv(>|F#cMm8=r$*bwZq=LIb|6(FoNd}E-RK9mz`^LG7o&glHvHXt_bB_~-8&k% zcMbu&MZs70k&e>^g03u`MGcvqLO3@MJP;31gg8{Tw@_m!O$@x)V?>;)#Ic9J(UD;X zS4>42jY7jCU$-#{9vD4Px5<8Ss%nP`XIfEc)1K%)nc+;4>gp(02D%kj8HD7?m|}gW z0}xyqCJKBbjEvC8@Tpqg*HPB_1l+K+IFHx9`{8qJ^5N{5P1b3Mv;*<#6r3WFhH>)1 z@aTczNv|W1j=scM^oO7R)Sp%eAOCBAsUllk(YZ!0`UqOOo%JVm!!N2JhF%%1-u*}a z=<5Ib4@ZCU`y-EOW4*@_eHv~`J zC4BA@ZHZxF?5XOlB&-cYFq^SJX~UEItw23*JDv(NGa&vfuU%dlBiIrBqjCKui`0$e z+2rZX*_Wqjs63sJ?P%oJ23qBmN8L6B&)eG7a?k@Ob~c@~aCBFWRU~vyr2G{3td{HM z4pX!!T4cyRi(-X&6@qQ$_R}=48(CSH$BIuLKAL0m_s;bAM10MeF~bI`o2sZlsVIG< zcF^elBqrUP=C=^=N@3{7xkMZuas-zUI*2tncOzn_$MNjQN+_vdVgrf7kN3p~bIafA z(LVx%;*iqyN(sTNlKp}vGCs*H?&RW*f5W>_Kya*%^+J+z@-R<$;JTlS;4Ff z8$#}s?beQk42dvix_XU+J$42L2;%y(wMPOV0jHb4ierzoqYbq~Fqp8sGNfyKADl5l z!;+oKHuwpcN!1OWZITp&_Sr-3kvV{j5od#+u2o0!o$xR~kH7fBOGLHY7ev_fPRGYvMrmss%&QX{nl$OV8o{oVU^rGS2dAffaGbJ* z28JB~Pvjoaq!}q2`mgFmOc4eI?EILiS(m8?`Meq!>UVk7TVz+`)_zK%(U1w!YL)Nb z&FyX*Oib5o$aI8}YGr#cJCBoTgG-%h7CL;GTg`p9Z{IbO@Mc;@5>4@^M$AGcAI7f8 z&S5-WUtdJ+s>UkTHu{q3iBWD=d--I2kquKYl8#dy`=p7<3A&dJv%QXqnue0pyts}k z+caBK`VO`QGczP*5c8{F{rc|RyG$xS`sn=Gvu6zux=MY-XqAa7^V9I6F+5BY{{8n? znPAS$oH%>-41-i=nI%%fc6$2Y=b!(^%*+gcj8oZ<8dz7?kE)g2G)Sl~sbG?iqziig2zMQ?cIX|!1$c51= zBg&0rw%+`0{JAM$9n7ULv^uCw6mSb#ZGpG55q|Ef+k!0xS_-@%1>PvDsTZV0TfC*f zt51Qll+UetyvY#@FSizpaS%eGyR~5S;;jpPanJXIX#c50mlydh2tD|V!+*IDkg|lu zpy|3GQJ@9%$?3Vy>rnB64#D){To|oRP0*|71}#a^OOT-3fzGx~nfjEu?pjyLYn-6v z^&JpWI~^GvH8q@1@OZD9tgm6NeUDJ>yO*#E;Oo!)dh*4uq85$Jm z2Zo16QVDLHnCEOK;<$I1J>rmUBZn)DR%I^k+Gce)1m~zFD%u9-S=VUnWb#7~Po8kX zJPe=teJj512^yMI)jBjjn>kKXGuAnO$Oooqzp_OW0E)vz=LB);#tDiRj10wupgHtH znzPM@?0B|c{I~yI!94quPkDTOI{Y|e4{T%5?MW!oscLk3qH(r*{eSrHKlsBxTG|(z z&p4tf&$Yoh!zf+)>pj7)t)!(uOM&fDz{FwtH3_E_)S2{5j6!IXx*oP7M|Vo}C|7~i zDR;Y-y>LEggxh>8XhIXLybx{UCPc z9`b@2l`O}W4&~GDNXXecQ^8AxV$}#$KpGcnCaYX;%z6FQBGQZ37QB(<=_kd8`TKHq z=@&L_^N&@%$fVS6j`eD<)}lc}@g|Z&lNsNQ9oRqNm^eOv6y^`xL}@(@r6{ej0E&m? z7X2U;$iSlRSE;tm%3f-=QQ277apU!p_$Tdix(!rImHs| zX|=NrG6T#rbqR&ZijHK6=?_W}z^+VQERJx9*G;2`L+bBCpazbdckg)n`#zly#+W`h zH99`wdtc#%TIegY`?o>Hpy7Vs)*%zHOxTW85G@_z*3L^Y-kpvQl2UUWoDADRDC-d) zF{f2dqlfq?t!aTGv~Tck(Kt9LBIt5Q149G*2rI?uO6daZ5vmdv;ZPqQ@`WF+i%TiJ z1=tNAX^ZMKJzgS@S!lb%b3_z?8#0BJ5zQi#CASn2 zeJkC-fw@7ZE*?+s+_}U0^Y{nvpF4M!QE4n3smC^D7*jR;j6iB?7O{MnDrLBF&id}V z@5;c$9RI-Z>=_2BCm4xV)mWEb2DpRRv6{7DytjM`~;s z8_s5f_zIb%G^F!w@slS{O0QZhc?QMJ8#hfC+O8Ja6uEl!>Wv#W&`>jt9rH)7hCYM9 z?Zwp5BS#d6-sMY|uUxqT8WX(&_~u5*e@>eTHz(Fpn+GA_g^Cns-%4fzPyN?MAy=m@NffgaUQe zX?-a(ZY)h6Ff{0JEI@_{O-}B-Bu6k7gi5!mB+Zc=j1)_rr(0t}JfjEjf^O&n_Ub@w zYn0xwr?tn-9iJ`qKHX%kM0W14s-^T4ohJ8hKHe}&w9RQL@ETKK)#&FnZbXZEOM$nK z0wR5Pi0|Goqf4TqqUWN*@^Z8H!ddd6r&bgF zFUHq}zQ29vu3LLrn_EgHTi?yvNY=Lp_OYb%=g-+EP)l*w;MH&W?Ir9PLj262ckB&_ z{Q9Mnl5bE+?0_lyYrKW!dJqh&i(!WWBNb&tMU%SS!5VJ>-gG>76+iar%l;)P}_u-0xbphlme!^@ZaFD z(}C?^OqhnJIo6@pLJC)Acu!5yBK4FukGjyi(R*)TVQJv*E7psczG}VT-_EJ?;-fiM zRq;+v8(Ipq6nJAOV5FC5Z(b7I5O>M^DWk<@J1r&Q@wA~}+2zTLZ_qGG% zt;&PccGJ#pX6M6P)l~1c+0(u5q_BCgZPN9%7nqH;BkZmE8c3|}FyHzH2QT)Ajq|U| ziD_%gqjrnv5BJpnQV_8igEE_YYUbU}fIUzy z86|pz72P2&Ch=u@R1F;fd8^xZFM^Q0EbUn5#)&yAZ*r4k?n?=a1A7w96>8_SF zv=)7PC|D~z=JH+;FN6`W_YWbXw_)i|qIFN6U=NNP@rikW^6K4pk5GdE@IVj0$hoWN z0Ul$mjMw3jW5iXxc%EGvI~WQ>1EGuninsevk{^HHyL<2Iwd+RE!Glx$FVY|KbUK(T zMNOoArFQ$4)`ogh>%vMdxN}=l0j#2XQsHBM!gY`jzRRzrNl(=x>%%F7n&l$6sDv!r zY)(Nir+X~{U-MOr1t_oR>EWm!tUBmPd6%PXd}3_mMLaKNJF5NLZT>bJ^3t;;{wmdU4M=cpg4!?sj?%chzFh381`OeIN z@u)Pp9k+rQT&GWe2)M4cE%`m4vJY{s=?5SN{l;l zrU|D)#jPnOpOh_Ej6v3`MwXmPDI&OfYNiqteA}tnw*Pge0D<{lxGKMIv9Q=#ZbAUi4P%~m@O^Kw&$?M2*MdaPN3C9fWBK@2Yu(Rj?w$980kZ0(~Lr+_0} zeMI6V|Ln+)^2JeVA+!`|DX>inYk|t?NERkm4ai7oS|opP}j)W=1+ojE-ih! z+X*kP#?G7)$~!tKH1*P{jXyI58WqWAC1s#nFDoc&kJz%s_f`l$12m71_%LDE%KdCd z)8gZJd_{B&FE)euW~AGxdhyzc?9rn~oz4>LS!(|IpZ}83Z#Roe>Ax;syhvk3h^P5t zit6occASKMlKo~xaH2#%MaktIYXDh-dc~7w4G?`1x;9GKg$4R7PZ`P1K744i;eniV zZM3~0KeuPof&;Q$huyd)*DfXZ}K$*_*iAwEQY-YUnO_6u$;^k}CuEEeD z0X^fHvuCs#K_~>!x2Y`sORv^-YiKmZc9jG1smbt&L&xukmm`=Ujx7+~P8zeu zxkY|zvsNf{i;$qL;#y&*a7^f^;NZk)9LVt_n=W(YQgUk?cJ=Ak|MUM+@VQytKe~a* z{wB2t*8amEDWdUtze(my&V!vIO0@X78m+pa10$z?`{S?w%x9`_7b0(G55Z|+VRrv$9s98H~!}F zzt$Pr0{O(m6hl6R-je@&+rD+2tVq`a*^0VqvT+(n zzCegda*s^;AQ8ecE*oQgv>W;cw7U?psb5wHm_=xIh` z=j!y-W?Ul03)TU8!-9Q@np|Q`nXD0QLb%!6{ZaId=7c6K>edPRh^)nsdTN}OWrXzg zf?d{5UMs@eHy%To*x>=cY5@crO_`BH)zSieXhe zETR^FH7Klx(y7R#<6Z^n3n}zmVS@jqH&cz;Yzk01Zw$dMxkOK}1Skfa0Wx0O++L9Udi?;JWbGjoEq4QNbl1gnhI zLN%11ihO_N3dn$fAV{a9CZc#sU(L%YgYpX(zUHF!;>Am0n6rOBp9?2W9H+duNEJ0G zw{PCOdGX?94p}MrA$I!AX_(7{1C7%&XHKh{CY(#x6oo^?u2b;)cVz(Jc47UuQH z{BZmBZ8oclns8v4TKyrD3CzuGnv4QYA9{xgrTqsV9MiyWzW#>Kiz`>qa13El9w|1f zv`ud*@ODzb*bz2sdrT?s9I`f%B?POvdCV$gW?+DB;Vv7#&5F0_Ed^c+3e4hR>Bvt8q(p02 zC9R_D*79Um{%rGa%v?nu6t2hg`1^*oI!A8l+45U2C$;?Wto+bRy&aFYMyoqc(wzZl z8`dmZmcXY1ZS!wUqBo2_bWm~FusrCyXS8+m3y)bqv4z^22)pr=PJw0;1?HuiqdyRs89J9aUvy=O7OkIQ^RAc`@p1F+-_0V zp0#%eE3$E=fugHoU`j1@{l*PyENW=_)>3cL6H!_@n4zAd4*Tf*xtW>c@4OR^h=~4M zU_wtfGcyAeuca(j>Cvdb=&ec&wRr%O(&|tD^k4k>FaF}%^?0A#BX3~;?4SQ^ZZ2L1 zJ$rW0rrM5Ti(1w{0z}VJ0{*jq_OoC8>WeT<&Z*crG(F%apM0DSQ&(Za;nJnc6lY(4 z`IWlVYhy1Foaw2l<0p>))^GjhXP z9IhoDocZ|bUghu;e_lr!h%=jjU*~YKj+-G_Xbn&7cQ8EcsDPR=J#)yJg|8~J5Sp7ZcU<=K6^VP2UUAM>;`yY9vQ$kM!TV0mRQ9p^*O#D9NwjU_1(ZOcD< z$v^AsYU#h8CcP;weR`>}KE5@5$a2plE;jH@RQF*kT zS{`M?^kTcKe!|-{@oGtJg83gmDT|+N*~RWiduwLlY82mES8d>iLH=JXqmVa)+YMSVp!yG0f+;~doS`-hp$h2!6x>2`$vn^h{kfv>ha ztPOiv(z?{9$N&I907*naRNd6X=)~vJX+vKN2bSbh3bJev0IO8&4Kgu?)SX1B^9+R!FNKbak#y?ZMfnYswPLDg2i z(8SHKysmn;oIZ->DE@hFl@9h6SdTg2chV0M&6s0;7Gp&m^)kUMm5w~zBFf69O&+Tu zQ#me04H?QkgpyfeLsBV#)BbtgeSTp9sto%MrNt`X=Fif5hw626BedP6f8vVBg6MYm zK~AV!1%?;-Ks98SZrpzGXzuahgA*o9Z)>9f8iJ96A=BlCQCv0IoGE|qArkSR(j-}0p zgMoSD=1qEUy8W|f&m4R2J;M;%RXgTn*!sm6U$TEy{M@;-pMLrYZxN;Tr{Rag#Kh#( z)b!;`mv7&>^Xo6Zyma{rW&Y=%|Heljod=UxT%gunI}MZ$KNKiO(O6eA!FRQQYAip~ zOj_ycXJ%%KEU7RIyL`5-XvHv2yyRe_+XAhTkLJ&b0u$EWIeKFlFcs9f_G_;%K8T8%daiUYc7I#+ zh@Nff-_oa{K+6veDK?Ds(r3dAJDAuSt?nQ(w+kv}&(z=c+AnvlxdR9-L;l4io9Y0b zh$6ksA5>`RYoP>p)HEfTBTuGl4nmZ__GAE(iH4z-Mdg(Nj4h-)HH!9I_j1BFvV?GS@ku{8gUcB@Dh`x0; zE!l!lScUY@$ErM^eEKn;qotk>!sb`8yc&*}Uh;Gvx}B^ugM zhtaHw&;WXM+ZTu)&OT%jTiV`{kptAdb{%wTGC-+eR2yu239eF8=jHnj{U7pEg?C12 zy8yTMurqn`u@eCIb$jq*>As; zA3R*MUkXN$_2q?YfAmLH`QcN?p2f{-6w*$OO;*u_5L3j_APEpe*dl0j_C(S%$>q|U zzxO7H8zHXhlWq9G{>h{7JiHYH^Wp#X52pU(zap}-lpuS0x6>D^CJ+fGM63Xk$hY!U z<9!xMP#AGq`n2+PFoUq;{9w>o@V$c$IBTwlkLDiDEztCt9vwiXw6KqY(3Hx0zy}2# zN2l|x5VQ&(NQs$eWOngC5Dio#1n<^0N4j zy58;l_Z^1-*iCl1cb;Kt#HS*0iM+Zb&o&zK6s zXl#Y=&-!AF%~pNMq?ayl5E-ntLtCr}!(P!2eEMY)HG%f5PQxt%|r#7|*DWQO1kS*S3 zv({t-M{sOOOTfZx;c*zDi5ug2l&O*k@+ek10UCqU8+1M^DW?qdButAOh59s&UWpeR z2@@f)#P&+*yvD2o{=Dyo&pz^0us=7$Tf zB9v^h!}}vms1VdQ_B(#`>B>f?(!pvN^Xc^h)$*)WAVw@D_AJrArHr^!^3y6AFY(9 z*r|7Is@4~T=&G!%C(;=~acsZD&nx$90Q(AJ9w>J>nF zjAtx@9Y%M-tA#$&vv7kCHgGEvyr*f&eh}!5;50k{F^PJ!rnufb;;&B73ep-RnPTJX zWUiVI0>|j+p3rxz*);%bUS%+BW|5~tmDahG%u*O!a=FT(DGPG+)b9WrIK~Bw8G7=o zSFe>xH*?kZ-+y0*qAEU*khn;JFeHs28fn9s@)i zn1q5vTW%BsV(^hyRY&oD_3Bkm(SaVDo7IDd4tiP?uweO;*q2{?#UK@MsGd1+mtI0h9>lW=5+3Hq4_UCZ~ca!s_tDty|bkxOwv?{4Ka; z(kh#}f+QK>2>}#vc3{T);)^etz4{nhPArcDxW6{E6lf{14GPqZv5kyvmX-pqF$IVy zwquq;f{j(ifp2{lz^WlwHLNf8S=JqaxLb>qRh58T{+DF43^@>YwT?fP7O@C{l4}v* z)?X4rr4cHhDo-j=OJ3sE=HF_+7TY5mq_v^;3usuIKJrwjL*mOcPnYLg`UknXsul6Q z-G5>Jmj7QB`mY^WJAc<2t?oQcp9(QIgsWTn-u&jr46+!6@g$eAc$K!Zp!Md?jc=Qu zt<2j-AIy+yug-oud0;JP?A0Ai$Y;r@ul?p98Bi~AY%1>H zjZ+=HL+$v^^u)o*QL2?*VDb=jrHqY*O7Tqy=ny8m7+`=7?l1kNA0It>l-}z5@4vr! z<7Vhvm&59jl+WSlkyLw~J$sfej8eOrA5I~S%;NZbSCr+Gr@7?!GC5J7UmQYvq?HPcj@}tWG!6T-t_7%`8 zOk7pLnJDcWJ=engF-JJ0G5?wjwlU-09G`??sN*Tc=-tkrJL}cSRC3y!t6may2^9U<(x;a)6>sVD;^QSo zXe=V}MvJDGB}%!L5Nk%5w}G;gFdYp0%V3#kLDN3w-y}oI4m5q1tvbWN|qQJ zV%#GesAHq54x`naNQ{)_EE4aiaELAYj^u zAvoJPt*fOO#-3P_E&U!54>rVStA=%-MGf(J;yHfiyrx^<@c>yPje3JULh2%7OSl@6 z_W5p%7$DRm;5aK~pI5eM#ECLf3#0DZY36Pd5!vW~N=d@tPuVJ>HTkOTL2^zPyY2o$ zjf+RdqJ|-n%omq60gcF9JFZ{V%n;8E{BQ~z#*~xeqetJFf!m3eHVAal~(oy{uF3y?gZFA?_7BzEK-m%Bc!`r@!*bry&N6fC-t1iAVvKY74{T zSSj}(2oC*cy>0G~icIbJS=`k?VBlDmmvywy6jcTQt(CWK-B#9cz}rIlq`c|MW7Xu; zBr`rtt|7e`Vj;Yv|FACW-QGug(_dLjOetEScB8x^4JH-IY%!P(Rr%^;6DA3nV-K>p zbm#u8Joz=AP^zP9*PQo(Zfd|1El^&D%a^Y(!c$y8)tq4J8W!{HRuzeETg%3MSiQ)t zsm&~8IAnJ}^x<56t(SFNVTB&uNc`&J__VGMYlPx-v`nZW`64*%URj9YL#QI4@BQkv z>cOf}Tx9iXyO#nCSJ^23n#~7^|t!`Ot^Gxh1l#BvPgWBMUn6%Aw?@ImopZ^7GbVJMtG;HCoJCxNH z_)xG5n2=KXcYf!$KltE-TeoiUdul?cwlqk>n!L(UD>oBYu6z%|(NtuEQ+bS52B6UX z;>$1Dp;Etp^2x`(qDJH0sWL!t7!YrfBuWFE`04N98d-Y*uu(S-Vw);z0g=4ojG&bsBt8rI3V(1Mc1gK z4J`#)3bYhxDbP|NDPW~YZ%4BhjPkMzPy~;(XQfZK4|}0@;(*%x5>54~vs`dB$bRqz>GQ1gZ1eYWQp*p?54|MW`S|M2f9GMh5I3O!&Ne^B64@xd#!L(7-hvv0djeo1X8bGl{#pZz4myATb8%>Kui(QH{ z>NZ+0Dk?9F%hS*q*(tWD#yP3D*pR?5_ar0W%M1&z z<2QLgrgJZ&RTV%(X8ffrS^_K4G)?C!)Uc=m4~BT>BIqPQ^j*s*OcAu$hANE`&Gr^lgFOD zuFfQAmNVxy#fwBq=145*CL)eN)8A4NBv+33h-XfjQK<4{#s=8hNL7;Z(V-LX*0V?d z&;O13QPvpic7$8C03GQ8IpF8y9Gq1J>yi6b9!pZxm}}|N@xSXaUUe$!uqouz9h|D90NclzG#W&`n4QxdgD1_rmE{8Lc)O z>KqO+n5|V!&%!@=|<H`romr?6g*h|4j7x-a4EXCx^ znnMQZG)v=8M(P_87UE8SZ0`p^ZPeNWK0+Op#9C?53{G&PL%Z`{JlyI2Rdr}%fX;GLAs6Q4U$(Y2UK(0#-QLU`T+_7d#q)zuKoB!t zqKe*$uU`6^%lPPsSLL0R>&+P38C2~z#&piAg$Zr}MBE8|7=CfyxwvSB!mX99Q-$`Y zm8FWBP;mtXV~2_lw^RKo>p0&q5z+#6;qKl02I1(~9Oj3Bphnr;VejH|j|8>gUR5j0 ze$Ex}{ri1rA<&cFSgiIc>#7NwrNIz={Fs-iXjP>re^xtolKz^o7QVaWkM08#d9-ws z`5ZGum!&3933TxW+|p8LmF;&P%+BjX>Gl+M6lfwdSCXb5i2_p8v{G@mg^X+>_8+OS z3q6%CmXpF0!He<@^n5jJ)RxL!DCp5@qZsIgD1#Z!%*5J!=;5%_|TJ zLm74wxfh0oXeL;H8pukRaU`Y%wFq9|E8e}vBTWr|2?{PUD&6;JK0JDgSW-1SdMUS= zWI~=1&Ye4pAQvxQx_<5Y_gB6*d}d~jv+p#Tf?jF2>Q*`u35ey9s)2GfB;kg_Mi3?Q z>C>l}r?T(7a`_4+IoGW>Z{D;R=_a~pI%+Om*{m{jW&>@^vMvSF+Qf}3i}Pwx@72?& zJ72ZRzE=OZy5vzW!_%)Le8T|Ue4{yZ{uU;<6=Kbdfs&=VM;D`;jqJU9EauaLa`+hb z5w_lHSK~!k#8<_wo3|9fEub;X$3pS}O9QV)^7hS}xAYP8)V~TMPbFyk0dekd>C$Cw zmmigM!RoxwTcC}%6lf{XQlO>4TSfs3mL=XRh!$mWD`vid6EChblnAMy``Sj6C{j|8 z;wc5i9?gm=^yb+rZmAPOJ_tds$(d=J?x#}dQ*)btQ+YdR+NBTa%uR>3UGdayP(Fj4 zGEjkZ6QVRROs8)q&-cPFPywOMA5;y>xAb|d_@SA&b}6#$`E-}+e=ETn$P^E;(OkPl z?@pRA%6s?jZT@1DmOdRif88V^b!oEJWq; zNJXH5DZdovuA1bp9xJaddLlBY@JSu?UH-*uveNIwfJ^YuRQuuE%5OxnkRSV`e z+_V|}pSyMdi+P?KazUu#CR|fR^(>TfGA{J3S zF?Mir`dGis_fxCJzquSyI!9<)T6;gmC2Bv_I&L=rYzdvsXs&ZBbjzcjm;`bhWaOz; zu4Y)7c=zCe>4}B=v&#?e&;PT3GWwI>4^SyzMaOi9Tb0mdLSft6AFX`V(x>HzJ=>3j zG0YHAA(+m141?9>WoDrM78ah&?SB$RtKM|Zui}y&Jaq%e zHW4tn@#HiTUyS7;$y*Acjtp-u0;yY(ai1$4ic@o^&d`xf5h)(Y&-lZU?YIyA4h<0! zV`+m^H?;FlQ6i`3c7E=xUwbwlyKESPQNYr!Eq|gvIv@^_rXuL#FO0di34b1r-sK?kM6d^tgHPM zAE2=M4aRaFpTl0BXRxG#?9&33(Vd)s)D%{$x%G%uJ2og`IaSqJ#Hj)pQL$xVbw~fu zs0cP}TA9Td(F|gs+T@YKT!yeg#$cGv$c(}PD0Nj(V-smgt&dOxT4JUF6SRh(6aL8e-?fev}^}!VH|zIoKN-3?^|uJl%{>BHjg9sX2g5&8*i(k6U-&3{^k{e@pY`PhJAo%*x@u&} zEE}+!t)URm*l^siXrM)#6=}k5(7zC_D!{MXxJpW$UU_=#qj{5G1Q9$HQ9OopnrRa_a|=(79tzjPjPs7zeTaUphx?$wNh}Zg`X--&e z&NgE3p$Nr7Y#AK{@US~SH_v>3X(_&iRZXr)TN!reL z!+bg{d^)VG{KYSS_02cmvLcnA#+&gC?K&G))}P;f_ua35{T@tsbp@o5>9%NFze-s& zxnJeg_1kYR9*Duq8^uxLE=$&QDlxzXGfuF)vTQemd6e)J!nj`B@eIsGR%yAm=3*XK ziy)XRO?khQ<--p@eEI zpmYuC&Dq9V3bYhxDbP~j?WBM;k<{vCV{#OUl!RQbd~AmrmQhQO70t3Df32!+w^Ozx zhj4`zVTbn%g+Q&R0ez?UBd-zsq_h2d$UG@jbp*L0j@OEqcH}ugq@$GmupT6%Y`C9I zXm2$=QHeB*k}Z9Th2HYFf*pth1zuD`YaKtIi+UC zOnjB|7naSnTJ;*?Uj%-w@V8E;Hl7oU@crqOeZ-sQUG<-)>{-CG^;T<_dH1a5U8(4) zBBrq!>d`0RudABu8lyE8bS|PqoE4JKijP%2d95|+#TSlsERkwn#>Z3 zgE{Sm%2{ELs8&l4)!^fNzUv!hUHFI^CGB@+YRRD4x$jpj7fcN4Ygcnw|}v zYY{71U8e3`&!AXSbj=MoeW8~#*JRzDn_EBq;{yD_$1~4Z1H@yViJu(5+3;ZP*v4g| z2jc$6L5k2lr$MCHnb+HlTi3b)-$hb_kGkGHd;Idh{8GxoKmVs=zyAj+QIkn0Cly`r z`pZ{cN(QZyR?(_fzItQi=hwY|b2QeN+zx*h7suq7_U_JDML2099588`n_oCMIhIf3 zE3`AQNFEO&y&|zSR1x&buVjk+0*C#=ptpiJhkbiV>X=);Tu{f(Ea*(nJ#$mJS zgMjmo<1jqGP^`F#!f~22esht>A))OH3se#IG@w3u#9+f2TUg|q!I)c7D#D~PL(L;c z_38p%H}a_if7k#hQBK&aNE5`Fy~bh@Q&KyA-=O{P>pp&4{5Kho%}iC(8am})$7U;+ z;tekLbnF|Pd^jC9_MLe!7hsFyzv&|GFlZkb@nwqH+m&chRjG* zM7@|SGw1f#msdZ3%EDnzX+c2*7ILo1Y+AWj?M2)sBm%wN0YkS|Rm-1iJ(`-ZHd^|^ z+NL-27V)MA5ru|U(x+f7;<0q<-lc&wl(f?4{-Ahbr`E?_s1Sg;zo2yn=Zg$ke0G>y z9ZzlH4;+a4#XC8=Ke*LdCL=uNJ_dDP9*+bx0l`T3*BBdh0c`7+j3HE3HI~sTiyvYJ z0S2}iB2N>OnK&ae>QRhLg}rQi1A4>y5L~{bb1+*&?}|$gV@&_!I~ZOy%r4FW7#Z>z z>c~b)@`gMmSg>l>UaDB4rpKziOGZ*w3}--+xad2$GPI&e1H)k$Iz2g7K32ESR2#PL zxf2Ud*NRkQg93x}cwVZEfNP|OC>Q#W7z3J=6bs5EC7);f8UYEu%2qV4QUjUf!w%ho zg6c^$nkv&d?%;5^szt*|FGVr5%~SL35HmO_-!fH~TFSf(ztMfw`xQA!2LVERnP1w` z?Vd*Pp@VpjEUc&1b?MS&@jx|%@OYhDC_a>eqpXP`EhqmdkyfVh<#7RoYPpD8u%oWI zITqW-8qcXR(+XNfT{l}pBU9Snlie4Gx$q2ozJ{!u(X%Km8wB!y#x|$_X8A#={t6%g zs~|q*d?$)zUaSOtq?D42!lHcyP`VYTg%$DmIAVfY)Rs-inmV-wM`X}tf@ofXG0_v< zHk%U~AkQ7q`-0xr<7t9C^kC>AAC{%^?X<6kKWuWlWTw&(am*&?qetPR8iw$c{@j@C zMnQCjlBQul275AdNr!}(!ha?&>eOFWC*^Dh!F`C+fdLL5MR7>i6Hvj zcNdw!rbpG06DLkE$1$o9{KAE=(Voey?n{I9A8-zQIuO@VQ=)q16vkPkDQVfV#%VCs@szOH?gCn5GFd ztjdd+!O%-fH*elzZi}&$I)40vk3T-o0#&7Q;v!GMzj*NyW@6jQxv(~>C_?~)xv7IW z@0l~F^L4W8<`!U82gAtGhL!>?1zHNU6nI-HU?H&LSU9}TU}dz>q=34q%()(c1s9bDm-mmU|Ib=LDJwn<$&uX3L^= zkf#-;x09iQ;-TOd&^-f~73n_cq<4QhPyMVL^pT~2iKO@%DGk85=?NY9J+*I^v!_r- zyA>NX(cb6Y;q=4Zm3w5jivwC@S1Q;9sNRnumSK}DFD*H7OD^pins*TGnE)$~>r=7B z1Et?Det2sB-ODh%(bvJYsIHlRG@)9W&5eQxexNIwVOFoBQ(4fP-CWw9B+<1*0#4hceMSx7yNHT zt!25b$5+hjxzw5!%nYtZG1Z{t`{840p#1PjB(yNeAS>xlC*2`3#Mc1xlLBe6dh5;u zHlpSkPhDkxFgr&WmdzJ7m2&F46s}YWJ3~e}BiGqSK0F%YPE1d^#KaL``Z^+BX!-PPPh+!Ihnm;C{Edy&a2j?u|7-#sfY97^x z=fy1xy|E7&A^6_$TsT$?Im>@nVZ#RJlX#esApBmeU+a+B?fF@&EJ6M(G?o$zgdKAj z4aT9#9?plc5JlKzvmC~1)<)#91Y7!M=N`M|8gu)5R!ysYP4%pX;{um3;qk2!X1hz_ z&hydyLZ)|^VyEbj-SV&V1sKQ(ojO8M6JK{BfZVzn9}6~4S60HLrpeGm7}GFUWuwF1 z1)dCpN>r!}%&nwQZj_%?R$@)T=Z@$UU`ykHbcuL$Rz+OJ8{q5sw|TNALi|8#R^#L! zmO;&?Os47`SFNkvld7d7Un!21WpR!Tq;O_`kYCTS1JQ*^u3mgVh%xSef>l5~t_eKd zN)EUg8;#d^*jbJr;BGU%U0$HpVEmG9AQL!;U43Vo>R4^Z%gjU5gQF>j^7_wVFhhKv zXzSG~%?etgW*_34@w3dxl4RG#@tODzJ-Z#9By9GlLB@IkKtC8jlj8?Sx$%{)1MvlO zxEY=x6p%g~HoG+n7z=7|T4N9Jo+u|Px2Y)(QzPI61QCGk{;slOk;oGfFMu&nqc6g` z3K|nfj=W<~7(N*cve0|F(s%&O=1eVp<3&NX0?IQed=B7HH9%%&PT=9DEq!pBPLYS;cmKh|J9qC>d5^`1>_Z`+lc0BZmTQd1YX{w- zs;q%<_Uswd-~sf9TemKTnd$hkWA9B*Pg_=0TJNIw|ELB38UJgVvn=l0rCprt@dftCVq8wD&k7EN!_cyGiSWc{@z+*;<`SrS=> zYJCh9afY?>f9w&YY=3{TNBIM(HCvv&k+)IkdFd0%7W>iMOoc5(II3toz7^aQ%ah#E z$=jCaLsBF9w)ul<-SEouL)%~7uFBsR?5{PjcHw4^cC)*H`D+Z)WLuMb?L~WM{8*~8 zWf6&3{tuh9NNs*HOI$j+I{U6j$iyaNr&wgoup9YR*{Sc4;ZcNsnWD-G0pi5#!%NE} z)m1rI65I|@=yPG zF@%~Sw$1UCqbY_SAwY2J#NBP2%Ci*+(ICh0ij>eVv8oX&XLH&|ref^EXqAJhI95wP zH*-GV8m6uu#>+#d<#3={az=U$_lT*13YG^$oN&5Ddd-~S3m*>hTl0YB?#M0E3RR1+ zOz;;t)U?oHgfhPgAF(P{B+la<`^7s&z$|m@T9vy6B&V=|7VXL3jMu|18Qb}%rB5Ow_ATf&5*3`<>-6%2N;k-Pa8ZSA%fQ{db@6`Gj3vLH4$Qc@38R8h2d`GgHf}VXYYRJ-L zXd)gl#$z1ACQl+0ndXrQIPA1o%oyxDHPWF0tk7H03&ydP&PzMX5RkGbSGzKVuH1@N zPw|9{5=h)vxFXy{S z0FMi9)z_E523?Rej6U-{uCQ+$WTTl5Ry#D*3sub;q_@0L1V8&~H;b+V2Og!(D%;%n z+Pl8-NZ5=I6Zzm9)dn3BH&^NEOcT3!-ODX&fG}rWSfB~4r|<+{Xn+^yu4>#8;ZPIXXRx2r}pJ`>;W)&}(t*FX!Wt+w;T7i2_t_)uu z$BP&%;h`ash+(kgwQcvYEe*YVw@+E?vX9{*m9%(sWyR|eid$=HC}E%CD5a3sRZ)Y> z55Q*O0N4TQ$5uLg>mEJIx$5C-SFhc;apQ;EcbJxPs>-dYF~}D<15mXvB(*964mFTj z!6sNR){rfL4s@z+o+$!D-4~-eLz?^C?kx#}`nK}jyLXwlB90b;07J8lPnnfta+R7h z5Y0jyrvP0617a2Isi7)(n(OQYb6ys)<|x&%*M*5VGS1G14J)h|PY2TRf0fRrHI}kS z4TwrTd<9vqmw;`&r9ex8mI5sW_J9J`8q1S4=+WF9g|pR!>c+CT2UV-WV&s1(lA>(g zWeU^+i{>Y8GALDRbwskX$Tp7OxeWB{_^R+o%X)U{L|u}eD~7E?~c>I86CS6i5<%> zfqosqet-RT9%NdoYFC&$p3c0ab1OuIV#W^Y^7Z?g`J<0Mc&5hw;>(L&P-}=^l{GWJ zEf=t*OlSvzb>CeDk#Oxb^{T(wm%}3_Ag5 zeY-ZRz0hcIXt1K~did~>;ZIeyS-&)yUyDd_8cv{ItW$wfLB2Z3!%cA5z$^$)!*iQ@ z+ZSwtN{x;>Sw`7j3N5>9UU7-H)zx8k5 z{^LIu|AYVh-#K#X*!JNkdo0Qi@h!QRuw-+%%or_zH&aU1WJ4JLy3>~<>)5-;tX2EO zCjV-dEEkuWJMUh;`KN#Q58aOa{=aha@BF=1UTWym%1cPm^24jf56nP)>eFQBxSK0_ z-bo$A&AfjEo|muxKx#UC(Ba*vY!4sJe}Ch)bLcZO$DGY`!(vkK$l2EQTX#7zRb*mp z^w`lu6Jv4CeSdb|4sMPa>&SlInh3@qmn+t(i81LHzrP74YYC6uKl%&Ijnx&lWdwTK8 zO}AC);e(T2-3IgS{n>B7zrn59dq)o*oE%rLZ6jB&@P}=?zw4XR+xZGtyczRVXW4F+ zbqx!Kj}Vbs;PZ+H8a8lvo*7p!ifoua4x5uwO;#}D#m%1l9u;uc?c^`4R*N{mSY*6z zLJF*=Cq_>mGqT4U0i{#*+BQn$k@36lF0qa0wu&pqRmr*Jl`6KbR0rDnpWae?Shneu z^%!k4#XNWC!6Vlo>AEs{uSu(!ux{TB{%^RbX`_hw%_oDyVRvc_4yE3PyF|AVEf&5b z+?PLj(j^7rz0wCZI8?v**0u%CRfqWs`N{X+q0KPT3acjbHX{vXY#;jg!r(=L+xM-& zL5CMyAHlcIhKt`NUziz0?U`fmz`qYqe%E+$Vo@G8}>2mVq z2_w3;X?<{>?^a9i<`}U>Qc)j}zH#9xiV-0&Ovn)4E?!xBGCzC&&TSt~KX>*Fvm}Oq z(CdT4iZtEXK7L3>$#a-_upTm(e=S@Lx4sX&u4ANx+n*v>@#wop-h21x-sps@U-Xwi zH~!$!0#b*Kb*wx=)F9Vh&7W{cdu(uke)7qAc9uKH&wEcQD~PYv^ZI%1+70vY*|VpKe^wS6dq&%A!;LAEiGfBB z2|aeA3`t9;tt{hC#qkXySb(H6?v##1#uvVl$X?U&1hv02N)W69oQ8T!Dxn={ppifM z1(z-ZI-6NW$HwT-)y}LFG+43qeDdV6(LoUkPiCNem#R_i4e8){=T2DAO3@++%OF68 zA*^)pL%NPo*No<+#+@291P;t(O^BZOU>ZCDQBl?9%1FpO$ubq8z*JT?c{H`RjS^A7 zGH3ED_%+tF6h2g`;Hwd;hQ5L#S`BSgRQ}!;6|SDLphepivcd+kYUOILEd^Q%v=nG5 z@H`YCjM;qH|0--jBH_eabKRB0O{DN9uy4h-V#A%<^VGV%GFA<%p;h~bA8td*dU5ET zLq`t3WA)h{fE~z1UcKWpVe^l3Cm1W~p2@40ye9OvWNUe~ioB-zNh7vqJWSZ15ew|Z ze5#_m{TjrWxKRV+L^hmSM0l;+`?mFO+g=>|vc~V{=TGK{+3w{RUtX1U=2$4!N{?i} zPF62*eLa+Z_15|vZOU#?psTOzQ`@=SxTo6u*$XXw)-WSp@rFpgBhs%gSd*`NLlH(V zKu~OiMU%UP+NYZ^nornwOFaD-4vd!M+n8~m4&W8ap$XNBx^96P4G4c)%o@g5d?oD( zyH!N2QY3OBI0X)?3!;!iDTM6<)zq@SqV*}t_9aH`!|?`KqljtXSI#g5Q>roiY94nZ zeE_@3tG_!72i)Eod*iEBZXT1ry8v&V>9u;IMKo)!hMqC_3gS+zFYO_jzULE5dxUBB zcqkc#ovqT;N0kYt$j(B3ZfGT8H^ndh`TzFt_J#Ym0Q5i$zrK_*ee|Qr!{<+Z{#To) zJ04lQcduaXUweeMjf(JXvF;WO9EK=y@F`~}SBKwAFdf`CXqL(q=qcks{*4C8z;GAs ziMlX93%80|S=5!;D_Q4h&<3wPD7l2Pmq# znyz|Nj>_S;!+YYe8h!(U)ch-n4)+*re)- zPW67nB*Q3zX}x6evx-{G>%HHGpThkV8T5cix6X?+jOCr32c~J$ALl=Vxd1wfWTAmO^)^GzEK`K@7?GG z50zJQ);L7sdTLn1v#i#FA-Kd`RaFlj4%Yt-vKzu*9Nt=np@(^y8pYjInxjQ!t$d%D zQKn^NHld{upnYdWYfAUT~ha}ZV$vg;1TuQK}3894?f+sjy~B{9QodXx>2JSl)b*dPXLmHR-l ze2~^}w8!id*sse%j7O=Ybrqde$${rk3umyZotGq)i^u|or=71PV456@$SjaxuTa5< zyg(*_y<3y89odCP=RleGfY;IarYfU<`mv{2PaHkd4zlAw$AO*9f$E=$L-sYW4&-Q? z>k-TURH8Byw zLvd66)Y$bpH|h_`d~~Uy6ZV}AltoLf6(q{zjlAn z8<#rxb;jq{k3YTPHgxf!DGu#tzf-?;vCN8lhO4u*^CB z#<7FElGHLx!vo2iT!fqWCNSJD^lEtXK8^&kG1{|0p=y#8!u1{-6l><|?Rp7^&~6q_ z!4DyCkPHPHuqIyBGM!jg0&U=4o`A1rUR26Q_Z`@FOyO)jG@Uwf^vM2+{Y{O14m?)b zT&1`a*xDR*eDibjaE|UoWNQf+!lt%|mM@jg_ildi$-n&X?%n*dfvNDN&;RLf{n39p zee}a7ehUM$fAcqm?ck}Sn?;*cZfl>^TVYod>iE;~r>P7A&sZOH>_k>bh)K&2 z!Us&OmBr?(-CPRYn+sP%dTGwX+^y|ffv&M2)7};!1HAQ}tJ>d=kAzw+Hc(V%&%Y*%~3n}tq z2_q8Lz>`M|PfYA%$3w1$0ZwnFRWL{C!XKKlmVd#9+RUM7Y~mu&&v_uSAK$@u{OMJU z9aw+Zh-oNaEZm}j^ zok=v?z66lSBrUzOKBU6l#|%0F19K5jS!6gwmz>Il9j*O`PBUhCSOCpEGHo6*UYm$P^<>WHB!PA&`6QoTTN}0JA|$ta}xWO z-P$Z29chy4CiOs~D#AciKI~X{71KggR%!Kz=dgVT_Qz-yb&gF^ZfX@YoETPEdns>d zX411SuoqR{Ar2et3~H#Y_#3zHT~8ZvgY~JSe5Mb#h@s@GAC=2B{B^UujF%2iA20$_ zsw^&Xb!_iSH0pdgoFd~_qwn)AE4U+Gv%C@#YHMtQ0gGJ0y2nu=v5WN=9=6N7UM_3muY~I* zX`>xIOrhz(ZXFP3;rtOgzMGm+DMraf8{wf!+u_GC{W6Xz?dVx=2_!nP-AEnti9LIw zeR18j>dNA{`5*)D)+^?w;C*85#PUpCYh}7+ z7OS&&^x@%HR6Iqikw}*=iMQhS?tP$Da_?^!SS8pzI$01jv? zp|q~dCG1Y97V;5%6m6(Pzyd}_{bB@t-L)AGI8gy(@mIAB#fp+lYK-RH+)#@ELySS>(4j+ywi+w9BkKmI-jd#UadA0Zi!VP+&sPJ3 zT0!RE<<{d~lRV>_r?s}-r#`4vm%4!|xKCssv{2DxZ-S}f< zsEab6Le+|(1&{T_mo@m6ii#MRW55nwszKQ!R5etunPh`VSvOjY4ZvQOSEc>gfZAfU zdnmJMTK0v?gSg2xR~ajiy=z&5k5v|{RQW^Lz`KSb+m9Q+1=(nh1PXX4$;OZEyoSOX zCmeb^l(zl2Cghrt?Nk+B4Ypn}SEqehVw8xMPy^)C;=zMZ8dja|Km2Xv$AP0#t+Ba|>>DI`dR79=Frp((i_ zlvm=9b(&aVd>AgBNaKC?T4Cv5*ypAUbuCT&oi4+|2fqNkWk&Qbpx@)9Q2z)8ZqO!85z0cal~)JEfq7FmNo8KQ^5 z+CrRS5xQpU+yv9G3gu@o7vnWjX+-M^2(TQ+S(cDOW6ewxVG!1H?q!ueQtk;?SabL1 z7!X8PknOte(P^a0TJnY6yO-v5Hd=GY!y&zkTv!MpIbBJmeNQ-w_SWKue7$noX%!g^ zQX3fbH+&$-12zo^0v_;v6%0UYlTq*|u2|O(Q7Ntvm(a%4BUfDVIQ2|YxnOI;^fKX6 z#20|yCx98k=6Knlq~DeGpr852hw!PR!_4k(O?<6-IPks|-{R2#$iTx+hL2$*6)ZmJ z_~X6YP}<0v7FB9!&+nSg5nm+CyY~S$Jk$psC}iv5IhMDVs~q?8<(WpSDyqYKRqd#W zV`KLhLb(xZKXf74-op`Fe-hfFdL<}TJv4!O#3C2I*y5|}zzXpKDmgADXNIlASCFbh@8L-Rb6a(v={e!Y|^#^Nq*2= zx%BAI1R}k4r)skZW}OmZJPR47Ph%TZAZbYm^{O2sIbn&;K){EYIB;Nm;s9evR;jY! zBSw-oJr>?r05fzN%4L+t%2&OtvP0WbF=Vf*H`dI3Ae5-XcwWVaxe1Jt%g%(UBDZN< zU8p9e2{iD1`>`hCX#x$}Ch#;^MoVMFNu#lGgGFdDbG+6xo|w7>-5AR$k#c+t`|jts z)wy9#1r$WX;!wb2jKi%~)@nyt5?05e4?+< zi3v6%QY%XMz0*?@2d5?&ts>sFilSF1Lg{=dhLU<$rE3M`_a!Z4m58aR5|QPU zh!9vG(Otz*uCT?_O30JDSfDx|=pMlg6PB090pLJ^rKG7_4MCbgsleRaoF-||5Pmqd zylcGYVAT+|!Y;KeDq2*n7$V4ls!&XRqu!Nx35gsR<`)Q^vg5jReBXH3x9*E7S84lF zNQ}AcL09m%LNTbeH*sYykdqG(QBo`XjUcLH$bm2%(B8Xum&K~_LPhUa@fOXMOT6gm ztEFA(PIGK)5fVX^2c3iMrI%y{KC)P+M9H{dU3YDo19J;Y(qOZG%n8@-dOIKY$ib;i zNyq_u~hQAjKYvt-FkXt{9>E z-c=2$IYuuVDG96x?YpuK^8nAA1FpEYj)Wd2-D7BPY|dPGpudc*s%_0!YxcKU`Llz6 z;>W^jKx$ZVGUVDG3Q6BRI z3K<-h@X7*U6jTk2VV+*bqd*h+k_Je$Rsj+J=uvOm%_s%2PIG8#GCoK$fk;%G@KuI< ztd4?h6qx76^VDIjMbUcl+bDIQ(vAXIIVZeN(|c;F`f3cTsag%w!r3d>dN94$D?g*u z@O3%1f+kvul>m^YDxpTq&ENGt=Ty-)3s1EyN=c7iH3WF{N?nb#$q;Yhq$qS3W^f8Q zob_lCLYP|8ql9Xz?1k&mE=c6qO>dc@6riY5mk%Ebrw6(DzD4~u2bD3&535=I)t2X` z$WMe&pyIZ@u&J%*-*m<-4=DKKt}9DVM$a)j#`h{?4EL zlc&gH`;w?O>mk>wRM_ea2L=WeFVaK>H-woJLXll(JPtsvhq{aJIM8w6rR9K@@6ySK zCEN0{MP1s-ie%Fhc3XKkl+NEOnzy-@mey>cPKw1}X=5l%M~S*|X)!}onNa9bEO0TQ z5DAQsoCYFsGA~cgz{5^$&u$t+@P(@Bb_B#o2mpql6AFtl514(#^0%~w83~0Sv@jA- zA{ErAF?cO3EY0V#oYC7DEnj%DKWuV?pu0K_ys8|CHm&AASX#Vt`O3{(H}BoOSJSI1 zFasBM;oL+WJaq8z;ltJotj%W=k7lcpXh#~OHE=GbZrr$W>*g&N8%>c~nKcFuO;4OS zarEfXnVA`Oqy%3%ns#Z}RwHiSym{rymAkWd6Ilox(F%9RY2e_w({P5s^q#5Rd-)4o z`2M@^u3f*;7=Tt1G?c9gN+?^I-|CQDym9bIhm7mjZ?IbxbL`mBci(*%+RB9#O{n9; z!*%=i9X%S+x(x$A$jrqO{?eU0cNFm2wd;~dNG2>ge!R0>1z5 z``dT!KqXVA6334pf9IXIQBp;a3kJ^4-i80_)gN#YW*mF>-FKi(9&dg1V}*0~{=%Fd zv+p!?>+^U?F!~Cv8Y_GY%^}8!7_wr_YA&M#%?wC`%!7?q_nH(hCV>82N({ZRhUP2J z-nSr`v&->)w(0Vdx@Z5>OstgM_zbN%A8v%H`}n>C6Py%2kB`}B&6W;!ZM!W)$IQ%t9 z){A=!7UDpJqnAi(?ayo@m;eb>8lX@)(p~GC)JP<%Fs;HB46V*VU>2J zRzFE2uFYcJEPUvPLlj(!b6NG6YYu;#McToSzyZv*ag^>~fV_S5(A42L3wLFn(pD7o zXR~Vy3?t;$fpi?`IIzVW*!JFei|OsqbsTuTInc}u1!%6hjG~zfy~YSvSgH{Q!zD&I zmIx)qW8R_S+)^Ur>ZOzsQ07eaRWVu}rM#4NI9)_ z^)bi0@?DgGJxW?-$?W1?lDxiCqCPQ+7{*MJc#A7EP)Uhq1q4>W=$etAqKAS+@ z`u6{ryZtp>ELQ*a&;NcO>GaIOV<%6&`7i$2|3+uc-|B^5|1WR-^iTV5U+{0#>3+4Z z_R%ItjVi@uuTAB<0MCY$tszFA=u~ z!^Gq5k^`G|(<{Xa?yj-W?B!}-iXqkW#GWhaKcge1C~Kdzk_tDg;X<)Iu;!)?i++(; zEDXnX5t6PX@FY$h(7@%WhW zk0IvdByWf{7uI_$-Mn%0i_gEfdi83F%^H4P8VqvPM$b<^3;ii`T6VDuV1)u zK^B%Ys)hFN@ioXfL>HZgrF~2B$B!R7d-kj>zWCw`j=pEdL2yighI&EKPjg{)&osyJ?&+HPX|TL1X?!L%A-qn7qqD~tVi+Dl)y{uVkYmA0AfN#GdMX=IF zygfc8!lsg_Y=DF5!EJq4&y&`ASoUs$?ow(rtoA z3?mdIf~#Cuspd|Mhw*Nept{78rbH@cx#JxXe+RbHIH1n-Hj;%pI4+;n^+Y<;XjL=j zHA)v}$3<^pxPjE;SD%oxTxM$CsxWF zqX0hFC81BeLGtcZ$AOLmuM!7z^*RIwne*vJ^odg*%bsRxdme?S0E3B{3z5>6NYTV6 zBGNN5$Jk^H4U5$rp=t|7|wN+uml$AOLm+slE@Xmxw}+hOlG zu(cd84~*GAofx0x;rAkS;^EzC)XTu!Uv~&)0jCyH8ll?*_Nch}>VEK0jh<>}LgGN_ zZk~=6&#h3%D^1Y0&>2Ym>(!`U7O~cnYKUG{8P+F``0abx1~qPx-N2&hVAkQVWS=!8 z6^xRrA#63bS94=Mssc4SHWmbQCMJ=1B=gQ^AP+JRcZKleb)=N93zfwS~ zUc7g)ipj_7P#7UjK6F?Xy45{Oo6UfAI@=X0P5ncfjV?{(w5?3l=V&3xax$E8!w~FTRAOB>t#CPx=2RaVC5Dt)F=`;;E<-0WdkT4ms zBxlt&O-zkP51ra$-Pc=sPf2tiE=CyCOvbE*#U&a|Qm`W2n_Hme^p=uSBB`tgO5*5W zX;}+d4D~iv<8zdZ1?*UETj`)`ls4$VhJdoErQy1BZ*KP994%~Y;$S$I$9+~}kU>zI zaX=_l6^f75yW9m>d}W!(94S4JMTR*LzYvCZnRXm_0UQ{M#cZyXSgd~f$)`*wtG)E^ zA^J`pIPk_Br#_791OF$F9wtq248?-;!nYTG^{Zd8`{XEe_U>J4-gk9epe%foXzN$ zUwkQ}kX`zhgbk^J);9Qd<-1hAYzRL2wf^zxttjlZ$JI?Gk5@-B5@C?XdiuakKJk!Ucj(%F7nxDUtGF$Nf7}5CJHIyIY6LK{6U!1GaHMMd6P}l?iDeM`X1KDg*oB8OMLv zmCf6F;LDvO0kJVcZxLyj-}}g>P{y#2jl}yG!=uf533V*DZr#@5_yBq&GQxV0tK(69 zH#W6A2%FoaEn2}mf5~K<-TW+`IN~-QQ`uAltj4g}m_U@>88JxOp=olw&B&~J!HUh| zZ{QWj`Z2)?(|r!Ym_@nO+lwtx}7-|?j{SZ zK6~^~CnAP|S)ZvjRiusr-?IHg8`6BX>1?j;FY(jop!-tOCMKh@nej1s)C1E=)- z@xHi}C}#n4@St+-XM<}{q{UUlG(}ypNcQRT>sxf-BcD&w$wP-Y$d6M#u%c-=S|uw_ zZfF^vn)vcg>V$z&ENn=9L{Ph`2$men30HPnG+Iua2!sb=_~HyfH1_7C4ti_x zci7hB0LdigCb_$mlF$huhOO9Ro11J`rvgJ7_lbP6_Sp!lA-kB4104sR8wWb0)#t|Q zm5eOF(qybWuL^~&Qe1Tp$PPXk(!0IR{Gry*aWu4DG+!K1SVtd4vDh#Wa04$eY<}3l zjT~sOjhteK0tPqIWZ|hx)un1YGE}u zzT2R-urTl6f(=S?B;k|wU37~cbMrKX7#TdAqpWvftb}zI1C5-7cx4}Wc^fj9kPr-o zm&I33fE*QCs3^Rsx~vU@1h8I_Yvlwa?oVCWz|X*NV>nt15Smo#2fZ5$|Val zxD?sSv9Fesnei+osIY=@Spw1-Ths0pGpLD`sC;yYaP8;gxe2!{V=c)&3m!(d#j(;7 z29n%pE)uEyEk(X@e$()}njBC|rQ1-OE9%kwdo*mt50zpT+;3b^(wwGw&$D+APeWgF z^_kY&Hpq3oDzrh8?S8c|`%PsrGjnWpUNZ-KC#K!Kx%Eb?`wlxLHm(Qh7qG&k-7zw% zv8t$%t!|ppQ~+c>U8%0sRyNLHb=6)!)pGh|f^YZC!N#Jclb6~Iex2o|>S??Bu%qgO z(aXq4l+}5#A~n=zAHtq2Y$F)08iNhs0KD>t_<+uh8N#_qItFg5BWzWPTVBo0FVaUb zS3N+|+P7DSVM$o$Gqx}K4y&R5jK$LSdadw#IxyP8LcE};DwEm!bL5Ta;^KHw%W}KJ z4kmW}v($krJ+}eyD2^SHRF0gImy5_(D|v+TFj`GdOIc!+DtvWtbr15o`k8F&-8%lf z^!1^&i&C{Gh+8@5&GhEYTbAczf&RdOlF}`wv+U$F)DhqW&Qm8(68^O@vyMyOfB*UC zpa1&Tzxn>V@69s2%~kgOdISxS#O|^VVL6`&Ef;=9%`cp)8Z9cE9WLIwdGp$}Ynrh5 zBS(*zu@G)a=E#uBoPy+k>W!1^LAB5WlauBSGSWZ^@MLm#t(fr77ibLPuYUQkr%1X{uSq*a~PkW~`}jQ@i(%V!o)n#%^OJ&iD(xmTD6_OdguO8(96xi}yjz zv&Pw|`@#FO~sd6h8G#@V7jx~@^K!~_uhx=Fw&I+}JNq^F};2{gH^9&3so zX)8I_m57Cbq$5jxP1-K-DseznDJ@W`_z2#Ho>2-&*zJLh?cTS4LQA-JpK-u#=YYXk zMrxe#6^5%6%`Upup1SqrEWGbXU~?(dZid!&*=P(bwd(T@unx2^^g-TU#+jvB}3ONC#@8wO;1122hWgZ|o_}f=q%jo<4eXe|GXN$dqP7 zH}2!22l9glXB^5*yS}NRb_1%qS1*tQL|V%i{#0kej$ZfP9P{Nz#syLk4NP{xFOa}4 z>y85*2c8E9Vsz+Dh}dPCIt-{-i-Ps!E5nDOkZVhWnCV)W7(Q6uNKhN0K!zUUj-e_y zOQchSJS~SB#6-^kJpzuc0WnG{RLyqXgE#AxZ9V?1M@I)gihPdSrsuwbJ3-7KMKMnr z7g&?ADj|u@{+mVGxQA;hW_sy5{*S`{R0iVMsPm}~e$8qra_85#^(fzx_)X~Mwj{p} z$%q`#vo?*^K>oy39sI^DdS&>dAUX7g&W(_li~6y)zH#xl?`;X1Ma=f)@_aB8xNBKa z;Hh(z))uPSx$wJVfy#Q-4>#}P(w6KPE2?0l{}L8>YC6|TSUBD3ubo-RL(-*7m#w_U z$(2h>`XcM23@9DP$x{)P6NTEXTULi}QjM*LQ#@ssNy52vXMgsyzvUQEF%%khkUQY= zSHJo-FGspNQwR=_9A5d;pZ)}XFzULM>5CV?`^7JQX~8v%yKa%awfy}4`|rsMFsgDb zd3beJ5h(7?o;~xszxz9Hyzz!d3+LZ{djTcR61AA^90?zh)vP6C%hgWORMO+e<2=pA zlr~BloEorL#Ui|twM*`~O1;b`2OcMia?u12A4vQmjgQx4$w9{BR>yzyn@{AP)P{bu zeVN25&e=1kfBScS<}B3u?rnfA31fmKbLFYUY$`=8dLjBmoOi{Fw>J3nt#DngU?5eg z*W1L&bu(V)g<_gl_s9BmfL5Znfg>x(Hy2V{R2wZ+pQ$O-)k8u1AY?k2DhwZ!dlMxE zGjbm7l8%@vW~7=Ws-BojLRJ>dpjd~<<6eDJ{D`@8SYFWk9%-(Ph;tW^(9Gg@OY!@-)3 zL(wng5Isf=qd&Dg96s9;TS(D~u`*4nf+VK}0p(hCVSy!0cyhJM$Ib}FL23}&vjvev z3E*U9J2N%Owd!qai}&X&)dM1#TOIV)@GXlhapYIodF=Q3UH?-o8Mt@+8DPh%hnJ2& z(GGWwSuB6|-FMEtdG5@aGg=4lhRiO%`22Gwtrsp_BzFGjM;{zNaoiMx%eODS_`=lS zyNegiM2O92&YpSu?YEB|J4y&AqBGgNc;Vvt^XIKbe0Bc3mP^1UY41ICB3ga_BE<5m zarWFf^A19|h5T#RuCWs}wJ~!cb#vxQS~+~=@K2_u-hAs#D;(M=0sfc2_$As{QAqXs zfBW~%T(o9FGTKP*#A7~L`?BA{q!+WQcM(tY;%7r*$$FFyP1b2hsq(lcjHzw^%9 z?xrv%1>|tE60<5UT|fBXeZ`k`g9KXVtC}<^OIg~PS9q&X*REaXQ-oRSkt2H?8=gs4 zxY1zP@_@cnk8LH!Qd4xcu_B|d^Y>c!Z>oXu!oYzU1|Z9L_ZAk73gLRQC8gpOhQ$(} zVQH;zv!mKOYF)@AX;VEhWK>Lq`}DW(h7!P_>2Ixa48$q!!s7DWB75~Hdf|l1l9INj z$XxY^_h&LHW$Xb~qlgK?rU5<;@uyJLT|zipUBUnjnh!06Kb?$@<@oWVT3pQ#2jDh* zNK#hlAtUs@_`^pGaPQ6g;=4&Th`=u#L)Z#*V(!zQl&(i>i-tbDs9yUjl+stg9gEVS zD3*=ehH)d#kJ>aw?R^;7hUspR)CFGw4pjZ?7i83dqu^9&#)gNCUv_BRoejm^cb5#Z z$BrL6G&3_fIX=+k_49ZhztL-u)pv36p!LPnpzN^M&wF+IS|2vvfY)AJHSl4hDL{0N zt5_J#KTQ@T$(KVt!N&Q#vTu!vwgV|132kibZiQcg(y9ccMFm-18>+%&8CTVkjLquw z5JOTay~xUwrD^JE1HRspw8ErfSDaGfDxIxCjq;f=$VgNbtWkheNqELs6H>Cb$2Dqa z=DYDty(OKd1!}mlD8o~ckkatGBh0}CXeOE0k^x|lIDir{!06Hy2MrtN)xCWwI6$eQ z0z}W2DxE#4+aW9v>+Ic0!=RU<937Dz2RaTs69(vw(wwK*gdvw4k(WJ|!5%6!)5%;r>%4bZO1 zpANp^z*F!iOjc`Ixy0{!Sf_r<$Z%%bzAwaF!0=cv7e0F|rhfkU7w6A^?Mz9lr<{k9`$O|P9@d=fFFo3;%{tTS zDQ8F)VnZ8So0(9Se#_|5s+V)xml2v|mpP|?Qt)e^WvGuhfME-dz7 z(tHJ^rXnM#P-05sk~@D+Uw!rUwI8loK92(h^N=Q`W1f5N+&P*!OIb26%2)2a{`)b5 zU1`6+bm{A_zp)T5Y#~em<)W!(xei;5wM=RTCT*FR=RU z^N)#QT9lo7d-3iCx!=8eWAZ@g?%UVh*<1BEbM(V@{Fa1||Ir`a{OA81sv8%s9DD23 zW^e`z{df6NH42#CiGoC=+EX7d7iUu9$;G3UEZSdS;5)R-a|0cnX<)^9I(XVB@6}YbU3Zyr(O3~*J3<;)<26sus;n2CB5&e&@0Bn+-h9LM5>auL;8pPrha}U!DJ2 z*$GOgPM!SVgZE{DLZq5*z+exX{cJj}vuDq8B5RSQpAEOEOLt~xO}lugCCz$!`pjvC zvR%$xi6tw8TJxa(*0_GU?fliPEplp-=7-r^SA7l+yyp5Vj$;f2k9MnCoPR%@pI%^>Bto*rr2G;=M@sJ>mI1jEsc^T;&ATW2DJ@FFiBF z^e%55S$wLn*68%S>aJIS18Ra%#(=_#Tm{G$Hd3+lW~y5l8<3wTNWwb1<+=O*EigfF zuAF+cZ{HESzeYm0bwEaQovN9Dfhj1-exNG(P$sSRs1-yTDlj}5as0wD9h#m@LM;~` zwY<=WtaUXsz`xe}*Dg-Q)A#C)?bT8Ea?hzJjLz_7zN!eyMc`CJn$N8|(md1ss%<$; z^o9Wy16W;Ak#d6R?$Tp3U}XtP6<+{^Op&=3U{z>0XRcJuxCJw?aGLPw(Ue`B6ZS8~ zp<(PqZ5zYt&2m+Ca&ak$Popf5BVJ!Y&V(6&EPO%8#RDV6f|SH71(BmyWLQE0nV;p5 z`^)@cJK9$`ps%xf;L8#dd}~5Pgh_Xc4-5^&-L|Z|lB^4L9OyXks&GKF4{>Wb=71W$ zsjhy%DcmUX6%10D|CKzSm}(-Km>df$zRo z4D;RkMZey3^`WT`eU@z3Z=(m_t_(W7t2vz1t0B|(oIf=ifXH_rbnW3vJ7lh^{@Ww|NHXGFX_KfPS&TI zP?B6sy<=JS#EFxVP*Ir@SZTJqT2-X5T3QN=5k#7ANJW{2!sW?j3N^4gwj$V!f>Eg@ zjEBqXN6`?r1*}F37Sfq-w4wQDYn4TWKvd-MCnzT9o^f-5R%8>o{ z&%AZ_N|1T++fPrPdb>^V@`J_CKKaXvnK|Aw_-+GiRoKGLQ=p1fnLV-3J~}zh2r0z- zH7D9e4`cmmuMwB;H~6x^BrHMDL(7jcke{Lp*?k(+3c&APGYN=^coNo}iF6mNqv!NkNyOKxEwYSIPd~ zEt%8t=cOONvf;EpY!ePmaO?p)ICK2?asExMuYdO0XS{>2$4eRymH)ik5 zY9Nj~`0z&`e*E#r_I+6+*L^s{+nEgTn5QhUTK)C{TL(h;^&8h6)UcmZ!$HweU&9#f z*zx0f2uFgk>9k*tO{xZK0p9)K%t6Sjg_?!{AjznR=yre@K^;JIpsI~+HUDZ#RRQo& zAs$Wu9`#2uY=grf=6Hc}V1rr>Z!%E!H_s9Ye-0UcoUjkz-gON%+~5x;sojiH(R zK>1+(^1S2he`NbIj zy^5mtfmpgWmP#%9qqQpIn$5Of;5Et{-ykhk$vxyBxe$ji>c|XPCb}|Jj(spHUg*| z`%Pet_VvW}sO-8vcYT1CVz=FRx}Y8^OJyMv!opeiA+Xo&k?6vnlAe=bLnhQG6MLwR z)yY?Y70Pwv`pt#K#h9aJUrJCE8Pzg3UaAf%hDZWoMCWBN!V^s3A(f!(kJQRSRE6;# zut12jxgo(229jM4j#1GY1qi)|4$css)2KAMdI0$R6!lGBzKE?IHfs@I3F@eY4S5Vz zHEiEVzL2|7hv_hF9tcKJ{H54@s zSQqFx&~f0E@c)LFO;uqNslG`tT|u9la!#`!e_Hhk5d!-pJkhzA<}SZ&@`GF zZ;YXNfaDAC?Tr<43ybMvbtCVyIIsbK)*Q7v_?q>SI-bZMf>ucXaSuKd(_;eMpRliP zlKGMbZ3eVAib9Po!tHzG4Wu#}5DK-?!uEj;TMZ3E9e+&S-Tjxj7;( zJrSjdezx{ER4S1I`KI2-V_h9QK6L!4%3v(q$1aF=EQj3t^NXdM=FchgA=$_G>do`| zsfw%qhUG!3=8;0 zK#L@KHHxRkvpQidZ_=7s)n!h~x#^`#S17VApgN)cz|<726YUjyP+QihtN8e#8dE@( z(F(Mw3O%(Xi;MTo87u-x$h8uU)%4T>fn&#b80}3P;IX{w&l0SJJde`9nPYHMYRyD6Z^5ir! zYUx*zp_PhHR=d5?z(3RZ^ItJGot>R^3a6#?Jb`qtRcE?607^kOXWhE$#tPH2tzig7 z9$tO=>1X~do68*zWKb7k4rU_NdOG|jQ53R@gW5cWu&2Z~98grUprv_q#%byq!>dzJ z8@?+htVyGmf^sGIZ3y{}z7+bi#%@CfqoI_0`x-6Ls8Cq#lYtf(HO=ivT|Czh}_01bs{`Ft}pKreX@yyII{z2}|-um>Dzg%7pyUgjM@4xlaKizU#j{niW z^Z7pvtXDq&?kE4=A8Z;KQNMus#B0L_fYs0Dy`l;YJU9*B+yDf1dTt=c_N6_m2P1ga1D8uE()#nY;*MJ=t}`=~5b0e!0htjHuvLzjWh^htlvGv-^e`qO3}FG( zHZv{1dE3fFFe(Obm?EpiwH*yWw64LZ#f*cQM;+JE=mcl?>8$X7xzQc3JlKtIFU z%{)kqNBl8A;!YKdgv}#Py>ZfXhL2SghNsmZu9;PR@If5Z{(LURa9pccuGalVFP$<+ zFgY&)G5Gx2>bq)CC^;5yiaqU5gH^$~93g5{D(>yr@uE*&m}MIS-3^*mKb6a>r6Q{m zsr=zKHU6Rk^slHAJsTb4Xtm?`tGX8VKJJzN z4MEY>#EW=KS5`qAU0Km+OBxy#0V^DhPB&v#zD~Q2bQ@fX6D10HASgk+!pgcy!d5lx zkq3#4?jn-)ZVhn8tyx*TA-9xnMuenOK2qH?g1)~;_(f; z2*X5HT5Fc0wDcvlZkCNPWc086BBc(G4IWS-iJKB;KnU~I6spSQ6{^I@TI#Y-^;i^& zL7S!^ezWv+@H?3UQIq3Hndkt`s2uGbW^1WSX)4A}roW@D<3PuO&2pedH|?CPMaH5B zn2(JZp&(6EdV`+W15!-QkLup!RU;Q!Nh(udqk~O!(~~qVmQQ<1mYND$1hf-Jh&ngZp@z$tzTpPi7&DR{D}(a z!t-9Jp4YplL=*elR6;`;S#0cKxWFj*Eug2LF;w06?fBWR4lDYrZJ3`%Cfi-#nu2Uo z;N_kWZWB|s8?7#i4#PskkTkC{Ref?_8O>C(4n99gvM2iY*O@}#J(|Cjs6tuEZ;1$NgiUSMstWPnFMz8wT?Ax=dI z(QsA6e7Y=rk?G0trM-J@&(0BjjvksmJOJ82CBHpM|NnH@+Nsb;6F%c(9B}kr?MrL*VU_68K)}CPk!>_k3asA(@W*7G$`coiBT*cNY;j> zlDw`mNr8$E?#h*`Y+f1oT8B2xI&=BUDzaAZ1`hx&`F7(mI=Dcc4a~Ktw ztd)8@2rzv3BIpnpm748=!(lbwT_sV{5C86e@i+hU&t%1J)!*tof9sF_tJRUu9&_xE z{%G%^LtHD*-MKe=_2$7-Q71QZ^{Qj_NUHNnTJ=ZqTwy2DeqmS$1G1s|)vwo)poIm# zb>Z(_yEQ)>$H{3q6MyjY%DR)6dVC1hzwYu<)Sga$&I*y$;lCA$CU2E6gMU;xF|m9a5k@!tRJDgxAkdG;!h25{DVb|m`PvAM9S z0U6y;B8)D{m29b-4cPKnTFT)VqCR{Zzf3A2Itzaon4xANzztZ1Uy`E79r8+&i|9dC zmb9DSb@Sie*!W7;2cnfW7)@-Tk@eb}NE27<^tW!_WMNsxsTzy5?b;hQdsp17IR!{7 z4TlaNvO7*d%Q8oRSzFWM$irq6E;EbS*#$;6w{P8MA=Aq=TVG|#4A#r5SFT8V>C&Z( z7cR2<)H7Ighk1HtTI*YNem}T5}fD6GGRq2H0W7;qJ}pIQDbOW%l1PT2)fYB5qam8>8**bw73>G+x3kSMl-~7U%;ZFKZMO3*nf29z}T)wX+C~SlQ9L; z`LMs~&th8Wo)koO$S1wS$0L|>NmKm?(tF)JXL+l`c(OcDxwt2{TCB;LY)Kl}X=Rkj zlPo6ojvqOAz|!yDv?dgT6XW}WDh$y&!^|**mi()U8d^ebimQkO;Hq$Uf8{x#sW|9> zO|w?UlAEO+AC1*C;y3=g0%WL}sAI7Qjhc7w?)wW)LWqXH>(O3~{^7*<^4Mc(Ab*|= zWJPgzZXuk0rSn$=XT9!K@2cTLbvpr`p}!3~dsgGJK}kA zWvA!G)RNkBY;2A`mZmqW-^=Z$QKizFD8>nP1{(5FnKF}R`EwxGX>Z1~AAY#5$Rt2t zh#;pTG1t`_6BJX*J;ZdC8K`LLaeX|naIwlfbeu)b%+&OhhN;#Os!dLbw1uA@yM)H4 z`0$9)2^b=M2tuh+Xu^ibqesKFs*WIf3j4kKo2lAah^OLKcC}q9bXK(&&-VgIF>UxR z{IYYvmZbyx_mMWLpYMq&>3=tkSzq?@b@X=}=r}OUff(H$J*JE$^`(pDm_d+!zzL9r z+Op3E@|7J$m7LisDe~~l0e@zE!}*Q&oH`b}cV~@;Mx5iv!^f%tYqZo`1J$45E}IM6 zy-6Gmp)fBTGQp}@SUa=++W>0|i0%1o2d`c|C4W-f&l@h5JQ6=`mJWrz4e7;+Nlud4 zJ+@3`kXo7o>%Lcy53jd=uc=|BPKPfloBK;g|4YUHtQWNKj8;Pp7l+C@F7W<>!Ih@tg&2nB_#eZ+5j{oEhiYsd z%(Otlh}Hklm~({bcSm3NnWAoC@ia)nR!W?A^ekux(>@c0gQ(h1 z@iFPAi2E)Unci7Q<_+k~*|Y2{%>hgatSDm<^`g!3;K6v5iruPu_{k@q(qsu!$(=oW zniVE>TkZCiyp(9(QsFUKy>t7vNM2g`QWAOo{8v_6ISOJ<%1jdm2(86RMewKUvf^tA z%3E2Zgl_IQyVdvKM_b63xiz1DkV36WRm7h=ch<3?OlFH(caWwr)P)pt{@9*S@R{4N zZ3Ri6=oK~M?b~-`Cn0zROe2`k7&>o444n*^D_5>?*Lv;R4ZdBuSbgiQw;0iW@WJ~H z+1##Lsg#9tJ82;=U%v9)ci%Jox`e0Y8Yp5Oy$ zHR&IqXMOmFev6Q!;BVl2)FQr5f7gD4_kI3%{CNfHgGLn1w14II^$@NNZ8ozV?)>@l zB=eg$Z+!LD*EWWEM_SGk+z#>`WdUR^jbZcrG@W!blhmVwrKz2pd4M^I< zkj8V_6(zzAZW?qNfo0DXt=r%5m2<24a+)PO#G7=W#B|22%Dl!o70d*Ra}t}#*tlmZ zWbGXA3hviUp@4+dcU8 z+~u*swVr<8U84hf;)}$`ea`JG=Q44VF_!S#k$yr4>IR~sR=fHpzeQwK!Kg{#5-z|1 z06+jqL_t(9j(#i)z7_AX^0ev6XynCV^p2R+%h(8F0t;xa`%lYRbcUh;*91r(C4#e@GV; zW)B`cSYlN-H|Ic@2h4pmF8z%5HBviIvIcKSeB>Qha;u@g03$kI7C=NckL%MPZ@{&H zLuot&?=6Pl@q=Z3T}&r=S3NX6Idfow%c97*f5o<%{)ICj>k`)n^H}jB8-RYg?)R1D zKs1(paSRd7o4aZW<-lmFrFDNgcFFw? z9sO(&hGw4tLIWjv)ptQCw7ojNDg(K@Rz-)c>YDMZA-kBDivwyx3;|)})4SHI8!uP6 zI%+!(bR1}NpyVr3l;OtwjkebQoY-mW*}D*RLID$@5WPw&T6g|faAt@$+eu&+>DY(q z1N%*3^e63nSBDe-N^~#F$8oq8zvg%E-KUS(=VYGUdmoP(XX7XUoznL8OGSXPCud?h zW~xay60_WVht~LwhvZDo>x5ZSD*p2W9@|+%Cl6Sb{hS`RLo4yEKCjc5wk*0cTHP{M zZVHhqVoa}5DJt~fMe?uiviijsg%ywdDs`cs~Xic|X+OKQAxe_n+t zkNSgEY1^L++(fj@MtwG49ecF=c!98%&M=6vw`S+S5D{qWww;=1%YaZz(+UTj(z9Tq zWIK2uPJS2gck1Yjur-lq!P!oWpM)ndeW|Jaa%;lzAyaIoDYF=C2H>I*qaCBOc9%_~ zwnl~vq)JGcC2bJ_gD|b5NP4Xt)KqsQ|B^DLe5spX!XJ`zk26y|9F%n4NOd?a~78kD>{v#D;lc*;-kH~noz}x z>AlFec^km85&Y#(zNu7`KmR+)!>BJiU0%v=XQi+>lDx|b+0h?s`)%e3cl^PTojYIf zg$6%a_q}%X_Zs|IUHj_Bi!JYOqemdf<+?@PGKc_%GMPMc%xRc?Ch+Y{wJrcI#k6l zr+B0|Kl~7z`oQ27jvYI8jH!nL9zJr!*1H=wY>2xF!2CjySLoZeP#GU0St(@lqWXUf zM}hC8KD58qi=roq2y4`+m{Be5;AIsSTZ;z?%sL%YRNp+Vp%3+9=^t(ktG+L4eRhAv zbaQ}xd$r23y$>C$_lUDYf3x=&m{A@-JiT`^Y+01lO6LL>J+apLaCH`mQ*FwDG#h62 z05I=0-;fb5HD7r>{Dn7JMV?Fw-{uFbfT}9mvrA%{0RC1ohD*yDQb2~7x z|HP3Qo{A{knl-u1IG|m{I@2YW$9B1zn99Oifi^%FeuX*UTN`VqXQtlVch(rKZ93}J zk3rK-s}Vsf#kKjNLkBe(O|s36tXdD3mlp3+;qiRV){WwKVq$s*xNYapPyLIMAVy7Z zRquXKeU3WsUAuj?3o=T3Tn9dsW)5VkyfnXibBq3TbjC)#1fSCivv;p zrl;tc?a3j}=$zFtA`S8EC1sH|r3eaj_UswL*o6yZzh%3OSbi#$rZs!#4#AH_xBb2R3ve5{h4M(IFe{OeCVO)ASAf{XoG ze!LbR9GIToJ-+|iZ5yB;nR}AH_Uw+{sYT0H28%6t!cf)7jtQi`7H9ARh)Lh}$)CZE zV7@%IMZR4NKNb#tJO!l_bx}}u(SRC{Nla&MXGtmtj}#zdo`3EO}X2io;+o>aDzie zv|3|f!ae1vZEjavfj*kqGhbmfIiAfpzti-A0p0F1qmN2Z`r?N3&yKT?Avzj5DeI%$ zi@H;mQ9(OW^YhQYpl)N1Nf&0VlwGgBs#0YsgO*2+!uvvts(6DLBHjC0?4l62s!A_u zRn?N!p@U(x>e|2mjvVdoX3)uKRlvEK5*Cucm8;b54JrYT2)6EPssy;M1W}Z*Lbix| z@#1%M=vHa>B__pRD?2}nw~~27c9(4Ef`bPd4xHZ)>bZPf(G%6 zON%^3S$dZo@h46kPrpZpCB!ZiNRC~~ks8TE`}U1nxyMqcS5QaFVg+j;eCVxLm;+&C zlMF;K)$MaQ>l631U*(c7;@h-6|8NbFTbr*!DIT0Vpmbp$Y#L=98@HQcZnueQlTj0R z@s}%VvD^RZ%MTHWXPm)yC>Q}Hp zStRs-dcPaNFE2c}ckOm1oBn%$KXVVvoxBvEsXj)06&&j1$zJWPYSr;)$ImaaS@*h* zUT2XN`DLol)p=D1)w_4?vFo2p_IRcH=YcxkdLTtF%+KE$8?#ie6Q>a~oR zfxi9r+s99wU>P92Y~W>hhA_94#3`E$i#F}o1L4RzFl67gUaA0Ec^AMaG*wwxm}jeD zf1q&9yjTpdR5*9;tm%M!M4B|29XPQ;5@iQ(`(I9}ZkcgF%WA<4f;(Gwt0r;g4z0Wf zXkB?gOuw^TiF{H>_LgSc{rM8UhEGy?ZT81Am>!ry*4*F`uQ|Jx9ymKPY<8{WiMC3l z#)4GX@C=%Zoryh?H{Yv@9#N5X-0CGI0+U~J)BL7A4sGy#lkhT43!=iU-Q(o{^27Oi z_xFxHuKl#B(3qq{Xy==mk914Z^S#Rt_bn_u&W`4a4iv}@XRlW@^fjGaVdjT|$6;pV+ z`zy==AKGQSaH&*A9K(vyWP$6d7@OhWRlHS_JnmbZE4s;wCkpnqJ4Y7`J zMWUGtC*UF1h;K0DOs9G31!C;$_YO5*>yL>s6Rgx`cK!}dO-{2~?YnUqMwFtO+)LjO zflLe=ES~J+AZaZunhTA^sR8@;bF(@ZUSQ`)T*gPvHNiG$i;U*+sRJmE@k#geN;lo~O|&8fani>+H5UYKqsG zy}Nm{P`mA#qD{GbpDAtlS05sNXFgWjdv@Bk3eTF9;5j#+UJ0xT@Qjg=v#@kXJ^M@g zGLC!rLuE*M{`^<(yknjBtyt?lek^^Hj6}c?H|WAFsg`$Ay2xY4kDfk#%DOd;-m#-c zEVbUgbB8k_#-LVY<)Xu^l@!ZPsk>Bea(}4j>O2~C&K06$UJ2ae0mINQzdUb=*RFjq zD4~5r{JZbI^EN{We5H*efz>cP;6+3TfCmrtKQ zeeT@3C}2>senE;^Aga^NpWwukSYVxoLle{|>L_YvwDRjQ*t#|PD@+ZSmKdmF6l+`f zGavJ;-bTuxWQX)8Xx{Ji5vzM~#KkJ=sW^PO6eVqJ84hZDczx(z4K7l= z_p0ujZZB9$^=F9`28a3ZCv^1CbZG_K#mFoo5By1PtnjX06>u^(f(?8d$(D!PSr_t# zfG6hFPWyDJ+F7iJp`FWm@T0)A)4mj8mBc7zkTOOaE4899vC9qB)Ma*nDE0F4L5&9_ z?r84;yS9ogTA^;%U$n;*6$*1d-=eqo%8$48 zYD@atp;EvcN0Cm9Q;Bomzy;UU8?($BI)AG}jB37-&!fKayRY&PZ|I7NJ>lE;&_T6v z%~U%)QbjB$`nDSxm?kHuOMB0CvC?TQWe>_5YptX-#Zg}EXo`opiHZCB#yPbk8(;n5 z8ZWKb0STeerCCW>wHNmw^juo&2Gynl#1v}tvKW>NnH+^LDf2f~@DBK?IiTVh3nZ_; zwBOl2HNGxk$AOLmJBtH!5qUnwgP3v9SfqqS$ZAum;WuqxU`_d|;3+n04rpFaAHr&3 z>cD;nL~!W6f&WXHhA3qyjQv0%;WfDnr^H9*+dXygkO%rE=BohAI%n^N$V%-(9xIwj zqD|Uo44`E8{``FGDv4PwA{(Vm8*^$eklESu1n0Lz-p0)l`N>emAY~R)u5hp1m}Of` z4u7IgF{w~%Y!irZRPYx-e`Pv)c{_Mt4ZGaC@0C1=O8Xq@k6gC(>Wo&mmAz{t*M#(+ zS$lfTso*l+%~Srb#h!3X0IY+r!Qyr2Pb}T^FH#q?ClXkB@8D^bOm=8$vfWenVYlno z_n^*@qks{e-*xIs|2^8!E$N zkZis4qmO<>DQ5YT(^F?wQbThp$^eu~i>)V5Ma(FD{mqiWUi0eJtJYpEIkP3DfaBIw zV19n$(BZ>$WOAVyXC_O{m#Xk^|CzZ&9TUh)@q+^)NTygRTuiG#tp0@==mYD!)No)b zo=TMR9pzqG9(HV#(((N2t$h7?tE3|R30v*91AbzH+AdtihH3_AZ*kPTjWgHqNTKF< zOUX#V2PWxi=ppZhD!=rJBnR}!-Bk@I@CCJxDKYs+(xTZhMxoL=))stU0U2eq8c6%I z!7A@o-BFD#~e(Y^_vex>#b7noGp5<~Va1p%O>-GsL>6yc%Zp3j^^I1K{po+=pwFx-J)DYfc3Kn`ynByR(K2HJ+f}as=OTK1 zl0?!=(T9(u@xPPD`uj_ZK^=dB51o8Yp%Wvc_7r`WE2~FOc^7Rkx`E;OOTQm3@Lv1! zpiA-xgLJM$6*u8f1x5|@)Ps)~+s}VgrCu!P>5m!s6A#GJFp$9S-DiYpO<;a}e1A6-Q!9Z7u*tp-iS2XB<0r3~h{P#hZh;&~WkM zcLYD#1|!GD;5RM07AI6Ve0f2+;J5t`6N>U!Ra#h(gz2h1f&NUjFdUJ6+IznuDiYcZ zQCh6r; zjwZZ1u<_f~@a>ph+70m!z{kTdG0_{ffz}VVhnCHxS|iiQq~(68ooCXwa%%>Lc8)8r zt2F%rv|-vfHwtIz*Q<3KCEV(FzGjSYEi*yG8QVBpBWNm&cLrP`I--JM+{RAMkS)e5 zH4v~@RD5cLQK=3i0x%w4MpL`>B${JF9^1m>(yU_Io||6URISDV(x4kQ6@yi2P~O(G zxr}I#?foU~~BJL7&@q zS94fTVv1oxW$;Sn*-<>I?}#>%o^Y=c^?$?@($a1_eEc)LWq_*{D1uk&s+L0JW3kGe z!BElQ5CeGT;0z&C5)9!!&fYB0EX46d3@|$9oHviz^+ZV47|Tb)(=kdZpe@V@(2!r0 zD){N>?@~Q~4yc41cgxS8q%Oyf104spgabx|v=)tn@0t2BTJ^Xd<{bJqlCM(qf--PI zWSV7Jb!K|<;M9cu8D=pJW-!7D8S^LOB|*@hA9jcCsOZbuO^OV#LztMLHHajS9}>5K zSq?(E18GA^OPP>12?R5us2SW~`b|730^xLiacOR02~}&;llU5G(38PB%D)}*=l1Kv zUsn2K_8fI7O|D5d53PTa!&R!Ru{C)c{`6jnDjkJ;T?JIB^8GW+7rO7&XL-lZ;KVCY zANrqkTYguDhiyUMAzh0D*$=wKpw+%Iz8%pEcksoCjz6m_2j#mzN;Y+g>1ulGAFNfY z(`+vZF2?pM#L|dQ7R$xS4E`@F}ozPYj zvn)u1#+vi@fB*NGlYajB7Z<+0aP@~D=$$PdGd8{S{iPp$^x^OR?r*>I&O21qd-ra_ zy3stv67-cT@LeN0QrKCmrgRG7Rzs2=z zDrI8zxSg-Oa#1yY+VN|JwT>boUPgjel6s`vymaXbUr^DIqFs+oPff}C`0?X-)yIi| zC+5|M-Q+L&P-0C&I(*w?>Ma15yKn8nn>f;;#iA|1u2Tx5fk~+HYipf;o zRiAxo&Dp1iNOM4#Qj77$m7Y>tnBv|eNJ;3U!Bh_*P?tyRLsd!K;rA)2wk;9WH^osE z3I@4@RR8u*L|%nw`j7wkz(4-SbHD!egN3DE|6l*=r+@zsrE(!D?iI>~oUzBzlgFBS z9uwnTO#6F~y^852%EQzkKVOYdJvQZ9Q5wPak@j9}{8N;yz8 z&tkI#ML@NxU1L=I+*mLJ&UV&IRrzUGn!jacjKvMCrp3_tgw1f%!ZO8r^kux;aNX?S zi_sl_T72l$z4p(m#~&+hnv%unRR2Y<9bH`5a%ou0oSW$j+U=!Uik65i`lW_ll3SCc zw}j2Xhwz929E~(iebPqPZ~?x3{6t@=8XbJy6hL;Yrt~)q z>0EdWPzq#Y1tbdM&y%B8@uWR|XL7f$KZ*LV`s(;oJgI8-Qt&5QZMIxA_pUSq(O?cA zIr857?|uC7$0tt4(F$SXvTtAbhT0z|7-$zxi37toD#;(f!os}ifa4e5xbp_fPHP%_ z%GKiI$MbV@H(b|mkah@81bCMyT48XYb73ym7<4hKOr|BO^^U zlGG|frfx|+Eo2!4tRQ7Sq0#b~buSH1nV&{)K)`VA*^`zE#I`s|Iefr|eNVW9MFu-v zv!1rUAk@~u*1fdcDz@iThWKDuYYzgc>o4nFHrklQc-%}MqEJ|>LmuCo`p3ZNbD<8NZLptgd~aV zMOU~`HrTu?27#3#%-9|*K3ZOUyfi=daB1J3UC|oZKkbSAr7PH0LWvyGHpa@ZfyuX? zT;t=rrtJgVtL4R-s7flbXfWs(B|{%9(}g3(1~O`OUmR-auRPs>L8P(gLT?itftsOV zrhX^pHN}eokmvD$lc*dqrz-Utz^fU)3TTbABcv)cYorYZ_G-(jtOl!PyKt=>2XL+f zvl{bSG3v=|eO+{faIfqt4$syk$trldw@TapK_%8i48R<6E9M=YxXtVJB zeAfDvYZy|bxyGYM`mwcuUiUct7;)~MPwkOPC)LYV;SDM4b{{5%kICbbyD74G$d(WPp+X4;8CDrPp5jB-s+YwN=)qh?L z5_tE)gVSQv&#a*uZpuCMKq2YxTWKutUAS_nRU4}3ld~&qOb<+q+u(O_YI4u`aHfN3HhQ7}2_LHz-DY_k z0j|7zB7asuGt|KsLy`|eyotxn^Cyx-{p-o$YG5H*19=lgC=IDDuAa(b>*!HGi=rmC z2z2<19m$7|KQB#v7^uYC@bHwgnr)!uH9}eIpwTIfQ0P7|&<=hLe!a&0>2X7MUOhVH zLTbH3oD;JKv$i2B2L3!uyfUqP8yV0e1B7kJc3V)QmS_U?bK~CA6{F4br^E2XRCI1O zg}?jmJDeWz3}ij^!i5VgIC&&>(IYQET&6zrih6N$qg58GmT7qgVvcH6m75;QJ_s*f z{LUlo9=}PnlYBWaS}kv^Y-cShKat?|0BHKGe>({Dz=0`xL(RhSINi4xluPAq!Ps}F z3RL88zrFDNci(e&N>z#~1cEtv@&x_6RM^taNIl7wukbA)Y%Yg**Q!Zf=>DiLy{bj% zMgktHX&w=bQMArL$?0UZgB=>+8XYXJB%{TS%)<68OW#I_n2TO}{_vb7b96d_K&kYP6 z1@`p)RwXoKv=#o?%RO3Vpc}0_+^_B18~T&nYf)&|yFZJ(fqimDtqXo^L|}~8ElxZO z{TTJN^vvWB6%^KdPL{JUJ0w16As((n4WFu2WhLAI8x^q*SHmXVVLN zHtC?wx*z(-==$<4|7Yp9?D70U#Ook)Q9N>Cvg%0iA%ceJ8G5_=aTIuzX{JHyAf2dH z95|6=$e##TH|*oXs!VxV#vroNTDDXQPdyWs98|-weviYgs5f&tu=>@s+)X;OQ&>&$ zV9Y4=w^MZRZEma%cl=q+lXlEg@+VqC?`mVys%*JovU%>!b7#(;$@Xv3+8Y5w?H?wd zdz^?0=GgILGncQJEbu(~?YG~Ofl1@`w82ZTF$cMD;o^7S#l%7HL3(Ee>nf?fovC(Z zglC+3`pjw4EV1_TrOPH4_NPg8?%X+dZePs~LTrg{=?NFTHDYo`FkSWsH*Vgv&n*oP z^a|qu*z}k#UAuPO1cyj(W|3B^dVoEqGslh{VTf?~@@4w~om}zNSKmO0685YBayBs_ za_cG-nH8+9em`9OVR3OmF`aawQ0#7NYEXTtX$$_$&E01~%lMVOFP!EbO_6{h2^iWW zlwG}&3I}p`U&N5U^|^qXgcYb5!V=qi%SiF*@cpliO;T(gQFN zxzcK82Xl|OtjHk~m|L^i4>2Qkcd=2Yso4!3SKMC%ti0q{d4UvB2?4-tm@xVn)Ow)mOitC&j9>{R(fRja;=_f_Ss!=@{i>M= zroT#V?$fPdg$s#_pn4foguTsWU8RpxVvJLGD{c5^U3y?t67SJKlc@&uX_9;8!e@E0 zSe>8q&$U32;k)8I{Fs)xG%Ow968z=9L11<7(Td4NGLUqQht0ybQM7yh8nzx9xgJIZ zU{kBM?%EeqiFT4Mj037oT_vBW4AmI#-i^khdQ{C(4O}mfV<=G}qoQi?3;u=Me$&91 z3i_Yd1FG!k2_LAj&iG=nszX3?)nw_)Z?WzxJM8FH>H^abMtd<-Dy)-}Ls*@j!WjT! zw8v^JFo`4{hp&OncOdd=aztAoP30k+^~&4s>NwDGpyNQtf!Buv)%kO2>XeKy%``Hs zF+*A5$0+iW!OT1*P|<|$-aR?7Z)R#@GF$+xNQ3f~k$l}LeiwKZDWla5b6=su;Fy}# zJ$c?>#mjf`K^(znoT3pAg>;um}(UMw2^f1ZEma% zZg(dZI+%6e)TtP$8`K@b7OUQ2lHn&v0D?f zGDvI;2j0B!TcH5c-afCWd76RLv(X%7B zR`TpfhA@<5Cb9w~xzLWCJL@RVciwr+66`nMeEZp_pYuO@N=To`#gUlPr{DO|k3O^(e*XOVPd@of z?w7Az<&g5-ci*=3E7j!Wz=(+|t08oeE?Ua8wY3;AXExT5Bu7nyN|EZ_EBbfpK{;|4 zLA}`2G+-_ie)!=BZ@>K(pHj7cOlb(r5`K%xTmR`BY6axzyZchL^rCdtDB3XF7siB! zCp5nvw>GbusK7bmBy($XR}(Drm?lB1!Zb@Sc&>IKiMqR%O@-^i4c`JQGqC-5 zQW|qgbF~XF7tFl} zk6-`AC%^q4{9S!aEFT4qu%?AQK1ZYh5?6ew+_YeI*JBaj1Ii-b$LtV{RjNc2hOHi5 zu;s}veMAL4^8Kqn|5d>r`1$|O-krzjl`RQEcY4j$`&v$yop#x-S6grIy=j<6-E@N( zfe@&rc_SfBOC!x7BtS@r8CHRWkcJV905Q_=FZ?$>NFXFMEk?~BGmN@lZ?9j~t9n)C zwVYnlYo>Fzo%|x=`@Z}#own0@bJO>#Q0rdD{ww~^q8*^=UTQaN@CT> ztiGVu`DF~C;m{n9j1i2}%DU9W>Y+6y8w$K$3WQEb9fGTQ0DXGNwzR!i+t$0b590FJ zxqHw<*OZ+5<)Fk=U~w22uTg}2{x5Mkj zByhuKZtKbQ?N0-}p}-qP0U}27?HNd&pjEO{bK|ycz0L@P*A1HswZed<$44$ zbV&6U1~#nF&|8S_zWZ)xS+sKJKI`VLEj>?;Lp-#W&FB6A&9Fr{}B< zmR4HTFV;Oa@Ml)lM9itcVNP@OtoL0s^2lSMsbO&lSoG1KfxfxH!3c1iog+|&A=XRz z?MR&Et{_zNIE}RYrl9!dZB=84dIGOB;Q4+rU z;E}k}je`5OIestCl~*9#Xg1N79Ks$gXM@p0$@?y`TVtv*+obr^ACX57N=2M|AD-<*VLLKu`MT`0){+ zm$8&Hbo!+)W(m-~{PL^%K2N8N8(P;yz#nz*-re|wNL!n!OQnnP^1=ZBNqTr%L(E9! zf%@vpuf1%bJY9N%?%ltSX0E_iUEq?U)o}~lOfK9Y08;EKYH=x3wB{FOv;v@W!OIK8 zYjpDDNqynWDabkqIL&|N>^TzGhfIbK0` zMPyj<={Xm(2xYx5DPzL*adTZWnuv)kUeZv@shRust#E24!8E%mcIWQhNyhW+EC$e` zm2;7lxGST&n-xi6k{}>8S*%##wPc2z8eL+Z=y~O1Iu-;QH>})=*Mj4l)hLRQ4xB^o z#FsOZ*hNH=Bb4bSpI|EU8j&vkXSreNiW!AZvK|hle(_*9zWmFD%eW#M9j1jmtISW# zPM=U*m?6u%bi8hE!XovE!U1S-u%ARwYo*?a6J;@Pu3I?6CKN2qGSkC3kPTggm_daYeXKHTU%%7lf-SIauIkSDR@4)V% z!Tu!(tP;3MGhIzf7Ky8@+Z1~}6lm>X#>j<7Dbp%3!9vm!-{LB3HpLnWG!$413M>i1 zSqp#-jD`XY1zsry%%M4vMr45bmm%nn=R79YSCTaPO4@l9jqoMCie_HAjddE^;uuWC zUu9Ie3x#9y5_0SF``h&86q}o$6ST@zH+JLZojbQV%U0hTg&qH6<3Yr#d)_zBHGVf9 zvJMbU7zLXj+?4icm9!J==?l2wgv{CDuKn+kkrCSiomM(G(7?cYs*fCty6NiN3ui)b z2SSxc(%;0y#DfQcMkJ((ohcHwG2M|n?TcK$zSXkM&We+tY_!Yqv}Dlsu>A=;8O~MG zoTwe{OKx}cL-y#=qt2HFftNcsIK5#X$3a%f67#NFYj#`MqO)-^1YSfG zPRDo2TZ)V?LjM;+4I16)gaqZQp?7I zNMbrXprqfrUz9oe z*|~$K-rfJ+VfT=>)oOO(D!0o^rYfw~BmB*|08X5PlHtz$=HM(Y<0+JkY9-*1hGEa< zE%xnm#?lX!o;%$Vbd%KL{KiKAe~szj6Kgg$w6*@7n#*M;`-o1 zTr1fxFalZsRDK6NnKpGRM)okfSZYuZIC>?BY2zK;CgSBIA3{a`*s18 ztZpk2O9sYsh6qft(OE3BGc!VDSlX5$3>%?BM~@v9w7PTGE-!_!Sik|WB~zt_@=QDN zslKZ)GBP3zqM{8hT(}?r0$7ijO!QIfFQl=hJV5HEw+HMTD+OT7GOPN#HS_m3PIMo9~k=x+=~=lS9d2=ox8Rk~~O!TQ_<-P2~Hq1|dbb@f}O3PZ(1 z*{U&)iEVM!`Vj2Rf*P`<({YwbOlpLEUchFCRWb%P^cv6&=12K44?Yj>05TR##3pM{ zd}hH+J8j`jiYA5DMOZ4XCUM*s&Y#;pG-OTm@ZqM3`}Zxz85mlGoHEXdCpCiu;ph;4 zC(;zEAUOz`ti^&YOO_Id@_oI8n%sGG<;oRh6fnLyt%qn>whKMqzGM5I-Mc9(Pc5Qh zb)QcmeH|*I4BQ6Owc@2$3juLLSFc@DY#A9qa1OLIz+LdzYn)I;2Uq{Q5!LD#N0db5 zI1;q5Us%|+y?+_lb^3`~v>!F~_19;vT)vWf&B6JxB+L;mmIwut29JPFP7hQ)d-j~O zuMuJYf&EkvCk)q9dr=%l7j=E^+nM*6_P{oEt`Ir^6q#7z%;A;(yR+Rh|WIY&P} z6Xb;fvx&A;v4S?0aK(Im=IrRDQ3L1w0qRtMDNOjCgj6~<`}5DgaHTDIX^tH`s#v+C zAi&8J7G4@@H8W@ss(bhD!6ZiE^5rX3`u&Of6fbr%Lv7x?zg~E@9{1?n`3s+Z`k9w8 zFo}1nA+}D#@sePX7X^?DSK~|_CpZFdVf;P?yfl@ShQ<=3;+3QJrZU#72{DSo|8k^4uQyeF9&ONa*(pie2tb{h+Jf`5N=4`U zrCwd56F3JDq;Nq2!a)YLgtbt^Oh*hEif&Y6+QEvvSin}(byXci#cJ{m%rb%R-%gXz zE>J0b^Ds0s60%o7%%+Kk0u2Qk3N#dWqbOi@V6j-Di5z7Gz9eq71c;euL&PWelmbJ@ z@#%Uw!#@3+-BZv?nv?t@;pFw4(LCZDG(p@AoKTWf)y~ zNvbr}Uo8bb=Jvap)^4Fwtsye-16w{9FJ9t(<}$O#pxEj=#lL17)$8)AmzQ4?%iat3NWYY{^Qt5_oGpj+ zoh=E`TYaNRs0d!vM$LxUsScP~1ZEk(@&82ku&)I)+UX<-&yD5m!jg^kefrEfn zD7lAr4R;>X@QRj48s&ktmu5r4&N^qTJtRZWjq3W{ry7fkj=Qd3L$3z1F3>7us$AQ~ z)P{|O$kJ+XK!;4h!=PbBu4gd)XUYP9p^>y<# z{!{TG#c0$XVZ@tkjG(mk^T0$~Ht>+a{-4v0^dUs&g$DNijXR(JKR>RfxBvEE9{AON zHXvmRip2l6MuT&t>Qo}rUZ{1b{{-~~r$!S`}5oo^36lbqS;7A z{C52KaRz{6T)mSfZYgc}{eArr-o#{5k{)PP3vn!2FO*wXnHEIvzkfO;^x;ECw~md8 zti5&a+yylVtR!Fbm6)UtKKP#V_I$=c5J1(p1UP;AB+#m#J9kcum-pfvGzibK+1PlQ zoSqfoK8opkmWj_(SRiQKA_Bt9as_}bg(;THk%5dl)}2KQoW^eM860wud~2O9rr%!bqv!U;-r|- z;!w}!4Vc1~XMJ0K$HZ4wZu+KtOL5!$0~2CQ&6_sO%x#|VZpT~<@oGqbC8UzjFh4d6 z_nflszIx?qis6``w_0jxlxPr>5esrr?ML4gs{Yw$pPf5*UKvq7fRF-ZEVuXU*)3=r z|0@qZ)$m7u^d}3#Nq?eO$QJR1m6*ATdy&iKKS5+QUXeXKsTPhaFHT4ngw5V1OXYHxoBwM z4?cMRqmMqM=sXHv&9&?2&YxEu&NV1%@Mvk`^UuHd^FRO8n-XF!CDr+<9OhcDD3~>J zT0#3r(J6X6!zlGmd6_uvlHtC6o2sX-RWJVuRI!00WAOuXaU|kdH`gb>5v04zZ^FId ztM?yFMkpgD*c65#{pqO@fn;#_{5&F?dI%J;VyKz~8MQi#6vkaX=Ku=0B6uu?+cR>f zo46I*XbyQzpr+0}d$=F_RblNLYgD>>@7~Ruw;$Yn01Zu;xIykfsGHKUm@KU4RcVxE z0M_g$+omG&;X&8!5{4b`!i66I!^A|;gafXQ*eSw$c)G9$CSluP#r^yD60VBQTpgG- zE@j#1_y$alGhrfBlq`h$?MiqM!{c^JKraY;At8r2q+$$H)=!*_b@Spd`T7;=#Uso@ zI)rj_qfvA@bA@KpcONC-n+20XBcZo$IZk4NczPYeC&IJ{rC2QI8|-)Qj)(G$lk3Q6 zVrE8erT86&R$5k2p~pnw=Lrrit96aZ*MMs%&`_YEKtq8ym;zSZ)4mcp>utETS#g_U zbk{`qXp^J0V!oT0ngw4b<7nq#7|%{Wjl&OOj%pn}u;vsp!P<*~01M4WV{YEPuem)t zp5uEIY)gKo*ob?rM&_DR=GzT0EF9)pju}p48u3A3gH`n!yM{#;8wW4Af4Qn=nnDc) z8VWp-0!`5B6G^jv4`@uv?#t*HjRLo88l*jJ&=3<_1vaQ!W z8(_UazgoCq%%o}lhWBV)@nn-lf7U21 z>N-27_HQJ9H^7}IDkc0lhpfoXD`%@&xN08laM!sMJe3@8$}5vb<08OkHSKJMc^gzd zs+pf0y;tP{fw>)SP54kIx1$JAXz+@15JJQ2>=o+Ad6!;4Zoh~heY`o8afFf$Y2Ll- z*Js7KUO0b&v(MH`#N%$;DkjC|xLt~K=gtd(1>e&=^CQl7S_V)Pk`{aQ);G~2MUVBn zRg$c&v$$n*v8CjOKNAMAbWG=FVY3Y9wf%|sWKfGbzP6A%(AE!fr-{1JjkZTPcI?EhQe*k{(Z~vV;fA*96pMEOl>(Bm=fBdU|^)FeW@t7;AZaBZ~xOc7CbTN)| z%|l!DNWsmUW4qC*Qj)R6I3ly==3;-VC=k3H590&bE2r4N@60JtveJW@`A`3^|IasL z{OtYU!{Pt(zY2tsQ9;<vI?);gPVJSUK|2w-7zmx+}`)GLh%?2Lt92j4Pt1-B`d` zOr86PYSm1UT5ip}#;v1HXQc%CYu9W|Zs_RYnMo;uuz3i4ST&%DJPgPL7PDf7I# zT>#_0({wybfW<=9bQi*lRa6495C&Yu0=vw9$o$1iV_!A&S>%S`q2j1TzCs`TjO}An zZ1bkcX>Lc~r423R|I`*CjH-sfMaggv5miqGsMtFb)-}){(e{evlh~(=A5Kk6b>k*f zWeP(waJV?_^xEZ*CR2HWs0-?j002M$NklSX+J}d{U0YFZt*IZOv*rc z5ow~JEFakOig}sK!o=*kZ~s0kh~vkP4-XHE;PlQ+NKlwYo78f|shf;C+Gn~4*CR8& zkh00C_=Yv>T>(i@jy->09VWb#i=}`AS=mUI2H=ZGP$tmoO5$n6u0e*{6Jb-Igib}V z!0Z>ppn$_)Po8}5z4uO7Ai$?nTLG&EKS?y;SFc?jSvIRi4{!wVxL$3)c0 z)V>?d>5C}5q9hHBW<@$Bv|@2_^w_%=AWDk;&HimdD=m21#&8A5o<-1QGEbI8qd3QYOF3kTMV)qD%l46Ht5Z z?71(#_(Bto#WVCZr^m|Z!2^B+r@)eTUJi%>NVAbdp!86S%mR839IXT?V^vk0(Bg*> zjpU@#>d9>OQ#BstkXpbT0}QBFkdWOvk?M02Eh?cN%xO{HBnbjMErWyHO8v;Cq-b5V z5~Nu4iB`wUnVMd7Lzd zlAs9!LvuHK_xb=%oK}d=V`DeJ`s(YS|NKj@8LPf`@1A@od2erTpO9HjA+2DZ^cRJS z=0}1gy`(QnLQK>8UWIXy5Lhu}99?Dv9a0@%UA%D7LE%OjGOAF{=DY0gy1RF}N&3wD zpwff`fGIqQN5`Nl;s;X)i>>!YtU z#1PlIX^UCl8B^`!K)$m%_(6)%H}DG!>&MnjW(o0+w?H5E_VwZ!(t!wS zkqc^+n9v^T@b8h+g@rqwhMDJsOOLh$vC{ld-E{(#nA5Vgvc1SS=`MV6kr#3W z8LMDIu2U>qwAI|Qe!aj?n7lx(rb)-_TZIpxe}J9QKD>Gy4R zZ2z038~U$?{#c2 z#q=pFGd|k|BOJC52xK)SFN_?U^?Lk*DE+)OEO7 z`<=V@X1@Fip=@P2@dz};w4bf@Yu9d|8%Mkk)j3{8NNe@zaZ!y0l@(PwC{e{Or`_6W zt}B@D@xHEc4)oy9Ynh^LXUJ!c#q+GMs~rRQxR$FuO>M1a_4r)f2C%xY=8zvp1M`qm zbaR84SOo#yNYB-}>cj!BTCWSsuuFuK^`cU>YmAiOla|Q`tx+3)?mg8U(X(r4)5vKk zGI{*R#>UQ^Ib$oxQ#tkyH*eW`f7%ECwjBBI|Hm(X`(J-FF+M#$`NzNe`@iy6{&^+9 zhXy!Xw{C;H=_O<}BP})2=}we*;PB9h9g!4MODZ(#+%x`p6}aM~#A7MIhM!&Cn8Uy+ zaw+|X|KRtaBy-dD?H~NT|E2GpL+HrKpN@`2XsXNi>9}om>_wtyO614qU?4}(+abVZ zlaGK$%*wv~PFd@7vZD5C%OG|Rqw(lubfW&N?to+0Eq4Vp35eD!nyq_ZIO@g6M<5bl z&__ZXheF-FId=ZsIV3%P{J6LryXH=5q@W%=d?4^oQye$I7K?~>h#hICj%9$0roDj- zIqD&z>!Mu9NFgl0UIGouMY|D)r@UHm24wUv9-wF7^wd-$pGBJTD^Th?PM?rF`}7fd zvdOmdwXwS-0xt@W$n#BOTRCDTGIU*GET<&qb9SkS)!X;(lSF@1qw)?P9qjK_KpZID zFVkPEZmLR*jl;pm?>^>Brbvpz*`}svi8O`h09QZ=0&Z8Vpt&hYQP;csJd9>9V@Vx{ z{LVX9wP&C&v@#haZwh!y_Lku(pXLyiJJ7dnXrLdS8z04&j>DNdN6p$|5AP@O*K0Q+ z^sP@J#~xw8q-7ErRZu_~*k+WfxYgK;RUTNiIZtOO<@^+;M>hHg`us~*sw5Ic&}tm8 zy#hxr&H9e>=Tc&<@T;NE3PkD3S~L1A#QEz2Kyf$=nHaNs8T>MXp}89~X*vImKyc!w zFd<`@i2nKL5^MRYwkHP>oF%#*q>6k8C`vzz&^kAuT-pJF2; z$Anc?WR-;j83$Z*%)E*l&=IW&tJ0D0fB%=QXuwCqT3>X*48Up$kcFz_8)+Yl7bc&u z2Khhu!S_#{I*G#7g(%%lw38+@q_EDlvseB%NK|Ic%FiQr&G@HC9SXFi^fV3s>_QIM z8*k6R5;Y_@kf+S`#RMc+1tsO%pR-CZp*)$KYe~-)TY*LzhaRrIy~p0yX#_BR;Yo9` zj`#O&-L@h8&w`N#y)5dT*!$C_w?gmf_#h(|RE1F78oPPs%-4VVCx3eR@@0&P)rF)J za1un6EXhSRi95H1H_Ze4z-J+IIYu;u(G#(ZYrG>!adPrLJz#h!93{!Jk_2bxjva^I zIph)CfYn3^zNfk7dMG}9*X~^;T@VrJBH9qJ(q|Yz;L9(+{MpYw7q zF9HrR--svL1DSXlPBO^zT963TO8o`0V@UC$3DF2d( zAp%;Bj2!bPIMr$w0vs=&e)?G)<9hir9}dTkc1x3YnxnD(S*nZrI)DD+XP^D-%$c*) zECtI)sQ1rUd2Ts=iD1*G$aeUMlN(pm&GVo zq$!gcK`LZ9Pk-d@n-f2eEWSCd#Aug46&(G0I}F&B+5`ZB4SQ&MS&v&2%?3Z zG^q+qz)`(3BHeTfecLuHI{BJdKmDea72y*}3zMzk&CsodyAxAX9Lf##_wL>K9A|oU zdhs2vEwK}0s=C5=YZvKCdJN=^@>+l{}o!&!9aRR zLY6>zNnYzmD%p^OXsJmJ1sV!86lf^$x+uUi+0n#hpTNY*)H>VDQ&=g(8)G$Lb^3I@ zy`ufIV%K8wSqR6hr)DDXt$kUTCKhv)hde(S2)Z~;#GDc3D`(Btr|l^=HnXy)IuVqB z!-|+M%TyGe7L$qFvWLrmuAV+svnjuvf=hqD0DY2)Vrk~a2(ygB$GEz&uEtfgAPT`* zii}?`fX|xqb2m~AKHb!K{Jx>j<232cc^Ue2!}CTMj%sQL_;G0CNGwmUw$9W5Sp z)8!Jn)xDWDLJ^wsT{A^PpJn`jNzA?vb7!0V$3wBw#QF@jeBQ^}(2(c>fdhDTa(eFJ zLYyFC`(GTuEAx^+FWTRN@@c?_a!3ua_8l^^Hezx$p@@Y#Xj8*Sd)i_p)E_HcE|!7-aBM~~uL zDA{l3Ntf>{Prw$cjy|G&?c?gEtq5Bk8tjH2Ey}x#KGj&*VO3cE6$7% zo(o0a=$yQN-*?S`wTCTY)y}a^9s4WY&|s@+DJd2-41?N2P7M0O15q+^EZ3sVbsF_< zY;xX_p;0>r^FFnlpQI1ct^e*99ip2$U!+)y*USDwJxgRz>=8I|;=>s|J6l1(4icWQZ8kbO zDofY|R!b-K!1$C>^N$X{d+_i6y(_=-ZvZ}VE1Pog!)B@KC@u2$laA5XA&~2DtLx2iVy2QSN8|@DCwV{XOtM z{7*J3W^dng{taCe0o_qD5(MmLjNQ0F@Xdtk0_kkV2x0XBM;b$E=St)eiI9}k4Po07 zTj2DY^N*a$ER!$A!ALT#Q-QZf0K%57@kusuWYt{6ll5$vpPiYUMc)||mrqElIfDd$ zFpQmzNz}e^{raVEzPWn!Dt@?h=~5h%8>iRAX&LUfZP|p(0nMAnw#?1t4>8ZiY*%F6 zR+=leA@oR`+@pt6_ouO#E(G!8KwOpLW2R_k2-MoTP3*4tW}OZKg=7V}8+)>I`c4dE zV^1!#Cxa$WwYPCoYN7bPlEQZJMezD-!G%Hb5LN7lEF6Tw*?? zjUPVDvzb94I%2m&?&jw!(j_y4Z;7}GoIn93AmhF>(}a;`05|@RS@L0=oC+A>1ep~Y zxTR=obZUCWC#WJqG*493s8*m9VKk5GGsUU0(q)-=1`Y)uG=J5E?kMM~hYARs< zp-R!xHbA-Z+Mjy`1HoiGPwXa}uQfyj?mBXp@nnZlF8)I#X5yorN^i1QX_)D^Eb z^7{<_d|rNT%0FG+pPN1*50OZ&d2N^APA_-OAGGga0`rQ9OakREQxwDS?&}Oqa^WYR zve|ZbZ!ZIT&)&V0_u0|+W0K7`b8N{E4h)L-inW9Cd6+t(wg8Q~))%{Wng7g*G?2m( z7{r(IFbGF4#9MQinER4~Z96S{rZBXktB54r-|5{;b%bUH*h&MHmRGileg%BygcX2MyPv!KWk+jGI zAp8g#A}N(TcwoP9MtzYJrhCdMw}U`QTF6gm6HNCC1DFZvq93U~V*wjjVWwPy)%eym zESD6S?#y+)H^vl~P)<0PGW3cv%(+=m3`uu|+hOZi)1~h#>_cNS%tb z9}PJ?eE9wMPg9TLAW`p|Z!U2n@jSuAm8%Daoho$$2n}pq_SIKk3o2C%90MxYv|ccV zKc1<=U>XkZ2An>9%2lQzaMclz^--sk$3?C{IVPMZ4U>4}CO;xHg&_~Wa|kJnwMW$p z<5f+(Ay@s9bX<>2A|@T7Y`W#wng-UaM0tN7!gaHs1^*CJc1GVqo4bH)s z#he{ceFCJ&HWj-@UQ|>4tNZAH%thtn64=tQU&R3#^-^VfhBcMs>y*@d zEXb|IJ2=0Ly_8c=K&p0QUJRE`cvq|q%_H%sy&RS)G3w;WS9eX;`_+0a9n6F=b>)&$ z{wfnpVnv&lTVcCa^wHh?Tg(1-=&5(#P53w*$741(hMT=&rvRs~X1H-+(k*#0D>U>h znyi&PHuU_~&~r5c^)h7^odPcdrK$T|6fgl>=5=Q7?z*WIT@*2I#gm*9oANCpHS~F$ z9~ONNd9qqf%%uUlS!>PjH6&1VVp@Dn?mpg|?3sw;tQ;b>fA`Q}|6A##C>PS2(`s!2 zvhVEygXv~%Ar~}`Gwx}7oP1S$g3eK(tjbfSfZd4U;ln3RoH%{@lwi&7cvDXi(B_1? z1%%74VDc*39I}POnUx+cryoVKe^aZJD(1>NX4{p=-yRY#xDYgZ4_s+jx}!67+zu`! z`4nFmrybnX@_91V)h!E^KV4l8N7ZZlL63OM6`Pp2UuY=oC^XwDb}V%B$dTbXqOyY| z!=G;UpT!Pnwl03@mwwSk_?a_jZA;jW5}~W7$}^I6&=&wbbzaMf6C)pd@Bsn}E^I>! zMbF)8!#E-i+n##(LeHZ*$rx2z$5*ziy@G#}Xc38yK0%ZAQMK#dw8k>6c|)A72HMc$ z4ZP~c6+=FSkzNc3kb`4wI&wp20C#6(pBJEt1gaPYRs4jrn{GJP{g_;iV$~fkV;qRj zd7$m~h=BBkNv9Xfyf=RD^5|uIcz$9tvPm|4;%v$(f8ki)xb>q?4*c!^=K6p9Hvzo* z#YLbF|AjcCODopATBdgd{BpIIw>`%ybdjH%<{t>JEc8$yO618#ocBahzD#hS5nk_j z*m_r0r}*E+j@Xlm!s+JrRPfm6zxU%CUyW9Oum9+;To}JM@K64+Se8SF;=r3CM2L4! zkN%Ec9=&_-uH%h;*U4Y;L&3vLxT>ijsAK&!|7<(uU)x9?5|wWB4H-RG#K>k zZRePV)2YY=yac&m0YgezT1p!g0=-|W) zs`Ah~PHEaZIJ6y!>`(hn=7sZTp$Ju^LsbK<7W|D9EouiHOs6`l;wVYJDaWm5Y(!&E z7Au9mJ%Qsc(yv*0MK?OS&zsJujAn{(#$ zE?UZ6JsXM+pq-ow`&sqA-sqGn5tuvo0F`!aAApj6;ZxLoT>mRC6~Jcw*wE+o@&g{m ztvHqF5qZ(2Wv;`D7Q}FF+PT@We4(au zcR%82B5fvl@%~HuGpz1FN|PxLhXXl~Q7+y_i!iUE47+{%_8k^E3M2wyfx|2irXqT` znQ+A|1;Y7?h?d-B-7wd)A0ck;Jjxk=kLg~A6eHW_U#3N8YR)Py?Wm;CAFY@JT~u9R zR!Z4I5SD=T2r{(_@KdBz(MkvXlwSx0@E~BoR9?i7r9^cK1W92fD^zZ=N>p2t*j&}t zlH4c!Fuss%k)T}$@Jt$yfszziLw%JRE@1n=+FV=s>w%P~#Pnrv zfB4}C-}~P8gs2J_#r9xX+F*X-Ad1vYSJyXKP;p;)`Ia?q);@pk9Q$9e4p1~xt7Nvs zEEfXK2_O?#A_kP}BD9#Ydk-G6zCUCrZC=JPvMdB|sofZ})MClgCn6v}{`lkJBg5+I zoESFH2KxHo$!ITV1)nC-qSZ>ZSek?;$c^S8j)aTsC|7gwesH`#7xD-~SU^cUx+TABCLJ{eg!d7{3>#pUIh*JKLPA0X})~=nrXWxL1iz-5~ zyL7=vaFY(FlWiK9e*W_>MYvi-pFVx+aff+R*DcO0 zjoIDC>%KPymD>UC+zUnxDRg`pUc?9k`;^es)HG)uV(Jv8-Me>>@+xNa8MO$kIgb1g zFa$v#<03~zV7>cMlb5>7TEW_gj8N?>=?{(CowS?Y?-UO|Vw@{QPEj{2y$1W)TpmX` zJlKR5A~UYv8uw9!Jv#<1g5r&|$NJLUujam+0yv5{3@0$JIBflK=s8oFlEI2@9}5({~%g!CN*eP$0Y41TPc*r`YuC>eXv-BPkd-YqZQlFf;^$ z@-zuJ<*Fimd0M{%!naYdXaRXhdTKIKr8^an!iQ}+Jbaio(*^Q4Ha3Q^#9zMv*9wIO zn!*s%L0H|qd5iGs5j9KMf{?+fF)eEA>ecIBMWFHc&A7)6S*@C@x#rqXprJrRfrbLF zg#un0@>M-{S+yR9bi9Ngs~+x}oXo;SWBy`bTSPnw$+E6i?{DnDF%1=P2HV1;+%@Ks zHH|K{Efap&ZvL;jYh}M>>(M(m8fBV^TZraYZHaLO_vN?z_<`q5-YZp1{9T~`n(fb` z-ggv*M`0b1-7jJ0kFN)Gmq z)2hxNgm^FJOYVz74Debi>V;1d^MzfVUh57r&TM4k@iPp8>#ag>N0jy7MgbZSC5po_2^SoVGZ;SN)blbVN7 zD;;*#Bc400PfeXrg)f`yjXO-!%6Q7B#!F~NCqg`?rv+y1-5aN>bZ~G3f5%sh93Rp8 z)U>bhc0Y{R7e_s5f|nB}4pQ~lju$7RO%07|#g4N^_wU>11A+>0$=NYVBx7T(z`0B6 z$5_}8w!NV*x-Zm~tC5#5U5#NMYsN>NJAWw-@n%Psc?6iBg- zb15{60-Y+a>;@?$E4dn@*lvt-G$XAO4v0*D6>v?jc`L@(xkj#`CEdqIqFdeZ&&#(6 ze+gvCu1Uaju3khhy!e(O;!95=MW;ChVzg2@DDMUim{2Y!vItC$X6|NkegA$$qVv0# zgBvlF7qsg5ClMNb{R2bWx9|E_|FvCz@<(_6!QTh==9$Zrx5tnD#z&;DwfK$@iG?^i zBo8c1XMIdT!5*9Dd-)+CGwRAo}i~dMr*74ShnIp0FMX{o_&kITD7q))?d(S8x#3< z%Rv#x>HETpP^^MGg{^utH8VRtIj>dG8~jk30x(dG`r(jerV^l@Z9O74I48*hY~+&& zMcgRgQbXBsFd?Ha9Jszjsv%v`M-Kx}s+DSrBV*&Z*3fDlJo8vtKO;gR&fJO_0F`u| zDo|a#tN__^mPMNx;0umOTu~M9M@Bo@(U5Pmid)Usb%q9d)u~q0YUH;_*T`?N#GA$s z7?fC-+&#j$L?k}OWzYy&#F(0)%vN~`;nNFNrmLhc?A^FBMu=7!!SQcT&bfJ45-0F0 zwjIKd%M{Q_R<#%9HpY8i_22vhC}}GsJ%loo8%krtMr}Qsht_ON^qczwSB631v-BGH z`!57uN;Le#IA^+3StjU!pGl^Fvs`qrD(26)Z$pp~*0uD67F#vKg6xh`ZDohvssCFr zV~Iq)wX97v=oD1leGI`fQxx+56HB77lPVr;p+952-vPTydF()5W%J$>Hf@_MH8ab+iLM2a|GJwDO1^?{i% zWH9?#mVXXzTsrhvKE504QLrfcoV9=Fwl6UBSi&DUa)f8V`zWDX^2}pE!YaORz3@QX zOb4bLU`^4AxiX>UkU=scyd5-8C3Vf(Y-w(g5>KuMadrF#o)$E?l6s+2w{G5IFVHYb zigeU33$D9&=TSZM_6A>&&(7+l$n~GvH%eh1hOWqM0h#C zOp%mVDbTAVQq)b#Yedg5*l?dDN{C3jZ~{LL>E!Muhf;?gl*lKTB4x z(34r}NCCA%Hd@lKIPOnJOu4W!aZV0IRmH5+<6{s6NqO5!m=j6!~JU{BSOSW(e!)$uSunJ8xUeVi397+z{HB#EzvuF3QW5>jh z8OO<~=}V)R#nwSgM6AH*p}~QpaU`&a*j;VUQq2#m?S31jm;JX0=vsh^e`??&rzc*h z2nphC3l6u|QAp|&bIuGfajqoNkEED25OgM6Es@-wYypYZToD*`(5_r{*L(fDNXC>qgpd=cK6of% z)r|#?9t>>Uwmydsbb9=)x-oF1*wxH|RWK)(z+i;kFbmM6jZ+3aj1&XCVoHUBt9=p6 z8^>w^q9FDF(+$2=*O2k<4i5_q6)fwmq=#HI%9DMcDs`k5)(nXyg;Vaxp_I6#ffU#Q|)p}YhR{DOTC;udyZR4VL6JKth7i~b|B2n?XStm z`OtKii6aCpPAuLA4(B=dxPFP1_ej2kN_tma1J(^HnV5LXAtQ(Kyp-QMQ;aIpI(=9n zutgsLDa^0GK4bEQkD1qYfXH<(d-wH)FODPKBNQ+wgj!EYcUkkEHmRXNLxF|@4Fz63 z1t@06JV_fnOlB%+sKSu)7H!2qf5E+3y+X?d0ZX#QWjdZ^2{rOa1*H`^wH{zmkG@9 zN3DeaYq39HhCa*a|1H2D(->@gj+ZgF80FrrVSYbzpcM$CeLh?kZdT;aZvlNebXXJl z`u6cpL!VXZlMbQQ>E<=W!K_nH-XgHHClkQJG3|&)gzYUuYRf4ikg0| zW)PXHNR{=VHkh36Cr+FYJ?YpIerTTmB8!a%4l+-9@%Zo3!?oxT zf$7b1IU^&-tU5fk8w6B6tt%(m#~*$8?z_W$XGN&)r?J?``sG&P@v{*PRrVFl8cQ0P$J;$Z!yxy?ISY1CX+0V# zIu`MXyi|jzn;7*aTQp2qNH2f|O3)Kptsl8Gp`qe56w?sit}f_H=ESsM>-55f3moma zi)V*4VljEc$yX(tQurLogWHD=9y*L5&Xzdvcm6v}clUpfxYg;~6K8+#&yM~2M}&*U zC+vEf%l=l>FIPuk!m(bF-zm?^6x+Z`3OcvU9;Xskba)(qBwt;aAe}%__jnBD?q0j~ zlmGLd%uK`?iqgVw{Ko#j`L_;k+^E0R1@M!)!Hq=+kA$o0i%*4;JDIw9>C!iR=zvSU z2Wqn*TnuqG?F@GV40HaBiOf3}gjcxdK>vV)j`r>g^#wf{$RgR&1X*C61#<_r3rA&qO^l>!8y9zHK{(`oT%RYH+N&s=y5>?Ub^Cq*`GK zh$h*(d1$b2XdvF12`7}e+jj66MJN0!DrUgF8##10@qwpi5{(E&g}zqc%vgXncc;B) z-PF2ksG}52y`ax{#pK_u079X$qluB=EYBHPgm|rBcdE_TNH&OT2d0}=ZkpD9W|=6T3dD?A86jDbne&~!nsP@|3q!GYv2kG`DOnE(ozSUB>aYKacCwZeLUd*s@a~_Uwfj`r(e4u5 zIygkWCoO38&(gY4bxGasmb&ksRZ3?E`?eZ^dk?}|tEx2$es)HomH(K%5oOwluBQC+ z!hh4sW9*nNAGIbX{uw`mBfC<}JWI!B_4Itx`nwFDl(S&-oSLy7w@ro{jV8&$H?o>SBf*EEhm_2@u^SPBHdx^PpCi!};?UguOcES#=>e$B!TP-YG{% zK~umI;N&95OrbnS4a|Bw4NGEZ$z!KXf7@~~A@l}@EjeK%-sg=ML0WCe_h`tp9JOwJsxCxc>)I^_#6 zPB`=R8PKqSp%F{^Jr1l>Cpnrd*_Je(RP=5kt^?VK_w~i;gVtOIYk2tZFa6Rl2=FpF zagH53_O1dKFJ8QS*%vjgjE#-qSeT%RmD{`JJppX{^ ztsJaXJVf+*`+6CtVr@e>)9bimd)|#iUUY~c-HdPzKUeQI+-g?Et>x8m;IWd5c|o&C zk#359LT8~}k5=Rv#R#A;!dnWfNUQ)ybCLxgUARY~%*7k3sZ7X73UJQvGFu{%s4vqe zo$e?mRmHU}Up;a)5!9llNPU-QqsOOsTHzWUOq!c#Qoy*A&ESfGeqowe&b5wQ#cv+* zQ&p^FY0)PE#Fm0q&z?C;OH9Ubr@;U;w!t!MNTAUJm^oiIh(}{%H_x3r|J7GtdrQGO z?%gACr~zLMu7;0>%tv6JIdfJN>7L!YVS?!|UbuMv!bN(+#N;PoIeGHEToi7ir+)I2 zpAxTM_=Qgt#@1h#6*Tjmet}GcOQFG^1BxRHRr7mgN5!+YYd8Nk6lf^WP@ti}YoGw@$oKS^N^ZKF z50h_8TDPWzd{B?6dM2FJLmDsLW|6f5oB@ zS;B4%7vzIDz^1rH&iWv_^QB+E-Ldk#X`8Cwb%JU8Lhk+z^C*&sFU;J0grtU4(upe$$m@An}ny21q>a`qKiHzHR^Bv4k3WNaK-})_!#ldUAuf_4!I1+{sRZZt)fd`uQve(pf@@y%Jh;w59*grICSV8BZ8`f zH*aF0n`2`Rm-Q`Fnpt^n9!MKUt%Ig(`{?Wa`+Ix)6q9r7rX7yEH^y%C4-CBX&f#E0 z!#3YCHQ!u&GDkB;w8qsC`b!h1^6F88|7)QSm6B>EHs@>--5i>PjUCuEj_o3*%CpvaeOT0 zpspVZAR~JLijZec3;%_QkiYm&ISOR>Z?qdp)kc0(0R$mxxElQsq}R`esQK>-tz~|d^b{z;ZQcu_jzp(1ML;hQkJnv*nd@gSWw6 zHT*ZOd{V;{g1a!J*``I3u3bYpxIKIM_WJ`L8?RzX!)>zG)0mDOh&Vex=~Ppv`aIke zQ>4j~+X@kCf$(JhiIajtYNZ})jatjF`6Wg#_zeC!$w>bjDG>l%nv%nBjxFlf?s+@;deKP8=jD8!{FrEAq?zE8O5lg& zM2Zvs9Bg~((x^C8Kb?svYRY+syjjD;hx269od&`Zudq@FwZ$ucbLo;H!3maTc(UK8 z#u;mQbmHUq8+vNK=jJVo!5RXqMe92yPo9hq1kwL|P*!k9j@)_Y(4lw>a^k*lWHK(2 zldA`tc`Dw!Eib~a`6;Rc@F{`ib$xYsxg%BdC0 z$hMQA(8F)!hy>}o)$8O`*v6zU1Rc!qGzgU=s&n&wA?CSGXD!D!LkNZ7LLNWVUa_+v zs7@kEoV5i3a#V$51Wn(Xo1LFdUxA!VAysY^!-XLc$&v9$Ry+$~iNDIo%y_is<&!xB zY^KtIf+C@96WnU%(NHy;Z8w+IQ2+-@xQ^UOl;q~k_l+?3QSlxyZZJ<@-$PHkRb{IM zRL>(zRp*%*;^lrQ-aX#s<|5;s67h*S)#Yq)P$*F~fO(4Qjrx?;2%R^BV0fGlrbfM}Kv<3+cS1xQvrS!m`Q=w<&zuF8 zFNg;TaFYv|+UkZtUx|73dh)q*=M|<~l(%dodETFbj{*_|Byy*Bv>a*DYv(=laZz-2 zb~s|f76Rb#G672}<#1tfE>U6!4zxaM1S|++H^w-`%tFeXJ9}PtyfO_G(&-Cdu`0>{ zoBFn4@)qAU|1=b6D9}*g6;q%LpO_bH>6#?nl|QpA6JJy8`er8FVl9@_nTnFlnX-&t z*j`F7vG8GVl`UjRC`G(#dVb6!-7UscnlxH-`wdwA53@90sghbBi|=?Ove{=`vOD3I z_UsPp zNU|csQ1`92Jo%!0dT$W@pU~gew%%#*NsaoQrT7dpBvz#&FqlRaEqnUHSS@>^ii$z90!5|Bg1&zFFV4UIse!$_KZ$c+xciux)z6 zP%GQEp-IJc1zBQwQEICtHDSDEqO7W_kD+hvz)-&RJfYR%q^c&E)&^eI48MJ4Rx8y< z)hR&h8L5*G4qsS7PJG%Mfi0}!gY05XI!!-*(~X#?xmDo>{nm-9o@Rkgr>bwA&bHxY zb8@3xM%CnlXg$JB7UGl+=tLY(l_aUxF3niFqva z;;YB8^;J~zXmIdpq<$`}LFP`?7Oy(6z0jdi?IFVRd)y|9BkL| zBXdUAII5^zfzp4Qs?P7+f8gMOgNJtQ-Xr+SNRz#x-~P+njtpP=xBkY4$;pRv4?h2g zKfZJE`pIAWq-Wb^ofVl8p&ohUNrjjMgLv>T4i1dfdzdc~A}pK?4(@R|!tjG@9D0-r z>O2ach~wErxlGNBPyYN*&tL!YQgy?&^H2Zff91p9`mONt$05XV_~_0DyZ0YF1njon zK1Zv9sv-T-M`x@aKXGDUU})>MZNZ|OHaRC%)0am_dE`0Jkxuy-lqJK`l5RD0$3DTx z$jIR%??PA3u3civH#j;%G^*yr%i4wm3NdX1aQ%x|9XWn{|A9jRWnsaAO)$A}WMC7vLON6k>e+P+cYShU-l6NtAGz#s-??vGZCv8f^U!g8NFGO-ZJ~`ZNk4^ zT*0p!*_q-;$L~+yyFWz@Y~1KR4yqA^Q@*r5TVmIASi_duA zWaUX?Xm3nsT8oZeWn0RaU>x!`=z zyiesjj!M8HqGa+ED4kI(~Jd2N~4HFv8Bt8l-D zI_rTV@JNvux}PVM!e!wMAHCMPa9O9xs+XN|UUj?!21#f`rg{{P;~-t6l3v9c`HgYv zN{zg~ar!)`V?$K)6Mk+DS58=!iKSDpGyW*qoz!CX#li$3tF2f*6v|Tg0Jd8Z+m-hr z*Dd%fme-a*IqHiY6V||{l(iJV7O1X&x)JNjUc9B+1QxIgL?j3WV4QTGJ+p47WcSUB z)hY-tQ@0z3C*4!j=tOn;I^O;I&S1Ofv*j`Q!Qi$=Hne7>BK)^ZzeOLjgZ4QgmzicoI~(%uojU@6*v6+$pDLTbN+Y$98cUvNqNnGcc%#9= zlPBLhefpH-2-T3>7`BM`VYi39y?>u&qZ~H8;5-Eqy($y0_$sq=*G@rBvIOpkdQ`^p zsZ%V9N`bTgBcX|FktQBxi)HDV&T@nhQx2ecuvVZHgfE41g(Bu0nPYF@brljBVI5Rh{mi7 z;MJ3*&AftNY|${|XGBED;ft_ySby*bKNk5)?v(uCgYS8Sfc#xv?I3HW zPIS;sq6$y4bH*{W*KdF(69TP?DlrDx5$0rh?B>n0XU>g`97An?o$fR@4FwtsG!$qk z@P<%;u@Qb$irzn#@D?DfDC^T&ek{c@ji}b##A-^TzGH$f7F~^f6?0*}U!+~rXn0N2 zJ>p*LV6obA(u`vMUxaSHS!@3Q==z?$iw{*h7Xhr~LM*UR>|HBR9aEIv0_+ztkP8RW-*@(tdfo^d!aTRk`i-*k;^ zm4D6jUrKx^HTZ8vXtTn#p*7$ zJma6RBEpRD7w@<<n1*@%HV&?H0a=zsU zmcxNqDPjQDu9a5_i3sX~7E2aiWz)~q7W8x}K3wWv5-lLY0YT&!j zj(YLaKbg87rGCrb<)iQ7kATsFleSm8;Uz%q5jbW6X!}N@yB_glRR91$07*naRHBiH z4C!h;>$X}fETVvnt}?C1^-n(Qs?{cGR&JG4w+p=h7SKXhFHP!X7phwUp#-5t!&YHM zvU)d4N$ezB(X0z{G}Edgx}{(|-tZcu`r)p;Q=2SD2%c3`YmLNjLaR4lHm0#&#=rRmZJ1*!^k?(1ncdLHElScPf@ z3jiPgtYT>d_$pH&07Gp-+fO*OdeZJrH>g5@YkoMxBKfQxB;oiO`$nB&fS{J$S!aJb zY-m?})^-5-cs1nvLiX-o|Ml_z`R`u+kN(5{>(|w~`o%?m2TmW^^}*qd5#k%~D`*IL zU4!PrR(5a83(jHIc&KT_uf^cQ`I)&ZKmL0Bo0}cndX69e`Zs@T za%hOhoa9c;33Ulst6| zh+_5w!$!<5+oC{ zRmph2<6#8jn!TY=#z8a@6HWewaV7pHf^iiHZKZNx5I86)QxkPWUpxrW&C7ReJ(%Q= z;X&h|OWw3-geH*{lu6RMu9lyh^6N~`l&EFnh3LWCHEbQ32-#_=fi#apn6g}4pHMyp zE}^&iA%v=mhX@5%#3fR|U$K1VM+t&O09{G0EeAQzwRR?{?14H8PE!KT#5$Pk1N65y zQFjp-x2eac)1sG2@72g-4NhHGQ@)!Y-n#NJU8R*C)>mS0`a!L3hV-j)ieumE{`a~TGz8mO| zQ}YCRg2q}FDQF_DV8o>a-@wXet^>rPh7c=SY^aYCFv}s6Etu^C{_b5~U_0iEEE=t1 ztZRmZpHh|CwR@L?Jel0O=9En_Mht%KD({BbLpiX+sTY*U-o;#=s{tg6zZ!aleU4f9 zkpvy^+4jJC--UhPbV%2p2i94N*Iy7UNyk`d&5yDoC(V6u!)jt<#P^pH<5zIeQmaF& zYOLM+#lp)5s~*(2N5{kM*kS{u^R&}76%m<2MsSNh>&_k9x9{GwTZGo|@L|M6l`Icf zkVAPRC~neK21PEy)Io!nFJBSGWfUF{cTX; z5C2=J$ugyM0Uw!ZND;RjmR}?x= znw#gN0Ewn%CDrf=*5da`dkhoKdQV#cKNY~7r4*|H?4mHS*i?b`L*iH11^4#M0i7FdbfUJ7BKDiYDqalPZC5`;=| zL1TP;g8b58F@@#F#E7IB=kw2h&Y5QJ^XT;HQ@RO(6x%+5tqybbhYo6aeOfQhoHUZg05T}iI*p=s;<`3u)?-1z33OEexlL(z0Ja;J22(@>zHKtq9s0WZ0@% z@XfJ5W9-&}o}j(}KdgSd)&zcgAY)C;C<>o{u0-1TEBqUsN>~5PoD(iu$G}C_WBpAY z2yj{DwXH9{%j27iZUpex(El~dV~WT+UfO$&>)1pCdN~EsS7kbj{L+l{o%^;LtzV%D ztAH6c{Yy>xqDe!aCHxRX$s?wC9s~lJUwstq#_b8t$GtlTH}^e<5f&WwoQbEB=b|iN z+XK8I%mS_x`OgXI^%p0M96<0WseJtiJplvbUF3~{U(*yF_ZMJGJv|Njaw-)vW!62d z-tuQl;IvwAwO>UAhw(hRx60_NU9aUZx_&=D0$r6?xLtzY3eVfzvO2mghlXfRK)6bh ztT%)wxixL=zz5gCjj+34i5@SN2eK8lF1zXQ`HMkJBz>rB(v5vYYja00z}eUC!mr&{ zP;LZ6YcW%No<7@cMH#wR1%yhGP*PEvM~@!$f&1QpI3&!*x(zNq4tsf` zQineIg+KeZ|DEl>`}g;L`e{{k66($KSNEPiyz_@UqQ4@>9*9kiV{Ggr&25~6l1(N^ zx&cs%MYEK&nwy^!HKu4Ci!whmfBo}|{v77oL2TcTe$@Z({(INI_Xkn`_zZ=f8Vp|??+nhF3l(EmD_1ZgxPaOR;IB2Ut6rAybUWV(% z_Mue0hJYJMFB*Fi9T23kw-Euitdbx2dbsq&ee(EVv-_gC=N>rV#^1hO+mpk4#8S)W z1SDaum`=VY$2n~VPJseT z#vT78e3p_1)}N=@sfeZ(dqM?yTUtJ}Rmnq$L-?4-)Rf{GJ{#y~ z;C@V_*{NVl`9K0llQ;!TyJ)VY{H*aEl3(MPlnIZp8>wy(!hMk>3FcQ&rwXi+pPTXx zJ+T$WB39mg2?6Y(79Nb^3zqTJT!&Lr^E_(`JwO<^OM~ertEOt;TiM?CekX!&b-? z61XAedMSi5>4PB4^*KVNw0b|KjzRU&2Jdm*yX&jU6T**uydl@>NA#!Nqv%EkcCUz`QdKw=b~h1vEC7dx4?EY;kZ~FP^rxQ*6-F0pI)iIr zg_zwi!9iHzr%oK?1h{(T+KsU>XBl3(auxF^FM-)rC7LrFR-Y$Np8Vj0_Z^s8R+&N3 z1oksNo$~79sIjq|0>y-a!9-g^&<-DdrxU3eL)IR(PQ^99VXZRPouC?aZ3ZzHtE4I0 za^qAP&$ZsWb<6G@13QNLnaz(L_}EFDTr1(~s<?pT3;E`DEh&Jn@QEvN zW|C0?dEV-bpN_B2;L(=Xj?|?hsqbrT#WE8U5xHL2n2Yf6)~(w_i()-|E#i|7C(Ad- zZcfk4;BE5GMdlb~(VX4`7mbSdu&X6uGT^d)VaaY~6;Hd15iTwzv7zVBpNICgty|x9 z66%NFGxg9y!PQZI$-E;Yr9;^*d`RY((a|g3lqOT6RH;FdD5*$%WL9C-#++;#y}_AW512Q9l;4-&W9(BY~@=J)t}ML6-SB- z>bK;gZt{2LxC^_diPu_ApW-RJx`I5`GuMWnza8|^i*-#+(CWI9cV*zI&y>Sw#Wzydqg%9^vPLK$gn^s+O&bAB!My|Dg*EO8&d z4Dg^^XhP~Rl7HpMieB*XiW_RHCO4I`Be5lu1*2{u;6{#n*Szm68e?44tsd3W%6aBa z%+ra`c?zcFXW|yw`hxh*JCTn>8tM#6r`F>))j^wWJkgxgG&X?cpa;;s0)o+aoEt=*Tr44hj2tmYbsM-fIRF?IlZ6{w4)RC#1_r|Z?xq0Tw^zDfyXn*w4iU0IJd*@&J zOCmu=W@aGFWA3OTpJU5V(ff9Q9d{~#)n_>cqD9KRNzu0mBE(Zzbq;yZu9{b5NfYs- zozwnTmcoEY_C%2$5F5<#Uq15GO|VoBgqcofje=cj4dIkn+-}rOaALC=GC_?R?^ ztudwIoa6y)HXhp~?(waPa42YY`GnKW&d#)92DZV@+XP|9p|eVc{{*(tYa`s+KB>M3 zl@bdN4TN&_v(U(gt>=MmV_!A&37!aE@IOxDiSy^Do$twM!Kn|o5B59h%(a+DTqdSs zd}71e{8md!2IJaG{VBQ>UvAECB|Ew-H?7M+|>^miWeuG zavCWg`BHE!mebYcl-B4SAgV-PHg23-cmUCYPXU;1RQI$$$YVqCkzly#*}2#z?6spG zhqHoKfhq|g!dQXi{x3d7*F7?-nBl>B=~v z;ahQjo%y2S&!zTN(5hIVMVb6j!FlLul3ZFoRDCApqT*Xh&%oVjK4dA@1u==GpDK2b zy6K>&X3y+tbowd%ZCL_I8g{P_zB}FR*3Fw<8 z>BQ4JU`LJ|5#b~h>B9L7B7QDkzAReN`pDUwi{;az4s$;jN|g^dAgwZf`92gQziL@m=vP;+BD_X1dG@5yXQY_Gn2x>rzF15sSYAy;Cj_6s7 zBgZ+kd?40FC;nB^VWI+6u~~J{ z8QfYC?>xg>0;I%2rVIkzIM)=rP9yZ!C%Wgn}GqE&9?(4C#TsZQBR?2E+0U8lw_3 z7pPcW2HGp9C>o>F7L9hP98(_YIL{cMD%O7ZjDJBRFW#3X<^mA4E@aS98vM?<00@c; z)LOUIMqJ}b{QoA{OF>M;X)*RQdfq&KehP#LrZOSvBre%}!b{rqLJPmX;@N(){G_ChK9Lq}em1d>| z)TP;w8j`v%-gV%@MY>d;ik+sLn}z}n1sV!86nKpkU^sDkvIEP0tGTFaMp};AI@wFP z1nIKJvRQuGFyCZ%A>=kwJc|FHYQI%U*CmDH2Pd!|hbK9kTD&M62e3a3vN&wS!5|MG z4K6-@)?Kz0_y+WhTXkhp#33(fG_$qmry11Y2lo04&vbxH6B=G>!6^REq)gi+SnO=v zaj=A`UW>aZTvb*qAElS}w*x;OwNjSy^QrXwHkCKT;gAnH#@2&H&49Cho)r>@hzQgp?^`u48A(t{F38&@at3{kB@LlD%hCU%H>z2OFj`ejT+RFka z%PG;_6H36${1t#V<%=i{eY)s?7>oQ943!g!gQNIk=6m9OdfzF&b@#p&V%zX+H$t^=9ez2Gxla@y$2Hv=-&;c8Qd_ITkD z2f;?5Eg>FNSb@XQY)8t!9J2AV%U4?kysSZ(Tc9l&Q4EH zIkm7aHq^H04|S+({M@?5#qaa6!6MH|Hj2mf?JF_wKKL z?VtM#fBmobefW_v5JY?G^y!0#4&J%#vt{ZhiT+i%$xO-Gq%U`I)+)+*)nc<-u;=EGKO}*5A>c)rRz#<>C=qMq-}!|bh6eit5GV#_(4wV}WK>sV zv{E78{|0?p35p*2I_73iE1_jCh06@b{+usBpR*lcs)*^w*r15`8e*8 z^H$*B#&d-(JQIJDX$h8j%_KU|7q4x^jJXt;8GdO->(?^)rrgR=UBryf6Ysyi|C@{7 zh$#B>)6c}7ir4Y(ogG7q1>cA6Oqyoobdt5eGBE@giFtKord8GLpWGJUc;?I*CV|84 zI#bU7&)%K&*p)4bVa|C@PRW_9Do!=rp6+e+?QThiYzSxwupj*3Nw4}3_RlbEz`w#z ze((evkOjjMY*?1mx@zg(x;1j1l4NntflSh0M4Yqpq zQT!#0LBcEa?AbF5!Nz$;01bEf@|EBJ{+sfz(ssRk@T_PqXuQNYX_>lj+`Pqi`O4L+ z0%o5+eG0tzsl8c>Dk-{(tA4t#hmn{v;l>@i$++7OL`Or<$u2^Bb%`$1IwecA{DC3s zlHYCX@>msYwIp*rF00lV6K_B*CTLz6OG17v42sq$oK{bqIL4*#?%kg(wIphS{h>n# zoY^&{glL{u@8H<5ITT%Wd5`i{Ge|LXGa_G$MJ@1p4(JZX`;jAadX8?R&zPKfg^IVz ziJXwed)nL>eLB0sD;vV52FFm73H8sXb+~Do*yZLzedWp(m*e)ruECay2O`276&b6iLv z>B|*AV`W&K20WWu`OMzBc}tLTSq{w|vM^b*eD+5=r&YeWIEgCLM3dJ8YB{r7v(SI# z%GJx4FPliQYlA}Dq?Q9M2U-ra9C+s(Fxlt7nDebou4WD|TBK}9RHm;7-&AyYUHB^0 zGWWXlWX9O2StUEG(DOUqykryZu5^8MB=`E7R|t>!$%{3pR*|lG>cfDWij&x+s|67t zjK%{mR-P?BdAdL~+qeIqs0l$#lo$v-xYnTdV=euKvswQ)$g&o`u=Ung3Pn3h+p+da zs@(d?Z#d9bsl5Qtu1CRP*4Ng|>0yE>AL2e*dw!~3>P@SL3Kh|mO`~PKdNOn$Gu`b& z;!l_M_}kK7+-TdkhYzpOpDWky-Cx7wVfTpm*f86I%_?sqBdldd7g%Zwzm_${#8r`{ z<&O|=oB;5}nW6BZda@7^PsM6twhm{4M*P`;k#CsP%9g3avS+3+?fCdDHrBm2YoWSr0V8(T%*F+M$Qj zoE6TZonR`l&9)V5wtNSPT`Nkd&62=VUt=wA@Z!1r(VaK{3Eq~Urq?4dag-__sh z<73=0)7}@IAB-uHV{6aEqf5pt1jZI~e5G_br_IC=9-QXn!3uL|5{kpn(h_0hV{KjzNW{WI-W+v$<)OoG(Q3Fr8y_23f+&?F)6(kFvv>cm3PgSATFGvcZyJ`Ry zJQbZGG~00>9q~`;FxR1NYXiE0c`J)C4nuHf(83W;tLPsYRgqyV%3LpSsl0MmB5TyC z=oI&dtK7okG7Jf0x_v1u7F?WKrhOK5e9Z7qf4cDB?a~<|{gu~;4&PJ3kD|UGdV76v z^oN9yLtpob;TtP^3@j7N6N4~)SVPRX-H=J>FG znX*h%rZ`iXRY2%IPOCkQ-e0?(SMB)iXO7=LZ~jDIiEs1qhl@2)eJ!U`5$0sbnQDWp z;Ybf3nzVT6N$>Wb{A19T@ z2P?k3zAQoB-nT#Et@4Sybn%kUILzOkzqWs$5PFMCiv^5qPCP&Uc#*RyY$Drn6R3AKaaC|gA&Fqqnx9)4NcvBoBUO*K`V_+W~6rz;KM4T~& zMHuLH^VnKE@AMb)v?FblvnhvB&Re{rFcTZG$lHkjH$Q*%>Qx@e8V*Ci`eKL>e_Ati zt(4{JE`_riCsY^bW4bDjD}G?#efK?IVc}FYnTa|%{3eSII{@~2c3RG<-8{7aKtCRzm{2b# zC!Rm^&6DW!r1y;xW$Fg=$rjKX&OdJfU-MyULtCP0U%nLw^b`4wO;>drUDsq{qGtYz zPQrJ=5|FcZNPye8jCX#SckkRadsur+EDs+{n$j70^hU$Nw}2e0<_??4wuQ5|SQI)7 zX*CIbZ)^-^CA!e83Tq)_?JNCJ6+~2JXL|bdiCkB%Ty-cNos6F_uqN>+J$?GL`u1X2 z|7?ji>D{|~k8`T2&lIYfp38ovFpDF!UWHk;Ga1%=_)_eQ+1b-5;V)~7zI^#ACY#3B zm(r%R9B4Vva-ikFyXOEsfUF$y^7D?4u$_f(x8!AZ{PbYOcoObGKg2okx7~>Ow z0hUx*Ph$x!!&4_)|DVw0vR3sX7W}w!>5rs%PDwJ!SiL29pbh{lwQ}gN1)cBK+;+Qt z-!J}>x9J7N0j*5=)y`VFzkBp>rFeyBX|B)DY;N1?{(kG*Q;E)FOV4_q^rp1@>E*`y z=eOX`dSpA3vPKu$8I&!SmIEyZ-X90ZVN4u+j(8#2=N8!R-h(IB>;p4X!{gf$$liu_ zr88bQ+{}){1BwOtz=1d}{5Ck>SzdBX8F#i2XxD-LA&7|io>g!eI zg44A%1^|7iUKhSE`-VR^!@0in%Dx%=hRAypA!M?YeKX9x!0+stD#V(pI1f8jXyJsG zu0>mWOSJHa3P7zpd^onL3R{itS7NS7tk@2?+OEl44Z$LuSGX#M;+ykcnVb7e%&#nN z3jjPxt9S%_Eie!CUGZRFt3O1pwA!<(GbkTEa>TdIjvYVA5$oPhK6y5O`_>Hrc3y4t zPR|~gn2c}Z(%I5&%VZOmExjj?9$dW|KAPe>sOHdL{nhM0`bVD~J^uWk{j>Z3^#8i^ zzx>ZH9zEQmI_qBz&dkpJNB`mefA8mQJ#~;7``fD52tmN9aT&UOM-=&lql{U<5pfb-tu@U|7p~hnMSQ*O@ zj6=wd_&^xd^qgK|qCK)rO;@ACBZDJD(^FHvL>WPb9z9a2*?k8DO_v29m_MxLwP9de zRLEQV6TR5l=avJz%>jMhw9J%KVOA$6oL3eci}lBs4W9{gY8FI;jb!`FT)x6QnlzPd zPB#WEEUVzoj|FsIT9(^SJ9L9(L5g6aX1SMevMYgCR{ne8cm(Y5iT-q8-<0g4tD2hR zRp{h+3=_p=q^^iaTAr!J5Tgv){8?>!OQ{8mF-vur6T_l799By^-#H%DW)LL89uEec zDvQp6q;u3Xl+s0-z-;Z0PE4%QX*AcIY}!ONCIG+<4k9oR#nnqX&T!l169AK+?xL~E z7{PKDmL5M@!~%(O9^{xYIX*Krfqq#y`4sV0ulC+@pyj|0a==Vt+Q}gqYT)CArAJSN zgI_Y5l`=auarDqE9lEbXL$bUU?D5NG|DF&?Sn31&+59w1ayH}*@nq5IsqpD-C#9cF zNRhH zaFyi^>8KlTMLGieyAjGU)DWe-c;%XT6rfv=uNbD;!%zNUecSDUh8Lq@BZq2M+wZ@&{g z5hYqvi<{MplQL>t-Aro^5C0A4+6I+gA>yDml?9zm`g?zfo`fT=+~wYoo_yJP6QXcj zou6J60!blTH!n6sv}=iI$bNFnc)WAx9a4{^+ZDrV}=L)nk{Us^9r;QRN_=2Q@x+h)wF7RpuNv2zRa^LIR( zk$(5v-(8x%%oJ88H3-FFb&2!cZPv|DZk%pjvhLVA;k<7N5GC5=b2=kE^S@u4CxouL zq}Q~jc1~ZIb5>!%aNw#62O~b|T#E_7i)G@YYHwIgI z3$i1bZ7%B;fFdk$m8FWKj7EHc7cXG*;hjT=GP=xIe2>1Qa9~Og8}a7I18wa4L|t4U zn=F;fPbbhM156GCVC8ZL12?r)TW9=;ms~HUe{2^n;In@!j+y#@>{w{*&E>sf5zcBu zHVWo?L*`@STU+0j1ACSOd&sb|XL-~T)^gxO;XwJt4~w`u8kR7UlO@+)IElt$?QX$# z?NW706d*TxQ1rsWP!Qk@{4)WoqTpRBcc;)2aS#k!NPK(!dPfv)D&D}&YfHCxr+ zjqHQH+};SS&XZ=c_*iz(vk}bN;<{y4YMz8^05*Kc3~O_32$%L{tlx|+eJGkn3V7Ar zlJWr9=&C-s(VO>>)(nl}z-D}SEz00@G5eY;JcO%H2A+8>Bn>bOI2KH^*TT&xqn|c! zxAUMVrr74<2Nsezv?M^bke2imtw>OI8InifE^^v-?!se9oNB6mFMJ z_|?&a2lxHMf4KiY`!7!Y*Z<8=|K~rs{=ffkg5r$){%d4Uth|`Ib+f7O^dJB6^RaPz z20xuVVK4d6zyBXx_)q@Rg9i>O;-S!~H*fIERAsHNYIbv%BUZ$7-(SOHRn{-YW@hkw zapCFw?b~uKEidUc9-1QF(Sxqljp$=rlpSAeqzCtZvVWjAth^j}u(WXhr=NJT+BRsm zNM%yB>RJ{>xgI}x93ND-_dXi?-!?7uCA+qqacy#IV*0X=nk+9qy?6Hx4rxc*4|9j+ zWZ}dH_#M@^EvDr_a=^gUgLz@H{_q)%E*dA2pT8U!em?S|3`4Qdal%MZ)3aXc&h%r( znw_44L5M!cQX&nR(D)695`kAoh6g6c0hEJj*_+(uf3Xs-rEu=!I5s@|bRi7g zk|&)|B^JCX6Fd^aD|T#DbT?k4Bs&$2*+7zQ!VBjdyB ziyoASw+b7w`Oi&7jMX47IE=+UZ`6)=&Cp&g2X>YN#$t+C#^yj*?lVUbn4I}EGng)n zWy5>3VhvIYI~?W_S4|h20e{fx<|3wiY{8%2NSPmWrCQ>5i31ia8cgUEf*_8>nG-9T zC2xzNv>i%h50t|%$OA$fA3b)=;z%FiXG6CjSJP0GLQWui6PP(fa{YABYie@p`{=f)&RJAnxeC`2A?XrnCfh6D+lkgGzsoLew&>OMtD)!Lm2VQ5GM$7Sj#cJ(fEz1>o-`YDTR zN2*hJ@Q^>SXEbnKMUMxGWbyD>RlS~pvm@p1eI!`z(kERW5L~=+?|o=~?)@6=EQLC1 zU14V#jjvwhIq+xZ1U=l^WFFRqbmn5<`uS11Nm~Tdh(h}45v9{`HlI{5QKu)3Y-pK) z_^mSdXoNTDhL$0*w9Rjp8&eOD)f+crzKXS`<7XeF`M;27qleYhyySUqZqBr0!Ls@o zbKicuEU)^a%1Du3=bS-yrhv6vb}D0j{*HepTQCM~xUt^3>)C~Y);JtP7{65q26}VD ztaN2r=|n*`w%5>La(M(79#)<+AXbyJDfN9qPh53(=%CSGl0(GAI{%gX~#o)8--k6dIe z*-}EU-16KeJ8}r^<371JsR%kz;K}&$7JAhkdO^Dj^Kwz;Qv-J86z3;p(~3`wrxlWL z3gRQY;~V<}hU@McaC(vjKpSnUf(5(MUO{YO{SzvpM#@LXy0*$K2lgfhTBp^$*)AU&quF@;=3e2I}<@IKmn^A0^iGD(pd^0>- z=TdRIn~)>5xPtUJamU&nxAbhqp>th-F4;`MGo}s)O zc#~5z2M!)QdGgf4(p^rh;LI<(^`$k>eZ`PP_7nD4`hb0J8R&e!QO_ASR2w<>hcj& zE9U9br?C-2E^2DWAfn1J+`D)8>Xj?fC2}=BcKn!+&6Eja2dmSfYB{h42h1KWV&tLy zvmO|JEXm=+6!G?646YFNR))tSoN5JBgNmJ~!j6LHV{MKU=u7la@cA|^ZgC>~#b6vU z7~s|kGFJLn2$_w-=IF8~ZA2)Dx2Tw>oJv;q2L@8ENhTr zoS89bC-!9>*~iqb3POnol(+*%j0$>&6EP~~UsN`Co#8g8CEr4X1{^c&dy)5$*j_CM zJ|+$rcZQpP2AmOXLNjBSZPxR^Aho_*)?J(-cvhK_Qu5pZ!FYXf?>)sd#A9_~DPpX? zcVb!s_BaQO9}8D5$RRl}J~__8>Dh8t%ig1$ILDMs6oU!kyEC5xaJDQQF0`VpE4k4YFC4l%5d@i@t z6fe-(O^iv*k2n-JK8FAH?aJ4)gW_HNsd*B|!ho~xayo~qXdBpfCbXB3h4yGKUb>_r zB?YOSV?W}go;`c^SHJq@g$w5n?B7?_ba!cMR=bj#3cXg~?TDBU+bIo&lP>0owb9}1UEWE~n>i6f%1-042} zOui+hlU;l1fAVAy1C0pWQ=|13UD=Zr;V50J15sC%3&{@N^%l`~5g-PnHP-??Fep&N z;6QjS?|gAPNO>=+AhgHFy7$#zzo*`INh(1;mMTKl+S?9^p+xIQ4}ycP$x1B?%b z-oAZ9hP*y(dNJF~&)?OT#4+U;0>F4Tcw-h=dzn3cy7!YPsvZ-*Sx-oFpF5(qKY zY6hD*!KA_8-2kybWk=LF{n*yx?)<8m!LoAlq>!Z%<&?+jqeqXw|L%K&<&h(YO*?@r zBCD+;^wWC5Qx@60?NyCCzTw~}nuUUPHuj zvMo~pvc(T7G&a$T z&~o72bHI9JY4E{%rcbgS!LKv3zk5=4u0-pm%L2q^8@Ak)mBqz{I9@Uzht90U_D}#= z898xU=qZVItONuh<&t&7d^{L?F;;fx)2x`bY|0OnY%hzI*SaQJIaPwFKpjar*`hXB z2TSCVVnL*6%=sq9%rvo!fI;vjpe{aM{PE&Nhu=tOl(^HUPEAZsShAUk9Dq^o7M!rc z^2DWPescPhCHV4{E2^VhwK#L;jPorSVl^rt*pD4Fn_|w_p&w2ZfBDsyK1=91YWT5U zWq%0AQ>x9_uP&>gDXnI+3~hSLftCaBmIJNR>bvE4 zmKNWp?An7iEFM4s<~@xYEqo8BTK;U^e~MK^vW!G9u(a~bKEb1>i)1u=2JU5sAk28M zD7#X83)^eQ6j43zjl`W2lE{%|5oR%gpFIdliS>5R3Q|bz>1ccO5%+KsaqoqVU60jp z(Fk`64r`s=qcD;(uEpkoZ?^Sx9sp%mB?1;tLDu$9AEdX$MSTW*FZTc6)4X~m!q)0TKaBZDs!?!g>M2F80ChBRiS30v#>=&wB?I^FT%shW~fVThe;eA~% zT*D1slZ^XlOfq?Cn&Aod>~y=-1%OfhS+~VFiGAJN@v?txr?z194NCxRpI;^{#-X9c z0iC1g!eR_zCUVAZ%Dh2GleZ%Zb%VB7@84SF<$1`56_b9BKuAy%3Y?8 z>({TdR;Z4mBQnQNKjDD+P%aNHd8entbi$^uY!n_Ew`2*TKTHwPj6qU{$PZQ zt~Wl$T~()xxkyTUJ;&HjA1^~vPaCs=3?f}fz4cE=1>oqrEJj=mukKVPT`sR<=*5Y7 zZ}inc(S_j+e-ZC;Y4*fv6}+_pka3t4dfB;3lvSKuF*JsT*q#PZ6H{MAX@w95(AL-( zFja-L-bNkLh8s0XIuoEGyUP)g;p!_(i7n`?F;(=F8iG*sl~mJalIL!;c_GLw6d`2z z-wGc=XGK1XZBF?DJN%wSSO6+P)xK`~CnhvkJ72Z^ zq3H}B-l#tqa4}aDo*dUkpT99z%uJ1Q_Np19w;<0k6{b&;PkRpxM9lS6BA#O^o$2 zQ`UfXe{}I|)gNT%$e1`Hy17tv{_WfE*w_n-WDREN*7;afQ?4Lnc$zzM_<#++Ty`zV z%OaZx^w6wNKkWAnF^Ht=?D@Y|jWVBV!-ZS_)Oew&vFt^j3hPkh9X-w{7+OfaX6O*CuM^k6ij{YJR zX)`gZidtY6UGntlQ#2_Kx>v4T74wf*sJYZze4^MnAXmH^8i4zTeuV_r?&!5+Z8blO8`_LX_q)gGaJP`a&oji#`rC=AOUQ2!Y>1nR6 zh(rUzyaGv66T0>D3+HVlM^{*tJ!2J+5gC-@#M5cMA|8fMKm8PppXw+WVlPb9Vz=)x z3dTAHgz7(tA=3^&4{25>k%$%KbBo=i<7GWNyHz{P)OqRgB`Sk&Xm*Uj&)|rGR9^-l z)xV4bTJY%M9snz`$?|3og#jflR2fN}?F?>Taabhvld`*-MK6Ao<pn93hnZ!n>?cxtEBlc=>n$$bhD9X})Pww1%}8b# zd^1-Y?4>!za*(al`4cfmm$|@jPr+wh*(AX1W5KCu0iK!L)3@jEaD3s3!gbXo6GsS= z&yeV)3X+~auMvaI7j^_{<@Ewg^Hmcd&k|;C@g*b_e*gUs%gdK<-n_*j#%T()u>zHs zHVk}2S%i4QXm=4+Re{fn2}%=}XSvB=jZ8`|G*_cHHR@}0=_Wc(tM`7ok44T=oH_F; z^IC!FR9-0#sVc~9g#&@A#!~`eg$`zxQ?DzRuiT!WN39ywvCO{W+Mg{4S`M@vXgTmM zIS|r-GxH;%3z)eFmm^p}N4Hr^$DWgywv^w9I;q};>gC&Y*REc3*^5c1)kn`#gP`^h z!mVhZe)gGV%jv*~Fq3;p)+wu7X1U?x3HR?mu)N|AoYrwl8(qUu5NeB6&k9=#8eUrW zFI~EF@!~~`yH#6CthM9gmR(D~>{e331$r#dV7Qrje_;Q9TR#rKT)cEyS+yef-lLgP za^QqZQgPf->~w{Syng%EZR#hr1y%bG>?gDou(#5ymehag;*g|~z^lADCro?{z z+Uvt=-?g;IucE)0R=iqo|120%kRI+I9?(JPHSuY+jRauWfKiC-ajccQU&$ z=}M8lo$T)gW-rs$FvNsVCj0Ho3{9?`dC+#*ddzLCW8`mkG!i-FT9&OXjc!M62{bY# z9e_p5*|G-@?lZ1|L^l62TMLu{E@}l?-#QwZAFmIok3?o(`kD% zR`$A6Ho~enKCaxyj~+jK^iZyR1$|7XG&gUlF_aLtHVTHfVAv(q$OA#Q2VvxL2!7wh zlOO*1fBWd}w>_^079ZdA@4>C#T>0JqG|1b8kYBG87FJ8#Dr2T0ahI2{oJ{8wy`c>xy-EK zQbFW}f#7h&lQ2bimL>Tbe&@^zEb_1^0wv%T0qwc-=V|81L7~aVFtNUHBn1%FTpe^l zRpiRcPIFi3xHbR)KmbWZK~((Cl-TJWU)^QI6U(3;9sS8V)os?W&u3c{1|-Rj6nRg7 z@<|nE$`XU(+SRLmI!(KO-+uI)vs6T%L=1Rr_sviykPDxGe);kxKDz>HD9&UB;fdoX zPMto@30TG(Y%X{1z^2MYx%!?xcMjyS<0q!4_{YSW4zenaFwf04LQxxU6=||dhC~bH zB|X`*)eRv2B}6NKZosIIkUzC7E-bE2M=>qJ39Pcimv>EQp370I4~tln;jqD)B#GSsJpG5BBlDa8_Afxja7=b!{n%%K{?J|H?2C z*}*Rw@>R#HMjoK(RF8Zc{a^Nmp32fqj9N6=d6mlUFo!zgLk%%+yMw5csW1e6;aU?E zDFGNqfb=AZ!U`tyt}?-3hdy7mJ;rN6>S6LtHtc}6D9HV=~M1!&z?aZ^N6X^ zPv!X8+&xehfANd2d}Er%$N9-6t|1uu3q6hfhdU_~L28sdRy(zT>XT1SGvj>z#pl?@ zkYesF{BSZqik!+61BPXZ-Hdh#2?qZ9*MI95zxdJvgnVkfO0kWH-+Uy6Hy{m{=}q)S9Oc**qlEI;>lo767W6Z;w|>cwq0 z{3#zlQ87b8Q<~9YhRr{oT>KtRoj$2sngVvbAzp*ry#dO)V=^%?pFDjU#{r#YTw2z# zaZGo@uHaqwLNb#SzZSvUyk$l^cmCX0Uwz55vnCmSoWKA5H`vZ=gw=X}o~g>GdP~n8 zltlwcV%9oMYw;EW<;qnUi~`Z4o#IBXk;^j1++_ZI_~4<2Heo6P7=$V!#nsyg^~+gnc5hU%mz$r> zd%ynmpD{`Uh87v$fB&P}@dYB;@}oU}{+v2`)r-o!XL^JIJ&ztex^;UVCACk{3)Vij z9B4Vva-ikFd*ML&08kC60-W>0W*ern{>vhmqJ;GKEH4#hThL>XqHO`Q=5p)&>%ac% zZ@&4~?uqT`?gAC-6tE*ljxg?uv3l&-5u&N3-lFzz{>{GyZ=H1*!=9$~nyd@hTZ^OR zmGCd#s>5=B`lr95$Vjo6lA}OcXYKnqj&kJiVT-0xyrFT>Aczy56$dTHRxtK%&YnF( z5?feY^wZG}LIpc;2^xeBbyOlDP3chC$?|m$g@ISK%dSh8OSAaHKm5a7d^_u}eIF{H zoo*t*)hkyfg=(LkCM5JN&~P@_7W`~rdLQ;6eAN!Gu)3Gj=DEYz>;xeiMWZnU$gxHQ zDtKZa%a(s08VuWi*n|A}P{!|uOm6wPAzPZnz09A6$X$A9omO{=v0I^y*)}J}UjOB; zH+N)YZODI}wU!yPg>U)OEYjQP53yeBNS1S}G?9)3#yG-rNa%Cv<+Mt2t)&_;b9@>r zUkpDBTfEE4E`_z-J$}FDRgys?Qm}EDXPIwCM}_DM53`URHj*A*vz#3UFTU+C(w#+YdkdSjIJSKgs^&$&#>7?> z0tmX3b-2gu&Jh-7pH;HSfo4)Zvt216sql1E0^OB;^VsyY7q|b1-r{&`qL%MTCB9s` zv3&8ryZrp`yqNkWgQlH{&p!JUW^AdwCHhGf@y$2i+`M^P-$x8;ZE1kV5CjI18E&;H z2uum(9-74W_<)S&vQlYW&7?u!hNNI)stP764A~GBn7;HXI;FR8Y0{=(bQp78%zGJ% z1F3zvcJL?URicL)k2``~T~y5lt%}t3mY9*(M`7`k3KtLcZ@}TxnCi=|Q+gwx5JxnS zz(!nDIZe|3@OkdgoZvt@aqR@dVL#T&GCnbR;?yZ;TTK!A|BO$v4f!6;5)5jDQ*%d- z%B4By$8U?QqagaZkG6=Bqx3QgaE%qRRU=Zr!$&q8l%G=FQ3AkdWq>$w^5l^tM>(q+ zgJuRNVxg)j#Y0_~iGd995kBX$&luK)aaB!!(e~MAXN+ztK2AHw!Qy}X#BraBvu&VI zT~T%ys&p!T_S|aKK+_yLH0P)0nVFfz5GOL=F?BqC6t4EH2CAc6bu2REsuskG*?kAj zoIR@+obN@K^-8%&8W|g%o|)w|D`bkIO_(+kRM|7%-v}#v;>6tHBY4ic4?}cuM8c0A z-@VZ^8lqcZZ1g&eyR;MmTup|K0OP+a1Em#H){) zKRLI=LTxa*EZi~InFw;}r>Z&?C0^AQqNFU;6aR>xi}BHb5cSQL(F;HPt7I75@U3)y zhcRsO>YblI=KhnDi7EHPm`}7+Lu$37#gsfRS?90)zoCKH2imZGJDnk2IcW}DJVAnI zO&T1D=g!*GiH;NcY&uiL$TB+I0aUrY_t)w_2u7Xk5fUdw-c0H6-w2Mv;(h*~aZl?v z;zK{I<16WB7pf1qtT^?Pi)%p^TA(araur)VL^b0b6wZE!RSm+v3Z=7bs6`QzIGua! zg!0>y54=QMV~JKm932mQDRV&RxsUz;iYsbYlozm{c!^q*Pux?biu_sYd>fp1$r+fH z{i2Ssg@6)(yLts%qX3({p$5*(G%_3A$F;t2D$Icc;+5{B%CYk>!j#i06C`*xB{52= zT{7Z8-PO)3HXIJ4*$2Yr8Q8}O$WnG~FQb^?rRV$4Q4M~1NPJ_cm0PbG#*6cI&XUZ0LY^4Sa;eKGF#Vq-1=;lt`sV5p^B_gk9U3Ho(qWrtVYkt z%P-Fxk^Y8BXCuZ#haqn;;(5D9uXeCl^#-&D6RY>5616Y;PyGY&2; zFF2|kpLXwz#n+loQ1H&+gTkaSIPd?sHsye6Ijx{X2_rZMcenEg%{ghXmvXiMi5q%y zq7U82MNeXy5Zze|KYH|7=VWH|ylHtK#|s?LhxH#@BTg{lZH;b|hIGSIBr|^PIyoMC zYvh`aFjgc2{ww01GVPjG%vTr&o^6V$nfEIGgXC?G?ef<23j=8ofIG{TA{>^M2+X5a zVuXiZ#*JbE=}8A{K@0q3n1dfzVR~F3E*; zeBW#kL+TCz<6%d@IC|`nvb0jukrYSNLq7?@4!Z~Nmh4ps&|Q5z+gdwUQwNcIw|&>y z=c~&4DVax=-(g1-j@y$H+o(?!u^aIw?1LR3wjTHJ|PLrY8)yV|!vtC5ZpX@U>S6pOJhgp$Acn}3H7XfQ79$AA$9ge8%-(_sZR*AUIFhzzv3ih%cf zN46H3n2673#ExBj-|8tX?ro@o&~_9I9=3@GPh3VpZVC=Odxn>>6NgpwlK2Q>dd6=P z+Z%x4gTA3rD%vZ`w@>`m#iE_9t zu#r)LNT*Jo`sDE8BkTff2Z&cwULh>;o=>0tM3qZdN6h%d)WJh@0ckwu_OP7>{cUv2 z&e@p32*$Sfk)y}=A3XTknX_6!P-bgfE^|RP8aQ{_E#O@Wvw;@-h=$w5#Ni`H)lxiE zerbHwW~OKV=udu$Q21?*qA9{~7}rs+XW-AByYT6!pW%ir0gkX<%Fb$k>hvdv<_>@U z#g{A3pLwe~0Dii6kL}>$g9pLL>?&~iKslOEfAZO}W5<87xS&$1tT;5Qk_{A|!bgvt zQ033NRhC&5GW_e9@0)5NAL%u3m{l5jaBpgII*lNqaU%=?Cr_Tv-Cy5N9Oe$2Aw{%_ zX{41WJ0nJ82N1kpO!yue`xzdJ3m;(nr_fMbf(Xa6L};j)Cab{#O&YI z`>LAi)l->dO~W2$uZPH11~Yt7TK(chkfXRdj6hC3VY&VEjKA zC!!gUp1p_&sO7Ob>>L~+HoxA`?L_N&6Dix_PjoCaqz4!H=xNd2Iv!ofCd~VD{|OF&kpOR`9x8qt2sxg|#8h@y>F!WUBL?e?B2vQ~jMMlbYg#hZY6)S%E=%_{9p7rm){^shnYj(P? zT)A3{zNL_$Wr33=l!orY=7*(TIzb{^Gqlo9v-U`&)?y#x+vi~3v17KU(PppNcD6XG zTw@{s)t~;#p%H?1$R=asGqcmaTNrWly9M=i6&RYU@74OBUC6EY*_&%`!lRyGhPHuF zqzE1x$n#Wk>b4Cvz`isxcVNb+B*r%XRuXIm0_YIUyH*7PO%xEmv(eJMoT=x%$)6;D z)A7<)_wWwMTj2IM3_ptu$-bvAFn2DZhzIRGkmocnz)B`S<;sp}B z`FN$L-3qbW2aMRuNbj``fJh>y180J#(i2$mh~v(PgXAR2?ByqcUoH5)k>hC>!lS|r zMpu!YeU1H#KnaG4P5S)&ohw(az{$4AB4(4LX}DA*^z>-Q0_L}>Trlu(HA4XIvD4kU zr3QCU3yf~V7)MKB&XbXa*ZDb)cCyfa{^xAJkhfa zMXlx)O57`N;jv{Wk@mQ&JW`fR5s1-T?ye^BZHiVG#shaf)>Wmv4Z^MS(#UwM+Rad+ zacZBlYadXz)vPNvOxen9d`{1BajgZ#Y7#rKVd@CEKbnunr`V+;hQ>r1N+6tz5i;3J z9EzT;X(;ZFlWJExfKf&;GR{lLGCeIua*Tj5pS&C#85`d}Av(zFE?{i*ID?TVDWQF~ z;>LZ`>Z^DzNsiP}CBRC+wX(R!WA})-KSiNuG0Tn?_ zRLzdH?j4`(9Pkhmh}k2h54khv`+R%9P@L}yDp_L!9XQWIU>%#{yKfFxoPb(6Q5kEK@Uyvtf4rho|b%WESIe#ZjXjEEQ270cjZ)iWw6;p2f z=gLOWF6&iz@R6y>m{kbRFjs>qA3BhQ4$8(L(9~MD?4>y%s|rbj(i@abmIMj)a9dXg z8+5CsuV$?3Crm#Xt3bQ;q()V#x^GPJjtvU!qsg;Q}#VH(OP9=?evk5*$d|{ppsyad+32=4XS7k)eh+~O4y{JrqBTGF6G&h60~_F)>XgvV*75= z-|#If@N(#7_atg}KTBPrI<-0bq-|Ff}`=}%9bIL5jMThY(nhhyATWtR8} zZE9%f;-yO}$m`cZdG=;v<=(Kdu)X(tvDzKMKm2eJ-&jIfFyDYqUC5lE ztyM~^`RRhTir}0lvD^X}RZSS)a`x4i%FkFXDJB*VtjTyQj#$2(1E)_zTO=p7`HE#(_0kdV?vFEZY3cPlKhSd3dR2b_}o&169ln z+Grv9FU?P5q^o4c#F6dzLSUz?T0>MUJK5$q8Q4_cy|c9wT#f$k>Sl-sWEW=7vBc?$ znIVg1V1de^jokjpV-iJAV7KZe$_{*Iv$#s=l!0{knLnt$NOC6Dav80g8CetTH@tYx zGxY&CQvK76F+DXsIu=gGM*97qeqs%ozkS;*VGG3JT_y=!4fkDft%9DcXO>dcR9z~w zx-1SZ$0lzS)>q#MZ0rJwtI5N~q9@pr9Fwlv3{F~UVQ{IKnG6Z`su4hc0B=Wr2(&GH zaiPP?;9>O7Zeq)yh7&QevOl}G{AtHmc87MnwDWCehWLQ`Lx>1DiG^U-o%thWbw%z} zs@_`hDHQxxLkyUnI_wi~(^CZ0RiF>~iNvwE{Cq(mmT@^XYI~j6dyL=?IfJcFsU=-;JS#a#8tf= z=EuuRi`+7aq0voZ^h9)%lA04*|8aRF-;!AiL*3soKNW`(QgaS!l|b<-JtS@YoyV$~ zU}S7$c6wZl(vYkjmF%i!_%JmwihuCn&_aBnD2~J7SbVO6R^Z@S1c2nrD`;y3WDP#X zJ!+o(sY)j!x(wZpd=3c&L3vgqTCT&-D6#nI!9^kQ6Fkkpcb2p+Jr7CY?9_N=_BO*# zJZIIShCx`(p&Oy?fHkkS1a6=_tY++1w)buS^I8IMZ51H9=<3gUS_>~N5?-0BA4~W5 zI&9q+J+)|(-pPYrp}V_^jec%jtg*mvlFc?OT^R|o4<0~uFsy>M@9jJIsRrS)svcb> zSD|X>LYRAR4YxDCb`3rpL4qWGD$8&~crS~*O(V%uMnN7JU(4&Gk}US-f}Tzsn%qy+1l&jgNMw#ViOoL4Ah6_L})$4kCPK8 z81R+RFoE2n>8`~EH}xvpk@2}aWye^L&z(E#m8J(-E!Er$18fLm{PZC*tCgQ1HL;-@ zqqQ3YwF*_1V6GB%19a$T@SZqe!Z&-n%*Iq0dI~~@V@qUwWo3kT z60cHKd@9C<9UmJG=KTqqSwj~W7J50aUZKqSl1YS{2{|Mb zQV?qzM{>xR#hl_sJ!{F}Ob_+mYT7;6zI|2dp&!9jg=nf?`qd3z%gUkh998EI%!;vU zTezpjTRg@FWyviCq|oSE9~gf=^!9D(|FFj6n)cdabnVEipNUm{M|knhkmN*bDvV_! z{-uaeiMd>6swF5_p_r*r7E|Y5g-`N6VER9F{%=XY#EBsbrR}p7W@X_(LyEb+QfRsuk_Zf+YXeYk#WtbZi)APx_|Gd zpKRYsXU3v1^pzvU!D~BTq<==epYmcr<*W&khQ#5uzH{U!shxaILs;K8VsacDU|BnM z{Mh*m=Xs;j1e&tg$mG?>nv6OgyPNp0zxc&hPT=t*KfYNEUDAWzA*4wH3dXlo5;RafaEl#cn+mV!p!s=Z{u@n=IS%`N6#Woy1d-|dF z&>Se_bs3{iww%eOpeF$1W&GbK&qNbvYgUQ2PI<9feY$#fzx>m{H}X&6-x^*Vp$*|_ zw*${pHVF!2rF=8|z8vBRauxI`Oo8Sjn;=&%5CyT%? ze>%16Y2T{a-j#M^nW~cWyev6d7Lr?#F-j0_&I9|FlnZ}9r zvi`-7br%6Ol?WeRSRnj3lE+7cc;D>eugmcvB@`d*1jJ#b^h}aciL2|c3RP0)MM@*@ zZM?VRYg7K~#=0m$Ru~c|IzzX5$rE*$@*1*cO86QxH-5sciagIG^n6H`@Hk-~BKOh} zB&KO%&8aq{_~rA6>q&nJMIfahy&ybV<7)uWrG^mQCq`6klzENVgnSR{g|dTy?7gAd zAR&K7QZP!jqZ&ybWk=2FF{JW*A6;H{7Mn2IgbObHh&Sqx7te4k@(Wzl+1d<-yokW7 zmDf8DQS(khk`kCBrC6~#z7nVsd%$H64M80w1~I`<|3ZUK8k;+}woum6UHOH8ueGH& z_VQgA|9fg!Rp09VTEKGB=VnyV|IHW`Ov5B4%RzZiaL7?^F?6GC4e?Fn7`$|7GAK#dT|Z&iOV(&P>zx}8H+ zV=&~X2!MRG#rWDi_?S+jYRUYV1@lT`rQ#|MGbJ&NI!^CkJnlIh%LwVS^<`XI9o3LT zo#G0Nc@NxcFGeKS^z?H^QH7R_1a&xgU^98L+BBPzJu3WdG%5KrzS*_W1sfOJJ{q!+ zk*fF_8j@5vE#f+1FWH6}cHxgI%dYozGlpNUYoo&3w3Y)c2U-ra9C&XWXx5#Yu2j$X(A1ahHes;rcCc10euIw?e1E{l<<<(4q}yf$TQs@hS# zdi4saM$}T5JBJS;w5Uzb%pN;- z{O+AQvfH91mD%<7&vwsd%W+@3S{D1{GIWxIxusg&hiQnk>D7ZJ9l?N@0Y8FCWwunq zQzG%A3gyV)K}(zfK@lhBk{HQ~>459oo?0-V-MRuMu~NR+m@7P5B$_5ElNO1QO>@Va z%3q1wg3s))0bd0+xvJFHqlc&;Jr^%KHO>A;x+XB|x1=wU?8JD)SUoT^DIR^(&%tka z1v5&02v&sXwPXC*f%@)fd$sgv>b8B~c)Y)=|7Ap>9WO#<;?0HE@l>Z06Lf+ z$86Q{lI#Nab;}+38M5H?6n8*jY54Rogp9}6;iJRv2>!Q360+U9y~vXybUa>I(h7Eu zxO3fq6knM?xNmyeX|J#*_HzcWa16}5W?HrpbEhNwyi56dve50DopqF)^QicvKVG~< zTe$6O_jm3((%snU8jjK$4jnwC4*+BE0>(wviR}VldXq9ge@FKq%~L;gRKQL4z6S~k z$(}_oErSP}x3WlAL~ozMt2j}2@}wiC_~hjmcQLh>Vn?^XJbMu!aRw&)v38F}nMD@BFPE=u~~oDG`5nDZNIuKqoN3D@nx! zT&;138!k9q^hS<2$H}B6N5ShuXRi4f-&Q>v=AMnAuT+10sggpp&ZFqG-#9SU$Yn zyYk5{tnbAxY%+;4YFvtV$&VbLt?_PY<;a4cHk?kKJSBR^kt0W~E8(=7vC8`T#?MLK z!0eB(KYVQce@%UJF!Xlmwm+}o&o0bAE&lEGH+#1>?&(`z@HC#Kzwc}+Cf7UVw zx84_jv}0W%t-pAg(rCE35axAtSGHsbaFm$I)W5uuWo#t0s&st}+QEBn;6oh?B@V(= znRkfaYo z$ouvBwd?pFpN|@efaR++H&2!x7#$|hEfps8aCXtI9Xn(Y*TB|8^*hg7)3BN=;5t{6 zMZAamKRw{Sqec^x6IR8EiT;ARnYwvJ$V-(sa+Sa|T@0RYd$9&wjkkQ76b{O~9x8_n+9Zv_WqaVG$W z-|E9h&B>N^m3vh}>URjXzT*&4Fqh%pTseO^%zsP_^Iu=HFbqc1;Vq zK$h%b-~7S-`{=KQy`vCjO`=jgQt?jlKbtm%gKX=j4m*s0Epny6AKFEyXQepPaaUbo z(*UlOrzge^?Vp*QBKeMnxV@b#3ktlcIVXPXYxlFViF+8>@&`v=Z$A8(;Cp(?t~~y% zZ0ozipx-C0{zC?t5+#ZzHKz2{x$VM$+b+stPH}0wdEO3A^;vs` zBJhtOD~h2YC=VVlFj4KBp4<%gyQec}r<|Au2f1GHG-dJ3V`|U%U-CLVdGh$Zd!nm` zWKVkb_R~*4Sx-Mx8rx`muwmS%C{}pB0%o5r$jm!W<jGML@B^9@j%&H4=g`~a2OfxtzKDIJC z7#q^zML0UHB*nR40HYq^;3}qU?o!Xp?gtiUl*Y*BrL@(K2sG;o7= z`&0y4o-m1Fn~sVtcx8U$A}@0Dsne$q&K-6r_VI$f>}R=Gonu+%V0SCeyq-Lx8-9fS zEjm@~c6G;Nt1qBU5TPhRz15`z`C&7ktR3BGC7b)x{3!+`!B1ciiI1Bb@oOrmsw`dc{fT zAg8@Pb`E6sdj%61WmtGX8Yv4xR4qL9?5H*q4ZDZ+U~)VT4-YR64L*wxWC8sO_R4h;nhsWv4UU7ZL8A+|5G|wpTo679{ao)t6%RWVf81S;hH^{O#)xj04d> z!v-G>U#;w(KS>xdAZDiCc7poAIMR~aa^OSeK(mU~gW+5c&D{ejZE#!&6I*X0nZ)7~ zU|H*!1iGMo`dUs5u@weHJ|Cc@YQ%CT4-7QWK+)(sv3NH6%XaYh!grM$$YXy{z*MX4 z*|TSsmzQqcyv4!v;>C;3khpl7lB}HDIdbHP4QS*EA7Z(5p^bRsym5RLbJ)i;x>ugk z%pG0}xS*%u&uWn+{w_vjnVxlgdp!Zeif09`Tn{m$W;HrEV!d9y8d5w+4K}`5Arf4> zdes+6SK;#MX~bWOGb9Pyd6_>W!M|ku&uqUb`()_ij#X>Z@UEs|Oihf=PEYWla1M(& z*UR=kruF_TaVcAAXZk1RS93;_6cKrM>+1V&)&Dodzk}ne#jn*`e!lMf+&iXr7KKzS*)4fV#Wht>TBU!{#3Vk-Tr`YeOF>|8h+4ecwJ8D zH!_^Cr|gVu*}Hifew7d+ATy|PQxJ^LB@;S15%wC4R-xbF6Xv|b(wHe-xq!c9L#n8ws7b$0f(MdyB8+y7ni*T4Xa>iqot&6~Ga)U?;!;knbN zPl;fv@7T2^H}hB(Qj~GKa96+WmJ`MfDcYLr=e@i4?#$nz1%#@j`VoutHs?;?c+ekQ zl!WZAtCM6GPyB^}LUQ%$b+I4HGKd~si$Cb+pI=ztml)b;GMr+e6%LlGsEpJA#Mo?x zVSSd>;!9DFe?&;KnRIegeDeE+0#YrFr`eP{mABlrRC zp``p)tpjF%C6-ffMIPM<{hmm}4Gh#GDkai@R?vK}q)g+gpiWL{gh3tUs#b8bU3dk@~4891s=O-+waO!Cp^ z8K8T}f_L#>wrqCrU~T?#kLJeBkC30Oe5>i({?PV+gC7&x`5}4mHuGUjqdA*mXUosx z!Q1fjk{Q|j+Tyr{7m{i)}&raxPbsEQ=mpGS;UEln*AABs?R;vl7Hd47cX zHclw1>qjT={XFE8YPrGD&@V`%T6JOR`NJoRCdhpR`SFOKT3tJOeqK#akHL^Cn7hRM z)tOK9398SsGq-W{xudLs>B=(=4!QPX|H&?0)s4m1rFL}J;*v@k5ghNl<8r6YVz;Ez zXEU9K4lBR^BO_0*fx+p?iNT>^-riW^6`XZX?gbZcG5o55zV-O(BF);AZyXxq zt4j28^!v1X)7Ayk-dhfA#sS@xZAZrzUrLy%Tes&K(Af8wYszTml|#D`e|dOy_;Xgs zv)tx{m-OF9PZ#z2X~Da?lgwtty+OL+WK1$>vmOoPId@39^Up4fuN{b? zgFR-Rsxre_*#HR=Sk15yC;Yo#6M6%-^kvaVv5h}A>Zm*$9lIiHReEkL-M#ySg(Ard za%!S*_k+_UyDpOCs%}uk_aXm4e}?>q7X+QKLvCQTi{^<2BL0Lya;(I(zulxnc2{}ze;uYUM4{Q1 z3XUFD#7Av9{cTf%w(&v{^-$T2!MYbGxOAeGi)*xx7@mfK=9UWPTdHxx-KcEVr`_|tz`ir-q#9fMA z?3XW`Wty5Cqb*q>q-3J^mAmr3)qY1VXmKo%`bF}an4CO*;>551^jExBzyA97*RNe8 zOzLW`jQPdVuH)U1i2%2fx%S$%O?Xs@ENKn!ONhTk&sq(2?RQ!Ddc~!0* zY%dfQ-xBSP$>-2&$>?J%ab%8q>npVfW~bvI?(66p(a=M7KZlcj!LcHEr|eyUG57uw zbN)z%>=gc=Yx}nR$qut)<7Kz`Y1HiM)jF;2Dtk9Z9@Eue*#1+aTwQuH-A%6iKYhFh z(tD(Z52kdkmOogr-Tp(%?CXVohwBUz{76V+tc`wbE61q@8glIyP8OAhzh+w-=JlmaIx{$Wh3 z;?;ig$!TW9CZ9rC1n=It`|Y>i@l{oY8#ivcU_dkfQS`GBv-f3(TrF|=`N;EunUR6V zaH5yBnZ*V+Lr5=8&&>EzK^3&{^sz9jo+oCG50B0?rNhZxb$>@LgL)W`0+q zcUAk*lj+&Yh0d~a*C@!IiJ2rq>ARMgT^$e)g^=K=ngoE;Ay zJmB~`p<)L)Rn1g5%iP4#!7=`!A!f9N}u-f5|_yzb=R!1CA{p3kZm7V^xF^K@;+fX8Lh}g!3nns@mCAgzz#yz9YFMRz&S zF>V+BLgg*|o)u(H&}Em*1xrl*%YOD2y|$e8*N4ghor1@zjVhfZHa}jz#2he_t9{*z4K>3zEHTvMJ<+Liux|~pjClo)COZj&8fc0j{t2_{!!r|O zv6~eC!lY1ZO)N#7W$7*K2}xLxfGiYRefI6&f9A{?2Su!df}QhK^>IrQj;&rYjLlg` zZ!B$x<_^gfx^AkpYE5o!j$Q=9PL(<x;$T~I`nl$h#TfG8Qklao_Nj~%mZ-B5xyOTWlRw$5`qwVI>e$6Z-N@$Hbh z0#p3Iqxxo|uI|x;Jgbl{DAeR+RMew$RhBixbm7S$INAm5g;$xXUH4^d#h3C<;~3^P zv2SK_Uw-kZ8n+AgioZz=e;ApdDF#JB(Xc5K6+I1ATi3Vf2Mnw!*kk^TtP*#Y|ADY` z#bb*f^Yx%&HEsk$TK?d|TgTYp%3%ogy++tAmUYXvT(0Oj*ixDk< zdid}f{inA}$!6In;#fBwPI5Heoy7JuPg0g-)(gL@&jbX*C4vaYie~t5mm+;v%iRL` zJ1d%9RrHRhi~;1~6pGo$%m`ZK!0gn4nMq*-HlvehH9isFp!BdA%uc3cpeo$E_YK!tWa+Tb`1E}Z8*%Kas6;+DEF^;?nW$2rmo5L}NX=U-2J$T?CcJbVG#|_#Dhh5o~ zpq4Puvf^h}u<-BMds5rk%-fnsok#Tz`K9G$nnD>sKZrVRRxe#aE!2qTv5N3zq&#m1 z+?$RSx@*mTX$O9vmR|$OrZqBr+t0dCbn5eJG&0nY`+JG^oUP`zW`K6n`(Wee&j6m_ z7W-o1iyEIJ=}tek`Y|s?t0SKRlz{-Iea-Qv3~;^dNIvu?be?|({K-cCi26fYUwyaj z&ozMC@!P|P&Yaf!r{zz}pFQ3mdZl`#rpUjgmC1@kezOtBY$=RIr`!&~>wJPU^^(EP|VU!sITfn$#6nNOM&u4lAwFho(Meo6*r|$VJqmF4}wVuJHKGycW+^Lz7D#h*X$%bT;>n| za!C5h*}@CPf@kp=C^Rubat!6MT6Vt;2-=Ax6r>lj-~)S zMh}zP$8_E4>A?Dl5woIiZ!jiWcC{R6Iq+d~z?za@S$S^tN`=Luw5CRVs|;bL4!eT0 zK+H^z@1LETny|$>GVa~WINV4m6T)L@IUHCUbcx3#LKWQ#fAg;3$#3W?$J5Tz9C5FP z?VnnMggrWU?%eh3*DhVU{NoQl+LgA)eDUHXZ+%EmJR@6mzO9M4aAu9=FD^D5$Sw0( zTNw+v7zk$zfeug zLsXYzbUS=_?#!7_&!0bc?ATGc8u%2aJ96s6;HMKWZ+P|X*Z<$I{_G#DB_$P#tl#rz zOTYi^|63T2p80zos^Z}3MYwT0oK_bpO87w+60DY;G3lP%RetfyaP)!J2NVk%+{cCER$E4L|iDyve>6>XNEk5@sJ@+@aBTZ%aa zUr6g2B&AfB-c?qx9hhr7^jH&8yDB2x?J$LZWnOw_P#(WyEJR&;T(pbwo|J9%)SnGJ z4*KW3g%vB+T`UWB`BSr;_quqrb#h9@!@%*X>u1BC;KZvc>wR0_t(nyFr{zyC2ipG7 z%Z>HVEq~VYq&KDIPcJvtKX>@E66?6tsTQ#<7P46NQ^vE-mnhX;@H@EcCotFg;`T^N z>?b|5pY+Tr%5Z)l6K+CT+kZA;OegsR;tz$H2&>Z)`HB51Kt$E_Iw}Q0yg5E+)cN=z zPgjdsUw6{2EYV@I$5i#V5OhBv{-|tKM9oGckm_?^OnAasXEaU~&JInC*j>x3{@@`1 ztf1QRnKST5MtHcs-l*RV{)n=pDH+u?H`y4Q|nIPO{ z(aLNKo|&G?`XW&`&a1PV?zyp>fov{$8w(p4Tf#6fUJ0-WrjSb)pz_(supqEYnY(&$jkp)Xc=Q81Y@60!oJeD|(Zj&%#F=2jv$x;*GSNM*Eq z$V&V0QQ2c1yhonCR4}_o;cjCNcCV~3XbWDTj^pEDc4Lv%u@@HDb*zccr8`v58C%_% zi#zTn*{6d?dEq4Mo?LuSu}grrnDKS;=;*6rlwZY9cUcTHJX9RxIpm7VrVmFNkO>?M zu@Z$a0J$|cg4(bphtukIng+ZJCGzNu<(K2G7Sc@vF~IYaSxKa5yU`7ba+S7nD98m2 zVbYnn(eK~Zbhd9lL=NchV?>$pm_p6>di7|E4r$)}5G&Nu+;X7hzy=(MwXA!QnAimP zp<2dL3hH^+g{i;h1wd9G6M~0Wv&Kewtom?k1TN1L4zZ;9xa%{qnF$!aUnz3d>Q;Ma zwe%_r@e`g9h$7RPYmGdX;$^HyDXv(IE&5Ccu#EvAG01)3g35NT>!`fBmcag05TP33TlTSYR z>dPlp1v(JE3G1 zSm=^~Rm{=QAsA(E$UOOOwc_=ZF!35(2Sf2Gv*24|2qX?;N~6pIa}M*szNzVuPEoW< z5&&;A>!vr25v@Z*ip34K4rEhS{SNy59|%`*cC7@F?xjAU>&8*{cE7K~#nnF>_Mg?) z>z-Qpbu3wvu!s4xhRz-Q@d{mN2TN*EwH#fXLNPn@S1Nyebh-T(i@i8&Y%e=x{ANahLrIDo_9 zZ~*QO2hOdVt`y}A+K7OKGwJ{8)ysNZgu>wV(_ep`U=#xx4^Ss48`J|%oLdoT{R)wB zcy@N?%P+sUd-pE&q+CvE5o~{lfWZn$#rdj!{`qHj?%Zke z?j`#1k( zb)P&~8a2Wp_0c0|_M|_3^6Z;9{P&QWr|nFZWpMoUm-`=oeE+Mje%HsmS5MS(T7BKG z`iOtESED@7pGTI^H+BL-e@(`~dS76r)jK+FXU_K}MF*9FikY>`J;7R}?YiD(Ptytn zky8c%mAs|UdW+%F!5pZRFz9&?`!6i7utykxILoAKEr@DioCgMSb%1Q>U=^hIqut*v z6evA4DP~4$3>Lkac?%J@lQJ|whM}dw4XPN>;pOlPt7lFJYuzAu1hym4- ziV&#?0C5H=F1FmXai77~k_qRRR$MCB zb=h&W@8}FIA1d2IyVg!K!2PK`?E3ygNYuKrj5&kG6Ykmkk|90e0-?UStW+n{fOMK2 z8rCZX&qDj5$36p-urjU1NEe^<2~E9vw&$g@K)v@D2X+P@BVuQ;46!hhG2rcVAdl5orCet7XZl@*S{{q?=?8Y7 z#f6uyElmf(@N0j={QH^>%wP;t7?%jQnd+?5$E_q8^;WNm=xaQ|Bn2@DVkDGIWA7Lw zy*hm)Pq0R#LoX~XE@5)hBU3P+4{cUmafc6)c%!gb3ML`Y8I$*^az- z!^q;!>ly25-gVmMF>zx`hG)-S04R^aI5#&72jk0IasS#~U&ZwW_y<}?WzODNvrI#& z>A}6o1sSb232;YV;ElYvNa%x-vJA0$SxPwUzIp|+EZPMJ>xiXIS!k;QB|N3WuzY_t zVXqpy^!Jwnq=cEN@yYe`#gm>w*!Ls6zs>3}?& z%1pF#$Lj3##N6~GC&KobJq8qO$dujwu`!v`Fw&bq{0XZ=eEpSVIFth0>e9*^``icA zOQ5-K2aHe{3ZT(yIIR?FzX}M-a^k z@oodq%!m^OTLJ=I5V(Rv)`>DkV%3-!ELaD21mfv!DxE z#YNn-swP%jH?6Xuk?)&Q+ae`WGPLtg{q)njPM$g7-sDlESFmkTaJWSJhOa6hwtZ$t z>kyd*JtfqZ;MtUEMQ;7G|LU9n{lAg0wD|J-Z~m{ji+4swr<{$)rEJhki_iY_Pyebs zR^|EY|Kz`Im{t$dkyt+;J$&qGC&1^+&=85_^w#M_F0I@bq4DVPx9`N#nMoS*^qQam+F|hcpN8 z;Wx9H{mZqra8srTRog3nsy%&BUZmfHK~dQ%XaDs;{%)+t^+@J^6OpSVXkrjfm9RGu zTIaU{fdhueKyZ9-fEt;)HPC&32I+f4+z!!>0v!c93Un0cC~!Iy=nL8*v-)CPDn5iG z|I}X#{Wb}$Bqu@?88FUWuJtx_6(Q+S^uS@@rq*#~6FHrB9I_U2I336b;$i+O@69@7 z!7kegQUJ$ngSJfq-}d&TepW5iOw3(4gkDfr?Z!#k(BPzCkJ=52U9!{^AW);gGxm9W z75szN5;U{)SA)e!&y$(GPAEFm6hViQ!Kgn|!(1JDbD_I;aGzz6yr4`u@YGvm?QGpyC$=YEzAqAU(cBBZNS@Hmq)=cLxsiFkmsw% z-e%u7Jl=qkfwf9H%LY4*-Ff`aVpDVlpRLcF5u3^xn09iFme z*P9tnGNvLdZ9iFcg&uO4wc=;^+r?$Wwd#fK@03GWdLyXTToDMMcH9daRwF0pIYw{} zW<)w=yi}*(g?7Du#?(GCqTls6^l%O*4EXC=*9w%)s$Jv^#-R#f_y^rHRMfa&zSbf* zGeo=2fX^s~=fc7kUFp$k6M8aoeAPHd3Rg}v3BzTCpbv&)#bxQO6HHPXN`jE)!EpXg z>Ma;n@~a56#9>Kh2(WwWdL(@-8fu;Vngy(G%-j}2*YM2p|v1Ek+u z6wOo2@`9mfY>S|I%_o)&lTB_9?m58U+je(|pE(NPy4Zr;8!tK|?j&!9#F>YY+_B1I z)mcY-*(9!}Xfd#Lk*_8O9$Oy?w$9*{zt~)6Uac0iIA3JPa42Nd1B2qm1wr-clc%*S zO_Z{b)p`Uo8FGyd6ij8Q!j4Q#y4&cwlPW*`^pjH=Tw1@o@ZFUwSG2>SEZK~^$B!O= z{q@&B{P2Ud(zv^P<;vA-*JkHto%905LVLkANOKn~+15n9tv~$mqea}xt~gBWYybG; zPd1vtw7$>rb)B8DHSH}_EYb+8nFls-dxlg+0SS-E1eMmQOxUNZwnG`n?`T(uMkAaU z;6j1OebKnST^Aq}I)vNqYV!_tkR z=3d1KKY{s3o!gOsIiscIO0uFJ2M|ASn1*yXZU@u#U2$daLPvp)0w+X)cc2@e5au12 zjshJ8jzR%)j#YJiB+k4LG?!n!86SJ&E{(ogdK8$)FB6hS+_@Om91=hoN=OyNkmCbC zB!rS_^zT#^;=_^L?k`fNA8|&n}i?fp#W*m1upvllHvJ4K-Ev@epgTVLj z!6S~9qpFev>#Fvxg z%C+>$70#uXh>1eG)Xq4bDY-L?Ty8QTj1Q?2Q@VbsR``k1)lKh3yY?cvHdgmB{c0>0!rL`AX*9;d^XG9!v+ghe zBuq~FHE&{|S-a6$DHNz6zE?#jm`<-_8@CE9n|IFn7FgW0w13t6zdb?RI#3-2Itp|Y z=qS)pprb%Xfpi?Ens&f>e8Aq zmz2bHBZ4n7;0?^o5HmeB?wdR|Bb{(=kc2RM#rZXw-DxNsZ{e zn&z@C?M0BfX_A9)|H9>gBK6k51M~4v^;Xv7CYUGB7c?q123uRpZw<67aOxDmjcjh7 zy0RVcC*u;ELtOb3AvRNGV1Hnvpyu14wTdZgNB`>8E6hsqS*uDQT1c-TH)J>~(%~7Pmkn@2mYj-wH>DQ!!*|IQIzF zGniPu)obtuN^!U4s_&q)zs7hz-9U_(n4An3)$p9%fB|~UPEY!GadygAw%S&*(?#uo z+AsqL4ZM^$_0HoOMp`Ll>^h+EJAIA)@IOCG2H^}5uiz*AIhy3%X&5tjUWyft0agzg z6nUq>8~uW#a;z9laigkGi-N(Tl%I0)`(!}|r)jZt)^cC(<-EeLw11#o;%m1Uz(f@g zP&cb!yI=$1zzD9^Mim)zkcZ4ZaEcmG^`T_7Ls%!e<(0oI+yF7sm-3EPD;|3$+_>|` z*39V0s}&b6JViVx;RKmq4Fv%~xO$BZ{*sC1Ky14V9R)fH>_Y(yrf(fk8m*MpViLF~ zoxl_!g$TzZu<;?@2Tu2@qrh<}V4sLQ!UkfUJJ*x)w!L^MCj=uhxZydF$ZEAAfZ7 z62(0U(D6J&YWmHAO&M(gmO3PwsqzlJo&W zOXacq&)fL%lPAszNhBU$&F%avSFboKCl54HjAtteDsn!4jL6w+*~1Ijfx5YwnM;>1 zl0aN{MUqLLQf`Zejsd>=?t44zdY1H}APM%~y}N4DU+D=P+wCB~T3O+#tSNs(>qoA}kd6>n!C&1g#Ocf=lO1eRQm!s)Z> zrR#ZEe|q=b`lywi4-lkpgX3pAGz0;#(wj(=t&K*LD6)Uf=54QdABuE}!2^Q)gNH6u zC4)Mq#vzr4Q2SLSL=)p4K4ckxL&PLs(gz50B)>KSWKcST6bIFq^Eh-O&9bjAjg4Kt za{1b|t89oUR>FO|U=vUKb2KCOcOk zCog>F8d?mT)lCzxA3b`EX70C;)raFztbe*I%Bq44-F%3Od@sMB=;OSZCg3&5SJs&b6jne|OTPO|gzX z9ep}}u(%}=VlwIYq2q^+AKE<7j(6+DnVTQ@suIse!- zdr;&s@T(!w_4GnpvuSSc-0n?aLbJ|GM_jA}L^xh-Ugu9wcg~S6>{bzxuryPzz2!gc!>yYHTCYw_y!>uEdrQ&Y@q zSFXgyJW~uiSo!ezXt~u)U969o*;}RzOrW?#W(RI&iT#STD&~Rw z!lnp7rZU68S6mb^Uc%L8dZNA}RR|B7fNE(ff&<(N`M8QH>*gC2wwvAXINJC+%=|`} z7#p(_KT05g07-!@Xl#7kR=s}Vw7MHQXCkfanL3>_v`*)^Tz<@XP8+kZejU;0a?s7g zx6HiIHUz};>5=!6j*fE2G#vcX1`MN_f_P!Y0m3Ly$}6Lw#*3evz>~Y;3NgX36fl^z za%pjC(Ri2`mqBf8<}c^xB`RxSl@6dHXb1;IdS*kH@Q;L1?g-QXq_BwfA+3u6rwvMu z{xp(K?F;(OsFxqtT}oFE_Iy<*aX7w*Co7n)o<$i?cguk}KQs>xA0@RQQP?r_S~YGc zEcu>C!~Y0P?uxuC3UpmOILcd(OiK=l`7k>1i~wf1#qBn$uK$P~lUSkOgcH@2(+-`4 zHn^VXAm{l>8Vzl3b^W}vPO*gabyd-{al{$ENY68kRH9w)Slx@3HIvkW7tdU?1c2+1lRN;1>Dmr|P*2ff6%{CZua^3`rvQ3azR_ zL$089&x9UYb}sC(;AWn!azbB<%{(E7$=|@)8959++ocYfKdbCra0&s!mR;|kfBxzF z?|*PhJ$F*Q%FQ=su?$)w&y&Ybey|7s!;kjORWvg@gUEW*jkXgLlk3CuktiW$VSeHM z{rg{k{WT}iK5K;UudbY#o<`ei*RI*$_wiM|Po}OWpudRc{QUg4-+s$))uBH1LgAy2 zKhjeqpSd|e#)HaPhHU2M-S5Bu9{%F!dG+d5;*j3B6udD3njr7uf=>V8r=Nb-?>BDT zAWBV5PphmCsZiMdJS07vVqJb5&`@J%q@&MSqtDJhI>D6AY4rq&d6J-FitMdep@<#` zy34;mi8}f;^ubQ&$5I8#JMiaSv=Rs6*H-gZ|95+a4{l{Ja(0Wwhy1GJ2qlLZ0!;&t z93hCL?de?kaBYKAVv59+xWeVDox#saskhB5ge@0UQh18t8-T}NR9H;If%TPJFKkK? zUX@AH(ynkCfSIc&70H>59WSd?JKJ88)BZV|w^f|5kS&U%)ouXgf5{b<0nVwTfB1*L z|Mb&)d5dHiTj4@m7AHxg7eRxCs}^}`KL_nN|BX+ z`uS%n%ts&H&=69uQZNysd+B2{Pt>`srP&%P+tDLh~W}vi*Ib;?F+4eft(ID6v(; zIVAeyAOA$0c1#e3WtQR)80|=&8Up>cH%&aFk)rU%M%?y+lJo&7x(N#vVR4RuKsmqw zr!%MrL@6xox&lqp(U^)cT65^SO?7@synN-7zU!-+rF{03wkGE(M~rAAOBdLFO&$*$ zf%}omErWl>VerXmr*d}k$u0!z=(7t^T1g#!TEy5T+Rnrq6=YDnw(K)ZweuxF{u5k-fujnIAB~-h}DBIRbqY zq4?_p)&ToA&J6SJaviVhZKzAS{hykCJgQY9d>rvP|5P{_ z0&GPuMwabOespE7oK`ER9rU?r$1F!)EXcLXR~-k8f1UCjls; zHr9!v04ljAadj-HBt`cLB4}yDvGVNm+@C&uP@6k9`{&}Rhx)2}^wBbY5WzT@aD zs|#m48@J^l$77H6sV`<4M{#kTmXnEw^!I<~+{L&J7iq?7-p-B`{%OC)ZiIR)KL3BjPAG z4qt^v3(S09%@Lm2l_F$l(leSrLs-OCmA~lZ3hXvgcGBHIe&O)!}mXVN2j46SH0X4#et~|Z8+PpF*>q7 z9^2WRR_TCK?&RLr!>qxt*gKYsOrnj50-HK-*jrTEWLEe7@)&HbR`SokeCd;wzy9(| zcyNx6Sf>ekq!%mly-)A`?ss2&a{Kng&i*dKC-J-K{L$M zNMN&YU%P(&i!VO^tH1iI+n?OFRFl@=X1%+9wkA_HBTp;H zRul*!haMhhv$p4HWgo1*tfK77awC5Dr$7D)k?-8SbMevzVh?K={I$=MVv>HS-+cY` zH&35DQHleAL@m8_`xgG|hd>xTxeC}T|M{n%t1Td8Gl#~`k4{d+6|K7XtFONN+rRy5 zp2_(tv=V}weP>+p%{Slu(?9)@>`Lg;zjvNKqYaUNat}8S?Nq2fbvy6RKmSb11%Z1& za^SfsBHZL;93qD6#s*M7|NP6>fBu>p4ehVK`bsu-ls=?A|0c9z{FBr#n)*8U4Jmew zboAMkEKTBZ=+gihP-GW9Z9p}3U>gdU?CQGpwtsZrTRd`^Wb6>o9?`AJjG=Pp%5#y14189DOI~jrF#}F z+Hkz>H#V+W&C636uV2W^tMaqYKK=dg|B{1g*}N1K$mPUP25vfloNnWHk7;En0;aSY z?tR2-0zH>jZk-8ph!#<&U;P)4Uw`>8|Kxhte#D1)~!VOmx2VICIzLksiOVjII~NJ71gD|U6^T=P4SifJrKgau zqO5x&(zh=TznLB!4;@>1%{MV7i`2ZlrKQFHy>iU}8h8Xsc0g%4Dal5oy7|0_PQn*B zly0mCP4x0`-G|cJE5Zudr>Q>2*+K-|eg2QF=G5SVqf$pmE?SH1d7-ZxOZkTIgPfim z_vBNB8{`>viErGrMEmnASSI?YFMl>atJl15IA+)U`}8l~Oe06n6cCC`utT(+&7rT= z1fSSb6sW10**W-uTcbX#1ER+Y27nO2$6{B~`?VWm}bd9H%t)D12!8Vzy%SVj^R0yKo^s z^>dhp$fGVbGIu;1d5%jM9@PSpk7R12IK&|QvHO#*6eL&x#7(+H*li4s~fj0&vHVB-- z2(&A3tzcOdXR%}x#sDu__7ZtbVDG|&X9R!v=vSl01q$%Qx6H!ELOF9ADdPKMtC{lb z)g17J8Y7^oEADfRE8mui)zQaW5R6AoGoDS2#uPN*BM+h}uCBc*Ixt;Xj--&mNd_qo z*rtezV(QR--$z?o=5Oq$R=Z0TO0H4Wp$eLk4RF&Il0hCyo?cljfU@1dvduB~)ygZG zyaGWU8C0!`a9+=lvrRb7G|fri4LV(!ewYpmiYBj2XLkJ(<7@~g|myuz0 zbzv!rlT2hVK#jQF!F8z}1&&PtY?cR&Mv5zOAm&_Mi=XX@U2@7)TqY08jmleb;$I36 zq(cB{my8l|@X<mu`7i(SFKk#}{^7FCZc8MIz1ByIpxto(jy8OGthxl01OneS-Q?s!Ys>qS zJD<$V&R)KBskX~Qyzko+tfaAb%!xCXU2P;bXc=L%nlD{j)MeLLV_6W~*+k%%UKyg& z0n4{hMO0Q;M-&-J8g{gK0uXX8Ub>`Hh}y8y*TG1P8%xVJ$L)YWd-@dVQhXkAdDG>~ zm;JnY^(r{k3PdAj=-eky;wG$=ou+4I;(~kx2mi(Mm#(i;9UMOTD82!U+DWDGA(77E zRYm#;RTLq<0^*LXkL11{-&qZuv)>`9A|A|-AD6d7+_;41dcjSxx``zqnwlu_5CEBU z#NAeV4G(6&qJ=z77&QGm_%*C>%l`V89@%p~*=pb0?7Lu9|AMPK_(hg|_^qMafFftk zqhdhqJX2t;`qrVEi?<c`?sWNkbn57HQv87Z2&16+pOVC@($enndS>m? z>^r_?!RR1Q5EP68&S47+OKc!^he;tOC1(8jzOF3e1EN0W}1aCPuf zy0kXjdo+9oG=7gv9|g5sSFqq{ku6o!(OWukVTlvZIu3D_Bx>k28IqjQbOrnL41zXf zX(Ev+LX_A?o@vTf?gR7h1wS~IYZP!fkHHTc%dGM+{pBfASu{sQ4Ui*5G={kg5EXfb zA4VCP(gi$f%+F$mPt;0m>r1998Hn=q@)9p^Ha@1I z@>e?$NwhNWq?;WJke$=`6gzue&O*Lmd7jrP?=-=5RDD#>f{fbIg_=shVYOqql5+K` z&H5`mR#{^XM5D=|UUk{8WzS)h6PWwByQ!23i>-{g^3|*PCO>20%;Y!<=vA}DwM#P~ zOpg1!?9mFf}h7j=O$#B4UY%n=${+^?8{E5R4alu$` z{5PP_WCR&4Q_0L@*ud9OIYGKG^!c+`3eAW31hbtH+-oGV;zA4?yHyL$ngB!33dcmX zMjU%Gn1+Ti%b4ui0#7OFKF+mb+ACuR=~P-Zia<#Ut1lql9t{&^3luL6bA?%>z!pF$ zd@o+QD*5I7t5@M)Zf-DgW%dmycZMmx`X)@T?92}03+5kl7dXHom!?@Sr1*TYt0=rh zKZIqJ_GCI&(DGGuP$>prE_JzO`P+)8yYj zqLg)mCWVJXJIGyKe^L_5y{FU*qK*ibnx1@=$y@wkGQ+vasVSESx%24Wy?ZZSa9)hF z846lqCnt%ov-}{r6}ny3_u!4Q+~%fYk6yiYb$Vv{=B=AAo*bu3mfGJW9y` z5~F-87}oBo|MJT(FI~FKO<-bT(q8%O+$=>q+Z9s*(|}u+{_ux?kj+oq$KiKN%IcE{ z<*69qnA}L^+u(z)gcg)^E(T+v8JJ)c?TAcv%z5Z?1=h1<6>bJR0c^_u^6Pz< zp?>kj=ZH?}3F+lrxTum|Y~|}6QtHPaeFP2%R$?KyRCRs+`Dd~fQ5uCb_&JZ|pg9OX z{q&O?dGFr6i;JeFrgci=pU~>jL^5z~rS;n$`1itK=-nGZ-a?AWJF&ta=nWaSBg|c7(iSKI~r45qMVo4rl&7VXd~=zg^wbIum~?z;(h_~ zq>6m{={<%#&b4$Ec=}co6TfECc2X?94hYh*@=GBZQ?JxcX4SgzVLgA|QT2xp9?m;} zo~QY<-_B{Hrct7l1wl)-2+m5OfSrSEejVRu*&EVKKC9k3VFnpx!9i-xC^ponJ!If& z{h50rrhsRbmSO_2gM#4Ou%!3pPFZXf&;WfC#Fp8{3O#dUc8aF4J^!}ir~DIEf*uh9 z(Okautf8C3_T9{rCqjg38p(r!ncu2S_#E<@MX|K08F%oA$fmkZK1m{U@>|CbF&ruw z8l61f%@2Kch@sK(L&pytKfLGm4fm;s^4IiZMM65t6Zw6cwcm1;h80=*>AfY=8>*e} z)Okh8qu(tqzp_o^pUd9(x)s>NJY!<jIt?IN2-c0k=W2WB** zwZYM^#Y`p|&jw`u4z1)&*o9VYGt|H*TU=58Bkx?ULWSL zH#K?QceMGfvI7J?w+1l4DQt`WaA%N!U$G@vN)*4z7V+$(y*AlS>t^U zRTPkZek|M^8~(`-3F1``zC-+rA7BU*PuyEy*@&?b2*!4unE!K(3~A27@+&_uHszf? zuv#r=I8XGLJ4^0(6eAf!!6C>J$GP+C=V{kc8r!QSC>HLaz;ozlEr|Pi_lLZrssj?# zOLK*Te43eUjOMCErB!2r(4poKUFwshQu1d}AP#s_i0Qzv)q_C||0~?bR(l1&O{2Qr z!v<$Lt;WSdJwt(yQO3oJ%pl4_K&Yxckhbt&jVrWux_nQ3sC zp1^4!?2Le>IHywg6)~LhGUQBlg_~MfrQRaIQ$?mHrZWHojfn|HKOoS-CcT|t{sEdS zCp>kbkC&RC(8Q!THWdfC5v<+bx2XPvvhJ*1%K2d(8Wre@K;D#IAH9vv6l!EdhU#Ap zIl_9UY(WS>5hO%N`0OnsL!&4*LK47ImE$Zw5eh#DI52~6(T?I>?8+@tyChoB>uA=I7b2-797uP@~yHz<{Qhn6h%#!i_k-W-t*G*Zjhw5urn6Hav1p zd!ygY1AvHlst$$aH)&cs%<`sC>2TnHGC4dc7w$K_(h$Bmpbp<^Ra9n}9KKYSv!lTK zN`a8TFuUOtkERs{LU>c9zecT7A)%!N<<&dft8FmsA|Dt9@Rbl;*ylq(P4CsrjhNbl zQ#~_dJoceL<&0$_Wpc{~{UGcQZ#W)=0YX_ivY%pPNUKXii~Lb&H+js93ZPNdt+keT z&YI485q*JHjP_y!m*6ar0U)ag?ZeYsRg5_bc7EJ;Fvn2WraFN`=J!^?kabqwZrZ1r-uBn!z&=vA*kP|QwWV@q-Rf`aT_I{kd*A0Ynm(J^KL9xuRh_oS`C+9 z839-Lhe~8Bt^$Agmw%zxmX;QYB^**IJETyX_`Fy71|UdCFYbwd{koh}RYZ8@BXo`sR5_*K# zq=1Bc8=QRN^sjn5_$ZJ>h@l-bRSu3OF<*7`4;CFLeTv|Ndv;E%gQM-9kg<$8*nl!E zwlno6x}4S8FS`6irH(#5I-CUmgb0xA7sj$NtjKRQTGi3?>YMVF|kWkrZ0>aLI+NgA@; zJptj(*RiYW#=MtF0na{4zZ{$s;hbuXaUZ&d(P={aunO zb-ae`uM-U2pj=``l+V})e8qceIJCdPsy1xS($SLt>R$WYS=W#hX@llMXwZN~L;=Iw zNtLwzFH}O`7uTPx*fMN?gY`s6wWvY4Bz5@d-x@`Qu$GpON$Sl!i%IZmQ!`@TGG&xvWsAWhO7c zfu`KCt0MOl6v0Lg+{7y5J)Zohne{p9M`UsyOT;BV;+`)tqW7Bme%V@>&V%voR!8PY z-!$AcJ>a{YL_5*jXCGH*K0Hlu!RftY@Y2m$SO=xHTA(YNhu`AmH+taeGHx?WYxtqF z#VdupplrNLCihz*S6+c!ECM-EF3{3kLxJhvf8wD=VK(1q#~U$#3rknKXB1{>7-#&^ zP63nx2?=*#ZpuY?H2x~wrl!?m-w{u} zg8z&I!$tk+P}Wq8WP3sDmw#^wLwGUjFLl9JlOu?P9;QQ=Ub1^-$#?Y}+a@uTKgW5h zp*>3OKZK?%XnCb8SqEOKiO87|`1zKdt3%(#MQnlbD`%Y6Es)0n0(3*0;U0X>Xa4%W zQ<~$%VF!lxw%0)~YpMHAsdgKa)3f5*)jA<^LNmlEo%kPYs^z5 zKxI&)=Ufb+W35M|9O6T>=;Z=KBro>aV!%@Y$r7nRj4@L>zSN?~EdMCLIc`zk-Z(iHA; zbq1X(+q71arU4Sn}3UZ21F6Bl?^k`DIdsI^ts;pt!l`)+SzuE;PJf zVl>r%sf-s}sJ4x-DQ*EO3lyW5kT%1!MxOu!&w)80l7J&e>t~;{`*k?fufAI0-E#_{ z#{a;ibs2ihKjP1VdRIqYg|FLd5m%@0Xkh@w*5H;>sHS)*T}?$4 zZx4S8iAN5}TJ)jjC41KV<5})rgLRY* zR=%)+R?OjIZ+zB}QWkd&I}jB-=NMirbzvLO6bo{ls?;FW8@#q;4Khj<6N&Pz(27lv@NLz>l5t(g0YF zG-n_RwaS!!&NE$Hg88eRt8#?_|CRZJ9mI1mlL-^reH|SlL->|_$5$UAh))FnCE@4>ALfEdw7SE z056Wb4=*DrMO}lsBk%osi>w?BB#g6PjGL-_bky2>yEWkP_5QRs*UD3g$ajXD3zywA z7aO+Y{lZHhT+{PC{N1ft`po&AB=P{oX8A8%WPa~dy{P?@m+R7`=HgU+5SlBC@tq|M zp5i{|Yz#ENpE5A|Y?Gz~*<|k(L(yyc&ZJDFsMxu|#H4b?l*3nlji*AnZMmD^wddxM zANw0Dvb-+=Erq3^-6A0D7>NaOjkp%KEP*pZo%Co)o&z-~q zx)52el=g6$k}SAH{{6UErRi!wZSF6u1wr{#OXan9(bcWjz;i8oET~8$bz;guk``G? z@ToQybe1#GVYX&8NJt}&I2vzQfuP0=j*-7S?)3#_z=ko>Z$s^nN(`$O@&MSa;}aDF zC`g($5eArmGKa@3-EwT)3DlNVk}X6E&AiM*umi9e@)}2kg_1$Z6mDAcf+i?!yr=F2 zBsgku6fOmV`ob*L#g0fzl@)2WaXb8x7dn_-@1n0d6N_NWasG2WHQolV$=)0$#EIZd z`^eSUB!tewPnvJtWzoAlV-U_(HQ1FPBbYa)8}BkLX>OWA(0kZen&dD9V^w(Eljd9A z4q?(~OBjagwbpsBSUM>qi=6ibfH+!P;JxAlYT;!Qx2M(b$WEG7Ww_vw73mjSIF(Y+ z`gxQFXCuW!ulU5IK1$7mQEf|M8kq>9coMG=^IflGuu&=7zpq~Nh6i1I%)}(wb=vRl zflnK@K7TfJb}aYgr2dsv)7KRdW+gxf-Opf|*E%b)RpLVO~{`_i>RGLFmGLehH2xJoBCddf{gU{zW5lB-yRyOSO ztOqeS9?L0{uQeIa5z~h5zQz`C-A0YvthfWI0vRY{+|d?~Qa%MDr}y zt&l7s#LOyRha~G;q$Aq#3&#s779c(`aaK_5$SFSiQ1w$;VWbMZxFoO22!{F?rY9F?CO#N&4R7zbCDxk4qK$VxUDZE?UBvd zP37%iq6iz$x1GL*E6c2KaT6lhnCuMGJ@x%jo6`2 zF%%)|V^44mfc~%>2O|Y>9XSVm7_Y-IR@I5FXxfVk=q<2Cr$H_zd!N^}{T>^Z0o$lR z?UUgvXR}Yox5(*z_cZ8v5{*_2Bqw=d=|;Vgo6&r5?csv)!bGjbRHrwi$J{!t09GlO zWDXUEk5n6t+IAZzydEA3o%=DZK-+k=-mpSk8J~@@vILs`y=^GRiH2ePwd&GAg+(nD zTuzj*ZxH)txHsmiBckp7M*B;67KD>{yW0b8BW!$JC7srs$o~jnvHW?qw5^BxCpoMr zZ<;bz6DAUcoYx{-Cd$^&SpYj}46#nhr#q5IKDT>Bb{tkAB1&`_{oXP{PFzr*W0z(< z&NK%h2K@}he{jA&iu~SKJajsZPI_tP-8hM8Te`J(gA>RPGnP_MI;ox!kbhqp5+T~~ zCs5pF!2ePD)%GSfNfOBzGh|8B-~Rj88rEU_%nHS(!+89nx5B+vr&GMEzqT!Wo(Pg2 zKEKx^AjAk5T&D8C7%UQuQTIpzp7wUS*Hhk;4+TwtX6l zx1gKz4wa!LYoUbgz0y0~)fA4J`v@_}cyG_BLKQWZ25y3CwU)${fp&%QwP)q?$)w&5 zN3QrQ8RSHnn3-kwr%tiW@-io8mJ;EH!t>S`6mrGg0wRMfzdZPLKmytV~(sSyb*=^p?W6Z7@Bl8=sgh) z&QLhXF#%09W4|Z)scvVty317K`*UjC)-;GeudWHU{cb)wmCtr~=f9m4x0+X?IGMkt zwnB85AMKi929)_@B!(u{zce3A%SPkb@VVi#{(X|%*ekYq*dO;#>USx>>UBA}4_2^~ zW-3RMmK&4a{V~eW4PQR4*)oLx)=B)X_qMf-Rd9=Y;BRXT3$d#!Vq}%o%-Cl~SLi}d z;PW@QWk9oS#8bLc;?((ls?r%@g*2t>Dd<{gGmicBkWC7ts-Hfc9|wqh`btGisR zcMktkcwUk63%LlS380jUQ+Z^rYY}0^Daxee9^|2qQKmU=;$p`nS6FI{F^nd9E)%W| zKudHv9L(c0qb4mYitaM}jE2*Fzj!AHAEBw$-+{Hr4Ob;X=vK^bh)$*OIao$JD{;v1%=1dT*lu_`N3lkjHVG6g6ipd13F`8FRa-88ScPh4D!i~GOi zfI#FMM&7*Tr~-;#x?xtTCu z*!$%fv)Q_lt3HohNP^N^ef!1}phYj1-{VqJRl$IWrlkH~na8z|*7Olq)k@7r(EnK=|#Z7Va=QskT3L*J3lW`LWT%k6<5o1+Oa2;>78%YhP}3li1^ z)ft<;_K>x`>Srj$g~jss0$mK4R&Mp8H*&eDd7x9KqC~Z0C_snCLKN5r=&oq?NcAwW<%}?rvDa5GVN_10 zhd@<)8VURrmGDw$+v8x6V3oPaJ2OEA4IY_Eyc}ah$qjZWHMtRHvJZ;iF!g5$cc&y6 z+;^(c@S_6krdVZ$|Vd=;%kGU$0o2_?D zVRm6#z8Uo`5Y>G7A7d!peI2$u-k(%8`Ivlte^y<9%fg&z;8;)0F8`ynsOXR>=@B2GYinOm?Jqf2 zWH!F1s$<5Y;fiTX-#Kz)f$`{8S^a1_F|S!65|w3DCSVhsC*luJir5(5o3+iSaP3b_(DmqtsE{VOJxdWhO(?u=n6%AW8UDp7^Yg0@1K10Y z3Ya8%&l-st`|M<%Te(-plCqdDR8y9yx~gGp;x=h(|IG<>P}*^qJ!?w8+P}Y{)j$D5 zeWy1$e-IUDrkTU_v^~q!a>mez9-`Oqlg8t;=nb{dO2$Uegfw4sZBB5o4k{l<)YGZ4 zj;0Rwip%Hn`B51@*V=mzG{aDVqp(6yRBIJ?J za5bTeaO1oFpY+vfM7jM9oj2W@VRDSD!N3I2KT0^tm?fk~0l9>+_wvh3GLpbM&>bS5 z6t4rD9z7V}8|xkXysq;n3~!#%i2JaVm;GeInRLI-$>TlD?dMo40QY-j6-YSMT5Vnj z@2q?U)2s4o993M8{kG1=?&+ImOqKP(ggxdB_vguQfPC2$peSrC3!qLM)bwnh!$q`&L9)5JGx7I=)?=kI|}Xc9;_gxi8`J zy_56anJG8k-nb5AI*oI4P012DWr`XwzM|hB0f0g*f`X_t288Mk7ov$qsfJwE$7>q z-ucD7>my||hrQ2f;FggndUSn#-rE|qk%$-|Nlj-Lf}&P%&M?Kucv$ytV2_35$`i)# zT}L?Gy4)@L$e~O~-v)UHHX6C@K^p99$q0&)ruAEohDbY~ zN1qulVg`rE!%SlOwg^G7i!c_-b(JC47>cpB2~9QJlRt3x1Ie4-Y(t}Jyxah1&Se?L zV0k zMpDioUf(!mp`#8o?b~~UbBAAu>umAM$RJzMDuyMKXQ1+vlt2}j<>J@o$oGaK4r~rQ zum+w9n0t8SwkNu%VkFUMEhniYbe1-mD>ohLIp^8;cc04b|j(Or&l#*xUOLW#q^%V$hQ!Qqvb&FiQRoLXv?m~_VBd~Nv z<_sj9;MyTN_kG<3II5mpRgF9yed4+ zEf?g12&^go@fx=-NwDUHavdzoYVb|WqEKuD9D4K=j1(2EwsXmq3CFv-QMOy}eTFFB z`xRSUcWrkxwtmc7Pt>q@9G{50b~{Vc$uWHrJoFWg?1|x(>;B8Azg8Rz1s^i7w-Fci z&(U5Uk3u;ATC&tF@%@xPlm$nDZT^T;;H)(BeEbB(W@^cBdWpZPlSDSt^msW#rla3lDI2V%@4$AMTi%my!SIw-c$L zPS25yHEv|i8f;zF)Q6%))qib6q%cErnmRv~F9qzqe1C;bMuHKAW9;KEt4T&xal|%x zMl<5OE-w|~rh}YfEy({YgF;5RlzhfhpTguIf!7yYIt(9;gowj~A(Q*IDSxB5N zpM}?hVuHjj;eCnZFOlEiZ_mw@YHh_b;iy}pC9jVw*Wc8hQ-I=(Ua=N%VbKEW7zE-R zLZf%hTg}8Cfun|2Vm~0a@z0&z2mA+97rD@%v)fn=2yCvBCI19h*IiEdAtx1TmBg~* z5?ozIUUl$&<@Hu+Kke@rzQDauEm&bM7-1aZlFOt{jHm2yAZoWH^EB27H^E2!L?(*< z?*y0maYr{N!`C5<>}79CX(MOiZogwo2n(u$!oil{wgwlZpz;c!cX#PgRy3e_zb*9} ziK55yKN@&&4cW9ASg70R&3n?v1yLjDq1!AQRUbT(L94&D5bfiNk*;J&QpwG9{4TMA zqOFk2QzlpCVzc%pGyZ@ndRF8d=D)59TOsmz+P=JkE?(O{`!$>T$UlQ5qfx8|ZCQG` zmc0*Rig^9<(kGghrh!A0!%UvvXh~~i6!pb|)7h$HJQUbS`w$f$Sw29qJkHB&^$rrt z8#R$@n&|Py#j21Ob@`&Kdli}9gl~aBeACFwy53Y;=$1OxML_ zDx_+7-Ek_>CR3qtjL{|Vz6Yu6qrTm!P!J!Z!a>9NwIWaXFHOD4Z3D4r+_%xj2X)$RX;)RH%=EEoVwJycjpXlV7gIkwQUxvJW~_q(2U_Iz8qaH*HMzf%O3})x z&3{P)*zc#6|DDsm)+^=dOuqt-CGvbVFzmU?&PrKkE0KzWrn6UDL9yFQ)w@}Lw&xGu z)kQd_?wlu|8g~?XjS|a$?kR&EIP3B0wlb{v?un!bzF6QmrQKAv)8-rm(kuHr0`@&- zvz8W*fb8w=ZpF0PEI_ohW2uYWwc1{o=ozgo%=enG0C9yhhArmz_o)P&m!S;ccOcoGvky^h^nu|HUYD!-&d+5 zQ6pKm?@d*T+%>YS4Ur(F`RVCrotpOb)-D_-+T4+rN$Iq*AfcB18Mg7lAzNba)03tQ z#*Tz7CK_(f!?wN<2-7y;lPT10^qO^?=w{?1|fs|U%DYx}h8Ck(}i zkkJ*U)@ZrtL3lziXCx;Q3Fk+o^KwzGv0h$ntS8v=K0gS)cxc)h+%Rnfr09@PN5aDL zm`%wpFf(%zMGj&r-Zf)CnD$PTv+LSa7(9q#aEF0Vq~mQ}i17ETb#fme1}t?E@PNY+ zkYAjmf1Flg=G^&*aSWbbT*uRoD8%~PvlTxA6Vg~Ry>_tQ>XzHaHqa*a zQzEn1-1a?`C4Tzxi};Q`<#lQ{kT}`e62Lc<-5yew0a-JSPQ1C>6f`E2%jNt+PIjC< zT3axslQ_ziyrLQfm-ESwA->j3*6Bwi8fh!@e7OdkpKok7Tc;NmsSQfFRS0<8cI9(D zmSm}%s?O)AhR&GDvU*d=a<+8N5{?;tb z81?Dl)WC2jjXJDww3a3tnK|Gz5)`I>kxY;$GZDZiN7PcL?>eSK#SxUZ~bzz z7tZ~lItW&?0(lJNn}my7P(1GFe3A1DUhVP< zatk39hIBgX_?LfM5IeK*#4x`@=&n`;)_-7d&uh-l#E)MoK!qqN)5k2IYZD?6ntxn2 zyP}yJ;N-weXlNBz_(nqWvdSZ=>&D`+4DnKT6@HQd9^c&kDa|{wpmkeuV$`zM=bm{q zb0%DVhx%Cvht)@ClVCbnn9?VmhVvzi%SnJIx24T?(+9792{^!R4*;cVwc2 ztH9{l8@)%53mfh9%{p(CU1Mh@yUPBw-*?N~du{QI;_Z~WIvAyFw-KfuXj}LHjf6_3 zkN~$TpR;$unIL%ljb(FFfa9#!>ZgF0E{@KN6EdOk0{LEwiq48Rr*p}_?3_1J&ClP} zP-k21nQrT33v~ya*F2ICn_#XA2X)v9bkuY#c-VLZ=^41W_fMgZ%UhK-XqNKOd#rbV zPHG>aCHb{F{|(Rzy`zY8Xj?q5QC@FtdR zpZ3wO%f0TiYKywr(Bk)TzE@#=iai_W5P`^(d*ar_a#4c#%|2tneC5v3Sl4Gr`c%#2 zznV~TrOgXEd2Pn;s~iJYl#3ht0V><1o{i9vV@>7Q_@J^?IPXGHjVb#og4xZ^uARab z2ZpSz70c1W%+!?jBFO{PxPb{XHZ zYl52k0X7ojc%R~amkJN;Fr$OTRCRYg*n}lw5HeS~qv}&qg$;>n{%{9kVZ)k|U{cP= z=$+fwXCX%=nl;C+fYI1um#Y@TST+uUs-C+y6kAj1tjln;g*5m%0sG|Sgn-}2LRP?< zY;7Wy-cg4g{uEqgi2ep&2h{PE$eb+{d*~>kiynyc&l~f!DML46v2k4US zeAs96#5Qogb}}CLbCJL*z`{>4gAI)vcI3QW)e5xW9Dmd)Mgt(WQW$Egd1XFuBzb(J_4RRU`}4ZvMyEUKLp@v~in*L5{yqutp})u0xkb$;4er+#Os5IJzZIZ$ z8Y$nyJ*bW8PcvH3}j{VV;B-T^VAY?B{zn;t8{IF&Epc8$b?vXn7>FVge zxreOc_COyY#iMFJdTV}MQ*Z;~=L$Ck65)k1nlawi9ntI!RE(s~&9x*bHarqU#_1OKmw^_gUgoBzxHU3_FnKD> z4(@w~0JQrcE(!$u!Pc7M8uYeTHMH+sfba?~WApp%dss?Am_XLqBMy!W3f7SFEys2{ z=fD*)NOMIVvL>zm_-_0fq2S2t33Smg) zayUe=(pGY5Xiq2T-A+iqhOt%keXd*-%xz>?J4T*4nQmZy12wGxnEy_p796Fz5{`H_ z>DGj{cmz3{lV|@x*bqm!POf{TlymZZUaVtcr+9eU?SFr9r$=)|L(|TJ8QF|RMS$T_ zR>!QG-b_dL}qO@Up(=h>o|-=G(E@oSoy*boJJJJ7f24O&gg@YvpOH zNohLjlSz_ff){}=GLY+`E4tyS!oW!xk2Qscff!f0Eex7?5@EvuVV|4}m6D?> zUjGP&0#(5C_>zg* zgnqCh>T(|L%o@Mi>MBWl+)5^a6Zb@0DE@`S3bd8g_GX2Q$#WIQm3B$iieVFM$>(b$ z22v(Qa&?F8NVecftz~c9#XIxFaJ@{sv!GW!AE?Xk6P`pfz^~>I>3_4Tj z$;3*0&*j^N4V3(O)dRHji%cNx1qP8`!R^M_Y~({7JIK@h^!9m(#;7oL3|cqU4p^T4 zviJJx*Dh?@(_A&XxA{#!t2Ly7y8Y)Ct)rRq+&tN3in->x&f{iE)mxk8cf$KFde~Kj zMo;I;V1sz?0BO3ha1TV0ZZ01(kH|J&Cwly{t`=;A^CCqQw0aIMFYKO4Ui zMvc(!Tf>Qcg(bnpaSdNahuz-$#R{N2!2SCZykyCACgF=_g+LucEJpKEa7 z`HatdeWs_(m7JMP`5JjG`P=g_`jGC2Z}9B2f!{txJQq}-fN{V)jV&fjL$&h15WZrb zz-ECRA04%~v&~ZT=mG|8&@?rMNlZ@>3&&$Patt!F6yy3YzCj5p(nwr2N{Myk+Eqvx z@uk+xJ_yaU&H;1h=mm?msV+4&m5Jzy24+Rmi({aK<%-Yy_)-68-VZE=-T`l9hzQzO zN?nBJltgQgtTiv_&46pZ-=VoQ2pvL!v40P2P$a|Pf^(q2;if|$d6xIs2DYPOFat$C z?V0ChHSDT#0Wf#Svgbwoc&86E6a57?I8HyGAsuicv!$wo(3_UdSuMl8a0plinkM?i^r&DsK4Xz zgBkb^{R@77V$hA4SWNjH8ax4V4BkJa$1mSuO?#t9Nzi$XE!tOiBYBvFK8#ddZsiaC z+hO}ZbIH7vF!D-M{NMW14~AaCh_&`(Dg!Bervxfqj6G50ipGdN$`-_%A_(?v^EuIB zocb)ypAFj57kUjydu>Eu6+quOoLU4VgHR>&Xk;_V(jbm*w2p;I(FW z8`GSowXzjaw%7QwBOs|J@EyL96%Ki`7Kck}vN#&NyjL+xjIXI9 zR1>aliItFd;B~L-_OdG!FHwKFEZRS2^|35nfBUDyKJ^$C@6%2yHr# zg4vThy<{5ag@Rrk)PB$Fo=mqp^b}n&%Xc_?Vkr2cp#R=JL=zD<{&SNd1c8eqF(M}j zXJmqXiR{~10t6SEP>P#;h;5$ihof`xqcu}r`A>RVQ-Xh8nRe0!cRC!dD<>9Y)gNUb zlR8pTLUngBAeV?9D8}8<&i*nnDy1@L>yYYP_;}_E#oSdEH2` zJlLsGNqMy*BeV}A%?%?c`yyQaUX$b7>N!)CQiKv;42>00s^QETZ06d8m7skR(UC>) z($r2KFJt-i_yGPo<7%uXMlYH_LsAgT!$d<*InT7ixC2!LOV*?T64YT zai{;m;AL|_2rB7Z?+ecfT~J>IDD{SnUw-c)t%q6jH5f;ef&BXFH@}R!qD}S^07Hgi z=TXU6vF)Dr0RoYBP{wPi0QQi$@Z@EiBI;facG@zuiUH9AsX zp!%!1Vc|zKs3CC1o?%QTAm`H;mm`$&;~M;BKyPilpy19uN1$M-65Y3XyC;)^sXis8 za~s#P01;ELjy}75NuQxWIOYhyS%zHIbGSN`Ec|+GEpil7=mcnN=e=VbTMjWOX8^b!t1=*4)b4i!T(bcLI4C# zv4~U97R!VhL2kY1`WP0)hC`7vV*loGGDy^vxFOL~raUqX8t&u4#G_*Rs`!>BW`o`3 z$Rh{rzo;eTiV{;+MPiOkAw`hzOHr~ZIY0Nn6jW<+j z%x1ZD>_9V)hWk>5P~u4yjO{b -uWNcIbPm!`1GCcAw+41=y>I z4?G5~ZmU}#8vdq;KJMcky~)%n5~Kg{Ov|0F;M$|QGo>r8?H}=f0|`P`R(X{Lr-&^s z^o1XizRkQeodZV`!ysD&$rl#C^3;y(2>G(K;6a089iG3<=kr?W&e66L?)b9!PBrHL z?t&Kijs0d>_+-hI8;o0;V%CCSS$PXvuxj)cW(rZPTSQij77cv{0#*q1+_t9C2%YqM z!~1BRZeYVSG)^K?60Ah_FD#=HS3u~uhLB0Zc7v&tiIh~r&cW8pmM zoK&@`CxUxXE%YjZvLAg{!-q<_DXt7l$gz;T+s2^XpWsno8D!?MD}b)66=j1-Jj%(a zAI=pNWIq0F14f5U_1Xgh$)bF1Ww-jGwpt7`N9NMW`mCFrL&!j2ehI2olsX(*X7 zaamkl6}W(f<&bc&?mi&R(n;w)8v-A z3aGT{4VT}=!{m?!yFvK#KQR0s|D?B&8QUoJ(Qpes(HAeD@T`M?!1%icOE05*V}_~= ze5qpdPZd{E1fnFV<$zeot}IuAd|p!PC|H%P%DDT|NaFC?n(e`G>I8U+m$?Ra&4~X| z$ghcUt~4h8p+J{SdzOhB%{pg;cv*lb>vL!@tF>`aN%pC_<_dMl7Q#q}(HR*KaHwe( zq-BSb;$RJ^Z<10pFb@UoqXGpPldwTZQFFwB)c?%xBe9j>ff0N z$3pE9U(UMhJtLRH^MJzo88!BMNiSP@(48C;zkXgmDsgmpS3!%lOOTOne1*Z?He{R# zXVduN|9`c1!osX_r(+V3EGde-vaH|id4R{SlelAGW=m(^&RD0dUhfq%F>~_qvhs0@ zYCfs+BG{U$=J2OKzvLyk^p?dE_a zK^v>_3=K2**i#zL(!<-4biG28*LJT})h{-MCasZg1$-rHvU1fJO!y85Ui9*za*&zb z_!|quRacWkZx1BGfL}2!JtmgJ-j6zSV-Gk-Ru&y1jRZspx)TKZ1NMW|uDBz%ad_~{beQ4(4-~>SWaWHcq?C-tw z!?=QtlbAGn#7l*e>2`S>^#^mV(BgPo6;t3b$QcN&I{D7UYhKntu9^tLj8oSRWRDI@ z`X+O#L#zt5^M%mz5Sgny(jSk|ru#DUd%*K=9gC|Dt}kxn!{CDW@7U0Pnygk?p4tY3 zJV#l@)O6}Rttl{jbE+(RSI_{JNCzhc8SXXY%|OoaG9lGs-`hALo{Wl(juj$xmr6xO z)_7recWQ)&kXft8=g~Oh!q=w`D-Arfq6S z5w)$%#kX@cYFyEJjpC#8`Qz@tXM_-v35RxYDALi=SV0u(22B|7P+5j8mBYtBe4+Dfs*zpO0sXFu|(UNx&lTM%Ps~Z*&Z! z|6VvN9o(FA#QOp25#P^eL(fNtug}Br$QXINwZ8tG48V6<@SSyi-`@*t1#&T8v+lcV z22Q>e@)OvrP^|&9kdxzTvL3AH-k@|rHM=v;nVhJ6U$6c5WD`=%MmGw|KLMqwWPHsO zuP7u%pv!amr#0OV(1n3>RklEiwOZz zqr#NeK_qybtRXTXZ0Z>tl;X|NPfZ-UqR~3=ZRFV4E1lws&=f|0C?f_}#;8}GJRdGyM!o@}xF7!_!a16tdmqtKk zE|%b0?f(ow?che@``sCUR4!ia=+Yd`gA%{5e^|Xrq@S(AhH4fDv=Nml?LpO!-iISY zm4&V#UJ2POIqXO=&2it)Dg^SArD_#8w1HPYvQbU1{hiHX$CYe2rT& z=OZPUJB(*oVLy__J@aRA#GIFR6r8?hATy@Bu0wh|GOz%y2%Y;_4a)!{)FqIfTT$A^rNSk8_4S zx%1q}@aO&gFd(D;<^03u-qVAlU@;w$hbm& zgnB-tadz_=-qd z-xbF9C=u+bjsbM0<$#cF#btP|B;_v>H)n9QcR z_UsS3fWMgAB`755-Ay*+JhQW*5F;@#Hr&Ve%k3UOR?p7EFHq7)f<`ofnnNoeb|nBdDl zMGBgLLe%~70`XX1fO3T~qgyD@@Rf++pwsSjcYj13hnu-8k26dxb6EX8A;&K)ryWGV zq19@42cT&F8<*UnTl=Ln;-3V1w3M^|VT&J_Z5X3*(EB#Cy#}w~%E-p6yXuV+F#uY> zM{*XYJZ!pHZ?fc3`8luoRxpGHJs09l63hqW?~cb3$=i3|A~B$XLr71+40b>0;mqv2 zWOemwd&N5~8Q=R~Ic&;bY*$~3G`TT7a-*>UT`_iy2-?DP_9IKEq`RQf_LFC6XUir{%am&nn68pX^Zvjyvelr|^=LbP5f z69!frXGlD)zVM)4Qf7qGNVwq~6BELYjwfMh(Ps12X)jgHasB-k_04?Dcq&!FMQHp& z=MfutVIjgqr8ZV(o?2Tyr?MYQrt|}-p5`v+G@IP8Er+HCdxH0WJMK)GV!q91XefK= zZxA4qojD(_DB+4j`~`**8_9qlU1KRis!Pix(su_UlvMm7Zu25 zVsjsq{K-w&6BY>)`&^U3;uQ6g9qtCxPaS$^f>zF0y^dL0JA-zuY?n{L>`B}uaDlOq zkH7Sihl%lBpn?!o_))kivB#C3d5Q6Dz8mn2<_DMLn0VH7p)%OmJwgu@(Mx_uAQN zYmGC6{iFhAHDD^hAIN8a$j)Z@c0;-XUs?{@Ti=(DhQZa*_Uzq;xQ^JJruku-=mgnV z;_2;xNPsdRDGe%(LQqM;y~+}8aJD` z0qN?2taQ|snRpw62P|^BK;$h2a&j8bl1o>fv;aohjKAupnCOj_TJbhoQzH8pEaANl zSIyK^LfjA?5f`MT7sY_`7#GTG<$nQ9L9)IKJq%;6K3GQj|Jl3mE;(`}LGVm1nM`V} zs#sm!J=5>q&CI>Mw_o8t?EQHkVRzr&^u6tw>7K4Cl2z1Nr&jkfLxj^)GDSpYBFc=I5gTY|FC4?riQxu54h**X(Z+fP?2HO=ap;L7Q zKY8+m$0Q%tR$HtEhKH>L&YnGc<;oQ>xj&}L(TdK)@!*$V?*8Y0{{8v$7iPMmlPl}N zaW@E@IdkUv^=m)=_`9oDukcw*?ImDo!q_m}QF({pp_ zCjVxd)KePz)Ty!g`7r6Tx%SScG)}9XrRT1og(T0Jz3v~~_7)EaWMlq?7$y+Ihos4$ z5he2KdE~G9GRcCel0sQLfIPfk3gfPhE-lZz`0Tw=17e-SlYsqD<%FiV1*(Vq% z18P`|=MyKyBTZo}UPhMg@EQ+C_lO15xiCubmOp(5SAgca#*rH2MB=^v6a zd{u+pV)YkFN`83Jy`9D=5Oiqf-%iiJjlLI5*XYARg=Ty;>m5AMtaozGHOV&X-;fCn zKYSJZ5VKrv`s>rux}}2v06+jqL_t(C-&H+J$y{3r{VHYvsXgD`MD;Ve7SYxL)OO42 z%43xpZwOa8zmW%hXS2j!l%+u~lnz7zg{_4Ksp-fEbg1S*$VOi(?9@~1k?fyv;?z~q zM?E=z#nLscU4?+|l@yBS5I%d5KSsU3V9RW;7F#;Tb1mNLUg0ZVAXt&ED_fff4+4K3 zOs$RReK zKfD9UY8H^w&ao~3qe8W*_mC+N(#91|t1R=yShzP73SWuV$x(yXYIv6CWrihnSP%^Rw!StPPH#*x0O&~(;0DRurSmSoID1H z26dOfWE_L&Fcd{@$0PPqxEc>cR1{qpGiA&i8AC14=adO$=PEY8jZ!AxkT;)|u6TxX z&QhC;G%4MpKz7E7Vn0sS=~hMGB-}cOw+K+<`7KG3L*nze2px4pk<{X%?1uCln4e*0 z@Z!%u<873wr{wdl;Ma?V;#dLNghRfp-70KrX&(0{I@ZHzetnq&WlX!9h+U>>S9V%- zX`MgU>)U%r68d{j2_o?@ve*WpFzyEaa-u;&^Us7V>KRP-_bv1c?TwQ&|2lB;>SFc`) z$~itZ%7Z|Z)-vJB%-<34-yS^VE=d!1n4~bFIY$j9K{W#Cf)#Cuo-DNIZ@)d@ehPUr zp}MFs712jWe7Imv)!-;aeOg*}vTg~S2M-?ndjD6GsTtoLsB71*O;4Ymn3xzI9x?T$ zzP+MU!J&d#dSN&8+*5z45PFUc#RhJfdATgLxuS)CI9h}TNEx_r;Q~~7tcrfhV;Dgy z3;{qK2i~q+xr{!;Bf}#j@x=x}EX15gQpDSf7cZVUGwp3v(2iw$^Rg^pg+LlSmH83> z=FJ-%ls#|}DKse^!Cm#zrHi+3-vS42;D?T|x+W^FbeM3Tg=*;+!bVvX25RQh%+se& zwU#=H;U~r?-fG4KR%1dE&y*pZcPEgv2Mhv zXEIRpl7;MyH>m+M`CCM4=+ixZz-uOHlP*Jo=g>J;S3l0qBfZadhf+c%$?993(PRJ6 zY^JBDD0wtg>YRp9E9pbV+D1%6osv!aRw#=TqwJ@{^3%8EEUJk>vma*{q?|c5xya!1 zewGU_l~LfBUZBGkjoR4AWAodfChkJp>*iJ96RWAom!)wx>+2|N^szDl(#Nkl3V6@J zsP96Lz^BfE)=qvJZZ0ddJptAG++RgzQi^;5|I*nh&-OL;1gG1XHCZ#A5hOPtSt2_W zBDiaKw-M+bd}N>S1rqM~WyP5zg#72JKQp&TR+eVQZbR!rj7C4%LS8lW>7IVl=);>O zK*Mhhzty>-;fIDF8h*(2MDOY+c?c->A*!CL^s4qAVl0SydA@^u%e^3-4QPh(89j@F zzP@l*jToz=LOEIx)SFqg_p5(Eiujbv3iHB{J+T84L2<6Yd5ABWhLjJ(;Aj4+=-J5s z9+3YrcKu&Er3diA6wv9SJPGIlza`T=`d(2-__Jbc56Sg;OXlwgeBjE(|J53v3FE}l z(%R~>XK?|?CnmU@*Kz2zXG92_ZGT_83yusyCJ_{46%mhWc4qeDrx`o$+|=-1*~<<* zGms+lkqzmx*?(l{HWeQt1#l@2dN$(rS~;t}?>ljWb}zGPIVFyZDnlFw%Mr{p z*ISmuy*74F`4N^YhR9<4W{kKJNNhcXje3G1S%lvDYK2ga|7U)Iz|HkK3SOF|GoqwE%{s;P$frpuEb)nTgug4|L$W zZQeRO({?<}eJOt@e1_p{~{t%N#moqja#a%cY%hTnADw zCEdHt9l9ZpY}>*Q5bNMqb!BQUaCX(4kUOfWiZ>63Ndf1i<`x!b<`zDFn)N->s5+!R zM)*86)bYU&d6o4-W{>{vjDHKrg{45ZTgnFjXnS@P2ItXSd`|!4KmOxyfBVmvhDJuN zUAubc&iB`ET%SBS>FWT$+`aqffBpY{{`qI&Gc`c~PH|PwoIOLc4ORBd+h@<8yZgNT z-0ZA*O%s3o-4B(rq4r$%tvIJ~?b?+yr%$7Ti0~iGd>=oG`pKC!HrV?60X}u=6x@`6 z6>P`G#swVZhzXM*N?!aa<)r6??$p;OqKt;{#}x`xSWp|0JTe_ri-@pubI+eY=Lve@ z;)Th{lQP3!Mcf?9Zg&CLp7sM%R~a-p3J*&EQXRh$eyadNK#kmoIn=sR>l0RNXkvU! z!}+ROBS@T_2uDxNL?}45kjzyi#ekbBBLDc~?N0 zHHxY<>8acr$|Cah8`l<>{#g}z5KK(M1$z4QX=?5cpS+0jadnvfRr3q<2ENYPJQ<-< zL!XX}_b>5V^}Z_)J#CTcN{f2{Xc1b*Rf(5SFp}sY#Z7ttSr2RSCuJJ?w0O5m{6L(U zOR=Sksdja3U~MVR?@~z}iZuyL_KgkmU~Rqfk}mJFJQGl98k4> z?GMOqN~vWx*?Kb%&msbW>hgOH;$l1WD z$uXZwaOBL(b_<$+4@3b9IVz(kqUwd*bIEWX>y>bIH1kUmAyz3zJHM3azVv#JjNgg{ z+xYaYg$r40p~)A>C3kkPY^yoh^;^`5{%jsT$qEF2wj_&)(iJfrSy+tc1lBb2=uw zI4&M%l3i@Gn*cNkUo8dndm86Uq}38FqI?m4w^lw3GcTmo{5+1rX;_T05u1r;R=5uB zDpB^;(s8SXA?*10nDNC&hbJiSj!n5jDiq?RdjSn!ulUVyo&IlD?oOrQkJZh351a5rQs z!1s&f24G+1Pn?;bC5wL4DKWX`W!=Dh-mDQi(CNYApWRiBM4Pr;sffzr66ZZBk^2?l z&~HeVzTo#JgH9n)%Ue@3IT{|RdD$iv5xL|6!3dQzIx+S`V@_}7YyYFTfh>;-LIK!iT&nN~z&xKm&V2m%;n!b({pFXt&z?OqJ)Jv${=4sPe|P(~ z@55tho}l8S%JBU83k>FC@^^l?bN%}D)2C1SX{3m;%HHwl(Ia1+_g(n2ckc2G5XeT|;usl^2X;@NUn1#iypzWElO*r>0Ix^qqPQeDzWs*q6LlV>G1Os6KFR!w}Ot z#ohDD3Ue2)LR-32eRq)kJD3pZXfB*BG*JJ=^A}H^JbC@oVs}7 zqWq5Yo}8TEHd37R{AQRf#HB@WwWCJF}!kn#4d+vm@nM=2tOx`Gtr6XVP0(R*2riS(3J zBPyA{5H|a3`qr&m8p1^talIWG9o4OH1*cFM?JM+3L)vfRef`zJ>EFO_=y{Ow+d=-R zI-*MtJ#CTcQk#z)Y^?W)ww#CR$lx1Sk#}vqG2S=%3zZuBwCKZ9VYY!pTRfCevxv2-*`y(HYqt)x(~OcP}$3VZ}>~Sa7PvNk0oG3sEd&^rfiS zTT8o#>i!^GTq#(jSy^alauI;hiN0ep)PJgfbZ&9!$zo1&br3J~{6A@W8_2^5XJp9Lufke1PA~FNMg>dZa~%WQZ--BR1J`qph{{ z{$lp);r)aC!=ucc<6{B@TJbxD+tZ%+`mZe5^|Gt<;}PBqKDM0C zo;}Tfj{U@EG~c{^_fh24*%>>^cJ#e9JscsDP1T1?0bG%G^Uuyq7(jC$5}lV;U)%M+GwB za~O@CB#Bf(A5-R$CNi8?ZQq&w>N&TpHvy*{i~XX`kaWw6j&&lB)laiDR&L5CJc}n&{8qoK5wFmVhMsCuLWaPj=~>634We~1W=pZql28e%-aIKa6$ZyAgn%N{*? z>;v427XP$A4}cr~wtLko|y! zZ{51ppIeInn%NB{BaU;YmKh7-0{fg3>8LoH={;(xuD7of1TFV=2;V zqKTa(JFcai5N3XAxYi*!m@YZX<@wa9&;#X8`k+kqc)4e0t=EaEOAIlQNb{22N;*be znqT@fH!s}@yHUYk$40oNPEDU0%b=}l;p1T;s5$a5v4F24$RghA8o&8aD8Q6Lo=!|o z1_HU3R@OHqkT{8vBv)Kt)+66#JHDKlCexXhE9*?PxOv4{)NC*D~=ugJB2?Alu0oS5p*Z&gcvF` zHZDv2mQ3&_Y+Gx+ywt3en>cAj>1dznr^lr7Q4|hdxdUtc)RD-Z?QXTbJR5WJi9Q&* zUtZ4jRoRaG0eYofMK&BcJ_ke~30#azb=~8DP`56wyH&UKyWURSur%rgWGnVF(ClO* ztRc2P#7d_mCmdz(Xi+X#;-GM8U0IBkMrj>;N|6}Hl#8m~VLJ5T6s^-7!o&f@(q!Yq zvMs;#5$Bi@0YzjWN^`-KD>PH&G15;uH9sB~eXMD3!=HHI(AF1ZN|BZ2{>|#ojePhz z*0YWLY~*K`1s_i9i~YD-wJY7X~+U@I1H!5Asb5d%!&GXc=(-g0K8kE z&FzM_2k#avp+!aNVi$0if zRj$>jGFiK~^dh<<&gK|iVy~81xgQ*XZ zm+Q@&w}usYVC-;IF;;o3IzLIAw?wpxbVmqHw?nf(XN9l|PS_yNPn-}flWVCd=I5V(`SsV| zun_hI%yi<>uJasICFEec<<7sOE+)b5-Rob<;!4$t3f5GCx6rX z_wI|)!}nBv^OuiIVqF=ki%o>bq~Ye1^kyqViAvEZ;4ZONSRAL zMy1l@Wxj7EN#DM|0!)=zw)CKdq7MW?6`HpH{U{R6|)!hSZQ43xQU_(?5Hrf2+TuXj}!<4*k{2Uv*iO*{Oe< z{0)6Nz@Ke?OD65&t+5?+k+?g6#vE$BS>Y2-OC?$2s@{oSLoFD2bm#ZcmGyK;h zuNB`Y{<<-{uow!cBa8?3(oD`)n&$ZzZ$9#EI)D1);MhK0(<%<>_5_%*jQF zdak+$HOds3VzTG;lV*NT^Lh@hkp_68DNuA+J(af%w9Zjbmm) z^5(SxS|e|JPTr>Tw@ooyVea~?ZieV;e}xo@m0Mhuej+KQeoWSzS+lG71U82*Z+F8F zK74D~`nV$u1IgUNOrn*9UcBqQvIP$F9yC-U84S%J&=VYua}2K+9*1OOFH*C?sXG*? zxDwe&VKP9eqNuU+`csp*xRN5lQdg|Mf3_`S;&`{q6Oe zH(cDvOg!wZ5l3wL`1n8k!yo?m$3Kt{;k5eX$$$LEUpbbET53!Y$lMX@4de6r;K75x z{`GGHohr-Q&lW22!aeS9fBVme4i)g^1_+Ppo40Nn1K)l3T?vy(fA$f8m#<#&L*-#PJw1N*+}U&I&KV=DA8}A7 zJ|Gk4CB#oXfBw9gi@T}`OMaKhtGH2as2CCKBnEIH@-`{>D{k2~WvHa2b+Wi9g60(nf7kiz+pG#SFd7(<38&>3!4NUnKj6bJP@Wne0h6d-SzV#v@mPKK>{&)=UNcDf ztN!@okJqkWH~gKhF;wR=05jhb#;z9K+PFbC$8#&W^k?{`ue;j0OJeO;6tCrGy3z^r zi%Vu7b}SinsH4Q5Phem{f^)}{%xMv)z35BQ1vh(@m!i@BtT0}NUeo5bBv0#?%z(Cw z$R6d^;jVf6TK@u)RDe=IgiOl*j=_&sMT?JS{MJddKl(KI_Xt1KyRsY4pB=Wk0lk5_ zB?X8qvLU5lOBlzG9CPk@v^$1v%BYYdR-;Y+hCYYD4`otpGh2|HUV(@0tuYx zBhAZ6Akfa|Z4q1@NMIr?9))fRYc zM*HZI+am^=K*Mt{{k6x^d(N)5mhQLbqDNey2U)T3q3*L1GmiGrgH@wSSwE|kLne0_ zO4`B-$OP0A~_7riPGQT^m@4O(yS&eKOzoUkY(T zVrBi?KS8~KoC+Y}DpqI~cb zN1PDL(OksQwIa;wNJJg$Tk7)#cnT+LJ5`L4oJM-c_8+(vdz0FOYr_Z-N9OE3PoMPN z>|uIwuAY;X^A?!5ug|I9@RJ@a2l*@|kfE$_Js{Hls8R~1S{{U68Cv7xyd)TiUFk-i z^t?PN8}SBo6+_wDGPdlvr^gs$iNYA=uao*xuubqwT*-LupW#=mScZAzIEL$&7XRnq zD(!UN2R#Q)aO?qXor* zt1vaUoPZi)?T-TKCl!2Xdy}8&y?ggLq5k{7|GUtnsS?CDvW=G%ze_|YH!?xbNeN?( z-={c{qBaV)Dup!GCG`$bN*>`7eb$^~tDk)1^q?_YCUI5pUIkVc^JnFaYAlo9ej2TS z^H_cO@R6S!`|Q8^4*TufH`DWVgtn4sbLpFX`{wNv-w>alhZ~+S8+fH6HEP#~4TDjI&%T!u}VGWl9@s}s?=Yl%j)Y3 zJy@iqhscrny5--JY*TN&N+CQuGb2>6uq#6UVoSkO1wg%WeOl}C#O~Ta|0*rkc?qu7W8>pAZM^EwsBu4as^#ik{0Dh$@+-yp9w5Md z6ZblsF*+KDH2fJRCbB{g2&1CVT3k-=-o0zM1s#)A+&#bl?mPOB5ocf;ea5&E2UC;# z$*C#KFL3GQ%WpYzKYj8P{>CW?K6XDc8s|DF-u}0s5iPd#k$(#POBFHKrj{F{_(o6qt`yw8UY z@qbi)$o9aF;vXbx@K082@lLnoVVgG(AAYiY7jKQzY8Q#S9cZ3%DcItD5rBok%pCd9 zX1C;O8BG06eza=nQy8Y({D3QiHS@xYp_H%__3>(oGb?Z2&zQnbpB(RHr`3Wyjm@WX zsF=m%K|Pgj6-NhQMDy&S1UKvC>vi)w#Pbd$c(rTsXF;Fh@`J4&BF!QMzy6RO$szF6?0qX-(*iV@6?)m0U02 zwr|32SJ0Z%F?UPOa7$$#YMB(Xv3>mXEt{-Xod+jK&^?!~?slSmygc@t)|PA}N&&yo4-o-3_TYMfsfnq5X|1(kW>^_Y zW8t2~J-uxGM(6e{{=IB}Zu=_)0bPb(5;C6mL{ApAz6co9Z=2J;=Ii$}I)?GHoZAPg z2QR#yw$0U?L^$*HoCJng*>s1eeRr0k9wcLfQdcQZ?1UykbE41Y^0Y9@xN&g5h*6s3 zl;gt3PoGXsPM$k|mKId-Q7~OV-g4LAACfa_C`gKT72#tCoB}3RB0{pq@}uD&*3~AE zlHl{_*tr(cNv80V$u8b9Gt7Ai3DbD)+*uqFv$x464fWy8Grur1^GQTTuXK7zmtjj# zyH8X>1P9t4tL;EV)&6`qxGyPSr!4S2C_dX&_Z6g@kW2w1v0*hZo(vOyPtnEE%kgUX z^S9u?g7zL>6WZKstni%UsQSPD*S~REefm^z(-YkCu3Wit_39PAq{a?+RpB9xvhTjT zb@AebJU5cv(7tVhcI&mCDo?gki>q7;obmtpKmT6~98&$-wX6U2zy6O^v9AG?y7k}f}I2coLKw>!xw}2%W6XDyl_~>wgFsg;@dcdSec%(MTR;yNuA6a zMLa~&_RfcH3W( zubbCr)uEfUG_coEAlS1nPuP=)EnycKGQA{(j4ML(L@o@Q{0)5$lOGDT-CeYn{4)7K zxE7|`YNi((Ce^r5zDl+pyu;j8MijL#cL$c>nGc~-c&=*|^(K_J^^~4^?s4>XPph1y zi{7~VLi^8ItuOWuqAA%PHM!o4l^aX+L8x-H%uJ}Ia3J0=qYdEjYtN zBZzw?SUi-gWbj;nsD2)Vbo(w#EON(nymB>8Nyf!T!5#iaW4e(SLsdjEN+DV;>Evqk zlSY4Q^wk{BjeZ`&Bd(UPOW6=V%MN-&pCnF0pN1dIto2F1880z1zA^c*w$ipWmn}Up zR?`=h#UDTL{j}E3=TN%(7yF9w9p{8%wrl>eYPTt@OyRL2fxgIZ6yRdEeBm2(%5Qm|bl7(9)M; z)zW(T#s1wr|1|bSH0>Zg%L>Y-Z-H4r=T?`VjkKsP^(BFETEEND@pk8y%zDrWEnWWA z&!;3y3bCX}9wQI?V~Rrbv?&`BGQ(D<;955dDthjIeo=&D4N&}%mX}t=;9=y{Wi7Zp z`44OzW@dIETkMe+M(Qa{AtrpL&3n7lJ`l|G+EeH?$Q%L%3|kCf24q;n47@iCU7wuh zDMIoUrj-YK7~EVZFiE)-;pi;Dp5iQW{4%*?0@8zgeh6gTp$aa6+`-8KG(=kuJ7hk{ ztC*X}$D)vgOU4((qq!1iOyRoJDdv*vOQH-mr0&F^m0g1CJoE6+~h zB=6n3|M>9}qvpc-b3ep&=lb=loK~f9q~qmDL*NM)ArI4$wCauxNP^k!sO+-H7nf`x z0O+#mLxBJFuYV(X%29;dw{Q95MQ5xMK{C4=)Iv)F$j$V{ix>Cq-It*_sY{fneQhB| zw2Pyjpp`LGEG}L;eVXL|I5tX=APsy8oiAVpu;k~L66s5_s9jg{@17~3_l;JX=KSI^ zr^DDDs!_YO5-CuR$ex4QVwWmcQ;A6U9hyVTAm$gdi9{@iZ)p@KqOOd`xfOzGY0_ym?*3R*>ai zSIo~`Yk(GS6J{z$fd*`aP<{DQuwmg~mkld^=h~tc%x_#k*`Y8Q{LRhIDQ<0~75(A1 z8qMUW8CB*@-@&c;L!cRtRmYMUdH8WgV?H-0st&4#K!`K3(fSk)Rko5jlOr3qc)s%I z&Ygp#%18#d4Ga#cF`Y-F&RGXhW*0okABx`R>H@!mT#y0Kacd0f*ddQxcNP+fz^Y1c zU}`8FG(^-MvP*iBJ)4-`rr9$aut0?5lcM*ub3}vVk~#k`TtVMS7go*kS6&xznR#RW z-LFr#S?_;FwL9>WYqF9CevsjaaljEZU!@a&=1$mm2_OOA_T0%=& zTZ@CAshE1+j<42{pqGBYSvSDQLoeaAA6yV$M`%cB*j?NERErCImxuizdZcCGENl-H zdI$Nk%(DjYccipAXyw*dK2l=^2oR$TBdN6(KG`K)bdXd2G#STA6(dXWptAtP)XLXTKh z`r_O4$#Ib|_^OtVxYdi4=K^p$u$%LLQz`n_lGaiJJw~uPSL!BA8lJK`!Tv&Md@->fE;~r!4IDwTS{5-@bb049Xa5vbsb*_7j z>M6)H4e{ZKM_=V869~<2plAH@gh_E4;KP?^7aI^UEv<5yF_+0-{wt@cb~455ViHZe z>^dpRO--XDN~sVyNE_Q&)eebl56)ziURy0iE84z`hHnq=+kI14XmtO#ONh?3oRH)X z`sB$|5lI&p7tWkMefzuH|Mb8AZ@>HThsnuFTc3E9IK6rErr|?MkiA6cmi1R7%L4}A zlF7XShx8_v4aQt{#5RYYF0V={*<8Y-{_w*cb^Y7F%@a*`@7|N*>*1oD3=YPg><*U| zlaHZ`BFRxtHbo{TC&wqoi}&8ES8vP|moL8;-jSe?0W*CbpF6;9UhSO%VNX~}N5F9U z^J^zc>-Xe}jkz*?i@H0KALGRoQ$vizwg-nde6YT-rBU$Y@nfeuu3o)Loj7;)Y`9di zvf$&`ri&#QokTWQBATPXUKkXE?SsYGZp;SxQwc@4oyD|YPV_o;YSJk9)1UtF#~**- z(`lH*@h$6_#Mam`PQ^bqY=tq-s^Z4amBaV&NbE&2AQ;`Es8W-(Qln^7j~_pJ{d!b@ z)ky5`lk(=Z@$#I9I^8LKR%7*ST_+;NfiQ_Tc;Lgx=ZhDfPC$|A(r}8rmQ$B}` zZa=^(e+7E=-VM^_D-Sd@D-pouL@_hH?**w1p&dQ54cfEVLmt*HtoaG^wXF^r=&0^K-Z9L-*r( z7CRQsp$+;z+Ncc!hWol=@43AT(AqDFt&!Z5E1Lmdumr80pqrMB7T#T;g{D`O&sguq zW)7DS`kswLyDldW}-DI8z@kypyf1a07>Lk55kaS1duVU0&TCgvxc0jjAJL@8Bdwwu zk%gAAkKQ<~_97E?9j6?*OSB$}1)m0Z{e;+HZPV!DstTw} ziD-?B3v9E+=o&s#X?Hz%!(f8TLe)+!dpm%cE$F&kh9-TN6sY&?E{pVFwhf#RN_aAm zd-dGymV#d`!wj6)uf;J9=T5jxpPs&Y<;wLN*Dhba#HX&7aa&rNnmM`&56Rt(Q>lD0 zFjiLhjPkB)?O@bOgBfeY_DM^q&|v*ET5GxDQA9|-chWfyI+O7H`HSCv{q4@3?>Xm5 z*^t@K&#gM)gc4`mm(QO+_o;CZrca+fckV3bb;yAu%qkx~aacM0*+$7u$^D9EoNgxT zfm31zUtShwHKgy36yAfromh1$e~yS^BWbl(3byol`s>%PJ9_KF&&J4;$4`Fy?YHSu zr^ZLe#QnuuCYSLsfkrui&hikzZ`?qwK4R%*g%RhA!~8-su}vtrsXS5u%;PuVs9h&8 zXky8Oj83@J@RUI<)E^46> zlaq*`xXS}jipyqcQ{&&eiRJ$pK$MrnSIxgmxvi14;D) z^O%i|0}`Ss-cX>SKtq9s0u2Qk3N#exG6jmZ*|MIq-H#4&49z`}jTN)w3oGU>vKVJJ z+a_Gp=xHF(Dyu!q4aKZvEo?ayQ1F!H!9}tA@JZ~6WqO^mUMwukeR%iQL8{5AQ^O;p zzK0FI=obodDT$qoiBX=kmCxLUDw?0WqyS=bDT~Dg55)Es?=H*koQ=k=OBrEw?#?-z zw>?Dx!_x&NyipKq{p9hGTW-0bxN7JbgNC^WB0yfdZ3Zc?KZDetvZO(XkrOe@d#a6{ zLI#PPGM}HHO~2I^!HlDU(UHZzl~1e7OAB+hd$~FYWISg$%+2==3{9Pyt~;&n6`9f< zN)>6j*W!nqA5rXKGYw&t&Pte0HH7rDZJ*Z?3rWTHor2%M>3s^&Ias|gs<2_MViVhd zwt;-^{8@qYI9|xfIL7%yW)FD@wY+D)iVanK#Xphv!-tQ2ZfweMzA3iH?zPt_E>1Ul zs-iyjxb`9<^ejZ&au4;xohaa3^h&z%#MyEPYI(e9I`RRw7&i0S+H?}^xu zqOSAjjF;j)R-p=?O1JS`Pv;)W4RmDW=ciAf4i8hPa-F!g#!2qo+jq2!dgi^hOQk%~ zFI+eePh6it7xnkwe{Ui)7@t0UhEcKo!-tQgU%qnX zmoDGBeOsmFvhuSX>DjkbK7RUWgbKB4sHz<_F058Us>AY9>?cCl_5R&EF1*zu(WG2t9wQ}2b9#`-`$MS^zufl+VNazFt)e|)bzCx+F~X2x z`Q&+EAhy;lmaK?eT2Uu&#ieq(%G>JMThB}_2A_qWpCCvn5K8_sPOBmn@KRTSUvhd? z-uhV_e5;gFZ+Yu^LoK{-6-faQ#u{Zy2G6bvXKnP$nkV14mPMtC0@+{2O>!?$1-+#c|csG zebeU<{7lw$cn5wIA;V-rbdxZ3n?nbn9}EPnayNbU)2A8TWCLEv%(~t6VBnk5$A$v* z7DhHoNJNj`#%VQY$S}(rzXq~w7{(=CJL{73*fjf45H-pOL4KcQl<~hgd2+H4t@HKk zo0P8MvD!Z3zVBLKuA@Z{;ie3Eu4&LN@HfE347`hE=5OQ`MshDKv1R@Z#lQHo4MYI* zm;<79`<_I;SXqk-6 zK*dNodGgfMlm|Gp*tjrr{@f@?0U}&=R~6c~<;jta`^*;W3D(LFQ! z_RYK35hnJN7CG7hh+3+i5-Z1_QOu#1SGP94dHu%t8XxDmUd%ypL=gt?f0o46!mXh zb%51#ta?^f=NGxdS_H1hsW^vM>0wVxU*668m>`BI9ta270=@#+JTw$&C~#aT&={tV zOHVa;e$y1F&)(})gKwHDdv1JDWNB(^Yw;BfN4Y~sjMG%PYuE`}%${-DSAp#od;0=* zl!f#N1>N#LRMfn>hmDHL=`{6pua<5=hHx=N_5$X3&nCp&>>N9^=Mo9Q;>z00LdAju zlG637t#C9is}~u{Tld^*I$@C}kqttAi$@J)s!%YBglRHPIx<{aeuP_Pu7Bi|=$R25 z&wxU4HP#5{R z4uP=q@}*KH6^Y`5{ZkWT6JuqQH5AeL(IMa0rg(p#)2^(XnixGfHAY*eh^mV^tH=&0 zHLt!%0c!_)y;c)xT?o2T^{amQV(}d^*yt7TM%WuGqF|=x`dTP}KP*^r%IYd^iO@Ll zmBZzg!Zs;6;tP*ezsn$73Wl$R1lbNPwFjAht0JeKI&*excyN4lD7G5QO1rtFW1@IdwpOcSOP*gnIR|%t1m-2?EFWh4kZe z;tTIguk}35^S3~OwATrV6|o|A=2A)sM-W_%Vd_@3Z-GktYh&^5;`b?{8#Tj+iJ4N_ z821Nl=TadXSHmLO5g}P@sxT)d=&3OGSNFxKkkKw)ZVp+I`Ao7@ASy5pN&mFYXhG4U zwqo6p)>X(i4__GtBEp~Gfs4!9wSiS|5Vx=e4*KckIXOOh@yyA|@dGI&U!-10S5+=9 zY@I`NWo@)}D@Mhs*tSuzZQHhO+qO}$ZQHhOJGtk(W8Cp~{^lO1vm5)oSZh6VuGiFV z(ho$ei@7yJlbVh+c*otISzXETHF;Md;>6Z*QZ#9z2s34Sx6-zKDmrp zr_V!%Z;p5Rrr_N6s(W~oeU){l|6dBv0>5h_8^<4-cL!NxPXeaoGzEJLk98eh6VKP% zy~)W+zH)dU&)W$)*X+AiCa=($legbmnsj!hK7eCTVJJK-VN8Cjs-BYIm@A4dm+$w3 zEC6cuk}IXAVAc?kmTU!{Vp1S2jGI&+_b>%jr;~->Y09m;F3Y zHAOvDp_3P%v^z>r!2!oH7uGFD+I|i;pR>BqZoZnk=#%y^A>Wf^mv2RXS=nS)=VpSz zUYEZTz%Xp^eP?yJTl}{}lTpmFRpIit*hO!6!R5t-!n`$X3WEN9>yds>GgG{}ZQ`Ar zU9V!~%q%zLmLrq6YTNi!tf0h=1m`m+m;A$P?tGmu^0*2{g+{ZSozvKPskr6Xc8uX9 zP$$`(6SI&Phq;PdbjyP&IVUyJ|Jl@B`hP5dD(5NhUz_=2&%T>3qYHsG_}C)t&uW|k zFwyo0!Rr2cm>l-A)<`fgNy{iQq;!>WYhu*qDXIPDOG@J1K`7)`q$-Rl8l0|pa-e!_ zSt05TM=)I=Lk98aKvnNatF)TtO)Yv8HxeD3g4h4p&{s*g#AI1 z!uNh!+!yZ3%1c);?wp^0OGT;rzg(vTXf0!i4!*}L=TEVmBb+^Xtatx@F5haNw%D^= zWOL9BIuhYwzR8`0hv3B!@y^yO^k|Trn8kS2_OteM!Kr&>b-xHF!yj^Zx>cjq{lP=m zISIm~Ewfy3QqRne)6mG$)pm)I$ciPf$hQP(JU-E(;HzlyJT$^l-XUOl2~=!)tmn=N z4u+IP%E8*uiuPiQx#u?>_Lx7V;ta>euMB935L&w4v2OQObm08Co2}6k&)IXa^rh1E z`Dch+*bkgsBW{5`eS*x$%(y<|$Z4d_wmt&ACQ|BeLg9`7@kV<8WCZ*U8m{sCnO?$4 zXw<2wst7Muxx0K?IPAwL1`7+1)7!&it5k_oK@p^=g~AV6?RWN$UFcaHo7yyhsh~HA zU%gr7(P1tclbs)1K8*H56T@~&`iZ5A6~l%zNJAopuDB#jUD}S>Y_`;f#@$eDeXZrJ zX#~ax0snd$hg1&P!urjoh}fnl3E6DYk78?wfP3eEI3(;3Qm}2EoJZ5=MS$p`J380- zeN5pej6OE7M%nb|xLgcsI>!3T?$N27`g6blrMaGC%{rj0#m(lbgHTW%0k*&}(C!$< zG?e)u@Dj@-bU6=pWw$#RpXTGy38&2s7)Me z-qCE{mcP5xdv`oMZ$mS{vyH6d7fwb^Piq~IpZ&WAPzexhpSHI=$;ilNa@Z$=ANPZQ zuK>a-GSPjl{Dv~ZZZd}QUcpDLqB}jVH){>1!)%!+_WVuzoAJnz4pjYsj zlgy#{?g8NejKInWq0|ExMD#C8rwG;!MZ(<~BBk@drtUrfhlgQ$1d%ZKe(cxCP;qxG zlR-%}f3o-FwNaN_nf!6v5XlgfKVNY%&ZgJTUKq|fs1 zrSFGx`Ls+G6xe4a;pzuGXiqu7cO@}kc7G%Fcp!$i(6dX{z4$i{Z(u%%{xr;>)g=H4 zBSuS8z413r`_}f%BHR|S*EIe>^&#frgn;CPN7}u4f-6>~s~8*{G^@o$2d5GDDAi%X5ot^FpRGW? z57r4J>X_|=!{;TjPgyg`tt?;n#;F9RP!5BJP>R6bWY3N~o0eg>fkb5x!ZB%VH z&mw&RD=J1e*~|r*ZGKt$Nu!Qcb%vWnr}h*N>`FSMohVZ*Je}h-e&~;zoMO+ARoyns zwPv7BKevd53N-!3&Z4DDHJO;%*4pdv12+qJ=62I)F+>XHp@x+Sp=ac*ybtCftqeiV zh1E*&6Ek!cnNKQ#;MU+qDY9BXj<&M7={(%r+zjl~N)-efKuS1xM1;cX&9e#}o6(sX z+5Jk1;Au<+&t%emol8eL#3k4HCD zx7RkXl`Wsl%S_e=)jN_p-2kyY0A7n$ zSnon-iDL#WSXcxmGwtZme{nn*2xK%g!@>ur9m-s#AL+l87bpyN_cYR4NfygxYI-=z zR{q@xYgTe6lFvh@Edo%{`y32X89l-(#u*;Zn<_pP0rlk{0N9Bn;qT01DxJ>s^yKH~ z!VIIFI(z=i%vACN3bwNCX6tt-?%b`f-~yteh33PM=FuFaZ)@Uwn$NxfVB zYd_${DqV_6e4O}YSS=ptxW(IkMT0vu5g#&|g2XPv!u&Q6u-4uU_MYZ1J&Y>0=wDnM z{I^C&ZpWOyu-l)7Q9_vBy5$V<2bc6`@gn+!=j3-Pxp*V(1k445Me>s@t%wH0pTDT= z^E;3e)0WnP7041hZ@jDXLf%2ZI$+l9F@Hv~DdDGRMFlT%v+r>OUD@-8_n*;sJ%q>! zWf%mp36hnr0zxKE$yFvm=0UJ0X!O=tB7he4zxByZHTsHHsGCz%R8v%iv%}XvQdLh- zQ@o!7x)v2o2N=2oU|jZ*ds)Z-f%-7mTw}@3Hm-nU4#YwK&iM#Yf$kp%6Ib=zYep7> zq!%WLh{gjmrg_O8w|bgRn5kdjjwm!S!#tXo2pc4v&4#pkj2_66?EwSu5KQ4((c7YV zWZ76gXKw`?zG)hqh<*US3=GQ-C+7KPqhnm>qGR2OmTgKXUZ`l0IG)yhs(cl_LM;pp z%##Eo$xvLWJnj6_dThMSt8NHtU0BU_6kH7ai?g%p1s&T}6+`v+!F*_AM5PBBHy^JZ zxS)^ciI>lx0N1vx(Q>Dv4+4rU7m|hmE0rzXJcPvAuJhmyJ2W z20B>9`Tf$Cr-_NKI&C5IZe$;Se?@Mm|MPR-PROq5nGWS?G+P=!_!-zr|)jk9-ufP{ReUvxP*I^63+Bh^TP7ZI#ZaIc|}LotuG)DNUn$e6=u68gvhf zfsL81{03WJ9?gm@Q4FFoSHHN;XSU+DQ!Ztcv5(23U``1oa4w@DZv6^souZN9y1~}6 z_AH!z9O|M|EqqFCG}xcfYfxY?3d71_)9dlZQfEzQ=p}QaG_U*Zr!J}tl;6kT`^>yp z&`!y~*t>&2g>clgL#gBcOqd`1lX+%dU93kTS|QNqtqpGBxPqRt3B(&6Vwsqu=`Lbo zb9v?sBd-4xnO!7m#(@ocdmoG7F8dSxnMPtr_QEsPGjl8Hg5xBQ8*IUWEJ4`Z5eaP$0;O}|Hp9}A=is`7PLu=_B zk;_$9%BE2-;)@y&DuYdifctK+Aa1u5*B{W_1m z&$kNI>d$ZZo|aaPhEQCzG9(hxNLWPiK@kBi}?g9p{cR+^Y}`WVaT3((8y(-Sa<}gPCh#9S4uR) zK*lDw1Z${+yj-w-xlVD^!fMq7SYi6AIQJPEoendHn%!ftN&7GvDGfqZQEwJH7Lwi) z9{gOTeyQe}^ot#>^w0e4sn@Y^(t@2vG`EmixRase9AnaC;)H~BMkKcZ1!W_#PFw=ELVHuRXZ>g)jM|~93 zEPb9;v6pX(YS3ODJ|fHZ9!Y%=f+27m0UAVBEoYg0L$tOhpM#0#~^nT~UBt^Qo8y zQ|%h`5jaJ2&u=$C%R{luO!J5X*L)T0Zf_j5M6`XKuvak-m$yA1$qabwH&A` zTjM32-chlU#|=8dTV<2lG-26oVji6`f9B6kneA4wHPH>QjyL8Oda_BeVYD?Q0V3Pj zrp_gA5qo*k7VPP@o;FnTm&TzCl0DTDUyBZJm8p3NFPpO`eUt6+C6|igiefct?Fo-c zRv5-&;Z*O+6*k2wpZ8J8iC03HbU1L;k)2q0IM~Pd#O7Q}Wt=ZVH-}D7+uRMA=9yZj zL7MN~Dgl>iv&z27a+59qyNKtVhWQ|6((Cpd6OvmJ=pk>^h_sIp9vb*Rn9#~nj_@lw zfl1OFaeS(2sw|VVtZY6F#*ttrX@CsNAfM0oC&@q|M8o;$D0#S)Gz>|zH^vI6;V?Ij z!--f1uO@-BK4IZLbAi(+)Q&1-pa`iQBPWZqO+cx2)_J&h0m81Oz7Ff}cE@0f5R(~N zcT!my%J1_hOSxeYQIZf48TcCplKrWxiUL0dQX7&lBVw*)o{bsBFUSySWbeVj_=RcV z6-+!_OFy)c)`pX55Au%m&)e4u{%G2^tw~K;GUg-}IQG@MXpn|R$@oi;(1TXJU_J}?T7-%c|jvpK_?nY z@w))`IgQ`H=HfM+&SF>>Z69?#D%H}?a9fY@fT#zW=#x#KL$@YTlI%RKM@>V;+Sr2S z6gv^w>B_1OlQu;gd_j@5qQyZ4QCL?&`=$wfP=}cmteovVx&cJGW5l&2fqG)-)x)BA z!t?VrCez@L?-Acm(dt}mDL|j>`SZD3RmHvhuG(Qal-XZ?6G6|9?agr@OCr;7D zpiYR1B7&HBd!6S9$Gw+!$K#z?Ius4HjpixYng37=)_DTVV)^f+gJwM;Lg<+h>s0eb z%fF6rKcZWxm`S~XU0Do2(UPfNsTF7nmF!%e{X%DZ)z% zDwv%`DFc`odD=Z+s*xRHfB+&RcLRg@FP&yKCOS>#S3Hg z!wJ1GeZ&+7=_$14a5Z7Q1CWIK0ppc%1@XDCynuk-99{$$G3+b9y54-N)hImdNa~`M z={4!T@Q^Sk*X){$TgMTVaKtw|NBiIs-y#(jS<(ihRSWffGKmlAx=vZkmqruGqk}oc zIy5wA9~ECD%jn5D>#Y6XCbU+*AP1gah)P(ZykTGWA;iXKP;8Qa4{xl@E!0%1%PRM# zsJg1XS!@m5ffEXqxOeR)hGDt!rE|XR|858z9?kA$oz7eyXNof>+Xa2!97HNcUEUg2 zfc13bD^FHjPxW$9x@(6DwEmnPTTu6Lx9a85#r}iXmNz-if?MQdP zC5(^@YJ$MV4;gZz=x>xDw8?C5?e^gGDMAnP9oLQ1kcAL#SqT2gLZO zk*XV&aKJY@M~)rFCP$p)gWUM%_ldOiCy5o<$MzzeT5X5wzM~xVL-OSR(SpgEA&_RN zjB)4fiU4?;_}QXLCsmj71#OtnPU*nHP<4O(uMEXoNGGLR?b>b$Y+#Z(ldf#+3nM5` zxmE$_;iGr8EJ_VaHS(&H2;cE6Zbv z_q*ykwfuAIAv~<1Y4K)0FfdGh716xwkHwOyjbX7?)#3XOiAM3f(rn(xli7eAcia*` zsqozdNk%l${tTa0kps_m+Xy1Pr&6S5PT3gyUgNpHCZ&f-B=ka1YE?VYoWfGTSeL4Qw+7Jlp?*Yo1Sup12B+4wbrqa`2 z{NJzXA890Yx2Cn0)CnKUt+X`>h<)Vp2da%a)h#WJ?Q!k1q7RwRq!iFAg8-0J>T3_7 zRVprK=@KoX3t24%+lRn_1c9b8iK~_|AbD6r>Ps-!BAjbS4vVK~?W$X}!UPKnWsu+^ z?xZ|4l6kAgXb7ay>w_2!yt@b8)jC zM`4!<@%0L&?8n}PUk2zTTioOG6)INQ-S4&wJR^7ZaUka88Lek^*QH$G6sM{}3TtU5 z0dtCq#>#X;A4zb?_kzh(`)Y8rC_E3w{3Z4iTy3j2`<6W18Xu?{wkA*d$m8i6xp7*W z=m5Qn)Z`uZcRnz`eosyjNA2^={7OUl5D?PtJK^`wi$gt7VgT5th z(0VGG*ldvBG0j3P^W@=M6^)8<@+Eoe%1BpHRXh>$J*dqv^~FR*3&>W5=f)k>O{J^h zf{lkEHKhrx7R=>UIwr?xGUzoqp-}@k#yKgq=u3&W{=SV zU&IQLq|SYdvw$P*0Q}T@aXdT?J3>gW3Ad&S&6HQ4#pbPGRFniy(FkRQ}GjHZ+ZO(keY_qvwN?Galq6U4<`!_caKLd9DXhcg63@ZM!MFEbbJESySbF_eZ zCv}|Ff)JFdxd#upZ%P#%r@~R7r(0t(R3kG(a+b1>aIb4kODV<;PN}SX^*Kx)w2`au zPfAl}k-@G-@$#j5xSR=Z^;hv#@!Pe2hLq@)MVofUGA4NNJI(u_=S_HD4ntl>*6qJ~ zysP3G`l@aGS+xszE-UM(svXTlAF99e2h&r$L2xd;9Mu~*y^SE3C}~yD;7A1Wic>fA zIJ&JE2bLq4W4mPi8IfLsO3%QVZX??O<|JFe2M&WF4G7b%*sSz*mw#1M<@cEbF4OAc zH=Mp5uV@x)a6ZZ1AX$M&1VB-A&wShLQE>u;_DKL^Q((I!<&v3nT9R&M{Vp=yAxxjc z*?w@DT_k+Xtc8recd|4f1U)8A!T{XQ!SP@|Jd;+WfZxHSR08WFw8=*5I`q1!oq@bZ66>tVmiy~vuHQXTUsj5*Le2yhdkQ+8WxO0+Mf}6^RA5w zodr})l7iN@A~(C*i->Cjs8lwT6GxPdvzAV`3-j|0O~ZfA{wQLXADP}MWH59(pV*CP zr(=Jn1yRnkH|03#BgNfeg*2edlRTQ`S<=m!$f+Y_p=J`8OYUa#4FL9IfL<98jiu4c za=6oW&a;|Xlkj=FPY!Xbjh!mK>G@3k5yW4rKLWxN7+d{$TG9O(`FYLlckA(aiU_5m zQ|pJIFooC}sHQJ=Zc>)LU;m}(Rhm#uinUTrdO7iv3 zCSLn-T#v2<%K2xi3%A}ppiM`P!3x8cI->*s`=xwYo?a3KfKTYOd0+@5fa*qPB#MYe zFjeOsFW5(Uydl{LwV*?$)5M6Tb%um~9i!_H28MJJdOM1Jeg7|RHWXABIx(v(x`H$< z!qAW?hVv}C_`)y!lM(-|RyCDQ`*dI6;3)*FwSQc+%b5B#(4%FYt%NZhvZ`(il&*?!Qtj#7UO(+H{BnYf^138s_UDxxP(*9(=O`15G< z9boKCS0(Xu>b9#3xoP+s%7apg=-5C-4O;e#zdri~w>*mXRf>j1zo#P8N znB8t~@wq%q+a@IvN+StfkFkerFdMgP8lyfR9B zk5<^PuSIsvL~V=4BO%Q3LHGLFP9e|)Hf1Se>f~l1n80Pq^yaqth1 z9; zr^9L*OO^q<f69eV)7=VU z2ruD00P<0zi6M9jRA$F$2E=ZA8;7B%KJA`tf8LS#2OR7i44fRioKEu4{w+mQl{`Hw z=a|=~{Of<&0ITy9sI%(%$@rNX>fxiHYL=V;_MHeJLfp#K2cn5szwzJC=06~;d$f7A zm<$RH&1KvmP9$4NiyT_^ADzT$wptT8l$Ue9ry|LmWK;@Q;Obb^$y2wk6BD9oXn1gZ zpa%+S6XnlTAUsa9Cs`NK(fE^0>=B1!POJI1>o(F1Dmmahsranad zQZ-D53e25;#v6Wq*CLB6`eukeyw3W=x~J<#qHr_A!>+S3H)Lj>yiz z&@;$Jue4}2Q{mgY?!)()2V-IO?>=7~3#Xb5%%$}TC<%oJ+&*;h5 z2a>i}ORW7-F6sb<_JB4UqkkJxOv~Dq7#T^K(nY61B&02CN>hx4gCP{<4Dkq<6$6vJ z4dO8AAAu&a$L0|QY}ELJ1oPn<ezzkOd1vUz@*06J}w=SFT|sl>vp_I9w7C=$JNpc+%2)Y0;~gKhlee zu3avIX|h~&%=Ak360^;UiZt)dKjOFiQs+W$JN<+&@k%M3320wssU&iit#iLp z{pC0Gx*zH4Pa9ABmcjZTozO#B=1+z&gxkjEtFqzlBLK=#aO3s0OkY6lIu)3JJK}WI zgZ1;$W{ZFYn-d!;KA!0mkQaA%?Dlwif68p({rV!~*#aP)8cy-4qmEt)-&S9%H2<10 z_Dfwu)s@Q=2eL$70Fvx@TyDQiu0^R|p-;CuUizJHK5mpw){(lU<^OF1B;_OLfGda< zMj*Z;B58zNBOvfOV6F@f5gHWtJobe59}t{(6T@mmJU*1STE1FjFJ;H~mHY=VKj1$e z_dswfnCHErx+lI+hhJ7ynrqTu7Cv|DeR)whiIneIAScorQN!U^GV%VgjJkl9a$_;6 zZH`OSJ_8;jb!Cqu1DWc`*JyB)BgRafBaH$wZD7-DYdlQ~7kQI0&ihxho(YjLNL+sm z>NsYR-~bV>*42~CB2_t>!MNG{bHgo7ng)byWBm9=&BigbB^KMbLCOKiX4G2l0E5wEI4sp zwsP}mCZDFcA2zM8$$`c{+uqX7b9|m))(p+_3${<2gPq>k9M0y?@UM0c=i#TK3UZ(1 z-Z4Z+zW4%~IR#78Q#5y!Hp}bNvrl?k@dFjC7>w_W_>~ZyUfmzV0D;+M-nYVR)DP$~ zr8pY~D*0cPB7nF!2E7@Mtxk{Ufgoayu4c8HCAaVO=Nl8@L@xWqK+vlsVd!}BQE@EZ zwx&a;`&Y!gF81hUO;oHbz49#|xA!qM*h-5wB~g4pzKam?3Xnao+lbHW?RJL$@LvuN z6Lulhy+(#v1$(&~y2(R1Q$^p)zGm3G8jow>h5h0kV`}8c@?U78RuH1iM^@%7?3ak!Ukl zlHzxi1|PY+fOltq|M#bOb3!;-Jll@N%Mvk%>0p0;bCN9RF5QnAp(c+266mlWY?cyd zG<*P%1?cjz-g~t1@sTObgHce+=|jkg;XA{KP}U5$SZUw!l}~dPF^B&Mo})SnxX-qu z-IVsM^u(CHC35D~{xwj61+0d_UH6qgG`$Ji{KSJ| z@SgFQXp|rE2iHU2$M$wi9=Q^gdgWF#nji+lx8Lgvfz#x*MzlK~e#)&fddSV{wJm?iAMkMhcn!nn?Wnqy|C0$F!m56L36IB% z9LHz^bXpU5THF-&SD*ZlReyWD_rzD&mKq#wEG>A#l#7kYx{QJT72MYL=r(?{dpO2t= zGB0qt?3wOh@wRqsPiIoHuhXZx!)4~DSS_(9KGzw19hMh#Mm^@(*i2~%iabTuRn=&1 zGW#RDW?@+m&xNlwH-4^fOfiv6CDqiFX9|h~pmjo=+JojmAr1Y}TYMlnIKO+o@~jVF z@dMR6`nPa$TUWjUiA-!DB}iMs%2@7dS8=e$g%Nw(NG_}ZI{k*JcJrGVoZDsal~)hKgOqo)!{B-16dh}~0)H>`O!f*P z67%6h8;Fu zCzKqHB7*>j>wZr8YV-B6u%N#+xgV5v+Co=Oana#~^Vt&@jwdT~y$jK#8lX{dp8Nd> zPdu~p^ZmaPT|8dz=d57^t={oCW?TU6{6GBC3A##0w}j*P*81UE!wJB%`)&Jk)${Xp z!&^rFHzWn{@fnRqY8joXHzd{d7{d+@0ZL({tHOjgH(FGS9$=;9n~M!vNknuV3)<`rlI&v4l~O%t zU(^<4H{Lxh+=p1R^hUg`oz3)&4;>ekVUnp)vQV7UwBc5IhKjrlrb*2?1WHgfG$066 z3GtwUqhS*Z;10>H8CqLNN+(H7|BU|bR4LiNQ{OeF;wPumRG%ZD<2~s5fbvXz^lx3~ z>Xfm;PsP-}YGEk7$m3(I0j78GLqCl6Jt(ER7(E;<-#xv}V=Dpio-PwH>C*lTuSy>r z5iXvsIkh@-s}PHb`$z5=8Y}P{uL*qASrrSpe5l>&>HUgEIM!ny=>4E@Agc(YgROMg z(et>BwRFI0Zg=%K-V7lPPHqx%7akrQ?5@~_ z5?1ekqVMs;kajhm9x-(bmEk z%=Pv0^Ywis3qnQ58_vt&;O^pnzO;{ns%Fiw0&L7VqDn)n-OkK_cwK76y(vp0gUj_g zB|x&JIbfy#_n#FDx6fzVQRDzYu4*LeGEy>!=L^6)AXD9(!S_oP&XQP-Aw;{?PRAtt zDU#3_PyP?~aBADy+FvF--7c@bR8@+kyOcVpUn)q%O(=uJrDG{lof_U1{qNGvc`mfZ z#v$OI$Tv&>eqYJe3Z{BQW}M~=;>RLQ<~IS)(K`}k!&Rj$w@)%L$1NnVp}{0)cqS#4 zorkD(j8rrZc=A;^xe$vG+Sv6Kc`m8mQVp9$mqC7EQ&~@#gk47Y)eo&|0IjkAOxylO zXiA-s4Y@I>e9nzlmv>E|1Flwg ze7tWj-yH9HD>=O5<7k5Y1AfC1rYiiW=LP|DgqRSoL+5h;97Ltw$^o*o^4c6>n91S% z&7izG?hSw@8$vc#DdaOd-xEuM)yinrUz>$Fj!)uTGEoy7{K;nb_IQ)>u_5e1cz<8I z(Diu>?jwEwUiw_2T0|9ECx*wYsh=%3u&Ui7gi0$Yl&td96}jc z>R|T`vste6KHFG7PJh(jANB4IYBE-NeGJX+m&-JNR?5QbmX3ywiiIys8KOcB5wHsN z6S*cMuZDyfH|$J4ojiP50Vm{DE#=paf%1PQoFI(z001o&vU}l@ zwp4y(a4Eqtv@Url#6`G@kyt}puwdi+6i~k+nv8%R_ASkw2@yvjWw07Lggm49)REMy zM>J@^UqAD@^B1cAR_LaYgw>fo)Pe2e%L4XT2c-eQ5Kef)#gt945J`R5W9(J)zs~8< zGWb9|$SV(=nCZBKwnS;9<3oTuium@ttj_YeRKWsO9UpDPY8aiK`+CFleF^v394=YMj$I3wq%#_k7ls2pW!$Fjv46D?JpXOvWBCy=aG17INIU9OxKEdLA^Ns+84=Uvp3+h-^V-AAVmj?0{5UbaT4qjT%lJ{3w$m6K$pJ?%E*6X zWF)k{+}&3rz1^b>_g~ZtNZMP$zoP9vT$_qEAK%{m6t>k86 zV%Cx|L3`BD)K&BM5d33_!*4bgaQ&5L$^32Ycx+t6{O6M`Ykjc7%Qs_qO6>G%htDE# zY{fg$^YI_`i#wu)n~X2HZmu!CJiBpYmBQM#k|nNMors-Te(3gsKBYhZwECPq++%yB zrAhSAIaGih3;6Elm&~l9P15%m!>uITzogSq)}^8EkQ&CK$o)wtcg6yVamPE?MkNo! zLzP=5dM248rn_H@3*2Q(F>=FEj>+ zKa%K=9)~thj$f|$V-ilJE%HouSw|2UwrXaw6v(V@J?1rb6l&W;qYzDs^MUDHUH_5(h=g9+AVRv!?9K)Vna5d&ZH;cvx1Pg1mFXNh^(v>j zwyjo=&&P5Vz`K#d;e6gd6bbUxHA((*v-Nc!NteUrGg(^x1cQ?#!T({(QNLS9&F*oT zMgyCk;&pKR^DnX=oZH;P9qKq)QuQ~KI}W$QqN)Mgj%gz#e6=Uu%QHN?GZ#w-{l{sh zrte#9iV11|`+oi3MyFW+J+%+j8StOsg*G2_#bvyeL^4wbCVGTnYSJ{ip3nR7WU9nO zc%y7fGAfb|ws3J2T?RlkgF-Hz#veco%t!^pS|MFFJXPxlx_>VMD*?1lEe)ZX{#f&n zqku(Hn0uIb7!Vq4x4OVOsODFeEP{sEorT4 zgM+JKmAaZQu2>BLGuRYi^DcVmFgPf*3~LML%Kj(os>^tJm;6NYAkut=ZAV zCoq$mZz=bC+0il9JVi5(1Z#0C)ra?L@C3ynz5RP+D6XE+Z1LUdvH20E8Lz9ug}-=~ zn~9}cO0|Mt#S9A+Fm`Tpt@YiJ)Ab?grN8IVqMXSHfHQx?{y?Ycptu3?>=+Mpjz-b7 z*MWp#wT_2leK@>BPS=>&D0|YgHj}qqg)q{O#HV$Est_hvyXIc?>hgq0I>LRW$kqz` z9kD-mFrr$mWlUSkciW^*u0W149O2YUs?4X9%Y$fUnrcvkYW74=f}~LpFpMfOlb!i> zUaZq|wj$)F>Z9DjMD;5fl+v`I(Cp;!xQ{CV-#eT< z<6x~u2{1o)3qOMR(cMVo<$hiHez@*Sd~p1# zb>cg`US3yjY%k%wl?C$OkFtAEM2p3S|rubar^MqAR?i55M8vCCD@RY4E z!D-xQ@TRxlj~NaZ`|WW-mO{q&Ewu;9;9OK?Ex+;)^d|J9MDEwtjZZAq1`shRnvWp_ zI0QQaHV#g(aF5d&^b%qB5LRvMYQG%n*C>f-yMMrjpPWbyt`yH}WY23VARs+b-qOn9 zXaWN%1)5}Uka_U_gw^wTq}zKO0k8ZV>iY^oE(flV+XwDLYO|S@o((1{NDMoXpo(VR z+dBu%H!ijzJBjY7AfenygF8qDfyiZrcm=B~uXk!r3S6FqL#1vWB=HqubaB`O+DzuJ zZGCm2Hb3o5W3641^JD{3!*A>K2+ECTwIxDUJd{^JhRF@%>X#q#o7|;qJIwxkQCu(@ zXq*bf{Mw=UaGrK^mY@m;@DB(S_lZCVp5gfrENt=8PRKi896gOa4U57c5FrjE9uilz zR%kXvl8KLQXJyR$fz5;_5OR1lwm6*hhV}0pINnXcAVGwL4%~ioJn5W&vWL`?gsV28 zecFlp<^M0(YqeQO4&Un~tzbNvIUjkEk|ll{GVoNlRaCbmu_y3JUg;~+*MCB))qr0O zNl2YeNR#G@r8l}=R`iTVKNpH1`7aV{!r={}aEpi_o&CP)rzLaq>90AC-x7a)k|O^Y zfZL7aHhpv|#eQ(YxXE zh0peueRZ{^L@4H51@huRj!dH$G%f+V&9EYEI&bsfV`Y9#2yq`(zo3_OY78W%OE;Bt zD}oImfM`5eWQtMA)s#@#E+)J^}W5PIL3~1 zFKv~Zo4ww}Z~J62H^|cJexUjG?Dst7f4mLE2mk2b&idB2wyu;!PT`%L)9Q4ZxsGIv z@EfV1=cq(7nBh%ldk)t!xis6QDQ(tSoCyHk%Z?5XMu&$(MKb(m|6TR<0Y7@ZHvnN* zeRLJXg5??Al5d|(B^flcopXIwmh1@#sabdYM7Hrls5F+H9HMcCNI1*0;S;FKI6@WxZdI=S4Z;6u81cqDY|IYHK`e z=@mcSwuHyAxS}M-Q8VC!&_{M6Vak6(=~DZhR9lO2wIeuWec_1G+5msywynNTS19u5 zJx>x8rU+CA)g5ck>|9-(D>1Q1>pp#zK`!2#h9FW4Lt>Wyuqi<`-Ns7{E^$n4J$cGU zT2P92t0^IS+|uxx*yL8eAUIg2U!NGEpy-;gXdPMWAtUi(O@Zcbl4 zwT84`ULDzJyl!$?nYkPi!GqE=jl6H!3?*LH8tEyW2 zP{eI68>I)A_u}rsx+#=JP+`mo;!!zlX^i&=!cy$7?<9BI{l?E1@Au)(r>%-==o6ea z|IBE~PE>uQ@6jn^0=*Q5Ccer9OX*BKQ!O)Q(xV4`J#&s#EDA^$_@o4VkKRY-){6ee zk?BJ8+^?zWnC=y4NE;-E3}un<7Sg&a@jRI(Yp8$f&kC!v0peY7R?wb@df=V%0V$1A z4{+K2;lJai07z$}XHXi(C!qz(oF6#sG!Y>IG^XwwY27x5CBygv7T5aXwY#@ebNK5)F0@xyYNOs5gRrt}@|fwC%6 zdR*Ng$+V#M71c?}$a=oNR_KkCs8h8});V){G842)3<6Hp59DZ*fEG~t7U}5HGrG@= z4oU0NOgHNwzo7;7v0zx%~IL$?>}Hk z!C~)&Sr;2co?(J4;FYj9!wkJ9fKD znq}jlZvD5%)iUosO)nz(lG$ohxeJ43UZ@l4pt!LW#Jh%egcD=cA*k@K+InV{A@*hH zN(Wm~LYNzp*>tIip8k^bgo$ zU#+#~e5lZx913Ed+$k;BXTDc{iy|WVA&z*L`5=`9)U2=}%muiUF!g-E?TFKgeQ&kC zPrzclo5cO`;44+DTDofv+^hE&*EgK?;nTgC+s@#}A#gR{Z&j5%ZU}~;>PTXTME2&T zWE-?9%l&E>`U8h&O9ogP>E&Qxv-%5Fw5YKmED^j2voBFfl?!DXy<=r-x!-g2)QlxC zbxymv@)3k7xnZ@eN|$>n$Y41`P~j!%xl^qPr?EvhX7jtHQITWdB|~k^X9X;o!1*I- zOpJ_R*ngGXY!132glP89Unl6IiWi$?ybyKHxslj4DoWs=%4KGwI;Q`d1%Sino{(SK zBfu{1VAjNsSZe%2k;!MundBpVU3n%W$S3DAh_lvc0+hDkNk|F=j!iwWn?6-W$qs#ZG zo2zRL_}KXP{@^1+o_QCx&PUJpY3x^G<Lr#R}qS=f#exre~+p_CRuAflYTyrP(( zT3Fc-6~6vf=dH%7IY#_CA~}v!_#MA)wD0NcHYpxh|oCB4{lqr2v1xOMx}+m zpgl)>^@67Nosp9hAmaV>0DYFwJl;<913!P+JOdd9!@I)P)JD><9?q0c>Wk= zk2ssTJe<6=t(p4pxUKmP%-N1iSMBz`_f+}JTyQ@@4f|tlU}$=DuW>ZrP8(J2c^7BJ z$iGfuCnmNqFE&_5juCpe)WOykclbfK2>!43?x~nmv4i}2jwfSubS2?xIesk8T?rQ< zb9hppf(*A%#}R6s)xnZ5fVSt5Jltaaj$24Bv(5z+*4k2c(W9!?>U+1(;>wvXsnOw! zdgeT!OQNCiPmxRGWHh)_0h3qNwBhZLhjOFUo`ZWjqg1OVT3w$!o&dP~MCl*+=;pb% z(iB;`+;+aj15-ZT#wgGr`I%BntMMhoJK=1Gc`gX4E^F}PcZ27f>%Cuv=HoS_x9|i| z0<7=TFQ`@qB-=zRwk(!i@xQ#k`d{Y~3meUzz@$7|vEtw@Ls?8`v^w4Tu4~{_FQ8^| z#Z#M`$DDDAg+65hp(T!$hx85aq9>4vfch@cnl)lkb4@RXL8PF4)PN=RbkqKBLPA2i z3pqSKKJ$4!#Hj~1&lFM*`v4MiU-C{II5pIl3%!DD4|_)!oxCU&HQewQoE|6O8Ab9DP}qo*y^-o6N=NDp-@ZBSHJSa}m>)w^l@JVYK9 zL`4W9{4=>9Uj!5*mszF50yhMhPmVS==Wj7LIh7-*7z%nS6>=5tb0fJ%o) zM%?1%hO=~~Yt|dwqj|z?dp@sIdp;t=!!u2YZVTrO3-hE*bd09FZ>0+hDSlR^czHdx zl!L&>+a!M9Z1z=28y^FbDTDP|8r`v>!!TWxu0|3_cuq9H%Nz>7fx5>ZnnIO9HpQ6{ zirSM~Tgfi3pDKH-4N;(m0;oO2Car|p&OQ_EPPc80C0vmBiP66Jg;JSpK2L}r&z=@I zBe=FP4lV&fLo8vN51ed?2=pzr1iXQu!#Sjh5h*#-Jh0?)=vcm$HE(fN@1loGoM>L% z@9>|X%VUl%ChmBk+KdTG{nJ*5S88IJyAmQUFa#hSoY&2@~@`YQ{0$NxA7q5zOl^F)U zPz%-Af#$?gPy2SezbdjiAq~7XxQj{_`5nDE%{cypin=3e zw0KBiEMz+N;hZgW5;}E#6wY<=0md)BrvU#)KB;7It7Cvi;AH3)&^GZim1)5=@8={W zybx6cwSx=4S2>1OMryQVC1%yWDiNL2_Q*?cmnhcC-R4_E(goaWEPAGs2Gz-Z$phJ` z+SwtsinUsM1M?IEJ(o9mIDav{LpPk##hb@!+CWAe#ESzNKQjuV(e||`55&7ib}Raf zNx{A3)v*qwKeE4?LMRH0s**<%*%#`&sy@FDc_@oxuOpK; zC4gz)Dxco{gpcnxQDpaaTYV?g$rwEg3!gQxp69`0`2uL5@Yc})M{gng@mtV1hPAa< z1mh-S*sLigKOI_>ixq1_1Is64G>@ zMwoebq{JU!+$#PhtZL->N{%>{=|b^xylw9|+&;J=K=_W6M)b zwz+J|xlIg~)??zhZ!kZJ|=4W8-F^F;-oRo19gaFEx)I|T5 zmA1S8j**5Q#=W8^ibX;53<)dSB{kIIP{Gs$HQZe-6V2Dp6^S>nC$2A->wMD5VFSE<#=$Zq{j?^a_ltG+5&60CCIw`Fl7e4-0_35)Fg$5;k7JX}=eSPIPRnko!STm5q$H2_$&e zqh!^}snX<)4k zFhxxETjKY#uR)?#R`=Z3ZfvN`$KP32wK%*+AFCusctQ^X7IG5ONv!8+ZgSzWQBhDg zS2Om5z?dGUSDcW+RRt?PQa@Cni-*hp#mj*7$dO6a^oHA5_Y_TbHN(ihK}sV`cj4jl z!<%HV3TPQ?P!R}-hdD#%YV~$YUdH686L`H-T6c3$aysjQC%;&^{}8yqP6c|$N_E-5 z6Nr5ct(B>UQklDErvFUTobq;LK#;>OnJ|Qse^-qs0~e{`*r#-_VRgZ?^RbSZ642r` z{y^?VaC~Vw(|3)PBRqTlwAI&5*6c7^Zg?=l6Vg1lrXtJ| z6`+n!yjG6>suZ`Yj0pxxDB$IK?LD;QZqDp&%ah5EwR6tLxIeaW5c|!ciazu_a~u$j zYDa&~zIkS1JYk3cAMX$@xOk+D5#9d!Hu?-gPMpQ@&j^ zUyl&uTsezSQ<2<8$cyKOKG9qqn+La=egtV4gX*e4+)+v(b7KlncPv!3<|0Dyb1x%j zrgcy=S+)B}(Em!IN@*2)-`6W_0^n=hrHp|kMqK3R1m-oo%0p0_$Yz=8r5KRhJd?-Lbk?BdSodc1+4^n5iKC7}4UlLx$o+BgCvjqa#s9 z7Sy$LrH(`z#yiPCnQC$H2({+(;$gjhsb1I86A0eM3#Hl?|m>*GbJWRwTz7* zjpqj*fO*^yh&T9aywmdyx>*Z!5l|M!^-TjXT^(%q#=x&<&H(puRYrS$y zg(ffy=tbl*GC8Td6hS(F4G@MzAiAooXRT(RC-XJo_s}Q!r>=ho?WssReRdwSYzYan zOEstfyrOTPgovw|X1IUQ%Ycl^HrV^lC*unSsWc4sAT|aN4gHf6NR1(jn+@BZ4)+Te zpG-`JX13#roa(lxhnIQ^SDOJVq#tfCaG@?vKL8UC@2Dag8YBj+z0r!Thj8JLqnlYD zZ{)NO5+Blb8hT*ic3|9VZu=?Qv(?7)0kf(Z@=}=VvuAtzKEUczNoqHg$bZOmrJk^K z=BujEGIpq*-tZY6@RQela``IocI@g)E;KSudYc8W7RAM5F1V@`B`rv3CLOyJ+MjN! zo$?BeF)&;L?Mfpl(1Vc-gpn*2OD45B*|x5i{3R=HLjz?{AlTpj6-av+gl6? z6^oxu8>*6OD9@8u!Dmi+VAcM)hX1OX|X}Z)mmh)D2S)^oHP+$K!$VO)fub zX%&T&chPUSJ8l47wwQLw)6`Aq$|E~IU#U!y6=GYicb0|J(gy}cO0nU7=GFwqR6l&h z?*wmR!4XE=(*qZw61I!%Th4+SKS7*m16xJFmfjyxPt3~N4NnLrnagSG&7+4@j=ETB zHlw6FUZUp8xGBiCY#LT>%+fPjkEVorul*?G7A}e9TH`HRm*F(5F~)&JU0vbG@jz!j zWf)_!+P&#|WSw`VtIGE}0W7Mao48?fsjU^a)?a(Pm^>4iapmT0Swe_~!d<%{D=Yd- z{!M%`+2n6Yc2r!s#?ATZP%4pia*9-5!!jyYAav7?QM+$z?jAK#Wq}&8v#ZN0td1E% z&A%lwp7D?>XZ|+6hi~`pkJT*%sD`3DK>JQ}?5CyE7j~6atCnh4~|Eef1S}RH-++0oFc2X4LWwKv8W|ijSbT+K|{jeDO zEpz-B@=PmL{}58N9ePN${p^pzt2bP1tRgz8GMpxcfnhk0TH0lp8vLgclLAK z^D!ATTD_Jy+7y!wh_rAhYG7 zP7A!&4|9fP%B;VrIRlRm9xJ+Xkc8WnrGk=>cznr9;5MZK`bK>0E12;q~}f9(R|d zud^`=1VFRw6jYoo42@07Wl-Lp(idiP(-urXjWBIU8|5|(;Y@^kgRUCmp|U`%Ti*o$ zemW??Flv!aa3;ua)CmVEdTKLHM@OMJ$!9>erzfQi(^7wl&tiCYTG9VUj4dfrtLygo z2s71<^sCwjqoA6}I=G?<>zXN^o~p28*;$6}&lOH*ncnQ|+*FTY;AKK3gCWPlC{e5D zui5kxDTFG-A;W!}c%ABaF%LO_`W}wz51H!GCK0TMN_^ub_d1_H412skUHvcs8j!PB z{-7j{F)Ck*X&2XFtx2OVhH}K*u(iMqU@*EE?v=R-Y&6`3e;kfyO|Gnxn~hh05AG@% z!||57fT|G?V4K)GSJTti+`?{cV~w6|^X;M2?=e@agK^;W*;O;0pEx5EKA1#%h6Unj zQg&R-FAKP;gB0slO&xezQdl@n9ru!pBpiw=Or`98l9#i~*(9hZYJ=HGycU-O{@goX z)V#fV$N3GBxYA9~XeSM0*!e&EHxT?nU;PxB+3p z4*|G(&}h6=78sYL7HXpJS;f>f$jP-%{R-!@2C-5?pag7enHpq&$&5$qxAB`lZ0k^RckfD|IQq@5y-3hq$4!P8e)|{1Bf0ZS==u$L$K_;GSolS zlv0ty=lu|W?MV?MVqzsno~u;-Is6sVRjqs&t#8xEX{Z?rRq1t)`yUp|6-Q*Feuym8 zQ5IOxAs^IVaD~zzmbw~;=4|vT6cDI8%|9e6{eE}WK*H_i8H)@0V7i7!2X?5#@#TB0ZABXUC@@7X2 zpRY&NJu#Q_zG4%8+c#B-YzEO_&=8K|$A1fnj1z?P1r9s!Qkg%tYv{4sr}EDWLjI7F zGd^#Ck_7IN>BwRRnz-tm`~2+)6lL`>5uFqnPhMz6`s3x=fvIbnE~o`oWW-T0)Y&ya zi`&L&yM=_*T3R&$A8V{28jI%$w33lqr?0!FeJiXF(5_PY!mM$&(*Qgsn(9yWhJ(9q8R z7C?L0L?aS_G_!KLJV41-w%ELVN%LeOB+06Obvl_F8yD#i{!zp6`8X@Rgx>M`gmbmb znrEu`+4u1h9)E&UA0}ViT8#{e)@s>BJk0IG6WLX;U+|^!L4vXDTcCn7`#=ZJ4?o9# zkV@A}gu!zMPr;NHbn(yTlwJf;kU25KKHS3JUMk};7Zw8o1+!r1mlpbulFLN!Dt*f7 z2~MvLm|sw>IG#xNQYZ+|pIRa_kG{Y2Y@)jAba_m-R;D3_jP|7H;C|P_2?wS_4suwx z>78&WScb4h!D$cYPEUWnzxu8ZU@C}`Oge!HSSDbss=0+&_^B$q{k3@9c~%9fKyf@z z>>}`(&)SC#$*oOhOqwmT_z82o=;vZx%E)Jw`Vb8ltb3(dVoyVvSQ^tleZ4;kx}O>6 z30{s_{Q7*KG!iTzr^QMqE?%J`)wdGxe3G7CSuY*CSgzji1yK0D9i{4q6JmphoUHul z3-+j6gqUri)=g(}05Fw_byFEJcu%ui(o;a?F#(%B0#tDl&EX*abC>-+RLBCH>1nNJ zYogErV+smBYj~g$EZiOel(&Ij3_f=!C>-R&!y}x6&OC0E-S!mgqQ3%|H~H9@gfeq; zNz^*1v)Tcx9uKETEHAyic@ctI=s!^Lpzoh(!3QnF(fmNj$kgSH2S`tXVf2E^0_!_M z>^7u&9(Ew>a3KI)LX{_)Hc!lvoU{%qi)iUB`7K{g8rhhApbT~-ttkO7ZO{G+&j(i&e0Veh(LTl9dujhY9^Sl9)Sl2&K-uI>!$R90r@1{+5j5$cO zH}d3G=k@9x8@eJ6i4L}-w=2y=AaTD1kP7B$?v6}+ zX=XnZQ5mBvGS}*D1u&=c-p{H zJ@kPgl75Fm_f;CrWJh9^pc6si^LW)ZTs8Nmr;m7lLSoy`QkyUuF&BB-S@BDk`V4)i zs}_m?>kUm;6o?)M2u1FIA5urt9I&uUC|t6EcK2b7tM-YARvZt7SE=romRDk3+SYYS z>QdGMQ}J)0T-B1v@UA-w`44JMG@!h?e18RMZ}CY^!Cu9XIZ@}rWmW$pslUpltP~sL zv&tOxOprrT+7DGgha;bI!H$L5IM>jo3|8efXk34h6Kd>DcFB#3WhYGOT~3IoQ1?jQ zb9e2X;;aGYs3fAkRzb?NFr!B0;DS%>p*brcpR z9$MYC(tl-0gI?>)uR`;I=AQrV>a7wyXYAbUa77rLVqOS{Pi1pr-$Fr#q(%D&&S+z= zpYNvaO{&|idh(iaaAX7M`;32QX<%vXv+k=FrP7L6AD4anV0wP`_^8SF{df!99O^PW zTwHz;!N~I2Xsf4NzI?hy&NA@Q-*1)j&-X_Clm4wgMu%$>ooA2vR^2C%2Z2SnoErf_ z@8J&LoGub?uAEvr1cprx+FE4k7VKlRYgMVr52_k)1_ij2+2lbJ) zH)vaL!V5luL{X!>EOm{pZAg!`qU- zjxc>yRmCp7lWD*bzAiJb?CvkmXHzBfEEJ=eJQu>q<9T25mPu=!^FfqCxv4bm;9z`V zs{f8H`u{fobb>;krqK_WTyvpY3UZDPj+f|Ea@3a{;P_vKrIWxuXENYP)g#z-)t0o{ z=6)-%G4*Cdj}X?7SAWBaMnOjI_Lm!4oSW0zG+C+-fv zZ={}xjx{@z*W>`7Dbumf3gKbCA}A zoEze3K7H5!ppXIqpSzJ!;QMq=_$2>kyKUgPBKf3zp)~aQy0C>5^bgY&*o+4|-xTdo z*=7b6 zlLGpkPc(#;2QN*Y>t;f&5JX8s;_xaM71!tz+>W0{jj{ZciWO7>_H1P4p|h3Y^^PWm5>>)k)2Yr#)9HVL}=o~^m2K6vv1YE!YXnN_1$-R$ggalX(1Gpu6@ z=gO-HW_-qK`6{HME@-2Mm~uA`N0QlC7fqXtJp)`3(<9Fdd|dWe_xErfw&G|ZY4F(h zhk~L{H8G>hEg@z9)|@bPY-1I+d}Sr8d)?9C&zva6YPWu!tzErYyRCk&s!#u_#)sq@ zy$II^pHSvGos!<(=}EGqfq{XOF)&Qts*m&aP505vN@kNY#4}nlz*D^>%GXk@sfyR( ztNR^`>B(hpLk!Fx8Y86G{17S8`2wUw(?^x~z?LBTZ1 z2<`qCRDQ&Rwr+kX=(6h8Nj$ln#OIqzUB|>Oh>c&xq0N1KEGOvV7v7m5)ZG6ZkVRWV zj2J+`%P$3?B*LWg-}XhJ{gsb)l4exip|Bgso$mVG<*Wvob6n7#p1O6mg+oI_D+brS zh%R>j25Mds0e1UH14=r&zgF>PIX^GY-~@(Ej24*mF1Tk))fHe?rjLSA!Zv7B|AiHv zoTpuA_zVg1>n*eb-&QpEdFphyd=5Y2xZb>?Z}EMOHjDqRcZoRANJQT{Cew0{yn6oO z;Zet#7i37f__!G&g~ZDuLag1|(#h*Z@1Z~$<%f6*dfI4BH4o}TF$ zo?dGSvXuvTxS2QCw(fVwl89*Pt#zVUGrQS3bypntU8FYW@hHc#}iE(96izTJW+@x(5w#zMzngI-)lAo5XwJotERHy+<}=l)Z5vben`3s zUtr+o{k2T9BXJCx#utpj&OLnb@|f?rF)vlLG&0 zBO`nE9QpzBdfV>hxRRv=R5^uQtj>WY7`JvV>qGYH&B;>ikmcQHQYJD&f zg+xrIYI57-%?L2R;>*qHRn+3@=JIy8Am*6b{h3NLaYS=CVE8Wcxe;5VrBZZCF!Z;4 zW=9WpAc}2L8uss{A|GM3we_!pr~uwtdaQ?|p|C$7lBH0qF8VWVhe|LX(zi7DD5z;w z?HrP-u=@48Z9$bltlE?>;gE9)ASQ@LRscs2j|x*WtMffFR1?$Erz?R?Wq#8@8gpX~ zo&`o+gcz++Etf-`yH1kDZ8{|9Pa7<^$4!n1Z7Dl4aNGCygElrsU2}o;K>WSZV-2#g z7Mz=X)4a5dbkfVt!y<-}&05slDM{jMoVIoGTW8@}>G6)=xGcYn5A98@H;ZWx6^!ut z!}&V@f$5O(&wRFp-eydb(y#}AHIu<=w0xot$tT6O-)UWqm&-t{BSl0!70T3>&S z*An)%i?^;8K)lg-6(JzT-D~oyzghy6ZwPncn?D3&;-25-+w1h;6G$5V&!k;X6U1z8 ztSUn@RP?jRLHuv&PeCM(NO2pkw5>B-~jE59zg@uFSuzc`YSx zX?q)A_^#QJ>UiNqwCHEqcc@B}`Ssv&%l@FRfMlBW@pfTHDW_Mb&(CZTTfyI{+%LHsUknY%pX3+^ekq#b>`xwMWbP|HxZ;Vs3lTp8XA11w z`myUF)DPU=(L=M3xL{+Fn@?bSZ3KJsKvy!`Vn;KU8&zX1zO#xbh&L0F(jz-j0A?PpIPc}N4_r4 zl$3)3zrhX3e4p)RunPPYNuuNW;Zj^>!^`EnE)E_7_?JZ(oR>vuAhqB9OGAVsa2AXk znj$qd{{eH`V$i26kzVE@=7m#AUsfjDyr!N~4D74j<9XEGcy&kgknW%_YG{A~ZH7jN zoFR9fr`|=EsMN*S*?g;HKty|~rCY77S>6gup`w^4CpoAE*%`okOEAQs2990C?S3=H zwAij~F5U`TD7M$3Y@sXA+phwDkV?KEM%GVZ!c-@Smi7%>8YlL+-?Usm64=>$jZ(*C zTTWwN6Am0=3;oW0*_M_}!EbCP@?@8W86!ZbOIQ8BS$z&;`Dq8CxJSwBdVb(3nxtcJ zc0@46MDMqm)3(}b8p1yE5F!4JR28?6uo6{vtT=yu9VzRQq8>e#?eU3eUw(uPiUDw` zmbT7f7X0PT_vP+y6^LV@ZBE<)K6`^je*B(~$%Z_mk`qluQc-Wc zSPZ_gGO)(b%z5mW%f_XEsPFlj@OQvX(@I_LS8147jQn<)X={zXNm19kUH?;s2t1st zb9Mq1SFI5f5wwxKGWxvP&FP_;vzr@3iW|f2GJkXd;e=aIy%H_|WyNAwp;+vhfu%YS zTo6m7?NwbB(=4Np#B>$87&*IDUayssiyt?Z{^y~;-ky7Vy!HFBYY(T>sfgH0j_B_) z-O7m;8?WRx*w`%1%&jNiKT<$!@$gQJncjqiz@6zg* z2R4a9*qNATC&oMtc~h5ct77ML6(Ddx)*GtG1&Zd{v#m5$RidpNUwb7h#b3$R9TaV| z_{?9fDd1YU%3sda3~l<69AD+zAP~&G)y?f$dh1a<0$=dEeD|8tI-V}|oeHe3Sd#Qz z%VeE@2zFLB$ACV3XsIaDR?{|SEVn$e@NK6CaFGOQ*{fktPslch|L`p;0Uw+U`FHye z&>0~CD)~qZpaE#W9fReHD|BAuH?l%`jInB)%KbVNE|%ype0r$OP(F)@Mj4dNSUbn~ zaYzAkbrZ%5VnGoBjE_)><4+)jG$d+Ft?7j$F(CV4<#2|eC#l^XtdE!JoUkOFJ4~O4 z238AXSZ_xWw24<9{MOZ{8vF#3p0nBzGoNCzKA#BA*aNT0w%?si_y=uWpCjMHzHR)s za6T8Y;7;hZEC+s(Re9rDu$gbn8-)`=0El$fgnA*rxPWq|I1ffMKcJY{Sgd*{uYWW> z@7FvK3Wf=|Qiaj^pcHaWCo{S4uQT6fc6mF^Yz|3e%_=U_G^szup}8sxPe1j}K!<&; zrYR0>KA*!aJ3h}pXfPIjG+qBx*mYdMucHf{LJBc~_e+Eyud?UmDiV+fm&y9`6aF#7 zw^-)36DREO#D*wzca2DKrwzDYYIx?4IYFQRN$C!>lZ~PVdqJsg`vFfv_b9-0)(Mo1 ziz_|H_2d|%`}J6}403ErMMr-g)m%tF{iIzg^De@r4{K1?2XFv`F&%m{!wHO>%dhyw?z=Y4A>u3Q-x z53Wi@ch?^+`=^@GGIx9U0~2GF0^-R4Gjz;4Sp~EigYaVEhnC9Z`O5DJ!{wZ2o>yjC z;X9P_{;Sc@oIs5_*lbfK;+DsTNXYNZz2ztj@Y6n)%ae10y}OevN@dUmhHg;~;G9k# z{b_>XNWM3nthA(|@|frggbera^2+KSx25~DPZ@PX1IsK~Q33^)2uNV#pDV3vG^u-R zNI}PE-{4@96AOMTGo5%(7i+`0>-v1nA72j-sPJBQyZioi{|&iY)|&9!oc=|eA48zIXvqNT+1B|T zw;b!H0$*%d`>k@zr5`~B2^v*)K6HYhmL3B6qS6A5yKUz-0OzPE)^XE>>R)qfU?|Ke zn9DT#FI^zGV1R`tyRRV#)Y}vO5)T*q)Ua8B8?7Ma1U*%9DG~?G2s2kxja9b6ey-{k z1zAnA^ulKhL!@YzQ^>%*I#Tfy*23Of?<)WJd*Hms*}H4&t>UojM@}42wu&a>D=6X^ zM{ik;QH*>lhSh!l8Cjkmqf2^kKQ^KukRj4%JI`+h?6dBvr>SqPe^!K854Ju?2$Cl z2(2kCU;nAf>uG#eVltvT^bUW{75= zjz83J8^r|1xY~Zo;v1DB&-INPFg4i8v~qS9Hl9w+GQqD!HPE)Q%$f@`Enz3SwNiLP zYAe>6<$QV%TW>~8*$sgc*#k+}FQeNrkF%GADv43h%PFFo-_%5h8ydcZahDkKH*GyC zMoJT>8e*6|o^BOf9A6yGMboodi*d1&4CvniG$6pAGp^3MH1{;|Ie;_bgbwE98wy26(>Hwhuh6HpD6MSE4D5% zy1MZ%5k-yNa7Q# zauA{h0Ktk6&BOX;EJyZhZ@sU5Njwd)-+%WT5L|K}R|Wvwozce;xyB z8?rKDHVN#A1p$F8PxdrStTVDqNDqoI9vsVI!;Ejrn zosyRIHC^@rh`@3A1-KC@z=!VI`rxxUm)eLA%d-9*$uSOvSNSm@JzxkdF_%>_<&(PW zy9?I3ugODy#BrYP%7rdrhg@l$uDJMuyoY`(+a}9Xu=&PD;nqSf79sjJ{bF1I(ZEww zz{3U7#%q(aiEg{&+K5^vE5xMZFm^Poha*ZjVAI$#!QeD}stsHAc8N*3-z#(Szx1vS}Db->Q^spcmny-OV(`poe=1 z6Qo=yWbok;=yg%_Kj3`C&*G38KT*3To?639dL#58$sO$dN7$PwoMJO8rjxc!FYC3bB7h^q%(ERWLj^lvYNizTpQgCCuSt6tx4qLf7J&MjMN_o4 zoQ7_`5qUC~mb0%*)a?B>cE0@KCWTaFImDRg}K}p|t~0b!NM@ZSlGYSnK;*z1;73Y^iJCpaZaN zO_Az_vH#O_!`jr`vE=xN*)yRYey)rs@JD{|er~jM5`Z08uP8`6O@;fB$?y5L$ehho zV8Pvp!XBSUA$$Fk!2Ni#AS=*hbE5RP-c;GFI0(zf`jD$EI(d&l9|kQwPHvDrQ{ixb z{P#F&R&u;vQOl2V4Nm|GgSP5YD)3N<4NxRK^-eg^V484W?D2Aol!H6~G@yn;NIf~+ zMnH{p0UJphN}4Y3`W!!S@V&NJ{e7^Py#sfhZUT$V?`A)GA`PH%qvWO<{&D#CE)Rf2_H*ob4bc6bixXB)mAs~mijIB_ z=V!GW8JCrH9XhkFICkB!x?P)HeoE~5(sl1pR87HdqV1Q7_oi_A$$`vuccXyyvP(a| zxpbo0JD~cfy}#qvcN^j6F|iu0mGG(%wnZHbZy*eH-?69&s}5%D<(MiJLj<6nKY()$ zW=O=VA`vcvt0`BUgkW$LDV7NJ_QnD(mXw{O2<>NgWnJ!zux}-~8u%KF6?}8Mt$Y03;hU zEBfx^OT(Gx8-^^dh0B+Mpz`V_R3xPuhV$3DHFEybr#x%1lMCK<55P?g|BJxJv5gCD z!*0_J7O(f|VC>BI<<8FUNdNBPVA4DSQUWQe(5YQZJ@?DTTO)V2;J0C4L&e-4KW~Ar zI||V>&6bni?d6(0t3)7u$j!gzl6OoAT#;ZjN*!%7go>JC zhY{G|zYe=UF8U{dSc&IlA9F@xwNr0@minlF(9}pYrInDG#D^%u8k(X)IR=CY=ob}C zdYF1xD4AsO?i$C@pF{?pv`PtUZ7!WN)A`AYk&1mUz}O#?+W=d55*)MoEiiajMQBwt5d63I9p9^egz_9+T?;G=?JEluvhmCIl4>(02T@&NtT+`Sl=`3Y z_p_K#=MA|&!;sbOqn-b>JHAYPpC&*wvRR8xUo3wzstEU1SE-yt$n|$hS&k9k+tV(5 zsI%+i@bMV~HNQ!|0m7NTnu{uJZK;9L^4%G6N%IvN?kGvUS^H(U21gQiy7PT3 zN$xW3KfJ96KQikzOKZq(?ZxxvCiZ33$C5S6)P@v0h**yU0To`3-E;nMHqrfLD&fn-ijH z-Db=Owil6j$)?9T3%Wb_i-JhLbh#cqg>zJ{6?~0PcUx{gS7@U)jCXZ&QTbah_>dOS zOZJk)Ad-5UER9j0SWn#}vh;?SHAA^p`S=LN&+xuL;T z4TUX(u*t^G$;R>HM*(WVG|v4koEx0rChesZ@V|bB{kmP#PQA1|vfy($_!xu-gxg{J zpMD&E^^SJWGC5+5WJu4;0ecw-a+S$B4+A7~CPXu_J4k>+~9*P`H&f5k?FP+pC5VW_ncwHVI9ti}PD*T>3 zu4|#`>0V!+m=~b&xEAyOZx#SPBg6lp>YSo03%0f$+h)f$I(E`=I<{@wwrzK8+qP}n z_P@_Lot8*UP6>07s8n z?he_wL~}u|@mh4J6Dt04tzYXLl~{Q86lJ*SAEm-L+NfXG5H$YS-yv@}pA&sz1YcSX zle{Xp0U0bp)X?@dC%VK?b)RyN74se!?=lTy=6B9t-LeMb)_?he5UEurna zpN#8)*rCP7$rkw1q5lA7()MnBH$&ZhK75R)K4p8s*H8L75ppVnZ4wO-ytn!or%i1t zfl;8Fwf+-o#|P2C9-IFUj$mVnbCsVxvz^a27Fl{J>vd$^)tRCoYB zPK=gvyr|0ZbuQTQD-n&hWg?WmkU3}5?1XIr>ERJ%>QYOEwxb@l%3^!ikjV3z#<6vEY|C$^Ib`X_g!(p(hMA^Ku z5BZK%T52n7%my5Z_iLY*tA_@B0fNv>t(Oii%dyTXM-sT`1jU4K-%2B&Ubp+4my||f zw>D(T0K|L0;wZ0z&?C+_?-`KpVu45iW{c8qvE9l^&rSwAC1{@P?i4hKgz2;-H5jCa zl@UtIfZ?xCyi0D_1gI?T%Y}RE!LZD2UT@4IHLpG%noy1D+yb&wv{pmcs3Q0C{xgc^DFy;LQ6>kpnQls0EL0*`THA_IJgRI@X^-9 zL?g!P2{36A!hp0&{j=iPTLRLaBrn*A*Q%_}5>7J67i%pO7Hj9#Usdi(?m;I;;-vgw zZdvUn3>=gG5~|tag}#@9x@J8ynA^Aw*x)lLNF8|#&0Gg)fq`5!F^F= zpp*D8Nh*OuWM?a>DnFaY`8-k9=kPO%^b{>PUuxoZ9|bZiXYa-N?q z^1nZ6kH%epJ;o%q=h&fMO+!Uhm0?sZgH(NEmM?VUO(d31anOVH24X~+%vAgp?w|$6 zh1j-u<6#VkxeUt`Xt-6fe*m=N;?k&_H$p}9=K&8n-_OA$7?@$Aih^>3aYaQgZ|=iP zvUxpSS%OPdRLy7oE`@WC%SK?+(^qN!i@znF{b0+1LDap3g9qXwGiWWXS# z7a9c~;btuaK?su>}+_Kq24w>bBWVjB;S%}!`)4-I=snfrC( z*?Zc>jcR3-qLp;7f+?6w*SuX575Q@zuK6PkIn7hPY;8|KQ)&n;-SLWgo2OuQ!wMzQue6OcWas+&vBeQ1Q9d|d zQekTm7#rn0hNC){H$<~!hgc4nR)Z8e1f$TQPts1zC}ynihSt{>41&+Q^Uv%P*p@=k z=j<)t!~IuNUscoX#p8msjczpe4fCCfAh02&P%^|Dbi*4KmZGK+i@pK+yYPDYW>0mq z-VpLf*CsNWKh4`X%C=Sa1Y}#S*62a9U}bzL9#gwEkcq|gy_@n zkyrv_Yapw6>Dq9F$#<42KiFLpY z{x74)hlpT3F;NF?xa|o_;0uVOV)iyCM|`Alq}g&DO&5d5^&p5VLuXN;0@Od5PK&JHTWCPc9DIBTtmXpb2g~hoU^)*kJwG7~ z(zCK-(6@jjh2Yxg42EvO}+itE|OHpW?rIO75r z)s%=uwqHrw+QPgRy)M9$9yU0BA<;O^(1&}%P5jK<+=VH>iO#{G|1E7LDH%sR7@<=o z#H-Aaf^BDKr+0DM)4*vS35znVU2R$FgzWr@BO?&>&v78hD>xJUS?Xb>t3ktPA(y$u zW+}smOkJi4NGm1kpJs4Xw`@nMZiX|W4&YWOaPMVPLrgncYcR#Y#F+Y)wk`XG6c*{I z?(9#KZb6h~jMQWb?zAU}_iu8pJ=Z!|u|zhT+ZCeklEjz`;eeD1JgTW;0m;})AnXS_ad++;Bq zWN?+-LFRh1b-MPP)nC#Mbtn9~s^*48)fJ<+;o}}asqZW=R7CVP9acTowVU-ySWfCo zUUXQAAVDNAKF%E8VXs3hyxjTRysXkheYx2_N{2OgD#`tU+s$X{#nOjkKca4E31>FR zRvp|(yKray^YdHwc<#>>?r*PLJb2_K!|vIVSQUqmz-6D*Qv?QzvZ+3ka3ScFZMEqR55=44M z&>QeIBVAr!hV*ax=HaQs(EXe1EiWmEZ~}6h=gnzxe(aAxfS2c8m2`lO0Iw=Z4Gxff z?G1B?k|em(F99yO{eXNUc6JY>*A!b1Y~)mD2rzKCL0*pF$wq~A65(`uEj^}U1|K8B z_rOptvB=FS?YLEr(YxlilhaW%1~Z00DY2A|b*PI>xk}{FSiI(`TBw`ZczJxp=W>uH zd0}hsv+$GYpp5d4GJIS@f)Vp@xn z$z?#5{Tdb*1;j>+Ii=%vW<#XuVXy0psaj7$a@UrNBnZ4}ELusrZ+Zv{3BchI)ts2l zgprVpS9_LK%mN3VPHU&hHq8%A%X_mY!Ff)_GmJF54h)ATTe1OZN1d`ZSezB0QAs1N z36mq%pHNQmftFLKlR4BAGklfB9Px~<{gZ>FttX~iXu^r62xOhBaCOEC1} zu7ryM9(6JHdQt6Bcs1sLm+~)+Gj^sTET`H|@rVkYPWZ2~|BK-K zNeKYjI~nP19Fn9{4qMNuE#mb@!LQhTT@6zvLv-)*d`5WMsJh$zRHSxL>X5wfbY8md ziYSB9le~t>!U%kc=-M(7HI?&%b&sSHz-vaZ{1hotQfK*XmjuZGl6nB!1L#_?0y)>7 z+(d2!)3YTKCG9OEoAJyx$Qh!$hxB zFUe0u5SuHE2n0N?!(gAQZQU2~Hrz zW!=iuwFJJc?(Xhwe?wN#2y;Ma%_X5D>ikZB;x0dBCbY2|ia;qZeZs$L?l*@;Kzx8U zY|9#7_Tn1!L=lDP$i{Lqud1&I9!_r#`z8=lvV_P9wRf(j&G68ZUzPRIb60qG31L)5 zC;k0g7y(ZpTYo8h-!MS#qFmz#`d$rjhvH#W97qHn=`~IZC}AD!GXrUe@IxE|3zRcD z$hjLAz*+5hE$xatDc3Ov$AK2qCfoDqK++hD>!fASMOcXk8?4sf&Ocq3T zlG-0VOjW_%a^sgsogqNUwKo)np^^tEBirtA)g5bMHJ2e1y^J86S48HC>W{bkM~#jg z|1ZKWM(B{59NMzT!pLC%I2sqVA6g}HxmQ$7*3YCq@IZxwSW!`tF|WXX(&ru;O3F>A zRNVSNuN4p&TLM{ zVXNVEnve-E9J<6LB|(3D-Q58pD4tT^QJqdV|Ezx7KR*Hmt3#~dG??GvO2HV?Mp;&U z%}SIc%9Bw*^^%tpE_|A{zWQojNY+-0gq|LrbAWn%UT2HO$6`DfA%u3gnWohTfhZHh z0BSNE9B%InnDSZ**&G3`B6yX>t*sawN@_Ho5=V8jPu*6xU&rWa%0_5tGAL_;_R?k<)aTiqrUFgN&4SW~nc)+EX-_m*EvVC?vrvr*o~sx}2< zfhcW^&4W$nleGEhJB`46%aOh ztK79`DaI@68w#o(g?lHV6r=4TO<*pfAjQJhcT^DckVW@EA#G!;X7jAr>B2G!czWss zToJpcLsOaTGSbh@GYX#}XIM_4fJ>ygB+tG5^x8-mtK|DZ$?cGh{Vvq7uGQY z>TomkiN#Qhm-|!H5Fu$ff$y2sm~g*2w_CAh9--iqCdq?Mu`q)`unD@yi z7i%3z^3`i+#$ruo9^`UP(%CT%L^%Hf9m0kb-(EZ(TXst%xJNaE4*pGAW$O``Jd~|* zya*+Hb>f4)RZU2scB4yuZAA0GUQ8Q`aj{XkqD!e| z4#Fga%plVS@asV-&e@fl@2QDNGVcP~OGb&mMa&+kiHL1~_2}sKIC@$&!@iuB)U4^A zzh=B4#Mtr!xwCzI*?h?~^xMeSoY_zVFVK_moh&m;vqF3_f8bu@9{7AC_btkeP>jV& z^2vW(T`lri5L22g#f>lOvSEzNsrMHmC%^i0O`Q}h3_d)VSsf3_dT-UQ}GK6ma-EDc`>Ec9PVqrd+r1wToD~c`hOlxss(JO5Yx4#0tek8s# zf(de=aJ#wv{AivgqrKmN$MiTmgdJ|?2944brb6Bnfm}2=&JkwPh~HT#VJT+E z9(F^RTO%ZiTo3#SG=5Kgm>$)aOvz3F1+S@g$rC2|QN{=D44qe$@mEazAi z?o}Nggz9HLWMEZkPT##nDkEtp>m(YDF@0GU5qIZWDGY@Q#A3WdkyY~yt!%g?o~N~3 z6=q0bcKaG&&oX4^2Wz;&CI!R1NBJ-C5~*SuWAv|Rx;6s++o$|gEU8>-DiUjm27l#- zFE*mVC!mPp4{&H2Bea^=`XQg z+pL}c272w#gVc={6;fN!zCE~IeheSc-wtRXamyFI`jOK@8&{!OmddTcUQ?r07Td^5 z+Wqpgp`n2km#7URrN}z1oY-AD{Y;qs!NyP{rFEnxlt&Pwh1o?TBrg&$6C0WA*qqu^ zmm>;xtDXqpfKyZ-9c4!VN~In!9~t!r)uV|s%%HKOj-t*4rx6*Wk2v{ZbVut~L2~Hp zFfI_f7IviMIJ*>Tz$JiV8bcgUCwH$nQ8a+2T7F)gH{fr5uI+5(VCSAX#iSJK^1E2r z*6AJS1BU2*eW!>NvxJ$^)AeJn0W1DO&T#lY+z$ z!Vkp)xDe2H9i0!`5(3}b3X93$#}5!lQ@sQb+v2?LU!i9~M+wpLn2-yu0aW2}5T-aX z>d^PL{D3q_OVCM6H@hS$W;z}*A$T#?R{i^$?Q5exmkgD?&OqD6+^vGnGHPZChB0~VK9z<<^(t}=$#ZWXTyE+_=FtwVvwJ`R92{5M)iiG-wce` za}2$b0Gy7gQmP>n^+>IjwlQ&-yX4`9>oo#ABES_!BC`7?PI=CX75V9}gl72nEuyc( z^JOdBSqj@`o|~!dEYS)7%-6NA0cROH z(Oupd8XGpDvRhK_&!_3xqKcP&CzsD>>uYUEJxeU+zV#yL-(}gDm}v$qvi&4jpFG1M zif87t3Y`bjOldM!ZmCii!h~pO^{hd}qGCZw33X}(g*g8A!kHme0Wj3v%vwD?6>GxC zno$L^pI<;3zV8eCJigyqHpae2t(54y<}3yYxj_{cctsn-e!HAwVv|c8n#px7$)?$*|Di_7kmePh>DonP?f<;9 z_W+nhXVL-cGkT}VVB7EJLg_i(jBIQsE~o~4_cN>4Yh)Rx`pZx^@^=daw^Lq4B%Zfp z$~XuwD%X*oZlu2xT_0b!C)XRq?$P(11|qb5xK+S=avov%$C5k)TUIn=lZEz}Fveb` zzXLT3;crwt88`jRVXQE&f8VkM`C(mwpQqxgK9+$kZ{Nd*4N8VJGH$=3)^9v}$SG)H z9B&!pw>dc#&q>sh!G!7^ar0Nqm>eq;*OXexi6PkaT6i*5|J&<>#-Ip#_t@t~d4TQK zlX{{FO(I79NnK431g&Zo`9q_o+=LyS#~LJ=LyR__@9r@@;b;!ELo+ifmC#8epZ|-M z+J-mv7<=AkcrO_<6RBWl~@tJB-ruNnpt^_f=!dPSN`fxT)`viat$+c zA9Kz!%_D8CJJ8aUbqNuo$&={=r;v1}OI&n<2hpT$LJ$lz1#l^&1jHSYH3_rE+{O;1b)(B>An zkqA~{Mt}gmH{C8*8H&c2%rQ>f$U_>)8buBvim24`hZ0xMp##3>O^~XGI=@a$ofhs_ z^=NY+wxf=s?lqD-iN62Mi4*DmER)qxHiq1cI-=zt_IRpaLgoIB--;6``#R0Qxot;K zuAiV!2^1;JH{veSkWwfGsel}NNDiInHkdLLSdCW5E6cn=0hHUmopz7QEuYAzoiD}k z$B$p*&jO(sMRx>lYmt)B~=Y>*(-}-&W~7NW8o_1msYi5>M-X; zwQw3Pz6&c3H+c!6{I_|#KmpKUqT@T1R?5Hl@TaTWh7#S`lky?(Ic{CmEUFeUOYOGq z+|wEW#dHoomcH-%QO;WRqkcunIFGp)yUF$|4+e@9*;m=nlUaQ5_!~*N$r{Kkj^SqM z$GxIE_gCOgRi;YHL8FZX%Csf;F`=bBdieO8c5##n2zEZHIXwNGRA{4Jt(P9K`(3+y zkhq3GBTbyqa!?*4lF2>#f&tM=cq`0f2kUa8^s3NN9#+_@2vgO$eT+l;Fj%wiTn-yJy3euYFsl=SUa}APf7!a;keh zJ4Mu#jX@#`*l|`5vgnZkzpp0;2z31Y%jegC2ARvrK{|kYL_vc2kO1|q5}0sT9CYI% z*dol26}iVCS&ZV&qg;ZDimEk}fNsemo8_e(fbMaT{Cd8a9kz?F&kju4R6I5&;dlXX z#Uzp|I+8#uj*CmAxB{k4#(K*GhXFGMBU_9RSEC`;cYwf#J8&6ryo#(h)7A@KXPKng z&+2@KURTQ}`eVKNtvM~!DgKio8(|U=G&@y{>nH}BM>M#Eag8f}Fp4an$D4H%j`|d& zwvBQ`j?v>)WGOlZ3BhPwJ)b!j+8JF=iD^ZAYD9x5(I@pN@8>IHA_-HL^Wd+s zEvg)$JoMrxEN~^nu{}NwfSiRBu>Y8PCGxGb|IJhyq=6n~d4t9v{u4Jo5j%fl$RZL} zZw8l)7kA$*K$Dsz6-Y#n$@EU;L-n^uC;aakh)16+GkFHiSTVKFy{^^+hB1j+c$uWp zl~^lAz!F^9>x;`lFnmPNtpa9++{(Q9>Jipoj1t`z+6p?x^$n{={zBbM=$C|>YX5XZtK}xG= z5jfg(K?TQ_8Ky@t*iGrQCn-W+a+>$#0=_I?2bLMy2U4U_aikMr)j}ZHZGA7C^Q=AA zMH?}Q@q~}U&=K`rrNP;0J>O4&Y*7yKdRRh`I5pIJ*gu?aFfxn^z*T?BG{Bg`ALSVB zkKcn+WMPSgQLPNxzHO4yNb7gi^L91s@3;|fWlI=WIfqC*%+0c6Rq&~I>BuV@o7rvdXm2#!w zH#8)b#pE29)?s}3^~}$3S3=bt6>Jh(7O6EKu8?SF+>cxeda7L1LF1MM$NpKE?g#!f zCkY9qRQOd*Pt9~@#;1DXa))(hs~7(kxN6R_Fw@gmLY~8rL2KU5VESh3sSi3pm0v+82x&5x z$9;T0vaOtZe(i*lhg7U=xI)SG9oYl+G z_&`k?Aqb6t-Db$Cf!%Pe287~)PE`CewyuGv*hpm|$hXyb(0uKdD4@MUJ2-wF9&yC` zB`ZX721gkrzM-Lkm9zBaY(Z?3vt$L;P04t2oI{z^049xHSl^}e-XZ{zp!y-KZNMxU zB8_Ij_cb&(?tRAhTYco?DOES$>FQiLB|NV3)_g+Bxe=80YQ-;|BTV+qbTuvL*v{C; zCMF)-9R%mSXD{zPp1R2PFuGBO1Aa+MAR-`O*ZxWUUszW3Omx)Q3}U2(m@F@ z&Bl7NLBg`Q4plDWKL#+u?o}w|DDALdu$-_c>BWKo7V~7-fmP@H-v|8LZH}RYf*eG@ z;+WDJGXn71($WYAI1rFMKcap6eDKXrv45QsoE~8Cj`cJfC#wI;%{|8C9FE16YSYJ$ zUQ`J)aT+dUs!88mz^_tkWe_O(8dKv%U`e>VcGiFmF_$^3VD+zsT#ArkqFL0^&I3B6 z{(YP*j*beki#^XSg4|tMi~zGRvx8H!rC)$Qiz)D(Jvf_!kPprF8bb zqXt%SVl_N2M7)7pbgE?=&ELW952X90#ltkoCO#JQa#}SyGe5S4Ii?ZPA>w5L=|L~QaTqEmOH3!7v@TADV`m>LTi_csP!_W zPywBAc+zb?F+vVbdz?^btCM>=Fome;tLf>S-T&bWPIjeFBeHPW57r#PIjl*8Fap%< zxm-T}Sf!995bn&=hyY(B)HaS}E1~_z&I=tUDlY+`7!T38^7{P$Owd#J6Wk2oe_AL09rRxL43W1oJx7+t)Q0>__M=YURut&!Ma$j8Wvjoc(IOmGT?oGcesm)bWBbiqkFTrDiY zl?%X61ecf}Foo{VU?|#5R??;RcB!&LD$a+CTA6vtNtCg5ZO<)}ah=H+=)}cMbN984 z)qYq?E_zC4Y(8{1)3ak_`C-L)t`PhsrW9rcLVKHDfa9lE%Gr}f3qh}wHOUvdkjFge z1{~F))IeXbfYTYJ)0KXU60ZzbJc#tL{$%M?BK_;_DX1i(l{af%zp3M6tHTxGY${(? zoY5GmZ+v+N*%9U*SCtL+{IpeF-OZy_pZ?0qeeq30mHxNfsy-bGRr-&3%`EbB=bj(S zbrT|SkmdaFoFyYm6*Z~s7x+{{Mlb=hjl1>(x=q8=W#xuGM0TZfLji4^jIJT`A7wN- zRaP-mUf{V&s0vyVl@_mbiozvV2HoyuUnAF1e@z*xH1ke3WH!o6m7T6k{oIUfN7L80 zbhyG2{rk_g2UnJxwMrfjr@M}uYe3H0|H&d#0#nc=t?Mc-I0`Rl#g9cZFd zZO`+@cKT)r-_?DTVOm_O`1aiCnh$H`sucU5l|>uqB@>3QG&XR`cq z-yO~FIRSqsMVfs(!M3~`7@{f%=z-ENO!6`?tOS>ukWA7QWLgH=hmCPx=j{OYHttcW zThv-Dl|uVQay@#-Up@8p z7ztzYc-cbaDurxA%PWUzSx`6kZ7?}$pCgC_S+~Iawd+u_yl`w|CX!6PPqsqPpE@+# zMZw@GX+!k~#Pob|Tkzym)?qG{b_e;je!m98*XSxWDt6qrV{$q1+`AJ0jgu!``7XgX zyIZK>6X>Hb*(c#_UpPiiWEeWodM3rzI0Gd>bE?i(HAkFqv{dN6i_@n%TW)LexX~fx zFc&J#n{r(~(LSz4G8g?=;VyZ`ox#22@-p(dJa$Jc8VWN2!2lK%1{^`gpVlS5qrHRb z`}@wd2f#$(>Py;6txKwdZlSd1663Ajzo$O)9h`G!d6@JYalUy?<$ zGTd;prj(=zYSRLv-5f2(QG(|ZgD3bfs3=X%Mo8(jEFN4~W`6aI8yl&GdDL;0gPN~! zgE`z-5B<~rqhyC>WPEW_7KIsnTt#d70aN6ygG7oDULAaaiBYk{IqF@XBpVF!e}`Bx z5HDXQiYMszS~u2#p|ew1$UX<@>p3K(jL9VryNoX=B2@0p0S+q%wE6Y~W zT1WtFSd2V?w8h}!s7-O+y)YE~b~NOkxrXD>FfwenBB{n*6)IbNmD$IA3nGGn0F`c7 z&tr%oz&<80&JQDjDq4@Ys*rQ~$2_*1K$h`32p?$URgumCS()k#MUGNz6kHy1Z7%e@ z%hPo&jnDHr3jBNk5-}ZFE2AB13GiR1J3UR=4%q?7Ny}?d)519R$2N7Dr>lK3wBDaL z{vTO37}h!hKCj2KvBVNM`ZZ}NBt56M$Fqf#8QnaTY!r?tj=mCfb?tORVLdr}gL6e~ z;U!UvEFMbMId;nIPDU~bw!U0B1p+zsKB?gd28eA7aPpjV4gjWM*B`Eh4L_5cHNuzO zMr%c(DI$n6L8CVI-1GgO6=P8Abu5vh=j$2wr)I~?u_WcSwMIFY6N)fUv}b-|QQYI{ zca_^3v`EDI>-t+$(?65*iaN*KyU^K&zRAAv(l|H#L!HMY|&*?ps)x2&7yN} z)$!+SCb5CXR;^j<>woVBLXw82r@O|;s=dd{T2=0}`h0!d^kjD0G1)j=LRcIOl(Yd# zr@DNe#?b^m2lT=NBlfF)j;A!WCSXZO_R@#yiugbGeljyNd+Z;Ij~H$54u#wF!YYJk z#a z(dke3P}P{QEUgl)B$Ob4{cNn>`Ta-y_DeqiF5`vT(47j65->PE&?u?T8g@j%2Za1< zB0-GmNIi!zB6;&7F-x+TDcXjgWwms%s=x6cir4`fESXcnHXj$TG-rH3=l5`ml+~)p zC=*oz{Ty_~ECm-9n=@5XgAC_44>ITB3Inmo!oLGoo$fH0Y;m%LD;J)7h;^H6{hwd; zKdR2Pjddzd_iIU^Rd!3W*bW_9GEoU2kOU8{Gs1na8Ju|5`g%EqZI!3mE#4i4&=%G+=>Pqf za;dUKVHSS1#k@v7o2vQ5wnD4OY>kJYX}MZt_$~D?du;Fw4he~aBH^T=tzjGEi`(`7 zbe>__ITAtAS=5%4;xIh!7^^h0ltf-OiRVL-MBvRdpQ6X-rJ7aPp zn)^YCUG*Fb2M>q%%%Tx(-P5=)%60R7CxyL2M-CBCD~`TMw-+TZP-s?<=j2?~R@cnc z(HXWT4~0{}+hrfF_^O5P0Q)(s>GL+%WZT_XxJ*hoMzw$oJN<`|s67=J36}>mSNgjUZ=CP!P{g zz_w3{Yyw=KGF$d_76D0!27%-V`GAkgRT+nlu zif)4E1@PlBXXn)?K99%OgV5N&$gS9y_sKMso@LoAMqejS6)WN*x3kv8B_&wCry8Xt z+)N-os02GksCz0#PUZ1)@qln)_pFD{ZIt3-Ahd@HJh-ftsd1S$JH{X7LuzV#SY92I zUivb4Sm(}D-%V$p08I8kNOkVvcjJpxYE)P@H!`HZV#$*J!pg(-kBxW?z!Hclx^yQG=bDGIia!vBGJGtL>ev)|SK43>jqG zu}S*p0uYBfGar)#FpB5dg(ZPnbGJ85dSDlEr4=SwPHyZ2Tt$V;A--LIo4>=~@Xh_; zf9y9i{UASO^Sj%V(kCXSQ{D%LhWVOj7m$+iwmMy2j~ljwD)R`N%>1UDk{RRf!UhO^ zo}9k*lMxRA75+c7yKxG%&171+iVXq zjBcu(dr44~)KRJqC3BYe-?8$aqvgNH3nh$F0v6LGii4F~+z>T;#n_AJi1DIu{(AnP zh~hA+%g;_{_yjOu`A*!A#+|l_&*k!UNmm<%2t;^A4Y#&R&Mu@zWZvVhyQgyer@9*< z>XFPZLyB5fH(i@nT7h=)Mf9?o;4JzIrbbUfdr4&udDplJi-uFTYu6KT1!dmtkH?B}M zrC%GO)6$_$=fiHVT3+N1dcJ9FLcVr>J`jDsA9O{<#G*jiAoc5OI{{pQ$5?*nh)O}-5)^W>LmAfV>=0y2GiW@@wD|) zkLOEFb%BmFnH&cv^hX|UE0@*zJQ|`tPQY)*Y;=-Ez_9mMS{d;o5U| zHnq_b6#@vj29rT2R8?r}vv{5qVsQ+H3S`cnOB??F3T@CW@G%g{OJJLS6iu(i+~IgS zuhnUHz9^1?N3D!iZpT!%Q@8&)zLvh{;0XQ8fi_U*9;keFs2#IHn*Jw$kXl8ip}{dH zBpJ4>4dWRRH8JbLGVASX!xbVPD+?@<6M>n`_J12my%^|1nmKuZ+60w&XNLbLdDs48 zneHTB9B0p1N&K_HriGg6jSlt~pl`I@@dSZ`gL>r^k$~^eV@LMQ=T+ax$ZL{0&d!qV zOl~rM*0IRkSg&@<#dkhG1WnB zbrQ{*aL^9QisQABDXJup)$vqtL+yj92<7lcyW%2Bn2=?n7(shaWFgQFCBwusgHv5> zT~2mG0;8032d%S2-hPJ}TQ7c_kFRin%h96J@n7VwKUG_R=H{Xai&<~f;Z8) z`vd2gTcc<(G_teBkuvpL_uaQkHtAdLUHA;qxV!Yl|NR5`71VywMy&Np+%&|>sRPE# zfYpV~t)Ue3CtxSM7|uAZzkM~a)1q)?g9%(y18#vPp(mQl1F8b( z&RX~0jEab%Ok>4N9*-2E)&=yRAlP_v65k_@3&EP*OJ&vL^CK>iJ{QVxHiq4s<+Ov( z2}$zw(pWo5ATNXD+mHU@XorOx$a>*PVS;QruaQONV>Qvxe1vBBK!-K)-}n>Ut@3wA zu9z!q=!mom1 zn1pA?Lmb&g4LgsvC@{3^PhhVrxSG2UnSw!$6oDM!D}M8DR6q!lDA$%npY-P93!8A~ zyuMv-ZU#qU5_&zIqgQULzKp&P^7)N{JV+LoN_Qt*RMtX_rmAnXIRY#|GNn4mLh^h{)RgC_F4;w7l;ET#Ja%0@3lq+sZMF1n*Dh0MLUR zD)}FyFV}vwh1~q4DX~q}N_ret*L&3ALt4yGa?wye+tIw_xV8SZK~CrC5c_iZF+A*h zo(*%ADXGP|FEIY#W+fucDib+zv}#F(&>6hd-^(G;c%MN5@_Cuq$O`ovY#DmStW3Ty zH$3(6&9k*Y{|WzJ>#2|o1YXF$CxMc@$QYN=?D|P_ya^AGakIi0$qs^C25AC}bk0!? z<)+tI#8qqn9jP>d5v{P_KHKU*Tv%W{;Yp6ZY$%b%#K0t{AkR){cfY_m zkiV;xdb67G=l+3lXIMriB7fR{D7=(=t5r>L5EIqCdqHgN)qC=huGhA*Xm#pxJDb0q zy)7z}$|~>2^ZNbUwRb1#^Xx#ZTLZg+e3fYQD6S-@{1jEK$LNecwUnx&paK*tDwc$q zA$;Ccvpgk>=ZLBt&R#YbkSDGgTqiCs9?93UkKii~3p49t>G@@!-aB%a=E}IeM=P!pSosClF6Ua029A8c3{0V%oSn*!rp%#6h0Dp_|KF;P=rt3 z_jlXn**clUjcE)>NYDuB+Q5B;mz_yj-R-9=9T|%P9hzP%S9bJlO189_h&Xxr50KDc z;5={W^!P}fF!J&a1r z8dC6GAQp`smq&qHA38QC&U|4mEiqq2N2;u{GJmO)E5>OKFa}~?f9zu-6CHA`}VJ=zQx6&KO_G# z&u=}3W4Z^_8{SLMyoHPYe!CRLsMON+K1IB>xf7?b$>@a6MB62|yKa*4vOM(34Ji*Z z^#L+SQ-v|xW#e!o+eiYWHxWy~Pfo|<@fe0ox#whIk@346^bf5}wjuT@ylQsaw7Lqi z`_H#G!tR)7^H{)(i?jbO8MGk*i*EAj94!a{khj@TQ!?iEvGBifEWU<#zA6&EZP}T1^AnQY%L*{Il8;k*~;^)@T9YTMtVyziLdtWS@ zd)GN#kWBQLl$bBkv7y+GoU@=PeaB8S%>486|5*Sgk=0I6JwAMS=Gpk}Q|f2B!hu!} zRA;c>1snhHgKNt92j#+;1Vb*L>)Wq$u;%fC|GezZ?w;1tI72z_{b}+rq5e~xLa0tT zH{W%#W))Ms2y4um46CjZ5NDzYrElMnvfSE?N6MG-v$is|AxQ33zvFGsBrRpI3cs#q zerLy$qPKf^<-o9s-aSD8?7ruSAyVY#spja55KVm1uw`5>$~H}geQ6!BP;GXkK8J{c z1FF<}UQKLPo6)Q8|MB#W(UCSxwDu$u+qN^YZQJ(5b~3S(iEZ1~#I|kQ>R6|r^M2?1 z*{gqa_q}@6s$I4BRSRa$G28uiBuhj5S_qHSuEEzf!3pMs3KJ>%`ZM!Tiy~#_p6y;x z*88{>8LGo;xwXVLwikri314=j&NaOJ%!7Sa|IoQjT4$P=4K=H3YC<9hJ6F*R4n6qx zlio$vF^b=G^z_#?4NMj6(l`-g53H$6(xYl@#&C1c@Nr_mi>t4T-cHBA6boT89Shyn zv2Z4UDIg2(yPTF=#P-DByNGZIb*3gmIS@C@&q~;%`NPNh;XzvN?v3b%#N&AR(j~fT zW+p`Qg3;%-^XGs@S4E%CTwu!s>T2#fZiiyGmZrw5p?Nv4tYB9rx0rpPW9>>D}s%2bT$Cj_F_~L@%OOMet^RfRV3K>?-&Rv zYQ9SCtWV6e#<1A}Sq6x((CyB>wx^$-5i?73eVvt(4X3U*SJnpD3Kj^%s8MnT-G9z# zQ1#t93y|T-$$v&1T_C^^`O+hN-fVT?x}Qx?)@^uwoHA*&x~x4qwvyV1`5u?Us|V^2 z_9|XMc&&3Wxk5c8f?4MklPd2aEe`)I$Tm3}p`Nf<>IxsP@@ACX;v~yjQlqF8853f* z%R6(u-<*k6R3C3ET}|)%rA@7g6wb#2PfDIDHn{(cBQSE!7)MH^*zjMu0Tvusm^hF+ zQAp!a%SjO?zW&~em0GC!F>>~uE2GG8J?Auq;87GPY%&w2QtRR2zutkl;mvNS$dr@} zQBj?V$SOmYEcj52M440AjWx9+b2tn{nV?_-d{Zxj6Ilc|O37hnZLKPH(0q{T`iVT!7E81cK;h#hdz-01UQ-) z&+8<9YuIrO-tQlZJfzQ2hbC12P236OKuN!#O6k^HT?aA}8-PP)Iry`Dbj3ZmTe_DI zNU~SBv3}~1$TXor@qLk&vWVM;wr7=)g+IJ8aYWRD8fE5;!{)CBoLg0A7>(|i75T-p z@3k>}NP=TuyNth~fwV3V$_4W8$Cu5P&XxkguwcFJD{T+N#$!T*Dzv#H23H_9Z5ERd z-PG|5Wra{aiMmU;YKrWUDrQftFA!C$2L=i=2kO~`@pLq`>(>M~udfdX{7-pAE6T#M zNv+=PnYmpd_^OOg;nbum2UQcg3focMq}4LMLT-W^s~Cp_TUIVRzxq!t%#3c1I+yoM z?v^*4FN{OmPTUK;#ZJE?>cag`H1S|;X`#HQvw~4C#$Xz9G(w)#5B*t%CdXhCxjk;{ zo7vvfvE}ZxXCuFHBa5zf$GxAMr`(IXACVQ`{D60;1%eS8s~{I7%iJMuLIlvh6mL)@ zE)d;JmH%dg?qk=pZiTis7b-IBNBSu&vs{{(g_nG&uDzRkq#rFYbOU8n9zOFI=oxAm zrp;)V=i~9gh}OF``&AicOwVn7OdZo$VLt4?GbXgsdaORYHVhA@20ypLg4R~Azwuh@ zHxYx^Uc(%Mblini^aXUD6mW!S)|Gw83UxGWl{&e%^SPjWWrw;~a zb07poqJ7#HN@S_~DbhFoilBgJnH6xb^c)}lI(NcSvh$6Yvhfkj!)eUGj)Lct2 zFR*Ilb&DirOiVBwq&gT=kdE|>x>NkA^&2Axb_-+&q79`Drwcd?>C=hMFz%W~aD8Uf z?gEYsqG%M`fd4?nAPiN=kf_{bbK3KGomM;Gia|`=(j@*zXa#k28r&4@lk34SJV(PZ z7JC&}aV~#3D%d0`L_YwKWc77F!C=4BDdr~zWE4E_)Kf=x4yH~ijyfzrp|+(lcX~V^ zfS!_)E5B#RaA7LAAeEGse4Rai4+8PI2}0oLA+OF-Gw{parftkK*I zZujC5&$^S@&ak@mty2q%TWr5C%bF$P_>5v)(;-_xb4` z8d=t;;X%uukg>{z-u~Sk^hd6M()Xr&z0jar8SU++#~N%_I3Jjk%8%@+{c&Y>zThB* zMb3y(AJP>IQ;%@E8_1&9+kn|(&H(SBF`7OpWbAL%kgfM51!~DZ7VlZ3iJeQVh%T4R zTc)KEx+IA9y6~-jw%Dnisf)i3N9JQR&%&OJ<} zR8&%mG0RkR1)WF*A6j)EaqwQ;fq^Sf13CLKGgoV)HToB?J|#?}+S=?Gg)DO_x`eC5 zVR6fhx!-0QO#+u17o172H3j0=jAHr`z9^r?ID+sn=x=1>Xsj(~oaX%NGx3-&?*iu(WY`(OM1x97;q`6_nBQ}*;vDitI2YMri#4FVn zgnFf&;}B|H`hAO8yz@jcz!%S%8pmo*N^;QV%ODJ$(vSob+Y+8 zbiO*;veAkt*}80krX2LydHzHZ7~CKYxf=Fu@=MJ@`fbs9ea$Zlb4qTgRHGr+IMlw> zE8u-%ij&z^LGMD80U=BcIf|m%@X%~1&uiM*?d4VBS z8JKQq80S1Z0m;8ghLiQW<>{`_Ll@PCn)0}K$y)U)wq%if zEQt7xBze=8YL{PF@;5eWb9uYnRYl|OYUlyee!JW2>jNCo3{D|E{FL{66fGGVY5+Rv zP+TZc4FIO=NXunrwtZ1xuivxRiE)-@x9Ipo7egrAd#7P|*JvdGby38MSNpegDcy(s zxm+T)dIeFhfl7|**hxv2MT>LLB}PGe>vaSwvjT_e<5(==K)BNzW>-A=m-;zr_Z3-` zQJUE5X01#0X8ohBs7W!7x>8qT_q}g60s-DNZ6ER+?b`p08`D3)Z$&okP5yv6n+c5f zoGlj1#6ZO7boB_CDc-D-RgNAWc_RO z_5qwSrI!7(%b7+0wPA4m3(w&W1p@nl9gT3*>2ea+ zOWY9FFF{hD$*}`1AIux~UG+pqQRz4hw<+@&XwF=@+(t?$V#skRkt6k=Oc<00g(Axp zQR>d%&cB!b4!EA(BQf1s+Iu^toWE*$$0+U$%$FAJly<><3h;DGe{+$3mRkKq=t3)8 zLO^yCs4JmOY=I_M;8Igo`HS>mG!JV(lnMyP2cURsO2EG za=wGBHs_gQasA@{wOrNPR}N z-Q_jI8IE2hKk<;BEqOJBr0y6N=(alOQDie=+OhanT*~vYAIva;CEcH%Rg26(tFFh_ zcFsLEC3o#tql?qS$iFXt5cR~Ai{U9K7ZZJp#CjnrZ`b7o8QykW!J<6k48g?3S3o0@lu5 z8x4Y|O;Cm}Yr)}AvhT~D7u@Z1woV37eL2&V(2Dd;tH=Q{L;vq6=@U&=PXgPu7Z{1% z#A*wCZgKEW%w=@kwNovQQNaw+h@NUg(*OtEARgW-4DTv>TKaB}_m=M!1MFn0-vo15 zY0RS89^d+I7&YGqejkKDH`*c}bKj#{yG09y-^)M`m&m=H+41AWivBF*qqYoKVh9XJ z&GU_)b;>IcB)QklCc>gcM&{nvh%Vppd+}#Ql#*gpsI|tg=E|xECyTlWRauIg%UfGa&9LyD3*R|drx+ec{yI7uz=z*w=ChQn> zc!W`b0&+k7yk2fO+$!fE4n6Po#hz+8t6#IV&h2|XQ+7ouShN%FjHOBOj{Fj!iRsAK z3|#QPo}QC_;jh=zWx23ypq$Lai^WUnTbU@nQvEJO&_U@NiwFa@XTSrpXNi;%-Hrzo z3@^7c52HZxSuUTK`rhoXS@0Ih?OX_Lf0o!<+{nx zRXng!9Jj>he=%L8<_A=(6hceOTiQ;*V09^XwX$6xyr|8I^<+pXoi5~wtQlA!Q0W!m z#F};*QllexUb5+*TXNrR6Y%L#GQI~Iu~R;zwd@;YkU5*=WIaTgt_ua9VxJ-E46$VJ z8*A~gq{Im@yyUvS`H8)Rg(3d@%?9ATfR&+%S&4aud&HkMYbKsia*Jzo)d`4*vx_HL zf_AOqlBX^14O~Lfg;!}L=Uy&Cg08J(O#p@BdWRNJBBG&ZvF9{9^N0E|58^R~lZ%EK zMX8|bOTpA(q91+fNCb(_u!Tj_ly~c+yDJ|fvPM=$%$wzTIq=a~Ybgq3%mS$p=6P-2$ zRekN?wk;L1yWmyQo%{P<$Fi1p3f<$;;sRNh!FiP;H(DtmEhI;x&>TCq`1|yyxm(xw z(4zu6Nq{N#WI+sMq>I#x)ZdbK$*7UnU{u(YCPD%4-}KH@;VZvZ1rjRI?eyUYAQKZf z%3*{xkeq+FFNR<#0|DfbOQyv&&K=<)aoj{bE%eX5I7U5VLYr`#diRm^4-FECY* zP?0lr@x7Up#&cHQHf!Je#n}GG+(H_t+$!1<`(Df9&%cIlC*mslws$hV%+n@ zJd-*qmkYdmJUfHWx6q*}w)tTfY4bJe!UBUg$MiSt{b%LL0m_<|D~r)Oc)_AB>? z5q+2Go!FF0=#CG%|NLOkFqe2k#7Ep(A>=Wk4h`*3&#(yflPG$$xOZ2ya%0KDDEm)> zs2jaqQbY>3y+sR7~ zenA>xqnh>Z3Cgt{s!X>+%nF>qGeIEZlStpn+ybNz=T?2JD$fTUS@>rfo)aA33U7;@G zBA2hpIs+&wJV>jBIEQ|_9WE8@`l-L`xF;-OC5K)ge3p8k0Jj!9ciAS2-m{)@omwUL zFoFZJZL+ykRkXE}lRcDD3!{ojMY~ZcI#`>Y4&36EhsqK5_~;l*c|7+r7;Yd%7pjh~ zqL2*I;q`HgwZ8Op^k?X-D!;u4JD}dEc1x4Ud>v?ibuuu}l_q5YM5Sk{+@GX~0)IxP zZD&$%u`cFBzQ)J~KP1mt)yS+|T<3YMTVx-hD_FT}k7{l;^Au6X2)d#Oi2>9G)Q#Go zrO?`Rup&PCvJp(m_>@3mdr!EwkqJi~VwJUpp7> zZQ($Fy3nBcs=X|!+fzNPU>o$<6L#WUSK{_WUxl4E7Ku)b_4#55Q<7yYOGtNYKV(dU zK0Ri(x>abR;OY9e-Zxh#W4e3ztk73=n{kr)ef84D(YbClak4xZIY0cgkI{-Yqy}j1 zYX-5*)jgj2in~=-ZP0#G)7+CY?pjyPfO46E{!zybd(*r&TUMVnFGr~{(EXPKfOrg? zMi2?AD+uD7BK;R}@iUB(*=6}Wcav6jnSvhFl86>+u_&lQF7 z7m>;>Vx7>3yHe}`B{Ib|F(v}kuRn%1BvM)rqC9mZdQtm zL<&zd4OeT*$llf96guLTWif$^sO z66%_%5pf#|Fv?Y-Pokk=PmS2f(w26vAUxep>GCQX4f-Cx9ecqw&rudm3RK$SU_Pq2 zcg>(KGCRWuv)Cq`xeX_B%C{3w(z$codRj$V`-ORNOt9PiOz zjWW#e(X6c1ekZ}G1~{pDzUBZv6d;HdCWjFBP(}uYjDAjT{I9KX-wmGd^|q$2{#A}a zMy3Jdo?bhnlElvub^|zg#0^bIE4%I2ECrQ?)a>1LtkvE;)oG)~*AOJ|yH^<7T@lYH z2~~E1PqbcpwD?mHd|}QBZKOYiJsua!)f?{glpjmhj=lt6^Qv*i3Z>X6FS?0!&{Oy4 zV^y&QBzl<_)_N3jB>ls0W;=p2gR6BcDa&tiUPy zR(OxmCmmqZkdqkB zaWpp_UL&s~SC2B|Xs`0kG5uEYn??Rd0qxTYA5=)^ju_al?{iP&ftUl4eE+x3G0>&I z@1cc@9AkN_aeJw&0pr;Rpgc(d!kQX*&-7}p#F|(#=`Qv~{Ygx>kie*WxYtjpNc7L_ zKXVM#MIVEjfS{y|8J(0aEPnPkZdEL2>I!X6AME}3@Om7zvUDQ3Nv^j&MNFeJm!n`g zIFV*TJ(|;8cK=KLuJ>H@pwW6#WEDC8tTpP~Px5WHIVEC~z&|i;`&K5&(xEf3I(Ltt z?jMu6Ri@A%DJ^UBP{E!l_r9z!M1>S}i(;B4<`1G_iffQJhzr`X(k1qdxmXdC9&;?% zJq;eFP2-A|-^nKMrmh zDpb|73%gVuSXJe=)XPDKSKwTfQ0Dv}k2l{0z9);l1L0&1iw2UT@d_n-GUp_-?o|T~^&PSOS(vzv_p{a0rhUi$hYt3L(_=ghwBPhpgMH!xhebH~FWzHc4v-MTy zG5_RVi*3v#8Sm1cS!W%|`^C+)GO#Phg8!yC9BW3qdO~QBf@2$ zMuvoZBVBP6?r(u05_*t?THb&5-GVl{Ns4Bumy4&Vnr`t1u5#^wyWB$DL);WFtK@Sv zuj{H31&dHwp$|6(dVZZS2A+Uo$OnY2NN6Q(lcBqn)2{cLU7HoA={#q{h6>lJL0dj~ z*{DV<&?_|RlEkw3ycG{DyKQ3~hR1Ris@j^3Ral+gJnZ3qVIP-2P=1y?@Jix8)V+?} z0rdbpxG=}QmS8H@q_289Y>U?wImAZ!@(}!xEo13aW$-c<$r;rV-MKPyGL@<6Sx-7n zqoCcYyueZ;D^}d!<(z;GLq{JS8b>uwryo;_rW9B!>JplhxL4vFEB@j%g*DO&Sb&H< z)EUF|IVKzsb4g;^9WYMN#0VP$iBxn>Qw zXyKa(JUp4kxQ9W_!7S-&wm9_zZQ8Zr5N%m8<&8&KSy_u%8^sB`M_@ejVDcq=!r2Jc zoVwm3v$2P2lI}Nv^04P)cMXOV%HO`pH^D*Q2sx&ew zs$oK3HpY=;!v?@H;j)d=iX+*RZYK`Jx6{1~DX9nV8LQ$TD<;rszA=$M1!4HoFBoy< zVx&k~AYgd-X6Y&2~8c+xYd_RDva9Gx7XC2fRFa7b50`*v&35l*yvgfP*4OL0? zIdpqo;kZ{^O1w_oB}R#|Dv!UXy8}r`udMIX6bpl~KPK~ubtsHvqohDO?rpqn_v0yH z8Px`xWa1!DNlKy=2$3m4y|hFV>(ebac5Gm*%TrP!xYW={;-yAl7#8Wm)sDHS{H#Vi zr}oN_(3Y}tqU&X?sHjA~=H7@Ehfb^48`F(wbU&^44tR8dTPhaDjJbjEU3LWBC=NRe0=n?WdK zo-hywS=tZkSJD@f>R+JeS#d8504YN?K~2MqO29$r_B>WJi)sH}lxvtFJ2e?~EaF^T zji6J}!mW(+zINSL2UEBUBZAaus`&#vP4g?|+t&^Ux`_gp^ZC{@UUo!2MR{*t7Sdws&u^wSKXnC$;Y=Zk z4iuXCrWE9KPe;HZqZzt<`nPE8jHmlRALju+d*P~hdo!pFZ9$^@a0QWSLP9))cLV25 zX^6Wze%qg{9+oWF=kQA{a&oZ(aw7Af9CL!)M@A^SbIE;A9Nq+9IP`%E8|T8(+Fa=T z$fWkWn?V+LJcHVG>yb!$f(2=oG*Aa8JgjFq?^RM=5$v1Q+PU%W2z(>cruLuOU+G3> zp}F~chktqs?+v}ovx%aaAHc$1gKE7lVXkOJAxJsB6{$h0Z>5si$}MSGd3lQpPoO4^ z|AiET1}*Zq+j(98fE0uk(N;^>LmBhRsHANY;Si0Q-akF#~#Ko>&4>^Gik2cs}^RUE3SEbfV zja2Jz+Ai}myQ%Q}*M3=MfBqplJCz@RbfAU@c24KEbNO0djemyt#S$&e$LB`X5DOQK zj)0KwOr4JmA)e*PSWwZGOHH3GTEAua!^6u+e)^KAEO}vbKVc}M^HiYOF%Q3WYl5o& zKdZo1p?~>c{xDFCgM^bOkTY{oh-6rE20bq{%xU46+n-`AubdPQ#^26Xk*x*DJgB_o zOzVzW=ns7F0FRR1?hUNeN}&H5UZdR<3@`a97RHz%JYBvSr=U{BLER`zZn|xQ8DyOZ zl(C)Izmk%}M6)qxa)aO~Fu?pq$V?JRuji$N=tF*BwI?XniFQiPMfYsu{FBJvdmL?Dr7yx%3E*OI{bKPEH~J}-yS2w} z7%6f(`CapU5AqPMgXIPDg>q5g;m75y^9ggI$PikcD@>8&nGs2agn3LI9mO}*nY9ZQ zpxi8`w&vSp&p4I9!Jn$1B78mNhtXm^c?NhBNHMbydCN8B!f-QOtJ)WCIFJ zBau8mMbA8oe!D2&lo-rWp#&J^Ivd1Ux`V7+DG4A+U(52A;788@nbNZ7df(RE&xYm6 zU;QAQ734Teoh~3=662kYiLVM@htysOjIHbW(FM<{M+154^EpW1O&SPoV}Pa>G&nPe zvYm5?r-u#jHetk%su|b$j)=?C$o9dqm8}KWdfVE${J7SSt@!TAn{*f`LDOE+3HF zuuc1sFBGu;Zxur&QsC?^frEQAqD73~=j9fdO76hCHQIB09A6rX#N>P$t;Ag}oAluC z{Jy%~gTr3Wcm!|UGcFi9?CeZNx9YCY zOoEI-uTnQEd%rv8nGm>of8QIRlwk+g;x)rXo37NXH<`SGW73?&1T#+peHk5n8Tj?RXo#NmGf;IqC z1ixFQ4I;koU!UipkhR#{z#Px2wS4nxdkzR){ZGq>vT zGF7tC&{Cm@baPa-EMDwXoCajF)nqFRSruz*l7!9KLa$lIdLfs^!}{cqN2v*=Hd zYn5f}?_l+kbrXk6JlBKcGSuPp_TeJSr;oc4!nzCm;sM2j$%z)3zFe9tv2ZUg@efkbo$_?=;&qxeN~x zgCC34I<1=NWNhxMGg1`McF=;$pVwuQuO6~67RXipn?ru*`~3x1;8R7GO_-y!>uci+ zV+{1W=NBHr=5D-9T)ubxAtra;2ra*zYlC`Jj0+0~HlOzexIL~Dy^t0CT;YB|;?1!| zgTEg?F$@oQs(t9U4NC0um2@uaqO^+VNXugR)C|9JrySNbG#_r2%%3?~RXs@B28j1Cv2c%cjnU%(zaUoRc#GSD2aSouUUkdNQaU6${KTya8zY z-kB(rh(#m*liG_m>{ZDs9mRL!;xdA5m{JrRC;e94==edXK1ke;LcPXg#>~m;eKO6# zlnej>qlJMi8rwSg#PIkLjWSJm5pkR=+$Q~+dk?Z0Dl7&s5lQ<$}1Jvx<&7u`t8#G3V%r0Q;R|Xr3 zUV=&x)i*a91Jo$pCOO%5dX3&suEG@E99O_M@N(Dg^LGg`auW!^oh)SDL0x^`z3OHOd#-@SE8v|>G}tvarz z^_y+nbxPqn!MJF!C)D{+6>b)MJA()A0OHD8Fc}zHY2kZ%TliPaxKsx%iL=ogrPRaH z`sRJce4@rZql-n7g85*I_z%4V;sB+V+AFmR_h01UTe1AB>3jc!?~gSR$528T2VFJz*UC*Mu# zU~VL@iv8M$@9oo6#&6^4L8Am1`Dt98a}I1(xUn>e-|XckeL({PwEW~gXESYxi@C); zOaH%dUN&DL8>jjvgg>2PtfVZ{2Qo;NBGd2teMj%&7}Z+d%8SLYO4_qu@96v(LT3qh zh5n0;el!z#KyeYy60)BkW-W~zglExQA$JWnzBgg22qq9Liodj^q?R$L%gxnc7lnu7 zHxB6>&|A&taqnVhm+~V^!}fa7m}uMzShI0E%jro#T&pm32>O`M<8wS=d{WW|&{0{_-q z*CS}je)RoZ-b6n+VX<^!1E2IFjDWM5MD_*x1%=!g!7`JZpr+L;zN z$|NhtEF9T~J1L%)?9?M1pe_sayPceB3DxMgAk!}lHd4=uL?T4I{Uzrw&3+R%@N?jj zrkQEKrs>J0=R>Is|P8Qj+{r8$vLOue#QY1)*jml^s0qs&_Vy&;HA%tyxdsb--*LV7Ii$##Bb+1;Vv#zSeka_NNBr z*0v=y$^H++XJ%fWUfmAeuSDTDe62d4O5tylf{a2N6D-QR^YIE5JZYseT4{UoW4oiQ z%zvVDod`UmR#jV%^QYyB#I@y(=x+#CiBe7(o6i*h--^FnT@jW(mL}l>Myr&k-Q3jE z3@>ekRY_#z)=!hiQ3QHCYfhKG7zM6Ps(I^Q2{firCIW*MaUG}nu9iHYls{%=Z39c3 zIJ8RZ^13~R*(s)fuD!5v!*Af3Fqu(i@kmRASJ*j&t`d|&RhN_eA(%_eM~qzh>~Nu% z(Ft2W&!epiH-zgtlus-FNev^b6-6Ds1mGTfl5`C1@Mn5)Pw30(^zFC)gKkgE?v zD-A4Z%XhyO+)y}1%5h{u#S9eEp(Dauut-Scy|k$BBWKN)7L)$JMRkLEmUGquhs4&2 zJVQ*>^1~$c%;XwqJ6Bm)@b2H>YB}5s1?(>-i6Qy=-t8AN8tdsfkI7!r*n}#b4GtbA z-(v6308L9Br8oPFrZ&-oGF5C-d#!^y87V-!aDp6~sCYrv9Z4!{%+zd+E)YoY3KcGG)q;M`1ZP1gt?LPhyy`;- zJKG&0yHMk0KlUd}3^M!Oo`rA~m+fsDQ2F+xGTCEB-@7DwmxxKP+vXPid7;RxaTL7- zOPCxa5(M`7;QCmoKm2bLJ9L>raiOKs^>;QTHnp5ZMYZ^CaHCY*VJPXppbXgtQwa z?sVME<(H4ux3>qJM@L;t-IjQb|Kjqb3FrukCFJkY_x;JaM116$B^Zg+%IXWz6XZkD zk@!+Pg;T#QJE%hgLz#coxZG`5?yAkkYxT<%YQ)+ab}aknbG;N{tLND~cw`(-*1hK& z+AP2`31VJ9u!af`m2URZ?c&=5^YG<|`_Rb0Iw-){L=E&h0ro(r2aECbi7mr^;}1IO z6Uk8pdW;?HSC4m5%Hv@gin)~?B5;WSY)F>&=FhovHL`w5XrM*;A{E-oELrB9&hpN6V@-UPn9MwsZ|P0uyA~TUG#ii#K~lZ z^?#ePqkq1hFa|Wckyb^>IvH~imbu^fJ^+(%Utd5UIf9xrfza1&nBV*33M8#M*TU~V zRweqaL58?S#z6wAEAQ=?FS*~Z&$4>xRx4ndORwKwxAr}Jo^X6)mxXl&4UopkFM9*< z_rI)FkDR#gTYEn5?Z2NSnj34-YOilwc}zKmJXLVqnrsMx_|Aerzt;(a^b=vWTBNZR z<#iEdSc?zfSADkc=}P5Dxwk^(C(q&qZ_3kS$_PZd*+;mm4)F+ydU<9crnqxX z?8;CgaFF^Aqd%%ZH@_#Q@x=YF)QuFC`# zdIRg+2q-vEE;-95V|_5FM3(c zKq*GxEr1x6q}5q98w%W|q7F&7TJ~KbTwMEA(s9$^bK_x93fdQH<^yk&0`L*Z;aW6D z3j7?LHeEKlH_FgQO=fe%l>=#BCu(y#(t>n)HuCNfuv=A4LK>)S6Nd33-}(n@_Qq{; zne!H%J1&Eu=TiPFowtqPI`B2zpy2AxsaCUb0M9^KY_VB`tzUez)_Tj!^oJtGCs`NC z?VdeL$lLC@Y&|99k}N*KlYsZ3oq;L!`&#@4n&dIhFPv%$0u9PKE~H`^-0IM)!$ZzK zL_T?hm4oCYD`Y5vRP!Nbwf*SbCe6b#yi zYb)MidPmZxbdMQOvC)9K-&DMAtBUgyxE{+AC%0w?+8c{atf1AX>EI+nCH!9QC^3pk zkYN(@_lVzbR$*@{IqY}R+r3{$ip3}s)o3TB!b0_XVo3Xn{<0Q_K4TYecR#>4YG26C zzn`9B)r~*SM4|xch2vPyPggutf*OabI6JkewYr&UoptRERiOT5+DZIqE5~IFA4?%) zv{iV>pIbNInI^1a%LZRVo)}N1$h1VGk9%+_b2d&DZ(j?6t~AF{3Io!kt^)9v(&_(8 zQ&36-khtgIRm({I_u97T2NOrRe1ARU9$Pj#>fI|ml<+Us`*aB5cDVY)_#*H2*rVuw zyWw#-rRnVKe9$3q;rnCRLi0jFf;boz=Wz#Np((mkf|<1Q3d&87K}k(DZg{V9`5wvS z)F}spn#u09nB>=Q)F6n3I=2t|WRwpv2*F<1)l@cW^VwH0MzxYiUy_Bwt4uIVCn|$poYh1ZRuL+^ICH;R^Z(ww~p)NJmMo|2CF+u10YO8Gg z$rf1aeG$nH^gb&|*^z_rn*9t9M-3Yot|#MkaWk;sE)y<3x#(R zxhkcz7DQNoPTiv3X5TtHa>=OD$~i10t&0v!fig9}g;*=MlO2 zH4I`Xwb&V+k^7xC<(f}8GAv29V`*`fGIrK z7_pTxj9mCnA`bomWrX>EkRh#|02}JVd40j8_m?}=UcTzfwE4h+nnjc-uDQ$=Alk@t zO1V$g?P^_3UdSfGzc(5P9r<``?fEYFTi2bPW(Z5uAuP4EmWP30L-eBgxv}&0wA&~0 z=N>TZJO=Kjw#E0?aAPb$3XQ0qfqwe)X@iteYqsM4=*-ei(h%WqN70d5L2*`uh`*i< z{~cBnPYc@;_Br_pB)YO}RY^K{RW;Kuiu$Jg>xB`8+<%jEChB*W>TJ5!4J_!WFzMa; zZ$W!Pzy8)Ra%@yvmHutKLs<^S-BZN2vkAr2VqC|mwsew5<`c7a$20b|+g8rXA054o zL+0Vc!<`{U8$ozXQKn)MY!jtWYVj;5=U#j3E&NqiFDu1q4(Ai-tgR5tIKvuBH@V*r zdZc-&Y+ltNf*;m#{`iuQ|L0?EXuWTqL->Lm*oJ^$j4D|%ZnUix4{;jhM5+@Bvr1@v zmlZ-~{-p7#55<;VVU-yJBtBEfR5V%J#YO+J{!`|~xVCgg04HLEUKviI+54%hqi0+e zks9&+a%bEy97(#L)>tZRe23!Ea=L3SemSaO2#(c0inj6myLOVrY|czcC| zdu3iCK-e}Oz7Aigwxm>E(Mkw;oPW=r;ro5OVT{}*BNX4TjA~VjveKbNYTvbq?~yqx zkXV_1dH8)^^P0dkkSP0`HD0h_W%wIe*$=_*mAmmd(SGw_0qhRE8FtK>{+ESKOjJyr z6uD3NdJM^+q`mr}T@hJm`Fjkj`3EIGsYMkUcOA+S zC#JHOor14$5A*tQ^iuSrgOcI6q?c4oadmaBD>6cK+~OQnNhKg|4L=GeK3?|MdEjy4 z!9a;>;Zrb_cEo=y4B(a*q5SDlizFsigFXUo%`iv25;7*cYDVK&Z?`v@8hIrfi?ncS z%Q(I!|H>YwUCN0759j&{7Y{$Tw=X3nJ3^27DGUOllpzKY@o8cnjDWxBuC;GZNof@v z+sD!pylSr=`e+xIk;p8P`0^kWrLh=%ElELgT4F(1QqpU!0j>?c#QqnH+uh(7hrPb> z&35Bke@xeXb!1w{I0AE;VsO5pC%8v1fSZ*U=eS~@{Q&96OrxhPUP%(-Yc~49&WJaU zeh-Rl@Cj)EkNY;-!+IEAGe+*}gvKIQ{B*OFQOSYS=3Wg!M$HH$stDd@fIr~FkNcl% z%`&*t|Mi>;(tuB|C6qUVl9wpvDelq~{UAFEYgk#j?4dlFNo(3as2l}eT5nUl+1;2*@Tbx%?;^2;(OT+;Z~OVJ7#!ie zXPLNELVY6yqix_PL+Ji`ud22ju$LU1UF;8@ZdU^L&N0G3-OA5dz4iXmdw~R4c$-1} zqj1r#IXj$V3PY)A(FKJEc>>KbO{xFPjdS#AqwLQtJi}Uu?ak{wGtB@zje;d_fYr(p zNqNB@qc97S?yqX(7*0<$Ty7cZr|wCW+j-J8Uu6p&qBj3JQF)`ZsYn@K?`T~LB^#n{ zNn(1?;~>;phxOF3msnOigL>+}1c%*iAT_oisSpiXRFpTd4-VMe5FuWKV?wzCqzx4hsxzkf&{^>btvE0 zJrn>8Gb>dE^3Rk-#T$OLcK$Ea42(77!|d+5(N;;*>voQ=QeDz5n*Bc(fL2BZ;ZLCp z{NchVh<(tVDY=_v>J%p0EDTJ{5AT;~Y3FO>#(wkP*rrqsCWAgd5cKpP z=PU2?>6U{%pQFZLq6C78X+1kT>rnM^!@kFqVLWlU=lgC4m;#vgX6F+~b6Kn4_kI~w zNL+i~@p}fEov|C4nOK{{`O{rDOJ2@ZNA2_TrsriOWs!cN z=VL-(r{|mQn_NA{2)Uy_L@Je>Y}dQw>*K-T)#0dDZRq>R;Oiaej$WE0t86H#8^(~= zP<`zS3ac>oJT!gk`JNDXz`xMvmH9~^?fZJvNBI46GwTaXLXeXLdV=pYAnSV4#3mN` zW0*7ww?tI4hMBlGUINBk2XZuOWIN7_mOzimkoi@$MBBoZU*F}N~ z0*zTVGbxNRRgc0Yd}8A?ICk6~VklGzO`oViFP}bqK8}0|8W z9TKruW@;3I6{C9p`}}(DNxbe0+DW461Ln{KJ_lkUnkB_tSktyn5tB{Tl`%_68DSQp z5lBP(vPz$0_8pje*(_-1mVx!4a0xZ<3i&*_V^D~hfY+3!>EO^d#0``QCo-w{QPTPl z>F3n{0pCC%zc3NfAf+wOBXo3X>XI>jiYA7~A%#X!qfk(U=eaJUQeCpe>aMDCec0HP z%kV@W;W(wAd|sGm9*aM#KoTHN9*ahaa6mxMQ0X}4y~tz8V%4wEnRtA{$T=)9Im#ZH z%a1jdPxN*0Gxd1kqZFQ%-t2@CJ3?{DO6TViLi4rkD2>RY!(oS=^?|B(1h6Gbp+KQP zdnpjIfq&b_V?+u$lF@l@_j+H?B9q6i4da$5j$hgaH@>Yzhx&WdppFqOqZ!R5ZtrhQ z`I`Gfu6xgB90qk3bR~QrthwF5PqsK+yWFK#?>nL3$kHt#G<^u!w3VJc8(r4xIVV|` z#cFr=vKRs}@iFO~+}G^fctiITf073XSwedjQa zP8YQkzB*z!@h|ZmpUeE!%5Upb``YM}d%vfRT=Pr#e@Z@9-L*P4Iy^QqWPs>AtWFJY zGY*{vaz%PSnP&2Ozzti5}9WWH*zK*j(gZX3GPAV;VIBi z(_R^lCM)R~!K9y|um;)FCrpOlam8gti3EBy*RayZo&kKq(@z|Rh9|V8^fMS!gir=K z^buC7@grQK<|6XwP()NMl>$kV5Y%M>$WuyyT2nTs;~+v-=zy=5o{={&54!jYc_l^_ z`WyTGYTeZMq5g5@x3MGig7vCGggp{g)3`O zMyqBUwhP&r-}4tQxM+m~!&67g9AD)3^wrB(mWb0+Q{R98-S2+)kL--hR{1&(kkeGW z$q_7bSf;Bsa;{yw_T!H~{P4r~s&4|binN4`nJXP%lm_x3Gf2I4`<9g7etS<@rhAwp z5p&g-FJ8dm`SWS$t97DKy^ojolcNCfLl4yAS};VU6p~;PvPTX+C7ES2FUHSNdl`eh z1EG|#lV%(euCh>?L^~qZY06i~NUB6wFR&uzawFttlj^7WH;;Pbni(S2!R*GriE+Ec zLq5SQ_ksLgN7Og8MeWt~9+I~WWHb+XHwAyaXBjx<>Jsi;lf_6bUP z=bH>4ks*QGbmcdQQ|eEQRx#=YuJYC$%76W_+hrGN3_1!f4^&0BLka5Ly1 z8jSONibj9D{lSBWd|E5i7z8%@ZVJZh{rleni}{0N|9t-Dja#>GvY@TEONZWrbSZ#u zPK1$))6v1ooan051p&}77?JS4pvL|Iw` z-})W1%41m?y;K6BT}8JYPOvW+rwfABsA8?+{a`C828$qZ5zlyhFgka|K~07HN#0%4 zY3DY&VLv3m;Q_I@}$? zOrHERIUo~Q9ddjn0*Bd`j8$t6cEyC!E`$r5LV-eoc2S@jq;-Hf(i3a48!$j356Rqg z9PUUh#cT@@tjOddF^VcL!_M#vLD-f?(lAu*ifa*Q!={X)3he#Tm;=!*@SATUJ{b4LRVm~DQt3ukY z2|rm#!J{+pFMT_0sC)IQ_rSvm#^la`x$2q1uU;#tNzvpbO07 zP{3linuHFbtSRaDr*@&w7e=2Dq+{17wnm7*pXL|EjE@ZMUrn+vp;l)gQu~_{hY8EB zxkAbgeOj3Hx}b4@`# z$M1`43adg71+ye>I|XRvG&H4{?xcg|E_Z}dWDmVxTsaXIZ%2S|@GJ%ehsZkiUgPfI zpbnT)K?tR4to{y|rH#q7O>*lPjZ}e6!@se}JO~|1`igYBzMOaZRFyIij{!{SJ-D9t3q0e5F$?=6gg+6r(oVES{H(StTT_UcX3|{xx9=TVV zP{-zp!4pGL2AVcJ`k#lShu7OVnOzQ}RTitV^I3TH>ecay37aH7GaBTyChX}E$zz|(D9njARM?er{%5(DET%S@K;61^ z!;TA&eQE3EElVkpkl{7NZP&6~xq3w|23Te}^B|)KFY0Kum6Cms(t1%E)~GC^n8W5Z zokf||85AX(pNGVZi>fVZ`7M)@sg?vV92)A8>&A`i5c~A;BMYsWa;90eX_SH8QSQ3_0=)1U*5mwK$V>uLe7#RqPIGI!uM2_uy|SCHnIHMGO7WqFyUwUix2W>?^i zadCjr!I>(aOnaZjz?jVNopc=63=Vi=O-3O%aYMvEOs!F3ogwTPhgG@T)8vdhj8q~L zYe`l_4ak1QTOQgw-R#xU)Qnv+bJ`B1N_mhM5{UUo^WlMmZk%H@6Eb9i+pJE5*ED}_ z1G_!twomy-O0Yi{MMYdb(-POEAnRR>6KHZFKiqI*r^sU7?Cu&*#!tHx)X6AwAF;>u z$GKoMnx@;_Bn!bgG)^501esaFmfNC}U3h5pl5vwAs>>J0`-YFc83g6rD4FaXt3d%= zC{QTS5ei_8W~!0F&@+VT{NMn#U{GULNtqFDn5u%U-Rx_Rr0ptc(o!NmQl9VNV7^*n z_?PFF3PS4())BgQ8V;iJN}p}?*u$`moz(cA#A!#7*{7Olac{gG5K^`?$?{T?+@w#r zd1LazMJt)i*;-4fVgO82rif0hcTNm`SFBbW^J=bO{7AbwvGbCauU}GqiH=n}?)6gY zyBB40e4$UFPn`lM*&piVcH+H*GIS@<{W4(20w9^M)X#sId#c(cIUz&^F(zzwL?wNp zPw5Z!@nT$1T@bkaBQ(3ki-nATae;8$J+`~tV?<%!L|(xt+h=^`vIvU+<-R8iH9-DH zShV3`fTkm?G*=O-@tfacm#JwsNw;4S-LdHtFmrgZOVi2kN2xX-CnAEvTeFCIz&$Eg9P` zw7@`Vl%oN}Te2QDb)JS!@Mxe8lB-&lDEDN#kP;Q7>l!(kksbukwxq#n*zVCLCYBR( zdYRvgJhM%n35Kq3hD!q>bAFQxrA};){QvCT$(mh9k|*|<=K(V@kpKvgnb}!cU74+~ zRXaUHFZ2X@3cY~z6s-r)MoX=Gr>d?h>8l)=B$EIMfS3Yf1Y(}_GqZbdTm%Av01y+v za~M20*N+e8cHGU)&Hrvb7~@oKau&%#yW@4jJCqhp!W#e$XDrk(pRk$LVq^a2;}R}KKO3bQh@rfbB?eRxsb4CkxaC2hZ^kfK3xa)u`j%M>`N;b4_t z^KdRAkPS+B47Z3zPq@A4lLTBf4;Wgh(P?8v(rEwaotzl8*0DLTVeMg{m*;ZJ>Z>R( z;B5BOp3U`iry2!De~GReUe)8!A3o;LqrS#gWx~qhl2_st-)iW`7eQ?J3yVvlV^Iy6 zau7Y}?Fn2gU16!$f`<$$k4E3F7Sz&t>PN$$Mqa%lubTeS%-;{%UXi0uj7D+AFhFQS z4gs%#3vr1Gvb1zfrh829o_h86|ZB%jG4Y^dj+D4N&byaw)Ipsf{m?B^-ZI{@L zIlyKtS__N_p(qFc{cXj6UwIw{g-I=zpyS$1K|N&4+@N*wvDkOFWt1oaGG3HtdO`_5 zMY^3l;jjpXCX!sO$t#jmwCB&B-??)az|>D}wh3N>i!9Y0LT(QatDJ&MzEQ+TkT3MOP?)||*4}#d>X2#skm7t7 zSG1|bUCFAxi@?tFhveU+J!lSSZ!TSO+sNe$>Rh9vvE4}j%3iie3p!|ecFdo~6{hr1 zFH;hB$-|a4L9)c8q2(X!*-bwz~jVG%ph6@}3m+8IW|%tFq=+E)It9U%OA#;6cwMy!Yt4|R{H?yIZF z$h#vhTGSdXgz^s$UrbH)Wl2L3V{{Md;=lOU75S?~3rgF1C7?TIRI-bhc8ydaa@gC2 z20A<$A!Ah=_nZJK+BGpK4`fz5bl+Q+9~3JpkymZ`?&Q@8?}WVTgW8qyM2_ckur7A0 zv`h3;1a@XiV0dAbitURbF2BR($*J*oEwSRa8qE78KHya9ew@iW;MzCYHyn634(Kne z;_kFT_ne)z)0UE+Ay7Sqof5JTYSrAta~Ocd^Kd3klo4u`O`N1?iG zTIM%~2m3kDC#Q@O1}*Y=Y;2rLZ*Q%i#xD7|3`6WBwz1i`d-2kx$*B_t+>O=PGbUO$ zF)=)~FM~+_MMxB>A|JE8u6L7`vc-8d!d_L&&lusKSbabC@72&BZSvFYkInbp{rh@* zpx2f;=|GEVGVkU<4bsM*?!bDkq1qtis;Onhib1`Jk3|iCn)cA$Yjle+5acYKU1@fH zNjI^pwa%yOj@jv7X>v-lQ);=p^Rqh#eK3wUNHu+JBa8z2WcZN?S8$;~c1Pa!9BK1- z7*;J7x{fKfqV3qVx8?9^_PdoOHy5guxGj_S_=#XX8=zEK`B}psKAd3?XSL_Wp(a1? zk!O=+A330D87!=zXcOtHY3HMGr7i!T?JEE$}fnvmREUQ78pl|S!6X(ysnhUuevoAJ*PJ>pO@ zM@Pc*sD3Xi_cDu<0u0~aq%Rki`9PH+@2W+Ha5;O0RIyb;MMwyU0Pjv`g{&p97Co?hsQ?ZutHv1ac_2RK_*ezFlmKAaCvYg ze;R!|Sm6qW#?|nrkylN72o5yzA-K@KN;({zd}x;wk|;5ql+$ozWmy`Alpj-q$%BE? zs9};q!8077Di&+GBww{|yNWzh6>s4uVnE3moH(K825`_Q>U_F&*un0#5IH}6`s`1C z`pb_$-bRL3fT5OEu3!K1*T4RnH&Y-d<+@~E2(xa@ImR#EsFau+7bS;71<_E7B#0b! z7WD|fT!B&zg7fm=m7+6d%UK|xtxJX#ryVf{zKn?(>S*ALI=VV}iXgI?AUFjIMRsl; zN?e^1yYg%v50wK{8k1`c)#uPE;<@X}_7fV5w_tX_XI(Epnn#PI;qur-_#RU*V=f;Y>{qxsrP~CV;ENjwAWaV5hsH$35(QW!6|)r{kp71+o(()zJ1m# zMk>RY?MQ~+_2F1Y!dEJ~a|fvLmU3HMZWqvE|GVgWrV{X)NCoJU4V|10KQT7K&F)CJ zRqB>nQA~W=yvQ%0CrG2uKfeUI{qxWFxUB{Qg-^Y9?ds*vFO!pS_K^F$<5; zChB%X7djDUdZy(N6wjVL$F@h09&-fCkNAlb;fnRu;p2!1-E*Z9a9DNPLMnv81J zwdZV_h{urwnqoCqLc`FeOP1~NuxZtMqo+sv(tS0s>dQrjmR4ORmI^k)Ej0AKzs_4) zmP@#pm9~`szGr0zmn#J8y<*dAL53;~o|d(VW&xVf+%rNlXv@g-i@Ck?B$B@e4H+=B^%x= zefBsJ*wE5&;23eB1R$M?l+c$$-oCjK*DLML@IlDtL%F)ehv%fS5Z z#r&fE8XzM%va8M(400Fg{JzE&1OWN$W#>0`=XweSW&% zx2bRR;^zB)67p(GARok216n-@uD&JD9A;u%sr?@nTcC#=ZtMNlOrwdPoN4&eYFABr zXfY!9?wYq-unQ~y`Uc>RS-i49643HJ%AvEb%`=eK#2%ak|_tN(5 z2Zmd1AHX8wR&VVT)BPYJ)!)VF(;a^NpP3h3=&uP6#A-RiP-Rx~v|;V6Zyo=teF79# zv#g4|r3vm@+icjtuQ6BjWqoVWt5s{X-g>T|!s};FQ(IuQP6Q8HizK_2Cg;e!I-Lip zI`IY8RmIgSR8_g|-b$X`Fg>TXXW-&@k`z6iRP~b))5@BJ6|Ga^!97$#?zuXfPAprq z%cw-BToL@_99wi$PTPTyT)06VE(lC32`oH3mA z_c`3us5ifm=c5e`St^Fkj0NO?JFr&=h_m)}IG$Aw`hr)?+4=&zwh-7&xK&3JS0`je z${s0VF9Xs1!Xjy)Q;&}YqLiCD#mS!=2N+gX^XkjFIvy=lo)D{um#wAii8wAfveNlb z!^JC`OVZOaH>(axVg)^y*pZ?7-brFyL8?ycmFl~PAuP!TJ{lPsL_kM!$VY#dFh--^ zbUU#e4qP$95v5SM+&5}CHM?Ih2z zR#^gzjCi}H?RMh6(?gXNEZLSUY1k^!PlXm4^;|S;QL-(4^YainK;Z|fpm=Cnni=q%;Q@En6uaMk6wlcjEv@x%+mo(gT2#~Qw9$v9mTB=a+No-~ zsHGNHQ$dV8Dtw>jN3Bxisuxl*siVh)nR=y*kQp4H>w64X!E>l9Yx;Le+`h?Dwo z?EMP&f3dq;d&6qz9$|FjVsAY3MR;n^^%1smex3gj(*9UMLu;0y6j=Nro5pGW7FOx` zZ>Fx~E$nGHl;vvGE@*?rVR7_;XdX2Yi11{MnPoGXS!f0AyWc7n5sn znHV3Bqo`BjOO=K%wTqa^fk;uzl&X>++P&z+4OF2p=;`TEaaH4nT&<_4r?_HOksaI8 zq0#wzK}G88;VA@S4y$UgR~&?^9kv6gX(TH0dXgsOqu@aG4qp&nd}(p%Y3{e7#Z^l< z{JvwfNt^adZOk604i8Be-6g!0rjQB5DnSL3AI9)7dwOsu0hX2)A3b_Xu&}47g+QY0 z+_`h^B_BF@>XG2`Vydsk%o9I(rDG~Z98##9@rM*5pHp}yXJY6t+2UV$O3SCd%N{Bm zD}VoLAz^8%1hF_W&-_EL5bh!qWZ0o6=5AI0xK{O+z6>^D!0xj)}v8MuU21uoVQeU;mbpA9olwzhWx8|;me}fhu3H?979{`aV_N`^o!Krq%D5? z?I}9e2k2dyTc~Y1X?*v(IuG@;Q{J}lR_x}Vh6BG84piUEUK4Vle!jKxqDAlB^&*3Z z2KxNjD?xM4++%}64w2#CRQeJEm5mHtUQ^*WHU?R&M`=|TP5O#Tmwv%BQ0 z2^e|IM7L=Vgi*;O_wGqX6Tg_5?1}!<@TX}%*(9iFF#)Eot@hD!*PV^RS{=ZYJOX&f zKB#BaU+3-a{j2OmR4Bc*I&5oNUeoU|X~nxvZlC0XnS*23$|lZ>0|OQV*=L`fV~}D4 zVmbLFYyGiQ3jYC!QTyH>Li4sD#5&35xa#QbJf+kGQ8=TjY}qHpECD0NGtaD(6CAh-hgt}-tuu#t9qzTSR}|ef-sNU)!zZ73j&VlS@X)5X25Fqp zWyyjpG**af5LSwKmYS_`Gs;IT)o6Wfc_qrVt|TTAf^t8tt4xlKPK;W~2%i(`0zNyx z6s(p%h^xDQyT|XQeb)EIJy&q2nU6H{wJv$pw1;N?MMQ*jI57E;Qit$~0irH?ooNU~ z7X)Wj21R#b zicFUl=$@)_(BPp860Nz8iUU5b52x+9G=}=V9b)3`$go!B+fkXiJ3=SU@qbV$SGDaf zY7@8+NQ;5+mA@Ilmoln|to6cYIL3yCMjMRD(|*nutgQyHLy4q7=%v)z<7B<@-AM|( z(kjYVTo>QA9;^TE-iy`Im0uu5M~W9P4_Y)C#Q9OlR(kO2>N@qC04u5Ji|wut!}0hOYH$nIRKB%oxnKtJPd{*q2ZNp(J!AiaM4@u!%w zguCm7OBXLfL8Z`(4Fegy#Tk_)Rl%WbX@H25B=|YRQB#ZpWFTj*j~+epNb8#k_3HL75Zw5}E%NB56W z3H&R@rlFzPIk2!f_BzC$IKhYPB;t>bw4F;1zST!hAs~_lAgl~d7|sm!=+R>pG5CVY zojG&Lgm&k=n$VAg1KOc3X@D!EoPMq6`qqa}KJ?`6+qa3ApMJVcrR)%Z7#K=wo?fHB zfAPf^ju%UnFPyEWq$(M?$r%1m|MbstC}cc+%%-M4{NWE@eDS$DQa0Q1W1rQ({oDVi zB!z0p9QI$i@`Zzsfpx?IX8rEF?~(D~!9&XA*yyN!!OV_1)g!W_#L!9lUAc1Q>eVaP zu3eSz#~**ZbLZ~8d-qX7^p&QEa>5Pe7cXAKZ7}_3&z^ykQV}JoE4p4=?aUfcCWjFw z=Rf@6AI_dVD_Y9Trv%`?|N9>wK6ps-%lXu)Qxs$B@#yH519;-u{xS6b=}&)t@Zf=Q z+y_2=`qb4cSN{G#{tgPZijXIj=I-6QICk^qEzxWPQzA#&Q&W2at;!+Dwz-<<_fYxv zwRBqA_0-hn`3vWrli;vvJRvTONAzBrJnh}xcRYrYus+JRyPh#OzqA-zzC&p-=%{fx zL5R)Ud=`cdV=gjgr*~|zTU}ps0#X>YFv&?pr>4fIC*v5UZP^~sPbAVM+~to3`WqsV z?Gu&R&`%Gx)|=bBKMk@=RiV`pt3BwBS+4d_Ig8V3Cl&tw#g&bNS{I@Bd36> zpbFp5`DV<&l+w-acb?BieIuWuQLS;QD6h;TysL9b5k}QSUV+URqh3Us{Qo{7#-8^e76SMWE0ETOI2y{VOzv z=%X?5c25=5zmZBv79Hkm&Hod=u-MLc)iiHVP3MlWrm?|Mn%RJ?AH;OyL(CALFz*h& zYQBq0Idy-J0_*dYc{Em#%G|T(jIv+Ea%1(Bx2EglpWW#7=+V7QWWCtOMy1f270b5D z74mx79~dHMog(Jf*;7a-T#XIzX}oKdTVEmEAR+*_8dfH7mY}^4D zO+;zzdX_{xS{{z^5$;nU_$i;JG9egJT@Cw@+^j1H zx-?Z(Ig2mb73l$kfZ&G)N5O8gxTs)4PGu7LMC3>pm34IN@L(ib3@`xzt`5PdjqI#O zEM9uR7|E=LkB-=yvLX(i$b5sB4JX!RPnL(T!pR6qEU5ca5PQ8-J>@0`j1@C2K5;Ip zD~o8_b9{^UZ_k)mtZXy1kq;ll&qm%hOhygFI4pMNk|pcAae zTdk3KU1CBioH=uPYHIrN%*@@Ne-;x42o%-Gr8tK~gH>4_=YvY-U;#ZnCt+()F2s7d zK>iX9Tbx%RTV(Sl2-_!vgC3-K{`|S+d~524Dyd{^yaQP=M-m{H6TJmnx?tr83>Hz23&=Fx_Q++A3g_s0x)JR zsvyNaeK!r&0)_a9zH+NCbjSD@p4FnrtoF85i!`Uu#6mG_U#<4P5#H^zUOHPUlhGqW zTMH$FK=>egseI%nzgQ7XKVA6?tn)+&m+4p-kwY_+0JXUD)! z+D_mAhUdaB^A;7KFE@pTdY<0eYLOV<*w+*ntjo)X4WZR*3SfuZknM8j5hfHww5yZ( zHVV5-FWM?X=M!XvSfVpcuoIW;g#fd!fYb$(#6j{`;2&0Q00kco<)ra zuuz2g!-tQEU%<_&>1i^Y>?N+rK=@aGA@CE_#dCH!ASBy4Tb-Mo_0tegRAGXN$;=xom>@O&8hkI@o}K~OMXiI zO_4l8Yr1N=%|NQg4@4o$>Mh4A!;=~mBlX7F-E2z_NzWMftzx_aK zM8ky(7j$D_Q{s+LqR7Q|;t+~s7cX9*dCt$Dq3bl5T;}Chug@~P*nfdEqzZGBR!T;zWHm>Fg<+& zJyqf!@4@Y2xCCv)YNb_QE;fu{=piD>?1> zGV0P~gchAqO#3+>n_I(yh661Q=p!Y#Jh*n@i??ECCyOpssr-CBiII|9iuLt@m9;_B zwm7(~Cmc_>6O(3e%>r2YLM3!c?yl`UrOMhr)_Dj z7zS!G91Vhlw%prERU`xQFTyHSj1>E~UK6=1Gx3})^MUC?xl+WM*Et2CMQ|9Nh^BUx- zz6myotxlCsIu;FjXmEXH(>yGszCRhiU~s2N>L|QNZ5K?_vEB9J>&5o+Uv+H&Llz;tX+4StA`>6+^ zA^SqycBeu7UE+9Ec3!40`B>IPRn<#EAq;jpUyYESD>rx47QvqDXL+CP{A8qMudJda z+=YhS>EHcr*b`S)7;4#>gZ`0WD=#a{96_$-%ra6pqhLa@5o;99pd*DY0(}kOW@WjAg9E;F# zfF_&K3a_I*c0Z?AaxvD|6~U+^e{mRk_#gErT#a>UX=C9qRth%*_c<6Ful?i{NzQE_ zOW{9N{Opf?OzEQQWkRCdfw1pOB`fiztrFd`Mzh%bb0LBh|5Rq>7N1`6f$L%dnaa1y@5fveP6AtYB%+5XZenjs-qcFeJyW8N4f4!j9c>uOa1=)@6iAiN=>z9@49p6F5JWI+jl{u zq(!!26qEsc3fc*bfRDTL=Rdn};WNlu%HgTgr)33;00bbd<$RD^if$>Wg({$3gEfe+ zL>EwnHGX)7!c5R(MaBe!7>(VL7bj1gh&s;9$nesoOJk4)V`IvKR7l@l51bu){++M$i|-4%bU84%`r2Pb@g_`~lB+nYCU0-OHu z!%gxHLW`fjfB1+0$d@5$Rt1rD3GG^XG5bQEq${dyIQZ(T8^8M1*OxC}B00hOc`*d* z_sY@QWIM~%!on%x8+SHdya>cUe7~6T48DaA+VFx5@HO}HrNG)Cv9xqnJE}OfcCAt2 zlEJ70%qpsm>aK#UA3g|z;lrTWI6=fBL*ePuC-L^E2mlo#si%sB)P~ zyrlyWYk&RgU;p&SKi#{3pZq7UNG)CX?%jKI)Z4f30L|NEMR%p?L9EsuEmTSPumAFI zH*ejNvxIgf*`bRtPB(3K8XKEMs_>3*Ej0+{IMmV@SeT}L~W>U6m z;}ZhdRXnRQON~-Uyig|Fmr7xUr2+H|3^<=)j^pra*RGJXl+TfotrZ#K2+vWXF|<>^ z*S~0eRWkTV`*l|vnX3+BUe1Nj>4y(z(01m`X{c7(zWQz}l3ZF?3Vnk}FJqC1-2dEb zZ^n4+4F51Mq1(!P+fT!(L00_;$#k$v0on*}>3yO6Z#b~XCb!kKq1d6#so}`VK>y6M zIfC@W)Y!D$=Jt*o*I(t&+sb^O_jpA^<1z-67V~65mWMLo3YfAJlVZvucyfK@#Ke|^ z-uEahvNZkzyT_N`YJ1(!NkF2Hb4+=UQkoWs0RILC|{c1*MBr@+{ z+<%QKC5DzAS5Od=5KZZigKLiw`PT?y2qV3fMbt!Ikx?tYXS13V6(2NzEZREtIlTO{ zHY%gy>Vj3Ry0t$+i#e^&!Kg8tR;fB*R3mD7Pd9=-A6K&o}T zGc~Llehfo32q89p#E=|AP_=kzd zg`@cIV$@@9d-m*w=WNY0_wD+j|2* zb52xiJuLbYpqsl>3YTNn8J-|bZkb&7Lc?3*3=W3p#VoPMEVsk4BqJuY)wbnRuiEp# z?LRBry;EX6*IoWBxfnvm*n3*JESrFyt1VNsh{XMgtGY6eVBxJNVU?>yg?o_9aVf1BHDj?I|#E; zfL2{$(KaB)>Y>m&fGoN|*oOR;i8uhY;t5&ZC~Rx2Al5>47>0X-02fmI8C6RTxXVFD zSai(oN}SZGM0YXWqa~#CV+5iwhGfSKy|gaAHaEX0Rsd=dIXIwCiC@pc*T%WZ6EiTi zb1xUAvYZf1$#pLgn5U5H5)!pf+UhM9s;0Qq0KwAc%OE(F0ry7VPKnp%PBR~A=3g-& zHtnIAkEhZ6_3^6&{{G5OEiSLNh)zLGh64e>a&n<`>*g&$9GVrkPuB5IpE?Z3hYPq**D9DMiP_jFOO)Qi$6p^-}t{#1%ft@4waUa7uK*u(^?R3DKb z6snWHV9#8-d?{fK%iyiwe*2x6%968lT5sO`5xhW^)e$Q!)f;}JM>p4zazKl!EqNC6 zeGY0;=cD8#VkNfkEG^T2AkRcTQexk^@aja`YNf27D%gE>GWAxtpB}0MdTx66 z^3pMYDf#pXBr*5Yggr#ehHe<3YwoljN|mF+I~qRqV? z#56I^_$`_}%gV&xHh>#9zSK>00pR=l_wVQSfIFrW;nhkK8)}u!=5}rJHGKr}c)}s_~G}0bP zFk2q{3Dh@RglFlJ%S~TasVzRl{OJfJEduI7r#T+Nj1KT;#y+z-KMgn8rM3pUR+SI; zA561T5*W*e4>skLwn&IiDX4#-Z!qjX&FB&K`H?pIY6B$-^`<#gWGq zLN}zi5*q0s=^4<%mKBRTp@D=k&F4-%?L)nURxx|NQ&i&Ap)|e?uJ^6P`3X^Bfr1(C z&t%JOUwB8;gRP5%80V2-Qq(|&(@IBlpZf_TV!iNr;m4i?P18`s~S!L2YXK#NZJB*}T2-$B%GHgPelf zl!B=Urc8mY>eJOzcp$YcNsh1mzw^mD^e0z>Z65{w$S%1b^dmh8|CspS(BFJ7@}pS~ z+P(jF#MA*jG@#W3V(f0&T7OSvKH|jZ578Y0+`y9$ZE>D~A`taW{Dwc(ESmPPt-rK; zOLQOeb0!co`SQ#$GPEAJm+VJUxx`7(s#A=^9wFpi`3W2g2NS(E;i`)(tHa9!jQ9ex zgirrwno)a{S-siytg13yIaT_^$rH>#<}jZ=3yxV0@w||oN5y<*X#I$FRg54apz`c^=fxo$0fF3O8YP7uXg)u}tNsOLE`?bzyN1J85q(11M{6Uw=fd zxn*m*){O6s{u6DWSJN6}KzC@bCemJ+^Po9tXZgqLPyBRcBkF?_1#XQlI3K02Z?ru?%viv0sU3(W_Dh6@> zO__tZZ_rs}A3j{e1QGGGYX=|z%|*Xb758#sX>nR-X4$!hlHB6zFJPfkr_R#AO*3}8Z#6IT?L z{J}0iEk9U)Cx39jsAr;W-4}beX zlAfL~GxO{B@7=$ZPE}!^{`%K%sp2$7%QLetURYNF6_pUqz_Pt^Ip4Z=?HX+B^A|5b z4gUS#|MbHTx6G%EgtSlu1TojI17oSwmtRKAZ@yXNLiNA@_ka2GpZ}68@x7}ntLlqp zfBpU7uxGyhI_mhhzx@DX0fPlsq3)=)JdYBs6n+93P+W>=S1&|aa~%~2G(1g(3Z=E= zY^Vj@(6EJo^=KX*d|Y^x^k;TdlzvdTp^vpMeYpgtfX+ibcYa2PZ(jmq#WS3Z4X&*Z z;|ArH0!Islfq2*PH$fC}#x9XXU5rERM~B@*13flZi8a_qNKH=CaAIFbD~@)U?4kQo zM4RPNoYm=#fz6@K9-vh8#4IBaAaQvXfqIXDp_1o(zdP-FQkz+{)3);S(_*=e0Ynxr z(O-Z472N6%Km6dJYLF?iuEe|85mR3p9_F0-%GE1e61H}Y<`f>CA|#6IIVXs4sU{cz zXaDq1|6LB&*MZFRHA47-L$oiP=fJfn(R6(U9UCL83_+vH_K$!36WpqNsG7g|&98s=yWi3PAw(&S zWZ0cMcNIje2|*r7=&iKCpffX%rJ@#IxpL*Vzx~Z`fBPShLGcsFA1YEWU%sTjyNgfV z1-18z%W8@x1=#1{cJ%kZ{|BU&(&*%N$J~_HSV{Q9RT17~5fAeU-b&B(6YLd99;n}4 zpw$q?E^^W#1Rli0I>k}i$#6O?7G;!uyM@dMznesD!}Vd#8AtXE&CgCct;sa>8Or==C~Xs z6OweHuoL!&m->N$lipI9(n`J0+}?Xl(ZIDT>0bMe><;2aW@2oZd-mbs{Q(}}NPPFa z;yZO;if;ytZiY0^4F~qd0UgJpm>m&+{No>u7hinw1?vIPP5s@bgoTD?E)YJg!%{=^ z&@f-l&9YY*9lSE`*n?qjtpzZXnkP@6{pHVpCVeknym;p9x#<%pEqs{g(3!W9R-M<( zBh|xKG(WHO^%QsZB&SveV<-`Sa5!PRWy*za!qouS*dM^6XBZL~zQC&OHQ3 z#yr0E|86cJK1u(W=*M1FD2m^8{@%nt{_V5*zU|hnjei94FXk9McJ~evKd|h(cBqqB0NX)CVnuab;V=+-|(ktKhY#w?SWx}ae@>!Rj!2% z(3Xk5VcM-2b%`xb&E|U{e_Zd_zxp=h5dP{)pN6n0K#y!&Wqj)YFmt<#@3?K2!i+UL z_tMT^Mk4m{Pn`kBsD2%tqu9Rh2EjK~waTrxT7rp)9^nXZ0Mu$8Z%Qa!e3u8An32Z5 z%=I{usYXLR*IDRxPxg)u@Si9S+g!v*zlp6R02M*%zTq=6GI5K1T2sxO+2$)9|MmVT zzEDGlo|^e8pQC>t=ey6`w-+{#g=wXB!c>TG?{`@$ha0!WvZRuk4yzrBhgJZqbGc`#e)w$&CVPicyDd07Sr|dwniJA-HM4bjX zxl$YXXTPqLa#O&Hlft4x+^j~QK%qJ&Og0*SBuuJu&9X(C?1U><4uw0Fp;SR$Z!8LyiM+Kpi1(rJ2J#NKM;{Ji`+JVsd$9O`VFxFO;Qy z{<^G2TX#Qu?i{ce*pLAN3Snw``r5T?rL8@B_(&4xgv!$=^aU-YLj+#CdiC11t6Y}K zjq*m9hFy@YAyS4G{$T=)&u~kUTkQs?RhEg5B$qE={>^{*jkEDA?F+OZ4l`vG_zU4MCPec0G7*uEXbmZ=Fpv zrqW?d$V&*7&qwzKYaRh}R`9aJr|`o|RJCoHydI(vRy(Y_2odv=!c=C6AlbI zg(KCuT$JqWP1;>QiH!Xpx?-fD9QHYfXKH*T&dyCl<2E9XSlOFBVsDBJDO*2-Miy^?)-drQajBfa_(G;zyUZ*IeR91$^Wqs#e)PO zkJlhm&z?Sm$^yiyROSP=q@Fr`if2}FxCR8QA~U%IgqkAQpFevJ;N@p}Y4z<#2uvU@ z$q7;sJQRS8G~tc7pN8_t0X1E(c>x!TBU1WHTO?{e6fv>ST=m5tfoE3^0L5+ zd}#NgUlkBzwq&Y>27oQ&h(O}Sc&g%_i_SwMOhHOCj_H6a!w$efDgLw|1x1DsGdm|} zED!W8n&+(=_}<7s^)i)fO$K9j84|T7swTOw+ky_WrcGJJf%rzb(Fm-Q+T&;Ga>r+M z(;^w|pmRV%sh8zv?x&xA0xH#Ih$9!_pcYjl8en*CejJ{gNeMb0u^>c3h#wwC`E)pc zJ}ja;wgLIbP|Q1b?viOR<)EUr71@Av?b=m3n{I3DCzNDP@*q!$a4Ktp=I87_ChJHZ zorOUIq}4Vm>ZMUlXP3Eh1xkh6Ny8>vjBu1Y0RUmbX{7wNUcdgOJSm5wl|4kZJ`+hx zY}P&~IMfRlE?~vYo435mx<65CzFIT$tsAuz8|5E9SHs_bI9pYOtyWa-t$6$Nq!unB zB<5u~a``E59P=w5Vgp;)mj*)J;#r%Dr5*YN0(~{?tm`FF>}D$Zh7uig}A$AtS77-a^HM#r4dpoa`6gl#pq zM~L%RHo$!_SUe~&>tW49q}hk{7x@u+Rw3VKb>!M5D)vQ zJ{|;ppJbjn&bW0(;Z`j(e1{r0@rx-9f4cb4w4d$scKWgdi?Ik0j#di#=9!hDdy*_p zoGB0|&b^{Mr4e9H{Sn_2MiUqsrSK3*{Wcrt)vmtIFXYb9!`g@&rXNgNtY9{#o8F8b z>OSOO2(x#qX0=*hL5qHqgxoFt`@X9wVD%!?OE3by6S9B31-M*oCW{4g-B{#R)rRbV zuWqi+tyz)`Ox^m%;^GQx*M!~htLrc37lrxh&atAd7ru?d(MuR5YyKJY&^-CkEcfK( z*qatAOsy?_Ny|e(vCdsm+)Extg(@7KuKL-I*_u3?eVIkOyzQ*GSOl^l#EB*Jwkr*$ zVK$X*kcz&}8f#X*bIVfPs*q0b8^2}~zj#z%XNzC$r;m|8OgOs0bG}2DS6E}hq+`*} z0cy*EK(*FBIx@)KtJ&)U`brL1Vb1oazIueD!ewGP-(3cJNBC+Ai%+YC7l(8(naGX( zSXv#~UjkHHW}W(l22B@6b?&7j)z;(KojlBun6W6L4~Zbd>OR%Bg$YdxS7xDYoYT3y zx){!fc+3iab$Y|Qaoa)2vV%<1D>0yVi5 zVcDXHk-4&DE>7lVEh>&V#YsQKcd#kcg3M*xsdJU(E_vRX{ut8l^{e4e@g({1I(wS- z)8a|PpRRU-8I3%72YC`pAg~1pE?cBNw!0;esSdsD=q+_{C|K5SmCf9FQNFda;7TmDKw|aOKEE$ z0#@-AE)MJhSdVb!!hITQyoH6TrFRj|oH_lU{?i}4f>E%*Z!O;8fSQ3Oaqy1#k~@<*79Wf`H$-Cr+UxQq0}1Q!jHGRfEKd?)6)|`tCobj(jD=m`5`%Am6v!yicb%>s%sw*S;5m+$0R>@EGr|v zHhN{$HznCIpEm`Xe}^7Uea{#ku)<>b%a?Nirk=HbfGTCdS6M#SExh$p%(^-`Lnaa3 zL>$q&x%oG+D$#_PDp)%QFOyIgyMFyk{-0!9!jJ^MdncT5&n6O!9m6Z-YDIF^Xe8Gk zO+YHX9EjFVp%KT9!KEc53wjJ(j3LYm`fm#7elw=-$Vc+5MyF4oG#b{)NHck+`Ps9M z4xcu(=~hQVl}V*zto6!H=@{5~_F(3Sv9q)Nwsvq7+5M{fIcJC)wrb|)=QukXV)ez# zMU%?UPE8GrzVflU6E@F>#sM7)eo+V1_Ka~F9&Ja1B;xi(jOU(MUAtNdIvM(@1bYm|Mn|y= zgjbT=x9{A%8Al3Sz1oUjsrK=n-^CF`dG=6>Tq8;3Z%;DfR2)-S#&Q?*JbAu$Z}iEq zx}eHY4Iadz5>O1rH-<_mVG6BbVKFvNg9VorYaeOedse>A-XkAb%v^)0mV^ePoCH2K zJ#K*v>(V^W@Z$lyJDyv?ka>#kR|>IVkA^T!E>BJM z+pD;`iZ!pqNUhr7MdvqMav}cU{(aQ4*i27NS`diC4ck}cpMyZ`YQX834~Bc0Ef*o} zxX0Ii+o7;@Xe0XG`NCWB#k6&F}l{gHloln*!mGae&w!*u^@(?e6Gzo|n!jxgm~!RdKSX_83y7t$vgOLEnwxPnQG;FybPcr`3EFPy>|c zthz;^1Z1cpa?84e>nt(VHzk=p(lDk&D%GY<2ai4u3mYTt+QusQY|HgUFV0Mik6?um zxn;C;i6MtEIsmL{7^l3F+=T?*g%GKfa7UX5rYhw9`WuuNrx^1A`j=?7)<+ zpoTwP%-G?v;ZK_>F+iBN8TJ4)jcBB|g>c{iU{lM_*RS9B?6dRY@UiN$SmG7=?=CVt zgoH*AgB{o(@X*xsl=TdtRZs(q72*h=n4GjO!k1-iVah?!ioUfH**XF zNWGO6;DtfWD!ymP28;7vL50Et!9Q6zkx(F)SjYe!khWc^P#2{VS+?$v9-RZ0vLqvd za3o3ME}FW4XIbg7Bs2f=Lcnbo77hN2woZdEY*ASxi7bggWkG0J8B#}!V0Mr|FsKgL zs|Wt1D%&6?blB!PN)GrIiq{TJ7POhA^p6W3XA<#}o7MGo3wHjrOmU8q&;u^J`0%De zI&bSi<9E&t)zpI~ocbL{bD^VF4&Cyz=38FT{c6rA+1SXC6Mh|2O9^~ap+^!<7X^0o zr*!HvX`o>o5GC8Vx=Sg0kGV@GyS(CLn%KO5|9%3s!v!GOb?44q(-Be{3GAZ~={IlQ(nGa6#hJ?xyprc^Bc?EGtEO)HhS2z6CMyYM_U;kN!(mcsV zY6F1mPe1-d86`sPdZO|XVhY}tP>)d;S7$kqsmD*1a_f$aw(vata0VZ|qRU>qXjjw) z{f>+!P@g=00<-Iz;zo7DPI5m9%khbcVH_DAb`G1Y$YGKhpjL<^oyhz6(8^Zksa&;w z^1zz9eF&SOAz~jHs!ULjCp|r}MFhc~5sRygW~6%Bn$}iU?Yv&I_ZqorK32gY&Va1LQhsd8D%io8<2DG{lOl-1fIM8t5 zIB(SW~<02>X)y#2ki z{TLH6KC%IsjbI65-?C}S@-my$;h1thMvm<-&1ShQs-}h6q7T;iYdUI;&|*MNs+DY3 z8->v4J#SBdLf9y*ycAa16d5g~A>@o!v`B|DD*vL;MT9@g`0d)L5($iL#pv>#b9!M4l451qq<>sDdR?iMLpc7~$<8U^$5+7EpatdYXdSE16 zYJhzLZO8ec3|lpPL9C9B44*kQy$~xav1xd0G!}uR^(=uz9;DJ+D~Wa(kj;TUc~*C8 z_2f2dwP_7oTLla_bz)*e(2MTmaq&Rvy!DrcnTlBaGMLv8O+AZUBXM$m5gQ0IX4 znHY~6Ei5g2=50ZdkqPp`s1&eT9Y}I31Vz79gW=)93AG9@us!N3KGG0Vg_gh*qH3~B z@3X4RL>>-kvzmObrdL<|>g!Xq0a_*zKf@#IfWL28JS#kFyXwuq4F?(yG#qF+a4a}r zV6rgGfhu*%xuRq^&`@0*Lvgce#(_{FhDXM@DNf_Y$0?#lK#S7>(CO)=6pCXE86F-v zd3s=SYBEOF98*M~ml=sxP2yr-)H<(k7B-*D1-io)o*bfG5tLoSd{7Yv|Z< z)pxi2YT1=kNf6<&qwpYFf-3*@uiyUhkAME#-+s7v|AFf30{{Ha|H5k^=oK*5U;gq9 zygp&8r}&!sh$U)ZP@c0nrRI;;&u+rZ8VFV13Ky4_?%lf&EOiqs?7;&HKToQ1I59mf z=WExl=v@Wsnt3#1`mwMuuTV%b(AB9aE~a$GfDv16M-|bk;rTSsXbWV9j{pqX&5-VABoQf?X+*HtkNFOVA#GGgc#RR=@sGnZ zs&oe*2)UpM_wPUOePQ*0k2~X(;G1ckXI<8leqBoYoT>x{uZ05YLnUXZew}8ZCI5W)o*fv1cB99LNf#TzstpJ>@{`ljM`t0S)mvvrZvpfF2KO>;> zB(&?QpT3=sh%n;_;J&Zm_yVJhkFGWP3N&qTkhiq72#);X`3plp8kQqN1|@IR!WS?3 zL)z~<@gHM`I5W%uXq$}z7{_x*`pU#wZ_j2ZYOms<_oagIS-YGmw)2d6js5HGpUuAw z2aYudwAQdi=dv0?S){F|(O&c-+RKiUn&Vj?I+(dwINdPL4GevD;nKw9)Y-G=$WlXq zVd77J{G-vtPFh|g2vhpNE)|IpGd*-r%WePo^Pm6x@Zkflp)4J4OGVFHAjJ)S`TxKE z%fHYMBhJ=f+e$GtHEnn`Z8&@G{NV6tNUD$Lsu3+E>&HWMLutc-h64=;_LT#_2)o$6 za;(X$;XuQI1kjM0a#Pi-VR2-(yP9DTNseHg;_@ ze5^A3%73zdq~~~<;12vVVYQ3xn6-kL-#Wp_;u6ca>%hxy3dn_UYjWl@mPvewPV+tp z-Y^4N2CzVA2~f{UyqXRawmd8Tu>{^fU_u#3a&x6%nZLI$rkG-Q)iNOlU4G_zPps~= z2+ql)XJ=OFK^XyPl{0|;<(2h5*n_+Rks4@#mX*+t$h!QV=8;gDo6I*+h>HHzh^c!j z22jm;~8$}qRfSOojLdGH=_B;ZKd#~jq2eqr8JOmks)fep5T>`JL##>2H;=wEVhz8>mfZeP$TsvtdtENkSs@Epmtx&_kP+veiUEO11n}>!KBU_AC?T}DGJLV zRkVzg>ZO}i+J*?w*%#ujcL-6uSvG%vmp{LJ{rWYY|MZjs8-XB+ z4-Tcv1X$|a*)LwcymsxX_>!9!XeZ*@>Tv0j49=fD8~CJj)Eb?Rt5hH}D5bJoAp_V8 zJw^$5CJ}@v9T_gv%FQ&N*FZon>3M-Nn<2OBlbKb-cHNxmh`Fy^`=HFQ!iChl^)b}o zn+nPl<%q`o<6yfhrqvx`Wm@6i5iemKaJz_{3Wtd?hcz>e30;1p&>Z+sj872TBN>7S z3S()0#GD@H^tL`0@Vd7j#M376+c==V_-f#)KAf*JJuwdTs5APkZ%cYe@3l0Su01<9 z%j+|OH840Epi`K2TZDiV$&E8-c&rb}Oi%-?)?4iiD2L>Ub%s0~86H z)~#DUJ?zo#+jr0@!`%@}oqYD^A=Tba^>G-g3H?4d&?<%AhbH+Qz~B|>j$jnNcs`qZ zNMh?kh=?2lv|b<1S99EgDsQXx{!sgI=7J~vlrmi2YG(G#_lG(DfJVSq%4%`#pvw9< zKT1ROG3P+2E{+pi4(|z!`2@5Oc4;0Q3<{p#+MWq&ChSl+vzLkQ62jtM`}+2a1JSRu zYrj5w&>2nScF^KFgJdLwNv~h=A zsY)ru<#}6;1hV4`q|Cd}Da6k%LDWi7vgox8w&mCSY&g(xpy5Enfn&;n23mAXKTJbb z!-0ka@4*49kMwnznAPy$7VtGH^Z2WZYQ(85(n&N#N`Aw0)%6gfXVmfh3Dr zB>aHPtHhSy8nfj%(J$6`_)_4_qvE|z0}I#dffb@3S*@>yefhZF6tg>AUp7Uz)-TX= zBGO{js0h|8PfU(Y<^k)wEKy{oS~V&YfNtJh%I?o5%p5U@J`9fpJiiSOaRXHyN8@X?e`|HITB<#VVMycj3dVsC)P%MKHWU;UAG>>& z#;dEcBL!%cEh$%3Ez*s}ntiO1cx$zB1jnTX`g~)4k#S94 zla~F%NotIrUPbOX!sf6T&{9KT4Y@KCZG1FfH=fzF!mhQxfp~cr@iOz*$sx1dIj=`E;K4YpJi$c>7!8rKs_RXD977+g^<7ASXa;L*PL`icXw;|oy?A)X4>79?fN%JC*5p98{NWF0tGK;8nBdT=;H$Z+I6UN@b6_BF z#z^Ja5dgw>Q43}-ecxYaq!+oiM=tloEbqzlmvAA*cYVL2*#Jsd%r7oGZ{+m!#K33+ zT0PjWs%e3EYH5lY9~%w%mZ1EDE%hC9CwbsU@7}$~g{Xd^kLc9em`13--?(x8SHJq2 zlz^m>F+(?aD96lTp)9Xw&YU5IR8wSFb|Og2WC@?ii|i^|y3|+sb|K8P=sh#ZmL zx^)F-_#zz}+hrZ0r9l!hh`D_E5;F%1zx($4AAkJm{(}ebmp|RU4NZzXe`>+)G;gol z%#ypXhhl=}!t6r7ib+C}oQ6Kk%nc9y>C;}({;J5T&%v*8k(l)iH13P%0> zGwL4x?Qb_pW4WO}Wn;@M)17u7pOL{#mBt^|sVFN#@_!7$IyNYkLy7h|GxLN7P6mnw zV(YsQi7u-fq@tfo9B#*G_0a>O`w@7}$qPo5aF3`5s%+~D&(2yM%v4igPJ2BXojab7@z z*?Zw{C-G4~yk4E7rl={u;XuQIh69JqfnBCXhfT^ar#zZ``D=Vrl|{%`bq^h(iQmnu zhCfYvcyoIIy9ou)e{@`We5vx?@x8X5;fP@RbhV{-=4bkZlmAKram*POmihw(lM5%m zH2udrSYM=jUCRj_QrmyEbd0q0(gMM>Qj0R6DwQ4$+kJF<@6k! zwq~&{2yGaSqU&|2>F!^zw~B4@Ji2e&ooXkC?uU%un!r|W;Zic;sudawm~d&i^%I># zt7{f7O{Q5<+lRGo}WB-KDG6<)?QE z=nSlj_yC%@iXWXZpt0rTG@PVr_OYc~u9a0ZJh_A)nw|=*E^Iv27sTYuRfb`iiY1JJ z>?T1`MT<<*<#VnDgwy26C%g@zCvsg~i){UgFLHRui36ac*N7n7B15n!qM_Wglp7oI zYGWW=&!&g;Xb!TKT#TqitS?1w>Mo|A?t|-0U6FYt%1RmR6&*RZ<42VxY4q)CF~yG8 z?hSuFZTZuD-{$*vclzVd9td!wKv8uN^cV#=I5EO_u-}RNGg##4QC633e!TWvTOamQZQ4QRUBe2AX z94~^8AvN@5nsUvn^rKYsHdoU9D%CG%d~N-&J^4C@wJ4I%ADVHVX~3a#_5EW@?LH7j z`t`=KB#AVQ#p$j*En4&KH|^`PCV_uB#+k6j6NV1q7N_+QC{;;3I}2MTo-J})?e-vH zf~CHILyZ|wUIL-7#D_!DEJUk9O`u?~^f=%%y8;v8vdGYhJ;#hF z*6U-g;b#>jP)PSVGp#I+^dBU-Z~$zJMMSFuz)}maEg^npT@L){o^3oZCxb@yv2=mD zd>t23F%z9A=0tZayr{0vy_`4Wo0ytsgaTMi$a?Eb)zB$(Y0WbsR^!wilj{Dy<>kP( znk$>k&do0|3XO8>8%KV}Byk%(&Cd_#fVSkbYF&_&8kkP4>*=FD=!a*15IIDfNqdXl z0eI?yTI8Pj>#uKIzkZ#Rs6zP-<%RUo!$-6=G5rL}F_deo(3#JlKlkk7h!nO}-9775 z-2`jT0f$WRF0d^3u43N2d6U#~5n_9h|Kf-&XA;SE^3=(bKmPRd&-c>bDyQAIROjs3 zGfI)+TS2QOfF<#zAb~(pT{Kc5IwriSnj)K#KPo8F3KtbGA3l7@i=GVzUUgT{vr&wA z^sTR5yUH8u{7?(X+%W;4(jf zVUObS+*pHkoa_Rvs=6A%MbRo?bv0>q85tdkYPQAxUOt)lpZpaJ#^L46Ic{Dl= zPWGGG%w}*=1M|EXBzSl;N3u<$pS{b zU;j$2*x=i{kp~u=B?JH{PkHWEm$#SwDgHJeU@~LyVdr9WW}(|7S3gB&9BQ3R)!5Dy z$vAk>1vAZ!k8)c$NcS|&o_)Dw)~EfuVm&GLRra#zjg5_?#N^QQ(v|PiX1FVT?Id$a=_0=LW zRsTSxY)FW>$G5ggur}SU4RmM_o|mxI)u1Km>BKKvcaYS% zL?`GX6ZyuF8&~EY<{;5Th{)|C-^|a5Byf#tx4S ze|BI>S5U*BE@tfTxbOTi66B~G1Bca&(UH(>t!wO1_CW@zmvPzXW>JUBDo6m!emlq^2pDT7Aldg;144TicIf(|+YB(qR(^X`|h=uga=B zvPnpmGNiqg|3UyJBgo{`B#(U^gn&|%=jX=<{E{;LJjf{fXZnCBf4Eazij$eQL%qib64km`a zT!%!xK9OYc9iuVz_VTgnUbEfhm2k4|zzueur?X(M8z*=q8*YZ$4*&M;fno!)X)lgp z&KEJv>FGY`z7?>48EGCcwHGg(KYQ*hS8e2m?rcPcS%mxKbQxk**HB

cN8tk7j1T zWwh0AzWM8&J9n#Ie$wUiCJ&FFJca25{e1cIf~=%XBSsL-h3Bt+^);-gE+!7o!TR72 zKip(K6-cmv_#i2wwvUL(=j}hmA-MRi(?{TSzWVA0f2-g8i6X38QP)CHG|G|LDpQ~~!|1Q}XT@UO?U9Mlh zCi308KLgbIA7^-&)!&KqtmBrv-I=lv4oxu*M%l`!CDrX=UR#40)=pInw3(Mh{0%WUHtilz-BE>E!t%?Hag-vw!ha0llu{75G(~LtIzL8moz@0 z+Ej^_9kNpyEW!eLKxH-AHXPV54p3d}qJb-2Z8=Z~ASPvm?9C!#{=&ZQY(UFx_S3$p z+{y=HH6W^q=A;5atj4cUW7E)`D|BzlVK3nZIQucke8b!8<`KI0^z;c((KBbyd8WC& zc>4V2&6_qf7;%L6PEMNQ&cA#~($dD4mzOvcHid`_9t0 zXP62_MC-IOAO4Q3(F2`?jIXT=L*$Qe;IcZ2G$(&5Nu(P;?J*k zmJ5Fm29(^Bk10@&%^?HpGH==T@E-Z^J<07q|DP|P{xJLadr79wd^K_E#uvZ+pZA{p zKx0O`jX#n=Q`gQn+2u{d(q0cTy4?hiZ#&W>AE~^OB%h>cOxtAM+2$jI;gxnM{c5PS zZYvuT*qr%0OD@oEB3R|Bt*f4u0-z@xe^j5`c%3t%?SAVZ` z<1dgu8rbHVwbhVyY%A4U->UCvtlW@lwQr5DGiu3%>hAfo9VPQ4zYr_2YG?qBZYDi2 zh0$$teAI)G*ryR9$D8=`Kgf4%wcZ2$MbF;r`>yfdkDoWPyltdzgs>}j6}Z?ZW&4rl}LF2E2#5*k40Ud^>P4(Lb~5zDIc zW_NDu&mR>hLki^)%%-7cpu@whs_l&vA78BacAGJC86FOQb)8Find~g;drlx}@21K3 zK<@|_)LnLo`ueZsfN#M%#tBl?TPIC0wevM7K70~U4A?4ypJ`Z+?iOx&)0bY6Ayq}l zdq{8V>v5&TmXL2ncb9pRuLdBSJ_TQ?NM#kp#Q(?cYpSCQ@h*Tu^+O~GS7Olung)ed z!%#QRTb0_^fAE#9k3U@-uram>Q-Y7+*<1b(O?A0R9U2;e;{Y4BJ(|5{-p0xehotum zKq|LMs#$Y?V2ihmV1eVv6&7{$5o_A&W4>HmR`-e6%=|`lNIT=^-*@1E_QMG5n}Tlw zIAS|6iWXJ4&v(e^P@-0ogKPmkzi{EgwQE=5wh>Gjs{`(Nhb@#meGMk{*|TReGmm)> z)yDj3Tp*87m_@91McQc6LY_T)&Lu0{DiCVBDp8uuIfqt|m;kar-@SMH&fQ0kW?*{0 z{PHRsB+!pInWWRS+ZnX~)mfAUbWQ?|jGO`phEJ6tVss^-RSt=Hxho)eJJI%kD|h+$ zWZro|HcI%Bm5HAv*?i54Adat@6(0a0;-~^{73h`%L%HqFT{UsXN5@h$T)K2oG)%(~ z@Z~CzzfS9tNQI z$$IDKG2|r{5l~~X=fNU~Z&A`x%$`$v^xj7rsas(MC71hgN zWYYo-Gc@y_ULz?H${p*74M|Q&*xX!P;PQW&9I@2_lY)mvrOlq9kpV0NpMCjq4oTVZ zTSTP~@5j%dKU-Q{!eIHA4q2~*^K0u|WnZ{>acq17qok((MJB|0OD9bB<>w){8~YyC z6=&K!Z1@wLc*e)N|HfQw6 zye2$~XkX!k!?mLb-S!3F@8`>>-~Z{q{qHZI{;iX|p6`A4fB)V8^uJD=`l=ItR1eYQ zSmJwn$0pbcH`g|MUM?&xuB>X$CniSs?l;1;(EM2~V#>MMV-Kk31YYk@Gow<4+Evcb zzd73SWHUO%+v7Utq`F(IM42eY#4<2-^^Nv-yo=E>C{gdqe&_KKE38C_QKo^p`9)Ms zua2IYo={n{eFXEjVb*Obi{{KT>L($4f#bz7$Gb;QXP?gvOpFaPBe-kXJFsTgprTTg zUF1n8PIpdC{ARp6%=VC7AOP0dKbsjll+K|M>P0!&@nd9-486WviH75cE zplX6LSf|OGe_iQo1Puc={yDmOJp49|jlTEPX&V8}&tuC06IgH%ZDVycJlR;Qa~Ifr z`gi?gdKtylT|zTW4?9k#-Zk4pj*oH@0P%%(;_2;>2{`=Xe72e}bQf)6K1W!t1cJ)! zf~O@y5?h?`@YyLl=5{zNr91g6&yKoI@1cb7XP=$ZNVxjbzph;Q-0UW#bHv`db<%1; z`6gbmL;-IB-a$C&q&lqJkgcO8Tx`fRNmo`E2FFeg-4CsDx`U3{Gu-OwQzuRM*xXbW z5Dm!e+}Sg>PZ*4}%mbxYgAZg~9z^am_D-Sr=96Lg%lU=CXT-Mb*rW|&nz%(GC>>ov+M(8|ZuuHgAD+|Dj;5BE@oH3MlDxf`UvCp19 zz5n1LNX`BG4=-MvIdkR=>qsXKDMZ>!`&oih`9lTenR)z#Pt)(d`(C!L8V)qtl2e_u z9*{~L-M)Qib#;YbSZ-X67cA~lLD_N*d-BvtWRsjA`>q|b*vc+?S#+g1%_fZPv{NYC znQ;8Sr23zK{`sksCrP<(&E)xu+1t0#yillIcb;ffyt|G`Cy&>Is(JqWXVA*0}!jT^PHc= z5n-0o(k<4FAePA(d zrwAz?hacL1ODAQ1;eO!>()(mymaZ(`Sa(mU%#f_#*~z_ zlSZiD{qA?F`R%vgk)M*BI(_=`<;$}A>8GDwq{4u91x4nGEA>o4{N|g#+_`g`m)g+4 z+m}2IorV&DB=*xMPYCVy%W#WsphUy}_>cd1`HL%@^qU<^vx>>US&qp(1*#CNbR5=>?43aS_w;(`4y}-PO z+L7Z?r7Qr_4f<=~Q|bbV`1o{B>s%tqG7!=r<=-n#!1uH;0VZO3xwIjqbt=NZwM zZ{Df;cx{fs@+Ai|4c2q>xta@+mS#kZ&Hlsl`WYd)floo6tB07Ux!$SVZIK~X|DXTs zf7upTKS5W$`p5tBUk?S4M{|e)I=oHBq(!{gqLR z*^#ceBrU|MdVvDxS#lu?Fwff^J<&$WH(yc(|DzoFL{^=+JJMejEKQ)%2k>iu+fT#) zH}ErBr(M+Go=~8+p~p^L-rO36+MQ4L=V; z{~@UiTK;URq8^&E*_)AS-3QGYI?c8Fp_azeeO-7EFoLq-m)p>3MHa5rf7WX;>W z$#PD2Ce8CF$pPAw)wM*t_2<$W5XJJ?*!yqw{3N-w$4bTIDzDDN9upp)XxamdNf|)2 z1mfZN&~|W?l-^kR*E1Q(l4gxxpxO6Ato8?Jm4Rc*meD*WW$#~^ybYY`%F2t`7li(c z*;z~$DD&>3w^y)bjgQ$73={Aji&AaC-sA>$d?2bU>x5 z7Hy8rQNq-^h9q(JooJktzt#@)hR+5*+ctQMEJLE=g8xfP+yKnITwGjP(-mOE{=N1xi%Tmm5fGINoYkBne3OLtaQ{=QLhW z#V@}2{Mt3XQBQPg!FCOx^V3g*Po6&2sv%rCF8%V$Yl`T^(E{;+!#NObUY@<34cN9D zxX(`r06Y~31A#{YJy}~&s&ru4Cr_U82}%&%xpSB6(gzP7(HjfoikUFAGSP*VRyKLQ zB$U-D`t=8d)ujjz=vPPiu<+=QSFe2W#g#9}hmKw<4i2oWEdTuTeUXVrMB;$(?#$8e z5`vSCioSaFif;Z;%9$DbQI^{2>8~d0&fox_aj(2eV=1QLCt&WxjSJqlXY^S`|C6;X*h69I6#svTgqHn z10ki;+K5FsI4giZh**Q`@8wg8QnE2Lz~4WxKbOv&DDf9VbdW-C6&;#At%rCW=0?UfjC1jfT$+U()(MX#1Q(dO%FV!iU_E7ENpzjT6^`JStL;k62^coOrM%Rg<^H=|O z-@_^2>oe$f7uMM8q5vs4R{S#4KvT?n7_}Qm>3w{vfYHq zxi7GHv=1sZf2(caU8_gFG5?s7f|gwX06+jqL_t(5#LhDDWTGq`*+M8NoGD77cp~#( z*k!6I<;lR+ao8Kexzk_b7YU1i}{R;#nUHdKFgCdJjTjF{F4a6oHb4I zqA@x)8dyoEe3{F981w)1-~P8E_~fbcUtIn57!961F_Y16mAvv08tkc?>- zpRBP+6YDF3{eWnu%_h!D36CbrP8ZRGV*X}v$WP5#rc>kVlN>$`y)sQTky93W6xE&? zhWaka;6UH_$Po0Z*WqpzLG79!iM-M!T}4K2S{+bF96;^dLb&fu@Mypny2uPZL=tT- zJ9RE>AV1)|wTfnnEmLO6ceh5`0vlo@7;W99U8;YNgg;SkUeS>neWTH@+U-GO07zZv zUs_!Yn|rGlgVDk~lYklkPgYInmbAxmSVehu6?(%UTURdMI2^D+ ztnL^4k9$78yU)$bmy-=^ov+{y$DQtDMjtj(Q%M(eg}(Y>)BmHY9Dy)AG7Q?qeI3XV zUHhmgIofh#lrT4K6X9$6yi5)RwmHej%35dRZad0u{}QTvg__*xVvI<@0=fFWr{#Pj z1py8*W^vsYaisP1iK)SXIEbM)D-|HO?GxXswqn~H)7=Z;1k)1A#!$8J;)BitvceZ3_jwFaV_C11(2<}NTlett? zSN3A2k&SexOI_>cZUm*z0`xrb<#u?@DDqC#R-daBuK} z^Yq83>d4CH_U+qu@7=w3?+$=X_4d3(t4p)9!Nxo9cQ0SQ)MYAcWrcT%d1kp1(EslN-uzVOPd|N382l|ZFEOUpm zH@(9H{c%2Ib=!88TLj%jfP*Olu(P8U&o_xYe*BnCzdhDH0M*uvgUgW^O$wTTnLd2@ z(5zwpa$v((X`Fu`Ntz?@Ne#z)9a`YgTt;)2NC~9WB2x)NRS8T(T&@B6c^;k}h}R?-C?Z5lEUzI^$Dgg-eo`PEmyU^T0r>Ox|HiKL33N)MGDDt|cse%78jqU%2|y`H7(82JDIV~J*^SZ+_w1#v`_$XvY{A+cmC ztEQMaE_nK;=2_Kf(xs|@BDiTqt^Wn5w7e6?>#YR?H3Su2dS_k9$1PcSYNb3ZP5GuBJ@8)$y zId2^6mZMdZ!Q~uGTwQznHqM&U3`*}9x?t6#!`-X7vCbil&E_y0mDs~31cZCDjWF(# zuP`-q$}ljm3v^0`6LrD&|L`vtUjI=R7OVgL|L{Mz^G-}o&EC2D=->S7f5mQ9&VY zSp?=FEIn0*(+8jLTAd$%D8-|O#l)O<1-Lb8p{UclYC(xMg}Vg^E;{PSTgY#_XQL-A zdO7^?y=;;eH?AdhV*BVPtf~Vv>ajXMUMcw}c+n-6-wHh!ijJu)4nqg84u%o!64z1~ z#o=UkHDbB~j?xO!RC>PF^c>WmW1u`MJrsmoo%P)%=Wj7KFEf9x_3zgFl6w;+3+qls=-q8(na7O7*x@CjM(U< zLQ!7Rvp{4;U04Puhm*Yb_c1FJun@DG1Fy^5%VB@q*SEYJ zszO4MA(^8o$gXYt9dCz>tdzBaFSLUm>1#q1jqL{Aj@SrATX^#Zq2mqCn#v<9) z77AlMBY7!3lzynKFbVdm0n`8h*&Ed~D;cJ!vP?~l-Mx3m4ag54ev*bViLdnC!0wYd zBb~OHoj+7Wu3c(}&Xq;EU78uyXZZNZCl45MvIGU6)hQ#MKZh69dFJxm%dz-T8MgAO z@cPwjhN|3}f+Mlv>4JMNAcir0{{XFU4k%S(C+Z*jAuY|i%dVweAq-$@+@5X^Zij2tfxfAUu=u<&F-qHD z9x^$_JQQ5rmfW_(GrrOdV1|Vs=2UesI+8Ly+acs16Isa_TV2g=-NE@!5{q}SE;ZfU zxqD}9Z2XX{QIXVB;i4=}admSCHfVMb%$Ncn;ifhsr6I@f$4lJVOU0QU}%~8@>fl!c5O-_!-N#(&EY_Mp8@~Q85f^Z&ud1dvdpI;0N%?*x> z@q(etX^L)4jKx-TUs;XpF6-!D^DqC93HVsulX75i_?N%>=l}3u{;l{X*`73A`Kh6d z!W_dy=~@jY9Qea-^3B|m%@U zXji5*b=M;li%D0_6sGPa3B<$;41{lwp12iVdwFTqJd6dpdIn?Q?}B&u4;ftif)`m| z>(X|WV6pf)fT=4Z4`|ZvQ0G$^xv>3}PnErdJKmN?rhsCPh zrbyG#%e8+ma{o4*tr?VE?k{jVh{3Ne!`}_O!jB2-0`rqS#8CUI_7@uH3?GX>#GnZ` ztE5(2MB!`A8ew9z7_Fw@+gZz#yj!!pe)Wa}Df=|u!|W%FF!~6`i%UyvHF9g*-ZtTx z>{q1nkO94%q@0@es$sw;pS3RGils=1SmBX3Y^ttWJ8OI1hXE|3m~aiC0c^@H?E7+D zweRE_%()yW2u4lWL(s9`AFGczySr7qRrONe4fh;(=OVOH<70e1Iz-KSjC~lL(lNQN zjxZ{hmzL?ZsIZDF!SSL|2vy2e!+yIxFqZl{dOXH?&X5G>vk)hG;oMExa`5({`{riHoOL#&B!R zJu2fxxzviz*^|dOHTME$Au4)T*DkkIf~DGY+fj3~Hiq!v!GqhkZ%GeGrdN;_`E>8@ z-TU|NserFaVW|nGWbCrJ6XuIfGC$>G49dLq;lodU`O9Ab^6c3&(kZhZhCXt!B9(}N z4%0{wXkb|Oh^JR~#O2nlS&e;za|TvjrW|MKrBo~K=)U~&^Dn>rf~!0;OBB@(;23Ty zskj?clduPGp1OwZDeEHRO9P<-9CcH=ce$n4Krf2Wn;OX8NLP5O5_2MuSvWBxPd}qz zW|>})f!eB)nu5m8)hB{6P))K-e6CMTKp}9Y&fZa}s%F<5zg!v7S}5gpRnIoE9lRZa z9AjS|su$+@4txW?4!V6iaB_UeHRVUdKyZn^qS6l&mez>=i1n#OUtSC_+UHbN{mo7k z>vw13@CKa&?uq{hHqiRwI8G=F1Yf-i$zYFeIFZNvS0*yfY_`K$(#jes=k>cqs{3=0 zVG5^<0kK=YYS*&x!}t*|z2UetXE*cyPe1)+E;FZ)Bh4>b>Sa9gm#qG~E3X-~{<`zR?pN+1w%T78ZGT~h5uDFk z6{gPzuSY^9mXz5uCit9;y~KPgS4_(BM;g!a&k4w)m5JG{rmy&^^biB#i1AVeUkI@w z;P!{vnHb`6T%}$_Rl@Pc=1`n}D+k+h0Ofyj1CmKXNTW?MRyjEk!G|tj*RZ#ea-rhpn^M`*C6w zVIf2NW<4Xz)&V6$;sLMc_yc(GjjfQ%eHlYnzP5Kd<2G)MRk(D(w@xfRKuYfZKKi7vXV3IkBL=X zJ60AHUbe$FGkpU@DT?rn!4axlO?8fHE@W%4m z`r`6hacLZbCF}f==PxbkSdet$CtF>9kxEW<@*p-k)|ODoSEej-7#`e5h@)YN8BXSop5-)iCZ4ja$x>VZd4xJ|T`){1@cGUmd^ik;hI=pOqh0 z{#M6Vl?QOzuINLG$Ql+ZW;g2u=BiFGy1T%74U$h9K#PTBImKZC;yz_=`TQj5#eQ}$ z#Rz6k3mN<3Y%+2Mbkc%q`YVh9Yo+3uY?wHUc&wT&fh(O{;T}J%X%;m4U63Fd3wlVU z%3)cqUOaiatiUaV@y=+UjeMR~sW5PDiinlffx^GTUM*6-FW4G4zSwNx)|THU5=$4# zqTc>xs*E_fUUtFvfGJ#kjmf4>cLrxPT5Q^wH>Gvjp2Sz|XObMeAw?^{up|hVgsXG& zJv@Z_Sxl?L@b@_QKMXl$Pe|r#6L2rhp$=f1ERiNI9a^IobUjX)SmT-?OaAz;9g+%A z3yR6uAf0yQQccj7ALPl8z6THlfXYJIwYBBMwI)#utAiCU!fTgM|DG5FNkzqO^`@@S z#XuN7^usaeil)(IC!T&-0-fuf<%+S2@G^m}>I~??PfsCaxR%jsK+B*|^a(7w;sF6< z$z%b)glGlQkVf!MdxSYKA>~OFJuqrF%-MRfD~+T(0gbfija}=VJGTsn2dfWceDdTo zW}QZaQZl(04W#kD|KR>#{Kc;rhKgr43Z~KY@Zm#9NOMLOpTt5;NZmAt=)%7|Wg`gj(KyL!H zG$=aeOEyYk&7mb5>g8XM&GQfyIqJmL6yYm^2R!1B?cm^;6{yL&hyhfA{~(DN>fu8- zb~^NI7SZ%|7fY<5t~LfxPycZEuFhr-jJB9ed+G^i5KUvqapuQdUy{#95F9+He5H zV}dAiaSV*|%QGTF6xp_1tm!L$Dm@%)ycjfPf@zIP!z!*zD0X91So2FOw3A%kOpcGt zPL1=tK$6A>QxrDnh`EmSuWvF9jKK&>48;=mkH`Ev5N7BhS8r}?v)&sjJ^^Cfo?I2u zs`RD(V|_xYN6Sy+U#^Fs_m6*hFx_$`@w}&f7IKts_UkNHsO|VzwOo;MPqNORzK)Iz z-@kX;wzIQ*^9xJsD@&VPD2Qp)TWrGejoEhShFv%}tc`F6o(f8%denbAAF zy%x!QRJ`GU)P54H%uO2G7&1*SM=d|{{B>}re?>$qngA^f`?MEPY4V%7 zxc+H$cn}+D((HesGv^~j{M6V8+`N3VfH^Rd;L;Lqf%54B;3wPKYI3cQPDzY(&_l)r zNn9oTnBR<3Mmrd(CcBu_iHik0y6aAX2XTtTc{p007#lTRQsmmoi`X(ct~`FSyAuzd zwY`aukIm1M`dUPImBwSGx6-w>f9rZbWyl=k-J%DgY!4yUrjDHtv);^&@tczjNl#<3 zYN+Psx2271?Cj8}rTu9;{b|8Kx+7rv^{wSJ@_eQ5Jo7hP9`r|#FzDJKnQ(T|2E?_YA&TLI{Ln_%&1{duero**L)Fwv zSc&U*L7fm%^kW#HhXEpqiz$p`AYh*SlS-DkVyS3rfP1!L$UYh_HYe1Fs+s-hU;M?d z2y1{aqhv@}4|KBVYY zX9bC2@d;YymH3MmyR(q)91M~@ycll|(eFMX2ONar3km}iH!89-p4Jo!v>e*J5B z+X94*ky?4bed`uadX$`8T-ykcI0Fc{$ETk@2JjcZ_)4dXS7>I;dbZP^<6rHvGr>F> zmLNgRA?4KN6^yp*qF^aJDY{v1I9v}UDi)0hqt7Uq znVrELkcU1sddh8Rovh%zt5e}$SqzwulGB>jf*rTTn&USZBek7m9|}cs%jDRVx4!-j zY7GZ)9mgfr93NVDQwBfm={2pteEIUnAAfxM^r=bn>#x5S^Y8v0Q~t%zKKso4GB`Ly zy8i8Nf2%Ez9zS;eVQT7zV+?=)_y5^$@$EZz?%%&JetLR#aCn#xDRcO4CLN{hjtOxv z+7dNL;m~_FuKmYf*`%EU|PgI1qw z*rg*l*ODsm1_LowmPMdtV6yxCRN^xtX4&*17Ct*-UX4X#OZM-m~`+x?k$?1r&-<}AGZw?R(sOG zd4mY+H*Sikv1sCGuOyM6`MUoldqF9JuXICrf`fW4k=xo>+Xi|2l!%|4`D)?yAHkfT zdoww;*V(Gbtc+y)Yt^k7B!g&UN!6YOB4Ri6^cA{0?)|@7bIKtJ^J^^Y2;Xk2FUgE1 z+x+ajRfoZ)ry&zlQBRNUAA3lSC$n=a>Sk-psIuwG=u&?KkUjOW=dVK=T&CZwp%h+9 zh}ZZ(+R_T%+3RWb=4Sue`ljY`wraaeQ{&FA4oYt42*Y_uV7@LF?;Uu;;>tQS1@(u= z%65;|`Mr&@gYjSSb8h&-p!wCnLJ_d}kj3geZ^^}CwHdj{IPGs@e8fJnFEOe;igL`W z`UP)~KjjB|YaZE zNbFSnKn5x+RMaA@il4wq9WQl#UHNC3FKAHHKi_8fY3s99?YQEEOFf5AV~1q5Vh@H9 zPdS*kVC7=CS++2{;e5+ZxQR@V3{x_Dn)xD%9%x3e8*b)**z zLuOmWwk&RXy*?qSkvdL5lR1|`i+}z7Z9?2TnL6p0bh=WQmX$gvC5npw&miAs#S%jQHh)|y6=nHn6-*&K);1-~l=XQ! z4CpxYlcEuNz|gGJh)F39Qq81NmSnAmhR}HU8g&RIGcTCKT#e@EHVwBF8lkI5g+*z<%CoT4 z9En8~3XdH5vsHHJM=_KB;2Ps&O-gxXVGdhjGJA`EWg2F;;W+i?jZ#!Tnh}&qN^Rmx zRKZAt;hrdS&pycMt5I|A#()uly!AC^;tO46 zq8iTiLiTuegcMThrg!h=$|lsR%{(JaJo2`hlf!rp$}g0hxptRUe^m?|7XyV$#FUgo z=$S9a&0iGq_OHn*!Hn%C$r&($tdqC_FY1o?5*Dn-5tQ4-19VmjFBAQX7tde3cwtsD zrLjOY#LUHhnjQEZH|JuB&!0ax%1j3)h3T2N#L_%u4_J&`)6+8(lapnmK8~8~4YAEw zgwG-k?tCqSG%kgcsT_GRYy&;P6LA7UVIMo&A4^11-VwJ@MT1KFprq$z$b{VebU z|LsDHNLp@JmlE(|0JJ_hxHi!@Y{}40c8&g05K!3Jild;UkK|B+I>3`1@6GAB*oa9Y>8Zrxp>!|K!2SzA~+$Osjz(tmz6XJ75^^whxE0b~Yv!q<%~0bQgOJS3S(bnFf; z&bz%8e)iyD{d;ZkLysE=D`H=~7d^k5UqYvxs*aD1*vO@;HLejV{Dj`N7gGwWbmGOGKnjsPVvG#-vV5GYN$s!1 zKnEURs*`8Lmq6Y@p~Tnp6+bQFsPvGCsN}+_C ztKk}AfTYdjg*=SOu-w8@t{W1l4Cv#ifVLKvH@9OT^liH^CwQrK0-fCa;)=C{wT6|& zdyzw3vEUB+<@Nr-p@G36cB)iOv>9aQwZ)c?_BaMPRl0+gbq^wTq&5jHUGcT$_kR<0H$gwCQ3r!(bFvX*6y zgqgp@=w(Q>p>GA)>POC%eVZbzW zvJCCimY;E%z6LL|o{otq~{gc416K*t4CvkW|611W2{Ef(i`LIc{J^kz? zkGIy;L;Psf-IlzgdyaIFZPd@oXym2S7c<027R(aR$ z1jlSHvBsI*?8@&7YS;?7iBNuI3gSR-&z6~=SfE59_a@?NB!i^b=1-&5T|nDEBq~YO zu^m%vbCU;$l?I;GaWt97_`!191^4C-Sv zy`5Onn*IQMRs0-)l#ZxtjGqoH7(7Lw?_-VHx^^c`OXG$bR*%*X3>>MrLf10b<9xJu zYXZ`LK(Rz^3$UH|j88&IVp5`DrT+25lo3m9*rhoJQ{;Oa8#Xp~ziX(svb8r6XAOF2b?-Mg$JpTG`_hjtK zPnaqD>y~RlMY|VGyGrPw!(H(w{c#waj5i>{S#WzL%tkW@MJnC0dQy7vJ^@v|Erdw*5@?8V6L z-xWW*@v-;UdEkeXsF-}72mC#4Fb&x#$t@m}7tea!ta@5A>`8gVPxGJIEsZK{LfZ{p zSq=xQHv4UA@{eV+(~{>12=!CNz+o7$hULI*b!GMS)*G94cG@h8Su+ry4$D&GuOtRi zb7B)3t3e2O&XsKD5seBA^l^;66$^oKe$DEDGL6UTaF^{4_vKYfjLESP=K{d7?l=%y ztXPUon}fFNZdDo@86Mllv}4)bYsJyypPUAoWWahESdA;T7v1Q+ou0F&Fn0Q=1L0qv zNQ?*)k{7{hSQV_V)3fOej4PN_Ie_S|zGwpc0f@Si^+gK(-w_(x=&X}mvXn`av(?__?2z})WP9G@Yjkrk*v@o2Jzw4=k&^V6 zsrKm%cak@I1jV?sDI4stW9>*MBB^UvTvo4DllT+=@1nyZHD|Ki3@o(@@R7QN*4N0^ zCg9FON|U8A2I=CLmzI~77Nd1rlTpiPX$wG;+wT^r4mfcMR~8z{OP<7KD|b6b110me zOK%EkB~M@gb`;Tk>f%ds9_$N^0gF!jLtJMn0@gZApBqqk+W0t?*OuADdcp1n6170U zuPl6$&M{TX2PqGv>IT#$dTHtRNxkmFON-GYA zeI;1CT|+O>Ug~#}0AgS#x3I7vix`Z^4pc^J1PfOb!qhb@Y^0Qz*v`cc%-M_4GFOdF0C$&DbkP^L_?-vR#P=)N-MjZLoIXtZCxohLib-k3-$9A6otk<}T{ zthW#L6ZwyBUo6YZEmLdEapF4lHPCKMTz7r97MU;a=3+yD1}{jcJwPk-}Y{_TMY z_D6OlhSJA{^2@O)VAm$rj9meHY9N+*{80^Tg?`5f@Z1c)iczh@YNkU48AE|(QMwg| zn*)7k(+r-v0q2lW)5?8npyy21a+a5fW&|Zj8rOVwT#l<~my1T-kA( z`6X)k=;FiBcn%e>AS(v;Vj%ZmjOQ5C#<;ul+E%B*e`2gh7Jtl@=C#m{4fJtNLpv$u-%cf~-(K*d1CK*hkxF<=I>iX(`c%*;oVW5ZMAuwhnDW}XwwHL}}Hu}*pQ z>NUd)dowmd?oQw2W;Kl@PO;E9d24EptBC=W85`tdj&Tm!$+Jvm&A^OR{MBr5ZPg(d z(Bl*)SWU58UT?|Yha|q@(P8V=(lc04xcI?uu9wz&HY^z|o+0PGJY1rpyXZ5z?0@(4 z5B9Caf!fib!CN;R%^S##b5FVoYjOqhyh>YD&mrugE)yJQb)HyLF~ef&6dY^>XQOrS!P! zN6enOo$)78Al9q;o`Q?(ve3(Pxrj5?@UmyugUDufb{ZMX&CTg_z7H|Fpo$JL%+Kup zG-LH?PdE?{awYK$567umR3zrWl%0_+D$0)TsKb8hIxJ;E+n+w-fo;J|1xjbhJMRbN z&0I%O-%$V?&<8-yT9p)QtE)8R{xR#}UpkSDQMT*cfQgp_KsBQyYI|sX_Ga9b>wQJ+ z`re%%SUdq9w@HFQe#quHq;f>@(Z;RK9cy2|+s%YkI~sTH+(z(k-^SJR<`=~YOv0G4 zn&K@V!h*8H_vaC1UHng$TJKoQt!ggRb;Vl)yS+JRL>@-PJOi@RfqMCGUMd3w~VMk_sFGhrvl9|Xh!rLRYCllwLFDb% zUL#ujQ%S&{0fFeY?_8XLWBFmg@L2(1NfrjCM#_Pe1k^&a(Q5Fpnqf2)kOo;myx1K%!gr+@SQ47+38z{HV4+J z)@f!}*PV4Me(6Gsc3Ac+9B-MSb(SuI6$|Bz`*Flj-;~wGQnuZJZ|Jh9pcA(NEM;aq z5oRoA>@?_$mF0=KxMpI>;)hBISa41RaAM}G|M7qMKYsJC|9AdY_tb%pRVJ+x?1?}7 zPqnoK<;v8WlOgp5(VH7D>`lv|;+7h<(dKs?+1Y7*YkY0TKR#;rj%-m#IXz6i$XvZwHCc9P`KtF<& zuV7(dcaT%4T)JK>Jk-XLfw2=Tg6ydVd0%L8{{W}|$>f__X(=#_lhX#zbG!ZV(Fe+ly!lH#TidEBLkgs7p zn#>SNPA&s`d-HOnu+QrWLdCcQ%e%6ev#RU!GvmWFam)Yut`EW;Sx4LSf!2~!*d8&R$5PaPU6v(OOi-?-D8drhN)~0Iu3ZY8YuM}EXfoUaqfd<~ znlFyfj5VT^$&QBtBd#f=^g`IyNZdre_a$?ooA;(XECDJ#?9-n3^GMlQ#PQ*G<~q(h z$b#W!01{#yzG9pQ`9>Ma&pwjiIG~y|CrzIjPnWAH^wclJ_=ULAZJ8;T145YCS!kxI zMl@$1-Wr;>Ou+pp^b^StF08HfVV>% zVOOV0Ui@@ou+xODD^)cyD3eXFa}*{QyajH}AZdyU;bQvw79~UcYQ?nAyI|hYQ+Azh z+?euDjO-{RTClaHk7NWy@7TY}KFtby4@>2J{oa-4R3H@tM_>T6COYBNbSij@F=f!1 z{K}CV)}@=a5iuo$uFco?0`nDx(`7IfMeTbSvQH-Hr%#`msX=@3;syF=iF%kkjFC=F zO)(55HXB`FG8hF@j4|aR8bgVmfPSwCkF%yc>sY&Kgj`~@&P*1@BDF7C`)&KMRfB2X4 zul_jy>USVaOn*6f>#N6K|BI7W>6q!QI~P~h7 zHC7*{o*$+Z4P?0Ioc?-mXyw@Ly?*Diyseq3@#AcAZ`ZmW7y<27FR9z z^PD3F?C%V zfr^2OfvbRlJM%mFB8y>nlJLN`cGhLjba5MC=gUQcog-af*6{5MV zncU!HZ;{*HAD}JAu53+si7{XUk_AbMWO0PC%0id8Gi%k)gaHgX`D&Oz7D#?tdw9jt zEivLi_+bA;-|%7T1;fV}D#IvlkdR%F-Il)zz$D;69o3T&MKUj}O1Pp8U@A3N(lR;k5Cf4dmJiU`9aX+3;$ zOA?hJ#h|{3UgIrnkUlofb+dlzI?j-UTR~XW(&bY5zIwNyDzw4J(dTr%GFK9yendIc zvo~CpzPwDP($_p8qJb;f-iy{KL(uqw`L}Oq$GKUZGnQv(XQrkmuL-Xs$unql{A_H@ znFOsqy_NGZJJ*a;Smn5?V1SC=i9TV(@O@@n(71s>ZgIY^} zD5gxT+Y8I9HaNsgjgQ=(p4@XU*%@1euz5m3*6iijq1tIe)n*XZZ)SP8HKE+RIi(Bi zukf|I8aIcBvk6PNFoT<#)CE>^n37eVf0D`Nlp-PlK}zdB3F1gb>BXq<54-~f zAOVjIUo67s%|~imOv%@uJ$v@%%^O0(U;Xu8fAx!B+_-U*mm}Nn+GVH_1;70AOAvtN zffYyH&n`tyOibP=E|c+Ch*D=fXl#6ZdU}>jzsey{TWUS9Ej6-Ypkkn6pkm;{VxStW zeuS=Z(xc_G?U2GHC|_F2I`1`oC#oubDm|Qq9x`uA{ocvM-&T^w zlDo*+EwR4nOAo`p_`%*jt64%huxxB5lumaGvnxyy+$Db~Ki{TmLXM+wST+Szxy$nF%^F0x1F?6>7mlY zholE(Vg5N&mRYUsLFY*i_6WfJn{=e;#*{cr4&4jj*gjMk{x*w8XR`MH<9moX|nGT z*a|F~F!M~@Ox=V~nhoN347ONQsYWrQI*oIU7Rc68YL~bOY*XNed`ScHZy z=$uJwHdrq=o1eW(;0u77HgszkV$ZWk<~+F9c|vP6n@Y`&Qn5FUGEu$>g^x+2z)$qg zs80GcomW}ey$fEjEIP@>g~bpULShK}SF?>iE$#a_7(P4dDum090dzRf9}0FuU}dns z2rb(r7BM{9yIRI>)Y!<--P*+4T19+p-{gW1)ye z2Va~RruQ+ttyrT3L&oso74^=Y+lH1wBofQ@FFuz9{JbzKefRe5{Jdd1?_GT)Rw9qb zj~+k1cmIKbR+vUyN@%+3?Hic6b=zF#oLOK0fV~3m*|f6T5Io#OHZ;ry(xh>$U9d#N zFWb%iWW=Hk3XZX7+*bYPS>)%^rMn&#pB0~-1X1bXy3s>t?|1#Zs%*NB((VB45F5wIrcR<-SM>lVejYe-8(E+tt`0hvC23id;L@~a0(2hZXpK<(ltg-0iK-sk3w(uzPmp$n)BB5}LH3g&9{=Syx1|lH+sByDk>W*D#?ddM}1$>&r{a3yX^^ko=<|Y$_wU zHDl<*5J2doLa`PGt6kEM0lYl`E~*Q4uQTLx3oG)?3zB9g9^0CsJn7GYZvcXvF^SZCmy-=9JTnJR~AfP(d zqGWh(wu$iq3e4JuGM6&8{qvwEm`3($Yn$xSE2sr(H;~Re(u|Cb%-)(+leM*V>?@WV zRA+JgA`>Q%olJ^oAn&hLQ-O{&VN@9@+x2O3b);$Hy7pqSr3qYFv3;>_YeUmi0z1v= zo0cz*tdAb*9Q{P~&=6qRVJ|E!Vk2nVPn^U*4p5S?_XE`3h+pqBX@zaeIx!9N5zo@j z^dw^Lt1 zLE40+y+u3t6~}=_@87@Y(-&WSf!Oz^DfF)h@jwat6ErdQTc@UOOixc6KJwkWcXxa| z+!7mx<-}3cG#F7Eh7R1j3+s9V6bnSWqHq5PcL7s+W`Q(h!w#BO|AP2O6*OVSyYAJiH-g56+ioN(iv0n(}|7!?;jFB`%CX`Ox3)17oW$17E^f9w{+TH zQ1!cU#AKQ4W~7ymKy8Ip*%n6CO|rZc*;+H6*tqRuVE4LdAWL#BVf-*SZCmO5vFNj5?BzvYb(vqaIAPoe z&3pGoTCAFg-1^ADYMw&eU5BH7+2LlZYNtOfR-LJ{4a0!OvZ8a3ihB~5002M$Nkls!v|2e-*YU*_?Hzn(F+ND%?!h$4=Y286?sHStH65|s#Hsr)^!M{K?o_c^I) zIIm(V+=_vVjRB*8o6Ajht9H0!*hPr35jI5_PLCrAj)}UN#y+&Q$$kbUy)^!LDJzSj zzUzq%dn+9ZnOxCaY&2Z5+I99q=lk)Sp+DW;t)p42GU_UJU2EoCF@Wf1bGqf_M)YYY zp_I}Uc{^pN{%tDXpf*&6x@d#@`oqN85;e;@enV=?12GVq-~N6!E3~p)80ux%W;dB# zd^(yru%H?V1I7qZmKvN%A5^mtf_(OT%!ypG%xbf6)KJu1hk(Wi@JVBg9pAipi@h-6 zWowlb7)YRN-(pi0x3r;B5pqd`LZPnko8E%bWypkH87&Qb@>7t-*F>g*vMdm6c0jdH z_?tAI@&>P4S(SKgjTteUt-OG~R3bEI{`E?34Fa-Q5ERE6OodtRi!pY<^i@LuR1IG> zsO)QDj7+w6ckVfhui9%?r6j~JgI81Q#XOkOd2t@~e5-FFVp+gg~jEWZ)7L=mTb}1*%8I6Zkuf|sl zbYcLN;sJ(}zjWtF)Yw|zh_ha}RXV)sOy9gy+#~g=sVPrms);|{OT(A&9{_LNx|NU% z+Z+txJI6~_cZ*oQVRIqm_WnVcZbw+ zHZZ;9Lfwk}+S{z|#?(3dvW#(#77L}S)3LL&Gv`pqu|Qf=Ev>{Q+Cd4M+jEPnmTJT9 zwJS<+k=T4$Vzt?Q`^+B#Q-CSJhyC={lwAN9Fl_+mKVJl?@1g&L>JwGdf@0Vv`2o91 zrGeRk%R1i$)3q?{!{uTZBwz)8V6MbYo$szH{d~m!(^zlmo$OHUWwLk3xbn*xVWiVR12=?R^ zsW~bJJ~9R@G#CpS1=bf99-HNmL+(N2x*7}e^k{70CX=!9x%9PonbhRf$2sQ7n{DA#h zrP`la>+MA}uHN#KH(zw<(}hCRrLK(Lq?Luz=g(g-J7aD_dmxg0b*bBR(JD{%!eZ6o ztGT&3-163~S&H$zD}Z&;wGw5KmU|K&K76pSuoPsSLwF_8`t@UV)UnyIZFg+jwrzDf zwr$%T+qR7p+xX7C_xX>$rv_(GlQY=6s`h%<`YrbX20A7!+1qX%GWq_}PJ|An{%@dl z$M55ostBOq$FWu43;bMj?+@QAdwjp{afb!hmaGh(5%BNll}=fy)!%RoaIl1Hm9V5I zYJ19%Oo@tsQp+IO^{iV(tj)Fg+r^UF#1Swt6h`vnp7?D9sC%C+S&yg1@5SSC*q{EM zhSBt*615fb1{$y&2XCZjxHX@5`@k9QXu2Uq=aEnrvo$NW8jrr}C?b7XCyEtVq3mww zJ%$IprSz;UpYMifFe5tBr%B}R*`z7@1(3=UQBlbeF}h04NKK!x$A%iF>5lsy$2fU( zW{`sVwIqgm-c!oV@{jVji4dzP^G!8L}#<`TPgs#Jqd4;?vMBgHOpT1ZrA{4_m zrAist+w8YH%l~5Cn=ZNsF*m>*{`Pvm7`%($%Lg_Q%Wbtu%A~@_HK5PROPq{Qup=_Y zYru_sCzLs_$w!G7ojCd%C$61SAQ9f;NCUt@a5Xv&fdJr+v+86~DJ(#hWH-2WkQWun z{y1gr+bYI?Wrik+{EzYn1;8HG!)$ud`}LAV^E;<6!*9|ZJWDZof7f)qqSQOGo>ZzP zpGv?FGitvCU}`pRer9bX5&%tbZw2}T0Ma%$K)Liu?)+oI0Uu|cQQLF?2MO5H$T$5$ z81nsVu1a+bH}XD2(pBy^Gz$in;Q|J~&Vf9_Nie7vq4%Ur&9)7XG=6Cu6;A~7>A>mGmeOgIc=f8$L&e&T(+aV$)uTF7?+Fyd#k^F?%!_ktdJ| zv7dLMDJ2vcwAUXb25K~w+GBM^GjWIb6~C?upx*#PMbHprEb2!R$xyO8Lm2gaxdeX; zSz5=l`SM%XHEsk;L?`k(A{~j))=CC$vKN*WsH7Y2q9&=(TdijI(_K4NKAI>=0EKrm z+4K(ORaycYKx9$598E5RGBJKQhy|ZMQiIM~z&a zvW&|e(6?E?IT_fc@7}cNMJ`l39GN-7V-ugHim579oZan?EpSj#-Cu=b-2affjVzc- zw`k>RSsiWrJP11$g1MSR&EJPaNu()-3{ED1ppD~9k-J>zuC;+_#?ATl3~u5FQbjN5 zYAW!zyVdF1_7M80!R%7omRrCQjw@6b&qlRUnig%J6fFRzW z>}W1h*i0B&X0t5ngJLQUTu4qOfeS4My>P{KQ>WGlRDt(_fyc72Jl;1by?0TebYyR8 zmLzP&N-oUFv{chjx;nZ+(JtleLRKCiPpx!3k587+x96OGsI}VV|1F+V2M@1c;1P1( zfW1$EvY@9&FcKyt3{_cacw5)hP{P3E4o~pIja;dw@iY|#>5N(p@yGRP};S|udio+kEaW4D){*vUe7x~DQ<9Z zZqZx?1cP4Z$9=B9$MY4wwaRgV#nSsi=}hMILU=rC#1N|qkUoWb9 zE+;%GV2*m+9F0f7pRmkM8tJHjE)wzD_WJp2vkt7_=QbJ6_wfm~I z=M&%a@oH;>qfFVsr@k@mg2spNVz>0y|Gk8V~K_?!W|>2Nzp#{US)8^>mijUiU#1JVVcX9 z&8j;hkd!f?*T;60R`1RGkN18K>oYVO6FEwna4Z-Ym=ga$+$Llvty-hS!Osf~zzFtC z+=GF$hQpCV-}N&N+?lpXNi58qvgRgfE#=CzmM+ufi! zn(yz!$?8P*NuS$TDdVB2>K#MQJZZM(vYoBVYpy+j$+y;vqlg({6(M;h*(Tmrh&j~{ z2n;C+a)n!PY;~v3rhl)SUn+%5&LWq40rjlTRDYJa!lmpOPduJB({+bd9w5^p`9!<_ zlYel2x-}ZkJD2HLLVji%*zYm4w)V43uEO`a%pvYjfg+7IEo|NtAV4_$HSP08H3-IU zIK0@@Rfoorrg8V?l4t&R09)+Si5WgF?821WMcUKkQsh}SQ$eL5Z2O0E16WM_dQc>2 zQz&XBqczz?orXTTIHFTw&EZXZ&iOBbyP90}pzqXpL#WaDmQRUg)9 zBE>g`FS6U<(@&a+T$?r3{1dg*tCR0n;iN-Acp?y7aEqJS&8y;jHx@h+ODGTIumh{AM20CtKr#^g z!u{U>6yEnAf$hghc_4dLA+Of2hl%gNZmH0R9iRItB!Q37t)ya|;LjwotIe)^b^pgy z8>yb}uNi^Q2bSRV2bban>>iDWwaMeOGhkLe4OphEurF1&q_%R|&9){IpsDaAPT5UR$ zWAk_d*$Xn1Jtn%t#d~u}_^l8uRyovWspA6q}U>EZ1B!>qkZEf;Ir zneAx6>$b^ft%rL}El1F;u53YNSm>Qgd@b}Zl1j*@3kEi$3Zo$o{7Zs(@7VdwLFQrM z>#D1>*xwyQ)2%?Pnx2^f!U*qkZ%dYzdOjvVe^1c=XK4TtMg}Tf#IUz(lA$G=S z^oxmqO&EDoV&m*ag#(jY7yqeLeXIqdja2ak)#}Y>{N4txzi$R&1sar+#bgiP9u`Kz z(XoYQhkD+(2r)2@!o3Smjmg+ZAKwCP*R>d$V zTcsj8xGg-9D?~bJjKRfvz+w+{Bre=QPT?a#^GnQ!C$@w)ElC494v4A5-&9 z4A6K#L&x@7d(}{uZDlXwC(wwGYkZ1_3%sR*dA~o`s(0y3ZS$DVg=Sit46Q#iXl1=_ zcyKYv@L_v^d41S_Rtwt2VgJdl;$Yxx-V=ST{o*W51)jd-{_?@uj9#0BGN!YH-#u%P zNSQ=D{j~O@Q?{8Mf|TD`a_BZU@$O7n(1j$A1%Yr$;oby?M;Pv#!rC1e zA}NcyEfYuB8VFF0>(xf;`a>sEL2})a+o9h7PONFgq#`Pjprr}$B@h^|V1^MB(iG9_|>NHA;s;kRrOM3fd6n!c7Mx+vMCf5pox6>WtB14>BhU$z>HHiq>{P&@Uu z6%3Yqwl;Naq9JuVG&C*hMrzWpn|M+lbFR%c>J_!3PvcH4lhX`~OmiZ8d(%v7e@OBKm)dO~_t4ipdarJ&1CCLq)A~BI$rsAEBxW1o{$5rY4kzxo z*Qf`bNB+;3?oo0j<|UVabt(HOwW(bw>H9?8?S=y$ zzi+>ZYRh1;Q(et^|L+K@Gmf2)vEh%+4tME^J%R8tg9UddD<@COwY$sPgVBkCqmJvZ zDh2)ln{8>LhN|)RQ9Ah?pAsFj+8w`lx_}gK86e}oNO7$Gw%+^sYVBT4{tu*#@me+i z=j|GhRRICdr6%BM(3tK`U0j)VG1Reijb={zar_`FEnx~oHb>4?(At7h=yecC6-Ly) zmC3C1sRy8gr^13C6P<(G(QoY;>}uL+sA{lb1w(b`y3pQ7(p*6-Q)dy@J}I@iUzVcxg+c_MvGgDb*9l5H!# z6 z0kf=`u#g)0?~bFPyjQ+=HxmZGTJ7s=z8&;hc#NUX=P_NPRA6$&1ss_k3jWVV zlM4mSDknM}+QtzkbcZa6dsaTsubVxJY3uR?^yo%a{?CsOuC#`8*@ALo6&sH0ZMM|V z?a4*6i%!o^FFU^+51B#L@vwYO$a<`M73e8i>0w5m`-EecZOCNF$=n(>Q)8o z?JJIU7-8V{TR9CDV+lkOARXjBHkS&@y*No3WQ^F~K#XlN5S4A`YOf?{Utj9B9iO0f zWVt8QV+U2PK?sIk87@ZLQ2a%4_^9-1G>pj1cCVApQ_uY+{ODNoR#`z2KsREH&#)3L zaC+;Euw?P5Gv`g|;3AWn(x@jlpDig;t0p`>P*2%53Q+AD#g;{-*Zg!>*Q2reWMJ)b zt?Y@jCDuHMgu$1d+z$?1#I3xYqU%INT8Le?b3MbH5Z23BJ$gg zvgckDBY1Uv`AJj%?|yyjI17Ynh^<0#s8~(c_UWX?PDc=E7rUm;!7S~=)3o!GvfUy8 z?&2A|zN4W5LrklDVQ_7mg#T!Pa;qAJna~ZGntB+Xv?}I5tmCX7( z&+9B!`_J&=j=NgO9t6G8IYTndjSWeRk^EM>Qlvd)@f(4`kcX+wphPSn%p;cStmTpv znqA@XaCP+Mv<~y_VG$v{b8#@Mt>IrwUE4m^A1r~N4JLYRcFmqurOKIRZ-qkV?l>l{ z_glQmt97dAMGQmfc!jfR4x0FDp)Hba@+V(RH_oAl_sX}esI!?x9g$_9s;?Wcr{)~D zqZ)ux?FZBaTdSMMD5t>>Tpcbs#KGgrruGx^;r^qjdp1AB5<9vRuikA~@x>F)2ht9! zOwN6n-%PBAU92o@OkDi?WE@dEds(Ml3Z`vKlT+cSM_p3k6I4kSalXFldCU@~tyUac z)BpIs?!IaoyG}=^>4R0YUp}OP{oiDQNbq1^3;u62-w*OVpI05%7YJeYY=-K|YryuWVg-^_O75AB}sZP6O% z8jmjj?`}GOn!fI@T>Ty|1PEosVLYP?RvI~>^_TsjiId`JAcqN`-S_sRU8m>cNU9^9 zc%)^g<5fMfX+zn0cd9XSmZmBqa3VMm@5h-nnnIH7)6n0RfV$tvmYREhVSZxKmFFo$ zza@7Kr4@Pe}5SC+Z505)ard}0|TQd!v{V4?n|$wp3*)+3kwQe zMBWQ1H|F5i_06fXX@Lbk=r9>A*=H__oRR?Rtgyey{J--TErMj!5|I6(6&or6F9J5d z5`{u&Xr}dT1(Oo(hj|gwR3mGV2sX`!$B`f9cRm1-3^_!LKtz;o0JmQNm4Rl@%TQ{N zH`L#z?%)F%w6$bO>k?w;uQT|MfHdgtf`6%t3G{fjX z;#pfFQ0T`XVb@wxu-_AT9xs(^UOclksCnzT{R02TAt%4aa2g1d>n%x*Y3FXDp=&+4 zB^C81k&t-ldy4!swb0i*s}DScF`)}26BzBfn07*lCd+Ehc+e2*8HKS8>(j&1##XC$ zExdX#Kje?oLa{@~?%<7s@`yQI3+h|U<2M$Y>*^vQT-@~Mu_pSG4n9k$3~(9r{}(mNtNH z;c4OE;1txdskhaFAe@CDYFz4K!W(066E#Xwn3mJ*VErrd0G|nOAI&x7PVReKfQdV3 zcxX3_L})ZgWP@+BJW1a05T~*{fhI?Dh#E=#Rbb7gIIOPi=Gtj8*7YN0`fce>Eja)4|KEU~v1L&SosL8Muv< zv2aQy&=ExpUAJcN$nX(%l*f$PmJ|Qyj-BsYB>yaZjosw4E56J-cTNq+-(uDr-rp@x zm&hBHP<^UoL)c3tqwh#p8`9JJtH_L8Q}{f~HD@K{n}reTZ)_Uz+ve}04`i9O^ZH6VRCS}1&L-kf(%_rRe z>#$}1#nr&ImMBeLM4q}iX4Y{o3(6ONh z1+&I9v5zQA3gOsCH_eh%!jsJqxUWU5zhfPnM6q=4U`#*L`1>tfO=U~HwG<;Fxk_l> zsT8q>al1W)elyY<18nY9WRiYv_P{}8`#Qb3qt+NiP}HYuFN`+S+K)wD>qf;K!Dg${ z^Z=%!{NL_sl;!&6)3)g7u*H!_dw=HCqJnKNET@5tGehg5*H)57sT~OO&aevvHUZIY zxR(rBpEmebl8z z7?>Ds3J47h(^4WnzK`qZk7uyEz^U|*|MS-KprR5TjhwKPa@c2ofzE2Oxn=b#u=0%#G_G@R2=)jA7Y$Cn}iH}N?7&6PeF<6N(bb+=Rs2; z4bVbW=y@VHAET_x#~jH$J_WfiP3^R-GoH=zxDn(@4daIL6$i1V4CDPFHrEl4%xoU6GCrE- zcPSWo)myW%_pg?iJ6bNWUlTuCBIp5FG;Z&N#S6Ce5Ki1`x9KP+LX|%zn-dp%bcaEF z15xYI2w8=aeju{4)Mcb+UoAemv`YA%{p0?$Rvi|^CPp{Q2~y)P>=kAqII7(lJEigO z(7D%r(qH6S9&3Z>SaOpmh^*?LH?ruhR%uy7ma+PoNR9%WO*z%6yq2Cn2=-+}jdX=| z71j?;{0Y_?`;*8uGbyn~q>iP%Js~#rEE98BQ~ve7Elok)t4>>)^@6W-?R-oI zCPkhGU?L>&YxtmAI2g zvu{OcMJO*RTDL-#kP!I4r6p3+*ZQE_zvqroVXFP5NnD%%x@eT|c{`J4hnCOfH~pJe z6&eb;@j;on1}ZOcq1Hu;%5Z@a@mwM~Ww~y_5}n_h-QkWrFE8-@K^=v$4boqzR7Lnx zJ(548!u5n~gle_AegVG>U23SecrakkKn2dq9w!3}VdLj=L=0Hu?X&`0lxP<6_Ua2D znI}%oykuB314}qoojg8gm#k%2%lzmDT%i2t*F6R062;ANS3vR#b52;zxTlxJ?_T&BfS}xdo0omW!*ca1yN0 zw$@KA(hj{iBG$aN+dPBQY|&w-f95@b@1TO`b>TvKo`q_+nw6H?Us&Gd(CWU9t+KvL zA0^X(R0gu90U*{Bx!UyDsU&RJLZ}rcc4v1#Hb2f+?C(P|4;*A{1O!7n=Fi{`?~I6G zRX=B#H>b;Af3do!{3Gdu>36vy@E^Zru^E5qcakgDSK5>FTO#fuBM(B5axmOW9Umd( zx-YK$HXZS=_BX^FW8r0Z^C8hlMO&Qw;}H04c+m;9Wv zqPS8ZaL8hoiyzP2GkBxjNt)cLAYtdw6-50~JHb@n?7SegFqP(TY6V#m*y;t*1@{Hb z26H|6@QEd@zxF!*Gf_E`1#eaPl3 zbRnKW_{cfXd7+bpk!c9t-i(p$H(4Jwwkk}+fq#31hgZg8JTI0E4aa}(vodvyh~YI* zfUG;|LMn2~Xd9rA?GDeZi?L@slx-!wakUk4nuv-yN>Iv@oxgzxHX!22kVcDTVCd%- zvu5%f^TNp3s~cTovP2!7;G8zQIJ#|=V))g?0zv&LqL};*4ojxu1;gr7^eQ)o{;iJo zEoubIAz05Njsx3B;PXoK39h##1S|RT=g)7#IR2N;>WN7dMpC?Zztr8N+02IsdXj{m zV;D6=@Ze6w=L{Vvdzq-1=$jGr1eKJ6D3(8zC1kPaT=!AC^yY5308Pg>{fJ7&To$BI z4|NSj_U7=fDUM8b3(bc0?B;gAEVc2+vn84wwLoD4A6Z`@NH0r{?YTy{!{hwMNL`D4 zeZxUI_mH$e;qO&T5^6%-?*vwxlTuY07UgDPcPe|3Q8E-%h+zl|QH+U!w)4hKAzFr7 zx%JZ=HNn-=yDuvyaS5a3%IWI}P*5T$(9XdxZFLd$kwyhC>HRY+Sagk{Ueo@7dLol( zXs8zP7H9-6tJdlpvDPWF7lYiT-?W0OB@8_7=Kt!c9q~g}>zFr(i4L!KBG@7a93S|N zJWpL1@ip#6r*TqYsaD!*B;o(Hx!1K;{dWBBzFBVG^8E}DrZk&Vt}OFHWgZ z)~}SG_>}{tXZHBeWcBvP2bF#;CSdNdfPu3Y%>_m{1o`>~MDjY>UfIoQG0e5Fa}ZZ7 z@i6_z_G+vKA6goi$rUpC#%xL-S!X3R_VVGtUr~Ih6!2$m{I^dqO3MOj08X_rzB9u#fKMa(m9#DlhB-J47@ zY%(uB4uhgwNOxWWundXL4%ukV#-;p5B_!f-Ov_|#PCHQm2D^s3z5%$C>lYOuwA!h(d7UKzAjZ9;nUiI$l_)^ntOBPT|fSgik`>CF$#gx+Jy>>7(sI7tpW9A*QZ3 z^rYANRedSjq5^1tKVOKPB;;Q8dDcIdD*4ZBd+-TuiPlhy%gN_@MsI;aj@pm=1_V3V z4-sQQo=p#|Sp{y;>deNWoHl($qfXhMV*MUaTHJEvMtkmFn~PL9L*Bvbrg5~N7X$zO z@rW1b_cY9Tu4-qro!J$rtRE8#>Yc(1P{3M?DuOL0D&VLuOg~FF81S^0Dx9l``e$Ui z1nI`azF=qV-w>QR4bPz*uQE}(_F4+&VJfdhDQo>g!EyD53lM^MmP*(fq1Y=6R%Aft|mdULyO(}Hi-9^_B-U(Cs}CStM$ ze-Vf#+sTyu${&`)p@VDhzJCmUKgu43N#?oopY@7ZPr7}zqrG59xJup}>a1PV`med$ z*z&NBTyQ6{U9af@Zr?)EbEld0CdrEmv-E{GaZVcpxtMu(M|1Bnsw6LtM?zds<|@l? z<`_;u?oPoNCRf}hE+aD+PL5Bi^V_bS_)2X(ViYeY);(HsyxtC!)iqW-9`C!FTd%E^ z_3Jw9N1nevy`K)oaNMqjR^jcAxp+R^d@^(OY*IRimJqRW#e()156^4;@#j6Hp&VTt zQ1RG7H#TayoSXL>@da2|xY*c|p+LiahDX7Jc_jM2A6N4^*{SJ{jTa`69jW#F_|+vli1xay)Uabmzjy+g-gK)WQ8~^ zU0-yGe%IvSRn@>QuaW?pNkgCRLGMlq-+Y=@8&PcFE@L8-3pBCnuZLSIzw=AqFVw?Ac2Ry#4oJx*RX<%Go}_I*0V^V|H#it zL~xI;{eivmS*88{9%oq~|KA8Y@Nmprz`t_yp5-cuGNgA)$O|J{iF-u#cYDD75YRIF zv}P_M!ZLp*9=LS^6uZN({hMS9QuM@%U!dEDWU>;xUg6@7l9R(?3HUu6u9vH|Lk!ib zi>{2C-WK-vQ_sYhR}Ks?@|i9&F)>n#K!2B(-kPd3lO|%fjq!BeZvJe9`DipZ89D8R#ji819E^vQ91rrP|sJ3L9*}Y+KU9x8&FBV4LKi3xt9?*@ zCe<>|zYB|lab1M<&f6G5Q`xd4r zO#6`h`t(h1!U74xrs7eL@;6|ktydQ3moHfXajkeaPEwPce%_xNnY*cw0%5HGe){>; zKKO$q@XLG`=!IkqDGO$fDliApT9HmN+mQdtV<_>sLt#;IEW(V6X$*NBjq%Q)JOUR7 zD-XC^GLtkjJh4)MXmi?Nu(wcxszSU>(lNx>mSLTznFo~s{C#75p@LL2g9*qaN|Ck&8YQ_UL!V()}U0x-TQ=QC%QL#lbMCJ z^-m%99R(Ndo68^=XC9(cbKUUt%P^0L=Vv zpoL^H9vmgJJ@g^|7%lih;B#0u(I;lxm%(Dpl$W{5+Z=GHZgmI9)X_U1lTgt$ej9)O z0h`-99EKuoA6`T{5Y8B6$?t?HMk&^)QgTToTYY^UnZIH#+zVdrGHt|xFJZ$)#?f^X zU}b#)qUfK};AQY_N&XV3(OFO|b3YDFqmv!{^m#f5yOqU|Vg{>|hmcs#LP0GBp6e

S(BfyZZ-pKE};DwF0J{hyc*W6 zAf<7RM4p`JqgA`xB4f1Ye9`$GY^@#9!3lqWhyDoVfRpplsWWrpmPvO4^Q>YmDG~T5 z4@40AaWg3Z^8d5bY5u$IkKtbc5DQb!&y{H%np&Z%|IPh75Hkr@$f36$krfw_0SqT5 zH-GcFlAdxeD4;`JC*^+?n_Qm&DYQU(+0yes`JA_bm=*t(4`q&Cr-x{!;Fe&rAbLX~ zJs0CfJt^I|j$G>V0zQxOf3m28kfu#aJcz^k?mz9O7-~ARcZ?()?cE~8&eLoYQ|*-9 z#AfJKEAowY2MhxAs9YrL!*Nl!2#T#Nvggs*w%shV4)dcM9y_)>=F({vQV%bAc|>P7 z?C{E(lUb=1fid2_=A{42&7v9-X}EA15UtGaIu2zfVi=+jr(*^eI4oKbizSf|F<~fL za0@on%2-A44SX@;aVh?!ki=_LlJE$t2A2mrzbjet@k`T4a(W+}O3*dumj<3C*Q;F1 z7HU`~V6cHPd6+LA>vQ>sr1-aBS;J|8l7KEOMcqN82)3T(o@_c8VP zydGv-S_WYy#Ju-fnm$cT$@P3eCTjiGt51r~dcIctKNfPoRCL5{uldJSm-N3M^?iZu zU@hIn0(ElxnpIY$J94~@a$9K`>FJ6gQgTtTT-T%L8}}zOsTipl;}CdFb2S@*2J&d- zRl@d65Fw~X)!{TyHQ-PhDOyIjZp%bb>IjK=ALL*JJMg(nj~Ww$ybacQEe;3D^_+M* z`q$b=)3&ysrRvvNY{kybaQzgp{J(Hwm37Q{o=OGYtXqm%rVOjkLwvFxU`tt6ZYQ{_ z5Gf*7Rv?1=sahrBDaO4g2en4dY&^VYr8IZPo~JfZ22ShugrE}#$g8EpwqrGOGcL3Y z1Ik2*98>=M4gA1+*mK(hdcsDT=^!=95>!WZf0590!Sd=!T62;rbDIZ_nprk_RNpLD z4`;x^lvRaf=NNInem?vAy*;cw@A%9A&dTWyl)O4gROzpAdQ+PfiESRIGLw8vv)*XK!HF7vkw<%+gDbULRqEeh$dzvHl;0-P7;; z>>QX`)n4yUbX+?4M#PIK_#y=@YxxU`K@Y-IO|hDda4?g$>601kLxbju@RHSlKYzr; z#JA`IO53R=S%dC$rJA5Kv>biUw&Wt%OPE}g)SE0UPLHRAew9ky6$q}-1tJCosmvQ0 z`uJFwnXU4iYq%|Cn7xAF(1Kcb$Cz96b6{EZ_}nUq9ruq1B{pnw_B3w;7fZE)$mfEC zW+=}XNK1SKeE{fp!|R$51!W<5HCEds79)uba$1;?`UFV(q;0wD|DX~;tOOBOnOG%e z5vdj1f1n<~QaN~&r&OVSjB_D`@q-}MGSRkV%52Vh9+`P=w6#}yX0(zapAlz)NpR!4 zMd6F~7J*76^hEy)d^$&6jzR?~&j|4K`TNay+m&6fk7Bkw@A*bFvL|uAW*($bFD2G2 z9E8!~iYV@lFY(P#U*y1S9FHjvL#6;E19-P;1SM95%~qQb!0Yky)Ywh4)%Q843*@MQ zzd%c)P3xtO8?aj(&Uy%F0}pb?_r5!;vX=3@a}&eA^E)F!3{)@tA6tMLYCAY^I$3VS z5+LG?PZ2#?5AH=7m5nqKvTQ=BabW#IOlx`X+`{nax1{ z)+m~2m4j@w90BGR-yT{Xy=%(+v0A0A@CK=QgXPY;9DAig3tEa|6|Zfj$jU;ge0pU> zZd%&S{pp``A?q5Aou{Gb0QQzVts+}X+!LdD*5$9~iwk%jc<){WK}(N&F$KnL&#JW>pAs%fIA+%w<|b{79nIM&j4v{Je5mGs zidPO9fz}Nh^+J|a42EI+`#WJ6+wowJ>3Y#~0`;=WRt8H0MNa?)Z@Zo`B`eZn?^~F9 zX!ZgpZOQO6`_I$jgU8?28KE%dQf;6m|39e1k zg)3`=Kbac<(<{G2~QEw1ykZqR$4u~Spi<m{F-6ZEhKHV%-9Yy+NhjKC*X)b;( z9UI2~innk$j-+ym5|&! zS?6JPe0*_1tC%uN)1^mlL-W^Q@ayZ+ zq@uM&tjTPQo5+5hl@#OJs*-q{B3x`Ty%IJf-#0@Q?*N1%tYcsziNOz9UCxJ1Y? z+Ooiy5&5)&%btw+*olcTAQ-1{{?_Cb$J>fO-z0Y&QyTgxL||8kEkv%q)U>riO$}0{ z=rfb!`TBqsrgeMX60l)E7~*sg5hlY1aRYqw$jh!y7g#LTK0iWXL-Kd>;79;!}M zyP&cjcX{+cy|ua76dnA37a;^V&VG*=(4r@pbdIvt@Xz9YA*v1FC=lBYMAvFpnPQ6@Nb*h7pf$8oD| zDyff9sZqm%zBiNp_n~XJG8x6E|J#B;PouuGlx;N~AKq|R?UmpC)CwMB;8=p>(akV0 zgslzx@f+RYjPUyf39p&o=Vn&S-i}|PrJQ4>SX#_BL~=>SHtCDO|CJ_H%h&fa13dG5 zQ};DyCJ@-m`BWT(N>Hu6=|;FJUWCjrYu6f;Q0uV!;@lg+M$rpXBQzR`Cvh-8HLSy! z$+&~P*eD%I%W=&w<2^M1LE&@|wc#DHs~`^wZ)>%b98}RqKNKNJj8coZw2*u%rO0Yf z5?{=gzN(fypHZb~V?9Lk*i2=v8hw6PZFR!jK*!XK!`(HNlK6F~nzz8aAtj#j@4e$a zMWjH*N^%$SaqabnIAucG?ZD5T8l2Cb+;E)L%^K#RM0PBRM#-#WDK;r?>GLKS&FN-eYg|hj${=olT z!AHG0SQdyal3_h=%k^)WJJk>zT}39wY7HW`r#nSO3?Eg}it%Bxhk>Sj;_~~=(>8ji z`z?l)KCL0&P_rT%pPkP&&dq-I+S@#<#y-8oPKKX1;P=E?Q~ z7x=PCOV+f{JbQv?GargM4v>dr`r_3#^5Z7rWx`>qiydMNfQlJ@1+juV(`hbjwnG)2(Jo0aESh( zP6lrm!Heced1rw4i#+MmMi*oMtLzlo?~+z&S*eHR&G-OK&p)AOswt@92ly8jAvQO1 zkLj|boN6{4kKG~Sq9p5G$g-M0F%xGT;+%e`=lk>?O|67Ofn3UM2qUK>At91{<+VVk zKaj9jtGM*D8RDvsFWZf$cB;};-TVyE%hW~fQsWu8eqy#k>F~nz|DiD<5%31UTO74_ zPA>x0Wk9DshUppD$UsnpOFRS^Bh6tY>;9`!nd-D3J317@dd$N=PbhLSwjI`hp$OblDw8Z+i@Fme7;(1i>Qo)W9d1!?U3)!9?At{rj zd78i_Cb&k@qZhJT>acuHv2I?3LdxLWRurl`;3=kFY%)QRdQnCjrskuhUd zW<7unTx8_`lI}M~0Oe)MFcR8Q`X`dYoaWFsg4rRpN4hK`apB`@s#GSSs`Yki>+@%V z4+?~@HnZZe#;nr2j_>#D*edibte0DAw53Ea+jR62L@(g% zWFV{u(Dz}K{CF7p1G9}VnW*t^1tzRLToX4tM!+Io((hZPp3RTSP?6{#Co?-;?wDCB zV5{oq1LCBy`rTf|XDjyGSw61~psunzaCL&dPZwOxHdL8QY)nJ~K5a_ta1?aomT>dJ z$T>cFD2&b_?8l`c3NWDe>?@mix#i?&mgu2ocP(yyGLiP4#kW0oOEiBi5k5bE{2ddV z8H^(e3zCJ=I@fzy|20oM*`JrIco7KYVkEH*>A)?$l?i(J!vQ?pLQe!gLy>;wVX+BY z&uC0c9J6Ato!s|Tlhc8h)1XZ2kLFL%Dz6`F-JQ+4Jo>Td-cH$-p}C?25xg3{zsQ?* zt}(wZDE!Yhw;$h|Bdc|5^U&J(5Q~<4jFD@$h?{8Yi|j{|liT`p(e;`--kn~I!))}s z(&Q>QpZnk$fXZtQmgzmV0aWuv4p#V<_iAl=?@FsakLr>9oZ}j;ePyNkiS~Y}qn#_^ z4w3!zp)f8=Vd6ZzK9A%V_K|EUmslhns?*016}UXnlh_s+=`8=Tb?W>u^;uB z_He433A|;+MYS4RPsedL6t;6L7HpI8{6-TZX#!S(P8QOh8xn=v#I9vH2-fELJijih z|1vzNR9Sc{zbvHCshaG`4@I=4-JC7+9!2h#3x_Hj6-{H3p~t=ErA#P2`a zOl_rZH{bpOKMVe5D{(GSu1n=l2q!t+4VKeN%?cIgKOd}m@DE4F`i?TsONGHE+r+vu zu9(e~-rTkRRb3FEHewDT)^+UU@4_kgjI|!V{luW<@mmo>jU1Umfl^v9EODXHNGuF2 zxpBgl>>i;WX^E@FfevwH4VDGFgVTg?GTXr z{gJxMWm5WoEPxXRJu95Tqt%zyrAqbg_bYAg_JR~QHcv$_fv=ZFEwmr?51-FF!m>;* zec4iyo?t3`zSL9lK(ChTzBgch$p7ucztaVf@K3O0QTSjk;-<6xP!K$`J=ZE$wbr#& zfw63TI-=q*Pqxg>ZeQsoFhCxmaVUnD?61q{+fimHM(aEf3rzaLD z4uyB1IIRu)Y$otml_$GN%075X^j~!NwQHyMH^K0xGy!ZAcTnJ63$ug3hSC`|-YO5G zLQpqXdKDOu1Iw1}@f(tid097iC7c#;zG>0L@L_o*$yahyIvu_I-k+*A z)!vsr0Yl3qE9qc3%Dwa&k#e5^;EI2r#yE8V~6Vd!O5u(0RINW1AA0WvU z<&X4XcX6HEgYNX3NWvrVT3$fv+zfRddm%VVXnhSZ(5oEw;kf!(V83#TgOnx zp;GR=%7E=rVE&TiMbqhhotEA>uia`ND45OX4do0XgI^HY>Y9LJH#R&j7ePMAsv$3a z%`4X@x8^K)9WNhAu3mmZ1X82dRRO^XGF|D?I+!4NVcHKrA;DZ1@mb;h@lsz?PmA_T zFub-(O+lS0h~?m7RO+L)XB)aVXm-CF*=Jny4!GgtBY3ml&yFfbVsl6L>j+^2Hbm&P zfMIM{IH>dpvjW)8P#Xg6z6s>lyQ2vpA=WCilo%htrvA)>^lE`8;Atjo4oSM|IrgqB ze1+D9bW=@73?-YZjm*~K91cGhcw>IqXyCon6YM2kuLw_Qu1jBp;pOCm)u`tB=x@lq->88w0gmWviBcOQU8 zDg8#H5nmisLOJ_c7JAJGN74IzKtu2%QN;nB!|(mn+VlN+TR5xkU{h#Z7{b-3O>x>O zLziC4%OdkVc2GKAR9~y#5vv4CgM^s3f7zib(QP?}v@qDG%R%b#xTMzRN7|G46 zMI#e)g>x@d0x7)j{LU6Y5*HQep8(^fLM=)0?sy zk8IMeu`Q{U0gtGCSi<0d-^Yc`El=h1=r%OO>X#HCCw|T&$wt5IJ&2mgLkOOV;~iNl z4X${+3|k6b?|ZpAleLI-frZ7mu&^{?!hZ`?)Mg6S>?~d`9~|;8r3 zV1fa42s=-sMRyGItR#iOS$|x#yaB`$95Pc$O;D7R{B9j0A@)TJJRJ5hKLO{KyfO&e2sN_T!J|tCLa%yWGQ;oC#`d-};%IZ8= zIYn=1-%7u?KicV$r2|Lt;n{hN!g$}*{26F;>(p&Ei89a*@1)XC8ts)6Mp^LXlaYQ; z?CvY=&m}>8B5vgOVESjBY?BDtkpaCw`?!E64jV-|f;pXobAx-0W{+}n^@85Wrv4!x(TArn@b%MHnD%Keq6p{CsR z#ux}zX4pE@pQ0}@>Vcr@m7sD;{a~k?8TEg+D~02WhFtoGr{_y_HHBq9wM8s*NVZGS z$h~6U3EHxDjP<>)t?Z|Cd223DXW|WBy4zDz$Zhb2;D*f1Ou(FECa2%!`F5T{J3UGd zu?Lb9%R3ul(oZ8%es`zdZDOfvpbi%^zCq}onxrew3=Fah&^77%xFAN4?FfDjAaWSR z5%44QDB10Rw|aS94ZUX0g9DYs16iR(nfw4kDw)|H)uG8Ct~&u7=w}(JeTrDo!`@*L z<}MJ(<#@{PC6B@KJ%If(aa-o{# z#24f%peNl$@I>Y2iq7@NbWh(y%MhCkR-ZM&m!JgXl=B?R$30s1<^bb>DF9h8NxdBo zs^T0yP#u@|e7CzVMhJ%1T#+L#mlDYVMK&y=E zATZPO@wMKLE|<@xKwy?ddmbxeuLcom8R?(>9f*P)PRVPt9NIY@jyZ z#qT|199*l*>Eszv&>L}dD1-*zE}T2lM>@lik+UaHk*zLn8f*PlGM^qCl#LOM1;4{# zNl(CJB(&>co|m;%i0l{>^e;g(d*JbP1V4S!4PDrinBNowc>MQP7_~Q%khYJD2WPtC zI9CN8lO2v5AGN#er~$XvaZ^H8X?2C9n11sjv0V(aDnA1!?=et~5zE)}RqIY~oMWrL zenemOcAJxQsm4e@BS?i_yK^7sexE>JRF_@dBcdQ67YvCw*8S}E+BQUkSQ|ol1*uZ+ z{eG4w!?SgJg6tuKnT1D078#VbM9}*K@?|-DylPCS^-pzc#rJKP9i97QcSJAFzgD-) zj+^cd-!D%UEl`niWF@tC7z-RBmUB)E1N00vf95axtp_$nMxkvvf%dGl$rggrdyZ}Y3ZizG;pN4!I$CeSl3Yh-yw^K zN$Qa9S@wq8k-^9W@Ako{{wINPa15VV!;CR^-^pX%E0h9{vkM8W^WNw)Mv_)62|0no zaM9Z$9!KKezOnV6MI}Qr30`d|8J{1oF=_MLn?uEZNo2`S-o}HN0Ai?a=&N7t1v89| zf6NUpJx#`y=gY^t@oDvr4PsdM(>Uu7Ge-V|c!r=;4e9Iqu<)$ot&8c>p~Uz2(M0>% zaLk1OagHEd4A%vQ7nRQY^M)W-noDjc^U#GKpmYOBt3tY20&o zeh%_De5S%_95!gEYjw@Zj2P4(Ed}oL@L{>z31&-+c__i&&(9r4x}&WRH5*N@y{v}_ zIiM{2u`rBqnb*y>PK3?EKIh&=p8twKcAwlIQ6ZB9q`Dsr2&{;sznTHa zlp4|oC7cppOr>hpm7NL|wbumly`HL9uS4ro0R1?g;1lx{-V=U=iItoFAcckwOROWw z>*NLC3r+REJ$3$E)U3m=;Q>hm%|@Ui3pH%;ibo}sr_{|OU?QmlpxI1r50D#>-O^Sf zu-Pd-IEeOb=*Na#ToEt^FzVQSJoLv=ntni?Y6an5;*+)h&RRZkSzol!_Wia^?y6Qr zxr30~0JUja86DG}4y#SOHm5SnA99Ssa#OpRJIxK&EwXeuqQ!gyN;ANvayw^rDuYV% zCNGexJ*?;JS$g+4SBV!aULvl4)6FHIig>9P6RI;lgs^w!ux3{>fj ze`y&&IXBbsOz)GO&0~eXrGOSPRolpkromi0Nm*eXVU>6jydu`kU8s=-yuV1TMkG-_ zvUgUk|4~sSxSZF9+v)bf{i_;1lnBC4PGg!RMQmaz3e7d2nO?UYn_h*VxoqLW{mP^) zk!0Gg;LBZjJX@S;2VM*_4qr}_$U?a~hOR2bHnNxHwV=S>4i9`+{;XSOj{9pLnggbc zh3sxYRl*0&?lc5(jNp5V)O^TO)gZapj;V!lyRKixseb6ZUu3fJ;)v!h1XMf?6haz@ zanEfmKEh??T-09n!rP~~>>yLGgDOBHhrZgp&3IE!c40f6*D|xVsTJoeM9`v$aO3W~ z_{olZ)yr8~sM2e2H6}8qOW1RxKe6j?ti9QrYqcQN8EYDfm(e%vC-uE3Sqmj17}X>+ za)0`%K$~fJRLuG1XaBCZV32Vb#06cXoHphIB>lp>47@f@&$^Lhnt%vumeIzal808p zl37+}o@_oue2)WT-8uYFFWnig{_FT?6vMx#*)$aRU;R?w7M|0`GCSl@R-?vU@vmE( z#Ws=zhcst4_K$PKCzSZVu&@wqgszr$DFf{P(ZLS<6+gAC*=3cWI|wp;xs_VBxud?Vgr zk0?|pbauw2@|CB6U5*AM*dxm*=B1&zZt0e1}NRL8{)@O;kvy#3tfr{uU3QwOM>2wi<&^n5?= z_SppoH=PRX&e?UpL3GEU6_@^8MS^Awe3SF7{{7_Lemfxa>jg-w{(j$2)aF(CJFJo) z+LiV`f4v^W{k-M+frP%kU(`zA1P5plUHSfe&HcOqhN;^vov3!d6TEYkPGN7rgKI?`4#)kn2yj>bHdI&3Jln|d6%ITM6jN~N0Qe^=lkaWBP_ zk+h0BHZFrY+k_k$x<4cw=yT7oFJ>WDp_{2haI;Z$UmnMlHIzZ17v2QFM|uDwOV+e7 zSRK1Y^q%O?tQS}}O@{5E0eWHOv(*i+4}}R>3Nv z@9Q-HD6q}J9XGtrN?#uH0US2zX};OhB9!Oz<+W{Iik;Eq%7fk-iQ3pkt>+4~lm zv0?0jiG>J%lS|4&LyPh_^cA7$ySMdxK9ypZc)czQgwc|$^e;~%-~)13)5Eqm^&5ey zY5HsdW*!!{(*@oO=%3;0i$m%N`Pg$~77;<#WS#g1W>Uf_?4oVUE%BI+;oIyiQUegG z{5gkTCnKI0_x!2`vl<}Sqgs}axVCCUBP9XVvI14i0v?$5qD(%Svih%*^P{+d@HI_P z8FdwR6w#$5tOzOgI6upj9>seJdD?%N2Of*n8_7oR=10@PHQ>tso)CIsfTa!`2e6vW zxa&)IvNa5LcvtRy>p|R-#6Km1jV2Apw3{gAe0U0_N19mpkaZ=b^rc~Br_}vHC}X>s zW=lPvUR;*m9_yl+H1h9>ikeeG)%T1mo4`drZx){g=cV@B@NgjA9)CUUk#u7I{)K4T zh2v|}nJ7foKINdSEP#*nZNyn74N{dve&i?v1hP>Q$3d0PM}x;jg9mk|x9>0}t?#5J z;HpzEQ~?eRX57~t^rU*Ky@ypIuZ4p!Z^(E-yc(y}#5$eo6GZcA1gGh^G zV|UG=<#;6&VC6Tipt{J?%` zV>5~=6X=Jg_cC=YVh&9CE*74xg53JJ(|Jx%?y3#DekqcVdxT ztDwn)-IFK@+eDE^8s|RoeSOAN;8bW*d+CNytQ)t8qVGV|F0jVmxMw=`T_LsnET;d0 zFc`4^DS{RCn8sSSXeIftyXh_*S<~d9nY)`O?T3_OXX%}@h$=diD5d_ln?}EQgZw!> zf_DiF+)2xQkh~JBMd)b}d}r=tSj+q2SYVz5&c5cjpYxmYX&iza=;3Y6j^(`$;MTX2 z`a-H-_sw`v9GylVmsVhB+=JRdDqW%>;70%Q^8D5?$TT{}BV7WxFf5O95y*^mDf+TD zQJ^L%^At@AxC|aftSgfH36hWtVKMdX_7;g+U3iBNcmC0^(_LvPAjP*poFq&nH6Z|Q z)_P#>gLXSkDcP&P07$;FvZ!SReuZ&P;m@sm=goUlz-OHQ!utg}5P+HE>@a79$j=0o zg5s;Bn^J;@g%GxB1N#f!S>@VtmC?dPQq>)L5vEgL@2NKo*cbYA%^)C_t zClAji>E3Xuf0^?VQ;4>c$I!}&tXXW^^8+(V!v`oVwzNa!7i4F(!@*(4UE8SbiPHbA z3Mr@{awwE6fO0g}YpG27I6sxOVz}RUisEYwIUFum8A*2g+0^BJH~(*zLJI*RdC076%{S>T#U_u7-~x`9^HSftz=fPc@HKzBeqd6vIW#Cej zqA3Y0^AMFZir48Ve+k&oXyn|*{KC#n?Vc_>Cud9tmWiI>z50ppHH8uN;hqH^PAXIE z8>J*gS>zOTmId501kna0Xq9gl3Q&3W*VM{H+(*&K{tnjh-pis-rMn8bcxtmSaz0!o z5py3ae2C*I{7?#E1Z7yw+3(ndB+9NfCPNz?@-nH_ZCM6LFIt4ktq#1)<8WjS>!IiK zO)B*oxh{+(3VmgI8A}QZ!HPu+gf~P&*Yy^UHNW}U?=9k0x*jLcO&+t1RqwHh)8=tY5weCgnXkh;^Z=$!qFs9C zw3L(9vvWo}eTm}tob|nRy(8i$@rxXtmw+)OS3D}WY-_cQ5!V|4&KJ7Lvrjda&i!bRPQc>^Y zO3uf?9U|-6ospFe4c-wkh?)O*I=wWMF{#sR(AA4y9BXL%bj0r#QNo?x^R;qxFUWGa+jZiC%4VI~@7T|e4`|@?E7Baxy!rN%yAlKH zhsVko2qK4>*|D{++#5_UVF}&C#iWzDY$Y&XBVGdZUmw3;ZqllLqI@q*e7u^T8=EsY zU2YWha`BAb;5MlyeC&C<=LL9J%;OG#*dM&T)PM7MIyXn4%qu!rmuLmC-HL9Wzlw3^ z;VPkUJH+DtjXOR@GW8;I^fdLnKI7XZ)xoDjuKVQ@xu$hl9|?`{NZ~K>PYvBVvk9Mv z@+%TwnSj<_<;`M!aCl*IauvQBW)8Fc-?Y#c*r7>QP9s}|#I8EKBqIbo5>2I)<+p;0 zNR9Iak@&X-r5+_qwjwYp7g3rJx$rXk5*PUlFwYGCs-e$H~g-LKZ!NfAbGT6cW?-X8(U$pC8!uYQF>g?gm*x-A4iQqxlrs$Ex&(EVcJw)?3b`_d5>5S@tm5tPJ?hy4**=YW1NF0$&v?^7#l!p7;o;-v>*?(3EfLnEEi`Jp zWdjkt2`matGwTCCw7okV0+Ut$gj_WI2gBmE>bB;{B^P?cIH4Y=7>d!8Q@dQEm?M;g z+xz1f+tbazk|2g&om{@DnGEbbReF`C92G(~U45OeMRA--Z7X+ykr+P79(LA|XX2O% z1=#XK)i~vQ305$#E#ABQivvJFsGx5hIt%hp6u%>TRK*wWdljjV_p#)FMk%^LrgzZk{0A zOluy{rQeDEBG&aVDZ{vwH-g^1Y_N;X;LRU7Ygv@kM`aVuJ|`^`diyYt2;7jTWR&`R zuNvo*{#6u+0)u=BK96_wl}jaJHXc6zmYxphq~b^`HC0|kA6GW)Fy7X@1znmB{hDvn zzJ~(%;lZ2QOD}Eo{}EfPNi7=RWhM^Bbw)S)g_kLOjKS=kN1@kG(x0IM&YO{ZgS~5e z?h&k|c=LBE**Od^t6ZhvZaQ1IdDek4FnY;$7e{P}Ygjb_x)%wPv22}o9OcrY?hoJN z!H14;-oNulPagj-Z-~G)8x)V&D<)v4lA+eCLLUlCZQU+#~_LB9R|eTV6;W!HAMS6 z*@l?Ic0+`u0|^0<^L3+;kmHCT3t+fQrF-dK6rPrtC(1TtA~09dbdv1vBIEmyI`?CX zu#b5>`aUoTA}ABt57BQ!?!-&82)cU%W_!%$dk2efkt5;|9UuK#)!@PonuwQ{e(1i} zHJ_Ni7`~wm>vx`2^Cuy>A-N@8B#8BOJlz*#Oa;#mWWec!G zvxFgW7OGQ9kPou19cZ}Yn;u8*JIrX2;2d#8fh)$cs6kD<2_6Yl*V@ah7 z&Ok!l1=FH+@?SI+*TVTF(zno{`Jq&XZefeHy!MbFIEK*kL3$aqcntXYF+7IN4Tf zIrdKj*ci_2(yj!F-KkA*28c$n(3$UO9I@O%lJE#a#h?=BDLai4P^o!fJ^X(W-&x9f z7mJTgisvl>YuRKTRPfcCmS$h<2Oa`$lRX&D2K(y(phe!0Zra{`A_fJ5x zL6|iVDC(!+-`mgcK&!Ty5kIp{NeH?gc-` za%oWuSUp{$nPp;?O72BEgJINMa^dZ4AJvSD#SP*+h=hA`j^tpeLltDHDhD8ZOQ|J^ zM5U_P7Vp6m1#)f1Kepi}b46&2e=%9LtRnRpjW;~qP$CSjlscM=!O?%pli>u?3#$oa zN7V3q3m`L4l*Mg7i^2vEWGI_Y7^KyY*!~s8BQ&}x{gzbbviHYhqQXn#eI6Ir@-;Qu zJVZue*4#Wx4X1hTGLYOuEC-P9Q73aDxvA(Oxsa81FP;=Mc}rc#_F4DXv!Iemrq4*V zC0``f#4zp|0eN8RIk zaW{h(OQ!TzVAUw?gUZItYWj_>n}W*hroin_t7S|kM+H4Zp##-uioUt=;)P$!JtLQD zBG~JsdYSI{L?@jk9gu#KINO{Ws4#pXm)?&>j_VH&pG?3F0 zr5i@;XGb2WCXV+G&=3x{IA@wj2g)0o$(PnypFUJw8f12i5I$7|{~23TQpu!<*yJtI zIOO(IDo)4a!Ht_QVCJb0dUU|rx2J{m*BSQnHsI)H!u@7~fPA0HwSAQc)yT=t2+?5A zUVsix=%U-|v}>oP5c5pUD-&SN{X!7g z+@NoOen8d**4mxUHoqT%*$RHl;9T0l^Q(bbCYvaD5W~-06Qp?)3P59ZzKeF#ix8s}kBnl?m{l@B4I)u8}2de?KTm zW#eN41ymQwN$${6!TDr;Y?I=~Xgld?aawMP2cJE2W=m@B;Gnapx43GUF}Fi)g4~=v z>vpLikUg}zFByF)cO=|TReA6jGl*X9+bDik`(3Ozk^NdW-EY?IH6j)&Cma0=6=$Zp zk6>4j{aL}92D9dEQeiG!MKcwCyA6+{k)*L9AWN>^{k44#qzqf98pcjw&GINN3IP$0 z2VPvP_6N@FkX{ye@A}1ndb4_+eM)J02^UmluwGx|8e=C`nH!=cCVcI4sghI0bKB_l zB_kw2Zh|yt5*M>${#K`udOO+1q@2oFLsxb=6=vI%J%qSS&CfHQ>_W!1DL>OLJ&}Pr|9NlsnjLTe3 zl2SrJrlFNPqx8>y9uY*;`!|vw`;x_|KKmj`1UtwOEiT!&U!Xs=UtKWgLwP={P4f>9 z+2SVMk1cfC@#;NY{$eX&d-zRY4(|3AlmbspOw?4z?(pzS+c(`=plkpiG51i2njg5l z$;eCTF=!wAe@EWb!#_4guiN_EyF7;!%P%f;cgQ_>h%(@0VKrA>QfJrgLuM2Qmu}U z&Wr0>_`OKVEQb!FSj3h)>KvGr05*$K9=!JVZyZ5PG@Xig*3;2-`!B*i$QZfx_k-lWO@p=Q7i*Z@Q9A5Em?p&T6C5Pj}G z93P(m)3#+egVXsF`)`8+v#I!0eI8Ay1Jbx?$w3US&j2#6THOw#TN-7>&2kYBIa#?J z0jErLX+n)Kw^EpYk;wq~rQcFX8O_ zsBttj5fIdr>~T`A36?vTq$~IFQPO_)u8q#+j*90)ums)-kLr)XTltE5qDGk!ts7ba z!qRtSaQ2Nino6}p;7zdw6f2s95=#{PiTJ9+>PSJLeb;iS90?tIS=}wO{I%i+X=d>V zP!1x!F(L@0%EQe-$fsjg$7?Y@b}Oz|$uCo~7lbTvuZ>qKF!QA)l|1CXT-j4YRy;cP% z#!40#k3}=1=hMjb&XgdHuffuHYkQ$e7hstRi>78h6^mFgLs+0%uxst4YD`kz5|2o9 zOF@WstFF}4*MliwQ4YD*tjg!l1xJo;cq!Vd7_e@)#`JN5 z)%E$3LA?=_-H3ok>?gEi6T}J88O ztHZz#<6}BPN{+?b($e;qIQm2Syd=!Ix^M3MIg*R48mSD`&k201sF0EBKwh!aVkWx*wkAKvS@mo$mFg7 zC1;AP+3zL%yCPJ{*Yx+EUkqY;eZ(i`n*~ie1ZCtW+FLn9NEQj=e+G|TpehZBgw+*| z{59qnxCh4O`%L8=X`7qs8T|eJJD}=zhgTkxX3lt>&r)T1C)Mnd)pF>&xF1YIEC1j@ z+J!c|cM{gqjXE!5)-au%2Z<=X8;W;qt5L2#eCH}y^5bB3-BK=s{V?=ZE9F`dn=Azq zSjc62e=rcT!883)OQPx(vR6l6OJ1m*IKl7F%Qe_zgiW9`RvJeAZs(KfE2op`{;M_9 zKunz;U)}K?g74?Uvqpe;b_Az>o~jP#Gn8OpaG)7T5^P&x&}SZpvwL#m9n-aq zSb$WWQ4eUOJF&P=54VM#woP>S1?Ld;EG+DNY7lQ@@rf?JEmaS}!X`<1w8} z;Kf=Z#0i))A%^-hu2X3Du-&c@$b_|QZXp3_V~uCDc86-4_DPYBnpwQ+it=X!q8g}t z_sz;e18#(+CcNwdMi?4Nj$VSYBmjHZk~kQa)a%~B4woc(7J!yIe0c$2chO^(T{p$y zYB7w{=EI3MSPxhO@F#hfPWC=L%mD6AL=xaPJ`R3T4PL>XS#QzZD0J=8sgR(k^(nLD zM_GK~`Jf@bM93VeaFzUdg^+uD~mFS`I##oX)V z>Anp~AL2Y&HvZ(FqFvB8Xi3A|SQ&C*Dw5uq#2;r}KG~**d6*<4C*Q+)O(s-|kIEx^ z+N9vR{Czydt2}R+U+g8UKEO&#oW>b;z6~=`xcCprWqQ5OZ0v#5e zTq7nu%|W!#8iJDnbq@5*3*VMQPSZ~c@uHh+RNC-rQ(0aMVC6tyhD^7;w*)jd;YR(I z@>kZSEq_)n^F3Y;x7esc+sWjs?N~pgI)fFwFj71Opk6{4hKrZMd*e2ymxG^5Ypqvb zln-s=T_kk=dEU6Gk)-rH$0yCF#Xz!_%AR}-HvX1r>=Rwc#V-m_39d?#8dO%WnCkea z1;m?FPhrnMST*y`V0L9sEXj{|0mR_Sp^#w74Vs^o_;8@Sj^bjy4xizXjJ7xVg{~H8 zx_oFBEVi04C12NmV4v~u-4KIi?BUH@_{;el3XbaC2oG# zGLwy5&w=CQRjlSB%womF(8>A7$!tJZ)?3>qVkVMgka|KBh*is;CFSFxb%mIazMaNi z%JjcDniF8)GTGyz1TZcM!Juz%lr@jH7%jC=4eRZm0L1BQKA{a!LGR^FPf~Q?bzU~C ze=*l@LTl^Sg@hi5@KK%P*JitsRz6J?!D^mLW-Lg-f%fMZHoBUcmlj^gYU8ypau+^( z^0e~j%prmhPB5v(IXi7g}} z!)e;4vi{Mh*ngrdpw}Dg!psCB8=wwIV?5LCqN{+#9|4?CfbI76d5d>c#Xb_?ldx~} z-1~e3yNR+}1_kMV45;C7$lm-njA@ZlN*3o2aO8(Jt?4 zoqRv$Ne8OW0!D__(nNLyP(Qz?0SagU#&BHs8Z0UKK>Lm5o!Tk1qEspAKQzCffvODf z9w`y?YCeO;-H#`+6M|90@Bh1;Bw$c0{ z%+b{((f{^0g0z_aLf-R!cz4O{IVSemi`zP=qbpL!>D>qG^o2&HQ{R`-LBUVY5zVOx zmt-7P1If*;S%p6@zjz5AY^v;e%uE=CKuyi96RN(-@vQmk91$X3F&BWCTeQTI;4{^QUt$c~Vgb7D$ON=s{nt2N$!yXGSjH63R zpNq#=tETTB$a@xOX?d(>imJ{Ksv5?<7zSj*xCA18>Ln$l)!JshkdP4cNAHGolA9%I zZsBuH@lpy!neStbE-b)>ChOrS+_kw9b2g%!<*2JmaRuWMfd*d7#i|&005eIAz=AW|2M)ezHA@@4P%Cd%d1NLqb zng5%i%_Of4qvc<~o!U6&udL0e`C!d(*!+kOACc&53{Cw>{aNmmH!7NgTm2FuSj|^H za_KMlWaRqL?XTvRlvP~ypFF`bN0yt(u-YD8FK7g1 zVjAw|==zwggSqjiZh4Y3HXh0P?Ckzx>gwbxe!NS_e_$7^6vaL^*nX?A6#peo2<-yha7Wbl4=HX_DdfFn^dtLK_oy-XW)?x^fx4KAVj`&gz0%;TI=T)l>)38mBb1sQ!H z2$WBk2%KLSsZbW>pc-YC!$&3ZN8n_o@-27AcejruT0xkGR^O2&VWZv4rG?z2aMavc z791??eSjY#^TTW42l8!i0ka!Zen>w0{$uII!7-HCpwLnK?;evV@uKCZN%)cLq$PcE zYWV-!`TysAYtR45)xaik#D{jZKB2FkK2Ytd21SknL1*sJDaJrfPKf>|Sf-c_!R@z* zvJXKlx;aceQPMDuWG9&Fd(1{^!y`f*T<*mMIEUjQw0}wtG50-OsT-wynbm>F_(FdG zJeSZg6kS^gv_$E5bIt(7TI_Bi+bPF-m{B0`(~`OyU=M={gG_xneGylPlh5UE1m*X7 zhEpNUqfr3=MY;(Hq2c772Jr~?+Vx5~m;tB*IRf25t%1=-b&Ew<7H`Iq%mA*auh%&@ z_W_TSi6%A2BsCzL)s{MmCiOqO7Gaj!6nvB81de zPBSRIJNpf~uZah5)<@b0;7%Lt`KUrC08VeVGJ90O=RLbewd(t?6Q>IN(FAdjZRQ)VqCGxW9(4GBxAq0|sQA@{2!h=kjx*Z03G1+bH{nD#-< zK~ZO6bJ!&nEQ*j(2+E55j9THy5*_TdbTxWJc;yDlH4oSE^s*5e?R>y&EDA+y`lcW7 z!2(CQ_26O)7DrEO%W|~P{!*NC!wm(qkRB_Dzufc1?lf75 z#!YQkM`ULOJ-}i{W#SQXq#h>cJGu~F0Ok+M4QqtfHi}W3ZPN27KoW95vJ_#04 z0ayFh>+0j^aVc=sF+kqqLR8;GKG9MBWKQfw_Zj6-LTt!$-g>NI2L&nH#Udcy8XyaZ z^dFCE{Ili9^oUEgI9}-K}U~{E!em4L=d}3f?&3{hXOGSjpC+OcI!R9LVHJ`SZs=t zA<4<8<=hoeMGUpVSBNRsjDBUZjoJ1Xb*Dv7g5sB{7^T{z1YU_ap5Pd>QNU_(eAy}7 zWJbDPm=*IphWaOEw2ltLU9M=11OL1_U|%BESfWigWT|_ z>a*!(7rE)%1IEUh=;RfMvMcTZ<9)roJIH7>D?%3J;27R0GkHBO_3|V56A@T{fc-di z!HM15Cw$-0YNr~o!I9D6{dtRQn?k6@d@CBD{baD^bDp2DFi5eBPPACt-3}RWPT=5i z0k;kwBV3l3CnVQL!hLVT)<56jcH{l^#6PQ-Cuy0aHC&L9VP8fOHG>*ew9lZ|*-Lo7 z!D*LY?)`(QfF2f5)+_K&6FeBaA4smt;b0g5mdtoi>E{!heV?$H3}q57rE6Ng8F3qwam{OAYVT7+ zph`F*A2X_9Ne#e4!T_GfS(Dy&nU4uxZDyU7n+LVO-> zj(J`zZHLlS--iAB*(TTmCXx);n0}1$s4jQ<7pHs61FzTOh7;wa5E7j)x7oXUCY6 z2Mg15WN#Mka^%T|pr%wR%8Np$q~ z^>rjljkO>)d4fVR4Y3S!b~G9kr@60m(>jYh;omD<_G!yu#4OfK0`D62&w zi(^h29|a4GIt!uT1EDKI05(3a#)g^TddDW5_qaJheprps0SQwk z&ZKek+YnT&pPJo%eq&*4kdQB`8P@$FQv_xVf2Kg~GLxbvSD|FQ-tNiu|9Zb#FkU&I zJXiYxvM@ljQm_~(Dyicfds`{)Q(6~M|2sFHJ!m>AO)SvxMo8pg=c)D@Vx<5`J3xOT zt6vI%c{2%z;*zwa<7?y?5u@kc;2_vtsJn2=`62@_2vp}4AD+o|gExX)$o-oq;0tkI znCjS&82PK?M>?}wTGf)LZfaHy!;yQ^r6AZ14Lp9R!Gwai-vTKYHRbd{9z9y}Gv(3$?5q9417q2t(vy=ZY{f z!83P5Mq7cVPQz{N-Z!X&11y{D)kvMF2uSW<*U=HdP++|&w9XHVvt`DEdnn{(8fJt#;wAc$1O`K5(g)ORRWGK)*Z%N~eb!XVd|LTZp1Dunup64K-*Y zU{2pTXx$4uiI$C5cUDIcJZGQ!lXCQSeKb}))aD+-?V)RfgLB>z>OJ$h+X;4aaCPi* zIhpflmopl(P>Qqga`XnGd7b$;<0y+rlv`MFL_942w`Me6TX37n9_s^CT+uk>yEDXq z_b(NQflst_IrDjc_fRMK6Yo1y!HB71QT*)TXsXMB1sC70=%|ZdQ zoti4ebs*A;ZJ-B`Mi>NoKzq-&&ePuuNU&XclvR|r)>%t^EN7KoY^Q~)H2X@4OT=ZV zn~L9UU2@}tivz>=NPmh^um&A#vj09y3ceI}{Sg??u6^(mJgUC!x$PO%)`d8K$vU0! zoOjlr$MjLcj3hziO@Q2N{FJ&7qiy{&u@Vp<5WZBOkRPE@WeX3HyzGcKGzBOzoa3e? zLZF%v82F&u#B=3Qff#l)=5FtVLuZ49Gb29nN0EF+BhZvv0WSw|T2*`g{E-jViT{VM za|*7kjkRqOzYj zzaKtbv!lUwa| z_k325>Y@N3-Nx@Som{hic!^grDd<~U@yvF!+`hYL^wF~ry5XBMzJJuPg#Jo*Lkii3 zjUT_u*h$KnQa1y}R+5Sx;SFPDx#6WPMV?HXhktw4x4VXlo}@EUpqSAvR8iqQX_6mL zBG;kZ##=%hnhV>ik2Jba2V6RRRF=(@Vr$FxI9lHO3P$rzk^3?0xBEy=wGfQ5`$9Qq zkE(%@y}GUTZo=rzVB|GuMlF&s4t1E6SpWCeJ6WHwg2^&sr!zmlM4AYGjU7cWg zM3wCwwp!OzFcw6x=iR}m{?}a#&}N%WxjhSHALR(RX^=#449$YumGD4}bAVoVOtGYa zDC(rkVW^+Jdlk&D3?>9y?}-@bFL_C4CT>zTkU+_?rXS|GTsEM2+Gnm5NlN9>b`H<$Nx|pJgzB{gatK zlk;satAMP;pt5fM%*ooUr&o{}r!3=Pi@D0~w8BMV6+goVJ&>3v5g%4HCYI&(&)4su zD*xY9yqHQZz}D3H+$2(O&ThjYLP0ifZd>mL|?k>?2 zR~5W4euGohg2ropT3mXvnJ+MVq(!huhBcZS9)I)J>Ie<5z|y_q+6U=B8AU^5_Tx9K z#i+kyv#Dib&S1^1N8{0zO3tcOyQJ$Kj9B)_FmC5%RP;(p zgQXlpX##O4+Sb9(Q7`FPjyt@8=a2@DF;%L>W1wM!Bq19Tq zL6Mdc^JAcX&e`YLFhc(7A>5(MRC)XdW1Y_<2kc|mKM2_DZBrXSd>m@HJ zq&Mnj^6-n#!wHKLO{O?lvtXDHM0rr+NGePLtc(g+rGH#d=KcnX#+^0XOkzfiXDO1p z*ca%1S%}z7P1oBQaQ_FiZIz2@U$7ZkW0^zXs z#Fw9SA&X!=x92t8eW0}xe$JGf+1>Vpb4m4c9ILZtYs58;*tl9)GdidZzP~%%cl*Qe zmhFD$Wah7K33%M8jmjxBW+Hw8#VNqRq{)=>2XRdrhxSA{;>N}VaDNWI^N8=B8vgz= zO$?JBz#_%5PFdHcu5}n*uT2Nh%tzaq{<~E%GIAYhfny&Ws^R6Ar+V{IZ1X)0owV=f z^1&g~`!CbI@om*VW|t581N*Q&Cw`yHerO#xMf@x=7`626uy(IC6qnZWuy(jP@LY_w zQ>s~x=S!1z-JjsEnb^pF?XYo;4;QQVe&5d`0$|v*HyY#8*^EcY7?}^N4Ok%caIZkN z{rclvk!(4*THyE5;^S(A`Gsz2tE2jw>}7GeZO|R7h_V9z5dSy74NEWD&7Z|V~j}X22J;Xkvr8!i}xfHFS-CE%6nTXZrp5;-6 zSR-F&bC@UJZnl6qZ~mfYvNX=aF8k;E8gpE~jtdtBpWa(5`h9fPHQHo|Zzu2B~l{QGsw%kkTIc4s%f+0^c?C2+^=k_y>n}ZI1l~D8L zrqC4OXZl}}Z1%K)NrF(t>{B_qp;=LPl%{dGe_qL?44iJ*n#n4dqQz3Z1urEyb5YZS zc9Kp{*ik(dlmrdoZCeKH*W>KGoJK=j%!jI#ZE_5@AN;g^I0YlzaOT@}QY%~zGh_?t zNPWT^Ltj1>?P_Y=wOIJMB6~HrhdoMAb*y&5mo+UJ6pgQ3mKj;q$LmS!QM89#|Bug& zkm`$ly;1WU6DW#va1C-a4pfv3;`QaZ@R^Lm1dVp_cWGuCN_q$p^3c^fAc;)?2SB?P zu6XD)nJeJVy0|&~JM$vXc{fV5li~_l=Wr!WoTv4tBmgylt==b3021@MbAuVdXHEj|Fqqsx6s)b z$hpDyS_q1Y0?KS!0=6oCS%wB&+x7EP6VqR4kTYoWT{5u!+-vZd752p%K^T|Eg2(Eh z19#1pfZpd8k-=n&k@Y~L)S(&@Y;dD$ntw6VW{ns;j`*>I481amFB*JE3+hAxGX;b) z^{P`1=d_+N5eCLlVw!uNeVm@|Q&5bF5tmTrcnjN`F`7nMs#GuF$*u-juVnr0{Lb`&GA|EK~Fo>t2gdMvu!|gr*Tkqv3ysld=yzvbS+LahwXuACT(HJ zInaA{vomlKXGO2pauT9uS+|#!bIkE$ZAh_*TPvh_RQC2Q!Hno?vLmqE&;cR?Oo%~3 z8Rk5Z@U0EoE~sd-FW^TTvNyH*MKCz06;6#xRT-rh&YLF(q$7N;Gk_fl05fXAZbKu-v z-mkd%kSY0{;l^=ET(-aY{Jy-Cg|(!g$3Q&>q%~)>XaGP~Q8#m$)CjAcgkAt#ND|d^Pk0QB`hwA=?2L!d5MLJND z!}AzwRNbr+y3X&Of=l3d5V&qBS1qR{2XBUw@x8sn07qvp7b=o2u-Zw;10{(gHyC$Z zeEd;87EDSB9s#(R%HoTt3eYfCFNBD)46k z^vLOK!B1quk0CN9^9rLG@bU?^3eIxP`6#7N6_oC8u1Xd;eNmssIhi578oLI01iHCY zF{PE0rN63KeJ-ccufMc)6m#Gdj_R)%?d-k6GJRq_N}Cqni4u>y*gpp=;2}^E3q#WH zj?KQMd2euyPX-ebJa{}))GAS;z)Na>*el_W^u-Mr19D9E|4x-8x7|DMmv}5WGZmF8 z<|M!aDy`<$CV~@=-84&Zlh_2V+g?6IBXf@67inl+?PXhVx$?)Hc{^tg{&L8&I-`DR+;{vly%ny<^o zkf5hUr~?+a`#pM&`hrJA=^PJ?to@oBA%?5S4=gbT!9j*{4^)aE;TZ4!21-B}*lPl=?C;DI*^J@acuhl-GI zku6~!AJ2X`KdL4l>dnl(0Ke^Q?huDebUa006)!KCa*Jo9mCi;mFg1RED{ILVaNkQ@ zZA^n&JZ#m&k$e~r3CEuqT?Jh0{}!B#yiL5F2TK12%+6O4{@U1)jB7$w32v2InqNe$ zfMa@haFm4m(q>sgoUXYRRPfFIeaD~;&QMQG+0lvm1@d=#V(Rq-&)Po+&6uo!OmGcX zvh#I_dNv)V?P}poAWJdGu=gH4F3-%?f+qy=)#6ScEbom*8!3F9PA-8sMFZt6fDlp&f`RBII`cAXDzNFN^o`=QG!@vkO^h*qH=XB#^ z0iQ8Y#Sy37V`OG#i0dt}nXkJ`2Y2Ov#Xi~vvH&8jny8vt9cc8j9|lj}iI;$(r+&;_f1m5P~vvnB>Q)3(eL=K;5-F;oH+&lT}=C^XLo`4_Xz78MInD zZYu(n+x{EJdOnH%+sU=!yDbyZlmCG3KiA8HQN`$vu9LNOuR10uEQJ459>kZ0Wf*ul z1sG(6;4G|9nXtcLTf#c|L!XclZW`ejVe{j|LDQ24$*8rWuoOFmJw*Li-q-ju7&)!Z zdxfBh0#t(q2Dv~*xMOp4+@f2Ig(7T9tN~}QLT{ssH9J!~jPw2UG5lnC{ z;6Ni7_EY`^vZe zxjnyMcXMnkB*;o;L=BN?8@_nnKV_ZDc?SHM3j#B*u0N3}e6u{jwdnrx{7%vL4T&>l zPgJo4Zkh>Bh_G>S3GoQz8GVOQ9R*es&L&rC-pK{!e$u(7a&R0&`~d0OT8+$qaBtAI zNu5mCU>>U?8Jb2qjjtTbs26|5_&k#;AdYe|e6bQNug70N6xUUOSB1%q?hIpQ=jP@| zH51&;E#>8ZJX>%V`@Z?1M$MCiKa#$>Xq~|k>czWJ>n0DP(WTa3Afp0FhxO!h%JAbt zTaM_;(vlA1d5F@6*-poH!F>4K^%!kfz&&ccPOZPifQ3=CfTJ>sH< z;u!UmQebpiGmS*%tuIHWJ>sJ<-qBz`q%%Hp6uU;&(6wbvp{FBtAM~sE_~=qe;I|&( z8J^*>>0`114Smxj;IsL(1RAw+CZj2bCT?~&z~LA^=<|oy7`>qv{!CCR4KsBsZE(1u zg~gI`T+s2y{46eCOj4zg^^X{|72?#R1`Z zQBS#1mb_{q9@mhG1?8^HmBLso?q&|rZm6=HNo3(;i8IVt5fWV)Zi3l6a_saE|^ z=>y0vTz;buTt$Ddr*^v?mLxcRUuEWqTxz`N&xLUt>YQ#Hh#N`712Ll7*b)3Dg8yY7 z)N-BYqfWJHD$X<@d2(uCLEn?eWhte zY6*%ks-w{iC~mpWP(??2V{=!DkE2#OvS91ZHWlM*Z8;YfRl&oqC2N9kWp1{GWp}sh zaI72iludWZ)mcwEc~eRQqe3A>A=~_iz{BLDF4T#oh!$G0VPxAVlxUmRukaF>{rq0~ zm-hy#)9ETp*`Dkt+mUa(n`76e=ty#D=`D}Kb6^ME`^d&haBwGcXX;1l3w(&Wrv4_7-uULaL2X+c*|adl>$-e_l!GSDq+HOsuJuhPe?{G(nKqMS zIBXEOW5=P_j%~QV3U;EQ>>1YK5w;6t;a;J&J7Y#Jh@pqKDEDWbb$Yq+6f6dhj*{R{ zK?Txj)(C5&86P1f6`DcXgu-T?U#@c@Vou#qD#!_g~eU0WH4Fkcgh09u%mi`vwIRrJD}ZEGfPJ+4#7~K zxhI^6)QJ(*2;qrhT}^#3V1t;3NeZla^#Ly-EquW{@sc5%Rbv(;%2+^GfY3(F*WMZk zAgX4xO1n(515H9uzk|vdHL9nfv5)?wm9A4ufL!j!2Iy6#=t}MizmaPGIfRnR(ibKr zUy_2Dz$Q_KmRd9{<+ZZx^w{xn#%@)%SV;vBCa-bTNepj6V6N05I!tXufPp4Z3-;*U z3;1#~7G>eLgdLp#Go!2E$nHMHVH#c8e38B!w;hq`)_V=3)x)D}YO@QTZ7J4$^i)kW z{rG7bCV7>ns3l^*Espn@gJ`@Ot z#$H=yCwh+m@5#2Yi{bL~?x1@_4Cfk1+8UN`@pyXcU+4FG2G)>Plgibg;#;0k6H}mzfUwf`(66$jdq7_jK?AI~55Pfm?I$GXCtzye>@_GO?6s&GI<~tA&qm&@g)t zy}Y`aUqBh>*dfnwf?-R}7Ge=*5NRCC+xugjlpo7~P5Xj=f;-5Imh;THuKe z#-MPdVfb^fz|LP47%^l?7u*b99Qg#_w ziPkOOTe34WDfG|X9N#yM$9#X5ShDBfLs!~(ch^g*ZFrVPevq`niF}6MDPbfuI49_h zCDDCdlKWKW-`~l;eI~VZCLgQ##vhYTn|5nF_=zDWeQFvFc-|RE7|vo$neM3-SXmg{ zJPe#XJ<*ga;TA3=QcVl`9$ZiX<3=-;}e1nP;8`N#$+q@pa;}}tvy=VZNENzpy?=o z_wkLv*OecXlcjS7B;5eTcDikjkcbF$W3%Dbf@AE$6SkoMdKrzFnB<(1&WhjC5eE^K1Bym{($*hS$?>hL&ju{4Y{MlWUW>V>YRwDlAJ;If%b zE!%&7es&7OtS9DpzN#~{c`v`Eu1da2i+S=0^c;5j=z(MJw+J&-9cCzsn}OA%O#d*C zDDX*JUPIi_gzm;Fc-KyJE}xP)Q46n*$CcfB2X6 znh0IaYLY%Zuu=LR7sY6`y8s>sZ1RH{X9tfsA&1>6*O`@lWXnUkjOMS%x=mNzIX z?wPnRtsHyGx`crL>jMp<6l7)YmI}Q5VRXKPpe?&V;e~gO6FDfL%XBIGYM3AczX3JQ zW_~j&zdJp9y}bgx_*3(^ZR!>nc20*8ppO@Q>zTrTyC! zYd9X(Us$Bcz7tNwZQKW^XdXXPzY3WB>{%CO}PpJlZ5YB^Vg)jR2 z5PZFOkYO^rm^?t1tT770c-&FHu{l3H47*-YD&BK-cK^HFs_zfuDlLV*IsSg6TrvvK zxx_4g9JredC^AbMpYHIHnTKm=f=EB@AZfFNd4v4B=wHN3d_ctAqzhjULPzGa=S$Od zebPgTQrmj7Dw`tH934IHKfT*c0@BD_10@ z20sqVYUjXA9WC>{IIN?Z@j!#R`98s|&a$XfY!Ebq>4s^a!j3t>y?%s1d-d=1Oi&YS zl{Y7Z4%vNq-lMV;$80*8(V60Mg)+ZMwh~5N!gyikUlyfZjS7fKyx5}2@nf?M!*?zk z^uNM64?s#cCOLHyEiM~X6CH{3JBOdOH-7uVQzqOba~wTC=K~yt*RoZ}r^WgESJ31S=YKyxPF&;#pkp zVJcRzW-z3(ZeD$Iy*du)GI9L-W%Xe6aO`?@9Tu+Z- z==ooRLh=trxpFM*+N@Y!X4TA}d1<2NyBJ-Eb8=`#wE`C)x3>?%O=ppk&=SYNAY?M% zXYw0U_XZQO^4*?oSUsSY0Aae4GiLsh0F;T;eFJ6G#|=`$*hFQg(xfGRz} zg*Xvi{@L(%ia28PlFhD`-fx!TOIeY2xYLMMuuxw&(#P=k9A&OKL=Qz$b8T+fYsrlfp>)B zj7B-^NFP}^motgC)#YP}NNJ-q${4}&Ip-crNQ4TS;_R>5O>-OLsYR8BYRo@imn}lh zd#PorF4&A05nmfbW3mh(;4Vl%bY(MIhaR%Nqpd1Qjf(yY(pH~+T3W9ol$Oo;E%kdI zwJ6EY{k1F%M#P2T6QJeb{$3GPlV3B^(|kdabz;8PU6Kbhd?t0CV=4^Z2c?+5@=Gr# za>^0ha+?Kd5#b*_NGW>O{^>(0@Z-4EQ9cn`xN}{3qZ<_fC-y3(J8!;ykfDZDG|N$;ipEM{I}CntjvrXWW>&izw{euR??zFdAM1N)Sgj>D65$~2iF z_!l#bniPQFcEd-C9ST-eu_>p| zCi=v_9CdsBJ-wCnvK)`+5m@4$laF-PRa8HIXzSLpnVt1H@%8RC;qAJ1`M6@5qFeM{ zEG2_}Ew*6?vE}8>FQHN>ULH3nb2ttG79dOv0^y6(#`MQa(Hhsx2)2ujoqq*z9egQZ zCvAC*r8iFRY2vPhPiD_j%ls28iWG))uXyR5;@7;NDXP@Wfi?gr76Wil{La+`+g()1 zw;c$qXtG|dwzI{-S;BKl`5Avg7MrL*QwtdfOkLC|CCf^GJF?^ zV`77ixiZsdpfgg-fG)jY?guoI-}P=U*XVV7zT!HAAE=E?0{~VC7eGsBHou2T@@v%_ zU=2;Qu1=a+0hK!i;QqQgHs=c(=(>OOcnwUUdV91opU%8>asNtmto2f99$2T%7kKZj zzBSH0J%v>iRg7gBNf<}z3JZ$q&LiFZ7@_?&L^c54H_jr^LVQ#fTkQPkyAk@+RB`Zp zzyamw0MX?c?ty&YFU;OHlrMPL2sI9iuP9uTK!dz^fv?dFX_=uYfsLL9%8CrFJ@h^6 zzjn|x3V1R>?sd$F=_1T4_fjG%oYy~b4o7}E+&Rt9JF=0P+IAO^ixjjXc2-M!{_}&E z@34Kg&+sZ=1TipEZ!RWwQjNbMamn6GpruEV6&CD2-(zBzl>A0x0d**r#*f#0H5sWs z92nF4K`KrGiQ9I^aFy>=y)SYfB*AD&GHI#&_qT_Xc8p4OeZS@5_hUVGZ+V#jX*MIFO@?vbxT07dI+%WaEWPGIbnuRz9bY3<^ zn$LMKX8H4R`S1&SP0w!dgPm6=kQJVZ`dFO1C>oM)PRFPebN|N5kp>+Pb z%#|UZ`zL?>3LU0|^57%RNjflYYY}`nd;p4zVa9X%xbw{?*&Vq7TIe>wJl&eccbvpe zn8mp3moPk*&IIVQZhmckn36tXh)_FAQ}ut&MXR625L38FZf8rWIw}pl8<_PCeRzOt zd9IJUG%4axg@biJeEI1+~J44US3tVRS(4ozwGe3|Awg*V0ttxhg>fib4o@|MvKrHScjq-59qg%V0vPWPdu-% zk*eyiwkpf-E^320jiN!F*Cv+|9oIi z(hdwuNn^w7t0h@i@SuW&Zmq$rWTf&(?tOS3LQQ8ABOg{w{f59A<%TZfSjs%JQO=&~3 z94=m6D%wiijE)r|5gt-)kdMO19wWbSr^j=6KcP;|bscIVLt_)prOP?K>g<)0Q|1VP z%G4`vkm~=WqU-2z*(K)0{efT@lG7whp|L+Nh@-%f3Rh+Ceu5{0O4@V+I76l!LP_EB zk*_GB9$PDmO2;isNMDXNE)P)Z2mZA@9@dFfkCWwI}94qrUT$50NZu4>!oozT24h)Yku$m|Sb3LlC()peCR3*zU}5MRIDacO2mdj+yb- zicu(+>La!9jZ%YFc`h86PEXsa#HL-6^84SG3S@Q;q;ln8twGjM=+SmmBMI(H^7q4N zhd(I3MsY&u{1&%U=dVKzT-S-LN0>|MNk)^*2fw}hJgfE!%DdFx??W!9m62_Ka@+C! zSyE*5`9kvzuP1HToaP4KDq%Eq(YoRl%0YXX&$ORl9afz^zuo*{TM3UEjzG7 z{R8+pU9P?%f`YzcpBh1yFD{=uy)nuv4hg?a z;62rR06id#@4_TkQOG;45Jb+j_t$R3F;9H_?#t12aoxvarn~*B zgz=jo!gQ5(V^F+M>W@3gh8Hnhd47n=4@WETnRGrxDI316kit6)y9yIl{D(2ogzlfS z!DUKGE)|tsc>Yx=DQZ=-FhpL*G$COCukxHa3knOLP)kCP)D)EpcCN>026@?WVDj-+cG z`c#xb{OK@)JpScfble*lWFzI15_BbMnBT|qD@x^0@&wIZkb01~;60DaZ|V0X=xX=b zO0Y9ObaeNw*R*poGK|wdf?WjjILfX46ktJO6tT+9M5Of zRFd>qO8(GEM(Q zi|P@6AKVJ?dvP?9PDdBf2y+Mmj0+2uVG{wgpT1|a$k2guMvKREG?w^{R8{{$Z4mk zA2e038-(x4d1yHitb~w7HDQ=T~TsXHAQlY6q+A; zHJdP6w6?d3OxqSqExGZvkeCE-6hZb?Z-#2Jo>NumwLARbE< zSra8CrM#o}d*2Ox#6=m^=eDE@8-l}5EhHHhP&r?IZ z@abLii!+XK9FA1X14}O>%y=fbJ8BEX*TJjnqavyaz}&eu-%FxN<^4qKRsB%)P}Mp2 zEC@1d@YG>8Y-gW37EVV%=JZOKuU*IYJS-c4q=|a;=|~p(9hesTY}l_5)>2fgh!VnI z?p-d3-}064saErN#-ml<6Ja%DS?k}(E=mB*y{0Hw0q z&AMzt!Lq;Uade9?qe|X)_3Ks2ZfQRbHm-R94(i5i#2p9VT@b0ci$=NmtZk3oRhZxgR^(|(?St)KbHlma`PFrUkcXUKox(H_za^*D@?0TS+H>vYCHNl~eBjnFo+WLXTHHqAE(Kp}W}JijEw zpV^oiQ`P*xu%`8yX(+&m(wNEoO}OmzunaJwT%4UBfa^1$#42A6s5%Pudpj+8x4%ze z?8YWUGDjgl2b#6h3KF=`S(k%;4Q90CMoJDZl^iMvMzQ-s<#qg}FvoYW)f>L9f;4?2 z2>+Q)5TgOoGF1u+#T+f^#4g_`8oa!z>bI?Q{P{tQ*+*_^(U;F`0ttSs^J^Xlv7N}1 z!v@e}27A)oPKX$$;sRAe4H|ZAs91x@UMPYw}YVqiU_2#>tSIP{T)1|NR z9IH~Uo^5s-)}U8$SNV0HOktf~xz-)i;n!s1i;ne^!-Wq{uNya=SMd#WEW*80$HVW_ z{JgxFDZlj2G7;QR?Q_+4^~3aC_H@1Y_P1`WZ>Ii-+b-1Q`7X$>gIlyYQr&0h`Qy1W zikfroIUx%gP|y`t+{Zm98R2nBr(qM~eJ_($XshiiYr8pfA+eHnzMfpP? z1}Ati@K647YzOEKRT3NG01Ia@{3Cu(*gbhgA0GB0Q^fXev}{1bq*l9B#J zoKjzL#=(~hZK@bFfG8M6A=uU-G)46G8d;NH#FW8?k2rZ+upn8?8nf%QQ98S7*rWT= z>T|E>w60cxqDCrjA<+7-)gRB8VB?bfhOmMSf_G5v*rjlv=*d<1Ch&VS+%;G7SDOfK z{}i5EgP!hRE2act&>Q026&w1zSscp5ggb)gw#^?geEK>_1mG~2#Xpg`)erTep`tLqCG${Ciz1jciGJ-a^)`3j*HAFtuV!xcygm9+xcqQ@?# zNnZ7^_FekO!dc#KvEE|*K3b{0T`Ja>iB?(ZVJNbbX?s_6rZ4*(Jn8=xXn;V(!r4T$ zuEt7q>{IgiP?c1Ah}T8{Po&ZDi|^5Ps>kH>%8c*O(}x;$M*xy1Q23MRd;j~tM0K~T z%$?qzPkXNuvA=x{g6=mv$bK)1FAMq~dw71rX+5hz?3bJ0{=VJG?4T@`-|M)(KL`>6 z!k^*BIyOZ@p|Ab#XDV^u=YQLMzk!4YxsF|+`ANPzd8MoQ$0JSfP*I-cRUu zJVKSp&O!n+KkExHt=FnwEsVcAa{uUc7k?X7K|x@y@s<^lzW<#$I~X{~`C9(=e7GTj zAtPQ`S;2Nby}1F(Jm)R)J6daRfc5SBxEuIiV{>*mleFAUu9C42G(~`*@VBE3FZ1cF zNq~cW#3e9pcn5KA`2<|s<^9R#76w{nYSwaT3AmiR5BvToU^fj`(I_hzxGAScAlYtp z(8Y__d(w9>;CkY6PKO>E38-XtT~J2OFui)zk7+&C{_A{w0IdNKyr~b(KoM{4UdB5r z34?0)jP=fz>~q%enibvy>&Qs=ls#&l8=I|sEJb}Wfj#lxIRgE2eV*Zaooa|!iVuDw zNcTKS;VlhDd-qhOiCX-+*n2)%8t|n4dg4CEHTiF=)92aK`*+S_B!F&+){vIBKqkjJ zo-pf#_Hdsr0RIA!SCW8A=aL%Dzl#6(lU2pWU27i8LG871)G#QtakJ)4^{J}dI|9F4 zFcaHnMbZ@caS3H=3kfh?6QQ*aK$mF^`@?}It21v$RzsU(6FlcyF;*gvz5bi9+B==N zQ&Qx2=!TxBZQ9{IM>xO99&*;vEa!&!T(bH~S9eRkYEnJI(N-7(7fJ|UQZyETilAPp zZ9Q4V&bJ+cev6xZz6z&T2HeJi;F*Q)bM|R-U}fpyArxM+t!oq#R)CdV82Ux#MO`sV zr%_!MT}~@h@A_O8r5E|--*{jHXf-6VuAUx7J{AQDa-}duE^C6933BKYxq{1NNJ#lz zu7to{ATrhoie65UGjZTLN)E-C8VbcyvcyBe3mERe zAO5ooaaM8se^9;5W%n2Vh5!w7iCQ~&I~qaV3_lZbkeiRqRbv#TyTjEmVYO}fqSY>C zUPcTc;t2>Z?xjNTbdsL(O(8i^UeSGB^H=r6i?$h~tCrOTf0@qt0;fB=xW8&Dyqm`g zKNSFq|Ja-LG+%Fs(pvwQ1z-)3e$S%KakaGW6y$x?icPIfQ%s*si-N8F!GbF61SHSj`sOGHXY&Z1>avB0j{j#qyAd!I;;qYA-kQxT^G`{!D+h@zob5%SdiCAA zG%9sFC>dlw1ja$^-TH1Z10j!KxaZ`Di?qKH46O%nKSZqhBT*h;EJi$G8P^_03_|z@$FQ(U2PHK@m-t4SM|x&0cks=&2XBQ>O#cs2We~* zY9w2CvhxKUR{Y)6S0|lCFvq_-q7|tQ zE=-MjUe7R8LI-H%%!8kiev|gdC6Q3}c>{X6v6xJ-l9EvSRAqAYN1Ez8Ach}KcFAxZ zfGEbBSckHzO1X}-9}!xv?InCL3FY)cSW&YL4b_hv1kfCv$Z*N1)S6&Y>VrV6j~uQH zo`WLWk7B~Q1H9RtBD!%_LBFSq-u|!-o$N723NtgaEvm{h240n|Ru6D60IknS1lC}u zwgRfR_|;9RM;(4Oy3ylq|4;4(r`sVaH(*8CY9nPs^*;o

BiTkvovl?!zz2?MgHZ z7ei#!r&ifOKU{K>CYM=R&l`Y2SY^c?FuZ3kz;NGeBE0jntKE3j#%HT+0WV)*vX$t~ z!fy$Nq>$X=S-4SitY4%PP91w)GWjTOOU^&;^%j?iIDQ+>=~}05lm&wK&J|ypCzk-5 zi*_Yyp#lyv=HSNj@O|i*dj;n)bOSm~X0;g1!Dy@w`>r7LT=jSu)-wpEveMd*7)B*^ ztSi2xU+i3{+`;-G^-#1jfrxX()@tE0R%94L!A7*$6!0}xeO(?(oVTkp^M=Ig4RxVJFQj8x+hIvt*K-%biUx+9NjH#KtI5L zmX!D`n>A(fzMr^?5s#(NH{fLA-&w!=Hd@%y{co<--OM{9nG_ z5_hXAEn@A;A{AleBQnJ@xxiyk05MU%PVmb$H}uWxwcRXtQA2~PSYU){0RHzh6vQ#X z^+!dxC11XQJz3DF9^Cd6j(c3-pX@5s+T+Bn35;Atc%HuP^dsskE#4u<3CF9k2j|!< z0mPQEtVxb3l5@p8r4qsGeq#Z0ZeiQ?!e{P}R<)36b|U?vE*fB1x9Zqocgi^zA` zd~6d{YG79Wi-3ffkyPTv(Tlv`&!?q_;&LcW8CWptJQ zeRoKQT@2>SYa4J9Q~d_GBcuRPqtYP7hQLnbI4J%-0WZ<+e3}462ca|$gur9%9OS-@ z9WUVEgVK?PPI=&@A+Ufm? zA^B4C9zK_3EYJ{g&4Oa(P}CD2mz&uD0|AvPl!ASoQCsj0rq;S=IeO3OC(8O=!Rd3V z!T6hxiUL}D1D7xI0;z5@m_z2=m*w6o1VxH=kvi3mLs=SkXa zc1hf$lzg;@PX(gM?dCL0K$j0QM(K9@Zc;PVlE__-V=-NSJL?Za6hX2ijXd3I#b#&&JK)!_kN=jrLJrs%;Y_~m+5709UDHGux|g;J8#rWvn=vYhqL zZ6whh5c3MG&k)3w-QOP}kv`x-l(t{qSK%2MQm-UTFcd^rCz8<05spo`D5vkxLyiu) zlM@V#CTa^eDn}^H8dJUA^P?52%*EchnZdWNK3ykQ%H(p$C1$kxv}A3L4DuG~M625F zxSb|byR=wwp35IJ+3E|PUZkAj#k_rJ;g(9~fky7C^C>RS(eA-T8goKyz(&Yg?YM1f zt4og#1+*j$_nawSdYCb@#GOikklw!q6nMooZ)frQ;-|y5Tf=vec#ubl$FT7Sn9z7H;SnpQV`oUoUL&#hxp&~L>-XGg|lfq_@|yW z;J;%`0s2LC!kg$z+?2e3(Sx7t#`>}b*1K$pfr2+QlV~b|A{z-%uZwYCYF)5eSOg#U zu#zMcvsJVgyR_he26`IWIaX0NcWoI~Ca(Y(KjvVH*3bf6Zo%38x%3nmriMp#;m=3; z&Rs##v^-PuhLigS`jqWfTotipR~{RT z;jyald+s=NtKvj*PzFYNG<8MyF*vQ=zCI8J?(p1zMDpjv9xM7k8BfR?m%yE~Fm|2w zhG96O0yLZQA4(!AIQvw3;Dp!r{Rz%stS=Bt!}xV{#2tbT+JHnBwxK<|azn{e(Banx zeA)j2J3++0s6eZ+eIRAwOA$bUzQF4an&_ZLdpD8VR@hJ-qE~`n0xo?}6cnizd7utp}fQ(OSRrL8v9a3esS6s_EU@X8UX`VD~|*RIQn&Iaro| zqs2GU`pB>C8E9o{E31v}$IEIaZvGnt8@#pOS}$j3Xlx_R&JDU%TinU0dFf8tk};ps z%JBQN81TcuNdw*VD#*L(>BoL^4c+dCh0=QNpLjXV0Al-3A#)JX~bm z-n$-fA9toS(kKp$_1?XEfUQ8Q&!0c{e!{DluUf3ibfkY(b#G5y>b8`@`Z>Oe+La!ty%y@($MV~o)Mjg+eAM?JA zo-SrBh+9N)eK#F2Rc~UigkN-iFH0@0{~6o|MX#GY=;~GmA}IwEO62!xWdNhf!Lk@tGuW44bT2 zm}D%hhn3gr{DQ6%!H}~%>E`WhGbVlgea*hLmLH2Cy-4E!)=>oN=O)Q2qWw`xP;xb> zY|605pQWHA-Y7JK#Ou6XCxEsu)eK^7DfdXb#q&<-LtGh++p<-f1oxjYpJM!X%2MxF z2^@0?7(MOf8K7glJm$Ps_NoM`1gZq81ioqsRM6^I-MqDORRUE4UqAwzSLuZX3uzxM zw-wpj6JaBH&kk!Lz_$juD8A9^YHSkl9Qu3LIp?cyqOJ~meZS9(o?k!^UuBV;o<1PO zEt`P^!YleYs~Jnj#I4%WS2mA~9TeL${#xqPaM=JdrtTaIW?OPA!YYLSy4Qm4&`DvVf#=r5mV2#MYwBvCST+)`s7FkE>kNaLBhz zhvBP*Z0P7{|A^0;WwSz&ML%J!;l)??;u2Srf@(!4HaL#`;#x&gN*y67n*o~X*z;WU zq@Jq;ssyS8ssyS8ssyS8+9hCyR^S3AU^ev!`x3Nz&{c;mKo}8`rR@0)4ES|uq4L^! z{<7D$er;-kBiP^sIw`?ceMi`8O~g&1dLsJKK?V3_t5!=tfCOTJ6W?&}2Ofe0p!~Bl zvw<0^N0mTR0?e$%JBX(sh|PQ3{A(TF0)5I-QdqCEEn{QnDOiHJ!f{bnqp@($qqWR$ z5tSWMjYUd8YTUN`me$Qe*%^^`uG(oP9UN@u3~)Pr1=JoQ7S1*SX2BAl!#aI=n^kCW z_0fyqA-rvk4<85RkLKB10+jh2)Y|$TrpI@aEayjuw}i)*4%V;WV|JqK1Mr2dL@1V2 zkuUL-+q)4X6I!plHH{$|bxg5TUFX~2@nIrIJFfwgy?6og6$VkbQ%{xu z;2DpI1HUc7k0M9VYbPA4ZOgC>mG1NgYKyrc=1mzG6TEn!wAhNE@Ho?xDCj*q_)tF^Rddz)q* z&xl706pJQQE@W`LUQ-Irs=CyL`@(dD(B983%+4g>YuhlS;W zb|YYPFvk7ZXr@x|#;#kG2icNRT4lD91Si6ycE=65qrOY0yz`WNHT;8xLMux?+VO-S z|0fRFOqkrM=~>xDaTXL{$2^DqfRdaUJuNN;d@z(Q`#(7NVWY?oyU0rKuq6=v!~da* zMH@d_Kx$}F)5x()E{S%3TFTlXP2;_Qhz4zvFfwv_U~otVV|sR<<$(d6U>&0ktq%su zszB1q0!g2JE}+~oiSQ#&S=Yv?RaJc_NBOW_C09vNCKajD?K@RX2{ig|i_G>HNO_=$ z?w$@W;+!6J5j!120>ekp_eS+43k$GW80&)GLOo|7^6WfdL9Bx9>z-IJK$y=MaW+~0 zEoAGBDuH7y0bL}zXWQ_4tl6#1RS8rHR0&iGe7zF*e2cEHSBCqpnb$na8{0eOlpr6i z&!KDjc3D;VRDC$k`cP*0G2Q33Y+G!{>_7e8qB11B?!)SGJKph=`n#_m=@WIs^fmAPiUo6DPOTxNVkxb6X^8sJ!x=Q40eCmxpM|4;o zw9=bY#|z-x-Y)XK?;FNUCWO<9sI$pHvK>PLAVIOkB7q2s!a+p@yD+JeQ zujan4&E-TCOVFyl#x76t1ArNCf zn8+>^>Z7ki0%b*DnFFtE_Ab!s?EKu>)%enMJ*or}xLG1xS_>y$?qfnJYrytY;3U1h z{@Py(ZGYapZeK{p5;96`KHKKsENBO=;@Nh~@*tB>a*5gScfsZ+R(j`?5NT91Mt3RC4VDm>>@cNrW&u z;x%BwZPQgEO@k?UjTD(OBH-pBvD^L+6p-`|*YPMRH?zj?OfQ^g#9~xd`RUB10z(tI zl2W;kC20(=ZDUhuqZqpbbCksyo05T2i-^EyIBQbg(56aJqfFm;EiK(fFwT~nKx**QaSG;Ih6 zAhM@_KxE=!xNtt!a7_8uRla%+#QEygYq`*e{)`BJLqo7!t>RoLZfJ05R9I6xL8nf6 zUjb{L(t+47}wXqaWXzWZVYPgf7n1u z9bdnGt?Mo>EV@P$2>$%od1zhm-&RdSjJhAc91k9Upx4qfV5_&|#T7velIj^Q#|vdzN@XHzYdZAKHaB4h}BRG<}dV=+q8BkGSMY{xBtw=AMRs5RX$k zrhYb*Sut8uLzfpeXmO+KWe@N)Eoyw!Ec!+X;*hpoj*^n*d)gX7^nx5!burNz-sl4-0+5?s$B1W&FUyk4(&k=My$`79O3jY~9 zGTOSjNK*JM_XT!M#hs$lg*ibMcR6tm$_b zQI$`XPrC$;P9H3E9lUI&;{m?o=!{`v{os`=A4`gummLk~@*(mQK*S#9M<@tOdvPG% z&n>uldU)W{xsl<)_4j4hd8$|Yk$?vE<~`YZgMW|t4zYbpiQy!Q)n5Z8z#UcY)3)^3 zVl36r`Y`|EM~*0RaY6CO_$hIF`a&U+H8HPpMdH;{A~Up}%EI&0*VAn|JMr%Q{QTm? z+xG-A*xxri)KAl5xeHaA-YBF#I(}t6K5$=gF6%BFTPo2kE*Qr%w-JB5ItbX{%VO_m z6dQqNhX(qD6XsQtHyl}6&1T;9e-B;$>!kB)zw~9&LS(gx&Q3q~OJDlZ;@Q3*FXaIA z>-=P=#&W;Pa~I)M`Rp#7DxWH!O%kZ~WRpNP{jBoYB#=!%KZAVCH_DVl(PkZ+7})Pm zbGd|XE)Nb3nn3QpYq($HpDn#PFnED|)^_1+E!|U-Wpykl8FA1iCWKCVYhnuya`ozE z8?9S&)jMCM1Z>y?EBlnQpiSo3RyAK`HEX2~AOTDHTsVFtYrFAn_ys&Je_M;TQm{1k~+ zWWf0!yelrQWIQNGUKk45b1^cfr>7bDY{3peF?~TEHXTT*#e)lAARm19)%Dg*+4(~P zCE4GXsI@^zBPb>JbF^)i6&Yd>NkHNF+}v!7f~cI=u3h!T`Ai=}Gf6<$06R`iO}S{L z#IL8u8U?|_Im6$yh911B#ryZu=xl8h2u^WKg`(VkWR#F-Ab!P;u9{gs7-|e z1?8Ndpa1ipzkl`W)&2Vq+-zrZrxK!yc@W4>Y0CXTX*u#G6C!%Jyv%Mh;GPOjeDB`f zn>TMa#p5IjtSGH#&z^;;0+1yZK~=Gb4WLym ze(BOhS>8^)^@t)VJw%XVK!`A(Jbp4iH&2Y||O#IE8 z*N29NU8AF`vg$8hyzsdOhShr}f}BD=hC0ADUHzJ2=^ z9ZX`3${DQ|7Z+FzW=ay~LP$}@N1+TIJ-l+|3Vy=lZv^tb#HqmL(@baM3!aTi*z?oC zqIT?zn#wLcIzBOhB^T1TDH-0#0ozKHg=E~vjEV=WKM<(%@@{N+@67b7?def%&Pls|Y@G^J-P3(qPj^ffc9I)?j=B{qJcMpk65 zK~+KR&YeBe8aKDiQg2oX9CHaktlBu9v-7u{Z(Hrkt}ejfWRjS-?37lrrR9h?W3x_g z5=1FNn6Gd4?Ub+Xr|c-1@?ekhZ&9h~TcX(ZqRMAmv9xYh`Lsl_?ZwYoKHCc95O3B6 z&mjtPucXXtJMty5cKmzuZGa%c-;#fg#Y`;YYx=eqTdRDkJ{;TrqIX9J&m%o(n-{v_ zz3c4oL35uiX(H_oxxdGot^#lxIoCQe7Ur7bavUvu)$=Dwz;Y|vuDdfVbvlobD_)fr z-Or$(sbq0VE~rprylA<2wjEz2N~G&v(?{~C<%aY$xahe1psU`e1 zxk+bQ1cT-$jCX_??#Hzc5ekN~9(evxoOEfxK82tC%jb~o;U~(o@?Ym0RsV}=WwQ2S z&$G)k#-p0P+MlWqbYR>0Sm*}h5`QPPznE{7BdVac?=r1X+m9WHIP7cK2sD!v60D;q z_B%h8?>Ig;2Zjp~CN>v+JMQJQSSL9(b(Ya)(QHRRMub2k5IeH5Z<B7vcWa}@WVeKdrFw)- zrzF*f4M z{e%6|lqB5BvVIXP28dHQSimow@Yw*9h2JcL2&T&|=*qshyf{7mZsN^^XspARE(w;Z zIUHsMY6Oi6AFM385v=DCxfT`#|5I^+11A!h3V?O%*3AoJ7X}6gloAl)w6B zz2~8=>45Z#3ozOIyi$-X!f~OFpsVj0ZKx<)2$(1=udlwO=o-6%Io==|vZ+6E?rwU6wt1xxZ!681!T zXWsRKyou~tv%=C5oukkI^Yua@PQUN)DwKj4gaU0WJRDKcmF(e4Kw}l~=(A_fbwFKS z%j(4r{SH`@IRz^>M(EB3Mp+op>7G7)nihCLPnG`4mCNii&}vCgdi4GK55dj#O@K?U zMtEaE|3z6EcAMEpfmxtD-i6TFdGC!Kdb*o%oDvv5KrlJfWzoCY|FN<2SFbKI?|Oj* zI5%*xS~qXrgb-B_mvfn^7Mq|r?8(k3J%0T7)yr3|Ss0}7tX^0m2h^A;FkB-MBgSOA z3CCYRt0*hiu;MV@!Qe^^7-}Rn5;1FKt%Pzpj8=@B{x8|=%y0>wc%g(khmNycA{g+Bi^*! zkf{Es5;!3eU`Fg72}C?^+94>qUYfg62lHQ*yy4-BZK)VE(c|Orepi2lMfTQ84Ee25 zzX+-1YFzsfe~~1O#z)8Nnm#0Vu=Z-m{1f&cv$1M>RrwcHGIOr|@n_T@8?An1|5VWG zk%@L^!ezZ-^xc}oz?_F9`guIhRIxs(=}Du?r|Ls{uQ{&z5birpzF2`rzul&%b5jiT z_2}jTMy`aH@{s#GpPF~%yw>JIP|UG2BWFei3cRmffc5$S640b}CbX|pv zYx-cfjz{f{cChwJf6gJ>|H4(}r|M_b&)UCs8fdD0sP^I0?L*8aZF3~ZA|?d6@M$Nz zuWLGK7tr1({DzG7>CKVM@!a1Ro#T*L6(%O9Y_HnIv@QBkmWYrT^;SEqor|3d^9$2r z6g}&(C2ITD#;x7loz@y3C0-Mp2nlFkJNgb6l))#M9ktz0MB5z`CJ$yRk2=@E=zpR} zW0ies&9_?;P8v|N_E7{&dFW^RU4O+!oUzUewh)Gh@ICnR`Q%_YXBEkLyuk|}^ZoaK z`}^Pj0oMYeBr$A_5n*U3289wfwNw)<2_ESC@BjMZ`3p9`nEK)nNW?-b-yvVXP62fhIINQRprB3)Ac`nD+lXg2W-IBTZQtXMt%hjT@_(Lp zU@aOv|5p}JmpFdPg3Xd#6DwU{R8rcMyAXC$8ARtmhBv6l6K@)b1C2kcJHK-+6ye(l zG58K57N2HEj~+cPx`E#i`k%BiF9u`pgJz_&ep@>F2LuI`AfNGAuI z5W2!f2r-XBpDGI2K9vd+WmRA=Rm*e~DTN<~Wy~DjGVSyw$_jF#ZuU$+O>CCp3J=~%z zwL_GEwu1?W)O`5h;rp4HGP|Rc+EEj0R{e|J{>^XxS%)g+Qo{Gs?;kvP_~Va1&CSjk z$aGaRLsr+)Al?B;V*+*hkAM95x4-?M|I&>+ckW1oVCmqD0MIAU>izo3Cj7Y2)7gKW-J1zmot>RS;V*yrYYG0%=w%NQCKmI7tHy~AsJ|2o zgCFl~=#fK%L+69l&fB+dp;H*9y;%CoU%qG1JZe8cMR9Jt`_-?$HH1O&Vn%hCsXzST zk6zC(z_m=PzIpxn^?W^JfH5=z{^?Ku3oKO@qQjw-Of+#JD;b*!mfETX8A?_}tq4N+ z@yGkD-{s4fuU)$)_;ll0NwM*4l{Y#0R#58Up~2yiVFFPLC2mYre^m*b3<;QZ%q=YW zD;sKNx;yc$%jD5M{z|)fzlpJ8WO7UJgYmwvr)y*og1sj~DXn$P+W?Q9yUn;&g!V|k z#a>OHR%f&Pt9;t#hui39l~0w=w&QiRCkL`8t^RZ*7aw<{A4#!4Z=!kv8)05s-tR2J zaMML|IUP2nC8U}@B~#_o(1@xJ$5tQo+vvIxezcw8j&AXg~wh5qMFUwDgikxApC1d~lMdU`$d>YMh7mMuqZFLJ2*+*F6!e?t;gAF4jo_4vW&ONq49fy#U)CVM&2 zYbn%TFN{(S8@l31fyE$bSJFnK{3sUsd!=Y4I6@41Cu~>K&~$MaI&ljq^BTk7`c>^5nE6BhN~cU z*if922gr4N{0(4}az$em0MFYLpqbJaPShG?>Z7%82#laMN)C~Dlmb*JvITC7EZ#6y zN=a7TYhjXNOq9MnEkxK%_)%=bJQ++$MwOvyBirh#r;%RyftOfsy(EH8OgXZJ%cJ!K zEe0}Iv}f&j1* zrTJ8!PZRY-xCFZ4>)A;vU~}de&z=VM)C7#I95e4{1aO_aGNFBomTL)2iavPz_HAWJ z^W@1BY2alAQxpK0E>ZH9d`ds@lSs*uu-8@_4a9?2XckONNIH(DTtf75WZsOwxN*NM zlIEcztx|$O-Y?qw(fK?A7*na;(??UJ|Aagx?(vDOjt-a}4oC4IfN%VHl!YJdDSN#r z$l^G5aq)Sn$x%RZM_X{Eey9@A+4UWe@#h(S8_b z{qn_29gX#u`0d+8a8lt>C5BI>$as`Ypj3cPlg62uz>lKL`Z3^!k}N{ZW<$(tfB*YGo;-QVbh8F@Os}WySkmS3kdFG;t5O7mW00bF<%I{ONWjOee-t_S zxw>i{H-|EeDHCz#%xOM*xfo>kbv?u#*v5tgEHmpjk_#N;l&P;FMtEsuWk+8tdd}S8 z5KUtcEUEMcptSrQva`2p1XCM;;D?W_BFDzglahkU;LA0RLj+a7y%y@_W?^3I;LxCn zC6UufpxobjmP>IGkfHu~=FAY=XxLTU*2MKrmB43~K=#Ugl&K5o2Ic)L^D4cwr=x34 zUVZ3XJGGiIl}#y6bwR8S4)mTLWR2pxF)^V- zDy9bwnn5FbXgTA^_ZK7nN*=Q4?9PtuIEhz)lJN!)Sjd$A^?ua)Ry$%zzx4Y!N2z&u z(YO|7!0VKP!D`Rs4u9Hms$OsEkT>lLVMFgS3@>j_KatD`Z+OZJgVu7AgX*Ca;W-~f;fiyp!1qEo5F>w@q-DpK&s2rvkQ9q@L;TE8(rG^ z9*nQc?o@be&6p3jzawc4(c2R~T*Sfo-oBqxG_L%$c&HZ#lK{mlZ{C;ee#Te@bkd@$XJx2QLj3Fr68(2t3DJ7G~|#9u}6C-OVyvM zKUIHffBEA6f!xy1od;8md_5*7Gwr&$r)y1Vs}+F5exzMMk$&u(+PgKM+*AJJmxvr} zvDj_3XPh6JjD4EDu$fypu>oU4H$OcYd#Iu)i97@r11f~`CsYF37Z73Imtq}J5lHNH`195x+!TILi-HVql0vbZtKqaCg z7hF-F&))a-iIZnAXk`SQ0kZLD==2m2%2*?|D6r%B`1sqmSB#_uwA$S45C5c+&<8*i z&CcLb@H!K3CIy*$J^lvx73K*r=+>=U&_BQa^{*j>&_Ou^f)*#_bLY?dLU#Dpz+NFd`g;~<*Cw?6n>Pfj`kDr8OO;jJ)CgqFpF8fW>De=9 zi}n%7>CsV~T)%$ZQ)#3FdKP8y%H=CKN0VYeZsB2ix<}K)o))swlQxM-@OpgQN5;?6tbOPm|tC4jTtEki4+?O7E;{QE`GLqmQo_64V;_eZe3;m zefh5re}Byz@I^zh*4n2%vWcQ6?k9Ubv16wE5YyR)vz zTQs%aIJOd?JWTTF=!O6KU;oR^n>Td|UHJRI{PpE4AGMz>#)_HJ-SkcU6rOeJ?OT@N z>b0x-zQCxG$pZXJ0oeRjO<5sBgKlWmAeif;yLU!MPhY$kNc#3e$6`-d1}5llfBS(+ zM-~#)SRlqWL!ozLpsc?T1b^4%+bL{&T{=4hG7&~Aj1>cJq{HO1XV2hP#R)b@!Ns<+ z%Yx_Y*RKh}dgsn<*XrxNj=%r?9~OhFtKVZxoY$yS+6NuMI_RJN={u2A&z?P(nB7wd z3LLA-3RQ|MhREOl{&zQS++YmVf}jjiMn=WC(<*)Yi!enBYnr3&5}{dEXNC|cJnOQu zV%;uny;mjhnIup;U=F&isp!_C%ba9`dK;^m8n{%8U(>E#bFC*fZby2uYQXLqxnwG}Tyc5KOXx*Qxc%-JXRejJU z4uAe!x?JgZm41;!n4hoE{+9Etz+>YK2GaWWjo|y+)jcK%p;qPtw{~}rR_ds+V zVt+3KA%bT19o?tOD#BagGxLky2*(o6gsN;sehn7tu^$PLp^rm>0!M4-3w)p7J{Nwe zP`Bk@Q=@_%f2nziT#Qr{jwaBD7)o-Ils6kL@9--7?X;iq1wIux)%vik9+PZAqYA(p z?@lVNEE*-~>+RvR3an{!87aH9ZhloS3g3(Vudab#+ixmmA{D*K0wW=?5f`NC7(W5y zDQUO&cM=HsClWV=Q5qy~hIIBOpVElg!rGW*VkPfvhUaFJn2Wv9m$NXL#w@ZoN$igw zsrSWyP2X&-ef7uCnf>(Nn!f7up{+0U*{0HlRBL}vfz@OCer$>7ubL>*7g$Zy^&zc=&Py=TO zgMD#n>sKx_=VftLmse~6qe;-VX$3$+%}>X^Xx7BXUjon!AOiXY7`G3@_V)Ff&F5+> zBF$)VDpA}0__t%_@QX_zI!kVK^Fc&3x}2=WDKD_M7ym>1dLgnT%`QuAF1}b&i`?c- zUapUxGOsRaSZ@Ftu$yAHh0W7>;Rp3=a6rJC5_4{IN6u+7TJjd zlGP*VAA$XF67-)x@BXQKVsZ*12jvkvz=J}zM1h5KBFv{xpYkRVBLLTvCr^n{Efj6G0JJ21I|Upv zq#pUkG)N^(=L@k7U%V_}Bk2jj%mbVg>=Fu)oKf@CJY;5eW~8&TuQQ?*?sT*(QIRL% z+8iit2b_HSHfiaKVp>LEyxe(RvW2U9XnXIuL z8&C3SYrR?IkjbOxg;3mT^vnF!^pAP$VLWyE(*6yN5+2NqB^l1&{DfMfa@Pj>qA&F2 zYx!A~qdF-?vjPA?^$`q3H9gQGM^#>>d!!P`S)6qNoG9B%xqK8$KkXXt^o0donsd9T zzaE$P)CmSzGVo3JS-&)iO#6f}q8+r#m@oy@!*UAF6&lq_ie*SuDZQ;!%tpo%2q}9G z&JNQF<;h%p_ua1qXB{3MW=`2CU0k$(-}82$+3M!I%O)(+ID`F0Elg#>+$~eYx>g*k z!oqAqTKmbk8DhTu_Lqj0_wT1!If*e3Q;ULJ>Qxws?$+1G5=zf@VHGndsH5=xnralh!L2%PNmXxD z34C@5(Bo5fpyS0JgVfgIJubGzBiDu%?>wsc!#gz4Um`b)+3W*}ju=e!Af?3o?Nr33 z@#@QxTnz+jy!>M(XR?h2!>lwhRm(Yv{%f}??)xUsDFMjEWDPfzsS45`Rv_>qZVn0< zSX?rX2x*i_Md{qZvznzBMU~5=FFxNmG5mxy8$zq{tojpk_1eFF#`Z+(AL+4Sg@2?a zRpRXu(5<<<$|zYndHYk#V}odnqd6J`faEx*$9meSRuxVd{~MWCi^~78*0-!`RJT6&;{>{8olOj12lX)24T_V{U(l{oS+)whz%*hjeu+&!iqU(Nbi5>ba;taO3#~c7wBk<_Yq~FDpD9c_O1cLJ`mHG&b7lOvf2z~=iAbmdnrbXg zbABHz#B#hJyet+abkZc<{!}IzRZ&hq0KS6LnS0&gwL)%{& zHTCh6fCUa<3eBIIdS^FXrx+Zv)C=H%Q|u!~+{8_ugyUC@%2AcTmzDtYXcg>p#TLN{ zRIwCp`AdSigN={+9snES<{R-XqnUZ07sFm($2xA+-hX@>`PC~I#hM> zb>e&Fu3N<6c$Bz@S`%UBO7}!7d+S0G=#QR0O$e{SWM96#fB%89oX3q?3$_0a>hgRBz57C~sI@@9w#wP(+ry>-j$ z)&W9lt6YP8C{SbK-Ke;qn$iU3`|rOOP*AyquhGZOpVxxnmEo{zq?!Elpa0zVk3NQ7 z(a)Yflkx1ibAV!^A^JjgOr+M<26*neJIxy?33tFv0^GbAt`TW^4dUE;7l{070QUS7!mtd%Fid$B3M& zW$=%<(JAM4VbtprCIRM)C1-pz>-77u>R@4PEFh+HF=&jHuF6KaFctu7N(_sy-??9G zyPvI^vpgfGNAx~}f?ogV;Ug;rR+IsuFs)=R7!W24cpU>Y9Gv|ZzqofrU(PVAN^uhp zWudXvy0()l*Rqt0w6w1$CngPfFtx@boUkxJuo;1M0>fqSY7voF5oKw^q%$B!Np<|` zr~BhVKEHm=ycmy4dKEFy7~Rlhx7}1b*Ew_UCjmFTsPO#x%QI)r8sN^HJ;My5uTW!X zt5EV6hZ`N!*U@1%qj$G!d#j)r zoMV;|yJq%?h6V?{wW4?E4vUKmZ>Og8JBjrO--wBsh{YzT=*luYIA4vS-&1|vZX@5u z!eY2+2Kom~m`q$_ks9&84Urvkn6NG`%MiNvaTh5pM>U`F?0WLPaT z7Q0Ui%ZuK|@vaoIdOdUG95e1N$o?*!Zf5GahbaW z+8)~ssaix8a?{Yc{rEidhct{>i_a;Qungj~_XPIA^%^FblbgclK?g^cK|g)TPR&>O)So zk6nKW-OTlRI=7r?Yxx2RbRhU3w5Xv@ilH@oP7y1`Az68Y?J)a$+ayB~rugv{_xNPP z+ET;^{eYS9cCD^~JKFy$Q~95#DLz=OnPWamBFqNWgkQiur}AjrZrda{ScpcA?_yY7 zf(uw4`W@p-xPiL8o9H5V_Ud-RSlyHcWHoj0ApB?T?E}TpK7J{Pn$u^REeLFso*M~s z3(EhHuHHb_CX&*g4;U)~dm8Vum~dW8k7MUjw5zzR<0CN;z7~z|A%+3+BQ9chsZ2Tc zKHre1@j_~dw$4xLe604burqajUe_bl9`0$p&Vjx5m#?|Mn0nbZH?Q+&n&EZ0(UHN^ zL;b>OFqV5cEJf^p?y%!?KHjR0gts474q~sLysC^!0Z-jt| zvn?eQNXecJAPeF|SEOXqRLXtQuE~$D1hghtlK4^(V)OH{H9ilcwzS;Svk-a^|3|n% zi#SK)pSX;JVjSO!RnDpeKBELmUvSnhxIDN$xFA5yco9B*eu6AII-J*UIbh}%mKK&) z#6%Vr%2EMxFQcEn0)k=u4Qe9f0Rg;z71*Od8NPnwgU=uZU^=$yH%UdOX7XdZee|?k z-VuhmVdpK!p=25m!W>Y51`G#C35hDkr(|PeV?LA&{{-glERbi3mudLe);JiJJZc=p z8I8baPp7Uz?B2GjWymR-?-MjZj&z=G4SWI9RPC7f*X6I(93bN9h6hR)} zyLb2Y?VAuhW45>N?bH7=a1 zqJQzrUnr5dWS7@d1ffdg5_dLMz9OZ0?PhHa5Cs2_XC`kzCrTN+Fa~jZ?dny!R|Lab zu;2a_;#5jz3y}vQf5&D1Oxn!`$7cA|sqGSoZ+^r~c!)D2>z_MsrEI?_{VQvUz&f?| zH0{?VJ<}0o#1t~zdbG&>qJAzk77?}Qs@Eq*0-7%olknfAt(hjBT`P~C9z8!cR=Tk2 z=%<3APELkZ86F-6&tgxUU%y@kFDtg4O+zHqD!VGHqPMb&uwUL}cr0G&H}@D2Gs!mj z7`axJC?G3K!W0-da**m}C0Ipxved2^Jx>RotP%O5jl%Yq$U?#5+3NwwqUn!mQX>|a zu?3SAB$X9v<;S^Bp`gM!=3#RIZJ$1kHz?Q{Z+gJE=?g_xWMaINEF-Xn*=OOchIEjU z5f0V*=;_m^ETr0HOxB2F-72wkA65?XKK4zT-@%xECpP)GfaqReXeHkE0)^<8i38qC zkKUF@y;&u26cV72I(xnx^;&l>9l!J)#d%t0eE_EC&Ym@bdn?ji!##Mo@W$R(G2)nf znmKe`yr_fdpoSv%GhXuB+;H^W&e+Nea#;u9Q2tyzOUBp}&m(<+}Ki z!v9s%SNTv93S;Q3`fv>UOX{H;Y*8yXwt zt=hNjyiGH*5BU@`k{Q6%Lre3cE*TIe%u);=6rfPtg?`f6@~rZy z@+qCD+P7*?(z;WJ!rWFHyJ(tHu#aK1Lqmz3)Y%BWmZ9q~M z7R+hIdlP0AR_|0F1?ED672 z$<(S<2^>HI*`d_CoybX z1Kb%J9J1Fg#1tD2q68dc=U&(4r`fhr&_B>QHtDCPCZTX#LlWrqhekl*5>gmzZDW7AWoD{0lPiBPCu%O>mmciF(0<(yqWa7CBVrrm)H@bM?0_2dP zr_5J3W!&`B>c)UxV!nQ))>CTjWsImb$ODYyCQ_}RivIT7Ur5Z#1!8q(24&1ZOAuzp zL%n(D&TZjBp%dJ97;}lp1u3~Mq)aMq-@ZkFBoAooX2P@jfF2+xGz#HlL&WFTA%NWi z;Na#%r%>>w06>NV9xRw{9yv5aw~lBmC_-|Bx{$>OwP~HUqi$$QaC&4!J?RR#suvHy zMBrIrGJrV*f)$8&U}!kP3FIegkiU2qRL4!rkN)?!CMCzjyDRDrf>kic?R{0FX4iM?qvo@m_-^pBy8N4UQ_CuAnE1+nokoz=E>_mgA@OkxNW-=s!xxl1T>zx z-20iCzx?H|4QC{V7vC{oTQ=F<*?K0L&gih#Cc2 zwbTdY(xX{C$j-n1^=~g;ynOKB;oRIs2C$V(kCcpoa!@uy19Ur^3~9>jeEi$j#W(ujDB(qb-dcR8G zNF|_O1Fin}j~{=!|G<<+SyWWla8bI9zNE|i^FROEd?`Vw%R(dHzyIKmfBfU~XV2|e z3(9VgG0k8BI3M&E3I6=&zdX4AKp#Ph(SQfNdiApIZwe}rmv2l7%qYwr)4enPr$7Da z$&)8~sUCX%+*#=*!`tieH$VLS??3+IC-aJ-|Kq=1zI<69w9GY|Ej+w<{-W>@R;a7% z!o{Bc&X`kK46DwMKmPc`-+o|cAZ72|xy?|NLrPO|d@9#duRO6}X0biKg22{bG%e1d z%>T)=?pIcM<}CMXnBP`?W*e(Me~La6;E^8NJ4%kU$VxoM%!r2OXmpPvlf3WbSN@-v z_Ky6RLrot-X&hBPL{atU*y%&6Xf#cu4+mg%U1gWnR+hbfI>&<N&ua#%%&11WDe7)stGJKX*i1RF+SC`D=@_} zDKqml-(uv426_dWf><3M^bxl`9c8vA`VJ6@Jx-e+b}mE@vQ6pQp30u69PdO%KNT^X zGB0&BCZ_x6nS{}C*zB=^gaGN;5OTbqo-s{B9Hz%pX*_KocK2Ue&GF?W5G$fwfN4;h ze|Gq6*y}7N^SYnCLkeJX9i!&?E<|9Z7<2$E0I;Cs{qohQ98?J$0|~H)dPG7MV?Dw} z&|SW*9V=ot^8W+*-@G5r*An!z2>sIM!h3sHJC-4h-X|>e4QP?wbVwrspCA{Zk=%ds zeC6Ofns_$E2&@9;)KUV*IX?84~@aOEZ(kKKKTfs#u^F2+Gh$V)H+Hp3VS z-RSJ8vy2!J+|K^J1aR=G+!`QwR~QoTM3ANu*D3*0uLbZ!3erdzPOyfp>}}$<{4@+H zD-oX`tM!`+0vQ+>Y&mO+yJrL0e8!rAXEB2Xpb1B%7M>XF2otvQ)~y?)0ZXchWe30T zd281W_es9cL*mPm z(*PDS5=g_f)#;nJBe!nfl(?AXRuu||Sxwm4Zn0FME2L2b-aG{n1K>~vY0jQM*W25- zoK72X)!v?fVtrVRmsQ|DpgkCQfJN|7?|myGRoc{|1DN%jd-qfmu95L42Lr?}fB6e) zGng@VRosNi{j1lme*3F$T~L@Z8$lco?yD>b^An;RXyD-?&@KuRedMIOedo4s z>=GbtEOk^1*#q`^@xryM*L;9mm{=3SV2{6ze{c0u``4H9uNDat@@D&xHE+!Avzl(G zur?(YM`j6o(tfzF-HFZ!PVz)ebR}imMY$1{3N^`i>9v$B^pj?~&QQ296?82P6j6@# zn~Q5Nx?Uf1321JHnl&iOqgh!x+QLjZG&HqgnZ-zEz?mJ%eDa$n1XS|Fnn0=|cDr-= z@+@U&Ru-8xvq5N4J=DO#WP3ZYDInw(HywM(U6WJ^9IXWCbLb+?PTi*bW_PA%?wiAyNqQ99YR04J zLh-Q ztf+d}54m$^uJtV$UK!o8_MH8{IVvy*wXNpd`63YkHqwZp@i~TfD;e3>9g(*WTTpxAV+L3sF%r|$wD*WrVXx-j<_Tu zpRyx4C{tRg(c?hraD0kP*O2rFX)x+1XPQWyhYCQ=|40whn_KJA_0tgn-5IKvHP9+!m&vuVEN9@ zrTm5(Mp9Jzj$-t)d?5XVk#(r(#-dh-dm6#%z3FlMcyog8J?Udy`m=db*whfzfvvorYAfm|IMU4i6GzyCnx{M!GT{10&)b1Ht4zDrRrJ@GiM2Y;>PS)1 zD%lZL6l%UuyjBLPpu$I~P`<{rqec_N(?0=j=HS4XC-qc%23QIr4fhMr_Jzt zHt3Z$VPX&oZ#O&NUu4t&Of)d0Hj)S5?44pecT%c7G!`%<|HHinFqVIR%3P@| zFtUDEJ?B^HStrPT{@12ks6{apAQo#BYfc~Q2Yq#=PUmjhMK7(+r{%WfpIZNcl6O3o z5#6n&nqOA~7-c0pms#tG7O^rZ?~YZ{>HRciWfrcUkdrV)_2pdiFKsp;vH5)7H{TlQ zqNhvH6rBiQp--XOsH5bhgPgTiI1PPJ!c$B(ypHUFk!ovOSvhABks-TP9Py&KmC4J& zVgta^47VAWLl>L5vKZeqM&8#}(WWej8#*|$Z}okC!Q zPaQYDPggBHVCc#eXEr}HqXvZjmiKrn>N4iP2jDx;PD`hL)Z|5xW&Y^K11(o+XdfJf z0Zd5NQSvJFgdl-NtH>x9?=HFCJs>;&VX7%Q^l2oNz_%Lifm>E|!a16t9AIn+!Br%M zJn)czyp!<}L)mxoD8Q1Sp~Dy@%R!Tm`Wy2Z#YX`g$e!|$=G&yv37`nCkZnRu*N<&+y6mB%JKq7mlr7GOTTFc0@KX>W{m?fP7MlM$Y+r41xaTgZJ% zIA0oz_YV-UVvztyFnR!pM!W-gJzaeL7{ExrcM+3{67=C30gUns3r`2fkMCRH=frOo zm|zs$##t(_ubZD7gCDJ#Rz}+S>U8Tm%KwxOoOMriua^={OU=2=+(H`B1PuFi(=64pBfRSt8 z6myDmwCXR@Hn>=~rrQG--sPFmIWRH7r*aaUQ+4ceMdQ{&7b~)w_`Xmoe$TUSaj$do9<`$ z@|+BO1R}QAma6COIy)qwuK)=gJQwW`6qxSZ3y^xD$tGWk6$#f+ z%2(HA?Q;v}?kNs!pF0j3pqZ-BmEtm%Ha|xrlmat9YYKw z(h;xO7mk|+aW;RJ-mm?yuX3Bb9i>dxlbxnt4TGqL^!;XhjVjUeQ)0Y7yu(*{>RQfM ziEk2pM3xM>abIJgnvzi-^!B4$vTUu)kM9u>m7^rKuoKdW)0P}4|o{d}V$|}@* z9CXn~MKM~rrs3>;)qS2_$o$m}B~~}azjB@Vz@XO!VP^2QKB0lo^m#nI0g$y)`!JgorNmCL?pfTg_-2a3y{h66tx)=(4@7buyH-^@N zl45-PB{8w$NePHjmJ8}4sr6rLkRV^-F#PjknYyiNh%ZX|?T;q7V&?B1T`%D;a%WdiMc(2RF$ zPVy!WjjK*Q?uMYy<7k^Mkv%bLQ<*#oWt@{0B9yA>jU=!&R9!*W+#p%tuFVpe%?)%1 zqoZen=~aWuvKnXh7pK<&Up8RjbZ2~ye^2hEyvwpastAjjD(l1l#WB4~JUpJ7|1kzYgdsk$a?P@{m zgJO(SFAH1Tg2&8e$cNlBTVb5LJ)72$jGzwT7ONgAOyiUw6%_8?&MIY=Hw@T3o(kff zZr~h|>RfE==y<*~S*iKmMcFkL?g`$YvoH0<_SFX3Fx?>KPFu(0E}HI7fo(xmOS_+(S3v&%w_P{Hr z>%Lcorm5Ka#;m$!;m4;`X)m`^KYA0%ZC*DHjF62`k2`}Weg^Dr@R&2G5 z6=x(!fg{cGuyApq8`r*gcb146 z?ff|lJ>X^x+~T_%j&0GK;lhHIPOrC#n<&3WL^!UWl?jgFf6PmaEq*nynMP? z(NIP=)+!TEebF479&yODQ}%VWt#DTa1T8Gk2b3dT&98cXVI4Iz-43)p#B;6fp(>XB zKVHq}C0Xyw%FYRnBL4uX_}qAA8CJNUL8PEsm3@@^4;Umq>UlJ9k<6c& zKo*z}Zst{i#;TqxDEC*G-zmd$!kJqwxfQmmdf2}}KhJ)B65@^Z$(_o%OYfhRg$qz$ zj`Z)>BmMj2%-Xw4<;hbtWPi#pAyh5$e(_aRR~nSR&8;mqlK_wtKHSy+iX<3i978EE z^RbK=dEIr6_y`tV%gD}9uD=)nR4MNvtYh$Am9M%vC5bntfAfBL?~6_k|3$rjP@Rr# z_U~_IHIi{!1=C?+Ukdn{2G?sUySX?k%57k-CeE+8*Tzp*yaHY5duO|r1{=adQ?l{( z=T@*;a{WjA`u`uj1~8fGNeZLswr2KK3?@}ML}>a3VC9z7canG>+y{1r%YW;W8`9N@ z$-}s-sxi>zvJ0E_e2qte06wQg=Hn&g24p>+iBgGQo}N5+#|qo_%$Q=bk3(kW&My~+ zyRu&aXoSP$xpYoip*hFCJ2`3Kp0ihx+=< z>Kj`hrB=(-YV=LqNmNzUcK?3gr{1`zAA1rHO!t9yrJD=#K5Y)dS4yw+I(U*IrPR+% zI-jkuAJpjeK-6XY&W4?Ta5;VL<+Cq1up<|Yn*D`yQ<94hMEP1Ke}JHmqD|{7+K=p1 zp`RHETMe!;Z;C%AcIx)`e%IVAi%c&^A`f35!8m@n~f;HmZj+GRnJ68fMbKG@` z@+^8JJbM-lb|KC#QBNxVvK*ddn-b14Y<6O zV{Wqu`dN;ZZuq&Aws!;7;ct~1mK`N?YKO$`rhxc2^Knz@^>DFeE*+Iy6)=kY)9+rP zw<3$gWrf8+jnjRFf*)L$m!s)XLMLW)64Aq=;LljvP!&@&4`Vo+GzGUZB`)?>y!%Mb zvwc*ihre#GeORTi18j6L<~CU=>fA^QSk60%4?sFXIR~_`emFtN+XW@$z}VXvUALqE z7<%v(0U=Z+%5x2qAE$^B^_U9zEx9aYXv(8lDTNz9cw9-9u{NrJj;ciy*APd#mJc!> z#TQ~qmm@<}HL)QnH0vlIyDH>Q8a6xw2+t;if_?H2iog{ij;?p%?C_6gEEq|2x!u3M zlFC}bZ+{~x8E;tFdd0;2EAHilljO`vON%DDe6;vo50aTUDPPcnS^Mqxd~MBBLn4XF za*UN_7D(DFq%296>zG@v%Re!Z>I>QvsMm|(3$M3^XsGu(oobf7q@%O7L{}z-4Cw$M zOr@Fm{d)Vs5fBd~6%3r+4rG6r$;QIM;t~@T7ncHMW|)K9qE5RnkMfO0xZK9)^YlKM z*2!B8yu#byZ2qv|r%_4&J#YpA)2pOw5Eqj0RV_634^47z5Caw-l!ub2a0Icis%cZW z)bL@vdKzEy$>l^)nR9M>4<`)fFLpxtZWX<_YaR|13-KkQ zZ+5CAL=zwo!)L~48gmG6k@>=rSgb7Zm}!gtbnlO4nZUl@n>(*^BOF;TWBsdzJljk_C>STSBXlgNH8qLxz0E9DjU z8szs9ZBlU3$||iC77NM-hzJKbb_2)Ba{dnG$&z{}8K38>D)y({m7>f|uMO4xyBdG& zR;IQI%Z$uY-V-mojnnf_#f94{s4i>xT&UHQ%vK zV@bIZ)$Rt+%dm`Z}#nU@HZz?_*6R%IP4)Ha z!7qKk^H?R{Kp1azkNQ%|Kb*``kc-G}!U4vbl@Q)(wM|6`g^vtz=^m zBHf{BddImL%xvJ6F#mHffTM7e2f`o%H-+mM62fDjl1%qBE zEB;bHqlt)-7^9}f>Z)xEf!#z8TIt;c2SpU|z$d`De@R}LH2W4z7bszfWbFO@NrnmH z%ba0gGrlOu+-L-*pG~*SGGqM_7uSHct5~fW(c2KsNCjwCx*QJL-$ZpoMJKIZuQPw! zdCar00hOb!M;cpU%Ji;rFy^UPNpJsY%8|F|)~DD4o^TIT1@W4Lq3fq(vQjNoDJT`O zN}06~FMjP|<2P#YmJE@3D=Yv*BUXTP$EAL$`BJsx8fc|2dNKKWuB#pe=Ca;XA zQIa|O<^jzT8yH7Xgh@uDS_pHc4M=p(w41Z2kWZ=oi;izXR}#)#uuF9`njSQ8IwXn` zk{rO>3S53Hf{oH)!SgOC@MHHLK29299huetYneWLT|eK~Y_aT(U0j-xpt^uUx3O&t zRIi7Nk9{ti3j7= z1tw3q9qU7xk&gBLe$TUp;~&IPJu6#)w8e3mKKkfd!@y4qcy;S3I>A7GMU<23aB)tH z-A--uagK+xb&^7cZ-p6;^4+BdK?A#L1A4b}5Vtzx+#TLu`NEBs8%7?HNC5mtz~f$7 zs#T}mIbw@C-_)@GSWMqmQ}qJiD;HAfydUF{d6Yi@SOe{ql#FD-tD=!p$BFCL`%s#T z=t1zKDwFWzch!d`Rtnhdf;qkl%?BM+k?xzhB6%ygeW`!(!RB}RxF8B^2h44;&F<)x zcS7spDJbb9QX%mMAe4B4Y9981@EHbTogT_3HbgI% zwCbx~&tliCc84+}am#{m;QKKI+&9szGPoFJ`R))<*5 zf&Zxnw?_)QNY^Od9x?Jp+W(bIyHJqEP%t$`hqlg$U-%+@IoH$q-~8RAYug4*5id@# z(u?bpH@3kjn`27CnuWibRk>nJLf`yjq z0u1ygzLL6}OZezT?SD}l_a`OW$eZ{?tkK9v(F&IekXL3C&Y=7|)3XfV%Ee`n(h34^ z&!>`npn%EDzXt#GCy0jE<+Azu%}DO_aO}X`oM5yV z;it*m3UrL%Kn&{ABZ93rNF3NJ(L|5Y=X!cwqD4}}YlF{xO8MYH7d1~L{GrxEJWx2G zR*&}f-K!%G5z#w3XFN-$MX+vm1;zFXJw@2&Ubofew@mvV&{=sHI_`u!07u>M^C${q znNt%ZB@4ndzK;YLB}HQ$(=*Csfo*|+=bF~KSBAoqsI=i53#-lkYF#Ci6D}dG0JI;H zx&f$InyZBXd{dYIMBO?8C@EWG{tFVZBe!1pcaWr+=bHBPl!mSbe}GX8r%R;RSw=2b zTN;Ksbs80_7WZ_^uItG&UN06wZ&n%bYqxEw%c(;~9N2jQlq&4ygP=d-M^M4@n({^K zJC=8By{Bit2`x*cDv2_aY;VU$3uUr!+ao^~$BE@|k|LJ-8?22g>vBTkev%Tpqh41! zcq%9_tHQLelF!@@j8(VzvkY|6Y^Y0fiG?|6UxIM1BwMPQ!xr`%yE4(#I{D_NPUQ#; zUl(6`v&IhjF^tA*7*a665j%z4UKfj`{o4A{$rT zNVxHK(O7*SkM~ocd?~$`@-XKFF-A^bG`kg@{!S{VN-v3czk=g#^Q}+X%0~5 zan#f~k&s~g+=l%)Kb@yhiFfAoHssOXXXMJ3Yy){}j+wjixll***F@{4XXF?{SW0nh zrC|vY@}vbYXmh$9jVHIQwbjBNv}7VKI)jg^??et<%D7pFP|?<4osAIq8Rx!#y$D1G zB#=cfsLn$+C=_viGP1M31Jng4Q5f{UXE0Z&LiBvwhQQmTG~y}^tEpa~TeFUaWgQT& zchs_k`J#7fn*e6J*R31dg3!IcXmRt&AgF}s~E**ENNbfT?@y`T?AI7BR+hWSl zWz6*JWHfI9y`T95Kj}b%VH=tiW_NI+e zjfG%KU9@!l|CF#544(6%`ME@{E?l0O7q6YS*4TtOX@T_vkYlwbJ=-y9Dkp1XW+pMr zs+r*t5aB|BjG zAIoMd-V$9l0%1sS979ER8d#<{x_DVSu}{XLmp&k@lg`e@-A#{#j*?t;$Hk7c zQeUf2%MyC2M^7u500u1q)KW7QA%H+?j1+l{wSwF z1~c|E;8aQCVhq4Z1YuX#uv$^<7<*T*bDHuTk!n=EkmT1G=uEa*_G;c}9z%Js>9PHm zuU*foV1rP>64ck3hcJw&7F~hDDeF8mYa?kio>$U+a&|}_htO;oeA6F_u(LFxtm_w~ zTh#bPz<|Xk=FpODTD(h(GaRv3Xj{0K^+zF8j`unJSvq66rQYCg#^E$&ywd9JIQEe+ z6^z_wxtqB49rdf-xBczgk{pR$ilR2(6b-5~x4{>^@)OmUQ zsUTjVq}2F%Y?G2W-7uuQv?lp&IQq7v#v#~H&-o)LNVBbL6nSGV;P@EMD&JHOl%_Nb z^i$c7Za!T2O;|{%tMlX$X9Lx24$$ZB9WI4zr7)@l;g2DL0CGW+bZ=%FfTZnf`P)fB zWG5RdO@V{poHk%FVzpcC1BR#x(S;_$=2cE!>x_Uv6lJs;Zd*O4u^}rXU~z++DpX8= zQxZXy>-P9wEtVzz1`C&B3YL|t~afuM6&{-uzl&Q1$k_6;N2kfh&A?DwMr7o%X_)1PDyP^a!{8+R8CA zQD*cw`Aim1E4adq8sr2iR_rK-J+}RPuQxSxx{M<)>EzVhQbp=7RZS4t?L5c3^|XI6 zvUojjY8b&&_8v3`7^6&CckW>lI((mFx_xZf>$Ag#Wj(4djVSE_kq7z4DQKfruoH6H zn^&!t~h;qO{lIDW=G|yk|=)FO(F^(SRce`{mVG-^9+z=7#wA@$gNQf$5b{ z=(KBm$})dz#eU2QbIr-Kvs2fpy$V3j4LfzB0@dA?Nw0&J6xb zMKgB3@VDSLO?V<4#(W8b9~|q}q58J0HDVpo5?`rmdYxu;Z$X|yV{T+|;+z~ndpyWO zlpLL@?Arq5Fq8b975R#v&GA_n+|1{#5FQ*?k|#x6JT!lmF2$l&wAe%jr2m&jY+vkK zm519nDa3=O^55YzTY@k#_2Hj_*y*8GXF2h)`prD0iwEGxFiCEn+0Hr)w3~amzXCbv zuNv8c@ReK6FNt*bp)SJXEgqf(5WrXAVTq*%F<8@v)GlBsxZPQi;0=6 zfv9&&r*1N>z!WA1Y+v`Q>yQ`F%n!*6Y8;?Vm-6Z5X|z<=N$5V1ux)Pm2AQ&F=Dg z&=QYuwR3Sw+CMWu2!sL*%_Wki$f%yzrwZ~#UZK+JkxR?SPEjtiM%uR1vZ8|8Ls5HJ zUYDQd>=RcV)xkbD%TElSh7LDcW_f-0!Hh`A0d(x_1aj5jX$17Y(Xwx2AA4a0Ay*3x zS|)N0ZL`b;T|MvT?OmTYJwJPA3ub;F8#`MP1Ei?fyeDT%(nrG z?Gi$cTRlJiILa#})KL-056jE-=GL_6io$;l0$2fgBuCCOZ?e$ zGUPp@<{McV)>)}73Ub|3@@yNLudT`c_YN=5g8QlSfh_URvvM|76pU5sB-HXGE{A0A zx1_HUd&PVV>6|{~h5!RSlSdW7g9_X6fVtX>qFLXG)4BgH3VKWb^P8CM*sA1CNLPH@m{Og+L z6%ttDB!iAp=BB3hhN4b13?n$qGK9G@2+15MN0Ap%b>@T($+cA(Hu?R@a&G2Z4faNB z(<1lGin-Wb#eR`L?0;o6Rs2p&mUzGE{zze?z)`w@9jTU)COS;Sl0|pQOAhhCO2TxO zvJf*OIxq1cpNMIBbR}L444@VGK_D$Hd<<(qno*}fS zIhD*4g+$zCfS6+)gphxl0hH-K0kv99|4vY(1zb(|Do`eTeBle1pr>VB0=^K2KNxZQv|!O;VFg6cocTr%KMhcu*E0%!-Wz#kf1uS zwO;2&s@&RKq_)9hrNDT4=^OCIT_a^^tVOynqpb~?zj~>(@C1N-A;QI zYU!}>n2EP_k5!pH8TuG7U2XbYM z>Ptu^4`|bDbCGZ5(srkX4W33~llkcpZI^+)Vu@T_XhH7F z(NU+EPi&X&YyaZR!M^OXM;8+!;|HvmgA>%H&CiYTatbj}S*Qz9T;^eXt@Px;yVyDX zLA5UiOj;tAOlURvARGLnyhOv}u7BNWnB3nl>b+krmKOz{NA~!I! z)t?y6r1LaV#AJ4JcDw#|HsVXc%HwZY9IQDiYrel8=5B5!xe4x2jULX4Bw>u$CRf}Y zwY`(vwnGMq>vOh{rRHWyIExWR8AMORO~hM$cA`{5%w%Cwyjdl*bam=Q29UFAJzXxm zYe$!deFY_2=#l!la8cui$-VGWz{x6l7x_#2zn%gP$e4l?G79{^p!UFu#bJdWdC%eH zb^^r}`Up{jb_};@axyeQMj=hQQc}|%kRRB0N##9ZUBY55-3k26ig%7t9%;h%!z& z3I}@J-m*XK0*ePN$6*(5wK<3{lDV_Z*dKwMNPgkbS5C$g;8OsD&yx70sA#zz5Q@$eY;AMH0j^+GhnH%2-AER5s!5w0$~WQ4I%9-Ey0nZvFg zs4c6LKFZ0xN>cHKLJ$`Nhh<2sO0$2Gf4c|QTiHHhxlP(`PJDLQb?-5uc|%jGn3@)2 zSySI_cYQoRQIKCA2^d{N|DK~(ZlZ2zSGhl5s-R8O4glb)?{@n{61iSny7@gH!wmwo z0VBR1@3;Gw9p3?Eb8~Y}BGGJoesA?+kXt-ceY^?t`$OIc!Vl++|^=wl%9qzRxhAt$T^pNxsXNrOR(Xjzr%6&3`0 zX;Kdsx5ZL~17z^I*0aVDI+)Z5&mizMNxsT~5OF_qo{81L zxVbU3xX?3Hw|>LmCdx_b_4rw#&SItg!5%{GG3j3+c*J&1mm$S+s7wAQ%T9!nDlQ>0 zlby+O{cyRa|J;k&4^kWwA0KteF!cwnP2G|lHx_xI@FW6d1emsw&El5doSeub-BGL_ z&1i&59DQu^Vb>iqqTBloMDUI=nEF6X)kH?v!;4LAG;LyP&PDSA7rQ&^%ILhnvi6=uV%g=mtv-|2sr^C%GAfpuQn_B6aNQp~F}u17tmp(fVApzL z)tCjwLprm-BLz@k)3HwI6}NG@9riIZDws$A{*uSF#mbl0BHfkMe4+;7L(Au!0uDT; z($m^ekR9Q2WG8oGLJ_ZC2J4ryP-MPV8L|F5v}i6;|86E5!1qrub})?$j&f^;IoK?= zLzkCs=yks(Ai~BeaP$fYB5}0EZaa{Wh+%rT5RVLBaU?h9q1;+@cQlg`yH~Jj9Ls;0 z7F`U{jDbD|xU>StBs3?Ua+{YZVXL#oo<%u^p%5{+Y>Y~b^0zw*!m#P@roV8wpLB>lP6f{~E^QG`pIQ$rApnzZKrWSX`5B;P+qb^BO8{9| z{`BM1P2kMW5Q?Ou*bpx0@>~(G@Ddw)@ejf=w@1!ows`d>wFqx)+g(1xNdo-xC2U#f zq39({5kr`PhZkRMVcGue?ShItc(D-RO$)M!#>Do9`9Ph1G4idgk*XTgPEjE2P>E%y zTHa%a3#u}HS|)#m4`l;pVsPo!6mRgJf5Xz!f71_(yaz|w1bI+ej@gp}7N@Cjax$Qz z27YQUhN~DlLi-k8xKL8x=-1$S;EYV8HocNTIJ+K%Z`y4kPoQ)vfP?F3anllc?BdNxS?qQbj*=Z6|>c? zqG-xY5i+y^_EuJ~2WoQbOYQK%&XZ2b*uffR!xB2o{C}h&g{LSUJis?aCF{Dc%DYx$ zq+kfY8UiB&YVHgMBCK;U=%)G-v150yd{HPiHdH@eW$Vh6;J`ye!=`fuDu= zOFss#Pfk4f%ZlTv@wEkRVCiV z+uc5pg0DLrFaB#ZV1QPA(V#Aaz0B$$dxgdmLcB4KK*S7r>E|qbM0^ujcI|BWt z6e>Iomb~K0fV_{KFm4+jqDJ)382Y)>G}>qGp^>S8w}C?q76u1K1xgDN$UVuG!*3xc zyHX=9_cjJAl$|Eyc0&{@S~oZ=Q`9sh!FYomjziLy<1$6;RzF(wgggqx^9ufPYMI|T zRVbQ!!q8MbE=QgvpCjPhC-no@N!3;F5E~+xPeCF#YcGHR@ zfCl9^j6D15a8oQ!UufMH(}r~&QOn&PxhWYcc+C!PuDh)S)yVI-fB|h4O<*IKME{Nf zk^N=BqBE9b(7aI?1nZ~w;f>uH(Wy{^HF%q7g`pNIM%O*En1&%&3VdQi` z5QLwJ$souYKFpYzi5ff%a4p>CN6N8Nv?Gd)~cOEKUmO10JYi zGqGC5O+b{f@->B}UV1Eh+wkmM{Aj>TqcfYcISyN5XD zjHNJcI~ zy(1mxyhkrQD|%iiNK)wn5dM}^)03@0cKdHm2`ns19h`!{IUv>!&1m}^MO;Y01(cd;n+jfzU%^tTgPl!_^>Sdrn?uLC)^jM0t7h5t0|{|scsM2tL!e0p;)`k zqqE3_dp|)eoabHkHf2;X@rQn6sqa(IA=CaYbd`x(Njsu7Wrv|?okNg; zDwWV+df__l9n%mQ^xF91oF65<+?#*B-L12uJnOIi<3vd*m{_Hib^&*lO`|+qsj;3! zY=Y%K1;ofy*~g^Ghin(RjN6bPZkdQvlSfWKRq;4)TrcyNrKiT^%h1~tVG}L|_hbzT zF>k62C^-!Z$Z($Ri*9;y#QLB=OvUttdeO!;q>YwKY3g?+ElUp1c(9E?T49jJ8$fQn2Tyw6(=P|CR z!p(0qfkrfbpyN7tSaDuE$3mD#smfru>ejVESpHYgVfmHS{ zW)W;Q!rt0`ArP}pn3hW=UJVRbTRp#@H77F(aq(L(*V9{eDcS`w$ux_YgHreTF)idi z_m<+jjoEF!AH9;AGmV#Az_suo$p-VxAdgdZO<>a!VjVF^tFOsX>vrrTry-{G*3Ioh zWFngjfp`9$7|aRwmCtGp)#L%|;bmui#mJ$puIc-{e>J(;A5q92-U0c3O1z;P2I72k z0x5>Uib)HTS8izf(Cx@X3w^fosWpFji@*u54sE}Ms(N1}PGTILl)?;vKxrza1YZ;^ z4@L}+(9J9BWkh^+OrMyNnx{00d58s9foEh~a9!TGqKxE{Fs2G~7B&kJia{h!ln8{~|V!MJ3R;g&ZpVVG? z(b6?D%+M+P4V9yfw{;+Ey3Y_~vgt?|qar;VV+I8mXllj4v$8W=88aFX0reR=Y)mR( zjN^E{)Ih7W;~eDTn)*0LE>th-^kiXM-Ilf7!UB+z_ zDi%kB1z`f~cV1%fn3LKLOw%KNV5omjvL!M_t&y?zwv5bX0< z9lS(x`;+OwA(b}i=CoAKR`h|lGUIgjQ5ea6BA{u2wRKoNIkuE@V*QlP~S5vL~ zl7awrP{$jikpyj;ppmupWJ>aWBl>&I;g`{*XM@vR;<;m$@$W2TeN+mqhcz;vj4`+W zUJz$XR?dPi8Q&fFaaPV7Td!3MD_>Rkdg4NSxv6D@B^%ms7f-e;?_roi9*^^n|J4W}uR(o zJ}to?obJDZ=>%Y6)o8cpyH zbBM%c;f2T?{;~cvLFPZ-{rS=1S#)n|P+SD~mHJi_nZ))R@w|%_BLl2&sy-l9pUhfjeB;C%?V`M3CjsW2u0{KLK zjr_8*AweE^vRjGALF$CDaDbam^ITV+S%q1x%k73=qIrD&tPTG&%F$M+B zZl`DwYajXE4`dGvtk&mx!eoYTpU+Jm%CyTMPPNNmB6*#7;Kgq zJJBIKQCyav@1oNfpeUUJ!-#>7o6TvK;AAR;mcl*FJXsAkVzO|vsqAL080@>j4!p%> z&P$&`TEygrgd&?5Jl;JuNao{tXuir=xl~HJ1v3V-jsQq6 zwuTbj@EI&z4yb}p>O8(C$@c*x{zz_GEY*yAu1Leaeny=I8_obWW7M?0_nw#r4DMjA z`_YxNuF~g47<91vKC=Y;fFVySMk(a*f9@yfY*j-D_&lS5d-Vb6#928Hy&g{+Mt=9# zzX2cV4JFxLee|($a<^fT(yYI;n~7icQjG@}uopp0G2bCC3kJV@zT{2Vc=(zANC1b$ zOOtTeYKMV_F;JWIRQ3lbsmo+j3D2RCjn57aP+B-Uqauk{q~U@Gh<}0&p2l$aR*zY# z3V>@CuWRb9=UK_-3Wp>9g{&INd>v@IR(om5;BQ|xz|&i5?34>wH+RW}>Ofi5_pQnY z!0D@Gyt0VJPKVMN3?&Jvf<FZe$`|J_e&t%JJJ<9)h6Bc{&mXDjAg%q-E|>JlfoO_$b(Owi&e^ zdkw-U9-YfhVl*mD^oSZ#J_$<&h={%?^3fH857E@mgpX29z|)@eDvaZ~<_9N!fLWi} zL1J^A!LDp~VVwFV>$+*7@2N;*w8@NUZvEwLiy}I6h6TV2e@i4xNYyUw$0ag^r8TkYZrSL4XtzX1tQPU5nt>>3_?JRuO?@N#KkeQ!5r#XIs zB3h9{N**Y189`ERTS?1aZ5=vJ_zCkS-%y0+K|%Xfez-alhGB_iPos^-=IuKf&b$^z z3E1!^_|bE2o035~%Ogh#3aKB&49Gqj z%ip0TU%=6k@%|8ilPSilaHj9`#vNj>$Y(B_oM9{WUigEACSB^l{kl(-2(#|~&o@q>Z1uj|A@`Xj4!^~;>h2K?3Hd7n=m(q@Z zKBq$ez?~nYbOn)I(xLSYbINKEx*YneXJz;7jj3m{Q=06zY23~6LaL1Cinw<<4<`}n}qOT|K>)0d=xRf%Sm z=^3I2Yqh&~97BNn1vKDNNiVCB5p?$6EbCinYZS@4zSo~`y471r?i|zQ?x)5;KDbUu z`@+Y{;7Zr!Y~6gDp)5`=jn>360$>HaU9uu>?YlKqRp z0;71c7Asjcb!T=^2{sulZ13wvs(or!iaNB{Oqk+G7*$vj{kG8E`P@Fts19MY` zj+0wtN!gTY3`!e=@F~Yndb_adV^9}NFTpkO{Bs?kV0Tn2xCpJs!JcGiAo54HEPB&) zO086bpM@A2oLoc%Gzi7++>UtUHUIHwHsLESUr_ovJI{o( zCdYxl{roJNZ51pll+4xqdST`{|9S;(SooG3Wz595MrB+-3+6#)9yB+21;6wTbdG6B z9$14*-TjX9E0@OV=PA$ItT@fm<19kQiooS}Q`_N}-lOQZj}Oj9yboOwL~jO2sUfqi z6B@uD{%LJ-a!*wyBnbq`)pJo(H;5Vf<8`!LI{G8{(l)fLkFay{>3@XGcyoQRvCeun z@u9-xp%|Hiq!2{?8qfU1Xh9X!$ zAYUCgY2Eu6urBxF zeHvZ&z7eS+9m}4DOxK}mQ4rx?5D*_fh8^n!{*pqJ;&3p+xl$|CDmC-06AfBZ`r|eB zdQ1mh;Q6>NEtSgH&rX<#eD&CXZ=|Iawr8w+`l|VGv-5K9iEwXq+S^-BJUPfXKvk)U z$~;p2Zi(m)Fk(l&5Zevco024^k^uv8OXltyrxoJmMB?-GPCo%{O%xJ$GB8VyuhO_+ z49>~Ol7I(CKp6h+B8iL;$*z%A>$(Caj+$8krmEbPR+y7%ywF>));dcOcUgIOzTN~R zi<3~Zk1p!$d`ALcetvO7BWI=>=nrx+kh8;4b0Uu)>s2T@SaZ!YH1@ExpaisNJ(c-= zqJF4GP>_@N{>1&eR=({Y;8&xfEE^)q2mEX=nb9m*n5_<D31nf#*PY)Vr7*Cf1>EXAw{gyZ!_~}|CE(+@Zv+Fr1lfmU)oNA!tN>xnlWpIHRTppF9{iSrN9 zB%G@>`GA`n`7}5sxngsFX_FEf`quL^UHyXT`d}3MuM&)X&`TT=$4bm-Ood8X605ZL zfN_+}2w6fa9OYJm?E#y+h2v1Zm|gLtlvyyDNnoX4IOK!hc-}ouZ_?(`*~)>I!8rAM ze}yRon~r|Q&vuS(=plexKTRG>8>`3w^#BlK5l)(9umCMeEMZ*p;S5;KsMKYNXr_O- zMH7wO5^R}>ijkoT$#RY&BFTtQx~`35A$}?P#)MVJBHd#Ou2kzR*1-Bp_}43U4Gl`m zHgXl^vK?a#Pp-Ek#l_rk44?4dHcado^yZEX_k}fAXM!rl?e*6lhoRX9 z=Pt=nE*$ow1;|wBV>l^e%(n>|^hnv>5Y%=32u{?nchmFbZyU1j?=hybg<8HqGu)ye z+YBugpSH99pdu%vdo(gt_gSzAEXjZ*{?o&3U$KDLSOG(4MizSYNw~NKw!V&Q-1A)W zOlYD*j-0dL2ayjB+{$RwT*3O!--af3UnI)Qh}>Tm#Uvy-7N^pC)bQ zoj$1_5&HAh^IfcV*n2u@Skt0SQ0tIw$*E4NKJzs_#Erv-dmnbTQE_A`5EF>ttH{bN$F_m1Zj+6EUTO< z2yKc2Vbn`c8WhJM7(Jc)(c(y%9!X5oHndSq16IE(xz{n>mNQXV3Kqg`^T=c5++O=n`#?~nW6R_hV zSU^^}NMU64zVtAxvI_yHsE}obx!H=(Dx5Qd zs-#Ub=KOVKMHgq~)pRH-dX9-{=?iG?nR-7w!~bwt0i#v>gJ&B+jwiKqd-k4d>O>8R zSVC!3;S(DP{oekpqX=g9hYO`E1&ZYP-K@E$!L2O$p~6})6yy^vEhck5JwwE+b`0+_ z-_XdD0BtKhZoTSM-xtSJt`IE&>)jGW2cjK4o*f8(7~DDdC=JjB8qY)}RzSkD|No&rK$QPpvnU2?=ipWLOPIa_Z##0C}SypR; zm8rZ|ZydMLN{E<(0AI0jWo}zEJ??dh>aw%i5>@;{ZAAg^`&Veox5o??fZCzU^P$wa zB-nI2f`f5&c3qEJM@Z3UH3;Q0cR`#RbY!4J#;BQE{KYUE=gWdv)kBQK=1@xjbJk6R zqZL1plU;cHlf=^|1hm@lCbqxCkY-8HAOZurUdv{I9es#UD36TMq`F);)#H5jPcNu%0c7_ z0TkJ9EO!u#G~?}YKIzUm_%5}nBMR{=6_kC&R6ulGSv)d8B=(u2x~7F(=a-0hl(mW_ z9R1kapuOYgkez>=cxf#Vmis<&MgKe`9EY*wdc>BT-&_tabeZAc8E-2Yyb&uTAT-GF z8u^T2K-+0bg}r3ms5*3;R`-^EEr zlL5P*2c(YU^V2QFTLWBLlNX&2SkT)I21| z);~Cmhk50a(js>ZUMk792{b6RYMxPG{|HNNnJ2mEi{>WN7#zj3ID>^4(eaGUaWWIx zrMXz+2 z5li+$U{9$82E6xhwk6_DMk(4=%~_`SeWcCID1 zc8(FYyMlgr2+$l3Jj}t;k%LHlLWiRva?HnNx4(V&ki*|#?F88BE*bCD*d|G1?9A)S z6^WD2nZ5q_Ym#bF_61dhOD%+@7k1%C;{1myOl?a z_VDR-o_CkfW45D^)@6*a1^D>rJtN-wmXgn1<))kB$%|Ua?J*H&HP$zp6Exj~#s&}O zrYGZwR}s$x^@2)6UZ|XlJzIdO24qL&1{=2s!Xw)B1YHB$)AArB$O)!#KfO!fWYm7yBNN1l||j$IF3K}Is*^THwD z{|tE$&!`8bbE9+RHHw}Cq=Esajzdo3BDE>;tCtb7=?b~BJb;a*Y5(bD+PX;)oYDNW zTz4(sgznXgVa@@c#P$`1=P3YS&^zEJ(Yu+_@ARIqqaa@54KlcYe0&BvQV&qabFg+$ zB<-L@ju_J7l$DdCj`fEjr;n1W1m)=+g*reiXKA%l6O}&gs%AUzacvzd)y&VrlE{Z^ zO@B{O1jNJGpS}&Z2`|1fN2fASMYaidx&($r`|@Tp3#NQim51~t0t}%NNs(}^#gcU7 z&if@T>B}Y(Wc(4U7mJkT@)nFPz7@sCi7ybTmyr6vp&)Yb3#y4h7l7(dFLM!dfJJzJ zt|mX@1)VFQGgP!>i7m}35p*Gc?%}5gskh%Do;r8h-wIsv<9mEQo@WJi3xnBu5`M4k z>-G7@+@#D~rHo{Y`wc`L3H&_t)pwd;LIGP^IQ;+&k%Zx_#Z*Y&PX<2#lc1h)gNbv2 zt`!OlUW8U@Vk6*bEG_vB$o6;8AQ6#&-NpR?ijNmGT4K_geBQ6O&(}NvJhJ<$czpO- z0^sl>GWQvvOn;#OblH_l(&?TLE?KP$>g_8uLH#v!P|Pxs5KW66lU^;NUUm1fJ_{3kWJAd3_GRt;4*K z*+q7ul>gS`$ZDkIKLJauG8o2<@gb3!22wa>zI~IF;8Eenr8^`4&~*>1;km!A1lTx0 ziJr7|g#Bg3*gVinGFL@Zab$eX_gITE=0%aAVCR`3Rd)RwY@*%8ysB3=d7SK5wqs&` zNOB487i;y(pU_E+Bgc&^ty{ey{dc4y{>d{*fp)2VIO^-sR)9ARRbEA>*Og320PRcF zc7S&)8}(W6@So8NA0IwY1k;BuV-#6L!VxS?{sh`7o*=i4Ul!{C#$U8M9FyAG@n;6u z4bcfnzv+3aW8Mx6$z$*UR&D!rzvF093qm&-NP_4o z={f4&J(JPWC$zLT8Q*T3-^%&CH{yr0+-zpb3l79#?2n$l2l$Q@ zTz)vg{fW_xLmVw^l|~^)MeroQ9)fIOowB(%V$_P3{P)78Rh%gjft9|=*UZ5MSRXP> zI$6X$m>)OHWW1dXabtRLDiMBlXnPLc1|%w&taV1fLXKFm-HFIs&v48IaWnB<9>wjX z-#w;DnWjQaml@=IOy8To`YzWfqHQq^I^}bxURG?UxUc_Lh23bRD<9 z`wP(G`GsO%Zp>0^-FDCku!EUNy2@C)6uW*EI6fnUsW#O|SW_cCKJrv;M;6^!}V^I;DBMKEsH-2NFlcWM|ib$2~MyxZ*RD^K` zOc8UlmP2Y82AfTUJdm#)n51k&oJ20uMlIX-zHI|I6I0KqsHkQT>Qrnfo=+FcjL|o0 z({o^vrueYEzLdEWP{V6AsVTw*P{zmum0Uv$O`^b9FfH{gaFCr!c@~3bLcgL7bG7+l zB5kAyg9p{#f(N-k+ts7$&VFfsVb+zMX)EBlvMk7Zr|CBO$33jT*dzvTN4GfBTk_u( zaa@d!PKG+c!v~4=Exfoe!u^&i0(~P}$d4CflM(L}{X$jQXJRE|$xqiI&W|S1GEWOo zS-|AnGtuxc8#g1)EaH_OCPi0NL!OSq^X^3cgM^SNMW)E{dzus8H4l}GTSZjQO9rH9}bx~+4ik6wHXYuc3tuQU(ysB+6JPKVm)86DH z9c~ZL80DrJA+tzekARoDbvbjlx16|eRwJ$zwMfi`rAJsK*|S~Rp&zs|qL^S=Gyu>w zSr230%(9`A4FQ4dhQXa%Oa{axnc7)nTI=&lVj(giyx94Lk_CL;i^1QV)eu%Pj5gUF3CABrueMf{~V zniif;8reLTTFtXU{Cif@fhOPeok&bB&pZqe&NVtigy84X(Djnfm@YG4t1O+@zgLQZ zHUxxs%{5?#q_t(BNhFoj%u;l({E@N7LDh z(TH<5l7&;nUjeSP|EZ~k$T@;hxqf{8>jMw#Crz{l$v<;0p-@B?q$ZPMcIzG|B|^=! z046BWQKzS{9Z+VOm*N_bv3fXPHTc({`E@tem#{7_E`E=fi`oNQ!QgAYiJ0i${~&62 z`EDtr5Y1`>oU#1<(dYM%&gK#x;npU$-ObBXIeB9QA}T4_`5|$;)AbS%cJl$a9VRie zJ7(tGQJYP{lI+X@mbT0&hYLool9Y8E?ng;H*jgg8(Y537!`-YCj*xe1bn-;#0D(-T zkkTCMEEs1V>X=vBNesvuMfX{l2KhXgHfUvY;(a(*PfN238g8BRb~hE+#H&I{e4^>l zhx$WhsJuw1`fWWp=wwP@OON#&pX=*t?Cz2XlwVQYp`VncWmPdI^pwIT6YyS2PMQ5q zGL6l6C6sKlgdbXwq0yWZpY(p+N!4z3ZXqtXxDdq(l`hcIPd(@oDJd7#X2~?0TFNJ= z;Hknr9E&U@59{d!qYWFQb~L|AeT7L6E0JrizR?ai@RD&8J%7iGEgY9P^j;#z_HCil zv_y$hTZnl}p$E{Ch>|XF`qUB^on8`8DgQPvb%pxHO|h}N%Ft%|`LvNypBK=|Enq6z zDI-S6BL2wjqp<#0SVw%wiAp=u8)qctfMcaibIb0+9$vSJJELTYp>Tlq^)mW=$&g`x zi1+Ur8^5cUNbNeFP)D52Ze}hUpU&7Hz(Dt{_!71|;}skPtB)LI64zaY8ppxv|Ko-D z!XDyjZehv*Mx*~aq?w^jV1xKwxwd1Jm_ly0K1Cx=Y=&+kKuok_RawA7Z zn`lE1EZyRLq$U~>3=SCl^u_|d$a@dE67OU!5qMqSAf(2_@#H$T@{&l6rZh!GCU2#d zvQaZwShrDro)L{skT1T6!j%16!OOSUguS_Pv9!Mn0$$DY02^hgi@8_=J+Zt2X7`0k zs?A3z8@Z78#QN3UWgVi2RU!j8C-YS4T|bS)zRZRv|i2ngV^MDCFxGEvga7H*Z~eU80Bqe(0*p zRVNeaX|=%=e5VC7C~YmDgoPpi7oFdh1?sba_{3+v$j=s@`T_D@BcxGXmGO9|Olx+F zfc&%7uBeWN`}l%+VFnEc<45poR9+|!J_-R`>Wa6|H+F*Qqp-MJy3F1^FlwZA#(pWe z63bdFj+;pc7}v`;p18j|%NhFQY#zzwq4JBXl==1QB?v8(^c+L|=_J=?+Vq)6LP!0F;q7Ey!cUNajhd%;-i>q>5``=;HT-^k}_{ z9Bf3|3+TPuy_w=*2C+4&#VZYI&mOeu-kM(ymC5j0h~|OoP_icvgl#xV;W!WF^8z}K z6D1EGD;gf|%_OusRHdyelOs>tqs(NC_fb6iFF%aVGAMb??LI_fDUXy&!tWlQj-o5R zhnCz2oP?miN5IezDIjPY!+z%+ttfU^ZHgP(Q?Z4jGmLwJ1?nV!57g7h zFo3)AbB~xTBdYe`#_XU|4>%cgq_+EC2W%o#*Av_Ir|{ zP(ankLja^@{=!%B2_GQ7TnD9dzEn2<>`cEelHU~$%j6GXTA;f4ZW<+Ob&F!~=`M#I z&9o%)Dd+@?vYU>@F`w41%G~#oR*sxO>PyD^JFYW8j|VLU%su57BW%MVu3! zxo0MgstW;74Bk)ot`=RnF+ZOV464M*ayzXnqC1_gA2T^Tsv2l&fX_RhuO~TQC^T-s z=V1;^g5{ux`wP*?U5QLuKNz;A_93C)=ceE17$R?nyew~+>BYRfax``TvlA|T2=OH6>_SU$~NJ)kd zNq743dM}R7UTzC0sW%=o>aP02ur=ceT##D`4)&6qC$c3T+rm?l`MyGt! zGNLT`XoNE_oc;}reFCOTkjQB2AJTR{8(oea@@IzKF+sPgdqnAMFYuvAJj;gWgnw^G z7FMy13bOIU5v)F@GZ+yQ5XGa3CrO8Dn6Gv)XTnE;tW{puwy*J7;~hpdOswN}YMVW{ z()TZ;nAk#I9dO)%xnt%{hxV<7+p>Iod`BP>?vi%t(69(@)e+0wh{)-Rb(`@HPn1Dv zQo!}#z9G?#oS&q>sbeK)RHNo=`Y;(d^?gh>bE9n}3@DmC4UQ{8`{ZC8B>7l0+}^1~ zgs19?T{}Zortjkl5FL3DdQa}Ir1ukhwyh6&dyLRjk87h0%ACRp#m44fqEPz#bu^)U z#y8Kk65kS@zhiSy*G|$Uqb4g-*ftIP)fe!#ly^UkAz#U`@R+t1wQ5e zWLSC7xpF1CH@T=qv@USdwoqzXoZ{U|%54WvSOI`?Iw=GKo+#&;ky?=$TA!@HQr)Kt z?q1RFdKZ2Jy0&Z4V;%q+|HnyZp#S1HId_t$l~CTHUvXJ>vG1@epYPTT7!m^4Sg%~H z#imvR+ETUTCoHHT6`j_r)?Z8V=_#~gztGVsX$<=OUY{NpWqBE~9l=&MHcPIW z;|c6)o`QU-p|!+(i)OM_O&&r;wJqV)*HkHa}Lu$NRyY!?G9&-HVE!^dVqhlv)4A? z=ye&o@f zpt>~7mVR;fVZ?-YzvZ?saG#nqJayO#L^V_JOh#Aq|Do;77=d5y79OT3^*kQ$6Gq>^+$zY}qI-pWg%`9yYaN8lR zvY?$S`-!ADdTU51hOAW&LcOEfU%8y;0DB8H%H)5PjH-%8r#KJ?_9nWZD*}6x0BA)n zq&}iZtL$WScORI{QNFCmES0jx9AW=k*7o(TTx^@GDOCVW&UXv>f|KomgSbP&fg^Ay>LCYqLm0g(P8u z(g3q&3Rxv^q84V?>mW!(&G5(s!H#6zmwy6#E6Lx-QyDBKo_d&i(93WPHL4~{e?w}B zoIpL^7Q(N&LD*Xc0Vm78@8@ZG-`}VV>2pQM5ANTC;A*5$N>+=uQl0=35KzQrV?F+n z$_>?`Kyrptj)Bo z5Yb+0Jz-!cYQ#E_Uq#ht;(`zUi{9fl`(3P(>%|U^+s9l%3Amn>(L* z$qrRHZ(+AKL@y$D5|vnmp({8`BMu7l&@$gz79V;asa7Vyjb(Ohqb#JF7+#ld+kW}@ zmj6%bIt9el&*J~X=rAPkk8lHzCHd8=!rp+N{>u!RM&BZaSUjRcc!pcGO=@SXQu8us zC`|V|!FgtA5PWX9H`Um}i2SKg_B{timk`vD08_Y(*L1SZYf!eh9MD10fuhyU2p6?6 z$}B=3H-jU>Mz#te`RyaFdRa&VbH+;rJB6x&9gV~Mp2*H@b>(Kw?9`B__MQVu zTZMu;gpGrwWXqCdJ3%^Xc@DRbjBtgDERuJZHj`>DH4TU-Q~WSr%~inM!k9xR>qCk_ zd;NKPjNuxfu+#S3aaxj3Co79BXrLJ+M3D@7?S(p0Wd0vD^~qy~`qm`UKqfI-WpV^=v1)!meN zwezPIYS;nF1LH8q6;sKiejtV0!(~dTvu&F zBPO(Zg*^W032zi!@oCXEDRe46Hf_q5&Y^Cn-c`$6Mv0(>(8fN|@75NWJft7-2Kw}} zw4xQ(!;HU!p_U0>UR$BXI!e*= zohG>!c;C}=YMvLmE>Kk;D|lPN8r0xpAXvzl=weA@jKN%2PF!h?pGClD2G`{WMj&29 zqlG#kgB?{8;l=uA#Ee|XrdyH-*$kxv8T`Ee(Dr^#UVKKKhnya^s)WrvA?6AA9Q$>C zUjGCRmKWV@h;y<}`j3Na&}iaHx04`Pn8nn4L$%RQ#n}8hFa6aOSg#RK$WVCRAYs#e z81^}h*wy8Dtxe$LF9o2_rtv!_?dhX`0Xx{3-o#&`-h*0uo5U!H1!R7sQ?lgsKXlaxEzjfC_!slA0otB3|U5i+eJ+zdv9Trw2I@F{MFo z(CPUAVWJ*czvMYWC*#s(`VVdXkhv&|6qCWAqZ*B=d4hGO&2HQGkyDpe@%;N-!SD0p zBxbRUs}HaEEVgH-f{I@Le0vLLcXO5J$@}8&aBRxdGN7V^L9f^4aP$e#Sc%OGDojyv zG}!+HWS;<9RR6%)kE4ks%(JLC{KXp=@J(bPUa8dRO7wJ4L4Da@MWb=imBu86*yp>+ zfg&_Y5$zyi+z^dEN+&Iau<;%e5qDGsijAWA%vg0JC82nfW>mstw(k8l1B|_`<5eYR z?W45HbT#N(!Gz!(GQjGHWD^Y19Rw5NC7Dz-)z4&tK&$Y7QQ3}PIeMTN#m$VYvN#{P zjZ!a2$Y8qanRgqv)U$D+NvJ&}e*zVPiex?y1-=uyU|m?~0XgE2gSRN2wtx9WvA>6o zrZ+jz>K5ko*PytK}Nmc+{c1=atDINGNL zLv|Wc6bai?kL>wqZar!aiDLBZG-(ChHB*R?w3vyt8>Tl##&V*FM_4tYQj}9KGTKm% z@U8fS3}&ry*Icvo`e>vnG=V+H@>?F+j};77R2juFq5_yllAI^Zp5|_G(X&o^_`;gB zx>w*J&-Tw@$WjHkRHIqk+uIIOJW}-S29S!DX@VO-v~ZrrHRqex`c;j#AOko<FUEma}#cGpUT1<2h7@tpmRGkRv7z7nBXy;zyk;@=3_Q zIcdEQYh43gT+T`x*Zk4swb`Yv z&@s^zr)e|`s|yRh?dqgiY0uj|WZP4Y-A@F&<^(l1YzFvevF$RgU0Sv8@ZA96FVEjF z`M+Hru%6(F>X&sy_bVNxPTo4aLr$ z8U5CorFu8lR(@!`;d8n>&@j;J^Ky-rSH=M~8F2Xfr^+~`Y&wJhxPPgB_}Tos4CepA?Dl4H{-&IyKe zBDytK13L&{{X!FKh+YHpS4|pc8z&xh7L+(!CMEj zaOIfFbe(&?R1-`$9CvxJvnO2wh$IDzf5deopx3u&b9Q;=m{hMP)6Kl1#$|{N8>sn@?{yk2IdqKJ&i(cJ~C`!!!)KN{aX zlkH_O(1|KH<;cg-&`g}~NK{HHA;$Qa0d=A2;jSsNYMpS-Yda8pSMJB~%_kGE1_#qZdR=Fpn%D z)5#s{Xi0_hmG9L0*{zzBvh(s2V4(AjpsyK>HBmMHQBMHwXof@(x$loC(O&V+|3wOi z#e<0L{dA+#aJn?F6G(Ce$6A_&93+CF$I=ULW9)FWi7Mm7narsQvvz()C_~K0a0|#` z-JDB(ES+<{(}r@V-~@u{fNjtLM;`t7GhPX@D`kLa%Tj@plbOy|s8Co2=Y+M^iQ~%r zaecYb(>XxXj3eYL;30Qy5(kK;siB%7h{mmVXGQwy=ZHk;gyYG@7CASGin~u-fWMQw zW9=55x4S)^4K2ozm6T29If>$JMS59*i5FBv6rvSwqt8juPC{27_AOIDLSsnYP#x~Q zu~uWpmQD6(%*?$Ynk)4|Hu)NwgeiKrPhX-b?l6Eo%Dj30j_AM^cJ(XH>zr=Gr1aE0 zssD0lok#jXHtk@M?{ag$r`eM0IzpZ^x1lvJEweOpMem8tkM(8GKSKh08Y#>#aBYI+ zk-5xd??4mR&h8C85T{5O{c1~bWhSZ^z{UYE%zeKy7xH+0p5K?P)7qnWt5*KY0>EbV zn%v~D4+{&8!Neaufka379PsA9+hUyaHGJpdW2@Pm9I~!cD*Y2iVl-KKqjY3vUa44X z`V&FiS|s#LK&%#2@!!8P6NC+%KNzF|A4S&O!xhHB<(q*A&*GYIHae=5Uwc0Mgm#m6fsw8PW27TRbx(E+{Ohbvj^U`24Avd&WTn`kw4r50 z^-)qDD5%?wi9P4y4Grm=XN04m%&Jl2EEajx+BXuPx%r3%QzIi)N{&TU#n_mJh{7#a z&=DHGe?nManqHk}P-Bu+xp05JdVH)={{`JJ-g$u%kS4hD@rva4o7g6WZ?- z?R5!=j|?|W)2Wdi%(43=ECnh2^A+xULR z6zig0V!7NGhm`TWvTYp;z)tTX{Zkx|T#vpdIUrq>1H*&@j)8@tsFu<)&pGD2ECpPD zMZsdtyg}*bBc~};6HD|S3Lg@cF`BZ^qb5hw&pJDxSzW{IZJ=pennS*2|M^lk%XX^< zCX2O`0+YL_hR_}N7A3vHk!q82aK=RIvgW0sXES4vBXPQ3B(G;>Btzrjy!_+yczkUz zzNNI1hBPy)_&cYdC52PEFGh!+3y-e_E9`pfL#22UkXU7bue4_4Kb&LdY;bYCceJv%QACiy0QDfY^3sb?4VLkl2I;+SR(41YnE8?a|4W;iBN@{+ie~MMkjB`MUNAF3i*#yvr;_^6Sp$kqq z!qL6}sG$vacID2VLU?C0MKo6_ zaX?d06nWV0Uz^)Bt%dqsuU6}JQ^kh6>!h$JVJKxd;d^)chZl%?fLM|GZg+gOi*0^; z4CDH&{Mr@~Il5=6FCZ=kUe`&RK&K4`S4#p1!}A3`u!~!6H%>4)w*$4cxAsBGudr9j zfRYt>|Iz=x^=mOUOB*M0ZV-*g_P(3U`}z0t^q26b4YlaU`8IEBea12%v=#^~`0uNn zL{_D1C;EFCd>UWQbIM+9r@9^$stkHrr8sLT{tY$rsca^(o=&yzMrnmi)qn2gexpJ` z5n};awaQE7|B~MShy^4ISdw%qyJIXYT~ejJ)c|@k?$1|bCP||Y_2y^%SFZCPocZU< zxoFX+9h!yajffJEOmhN^EIcYpEt>_`G!~Hxzb7W4hW2bpcdksbOJnk020xC*w*7f3O;^A~wrJw6!vVA^> zkebA?!|s>+w(#C**1&{KYiKZs6{ptg%oQOPQBh<9KWkhN=x1ePsjCW#LY1fZCwL1E zNA7hpch}l;ReUw*A9-NvAjR3Sj8(?9z3ic#`iFOhT!G(4pV1day(V6r8`HJ&;;wcuXY0FfU+AN& z4lt!vMs_yNiHA*KbEv!HVQ&qRH~v+IX~5kb5C2AhomG%wJ@dplOm59f12CnOJ>ro< zr5P8W*>h_;j#<3!QN!l4X6wF9s=P*iybxkpq%nkjmD_b>brK~2j{tqS?|SnASl+NX z0u}(<&)Y-ZkJHb$k2h@ncQpTndpx$ogB5TIk@If~Z@^klBm)t9ozDZSwGtJz`JSP^ zmqH<%@#0VCpL)_d0|6ANr%bm~0CPmh`;cG$34cN2fh`7SNU|Z=U1gP-@M20b$Ol~# z_EKKJ)+YH^uVzc*xXGv$vQ4#rwjg5YbYF%9nH}nEN9Tq`jwD9mqO|Pzc9@X7DkdBA z?B?-dxiug^Qglo4v4>eiRE-#c z)wU;4bm8$^lJW`31^N_Eu(6!90!3G<22Id7{O@^8i}Su^c2P=Ii&<5@M`ZC>Tpm); zc~-ZN^sg%v}Biy2&*9gtmX%U5JebXW*vE-&gC4X?3~>kx!2qi^VtONBt@u zlg7s-eb33HeXIs<4%p+=XiW5}|#-zVgHLquyH;UViM;XX};fx~{W$|CYq&%t_ zs)%Y8V1`?dA5d8gDGE`N^5h|)fQjdxJiGDjWL=~Guun9mU6Q6t{bO96!;bImksERv zHcq0w(du&e-jbpJLnvU>WyPs?^qHd=!D@He?0cndMVydrXzuh^V zr0J5Lks*Od=uk{tq>s}>^6Aa`UXTgI%)|2Vc&@TRbH`c?pgidV7#*GR#$fY&a>eT$ zJ-Juip>sp(rbgw`6zD})Ba@Cr(ITa4+#nk6H5vgL*xDc;LbDjR$i?HgH~D`i1h?~a z&YN~0>-GVxmK%HWA+o`;y|jyO^_Mn=wmu_&Mz%E^JYAC)&*_|BL^#n3#<5-`# z{#dYhN!kuoS2^cSoysmM=Y1m&(^-a$H_%VSqX@M7-?yx2`vD|Fuwv$!ELRmqYVNij zAQ@VkC^}a>0%{MZ`*#OoL?lR)u>E`q1m9D(N-BU$O+^LsycYShf~%b`PbB$oogaoJ zH3v>tj=EGwYoji~J(uru^>rb|1^%1dKN2_TLzS|x#X4=dBJ2)0!jxfX?vLcru%ii| z_-dNX4{q@<7L0gAEEkY#JT)KQ0Nk>D#)4>&?EoGs%*r*mEuWKXu&#V_X~@pyaw{Qa zawn-W_~lr|3Y;)YLHSjtaS`O=}B8D9?GUR4wv zZYAfo{yZejeYH%Q!_~=zQ9B^`u7NGerk$pB_1rN37W)}{==y%~xL_S;j7J^++ymj` z2vOjBJdt$#B85hytn7EXS2E3;S$MdyBh;@c{}J8OwyHT>cI4Dq0P_;TGuE&EpU=Z| z8$fMm3T`Yxy%p__|C?v#os*hiTsipv0P;W$zr0ah;c^%tODR8B)+CDn6H|b`3*;vF zyPh3>*B!0svTD6kXE{V3{j33(V8A zm;d=+{kMa|qp^B!ZL&uWk51hD=)sK}AOFLD`ac)uUojc|_^bcv_P_WayPz!z}#ms+K9usA=8cwuUNB8|MC?DQ@_A`)b+8=-yh>!hOd?Ps+m{+Y3Z}2 z&zcxKwDi!##)&`ob~!rnX4(pmih&f?t3{%x@Yhvgo4*SoT|Zm=bRnecXN#XMgmnG< zknuy0g$;WNkl>l_!Ed#WGunly=1;m7^@Vn7!^s14?bD|btCIc5X?|yyd1|WDCLBA3 zpPp;=tg9Zc*lmCP>)-H3rQ#NrsNiRxeJZpn!)x*Wq;In{-M{~dC<3%`)?qHEYIXkm z;ll@CeDOI4SxWL@A{OW=m_e(a(hCQ#)5sNCI;}IJUuNV~yKJF<`ub;nImI{OQ`=t$ zC!Kt1YP#(Isl>*NvbpCLpA2I}lL0U+Zfpulu@Es_%cH*(KW5=D2=`L{cl6vg ze-km)^IP!~w3<6-hLyRErX9Ow6Qe?~IM{t@Zua5B2e$Cb9>YKU!+-wj>u>DcqHP1` zIR51;m&Ne7as7sm+}^$WF+(SE73FvH-~apH{qDC$nE{T^EBg`KoKQ(0e|!fiN-yx0 znIeL#I01kB*HoB2nN z9;LJFQ)H`be7ma$GI}Jv6+c~Nj+)=>&_|boEj@Q3)6b*gv(3L3hs~50KTT}xeQxoy z7bne>7C%jF?0s(Wvll1Llnad?k|!yMiw60DxMG{!KN}Lw4j%lh`ym`}ZjwKU!Ner@ zqDRyP{gg-;mN{kJ`px_HPEq&NY5ZXGOo1>eIbCI!m&sXwKe|kDL_R48J z;x0YzFv43OcI{$;L{6qw_{4`erW9B|X`VcmI5yEz~?Nz*7coO)+Mb; zN&gdbbJN7gj~9o#x$7_>z59GAXy5OC(d&msUF*U*qT=oo#I?OWH9q#ywYfP5$T|^l z_d~^5r-MBGSl-%h&`N`wqO{q$S)V~;O0_RwMsN_neEBk(JO(2)p>sN4zkB!YvuDqr zJb7k%n!o;;S%imP;DLL`J}SSN5+RoJq?S)r0bc(qw9EGrOc z6@X7PoFP|cWuw_y-Ly_acWK_LXP;wvWd&l%{F>+IS`IF%$6K?tj75=K)DQnM9~Dr& zR;?+vva+nWnk|BwIBGo?B0p6B_`CmY<;^#swYKtD9UdJg@@{YXtUx%e4r~psMPQMk zKl}6l<{$p!|FLNep8w{}cmMnBy}vuSgTYBtS~RQpCm)>I+cQ}oWBo!NCK&JtDJNy zK)vsk5@iOMyuux6M~-i*b19KjHY{>L98qiYH`Lu0KP^49^Cj3w+PO}fKSYE?+KB(t z?jSS-yKfrwi&n5NzqWD%lC42dNtOx5SteS_Flz|Al8q=q)sI!o7<;8Z)w`V z2;C?lq3j8VpjwJ|DFjSrCOd1I@RoIh!Nr4%(w>K;59P61YSSVeo0Y@^WekumRq2!z zmv&Z$)29TGxX;-N>>{SREalF!L<0_y?zEW>^$3|5yrBn#5afj&eI`q`? z|N8V&jLgaM{}{ILSaqg6%x4C{hS~V&@Z|W2s24V84G@#ft=qR3#L#{7#zq1Q=Bt-4 z1x7^-3NVR^eqijtHaRtU_v5<}8fj_SPQ%Lb^3x=8W9q~@BD`_^+Gn4CCIA3xEOsBX zIy*Bh!UqEuQ_fF6A(9{@l+32Xa{BP$L*^%E{RWjDTpoBik9AjMYQzL(nG6nCUZPl z`Qd%yw;^?=`-Lq-)5VUhP#NMI3YSs3dC0p;!kZ&E7x&xW!kLTwBQt47(}%45!ezTC zJuPq=6cVXX3$a+t-Su^nB(1Fs6G7A#qdXUG6#5_FoO+>g3M@*0aHP{FG_Y-H&&|!) z+@)xo<^HZw?p&esYI^TnE;Iv3x)aFde-}JcaJ1qoy;ht0X=GRlB9sV4a6%oU9QjUc z_&lTr{Vt8RWzP%)hA*#>Mt!P=J65>+#R1?r&>N#aI^v|LMMsYORLH>0txf27<5a#3rz?WZs#qg+R9EKG| z2u4Pj!ok8zx;nElCxb|GQZQj$*9VdKw&FRw_89>2Kt*sQCzH7c{q+2&`Gtj`;dE=` zB&vwF7^VtkRs^$R0#!S4JZS17JYqEl6Bo&}8k=jy91Z->1c^CZ}0*g~o;yZnr>3&qtw%F$%t$C~BXN(g2>Dd!IN}4|wX>0VsItM^SxQYnlf{Rj_|HB1 z?vWEIpM3K1_3PIeGY?fwCsUAMXcN4{r_r!!V$v-LUHFQbHg*{T#k;TU{;ni*nZfqy zlc(mR>93yRCQgen=}dOM-7=WMb!|`=R?UlfAqi_7*sZO4#68+GUC%7{fcl7?P{)q# zj=$~gWvRj4dL53Z`SH0Ziy!2UM$+&Og9>WvT(O_zNTltd&4|-a#`FE~`K6U{_VyGy z$-sCQS}i41Rm4IKNykw;HC@!dm?yGlu7_tl-*WRVJ+YdgTh5^A54r+Zu!PmSWA*sC z$z?ZzV|UTD;e25s4p*2dj)8eg>6=B-;E z-2Lx79I#(wJ{Fc1RSorpKS=vTKik;ztPeIPMA}s z-Jc4+(9*+uLk}G`e_DT!wiR(&P<&wZ5;#&J-I3sH1R&hJWT}M`FWdYThFbij-q+GY zOAlwqA1FnkX63~?Mbu(qNK1arw+?!sKRe=SPwU4&{fX&^?bR&i`R4%}qzpS?&1y!k z-mexd%Spezckh$y*W&A4e#@Mjd2>$d%23K;n-q1Pg)d%27+2bnYBfhm=0{j!rta5D zSGrQAT^nN_NSGbwQ)yr2XO!Ae$13Y^!lOv#+nUT=Z4xqfao@|gJC$^r&vrtFi&E+i z)wZ4Q6?O``3SJYLVS9Z?{HT+5&103#P0jW$rp8AYi0zgkG^0QnxAkD(f)}!YM|KgO zK7Gp2U#vg;T7^M%{{EwzH^<_0Y!i1sxjQ;GHZwCT=gXHq{T80q=n%Q`O#S4OySKTl z-nvz6aMD>wdBo1n&8aZ$bwO`wOPXS45`II5=;YRxfWc;gh`)F4d|a$ZcGSGGnZT+9 z27S?-%?Y%_nVZWk6JkMH(qx6k`p;?Lv##7jT|a7$=dhDYZt1x~QjMQv5s}#9r$SBs zY4Ow2LrV`QyWX|2lf3$I<=8Wn)M}mPC2$$?bf>_aL!_EAHFx9_2@(wsC9@skk(wjV25(`oXtT{)w=K zEJ(ok*%x1YHS)C+$PALtpFdX$b>U{-0!d3;h?G^#)ZlW*nB#P`2ky39PHR>SunB8K zFQ-+#R$L3U~otWn3;X~F4+}fhm42#Y}XL?L2LdTD`YJD z@!hAw5381r@~4u(-Dd;khwlJ3X25OX@%O?e1E$QAzH;kT#PyUg^Rs_P{M?lA{Gsn7F+Z}@|m$bs8L zu#dp6&TfT($NapBXTUS5+3KPiRrH!Bofi7{FOSvNi_74;pGVUj`HGCQEC5|~%v(V*Es zcc~xWkp-x({qw#LZ&nwdlx|$RCPK5$hF_3J25 z?Y3XVv~5d!>AEwCwzz8Rte6M{chWREO5Lp?dvlfA^lv1SF3t|O`t9Zl4ll<*^VTjAhc(UtbqBs0j zS#Y47bvPnQ#PQYmY9YRB@R=Hn>9yAQFDI=76d5Fo2-p`}7R=Sx3YhuzY%9K@EM z+x4rJXIlCHRQP$Y&=iXDj`I{2*wR}|Z!Nu5Q^Ty-D^HpyHV%2L5=BU=cFkvJCTFJz z+trps6n@(kE4`pQD-oM>d1;vxL~bvlNLSI2ms50B#H%tw(wC78nG=J;%;93-IczE4l%f(mp0+N<$O3Z3BMEp zR;iwJ)!bmFJoes|JcGU+Jj8{zW6o!UW_>v+kWiqDF5`2-zM<+_%@k^z{RKasc~twx zMe*n@8QwqcaZ>m^-+GeFw|T4zA-U*t!-FGR1EIZIY*xcXX;3)TxtWQXiE&<91yqM6 z&TKR_gwAW~^>Z}h&kX=ZqSLG?MtUsERNQNPmQ=+LZ_h79vM%NYZKchjrxB`drhPaP z268}o-tg4KF^D4EqUs7*OT<|9)-mImfth>v?lG7+QOt}JiDRSOH;oZi?99NOJ9jv( zA_>-*Pe1)s1V<@~s||~Girx}wC=mc74@V!2$O8{liOb7N&L=Yv;bRiH!Ts##UucvS zlqH9gkak_t9XSSo)>(wqthvq28w(5fc*`;VSOsu7i7r)v$LD$+B~gk`zm(E7O~|Rs zgpD`z4((S|YNZBhaa{tZQeboL8VuGI@NilZ_L6-`S8?2$(h!gmHMpNtqoGfsHRDOgH}y9&qxl1KYR9^OX$~Me{15RMxY)80Hw@6 zm(rybJ@t^+zV)GB=V4fM%{6zZHd$1qEY_hcA3$8%D?kd3j4cce35_`#bD%TD_N~2N zU%(6VHo0wiBtDxbCZd%2rC>f(KS&6cHDVV-?B6xn;K8dhF6Egn!((+xNYq%wHyrRF zobh`^RPrOT%#6;;LkAH%OvO`dquBT0{Vr_8(&pOM=J4cbh`VKH#JHdn>?q7oTS4H4wt1kqmQ>0mU9WPhG^WnRv9%lHtqci|s0U9f6=QNCyM z#a+AZb&C?~=M#L;isAH6)1cF3m->&|-xCDsl&aFNmE||ZX_Y`QH0+p%6H3ul%w$ia z+v5|{;j3-TmY;2|%@2*vT&(rf2Rm!KAFdxz?qLQR{$ps>YH zg@=}Y5)myuoH0E>IHikyjRAw!5hjnVZN{!HK31Tr?~JX^lG4fP$+UECql`X(dh%rc z%{g`{>c*k&%&Gw?1MK6V-s{YZhrT+U{oQ@?e{ZFNKZRQv|R*MZ0GDOVb~t z?>kfIP;%(ubbOkqaIg~$;{0$K4i*;T!ubK_;;URf9}mv) z@yRe<=f@wzmbe|e_<>dLXnpN`&yj%)SCI;v!}gB&QD@Yq=56lCupUeEGHcQnpX3uE7z|#aqaTf4zH+(PgQUpMs)h*JfCh(#rL(@tE)TN5edl)A1-FVOADbC+ZVe9Q z$#QX32S>)n@7=#2*}^KA^pO;zO|wI-xmOVeMB60jzo_?qBH(~7tRQjFc6Mg^{=IuP z9vJ)ll!0A}d4#PxW~pN5CvT*UZWExug|BxUucU>zCB9Cc9@_dL_5|lwi_aFHX8k$x zpBDcu{@e9phY$CXC(RL(1L4*VB$>iaId|3R3H}VRV_uhi>w`@)E@iJ@#s02m-W6OW z$j^HV5}b-;RU|q9?9KCjq%?af0?`HPsR1f-rUO?F9NM-Qp2tQqHHUKyrG|7$+I&BT z>0Ek&7)%o=9)5eXrXfQ``l@e}k{ zh|sB5^eLS)8RZB~_A{bR7%3O6xNj zIr}c3F^12wxgemyAt!$S=5K!av!8u|J2hDofyBCob?_6F{(YTk`okaDMygX=D@ ztV&n&-1Gzo*<*)sJq|!=yVErLCVKnqvxi8LY)J(A@{eDt@Y7Ep9cNc=qfWS8{v+{hK3F9zT8z42fdW0`mOaE{9%U}!w75^cTu=)4oWOxl2U71a-Iz}v-56k zDbDxWD_!wc{T?!0htgeRAW!Vz$RMD{pffDt)yIfF%)c6ITG?E-Tcig34a1~>V5j&Y z$V#a*#MVhRh3yNZg3>%tx;>yb?7Cn)(O!iwIee?uH;WPcT)GtNTCNm>bToYa$&;sW z2z!PzmzdaSgFrNFfI73IYiJJN^3if?E^G>;BPLyOL_S*ii<8@~OU-fz?3QjsT%P!B zW7UP~Z<#^T>Ictef>XR*^F;=ip>*$55_KIz{yZgnAkdu51s&cpHcFP(j_u56bw{&NCN6-`ftap9j}%?n>275&pq}MPNSK&&L#$mIG>(L7WC?@UM1sa zzDSMLJ|vT1)cL1>^A{-VdvxhS!Cw&E!hccdtsSp(n_ppJr+Lvluq9e2iyIB};7!Xk zzs3jt*nL>0L_DRUQ>5`W##3fxiZs$=sxSo)xRheyx_tSv5BH>%HcTE(y^bNkciX@G z@~cPRJ!0q0xCjqbZa3?@?;ic|!=HGs{_&4rG5#`G1E!QsNx0&&T1Q+Z#WRzQN?f*P z85v%^e$8S9{@J-%mKBbwo10;sp-9^9r)kFC!^p_gG$1c&g)xHdSWj=>d^$Bf<76xB zsn+hE?MY!@dDil>1qMTmA`A_175f-z9+JMZC2)guOodIr*(<&t#!EYM4@LUbz_cX$DRi}4fF<8!=tBv)}2+BUnvve|I2IPok z;0m8jF>!nuF>QJBsCH~((!Z$9XS2c-7-l}N(za8XT#+l2mVE^^N5-l~o}k5&$bs5N zGiT6VY|a#i@=cIL;55GFk^lVY2f&cvsz@R`aE|b_@=5TJ^P`6r|L+z4YkpL5rB?ng zVnn~L*JTB%NA04m*L^4dTyT7rS!)MrZOsXn2rOjd+@|I1G*==nt8Wp@(NVb+BzZWd z_4?JD*Kg+S$CGBm`EGiORNTq6>u*Y1B&rC}QHrPZwJXni@IwcAAQ1J6)TgHxrBh{q z3?KP3bd!);!?BXrUrV99WTlr~lpggDoOZ0kXC(uy!e_b=txT>&kMIKEfLMl?(@-J+pljNh5=s8>{21 zBLgeT!5a-+xej0dN##UW<*F-W<60K`IO7x2w)3Of!(j+WZ=1+0tJ_iZDQbQ>Nvbpg zPY1PF2kS=LhZDiT)YRnNyLS=Z-r5Wx#wFgISD$?H2?pW;lVSAp&o`YmH{)}?$##S| zjVQdFfmDcGYvPR2&#TlgU4A^sPs~cYUUq7T!PVS#-{iS+MYXXD34@S;Ojcv9K4r)x+Kt@6MYzyI;$@1Hz* z!YDpE7Kx1ciI}6YMD(mG{&{8!s%9@m>RL&#_pQo;%QN-av**fc*Mwr9|N851Bq~TS zgXC$42_)|4E8~(HF4rL{KH)52E8PTuNt({POH#@u@sRCRbkoUQeyZHn zNjvqwA=4)3=gelT))v-vzJ`{5n@GwyVpF z6hbLOE<{=ih$&-B(|I z<*4Y58#nowZVwN#-L5*bZoAHQ+W7d~rMc;;>FYPHYu71ZmV)oT{m#C<<``Sb<}M4x z^JmY#{PIh7F`-+*fBA}U%d>(_=}7uKh7=YE36ZC$BrX5n8K9Hp&x~O!t6^_IM`6+F ze3TICd2;x)5jW##JI11-lF;qSl}{lrS0=g0W56ug-h?g~+Te~Mrc*=pHy8Px%A{(M z2Q8(M)p}-nVs>)E2f`d$)mo{!+{@1jhRz?*(c);aY7ki=Op*Bso`6R2@@<+_T{|VJ zzbA{&E@40$sT9YAEh0_7%QKx(uCa95_-X4uU;1qE|4#TfPj*k47N75g&)vujws}JG zTPT$0!T($M`G(`V0kT#Nb+0+4hVpO`>$zKhL&+J)!9Auujoo^!|)+re{E*Em&JPNi~un9;x#TU=V!fK#s> zpPN%@?#wDh78VGmo8niovb3$Jo8KGV=ZMJk>iax`at84@Dci=~z_h=QgMnm2xqmXiJ_)tml|Xu0 z*b2Xb{1O38V#!&Tij;~V!dDevMj9Smaw;A*6sA{F>l$PgxR;xA&L)-a)X?t0Qa>qgx07utJlFzs*5Ii09PLXNQNMs_Xt#21Z}S=5g3pz; zjj>U#tDDWBr)At~1ISPXwlqMc)M_!b`5@A%yxKIkLuU%C|L`jur~!r^flhsR8Dh(zcEu}#n`Z|6%(51r|F*8H|^_mm!5r`1zJ>_OF9 z9&lc>-Ty^qi67Pkg;I1c%X$hl(n`ejHh+sB#L&`1%&d04;2~$pAIOEtoI*t`_$MeX zt*niXRF;mAqGM!wTr}{hsrd5LrOTH@LiOd)Wk#UoCHtL>N;hxbbRL?ms_?%aaU_}@N;1`#`c1u8kKLVbzvZ#|wLHEo<4fre9zOW^-p7HY?2c-+#}2*2!}H za;*I0kMG>NeS30h68kSMlCVM4j*zyY{Xw>?T`!P)dWWVMb|Um&(_83obTfuGl$^92 zijXU3xF=Pz#r7%e?RLJ*BHJ8623 zItzWa^;b5*mfm90we)7P<-e95T6(D0Yb5cZ(*x#^B1deokUH#YU7DSmnH(4JDHoH& z-pJ4Pp7~V}wuwE&a$aTj7ddD2tfDMXq+6K@y&>#u#uxN@X1>sgda7Tp>~ctwF3OKF z%ioeRSRy2yF<{4T4pF0u@O22y#TO*H)tqD3ytiPJ4(ZfotJ}7>oc7XOON+}k-msDU zXo;ORdQ-Sk?5(Q*Q$l77zmP31{rwN^TOq{XZFTaLnwXk42dp@S2ael}94lLY;kr9MaY2T>Jc>ZQY-W0j(`ru$)m$o9qytnB*b=~j`276tcmus)*i{X~7WXyB zp<^l+yn&;&Pa3s?@uS#tV(giCNynQkh2gg<`sv8%@c2foS%j<@_`G(F!Qp=3u6(M5 z(&e$rucf9@L!4JdC`BmsHr!A$6Gl`7yu-B{nIB;MZPHT5G{aLie%8r@pKuFsOOI4vD-Utr0%pQME7HYU!2RJ zSbd==c07tryQGAzJ9^E@S@%tLj!8~wNLgq6URhgQUX`CU8hJ|ey6`RWqCH#1gP;>{ zis#S=Ta)BovKE}ikHl~J>8?~Ps7i$@81AqjF*GDNQd~+w!}eBEJlv-y zUS644A^#&|?0s!*Xl-qP_bN3Sifmo&*CTHcf1nYXQYInj(zqq2gYS|`CMGr@P&&M+ zTspy+x`DS)F(5XXOlaQ+&$9hsI9@tv6$BL*TkRTI(>D7a$C;Q5Oh9i-zj`(ieNVwS zWXSxYofIt26y)xoTO}&)EUZ1NI96ies71jE)W=e|A;xfkn)VC(p()kIpu|&-&eYAn zU3>LUQoi}}AFf^hmo?#$Q8{x0)yu#6y`c?zuNr7Jo1O z>pS~ZKwDiN@>kxXFBbv+GmvLsBK8>z)6*XJ>lon*L1jk!5hNGB`?z5hW;NpBJ2#c| zp#10{HWIoCUsKbeiyl;Hl3TyRGDF-&zc^5xg*#@?ieCih1a;|4fv@($MB_ z@l(j6rH6LDBx67h!8Fc>9@2uLwE^d?Ha5dZ$#}7_yrTV-hsnMn&PI+smu(~GJ~uYz zxR(C-!;g=@|DN|}YOUdHdhOa(Ds%{=*_}P5BO&{^?HfJ6`qlr(CdH0Hn3m2OC7#p$ z`}h9hFa9}u(?9*w?|%RL-}8UvPWtJm4?q80nAI!%M5)2fm@2rqv?LnqqeqW_``h1A z)gL~5NL&8RZ~pNgfAf#*T=J0A>Gr?=^>4K3`R?71Rpm=zpMCb}{G0i&zW&BrF!+*@ zK&n~~>6uw@c}08|&4G%M%!V1KSXM30wTuxq)s~k2ATALjn%bzDHhN#bdgU!Mg_Ey5 zYn8o!@1Ec>Dx^B3tR8x4daQz_<^QL$J{G#7uuV=xV4mE2J%|p=${eLqI}BwpW?@{p zYB%R&o*j=pgh(t`mfMxmc~kwBInSww3D5ju1KHSIq9TfXCf+KGO!28L_3XWuwuVQ_ z>B%ulEF-uevMZGdB_xd|46VFT5Yo=CLOCrxwDi#OhgSb;`QZn}4_U^E3jUeys?ziUOubw_n*Uju{ z6;sy!oSsVQbFlY<2W*?5?lc!Vj!jVi9zFV=5=WJDa*q;p5&N~br>Bt;b1kD0QzVPO zuRWw|*RI4-$C+spr?Z)T8jYVyoyHn5(BJJInZHGTIF*)mSE@zr;xM+e5?xKDDixO&nQT$2=SupCLS$z%n+km6YE-bC^ilN5ZAAPg1q>s); z&~0a?{4H(@Z>#0Z-iNMiADL?iijEy+k%Wbl+pvo|JUTR-af#x9@iFaheAP@GSD7!x zjBsY1d+!^nxKQq`?AzJ0_?Ce_IOpCfl+A+P?BaNhI=f%hmF&(_C-17Kq!y@HT-Voq z&1q@T$@+-9Yz0A=b-`T^S$U7DWZKxKe>hS}E7h6uKE#@iItI~|#)!HXRkUOgV z1Oly0mZ#y(Ej}Yq%E1&$BMM@CDEytA$+(~xsq~{#aS$tGW!%#Xq%a&b5NBRQdkp=)Nys4WoN7}Ku3nmxUrM=3SxpxhnpH`&jyvAQ#_kLcmrx&J`{BnQ z0k*WXNGxh*?t0c%3B#!e%L9RU5acnAC-rc+Rx)|gbX+1 z@KSt_D+bKKiLDwETz+Z;P>G*yG(9;zlg_EmY;2Z+_O>&`fkXW+aT(BSvo{5SiT1bf z2c?oUf{@g=3Z|5Q$ioJabVn94BM5aayE)BPF79&?UzzpcFtE5Cqd#9_5}&5kOz6PIEiAD$aa2l1-fQ^n{Fz&Au|QiW+#GhVN!5N`v!@%V;knCY$#W zaX(pipc}!|@H4EL;2B7D*brbZ*5AqC6(o*0)1s_j+H+uLeqjm8`MM+6v_(%VjZRNR zN>a73J_MG*l~Ed8b;RYg>66SdIyN#HUz?1M>tJxaA~g+fY%Pb#QTMlWzvOX$kLl+^ z^M`i4E*3vO>Uf!Yr+T$ctEYzC0JUUKaf&gEqfGG-aw_%c(c`Djp40!eP6gGMmoHwj zf8DurhhD9Ip0!_m@i_o=-g#_Ad})P(4bptrm zQX`A4P@5qx&3mSH*+Zwd!p7go?a>xrfozJc}-8?`z%;dA$WVPODk00&YS@zeKT`ajLEGC1*eL4ktfSqkmr*_7pI>4m;17Zg{{r^ zju?0sPPJdz{nDGD9wtv$eoTy0KFcQ)PV?2?=L0G~;MLxG_NK%v-rQQXgoz8tnq()l z)u-Oso&(PoGKS^&v#}|JEzkIcrHC-fZXR6X6ojZ;I>Q0QAhHk|)`jI&{<3`X8RD4@ z(>G-=2^^HdZq4(I-{<4Uk42Y2t^`6f%V5p}j~$*N-HO(;3hnvY5wk~C$Pw_Zh`(?n^7%U6TEMB{Bbsus%W*{zBj z?0t8L{R>nc)&2HM4ZX_z6t{pbx;P-`UwuSQGnDDKanxg#jpG$SlR|D8<8cm z3<}DlRLSfo!Cy-8H;o`Wh%GM}4!%mA=%0(Kwa;k{6DQ9yMPTd*Fq3ki=ei!5>*stJ zyz#Rry!wy-;opAx`7h@#-yEMH)o-sZFTQ#G^s7JozecrWzWV3?CPBN{ z_DOxwi^QJ4@mx}}Yw;NWf2i^UWKfyyYh!8F_Y=YjI^2L3*Y($>1TLp&J8<|J~3}#4`>@|MY4NKkwCb;>7sO$mpO=LaYB~RF?uq z*zOjW4a(G{^MlwDQ&j}vS6F~3)vc_qsgQ9nM=&yEYt_gq=*m}a@fiQV^Z2U6RMiW3 z@WD!2z4Z&gpr$d3pv9TCYOnQ&IR*S1@q*qM-M0RBrsod_pM_vf>E4f~qEqT>|5Tfd zzzy5q1yqwkG+(s&3pQH(H1N>U&#ncvoiAs=PslCsOllNY)fLvCjm?*D7BRAkvC)Zv z*uq4YE{ZhkPo$5>cXmjbHs=_U?%utd(NNx$pDbC$EM-%PVe9IZD|GV9SFX^#vzmw* zDFltMrt*6gs%#M*qWu99HKCl|`{>bQdN>n|h^HTYbo1fEho64>DMwYhdS)CDkX1BO zd6=u%o5U?(@G75EvBgCMzjpPiBfS6)fp~n}Lwv1eZH?`KTkS7?@n?)*YJT+S(Vu>N z^6K@gwbeN1s<&KJCnu*qy7kee%aFf}!O=i@sRg4?%m3CrqpLhM{lxkizJ z0X=0YyLSEBty{P5-u?LY?K_H3PWcK?d?hLrn9w?Q)&{6Zyf)LKTbW+^x9i^KFX%Wt zeriQ)7akiwROKoIU~CvG5Jnu043kQOBD08`jiNh``=#&X=scNXzWkA&TPjgkw;8e* zwpTQ*5^5zQ9_b3|pU=SQBIDiYX9jslfxwxch$aWV%~RZwHKH zi=USNRMWMcF9i{ahYkyC{B7~m;-^6lg>SU{^ZfZ|4$2_wb%+dNzZGF-AL*qzf_tBd zL!@h4PsAePZP^Uln{96jI$&=nnE1!A-Ys+NEpTB|vZry*&5{$T?fmxYV8BMKgO2dypV6lPQW&Y6G-cbgkO`%oycg*&st(|X zV^{dR<}cL2;mphs$6q*QVW8A=Pbt`@&PT-6x!EMw3qzB+Rc}|4jpM9c3Qm^(=$@-Q z-L~vN4iD!3s}zf$?bOS2GyGQLBxb)7f6b+btxe7l53O&l0zb?+^<@ei)jp%gHjHB} zNMFFE?rlKD@6OuwL-&VU4ufS}z!R&c3Hsd6PK&gwi_M1mGC-f7JQ% ze&>&1YrIoLgGh&y`K2ndn&fcjPgkub!VmMz+k@Rtr50rjYsZ?Ls8lDGi~nfCc>eTi z!Sd}voI?Kwj&^1(;!!g#K70D?AO7>Ne*Np;eDlq>+)wEOuV26V^{@YtLkya^ckdJH z?|zV5xNm-R^WK|#_aEF32h$&ZNbk}roZH?~q$$3tUw-+uCEnJ6j!5DDw(1M(LqmL3 zfANc-|M{Q)vrj&`YxQU92hy*8^VAn9Kj9&;6Z8P(6-#sp*+y2Yz|!&MYt4H z50xA;$;D+C%&wVH@6#V1zEGKB+L*Li@ zvKIp!1btO9-1>9%+neFwl(E@Qul(X)zx=2FRW|Wf|M1)Y;KAvD_*wa?Rux?R^M5@$ z^B{kqcf(bsmp}VWflTkW`~fnUnqYa})t}CfOmAkaUc8t2bN@QM)zg=h!!{4p`Gw`& zkE<{idv=rKzCV%QR~$8A@kLrvS&vK#!XP4tCMm%@i4PG2HO?f&#w0GiWo3`!#34Kk z4r+ypv9P$}G_m;0MWTRSQ_R~?(AL%$msbmW&wGp%rCuH`vnW3$gb1#$A#|BX8%~`* zf#(A4$Z*7VAwOr3}1|$Z~q!YJOhvy>C#}+?@PAcBg{L|7;!A9btiJ0p7 zsQBqo#fc`hPOB%1&cjvK@w?h*4c}c!C$rQx|8CUeuNFT&kkUwM@zX#?kH;22J&@8! zYT~C(wn;@oqz@9cDT=<$LA)j+3zBO0h%2g3-WLs%qo*UDjIES$UZfPuiOC6vl_{n2 zctxEiW>Z`pjHbb|; z4x18oIMFgi$>UeGc-DTUuoK|hk<{WVpb1HpSXUk^u#l=kQDp55AZb`RwL+{d^ zRE*B3TTN<&PiBO&=PjHqjT>dsk4!oP;Z<=FMwTEyBlwQqj2@K>m=}EpQTKyU_=shG zq0*v(4SF^dv+ImDrbr_37v_3NCV(Pal=kCCqXQxO|ax4USae`4qREviX zAB3HJt%{&_^~&YxJQ<}kiG%RT%K-v^?(pyzgJm%tf%B-CQVJ1HP^Z~QH z4i{}kET!PQ$TPM8ZhiF8vuE}W#Gf10 zC^*S-75x6}^_nT~&hMTwPpBI<6cAO!NM7F*Pd8lsc3*l5ficrrl#}Y*yRtQAdb99b z=%rC=|D0P931uVbktVviZdu%7$_~j#N`-*f3B>asbd`vg}$*^t0ZE%&F) z)@_OO2%j|Zk8oSI$=26z6l|DBQevv_)-hG$nwr`$Kg^`?dy4?4D`U&f9CmN3odII? zw18B%m0$-X%m{YYf)a;@3T%R~Mv5?yQ|tCL*2!Rq*s;$nT&R==f^X?}VV+hgn;=?| zEgk!8d2GB{SPoae_&nXV{mQ2JFGXc#zI2hjSC}U^S%F$*D2*1d8?;>#dfZE%nY;gT z{L+J;e)GSq&wpDob-AmK&fdTF=l^DO_F7$$#u8^Z}(#Zhy4cs zslcQERx-5h@+@Ys?}FgW=4?`I?BXRI#)4gZuWjRD$+2n;4k1o2P@=LiiDFsgsy>iT zoZ;l{ZIq;7gbRD|b4BsFO_(8XYXZ&;(MPov@j!mV5jDmYkKw>-U5oOaa$W}f{)JC# z6p8%amQwYHA9sH0PRyx1Aro46I-6FFWJ5XoqJH&xc14k`*r_b~Z#1%{7a=1l810pZ zI58WVe8P}*Wxd`eNKs{^MtJ6c!43BPERaXB3XUj|kCEWHD}UBeWzFY(Zyy>xxBcCh z6bjMwFMmF5dOjF2$A8;8tsWnDZOIk`Ee2W)e3%#@DH5qkpfpO7_tO_|c*5Pf5fN4I z-@nKFM7xF=Rv{@2QiMUaBvzz|c)Gqp;+5|7q&zBN68hV}{p-32KTb}fUR}F(?Qj0( zm&?n)i2e1DM0Z^wuBK^&#!Kp?+`5xu)hvo?oi!6jY^*+fIC}m1HQ6lJqoZRsOytoh z%UW06HoX{#)l)WQ0nfzd05^Nqr=LDlgPr|QVI648C@;DR;531aq~;L7GNS3PdOp7U zu~tNGElN0b-Pa0Be)aQ;4S70@m9EfOqTVim>dv$e=ZXR2LTM_-)=;QY?>TLVkY7?d zgH%ibZK4k!`v?UqFHoVJ2xqh9^E$(VC0xHeGcvj3E})2X`MI_ZI=7kSO5yHFb=sY2 z>u)j8VxYx9i-8scEe6gN1LVy3oWSbpMxJOP6|Ajp&%c@9T95Dab>z^HMadN)Es5^+ zRU}nEJ@Cw9bk0a%JA%hs`xmlJ%JHQV_qP_gpc$g41jjgh6#EMAQ%`T)xMuWec|PrG z)6s^gP?wZDXaDF>7j(Sd9c+_gWn~pc>^<8f_S1&6qnkpGQ74PG`0lNoZw;tA_Kh;o z5lHm$eBogbfLQRrFy!+`$*8Ls&o6Sh1eSA z)}7-tf9GuF^tQokCwx}Vo5P=GU(d5{>?K@J()SUXU(GMM$8nHgJJr{djtZZGv(pp9 zBSWtjmW^DqxSwo>IFIqQfD6ldd2VWEa-3DaneFh;Tt|eE;8AM*Wyn@7hXygyu3o!J z?1`UYMW3<@AjURVRKnrdcpQ21s3O>{*y!zD8z}7&cYu&b6CL0*#{3E z_@)^z7?xOzxR{FSpPHWH$*N9U1}=7fPN*QU`l|aV$ng6l}}|#?-#kTrxsrdPD&<4=D0DuRB$6 z-gVd0u9P$UnGULeX5t>$8V$dwILa8HcPQixfjPIP>^<2&Bdq#5pJ>JUj_pH&c|plC zvpl<_KqiZ(Jh)Q~G(nDvQp~b;Ng&tdF%{JMavBx%6~l zap~3TH*Z9`nV6iJz2u-IH@oI!i(cnmjN?(d>}{-4++Jh9BMur_KP7T?b&r4RK8)^T z>${dw`MD1Iq8*1=mF(2dgDnU%oWFMxcK|=^6Nl7W|Kfj~|L)%|KmC6;mY;2|JX3Ob z;>O72jmew;_3XXBJ8VU5zKe_j>=n6^{4MKfDuOX>ZBdTKrbaK#PFX{VSc{9xR)6Vp z@fnJ+jtz{&!9NA%wrV3!&scT1Yr;m*|F8hdNS%MTIIL!X*ZDU5KAjdZo5UwY_WoH4 z6q2H5*?^!?4nJOzH>E86Wrl{7{F(i>o!%D>(<$7z`y%|)cw>A7(cWyq%Hu3mmc8&EC057!*6xoR#)$8=&3PoxMN6`)> zuuGK|gMh-|vLO-%5*k_!#m!e2(GlDRdW)VMaKqv7)~Gk5hQJHzStyj}kJQqY_TFNk z#XyUJ76UB?S`3^b2FMJA0Jh=frA46#GjNGe1_MKzYp(}3mKU7?OQ|9xi!dm=K$Fk$ zqxl@~B2P#ogbmO3iHp>6m=2^jhQl@?0J{`FOsR{Q2TpPWB4f&?pnnm2(G%wUOzKAL z0&q=BPfa`ewngo2*cqk7QNBF8dKQ155(@#NWF6-;DISubTwEumQ*ybh+M4Bf6dNy{ zjg|}DeN?S4#$9*x(cw%px{Ua_^sA5=khBirAmOkA$l~=S=$dpxV_&>PT?Mx5L!iua z84iu+h@4mBC)O?%91k1Wj7{J5jacU1WuZcl^`#~*5$j?3scQA=#Nci#y2uzn6E6IU za|7bQ&+xP}W>%=umOmM>xE@?&boMpu;o>)H;mBHy}oOMNPN{ra_fJn&NWxi$}$Y2wqZTQ@g0esTBi$E9B~OXqwt zH632CJX5)@YDj(tW;JA~8Jh^WtIBKG6f}>>3B&`P;2JAM!8}tm{}y#VBG%U1$G1U>Y{2hSJzma7m#PuE~1*5p4Mx}|1zRVL}7#h?wh1m7XHMB?Y0ncV`RB`<%QH?(H&t2 z0aQ76pjNYsOSx((Xy#xkvXkTdoEqPWmbtJPKx}9Z?IAscMzX@Ft@6`T6P90AfpD6(5&UxA zN*(XQnKHH-3o#>OX?l-D6K7rM;rUNI~s|(}Te* z)1ZbZ@G?YxA6?4jLY?aIs<^;HwGlwm79+R>#0;;sh5`zd~GEp;%wk)?O_JS`73L23n`p{uzrF zk`@Ck23ibUU<}X-i)-PIi(NzeBSh|-uG3*Kd3U2pwpZQiw&Q_v+5zC`t$;lD?A>b^ z3E9%f!47B=e53NnQ*G@>PI==hX1$WI>#j&AKRG|dY_<5aE7QgQp+~8uM87B@v;uko zJPvt@1;qYQh{1 zF6ggwL8Ex9R5hw2d`e~<^3fb83OiZazbyt@473<%G0KhuCNe@GuggFIG${P79vcwNK659DY2XN=1n z9?Rz3!TB%lTasAFUOuGGVE^82#2P_92l{7spOfaRSFi1ie*gWCBJcV<1&0Q2<+-@S zcX-GtD0Y`&z(1d_^^=POe+ym?uz}8#4Bit|7*mtoXG1cw>548R@2l6Y9G(Ll9fo=XK2Jr5(vum9S4~loTLlm{$ zvZ*Rp?#pg97vE;(-#IkIp^!ZOah9kM+HY}XElxzI^TAm*{QE`^>im@|z&EmOPhkH^2)K`O0oFXnK3{agh#a;^D*Uy=ap;{ z<+NDSE*$vb*~a%&4f4xS%$u@lC61?L)K$-+j^w2*pH~b0g9rDODv70_vI@F__xhqT z-=GAw300jR01qENxO3-r0n9Y)g1^q$4-cm5!t!bvcRZw_tMvnPy4VaTgs2b)`RDqChySDy3wse`k#GoxeUs5c!~2eyX?#;0dT#-|bq zqQJa`4eE|vB?ND?quC2TxzI_$SMb%0W4#&C7IO;Y`w z6xnN+XNd|XQB*EIjWS$ggW4CJQJMAW(1Edxi<*9}_{`9dxe%W4>9k4`060Z=IRpxjQ>OMa=cn+hk^gF+Eq;Uc8!DKPiP4R&WCZ82|%~KfRg<|Di=UPrYGUxv(!<%)LkH(O<3Pkr zQ8Illv96*tc3JlKOOI->xWe&v>OA-&whLZ*3Q)#>pdp`{0WF_CaFy*v#xXcg4awe8`KDJ$I(Vtjtt> z$Wj+B8(aoz_lbgY;kwfWuztC8kk5f}Bu|p(!%J{6!tVMu8)t>uWwWd7`|%Um(^sg1 zyo~HC3pC4ZSJyZ<*oYMaj5CCt=J%tsbuSFALAME1zG1SwykguZGnA}(jU?)vXaA5S z8D1}%HVUx~H7tg-JuRDB>x+w_r`j>|W#KyNYAJH|ptddcIR?ra$HQS_EP_cprM$Ub z{J@ScKUfj0v`ivfo1wNl{OsS@=zy)(KF3B2-q~OPrKQj68o|NZfumx!XVbJ+VnyRu zv9Tfg7qc5~S(9pwLU7|u|JiM>>DHo%CrxmKJt zck~_OCU z*giijCqfAfMXq)b%cL`3j5s9=uclv6K%5xl*os^WeeQ)dC?qeh3eA?Bn%kTCj8nkC zFLe;?gB#le#3IoYeXVeKIApFMWc+F`NDX>UCXzDM-fU9xbvO%Ri9~%zN7swfs&&>n zw@SdVx{5*ycag^)bfa;^IF{Kq2$%1v<1LOlX5^Y-NPuLf_?_2Lr0%uVsf)e@ylFF4Ga{amxF zy1B_=v>c2H!%ci96pmxpl?bu8wBiBaCLt4#I)U$}IwJn@*4C>xi@IP-SL0@BloFYL zbBo*(A`ACZZl;^2a&&xcV=F>Pb0A&ktvk$LR)c{D?z8bdfdNjV&h;h+ifgQpv;?8p z&{VukE={;VQhKD|{K8T;8qsPa>`?|ef)j1Y!)Y~)5m{-N0n%Gn{)MFg#GAxJxbo-V zh~7F%E>eGK?gG=>1@Rw%>iQ};hx<%P`oFmI{e#4RJ(Q>Ma9l;@G+=4#Y+xWcay4no z+S7R1v|5c zyD-UOJnDK~15)LQ-*xLLvX>mduCgBHPn|g)wrC!)RY~Ek(-RwAHKm_rv=XX7{_nZj zZoJDHJcL$}m&Yh^2$M}e&?k@q9x7MjBvb`v*0EvVYGQAvC!`V+eEH*UuI|T?py=+2W@QAzeRP{B$9t z>t~CfE`)UbZ1K~DkglJ7jvvxOh)wLWA&Cj}Fcmw_qa$JrOo?u@H=Id|XMqw( zTuJHrS!X-ofgL$_mf5)9Tay&D*iRtyqK(bXDpJ$|IJvm5Y_(pyc17SHj++Y$3nk!a ze!2CskXL8vc5{|Eqy`Fi^yc-OmoH!Wz@=^ytbG_)m{mK_+&bT5+BV`>uUP!Fvh^+9${71r>~&>`S~?Nhx?cHNX${S~!%4Mc*p;J@mV~qh z?!00pjPd7?teb#5O1}BKj({oc}v(ppPQ`p{F^Sxb|I;S7zKAvBc2=kPv z5OVeFH(b4({evI+6wrvTz8fI@r=MOFuQG=m$Pjb;xP2?4DwhWbx7;l;rGC%new7uc zL0Be4VV)V)G{#;pFWQ$wlJW%t~#4PJM~LDzP#70 zu6s4T;;i5 zVkFtu6B3lYPAN{MPu5;JrNIAEDOIMUs5jZlhA1{M$L$X)4B6+())y;Mz>Do@x9$4I2CN2P^I`OXD3(Ff4}2h9_i_Mf^7y9 z#Ii&0YV$YruNFToJ+$-XeECDNDIoYm^y&}H}m%`|JT{*RfzViD)9jer`bjvhT9(6*w8uW z+eRJzbNnwq&JapNji2U2>1@hvalX(i_<`HnP?0Ix8m5-S@)(%j!Drv%=Ya7&arko% z4ndL6Z$OZp2HGQ?a6CUPROqdV^YW}z9zjgwt`Vd*(`v)I8)jYg$d*GKNcZd>ZwFC+ zNr;g$^XvMJT4cz~b#q<$!&j!zf9Fr+EH#%_I`vBnx@zPvbt+$1j%>C%`6Y%APUNpB z4e%vr4U&g#nrrkf-t3p(tGbQt*i{UJLi`C$x;Ok)L%K4wT|1>T^Op?KDELbkN`HqK znjs)f7*SxC-dm8QX$9RA43GpcQoL>HKQPnEhb=v%Q4BG(^w9DLG;o&d@5SOj){c7l z@QuL9sp&BRGJS-Up*;Ln$!j6c=S=ExD@#(37jI1}YihM7@8o8Q=C|q!yK-Z3uW~fj z%AGPjpAMOGZxcOhOOCqhO|#(Mx4W`-{}2>MOh>5%7U86HxkpdEuA6AqUnk1YOz&=F z=XV+3o!@8jRC*KxnO7N2TNFMT`{vEOx5Y0IEWP`FCP1EGBRP$TWInOCCU}VbV_VD1 zI{{W_xpLZc?@iSw2*-I>g_w2Ijv5D0URDe9i)7fa2?&~%*LedNdL<_S7f9liUitoD z1X!|PwrGznvKAmRrWov&p zJ^g}o6h0#GZB=6Pn)Ta38Dz&Gsu7vnmy4fh+yX@|g z1vv$>c+)9fmE8kRvviO8_wQY^VE;VpZZ$tUF!i^73gu9o#?>&$j*d`7$0x=nrY3wt zIzAV6MtrY>t@HnjfQg_kpqRWq;0;6NJ~cJPW7XFiyb82+98dkiH=xVOD^XW@wDrWB zn(5jRZZLyfP|Y0Tvc3?BySg2Nl2>w%>N_D_dEVuxYQu>%H;?oK*Ww_zv=VOmoX@0Z zKlN#Mj?M>_N$nc7NE>zFe(u&Ul=g6m&py>{Ynh?b`6ZKM3(>rrQ zWhyE6oK5jX%5o{If%N2zuPFxA4-KY7knTjmSVCIBRZI**MREXyZ+EY%LDT68x)onR z0!)Bn6k?XS{NfTyZ6S?#KQ%QzJvqTcbum0#`Jq-`q_XKq?&8Jditxq>lWDD#p7PD* zX%7#;P^xg7$U0z8IY`1AEJ6O*LXQ3AFuBMLW{G%(w~EWjh{$?5Gc_TPL>37^WJIYT z9%YL#BC`mrqO6j5!t5!syhdHU{lGHEG=eUQ z?$L#uoq4Uala4@vZp29{!GfX1W@H-tCj!$B^ zQaDkMkqEUm0)xdd<=t0_he7<&3VDaR?MgdZMJ24+9mh#F86~w)lz3(si}?Y3ECmBwBj-FzErK6n2D- zIJU*aLYSN!9Uo`OT_(d0Yzz!XR6-$Fo1{{ntF$KbjAAR=hCjo&(9tB3T zN5^lV4@&9_d2D%U`Nhju^Yin|%PW8qwln|DL?D#04`s(aD11C3?7nuMiRSqnlRVIWkCP%hHj;@$Kw znxJjh^rI*r;#?meiw`>YQEyvN&J_c(xNr(sTf?u2WO(V>fP=m>UgL&9oxaUlOAa3L zDpMd}`7q_@VglMb7AJ)tSk(lx7uzxmDifE;sp75rfYRK|*&Y)7QhMw6(A-Fnl!Eth28C-5-E=>`IPT_TW+nzdbgn z{ZP=Fk{>b4aoz)vj_1{n^A|7SN*RQ*Efn9{0>yM}V|FH7smz5vUHO0#D2%@0;PiqA z*zm0Y9;+Upz%v=!-E8-hr0w#GHyH7?oYCsSltm=JEif}ZJufUPrA!8raH+7F8L1!? zXSxiBYN@U#I}ljb;<69C`Q~_pgy5R*+0qm3=G`r=3E8V&6y3?yq~}nNyZCd-rcSei zgBs5^ysp{P{hoW(FK=sauMpPar>v)4^j4G8Ui^4f_I51LAzX#W>e^3?2aC(7JZQ_2 zW^;UIk^?BlXI{_<6!A)J^1D0OHai{G1&g=|6Lm87#1XhSP^Shd9!h>iP`;|9p#P8y zBD!#xk>mu1_e^${ezT&?J8#QO_cMG+1Ei1*k{`s3j0}T=>k%_G;+RegiOp4X(jkK} z>6$4B0f4gL)0T7(>Ix^)jc}r6ADNq;(gn4J_(7i03*0|}(1ieUu=FB|fL~_m0d_)_ zNEuL}V_houR?JkDwHS*YP+t z7~NJyfZxt{_=wAZ<^?qdDN>A4i=RM5UM+r-9y;haoxiQq>gnM1z*(j{446p`O-g-`fYp*mMCB}PtTzeuW$H3m=yZt=qT-?!ffYnDG_%m zR7(1;?-Isy4w+G-oWgeKgxk(}(WW$JfV# z63_x)jjCV?DViJq$S7(~HI#a-8|IRFv=Sz!JWg70E(^^Sr%@qody7IEN_T+crfROY zsbFt!3OBG7AqS+V${v`ZhZ;Q(ih0(e+J+U4zDNsunU?|K!1l1TXgtAUGO&M>eJQud zmD;{uMfRvSL_62!X1EUf8zh|?yI!a)euB{R0P{hb=oA`^j%z6D>EtQAR3)X?#?dQ) ztgQuFTKYHot^C~T3o+>u3oSh)DuOe#`Xel~^l%V8IXxqUs+pmGH8X!!3(VvDUe8% z!6k$JJkSA2R7^FOewDjyuJSBH=}1=wKh>ixNFyAWYaj$;-ObWRP1OZ0;^5&P2e4AD zjmE@Kkt@o+V6`>q6&L`P@}b8ztVP+hty(EM2Db(?-V*3QUv(w3=b+@% z8QqWsfI(|OiIGp9JY8Llp2C1vHJ;B1nv-ruFI@1C0>$Y}T3XjHu8<`RQaFMWyFZMp zjHa=+n{KkceEC}3S!0cc;iTVi5L(FaaL&Pj)zt~l;15k_T}WUIVFB1!nXB-klHsCL zY`=}dMT7@W-MO*@E5yUaa#2%3{Uy#VVLRsOOsa)yy8k>FFZhGGs3=;%f>c6F-8WL zrCsR~PZ#wTmcnAOyiofQsE%rvWSV?0{EB=Fdvknai&lrwFY0)_1Kg&ni!A-dIk5Q! z59Cs7L6KcmY(=1D@L$6ZA<$)Bmk0N{<-#q?PZ?ZRlexLM#l=OkE(N@3ozhk4E~ll3 zBu~MKOCZE_k5h_}zgHe^)?YVzz=QmF6npMbdWWwR0srfQ0sA$ol9#%6m*`Vg?dbSX9tq<{n`$VC8p&z7Gc_6 zo~12=*W9XfmXywNUX^?y%)}HUrQ}Xu_{cibsu$sI8&$?7PsOvOn2%w`3Ltru2A60! zt?ER{FPm5Xfd~Mg;L59%w-R9nNZ^u9iad~$l2XKA4M+mNdJ#Xo<;f6VryLv2;v4Zg zFZHzZJ#h#VFcNn^%T<22_<@arnGYO49lAKJzpc~iX<_z&dQEvOoB&g^=#shSj~*)C zoiEz_Eq+>hXy;4+@CT3(`c_#Kwzo*1gzQUk{@b4M85va%;I3!+3IiwUvMZ9+V}`;@ zbqgr^XS@ndP7ofGQBQrzf!%>-;OIY7iW6>=V?GC2&`@bCO_i*G(eo}_A}?NcEsG_; zW}Ju1gSoVrc75z2KR^_1%}2gO?eq*|KfPWsKm%6>W(IvKC}=fw&D~ch8)*kG_;;s~ z7y_Opna(rBcRu1%A63YW)QzduwAfT zJh(l`^1f{s(3L8Co+|~geIJTDogDG1#M|Y~6@f(7)xH_1L075C2KMx#z&tU6twm2I zB6WQM>N10R~QfuS7&DfGh3S*@rAeOwXzeVlO5c)^xuR2gMNy>*vikXe(_$fzjzZSg_Gb6 z_0`gUK}D-CS9sW;AI9RyOuM;Ba*eYR#Xm;ma{M#Hw8zVcQqWCfrDlZ3SMTeuzj^WE z1<}AyhTf}JuiU?Xe`Y4WT39Z5zWL_cl1GYV^y<~CpMLsK9z_at0=<0s>ybSiTB^5tvSuKG7VKH;tUzy0>RmoHxmDet@9ckbL4g2qD0 zgYeO#$FE+!PAN6Sp5pGwqwdO;D_ZA{CQoVC%A47ur?G?wDh5L$$VItyq`sF4r&`MuAsWzjO#q%J8s)LQudOcJbA{i$WS7NOPA(ySVPh)660~JzmVm0 znKO3=SRFIUNEekRHTG|JfG19sDQV&?FNgoJE&Mlco|=QE`K7tpxfs(4+1>-9?cZUz zIFO}()O&Gd4fBYQMb-Xq-A?=P0b#)Uf_ah+%5q7*;#Y(z zoec`GZl7uPj~GZW(`ZU-aRZopQ}K95`mcLbnrQ1!BnQgV&_zDyOhJe$LD#nDmweWC zjXjBX1(Q4Da|A2Q)i$K}Jap|LhYT*uwKHA?$<{K9bw(bH&-F5`jfKmYVc)8BfqGQh zhl`1Uq@vIr>Z{M^7d9fx}FPlnuS>S?nu_8qZ zA4^NuvF%-IQyB*7A+VEBd)A1KYa-Ns$qh8tFh{0#y=(ndk|2_1-jyCuA6ipYQ2zQR z!-y@UtCwc@p&~&4Vs8vF+MkL!5+7cO6d_mBX%#VgB{SDdRUyvsx2!hooI+8SH+FvU zGhJG(>4=`aAOEVugt zBYvu%1#H^Ze>jG2i`rWD(Y(?}@c38o7CqXwDJDxesjE#W9i^g9#>kkVv06n}%Q+pz zLd}X}H}IfTxWzhf&g(RVoOEf89k+P9!422;nfOr&dRj8$Ao->ffD>Q{aJOw80w!j? z>Hz3}qo9Dka{-$G|*Xg#>n5Z{6!2OErk9m&i?yeg?=s}!$-)Af1&1g`*jA>qI1_;2A) zLGZ%NmkT~#wd|EPt`MpH^HKN`R6qFF2XlpJp9%&Hkog%9DG(uZgoGSS{(a?#ByS=; z0-ykp{x8i;jgS8S?A>QWTuG8JYP?4h0tAwf*R&ZwclVvU|NrCe-Pw10cY3Ccyce=~ z5Q6(eWK~fDgb<=|I;ZKGKpBSYW)4j-wK+cp!`Vx5>xGwAL!|it z`KkRfndQ;0)2vsahUSh*$|k#&<@x^p0nQ>US=Q_+tD!N66Gp^2WA2(|^kQ$DoumJ$ zg&T_H;i2JSJG=!9>l2BJC9JD+d1-0-+4I+LUNeg6R(3NEACu=N`}%uQI1+%Zb76kz z`Lkzl-n?N!V{MPK@&*TZpHSFezIdgUqF!nOo7(vJ7|WY8TiN*Dyq%FnHOf4H;k?>4 zH=5D54#>xk9&dN-hyllne`; z70#R)vFzR3*9Qec%OY1vpFVvC4N9~Aec{3db%-07*naR2W-aSa|gCk)?E1K$_vjoi~WTqJKSjV&vxo;}1#qG357` zew0{BZc+Ki9X}QP`%7;XKED{BIhBW)YC?&?Bd)X~dsAllg=H&MArhFbSaQu-KGiPl zqpgi#@c8j#KBJ~WYD3{cMf`wuveDpOrkQy2M_YJ#HFu4K)B^yo4FU3CG+ zRDSvLB|fIy`#ch%;qdwM=bUJz|K^)@B9KQutXy@MmKF)vic;6*%TuHg_>m0E65PN4 z@b>LH+;&0elQaP1JsCTWRGlLwFm-qrP+j2X`3F~=0^wQ1^%PvW4iB_F)(q7sgp~O9 zjsBTUskKe(2)D&)b&us9|7@j0^|g@#MM#v)+|v_$=Ez<^b)m+A0pl)W85&;!_v)%) zYYe$7QCD#umjv2^q>pTiD!^KYfn;X&A9F+2R7^d4)<=Rp=E^QU&!RH7u#{`MHHE#R zwAS_JQ7+jmW4g36Hpn9*#QQw}fMa%xFsrL97_4oCH2jbpQU5nP}e(9zl9e_8dhuBOCisXrNK%Qe&A0yD=ke7j`OC@=F)a5Ya#9M% zs0_PM&I+@-#A!P$+h2{`RkREuDE-$T(=>!|CoLPO3jYnBTi;XwGd7=eb=Tx&Tzxc44D9*G4ZCvP_;6%f9c|6cw$`(tHH3 zR)9A#8Nss{DzzeWM)-L^Xm8>wBxf9?bTVLkl}ut^BcyG&lDlMAyPIHtnI@PUqs zC1DeTJ<92U9sq7!#|-`tf!B-*{v%CqRev2ee+bDSrAfjac`_u*EuFH#4o>u4VbnT= z$QzPw2+EsR=}sO$(Ma3a7)z0X?j1WlNPmbGy{1LzkRyvU`DFw^HJV$@7_0T5Qz4?} zbv)+BEkmOf^bi9wu?;bLAr!FnSYCB6d7$&Y)290= zpGyJN{_{Wo_TpMU=4#qt=HIw+{ZD`T^W^ynIR^aG^ERh3`KKMi7V^9g#8;zJhqiS!>P z{&e|O`oos@nu($6ucNMy?_#{9i7ytOSfd>%Z@`*W2msw{Av3t%&MwZ(ExI8WjE@X= z_1E6#$M~^|#y9lA{Rbvr^IZunYU1X%sxTbEtS2@MZ%&h@>5~2W!uj+3HOumw66BJA zL+Y(twKfS@ku2fcy#c(Pw?;FC9$xGyhZQazB3YWUN28f zOo#_TqPTs_%zrnX%)*u;v0Pl!xD}eI|N7Ve!=l#uY?!9zlh1Y`y!*oU()KQG>* zmBQuaCAk1VhEWK&S0%`(UMa!mvaCqVAR|3{_DsFf6D@qzmf`}dWKHH=d-v{L6FOZ< zE94@>KpHJ>6= zfFXydRJ@3ATE(}8j7^h!<~YnBy$`)_->!=(D}>L)#JETPwMi<63D_R$)>)dMAqdX` z%&AjDgw->rPZNoe#~uniky*&bh#Zwd%du#np{M(dO)jbtb=96X3}Rssm&2O8_lIc7 z=f{y~k3|<83n0;n$uj@T#phT^)!;37Sek{`Yu|QM> zRl<29?*JR$i88wu(`p^JSs!l;TB;>*lXRs(9xu)I+k9R997_y@ z!sDt_LwRcaZl;H%p1sXqHS&oGaO2ur`9b129V$quKv6*4h`G?Q&@TF2@k#Q#QO$|I zD_RB}&=DLIK%%KrO3Vc%&?(I>d~_lzErl{vLM*~0fh)Mz?ajD>Rd4)CsVFSHq^El_ zaWeo=9%F?d*R7-sSGo1zIl@t3GA06BTUE`%@6ji-QkV`rgl-+Q<|RNBt{jhaWB{AB zz~fUw>)#Ei!-#_IIRlw6VhEqn2we7h~>B{e6< zF!LC$oB1YY>d4aeF4x}$6qN>Vl+2VLnTzo!gQuv)So4RHkz-I~P;?M~DN_X@R|qB= z3J3t!GI5M(asCY%F6s(b4^AwJ|Kl z*US>^#gH`IRBGQm*IK7&+9kzI#E7CS34j4YO#woKG zy}~P3P7TpIlNw&6*eEJ_V2(;paVc%&)ZnS1fk1Ihr_(xkNTwudf&vEh?R|bsXiJUd z_axD?##Q)f?p*g@dH-(0#=bwsV6LtM#sId6?HcX=FCtq!6mE)7#;YKEzxiiZ1g;rL z{9mQ7@Ke!442EjF93Fot3^R2+Cu!PbnL_dbv(dw@t`K1GN>JHs*QlkMA2-Vbf$1Pc zxJPsLF*Z=o97TtW&+^1?=x-29sq-j9Q3&M<-8D7FEQOR3(LUb1;eUDe;lsye$(AEX z$I1%Fj+wVJ+)TNXMsKgLpPLwG$Ffi@Y$_MjTeogaKhJ|x!_;Lz_ZpKH&y3o+w<{~` zWdr?v7K&GvBix#hqI@qv$cvPB$hY5q!~F#q-ms~0+$wx886okqcUA%$#K(K6>eWku==k&qu_n7W>7;Tx?0^8x<9)NP=e&D)pKvtM9aB>mhlYn(Cm|VxoM#?Bcqon< zV3aScv5cW!$8Ql11ND_W5QGgWNzEsZ-&Xxw^=~!aH_vy~c>falKO?1>+FT6U1(yud z_POAqW+IkoGJ|nP#yd3>8(K&PB^fU3GV9r$BL2FIkYH{yip5`gf2lTz*8v#SR;$jgn1m1o)X ziitOTuhc%V1r!4ossXU5?IWYtjRDS z#8fol`zo5A=t^5HxdL$XDO4B{@T2Qyht_ko{Jv!!0kAv{*k zj*O6Hb@gM{nAYA}9gcp-CODmGs#VHUJrR-?r z99N;+lK03qtpaR+F;LVuonCq$h3r{A2bk+H=*HvsWj;ai1UtM1v z28zr;lEIGHLt4Z?c8KSl}cAu-?O&GKIial@(zW@%2TCZr$P5X?JY_4&`+kt zBx3fAXp>Fu%Pf0kU`XO7x@zOfFTq>fY_=EWw~{n&@tC3*$)i>H03<=% zzNcbDXXQpm+OEqK;L+I>aUhrtov_dyQ4d^pH3)n_1BD9evv>{kKJPu2LNZnSD45zp z|9$b|g&S{ZpwiPQX{m~(M^kOoUaa&~PE}Jy(}6YOkgC))Bqa&i2_t4Dmx@dobY3Ob z4EyhRq&c)C4hEsf+oTFGJgW(kh{?*GjNP1tL3CHJ0a<{?dWS~y_tD;!{4bpRy4%{r zSic%Pv&#wT$xI=tFS7l-sr+% zB{lHE88p0L!)Y}#CjY5tZ&$J!LpRBgsIj({^GOyuuMtUi+c`sm-EY~!B@*rDsm5fi%4;S3wzQX7u> zPjJiia33jbyh>l;r=o{yyyPedrg2#Ofg~4N-`acZ3K(DQg%nA(F^~3ygx$5=Nhl8i z_vG?(ZPjG66%xoL=fFTK2!OI;r?n*d}7c^*Vehe2@=f0*>2NGLEAK#l-BL5ejn zw(X8Opb>yeT50Hea67vYS{b?>Ic1qFTv+N?6bJE4Jxp6yuUru^lnV&k7EemvCQjhx zX|duEJHfz)oORniJw1K<&g~!m`v;#mcAUR(o`VR}6+4yKRCn*(bREv_~SqR@#8<3=Qzvqj-8yGW%3dn!~amZ#42 z^ouCDzmMjRA9x%cot~JSq)5l$Nv`Q8A>@v;^zy|E9~x+@YHNYxgY_+-ne98 zHK^!c7rRhS!HnNJ@k3I1SMi4mKWLz$hf048R#5Q=NWd@&P;Ft|jd%uyQTm640frhw zB~qq&nDN)qT^0-Ztujn|-+Y;;&W(@9B)GETHz)2{>suzi;vvfC(kwO-@e5<2EAvKQ zxXirfL>{Yz5Gz}zRHeP0nc;{jmyI4mB$SkU`vrz&v+LKd{qA?aBfUI$@bLESJ3syO zGiO$wvOe9oan0=P-sGza6Z-Fe|64&)0hY7wsujT>e)u1`%MVf4yqt$ckuzsbK}%x|vXK%t zE?zwEmlQ$l!NF`<`R#ANBil6OC1MX3Ro;_I5LZ>1x~DWv6KX}72+K6tDEg3Y2sz|N zGM*cv8n7+3PMljs8N2|AG=~J&=T)n7flZF(pG`N>7pG4RpANyV=AHa`#huX9hIvTl z-ETRXTlLnt_zYrhk>Az6V=*{mM~BhfIog?9$VR9SE+Y=z8m)TWA9^;T_r3P2z@v`= z6jGEpprY+BvBx$VYw9(_DtL)jy88arn|aHqmTAj!awA!F^Oa!0{DS9@M7S%NB3r~f zd92RNFLC8TX=JvArJy}>G9-Jfi-(~?c~i;Hknn}$U3P^S=DWjZ@Rm}k?$}vOO2BGA zr3#f~MWr^swW5+=1sIW|{1RU%R65k(clPw)V1Ex^sN>yF+d*%PQ!yx;x{nq~?DR+wrM=pS zSY`pp35hzibH`S^`p^ITFJTe9ynOi*WwSV~ZY`S}PFuWl=gyBm{)5sDz0NB8fB)^T zwBwetJFAUcY z9z2vjfp@%k2es((<;%+d_SOA_Gd3kSJ z=0uitPoKhtsiKS~o#};{&Z(W9h&IBaWnE1MlRceZ)7>+AGu$!JzDlI&&2t;P z&b=*>Rohi%Bm%>dUr%?e`WY;ShV;Q*+uN`r>#q1s4ig2&P>io$wYS;b1b#**5l)}K zdMjM4AgRinonMel+*4;IG8sm(pvl&_!AwA_0QYZa9hA7F7%gC9nD#t;1qkK;d(g8~_(N6$1-64Rju>fm&xvhJ$bHaUk5PHqx!ZoMh1DwMt*T zom*I3DM}XDv}J7MRGt_LMY+-z&93a{(HDm@UV`Q-{O4FWF8D_(ExjtI)s~`n`@)mo zh9wshb>B#o@5_sLX?BZGDbbl`s`M3pDtf5KOEQc@+A1QW!d#TU{ZLCCnC}z0SR5oVJYJS{Sekh&0sXJ=8s=sB;rVcVwzh4X8 z)$U`S5wy5dgMFnd^SAVA{2H6AT4I!5x-{i{UL9{iy0`a^UrwkFv1R$XapO8Vn4W&l zh{oH4bH>G~sjJtn-Mn!_Mnj!%2aT0Sh?uGL-ltEW@KdoQ6U10fBN`ZBsC&~(_m?& zLZ339jgOC8Y)-~wdu1rz?xm4yXmx08Y}A4@O9CU^E_P^$P?mXzPoYF9E=2 zck|}W^XJbqCbIEy!1bS1Y*t0%z?N}Gi}J>S88D>7?i#azM;+09~c z%bdlxPw*8JtgRiUGxMnun={*sVj<1Kn~DS$HPy;Rq9_^356Wpy|GD=hg#JD!eV^sT zNz5R7@HJFO%-D-d*o9ACk|Mz7y&ImX7cXA)$)jHrdI&R*pPHb_8rB8B`Q|s;>rvqr z+<25K6UY_?9Utx`(Z!tYrKW8-k0$6A1yv!9iQZb>!-tPZ8sp>VxX)^MCSh-nOZfrY zyHywf8w7%%R6scK2rx|`lT1&CODnvMjC4t)EyCWXpX>bixB|<>5SIN?_#yskwW|!j z0zWzM&D$BW7i=_^V;kf15JBCxYCu9Snk??N`YR*v#*y**hmg5#uCMcD()l115#SB9 z^t#T4u2=&KzH`LUQiu?oy0y3WJ=TSN(MN!7*rHoxfQFHT!D#QC_PR9fh_|Z(Zyzxb zM6w_H7m#AwO;&AeIQ_D#tHY$p?$Oa9+Hb5SJ3kb8?IZA2QAZgAcnk1MH)eSZhp__x z*?0DWKU>CMe)lf+8|7K9%nT9uYHc08;eJIpEX=T=tK3)m6l@s$x(SNlq(Mt9z)y4W zje0(DlX;S%)Bp;2ytH(a4zZK2db_`N(5Hr}9KMqBDMFQa~N%8aX5_ zc-Kr12Sv}H7%z4D3nwjC46x2T_k%On+FBe)-`*b4$MdW=OHM@Z<32MIBZ-uBXAIwc zTv#*Cyu3`8q+?>mbPd>WV-|4501wo(5wIUUdUWg7?IMDPZF$QTiFvjyFEhV$MP;j} znJSh!{nF(rXGEA^WS2~lW*o_W`Q_K!x9?EoXa6wHUyZy9b9&`zbHrg905uj$IEOc3CrK6bzF zELyCWzRFmNjejyhe|t}VpXjH-2g+zA9l9@plCj@DLq6&a7gz--2P8aJg-um;yb2jZ zVZmXf(MI7^0p`n6*cT;O=T>X!TlA)9j1J3d!Nd%FNt{CI(@=f0G|uaT^Z{xqH=4e2d3TKIt>P!8Poopd z75y3ipA3F-B>T6H@|OHtIjyz?tveTL=;R2>DWEB7zHfT2-&W}hCMx_i;Q=x#`iZ$` z>s5`Hf|C}F7ZRoIk$l~h?@UC|8Bf{z+Wpy63CWVUNK$mMpN60+fPWqh;GO__dZ@p% zHze1ie?f(d(5Wk&Uq?3OPY$=a5|JN=;yo-#VZTVP3_x>Jjgz4?wsx7%?OWzJ< z9d~@T8vbojr&3z0Kg4J($DlT<>)PPfEYi{UIEhY9PB>JE1BYMd=H9w}M@%(ds@zpf zNaCBmdil~&w$u9NZ*Knf`|l^tPx38QAa4%|40b`tIIK)hzmSsOYCupo$@%J@vFzUq3lvyh?9N)WnepvPKlC_S7&i?NKp0Xca zG8dPelDFW+9#|SKoQR`l-#LKkz=EuP`|Y>ieEZG7;2`B3z{RoD>NRLRr7z2@V~(wJ z$9cXScGqLy{7hQ?G@RD1V0tkS602Pz&dO^@aYO07-FxNA6%n4)RcmR2T2g-qb?qsW z`KjcAK+@K$!cW0TGdVS5slrc%pNby7a{ig~XN`X{^5!0pkk1JQGjoe3RCZ>e;F{^g zz4W*6!`;F}p=d#`F{yv!d|H5KR5)(`V9{oduF{SfR=B z)~$7sI7tYKvMTm5mbD3t9Ug(FF7vN>ndhMbP4T33qJo=E8Ozs3rDX-Kr14S~Z(MG? zw9?2qRWnWW+RpdXBtDzxB))zn4*he^ZO!FJ;q4s*{R6hd0ER>XIiwMQfUr4bt;S+h zZTe6ElUR)z%KfFK$Bg?J!9HQq!XcEF9X?h%RoImK@NX?H@V+ITk*oBwKRvE%xPC$% zfXnLX;RCt_0yr-LV)By}CK^7$8oVaZK(=$`oUA-}hOD#dU6Bd4YW` zod(LUMSe9Fxd=77nrYhOwwTZNo6<(YDt$rMzToF$$ZYh81g>577e<9y6>}fiUcVO~ znnr2W%`wFQTdoZc{uoj>DLBYu+eYR4O|%mU4=ep9Ac0}}qpkV%$KP>zc9na*C8vqA zV)GsEnUNNm_U+n9VsulzWE2PgU$%uH;wwv2`2Qw3(^rb5uQ^}5^ScRkjYm@n>o*HF z9i0CfQ@@>?v{ySWN9yN+@L08x@}K|w>2H7gzs%Pp+wrk6VH-%lJ^}LHz55a{%gZ}9 zK1TXYHTKD`zyA98QN)9A4qKkF&}~J4nmjQvaVi2pL;%+YByK$U)2*7;{Hb;H))29f z5!*XNxe5Khe28C_H^UO}who?xjjH@6JbXp?H|^qMr%w$cIG&pLSS*6C$C;(ul0>X# zWeBH%wm8|N_-Go)1{Ehw&X?>+>H8X-uvp}z_tl(!YB(0%c%790{s>bB9K;LCu^IjW0^fOR) z2dimclc}wiD=eAO3Mr%Nyr2cT#z#-tt;H+|#AtD6gx>;#uTgaUa-Z$> z_-R7MHn$aiwn0kMt7iPvtXw5%f2z|q(_BS^OxoLJdHM2%N8y(^ zUdY1iRY<6m&%(u~rkwD=c=bx;GYPn`u$1*=)y!uN-BHG(Uk4c`glM@<$1|K3x3gF`O6C6sun2H3NhKVS{&AJS}ibVMIfBIG{w>9*I#~}em-sY zJl~EpXGT=L0il%9qHI&sSZFoewr~*(L*yfw%#8R{Fu@F znbt_=%kNf&<8ouZjLG#wpiQG*ayn%0HSuxQyn6MDxr|q($fKTYPtt2^SDEvWtA8 zt}U&J>9tXG5eDjyA^+s!X-(51%z&TMDk;^%9!Ex(dEcz+kuK8oc}RlwS?G& zYJKf=cx?ga!Gms%r+g`OhUEXp47CN#h+Z7Iz`oVbSzS!;&B0W7P<LJN_Vuu@dT+NN7b^a^nm4z&%w#=!Ivl@z+Bz@S$~lt%fH~&( zyhxFDZ@P+dk^2+U%Zi&-Ud0|RO_2nOa#Y%@>5`BQJi6K1)_SsaoD4Lkj%LS0fVw$}B-;J)))E@~dduKG0{!ItS>q@`JA| z6l~bi_o4g%^TVsv2UCSVRiJ z;s98lK~&Vt;%8aDN?BYpOPNxZT8bkk15vI>tEW~b1BOrXVhAN~)*4|`+3HG}YEio^ z4FjNoV_}=Or#GRMurv+z+uu%TjTS|jku}nQCQft=z?GR*tYPgubqD(UGQ??cZ;2y( zYYzi8rr1SNs8`hS(Y#v36te_y9lT!iA-GOUv(K<7JAQA;8ALSaBdJ z0n;yO_}J~Hg^eLzyd5308jw52K4|vwf6!T_5xQKrf70%-hZds^eiF!o?y!gKRhFGG z5Q^FAd#>TsPNQ$2xA)xHVeyi;hEm(19M&iyvRI~Qck}atuFgozU6ZE>ZFwLaL%Czp z8+BrkN=FCR7N)MA-rn`u*?I9x=jZI!EL8xBURlymC;7X)n0|3->Jkg39pbaIvm8L} z2xV4NUGcl!0k%e&5?fBbdW{>+8bjOs+}z!}cWKe0nNofml>D)x=(-k=SnI&b6nu7Q zsGQi_(b@HWH4FspYvF;x+f|tqU)DXowk{RnjT}k@kW&jV=;Ci)zv1M^OA7w7lgFbPOXg5>*4DXZS|+qY$-&f8-<{ic zphfh0o}3{~??R2zF3W`cdYR#gQ_9yCNG7GoP7>osYkQ10Jw3e&Pch>&+O~$W!;VE94B9vl99NYb z8U`>`6Jaa3sv#3gz7~exN9-a#Ix8<{-u85z8tS8<$Kl9FfGZvv-oJv1$xh)9zZ6F; z<0Pib{cSYMEm_V^q*@%T{VlyJ?Kofn<092ZOoiNs#({(B56?Lcuvai{j{%cKiJctI zK>Bt2RLAeF2~lj60(V-iYkUj2YNeL$VeRQ~vB0QH1$JeOgL%K0yp3?o!ov1bj(|s9 zrAnI%L`m@Y@}=_%R?@4glV(Ka++`EgWiFw>*iA}@iF4A5{$ncd(_~<7Ux1e$;~?R)jZ;NsA^d9* zAkAOmT$J)L91&`)_gU7-m4`#HYy*tHnxO$;_q)Vlm8`$QX`A(uExg=f0& z39r=7w%7>pL0&6TOUY_VjRuJVrN?&V<%B2w>Uvx5jCfCSP)cmx?O2bIl`a8(Bi_)v z)r2!31gBLy4cBB_Db(AS{<2aQ#JX9=k`jIh@ff}ZIKP;wU5@k&Ly-6W(h)W!7jKja zE2WKDeoPI%fTocP3&nQi@<|q3!P=IVR{2@XmO#| zw)ge)a19@db4nbpK^GMgDMmE+6iQ|)Zqe5PJUQ7e~p|y>;A$02WB_^n#{iD zL0(-Vnw!^5h|ROMS<>Xrx01J_r81`tn(o8Z^3_YrS-x61v&LqlNSQsGAqU6Dt`tN! zYa%9YQiL+O9$FE+e&hPo)J2CF+C1~Ia&~@S#9i|;;Ca@D^JrcguGMzzXwm$_0+&6l z7I@x9os@l|RJ(1ohu1Yh>R^NTd76T;PLpejMaM>D4mEziNK|!A?+Z$Z{K?X@H*Xv zX#4tB{m#!v*x(%U0tPRkO+-v#F&;CDOAraVZ9o!CG%|F2bS>wbL>&?}5vM^8tiI5*`kzH9a{bk_2 zSn}V;hGHyXqlx);2VrU-E3Aq-au_I*WXwnFafm#A(vyzzM-I>mpdB#~cJesTZ4HZH zPMzm%l-@QcNpuJ&Dck!~2@N-*xFW8emv(e$xXY6Xk(OZE^tdC=4)bG!!&58lOeiXb zmsmYlR69Q#POE%C8P$E_ElL|IPOEt|#fnW+yKh6$e^V=eLmEFNs%rYh3ZM{{>Sxd1 z&b%$E7I-A{2!R}1smYfwUrJ>s{JOm4^Gfgh>8GDbymWkzZ1RAi;V#%KIlu7o#Y=iU z!I%RsS682MD`ptE`Hfl26U4=$9un2C-8W$$Qx;lkF0ibLls85CYW`Z?R~Xn|4B*u{ zt_9H#Hf6C5`;Nu9kBDQKov(gVmrOVPweWL|H^n9r46ohu2jyff()gqni|9B>m{_tF z4y0ItugNU8Ayj}fS$4eXrihuza00kt0rkHB>x9h9YDhyN@_;L(XPOD#z!>WV| z0~H1;415(BAm5P@Ba%NeLWqMAgo%hpG!4=3b1p7zrw02-hlE4FMQ~RjiPrutf~GeD zOAsqRr_>{n7RpgB=28PU7>+HxOjODV)Hz1Y zxpue*v@+Ggg65jKG{ro}tk(XZ{rvg!0927OcPPQ90JA-GY&S|v@BH5!##z&j9uw+G4uHhn_A?vNN*k+^+G;NAN$~?OP8!zJD#cSVcUfZ7t{rl z%6ByqS2q;~DhyN@s4!4rpw$>KbH!p|9-c*@Wue}7CK60#Y;4r*cJJPOOIh4c-RH#D z<}5-Ba;|1j&BEM0xoiqb${q0b?K`huzcB*}`ttJCD~o4htJ_;5x@G@Bf0?7z8^8oC z<*&KCxX&5#1LzcZZhXv|-_Y=oHNszh`L!&kdBdx$Uf||(cJUnMbdX!OGtu)8m4#68 z@BjY)S)~KK_nHH24yhu@iapa@CfB{P5P1FiHIusyD%x}L;)Rg3)~o^SWRcT+$vCIl zdh_i0bEqR`{Oxc5MKn?rgmcWb*a^4Ko;|y9<9fYb!h=eV)Z!a#t z#ZMHt5|qHJHZtkE19lY!(92h^MGJ;!ls__ZHkW$?jAr5OXrcAUK!Z>@`*N_h7|->} z6(aOWkz)(pq6%t7aWV@==0Jvd%lU6IV%BLyyER&{AuK%?1c~)kGPDo+3=@czxztTQ z_)t9@EexRLn37rt6s?f!v)zte@8hV=`9-SX%Iy3SquJThLzUBN>o9*8ZEt25`~d;=4iEH-MDCdBqdYSv zhhND9NuE&^nTU&0LxUzR79qJ{)cxe-In6W+I6s3VNgpu=m9WdvR|c$Hb};&*TbW9n z6p_0b2kEd69zG29^~Fm%I~CIIQ5y(BMb)CV3!AFa#_R)5Z)iYn$gXrWuC&}$l}5=` z!o!CTRTBrKT)j-Ub({zbb~!19YCE^Ev=H$u(kJYYJXQ~oRI92g3~Y}9qKKMeK>&kD`5&>DasYRK&v=>WDS>)!t z+tw&?giOu&)@GSpuV2HzM7{B7>cJ3-RM`xM^3z%p#|Bbs-Q(5P38j&`?6Cl~Nh@*S zbxo&&7R8oU6d--k#s;Fw*JiZHQgY)nwT2fAM+G%6`GRf9WbdeLd5GfGTC)4(YSdDy zu6`>FR2VoS7}&`~endb#d0^m(JMZa{AX{C2V_vD!He5)O_(6slu5 z;8$v^()-oe1UBy+D~mTAH1oWJ=6>1vK8$7E4ipIIEetP(;LvGZX@XfN zfj?|rU;TUvwMHM^F(RMlTJmyel(AA;_87+7&Q3%dJ1&blms&C9(x0Jfkj~F7a4WIH z8mTi*F<`NLxtQBz5h;sf2lLjTP;2d7kgl)=OS=mT*0brZ{85UL&Zf^=H?Oy`;@Q2; z(01?cJ*&SgYAB7zs`N@$5qLKd!zUl*RqUzLr?`Zw-TrdH$#`|hNRjrn4A^bUNeb_B z#F2GqRZFi$7M3&t9fb^z@7Qg?Y^_x6!ONE~YYRM>>l@ODHmJRTQRiBbD@CvfM@shK znF@9G!$4h6cQ?G1wj}n#4b)dBOG+S^EAb@qAH7R6p`u^|a)?H{MvF4=YCBAp&XUY0 z%OQMQT_`~(qbM1*v_;J-ct$5YRzZ@o8A=W}#E%bx7Qu4-iY=sWjG#bE;9RsZ2b9{n z{yKOZX^RVCILZ}eB1?xz07H8b4>m=pN5HNmS_x~8&V`r_d1<^v#+!go?8QbqUyE1w zrUcdF(ZGO?inYxGOl#z;R4|j#wXeQ6W38;l+OQgt4W1vfT`g8nt2p7&K=sLlBFHD~ zEwzihgk2CP%sA#d9DwvPI5db4>~H(SfKzr9r*x z2|`TWJ0!3jY$L8BT{q*uq$Syu^d*yCVs6_ueOAAh{z?fm`dt^QEkcgf%vjsE$XjHJ zT;%{9ngk(`KAQUTKQyCA?)@$N^T9bPIf6x`(KRR_5$@N$UPmX~0G+qK6i%yg=?~xB zv}Qgk-Mtrj+b?(!iB@M@V^D;XR3K-KKP0qx@F(I)9Pw38RuUiBZ}d)H+t!G~)7R*I ztjHu}W^;yRVxC_fqSPN8pky?}SiF_ys&j)FciPrSvuzdSWn(m@)9MRHm!x_XlB&9} zf3|lc+6KsUX?@|nM`?(!qzfPc#!IAB3RGz*V7r{?AQc8?YS_Q|4o#l7iIZb~G&;INo=cPb&3^vIMqaejf7ogE4}vY(B|Fa?{V+1P4FAGMwwxyAN}g1 z`Nb9Hq)-{-s*O9jqKmh5p?BVMGhJF-dhzn5SYq5US-3{dj+`AGJ#+fBxMDmt#R_G* z;wJL;jj%)gU423D2D><;zH+?i?&;yq;$jzDY>J%f(eXu=ZPdc_C2DE#1|F-!LpFaa z#95IV-V0^;%G$5eL}g*qx5ovXKNxV8C+@3ss0{;q8uf!!;dOFifwO>HGWJ+aatEw%iLaTmg65o*xRJ8J`Oi9B&%) zKBq~MU6f|At>lFkE*Vnt=A50GIW;_F{+*bd;0`E3E}OkGW8S%Q&pd1P7w|=1MG+WG zzCwxe1QjLSoJgF=Z7sH-%n%VQ#n}eKH%@iUaGJZXT)Cn~bMeE6kM7-jV9p*NA5$;6 zh1t82T*k8Cs5zyCtK9=92*-Wr4)fGC-)9%M2Hs=mG2|WHK07?%lg*6APJyOMud>T$U;Vlz?ZWEs45_g)==pO^RUgzi{EasIh^Z6pA>^ z+4o|xa4rQW$l(~Lz$5Fo+T2ZWr#t-W$C~>NxeyX#@6!TIO016dS3W|0l?Z)|Lo=cV;p;O)MUuRNvUi4u+IiHUL4p6lNy6D2qRYQ%Y{7*5tfI!yR5vNdE3)6GlS4iCbb0*e1DX-#GxvMM$}o{sZaav*`14>G>;6Z`cww*@#RH_<50@ zVLYb*GS2%FTdYtm{Dhs#2Cc46dy$OyNS`8iq|eZ2vXBWI>A$?c8r=`n9mIPKi+4yl znjA0)Qp`nLhuU)I*q4vG5VQRsjV(wDds>Mc_vM8j_Y!pZ;R?Y!IA0PtT2>v0CVmM%Jgfg~jwd-55Cy z_>C;X$ykdR*j=4{{PJ@Td>Na5{rSI<9v3nsn^CdteU*M&v@~8;_-UYG+nWkM+oGlM z@=Ng3D5OO4baO;o4|L?s%*lt&aZ$0ZUrc-L>A^E$ULo(sFF&WQ{w% z{2ctDW0c=@p{+XER#}K_w%f<Uh+LXKRGE9mH*C7 zObE2by}*0Bt}WTJRxxbpO+iL)-@eUT^!@6ppsf5nc)E&Eq?W8IDolg;5H*Wt5U7q1WvBEa=Jx7<296d@w%FV(2iV zrNu>lrB;sF@Ax7}sWc%@7!!eQC5fqvInQE}%aXG+%!^{RICj3x_d{@PR^ZY z{^QO9)hv}IAX8~e^hV9AI0j;Qd3^av1%D;~7y3_PuIL$G-jIK)`L5y*heZ!&LyJuQ zbb*yZOYT;Basj=0zS_7KrpYuNZd=1cu`A>Gv>DUk*nC56_AndftQ~98cDZrQ60f`(@*7Y8J>k4AHCmzERUF%ov?cK>Q!ElvfO|0(CQkH0IVXuWhQ-D+;~*u=;-Lq zK6W6{MoV)95^g1z?KQc4Df|r5$B1YFX-}U$BVCXdINHJnWEQB**NpO<)zrfKR_nA> zmW;l$Nal4ZKb>Nq$M%?o1&?qBHZV)3YQKOdCpd&rI9sh&xaurVKH``=I}1_e*hdW! z9EWU@LRK?kj?g`vfJWf@y$o8&z-<2}BJ z`?*Xg5eqR^b44?Hzi4PhOruZ&CF}2P3#Zmyto4?tE*&D`=D}T)c{#~c(^;*Q}Un9c|PYk%5RSYh3vKRtEq%8^zY`&3;!HIj$B&Y zfG?&am#wfYg&U;HyL4JzjdPYk>{pr`#o43T9noVaZoRnZ!p*Z}X?_O$6*8d2`3uKH z>k(!4Jm4OUF_pTTU5m@sd$z0Ipk{WKEM&i-L7D|p-!5V8ordHz;b@UHBO-L3?(XQ{ zkUG?mKbh9u#zVbCx#%+V=!mqsyo{O9B5Av_(h$pxLywi<>eVYb^+YJvoRv&T;ik?M zA0x4?%}b)J3l(}psy9w$(GV)Uh~OHMM(@G9ckkOB3Tzhpfx*GEqhrI}J&3g7KdQ9S zgjU!$lwA-(O;nN10!RX1^@|((iw1=QYl0AwJM5N3Fy-*uz%y5T8Jj7snjcRdKdJh+ zunWUrTlv8dC>KN(`nMd5eXVwO&^`E{3S1?D>_$wkn8na3SZy9Jwp!44aV#lg(Dig< zUgj(uJ9bXF$^@3xlmfSfr|Per`>VoFg`ZZ;ryt`FJJ4H=akT88%4xM_sQq}s7&TD| zHEc~{;N=y}yy%0Os!Cr&RfV659-2o@MGuEX4>UhMi!5veR{MZo&&*?3Bg3Du!!@MX z&Iql#EhlX5<>Pyg%XfFtlRKCfuyhSMto|xE{F3p)=wQ8so3UC`X%sJ^XVpJe%7M}7U$CP_F(No1%j0_gfW3JT3wvFc;)I9 z9;-}OBCWo-Fv(oy(@#JB%=3~_j7thr7e9>Kw{DlnqdYbyCML$l$DFFEPaBY+E4#^A zk(l#jeE5LdYyX7{7bNCAz+!HzbkacR&+~Kh7Jxw_W*ZxsLKxOxy?iw@F(Zu{n;DCe zS=rQk{rYugyPtph*#>i#IR3Q=+WHaa65(UDQLzeVwBwahfM@LEj5{$Mr~N*E_WW;u z`!DDDdZF!>pF&n!TXWB5Cp{olbnW^z6*(P=9}hW?>5#YXty{Nd|Nf7H6IL`RZ8V&f zj5CXjXGYFkyLOEu%Rm3|PXJizfDQ1Jl(9}(zbble!d~sR;t$7neyQlWqUUP-9)WR&Psa zZ(hF<^8E7UsT()0^Eb7Yrr73jq-qOqB#>{u`HkrwcnZn#BX}nVPz!9zbZ@!thadh2 z7y9#`|7b@|b0LlULZ9RZZ6wbS?^SB9|L(hQ2of+LCC^a^`d;@BjXROvQ&m6EuVyC6CqbzyHp5 z8dWRYhMA$EL7yHzdQ|*nK}c#MnJBqY`?0t|QC3AYmNYmra;C^*JXWD1y#Uww^kk#= zvo(5+-1YqV3!bv5$d;tBu~8^3ezf~p(}^w%vB9KYEF*pGaE^^Vawod!vFQ%SL%K8| zv>N{T^R}POU3IsGIcH zR%j*3ONZ~po^L_9kU>xbddRt~+$(Tyfk%@WV{LVCZ8!t2ZUvxvb3`zJ400A*A++EL z{zyATGz#~hJkF&r9Q?y=$i#;~xM>COAPMfAemO~;@nUcE3B02quO3bK!%eEIb8VG{ z>IH$5%wYC7q3|R)<8*l^2C0{1zcRKH^ETSAoAFgFgQ>Y#!YFO zA9XL!QO0d4%@PV!f&_l+4KFX6Gu7^W2nG4g8_J{5rwUngq}n_74V2Q)~vEP-i8YviTCOa^I9uede-sSFV%8hv-2DmdClvf3ONF(8o=E5|@b zxYOaW!Wh>uSn#azIlKy)9WMO`EOEi*UgSybs^D*QZjwQTPiWZCUy2S>_-ElX=qv|r zl3ij;2EmHCp}L8b?QO!n1W^`TX2J%2+GDq94tuv6zT!>ni)}GxwOCJ%tc~;)eZp$v zs$;am&-QbAg`XoiUK;eC^)QHY7Z;JYT)RknT$4al z{P`afOEz{)$1mkVUsE(h;G%!92n_W0I46RceINS`PE{n5h=9fKp`6dl4T5FaS_`Wj2NWKbOw2cL-n?@83L6}|l{jU5Os`(M ziZd{o@lY|qWv87od$EEsnX!>wyLOd(E6ZIh%;f5#85oZr zJ?2nC=?1f8Yb@%0LI`xHN}nQ#>J@%Y20t;O$!O^cieChwyFWczeHX)vcm!RL88?Re+uWe((~$d zDZIf>6<##_YQ77cY*-g7{!qz36+IXQl{_4*02V6#U_#j&JrrXyVb2mMVcz6#XOj6@ zfsM-yYe9fvc;I@9alTv9!En zB&08g;pCM7tMFMkuueqku9MfyZCj+h24fkI*aZTH0H{E{E;q3#{_Y(q4s^(N0eN~4!Tm8d-XEBxPQ0W#+${yl6Y^9<^;E|n}-!!U3<~1}gn=|Mf>Q z^SfoD=If`AAHRI{3Q6$zbdt{C&~R^Ge=!Lc8H8y#oLoCQ9r$BowDhr)s=eJVYeX_~ zc2v0hyz25$kY;olLJI~|+agk%XFcKxzJ{47NzsEzI7`4w!u5@BAF(!jU;I{oYhi%< z$c2mv#$48(Jb6MoBGQ+H3RKibGJVEtq8I-*JHb+1?_xaz?`PyciAl*&qJb6~UYqOM8Y=evbNJmx$Z%$F8(UbFAg`bLkih@y}g{tv#ko=@DF3K@MmlDmW z!muKC0H;--Y;D|yG9F`k69e2}g(v8)Fmpn_zgWtn5*%CpPl*W?Blpy?0(7RDv+sQs zcDZzhR#AxBb@OG#{|lN0upB&reyWX;xT=B&+#Vd?&%eY2R15aY<2K44`!VY3#YjAK>Ktg-Lc#%L6ikPSLoCUj-8tf2iT%*vfCagx?fEq&E!^4NOvkxba9eQ`ZMX{A&uHoSeWU zOcy*vg$yJonAk0e+2B#`$HvCZT;zmn*BmDrOIa4``mEM>bpG*=zc<5jyBr%EH9MD* zy)j=q_5P24{DWy)dTaJxno@uN``@bW#tkl~FD>2KFhe%rS!mw3`{mNq)acl#yktf1 zz5MNOzXyf{U;~4qOvhKRUY?tqwYF#4)kbqGsLr21Uup-264Yq9vAmIy-z`BxOjE0O ziZu%pHvFp8FY!b9A^h~#ww=gWa#=FupXyPWBB$}J1%OBXrsM@T%=n}N%>)eR22pIx z@T8*xaMso47mzS4iDENlr;O4lji)TxpsYbEFwu4P+O@0h$q!^R>0!g;3Am5}58#D` z=o%Qni@v;3LFbm2(}|EsmUQJLyLMQ$D65-__u-dU^i`FhYao_W6x!2k@cC6WztLEu zuec@{s>WmSVz&{_MmvKV$JiGdZd6y@92f?WwAm1CnN+|YzyiZ1$j(}ERoP91xm%8Nna$(IJ`W)h6miI`9rJ(vI+*zy z%{DG@x^L#u2SCqX!}^zT3aiA6Id-HMFP=Vq!pbCyDiXbTajL81RNy?ANAM8+jtq?J zH_M9;?%%(A=Z+mp#8;#-a`vn~lGy$+HsrALXMbhCg&36Gw@y5-6Hj!Y_p-2g`5>h@ z5}wJKZouV6wQl&6D1!B#+X+#zRzeC_irslMF?pezY-IqEt=T?HElrUGwoloh$L&kl z8IlwE6-GGwH2i_KZDYt;TZG{gIeuZIaH@ib8bu-U_81gF)*Ue$W-L)h|Ghgk)bHFs z!)IH(wc;gi&jMUF7Gm!dM&ozeiZJ`);#nWC+op<_WJsoL8cMM(n@!9Y5wL$~kZ!0( zy`MDDE|&k#aXv`|VsMp`eHER7YD1&>-S57?cJ1oO$XNv{S^B$o@7=%W?6e0oVlLy9 z9qK2${jFQKiK##Q@IOkUV`>F?)lNv|GkpU<8p=4WJOi@6_6ZE&(I^gTj~+cLJ3?h7 z0P}B4At}YAXj7}!zf5Dv$Jj0+#_C{S4;mOA=wwDNv29mKUI!3@4y zzWNPbUB6D`_|mv+Zf%rR?LEl#^g>yOg8vW_I@+CT(;u=Zf3WcTkDXQ_L&TOjVhM@C zpFl!ZuGqC4!sM%5I8AVy+@19?`q3zf{e}wTDmyN+sqwbX)hl}YO6V=mW-TZh|^mR!_3V;9GdzoNxSj>7hWRDt>YT6hCsfbq z$nu638kW#CmO$$&+$?_co8Ryv^;HrUH!tImvomKb?K7$S^~NWC#!5bX>eS^cmzlJr zDUn$%*&-e`tn|qkX9(kBA^|c|q`VwQ5R^2dqhmsju#1VnhQ}vU4%v z7Q+jKEsU28rx0d4o}glt7T7d{t&pFqGP#l{M;dUR&KPVI@A8IQ%y-{?=RISbVj19u zhlbRyMv$ll<&{UCrm@5nhxZK%h)S2YlbpjVt6X}M#L-9$f;?}O%!yV^R(P>W9p#)F zcFJGi%xXbboKURc>J@dhMDS9u#5`7&pi+pn)F4o`r-{jlZ@>Lk3)RAysQI9^xnBR! z{`C~_qR+C&jwwH>;4hr4kZ$S3_&s*~tx#d(_t?RoZ0#81zkQOH{4>mDCM-*LCNHJgrb0+C z#hYQJH@%wCq?f=PXXk`<_&S!RhQl&vE@So4ynKS&CQ94S&MlV0tpZ51)(f%T+$O5G_5?Ux3tk? zk!Pd?ym~pCsuYCUZf4gs_bwG#x+5~Fj#Qu`S-iB5r3e+d!=+zJ?vmciE+r(3(4!VL zY7sE3A818ck}SY%`h{}k^Lin+lzL?WNhyTbpiGaArftf8j2>YLw22d_ieRfAHF-Bp zD9L1LT)D_wdxGBLv}z@WjEZivM~2WqA-vsGQKi|00XPpN=UC8drTaFe`5GSaKv!WV zOG~w=TG-CgatAqomjwJZAnMq)5mB2Ei-&}BhKlI8kMr-g`knb$y}90JNQJKIQM_rq zOT^U#=6(32CAU0wC_MoHn^epu<`h>f?dM(y6S26e0;}2_p^c_vQ#N6yhylfE^}yQR zppCSx)nm<7`kD^dSNXY&-!k_(5}Ta4EIQfpip|m}gjB|n`ONBwD5WuyO$Kp3wYj2$ zII^^`U>mkj{piO>Zd6_>(9mXX6;PE`uE5KXERA`DnND5_><~#>Qe52l-&bTA_jO}Y zi2J7I&Im1mi7l2n;Wj6#Tc=rjijx#Ms;7|4Mah1hNlY;JddtGWOPpB@(yZi zUtzUiGLlLX-wtYhIjbv`#&42K^nUj2zQGd(xuQ|cScvL)R+Wiwy=?^zrN@<*D7-ff zxdBWoFJLJi&!@!EBdDB|IDfRcFRT_1p`X%#se48cPLg=lplFk?CKQ7O0IC*G!In-n zdhcbqa1t45G}o?OwUd)o-0UNb_Y_qO-<(tVG7~!s$RNwL)qsJ3*EG1yGC8gSGk9x04X!d<#4}+WqS%@0>{(5Z#g|j9SK2;#!FRx zj{2m$eWo{L98`27$|pHQMCjZ(rCCNms1n6#6(vLS`-d%qm&v})(KhnE0U8Xe1lp;@HGZL5dneE`_uN;Ndct08R9OPEfPY$KSnqO+; zyJi1WPOB|L?T!TpcaFpNBnr)AQ`%7f@=6{aXM7y#^wEe9nsChE{}6bsso+1-^j7uP zQQ!}0H^-&yV=Qtgg>i0i*{_$nNPMP~66I$Td;W|^s37QbHXG;*swL^OG#+(+{;~0u z)=4d55@84kH7DrsGqACnq-0KZhtP=D{6Bwj zfSP(aj_{8GBsW%7q>(9VS2zcn(5}n1yaLX2Y6)4_{yS02IN<*IFMqa#AUiV7!s9Em zqnIc*i-%N}Qb0P9oKcYiLGENX9;sjhSeUmQvL*ytPw&8Bzg2^p14Kl4?baxeBozlf z*~r)mr!Gw~&084gbDCpUxT@fmTqO*sQ>RZsWu#ZJ^Wa8C{`jXqe)H`&C14e_fTYhE z!SCbTw~GG1i2gq${-BDZFrR{>ejPJ-fc+s#j~V?v9kL86F~xzq~=v!xPB74FMdCD=D| z?p&JP69(@aP?a>q45CH3Z*HTyl;hVYY0Tyg2pi@5q#?dquq1>?;IWkN#w9@k+b6B? z$z?rKjM`FKX^}Lx_dug&7D&8l+>~+>9-eTu)qOAB6I5WM$QZJKM3YPUlKoi!!j(qB z2}JI`QPRV0x(+#(o%aYIqPX}H!EoX&mUxj6TN19EE<_8w~gmhcCVkE4jE^^yOCD^RYY?nPJp!V3`nN z@`!_=MV^i`k^KpnWV+p3qpDnAhyk;VfU4YgIQsZ==^IKtgGc{B|4846`Nd;;8R3hy z>kBL0Lv~YMxf)vAS0~@5AdwsxCR(_@ri!ekjhIU+bI%~g_iJ`$W?^K3084a5B;MmE zL~P{aD?&mX1QODS8(;kprQdgV+U`KmBSiX)|12zWTYn$&ZTFFX-Yd#JE)!+r)8^{Gf@g9+W*%WQ zV`>RcV!x%`fz{M9n$ZwqagucTaxnAJ#(b9mHN(>ieiH2u>vRxR?Mf1HU#d0&-gofm zZeMMSh?@vId=TFoH#M!Z8Nz+P*FnaDn5K}AfGL16eD>+0V4goeVRXb~pX#<@f~EBL zzoM!bEXFl!wzIjsl>i6GQPy2P8C-Tzax?XtgDX@U&ht(SA&WkE@X$c!v^qC8Z!0F< znHhX+?9TM`3x@-6U{xvVqoz~apU@R#`(z!m{-2K__)1!{e}apV!br3+1ni{ z_U(7yUcP(<@Cxt&M`{s$q79bwRf-;aerKoXs>4J5r-!KTLg&NY(`O4J__96hjm`vK+%!K58jDUSdAh8`ukv`*@q7;r}9W z$3x-YA@j)_b3^d`_+zCC)ul?Gh^g>X(L;&`)p$8n{t%2Q#88~7Lnxs#(X(JVZ)kpD z84Gi7mt)w|I@{B`F^2EgcEOJe3Y>sSB4C;gC9hZk!Dl0IYV*VW^RRXAPeEKg~3$yz*N4E@MoY0};E;CVVfVO<_OJ zap(THp59ZZ&!9-a%4G=T1(4Xf?JDqVg9Mu5S7N1gcXl}% zc|2jp6_xAC^wP){>HPtzV@=gvXGYF8bIgKgn_v^P1EL3Y>A*_<)J+ZIujKQJ9x8gM z^iwPW859EYx7rAx&^%EVmIpFa#w0>Zet^3 zbNQte`CDrOz;i=Sl-S79DBdI=q1PN7JU6c#VWlkL4-Re^;z|~xjx43{t%Wo`Ww9Ie zLS0XfzfD~bq}l-BnBG7Irw3s`v@r#?56H<^(iY{)j-%!^elIDD<;35?|c2kVig8XBOs6z)^U%)xcqg!lbTk1V@AP*RTq9hbg0(98(;#Gx~1MY%- ztPWMvNYhuWbEW(!hMG(E2>y1-?lz3+1?qpwyw%&bsu~B<3*L31*3DN z=iYmBI+w)Ur5p1*Ro+x(D&eteP9aEeFxp2?rjLX6i7z-0SuDk|H0Z@dTGRC`g7KOPe&Qsq)fF*TT>vQ(2>Gx;A%S7P zKxCYoQ-Yn}qvPX5VQzU6*r()Zq{W4K^tZgStd_~i^DOU+E6cp-X5PLT8eAqrX}SV^r*t-p_N>j$!y{XWm1KS$ek009Q^<2zyp z+m9iO+QTdi;I_7vrRAB~2++u*j?k;&V31fEDQ)X=5tTK;`!bZ=yZHnKpWM&ERo2#Z z>*DgerP!O-klTYK8&`R#(}v#pI>v9Zt-`p9{UKW3M4KVZN7&JDlQJnTt-R}9=@L-5 z$!oEJ!u`C_9c4P8SLhTcXrb_ZtNPj!Zg+66u^Y8nj3=$0jQ8m{VX zPBr1N>dcVhvFf9uOh&?>+GT-7*kZvWwv1o7C`Wc!J$(3RdU~4Qs$r{S4B_0lI3(@r z)hlr{+3>K&^3C-!BCz)LW*F&!fr@S8pO6z*u3T}V8b4Yp8JGj?7TA-c|HB#|e|+i) zLFuu|#vcNak6CX6c^i-LW=P4mvbq*pqb`hBG0ft(WcvdCpN$1wWk0X*c@+6G(q>2r z>qmEp84HUm^9xH04g+0%Z_y18FpbHI&qq-B($9Uq`RwV(1{HQx1gnT>-2D*kz>{yB$;|Hc4s(anaf zyhRmM#css_eJ`98lF`TTuFF+19i(6vKS6Xw9t&1brH7FUKahYLDtahGqoRkyrHABC zK!}Z2am1zV;A?SG$>Q<~djUT)_JUJGPUx`I9QO1``c+;e@^o5_Ll*3s4u8P#WD8tC zm)|2!&wvDS`0a&DL5CQ+L*?L=biLchE>)2$q<=b5Y}E*B=F!K`$(yg?oc2gx4Jo83 zA~h;)Jl50`&oy1N^j-R$u%PL;$Qqe9dN6vnPV;i%8!PQ$=5xtyRM2vfne2Xj<*q8Z z029tViv)C9D?`i6U}Nq_B4OMQ5{W9xg>*I^d@GiyQfZx*0KwE=3{?_`GM!)ofF-U- zWkRXlIsJRB=gUkE;L>&}3U`Hn2z@5G}XI`G79z!z93xTFa3(RwgqQ z=T(yBZ&OpEN{;Vg#+EsIBl2gCNbGFV;-tccJl7>Dr{&Yaq^{&$8wh}tMPJISsJN#ePi0* zZQ2ik+zd}C<-;^hl1O~sT35(0?^c!;mz<(VDY7~!{#r9U8(Hcl@1fr20t1YCQJdZ$ zqen}pPQYAPT(l%i>a!@@3_Rh9|AbgUA_nCOZrMX624Q%tN-2H0$c??d1MX3H{vWT+ zj3LJ5X`3FKORnxe7Xye5+Vu#0l2ms;+CI0ULDUO zV0$dG34R_MCgZs9qB1+<$ZX;;+}^f|eH{daVsRW))9ELIs`C5sCZ?2b@$KwF5y zp1Z>InO;PG4+64J)q&{*XHK`mOk4Pn-(W|TJPZj175kts2T}v8{&#~s_hBp~RrQGwIJ>+!{rtJ}wwb$}ZbU>ZCZQ-IL$t=B-H#u0LOpY4Lz>sPM?U%YqsE`Ktol}q{d?c4M%6J0ezta&*x zd0yeqpFNwMo#79UhKr9Hue*yEFaF^Ve-M08N_kxgNINm?#~*)mCb*&qU9$M3X&mFe z`|ex0IJ9*;cj*1<%U3V|{`bE>efpG07KXL7aQP*_IZ43r3*UYBoioX0=Qnrj)~)Gj zXc^!b7tXT%n|H(o1SkDM4D*Z2JXSMGXl!DK^PFNr>v9!IK0Bh;9oa3u#JiHW7tEhZ{tH`OBYg z-n@}Ijy1S2iK7A#xG5LB7@;Pk(b2O)kNN^t5^zqH-ALqh%A9Vz+gZUi)+9AGHRaQ_ zt5;{aqt4A0h9D&$+2U(1vBH&L$jjoaGt(azc1CsYv5VNBAyjj(c*cKuv4fdb$e_w1SDb_z?1`lwyz+@?*)01h%hLBNDwWU{O;Akm&w=X<~W6F*Mtuiu8x_n<=#Bi-`aLh z^iz!&Ljf6-IDZFB530-BJKCKLM1EcG2+uR#U_{eY1w%b%t>VJUa6p_T<&s=WpGD5E z#zNShhP%UqZ=FjqZ2+TJbNHthBc~mk}1g> zzw-LsHhnQ$`Bc>1C^t*?i*?Azg2Y9Jx{JK@HRDqn1cSfv_h2Yb1KEmDsY4N^%n@eA zT$u$aJ={iWMB`4ba{270)Vmg2MLpt6Dh%(~l37Isa*tBFZ>DhB!?u-ImKN367Aj@Q z?xx(=Q`hUeJRDS48=Vc^5U^zy^;^>2&y48dL#d@@Kfm*K@$}{ zU>%1dAC?hW;s2Q7zq5^?9>$4?P5J)){Nf7HeYm}^v!^ESm5Hp*cX$2ohcorAvh5+u zC(HekGCw!(mh>Ua5HsF|Btt2%BDfiuTe3uhwte}@mY$#l@WzcpoG>?WzqCZ`Ecbqk zvjwMBuE0)a_J$iO=b<8*N@;;5BM)(S4WC!{{sCS2p^)Y~2BNtfBA zNWF)Qqhnru;bYCeIm?9aotBY|GN`H~{oK{_C7$kBO`l3(;u+fLV z6@Fu0A2(*gwQZu`U!{vqYKqM2aF~E$`(XDWarQ|;AzLalSK#N|!e5Fzjuf~o~ zL7HFF1-F>DU>`WSKbA)0v>+gn*8=)H5%w|ctVSlu)>4)?Ew;lR>uxMX)zR2GYBB_L zmn%iP{a+LL802i=6BFlzJ2lYgF+zG9VuhchnMN+)c`8QZ@-i7q_^rBRFBr<1Du9ov zYhd8)*%6}>qcGkzO@Ww_O9I2wqmgdByLibXUYr3>P!ZQP$#jdLjcH&Hv$0;YTQ*V{E}O&Wn(Ha=5xU= zd+xpW#2ZWfZ886cdLm0$Tlmw9p}xkMRXm#5<)TtAq~RXG4VF`^d#uBYtgf2x0;72a zKH~oqF<-Y;>y`R4uM^zA^(MCD-%n5NEvfeFE)=oGEKpW#Qe%)b-BjbHiB6jEQor3l{3tQRsm7&bGH`ECur~6l|7YeGXBU>3m`=YdjXW!a7Tfmv& z0ZpK;Wa!-ex6Y`MDnsvK^-w3BsR5*$#6$Co+I_zFvkm;)q^^}yrQaE!vAnU#RbpHG z=SybyxEj=~CtTa6Z}dp>SJ_KmCL~HSSJL858f3RoYHS&20e46m+8{%DWGrkHxN!sW z5V3;)l$WKhMvcjiVm~Mwu^J;$rgW2l#|w$q-hI%7Qd*K!hYY9_Fi7zHem4H;2^PC*3yznQmG`B zN~KbvpO24+1wREpjWP7hkDunp5J@MCHJjV--@IEk5f2UY;reRRNb!CN24EF)ORkUq zm%eq*{t}SqA`L{@?Xa)HxE;L*I2;&Qq%f2n`m_rIr8J1Jg^=um58JNJHTByt30tZS zXM?12qVb;#^nJxjYN^DTyB0IfYC`f?%)De(Fz}TykVcQtHhbUIW3~J>*I%hiMYl3V z$KG#T-jh#>C;i#d3(xlU>dGqlgW1Orm*);MixUvcr4J6yq@xgF ze#)T7U<1!)@$Vv|tQ3BhB`e8dokf=(m0M=NiV!VgJN;%B6M2tU3;B}b)fdS(Va zv6+fKHXOX^?qUftlE)q2tM22bdwTWSHJzF|Dc(jW2i8+l1woowxt&n^sGQGPp+Oen zaPcY4y6BdAC`-UIGcywt6W6X^#}SD}J@n6i{&O<0xu2~*vYthq&!RaN!udUVRw^-b!kWRe*L zRb3PEJs`dc3r}v8eL?Bvyv5%`MVJ+cpKhWD_2etM4kD=CA-Ugq!n_5=huWo$*^-Kr z1;?zk6?&!CL?)hr*q7-~<3;NH&HSP~C?`=*B~CYH+6Lj&%~U>s-LW7;=XmJJDV2^vlCadzuLIn8=i4wGRd}yg}el7j0hKEBiRPa;qQzwhhrH6XjPWa0v zL?^KN378F)c}&_TBF5)tkb<8&HV*m=eh%WK9&&X2#7&VhDNC~kh6AfuQxBGFiONBpSs~im5*QFk2k@&g&)hu z{Vp#l_lJcnjFj$RhN6MV)iWa4Kjmaq3^|X{-2E z@hXq3>*YVxUq!CbWTF29<D`+{hxncc>8vFX=!tF!-cvU zXLWVO>sm4r&)O&!k#ZPWSCw3gMjN8nM7O;8QyO#fz!T4i6Zcbv1{fzYAf9ah(p$ZH z_1fg*glJS|A3l6I|LWD!(qcbri<6T#Zr+-hoTB=+vA!a?uh||do!2W@W^-O(bj368K2h@4Up_5XZ3}_P z%SM;n6UUqTV_N`!07&ZQ)<3L#>rLySPFl0zP@|umKCrMqFvQ;3DRk2-QawHnr^nJs zukXiH^qKc!I!wzhqY9(ZR%DFOWb=x^aFWA=NE?WGBZxUdYMr{x^aK3mumitMsIQNE(@6i8@w1wXAA+5cYfvmYO=Z(k8Vty#D0 zy$EyLg~jrR?oFQwIt7e;?n zAA|mGc`d|KCz4*QB0{>I&U|abk)eU9i(}&>A)g3+)laPJk5#3-fPtC1O05IhkOCtYh~oY~N~>is?R?rTtc=f~9Yjb;-9a7_gRgdN)sz`xb|7fqpa~I+qP( zcYZ5?E@v0nhVppNaNl_ptsMzv`W=P2ta)RjDnwWOgl4< z{yrLgz`yaCrAgkteM94u)ialo(F7IYC@1!hQa+$4mtDPj^~%+& zL&GCo!G89RjEvGHl_|1M_E2Z1XD&sSeZAAuGwW-sd#+x^9XsmMVGSX5dpu2YM8aPr(i~O(zG+c89acjZLt*s-@qg3Rq z#?cvR?@;U6*bKcNSURgU?R34+SQ0RYnLtup+ZSI4pE0hc5fyoJovvm@A?Bm7f4Ukf z;8r@qT)mxXAmW>Gu3k%>0VRH52#fu_Tmc`{2(`)*{ zf6lgZ43b9A)s=6a-9A#+Iu1lm^J7eg_3+{^7&s3YFd|g_1$R3(I;77oSwd`VVG%F7 zRC8p=ey=z#+>B1L6VrFPC8)zk2qr1$#l6#v_I%W>x7eH_5h88Oe1JnUZY z`Ne708=BaJ|*A0HUF&O<|#Iu;BR3>+N;MQQcuxGFIV1_}lW1_}l~ zje&fgqq4f15|AKRC9(#AC*EOc6<^D0C$9I?;LcDCI&HlJA=iKkd^+CUs-WRcQZ*IH z`ojvuD#co5ba=oTrtJk(`(!w2hnz)@2m^V*44kw*uL7_W7(l~m9b0Wq2Q4=<%HpJW z3L{U{**$ZF+}ypf8g9fF4W-dSkX*34g`DFQ$d3*~wB6l3I5gBhuruazqLJages>}1 zO6j<0$};E2+qm>(|0g2NT(Brk5};FQh>`_}_>1la()yggR!Dn1GLIwyIAVsDNo-a{ zT~g{KBo)U?^p;S~4d+$ua`|&YG|tof+K?^kX2?F5#Mj~q1_}lW1_}lW2EHK%Oim^^ zlbk8cBu(x-*dJCFusMXP45=@ z;gUwHvDgqRksAu&$Fpi4rCWIJkoTs!8;B~KZi$E?mLlV{4YQ$l}~vUpkq z^;h{G>`+m{C}bQ!I18LMk{|v(VD+d3CL4BL)i4BZIWLb~;g6N?kBeFz}Tya2`b)UkSA(n}UIYfr5d8frJ5^ zFaEZt$9ZBb?AG(wi>?)5Z`C=ibBG~g0#+Wa@!7AkNU($smv&oE0ybjtLGaQYNAZ*` z7WSQ4*^^{0t*kQzLH0?Uf+S=I16c@l5>Qdf@No=SY}(gx5Zh`N$s|%~&`K;rV@2Aq zvcMm4#A=Aog6R8u>oTSgIFgHrN%XWe@ZJubIC-5+Qf4tsGOj#C?Fp>RBPJ&re{zil zvuN^XB+ggI1OGE0!iw2Z&89-!h4&wR(350vj%@ z-9$#o97Wich?)j8gbfZ4nLXLPu((xHjAVZzvIy}Rabh{}4S&TI3=|9$3=|B0)Bf`S z06+jqL_t)1V+@!~O`2xBZMOpM?2yFpJD{F@7zh%7 z=xKjcZ4*=1cr+`&$Ky3a%HOYwf#7(9nccO>MdXFHzbf`iW?u^fNum{o1}O-}k`Ud0 zt*onjVjhW8CB1q5=voqLBa`FjbRlUnrDjK&#s)c;wM+9$goMuqJ(V4D3G45?1W)Vm z-X036y}d(T3|Zs=Jb7M$;pFkxW$U|?@D>){J$v?iWn~pSIr{2T)gmXsL#nnMH@Ai{ za%FBvC{9Aj&UYD*N>=*3bmXdg*%Ap3;K^PwM7ITSxM;6Pf?epVmJF>~Zx5=F{NuAU*L6Y6uibco6t zYl{N(zjR&sy6ot*J$UfT^XJc(mKLej=~5w+>*{*_`t{=CV%FA8@W1}RnJe_|pSq`^ zdo|t2Y?1Zt3v|j$kf^$cEtIY9P}w&jzJ9li8J!#-LE#;$92!m>?^ivhB~ud+yQiM6 z9lLO0T$lV%1x*3jny*O#Hu`&ea4dFS%v~49+%}ffO^<*dql1hLCsR|CjJ#5r^)w;M zdU|@wRTylq#!13~J~^&!^vW!C@DG)%4dDiqYW9`aQLElDDRf4d5bUY->TX9Yc zzl%}Et;YGxBP^KfEq>blB;xF?5*et7g@C2K#e?;I)^g(^1Q94KFUgP9-xHbS#e8E; z-`rlQ1fw5;FNu=15#egqICgIjU~_wk@L=n`Wd+Xo*tGf>9=kF=MT`l|TJ z+dD}Um8kvA>o=atpkH%@T;y5AScK;6F%0&PSgx*bY%DLw1w-kecF4Ue>LU1_o|+;P z7wF=nH*em$3N}G=B0P?Rb3|so@_>w%m~C*?8rhk=h|-9{t-vjCpbYOizIUO8Va9>&Ont%0@WKbD}PtQz~^5;~_BXbCtNNjOQJ~K0|B+jMULv!0&NcUD&S)Cvt5KVUK2;fLEYe60Wrf!xXpY-uOSHJ%J zs`QpblqZP(OL^*~ko<)n3VqgzqR_+Xq=&BH%F=0&5N*4^awDuI)mygszYGJJ<-iHx z@^KOPfiHt|-cn_}eFR;YCvg%d)&|@F)dncv6hymFar8n5Y~gFEGl0XR*S*9% zR~WD$CA+e$Rcm{=Sz@!dnr-5uqx_HlMULcWSHX5NVTwb*1O40Cd|I;zXZA0wThV7N zRq8ugX*JKPJ|!13Y<5YIWh*^2R+AlWA_QWC*plbVFZr*h;S1L4!x!dfHbvAUM*0yqkL#3FT+K9%8o!f!}(L%!7*63`N*XwtCR*;$n8n(db_ zUtWLvRs+!-}MJ>5n&GK3*LnXCvsG{Yk5;_w)$E4qY4>kCkcXT?F4uN)(Cp)S2H59ONrWCFJT?%Rw<#;8^$QAgd)S4^7TX45IGQ3S^pr8=GRnNH!eUE@!N zlSg<|QQ^5=@T%7;8V3znF!b}b? z_$m0QW1!GO9UBMz9l{TWm7=Nv&ElC*^~LK&YK!cx_6?uMU0c|QtK9ng@$TVLGx%!_ zz)}JfrO=S~9c-YMkfXGhI7uBg{+L|sbA)-!o}S&kqpB@XKB;kd=ex%;m<$+LOmm{?GsU zKa55Q(TJLpc#92&$;nA#`m0y3&dpsDNMZEXUmyPUuiwwl&o`;QQKFfdnSc0)-@9v! z?EB@*SAYBA$2YHEXK1lOI50pH^z!9Pw{G3Me*K#5B9gNE_aFT7%dc#oIOP40|M-WS zH*c`UDyCGVX@CCn|2%s1czJorX28Gy`@hZ3UbZ(N!_=RzY z#jjt#e)sMjWfuPS?VJDp@BdG|bQtCTr+@yZ*(+Cad91ru7gyx|=+VO$FJ7)JufSmj zb$#yIzx?w*&)t}#DZ9S5_VCw-j~+c@RD+%_L8mGc{Edx`U%E77m*TtMd^a*OmbV-d z7WT>7Qph2XFK(|8(6wnisTZr1r;d$-{(_%_IH`ve{M4~=&|mO#5GVDJf}c7z4*I_g zKVgzAF^9xz>9*Nz4CF!JCFFB4fKR{!XcW$dpB2F8LMZV&iUAE2ENtYFd%*tO8qMWT zBTD*waM@Bd>w!f!A0cn1Wzx4guY_Mb>RfO8I_px;Lw36;h0W zyT{U6K6J)(+qa7=o@}qOgA9l{?qeA@zd zeF#6o1I5uslpgom<3sTegB@Wd{)aG=!@mGOcAvEfg?>)Qp@46c(2LngHC70J_VVre z`lkL%_tXiMV3|YNbk{ON|B-J5q}hLLbOthRhOKTeh#LwMLIIzed^|(+j z&&sS}0lq)@=Vp(L!>%8%tgl~C-_DIcr97p*S}<^)>9YkDZGSx}i|w{o>?8vW#x5;V z>iXvOr6vuA^lMD^u{9%uYS zOaUn_&f6q}|M{n%pFDZu5H?vF5t#L`T*t@9D5|cnuZ@q5I*LudbN)vglZxKEPMlm6ZBetU7^;>zk8Ln%M}?Z+oipDL#%b1tO#{4`%} zfC)$Y;7j%R(c_FEG5S3S^nj zUp)WY-~RT?FTXH2!8D6z&?TV^Wa4`^SxG!cM$(o;+U%53q30HQJ`Q~rd}d;;I(y(Y z1_nQ57_&p6w?c1)9-=QK8vs09=`X>U1uq$+M4ID+7j3YYfuZ8Q90NvOTn8QoQ{h=> zD!v?ONeKga^^>NyHsGV%R_G2cE^pFkwZwwPCBM8f^HuXD*Eq1G%cNG#Gi;*>xw)~I zlINi4P`f+s*h?-5K*9tZ>~NAK(s*yn2a&YYB>{}+{)1D+NgXzL%&eM)#z0MJYZ$3{ zTfnyERb4U$lp+d{%G4IfX9Gw<$k}MeTnnu^&@jpwo47sQ`l4N33u65;rcN$=o#eMe zde&#c_QJQf-PU3$O?`*_LG{%+UG5S?C?SB?_}>gl z-q2h9GMq@o*<&Xq(5$jvT}Zz8WC0sr zhd$*gFGO`p(a=z6tbROG#lwh;gew5v7yt|7BZHyN`+mpNxv=nV zW33^sH$UbnGXDixr>?`#1CdNQl&spY!NsOkb5t?Mx^EoLWnnujeUDX4C+JOHik=_` zNm#Be_pm|hENE;$e_(>xiZD+FgUZaN#)!bM zvl(9@zK+k-5)r~9RenwW&hpP^694d4jf8>21M`cio@T1;UELhgAsps4Q#|{6S&=qI z#ORQAi%CY)Kdlm*eeutzn|6nXhX$Bliv424K?o#zLMJ?2*KXXH7-B>Jbi~vdW7o{c zsT+o=3+YdrE zG#lCT+}si=#`th~_>PZh1~2g&c*@u*_$l<038K)$=^7t$t6^5^MsTPn6ORJb% znvwZ1mepsYx1Ya1dF+RPAxB@k7(#tdq=ml^M*c9g?5F>{%p<{!1)oonaAdtxcV=DJ zwH>Qs+qNr}if!ArZQHhO+qPM;Z993->wDV0^|kp2*3Oz^jxl;adI}l(jY?DsMG9O` zkWy8<0c!s{$(MmMQe{%p%n~PdK+?~^7-BL1crNmgq<8(KJdapHs| z(tT5^{*(Pii88R~I4c5kgAxS_a*ER&8yg#@lrt;O6p zxGolWsk~gA33@mwG=H&vp6T1#aPavfc^Qq70xK^qP0r=s=2#y3or*g#fn`!cqU`gz zPDMrKYH?!>WG${>Rn6NrLBZOprl#f%o4MzzPC&o^60@vwEy)oeTNYmK&*v{sGuGD8 z@OXcudfR$^ZJVZlW~8kUCW#S^=2|dOSEb!`bw&G_NLJUSS}(9zuVHUGKCanm_cXO& zjvD6ixjzgg@OcH0s%};vYQvw)rl?t<^CE!KW{xP#^?-h<^W~pF;QjtF@}U3J*?VCY zM)i2zylWoF?=k^mb_t2wm;)5R(y*>KNIUb|keLkwN=hG*?!0 zvugL0nXGs(HdNYNd=iW6bME9*?L$z{E}i)bjg7U@3gDPS_zi;E>fPMN$}j`$2^d2qpYBffhz7z~)7 z@l91{6&}v6=*L?|kLr0ngbh9!9S9p``X`#ku^>WE3^9PU9h}whC1MJ#S#))kh_Bb% zJ-D?KpOb>JBs~O~vpm~F_AP=jku4_sU0;aE_&lL*JH)nP)WzCn!8iKRQ#r~*aF-ot z(+ip)`c(P*IK!2PT=6e&mG(@O=>(sBFzF&^32J1AUj}=&_J1_aVsj%2#+q6)TU=We zFJKj{n-Za>N4QdHdv;_dV&RTi;k_KIWW#fzPjRAi;m)t-a@oxaoXU($F=-`W zY%(8tlq|IRYT=Q0v1=a$Lg;yeyK_KJrbBy9-;jXYcSASQkCZ|FvI z`=kW_R^XGD<>hp*7!yII^b+S>R zl0a>vYK@eX7A|g6cCRE6ANAx(oG;lg1sI82@2hp?+_FSs{JgRhb*l{MWSuO~al3qX|JfNoDl@3)OOc#@ns zzu#}hZj;Z->KTFJOl@Ui-Vsu*`NPWlww6h#!DR8!ME z|8M%bqUZ*4^hdTAjy@JIW6H-|IV89Y%F5e8W3DMfsr*pP?#WlVkobYQ?(}GCEbCh*FWsXq3`HOaB$27;9(LyaUR2Fsit%4_ zX!*cpMc3{KSfYxJLJlOz+)v4kSSrtwq1!ZzKy*WO6=C!n8@Gh2-_!}*r&E{nRyc4Y zSV!4=&d`Ls+a~{ptMkJJKZPrwzgBtV!5Hdv%jhaSO4wYCw86BbKYUSFRW7VjGi-AV zT1K=0yEbDJbYSCZ>Omhxh`N3AI4%0~NN1c36@?6Bj8{z{X%btN9Z0(&ZVTiIuYa(q@OA+?Zk9M;F^Dt9Xrc zZV;*%WHkRywf2~R%dM}eB0`VjmT}?8rmX253Xo+v{5V8a&PGU_CAiIZL%MEcm^?G{ z4)JCMrI$~$PL^XD_MJIYXkoEj@>Ua)OHM`rqkG)%%N&7Z0t2##qp74qWx^Ke+|_FW z%+-P)+9l}!SE&}0JG#(d6x6F|sqNRF3cUo2(4eLq+TINMC+63QEtQ=muoj1R7mxQA zLyB?yEMd4v_zj#3o5X+rHeol$x47Lg=S?s%L+|?HRU;7mt1Bu6a8dOk2DW1^^9Bak zPlAyef=9c^hcu5g&?(hynx5xD{mzj$bZ+zGu>V#{QoFGFtlIo|8pp7SA(Q@o*C73c zQTzD1p_=2D?#VQ^cJ%VR_%j}2n`Foj#%r*FqmAFJ^2Cbzn8Du$#xPE+{uX}7Sx?&8id%#L#^+0{{32#uWhQF^! zD(?!i1Rcg#M5zYjuZtlli(bT)Hco!PqrEo;vVmiL1TL>L%vO(B=5*w>4$ac(+%EPB z=H~{52_Tfl;G=Skbj96-Zc~e>liVM;rmC!9C`N{qdAs@TEi--Erc4}p6L5L2o-pEMQK2R(Nw_h3B zCgt*))9aBeg`*rFdzR0UR)t=T+$)0srxT{Rw9}j6E1A?@-&5byA;E1IMrr1h1*4Zv zpeQ)(k$mF#224km?3@QqCZ1jCArkTq5Y#l8f1~oDp!wUTpDVN*m66Qo`Lg!{$8BZ| z`J045K$@DA_LEX)WFusZa+QP;oL5G|P`J+HSUqL%{<@_81nD9Gcp2 zPTm@T`Zzt_UnXCy)|v(?B(Q8vR8g6U+h9Jpu zce=`olauEJNKGrn3X~b?42@5>dHO19n=9Thf>nCv8Ij3$8ruuPnB$=V$I!~&;d6UP z^{N<%X#TwA{y-76tSpI%%w6{$@iLhz&~01p&yM)+K`MNJ@lzxKk}kd#_EYcJ<7Y8q zT7!LHzOuOA#T`A^>Tje2hFzs#cO&hf+OG9L7euC+fKv|f27q!N`U7>p-&b#_G{^SO zlh<~>wr=d~4-O37eK9m6M?Y$R-hG?Td_PBffBifGrji6K4L_){72ap^^&qbwJ3n}V zhE7t}7YlDdw}3JIY;L!jhE7cyy61@7mgmd0LE2gGz5rFg=ZWvPtw-hlm^M1@?2%;Z z_cwu$F94&W4{sk%vWPpXT12*ZRzBX2V+&HIdScw3wZR{!}J zqfYp>DRWwirP4oQZqvQeaI*3^rPxdHM2m8t6>liP z5!OP>38y)Cwc>=Qf2vG%FZsmKqe2{?vS@^7h(SM~Xx96x* zSZ^0{EqL#k`_sVh%(kh?X4x_RoY3_V&IH--2cht`3!4Yc-x^MiEjFxtY&ZS zyp<0k$O^1y@?9vL(8s>_V>xe%vRdlwCANW5pPN*l^6$VT+dy$}6GJzwfAIZvh3|)a za_A}pZjqL8Zi~A{k&z{;OFNS6`ZE-~RjQls_0h=RM)X@)L2TJBQ;?AZXJ zjH4JZe)PL3eQP=dz2cwif6mN3Z~PDtPHuIvTUi{Xt(B@HJ>*;FtReVAezlvfff0fC z3ZTh%b>j7S1+zsoxE)2dJ9L^Ar?e1Y2y}J&42;!yBHB8Pm>22MX%%Ve;-YpR?+_@B z(yhzKSDnSm1+>;>f^Z0m@-ma(Rq#9~~)wV^NgdS`iUe@XeAVVrnwzDEq zA@dB%9fD8R1&w{Sdc<>hp!!&~>l_4VUMgQzia7;M>r_)dU^duk(RckV!wj)Y$e02O z4P5SEe{)Q)A5RWPY9)LmCVkiMbSHA%w-*<5XIwppC77cELIjMWaK%MJ94Agl+&w(a z0>OV>`8QXKU=V%&;mSdxfX_Rz%av)awCEq?m-!SoooD>&x-AUg5?NC_yK?%=d~r&= z%<2EA^aW*Xm43?sP2mlpP@E7qS<V5Vo47|BihHVv^hy@u{9;w#X5bxE2bH0>aszyvBg?u2Kkob2e`}I3Bb55aO_Fud%rlrll30lQ#=1GPGDH<+-t zrY3kaskTm#YrMQ{We|NS*aq*~%lzremch~1KSo9N13Gw>y?i? zi2}J4)xB92_eLXpC-gPZn2cNopmsw4fGC>pvvx#YPjHnOq03Y82oT`q{+PY&zx~QU zSD~btoP-Al+y#;5tPv6pNMhzeDb(mOCKbYP_^|{BFQ0FYe@6`#*vF%Ct+gd^c)wp4 zb-(Xh`^fm2SH2zOE``Gg?7aU%;W?Yfoa+k!X~mj^PK>J{9eTSL286Y0 zm0Xp;qZSzhVA)t(b0EtVWKs6yNTS#9*19|687!Gb(YT#6LBd1SGdO=sC2&zE&lD>O zQY=mNoaQ5dr*EN7LKFw_h!$4sYc!gf5u_YK6xC~MT;x~gtJWf1xHUw->=O1K5L41Q z%fR#Mi^vm-Ov@UpQVm-^fZ!mdGH%v+2F1*wNX{o5&<2ku^dXg+3?RuCWDmYr~?c-aSBJ>rbtIh9ukFT5BY ztJ~54!(malg6C0|O9rvm*+5lgdOZU}k})%$GBj}?!JS$^4xLeQxZNiqQ@rkrY&HL= zTL~>*1TF+NORZ_VtF&pSPbT2FOwrhAIwVD1B$H$Y#s#%M8zrY#NOwTT2TXA`Rh&IU z2*Pl)S(T*J=dCd_8_2lXnNhXrwqh;xq#yA?J(g|uk5lllu%!xJw_9S+;=#oc7^fQG zv8V%BfH~Pbfuf`&e5J&olu+Mg%gkoI$N_|C%Hv;_B`d`gvX_CHwmBDHkRIqH;9NYZuvgE^TWGt67i1eb=2*`qfky zI29}6WwWf_=b@-bL3e-CMg&H;(8T4yMvkm^Lm$(A21oSqA=9|+Uy7RdKb;h7Q=VnO zwY2PSqoB!7hB*CrvRk5v3z~pg76{+}TaN;oy)^HS=TKiVs8$o6G&T!=Yp-3YYEsHx zksipB<2h~>X_ly8pxVO%h+l&)6j(Z0a14*NkfrA~Tm6#OTE7r#UHu+e@F?z<@Kg?T z{KY-wBe3Ws=1pEwIhnx#nK+53wd$4bXZ@`sSpywz6Issf;9leP?|Ba8tWZR%fDKd-UAY3b=BXg{}u2msgjk8wBJ zi`&I>HO}v26I0XrY)s*IH8;b}{bZWxII#4uggwpQXMuCj>7crKALaE);?N@AfoR1y z_AfJdT^E;^##0Z4p|NHW9IVT{bG|p*c#NebCHFcGICFRMh%hK!)*Xl~8a_U(!f$Gf zcIQlbjI&9(xgwyVVbHo_WhtF5s;Q~$tvd(^u?w$ICWE!n7oAPy!Tnr7$a$DCRkYc#|UvDAJ#l^*tBtWRdw-J85r<2v^`cpgaxBbCUB!-eU zuoFEv-xfdmCD7a(5!u7}W^+^DKKiB{n1EQWK<+Q`S0>lhzwGSvzi7cefJwE@puyjU zNZMsHgsJa2i)`>m3+7nS3Oj@0rJpj6ky?WG@XC)>FVg__ z4{YS05?L$I_qYWnAYz3gsUJm^HzFh7H_M%bR&{1*O@nh|o^!KPu63qy9~>#$W(H2|jjs`IxB;vwolZ!!#%cwl|vUr(;-o zcZRIbmj?a6+*%I)(SMI-AWX3?4zK8g+J5}>NexJUmLvX?Qa-$b%TnU79DGF~!AJhb zpN^gV?siGP?1D+eJEKJoEcSRV()miG(xn=_XD;YICyMiSB{Wi+?PFk-@4vpv;vNrj zu4h4S7AsRU{ixn?%(Xs{Wc(fRM(w?Iwo!k%Ug3dIL+-dKeU?Ted4RmR!hy33? zUPa458NxCY#^@W90L+p_110pkgk!#0QfGt)p{%pe-_ng9;RuT0yxPI|625yWV|bK-I1ZJ zNLh!w5GhnTA@{2^2|-hD#B)fp+(j3Jm}n>%<5E=p#lL)nZ&)BEo+6SwVJJy;w4a{NRZmD zfo*pU9Ek1-7)SVct@YVzJ*wy3M6 z1B$wy_~Ra*1_V0t3B|zhE5*#99%$Tbic|S zxw&j^n^8G5Yw#f5L-`A(SI&-*NG4fyC%>3`m$|>^8<<1jLA}7jEb#fYcpE!i*u}@# zhvDIaDraZ%)$8!C{qcplH}~<0r`$Q`M5Cnr-UAml?Lx4FV8k|nsE-jBQbSyGlyAQf z`IkHbcZlwVnpt#o>|QCxe#$voiLCYA`e}3NhE=CtrE!33acjOYMQO>%h>jlZa8_og z4`4tYMOM75>+4P0{-E(F0N{gc-}t=XtV}lKKKo5zmQR^`MTxc_@6 zerqZE!=~qvbwuNr)joW_vaqdWXm8$AUXWeD&SH1;kUOH#?6~Rf5OF-Mx03&+f)?M| zp9{Wa^$CchHsBqHTj$+JLW=t?W@=_KIDD1{0rULXnBEuxFC?L)x)|jP{;@vO)eVvL zjy8kLmXeZMILUkQ*TYmBzRyRya@rdZ23y21*z74k!wP*-w-AHt79{s@cX4rYigL=V zsTdoGhWi9K0P%5pZ;zk2c!q>*w;@M)J1S0tTqVx z!kO{=Zf#+rl?#=0irAH6&`>LZkt}VTRIcO?M?Uz2X(cvtN3m7Z@-h7#E%us55{x`; zQGf5~sXt5b0O>ai+>OPiAA58=_(`2FRXST$cPEiqj-IEau*kN|zy=B?j6ub`N$FQ7 zr-M3-YCc=l>6$MdQ=>bVJ6BoDm zUR;Og?5rc7&&?0-YZb(QG|wn_e=3vblmBZR-P zo&q%}J}DU|oBJtVPHk%FAU%WJgHbjL*gZ)s8iN6f`zstCb!)t~@nG3KU?+I%^!HrI zwWse500|4o?uM*tk3kIG%QVZ!eDSy?ijVjtLICF8GHElL1K0v8v6teIaYm4~m@t!e z(dXopoJUErm9^1MS#3r!$BWa>e5B{n0FyTSEtiN4a-Nd~#UA(l~qv z(HP(>5*bn{8+;;1RwA7>w7#?bNNukcrj{#+CZ<&4m6SOGfAi4^*JdOJnR6L_&zV4JIGRvpG%#$GE%zX zvt#8~&8n!Fp^YE!f~@_;2TwQKbY4HJH`WiDqQ3-XiXK{THd}UP*+B_m>Quv%YCJ9x zY*m`x)JsT63Na`IC})8{P~%(M<&&9IW2$Lgli3c~ze5h0jIr9;t#K-Udd#RK;OnoS znOqn6gtNHe_$|WB5?+z9L7bsW%oL~|sBmY|xX$G!a>eNj_vgM9)_*TXnD)z_F%RGU^44amg~8On*(X_tWdG#{zrqc?Y&=EXZ74Umu9dVlo)U z>XI0ooWGf?e+&($J^bWRjJ|zq(f^aCL9|q zm4QdHS%IQP6ewCWvEUlq*c>aWX_8S*feI1vE}##Tnz8?=e3KZo%uEg=RNYRMQc7WL z;Bcxh;uV!+75)t}#bMYl|90I!eX7h~Z%z*J=MY`L97CdcnUX>q-3W;y6HTQCD7A&xCBi$lq%0pBT#4>c{hz3`698F4G9Yh1^snmAaDlY zvYAPW#lo;5e?8uiJ(jT;d-jh=&0xF3dlQGs3No?1&@}Zp6juE8){oe@7zq`%8OdT} zMuhVd9?a(s|7D33rVBJP-!G4&8rsb*tyQD7FNO87%HV^@#K2+hwQwj1GlbP(A%Qwj zCqK^==$Of|)-A5qg=PIZW=oYWcR1@4@780e4U5NZqD;mYn$>hDE}*k0FxvOe<%fJp z{&Nn&0aaDg2xnXA7X0CApZT%c2SKZ5S00$*NnyV z4Z{k`SvOk3{I|Bnrz*v02-c}WyVV3IS}6Yo9aNhOTQRMP5I67}SgcJ3TmsWlPl3;3 z`_yvOkHMKF60AD#>!@jPb)T^~*;yNdyu-B5BoRODmOwi;w36!_Cr!GPIYDq*J0&|3oL7!xxPE$Mw6FOF#V&PlWM#Ei0ezHQPIGXPLxIZbh zxcGjT7MRU2V`n=Wo%(PT;tp)Ecpau;r=U7MFf~-(r7u4nEZTc$(9FEAh=V_YcYXCE zgr2Cjyv7x!2Lfb{$j4k0qlBr$_??0qd>GSY6XKqGhgb#{nU8?{Zpm)x9N;o2_3#QC zAUI#BOC9CkVX@Q{HUdF*jU0yi0|8Cn&3V(=NkY#emLgi2R=V1#`Z9D;nu9O-mu>%L z>MuflpQJxzu4rv%(;s*6E(y!_0Y9)}Wk}O%K4VpH&WKRIz$BpqQhk#!a%eUv@v*vB zlFmm-TE!}r2d`Ak#{McmEt}`i<=J@(aS_VmSJ`Cb)2)c}X&O~5L!0jFNaP2`Kjx&yJ&M}TfEDv#v8$|k1j#dwD zPD!VarS39zVal*^Mxku_5y9!a{L3ktG$=|t+wM&LDVvWpl_T`A-JUb6o2J2SEWi8x zbL~MimH?##>9alm>ArZf`7~TPkq26Z4=NyJGiU^8(}@aZgZ(i4dMNy%tSIOm$?~rT zkpVcAAE@y*?xZUi_q?yc6HKqFK61eT_{6^NUg)Ho+G&0ig0a_Y#(_S{#*r-!lOEcF;8W*+nf$|usu@$z&tZ{*CC#Rz=w}>fj|E?c z?(uknQAS{@8qX$s@+7<)VRA3X%^- zon7nWvssgR-~_0*A@*CaR3qDlQWInpUgt=l9I^3=Wne$Y`A3*m{u1HAoJMhtAkALk znQ)}4tODcVnK;BVtHTiBRR!q#P}$PCmdgTU29 z8&4_;EQ#Mp|0Nec*-O++$P}KDNd6_aGASCb>ulpIy%FE?+xwSS`so01n;3peV;s4k023+C=dE> z!zEf-cBfD8M-NkODS07UU0gA$LoHC4K7 zga#w+iQ@a_k1?T>Wr`5^5hLH;6JL`UbHbttQ8s_MtJkLhijv=0I=i6E;tr*k!Zp(~ zvqWnPzxndlg!GwiA$0|U;F)iugZXW2UsQeLyf2(66ng!FlZKAQz=cAdlAx6NKV+AB zWzL=A_2bFt=%=INqgLCUG$zlF+l|6S`+B|?fLw3$A356H&Cz7)pp{+L&u_M>2!I_5 z-TgP|RQSBHiqmkl7K65OZ-MLFOjb@hR#sbEr(`*&o0Ye2|6m_E(X<> z81qp&@p!*Wt%!jm*rM?P$-pHoRC88D9$p)Xad|Cq#!LK8wu@g5{v|ga(TIiTfl`WO zQJw-_QNm?(V030OMXQ>MuC`|Uq$?K2VOTg}B3x)imAVqD)u!d34rGI_!U#2GVC#0^ z@W#a=g=K75NzcTB4~064LRqc=BZyI(-&$Xp%p%k74%YShBYdx8Ha@43BfUEsywm=+ zKY8xCFmV7Bgg!T3P@d>5jao5}<0f0ZvA}wVT}o&rPo`^8!M$^Lx>vM!a+ow~xBEPN zUGtJ2AEp9@u{FvUuhnIiin@IoTknb4&tC0h@KfO4z_K8+_&cGbPERIF>!2Ic(~1ZUvyvW|c{K6q6C+Q%{K?e1buwlSRZ{$+#V`>#TEBHWS~YUAVf zTA+x%;wzCb!yStPjE{vIheGz(QyYwnvW0Wehl9Y$|``liT5oEiwy_hheD z$fZ%2)a|!RIh^7I(5pY6N4}dhkMB>G_Y>9Cmg-?Czocpt?LOb1E?DIN%384XjmAkE z1gLmQR(;6%4c^Z^g5%@kAt@U`HyJ?1L~wz0%2K2!ejRQAec95|nlMG`Fh=pgy&Q&a zK16C@DT5sYvM69zxCV%k3FX)-d>=&MMT}LL_mRHl_<6t1=0IBCH+aLlPb>PhiNoAB zrzxB{?dE_{mZ3gSMx2DE=LZj5E>-oon3DO5^~M>1KK^R~_CWHMpzj1gPoa^&2HfKYzw1XPWQ_}JGvDv7>u;T!=4+R&NWR8VAn-B#vHRCS`8D@yN-fJr& zaku@_GR~*I+p&@7nqMr6tG8wEu7%VD=gfd`OAbo~ksX72te1!zTH5M{!nQ9TBQK-W zwayZa191`kBsf48joRNuO*U0zVl0*mkRV$fU`GyX3Q23SrPCs#D>`K4{L2#X<^qac zPk}zrKh2RoJgM6fpPQ(3uM{iuN36Ju0qUGZZ0(3Iq~D}cndFv{?dsFtJo;KKEuF;5 zuI#6nSyCxT;p73jv*Uyg0zsN8-2MBwQj&4Kqku$DJL=75QyFQqZUo z@;iu&EwCtbNvro64mL(wZ_1{!j4BL!`c7J)YN3t1YiDkO;>Ql!=FK(1iT=xhY|L6s zU@c9m%FC$N^T=PQ<1`)Yt?c4TzF$YHfb?E~-^IO2SnyHz=Sdgf2Np+IEb$As@b+GW zQ|;w?70&uyy8|_}^Udq~DH`_vUF+*811nIY-T7?$^KDC7308|kgCm>E_4Tx>>+^nQ zTGsCQGPCv9wah1jFf4-7lW=UW7r%&GJf?*LJ4zL!0oqY=N1b1XR34L5l)YSUeWm(h zWn^T40Ix>xu+XOcj|DJ3`}tYh`)#pZDnotc+8f@9+F(!yWzqx~YQ6UUJoMsvEbeTc zJ^>Uq*#nj9r)Ia$V8b?sag(|~@4pQIn>w9m1TfBKCl>&JmWhQ$uu#?bsu~kX$seA+ zSoszhHQH^nG~z_nvXKI6P*AXnW`fLebL9YvYl#XdsicaboMTy;3@rT+r^c&VAz!{$ z!gx5JafJl^uRv2wdVJD0W}z-CySLc(Y;9hTm*<2p=lz&_ZEhI&`B)7qRIHn%YF+;0Z3}zUX=J6m$sOFijrz!#<+6MJ4hZ37xFa^S~)m&JWRUfrg3w( z^v)9Sjx4a*myBYZ9R)K8x)LrA+p1okZ)_5<$+HJ(wXFjSHe z_-a2Wzgb0r*iLAxlp4NiYVc>Ef1}kFpr8#ms8n6S!4)qJ%t*@BUchMhYZM|^o;A~( zA!-5^W|n$g4iY!|3k%CQQhi{(xq6&BynkSoUo{Ud1RUed#yWl@R2X(3Rf}R4wP)A@ zeoG|^lM40#@zO|4GAPw*6+*^2owgH9rQK|^$Bju!Afu9icqCrmIp{|&;NP0OtLe$& zGarht=Y2NG-jCx(SyBS?Ds8jvmM(r+J2|5GJ6h3LTkCIL*O3>HM%UTw*nc`+rnw%meZ z+v#m$f_-2f`-k|ZxGbS%I#IHW^wneO3p%QaZUdxDZx_dq@MVZA?c%_LlTO5fhE*v^ z>ZX%#!@=%!Yl8E@)BOog@f1notNoJ?f-3pR{@m}9+hzD@X&gQaQMBhv!$D=Y%SIW= zo;K*=(I~_sJYCn(o4ZkTI9PH_eBa%yq7c$#45F!stPzCpjZfngfdFqzH4Iwb2(M05 zR8;ftpS~S**uw!5H0x0X!!kfvI1d}=8b&R;Pmv1M-An$>fBZ2D4-bVu+(6_YP-#$6 z@IDJGkf4rXKK{C&bE_mFqPfZyCYP*Q<199m_mJK5wyWWSb3Rt7qoIa@fAD~m0AXYB z(I7ZD8v_8{N1|q0MQelq2J`l_@4B+kO4+mw4 zf*#qb;#{zEVa1L# zKv|O{-H`T@Jb4;V9NpEMub;TEv?St&mxP4J9BKzi#N%00hEAYK2H8zN8(Vl9@=UzI z9x;9g82*@b^iHz@CL1pM9A4i$LZ+YN_TbiEFh7|)UMCebQ&SZ1UVEv474x1g?|vUz z0%iJ;rkjnNgYla}=-1gvuKD!2fzU)ju=LuQx$OKc!pyL|k1{(<&y2azXI{$5*4E)h z)TF?#?VMel@ouTG zJRj}BJ09C=AS9h`A7*{Lh%v}U4ornm0wHvh!pC&-BN+!{2asG z6FE0)s7*u5b)YIgO3eSAQ!WStvL#!#>wj;a%x_1^3oS1wnItSIhTenK0&g=IC$uNK z@EKM|`;FA?Z5({B0&elGeD~)~0eZv83*Gs~?c1w8OxN(FC`!QMl2wkCpt!{FFK$2HKSsoHM;V6hF6mbc z_Z#R?hc&3(_Yakz;KV`4fst^Ki0*P1PXI;I>;4s*pTeI|o%Bi0E^LgJGs zu2`uk`r5Wxg))Ubk#?UyokzCmz+-d)-#OWU-7;$C`NPD- z!_MProFW2}e|{hu`*WY#+g3$QAAyanWC@}k^ZK;y`Vt~KqTwOheLbuT01*A(xs_&= zOU28CX=m2NYa}9!(?P5OMF}7YSTF>k9lyZjSa1>L?nnAuhq4WiMtvEH{-fFZocv}T zN}((#t#LzHjp)6+DW1&Y^3-CTX=}Z))kt7?-ZwL>X~_uzkO+&HMKbE_xZa*>DI#IQ}<{{TXpUEJ=}0 z|9=#;D@?x65wOUi$Ht|`YpumjaTznuC|CsNCpGWq1h=92k(j4`PVDNovz@Vt{iOtV zdt>dfSFtR3YkT!@QGaO>kv|d?tQxd?(bRNIm8+*`(x%Nejx?3SM&`0;SCd@sr1_B# z$J3gExJQ^Lyvs+EdCv68BgrnM8;9n52)3;0c?ERo25_5XN20s)=zid0{eAqfnCMb# zVp6?^F!qL)lf?&+g~@TThJ;E!zXgZAvW@4RWOn7Emt#Ty4C+3hnrAtgMUFi-_kUe& zgpZ3yHJ%w-IxaqeU&8nK5iO}%FdI}o4g^O6sI@HF4a*W4@2__xi;KmRsoAE4?Zs}? z*i4tv?d_JTwQz6<-I{JM_h^~bwNe%%C)fBU6+1Y&WUlXgH)JM(|Ci2`Wv;l7Pg0ri+|hdC>DbUePXfttY;aG*$9u3u$!nM=Q@;t z%|!68SXZEl#iArutw>cGEIDRL<+uNe*)z~!{hOs-;c&=z{F5|=ncbd?2zND^WzuMx0yaaJKP@;5XrRILf>R*r@Z z1)1K}&oHPXpdUh5ydhYbsVyvcl|_P(V>@1nWvPyHI2~}l=V+oA0a}Rrx3G1Q9V$ZW z4-Wc&=L7@P*x12mqi3n>|HCHkvKkQP{+xz4ddYiT*o9_l`;XWf_IZTQO_$USFHo#X zme#yy*C1W?Q(z$fwiK)I=jJYgbMJgSJtbZuJPT{KY+DHlt44LmF2rl)_9!7creKo$ z`}b+QEf<3y$I_m-@sgkM0AmCXy4Cw-aAzBdgcB<^PoQrVO)3A$yo$%?^Pj$}1ATh@ zQ2XbY3DMiRrMq+|o(W#f*?2BO+M z^KjkH4dM5{(=sU>AkV=v>iLaE(^*OwC{jDGkK^iJu~yHsI_(bTCL$q42n#KaV(U(@MlNsWE7>%jr+aP3`#7Z#`R|liAV|?MX$Wj<~dw=OpiO9jY}v zz3JwH5IyI4l)%RbdfcT=7JEJ!Ipaw%t&eH_@u<$XU@dSIW&H|0z%_XyorZ=yCEZFa zP$iT^_v4XO#rGle22`%a6O%FynP_@MHNB;!;3I?ZM7P>1 D7 z)-g*=aC}u0Wl9htVJy%HP|l|YL9pLMG(F>}RX%XBLAtH6JGjAcKCmGW>2I^}=V@K# zXclam%$3pzA-NRLSoM}D>wWkU?Cg;rPB6zQ=G4PdB+zz*^ZE@~gKIgBt@VGG1bEaE z3%T=YA^hG;q;YI21rnM+zjnRtCqr~^)0)_N_VL7n@ zqeed^_v=Ae)x>Nl7{v3Y+T*Qupt0d_Xaxi0eE?wvnC&l4R-=KV0vUQiY7L^Nl08EUGm z>smQExzt?Ndh_B1fl^7?xJEZ6TfL41AQUlBiE3X~ks-A;v1ira3rEB1Ey`1imaAE`Obm8}7YlxWjBy4if;UHw~E>9I(R1@W>rQ-u2N@k#! z>Re=Vb@2zHV>PZHLm(GV7mmI^2)?qo$JeA-@+5@FB=>^OFuQ5r1mCxz06#}`OmxBT z_J4|?>7(hc*v0H?heyjk8_kvg!+O_U=gwCOZ88@;7)JXn@0;RMA@>#DJsH^RN{J;Qz z+eqL}NFV!ooakkzYC9gNXKP7k2#4P{hSYX={f2^e29h&;-97GToD*_nF;0H<%Yd&` z&=`JN6K)BwS>YI*Qt*KSZOTZqPe|EPd@sjkU!JMuz6VUQZm5d3dwq9;OZ|$do60<4 zE}q35AXJR~-5N4bdst7xPH=Gu9+F|I67{51^f~_PUc#HN=q|bg)FYjvw&z$PLMX{D z%``8SPn_N*QhBqlRx~UsBAUb>%_gwaCxbdfv@n_XU<|RNE|V1~#ZzWoTtgw=rOOVL zv~}glrdS8N($Q$7se3VMF;Z0^$Qh#IV&UM2nn@pOb$T_mm;>fX?Nu9(DzNiq1z}1_ zDjO^8-(7r0s+ud|R~mdcJHr74w{9KeyvB#sfh+=2CgC!J3Ho8Kp`1!KHWF*e$;l!x zJG0mOq%O1%iUYh9GnML^k?d8c*rxV({6;fG;T7Nme`khKFx3PMST7(@H8@AMhttOy z=i9m_3Hc68{!gF|c(@P-)$Zy)4oNc07?*evWd0*|g9l5GO~8qKuhSQ+I2Sk}9E*rL z85U>j=hRz@Bo&FO`#3Llb%3((ig@__1v#6;<7k>{_ZL+^xzE48W(!btU2S&A?b$NZ za#B)Lu#AR5Gnq$5MyKU8hG{HI5)koU9$DdejsDc7XC(dOf^6{rIG)ZlYBZ@7tkfe- zi46BPOk6m}c`u)UZEM#-V>V=nx!X~s(>SJ0ynHxez*Ou*mh0|zdP@M_h7kxu12)mo zY|?@5R#|He z>H)AH1n37x;?ttxgtITxPYF&5Ol;ZIf@=!4w*p#OZY}Vk4S(kzFh>6qbPAFmzQz=e zA3Xu0wErJxc7_K+Lp{1t_W(ss(4jI`^Dhb!8Vj%CH^beV`M^(@rh)UIq76S35P9RW6OYqO{ zcwV8m#dDJB|2)sXEzMNDmi8+Ac|{C7g&s~LJ(#NO#hPtRP3A`mHymr*-P!5y>)Cb$GWziQ!-ww_yS@BU*i&uF$B1=S);HqJXF7dCQNXa{nq%5L zR8I!u`raY^mouiRkvbY!6e?F%cv`>4LOc_*uWC(a#itxU$CT7?mZ=>B;ggtNc>;PG zg1n}LgmpVS&Dk&_lR;&Bb1PN4Kn#Niw1NjMW{}2`DFUSeuH44`!l83=P$6$rf!1S7nF!OA_icd=H9GbjHfMuaxE#tq^ViaDznx|H4UL&=3#w=_ZJaB*4TRoVUxb?sCjo%TB?x7epO|A0tY-ppRt- zF|{xGx#}ycMG9lO+1_fPcq=6NO-u)*I{g&+>OtI|Wc(x|Y&2%NsBw>RIarY@Bv_?n zY?YKL532fO_4Opzx6o(ROqHj!*J+gZHkTM>eNho|!&B(_bLqJigKd2;N~>)}XZwI9 zMljF)v84PY;1d7iC@T0V_^D%{&_f*?2mPlGKi2K+Mv%g1LBrC@x}(qb%><5*42=xY zf{WGt!J3wk3IlNt_{B>Xn%jvXEGJ*^2|mdw@?L2b^N1cRSPsXNT}vvEb7KiVb@bL! zmvdYGB)Q$SZAA>nMyaiIVl29z#CG<}2?d3)TB`ePtgo}1Lf|Eww2N`6bY46tq(Y{B zK5C{T!@~k6CMJm;$+IquUm%*4FrwC6mKW1mcah=ETQ`#G>Td`o*VfnAVztXf)=45M zt+ItQ&}}tIMtSS@Eg=M;@|fsJ z#(&zHWjsmXYOsZ|QGNgZFIY&G8|0!?Y(zH!^>3*2kk zQ{RWZP%K+q{PmY#ZII(>VHAt%M%1aPNxXEuv6W47>T~YwDWk_FA?c!C-H^_W zXB|B;;HMw$O&vt?k90*}+q>S8HANsf(i(NN``xlKcQJS-BVr#6^9HH4%tmr80g>7UEe)#rpaPOK;t}MfdUhzrJH?)SQ*IC*x|YxjDjQsW!JZ zsjD)-idzO}a%vKjoF;+Yt<6mtyh=A~nQrpTAPzDor@ejqmKC9ae3|MeG$uAXagw#7 z)**DlZ_0%qI8?zr#eXOljR@Nq3sb*?J=BsNN0B!4R-4CE*1EQ6$y3O!0|B|c{7)S? ze}UhEke1gk#!nsszie$|$weDjsX@Ji2C- zmS=?lcq3V0Zq+seUBe4W`!I`;syIjVXba91#vM$Ozow_juFQA)?5UrY`A%OW!m~%G z_t6g>8VY?=%^i}0?hyR(4-O4qy?RX(r~VhxF2pb~8E4r;&Rg5Ovn58DrF)9tlEsm+ zF>#{P>epS&w50elNCHG}-S0z^2%xw$PA4WOZPlY)K&2vlWcE~V7e^)pV{#?{W${Xp zh!L}(FGTjqMe)*(qVg%%cK1$S|G?$hS+`k5Il~1NNBkH@qFC{6BQSlxmQsmDyHE#upf#y8Wty(BY}eM6HPlj3$1Oph6d<#`+oWERL1 z4*|i!2qi;(hrkpmSc2VTXs5BUCq#<`uY#dT(|0Hw)Z#>V(j~%a1WVy_iYKEAj^JQ- zqDB2{G;89>#0m~egv1sFzf%=VU#lQgfmL1r5mqTm{nJrb;Ck+h` zsg#RNwU;b#cT`mG+_`Nd_Vt@L_T6on+e;QsY02)p4Q350;qLAjhW6dU0wYYfZpFo; zHpuO`+n#@!cDV6=3vU-Rlbvh}uE~juGcyeIht3oBlCgj5uch%Z4dIX#HL_em7NmR! zS-vtACl+g=FvlvDu)(``Z#zjPQ@iyqU%r}|c}e|?!9s9ybJzL3b~O-~nUBq66UuJI z6%3pS4CMY|=+g)FS+AaSD`~8zo<2z9bK>Gf*ZLs-kJQ-k5sT&Cod8iAC+l3w$N8BI z{Bz?QHnxJ}wqtp_N1bLju#seuE4#=$g>R<#lpq(gI+zcD#v3{rQVnB1^ z)REMfR;);pmDb1z1pg)PF?of!&*+y6u=lLR5olfubf*G0N|8sxm=~iWT$Hd@zyQ^( zVE8}mAS4D|_p9{K<9Y8S0|ln^+DZvImsH-!j{6W)dOXZGLShil_-8>@RsIi==s6G9i;bTQtgh*(u729@3jJsLNyF;CQO;0gb)VSM&2GWeH6mQi0>}10VwN!_u-uP_>n%j%bV{NPhX!%+qJjpFMjn1bZ*O z8K>$URTA|ghPL{;aPfjvR8eV^F1%ZG>jL=HUT@sEfeBYa+bD>{81Ls02z6C4nNu~c zW5vhDMnyBLV)QZpK4H{d^CkDFb#lVpu3&aE3oN<9YHTU zJl*|9SITMvlEs4cEvqL=t8Q##GHTRCr~Sq1Y76GN>=Rs>z0A%e(T@YZWI%NOT;-GG zBaLl|)-)e}&wVp}N2INjU9;!LUuAS8r!GqEy;hV)llJGH*`pZac+I&vdt|X9rbC9@^*F zqQn{nv7j7(BAdo$dGz+kFZRNc$}HfUq@ON33k?jy5ar^h?P@zn@)#__*%R9dtyl$$ zI}MXH8Gk}vpfEcM5huZIjOFMm(#>E1Sg9T%a+8$mD&YK)Lu|q&QjQWP$)(U8Ak+4q zZ(HwGa5LA4Kr?EZ5RnoU`cH^$5Kmw(HF^XV{4`LL{y&ytG4>e_4J5XLC|2@hu;$rpD9)a- z5aG6yEeaYL#2>0!+v%#uU|s6YPP1KD+DoBc)L@M2-@mp$clqPzs)1;l+8~EL$jrC` zmW~%CRL78LpiWLq_&R%KR!k_$_f*(N*IDp>VNxir;f{kzBHX)o*C&@|K6>=T7P_tR zJSfFB_V}1>c!p7J@zQ~cTt-Lc=B`r|8yui7o>r`>18X>q>p&Dr08=U^nzBhkA-3w- zbJcZ2r*?i`32oKCTeu?Mq<5RR?Bk>600b2YMkFjLHg>fSL@5D*f!rSpE>0Z=D1twE z^6dX-@6NmIIF19+qxTj2P5>l!f|O)Ywr8G?#%DhGy!ZZ^^UjPdjU~&nB$5C~VkOYn zdq+2b_lt~stE+D>Xea6b+dAbjEs!PjEIclbrJ4_Ase6Jp7`FLy^d>+nx`m# zlTLYS4>~e5P-aQ&EqgL2E7+#}PMMXl3$|b8!wLL3zN-sZ{&H-M%hkYx+u%r~L#C9n z<(LHi(mH9GZ-<8CD=41z4@>e#2c^jQB7!@|l_`18w!9^q@G(E}M!VpGmRNOQv*U-x zy&_idl4ymOFo;($)~D>q2$mReVHJ@hfoa_%&**4K)fg>Ku|*G{UA?0WRMxA|RfJ9; z+Lghpyh8Gp6=SQy^&i1+=n()%9J1Btt|`x?G{T}OrXd@ByZyz*62m^Q5-+ve1w&MN?L76ljRA^5F;;o3 znxyUY_H&2a%ChLwq_<#PMJ1Z-8A5PZ3sg)PqUPu3xN;)3yLaz$NS%lsL`a0(fXI*t zltJRrW5+CL4<9+Kh|Fm9 zur|)tvvOrE=B;3J3rsKwrdv$S#QakGA}w}qB9waEORD7xKMzxm2ft_H+3J( z9B>_1urIT62Y}~n!rdZ#YU-YFs>~{W57nj-+RXGl(L)=AxBtA3mi+BEQfpj|ffO>aR%@M)k|$U9WPDs_yDz@lhK6~h)$q^t{G!vSy&dc86b-K)~` zj$98=2r_z^WeB4^#6?kAhQHjXER8?+2^18h5X2Dr@zhHMnU(*R`<^X1V_Q_`NgL*L z$sS6{u97Zj^10L3d`!!fMMBhJP;PO;Wp*aVW*w)D&F#CjUI=NN2JxT#$`R_ zT__;}h86HTtzYU#iaGQT*_+UF;;s8B#BPo9{V=omO9 zGJjsbeuM3k1ys!p!v_!YeT-N>-m2Uho>kQ+N|Y+ke^v0BlA)}?P{gZAJ?<_JVTTSK z64j|Vz&*v8giVq-Ate9714oV=HpIH)`Qn!sj~qSH(+f3t#cs`TZh*f0@*?L~1F98( zN%2YyDv1p07L$>!xF+}1^LBq~2z?@qF8<$c^|iK&f%l1lB=7Q-+b1S?(S`7d95uQ2 z?%Bh?KelWyyW~-FdGPtd;?nA9G$CrYZ#|!Im5JFu_ZP^mv_Zt5@f ze5NB=zdQiIgPp_{T`!q=cUYhB?Dw2Z75l|SyPJ6RZFT|Ag@Nmi2eEjyNRy^7iqSVx z4#d9@PoawBowNAVQQtUi8%t7GOP$+pDPF|CxSDj&;Ed6!`hmbi;-li{jpzXxB3)b{ zsf|jHPHHfG>|?gptBrx2j27)8tom1GFoq_}3a&CwnW>*Red>N^ZpKqN$zX3{os9i* zDlM#gfi&@KCo(=hVFl}4T!V0>(WDUHIO@LrKBl$bF)f0C<;D`)Wmzo`PN0~WI^v<0r*);8yCfp0_4vE8=)u}(lA3c72>((u%As{tEQ10wTJQN{i zb0mW`yzSDRyLXLsaQ+Z#lPJMiwWJBzZKmzc$RL$_(4t-wb7)3KR06j9_wIXZbwRXY zYT13#)5q?tF%$_oP`;i)ENX&yip0{323POqLA%xqFw>~$H*Z%?V+vH#RZddaH8(pa z(F%bj4m!(QVJhOIh~-LTN5%Q7%DaLJxJi6`xcG@NYh5dVwi4HU)G_JBDw2yLUEKlw zt@IhA)?uf0yehwn$zACouu!f~jX!kzyu1mX)h(YC!@;*_IPC;-1D(yPJ~!289%w$oyrqlL?X9eHj#_ z{*tkwl*ksv%N44QeBG%&^7p{wP0?+J)+h3oB3*D+^2?^V%u|SSo%|{fo)RE+a>}3T zq)z1pn9faW1^ym*1PxA3IB@XMM1#z@8YpKIP9Bk-9sJ8eCqwpF;G@P;nQOQ;GQJ9Zna|V{Oxbwe*5ir zJ{IZh80W|@zr4t6hxsHp(D{`~#-mmfWP%p7>?HMX;XnWLuZsNgm%q4hK}b;%??(Itq?I0T zq<{OjKU}@~gH3@-tbzdW&;R^e{;%9Lv#oWz@D36olG_spDNq%YaC?@&PWwhg_|jke z;%i1$-Gr!OkPbFtLC4^F?D#R^QF*DV-Hu83WjlWSxRmyQN@R*omnJ#IFXWcWOdhdX zBd56-hrWQV60O*0d61KFofB2o-|m2%Wz_U?NJAW0jfEmw;clfl86^JdSHA?gg0eCB zcl_#dq1>+SEj{Z9le`u+1Q=kvrHX4c6$9@X1E#!*=E4R|vE#>&;S69ZGcl%NPT0+% zG$V3X>ZA59Rkia+(sr&-v}Hn)M11tFKv(K3k24jwvm{`|S*wiDO znp}1NTkT~XWmizc_UJ7o)0m{!l4q^ic(o1ifUov9maJk)ow*jcsUi7ea6 z&v#1w@Dk|ivO3%zXST9Ec|Iy^LN z9Xk-;lviPP9_&rw&d{*~F1betHE+Ym5sQ&NIF^3c{uJ>XoZXojP@rzpUK^*a|Qp z-9(I(EN}IuQ*aJE{nFDdwhljr4j{U0M8qQ>oS9)|(hFx|M~4Svb@eQ_!&TnxV0qW3 zHC(YXecGv;KI5iVN{GY*zEQYqrH36%57l0i^uAN%bseudUhReKtJ1@!-2E-QtWK+M z0g10#MJzC54IgHs_*YiLnV4(ONG;O7WX#teaQ=j{xo59-5d1qG{}uk7HDBs@ZQFPS z6Ds~;w*0wSq9h;a>XPh%LW%s0O3n#siuqF)VJ*3{ONDsN*?O8o6Gc~|G}>iHXrE1v`{ zvn7Q8YWx`J7~5Z&Uu_ZSxBCzh3@lVfHIj{nq-MF0HY%g`hy%$Fe?LO%I*X zZ_z{TZwz=D^t%49^xwlj>wI}r{s4o)P*<+H-q>8eU`F9r0q<7A{R88pL(X@>A)68; zwvpL>PW(!7SwONXy64Y&Ul#*pV6px6TRt_oT{oxDL2Q;cZ`_=^cTWai)nsJ7bm>ds z;w(a}q8T-L^RQ@Mz4`+WAzx$UoFqag+fP==oyhUCTeoiW&bfB&nxS1>TwwU*I;j$t zVA;Undz9h^sYJCLcjo6$0IdNj7d!@ zpBM1fPaddtH}~${myNHa#C9vBhCEiVzNW zDo5R5>C~xHWHyYEUm(13;|AHM6#!d`1V)8Uc!z$g0Ml#tp#Heph}`g55f{N~vuUsh zYc+W0dCL?qIMC5ThcD5x_!k`w_G{zV{`N&=Lh=gF6=P)R|Bs%75)#J-s*VmEdKD$$BPeY ze}6F5*gmbkB0Azw_@qk4WPJtc@yz_=qVAXCZ5;g^9(49ouo!k<8P`^_y2_997yS!m zN-7%ii+DbrL*qax!(L8vw6$&rBayQ!&Q=wQ{hpVhjo(r7?w!+fl}ABFAI*BH(odCN z9}_)e>Z?h*@~g_P+LHb~(?bEpQX}2(VzKdN{0Fhe%H`vgN2r&_Dy@TaTh_o6VdeeE<0#vw6p@73S!YZ1Q`Xb*u`zU>!;y8$S>g=c zccSy>&$ruEN`+wSfk!DHS`g&**T4QdZ?*XF;jUvxk8LDy?H8XfU3U9{Aa8_A6ZsJz|irP95xTECkiZyqB5ntkiqj=1-F6_Ul~7a>glayJ=Ig@p;5w@czyKs5Bfm78Z?yaky2ac!h8xG9Z$s$ z0|_xvi~*s=idT`RY1-816{${Mnymf}c`1W2cCyin#Rr9Z&S_vmf_amjGE23b||9RxxyZ>l*VM)+z z9p!YDP8gfisz=`DJs)yhJip<3^+UHGt&v%^zewR7?=KKNo`SI~_XVvw`xCJb$1;@T zCS?05zA`$^4ye21F>!;18n+I!ZXxC)r)ND~J%!u-#nl57jWjA~fh(-i@c^v;*3DZs zCMs}t&M5*epQ3k{T%B8Bwp`K5>U!izIq1~EgZmHELl`mJoH=`jqvz41M<*uYFdp%7 z@7~n4pMLtwU;b92qTVID6=}CZrr5%eP3O*?BP0Iyw{M-bAX5lRhaPfU+v#WNto*!4 z(@LV<>({UEo}46lG^!UiN5p&qFC1zeBXsD3xb%GD#0eo?$w8JB8MMVo_sW$Ye*gRb zqm*c@z(~p7fF}j6ET_pV4gK`fb+U$!FON^sljCgUgoxFn&=lW}hZy4Gk6Xm$no-%f z$%3~r$mgdkS4vxVR5Cn7tPdG#Ovo9J5>3J{d7@+Qm>;%#(5B}K&ss8T<0rIYLB53( z_Rjk@QrCI5iZkvp^c^))hnKeNulU~_|L*}mMlvSo%2mg!@~ahUsQZ^sOn$Y8emkD4 z)9Q9$^(A#$?{yd9shYy`%OPgvLN^wF%39x3$o~HR&YD@aco{OH=1=5Q{8V~?fjVD; zB~<$P(p$UQaBg0zoippETyRm2c;#YCNVWdl{5(yKbZ@1v3rMEB%O*os($1Ok ztYi>LBkECImI5d2yO*mJD(3TiTN;eXzBYekEmI(O%^@BVykgx+NQ|s%pL1xA+Pe^~ zsb9e;8(N?sj4FQvS%HzjXSgc7ry!QOHSje?v zEH^&V{kZj)2yDeg^+o@Sp@q4={%1>zgW)Kn%htx>fnsTt|9Q@3Rrel?=cOfhW};)8 z%;jP(AG%Af`Zq8DCuJ4g4_y}6(6|X+U|we4LJWR@5kh!}KP zQnkZ*iK?q>uN4feLB*(+j}#R}hI zRqMfya?%3LV-*ea8{-Pbl#V>s%U;vW%UC$nYr8NIj4ON-k);cL_B4b!@b zJUEz3I`0s95O9hx8F;=9#B!NIK^Sf-C;}3e`#Jz97-7|9k!FS(%fBg82 zV=B;o{rU~wIU~cvJa~>DKL)l8DFJ0+kbVa(Bj6eF6oTr$?Q=#Qq z2#VDpxh4|xHW_H8w`PBhtU~Y>A3$(18O7xpKl4u1hrVz$6Yzq>PABDw`{3 zZR4xzr%Mo1C!?GVz~_;i6oIU5e*`NPq>&>h$Iy!xFCII7d~)}08D?i@4&L2w(|Y~- z4Qpu^yj35oKnCUvm&k}?Z~E4mr`IRo@{@{#_m3O{Funw zvv-ff8$!IYlE~naGh58it@4nG7cQK?bm=0mQ;oRPPKovNN9U>Od6~dHfBw+uNm%<;TQ{fLV55kK8on7@@oh2lQL5*xx?xf1OfCd(}#@CTj8q$ttuKs z9h4T2W?@N)v`P;P6ziyMV&8|KWxB1JIoV)HoxTKEE$IgO4N*8 zQk2hlEzK`JrIU(~6)#?hxH>*Iyl--RY?M`?V@TM%=9j)r8h&ZEl?+V*a$zg`z$SlI zu}P_(oUQ!y2<0qqoI*~^4YPzqCC0|bpk*CMy0r}q4$@7iO#Y(&N$f@hFJ2MUeRLC< z!CT(IE}28z6;+6hYk5p);@;i3hIykWznn5qaIhSBDAuB=tqV&$$g^^UvuGG|^(b3j zP5m-w{<3)nZE|Nlc@<$ONh8Z%gcQFX{YGD8}%UXIDHyy}j#%sM?=P?(|N^x3+;dE4m zWcJtm>ZLOLesa&!wql}EpOqBFM-iW;7vo1*BMv|h9zJ5|P4^(ahU+xBCdm*RP3!hD z*0B_KvHUg}t*o2pclKcA4+$)eqgz+`($yl zNykmzbl}(|Pkr@<7@(u@3Eiowdngm1?5Pd+JA3vl?`o{imx7BoNw|I*8mxn&L!4k_ z%qbHO;n1(18#iupWC@X9F62!sqJ-}Vb4iib(}bU@5_HqWMFT@tytrm|q~yrx$mGQ2 zzWw`;96jn|!IU4i+Wbl0>7!eFtwR-Sn4(u~Phm)Uz&c z&-#xaKW=cdem&!pY7n)hAg3Z@%2nBjUAuOj>#fXEQft)i<10NIk=gl0r{6i*EG{nf z0WiW=uAHpiytWvsa>?dzlR3w$yBbwr)j!nzCK^aW*baJ#=s2hhJtJjq_AO#;sPdD3 zFg;_AFD=Dm9Yz7I0Fb%kDLkK}@NZzH~Jqa@M z66=;>j9{3EP^JhjQ5S#uLqU0o6xKp)_jZXw8-qklT zv1`|%=L8lBH9bvgJs}HRs^VZu26@nm!6leTQs0!je*Fe{&G*!~213Lr>wudUHK7ac zgrIa?Ag4HQPE1Z7K73@~{sZ_vXK$~`7i9?-X9ca0^?Url0ZyyOjvXndHO4fmY49IC zdIWf+KO@V-2M-Hu{l#@PTFiE>TP|EUPdLubu}wWCzlb(#6?l60b5h4GD~h2emKs|J zKsh*pIz{05)~(wxV>M+o-F4jZMVAK#mKL5a`x4^PvT>>U_8p^d4{jJ&XP5H|lu^Q0 z8}vot|BD#vxT7mj?%!1e4Z*F}t@On9`)9UNt?TtzW zImCi57JEqCTmA)PB8D}E~dRC+KADt`zhlxtmjD4P3jj@I7} zcg=#G9aiVHEmK5I5FTUMzpzQzX-lxC<;5u8YSFs%zXk8rvMgwT>TdMt?ehR@2nbh; z?RgAXC3oKC+tu)=**G#5HktL8$KV<9vnkxEylvd=Y%?9YcPuD$6LICi;*puzIcV`4 zOaYi^9RW?JNYq?ljW;F!2epf)=pYK*0lQj_NH~w~3M+z|l~*CJh|owCcU(nepq-Jc zq;x@wMx%iM$mjJUe`#I;Fq9A4Dx+x`x&;H0C=)rutF@SOLeCOK%Bx5(#r@92gx|B6 z16i=j-v*5Zkp-*e3~c2;Fq2oIvJSmS>2R2xwtg#YqmFM~pLf`1o$oQ1>wc}s%EICT zA3K-7txL}(^w{d%_)Gd5s~-Q7-NQy8q;th%{J#U`qZLrByq1@rE-r9tVNnYkQu)Y$ zHC0{`yN{M(@hGK9v}$5OWbk8J<0vVeQw!@_`l-kqn5tL70Oa`mF?0#}$5)9B&r+E+ zRQg63f^d06szG}ku2@5T(Gs?KRxzDIGFxtbj=5cf3=)}jjR6Z1r$P9-F3<8VQb3+_%BOISn)i!8Ix5Pwz zBK{Nq0ETD(wqit2;@J>eg-5TvMe7?~ThF;s4O>fpkF>ot0Bf!l3?NG(+<0~PC(0Vi zY&a^xEC3rGi1l%Wym|BH_3Jkr&ya_s1kD1a1Onzn!V8mU30cU;`%CTKr6wualy1g{vZ>GrK#JX|@lU`>c$Hiv%syWm-z zI1lXKPX_Q=xq9^n&4ItTtpo>?8BgQH`Nij7^c@V94hapmds9OwCRA4ev7IHzj& zfBw(^Pd!(!UezeCAi$qI86QE0K-~d9Sa|MoAm)lXH8sU&#pUdSb_gtGqoc(kX=r$8 zblFGA`-~v;9yxLZpCR2mLmj^snH%ZTfT>*~05ZGvM+3kpu~hez`a>y{qCvXRS3h6m zpMUxcbqS4fmC?>nh4#T4%B`SV~YczvpuK zwNuxV75<&29}BfEWaH$?Q>Pp%;LqqQ z5M-ik68G)hhiPNoiDz%g?k~RhV$YtvL@@c{yqvdW5D!;Un+xjRefvaO-MfF^(C`SM zres9e9@_ueiO;^gbP?M>6bGyJkmE!Tz&yKBE~{<#?mborpyJO;V98blv=37Z`?N^+ zn-T;3Vs$~gr%s&$o5L7{y>|KFirq>Ohxm(%cdJ1*^`AW#M`gqs7dBN#K&{~Ds9PUT z)~~+0q-*wr-g*GrmtQV;Wv2!YMRE<0s-z(wU&k=GtCCzYy!)vJ;ksiJh(QpYutcC6 zP2GGcFv_}g-}=FlKz>p?Bxy0V@W1tHbR-N+P1npsk}+9Plei(h?KFLR@{j1w4%8QQ zM`>k!(iax94oxQ8Y?$XJv>}hTv6?Dozh-b7{`%42XJ@Sk){bw5zais-oFw)Y`mgw@ z_`$V4aemd%z;--Tr`7Gi>PzY@e9kQ;^-AXCe=EPcPc?sHqT;88he|&iYEtTaY0*iS ziM0NHYWQh&{S_W%L+lb9*))==DZxKwgz<8C673h$N@5@yU2PlkFW2H5!+ zHQ^Jw1ghkhW665(zW)fL&EOZDX3C|fss@85Ru zESo8->nStIaZ6X(8LocYTj%D#)t^mlo~^!p6Aa*fh!fNE3Ha$J)0|)$j*98+**k|_ zxX3vyR34mD9;7Sr=@L%7$l2u1ohe@m=CGnjvQR#bhMu;*QdbyyHpv<4@PP#%3!HLOZ9x!yYTfmQ9~u{Nii1k-U!{KH^6!6excj zG3QJJt<$|=>Cc{rherbAd;%w09|->W_H9#7bvigcF?j@6pO~c67?q7d@`SKOLz@_)@-KY3J{KIcLtpf4+bFd3p$K%w{ z$gduQ!kyRmm-p=6%{AunlP5(*vr0#!37sOve*gRbbM?wq{VnG=_MAO?<{$sD!;u1v zXU|8+MvKH;`17Cta_7#St5<)37Q_9rp7*|w7DFqzG&BFyou()0J1zD3@Pn+kB z9?H15sd818X1rFVcGjgee-R@+s3|`yJ`*diK|g(cp%)D@EX3SPky-C2aHo2onWOSw z4s1Av7qS0VCa0O+(JU8KRC-H_*ofX>Ze)1Gj)NnnIHt0NlpKrApgSQ#;F4k!lM_UV z#4k>NQI2ygIMs0Az=k zb$A0)HflsLFVf+$k6Z(7!E6fv25`c_78@ns?H3$DQN-v|5x@^@KYJDg5Eu~9 zM87)Kg?DR}kC41BdP{ntf-b%?+xyDj1LSI;dS0&lG*>azFu%nV%)#Fo{r%AJU*UPb z^k4B`@xQ{?KE3@~yYJiayt2FAj@oOT>tcXJF6kSrK~|UPW|ms>uSQKGv4hNtpLLKE zNU8W)A2FTOil0r<^D)uS<{e%2HmPD@S2#7&M$=*WUQ(U{w5f`J&v(&#G$B_v+8?f} zbiE%f>s>fgvSir3&#;9&o@U6V*HE)lx;}|UlR@3#bg||cEoNqCo-Qs?qi_hA7@q)V z!mzL~FM^1mO>{hYxS0x|0gqXib%CLpX#sDbcTgu&3iCPWyk*(Wx3-T`iZ-MJcZwg% zAnFN8JQ65?idX2$wv@@7a)&`e(>kIyCK>QhPf$pCMSUcXjcA{uNxT_f+w-9#&S;Dt=aQvEI{1gP)Ew#(I5hr)7WR*p2;o*~hmq z(9YO-ZoSq)CA7mJjY8>5uXp4)3t!`+oWmb;ko#KexCJyx~l)iU1dhGgMnj<+Eij&-4c`zUO z)u4551oFr!Qf5MKmuO0AT619Fgy&}={c<=`x%QU$rM=xaL*b4athqNXRo`p{18|GE zr85Ky@d@~YheS#XKNX{2yk~fJ4yJfYhY4OIR0rsS6RP;Eb8~lM>(<{d(kIg58iFM7 zXOyotq|R}qs9gHF#-g98se3nX-S#kvdykLFph&uLU`j}o->NgQCr*rM1#EskdUO+P z!kAQzv=Sgm@^|kt2r@zZQ|AR_Jgr?V0Imv^_B~z{wSRcj`cK zM-R|<5_zmWB6w%eFT!q67YPy8bg+MDL{v~}6n&KjA@bzxXfm(!AXk|U=2XUw(*@Z? zEj7O=l*Em5@#%r^c5xk?o|y?x+H$0sgAp$r-N`&TBXm~{?s_*hH3b`RPCO|XV=*!A zlg+$)+toJDd|QlB{xo?lWLDK*Jn=9I;A!;7AFqj5cm4VeK%O~sI{V&K_0k8rCBCY2 z3s3zMbFs-Eh}~k$+EQj`tq+@SHV+m41{Lc*>@55Qqws%W1=OcFl{^nFYD@l|#cy7$2$>irRN zQ9a!?Sl{T___5C-bOp>7x{Dwb!jt>wX9zOKEn=@7{%lLcQ=c;@dw1{Io0Zth(C@1s z&*iAlH#=yY-g9rEQi_?7?VN&n_n91Eb6*WC`^Y7X7p}}D>S%*s`)Rb#hBfEFc zk~`hLE8udHMAKo{U^ekPDvlPz7{Rhr8j9|Ca9P7JpsUK{vF*w$n<5k z4d%JIUDohYh-}SUHs{0UppdzwypV=-SNVVI$_IW3GiRZ=*Zvg(+_}tvP;Qn#BgY-v zW%lUIZlocR$+p|<*W`*UTESdiZb3<}-)9&VZh1**)?D4EccxTG#OuXEaq)4n|M#N5 z&cAcqUA14ay>BOY`emR$#6e==k>>qBS9jrH3$MnLe)|2}^f!vPG%%)l8zlPr{Ann7 zazcgWV>k*7K73y4-)pCYznlUQD5H6P9SlK|8>mh)=NQns34O^2Xo9FUdfha#(3>Qx zBFeq2L&@w_U^i2O2YRmoISlwb9(M!7fS>ZYCRaE(c#D=0zRC|HPk7&7rGndUZ{{h% z`vak4hk)Wk<3n_Id|CV54&TrBCnCRy+LQBq)|KA3f4gmsZ6OZDk%F{B@zbs|G#cQ!LwVdCSKR;FcIV9qUv}ACS0#luv$~Cblev1qpc%S=&?Al zSXEyZ`wnjZwLa{hyv%JP6-i0%X&cXv??a}NR!l*vYi9N!ON|YrOm0_awO(U!G1b3m zb^s9NPf29fU6v-T(q(RUx?cdZ?n^aJKZmM{t5dJhonWqo>r|p0UaZCD>|`<0E``ptC_zC`1?3 z$tMWHHnknwpNp0o9B1)V>;H+jfKjpDGmEHL2%Fw9{8wcK0iKk_>|<{pb${VTb<3!> z=liQcx8g$w!~dyLe?r+OQ}nj_>9*&e9-&{jRZ<}#q!Z$g=V6YDmL%LKG|p&GL&&Nt z7gPVwN;@WfBKKM))K%1#tE=`#ecvaF+(>Rosh8uWpJlSJFALH7dR+cre7)A$cluw) z?vF5K1D;y;^9A_@V=&G6K3_%VGuc4+<{9#=m^gk>@8@%;liwcm0>(DrvbOiYFfwPM zRj0@2SdB!nhf?3yH}WCG{O9+~_fzi|#1m|_SE+-UeCoJ23dzI2V@7`%!hE9>gTCbe z6agN_1B?5mZG(RS>gGQ29u5i4rH!y9FzxvY{6{4PLS5%HTP4S=hZGZ-H`dSmeN zxIGVDEgE47UD!S9MOv+I;dvsqhYc%VMyb+KGP19aZ+zr9sUXg9{mk}D>yn` zCPcAEY(KoES*jk~>y-uBm_jpqzMbi0Nxr2`yydRpLa_bCVXR&7Lpplw47LbpjTR}R zcmMM;qP{ecj*^UhP}QaoK3iC+EqZ4qEPD2gR=UriwPOBdG~<}E5&Eg&gOXU+Z{VP5 zyJju%UIkLL9TIG!q2HVHQ^R6<}hiX+#p0fPQR6F0N9nILuD&>Z4LM zhp{%XX{t{F%(ckJCD9ufy;JHg>Q14bgUh^Kw}sGuDDvt)7Y5QyLc&ALoOxjFNp79M zEkOSccLsVTtgs9$j}SRt<#0Y1o~8UNiN%eO$IttPwPEU)w`~>2FEs?mgvFV-EXWDq z_UGH~T)6S0qyPF@qOlK#2Y`xRZTvvB_pCBPX@pZSe&@HQT%`=XsEi8yze@oHeA)6z z8UJbH^naJC4T#x(PJvKZ`{&(`hUT3tnm&J?CVRS>aAg3Q@^w}N&-Y% z^wbUK8~7o&w}+J92VEY*t9kU^EpMe*ZBEA({<)U0J}N3a!9;`L#OuDAuh=Ro2N}%) z_wkUzi&y-~aD->*U@^z$Q-SdN1su3{{8;^Rheo6O0<^5rh{4m#m0NQDDpAFw>pJqV zXi1&JG0Uk8f}S5CfV1OU#@#kQ0>1YFiLpYExu6bRFW7V<{|`k9AXFtp>G!=9M76@$ zylYu$`q8ab#0$;ke7m!Gtc*V~nFAp>7HsM3uWiu3K-(g)z;GCEM}X%cefjUuZN?IW zL&qxxUgDW-Hw~nK9K6jyjeuMTFei!xsbtWRl(;T3LH)vM*ncrFKDhF`rsSlIFZnMC zZfmLNrc$NdQ16-i64LV(bU}MkM?HO8c}fof{E^fAgVWo2Vd(DMSo+@A7wx=}UOS8g zwfa;)s6H_vvdIijtipbcuJcOLz~tMkh@uaUJPl@{Q;!oKkqoGB`0?XgG|nf>iV4BY zU#PtQh^*cP#QxI#GxbMk& zBPwQRHK5Y}SyXZ(a*_a{*1?XI7ZTpj zNk{%aM5htk$7vg(lk8Nh7vSG*&#z7B!}-BGGgjfLxR_-t$Z=z9OPMi*8IHQH zs0yF*6@jIa<=o_~99zo_WvbqZP1}OX>oT^p=?ZFrTV820!%~GU3uugX__EgZ8kAF1 zud6i_Ex0XpGZ}jFkP(wZt8q^B#L2MbvQTB}@DrEZ5f4iYS*QaWGfDx9DjM7rKAM*6@w10iu>!>Xl+lxR z05Sw1%50U~P2X-;Kf)DdNPO&uvMD&4dZ+B5cAV+5TpauYY2 z4d*XFD;8F!PA~StQEV$VZuRoh7$jQkZjZ^wCAkb&^K>uYQEmS2R~#AACDZJhOe&*B zMIdj(xH)8X=KgK3KSt31wn-#taDwY+s2_?D#YXx6Z|w~Z2E?+__Vm%7Z*cM6qM1xC zHo~Eni`Xm}0c;zuzd_AIKO-#ivtEKJLqBidW3zhyZU0B8husYRD3rtJ_6mU+@{702 zImw~%e=!+~9pfia9rGEg$)tVH_&u>UiiGg&JZ)lUm_Vx)oKoFQPZ|rt8c>E|6GFNU zvI3(SSBiRif>^3RV=GV;-6_F61IszkCK=pkGbmZ4jW3a*L>^{*`SB4_R(5DSux3Kk z$aNUFLTzzG-ExOQa1`13-PaF1AFgk_AEEkdq)Oh4{Gb8F?hGo!jxym-G+$*X5!3HC zE->^iHHLj95S-fyV~Lxm4^lmypq{~D&(k&}3)H=~bMvSykI z6>giH{D7lpr>CRGGF?N_*gzz%o+=myBP5#=e?6%l8;nL2s2^)@hpvP2{%!kd<7fxJ zoW%ZPly(!;56BMO9fWa&gWEel|H(2`IUrV*O|ju#R~lptSVVtjtE|Ki_<3 z{WnImAxO}~DEVh|MM7|WVm{^?7mNR!xIZ@;JTF0}zBlNTUSIO&-!0?!+pPZ^kU=!| z$&d}^ew&ei4rNBR{F09>nUAY@{VFFdPK z$)==}`8|{!HiU_wDk;wrs(p^_=;3{8`>i#-FO5g*rXBM+pFBQ12UM~ks*I50>mQYvTCr%K{jobCdyQT>t5N^3 z0&A(tYpEE|s6+wD<8{Z(1r{NQ6CBmBE(sSI8_Uha z65bI<99(G=&~b<;%Iy|lGnrb{>33lZZ9S(pI!CYVI=m8Av*x&45N#S9j(`093#5V! ztahEWa@jNE;9a_IeQugw0@Rq0WgGCr*Q8GB|WoVrdl`@N+uU)FpDSP zWK&=FB}-s{XdOYL8oa)6BjTygGz|-g`_=FKquI zbw;HH>R}ONL9>zn6c=JWtgg7^M03JPm9vJb3f|s?`GF!Rev_yDLA6$Rz+8n{^u1am z?*+-q=+BXOBtnYl+pUa-*6E5W3MUd_@R1(O6s)SuTp|`TfilAlH3Rr?;_^)FdOO;Y zS#x>m6p)U;BSUKuNKe>pb-^|5b!!>z;!~-FqWt118LX~yE1AEU|F`O_SHu2&M`d3R z1{_jf(tKuNno`YrB6TZI?-GxS4lDeZ^xdBJI7YJ7ia5PKL^{#M2MUQnW{ezK0;U6V z`W(6ilYY;1TdHIu+OGm5)qHD>p^Bus&K9g91t<;@GoVnaSVVk29)OYQTSk4u%6w=8 zS7fLGs1p`F2)I14JSMcjkr$;xlSgKwowfm&zC?%H+6C>`i9y(^Kc;5Q_~ zdZm0!y#L$ru#LE8i?drqRfuQUjY6}P!O2oW5D26eGv&51MbHmQ%+dtm^r(RVosW%! z@Cou+#T05>nq*U4MWEF5qG@dt(il&y^7|e-ZXiqJb31nuc|`@|S$u1yyqtQNx-9IM zL^>5a0s!^&^kiS52D`3@g=31v6GKzy%@(WZ-u>T+dW+JfKhopMR0d0r#qKU@VBtg> z$F=&qKks9}?4O9C1BZJp`bW$*1js3){_jY1ZDY;_H^ce<H4APV% z`q3BhUg$`^C9Gcpn0YnHwltQ4U9?|h3=ooyqw_t4RoBsUU2_(G)x-_qUKGsCEexqU z7#}b*n+4%7f#0j)y$IJEr#TVd8VU@dmw7kP3RvMa2ZW7|wot9e^goQ9Jd4+)eGEP8V0B39Q9{= zYGG9cbOon2M08$nxHQAs7T-O-A3UaWh2m`(ZMa;BJOm|#32dgZaY&41>%n3H<(kxb zzF)^qx(M=P-1K27DZ(+u&z&w;GFK#&2&Jp`i=S7L-Mtv_eT@a?@-6YK?|+d7_9iS_ zq4pUmHW1Wl-pBR_-O{{YBAwqv?hLvH3Zy$F*^3O9Lc^{% z`sNm~#LiMyjLEh-Y%mDin;Ib+rQhFuyqpv#wmW|f8QHK{F zGx1NOU~bJnA4M*sZy^WB=OC9>y@~w|VyN6h>2601tXE6mAi@L3ZvYeEKg`YK%af8i zs}WVs4!K9fb7s`Da<_bwx6`{hX|htR*pt=Woss{+8G+ezdp`U)_dMI{-`v{q?>X$0 zKvY9he+jZK#%6~wQMs)?;;o<5uy$tD1 z{A?B=%t&cmYaOZX;y+B~xq@E}O32=qSngb~Ku}-y@5$tU&p<<@fELFKzdpS#@wW{f zC=(*7^ME_h-*}y(Ifp$?_pj$+N zX}%@BmhSTp_fQqK+#bpZ*O>MYhwt76; zWqX>M7QjBP@IRHC1CoZnslNWX{lJ`FeuKK6bu=yfK${`AT+HaQ`O&Dojc;V6b7=Xu zSj+r;0l&bLS{%NYssQcCkJkY=I~SL9>hIG{cOYwd_=xyBgVmftr)%#4f~Q`)*a7ia zP-u~PhJ&d?de^Why*hZf1_io4FTN7NhL4p2D_)KWM)z-Kd>i}7>zi|wHzvB=;vp-X z&(ksmPO^FZq2XRpp$ZIqQqZ(c$76B))p{^X$DI#-OJ7gjPk01hz;taRzrmc5hnbu# zw#&b@dgGYmm_&FH_=IGxDde7Xw35ejoO-WE;jaaV?noIlrzl)7GfF@(aM+WjhMzAl zx6SW+;=%`+EP0!Q%@7AZ^B<8PRk2|gwm*0nckzE^o96T8`8n$pP$`HKr;3sZ zcd-?|5c2PPv0yr~`2&YZ2*;Ol75(` z5z?gQX<$f&)vDmzu*u%_@kv~#MCkJT%u?wgIJ7P&BaaD|{1n)x?X$|z?P&AlY?#4u>anY;w7-cCpmnu)f7%aEzMq_T=ll zBSX4&??1s#Z}z9Hq3mSm$Y}^>Zu@>%x(rudWPI}mjNB&gdEf~ab>Qn%<@oc1SnPMkWl^2oLqE}&M*f> zfCDQ64%rVW?9YF_-!MNPt0IQT!jXJGpVamJJm=?%M71E!YZ206QTn>Q6@Z*_!NN+4 zn^jX=@7J+?Mn+$$b+V8O5Fk7d7TYAf!yC&Qg7sqf^i8conCD6SjJBlo*hLKV=Zl&= z4M8LuO)_^Lu$K<*ydm`lzh4);<3N(-jF}C8A8-+(&XwU}I+}@UpPUaPxz`C;R9JN( zN3t$Y9BXsf?|Q0fT?dhDtBm5~o6rj%|nmF=zhG@AwODZz|jR%wFvYb6N3K{-CxybM1CCxjiEwVeAd%@mY$Ek zA}d{{7#PoteKQk%TL$k(e9P$kN4aw`2!*+g!nrNm(6Z}gUTq6>y;fBPwV#Y1I@q$! zc|~r)EWawjYs!@MUU)2j*bdeB?(p~_2ao_fN3pIp2_kCmY#giNt@9ve2Z{)7yI>FsR5<*P1i@}C%0-xX zcp@d7(&M7oos?^FRNgIhXHILEWIs*|K5S;ODWg<5| zhK8EUq5_eviLWAtc4uD4?!EBSICr{^-g7fA$J5Vv(P&Vbe#zJN3gJCf0u=9G?*@YG ziU*Wh%5$|Uk~jp?G{FaqKG38bc!5PXtl4J}z7x6K-l|S7GrH9dx~BC8(@`MCb7h4r z2_(UX6%VbE49Ffe4=+V&y&4D|oW*NjG@nq@t54=Av}=c1i{M`q3P~bK9>V4!p-3nP zH2WSZaVOCg$UYuV$DGU+$#mnuuB=m(92!aXvt~TsKpRrl6tkrC+(F4tA5YXi$NJwplT;I}I6!KDlCt;9}`K;UBjq zy;C}1*N)8xqgO5;qPqQh-}y{Tsj390y*u3L>w4!q!m3kS@(#RE83*n5>LYq`X>wwE zXFf8n+W+dEa2#b;=*m*)Q*?5qD164Cc^8o-tp+L7%-5gwwc-_i3@O%VSZepw*ecz2 zLF5|S_^^7WX$9Wy-fEw^x0#gpzr+D1;rX~&)8k`aD==z}En}otX2GCxdEHmm8-ap_ zmB=VJxA0f%uAjM~o#nMoMl+8O>=w=TLH220UgV~c^p z;+&5TnT;1%d3n6vCyyD7Q6T7eEFokU2l-~vnHG%BV9?N5U1BRPsB_S(7gKU?bZU&W?D39OS5?wG(GBu@O_tEn^@o-s-35st{FyXRNLf z#lnD50mgT#Pa@-Q(%BBN)izX0aW7DHTvjh}l?B+mOuziPSUDV1W^%TJcRICo_LKJ4v{uSVM|=c4N67yoDjP4h+jwd=z_ zr|Hy%;H^1#G*d75eD~4%<(zVIQ@yH3tAhp3#)zqJP0=w0-K|rgNHb{@r0+DnD{S)L z4B$Dt0vILO-(C#HG=Ay2Kc+tx<6hcy>?t5_94#?Zj~JvmA@Y<)(5tJDd=y${?(xsg zhc=BA(E062|bp>BqS+E?#IY!nVSc#gN4>V+g0uXCgVTlJ*){t6oy2)LXjWb)I| zZ_@%@{|lIF7s?i%9qIwwwwxD~<$t+~X4a-v?gYO^zmvFev}SU6C$WVNiF@JJ;ID1q zrI|%p@L@3rBnMxTkN@Nb!IkGVaa+-|hg-ogArZcI7!QTYU5bFZN@4DEvaCd?$8wPG z(IP(>Mu7MYe-gJ286+&WTIce4Rw=TJlF2|e(&8bJ-^F$NfA189Batbg@kd9&k~^LW z4At$benEQaGCw;mKaG!e`B}S2m6&+eJmwwgpMTR|{bE{kX&d@mkU~b;yYOqVG56&< zca5K!gGtTp7q)v;Mv(Wc7);{C?(`PzsX%TxPOMhf*$_^)js#VRJbLWfDS2{yKfksg zLvgmALE1o9P-w~p@8HHqB$lHsqyHlP9W$83)l=ZtV>!ZYr$AyKBy`@Dj5!o^8x~K4 zwcmdE>yLn++xY{!6#VKUz1w&G8&5^}-!TEhI=9eQIv-hDgF2q?P^q%W+x6uFdy4>$l^^u6ys7gY1`M0>9WYgX|=y(a$+E_~V}eX6bbVVft=ZDTD` zDQxEv)Y+xSf6b%+v>vmP!zF?V)x%X?6CASVP3EKeD}%ov&OU*HU663|$4oi#>ASI1 zEf=04{=`PNw%Kd_NSv`2T9R?N#M_Z(24Md%_lIPPhRUX0HkYH3!5$*{T~HJyBoq=p zA2Q@$tj-g&Q(S>@5esU&C6zI2D<>x~d@U7>Qq>qByAZ8*gX16u?aIT#ZU(KCt%+=D>S!Ip>LG_r5l8zL|b}+&YI8$>}foN7e zo2KWYVr@mH0yU)T=;0YK6gn-Y#Q6@TH$;xVCXC+O^cs1LXdi&gF zVRUpvRte3vvE!nXa|9$CFz|g*DTBqJvsW4Qgd>#xf`W&hE^3VaD(3h3M8WV^r!W+D zFxFAND^60{Zvo}97A`()DR{~MKDstLru%u39sN&A>_LIf_5Fv)DF`G|I`5m}qk?2%xNa^vXeN1zfUsX#%U zb+QUgo&q7xf20m-S(;*SX6_W)9|+vm^huyfOq&fh9Hm2>cFVKiDMK-39nT02ph^hR z-eXEf5P6^dA)gbcO3m$X7nTR4fA3lQY&4+iJk|Gya%;62&TGRdyETs zp#_i06}d{mc!^7W*9~x9AP@1xC%tCrVBVP>MFudHMVNv`6z9Fv&6>}xN(G@tvGK_j z;t6;UXnjzij_%QNh9P&~b8*Qw_ywYb`E&2bgB*OS0FGoGunp1Hokxk5=-&x0xno*B z9d%r6J@3{D{7u_+TiNJ4K?(?p|BTbRx8$OK*RE0R8X; zfN(MIGXXVy@jiFd>;4cIi=DKxN=JC+nEs}p@-^lf%?~6PYI}Uf(qywGBCRunN(nGp z-r;I;ZZv++AZq(XzvBOT7L~7qgVnjmOc;aX*yHXe(zG|d-OroQ8DivTt|o|ud9?_g zd;>j$be7Kyk3Msf8lyzWhMV$QOFA%;O2|hI<0gwD!BeD8zha*!rBeh;vfLb~#kpLJIn%Hv( zo9YHloE$|aB)B0Ih%{}>DAWs)tb!m4Ot@=QhIHs$jV=?QsMvhnf3I)NBE9)z5_Wrk zNcD}L9Nh+p2{aBxr1ASBFF^U>63z?Nz2LuJ-;V%1&C=|I5SfWl*lEa$`6!s1VG+(w zP0uhkWHQ1dMUqr}k%qxubMGm_-?BL09hFn#Su-QaD+O2cD=n!GWMl=z+d=|_!}9w@m@&cQP~t7&{3P6&eKkEqWw2_aA`N?TTIm!$M6lBU5% zqg8C{{pj=(ZYe`v+Bd)qG;^n?6Bt%5_X-bxR2&wylv>0ZZcf31?ly6vPDxW7+koSH zNR|&+p_O>|P!C{yz0|@jIt>glIEZ4)nU*&d)nk7hPyW+*qF^Fsv1_yyQj#*ie*X&p ze*bo)E09^1caoif5#5qsk#hW76v_S}AV7EDmxaY>o0p$8SfagOGcy&ESAc?FuCH#g zA|(s=7n&Ng%Eb^?Jg4>8qlKav;W_uTx7AqdwV1VJ=`hz(!8cuTu3MPUv$Z;h2-Mn^=c?wM-`CsedBVkV25V{c9evi~cbIVkMiU>t z3m3E#>;x#i+6au}SI_$eDkHyKDQ_B=FpGv|tA~Qn-+XvIO%BGJU3XFq$?z|BEA+k= z%!gH($cj~+iUppJBZ84OHsKtIF2mD*#gq0ZVXMI(hqMs0K|k*|*lrDW__ka98I6Pl zYv(l^r^;|x2yG-#rz??Ze>Z~8!t#5Md6$sGr*$I~|UI z5){seMTHU!%h%t^N2)|@hHH*L^&5p_L0*BO33GeVD1I+l$a#B{oD4KRZ1yny2y&wf zT07}6DNm75k({9A{ou1{Q@4C)#N$4R9Ti%_kLRcsJintbO`|$? zgeIK9!pzyz)$Xnk_pTCqB)Ppgj0mwLa>fZtm%*VBV`8`{nTgBj&t#d`ohXC~$0v@5 zS@wY>7I}*@X-~4boH7|ys6yKR~ z_?&2XOmtZTh6l+5H_?|k?t1B@LU`IQ_l7AJW`yv_DdXi+^^dEYy}z|rj_|2Aye3^V z-{)7a95}UGTf^yLF|>m_2z48h-G5_OPt@C85J)Z_KJ(VfU`0?HggYU}j}eFuKYzK4 z*LL2kRZCR$(Wi?_)~FfUF4#wtcB+VHKNaRSP_%kC%O~w9!$K0&qd0B*TDE_mJHra7 zhdYkrFM5sMZ3gg_*PNdq1`$n3@|2{+qrBsX5Aun(Mqp>&G!Yr;X>cBENefO=1ovi5 z?dC-1t)Bc$$))8__N;Gw6D|HWvCB*5vts?Y_V6QUK6LB5ms+-z5?41dULxC24*8j8 zHTjV#I9_y68VrnlL7@D12Ox*!@u2!~kN8@8!iMo4ZwJU7TxM=_yV?OLyqJDm8$Kza zYWPRB<1Y~uhv{~xw|vB)0Yl?CnVApAoSiSC;Yct>C_UA*(<4b!a-zl83tpvPWxA@) z&W!?}Ej)l}xokIMG%fNo*5`BALuN&V$LOLRl@Eo0J^HNs!*j05di!{TV*K_XOEml&RMUu``yFqM(0NB=;S-Zk;-66- z(kMnW57g~=B8Km_*($g^rc%dqqxz;3c<;T6QF2B+)mnNYVkug61@@b1? zcEmit3|*A=^>x8{{1UeD0ZVIxP!S?J)FI4geH_LF2kT^Mg+fWLB!2T<0EY%_P~Qc# zfHuQ8>A|Lemx$AFCP?`1H1oU=) zl93U(pHuhIj*Zr|!6Mudz1My}5y?605LdGFv&Ih#=;u9}gd)Vi?j8bYnAP|6G!wjC z&lmVO0>#+~#K5%18(#nL=uZDTu*2I2K^vDVU-kPPuNDLSrFmm`@<-$M4_H1sl8Wm#$NH|8Sq577RrozJ?tsXvYR*w94HB}-mNrrao~>>el{ z4_b_;6>L*SJKe8Foj6uXuchZ#(cb@9_~o8eLoefP`vL+*VKjcI#V1+xM-aoPT&r?K zAkM=Kj~$u3D(tpjw$g0=I>WE!fHCus&3>C~0AoWXa>s8+MEln{z zzrKL$Q#d^xZ#&(KEY4vE%y@m&4sET+Cz`6UO)uj6*+T6}4&f!t~?erXcm7WvLh&$NA z9%*SE17^P+{kq?Dx(lZM_#k!PP%oq;BYqempsJE8jTpJTi| zva=p7fHzD)%_wvU&ub?VNoue>Oa679b%8;dJ#KnP)dkx1%PsMq`Hr&zB$^TxmdJYO zH?o)LNbR=%V-YHQN&wz|-><0*x*R!~73~t$z(UJAWA6Z2Ya1+^q&-Zn8jdi|bEff2 zzW9d8$@_W15+XQAYPV)RY85&ANEUWJBc(E30MA!=^i{p6lncW9{z6>&m@c$$QW1IFHYFHKi)Tt+x2- z3JsjFoL2aLNF4+1md>-AsmEU}u(T(a-#bvby#Z-LC%7iz{dv%KUWr8w!NBm@t|p*3 zZWWQJc5i3A9-<%lp7Irsv?+^Vg;e!zqbR2^>48174*l*gE!?m4X#GI*?mos%~ zva&4VaIgJfr4czKivqFS!M5d{Wost%>QH~nI-N}kuft*UJ*q0CC1FlH-8$E<)7nZ4 zeedE-Kd4YFa_4YCO5mv15gfm$q;QUd;`Z6=+99GHTB zv)pz!EeH&o{C4Lk*bxbxP@!{(%w>1y{=$SaDe-;@s9CF$DB|-k@>;x$(EA|fwWwUo z4~Qp8mwy&3Kbw1NIeM7CfVaC(V=(Olq)=V*MGs9sS#}0WbN8N7K+oB^#}@#2c$DTy zRj3G+g`bB7c|UU)!tblYD7gIl=)=M)NDuNBjkU0hJv@%5M;sgs=c^D{gdsjIjc7@D zMD3UTnOtn?N$cq*r2;;GDJ=ckiirh<5Q^Et-GqG5Vei4zWn&7rqhS()luR>*&PcL% zN3dd4Hb>O{kxaQAjzRXh?rc}4sBo{L+6g2G6rZnq+I2qs+bO4M02YnLJY0dMMpO$=k6rlIU^OAN$0uI4tC>;UV{>gDnr z;)6yd*ka}8;MU77i_WP{I&c26Xr*4w5I%0jV1z<(Nv8|AeZQ0Zp$4Ng{lzvs5!|2_ zre>XLV+MYUN&TTd1^U7kZ#lWyP!ern0Tc_p9EP*09y4mWSgFgn;T%j=FSWL>TE4-M za{FW?;sZd_-IAD1Sm2T1gjeNXrufH}lgbFy6^#Cw8x%x?22WG9)#%pgnncfP+Ageh zh!YE9udwdS^Q&hlRI_oLva0oSF1~B?!4N}1v6`HP1QVwn7Z;bB67?r7xMQ_+IBQ~c zWv&GW;zO8Ahh(!!+1|)%sK9>nbGLpi(y_WRh~gwwXOl8NWUUf+DxP$`x z1by9_-qLP8nJnP|d|nQ}*SiAFq2U*lqZu*&n!VsnobVq z&X(q44*#rX(_FiC77gpHbvkhrEYfyQ0Hs$^$(|I9Zkc40ym1J2hg@hQ#7{|PO{o~* z&fVsE`8=J~8pGQPGXeV!MFUm{6{v_yT=B@ioxS)BqVBPpz*Iu~>y8Pn@-u3x!S9%eXGFAJoI{C*y^+0#J? ztJ!&)T&ZeAWDje10z(sfK~Sw!ijUl=2HhKEXF>sFa^#+kHO*?gHYM`UAGi+bu&LZ6 zeq6@rxCHmVcvLEC`BCVF2!#zGOQtzn4(C2Xn+(>4_s-MVFcR&x6+~g1Pn;Q^t0uC? zvX+C4{*kZ}VE0XZ$hq_yetfaP4lH;C?rANL9C&~&sXt$aRYuep_Uqxc8Ft7cIf&NIeZ1f)l#ZyD-ER8x7P)benI5^(#rfHlRH znk=c(rZxXtkEN*>X+%<8(aWv=8PwPn!AgEHey!J;uQnx&%RN#zToAZM<<^>`xBLdD zek;2ZD&Md+nSH{EjDnmWBjnwcX$~&F{f{jU%k@YSQQgGiRSMDIuM17ZhZ{yOFf+Uu zqe4(C(wOr7L!3?JzMuvw;v%FzZgrD@vDx-=*(24)nzs2t4?g{;iT6wueco=C- zohya}QDi^$Afojwy`~$MH%#~2(T$Y-^)etjeClWNGqCca%j@al`)l|6VeiYg^Sw&Q z6i6Y)viYJC+foi$1DKnTE>9dTupKhc5{Sa-f|SnQ_V)S!Mq>L5NIcJ!)5+Jl*T^z> z){H?KTo-F6pv3C%aNke;zib0z{bz_p<1$^vq|g1ZsWopA3Aygdz7uyGv!|iiHXgV+ zrkUwX9o;E$`jf<9r51~7>SYCe9wSafZjX+<;5If}{lBgndEwwr;p&GjoS&NifMFK{ zbK>CO=%jRs{;z{Xy`OGf24;%dEEb{bqN3sPbjh>7!QVV18__@w1YO=bl}}`j1x?eI z8Z|^(iPpS|K+VIe1Zh8e_21%x)RBZmh3*TR{c+Cx8O}J&W$n_~vIMU9SY4fL30pk%o?rVS0v@nXlMGb^j((5iy?z=7dPkG}z}=$poCm zS{XckIb6Yv%P2NJc5W-`x&kuLSSB~{etw_7bCkR5tTrk&H*7rUXMQGDu7opdBjBBd zzZHb=!NSgOo;HtXx7WOoDoE6CVp^Iq%W8e|M=v^rbD#Rw;TntqxNaRQ3m+Aq$|9Dk zr3hp+ssjx>H^Yt2>oAyJD^De6s36xDpx}NG370S=m@d{b?r5R|DkbeNi`>9+t%qMo zqf>&M26TcdD_H_j5v~>-mU&2n{|nc}arv=%X=dz~%jw1Yt@p&_)-i^f%R#m#^80o$#aaAZTF{Kk-icB+1 z8X^%_odW-PT8kf63pe}gWHc7YUaARm_TZA;qRnvq26YzyuaV}APL6J+hPOZvHUi76 zw2cqja#nk}>FTDGU)J8DHr9Rj;kOl_^s;n>{7sBHt#=w@XFA+^`KpmYFfAyIqeqAv z(n5REGEe8W27M80cmf%@EmCaoX4(AbE3M&|LHUHdVrh}~`Xi%DQ_Bfc)*7K9^0@Az z@*bx%d1#CCD;gEP06wAaJl zl(!uzM*3s?b2-iNP64j&x6O7Ax=jpr`kBS0B!jAo5;%vhjk+17LQgzCrW!YXM&Hyt z%KhE1>v;cvo9-h6p%*jR+@HJO{{)rW$(Pwv9P0K8E5_acr%X7wVfMYBJu(0GfY3v~ z_jBCs(EiWo&D*1X+a*fbX4ov;mWKe`#3WpxnkD0UDD(h)8@JJc@r;(_Dx2%{?bnk# zu&BU)#L3YG-I>?t4EfjQuXv(hP@`#xywJCUXvXL3-BM_T*{MggQf?O-vTFJ5oIi#N z28{9*Lo_YNwr0ieK&AnA9%^<|l@l+%E3NJrU;o9RJNX8PxiT_e@p_F(q~~_VhG|o* z0cT_GkQ4DplL~TgVeTK)C-=rwzMK~F)O=4`)5hV~ZD(68|0H!$X^!DWdV47fT8l~x zZE!+Kk{VJ(U%G4-g)Ow#m(Fh*CbsSSy7{k4gEDaEX?+R45vG#>=1+?&M|)W$DZD%5 zMFSGdq3^4=s}JR0q0iTGb2Ge;EHm=;8}vUK;YutxegdT8nis02k!agIs09;U*~fkR zK1%y=>6k_cwx*Te*4w*jK31Bj1#n?h$}YJBzbrg09sSfS;N4I?O>8(H6Zz2+rf5^Q zR+xD3DnHaeD1%LbbwS}nxxLP#>Y%6i^Zi~nJXOsr2e2&EkfRb@Eze0y$+*-Rw1T(& z%fJRE+N0a5O)8Fmd81L5;{6NYqF-!mZ=bXPq|l+D+KJueDYQa8&~J$9TW&#YHTQk~ z!A9KlobXv#|80c~C0;i{C65J;9X+}IhS&ffY1OPh_2x8iCpv>8@dMtDhL}ueN#2nYZ&;9Z1OKmFINoBr1l$D^j%C z^Q28Qx&3>#ZGk#LCc=6Q<&=nE%T7SjEJx@{uD^e^iTda<8Qpcc{c{_L$S^hA7<3eV zcl8YvxlA!VX$mK0-!3Nph!qHwp*CE{$Pc-RtRi#Y$TR2F<XFA~+?UtJnIj_c%F zI(StH*O5b`*8Y}82ov3#o|(DY?!0ZBjUy27L57bfs%--Ovry#C!|?s}`R}oL9yVoS z&^+R$TE4h6$VM@@`&1Kq7{dh1K1OQ2Y)5W(iix5D1SaQ?{kEt4?*^s`uqz-S+Gw3c z(Me0|q-o1mAD-%V> z@!m2r8;im9S+ps);5Ekf_vynr)q!z7S5DXn;JktKYyTousG$UdTLz`^$B%i;+FWt7 zYRUN@i3KAKW)TwhLU?i!xU`U_}hS z-wBG^^3|`EadnQ2_pzJBJl)rLmxq5U4;3l5oDWIfmB6O0RP+NzgGyYl1-wuAq_Qm& z*JqI>4ixD4j&n<`Gu2iQSsYY<{81L} zN;cEV3=!zB!i+O|IEJ5|Xl%=#ClS~UqD|c^SIbhXTd5a9&t*G!5zHtdO(c2$;tM(k zNWvj)QEA~W`rL&$#4QzNgK<~&Crt1lGl8yncQn~ibRoiX^F%gO_my<6ciWxp2%ney z+r)`{Xwoe2GxlKR^yDaSRQ2UM`F)VYS9zsYHCx?^0BS@%gz>lI9hPUJ!~lH$ferBM zl7V}Jz1(;-PO52g5TQoDH?T33coXC88p@XN z`sn0@`%cd5SR{Dw#X$R7Q<(SHXTz+VlahwNBi5!wTtx-MY_s($P_&`~@9hJce@-Zy z>e>(mBRRCwa5LfV#+9^gTlbkM#iS`DwOhj38{sucktdf;ZJ0=A`FmRT`uN%*+Um>% zQ--}$RFT&tMrqGk{;^15-ZwU3X6rOZRcfDrfn0eKrR5cKSeKU}h)n5_S<_7&OdZz9 zi`I(IW(X6yy6t<0DSB87b<@{;)MBoyQ~MsRdjgZyNb7b3;N;6*kTgyu$$RiobuzSM z4yIMJx%}X|VLJr93#M;5jTl=hh5v`Da|)6y>e_U`-*+qSFAw$WwVwrzHG*|u%l zwkN;&=Zl$%eU~>GCnIv7wfB10^IXf^K?nO{15XKMww9gmDP3Wi)z1aaK9b$%fx@(22*nUf^HKm6o%ecb-N5JwK4Av8O(0M}k~4Ldu_xZZ9s z?|J)~nU+7_y3Td|9jk`!g!uGTdEPZ55t&G(nJk61a)0F0Dp;UMi3(jVtXrbDXrset z%?z)%-oJElIoZJ;^cV?}vwoD?3*Jcof*LG;hu>OBes5DvGjSaCg!mq1hvX~m-&h|E zQ-t*kR%c%n7o%nIMug?&9Jw+In~gD*bx!`EKkvPz;ZcOM`N{J3cSPl~zV>byF#A0^cb(y>?eK{{6jIG|9N0nV*Ty_umupnCKDU$UIn2CD4$(ri_|5e0^@Q9aR#5;RS(ttv3RuI!Ti{bYsQ>!iTXztk!UCJDcCG2ga&)pRUmksGZ9& zW$%72j>Fy2vVQ$t*0=Swe0N%y+1dEqIP{xN7GU5*39;?0u_d)NCWCwQgl2pUrXx!^ z{$ASxsUyGFVOw&N{YjOl6F_EvClo$_6dg63e0oYUgZb%{%au*RPwOyCj9!ur!5!R7KH4r7|rauUP9UPcJmvBO+QFET3ZL z4d+?hXA0X2p-ObD;(?5|)A5wFz>vww;0p1`+Wsd%Pp*{k#F_{e1-}Y#rVyxm8HEKg z^SeJhOQBKsQA2?G+rBv5jG(>1%u&a#Zy8#tiZ~!wguRz{%Dad4V9d* zIF;weD4Ba+WU`&>x6p|M?eX&zrbaO3h8UH`nz&pN)DbRn+x~iJt7R$83LoqxVaQKL z!&X6J7xV2!$dj$Yi@%k@`h^qGh7az|hXc)p6DGw^)B&8*Qk?A!yLtGAEfy&JmssO- z&GNDDH>Tjv`KGd@`zloX@B+A>5&l*zQY+OT*pf&r6ybCu8`}z*D0fQ(_Sl&{-6=%W zGOIeBb~|Iq)aFO<8#KoH#eH-55(iyoc_CNGnxvYCuphNoIy5AfDFb-s@u-rFQdCxU z%0{kU7%d6Q!R$z&HKx!ZBnCST=ixuLy!?QEN!5c?g_A%|*)H~lQT1Cn+EZ(p<&o7?fAXE@~c33qU6h;P8$G}Bn(1TKw6zfR=hx_%Eo7#7Do@MSo z`>jdYCexwk?4Mw8Lpu1|{)eH;0&nI>Cnd{U?JgJJT?D%}bO?~?QKw_z3wP=!hs9O8 z;X&2PtkMXttK4A8U*8`$N+D7Hf7{&mJ_`oIib;k5|B|`l_{H+XDliw{_%EneBI6Y| zXn~dg08KbIurI-y^j`O)W^yJ{P>edYkbbi4yPNj>b-Ync{1F7?Gmh%?{~Qd%`GA?j z=jZwPj?tjtS}LZ0p6Yu2L9JDEODs#%N6~RbtE6}14TZlS2p}bLclXN`@Pk)#*w@q+ z>y(=`9#0BXBANtMefU$opDp+ESSC=|DO&4^JO-*&^VipI0=&uAZB#b>P9a3Ey*-yX ztskX4A%O*A=ndv%;)BxK%5`2yI}nR3+O?x_y>u>ZRb%^Vq6)!`_leJe@ zm497>c556d=f`WE&-mpgG6$){qIG-A$Nw@yf@nC#gn7;=e|$JHU$KyXGFaK@uQxw>r`5ADfX=9=CTiGGvrC5kMU+M(@nVKZ}sqhHNrqS|Xr z)=Jjg@6tv=m2HSs__c-{4SJ5Vn_r-pCizkPN%+2BPsO9`3NLWU`n^f+4O0D}z=qk7 zR}aIk4>pGWk?(bR;ksD9tZ$*VX#K8?(?hn5EpXZU)HO3EHAUN6Lo+vzi1wIua zATLM2Ew7DakAz=!@~sYZ`q=?6Ns$D&rs8tS%m_F-c&^!Sye}{@Gz!bg%6VE~3BxXV z4X&5^$NOf6n}jTq+*0o`WVBb-#N$uwhb!=>U$+0TUvCJNl?gCZwkSoQ@%h-Gz@nx` zix+l7FhCLI7EYK1I`p_u_F8I{`RCGVOUp zJ~;t*F(Zse$<0yxr%ICRlSF%h5Xm~F6b)ZVHKsaPon-SJlZsbP_WA6> zBp3Unij(t?UTp4O;y&6PE^+&ZE!oVzR3Q1rsYUpMUTAOwB(ur;XFu|dvR;{gZ_o+l z3sgz2T&=XpzVbM}r$Ag# za!I)4B#$&%DCX#+Y!fG+*ccf4LakJ%!41(dcOTMLgrB>XZ>htFdTjP)D4M`TrN9ITBDB#?<#q*Z$1 zM+A3dDWR}Q+#zkg13LVpv<7J5NR_C;GB@>Ag))Bv9RvM@8Hj?j^CDW`=UK%-O;flR zkzH~o_X}2C!|$zoL|xy<_*QHDOc6#EZLD`nDN=b=(37`Q*{AD%9Y;r66j8^0=@ujD z>HbJ2HNH5qMJ=k6j?Y1}#ug=_`XTX#` z>m(ukU9MN}OI0gU9u}1OJe-=9@L+4vIz9#M7b|~@1Pp&3&&nJ^Nq?K(+K~A^9M=HA zt^2^=`PZ|t{M+l`hARHP94g8ArwkNZ&Y?w6EU>PC)65Jzy-o&aGz4QG*X^VfhdeduQzqT4F|Cc<`gHWVSQ-&@qlBLaP-ubjho$tj~XdtoCL&-y6A) zr*$ai9o|m@>5Npx9${S8(@SiXOO(GfL1#fPfcaF7c~AOT1;kcA$=ZvB^EyAbx8GW< z3KUZ1#k$4gL@&R~TYlzKj7hwN;cKghL#wNv)YAl)w51xZu4=E2!ytC%snOBo2;g&v zcVhDVG(Tt2EI007_%4O*VDt#sW^qUCh!)>#v3I_xo;L4a=Jr(YAKBxu`8dwQeVna7 zn|pGZUHcCfsc_hKNHb5w-@}6YYu%sP%MvCm(_q( zNr1itlUf6HlM9$Jj_FFL!!u^@=i{c9@pasO!rw4Lh9+v)-tPm4zEU}t-(&bunDsIa zk!l3s!Ds{^OdN8jt~?=lBW!dZx??!`=yuE3v0SXWD!4l!Dz^>BZdD4g2j(8ASau$W z@wDfTCNPFTel;jkoS$PRr(3nkAW@t(*6CORi!>)1XhX%7fLov#Aq8>t}e4y zw+I900ZmJwX#w={xyAzI;rnmWX$w}fgZuN;J(m0!TY z#6}Todwho06kcDATWvajK^Y*$N1kQnqNyf)Q?*N~>NKY-SYxgu|8YrdE{8W_7f?o= zBObifI4E9)g0^-xe%g4(&Q$6rp%{hdcOsPd z@febsbqgNCJMu95uqx$8{q>uqu_@vJ%&y&&tfd0d*>1#!HPI zUTPYTi`eC0SgyMPSMKC^U~Jf8aAecYWL%(10ph{akn4G`?{3ys>5eLrpzFl&vH z;@a47D-z^{=l2-5RFKg2y4PTPcKPZM(xyoEQ2Y%~X-_j-pw^#a7t~qP!VsRbo*hl3P0}7|SKER$uLb0HyIi1i z5rUKac_HP0wESffvB^5r(dBq_K6!~N^u^n5=8sXWw~(=WLFgdq642^WMQrav)D4R1 z+1Ht>wb4G0{!)yNtod#2#ZED(r5haCqN4I=B)~-L7+0bNf2equ>uqk3MZz1pAQY&i z^-=GJ##EWb+aR&zGK3QCfU+$I)GhhGGOSRmlDPb?Kpd;7Ts&0SS>&$h_;_21vX!<- z$=zX;f4)G(OMh@$JijH(6N|p8dk7n{)R9tbnDQDHpaYNu0t?9G~6p~zdR zw4&H<;>?pn^{+G$ti_}ex1*p$~*mf9mZce)@E zmeVf)1_!AcPB(mlrN`@$I}w>q>{rh`ivvV(NCf5+sdk?vXnW8i@kH(yi7KG`?XSq< zAxj~Dnf`@vY3`pNn0cLa;raU~oxti%Va~lpe7SN#ch=Lq+|%;_!h+9}xZOOF8p6Gt z2M5lR4IcgE~;ws7#K4Fn%lukPQ(Sn(Pu>wUh4 z^GzT=n=Kk&7b#LGn!)C1yjv|1!(s3_0AXt8&T~C$(e)FUonCh>=;7IOjcpy;o{Q7p znsjXb%!;p?Ge;?WBx8GjL^4hq5zmtgpHEu^JZ`ic{!Rve0U+lIBgBm9uCYR|*FMTQ zsC>WM2m0J!(pWAhFL$@;{5!4aJOTyjE<{LppMpZ*ZK>9GNQ)K%t)m{T`-vE!(~ikD z_o&I`qp?FrSe&apc_8`kQ62f}I9*u%o-6Yi6M5fWOim8+M`U~${ED>)uWFVKNn6{kUaYmQZkSrr1k zxf{Vh>5dr4vH2>Jd?S_-tEk-W&!q2t*GAdEc*s+A^{MuSV(en@G?X9WZsQg@l4R;p z{qMmDay=MFb{;K`ZoBEt69t;>-9|XMyI4Gr-^k{E^|axa(tDySxzFmTM{KHYwoOh3 zSx;KV4OdNKY17K(^gmRyS7*8u`OuDyPP9#VK|gCJpP&mp z$zOZ>Kq*5Qr560=O^tM>PMj%mO zdk}I_&s30`VBrGnFYQJ!q%CwfGtLZ@YE2O>nnOd zDMqt|pf^5Ka_-yj3LBzO4$mhRema+Hwyw7h?e*8L#t3M~Nla7joqo2vYJ0vjf6DD` zabR8{FZgEW4x?s6H%~3Hq1vg(x1MnJmbuu`FO&4BAr?Nf8Es);jE%GNUj3m3YF`g1 z6vly*3&p|~g|9WU2kb=YCSH@=k`v^>yPQs@0R{5}SM?($R~L9*Xa&>_*(@%cV>RG% zv&zkGM=6*FjhZ5N4+-3yo9LQB+Cyfcs@!YG$L;8NDy!bXu>@^yup^oYu47HA0&+6K1acCxE9o#@W8gu!W z%b8i8^{wu>9h4eW4ZAp7fx#0r={3wYIH-8l5a$u_JMSkcJQJLH$Ki|C4{d01d6J_r zY8(p~m`Zb+;LaAk*63^;X=>?sdLF+4w&_@!jwIyb_kmY~iO0I45fk_4&ozV>g7`glVrMcg1MZTNN$4(K9+}*W zs13Jk*{hs-7K8nNtLl}K(v<^cG#;L>-Dg6YVH^fWo0nNwYWTEuby>H_~JPhT* zqiE~eI(NNAY+GQ3)p^%@t=OpWf;4UBN}ffyIL|cqv=Z59N;2NeULK}qc0{Q6e?!-X zjNE>fxYa4qE8N}kf;{;tqdUp}5?T_h?ac1->&pL~qR8*&)y^!``sP67E#G`z*p|$< zEmQEG&9EWRi%lsv&X)1L&Y3(ieW&h1>d1Mmm#Jg-EplsL3?G@Is_#b7{(gGY_!ts2 zh-J@7mpz3|{(Dy!i>@@@tF;{WLS?3Pg`jIfv)RZ+G>YY!%tq-1TeFS5x8(hGOJx;| zY&uMow|P-{sokG{_fXY%rLYF=1EJ0{*IH3R{!6=~!7DTdlw-?;S8@rtGKt$NYR30CW>x^p* zX^e_B$=X>d@mx?*OJRJ9FHz5lKXau;qEeY0R!?a6l3C$_VuEHJd!d&tE7*T6x+2h; z+!M#~Y-IU$W~{Qk0XJAjcS7-mnJbxROS8C?ExGBa_rt>LYm%cv(RT%=a>)bfzSbzwbg7xO%nR3Tws* z>c04Hx8&;bHPKKWcpQC|yUHMF!_rTMh_EpGdP>o%tz(@_dHgR!S$*3I_h3wvlJK!J z5Y*cY5l}zA#`{|Ybp1INe$WK!l^$HIme3Q7eSboc zX`O-XadL1$+qq=!`+@*N?9q6w^1;WyM7M_Gho0I@YR0JwS)Eh6k4oX5D8H!@L*zPo zazUUz-qU!F;BY-wUIRZ6Ui=VGAID$RElka4a$LT{?1B_piIv8{C`fPCm{e^o!N$5q+%-rRlhI2N@n0KwfFHu%u z#aG{upNE4dEPt!d!Mg+grM{`UY{I+fcK7^y9tyZaR+jIHo==AT(ZZSgeRSZP8#cCceZ#GJ@E-oFy#uVNYoq-VbYeBkX4Hw97EDOrp?5pwwbOo1xN zmiu(>IQ*ys$QHXD-^bUxuMYu@=8KN8F}4+RT?fF(p(B`}e9N??Lml`Pg?z{2U`^|e z&32ktQT7(%RI>BQv#t)4_p{3Pvppdp{G5i!abHl_slU_tP8P(pC+wvi*ypuLX58=Y zSGk0u%_Z{-k&u|iR&f8%0+TokoZjEQ#N7V1J^f3@aieO z^WHG-XWyT~`LZ>Pg8Pw+<71hVPg`H+KF!5jRCg%k zPSCGIh6qHgBqj00O~Msz$pL$@vfGQ^JR8W203wA!3}?bxrVGb%nZ4I`FWi@M)%4P% z3bmK3YLFHfayOAb1b9BqjqY9m!!v(JHGurpAUq~t(KqB zd8JSqenHp$BUD3CJ-?d6l7Bc4L`PNFUcct3H-3r0L`5wuG{kb=pJu0H0!o139N-(r ztX^f7Mi4=FgnzwM!^xwt$F@M>Hna;L8l`J4)Fo~=*KE%G_~T0{B#Eys(dGf`r{zFZ z)jan>W1+UzMn=NFR~QAUY369u=D&IQcC~tolG(zaq7v$9nWV=QV=h>kV1BnttQCKp z!Q1EtUNhQSSt47d-`Tv)5@iq>luX4J)EyWbi=Z6vh99F390NnA5i-573RqjThzI=7 z;!yH;j$LuWwwyo`_caGCeLLm^{APj+EF0xEvKWddCHZQ)l6;&dOF-*WR{@@kUjcf25|AQ^!CCpM7jy(LX~^es`MlkW#i|_{krh&;Bs!5U#RitSUS82E z``mA6>*^+|M{Z}9zc+L zU>=5mcQ447DkmsW?D`;>c%jLMd;}?39L`8;UQK*DZ=$c4UXTi;Em3jwsY#h{UiI=+ z2A+vj#$ip^L*V@{LW!G`m7U#AZUW(cu>aR~z^1rdW;*zf0h;45i^(VoXiq5nn|}f{ z+^5*T(aTd32VdzlI1bNv`EFGsMl))nT}fcgW@)9_AmS8?S!oD)y%@%f?PVIj1u4aT zz_s>42;sdhYC%DKRPXQFed~qxBh)`zAt4?x7l7G(VjGUF#mCdtI!=kXqA+#-t3n3f zR=*u0C6yp88_x1NnFqb?7O&TcAysrzHYIunjI-=;UEQ2SJ=h0ob}d7JfFd_XW{QPY z*1VYpv;9MS*@y})hzU!}D*>?H!+E&)vy7^5nCYknd5tEz1xqQa znL_w~BKzvAYV#dJJ|hj0W|FNk9V(aqjGC#p{3Y6~}PG-g! zNh&tk4--AXyP$5nvg=1ESP$;yL9R#pK!TpddYL88K!OO>`%C-g9ud*)JlE9rEn#rE zyrQ+P?b9Q_NBboKGjpj&wWPl9Q2))Ain;cN^0e7Tz6?R9= zY_55N?K9;&2JuDhR5#@P_w5Q1to&6^$L2r+lTNMB9UGUQkaBorrIaCoT=rP zXBKVBc8^ue|!SG5e93w_{!g=q3ICdLmC7h(g@KY{Tb?0b;W`P>BjwYFg zW$VVuEfd*Ur;pMJzjR=O>Tz!V*L^9 z7{L!;79+Tv6n&}|-_n6SB2Z7PDxI7bd(BgD{6AcE2g& zE}`OaWU7g~x`$%lumiiBgOtWlLC=2@RkF+ zaJW|bs|}oyRJFXYm8eqVntO9@m;2)Qs`PO4#NNPd$KFIC=rEjE>H4isk0_@^#=koC z{2!MrwBHc>V+@i+KcpE{S_NvRk6(bsc6f{1$unMeyp4O$H^3nCv7yh?e;ABxvJ2sX zza@PFYRsM(lYB`HbKtGT`<^^Eg8B;Peoe$9vQusk)pE z&0ax3HLyhGsUkn)$(3>%zv#G+H8iA^%mR8OKfdO7rWt6bo^*;4$je}oz(W@cJI|Zh z>Z)HS{)~LII%w)*;BUOYP!^cYe{y2W zMC(c$iG>G#KCqb}S#sE!@H!9#`SUXKv$EUeu*WN*ECC+A@DeDV03*f41fy{Q$^a;8 zcN?XloV1S0sfXz-W&1y*o&u4rC|wS34N;MeKL7#XlbO5=iQx^@*8_Q~-nZu~9v!Wj zY%Y=A$Mgb$pD^!G?R!00*?7%^;1xnc^?=pM-N8PknKE-+*kSxlhp#F=JY1C>e!=F0y0e;0`BAoM-%Y+Q4LH+c+48l6H-%nQ4KX$rB{ z|8ShyyRZ1NLw~YDr&qv*%`LtE%lgVQ4IsTD;gUE?F0BY7zddgIE?ep$kv_rQnEUHg zZaWyse&miImV+-pfh%ftyM`SIsxty3{~q;$0n+OB*@jm%JFD zEMR}wSbF$4`ukR;_2YmiljMI51TX%ZJ(@s3NqQhrS=68F7LziYt7e#g2aOCD5}h2a zm}yfi8UNK^3Ed(NsSbFn#-n&I&O>T;eTnV2-A{Ce%J({=@#FD!#q1c;Aag+TSKlXM z^1ML<(~z&t8@0j-5%%m3+@IP9>x;ofIN;;nD{-O0g&-ZWvB#0yXLZ6IU+DekIh{R- zzP}US0-SISrLz-rL{Bey)t5}^%e*znmYoGB+b1oWnGPBwtzpaqj?? zWdT=<#iwbn8GOOyymE9=RjGPD>xeaUjkKwG|8#hIO%L4cn6W)X7 zN78AWe5aI!iBt4SdIM&C3wh*K8ID=CZx?GLc4opVUFh|I*uYa)v_h>=Xw7P{TKg z6e)LcT(f~dzy~3%!2_pL)y>xh2mZ)|Lqv=ceVwb6wUct%%&ohF$4SUp+ntq<@B(y! zG4pi+A|S(h29v>*Se4epcZm+Y3mLSc(ZI`!>{58W^0ahtQ-daWkdJ%aCso%pMr7t} z5HloA8pe9d4f^!h_zV=G&ExC^0iEs-9sjLO`yFY$_($E)x{Wi`3B_p~V4ai?1ZMM0A z!P+W_fk%LHl95Kd4~)8BW+C3jnk?3J=VD{XCf=+a?(>tM#W_Rw*d#ku6wi-mc6vBxI zK0m!}2rjWgdx!@uf%_CVDhOt!%>Z@rILe(cTXF53R893dG@^`ip5Y zi_+9Wh3!syW-kI&tI~=NH%?iU5@^QV7zCEG#yZZ>zwV7(3@tO%8GE+VSKm2%s*c2? zwnO>tWoAF*jE+9~LDmE&UO9Q&eO25@+If!MMwROq zh|BHYU^|BMwKFD)j zxm`Gf`Vgx`ZsZsV`J~zXOK%lYd?fRc%AnF)!o*gn+kbu2PeOO1-#w8wVWr;Tq8A*%9KpMG#r1# zH`zE8R1A9yQB-|;^8US^DL-S=qu=6{^P?QM?c{jxjCJD9Uf!!47Qo>un=_}muZgK` z!PC!rSo4y$<@vseh`+&+y$*K?u2x-+3$%aRku4O@6VLO72JDe#!&Nge{I&DN0!I|{ z6w80kM3ou!byLF+TW55X_ z3ttB#M-L|xf4iSmVeGWFhO4bFjN53vb;q*bFLcCK_m2-}9d0))|LSgkQ4Ay7pGYdImXbW@y5kd= z=g4g+;-1(1Y7zXSmxD=Acb=L=GB3{B-s49s;M~{wY#;QaHGdfO|2-H%Fh7%SdW57J zauctRW-<{;^Gi3Cud{IV&^!b)>79y_1_t^?SzB$knyn9rk%X4#$earAoczBlqF5lp zunK=RI+3Qa>gsl#%I8XTvDXB%QRRG{qrP9sTMwD^12F7ga&mDE-51TRjU2emfUvcW z!AZXRxQa1b0yxS^Km01(=&OCQ{0$(s#9@jq+l752x`Uq)OL`IvCHk*;@r;1XS`ifi98 zq1WV27Pw!v>^^pH9Aq*KcR_O!V(Gyj6LZEA3b~)6i|v3uv+vVO?e$IvfGPb1Xu$y5 z_t${z_dpl|c-3yMN%GJTIDx6F^V$0oj*aE4+H>B|+Y3c30f$2+8Y&Sv8FiAvfRlZf z%R}=Ci@CfpRvFK7 zTl@!*&z14THU=JS{A}?U*X#C<7@-4CWLZcmo5>%XNwG)iS>p5Zjc@C8^oeSJlXyP; zX+~(&hY;>oa|w;vz=EF}k{s7nU2*D_u6Z3HDP~p;#a%wQ*&4aC)n2;qp#gU$_C@4C z1*&2PX4rZ<>*(Jo)-gXntI;#2zRYWF7h{*X=)U;Ldeh7ENXnq6*pa)q4BPP91{3av z(QH8`D#D#$#d~OY)b$Er@d6iE4dN$0R8iIV0z?z=7zyWZHoM%8##3N0=)LcTPI}&^ zY9;Si*beb-S?43bjW$7*E)i*mh^6jiuV!)uva++8O&29(BrnYs^7tY|P!RxmUvlj{ zSEO!{L)i1Hjh>r1o!3#X+x~@x!6%*Htoo(<G=O-w|OzQbcGm645W6Qc)mZ;7H5 z_N{oY9D2|mEW55c$+eLGaOEtLk7|9ZuggfC-woj0PoUEb0TcA#D0S(g^`xefFyn&J zlBB7Nk7(u|SWjnNqW(t9(X{#^sMTr4amRW+spkXcoWwZBuqrEEh@5&xP1Z%Yk?`%} z^2<*Ix{6-h(@kZhnv4XAOL+^E>ULGIX-R~i_I;td64)m>~)YqJyg zO|xooeE8wNf<>u(WAECr%_2BP^M-$7_}Ol^qJI9!*;pfp{Zo!`Z7@Hv(fHtB#K*6K ze3q;0O-k+4fsPKXrASIYi|AUDMP(x3Y5q5^8urAqpacC{F7c<-`?f1S&g&v70LrL+ zQh*Il9EG5-IRLhmfo0g$(}f!Qn#N3&;R{q{sgU(gE?wOG?T0Ll?&bUlEDnEZ^TCm< zK|pi^yvHQTvmr_qEN2}qeZyHWHfs19+k|yI#DvCcIe+}Ao?w>8S7hcPE}|n_H^hbi zFG@x!tqO|2)WyS<Zz~fukMXKDv{F`VRre z07isF2T636i^zmR>n6ihOX=nqMk znf%_VXWfWK8xrKYKDS|kP-y&roYI? z8#Q>OLNQ6lL=cMUQKQx*A-L^R)c3j1{JSb=R%x=P(uz}btzna8b82f6m7or0M5>IM z)V>9_^^tCi52v5Innw>?pjp3*0^r)P^AigUiNUY#_fx_($zMP}&%K)8>wU2R+zt#C zf4ecXp@r@Ih!lGFvNE^k#Vh%b)?e&F5*nDJ%{@!$1}tG1SR^udN&<+slRRj7f+j|!eQAiBwL2YtGA#BL{+i5lYp{=9|2tXYxIhXsh$NDYVbnW z(UO;p%cz>3o`H5)>CpFkj{a)2Bg{sLiAo#%!`cYqiVs;-6R5G+CbJTY%?E|);~>@jCL$}c8w#pIhIFz=}!7^S)1tG|kz*ulBU^0e;0~)Pq`a8k=d8QsR+PU`~QPC6J37Ti;@@PTKOa zWx^(3gJ^-s1@}H;OB|$J+hN>!KVpt)a zKIJ=b&^M9-iNgH(5wSe>9#XGrmp>Of$ku zxfJZPi>qLVr)ZAv|0W*Fd1qJ*6mQ=H>dSHS7(eAF+k=t;?Ef4&A7y?m{=;MB=VxNa z-fN=0qwBF1%Cr%^yzMHBs7vrsIS6}spoG53sL|(~${tc;<41aZ9h+wk(yUg)K*z{c zP=FCnbIpu>xmxb~PR>@WCjud0r|=@Uyn}VO5nz`iJcva#O?$d+kCg2w)ytA&&rFW= zXk)O((YN(}suQ`?J9=U|wQpNP&Anm*3+-=Q+nM+LPG8@69DCX5`ILyzNcHVsXqnHQ znRJ366V}`w8IdTVhpv4$Lh~|Ys^=WM%iUW#dW4jt$|~fD@Aq_dwSq~09ddzQziD2$ zqElBlz$%Os>4HP)8@CdNj^?Z|Tu|VMN~J+5W22}nHXQUy=KwAbM@h8;b3Vo zNYncK{ga=!rP%m@pgxz;a5=$eIV86H9Uz`2I_Ah}5I-=bi1!t)jp$hp~;QPXxSB4Pbf%Gk07Y?-86Q`2ttP&FfVfcSRnxS9YJscn904~>>fCHIA5v~ z;C&5%4xSUGW|MVpk6L$n9YrF#b{|j-zV)9ilNEhh#$&pJ^F40#yxaFUM=4X)E8Ow( zOHq*rpG+!9+Yvb`)6e1e!8Q?y(TBi~AJRSoD6`jCa*YR(Ezx{Ca|UUHdjZr2fS2P8 z%^dJTz1cZ&!^v299|D*5=N`qG-oO8K>BePTZ|C26UG^v0mwH`;#A<6pe=?4kia7bX zYKuEzfm&v-&RF94YD;GR>EK zg>;n{;Rhlox_BPkPZ%XmfF*+j1*Gc2(h(HB{LmQhl9KKKX&Zps*7f_d4NwL9{CuTs zwAcX>pTH4r#|tbpG-cx~%4W#^l#JHFyq9{)j!n73yr|#tKeZkH`urV=B29P7e=mH(Tm>5m!KCT>6{8qNIQS zO3*!RyxTrh6)^6`@HHS~3?iiUWeL+zk&}&u@6;$|&UmCCr?7xR6|?`S`tF@k?eIw0 zm)1tn0JHPWq;MZRMnjL8LN;w*TMT& zS9g>orpGi$i9Z3IS~jO-a3$APo>OWAflVrc)gB`)1TQQHRxr85H}0Hv&z2-YZ*Ebm zq7ClqP)`M;sxNJrg$qq>a&udTKdigf1NXz$eaX-EE&FHXwQT?~ zhJbrP-_0K&zxuy>>j>vf1OD)1wT5l&Vi#n|k-|9ZJ3#YvCvpI3olQ=V`RV=fMw~jd zCq4Uurx0~}+kiw-(Q$Co)%CNP6COt~^80CcA~DM_^eh$zgawTP*9(K4(*_9&Kslh! zS;QvLk9H?(=9@Qsj3L~)Hl=-cN+LrajHo&84YM5!4L^YxR0zPLZ*2 za)#%N*zM%|DyXp7^rEZY33$%rP+EY*_VKmzg+hPPceJ*B z79F&U{f7PN6dsULeQoYa(oq{wn1;Ln2M4Dh2ixbok`kr^k~gXvMK_ZeFJ*)Z(zHpF za1R9#_UOx;8;qyT_QrRqQ9D5z5TicpV(`;oyTWYjz)b$}{A|Jw zjj{bxEz+jA4+2qAdQa;ez_DdwkV&YdjmOtS+x0KkQ72+3q$`YokL6?*1VR!YkXl6p zvwcv19vETiIaTqAvFv|3xir6~pDtCe)$4M5*$yJW-|bbQP%uMm{bG`3-o`N}*%ls& z#Y5vl8+i4&oh9Pu__T;*HML2Y21Ps2efy4_E%P?a<3p))A(Jq28+8%a)38X-1fY(6 zpD)W$={$Z9D}zIs!aB6)LB=N94HNOk;c`v>88HXG+3vbnqR7hz;>Gkf4H-EHd^7Yc zNOh$#B|JhJLVU}oPMeexEg80&E~?(wh7dC1*Z28F96xx?tFCGz4l6}M5-P*lFtU=u z4KBBLxY>0^^zE~)Wxu&RQlXf-nQqjL?tq_mvetJ?iT^drJ#0xfgKutYfqm4&Ov(=C zA4A7x59fgg?+d<$dOykJT?1#B6Dfnlmd+UK5NjrWKsfhn814l9HCmdZ(Uh_MD7nX* z{+G$<2{zY$fmJM}CK;p!;}@J#Y+S5( zr(3MZfD=pP6JwlXGZtD*;>rj0keJAixsi#49LFD~H30qP?Fjh(^B_J+wDk$~1&k3= zC5mpxL|fSTxw(6v9beY8ceaG9V1Uidx?$`#e;k?cLN($Lo1}~Yuxuq8BrHKCgPVL|ATH@>#EQ#UDdadAZau_EfxAl8)j?8v5lZi>p7cN;>EuN+kqdC zxUPOc7d)A+Ynie`%LuOoYvixMKJm~}=tY47fJn4Jal5plBT%u}k%9|Z-<2Br%_m%5 zVz}I(JDLtS)A)-7JzOo+~#f9%rnO)7kHjKs4EV*mO+J35tI?Cp-QTNItTyL#_KXFiV5 zK(A6(nApA;H`hF4(toh*wtnMvvwD;k0bb7mb4*;eQvxaxX0Q;+`*{Go& zL|P2PIfn}5nAN69n3;UOE*LuOI{=5%0po4S1VUGu#KXN{a4H4-Hl{)S<+`xuE)N?q zy2jmp?nf@FrYY~+hi$k z6eR6?fUQXK`EM|9Bw?a}gxSG~jmPD(z_Q1!1Fshn0S|YmySHJAeLl@mB5=%6J_p0 ze?M5LK{(vN`aXIY*Pdk1euK3WVD$IJIF*vD#3D6aLJY~e#K{)VeFrw z(~JhZ03~2#v__=uKn3HCoV^oWlRRq;n7H=Jis>FTUWqJBAQJSrJ9q$E*(2yu;kC9Z zNZ-lx)r?IhYfn3GdV2joe#m1CPFgTa3*HYR6$CSVL+RO&uXGzgCZEpTH;_DxekM}_ zZu`l880)E_z@57cNm`+?#?a1~$Mq6Syd?jtwJOq$MiF8r`8I9JYWfV|0JII1n+HI{ z8G(dqBAKAPv?%q?a%}Jxv<${(ysqydQj^(wcwP7PgA)-N?{~r|UY872x^u*fQ$^sN z^>iQeTN_w?(`CP9viep7_vHShwNWw*3*n%#@f@R0j74 zh@$@Z$nEqzrs@VtydgX>>~26Euo!bV z6}Q`6N1ODe9Gjwu7=pU_1Q$jBa{cvbng_puyT(Gjvg1ONJt&+FURzz0EP6hygeTX) zIt$N}f*4YSNC~N8EWOzAt;nDFz5dJf$a{~Qzto7J-+fgzMj3=s!qhVK8mqi@$AX_Q zBP<`zoE6!rZi-xahUgP<9d`CJ7VO5}I4!v2+Ht^Qci z!x5lb96%s=G{LUlB%(J*j>!8RRgg9=`M3%iw(_Po?k6bMW9Pz5k zHPQ%*nY`~DM@6|3^N}0A8ZF<#cq+JZqrvKr?N4QN2L7UBmhqn|fkmU8*zs5Og)Wl; z9;XoIC+pPID)0%Ndpa%C?e>^|Xe*yQg%npEbEJ-JPT@mWkeTN z&=tx^`(&}2>NMey9WlstkK8a!^!I-A!U=VY*uRZF=&j7T_!(B@Xt?e&NqU}fW8|2J zOHvHW26Wm$^-Q-ENk_G=`Nc9#5icyb_-#q6qInU5-E=fglm&=cvW%V9wg~dyLeD@`*b$p*8su(tt2;{ zKfbpWz9YV`ahYm+bprQ;^A+>bpV1`o4r3q--Hre53{f2%WDmstsIHSJ;kl`hB4o8Z zwQ#7ynIPg#E8zEipYqoJNrj8?ftH*UF3IgB#=1fDNG9~`3 zKEwqz6Q9lWuHmU|J_dBVO`Gl!8r!olu|{6gL9&$bwy~MYp>1K;7o>=m*GKwEfMMFX z9!K;G_22B1f0Th)fb}du{}l;c17PLeawJUSye>avKO){rD_n~J5ACLb=hEQb>; zF)BoelD_&4&|jxj)nF=8m6|71KPr96SRqbVg+xT*bm!QW7*2?Xj~_?23RSR2>{{;! zG`JtVDrItJmFii+f7?fIZ(7Oz;AgDaxDN?r(87@@(xFWt6-inL)ttcWLh2}ryRdkJ zDTg%lwSRpths_hdx`e>GHK=$0_*Z;9+je}a4?N!uf~ZwfB@ivvAN=#ThAX;K^8Jfu zoaodzVnbKti!6^#6(OCG^>B|bXqv*HNxDLPo#+rXe|9?yyw`ih20To+DSEfw|02K} zol3e%rQ1IqN>U`Agr##(>C*pC3Z1_I4v^^8fjg>s$05z}y%HIE9$)a$KIF0Rl}R0Q zbo{RfQwpoR_C6O)cNrN%4VLSh@bH+|mj-y3>&k|}m@s!*fvqX8KMD!{katKaO4D%@ zZo?6D-j1R=fXmtTR6bZz9*#QX1k{FzD*dF#-;*h0oXLDwezVHxIn;NwM_)c@CuMDo zcSaGP(9cX3QUg^A;eNp4MO<3LP8PuvJ5L|J=gg|OBsK3=a9q!r1r`^C>Y#HIYS06ZK`%hcAHKOb4 zmBWuQIoW$t$%L3Nz|mbYkS-hYP@0X!)xd)aBvt?J}IdTsHrHtanr?T>=v{zfya$6 zCJ=`FeOJBUE^%s_EORuR?rlJJC90VlGRG1pbeB&0^@JZHq6C*03X7_*yJc7eH%Al{ zk)Uul?pQ~kv9FFV;1{C-L5m~199nLr`OX~vOmZRalJ9qoCuN}cLs)%JtuOaxHYVCr!TW;r|Vcp zz5MKPoA$+Kf-Lp?HlN(g@0SP~hU2Q=CnzAcYSs6}@DIQdU`-Cq#2z3e z`~rUj&EH$Q+Ch+JUt0-!QyxT;YoTV%qW{u+50u*%JJ$IrFE;Yl+uw>&{$({x-WnzV zu8RW)1zYyF*$i|7Tfg4Dj{~RZYcM#jhVDD_YG@%Z8{*gx&x$A_DNeC0vC??({2Q0z zmdiBT_wZRG@6sB6b_ZN#EeE_4T{0leZ{$_@LzgKvYHF|2AH6j+1+Tj$=C6kM)Lw4$ zk4l=CQQGqdH9ytjXM;h`Z99bA4;)vnX03Zf*FtaNhvWun+xu;HV!RG4#Bc?Bcwe&D zWS@34Z1_de^J)s7v--4kdSnMI-#R`FD-arvEc;+yjSs#etj-lERqPjYb2wz}`&bWp z7<+p=v+y0!JHprm0%rRkU-!X17EFEFmbrOT-=0{1S;;bu8f0N}`M5~NUp>!6-k2V0 zf5y^LR%7L<_jf-GC4~}$pQ*!K!)RnZXk3XqWq&`zTHAoB4nNy}598q1-8 zM@5ZK1Cz*(NfyCWZish0U^HHhrAH=a7dV^84Uhjod6Le=hMa9wevKoCit%U3JiWn6+Pxx<< zudThzJU<9|#<(%?QcNyWC)p0vtR$$V#~*C7)w&sJ0>`!t)7dGx2_1d%Z&grCQ+yDo z4b~05DySJ>THCtqY^{T5JEj{Q`dhnh0AckiC3w)nM0Ds&UY1rwlESJqBtfiD#B|TG zmE#G;`kV7`E+e=rzf}RUIfuN2VN{}D9!pP984_VLq-phronLL*cjcP<1<>OvFVS~* zZ23Us)5&9{DpkB2Hg_k`fBm^ebzn-~Xy;^s71v47O9?%^Ow)qJ6Bm%DsE8h4+Q;4Z`vI2RV_%gMQ z>LLy|nvcq6(Uez71P+Zt2F@&&^@NM9XCs=)fRZQu+Xf(qkWjE_^7OKB zHYRzD&_i0;UjTYxKF<{cl>oDWU%jh!+Xa{l+~x(YRyB<$7|z0>2Y22;CRWD^kVZ5( z$Z=vuTKW$)#_dQ>@q9o-LHZNOd-#!9-}9a|GoA)?^v8V$3j+4@tvm9rJZVJ2oq1#j z|BG&Iz!h+Le<*$f6eAPx?>2DR^fa%^85p*KS?F&-exN9*7L7ylP;fO6!jbP+9}xhN z6-cPG*N=qs1tfRawTU5(G&wunE}bt1z8?|+S)v32wcg`&-&2=c@&7pI;IyWp*CXOS zBNYWdAGh9IO%IdjXA%^@&IEJCFwat#Mjxq2KTga2CG!@Z6`=7QVSYz&Ht0{wjEXqZ z5Lr@^As~XF^a^POcPIa3ED*bBp@gGK=30|l{1fhN=={6B=u3t` zr9Eg7HY?R{4M|)g7B27|61lrf;oYlkppCE-BjR@>s*SsAZF}H$hJ# z6P9libMF9;jfwBKOFqv?E{P7N9F31$a66WUO6F4-#e*jOfwP0%z953gwa=Df&=Y{) zP@v9{apM_pgsRKN61Cp@TwL;B%$D|g6tB148S%W%Tsm^B^ff&%$Z%s=WK4qZ_q+4R z=Mzg1b>xU-nABBmTCDX0`D8))FZR#cb5nW2z$*aWM*?N+THz5$7E48xvO;DTmGt?R zFG8?Qw$2gs0lC7?>5Gav+7|nL*cQe=9PruCQtlpH%q9Ohbs>!nYrO%<9InhrR=CRiHU>b^ob8GRZ< zA*r#mVi4B1E2X5WM0!ELe{dqLryWz{DRgW(%v0a5LO`m|N|m5jJT2GyZJsctR0ekX z@?+5Ra#c8rHyompgG7IoMoGtI6wl_X25^xBl^VT_#rY&)h(7Ea6e4MriS66E)T?>le$yh&5${Y5LLmBWjh{X4_Rw%XfJILL3aX^iz-7gp{ zH4H0P`lu8MA23xM<76lkoxJ=PYBvmf#8h+4QKYYK%AlcAUVO!c&eRc&Bb_m7tDqoO zB@kg97owoh^auM@6n0F9q$(G)#zm1xC*#wEIO{V*+-jH=o$Cq(umzC2%(hdcn!W zdrV-wRl*|Q?b*=R7V&kDcUaJTfQPSWq04TZmNLbgnlev>FY6DtDuIg>5k-Z!cRkJy z;!3g_X#H`1O>fEe>M0 z(u6I8{Ztuq!Z_!8B-dO%!0?e__f+U{(y%cymRgOVrVNR7urj!C zlyM3lh&#JBRPtc<6Ofu~NGvQtb za`*n6#g@%qI$u8e9ZwWj(6$$uGDIG#j2r6qbi6h2TfN;hrz^?hRXi(PY?3m}2Xj{O3n^>2&e~Jy>TAq8`0NLyq49k){c}f9BR4c5D~g}Fb$;545P?T>TZOeZ>ENA z?cl`+S%}+vJ=<*%7wjn$lCw@|$?Gx`O1EAC%cA%{<>@L?=KO)kpjE@bL$exEJ!TpU zr`G+wHB3mPM4i9UUNTf_vCFA!jk|&0pTOxx?P7Or+R9mRvyz382uJGMM(e*EC6uA# z@=08X2z428VR@h$k@o6elnT(SgBU<3ajH0w{DnWwRU>)eOJ7OrWv&Sd=6SOvpX>2D z+0F!=5TRNb$`jN#54Q>p*YkOzOBB%fTq)}-_;E=e??c_IJT#|{8$QM9u=V<0UC%$4 zxHo9I8m#j{n>+(PYHX+k-c*|kwABWDT($idJ`9y0;P+V4Hw7hn83*L^V)uFA=I$O|oFFyi(piFGL!bsr7@?N_ z&LA|K^yMRG{JbSQw74ym{OY3`@j7Ti$rqB#12cF_O-y0F6EY&#hfJ!pxxln~&|EwX zeZUnQ;)*9(eBD1ijzm}9^!mW@SpU<=(FxIlvp!|OrYG-4;pCDRAH15a#32Qxsy>;3 z4s;0;ZFpJV7mg3Ua2cjZIWuJtUfi=`N_kfcr}vUhzei)N31*`R0NS_&1sgpDZ6|_5 zp}lKa@6p4)IytflKtBlnSRX;C57Bcp6tcaJXIi|7cT%NQ3e1qQ+GehO1bh8K>mPDx z9_*2rifvEo53xcEn~qywf3eM2H)|Gmc|22$Y1El+*&R9@<%daG3X}ay zGIrEtli734_G8Xk{d6Ijb`~=%MR(86K)>AhPlov0X zWD1MNw?Q0ta02DZ%Iz5X<`|f!^JcK6sR6@jFe-o65wyu8m4dG2_Z{$Utt;`~BZ`;* z`)3j(A#7^jF}pW}$NB2u$=wAdfha#e+sRTW3v=#z#~)w@b88OtwUh*vVKEwTIRnD> zr6doyq!5$QWR=E4*r1`fQtzovehrZCaruXp@<9xSVJ*Qxll6-*8g%Vx%^@KXQq%n= zst#$3*<&gA%jk`|5k^WykS^m^PCY=*-oigfuc&7l2&53aJx=9rdft`gj6`W(u_`gM-IQ{Xm}%KA+Q= zu&$ZKC6(YY`=ihxxP`cQ3E(av5XgoyS*9ufnYLI(q8NuvY2Zx2Y!mR1y$ie~^(QJ* zaBn40zVd0eSK#`)RDo3lzD5QTYY9C}YlsxzPkLW(X-88j`u~pgL6xwpL8gp(9NfCL zT$qA_e7ACet6qJsQAmdtAS!r45oVySEYIWjf8Hz1WCZ)HB0v)vd;z`8=UQiJL5}pK zNnv!1^~t{Qy-WMS{kXuVPxRC2K1Set6Q*mf@Ap2qp&M*@v)?{6WeIXTCsM9GEWDly z746YZOSf>+cFhe3;OP?YwSC^Q^Bk?oD??C~zEM;GXl9IK?9JHVkkl(M%m$YiFiQPt z@W-?ZUGAUFWF-Hp8f~VgBZ%Q^6Mmml%?{qm#{~( zRKOxf1o18Oeq8eo)#M`5>}Tq<3g$lxLpc0KH?3jh_(^U61tuH&t4m;>vGE(UWUeY! z#C+NoX+MKM(*Fbh4q}=(7~w!mid5WY#)AXeB>CXZl%`z=fkLBnh}0_WSz|Y-IKwA5 zMhp(;K8DZbs{&9s=mv&__Ep;L7EZ$$bZw&e4nz-$jCxPX9i+ zqYVt!$IcEfJo)9e3#8fvdX42*s4)s!-|Sv+X_VF6`MFvgd}L7O#@|2aS^V!u;9{u9 zR>E$=YG?^8#p*K~Oi%dQ!IMW;3apAJ@w$|ME&tfKrx-#DHjDRHk?lO`(@xN8vnk9|3#J;dK$0L5P^#1L*bB&7C=iDLbs$Hf0qS(|i z1pfubg8$$KA5oK}Z8rWW6Sbekh7+sQW%rg0BVOng_ig&i@ll!-f+VIM_Zyvt6d;Oc z$ZZtDaq#`qAgc>8LTeOB!<@zFz3xZ;WBC&8A0~$o{Fm5PkG7ig{})-VUzDyC&GFrjI=?p!T}K z!tgD2(gnu#!TfpgyWqQ!n-oED@sdN777dz4b{wE)vct?-Lq6Ok)iNLO&34zu z88-cM07f;#LbeaqcsII+3CLMtmNQKK-0j~h+F|AB@;WD8jYMrN9Shl>1Cy+o46))r zO6BPX5`TrtT>iVWsR* z2>WuBoXqP?_+J~Fu^-OquBQDQ-r8J`L@|OjiU?ZOs@Wig&<`WCuEO6ox{_~ADQQvr zg`%lH!A#CubbRxrTLRu6?>(y#j~>8`$ow~a*rJ;7&Q$rtYE9^hROf-0d;bxeqE2g3 zK#UiS|ND8Sq5${!c+`Bj4s57M8rd4P#9 z;E()2o);0cn^UeRzX5^gjds>1(*`KaCvUF7>ebzeM`Xj@ad(OtgAb>(^G5D;RL%80 zUnlF$@ztKD0~jOLXj3)aRJ1=;~`@C9zj z$=Ptn2hj)1qyk;f&K!hQaV}mHZU4Q<&n|Bv9+z8% zsU@fy2TxB?V~1djAEJo{(koOt zUBo>1`bi5y428@{KpZDNA5cL`TwSEXw8c6<-ht508!aDi(KWc)7*v>~EHs`6-%ldw zW&t0p+G)_s4zslTJn=B7MMxhZ&ZCp@jQIL>I$BeJ&n`;44r9gN3w3+F?iC&uG9jYyY6=ua3j;Tig7vf$XKGz(JDh-Q$-7v*Lxv>SNh zrhyngoZ;2XXW*dRiXL1}f{_l!Ayu5Swu_2smj zV^};)tHCqs9CPFPQ(#eeM&yOguP&lAW~h#pQ`3Rkl&1L#eVf+%4mWH-U>GkjE+U*Q zk&phvzN?GKTLsJ}`+FL*zt;a?oee+_g2+UY5RI$uT7#fn4(xZgF|M(>jH zK;Wt0f?~#uD-eRJD5%?|Q1^W5{iIDpCrb!{St)|{_GV|%Z)_6V7acthE@xy+nNa#1 z(d5DTi-6bU^CDinK)oBm&XM@mtAV+>o@Bln5%RO;GB-Q^=79T>PSf0iV~XsLv%$Jf zI{#GG9GmT8HS(W46Y+5?lh|gBG!Tc321Cgn7_h4p%AbgRSm^t#w{E`U9}9-6_|D2}d{e zY|iU^-z%G&3BmHy?n~#w=cKD2n}fYXM2>9yE})$O*LNeW0<}zmNG|+iSxmZL(;uFa z^Uz3hiX&8%z-Xo~V90rek|b7KZ5Sejx&u>C$*o=r;6pA%Cd0mQC7`@P*$;NrT5 zq;!QOX|;2au<$k#r^I3$VxDSpflNMwH<1SU$|k8Qk=iD=W%V5|>7KBRunAGSuO-{Z z;nf_fqzKV4J^{m<+Ld1t)?^Ji=E_0+HEX_9Tk~n4aqhPpt+sLw8)KrslSBr+ZAsAW zm<+lq^yPxG(q?iw*B-3?mMhfa^s%QAQR*JHRh=px>y&X7MHlC zSM{6ub^5)LR+AhSF_G_ddAr)U#Oxz$bO7O>x`E#xt3bj?psRyv-jd;24W_VFSemfe zBOfP^4mc>kcdkqhrmM4ET)Xltub%GzvH&pb;<3Sf3QDaXGV9r^Wb=Khr92j8uR2^m zer*g-MBw!d^JaNpt|{9~MtYvnJE=_!yg!~lkXuA{z8;Z?WPtorbfI}&#yWs&HaTf! z75qkM9uK!2NdGY6`tAm&5?m?9=bH^@jLn zgni)cq4Lv{C1W9lu<1H)tuw2txIA_XZ13 zyge*5#(H=R2oLSY3wMq%lq;Xa#uQvl^2WjW?e-Y6XCU-|q;{_b^m_pRN zrmXSoj`S#(>3@a1M)Mcuh^r+3yN3Ee~auxV?oSt^Yr&KDdmh)xjDx_^I2QQjYbqr)( zI?7{+rxJPrQ#MS!fCC`W+)q6Xh)Ng3dtL1DmY@cv*o`ta-^Z3jI< z1UjWed2k_T0no@+R{4n7#Xb2lbXy$R5>g63ug77~U+uG&VE!h!((n_i={}NDm#md0LR9~?$ z_c{cd)G3k~E;c(*4?N7Hvp-?SLnQVx`stdG1KZV$(@ooTp}0HYiV2&MR(bDnh1) zF%ro49$%0JBt9yiYm_))l`_P?1g+~UKH)w^L^_->94vqnzU@N2{Q%UWN7t-}t*rqX ztBJmeW^?B{#CLGNYx{1%5+qsx_0KyVi;=(k6#AN2Sh$aO3kPdp_P-^?$K;>gSc?V` z#S@Jta;Uw(1$|%o4K!WwVeq&^iG_n;_m~x%$Tyoxo|*#zo1b4nM75sXP3E>>Y_Jjt zWG*{xRX5#SQF438#EM9#ds_koRn@Acbpo4ju#+g+nQd2rDWsshWl4FH< z_Y!F3j@22s8deCPM$G_@VI?^ZF8x5~?XMhiq1RXSI0OwX8Vw7F>XB?m)dJ6Mv9gLf zso)(Qb){9yX6>vzB0-kT zD6;>2T&<~wzvOsJBSargYO6fjx7N!VWBzOE_fxv%EVp9nj{iZl=2bL|8WRtjGX)?c4;lSzX8?2ord;Hqg(D-^bZ#vu*|C6vw zX?np2Y@{@qJziWjdu_L1xfnn9%Uq{3B2py1GTvtYD#CUIjY_NcX{cxc-`DYyZO~wG z!fKwnKm;8|dw`|q5o@3^V+T-Yy)^0AYA+xoLS51JxZ? zK$`wC>qL}Pc3)fiun<$8+P&L9J|eQrx?Z@*wrKe)p#i~ax&?0T=l$Ut=VY|Y+G_yJ zTE4b{*PpLfESaS<2NdYtRmWKNSSJu8Y4#etFBv*-SDH9>5l~hWD?lu_$cQGPd6Brt zx9J*7kFUGGweJxJpGREcT<^OeJRBgyFNqykz8>9;N@Xrx$D+{qj&&a_vsP1w`i5dC zALtrlE|`8agz}*XNPro25Qi3VZQWT?iq$0xjZw zhJ!0fki-DGp|~eQTkO{8KELi#^Xxa^O0bp}Vr%Q~*xI~Pr0s~jYZ1X$3ScLcwtBNB zRz=MH5#HZS7aiT-QXRIATSsOYr7FezX#qpH=$&HpSTHIEkAUU_Gdsv0(dP{_$Y(yQ z`^wvPtUMd9=K;BB!J${!A}G;L3%n8kdgoePgDLx(sqvvG2Hw3oMEd;8P|9>mG-shWnaBue&JS!ZUx6 z2uJtS$W8IB8kgrSZaafY^G!B#)Jn~P`+elQ4FtJb(+q74>VTz(G^ zD^r4I1oAGMF$30=Wdx}V_U$SzO1O^egGz#!BxEr$n`J zE@A7Uz|jLR%+=mRsFM1RTUq@OFMV!yE+e}>1b8c~pL?XO;)*o8$~}Y@>%lqkTqO37 zZ8U*-ejvW<^ksKgx(<7(s!5ZwlS~FZVlJGuoTAtmwIbusk4A0mKUTqTF7720W~XNw z27l%o{Y|ORXU>*7lq(-SBes&M>qd*Ul|l=$BcnHti3_nC`hI3ATUZElqF3Z703ag3 zATDrqb>Q;88zZ(|1~EQ{%oaLC>U2kiN#6lOE~9^*59SK6q=bvwJQEMcltbuOAlpIm zbJt9NhEIvGb?5~lyY4n@+fJ#`RsG7(V0MIafB$58v^{`sUIHsqain83puK}S%ofcJ z2*h80eY1L9@7;U(?nsxr_>`@2UBRwkQ8FzU5sDAS1(zfM?=LgKPuAUB!OWpyaBy_w zJeihO61;PN-9gTWa9wYd`)o+d(USNH@Ca+6jJALDUS1{0W9}LrYS&fl@FaE%@B8(3ipfzPlQ7onlh1a+Jrm=)&F+_D)GWiv5dPeDP%oN@BB6Hn;p z#8Y8&JCY5X?O3pAb`=~$+gk;D+^YfJC1m}F67}7XI9NpmZNZ|DM0pHC9P~^w!f5_; z7to&B5m5bqug?M1gN=Y}=~^=}R6LBdNX&_eowvFDCg3nE~fLx@XuvMBFh30SdGd>D*)Vh=< zFU(r4Y5>Eoz&sK;QO3D1qkhlh)9R|#QwGuJ>*0TfnumBiPQ&i9f8Nv1@EjvQL0Ux$ z+Ji3^n1tyqkZ&AmZ~`7@&KJx7Yi|6@p96HIR?W4eC$lH%9jeJEZ=582Z1)?^0G4Ow2o;|W#;PXE*|VyFm)Y?~W$Qcz#ZEO8BX&6%1xDhnItYwUOi+Mgp4=i{Dbz1g zd7QYGJ9y)NdWf}mWoma&4H`;g^HkRQT1w$`1nGPNmWY%rYZYZOvM*p_Y{&N;WrGSf z0rhq_s7QYxn5H^{AY4AdXqg-hMqQdt9I#WX~Nmkd;+x}k3xs#nvckYQjjZJ5{>XQ;H*!ek@)wb8nF z@e4Y=g7>j+;>C6ZM(IYd+kppxW?CLhJvBNjZHwiDyH)LWPjvr+#HUmwh=q?t#G3o0 zpD)2;=eFUihSFHf)pQX*Kl;Sw(os~^x+`@4C}BI{VQ`Grn!WSou@pU2$cQZ!{`W^2 zj0LUs+StxqU@2}SrlYg9-?m?g7lm&*L>>&?y7KIbd2&iNg`aJ+b9=j}abMh`>WH6UN9H$_iS2Ofi>T19hza9a@@TS%-E(ZyLuizh=|A`XB^vbCW4Fe|bR#I924FH4Q{~3O} zUi7CFiW39tCdCKBk`GP2JShH=Dl*eEG0=PiJI(r$ZBkVYn6ot*4T07qC{vPiK%Fd&ZcwiOm3h;yFJNV0Fx2b0rQ<_;@9+4QClb>^xu9R{J&87Gp4R@~ zvY1Z=#Vq?*EJP~KP??&%K8`G2v_JqVFnVyRllrzI>dN7{s&FbcRwPYBqk=|64tWI@ zd%;}-VI1VZ+d08FfF^y9Nt~EYIg>w?h!&w-JX5(Q{hrJo{~rRPEfROEuj8H9Z>kGX zCPwk#ayO_2!vj>2%LcLvqEOm&rvCH@V9mGpqs)#IdBlgtfQ{vCA*}Thso8$1-|a}F zkvcC892}F4Mh3gMMj?b8{X7~%(4h1DBgNpGwo_X$G!g1oL;>Y6=k1T0xLoMUn3a2GLeL2IiJdi6U6(ZE+j!Ft^$Yd)g$knO!)$P!%j4s)Iy^D_{36>T zSmMi6j;-@bve5^FgOLdpmNSY94RYpf6MO2`De2(g2-4upWpPU)!?p^+N`SL*D9G&_nkr8Lp96AM_SM0|@{ zKmD+Tn;umzgbT?7$}LNeGPWVflg57xAw0w7smN9r)zmssyk#9qvI<{y;3cNG%551* zd(t6RKKnw&s+Vooa9+IyEn5zY_I={Pxn3@(4c z-;6pGU%#%Y`x(7;3VHoCW<;B2Zw&QbT@}d`Ac~3!o&G_tx-dn66YVQhtFmHWov-6Z zYk1ZDg+mIz{pZkWwPn=_7*q&ou|p2)g6^A0k`)*JE#^*$1SvJ>TbGhF#hjVG#GTS8d6e~ zYd3~#i>W<4i)QWU>FL)N;_4|@+Qwneox7g>I%8X_a7lfQnzs*UE#@JF)#Y|mn+mA{ zFvy@}-z4z#0u?<#cUVVxsBHAtT~A}AZ>;fVtVSyozL=Q7auV@d7)5NK9iIHJ zoi(wykyGC%Gw$(eU0;_uIfB#4L`PCBIa328cyOOlXHB2;+Cq4wgDQ9M=xW$gG{+6G z!~hSf&*ytQv?>yLb}wJx{y})-UE=|i#PUce;XKD`y`8$K3K$GB zWO9M#?jG@I+u_9mHQB^!eqhgx#p*C`O{6j5^G0?$EktG;<~v7DSqjj%#!*y6eQo{Q zDL0?Xk{F{zUNHCTd^G=hHykXKF-S=Gt1ziFG$8Cx<-t?3%}cr_eoLz#9y2 zaj}H9eAxSWOM801Py>TLyA|s;%lc(tjTQ%!z(Jp{{V4JFO1I5%>u;ry5U$9W z^+*$f?l!t`3?#E}Zc!Ytt@8^94G|B{*r!uqu8%xyt2eM0dBbQSWnoz2cDylp1+=WX zJYCdnaNtQJY*P<@c6yj!gkcJ~1XycK2p1%I^xM?&h2}Qxuv|go|DD5U!NFVSFHYwZ z-05r({&%VC6E*=k6bs*(?_uff(psaXHA^zXye8RC0547jyz>0;wl{cR#@py%vnaw?NIlxa?8v5 zr*;8;W*6f&laPPJwI6{!@+kHAN{lkE=#}MSH3FU}dw3|*xT;UGaDi5b8Ur;3Y7EpE zs4-AupvC|UAa}wY%D(4V&?+l!Vd5rzp^nP4ia;^Sa4Q-yduKb{Zit3tpty2RGDA^h z4=M#c<6uvaHwcuTo}r=iNM*VV=cmf}^~k;uyUlZxB{!App>-A(M929*}5A zg-ENWk$2?SFkl`(j!Kk+N_06gr>*`~m0s0c)z%&6cQi1~7uTdzgWPz~tWbloxuira zmo1{BTkxX+Auz9mcI996yq`j8xIQc|1(Bu4OD|Bs@Y{;q)j>*&?(5y|L6EZ${!UQQ z0u{@5-&0_HOS4$YX~3`t6)Fva92HH`qSG~p(vG(tDxX%TcnPDWRKKFSr>Cc%KAoln zat)uB>Sa%DfAO53o2OT=UTL;k&+k!dGlh~N0oa%cNFG|MI=r0|Y+P+|? z1SJ&KM@7+U2L%H9!R3dP~FP4t9IrmIgLKk@0s^B4TEYCh(OhDS1dmQd^$StxumkRjh``YT7K_JI*l7&D%R{35xOsY~&jlPrM`!U13;N zr;#ONh70G+WVJ}UFtA>p13R)%1T58ycxguSpab$<%`{N2L0 zUthbb7B;oiZVa*!$*!p3HO8SoD#sftji4Ank&dvUp@SlHU&Ku`K&CpD#$tEB< zhP`i=(S3!Up`w5G-l;z+rGMCH3mKu1Di|ghn7_5e`^fbr1w8D7Mp#9@{Ap; zPM-*AJZk*ZeK@G~0S!$)vbMVX59^RVZASuycirJCP@AM~;v1U&Gg!q8prf1JmE5EEd@xDri6{kNI zlnk&ISD+kiVj|!PLX0sn3Pw@k%x+7vc&=+5heHb*NPi4kVhDa%e8O@ooUnuZLdH0E z`+}t7xdiHhA4P?IM_$g$VD;(KCzyP7f#<8Qz8V@H2Be=vTI_LunVwd7;eqkGnx8hb zBrl zF{uIx*Z4(zk7kpg1=zM1>9@s{pR&m4sy&JmWScV4dsHA^#20wVqOfcBLmOEZE)+5q zTDVQ==%6X2xuGoV?+Ztvg=9q&mL^CK!$Km8O%)0^G%L-o5$%65B}fTTN#)*!E`g3j zEi`j3#Y3{{my%aX8dA7*OJG#6zD_wLfq(nx6t^K39Mn;K=TP`Pe)8nO1Fl*gs|yU^ zX(a}s@1qq zcWUEcOtFlNjRz&OkIXt@AUZY}iY!fCLVgNhN~K<8fdqlYos?cm)c}h!XXgNK{xSqV zeu9sjKHzPG%FKepjg1)^K?SN53~DvNR*gP}t!qy4Z7@|)d*4boYZZpFtXPy&u(z$i z&*mr0=xrUO2jK8+I`p$?`J^8=k8{I4v{n?BnD!<|#3S_!B2$ zCK{i%h`ydKG6b`}5CXftl@P%5*vS@qqMa;BCy=R{2k5w2C*5pTRC{-(*GDeA&0LSY?XZ1gy0` ziiqJGKGg9V>9B)&D<>FoH4|_Cjg)ciL%0{ocSKEi6=|l3V#Uy6jE#+rj2ve>=m;Jw zMx4UX@GCzBXZCb~6Qa^E{zLb+vNvD$`?~s1j@J%F&3Y%5 zjRq=YW@bj)G3G@PQ>=SSK~SMy@qq8>xTBC4FC4UdMqP!s;-z+WW(Ff%PWnkxU1~N# zsl2_-crNXwHB%ieTYvv3pxHqJW^OjDW`Roaq!Ap8o}Zk=c$O^5y3RrfsRE3N-0Xa4 zY>U&LGGg@bi=bs4tAA<2hzlHU)HEtB8Fd-VoIQKy^r=%2K2HnA6Yx@8MdBxdS;;w^ z^-iOMG!gMUIOs^#8LBZjFU%}@74~${$Pl0tU!0*kHV?A#M*jckXO|U!SLVL31$I&R}Yh z@jQNNT<>GiwJ|vT1-@?-8QxgSSR$J6AE->blyil>tdw9|URv@FW2G|zES{i%4XTD{ z#ZZ`cH^#gs(=Y;3;X2DGy?ghbR!iw796CYUDW^7Upn)x;W2fdz5o-r-_YQ9}eyX|a z^oNtb*bAz+WyHg>+(_}Ph*YRs2|ADkLS?*6^|H*Vaxcke#76MuF2@?}m&9rx_$=(0ai zmatg;mw)*eZd1Sc=4eVZM{}2D*I3|Ve^wN4 zC#m$>AOiUDhac6buF1&>OsV^2$YY9N2B-S-&p)ezEW*8;ZZmoq*~lk4`jx_;M}UlTt@se!#e)%t6~vp*#D_&MbGDPzeRXw45BoMQYV zHWtHp7JWQpHs);prBO}9S3^DCs@T~1UgKvcPO34VF@9LAIuw-Zgt+vL#(`ENF9)U; zT6ax6Av=RKIv9=_Iq*P1AzCaNrlKjyMMU|@qLcy&;YaeX9FbHz=|ZB|%*BkA!%>_n zV&C#zY09TEIe9YRaT@CBlW9rc=5uw-+pu9!dIb* z$smCN;8k9aq((6rC|R+BVv7n#$>Oz|LG3_) zKf_jYX^~FRoR=?N zQ7kPigo;j2X@U``F1Sr4C66tAI!HX-mGsZsUWk8JudDi0b^bwxWK0j0AIMS6mrX(%4;R9z4R5XfORJ zmo%N-J+V3jao296om+4}20Qik!T#Q{<5-$roAZ8y$v(ZE*i!kLa8m_CgI+f)jo6y@&W6K z^o%w-;^N{BcfRy3N0zs5v2{jP8Rr(3J-xquUK^ivtkhOk-8bfyUam~m*zEStQm3!+ zQ^i0%9;(>b`Tj=ylzEz_c%-Qt9-+d+s^~UPuW?N zAO8Q76Yze33`*GGxTzyA&z>Hb=6F+_=0 zR4o@~nNu6(Qy`ihc<^SmjoNqpV@Md2=O!lp+kg9$wy+pyu`VSQA?G z5Dr|paN!Ss{HKYDNuSgUMP{gxLx<>TUBjh_lK zc6qJwvkOuxQC0j@qCd)OZM6DP(7J!2HpsRV=~V5b(;}sjFXKm726n6ac-I-eKD1MTpK(er7c=ejL`^Jr%4qvi%#d%WN&dh9Jl@(a3202Jd zdaSrY2srNCy@$VcF4Na?mQ=CQlw?d`Z{NOs{rU~*oEF7TYJw))mqFrWZ7{d<^QjmVf%|kXOzGVZODv5a1=*fwHHF}-nr{t3@#V*{LMFC z6MV#_xgiD!cznva9}hq4^)QeUXhAI1^wOai4@t2$$7|`H(nmRBOGMpY_5Ssi`xn8d z_11#Pu>=XV_w*67#X>7AS;K^`qjS|EgZ8jnjZg%kG2-g+R*$#09B*ZTiZS!Wj2|Qg zleZOjn=LJ)STx-{>+kL6A%cU;_U=xX3nPt2PaLOg@PhbhVX5_E3brUK1~gP-F>MZlvS-ni0agfXA6)Jv3qsAA1zv6+&v&Gmd|^+tt^n#ny0WJ1EuH18UdC=C1H^f?;- zRw*)#HxIq_-dPHJFJ4!*G4`q0uNt9r6Vxe6fx%PE zLC$M<6H^8T1g2$j9NO5~G;PoR^@v`k5>u~#&f6*098r4#Re`dnmiKs$x448+kQYpd|Ox|4T_3dSu%H&u$R07t?r*tQr7woxcYMF z&oWNx_LeDQt{sW-uh)X^EGtHMJzRIlsm$V->2F#wN~eFSXRI}arc5rcmJb|$`9K*e zWtBKu{Z)276mpp_2#nyAvORIhNkvDn>vYJWDpO;`=A4V%86P>sD7op+aeEoQ7Ip*A zVS*O+xeyFdh)Y`1m=oWGg>h(*$I55VU%Z}~!TTv1U&ieSmI7x-8FBLD7}itO?=ry| zt-9-c%++(4jv^%h0Ls}JRK->y&PG9wzm4cvVD?^2e8Q@r!!KU^DwRr8bUO4bm=}hI zxFLv>Mu<{^_l$cm@V0ni{3%ur7+6v6NI1Vl;d|2EH~}bQn6*BA>iFN<2}gaJ03}>1 zWrHidvwX-c?nr6JFjh1~v|aMDID{?LRa;kmf1CZTZ8t7fQ*e>WKX>lji0XR_;gV^cn+e?>LPUUo#CwXw-l~+< zGAU3BVK_!mLtRQQBoAI+3y?wOS&w}K-y=4Fxfk%Qqto!SW?XT9V_>o>dRGsjV!1}z4E&Fur ze>*~KO%Yx`@`};h@Ju$`6uVvgQym;I(K~ zUEi5!5C<<_;(sU1Ky6rfML`$fzMOg-8y|CXrkH#8!XeggfA`zJ|NGxgoI5Aw-FtWc z>p%bY(@#G!`gAphL!4*Np2cut*vJc1ggtgJ(FSQJT$rD8F4je&;%N$Tpms*gB%Qjf zsS&RZfi_I9im=3(RkDd&w{Cm(^xVJ%mJ^dwV+-S~qYGjd=54J`KoX|l_6aEnGD>mS zdj_df52pU|mw&%?^Oks`5R5VI7fWwDh6zuMwkJiqWfX|CGU>-u4e_x28JCyls&40OC3Y2=}O{5JG- z^>_EIbw@+OQYeJZaXD!{-sK#5Tz@OOw76@zpH+lLnY3GxSi=uzAQaP8Vv zDnn|F+qZ9XPALWS@w`{Tp z6Jx+3HPXb>x;bN}90`!24Xd>qPG?rU#FWbawaZRa2Z%d#Km6 ze%}JCg&)Otqg3zcP{11xSXz@yrys?()G+UbfyPR*yh5yD@Eg;6r95o$Rsi$5%zAg% zu=qD(MGCn-05#KJW1m13rx2V(Oar z=DvT2oD3+Sf;QHvMyTiSe(Uq6UEk~=Xv?ye9_jvyt&qu4{xfT|CC{1Vz3N-H3S>5} zES?c!ua5s)yJJw@<&(IWerR=JYZ+U9`HJ9=>PXL)SGH2E!TL*$+QD&P-#8!Ph68to zJ>-Lfr63qkyew9k?y-Tj$G3W9OEr7^z#^SGJ^sx%*S`AdE7}>Uk}3#w68>(NOu>>y z$i*{Y+dn9WfgtYb_U${Ih%ns*HbXiBkBPr_-64)ieq$#5`6PTm0{T`S+VQ zZ%GE5PW$1%&`zi(?5AWivoqw0Fp%IVCQ8Dcfn5LK0o_OcIvl1v!VF>$oxp@%&N~G^ zqlfkmzGisa^`}~rHUR^-t0MZcGzsm}Wg3OgcjuIntLfDd=NXrm0~wuhHw)&lu?RNP z<&cX5GwU%tBX(OM(frofYv$TamW}Z!!xi44Q4z+y_swLPF-CV8#fEmJC>?>5Wep5M zM|L$1s-aYwhVIhxk{8L97bP}>#5nN2zW!oeN@O7mY&gUj;^5Wb*`*PhIhubPKx7Z+ zRKl5uSJaUa;s|QECyyWBzJ0q0A{5fhR{2|nz7n0t+x({Lpv7Z2CP|&gcbyAmByGGA zWa&yQhtGfyv?sJqgy}=i5qpkzShHz3-d5U7bELQ{$&Gvg+|rkB54FsMpV5WxvQ(Hx=6u zo~qU!TohJtYHEtX=!p}fEtPh#Rw-M-^^Km4c!y0N#YxRjBvZiqPb5|K)cq-rOBso} z`11T$=dWJ9%KQ|k%FHxa?$y;`5&OgRL0t>;3zXlK**Hf0xiku-Q|H6=%9YEFHL>zX zU5ryNUAm;4p`p8yu}*avhX=VvNl2Ysl;Yr}7-n@!rbE-ijMY(2mEtb3_b;BmeDv@U z&#CefL!3Q#miqtPxd~Ztlz3Vx@y7UDh8^I{9zq6*n7)v_p6mk9zzkwhL0@*+O{Wr>3tyDLt88 z)3{Hd^ovfZ`>TbDdVKCb9(=Vt#*V`vCQhn{Z-99^@#WQ}@FzzqyIQ1lgn)g$%l&=5 z1B~n>?hckV#C#n@vbhk)g1Naq6wztOOJn`r46!Chh?LdzQe=F_zSX}C zVXf6ZR_`(eqCCl3rIq@s>v`nrXt&C@YA@+?$B2xjgqnZctG`rUWqVnb-_oGX82q8Z0Kg(pK!#P49GTag&f&`wS<7z<3K`9bs-!9l6U^0BoT(heP^$p(dekYjvm> zwycQuD_1Vl3_W=8&_ORwYtZ47;W>3kxvJ2K4dkY#M@*}P60d6{cBbp%#S19dAAbxd zDXw4CYp8K)l%NUpg(zx(TcT+kk+_RXi$M*C9*+HG7hNM#+|ey)DJ6%BDx6F-0cgO{ z7|hZ`h$lNjR-V9Ue*e(FWxQ#=7md{lTaPLzam^8WO1-eHIzOdX@zPR2A{RvIS^F0F zjaA#2cr!~V2ox`kCg47l4+$EggVZ8HNwZf=3WVEWXeCx%ff)cI4G)F4>TM<4_M%KN zk^w+Qmn!OfcBx{QmuNaymlo$4iTCxnxq=mRcUZWm9&}qdpT|#K1C4qo=i{P@hQ~Ap zynG%F{K8vd_LT{!mo1Mv+AJUH9x}W4pL&N1Z@Er%uv=YUKMpX93|R`XiFk{NvD)3$ z(YM~U*xk9h+Oe@xj=skF89MP)`I9hM%dGNzu`*1VUtG2r_ggTU8?<5rQGqSejQHar zGM3(0)|dx`r}h$*TGF!wpr8*-R)iwbh%OF zAR(X8tp!V;5I=<+1;^3tFWA$HXh`xo4D1X;J0?aC)zQLj>&1|)w%5B)t*4g|Ze^r0 zxmhhnfd+M}1hl$5o)TCL?f=pzFTez|;@`9+3f91Z!*O=2NC-S8)dR{Or-r-4G8`Kj zp_{a_)c~)=xh7r`GrM<=_xu7p)HoFqt`o!g>h%oZIZstD z5~xvVB3_F)LuIt;iPDo%fD^oGt8Q3AEE#ENCu*Y?&tJ@*n#JZs*9BJ;A@LcU6y}=$ zl)|%Pzm*RsgF}PGkW>{V{kCWH+*{1ARx%x5EkV3#32dyiHabt}njCDNG*~uJ<&7Lo zSaaC0eVm=0p|g`->pUe!uQB1}BNoZKS$;qk?EPlUu5UZO2egfp@hU)*YGTaCFx(|% zqR17Ao54F4SjTxG-_S-a^%2f-pvk&cOYf`{ZPhQN-{ zvRQ3?k+=+3BcG_mFt~g79vvTVH77<-gr#rhX{8Tz#awGN!NkQruvd07q?u>lmD-hQ za_Jomvujz36)do+`EK97EzR8A?1|A)jAhX3$y&xeCL7`OHxMOMCY)bUY3^L*xd~7H zj!HKdg9e7{^og{zQX8#)B*gAltSMqAx1r>AzL_$% zrRJ_u-CgVS1xGc08hEJ3Pa>io5A}E`7---j2Sg$9>-F=1_Ltz73VQ8UI6yjSJQc|W zl{N-!a&i)jzNHspUkj-v4ijS_R|r(n)WDM_p1zz?oZtY{&kXdNZ@yu)$^j95Nz|3q zDY>8aCE3@x`FWm-Fp#wR+@G)wO}#s#)yLf4;7$t%-hx4;Ez8)hA;l#;;!KKXe#esa^xOLhQQN&*O$u54Z@lF2OiSpD|fZ-L5#EIeon zUb+yw!DIIBp}&k4Wt$pUY=CKe7G9n%TdlAGJYZvtl?lUsQri=VxUYxL7k7%%eJ9lr z6t-3zQ2#bctLICNPlGDPRgSLKZ1Pgmp9LFL{M7U1qs|wLB|*FWgF%etoh*KSVd<9_ zGcGB%_UR6*p%qv>(fRXN7R;{Ek)dNl1A|OSy2IwlEm(w$#&Q|Y)&45I8TYCAmmV*o zy41q&nqI$K!TA>m;eV{!DFN(gTVpq?^qeo%@>}!8PE^j+mt3j28+fSsqeR48jt7I9-%T!6HM8@ zm{LbLK&B;&5hu!4i^5^u>M9hO@}6v`=n?tvWO7Qe!Q4||vx`bZukt8^a8&|?(2H=) zFH02{;$1ty`j8&w`t?q#l=b!NXU?2PV>?t9D_{N(rSv5~D!D1z}sw+S72$wEhL`6?McnDO)tpuUZ%Rmu@s78K^(TXcqF4L6; z3>jWLf9@}A$S0A+jl$KkTQ6(4a_F`ws}vuM!+{#Dmf9f)wvQc)QKyzNFG3%dp#kBJ zKN1wLtJJ-E7PpeFZdPlTNk* z@LQG%9?TI4fvV$Aj*a2z7I|R`v+0HQ)#b5~lazUOQWa2@z5`fCDyimY_hAHQb)3m~ zw9FZg6tX`7ux7L_W^qZfKt*jGHchM~CgZlX^b-L0j#ZlM77!C$qcnt>wdJv+<4jpe zoP-+e3-gPaxuA_LJkju#73q81`fT>agW58+``X&;xmbHU!%U??_u6RX;#AdF_Ni3r zC~z@;1`e~phzR+_=3?EVhqo;|k*LXUR@b;Xed+TWKMg$8^n4=Xu#E?+hkqfLbfh%h ztS)j;y^I#HVwA2sjL%$i!czaR;j@Nk*ZJPsHOjtHo=0)NK+4BHif0PyqIY9;d2VI~ zS7WcO&XX9Q`OnsDknY-E6R(V4Te&iGb8ia+w>ZijJ1?XK!xVOdOj?8N$G<2~ndkv! zHfoeQtvUUa06$nRZO7U(XJiHV>g7wPUodn$usYLtjL*yNFn&!(?6LV*A@^Qt_tM~6 zs{NG4h1=5a{&P#N-IG*fHI=#vt8(?~6*T&jr!Mh$e*fNm@kpQsB$+|m@s<3Qh)3En zEe%JW$Bv=rTLt3I=wq0@rp@9DrNK#Z%8ewtC+t^|OuaoUai2VXLZyXKEwU2Q4Uwax zCx?fRVbxp3wqBs98g}hp#l!6STKh)m#Ii>>>8U_6HpJ;F%rfg+tTY$1v`84W!NKq} zn#^ObaaFQrzb`$0^!U$z{$D@*@T2uPM2yi{#15-Upz|tVw1C{zzB9juER-a)0!~B+ zI+}>~J(HBUs3|0vo1u|)uPTtEE*=CedC}C=eSr)?$LU|elU=TJQmyhp4jXt4OIkpqH^P`3YSo>RMg7@wMvT ze93;JHA^l406+jqL_t&vZ@z$eFg5k(jg23E_@NNq61jZx_rL##^XJdgOS)Tfa&p2L zQ}~0a2aJY!#^Jt4a4(JV=G?D|)+!pDL28!@nz4ap@wpIG5nR*H1w%D{8hEJb=R`z3 z9)6wiP-^*j&)R79(wk#cet6N^_o zHgb%Jfqt46{O;Ymqz~fpheRqZhFKv}QZ5#44aK>iN(44u5vbq{uK4w90tH|3z+>a% zXV0D`?6|(RCYNF{ll(v7lZz3n8tEye;lLF)t3bfRfab&|-O)anYRuBi^0W^Y5;_0cC4MgSL%kjz zvh~mat4^pGxJPBZ$~kt#=;xz8{u}F2S(Ty#J{LlBBreekA zsg0|de3y&Rzlfu=&@5J&60OHYX`%AZy>C;DtNC^uMm!N>J8Sr-R0$UqWuuIu)389L z&MlO~`_bwSJ~+ZrLiq|R=?xHIlyU;p2yN;QVRYG`BjOU!Ja%38h}p?^$6bPKwO`O03p2kEQ9G(oBvru0M9V`g!g z95D^jzb0Elc0vZZpVf@JzDt9a6MQwR%JAPc<>8N{8ew>3bhzH|GI0+Gt0+j`;f*gONi*E8Wqgl2^@ubd5QRi_+X z%xf&-9Br>0)VOvTGrGx=Wf-tVMe)kQQ4Q}nv_aluiSF!(Lt?YD{JgqE&fD294uNZ~(Vpe75-Zp! zMH%v9;F)erzo)5d|6A6wf3gDk{%Q953Lc#c!v+}mj17#=l6l(M$->VWjE;@#!?V>)#>a*n%*1Am8fp42`fM8eg*3zh64Q~(DH?J!GaWXYj5eq|TVYpx z^Ja9YaAgBE8gp%ldw8Eek8Rpm^VLAm1c2Pg6$j09YpWyx^opwRsA32sZZ$zDyZT@kv3UKdB1S}(LM!fP!x-N@J6xJ zmp_TpFC9NIs*In43(wr?14E4=SL5ff;wO6wtGeFVVT4-mxGz$D6;cUTb#O0mzp=sJ-vEUWKJ!S@z)zr_&X@bcm0F z0>Oo07K((Ypi^T@h}8aVT@QVV`1UrEA|a(@e5-Sz8q9FX;*ZT)My&SAa%}N}9lx`4 z0XvCEkg-4%-M`_=`)+Pf8K=_b;43La%n>i>Tc(0zV`ImLk0FZGYO2r8&f!MW!N(jT zic}!D!q=}wDg?h-AOwk^b(le3PC$yY6H^d@*`WZ!hi0mHfG0n-BHrpn9!{xqkh+fuu$BUk@KVBttMr zV3iQ#_{a&;fEGTy7}7e_0W)el&GcTdA&dU?Pp25e0YC-jR;>lGE$|em5OaaN1w0P% z5?{Q2^%@vVS3__Wwxrvd(<&@plpteBIUYZL`SL~UoB4j}(nSTb{2n_wcIE07kQ*V> z(~k8%kHI$cS`*B>nXhIhCMU>7LKYm8w3HfzwW?JRze}8FLg1L7WjFl0E8)V;`aWO0fpV=PE~ba zz!l2t6NL?N3{zB}o;(Tm5PM8(PUEgF*>RFsR#{ZRyw&sBFTcb%ye{ zzx~ZN?ze%3XjQtWs*LJjLX&OxaLAHw9x#MTs&M}Z^Q7@p<0M(+FPL_$yH=%SDqIeB zbU3MR^BI?@f*mtOA(kvMnL& z43kzCH{rFK%}}hOg5@-d3QtjC0y{GsZY0ztkt|?f22~DIh>XQNvc&RjUtr|whAz3h zr`A4>F(@4H#pt1!pO$Z#YZFmY0)f8b^(<+6=o`fJ_H>0&Us&&@j5Rj22AHjlRNX*b z4sFNE;^H!Q-_1199N`1;ALZ5ay`b`o!KXpR-Y+Ia22PFrvk@E{>^n7jj8&Rw6cK8K z*&+=MDvoGgq*0v%yMnLXUa600N6ZrX1Cv*fD<(~ZwxOZHvu95;*ZZQ(zY4aId4KuK zzyJL6b$Ed}i1HjB8u}{2c}f>lD{9a?!u7_Do1A|H(aTP*tE*^7EEkepy>=BH%g&Wr zB_?n)WdE=@9J+AfE8QnM^&tv5DeB`4@8}?#X{~JTk{-Hz`O?C|{G&&Yrl)_oedjI( z=AAot(8kn(G-MQk%KSh7=ig|Ue*gP_EaZ2q1TXBL*j)liIjHfQH*cYtL8ZHM7|bh# zzEjMp@i7*w7zza@iQ7T(=1xXK1&xjRMW`!*3a}ujT8q(WC@Ke#ip5Q!pBZLJskCa! z!|)C&icdzLhCDo!kb{4-t6%_5>^5e>VSpJtsiiC4W$Zs2wkH>cqXi8lyARd2G^3-( zclORiwYVt;_k?7_hG9+1J-r5*=zG z%|5jRa#`IUhliRcjy^Ud2V1^YaAIv4EE|OVLQ5^k&h2Uu57GTSUCWCbujhkuw(`0u zhESz*JvQcYoW#;3yTxi|ZV`>$!h`tSvmKghgcjsxM~M<6uMmuZ<5i-+V0tongdpz= zN7EVS<`OwIeqxty@Mx`36oUuzQ&3copF@tHLbio~Gl==crIp2=m9@c5da~NBhvB^} zP_a@~oh;Pj?L*dQ{aWQW4toCTvM~Bj8Mt-fh^`NX%FlH_c1OpM+vB)X7|wFWZWT+#UK3y#D|VS;Sa!0)3?{9;9YMem=568DZA>Cw z07*bZ$?F8br)61%FTz(RYQuMh@W zTq^E(T6p>tXAS0NZShyTaK0x`j`1_13$zhCynb?xu_G|3$uuglwIx@{81THs`m-MN zm$WhXOQ+^23JurI8#mlE2${f8ub^bkU)%>sYA`%B+^D+AT>5FSp=pJHz7mx1`gKRt zQVmV0H(MQ@(fEHWCMwxte3zUB(#Qg*Wjn8=YrHlSH+~wKI_}P$c*3n&Z)nY=*)&Vs zi$H=Y?kE z@BZ%ZhK7b&JUbOkCPPB<=;5Om&tGu7I(2dCcfb3cu4Lib)g8v=3Xw5J@gbxK61Y|~ zz3g1C0`6LW)WlJZpL#qr$3p!5%*I2tX&>XgHd_4{Sbam8c2GNz&CCB~--{n*C$!;3 zR19O!{KsIW2!rbM@KNKZ9uF}Q>iJTy5B2)_vDd?3;v4^xYuZ?6_Jb$KN1Yry=@4r1 z+w|Mt{)Th|Q`KbWw(Nkhp=H3g@C}DG#TM#2Iw4}4;O*lI5iuCt=+c; zcf{i!^VX#$KBU4PE_Rh>kcROMDLtDTtE{{*ZODn4!1=yX$13cmH20`AS8Yk~n%2q%Y|5U0p(p_y- zKmQjJnrSKxBcZfiOXwQl8Gh1x3hD}o(x_KCG~%|@*bB;*S@TD2^?LPg>%T!&G!}-R zaqb5i$y9RHporDw#jf`C#rd!}6wf&XMFNeEA>Go-?5V@3&_QMBMj@QDrc+7P#Y9MF znLywp(^r&_3E)#JNGw?l{YpTWp~M_aLK*?mmr7Od@R}`JiaC_zpGr+Gq!+sM9ZGrk zq$*MiTQ?`BXr4+N0RyGzNj92vgjcRyK6mykb()mLi;VVy)2S*ii%Ux#>7Ivi5-r)~ zE0@3i`WnhyV&G7a(4{#{rA!`5V70`k?&773sxdV3 zAD1p&ga^Ubq?T8J!Ig_F(x^ptXVtv84PasATrv~K3(mFzJVxYd-58!ey5gSmC16%=8G|m6~&dB@3>=Z zHQ&t1^R5^6d)MXSQ$?C)D=TYQ^_Y#Z*1%kjP91M_IHKI!%bXNL?I=_p4{JIo4o)ck-@CmzbmRJ+Fj9Lx&-l_lt1>q z@4ovM30=Sl&?ESSQR2ol6fPyI`V@%=fi8uRm1P=rAv5A=+1Oab>-Wa&!t^7)=vtN~MZMAC+X4`2AibPU6uY zHH57yz%sDCjgP9`nLj=>V`0fCc9Bn>3=H4HI(q!nDM+Tg)3ou^r#P||Z-mPf|EKSO zZP?JWu%TxY8xzjK!a`76jU1V6?*||NWdtgR0ki>A)NoTgt@id1$mnQg1>6nTTP=t} zV+^eX7${97{Wv)~%8oVEp50x{aIqT(xs=1lhFPp~E=#9*|NfNb7(YI-Z9Uc- z{(1!kLr$p)gi%daw$J#9hGaAA^f~q*!@rszNl{xpej0`i^>{eo@sLZ-M|^x-(fmgQ z{3sWVx=JBNv>~>W+~+)VcZ-F!u^r_f32Z%e`WioFSk&X8o-g(KP_Ku-(s~%|l7*-6 zKEd>1w@5MYR2X0umV_4+KX@&I06cKaP5;NUl_!6fn7rc{D_aVTThmIG!t9db;B3?0 zDA-+=Kub%`#WIZzc}GVFrVhUf2wEl?v5t=(KRNyAF{wkYieY=sM7Hu~jIjMy7e4R=x@Vr7AGdnkjVfHiG#S{qzu*#1un_pNL zed1Z#S0RSa#Tsk{7%ZGB60dz(VIss*I`PyoZWK#QEYBm?rI-sF~_!LYBG z@Zfa2I^!xocSaYnYfV4IDAP+&8-3?by+0OQcs6Hljh~u+j;V1Z#zTRVIG9x0V(Zw! z>)8b+RxCk}9~^()IH5-9@LwP=i&EyXCXbX0i_6L{c>+RLVE6X0pbh)k zF2%YYF&H_pfwRA_mnhxl=C(w+7AOtU)YT`sh6lsdfq03>Pacb%4nx?_n#l31Rj|0Cr7)!UPpU%RDk|REoGA z8yf}WuIUddQu%a9d5o$b2Fi?8xD|kkiyDK;DYH(YU|1xt8{RpRapfG0!K7Sb^a9e6 zed<^$&kBSh9iyTRu{enLl8a2I0>Am@Yrb>zCOkv0^xuB_HQLw`gpPHU9)#;$ddJ`W z?zhxn)-~fnb&!1J%H;y8(o~%#ACvx{|M^c^1bbq{7Z~se)Q2T9Rhyj(SF*3)efQ0! zOBZEiuIiuR1Rg{_wW3H>gYDv_i`gB6`p74k$>l8ub_t+jK1d;|IZD<>gXd#+T(j~o z1_kdNPTF@Y&Ta2Y+bEk{8?hh&@xbs$+V?5R+p?-*hYhJ zbacrlL-+H>z~|JhRu9|9tI*cZ8{VhJ&v3}32Q7p741M`gZ?EN@*4w&mpptSB)R?^1 zVB4;rTF0OFarYKjliNENmg2ITZB2g5@tpf_CW z<29Emf58~P{HfQgf(y?>G5{q(+P=S9WWO~NNX^-Q^!h6xPU}58foam+;jmMG`vz@A zI5J07!g&d~4TtI>56zT;xvjmMyKOVmmcLRHH$hi0R>94$&ypssZ*=wcZLF<4i$g5S z=`(~psZgy7jPZ|ab1o6zhb~eG81RfZGA4J3hvrm^OPUgz8H*07ofW1UPmZ1h29S!x07o`9HqN-1i6;h4b96z;2w?J5js3^p|HGwA zmno_M?-O4z?2Lc@`RAuko*0DcD&YCsd~elUMo0PHh%BiqDWY>_G^8}mP*DrgTCxxu zH43jLZ`P8H^uZv}eHwE5%ozeA81oatjX<{qumv`jl&iebumk`$`gX;JemQmebd=N6 z6VlN@dLXdcw0zHEw!jr>1jB~&8a;dO-hEG2+KO^O*N`w6B-om%@k?9b-{AVkfBc7w z7catmV7t8yoG0Qcn11a7zsANOzZyP(BzySqfg5S=-no1K{*+O7`_^sKO6@%ID6mM0 zLq?oUFIB&B`~av<-|X<{(1MWKo~j-{IV$S$@KM%>U01~ej6CvknFGYduU1qnpY4qe zs4O3)>WnWDF`aUICew(Ib^1g?!BD)$|K;FLjUTwkP>-KLLp>hKXoy9lo-g%yh^4ZG z_ZSa_FH(fOr4Sqxh8*`u<4&%@kdzZ9H$W4@h zx5r>BpX?;rv&bLrzBV@4bh21g1ul`Kzr0APMoc5i3Z7PRl0*tAF)6-QLplIFto#c3 z#43MaVG|@l(WcYfut{}vQtdc8MF9zT>H@!F$y_9O{p$5#+GJodLFE%rDab+2oWKhy z2ZISd$FS)9`xPb@cPcTv))0YYP%?mh^-Ce1(b7x?ycaLyL@((NmKcvp{pmEP65vE& z=Rr24)h-PI21AZ)$`%GzX$@?D8S`CZ^;*avG+g6DHqyXAO%D)gw6IYIUSKHDlmFNB zQjMQOKOW3y!gg!2b(OKw-24)&Pg9-EX;_SOcM-wozwrMgNXCCE^DAP~m2l%7x?!y> ztE5sSU|5~#=N1+@N{f5bQW|bzg!_rr@Jm6G80d-ZBD17hR!cU6(eSOdv|Lti zi_g+Zr~z^n?-&~B3#-+R6(lbY_1M`K&?;XZc~$KbuaCfronviXQOj+s4D7sz8E(3C)!q$V z8N0$&3BypvG{t^#U|>P~%a>iKI0TZ~jb$&$vjrBeo#9DE3!)JJHvGx^cdw)Ws(pbO- zO_G+i$^kqIGYx`=APUqz6;OdhmqwuoGmKW3mKJ@o*npOiD|~uym7|37=O=0A#8CV| zxaMfM7xAn-wH+p`U=ql#3NMOMyBA;p@6x4OE6Nz~QbK?KfPtVbfA@Fa z15>2(TSJ1pjD%v(la&{sow>is5DwP6@d`IP=wl(J<ORQ00A`oQf8%z7x2{g^*g{T0JO-8$o zwNt~@3wZ0ZO`JtVZ*N~1w6r0#R|@GUL4%uq2M|kdG@hF!eDU&F7|GEZ#zRI=8Mirj z+l`wh)@pk7ZRyq4kc7GnG1ltwR+b_N`PK0gRGH-t07f_#6~AnS9`5L~^t6Eav@c+@ zR@P zG^9P+?$BtS_Qe%fP`zt=opWgH9X@Xh1v7+ZVeH1gs*#^}`w(@RsrY0bHwDHCWMufv=~I64z^Z)ZNQpci7+__H6^+2q z5Q9c){2Ao^r-5)XSqQ7t%u?X;)EkO&)$ zGgqlNQ19ZE;0bJ|iUfSLCu8GdPzqY4-RU!@a50Fzy8`!J&56DXoydjOV#vH z%zq2;>MCuKy-)=C;^BM#zhgYZMl(&ATQ-umyGMm6UP14X_h*X$p`9!Wbd^`fh|= zlOR{UR^D*Cz4ulS1!mA*kenDDy>{(tIipJlXFLd+X=JL%C~8sNG64bk%I=e;GUP`x z=lO?*kDoYhVD$C(XG?hjUk6G9&PHup{xlm_jcj*vnx*Wya}x%tyAY?HZ+`ZSu2Z5y zMVHhq_{&e7rcy`X^!UX~1=}g(?TB7L@|hGNz+I2~8`;!?(|FTHL)RFl5X6}L^6Z%x zM&V)tc_BFoKL`P5GnD3JL_{9N^)QbpY~zN9L$|bN2lyq$vp{KWTg%w zUZf&@`RWzFr_$IdiCP%2szr$_%kHiXSgR|=HY{fYAlTmc}JL9buv(O1&`L@Yy(|+8LM|KQVYori3V#7Cbj(ZOh27w z5TI&c5OchI>11jcx$*`G7+JWQ#VwP+ussMFM%q7Rsb3uZfY0YqFrMit!3owJjWOD) zlvIqsSPZ^6{M7VhnTgw;^>`=XN_mTJoMkuRi$GH$C0LxpV%7hh9gEAW&tA^VxY^uE2Ch}(O5g5~v8J+3 z5^1cx77w{%h3@F2gqxjT{N=@KK(G_uH=cpLCLsdK2(zY*hDnmISm;RTR zstRw2B_lhAxSDWzg}G{|C)|YI+Y{o*sL=oM63wuEgfoa$t=7m`$=cd@ROMyXD??Zs zK_Hpwqa#C%Rt1%YpVif{aE;VELdJX4>tT(b7#!QigFzMsp$*%haQEwizL)~e7lqw+ zIQlhHj6fqy3b3l3w1V>tad< z;S+x%uuv7RGJcLjNt4Hln7xYRy+)aUREt6sm(&7v2rXf>tAHq_Pv8;MQsxfr8k*KW ziK$OoiFaw$hebhhD4B+b;I@hlU<4JM_u}a&mC($wtVL=HzA_X>-_p&1*;f!Ms`N!E zr!)loT;ouZNh1M-c##0E#>P&n+D|D<;(#DXhft!(SWTH`uZ=TT;w8u|k=#qB4=hn? zmR#ymLY5W@yvGVT(4UFFx+cfrf_}loojrS6j5%T)vRMuL@>~-Ru-?O5 zl<{WVYQ6y(3zowq%dxVxM&@A#{z$-9)@Pf7T>x%dFk8W_f$$Fh?}u%RhQe{&&e>KFNv~}R>o{#@9Vn#L&^!1D$8#EO5DdgArWNxxcfWTZi zdwCFN(|~eTyDfm#IV*>7pXPYj@+xGynZUyQ9yY}eY#3! zyznk9{MDntQ@2NXgvQT_VstN1db zgEP+)qbG3aC2dUTH|+Fv1%hRn+f)|Bnng ziv8-sS9s*b#RW0S=deUd7LXu0K5_z!FP_Q?oOl`Au-ZWhrTWF;Px0_T=R#)#B=>_j z=jp35vEkD2bqXgw;fYV39{;C*0?&8$b9CuQN;BBAa&`iYlVc~p`Q}^TDX>2;sDb>z zyY}zaxl(4l$3_?`rjyNxsw6I$nV6WkcwbSym}{i|vOl#mGtJfpp( zz$iCEL0~+azjrK-B_gDi0eS_VlD8qo>}>B2|1%-S2*x}{Jmp5V zUAc0Fac%HZx;8|y@t+QgF&0gVgZ)kFsSQU!&{44A1=7&ovZ-DU`%#QqfW*Ct(S&VK z_}PdrKs2A?1Axv>J$U)@CCA$wZ=Ri*y?6JX3=1iZX`rZysZvg>Ez!pjO1<%vkc5k) z989#Pu~O~mU{)J?MuSan8C|z--Xh2{@bErnL76*|H_K{57k{(7YDD8b<2|Bjh_lKc6t5W@zZ3;Dow{dVf9_Ufs4!2w2QZI-Ns^3kYLP7KqyO? zDP*9^2?JB|2&S11__Ats6q2A}WF%}cnTOuJdpFdgBO}TTE*mo%kI3@;Sy-&fP61C* z&tfRW1aZvKvC+7+Wp?)Yv**$vIaONNW`YCdPfkvdO5pTV@%+V$yLaz{O&XdiW}ukQ z;h{m7%g|S;SL1xbA~L|8ntF(<{AGGN>;sMss~XIJfAsK?7c4Z!7%R*2)DtRNh`}q9 z*9aJ9*x&;8#QhUQQ5?(8FU&u9@W53pYQdm7g-ONBinW~G)WGCg$H{0~jD*vc@T`Nh=+MZ!{#hLg)}qb8Dcq;-WFwOwpPwom}J_k`)RqFETcq z0`TXT?zh8RDz~hQarQv!V?zUsR>Sag&Vhu0!auou71U)Tvm=m`vS(G57quK49vB{o zor^(U+icrwHx#;|3`{A`lwC_@51FK>j?iawM5W_+ooxj7LbkKHryoWw42D>Q~bY1#S z4TuU@?7tgV$%`^jk#mS81SSB`jVL;{I5Hwol_OGhq5KFXNX$^>n7IhlV&^Kcuiz;Z zmv|7yx{-@OrF{qR8YtQbjZvCOZTd#77LEP|JUyo7Ybk^<==3k(WJ#Q%nm*s7@4PfS zB<>L0nMS=FlQjLR#IjS;l#Z*shtnDemm&fL;i1 zxE&ol8y5pOyJ+ z!*_FE5Cf$|3NEs@{^foV3}D$i3i96%dL`##GH2Z4rkOYhZ@JW?JJDw7H)L4;15r?b z-nrEG!%-(s$2($XGzq--gY!djSrr8hbYqOUsdYA4M|O!&$}VjEr0lnol!iM392?`R zO}WA+zcmCEB6EA5%BQzlpg-gERV(J)9s^gOaeKE9h5TK&cUQEuB99_|FsjzNIOW;N zePi4c;%Mc<;z}N438uEyx=;0jz_e)N+{<#ENZy@XJc{_QV)aXaU(W@PAOzLF$--a; z^skMtijZyZpA0_@hG=ut0UvMF*%mjDV0@gSSzKD`@4$08evL;Az$?%;+OaccTLZWK zl-|5dbg4R6Ei)B{FxDn%Pwyfya9KTZ0Gd2480}PI3~g+jDws?(#}p2dqT$Wdo#u2b zVVPQjcrT?dLSm4e!bK}iR($!|NZKqXn7+gbVyy6eh4oXc!V7_izknPCSIfuSpF4L} zVg-UNtKDLtXBl$02n|tz7BoSMWiwRSKMoEzkNR1DnqF=!9uK~PT8EfdZ* zh5EHKRQk7BSQcAN2|19!f|irlyfq~cz~tahkitx}RO(rfEPE7}6D9^%`tMALs|Ck9 z*igtuBf^`97rb83xa)2;Az+!~aCGj(@lf+=WHW2fnXg|{s{w52U4_96zpUfrKVD+F9_ntuL>yF*Bvzi@_F``D}P1j9+t^Gc$_@4m<8vdm2Rt zIC>wRx!r}0hYueDLrUe2sB;<|!5H5kjd7Ci^9jh*Vjo=;}=qJhmhUUYt zc!d+x7@Keiy~#zUbO`S9=(Umqoq>xz$4nE7_`7BNR6p$TUZ>v!F^%XNKQ(@;7^ufX z6&pL>EBM*@@nB+Vqt%1KV_iy(ff@rf25Jn{82Az}fIAI4%dxR5S1x<`AOGL~#QC!i zpuNUn@|gAP`7?|e_RI-I8a-U=lc!HlKYd#4KF^*z`;0B-FTXr~^!VTY?f+r~vEMjP zDe;q7IErpRr>B3x9MXnfxq9XD<;%RBstbAiQi@|%A4t}TemQTi~xeWe)5!UgiCNPU%C9vH{p|2CJ?e`RUp$+3@7fCmByK~ zXWa3Dh1M3;sh0_7z%Fo<4bk z1$A)q)c81-lnxjqDy2PA(SQH%|9t-ZS4x%!4)5Q;|K~sduj!{xU!;{SkQg#(AmlWg z_yzqXHX#aUuSOmbeh0%2i~&cSxaA}!<-Y_toTVN*DQ7l%62Ks=;_%$r)*4LE~R;sz{NKc-xL~dOf>9D?s3W zVq}o1E77}DG!#}aT)i~BUxWh;;@1>qt34}?wLLb_Fi~3to{T3(h8PPf+2Xg{xf;5K zko!wm!sc5urv6)F;2khP$HNE6It#@dRmPJk;C~}LEVI|+nz`<@9pAN3$;6kbB(-;A zHA-j(bA{~@orgFy5(79yV6l~HCP}KMD}?gYc9=Z*HArbkB0k(WBT6bo7zZj;ejf|BAWoJ>F$$ZMUz~q0DtUI$oDSOYRRFR#g42 zb2sa)-wqA~rYha5X;LP#UI_hq+#|7KSep8N8m_(`T%AXwB%=;s|=Hwf>IZ9Ro|x6arIjA~;$yp6scTWuW* zd#t4}eoAt2)5No^KBzw2s4H7=r)}M~!m6d>uZMTIGA7MRCwA?;+GyM5*c%%A`y19C zn%rtN;4Ps3S)%3r^#HAFsxeSw;IqI0HW|C>_&@GAc<1>=S3(aD^mq1rdWoey+M>O% zgh8nnw^Bk>EuDn6U4Xs?;5 zLzvt#pH63P-MUS}Kng64>BcdQHlm7k7)AiVRRGF601U`;6XyW0brg955591srMqGn z6q>1`zy9^FQ&Uq0YAG2J&JveQ!}z4vqiTe=(UYU-a#g_bt5+|fkid!L4Iz4AdB?G4NSqpf+0lth={vT#bPm12qO}4AdC-U<}~C@M**f!O*7% zJ2#g3e6SInclLZ_0@Rap@8E{n!s6vvpexjEJ z6*l!^Tvc=W(&dX<;j5Ub`%^Dpyd*GFJMTKUO(5~u>M$T_i%+ZUZ!Xo2zQAoaoMNLJBc39h8!&PJ8 zOT>WHE%ul8aI;FlY1;akx`~j(ro6c!i;aaa#q8$3^}$yYn^2y_`TwzZr~i2z$(`Vd z8z2DQr$|X8C3U-d?D5zhk3GBlV*dFVk9WtPU61W{AL`aYQ5Q+^0Ezq9?=SLs9y|a6 z5F`QdsuEPJrz$csGBPqUGcqy~l3BwC9ki3Me|43RdK8^2<&=tX3AYEi!v=Qc*?2{T-HKk&!Gj?~F3;_639A0a2U8lbM(7;!)eaZR+%T=7XV z!hvD%wLK7J?{~dC;3s%1A~5y)|AgY>d!*4@|FbHPg^Qd4y^KbAg7*`p1`E(4+Yiep z=&_by`GikT%2J-JFu>;d00Lg|)3XhBK$3AR0)&7yLUz#x6otzvjpej@q)tVL)EftY z9q{Q{9_<6Hb}T=;JXGirs2J9Xz^4tP=^>pY>fjfiA#_1Y;N6~BjJFC zIcS^Mo>sKAMLsQzTJZC1sw5+VdL-GsMMyF-nVgKCTwkYiaON!{{*5A4Lw2-?8LswD z#xg(4fG5$H-RS|kokBJXj-IUHmRA3wMSx08Q6MJrFq?N%`!FZR!(FoGmMS82zth{1 z%vV}VLr4qRN7wC0aBM#mlfN&=T*btw`MEifs2EkScaUeJFir#;2}9Us$AhokL&t%R z104qr!+|yp=M`qgN~=W8*4&w?%>=pjW@eCf7*t0N6GdE;l=RXx-H~U|AryhKwgnDx zB6Z!^P8eRA=gk_^&^8%s&zVuiV>N!OlVjxh{B<+)x{Edv8%_|*+3-LJ`vg{_D|LS|As+GjcYO-}G>PQ<5*H>J!np=$Q=;<3RdD-@Lz-9~y&|Sv0JdyY^XpXcvzcOb z!K67A+fO)~z8pG5d->5&xk@x*``G<^_wRgj$Cz0(+_J5v&ggd|NQWXi(4O&ikcCed zE}WO0VW+Pavsg3y^qvg-@cj=)q}eK5HW@F?r0UAq9gR#pR#(cEqG{uG-i}s-c|*A? z-8MHGds`APF*V6j9D%2c!rXlMPpJ+3e;)^xIhERNPYc#~t0-=>n z=RjV*a{2o8>(>5^tIhaGR%XQz^#!#RO<-lQ$HSa5b zx^j0M=s3`EpyNQtf%lyQ=4f{QxjdLenMZQjymtNC`3o0r-n?Pb#VTlGW{xUWm55bV zp*RijF7u!4e|@?a^{B9?_Ep-BZW zJ#+S~sa;tQoP0WMKFmGz>ecU9UK|c<_Q)h@(km}BVN*xg^7H&TuAs2px&4h5uRs3j z3%&}HJ54vUY_qE~=)caxt$)s(CM$*1!6z|HK;=sV40vmiO=9Z!>eb z%%3{djhaX=5^{;;At9V}gVtq0%6&TE% zxox;KIY-Rc_^9``T7tnw$@B2=k>WV1W~bri9T&?cY0YfGa^&2__{79GzPY@#EPCSO zg~hdvt%<4WvE7!_ZO-5+GkO^`d6JFq>7%m^-92?2=s58DIMB4K{-xQM{nTLD@=!z@ zxEg5;%P|^`jPM~4*+mEBnZ1!su$h#F-WM#Rof@VxsXo9%6Wp9iBy9u;AH6q z-&|B#OQ{RtJDMUVmtVe$3DzvdotNM0FMFL5ILQmJPGW zhCCiEvhWAkB7qf`yotik8(F)`N}GbiCa|j*tI7z*R|ye}VsDxkFL>N&T?SO$)p6hm zIY7*KU6VszpalBIpB5IE*XC!ZxurIzPzwmsl*J={bBx#X2(Eb^_qH*U1DrZui;Pk^rCob0^S>iwzNo%s`9^Y zi367{Nr-=O%tw=gG}4nS9vEd&oLvGB6?qqS^ctx?Sz1|MbzG{>nF#MF*Dm<(XUBn# z104tU{wr0SwW5geHqP8)a1QN`Almq z()$c}=4=0he{1}(*C0aa48RQXzWL@`126-UcA4Rt&Zk0Cr3`%;r3|tgJS22Q)wt9?DimQcdh-Xp$?(8^xaMdlxtSW}vLOto8X#^st-G;|f|uNMhBGCvN){V) zZ2;<60pm*-v zx&8HRk#so0B3l;L)P$8eb?Ouo5D!{ZkVy-UN<<(V4Nd=OG5~Jfx}}UvOD4RepphyS zs#@-aArv9l2%J-_H$#MNv0$7zyE#5JB@4+V#L`;&lv^Be5$0@03x&V_^{;N+xB*7- zF=0@l18m(x$AOLm9S7b+4s7fC_ptDExl4hyMJn z(+|V4kmpW69Ibw^QInsgsoI4L7o1x$J2z*#Wg?Y5h^J1^pW6D%|MZtNx7;xOyL#oa zm3F}|*+Q<=t?>c+#>@;W998s64WvEkQ002M$Nkltw*$I#fO#Ws~NS087ohgu6+e5_$wN?u9_D* zyxH@IAAM*6X_kM(PY)PP5MyR2i<>uZxSO9M%u89DvdZXJzxp%DWpwV``Anqe=Rf}F zW6lFeHIuhF(!>?1vQrSOa1iYWAAF!#HRqhfpHDvh1m!>c@Pl%3V8t1WY&LXqLIufj zm6HV94JIgpbu+n`sm`66H*;lq2)j;u%Z=7s* zX?d#pBudY8DmYLz_u6_^SUaFymd6-6XdeG!b^Yv6;T44VTV=6$0nDeXC zn=pL0I1L)BpBi`rhO@bQPEC&U!?TtKEyH3wK+7hW{K})00ac#lPVpy{nf;{nN?Y;pMH>X$SwT{E)`BlqJ+1scRvG zYiVhO(<(tssFBThW5-6nme3}|vf26@HeyM1U0xc=0Pq|ix3#rh5<8sxVV;fFTp2G} zf>>Lh$pV;#0Lv%K{64ivccVTdL*7otbw-=edN2OHB^m!CMw;fXinf+%tyU!Hg^2rz z1TPEMVMuyK7zL>ifKRwpt*#2XGh%7OYLh>!dX4@;7Kk4_zp)R8uVTeX_ZEjfHJOH)5f9lf!v{`m>h1M9+6R;wM-Tg^I$UA#Yaq3py` zk)wp7(_V5Z`sc5{H!Vk;j6NS3O`~@9NFC&Ywb*NxUH%QzZQz7*klsu3qNSkE1wb+- zC!#tF(`sG73n4K?)5leBm~%)gZOBMZS7R{ZACJ|ju(XU9LVhH`ttIOI?0nFJF{i{l zlHF4~Vywn3W+NK|Y~^xrHl{1WjzQ!QHShL#Qt1Y>09BUhLHS0Q8Dv0TWBzV@I3y08 zeYIPU8y1IcdC+_e^R=L@wK!2xEF9wLLi@~L*8q)Lj%#DJ@Et@C{dl+a+fYG!k4IJB zRCl>v+QEy#Z4a2EukNN^K%xP9=~$9xg4dY>kd@toJ+s8dXO{PwT}@#V4nx z*}#Ryl%)t6wxljBE;+2C1}!^mR>N!=JnuhJ7=ZL1l*xR}I3!kpy6jE*=|L7^j7dx% z-2ExOLEWyz&*t*%o8ct7YF)NWWLn0$;g36>58~%ugP?=pcOdTlIC6Le$0Dn5H*S1f zTWzPgKiZ9pX^kgLF|F*>-I(lc_d1cei8w5`Zr$Vz3iA5(7P*r(qc>!2!(dB$pMLsD z+rDK%%0_&^md|)|Iug)26qXv`TFzsLID77#3Nz)gS5)xPTTh;xIeUiTB4iA)4rVa+ zpjxM+BC?>iwI#5sddDMQ&E~y?s)E2~dC{sFRL11i$Yy3vY9KZGs(t=_Q?LdOkBeax z@{ezPY`xDIzO4^#bED$v%4lqJbV~s6nxTln4h(LIYCli@gIWfVJ7ecw;xN#G;W8=0`$GkSg+Fe-l^T_3GR~{YyZu~zi5}iDB z@^G*`41YcH=iLK^BhR2i_;MV`K%utu7-8t+pNph}KbS=we>(mQbD)!lVQxJ8-0|mG zo(#WvfB0j<#BuY_e)VT&bc_L}i#8paV#VGO`&7>I`)~j4zhx@9wPh~qup7&nrqE`0 zPs@P-Kyx3OIXTV6({hmsty%Gvt5?lqZ{E5oGHaX7dT#~@15;RB2DlBau8&Vnm{_vx zz}YUjJMeDu|{k#~(M>2f)f@CXA%4lby_taPxDV6hRh3#eqPnO-|XZa20aywx9jt zGkY%iWFWYe2yzzK{=i^Z9(O;#1M-P)xM69KyNv2Mv5D;)D^3=AvVJ#bac&qGsZ8Ep z6O#-zxrz&WjhAZDkE?Jt<4!TTF>NpSo$QoKrDMC17@_LMV>{WCU+;jt^_$i6<)JI@ zvjVW|%}dKet^P9-=F-^OL%VCg?ed-_loquBU^$A%YMfT7*$P2w&5XvV&Z3vvbAE3I zKq_wmr!#3;G_^pbm*UmL0YE_W0LcQ()TEfHR^yseEU$%fjir@yj$19&Y&4zVXN-&q zym|r|$b-R!V5<<;2815rAK+)c>LttJ4}fx^O~%}0^_vJlXO=T2EXIU*UlClL&xW*U zki@5C*3)~v!nS{2n*ZH=a|a*$Ki*4zR=|vkx2mZSX+lUob;Vjo6ZO`z$TRM>xRs}K+G|D<70_(Iv zTFVK5F_@8ug_&#iakXSGI1luj*hAg;0Zw(ZM%wR!on;}K@= z-o0;nAxXx8{p4c0MbJKTmsk6F9DHI!?AY$q*&u44;MDqwqggM2K}F^Psp+n9{0LG^t}Xmhos?PFr!C)AtF+H zAe{O~U5SU`RFo!P)wru>YX%RQbjk2Mx6N!ZSFKmJQjsNk<$l9w?+W<<^M zvl@$vtbIriR^xQ49$VO~YJFX+7M|WoN#b|2r$-?G|k;$@zJzZLnUp8Qkm?LLoza#sX{b6-Oyh*X` zRg(UcMXVVCoY==X@7%dFZ4z;q9`O#h_hEtOa2-c4bt!>jHdj`G2reJt{AWIvvK|*`u<_-RrOf+i2LfeJ&=e6fw zeD>MpOPAUfvOeP2Kjml%518!!!+-eo^=sEm*-gWDX;;luQ{@Z_Qr6b^;2(13WMj{s zVR^CD$PSniael3$&7C`c4#bJg7+{skz4)14IM5$1c;CBGT5snIk_tn{`}|v{GV-z1wT7G$Ga5eF4@W05ZdA( zmR`Pm2|v9{^66=dp_b}!6-gi8z{xpZYbH2c8<7#@0k&`{mDYFp@)hku*d6l`B&ja| zCO)$EUvQS~SLanFPMrnIK35g00d(sZd+?~^&mK$}de!k~h#7l4cKq3cDMPP@`7`wT zSRS{n;m3l$L%J6S(*2Zw#jwA&q2mCydfZ+wrPs`IY6su(r$#NEJhW!gwU;)E?c|}8 zhvVxnj76AN1gD#uKjp8nn#ftDYX*Hn=;zgI*V-p@QRbwQ$#@6OpJDosEy=5xoyr8| zH=JJE?>jL$b?UT9aZO5jMZ^!uW!f04joD@Gu?#Bn&*q6#IFbuLQGYf0%;{5ujh^XU z%S#D~kc>}oDxDcKcdhwnYc-x_;txQ3)95#!ba|6yj7)Ah!ZPe6>J?JwPgOVUvplL$ zY;vWQb6??<#Gf^hTy57hT~850dfD9?PjWAuChGRE+V|-*7NxUKrpdLDgtpljCgw9~ zuUB9&VQoE&qfPt0lj8?`Aa&%+m6CG#iq%B$vlV`;j19grruZ~rd2pN;+BjxnQH`5b z%iiOqCYi96q%@A^z8`$!FaTG-eR&i#&d+WWW;-F?&Oqi3A{LfA)|7UMN?Ch_P9h_{7U1@R~f~0C@l;w ziki#4C>o1PEWDd>daYirr{#Fvwcdo&Dj$O0ZV>Byz_JjqCG@=ye(R(YaZqDh_fk8kK0Hp? zR;rlkOPoioRj|$z|2~FZiyQoG53M$bU$%xh{3Z=?$f46GFmrRVm^P9^xr`b>!=_2P z8ir@FdE=`j!s^F&a&=9-x*8-V)c}4#*x(I>gO|hPz0fnBiyMkdID>`?usXXZ1}aKH zRYO|`lJ&0K5oU?SVpVpO)dj%t*_x2L@FJ=#@qMgO#`k@Y3ormy#oW>3y@G?R%K*Ap zWy!A~fw`KfG@M-c0AplTD$G$)!C$&}kkPIO7!(|NwcfKSI-oz}@Mndjks`SWB~PFB zqAe=Ia4B{n?|vR32h@9YL5ZELW$EAy&s92U@m{0LxufsRg$WuFE|6XvpfofGLhJo| z!-JzKsCI4Hm~>IO^ba1^F)6)BsJKek*}aLic9y<0hv^wgMrG+BTJ)(GrCv8cYYII+ zJvk1Wp&6Qa)SMVMd5?ZH1T`zI?qXZ7zGyD50b1cJ%a}!i6_aV=%MHh&^tDEn4^Zhoh>*g0d zU9y*cz?|?$j|j-D)nrv5%;xA{uHc9Arx_@#BYDt-X*|&cT3a6A+>8EhKDgayJ(oYa ziOdda^R2O8>@ZK47oIMa{Ub5F*)EFPHU2Lzu?&ocW>UVYl)>d!y~#g$S!NRgB~@}U zBxvTEw!gQGJZ38Ll?vS|m}yp05~!P&%0m$VTQt0@$!C4fM=#MSO$hU18y;*Wh?zgd zbTw)lkqvFl!pc}(-gT0A57H=QP|_-g9CAUWR7lY-kevbZx*gYR8zgG$B6j7Aq4bBMBw`j9x^zKe0VK z59Kd$rI>Z#NqOewxH-kgQpy%Vs!n;nGFkoZgfer}?Q-qfq0Q0EM@?{OgUjqQ&r}H2eeNJ+V^hfpujgePo^) z;PmNn6=56%#yDK877ynyoVRhd>I)yesQ=RzVq37j<&`+20Jyy7^rg87FvWF@GXf{tq5=yj!m-weyIGOTd5_f(!^Gr zRJpdDkl^XusZ(Y;_Ib9UrrI%~RzdKjr4+|7&G_6M4MW)S z_$J8b+upu9`kPRdj!Ap*vpT76zSFg@mzReoRL6JkoK}yIxBFt&vu0e{A0iLKQ5?UlEeMTIM?_q`8N)%;pEncMmaGKVSw%H_rIl~b*) z4SUrGD5(Ce4|-hk@H5~?I@`kXa^kBhqxv~HHL*UjzVv8`!!9>pPROTb=3?DbuiPVC z;TD5MSXXS@JznyaSXxj-f2$I?G@k7V-#)pw@(zHdu3UEG-v!_4XYC!&2W%NU{0#C_ zS-i#a|DMxN_iFg9BWUqNX>7ip0w7i7(YTqK8u>>{-cjJf6@lmvldtvNz}>iU?$$? z6_>TNo?7u*T_@W=J=mNaADNxz_hCF1cSfQ~(3#^I_pKZ-`U|b$UvIMLQkQX84}IF4 ztNwYW`uY?A?mq@L4YpF{W%edn^Vr&&oXSg-_dth}450JSvIa#*??cDp%}#Di4gd;aDHZ9@{WQKm^=JotV@FM^*J1{Y-4FtrWmfuu3Wz4AOenM zEw5+qgole;D(ETraLn~ASoh}0IY4-N9ah>|lhwxl*8M%FqK}-O*Nc#>Qfs!L5Ma$v z6C?Q=LMhDGOWIqOJC148Gz{(W^y#9Z4*lldilMiraE#C>E6chs&0f+=X~0%1)Gvug za>~Y>lxlmjn9Y+$l9t8|Q&BrJHEEbikH4-8=(BEvQwSxAtHYG=-&$B)c5FAW8a-wp zq_a05qOi@TO{?7oNm}3W?v0n|ECXj%mce!f&6=H_I4y|oXkf`MxJnI7n8jaggP zuAj}atKS!@Ukn_;n-S^eSVfG0Y#VmcJ=;aGIc65!3f>kl|Bp>l5v#?d%^o>@zRd`t zgqzza$R6e#;z9iurmP5%B_@5_hTSz$1W4lU8UD(0(?>M;mORS?6?6z=BCfT7kW%Xl zvW5c;%q}Aej<&us?!+dO0c}kvYsw-K>6KUTl;HM?U0NyNmYv|T=F4)ITn34@ z&K+-paj7>dMzZ&QO4#dptLs@@T9(9A%c_Obz%?G@8-1|sB*6smVOK`o_L;1)gS91< z5Fq6<7s$HOtv7ius2%NBLinwI%+AjPG9`Cd*~VIyA-I_H2c%ja4~K?DBctOvVdjiMwA`nnoeFxN_6guXz@G=V;mVOOroiXPx=o~Gm` zg~F9R^u+2K$&b?3Lj9H0B*%@>>~7WSX@lqh4XW~$oD--2@WJYs1i+9Zb3g3C)r4cN zl4uJjVJctv1U#uZY_tTTjDZmz_jd@Zq2=VO{6c5^WkYso$F?d0H2#YD8B9jUC`DV7 zDsJ=@NtG9CqWaRVp#(3N$;s*QiQY8FcQstAdx3$kU-aga+~aUV+(VC!T&?!=F5C{W zsm=y7d~eVle8-Q37C?JlZ= zFV1xQ=}Ai`51l+1K=-7fW+?`(ojxh4XmhvRJN~r&xQ!1l*T0xGu{pso;HR08xoVr5 z?wS|1EKDT5Z#pW|>C`XzDJ>^2FN7waK{|r`cL$3Zk~WE}2;| zr%C4ynOC9!4MFn0ugyY>&_4C`Z_A~T)H5yh%Nulc4JYUk)8|k7mOVY|C@t zk&+3y>Gd}HhWxD_KQxgj3q{ZWn4xlladc}#j8*l+_{H)$HRIS^roC)NSN^ajlXkV2 z8g~_ocI!jzC43+nbRG*lx8ibA?#s`{-JUq@iN8U-)%-6`6gwL~!;xHFc^ebz-tp&n z@pv);}*1KgsQco6X1FILUq1he)%3{gF(?t&qq~)}lQ@?d9x-EL1fDXJDB^fCfX+r~% zy;1?@#r5NlKb9Y=1Fyvof-+yXLg2L^h}0y?gJ=FTec$`ycqiN&;JRTD^Mp%BP=xdhwz-)04cu_^RH!cVF({ zIk+w_$7$8s0&*1lAC%U#q8dq z;yCti_2 z-R>?SM6Kbazm^w%XxJ+&OImokPFsQ6MW>woqH4NIu zJe^83Z#ApMz?V?G#rT)GA%;4n=t5S%MYl?V_I~Ouoe`Pg{V5eB zaoDT?gmMQgEGP#>z|9`g>NK+;c%+Ga_=L|0qs@KI;2{&e>>u`Qe?m%O?zx#=#Ariv z=uWSf3uZ|HnEy4A^{wsp@DOTqR7Iw@j7_VNXo=Sb4<&=&dDhrZ`|fgsn?2yidz}Q5~b;EO~j_u)WM>gok@Cip*-2 z-DV9A!^HzMzS4zzhHx%}F4Zouy+N{{t#S=c%u-(|gQ3K&zA%?2VzkPV=~ zcy2BIZE5dlRuWE;Civ?$!EYt)mnGtgpSdeieN#qjCzv3iwopaRhw!2PaZCMXFLArb zLcsEW+D05(ftCP*3~V6!mxhR*v9+ji`DXlBppaMkLX{>sO5?hRhVm@!SyzhS2JEA> zX|P!?%&3f7u=J)p-jvMeLlKrc%C+2)RgWvYRx4c;Nb;?(8O_%Igi(Z; zBS{DYxQrnB1l?Gv9y{Xx9KS9}d5<#STTl3hQ$Wxgv zCiLc z23!k^p6MU)6<9N`kS4&g!0XMj2KW>M44|swFt@ITxn*%M{tmw5&pXy0iS%ocf6bF& zQQWHOsjMZ;ot$Q7v}5{TLUB5#rY7XIw3=Y9Am;^;bPjU-R%2TA zEXPU}*^hO%!fC`E)pFhH`eJ!~<>lxqr&~^|I-PQS+mhBAhE#M*ylXeSr_aLhoG_dt z!sFQ5)KT>a(Om!m$kC_x!lwU(AeXc)IRHQ1yY|?%M`GZ5DS1f$NTMQJwfI34+jwly zMUqDGFnrCJXlrwHYkhLWuy9jjB%ew?UR=pxS@hK;7j~-vl!;&K@Ys^pz|DNb+ynq2Y#j1@&>&&-66VFFxKAkyQejpc2;|A9Q*jyr-asO(sg=^u zQoEm8Mu)#6Ag$U$P87nnPv?FZ(0TXn{XhQkPhWlYwE(39|0Mbmsc61+>tSuJ*`WgK#iCuj1*idqEYMQabwot?3Mqw*y>tTn>^X&Zkt$-&qB&z;I;Yu7a1C`mC z@srb2>al|Djgb*yXiYAF4T}7hmUkd#9sO^Ge7-yNmE)8-^O-@6#b<3(bmtYikxkFA zlCB(-^k;aGBN7a%`{wBFJl`?>HYnK7(B8RB(w~{zl^yk`M++X}hH0X=xSSq36NsKk z)q_r?b+{}i%)Ad5o_YX}W)E$;VeiMe)AP*~Zze@m!(Gmux+;eK)rXItFyO%Bl9gn_ zYC;0I>>P=ZX7Qm)mkFQGQZ zmfp^1B{D$2i1`~P*%=|#q`sIkgyAI~(UwtG4TMsUQ&VPYHu#_rHlNy5`Xw+w zn*>fAi)gK_xfcTzn)vlbGA&8Cb9nyX+v|o;)sTD=&|)ZVVVPQc zRsGrVvq@pc&jBB_uC6`yxp92|cGlkG~pRwq>bzm^Z2$XBBDPWrU!*3u5@ z)0+!Fp!_YRzcF}FidHLc5&t{-->&x3)mK+vWZ*5)|555?ej4;gIx0O>^YSZY+3&eZ z|L+N(X~L*Iqc!i^DgQ(8=>?7YXyU-t{>41*18&Yw{7*iKRs(G*3FPLU83k`L_!0KV6YJ3`Mw%I;~o|=OnK+nGX*@yl zVk-+yX6rHPxl%iO_16u*EWq_)BO4;?HY;SMPd!N9B%o(nkc4rhtf`ILd*ZKp*e#zO zd~1zwhkUB7R*QSdPglSFMzMGM>hT8$HNwID75SO{@vf|?)3^-%n)#!xM0YE*eq2;# zrEM~CIyuYgh4aR9vS$u#O)QFXjmu&gFiQ>5^CKhd{sFJO_?8Vku&E;2R|^l6gP*Mg z&`LKskzg3YLr4pibq*?oiBl3~l?pK9urSav^#%sYgkH9`!F>Vovan(yxdoMqUQvMu z;@FTq5|ymG zg@pyKiu@fH9xp8A+~*2)Gd<<#c@C7qf^vZ4$mnc(;X7fjn4Rae0ufqe=MA^Z`}cq1 zHpkVHH>5Q%I62alqgc*oG`cg)gYBb_K9s2tq_X3b1BqPDpFel$(xv7`hHMF)YcD%V zKKS4&01pt}zWoh4TYGfZ=CpKq@ua+X;X=hF4L#*BdQb8vPo5~9R(bB+IZmRdPq*MP z;SoIn@-SCxaB@mKm4t?+L!KWx6ujV$4}N+mFe)0ZUHgDfEhbnrJvqz2cGd!F(`mj6 zjQZ`j-+ll6_a3~bqx?K`=FH8THyVXpm%jV%`!Bxu@{2FO!sLq=FRDSw<-(s8g;?qt z-+=x0x4--R51&6?Sn%@nY0i1m^0h+y;Ne4+_+(*0DK1?K24v&}LF(Fuf#nq(c7cHk zcL`MKtwLd|>)IdZMc0`Eq+erf=OR@{eY^>-3q^x_<1^jV!PE$KjeE2% zolmqHJ^1V;&F`WdX!^$a7orw6E7!V!hDu(CNj{)qK#7Dc_fT8wCw_Wv*TFak*bb(D z05-_>R%88jH0Uk73Dm7y&Ej^(jst~2@xu4LXzIIeT(M+mO5rBhA@ z}4;7$g5>h#qHg7w6@OvgA#whT-o-QBqtne)7(bW0iYzqGZBB6 z_?xyp31wd*hp`^((Tz3`#?2Ixlrg)Vi4B5t969{DO-1kqouPJPqxsj`^H|QhqxfQ* zCJBc?ywZiIwlA&3C{*Z>>J45o3PB~gLqzPNmdV)I4E8AA;z|b6fv*bz%4i$2;n3;% z*%}#f&y5Rjz+SmOjUQaQT6QUH&3GHlJt|)EABa_iL4cB))FRlM8oV89+;zxYp;aSg z4BW^;MhQfV$LidbPCS2AoK%B%h4)qDKZpy}tMmW4^dt;u(Vr;BefpDs&Bq7*i!Xtz z%53l%vpp9+uAzJI=P>w#yVx0Sl*Fp*9rUd2pr^sN^6rU0MaT&}8;cs}T5p-~#MX?) zK6*l%4yiu#s8+xJs=PTxr15C zitv`vzms^S>F9r_rM!mL*J$zy$L^e{ zm_XH~60TS}OmEAk#_-f^PYr{w3^(j&=>xK8k$Kpg-v7SA?PX|KP+l)(3e3ycIzqQQ zVd08i)~?qArH8Crc}gjzQA5?sf8j1NhMz%i!LPmm($a%y|Aq z>$e)rKo~r{vOH{Zv=VgD8bIQkPFm<1x13-lfJt+CbCp$$a<-6Q*<)s!#>n!AhU;q< z3c&S46|$JKWb=pu!`!c5eOlk?5G@@BN}$MZ8YSMSr6^+Sw6q|;g}dl-EUAy4EKv;> zY9#T}U3Zh_Q2*CDLNuC1|1+n!YK?M@%|gZICf|E*wa&(CktyXXxqEVohiW+IR>t-^ zuCx|Np8S5p=Xsra(7{=l`g7tXq_Xtj)4Cm>iw1HRwa#pS%DMCBPR=;Aeab>2Fs_P@r2qZzKNsWk zhws0C^mqXh$l#8%*XdI?Z{GOZzx^8r%5zKo^2@LP*Z=w_E}_5t{E_k?TC4< zU=7Lde)oGWl7IjAf5%sn3ntIYufM+SgnBrwhw*p(fBy#vtE{v z_S{*1t0)(E@~f}Df*%3AW))T`#Gd5IhYalx%nMx@g(}{n*o7y}4fHS=R0qnr%>LK^ z`gb>P-ca_ah_P`8GFIk5AlTd9wPdUcUVDtB*dq-cp@BIZlA6 zpk+srwoVbnY!phNK_F9HW_P#?Rf_vxwx&%%THHU;^MX^SoiX!IiOC+ zBss5Idz$6Fu`$Ab^5hvJL_SqktEo~2>4S86dRX=N(wV-c32}zp8d_k;weFtg13>3|l z4~&{QIitKeVP=R|`Uft*$j8!^v61!F$c(k>7r_5%3ODUU~c<&K@-WM18SH?~F9ooVC@Jr6&veg}Kvbgp6&YaRUu#yfj`m zgRm8r(lTmSfW}fPEB)norV>4dLtB4}5Z9+FaahT*qEt9e)m%=XZ)f zniuKPG}B16EI+w1nx~o(XKXh+z1`e)h~d%yh_0$u9QHT8R$6OUPM!Qm(;d!!g>_V< zNd~3rk-4QAZ&@U4dw}NglXT5Z#l#(~C)@EG^WHQ^5>X-43nXF_7)lC|dH1L66=X13 zTVq~Hz;cSYRg>d6?mbvw+o8k7Hf722o-FYJm4y121-Y`}kG7`GWzGGx0f2NK&dHf6 zYM&A3!K0`0B7Sr}Y9bq@@6pCx6jeM*k?xEgyPyql*^wB39xXW4A)5*9pguJ>qeJ}Z z(G#Cg%Pz!_oG6YcJ~28qm4yZw$=x6Pa#un;up#lmqbG<2s1vdg6e|{*Z@<#IGZ`!jjtI zX%=bfhdG9Dif{y|`zTP$IEUf*V`sR2zYPqIkUz5O^uvDq)QB+0kf~j*NgXV2d-F46 z$_(YArsHj#;iYCmMdZFI#_-12idM6_wO$}{+NrO|FdDRtZDRO?N6mPjr9Q*Hic7$R zJ2JVIrX3$=K~Tn6Q&Wx_b*Cx34E@j0)0fcv`;N}V=z(K;=$uxMiLnQvtqwH3V>;9V%nx0zXQr?E2Tc0W{4u-e$OGd4d`utF!FT-W zOR`3B>)DuG8(*)pK*q+io?)_D z!GTs+93wj^LRgux63PV@oMc#WRfpWQuQ2wx;|=rtf^yF=W*fe&*Y(wUhcD_cJjQown3Mb3IvjQo+&^g)0sX6O+p<4RLafb6E@}Ex#f8kM*N0 zAoVHj!e9K$1Tf3;RXkSnH#5~t=K+qDB3Glz-LtP=69e|je9lPBmBMx7vEoNJUX6%# z^3dAL5zb#UHfo{P2}Z3nTYEn-mjKMn(`?htMTsfX0=&qMR!X?6qQUxs@76Xzkk4qM zQa*k&^jn-3R7s1bg<6~pNxaWW_Jn9t@x#ki+x4}2NT@36$ig=5v9vq}53IG$Jm4MQtm%`GURHJMF|tT*Rth3S{?A20ac_m%|00+8 z0LFWhLTi8UoSHkCf+LvEYZmLH1_7kFUNzAAhtewsxOe)h{EpFMIx4!%CyU#!W6BkmUPlec&kc%hbkLV^0#wH&x zeLZ2evL!aEV4oZ)IaUgQI&l2*VDAbiOYV|#dy07h(KXzx?t`PO-oIY8dLO}4EZjh^U%&o~UwkI5lKN&Si$x7c@p+?)D@%!pu6pJ2B^9Y&M6Sg> zUqLDY8kU!q5rck=QWnln@T;K7$tixZzGIq#-@SWRWnH*<;nuC2pL}wwIjwRdhC~?M zJKuhb?Z9x=CzN2GkeY2kG_K1Pgc^o33txvD_)N@TJExKTvRN zDb9=-6TI66Ki1M=rYW8*u(xHTX;W+5F=sYuS4V9KkiVZ#uzKiSg`u}Wq7-=Qh-$5Q zUjl$N*5F&F?Pb(b1M1x~ngTF@F&YFz3Nj2!Ow!#~;fW`AMtT{L4e)UW&1i6d z3Jr=@WDGKG9d0j4b(ihUb}lfti`}BVjpm;{2{(=*3MX3@gEZi4a2PKl85(bno}A&u zqsvxY;L=8(g|jVHoX$@VpUD2XdS%TcltoXTk8=E38DXd^*QvFBE!&K7o)twT zMZFeF%b<=0@uXniw?IPmKYNfH=Cx4hNQ>X*0zMB>7Vk z|0!QKNS~bHc*;KUmh>{L8fF(A3mq>R2UoDk$SWpP9SMrALEL*Hwc z4%Tg)VDYZNvEy;ngQ#F{O9Z_sb0A?+k_o-Lay1j3*xp(~* zAz<}58J-dnMSwOEY$FmYD~uDNmJGG*Kv!p#Uk8`BlZTE!q$J9vNqjdRK2Se&?d3ge zFB-_PUY*nGv9fn>|WU?w)pQC$h^)<_II>_c){F~O7 zM^+b~IFrbBXa|#?IyKMVf=Nr8;&0^G*RFkG#bMf4Te&XC2HqRbFd1Mrvmd(wi^JUP z^sKlp+XI`@UNyLpfH5?7g;BA=R>b$>>tMZ{g-gBoV-uCmij*|W-yGXiuB+c0Bu9fP zHi|fyFrJ>sR(`d~DB7H5A&W6$>BIw97E9kv2`jgl)Znu5fRL$TmPk zkEU#yL}&_jNk&V0-V(y_8UPF~*-6VbN_)t{zsWrd-eUq~SXPN*iHd+Y#{HJY8w(gz zTz!cRlmk`B>-p|n&{bdfTO?W)M&{R9Aea&)Y1`Q{=X zyn@J7>Xj>(E??pR$I-ANWiE^B$sw}2X-Yz@ zBiXHUt=tATFPnR!2X30;({Pkr6%2i2_^QtT|N4R53 za`)anfl+VYzA3=xg$w6f3xq@?;z>TpO9{0qYiw7MdHK@0^XECj!h<%>m-135KSh}3 z%*PE>)Y!SXc@CX?G`(@>bZhw*TatTX^hJ+7_u_VW|Neu8g#|+$uAGR>{+#kXeQw(4 z0zl3)RrJ#b4<9KAKh!H%uX0qq{q=1_th;ybUAgkWphyL)6zjCqpi&4oJ3E_j(W-{` zDnDbF;H)C8-n)0t@J#TcD;RzGGM<#)TqX}7dA0ubw=?P;q|mKgX}uS%^XZePRco{O zFCZ@8J~_I)1TZLtH-qN`9x#XNq@vxsCv?*)?^S$5;V`NLl6Rk;%K@FK(78^!S0iW6 zoH~2=wDp`(ldh+|Z^!}De&92PTwC*! zN~8?kTW2xIN4~TlwBAsC)67f5utPnF}0fv6z-4k~HD?UQE@3MG|GN%?u03F}O~ zOu4*K!i;s}S;AxjEl6$yCwLCD0c%F!2YT?f8k4P2}Ebe)fjGOmH;WYH1JdWtuB3Qtj;LxZ$%LZG+eR9Tx9YC*t>h z@SlDThmX9xw5X$F^u?rid2QqIlO^t<4zI^&no}ncbtzOtLUd<~uPfTOdT>36`2_)B z=wQ$gPn2~9$Wj?wP#Xu=bbv0tn{jm3>6IZU?x*ZO3^=|!Zys9upLA9CmuynnIMCR@ zu<^uBs|rmDUL;iGR;dEB73+Oz=wXFbe+tTz^HN;v^Dmi>V2RB6kD`S(Q9kEusU(VK0_y3i2E4U zCHGl7CgWmH^tv9OPZRM@A#M##`xW0pt@=#T{t_ZC@J9~ zE=ly!MmP|tdix{|b!vNL+;(d!kr?oYz_d3=Unnh>qAS`U}WL15!>KdP6zs@pEe-_2dPXd$jxTOpDXgaB$lOKmp zOLQ|cCkHqO#2@egXYJ2fLEGG{70ao^FX_pMHo#tiY&lU`OO}@VCg)Thr3mH=`{2O? zv>8xg4!=@-LqEkRQ{KHkiK{B@h4bexT)fD^RJ2sss9F_t?b-+6o5L;@s-)a=5zH_7 z+&NWxMi%OegOkPKkr8jsqW|H;&4tGc4<9~)VP$0o$2j)kDyr0oVh*?w75(CuI%>sK z*5>+b7>^RyizDk&?BIaPRas<1t#ND9JhcK9H(YDO3DjUUs5q0k+Ve2LJNB%MSY)1J zdP4R@qQx%FFb*00i*|a)N`2hLDcRwdx$^kY0#{3J98|6mU&}W#=10bXTUt7$Rnx*}x$@k|NOMO2n$|qmPWZo!q zkcDJJS0b=Ced`UiNu$!7)T#HHOp^qkTp9vOw4H0$uEEw`0zi+88h!BKp;BaATJA4q zxTPNFb!6HaE!s9ew1g(b-+ue8e25tGyhN=_K?oaONhO!&e(Jsc=)3Q}r~Kn!(}PbE zkjQp{&*(Uf*KGtPckbMw+jYHptrI+T>gop{oIE+1g8M&LEGLyj{>~vubSz_KZyJ$7 zlq=Nb{}-8m!7i83TAhDJ=^5_kc$S8<@MeS%GMe|#gdJs5oK`iywH0&yKnhUjWsitT z*>0hyC@T!<@!QYg2hW46N4(!}&V2tx_=)fr;(rIT%4x z>~AQK(shTkpD8a@Hd1f&I23pKT0F=7Wn#6KFCBj9#j8 zuT-O!B7D&iW2V84Qu<1wc+1-DoK=gkl#$yyM*6`pvdX9wKKb>6?eQRZsBwvXOD8H9 zb;w;+0Nog%LiX0#Q@v9=QqG;1k#K+SP0ENiY%B(38@aE38hW*7!;B1VDv0b(G|&0f z=bjMz*(eV2a%mFS2Ps>7v>t@tICO;k>Gc1ApWED4)4j{PSM49kGfB&;ox%24qM~Y~ z5pwHFJXT8y#6H_^WdnMU@GME~jZZKT?2WXTc%^G%eFX7aZ4GmP;XTynVN^H1?F&$( zB$wZ>D$fVXXNSMj&yl$%ZSSPKrFh47bw=J}W9|NkOE0<^R_y?4`f|ss`q9BRo^<>f z;zK7tQTop|7H_)tG9)K^aH!)?$Dd)bcqil`1u{uB*`1sgI(5qtaUSPRPMtqJJ25t5 zad9!LMa%3-%4@B|u|4`<%j#B=EU~XRf{69a0`1u|Y&AARQzzI?(wsMg+G<6~waER_0hbX0ox~F_L8|EUN@KNn56S(vJr3UAsqP^`7le za6@xgxeN?sfa~M#6!reuGIjk?k0%{}8Y4RS8REl!?IkVD^vD{ARzDi0-E%S+PM`(0 z3rq}}OrCL8?_EvaywBRh)*2hUH|=E>ETX#_WNSojdpC*tuj=0pzOkd@&k!GWNXXFp-SR`2EJkTU9Jk3Qf0>D?>59y< zWj*P{*3#w4lfZv)1!+GBqzB z$l>7##nMN3+rR#sMVi^USutoo{q$CIW4eF;Cw{0Lq_CPF(&fvSE?l^PA(&@K zjAmcCX951`#x82?mMAm#mD{N+6Sua=FJ=aaI&0GSBgKA+!_6q-aWyi z7k=Y3UQ;dNDPTcxy~Ju%S*NUMwWq)wT%yB&Row_cj8VNTczVhD@X0&KJvl&}NDC)C zBCQqhOIEoD)EdrPcQ>n2<5s5qd?5kelZH3>rM6=xX@-JD1doKHR*}7LZoYn!Oh4b` zQoL!jH9hwD@e}HZ7OJV=DRMQSQx}u<>=P$=i2lpJ{Hq-Z{5}nsvhv&?7x_x9(F0W6 zjT;}Un&1BRw|9TM2YC(dsG?lp%T*=VsCP;DmHzGD{teOn=YRees!!dCwf#4L^Vc_T z-k@Q4#en2`q29mw=9_=`hkv|t=UZ<+yng-v{J;JWt>eot1@iuyqrX_x8bW1pf-cgp z-MV$t1Ck)uKt$uFtHrT~;qKkLoJ0p2lG7@^O+VWwP`fX#&(3bI&cOV?|M$QC@sEEb zb;G4byj}whihTY0wNF3&)Rb99*!YkC`2W!4bxMes{2XG^FfUv<|H&t}KKke*xyVuS zD%T?7mFxEH+sdV}&zwAof&5_0x3xn1XGq&)bo&>!DrtX^+8^A)uquKrMLPN2WiZJ($j!(vcKDxH?N7yX(e=F1Yz|Qu9o|-m^CQq#s92VU{|* zi#t?>EeF>KR^VkDjLBLmBLN#xCWWl1+GnLkxVQei@d;&UL$aI`cYR&%W4urGcS#b@ z*VtZASoq<=zXlgu7M_UC!1uJKMRpnH;J3957h}Pm zo^)n}a>)feRNP3*a2^)I--=niUwf>K>lX6%y6U~#zVPaZ&0JCs4FOQ3Rw+G(GqT?c z_X#uiAAY!N+88DjByJnR0XC4p56dptl`N*FYM6IWnEXAn@DedtB={>&T9xQ0{G-oZV|s5p{v61jPJRw%Psg7(hd{xmnD7-MCu z)6e$;u?)~=R=Y|GLmcc5aSduSnU>-H5Q(`|~DWI{q~NSe(<98*T}@sq35(X;p~&wL~g4fU*Rn7oxE)v?|A*p zX^uFTFJ0otV|{DbMb*j{Bt~U=|ARR{{FNwYB+<@9_9LQ=id+LQpSe9{{7^wd@7=w} zyXccoZczrZ8-VS4uujPNjIZb1-1q3DQMeqPJ9iGA3=3CQgeDd0PY6+CNYO^U|Ni?Q z1YQ-;l%pqaHuw>f!9qqyam;N+^K4rbs`$=IJDjieLCB4lyazD+=`hbQBkbv-tv(#| zkjvg^1$-JbT+hIkmIS%X605f6GV821^0qVJ80jZ+_=ZE% z`l6=1Q9H0@Yop#OPOGCT&-J);h>ZKYsqFAAY<$D76wPOH;6CPM;A?Tq*&=@dRx|R98jY z6IYbOZ$~cR4?bAZDN&H6z{ew08pAv!)D&D2QhsYEj6bkCyr{|Bih$J?}p5cs6roZ zxb}o>FAv7{Y{G85_bg9_-*o&L=Ek$n?=gRR%oy3qCV}zI#M0A8K3!VT%o*$4pJmt4 zzlmPxUCrO|;4I$b`Z`e0)<8PeSHqprQSO6JmzI}SR!d_$&c3(3WR1PIoI6c=X!XYT zfeud}YJRe@$#tx`lcsAfA5elp(HG>X{ZF)h6Av>EFwDK_g^ED4OQw=VF(%g5Ns&L@ z1JP2gZmrLe#&1#=@+ycU;EEg?@5#)w#_O!E+E6DUcw~9dclZQAX7a62p&M{;T9td7 zQJ}v(=o07EUo!1mN?UgpyLhuyR~L&UxeHuc-JEWhYpip4CNa(6K@Y0;Z@V>sw{{^f zF0*)rTaBc2Y9^F%ze`_PQu>_w0@jD@J?`6&Zl=~6kbC74e!A44dn^UrYZk@Zi zq2Y?{My6xv2j3|4+{SP5SdH7UrI;F59Exh_gWp9wD)$83T~>((*9Th3y7n91?SH)r zf3lChL|r}iMp@5@)XU*7`$tcr2#7|j1aamTJ|@9rh(I(&?&VzG^aEidA%oT@$x!ZL zfxyjai(|2hRBPItFlOG{NE~?A(APsrY6su=w%@(u&wiX~?>qi<{2AuJJ0uUo#X8F8 z&S~{1x!K|BIM8vR<3PuOjsqPBUJD1zV;N7lE3j=iM`m$(^}BnI=B6jloj!T?oI?W> zWDAUoRRx7?Rqe9!WG&wU4-1TmFndzg+9#(SddoERTFUZXwNDAow;k@#=DQ0-WB9A36;sZy_X)Ys^83<@zv z#*~qZnFDr5JJmwhGp3aNay`U*xX|O2LfOfyXUsc9!nYbkGa1mY_=D%}q2oZufsO+m z2i|iIq*LIpHZ^_f>=-{qOH!6GCMSefu|73wSipVL{u6z=u9?%Pkc~LTt@F3P{XIuX zUACW)_;TykExvJ_dybZ+wc@qORr36W^M-c6``z!IfXpW;u9y3-dl?7*@Z*n*ON+O^ zzAXxl)e*s2|KczHTQ`8{lniC#8-Z)@Ib=h$q4!8&6~WJzWVC+mtTB&|EHh+@cHMW+g!bx zXsp&~p_L0SC^f63wS=7&CPk>1){^-j+d*XS*iv9{_edrd&AV=`iCr=liEN~vZckicfzx|GTDm<*Sp05cg~|0LcO77r*#SgtN^ z7W`%PU+C0NGk53|?h2EB|GvI&?$jx+O6Upq>ymG)l!NcUnv(%AiA|rS9!>&)^}wHe zeKm7GH8(S(=Wu*;TwbV_gWOMtQFYH92RaVCnH$E8 zOv*c|hB-ict49O=cww%tKYp^r)$+{ztPLQi=Vu$F<6`dq^e8I5l)slz`i9))PHNu8 zeUr9l2adC;7^QVm7N0b}Wg}e7%2~}6LP7w#ne6-%l+;|ax*q+wOgVr)$*gK)hBIlo zK6~#^D!{FK($l2Rs@U6nKN0ri>5@-mFY5#4?&c>y=13-_wQ(Z-RE`KsX3!Y}=$u5m zC~9*aj$D)iH2ly&m6X}0m@5QBr-#l^Bmn;8E+j32@x*~+kWY)GF?CW$XOw~;)+u)6 zUQB?;d-=;kM_u%!jF7Y}D#PQtg%7OjsexR4l&z$AX&j){4$S!2Vba%TxaZHGHHAc* zgoztbr2}AIW&~o`?30-(R;rbT_TW2sY-w5d+!o8l`QTLD*W=?rs}cCe`+{*~c|lzl zghXBY)2JRVE^AR5oj-!;4VUG#l#vtmH6=317}s<2`ks^?Kn$D|S3`aPSof*pK*xcO z104t6WDXp$9r;ZzYDZhgfsO+m2RaUP9OyXkPI4gDF<0#y&OCRW)hUZ2u~LnV<&Zv; z*PRO|z)hCjEm<+jc(&5R-sNCCOOB(H!gM8WC{s}|cUN%$J6NNb57_$fnHi4tP-K*N zrp`O_AA+aHAPspB>?)mMIFN=#k{JrP`$qSv0JDvklqQ2Y8 z*@)V=9zua6%%~o)G#mLi9S1rNbR6h75DsKv!OapNPu05gN4jRqTJ9STf^TcU%GE2UPoLpEV?@#L9Nj&RN?a#}tZS#)QqlJc?Q_&yEJY2M{+k5fjVVbbel_Q2}0Z@xLF@$2bCW8LC)T^ojEj2OxQI zmQo_+)*#t}^;6Q~hik*X;Uwz)$c-CS0&S{`jMtH*Z+QsqT7& zr<7I0hYug|4{p@@iGD6wuz64)azrYcfq6i%%Q4g3p}11HqY4v57Mz^?9ui-T$`nl| z2FVGp^Y}6Msp;vIlno82hv{+kCd@SVOfE$F_DLoTnk-8sA_~WJk040_j{QhNLfEw!?E{}uOWCQ7Ze=? z-zYA!52T>?aT}GV=TN@abVhYsUG~RgRTcB(<8%4kTElh&brMC?5i);jUW@SZIRqT0 zKyM6;xrtWnulfJsi5UvpVX{d7bP-ruRC!UqOWZiBYQZsADb?&0 z<$sAw^QW4}>h4(75$Mt(BvYz#99g4SE>wL}bYyL~W^7v>8y%Y++qP}nb~?6g+qRvK zZ5yZlnRV8zsq1}Hdsn^Rejn<#**^tUlEyO+`7_L*^1Q-+rKp$Ua{w?9H$C1!1v+o8 zTHWpm0_EPr={MLDj+IfDqCf*B+rVxKRsjz8TNF6)L#P=D;VZp1`)%%-!pEJ}Ry!-P zp&+BOY3M9rDn*l`FscQB=Tz(+yRE(54r3D6Z5Y|7GAz4> zd+1hATd4d^VO6ePdY93-(D41-6WcQmkzB4v5l?#pH=6Jq^`xyL<)*e)nRdT!r zxuXx4JPq0VJqI*OW5QYmVee>qzjWzb1;%;-H#O^?zh^d8Jy~(k=QRXeC;*wGw5w&6 zc?@Q#+c42klq`9Qn72*h+m$S$qEW(G!Q>!h<#;%~HGYDO>kB z?zxHnsl3y~%UX%)4?(Q0&qof!wSB$?k4uEq#$x2k{x^T~Hn!OmK9ONwiw1f>jbZ=Ha9CZA*JMB5s%t|TKOCwOBR+aUFr}p z#W!kLRL#B~(_`2cUDYgc(o!!P^5_OsDH=Rl?-jy$BDY*Y0TD-+`?PJ0@r%q0%^~}1 zhda8$8Yc3WOK=&Mb3ELBvK#tw&1C8tnc@dlUC zwLwBjUj0;}$h%N5n>u65J|Q&?f9wiu*x)ynczagdZAG75uNxYWniJ(0Y6275=u@E6 zn$@uYRT3z1o0t-=j9@%q38dvcPS=(aa8+kxjDpa1c*=3b3)X^QkR8+wU=@qlZdA+` zD$54CjaE{d_>II{qV%26>zw~PdjRzo@W%otP45tDvSOP5-JJ%mT_#g zQTW)cj~q@%Kvdi`t z0A0-wKqTKsNy0=LM)3lBqLSixXT0B+M6D&;C&;rW1MY8DaZvH5>~XwNM$Kvcujkh& z)gHtfWp2=^_Gdku%+^KUw9lw-7%lm;v5vd_GE@7L0)nMudaRXo4TNb^MB%!Q%I!Ig zHRE?xX9FA&Oz^_28J`Unu?8(2k%w(OE z$)4|g%dFa*wJD%`BBJ?gP_}%VLk8;{u*SXar43ym@w`2x6M`|lO+eTJ zE#74`QKU3s(5shz z_EvlMgChf+umAIrC-IE#c)eUh|E<7Yi2PKtu)7;>7D@LkTza;Xp9HYbUb-C3$$~2Y z;Jgxc5jLyW9(aa&CeX9p^NDXe60x-he_FEj9pk8eHkp%&J?s32%>G^iL4R+N1sO+s z@T{UCLr4%W=k=uy{n1-1Y|nS(M0~j?lood9``M{$4_&c>tmztWY4~Atz|2l3wgOs8NbaPI4 z^(QUCU2gSj9+0<5xhtGF(Udf)>inhlBo>}Mvq@`s#WJ+7@c;KiPdLcQ&m+eBdt04 z+q&bmn&U(E5}_PvD8x6)Hl>Z#)P1)~1P4nir@=dPt#ccfVH#%eK`d^ADX@N{awayA z_x3$+h5I&?DyI!ID*CK-=@xD5KdtLyqevsHno*VK~ z(&+gzluggda$eCu4E0n`cmNi9)~LmYjO;%&%#tpag$MO~hFU-2nv<_u4 z>)>f1g%laqF_7`Rk(&Pae#$mIof|>-vD{m#;lq)&bN8xxcn`Q_M|zTM_TWk$5w|?B z%T~KLiXV#pM$@*zNx7il76VtiEd9eISmFpzy|pu-kJqt>PJ87-kG z!KWyF2&0}+m5FS7ZojAbXDQ15fR8lp*I52Rl%@Y}KsJx{3zA*qw>59Lj$o*wcIOBM z`Rg3%rZOP*c06;55#8O|UBE$?*wZ)Kp=3TuJR`JndLa zoZRgcsy$1-1OYEfR1zvKf%=Igi3$}OsxLww@n&-3h46&D5xO|-l5OluAmTVqT_+jW zj}zNIise`&uBwr#DcHFbR!)m~Yg8AnAC8+t%)TQFJG<31nsmO;kQhvVJPpFE?6nw> zw+JRkPxk|zZC+L`su@G9QjD7Zl8$VruI7LTeY*$IxK}$RNh?KKJJ(*ch;&b#rDTXB z?D24AC_`8fT4`l;!7vOC_hm%9S4zzb6DVzRvWo6Np1cfc(h?Jsr2UkmgOd~;g7t4; zO^n2GEWRESn0>$5N*a(qCc-RP*@sldIx^HSgaPOVyDc=_-d5$xF$I6HvR2eaQB}q$ z@CMcOU)iF&c!glQHA1_9KtU001_8A3jnRtpZ8e=5H)NM~j+z=|8e}<+tnrXm>+iw= zi0z>%ZVs(8G{!;BEIevH<=;mKM^)vPMaIwrgW`l((_JvEp=#PM@j8xcTCKLE-NkO! z{r1grmvr-1P+NG(2(xa0XU*mYp5npbTS)?D}2(>e8Q8 zj^S=$fnfdKm99jS;Qjf2@yjDD8s?fA#iZA@Mwak#Q9yef1;Q_7m1ZpqsQ?G^4VK*`3=@Hh zeO|70ZqrEg1X;64Vn~YCk7zv0;)<7L&vZ3@9v4BG&Herof(psz^8F(PON&N2AQP7a zT5lj(voQ+7mqEGp6nzp@J58SJgT;XJ1uQ_=OChWXACM9<0XW^ApVss;Uld{^Y@?!m zn_U~1V>!F&3?@zisFY%6B3eS%UlaQNWLq*zu1h!v`vW`qZed{Z}!nt$K2nlO3Sl`)} z<{440fi&753R}FLY6s!DG^2xYx^O%wM&|TLFA~mJlI>-jeWCriTDlscTv)m<_NO~i z%+Ah{XJD&$9Pjn;h?wF^3uHKYj3%Q}Zh7hTJ;POmr!iqLjE?~phtr98=1-ufXc`8M@aUgU=XETK*c(S6Z_iZyqtUPpOw(`X;tseM^EZ${p z|6B7hHXiG-`58%ux~8VrW>YY@^V>k4r1q%?w7N&trH9Y7opt2`P5LcovaN7O zS0vk)>#K=%Ze2(VcW_UZe~`;!)cM`Q%826=_q?=w=&1)VQGR7DK`ho~fik8{v1tg8 zY;bl3%T~Rw6lZ?J`S|y=f5A^~j?E!-5qVe!^|=OoacBYAS9rO~+&s;5+v>uo>jv=p)E= zBN1pr=ltIXe%vnShi*GQa-+CgII~FgSkC^jIHEba{lnwgqCLO7f2ctfVdd5U&%d6p#Cf!PDjiKx?7eitbbNjf zL7N5Y5)y$QQIG>sjJjVEE-q3iyP9yEeyj?&Pe8*z`%$w7f04#isPGs84T!AH_Yc1c zsH2p_(Nji-u)tfA@^cH*Mq>fbXy9>lAuSKPPhHv@xf2>&2BWiPMNycu+Eg0q-C-P1 zfhyexXZ;ImGDR;^VfpF%@E<4XWXucDEhd~BTH-6pAT}BU!6jo^kAX{SMpAd|P{gak zJ5w4Hf8S9nYEVxubBbwz9xkbR4MKspGI&%41N>ELj5 zA4tupoxsc;pFr&$)5B-37t?emU&{ndVP(!PY9X*m3r;5UNbg44&IiA~{2{o$;3$oE zpR-rvuE(qX4N2<(2Ru$DlJTb4tb-iFn;$f9ohQ2QF6vli=#nl7*$e`%{1I5!E9m-r z`UcN&n}PaaG^F6O29YxbM%5pFj`p}nVj0(*r5RUl8q*tq&h0%%n?0y7*?LMp2=TtN zG$EcVHb%3P4-&zeap;fUrp{fZw20Rb3Mc}ccD1tM9^FkONxYMrlf6tpL=cEAaERiU zbi`=~xn}!CGb%pc3MojPAa0z4QVzlShX1C|Ki@4@NDD}wTLD8|?*9$- zuIYD+$v5%=l6YV{;>=hxEzptO`>mB6oD~R(g!KI5UUd`fY$NlU`3~0P%TuA4Y~T0L z<#i!5L><3{r`&(;{ScONl3@b4d+v^g1J}h`z`d^P)+oazO2i2BkKFUyo^5s_J!hx{ zTCEo*N@UMbnluM5Exj`TMi4;g=Ch`oKQT8`>D@$P`c#h@dwpchf?cH7jzh_xWmH#R zSNAPcbe5D@DPGd())lq19+s(}igmxNDEyunNDS!M=u1Zed)fD{3{eK3A%V5uDnVOH z7rD8ciivmJQ&Q^`8A!qE#agqxD4}`&`Sz%#sN#h0Z0#uBroS4hWc|5ER22(y<^QAl zuW7Q=OH{{$oexjDh-Y(}LTRARiSeUMUd^DHW z>5A1&|2uCfACpj5sqhB3636 zo`IlWePlT13Q+kgS-(%8uGG;%5Sxbz>=q$#A3jiQ=_r?b%9NpiGpk3-!B0?iMhy~mAD}bv1E4$p)kF}O@%X>*l;UlA%!~KO4#B?;t zW4qJi@^p@<2&kI)JT1ylSJ!UyJUWkCfQThB6$bvu$f}yPPdyM7tbh`s5ys4Im~$D} z!UFl@&KV)utwFZ4SSq(K@b+7RP_SIbLDF6aJYT1mPY@Cxzja3twF$wo-UOzgnP6)-x`Eu zomzpPFR9jf6>6zOdk6x-BHH*PKs#2KC&X@lInx2E1ovZ}7P+W^lxB z5ILjxnNWR4mOOz56!p@R@*bitWjSzX(ekzW!{f$1y5FVE)Ql^;R(E7a-FN+`XF3oy zEbb;-`A2r*Z(6})i0Yuyg%%;ml z1KxZ8OgHks<|ia8Ym4U(jt7ry%X8C~OA_O%xV%cr7CsR^*qM=-iR|dp z1~#u)!cTXN@H}vGx0%RKxsA-zv(h4D)=!^Rgu4Ktg_w!cTaJhzZ}+v>&G9=QY$Zt^ zgu>d7X&>yIs8Fjub(L>_>@`3th~q-k{756Q6=Wk!%$(K)z^|w=hYaDg)=j}jOQthW zEG%o)QSL~^FrrY_RZy<608x(ov@0gKfk)+kqTK@;;PoqGRENhD!E&kdE%1%6)};OA z4;=X2B+yW+-2RbQ`R{Rurl$$E-3tE-xjKo>)Dmj_Tf+|<_AV(IL;e>gW97^AgP^it z>m&JUL5ESKaQc2)oQP;zFWBkJ;93{w#h=5f4SOXYI96ZJ%4 z^L}-a8WWuU=ol_b68IMOb;@EGnl9Q<%=4DChLU_KqESrw?Mc#Vr1=m1B~P5@9qðm(%e*kTiMjUF8xVoBd{p1Zo-7;W^j5pmzvSt zQAO}N+!F^R7F_a;mMiijx>%x4Lwj4hh5m$!JW$8FIGHudJ!X9GPYwIq#H{V&<<_xA zIACesoSP}xFdf_RGV)^nrp9eau%|~FB`K>Yy^g$DE#wL+9G#> z^;a6K@n=1iyDr%wB&4(1uiT0UoN%?ZDgE|a|L#M zmji`#Q8UDK$&M$@+S1d@J)g!ftb#U8yxfg$iaE|w*=*0(-My>L*1ZS3cAaidctTO2 zI>gJ7JiSnm2G9(r%e91q(O5x3;Qgi5xd8VxB>kh-9dFp0RyP7SXM%`eGDldSiD~?J zJU)9KAZbJY083>XMAdj{3O=5@v(Hkq*_^#yv{$qmgv&@f&LFkSzpr^It#<#&NfV+y zp~tvE(47xP;3)})xm_<$bALWd0b!_u5;)!xQ1Y*S-?Mrk3y-gi$64kec!DwkNZ73K z#jzB>EDb}d1Eq?gB;hNLFb|PYk=Wa@%J+f^!}QxvVZvJ6Ww0Q@1mg9>fnt3(jgV|% zh_3)j9QpV7rjB?cG730*1{vR{<<#A@$cP4GsX3x)dpc}Bl6(qIX>fON!D99CqbGnj zIrmU2xBj1JOe`#T?S(aC<m4>j}?N=P?lh$y3B62VKHZnq*^(~LiCsJUwZvuFIAT3 zr86jVK^*w}zVUwj4c26d1hlW4mD~yH$kc0#lI>t>kY#ytSjD3Qs~+kNq5)=;FG_!OdcGU`^(47RCVprj)Zt2L;{n3p05 zOT;`t-l%u3(tf(&pV}@a8b4e^~4Ng%n}^38+&Cc}Ri1c~><@1ZVr2Ur%J!R3VJ?=bCX`YRL_%;Fu`@Yp zQ?VK!i(z4zM`M3229y;#uX&4!6-B`&Rc|xt_nTlPY0Z!hkHf77VQ^}~3h558b9X{3+D9fMin`4LA%}1p7{G4ps z*KKLx8J+X4`-XTB{k8p>lCZNDB*olp#4#78s`|DiXEs~Necs|b#VKL-kjpAdg_ikWx2Ogiqxgb$C z^|`j`8cX7zl}Qy@ZJzX+*zT&70O4{UN4G*NlFVCl#pneQI?m2l$fhvF(2`d_1|p`B zb!tQZeEC>q~6Y z>BxCX4^+&BZ~j?rzxsG6J}d%ELp$hMKvN4uR*ZBCp@MxM%;IY`*U0T5y<%Oj(Kqa( z(&{GrTd$_~eB(xI&Ucfz>)YN>>h8(un!~m{07v<0^2t|VJ_4<*T=R?VjQf2_x->UO z#QAw{J;=lR{~TBBy2@($2^;uwbb54hK9fZNda=9nwIDIx34{mQ zkCH>-f}BVkUus?B>)?^&@&T}WcG?NtpFRAxRECyIVmtzaDw=Fa?to?@=~cLf&-Jy; zW)bs6*2oMshwvs9vAzAuQUY``*{MP71j$F16LZk4>H-)GT*V2*;o3!F1BA|RU6=^5@8Z;qOD`pL@a<$8NCQmlsp7FIvGkpNJR>s7K9 z5_tJ)%9WbZ;6x~yuCLnw)RwO_hgUbiK`E1zkBrL&^H=fS!&g24Y4zlf$mRolsZGGv zRyVE?7NH@oMvNbjD1k55j`}EpGR|=64OUsh zaZ|;K=b*!X;`}h&}l{9_$r$*=1s3tEYF8Fi+<8zEz1UE-2K8r%OJ&2vCP?U$! zfk@S|1Dvkd1~Mj398mT_p`Q$fKxo#N$@lZgEI_u%K@Uq6C3df)4#lHwAw6(kPYr9K z0|TB?(FLUVLeS^R2L{5H;Hv1gn+L;RhVo~0S05SG(E}6H{~%tVq7H6QTFx7qS-WP+ z_=CWgvY)u{d44akV%zKMJqD4FqiD=0uL#=<@e?w8YWpxY4I8Kl8Szy*nW~{6B0y4^ zn;Kk>4}l1fY59KR_jTcCPboFnw1-^(C1)x&X$eV|v!u&Lj%PmbHY!ka>m8C;Tti*1 zH;!6}mn)Zy!H64*iz*5+9tngRO2Mg(b7e{Lh{!Uf+OLjSmrFo_UAmG`eH^a2h?k}? z?w^dJ0M(*z_Cmm;jDgCf0u)v~^6$MGyVG+vNPzGkkYc0mh$yZ#D0|hpqN0i@gBr8g z75}A-hSLm|yJUNzj&9D2l+mks5U^yKDbgGm6p*)}s<6Mm5yVI}`MK%f-BKan&$b>{ zDNFBfIoyn%`+QDj2_6}Q*%hz0_N+d($3bhxs2Kd7q7~tMx zp-0B)yd|U4@`_YkLf`A^i~;!*NTI&}%>wXpAR>oWx!GxrvmSD{y|;n7ogcbIY>`lV z&Wmwxk{JjPGmz#yNsK(_DMn2e;Vf?L$rmA4ne?3(CyS5*4%xIGx4$^1gYchGFK?Y! z69@nJ7%$CrmlCE3@})8A+al>5q0*u3-My?HA-Cb*%b0x(u977%Tw0MkFWIW3-35v% zJnYY>Qwh0HAgKcgvyANwqR#_-?&;mImXJ0MK~rXI+-&5v%C- zx?CZQPn>I!*W#A7-(8#eiwo&owZy$3a7UPmj=JXEY#U8A)v!2%jt{HldcF@%zqAoj zW$*dgaG5YhZue1!nN_0h1M&h`XR9tCiCVNheo7i&V1?$r zejfV(N3?{+np`p=p}5$3k;rDoQm|ncXc$*O*D7F&xb08PNY+NFX!O`{BgdgWzWl#t zmCX)^M}}q;Cn@NnUNV*P#)RG>C6yjcc3up6 zbj>|X9nr#}vryTY>NgZP(wl~vkO{4oWP#*_mleU}Lg&<$ zjktb(|K3E|_DwB{A@;$F&ZVx3$k;$^EDdXmdltYZU<&r>sw}g^J(^mrm#9M1omf(f zUg|u7T2QU}pxbVmD$%?JzSUzeYPUV*0nV{Q8x} zJsAYuXP*X(qqm{mL}LocLeKL3t|InKf(M!*x4tHnuer>sS2PDaSf%^BB${X%p{s6^ z+A;Njsrg+ko>bj?vbJGlG4Hqm8?iBoB%|UbaQ|Fq-L&SF&4K8WI-auYmrYqgX0DZ6 z=Evs9A=lUAhE8eje|P03pSSEWc!Q%$JE-jA@?jPR%^k4ud}FqwfCrX4jB-;0VE98U z#IccGlR4ntj{|}qph4%OiRDhW>)*7$111Td!y8+T?y}!u0lO4%IaMD48dd0PpK8YT z*ZnCn7~)px9UV|$o&0xGkAiFtV14rc==<`A-jAj@v{XUOLno-&sxmwxWrA3FJEHv)`0oNwLl0mRqJ4^JiZ0(to&Fgcy z#t2^8QCvJMjKPNiN(M16l18p{L@o7km?%eT{DW^216dbMqG_1AF{~Ej_jyOV(|ucR zEq$H(TPGCD>-99X9hbe&%ptL}pdQ}f8eIbX3J@c){&UCw&42AUiC9Cc41!>dh&N47 zVi4oVm|pk=Aor=}*CrV(C6Pgt^s*AdN>zyK1-P%)XfG9#B7HmnOeX;?iG{4Ko`&u4Ucvp zroqvmEIe}_Pm)`uag$J%T$VCn??bImJI3s0(#IzouLNmQkP#rnO9%m+JB*<->ZTWEv7FBxQ!^TE!l{P+x1+7xRhPz#kNC4AfK~etv1jy5J z=;q<)pKTK*Cy1p5WOH&Ecld@;F_+v&?2sE2KPBlzrhd5X=ykaI{NA+Pb>AJ}=W+O) zT4&xaoTE4;4s5d<(K1H+S0Wp#XHO@qa=mVZhJT{HT#dsxRqrN)9^*SW2}A_pf)P)2 zCj@^2_$gwnLv0~_{szggT!D*u_Vh>T)Vg_mL{eS9AlkgDSd=Tx&0Z6-fc|EfqU@pS zW&1H6f8IMB(j~Ft^%>S9xli1pSQ>267`JZ|gJT3BgsItAYNr?;L?NtIzS~$_gP zoEW?H$GvR@55h|4F&{vsBTdt<`w_3vmrtYvF6cfpy~F|j&_v&I6yDE7HKYulBXD$~ z1>5X-?<6{Ki>_2cMavP*cgYMANuryfJ%)x*sOJyfT==^Rm`sA?KGJDAjN3;l>%*k9 zQF=q1>i+s8?#Ldc_}(wNT`ux7FYjlgBeZNOxggbiu=EX7U9{2#LuRUbK!2qbTKZl^ zwa1lui&K!eVcO5SNDi3r&#dZCs`4n6{n0$LzWTEyEltr;t0L;Das(6;X!Z0oPFP4`w+{nb2x{hP<+s_ZXLkTZ zjC|Q%j?c&k1g{qYF1*ykVkaBi7wfXx{gnwJ2~p^XG8X>F+{k!AGRLYDP5d!7pfKZi z82*0g=z-0+CB0-qH8ts#)Ri4llmn{>rDy%$rNZ}Wfh!5@pp$x$`oE_2W(ezUQuSoh(S+B?ZfV`H{j5c!TN+jeXevA4*-2T%!Lq6f4*RNp zPQ6g)-DLfhr}Eg+24;x<6?*8G`4L9h;Fpi}q4bIZyI&fs2+Qz zgQr<)ygHt@*1MRy1&+rK44LqcO~_#S8XC=MDw*I^-^DvEKh$T|m-o$OrhCo!XlUbmqr(YSDorA=*Ct1y8aXm-$Pjx9i5}W18B`*MOncswdbi zUG}Tz`MayKc2!F+n~&S4A%J}`_W~}OejA@Lu#J%0z+YQ{p^hGioz>I>j18v#aS!@* zc5qH-q#20Fhld8Pc6gn7sG?OPTI^N}&mi#e5AeGtFGyk9A<8)b1mU(!V(JgVJzzq` zn7Dl!ryu~uAIIDfy}x`O;Q_gclGxeU7+0bYk%TRSY#^ai;QzQJM(C*bmBa8UiWZ)L z+J&o7sQ|Duk|A^rr{bd{ha!#!@`9~k56agT=6`nohExua_*t!iLx5ADsEW!nNE}|M zMN18&A%S<1hki%0OA2A$!BG;TXp}_W$SXx9D&$fj((az)PaW8^ny|SAwa~sn9$G~1 z3?UB9*>gp}yH&UV`-2FBaExRTnZnNwD0q1*G0BqYfU^W!55knhsEWi+b8CP@83jTypG~gb6g^J$@h2YkxZ86kR`;cLEf|U?9mF zO-&_*V>UMQ3%uAZ)@saev?Ur{0HlaaP&!^4+T^CV(e`N1a4PwG5j zHIV{okOi5SA&i4=UBg$%&P{89-oE9;wgX#i0!*D`dtlmVf5tsvE+?6RAN zYV!$}9+^C}_}a^VX;$ZERx!>@#l!_o1KaTm>enZn3`L{nQDuxZCE#Q6A4a^gBqi^4 zXFWBz7;M*Y0_`num1oYI{QP*PbRKSy*(y1_K_!n}3GJ_JDTYR@0<9ZDJ>#38qBN`_ zVG@&Lpz4tn*rI~1vgol{fCQSl)8-&VGMs1t6!({uJJJ4=Rh^q{Mt% zkSXV**Jr->T#CV&1BUEPRaaakI0w}aL;cYLu{X4L83Y4W;2#y0u%ko)bH0FxzOsRA zPsayKR&V5^)KbUk3V(5m>P?ZqWlMGN{9avASwg@hH}p2aoa1ty=ael)ljQ8$gr~nR zMJpNekyTe?V=1=4iWhB&GR)$BPP?_;$re^=N=UM4S!8PJm(BnK>!Ohm{|4a&IIQH; z2rTFxP1jCS=4BF1%t|;m%S6o%Xb3-`Fy-yxB>L}PmLU?*WX#gZ4e$fw;&uM5PFFfz zYr;^|v5IB16AymSmT<PCPRE>ms-e+r%go*1a7ye_5DYLIFqc@`ARgk5|;uhPzse zZV}D;GUkA`SU$8A$*3J!{_@C|E#C#C{ZV6kp9SyT^z{9Kg$DTQFE6i$htOj(kPMwF z?k={%)kqEVblvCymnX=r8bEL0v*MS^wfqPQ$$LN6S|h)+-0;^9)Jj9y4gp5@cC%P- z`wyNBfeXe#``gf(<-ISy-#wPXI68Mq^|u+z4vT3Mr%J|8_uekaE!^*LqqLNG zSH~&uZfL`kxE&VD6}@IPQ-{{cdn%ROIt#UV&ZR$p{sieqGycypqLTA zgOXZ?6x9B+OiJqk0gNo!s9lEjIbSswjk3;(FrTHKO^J>0u<%t;GRrf;%lJ9^l@fV? zI;8syUN%dN-02Er|7{b^+ZCb;=MVWnP z)2#}QgIObw@;W34x}gPmVu@HnH(JwkF4qwpI4UE=m>r3zl7BE zZd`r3O}_kSRW3*_*@PcJMIq+2>nB&=Zg&pYBoCNk$Ka-;2np;UfHyGLUZQS z$W$26yZI1S({&^N)u2iNKaz15QObNVk_&xGnoGxbw--T{v+$?O4E4lNw!9TLBOq*Kyx%uSX!LIGvrH*;WH zq+J7MfP1?@%O6C+>OViETDmANNDbz$-%;p9<3he;L~}y=-2R-cWJQ;!@uWEeKmE7{ zzZ=>u1B2Bid}MM!dGTIthBmwTB1rz z*a;TAmlg0tZ+Ez4BB1w+RFYuv(n|tg$Wvb+!!UI9Q6E%mwH|`>m+#(=I>xO}n%Y{p z9RNdEy~T=Pni;fH=E)H%#FD;Y2J3<4hDLlY=6+A6>iGtgdWwaTLDPbw4bi>+JC^oz zD>951Lm+@4v4WbL%rIH`td1~SmQK~E@L@4-b9>>#&g!i%8!jGJcL}x`GTSfI_fUa* zCx#<8vVKeX_sHknMM9IyY=(p0c zT$|kNX6YQ{8sFY=m_S&VYj?!gb_$fil!#-k|9GWC z%AkA$N)30gB<`hK(i682;`}~AaY8~Yzh3-)U=vfcuRa&~zYYK+RX}sngh}D&fd3m6 z(gYgmp*&GP+wWs@wa#tBWkrj2>rqM-9%Kn&OjidiZyV5AMfB%rzdozkkYfoTl+5+} zPVWM_!xMKdz47mg^L^b5`*{M`ct&C}*Qkg6-st^Ep_$ksLg~u;0pyzB$8@XcE&u19 z)cXuR?G(P-2B!IM$;GmxnvwDl?8M#%D|2djk%#b^BSCA{vQ&LsXOttHx{sL0C&Gv7 zsW2)p!MDWOeG1Tdq9HSzBLsgMdK4zoT8IJ;CeG$uU;_RUwE9L~wi!saa#QzZ5Yy!| zEBcvRvn!II0ppiyX%(JbBdv>7w zwB+_0qc<&YS7TxwbvpGt|6aDUEq;edL5O1x7)~zje9g7CDQ=m54H-ytC)@1B1FrCk ztSRp`S#wrmJi*@GYED(Nq%S{ek>vKVT`;R4cXc+JFf;cx^%;67yV71HD!kI-?is48 zVyD|o^Fm&o!xB0?)-YubP};)bMqlRximNCw(H38GYEgWd#j+BF>clr*=i3}XH9)+N zJpOn-AlP31CdD*gPbA0U(a&};R`sz`GWqI=?5(Zuc|3s|nNT3qjekIoDu4WgQfcS# zjVSIy=i3PV#78sQH)dK=;qxX&{lGQENCf3w{d0egNr)k3GFz+i&G+&85&IG*+13u- zb#U}gd(ExaxAVS7=;MLV=R7_Q=M`K*d=kAG?^wzdw(eIPQ^GD;- z_vfkDALh!>${X^s{6PL*N_$Ch!uc=7?$B0mK%*#23*P%itW1-YFwb*l#kG6qr?d1VeHB5ZVjNG}G(k3cs?J>j$*CDOYtM!qZrSmb zE5(dK=NEc~yz05QMONx@f6RDq{W}3nUt{abv|(Jd9mKC+71$Y#+__LyL=fHibP9a2 zlqGS$0K{i3S;b3o!w8=MF=6!+NdO)=1<1pI1J^NPfQ<;;#ess82=D=nJ8@D)rNM8_Q1_Vpm}eV=HorI2CsbGRl`S4Ns1`8mIjo4VI@d1x4LW#Cm{iMr`+Ck@oia_~JHc+NkrxT(Jd{SkK+3E7@ z$?wx)m}Sh_4|EYD@uh?A6QhbKre3kx{{B#+22U_}x@Z6{d)9ow9Bu z@XVY7_>w8Q>vuKA>@2`Yu>dR18w(?w&PYL(`CTBD&^VDbJ_#<@WYW0pFg78s0=0 zjfp(_$+myJKS0yXR!&7a>h1;6U{2`f=wv(>PgbkLw}j=zjqKnj*lNqreJ99r(Syj-L zly2qPvwV;F%8lAHQoT6&x;C5P{M7}cQ`n67V4n48H)6llZ7XMAuZ_<0Nv@~G+DEvh zX)R^F`daQ022k!++fAN7m5Yf{QbzhKc5!@==c!A}ijs+UxR_VZL8|ZVoVCbKpOzSq zSsiw>zrmGR?^IP=Sm(5NG{;=Dq{R)NR({TZb?k~$orVx=e4cHPB+E-tbyVlF|I-_1 zq$Z+gMP@@vTZStJxJ5IoYR$VW*f7Zdhpu;QkA#c1c4Kv%P6r)#I<`8tZQHi(q+;8) zZQHhO8>gPL&wk%e=O0w9t7@*f<{aZ5(sn74tE~BVm0-o}L*ceq@o^8AF@lpyqzbo( zo$4FpAt;0*>AF;Za~vzI(@>RjRJ8wY+JC@N12-JS*^{4(>DJM>-_6dR3#W?HWXPXl z%RC2H2+SR`9++&n+7Bn97?}=0ODb$!F?6AY<$!?zPd8W7Xim0x68OOx`cWl)L z$f$IALPiU&`Ys5Z!i&ge1HcpH=bvgZ)|yWSm6I|pw1c_Oq3GbN%M9y+Ixs!rv^CVN zZB!f`A()Zl>{V58U_*S>4`c>zIo2qfNL)94QNMXrls*Mr{v&t1ltC!95YiN@WWZZ5UH5Y7Ajz zkmbv*aIozSlU-J)Z7GXxBs7xyO#Ic5wTFZ?szDI#w)=-p(@C0TA;9vT6WMaC3cveP zr#{EOD@dm6br=bc^G?r2bcsEk+OxJ3*^}Orn5MattsBiBa=Uqq-aIG9Y?HwEMjmu=>0oziPhwQfp8Xj2VYjgZh*8=!3d;G1NU)_3^s5?7-JENHRHiRMS#4Tn(B|5 z?A7^VuUFiuXm=w*9j7uFM}JBFbEsRxcKbt$-#sy|g881pDG;;wyf1EVAv~UtZdAE- z--on5kf0&_Unlu!(5wMmInk@d1#cNYcT!VmyI(TSRzPm6`ZBb$)8$i6PoXZ#y$N4k z8z7~s(iXdr`ysM9T$*M9AbQC2P_Z{QJlHVhFa#=brpsgF4Nx#p)}#GQD_MJi2VDbc zIofPxrUardqI!mKqHJWh1@Xc>Cx@7r^G2A@PEgYfrx_sZ%@Z^q7k8h45u`(jE}Ls@ z>O9j0{|ZAvOEJd?b7bY;#}w86&x28Q5>fDZ3kuPqQQ(!Pe>kziMfPK(e#oQ(X#vG<@wDUz`?_wLbO95D>?RV=g_G2xD>QNL zkoj67%lI5+^x7=4uHk&@15IUgxw>0z%omQaGN%PR`+VB|gCuN0V~TCjXpA^$f#4I$C#{jxNy%PK*i{WDPRnW`9AbS^o}X-oVSiWH>Ff{{=mO!K56tfTJr%OU>WkEQ*2!#_Mzm#Ol)q^ zW`P{CtMIM#wd_?=(MGAJE!>F6Z@cJ`RRHW7-sE0SMbazUrJ|^)!zv*(qj_Pg!5@3G zoVoGsI}`@JSRkhGu$Z#;K?9nS)BB|d`n@vfWl-7*2G$MO{`U=Rtql9rN%O-a{6+tD}^7z_d|7m7^< zZp|qJ#3UAM~cR0kxx8qZ^QhXiT*1JF9=6SU7zJMt!YS;wu*)p zIizwrd>r2v&%Jjft{VDeZnvo@V;U zHA~2x&NTh8vtJjTmpk74sQ)c9|I~Kduzm9;#jvLQv0b_RcKtg!82H1(+iHG_JBApF zb)<+7n$9JKZZ;*Es@hp$O+kSYV_-~YS;hWQFgtb!7qdYd?G3s|k41MhI2r)`>BsPJ zs;~O`&sgWPzV@(|ep?P{aZf;lPtH;b#_*S^le!B0gIR4bD-XIXVlU7l(06_qPub z--lFpK(X&7Z^aG_FmA}}B1#KmQhAkO0YpYH1s3Lfy!C+DMO03Y#H*vJ)GH0pWq8ZjO9fi{{5dlceclMD+a; zSuDGx*x+=#2f3|X%>L<%lweUjHj;HHL{0opgv;?|=HkL^!2H+xj5gUN7It&l_A&nM zlkC^W{PZ&71vGk)g&{oN9H5$1+!R@Av7VH_c(Qrm_W zPDWN%CZv5(aUgAn+dav@c>C7-SzLs&u@cz@m<`DUkj|@Z5gsIbU)*mX5w44jJ|R;l z4waern#<9&6q zy?gd@RVbm7Aj+?51vh)_TlU|G>7VshU(9S4yB9^|Jul4~3xHMuJD(DAV4z;UPAB>- z$*WAKMo~?cWS$}s6+kDc$Rp;2-K7rHG)%5BqXkc>Yrf2M*VGX}=^Cx*kL6cVUBoj9 zXdAVO4Q#JRcJ=WDm8A+NmZVP)$E;ru=goPjEOoD2cLJ-EuYd_>0p-=VH?Et;=E3dttgK!)hL6eo0P5XRYM6xH47Q zvv_*S+r4PEFw5Va4e-asSFys4?amfb zNPsasC`xHNMKh>5J(ZXl9#Y7WcYlX`Lh9#I@Q8L*K%8#1>pO0lWow9MG+Al-6N09D z-Dov4R*2q??u%lFt!1b&$}@3r8L=wveOu*h)#{}sRHJlOX|#bOH3r7|c)G@D9h~}0 z#oF-)-i1rHj6hT*mzugZY>09#bE{fj=!SS%1U?y`2tIa6`Mit-l2>8Fm-BzlcZLw- z8jI)9Th7Y@sg)ltPYPi#QV;oYU`;8gOz2BV13Rb?MNG0Ox)v56)q(dsS>3t$o)Nzv z;J{!#;Y6#7tPrxbA&>R^Z3pu~N6?;NZFOjP1trbN7^Z;?sahkYu z=vX(hVyr1=P8$Y@mLjkpIp{;U137uk?U4mTRj4Bb%h_!Ajo<<44!F0F3tq>JX>4u%T`(AuI{HID zQOxJ_H}k;Zt1oz0iyZS?c}8x8Vzw3IS$V zV;TWHt%EmtY+-Qg_2ie@K_QP^R6JIPr{nsojFqaUE2PRU3wUpg({{^}*~*#c4gn|M zDe2$i!oB5=6@g}q_Pp#R+_8d%pb#{1Gi6`9`_U$5&r6jWHwnwtIvD*v<`O)*hYDdx zDB)~}zPG1n2b3Z)ptee_<-oK;Q0Yi>EhIYk!aM9t&)4pS8WP;s*q##o1_HX9o0N&!WtZEXyQg#Fs4k^;|2Z;uTfbu%33 z5%eut)siYBiEH^w?NmDfw2Bx}eu1c+`Z0VTe}7;Uwz%H6!d*@1RnpxtOFR_{8r3jr66|J6_MAvB)9! z2i*JS1|^VP@pe~0hY@cK`sT4LxJ}nAB8ehFof=+4uAM-y>XR=fDYHN&5DzN!iRb&? zVi~yRS*3_Qd0n^Z7N{PBhk$_MM@I^(V5iC8@i{m_!8UMZE0d(Rd8~4Pap{woeFyD8 zEhY8M6FIu>OPmyx0Ng2NA|_D$`Aq2ghZjYB#dvxmLRmjAW59b|{Ansg14Haihbn+E z_|w@WKr6q^nYVqi)v(5D_}}irebJNYS?#Nt1BRd8oBN0N(lW{7!K6)I_S)P(mRAt3 zmwzdHoOT;Oh-!T&mi;EG`?dwEf(O*729FNSZ3>rY2CHd##+f_^%JJA-D!J~B89vX) z>m59jma7$^`o%qsF~gIci_56SoA|yMjU;zAF20fMl%b+ou6j}BHXgl5KTmtjT>3ZaiH%ii01 zxgPx!o2=6sh(`Y~IJXZpg`tK&_Qe>dxf{Y}d!|(uDEsSgCNuhiyFKPx5f2YHs88%^ zExL!%Ifn?i7IzsmA$h(H)9jM?v0z$ZW@8zC2jmdbGu!Frw#bv~K4= z!r4pu7o<0~tumo3Zn2l%b54!%BWb;6HGRPNBY8(J>P);9dsQ+Q+K4<`8 z)xIuYvfb2)6uvmhSP}0Gbgne91ovlp2RqG0{f9sqvVHNIM?x3~)UPK>3pJ+E!#3bI zP_93L*|U2o*T_oM^rzAYl~GTJ2f^hdNcFQiT4=YxY@2plgRmvd!2gK|f?SYP1Nsxu z=Ab~|*Cc(t=TGzF!p?EQLP*yn2xy{i!NB;TlrFCX)M4KSWCi-09R%g|14x@xmw4q! zjmQSVubA3YJXF^l?cg8pbM${J=k-gd;@d{XDe2Q|T^vPOwqW&Ie?s(5)eB6}5&t}q ziG=u(;tFG$crX1jQm#@BYNXxij$W&FIQ9B3A?3Jm>s$whT*sARTh!;{0HE2^r5F+i z2V&nEuhq}jLp**4@`N%Mg%!Ta%($=dP*Vxtn9N5B>J@lOOH-#!ASVHCCX>zWb~KSX zv~C*iNq{-;Q3MJF9XjMfetN_Wh^ABMPYrg-i zWqs72YhqA+f6*1UY47h92aGO&eYrMIYc@^}u_4P-iGsQj|3N~# zq@4U8E&^ULJ2LE{;0hXs^6E2r3R*}$qyd2I^_G{E z2%mJq-Cj1t;!;69j!Dun1(?Dn*F_ijrw&I_E;Re+m0^IVU z-`xoh`#5-I|SFbB5E{pVqy7OZ# z`_U*Z&}DSxIN&w%3f)#lB~|+8oQfHCw41OQ+3JV}MA^R~q+b2&_DKdO5Dm}}#`rx> zD_bu+$Q032eOI@sP|Urzq9hQ5i%4d4K>lw!%r`pf^!CF5m6nF;ESS0NMTG4$xJfKU z=Q%h7o|if%qw>vb_QNUM+52POqQTgLi={FJxAy9!dD*8p`&o@=@`ESg2CTl@%Bg64 z+=5tceQU^`6s?lPhAd)p(>0NZ1ihDFzWLN;F46Jf&*GL~7tLo$IObpxy#LnUut@RH zMfYeKtFft}qTEpp$)<4dHg;}n2_H{=19iMcECYvX2x|?qcs}qd<#5~SM7E78Q7A(|DHKgKfm#j5s6FAMVWH>l=g{0Jk z=T7J)3F^W1%7Xnz>TQ;7%)AhO+U_)w+dOE4PYZ84Kjb&mp)8-82w>#%XL<{p8U4B9 zTAB_<)wVIc-x@wY+_XDqnla0n=PmY=2G4|INBH=KT?4n-Ka9evP30>hs>?IzlT_K^ zv*=cARIYHFxM;%C;VczMySUOehEQeuldCcWY=|BGAzqR56lZZ;7k_Mnu zMw+d!iK!k5Iw_Bd&gIv5d;p_aDmQl2NCh_)D@(xS{!!?ITf*8Eg&U{6vhJ!px9bmYP15``x z9I&f65Yz~EEV=%?U`Y(^@kvNL4!J3vT?>@L0vFJK4Ed0DWbHxq^WEqwOr{Z0^Qp^< z$)v_OAsNF;kD_Q9Hv=z*I1EM${vB6TsEq?doCz6TAp=+T&Cnfy{)Cn*R*Zobl$8Qy z64()ib=d-$!JZNzSVR)A^Amr=$M$)v6R5Zcpo=og!k~hwWxYPc-(yU@U$MN9`|rV5 zz;=;r5ceVrMsy2wVFvMm`}HrRDerJxY-qDUac0Q%3xZhxu#J+L7kSlkt+;s||9<`9 zN)!bCeH%Jzm^o|IzF7al72h4(b)y;>z53GAT3^ z7;T*$-t6{^GyQWhc)sGY^|s&8iyTM#=MTGJ1H;4pWvB-Vk(5`$#Ou*)jTVNt5Zu<& z4UOoXlcub6a&bW(HO@O!`?pVD6!$tHW+{UM$}Qm z9`-hB(L(S^daEL_aHSaN&D$Asd=#0k;?qL%)&2eaeZC*f({y3vWPi{)&zo~m+ZDrr zF_)6e1>+in^skY22%JlDmrAp;)oN9yLv@%=e5WbHRM4IIt{*A79Q$$QK;F z9W2u1Ai^gUDkmOeOJFz}HxY%~TC7BlF0u5Koc<>bl=&h@Wr0e01O)zs-B*au3nQhz zRvKIO-hDK_$5@t$ui5j};rYV=01YVK{G9(iB6=#$8Du5y^{^u6g_2bj$zaa*`;yGI ze1aFj+!{`zGl3tfuGFa1b_tV<-R-PE62WRLTw7sq>GvN~M0_^Kw+HeecwpLtfRun< zq~Jnp?4u2~yu5isB(G3dPLhryj`2|9avW}U7i1S%2ym?jEGxL?1n<;ZO7LVeqOEdR z;KM~*mLVN+RK@UY4l8OD;fUV&pK0*#Ewa`FYuB5u%SI-a>}5Ji;1dE;ejaxX=KXKU z!$0n2el6xpT{M&+4-q?mZ*9JJ_%wQuETvT5%CTN)vGt0k!SsEm;|U`}=!XkbU-Hj*sF|ESy9AyxH?R2eOl zSpVPJSzYCa*zk77e!==*8TmgY)g~E=itm2#0?^3I5NJcZjdljWq$%ACT~mviN6d=3 z;8Uw!dJ1!@rLF~ntihbs2{=&rjw0X$K$~ICQbJ_#pxIdXgxKBe_ae)SohJ$SUyb9c zac;M-B`s8ZnQ^ApbUd1lc%N_Y=He!C&EDfKvNGUc^sK)Fbuw}QQuz4%nQSdS+dq-5 z+gxMA8fqyUIwp|duqoXnbsa}zP6BN;!^+4#GP6IjaG;Br>f@A=;&KoC^YpK(Ez~*^*)zeHF1nj$jjhXSn0DrYf=UJ%YML{`evC`5CyFld&e{C!5a~Sm$t3{ z-{M>2fWQ=jAdNSnJ*2XSo{fIRsFEF3O?{b`b|YsZO1?ue@0(dKWOgST!!XZO52H|b zdMZRWhM`}FP|G&@_4ytVO(N$P?sb;F=6AkEGHT&TOuIaV^^2=GBm~KaS9Lp><#%3Q zCLO>{aSt$GZq|ZtH(nfDw~X~&gNY~C9u}{x4QmMpqgZQxQXkdlP&|4zFo5=^IR4jM zU>;F)N>r0*Uzhx2BDgQHkT70zsYcC9rkv--4#tq27L!456tFyFgCAqwP1*4g94@|n z!6FqD>K_q!e)kh626~24r3#FBtc@7w2y2ZMC#D)0%>qwSL0IFjTX<0qkV}%^Y;`ap z+#)*w4jh0EDg(WufiH3gfetBNF;Hhes$A5+gqW~48y%z8g{b+g#*<*O1vmb~(fGwo z6mj`|NA85S#FtbBl?MYUI>6`*=tyPp5h@~6@Y|<0q0$}7v!nluCVKVf6Iik5= zc1nN2O^FZ2=FP)lOHpEzP#qi`6iG2&3l-%~g|3r9V1L8tT56p(t8jz5n~F;b^|lNH3oK9bK194C{Y6nd-!!S=3(T7Z$sb?4M6)g%?C8yG>k((U@& zAVzjQ$WxK;Pt~t7gGh03-gZjLvfvMjHg}|Ea5Yoz`uh3 z(>xhd>Oezj@o1(c^eri>{_qA7#|8HU_k9=GbmG;Z;{HTGRcz$5 z*AJK6v^r{?wOzaAfGg%L^JW5e%kO4&FNQF5c6zp0cyjO4E>9}{j!_(pEZkVXwp7f! z%x*M)32|kVzO-59>Jn*IoISN#a`;PwUuQv?e^o0?`hX%akR6LuWv$-Vm$vm2iSS23 z>EqMUj4b=oTCe@YnS`xX?no&1nKPUGXPV{zTX1H~b|TGt)E9D3xu%M)wmKb- zqw+V#rrtKNBL3hMD*&-Qu_3%setXQ;?efkQcwC-4XkqfLhercqaev4}#GUYri^ofU zZ?l}Do#aZTf!3L0z~Jl*MDd#k)a}xW zh_B;zSuOSZNLgS|9Y!P@L5e!*URQy?JFkyf&H>?Pvmomy&bHb@ep+k)dzLE&ewZpf zN-D}K${i~8UyiFaUMDxuKv}i;#5~Cw?pDgQsD*Q^31apAOfGABS?{oc)uL zJfhGi`p86%ZpQ?yRPD%h(~-yYt2JM~v!@1+Uhlm#yCavH%LqXOa z^W6$IVp^3Xd1MM^d3r{c5nKVw@@>Nb0T)Ah+%W;YMX?Lk}$V)xNE;mpArz zu#_)1U~H0(dM7|Sr-IikLLG=YRz}~}%(;=r4 zDOJRTM#kin#WRhN7-w8pW7p{l1II({#;M42vkfDMcy$RA@wwfJ!xcznv|C)ifH;l< znhCBvE~p4!U4q<;$RsSWhU%Dutm15+u0YIt3Ub)n>0__R!ZR@V*b+!r1xZo<^^xGm zdN0YlWFID5BgyNgd$>H!4k?3hU%Ig$zNT`cMkEQuqI9Qt!Ikei5qpy*kb}n-;V!Yq1u=RQAaIO^6p}`O? z7|q(vL?dP>%=;~Lj8=l%1|PhL2622uV%lCl-{VmXN-a_E{)9g25eTpky>{)zNKXqtzgy?RA>NBR&9~xF- z3vko7y0iSeffjD%5*|-^a%G$BYSWc+vWG#laX+u5>c$gP$sh@tV?ZqQxZYnS{-+=~ zfd@}C7?b&v3VqzS?vNK5*EPyZ(#Fd!bCpvCP455^M72~VY%qDdXjfTa?DiH3e!sow z(m46X+rXq9{;kz>8_eHSl5LGV9Ly*+LzB~^uBGnhz17+oLMh*pmQ5;@qPVJ&vqurl zqO;yWN|6iNET>fA0?f%&M z$C{-25pPs^0p?E5$H_?4>NN>ddU4j}%}hh+e~=8i&#Z~a7By3NTQVLa=%+7fG9#1I z-!J=@z~bsay3g6k-F?!qG@1x5w!to{I3iA*p!N7T$DT|F54vz1+?(>*nKUON9Hs_@mK zPAh1PW+^`;x=OQkZyyjbuZO-+u}|bWZy&UG(l53JWK`3JJYf_#EgYH+jg_-+a$gQqb=~O1I6}!bBu)k(YEP5 zT$^s=xG%BZ1609Y5f{2Ypl9h;z_0|1^J z+8wwSK+DV-Rv8gebX4UiBaK42ZZpxxwOf9p2i;M&!C%ZzSI@JXTkbz^Ea(HPPR7 zQB-|C6u309IT2J4y8kMvO7xwdn1U0I&PMCojD-|RbHH1T3L%=EHZl&exW>cJ#ANb# z{ZxaN7hi`VSSSN^%SFOw5^8Z}_r(Rl;iNmu)`8<}sUQi$mzEr;p8cG|7BK3OYIFp$ z0+BTJ*&iH+O7hVe_x}<3=8}=*+#oZU4&~SrB_!-1QE8FOJNb`v#t8K&N)a~#no;Fi zuGMC!xnatd%JArm*)akLqcARsNh3CHRhWUqr~q?dJlsfE!DG5%zI!gObRe`WR4Z3- zyB;%6kEYg5FRb0<;#FT?Jig7hDPif0*L3FlA-}8B^SI}Z+Otnfwz~`t&r}Up9+D(- z4_v@^pXYx5BRy&%_LN;Y=2;$DVwCPPp0uz>c}+!i776v|3hJk9hMaE}p%<-In`El| zED>4FQ2G-VdeXQ1BMI=$>|pX_q`p!{OA=UAYGv17+K2gewaUNNv6jJQwOwXiZmhx~ zue$DtAZTs(dt7@=j#&&D3`SNOC*4GsV7^T$C-x3HUU&osq988AokE3ka}{U;h`fLe zXr9geWs92c1vu3KhuW}+V8bOX@(DnN(xdy7j}$q|sI z!~4TuodyPEI7GKS%C&2C**xXQ@djAPuKCMhef(5}v34ST4~sQ?#A-43SN4GEZej>( zo-4*_?9=pw&{rzfQ<={q)O(t!5Qi*L4A3&kwo0@voMw^Y_#ipS-+%0;)jDYIASBvU zkHpz%4q0_A+RJmk|BaGW2d~F$A+Q1`$`1hvD|DoMjMRKqu5G}mn=ix0Efi6=Q|X)n zd<&a*K^Y8$_S*Fga69MjYTY8rRJ&Oz0RvFCNtx&j!@X>rr!MT(r!MT!j2B%;7jpK~ ze}N8NMPkJEDt|EEqwsVia!oEQispcssEKhpj$(K^sS5CM__;|asG(tk>VPm0Z;bN&>x-ZfsSy0~Lbq)M5a}rweS(8|> zMGL(m+OG4!-uK0_m^RIx?(U|-&DqG<5B_SVuo2nTfOdMbRFmJ<=Xf_GFGRn1xNmwS z1%~^4_5$ygH>WpsR&4rovEb7I2RG-3_41PcP#8^6>>j4TaEFak6IIg76ltFSat^jB zK2?)70{bebCMUT(Z;)>m*vcT=10+STrHu%pI8NnM$gKzyKjCT+Zrgtv1iW&rOf#3J-)O&g7S#lKDRzCND2TWU?1o zFLj1EZ~g!x;uf0Bm(?wR*2COa^PB{~y*_acwUq-V+t zlG0(LpoBdFhk_9)OTrC3SOhm-M4`c-1H_ zF?;UKA4s2mCwIa)!3=qG**Yyk! zDobTMfHbC9v)kCl!8KliddVKmzi$s8z{iQr_7}Y_=-NjD62kzbTh0Yd4@0xuc4ME| z1SP);rb1f0&Ib}M`wcLt-j80h^9?*veMw3u6AHKKPM(i9+cVZ(jUEHnf=VhSuugZ* zaujt)eta(q^HP0?6I+QVpTg`juH4ryp;Qpu$Wp-?orbHwIIG(>in!T&`|Ijmg6Heu z{&`!6-Q(#$<^YW*YjvK|zj_f~cq6??#&$4e)7I1s0jIrP2EdpiGUb$Vsx?aYC%+yY z$^c<=)vslj>rItGymA8O!cX&e!&6#HBE5x7AHs{APV$7PzA$aT4WW;kcfIxLvd0ae zoR%c2e`D{K#9tH?2}@G=5HC90=h5|v*lb=z`_%{gSa>V76o;`*EGF*Jd&ZayzYS20 z0bS1b$pi=i6WgMt>-W9Y^E(UT21jk{=rb-|coOxEZJcoZ)BJC1u=nfjtxzI4HA!2@ zNdBE0`941+_ghQ(&0ewar9>f8Xnw}0ZPBKNspQmPIO=s{QdlGbH*=}DdWLCaKbCMG zm~nFQ`x51PEV10>>LqG2O_D8WQDtRSw?~|hZYV0CD?wNOH1wg<)P5xDFU9_n{KdVm z-TsaNYX~C#TC)#NDB})glZ;AICkSYN<#MH`0?+&%!>>TjQy~vG@6q8e=j-C@i1V1JzcUOMpbfaGfB+QMjot2 z;f!`m(IH=*K>uX0ZAbe&@hF^&Uh<*GGl6$qU8%2Fy)al6>iE@L$o_q}AwMyZ1N>0? zL4Vg%FM?M~9V?zLSG_(?pl{&u|JL^&i6PeLx zZ2U7NTp!N{3n```Qqy=<8T?li)9>%(wHe&aN2raG(2i<1xu!h(^s%0R{^fLHag^&w z!$4bE;ofTJZZx*WiaY*fOp>+4>6hnF?<4Eco%oS@{mu&Xob{M~=3LL7e&#_QEGiCE z8}M)}`&^1HbR-o-W@tb*CG(^?Weh<6iMK%Luy&D>x!Po|)S&O+)rz+IY}$JI2q`=} z3Hd+5l9u`D8tFCqOz*WdOvLZBH>|18$05g@#pUv8Tsy`P#!=_S+gYy$*Mao?!){D9 zgbMol%M*>QE_Pt5(M)6ViE!H&;oEr2e=WS8D-epP5>eFEfmTd%AElldYkRP7+FKhE zzW_ALvESNbI(&V+0twh^1K`B0}rm{`-9^8I(5Zjq2 za9C_W00;}_vGq*4aL4}4v!BHyJH+VfVV8B8l&EK-YmY zJH)@dOLzW;9K3Gw67-`rcEZvc(qGN@#6v^bHki0KfAd{UJ|BGRJG6ogCaN3tPF!MX9N$PTMM|p;p}OUbhThFHCt1?|}EGi3=&kL8yB_uBZ!^ ze_6^Uxmd4`F>O9NrA=aUHHrF^b(u2{jGlho2W*7ws#s<}9`IN#PEqzMUJqL#8yAMv>W-=ixFNo6u3`3fcJtS>2 zX7n!NAA2N-lf6Ch+)XCWk}Y^{O;;t9w$_O?i5oPD!*&npU$Tq* zy`WB^Tx|2*u{8kt4}3k{;1BlxO=9^mO)5`1lE0>2SU($^Ar=XsuxyD$c=-7 z`D%$@oyIAwDZV?EoSne_K~ND?M(Sv?3TV+qoExz1`4aX1c&P=7|2eaKI9>Lk4(1&f&3^Cn-v_obvx%T zO)&-L^q4H!7=i9Q_Ai!)(YBu79a3uBGlnE<%25#{2&U-9Bq&qDiF)Ii`2FnuxcdRz zC>hETBw{fj$`4ZP%>Mbyup0c3Xk+>J0fE={rEgdW3Oirk8~Kw_E13f(xlI{S1{zhJ zP8E)?z)fxj9>4G6Y|$btTI`H^!yIk~fO&;Z$@aB3TEQw0NNCit$e7cJ4|l!GX03%& zghPD>D&2n~oXk;7X!r{Wm(iuMKEcD@hn*p-{N-O7$kP+*X#uhf9~8@Mx?ZDJr~;G7 zlIEx|5A&o(|4x$RBppmclK3?9mR>PXR9PmPxi2{82pGKum13Co;M=mW(p4s(*(fOCx2Dt6BMx0x24xCt68c?hU=$ zK}=RT++&v5JR6mwRdRd+Dn(XKo!qTYcOAnWX1oqLXirB9RwUIi$tb=wdgoWhzga^; zd?VHj4~@9XKC3M1N~n^-MR#@fh%$hP04k!Ka*^1-FmC+iRZlr#>&`vPF%`~BH4TMF zd#YOS&r|t7j_oPcM5YAVZ$a0&4qU#%Z@|#r#p=tS9HbZG?Yd!GSw<7H%@x&*LS7^) zGgadSk-fa%74f9$Nv^khLY@!5jc(%TMB_a6 zpNsK*z@CdB40&tQP>*XC@(?GDB7Slk<(ml8Qh%{{db*lycYU^oqfw6tA$^X6Xi#39 zxV7EmI`QGlS-BP3vwwE<9|zFo4{g7gph9vFYA_6}SEV+tJZ*+t^M>1N;Zl1|`Nu&epIxa(?UQ}skuVUvytMv`o~GvFSqD;Y=p!dFonRQ^N< zbH*IdcIw@p5g@>EIQjlwZJ)ksvo_>g`57=!B1oZ7Cn|1#V%`4koHAX1R6Xr}taU!s znYrFnCqxk!CaI5lT-wK$o*q&lPpP)Gez%Lrn=4C}1E&N@z>}!PTaz=;)JiodcI&Xy zT)_K4^F3JT^st9o)rRZyNxvrDnR%}KIE*yPvwrI*Ku`b%c%mii;*ZR~t3_pA7@JE+ zCS1Ey`uM0_`=PxmYelv0+6Bs8XUXhRqpxYkw^&CdK__L940gzatmlDiustbOrUW?jF3dnsak3-hU`#da5Lm^k@T=j$#x+xlyu zvp2o(eDtx;ruT4yo*XkFH%ud_9Mw~sH%n9+k%reg{o%5)s4;`-NpEj@2dN9_UU|LO zfeAYlq`yXB+cuWH$49cv>u}JQLC;~uL%jK0YZ8sQ^lBnw#bXT18m;eoKkqvZ`#y+q z>}t|_X!sMNoV~(Q(#)a0KBk!uCixn8pSBq0m6fu~5?azV)U?RX;W%}e`E*lxQvWr5 zJSdI-16jCHmoTR%eO68^DP#6>u5a`kkJHxGa7G!zlk2jqfq)JiIz> zTg@rVrd>PBB_tTSRK!+AAy~9KSHVb?mj>54{0x29ph%04Y@igcJU!01xw@C_(&9(d zKS)1ywoAp!?rH^VKLvYBTCZt)iKI)wx=_=%ve0!>#hnTTk%eNu3}}yKz)PQx97mJ- zVVk8z!CyYI5-c_ZZ^o|+<}YG9>^G+SWaVbd7ebM=V0`b{4_RVBPi$_izyQ+UkbKG~ z>9q@WRc*pMB!os6AIsTOr*Ff72@qW2h0sv?v%nxO@BkZFE0auKmVcRnVDv=&yxNB9 zAtjVQ=++^IxY^4s(Ocj}>OQZBf2C+mJ>1=gum~_k0mh*_{mK$zP&p{7lr2Oimv^e2 z$*AI0YtJq|l+qY$!!kIu^~R7XNtviNvv%DwpdXCCEKd@Z* zTuinyZJbAyJsyirE!3JfyPz_Z&pU+2z+TZ$>rW|h)B)wkYmqW3vdMyCL(sQr(*}!H z8A1M(j${Voz=f}42~hZf3Gwy({q_CeNM$7`>{hpbwb>4Z^-*M}##U5Z{C(d2Wm)Q5 zMXaf`JX2zEUi(_BKUik&Rq>v_{jsL6{{H~zKo`HI%d0P6zI+Ai>My5Go&?{hSa4*Z zF#73Gf>x!G_|U94J^1(aoAFIPMtnwxC?og5v%L#Yfqm&6|~BZglMsiUS2|AMcGQ@ zMI0!T7ARoBFIQ>RY?DSGE)5$BOkP2uhCVH#)c$-P^vSM3xWp24HL}^NxK%NQYeX?mY&Z&c}DIG z4TeP&GsxOzhQdA`gGcK8=7YRZ%H}3q2KxI32h10?6siJ5E)t{gTl@*h(&D{#5fbhK zKg!#FefacB)MYp$L=USYyjzGSVg;X4%}j}IJ~Z;K)odTOy@EjvojQoYS7YI1?Nu?G zuOAklAVR&r#Pjy6;8Wy9^o&eh7^&QEPrfJq5*N0tARq!b{rmfl9CR#SpGk#5fJD#} z!7RxTr$f+un)LZOj_0M}8hXAC|2OSh$;a31?@juT+P^wl=^a15$0&q%jOk|t&PYv- z3+Y(1s(Go3`K5f{5|>T-q)bDfRv&2iq2UK}*cLbBOrsf3n(?#Yhh60<#t1i8b{Dfy z_AdTN-jp-ry*%g@wm`!?#; zW4Vb|NvHJ~LxvJHoUcmsRe2J?1<~^Tw&R?nS0k5{(HQNkjYaFP zujMM$1YAP7n3Ir#*SM6+X{aux+^A$=73ZG{U#>j;732a?0uVr}(x?b`qdG-jXme$i zOZ_m6E2tJ1!&Z+?2o5+ZF?J@{=vog~cNOlc6nWu*%qSBO^Gzb$=(nvAr_tvdekff` zPfSvj!61Ii`-VOZeaa~Di{gh6b17d#n0NPtY|H&`^b*mlLRSeBZj}rIiP))%I4{2m zi5rTQ@wo6yF3lS-muR`7Z-nZY!MQHpO z7tCavJ*B8D%)J3n+$7}PD*^la-2EjE|4IS2aMOu!AI3U&W)l zv@zkO*P2iTL;$6k2&@EV*~GKL0p8<@Zr z8U+DCY=Sib^eDs)?`0JNQn^&e%t4DxO- z+ATCCj|+{g>ytn->}nQ3N_3E{l z$31;A^k_&OVQaTZ@6k%KLLWE_)fI+|{FqITRUCw+SG2EEzR4xMVAEh`tcb_71&U!X zq2W)T{>uaq@`}(9ig4k1#RUphW9gmmVN@P~tBSW)xoGRdXOpnLtIJ#iA`sS5Jpd!=*k$tS3?;fm=k=$%Ofj?vtr6AH^5@KJT8U_g^}j5 zG;s42wXj+68*YfpdEhS=!nnRFR#g$h5ewVrrEwll$!72eL1|tlE4+*! zq>sFKb(7^kHh{oj!QZtjO08XqMtKt)SMl>F%x_yEzuHArkSTt*_m}o#>l3PdVE$<% z@Ur&$?By>aL{DM;2u{wSw#|E9W~+UQ^ubLz&)e2h-iUwHE~G|)iH;v*NMEc^h&b|o zNApD>d!dB-OGz!1rK8h*vh*pVM7t%oGt1-KYvm3t{RBm(@hh! z`kn~;GO#h@V)jirTu*24E#t4>x_oZZ7b+!rTC>uIJ`Mjg{Ltzb&3KZ8X!xPwheClC z9g4D?wx9ZY_bf>~_FQ883bx8HWleLI`D|D=ZD`6-%^kwC!oOl081bz95Hi?q_1J?4 zyuaL*Wm65aU2YX$*|Thv1E9^2_%u$QIH7zKy+9_R8)DBe;KH#bj5l>&W&!QVu zqbOdxdhPL(C+-DP_V!Lv8cAuG%SgqgK@s61#;6Ks&YU6Z!AadIA||g#2;dWSr0Psg zPL6^=3ylr_VFFNy2fBJ)9BLTYhMXiW0CHknv z#QF1HI{knWD6d)z;-ttS3q|_3zx~d}oNbjXV8dU8qA)}WG%*}hSxRA8-+c2m?F*h1 zEodvEa1K>7LsUoU-oh3Y0U*S5>(ggWOIhJuZXgy^I(mer3bK1N`QsmdKR zq?$E>)MF56_?87i+a;IBBZm(^Uyj{at)$S6wkp?5F)TJ*k(QIkjW)oMgT*dsp zYDCn=9;jUih`eei>hAQZlaAytJrT8*1x0K6YP$L8Q3O4g8XX)N)?rb`8*$!_o#jLJ zrmF8w^j`7?R=S(IgP_ndHyJ&86na=!U)Dfc3aZ%=4x7kGuN8bqm7n`rCpokEou79}VC8+ND3EJkoXV0F+fuI?k5FdN& znt10+rMq^%Z{GZy6ws8Vo8t$O&_#YCG;YCW8s7e+)6>&Bf`R1^fB3y$CE`N^pbltQ z!y)?4jT=8%uSuM|=8N@=8O*U?f#A%t<3OT&U~)`?EN9S9U2A^!Vg1 zR%dkg_w}p7mzTaIF~#PBeB$KEiHY+Q6B7n`W4>xKlQc)umE&q6ibPA?8Q7{{o0njA9(Ft@IZ z@S~yvMYpQ1?6~D8W)#&`%{OVD(feeN5v-exS4`=fG0DCiBW3W+)>I^>YvWlQFv{(&4SdUWT$-ssL%S0Wr1g}K|nId>;1^r@&M<)_>qTX;71)g;6x z%g@1YHO6YjtEPW_PW(_~?e}u~x>lk0Qur?wXs8afgpk5`HIC+u7x}Vi74eqV-LiDF z6pBwbeTBKf*nO$h&j|mYJN+B{e_s8iX|JZe@IW*Ee*k$AbWWL+KMLf2;IW&zJ>v{V z-cA0+)s&=axB1C*QV zEOS+I`G|v5FS{1?w0y%6Z6G5QgAJ%yRtEcG*+zclUp^7d`$)6gdd z{&#J!Xbl_T1}I~Tf#l!3j6g1uI^=x(A91CR9tq5fuqp+$T#YYY2(BUuV*~jNP}@}_Y(X#JKt-h0I6XPmBRz}l->8)E5idsKFD{;; zwb~?+h^IFENHdw6i&)alO~I@|Y9c$2SEj~%|NZwggo%ms1U(I;Ag87@Oz^K>y(-ek z*lyL9_#ylKA3kz~#zMZMtR*hDe!4X?Gh+o5&(E3Dr!D0=)6*N_KKu4jTHty0%2iRV zvhxg=cqT=FPiu94x`Ug+r-w;^jN%B3zJb?BkfONf*b@L<@+w^#fkd=l3Y9mh`sVts zk~H=o?HfBbHaJ8ZKW?3mH1bmas7w+g5hZG8P^sd51-7WW9>q?n5iJPa#7ogO?M{n~ z6405c?$Vbmlq;nqVx!)xVA9#U&I=B}MqT?NwhvXQni45jt9j!dw!TsVySgr%J{_l; zA|@TOBr9bFc`_wc5K4;kYoY-+WE4;f4GCQF(E_&Ig3=?>VOIrF-l(Pm%aoM~gW#@m z|MFj@xZqjJ)et&`m`*Pb9t1Y#3jt~$T`^h>GFm?=HhAaG7?qVO?!AVvFwCS$WlJa0 zWS73YC;+-tutI|ZZ=$3*psmnLmo6$@M)b#8h=BNjOifKHrL5xuP{Sd30V1P&(RJWk zlz8m;7=_<_p?q}%nznF;IHlb`09_huV&Xg!A(R;tGD1vUBo_Bf|2Kdr9S{(tF^~BA zo3F=aAr=h^Z4hv-sg{Na`X+(BQE@erWxr*CV!`|0IDo!jUVb$%{=}tNRNG>5i!kk% z9As>j7!eXE0AbPL`eyd=dsnYsgHs6t)+?`HzhMeswgNGAguGfHHDa2JA*@-WDbn%d zHw`bUw{3T1rk_PBVsUZZDGURd-tUj0{igcNx4c{`rY9}2T5BKQde25t1MY& z=N@8U3BdH|CTFRwYQYdQlaEiIJncWwKRiSr9#9+ziZD_cuf)sOiLf>BWf#?L;yf3t zNe2f85O)huFmP;2LJW1e@pUk0}r4fVnS8j?HD8~;;(=G zJIjPUV0=Yb0jVg@WySx5EK-JN`rwFCE?$gHtps8G^PkSse5lYUcd^I*Y$}#3q z8u)Nf{r&I%OmA7lG%!E%g#F_m|GIJGMmABUxpi@(U%YrhxlT58jG@R;Y*Ueu3r#iE zmopgqK^xA0`O9Cq!M^$CD~>Vlz>-)>tb(Kd_P4*ombaU;9ID)MSFc|C@yE-m12@$v zghD{xdbV3&7Z&C(U%oOkb6dzVXz-~J=(yo^L$MpzZ(P5A0}}#x_S{*{IZ++ ze8qCHx29c~1E6r?1-X@xTB3 zFVoXAss;;jn3PYd8+Bq~enGt;Os_yxp)+^y+@bc^7ETCS(WYSQ5(z{DbhxvZ)CpOt z8j$9++z0pXQI-T7p;e}dqn}-NdJh+DuKu$2sVtjO+|uHbRWZ~UimUw=*EiOdmY2k| z(Ke~Xv>I?q5#ZCW?%umcrLhD^-FSe73DR4H@rikgWZouGq1w7jE}(9SN~G?>1m{So zAyhe&MLstrO=(}MNW9HBHthvZ_mHfR$&c}ayuOxZEiVhqRITG&1r1$tNeNVNW}Fln zS4l6sg+^*o6D4r!tEfJno2CCaw~uZ$ZP%rLU)Cd>QGPxO@bph%vFPc{>T-r zh6Cy66BFmLC63at@Cy#76b4Y=B+Ag#0J7rpu3f!mB+-H<9VW|~xX|Qns}jWAH7`mU z;?&NXQY@`M;v((kDq$t02!6oT>R39$u5g-{{|*H(zpK{(y)Q!THMeQ-wd*&~{PN{1 zItVr}aOn&Bnx@1pv$J!K@Gw?d{Yyp&OvhAZ@Wfze&YZ$jeV4CjS<;PY&_fG``h>C! zr@$J+@TZxn{tl*O&Y2k*9`a4+Djl=rQYcVDTAe~8C46H2=iq>OdWOal;}1_hJE@Ns z!P=596;ZM)z9#<|6W9|Vqfny>dk#$WXb8|iO#D^Wdljkm?~othXA!~d&3w6{eXHFY z`e4eRvwtvqZj8fK%Z6>Sb%{BQi{fBR&76ykMxWsNk9omNA)ipBIY$*G^n zLUSpj0d>fjUl$Y|@Uwf#D_?{;X35@d?(1(^Vh5cJ&Ai#hF!0EWQkA$_?_uQ?MLIRE zmNFXPNE`UH5^sYaijIQdtZGn~X|MF9`Z>2L6-?snoxV`6z%Ta*P^#zA`x-tUd^~|c zy(Qi?KB`&B6+062^k{eM-d@C^^xX%C2SlSPU#zpZXTKvup|%wg`Nbk}=9uYTsJdD^ zT4vb!9esVmQoYeYR0uqx2Gk^py^$tVKxmN{}O!OZTcw4zxI`N4N2|hz4Ai` z@DEmB70vPFgZHm@)xP>ssQ{AYRhlerw->P&Kfhc4d1HEJN7L(4=a2DUpAvVj7l&-A zRiUt?+DR1Lm_CdCzL=@4ZFKkV@AXf_YHQHU0Y8Y47igScYP!1W6vCLL76|R{@%Iy@ z&&T3V6sZxvp-)jve%AV1^rxS*{@LIk<5c_lz~fcB*!T4}#_{I*z!WgWNOd8^Aw9?y zaxrCiOqt?Uu$kZdXSPsLQ`4}_U6td;VJeHGV zd1=XO-VokOahzX%bxFJ_HwI0eKkrc@HF0qmgDnb|m|1lSum{Dza@7@EgCNTmsTl8}q zi;&5~C^dm?!?Zq!6YHCU@1Zg|IdL$;QzPgT^B^798h{zN9EzC}GkM(vc%%<+Sa_&S zStRDq$ z(l8i%1`F+##aE@+4TfhDlRT12kThTlR zb8c>y2hq*`1AQC`sg!o%5*8n<0>jOX^=001+?HFK?eAmm>C2;g0)79Nt``r%TaEsP z2Co>e8vXy}<9S1$hCa=B^10Xt$O!+!|L0IfE;{3*s)<{5IAe!|dYwl)LkRI_^P*Kq zG`p;A?h8RlPawspNp8p?{thfelzXII5KZBt+(X+5O<-k()!7^4?S7%Yj;Evgl`@wgoP5ypdRATW2sV>)gX1( zdKYb3=`H|)sfv(`Qc8)^MoLF^@D)enwGUq#jno$6A@XUUP#zLV%Bg>4L;ZH*{9CG! zN=8XTNvjeR0Oc{z+xx2UY$p*v%E#S)+U>6_1%AdUzBFl07Qm1m=cGc|0WlgPt3u%q zHL{L*N77v%x8WbBBCZQEw701C!nb&%gdqaFExRHM0k^$<*@K32Nl{9qXGTHG&$D;5 zSG%c=J#oUG+2be(sy+V95CNHjXx`T=sA;I$yOvrdQ-u=Co5>2>uVNvOVqSIU2uA4+ z#HuWbVZ;Hu>hP-s8bVxV3B;^2$_0+%T)ujraJImfH|3>!1zJ(&U))vvn;&Xv@;T2> zDEweg1S9|eKmbWZK~%4IP|hV6Pffc@R|f zas65xyn-MS$giy-sX*8Z7p722>sNJmqaqN935f&Tw@>0!(>9i-v^jx|c#u*vxm*&< zg5pY#NRwFb8BzEmR!z$@2;PeroiMg!hVQ;O?F2}1%(0E}9&~D6|GN~>sG0+hn`jCN z6{vFar(2fzTEKuGOjNye&SE!Gw^&9k?ZA*x|$8u(w!rAu&MFK&O5kRnY znJjM=(=IP6mbI&)(Eir`8@bq6HX>3SO8Nr)iDLr@Oe_qrL?G=vvpSmEp;yuj;JC5c z!f)2mZ!;gvaW#n^JQ2hVDmC;WHG&vL?)rdC@ZRsC47Ao+~sk z`bF2i)%A5UPj3w!#8Cf2T%dlD$NEG*0OZ(Y=#)IwSc}|p5d0~1U@m1(W_ML^3dun@@cVsoP}Ktvf~Z4K5fSG%}e z)UEO z9kWg;p^Cd>&sTh@=>z|0?ELph$qNLC=0Kc^MdPkCQnbS7&!464Eh>Dv^{w>b;HQ?V z6r)Mp{w&%nkPWj#tZi0<=q4F{s!QtoqPv3&+w@l>$^7$9XFt%_GhkyECj)G3=v?GT zTQ-GUDGV&7%OfL^-X|Bkk^buC&w@UmwMub_;Uh$C2;7vOZpxG2cqxG?Pm{i(Ps0zTJNPZ6X!=VtJ~ZQJyEioQ zLT^ZQyiF0~Lu-ggN$RT^DW4WM|FPr8IKu??am(?vogF{prHx3rOt>_{q0T)v|LoRJ zKiL)ahaY}q4}1FLN%1mr(b;lFt_bjKS;%58z5hTz{{;Kt*s&XT@7%S$WjKfjV(XXI zd^(nIhQpq-P(&$@{`B;W5J4dboNuBK<`))ueV`NhBGmj(wl>eSBUz%_Jucvo0{h)LRM$z6v}n8)T)YrbDJX`5ZI>HNEVph06HHw{J{>T6L6F;l3E_7CewktpS0pK*yt{t#@52aX!3G+(uab%Y2USQzu`vogn8LK231AY+COHX zf4|kq_{{~y(ye3@$SQvI@#Eh6_h+B4tq%?j=T`e|d`DR%P79Zbn|nix^;Jtc&Sw^znpp}oz^wjoHs*7fT* zZd|`1_p^i8pUK~iO6g|gYl_WR}OIbP41W8N9{pJ-Px9&>P{LRHP z_sM;vQwq*>LpzF^e=_J^|4kvT(KGLjG>+g@cFFD)I^ zi|lO6)Xe~#ny1E5G;xP*062WF)OoVbW%~_v+`K0W5QSfT^(6u1xDS%|_U+rY)^@^- znYH)W%qP4}Fc}%NPMpS_u{%VkNApNcNmRKsnZ6{Q#J(1U^)1=8GWMeukU@CQtY6UT zvl!D>@Nmhi^s0{T*>Etn{-roPSp*`vqZGek6`7kmHa6Do*|iR?4{u$q`;HMHFpqUF zv1Y?u9yGuDj%hN%2VoeJ)Q-&|<}Cb(%67-D(mg$!4yaZk5pg;Gm4Qkv8~;v_qOlJk z0&e&W_<;^@6poP?*GGJ6D2yT3@qb#7qBrDz@ETnLy+#aQtU%a&5gKMh7rn^9)9jnk zC8Gx&*l%${9C;LxeDM=vHoB~JociNhgrowfQ2*Ryk{C>i-T`K4@$nY41e*OYDBji< zBKB!t7tGBEU?aKgssW`|p&1CJ#L`#+EAIluKq#WA$RHz+Cs>tb6&br1b*Typilm<7 zjl?c5lxV0#jRYBhz4TovFgK3+6r-b^1yoRJxgsba1>pFj(9eK>P_9kaO%*+GpwH&0 z!81XnBv<~bvDyYza@$4CREU5+Es7*n5TEADpglMMQhPmB?!y|;g2X|&$Wyz@v(}hj ze7?N0Dw*kCnVbfVlj0D{zp`aX+vy)I5x_x@&37e=MqGD5`M%zT<)Og?V~2)&2Rdh+ z@l}-_ys$4AZ+RscVpsS8CL&R``=m{jl}~=NR)On#lrPH73q9HdjFLYZK2hEGS>K;0 z{AiAfANIu#!mifbrf{+ZABBGslh@);DGh+ecq2H$a%i~UmZ(Be_5G&{%g^m$9AiW9 zzp;aPMl^b+>>0K%$$*t{A&dYq(u#I9l2kNF2Hy4ql!FG1#!I>%!&Jl1!9E{iJb8V7 zXz;yY!8|&8bbNeV z>?vP}eK!KupK5(r$=5uZb)94@DSH7Q+qpxIt5SAAHC7^dggqpR1RxZ*px*3cguV0pXIQ0X{D0*}w_RTfbo z%g)^7oC8E8C|hbBhx)x-2YGOhjg60=vCWK6X&i|?V%>n8_Um=cVVfcc7Ap?>slwFM zBurYR*CD>%J>xZOG2ZFZr@<-Zs#G%9D>nTqC8!iSi)`S@|Eob6 ze>D8i@I%87(F=ZQ^Sf?N>h66T-LX|(Xlh+fX?)?F$MoBUn;~fOCRY)=!dZmBh}EBiZoZ@<_z zTcF>bxlLz-k99Qy%f9;R5k=N0MOHL4)(nZ8tENBSz`D{l&9zuHTjA77uNw1stMFH1akrP3?m?nr?7 zU1m?3aw*P@U&Mjp5nYkCT}paLcVx~4fokEW(n3`hAMz@x3Z1Hj!;AS&Re<(2ztC0XJ%0Rwi1ye!Gta4z#eB!C#}rAsS6SQ` zmrRIE609vWSceGYKrlMZfv>H{`{wThro7*+xo;ssyYPL~R8*1#heX zaihJonkWP_NRQZ0vh0kdM`m9Po5>4?5sP)rG|igLoiVvZxC@JmItzxZ$zNF_7Y-pJ zOK7z+0%Z8!i$Ua{Qn~90@*r#1+6s@CGwxZ$yj=mR{R0X%Vae1ZmT>bmF9Lqzh zDi?YXRzY8L&F~yCM|v_PVbG1)8FY5Y4|1AmLEZE6R_GtTc9rw@M~`oG>y z9NW{**i25ZuGolqnWa%55tpuU^?f~;qG-Vt(V%y;G&#UZ$0_lO0EpX@hPFwHkvl%= z$dno4-l$PV46=g;$;ujsO@&4fF^(xRHx)-W&>5*BASi~&2&+~ekd+IsT74TdgM;o& zNmh!Yi9(jeRCFT{mTAU}7?4^gGbk60BM4(1FCgQ<4R3 z=IHb}_ZPAqBe{ak5%eDdMZ0S})WB1=LDfdi(GX`=UXlZDB=ajP3FDtlRl&&wv79f% zPg`^g;S*8O5n2kaU^P*yh#&Al7XfE0cW8tGxf}6QSmglKGH~ui{}v8`OyWa2Br^7I z4IAm8tyV)0T9FY-QMn{mG_F#XAA3l`$EQzpJWQn1E?#OGRW6t3ygcnipH?$9>4Qce zP9M-5I4YQ`-ToosjlDX$PF~of8Q&UyX!s#V)UE0M z9%Jjj{kjQS{kKW@<^YUzDK}fXZv`OVS5I3vP5MHMhCVeqAV$MKyX&1zf2r}w)-Y1t zHS}rdQ!#^^&zK*wYW2EWL*FL`k>}&gnKK6uA7avC)3hgmMBFEQA-o-Iqg;memHFcQ z7kqL)8ERQGbJx-zm>{{>Inw(2PS*z@HYU-QER0iAlg^F@gk4f`?3KkaW4_JncK_ae zr_=H3^1TT=00;auW^IU<1>D7_Qcim>@XIee`G;U)4_6VfiW4|%YaAXyrrk1e0!m^K zY(6v_L7a>Hh?7&3e30h(sKNTiK5HXbCffOD0zG4!5J3a`A^?NcL=sn5ntcKLI2Qw@ zolE#%ZO6q9y*?I4b8f#F3&S-YO?m8?12M&|3a?Zb6xLEaM&VdpUOu6vk00aE<*!O3 zU|4D-SX^8XhrtjT;SuS_oaujkg-Xt%4Tq8!Go(#^P;H~P@=TnZxMg*y?EL=N|`K$hYP zEeSe)iBVt)Yb%3lV%XJNJ-QL+7FR!9f*h6ykCe zN5POxz0?lQBzVC=9lfXZUAuP8dZ&V|=m9aT#C;ukS!gfblj(xqgo}-hjj1C|^6uSx zsUbYFl!(q;Bsn)yD6Z=pUw!@6+}zv`-~Vv;?%f+VZopy8aq7jjTO)+TS&Psaxa}!s z;Al}l@m8nqm2>0PVAd5hal-C{e4mw(-!w)5%r^S*w{QpTI6@4yVT zHK-;Qz2Q@YZVdFN4&0IO9X#q>S`8q2ta9DI8S+>qS*o5ZS<9R$PS?$-Hh+WP;&8}x zUaqc`qZlGgL}(`c6XR_`*bQc9RoiLG`>nk7blcNx|FSn{ZqKz7GMpi7V4*zgjAB4D zfc`oDS4AN#dbb2x?RC_6^ryE|!sXK9V46MgV#*6bga>V(4wyQPjg6W;ojrS2dNIxF zCBg_CiSx=1Shfm_I`5N3)G0WoLb7bwFf2|oG3O2ViZg|QVZ-4tOP#)1iW!<=vG7*R`0a8Fo5iUcM#DGhwvWhOlZ}}~Go8J#c z0c6)wg2}Ye|N3A5lYE((nYnrM7AfQY^5rX9N=U0;v10xaTR2<u^w3gL-WQ;2ZF3Ts#3jzWokr7J733waV86WB$L=Hu;;V`o}DTP@7{`>DqCBXG8 zb7XmK>3#41eWPOUNKTM<%(^fZ32HzR60s2*c-71y?XXq|6I&K?sH}Ze$wZhCf~v-_ z;G%xmIN6(%Pfs2l9o0*0vnnjDdwt)wS#dMpX|t?0YTs`AoA3Q3H`Kl~=?gJFLHg*z z?2S5we@tzbTDh3K7@7z>4XN*2u3#tTv*TwcCeQ1P|NYmT<`|jJZW5;?nLaXoTjTPb96P!xH zD!q$AGVA5%GwCm8GyWMSb8fi$Y<|f+F)X)X$bDg+_&lRgDHlT1R6EwnXU8BszUl+YI%PLMT#r=?s_ zX{)Hx5nI0<^v}nwPt5EfnluTvd$t&&@Ziuu&;G5TRc~;Gk_634xwztK+c^Ur@LQl; za-@3Nx_RH}OG&WoV7Pk4x3Fp9>0?Lo&)L3_mHt%ft1VD}X9IXsZ>H)#-|tNRq1y}j zbO+rLmO7EnYujW<+GRVA=jjfqp{MIs#s|rStDYD=I5H^u)RnV^Jt|n$w7Q87sK58w zj6+W?!^wxPZ-vY!LjMMzn2pq~Y?s<|`?hJXLWzbxH98>1r!xM(Z~koegZK5f30i$$ zlzj=@){+Q9@Fj`bpW2B%H|g6%sr_x}QzOPMw+(%EAxiC4L!TNkcDZfnvkOsbuNwN) zh_TD<$E6SbELF5E#7sx|!$dKPE*%*;Xm*>vF98$loS-%+g1(MmxOzU z10|1bnjW6!|L|2B!F*g1^w3HbRS=^hgXZ|zah?pvYI}~KMn*VPcyYLAz(0QCcrlq3?D_3@8F?fSj6j*!|b6d zRnnAS1x0+r>?}JkuhJJ^eBr1**~6~%A|gSV;HIZ%B(Qmal<=_!fUgm^n#%R|*;yU- zhq#9c`yfjLx4U*hgk4Kze-=36cuFoPRDJX~okdTdsx^-h+RLbw%ceor%&VF={9alo z?c-}K8La1;Ok^wLcqv6PhReSF19ssRq5=5r8TRPgzB0J)iiwx@iV(!9)gV7S{J@*x z;Stt$@P~(iboFp_Nx*u~IKH;Fe*XOVsi{ehJ#ADPbT8m9c`q=55!{x#_)V4Rh&*|` z%PxHWl8ipV$uExLTElX&c~TyyC;|X_Xm$UAV|*WCNEK(|MR4Z(5HN|C6@shzai`G(Fwn3A(1V<yeliA80>^r-jIm`w&LXOS{SC)7Fp3GG)X-oM; zAKEEt>(_gl2^Ef$hO&fQs&CuEvVS2okWU&BKlCFtg*G~lx<>cff65aag7W8=TQ+W$*2R@}NZRnpjxwK}^ zYA#si-jK(%f+j~;T4=_tK0;U_KAE?L8X#>r6|&9ED=45{G^n<76AEoQ8Y1MRfH8xf4>$OvD3`AxOI(LvhZAK9xrjZFBRJ5QQ2$!L-(Cwrs5X*|%}qfrpQ@XZtD_c*fUV20 zPzT#_pSch=V46^t#0B{}KyUQ%v9Z<+rT$4??35feT!7o0&)j5jA(kT=zK{w{KyY=G z-aLL73Y6YR4(jF_MT{5WVh*TXEQZCs&fh{>k03uNuSVlD3SQm(sjOmj~F9Ug{2CE2s@tmHKOfnuR@8L7_Wo)C{m#?g6@VfCq=M53r&r~~Nlwj2I zMt0DIz>4YAkwq;DNM-4=cWLzD>=1rz)(WN}=-RbwHd_^4YGYI@ElLuy)Yg_1VKTKK zL-SO+xK-v*arMksw2sNiiNlAFMEs!eNY=x}C7Sk+KU{{kQH~mH=s0@hD1oaM(gR{> zx_afR&0{SE(dCVAaJYK)nh{{>+>$DsTRFG1)N9KC` zl-;ZhBaF9Xol}q`Oth`rHm7adwr$(yv~Ann)3)8ywmEIvwt4HnCr-qTxR3QxQ4v|0 zx%bYszIE9pq}&z)tzld>DiT@QVqPKrCD-Xy!_fItA@nM`prOp4LioWG@yfcO6~D^X zgx`YFV@@)xiPR*pObe|Q&BW7cmMSt^nJ%hU?LXmR5HD5$(hekH&C#spwR*c7P}eAP zS@IDGDvuFQ$SypI6RJ*JAl^+mr{>)R%h$kJ9$zzx&ImB!yV26}|Uh&-Y-VZ%63fj=}mda_qux$IZLEWG6Jw z{rL4|A$&eH-48pxUR5t>SUmsydmGf(sOJ}!3xb#jwhIj3qTzP$+3bL?4bGM=wDW}= zK&yj*@Dwe#6M0CpLpji;49s1^^g?#_^Yz{X)}{de8OHAl!}_WC-x(Fg&ts+R{{VcZ z!tkuO?SNIiL$(N^E)p090uPQ2!-{4}Ijgw4P$a0CGtV@TWENy?J;C&Rc$VBA{+m5( zKLH8a%iPDu*m)r7T{5#j?%c`qk(mLUVX{9MvCTT8-&uRBvcS6*Gx`$q7}Hkrpqerc z-jiDVYZ* z^Y{iTGX;T8_UN%gZjtLIxC{f{vfTMIcKLsLd|?4*7${0voBG zhJONdgt+)(15#x+VhNlWJviBgrkbc^K@c8a;t{yY-N!z`o7J^+ka%Erz9Wj55ezpr^d7FW z8gpw%R%jMh?kiIu?yE>}^*K^?mbav5skzHj6v_`<)2ue=3ZaeHp3mj*E3=oT{~Y?o zHn(FJq}IyaQdVsjZQNY!Rg;+}sI)6PGiPlYeh&|6BmC2i`0N zO~VU{09^4Kny}OTU+vy6>o}*t1ZyQ4@J!`=yG*8SG?Q~(M`E@1B|)P@DX!)-MQe79 z{rQ!|U=s2Vn94BVIRLdjIbW^7woE>c7+eG?NXO#iWe4!G4G+%G3x3OKPcdazWBcy_ zKs8U)ior0(YkQT!OS_6#T&TNBFAKh)QV#1vHRI&uZs|IQn z)I&_wIGIl$_su$K|9v8kfDczgs9~p;I=yGs4|NbW#t4!jm%w71ZL88SZtjr%gCJ#e z4QSz4Ea0I&I1p#k;B9Q{ql${K`|~M&SCTcT{<*eI3FzHj6bVP16Ob+o!>N9B;sA#i zlQD2qOq+vP1^mdp`=d!TJ+^K~qw^|;UThxr(iCQVjH>F&e%U8@!ZZ(HnaJRFSiK_b z-V7PFM1O-Dex{-Vh^I$Yb*Ex+R0k^1xF2zh+4))qGzMQ$YnLdmX1;C5z?MM->AT zrrIragRWHqZwmKB8kE-;H?-n|;ZN3-7S)$+1nK0e|2Yfb!MCZv0Y(9L=@|&k|My_O z9arqrmfD!Tb#$x}nIL}s@@>De%%BzX4}+hD%On`cAyg!1>@2yjzKwPidz~=1^204C zKbZ*vA|#;Wp>l_E5A74$Mm8U1EDU{dQk<&#lGEZM)6p^D@u6fFOGWmvlw`->RUp8_ zGjX89P|LFwcfO8pVyCEw(Gj;t(7C$><20=VcY5LU5TW&*S!06BfBp2 zL79FoIPc(L%Yx7t7xvOHC&(TDD{gc|d`VseExLXe1;UKo0%_orkDEHs)VXAsnULu> zX=q_1e|w#`V2KDByK%^ZCg8;P=j5<(hs64qC(sIB5~uQ^Uo?dL#}mZ~IJ!$8WApU{ zFp1;;Fl4W}vgm!?&n}&teJzIHrTbxCrIgn@jDHu6)#s=ecSIE7I%w0LjH3Z-yd{Kk zN0Jz@9PFCm8npwe*2^bOF|^7I#hXjWK}@<4nzPofA63@#oLo)$qIvnZknfF0a zAa(VBmS$*lL9hhaEDJ2a2mRH;N-eWZ`B_F4{Co+rVxpKzbmd6R(I7h%o@J%vO>Q-} z_(+u(zNl}%gX&V*qSQt9RKE>0hdLSm|A&31T@W2+Kmfh+<B7#V?F3ui?PkL%W_&Ypr8rdK&js z=>3S_X_Rj))xQ4s%bMBNnU+i?z3I63?HK1-6oR&F*txmu7xpK>+cX%HRVNl<8c20_ zJ9fLcm~yJwSrs$_4+^{y4D__+&}*XkAjMg7x-wi6k%FE{#s74gNMhjoMy5y@0MVoH zbN8{+kl!!yDpt7laMilgc%G$5z{l16_Z<0Q{u@+DVCIewO(wMj7*54dRG>7K(S$eUa`kfRc9lnY0V&-7jxYqY5U1 zytt+`J+OX-YA~i0#Y-9!rP3b24V4g6vY3h#kw|<$mI(l8Qt`}}^9UPaBb%Z`C_%Ka z)OPmx=BBMEdC)qHPE1*4GMx(Y!1{mm{%%cKm-pgFDyt z-tYH0c6^2}N)?OKIHyQFQHOiSL+!GY$M#;T41Ug68%!E25w3-iYTl(KV=f(0sRow9 z=`t68p8olB$uYcxLY5n<8C%X>D; zmaN@lh%40!q*wqi-=mGkx!8J7MzXfh0m&cV3Q8G+(_XUmKJ1vhHdIC%#s2cPz^@NB zNfl4t=9Q8?Aq7z;U5%4kY{*CiQjBuX(_q?*M)%+S2-3&&eY7z z+G9=xB$l9-AZQvnVJRfAL087lq`|k>(ZmuheVnWM5frEI?(B(Khn&O}T}7iT&7iWy zu=ISo;4+4vQq*p^CKyDZKSNxs__+V~LEa(}H17bIpaB(*7WbBdh@krQtE+3uDsN9V zh&ep60QTM_8aK_d{+6#k!fmR7Q`TBYIm~(MkVG7Qtwq5{=pQCf*v*W%S8KLRgRVfk z2M!cVo2Uj4*_a>f zHEql*$-W=xx^Q10@L<7eR7#C7`E}5=`|w>M&OSBX{4(EDT0Looe=2E35m zw3i~iycLS z$M1JM$-wZ2z6_B9+iHQ>__tUi#Kys4XZ2L+PN(#(N572|ys{y-riWB1uapIUF4TJwkMqL{>o#6;16j5LLg+zAz!=sZA2fWqtF z0|yA3Z}hP0vCU}2c)xJy`FlVj3X+yO&VjJ@?`e4grX8;2E!2}8OrqPoWc`%g9|y*# z2W{4~hOM4?!nv%ag-ytl8;xgaXy|Zmt|$!3K{U3BkVybrL9y`B9rR;3+9(?hulDy@ z*?U}^`ORVC9`b-HTn7TB(?lpqAs0L!@=}VP149(XF3h;<9SPY`jD}aaA9X-#;?f6? z`_0*zJOMy#v3F-OY8(O`Yzf4^D=3@#Xs>0z*=A%}iSz4)dds`$sKsU_#(+I1^m14R zv-kbHip64vFgh@T{~wq|Kp`B?NBQIY=B9gcAtGO~p|W`od%$Z{JpM9ZnFnkAdfQDcm!t))%YqJnz0$=Z559-p+;)u0U@H)-Q~Z;YrJ6hcFX zU*2RrY?X2&VITxCAYQ=Yn5eZU=XE~H#EPl4dDuXoEC|)Lc8cRJ^JUAd7B7ojmvz~` zLo=^iBHYTN{uF_g^+wB*(8VlDPG}&2Y6 zJM%i5ims8BLAJMTFIFBS?q)^Nct+EKXM88%@^W!@22s^2rgD+71Q-7lH=tDCc;-n^ zljDs-!sr=%{C?&gACw{!5_5E9knsX*oC^1^4MB6nf!d_Pss0;yb&pBDEK0-jOn&Oj zshtsBVl#4L?o-<&Gl&Q;!1`&ZD@*+8{N&k9i0~tCq^FDKRA^#b*=BVIsu7}wRLfnZ z`cg0{rg;dnQ$NXvB`1s=SF8yj=@AKbGt4T>#9a1_Sjg687ma)6EqhhNHKy8i$py-P92)F3dd&`LdYqxeTd@G@Hr_yU-hkco>2aL zbWAbbFzP+sndO^uEDcB%LmKW8)cg{2%(O6@3S+8t(YO~b0mw> z3}VHb$v$MIJF?SI+3t!50H!FvUWGM7@@uMV(a2+nMVPJ^bQ+pX@l(MO;-sgsVj_s2 zmNq4V40~(oE!!At3_h*cMcvuah3PSeT)=*FXBe7~JF;cqqnpkH$ALA1Jx*hm)5%dK zVmsUxoWu6mftR_tLa$@^7E&gU_7?~RW;o8Q+kKTc${=H~Tk`-rM7cGk?%Ul+Q-Hj& z0eAVmCp8B6;=MX#;R_`+ID))}(H@{1kLcQ(43=egXTFYL6$Gs8^_rXgF?A3HMiaMA zLY~%ZCvddUaE>RDkhtuyBaZobLLR^UTru#k$&C3i8wRg+3oH_V5y;8P>hib?63aEi zuGNV=!p6Z#-C|uUDch)U>X-eTGkNf$ab7c$WJ(`wiN#Y_qUHw8V1JV1bMg6XrlpY2 zHT~?TkR?NdDlk7dICvHe6#$C?We$RnN*5YLhf7I^N9bNW;uC^6z!G#M9KVQFfI(@5 z$iKpe-oM>=ZLOPBUl^GC1qn3C47_AjeTJMQ8mf=~^6ene< zHn_9vdd!79(HDP)! z-jKGSfQq?|>w%&pn7o*zS%#~tjZ|M!NN*E$<~fYGqW?YZxFlwfPBSEZ-Em&3-?GwG z2N4A%VPqp!rhXkSme-x&aBKDMki+rcMX`5qFVg+!?zaP0)AKv22PdFebwXqyN^6rQ zkp0X+zVJVY>^T~Mi6|eN^8$Fuo-h6`El|k8=D86-ejj4>FbQUmfg;HhG9JFSEHRJI zkN_?<@1j+cRXQGHKiu7pK#Hu_2t{0q-G!!UkkdWrz0L(p=r%ToWiy}>j6LsYVf(i zsD?3LdnQUSZlR}`A2BK?feWMZl^e>_hAS!u2|Bx)!4wt~0(Qha$R-_> zMYOj|@x?mNGP1oNl;}N(Ngg!`G9sf}opH$5c(=>>2V1+b+B$Rja@+@2CZeupmxs>Q zDbpFE|R2yipGBcP-P8T~uY$D1)bx#HIW@?zBIM;F@`X8>-U6>j-+EmhA% zrxpqcOR+qC4&$oZ0+8VOHi#&|9Q4~)PEIZouK_w1Wr=B(mcwnB?hIt7wXMFdPj6~p zOZRex*j$yFpM4tgP2RR?GYCB(s@6p9+HACP=5w_{>1kMijAsy$ zejX`EQgZ{(J>tRl3I{)gGVH9+$RhG676KRRas@b-j(-Qq^N+RNuy_A#r_ly*jns}% zLfmK=KOWebhwbUY|M$UNoS2jLMhVRxX|jT+s%-yielKvd=& z=8Tt{U0h$p!Tk7d>_vWQ7IoFW;=0np?6qadHfm$)nA=Tk)j$od$AsDU?VibnvaPU# z4o?TYoCr38>#c>wiTzHG9YH5#)9=2y#>z|kOJJFYJ>#;CYF>Z&BBUHba>8Xrvqikr z5t%s8X;U@Cx~}sv5KQi{p(aFghwn$!7oSL-t1CRaq73_W?7vUWe?D^1D0x49)F?trq`cMZ|wl z(E?k49t3`5mPGTaCIQ3~8X<>H_P_~j)3h`Y=Jz+X(HtsRC%2xJy;gm5ogt)zhxx}o z@r$l~>%g?gf$#Z8JW0y3Tt9bNwC$1G)Z3G37Kpya*nxRWl~N83uGWQWJQ8y{mpa8<(a^=}isd^a{6L|6Qd|M= zVx2G7D(ZAgWKc|Aj73}B6d!;=Ll}a& zAa_`VnnNF3HD87=P`<=FuWStOz#V+Xr2}J%AZ6Gc6>Fd`S)9AfqTl^zJ*J)ZjX`8D zd73zo)p+0Ob?L1z3TaGvXIi2h-dx2UpDW?t5B2RUPhPS8=22+^tHbdlEOb)`H@f50 zR}G{}9LqnrR!RjP-+W#jf(razj$M|)b%A|k$aQIGUKrTreT}wL+PW#yu+M* zYiGPLL3f>FXJ(duz75#u$v$NNX4;Nd;TT^oq8i=D?|gej*+~coF^>tbrgK)A$tuY3 z55)NTUsucyQMPqXST;Z}3}K;HX96(3e~ap`D*7#OxZHSIAJ>GE>=>~BXF&ju){>1^ zVmbU9{9WPU^6uZ>l!d@+Qh^Bp1t`B)T2&oiu1;S)@+N-ED25%fS6IzU^vPdXpDx^r zEEq%)Z^a;*DgIxwZ_fQ9Y1+oFSY5eFdcMkoKFeMN20S9D8qG{aOuShVZK%J#H$l&` zB#N^HcI)27&0j7H1Mz(3fY1`zf-OA|;X$s>zefIq>cjOk?Y0Q{f|;@ddcYKp^=>>v z?NrYb6WB$n#En01eOaJ&KG!VM`V9B@#?s*g7pAf+{o#?nRJ@S_c6GFDwe`i@trk;i zIyE$FQ8_ulajR(=x>q$HQg1}th)nlW)~;}(!+hX_q91O|DGxNivmwhd}3t~SS~b4m?V(uUj?ohLa*gOiH!BK4J$ zfoeIKEI*f-&JBUjm~!ygFLVLm{gO=`6GnXlxj5rsbApDD;q{8z770Yd70DC|Ohu!) zo&8mRn>ySb6bWJdLD$za;3Hr6>JtpscqkP~M*ixgUak=U4daia!1bP$&N<+G^$t@2 z+@+@vvES-pDkL5(I~?@0Mo@8^df}jVp+&p6xxaY&U&2-a(wH6}*F>A4l29`HF$N}C zV!g3`;>mTZ*6#^n(*^pjq*4&gLryBVxO#zcpAzcV7JtZo3kQnz1%1O-7>`l+g04sf z^b2tuC*p^u#%-6!|78JKC;$k95K>0Jqo_f$QZ$Zeu{gjBsPV{}=iEN+)eKtb(aXrv zzOp^`ebF6QnVfRlFyBEVfEvQ%@yF@+6+x6r_MM}WlFfz@eL+%jKds~W8Y1(hpurQP zi5@jHsLT`4UN7zdyS@a?b+`W(OjS+m}XusYvkz68=yz<9YzRAitk5D1eYrB=e+9Si!z7FsWK{V1-j5h7eA z9#Qr*gT+2P#b!Bb?9brM-2QMLSE`+-BXjVN?7c%;*vDwD0qh!F=H+=vQ;mvmd7p`s z0E#-9gQqpw7w`cA0^HNd@kB!sOlf-h5nJi@9%9w}dEJ{>kPaL~}T6y%n!KgS{}d`H;}cOt*A^2Kml_ii*DU{}b40FSkM<>LELSe3NYa|R%Ck#5f46|2!O~PXa*!zF8bh2B?$x zS(Qm;E3`j<2F@Q1sHlVXRQ7W-hhw+Vj`KgQ+nX%C$7HN5CoChk3kr;&WH5xPu+&N$ z**!yh)A@ziyzGNCbOAEwW1hShpYUIE23{Xt8BuY#d;r9X)rRW;)3V>Ei;P1FG0H@c zh6?931G6LnyxOhPYDEl$i=?yGju8MSU#pLSrSY_IKJw9}%`g$XLoJl392Vg*Sb)tg z{-=mxjtrmA$F{ie0%c-obdN+rcyc;8)llk)QGSfVBEZ)u@5v9F_Dx;^kd&E-v~fAd zG^;keS z4EhFu8jATPJd(`pBVMDzLKz!<45djKPmR8I@iiHdGw2VL(CB^hc!lhx^R6-A|NEVS zyrC=5=MtXf#eC%+2KDRrNo2W3Gd& z2H#WgDXcn=Vz=eP)t+kab7?ahpR8=$pv~%qIumWoR;Q6gU+IHkKJ^ zRu$0M>o7Dr%PSaUFIo6p+Jwal_K|u!KZfr!_71iWwr?Z-&Hrt$NbW`0!mB@>YLsUxb6j}hNF$Cv&ReRz8c|R==hxPAMFpb8|)7oJr zUq|LY#O|dHR>M-BELG+&CC=<<7ER}9LE2ghtgvBah_UWVR~g}jLfFFPq;61mkE}~z zL^5e$Qj+57V5WWb4<7R#(YzSQgPj(n7dA~;ZK+*fl|<$L08dbPlzl5I(uCDiXMI&I zdnBZ%VQ8dbUa5P%&I%!84$2>$-=t@#G$`i3t0kU)A8e;6;jv}ZF9o@eM{5yKM+_rY?tw{O{}42^1~?K`W@7RB)K_FZ<0;=<>jreKm$Vj&jmKmT^bCkJrUe zDy@(Y#tCl$9-eSfN<>tC?>~YO6uY#C=Qd8i1HZj`&3e^Fipm~jsw`JdTg^mQ<+}&o zrakOGH&aKk-$_?kANti>tzP$<4k4#21Jz)QGP)6*cVuvJ7*Nuaa5$O1D_;P#;5D zZ!oc5FksSvpc8;HmrjkhDp?Z~6R{FAe_}rG=_iO*ZOz^u@_vk2;9MCv>e-(oVIwH4 zCQFe+hHmWCZMxK-b^jz1ZsapM<~}9mFVSewPbz^VJ&og`*01k#%fRWZ%Z^=w?Ha`q zbb1TypxTZze;8YOi(>|vc*_c5HkhtbtkfBpxt5c(gJMb(j6jJBGWz4HRZb*@>gXz^ zd0kBaw+IG6KQr{o?veT>X+lLJ4)PUY9>4rK%M?DqjtE;1KU;LPbyc3E9k=*ryrc0~ zi>-DW8mB7hNd_h3TC(NTa#wgJaD0B;Sk+%4UOcC?;t^eCLskE8ZJT4c?V|U~wM@c> zAte?9Vdlcwaw3(Calyf_Lq+DzKWo*1YfIpJviFnbK-c=+j z)*NoIRverIqGsSg&7RD1Vy8Ji2om86*XJFC2s-cx|F{b44XCyT|K8tY18%5`M()+u zw7f9sQ9`zKCQWfFu^4$0;*QJP%fHh7qEj-xAjl~dsbKrbMhMc699xR-SHHx~;^reK zZst*qvi~9HmR}$$FA04UFhtIbTP#5_W%GlS%6ftbz z{>@n;^-2!rNdp~*SU*P3?uS;LF`^!_(-lt+tVjp_vH+Qk_z=lq98M=6ZcKIhN zZ>l=lyH!hKQ&YjSS$kk$oH@T_9(OX3ZPJ$~J^(F1_Wk1j^THhkkZ<*mATG$c6|c4f zUyLh$-e2ooajR-LP3xP}=D@O5H3V2G=KxSBZ|@og(B@GJG7N@Iu6hf{@!v(a5)13q zI!zP<%C_ia=w`Ohek{|}zHjGb!`3}q01{eu!QAr(~5<1~8eDtKNfri`ST z>j1%-|JV6axA%)BL2~Q>YyUEIw4CTejFEXTy~OlB5Pz4~oALJm*9dT7rg#h)2E@T0 zAYzeHOBW9FY0827`mM=A!EZ0*>1|jhy)E!&{Zc96fEaO9FBdWEI}S)DO%$#M{;)5N z?eTLdX5k+sq+t5Tr&-bIvhxu2z0Qe0_jJ`{W~D-WYmcRuyl>k~W((RtZ%*hgS(~*L z)LMl*X}^GroPs}`LWVVj(0bywk55SNQsSJEuLIN8a&VnMBJti=8guZpX!1!vupQm~ zen}WZ7M$Ku&9lITv&xghl7yXA`TcBSc&sefsR7T-8G(y9TemC1tWON>1l!&2TfYqA zk&NF>`S^WfSp1&Wkpc;|nqMVvG2`NQffZUPy0-Y0Kvj?C3g+;Filo>?WT54Y;1Qnz z#`v0kujuQ3tSiCZWXyxxUXgxKO5<}Fv4|O_%)hAdPhr~hV-KB(&9(L=e9FhsJ;jZZ zyyOg~PxdA&;-$m7r^(QE@G4=Mw4bh)Y?NyeW3p1J4<+yVUDM2o0mfh`g#bxK9reG) zGnjXFK@Z7KwpF@muBjT5->RRF^GTWzX{BsU83=Lc)EDnf%OgI_@x0v3x}}krbhMeG z>=tz3O{;~bK&aQP_FJs|fU;{ftwUDxPdk0{qvH-p$X?YF8_PPzv08bAdEpTyvdx2a zJ7=U;gNK9Dq;dxk{jgAg8W+prXX9p%uZ+{X-{%|}dl~HY`5JXPG$ze|U;2JO$$(C+ zafTGBnqrt(JR1gq$V^uuhXmwG7tCxCQA3p=uB+Q#3 zA^`yRl?RIOR`E<*0sR?gUON#I8XekW_QkcdXfXE~k?Vn(6p2t3Q> zYHjS?b@~;zzd^JV?1M*kbH)x*n4MC8-~NaqBS__ul`|!v<;qwC?g6z9 z>VzR1ham5koJu8|6(3BUd-BkaISLJaMuFQIxq<6Fn~u~sY`Vr6d=JGW=!}quXbl?0 zMd_4xg=_xtyoHg}F%^9O)jYS#FvgS)^Gv7fBs8wu>3Wlk9kCKEJP) z)?Vtm^kB2Y6x8-w7!xY{YYB zqy_?ZVlqg7g8~Yuu_wCc9s1_X7>QD$2^fPN*w6Zo7<&txTM|E`xWL;mOa#-@dGyxU zs3Pw7!{oq%?P;R9LV8eG`+ z9s(cZVuwS-KYWj2K}Dl%;nGOCsEkoZM0%TSC%CAwRYi*pjYvaIStl%0`G*R4kcky* z_@Q_C_81bS-IxNK22dNlUtg#dq0g{LU@`2qA%!p6iw&QL`wZSTNvf`WRDEg=b_PNQ zqN+nD@(#NBC5!c_n@`{8s#a>P+qGHgZWj~;&Ypo;qjMPd$hJsLe`j9K?RWBI?I zS&UGK3E#X{JT;-_i$#+morxt*FcR5mXh&XA$I!!0v-X(EB*1g{MhZ)X1Qw+43O%Qf z_VRkX&UWn|0gt*pt(}^bb;OkOE<`$8WR7(w7%ktinNg%s2|=(o`?<(CL*YxvjC&`W zePfi?G7zYJr<5Xd(_~kMK~=l_6`z`7m|>t7x@@SFkBbfA8CO)&TA}h)y0Y$GcG#0n z{ZSCYk7&l{F4i`{vKSCGkURCnabqC&cX2?jd_&Hgyzy9RFKkKawwq$Qu(~Ek9FgEL z*W_3{_P^pW?v?VX?~QkYxH|W=4be!n^i-zgvpaNE{YbV1m#eV;QM9gH){r2skV~h8OKC^> z{BNSajWvccC2guE)!l3IGT3tTwDEK`Gb7fv+>GtQ@KP;Qmd@11lIpQce@~PKPwtm< zZ9I`Mqmz-NMPU-u%bY+vqgfNLrZiiiPGAVpd6`v+vU2%-jkxB+(8i8mWGB^gF0E(? zkIa9!|8`Q$A7-}cC^Xg8qJSDypic(_Z6BkYZ=jr!sDM6W?rodVS-2a3%15cW*4ARU zUC3~nG2J3FODoA23F}w*xxVo;3H?}ap}{qyYE%AzJ2YziLlXXn!$Dd!3v15n0U%o8 z{R5dE>LMMuzbH%!AdrV*d?n1yUxTRkn zrsCJmH7{Q2*y?-!nb%z|tB}9#d7PJCk`{V_eHg~!d(vZfg<}@}Bm#P#nP3h2t8nMI zleBfKF8Q(3j{1F-!R^DhUMfuWQObD<#;PM{fv$KK6^0HVvIziX8$o>`9Hg>p3t=Y3 z4uR!QuW6_7loQzkfr{+vwAxRU?-ktgb4{Y73Qqrm<{U)R(dRzN|1D3CcRc!OsAU{i z@&-u4{Z99PWw7$t&A=17UY(RQ8Oa9>NdL`SY|m@phai8y^!_+xI|Op*cKy0WDVoyj z6nh*ryQN6vJ_}uFq=D@W3x^<5Z;2?yN34q|!JBr9m(K1}W6f=TEfS`3kz zd7Of)GY3Z68=nd*pVPua#)X)IG~8ETkD#&o1Q-WY{J;oNOc7O^t%BF7cnp4l$le<% zzA`Qp76>*&)d+6R%{gXXmib7rT}A*Q67YAq-|!nf-vg{P(;PdW+MsulV^qReAYd;^ z)SU8m@a03u2s6wp)xQ=9$tjIWEKSl-os&vbRo9ZIwRM}b$e%>`EYP*oi0Wv=KE(9vJ z7*1jd@xrRdv;XLS8oXnUoF>6$UhJM-#3tm_((NlwE^lfSQPL zBCTU0rz)vX$(6TAfDQ>Y=On)g~jeux4n$(a1*m~_?-yT@CbvoSoTf5kYjteJ)!Tt9) zoaob8lLZ28A&)7YfufS!>e&9o5mlBwUsK~;PK6=Iat=?cRrbyIdybuOnL>`ba(7_o zHHj3waUlmzLwt0>z-bB6)o{YW%U-A+F-3uMo^ucP6B>L(W?tUM(cMA8{yrXA*UY@- zKz$CqUXM#u>(gH1sn$doU*m(+1Y)W0z{MXb88GFi#1Tbt+}P1GU>Y}bdir5Sjg~m) zHtfGFEw03Wb&DmD@3;-LIe*E0hte0Gymy(sDj=XgsV8+$k-*^ z$hnj2nVM7YDlv{ugO_t08pOPhWBMB3Ek)C!8IAZ!{XSUIxAt9nCkAc#QCND;d~Ai$ z3EM4Lk2ZI21zYj_TTK%{mv=M~ND!N{;&%mXRnIsC<4&+_(_VXarlWO{X`q{%t4De8 zQqUh8?Y~tWH`GfW*Dq1Ml4a8eGX^Kahhf&u@ujzHV^YYV>LR31?I0VS#{(E3;Nd5A zg`d|u({{Z`^N&LPb%hB&a;tc@N zB*6ra6xL?rsLNrYm77rCA|;a}y{iXlpcZ^+`2u1y4%FRsq+-HCOsBu=GW_<^ce&^% z??g_}pGDKvy#en;-%XMNr)JxhVs1|A6pb{ozQpe0G)qcfV^0v zq>xVQu1O~mi6f7fUHDTpYWn*ch?0}gk>W=0C(=}e+#3R<&8CqZX8%a3)gigBxCPCz z_v#K6amSIo>YnB7-yh|bdkl3S?q^xM8?j!W*SBzUIw~F%>O$I+Ve+U{`~XB5FDEZH zIO%=GcdzC0!uCw8s3c+FsKO^h`WFxlYM3~ICnJ~?zT0!P%aMA?%dgp8q-pz-H3Bnh zCsI13yid_SiMG?R*#_L6uoda!@L2jw;E*+iAU#^Xjtp_}RvzV=&V>~~+de=eBa{m+ zIgu*-i;_>~cq*wDezt+Q@3QMArMnq?@2j~?>{?Zzzt0Y~QrYC0QQ%V)=R>@w2f%&< zo>>PQG#9jMKnQww4(;?emqJN4kK`0)E?-4KvJIjN?E;D4U_&C^l-hlG4VNXKg?UKj z^G8uC8O=-?tl=esHikYH5`&7IBM2}W=FiK`$&^tF1Utf(>!H%73?czH_4&RW-u%QB z=qz^fF^7;2PKD*%4^)d>EEOF#jVhTqzL(nftbwH2m1jPd7Bzt;z?tiUrlL6j-|J@B zgz{En$;)c|xTMl=XkGh^F=b{Dyr+hQDtxW5q?90qEY%J)tTv9F1Riy)GHi@UHy4*B zb`?dUuG|G2);^!FOt)mSl^jV=%p%u*|6Gt1rI&AjAnzWXE(2kwP8#V zflgcfKQU<8c7;pE>iHR&wKp+2>@8O$!O_9BQ!h&CsPD|9QIT|o5*i4K9?}RSz6QH!lu~NK zi@LvlAOOMQ`}3r?uk3s_M3prM=o&g0UyEk)1pwK(zFgb+JjO{Kwy-fzbhq*njJI)d zfnN1>b2Be}ok~+39CS;0_ff=MEh4=kUZwdJlV1>bH%?Yped%fv zw5YzJGJ95^go_O9C8%Q@pA-ROP?qU?`4|Uvsbn>eU+gdGoZM7NufVvhtHSA)#v-BQ z&)E*<_g?B`cyWuVAjZSVOp9taXF0!}VM~W0`9r8g=9KV#7 z?I=!zlL=7l7~i?c!x^$LveIP&S)nMaRmHMKJ*D^E%%EI(H3ZbETpcy5iAd_Gtv#{4x`s;aQeEDOt7x%b94V z7xQp!F0W@JYrZ&v{`Z@l>0!>w^ zDdOD8$OT*W@YXa&oxvGlyxWnIdjkwx`5KiK(;E7qupx97Gz{YdE>e@DPaH}_F^n8Jm#)-HW;K`Hj{ z4P#uu1a+FHV^l7x7W=(^RQ$|`i`PH;zWmL*tL`ctHFJ>>v_T9=? z!npE9rYp#|j|2SDj;FPvP^bA^lc0|5L#wu-S%A6VAySuhLqPeOx^M0#JTdbMyyi?MKYqo{XHD}n2 zU8kgmmZ+T^@p-e^ecDNlW%!uCjG0gGXo22QN@)R9f;BTi8eo! z=XwjM()Bx73L&qgX|h7u|vncjQw`udqH!N4c9NwhA*B;k1O)U#zDmaeX1S~dZ)G2g`DEzN7X z6l#*G2^96v`g{-2+h&eGylTj2ynrQDCN9B!twtZAE z(p0Ypq+Yw`8Nl&0W8F=o!r^*469P zHT`4lwAZ43p|B|FwcT0*S}bRkV(fCL`ko+WmD?N8W!8%Tg@t374VwQW29#XxkNd3R z)!=FHL(%pRsAeXyrbNmN4_4mb*s|a481OtzcO#R=J(HWk^9Os9HfXI1Mw(dK7_GrO zqeCgXqfB?Ge-U62G~Y$utY7Ia(i65YLT-=qV2B7GhTBz)eVF59_B5#=!BN)j%hKDs2$iE=nj)wSlX%F=FVJsGFkSehu4p&J_ zP;5gXgIuOHd2nR3R36J-%}lLb)~3K^U85%M zt^>b6kzK@AGdiyDgpG2F(DkYc3ATdAX<{EWnU#Mbb`^oPQ9!#6#K{Edp;^>7yq(fZ z;KI;!Z;P5cC%^CRkp~ft20p&IpR#~IkfU-@kPxL!a@N+4hL7K(YrraDHk1k>gz3c{ z?3%Vx!jot^Jaww3DdR>%SWEw!`6nuR){gu;7AT)ZC7RAM%uFmh>od|x>v2@&MnYUk*DZ_@rN?1WQt<2MU?<>h zW0^kV{T=#baIH)GNUR#1Cl1rtRAL5NLUU(Y)%`Dw^qs!+)=oDu(s(i{4hwq6W>4Ml zs0>8zL;u&mz~3I1bayd*S|uz0alAr@e1P+R%Nob>3dj_-vBG4T#NJJE&3Xe!9RL!a zPorTz4W5r(6Aj=*YpE=J6fyZJm_^|tY5s>Xyg%dOZM5@mWD<3T_p?0ZT>~|Rkd@UxMR@Lh*@J0?Z6v*QAUD{2;y}TO$)~ zGJfb*h|yKl8OS8{g3wvB6TUFcus=UwiF> zjIeaOe&Wi~p7enJeKr^ee|z%8g4-}@sW$ENjjp~o`u2!=SRp?vVUnbNx~629CP@6x z;BD!(e;buxW>Mhi896d&_Q!Iu&+zn9VCDYFy(zOaU*t?eU>Ggk+7>Y41@O}kpokhx zhuqc+Tns!#svDNZ@Cket;l(O@OZJbI)SUQ|53qwX5dMK_tbFIfI?1~Tmcy9?Us7(K zt1-X)Gw$aeV0`L6`(Y)F7M3xc2;fH0cI-C!st;nTRnHl2+wN+G7(szoK5BN=__sCU z`C|U#p76X|6bT{C>28*y8G1AG{2-dK(`0{Duf_V-<7k^x@Gq_9gCBaYT-Q=)XZ^?N z_J|B#_VZs+^g{2&(v_auIV36}T2?$>uQiWxKL@lXy}Ts{#6<=4o7U)Gq#K4gopmfD z4LEqzU_D?JCi=$a-jsU(FfD*oZ;KsNY%}WouAFKGJJLGMX zoUi6L9Ahp!XgKIz-#&jafB$NvNlqYLTA1*ewc_#L9DTm65cRHQWa2^c^>MK9u{I9y zax${(33T!@Gh(^17oX};Cv;z8Vw6}uTJLIelEpGX0u>UrPd7dLC{1>q4_P)o{e9Bp z9=dnQO(+Fpj-*aoH_-5g3^;9ZQoTcvVM6aHT9T0$fbP`(OAkW#G5W1eVL zn!2p{Y#A^hjcLZ8RZ4d)lpDVVFwJYLQo9N)VzdX^yQ{ec#|xiCd? zPt$HN#9X*NVmdaHUYzojQaw&iaz8}Kw`9rgx(200vpx&~J9&UU1frbw8A1kb0`V*! z{~u&)1_O6XG^h(ZiU?zRaf;MAD2gZuXZVAvI7nF;m3?;CAPMc9fRZr-Bg2a%leW0LZVd0!)K}hQSr{&q!${fi4t4f z3^uc&i$B~-^)5OnU59vVf^A&k&1)B1KzV+pD7tAN1m-?6g!^@AIn!!KV%*!SF6rf-vu-O_o z!*DcO;|Gfs3Xji*w^aDO29%jk?XuZ6l2;?roJc$LP?lb6a))>A5NFSc1E7y(sHhZy zt;~usDeNmRIKn=bHg1F@FioK5lyQ*pDr{8;4QiX#onniVGi3>u=O3cVy3q8^Z<~ZEl4@6fClxy=aA+QXd%vloT!=mgKUW$Q_I?WuW zexGfBw>$x|H8HV9Z!n*4z|UE2t0r94Td_CQ`44Qa1D$)o)K&$;(1A&*O|(KbArzG? zGt!=JGDSIs%^q*nE-M>95Y4g%;7;u?1bNeG7LJHzO;SnSL@fCATHK zl7!EKSctK@o|C$JLDEX-jU5>$>d%A&o`N1eBKfc9+I0Jg`HCX;9G6V{d9wZV#Qcx6 zVk|75ghYTk#E$^j4Q3B|?=#|)a4kZ@1oe6}n_+pn5JntWCWbCaGAKOT2*HJ@bQ;9J zwJC<)=-&QMpNsk`(8D0cnxQ>jjp9Ua4a(_-|{XFHOd`UnmO=(hkF*B`w7U z2dZ@A2|h^S@@yX6!xFyOh9}~VD>rF^VpM-y=mgt(#Uhmeq`uRvyH%f}X^{y~{8)E$ ztI*|Q_%$S!64LJL<)bL$eGZA2{NTrpf_Rayx|YLFPk%tWBTf_zdzv`BpANmg$2ksO zBT7qdjH)>`2X9Bze*Q|0jLK>8=s>VTpMY&`ou=5mxng>W62LE1-kf2SGen`DV{j#+`n(uX+ab1d(}r*ET1Bp; z*J&jVN;O~;T;`Kh;w`|d5I=Ui`=TlqDKMT$lcsKz{A_QXm(*_?q*YF z_F-sp^=`7z6?1BSm2%g>k=2A-$qcJ*l=fBPs?s=3`?o}>|Sh}w2YjGhT<&LDy&%G6)XnimmZ@R?b$ zDAYr|<&VAsw9c1Hhc6Q;=r^F%jd=pTaySx@d|921{>CD9#T67te^OWS=vHOsE1o5a z(o*XnX{yjj@tt%j_YEjE zvph6C?j7{V9rNHg*`~Q{mS8c}WO1%Aa$&f*(w^;=;uKeyh4#C8&zW20MsOE#@^?p- za3{LfA^*Hy|Mh=hHm;ujxx!{PNNQ6YsDdoy%V^x9fIXrznwrfIX=*2p&JT{0zA*g8 z`_c}4*&D;rmQ%n0rL<6b}K+8|%f|b=N$SEvb95X(B8BrUR+EOX{Z!6j^dFy-E|j=I&cO zxtZJ2smS7Nl+70l?YHj5HbvdMpJKk=?(t4J3qxs(jp-6mKdlij!@l4vS_u~3)2JxV zUmz*0+3sA#!1#Nv+0gg-q_|LOBYB~$?OBC2#NY^9t+XLi%53fkk!l)D58<(uT!BEI$dX^?crwrjoe^X^Z*<4#Tw{80 z;JoiX;Fl&PF!ApNI=NukFS{uGGEVtu2m*Nm{@L_L!OEqJ3C^g7T8*v$j~Ou8ygWlP zyMq$y+!zT~$q4YK$?t;;0(!1i-4QMafcT9iWdU(V4^O0#=P5!<&P(S5244GV1Jqkd z_lm_tKX3CVy&kNN10VxA{A-3kP~xPXzh$zkPv7H*Rzj&nBvi0Q{7u-J+hFMoBhxGV zi|2F9he;E|P;C9OaDV>E?;|d(&x!fk9Sd`GZ?7DJ`j3$q9Yb}Z1-A)_TiEeXAnUFs zL<2dkcY|7iM;ld~hj+^}g8q8zgYLVco{_F40=e9+ev-Jh@=g^{w7TCGIKJKTgsg7p z_S|14Mu6-;pSFGHIR6DWI`&=M!K-bk&wBY)PTG6gnDxq)k{ruQexFHsHH~3M0*Lxx z(LEMn^qnYmYRVRp29w|K@<;ZQU8``w;wqsDVRK=O%0~6zY`Jh)&xkfJ-u$@t!JX3b z`8*~n*v31r17$7A3%Ps^(m-I@7I}5lgULRiG_Wk~9T$gS0KUKB~6hTO^2>jKyI1eI! zy<-(t*=4fSsP*=?w+#gyA^8RsvEuV~l%cURoqDhY?OhJbT!p`2L)`?>mVz2i|JP&; z?vk)?s;s5zOwH%3=wTZIeOIoWy-}V{G8A^6_Vc|N@3;Nj(^Nf~L;uFZbVLZmr0YY> zDF7=yGfmaDast;d+?d4)dgQm6S9r7rU9&VJX+s<<4aBn9&eRH8TB<3e3}#g4Pob3c zirXXrq2;)~$7S2)QvD$3)$BIU z`wPO=OmHC9mOE2wOy{_suS-6EZ|ya2njuj|(uxQI%!SrwiQHqTrOCD%zW!Dxh`C z3=Lv|ouzL7}9@h^H76?#k`*~Q)lcMwQ-80+zRh&G2 zLLY(9F8i?)L;-P4J0wtFcsI|yb15$70pQJ%%pQ5=)w6>oOA9ViFhk01fyLTCA(02; z>8%h4<=cFi~EIEH1jw#G2r+ty{2VOjRbnAT@*VNnoi^PbLx(4cLuldZ;}4@6Wj@ z{SpzfDw@%|B->!Mznp-giC1K@Ip`>~ALw8MFb|GaHWO0Chv^Ae${bpFyk_}>vHVY-Q~tYZmfc@!LF*(Cy2e}Wt52j zBw$8H{VRgQSz}CjX2m-^ai};#cbt+cUU6da&&N7(p)f%-P-R0?btCVL4mhS%PXFd1 ziiUd|S=amrB(d>k-(L>i4_h(IXGh*Pe)en|AF3_daVbHJGPYUX`-Fnj^)tqIZQ8s% zLTS9J0xGul{-;U;km?FAGcyXb@{9wbiXq?NQW>s( zZU+1}L>TqDH8CH@3feR!SRGkxFtXg74;)~#gu$u}!Lk_ZuMzYK_il4n!K z;J)T^|5~g*5MRon4bKfURJ@PiNuku#+?H)dxEHD#G>%bzm@vZtCM!h6Xg6#O| zea61Em+3p63P|Icyj-ivT6-N`Off~boq>;s>{9^Uek4AhV<+L)VsZ83j#u*CqFnHl ze@Hs`aY+Ir3^2mVlAA6HolHXg$<}eg&JU}D01vsnT=_R7#bCH)D&|aw;3B`V2$6y$ z`dd>%Tx3$A0RqZlk#bL}o8jnciP15}r8bZ?6wQ9xo?4D>Sbb{`ts9$&ENRfzmVt>S zHjILGHebMZCi!qQ_88Xkhpk~WeX?o=*Eg7Ue2JI($X*lV-zZ~E@H(H}pq3X8`%4IT zP;JVXkKEf4*pG=0+ydibilgDsf{UA%w<&Z)`7HHrJWVH*_`r{`ovmJ9$*OQ_4i{n^z@=kz{KzuxX}Lo1d6)JQ2D_p)ng*>k7s4aghHh{T1@EzfvX(=psXKArLppT z*+mtb3UN(hENM@NTUXwGs})JXWcd-qtdkUgY@Z1=dH?ac3={{1fPHWDf9`Gf`X*@h zxu2H{vXGR&>!R;yg7A|HRiDl6qVB?&r^$Yx9Zi8Us!WhB)iMP?a~H!|a z#NybFDNvo&@-U4Rx#z0ozkT9N^Pq+NT|z=&00LZIR~KD7p9%FqT}#r`%v&KL%*iSr0mVZ!25CiBi(Q?$os6 zUpADwx;9Cg_}S$$LTum-r!?W9{D{i-sf}j{qnzxb6co4-vS6}60_Q)OSm)hbeeAGTeF|6P z;BrUlTJT4Ojlb;b)mIQq`xc0~?1RJp&kwAXRO~dtjr+3q_PdIy=*#cAkF|W}t&TK7 zeFeL3N5Jfp-)Z0H=1U4-Mg`yAbFJ~9{~e&n``L%yOATehu||;Lo_E>>soFulOZe%$ zs@C-AIsJSPz{32R53iH{Ay21e-JZ_P#?Q+pU<;*`eMQ`1CCTy}rW918GZV=@z;l0k zG|5Omq+*nP=EZ5P3~3RIv1ZqYfo0mh96a+00IAKSAWOH<_uQKZ0Q5)fgl7q;f2n=7 zaw`Ff{>InMrU~kLF9ft0e$7#|N@o-2xXEZkMCocroD5vMpqaTB2D(x3$;Zg(Dv^Is ziabjPziB0iU!vPi=h;`t-2oJI%HP`#iQrKQuylZ1(povkAb$HCuN>@r&&e|U+QWrU zXO!=SEj5mZ%;krX4nnc&JoePpg0i>bGTzt{uPYl7t+bAX1M0sH@jL1yVCNd?1uxN3 zUaSZ)Hs@TXmsBbXLs>()asl@hdf92=>(GKm>_W7#ZX`wk1#N+G!AY&^X`-Smu#?

R`-m&kQm#kisreEK-pfzus;u`klXFJEMJLm;ue1#8A}r9JA|?d~haQa{jj;ki?ZN zdD|d!X6_V-QsTcL;&J^o@oNzR8BQ zhLv(A(ZG&QO0RtSS^q4@xBg23Lh;bfWjJF_KJ;N1LF1IY3!Cb(PjbA*3`Zh3tM!wy5A3W%q z`p%7?GrW^$E&De+#56)iCI|tUP&QhMdcU@w_5I!FeZYh^Ri2KSQJtC6YN0Af6MQ&( zF;qKip%AbJE?33gi_==vIYvF4Z)6#>`Ok7rx$lYQ;B*lj*kd9!{R&w+u@IB7^mF;; zsJ>^Cif-nbgxk2))Z`R6;~m7$h?Z<1-OQ|VWsZtFBc?J*eXd%esF1A|IxZDCqj_-j|&G9WxU3HR)m(|V0H zR2oi{NGAG#3`G>h1nqi*-+SCUvG@*))uu2>LNnh*M!=S#hv#pY(fGauyIK+ZKXOqC zka>cXA@gTRrWu zoAJwtuB|WHl^gLFOt0#O?76GJMfCN57g62Esf)>bUzC)l@hj0z5}%F%4cQT*K&iD8JKPh zEuPlS`n(4|sU9aHIa5qIwite8dDcW9&yL}i96igAb-PGhn!^7^IPtZ zvtO)^@6HVbX=@6d)pZx_a5vyJxfK4-*&TNY;=pB^a>Cljp+?Lb6_+wnsufwpCY+VZ zpIkER33p=$5KW;5qujMXFwwK;u0Z?z{9ySB%YmE~Qh;V{a3p#^p?Cxu4*mDfJ?cND zm45HAX1h%>YiI|9c4D$mi$BeuMcxS@;SpGrx>YtI*8t%M2~XWkKl)@}X|`b@!#o0f zWo@6<6^~ zhpY=qj5z3di{p$iT!O~w{x=(o1Z$T)goj0rw7zGPfZe3d(ibQ9k5Z9SRJKBiAXo;I zW;)+to>@G23d)*gYPS$_1$q7!CQe??MCpM%BdnfO>C$L-uTjuJ2wn+pm3zk;XBq?} z8X>wkJlS{6{Dp%)9DO&hZd>-wGAC z+2h@O$yj4i;Oo611~Ix*l@zv~)B|aL5uh}2##N6upZ^``E90K}68t_8?Ddpjq1V*+ zihzPba&q}m{gJ$Y4>ZJe`9KP37_frPrOxksJ>Bu{ zRXKjYTrMqIR>OX}SV#JGSe7mF2D8wks>$UGFi7I86#%!PC6S2(f_q{W7`xge+R6bW zuT*U^s58BjLk%LQzl|w@*H^gD!@xZOoVkN(DRjMYm-Ztp)#KkBPMfi6Z)q7Bp_*YN zr9Xkcf(meC>mTrKE(tSBvc{F&(oT#JRX}ww?iL^O4>I&mih_<}$Zhb2e@G@$Gz#3G z6qq&379oA4JS{&q!8P%ixmA@fO}$%+F|RiK=pTpQ^TEFTnpna3?-6(!4K^tP&HSUL zC}vjQ(6sy>+e<{1CrwnTR!xe$S|pLKk()}i^3wb8 zSK37cat>%QyT_rdz;0f0lU%Tozm5L3m_)K()*Re}Avf~+d(?I>4y?cnB!O-v<1RB3 zh;N*XLM;OWDfk-L_*Cx&baYR88If;OsKj?IL~8q(MKX~jf_Nbe!CEZx7|+~VIC?l; zGy~)j%jbAH8st4$#CM)93U~cb%O7KH?GG=*2E{0FieR~VAvR`4rjVL?2IlFynVx&4 zySe|%0`TVNVV%C?jQ%@b!6`rD0lx(uATKqpn-EPi$P>M8K4ba7Y@2&oG7t*>Br_`4 z8$iRTf(B6RsCMKIA(&6YoQwzj1?zo((cdUi(J<{78hATC!tOG|JtsVKyV?2$uOT8~ zG^o=X5O!0A-}t4=t@J;~DU7R80Mjchs=8DS>HmKSP@r9~HD{W#3*vE?_1rJy;)s+u zBw2CM=a{BuH6-e!b;UUvl8I2|6tDY|a8*gRYNi@9*MVSZa_xO^l9B;z4jG8NhkqhfFo;p!iB zF$U+Q6bL7oez-6O+6~xHHgN57EKQ*8e(Gn9q#_fThRwL$Rudf3*EiEt()6RBgvHkw zqhQDn>P$D}oBJv!r_CIWYt(*a5bVNbAm9jGgl+wiIm2sO`OH#=cF|;Gc!7F2Cl!KK-dE%;LqCFpBIwA`OZ2@&u9V)#pCl~$ryxV+}#FtGXIR8DR|$|whe zi;O7o#EW@Z(j!?EYsVs4B)Hf>5tx)-wv|;btjdq9V}Z+znhR4|w)*$3+IK)~M3&Q9l$1x-pKo^JNYd&KLa7Bc3u*eurR6xx8X< zXgcNGP51*pkxU+e%f`;h#cHh=6svr&x7!Pqn`xf&C49l~e=}^W3Sq{mX4SHA!!yP> z#KbrRz?hA{OG~NZ}ya^h$dnAkYVoQ-p zX?f0c2?gBsPSe6paCHe*_+br9p2Tg_Z=rtM_OI=oF`M*Mu0@QmhY!iRi?sa7;Mqv< zw*e;@V#!s>BKL7;rv1f*QPy~4upypgw&>FKP2BXGKn|6SL*`_v9R%i=m7W*j zGL5pU8l&)41#LVuVfXjRTMfj#A#V*Dx=x&W;X4;av)^qblxtGlV9V#KdqJqOSd@_d z?&i_BMPHgLKDpXJ7KGnh>9%W7*07GpO!U=wIWJGF8A9?Trgi&AhdI*Ym$WkprDXr$ zk{XMDj(+@~o={r}Xaer%xCDfBqK1mNwST_riZSqIHSEkqz7+3T#tQ>t@SD{NeYDmd z6(MVZv8DsfA|7}K_OysOXQBWh;2D@d7$}fzzM_b6MT1ML^D0pLoq6{SwVuFY2BZ((EOBk%LNEoOj-G$<}DY!7O! zH|VulgW@|Moyx#E^Fzx|KPGhdv%5H~nz&JNt-e*{eg?kVMH+?0U^iJPXoIc0U60!{ zcC8v!bJ^0>3%Eou2vB;UrW1zo2M5}(cKVqKU+8A#dFFIZxP71GLf{A8!jkbAu!rov zJN;f+$ss0zksb+wg>+0sI+J9EjYE3>?5uphq49j#Svo#1Na3qmzQ#sF0^n0vy@+4B z=I1AtDGUGnixP@M9*}P8S?}c=#w&ILX4tkss&6Ku7t2yKg2hgu7bJw6{XEC1D zm$N`nE$~B_{)_F+{?bTO5JLproyC9d__OtMkKf-6CKM#S&d{})YGIv(wOt}Y5=zDI z_9L7FX?3!TwzastC>TC&Da6K~Dm<)%E`er2O(-MMBb$p#s4toYIQA4JGD9qZy?$BN zG<=IGz_Vx`1uwMGx%NR;Ii_$?Q1@0&!(ag*3w~6}df(ja9T*1OMhF$jGp=$_nj5Kx ztCNrSxt*dJnHSqVf-gksF3UR;zMTPTs^%+#8dY%IbZ(SHyOtt?n1gw}k=3U*qv(FJ za$wf!Py6#vDcfjRr_F;46e6kv8L&$eAE%0eUy0u@iWp?eERv^(1~FYRvtHY7K|~KY zvg<0hs5$I5^BZU-gQkRk&ekA6_);_cKm&j5Py>M4jiv(F7NO174mP$!)gWrcd>6P) z1zdGAkZ|DYbRn-A!#|{+R|>K466%MQq~AH4!ju}1jAYBn@D3h;5G+YfiM&^RAZJql z8#s_Ccy3BAVxuO6`OB+g6ud+FsYo6}w~PA*EYpZ`PyB&lMQQa}#A>Hjpd}Ito%mG( zm8rHoY2az#zQ;l7mH12E*F@qSn-3Az@AmitA&(54q~Q|-K3n#~*AFUQgw42o9+Z$h zo$O*=&tr0G*sa+=x+jL%ny8P%kZ}AC+cNw@SHTMCP|4Occ*uo1ZR|5>@32_wDNO&p z=YwBm%Y1sNaigHANOXdWk~8oP{5B|`(@Fd!Vm9b&R!-r*biA*u?yxkY*^Q=p>RQzc z^I?QeBUo0^08-(=c_2!hK69W6r=kwvBcOI!smHYXn;aLRP0e@-gt>8-q0?`LDa7=O zWXm1|$^*m_t%)fa`|34U>`dBQ!@+f}Tlaqo0Bg&_NaPhDA>LuBX76(PzH zxF_#-fjXL3JU-7Sf;qGkv?x3bS`qGe$r$>BN_u&i+1cL09`Ud z?{@-7Z*ap_pMUJ-!^bPUrJ~}f^J;P`AL+K3WSZbCN~QoX+x&$&@RdFeJKX1O8uu-( zF9k2Os2gLuzW&)qf-aY!erR5#Y;dDj(?yp|mN+c#%|IKF_+!9K)}Nj~mfCK=i9%xz z1QaZjfKbOE*U&=_uz)5|gG9Qflq>3^(Pe{9vb?kTA+j^DIRMn0sV5WKIzZln2p<=! zL#1=(*S3!SyG&2lGDAadR>cUI1Y4`IWA!=Rq>J>=`K>Y!bV$6nqVlC*@fMMpc-u~2)O}ZnyRbrGHDQOiZB6v z_FfS`cxLl?Edzf^Aoi_^1E_}F5$Epz=A0`Q04sPQM$#^Q8DS~*R*0kOwV@w!@U#my z6fQv5s6i^aFq7vc9@f*<)&|&=vg1Jch((ok;y^j>ykc!ifHNX53^6Rt>+aw%P~b2# z8;mowHtxAO|76q|b5xPeBY}wTK#Mfie65M0;6vwC~x!{NPD{L1;&i)qT zJr`exM6)-{<`JQ!!4|-Q>4zaJd%fiB$bh<4*l?P*GIzQ?`|MVnj2W&Mfh}3w+bE=+yKSJ(tL2Cq@2~;$3UGDB_D8_!c@@hUA zb@ZQHs*b)L{sq5bx&R#y0oftbPvkeUl2I3_b06s)wh~jkUN_Y}(=-?8G^$`7PRy!v zt|T;63Wh(fm`XFd+etQUkv06ASW$Gy#6m=^V<*oY-2zzOQxE!u*7mKFYmE2GP13)a zJ(Nn=yHR~;zf3rn?&L12>0CqWLi`xsbSdn-Y9IVSytfB#;{}mIzZr;g3QWX!*qc`t zCEISrd!Rb-h$u|QlAX=h1H7?`l&@&VFOYaVE&lxJr5sBSJMaTi<9}^4jvCMH$n$>H zof5bEoprj|lH$&kk#d9kZwetGBE=z$B^0u^_&A<23Q1csvYzGSfvC^7o@EgH;b8S zxQEnL5zsdry)fAS&IsiHlP0L9K}2amM{$E>?lY=+J=)f3>%AJ&=I$U{I+n{X+$Z8b zMFe?)SA4C@`pbf&u7mmpkxCi*p8`TItOxg>$~?D=;Pzj0JC@B8A%pv@9X5k!Ot{NL z4z4x#dao^rsyYpHfjZNxM@@H@_~oqz>R+vyO@9w~?<>Gn5%SQf-2$Jto|z4MI=#=S zU~n!s4#i-VrB}|p5dECKK`&x&hBjaJB}nw@X60S8U%)M6Nc5V7l#k@#)TyoPaH=@J z9})?E81%Y8ddQGHUvGtyLFPdm77v)sY0f8Fy_p zn!6pDC^J1C{9ZRGZp+|Yc%AqpNW}Hls=_kT$H0zc5;B@H9R7G#^cSov-G>R3ndG?K z+WouX1$rZ!2mA?+6KQ#GAW$n2R1*sBgwJL5HjI?wPt+{vtn2 zkV!XvJ)8pU6y%g_(vSQ0ulO@Oq+B3hD>y*m_*;NcAUAojE3H4F8I|9E-ErW_IA676N3mBFQUi2F!Xns(ASID95mb&NMm% zt!hG{oYP@*;L+*@v=d?*FzNOPj0J^TRmxWntqy#N?Co*|>c6rat8>M7-vi29r?jhq~=-kdmfYWwpV7(EXWY&6jFl{y#)3<@Y# zrxaS)@+7e)BWI5kMB1ZMh*X#PRUeGmbE*CBN90!PhT6^9p;PCytssc}yRXZDqdH-Y zAazFj8T7pjpLqj$h}!m4x&2f%LEO8es^Y3fCNKkij-Tqc= zTKM@90XZ%K>B*(mF(X6SX?-E5y(XGc8w)|)h5eCCladNm;k$jvF`34tRUnghMCw)mM>y8d%6M~aISQL92b&R zcd8q*mx{&DaY*e?1%r`v$b;c@$olW3U3*tyPXy_nxz_3C*GK2nA4z3QEQ_$mTp|-% z+wD%ajEgM8%b%Qqqj@^0Q)ZD>D6)-D7k6^8;`H?X>2`I0v{#=N@wlf4oh|e3($g-u z-Z3pPI6pah1G|3Rm#g|h^V|z>3#A{vd%T6Lf?x8_bj$r&{_0u(UhZ4QVozCMI`eA0 zH9+B)yd+L={8qxSgWmov`J7xWFd`rw{TRbFy1;D{VST}YYJ6u2Ee{+X0gVBq3n zu-^v~16F!4%xJLw#KQahwp=4Q8oHYWWI`42xIazf!iE1io<$ClvE6S=E*VkcAxMG9 zyuc820tq)#Z`kSaaO+fbYAQ6sC^i>)QG4M)Qbk2bIWAsW1!;zg2LDZmgai&lU;NAm zFESZh)7QWj;!g%P~|2pj#_Sa5JS;U z_BOf%oAkxN{YSmp2!moeNh$T48kPc+OUdM;bV16;o5qU5G;>g+y#dYLUz?hxOv7lX z^K_Cok-Gf0Bg9ysjK@fxT<-0?CvEq^8bLi`<@sNN>ms;;^F9yWA#Uo%!Gm%KZ?~dXmgRmNmytC2i z=pqY9p`ah7NOpXv~QNDG+B zoA>3&f()@SMXUi5LY!h;Ed!HM6=}ujT)YqfO)PSjrQI@_yQ7n(|99(>Am6m)099zk zBwGY!cS2jhG^vD#Uf5`1=$iFZCFqMrsA}?rgp^EjIWqaIz4X-8L*wze+kJ%p5w*g@ zNV0?7mc zDkRl>K;P2h&(y&G$TpRCjokreKB*JB=&wiid4#80xW~&5j!CUquM>QW`9ZWmUJw&Q zUZlLSO;%T9rIqtiv>a#|3wP!>ybjY!_LQlBQF#5Iut;@d`Zlb%*z>~SJDaCLt_HCf z)7PwF3dmNfyyILV63{jAgTpK9Uy?13)fNr{bF#}sR9?E=8jt$Rp7vEh-8*1!_izwG z?1?9m>syKEDf4K{C+#(HuBAS0Ie)&XiMju6@_w<3wo!QxNHBRh2S$~QAqEH?XvYbWj$a=FHdixUmb%Fg#!Kd=w15h^he zg%d&)s~T=j%Yz*tClA~F&(MY-18Fi2x%>TQ_>F&rd9&n;YHYAqr2PLD;E@J8ATUXb(g;`L&4D0(|9m^5m@pu!-Z&o$vXV=%brCaya# z_KgKC27U974h?}Tn{fKf?yw`JQ?0M}s$5M*aM7iwhLMqFopRk@2q@);iKgVf!44eK zoD|-uoha(w(vX2dh;?TF+Wlo=ia;&vU81I0(GBgXFx>6?!zw3jxXjLSOctxKuG?6Dt$IZ?+TEzPseDnUu{RQf^q)3Z`32}1cc0zWeEZMmh_1S4(+-9NUM%GIED5RwwGT zt0~V{&UJk^a|mhPkT9l`4HtHZ#)}h}!;{O6jt0YSsMcyLg2lVnYIWeCy%&4dkT2jt z3qO_ldC77%uh;Lj`RaToPgm$$nzZQw0j^fi`}VFZl=enLn@Nu=@NTIJ=->xNC-MqU z6jlxuhQXi4W-tX8oXO_AwX*H*kH)@%_7*5d2&k5aU;Kde7*qEWAo*!6!c#3wj_U0k z*jpEO8Ln@mkpWL%#dVifE8C~llyTyVP!fY!EDhNi1p4@3S6Sg&@n;Nl9<#xh^^{2U zJvC&nz3K4$-(rt#4fL*cbA<#_dt9bqMt=vD!aX4!63A;>m&qVZvg6 z-9<;dlE@Mg$LS@P-Pve9#KG5jcB5~@@w7~1Ib#)sIR zD9Zc{Uq!o4?aK~)WVfGXDY&XnkeKtAIz7`Y9wffg0xg**E z-fZ6@w+vncRWC1ye;Mzx{@`K%!J!u+iT|g4dY8+CVt_hNfT`4G%6;>kUVMEECBYLR zf-_l@=1-C9M&syJlhzrXtPw^ql(}QWZ7s_Lg5K$6Jn9bC_DJl(Oo7a|amQG8K=+=S z_d5fih!G6>yGJ0}#v=Ems5CsPQX@YTz;ZRROg#GYwo|*NT}@QJSFndc zQJ*fYWM(Ir5{j)OEinMF^4f~P5YA4))pq#d6b@aSmd42jN=tvmVf=V_vlqwd#)=24 zc;y_jBXe9xQK5fB{vLNJUY@=dM(_qj;FJX7=vh^8=Y#Is-M}d}!E!bkm{%i~067+d z8J|(5l=};>juHg$x5CTnkwgwCZwofKET_DBGxcU7`RCA@l;i@tR6gLV`3KWOlqlKg zqd)CV&Y0hi)7HZ(wh)Ow9>Fu<`nzCPLNW2)_)&SCw|{1I>$Et7oTr1$vgdn0_8g>2 zTh&Kg$rrOCF~;EJ(G~@|jAr+=#jkn0%N74EyBj4*g@X&VMte{B_~Yk6M( zx0^D?V35+_LxX;|OsRXnURlg45tm$k?%{yCTc_oGi>m}INJr@fy3}1#-nN1B5I&6N z&k~r?d)tTEcR&(>K8>5T&!3-P*=O61HoW1IIAa<pE}1BjcXx!<#tFshh1kUrbbV)6R^{+=wLLoTT1 zJBi2j=ilq$JxX*#hL4?+?X5|Y3t*+|hD1iS`h5j#Alk!F4c;S%(<4#D@30G(amcb@ z+@FGk)jzV}5&tEXiw;||paPQma5(OZ8(pn7EN2a-XJ>y5*y-XC_EvoG3Xe_B2L)GV}x@kMxw#dNfNfyf65uot4 zTE+eBqHoJ5m84>;V%xTD z+qP|0Dz{df24esAnA_v0OBoPGA%bFKNCXGYE*VNDgHrIa*9HB_Nw zX|>6KCt4tCFS`2U^riryU<6dVsS(G55C|d#7rq+LqNovhRuP$UukpwAk9gGeyE6vp z9pwTpmmbChvSu5VZQNSsO_DPZK31RBQgPaf@WA^-iF_@%5M9>;M~=wUHCG{Af_&=MgK8EklrBXr z{n>=p#z-nOjbcScQ>^8}O@pGTAE&=;@E3^Pt{I2-I#~VqhBL$SC>gvf@u*O)y-TybSw4^ULSeI0LoOVH z?r-`;RBu0EKF-3Ov&;rnYu%CAi<|QZq=Wo1Tk@$X^%24g7AJwFc+X!YC9~I_zy1Bz z)rCrZuRBwvzkcCg;`JU2Mrf;`bgO2U*J`o?$~xaO7xAJ`^*{8u!7u3cWy!7sL%#2#ieGu?t#KIj=Rb@SaQ)SJq z+8em9=Vs{{jZwEx>Mg6y9}b~eaB0>!_f|oUrbe6<<>)|SL zXQp(D+kL9g77>8a-b0OJ zuI(9JB)92YzWXHio$u?{d(2c9!FF$69#_h`fCf=91A+})F7u{lz%F4dq>Bjtq z3$kjzagv&)i7$9B)bxp7$qfdhU)#tsnufInXkZGb0ZUUTDZ4KIC!dSy)0th6K&TzU zmVZ0T!~?gl+{;(`*N2feNau2HI|)Hu?AHG|Jnul`lLi`mvW)xD&2->oWxMZ9bI1;R zBp%*3?8jW0&pxsHzqLh}KH#g5u5?!T8>(Pk-yr#|e3u3YjrFa(6hl;0)dWfZFwpkh z=y#_3hMCF1q9(ex`+ZVAye43KLV!J``h|uyR=c17Ad`uNva* zkNqJQ4n8^#J}$j!yYCeWbjQcluvZCPJdf$mzHyVH&OwQ$O0F)!pD&R)hLdYm8yig4 z!AgPab&b;l1vECr-s(ku+C&_`4u9IO?W}Ga;VY&O|M|Mz^OsOKUuMrX1-;yLzY8N? z4d7w!_;_ih3_UDaL8c8eLsT`0+4&le4AV_c2cErydq`%xy?5 z&UT~a&^=6!9Ja^X>6|RntiFZM2NC!#^{JTYeZIwqYox9bBJsWIjc5?`sD!G@bfVze zS}b0e6lCyEGSn=SxSKfttVKc=&qGTNm*-vXVWZlNcc*I6TdBlFjGGZd*d|{f4A?7Q z0D15qtE0FZ|GVeKoiweBpDtg5h!|n%z2A@Pu*87p*~ZQH`WBY0ckMp6fH7E!-Z>IS z-~(wzjS;pBJV$SGx%gI=6%UFf{-VgX- zkXE$LZka<{uG9N`JFm;On=~Lawbtol{|$Q1>-T1BZEbCCE{-JxsMT$wB{2v4z!>ja z-2ieh1eSyDB+XWjQlCK`CI53)f|IGAki*8|WS+6Q{Io%yT;I0*Y>1rk5 z1e8iYBCnHd3>PN_9oDvUZ`)B?3yg3?C^aYC(_7gJgPk%r6S(88egOytK+nnwTqPh@areA#l z0>Ab*8;8UDDzN`wprB?@)<{REh!YcI&}B4hgEvR@(}A&eQ@9APrS@etFlA_iHTH(d z7&5t~7}Y7H(>^ih8D~B^z61^b&bt4dYDAKzd`(cwtF=t$hxMcI{Cv+zhLJnE4$cD8 z71h`Jj{+oX<`Y^yx!wEqJ>T~2(|^Mwm2_Cg(|K%#yp9lP;fp1lkIfV2=`;DUFn|1` zEH7mY%2ToVu^m~ut3G(y?|pu25VW-=Ro`_A<;sjyNqc=Nm@PaEayzEklM?K8l^wY} z7u>n92yif0+*yDHurr4tT}BB|`R5SH%5K%I7VH}6M60J}qu#NyuVJmh!RdB-Zr!Bf zC1R3{sE-xw7ND7%=gN86n5+88uW(2JI`%pRyq{zO;0ZRzh)z`QH%mJ{E4KTB`WnlI z7389wTh>(1OCdWdX&-3o;3~cMIU0|7pYDFlx_VGikk+&{yz`L09Xd;%(s-tlnKDpd zvfmckTCpnz?@Z-u9f%ZK7+msM^6Ni|8+l~)jYNMvpXbFH_$}Vy*FCvyoK6!^dJL6ZdvSk#ii0HYK?~j^UFHddtoIFw0-B}R$A{1J`{1pOhjRFW7fX;P*$jWDP zK=`oY`*bBkCBI*kzbWKUP)qzzMZeTr$e(XJ>YsR2V5cXjCfYMg?os{R`22sw#U-l8 z@HR^TgCT=!PHS1TkY&%AZF`dR?#E$7+PqB}53KK4Lssf*~`#|pr%Ht0xFcV z16c@K%4gZP36izg-XwUoMA1Z!HoJ-H`m-`=tHfFdDCW4%W@Gh8J4r+CZRs&~ZpSnY z$dsNoTAR9d4slrA5j@KpRx?PzL3VeT(M2PP5HNGAocIz^8!*2@QLZFLRVjk}kzm}) z#N61wDa;cOW98HGZn8l}k5=Ip-Hy(Lj^NR{!J&&^a7V8KhgANmpE{2YDPgTA+iUvl zaoZ|>C(?yJo6e{D&g6p?cV0(&5A!;~cHXng+lYBEc`E`lhz%M3Vu2DC=B0G=;ajAj z{ZLbWq z>xwt>xo-0mEAZ{|es!D&Jg}oCp$=hMXJ^k`*@ha_4b5?OoO*0Y^mK;4kax_rXj3H* zr|vEf430lu<-o9hZcdi?o_yIt+Wa^epwD9u-FTwN{reGvE?C>=`4|bvOsi$~MA>Vc zim*fVI+ua|DImk`6=0LBKnt>HF1qxh8LD|`m_p92Nl-P$3IIPd-WqNA_b?0`qQAP` zsQJUKUv)pAhJWT=NKf>3Jm+yjW%vYOk8zVr?vj3f|MRTo&(HK)z*8Q{j2jUtpM!_J ze-g7jp9!TuTl_iWsz?Mq8xq=#6{{BZ)6*gy7Y7RuA0U-TZu%aS z!ozE-izKfeHM!1X`C%hWT1@iuXzh2vK2x>x`h@NsSN`MS9AJ)G%Z>=4z&Sa>4E%o3|DV*PDy&-E0PFAoCQ}~Rj+5^ zo=_c-Okf2Zw4ZEM%`Zrxk~hVFgoIGOU^@l0^Mf}+P04LOo-cEz&d+n}0S3!MQZDcE z^72$1f7V1f3Yon0=~cN1zoyEVo_%}}2O_w?Qn#o572=&JfPgC(^x89}5g2NB+W(2& zAn^Rt@u_bBGEivlI!p{3H&TUsIu{EE>xdzyidPIucWNUWno`23U?xGcG9)^x%D2v- z>&SCDs6sg_JG;|=za5E!RynJNu2EyFL)O{~6~FhN7oNVZc5Y4_<-q=KOJ%+eAoU3< zYoTrVt0mT8R4^rsn?I&DKURX#sOQO|+8}-T7{2i@!`t!^ObYrhT84)w`U(jX8>$9! zTmF+*;C&=F9`1?Kt`kabY!&%?718uovD^fM^r^7?DQYKfTvbSzuo>Ze5Vw#$-5zCsx?WkrsllGD)wa`K{-5 zfQJknXr~l2#fh999dYT#Kp*kpLn1$-qqoRl;3c*b-5>XbZMPh}2UM^$y#p=PEPT^3 zT>9oC9qr!KVGdbm9zA1G^q)uG(+f{o@3YW|^=}`mup-PNCWNQ=Vf!X*{-5Ffp28@*G*~M1Uj#IfOyRl#427~E-%VOl}hpDp!Qg+xst}(>7OF}yI)BW z=!$$$UBTuq#wu_EA^|j>(n1o{vBK|anBhNkCcg&hzxxV;8ZF3wdMo@rN8;vY2edG~ zJmMzh9V-74&*!izr>Q(C6czIEK6*e{u z$nIB;-n#ff2vZHAjD5thxv)Q&54;2rg14WYAJ( zH(E^V_V|C!l|%`mV-OMyJw|DE0))<1HXQPeg<;W-hN3Y4Gq*ZQi3^ubMc(_j_mH&u z`0h|I;E{&VD?aE0J+5As#+(vT6ls2DaC| zUv3I;6IhwJybkYDl9CL`p!4*^I)n4);1)0qHb8iPlqljUXXWYmJw2?3KqBS|1Wc{t zN+-i6LQiQLiL6CI(~~Hscr8pY)B;VT&rj))uJKEIKL~!>u-75NKa6lmhXC-_XHcK) zlIWz!ItSaLGX za*^JKdY-FxGhSsTW&9Uu|Ge&_<}Ic=J->{ttZo&yzo4Zft{u6@gJmfaoC}G;sq-pY zuQ#Y{{4ty^G#%TY1m^@L9C_`dLKk>3J5OcC#aQN@&e+|Cwaoua_-KLd)tD}p0lCBT z_IF~5QC}!}jCsAqAH|`0ycyD)5@Z>>5y5Vlk-wu0-58|9`l(Jw);|`yN#X#-ON064 z8v~OUy@m<~-*bSEy9YRYdHET?O|<7H2Xo}}4!zA0bvWQ1*typBk`Ak&a7!3yz%=oq z)$r$gxRs%ppQDaY`Eph8r>@AMM)P}DK|T5;D2|J$CLykY$)FsRE$IpX5HLfOP(DE3 z{FBrz+pL*a+(;9$4dYYWX`7^|5lpD5u(81>4J5kY=wpSMmK*goKOoam{}uEmq7k}VZm&0U6LJf4o6BK zSzR(=(4c#VDoKe#dS!ED4~EW-L!2abrwp@@D*9rZDx1tfYUDMPu4i376kk9z`dV-T zxn#ydnP?ap!!tHJrL>}(Au|{MaI6PX(I%NW3v)H5iqT*Lxqis?+9DHpG`}Tcp8Wa8 zf!TXH>>%Y&IZE}|ew#NUtAmqJ4T|d0*6TdEIG}O`$97vA^D;i~j71)WF=S7pZabc1 zf)&8SN>CM4KBIA7|5%m@n@h2NpDRm$&0W`3ac|-s2W)BTNW|$K?lz`{!RI)ogiTA~ zYr5*DHqjN=3V_{RGtBb4}GTn$t=PcqbDp5Z4(fM@lJSQNC*xljnzcN@=~Gk!5fR!d!_jxoCj`7#>p5jY3HE>djX2b4ic__KC6r#v9t( zf)~*j-N((qZdh@;4MsR~6s8)ZJY-uqruo&9F}B&w^iaUz{ToMY$@)vyimjMh^Yue7Pj$+#H4 zPQQ1A7~&q#Sf1>l@}^`9{$soQ!!!dP&Rptu0)fb?j*>``K?yI^J)Du&;+cyIiIp9Z)1r8%O4VY1E*_+ed z!I*+T4jvX3J~l3R5C}MGZEK$2Qz-o}SWsP>f=n>bRw7D1Po#Qn^rg_~l*EM=c@da3 zTicU{bl;EoOq~~Ar(jFF^RtVqXr{vvaAyzYk@nfm*?Z?zt%rck$wFTN78Y{ui~h7w z{!soHTcwwRn*nxzNfuQT{eRX@jd$>AI9KW2z_`o`4Dz8r!QH@_;&sA~3rjQDviPVDqK5xkZ}2WyW;9|5T-Z9h4d9wP_yTJDSufo6f#Ez2bLyl4Z@Q zg+rxmj5xhG9GB7|pU4ss5$P0*%j2{+R}zwDoVUH z7*VA`6IFJs50~xk8ZoDXd#E^!Y<7609IoeVKfn+Ike>V>iWE3qV`KPk3LWpn1t9{3 z`DVby@bUSbo-S4|)}@EvFB+$tVWnz5UPkg_qoYYlMWk^F0_3AfY2N;mZ8P@C-}iT!8|@CitEM&k@9;a7On|VXCGF0`$_PhB z)$N)7yZz>wilD}7G=--dletZkx+6#UOr4X1T-hJO^InQ7&r0cJUNB7Vsa*L#`x>1^ z()Z+J1_-84pqH<52&t?K)N=6}&aR{U6?Yy=q6N4n)hw8n&tyG9dt+5Lv1p&Mppe6M zf$_txsAthTX-p!I;R1dg7FII+pC6n^WzV%`mSB|7L!}E%QgV$c?8z)BAWjZfj#HH_ zDKSh^uUkzs)>j`qrlo>O8rgg+c?)kD&)l1U?u#IyN32=b++3ZE*1z#zNWRlvCDc`(wUL$(n;ds#?g^ zZe+F^T9zAHhbdecG%df>pUdytKknNPT^gIU&uL4~DPvtP0Hyv({Lq$&3*8#*@`QOS z*P{Q3w{}b;t|4yu)DT)^gqQT!B(I^in{O_=oucCMJ%UuoFdomihLdS3(|}-ArT3!F zA^jVNp04MUT@nT{`izbt{8%USapo*$ekj;`qJAf)2Q>J``*PzghT4)Xext|hjqZIi zZVv8B`#TPJ2l+z06oCId@#hG}4==q!Qv!ET4gm3IIQub3mmh7Oz>Pc>93c5r3u z*KiCD@4e@sF^bbCj)b9^S?D<(cxhQFT$4ohLRc)K7J;Yf!+qINRb96b7D|N&>T(cC zCp8fLNem^)+WuN`=mLuUEbRvgdAOJu5wI7m3qBbc;1;Hf{Y}B8O7OUbN$#|XqNq5> z0O8yveh}x#U2o%iRzLFaP|fppqp*1RL5b`|=3dRl;e_{PUp&hCZSNK*NY`nHeuTas zW|!MCbN}XPv*o#LUDVcsKifU;o1DeTdp~|YB~kM6C98a*axyO&)Q|X|eN6wbDwQ;x zjqN9l?JNfVscFvEid67X)4V#rVq0NWk%XajZbQ{>Il+Tr;&y3Vdm*1$C`CHTz?%I_ z@E76u>Z~bSeLMCY#pwjG2~*B5!Ni5~$fkUy(xT0VQS0eMLDr9o3aP~0B}v!h@*P(< z57d>yX!P^7%6nL-swIzmK0QCbt}o+vztqulOEatAh9c!H{A^S*V8X!rJup$Z(|GY(i&L|Qe z|HQ78Y$<6j33c3=M-6l3GRZF?TPj07b|KjyzVBywF1>NFQ=MlP zK&4pt!M1Jou4*tHR+gw*B?|BVHWJxXq6WUCnX&hcHpIWtk)?r-Ik&q=vn0Z+-yC~Y z7s@&Kg842?Qne)E;u7anpirQ2o3)&HIBuG_fx7w#M^l?di^dZfp98I#;7#zVa=v^q3QQ5_HkMAM# zd7b*N>(AKcaSS=ZvA=5({otG%2_ z8R;OmHS9Kjt6oK2ZV&c`gJi#oB=GVAp4#ewJ`9aJiFC1u;$g{k!QwIL;4_I?{cJ_HB#V$TR>P%7U4>?ove?U!REZ}8_=;6xW zXPO<>GJUlB_2_7SBn}Iz&HL+!Bk$hm@M^eia^eT%RxLrm2QnrHhBU|!0;VPM6yNs7 z=nB8zlPu?O?Nx5*VG0CASXdN}%$fOlklhopTm};z`GjnMk?BL+4N+lzLnA%C50sSn zh+~0X6P8IXMCxE`JN*wEa3~8Yvm7}P_Z}-)m?O4Bk|V`Q-z;9OR^w)$PecmLniYxV z48_J*F0raf9_1}h3b@Du4pPtbl;wY2x8z&!y@U3*Z~xrwm|XIIr6LmWnV0Z$@lJ3~ zDo*;X@${=+o4r2FE07@tjcuHt#@yvnpF+qoMr0#T3BW79SO$yaigqO=QDBYnY3pj6 z3R{Fs|G7~R_yjNe(eGmKZjTY#eE2E7@+X<{a_GT{P$yVqYuvMRY2T*Et%1NkjKadB zE;?_yZe*&;+^GFQ8N`=Hdk}*+bMc#hV|8Np} zS?nZLT1N8xoE7ylJ34-6=IeV^Or?uic(Fg-IP9#4X9KARWq^2#fj~GTLb!wZmlg54 zsr?$Xe5ap}PwW!zRmG$pb7cNdSL5=4=nEzN3=0ACzZZfq=pK?1wL14MbUQy!4<*1V zz=5Mx4&P_f=Ca_RiOqP78{mRaZ520epC6>1p4Z_r@~3>Hg)X5ZyxHCK^TI-a$IE)~ zEIO*d3>#4i2QQ*~P@q36f*J7fVUZdM&`mQ#g34;LpXRT|uoaRqsQy5H_-x=2zg?TboL5&2(d%S1v%>Z4=a zXhTF_uI$JA5c#6P%M?PGT{)&-Oyk?PdcYz^h;YO;1>kM zp2nT;6rV7-e~Imft_wLid2_#8U}TaFf{6JOd;TC=%UOTuef10BjN#o&0mvb++YiS- zt;9K#6d5CtSM|%KAyGR_pC3gHfkD$rhpT2Twc)L*A*r&d_DvWrTaWj0}hE|j>6y%jsssR^{M|Q&2PKAJiVkjzHT2HYj zYgEh!uALM#L%RJ~a^eb2Ak2}R5H(ds>`KeG-`C9SO+9LPG@g9>8R)M$I`R#J;I)X^ z560Lw>vNtfiN0>jkFuD~tsmQ+IAzHMN$UBPm3KN;j3i`}h+e}7vsp84q6`KnUi%7Ku3 zBtp(vs5NIhiZ?lkR-hmkhAN+2KKh|LeS`?*> z^ss52b{N-od!N&T3|;@_ad~gY-#_^KSl0wtaSw;hw=HK3%Yp?72Hl>!i%2TpMRB#L zY+Y+xmT^!fpCfM);^Lj6Fg~FY;_}{*A)mMx-Dpag;lU$6W1%G?#a6$h;1{|JM=s%MV4k|VLj@hn9c&humSgz@IJMw z2gUwp3sh4@sruM+5LZ7k#o=Gx8zc?EINwF{iJ*4QOXbYKk9@IUDJh{jCQlhgkw{`> zM$^E;5jFfPiMih!Knv*%KnxLC8vPVDkorQQpg7ssLTP3|$IZ&r2wZMhPDyk5eCR*< zbUtRPEF#S^|1H<8@xWzVX5QI;nLE}$< z2yv`Bao+n|?V14h<=N>2r??eVyE0B*muu+UD&}t3!_{ae(@){TDm}`} z)_C(W0l7yK4{+t88m3RV@WAzEIfOhe^O+E!d>0B!ist~bbWN*Gv>?Mn(j80 z;K*@*aF!{L2aDUB?oiW1H8%QU>%+8pzuuJ;1K{cuB?aUBQ}xw?y_2oehm(|F7N|yu zulKe^Xkb8d%Wh>VQI1re^EnrDKgxkrBW{ z-c^;$23)GT2!qapcU_^5mp-K;aLq`9-iK8TwkDID0k7WbNN3XP_N9mlw~qAi9rfZhoAG-v$aRU{@_}!%&zuz*&e==`z8kN2+VIn)9;eSWHNBf#NKk2A zAh+|p(_^pQ^)ykN&_!R$4q($m`6}=z+7+#KmD85&~Bdpa97jkRs zw57A1pNWqnL%1cp6(D$S3y2Nx0Qlle369g)$PXW!m$B@2VWX}o<<7zJQ4eV{&DM-0 z%aQWc0I0~9T-0q3+fCH`Cp|nqGd84H>%F=jw z_2L`*O%UL_DO3Eur6O+QHZn5unpU<<3hUXQ`GhKAS9I6nENC&Rp_xf&5j}@cVSc?i zLJ&}#-b#BNK}^%_iIqsoG;g_7-ToL5%y~*WdC+%iyVwbBjk!<5%b?qNGe$vB-++qN z^Rg$in{>U^#WOyeE_2>5tn*Hzdf39dnlMy2-8Aj*FcWhJycOW;8qPr6B~O=6e*mLK zP7GeF0wA<*Kz^Xa8C_+81y5s_L3Xrx)&d^7dbzW~Bu`tckiA)k7Wx}b@iz|l#PfZc zzeBd!;22t{b>aC9ra_BKQjTt*X|Y@^lBs(nkmN zgw9^r%f7eCBEzcbNP9)p6|6=ew@+{4QbTg)JmzZLUlCp$iM3^Q#_n;RflA~Lo7I=+ zr*@!$edrLPQFXAJM&tkOvfgv0-srp>bq#IFP#aj8@k=|p@v2R|56yWjDAOPI*`;l@ z2#vxJeePuxJlKV?c)`|0`=erVcd zh#q4esdqg~_Cv%gCMM5`E=q=tNw`}wqNT5G{?Vi--;NCNy!cDC zLPMq7vzaTZqW^cP5y|mqxJr%v*1s_b^}ma;u~VG`XRGsNCeN=8v8xY~7B>52YL(&+ z8~=F}ydW4_U7r*uj|5R&IY2#kRw?9gvd=8r zp?`l;iIisM!Y05>gKwfDQi|BW< zf&7t3!x}ZFq(;nI(M&_CmTJf^vY|W#;>gH!t;v|dNAmsRq;p1ME;y&r5aE5M5d4~5 zha%DtSXZE(lX;{$o;5*o6b zLC6c%yId=xetA(wTEdeH{00fsBegG}?ZxiPr@0h$bg&EI5{h+fu7NhMB+9Q#l>AGx z?(lU87~Njasa6FxI7CP^KH^`Ax^u|q4;ZNro|&`53a9X~) zO4M*3C`m3HJh#<5J)SKBg9Hwa&vO6F)>mak)YkPdTub$O9+9{ZSS-Pr>gc#LaCYd3 zOwmu&EA<_hr@?TrG~TkSkPnGOr^jZRHK`%+iICG+EB(5^$uwYrt z@(g4ZT>}3@2Kpk?`Wiwa@d(+*rtr7Qd6+(k+s-o?y8K9J>%EML2mE%^lRAAPZ4qf# z%FQ~gY@$GR0I8Cc`ET{+0IJSy>obbWB`y_a|B`o`-J;=LIs)81)``^A#iQ_&LC59Q z`nk`hVLP0qbu=xH>+uq&tFqOd2o!``9LX;~xE=GK+!u0o_t>WVB$yZyJm!ZQHx!_` z2!D@8#1NPHSz5;Hv~eK(_~12bs7_*!h?NdbqVMinOuoQn~9?G6*wRW3|Xle&Kjl>9*ci zJUIw%VpFC4>2$QaZ0+t$7#j3Z+k&WKg&lX#rm=l^5jU$1NnN;<{^g<%)cEePwkAeJ z$aXI?BV&;&j}1g<9oj_)m0)9WY?8 zV&##2y5()}y-70NVQY+%U#fuh{ddj4k#*=5^vdk1rngn*C zr(7=BiMl3Se*sQ!LFgPz=vtDPR`BRK#LW^G{*3o-(WT!~#x_+lu&^#p4Wctd389EC zy1~>lUbyF%d-ZF}jbgEKP2OEPe-x@4Zh&#)TcJq^Kc}BrLI5knT`yIv@wF2Sp#<0~ z1*15J?=zza67d8ruGezkl)w&0W}yQV{%Pn+YGCNUJLz(u{7FjvK=oi%EVvscZhaw( z`F2q(Wg=goK*Hu;3hU=SSIl($IY&_yX4z*Mo?en(>OSwswx=_fg$4yLrrF9ouIwccI)b}gk61Li)>#b zDqj2$5cB>+le8;!srU_}n4Q$u=2FD0^^gLZ+OG0IqHs!SRw;ZvHkmx^Zp*CNx@wj3 zCpk(a)&D+21(QCz=+pP^AtR&-sC3H&@i<;+hFZv52CuOWq?JbEaZgE{a8A-zUtDXX z-Rft0fbV=r?md{kotn09{j|%=n|%#OURju5t<~7I{@aQ;^6t0o@l?3;-`Y9@ZhCu0Sn_fdHFDT;MFQ=bHvRhUmK zV~Jn+_pUul$E&GreA9KRb`0R+^fco?yFz?6w3?})UK3E1PnV{P7}_Xg33cGXkIAgQ zO3j!^BwS*-`5q8#-JKZEu(NA>-C}2j4w;qF*FF!OT)Pk@7-f(5Q)uo7svaPQ_MYH$+9CX?H=jrE8==l)DiV zr-?ck{!4Xt^<+Zt?Z`OZkD6T~-^N4mw?>dPO9q*Ts2^NR7)iFTOD?_MCfFytxomxY z!F?d$8FtBWm8L!d#X5ZI5|q(EtDGA%yf#(sx8VGDpVbsbZE{GF98cV%c+($hd5)3} zlU0Cd0pZ_N5z^7)3MCo%cqq;Ix-=3B^%@24?|<9Y_2Zm^`+k4HqxaDC?Rvci@tUZg znCA&;XDR30*}$NOEYNA;Q13ly%v`9LSb9m*Y`IW^iN)!(+AKlsS8LXT^iYS1&~dC( zJnQY^5gzQ2FY-i-)9v2th2iIuWf9XlwXf2AS^HA$(T=<6QITJH*c99B4$^cP#CPNm zvrcN|i%iOg)f8Ga^8y92NIg`C-~3C-Q<@whw07w)%lh(@8I#ql>)IyUnO>7*w}4j& zaO3KTMET}A2PwKcuy55p`Z_sc$RTnsW(TYW&xhnUNlwLr1}$(NwqJgY}zf)G;92qwnibjymnV+v4$d0_gzj+vFw74J}Q)5tuI;29wwsvScIRUgR-?` zaLIR}{C(`91bd(1RW~BLVZ)y~p#(4jX#VAXI0j?_iYcKj6Dif51r93`kf}1MK7}C4 zVyd-hK(qKMSRqVvVo5R&i9L+aV*k}>pxwRSTEMi0t2{3^yG(3uN&-JL-t4&IL@AQ} z9JRfBCwb}tGu;`ta%4M@*XXbscuLuaW}dQ5ecvg3f*D(;V4TOtUvh+kB1nuAeJWl? zUY59h#tKR9Y0bL0mM_NVclOZR+YgkVsXQUTZVrIJ>8y0{8%B+DNnA?^e{6DY1HL7a zIA_NW;Jmf0Tr94D6K`9rV%i_89^@&|c`Sb&85WB)UsV-ORkKw;7G1rBF9V|7#^nDTU+Fo#sg4JmYo>l14? zG$TfBT`P7dA&SCm7-s8QEjxhYO5nc+>O_E;*>^_74{XT!6t?EIHJ&UTu~0Y-mBqB> z)P=(|7`ZF`oQ;DYZRz&EOYaBRks6_0`(%FzPqd&^MmYe;v5{rxebJWMQq5O}^~1_% zOy?EjjmTmvRmmq8g0#=RY)%7^Dwd*TGZzFe$vZ9R(3`BZV{#!e z%CK&B-B=%#+OBcza4v0jTLHUX_C{Xb_DTdK{pJI^r%d6eoWU36?M*1V$=plp2h$9- z`K8DyEFDN??KlS66J6F$V#Tj1Lx<=_w$c7R8kobo*MQcPdfm+(O8H4)FMq} zL;@Tl#~j(iJC`!jY=hcPJ}Gn!=5>X;zr1d~lDz(NdLm--RZ;uX!;OZ}*eb0YQKS($ z@G3`w{aHxwmgilLcT`L$1wh6POfEp;X88f|`!7s*qBxTpraWgv;vlr^=#-m7}1c{76pNHoj@^>ajA%*7L{Fa=tizz523Ytm0o{FxXMR7{2U`;Sfds zl@n~>i~;3Bd&?5ZB^5!iu5(>!pX+6DfQgp^s1lrTQW7243+36E5JwzZd~KyEFlsvE z{_rIN%3CQWA(GMca@!l?36C^*@3hHV1_U4H%K4>o4g1)h(qk__q}|Yoh!ZPw=azIOp<0K`$dtTs+?*p*NHCGvyfY=O}uw=!x&wBjEOR?$T<)IuJ6RobUbcgY z!M^Lx1hsvV;zMXm;7DSRNwMX(RWdAXk6OZ4D0CpjwVD;oN*XHaLrEM#m@6OqQy?I@ zP7GA`fw|B`V96*v2Sj* zDfFCJ|2;$>&L4RaB_$l>Wj-mVwK=XB{Q6hE)J?05Ivc0v6T|HKz(29kntS!w9e1g( zf7cHF7hUhzoY@vrspZQD*q9ox2T+v%ud+qP}nw)4d7I62Snf6m^!_KQ>N3#?jI z>%Qk4bB=4YHFPz#EUfQrY;77#S_Rux{bcdC!+*W`f`hGBXO*jiK}O7@b5un_9|Lsv zsuR0bqIX-ybCJ9ScE4A~iW1P?Yh0mw+CQiVuhdjw-m6bimihP};C_8w#x4)trJxL3 zKG7q)3Di-%(1Bjl9RY(}NhpRra=`y6^@vpnO;>MDQrT6s~6;!BwPdo7h^1}xZR`(xJ z=Gt&|&>u9(SFF1s7Rx`|DI!F2fIYqfTNc`WI4|qQUv@m>%xygSJ5Wr-2L9wOn z1Z=GZ-b5G9UJJ}!80@#KLyRuh)Rk9-GVtukKn%&gjfrZD%q5NAP`Qg>S49B%N zQ7R1%;7xBbFsK$sofJ;;s4ud+c}sUXM|*F%b+~~gnB0o4ZstKMw^EZf=lopg< z%sfxJYhv~wr!pa#gp6mV=o845xUx7#-BFs#Vm!g405kdR-HlNXM9FUp6B~<|i|}zV zBv%)J%Nu~*)!NaA%;})#s0y?w%HXZ5`&4L7j-A*WJ~Y%U(@G*3A+HA#*k3{1i=&!Y zfv>ULu~ZR-AEcb?1C*r{|&kM_Fhq#%LuX-FpIgn2~k~?*k;~3NcdFN;@r@)6b=hiTW|z(;`;!& zy?4C+{vq-f%^A}yN>88y|EaKK_1zuj8R=;F^RsjD**vL*y6dhzXaW=Ek$}f-cwwF2 zZ6_3@@hyhed!stQdV660J^{1lX4}tN??U@%5%0*; z=%?FT$6%TjkNaYdI>&MOOFT~Bs#4PQP95fP?ScSCsIbT`s639^5jfEJt^52OeH=?A zN__t1Qjh!V)6O7yP5q zvDf#xKZ{Z>{kq@%#K)aA5Z#4Sxs_b@5hj_8iGm^gYEbLz_VwjnsF*eb_aGX^Y;(8+ zB_@?Vfzi^UA#2SneCF5Mk1DpR?{mkN9+F!?YGC}8U2o=J{F{Rp`LJU$VS?p%NG*(`S5cJ$lpK664xckCs99^Gi&{KdZxgz+ey%l-1AZI&JG}&^7Dm%>}mI>ehR)$t8wE#JTsi8#`mJ=UjPi;qle~Wm&jOQIJy%7e7>B0c=A{4T@Dv+f~khahTFk z(wbnVYWZ~qs)hK6dHFw#nJiww$C{{le_AFN@`y+4z`X~OCZUOI^m*Il#)37z9ZBT< z+L)F^IsiN6c?PBf^!AoG@!)X@23+0xFe&Ty@p5;b0ieMAP zU^kU7n!jG{-`C$eqf>0fJ|)5wbY@f+g(AT0?cwgZ(y1HZmmE;SB2bdy;vWEXX1w~; z-sH2iAK^0IWd8IJL=-u&zRo=_et?V|g3(?nX*pKQ$RK~qRCO!y479@A+g|nmn@Bev zsgAHKj{4ilK~^hjV^aG@*(O%;{CQaX30=2S7}o9MnfB{ zbYzO}Hlo8GJlFPick)@*zY$Lya;}zb$ohaDJ2mH8&Y34x5@L-1L3;8&xgUpWxRQNx z*2}Q%*t-mFUm=v4q>9FnV#o$F#_Hx$MQl$95GmYL$omrGg~qGm9Q~2^LEIH&N{VER z%RF^W>KEvDZY)2`Gb;eOmd!;PuP`Ab=IQ*>LF0UXR7WoZK2LVDoTk8!xU`>0*|(2m ziHSPd{c8_h#uBv1LBuIZ!1>Rzk4V+0$*-Fe^1bG1`x>!_ViP`Wf-}F7_iPCSXY8B_ zGV+1Z94ct1V-pFCYYA;uR=sP>oa~89XIqYV*ki^BGRVcqlZ3yTs0qi`Gol$gu*#YV zUZ{GHE*FKIx3taW^9Y|AId&_uGuaXo!@qaAsZYcr=8jBK6T-9NVzs0afa#|kUHhuJ zHiM*srm=Ch|5rK=fQm?<7L zTtD1>&HN+-DrZ)ro0DJY+Th8B@~1Yj3OSjkpnk+#n!d2KSEbzsTssKXI~?v^K=AT* zv%>PX!b#U7lJVEox4=?HEX}u_UK=dkunL$3h|BlTJdQJpVDHNOkIsLuUUM6~j)xrn zSMzIEBbt=O>@>S64g!p|SJN~zPA%RxHN-OF#VYad`-{gJ7ECb(9YN7j4u?^^Jj~Df zQ0kj!qy!dlCa06XgN1En1h`mxi;_mfIiY{~I7h32>52{l$?2I@l2h87v%ce=uyCal zk}8s&h2Vm!&o2?E&JPbR)wd*zG_0>j;1EIh zXRz&X;i?&&Tgs#j3OW3)6|RqT--=R744~J`RZ=|3gR=n;OK@ zvzeERv7+<)C3%E;ca}xYiI(KNNhzsxxIh2^JG5Lmma?!_?7=-VlbTz@B#1ILcPhd* zMTMWt)WDLt4ehp}+vym^7RnGEL?N3OvAv;dM9HVZ4x*F4i=t)$}^Qd z7+4^yy?TX`IAbUV(~Q^*G2(gX&ky_SRBvE2t9QxMZ7+4*g-%ZX&y%onMe0>1lEr`d zEDoz+jP*aIp)2#Iv>mU}mh4H!X*d!?_Uu04WK>m~KMZ|-Iqj!viB{-%InR9b<@{WjkMftAY64=k-AgeJRWTM@`p;5{yR6OC|G$DDRM8; zNK;PD4_Cs0gw@q>vyk%%m49T0&sLX|Mj(tX_s`{efP@ZKJE^cL&wRx+jbPAP?mTL< zw5vd({h1KT_aNr$X9xEHhLnZ1?%_}2i|lyhQR)!5ldq*gIjl8t2Qxdv|6navRw?SW ziV`=?sU4=Sjtzy|by@)~u5OWqkeBaQH(z`k-#_a81`uNmJ$j08S^kDcCxe{UMw`%PI6J++6f zIj86~ajE~FnhchAvr6a3rx5h;xZNXOUv6${I@_Y8S&Xaq@+^eq?a-k|XyjPt@a8Yk zjH8&&@DEh-s4$Mq5-TERuR%c2Qsl6pd6+Q%<<^5}=BBE0L?QhxsX&~QzDo?2SYO-o zmFxc$We%jTy?;DhCF`F)0~a4dd;LG&zn?-0zmHCPKkYx7{hx1Cn;+_kL4T*3TMbcT z`SWxB@-})2`B5p!W0yc=CCBYz?c-zSHA2CxQIP-z8e(3ci?wVty<-5%-8hpoxbGOuqPO>?X445w3Ws>d$-tsCK`FKR^GnGN=2e zO(CEucMDH<4qANSbZ~#Z_v?YPigPtHv@Gy;SorKfQkO;O4B*c@NRcHvr1dotZ{g$A z1anq1b@u#FmzRtF%jY4;=myOG%%G#JWEp2Ic9uRq#;z`Dh90w7p4xQD_7V1^Ji6~f zqM9$`2bd@dZs#8gKgO!q+!I&j|J8eg2M-Fgz*nW=CaC;+l-{17S7dDyjk>6o7vtBP%vtU>c3`UJwH;$=X8t~C4MQ*{5ph!HfTEf z7k9Tb+ec$Mz~i`YeOD^guKxP9f7>Wm8Z(+bm*6WV4BGH6>M%EKI&Z7-L>BUPAqU^L zQ|geAAVHTNz`SHVHJ*iz>b)1ndvlubdy%Y8lzTVOyGrV^R|ZR)s*yOW5{yqcev%Jxbq8-G(o?kQv($rLB_y zI&X3x%ulQ#T?A95(aqHb(2cXRbzu6um6S8`r~v!M_;%Wljg@Q8$r>7Pt%0H_V_F4X z$cC_D@vVC!Mm3&ycIiKYlS?(>)h({&lRMvM^TzXr2*ul)PHfrruI}-!p6>wZuk>sM zn9BB>Yb3X46-JLCl+5-T6t1UFz+$Nn+K(wUlly8Ts~1TVS$lbilWEGPAcwi&Mz`%j zs-7gB`b6ytKjcGaOtf3J=TMi}fe##2@uSdJEO%O>fsU9-PQmt-OmQ#$@DUY87Z6Wk zFn1P2f_2<%t7M-2ybqHP+ zIg*bPe|nq)x5PEtALXJfVoq7%t{~JTQ#;zdI>d31viCM7JBQ_Okc5trECjo+dM-n+ zW$Gc1(D7OK*F7%N2N-b&9Zts5QQf`*7z1bzc`d!lspEjV8k>WO!y zozx-d-S_wOe3fU!%g@Ny8J~?EynYJTfp{g8`}B5EfqRt~oI5q{YB!fS<3J^M;A*&2 zLW5(9TtXEW3yaZ2N!Ans^&T$0UmN`+?Cl?S{*D)a>Wyq5lhFY&OsG6CgH2 z?ypA@CTK-mZbT=81_(DF`>_b4h4@l%coUE0M%d<9IkKXe@q+=p_*?HtTC;!5%rmUx zfOJ#n54jwdkqE5H>SxZRe2#y7LZq|R+H7e*k|D=^gPg44;--mF*1OMud zX7?M>%*VKV@*gUH_@!i*kiBSKgrYy_faWLmC$n^GLd+zu#z5yfFx z>DY0;B;WWqg~D+`#yR=2+_I*H=kGnDOe!dDM<>iSfq#4Rh2p?F&FAB+eoV>c#U+X{ zXA!RloWq*n$IaE%$wEfeC34$iYVXJL)uy`vD5q~&rq&iRgI<>dP>ysZo3`H>+@43a zX}JisOKJiAFyQUj2Ko(NfDtq8j2p*O74GhKyPh9M;}4i}!(RPxfwZ=yRH2$05aGa$ zci7NN;QR()9t|q(M1u2j$Wt(J8-Ysb`!O$0s2j#=TCW-2`GaJq%Q11Y#<{^o_BkGf zulZW(!nHiZQCa;$kGKb^OU*XHJu9(L)O4ig-_ebW$*DE|7SAx|Yx~&jYxmgme;ZHy zRDRGVmbwX=luc~>+v5%G?e&y?VbA$zOx3s-S7g-1IHlcenL}9#H5*Mra*xG6H*Z;1 zbSQS~s1hs<*4ky2DAae6&+6%j5ATRK3iS|g%)Y1wTzT=;E)qfEynM5?%nRB0{UDNv z<}Y01!&Nn1QzH4gcI>Mwkh3d$>EQ#|I!6o$@M-X=TSp<<+Yl4^Q$ak23)xL#XlTn3 zjd=)iLrjc9q!S%7294zr{d$HudElekoc7FDw1gZ>Jg0dylCdI`VZ4ygr%E+p25P1f zjvR`}Mj+rRW0*GvAuoUTMy(t}j)^-OoN`wIgJH2ByxhEh2iyete6Rv*RmKfj8mG$P z*6mfDk?M{kJZ#=m60TtfSrO|?=K^frqNWw6ZZ{BiBzK~voVKQhSs-`~oKjA>yh(^n1fUYeSW!t+nNM>zhwF z?7Fs;Qrjf&k!-Eb&+87(02qI0vX798gzDQpZ|~}U=}BePVFuX~=@T|bZQyAd6vws= zYh3O!_^GbF5KB+5{!Zc)aByoAYtle4z1dkUUdBCJ01>>^K=0ul)p+_UPOUWidOT=b zNPYjDEv-!>yvS{<7%c`GFvUl{R7W^rgpPe>1`JS;E7bYOV_x2CVzu=H5legPPb6vE z)6^us{@st&YZ~pGB(LRR+cLOE>@e z`ha*=W+D{uYxuYXMCpGT0mc(Y1{O}kW_7Xn1)MHTF2tfv#=6N6?yY(*WhW+aZU5ro z)?X7tqEHFFW#{1KdVcwQy&f%?xtHYfKdrhsnKbma0vJE>e7XxY{vbNyAWI}PHFMhU z+=rLRhc8$QjXj(mCZd)`6zXp8Ye*K^Yigp}{F9iuDPrlw-5i_bP^UlfFf{ahlZ@C@_cmdSiEx>I+>xwSy41FZ6K zS3n*z{P-{+(Np6h3v#RYnNwRVk$GYKzPG-=VD`xW=^TA+!E6DS-}gLEYqK^}1PR4D zOrR`HBT_MQ!6Cw0v{GV|s)pthGxTstW!i000XUgC1B!xN)iHmwiabq}Rm6-@F59Xq zVoHL{IWEjZTz=~>p%1vaxI7B!obn9>D*&A!$+w^#BV6zqL-j5gl*PEVB?Czr!NS2> zC0&P>Q55G&msUxCGXKjXl533=9bVA@@poLgnsGzTcbeVk-Y0 zlK?cFoorw<`q&K?8M_B*lB3ucm-A#njq8?XL*~5UGgJ(mNr^w^7C91cQ^jqUI;G1L!N!OH^J9n6H39mf z$^n})T11{5AkZ5J3$WZZtizkcWM%zUb~;J@TG4%ok~nIwB;+XeTt*3<4RmxL#-s^v zRb(KSLlImoPnYY9L#%Q&LqZMMi(H-xo+3n1JH7q_Q8C1H%}sT8`t45GM>3+r5*6dq zauOvVb7PS*Rm;jk?Of$1ib{05yp&*l(QK7JsF|hfM0DP(8lb9us)x$h*pb<}m!vGT z-he*xEr;~z!@R)${+%8E*NIM-L`#30OAwXu@p38JZ!O;@$4LTKIk2|_YRu*L=TVcN zh={??*IV37%c}o5e*f^oV0%L62hjd-{#<}#+Wi-rz+l_&Ty9S7rny{WHsF@q+oK0@ zU#I0IK_!Wnn#(N0+2ly6*jVK(wfA)q-_vD#MEmlG^tQFr-s?~6T@)tj?S80b(tgA! zusf6_3i$Na{TO@IV`Q{vV~mn4j)HzBw{}J%O~>j>l9Lw~*s{mL5|d->IE^KRS8p z7Y1-|b&Rh}wam7v3}f>X%w!3Bylg!QiS~gR@2{Vel;3fRlAz!MC_&Y-YT!bVDCAI3 zVPj-hSH{cYnJEs2j)p!yS>}{@XO!qah~?*!>d|uCR#9up^la-0aqt>ASyti!EZMUZ zz4B?34wQx{j4($t7(e0yHaeKTkG{VKheuh z=4U$$Y!*TV)Wzlw$Rb1_WbrQm_Qis=%r4e#A`p-`xB9 zU_P!6pH<6ACBHsq``J&vV7ylQ$j7`qQ%)1x-~GErld-QyCB(7Vd^h&?LqRfnlQ}5y zMnMx+D2vKtuA~txU^s^JWzk0Sqq>oP0{Bp=PS znZhkVt;Uxszza>R>gmx+CfLO;i^3AO(aRz?vi1p@O)oh}h?zL^uAP5D<27}GhTFHr zbn%kb`07aPYUc!ULdSAWbJYLqAvc@PTWm=ApV=E@_brWL^0~^3R}SA{tX=%ql4p4b zHN8!8_j^)ldtIKI&1)$zb!EeCF>jN^YhpVg0W4nxeqdT1_ zeJQxx1+blW#*`qaWWORnzZx669T*VJ7KM#eq^e*4^M|da2nzX;lk-l?{Sab*%l&yn zo^i!0ExOy`$0WR|sg7t)Y_Y874Uy13l*kyP_kZImy)fZ1L`$87ih9fJ^g(&dLjrU5 z>xyh$$E_CmuBk_!QF_=Vp(e9yH^#RtnL**_o>7ODT3(qa{bqjzD(or5!rU+}1lJ;E zv%i-sv~&TlmX91Y8@-X#vNN|TMGDWMkJB1~rPbt@s+<<_hi`ANqCzrR!@Si8YLvDfM z;TTe?{!lD_kHd6)9yjQJD`+s^7ZY)p7-;q z_WPr8mY-6Tlz2RG?j2}~O}eaB-t>BF@jqu&(iX?c!xP}D+6OEEGp*3Z@lI-Z*|5oD zCGIEk=&3VisUW#L??XOXqn#lL+y6!(J2nLgSYzjqF!*}vvN=Khj!~Ss=UGMWZ@kL5 zFxa>O&TC2fpP#C=H8twEEP|vb7AX%IH!0z3>ftaGZ<^f7IvVNYJ21?_odxUP9#B6V z^eq~)?G-6bL>thgzicK73K2c2tklTaET zq#v?^2eo;6ils*8hQeApQePkAW=cInB6(vq7sHCHo)1;&fwF)9g@SKCB8)(qasn52 zDdCI5@`qYt|M z)Yn55DJ!k#`HFM)`n}ZprNec$HaBGhez7mOHWXGDw$jE-RS;aIuZ5pgi_nerWq}V| zOoUYV*e!id^^GMjVy3F6_WImDZJ$1?tsYubg#npVx!;?;@0?%3-?s-h9}LUDi^%yz zT;L0N+eQzTnzZNAy!SP$N{H+v8P1#p!_-DCg`|*0{N_EqXr->5t+~ndsmZPNiLJJl zhsuEbN`z!Sz5vFxtoo)%wy02mQn&Ph@B|);1B-y)&NPJoT|dGLcPj{{638sKBdgFz zcgkp9d*q6U5zz}q!6k2%(Ck+fkNx5)zPS!NdRM-cEHspX?H#^Q1KK~p0?C*MpvDog zUaIwOfc8qY&O1Yp*jZ=UXWdMG)-USa>DovCo&99+NhSVprA}DiIFd~{*zcrga(;qP zV5LcXvmaS(z8{v?AI7e)0%ckvDh=CAaN6QgzgU&pfy()9E-Rw7GelqOe6-4=^WDlI zu{3dHbnRl1#{yUW8^KiAIV%Khqd;RseHxN~W%63plq zVp3vvW*cHF(+=srXt^Hg)TKN$g1piW$;W)g;MO z3TZ`^m6_>kV--NH6c4V9rMiK|H1DWD0W}bvDz-@#uxeq(jbR~yO;AZ9{oB=&n(i4p z`e2Hl9w#Y-v~rV{pNkg#B_u2-N#B)$Mae6GqqJP5ybLoc2&yD~;K7YS9K zu9V=dZUL?5!~+(n6Hym8Jd}hbb85oai-lIujHb?3^08>fYD|mUPb#^P`vT8xr9hHi zUya>U7CqChg-pGp$~X0Sp#9nJo9Ge!$#3ktHOBNwT9R*?SKstn0-V|8MB8seg7B3r`X7goCKCe4Rtn)k4>-Wk&QKD4 zKuA5zf_I<04eaZEc5FKkFVV^%GiWQ(_AzQpB7_t~ina3%ICM_Gnn;$WTO5yPI3iM& zaH0GY#{H*3`;>uv9R@)t-07~2)DU*S5hOx95$;Y zgrdnBX@8FrKDw<(SRS3*)uZ-~kw^~~vo7G5!0G@(W!{fEJrZUIVhY>-0c{U29xi>q zWicx7m0^4BCOS|MoDonps^I=4nbf}ww#kb$n zjAL+5E}|@7j4!K)*`_lQxt@M zqiS22a&k~m=t)sIUw^a%x3AVTHDHH$+a{Kq)w=>D$@S!Zusd0W@E%da1kOF(?hAuD z_=8{CQ=p`+_j`W4)YEHJCZa9^V+_>HOD@*fb@6&`=f|3xi&YcA9EC&$8*~&I6E*o> zhs4aCIKsA}A8RndBj`5!WZ~W21x(LXpv^C2F`*b9tDgT(^ZK+uvZ#L@en0uYHVV8I zD*HdX|9XFu&*lCEYGM(NabAS8vG}+iZ!RBzM9Q}ywRLt5iL~&pix;!H>&WHW7xeF5 zOFs{|TVXo#**L4b&F$rt<@uG}<(8HPkv(lYluHgsWXd+A{^d>Wi@OP_%LE}32)ZDu z^W<_q?`45MjMeUG@GGQCR%7A61%t!1ojLpGbpDWu9|-4}KNg((UQ3L0@5L@pd?ag- zcmOSRz+T)pT>ki%roM=<{ndu9`qN4VZ9p)nWq~WOTe*{ZjmBK|fHwHb z$ZAO!BZAL@M4DE|TA$e6Lt+JMUihw?OP;OWG0)h$-1!Z! z__>`}a3QE~+%P;yx#^+?Ddp>itw``;hOXDvS2v}%Egm|Ai?Jx84gUIeu$}8`(Z_(o ze_V?ta;L*2g2Z{%xB9hFlJe*;)WxjG>qCeecFntX$Zhg=a&kq_9~BRT8#p^F!)WYL1!*#U{nJasK;HWRks%#L zQZ+LZ5_{8^w`lYJ_U_#s!}=f{HHjS7H@O<1Ud@i~Zp(RWUZ$OsdY_IL%8%f(Hb9K< z8tQ+pyz&zk{mXJM5r2um9;%nPE{K9EI=Wx^NLEc%(HQoR;QkPkgp;L7>{X2T2EXd7i-iNT*v)hs}J z0QZ8TWlR8(N-U~m+tGisz(2Oy8^L>{FbA7eF8#SNIL6&_XVyjfo1j?)BeQ>TN>Pyc zB*a}^P8hI@96&_RNe@iP`R(26p?jzbYrcd8l`8jBn1+~TO%frmCNI=zy(l3$ijMQVB6Dk&T+%3LeD)$ zL`>^)ojV_a(E3QM3Eq3Sp48xpE5= zf@XB}^6~(MNT4LK@nzELqwb#SyspTSN=&=3n{gLGTf*Q}qETcnKHKpw`QnJI->;dL zi^&+EeY#}>z5yO+!Rbsg?hI>VEnVFxdN$(V-~7pcG6%qk`HtHs zk~un6TI`y1&X7~~rUqZdQKL`;&xa=8zuyV7-nacPmU{oCp6QCuW`im4XFY|gd75pc zP!3GN)l_EG^-{blniU!>DsG@J+$3ozz)vg1a^hBY}TnppVsXx?kAqGw)p8NXF;(FfL7DX+dZ|0rT8mzR`A&uxM zG7+r8i8mzeO4bSGX0usN{bzF=nQ{65=Q+-Yg#!vI^Xi}zQyYD@g!oW*DjY@h%5a2C zh3&~$FXgLkrOeZEOhV-LGqD1iOQaaXmG?;Yt{Bi1!U3BX;LbU za!jaO;llh(WfO-3ybM>YqWd^h3`FN19@UZ9ls23Pk(_4x# zg`TRpSg}bX5ATrC0<8(f*9-C3Aa_6b7QZkUT&S9rxub{ZQRLiGP?m6v@ zKb-?~vLuLA8_GOqwpHHQQuSJk3)9s|7MqAJ{E9L|S@pDrc_+9EMKvM+bM^D6`!s=R zTv{?*%gQzzSA&2^-*J)5_9Rj8(?mf&Dk8k2f(a(NF#o3+C66uJy6Wec#0N=C3TX8Dm)m;I^^|f;LUtty)?j2Eo*9MVHDPhtVoKRSs zj*27kj&&`ff+A1{KsGw}{5K!yXmxz(l2ja-vnVl;apT*$Br1o0DL(-N8q@R-;0i2X zu$r4deIf9pQ;@-SRlWUJjixg&>2rjZ%UU>>Q^*WD*zy&(pgZQ5M%UB1?UuNP^1PFx ze$PI^!WTqn{MKd{BtQU(4;GE*6kk4=%BzR{x%URg1Y1T$c#mRX8e72DbI)L)#kdXP zSQgNm8uF!O$jF0kVrl9~{g3~owd}3nI#P9T5lmq{?Zm?dq%vtYv>=qf6RDWEa;`KG ztCI|9KPHwERs#a9ncXA_Am91|A8ob&%Ch8Rw0fG+>!{0OXVcp5cV)0WxMfS8fdP)! z`k22`&Fb=rJJk+&eBYYZc?soQk0(qGzifZ)yGyW<)6>y2+$*u?XJ)99F~#QK@;U#j z`jkE&S-&HuW=G7$>+yL_P@~c)jN0SL3d{BL4duj4Bq5 zf-=!E0vjd7Io)7G5lu)%c`?>oAYDKAd-{-3ZB?B!C3WQMmQWw~+C#nHH}R5eAmRUj z@Mp)b4^JVu^ie&Q7jtf2c3sqToYz3~A=1w(A}5J(3-_Fa!ch4s~|hG1$X$bJHR{k`4J^}}4ebhocwqC=zl zzn(JX0505)w4#`NRBQXwn)BN^2i)S^d>SpS@aUN=P<6HS#&Qml3AkW2bM4ZCzBv)o z(vdPGo}cyH>SiV8K$wKvT;M#_lgqP0jUpR}oa;fJv=jo&v_({VanK=$Pc1O1+oV~)i6;vlH{=m6cdG_N8vwD|nE)ue=QbN@z*B~!3f?T@X|7uTya zrpRd!NOME}mewu1-@a0RlbN|$G@A57U%m15TJS`3q8DdOBfDIu;R8-|Qb8!_|9Qki zKqV<+4S0uK#R;GX7grZ0)dZ%tN!1%W6FwqJ$ZmngC$fJbwPyc#CJ7>mzlX>L{XF~= z0v4Poi`3fvPNH74bWQ4f;vX8rDjN3MmMUJWD8P8B8T88|>gI(cJ28m*CXx;*9d!%+ zXyAi*YYNn;ED@3_|0HD)4Ce@{I!Vs9AyUkaF}P}uYm>7@gq;{j4~tX#z+`Q7Mv9UGN{3gN4ypnI~7 zirsjs`R`2&f|~*r2;vvrYPqfX9PaPu%8sMLYwBdGHI_7zh$;A$Ip0wy(W<0r+mQA5 z#9l|9m)R;~HI2uy=3P9oP`s-?TA;7eU@HlKVHhqql`+m?ygm&_wOrC<=&BRL$dDfC zE|%r<+#py(ZCBx`B137mI3h!5@H>*=DWT7V1MKe;(m_Bjv_gv$sXBfxywy;3AIex? zaBIaBCzIQ~N9^2S1up3PZ=%l+SOxfvxP={zPV0{>%sXG^$JwB2lu7T7kM&fPA`)Y0 zVyli`p#G7n+<+9ncd7ZR>nXgHXKgWttqGnB+yq;n7L}737-UA(Rdh&i-j0$|g%*qK!E|Gj^Ui|u2qa+S%5g<$Onenz}wSj^8KE3(gsrJ8@2c_I! z^M?Ey8U21658VG)%pMZTQa~~)0yRSCCLZS+TJjKCSn$ z&v;BSI8=<}nrpylaIttlvLmwEsE{(Anlz4+Mj|F`=|TA)oM zjB+g+4aC3GC@(c~%Pty1tdkhgc6tI%PGS)$L+K`c{1$seoT|<$M&CLdkz-Z)7L1Gf zU`7TQMb_3?<;Po7XkhUailzkFvPIP+zy%;jcQG{G%)QA=|A#X8KcvApMFZtbw=pEz zv;P|@`$0q{=-n^BoMI_P0}~l~Tr7Hu=p>kxk>zBLYn)NwH71t`2Bu;t9P~^EHNlYq zjchse<#LzqEH?+V|E(uj4#maNglID3$6hzx^KZItZjxZh!1=EnHSut=e&6m7jz_>u zphIpbZuZFI#ey2?*(o}`Ag`!R#2wL3h&uhjSJY-|O3oUIHVOr$&8<$KFHFkcSE5BM zij>KW0XHf_lNaaD#x&IziuE?VvhfNnA75hxA;k4&;^vm56f+%^ni!Fs6k8VEKmKoH zMFSyGj$Xy=htRLo5SX_)7^@%_MT)n8k(N@1O>^CO3}R7B$n-a*dYqp*O2~fiSFN+T zy&~gPT0;M5)foUuISYpXc9qT!q5jl}#Lic-Yory~-~mStn~p~3J|4En6Xw?9#@8U4 zg9n?GTwiDhxGcpVMw0rPjqCQm=>XWRM_ng~CPOyxHD^c|Y9f;F5UhsQegEtr?rEU4 zhAhz;1I2_hlJoBoBPVxmpTqKCxE_*3d9onQ2P02vRxS9NK|qf*W72cyv-i^#vBgbm z@}k6W{i7zETMhh&CKmq>rb#FeF&mUF%qGkWS?yrj0#>_2l&*{nOf*^kWJK6juSt-I zK9Om2!)#1oh5AiA==}WB0swuppoLh73iumt!qw_ZW79T{9Vb$4v@tPgl;f3U2d=(A zgiSXYhQctM!kNM+rL;n4DSKg^U3orSQnIxnmL>9gOICKZQR&_C5LE^5oj@JqLCL9A zdw@Gtg?z=NGcC~?e~QmG&cnHTW6{gcgoCXEffI31pg_-qGwG*k4#CqC@z3WNtoBO| z9_D$J1RwX*{${p1r+TcrrgrWbHm0BvUV8Z;7=_rro3ps~rWc>C*4vsAdg z&3#F=k?8ch`YbIFC85Ruf)J3ELx@#X+wJCp8JP4cG>Iiau>TyblvU4Z~!z zNvb1n&n;8t^Ksr>ML&x_jV0^sudUotRKzjzq1iPhNW(s|19!i^dtOs#OGcYtX1`0n z?{+ZtKQO;Hzvq83<+*$D@;W&gSj-jH{cds(C?k1;oWft#yC}hjKvWddo7+pj)zC$a zZIL_*>e;FBW6=t8g!@(z?hE#0EJDr_Ofn%cfk|(~Y3{C2d8M+1Qn;V1cglzwo>NL3m?OAj;@1VyQ^W$P%2QoM?>XV+3$}9S=u7-=A~& zeJ2Q}jKn?j50muiw39Sb8FYb~_ylm{kMI(wC>qK7cz#eEk$`thl|oOB$zTPq`-)Me_N1kX$o-t|H?4}qSlhf@2IB2$32Rx;{-j`9A=i38e z(RYWX3p{?nODFg9k`frKu}X5K8rsP4VEcKJiQD^eT-yZ7uS)d1BG3Pd7HA!92jD-g_O8l*IR3U_HqX#C<7fDCvg;EA@_A3_mj1DTWt|Va8Yne{$s-B z76M(M4t1xQ+xQi8d&=*Z>y7%K=c`C7$MCx_vPAk_9`nAo&7znZv=6uKr~EzrztZ4a z@l^GDvOMmL1_IOBikgb|H+1af{0%Q=z8ks=vtbg;(?C}D4l!yHFGr#8A?qsy?^N*# zPyKmkL-72;K1Yg$s%To|gQVCX5VTG`r)E=jZDU3rwFLhK_I?+JYq|J9Q)6Q0HoP~u zk)lOj6-sWQ6X}UM>l(DGr7m(=qHdnl z$!r6>Mfz0Y7yi}$5XP5JrL{8agJ1YW;Q~W3qPSX0l0*);F@MS7;p|n-FW+-C$Cy6J z`>i0eZ4~+(-xwK56B3p8+%XZQW)xz^^5dUoywc`IR-vDnGRMS@*&4VEUQuu)>f`aU zIwteGMu3{uW{AKI#Fdxr2KVV-8sm5x>^4ukHwzaxPYLz1@51ea}E`boQUSG%F~I!rq6ku^jcL7$yS>WtRgt<_%1&qB$P-P0 zFkQ;r(esZ3r$`{#KnVHjc2A9o`u}S}fDSPtw4LM*Ef55b`;$Urmw4|8(DjwbH6B)N6(iR)xSoVmB zf6OhRwAb6xAaTId(x$+b(0NBb8ag}4!JhKm{y$8eQ*>lq*sbHFW7}pY9XsjRwr$(C zZL?$B=-75Tww+XxQ{R8aLG7Emsf!wW*Q)idIp;H($V$v<{}5m_a_-D8-SG%~@OT z-<@Z_VL`uI>b_zBDRcn%)!LVLn2;}~dM_2IL;Mq4{wLFlj6hq3|CG@Xe3? zUeLI63M>5TV-EdSBr(QUF{|)bPV$WU{dI1azR%s?9{Zb8GL)e_^Ded?VMMv%$IaE% z(cok;;p(K&H_zUh93A`ZP9P}=Q#DN#B(}a&5 zpPhq&fqU(492nACpXDU>1Kf$z8?K8dCz175)|SM<{vF-GC2q6Z?sYsk=Fs2uxM%f| zKWb{8uk_&N>UcgJXW3JE5{j6s9&-jDI})@6JsBnMG%CpV9_M7eD^DKAz^g@v`!!BVP5%#cE_ce_mki-p$-0WDl94CG z$WhVD?q{oUVvEyTWubfS>i}L*6S^)!8?e~%XWwx)()6(w+N#PbFEh@ZYeOWLx!=exX{-yP0mLw*f&p`p(C31n zDI&H3APnf_61*_To(U3&zjaxc6u2E=BDb56PtUG5SgM#=oOX@%SspV#KE6FrzKIf1 zGEp=$HLp{j2L1i7kAbh7%a#$`ff>e=PBcFjd~Ma70!Pr?}XE+nq*+L zfI@Y8;VP?Pzd)ViS42=k5_TBC(V{X_soozoj=JWFoVg)+hL|yWl0YCKh}xLz8`jnXp~=r#j!GYMoJXvz(+E5OD}Nzm95sG^qR-t>4;G# zMjmikC7^Wm&iHld4|w^$*9X*nclA>$%~8Xkl8FaKSl|u(rX#TV_rQMdT$UFoQoWdQ zhJeq^yd=QR%S4STaieDofs1;}1ny`@<=Orl!0un{Ima@#dF<9js;cbR+gtNkr@`2; zzd0rV`R&$?V;U*|C$Q>Sd^?mqg7mb`bqmnb&w<`?1a0Sm6ymkzthp9_Q8~x*TA=|h zbaJsPK85mhvgZ_`{H|8b$8f${mP(93?t*eL+pZMRM0UMKI0l`N87$cQn|VH*@5B$) zB}_5;L@D`PZZ=k45$V5_qi4y^Cy95C`luz72Dt}L@4zkB*IEA8gMHsy7+T?=@o2m= zxG8-I$gG@fh+S@8&)e%f8D%Z{Seg0x<$7M=R|$QzJhADC^lFG9!rh#%N+gu1LMa}H zU6kMZ+lhWeqA;D4iI0rnVkA(`e*ah}&*$|W34Z=1uudhfVip3W;GyDI^+O6Qz4zfy z4JxQI5ueW(pUSFVk=XT=d}t>VDO+jDfTl5$jS;o+t5qW|^J-*T6!ZBsBYl*2#S4%7 zwUDF(-q~>E!DSGU-zz8qVrqfa)E`_qIXS&vpRTtT zJgZJA?%tEzp<3|*F^rJ|z$>^IuJ~y@gs2hB&$1bQ(lNw5+6!CBXk$%Zh8;|z>z3wg zm}~|q!t^oMTI~=~8ue>Ry-8@MJ+$V*)g8fT|4Pa-f_d{_^B4V-_W!+U`lpLh$zGC$ z^0~M*Z$kNMSxeHezUNC8(|wzdBsHeHi(x9+efB$FpF7PAl!}F^D)vT_X`e#%XP4xV ze7^4~?K4tdj~37*wLkk!(CEX3jJPuSLPPMKrs(1*{&tjh}6`n#wU9l#Q1ie0_#n80aT#QQIPr5&ul9-)V@N zxULi%bYEil&`El;wZt%ja@|O(UvF&*LhUgZTfppV2~}WhM!38>)6$hTYJC@ku;Wjq zyG>91@bPrDU0?b42KTJ+-r`=b`fI9Llx5;}I6{_gWqNC?-N+)LG$vBFFSpp&I&Mu% zpV?Jq^Z3e#z_bLd9%H%d%9fvJqxBw7^|YeBJ;%6OYs;_4qmlV5((Woh-xgZqyp2M- zseZ0pGO9IGD8JRj5)<>CRdSvksJo}pPY-e=@M}5|2Z*pnX5sHc(}+d7cVVZ!5Y1Ls z*XDBbQ@WWsbMlz>LqrDU_vZ4}x1)<6lGR!qQEFrY@O15;v!nx-?UN9Sh)tqnWBmbb zU*+F7H=j2hqeOi#2hvoG$X;16Hpk61{T%jo;~*Hdv3mk|-&bja+O1&S(ns*6l^yer zU$371->>KS0f6tX?eD9paH3D??`!=Szk6yt&fqFs%SdSJL6UfP4wtRPL)nLPiANdA zRBY++F=Ecc)6)crs$Qbopt~hI=p2WAU8+UYj28-=4LQdIQKg(`pPm`G7Q_wHT|uv2 z%LnaS%TZ2M&Aoixhy$Pi0eqUkZcqi5MqRPrf;no5pwe!zWt1YuK9sfvI`4 zB}x>jf^K=_Fpf(76bk3cZ@~#IY#v|*Qci?#fpFFP-amiI{3l;YdQO`bX?x}e?~_1E z!OHY{yi&O)(!=EP`CWm|nu>~w#Cb*N=FAW-*?SY9JR##2f519!`P3Ov%wfmt^(bL8 zk47cm`?7PyVm@<=Mj?7z-sOCPNRfD2-pz0(Kq)VKKbXVosU(6^S(zYJ$v7Y4%MeX; z*SVb)V59@FcRYP&z1oYypehS0{sbwUD3yt~UV`T3d+wmC8crg6e>M`fXaxcpr52jY zIGVbbZCy`42hv#@1fSh3lviAdlM-kRE#H>qF;3Mo;|xpC1MKBoPp4is#1cp2bkOy^ zy`8_(ZhLETvOgM$PD(iRJI_~3`3-=dx3W5~ZoM7vSM_@Zp4%%c{E?${OXb=hl6-S+Tj{z@vDO&5+99Qw9kb=XID9CLb2sfrBB?#P=fPDf$HY6sMO*dmYP(-%CkG&Z z=M@4f^6?N$vY^9%c0WLBJ6Cu1@8e79oU7a2a;YhpWV`dqVJHWk^pYj4-y!b)ufV9K z+y;F77&KW;d}aqQvUol@t81qwG8LYTCA3{C3**F^^SbJYy>p&>9rcdZxR|&SV{ds$ zyLtM*2R=>I_r8BAorCE7OfCKI4>NJdQKdc0blT>jPNU(|25$MOmw1l5|=OFewkBD^QeU&z9!Z)vim3PoP($O{6V|t`*PqZe0BTF`+Hnp!0GtX9x(YW1=Ts}p*Yq? zC84HC$kI+pNFxlox%53+pG>WOl?tf-N9HSa*QEWOXrlZHf=|tH`^1tevaRyVr8|<_ zvihwf!HSjE?zbe`ld}}`-5O*k6ttIkIFwNDg?%LJydd-YWJRPDsw~^h#f5uLq)EFj zTkht{Ifvk|J}aI?Vt_5VWV9!JtfHM7d`IgT9)chBtbdN;>p+$uG+g(89!anoU1q6EAnRy@$xi zz}oe?yj=b4u4k@z%;oamZ-ZYpqexv_Ef483Q=5TyAaQt8gK1Fg1?< z8sqc0b?`I%I!z=K8rt!{MQ+7qSJ(h#Poe+`rY{2R_xyD2e)d}#$11QmcljVFeQ2H} z{q`7MI^@s`&@!n^Ay|21Mk?{c|@;qW*;ZXV7QwdGRhq|okf(nO3$bE z85*;me4Cdw!R%W*U$(Z(n5m0LL04bw+~$PSuHlagNn}~L0grsKdVpqL85G@Rw^I@S z)|fPx32o&3NQq~+c{v7z7Uqc1wd^i};4caYq1Ayv(32y;WPjgKLwfB6I#YJHim!Vh zygk~BP$ai=+%n3(qm-+~$22&pCFDQCHVG>&cW~bZS6!{M+t3YoaBREMpn!YrBSci5 zTsQAoT_y;s2Cs55PedHEltIWrV`8NvI>R}mE}$3(*KFICRQoScx2A!VJzf>gN*}ou z)W=ppF{#dK(U>hU=tAofi>F{lD-5b$A^RukaoUtnp^UbG5>BK{TJbrNuJw++^5Umfybony3KhPLJV zxdV7q_y4H-O6BdN5|{s4`MV1il~I&RAVN3eDrYfWUMoz4vq!hkXjzji)d+1BYN@g< z|4F3#RTG*T3eAF)@N@%M?sL+4j3Dw^xU?w0!$mxi4$tls^2Vi+jds&=QP@Of9#<&| zODMK!P68BYRn{oILQsji4i$53&9lnaFF+R1C%l#VDo-skmAbsrNLp7?$ZwxYt6Nz$ z+QNVpS7OkNHGxv}R$`YiUgC18wmrmiLs0yx6g$5@J0-%N!&yXl z4{IKxnN7Y2&;xGS`{WP0*#cAVgOGCiiv~UTy;X%jI=DUEc1!(>*oV8I(+5 zCX!0>e`vpMZB?)3BN6fbI~;wGmsteLXTa0hyWvQ*H_hK2LN6qO^IMnI8O8Jy{~o$k z20?Pt<*fDn$qI6boi=wMWGdF>u|gC94#{Qi6R7?LY}4o5E0^Y0ri_C74S_)=v1 zSkx-CjLWdS8A{vyr0cGSrzq!TT`$*se)lRql++D9fyIsa{Ol8)qnoMT*O&Npi^~Nn zT_R;hM5a9lfwbUY;!0(XJt6m$zO1O3Y_95CYHhDnW~x|CZT0d=6FBTyOwji-7^TbL zZZ*VWhY5-;4|zR!~#2w8zz#B2q1b*43OIqT0o>#ZZdvO0?#g9qL@fU!QWZEft$ zl+|fA!5B7o5nD2m_ptxjddOJ1RnNqI#wPz-j`eEFDzs^`QeSO!DeZl z(?tQbft65-yi#+w?fi9D@DvyHS{DWcrCcz$G+*sxOtUl=c4b|;cTb!4(rkC6veB7l zg&UDHowakcn$c>2aisS%-Esw?E=iO0Dx>3M?+~ez#?0{sQwL0ZZ2ZyowX~pjt}MOY z!@z3zXr+IZBN)q;=#(P;Wpnex!>#Sg3Hpaz!>URZtTdLN7{sAP^}WW$v^lVpph%{0 zcC%SeBHyt&X4J&J9dstTZDW0)A!)5)w2m|ZRtODSQ2^2_-d%syimF_QaR@-U<=aC) zJ^fYF_jtoFJ@v=Ul8>F~c)hAjSgO3ML4J9n--3dO7M5S&h zFW=hgVRkiW^caTU8#W5ki;2*ZT|&qRXUet3-b0UnI<8p@_#{9Y$QH#QQB!2YC_!9a zTz-dS4t^NiuV%ZUqHvJ0dz*S4SC;pS+L`3qvYv4?(Lf ztoXdcYPqZLI+>qHiGck81S`=T$*9oHo`@iq2pX3Byf^pMFBb)FNs=phi53<~2$O)P zO$XsoGU3nVoHc~FmhMn7N0IPx0M?^0omHc;i-8tY>V;UPKH#JytjTzGhkP@6??XK+ zA3r>ZwCufi<)43CF?Hf@DbOw?#fp?dQ&e@Idbl#4zc4Xd8$}+jU_Up^RM`N+z%a|3 z?Fl3R>?(M{Hi%MDQnpt;KR?eaDCiTbQ2Tm$15Hq%S&N+&;pXv#KNgv#c@ETsBNHP# z4=^epDUpb7<9+*e<@L9$o**f0Sfk68&4*JJJSIzxLQ{@lT2A_|G?ArLtXzObkYOU_W#{(bh zxxaf!r^tk(5D$F#lHV2`3+kKr{ry6MD+H#ROL)MW#XWvRqCA0+xJ$xFU&BXL0PUc4U^5vB{#LD6J_9`uX_JddbdP8#>_m^+}KehTOh|sZRqm?JP z{E~E9BfBOz4EO$|jtRw=&{x6#gVyJBffX<@0)9!+@YOG$u^FGejU%Q6FSn73pF~vMk(iP}f}?#-m#+JuUr@ zi6%mV(hpyHyb$i~y(ge#eqAb0D1g!(yuofy>Z5ygxwO8wheBmB2)j7nP~YzHGDGm2 z?vYeu1ju9h{qO30IQA_Hw7l-%Y*o#~(s5v&*9?p@_>TZD@4)RZemMmlvsVv*hn?RH z^_V3xrcww_P=M8#v^1TOr(mj2=CiEJ796fZwb6K@)nWG&cmXpK zrMYoz<&31JfRAyZ;jqD(Br=-*aHWk?DClsNcuLKNZvy6^Z=7txCjoKR+y#a zWZ(DM#Gjtd7aYI*rSJSV&-8EoyH=z#>po}Hc@c`IH}7}>z0>xdUpMLb+UJWHCF$m; z^($(toFYo;bCYxWbLAn+wh8hkb+^ee=1Z_?LH0kiP`3FBP5)JJaR|&FI6FE9ju98p z!lezzD%owkY%Awv<^~mky#$onXOi%GAtD){z56w?&tk zWQ_)?1v!r{E}u&+qB)~;rBXWYc07t36D+V4r6Ci~g}6UR!QM-87I?BZ^aH&|=R=p# zVPBpyT41*cG$Jjn?r^)p1+$XFak*Hz`gpm9#t|3)Yju>GG1^;Wdm%4jhNJ}(AcpkU zdPQJbUQUL(L}eizUMYqM$DA?dB$?!I3qw#%?qwH5Bz8cP8XZ>+p_;h&F#OFC*>)M8 znnmwuSeFX8IP)r0g!!Mf>K_7Vn-_Z^oog#RVPLx@4YnU`FD)Q)`^j8!OZaSJ;z7$K zeF%PEnZMjkp-vhKY2u#9sqg!65cW$lYt-7tJ+D>ofk% z7|rC}Da600FPd(`-O}eU5q&!2H^nwBFZPwUlb7ynLJl2dKoycF(vtHWqFM3SNgXgL zxnzdZc3|qsID8NLs$d#Do*BXj zY_Xw@nIHX*NUZz#v%BtS;()*5|N17dydwDZ*Z*Ue>tTL0lV7TT`x&qrE;N%G4F`ur zxYd`uCAnOZAdX>#mmJRGq*YVPSN>f7ke`=V)~_yf^1X93DJP2}luVBc`g*h5=YDgo zI|3tRrp(U8MN8z#yV^FeCID;i6+a^$T@sDvYKpgziWT&U=<#CME z;9cb6^y-3u#1ZjzOuL+^nm?DSJ5(ELKEqIS(SLdWns)(#lR!(k>;!f3d zAs&Z(Qz{0rBr-BNYZG^;-Eom2EXhVpGU+M->Ef(;uNgP49-in>c!VHk;C6tJm6J(= zkg~NAnu6n>l~mxgCD!{WOZk{_EZfRN{;u`A21X`xD1RhsL+yl@rITpaiD#j_SrP!o zZ#0j}>`Ot}`{BIMO*5bv#O$ansdP@GUmMMpQBhKAw*NKi6i-)Rq{$S<9tQ{sjolZ8f@v4lc|6OncfG-tXE0S zv++a%T+YX=jly}_LTu4j0exPXddNAra5T(#-P}{^fd*qRp%k|y!v!z2bLY0Q5MQ87 z7aqUjJztu*em_mrWk91Him9*r`qUA#tY*Sl4J6JdVr?8F1kiD{uoI2|8lbc?-WZYv z60I(fcbEZfr1q?k-=yEGtN#D{#A6|w!zAbGqwXHyp9ml#rMnk}<=;5-+~>o6QC`9f zLDb?on z`Y8Ny>1$_RKoU+*dpJ052gX2B?^Z5bTO&$-#N7oRDa<9Be#hAvZZZVgRRUelr&3ZF z+_$I|>G`FE!=M|wrw{7Gs|PH1%MMm==)w^nnRw5&)MkFMAgx`YtEu0 zzt7S?@dXD*p*syN0JHr}bhG{B=Ig@UEeD^^^ZoRUNB-L5;5+ymU=KL@KDuE|+~(gY zp+u;YG!I`{`Evw>km$n%N4+Yal)ZmIdsM&w(Q%K;+5t zKDTG(`FFw;RHIn8VPP?MSpLt^XWDJ!wKI<*fNv&R7YFIkwf_EsiEd-p!~P`HLdhAR zHo3%<5R(<=e!cbaeo@tC7m3beO^?OMZ(N9tL*Pn0337IRXNcJivRZs-?rc)?7~bD? zP^WZQ6`WdkJFS+4`9*V4`o@$<1Gw$k4}V`G66*!dJ5Z|nAd7Ut1;<=B-%|H*Z%oob zCFs+}nN(~oRWK%o;*3vdhX0*a4G+>>9DUsSM1&W8D@(~Q6XbQvhq<*JT!GP z?i9U1LdjneV7-HLBWf|oa~&BzZsHCxn*^48JJIrZmn0$4E(^03hMW~;MyNHLfpVRP z(@=}DAe4$Ol$8#a)c4ad%E`im%U%EcLA94t+4hdi%w(;gK7Gw9ITYo11S<&^1ybem zGvL;zG{W=#l}21OOsv17np?G6$m1^}!oofIl=~2-Ly559_B_$JATimcd1JabL@pL( z<)3gQqWdh27&YggO$s2tg-Ps5Y+L|t%Y_0(R6L%7C$P_^sF^eCyb| z(tdmmGMQ9~=`Jrpm^C#*kF&f0=GFF~(scvH3^I4pkI7f+i~+NW1eVH7RR>5ZTFbJY zg4|b6+09G7DXwfDPP5IPnx94;|MHrdntHM9MDyPG$5?=R!iVN;c;imAkKW-!n*_i7 z;E?qBg;B$3Qalsa-9T`H{>H^i<6(mJiCPCaZpjkh?btj#WiiRV9bhpxr5dydDYY!`4l_l1u!Ixq3JcWB!h~866FOfVFM)ai>C}LP`C;j0hv_{!ur}HggKN~9t|$kK-WHlqD546t!5dd;Hsl#|v>dk%B-{jz zA>%7hBn`nr9!o7q)YVY!txDELZ2$BLi6dpQ&dKnXqgq=YimW#;VC2;#+oFy2eQZAR z^mvl@^LmQ+$1LFC{@QxepN*IVPknf^&6c_!A!+>bSFH4s{AIYz*0~lf5*2u?b080{ z7q#$Dytbq7z0dKBgR>^cniE*QFkh}fwu?(@}XNdHa9t#I3+&$ zfBo9iwjYu#H;DdCHS2KuIF7bQo{)H+S6`BT`+XTf3^zRBy|C>Kp`wk_m_m%zn=|5? zS{Nu(N_evRNYdiqeRQA2_D#t3PcTeVlzh9s*u`}Lgar)7xR9SwBMiJN5BlXsfXnwh zL;er}!E`fljTEf0QSkHvC;;fVmSZ5PDC&z22UPa|ap-!UZo5PbB2KsnSRex^>jRuV z#=Oa`m}?9h9|ULj1QiWTmr{;TjuEbBa=XCXre>!ZMoz<+Q{(WtXyI=stX{P0v)72^ zBu6rkTeJ2EPKhv-T6nMS$mAs}`i33~=cxFYjsCXy`eDAKzk9@_oJelI=2yn^Nw6*kP>k9o-H2GIxXGc#7ba46b zOE{5HNmmTVI%qI4!o=bEF423+UGMgdcx`T^CmlbMsYFV~N}0FCZ6CV3*C1Rn=8yn) z-b^g#6~U1q2%=)3Ux*ax)L|s!)`XGR*nne6D=H;3tGlU+kD(F*1hv9==_%Kv%h_b) zUi7*4iDW^=Z$+@!5b3G7V_aq&yDPbRjr_hJS5vRAoRD)(nda;2s>xmMH(Ye|W0kWY ziqrMMEB*GfLgT+p^5;98j(i);Sy!K*uQua}6!rK@bAm#8eSVCc9bUz1`z@l0=B#?Z zm?lI(s-yzXOa6$~ndpf9J^{iX$d=pJ?sX64qBt#*RB|^f<`;%0(fdQ>V*R29n3G>j z3-ERDSY&dcai*Z@P6_ZY4Y1F-20GiT?#-Y8KpRTfH>xhH21?lljt#qR_V056#b_o% zfb+&gKF@PmO@#PYspOAM-Yq=|(0=2ivJ&Ru`-M5##BUT5l#)yL{Xm`n+>5*fxJCB= zd+UK)H4x1@K6*FkQM`*4XyG>+{)l)IS(|J1nz~P4rknUJ9PB?oLk_Z=dNocqw}!gBqah1&I8-x@&n`IwmjQI4KG)${)C&4 zU)p;lup8lTZy5Bw74-#0p5&3I(re+BA4y+Kx2=d|i%KK;oQGt~x_*ghs=C_J$)H4? zoL2!HuqD><(bR{Wbwnu$)9W3dKG3^LuN(ZYb>Fv#nWw2jx2mGL>Le$p+5rcRX&#ad z{?%Add)dj`e@d(XU>g2yFcMDqbBK$m?Z6M@?s{nfIV&#JJ5l-6&YQc_bEd3r^uZzq zBwrPFY}}U3RLPJGO9`b*sK!b4N%V<_C+s79Hox8BV9#}Op@1Kt?@tw5h%51xY=OEs zu=M)`v6X&)X7yz3TR1paho!?lkIS3V`#a&$rz$q;>$Jfbj4+}zDruw0AI48^23WxT z9U~bK!2OGB4+Ll@?C4k@jVHY0YN1QakW}D9XmY#@Ok7JTtl`n+)6Ko>;3jdMem#$B zogyfm(y zY=fZnJFn}!?sEf)QMYp}p^$PtHMuHZPA@W(Him8yY7&+k*e`a?;s3zlcN-kvsAz0z z>S^Yd1`3J1P^Ul?gB?lf;A7IYv`Uv@4`Tpx(dGM718qYLpEXLcTv{g>Eb~j0P&n$p zk~GU@6}poDbl^dxnj1JB$3GRPABd^lSApT2a~*$maxY4qu=*ChHC1zsEK}cqr_f@& z6N~NvKX{jNNc`XVLq+xP(_Ax!izMo>I{-0Lm8DcfpSLK}NLj=J9hOCkwF? z<7d*8B6BkwI!;pYI%TX^AUAyWBHJ93LR?5=b#btvhl4>vYba(gS|PeEX8L+4=v^bS zjf!v<^MF`-db&zMT!h;Ac`1ghf@rAjcR#A2cn%OP7aXv!FysCW= zg~=Uy+}8JP+&C3#V$~C$zl^J>{ce^iRP%{oK)F1QE28>M?RC>1rz{Yk%jxj`NZLiv z%Vd+^?eVn5de`Uq4XayPv0oRrYJB{MTkqACb>ErAX`V+hcR`HKpfA5KyYRpvM3WXk z8CVH6<{%*~a#Vu&q`bh2Al^LR+-}v6$ZV~^!~xmPp-iZGf4t6+GNq1lM$EGVns!Zm z;29*qMNwaJt>C!(m)KgEQR0XyegNQN#uw{8dAcAJ7f`pJ5)EZXRn2`%o}yziXc;8t zX`4%%EXOn&`jo5b93H5cdg7w*pO2B+C9@3OOmXwD8^V=?7XmwMhrHx3P#WYDKO+rD_ z$p6!L5F0gdw{`$(xptZ|XxX1i=C)G1)}ztB*f;}8O1-V_eS=>kA!9{v)0}-t())H~ zvF%RKj(#(@-=1-Hn@##k}VIbLtjt{=4uXA!nq=IgA zZ|&(ty^vPuTKlQ}Q1PETj~_uQG>xJBgc-m|oeWk$1Glb{5!Np1#Rt}^({)~S5ApUv zN+ocLxS+r_lR&KJI7!<8guMUdC5riW%fG`+epc+ptIeIXPnBitb3XMQ8AfBw{Vh&C z;NmpqwR(>ZhqL76K;Hl6#{W}X;Hjyu{N|t{p5p~FcC<`;FM*m(F3d&!+HHXT`Z`B~ zA9pc#q?T4On8T{Zs|KzVM`NRU&a*tj^Jzk{_+22_qNeVO%3PrL;qdwVz0#n{{}JhX zK>n-6pG;Mnp=|;j;cy%FM=U|0nMR4~b#_q6Pez7fR0c-L*;)Ft#6<{f*ts za$Yr}SzhljsnIwBVJcW3HK;6~J%*GF#(5I(U@_)u^ygaUE(H{4b&ST8R$p6NS3|!% zE(1HaxZnyFMH`%vC;Dpamxnvv{Y-7(_+Da#88(!(s$c(ORK&u%|62BZzrg}KdV1UnW0MDtYpa}^A zSCh~W@#bW6b+f7VF6dkRqr3#?Zycry*LOgRhPbDD1i$QJLn5 zcQf@*3W>v+doyu)vA5zS76mDL?<140#>NgNE*Yrd2L$CZu+bJQJZNINL|r6Ci}#OD zHq~`M85SC*?#LkrWWyajqbXk&vDSJ}y?(pmSOMczqi!_Tr#g?P)J)kfTXK>FN37!Y zKX|S_Ga5vlYKHQsgQD*(Q;zc9_g^gi z{{ogU6&TU=@voqm}yhk2^ZpSj)SMF{|Ted@^B_!<;Pu zD*d$eVCl4rtBFb84LAo)1hfWir^roR;O?qZWgQB=Gj&~%PRYyeLsQTtN-1jpprL&7 z#=CD^Ss;7giXR^X>+2&qV%mA0vL|$-y481X27t2O{UH5CsaW{E&)5ZNvdLsibvkao zO`%Lp_w6j+umA+=Lt;`qxJWXkH*8S#QL%Kml`^{ zd@h$p)Y<2!nxFJ{<`KH!k-FL^_suRs(`M4KI$SaUQ1@^?{VqKa$vkwNSeNaUZaciS zsKU~aKNWolhfmJVB0m<=q=TA#PwGoY_P*-7ez-3mEsMHT;|Ej`x_gzCI;CG}q`zl6 z{MR4VytgBiFO<*yAJi34kL5=!F=EY2pzuRre#Ya>x?TUP;)O!q14}}61Wv(5`dt)M z7W!TIre-)>v0HUD(zv)IE9-0;3k(#3v$dAoepTn|!~dZ#F>y!WsaK+uOTTXrbD`cn zlI&yltm>s9Qi2STZpf<{F6fe>^h&bxvZq%s3_1+{ut_@~=Rx58=6iGZZS{M4H$y;N1>;KI~OYnW%4UN*4q*Z55Xih*ufu_I~F zb|D%pIf+v+l(DY=Wd6!#Gps;4!)wy52Scs%a4rd<3XXuKhO+;{T);jiCd@J_s+MSU z&6qBnEOAO7PHn*}^`jIkl#fMZ`?4_kPc6djM)rpj=-vb<|Vf*^q8>)#* zFzoOp6ewygEA=7t!1`_=m#V3pDwBz2+Z4*<6)i=<`dSTJBr`l(3a4lRiRQ7`wvBA> zD!8PbKYkYGsAYa&ThQH%e<1l-l-2e1bw&FHu87@AyeGu9s7@rmGJlNSj?EkINk}0H zy$qZ^yxyUKgQLK+`5dloLU3ngc3k|q+3uocq9DQ{T2*W%vR9WN|C@m1=p>5Jx0YhV z-dqGFg-uv^cXpE>S6}=>wAJgoNuxJYZC4?PCzM{oC>|v$7kc{7z@r*BO|idK4#pt% z_a+*Z+^ZFm%&BHU1um~<8NqM2r1rjV$V4?3nF0&X`vT%2B{@S88gL3T6}=d!RB(rt z=^$4h_)JGW6{&ba$IvDFD0;e-V@fcYnx1NuLVtH8^=Srgi>%gv2!~Qib(zTIcXeK0oM~Rj=3Xk{&19Q@MFV!j zltTG!Bb4Z9A1hFbWn1UU5frUNfj>l}=5fsTW)i8IKXc_`G3@KyzSx;Ro=DJK+|2HR zFZ1NfuI{g?HWS2jn*6o0`Priz9}}mcvR4ymgj?%O#-`8fawZcZ#ZWD+-0bpl1o)4m zGmS+o++UW#*MXkiwBP9|(x;>eXoD}1g(`l!=n$2qBb)<5xYll$$VFut=ovnltWd&6P z!JjA?3|1UC*yO1IYjidK3ecaa6jaLrdRO-?v6XLn%S?VY`)Sr{4hw#~9BgTRe*F#Q zFBDOF(Q3I4Rb$zy772yJyJ9zu*%iHY>-2o>I$`$Ere2;u8R=^r4D^1)FKfjtPy0@% z#a+w}iR3c4Yx}3X*RWQk1OII+=Cc?dElVYPO6JP{Uq;0q%h#!1_4OpZ4oedgV}Ux0 z@#FoK{Xqm*X~0X}M<~zcAoWDQZkCavql_{1q(p5g;4)!cXskRoPhTf8Y*xH=OkiFc zpskHmV#G5y|Lb$TJl5y`D}1YH7QY^mc$cEKGW^#w?>dis@Ms=d1&`v1NWd#34}CR;o*iX0 zj>vfM-|6^^OQM*&Z_oM9H%l`^N=Knrob1_%hOA)$W`442r6$kq*s09jlLC%m|)Tj)h{t8?g*-k9E7T>edIk5!+<4 z>loL!Tg@&9!nX%HdB;{~w5biB?L^OJnh@Q!qSAR=xpZ;!T>0<{+^-}h z8zZMAsF1Kb>w#?i66es5L&iYBty1^*sfiZTS)a zc&s^_75IpuHLkMD5pyWC<89LT2gikhs(}#+(D&s<~@px6lc4R6oa0H~MnY^zs za0ZC^gV~;=N}+jWGLrd}!SOe}w0e)Kk}H26-!fI6`bIae z1$X8AI_=0#!cvq6Tv9Iv-<*P$VJMI*Nd#E%;AC`S4HuyWjq9Qfu$$i!l+Vp_k;_`N zZQ>t#D-MqbCOOFfmC75uY6On#aOmUqLw;YK>?Y)pt3ZXz-HtDo_pX*QFP9tC8cY-ueyh9xlDYRsP+!fVM`N9J42nfp z7x2UP>)cbuvs8Ex+s69-tG-t6UgO=N{1}?_Uts_LT)lnh24gxI`D7tL484sD_d7+c z{95D?(Gt{D-9>2spkO%){Lefa#P%ZAGRE}KEXWJkDw_wh%KJQq%UT+AAuox_y_ zNOjxlc)htZqOUDH(lY|m^T){pGIRuXZL)^%Uy&C5dbqiC)JcfGNfo`qaW)dJ(ET}y zdEg{Uu*Sw!Lwik#8v&!rG$pOHgE|2-DNX#5nFan&?U^%mo_0CLMn##cP9Qa~Ib6BO zmUim8zQQq#aJ4cuhq9sJ=3(r z1Lef^N&o%-B(kZ|*Ek@%4ZE6D>YJ9fVO8j$r@B+#3b_k@bs?AUkA^{aee8$Ik)q~r z^X$wc)K-PS@4Kf(t!_YexTFu!{WdIMGzm^^L8RL7d-wL|c=3Ke#qq1E;arj`K-+0R zaY|**pCZ{ge>g!QVg142=zWs10d&;KVkW!Qen`2yENyPPAFrKVAl2d>|2IK?Uh8k} zH*a8eX1R&Jfji2ONRIiKDGSa#E_0ZnWWzBpXsufL@(fug%!~9ZPH1Nt{^AGV;bR{% z(c%tHH92VI=H`wQ=1=>{W?lmzq+(PdY@~eM^rnbVi^1R0z6AI$*;$8412%;0LxL|4 zMhl~fZXF{Pi1j;N67AkbVzU(>pQkbxPiEw4$a6O^@AM#(X#!)zUKlV~7LhWDd|n4q z>2CUfi5{C^i_A_dV4^PcZt!q}sNt^!ji9g(C!z+p`P{gpa8CDv40Zga#5TVDI6g6C zwZ7c|C(Q1!TbJoEVtpN0<^KS2{^gbn&cF9ODCuZx4r$_T{rqfaVTHJQ(v^~u|A&VVu~ zEqvhP;oyYvs_U9@<;KOu4(7v(iQD3_!xiQNu=0V@B!=T@1}2uT$qDEd@d&wmr16rA zFuKQ_Fv9A3hi0pTzE#m2$_~btnD51kEh|T@%pag3*&i4x58JwojxITlDEq-N8geU4 zOO-%VuL0|9wIZ+Mgm{@T~(PNxAOQxNFu9l!NZP-T24BwLl7Z9VVGJPBf z&vk&5HK$`?tKZwmWR4pmy8q-9?N5oCpVJ=6B!HmUqyPOK)#Z&YLox9iD!r zrvHmKDp2^xPzrLEze`IJS57c~;OWzvh~r~h==`a9@^JL`nR$5-Fjzb)5923Ey7Bjl zksKjNTuzd``hFskqlA7CzJf=Y5l-N3r4@C0EbWj{)`gbwh?_^h*u5x)u0nD{I9b*} z6N*L5D35oDNyW8Cv-og_9M(Yl1lyTdl?N;vg_Pq)biq@7*T7!?+bLfEB1f$OvTtr6 zFrgWVL{&$;vQ1nXFZ}DSp#klz+RTmoNW`jZ;?L~UfI4PW-x~IY<{Fj;5ktG{ zz0lYRdrb=GF!t`zKTg8@{gw!uxl3(Z-UaTc(2;Z@@zx@@eVCx|8Zd&uy5W_fBz!_# zel8M?Rf7>(I_mX!3)4x<-N2JVae)Gc6cA{Zm!Ahz0XbZpp(oTvQiJvwI174Zrs&W* z2DVOPdr*ewe=`r7Y5OY&)$R!#Mj`(ngsY!Up#W2z{_w_^qLMf1fARHBL6WxN)@HHG zwry9J*=5_dZKJzv+qP}nwryLJ-~MCI#6(O?=0Qf}K_0xB&zm>ax>h9lUH#3awys8& z7G%j>=xf@bk!Qs#M2bb;*Z|XrCD45 zT7g;m&4VhOp-R6VYu02~OHBaNcR?Dw03lyWv8+pZ(b~~+BsLM7vY1!%HutHXSxoj( zBlP(S|Hm1=K|;N_eBE7chn@zJKpf{#^e*iB#sUsb7brv)|oarqGL|dSorrBb!_#lVWth|FA<yCv_iD{6%`|LxIeE41c&k|EZ8U0Svff|zniG#N3?r<2Q0Sq zz8q5>L(YSTq7{XtB|{x|I=$cKAqceF?Dzh4xGd%glnsNtQ25=?^t|p%DLB*<$9#~h z4L)E@{~S{EOmQo%E+!>O0aOD)!_KYle7Qkw?@vp6adDNDc^zZW81G2F)%>ro1vF~g zA$|olSEjVbcGNiUcxTU7+{)s#ewl_}g%^KGmt+cTK6<1*xrz|-rN&M9$?lycs*Q{e zFz7RToX_%Oj$hv@^nBg{vIf8Jw-kVi=PAMTWP+hbQBP1pw!-aZTMa%0rPHgVoZ&U_ zokZviGFmL;0l{XjAo1)`+0BWhOSet{SR-%2dHX-8-xI0UjMo%(I=QND@xo?LP?$zP2?0sbVX(XBp@kT^&b>GezDdd&$&KmcB_ABEU(EK!OfPJ zzrqs?ww{WqMMVsE9V?;Cu2u}Aj|T`#Q_+a(N%wQ(i56SNon_=(wn>! zQT#@8GEV|aPk1E1|C$vfu=%l$-K)nSD3Rwmzr0rwj`|uiZhJNJXYM$Xx_h?KIq(Vn^%T>N%25{vl|y*3mpK}fjQLhB4y3!%CD4AR%j2MM0*fZNLX zKI3oEA?w>P)}^?Ewe(w%<4wBl+Oo%-$%Nu4*j zqNj(Z2Ez{sEx7*A8TY($+lVrUc%NSAJP^DHkA2+pebGbCqt1hyoDwuszwmR!;5S6l zC)hykWAHp*6p`b7U&o;}=b}3k$Ne~H#44h8blq{ClXDl#`DiNz@&7;`cd)?CF$TDs zDjFCB(;ZbeQq%MvW4i6lbM00!(u5NU5D9pNPbKe@VHoD&u3D>_^JVAJb5uCLj=ykL z?0lXpv`;4Iepe;AQ4&?05`RnVFGo;CXvTuz7+!-RA^tH9Sk9%JUM{?4FiiBA23q)?Cm=u-gl$xPU@RRef)%aVg+ zXj~O18cD}|Jf>8zQRO{#B&>Pl>G|nq_6+xOyP0>mtt%j_ zdr~=-e!QBTN)aPt`6L~28bU3 zYsg-b-(JVyVB<}B0?%xkbiww^%$~92Sa||<%*3l)f^W5`pCXxMVt+Z4Y_e3=$d zhVGM(kunN>0OGP#0}1NHS3PTfQuMu!sko4-_TjGA*}Mp4o0Jz>I?YC2G@OP^V&Phz z(Z66=dGn%r19IHq$JD(HJW^KOqeq#_Y){QFjx2}%^tQRvKNBRpg*4Ko=c~V-M&*=6 z#YzjUoSlwF#-NnQQGomJ&tE-uDgRnq-bTuP`4O5*f>}q-N!;mEz*-~H&@jnZTsk~% zKIZw4$788$!SU-@XNqlcDY~)lZItt69w2&Qs#g?_ba&%V)#1Xcp@1D=;~xIqI;d`2 zMzog>g5tF4-8&MuG?a$Izm{wta22Mx_qzZS9n1LPVYu0OpG+DJgoq!rIDyE(?29>m8mSq{mqY;{$Z5;1QY*ouvkW>hl?4Fk_uF`y)*ZQJ^bHG*z!LK^ z>fp~9k)5AnDbxLx(=|MgBL@=ugejI|Tek%&<4wH9ztw#43LKo@0Ks5{6c6Wnh$vUP z*K)QSqL;(|AH9+o^2aq6y#8U~o7GgHnarOl_MLYKno29PsDf<%m@ZH~xg0QuPzO)X z^#E~1)jK5{vP+Y;_V%GMLOXtkrZ1FK_YDD#*d4E%`l_PHD^fAABsz$sE5*C>GNlr0 z;?`k9&8kXf964W5K$20=RKZk!kugI4F@V(s$V>^I-@M#hT-4Zr#zEvZyqGZ!SvW7r z@%`mNa|1{kYtFPBHbj}W@mPy~0(klUYc--9L`y~hKkjjk{4pxk9z|hnZs`*g9LgDp zjmD#;rXiDUB3Hv^i>=xF~W*RZZ^YA2>aEWd`{M~w^6rXn`BN2 z2o`q`PE6>*VgwNjg^6x-dwFzk`I?b(f+_$OC>VE}ja~En{C)rPHqw?kVriRbaBS5e z(ILGQmM$E6o=%z;6>D<8b!9HhR7O;8!h1-*yNvIK7bwfVajf0d?QQ3lBe3P`xUp5^ z`#ck!^|qx<$G#D*9vtgDE&U7hKx~-mbKvZ8?RQRU!;Zdr?tF>H6zfA$q1gL=Y&mw> zm?)Hr29~%a_2Cv`*(Gqz5(I*TKlBCO1OyRwo|cJnG(G{};gw}ffnFT#pXFIPV7}Ox z0NT6AEmK3{+FCOr`g*0qRLE(JIp&1N`b=qkN4{|L5@GO>uF=1Q8|6OFyLk_?@ab-M#V1narOl?SLHi zv!CLskrqe-7+3=)Azd*X2}<9H+Ys-)5N5rp5Ww|TpYF)6rMoDarh~|4kgb4_oeuyO zFC1lPQzzuk3MqF{IbR8#BiA}z2&Qbx7tFzCS_e$~|37B$s4m3``}gBFBGL$|5BajJ^70=Tp!qMmUoCn+Q9HL`XKqG`wC{Qp&0g5kXZ^t#c6|6v|r4B+ipVKmpi-D=>doI>_bl6gA~}JFJxL16Vxa5TFtzUM}gV5^$id;Zq)ut4v%ZYSg63 z)?9ex>`!O5{y{Oh%-(2ehmKxEF-5Tl1M=(b)1UkB$ndu^6jRh;Bhv zBGeSwND1YkJ9H+ogzRQBnE(kxX~IdRCx~Nv5r!vk@GuHRbVC#YudDKHhIMKocEQ^` zB34{Knl!MLOJ365Jaiu}qRXUdf-^*RUjBafWaiuD8ZEd6IS0#R@!-k4N(rYY`X=Hs z-O76)KA~#w`Os3S70g?bClJNlLWvy#14EVk9SA+}`{UW<{ocQ8mOLa zrT~j9wf~Fr?>n}_FKG3sNRe+lpULRDlh zWmxQ&h{bt?lOj=6Be@|0KaZ*s2;FZps~}H_PoVipV@ z@P30j^|pNS#tpS8szuWoe}Jt!Yg_AU2R%q&n>lg{=`IM!r6*B#gkm{)tQ{^dFLB97 zN+aKWO{E!cPjdXICeK$4^~l(jyiO4KKYQW#BN+B4aI}FhKWHnqxBsgDwGh*H8w2IO zDk&$k00tSN=>0YLrxoV$>16|B!)yH=9?quTD%b*|y|EKka68ub?MSU`X+f*yqqTJ1 zZauj5A`&+7sIlBCoR!Fpb0RTI7?{W5(>=Ukj~i_d#OmPSycWGi6&nLAHGk2z{N!>@_V8~U=G!Hdku zU?ntq{&bO~5BnciG+P}EF1KvVl!_ZlfAc2Hncg`&%X7!sNfm7}SR?a6SYaG1!$#@K zd&6u`68Td+U|-Ct`2e76{NH;RKeYEoLGIOf8I$q8e!5xLyg%aUbSHG!+iP?5cp>GF ze1p-Dt@7t9q?K+le0wYjEFXaxwC1Y!#<$SynI~4v7OP>r-A>pXI|zyB^I%WKZ}lPppd>d)qx9bfQfj7A%ta3 z+z8s-?|76kFjCyXsLhHdY*cO^AoyQH=M=zsP0dtCZ^@0#S(we)+aT?MwvL7%&1}f{ z_kfryl})Xzqghr?!pyaGdC31UkjyBv3BG!93c2{w_b-D?tL#3FAm>_uf?i{A|JENbmZ9YPFoQV@=sA-v7o!L z4vJ&h2rqD(g=RW0T2tD!e|&5a%*P!jTXqcCvDsyeB@*$$Jw6Tg%iYUC%b@;~&mSPC z@I%N65y7Xt_gB%UD}2&@?h*NBm>HNwV%Z@-db_>mB?!H{O9R(a(^t3-AH4bY=u=48;sf)aH8;^hRo7%@`bvV{S$fqcSWDBG+8u`7C*unF&m1 zHtKFnu_R6(5s@UYqQgJNIM`ENy;O-!93OXN{b$wiuLOu?=9wpv;Rdxa;o+Za?`Z0! zp#~e)i5d34Abo0gbn7nMm1%2lSnwkg6RxsEeGnVB>QUI3FlxKjuq|SZD7#bbZ)OSn z>~_{u8j^P+;YDPfArx0ihgZcu(@zl$-JPyi>2iUQun3$)9)LC=uHB#P!K}K0M9yml z<+;tnM+51ZxOrO}*c$VW?X?a^L&HT#OG_CZj7R1Q(T2!~eO|p&zZ|PXZpA3W+UdNy z>voG9Nh0Fm6_Ct&rD8*!XDLM2k51}=19VY9>TRjw3N|N~wN9|raRJkW&^wu73%QC@ zUQ<MpI>`NXOE`F@>X|J?t42dMf&I=2W0(kM_snU0J(uGH+f6Sw!> z*CS$*(&uBVIAfczkW$gnF(8EtYm$8+wNFEDI8ehP#>-V3Mt?BgNmuVnjOwo~H#y>Rf`tMmQWH z`O7Qa*#nGtO>)@dfidaVBeR}DMo}jjV?F_4GiI-XcEZ>fqjOWrjHbDif6D}v+=Kgn z!qPozu$;8B5su!lXzx6iz4lrLeDyLUXLu_-ZMH~$_xHNz+dA7po-woWO-pk#aSBKX zY?%z7rF4>GE|Cr!wZlT=E|bjY#wgK!v{h%H=VWrUeSe$Cbn*dB))_eZ$e7bI|D3YF zOtU^D$np99e7!I$QEetKE|M(4s_}!3xjoGc5AP+FF>umWdw2@PFv~K;<9CtHa}z_c zSQJ`Y{D)yA&{$Q-#w2`7ARp&{-38tGqg)-<9DfZfkCA&8u`D5TL|t)k9`UC#;1u+M ze7ZJC8HoQjv^6z}gvw_&gus`O!z#X>TIF9lrv-SlmUBeuU~wt8P=fcfy%DDlErPM1lO@LgV46 z6fYL}VG(9%{F9`OrLuTPA$R17y`^R!R;mIt<)yqT86NZk^XQ@`o9-kr>K#pk9x^0> zJbp~7;O0(AjpSuF*xzt$yG6d?pGtA)CW?ai$^doA==`VBsnW7k0+#WAbO6fFTh}W+ z!TT1+gC&Cci&_01KaIi)Ig{UV)5Ogze%CYyZ-4BGwazMfY9biVE>ZppkJ~#IzbWPM zjD^FB8cQ}COp%yyY)?exTuew!Y#Ox9#?`md!Nb9umR$k}X6_&`?ur2RW4#YtgR<`w zYHwGum4U-sSPe0c$NS+N33d11JtFRf?Qh_X_2?&7Tv3uxkBiMF44#I=5)FHi`>*}W zE;qu~(O;5`%F|$aK2J~o+1_OS;*{D&e%^-UeC|RJtV22}nOFM5X{~xw-yg*I>3^g# zEoK!FV<$(Rs#2|-%@7Pp%tGyT5g|p*M}wv zAYMIloVCq|4^5=Za!%6IDsbOw*i3`l-)DnVpAnhjE)ADAm6W24Wukg?PyOamDw&1w zI>_(m4C{QG?4R*6SM1wzbqOK)*&mchFz8GK#dKCL%5_oLl`~M`z1 zkK}&VjtIUuqClQ|F%4NWe@&h<@ZQc9jEKwh;~=(+J3KS|*SimYP1-b)>BwWCJmB+t zT0bx|alVaFJGDGSr`c^Hf`y@_|Az5<5XxK)_(WD>dj0eOgAXl z#Buhof<@BpuAe;e4UYXbSJACmbwqsWA0=Q~|0A}9A(cGnf`elbMN^WS5k< z3-x{CYPt-Np3czd;Aqu?*cBM#>|R>g>$v56oH{ z3ug|nz4)xryJaL$t|(rq>1zgm$x&Z`BW+83&sggow@fm~j-Gk7ZX1mna9$fM+I)dPHV8a?aa=TQ$j{%&=5uwi z8xP2I_m}b=+?(d{npY*gwHA(-Q5j&~y<$eETeer3b<-yOc2j8*Svm{|r@%;KD4@PO zD!T7gOO`!jVs-GvM9NE5X*0W0!m^WlXbaWtWQCAwr4m!X$>EbWqjVeaSkyUf5*#I~ zI@<8Rxu7tIA9#6ru6%m3Xl-xr#?IN6Nq${7HgOcFyu{EA@XlC@sGcgLeH4Qh7FUxZ zT_^wm2F0`iZiQq~Ux&mKr@fHRQg2S*(YlyX$K6l6~r*<_;)uX_x{IoS$obz5xdrk}SZRs=zST#>1+Hbdna% z0fR7Q#O}v&2sL`W?o$~2X}Noy+O|=+y|JD3GVu{+k6gAqs+OpsWTLbZ+}F%4U@bBx)|8E5KGPBXhITPO)UZudP1j`w zuHBKA{=+&n^HxD$cv{YaaQv&(n_bO*iflNPP@rfEPJ2<>Z7b}&T1NW*20&e+XaL}T z2BA#4l;uMIV+!i7eB^ruHTn1ztq__zK~m+VoBUM^~{7pB!DcvoGxD-{%tM-c()HH@fp>?BVb#6US7Vo z_}j*#MMGprg_-2@adKdojr8V)TW}AOb_`h7&en+(GwY*a!v8Kz^;A z2ENIC)Y>vVEt$FZItfoTm`#_`l0r;z9)!wXEs7^C-ao)RG$%|*MH~u!ZAd-2x>Y&5 z^jD^rkcOdoz*byJeG7Npe!x^33Z~DED4cb%jWV@ic3rxVN6-RijK>zwFhdPn;~~4JTlD@ zUD!7hPCh%2jF1>+ifY@yh*u}pk(z8kxM=_<@7sHoC!Kehe*eWBv+lM1D+e3K(^f{k zrjR-Ir<`5N93@|*d2NKRIp32o)tIRPDa@&s z+dAYfS#+OKy}04tLUk8q`KL)GorK6~Qe^S$92;BlYRGg^$9~&2;y6Mwq6wK9RlO1L zhv*FKv@A0!B-(_zOGFyr(u+41e{zirjs*>v>Ev-AT8c0j4OLFKR~C~VP-xL!$}6LU zH;;`aphiCih-W9lXDD5oRacr${uzb*4%!vKfX&hIX3!tn;824Xg%-PeS}L*+gA5#K z?Zy&+MJ#OsC(YmM>ho21tA2U|Br~Vz!8b=9aJQYm+zHp(7em$HT-VUYfr_YU1W@H-DAI$HODIa})a=m{i+-tWHiabsK7H&P&s`DyR`k z5_eXd~G|;Fp+vCBUBKi-7Cx zkscli&V-Z0(EWN2fURKyh^(K0l>i{yh_Vs`%)h?s;DkC9BL%$GVR3hjk<}#_hX$;& z17HMy7&+>e#{+I^#K8$aM${!np_wxyQdI@SKx?ZVXrOJ-OB54T+g>jwrhG{e%gx=G zFr)gK&-Q6r(x%q;(0qIi!kh4axbhH4qkE7>Tau=ET)eAbG7NnVyCsQt!Demu2BP0g zz7?TqPSx$5FKO^1xxNaSem|%5jI+l?9;zcOE@*gQmAHN0*a~NbsN(3f_7}=VYG$PN zQ~QqKX=8wn6RGW`*;yp(-q?ENu>*^lT9psfY?V=8SAC0)yw1J`q(Q99`8}U`@xNb@ z=SJe<=1SEgFYfObMLYu=XIrDK0$U5I^dr8E?ol#w?5G{ipKAaNOwlmFamMI^=M~ zV0_YfkPFT4W2C=C_i`pFgZR+!wrfu$hR<)Sxh*5$YbHQAh4~D1!_n~tjl}~c;2WV) zTzK+2A3k%ak2mb>zamW@u!TG;ZhvIY?BcJuT6JSxVq=vkTBgGh4E6eR$p6LPf7z2E zmJL9N<6!;@Jq8+b@r2|XnPOywFy5JU=ds&ez7Oyy~88nrS(Qkl#;4+ieX z$|90Q7R@ul*X`)}mAlP!hy`IK1waMdTo0xcsK8$&U%WlQ;GeTf{jWeu3z%S)A(rYU za(&NkB`K){OU^^LMA@|LVQM=nkShi*6+U`^nnD}Pow$C_I7O-8AxT<|?9^MomHaQX zbSqJ%RklOpQV?@S))@BsIWc`rL|F?A!$l99C!VnFl+}GI*Wun%v7{D{?J%8 zp75cM=(J-U1#K$fQX&md$w7^4hE9oI(?OacA6{_^_6D zTr;bwEJ>CWX328^>B*YHSn>^q>W{B!nIGG4tDJprJcS%&dH<#FZ-Io6CB}>tJwHE$ zkjuHeP=I8(m~0mnXFD?B-9eS0&|Jz?jXz8NfU7OJXXw!1EAYK?aG?2?4dyCaxcA=) zKwkGRHC)H@`}6H($4}0hx*9eu4P~K-cP|)$u(I6s;~7tE3!ewF1X?<@s6kKA=clMj zi====n;;vO*JIr7>Fxj!ucrE{VhbUQ+3$-IqdDD;j15qdDdnt`A@p0CTmgh{S#ssR zLw-k~eGY#?g>6$ZRS5=0LL8o~Y7VQ7vDR7Ew0YfM#Y@!yyDN%Ea0xT{9nY2b9VK*` z*_?U<50@!56O8>-19*J&e;$RMl2d})DoHON9e2JA_m*pR!}-%OaVwT~;buOb?n6dx zJaXHUCt+Ckw|2Tc1P^HQqVb%NgQ-p!-^xsCxd$+;IXB#IZ0nYxEMPu2liuu@U1Z>^ ziN|KyN78yExE3laU$^4moR7gX1_{g3x*TP))9Jaj1cmEu7RXT8w?-a9%8~<6H|vE{ z(Om-Zt<+G&>@HIvBA=VTddlOZDhR$W^L*{x6iw``X{Uxu+RrbtHi6;#lM?KN%cSdO z5n>7t{^;oZC!fBYq}>ZS9STdBq&lZ|2t5_at28Bi|J)ob1Zv?OiNWJ$<{M6hH%-R$&xhyhDm-gflU)#y^B&h==esQ~;CmK+c zEcyO3K}R*1hDxHPSS|1UgeS2m?Is;?P-R_td*cju$jwbG61%PflMN}B%}QqhYjFgS zW2T{z0}6`WD`F8ok#Df@N>oTd`s{bv7#UAXnw>Acy0&O|buO&#fWeGFz;bOK5%7jK zK0gt-NY}U#W{rP6B@X9+Vlvck;8F4D>pXhg>_-UBqVlkR z+yvpDQk+!&n`0g;ai>}{!rXJi$gfovlFp{*8?r6~+#Lm?o*bLHZI}n>V^hv)B23;m zvqZw!Tlg+p;P>bT{Alh)AGq$=7x+Likd4LMsd>`UGM=#h>4(cy6Haq|iFSE8dl$x( zX3+xU@*J4!l)taPLTL4~%s!2kM8P@0x8@7t*cy=t84H-B?Cu(A3$v$^lt9awmDZ<# z8%5cD4MW^`ejeoJ7t`U^A+a!F{_$dK*tN6NvHG1vvF~ypGY#XTivy@c zZ3gT@>s_Ewzjt0fy6#qChlHevDHtEy&}zWsR)c-V+}JUWk1vzCz24hB-`zhOpx_an z=V}{!SL<@W^VjMW+v{G^x%)g^AhGTz`sTvR=3ijD@;Q`-0m?}Xv_?tlpxLEGMmtwU zlg>!RCrLJ`n__o_V{+f&wu{@~%USRk>1UCyMWAkD^l4P}MU^`rg74;th(y&zL{YJ9^><4E1_YNdp<>!D z?+4m&sQsX_AYSb{NWI?Y6Fh({eOyN5d4nNd_OnjuZ^mK82jG6KC6pA~=$ntKX?}b_ zTngDY!Eo*&8wAsG1ID=_MSoC_GMF~jxbpwIa+)Dn(KV)zqWbfVcX8UVx z4eLbnN{TM$bW*fs`@-~xVVa0l4F|tsQ$^|a@2c!D;e6?Z{=~!2QTESGC~s*{-~aGv z0e~p}PNmOSUC^DDx2NTYf6=+%-zZ=DTn&g~}EZXp$(a8H;=^P_sIDXO}uIB~^A6Wt^@dGCh$Nj=} zFuMI%oxfH;z5cE6bJZOkH4K79_}spNt8>|}JetZt|NOyFhw6hf^_DhInYJ;@k@<=@ z4P-*IFzOK1^J(|S(TMN1W*U*C)WMmVTpZxc7Cw)vS+W#Lt02pSnFVlnB?6^*;m11w zwAcP1m}sK03vr??K3vl2;$M^rdlNv}83~+G|IA~;F0%KMnZIo))pUqJtPbvzau?ZAfeh^Q~ZCY(){T$5DyRttIzZ_^aNV|!^cdWNbH5&?7z*r?-rk^JMns29}T71 zb-atU?3P_pQ81#w#0PBX@JhRXf%@={9{_78azpD|my@}brg^(>??Kg6yQ015px;p2 z4ZCx?od3g@#6Z>h_?3w59ud^@M=~<{vKX10%>PlQzx92el;9r*F#?v$ACz&HS*f!l zc~651^4mw*8$@Vx3k!`%;(*a}5j&sPR1l<8_onjRbSaFKM@PPA;R-fM5((ay{%+kO z5M0Lx)8Uy&@9dh`XhlPmo72#OH*tzGRl9p?j>cwi4G2@p7m)(Ab+da|ILAzc_;Ft% z^4w9oAOb_C!y@(9yi`D_Hct%tw1Lw<+w=`i)cPow&NH-G$auWiuK;A_G1 z>SN2S?o&@w!9*109Z{ax7)Kz6EK5F^P^jPnc6Ye5bhR?{o1lU}i~-v)qP9gxN^;Ef$Qlb_tS_jLV{D zYGngGlu@6BnSq|0qX`C#LukUk?ytAZx;zL72r=$R_<%>TZ|o@e-HfT(S|OkNEs&pe z42uhMT6hC*KkEvM^)ncAnhCg7b&_pYqS8L8i=G>Iz1_Qt5kmc}=dR7w^hSx`VQiohr@J%kvT40NqxJz`Wtb`X9gWced@w z;J00;K|+ns_n)^5-1;3Zr?$g-3m}9bQ!GD{0OIPAdL}jSW$1k=*z$HLX2jrzA#c_M zQA?`++~s-@2dZw}XlAZ`kUk>PoKfOk9YK#I9_-I8ZRlr^TC>;g?uY~ozm*rSvhLTV zpB9&|ps&);F?XSXW09;WyL%$gaD0Ls@p#BI)nO|8s*0HS-xR~r#i8M*>_vkYlM*^q z9_V361-Onwynmy3{|?ZNo*=vE1F_+hoIX+v8@=dvYO*Up_eIJFE@na(>0?zY)g0v) zN4CxM<^nB;$xSF5yW3g#2cl0NMi1%|`m&6Bpze>klXH<3(Em=DJAx-WlV!B}rG8;T zkyn)^FQVS9d^IN6UT1J> zzBfNCiA@zdgS5~OTHRdA3q}E&nM&e{5~{CUTrq7tYc`1SAD5M8%)LnlsQKw)@8a1V z6HYVamumw!Z`}%Ab3K}2r5&Q@11v*6&LK*P7#f`^EYax@G2Gn_bJW|v%(JXG#y)g2 zeg8*#hQT(;4}?2-X=`?;NHAhHSgixldxB1^0Yl1yH3vGcNgCZ0;-wp!Hsz0mb^LMm zxi?EoFAj$*qV}2FVN@+sPGL>$)EhnBa9s}@75>xTH7hX3{&nQ4&xVuXc~kL3WO030 z`o{9%eYY%?+*L{R?kvxo3ucbg%j9&5*cV2G^j4)E#=t8ChI^>3q)gK<=|*JbA|s>g z@{RjMAk5?R)TU_8+bnbyMn(o+In&o=2N&*Ta`27XyJ}knOIjMOkJb!5wbKJ>jx|Y* zhJlYc3>s zY$q9RG08pwhU>l1lo*&mPW3Kd?;o^i-QVxSfD~YNSrKq4RpH|#s6I0w?#v6%tM#Uf zm70u~t=2o8yI8Kv!gWAkm4As!BUxb?RK3Qpoer;;y@8QhCjUQB(oPRfd@A5++3ELm z6`>t&1GP&K+&nzQHMNp!wR#fXGd&qA_tovSgW5}x%ax@<4T<)@))ix1KChSy$4^xF zVrn{@A+kWp|L1CN3|uVW8#XZwcjG>WXiy{z)DAvA|D11$?e@s|R}zO64l5K`YSh62 z7x!MCEu%RpuHV`8QA~%R+vV>-(M&Q5!oiFSw}mL^am}y31GT`HUKCy+qYm9SXEdEo z@_vgh8xU@^k59C^>B?#O-l9#RQ`5)x_Pk2nx#pjVZE8GO6w}-IB|(74jhv%wvlI#w1YOPfe6%6G(R*d}0Z~+v z)N-mS->r)&vSZo%r}5L=T~A9-)vHtmpS@T0C+zalvq$Z>e7RAVCo0QGx|+!LoDwFz$-|}~i4AMp19_dp5I6ite zMbpeo%ShC&h)}R(!38C7Fic|;<_{AED8#QU+aN75RSNe5>kmTAmuAp%&Vat^u~HUq zW1FEIN$q+`=TmE5bEd*pmDAk7`;;J1pat>@2s4eijRus&n-cKw#-qn4G6~ z8<~u>Q8(ZZY2c|xd<7p#YN*RUnKqv)5WkI8H-6sN&veq0|C+SjM9IeI>5g&)%wxrH zDzNj^;R+IV1<7SG_Z&USchs)@@^1hqKbm2UQ@F&weqHFt^D(R>7$QV9(-@^ZT*X%n zgH9U`0ZtusLBT999c1~BV{hx9Ea4{O31KWjqtpnpF-)O-F2aKFa}a!zRS@p|H;;5? z&}5YvZRoA=HY_u#<~W87S(pk~l`3s?h>ATO6%|2dP6w_iRh4UeszA2k3u1}!iP3DM zeO1Zl(AzfsdM7ep&V$~~O-srfNvhl8$cgD$+-B$rpp=N*lYMU{APw+!|4aD`rma}0 zjzRV#E^5zo&CyB~xXFIYvJdL*#8EEYoW^g??yKB33p#}q2N9p)AFiH?&$6q$bM|&T z;WJ#zAH+-dhDROIfTi2f{ywU=%9&k)@YJQ%DAmm0E;!;h=J9vP*cSC$EU{j&;v%|a zkwFIp5#9H6$dC#YsxO@li<*PT!}h;_|Lz}Tt2b|6;yrf6WF$oji;)20hBaWd831l7 zh{iOpkN1AJPEMYIcjr?L5fg2a`nWw~8=L7AmywCgO5>VZuq=PYhSdTkrwbsNOf-@d z)o{0zCz(ax2eA%68X8BmIrP8!I$}C}?!;y!P??}pC3Q~Y)#-E>m_Yy2!0WP^>-+V@ zeu-JF#&eBWV7l*V`qsRW$ z=62KVvB|#UO|tZKaq|&f4~ZioDIUYl%&d8-y3_4-G7ZQ;_p#z@Y&e-_E_F$*v?n)6 z2BuR|e(oa=o2`#-b-7SgBpY@cXA-Cr$Z7NWfcL8a5bG{u)BDZ#3=n`f`11dbr?j1a z8amXT8#t{enwrqHd9@K^{#1Bt9c`E+Hu1i)oPTybBixZG`*<)33&VJ`X5)V-~ zQmR<6qERf3K(}1IWD6084PkQCj=y}aUwUI!Y0g~P8=vscWb=%r43wPuN(rq44GY%G zu-Avu-C;I_awJYg=3@q;zm<@H*^t_X+!yoqdp(_?@S)zo7!&`&uOPR`Dq6vj1+ndot zJmZ%4b>1A>jYa$|Xm85HN##n_)KbcfriPN=jmU}LzCK>|sBr!+iikJEsr;o|ytH!F z7$fd~21CDF?dB)-5_tqK#!6JVmest33v0I5C|934Yik}R?UlXb9c%GQM5=Cw5YQa| zL-3$w^^#r7r7PiL{w19NGsl5mIey$ zkN@iGwekG1h0b@(Hao-x2pyeFm+A_Svl|%RvxiHzj-Gsp{<-~}=}(q!07HuWsk*6{ zS9(+02w+&l$R|5&x_Z&=8KL+3r*?!qw~@obID%9vS~1eMbh4|wz+@dH-T+lUXcs;f z0==_8a4}4fBsJ=w2S1mbd#WAai!Zj8XNjL43WOrxpA2WejWP};WWbIsyBI2QSgUkk zQ~(mm!HJcXrB_QemF&*+nY&Ies{SwJIL@j0Y-~YjZ+!{P71N-4yu4Wb-*`u%j-e?w z_I`J)3GnTut0^-NVqjs{G-9%X1z}={Q*UVCrIkdxqXKjUu4apLlfAp?35HqrR9gsc zPxtrj*zYn9q&+1xop&w??L%HLeh;pZ^kmTBI;0ac;X54@N;vc|YHKWLe%FVH&2DOP zzdA~ytC3ARZ{@RDSa%oug~wx7TmHWM^_)a#dhgNlZReU#30LLs##etV&*-WvW2MOo zSUH{f8(b{Wih+xQuaaf8l#dlv^kdVTt*ZuolP9T?%8;F69>6DF4rgbnd}05E;iuhb z$Uc-u8DTccPfU|C}1v&9r@`1X9A!6trH8$VwpQwoi|7J}wr`yt6FQk|Bjm%UAa}r~L8eac=3| zrs=_kZ)ZGbJjb=66i^0+tQ7N_PuB5SI@p_V`X-yMsGS^h@M<1Cm~+ll(lT5AIR@tf z;k>&cG1Jr~U1;*CA7La4anX^qqRK!LROCaA4dIS=rv?lMp+H-kno2O}X(i+BUQ#Cv zdLem*RatV&k;dQyYKwUt;SV*x55!{3vUxN#_l=$&M^|4*PbrUd6y}E3?xI85oo(Y` z49>@AHIvD|v?YOt!^)=dD2supkfko>aHTf||U*JzqP1P@bzlyT!>F~JtzleIr=t$bITR5DFZBA_4nP6h4W7~Ezv2EM7?M!TI z;$-5EefoLdbG~m~Kl)d#Rd-jdU6=OWGdX-9p7a?=+xn?o`%=+TQ@r=%ahdq*Spqa; zPFC;@ndvf^sx*zXFeS2Y0o2v%`|WC?bJ=YfV0fRe5bn|;YuiXUkFH87tD?}X%fL`+ zuYtsYPu7uUmbuYa*{$}b$SFgSi3Lp}C%Bi{SJFK0jv4HFMn`?=rl{45jd?FJ*n2vi zPiki$gOF?8X~e8#z1ha>4rBdjvh$`HW|#~OH9vN%S!jIn;jYM^+8GMb`s8vk1=j&D zi~B>I4CTNwVA(dkm3R5&9>4+_GU)e5gON4;(F9BMs>X209Kk`p_BD?7{u?(IFwic| z$0*0m!=hg4z6E|6-|pA?4)&2}S3;UxX2|mLXG`z1eSGYE2cMdKlqnfng<&A}Oaw2@ zgpKjrtpH8<8{;*XgL%1s>)%bcHk_qzyE%Ebf65~gIZxv{WK8}d{{)Rt0vk8O(xnOI zSatM}+@Hy7t3d^y6Mumdjv@)gso<|5fEpczD-`!!(9>2RWL$LC{1C%_V7#-iO)+4O0JTWOo|$*>zas{7bbY*Tm$pg%sX5-YJKy(-=<5 z?1FTy8&q^)Lq16Cu-LwFgNPRJdmhpd?I?5|e66FRc)tTqP)LFnoHPJ6?7S<~s9=B@2plru)uIdC5CebKN@Z63|nA zqum}v)1gnklP&v+p#%_;>?AQ>Cs-1~SSg3fN&eSOI@y}iohc_zBF4sbG|4ct^hs3d~Le5IFvcXr{URV{6*79w9rQd-a?V-}wo<{7bd#Cv;rQrz|> z{l!>w$8oxA^+D9@E7~x(%7fByK^!wv!<{NPUF_&myleMwZLvQ7Gh^W^5?jslA#%Ee zEXK}J;oz`VEN?B1+kl`zmUUx+0$P2trJG=8k|mVI6iMohfwXq;N5`^s%7G5)P;NB6 zwz3j#Y!mOH*)zPWnvS %D*!DI~j&n^Tow^Stkz-+YTEO9{lmwRs;o$IZ=aI{<>q1-Wg@gzxPO(kAAFHe@+Qg6(mEl4jN(pb>#u7i1&f(q~qBv!; zPJZ}6Ab#gKimHSJ>Pd2N-T+jI(=ZE1XtiYp1M>kOs@<`oj-DMgZcwGs)2c zSevuWp!dKWm=IUJt)4{I$T!4wqE?uGi#c*xI-|UuiAcy_VeRSy0z9l%+L=QD(VU8T z#VxtJ1}oY{C)!qq4}6}~_Jq~*#iC zwxQi1T5eP0En1844KW355YJ8f4LErbfKB?iRkaDMJl31lmYHiD`d*asM>WH7WE>#w za(s5jyQ4?c>H;ZEaaaVS1_Y$A^+^qybs^Pai*qycD-E-I44hx0nn z@_;#7@ZN|mkr*N);Pg{U-KPV0-Ev=Djj-y-p_#iEEmX%~JGlG7;7(eQp^m<#&>cBZ z>~+nq)-h-U7kH^oBeh}tf<+LHE}<1KXd{K*o?&kjx?3BcMZzg`38k>u(Y-;lv9{#0 zIF%_3qn4%gz@Nd3DIXe8>%8VE=3qc`*5JTr$J0eZIXyj{F~skQhUd+SR*{NAXTYa8 zp+u9JXf4`Kzq&980ah{fTQ*Trrx|EQ&fGjMX@INbW$sfNxI&RD*yp({{~S2f@U5YB zhBKd_1J9@@9c1kReL?}xB3FZ+-L>lctgvz|QVRGbl+Y8NK#1KTh;hPC#DV2)fT2hCd1GPAY&mm!>ju9P6TW?G-|s5ALEfAxWl6Kg zKUt)Vk~{gT;PE*@(f*u1_*!T=GP`Gfthm>ez4K{*H2dgtHVUerc^W=I`M~ANLW}^E zUnh0!>vbsYVL6MsPYPrTB*-@--47{vSagEqr!s$HIj0Oy!FS|@&NbQkx8@Y8;=;gm z=HZ*5?Bp4VYXP6ZC#5AX~$L8?nwl}1%q5sIZTimBe){ALmH6N*Ro z&wnhx(TUFA#S=yS{gtfx4#294q~Q~?kAlg^g0LdD1zdK*WrhEN6Jkb;iw-5tJgJKk};N(t2boHrnZiT$Ng!8czcz4o%cuZjUAzwT|S6)<%& zG%QNw_5PerTJ28Dj;kGz@%(xIoq< zwERGmSC6x@={qby6v3V5_cVJCy=Dfbdz0JpSTcQ~Zo}=#)R1o@kEDBi3p4(|9}CXB zz*$40|ES)2O%e?(+*{}rSdSZ z#@jWeb(dz5+Z`HSD5u<)NhQeaW$p>E${Hz|DYd1n6ycZTiKZoF8V8NrOMfPq{5!aD zCU$-B7RPhB#a~3Q+M4DIZu>PnZi!Fb79^HH>wR9WemlJi>CKSA{7Qo}lZ7PpyUuYb z1GcGAl`xpln1-Rsix7B)67yLHxt2l2Wz}*U0j|Blh{d9zWLLH7qAOl083yZN+g~lt zJ7}pLYH92hh)sHiR#OcAhLW!!%aKK1bQU(khp^~Eyl5+g%hO@8jM$j*oGQ@kLeDq< zb=7t4;rj4zxrTe>nK@}gUYlC@(jf^B&>Q=o!$8%4gsUbeZ`A1t`<-ssvBAM^Tu;dE zU4I_3C;+4C@95(!3qkiQdT2|ZvXW35+ZV{UoB^)-Uz=!IBI|@eU@Q853 z)Zan}i4V>C$vkL1L!vPTCy8!Ylp9D1Nkt?YH+rbO`=1Milj}4LvHB3mL{Db3Ta_jd zXz$bsNO5IUwBu|@_p5SCbELP1%Zifnve2pD_NO{Y0SQlA`*mMN7Be&pWu=U$m+wyI z^H)bI)1~r1R#znT-?G>*V_%r<&zfo;?odlEQ6G=7zHOal3-B|FxLTcbp@;UEEt3&p zXYbjn_7gR+B^@M{dEOc5pv;s33lARkMxo>#egtiMPuF83fh5xsDoE2Ex$j$=13rNP zSGQ!R;$4$XZYBIcX!Kp#1`Tmxm+#h&->SuVOX0!9DAyR*{#8u`{BP)TJH#Ko=*}&x z{|7(bhyEE*s8sZPwqUe_SRK;bEmep3$_mm#djT$<(9E#WU{HN+KT661FopX1$Nup% zC!&pcqaProgsO;W-$=ZlA)1_9#J3iaDqCl9VZi<8!silffIMJ)ES2{H_E59EWjRk|x z&_jz=yroW2^0*YBFiHxOq7@9b-=vTHyXbC1p`{dQh#H0o>NY_CC0e|_NPxKF1wc{- zMK>z}waVi~kF#AItAO?y?9ht+T5l*0JVB#iu|x@!q>8XXEL1e3$M26bm5-{L!3J0o zh=#`YDH`}1#Fj}ql_hLBNk$4IqukXX^$_jz^r0z?-L(j!Xv!ARv6^6k1ZDy zEP4jwg>cPA4pmKeG5?;`Mpq^Swo1q2GZhw}vc>R{xaAolm4PVNhUw1flmW-1N;d!GN! z^gpNiF?&}%OP)k-MLSR9)>7nFXpH-?e&hOP``px>ZbUy#zr=;I{ zI)M3x0EfL8&C^MdBlJ;P$rcGCBjiRnOwzKin`kH8;{7;EX0A6jz?AQ2@W9votl#Z< z->3E7roxq;pmPVd(W?2Nq-5CMmm_2?=Ea``T~BGdO-VI;nm7iR>$9HWj~=0qMMx8o zNT$gnk`=9{)^J-#s62E)a-`x!AWQ4h{bJ|r%uJ^Y^bcsKMxCjF2~Q+kDJ&o@lYI~A zzPy5hvkPDVug=%f`bS~s8gg#x%kvAffjardraEFDHf+6Y@MP%!?9r!c-eC>ok(hvVkY{~fuAqx@kXD3Q;U3YX!JF* z`-hRy#Q}%2WuWFJ*vkL=IQI*3*V{9k2s)_G{fBiqJi=F`H^ESxe@%iP6j4S;>l`Q* zT;PYGu@Gb?o1EdBqLtIs!}Z_gqEjGS!`&zhGhV8zXZW+8$g05G9abU+iw@;ax1?N} zn&8Ew@lAHf6-~MoYZ5!nQfPJrGn>|iG-@1q5B_Yppn@}lrJ4Ij&UCS!j%6NN_`=6JnziI;f z&TU)cvAneR)r!qe8?|tX4FRG~P)wwaJO{^WXB# z=}RTn>)KhNP`;~^xj1hhb6+EhG2>N-wlqe4sfViAUp57yt5G()DF%(yTY>IuW#4uC zfth}8ix2?j?Kmxhzv1mj)Jfa{21yB#kU*^qgalwzU|)$no`pIL=GIBI(3`yFJAH3c z`zx$5V!OPy zNzN~W$>P0c>n$Xkn+WFq!bhxh2JI{T1fu!ITQqe+e}u&UHC;%C8y%nSDB|n`G*_lg z4W7G7iWXrFQ|3yFO(fmbLgfZ?!I%d*$(h-mIB?<^kNcj7c-hmBapC#MM`Ae^a>yBP zq>w%Et5Z1AbrFcz_(*vpwkZ%j`uk<8!|yWy6&SD+eOM8|`@@>XA%h8-6k{Gl|a}|?ZasEze zxaIjhe^Al?oZf&Vf_W|ZSfBko1uc(3`<2bNI-`z0y6<$1F8)*3|2=JkVF+As>eP2Y zejYV8sfVVp6MZ;EJ*jwlRt`D5$Y29yY6Ee;_d{lb=?{awkMl!eW*<|4MRIl2wS%i2 z@p3J>Uz52x`qFLMB}821l?DGV!T9et6q5Z$_FnRrQ7e8Me!o1JkC%C~s+5>FZ<_&h zidP@O)DFDQpA!r+7@Y!7M8k9Hks8qjx8`xtQ+n)X6Ds;`URT<>eN{MCq9Op%sZ^QR zZxKsw;mETfXv{N_M`;tnVsRt*>{vAF<4T%gB3o2F9L~X-5GSFMN!ga9{nuhY0jy2q z$hO_k!Pk^xg}7;=ze{U>O*GHV-)Z4(H@_?ERF66VRAdYOKE!)Y`$IzVRWoLXh0$w; zn*dOn!wr{c^U*Y*Bw=>$#eFodnJPjq67cb|b8*Zm&*|rtVOS5!9B|c z>{>hT$&yNuHaQ0gQJ1m*%c}khKIeSAnyaZSV{c;()7o};FR&xq9mvMPw)F?E8}l6E zFee(kg0KKo@q&83McFEBD24^K^{d`rVDM3Z!n_a9Juo3zTS>_)dch7&(^Y9z+Ry^< zUmlBgYL{+!|ESx07}P2ocxaj!jP&!2AqZ4tiy`~nEA*vPXr=>Y1EOOIZOLVYj7ag` zO%z1LL)FR0NYz5;(>wa?>wrA)%w)uNB!L800Wp?fvw znq6MK=FMR#8{~8A28ADLm=7gxV930>^9fO+#swPl5_a~SWlts#7BBJmIRDZ$bYiR% zhA^LcdwHVt&=zMj_HCO^TafYX9e$)m*5Co1t$b(#0oD5W#r3e}X#NwUu9CSXy8XsF zLA0wQ4cl53yp7ye1zOz+d~tDNL6Lk~#8sE1$v^uLuozmD@c%v!jzjr4kQ_X-@@h>< z(e48%GDxQ}RFkRuy4DKCp}WPK?!WM%99 z2}n>cvE#0DphnnlKwgg3Px*3|@zl`Tnw&%wI7yLrcD8H#6?tvLPS#VFk7LKKQ82h# zAa@XqX;x&~{@veCIo)e71xZWO0t+qH_II-DBwhLO95$^@_{W z3G&kPfKihPb~r@n^t4iO3Plbm&p+drFh7>Plk2Cmhx?;hFKJ|GatF-(F#r&wl?b62X6u5a4k{VQN`sVw0b%R=JhX0|D7KP9DI4@5J>Q zM`jO?mt9lR4If?Cb`|h8;E+-_UpgA?Uw=P`B#@JaA`~G#u6x|eN=ut?>w^{J(hcH_ z0!bE3bVWg3HaPQgoZfC9NX}&8D3bBz8dI8=QFUg1R{AZ2MZxvTN=^C{X*O<<+m~(m zg^^>+_P;6nI-MS;lPdwa8Rfo6w;s^wVyX&9HEgGa${O0RVIn`XHbt$&Q+uq4%a*_L z$QG|p*!HVMVChlu#QKtR4hcVhXmVDV-XE@O!@eyP93}f(ja`Yd9=6 z1~bYdp0Td0a%`p9%ddi#{sA3u<~CZj*SoQ?NG$a!tijFl^`GO0i#3Mr!qo@XRi^re zP=zT-wGV02!Hyo4km%f#QEk*Aw}060=OQpkdo z*de;ldv)n4oN@NJUpjn-!Co_EvPo#%^t6XPSAA%GhdOgTGb%UZ#&QKKq>x2YciHyw z)MDFAymF1L-}ePEt|!;9egu{5B}OFDUih&L8H(-kbk3;64);CgVbfjF8$=shYk0Nq>k~fh_rBc5)k|TPb%4P_8%#4%vxtt)FQM1zbM|k!ZO8Y`cEy+6@WKIgBFA;c z@6a6NWNyJ!sI{*BuUXmy)Ke1rJm?$Yjb|b5TGRgog7jUE)SZTZvOa>O$cYKw*vVhE9>n#1^<4jkL3Y#?Y?h597V339=k&`sb?4@jw2@Lu zefNFbS_f_RI`nv6Zg7mXG#T0|VGm?`O3~F__jbJ;-l9{@SVK+(lpI@Fs?h1@^3CVh z_q{IneLim5FaBfC5wgSwQOl;ZnRK{kRh9IjDFy7zLW5Gwj`rPEez74rX!QBK>=S>? zD+s=xdM8H5jdjN@lNo^|TJJzK4d6hK1l&H_E>z%9$QVu(GL(nMRKosLnF9u1f2FOL z6|ja*9dwutQW3m&C#dzPM6mDz)mQr%CsiUjQkrFS4 zP_&d28Fx~z`8O{+o&LCn5YiE+KKX@)g9fbprarrxwKhaJs@P=mbglebMM8ab39_kx z4&|qel&uoKd*G!|b0a;7T1Nb7uf7U0!lc`q$YY>i$547{iXhY`qV;R7 zH&GEgnx%BJ@hpE|A54@(9h=UZqAz}uTfcf1_SUF|5}j}BmbDvySRn)yfyiv;5$E$w z5`3iFFVKyH6LmImROIm{l5p}IOintK@Da7%mnA3?$X_N`j%W@bx;3xxZ}CJoPmEeR zB-hE7Gp5^!3vx`)Q1aF!=2n{Nald-4Pm|PV;>_c18I|YNggf^za<0*F)P~4Lkmptp z^))RiN0Y`GGIDhS_I&dTKW~BZPh7@22$6$3{ZT1@j=F~chu`9Y=D@$iadah(`^_4z zRM3*oo9-x65ZO2==1W&r4VmImqe)FykmGHQj3xTcs(Av|BL>D|=@F$_nOQPqmt zM<<7#Z@!YBZA!NIwa;y)GU%Ewi}gmE!bh{MHkPED@0O%-G&g3rj0EWDPf?uTRtqs$ zA-F8NR;E#veznKbg-ph8>F?=Fd}0L1Y=`c?)z7OQAjphs>jl4<*{Ji5==ZOk!bB;% zmEe7g({VY)8>PX@9f_kcoL6v$rFthTFbPAUb?4UfwGvaLG$SqUR(5jwo`h9dk1aaK z%t+!JL685%n?!wji0P{wWud8@pr}r5a!F0gBaOXMSi4}c{TH@Kndg^g?nHVdw% zSX+9>3kGT9v#oe>qYMJtB`c66UALyTj)wtJDINV2eIF$Z+@#SD(LI>X)U)i6@eRWy zDEbwoOna%&oWEMz$AGzc3$8d8wOZ%vYUU+R=rOa0d&Xxe{*xxT5u5dOHF>i=~h0*`NmlmtE!Q4$oM`8RQh&;N?&15 zE3Mj^kzKOHH0V$d4r+IwNz!uqgs`%*CCThRQqeSmYNBv~truOehSKfzR~!U=dJ>+! zE32atO6P69eXgG=#$qY6`l2u0t{Z>%&fRkYi?XLLi8c}oz_p#7wSjvh(U8VJPSW9- zMaem5r)LrZ|4h--kC%Us-@gwFb{MU*Q4o4LR8c{YlpHZJ#(>MRs@LvuxZBF%Q_to1 zoXCvFrH+!aR~o#DrTI@a8nhDgyW-D{7@2x$33lN3XkBv?8*sOzug|tV_@d;H%(9*{=7ndx`k8Zb^o(tS>e)rND98rMd9AA)N^-E1w zTQ<-x)C36}C;D~2?C#iI1%Y_6R-GSy<`+nGQqPQ)nqlAX>rH5@$9XjZnOq7g2t$~e zt40e|KfRh`q<#{lFvV@M*IeWQ6C2`&v-kiOp(W6BXod>Xg$VNUve>R){{}scT%RlZ@Je}RV4I7; zjKGww#81T2IBfjcH^(cZjUv4%pMcYhmf*0?4T%ZKFtn*G`8bsjI(&Ea%`N!HT)%(L z<%SMtp!(9!6^{6D@%IOrC1!yYiW`WieC_w;eIZ8D0bJ2W3;dPaRT&V^(84UutO(|+ zUaMo~Q;q9w!EFYIWQ}Ga>HqvIlJN37v0mT%3WX)8O3-cH-eB{e zn$hhb?{K@coigvPs-a~X#ON3=hxK1QQN%I6@M-taHZ(_Bi*5F+`tUn4e{!BfUV5?l z=&kfEs#S3PRX`9Z@AQQN*+Z8Ss1&ceniX9OJH<4Q_dR(;2pZ&Lm@L{YdF2&8urKX? zA~o(f%O&!Y#JTrQZ-YkJ-`y!Tz=y)`O{-Q*RJnfN7 z&xPh9nK`m&2vEvKIBxYlewCKj(+W47@I-`#!~)yC$p}h-?sRPuDI#=GXZMR6R#!cVjZGH7J61)|aQ*YqD8#z+JQ0uQ=z0+HYl3!D<>%Wbq zMhbbX)!a|aZV*{{dnA0o+7X|(#9$q0+*SQ?^pBVRzzDiarTf;|E)qWtN|*u9NM(t9 zb>IC8p~c8f6#&(*rTs!D*$s=vhVWXl>KsWHv?cd0jl&$BzHa$YS2lvtQ46e?lvbv( z2h!&a-%uj@(YA;GL{X2Qs%pgr%)Zr=!L~gbb(=CvFTvr`-LK}b2n8GvHH)Axq_G85IgR(U+5M0*PhG%9pOI*fU~J-@Sa8T7;%}FFVFoRmb2zB;CTZ zI?xFvbkc)mZfk{e;%}Q#vZ4RTFK@SWgnN56_PTylTv*piZMrgDZ!~wcRp{uI7XAkR7R7;H<-bCMspj}0VT>ys&5a** z%HvB&@?yo1hR{|cNSC0Z;%HaVk7~9NB)y`!V{3T|E(jcZhB&~Fh6KcA_ejWJw!$RY zOYhk_IceATNbG+jiFC7fBWc|&p29SzHdNgMxTxQDf|AZhfcZcL5fm0X#gjth}tOyqvN-1;s$o=V#*q9ld6PmeU>`TkJ`~#K+!H7-$-h zo{?dw_~#FDx?W(aR4IZm$P9J%s1hh0&b=H@pQN@9!qwE>MNmTzIa(zH%!%FmlmDdh zBs4Va_~aOzA3>-YbQ8N~*|a3fOW%oo`c;+Inger4`9PLD|MY(Y$IF0;;x~?76I*Z} z)nz{=I}++$W5;uI3aG@xH=n& z(aaMjKd((+tQAO)_&)%T_z<|7bO!1^eJj#Wtc*%tLR=dgi^G&u$YsCD&T%N106ng@ zcx+TrURDDAdLCEHU!rf3=5=*7^~Ty4%c-@yj7r{G*UW?5;#+(8 zum%PmGa#?gA2pRYu>J}3--DjOLEK-4am~|Fu_>}#14|{sma0n0Z>5-)RItW)GjU8-LbSfx z^M4tN0N@?Xx5C~ZuMZ$P^T+ep-W)c-3OvL%9U&|6%(H#=$Y5EP+_q&0azuI`(=JY!yevi797~5?}@@R_B+nTyro}6_G zRFC%7&96;DU*aod3RO+;O=S{8RUe;B=QW+dzSec7^VF&_!F`Q38#E&H_lXp(_&S~I zC39}cH>}yZ*>Vb1Yrs9f=Qh+-v}xboU6hSm=H@9=OKoAz)|zlT&7J(d_MZ#zX}#m? zmytVoOmOHe3+4XX_p`w!O_*r|qk)N(w%dNcNzkP6FqPsbYVtQS>6~Xhu-j^wCQ&G( z=EBArnnC0$rRg{r6XTO)QS~tSaglCs7LjnJS*V{Hnni>uK)Wn&l4(So_CLNtm$r~Z zNADIH>lj(v1Lk*8rL<05=OkKWrLu>psi0-uS&;?9vkIUgXGu}z?!@fG?9e^3y~f-4 zsFTigixt^b;Gvb@an+8I7fNoe^v7#+9$+Md{Y<8>%)oE(hCd?BkYA?F zDB+{4%ZzzogZ#F-^Llc6HEC*kKVL+p_5~(G!Kd5wz&7b*xtVF;J^6?k2vnjD+h;~@ zxp)esne5!8QSouRynig;pO5c=A;6qry>M$q#VQL<~OyV;JLdRUBfA z-IT;5;Y;<7{+5xt(Q_>SXb1tq3EWcqDMVy4VOldK_ghsws_nkFovwG4!n|qfv^*Q$ z4E0Xzx53^vMt!riaj1G!8l@5i>ax71Fc@;kzn zunTV8==TNJ64r?jY~>eLGmb9Q*a{LZ4Vht^N*=T741WVlN``jLZlEpBlzIWv&*rXNEGGX86XUM(+#`%rJLripZ zCB(3`YQ=_(n!WdIqyrVo8y0UNtFGayMatnt6?lDbC;!tutVDw$=457je9q)w3l;24 zX`>-$%}GXL4kGe~E?xb;r4o`X?WsiR8A6iox7NG10Z1WVtMYZFHzm*^t6N2+3(9BkT(_Fxb0i=`+XV0xmP<6)`(+VwJbZ zGUs!1>wRdAE^aW41Bu#BZB5aVLfWwtTA*Tof5xKiHjbvbA*IvnM{}yc?g#e#^!2e0 zStfNqBX(K>%TUKE7(DppR0=F>B_~gnWTI}dR9HzuFiYE@O$$pTTbe+nLikUPFtx3KYi)J_N`=7>FJPbfG8AF4{PQ}1 z8yjJe9Xll8ksoUL-rK6lprIdzbO_oey>$Ujr6QEZs-5v~Oo|?tv=vW21{Hbh6ypL` zU(J=$d%?}7)%*{rIpqavn?$WoFB``0L?sgqvk0fG6Au!k)>tPH_qSc~4gIq0G4Cj= z;*z8*7JZ&b70b#v6Tj)JJ=6EP9~?ej4aGb!CRGI^?f&1qX&NB}gws^C%M8|@lfar* z9R*+}m0#J72urxV${j|IVvWJtA&nv7}wBX zkmZzEoNcCB|Az3W{RE$+pFq%BpKv5K51mIe2B#Ztyf2)Qq!-0)fAh(C`L@b|Uqk6A zV?ohp2+&(|Ny1mSA>{H5;`3fmoqIUC9EiKIUMW6GGD&QH4U4$yhnuTXkO!8S->Kp@ z#?utM4c-q|G#Kx$s;*&iO;8=j$s)f@7Q?Vw8zhYd&v*X~5B3|`$9H`l6Z%Ab$~(pw z;lC%5$o)Frec!b2{S0*^kD99M{mhh5w%^P)?;N8{0Gtwk-R>H(M{M{+akfSTvzIsi zIOe-}yqS9su^5@V+v)iZ0-VXVwMjUY;ZtAuGLtl+DzJm(t;; zRBwAvg6}W0Ux%*`=QtwmnB&3spxXMs()j6I|7%nyB1tKhU+DAsje3}lv!YtJ@A(~m zM~9=(y|(9L{z*uLhjqc6L5&T6#MUhv!Ek=d0SA20M$|DPhi(wGp2_$7cnXAJZy*fA zJNAxNzZUX2$#L(b(E4=(l7>x&*OC}?PMo+%o>Y6sn9T*yVwE$B8>CkH|Ipp_aVA4_ zFrBbKo5_1Wl#o@=povma4hCU61M{>n`iO0=JClCzA-y;HkjXU&?LSAb^=YG2gqMGd2Uy)50lCZTY(2Ve(h2ECFj& z|6YSiZDQjM`Li-3dR(qE5o_<^0{8@vRMsJ_z3S(GvnBm?^`*~($1r;jzw{CJCx+wz zzR@k+*D#1(9=}BSv>i_z`b! ze!!=%K&*SP19-QDt?%lq*ega&yFn7O)#=E&&Oe5tvbby+zp5TgVv{zLEY5<42KG6# zkV&sKo%JR_|d`}Pw#wz!- zz0;(sZLoYBw{*QL$`1F3X;JVaG@6DkQ8cdIf3&!@K8f8w)ZSZqc`sZ4sl$`GSs`Bv zK5`E(TRd>LzY=7Vyo@m8ZyUTjRWl^eQ2naDtwRWyXVr6j4h52P$hZcc`boW?95Es? zuKO`Egp>iAzJDvF=bPY>GsKw?8H`a)CDlAZhK)8MZ|zEw3Q~drX5}3Qb2FaVZWkRw zyG6$KSxZ2G&As;XzUal$Aa_PFah4u3V5HNdS_PrCR#_#EEhTD`OG&TnZWxyE znkg9&B~N1^!iBgwhfWb{OonN|OasMp_f>Me;GL)sl|*#I3#5qZ5sD(!G&permj=rm zWFaEx!XG)Od`cL-E?1A=yreGghVO+^gu3FeZz*2Fqq$!wQk2Skd~yBOZcBm$?!vq8 z5d_CKd=t^v{V0-T>K=VQ!4{)1)kb+W&i3}PSi;&}R#xDRl{md7J2a}IZ+~!({5m1% zsdY4*`$yv^KH@CfoNkoTZp5=9TFdQpl~}cERE%h1`>{bnT`d(C1gR8tG{Nce914Y- z%`&$!VDzr18zXSVr=KaYFsInac0u<_si7_?yo-RAW9P*z5&EERF&NOtp?q&4^)^=0pq+}W#K3M}j98?)u)km$<@)lU zNd}TIP=qnWv{o93ZBTsb0A&3{u7L6_nh>7!_bEyoa3h*SZDNPAefAxGW; zSQg~vLOtn-OOI^--k)L?0kA8Vf-XP|wl9!-Z>R5vfS@9q^$e3Kc%mb%x13u2-$ni< z*~l@F36$v$kt4&INcIk7D|~t*8$gjk1(ugtz)4;~lH7 zw!N=A`hZrrEH>7@Y&4V^O6HDL0ttzJS(1v11}zXY4kySdj1i!_Q%URA$%wy+z(k{sU2sLDQi+TGJ1ZCKR(4pu+$y z=q&K1XhK}OGt`#34U&drOsAP`VYC3M*tD?mdJuaaEUa=t{`tuDF-t}!xwPPy&gHqj z)}`@hfJm%S3;4QiCXf5*^*1>xMT4zDFj3WGqBwA3)ED!Eo$m4Sd^fg#B7O#R0f=~= zl(_gXjl~qslAJ#_*UhTg_ryIkb=jtI^a%BE@ehoDG@YU>44^wbk1ofn;hcwRTMqj- zoORRgl2<~-y`_Fu232Il`AeD|eRSMtu2BL)n5xTxCS{n*kBXb3ZB*MTUn+0tdC^Lx zd^Qh{v!DS`DV3kfn;)TiBo6oPQNUd6`I`Y;x3&~nuY_}6PMyFibB!}bK!IxC}%QJQW|Km)r zG)uD?qUKZ-aQ4WUM-(S>o*>c-4sfs>eGNQ9y?x&$wGMOVJB1U1hY_@U4D=#qe1=fP z3sGFzGY;hKDdT?8yXb&I0G0Ua2893*@C zUZhycFzI{+Hw->LBIHH^Ni%e7J*1~?Z{6TBP8&FyWru~2%XY%KcF<5jNZNfOcI1dCXJXAv{_eTG29xTZlHo^%u> z$%4~kD;=PS?i4Xw&u2g?2g6RMYkdJ}{;rH}bu$GY-@mhO5DeOT`O5tT@GssEQ<^hM zh!Z&MBK?hdMo~Nvj&b=kF~JscA!2soHheI7JRnYl`9-%)WcB-!F%Iyl`q@44@#4FA zV!iXl2fc|yNan057pv%9&v)n{rk=zK7Lc`+Jc$*dU+bF#sLQ2~dr>lkwYe%MJ;{QP zzl-BnI6_=jPQauYT9aT+?)Lro9hxG`c5;Gkx7+*sd_|kskKZ0|A*l;-y_#GOFkBYR z&MA1j=F(_^TufSDjWLc+btm^LX_#@H*IWW0N) zG!cwFH6nuzO4g==x$fi?VKwuC0krOV>It@~_aGig$&aN5;*=1aLe{sLHjvK3<;JG8 z)`}h(zT_N&r_v3_I@OgElWko*y0p-Pa^+~H^ZZl`KRylW!O~{iHFc5HddJ<#ExK6+ z%BYXpPn?v-MnG8&0#p$x=NSJ9O{UfRz6i3nnyIP@y8(=Tlk~&}cZ^C?I^3VD)+xGa z(W1;`8*5Gy66bNes`J}*=yXqUpWnA7!^Y;R^CURH!Fbn{#vLJH`1bBjx08YByDO&b z3~m7|Uqcnw^%*)Tt1&Up#9Z6(4XCx>YpL(@Ic|o5Tk`Fjt-Kw>SyxrT7DQY>_?Y$; zu+h8u)ZbUo$YV3JViiHD_7MpR!xtzOK1bu`ODj1T`%N6#QOC>iigByO!MkOKAqFlO->M(?K$f5nxp0$fDD=x{DNM}kDG5q5hEJM$k23hVkES{o5)}8z%NzIo z87b=htPI`EFk#9(wdpNT0wp1$6mXySVVOma2vlg~8kRg#3W~}w3`~$xe_`95;CY9t zXwfe7je#tkoh!5B)*9y%6b5r>|ITL2>cU|IC-U0Us-oC$qu?&;o}V6o8|Fu|*7Ls7 zle5}BxfDwu-Ld%}qVq3v`zjN0t-ksLN03iKyr=DrWzjqAwT#x2LjiUr3&xDwdd{}Y zXJHSuM4KNsYZ}>)SD1@{$%aQN7)Z&unw8mLz7ZRg<$k)+fQ9slnzt8X*Z?h&aExys z0W&WJn}yJ+*l?@GQOSKA86U zQl6!cUz&2JhkSvzsvM%}>i26Ds-1QPkwSt&NbVD>N-vA|D4=GC;yGRK=1kfQ zQV@ng#@w3DtRE%-%g}u>Z>+p(l4;gXP5U_%-r5(>(DZF}5_ZRbmTp1Ml*+;gi&FU2 z+59GBO7e!(OR{b_?!0P5vg;*W<$wNIB*KH`LbH!$Sx&i3d9A?=Qg*b}inyh37G^Y1 z;+(W%e=kR23ctlcFAEX>g9#U6qqiR2%BJj9nrfTbhDeu6u;&OnlyAWp5IjbG;q`cr z+t?u|XN8#r&A^;&fNkWIx;g_9+P#r5*mxdcDa0u)b_wn1`>QirWmB^J z^xbW&+UDLHKFXBo?f+2qmSJsmVYe>sQk>%MR@~j)y|}x(l;Tj_9g4fVq{ZEeySo!S zz{&fav-jCM`H{c5va;ryb39|*!wbg3uzgmHs;p!6j^x~PSJykx%U3O$W<|KA;$SER4}s`z?R} zC8qocOAhp#UDZg4l*B{qYkTib{SC1+&Q^v?HK}MjP|&a&<0oyS-P7O;fSXuR1PY7vx*CdF0f)ENxn2c>q=izuY#{vC-F?@y zB22nRrs>PoQ>{o5yDp7+;m8xdS+4%k>&wVo{}ETsxEcyEa@Q>BVPMpM@xtPGL@$+M znZm!O=o=+UUtP}ac-ur?GYeo2_&e8W$#U2oL2s36M1&cf>=FPZg#+w)BCKbLME(Wf zedvHzpZRN_Tb-O+g?jeh<;qC~+eE-;)fL@t4l^YA-T))Vir+z;FdlyS*w&{_u>_B4 z5i=p6gZYBio1drUJ4a;;McQpkuHxLn{OsR^rOOoxWPh2@sbcrQ{B>Ll)tQW3L7p3* zNB$=woSoJCX>&9kN^2$Hm8PVUk9*>ed$)Tqh<`9HD<;>8%mFkl?dsXfJoc_L6#dg1 zsbZBs75F+;%PHGBFf*rbU9OyvaQlxyMmLc-yu?^PKf}wxBFtSwq?46N4Bs9afj9c@};e z-RQ78;+G&S{21|QG@aq0S9$1=R!k8T>T~|Gc`f|yYrAoaa}qHl2%m4gl5KGj+OMhrZC z>UCb#E5FmorRD1bl=f>b?<)>2BT8wX-u&X;g4@1-1JHBiT~+Cq5674EU8t6!8|oVc zwKZ^Z^7>faVcUK(*>}6uS^ncTa{1Bl7a|F5WEI$B?j*pg< zO1)ii!6uhEw7_12MJf^m;sJb20X{FUKZXDZbC_R$i9v!6Xhl9I03cStQ!hG3K?@{J zRaSyw=PT~O+&1WFJMdv~xghxCaAl?A{@j=9Kb_Bif8BYeK!8U`hzqRNrHmx}D^Yio zjY&Hux-J6axE9PNMd!R;?n>J-0-Lg^DlF~&Z})tC`prCpjH)8hNt;kOzu%cN$Bdqy zo`Q#_c_P7Ea}t=CxY?I-x4JNgvooIMi?-Tt-P@m#+@(J<$*+6go*Zqg1>V5kmYwVO z-cPV^<~1ZMgQ^3#sIv{40)NZq830+To5w5Id*lzUa-_O_2Dij*b-Euf2j3GexB(c( zAgk)hYf6~sl~?=EprO*Dp=w#_T?-4S$th1c--Y%rPz_dI6aQF z57)%I{qyo1SaTcfMa~<7C2Me}syK5LG{SW?oA~7%kyq|dm2|1Gbn|hipiPv5 zF*!n^8wZbnHaL92kLVvoi|ZxlfA+s8!H1GSMRV0)An!_X%2jP02n?(D?~7KNruEoL zcN@Q;a%bD5AVUURX@kuoF^CubL))v69Wu{_A}C+?V#Xw&k}Db4Y;Em^qP%vb&ddXa ze1SyFH=?;>_^Ah^oFpAW-j~7rSP~Pk;vo$t&TEfFx3nVN8yg89d?LX2wgRMtW!9#^ z^y@>ihaB7gCgW>1LIO|dj+y%i*PeeLc<+KzT%A}y!+mVX)*`-bj^=yg^bJ&FjgvOP zXN4-23p7s%E|XbA&YBp|MW0>a*0yVXG4#P^``geuIsQ|kHKz51fIQh7@~8yUN5Rf) zX)GDLOmeQJfn7@OoKst-cq_gk?0XuI`K%aF6tiklT%|KoJ0-8WG8Gb~b(Dp*c(Lqe z+)5MQk=zt#E+%zDs)^i~Vi>w8zP2i5b#yj$Gbnsec0E-)lMDfRLN7D(k9aJ1J~xEK zv>e=CFJ^sDR@+32a#Ht-Ab08Ya2fzi6H`Wxx*QbTQn{k~ixL zJC1Bf?;k)m+jzBYcQ-by$Xumurx$r6Mczdf-GBnoyWhLkK}k+rK`|g%NZ%)c*fP` z2GD!N;AYBdG?Bx}y|e6ZZ1q8YM~G>tKKKu-pvgTfoT4bm?F;9eaxO(iE9}2HnFl!$PJz)n=s>ui zksixDQ0L~KvT2XC!jEMevsBwdBMu?a9vi;`a}GK!tGppr*8ISh25b3X#mYGf@IR4} zb%`A4^{}{(C1Y*)XolSrYp0|N+@Po^hW~uZ8DKZxG|x6uJ=6PDw+QH>S7eRmU91>E zm0TUCk--I<-VwPe9|Q34A$r3O0!~}UBZQw^EVkFb-;8V)HHZ6(+`-AQPC7}z#64KL znW(Ke^=p%MDPC1hy+6zl*fsDC-fW%A-dwXAjXGDG=$o}k!#j>BsT`g4@imA9T^Vil zA6KwiHbSZ4&q!0rw?FWI+*##E+KF_hw$B?s`&(R=gF_t6n+inU{x-*+2fJY3#sO2H za6fxP=R^Dx-;Se_@ooxj{nude3teODR^L-l%UE=D3{=;uEglwJQC+lzN(zLuHsbsK z83Sv{!CkWkR!aE@71ipEJ^`+T6rlhY2Fq+j?1XyceDa|=Mq$tIJx^(7K}G$q5%e+vW@TrN0XKpPQP)`xte?-y@$3L0Hqdxi4aTYH>*oC`i>Lrq#J-) z({lsig-DkCmnGIiO^RzXUI;ci7EM7hj5;p= zFh)AeqW5F^ZqRi2G-`MCa)0c$>R+DlN}cRSq{mp6mZndHo z@*>FuCfCEsUTTuE<;D$GL`O$kMtY#c9FHck$I9xsQ-#d<;Rm(EhJ*#hBo1UWn?w_Z zN;Iuu8d}H#HZDr$HKs9(xIW4%rXzwPG2e*)j~q9w*3-^6)jh_5(bDhf4zC6;DHjzW z+uNcb)(8JnAZBZ@O&}g|e#>XB#|Qp~f8@M+59KMkd9qf6#!CmvJ2ruUsgwJI?!W<& zI)!b4?2HXgh(!V(+2TZ$MVcELjR~y$4S=nLgWuibb;%%u#i(cWfqp_E;070kQaR^@ zyO~-SIl^6|Uqq8hfX}7Z^SsSAJ^D|vOhUAU^|a!Em3jl8V`V~38U;S~S|TpHE_%tx zXr*C4f|N?adDiN-JT(8oW2&>h(`R)~%Br#MEoFKB1vk!zeDS@^=*K`OU(Fc#(ZSJTXaqjbT8wsc48G#}RH~ z-jb*8y|$2iI)kakU$zpT{yV*7xP?9#`dSY8lC17Z8-*i@wmBC~V9N5JBFwho=J=(_ zmuBWVOaP8xUj|YFbehO2ik-jBe?Na~@Ch*ffB*bFwjkS#@0o+*FA0dq_H9cwf*u@W6f!0SW8qStMFiJ7tv)JNST}KEVCG;3H<}h@B!_LYen9`tfRg-X7FVqJ?l!-c z*n`0f5mYnwqUHtV@}g}1`=T(RiKrnY@Dn5mA@o*NA0uL4epB>aEzjk@<72m8F7R=d zWx_S=scS2M$QRJa`!B&8_~vgShKFwxz8zsqn;`;&0pF0+8MV+-JuVGbq{yj;7;O+Z zvbxc$gZ0%7MT4Gqq%{xX05lS&PT9h((Y-fthosI_MYA<#jlv${1&B{8^&Q5ex zmPC}SDGwh*Aq6Kil&U3ez2dt1L*J?*h|S0T=Z@9^2~1eL5j}23r<*K1I>xCEgamUQ z5UVY7WxSse*d!fZf^BT|?f8e`FNMOy-Zha16vf9I$KTBzj!{r`HQ0U>j$@@ktYiI3 zPi5~59~M}~UFgo7!Tj5XH~lgPXKt4J*XL8D?`4SP^SFN-Q~jC;RBx5ai8km3-C{=r zn!gJ3@4G>6?Ho&2)B`f}(iYx{js`hfW=+H#?aY3u*rO%r`?e*vL{AEGZ|5kkjfHUD zqWTaP9y{L09Fx#gErBe~@v#-w(iNDW^q&ohj0yato7<{pjz_SeYZ+rR+T^wl9-5#c z(13(QaRL|i7*;}=n^kT@g%A4ntxdS8YI2p-sEy-&3YD!PN9x9yG!Z=`UDq*}-_D(( z&i%3(wGYB^hTxaj?cUB+mYer6l%AK7~5e6&zOOL#QSl#hy+56eWpBk;L} zkZZ5)$FMGw5{D@dRf|WD-nmatp7~v1uc^*>b>}sCFS@iJVEss^p@40#plq=>{xTM8ue3|;00oe!uFXI=$o*dLrMMrUV)n`YY_Z2Xy=5C5|4FNvp%~56#KsIE9ma>rY2B9n~SR{VgRK1-M5bD?uv z|J87x%K0lko*aE5YbD#X2!$JN5NXH(@4c|dveEDDF|S;ufSH+@g_%Xz4|sAv128E% zzkGjFQ^z75jAiwzPH^a3tDm#u{&$5|Y14FzoK~zM7V!y@*Bfn@A^f#0auH!ecUGZ5)9(57NRj_#gof6kAX?Cwg};Y#>K)7y?JPj zNq@)Cv&_Jghqkz(GpKfi&FZO{UZ5NEbD45?N86jhZu|bYwBg|l9BUgg_?nEQ#dVAq zpc*;gRe@IH83|p}L0B+Gr;>RPw>;e$Y#v0$v3HVWV!KHPa9UO)PU7a=kQgaUu2{g!vqaD9N4a% z`8NpI4u+h3{1w^AwgG@5$xHwKtZMEJW?bW8lkPqS=VZ$6!F>%o;EUn)nAy) z^MXDdUU*P__NJ%^7ZKy8!Ct4a{Yy$Lq_^gjCBbE^EoZisR2?}LGX}@Qzd-zpL;z%{ z+EM;4&C7f~+=ASP6I@aA~Z6!905nOrl^nEZ1$=Gf$RX+|L8P8;`gc+6=nS&Is0{! z>4ShW*yJJQyNF*j=gAZ(tb?)wYz?`|>W~QZQ9jyM8s*acBX$V(vN6W=cv}AW#%wtH zh*WVa3#$3zMk#qrm?$>VuawEz+j--{X*-uqG-Q)3w%_woQRfLNh$@IyMBvwqS3fig zMzOmn?VB1!yEYAVS@ryQuYV`dZ+Ze1R$(2Lp!!xMB8q8LVViQ;a4*b|vMWI$Uw<6x z2{mzXTNU)EcFV*&8nrb=OO+jcFJHFz4EjFGqS|-2@RL51kmzN%NhWuvi=tfMFU*qqK`FW<@YfZbUR!t|Aa=Y0zuWp9k){i(dgeP49yW1tk zv((L=i!WVlllk=C9!;ecqc#y(JwZiRss0{fg`9W={X;6~`{48FP3I|CZYmC==~eBI zSXofogz2%n*AS%QXhx15Vt!9ow3Gbb#2wMYKa7Krp~B=LWJ+{A_bw-Kq~T)|)JZ<( z5_pvfwX_1V26MWKn3;O~`JVGiymv&@u*7^xk{Tou*V}-Z9`!2?4Grt*T=GgxG5;pY z@u1JQZGhi{JS9dWmK1&w9kUGK8h&U0!1DvRH>+n@I0%SurJdgsm+Yn&Y!r3gBY~ey z1$ATc^G;b=SxH%u&9*dfZv-3b%c>|;C`|BVpjG~4!>v@gCY=~L355}^nS~B}+Dxv_ zz`&`V4LB>kXSgR*9<~fNVBHsdB1#$uy)4ENZg2Gk=9I61ld3}w8KJs|P?MoGvcnzE zGy(TZwUG%V!M8&?J=J~_+1gh|-*N+Afv0%_-Y&XHyADWAj)jpW^Rhe;uEJ%10?*fK z@Ai@zz8tQ^(H(5`#C$QYH~ix`so9NhR(8r+xnhUIF}9^=i|2qItW?k8`DG*f&o~dY zOA|k5nB6dG`A7uqaLf6u!WHCGHNw0Gt3UZ1kV3`Zgro=W8A;=R;DG-D0>OyDpL`|( zaN^L_Siys&U%JNih``J+4FuNv|%raBR9)Huy3~mCe1j}4y_`&sPA~Q_M=E;2C5(7W3~uCG)K-YFCzakbj{gWf zezJCY?=_c%(0+KM@^e#Hq5sDXiQE(Y=G;Pr?IgJ$%g9){d02!RVBeUON#9Zv+T5L#D?eXt6M8>Wml(+!9xYhAVTh7^^1Bo#ZIcMj*4qT z{BTx+*1LH3vBOj8>o485W20?75$N}T8s%RJVUsPe2IzN3YFF4TcPs8OG`6V!7i)+N zt%M3}GQtV7XlPSDYCHA51D@#eDILMiHM(=d3ct3S38!s?@idLrvom7z1o&4wcWXs6iW7er{r=rS85{6?COx?$aqUR&nyVUN?!3Q=+ z3OkqS)EimG5jY@vznycRmj0!yHcH|0#W7g7buu1MxmfAIBGIj!o@(6BHFrBp-Uvf9 zWs~GUxMj^Gs~w3zaX$RncD}rA?HY^!&9Ia`@f{pf$BA66Leaz>*c0%+67KjE9qaJ5 zj6=c^v^7?!YB4|`(XGiYTy5|MJLSQ3s`X0?c?ik!!PWXB-z>d7DhFr2v(GD z;IaL$E}vVdB^;#U%y|a-sl8;igI3e*Qy<+F zO^@s|j9SE%_-!tn0JJroH&0tWe~NE>f`AUr_J)=TTXg?^t&snPZ~X5wJ`%c;kVv=P zHs%MX?7b6AL7p*6L1(46j|$H;_2FcZmy2^6iuzG7&mi%GEAjPlJe+tpz9w0qI*7bIV-k(2 z_gdEOI=1%p-Y6>LmdHJUQ-TehYXl)DEXep`ZeE?uxvIPNn}Pe_w~QQWIOp&{Jj-^Y zj>EA`pPUbmwzB$f|1a^U9v{AH?u=2JJS}%TB-D+JDmAn$jb;9dR6-fkLXnhT#o+yU zm4ikBSs}IGx=dMMH`^7-k?Y&^!a3VPs{&XNY*Slw0Y9q#v=QB;abc0rq+04&!n27S zC^c6&s^zxGy7R%W8z_3j?2q5E`%gcfWkj2?%(?!+O0Qk&W#aeB*z3s1XGH#uOZh@g zOiJjDRunhKb`!LJBg^O&YC6oXd>%LB<6HeiK_( z6+*g*HOJ|2EByc7JC?3LWOsN8s;eS`B0Mstm6YzG`RsRL*1oPiWe+-zQAnsr8@uu_n z+`-9hBYly#3wI7CJoTwIi*ax=ZIDSZ)3Qo2bT1u3_gN$Y9b%;|=&3gNe}+DZ0B}YR zyK5F4`R)aW02Pq$z)41YR3*I|q&)AdjR7N$DSy)zKlF2gAH6VU{T<3tj?1C+W<-_( zsz3YoNZbH}>8=3zhU4G-9l!L}ccF&2$=C7UO46+*Z> zT>);w)*%+F!Rkf@&Ltc8K)uvNb5}FD{I1wo3>#XJ&Rx3adlv4$D%N;MJ{W9-z9cSz z#{cK;0FzG?jjFT;wGO>@Xw_aD1`aPhvyNS$x$Gw4Gb0#m;rnP$^4|Yw_a@oy3^=+g zlB0G_cNFnYq(jToL9lt4=X=vmzMp4M{A+Mg&%HAN?h5Tb9m}S7%uC`(I`QsFtUrP6Sl^xY@szV_;SIL z*Q+_Ms{RO*zM7Z^-bJCtXO|Omd?S*N2f5svhmVul6;tRfJ{tHL$nnvKd8Q?`mGNV>n0u9EnbIO*vAJ{_)6|L&lmsxoi@En zE(|lZ&Gme-kp5cxWkR`%_rTR{9_f4mnCfz5_MQ0d?TM7GtknLw_*+eVF%(L6l7;P3 zaX~YuXGQ!@SjtPWxSm0)awh72>9$((ApWl}1C~j9HpemhYR{z_J^?VZ@~NzTQQ3M7Yc&DBc7h)Bg7v>E}7k+FyQ zKj{j%_FAZw2C$_D+DXcyqemZHbW4wml35J5NmUjyacs}ZE4tFp5UnuWe#J076B4W( z`b*HcCwO}b|K!@No*3Z&Jaen z11~sZRiu7|V9i#8GiGwF#0saW9`?~D-2pHEF~y9#d>~OVDORxM+-Mqpu_{HW-bIQ8 z+&%E{gnb4-UNOtoQ}Lm=7hm&0#0gma_zDr)dBwultia5gZV{ol2{MbwSO_Jyki}3R z#S5=Mu&;#=mmnYWT1l4_S@VFYY-ri#d6V)>re8DSOSgzB8CyNPnw~~s3tcyX@PM`f z_RfjEP1JmTz5!w5oC*osD?>@kXDT()z^`(KW_FeI>un>y(+&_+$4|t<`sNZ<{Q5aa z=S|F%#p56tmnuA77+K?_5J4fK%k=(IoVn3qF)bJ*G2lpX=r8wPLK}l2 z;Op-eA1`@?5wyUD1IHf8v<=^sOCw*NvC~0lLw!LR-qxdI8k*!ig>6IN8H3l zx8sprpsiqv5KVr*8ZAyhtf^Fj2F!~3zV&=S*n;-M7pSHTAbd}*1 zB4P1mNQ$Jo$B5r!3rQ%)#qNV2pcAw*4l=6H+|GFITX-t%V^t!tF>De&?R|SK=Bv=p;l1paF zA)pkR7)o}p?P*{Q#|G3c>MKJzKWq%Fb$Pyq8ln+ECbcxEsy-(zrK~^H4b^{_YZ0Ge zH>#k+T()x9Y~M{iCT9>K5JrdC)*rrJAjKUJTzeR94^XpxtF~=UzKUpPL2Ium5NfwYV z_1hptb{9c%5uWApGw`nZHO&<3D<;4oLnl4DFLk>)hvA1?sP?=$KPYRw9xnQm~@Lc zSJ7`QGb=yiNu`&jdiswllBcVuZOf4*a*Lkc2soLt|!^F8=^ zHxgX)MN)u|=P6AOw}4rOE%)LL78HU5PUkI4jeHMrjEV;+DLEBAUxVGv9%V=aZop=U zChe-c!@JhyX^8$m^Z;Q~0gE4?_Rq(sqMhvCrIT_pL7As`_8RuWd?Ej%(hQ@$zHv|u z_BzAA(^3V~JCDC#kT2&sCm>N`Xq9^cjwVmrxBN6RDNiSV>C^=bv%KAo96P+}<_h0J z&#bR`z@KYa)-ry*D<#mqt|;BtaAVpmX$X>Eg?LlNF|n zy5uH!(Kefo>hHEnUnr8@o&57_HBSMqu{u#f3|icj%~ziL*pZwlH!JdI_yw7HgCnG` z7yE!=ERto!jzquM94SoQRar9s_*L?S zLDt?k(L*0;j&i?DfR4Bz(CeW+_{|$^uelDDINs~X8bRTT6u&L?-U8FJnppuJxm_0J zk?ECeZY-*;2m[ryI}wsD z-#XLx1~p47lnvQfzjrC3cX_=>AP?C}^et&rYX9*y3o!GeG3&c?DMg)|qces@klF{H z>Kwj+?r)AtuwHVV_l~Aeh6r}Qa}jZ+3I)Dux^``<*3l%s-Kp9vf_v$RVIWS;L_oXn z+5PlOwBfm`dgOuPqwd(7JB5pAHibAMCiDC)v`$;uJsi|43izM|xzf}EU5h&2 zVryZ$w{Z``uKesPfmg~aCE6^_`R>r9{@S^svSo%k)!_Qu6JmP;nWl5ZRP(K3HIGFa znpaE6X=gYJXL>wg9y~B!>2!5;rK{#;`Cmzv`su%t;n#Edf(K69GR;@c%Ephbd21o1 zZ2C0e|E_6}@~MPVBh@Iz4=M@u?A$EMtyvrxCD2UpgAU;B(%HD%=k{uT&pQa%4bpz| zUmov0KW*@pAAR_~X?p7WJnqCXqMh!t{*uv+5D4(TdSa%PINBLY0X!SOzdz^-DF@>q zei=dtmK_<?CZi4kn+Za)xh;yy^2y=@9})iz;T#FbQ?A-92d;(&-nvS zs|p14GBCTVVf~KT%5VBBWS}$FVJg5K0?>F-xXi4j!;5wwW|&4Q;bHWHdJYp}`y4r+ z=%?T`0{2Kex2M524n*Jw?zzh)c~SgC3FtZU?@Ip)b>gyxT(2PAXM!4QeF3L*X=dSx)!(>{2|})G`&*O{n3Atdf<3ix!M}fMD1k zuAM}5ktPvwnKmA|%mzS&gCp>8JnjBiBncj-O*f{OI;Zlq(ts&7Wj6)fjyxJOR)fGp ze>|OcEHeRdO3;tys_W~FwB~1h7f;jd`V*Q!M@PvdBCJH6sdx{^w(Kaf@$pFM%bzg8 zbt;Aj;3FCuDgz@lSxwFl3CuRrbF}tOoGkc$mBSy>gW<%#$RrS8Pr>sEhXyOK|cBl zlGP(-@BjLnGbLtGgn@g}9ojGEJ`xCBwhSRRadGY3()BJb=_j|!&Mc3iploO|Zz%*s zsweF5f=wo=H&RJxc!Cb>9b%T|-V|P0#zNLoXnfEOa#|p^x@_Bnluc8SH$M4S6|5Ch z@ybi$b9*2Z=hhP0iywFXmQPi=A58GwE1PsYz)}72YkjkQ6w6w(K{b2cdn6UnhLU~%-6T>WWVxKNU z36>rYZKaTa08^KG-Zh>`kF1*?Mu?dK(NU^&n!B%%=Orq>yF4C3PYNU%yH<+3?G|#a zEmg>e-J%7{38q3a%ZewALqpmTFw4Q^$u>Zv>IPL<-mm3{Mi~d8#NV!|F>c?)-;Qyoiq42SInZg3x?_mm!Mx0?drvbga6M9jZXtQUP&Kv(deFO%7em-vlUaUWJ ziT^n%ZNCCIw(P3!NlsN_G|6?7>crjbkW3waTpo_4S(8WJ1}g0SMzExI7O*~N8SLOr zybb^gq%^m0t|DI5f3DRFbZ`B=r8U2jv6PhRuR03buXkRQ{Gw}C75`rIC6SCE%cz4g z{E*BGSgiHlR1R;;W+oF}v$ERzF?T>Jl(t8;vYWHA9s5fN7qIStb(%9%E)PpEM#21- z>)o_OH#MTOZr4C=GDC_APEJp&C)uoad}k&*XkF~X_r#ACL<}1l&$%U5DYf|1M8-eF zc#r8*V%M1^fy+QY3L*r?p_T%L2-ew5R( z4^oA=+Uf)^s3eZ02&)ziR&kXni+@rhnXKYumBkv4oYgAkkM;K9=gTX|OO3_F5aLm# zB2Zczd=du7$fF{W=JfK%XPAYZz%eyY&8_EsUYa_hji~6JCo_4zYyoD4Uw=&pGead$`C58PE9Yw@O29#iP<1@VqPIkjvD{9mNTHE79O) z-rKD*S_AgI`#)W;kAN5m1w%(w9%d(!bgw+d~3 zf5+=&`14|!lf?0gqjU2-cyXpB!2@Zen0$VcBE}F*)^Vfy$xAYb3Ouj&)owWA5AYJ| z5ij0iR>Y&Le;!TUfAe*-IUsmulBoK%_v6FJRdwPIRQ-=c7QCg-^bCq%jMTPxc2$__ z#JYu48AwL*0Ns6sP$7v>A@j}$HbZi05{+^8j&c?gQz3=6@b2A5yIcEJH#5S}pLTV| zV?>pnK@R_DKD1vogDOC(Ba!SFoP0%w%eO`G=;s~%f&^l!ip!6h7BX?~7!+H+qtNH< zB8-T1gB3>YTEm*km-`dh{i0+k?IJxP~m4Y6e{`84Hr@Wo5q5!t){<3`G!0cOP4Ncd* z!RUp+*Gh3Jo-fb-kLbYaiht72kPln_BFZ^fpJ{GXivJA+u_0lOBnH5ZD8Gn>-6W$l zgZtak>X5u*WS?i@?nI$RVgC`qsu z#1xivrG;*^E;&XgGFY+33^i8i^yp{M3wUoa1;=ix{#nAp3q|w*ms09;OR`>JFyu8! zL>JWWM4@ZZei4iE=hxS{E5=67Jv{CG6W+1$3Vj))psG|DkO;+nlJsB9VUSWm2!)W# z@wu5Q9Z+W^OF+9D*d3iK_OSa|!hDVgO#IGgb&OC78;3hRL{BlJz9(zm7N!lPUbKd! z*T%=gJL*;H_4YSiSr_?(XNWjiG|yJvewR*=|JEENCTCqmw0EwWSNhh{`j7h#fM4wn z1=n%6)kaE1pOQ@ulChgFTf@_bsRCAlW`lJ0oDU<%(ZTC&P)5@%T>ndP96Gs-v*QPI zkIav6-6LVW*yjPctiFaZ?XR!?*MavuLGPrXJ>%rdwM+ZG+K;jJpsumHbpXwl`&TLw zJlk!A6%QWf8+mnwGBT@hds8$l^oqKq;Lh_W;g`@`0UnCud?5fZ;bSD_I-pbUZ0@8p zLZr6gw=Qq#8V{3KT}&twC!dfG8!<77pqI<_$xTep!r-niV9C2iQU7m@WMgjr_skjQ z4l`dqFHc=3dzFOI8Q#Quj~d7I=-=(u0A1?SFZ7lXWB@8YALyxNjV2(gVR-Tt6lCiC;8K7>jaYd>YbTP9g47ZrroSKVFd*07<#-f)EOu!OGO^ipvx$wXpM9wFTCbt7YYwB`#JS=5D-%p#Lxe^s_gJc@?J7`OD~ z;VB>c7A8zA&(z1w-3|72%NAWf?N^uA)QD=zNvxt%?+o60`wp{=6X+Q?&1ZwtdanIr zi5I{TYkfe@g!YGa5M$^(l9bnO6?id*QX_@Kw9bLN3B2`YS*7k8r9JfBNH0E;iDYF8 zOlGCXgrV5^+9WedMo(MY0N;1o)Sx&|H?OJCuRGRY4=Ph;ET@+of>*y`$birU)^hB=DOd%C z=zb)m$9(5!bGcY){8z5R@z#h^6tTnO;1B$~jlKo@kYWqQKc4QQGiLHzY4`0X-7@2- zqt{RRdj0iG^$t;%3lG^&OfmljCTluwAwYXGy@$c)?0$cA(Lc-`|CYL{QhHJ5C$_K% zl#c5q%Yq|Dq)Ang(p5L``EclXlPW;u0e6t9cP^4sk%CFB{_3t!dS z_B&T@5~ ziByki6H6c@Y2dO^T2yH~T106=NouTk*Yv+jBN#Z_a&PUt!}6=Es3BwrK4-igjY(r! zwd~MdVjG)sVoHj}5uNwg*v9z*=Y_H2pLX+nP6{d1!{MLb{SoAFPumtLegud(mnPPL zIel5OaLRQTp6HKH@n|DRJ2xi5f|zxteB!-TtOzW;i}@@QaO<>B)=L>f$-Y&EL9t&;aPqmGwn`18YR0C{7fEAR-h1vg z$`>rDi>7Ux)zCZ32O6I}tB%Y}9mfXfjVsRcJLi8Q%c{(CG!D*mhoa5!lgFeV+?6pCB+Q;$y5n@II$0?+paHZ7jA<=v^uT6@O2x z4iLrrlz@mW7^n&q91pz#4&(~n~|9!^)D@=Oq!jneXl-$7lj5F>Gp*E=_^H0WINwy zW1iV5BdAXhPa1uAqyf-Zyn}ZIU)W%u{9o&~Gr~gO{UhOTIOg|M2q98qxj-8~NaG=M zp(g30he^mqSIrE|o$a2jBR95;)!E7H*GTn-4_w1=3A*W99!Xg?mwsF~Q3Jh5E}ua- zi-(`Qk%Ms%wLD!79#rk|v&J!B`Y4~NTJY)js4vG)@E>brks;D?wqSSny1X-OJapVokZj+?t+$&BQ zSG>TMpd%I`VAT+~9xU|^hTrfYc#=!vo{v(ccT-qkP)57ca|(X@KqTtd;}+BqVBC4F zE|H)K(`a(o4+rZL;fL0Sw_z_Fx{dMeV=hqu=GT81N@_6&ii=y&G=Q0jEJjeB;91Wq z;>XL?w#9VBM=CSVgKb*U4+ch$>`pcRDSkeK6^*wdhhKp;dRe_JRSR_r;A?ws$en>)`tPE`)~s!`xF8Nkm+C3lH39U z#Q6!S%(YS-iP%z8u&QpjYeFGw+n>O28SSvjG~1;r)CNO+E=j``urwQ6Upp%8_7lb6 zPuR_FB>%T*oCmnbX)9*G4Kh}P#)qKS)9}-%(k@L3+ONm%h;&3>=5`0iGV~VAQbt$x zh83b~nkUo8?Jx$HMn&Sh1fvyDcXeYwhRl3mxU3UHiDJ?Z;hBaz@o)HA@ zqIAQ1j)%^Z7KwF{(3(ggn2<1PqxEd2l9E7PXwXBs*UeDxVN~^pAfIl4`jdzL<_9ep z>i#j?s~rv*H+pUIu+iKV%I3tgtbOZ~MS9X6o@Z_gAGMZZ2Q)c3wo7i9RksCI(89mH z#S^WZYxr!}42UhF?RV@BBav-%seh*Yc7OBlt|dWxc#4qCBK-$#KN$_#JMOGyJn@3` zi7jpCW|vk!zMfsLQ>v2IZV>8y7`f!H_E1kHc_%Sh2B%U5iJbJZsK^YJIF`-(2Vv7J z&-!|1d~_QZyFHe2TS?v6c$<;iqL7u&X?Ij?m<%2>4B@vSEj=116MGSX0!|p#R-(0X zLDO~bPZSSgXq~JGU5-Pl)%iIHavMJMaLu*~ro1Qz(s`XHh#7@K2*{p;@@Shx`BO1q znYtuNX(6P;Zw$x~vU&sr=bl^s@6kp_Ny-PR6XhClXyP@w#FNM$(@jY&8jmE+t>F;G z)H_1J9qR95X-J*&`5wsF54B|b**bJ*I5wiUJb_QWq`?Be7ja)P9&L=cPokP`q=%Ik z^N_Qb!NV+YSksn*$8Mr>SXtSq+4ybE-`(9=jD(#{3>vL9Mgo&Pcuyrj$wQaRuHy)= z-%4dD0_RR5Tv-hBDA(^`RPCyn!A&+pFOE)Pa#_<~t4au5(6D!*$VYTGUZ2zcO_?CtIRX|lZ)NC{nHJlCdwXcQ$?OBz z(#Hv|%&So|z9fv&xV~m%kGD@lyY=n#BuGfOlJM`0+t7D%L&Hi73IA8=h*v2svL$gz ziVZq77GCSOeD|%0S}6-9Y6{l~+aJcv!@{mF+!gS|-{?7sTXl#;xu{fuU1Wahec-kR zUg1;U#()5^L*qZQ-U<0L1sC7VyO6__WVB z56>%urRv`q3x*d*L#;2<@%MlEe|4{t@sDNYeJP}3@K^U63%()lypG;uu%k2rO7IlryL}8GvoFPs>B3~pCEM7_Z8~T6p#p8gFuRR5`lnx zd=ZiJ{Y$5N>#t_xL<^l>N&1$GG9QskHalWfs(}=xzvN#=EvbYnZ>?$H7}w{VJUC-R zQbvwXP8KUGZE5%^nF|!O`K3qJ;|}HJ@i`yWNguNblC1ivOUD zw?M$VCQE;-ZHK>SmxbfHr++I5q>|E4Gxgxy`!^f%6d%8pmHl((;haYj(X1GiH!k!r znX9@abbwFmC_zMcr0M@5>m7q*Yol)Ma3?#?j&^L@wr$(CZQD+EY}>YN+qOgpjb}V__*h4v=HtkUlY@+>#_S&D>tbat^(%0L!|V4tCuUg zXPk0PC7ak;E!jR&ZJ68;x&|N+@2)+cH=8E# z4V%4D&?Xyn7d-x2##gr7j|cN&zJ(TG`Xc zby^;Ztw;l6BF{j$+{zDy;B?2?B_bYH^nk9unN|psfmwjqh z$JA*Ud@b^?9i!1f8b_JeI9g794oBmsuQH(F;yaz0)ANNGr*7yv+?pgx#L6WN+>8*8 zZgygAXGH|AmJm3KIH_Uo7|!q-KxyYHxuGImbGM`jB@z1T`Om&av4|)ZBOod`yX^Fh zZpBv>cDQ9~CDqQVR~rrwa*nD!UD4cDwox1*Vcf+AW>z_yLPj+^g(C#irgy5z51z&H z=0-9XHYWV0b2+^7%YgMKV+czRwWoag2fT>k}CMUqKTaI_rsN`wCYo>N` z8VCcU&Roo!NynVk?;^W;9fz7nrGAcVKRJ4q9(KN}CqGqqd%VA7yPp>19Xv((;BjZ7 zl9Gf$2kv(w3P{0$TbmUK74)Z5u!MN2axa z+2EV29M4#j)v5q<#v-=mI@PI-*GPyHOFeB&Ptmm5%7d>S#XYOD0v>2gTah>i0ax_H z=rwe}$d|?UWRlbjPHdJqlKVt~Up*FF#%pyYucH`(IWvfPc$*#~r)nD_*TKh$fIYJI znQojDbc5jgT!?PLmT;v^YHPVLzg&%#20lD~N@yJh^fg~Hp&ST>$~3g?@I%$Et_JGO zI^2;ex725B9&gW-q!I|vBZt^{Gd?#iY%c1q6^I8%;VI=O7Or#%Jpos;a+z-awzDYd zTyT93X^=9Mm3V3&MX(+!AG=Yq4pil>EV=IV9bFEk7{6m4pG~Bd_xxQIXjJ0#%hm zOd)lp%9fze8imi4lp^M~d{V=5KX*OLr-&l6Sa#w{Lh5__g{#%=RkXU2C7a80gaq>3 zR>rAlFjHGnA6Re9VcAf}nsxj7Z|K)4)4LrsG({y3LShQ4g)2^WsDk8odOCWYyn9Cd z+3&Lcz9biq*HQgBR~wnl!x;(y2zpagt%<(nl zx4asKg%bGvzsgWxDlT;$A0D){)lu0CQ9rYXqyQ`pC|}WZQrn$wr@Msb94?=HD{J%d zb3FNV@PA>oK>fMe(ggv9uEl;(hQ^*hQ!-_w?!XYC7alw$L za=sLJV0Z$;MfkRXnH%wdb?}8GN1j5mAxWo^s;l@vm6aL5}^1@BG#CJ8GR0E(b05>fs+E zts!6KpX%#Py@d51>F*lAxbjx`IF#etHuT5P0%nU$=;*bOx(EX4qA8p+$j|>9lFL!= zMr@|Hffxi4XI|~BA^$dAQkjW#f;vm!_TR-I+u9$2Ff^lI7=6(ftgAbM@aX6yaBno6 zMM($~s&L{*Vq?XVJd`0%GTq3I9Io4=jY>>^Sh|!1FWewTvA=e-bc?1fng` zZurcBBYB-FmbcdT6SyPltFW%3)U9B@i@2-WSuXqnoLEYNWt9Gaukcx|toPdpMle$l zls&|DGO`P&7XCn`QQ%$GRtaCzex%H=WMT#XzU2Ww9|JBz6m+SbjJ`qp^-S2_Xv~Ah7B(Sx%IL2ViBRaDoTGY^^Sj(*y!x; zWMX9`4x^Gz#gN3b_VewgJ)34?%R1PQ|5E5Cj83Yy(f1-uupMqq?yKv#XBTK*trVW8 zz#aZ~+rR3n;#$p9{iXTQ!tSBs^D6Kli2c)o_me0q;6S5eWK9og?ZKUCG)K#9Wps~tx;_JkBy_F|FmoQJ6&0=mmcroR?D_Y+l#B1xkXiB1w61hbHFr3k!W3Q>k>~ zLR@hYxV%n3zU4kaCH&y+@?eBlBUej;zbkJ}$Q9?Xw>;nTB^NhICP9BvxTeADy|OJ; zq-qUPqaYhD(I$T6olm}!Iq%44ozv=raqoY}gsd@aAwddrS#45`paOJ z)bxwn1v7FNDJ$anGX3GKleRPqFdzHeqqFRLfZkh@_>LsIJ_AJ-kP~wNkUOR&oB~X0gM?Xv;Bz25 zrkew)nCnhxnG(^n)=&G3*XcA+!r80zV9(}3uzURo`9|BF@PTLhWmBUt9h`&mh8CO! zsxT|*=5+j(P!onF`sEA#(6p6xU8MiPx-^X15oU_X0>>GPl`&t+%3>^rk~f;BAnVb> z`P^ANj%H71To_45OBCe}n$jS~U<#&twR0wxF0e30Rz?P@ePERYoN78aN*ScnL8FVC zeJoV@*ktdxNyEscwRY4vJTfu=lO`)ucB6<2J&7Aj@G43fyMw0r*)9rSgB-zTtG#NE zfM{xFsE~;2qD--dW4A2H%GzvB>d*nQqKqoC7#Ub=t=#y4p@ZgFzT`Bq)lZPBceRkD zgPFLRRQ{$xE|i2*FM&&IaN=}_nY&f8v>f~}K(IuliBrgD$iZ!RVY+{WChsmyuMV!m zj&AnLSjQBrvM`4@+Dn%+9+FAJE z$gSp;)xf%qq3jGpaz@zN#>x)L@UjqvOt^ck0G|4H!O#%n?EGq3HxU7e+&NfthUBuB%noa}!Msgd80h(HlxSNN#h z?h{tsPFRjH>I|e6sK(9|Um*l2SjwrWM8+(Cv4KCoP{+88pz%jU#YBJ60sf&y)2-I^5TZ4ta;oV!o<#W^?ti%(DZMTir zuiD0Tcz-?;8xn~DK}4ZFued+1KWu~bYyx!Tdi%dFE8Rrj(k->gppEbotdH=KUU$qj5ZGHW3kL{e1*3S(5z$2)?dWi5mP%aRl7AYcosmhJkAayCi@^g z5NlhZ5DyXda+3SstLp2YbX%PIT z2)AEGHK&V6{+d?1_^@*F<(8KA!@sL~pvF{u%BAgz-wMikvBm->xtWXJKvt1Ug`#aP$Us3eaWKhXTSar~EUT(hiP$eNajTPCI_q&BisQ?z;@L}VIJ z^08{7e#p^Jz1{KNgad?vpn`ii$baw=mxcA|f;m0~g&+xz@iWD%Zk5M6d3fQdiRnt5 z6^;V%1Ca($486bMcrAs)ID`w8%K>Mvmn?^45O#o8Ib>}P=}#z5i4sh80)y|RI_6R^ zSg~JoQu)P)!s){04%`}*c(O~bY8Yl5`zr@^bhSC+i`eYmU!Mzu3H%Lm)Ph23iSk^}lF$MAZNL)q z*EvzDoa~1{k`VI(LwD)!?l-T#((~2U$e`z5zi?5M7X>z8PVDnFJUBQwS0MTt$f8%% z9uyc5!$%@&Yf&|W{-@}#Aouxep+u52WutI@$t@MGw2R;P?p%L=C-Ri);jTZZsSfAE zG^cIP^E!IGl?J=!gJ6l4mfsO546v=l#bVyGGJDQz^e~NGpXNRRdA>U@OfDOgY@0wQ z(O`0SNa!^mu=lxJf>{|d{L71BwQ;9BR)(`^;gcq!X2<9~k^M#|4Niq3qn5M*C}AKF z!!TYPVGeXnV{se23h98oz}eLrD+d$TDw^)!J9+7yh2SAIy?*~Z<%?j?7ZWtpw_1$} z%X`Bz=!QRKN`F|+ye6_bD{e2HvLw2i>n73CthNK(%JuLaocM6oqT=w^Ub&9~5OQUH z_io@;M0^^PmY4`TM0BpLf(*8eV}`{MX~nlBiW!eqJ%;-i&6jl3vJVV~DZc@97VO~3 zuKSS#@ERD=)Kf9W31NNk>kNLoYs31ZU@6)vYh21 z+Q;G;Mlf+JMwZ(i>*Uw@Z)U{alz(O zcdysVeA)OLHs?rm8)KsuZ~f`wV1dzbVyjD#kPyA8+247xk$&AOGKbk0A7hF>54Z}{}Ji2dwzc2Epnri$RXKO;HZz9+fg!)pMyL6fb|!dBIp=BLU}7wylPq2b8= zU9$|iN^uN`H8K8}P@GBp{#fb^7bM}Yz6!S1=8Dnuli|l#Ti;hs5KEEs9PXXh4&R%Z z&*YwWqLYH<2&%;c&5l}rKBAyOv}-)chkN8~C!anNh&pT)G3vJ**Y%8+SLz&ObN14@ z?7LbjC(67Tdk3Kjj41Z($`FuY zM-Z`fVcZZ;T+)LnL8a_0a530CW_^%0YD4?A}=hO8^y^ZH6#{aw1jAQ5b%jX zC{_Jp94oYX!I%$YU)v}6!$E*~MbV5|?Uko=TdT&gP)w=aX%b9oeZxHN_>~tS+l%aY zMa#-M@o9;Yw)Wm)U1+TO?eE6Za0vH-u_`Y`VK~dW1^dro7wr!pw*3Laz<3Up}_^T z)Ba$%&QKH{n*;gZGIodrID3yt8anErfBc+$cQfE};p7{Y%Xeb^8jX1<_18ioVz@`q zWFX9CFOAx!7q{!YxY+3N?fF+;JupR|p_~Qxw#qGsOM?J&36t%kK_gUA%YEF6^^hxb zh{>pS2EBEjirp9!L+d0k*`y->Fe@jOUy?(I9pJAZMwWDawwI1xnFF`CLptm}hy0880aLA!gh0GDLm?!{CP8>uN{wc>^wa#h&PZw`Ftn@tkUfR8q&ZOWF ze|~bB`cHtE)C;w3i!qKTvAxODZ{~o~${_iOk~3Opq!qpLFtAgbvY8Q?m$tEh^jcOn zXB_7@R`vP+%L1V3?SmE}y#a6RybQa+(n<)_FEj4$fuA-;Pz;tZJx1M^ug)|M*3Ej$ zN2qCbg*b#QoGh?QKVwvHIq$i0ZJ8$}lYh&*AArug$?VwRKC@l*X;6=D%3W)GJI#~dTFfr*q~#zn*1ANhvmb`G!va0 zXNOy4a&fJ#?TpjaMs_+H^8K4sA4(oKnF3I?*hI{U(f9E~!0 z7JlYd9)_#H?1BO%HDO-E1IAZnB0he^+(iHQEAmFS%bEGQqdnyL`lHDAvEt_Yt>-VR ztekHP9tOivAiOl${cKyXi6U9 zCTfo#T>5xdL$baZ7)2T5I8fRBcq+l);VPK5pt!v%hmFn|iWbYQ;`X>RMokExHrQpY z<+iCq)LWy8!v)eNpTE-6*kVj0O&vlNjZ5ruF+ZH4ve0H_BhxA3`5?UHC&ZD6By9m@ z)Sc$o5HGQ8sgu(eu^`RqI9-Mi>_v}T9G~FY!2$Teja9wuy*E6!hSirvA^Su+a#X!5O|+Bx z%S*6DK0d~A4#2XME0P(b0d1@t9t6iF3=9RKp_Wo4v?M|KhCcET`;Fsq*Nzdc@u=m> zF?T^+*U{#j6KwvH-J)6<{oS$LlWzc2YJr1gq$PPyZ2F+JlPVBB-y=QFG|ydmAbWwW zE|@>g3(KP}nAz&>e})9Gn3jnpr#K22M;~DRw}nLuVbjrq5oT;)gn+}^?IVAN*_qjB zvHeYfgdgZ(FpwnIU?ooI>gtuajuvS98osTqb@(@9cwPUg_S~M@IgIl>GjJc5Bz}aV zmdbikzQyqB%%%?90r}v995K#vg{>+kHs)G;K~Ua#72{^z>tQ^(V)rj`TLsj_`~3uM znWPutFJZRLPWQ;Fi^DM_@Bk~~e!wg>kwtOS^D#_?kpj)pL7qt+7ZB(g4QO0`KSA9e zO{mi7w7!m0lJ?5NFD8*13aC@B8G)MtBOB(e2VbSPx<_K-K4E-Ij{ya%cjg*7&hf&%v_m`s3ln%)NgR27n>u~4(&-O|@bt3l+Dqi^_x>t|Gx_sv@WTU&Jg4<&W5phb^=n5&@Bh?V8 zESGCLpWvCjI(bbQed>wW-dGs;Ir_5+Ma2a!Gy0rdT2gN}c9v#c&WQa5pdT)6)S)Sd z!Bzjd>$0=AHumQ8t`83{)8jde0Gr^Pso|B+U<_%Wibr#We*p7b^n3SzvgX-BzN65m z#V{0>NM}jPI^GtZ9G>-OppW+Ffn&`MNoO_i8@$UVUb-N4)W83=uV#sSOgc7N!5Z`tFspH1tk(7e5^ z(iPk8Q;OvPoIjjIymHXZQxtgoV2?;S6S-Gy!M%*ZfL+z-igbya{@oq)=YXL3w+yRT z9@6sLh)9$8RSMJ12DyS+o=;@-pN9TAoW3;d+#7#K^>H|6N2JT#u_vZ+*}cYkD4ki_ zDxIAq(PCfErJhQ%YKTsLiE_0nhtexI1QkqV6Wv4f9T1|Z@d zWt&DfmUf0BOWAOP4#?3chz}CK(Kd} zHeT?fHFd$~ONj%v41hn1o}&-lE)!!1OK*KUy=!>U_^^r7(Wo)mL5J^cFMp_fw zkR)*<4C^u-{|1tmxwzBSkPN%sZ)T{Jq7hYAyAu)_p6yjurv&*8s*a6E69DsnL$@&*eY z0XA@?10)0E{cv8wuFqf~(h6*$qExSJD7dxDB z0s$4o9U?pSr9)L6cW|)fZh+wZ_tAgCSt~s@v<$Chgj&Z6U<*Vg@n{nWXdL3{iYC-O zOKxypjJHBKro*<1Og-ar&je-OG7_6I99UXw(NJoX)g~$W2EbD_3xr8Xazo%OY&A+05?QNjy1vy@7`>L`R z{+8hKX?Mh%0}l&JJ^!0{eml2+x=13S5RjI}S$@ijcpF}w+OgtOJvk&(NfNmv%*(o} z@0BIujDY9r{~UwKJQwEkQvY3B!>_01v&05>Xg<+%>VyH0+Sqh~FarMg0)RsunLT2? zp4yc=tmv;pZmHF|FPImf9iQI{-dL`k0Pp<}M%NkQza@eWX<&z}o4m_|!-BVTbWiR% zj?|Bk5KoBEj*nmMf!@Cq4ld|!phT2@$9~?z3_I$$r>F*_M{o*#B(Ei0t1_H)Ac2sM zt;N1d89lu%e$VOi8q`WCghh|vqDe(u10k(f)9$CFnvOF+7bNamu!Zh+5L4B|%04MU z{>k7xHjkvgtmsSA#m4sQ3TYkz#p2E9hq!;MzIUZ7|>FJ-#%;t zebz`pV)ske%*17@*JUcvZS{EKDVCt9GOj{EJ7s^sNR?vhQu?YRiI$wYvE`Eo6{ZXQ zRAJZ3$ENYr{}oLt3lWXUjZ{k6YI}cl$xk;Vl`2E>;e8xFql%?D$Lbm4=~0F146Vxm z%) zw@#u7%Ng>nU}oS7 zW$OE6ta9`!?v)8>W5qsx69-m9$vkxI%#sMm4UMf-qbfw8zI+GDa-CxC0;}7SUMknM z$DTvRNqssR5HF#G@qtPd!GS}wdY8e}CB_%zbvgsl1lcNW*07HQqQBVN+C~1=M$wBD z-j43qY^1LZ!60r>Br}NqoYH*^GFZJSVDYr}xG6QtNt>rRF;FMqT|mhe({P%Mpn|gG z3WI^g`?{F{A#7Y)Byv$ewbVBYJwY#p$B;x+Fhc!27-{N>JtV{l-i$3M&TVY-K1KgY~_>(#^p%>il$DX9(E)*BuAK z`wUV7jF1Jx;=Owxrzo#x) z-mcf|o6lys%7DUg7EVseIXv`k@5smlR-4Z~-0m3=R(5w!FRuV33Zobtc8B*#bDWAz zIoQhQBd@cfg9R<68ZAU;XA6%EUP@af9YAilt_qk(C>%C&iZTn^ts|^(y)+(D&?rsV z?*4tz1OPJd3~=jeAOdAwl>cR^6WYzZe12KGa;WM70(?4T5J1jVY&qo=Ba3lAJIVa! zdV^~Gmo|GUM(Q=A!P8lJbR!=q9w-;mC~Id7lBAvJobHXNpc?MHjDXP!`Z&gv#5mqB z3}+b36j-z?1d|{|Vfojlv9L)`ZK-#cYw^h_XG)H>9hB_UMJ1B^jbHS`IOShy@oQ~@ zk+I((;bu1o3tT$SaKhR`{9*151TQXd1rRL`w#2w~bPmPTvo!=Z(#0mWcvm0e(Z>~d zLAu`Vt}bJXgyRVX5bPm;?6}M+rZgt#PHmC6MLLpCQuy{s?^=;bkL7~Ql{;JjG`9`q zeA`Tt*2KO@{RPR^DHO9fN;mIWQ=gf<*86X4D?uE*#pVPrx3{C-xasgP&M(i1qTYYe zC&weumkmpj1tSkhMgCwHp^7^k+3V~P1>-J0GpFM^K{qWc9N*W+_Q&9Cw%87W9R3o4 zP1|*!3^}sXo8wjtFIK!HzJ_{{bWXOG*2GbIQj`_tz>cfvBf#I%ygs|a#oAt2C}BLE zm&NXi;4Avy>h*w%ds`v3AudXD5=7|1g!8Q|;-eo9A$NJA=U{nu{XVnxI#B&S{`qX_ zdE4@Ru;n^LfBi1m`RY4@*WvcMUlJtMW%qJ$4zJouKALvX@#r&c;puR=7*Ebr&Acuz z@!h}Jd4>4-qO9q0dEMoy2u@sZ%;Ra4Tum|iv;~LBOX;Q-&kvR0mYbP+(n}evqSa? zqR7uxJMd^{B(Mp==^(8fUiUXZ8eLlfHfjoK5f2~nNRpWP+Fyo2=m^Q)>|Y`j$Z;-# zW%A0di-;K#27zJp;`!a}TWPY?pA3==!YSh4-d<-|Sm{Rrj*|!?1nPj22!t+N>xBr% zmL_rNOUK35OWBV>oa^^TlX6SNQ|c5^yU7zCV%p1TCZ8HFC@OzD?Plr=HN_gY_bJIU z2%5l9-SXI&A5v~s{r77H2T^Bt7)PAM+~?yYSB?BVQW_W!0MlvSa=Onep-y3DT6SxP zHzMF^;Sy6pSr!kCB-IPCnLZ}Oku`F?MJZD;4=O;vU3gIiqfyS0dE{Q$CBg5IS3wD$ zVO(8N${%)iR_A~jxf3h?rqQYJ@4pfU4xHGXMOd;wpH6ZDm1l1Ss5!mDD9=|{{S!%L zayY!lPaEiXX^YFOCVNHLEs_W5sP@aOk>RmE)KMS(F#%_*Pm4W>2x}5_s;ZWPA zsyvK%_g;W7%H6jSme1jfnx3~~%q$7z!lc=%njW8&mvX!sF3TFNZU%SHgq31=P@Anz z@C+D(vT_Z^bR1ChX(w*(j9&rJ_%3ibTtG>v{&pA7*8H08H4NYO!_;X^8E20b)ExQl10n7tP|NN$vBXR6c z38V4~1fCHb7tuIfZzKRfwZlq=6kg!X4CUU2HU%jhbDphnX7viwe;cRtE27(T-D--8 zwT;NBBNEXrB4qE?o`?<1I3*Q)5(cLPQI@tdqk28j8V`aw$zjm3ezJY)9i52N^4j|g zR+1G<6&n;Wl`<6jS&`M)IzCp*x;2#l-`Vot`I2J`HQ1ufo|&l-&KmTbwtEvyyB@U&Sl9sn((G^ra8J3R9ilLm1Ir0{?<|55jmS| za7zIr`J}$m{s^@1Yd5bFp!(!M#aT_$qVV-gRd}Boeq2+rdTeZUY{q&qVP|7x;?U#?7(MGa zj*FLfR|To`&o(sF<)V^Zaaxa(YE0E*WPU_-XamOiLR$e@lDASBOprBYeu~IVWV1y} zTn^o-nu{Ap+LFfq{#=0DQ_8;>=3!S0lNUcxjq}8_c@V>nH%sL=^e7&v0V z7VxkRP+6t{Wk&C5bCcg5dgDGx3Gy>IA@i5PE6?Q=%bF4>`t7Gs5N-- zg>GR0Y2X%-LZgJ23nZ!v6`$pTU-Z#xbfXVWlUKk+JL0w%xFqj{XBxBaX}!mc-LSIv zDj)CUCBNYzlFhp@lcgo!{vr%cJzsZ0yr8g+(jOw6uv}qZ?`GcBE7(zEG&cMipVea*Z4lADlGn=y8ZRZ z;_MbT0Qza~89_)Ms^|mjdG(JOAtaO__0}R|?7sj8ijK!vDX*E(AhKb<3wxQzD<^ zGi;UE%Pm`S1vN&#y7pPZ^FAC!oKw5>(J~9&Qe~tV8Z5M$h zqQGDK;8-{$iI4GNkL#bG0=l|jBUfoDxi~JIij2S(bOnv~o6T5)sP*lVbEFL92_?cG{W4Nxk>ZPRQYQ zIBYbD-{6i4z@>(d6%oz;u^|MJx}8oZttpJCl(h@~Ri^u|f%w1GAqi{{Uc_Sg6lnmp z)iLuEOU8$@(YgHM^K82FQI-3p`g56UuifQxXF&Q;bT{GC^K$p&s`uy@JRDeHI1LtV z_z@e2f5}HuGL@KBBdzlyzt}&&KXs<5U^BCM4Rof3#btj#^Ap|k)bz89dAHXdyI_S5 zHPayp^{4tBrKMqQ0QHS?*5v@?tp9Pdi^u_Kuv&T(Ulg0WwZ+x!N%gfu{^h!N5T0jw zo3 zbK!cq9iJjL3G#>A8-GkQz?TSUPuWUZ=i%(e3YwMF6v2-rRen;1j{uT_eLbZW^4~?T zyvW~`w&VkeZ|!yl1~AvMJDuyY32kR1y8g=Q21`6K44@A3yjjH{`$0_WLi>--#~Ye> z#MRSrERzAR2G1p>(PR+WK#(Q#Cvv&1u==-DVr$lFSyK*oA+kRlWWKiTPPZ*Luef!>6H zfu5ov^XAD+gxh?t*LbvnL2on?#!9@?5Q_cv)3p7f*WUT%aL)@I5}%84CIV7$ysE}| zQ?Y|s{7r?r3eJ|%a#nH#vwZT*Hi_6RellxlY?ps=oInc9P1D-j4& zU+KaIsxy@T^fK%8!e1$u$$7ce-A~wVdy?YU1rN#Azho>e>NH&YDPtxk`xqg=kO9TLm%yn}&GE(}0DVe3S zE7y=x0dK2d=qv-5sOh0AwkSa%Bpd)3jFA~p)-CG9 z^MRy(`H~o+a>62-CvyV?+h3;vpzG*3XYbZq{j{o(k3;4C^7;G^RZWAUGB&d6^v%2& zRb3C`uyuVWwB>h@q$gLCkQhT0xMfX7K*0d05S4J8foS`{#-6nU&EO7!ewQbdJNTa5 zQDSy>ECn|ucV>;t|6n6rWWRmyZ_v;t-Dk9H``8) z;smnrxH|qZq|JsyRfm7ww^EZ6_hfax2IU$pUR~S}KA<6b>)YcC$8fti|I@XST$NLW zq$5g0m;)8R#ioG*nFiv3yux4GkO??V)Fl;>XuI}(e?A}2_Q z*Vti9WpN=A&o2lpYe7zhHKK@W9_S;q+m*|qs1RvKk=50}lq#J4E>$Il$JNERT2e!f zlPOamAHjWTiv67nrtgrgt*IFu#HMp6fn$da4>qh;<{$P712W)NXqmXN-7 zQ%xJg1d)>wczkHcaz$jmyW1m(0^CzzmyEICzgi@boSmtemYzKT^Wcb>t?I$b02)u{ z@yh^_HhwYONEnxOJFvVQ`c5Be^zt$*a%~Mg8FjsXjrkCTfAzlFnkOe!q~)D^i&5hH z`e^lqF*l^sVoAPYao;1+wWQV`2Med0mx)O>e9;~%_ zF~*NO?58{5&$ION-J|_6?uq?5{rUkUGd#TXd|d%NF*YSD0IZUO_tkTg%=j{`Oy@%p ztIs)L{DSs9KVjP?I9Ni00E{z@CnU-Z+*=8otv+>nXA@)|UG7qX5e~7sz zk#yT*A4FR7<~#3IV+-cmnQNpUz&AFLEo0o9t<*of@@C%Z7co9muH@I`((wAuo$79A zZbxc!sFo~g6I>nyFo(GY?J_$~hWxYqh8>$1_o6u!#F||p`MVn8)M~|W&0_h{)|_IY z&?1zx;5;c9-@wh9y5T^xAKHwTXHC;7w(!+xIkUPQ|An|upps?Gc!rh^WM=_D_j1lB zkl#qnK$V;~yH&=(MPi77-VMRgihJYH3$} zBmjlusLTrXPW0Yr6lPn~lWAznE!kOKS;U6CJV(@xKPapBj~dMUQ3Bs2W({4q-fpLQD5Mu zlrX$OMZ;8AJf{fba##0v-X8vR4OCfn-u3F;fguE3C(92;Ai+U?p5}Dz{PT+=KK7$D zpYG0{VCZv9%x!8@u>rXfHGtlO>RoJl4C~SijDdmSb5X_mR)rCgzM}+7FH?P=%0AF) zLH86k7Hurkg9+F@Pw@g z{%$osyPD-?>2GVBkiAG^%|i{;?hDJG6=QAB)$^v*!YVs}eMa%fdWS@A6SBIu?pZ?y zj^z!7_p*Y~)0g4=2$y9JYp|vce)@XpuoiE#YpbbV#RIL=?ku~48l-)@R$Mf<0`%|P zQK2n7v7K&iano>NlnchUuh>Z=s|{L&=I{|7TS6^zvG!+5npole^>#fu1j#+FXo8h!t`YEY$x(PpY!8rsdd`)^}ajWy!}kE1v>!1uOFvjsm2K9b<~ zmGdcAQ&37sr;NPFFomt{JY_OZCc;R;f4f%_a0=f47a5B69_KR3b?7n=hsL<9Mj!C* ziH45QT(9*4z%_M$Z`TN%J;?HYP4~Q_-Td(Gd}sT<(XJT2&L-7-4fz68l`kjLpM$bE zK1WM@WX`Y`iE#ND$O-5jS6M^jZ2OoWY86H%s~{-=;wE*kZKS+)*?nHLw+Um=QgM$g zC&Bz-V5f?!fzJvd2O@UZdpo^KQA^KdWfUGXlMIxNK%kr04LtD;;hiAgHk4fx+H09> z)hSx0-jmoXa`gtzr&Zqo8Zb+rD66{W?j3*GqM>2~^z+tLtB#WwSw5*k@Te;R4YA!} zud3gJj7{cPbEvPq=>UIzuw}k&L-!xaYIVBwdPl_V{I ze}rN_*+{jfC{84h5Nt^(Qw+w0_8hyL7IgLw;SsEM^mb_9JC5R_sPRf#C*LTn-~axoHy- z?Smr{qI2Q^|DhiDLnUtodj>VS^XIWhYY;XUf71!dR5jy{-?9`yC687n$e@z#FT0T> zT}Mw?yes_g+^3F)A4VX|lZFVEKca27{ZSM9VP8+;4at!!aCmHML53FjMHExy^I-_X z@Ha%6I;7+iq%WDC`aEXOb=LN#+Y4XQ95|a=wYftw#rYZ?Q}p8{Ch8hIeYh0FzX|OG zEvWPth+L+7Of+^_U86l6Fw3)6;Tu&MXM+3*UPD5{ANd4Ejm=x`Q)hTv---s%JAtSkaFZl zx9s|w1|(Dd7DP3%_VG3BCU7R$Ag_>#@VL6{ac*fs4$%#}tEJiL0*|{%1wQy^C|=YW zvDh13tZn?uy?zO^MC+V2600z^P6Kl^S^^m#xS%TtyRxC;dWN(bQ?3=cn&LkG2xe?b zztOqFE7*!v0|R%ET#nhS$~lljF&>V|G?fMod;bYh#-KH$aJs z7?ZgvIFrQ=%cCmOYF??$;PY4j@4oO(b^e&Xz{TI@Mj`0~Ts!OH<@E{J*EwB1Sn|z@ zc(IOlB`1um-2vngxV~O7hLjY-j`b3{&L2>7E?C{U4O>H$HJt{$ux|4by@mH)&udGu zJnw0iDrPQLa*mId&2E-H~crdhDt!{7k zC~>wjQh2l$1HuE!`ZckD?-@?H8@On_L?_(%?3zB?3$&>N08k^_Rr~PJ^8f?e8RcE$ zJ0sYAzGfqldTINd?g9hSv4K(1ZMWLNm*9CnA-N?X%HY7`g?I@daW@|Kw;*C7nCZ~2 zH7*#lLu%Saxv0OmC94i&tEXQ24bSVnMftT9y#_WEppN09u0B|KX?hr-cvZeY9ssD?{{!qm6TkdW<*PCZH|L8wKD21k zmIh<2Fj&N|>ZdCb^>Z|SlBeKpVbJ2BUbOPY>M9BlOR@FB(%oA*A3uHi7k=ee{A3n* z)%oN1-=DcXNy7Z@xBrdX>D#xRM|1K2-Jktg*CS*5Uw`*qs=@1D|0$JD&xS{8VI)r- zUN_=zxprnEA(ifA?D6!e&)1MFN5S0LA*F-%b94b|Y>-M~4|OqGlGyJoKZD8| zh12jGJ&RqQ9g0N1U82d4MepD59qe=VeI@}LzDA=!dZ*{F;Kp)n-G3(d;A#8YAhRO~ z(qhTS@)yz|G)LtE%**JVO&)ppNuOr~4SpA0z3rHtkNN)M%woU5On3=y;kVMYEN(|c zQS0duiX@`*WRTT|qgckA*rQlpy9x{Q95xgGjXZ3xQk-(m`=Zz*yioB@wMK%cKi*b( zW9#Ej3_nkM{CUj&+R8ioIC-km>f=!F5zCs8VqvpABQ>GKNE1g)T4l^BD{?h|p;DpF z3rwHF6(-u^f8&-Umx6wUdQj>aS_?V_HZANeWM(;`XdT^2%Rmj zQyF-y@*Nr&=;Ix0saGl0$R-SHh!3F~MATJ3rQB;sHqj}C42#5K+3(piGCUZuU9(aR zRa7$}%#f3x>v>{u*V05t#r1uu<4KX!VvMN#5HCn`X8D4QpKF>Nyb#A$`N0UoG-!BK z2B<>9_Tt@=RH_I#fwV#1$kszu zV*!*?{#Yh3c6Qm^^PWLChRP^>zk5XH*l04!tvXt;R;9UF&k5PO76NStQ(2Zp#`9v$1r+a{QQP_Y1iig#;I0i7kX1%!uk`N0qL^ z22%C%*`N_p^>)$-K zIv>^im4BMAZsmu{50xLbF3&#??~7^OFTOY4(-%uUCQws6doU4oXrPZIFftV1?wawN zUBBjLHg0YTq> z`>l80dD~7AT8a*rE?wqIn_FHC0hJn3U{wx~k>bjg&n{iM#NqPbp#umm56sh9^Y&+- zeI_)iK5OHqNzsprtCVx+=`*Lk^rbI-{p&x$WmY19yj{m{j9#0X zdhN9{e1Ad1QV0^1pSa0!md9|><~nRh7uLCunVmgb@bL)1pmP!C6QPhE!zrVsk!1!a zCCZZ^ICcgHwpjutLXv7?~7xW07DiA#U>QgzBwFi{kr(1mh(ePv5?%p!)G;2 zvMGs#yrEP_BNc_jc zA5>uRW*l3GfB)(6XK8P~CM^$3yh;Uxye6zC@)qf%cuQGY4`S1lQm+?RU%{%~OON&b zhD9%(PXJ`>9P012%3;-^D1BBr=wk65;jwDL1bidZ?EK>Va(J)i z$b*HM$njqVq$6?5?$q! z@;q+KQS+n27lJ-*|DiDY=chIrZjud=L;I5>T=ERy$C);aWxl6W2=lR9E4I!GmbLqk zRC38X-934l_NL_{L?0#!`bNjyN@XMoRuRDc%39l1`PBs!Ow>hmNTjuf)Nro=)QE72pmDXGYc()r%22>y6(TIj1AGvm8aSjU zt~GrRt$i1#)l!|O?W4Xgbv&u#r#B{s3NJ;SUy>9kQRuOy@xhqL)Tm(5a9qUblwXt@ zON~;7rXXy4J_0=!ZsKUce^7ooVq{Eg$}At_DL7F_YSa;IHDZX;){OlI-%frbU+n0S z113u!9nW^+IV&jKIuce3hjv=$ufcoeC^2t z72w;tV$EeFR-=Pq8gXLEv8a*w#_W}jiL$XKj*Je6=`gM4#Xc%llnZ%SOc@lNbr7?0 zclVtVEQ+nyQxL)TJx18-V}^_=QbBz!A)Qt?SPs}$Lu%$HKmlE;mRQZmEo+l&yc99q zJ%QSvKo!Q8(iS5OPiof~l~5#nsZ}0#8p>cz3_=P{EF}(oS?hUB^h&)^-BOG*-VsDD z1m7ZLXc#r__S_3$v~{$Kx&t|e&D3|wLzyJX5t3gFr{#Z)himc|C=xT9Lgo2Nr`P;R znM$9+DV2YM4)uL$aYG$Xk`R?2o>hJ@|HY)|m&!#rDVpL5!Zx`JX_&K`aF2^i?FF2T zz41u1{Op8>RMNz429JOv)E75#>J{LVzouVD==JfBS)Owqm&as}IC;u%&qr&>a z)ip6OF*zBS_x1I^_S$Kv!m|L>Ww&lm>SZ}~oWy3mL?+bs#oe)E$8KErZ@l1UV~q?M zd#F%PDa1T??)(pa@Pi-z@PivS#x+eTPqX2^QIEKxcE!LFP55iBAs|%hM<0E}V-*~| zpg8LBVD`nJ4nkWMY3c3TS74%EMbw3};0bpMoQBAQm^w(0I8azmX$y|j_K}g%)YN>4 z&gWOR#DRvo(gn^(0xtsQb>w3YJqe?!KbaVahdfD7&$3<@S$**7BQ8OD%F5xI)@^bN zX1*`f%s8lu&fp`Oj&5m@7ANoCMUYe?LyIg3Yyx&i9%(f~;U!FBJeXbZ!Dg)721SB8 zg(`8*>Pq4&dAp$Tfc){$Bjuwx)gG~yo|Qg@eX2ZJ-ml6Jl^@D@S^1&P7whNWM;{+T z+zFnFzy54GU&r%ej39=Xy%`81?&;hDp(J-|+E_;jbB8RzDs zN2X^JNCSS2cndC)-~y6#gBa*`U?)3cQ0^u%77EWT{(4`h#e#XVgW#T7b$=f&|(hF7=C8y80c+R z&0i`v8X!ejzZIX=1<2r&HB~~+fQD*(YbP^QU{4W-{9Z!iV|gD- zu2Lul^c?*HP&lf_-j|{38y>@fETja9`E@`jdmbGa9riRPg|=E%@F`$7IB%3wZN^ja zO4HOGabRz(firTcajvl;8OHguqU$_1UgbPgS8VbB9FpOwM{c-L?vE zHz}asb)Yk@aHNQ_oAo^@*rg%m?2W^j1Tk{c{N3=PFd)Qh8oQv{@-^Rt#t873I3lJR z5fhwZlHV3pb;7W(j4YrpE|LjzY>FWR%;x+8-+24tqp1+yR53Wv>pSZh@np_6H1jtb z6`-m-gGzP2E__n?p}sGT0V3JK%Te{6D$fU7JU9Fh(;mJx-G@=o8jMwr62?a2)a=5Y znR#m_`$h(j9^5-Rys>RnV@U=C2A+c9Tbkabof*7bnAUSyB}8a~w45?pgfU-xYaA{- z;+aRRf)g)KiG*#TJ-L>0K=eq4Ans!yP~wn!=FDk7&Z7{sIlCa8-}~MlbDb1_^uU2J z{+B!^J2kqX0=)Fn@jvya{+&~&PN7Kv|5Ih6_{`u_Xho1UH$GgW?JK?M!f>L~Kq2ib-@=~ut{-fOR&K`un);i^UNzyDo2 z$c^!F(O9)eP*vHsQX5{Np~(OBuL}@6G(9uRfs*qp%-?}|l9dz{Q z5j4kO_wR-;12piMr>W^-GDnb^@DU-S+@d9)i4j38r9;LVApECi zV@qzbNwg@w2ntD^+`yr@QNrR3%XqZ;BvsU;8t&%s?QK009sn2`EBPFw(=_+}zy5-7Ysz7AD%PnT6-U z?LAF-RxQDBmOmvoj9v`UE$Y-WBG;LM4jr=m9oIZQpz&rBH_BO}4zD&nsV?G(mCeoH|R^%;x( zFRN-9fUj=mw-HXRITYTQzd`lv_^TiX7?yT6rw=j_nB*pOr0h@~i|k@(Anq!Qy^ zsj)`Hmmc4J{`2AHFD#q;xx@d1p}+YtrpQ>e!?RQWoA1N9Mm&QInLcgl6;w5zBT^|h zPzOV}%bb!x@R1&+g>f76SO1+)<$3$g{m#Xog_MXcHqy<%uD$Q5-J-$H&8IHKMx4w5oOHy0{dG zQc!Q-*GVI z6o`BO>8GFVG0Om@&)vCcHhg|iW_+B>;AfwG_D}!xC&e2)Jp{X-qJ-L0{UvJb6#vf8 zKmYXWufIkR5l=Bw-1ugffIES!1D za`8+L$Z&r|((KzqfbG5_lxZ)r@aVPaj!;8xQ_DvmeRTKkUA2HOtm&gikN)wGpSiA5 z7V--H!ymr+mw)-^&p!LKykpT2N!6=3&tr7ktsrUTr-I--e*BobFv=K)*RNmu`s=U0 z`|b}~#5ESL#(neZl`Bk}vLT&p4<7uAs?xb~;!}fFO<~G7S-5mbK|RYO8In~a`fH1~ z9!An>)f;Rb#!eo?4;p^T%^4%kavC=RNvpvT%HZ-O!9yq_$HzBEw^==%>NGz)bLCQm zS#3A%1kcfcbm>kJGGs{js?P35=<(|X6H4pr!UM_B9BcoYx(DV?gL)Uj)0Ok-6B*WG?zGz3JRl|lM7)!#I>x#l>a1l{x zAOWWBql8p72F=l%(^KPl?EA>t#F(=R!VfVy6Iek>C=VQzoaQ+{X$SrAGYq_k&HrIy zmV@O(o8*j7qd!R|(T3CKp!GM3CXunYY0QbuevY)5g2vhU`kp~gq|Io3GY;eGkK$c@ z>09!LXp2_*C#*8XlLwnUy};E}ukRaO)hGH23$IA*C5!M?V^TO(yDJjRayUoQ6^BPb z{KEFDBaZb5&Od0>Z^>KYp93Xe1kmX8H|d9SXvrK!j*|bJtk=<&Jy-n#G6E&ihpw)!Yj~!_6rEif-m?_5 z%pYp>Cwu%4CYuKaRBjjMCiC~!r(8PjVn{AM?o#1Q|B{vQxv5N zN|eUADb`J9UDnVtP9FpGDP^@H^lX_45W)o*eY`quCFE~rb~Z&0xEjl5oQ}C0TFp9+ z6fC$_AM&z1CxCxke7gLnO96eSTfscV&|jyE;b}qRt+FsTgEMqtu^8s-i^!pSYD!l0 ztn*%d9XuOO@I}B4n@3rx;k$EMsx5Ld3%zz|hjUjF)%N`C)TLRc5Mx?8uz(cN&p%Af}k`zD~$neIWieQ^%Ys%t{IZA?@ z=EYd1-w5Oc8N$JF;gW;nx!XEfK3y}XId_s)aOqkEfi_qz^L@}G$q&OqI9olO9iqFk z6Hm-hDm1>E+%6wZPdiqE7pbeN=u2JgdQSeVMv|0v!JNBia5)nb8j=dU*kRRB_`o`< z$$c|h=-!kXmK&A0jXr+-goCW+a2~yP@9v-e^v7?%{f4)zCi^(abao=v*nr6%r`3=; zqsPHP9Db;;UcJU;UA}ycv*|bAe9iN<8bUWWH97UkC!cVE{l`E4!NZl~uh^^V)oZtI z-2_B?T|G3#(V0N`OYN|-QCsLGWsyC`o2Jp^r9l%TR~`(pJByK2)KqU**2W^vXv9DY z^<(HN?b09LnxC0uL04S>w5@Bx_NP70xWlM*yfnyh*EZ6$LaSd3b-TQbK76T*q^PZ< zPsT965f$w8(&~D8tZIGlE6`q4a`ss`re~USwd@;d7$(=%U!Cy76$n z_{pxn&R2hR^Z#4-S1y~ej52F_4h?@YNtHfi{p#^qVZ+5EQ3l4=o~>;WHyz7>qoXsV z#p{7R?SE|5xiUW+>bc}b)P*}Cb0j9%IbrWvs3(?J7;OVlP0^wGou1oY8O(Yc}24Ubq1dxfvMapjV53H+jm(nNlKjY})Usu+!a zR%ay~bdC*>`fq+_`sP);%%%#}OS98@RYz>CalMUe0Qkx9k0z+#XyZXk}hx$d=lM(be^EY2~!4KRKM}#F(Az za*Pi4Z^GW&We4<^-G(s+3=Kqfe(%kz3s*1MTibJ5O^ODNZ+T_w0)___71##26eF$o zjYOzdLM8pm=$JF&R>rqCqiLL7!i9HYJf$w#-#nl6;m7cK|M{bT10%;TLny8{&4+J^ ze^5LBqN=EE@X8euZR7p>r_Woj*Jn-7a}9s6?@#-8=d^m-6g>hwpG?dn@pZ?Za##E? zZFow4&Oh=r^FV*+Lzn;J(}(Cmza1V46E?0*VhqH>d$qI@I@ytkNN0dxDH!#|Sbep$ zj03Q|GXGzio5dhnWowNMsVCNv@P$%#Z4B$b1r(-1O0L2Y*l&E)foqtMvEV?kyt#Ja zT7r+rVJF?6UqH#gt9EB2cS=c$a_O{cAsh4KI!JqTrwy!;>+m9!v{Vd z%;e^=n!Y^5vw1M3i)8#`y7OS(i&=eVhcro~45{*H+9(rx`MRZl<|d^E$IY{4>9d@ zHsSmRj!u9c*Ip4@g-R8wHlxFCN<{5w1qanzH?KUnqIF)0 zkLy7v%FqU@7BKCP^tRG9L2v3K_rS{Ld8W{ckMw^b)CvR>#bJX9oLJi3UlJKrXjeIv$nc6$BaJ{FsPTh#XS6O=^0#Vuw^x^B!?68Y+Np1V1|z8!meUM;UG!sbgw7XJ@p z8g~mH^QoW#J3bxmeRbiC>H)BL7QiwsvAV@|??+T#ygGiB=d|Fjc;o7(>|udaBb{UlFW6nXJcraZzIB12p#+!=Q*pka zCe*lj*ZRpIT{`Oq3H_gg^sVSw5UMxg3&@TN=+#a6k8$N+bnse!H;+jG_oMdLLHPl1 z#xTe+yvLo@HmQB_b3CHn61(Q-rg@N(V^qyJ1|Oaw?!+G1gm#grk9-=i46l%t@HMH{ zMRR15`+)u;zbI>V@+aTy^z_w***FJCh$5?rjNCw@-wskOP&5GKeIPJ1rc*-bql{W|u|S8v;2rwAX8+S~NMrz7@P zmO9q>mpRBg06&P-|H_kK-hV*!Nqjqe-fDi^KmKDJoaJ?zN|v+4^FqPK^5r}djWRp9 z*96#FvnnlSfSf)|J+-cN`O&1P<$eL_6TDs?pg;vGc&eYcKr6jf)7B&&HbwycZ)J7; z^~$QfRgQuXX7$=-K1b7rNNh^WA%$U#krhnIxPVstK^4I|SeT1DlnYotuP)4omw@zi z5isPir!>OiF>p5JFAI(!A98|e39nMuu3U=Kz#{T%E>_8)hrfX+u$xFreAVcwXeHP^c zj)&~bZhq+I!`^q+jfV?1{~Ou+E~|a)1vF2ZTQ?&5woo+jGqeWcUQg_?4(==7OE6ap z4XQlwQ!E`e;ZVTCCckco!Jb3Ulu4mtW|AU~R5^bX6c6sgERi3G`RU<0Dz@q>5Z~x1| z^t3~{l#d9``o$MteER7ji{mFMp2Tb2e|i)njL?V9{_@M{7DXnj$e&=pc@Z}(2a+r zK{p=abNHafL$i!|D0wQ!s#|Xn|2==dv63Ynf);7qY!jzm_35Kqqh~W?geCHTk0K** z4Ftn(a2%BTL5`JK^sR32aTU&qRgYJpn}ZMZ*^6;#SU5VosY&9=_|#S~NKDkrtKv2G zKF^q~veoy|L&kR^Lak?6g|rt$66S2* z#H)z$KPEVo&`T`uadIhOTbtW?I%udR#R|QBo%}G|X;lUVK^D9f8X}K+W}x3MwMl>b zt6EyVVKpWWqNlo!LZ6~ANi^vky<-%GO90o!d^Z$lt_P%4UI`HnBq=sDTMdjuZE9;SVezM{n<0Y9s$;0}K0kcAq$xOHZ(aozoR=ItHDdj9KxVM29O;yw&Y>4_2KXrW-*+Um#d?s0nHtwhYz4Siv81D%@e)}Xk|F`_U@>?Gykui79 z?JsBXIk#b+rjn%%w|hQ>0`Ub4M;%wQdPVk3cZU#)>+AV<{pu?R%3Qe1_@ z@oaBHnfi8e4@YI}zL#!(xcKu!ejhQ^>#A?ITQ5-K{H~9@QTzQl@NdnojlL!XOG>C_ zZXC$n{uzu#hFn@)WKw)3j**2yqDh!#advK2R3ZUy=H`0GYqrZ?q-W~}gR4L5N32bA zvuybmCk9%?MUA>HQj;%yTlDG5>Z-v!KQ}jZqJ!+uDT(kuFt0iP6q`_U1+Zmt_i!@c zrW{(Jn#=$J)=#V^Xp~c!NnEG^tHI+1UzZG9H74&8t7`Y)4ca5 zV}r9pD8xs`V!ITL^2W%vebP!%sp1gZ$Opjsub-Ng2eX=xgU@#LUv~UMc6}#r_6LOV zlb7E)TswKZ(^tfR=*Gi2=C?m^eOiC+LE$n2g|1^{bAj74{ZdV&&$T*bq#c#j;{PX?SuN_H0!kv`Is^Fbm8}Hq_ z`^6WZ^S|UY>E!ytyx?#a|=(uIWuVNeNQ#mK#7MNM(Q z`B1tr#yVWoPuHHUTrq$`JC}=CmJ99MF56R}g0IeCw+Sa?rSRy*y1AVF)Q_oSI89H* z(Ht(%jG+SG5-?>bILSjqxZhW=U;p~+uLzPJw4uEN=#x)A<_^nkcOqD}u%41?Ay^j( zHA4KXXO>naWipQC^c6^_L5$OHS>@LG+cv5Z!p__!DEGn;&v5>g3rN3vtzI@gC=g zLc`kLo22>(^;WKW{k!h3;+~2SO@H+g_pa|@b?tR&Xw&TB-r;eDSqMpCb^X=rRmtOH za~P){xYPTmy03xfr+QtL;vu-b*i;@mc22Zj_~XP18H{3BqWkW-xRzpDlDdH$~ria(7Yj)?S<$5=#hBT#4_5glVr-Hz)p~f!Q0eT*rJ_$7B zh9Y`&)GqKg&QX1~9evjNBG_(*R-xVy$#;?)BA{f+vm65*orTmI^_KV_x4oyAzvw~x z9RuH`bp$CbY*8Xbuq1~sLLaIU!m2fkT>{pPhDfc9KZ*h zy5x^0gj32G6TsDlIe*Ln{r9K*FEk2b^Ds~WG&IxOx_c`H?a{w_p!$o5DFfuuM@osG z*<^_!hc@e&=N|DrAYOcs0eqm|qE96rl)ovJnd<}D?OadMjV<_x=MTj8=5M1^RYaD3 z_)7@%8|Yc=ko--1n-T-~x9g4SV!f&gdYzStSt!wopPfA0A7MqkqE3$PR+oK{{8Ax& zM)%HX^^6F67+8ZZKHGiMTBZ*v*yS&xTzL9urit9@Zbw(`hQTq2MX1 zW^*g(<%K!RD#zA{=sqeE75!2?h(!yB*WR(i?Dn&!oVh<9;)E*I9IbDSceVos3 zHZw|jHE?C3TTx>7<9Y?+Xlfdf zr&xP4q3JPYd*Fvmdi#KkIK+?{m`#xZ^77^D%(^UU?6qM6^nYIaOI@TCW@FKV7`f8~ z%VRapB4O0GOrn651f4HZdw&mYp}paStfl%?_Z{(DIPa8cT6z}k#V5Jm60-TqhN)2K zCbZgD?Gd|p`}$>3Rx9?yfChbNr4n7rYISW;$^@PePVm8k;sGa3k+jDqx2^G!iHVt* z)kN-UjR!@Bb~^NE(CnPfg9=jd7TjfA2NlV5HyBmM-o49Tgy`tgqQjmM(n{~fPxpQG z#zyzOw7!e(dl@b-;v4dDzPxqo2Ia`3$4@w|mUkVe zOl*FW=Y2g`IK$``UX@(^dRRzw2EtE2-GBc4g$12<2%}B`#_Lir&j0p*{mY;J^hd!y zE$fXds*(kYnetgWw4tqa=3!*Vm?(WDXA9g@5o`8YBN#;%(qU43F5oVf_1@g6ipb6hoG zvJi>{P2$c3k_M`L?h~pHS@EDDLu;~vddlbm$HUC*jB?~AO&XscPyQ>$p0}}2DX%IO z^=1ciV}11Ku}G`a)A#kDN(@MTu6$U({PN4&w{OuV_G^yu?*c)J2lwWgqERST-T_9t z5ro}W8neJ9p+{LBKU$p4x)1t%f@MxYo`gHVZ27`xgJapsXRK`OA>DI3{F+HF7`%<(4 z#X3N{4-{)D&%fVZFJlw1Nf@Ul&)Gewx31!)J!3wwj(&zdPy`L^e=?#{L|q+pN4{WWCo#HFJB%SL5G+H1@+{AJ50*>qkkKrR zC3^m=8T6YA`A#1nOLW4vui)AGouvxOf<+wcoQQ>dUc@GE_^f0F0^T88Ft!*3w>9`=30fqMG$^fB43 zq@S`M1_Zs_&Dq0qAMjRsm%lgO2C3N_hi6Ei{WYF$O6RnCy7W8}wBQBeI^dhz3!|U8 z%fFW{{a+V}KH6ke2u_89cx)7BV40@|W{ME70f%bIl!q|D1ArHRw{cWld8}@P$Eva* z6iuwDJV!0TxQvXA>TCsY*5v`y8qGaa6#yy}>v3wI{j?qv5-NHt24xvzlDcf`cP-uu z$`-43UDV~%mPm^{^N1rw| z_CLQH`XnFkM8%lXTxLj1fmzptZsREzQ&at=xiC|k3@gvjdrXWeS+Son39}taVJsAd z$l-=%&P?D#OJAJCB7)|#DI$f?O^&2=uB8^TFIp(s9hp%NC+5W=$AxG~@fw(pWH5AH zToik>GXDRwR#Q?PvIsL@f(DqPH3moLrmSUvi_>ZY0X zpo8^049$?{KAa@qd-E7P#a~-r-QoUW+g2T1t4Nhnb@MPll7O}q=MTt`hks#WgZu5x zyaTyAesUi{1`^)Q`k0k=^6~)f<7Y?zAw+213R^YJ zSmHy34DoMhb`@5-htS0B0~Qt7Cy$$^037M+zn<#+bd9?bT`Z^mtiLorlBCX0|= zdH!wF-U3zh4Dl()Lp}txb3g^<(?c}EF>w8qCrS;aOFwZxKJ{iii{)6Un8Dm(In-99 zFrgq~@b^&)`kO$EE;z$bspXY*ihVy5Q{E#xvpbV0m01Q+Dhhz+tuMe`DMDMtSmle- zM|RJ@^2G1D?|E~KA3Y#PDAAfkqF!OQ`6IYSoOMelNedA;6=Zr!#b%pKfCDD zyy7c%Rqag+{ERC`RM56E7pUF~&24?Njl9=nuHjKd+?A@K(iG2ENw-2hD(dy4iZgq! z!Ym#TaXPY+-(m|7ZimYEuReQ+tKTDkZfF zxW@{%%Da>|01pAdQ)6}830B)xtEPnqM_wzpcghL|yE7G$@GB64ir`YUC_?RAs1-+u zm4RO6kuIw?-ne=hsN@gBj}~yRG}hi8f93aphw}OtYTp%>)~2f^8?!Oy9n~V22|0)8P%2nNy|!gbt=$T3$Bo3rNXdlR=m06_9@) z7pp2O_|oeoM_yV%%4wBc8Xl{xuj#a!2Go}5`um{F`E8}K9h}MbHp4J2tnNF%ZTWC8 z_obLFuu}X!-{y+|f&KwYxiCND3wyo1idC~S`|bBt`&z|dgJ(HFn8$q42pBb{Zc~C+ zN1WVb3$I$r(TQ<ci=p4wH@o9R)fHbQJiVQ^0y>8*eUfVK!V`TA^<# zUcPPMl))m-WAgdM}E>)*v9g(^OTTPKgz##~gGdu5>)r}KaQ&;RG!Z@=Lfs&!sXO-++=c%W)2 z57EdR1{)_Eav{BT^~x3gg-*J6VI8@*e*E!ABCX!OeH#MwNODqZMVVwO@D-%6Lv%}# zyJtI!s+voWh~fIDKYjPzcYnBfGkj{D^YHV}_y70*{`X&heR%(uU+B*6-u-xC;qnoA zR}}%?zBhF>4{Fi6DW@$(?D^QKxV*B0FY0Hg(gCKQ68~}mi2qs_QlsA7?5v0M!W5=< z2^{5JfV=8hB7Tf)#Tuz0N+GPbEnu93r$7Gq&L^LIa_7z+U8C1rARC-~cJpkdcJ>3G zv3e!*2G2LTLjsl+|8`)3cl!cC@R6iTBmBjS7d)iX2zLrd_*g<8aL6b;g-SXQ9R)fH zbQI_)&{3eHz(t?{Hi<-lSK?Ahr}gOBA_W)Q!NhFO@9G^l5`!c<(!}QY`e?(Eo&<$9 zA9#}Tr&Ojq%o-~S_ACuFYZY2mI(;OwbqWw+xn|Vn-luZ-^C5n{yk^g#pVFxxv5q{l z!tIZ1VD6=-hZKwI&h>>$b8qf1yrH_nCGc#x#AN&X=KeJCmxsVmS|)$KN5t5ltu1ks zC^3)+kdeuesgTG9-n_e?kkpA}9139qPx^buQ4e}EddaKkt~Asgj8w=4QDl^x18b9S z@bUA-#i_~qHkC6%%7>wx9C9#>tA&h2PU7V%fT@0kfLBV1wt^<$)aW|6<~O{7ld)$Q z3m96_f;9$we|@aN8{1e7#KOmV``OFa^1w}`Seo{#pnA$%DdSsX`<3S!2tw%9V|ecH zBsq!&GsN)Y^?i(~8dvdcrnvkD5>)n9EjmjPGBlk7N!Bx|*3Z-l>;a}j$*?|Y!PRmU zgs&RBnqQb@!8@ni2$_bD4@J~V{eWS>Zn=Qa`w zG1Tb9tYuGO6HSb(@RAP*$f1@ncBrvmO;nf{nAwCqN`R`UG6Z^khf!c524)QX8oFsN zk;h*jUX*Td$P&?f^*7Xr4AH=zzfi=hO`rur=0c#mcN92;0&nnvIHY9vs-r+hfwQ1M ztO`A)GZ&3i_GXAFQ+jcy9&+u7h0vsL;9j@ zjpjIxrnA%29KS>>JZOhvwb6X&a{QvuKK?`)^^@(88Fg0p>#5;Klbjd&92d`?*>yRB z-w;IYp=4Y2oFrPeyjly;*w3%|?%?kS+xI3nW~xEf^NeJG~ucTb8_sWIk@VB~_) z!d_uCT_=W&Lvvs&_3SL)S6ig!;&U@`9X@LvR9z?y^DHWg49_n8o(iMl1cM`$;_@I5 z{0{;(kS=rP59W4aD|9Xaacnd>(%@`+KnIF-KRXI^6zC|>QJ|y1JEs7FfNe;%)<7B% zsuAZW(uouz6>qhca*G%4$kwcn=$OM-EVl9-xX^^2@_O_+UEQpM@I8TXi z^RqamU>f=jNgSd|QU<5k&p!L??%hw+zPPx^0CxZWeNL;MpFVx|{P_z_D>x0dLm&16 z?@?@j&UBg#hg}tM`30P(Ea^`bebNmp8<_X?i3wDr!twX=WhB*Da9+Il4IE?1`yvsP z5MlAvYn?^JL@RxL3632hPD^o=*;q*D_S|c^Fo05c#Y|>cmR+ zOkmrWL6`N%_=0{7!&uXs6vK)npPGwdekyqzK#MN z1v(0J6zC|>QQ-GVf#R2N4On!&Q*@+l*sU8Uouq?~(XnmY>ab&V$F^DCZ1D{Vk@Bt&_EX3~lJ0 z$=$Yc#jK@^S|oAlmh^XO=pO6(rMN<42{S&})R<|bdfr;UOu`Q`zD8FAYf^DQ5AD{Q zAYRVb(7ccWY?Zq^F>5MB*>b>)P15n$B8uJ4Wjhe(U=wj$b22<9!|8VgN{xLh>jLwV zJGPnmUyXe=r3_<;LO!TMCmST0o9Hl;CrI1dKt*_A3eI89{#jwO5ID23O%-ax30f2| zWjK~criLxf8A?G4?}Y(FHAqH;&r*(F3u<*K6cV4CHIKInn^Ia9x@vP+Z-HMv`Hpa0 z`}>J#ya5@fGW*>Y(^EjOWK%azd{u0?j zO(vS#$=TAl00hn|22k=kv1`SNy{hV&pYqL~g(Yi&mzOgX&coM|?Tt;kIJH?#UF~4P z9$i<9o3u}7=I;WL5>$>Bs`GL1n$RiSAZkR2r1O^IUouq)U0;jvGDn4Kni5us^pnV& z;lgjX%nYZeb|0tiYY#M1V^Fj3@)qfP3mA`uoC#0=BDU|!hgTUEkc9iQe)PWtT7(Pb z{`|7ePtQ=SC}B1eyg6D6!n9GS|o@13QEvh)OOAhO|lf7va*QM zsq!dHirAURcgp<-u?}`SPj0HB)_a)DZY9C1@F(#_qx)9=QvKI0@pl{2HGbFsSxt8M z6v58Bo4RDMS$6ADVicxULS^sLGSl09jP?A|*WlfyROE`qsBa?(_&qvWUNWdi)MgLI zo2zu&Wn{Puc7nacB|LBU$m?A-RQq$+4V?^?9&H?DrD(8buS7V$L^$Ami6fGVP+LVQ zw#QR+MkoO0`36HMxE7w7nGpQ_+CB(iI_ZF5J2AC1?E31pdpy(1KwPu8J@;$*SW(m8 zu5KPSpo$TuVWCZA2xloC4K`5WD%X|Lr|Js;qgMP7*i4b?Ue9XBt3?dq5jHx+gJUM~^(k1{8~19!gr2sJH=- z2orv=`=v1b5?%}j`x8t!&Y$EG(4WDY2BXDH9k;+XYnp!O^B$dlYO9dLxBHWpT!C!m zk(?b7JLk7pmzDbQDlJ0?^e~K|B9PzvE(wnrR=>|QtRPV(?EdbMcC!GcsutTJUA2IS zt)U8jU$QH&UBLB}Pp{Q6_mOOVvvSz}e~#DxXaBj5g~*%D$T-j%d5qpZ^Neba@YmE_ zM-OYjF1z2tSco=4s;Gd?BA_Rx6rBERu-wG?P3s|=E!u$^0jg=fGeTw;iZ&Tq%D1x0 zHlo>MCd60#retF#Lgo8#4M>bT-IFgGm6t{i9h{vd-)ud_SHtJuZeO_}gkS5zRr`m2 zX+a7lwcV<=;m?f7UY=t04g!f0Y`4Sqd`6k3{g^76Rs0aqf``93%F4+~17wRtz3{UH z?D{rZDU_IWf-6munO(^hU{U7M!-`b{#ZaQdi}8_rQWdKs{Y}dD1mEr+Bdoek=nQs( z1MhVsBoeRgo}ZdU(kkr3R!yv&`g-B|=dv9?8BVjF5}&nM0wKxOq6T7ld%-*@{Fph1gq=%~qx!zHfKEWsV z9*&dTCDj{#5#Yqnri=r8yQ(|(yyOZ;K(UZ#2f$g*OKH&U`?IgT7|ghNo9)^43t4zc zlMZ}`$KzRY(hj34Ck~1e9b-;65%~NMbfdjXQ2iT4kprKjs;0hgX9N7}umS;ZoLJ~u z>ia7eK)mKc39*V>HX@Sm$nwdaBfu@E!;P{9B9|$;dun65Q zl4aFwXzXi4hRQ7gcYO5ue*sLKg4dN4q;!e|8-Z}#oKLkUpO;ijK@i#VXDI)&oD-_= z?ey<7s`tt~TM%7d6Nx(4ul)rm>}Aa^+1xXq*1p6YxRzd4al>!J?ak*qKKRf9JNa{X zjoI}%p+~lL)KZ2Uzy~|GPnRi=t2@GSU)0L+Z36Mlm(!vC_n*i|^7U*u_LHw^`)Kuv zwTxPR3oChC)6&+YfzjDo2hFgPAS%_$xS4! z&|zt>u&;8t?ifGT7-!AkZQ_f&)sLL?O9LZ5K<7ONdf!hj(@}MI8r6B+Hg|hZ+mMma zKql192C-S0{e<~E9N%t{uM1#GG>d6|fwW1DXwZh`x(!V~0F9I}!5ZD6!%SVFb^TCa ztMpp;VnQM#tJCT<20@-pc1}S`Ji%{~?H1W49et;s zb~_@)+-95e{ad5ubWU&{QXGiuYWqTdRR9O!tD6gtjHp!di-^W_+ef_jATC7X5#3(W zx2Q;;Pyh&`NF6OMTB@@*#U6}<(y*Vq{h>Ed5whhZSGdsS0zF&ZQ$ng(q#Hs!asj|u z$XV3uTNCQNg1y zaK4h!+Q0=U!ASrz!ao5eeobWq*9k0dHzox)f%61tgi~%OkK--_EB$r`KoPkS($jHs zx(j&9J-M|@{xQecL}{oUKTG~AFK7`}biTK(l5$A64!pNw7A74SbDqDyx$I^vN#}>j z=HS03R{Hg6*KQ30Nls6dW@OaXw>I?FG)Reb99hJy(#}+W&qS2&$LgZW8&3+S$ zhE*yB?6%yyH<0kt?qkZA?^fgN>V6zqhiD&7a!dO1v7>U6I3657FF)w|jf`7r-bHK= z1u~-+z9l7vZAPQPu!Naoo^8rUeA%zBk0X=*x=*(f-x;t4UmMF52{eyoZ!S!2d(JXK;uF(D<$oTcHjaWDdNGpL6qc0lRl>Bm=o6+2%sTGU zaf!@Y)6rX3nI}n=@FtR;!~%DQrARqKdQRluw}#xRNk@ITd?Mvkg9kU)PV#V<{*ZJ;`$La(7+$(R7*eJT`7c~?{7{#E( z^&-rd_if(-3$s0tTVhtyg4j}&#SAYA(cqs+pyPM2guEqwkC&5SLf-;TFihhGhvzH) zGzHzuNxZP3@RZcck9R?pG@&C2XbU!Uf%&r*R;i(G`Z?uPkktx4; znVVL4NM434xv>H>k&QK(XB4LB3j6?NwhvSF6=9Iz9Im%w+@#SNVX$c<5O09v`k#CL zJP;7B0&V@|TwR4(Xo!O)PVKJB(hUuq#Y>?~Tx*_GO`qIXFV}a?rm>jBp0TzHfDa}G z=ED+|QEIhSe;#;fi=weC&xa1!a1{}1Jy=k5O`qr;pA`V-;}m$Sx9#SIV%`4mEDNryiD}=*B(2xnrSHWcaoH98uk1)s*^4N8Zn<<|^=Y-QtSarN zO7XgcvW)jK!P+UM=TSWmFF!Xsvpm0PWNR3NNx0%l;qx@!U!sS8!W#>dO*{c%9s{u_xq`lI+4`(*$rSbF9Ue|c>Hxgx?%nlSA!}2pImxLEF^Qi8#W;-$GYK~un~0KV zPfETFLb$jD5KNAk!MvWmC_K&&I3h`E%8~#~<`6!Y|KAq`sRBZOJ~Q1S@bL)+^$+4P zZ_!N^`qB}5PiG2368+uXx(bg~Q@Ch+l_$tP@xRdU&+?YP?WE5Cb&G#=Ul6r0+d;#A z^0@j={W}dd62U`49g*N2PF+eOT}cz1_SXLwzDgl^!i(7OLMDf%_={Gp*83zEzE|Ma z?0Pv*&wk0>O?{*+Mw_!CKZo3&e4unrPKP@?aC+yI9~`-VW7~YOe?&Vb%4NbjCKRn8 zH^;}p=m2KTMwcB0OW>iT9BpTta^m)l(}Paefmj3n554!N!|CE24X4`r%8UNl$_OAqTkC-Ay}WD%GFfzZnSG-0T=LL z`|Cr{=k4^k2yK6S1iJ*v$mbvE>aps&{ju8((zAz%8wD6_RcVdBYp!F?e*vez94^Sf z@r8Vn$c$MS>A`&!xe=lh+Kr#os{nJI&ZygCK{9YjfmFP@7kLS>_kx>U>{zhr2%? ztEbxcbr7bf1$_V7((_dh&yvS*u6|tA!PFiPp`;w>{PuXdIQ0b%`)+-`nr0VyX9-_w zcG};={1j&wGmgs}%ME@x*Z-8c6q*!q&*S>lH$IrUfd2JL`1N`)I!|Id&&$zR_j9|` zby-bM)%WWI866>}IB(+huAGsYIVgbL>_kHGJ(SSr<=*!r9hre2tR~FsJ)hUCU#0>ZILiTFA_3bi3@E`mjegXr-NI$Gk9N|_} z+!whkbKr4eVaWtW(&j?1Qo@`PwLS+W&+n0r^2WEf zqVw)G)u@oH26?49Z|m<9&0(J(T(U<=46#yD-J*M0^IM!v&LmB%1iw37(DNR$njSiH zFInw7Q_I$qL;jI8$ZI$9XHrpRDKDcy2FLbCNzmzYty48i?rpods9 z9#Cc1(1o18Z|ov6QL0YFn%V6?hHd*i>#9yO=J`-4zQz^MA6%)C*F3W7TiZ&PI!gIw zZ*A%r{av^RFGVzbNl_v-Y#G(^WPM06Rx8$bP>Vn2~EI%4bo4Ml7Js_RLzgLya~-p?B-+Ar^qC-(?k-k)Dllfi`)y)wwP!r(%C( zYXPS%)iK%5&VMP15-$6a0t(^FT>_ExJ5YumnTHkqmElwjW`&Ms_qi@&*~3sH9qGwd z8*rh7!ocM0vA5p>^$8&YF4ABHDk4iFgHiq;762c=e)p04_*@bER@DRtS^NQwM`yT< zl}ILDCUQ}61RYV}@NiPHnTZLe0ixT4$VvjrgPK~f%Hz{qq5E&+Lxc0Zn)a+=)V>sz zQa(_f+G4bwmTpcr+ZV`~TEA6V)ysDhUm&Clk$=Lj@B5LgLQ{a?{(dq``fEp~oP@f= zWS9C!Wr|+6kL*-+*Qd;4biTEc2Aa-Yi=s($mB1ls;hVwp=DSw_M_XGz*49LS&2IIW zKqYvnVNtZmGIpU$#2K9f{F`NCjsYnh&joQ`-p&bB)@b@){YOU)aHH#&W+D-N?F6XP z3sUAN9v|uw6hbLZf&ipVH#izl&TJpxyL}$K^bT+L^YCv-{7!sRLmLD8UgcGkoI-b` zTRAiJGX#5%k;r&<0TO_A4s99cX0@oxVl5yFTFf$hFw#o z$2K6wX6J|`#G}~vIyZDA2L=93l6lKukg@q)wme*GpO?4ewhm&4oB3RI+kk}`>2dB`R0+kSAOjTp#6>|~ld(ls>p;llZU z-3B*MsQ70j$Ppudk%-BStLzM1UN5g&QKlMjk$XCX{b;x*bv4frrc%i!LBYC&JQLI7 zFaUvK)^B-S^0aO(FLKIgaQ754z5P%u`_bzIec!vp5kC@A1n9BO#Vz?h2bI)_ux5yu z2o9MRc|}&51pn^=1b&>9=IUrdC|1cY)o}P128G!ue2YHvb52d_>w#%-AvHblgEC$r zfoMuAu1Zlef|&A0ezH1s3K$8og#64ie#w0Y!d0P#^*T}??c30&lsuNa`I$pXyjA}a zD$C=Ry&8q0(BD9Zn^}{I5KkL6GKuRoT!&e6qTe33HaM|!<`Gns1^q$)de(6$_M@&L z$wfZ+?C$S@ma;ejNL0CS^st)=y(fd?+j=5k>_RD1#wiho{Dz+6gky=~7D2<^0&Za6 zJq^f1)@|ltKSH-Q(mvT z4#-1j#0M8pqOJx`sbs(JzhZwU^DTot^E<1{%esFx8x0L2XL*DF^WZN=q99N3|iLyQJO$AUQv; zP#phyIW30mz6x1ChLJIRo0V){)R@WA<;GbpUeR8Eh{b6upn0hcJBW8ubK%GYx#=b3 zF+TRMzjmreQ~ECslF{8agQhz?pA)aU-unf=?gc@IhT`b?GCm%t&zNaar<&~=bByNP z3K*7x78 z?^na@_;QtQVDb~Z?0Ek3Yb2IDpOGF-fT$?-OdOWcvR=kZ@NxoQNWzZaDDq1&z-P`? zhsk|Y?X#etV?E`h4B-8lp0%NdLGAar#1H51IR=ULtd>Nl3#d+Xyk38PqP>~^@={yh z=U2gD<>U6ku6)`l9ap5inxBWuIq(>CqCt$6ca@AbS-Ga>zL1o z{sQ5g(?$`jdEQ4pt6TO3c|BKi%nRT3cs}d-iP~;&Jh72Sr%s=4paL*#SA-Ew0zk4!S3fb&Ym5$->c;1y(Tgx zMfQH9B}V?{*ItAkli*RNF=Ilia`|ug&8XLoSLFr;>HhLG5E4m$VF`M)C9UL#0#)#v z^SVF5ZXKniDvfNp;=o5E>_n%R^&rFGpS!ZERu z=<_|r+oT^rX8f2>@5P;31;&gx?ML`*aCbQp=Kqwh`@|#D2~GFIxwlG7gf>LAv#2d} zU1yI8I3@#f3B(mK+dp7#&Kr?@=Q=-N$9&&IZK+`4J_im2zg`*1jI~9NkB+alzt&pG zJNQcBz$n>POQhc@fXdJ-BN10qh|FRDKBVI*(DBlP3W+B;?h_PcL%A8Pzv}>Aa;gGB z&|iF`L7c~@amH?rK{lV{w-&U-o@?%KK}(J98a6BKf%8<=5KNHguuHU&|RFj(J!qCN*S&(`{#3h zHg(=d4M0stl_tR9ESTP}uVPM}t2>wsf%!%~CH1xY4DJmH8`TX9OJ7FJI@`GApWq=R z{VyScXh+6ZC|RQ@=>I@OZ}G{z+OswT3>J?OOo#syYdlRk#vgq`Y0M6GYr(xc3s_?u7rCoqfEv^0B2LrP($LhC^!W$j{UKV<__li^gABRJSCqr`!f^2KF zgn{Fo#$Z?NbJ)W-oU163Br&#_$M0dF(t%+gnFYFX?&I<5?oZsvD(`?mj?e4}P@gI1 z&S*qpwU7A~B5^=u7(7H*z!wEIslEOe&U`(@LgX&9vln!n_?DE5IHzXzCD^Z~9;W;2mn$PWrd?sQ|nU}wwvymKSqLlk4tPlk_L*;m)a+SMNuQ)K?vx4t5e z@oY}{p_e2A&B_Yzb#C?-@)E5evbjMNzjDW~WV}xc!t#cHn$0;+p^AzmQtUkuu0RRj z5~qjoyt)6hY_>#ePJ+09c*xy=TNEqnySUax527uLEDd&6_R(8vBpgB6pKcCGovSZ< z70W3p2R(*dKQFqK0NUSMIVS~sXHnK3aCAvAoyH|v7akmbJS18*x24Rg&I_YVL}g%E z;@=J^M3D<{tc(ZVax;JYO{R}2BCE$oJ_|_eiR}piA74FE*;P`%aAN2V{G^wmhEPJr z%lvGjaWl1Z+ zm2xMtz5O$!s&bD?9{I~vN#O_-jXi6`<>1!SlaVFW0^Z(izHz|aQ}(*=+dN@-R(UzC zi!FS(4C~HRcG5Ows1$@bcjb>2=Ip>_X+*wFYK;YR=6EoNIRmc zBuM9=(I>GR4R_2s?O(N$h2dED_=wlHwDF^8yz>(d#hWle)wE<7T@KDAeLmmb?@4Vv zFw@%2w&vy$(dW}S0xCbl*I$(Xb*17vu|HV+M5bJN8Amt*$xKjc{nF=IYS8q11Tr@Z z%9<7>h&wokXkY^;Bvju)^3d}n=k^Tu%Zzibyp!VeVK6j*WZ#BMzqzwDWNUdM7X+6q+ zoXJsX2a4y%2=IgW?UdjC2fBa`?cp>6u7t0^>FaVn9?B<(U7P0OiI)8!0uwW@*u?45 z#4&pQ0%7}3BJJsi?7JlQ17el#qjN+2M(12XNMtMrUlg`XYgzDo8g5U?(&>evhw4(I zpAlW}tMHWkP6bN$lG^F#=DrGbLBH4uKE@Nw9_KtjIX=HteNUdh6xPa&|E3K$M5V0G z$)V3!{mo~wYEM*8pXal9-?!~nQ{S>!@N||KR*aG``}{T+Ig>!HU(@Wk*yL!qs0b@{ znbTFGdSZHFa-cMlZVvPLDd5p2C$fEqZL};1`j~h8`FEPK2{Ko$%Z;m1toY(JHeh0nGFgLQXZx$O65Yh=WE}t zVv|oX{qG9EC9>fKDkZZ9(-f$s1FNq7lml8p&p_@%F&GIJX05nXslsnUrG2_+E_u;W zH3PtT!H;m+l1h8Gv?JA9${q`@n$OSzOjQ^`_T!^Tyw+HTsNi41$YX7akaozRd^mkb zWvOaBxX-vTWf=Pa^hD zpU89adbE1LU)ZTaXsDJbOk6fz&T}i2U_|Ml01P9s#KWhvVy(GT4vz!KZY#8GKnxYv z-urr`)B9UM(@s@vjLRe3+%GvUKL>(YE|Piy4<-|*2=#&~QLs6fgZOHX7TdaWmkwW_LB=u>9GG&J9$(y`JzZ+XcbthS?$yEZa6^^Q4Hnb z&13f$yYs0)qFe6NDW0t|$o)C++rA3d-lFpafymFN4`_%hJZ~ozrrcf0l5>ex@H5h! zfH_qu$cwTwzJmTUHI0b5ce<8{pqr-`#3)YHC*>Wb&XLPGA3i~+D|s%us^L)ryV&?6 zc(LbQmFf*gR*ezHIy!N#_+P$H;kw#s{ho${)NRehdx%c9wSAB;X1QboJo!%?H{nKc zPL0xQzDqGD)o-s7UT=jSUj*!e>yjMkwF`?wWKaw&m@ebxOcf?VaGLL^dF1rsXm{q8uh)ldd@u}(n z*B{jvA%{U@f{mzctx|Uk7)pzf@c>%NT32)TbP^HyUNz}@d_6}}Gb)KSslN240a_C7 z)vS}TqBnh<#pIwWE=lFJsG=%=H4Lifwx`bMH5ycF4vr-NpLbt-3WsQPv&|NnrfBRk z^<@A4a4c61%L$Cn>~-fgjVlQhVu8d{5a#phYHR!RRWBesapXD|8y>!@`M_JbxKF8o zI&1K0b8lUo_Kp`rSPj=Zj3})8=It>$lT%1kJLr&n!us(o8c#}CTBPsMZ_TBgX1@~M zrjnL+d}8MOw4v=`O^Ke@vDW*UX3{_V2lL3;SaDx5Bi>*X3~cx=Jbzn$Igso8x-(Fp zHNxh02Crh3**2>h<_-k>E6%zhaLOp&2yldBFu_ffhx*0DQInD$7tW3$Zc!DH{FHZW z%f#u%uUS z0w(t>a*f4^_fJ(-Ag2z+wVZE?j)8=3V7d=%cQi%89~M()`YGOE-tet~(S0#Gqnk1_ zZHL)wKc?fBaPB5UPfHJV39nhljWol5HYky84Q&LOnbEtIqxOPWqWtK7CBY?Mz@G>- zGHrVZqtS~GYIziL(7m-gSvE&7w8(LJz1$l;`irK`Q&GFs(`^Mh=J{^{S_XOCxx@;Sehb?|)}&$s83yE7O;mnw%T zE=TX5JoP1q%BFcy{VS%&62p`gzosw&wdVAQVW`gYdm53;?X8A1E6y$Ib+=4bHFiRN zqBNq=>xg+nEoh5@no<#uxN0nB0Rw#~bBDXba>i&mV!&_VLy*l%;%}lAb=O;{fzbox zfoY|FZY70$xe8Ahn}xX>^r;yu2ZVF_iLI3K&iZC0A8fV3W-|XgBn3 zOQ`kr_V6;Do5=Xg%N(5Q+*ME3L&1S{rUHN-33AG#?K(GNO~5jDy}lE$=kyNpCqJ)8 z*QD26G~k}yr|tC%@|>~U9pJtrg<@F;!1#?ps4UDtE`QvVRUgxg+vxk}fg9S3$$a;F zimxrN{w{lcw-nr{%Tsb2P^}+icVAa$3bGdm40XMA>^+CSHgoO~_Bcv4wiq;8b{LTe zx$#iM5#%U8@8>&{*BvST_V6||^=933-E;G=n`ikwOUwqEX=q1VLKt&!Fi(GLQUCk4 zeHqFqyMU|y5HS%iI7f1u_KKm54Fg_z*qcmLo@4dJ^rG}vRm&D_q4q|p1GbZ>KyAa2 zqOaU^&ccFQ(^GhScYnKO1&WO$ViP6kFxl4#3vQ_Gvy!N*+xo;ly zCn@4A`==W+Wh9*t@^yPv%$KRYn8;A$ldMhXBl#J46C^q5Fq zQh?xfRdBeA*7psjX_RiM67bzkZy}KHlUC4wOW865xAqACEq_8`CfIJj4|3;h==pxW zelm6g10awx%#%;}C3@e^J?luwo>v#v=~8;CIQHGHVries|!b(iF!?UN)r((?0Uw^Oxt`SI{8Z8Khk1_)CUfv=dCf=l%&?of*^ca3a(eNd*{?jWJ|In0M@2);OU>%~w!5S0Ce?$ZNcTaob8BFROdu*J@v7e+ zi5|r>qVkoQIxOmVH&G4x(rF(Vqj-ZW;)|Nzy4DDs0Tg*`QiQ_;_joN|=JkJQsrLhm zvWfSr_SUr@1{|&C$-S24A7fe`74WTX%mym$;MO{konyBiJ}Fou%zeWC7m;C|mzgmm zc|34v@1a7f8mk%cZlw+IxD693=OGNc>5F<*L|ZalO?W{NZy;V&G`dr#c*Lzx#u6 z7@Fd{r4#WV_rYjZVfGg(`^J<7o^N@kV3ukJCfqjgNPH+>MlSYo);sya0mx?Da+}(z zzmpO$=|qFz?vS}E)W}N9P=)q>5>abB-mwwgUAF9Gtgn0aRde7ZZR#`0M*mc%sX5ip zAy!j|Y$AYX#-UXp-#ZsF@kEQ34uqHM{`NilxinjKhE%jVdaZK*-)5ppldJru2mcMVe}}>sD&p468m!x-K>%4HL_Ha_ixcdDUoMlu6#(+ zf4rQg{(c%%;l~Unf=z-SEDdy3KE}@d`aEDkr_0Iw+oxa8KJ^l%{?0KciS;t=^Sr=E zvtdFGQP350)6EPNns($M_|xGU!E5?*E&d6d{bB+JI#=Ww_f~|3YpjAw(lU1m`Mq0R znr_ts4mk8{GkNZBF4Ro3l)Q(r z#^hdVo*KRM6!#yO(Qp;aD2Re5coC1G*Yu1Q@ARzXMB^;1?9Az*I-Ocb(awr~00Urk zuhMGz9rA3%Cx(vOkB(u7q4J#H$*nN2jvw)O(<5Sr?aDgUb~C3XAIXnTr5MlfH+?7ilJP9wD{k_w@+(ti@G!e;^Gu$UyUs z+Yyl9g_J#BM)5a(UYESx-O`t+Sam8FSE-#7TJA7X8tVOVS#pDxkQcZ&si5MH+=lt1wEUo~eLs&eN=^nI9OYnM?Nd4Kn(yp1DXHW^a@8@+jlV70y zeF|y<03|jGjj=<< zE?sI7=@?~Yt3h-tzmO9O@n{`Saovxr_UpLRle3_d(bCbwLgT+S;wrk@jd`xLwcg=2 z7Tp~+I}3`_V!AP9dZW3LdY?n)&d`rwd8l*Bj@nj}6MtrJ6?iJI_R{kwe`)I^A*z*o zWNrbOAumj(iW8&1Dqy=LKMAHI`98Z&S!Z~QKONP3oz8N3{a}@P#xAwP(@B39*$>8Q z;RI;LqX7O^%-x1wMg|v*1A@$n#B2$L=)7e%7)rRuj^0^M?v@USyE7aoDKuCr2#ZzY6Hfsdfa9SwWT5o$`h>YrBK$IxJGWM=w$U< z{|7&fvXPCA09CuuboJPIwE^5tfTNV`G%jB3JR-=RuR0vnD{lLDHv#q)f$fGZgM8Y^ zdh&b!d~?A-87}4gVmr*eR!k;DC|?r4lWhoC&KI<)DneT**i|SzE4N(jsC4+1hmhQt zK!OrcokVNREq;=q{xW@fo7+XE?v_TGxhJ8}qFT4h^~VvJjqO19h~jq}MVUX+A!h2a z@Tb>!?O_xYlEY0d5=$KJr7;!JRo2-2QOQx#_F=nAAxwp-Vsq?A1E1HPl-GM$WFgu_ z+melscl~Z`6vP2LkZgkBF8ucVBvAPqLAGIqtfC8axcyz|bPQ!2`h*!T6HF2%$# zm`Jmfn?U^jqOiHj3BeJb(}#P>uXa!ceM^*gV86TsnrkgD9>zfO{)1D}@bp zY?DX~-Rb$d{Vp_|f?R90 z*z-(4{ z;Y|*@St#w)~%+R1oZJF3tef%io4qZMPsP^km1}9o+5%eBQ#L(Gqk_I)6N3SSvXjcn0k^ZGEGfHS}Z% z+UxMV-r~m&=zQ=v1!=7kgr==>(*wJ#qGJ!>*tlVIOlQ^k$gNPz5dIMO0n5uv*PETL z7%8dME%)ouRArHob;-fFy+2Fy?+3No93Ew$0Q35B%#>J5G2WeOhJ&A`hpLV z^wA{m05(1^al??Op4rwkvEJ#~Ic?tFf2VNx*R{K?hnbVod@?W9)YQT?=(HPS;|OW| z2Uvym=AZPTI3(GAv|Yd?eb4%EXHbqnm49+HXR(ir8rYv4G+a!Pu??3H*LBzO4df-D7~_7AR|bNT%hgXbZ7rNHtnU_}^hQ}MuP38ngFj3{|e zwEib2Gu2O?r5%P`_35ndRZ)|_epN9ts7%`L#9eqh#u7$2-DxQm>`%AfD(Wk85?Fj* z4T*9R$eVYL7#DSmymqC9r2z&{G#e+4JtaF-@dFOce@|qL-k`BRoz-RSrtzaOubqB8 z*9QIlQ8RgHMOm-GIcS8CW`BMZO{>m`CcQS!=J_KKa>SB*BwO2`GrC>BudRt3me6LKs&$q}T4oSU4K1=V@tcy7io;85`e?yfY#mv-m{t zkPp7C06*wj8gKOrhay}}cDy{Y38G7j4ao=rvZ5c}x>Rcry7Jn}R#&s7p~oBp4`#sS z;tZ!HM2$1FrJ9kb|RXuY41JAKxgh z{I!M86=*ap=mZq~H75YGZT{b28)S2o@8ZC4I^V}T?l-Ush?eS#Dd-W$2#mi~<0KH! zMt6SvpRjE^iwK5$rso;8r{_pIYuoEt7-*_A>F5TMGNl~t2Ms^zaEFgXuVdi^!MlT@9Ay>qfwhMsKi4Ej>6pt-`!BF`*2tziY!B;b)YmDm?ESQ(@x!J;Sv6LVW`#oQlcgkUhBfZRl=d zp|JIo_Gx^`Wo-+^Is*UP-`~*O{q^%hUu}8Gi~w80T~xs9C2TfUvWP3!Ao5312T7=a z@08)=H%^(ci1X#DZ~8Pf#V@%N0my_~xz#%suVT52lnN#6Ff&55t3I!X;5e864a+ZK z-J{n_&W?_b1V2ymL4IL}_TTXWKdC$$0Q@{Xi7M25y_`LHuJ2FuLo)IJ0#LX}p0Xbv zcyT%pimUs44jv1Ti|hqetO7nqg%|N!#dVX4o&N$m-S1OGt>Vs8-@Act=c3a9-%svX zjmgrym0Sxcj%k?RN($?lR=Kw@5?zhXrfwt0qIMS*`h|SWD;%{ND2E-qFzmvnb@C5pC>D!tUAs=d=SU&=a`RN$*%8)D3}#ZT z=Zn}jJpE98BRC300$gBZ2fS70Ia9X!+^EdlPgw*NPxLht{hiL z?GfB~%0M?F`Kp1gOXUp}LD41?=^q_cceyK~AxBy(LHxJFW^_RyAOwFR^P&5*Y*~kp zD8V!$!QBrnLNfrO?6;z_qJbwL1?p!7o7nt0TArT(dTa){;@prX89S}AXv>(9kJ+s2 z!;cWH0+yC+eAR=DzoXSCrSps&1aoRy@G*->yEOq$K-%_@bm88g=4&r(1b-s=9man1i{I zN8d%_aP4l2G+LC}ltzBw&i%k|J3?4RRP9$M?q)RCSc$MS$ ze(l(X2v}=_-RW9mo!x-b4~-|r!S`6n&u0zsm}GZCcuHYg!nk=kxAvnf?8JY8?c;8C zl-BVDDXA$=%>vmOIZN?v>!Z0_HY^m6uhN1FI@j%tTucHAsQz&pa~oH*XfLoB^L~`L zw{=eXXx)oU0TKE2jrDD{=F8L^-6&KQJU(-Z7Oru}9Vn&yl)N9l!-B_aYonPTn(di{ z0Y5-C#G(GJ$65^*eM!`!DdX7qgj+RpR4o1K33&xAYtd~f#S;`(d{+ZthBbo1DOOyyH z22-+M8ddvEmJha5kR7!R!Wh2dxZ`BZ)v2DlNTik{8Oc9~H0W;k5Cj)N;FiS_zU)C& zX;=UmT8^GB*S%;}v0`$jbJjS=by=+NYfBv>Jxh3>XIN@z7!E-lXUYPfZi!3z!qb7x zB$aKRYVbnHeEQI|ANzo=caS6e_W*}IS6>9a4>&ERRed+s5iV63?culExGL!66VsrO z!xfng3ZLU*W`V7G@N_A(U>{RsXJM^8Q&7n}J1ei_^A+V@p2O~fJQxZY^h!u?Vf)e_BIacXil!ZP{ui8!^G?{*5Urtvj?&gbmG}^$)N&Prs z1FQ@upkYWlld1DKM&PISTK^vUaNy5GW@d6H9kAE$pFD?MCIIUDEY-ya}7DZ(OzWi=dJU^3!drC78g zaIYBVe%rj@?U&08)Tt=KM5kqCWMxMN%6$7rrH@5Qa(fDCX%IR^0FOOg;40ffT>q7^-F%pSXn0IZG(aJF+&;MEh4n{5TF-OBA@PPhQ`i^&)c zP-rndr3VPbt%g-luNq-egh)1-5Ga72fPiV2p{(PBa#NX;oB2Tsf8^BeFgYnyOepQE zWU7S!8bZF81X489EN)IiLpzZ?DVJ=SqdE@__l^Jc{$-%Bmywg6cC^DJ@RO1<oAuT-rOh1lZQ_J41BgWmd(n2 z!lw%8NvX3Fm4cHYg-E2$=eg11OLveX4a<{{tz7upzo19j%)uZFfJ50UIgQy`1u_)L z@={6cl?K5v6`bLgXd4t0iY6BHgIUA)VuDB3b5nh_7n>RkYID>Culoo>RT+og8+Iyp zR7l`M{_t6V3BJ^>#)lxRr7@_--+?5s63=$s-csv)Y&rJXx;57-Ccf;NaJe);6&9SE z%r3yjd+bvOVUS-ETGC49W9+R#G9QOF;32#MRHtyeNvA8R2 zbvYi7Gm4{r=s3->7%9r|dA+>c=1cB*D2plDgJ|1+vvCI)@DY>>I2wh5`(v*+%*(0- z|3pHO*k<4mdpYo*_t_A8g-6W*-Y(amLPSUfMVcRKFd9fvPms4;-nHW?qOpvn2z@%g zt-(HDiveyfWf)Tsy=rfXl+z7|kLT)19F5U`tj4j}oA{N7(*~d{KwT%QeXz+9A)ATc z{|m*LFgAszMZNAL3qrh8XdhE`ey9B7ud6!(L6Nt(rU-6X>W30BOhc%~V)eSrz|bWY zT?m4Bwbm=Y>va1B{x!1k$w^nsIiAh||B=&zhc~s=>Or5SMvSBH;>}E#hFX z&a04=R}A)&W@d6jrePacjKoNz#p-{kJrlZ6XDg)lR`RFpi>uU(0|vNg-w@-T7kok9 z%3}FBPRNVapyP`Bp^c9T7J{4TE9lw7ZQ0mf{h!`2)OF9Ul7P+!Y~bRoX&i~CF9_%M zf8Tl*FGN=B#I>mYD}~pT5|T?0#io~~(_8yP!4{3UmniN1(%N(FZX`r0AxaddVB(P0 zcAPV^C+^lZrL%8wIHv{SV5?Z^KrVGM%t-#oWq~McuhH`PFUK-{-~Zz4ouVWC!gs;g zP6risY}-l4wrzH7+err<+qP}nwrzAc^*d)~{^w%WtbJAW-PF5Q?Qg&DvmfwV^3085 z%oRKnc#VtNb(h>TJtFLSaQ7WJPf5?rbGWf3^ zJ)fKRtBjD@U7MGeugWyiuyNDUv9~mU(tjRBFrFB{UOgr{4Q`gHc%%&(EK+!$5IqLE zDu|Mhi5j#xjB0Hnc3@_ z+vv1@GoEA66^AI(97*sxr1Xe(68*vV2}LPN0_qP$qyPUt*a_wE%~EfdJ7tt&v{hB} zG$P37oUpxH<|uJSBn9kCc#jb5`a%?7s~5J|+X@iE+E!fN5c_4s%5IEVUp+oMB~nOi z`#SVKY@9GitF>P5eGTNzS{i)Cyak3#c{U`2-&xuiG6_0HQ#E%B33qj0@;c6&BFoeu z9vvTxAKesnS3Eyg;C|g~EI4s)`kreJ)OecbGqKWD~ZR@L>O*D;y?_8 zIaHVUx>&aOcpkpK|M1*gbz5r3_6G@~!5nryyAfZ@7SW>pM4_xNRoNV6q>yVp*cVCS z7uS-3hz|Z(z_y35b0XzqNgHTlB++UPY$oD3 zyj^LBL2(hA?yQy4A?j`dyryg_&PA#tu{G<5I^7)}$AL+F?BK_RapRe_In?9pk~f1m zVQ@jRo!3%2lNjm{a-TL&X>5w9oqg12{_A=X>kO7e9U=d(tWr;W^m{|#nU`MOgMHCErv8Zygzu%v6rp644 zqpjKj!YZSdI7iJWb8Qs}zv_CQZ^*dn<}H_8scq1&hg-233PBvL(b9bdx72-YbzVJ4 zEcMn^TaWRA`npDaxDXmScV04NPE}=)`+qD0Tqv|If@N74AvB^(9NS*lUmw`)u-bvD zqc1LS645E6cPuw%!}{DJt>K2fI&;Lv6hC6jdvA9M3kOxg2it8b?ybK9Hu@eoLtme- zWcFjV0EI@q8YM!%iiDRAi|N^ZaeZ0azF3BBjjlX-aG%a9$Hun*4G@X=XZ!9M4zo8h zqz4R@HoXiZHi9Il+V%*2B;%MQAN4)!QQ?gXk9+iDE_NW2gJDL7jn3;&5Zk}h`F9II z*8K7v!?wH)vWCsk*4cJutss*7V*KO9*R|Q+-QL~Y zUp>n&-Qgc3sMzDl7U5>kJPjqaCd|d^ZU%DH)QG(;l`tGwZwS-%TfErRFu#0KLCG~( zURI!_MAvWkxr;2~EY5Vob3o;FZgn-oK;_QeNc|B$| zT^qpp)cDr76==yORC|8>Q=HTNU&zqVbXptGw`@9F&n*Nmv&)+foAUoyucX*8askMn z&&#n-yIAhtC#SZ>1wOeoCzl3J;pZYSElOg*xCX%=VJXERna1K|it^%PRBEUD+i zNXJCC9#AST=9#IG5I*ki?cn0tP)OUPX#_-BIk^N#Lj#Ob`&Yx5^T64!0AFUZz3y&b zIlUFN9ZQ}t;RGR)mL>$fv(ADv6F3CbgzKLsW%^P}P7Z7bO*edc;*9CoC!EU1J7|uTPg3 zXZTZ7-EVA_>nx;{8*OP*`o!p0toooPgUbU0ugNbL^WO*I=j+^>dS+i0!{W><)J2ki z=TZg8v=c+i+>%~{AtbCSbpcwAaqI0bz90`4V`uy&Ya*jg?fC+~AcQvwG4ak!JkHs+ zo_%MfBmbuu`AASwFrn{Zv5kA?f~BLOq@m~Jm}@z)FkM!ruaNZhrfY8#B~824@j{*K zw5%ebx)jBTe3R2 z7%kU0e)016*$5V)Ci8pb0Kb{Q=g7$?-*W15HN2+YzuOZIweNtdiYTpV?aR8(8kC*&+M&yoqZgVuT0HNz$uTH%v+@{*dTub(4V1d2|nrs)6A z{Uw8K5VJ@?E?MmZ-ytZbh|~w4dk#aO_J0@-0jG$O>}2CPHQPg z4t39+=(P-EIF5Zl0WiYhVuE0Yo#(hqWfk}`{hC|-sck?xX7to?a}9f=Cu1S7B{ZYs zVs-xX@ezo23e6B3Tc1~nradysfmef1NLV6zbn*A-v`U-fLdQzQ*(?ruC4<8*IyM%~ zQ)P|p;T2Zt&ICWmoDXdN7;6y=-+H6aZ48wG|eo*Mu7&wu^TpE5AOcnGAN2X)(_igTAAxZ-7wvX4Rl zR$%0(z3P6CD?%X?$}l>o{U6ZVrk2y7J&IbA+S~&@{T=53^`S9Bou3eBG`0VdxBrek zkf~*(AZHCmBpSlks;g_S0M3S;>~Skb;xRBVv?FZINaXZDAO0j3$nb{V17U4=FDYu zDt$TRj4WYWva3;PHY98-NIbc(^&pZzLnDPyG}IQqm)F|KK<~%-fli$}tBx1*vkaZl zD^6H*$zhNgIgks^rgYY^9txx^Qg|Te2cstZg2i=Tm7Ls$rDMXclTS)3YWHV(fK(pT zhotSJGP>QYc-y{$+=k=5`0v0>+7Y50Ga`d`7lumd3N^waoFEg^H*L?7#K zi;tT!<~(`t26i)o`YqC%u?Y8lBG>UzGypjWsJO?mTERfT*p@RV<{*Pt(}TrKY1nZ^9QKL~%%5CNPgJx7y5qs-tzkZ3& z(9tr`R^cFk``}LBlT}#+oh@(GvAW#bt=FnnK*`vW$&LVRo6{mg-DaAW;`jD4T5P}0 z$|_4{t*l+-B>4rMb=%;&yup;E1Mv0cTTv;DiSnl- z&WU+-2r7ZkM;2}ArGFxf{qv7Nf|}>;Zh+L7SYfCA9&apirgDuwOY%`DG&1G=G?1G9 zI?&U~%?w^fpP!V%pdYC0UqX;vQ$tQ3ZrZPr+-GaQKuX`c3Z;QR8cZ|3zXx>3x2{xU zN%R5w{%Bajh)1LdOTn&Dv826{FZ1cCcP%4H-^X284g?hV`tSa_5gnLF;ulTBAEdr^cxX%wZ-Ncc;7%_CZ)2 zF!iCl7?8w8ZWEvVCn8MgXr6v&X8Uq|ZgbLQ=EqLD9zd8YIy~u675VROc;1~6S7j*3 z8xQf(81`KD>%1RZK-RcO$|rX3ZWp93>*JSVjy1n3_wZSTwL0kQEq1S>S2VKoKfK1BVbCgK6ThbO$0G0X_}`&RCf(I)&UIpk{%oyVZJe(kH+QdtR!#!LHvo`*YZh|IE{L6sZ!aBzbYmOZ1T z!MP;B>!0VD7B%CcxWq2=Ee>x;;cxbjSju3ze(gZ&J1=m{#A;f#f3CVhPhA{XuMY+E zx%pw8qDuT^%emAFl04%GHAHDB3Ge}h?SI{7xC_uSwf+Jc2VFh;TZRd8#-e9Qitc{^ zOy7_?MLdUS5-6;yET;i%fqdwe7}#7<##;9xZ)W%y-o3*pWfg!1w+b>CPMoSJwL-NZ zFzkQ|vu7v-SPUo$1)X_PJ{4>Rn8QI3Cpy9;Lv46*=Dj5K2kiUmDig>jC<$Hg+V*nv zggeu6qF#032{YB5uhr_G+!z79=5du7TYO#C8NcZ!Xqe2>ol3YCSg4r+c$Bp7#y<9} zbt<>YBjakVyCst;RdWVJwyAG_|0(^?H}-GG(zaf4eq+I-Z4T|QBbEu$h!i`&o>x}} zNMU2#f*07d8+XPu{4~T>yE4b-MC7pE%KN2A>~B3`Tx`af!%#y@9E|98lDlntNi&u@ z=PqeoM{anxU2Ay9k&~%CK8AijlA2eHQL1&tblJF7d+tFG=*y=KkbOGrvdA-G%XOL? zw3kDcXc!Valr;cIrC0D{)mm(DoQ8K>Xvo{ka1`9Xq%iyF6U!*E^3)if(^r7$Kzm^~ zT;@Xq$E-h!qlI*TK1?vYtR>vLjJyA>Q6NUjbOf`vHU&xTSN?}O`Az1^J0AyIJ9jwZ z?CHsk^hVDh;B)WHg&?D^sG!sl?)UKuo5SO)*X<08tzNBz3RNP-7j25+2xJP;>-xQP z5DpJlQ?l2{c%$7tOL0G3)Vyf!cYA!AIT|T-Fn$s3-_~^bbkWiJn2!B{GW$3b0Id1= ze5%*zE%k~c6LN(i$XR=^j1c%4hE|;~l+3KQfvKJ;T5013X<;7Jk|sd-?@?u_FcVH4 z_BJJ&5Y?iNWRHb}BXDzbllc>Fh%74$7vvC_)g)+h^#7p;h|1j7$_&9vUslzeR=Q`H z*5Tw>1;$#e2gs-OEKRPX%jXaZcm>{-5k~=M%Kk$NdJ5Tfs6NC^n;0NPrrF9B2)?FCRhCTZFP?b0>9l z2{loDG4w-9gTfC`aAu!C$IzaW>8wPu1x8hEM>-{=m`^DFjG8@X%XJh($O@DRKi5-7~bA>e%U+=H*>2jsYC^^+y-6?X~6;|Fz8&fyA$ zxnski4S6)+Yia3`xo7HXa4+mQ8M@aNynu(?>f?QzL^#02;A_y&zb96zE@x2IMO;fHV&S^O-XyX;Y2eG@58FK(9gX=}= z&nEP$4L?7qk5gusV?ayS{qG*qa1+nR2Mvn_$KK!W2YylWo1L*m7tO@g_Oz4n<7{_AI-$*B#hT` z2A@yd+0%jAo%nd{J>d0sqOvl2qOxw!_Q*e+7I%9D=A#MV%nr=9-1<*H>so9KPL9jk>sN`UT#dY(2-o`VRN|ak1rxlD( zVhSbt0|-hjSFhOVP^9?h(3(g{rpHu#h6rzKw3#L`J=`4QMJ@8U-RRuwbelBBLD`qU z1&BZt;^|BltLeZ5Eq>h&z~Ly72&`4zS6fApg(`$MhbKs15m%uELsjVfAPZ}E1$_7J z(*??Hva0+3^462cH_gWB^nwr=aHqfcCUCbCTe{nc=Be%hb{(yZUV?3PKZ?O0T;5NM z*_;nqS{8bS^9iNRBzHKgRBw&X7!LBd`E-Vb0mzmJf1ij@Jx4q0`3DI+`-g?2=LY-p zrvC}b{CFSUpNFFl;H7jDe~&*-W9cK^t!G4jEfOJV-ZeSRF5`0A(?8SRU<*T95)w8i zcA(V&nqz5LIc`p?uUCUTD>4~i?^Zi}LGd1Y^qko*8ugq%#?8)cuP4z}V&1+xr+BT81dh2oS0#M~LuN3_>50Yl47Qz};nP@S3dhBm5E`auk}5N2$-w@UEn5 z((|BICTPWIE@Zi{W9}eYnPN}&$kg@@|0aoRAratp98F?5N3V*#!6j;?`Y^a|4Q>tY zXf($3gwm43;ZxpaN->_s^yHCUXC{zabr0_w1BB9*b#=@j9!4W*b6)6ZI!y7zAax-{ ziCJYYdKuQHg1>kDt|U0);CP>>$3&A1+A)TI-ex%HzMI0kq|M>;x~AtH`F&YR9KZl}C}p zl|*&Hehn?DD9n)lKv9aG>?R-?O3;QwohtD(*&?a4EL`I+F{}aX85skvX0@8dT<}tb z&0m1K+4j`vfNBKAMq7Wjjs{oC-B^-}E%+*5w=}avWL8?5$L%iBP(tlvR+jFg9?;!@ z%gq*|Zc|1~v9WY%Cg+b+DLe&Z!BVuE>6`{G4L^Kh(bdg%SC;R?^VB0I0t|N2{Fq{9 z+jZOm&SXmU?-NrOmjzAAUa!?@GZJI53jevr?QVX-909lMkAEO~!t<@;gR*tnQ&|h{ z7vMxUx%h~7!Cr4lRXKCgLS%0m&nd?^il>AJ1+%y@ZD{Dl=?s?aLUMibdxQ&8I2G0a z?fal`#1!AYvf#riQ*_yhk$iidSdj5SSMQ65BjYp4Qn^(* zV=_EM1MU5OX!n@>14=oVBE-DM3;!pIJzgfajEi_q^Rd?#y735KrE+84w{Erwt;Ce! zaAyav_!P6h(8W7EUnEml^I_*3d`B&yZVz)eXRu~FKZcx*e~kc`Ai zBcTz~)hfE$)qDrx&w|C(4;rGGsw0azD zcXjN7_AD3GT%DUvjz1<+EY8h6SdF}za~6S86j8kPol!_M!e>&0rS{`Kz)5G-itxdq zZR^#YN9#*^`crh(m>``nWcIjRkf#MPN``|63RD%}uC!z7S zVR5h1r6H~bK7RTTEns(WL+KK*)ti&mpI(?MSnK`{a6%;I+KW*0BGQts(d}_{aBeI~ ziR~b3PDo|S&a9p)Qx3Mj!D zRwcw&&c&`GKsQ3BUamJ%WPEd@7-wO3z3MbA@!2Y*KVzwe^PMlHI>=)Jc9FngqdPMB zPGNXJk^tGDA*rQl2rRbPZOCY|AKlf{;m!#Ee#>wYDmk>fjrf!aZO31hLJ8VjbYt8p zPwjxNL7L+FZ>gf&LEfNu1vVqv>0;HM7#ld`z`OSEv-ovLA_&Z`t*qDAB2)5m)Mq`p zgoLrPH6RSVT@6I?TsXe9WNtAPMoasN!NcmdF9&S#V51M@GGA<)VDP%>Wmz?G6ZTFxr_~L;P2lDaADna>7x{)6yIgmZOC#<*P9yPh4Ts+>f zD{o0`EiEu!H?;mD*fH&c%YYXO`4HldR z>u5XB64W&9)f4LU)+ALJE?8UI)wr3LBH#BZJ(klSyeyk)IoI25h`j5xx@l9|s(m|? zQCJM$7d>D4SZdKRx?f-KY_DUfijdAstDi?H@4%l4@MGdnviTho12@*ImJW~k{kiiE zVY6Jp7>bgkt(~Y?9fnNM?aqYM(x?Vtca|Jq^84C^!C1fA;P`LAz@AVtgI0@4EQoVz zo3wk6p+(rzk&V)6QYZ9K2)mO~xwX`&nRjNm+R_SijSdSWj4EU+|0Rtv`cSl6vP*#+ z0X%MYd{HNU0lsrgKD3SL8Vf_yev0(N*0O5pY3l0eWx2BmYdiQ_>@t3-Ey&owE({z$ z7(U7nPiw<4c_lR2Y(xIIjyxYSB~Ks<=W+i;z9?nvvAQ|`S*%SVB%1vE_-yMM>KMRh zi(SVoLj68LbZ7~?af{*1_cwG((@A?e=bqaCQFW5&6qno9^NH)-F?VV&!mr{V}^Hy(nSbaZrC?P8Zc{{QftS zd|2Lq%dob!F|p%BDY>!Xncx<_NxlH^qh?Zsx+z%{OSLuo%hQ-2iYb>Cz6-QIC&^IU zWcA%Vlk&iy9+Wz0N}7C33}SN8ylk<;k>&ae1}tv7tV+l z3J^;88M9vZFH$uM9N4qjF-n8`m)pB5kU!DGIP9$1CXp{5DC1limShlW%m>%iRqT%u zFQR?P^6>O+$eYNwy9E31_fAQL=>SK{x^C!86#>N#ZSxvKk-J)477w5Yp#}T4*YIv9+@tvBEVu-(d zE=M0m;A!shY+#6dcj4f%iwsBdSi@%i%v)ZLLFuQ@*v^5uuau`d<*Ox9n4l;?z?Apz zox<`=z5Zd<-eFDH5@u+*SUnG0%l3LGqPC_k1+rsP<3?u$NV#Mek3ZS%W$gF5@gsgW zJcBrxD8jF*Sc=8@_8$k&wk zME9_G{5N4mtWs&AAgh#Qvv>YNg&cj_oeLy_vGwcSb8Q6pCl+^Bj@Y%wgPexit$*Pa zgoOp^I{* zTo@M-*UcAhE^bv-9WnfJ!(0q|)Q$vwX?zSyS5=SlDkP_XJA>yj5_pb^KZF7fi--#%52OxVI2&~&_Vc`+kE4OR z`)_M&)^Q+o+YJp)KuzNNRSR^Rj9I!1UCNZMrNgWV4_zM!OC_VQ7mly|TKWI7_5U}a zzf}p10CRS6C5ke7bc*uxsMybFld3ChsGQdCeM0~{+c6Z5mj?&!m)qzsJCP@hZ9|HZ zRv}$IJ+wbi)BZ;g2L}fR$MZ|_<3u;WLwDZN(pO(!;(qAX@Rwh)OSDd%!lkq23yYax zzt#)TsnYNBVuz5=dr$kx0vI zmnB#W6_C$-!BMHjXJaKqpUsSL3m4Eb>zG1e*jt+K!GXWP-V~Ayx53Vk(V4S!iq5NN}v5TBZB5-b{n6)f-OI4dk~Ovo^xP(9{!K zzufIl+P+ZC8SMeDVZTu+VJqsj{g2HG^_q`P?;|OBN0ji&b&0`MraAT9OTiO2Pt&+W zFLkh9|1MbHgmZ7m2M!{Q0%cN6!BD{pWpq+=|#qu*hOZdJiLpEg26t zM1T3}-uDyd^B-DUXODz>wX?p&ymjjjR!2Oj?9J*;8Zw`LtI5rm$(rD%g8iN~)BB=I zT6I}Cv$Cq+ub_phhRTwmpjQ8bz)7nF84Gwo* zPF2RnEEYVhjMH-MX2MFH9tpmz zIJgFb`1nkgVA2Ixy>Y2`Kty*c9_6tRFh2aaUnCu5KHcg!14dtS-rnH_1=W^^cty?7 zjE|pHfF*u(*L25<13*vLFbL1shz-T4k-;n5Zg-(MKvBcU-;SN0PR+0kSz#@%cDvr} zax_(hWrxK-B*)wb`$cK1rdgc6uCmp&h40hlK#bYR&GED4ZqQ;vxSFW|BcCgOQT5mh zohu+;%rA@gL&g99Xy$$tW)%5H`LsW$W_tK~t_b{n1W3a2#gJ9)mP7;5aGZzyN(xxi z|K4?ROtZbhI4Efl{6z1Nz4zJj`{*`v=j6m+TRNvmb*Ru$0q3&s$^G1vR1sOqm%W4T zw<e!kaoPFBW~At*ksjV_fTmrF{R6QW+Y(ryT!{a`dv zMgq)L z8pTeghGaJe9Xg3XaC(RqH7=?Dw!|dq8R9)@elyj`04|+Uxu~OfO z?KcLY=2~2!Q>cJ5x1GmS2+i`auxWpW!O6wc7wk-#S&2~A5~y!X2A>S4idrZEE)Z?x z2aK#^{P=j7QC7B#3)Jbql@X4If)Yrps8=<$rAZjTi8WWLDg}Km9Tnq`A7rb#MDa@Sjf>uC^YQX;J#Uv)dkE)W93^C~9|k^LI0x$OsiW=6G)>^F9W&sXhP>S@cNcQtH;$ZjAXnn;;x)0?2leS^q8_~pkMoNAypZXEuT|;ZWfW$`z znO86YnUeEDzF6h+=p~X%aVl_L11QxKzhaw4K>%07LzEZ_5+?asNGFSgIHe!_*Bj#p z>t_ePK+y-uAM+rI9J}V>`k=MKQUeXi=o$WbkRZJ-+xyzZ!MS>EpO)_JjV%|$!)P~t zuC+NPEB2vLNhI1-Gc!x?+AKJUASuN~!d10O&m^Tc-uKQVf74_c6I#s-T*OfQ^K(!u zYaCx#MvS6|YF*Bw(F7=aJ#86R`6PKKS|bRow)Vf|czQ5}tlIWqD_2ylc1936q~XJ} z(V=fYKjzFf^u|^LnWf1pB{Zz27Qn&yP|>^NHr}9HS*|9M#*N5Sewc_+;?*GS&Z6U% z*WE!hgGHfEk4Br)utD%D1scC@j?S*-NyHOiRD?f^ZEF;l6}5NF=yNhO-Tz2fUp)_P zyOkNNlbARb)OXXDPq~Kot7#`FKd=PlVl6%%ZEq@ES|&)S0XKB0qQiG25C5H=q;v`<8oRf*r11JK7crZ1T-04o2#l2XK7Q(wcr+gka9E8 zq->B0F+xeza=08qHCoVFt=56=H>UTs3WpX4&o2c?8+o})3NO`kf67eb&P|lMshP64 znlM7z$KTmHWd~1tk|#UTeo0@-Qp7xjF3evc)V zSWpj_xdB5zT;4HTiZd&JHl~Kv3yMYn)8{ZgBycpd`F-AY`-048^lR@AagTv!V>>>6 z@*NsAbEaw=frSJU(OtEZKeR}QZS zGZRx89X%g#sF(((*#O_FAney#`m!?i*Ff_%c(WFUFki3UShcA)kS z;u?z(d1+jK_(U@QJLvR{(VezAd?d6>@$&f4ao--1a;9y_6f%*ISP_PFj>Y7qJ9L#l z8uI{EaHmy>o^X22?psTD%OKKf@pdUpJc5niw5CKoY98UK>8WWgEp6lvf#m$o%F5c% zrj!D~aLrQUJq_7t$t#X2If0?ElaGt(kVkEVdd+NmsZNX`N=Dp|He&H{QfZbFh5E{v zWVXqPzpY6>H9gpJV`Q==YH|hjsAHR`qf`YuGki&s0e}G@skT;hwZstA%*xnGn3^Pj z-ffrUYvRhHn@pY!qLqrC;uYb72>6s2)eKj@&WeL{b7OmsfSwUC$i{J5M1j~AG~>2u zDN^@#0vBKP>ZZ)4R(vr=*Cj!}?}J4!T?kA%r>YAu|I+UVw>PI9Y6mXR_Fn!{{l$kZ zASNFDSXgfF(`ht`$MP3GCpCU<>)4l;ITWj6WQc6}&z_B{6g9GNehGz`Xq9gtuV(%+ zXL&^^WdyEDwaS699AVyZVl`!2NpQbrR6*R-{m1c(O0G?enmFp0x$L<cwUtu)g&81R_+G|RYtc-*{rbI%RKvw zLK^QujC8sN;q%&4YqD-*7V@i(4XD*VzXcP{WzMK*u``BM>G+FW{(}GD+?k&%jfJ*N zKKGRIpX6jSiwzDfXB5$&c~f}1*to8#{~|2%W5LHG z^-Uj?@F3-(2O}}c!CF}rk)I+YMbbl+4?4-C2%S(~c$}Ywf{OOx&+f!$DS|1%VJKY- z09_bdJiQ@$J&h(gkxlmX`Q3}JBjP&Oi!ia|%xI(l3*Nh&V zXV2sU9V$t?k4m%?!98&}0VP7T|C&zwz+rHO<_33D@9fk&z?<GC>zGesq=Sd4 z=?kVZp3Yj9SJ3K@ikxT&`}kX8an6x7`=^QjM7FXRqKN(DQ)cbDkMo(f)ak1Z3Vtz#_eu*skfx6 zoS)mN`eZ8XWB`-8Xe9-j#7IBXK7smV(k zx`__TBUaXU)n+kouC9G^E!)?v*l$-hul<)d7f86vj6&9^f}8fk0bAjzx(|G`x$Ih4 zSeV7+__^!6ZeQMZ`hLu=h+1{odTOXY_d-#Bj~(?u05AIaoLp1$Xayg}3CYdY9P~+J zDM~9I<@_QRUGLzz%sU6<=u5vvzB5wiT$`W-`Ga#AE_?oF?z-B_22%PcgPr|)#x5GX z1_uvd#k7hS&0SDE&Z1X(9ohK~J$%1@zX=PQk;EO=#itv~GHO+kS++a>po2-qM)PN4$>-9T;E!)Xpd}odIvR_< zygV4NqSAaqNF35p#IAl@_yy@#E?48r(F%5~ynD`WTwKHX@xec=7a?K^wDBfGPNT(+ zPZ1Ss&64CSlsoKVo`lz^>gS$2gNxuu+SA+GEV&#YBZv!U1e}PrBZt3c80i01mK9+y=LfeaB^b}k6CTU{tg z>fb643kNMzJ``0Vn|{jRimowq*MBmxfV;knz(P0q2Z}Ghhrtu^j0FpNbK)b@TLZr9 z+r|1kjO-W%@OAGXwE)^4_u%RBt>jJtx3sF+(E*(}CbS{F`7CNaeti5#HUF{}YENpT zUr)^C$h+*Dn`P4PCuIi}w-{m%KveG404xNt1;FD8;RYXV5hamB zu<9I5;XStGtz4JuvZ|;p4Gn&G;0zKbZ#@|&i@5pnCggjnfCx&`>Ga1x!T2yB=J&cY zaNDySy{hL?vA1a9GbO;!#E7G*8_)3*)^WF?3)d@$1~f4+tvgxQtU4>Aux65QF2MiA znF3sDIO|zQfDF9W9+IvJI%MJTQM+5~!HjzC@zJ@MqQb-rDnGCh>%?t)7BuepWi`?5 zL}_JladB`EqCln;p8(M9dIbc%TWmKw;|-@ZOWlp65X(^QF=eaNE7v#r=s3bijdaboo$IEmXvx@s> zFxcaj$PCZVbYqokgS5o$4!5v>RLbfA;Wdmu&!JXui!gPWIq}zrhlhg|u-#>>aoTG1 zDkIggx}DDPzwN|Oq1j7`$aZ?ZHzp@(CuQX1EbD2nuE5_ouw2G>+R&eh&QgjE;*L!H z7#?Nv%#ExLn}DJ`<^0ngFfvmgM(Y1Xxzi-20pa z7Xbeuf5`&sWbIb(DXnM(E_hrU@!A3zCa~ieOa9Cy2Yyki3E-gXRzojD zoKaoufxZS09Sr=*W=27j&@JF`Uh{f?VZ0qooogE#X7XHRjQmDS>vSGOutOjmsHsYt zYh@c*WF%jHUrCd$50U|=L+rp?zmr=iK`q&Y8t6!(9DA;!naDT#SAJb)M?O}-{0;X( zc)zB);&o4;!OW{kVbo@AcXYAZ$)el{pmvU_{DRiBuDx9=<|Ibr7ad7)4=&fr|5hqI zJ$_4@NEj9`4aXVKv?iUBA16p;GL<4RWZ5}EFS5hP#;j<>*YMxq95JmeFYzDWU%swA z{K0lgTMT%E>y{V)hVGU1&z-2zxJ7K$5PRq`&SWTyR95#TART$3-!D8Exaua;cDm1} z70p(#B#SuWguJi8i-o`pOCSK=I^O$J9T3gL{cqx?dHy3paJ{}@|4MxhJ2wrx_jg#L zkh(#zMSuEoty$!C@Z&WckSAz|$j;HQ9E4c5yUXvBX;Nqr!O!kJd2Z99HTz zV?^+_GQxVxF3$S_+uaV_aJaJ+#dH}49b&W<+>#jJcS5BpKY$dpz{~`JqWa-=!FLVu zlj&~EF95L?|2LQSRoRkFmhi5JcU6O62S1kW!tYL9z;{OgL=c6W(3e)o&`BzFoPcQP zVK$MCVS}jfo*P>AZpkgraHt{BN?L;Q02B?lDL&+uc~X&X0La&i+Pgv~z8;1FuKw8^ z&JZ4$Y%*FTzld^9B4ig-|Ac?|^Zrn7gSFx)uejCg4W1YE=8Iwe$jrznK{LD7JQ`ow zR2M*oVXX9id(?#qzPrL}Ylx)*#b0o{Y8nf%dU&FmWJ^}~ z>{SuG2@WW1Y(p#a8JA%Cbuyy=IEs4Xe{zT$6~)A63;2Cyf-KB%*cGSwPESu0#g!u^ ztPa>djo)HyYm*sgdws9$VE4r8wc5MBR@P|8Ao8j73Sx}h{w-0}RM0#T6RXzQvwqs2 zomKd1Pa^9xE)cTmhr0gZ>wow5WF68w_7DDKCX1)04oS$N@z=isWrXsEfdN7F-HK{; zknA*%k}e#iG;PjGbtme9vX@_yH*;)^neQ}i%4<7_k-_=-H{q7r{}E|SeI%R%0t{lJ zB^8&$qTz4q`GIZa<^?!HhSS;a&LO5E@+!1$6)qkK5FXOtN)aO?Pa_(3;UXf_fqJ^a z6huu^(p3wW1}%jMAPvKli{2mq);Z?c*_l%?NhY}-aw$~0T9wA`@9|iidz8uR8eoNJ z5Pz?`6~M#WQC*XttXRmmr7NQeI@qZ+xqd#4)+oaN`y6p~RW5+*HP^pTS+6mT8IVrA zcQBT-xHh*y#lV5<7(9#COACqa4r)DWxuQ5R4flq!Eup5>_yatbRh_bumf@vU9^vW6 zKrcVXsQ{$5v%a$(6-nA7=IZ)#8BT)?NhjDM*%NV{zaTFlruW3W5gD{RvLMa!6E;(% zcHhVwh8KEyp%heSdcSMObBR@K3UHuX^&B~Y)o1=#oFHKBg$(|EGWcB*N-=Kicsb+s zE)91)CiB;lI*28j>b~q13qPa8^+Ps!x>z+Dk49?M;21O>D&Q=(MpsKSi-U@M1uNx^ zK8t5ysAMqA8%K64emzc>K3P<}s3W_}=}M}ZWPiZ%in8zxR@~lJjB(lg+fq}xTQy}u zDJmX=7!XG>cr{qUoWN&^nA__Deuo;@?>vDdU&-E<^6sfcSLnm%V5%>3hO!zguVd(u zV7|0G)z@fKylqJfp{R+8L>frvq92{s%+7wzYtIleP2rDRoBk)KE>%o~WSuackhe!^ z8^YmSSwqSBlC{o4yoylMcRJhfY1_`{-Qcxn{yxB`Ql3eRPwnwq*Ig!Md6+-mTuv@! z-$^9B$r7rC)WcB{Srk%$Np9SIw4o?Ete&40CSlkg$QjopynjxE9)u-C_Mhxj3`Lh^ zApiRQA-_w6;a=FUbOi`b)q*}$eOq4HHQN4WWnujmdkCtEYbXdhDO~n-6MuYW7v=K8 zNJTrL_41*2&?kgq+=d85NC`rfpIKQ6odK%@Ao7)u9|(}YK2wYwn#`-fItuF9Mn}k+ zj`zo2we?Ig*oQt6r_CRO-Wu9lkT}U7S>!Tfh%(<9ie9Bjk7Xm2w@dIn)A&KJztH{` zFRUK>EP@nqyp1R24%v|;>AdBc+B32!8oB9}dDc{X?IZUb_ojLv8x{m0KRtoQWbsv* z4N)IfR#tXDSOW&^1DS%GG3ONMD_tLLr2O_~DpoJs)z& z)EJ*6d2~O2pK-=WCyH>XncEDM9Q{81eD86{)~c$amAcvLfajf*2nr7uS^|+Db84tG zIZ>$^&dXz&lqXBxBG0C_vUh1yI(0eu>7=@xqarkZh^j_!Rt#co7SZU-jWBSH?t2)? zeSA#Wv!o#}hF^)&t#xv8oFm`|dVhE4a9j=yAk069Qmtl5Z$k+6wPBbB&e+Wo*Qj?f>P!b)Lo&#N3~~S8yVchoX&ySHGDQLa(QP z`y(TxlE_6u&PjtJG$TK~8i{@0a|xT#1LBxITwb(W{m_ev+=%w?oxz)iJ`1-23Cg@X zG4^-LKc!oA;rwW5<$}|ci8mCMJ(44ErW7S6MHS|>arEeBu%&uTS3QTkM0qgWF-O{D z%WsN-nvXI0PS(&V;dRCF>cf}8>OUPY|1o= zrCo_AKjwFvk?mG`@4lt&D0qw}T6yB#_cv%L2OOfx4IBLlToJ4A6n$z%3^fa`z96gw zYXke*o*FFEC=;=_VUHeD_5#D~3XMT7I0B5F19^G>miGEUXiZ(s*rt)2=I28ZwMnVr zr1s$veNNp_GuJK9bNmB;6#@bR%s5DKb{>|*J^B7y&H?0v>}@?;O&)GoNN|C%D%iH_ z`}yx2pPq@-C^OGyFLlefTERC#k1Qs%?;m(m*0Eeo&a5}yqfLGm|4jKdo%j~@+oyAx z+xfIpXSz`ExA5%lxcK_|24&<4Gx(aGI@0uZMDIyrp}TdkGyaQ*rZ6p}z0Q=%nZlaSk;Uxv>}^y(6*A#qMZ z-W-k}WrUIaFq1mK^7bquDEql_-n(dC)`L@@x>;q&i6=v&a7}t=1a9RGhV+!cd^;r6kCQs7UCAd6gv19vaTp1UdW{x7E9fxWUW+}ez7+qP}nww+XL+o;${#YV-pQL$~?>iwRt`|ESf zf3Wu2b3GX29>yC`6~pOw3q)@2q~)>s>s)Jbd9kf5{yp(`qRmE(m#60dpO1B%wRc)x zx96FG{32&fX#C^l-1I1_xnb#x__<-5qk#RQJsQ+_5G2LElDbA$IMBfuCZmC~U**($ z>1FarBdR&i__y<{b47&cS`J^KMaW7lw5-O{HbJzmqjH9(9e2&W?f)KA)_( zomid~L~M9G)mvkU>_m8(KZ*0AIPtWw8tU%9im`pmXv8uK|A~Q-McgZ8VG<$wlE5m> z(L^YKW?^~cto2vEfFI3fpC$e#+RS3iJeU$=h$Yr2Lhukc=6@DL!217SR8gy02391@ zXcUk*=yNdAJekf&ipkzC%+}IMx!PG0kj5G)T4Kg?oaWp{AM`B=Vp&zA!P^~t!UvBJRDCTQNkXt$qv=N<5RA2rgMpe zOo;X_tp+W!+u;ylb|1O^k;PH&aOkwZK$Ik==xbj`D{L6ktGf4AJ33<$3O&(~3JwW7 zx0f(wvHz|d;&HwWY`ZlmvL0=dm(&>$@)3&mfl!`x1CxvF)wEc{|I8h6>TKH$D~RQ^ z+z6RoYMSnO995`Wl)Na8sHwm_5p+Se-@IV zuiPyQkCkB33SxSUb+H49)Ung@cc=XB%Yd+Nkam))%M=$^S3Vy&A^V^`x06J}KZHjj z>nmd-Ny%FbKW~^&0Vg9>{!{UUQL0{(o)3FBA|suclA)|f<(EqQrDjg1``}2wOLQ5yHEcFlgZq4`K z%3qL*jPj{;Wz4BYx{aXp^Hui(wm?P{9|(bnh(WPBCpAb3&HJ}rFS40;6>JB|my|VX zP7!rWD*DiI#;%OJxu63A*dz0onwRmfmE#rA+4}nU)oPKR>+3HDM-%=Xph3L;fF~j} z7M~9;$cxl?VA(&55PJEleft-bnAbm#?K5<-zMY$da6tccou@T3R-=xcM49b@2xPQhBZrh!zCm`N?=9Z!?EJtLO`mq3sV%jM4p1u z{lwnxWDEYcZCy6qFS8WZ6YU{gPze5}W8ug0uFOa#j|h%&<&7nrj&-&;Z++*XyNrR!rOz zyL1djQCdaLZVEx}`=mI?>%e zGn41YS=(*#s+|a0N*>H?e-9fe;_CR4ARi!8XMyPmrFXe+0w`sF!^O9+r{|Rv>1G>G$zeluJyS# z2<90#mp1=o(t!G#^HNoL#0#C01Vk2XmENCP+c0w43M!KM19Wf)#=iy%sT31VC%8|e zI$h?!?BOGbuIyIx2lRBzTALb*;x@#WHJ7#i)xM9C+I4q~b=t~TQI`Ah z*9&HOJ-ryJZXC1kz8 zLI3xGG$A^~JY!;*#}CTS2(qV}2x>?Cj!a)Q^OkuQuHfeX;-Gap>VGz}Xqzg`kZaXN zK!kfly?))N4dD9^3Ilf36Y1_HiGS~X*x~#3+oi9KR|Id{n@q!>f$t%?Y3_F}H|ycE z9HxoJb7Uy%CJ1%D7?kNjDSqprUc0llx6;vhWX>!6@9;M|?0>hn{{S@M3e%D`V8ypL zb<;keTdX&T)IQCvv}91e@c{>;`62r*_kb@IW}rqrCdLN3jBkd_8jPT#;Nm42)-l?fBf~=$?OEn&-`i<8Sk0%aB}BQczf0 zo-pWfVd5NJFIS6jp>B1k>o z^mIn_jx{B*0e}Wazo12%D0M{C(+SSzfLgu}6`Q0x_fH#D%Xdrmljw-KB2mwjq0ab> z@IuDVucq9kGi61U%@ky6?RaSuE3#5bg*TY0#Vs~_{9>*Ni`Y0he{T0g&pzHkpaD+d zfj7!TULM?aK!8+^lv*QMtl^x#tn3$0Se}8hCy%w+BR^+at&EHjS(WT|-XG<{?nAXy z3@IWyp#AXzirqn?j$qPiF!YK3^G4m4V5=Pehww9+6}0mG2TTT6cel74Ucy7N#x`la z6=st8Q6n=52nK_Wu}0K8Y4RY4bYl~f{rsO#O3=0RgM%iBoEjCjMe8}D7HnmDM#U~) zz?SUuU~8lG-T)i7)9Ye+I3}Hkw=-=+6W|xTg@Spc5_^L>02Cmfj|T|_xfwZJtZc4@ z55Xp>BW4(*K}2aWmBBu0>xlV>DzI)4HPQL4H=FHl7Z`U&Dm`%KyxdnEejm^G_ZeL@ zzhhU_o9p9KC*dJXO*O4mlnzdx?A$dZ#i23bd?Db-zR4Yc1}n4XqTW8>madh<&eB%E zVL>m(+lp8kCVa^3B{Ef!?LhE1HA1*&sB;RhoULUt_8eMV!w6@Pevc&z+~@>~HF1!5 zV5Z7ecYB!c7&)+YCQ z7WMw`udKx6_|7B*(GPgBL-pT3>E{o-fy2 zSV)R_&N*n6xk-!ZEttITNU$ftZFB^oW637nYXL%D7dY=2Qt2G%`TUvXrOaY_f}>t9 z)-Qlh7|_7)i8bN`fW>&58-rAx+d%!x zi%;k!IaO}caoFxsID%O;Y0@b?#f8G6*A}h2cqspbzy7gnP%Yv7LlzjypNvo4h?7soz%-+VUQQ53b^#A- zFxW#@qNmyH$zNZTw$-Qh?^>#2ZHmw2PSE7RBSqC8Lcu<4L<+<#H_DI=ll9&(j;zGU)ewZh3gj=Hgb! zWMpQ#r6}mTDytvH2Zoyl>n(WQY;W1F)T(=q<-i(<%8|l4lenr0d$jWoVDsr%a+w+8 z%w!xNvo0l}s4}vv9P1kp!9( z1q2AzTUuBU2rkc)OY|AJ|El<{Ozegu3XMLcu%guMlQWXEjnwAt1{eBSqmoE!a&J7W z7pwzR(cst3f3wZL4(oYYsmP`S->EL9>p45m&;kX_S1Z5g`c=6d^sM@!N@;<RK-cL48#=u@vkE-LR zd(llInE<+#{yxj0K;hFyQPMkD*zyN4Db)1| zBOagU91IkWf5{-@?|-pFj$jt1>NC1B^Io4~$xG?h8RsOLXsbr58XlFqg>w9$d zu!tqQZ8fM!d^&2jYs!kZaPa#CA(jdOMu+T4w!c2d*;1ADk$t>hnejO3;eylI+hZD6 zaLz(RM$0>VMq7n}_}@o?4&q<@ILi`xCWB!gbhV=V?DPyH{NoecqZ{I*d$OZ1*)5dz zqt|`^!zmz;*+5HcsD!C|ViWB;(l^vD66@$cvIrpb^4E6PUQ+`bT7y~!AUz=o75ou_t{j+ht}y!ZzU9w0FKEBT_vk;lv9k@j1vf# z$7f_0%Tmt7sQ4>690%;h~ zWYj9hQ3Lt^Dl$U|&{*NMGL@nAF)I4k+fx6?tLiG+{J4)Pqcy^IsHc|vV}7&<5zQ_1 zj&)MO2KAN}6Qo)t@C5ye`-i5-_or;vchi`f@}6bT3?ewFZ7_w)ZUL_lc;T#OnYbbO zFSIcyX;I6Aw5Xx7E}xHUeF0}slql*1XCliKxE0YLel9K|#tCBwe*(zRUjyrl_BQAP zMk%#8I*S1s6o{ZQsjjEA-xD*FW(RnPd!gz`R)VHJFxY zlX^?dxQT<$XtwSLBk*0Rs=>4QfhiSsTraH0XRGJm(5Kcdw((BiO_7{JcY5pBaXqPkpeP*5-HD*#OS~(v) zUNo&D`riz|UE5)yo_L(*zb$j~oJ_7Sojb&^go3Y6!w;4@Q6$1u;e{P@aa7v?PWyI` z-^+TOuIM1C{Z(#M>9&OO3EkQ)6!63(B&p^}WuoG^23>K$n1UK74Vri~8@W1MN7q|H z(=h2U!0i#~Y#}m%e$jo?Ay|to7szOr(-Zb{H$mNrme*vl;0#-q9&i z-N48PY>QFJ*~gJR#S+WWd0QPC{nkFt8b(W1BidiiE*qn}Ta6`<-7D?5*V%Fs(7@J! zH*IY;exXG}%plc|aHFAD8MfN5>-~-pCi_?N4SKNR)A4+dt6UNT+v#yNz_=j=Z6EZ# zJ5NoMEB?q*4a;+x#C)Q$sjd2oJNc52=jG*zla80SkAXp>IftkTMLO?K>`;%x#57B@ zA2Fj2FJwp;Od?D48f^V6VcF6+@h@86x}h)*2suexNz;|r&s*Ol9FIqc9A9K6fztWh z_2vZXszZJ|cxA?VYs^adk~-RbbZ z7>Y{fOO2$tDCIr|0A&**d(XxDd>Rnm9u`gSG?k8$Zh}(fvNzzhsnF87A3rv|@|lOy zbK4=dD^mQ&Mh|JJ)YF++Mt z9sQ{DbtH^yVm2So>DU?_)$Qw@uczuyakF~ne4vJVv=+?SrEj^6%j8>< zzc&6Yey#IlxO3-uJ=3A+r z97T=wy5{sW>8w6jFE6BCiqpk% zjoB5?bO61PYb|KB+rEf3oMLJ?xM{<=*VFwH02Q}Zn^G8f4?LBD6*BUm%3w$a#m-8^ z?Q#9~;3VnBzNx4*I@gb*pi??$YPO@56-I*?C+$%yXJ*^1| zi>n;mN*8%*zJU>ZnRR4DbD3!ES#r&kY}jK*yly`~sE@t9Byk6+;1DR&mFN~#H%II% ze6m1h$&7(uPe0W+=1+!HNiQCJ3;e~n6*@68~VHZ2=y;9Ihe+4Q%A z7YLhh%AtCzagJnT$3bB;8un&lOsnGHkg_Vpr9d+ zSd%FZ3M1p#u~Mc-cZR!s8lo53skvO#^i#Z$q69(HNkWBlRx!>^XUPe(p=BYFWP(lJgWBw3VOu#jSd=)j!+_E7A+~p z&nv1L=}6!vo1M^fX~L6#8ECCV)4r|^3>y>%=l@5r)x7;17Sk;Pn6??4)7I`A>ucehUSYel%m3nBDMx2-$2>+rKiMV1)$)-1J_-1S zeBonDQB|!Y6!7Hwz9-K+Ihxc26g2~M#!JplHbZ($SVzHQE?4VI)hHM-X9J7+J-*bs zZO4xpcrfdL?Zx-W&!>lt8XSS{62NBN?t608iOsV$nvieQ^tl1-pq9)>x?FLBZ#^;l z3kB4hFP2IKXT`{>cih51Ttb^~oGwyuDRl^*D?E|xvQ|fC`EWmq>3@bYLe1V-h--h( zMn)iYm}t$69EG^E>PjN^vJtFU?v{s!(E3p$jKu_}Oi~n$=wXA9fmNT8=;oa*#iySJ zeh{WU#8!)~=O?qLb@vQqv{``OX+&jhy5&+(!iVKz9*v4n6*s=M)_wZM9xDJg?y~qG z76Jf68K2=b2vrOi+_3|O(ZS25Ata-}CoiFQ$(VBhF}`7K4#>@Y#QvV1UN(gYvP|%N z#m3a{mqe$FK)a-TGN(iR+JX}&ho8@5JW9QCtOm1;tAbV;=D`6@aNQo$5nr=M0M#F= zhT~%kCl@;HBzP=Zie@!QfLBWrnu-4FDg6VBTHUmWYTWLfO$E@NI(CLll4D>Tn`3u- z0;mtSa6-u{z zR1$Q!4)NC30@zxN{1JP=SeO!$%ps_#e{F*B!iv07)|Qsy@^UhAKCfDL{=@ohBRtQr zBz8Ln<;kUGjb?3`=htE#RCQK`lqPt)xqW!<0MbZgwd)WF@W2JZ1>N8PpUTmZYsdas zhnz)I82|tC^w#2%z2*89@p08NYBZF1skWZn3~(YMAl`X6F)bNqXSzzzggiB==i##%vvKdl5-QAC;GF^*=@dz%AMv8@o>IW?!U}I+U`Q0#J&3l^KhK|QW z@FS}rwtJ@4#WLmRnib1U5XXtaQ=)e*@Z;L?DUR-4U$zuddG`qSgn>j4ztMm*>{_nC<8Pl}&dyqeBl zo=#fHQ2a50z!v3*`Q5WyrlUIH8Oc3=E1`ERt4%nMMRh=ooNnG5Ip;XP5Xwa4yifV+Stzf|Oh`q7(86%pBVel|4gt1T{5{V?MWaoXL%Cp_7Cb}O zpiW&5_pQd3rLtkstI_;?=QG0G~LJ2N)@Hr90O z-E}f05LS>HsC*4!ehyFO8lxufuXn(=h|y*De2+qdjBC~~QkPw=OrI#=>Au8ixSz&Q zTg_a~KO3V;Hy!Re{O559Y-`M>tGl~u0g&1nM5mhOg>mxKb@xp9E&emEe%O7R$eb)G zTNnZRA6W~KHmLXmAUGb&W-{h`^$2m%OKAP7{bj_A7ms^-ab~AY%46DrcBsU%*I0%c z|CUKOROVA%a&rlVUCQ>FoW@iQ6Qho((}znf&Oac!_qR+jBaHY!GcBFlMLhpQ1|r%S zB#<&Pf^I+-*h~}UA}loV2zws0ITi&1ly;5j97c40xFSkZkwDNLKWC#8y+n&Tdz@zb<9{Xa3PN{Vu)tyx*Sy%denq1%09O>*4*&m)!zR6{Of}yqe0j1mZ`OqGJVD$ zt4fP&w5T$XMXV)^cP6E`%u$zX{+osH08_5neYzcYLok;)7+h|^wlqBhmcpcGa@&__ z>sX2vi&O^_=Vg_X(&nMAs8|C!md0UA*VEshIOckq3tXqXnouthprO`6n!iMVFa00@ z^tg{UCc*6dX`d6Rvd-$$>2RvCW&XDtpw>{3wFda4LSwKo;4R}?6e;8DDyo1Yz{%=bpMPPY_{YK*?ZDV(yj$t1% zZ>UufsS6_OYt$%kGD_8y>@H7RQ=NBrcaVq#jZcWI+cg?=rt{{3XGg;Y7V z+SBA;F>{)9`tP2gve;Ze+X)aJ1Fon!%KtF2qHByjSL>aMLHj_A)SJ0J(73bwE{=R!nlhM04v7hD7#Rred5hm=n49|CirKtG51+TpNDz8;}0J%H9{j%Pylh*%ile|jX9)LyAI z1dt5<0m*+?wRr{%2c~*gfv-*9u>{cFTNZ{MWy1l$Uac|sGu9K|84|k$pn!VzGU4f| zC^q7M`tlEeUFM#Si~E9DDlx!GW8-VizJ^W%^26tCM=R&(@-{9&pnx7gU@r@g47Ig| zGBQT9_?;R?x=p4(!QzaFX-_0O|naKf~C0jc&H$=NQJDaGE#}6c9HJbO|<8T#<#NWlrUF^9Y z93V>kiGK3H+=0C#Z_a_BAcgT{2#*bCD!acwc7A5AXd!@aHEUzrONGQ&fj9dP>a%jo zEj2Y(bxJ5P^_G9^U#;Z=g_HobCM)-*&@A%NcUTiOJqtH>OJQL(9)WuY z%7T4cy)nDplt3)~cyHOfoN?xsd22p|skq6FS)x5nAjyoSE?l0 z3w{hOdKoM$IOhM+aouakK6c-C} z0(CyuGQZaH0TAzCrp@-hSt2zbx$kw-IIw+_q}9o+ziH0}MmlnToF+6WgjEc*hVZPz zlD0@u=i1*R^H+VzpdM^6)DMMev7_?hZ&_Q_kB`fwg+Ytf>NPGXMieQ15mwFw#2!W>(bl;7C zGVADQnQ?G)cY+ods`$Kn;a2PGJ8s{L{D?88E_lMaWQlM)>?K8ML@k$1 z#B~;mituTrRE|MuHGswgB>8^6z=R>r*0@)aIO`S4mdJzWuS7A=+FYz;q*eT2^ z6z{rjs{>2^5o~G|WxiHp9zKoYAvc>Qry5 zaw{NFJOf>V8nxq65Qe6AwP=@gX2kTK9Se*WK?L-uH30a`p>)!AgWjR~AAm=u*SvR3 zwdfL)(x!KeR!wSTK2=hV?G4Da1eC{x8$VuT!{s)C%%VbCY$Okke`;Rs*Pjxv1tVVd znqPCnPlVKVhkwC+c=@OM(1<6R7Ln@!*C1k8k_Kf&*c(l|+}iPGJ5qS@*!^A-^06M> zf>v|o7a+*~gi%lE4G}(-bOR#t>(zcz=E;n%G4AuI`Sfgv=K;GA)9hb|Mi-PbUe&;=|~+I zoUn}e#HYg3XjSp7l+;ad{!0QRoHrh=JcvCgOly2L>voHL?JN%f@^GNtFO=2LFxS(L zL2(Z&OY7t#hs!zD-NibZjHOG&N;&NMb3a)p`1AM>b zxqQrrhGxk>qMs~a?Tmfj&QnqAGyM3PMJhX-Wp<&}l0di(4D0)ssJ6qH&bYTXygiR& ztJHXo#<6SC6slNWTDOB;4mTsaGTuFY?L-secXM&MmX?*RnEx_^g$^l<9rL0;SvzlP zHrKD^Av?2-o7@o~XgrvgV#J(wF4tr;+j-Qz*r1fJ!-r-ic5%vC-d)p!Wp9n&(7IW* zvemPvjDsjkPw)bM!fh*T_zu3kX~_E(A;}1K3x8X*g7O+?VC#R++7cZeuv~ged1S-E zdBxaB`;Sy30N*)ay!rnx_P8Yyosces?dMC~h~XPE$es|%{UpenJnyRkpqhiS*ocuX zstak6|G7KO;Mi^xA%>uL7)>N)tAQ3~h9JVtX#%RITA75ZE-nB*->DhKT>MMi(*x9q zLoyfBr*Hy}Y8pOt{2I8;f)1j=OiKp$dWJS?zTZMM)ys)pNI?$hR^ndDRc?m0foq$~OhG z(JEQ0J(~k0{HJ`&3m1-gE%K0O_U|FW@$?g60S)=~OH?++j@fW`B%c191R~H>{BUrx z;{X(0vnePaI*>CgkBqqhrV-~0qmUuKT+{79yvg_Am(@OW*Fg)D|5e4V(|l+x?6G$f<@tpTS{b_-2-|w%UG(AG(96 zH{_b`{^t)N^`n7HF4c$6NT_+g>hk{-ldB{v@iT~7!tTagQ#Z#fs;?Ii6axPK+NDsQ z<3ng+W5lSU9?eAK-o+Q=N!H49gLsHPEsc z`B3>6t(J`dPTw$a2;bb!?M~&FA(sDJnLCB{r9i5xIkFOwwh_;*``-Dgx<>OkAZ7>N z;oMr)J*nJc$08?Kb$ z_d1)Y;g6EQ!K{l$~yid-?~OWfe!9|LxmymspxhjozF^zjbyTO*XBSpO*+It|k^O7)dMKsf_x~Kaf8F?kTy?a?S-rJTUjKqiH z`EL@)KFPn^pCq+L?-75dBlCrJrXX*#2Ec6MQ5xYT0dP33Km@SJxeq_)H#40V9Z6vQ zE<4mJA2zbvEV;SrOR8l)?;k&FF6U-XIoB1{6EYi(HGb)BH#vr4T^?_3k)?FXBo(le z=`VXAK|(-KVn9KG_QlF^xLug7aE8U>UiHmb=iHmTqk10oFbE#IzFC>>x!Tk2$$YIE z?nG9LP@{PU%rNlezCNxt&I5cV`S?5v_J{~>X=5-|LzLKf9E7xj){Q!U=gI~Jadrpi zSfTQg-Ly-5c4lYgdFFgvo;OzvAd7G0UGQ#rK|i<(TA2`wg=!SAbD0r7CzaKb?y6T0 zfwxT$5A&0=d+P1-$`F1Q6n-!Q^smw4(p$RMpXVWUz717%c@4?%0bzl9a)T4q_ef{c z<%ee_OY9L)-LPzI`R8A`c`{>eIpkT{{A&H-M~Z@5e$StoD)!O_U1*dE+42)04!oHp zl7mh`rF10xSAIG=@B1;jiZjg`x?`M_}HbyE-ST#K6R{5zk;@nNhvN5JC z+3hm(&^_|(B&fZrZtFv3xghJg{$i$&BI?h4SM2Xruef^4m~=y)I5OoPZ3#;vax#P3 z+gP7zB=PyXVPx5EjNL;)&;VG2lGP$?UKzv9APfu+)Tx8Yr%P?78r>URiy)KzLTJm-acUG1)t085ftr}gq*OFnk~rI=Ld%q8kMC+~N>xdDH<^^9w0 zV+A0i#tPGW-u>}FbUfB(f1Ab@(?|GU1?dCORX}aQ=hO||`41kY0mzd~Zzj8dv6_lpR$f|lcjEi{Ur#?^&Ta`niqMa;CuXPH#UZ(hYVK+|5>0)8xdtL0a0?)m zmCiQQ=xghMOpth@rOb#ygk!8MuPEIP$DEWXk->|S!XErVLTUZ9KdL%4yLw&v)wqH0 z6A+0zZ?Z8b5rT~0%@hp&X;SEIc~_7SnqcBASH%f3WE1WNT4e8HYHRLd>t&YfWP#9E z5Rd7DG!rS{d3(C{aMGmDL-$viv*Z(?+5HonURxvZs6F|lJ#AbCll1li5r%UU7+RG# zqtD!rYzL-P1>V7tC9Vb`$Y|I>1?y4v&~WtrdXjJ1`*wVxHdq!P9L5fJ!P$P#Bzlof zjsUtqpZpVu$83Ds>!6rsNZd68tVZ*(M621_!ijxaB-fGae+6EaBv3C4)*2!{oF*T3 zDDl+3aNp3&@~=X+Nt#0rZXOQWV&z-B_{O)oII{xRt@^CWXth9#!2^68tZL7us#JpZm<8z&T@<7;Q$1 z=3@CdO6z(`zjTJtr&e|yeufDG1kQJVCXEX3&Hzfl5EZWHoVa1o=l6mnc@{FBI+ywD zjYQAzPw`7@OSb}MfYru@9Uu+xXQ$QAbY6};v0yAV!4ZoXA90SYh3>ISTPtmZJTIqS z;@kr+RN)h({B@h3!`Vf@ed~`8z;`P;e6f5}E z@FPI=HMf5MF`B>ko}+lPB=eb^SVHJsr9 zf3%+@q(kTOYD^i0)0tYUy@#yM?H^9rOipjqf|KX`BS}`^6mjp2&;0dK5C_T^@Qq?= z^sB$RpS)X!krk@-G!V~rVOmB~$ITb18c13A)~Q`fXYy77o!a5dnz}44dnXNFvx$XV zTQ!(*ED`&?Ht+xK`Qk5KWpBK;vE0_0n@Mq;z{(jo9?H zXZHeWXX}C5dLc;Z_BlXXnu2x$89qqHtk76pYd^(Uo7GY}BB^iDYl*|tlaDcBjd!e_ zz4jbl0b!xLF-{@V$xen>9$n~^p@z#g)#4krepnikflx@#Us5DZG+!)NWUK%anGY^m zGd-3U%M#S>PT%+;h5#I-cZf=q*AuO*1nP1kuBq56ZDK~eL6t>MZKft>mV_xMBy_7O zm%MdM2&>bFUAEnWe-cll`Kypcq`Gm8Hqsa+T0`be^|@I3gerchwPbAOujq4Ja07o?sGK-Kwck-1!`q z?@aY``)Sqi0FP>Rb*nqUiU&>CX8wWj^8Y@;HW0ry2u-FBOwSXTsd)Egng_~o6QV{K z^gxQfUL(ayemgu91sJ_2$jojH@u|NSsA4s%!6KE1JcsOAiB3hkSXa?z`+>IhzNanv ze18u2&r$bAaB|q&ZnpX7`d%PmZv2~LcDON-rXM2fU`4rvEmobUa8hGPD-itoWNlwD z2X~&Do#l>cZfesKq07X`5vjn86=!F8pSpY#{Ji^^OPcd}@$Y`QsEgIenPa znupPv_vii!$F<+u4`gj{wec;@=0f|ynH*y717N>XDU2WQ<&gnn0KMC4Ym0@dp7*+4Oinb5b9ZxMW@L?T1ym?$d9huNOL zh0PeNO;UurIb|KP7@^~ETZfPP_lSK+GWSR;h3;%&`vM<_mLQ6S2wSFK6Jo1?{}h5k z%BW8tuNfbKIx#0L#g;qPnC6te6GVMivNLmZG~q!2v4{RW@;FY{I-fiL*l6V?p!E~& zF!i>M(@2P_j|f^C8aEc%KSg-Zf}TzaRUO0iqX<|3{7Vu=3uW*9Xmz&m9D%m9aW{V- zkrvSMd22VFz^1`W23eAurdNiRiX+Ii`?Ma#f8OXPs$xnu-@Xzw0-Wb+QtP{g~UD@XM!4acnE=?yN$%4PVl-=p~qeoS+p@sPmctM3&!ONe4J)qYc zhifDS`7kPc=R_63UdMsxObOtV?@vAwV~R1u4C_*<9wCT- zyBQRthEbO>A7u)Vq^42n@al10wtYSTbq4K{h6YaZcP<*H0%NhWLNX3`7B!*6T7q^i zTcb~CdN->28PVIA@UfKLrhTLKlxH4o@!NQ=DcLbSL*$aOtRnE_aKUTVjePlK>@{r1 z$1$LKLYzDg`E8a)_TluqsjUgjl?E!O20?`(^eb$bNg9L8g4Ti#MNO{c(hqViM^+Yw zvevrwoHn&sg=SHZxw)D2H{NhsN{}`As@HM#!UwB{o#`6!3(GrJ*E*1i1~0XIvlb&x zs*?xY-Vny`fLxd!`g9YsSsX~Ldr@j7a8^NSBV{hP3N2;|i`Ujk@e79CezQZ^GpSSg zc3N#!p&qdNFfoVwQ2U!ih%6{ZHWjP1Zi)NA{%S`a16$;>dN*2FFf@=IA8kL@nc z>?X|gOYnE|A&QA^6kng0ayz*j|MIeZMB~lrWCq-lLDO(CnyLUWw{F+c_$i45rRW9w zbcXgGBVQZm-%N05^q_2M74;-bG1O$p14#@FMAYhzZT<%kL_m!`YIKvonPsp>6z($O;U$ZCVA=9cbZ$8 zQR0mn$rCx{UT!rSS3B3AU3*E}< z!ih*w94s4qG&6<_e~+^18!2ByKOmO6wCVL|U_ig6%;V;JDlpI7Ui4Y?UmuTFhoJwX zR!Ql#;Fx+47t^jI-GS$Xz(lz~wpw-R^A-gqa|ZUP9y9jxPfpjqEFNFT->$|fVEgNw zvC#yT(^Bxi7|70})Kd7wbeSFrqjI?Ug?RxAYVSfcb1-1j3VwFJoUNH>5bMga{4`36 zk43@E>BEF+Ra*>%bG%=@+23Z%oJ@+Jpw@d=SE&~kq*V=g#&XgT5S^FPHWmpZ3@`*k z0hNgdJ}nYeqmmn~A`}AJjP%5GS%MJav37c#h8yPw)mAXw|h4_r)Skaor zP5=J8dfbOg(gbsWzm2BJ!Kd{sv7uWdX{#zdkInfT_g z9B=W!ssgHQ#?3aTuNcN2$GlmYIIwp_?j_Irgo?Gei3qGG7+!Z%Bs1lFHh^2Zq z4edtF$#nERhB5?>bnZRIk`-bHLdN@GCMy>6Y$xqfbl6sLSet9P2Me4GJMxi4yQZ#f zdkj(C8LfqkmO zP!U78*$qOgGdFV?#Mj;!xw?MsQ1i8b`l;{;aU4tM`(JevE-JCv316G#7t=8+;Z-~n zADIwWUrSe`080}G?-KVJ@qr}NF_%rG^s?an`1^a7+sxpkddaqZ$g7(Y1j^XNee_m3 zfC#`XHrlvI!1N*|mef|Q)=yV>snm`{FJs7|9l?Bj*rV+)_!?WG|Nn6HPT`ey(YI%u zif!9=Qn77Y72B@Zwr$(CRk3Z`y}$GC^PJOtlZ&03y(kOUYK@4sMu< z>CJRAOdi5~K(>!yE8e^vvB(tBJ66h}fG)hSY)+^rHs*diC z4iPyW(Ov?bkEDBbu_3eMFNPYby-B2y!OTGt$fT~)sm7nhvVSi|_KrhnX0rnrsWlvJ zNHx|CSU!TG61(yXp0lsfc6`nE^3nubh3`^;rRGj)F#igH?&ovrCDIE2tNM+J(+o=N z%KN?l2#yr3L-y~2PZ4fNSq&qj8Ir3tcpSn?>iDkqVg4-?r)4=HN-aBztk_FZlj5_e zgz#Vb;86cS}_`#%8<(+seN<2 z-Bqtwp+~(NriGR0fq_z#MC84k@HIyiF$NF2qsC`_v={r2z_}g8v=@w^UnvB%^^xkv zHCb<(jti2LiI1I&iG7XV5_c^&uh5ez>CYdtOBHPMWytRb{vY3;Z_wu|K5c}sdH_x` zs{`vEP*e4RA%E8MC&7567VC64&$|vjoG@rCet$kNxWlvl-ZFV(Clz9I({uJXnm-t& z{l5ABg!w~OPq9+Hi(SvLE^$EWF1e>)M8fi&6Tr2bxI$tS1gQy8&?Ij;$CQycH!2FF&J z>|sQ_!PZ+=#|LcW=6KWMxXj}@z!bV{{*(sgjre-X_tg*HWXI-SJnL4UojQ z%EpS&`4r>=-Z3%h4FbSBc0aot-j99o)54!s{f%g2nQTT$Uv1!Onr!C4K$txP?D&?drC1wrr+*4EEJxMCr#JH46nvZ7eBWTbOUEpQc_9_`*j!VSGT9T0`96 zaCl<(=M4`E+B(_j5_^8a=qYCD?{cJB(-+d*Hy$A4(f_ZiH505i+RDEU4-0#9y^Kqv zti^3yFn=uBpyNe<24qTl6bQe`7~GMs0sk{UmWIDUHqk$HEJM|-SD*M-a~m4lEMPWT z?8i8-sQKI2~ zAS{c`cdCgcuU|((QYJG)oh1ipXwTpfb@h9{1u@Be11UKeh*S;9D&yQ`QHBgaQRQbO7}(|NdI+;e?TeJE=w_SpUw43FCIq8$}@o;(_9?-|4lvTmNU*!RwYZFDDqn~uF7H20XrzAq~H9n+5 z^I{3m-PKq3U$Y**bYY9nvx{v#^LQ}tBMw!wDyfs#4z#!O8+mA~W@;Q#?6M|=(pIyNLN`Tf{N4i%b#=>&r zspsXa2^C3;X1?1?Y3^EVLt5|41#f3ri#b!@&XB;?QoKz~g=AFXZXUX-NJVPxCl5=i zS>pNd^1vY~hL~}AUMOAdh4P`%XT*U6j|~e)3jsuHNXx@|M}FHaozRJVn$7zWF{c%5 zf3Eq~_JMki<5f=yCBb;-Ef+ALV2$Pd2T|qmd`?sr? z1Kjn%lIqNG;qr+3=h~0*TzO0iq7+w-a+957Iu=XpXv^h^pst@zE%MCZ`o;&@HNVNYr2OkKYm zLYntil1|*hNVehms7YBM@Z9UUC0m>VD)nVA%)ruyh5hGCdzzB~3{e!Y1@Rq%}~pn@-k_ zzDd<#YN9~n>D}r0rI9qgvU@)uYXU&R3%#mI!8Ls1jJs60l8#Sz&eo@*@+s+pxL6k`)y z%WX?upFWzzxC$0VnBgtPyM32i#gFU7dE&E=Az?U2(_nxXSo;T!eALe(p1i!>rKzu- zo0fJ?5Jtlj6thJ=Zl3tdQzyYJRjc&OPGJFlm-_{XZPsZe%D zI5dUN%>LVQqqSAL^`QF-!N$-0=?jGnp$Md2I-K&3ENGw!Y{8gla~1RrtDzuvV}nY$ zp#}=!i`1ihB52Y!z)d=`y@L~)+YbFw0W0vniim7=s6vHmADBG1+{juc?uxe>j9Hw9 z5Lx8SKen=RM27=1Ouu<&4`o;omMkD#-dFw*3imx_o~`0Ja5}7@tk$oZ^TV z!ua$n{x80z$cc2-221cs9;)45!9Wc#djO8Y9|TOUQFL&u{uRjfox%m~N=^IH{k^***SLyioA1}Vh*n|6-NJqX-dZYyUc*2uegPrl z)dF$A<7)OJtjAln&)fdelhuk(GwYxT%PJ}w+R_|@E2-;UzMS7hoHu0u4yHZ@xsM^N zc4B`KAvF?eOCXUf8hu71^R&c4Az%4Zevg+oTTb#@iMYqd*ABqltH4#DIQ8=hc)L| zsn>3|J8d8tLMtV@r?RdOl|V=Y7mjd(eV#AH%vX@1LC5Ok4?FMCfXIxLN2zJHO}qk_ z48C73M*z>Xn_tHTSUwwxI7IcwkmRY;Nmm`UQ^n1E;pk>VfFv8poTT8&R~upA6He7p zz}39n>9t_55AQtcoZ&$3(I5ArCXKimVQrtoI&zkM*h(n}=V(PKl1SonQ6LeZp%24g zygeMwVPM(-RDsiQ6*a630^pHQc@W4-#v@WyJi{_KRny9MxE1OQcQtc`c-Y}Sq#coK z4=QZ*+lpqlY|XA*!ZGdO>+!Y|v-!D3DCDuRgpC2Lso|F?q^*Z4;3J8vmBd!r-q2^s zp%~`vg$JO0Fh#9*T$waEYw29!@x|xd!SRRivq2lMc>{Z^zNz85In|rOXBG$@n3v`7 z8;Lc z2&}e+*USK9TH=u@_@vTod`lQrQ-reFLkh<-3*PQiVo^d~GZ#Ac8z|l&!iBtQua`4b zDPklq^TQ9BGUp^qbW>**@$3PrxbGI0*=vwFl${B?PD*8dz_%7i$|(cv3qzc{Xg-Y1 z*s)KSvj5VNGs5@W4-J1ML1wI7@b=sid9jCyOr4nr0_qo>z;I9{XilX zQ&beoBQU|c+nhN8DS8%chx6fyrL5gC(R^P9{SMy&%TH!=G}?SHxQkY*%SqLoot>?x z_IkTNDin`x!*9Z~-x~mzACt|; zQ{D8ito*&bQn*`)F^Rq}gw5+Ut3v?m%OEG-f6}(-cD})ut#U!l6so;il#q^_;f$F= zV_FzDILFzUv8_6;?1~944F>TV{BV-)q6HfNcV!7M;Ahq6VRT5B3k$<+7_n|0l0xZ? zOiuclmeJ46Fe5+voOtO|K9xn(341v@E9Y_R@qT!Jdca`VLVEz@r&iTehgVGplYix4 zxTNP~^f*49PiL-_mXu`HUZO_&{%;n*Z+7kPIg%80we6|y^xVu7i>0HKEb$X2-H?yj zw8_w;>jC1O6{&iPkN2g@qvRva)4h@9(19ksQ*8R@^9r6D@pHQ)JGOZqtg}d^EiKeh z+cLM^NY<~dmc@U(Y}}L{828r}2YE?oZXgQ?%#*T{CdQ?A@<%qaI+!jy7|+G)sr%g| ze2Yu1FD2SAdBpyk6ZjgE`6p^pVv9u zYmd1{6R;}J0pO`xu8o5lKn(SBA_sG2nnj4Mr ze#o=f1^>?_`nyftcOa{e6l)C_R0hXSB{QhU;=4<>L&DKa}IekIQ5hnno zX*_&#_kcotk1Z9h}XRD~Z^ORQn^Y{#U z`yc>V^qz25uqxIaK2!bPCK32QHE3={1sK5*!HiWjd$fvfP&1~eM?Gn`PHt)C$K&-z zzN!@{t*Du`4{v!i6-qh9UByFea(thjR$9>Te|taP?vZ4c(p1uTb3I%+QbPWM`A$!F z+VOe8YZU}SH*q1rY3!-5XXO96d~lzM#O0D^;5oXxj zVe(?=L)V&}*jo|f_o2D-E#-^P1le+fRqp9*?W1fZ-dY<|#dB4D|D6`A{3YMg`07xx zlCl7}75~?(%2|wBwkX}=U}dp|&6cTJNy8fz|0(U4*gA1nI^3lEN{xGw%f?TlfdDMbG!U734?OhLhfHs{XY@n&;Cw z8g#PHK7hcv+2!KoU=ePM?po>h^#TBx$pYk+bkIkQX8Ahxq>0~vrq6Ef5|g>rQ>c35 zm*+VpqNQTS%Nc(=WMjTKRA~({0o%vBjijQUxDP2ZNu3e~V11)wfY&hVy<`BN}U=+K=_&QT@KaORl&Xr@=?e zGr6lu9oyFBtC5iAPv-5kd98dMM9b7M+{baZUTCp{|+&t%Kj3nx%HkuW6GZDX7A`UDyCdjaJX(hWB!gPakIAGkr|S!q*XgB)l}fGiZk*cyJkcx ziYFA#s3Kp9KH_L)P(1I%s8iX0Ui+V4j3N!pgB^Gl+{8%w#hG)JT_r&|Fvr-zh#>7& zMCEAr;Nft$U(5ioLO2{8kDaCko@Bd>O`*pIG~cAlI%IsQ)K00bO2hDy_Q-YUr-id`%?iw{~p?E(4Ta9 z3s3}Z36)7V2541 zjy@)^3{NcbXNjZ$L=mHUJ19nA_xVr2{gI+TR;ac5vrLZ7?Lfd-+2$@t#bh92#YR=S zKuUUygz05s7ig@nLDiPFC?a^=^LI=N(LWzd9GRuh;&z*D^>uZ91QkksDkLqXdn)gF ze<9ZO+F{?bfoCEhHJu?jS1o+*?uR4WdK~+gAx{387l=(rZyFsy9BXS!?S;D@Ou4&)A}Mcv4gSs zKM(DHyE1M#2rF^rMSj|mYL0hP6nt%LG<+`r$JI9>dXSg`z7iYphl(SH!zhi7s1uR>P|1PsxxuIRgw;qc1o7fEZFH^$gsq z28+abi!;C1Q2xn}MR~V3?XSDiPX3>J8uOq7t%87?W~XPoHleEn?mGzAIst6p*HTU=D`-&EWUs5_XkXD$PYoe7tPQbMS9!u9(Zp z+_Z#@i2i-(Fgco3Oaane%@)i&6FzWn7>li;Ud`HqQXRE^JB79TaDqU=2mS@eoQ+*POu1^JvV6VqNktR5zt4)?B@` z*5Vk?R0`*1tG+4XJgp{olP`YpMKF2o!@&YxG_lz+mk-z;%021S72XJym|mn-w6Jh+ zFfcH7eBbO-$U-7UudcCc<8+zT^PP`Kdidk8HhS(aO7^mzYvmVdWHQs|pg zJ-6KP-+ErC43t=(GlJ}F{g*H;~yb{ApB>Ho=#@N|7;EvDIo5;j9XWHAx8SXcf*(MPJptC z%+S}_+S=05^7-=(P>fe!eRIG_6U9Qx!?#@hZ1(&*<2`zbfki;Q_zAC%pTAYWtBWn) zr|q1PjiEW19=Kew$C+7D-+EpYen$CLLtg5r6_6i2oib-CsCg!6S~bfU_gh?ZLmmu zM8qc`xcED~?DxIlSPx$Hsw8gWNE6v&E8=He`>8dTy8m*FcbQoD1T32(3>$?;Mqjq%qaR<*=YHgP>rH@nB|Fw34|pbDDi?!m`NI1mQqOaDj)!Ibd8;u zqQtw3&-c^W^W2OlO$`%()J=QNo1a?S?Fo0_zB)Hpm1z-E?}dS73G=`-H=s?y@Vy7gZ15-TqQP%6L8 zsJk5l>*{3W=K8%qrVm9l%GSXQZ}BG$=c%ECo4!O$YhLhdYVi9#@1G@_Rpg14IedQx zr>{9tE&>@8yg#ljsx#=XeQ0RxTA#Ab3L^bHA^=A*u1`nj7SG}~i zTk71hw)?FAwgqT2lDi;5IUJ6%+;7$Ekq=uvA*`$xUyv({<^R`I9nBpujo850?><7H z^EX3t^qRTi+W3#4VK1#@M?V08wn^*uq16DLE;u!!NzaD;6$GPLF6y9(v zO}3I_Q9B@M?rKBdQ&P9aAH$O;JCq!yLjl5~%rA+oS1A?e1%&THn7pDX7XTMo_is6n z9yPvfZfLlqI4K7(4G4hzw+lmKkB?8zj3dUQTKGmijJsVfmS1*$kg%T{{ez&;;^@yc z8ytxUBkKZv1iFKBZ4Bw#Ic|I z#oVaGuoipP9fU|BHueb$ssb!E7|@Mn86eQHs%$HpO|H!Fq^E4jQje?%mg}enN9aX( z`J?GU)AQ18By-w?pBAV7AhTs>?R_2U2T1yJ-qKL3 zmnTzSN@*Ok{2dT)WvE$w9)3vQ<7>P_k9V>fkUYWyMlCR#l~SrCmOeow^mIsX22+r) zz_;<#O)5NFC|wL_D~OzV0NMgYZ%lUd%!B_xurnb~z>Gy{Up^eNm@T5g91d)6n~Ls2 zv0|afII+hj2Ec$uKhe=sv94p8lhbnS(SNt;Q3z`2r&pz_4U&SUkQ^6<*B5FSHGl0% z07lNOyuXWHny>h6ez=~$5n<~)l~QR2btvWJvT<;7)6%;Q&UX5lU}u$yVHsssIJISS zHsiB9v@v}XN=bZTlxGqm4-7xwuC|A{>PL-r2VE9(r0P=9*4M5rrF)H5;JeI=9w-RN zOe7SlhJ*ZsJ%rm$f~Qs@EOWD1E>w0a!zP1XD6BBa1g)qR%K*~oo6iq{sQVbSI6PSz z)8bh^Zd}BiF(wf{C>%5<8N>vcR@}0PJjYR?F{@l-v!-6NZ{iuZO`fN2oPk6j`2Ohq zfmD8F=3j!qz3B3M^E5RD$BJ(u%3ynwPSuFhb5$fgsp@L_emsz8r<}}NtT{@gkoSGv z8wCvU#~t?uf-BW)0Z~tSAofNt4|^nfx@&=IEHql4@n>)x&#ajNO1Duh=!H%I!_z(W z^mN6e&JQEek~S)ZVDZ{`nx=x710WpXZDZ#fC1LB^KX~L1y)^;9=i}j;GH-bNP4Q$Z z0M}Zshk}v_m&IYHM}uL3H6a$xpx@=`a`qYgaPURnU9O_raM>sigRvMIw3yqI?@?-Z zSy}tOVx5qLVEO1=5Ga{=)skpEEAPQ9=69N;NgDGVpTB@%gr*6_UA_||U`k6Ew+Y&^ zZ`>ZKgnUW*TXoL>ihY9WRh1_X+JAd2z}|ayM{kCwr$KuxRDp0!vy>(y6JAm?cl|Lm zv8-5LI#&-GFuP5~{@BrezbuuslL35UdFf|&)|gA)&2%G``)@ov_DgsJ^pkI{oz5l} z7C}z7Ye^>xSJH8J`7!tB?Z@a{vaLu~x5s&$+%`O|`<3+u^|xlv$F(*zCR$~D;+dDGdr$p}N>!sE^iL3w!m=?dNGqnc%*>WIl}!H?l(-^Xv6#2jlf?>c z5;#JPTBtgUi{$dV4L&@F)tjG}Pb`Jc?rjhn{D;A=^W_;)M6k{sGT_eq>LmMf-7;^= z^o|2Umyg$o|0WKZf4o#F%l`Ks;v?a#8pP;ig^fnJVER7YlzsQE#4RK#`ot|Eta)~| zJwLu`5h$=ES=@Xhy4cIy5Cy~zMqcVNQ;?|6<3+tA+Gduo|jl`g1Ou#-UUnA4_hnAyeIWo(O(8z+FU z;C21)Bg?bH+vap_rOs|`HNOXw8O8l)d$?qMeYoTP;na(@+Lmf_Na*GVrdIDq^5#as16)9a1R{8leNh>uanShlWlbYcxg?a48E%9(ozamp~esgd`;`}L_u zk!JORLpHS~R}!zj+QB=HTjQDvM0WIgo+*^(^vP+0DP|d62tTIZ5+&8ite|||P&?X{ zEg7XFXL%+gqh@~K>yIB63pk4lrT_m&)`J3NKS*s|$oIyKf-_^P&M!N!sXo5OiZj4Gj0Hb2dCM%4)B&^m5q(d8lFBiF|az-r&R;) zfsm4V`3M}iD~0oRV8;9@NuYCBzTw01yVlNt)FxU>BKtPCX@;pXuc3TJ868Yx#$@EI zB~uEfRCiN{rDSW6D>d~PNT3dt51Ws6p`DcC~JNg;{DTE|RTyeZ#O} zJE_4XCp$NkHkC7KT4CUm?~mk!f?C75q_g(!sSePHE}^iT3N<&a_Lu%r{HqPo9W8Qp z%y)z0s^o_uCB?_nxdk#&t>%m##PtxdFb zyx_=d5s+sn5JE;d)#d3-m|Febl7lyDe2tKbU4;!=`8dzC2u;CXf;a=ZS@{vhy$Drr&%dUd)g|n`|7iT-iCg5cWmg)R9vE)y!))pR39T0AtGR!)4ILe~wrBVEiTx`7$TQ{qQJo#4+n#RmbyuSL3`+Mv zzUR_+>~6$@6j2-WO;D7V9lZ(X9V5F^$!GMC|7%9elO7V8yV;0^iI3%2U^Z=g|DLgo zosHW77iEMU4Q^SKkA9tkV+>PdLUNq}K^e>LV$2}oNtaFVQ39#6hu5&I2~Da@jv8ZJ zVcqCkEDhu7e%A4>cc~4~2+rnNz4>hrWZVT1efE6!IrhOOE=ospT`#h)RlhTF@r_)A znG`ah?3&=VbJ=4)6s3!LGmu#NE{|=QB%sn@<#(_hw6A`wH;!s7Z z%+vPw-Jl|S8pww~EwZ@gk~n+MuDqK;_Q3iZ?_qrwDMiSl67!YJe=3|Im&>&r3S_sl z?RR!@_!n_&Av&pi^SwiEOYWug<_~_noTTKKxqtD8uAVUK)lo-UxbH5jRWYT2g)Opv zR&;bIKC~$C=8q%|S+OGyJTe50@4FMDF}0y@;^sceY~#ylx#O$~@57MUi-kfB+S)_U zH!ox|_o>J^xWxO4>9W5$U&4eC3=#yw6U~+`jv@?BNuH3FKGV@L@OJs-@=s+ zG4iksS{x0%wpG~J*s`d)oP2C<;T~P8(Bv zNQ|op3V>zYzYYcYu(oq58jMQ*T?>;w=5aaua`HS$jbm?VEwpraWTI8Wvo^uz<7Jv4 zUrM_Vhl#NslsF@Ubb)0$!vi6nTvI(XJL$aXX-188p3UK1bjsoN@-O0q6|x}Do`Wx+ z7LReCOR0#M!4_>bX?oux=vkEJWNPN_|D}5IQN-9S!Q7`y`*yX`}R1ltgFSZ&L(iaxO$paE1-&I{ixGs|2-0oqwoC|j6WcgvPJz1c~GC> zmv4UQ(Nd~s-uc*M-ZDQxjF&V|y>>hDWJNrbDH0X1mhPkjatAq-ZiRVS@+Sccz zGnU;3j?%}`VZ2U@4JZkQoRCSbfU7|=VIQk~OJBFf%!gTqq;v0IDFd9a&ywrk>t;5E zuI|#FGUKLm3)d4Sr)mQK$l}$~K{U)%1ZJ_9ozpQ&WvfO(4Fi~X+J*DobrnAdp$>a8 zyxm(If8!*&ag9@_zX3JItf=~sq3;k7iXDMk6VGhvoKSTsKUDoW6|{ysGm0J|ea!4V zRhe*7>5#+f+~cp&4dOekc-f;-Sm-}7#Mbmvy@sWB=&Fl{DhJP}Trt=aHa-IT6%k9E z{tkxZ9q)I+0Nv)R`G?wAT6qoPZv%aa5HuM4aK-up$2l(^96gDT3 zvxdI^W|bd{rx0vl8MUHum~y%^D6aIf($^c2G>mA=Q{csTh~>s&q>5A>sU@-%m4(D+ z5sAqjLa9^bns1CL@HmH-3%G3Jj)j|V1`u`-b`Pe=wv_fLwM^U=STLjz5uxM2lFCFJ ziI-nlVCoo2<2l?tiRhSyAJx6@yb-%Ny*j#(S0*?-#t#jI1Z0fy-mJz*Xelg3DT77P;05cNZ3# zh_DLKK4@mnK`&`L;~P}Ann!*;rYb3@!R{(}%B#6qh5<3b6b|40_CuL12sge!ud57b zC^Hz2q+(|_3a3hHc*Vjk7Y{^vr?f%Y{ujwA zRApmUwzn|h)vZE}+h=5DzwIZfjWYG?*o0OOECI=9aF-=ZfCdtigaH9Zr@KIam)n2(cFSf^z zLbx!lt)$#Oo|J|ggy$)Nu$H=&1dgD4g*Gm}d?NJY6i5#CQHoM3M-j}K8qA>i1M*Ss zFR4kSLhtCWME^P!x^Q;(Z}AYQilU0!zpsD%flP82w#U=+HB?1zijQNg;nr@-(=Nxu zFnHUIv^;8C=Q~O8Jh-=t|2rk_P|U9SbF8H^J(AJyTQ{HUMowObZsqWDoRvy*!pd7) zCbQ&U)oH-(l#q}I*q0=k#FqXD3tQLRO&dp$6LCBmnUDW-{HdAxwXb)uxdBnk!$I~_ zdn1Q)M zt3k>PC0cW811X9^o^o&;FP-QSpZ9QK+jKmyqy>hYml+5@|I=1HU3BFh#aG8b>JX4b z=cDz0if7};dGCFdrcAIL#Gv_N$1RU&zeCCMTS$)wnQA~>?REfY<}IjceU$L7`@TD3 zr?>QG$#Tc&-E`k{oI!dvcm*FlUS`$hfhispfx-WH?2$|GUS5XLaHXkvyY>0R(|5LK#`*H;+ zwg-o#+A~7Bcl|y;{D3OwmYiD(mLf8^Dnk}kereRHrm$|7yZfhQSK0NvWw5ARJ*E16 ztq}NqhS#TNHvrDo=YWO!pic>Xau6Bx<8}VP?=98Ozs0fvZpa=YCyfg7|D=e>^hd0_51mHflUMSWbbzSg^!CaizllTGHGjnEYMyIE0$@YA^qnKV1 z2Aq-UouZW7g-Tc5bIuuv|A`|2hY8s}N5_R!z`AJPC1Ly*2}H=H=@UKboR=oo2SE8( zd^&=+F~7@tfRcy{>yP5&8#-vf+3%!t@P~AS&p^XYzpcPax83>ZzBt{9B?PlzFDNfR z%?~zjtx>Pj_v)!~ohLs`#jx#< z{W8?00UI`}j- zHw_EE&X)*&Ze?4)VvlY#wIR6CiG9rTxPqKmnj0C>z{92}#1wbj{$#WJNE37udrF41 z@DmF2=y7)wNyhIhW&v9W0lHC2O^+6U?%)kVkZ82TRe16vcSWaZJny06M5a7?XLy&d znD$GkxvYA=8q{3}g-Ag**RVK0bL7&SM(1{-_pJOc6~L0e{=nuhDBPs1nGzsoPA6h^ z&nlU%tro0pOW9q4d>J?wO-UJaQUf{tx7tekym zJ{4an@C8@c$-Bgn#GH5djjXIraMrOrn!Iw>YC%@S%@d>1qEW58O3+f;hRB)>`{8=a zDN?O{We)eb33sIyy$4Q#SLd0d{yAFEXuJsCaIWy2XQe2@cp_fw5>_hyRL0A?rqd9@I?XDb0ICO>fIT z!Z)LMGV!+Mjgv-bJBxa9;x)3$DvkNM@9ar3epFLR-rRV4-US#0+1ef`Flej{0}Q! z)3r9;-(hD*!g4;(XM<$$+VQGYTT?X4QwmSTzpTgqM0w5*qxZbJ`6VUyCSRTgq4nM` z28X0@L>x93S{#?5YQLH_h@b#zB=0k8ety5GfGxZ{oav{|JMW&5G1JkajWD9PeqY6c zxUX7swew$;0t~t%){JZJ5!};sZdO5+^Xm}qjxyE0y^z5kEr|;}GiKpXL>{dXOm-LE z6|=8YjIn(!>bgnQVGyr)T;HZR%}s1`{}_Jj{z!q2x8!l;q{tG45gFs|<7fuaOr`6_ zMff1$W5edIcu%N&dH%QH4iFWE%-9EeR~XKn0g5Jpx@g<g8su_hV6)ymW8%ejs=_Gx8T0U?I-| z#M{aHeO>4SE7s^#p$R_2jk5=UUb)W2Y zMP?8=vR;KaR&(qU`*MA$%cLnTon7#T-LognR!q_`%DLp56}yB4x&)4vGywp~%+{2l zEk!YHV&H2Svlb_?{YD)nG2@!R!^=*~=&}cNoy64v_K@P8wlSo;X3h%cuYY;83LbKB zEOWQLC@JMyKb5uD=0^b59+Q?!QA)3>NR#}zJ?*}Jx92ebNZ}DXS~y#l&Sf1|HTiVp z_uZjTvVYaFkH% zeSn766w2JDDEXIeyqB07Des`DS5%nu527{5Qb|#M6phh*|*VL|JtD1T{3VAKvtFd~3js9*y z$3Q0lxNr}lP*%)n)f`%lsyjH;Mj{(yiePlxJw;&^@dLf@KDmOpG!zlGkjd3+;B)x- zm77~mN66TZ1Fh($7%)*WFt_00y+5v2*3lk@F0Q|wF*ekZ)V>9y4`2xlL~l6fc{1zZ z40We8V)T|#oE3<$gfz39dz#N85$Sxmoy|YwkqiDi_)tPSpT^-89OYhlJCJ_}k3p{u zj#m}Q4uDoqL9mQUsA;RIan$If;bX^wAN@*C2vY2YcW2iUndMjzPt310dGx;axr$d1 zO4>nzcDFmL59r-fpn8g$yJW-#bDL%X^{d3ys*z3 z`a1#hQPgx5BLad}W;Wf6vCOHra(?X8 z{|0U9pVhwQJ4k8~|JB29FZR*-L|{thqySPD&!VDR_?<^YC;1Z*W&J2U{+5Xr)j64e zl(vLT37UQ^oC%EngbEn-G@;w2*3zogyDe6(CBojM3yK6KIP%zJ1lTS~M9J6RrSE;! zL&&!OUO}SHAl@dpT>JZ%a6L@nJfw{gSX*CLTT@S4yIzpS_xh=F{%&dSuG~N05T&{M zV5vE}Iet2RZ}li%p!R@gG>6!7PIaHahuONiWmYzZ%wA2$Fx-WGY)LzE&N(d*Ji9`B zxY4)iUZ#^@$p>)HM@eT7SVHthRsPuwTc`wnFxpC(6@Hz`vwFu%8Fz$Z84zZP&C=21 z)T$+=B`eH*YHPxE#}-qHS1F^wDu=eT(AhjS2G>Wz`k_;%Vfy)Iy@i`~_BM31pvDCP zJ3_E?u}3gv=-)!FMQ$xQ2cjKDz}t>{8XN1KX>XjA008&1$@GgbGN(6rW*w6R|>jCgEC+LPs+&x@k z6}j`0<^GJluH09q=x3ApF7e0`p!`@wnD1dw!C&$d3ri(|v`*9sw@&;GHjOLUrgo5z z8CyQAcs(q0=ncxcVu5O^2)EL}D$^hh`bWOV>Pz5X%*8ZC&qkW!^@ zj%m(%2nuFl>9p5+duL1JVLC&ye=45*r{D9NgV*%vpBfSkjhwb-)x8NSpG>3veb)O8n5F*YfQsN~l>DJ4N)&v7UDuB9 zUiNZOg4|9G)ZCcKh5h8ZP!0CdTl=hyp_{S!AA*PK4j-@R8g3C8Tv@GE}A3%p#f z_r{1)$M$@&E;%{*7;c54KrZ#pHlY}32Qu*X7~UrN>0hF%eHO)C_1Im$%=lTnenee~ zdcB61!&sB7k_`KpUm2=9b6A*=2f(5{xDcxsjtA{O!x_E-z(zVIN4mI%jt|Q)0Ia{Rx7G?peEir3sSap5WAVJfMbwp zqHf&P-I^_8(dYgo1J|_-*J4U~q6F*FsiUF_yi}S7I1!vL-tk&xDns_mBI0e3qBYa) zwg3K}3QNtA^TB3&x+W?|!P1mi^{2nrXtIs@@%h4roo(zc2uZJF%Zdueg~jf0`xV^5N!NFz5r)t@hL_JaEdv#5e&|B97+g3 z_p<=uAi3|7qRqp4+9_J?0J1i$Ps&J*RR|D zhA6Tw`1M3(mUmK7iLEOJ;~D0Far5S=<3UU}7Ti0bgvC?9ft~?TEy9a8P;3-yW>;#? zA>m@MFD3`wnvgX4HC4BkxDn-#b^SsDh@AVo$PMa&-}>3kKEa|`1b(SeSJTx}ODf;o z{ZGuC%ldJrJYaMH@S11}3idWf_e4Kc4^Ol0pG`F>hvhdURiIO$EKNARvb>rp*UGHh zWVIe9_TX%1G?Y5un${f)Q&OPUR@G>{g*X{*1V6(2ff5oQx;omiM{rxP%ITLx|(Xicz1xr-k{o#h~Nb@ zHqnPit=5V(9}m;MbYtBf(dty5=}PAkoq)Us2IIt)wJ>hmL!H zxo-8Q5v%Shl#q7rC-4r8#fu2iNg!ch6z;tfDBAx+);k4h)&$&|g)Vj3?y_y$wr$%s zyKLKbb=kIU+t$3_Ip?1^6BBv4?=mtnbLU#?S%gGu8#gfiVk_g@sEEE^S*uS4!nJWx zW>h^S0RE-euh2^AUF#uW38gS+9OZyUm*4P;w|mntUdn{_zBVRt+6J1$M}M5 zD8pG$VPFmwY@7Xr_`nvD)qUG)sgC}C;Q|5h7xQCdez)U*PM z%l=FHirlI;|v;Ctw4H`(t3A>qvG%%!r;14>DkC8-E zY<(O|F^kFBLo{60-ASQ57ybrg_pO(@k0G3Wj`IBht7sTuigd5+k}Q(5K1`5*LX3ez z3+m)@ySCRntIYn>d`yt=ZAy`D+FD0H!<0)#mtZ1j8KMD0Rn~r;#oCwkSBF%pJmT)w z3{bI6^PIi!#P}B$q{M47!s1Vqs$RFZz>_|SX;4`7nVO!@(Cs40O@fT9wCAvPDrwM4 zt&Uq`izbiPGY&Jjmea$-<*@C}_x(j}H!BC@meT%!82lT{p(?WBr_ZMI)5p^VEu6BR zOHnZ6Bneulci-YOK(!8(oKswLF9(CBH>dwWS|cER3WJ|$YXclFPPL==$s&~R-Val3 zpZ$^pZdH!}#hM=&N}Ke%l+S0zS4~5ufYLtc)X-LdV!dY*&`v;$nwmP7bsG02u2o^f zs?lP}V#sou^Zk%{^?`lX=!Jv*iNU_a;8KCZ`b7|Ijoi+fI;KdGj;|1vQS(=OQ2L62 zv$%73YP@1<PwO&FyIw>L10#u7jiB>OHT~c8zidEqf%dPzQZPcCTNN)DR7(Pd7b{@|~ko zE+_D9^8(9Rz|GztadoQBKk;M4ZU-(l{yv7%R|=GyHfYCp5lbzIRPrt)l6C&LG}-ku z#VOhx#LmIWB9_p{BeG|bu0sLmPp}IQ6T^VU|2e2whkF%~+nMea1P#e8q;>QA;1T-7 zfhl^%8V?yrV8Fl=OP2PkCULY3fM*DP3vJ0p_Z(b5-purXdF%@c%lQX<@eBxd1?DvZ z0&PLto1342A6D&g{G2Hs(h{`Zif~GI!=frv^c1u^-5PD5-DnK9gU5E9k$pjgL@;3X zO4GX;C@L#G(JHENEYMa`mE=6w+*w1{M+QuzinxCKWt4u~AF>QJ3uMtExB#`=rKM(Jt zraSgotrtb?_qhpev02ZKz|c zqbt-@rp6ZE-bikkgW12(M#y*iqAuA06yID6xT7dZpO96QHMbvjOB9N#-x4#)CBFM# z3(GtVddxKH`)5M{FvXpUQHWxb-To_zF|U9Lp?Ew=rWg8|FJ21lodbfgoXR7RmVsV% zyaD69R*{wCSGQm+UFvTPL~-NG5%W4U)XD)oi!`cmlV}#ple%awDzN&mbRkBO=ECI- z#(?V^yub-$kFVT4=hL8%P@77*=67Yg8@rEz^mF(O*OxfEjTh%;yGwyXVWV!C$rYO} z>-vhZsr6O%Gu%$Ry{)1#9(ac2-T3fyO`(`-ebUE!#Mx7tf=E(X{s@18d4FPQ&xNe6 z7bNy_YnY0A%vQ@12bJ*CtzIaAh8B+eD1oU`ig|^%fuVojY)BT&f^6cpa%#gMs?8>Jj;|4T3Qi6p6It)3Z(S$s+7?OaJRL?>`PWkeC-fFN7BZEu#=S5w}Y&<|#YVWO(W zeJv?#g_SfqbuyTa$X)91u-t^e4#t}3%!c~H;-lu*^_|vEBoeAoT0+94XO@x zxD9=2uL0jrs;;8G#P@y>=~32XR;*S-&)k1m@ctjFP=SpdFY7~-d+=K7@V2X8nw<+X z{p8(l_h8D@^--<+Vx9)QDK5kj^p@Ofe6*rT5lcqv7GV(oh_xy&GJ&0qy}XUx4XxR6 zwMHZa)y_j6pv+w^O^e~{>krL1Kp^rXFFm@Wc^Mhs66wFff?@6ERUKKNJh%)gg(d7- z)fC9*iT$(pW&YM5F!69r5Hek>v++2jSz0VhPkf&Z{Y||T$gb4aFxgv#J_;;HbMxQv zL8pbvlz+&}1p*KY4Iv>n<>mYv(=+lhDyJ03g+a`Lp8Y*l9s9wKyr}aAN zy?j~4mv(*@wmL*8>1VPt9jsW5=#-cU^nDGsvo!S(Nsd?cf2(LT-4jai zwnFR&wnrYIl4LCpXih~9LZ6V9XJwt$K?>88PW-|yWU^E>A|yDcT}tX8`WO`%CVkL2 zr9^^Li5lz^Y9}!G1?EF4r#UY^XviZVa^ID>XvY^Y=Eu>5^i(CUkh*0V?#F29(HU}B zLcis@oKNVMs&A(7!LQEpMOPn(@kZhBd7EHZG>`~W@l>0qV0>EcVgiq|ki_Z$2_8=; zf$tCU5r;u^SnGYk9hjb#|2Rjs$N-_%I*gl&NF@B8az2Yd0(!sTje^TMlVI~81N@YlTh59#!p)Vyab=_#|2 zaNML`k15@Up#d)jI$dY0ou9+kIxKJ6-plb6j(pGd$J2J#2Y0n2oR6=oYhda{6)4(Z zsLD?)LXFA}y&WuGy_S|d7#btz^JAL@1W=vE5GI^AJdfvRxSbmId&AEG-`9cLj*r?u z+?@xZ3}_s@6f+n`*8+G{I&)5+D9fj+a=xL_Q`EZ|YON}|P|3`0cZY_<6kZ!YafLQq zy8mMc^9Fw~ijBe|6e`0BIt0bC`e#tL&BMdK{8I0h9!s2u=#gHAbY$`I%ZRZ)1O{pP z)tx+(#XI)b>8$WBBoJ%4q6YL7!Wp>-d$AiKI~Y4Fp`}$5nNQ-~V0Z9k+WNmG*k&O) z&X&^l%f7ZUf*c6d8x#VURH=rF*PKVZ6Eo(%;b}=jC2|;pqJDwPd(bLe^JZZxc>Fb|*stu;{sM_i^}17N+cuA9plSpT zZ&lCm2$k;WL#^Vh3tK32IKO#l{^}*w%RQ>k=BrXRE>$)SBcR2g>pd;%~P z;7c{RO&21s9?}*ze(obramK}W;h2fU{IafL1MlD?M2QrZqzZi7M8Q!A8nIsm^+c-W zTuaI)<7+439CBui2jXQq$Qc<|)LhkA zBct*!Q9f896G@*&|EX?U9d)gi)xgb<|AeCH-hJQa==^Ad{C?31&3l{P?!mB@j*7M@ zWE?TkMo4l1U6evQhGA>dgH>6bJ9S<-N@klMvX^M@dv&&UHY&&sYE6?XHrR<^!@QeB~tuVNB_f@XNxctKk#98i@du(^M&eOsiQ<_Z2&-dAB z?U&o>PF*$8KJuB8U-_di7#^%w)w$|jm!KKChnu&jeAbyY@?fNTR#3kD@G}GIh@xM_ zbVxWskV`6wtdKG_vkH^9?ItIf3Kfq;x4I$WcXEIfcdtW;o=KjAwjYZ&?wNkiW#L@Q$wTFTUgS)glo)*v%kH~nBAE6${4jj(b7^-820v-n=>)gRadIvKBQ%8zt@T^r_T z)F=1jbR3jecuYrc5|2f0E3L)r12+~fALrOkq8eUwfhcN5b!&9%3l412Yxy76Fm!5Y zuIQnnW~*9lhK3ioXWO?vV8Ws=^QaC;L<)h<$6#T6U$2M^;&xxG&hH7%kVy>zSCERN zKNQzPR>x&#O{MKpHMA87Vt6j#%fW3u94xjtBkJ_b_-4WU5HbD`vWS?k`QQR57%Nbt zy2+BiK)zo2o&)wpq%X-^_TJ^-le`;>|G(AzrP#KrP z--mOFm3fvJaU?|ku8qLFG_i8Fu?&TUnwqT%9&lS(Rd%MBrX8rbnWpR z{Nlo$^^2>$e@ENb>FGSVN)S)P#MmCCO5a>d%N?as-iz7InJ79@pqAyvifRPw5_wcpDd z=jLR$a|0nEg;ZMF>~J`n7a`;-RGD~06F)sa)X$B9I>A?7pP(!_EzvGkIuUc(-Y0}$3Rh3)3voU!K9)Dx0f}hwqCwpXp#%q1#uTU){ z88)xqzI$%*RohpGEs8%!ZG&XLTwBm`^*^)oeI>pe%<*s4tYt3HP&;MybcqIY|2Cyd zK$lP{D0>&MEYxNPdg_1*Nv}ODPHaP}MpB8L&c%7H=EW%ZPR{}))|MKU4mO@eB3t;H zz6j7+W0HR$?5U!DSLCDP&ivS%=KIHs>(^}|4~~WR?M5gR6#)~JCQnznY5Bkh=BILv5TNnQmneJY9{lQ<4Z&d~VkZ8Ox zm_*fbYmh=qnvySi^ei#=ls8dc<;#p|Llu{*#wC|141(HDAg=CQ8TYdB3nx&v&JP{- z8V_r+aL94YKi7m#DSS@5W4^5374yK&W$kBfEqIR2tP-_u| zOw`+Imbks{rA1B;@EQx~A|HJ1sWbc~rwcs!#FA*0FcSW#KFS=7f>W!g&d$&E`SZwwj0JkF){Q|{LGVozzK0kEGART!z+5~g_`Op~AS0H2N>qrnekV@a# zQs4F&`Y`QVQdZ)h@VmpCD>5~whflTcwXvRY9E7ImL7;bHbm_IPW`Il|FKp+FXm16z zAJ>DCKW&j!`vT?I%fOC>UEkL5c6fuzSOp=E{V(Dwc=KVdFJrk~d@yq@oOs>;IUtXxNe*H4ZOYFTM^WRpINFI8G!AP<`4)E>na z)%_c97c&cwbhZV6U=Z)JxYgm7E()mBJOOCGb>)nHLLGgScY%WXIqg+)KG=J)jM9z@ zRHI0u9iYqJ5FBn$-fn_RQYnvEm=Es3qNs4;3LWFS(4cfTl;J388eYL75M5_@|6oe`|5*jRKrGy+v84{P|S`Y+) zKIqTwemnaYsYV;>K}{CN1$p)mR)=sXmU5j767!_k*F&`E7a1V)ob!xxkC}`Vi8aM! z1e04P!P+#aGS=s8iWPmSG+5zny3hbcH4R-|9R}~2;|0K$V}^Zn*CTf86H3XgJ~W;{ z6IA;-a&I;c*Ao&J@G<1L3O*t$*8n49ljCAL^HVBtE}X4~nHu9yT(Z_ZmC|wZyrihN z4Tb|wn|^BET5~P3{`ed529vCenW89#xCrD7fKmsJ-IX2uuM1Hy`=(Fn-cR3c0biPN zFTTtl(T_+fZ`aNM(JziKM_~UmS&ve8(XPZ#?G=y3=bzMTLmXP28xOWTZcaO=&I!eE^fA^@be z1*Xf_^gh5_F#?5+ikXIvqU(>VrzgrE(aMJhr|+{a_L;{=7~THRmMZIVD2-*9zurJ? z@h$y@m2UVZ$bo@i7M!Ndm&bNnop6hQ_TsCR%GCFH8cXw{W;PY`Yj0tEPu+?%&?Ob5FxvQHTpUH0&s5G41`7J5CW8yryx4$MB#3Hfb_W z;s0=|dGJl2`Pp;@@WN`Nafw432k?;PInb+yO9dP0fh?g;dfK-@qV*(uvqgQ+nuG)tlXtzIjIkaqjP4~m zI9(V0*`;4l+0eDJB67U|G+qywyV$ts+lS*=_}P~GeN5r#iG7`vqifq(kOslz6WDT1hbhvh!A9Ub;j5dDyo2heOYhUH6O08{TV}j=@0wUlQ zB87kx31zfM8c!3RdG>hL_w2=T2EzGL8PzGphZW+D8Q7dXG86-aLNitVNPFBzav7JB z4y$*_(rdtiuGNVq1IeA{p&S>QK*}=!!Ru%4nXoK-_jg&TyEu5L zh`iRT4z`s$NEGk6QAJMoYL`-Lb3H*9uCo80xCVkf&4JwW)kZZ|hE{P=uv!Zk&k#A{ zq|5FpFK+p8sP@I$5_GdVsdfE6ZwOCZ#dDt9!7kubXeK(osaoHg=O8~M#4xHGviKUD zV7Lv0qK30E*<1)TPRl!rHeS|?7+du7rM$QkU+QrnQIAw)fVmVkU0 z;~#rHFdOnpWmIitV{5nQZ$Uj%zitS7xIaIVirAu=j(qtHfi5&UnDd@P0Hz#@o2A$n z3#}3mF{Y87@!lHZK3}Y!s_Dtr9O^w&=Hnw0Zc#3lX;)5^B7t@Y|Pe!A?dLJ&)=`Sd4`*gJn-E;b(@qcL^@cm$yWAIQ=bk}S%(Nge;eJ<{^Q1} zWfmn72j@z(mjgimBL;Q#Nh*!Fla%+qqpmJ&uslg!SEt0OneK!2T9lh(4*y%k>`p`NnobQj{^Lu=BFZnL)R=6tj zL%_$mODIUs0(eQ!)}O4fw&peg?k%iQb+ptmH9#joyZhL2NuSlt#%>CYEgmjjEE5zk zc{>R#@v`dha2*_GadHTzGxNbV0&GHX4Bwb0FkGg47QrV&bTns#JWWMqlw7#eT_9K( zO(}?~ni})JK^2G+Fwg#1_t$jayK~rykD+1`%CH5n7}`eBpo4=QkB9 z1#G-UVRnGs_Xxi0V87`lEW5o7>MOVvjZ#dVYp9^nsM*fuT6S9QF>FvfZ1}tvvrt8l zo`OU5*$buaU_h4Q*Tvczz*)~}__DbP(oES^Gu);gIdYf${T-JdZJ30wX+`@u=sTd$ zTft6f)>Hf8YzQypbV=Y$xjjW%>>Ip%a)T*p_)+aL#9wQf*sw!!I zL(x9J5OQjqR{M=zwPH_nxC*^DbuT;1u3HiQU>nxp{a#LKwbj>SdAS{WN@6$c zr5wBZHeW)g+4OjpKOp;Jz72?tJX&xDrT%xD&L^KmWGs*puFX?5-Z{OZ&OP&zClySS zkB8+=cE5EflM~F<)4Yr2lxWD{X5(Vyw2ckXZ`fYxY2jfX^4b;8u)0#kgM4fmo`IL1 z7x)7BY)mMvRj%x-st%W3apE=CwfzhyjIwK&te9z&Bd3=OzX+UNyKn^_50pQNQUh6| zwo%&6`7C*86?hN=qF(rub#?$4;h6t0!mCR{p8Ff$N{-XC@A#6Kn7h^%EB8N*ZYOfS zBx44vAKiAFY~VqCFm2lNhY2kdA*imaaFQwIBr=f&DO4N3C0h=qdQNk1_{EpWU$l6Ie*cKRO!oqpC==G&!71SF4o>$x{9$Up}(K4}&SSNK- zMP)Hewlr&eH(G6#6M>XJa|w;AZ*Kpo43Hg{F@hd1zHLY@H^bQ1;&d7Z(T>`nilMZ{ zyu4B2kEE~TroIcyOCK*0a=#p<`Q7ZopMaqD-di1|X2MN(Mc@+QY~@@u6+EnTMwgCQ z`bnH{=-S10 zd%PSBTXRGe4;n+Gmp*+|CJ|cd>v=Ut{U6}a*H?NEfWCBircKMo$IZ~DRPs5po}jdz zvUz0HO;0hT9k(wY+MlL9HAyeqg|0no@FMsqFnV$}xyEE6;b-J(>+0?OIhIIfv25w} z`C3oZ$ls_ohP`b{>P3-_Vvquno40^2bKliZm0 zM1<$_xEBpD)7vyUW)yZw)9_=qP{QmYV{X_{Y|;3rd3kv6z7!B6XYL$(y&{%SCA+-b ztBMQ~czG=I4naxC9R&cn;<_@;3pTI* z-tiSq4!$XBU7aJ)y4rAzMYv{p7EiRgk=cz7rrKZ{#{fUjC@55lo_k6Sc<8*W4hQ|_ zHPhU}e!PM0sovs2@9xjSiy`pF`iI24s6^VUBSPqu?yh%QRs0Yz-i^~9egY(W^t5$9DbI%qaz@n)ZQ0tU;TRI(` zJrlym<)J7?@mcO(vDpQ$iVRJmfJ}+(3!EG#Gi-UPg&V?z-DPSZey58 zz#K0&KsVEJIPxngttc8#M;G#uxmq0+b9hcdf!^4r&G=Sv>p`s$))pIaIPY@GZSp47 zv)%I;K&bf5>J(Ti?`={VP11NJDRwjzn%0&&s@4Z<$#d%%H+?gk&*v{Ni8tK|YQ9uQ zyJ{tUJbD~2r|k7;ZD=)w)BjNMT7UYtkNHlQG^Ac`8 z4KmT`q2H^DhK`1b6IxPuUhdw^da!@BHKEcARWibhlWVMKPq(hS1IZ0%IE?cvB!`pD zl^6Z{@=${3==FBQTqxgV1z2cECWlbj091>(BuET?wMKlK%QD* z6YU8u;v8O}s62t?HH2W)O!2$W&rCrTU;9gsy5=XPLZhys|-V93BcuBJ{y4Vw?tABNR8k{|0Uo& z4Zkor(QxY@hMJU1+%e1bCH;+$r~0jO)APf-vWicpgX+SC=a`?2gU=-<-GNzF?qm$} z`wyc4Wj7^c9BHp?mSWOG{;D%3GgXFq5JG0G(Tup8oAFB1beaK|g%X7hDKzxoesV`a z5({@Q)E&lnb0>Mxw*IO`(~n61;QYqgo*hK=ea|Xc={#f%3F4+IYO_O34palP%r%YR ziY_o{x9;tD$EdxaWzpm-d@n6QT9HQq5E^Eppe3O~UA>L)ve8E9iO7-a$%!0`%uBr7c8}<$n&fe zi}2e%*~DOxbU0fAHv6J0hgtFqJyN?Tjwz!K3^ufwwMEU2mYcf7Q#uxR5XbLejkTB}VsdH-B!@=A$P z5YA3zd(_DVD}1H@R~QC(x3sp5grehLhx|T`t_jG!7O-!l>5+|S4#7iX)#oocCB-?9 zY!kAzhQ>!^EO{KDChtv41F}A`3`2rR%|EI|g>3DNt?(oxQ5rI^u&@UAHEBvTR>b*6 zl?^%ua3N`Q!M{{6_V4ph8UD;?r6aRg$et*MhJtUk?)|DAqHGRPsHOfq3eCn~szlmeSKs*-r&Wr0#J!qpLf&KrOtuT-1_W z^hu3F{(lBLFbR*qamFhy{ zgOXgX3{SRZTINaC_^70*+WTQ07O>8!%vyeWMjJXK^=~IODw;NiBoNON&dN4$Rt6TP zp1Rrgmi`Jx-fwqX*XzLuhPku`(K_`0Rz@AE0!^0&WYS8df$(otv}TkF``t8$-n_w@ z+7k_P`Wp>SA$`WaVP8|%!%kVW0iRDit>5X6GI82c14PWY%hpj$M#Cp)Li*;gBTDGX z7UPg|agSH+Ld?-MYvY;62vX#I@ky!a=oz>7@TqHu@EN2yh>Ax2z-Vp4lZ)(DB(;~o z;T#eaf$jDLVED2X%*4Hk7U5%-1EE3T50uCe5|uWcPYWY`-~>iWXn)chMf{KH5*g@a zCLo`9%}!MvnLS8|OdjQH`UC#=7&!8eZ)4oQjKl#P1Y zkZd9okRP^RN7>{6cxW+IHEhp?AZa52$okHE@9t<*2Kyt!bFT*wFL>Qgb~-phH2%5V z9tjiZqaAM7(=$^JI;gJ9DF!dg!i>e^21jhBmEi _^iSDw^}2kO#!7Jrzb!QmHz zFH{Q2BbXRnOlVEA-fE)0zI@34Bj`LXSlC(`*4|Eua0E{M(=`#t0pj51W@cx8HFk6~ zH8pi~RIF1k0R0Qi(3jCb-ni+(@sxo44gn72G^wMlIf+5-9Gi{N;e0kY0G{ z0yHu9a=qQ-aWQ?kxRBo$@KUSO<$mWq`tRsB?de6IpeT_-ftROOl%^=(b;Zl|R+rO9 zO#aPYP?%+ZL8R0M<0in;T4clo_Rj?G$R5WCRY#z`b$GISTURR>YMa6J3d7$U6>qqO zQ&c5o!8dIw)Gj*u8Jw(ih4{*@icYY-PCO1mKZ;TLt;U4L_n3+t?+li$_CB!cx4D|4!Oyr>sS_t0hpg$UZ+sGiDk9RLunCK@Kcd^ZbsV zPvsE$?UoPBa81F0w*Pg=klu{&@`>LyJwrqS?-=7?&X1Zix*{~Kz*5jAyVOS!0Kr;@ z?>4VPn<}hUHMR@7Ans+HguK;A3f_>DmQ&1UFWtXt#J&JOtUfzP>%?PKGaI=`iO&ztGyI@K)ZLMXW6u z+^W*X=&L^uU?&s6iQoK99y1TvHVwO3q+56YH_o6Ya}9>tk`12@vpSCoDvK*R(>OZh zYCdwwwY+*^O+FI>`oD+RbO28E2)8g&ID(A@yrQ4nN?!5JHDrm$Axb9{W?ISA%JFp^ z(Drbl=(GiScS+1 z%U7Ldm&a)ruHo4h4pqyJU-e1yC;C&JKV*O3UCJ+I%!%j(3mNAx1kr5l^kh!ldq6IZ z{~~C1Q{cFFu+PeSCH^+smvYjx9$~4uL!O5PtSo+td|WbmioM46_UZ7=E9JGrbwiN> zOHJgUI?L*JMi>SYW?asrqtbl2NHq^kVZtUw?}=;_(>D(*^JEKzIOhT8y}=ydTMx4U@N) z8@KmEh`wnPAE7rrnGC|5f`SdQ<+RRDjftX|;(r|@?38e6bk72~+es?UUAXpd8+E6U z8VR9aoZ*ODK(sKegBTlX%NU{aI0lqZ2EHG4*^s~#ReB*KqunO%I|9^Ly`>zm)eS;o z(hw!!>8qs-Y#Fs?9T=h zp%P)m$jKZ1Q15rg8k4OJTewyajcOX0t-sfMqflB3h1C5~BynsQe1@wX`XU4b-6tox z8;i0?CB0--O%ZswGJX0p>JTkhKIRA$peah3b1a1hgg&h};wTU&`-W3+e4A4zDrW0s zH)Z?KN9=rkk@@}nUNi6C?;pOuAR3ORsRXO-kq|Rom&Wu00#9c*7NCCsX`fSbfcTxV zH4t{-Ka<0i2}gNJs2r?~_-%8xhMst*^wzm8R_tLCtlSeZc*! zkVlGJ9RXR-*jD>e>(7we&-Tub*d;D%a?e|4&(+&wx{}_A z7pM?PMSL*42!~6SR+%T94Xo1ki6+=$Qo*Q-2_AXA#_6bH}6}9^6R`T zw=W7}t)`~E;-u9Zwr>!m3=JABhNTyKTmOSQ$g#!1-0A4)>Zm;OPW-198cA$$HJHU7 z|Nk|56`b%bD(a7AWg0$Z`eIZf;%F9P3EBC8) z4`nzG7=JUL{`KqVbVXhcWGC^5%xoWT?~#=n5CCgxiG0Eu;dP7DW@RZUCXp^7yI@7a^tkQCeJ{hzUG&%tjc&Twdmg(P%+ zc$&v!hv-wJ9RW(}L-^|l_o3nKy*evofr$gSBCQij`sBDT`*((gQw>2yMTZIaiP8tX|q+No)p z@IcC`b=g0fiAoCdzX#9*XmEU2Dn13FWh$&tp;;I3YqM}IVH?-du96vP?W(5#);IkN z)&*mR!*+UQW}ZmH`P2Wjtf+Ju`$R)uG+Z|WhW}RT39ZXXm@i`BIA-2}kF0S0KSxk) zCTOS~rM8;1A)=;>seuInE`73DgnfzBw#(fNV%+amsEe_|!JE(No9%W?-}IO^JPe#T zTAZ_kk=UuWEIPki2)|nZ`p!E?U00sqzkvKR;92p_nb-3%4H`wP63`mqV1$c{eQ*F4 z%7^ws*R4mCq8Ap{!I5(uhw+ip-+pmV7$T&u+Sh+T+y8nP#l`Eh!zpX(=;%a1e_RNTLVomqChZh2&lk=^Ola zX=Uf&cv>sX-D>l}?gbbU>Oock5d;&5k7b%)+8kd0MI;A=2A)TnrlyuI$cYS)`Z=u! zi{;o@WpjDA7Pg$;C(o{Pwx7N6eHyht7)v@g5B+Hm=mx8o*zJUsbp@yOcS55%wP^G+ zb1%IW-F_951dyew_EQQ_RHz69HvCgi;oHR5V)yyf zlMXzc!}0aRcjxp0inp)T1sf8Y#>^RF)p0#zv!$!w7PtE3Tquup&jkSiJ~}TXG!U9v zJ~qasldYfqvUCRzN z(h{)!&0C1M;vI$(nrPKc*l8u~%i;3Acp8LQcyu5Z%lmeStT_+#C% zLo3=y$l`!U4|HbJ4PhKm+gN#9+7veb$DAkv%EY^@HN>6vKnN4>+-CpE7QU_Kfzw4- zvIRuWPf`!2ZW+zsnm?hHnzSkT zaH4wz{RhMQVuniJQ(YvYRkby#|6WKcGmJ*sx8tOCvh2Mpsddz@mAU_ z@UBlA?cPRO7EvkMps=TP!Zen1VCT+^$$b>pA~#mzM;5eF?8a7Re+y0)eSxgWBaz-bRTco(mg&!k)Zq^)(gOKT z5hK+s_SZjYDUR5rOL6RBx7f==e4hlu;fe}pMR17vLTzZfzE~sq?Hb{PD+?C4T8Li3 zNvETahA?V4o~U}SA!ENnap2w_`CVVrp8mBFIqckwsFuITpaZs=ehO?_Llz@JHbdtj zu^nA0bX9H5f7r^7b6tszI)D|KD zOTm`Z(TO6Lh7yV*b^w3Ops(z|beIGynU##dsGZM33+kEoWQD;F`;aP){2VhL2N0pEsFb|IhU1LermB zrFx`NOP-U8-GxQOUXS(l2tFdqUg-J^-a2avwG+b*xly|Amu zwI|OYlgWl-cpeO3gM{2C1qPt2@EUp2wng4w9xl54eEZxy3UawnOHIUh~91W z3j$6TF{iE?^|n|lHEA@r+H*lJmlIza;g_Aq=|0Tl=JdAT57zOm{nUF2QV8Vrr`&{vP+1aW#(z)MTnu5fef}QI&ZM0}~HD7Sq)SGW+Cb zu$X5o77h%oM%8C;!aRLEo}659MQba3m3$ZI`)`yAVpwbi<`yoeZhki#8{Dd>$#I%K z69Mh`g6H5Kg% zHE^_a+;`9i@_3$1Pb`&nal_7Fg>L9L_Dpt~LJ~v%%HDKG2k>ew~qAw!8w;Stu&tGzYcT31LPYm)U9tM1a z`GjX2lZvX}-b0Z(c)$HzO{9|5UzO?&SHk*pb=DL~(7u(cR-g8=kK_{U$3L696mUGf zdd;k+nqVOM)D3gA)SsQ|noGN=n*OrW46Y$YSCam)ChAV~{Bm~qU2Ui?k59hv7NSvH z+=FI#o(|50%p+m-*Tk#fXWvkr+E9Zy1cWnOS#{)X(`;0!GTem_CLco6RAK^c&my%^ zs>|ZxSvv~?BJSW*5C`g^$j|pQZai~|jC-%UJbreH8fNa|c?R081^7^MGv)L| zb~Kxw?ir9_=yF_x5dB%AdxWDTA^mqhza)FF%TCftkXz|?4N~RMG29>mG=*8dEAWRC z^J9TdubEB{9anegT|!PY3RSx4NS1&>pac~yCbxcUwfWiFRM*qbEe*p5>A0PKb*N$I z`)zq=d}xiluDA!xLqKFBOrpzwku;u+s2klQ0=ZM}dVwjg1PT%UQ8?GKOa>?2ib3#mW~N zYVdugZ!^XqC=1V}rTdQG_IA#ZNQ>+FiK(&GhvFw=i`u!V;SGfWJ&6pK`e2A)5NR=9 z$-mZ3@`|h9vrZ1!5p6Iz-7;}iBmGdicC{Ty&=^LXtsplpH)B^Bs`7h^CS<%aVLS0LE~Es z2_n{EFjq)l%A%5mwG_6!hQFk|K-~q6$<%Tu>8N=!SuSb3NM5+x=S>q^gBs<%kD|-U z>_h$n9YzecB&)=H@1X!Q5q3%T?$zj*j1zRX3(?tT|D`^D8=BAe!PX%D?UVU1G;K^Ke}0CXCZtcd@gXE zU{?g8JJD4Mt0{IF>`hcg(?K2OeRVy2mW@EZw#4L2L@yMnGsM4tK?3hf6X;~u$Jn4M za{?I%aJb!HL8PHad06;)8x*}8~m^-rv8!9r%0+QGq1;?OGOY}${UoQ|8z&V=5(M&2He zuZSm1N_y_$^NO5Y9BGnm-bV?F_FPOhrO9t_*G1$gQL`z03NSM{M;5N8#>Obv7POyT z`xmrkQzIlr`%5p|iL$kTF!Z0Er8W&+t3<{S*ULeScRB$3_3QoP`qH3pRX)6Zcv#fv zTgGbIpF*rtQ!Pc!dtxX$77K!f`BnH5acFR!eC!W;lL>G21GpVa#&k5hFa4i{fPinV z9t>cmR`w@VK{=#YanUphv;ikkC_@YwB%$v0q}X$fp$CF{J=cwT2m=Cyb;Bam+ci>Z zS)RZOtzgYNru#`kHl9J&43?rZtxbJ*@% zmDK<8b2kjNY_?KsV3w+wTIKyZ^s+zV-!ukHb>Bt9Aleq7$c0Sm_u)6_ReyCdI{_KsHl9Ey;q?h!z zHank-7w2tkEs1fUUA7Is#GLbuYk0$ngK+>z#rlYXf%CBolLD+qN|m+qP}HW83CL6Wg}!Ol;dY{q6equ2Z{C zomv-NtFOB1?N<*k{49!uLm}Hu0m2LK0`tZ&++RjO2bx7LME8Fu>h=?bbzw`SV*WuJ zN1x-U{Fqr|Wwnf+Sg+1;>C21himHObnQ2}XexZGrmf&biW6?W4X?7G<6zdJi-f$@| z*)&u4JI)~TrSR;1yOe|r=p-KLB&#I34R=brGoG)5DVk^; z2yQ`Ko5Wm_5AMO?;_>n3lkdvuE_wdAXIgopPun7$*=dh|39=qHGT=Sg z+Ie)+@E=So`7&73Gqrrj#6Sn8Xxl(I^g^|%V0-$LEf9%glC=@4p0<4kfkXOh&NXZW zDkJZ(i3&|k3HLOX4gM_q-UVj%;T-H^TR7q zTok-#3dF(8YN7V$zA)qj!~-hxmA@?LC4L<{A*4O)ulV-vU6EX$?4PrAOL&hyiZ{nn zig2Pm(=n_q#~#aEdyF`?yYgnzr;Nq?ohff6R#WWOc8~E>^kz#3T@BR3DnSFhFaGo; zmOn@gdmq)De!XhAi+=7dqhTT!SH%!V>J&>l+~Ay?KOLKC=gqQZM~ z426M{^F>6A{@Bo{M+n2`k#_7JLsu*%TS5NY`M0!(FQ*11=uX7l_*#b9VEjXSIV!R< z!MwOAUhvUET8IfwL{##Cd%R|dCjjp>@n6nvFYK?lKhnd3*|N%Xsziw~0c%yLe6qS} zF{%}_IixCoZ^gaz7z?qgYg$GIkr5H_qjK=29W5^IqKkeRz+WqsmREYyc3^GJ&koxV z*6sSB$3ijx>rLI1)Hb$}v#afnL@z&}#%;54AtT$|=KWM6=&p_ETn-V<{ER&MLxi96 z+mL{u7|RAXNZZLZCB)uX+zn3-Wz(M((&YA(Zk#+#Gtc`x#pRhr4`1}1ZXbaCJ@I1i z!pxKMl@fN6b4iTQYsgurlD)nBxG>zi^+7p&#zjO^-N=QXsf*v;PZ&Qn$1i-pUpwa$Gn>9Cy#po-7x6!5N z>e%Smz+3dRj^sN6ddP(OrveMo!uGq*cE8W|n>xy2Ij(5!k}uRFqO;1Wfl*+8Gk5|7 zk+L>~sPIp!gq3rkRpVty>s)Ojuss(G_kAbmoTN^ue<2MOctaz?Y*ghFMWTX#-agv> zXZXv%&Q0}^wrY}*_ZXAC&~HrQCFn8}S`z7AU2AzX)LXYzN{O@vIR{!=C%=Mb^=XXw zUeNW>_LH++yK*;JA&p=FiusRpNA5Cdbb<-LDX!sTUiwdls<}(tsjy!!ygm1})*#sM zfUilw2Vwg_5#`rQ+;`dZ$4t+o_v@uSaL@2{_|%Fme6#U7QujNw=k6r$dAr>HN`=bZ z16&;YS$SBLvBTu{JoNyQ>KSu*-vPII->2~0?ChUY_Fn@ZlU4T>fCD7IW8Ur0k?)o7 z9OY;jz_B{O*R!~;>z?p)AKo2(XP} zNmlRe(z;sW2>JbZ_+yd`D{QPU qAv6vH#=m_%sC1;&*HdGD3=`_Ry1GL=PGv^- z4SxG9@sdoliO)}@)mZf7na9va!NG|!En*kFy}d^h9RIj(+f7I~7~Gy;GtKIo?JrMC zM(nFKWa7gK9CR-Bdw6~ZJNB$;-xUZtx=ANg!25(SRIG->d^z=c-|6#Rg4&U&*=zLr zbMX(qtt8uQ!FE9kq_p`2@(*(-SzAFbCzs}n^15)Ba>~>H+CoOWyTdK3C*9jp2>yAb zJR&3xIoVulVK#*r3Gl3{A4(f4BK7|H=^*?|e_Kaw)S%|YuC6y%E35G!igjUO=H#QU zB83jmi*$-vw3>*QvK~n;*E9iW?wk*=1k=#m@hF8L__()?XCr)vYeOPQGzjfNgZHzU zZ%{sUPEf{uIns(%B$4=egu4A!ZqXTy&PU5_P)`EYM%U$PTXan2Hy#oRcV97f^Mw&H_b!xtoo^}vxLCTJpp@#uEvyE#*yJR z8HQU|;pKe;WjY6;)Ve472rW4+Y7{AlLs?2xBDDfxqYWjAs)ipO_+rcyPkKDv?26+- z>P-8i0S-|ky1~O~f@yMBr6j}N4Hzh)=YfYc?O7_gdyFF)K70zV{O9A~ev1RJZ z9!eRFW-!Ge0+!ytwSYdDRUI4?9<#dOE4ScF&-($frIW=}mN*OfdwDsuJQ%G))XWNJ zZr-U`)mUJD5V~LrSwYi3Tju-}vii42_5&Y{`+@LDxTTP3##Y zmfW-_W0f`6HU}J=kEDmR;>gc8#jWjT>i{iSpu&|HIIgAj>D}}R}laKP#I=Jj~ z(|B+UlF|VpZR4*zp;wV(9n4|gGNr7xUy{CG3v~z?}AHuq3d1z>cWB&-mI-& z^{e60FQi?9Bn$?fvM9DdYQmFs65H1BLV~uuA~5dmN+_<4iqY|Y9L3Mo#O0vtxjHjX zM%YZkq7w4nkR8sGqafiMs2!-Upqexz86tbi<9E)K&mszxGW)l>^bZvyRnNK1<1EJ( z4$gMhV0GT8skMt$&JT#(zw{Bl^$fUw?iW%mV1FqGr2i@Cq=!D~F8I17_!+bPHdphZkWxP*+>hQ8>BsWqwc(XM;C{!tkVIK$=J^~L z*Jo!uFzT|~@5xZwU&LaYltqq94zD2`B;0;Hd*h()j#Ss(B@C|Ym#1q?YD`p`CyTrH zA_%-K=l1{{JmL?v^f|BCtw3V_cNW0t;?Bj|=gs#>&vd;mQ>C#Dmo~whxi`70P zbq;2^d9R^PURD!2c6tJ+ka|x~w}7EKJXqDGZ5MwRCZpcLuQ*CQ?oUVrOh$bieC)Q{ zzDG8toCtmpWcl{P3E+s*rZN5=Qq*&u&{yB>{w^kbNsO;B>fouMwBQ*(7ln@(mz?1Z z;C0Q2|54uqU}z9Qn#;J0uN|7>Rf6-`m0wbk@}~ME=L}t>9)J0X0z~V_Ulgv$Pdd&Yeu~V+{s0meX|9^s)Sl;ZNsvtjMvDG8d6N%>8~7EeGxf) zBr1QQ!?`)3A*z)gSj;b_Xe>E6PTQl4%Q`ka7*?Vz;rQ1q23EYPvOY*m63>a>(crFY zq@Vcw)#eEnSj@KY5txE@W&oNXFV1frS<}vlF@I{fO5UnbpD}G|RTqvGNx3nEK#($H zoOpSYh+oD-W@Av~4zvVyRkuRHLueBL2Yxqg41c#-r~W z9Y-zZ=c0C)-}M()ev+H@cfkSA=EV9)cM8WPf@`?jNYn`ly92JrE{*lWIg_ zX?JEFaL7WuLqxA9Hj*GqZrn!KJ1dQ5TwBs}e89mt_- zQQ~vveBwrd_?YO-K@^wJ?Qx%ey_JBP=l86{p5aw4ip29)#(5bTu#vf9k@==~O6#>Ha5Mq+ z1;Kt(Bd>O?5+1cgSM47eSHb8OO=-C+{^^}q^iWx7hJqSPRMOJ1;hT>niX1Y%5ljpz zZ*1FB53{%)qBvH?A$2_dJ&5nn?PL{w#{L|XEgdjY*q=8U?80~nysKkz0Oyg8#7aRl z5)*l9Xg>e-0SGSt+00R(y1EY1gS3!;p56cF~B{May$tBedmJJ@Yd6#X0Nl7;oG*!h# zt_@I%k-qyu9OP)G();|!cyt(ug#FdAq;wQzhq7QriC$7-b`w7CT4P#9RRJrdAn|m& zQ;!H3(t0U~OMIMIC8|O+5W8E_YJ~1e>&v>Z;I_al8s2nu>>em>3qEZp0(@L+6KpCL zdrOB1Ms3Q&7Y>JGJS9hRQKLWI`@kt9$i6q2IQ69Mo+)G7ZncsTaI5_9jR>I8XAgl$ zL8(TF_-$BmRuRz_A)xADC2L3>XiV24L3crJYjyG zg}>`G^kq(brRdR$v78HJE%keK=F_F;S8B}bdHw!+iu)Kv@_U$rLb?*{ zbbYsjG>ZZPLwMISo9Narrp=OohaBj}%n!ADsoCHP(GMzv&*f3n3f!+aEQXvm)uES#b;$WEL%rg44ItYI z-h@VK#A{o)K~yo`mQ-ly;4yjx%AvrgPQl`%Pq=O*Z|`m0;Z!rE(b8AX&cU<1BIu8f zU+3GZydX4x(@QkzHvfpE1arY@5p)kM7o?QSO^y|Kz%`HF8rCd2@jt1hly~Zy`Vee? z-(?iS$FH(SFw-5zN;7L8mPm^#0d2c0Qv)dOzyVhjs?XwRq!`Ei=)4HzV*cc(c<%UX z5y^VGTi33fC=Cx0&5o-xjpi-ewqMo-$ScPQZ!I;48G6h-JVL+h=_Ch#YBmQ2~IU7o5LX4hJ zLwEiO7mDTj)^+Xs^>Qn6;)<+Hwv47zU=TvFZ2nF}J|QNCIDRTyNnDl;6gBXB-UY9h z7!F3t?fq37K}ZfOLr4&CQoors!lz5dD7EnSH)Z4IeqA%)&hlY7&B?6goSQb=D7Vc` zm8Qs2r(LI@$eo2}wdIZa!KG@pxyWRs;a5AgM;7Hm=t43XLLjDeRLY1Y3>^=L!@F__g6$9+-abM@^NDB3U&Xb zfxtAINOW^)tb=TZ`r1q(4<69n(1VetVoDchmCqz$PdD3_g7M=9A*oVjz7Y!Q?Sf`W z)%1nLg|nyc=Z}Q9lpL{eIUniIe}<9TBz^^aDH4^NVzg6uZuTVBA5j-;uf-7J{{~_0 z?2r{ZxZ;WVTG7V4z8vSE{@2jI8Q>5AS2O8ZQ+|4RJbjn$(L3S0XtG*E`|rDqsS(o0hT zpweAR6|rc9io;S5BKaUylHtzw#d!1SPH#nd%pDZd#~-!T=os75?zrBf+F@d3+uSg%8qcxH43TTU;f5n=00Qi zhR?1w5PJ{Kb8LEl1(t z14s{lBJv}nbTl|)-}U*)f$6dc3CU>N?&j}+Hd%ygP7b;D_C}5$(1XXIEqtD$4%9aY z6#qowH;35r_Et@@u9J2HST;1%F_lE6oc44~G%nfeN;C&$ zXxk3*d2@Ip64KMq0}fZw%-Gi1rxK;0LZ8k@RU-p$B9p{jd%%ctW?I&ZGredFJMctJ zC2|y)a@^<&u0Jni&%tV&0lDyi$8{KFnV_w8D<*96C%Zg414b4HrwAC%Zp2b66Lx{p z{}Mvob`sDv7BqPI0;-^Uu*MC@x`yGpt(#o&e%CLKgyvT8Wl!HY@c!HTH!^5x3Fn&w z@g3&3-S=zCyWyQa{jpivYzdu$w3&>NVbYFF=vD8BwW+v&H06S`j`~RGyX$sj?HTA) zrgJpbTqj$nMf*KF=OC(a(bjm;o{$eMC|)SUH3tUHhU|V!j2_@j{tFBs<@?3>nPP7u zna+(QgPzL1GanWq*jJpLc>P<3UKH>$r2oM)G4b-U-*Y?hZ5KTZU3V> z=wXT_sVRyvo*eRGpeapDsj6*T^ygMzg<&9`ivG{-Q!2-WYNSaZT8|m~J!#Xh1^Aqj za?s({)y?9c)?i2yB)xZ|CbwsBC?mQ*`eYyhRXDPIPsBE>+~ys>%+OGDna$k8iUjck zjnD$WScJ1@=iv3~d}A%wL8g&1&jK#kWT?fnc9s=8i#o>(4-}o;kv8Y3i(H3mQ32%$ zM}wRCq^e0WRV-f9%wh5eU40Kdryqo!RH!+#lv8LZczb^(Q zy{e%S1?pVwh!OD{Y%U4Q94BmbUJ4puMqb$vclZvB}Xhx`nkqCTesYCRg zKWue*=K=hrm-Za?^fxUWEtWZ6a-FXDyq_k4o&pbmld&ic>GR8r$DMXgFet5X&wgG) zf7;z|m%w2l`a7M&>%KRbE?*WV8!A3jo_2dH4lEq|_x^k}5K62v3*--h6e9_~9f~kU zaPKTd+FFKYR3V^-{zMOLmKg-s=0=Xkp6>rfQt1*3WCv8ng-RTnVHxeOu% ztV9Q)bgA*Ig*7To5(rn|l4a!PtaeUa5(iy^b4f(vvE=?GRnb2s)yhc(EAuc)NT_B2 zx4b)L%N$}32hDg1b)2Y*@hc6JY%$s4XCgNQV>`KR+!5Qt@Ih5dh8Uv)3&r1{aS?7 z(;yt{Ds0E}6o}hpoSaeLAe?H0Y_229tbKW6zZMt^e9j##;VGL@T2Y=cr}@0%Bm z=2H{8lU7TpU)@55!kL_jOcBDkx;(?eIeFxq#oSwz-V=N|)(q^|%Zm?Z(t$gOKckdo zSWH4=k7xXgW}75Ip?HwuIRXeYkUQ1U(Q29b%NxdUn6NaDp2Z#KD~*_-l=0X?#QxZk zoNUr>%$s}Q_4ms3L%!1E_Vr;Y_Ioa3tMch-{-c1LWfzyy$k=XynyhuU^Ca=B><=U% zQepro;z|;pgsX4PUP%y+a{dl_{HGI`z{dq?up)siya5c$hxlm$-ic+2r;IeIk{a1S zAYIy0tliw8BW##K6F(s+Fs5Q7j(n1Pw+y`Lh*C#JE^HwaADFJUg?5 z-YqnwXxxv#Mt6~-t2frx))#T%HVZPCvoOlT7!-dcBDhCQnFWf}wNp zO-WF{2QS!I!0zjsOP#^8N{hJ4E~v@O?i`TkIq)A+u45qjRQc4hfM)#uEghd$rn?rp z?SlIXS>5*3Xt+rdAVy0qNCd<0mfMRR1ojlHQ8$*Ca}!WaegNy-Si?d?=y_wt z_@YCYkyqXcTcRR}x{|3#~7MW<*WsA?Cko`9zwI3>%g zCCx<2+3>;8C-PVQG|6ASM$e;rl$}7xXp+lO^^ZrQqTa?SyeEfb1TJo&Eg0!t0?h*E zX@!V9+YLqFhg3t20iQUl+@ZLKL_vAw92K`DMX$WTryc}gckfm06DMdrM-%Ynz1@+a z@B4OoEO-Nq<>}=+LC#Qo9Q2S=QH@Zq)^lp?l9A8hu@pZ0*c9?B)~ zpeV&W=}YJN4*F6l^T?CNM2h(n)EmXsE|Y540uU$|cJH*ZjQ?W<^0SG&gQNv3!6e=j zqbfX7?ZG;OPu(u=$gc|AaE?{b`{X4yeK1yzgc#~q9Scn<9B-!pcKK_z~$ESGOl zlkF)C@=vO2+a(_~O|{n4SlE{AKg~evA^RaKSM`RZ^N|qSF*?hbxLGQ1RSf>*V_P#9HY70_%7-9U}>_$1`>He-zSef zmf^mQ7+iP=RR!u5#&1R$WZg4HK-T#o;`RPudAx876LvGCRSc^ zcBl}GQFjw(2RvNd4xhujFv6{uUBa(|i@kDH2c$0d=dEXf9%?ts`4Sxca-5~U=ZBA1 zXF^|>{UD@j{SLRPQge-!F;U}0PmZeBf8ST`f`@{zTgB#@qU~;%e}nw%Cjv!cl+%~A zIqjX}MK?I64=8dZ4==s;hoJ=8T+g49B4E(%(feqVp;0Ro!dIM*&5pSy{EjyWt%=pQ zqdI>!AY2xFt1w)qaus~;9?MNB|JI{WW-s2!Opywp^d?h*?n)^qYU7C%X*-VM1Up~v zSJGHnLjxx0hK z^t5nZR4u-FYHRzG;Ay#a%Um~zD>{*Wf449_6D5E`=VkqHh_73|XkWhVRRb7U|1saf zampF}RW(RE#VZP!{4<4;R56(^V#jKEL86JdUPWvQvDo32adOGUG89!HhvEBV6AGSa z;(t8zXb(Pv7Ei#zvN!`-$0jH(fs1{DPjITf*LZyFiowdN|Dp1i1XQv@1p-_GcZtiw zk)cRtR&!0-6G>gbL>|tTxx8@f3*)4Yo0Ao`*qPOGP&3B`Bla?$P5B41{~tRr=xe2% zl(A;5SpU9sV}BOcvld0`@^2ybJe5TSMB_`a+>;gRg|e*|L3#@^Sq>(1B=k4pfAtNd zoyNEz1yo`?oX*bCXk(=PFGPJ(iG2=r&fMk+H@~wxLHpa9>&%R7O6f>9gq8ks`mpo1 z{L~YlvIjFfDYiV2Q9HvDOzMEQCO;yYd~SpP{lTpH9lbZKdcwW=b%*D-_o9aU#(kq5 zAnl9){Mxm+(jm|tvVbb6z$%p6oT{cawn2ZtJ7THijP>XMjvSX!YFcjUCpsA4l)5yW zeYh|@x&A^KdLqH*`O3*{Kcv#i$v5jC3qvIlzI1csg0Jkb?qVp$LJtdSeYi6BlOxPT zP_d!ezKTpROFvs*!|wX@JhC=G&J21%hCxnS@&7)JU(=LSKAejin+T&AJt=9%z&FKQ48a2|0A_Oql+^9qIOY9K`Hd z5x$&{D)>yl%c)s1g`{ss}#b>5y{0^22zDOnE!c!Bz*k;M-(OwK>cI7RR zLdWOzfw%D~BFKsKHfe9F%Yw$R6F9Q4Mw@?DXr4bERCK_tA(TLq&k8~^XLrpMORG~9ct45DWJL~$FR1}`Zk0BNc5Lm&t zTc@X)AP1Xh5?WIMh2ufS1$dqRg$y{m)Q`PrFM@EbC6r#$yz zIwMoYz&l9Ko;uc{1afRCkf^Cki;j&&golpCVQ7Y5jb1KHlH_uxX@$Y3=$m?+~Cg?$_s*PPtUEWsg`Jm^PFzIJU4$R%)l?(6#MkJmWNuYbmSyRGm&+ zoiT>84le|Uv9>VBRAnugGSlckXb}|D5{B_`?%)&2%QCKRSASC#a>_K`_Z$dV6GD?8 z(!^4mS9vP}(P-XW*RgBTf;30e81VyNNh$h{G0ebT)d%mLVgNVZcS zdGUfM5gDA<@1!Ooh0lZ4V7V8j$!#}pmuo|4R?+U_0y7w+ zSr91;NTbC&01G;4X9*GH*JNI@sEG-D1Vk@<-Z*3fC@ZEK1_oz5stUzte*;7#`rs=~ zOw7D9Gu0}KgtHD4={#v9&|T(BI7Ic-O7TtWXC}se-m^-J)bnlSX6i?GSrskFBgFni zXz9&_J&cFWs=NIJFMZ|d6Hml;B0gfQ8{?#+W5d#tne?Zo93)C%vCfKoG$}R6DmEs7yXi$% z$i6hP+r|fo0-(YBLS9O_zwpApMk!lUZp9TB(8Eco(`(zd;Cl4OM5%J;Lk!e^2|x)b zko!?2cl4({HU^C*m8ar`rPcTy4M!Ll zJ-0DE*!>RDtu0^ugx?u>o@4{cGe2;t>#CNVLs&Pa|K@4n^3T~j@>>&Y?JbB2RvYXS zuX_~Hvd#aX8E-pWKL7;Iyr8N?3ua;Q{iwRXhuDcY4^7VJvar}s%FP9H6w6tcr(j;l zJ6(g3??hCe{p0Qdxja{A^z8w?MO_x}vyS7qiMng)F-pGuqbIyvtj5EW$*Uh0W>dTs z$Jo^eTi~Jmk%F%8>LCwTLeXr&C4P)+{{37ho@YJ~-~6C)po9V27P`Ex=XCXy_ zgLG=pN3EmMpGk%$R^!hg0SPauBi{j`qx>jL=N|zj^%~jd! za#I(oIJKt+ge+U!nGBx#Jo3HQ0+Jw>)YP}CT``|!7f~XO>d1L#?5;Z>s)tT26c@8& zEhNU!UFaUz%d(V~6Qs{sU?g@oncUyE!z3DlvzDIEobvMWcO-&HC7_ar3rXcF7o9w^ zUt2|F>A$K~Kj{^YD`0)XziYp}-TN7PSljnLs1^BKz6@(v5Qr>inz*I5S5I`8*E`b+ zgFK%*YIh}O{kH5o2i1Q>5I%1=14#Kx2d(sK8D{G1K#;-j=IJ3T2i~A5P?hy@&2AaxM!IY}&<-HyX z<@Mk!=$o5n>~?Td4QsZ#2ors&u|i zE-R^$W}&UIot$KxXl}%CD7R=X^(C?8Cy;`8B(x=ZhJ2nUK&;>gXO*3OCE`x1ShF;< zOW2*kOGQ0zSnYU~p+b4u`g8dK)lnd#_0KvLApDv{-bnT*1Tk?aabE$WPzBLBiman6 zS0JV;TGGR=^!71P=ly*wa&lSaU-cCMl*Z)DbS2&JTtHM6ebR1G^K@Ob4_4r16l|UN zI4r(`1yxuq6EualvCEhaoaonBCDpliG5^8u)8Y-`mnsb|s~gtO(HU7pb5GV|)N{mS zc7<14KNiD!{!;ms?CkOeijxod`vKX{;@c`k+MXbqH}@|FjIzue-NXPcx|3f$R@k$SA>7R|tbbo7qzg@pCU;Aa}0fmBuf|==j&ToJ6 zBunkyoAlowGuF7Qr`g?%&@~oGChcV16jRvTZFYEAd+N{&~ob$1!}eif#VOj`6Z68zkNr z_tJAi8DlXgFt55UUt92ywuy7crt~KLpSrtK`(E_Hvs&fy+_qx+4#nBUFoQzS0@cRV zdY+ zhp6mORYgytK{w;`#VO7oF?Ke0qk+y74lubtdw|VhYthNpsaF5x%pVn*QA7UBL+;HV z){N7^?al4)chmO>6s}tw6y`~JzBpu)o_>7z!0Pji{K>)TrJ%6gUo1~r0S<%5ZJ^rV ztqS^P&-brQx*2M;bG)y6X$55g)RO19BJp`{%=uzQ9WKV(<*JQ(EJDJ(bgr3OHsh9# zhyD;aACtqfE=iStw6weTe>GWzCnT=aYxLS2_j&ZSFO|EZZpNDuw2Q)Pfj-);c8`%G zg&gerican6oq&Q`!%nFw)vNVC-pN*^vD5`YCP$qhh5{~q**OXw?SYCL)f$G4FP2b% zNSOh+z8P3Kqt!i>xVb*XrF63tF%@MbU3}ZMuFx+!X60^#?}_hVwS7fc6{^^dJSzl% zO15t;3hR$1@(2(n4%DO$RR-g`Az9mE$s{pM=^x7wnbcnhsYB>-w}3hK$ZnuSFX1># zSOfgxK(7+R~|_cQ8g8_b?Re@lnI zlvc|T_;W@Ez`il=7ueEdcRi^k@0s?BAO9?BC8l&N`}KboL)K(~O2@B7;^v8yCUu8( zr{0d3KiVjD{Gk$aD(WgGZb>vJNlG5Nzu~+H!sfc#)e9yI$rm0`(h%**Tg%k1(f`FZ zuM+GZM!b;pvaenun8-R0uKA{3$0@2jre4)!)0}4%XI)R(Zq!bO_Jsxr<*egpJF2#d zZ9p&d^$l9IYEo;!V9ak~He;+q{)lBiSaSKZ zG%vM2(|iiFV~*;ZM(%NcG2R&_R@0ij(m#&fs7+RJ%lusHVVa*urCc|$ z1&M#O;8)Jm)zfxHEER-^WfAWaZk4tMiGXvA)IIlBXFx=F63lX3HYEaT0xEhwYQC+% z@6vi6<}P`k0sDEMu@cO;n(cnuJ#WT5bMMzZD>4>!J?>^^b|xMtYm*mU-dXW0HTtB1 zEQ?CJtT#1ZXEon_f)DmvUB1`*ae@^B;z~tAnUV?d@0NeaBJXMAvQ87&`0weYlBH7& zP-r*>=fhySQ!enQazApgGxYEU`05ApDT>4(f6MCpHcG*246aU)kZit^k=#_CBMz76 zVC;ogI^%2z85`>m6HA;YFMgBADzG0+@8o9StRoWQ8unXeGVD? zq#i6$_!XNg&Ppkv;%F_5P7Y!S8*+5CRErvf)=@XVtw(pB_D#b~4`wUW)V=k22OS3% z^mkBIJS3OT6U=yt_t;=pj^Fwc3%ANx-1S)GQiN+MAOJK#eL;OdM>@sbaI5-;+%HU% zB(4AT5m;^rObj7DF!MT^w6s?xSy>H38usjf&B~N66@mbSG$bCivCGKGIeK?_-luw0 ze+YW40ZWu)a5)A1VQ)X^n}TJ?q}ahEbnbXyWAVXDE9XMUOjklJ`_s!iyQi#}0{dDK z18o`8H+ee`hiE%&4Op6PSM<+~s1`dfvnp~x!>Kk7$&EDhO6j_Dy#RF-;-OiF6fvd?BVa?xHT=w8ULtj9HMN--at0&( z`RN|MFla+NDgIkN#~b4N>$3FbnEXXpa^>mA?>EYj)y=b}jD+jXC>^V%Lefgwx&%p) zgOCHqYMvMG2BFi=M#U#8Z+^~otzg>M2EduMk18w8+Gh~pL;lltfR1XiI0}<&egtUq zVE;O)Gp9)GxfA?y<(Pd98S<$Q5V22sG#>~`LSfAf+u!ebknYLOdv1eD@O(zk{};`- z%;+Qr1Yo`&^*^NRUqS@GSh07V*EdQq%}Kw7gGV$3@{!fa<-9Dh<`NTV#*;b)if4Bn=u12U)|-9Qa%vkC=VD|~y}_*V1F1Fp)xsO2ieht_;=tV&L8mo%ON zY_Gnd8)F77n`-!C3yADZ^Wj*0qd z8zg2Zm;V9-mwwQI|Mp?j^ugTIvqpi*NHf&m&P-3vWj)MtZ;H5#Oz0_k$ST92Udc#PPxb9Oa`O~_RY=`+1c-#S4oP5N_N2&!=*>X z=AMfhD`MWr%gQ?P=H}!S+26+ktAvtQ<#copCz4caRa3I@F$|NMXfZ{^KJ*7#*sC3} z;$05M53N_WP~*|3x>24a#jv;jIX^*HDd~L*7ZQVo77&Jn!WIbK%R@ZpM;R`{p_&~y z?p8(XbnGSARhhK0gUN>IT}rjUatSz38on&F@9Da$Ka|1llo7HVW=86ulRwe6RK8-1 zN=buf2C#_ztUU~Gj7-X;{o6~lvJ9~9zzaB&gAr%>TESAhSxK*(Fy5VEkSQle|62UN zU-ljM#}ne?6T^k13$j{wsHAe}i}COv z!YlKbm@tPb9cDzk;z4hS{lJHvfl+_C))1O+!WYr1)K%cu1+RECHBWVtyF6VA_Qa^E zs&O4W1wDs5r`64wz-hL3mTWQf>k@1tBmj|UAeE*Ufs)}JvAQ*WiqC49_uU*$5}H|l zTl@bD(*6I;*lo!b+)URwP@OJF<>b8>)7Lw_x*!`ji;4JNR7dBrEI3F=jWCVk%1S2Q1qJ?_uLr&~+B0sAQErLgTPK%(&F z@T^sH>sX|(&($_n`+TSZ!3B%*YTD|r@?p>LdQfXOd-?0;W>d*s>>QILg@y&*%(HZJ zF8IBq|CQC#zLMG7^jz(8c?{6PShK&A|A@$YpZFf&%nqc2i+FlgGf~(AHnIz5Hm)z{ zy+i=^7q0(RW^1xeMxYua3Rdp?F6rk$>7T3T&RxX(Lz5nbIsLEAnNfIvjz$)uC!*o& z0pk4{b7_Q?k3p*_ytlZnx_&%mD^f(EU|cIBY>@48=a8|voY*!XfeIwL9JB}rtF3*| z(^B1@URv5lsu`y8Wsy0yJD?>=mkv)d=o2gTGNRL1eMQ}N(=;Tq5?t0+k02|G4^dFZ zwAu-}5LsI+wSlA~){SgTd2hb()38^CxD9T&5f#ycjd5b^ z1J50NZ1P)R=l=<6`k%n2yY>40W}wkR51NLSmk>Jn{a`FfJdU73!m9`;IDUQ_J%xv#nYoX8 zZDVXqvb(DLuQ?eebcp8X%l`F$3|)}o`=)Bo^}9eP@J{1jnF)$sC#T^z-M&q0UBL@8 zO6@UviGqE4l0IwJWaZbADdPQZ(e=mMaFtdUaPV=K8@Ev9<8yw~cnvh!Y&|VB;K8d2 z<5%l`Xli%xK9ax{@!b##cn;?sJ*@8h+OBZcsv7O13Mv3Q&!fi)B?Q*EOCOD0XC=^5dtk1emva9p6IYXUrk*A^ zN6ssoct2Js7f_qr4 zXWG+_bA-(UX0B=kz~q)SO#F_h#JY`;0odF)$1ki`oI4M4m(W_ zz4JD44T!*`J5xu$gl($}!l-}7+Unv+IedwHaB(uPR+=SG#%6vIH`zv@kf33?#=kYV zZp0i7+<#cO;LfpWy;PT^XOv5zJYv~ZR&cjV_~HJ<#bng|TIhLs)c-ybY;}Flt=4t? z#gw}ZtO9*Q{eB{h?>A3O;2t@884`Sj1H1#?o1l<}v8P#TMH8Km<-Ql?KX=i#Sm(XG zyaBt`g7+<7Puq@*1$pzpypz{^z(whIzy8PdJ>~A=TI2muvW(mQrCsyCyw{Ap4>rQWM)p8CsWU=MqVGthBdsmn=prrF&Hs|TDZl; zSWQ>M#8li83-%)-US!m+-v(Z>_ZDpNR9k|!r8psSJ2sm5xNE8rYDhq^s*va-&@D+sv0 z`ZrcCd4lz;rUx(;P_>UlNMh_}whS9>rS1stEZ1Y=;hMwE{Zv1>{`^j#`p=hmV&Z>? zeg5yy{Rz-JnmsOCE!myUu@@N~Jq^86t*evMGoJ|mh?>Sx$tSl&Q5~q6^aI&ar)Tb! zy6A(QJOJ@%HfEQEiKrGhtDBN2M;W$>d$TP;OUK)>Z-I^;^G$-&Me%qdMm`2+8i8PL z?ZT|suk5@W>F=p&SR<*!eO(~XISpA9*jl*N?ka7f#@6cqOu~V*Ujq7TUV$j5*H73L z+IT!|&%VG#pJ6d^pzNZUW@r{47k5934;b@nb!N%cBgY@38^M09A(zW%bPYsAPfPRq zkZ}3$-yWZVj;Bof^LXvoeEc?&%SRUdD>T(VH_E@^pUimLYIaoRkW@Kzp~#lh-$);^ zj14FF`&+P`KN-r`^jkVZh_$bL(MM7mNBk*^$Q; z9_@Oaw26p_NBYYQhGo$>(tSDK;X}uGbBc%t`#Ki(-WFn4q}7{q*t=^7KH%+C(*DM&XGtb)yf-3 z^wQe060hfHJL3zoWsfocaz(^&iOobmt+h5rd=F7K(2aGY=4`;)Y=PFWd%8-;tm;X> zc=(5fl9}`J#bjvLc>Q^)=F5;Hb1kE7th{{ds`}ns9trX3Jvk6I?kcS?pnC1bX6eKn z@D%4kE_dAZj>MQPC~awPR{wgv)?og%@O^*@fnmzU>wBc)cYFN(0ceJqo4+d(d>Z&V zqket0)_-5iiC6~hep?bG`&@fq^{aq)zyNa#>Q$IdF0-r)&H#0TO_%gr` zx^=vKpf;xZi-Cc8wb?e%IhqWw0c(BKyR)-4wBYOOYg9cw&F9Vb1r2gM*N9~_;Ue!X z4Q?olII74pkiUee?Pi|K-vN|}6ph5KZ>;}6RGo8-ByZg9cLzH=vt!$~jUC&zjUF32 zwr$(CZQHi(+rKxtH}_5b)k!Cv>aKpOp7TBDbAYkDpkPrI*=ks5*oMc)UlT(^V|RD; zr>X1B0K51{2O}fmF4-o&DNwa$AQ9+h*B>b4n;}X{hJ&p3QRl!>9rr`PA&jb^v$i%+ z_dkubKIOwzn-YsU(*21Q9a!;e`do`*1=_tK@$=)j2GiF#$dV626)NP+n zSD`Br`LxE!g)5O9BoM@*S_2zA1LDjy+ly9!@`vv0=xr?Ew$;J3`{NMrYYYi!;=Xme});2^l`11Djf*h)=t-{g59eYy;G}%ThV<@aQR|Y*y9BV|K{?xCT zYFYxJdr|ZPEM**B1Hp{eM_7k?(2IW$(JyC$H)IaTN1^gCt}Dv z(KNd?GQvp2Sz%>OZ<~sAKgASHi?J~{WMM_#VFHqu-A%nfo;EK1y_e6^IEI|~UA}H) zz3S9lbS+jja5sAY@}vIjuYVHzCjA-th`r5L8t5A`SyZp4HsBID)JT!v)i?ooX1YuW$1Fm|MO|CzV3Tw+Y5ji(DZ=hoZq{ARZufokVn3>jK$ zFp@wBbue-qNzLpaGCe}89}Kd+D2b2lYFw&>O2oF&vz)ZID;}OTBUs2*U}bc(gEI+WvgS5jr=u)z#&_q|oSabdf3* zs?g8J#y4F1xW&Wo%!THIza39wl6vpq!t19P-8~QfAJ0t9K)(M(1Nd2@J<5H- zPMQIS|H&)@kgiQU=xGPiJg_5hk4z!F?(Q%z&Jn~A96~CcP&=ikBcN!(ja=CW3``oB z1J3N(LE0%yd1<{2#2GVTp`jxpBL|Y$EBFkOSBc8%B(gaOKj=b}s)<@wX?H#JLR@F_`E1FI9XIxK zCoYR`eR4D@p0$XcO64q6ZLG2EUmTT}8tR$E25)ruUP_SA9!`4+(@Yb=?0hWBs0dwF zRMOE_voDYKDj-0YYut+^BL3#UuBdWe9bMnrn%~qX-`Cs+sDeasBJgm8XBwB*sp$MY zIr3|7sk1OHZp`PhCM3TTpEWHvL4=!J%ED5PJ#MBizJY)UdKFm>88@`3kP0}s>TQ4$m%WuX zgCyzjVv$6Md?8=b*WJ}avb*@bgZX#i=dz~oe?k+sjmO9eWfkJ_IgzXd07g7jVMiHU zoh;v-_Okw_*a8|i%FSb@4o*RL)I{L2P>grFt)YLrg5{3!wVu*v3kx9=gNH^LS&EG~m06~Weiipb+bFY(oAf36TadksrQ+0Q9eR#B4 zHga$D)uu-eUV^Zdt5HBWr6hW?ist?b4+CoSl8ReCtu&v9$!kA|7`4?xmD=O)=0%mE zx>VD88UKf2?n!Kn+A6#pTB=1HA-6Q7o>-ttBZ=7E?;Z_Z#^`X(An%PoZQq2 zRMS75r&m)~6OD(i+*&QYssClkTWSlKDMQFB#KHGts9G&!a){ok0Zm5%m2}Zc<k6FS6DZ(lL(D(-Z@@OLm1#=Pb5qs?y9C-fv z;yvr#J@OzQz=MZ$KKz~5;?g6lgQI3M1te(zdlxLXBh~DinC-KXcF1knH}#A#C?^9hlYAAITq?mON-%% z7AT7sg(;eCHj~I*%OsljZS5`QFfbgOfHLp!bTr)r-GLS}blK5y_V(LTb9a9~O6KuY zrr+{cPK_0? z;=G=2_&ntuGCd3k`9}O}&%i^Pu9mvi=E>QqLx8eo-m3pHRlI#)rw^>76J--D)bb-0I zrM+1;BA$HBX1SeP2S-Si=3}*T(W(gL%SZ>E2R#_vrb!Nepyf)0pmERelp2n)VJGBl zW7bAM>w4ql#5Q0g%nL`4wRN;a_o1DW%b6QkTckId6wsGVbFp%pe`5+E*#sO1S?Lc) z;Q_0y)apof+3(55dpyMZ!uY3TaXsV-^@Mph6dF&5?W(pFbl;bkd1<=e z@@wq>I~teXRDMpbZtpk6d;K99PfHdLqWd4l<&@41nF2`Eg&TKO8|wcY?kDCB_=gos zi0NH!*@y8|kdI7(Gw#RkZO^Fu4;%_f=gT2xHVI+aPukVY^ z*JxvLXS}D4=gzXar?axFRkT<_)1W+XwIHK#4XM={XviS^m4DVhzXrdUKFVRxgMLc# zx%!g)_Onv26B{QK4$ljoi`k3Gz?hPvTik4{ZoN+DBirjtXImaC8%s`9M`WX#}*5)PD~`1G)VR=LkuB%Dw|#z-`{S;B+csyFO=n%|YQwH@7%$EEvX zZZ~AFKsLPf)nTg!Xf=#QFS$<<)>%ErFG#oPmdfrslJR+yiBiKm*<=q zz*a!LP4unFY!+cW zq~!2g)O0jdKwlb2`k}{PN4al%UZ5SqXEFY%bXZq3J3YGkeMwb)%)fb*yLvjc1z;9k zW5U%@Z6u`>kr!!~{M6OCxPHdyDk}ig_>k{6Lebt$xh9!8hpiivqnI$m%>~2M$3k*^1H+vDpYWFNj@;> zf3&Ln9_N87dE#T{VeA7H;%rDEny^5M$>8vDlepFq$4wOWLz?s{;qJrrnpbZg!h&fX ze|B)%F3l%j&z>fL0EaGZIrgNRn$MKd`!`!9vU+Tdzj?8%tLwm8U?yGmAvP{XQ|Rha z(_gu#&AcT}e&7A}%umqIBND3ea#BoC&`-HaF5z^l4g#}9;mO*S{cw zf9NQm11oo|Q=kGgoorP}4&CFbii^=e7W?x>;j($Wx@MO+7-nhz`ANwya zJH5RAHnZ7iWwX0XjZM4&X}VLIFV6=}pBic*^&*@JcR$#L6%d+FZ0f3racFL_oU{%U zA9A-g!g-Os$lv6K!WpxUROGJV974W)rwb}+@s^vwx@&71EZ*HpI;-o8Yo}EKyntQ@ z#w-D7H>Z6y2_wRvgX}y!`}6lt=>+(o;>p~tGEx!gk|}-{cUNxIuUYi5MRx}nFOa5R zh^wXQ>9ZCD?KetvIVGQ7cD6Il)q(;43NDU0g|Tk>i3ITrt~*`&pBY_+KM&&9XUg$> zJkuo?zP`TBm#ZZSiT!n%kQbjBtyC6IUsAETDrKi9{to*!bB>d@DtT7ezl34@KBDtF z4cGmCQ#EE|W)_n^L*}-OGhc|>c{}h?ZRq4fslhGj@{?0|bmc7y$HuRh=AV^Z3B++# z zT>25@JQr_ENk^J#{-`g;XlnRwDkAc7q#O08ZrH+;6{{Cj7a!do+ak~nW1CtkO9e-v z{GwK)Oz~FiYk|n8w||$-V#w7Qtg5&f&>0Du{sf~b%OaC5O!K5rn=C*R#@o@x6GNJA z;>6H=9_9;hx6!xRDwxk*3PM{H>8>@_*?-yCh`*)#TKgOx>4Mg7IGt8u7%zi)9M25Q!vj*N4@&HBzsDI;28k=FNubUk9i{b z6rabn&)MossaqI7T`wNeDLXrLd*V;|En!=|^9#*DykEM#Jf3s69FC4dvbkoNxuOW! z{SNOlPA`tPUIhF~h&+5}BQMDgD+!BrxezZ4vUPAIzO5qxuf7d=B8+9O!^FJdB)oPU z^z^^EEzI{<=YfrVZ>7A~bA#bPA%itpTEdfqdGaO?@l0V#015H#Sd7GZWG$nip2a*C z?8V8^@nPc?(j&R4VrhA)&v1I8g2&SGk8)z_?B6Mgw+CS3?%mvGyGu~;uPJFMuyL;X za?{K#e+=^-d-p=#yz@4wLro%kNl3} zO>Rx{6wh8&?rnMwFX`*%<|_tATzo>{PP9S22X*flE%}oA4smw!{lcf7idqDFCm z;q|*Uz-aGZT^uF&PZI=Xk}-qPXYJ}Tb{emq6i#I{)~{XCOZ|KMGCw7xBVQseFE&Rw zA%)6PMtoJQ9urGE&zrBlkG|q;ucw>c{%GDeS6f@T904Bhj~AfN%faEE9LTK2E$i_W zlM%@mV%Xe>o1G_<^{k5@SJvHjy*n87hu9}~sCl~`&gOQ#`8P1}X;rxXSUm%&U>Zu0 zo&x97X)uJ$`t;r(T0M?kN86TiNDA)#^}zvNu0v4BPMAJ6MEof1Fh;qHfX66Vmn3}G zjB-~oH-_Uae2++@E1;mB){PX$>QExTFs~w17MvksuVWqJFSf^#VQzh6l^^;V$~!LAf{l@(+e9*#fG+&Y42Bt4yoo&dM6)pTECyi1JOeHXt1b&fVBs z^{Csp3-3~}e-^i)wEr^IU6JzE0igI6pU2m#ja|+gAQ#z`R?zEWX*iFznEaW|3LDr` zHuO@(6XU?j<-~sw14BF=(HWyr_Y>CrW~t>`X?nhRdXPW|aT2+%WIKnR={Rf%-uPdw z`D!P1MkjUXDP!`(pcN|?Uk((oA^-%##P`kbRpMy%_6(AsJ!Q;|HmD^PZGf`ed-{M1 z+Ojbgqetxm?a)^QC7`g?+Ut^L2Qru(*|+`o_R!p(-#4l>Gg$w0YI;hLqto*QT{TU0 zReH)`k-p-*#CNtZf6$<}SROv)8qTvs$x6~0eR(EzcuP#&S5ol5}F`sRf$W= z>LU9_wF&Hz#x->rj&4kCaQr9ZeH`Vs`B+7(3d@n4pm_y{MILkl$3~L^rWx8yi6$jX ziT0*4*fC`kIMhD(o$#dmw!Xkw_N4Qs=_Quhjpj8Xn9jd<@}_sfyc7cWN$S>hcM^Yy zAt>`mw-OK^y<+a7I{!%rxri=Y1Nhk1${8kwhz91nptp%*JDIqnTC zIj}Lag;!CgG--ohM{$$giwLJNQ6d&3t(rm2HhkuJdW6qstWyr8s*{G*B!bGiCeuB; zFozUdaG{lIm>2*G`R}*Gcn%(A8p<%$u8&9{b_=5P#>D z&0TM{f8XpHCPww4b=~-yan}%rAak_f^0z;O{FTJMBtY!*tjNzTN!5P9ZqXDaCCy<|Rp~&*@;NJtr??*mgdP=T zUQnr4$!#*9Ztw(G5O((oCNN3+J7}{Vl}ihV9}6~dV1DtmK*Im_Wng8E+iz)4JAL}5 zvVQw*NRDfq|IZnW<1I||JnIsf?rwA-7B~VFEcO5Fe0q8+Ua6D&i1G9*e#es51Dx8z ztoPGp+Nkg|(xrZri)b{DAeKAGdK&YJsfY{B5^^KICOrD)!9~IrJiv*=3**U1;8_WS z^?;9%+OqCW@ca$4Jh!`;gzp$99?|L~auF#4%pafrXpj9lWMf2goVi?)_r3*Vxt9`G z!<{WF&5#^ppy{W5H#se5q|~8~f$7E+ydp;~a-{QTn5xjQzOtfnnyzioJBTX+jXn9L zAJhwN$c^BF!mS^V{ZiPPiBMt=0%`O4NaWr}pCnbb{k@_IAAp`j|*->N)~usHfSu*nwU(a6mS zS8+0QGO#5WvR7*%v0x5sk70t@OL3PO=&U)8IqcQnS6HMb#ZZJoM%Yh*fK~3df|Da% zh7-0CvL?{V@#BhybgXm!Cbz_|;E}P9%qpWu*Y-yOO<0MysD$QO@B+STfzPD7EZcYE zym9&ZGP=ZLjg?%0@9-HiqJOMp8v5f|{}=9s%#b^_5oXv>k+|fdXz|dfsp-`axHT-6m;m%Vsk~9fh~pPihyRM7 z`W!o`AP#8%j$Hnl=*c*?OW+PYiVWk@J+>!U~6cRS% zGtOR0*-cZv7mlF5O+~gPyfQ1lau=4@wRH=>`34`;)&97WlrKDteG#fDQ)^ZOQcNJd zFvbs|2aMS%5(+)azmkqXGty#`i=f@wMsgUZnb*Nk8(yi4Yzdq}+S*kK3EJ1OnRn-` z;Qv;%f!eHPXQ3bSJKQi^(KqLj#+~f#Ur#7DnWmJqp35{LP=xLf^1YbWO|H}Ds!x`q zXc?#7O~P>}^0s{A?<#r(P}9-ydGH!11uov+-U1~CX&D)N$FitC`yro|S-a4SC`A@C zD0U{M`_oHVYZN|@BT4LR$XW*QKj-O~3B5MAKxn?N3ShG>bsE;hqAteB#`$TNXl3cJ z7}z562Os3S;v-jq>;)9zitoR~dpyRJi+cJOhj{2uOz;DXXCCv-vxkL;%k}I%C<**h z1Dz;KRT16W9z;KsESA|*wm+SA`)@#^{i}W$Bkp`4@-M9uWA)u7!OV_qaX~^UDL%!I z9rcixc6zYK29NAU3EkDlX&sF*9`u`j4Y`_`MH{9`=iH-^Kd!$gYqpQkk)V9&8k2&I zd{0o2w+jo}>*`;i+Ci$?TCDi>c#d2nQ4ez6qlAc26r}y60b5nCdRNQ|Oi4OO6 zF0DuTh9v2P*?HfkWbF5Ea_08t*QL|r((lxb&tOO41f_1N7&X3`EesQbka3ljUtc<` zwd_(Q?h__q`Ja>O%t3)@ByREt6*lio_jwI;V;;lrMLME-Q!>8=0|S5AoVW$bJ~|P3 zN4UP0Wu3zjkE#T?q3E(ZFl0i6Ph;KydQ0Hdx?|$PJ&c1cbywWeRJ~x^skAABo%+KZ zE+r#aZ_39;LgP6yY}t2z^`u3e8a)k(W)xT~3KI&^5SdLupKOq@Ro@ks36XY|)XxOB z1b#koLVc_ajya_zk^$TlATlKMH57JsVHd$W zr1uF|t78P`3%`(t5q7B`gVj}`zJaoaeZo`RlpqLhNI9Fo+M$tha&P$AjUFGg_dmor zj!~U)!OYAf_j>yG@}GK#nwVvaIp~~OcX{knj1cI^FUFxb{kB^ZG|l@E+HLnId!$zvq)&Jd7S;& z-u$}MKKm};Z^bg zc*`y;l7Zx-o6D}ysOHdNim~z?gr?;{aTbX;4rIi@{_`pL&@IEq82$}9nwh;IVpx@a zM2D#mRh?Mq^Xft*cOc>!YH^?F0B*gkpx80lJ=H9ok*=4z-srq?+1n4SkYsYGcX+Ci1{=V{!C_UG3!g+@_Yr)u zQ)9DwUW|-fUHw~OpH|<|(QuUSBPr?3VNIm5lUvusTbw2PYCbLR+%Skz?|;yJI#(E; zr9IEY)I`y`Q%mb>mER`l<;)a=OeQME6mH$6ao6x&rzBZNDP)QGdr>-Df6}_^i4^y~ zjlT0XDeUO<^fWShKNIFO; zkDCS;f}g1D>Jg0kk@|R)2TgYy;Lj&OXm53D0}*RXcViv9p766VVj}*d8TT! z>3+S@>Yz4e9Ku{Hh^z{G3$=0I`MmYMht~b0B?5Wm6z_93+8SlM(_`6FmfzFf(rc5g##Ug&xK@ibM8W8OS$?Hh2)8cw}U z8E)v-BU0l1hWVRUJ8|Zz@Y*^`7v!=SJ|VRv5?7F`S6%I3NjPak8D7 zzK!D1xKa*?@6>pBb$#S`1UydFtlU@DA5&b{RzqN#rc#X>^tx(68`!J^yNSZ_|8mY` z{M3Jk?s6i^tph_$-E79b-(ip3xX&nzZNX%5K?<)`R%^O)o~=+D+x4~)HDmTM@1Izc zcDe@K?!UXhY^7w@#D#}mQ$UKr_0Wnefo9DY+L?8Vbp@!Mv%*O&XPcOoF{x2{nI)CI{+gvI0pize zR=wPuoV@MKz4ak=9IcFOtz7l+dCzBmj+QYY@I&B=E%|<(ZUuU7DO6Jw@G3V&7+BMA zmN!7vmekT!{_RcUwCEDS0k!ebrNgVL%`%F4Y)k^HOs1r-t<%)a)>LzD<40{%C(!Ac z3d4uO{UKG^J!4(_u7FQp9!iE*qcDo_t;VR1i-Y?R(>VkS^Dxd3DHHiqzPL=TWYo;v zM*f-@ZIjI=P)P_ZYNx5(vQu+qXh_1fW-79?q1v!{cuLJj7}S|{mucu*=18|<`dY(H zSB00v`%LMve3o8=Ue_ai4NVlHLQAAlCGiMhU6F?1b*;E#6iTMPJb#exNmeoC>xyW4 zITkLAEB%9Eep~$G<<*De?Sk$}p7(fu9w&+$-3EEZr?Ls6?lAfC^+eb2`@pcMH6`|7 zy2=vtcl7J4h+!OVL?KOR8tnj4c~h%OE~Q}+e3EfW0mYuq>%!i!q*MVHAw~DXd0_Lx zFTrZT|5nG$+fjx9A*s`D9>ho}W{R2{Mh5-sx@X|N)lxQ_$NgbOhX9S^`Ffiz?O%Kp z^zfHnS>g~)IJ>MA`n?GhYfbTsg4fqZUEE zK_G0?)`7o>vB=({OFk=zvjmiXP)d9dW*0yUeg=g`=5QwT%=a72WL?7)hPQ{{r_`FiWXH->( zLW!BIFc4RKbVYgv(*JHOarL?*rE?oueJCvzq21~(-1X#ku4H7|&1WbM*y?!wdT*xH z=}2k*t_&<~0hR#0!Dp@FgO!yH5F=@V>7sq^_&;~fLH`gz5n6QEIxxf@^VlDPk; zi=m=#A-qx!?b_4vNnaWzztH-xZXa}l6a!Y7JPU5RZ@r&rfu!cT{^0K9=CF9O=byn} zk488&q^y@C9j*=wU0K_>>g5R=UEC-{^6iF(GD&lGrSf7zhV@uUs$GwW@kVA%CiKI# zs3PP&Yv+OXH&eRt5881u&ZwE-7sZQp1EBUj126F{_n0k=r%?d6)D~$YvUTG2Dft^0 zA6-x-2Q*m~U3;TT`q2?)San=fefiBiRvXrBa%xH)6-_ZYP>eMtz7Yu&FWDM(Ec1q; z#beODG|uC60bWn$WBRvdXuh0%^Ur}k{pH%giXF1_NNL=vzxA>bHWccXn(2%(?lX71s>XNXrPIDD>B{DV?X z3-q&0jfNfL2}>T&2U*`uX*23tK!tF_|zq+mN`S`U<8c05M%c}a)yjGMtt zX8Ke`nyN0*XS?nL;*(8TE3yZT#6IT4M^qGZyu>;zVqUZQ$JOv7RwG1~AU368;adt# zw&iD%FusUK0xaCrWx8)WRNk*vM#PfCd3Dz2jA@l)Mk=fqqjIALbSUqw9Npw^IXoR{ zodwg&cxLrlCJtF;4)^iVi~PJQ^Lgq!(rkMpzC{*7drJ#~0yNC-eH&cD#dvmke^`Xs zoO4*Xx*KW+I2x}AGAa$^v2px)`8|bbG9Da;VoBR&S3@t*R69LjFKgD!8++H9?X&a)!q2L_<@XWJv#<{eS*)+ zt!|@jMFsVn1JT^eLuxVcslEBwzx2vbOZ-K-NmtFxJi*scs#ro%Yf`Eo@n zj;4Jwa^Wyf>_NlH{*g;NLAUa{zE;sIl^OCo!cGdYf}@ls9(hZdL*X%2MA=|8#0#)j z%X>W!olg2Ey_2Wotc6{nkq6Tu0F$e$ikXqK=!{OM&4|aw-6E`9byiAM0Pxf)i!O zEU8Ufr+q9JV{xJ4H7A6_*482Ze*Cr7?foYR0rF++I=_+Mad;`-{A>%nrR$YdU_f7m z_{Azo3^RlTgciw_fk_s{%1$nu&;gmvWd|$x(#_Bt6b4S#z{llMWx5_1{vZ1a zLPKcPCXeAgOdLEswrS4G6rAI;4eSF+ypW zf|XWxP!11Sm0DqAAa+ThRVi6sT>kwaop-FvP5c23u0moUH098f*GS*P8Ss;?_VOL24qrRT179STMVW3;=X;kO92oLuoNnI?e#~AtAQ)Z1!QBO=fY1k-P7Om)G z_RJ?ZyfLaniJ7}5OcepT54k7)Lo*j-PtDsB9u#-xX;loTmVvwl`m96h51+S4Mi3d` z9X4mL_dsFS^X=5sp`HmO^WfFc=OP`Lh1YjH#6h6i=~&oqcfq4Z0Yo$a12EqESh|K* zxxeN{rS6`F`MyFQpQ%)7-(4=(SejCsbILv;(Bc^9$82K}V zu_q2o+avG#8$aLPzuY2;ssEPzg{~QL?WRNiu@8<%ifW85r$hLkNli4+j~yi7*hu&B z7?mul9CNt1sL1;n*ulEB>G6*wwEm-;ec>KoHlu_=}pBGC{mSnv+W; z9(nj};-yS+2O19u4`t!u5j2x1h@cJ|j?Rt)r6ADsBI4zD0@f=@&J%oeBZj(XV+=FIIVI^q*410{0wT{$*k>id zE~IV72kk*Ref|bp@kkHZb6)mJ65`FhRicp-c}EFWwz-M3c}K_^=G@3?e@HvW87R@B zgF8EEDAa2$09;mwJyDZ##DGdB;)&w+O0m~^?k_%Yk4bOkMw`*st)YJnJ(bg@N9-cP zDj~$=#Zhjcn9BXrxUvq{$#-W-nXoIPv8fy(i^iDY_Xl;2iY(3$^!#YM$FcPs`_U6xOh0 z6CUYTr9SgHX;6UrUi>iCC>e{~ki*J! zs{tZ0yR!bjh)lChEe)-PD&wDH?y3OY3P`obRP^i{6wz|q2TyHrE3#-GFO)~|Ca#OBf55VX-z1r^_EZEp2uM$TVD?%)xV zGN;+vF=9EZaq(~+&#SJ1+0w?Ku#cPUFl~ zYyPLANx0M>D)JoD!B)s?q=}@^lD=^I4NWSpxl7{xyU-5h6<#=Fp5`r{IqyVp7J^gm zEtokW;g-;mpo&ok9z>BPybnl&QhPQjrV%-z7a@g!VJ2<5+B;tdj26yWzqek1;OZ1~ zbxGHQ*m+X*CiHmredTEj!hslau>#1L1!0SyI01)de){9{O||V9Vn?FtI>8rI#hdBZ zTQO1_NA4~AV(+C_c{s@T%Bi`XKMh*!521eW*SXC}(Z$BABI3;S`4xZ+t?!*5 zSe2G$I(JM+XP5R@wB>;P#|%^V!}bFZvXa-HsHzjT2NrYfdzAfS}ji!Rf~a_WE*Nhw6;C zV87smUU395LY%#u=ke4ga3YRwmiP`a!>5Rq5k8?IXkl^I2A}o#(=>7xzvlUB^Zhp3 zCy&^QFGp5%fxhEhV8i(bEFW+zB@6Je@N{vETvmP+IAH}MTlv|#Jjpot84xCM^pu(G z#3}pj(LUc~QE`4Cv@-;x7h#pwZ2nD@YqB3;wX*5@n9xL~PZJsjWNV!*MBPPnNlu)o zS_n>WHPnqO!nM{E);6=r!14z_^9NzHXP1_c&ne(1t;zXhpB4oB&vnVPXvO)={k17| zRL-e;LWLq*H8LXMaydlKk+l#@<%R4G?6z}u@+P>rpr@HPtI!$Q(Dp^fKGfoOA{f~W z^x-(VabHUHGY|L$(h$ag7U!5!NnX^DC9WoN)|(7%ASrH$Zt?O16)24FP-X@~B`dX( z0u9siD89EowRmBl@KEv({6t=m@4f>KX30&X^OPZ`4`)1^Jh!26_w8!5^IY(j(DCAJ zt-FVvAKc)wodP{4Fkm;wi1zK^=N!!~Mk?ja*qA2}po_;RQBG)(d6+gac|JBS1>EjL z3~s82D2v)gUKI2J&tH`QYGAxX%{ufX6b4%IFgv^45-X?h{*T=RiXKW$;``!GukHRh zUQz-p>zh>VK6{v!LCj!Hm8SSDk?vRVG7>!+3rzS9rJ4Lp6K<}p@ zF6;bAs^~$&&d!TzSGTeI!6%5Z6>IVdpF=*wOgit2et=EeRLIM15PJCh6*FnB@>_NTx}G(D+8TPE>Fxu2Y)t0Qi|+U*uL-r z!#-_W0_^vFXX+S=%6gH%$YX9XLZ`aUl6AtGYXUL}zp7w&o$a17sqS8Pho>hZ!E!?C zK;K^9!h(aOlwFFI*Q9-_shUEVQSX?jYfw@bUI|-rrADMz<8t%9;V^BCsxH>h3;9 zN;<|*vsi`YR5Y;ESf$h1*3ojavjzGGb9dRC<$)`2k#;l#q6s?~g38MN;bZ5^Un3!j z`|2p4Bo#T2iv-@9&;8%Y`&xOkt{6FMZM<%VXwXo7>Ccw_!I(Gu)C42U1UA%6vu-pj zdYt-<0B6Ax4CLT9-vxr!46A!lE);-c9l_BFA0H52U-_Dd>k|hNC=h;~OSR=jJ zr=^_C&O5xUMXqr`osGDM@#&hfIw}UU*A$=dw=BN-Ihbo_x%AYbb9@{^^C{sIpS_0 z_cM{vSFXMdcU$iGjs}OB@r%!c^%FR=KMCghm>tIRfyQL#9jd}QyF5p7GjSiH{J30i z27;!0%zW$Zdc;w22NUQdA=T)OHJ8(dn4qYAswn)vPf!0t=uP80;t(Q6iOp4QLf&r> zbfauHat+OTOOg{g{>57TRx>_N^QY(Kp@&83-TEcy7n*A&n%{;aS&A|Pz_`?mp`kih6R_80J=U@M?E){Kh`%4#)j z$Mv2t?Bsr8M>bSf4yo3=@jQM)>oIb9cy*OsQiW-zGe;W6oe?AQNL4xPGb@weIf3z1 zEKnbGzV1n5iC6h8hsfC5ftld7smlheh+yKJ2SODc^OH1j?3bA;9k!ekG)h*QbE%y+ z`7C59v|yQ7=1yXaMddu?4@@&s+*OS3YR_gjgjd(lYWvN{{rvd%4yJ)ZOdOQIaBpFS zP`Y%)Oh7t#z}yJW&gwxe5dN z1!vF?Ys&_Ts&^`LDpz7umbCctrI3H_N^iHrY>KHvVC7)Y!xw%-<`P$iq(ez{r#BO3 zQ-=}<6J}SCNgtMc(%hAvic8Z@4ijb*W*5;8Y`ZAn^;yY1a3=)A>rM8Bnxy>X#g3K! zLnixoeq>k~FA_0@MLM*f=H#liY(%`|5jinqUw>J7FJ7r74Q_pUc9`4ukH3WWi|Kv= zP1Hk10C&1uz-`);(j_y$!sIT~3)GQ-ZrK{L2G25{LW@iLL@HXOF3DH#9d!SyDMrdX zRrxe9k*)MzFUwb7aMW<|>G514paw6;k?r&K3bdZ*%k(!zgM)>epxRa-Xs2-Vv7(+M zT6rfH;{7A}9F6ul6Kf4nlBIhssIIwmEyyO|~V^)jbeAy~^bJbDzXwVm3J- zMZ_$2I(Lua&7s9L%rnf>S!@USnXL9`BG1V3jsmhRjTI-kBD~&3+I_OiIpM(i8zFvD zW@OM?GxP}VX?7CH3MHM7oHMmWM&y?XjyW1@7sBXOv;3uLR#*l!Xmv)oc}i*`S8k(# z){#kqiuFT^m~bQZsm0X6y45G%9)Qid6T2mOn|KdE4F*P5YjNN=4^wj0b!c6*HhH`? zVxXZ{S58BjLuq24allPN|Fc~j`{upm7FI0F-(e{YbWkzfzBu?QK~8*Ac*G8tKM)Y%T1cZPD?XS4!m6H>X`;tI^#DHqkpvZd#>L+mtgi!T`Fc{aE5 zu60naO8OW>nBB(w#M>;ztACEU6EX0EA_yw~Tj3vXHn$J%_(_dB)wuPAQ8v9l7!Y?y zxM5*3t=Vqy(fk@yr|kM;W}5eX!-9Q&&4NpCsE+GAjn88TJvK6ZCK%|HT$S~C%T3YI zZnb|MOO)&>GOHt7#T}O%N9!v*{~fPJNv=S(kLUAn3!G35?(%=n9geHq@T2SNyjpa6 zJZG5!GfD9Q(VpP3^3-p1w0S?m8ls8kUCr#agXd=*!1IrB#@rS;k-_!O~efx=aJ*)l`I?0pqx&NjPvv<&O(5d?N!m zaoXyTV%n9y(U~X_ zzmqDzf5oA&lbb>~fFBfVx75bIWo~Ys-!rD6JzGBd1meORw7M^t_q)9;4uT z{w$k*e6nV+@h#qHG>g`{F~%uncon^g6v31j)42PjJimYxIs5Z-n$h+VE#a2(ncSO7 zPBol}jq#5z0*QnR0PE3{!BrOnc$da^OxN&S$vtME7h`EBkJ5LVxa3C>@zb~FL4CJY zT5e@hw5I}F8CFOTHqTB_6+5iGrQ@0hh^N(=blziO61h0ka<3Hzm2lJ+X`A3g(6PCT zn(UT>SFp%IuW#31Uy5tCgyt>%NpqrJN@AHRyB!=@@pDAm$(2Ai|{ zxNoH{4a2$W*FzF6d{w-+zv_q>uV^wQPEou6Xx#0S=ZODVCZODZ4gSTm>$@!*hztKE zIX!Ig^!uFbil|nh7%rDQ`Jn1IM^C16`FZ)ww6g6?=g2Ys=)ui@3tk&o81F)1?Q`ph zX|>cD0q~SM`h@hD0$#6GSBRUm=BTN=T=aiWlS1?p>aZ36Hs2;@XIX(zs_plr_imH> z6NWX}&%}^{wVIyq5#`v^nfE<4MAjao6B16}R}rQ$;uJ50E}|fLi1Bz4HsKfhkikAy zWQCr;#abaGlJ1VmLEXg~WD@3cQ(4Lfv3R|)sjKVx3EuBpN6P2#IsUfjR&c5`qz|H> zD(ZK+IVMVgvbCet!W%3qjf}c!{jZdaZfD9^V~h?MSQzy;cDaS&hdkv!Qo{o}1d7CR z|Ld@YMx^hq`%ogx?uv$ucIT)~2{pQvDHypElN{X;PWSD=%wpxuCT?`1&y@zpC zNA0dITFX=6dNS4q1f=GhT9ozo$D~dV2(`dUAXVlUd-F>f8ERzl=}DlO8yzz`aDrY;lL?2uf|ub5 zsHx`CqETIMRM-8e%=JI<&C^ipX6G37+ceI28SVK8-|6)Zr1V^eLD#+kfvi})_s7%Y zB&L%eHJs5!*hKN373H@3QcwmCoF zueT-iR@+ciOr3|Bg82UrS8o{;=NEl#BgNfaOL2$d?heJ>-HR3&pcHp^E$;3VcXxMp zcbj?U_kSdL-<)JJ$$XmR-22{Vowcu}?rVi&suuIF-y5ZSWIuR^LCcbl|J5IbKg;<} zXeQ>N<~a~BWyEv*)iENSimcC*tz}~tcIF{UR!e!hu@kZbL)D7`NRf_J={2x%v2kB! z!v=8F89+81NA)tt>pdXH^Z2SQCe?Gdxm4fIQiJGP#t_> z)Ljjjk?1?>wdcWJ#~5G?j00{Fdv$-ZSI69H9qT<~p2=<*ZC94a!a*X&oRHTp14^SV z1NrL(9Nyu-+XAUlM1B?eLRyL+$KtV^&9mBj{G?Cei`w`RF7e5*lvVGdAJ-_UbT>Mf zk0#0W+`Ho;#;TZrF8e;rZkZhgdGhmrn&nL)C5sQ?Xe70`y+}WD^p5MOS_V#}b`&Y3 ze{1sdvnv=iF8s-Z%HKX}#g0=C>w+;(KGziN9a{@={uG^>)k7oH*Yf%0F6qD)cd!3l zx`wlRXD6iBjl)aV0Gt4{Aj~I_2Nyq6R2OkvBf*;-8{|@VCK141>Er;Rwj-hNH8qCD za~6ZLB+GrRR+>WGhQc%y?xtKMK3D|Aif&*oHN=YS)*f`N`bmU*ik}qF>nb~omZWNuacMT%=P@3V+pR-E#(b#1rN^lgXg-*RZ z6}?WuvPUN%6k2KDu9z)uT570qew>Y z%5W^7;cx4A`l%wcvOXP6{{f<6VxoA+r8TsV$cwR#hhCQhz8Glhr={l@=o&^GtaoBH5)fL!}kZj}SPLMv~$pu>11r{@JOq`ely4)>KlF*&Z^~JX+xc z4t4`KYPj5dYi12KsZHDSpI|GA50Mey+0|&RWh8&XcDuV;u_o9|yu{?mqboEc48a(w z{A;N=28^>#pejJ?GMvC;Ou!vCG;9-pJ&(k&MhT;XV+qy!!0Mz5gTIwUe|X4mHcu;F#T>o#W1W0O6aB)% zvbBbXS*eadSw5ZkDODZB8cC@CyHF6cUzBcmW{6?K7hTCfP(PYj1qA?1D!v8=G3vMS zh>eIcW3yrw8EbE6mzP8Ykb4Lcc`SLoRbbli`^P>JtqyjzK#lP|Ieg>W&F)ttS~Gj2 zE`Y3pj2eD#mOe48*P6;XI)QBp&BF0?PJ`T3F25)ENJ(kb={=~8tU6M}Ur5gMa0(-3!y)oB z38P{K!s0AAz-3_4P^Z0KaW6)xOWs;OaH9u+Bk}#`@|k1gUET$i1p4QVVtX_7c3>-} z+K^je!PmWCl!S=r(<~4BF6grb!3~`*5`gw6>IkN-D1mWDNnDEVl!1#gkK$_nC&v#m z1aa+Jee*p^g?Db}(y_xz&6O@YyWi!O!$|>99Su*tidb1h0T70XthVssEKr#$io6fj ziDh#Koy1*Y@TlP}Y|+1hAHK$>C`ZAOdHDNH$W05 zcPr7nWuMd$Bb>NQ0nBA+ipCcQ2VF!>>&-Tobu~#c^@sIx{Yq$HVVu?23Q_Q@h5t2r zc=opJ(D3!Z!;{suDa-yeMS;^#R$FntTiYTf_~MAuuL9f^;yR(Oru1UAZNo#r{(pBs#&Y08TX7f<1gECLiwkK$&;l+?y2pB29lMJ#J2NdS6 zUv#SRWPeAAxlvRy8EY&N?l`BZUKC1A{tFu*0Dulc{axRlga=v&!=4@Wv+;>Y2#N1p z{Y-$b4-;0o+j@oo0LT+~UZ>X$*gXg7*p0Vb5;Zlw5_7nFV=ei$zY+niA$u%ve*|zUh zoDIFAG~He1GK$dv#yXZXub|354|JD2jyqXe4o{67HWJLGr+!9s!rl9mmdEeu$*|qc z%iJxh8oDZj8Db4;{B33WJG7{|9{0$ zlp`?!VA?b{kDq59&)GcYk4c}|WnfH^f=T`;^Me|=&Ti>a1XAhA9!#USRKaGYNU z14|fRi{W(dJ;8v$mQvje_*GJXg`dwP1bUM*m&>ON_`i#rF(3`axjSx$uZMnqx+F)~ zXUMk<;m>zRW-13Q=YQVMSAw3u)F3p^uhUO!36_@AD{2d!xyk%qFiJ`QW$Z`+FK5ls zEpbURMaq?_tMpw1~eG(dukr?Hu+oG|f30Ql_S16DT%=LGG18%6}C9FAKo>=d7=_d0|Vp(cWbAFQWG*JqMw`zJ81csX|$s>3L== zPS3j5cUgo}O20kn(pnTuOtC3243%e=dYVloBq6NO9-fb12_towF2=VQzDSi}Sx@vc zPzie{XwD1s(R>5v0*=a)bF)D2{~SX zC@eO##0n5;qn`U+JbOKmpcm)9+)0&N5$%B@M)@T>3LQsunRABZ;nKFFzY6h-kHH}| ziuL!ffnJ@Q6~?V1KSpoXeyjEXP5X$-lDU1DT#<^)0LM{#+A#mRToPLU^#zA4=2hNd zqCHU>T7JR$zt|#7;4AklcjmH|LwZcw|F^8;zw{xWM63qE1-cVv^`Eg`YrC*hll+wJ ze*{Q``x&^m{KHh5ItIexzSJm^=(taU%{TL#^GXNl*e|MPzd z70%z#Vm1=+{~Nw9K-DYX#h2A(W)6Va<08Crfe%S!z=v$yqC*|sPsv0w|R zJtbH1&)wBt z9PRh7triqpluR-XZ`iO^6n;Ik{r!Ud{jdUZ_8cF;LCGfl#>-CF^~gY_sE{1Ss<~3E z(`mtvW(fU~Nc3AUQ7eU8HSe)L+X z>1;ho*mqVSC(}}Kc(L36vuCEE%TGPLOd5_oj6En>>OTdyxvM$LG&}Tx6mmG%RV0zn zb{_Ah^v80p&#-dE6U!d*6)R?gq!s59v!VHDl4Pj$)8`4J(^ZZvE~B_%-yQ{6eh=-N zJ%Y1XRSH*mzkHPbbhNR-IOFUPg2}6Njy4&!cYI0FfvwtVa}A~Vd_B&Uf8X-q#^+5A zHY-4mf`v+^k>?r$2Msz!_o|MaOl5b72Qg|G|eq4_cOJ9(DCm zR%X$sPQ`?x;QvakqU>_ru9fhJ{@PRGLV&b!Iwd{uGVtZiz~G+_G7~c+#F9%NB0N7E zTRhg9`i^0dQen}wi4Ny8M3SSUUru(Z^?_`N4Vq~pem|U{nLO2AVvY-BRYG7ktc6K8 zB!N}B)lCt02anY$2G4G$r;PlFO!z-;OL6S5r6-%#tX0Wc9AUMbTgeN#>~eh<_=3eP zhTY0a#u~=?Ae^xS9LUF~$902MU0oYAmLR=PXy0bTp%6GIjU{Y$TXUpR+o_@*iR|7E zFCiHT{5Z{X@+Thc)_Gcjk;A_RXTZK+{e# zr(_s-8@@a>wc+{AsC);G$SalG!@o&jeU!8jZRCfrJ58iK11!Pk??v`4S%+UfN-{4& zYsv!>^JpbOvo;op89zOJ3ihLOHin%4MYYh%B(!8TdA=<4guBENI=_lkzR|VmYeI$7 z?-fVyZD0+>Dylu+ght^0$%o4O0uUbR`$e|E2Ys5bQ89>Kj2QK__4g=O==(p8$AK7D zOPADAmdPB=Wa6JSs%;*zza?{(V}&YK^xLlB42rtsd>7pd{@dC4XeCxcIqL;Kc(mj! zs9tP7zS}pz3baOD#-x~I?a_X4KWy+O;eP|{GL6*YzF6TUFb0!n-YfDBAf(i?K(S=@ z8<_&)$v^n1&A!fWJo_EJkx?QB)ROei(+`-qq;#)JMS*>yf%HgD+k0Fen_Yhdu-eiB zNQ=7Vnn@o|tRp=AEh#zamzxZ_kyo)XTfpa-Y>bNTmrLQC&I-+%Gc@OljT*mapKhAF zo;D{`!#AvTC$wUaKPb@%)QjfFc$C`xF=zxlG_s}QBV++Dh{Apg&O z|N2a&`{$FD6RnIkne#Jvjff13#d{rFsdyqK!!zS-C)R;|B$Pk>$`OL?`g-YwWui3M zC-$+5b~t5M{WGza6+ec*h^V}nSuXddh*f(G*GsEJzLZLGI1O>9Lz;lmy&X$D=-DFo zb4{L=)eaETW`8?MIL`eKQXp!s4ybDKR>ms89tyh6Oe znWHq&inpsN+lhxmEl$bHK%$&Ow7bd50hF>;L>zm7=UCKPbF}#W5)+6ouvtQx1)4a#-zz^(_}hj2^Q* z&R?KP5e#tRN*zZcyxO3HzQ+FMrjc)xU+@udw%adF-taLs#@#QPk1ea>p26g+$*Ex+ z0wvSV)yq3V2r9#ey*EfRs!jb{TPHb7+hoLCt?WxwO=kKX2^~8b-^$VoM!l(hvvamQ#a~A0uBFvAb{4<`ILit8QxwWzI)F@nqj_zkU zH5z8Y1_$>Jo5gx{_64nqY$DFAAXLsE+NzDpJP;KQ<=RW#<))`jxk}vNF&3V1Pm8WtqzjT>bh}=TArXerW-^7Kgx9JoR zTAJg$j>ZC0tb{btL@SR*D8q)f%c=N9D#nP$8UnixBaL2%LDS&ub6pE{{}rNcpvU$7 z)=TI-C>NO8eSa|8VBog01lj?8BzNE70kdm-FULC!H6FU3`MW`x-LIPlP8tvYrK9lD zzuyZ#H@q%ZvS5<{m{@8iS%!v;+=I)hZeJ2LcgnffD-_#$y(t_G$nrU?^OTAFG0RSb zRPho@klna4024IL`(JT8rK>aOg)EQoQqn%gvny~F+kO2gUR7}xb-xhG?5Z-$;z&B_ zi&b8J3vR>5?sbIpo>^`|RXkm*nnNsV4i%=nH>4~@_by24T zx9VG{Wr+^hy(vzhOys+daRKL1jpH@UIO$kv#==;YhH&3#Yr~(?zyRI0+O>7n?Lq8- zAb$F)RBB+dm25A&M(;SQbU@LUWcKuHARfnW!=ZW~Mfj=8?3ltJRD~y9OGkV|arIH) zuOxBkKc9?yzBwh=ku<2R=A~k>0?T%;_df;ZBm3UDHBCX0#OHPj`HBI*?66ZCMR7)W$68vpk*+EBkyZ!dxr_P zjwkHDva&M3Lo+md7%Kzeh43;f8b{_p>mkt2nzep6~Ks zF7cIm{9MxzxA#ne!9y(urS7YUyQU+9?tj0g8O}ue@ zXLeiNuwE&0wySURE3cE^6zNF_x7wc^Yo{J`ph)-HLh#0J8aeTYOD}8(c<0_+qYkR` z(ktT~?_1LVo*{?vgv@`UvZ^25n-SN4XS%0A5J_Vm1*wn5$Y5h?Y4}KU&4pY)@f-vm z_q2U)MI!wwHuiNZ$kvR{P_FWC3h>DID@kA`bh8yz71P^)Sn>p4b`8mSr0~- z7IGS+!!_zFT4XFE?*0PWwdlN-Ce&Qq8Zj7luw z=}sS`!mlKCz(Xg{R5!3w82ttGx%BJ@wDPCEH@jt&eoq&Edb|c4A1CHuIilJT5s(@Y} znh$%dv8sEc0xnhPXOS{z^Y>9dodycq|9+`1?4J!kp#giHD!?<-Xpfp;%GZBAF1umU z?XAVI^pJ%i7WZpo+@)Kd1Z-FDeSkm;sDQ|5TknR}NdsNB0w1;h8%n%~Mt@iD_j<`wIP3?HbnjXQfqPN?Dew z`nYPzUkP*s6(q(AKBYHKRu8#fGbYuQ)$ggeFL&luby30nrm>3^Wh=+v!X$+K{y|<) z^ng}U;2$Pw;~uY-=d0)I=SXUe!<>wOIEm1{w!UmKp!vlx$g6W zy8K9S>2JX-0EoBOhgA-s8kwNCIaA`#5l!>?H7GN!hi5c%6>|ChqR3X~-H&Pi^W$p$ zPWv{{yt1%3@3~ZSJbsUUC^gTifCL@ZH`NpaHlLV1!=~;6DtL{Se>aF_=-w^*~ zyay)I9nJrIm|*|C3+{M^hOK@$D<`J}s&hq;ETpa=j8;y0>pT7D%Yb$z)^fErj}o3u zqzE~wGdN4)%CP~K@H^6cg#qOlCyP-RCqMu5$18T-inqS5ZkO|}KJ}m41B9uLQsxih zlWXB^fDcstC_iPZ3!R&wG=JrI#d&ev1bb%1xV%0kGmSfR6siaZ#F8Z(Tu^3Ls~{U6 zC)Wa6ltziOZEi9j9)KluG9#9ryI!4eMV* zj$kv_(p-x#vs84b@%yU-jA=S z5{pFMbi1ky2N4(S{J2=~^dvd0llv`zL^9x7!_F<_`@a1cZ96b8YeO`$VFdblEaL)W zmk##|*MUb}5?(@18cu*&=n+TNA}#o8PM8tKbWwYK^)IV8X5k?87LGx4nh6p7t#WZd zpiJtqTQaaDoMXhrW-Ah4SS4tSuii*Ec-bwPBbl?l7I(v51fqM1ll!(+45UCt*!QW& ze7ZzV*7aINi;5}!;xd4@6C8EQCeLoM*El4aeN}yAL={dCSalf_YIMSrl z{QESyjatP@@7NNhn+l4r648kO$0eM-P~FNDh&hzV za9i$nl<;E+zmh)DK5>Any+u>AN?84|o+;PzCr7l_DvPuI{mm^~1Afyv=&AL4{q{Xg znvJH&SKQw}hb`;b%svdfpP-+g9f=X@GDagOR?j~A{Sg|y(S6Bhi3y08+7Z`l8RXmCwxg+$z@%RP0b zz>c`If9n3U0%D7A+~)#0Ku7mwr^>>g8wv1m6}Wj+W1-cZoo+TR*4B9e;#GkviLGdR zAd7LIi`%l+l(x}qj!%kczGEGaQ__!6zu;<%&(&$$if=qI!wq$|uEgI2B{}oKMXPD6 zF)h9rg%WhOHwEq77q*%M8|cwr+)*V&Q75DyP`^@TgW&Gu$bp{qQn znV2)BV%#1|V4f^Ncc>qV`8&3yR&M5Ls}3caf4ykN_&c_8(vVH}$tg6`!`PdKjjuP{ z!o1g;mlv&QO^!-TE4_KZv=}MvK{N@dl3FeaR=R^AFP@IovZg55(sJdZil5&ohfZd; z27=+?QLWTL5; zgvUOLRw}&1^U-EC68eZP$V`t%@X=bwGEZT-D|TJ6?c;w~A>=S9k`v+9CfhyTjNH_w z_bZ4MOifMw$u$*11IX0sK?v3ubReF+jncGKZ9>b1?6(g}4p%3s2Z7_|B7p^8zY=Fd zWk&3nJ;W6sPs8zG{(=osFHWb%uC#M=!`AsQMrwQ*OJ<-XAG}MN4TOsou^|}EOD`xe zdqqM>o~2YvP5VWDKx^GzTwENVFmpwM&s>eIrofV{t59>)zki{25gi>(XY()kT9HUS zy%VczUoi&ps$4?-7X476eINuokyX5G4yII2NVNp>BDGH1z8=TbMowvyr`zQmpV2*Y%qu88GU2u60E z7Mt(B(F_fFyU&VkvpkM|xR*>2#Mhh@cEH5|o6)TLY>qrAJ!s}cxaH0YEg>p{!=uI} zbA_Uvdwu&zw?fNe_jvNGK}p=H`276(Qitq}yPE^XP}dN{@uq>aKrH|fWx9YU!29_y zbGO&eQAa~xgcEALEOQlk;&=!a9XhKNYe%I}sG_5`Q2`D*XpJ;agBI>nL)z2r5SR+H z(L-GdJ!0=q_U2L-FD%%x6ObS=+|(Rn3}FH-iwPUZAYfB;TUt{?)N(FQ1X0i78rfMf zEB>cKj-g_*N8=^P0nm%vVz{dYbdjdwK?~`}v3t>phNSjVkEX_H)sUbXc6Cmuf1qqC zn**WC>i@uVTJU4|l#Lhurcj=?Zn=@@i2G?D_7|+1_7kj=Aty)o8k%W(vaxd?twu{- z#@4ORu$Z#bMQufEB^BnyrhYxV;!bp@LEfFc%zeQR-tI) zo}3xW4G@vYUx*jMBZsG)iS|HG=gt-js+{0N0?>UA5OturpkLj^8s1+`^`KenJ>gtLGw zz`d5Pr$rWdzsI$r9k$e#&ab{&R#M-jjN3hCTec3@zi)kn8@;6Ppnz&T#@_lLqt0*l zOP1nC?qBauiA`nc3ult7P~E0=F7nBo4)qg3M3L787+$1t?lfH#v++x0J=$1my;dL6 z0Vl3%#yH(f05D<^7x9^V?rb$JuO`f|(__|5OZCsj`S-2l7aep-ArxNhPuV|U0pWo{ zK93@_5bQc-+?SjUZ8xc_5i(!z$Bvwb+hYeE@HyLhh!UM$M?cg+p*ebk7p4{?CduaKuD z{DgMdeiuMlZJzw}{A|?j7Ea&_z8)WviLZJLV&&=G%$I)V~QF3`r53*$gXGk?_$4baSUX;6D!KoKn9G%}56rX`0^7Q^nPLkQ6OX&^l3C;# z!r2S}=G~yrZ7t3+bMMc$CWXtSZMAP1i{HWIF8Kuf?B0gJd`fjV-Z%(X0|WF_dXD)~ zng@v|!0jFkb?MvVCIU{?61!ANPhx{cDZSJTU#Z%Ke$I$Re*E8-q#&^$wRLszV3T)D zObl(d2(4}&J1wIg-4FBJDSX1St3z-UkC_QwHm_6Q1LY+DySf9BPXKc1!G)i{EY&{pP72v zF;B@m@Oilb>i8$nx-d?XKZxJ2LJ&S`@GPdw;O! z%tczUnr~qJ22BTDsq;pCKP3TfHCoKtJPSOU$o9|{;h_X^CT3b6Hb+yYjEWG;#m z*+;(LKR#nWp`9u?@nek_Y9U}p|8)1WxBitkEx~@TgnG0PF$%4c6I$%O&aC}S6>V6< zuuv7&Wa3c1mR7)PH`7 z=kdRE|NK1j|5yguj?kk|pg2|f`QDvcT~$|TF(2RQ-i%RL1BaYGB2UwK?eMO<{r5As zU*5oEdp~!05R2ZH=782jh$fXUqD9Ph{n!P!{!2)+gJ>(4*nLOJ*0!Xzm^_R(_TKDd z;Zjy3SvAMwsSO2(J>Z&CT&G!vBUDg(6mJRi#KdtS)p3JUF>n+WFm$AB&ElguJ^D{F< zH>9=(p;a580GL^J?zlW1qa5@Htu&3i5pZ#f5#qK$!oqcbHbE}p>%lWwx;CcBdmNpuA1Nu+#I&NKF!){G~caMj} zXp@!bqc3c@Pxf!AQ23BT-j?D~FWDruiN2qLQqC+KQH+C#3$_X#2~761(xW_!oi4=J$GJ%l0i2t1_2H@-kfhN8e1a_KR??a3VQ8YX9YOQRC4kR zXP0LOu*G_qeU;*Me=+<|tAsvRo{L&Y7~6JLo%Wac6mxuhi1=|~X!vuAGK&r9$zH=5 z3~G@RmjBGD0v0YTua<+^W4Tpta+eJDs9aXgq^`37)p^2Bo16XPhAX_G(2h4{RA5*( zx8FDM&OmvJm^^aLPY#Y2jx%qye+fFpy4czk;?$JJcE57_n*E(yXeJy| z5)|%JZV-mb%j|W{TdGIMH1Oi9=g@-s*#X_y=6f5TZ03P zAcp(k#)11MFkfL?*U8sHNc$*Il5CC~XLIZ7kv4yI)m+Yp*X&Yqafr~}-nn+2`KXPUkkC*suE#{7%?^K1!?e(I&D~)*`?{G+Js$hqQ^vm?o$l93r(ZAN13BRB z;6JdL@`oA!w?v!G{)2-9AMWknEwO8Ec&AYc6@p88U!TkX|sf7Wn<^_zFfm` zrh*CR3&`tqIUHN802&mHE$ETMG8<&+>uaZFW+PeExw_uSK2gmb8A!e}3dSYy{#k`| zb26^d{D@@8>)~iP`w{f_uc)<|=XBv^1uA+c(!BtvwB-D*{|7`ljv|L=UIQeHI>Qv9@s6ywehud+0Rn}13D^^(^$iatAU798vxtg3hyl?)ziu(xhtuq@!7Mq6Yn$j zFHbeMwK8GpDsm-SlL;{y8Hu@lVGfUdn!S_6GPZv6u&O(8!mPsnJG3D`M&e~w`_@vf z+Nr7daA2dMhUdfmH1S>=LtLo|-mU1Eewf01G8Wq)Q~LBbtNV|3_D~VwTL|`XTwS*l ztIgf4)~!4NHY0=ghhteNiWRrw(8~e7^?B4kzcGWqH87FN<8hx(o{yvE-e ztU5TvkZGU;sFopqK!Zag=$VnnS+ThHaQ~S_qF(IsFLBnte0vf~RhW2c&e?s|JQm6{ zN)v8x(1?$ZuN^x_-8%9D02bbY`d8XafScXV zXrML!2QqX2YTjLnhp&CrcTxpHwOug`e!n;8lfHgG4*^O@t9p*DSBB2CEd2OVGuflx zsJVe;-Grm+3#s^6;kZ~0auvoBc8M&E#lYr67yR+zDx$`M`Qw9(rNK7oq5lm&Cu70x2fH*DGmNv{DxWyaQuPboWR1r z!44=-@2Aslf$}TN15N>D!Fh|O_@6L4ZDzP}&)wsSf-Z!xePmZClsT_T^5K{f`BLUW` zMSwN;4oJaQg+D&$j9cKJwPx$&f4z4=m5UDUbOQB*4rDj=_+v3RIF|qFLXrjd|Ge8y zcYysRO)j=DU|tWlmLiPZfUooB*zIQ^Q?V%s8hu6b2l@s`2}!*lZf-yN#6}piyP;AZ z2j7UUH^CY@ls%<7CDPN;hy+ZEm;Es zf=WJi{bV?ulEMXOk@5s)=0<+Jl3Lpo44JhcvNEX6vrl@v8D$QPhA1!vbH7OdErHH4 zux0SuztNVOmSrvt;yEI+0?U{9IGhPG@~r$xv5&y0rrRSdcLJkZS4kAE=lm}nN+GX- zi0%V76Xu*#v|{f^Qr7H8`zYq9 zV)Y(gCTfDh6+vDs=FkJQ-1E$H%xsTC0!W9=l9W?(U&n+AP}?z|f-yR4Xo#0;oil#y zIa%ahASUU{d>TrQB>qWTlxEMjSU-QuU2jRli3pDgRp*nWDAMO!gpnTDdI5k3~Pi$Z~v0-ykD za2gb9K)`|}{Hk2uBaoIUUoxij=`el6l(%?1&mj$06%pn9d{Z^T-beu?mM~JnsA_*2 z03CO~vVfHY;mWORUzH)yS@#D~jY7A7p1*|+Zw99G_0iEbXd5)k0(d{}daTOjjQ}u; zf0BWAv^eC!DivAoKj$v`YopH!5OA~OnFJQNH2tYibH7#A3!Da>Z{y^@0-w6yvb$f7 zK^H#`aw`r_9^C=AYJ)|=z1EqE-{qx63J@e@lL5lMTYA#NL@puAJ26`5G_sS%@k7}o z9Oc5_9Xv@Cmy*0a6W(ZaO^NAmBLQM23OJEMV2rPHbUxbuC{CwnMn%F=yPVamj9C~L z$Y|&j$oH~H8%XjMei;bdG=;oNdVbuyEqv42(|33E4nKTayp$g%ao4$qdPG3U45{`y zg{Z>zqG+#Y+dGY1D=XiR&#t?&_jRK}tg_l>j#EeVyjstsrH z_!^YjzXi(<_~oKWG%a|$sA$dAd)daMmy#UZn-~@^GQT*Gnf*14Nb>E_+1&PKlvzF1 z(~govIai@aB6*bDy-%|nTgvJzi#U-{yJvjz3d^6ciWE8!rRN6!um3LjviffOT5-ko z7!{rBenAR~3TNj*8h|O&e6%!Xa|~7ZmKd$~@2zpe+DT`N|Cqj zpPY2d!6yVHtw7(YLK0U6++A$iJ}5pZS@^v)xL(d!s^wi>@WY(&yfrD5gf?Cx+J zqF@y_fn^>(#sfS64JKLJ8@xtrYzvbYAh-<=w{8V(&5nt1P-wCtryyR?7PfzBS8%8t z9G=oq=2oJDb-^i_Q?C4vpcPm-=p~VcpIT1ovP7mXCp0lMN2EvgRdy%`1&8|N;-WHl zr>$I;Z83=lqU*qzV*wOIMeIipSrqd+u+a49?|U8IHw&yKWW#piG_m>M+ktI znX0IzJ-ti9`kM0dffkmOs4>O@_PkgTcmDHSfFCD=b18_K+>Oh>fj;F{z0tqxmR-p=9A4_Z`sTA4#qDl$r6C_!j6a1DlSJ(Na|#`0nhB9m5(& z8bs8_r*Fs#=MYdq?RH7XMqc@ac7h;lkOClUH!MCuz!x zN1uL-a>=4cLgTf2-Xbk9=^oKsxWq8PCo>^uVjPTti`--sijUQoz)iSd>uyee{(v2x zcLVRlnHQDAjz0tgSL}7p`3=Hd5_pwMEF(L;Kp{*S8H3iv(m(rqWMy(f5@%NG(cZF; z>*j&C8KlrXYXnY;@z!G1W5{_Z?_5POVL6E(l8Q^F&0pWCyM+8f+(O;1ASpobkxc5y z9*Ux0rgvvt7l0xEeP~*Gu$<>z2t2C`G?D>zzYu{C5?@F6X|_S1WWb$JVar3{k|${K z73tV<^ItrACc8rL%GcboveWKQPheLB`aXjZa4+{`@OoiCmxxSQm~B_1)U{p5>FwPA zvgX4Rte0ZH?DX!VKVuxQ*f={Myzw=^q|HwyjyDoyAbc(^i&Of*lriWFg|9oNrW>3t86>PT+Jfr)nqKz~z#60DEA zHbj*l5yez#c+!N7-z{_yENd;0VW&XW+|Z~#%&8=$$|XY`JEz@+r*^2Pp4UG1_RWwU zeSR4D;oO;v_Rd3bnJBe}{Q~@$i|E;M-=029p+3kuI-ErCIkUsrwRl@kz08&WU^imE z&$fmEhi;uQxl5czbkP9)5qxR}SUzP7gxL-VrXW=L`rBSKJ(Z`yX#~tlhP5z#xraA5 z&V8W4Fd9mt1i{g{Ky-_0m2Q=PZdSY^=u6qjeN}yU5y)<71$C;%-x??)824`SHp-?Z z4WKfx6>^LGr5=VsYK3O3KqWmS+!{UNfNS ztxVWa4-zEu{#Rqp($1P;L6226*~Bc>3<= z@5h0=@Sr;XwUnxv30kV32Qwqh57R4TnTkJT8);VP>G0+vG#TXLg>b*7@1ZsUW%e864?^1-n;rN|71cdU^W^rWR^M3|?!N^~@{hD_3>QVDRUZbxa zy6=jF1N3`+he4638Nw)rqr%x_4eOy?zh_k+M8*yv`kALcv9AN$OA~{Lfz?;zgH18( zj6-RQP;nyT?OUcbKEM^NUcKRgemX`6vEQefkTyA^@)>|hy z8u>^DQTpWpgZtH5W;s>UHZL0|$ODBgTaqF~q&}l0HS>&ASS)5o7I^K^sf0mPX%uWm zFIADD#DJMhZBFDu2$17@Whb(UBY97fX%|4=L70ky2HCEa7gv!4pMhgic7z=R0&so z9_nZ3ey--43Z9*_fSA5_-i zGBW6vT3FmyG3PWsFYnZS%$b;)tTY3CCs-UH|K7ae;y9lMQp1p+ex1XS^QDYCdnfuM z5ZA32sR>=S#c&w}N#I8jywsvH&yRic5rRFejEtrve23`%OYdRv?ip!<$M3^8yqjDJ zO$kl#1o8d;y6x9>1VqpcJt~=}T}%ng|~0aujv#`@e;e z0+GzgoP#_KRHwnc6wbFl`FM6R9$)echi!0?;GqAINiFr@t9(i~>B6F(^}+xCu^-)U z|3^>JUN^w@RA@gEHuqM81C^0UB4@bV_pL@ax=i;zi$BwDXdyUG=l za>`CZ$4X1bDKQ?AQS+3J=QIG^bojSNc^UIL((O5>Xu?zNXwyLW5=B3#WNp$zD_!Ayfx&;+^BUz%6JPrZztGpA zQvr*Apg~YEDl-1aUw~*#Q4((sp<>E73ba}yDIXBPE3FK($g6a3Dw+a1@z-cS8u=OX znvnDAKqc+<;i96~RJf)5oc&>Kn=D|A1`I=v=m~g6a70E;$5qbmGj^XNuAFnj(&nqD z+Ox;;rGSmJLvi;En=P-cho}&x!|96Q8-$)@{j&8fPwF)sgSlLZO>a@epYKo2sXl&b z@v$_I@U?JYwJ$Dr`*;Nka_TVsw~@T0R00vyI{1=5W?{L;Yy4afJD9;uJm=}_rkLWOp$Am`dJCf0WCG9^Xhk_d=u4+{cbE{X4+Qo!Cb zH-<;gW4J%29dBRfWE3V&cwpjX!s=(^gK-$2&8-MdFDGqH{|#t%uW=;0kiSA#&TT7v z?PTUt<&8$Eb7>s7y`D84!7UXTR7FrlFdG&bWiD3A-u(JOq3LcQhRczm1Aqzjh+l}- z{G$=WDhSc?8rw&wp<_@Ye4D!ooB}=cw`}vX@v`X>I83d(wKV>d;7Xv)zjVjf&lx&j zZq=Y9=h7(QhJVMCKmJbm^nC)Gfr$Ea+u@#Z>^b9d7pu-F zsDVV|Q0u$*6sg=Vf&O27or8B~-L~dq+jc6pom5z{ZCjP3Vq0&Fs@S$|+qRR6&3?br z=iI)x$LJpWFW7snHTPU|{^s*28~=#S#$n|ZBNQTxLz8iSABdYJJ$pX&Ptr`-rwWZm znibm(s|?O43h%;#Bqd@;rPokDuS-UWYT+a_3Y$XkK+_u{K=FVwWAJoRiT&20K*m*a zi&M#V=Dne01n~o|9PDDUvZ|u49DtED@l1{O&~@^pHciaOV2#+G5>^*TMmgT8BCk%3NW2OctpbPd;yjo@Hj(Sk_|dP}pXa zmH~k;Nw#2~j1E{M8?Q5o5jYTtn>a!aL#i4I>pMWNi+6dWM2u?QID1f0yA}ly4ZH zW67Q%>0SV^g+RUlb=+zFg0ztPv8?`H3^(>q>~kG8(P^goyAmWewbX9}YxAp_e1_FJ#J ze8#oX=8-NFEUDmLC?Q)h44nJ z_jG$^jj#CKH|z9Z@y@pg5nuO0pM!2Z$hKcQlg(Ox ze{^QGc^>YfQx!M3zrJnz5Ym$QUT&mUfzKlNE!Z!Q7~V>nBKY7%)aj^e5P{{ZZLZ5L zoAg^`ZUh$7jd*#-RfNoU)&;gnH1hr+@JG z(I?ESvJ5Ty+jB|AOI@GnTBWKEF48*l)0(;rkfC_3fJ5Ox^W<`-RxUc`jeSAM5VfG2 zEZ|7ulh;hL4Pg@-l57w}7$r?;!wroo?VFN!{S8+HsEsJqM1R|t64fn%;{^q=#hyt* z2UrUt#iu-hPOP5_wR_3Mf)8~7{{1q{x;Q9Ni;al%Kp8N9RLTt##;AO0wGdm}vQW=> z&1227%Zk8wez})^@xM8a6$|Q3Dg3o=yp3q(WLa!m_Q=<5DJgAD!h1!Cw33TzQyJH7mA^S8$MkM`J)mN5{7)SPsJf= z=8PA0lCM_{hSk*he$7z_V8IHE!C+@j8W)!wWJu_=WcAKlD+cCa6cH_wj|tnRt2~w5 zD-uTlD4PJ0e+p~x!{8KH@hxOg)hKdQ<%@3|g8#A>1a9)8X4OH)9lsMqj1q{1js0ug zxc_SznL)g_VFvjMF)_xD;G1HTuYfqci8xsY*Wy}ifV z!ziEt5Nf>NhmHZzftRXE-|M-udF$o#X}cj~n*YvJb%302&>z3@62l~G`@esO9;JSe z-$V<`1Q(^!Ig^Ffi2FPg4c_wf$1swW{cFUgR$#nLKXV5Hh|^q=^emKs@T334PqfTF zgj9^SqIU2?fLM*n0O#z4W^MAtNqfnTR`Dz2_gT4(mq_@0o6UJvt=8rn7o9|6p637kMxg}YMFrwe%7LkUejOg=os zY`QnZhV8}xMZZ<-lMZo;&<-u(yx^||W5BxI-#1x6!Bmif*a9Fbr5#UAOzdrGk4sMM;5E)K+OJ(79)Z()9^L+8l=dNTefk%he z=Lr4F<8TAeSU`3C$R_l-*M8*-ES|700KEbje4R)PJWnNusfK>MTt02p+&6D~Oh>C5 z`0a=3tS57E>VFP3??Xlyv^uXwtB?LOoVIRyq?x6m|3TDEeGKS&E-lXTBx`#Zk!Oi( zQLE2%>$&^CV=O9o8PT|78le)n$ufL(~t-@nYSHX>EGIqewx_(?-sCaK}e#F zxmTqn=XF~5lNT@jc}g6U&XhZU>Sr|#6{7~EF6rDjor?%^0}Gz?~TCd6vq)7k{d}X z4P6rlM*Qu^kc1zVfEN$KZX=M>GF1#Ma~~7em4(A$YlP1F|Mm;~XX^z9 zw9G>!2Z@<6)0Ze&*{CdrBgRH4*2(}~b;$z|WtjX`#G*7$EI`DN%)Sav)Luu4$_3(; z5R|L4-f9o|wl&-CCfEAB8bgpl>Y05DnSJf+LBNOu%`$sD8G)czcvI3l+7YGr=CXMfH6 zy?K32{{>u)kp+iJx4xHRXMNlk8=NRkCB6;;gW+RL*~j=u7x>b&=YmBSN}t_p!u;Lv z?BTPMr=#cf3#mN#P0KX0pb)pfg{QAShvd>6keQjaUOuytp?lULEZuQ<2-mKOu&lgg z$750%cqGjp_(AXFv_rKclWh1cy2xQ@*!mm!t9fVTp|L{PU9Q}YF843O!)cQ)N^BUp$AblU>3Hbf~d9KO(g39;N&%4rfA&NlE|YLHwd7MfMu~i^@RIG610nzh2Ez%;m_mhjPA(!;Q1in z(_i&sr}(Sq9();eoTOsV91gr%x>b?Jsm*`I)#D@pbOn5c-3`>JDpJd$ltR6D$VNOq zWxa$`=GZ!(T0jZaFbLE13cWL^-;{2lua68ZxCH?gO#Y)*(~R6i@5G`96e=xLUECa$ zxj;b)#D2XfNArMNfZEU}QQEQo2hT_0tU%v>MD1e}CM5~D9*aTlYCM#zkb^y+;^znE z59kHv0xO<6binL82}nPtSiiLddHYo7?wSAbdJ5^?jr05PkG|7h;A0g2eEe*P`t-EC zz0LiDTL8E!!~#-seJ!^p(|EMtu_70uFp=Pn;Z8Y&X3~w{gq9ZhBK1c749Fl@QONYH z!_mCN#45>+EmTqj9XN{^x;Ly%Q>DS4wWXeWiMG8yii&^ zy-sKHy)k_b`V}?~GH%`tvkvBM-aVCk{mlOO;Tw05$@ipr!|ikAQXvtc-|lwU{Zjpf ztIa*Nxxi>E_;oQqE%X-6e;!NhQFcw@_c_M&L4IOpYDE-N!r9K2FJ>iL=eao#DKh6W6Do%BJK zPpm`=qeQ}0H!391cGPZ&!X$vFG*&N`zatuCdL=iCqg=gHZx{}D&P)?`W8^*QT~n1= zqNCfqPWEWD^hcpxX|XO%=}Smjxf_9t^mmE_ioS<5h?({}?c=ZzsBybBn_A=TrngAS z>1|Af*zBs3S?E~eVFdzkd1NQshG9aXzuXbU_dUpfvl!Qniaz`v1KHSQDhZhu%4qB- zcS(e_sKDlr6eRoc}4Z>9lh41bf?St&2x54I)!LqwiH>|*QWOss5oSJsn9W<7V zAoBLsk>rZo(-X9ll#ScF-^S#4?YT)rdB3g=LOnr5Q1I#S%pbYg2j1jJYVQsGZ>Hey z@F0v#e?;_WuW*ke$Sm>}bCCU-O|?hUFurk+C=1nRjx}%4s#qbqVKqYk{zs6mCiT-g`3#?3G1U(sBCfzA1-VQOY8E z6LR|=OH7LY5zH_yp=vW5QM?QX+=3104dQ@@Q|wgau zk9e^T(J)5&p;754KPWRblk}^@ggC#+eVy<4MALQzT?GCPzr8p8&J!uMr}=Qvv! z{znaWtRt=bXlQIO15TW@?4Wu_jzRrFbpI9OSV*sX>0o>F82ydlqr6NVqJ`TQ%4!sY3QhlWFRmn>^cf~SM0S>d{$A?#$w~`1URe_s_q~XGDON&yv1hC zTJy=f8!-RONFyko)~uMCW&(D9OzYDMe{*U(S_RaL+_bUt@UXD3#7^Om%Ye}uV64+d zP^D6=d1W?Wq^VO*PCzt3w4kJzIb~iG*aH<ixWoJdDUHvlX` zabKcZ<0&FrVfa-6r;j`fXVIzRgok1Pe>chCzJC-_tCgwFl`pQ5+(UWJL<6$e! zHV|An-)fs?8R@h>_oEe-xf*8>n&pv)Ed-rjf4vfiKIy6Je!Q7A@FMI(7EC!ns6+uY zzP44kb%K)`UA1fveI(_vhtwAx{{{;CZwG%EwLs=w20GuKf}Zp?(Wlll>t}T5D5Fkl ze5Fa?iT@k}iyEN?x~EW7gUVmM7+7oUN!#!Pbne^1@fxCG6_860f5N)py}+-&YIGm?&7yMp8`$@`k#_PEo$@!&#=P@ zBmM}u1nEhug`2b=YWZsXmCh$r0$Tx!zon9F!7)UC^l%+7EKs!Q=-5 zMIYKu4rw=PFY=$ic*hP8%tG&bCF6xV%qIw4#)4jt^M(ps#f;i3;KD$~lHLNt z$Ivgv6i;48IDWtpI2CB9EduugAR9@n9ep=z%QY5{Q^@Ts&Y3^2csK%o zV*fQx=jG+qW@PIh$NJVHk|s;imxihDFW^8ht4Nm z8eG39I8N5H`@Kb#UJ-V0%-Y(F(ATXpUfV#yOl-nvJd+0Ht%8|l)nD&rAr1_HDO8jh zw#)2gfNldG|X&>wbp zH#N;C#Pl=xpFF#zOD*kd1&Ko+?n{5~(+E;|@C^ zCCTdE6br|k$3vC13mH2UsK_Gf3l1vc{h35LxVXdd7_LRiTpCK+)E=luq&k`_D}4>fdb>F7CDhjvLn;!JysY7%=gDWBeHuTV*W9bl&rIAa!-Nx5UU27 z=X$Ul7OjxA;J2%NLrluo1w<69;R`Ix9Xi93Z#tI-t7F?^5J=dN4MiUlDk=uKm2>wT? zmq#CV@(8{Ow3^|?+l{FsY|?A^*t%tH6Rb07@k=LK9C~2zc=np*ZzC0a7}^c>&G4ge zGF$>_3#LNmjc#opS~3b&L%XUqgp#3{tNvIH)H;|-sd1_M+5IRmFT_k;VONu~Aj`M7 zl~fGD)Y>Ga=y;q3|K?A<#gfNuBB@SyLdd2=#yw=|TA|!9==vJRgn@6{UsmZ{A=25_ zQM=S*q~zu2wcv3A5KcNJqa?GIfaUce!uF*;<$NSLk>~&=Oy`Q`nF*-Y| z9Pi^6nvp`cnszgA!Y`KLS52OT7SU}8{V0%d%8W%oBpSLe)Dwgjd>8glcl0J=?qBzh z-SArn?@Lb2kgCPO2sq*%=TgVl0i1URKABq0LG#6MKkBNXo!SFoMN&rjrhd}yaPh2* zM09Hw*znGYW7WbWf1L>uDe}Et8i)5v)0i84^|nYcY=Rzk+Cfo5;~Z10!i68=8kz5t&{t~e z^zX<7mHc$S`1I_ALpE*p7y4)C<^D$?I%clcijvdb$SlRh!-257XUYJI^8_tL)TT8_ z+yf#Vi(v5V!$Z)2=6p%&AjtP_$7kad z-k!GzX*@RG_;lazY5>^tg+3D(XYbu)6anX6-it=|G1bGGYWyvR2gw(emOHE-px>L5 z*D`~KPMyz0F+}n^YifV$?zZoYMp(-Haa}YDeGyk3J-&53Gm6ZJF#2;jg8YSqtbo`u zgUBEkkV1~Myt`YeXY>8mRFXQ7g^EMdZtOu(R1wxg_7~-r-@*&PKX^%w;#;lz5}cDB zt;M%MOz&nxLTP#Hd36l5(NX*FK16Ufx08Q~WI21w>Gq&-Yq|9F^dPC&7djQM#m0`V z8-7=F^*DQ)A`;gEC15VJI~hML7eJkzJd(v^iEaW-jMjf6bAdmjKa{c_2lDk6L(G!- zFZS(D#RFK7$#)ZO>*f<-Qg)sYCs zRm0&Ukr9#FK1iS*sJUvt@X)3|Z@|IY-%~@tqCnMji7+hEC{9tB;S%I7gTx}VeBrE$ z5yW(U)f8tLls=~IhBYfM`{x8Oys`wsoP;G4X+goAgh@#WfvzH40Pri35E=#O%s0}7 zZIkTK02bKJvpI<|I9*h{LOJmMIz}Tq4p3S4-0u-ZT*TG8zlps&VjtaEOgNEir?W+c z{Ge#_MRwh(ClHj41t8pTfkx)gfL#gHx)W-%KU0h^XSu`^^o3i?| zEKG;eiRSD55P6HDThe9ZlNHi{wC0`RPPFe>n~d zgkLrJ^hl?q)6M>K@6rfhL=DfH_EA}Ujap+z!;&&Dx>dDJv9s2taTY}V@4T^zkKDYN zkDJDm(SGV$c#fZ>1G6MUbQLf4#}iUO7$oaxKR|Ue&AzeP+=lOTV&wfTb_S{%PqG4A_Qv)rSd+cDjz!rzzUvB- zh_)vyU0c={)q6DaH(1zh`4ZD#yR?Q*#vW1aKAiA(3g!Xug$g)ix&77($&f8-`X=Be)=V z4AqZgv*mZcEVS6ehY2%CN8NmH)|4-ZO5wLxtsA09BpiSk#C_3luQ9R<>RPR7gdxZ# zPnrl1;`f=B{D!K%`;xfh3wNSM?E54;7JpVEFcZ|?j`VMl6ChBKK%dIXFen_CtynuR z_6uCoRz-k(5&8YvAyX=snY@d~{NW_%wZ>RY%lqEda_<<^2|4G=A5bblSRcX}nQiC2 z4A+Ih6?mwD!M5XQ*H;q_lulzy%X2R@@mBX2$Y*4dyOX_9a}B7#uS@!)f+4;79~b?| zLT$gU1flc$|6oQHvRTOAv9oJqUbX)G`SYst>GS>`;laep^JpR+2sGC{z~n2Rg(dgj zV(QE_Z~NlEX=wMxB_XT~&Jh%qTy=keUMr?Ze#gg?F5G*5em*!DC{-zz>ak9Fz1nD% zffy-G5wleT4JB?W*ia@|*CJ{4`x11rwV** zRy=XGA%ne@YQG1)R%h^lsi|^dp4Xg?E|}ALfNZa={Vm~LYJAo5EsWauHoVzL);-bp z(tL%jH`j2k&C~W7y=_tfMiq)X=1YHwm`ioSBpRrL+HWVi?aQIcGMh^{eYk|{X)Z#W z$4Z`R5rH5zsbWLq{Xc$-r;khLN5R#Mn&l1%Hj+${dXs+>Z{ej{?yAJw4Mr zS*YJ=ij>udsYq5-5HI|>2F}T{5PQ7#y7Up|{9i2n0JKm|&=V>)pnNgrz1~q-@cgcq zwHSL#IWXWOHS5_Nc~N0q_41SXMT3~KVo1Y`ij;morZV@QW?6GZeS z7-0@ud(SuLySc<*6j73YB!&P>v!xq(YT}2gbMRg8Gfm#;&?=f~030sm6YAxya68l) z^H(9P%XP_O%s#PY6ki#EyXGGocI#Dobuj0i^VmpaD|42~;SaRE)$poWZok9#K`Qcs*TwBk*?N?o4 z<*JVna`N(mk1P4Wfu%obX*u+TB@l`84nF663#*pw%;G?MEQ_6$S}u<60@I!p44Ku` z?$4Mfq31YWn$JG?=|9on{MB8rYwHf(Hqio*cAkVk3cpeyONtxa@gdIWo)A*ZBV%fYhyNO82|6im$B!n;M8c;1FpIto!8SS&)K zdOrBci|c|*M=Y$bYWmbUtd^r1o2R}JscNnPC9a3%&{Q2gDNk|FL9esS6@7Lu<*U#gnO2GL8p6zBnKoAUB0m1`X zW*&GRdTy13Kyu^;#FBZhwmREeT7r)?c6#L(3P|}Yx4L|wS8BWuBUcRt4g75a^#&p? zfNpbwui<0%AP3s{pv;j!ehv=04fwU@Rn^4al4JKhlEpZ&63-Rs?rVy!B6#AJ!ZM$bYiS6oZR5UF7FHqP-d1diV}4mOzHr{Q0t8vs&<8 zNEgGgKyYptzX+vhx&6yiN=PJjq^GxaZ?w=N_D?Vl3_(BCPBbfoVel+fUS)?H76)9| zvXZ^Rhguul0XB#V^8kV7e6C7_H2QP+VKy$VG%{xa6Q`9XE?hVYN>AdPB$)|pZN7A2 zyDB+=LFyyx%Y8?3NZVG~Zs4Vyv-G<$o>HKq@s4__ShiH%8a_@h!pT~7k5JALz@jm_ zS{90vW;(}WNMsUa_y%5CJg3-xJUmfKQ0Z7k82{6a59R#uAJh@OEfVX;Mg@u#19TY%27f6DH%tmY1}Xd1|b+DA)$V)+K|5|DOj%< z(xTEQg1UAPdeL@QLx(_Z2lwb=WT>HrP=PXzf7AyD4u-coh95u}p-r&hqi>?1nJH~@=SJ|-!{7atPxkIcEI>v`-k*TTO+Xb*-orT+#(2lXI#gjRC* z_uO$T&7XZ&=ZW+^aK&*Xh}wpgBK)<@o}W{4BHdQ$nP zdCTj|r=wiIEf{h$wA+fn4FSBsl{~HfiPI<@MZse;KY8l7P5V zxiH;!-x8x`sO6IauDAW$~dfMD58te8L@ zOkUZECi@6)SlQu;mxoLAdUEpNV)CRdk%NRddpv^~y6bogHaw4|Sz~P23W#dkBC3?! zaUTkY0P)#74pfPmIlqWn@QdORNr2~qB7R#e z7Dg$$T3@xZpSgA}LIdOn*=#)&NwA9^_gx}Dfq`mv4S-#eE8(=Psl^+DL^}3Ql z0C?gc9vJidL?S=>ZXUEk-~d8I*y(R_7w~+(otgn%*(=Ra|`%y z{!%Kaq{7qm{CUxu7}WqR;HlAImZ5}S52$$79V34uRm0Ut!C z9V&XS*&isu2vUvoex8kKZGAaC#f?_{5sVM`O^XF*F`Yq^BK>r=S&U(xd3}2AjL{9e zY&_=Uv}SQT1qM-wfzJ|*sMDn0OnW|@VMeQ1SXi(i`2w48Sd*RPj_MJR(Qp_83jDbd9DABC;$20+? zhKG$JORPOSJgls&%*`J^p0=_x{|I8olLDwJy&7uvgArQ!tz#&hlfnowG$KDP{VsF9I=iJ2y7<_Pld@IUBne z%OY7Io>pylqkvFc5EZ=*rXK%9_&+Eziz7cXNMej5MZ&EoEms0A1GXVYyia5+eOrwi zL65?oZ!#Sq&gRU98|yEbP9t_~p=P@->ar~QCnI0!cYVzJ9FsbAZ7lu?g;5MuVfjqEd2lI>( zmY_b&_11r_>;I22e)|IRyx7oxRf6_&f}t*^WdgAlHcw2 z?N|O6B5HVrvok-DDu=_lfoKjKn2KRUTAbao5ftPI@5v8fyb|lP9E@A5jEtu==`+vr zdb;#`zxmtx!lSC4O6+-3J4`g_f*B+eX*BF{wIv{{%|dL3zFDe5HEK|rbkh)tdjeE4 zVA5+-WlYV7+G*aIPPWj|(J!5{0!o?mGh$7bF1Wqinyvf_Y}zVt@3%&WpK4ug1zrt| z(b`&C20jJWGBYxIKIk;0#Sz8hVMyb!)C-Ioc)0-abnTzdYUSl=*~Tf>pTwPdyg5LeBls{3bLU)L>Cx*kD^6 zVKg$SgR((pl4&EC|FQdk;zj!Ml~hNHC`))OBEO{U%pVMSnmS3vYFJ_+-yQ|YJ=1U) zSVMy4=sCnYtf$x5AiI*(O>c0KS@IZNQc^7+F9WS7){8GU$}?yB8tY%L+z5hMY) zBsMtgA_uPEhzn_5QLwrrjMHZUJcW5b7 z)dJJki!4!oA|13CE=bGsO-mT2%!a+)Gd3pjD&yUmVq~XB0;M8X_c&57Fhd(}ewY{s z;e%@+{EjTH`>EZ(E1SqDU0VJGbR70oJO`t>jy+#qc2tx<9Rl320{gE$w(HmPea3%5 zu-sAzX|(e9r1*cxTM>%mrhm@g3fGKAyIZ zNygx@r-W`G?A5E)X)#$1Jt7{L}A@o?233p`lTJZCmpS ztO|8|zw80sylA8{<;?o>@hPvU8r!#@!_x@CcU7I%LI?wa!vU9!oQn$<7 z%GOp@x16zhhU1~C?Yow&4D5*RJ40}m3aPv{7f{4N@-rcDeYy6g7QGSAtsHn8c)C(p zAEK>O5u1YgQ7DWtV|)dVNA+!}UYutM-4|n#gdtD)kg!BHmXU!Gj0dXTU-}#e0>2&K zfrZowcPZNQT!dmfbB~==V3ian9OcCut2IzQe?C)7(;QC}v;*Fvyn(*@T1m5cg%nMo z{onlbe}0SD2qc6hv$Q(=W`%ext;!SVMwIvx4Kk#wFxH>y3{k62Qd@Y z`2mAxnb3EO+8-CN@{ucRHOsYzVCeA#r(i<$Q?ew%d|(ku*rlN9dIUPQ7gJRW)WJ$s zG0}!&GIk@y^dpYqRU)XWG?;NV+>>a#E|NQhjz=#VzP}EGs+aBk{2r#BtlHc!Py1eq zhqIpdP7)2c4W&9-_ai{Lv;~5lQm1p<(65#_aqr{x%-ZhXopgD8|J9)wjF?7t(vJHV zV?1EhcWU(O-mp;2hkBT)tbM@K#Hls(78w;je~LRHj6Jps{g8!MCaE;MNV6gjUqU3x z*+t5Wox7$NU=^>`FLH`>22+qGCDh^uP@be$+L?_c$}JcM<5nsW?FB@D*QA?)qY^rK zOzP~IT1^L5v>0B}gprMQ8C9s}Le~?8cZ<-!D8WW)t#nwhx|UB`lVlo7)G8r%+L>04 zeCh`nFxVXG>~2SG`Y^S{gzwMa;1(nPL;e+q1to32)I>Uq2`w2zq~Q0SmA4}?3UU)U z3<{4luiV<6&kJ6ma@A0OT=xU)ykHB7 z(Z9nrr8#P*ZB9;1ZM6RUpj!@35dfM{~-W$719uz!C-d2BAQLI48p(hnH3X+=+ z3_(Yd`}8+8-c4wvn>~2`A}Vc&1sncMthm$xP27$==5fV}|L-6lTV>F+2qfG9!~o&% zSvNOMJGriCq(8u+$W`CVjG3h=0BTm#;EWY8$A%W})V z0}m|y6i)eqAUm1A*=APSRT&v}!n?Y&7j@7^+XI@PEce;S{!s6IxcbtQL6QA~8ptE> zQhnzJ{oh}f8*yO2|G5*yJTWXj0u_rpI)E;7?4S;2ggGsodSrw<<;3D=k~C!?ntDGX zTVJkn!eL^K6^;}L5`j+g2>H~ZLY^QB!w@wZc$q^8) z5kB)(9i6~L1-;vBQuF-WqIUlOBF|$eyU<2NPh2C~*R{5!nOO$kPrmmr1DJ`goLTo9 zwF&Lc(RjyoWBaLZ#)7^#G;gt|6Y?;Z7)mN#=DA9w$3WqM5BuUQfP*vbA_i~~yn;~- zXMeM!fs0!7dLjZ@PiHH>z(iS9(@?m;+fC6iXP$t(#*+asL-<26N08*n@EbRyn0@PG zIA?Y5*4EO>#pJV2*-L6HHt!y1_l(Cb`8CBGTnN~?krKiQ$Kl+Kw2kP> zHkR`M%P>iNo#MOddRSU#tFI6Fegmw)d!3b1DP(XPd1KpR5-HR^4E!i-0kdO2IywR> zSuV3Y>1yc@*$JFJU2Rh#Bgv7Qk7_dE+>S=Twp4_?cxanPVaP5^sS_miWf>W-LCCwS zj2zcc3;2C*G)h+W{@#Pd{IiBE_kmB+o_PfTp`{R(&-h$xMpfbrZJEgg**g{7Y176l2Sm|c_bv9iwj3+29|AKppR zLB<{6MKRc-Xzd?Uu$(r*NKbD}5RJ#74@z!9(}7qA&t$NniE7bsI*B;73L>+Bg6Pt* zlRF#`)tTq%d*WGEsvwzRu$U^h#g%&-4$|uI(+H2&no=h~=?&{r`jIBloFd zV;)=fiwUW2l0=7*>uR)$$RH0SSO@vnxkLUEj~=W%hWh*GE4~}wMg?v1#d66#{|v^d zGxE?jkg3hG6?dE4X6RKem?$8UTSCR$v1{Dw(V`|?E_6BVs<{vda%HQ1l#gc~>6xL? z6FXhazC;e;bS}O4wlo?@{HU0K{hlKf;ErR>UdcVFS;@h<)I8$Pe-L|(-aFq(I0~4h z&7GzsYQtOvDC|D|X3@y>dGVv_RHYX5zR6A8Pc+Fl*^qE4I)eT9?&>S=b(5^7&oKptF ztF2;>=mv*}l+`d5QF)|C`_4d@TmQuTsph*X6J?-KLg$kYg?^R{GzjD)>iY0jWB$|qm@AmyG(>3$EAz_*IK0D+ z^EuyzE$`r!%hh#(Wyqb@t2lV$B!~Al8^a={+BWqSIIbs5xupm!T3hgKbosnx{@UvN zxUqvM`FT90-+FspD1*)NyTO`;$Bb?hxVc&0gUQM0nHZMUHE<=}*|s1#1$SF8))k}G zSvX_-LHX0}MoVcfBx|Dv9Wn0Y&~7?;IXOeuN!D2~4*_H+lQqi&){pU$RdRB2Mh(&e zTn<|UGIWf3(-}N+0!KX@v}ock_2`@p$U8*62+e6LXcMKhtNsw{8~;K+%z`V7b75{o z0`E87J4(s~$@?6v6%A@=ZbFkbZ{y%_7NUQyuDS-~h8!1Iy(iD1*qL1LvIq`^tEOVH zU_kM+FS-2urT75*URBQ$+e6PC1S>*=8%o|p6doQ2tJf|pFRLeoFNSmABAC3K$lfcm z@|O7l=~@y-6AOaw7X@Gz%rpoQ^Y)Hedw4s%jhYu_e&Z2XdFua%HrLHU+=AR~jeUL> ze!4Cki-){UvAR%W(;e6a3xuF0DKKT%F%&(B>H=2|sx1`PBHk{r|D%Q?te9kIF=S%4 z#pmr;iP|IVjCxTGKi{rfNm`a~242>c%bgL;=>@_DmHK{BfbM-ViHw%j^7xz#pZcKX z*z1x^96{{uy+8T1h1S0`IazP;O8izqjMM$p$<;Fy^3y^glh-QQzPG;B<9wg*%I|vC z+Vx?rkq*G`9P+nbq+eiHq0+(E)&6L6Cu_qSCH(-JME;W^P?XM8I-Qs%ww;3#sQLh7q1N-4=C`PB^491MTU-SWc zDx1%h6@+F?ffr)Lz4PT&r-d_?mSQu9@^;`s@~)MjIpu%R^_Ed>MenvZ?ykYL#T|+i z_u}sE?ry=|o#Ix!xV98`*J3U1?iR?K{?B{QIQQOhN4_NAl8n9gT5CRY{-)Wp{&1Fq z;}vR3QvK!RIn$C)Q>+ds?=^d1py=tp?+fa2k|Oswre~R1TN2v_!~Yf9FX# z@l#khzJO84(i-D*cY|OrV{l{J_JN%*#8N`IyyfFP8k|_D9a+(YgnM9nNyyKE$cA^5 zPE8jgn42r*#KL9Shv^0TBD`El(G@!Bx48Ou+(<20Hh*xfeQ}?SXx1x$(}!`fo7!H|X`x<0cqtVIGpE4gy`v z%oIYnVI0_wP+_nAa|{>qrcov#=?pmQ>cQdAyDa7>t%5dwH_sn2NHZrFMOJ?9WP1Ag z!dH}K519Q$QEu&^e>+;%{fTDU=(pYP8*6f}R~2v861&Z;RYCftSObsUK`X5L(xP{Y zaTbPAkX#(va!fR6tBikzKj8cHOx$msyt*B7O;1@xO;6Y=nXXTCfpj>Rc&@GnVNDvH z{8GQQcpU1!R;G9S7ScLKwN_5lMB!Rk^+RtU91A#@l;y_KAHsov=@nS+7pI^+%WU}6 zKmh%9(NE@bzg0jB#$_-b&*m9s<=G=ynpB1R?LVMH9vWe{&{n1p{Mxlp&}NTcvJMCt z#anmjayB0`k!MGk%zOfVQkzlkT-N`)C{8Cp{(T0OKko#ZG=<~zGh2KNOt|PmVcT?a zxSe#9Y3^9xhaD)aBTfHolsV)&pC$~)I`LREk{&Azrm=$X;T0z$-OyRqyK|&A`bsS2 zf6X!aKo^qcM`meiU2m_eVle<&1ijkd8H4up>q<(tK84(JRU?Nu6oy9IRevrOp2exp zn438a_gTr-p8Awo?Iw#J*#Y0ZL>eAEj2Dh7nN8(n@o9w{ zfV?O#@)WCE`~KuEV)s|Gbmtn$tER*FEms?yIhj!-BJB5uD)^`E{U7M%7x;~LY>aqx z1{^jsa+?Mzp?lYcDT=)8VO=c%UgQ+M=M*;KeZK~Y4SSsYaQ^vz2|i;h4Tab#gkEmk zMIKkJg|96H!4$xI``QFa%^@0PA_`}Qq5BX%Po9Oknz_&pc+atW6BEUPSX zFG&g(67{B7aML^?)!+p^sO#3%WHJD*Hkhn1j=|*yM(65gk>DSk33E+%)K_gIZX6Wg}FfU=z`Z zE+i|JXmMgk=Pg|1ueP_HcI2!eR(HY@%g-k>WhesGoS)jg?k;g<`L$)>jzi?DM* zlc~_1#P21y#u>JQ>q&${sE^(ww`&gkBD~I#Du)N`z;jz=g+U#Bkg0D)}Q(LL!en95VQSC+>2B+ykbVXZ@Hr4j-g`jHElG( z{)fQev{@r1U;cuv-xO)90NhgD?Q7~Z8PfJW>3yVGX-9m2O*Hq_6ibk!e`{0$%ryI^ zMqtAhhEIIS8F2`m4Vm6s=p5YOz!L|1rE{_HwDZ1z7HfQlCEL1@7D*9`oxR1prb#k1 z^mq~B1SvU7PMT7OKY({^V=<6H4nYk93DIa|k7ld}IXK|*g&%1jf_^@FfMo6pnsz&GB__#6H3*q)cA`bN0xs>8yV z7yX(zlpp5o;n$VjL8*FI<~&GehBv^&_4>CZV_<1{F;>~qVZj^iaxnrBGr3Y zZR^@ue)Ck94pW6vQ1*!2LyE*8g^n*fj`eMPBD>M3{A~6`KLUDS4}(pzk`deX3N}2nje_RqQ;R$4&SdRmOUYWm<>W6e?}N{{rTP_7P?)SUjQ`^&Jv?<6VF;h@JW4L-^TTpzk4~6I zUq=f5r9;>f>d))4qWF9FOgLrf>3Ki>=ZEvJ=jDICxI#=H7Bpp|++1Ff$R&=y2n0x3 zg@8J@eNa>sMHgsZzOWNC`vE{9jT<)i_}3q3>AU}(k2inV=Kf@fsfmP9L%!G4>=5NL z+?LaUiyu0p*CftB zVNP%U&;K^y*FEHNk)YKMMyZJEn}b!y$QXbNb$Jra50OOCHNtj<43A|7J}5u-TBy;X z3H;UEkB6%5)Zkt?Xxhy%t4bb_A6y&$Nd9FkMgdXq6C&|roV{koGVhlEO#as`$Wmd- zH`yXe_5+&h7-yr^AxDD_PbRp)63bO!Or;n_H5M|2UR#qE$ihg-OE7uul4eA6V=5jp z4s29N_n?}d)Ts(i5B-^>K|F(3NWt8buF~5fDqr2R!bsH?32L{_)u&F%OkRx~(eJc1 z8sDArgtb48(C*pD?onmLb1hp_ejI(+u1l)E#P2&2_9 z8RK5dt}PfYJb+X!ZLO_xrVP#iypuAipINNT)pDZ4 z@PA>`)F*{dp9P1%Wl?kmoUbiK)e9;JpsOc8o}agG8r9XMQs*YvH5FHK>WO{tdrD>J z;1H8gr~5WsQNa+pxd4f0C@3nbvM7&?jQGk)X6I?3G%w1Phi(lto@xYv{|4fWiCVc8 z2)gb-1OUShmyk)o+>T9#M@lMO>iy~}|4E+#z83o9_X_2Fh>v!@)&4iDVHZ+kO7yAL zNx*58b6V$mO9s8)TdSMSABY1`8IK>AdC z;Z80X%F{pr(H>^}C-ckCwun>pFuE&8MhC$0d4}{pz`j~x-VS@J*ocT8<6x9+QW*4i zfT_C|eh752F z$3@-{bKErDa6DUC1*$O&bLCr7EM+qqmJxtigC4_#xc5z%DcaKlzt(XxB|)~LMo4=m z+raF1UX(lH64hYBn4QnDfXtU-R^nbKeB|g!9Gh>rV4BNJP*w(X+!yIFk}LVpfK<4k zN`+|S%P>h;qnim4TS-nmPc`ON(EIOBh-yaFdCZnfWL*;{@+9}%SlEnneqZX)DkJqU zvOKt3)lws%y8}rR6i2sLE#99dy+6r|$b}Od1zdMh{JO_j_ZW)?F57F@+l=^DzG*%k z9uRu?(((ukzpT!@hZmnWi`?(JH@i~=_`nJgS`TTATiVgEeo%)sopx z-mru8wsLZEGVIi=ZV#1{5;XOOwMTGEm!@}_hFY@fuEIY5wbWE!E3Ml`zS+Ikv{GZl z@)7r2I4E20gXh&FBX#m$n(UAW{Uk5hLXMB+HYdtz1oyX4@(}Uj%CnUfjR-W=y8s_0 zGIw{d%VTgGmh^j$oUIU?^zd}@S~H2_fJ|Vn|E{HNk8bcCBdbSK3rmutEz*p6XnaVZ ze@@m*C}X=pK0T*GdE((SCJR6XTYAF|NAmqkvHE0DxwN{HoV-;}0(+63PI0BGRC?tg zk0cR>5KK6L9%^`Sknis|G{G}Ka*JwLDMM7J@^sq!2$H%{>R2svE%Mp{s{4(D1LT-)xQrU|B!)qq3O56ymX7*g>l!@>&3M&M=zdO@QQakH|8PQNPl7xE}gQOo!o~jVm@pt zY$%Usk%XIh1$pH{Vfe5Fnq-I~m^o)hKO^x;hsNOxo6*lAuX1#Q#*$#@GKdClQWMM1 z@an7Lcco<1H?7%DZuryVc#^0farXjG8ZS<*<1?D(_C8txSB3I#d!FN5R}CEbLsWRX z0qYa3gFM>83aJ~ZiUPzxf} zXDSUSYt__r9XbYwhTRWDRs}Z1H*!;oF|-2~Lw&cQnstNE(#SD5NxCT;66DjjyKFH!3&0@OxB^0xdfNYN@a_Qy$epkDeuTBXqeacRw2^?|(Sco20gOzaJL( zf1PU6{%-L7_wS&`i5`kYLKukOBLaAn1g3&=9Yihpx|L5#k_#E6_t|JNF22K+o833p zc)7WS-YNGyG04RP%dBijYL+!FzWHM^La>qr$E*DEIkO;DAWM%>?DzAl$HE?bTE?Zn z>D0*=%1MogeE9`A=nl%d!^b^AkzQV2e?^5jJjMOUN?h5l!n{7x{UV8!7~*}}bDp%V z5oHiNQWW8sZ)cw)N8f>j(f`Ai<@_bUG=>yapOFV-aQ%zMUz#r7Yqt1B|lJ=V@R|AcbIy#u>O{m7<^t86+OK*9mY$GD)2DhYpq>u!q z=uO>(MfeF+s-(gPs7U?h?r6$Q!|=qho8-v5uYB&F&+;zcS7>)YZT~c=dXc9WSgsxR zsi>V{_+Tk#==H>p$gJ8uPCs6i$T!v4NpN7`&a52CTL$2E1n(g$uW7;>c7|08N{Fd{ z>>Q&&HpFrUi$APTnV6&^kbr!g!KA%t&^qjCC#NBoB=oSdrU&c4j7z6vk}M|y`Aq+U z$tdV~LMwu^{k4HLa3|)}2S&jEf%%}KMVx$#s1VTpQiuFRd8X((E!TH@IO87Ig`f2u zFkuFgBS#$$#2#rPAaHeX$OC<&Zd#+4`5!R9K$I*x6XvAmv78)!E+7Jzk518SRwA734ekMwuC!&1a;urPnu zskUnPF@A_uCAmxqMe_4IdvT6O`Dj=Bpo!L;vXlv?YPeDpZd!raPx;F$`!K9(w+WT+ zbP^(H-=Y~y!jeOZ?a_9BB}J>kEa5craZ~Q4rkv+P_2TAZLWdVEgkpV_zRL+@lZBNn z78RNar%{&NN^y87tiCH=v_7AW-H`nVbKUU%mAEc3A#pV==zHcWidPNzxZ*q0R@GpmxJzDE}maB$_q~a#0r{128K}#DTYI$Dmdf~gt z1!bl9B>hIGU6Q^9tsWeNQEEz@Q=1SSGbn1n@*zxTD1KofdUl`T9~)1Xj&nUOca@G< z>Oloz8mMOlavpW}$3{iT>j99A{vKTRJ_#@l`m;XgdZOnrb};frv0GHvYoNqq`O<96g* z0;PnI;mWLQ9(nje6vhct-GvPaf98nBAPZLQMf6*-Y8skM`kYCmkw_lh)C&mT2))NM`gPJY#S1 z`Xn_BO5tY`VT;V-e^9k>M~IiPGhmb(??!_TL!GvXkYk4_n*KV9o|}D{77BgpCqaw4 zBLh{qhJA{zeT?_V`*}!Z8?q|*PC!ABFnEZmC+2KA{B~UNULK& zo{*FY_cH~JCpn7mLa@p-8isv=4eDd+Ot}QGW=T_$(6lS+=B?y2-$a8_W0cZc0fv`C z5h50nsmX7&x$paflX{dYK}Pk`X4Ky9@>c9|XdhB2!|esldIhMJuOFdrONl0d-}Gqh zY#DIUGpJHCmoT_0?XrMy>M)6Yi*@fvTN)!E;Nyw6$otcDoqjuERwh~^U4f5*Hs)Zz z|LY4cFZd$k(ya^C5<)MFlTt!W7w0OjSaJ@0&8YOR@41!;Dtw-dc&#yZTf5QQ ze1=39{jp`~C-C8Y^w9Hqf?n6_z2K@y1mola=?;sINEPE7*k>C~Fz5?qlPM65?YRi=Xnf|QnF5$=yP*y^3X zB1;bcrXPFxcAQDcO(iLw{N;;H|LteU1Pv6}c-b?sp=vxMmZYwt4VC4;d>ieFxw*L8qe!)G#qs zCSzmra;;|Q(eyN-T-B1%!rcrE>bbAimKCvC2V`Ys^6%i*v9Hu4gtCtvHeYX9BlTcmyfeXGhERO+(N!~WYv&NzHV!4f$L(2zLB$5bL^I|#t`CMta{)pq#L3=b65_{VqKhWR-lJMN*uRR# zS0XXrE-~0CFMs_4_sgG~c^YLtteWFy=d^L7v9y-0oNGzk2z|4h6W{JguehexNpIU5 zDYuu8sD_!?cH=SnR7lasZ!bUnRM#51&jg*O&J~Wz1=S2S3S4A|sOG2k_L4^^3T$Y! zNh>Ie7|25m;z*~fGd(&*)Y&GHsAxJHFw#H004Gk?uM;Rsa`P)0%$4Fn^6$l|Ct0YO;Iw2|b&QaK77Pc*`zhwmv0o!NvKDh~AgiW3@woGviW!tjg{Y2`|A zj(J_8gf7JnDa0)9bWwTHNZ%6y9WYc=I8=Z)7x{3vSJWk8Pp4PAqi9R&5}}NX1%8ZB znIP;bN%~t|VA_l^G#$Hnc9dwakxDzy1zlgu7Ps(4i5b2bcCM}p9Y1VoUoZt~Bg-jF ztn#RI2^Kbn+)(!XjXW8N?KFt1SUNWy1f5~)eV5{sf!|hWzGYcX zcr!-~w^C$?ciuAil962qK78aZ{vyXBZt8{liB_3CT>u=ViLqA?kdm)a zqt>|WjgT9`Dty?G!LpOmW$W%sOWLQgszBm3X))<)^JtOiLsdgP2*(MuEax9>< zD2L)MD_w`k@Wt`-ezM;mz=u6cj_>mF6OR`{lx`(@`FURfBxFPKr&LDtVL@!d=nY=CF?wSugul5>)NH|3$0iWWMsoMg= zFt_?(&LjEKw7x8&Vj-t6QJPg%Bjk{k`PE70yNddrBn_DS_G4c2KtK77AG*_7!J(IL zlzqBslQF3w)90gqjj(e+V$yrmXzN~upOXiGfV`ybn%8?k6IquVzaGok-nnaZ8=J0A zBtT`KE|rzR?-T(;1%WRMg#z9e3h9@(B9D+ng7e?**DVNUex`uG?l{-@`Q*0|@J(@N z6LjER0DQ>Fd;#yUy(6HmRYpD_rS1VAH{Y|!<{f|H6=HrB_1iwvwbw)W$DsGWp%Lu@ zzP*^Eq{g39fX4`A3;kFdmK|+(w1b{0HamP#xi%<#xA|+We8&Z*oIwYdCT9~4xA$2+ z5v@)?Wl6z~$JgPM-=8Bq*!3*+&}}!PuPBYe39{RCr)7`bq^Q56<#1#Ym{R=s5sTM7eh#qg5_ zeL3MBHtp_pR*mcuaf#e+`vbS%A~_XTj6qezS84;&kZ1n0+KD8pk7mHY0CPw((i7w% zD#tu_jVmD?Rrz0aFku6j!f2-6+r7`TyOd=bqoqP>5%MCZi5yr$#Ad;4^deV8AJ3jH zwN`~Ra9Y-s(a(L?)cw5rp(1;EUQ^4eUTuut=vMI&^y|@VbuU% zj9t_LjCJ(5^E0-(0RouAn;R4y6p|B{($L=d9|UrJT&N;3#btaF0t#ZS@EUxcEBYI? zpY~Mzv0Jk_CaohCg!Qc){+QeNVUMB5P?b9Ib#}-19<; zZ>fpu-LgVOOXTM4R8$RUV#hYE7ixNZZ~IN8eEqWfe>A}Szlu!$i)K8&b=BO+Dy)S( z{t0ye%|1y95&Q-(B^g~NzM(a@o4hb02=;U| zdbi^2qNWn(j@}}iQ3!CkGeJLZ3EILXp68IjAN?hecW_akJRceYr6h@`P9DNJTYZX= zO5GM_O0Z;llHi9FJt#gFj3NP6(K$owR8vKH?9u8t)qHc+%NJGYeAq>;4}2cbr!eev z>9kKdK(zR13aVnuv7b4J!V0AAlEXaCwM@o{y!J_ftXVz1EIT0k`arP$W>C4RGw7<$ z+bv>)P#C;$?Vx|%keajl47_!IXQ8G@D)75`QGVZ(*Y{Pcy0LkF!A-i2`|z#jX{gW_ z{D!GJQpEq~kSv6FV(Bw++pi3JrVk1IEktEA4wmxea{C0ya3ZeB02K}OYigXCGUdFy z9YST9*!NcBw|($F@NHA}r{}8^u9^9j=`(0^d)f*(m z7#X7-IjbgS0z}i`Yey}2gq0@kb4csS|A?%y?*W2=L;bkZ%UUQW_9U2ASp;r0`(`0w zs>4j>DFGw{fx(8uNEs5QnfC_SmAd8&ozye*(G$DR8bc7blSf?C5LEWaD7 zMceU3V$Tk-<6`YgxV{5QitV#3`K4j`<9oZT$a-P*hO2{Xe0|^nq0HJxFj2x8frqLS z@ies4EGhJ^^we@uL;`UG#xJ8vewu#rY)2o3NX00=lO4vgh>MVwrB5PsNxc_YTosG9 z!5;trKSCl5nro%s3N`Yl0b?FNN8|z_x0l31NH{d{ja&ccK4)6AF6dBLUd@`NYeRvk z%fx5+ohv;Tb;@upbQXi5K9R%U6`yKw13DwwbvPZUx7xtEAB|09@0Y%w=B6(nh%$-N> z1#4gtjl7iiiepk;D-b5mk+W*98uVfGtImwo!)0;3$pr;#_s9Qk}M~0V+lPq^Z^&ZAY@P(fAZ~` ze;Jb30_c3EDH8cufqwKJ;)2B!qQgE37iP}#g6FK}bibcr_|U|OBsa*y^rxl3iv(}J z*x|;+dqd6oXHe3AXBjC&0PKaK**}UYcDN#i0L#^9J=N)EBdv5;7gSKl2z`4|AA`)1 zpf>rV*`pfb*tN4msvlD<OIXBkMzH;Vg@w#Ys^!@hOZYl#^U zxcTv$a_WZ>Q)^AFzq*gBf0hpKCQX!}204P!bat@%plycnwGlh@RIO--%IoTE9ea*; zziX}S_cXLwEvBY_`IeE%8K}!egapfggUA5|jRQL!=&k%)gThnWQgdHbw^PI$_ZdGnG`#hT+Q<8 z?^nL*avQ|#0Rg12^P$3K@EM@AD9~I2!Y^n}aXan7CxLfE?n$uK^q3lCP*Q85WA0m9%Y@XKbiS6?YA;Wyy<@AuqcLAJN85qo=k z9k2I(h$-NO+nDP*?`vN4H(bP2d2ExD0`h=$s^qeHyZfY``-+t$B}L^R$PO<)G(=m^ ziT{xM>k5GPu_}6C#Y~;}^$UMNRYU98+82Qw^ZY1Vjd-nVCBt(GQyqpl1!Wl*EL#Jz zA$EZ_RH@7upA?xub42VfG*B{%{AEHiEYtsI`HEmDKm}S;L;P$qG|aNxM5rf!lhI;f zY`YKb#QmobRbK&z6&7fAmF6`ji%>(S)~3jJ=!7MNMl&z+qQo>|AR_KU0VA6BLyzH} zN#D7dFJBgca%0_00RL`Vp0np&{VJGhv@~7N*rco4Yi}$6qXfwsjdpRp zT3S+W@z!7rHgAQx=m1f?x!&>LOoBgFymD zdutlh>=@%?pbR6!&ZeZ88a(0hwk>0o2xYqpBiuw-F4HhF;|YNWL_JbY{F98w~3A~LcBOp8uKNX!W-o3Ibm%9MpscTG#Q zrnkWV1^(TM24N*M;ELRMz0`pO+oA0Sr1~GPJ4DtBik=tczJRb4ArZVo9uZOhlBzxK z1i-sS1E8k*QthYP1@-r4yX3ygq~@PP!s&3xbJHg(q(nsezwrKgt2M!5QfahU{xE|G z%vr*#QE_e!>BOT@05$5rB&bq&;1V`C1!gDL{INJ|SjVVj7sjDbXk8a}<;fqt$3-`6_+HGoSv$k-6?5`I{#}^-ArT=&7koh_ z9Vs2Rg~CQ9+}jYz$|duz_mE;Hen+rrTq}W3X6-tRDyDzyde^kq0-ui_5Wbr+`{vAW z*&KIFM^FQb78P{pBPJ$>9N_urpT2iR_DT@Xd|J(3*G*D~&c{h=s@6_bL1UUg(a zI;O0$Famk!LCr(8Nr5K$;VF zpn(ZF@vnJqw@-Ht9wji;bBvr+-4^0#?7Z-2i?~%4(j@*bNYDqpT-0bHn(28Z{k=TL zrcC(gr_VYJ((9bJ@{lB;S50>L->=}Sm-3ojn*Wr;vDVk6b{JZ;SL@X39UPrPm9+cc zXc#`faz5U7U-ef^+Tdr^Py~8Bj?p=NOpSq@+wHgeLiYn+j_IQRwE;c@->4i1Bkv1A z2lZT=1SmtB;4t9GD!ZWN(DoP|`D>rNNFqVd{>_I*mp^sF;A`uPK>c{Fp2s(eshLgS z#dF2wpYF$9iXI2?oh5sJt%jQy?CqojXVkKZW{n%rNTCyA+2(6Eu=`hmOyyezc-Ofx zU0kBxpwr`YnN04f9ej~g;D1m>l4R)rdhTr;c&`|eXI2OlK*4o z29-^hUO(u)T2{^=B}xXY`0_E5v1AUxQ(`G^Z}dDh>*a1uI^ubWUYj)Jy!)(ZCj)gq zoh!1$pv^mVn0H#!k)|tWM@rKO(a)<+cGsaJ1$%>KV_X@-$&#|5F^2?Gxv-&j8?-@I zRBfq_F6>!Tv0RK>f^0VH4vVVIIoXP7F|#ceYA;BFMUseIgF|K|Iot3PjPV|ma2CGJ zb`nMkEtv4ZoQ6i9q2v<_VgC!zP8SPZ5k>!rcsH?7I!{vlY3usAx#&3Rn5Bfx|0g^` zvW5zwRKpszaS|O@2m8^+-@lRCk_jBb!UBSV=~Gts@o1XsJiE~*X_K%_8+6Wnm?Xra zgxEjy$h{O?=Zzt_i(aqnnuj^$=BOmi4p${X(Lfl&-%qT`y(p>H?(T8HG3OtDNigE; zcn61=I|S^TGeXOg5ts*&)XsoM?eURTKR3d@IPj7H(I{Os#hLu=? zEpJ?Ikadqa_Z)*fSp+ilHMvS{FWAg%iK4HrZqoy0*}P$eO93uEB`Y@ZpM!{9aTHxa zl8ti!ZxHtm?N>3pYgb9FjJNNCeSoHsh|>u(@<`y$uD~60y+K0TryM zGN>ZCe41Gk_&R>mm+GgJze4z=YdA>36>3d@z)vO~Us!BpUT_@D;>&SdPYD8s9SBrZ zj^D&L@2ONcOXoPFP5{XGMlEtFA13W4~q`vSbEn_gi&rtL$27B>wUN8@J z{x5OwADaN*DmzJxJHS(5OMlO4!RlrFTtK(rZNjGGzWM#^O=-EJQoP9HnR@-Nk5*Zz zsBxeY<$8nsx4akWz_)~UF_a`Ntv!0cL*B24m)y!OX09Zomu=+|Hk_WIx7be0z=xcq z?w1o1@5{e*>kyCg4BI5X5Z65u@Q`G?PAU;jq(1z)u~mo^a^LPj6upWDZXp1z7E6Op z#*H_V^RN49_ZcC0A<)k6UoQ|3E3hcjtqQb|WxP!Y1MasLxrdZYB6COGvq>gkP1D9~ zGaOVn|GHj|KwZ$bVoQjRcN3s`SWC~@-1r&z`T!Zt0m_@Rtep*h6ik=Rr8m#JJ^uaU z{nr<<#%x)mf9*4#Yv~dO)kBe)<)=l<%F6D5MbZLfIUuJkr$kIf&mm^*ANa<9>|zSG zVU1^yiF(~XGY3#PtZ^0|B(XxM1042RRbo6$HD_;A&zwr{jaiJfN@S9D2TW7_!f}=% zZ~jDnZ&wKr zjtmBk>J<{lx@Bks@e{^dea}p#SRcrw z08KA&hfRU+qui{6f9L)lCBW25D3PPbz6yW3ZR&2}UeVQ{_Q3C`xCWOU(P@w@ZQa|pxY zfwD0s^nW-8?}37wm!(U8eG&rd_bo(_@TD;ely&-sH}aLC5p?{reZ7iI8)HfEERxmW zfjK*Rp<#59FKWjcN9xVDP@XdA9*Fu&E8ndq`2)kw!U7wS!~m-?<@q4AmF7ZcSSXkm zG3^gu<&YQ{c|3?yl54ca4y9q1Y|k4HK-pOBMe=h9{d@Qgb|t!aAuwLuAX&PV$9(GQ zH?^f8VBU|VzNEnX&Eee54WHfI2><%biyo!Sy-BWP)ERW4w}j$~UyU2gK9RYB9Qys z8It~F%fYV)Xnxz?@|Ym`X$d@o55)S(1jJ)XC`a_XPS=9t1yTK_*r4{Tr~jmvB8)B%i6@9P;+}Y08Wy7T)gjl7bV#N67))$HgDf$43%vNolz` z-Bg)ggHj>XH!?Lk=|LWF*^C!c~Y_o73tK_Ed^nN#T8#cO_78(L#~t|7bOwzf_`73t-Kc zrQ79%$L9NMN?D)~4ezf0^f_v*!6K3=d`L;Rh$`hcnZi~M=U(lTiyiw)IU2YiGMjei zKjdJS=d7{j_%@_xFQ>(vi)Oq_wUhvFTxB}!O43nR2n4XwGj zQ037WVFUh(^tbal^ShW06wWA;-#2%)vGDBV0>>h8p&#Ol-xitM-=bE+V(v-?*H__(>vt0q@Q&rb!P|O5W*8rDSz^)1lj8i74I8&u;0$SuZm=N zw|dTjlm&y*D27CIbjsS~v#eCsCGEvpz=hz7O0P#4HAO-M!RXG5}A11Svv{w0h zoOe*?oeg-5YW#ddNY(QCNXR;^P|=)Y^E_C3)e=)E5P%|E=%d8G2t$4oHjY(j{5((i z>m`G&N!s=DZ&)0mwc4=<9xdnlE)Z063L$8v(hJFyw)E)uKS%XEc-yiiX=!V-%@{S2 z+u{cKsmYzzK(_y?7=1)!(0YmEy88Nt#`@;=99z3e_;j^--2?mrkfw))1@%>fM2DlP zvF47BXy5CVl@${wb`%%79jBHxg34Da7jhLW`3#;E0kERj`@7^@MHb;#Wx} zrb<<4O~Uh)nUI1l60ZAS1Uyu1`;IdD>bW=)PD-lc0CAvM>jPnjK1`-rDmkug1MP@M zoLyQEl35wvgsYOKwWe4={&K+Ao6Mg;zditq1rh=K72JZh;>8|kfSB1RdIs5v%vjPN zMj4c^>>;X5h1ue!h`U;RZFW2{;i5%~_o7rHDiAS^>FE+%ii}_LLo8}xpc@&#D{T1R zbn%8IDW=->jegFWhsC1S*b^1#%Jf=i_!(RH+`SeV%lYPh=wQMDw+^Wl^CYIrWLZ&O zJ97Fj#R`;-%h2QGn07pHZn+!Dh@Ncq>iG;YEb^bVufE)>vWJRloK~5b!a1|8OmDca zWLpHQgZrUen^nT`1W&eo_rP;2<^3eRvhZUfeAi zNsHe^@xfPsl|6Ss4y@>EmJQWgM% zN(rblYa4gkcdHuxWp<`PhYvPu>}u-DnNfdQSvgu<#G9Z)!`!GJf8Wi})R_56lq^pN z&buX6q|06Iw&WV#lPIT{r%#vW6@c0=B|(^Ru5|godc^)?+pdVZ*rrHk+wxFxjL^!x z+A;e&&JapnEVsg#`NR=0$F$?cm8G=LX@i~XBhdn?aN|*B&xudk`M{OWh_u$IOicYJ4}NR%Ixk^SF^1BT6c*j4L7HwJii&ms&J4H=u3hRKhX^bKRo%e;V}Y&W4D z$oo{8*M<6R3eU`UMT5>_B_l$JL|ftOC)f{;tW0}bJTP*H>X;_Gp9jOIK1q=vn07n? z)olq%`0abRC7ZR2&9P;cZi&fh)NE!HURFd$Yp2BTI>jv7F)Fkdjrkp9Vg?<$-7ptpZ@pf#iJVfYm zQ@lq@3T6PnatvK0cX;!%9I~R4LVR3;EdEM<8eRh3cnh*>4$pwlan(oclxkdMbZBBO zT=;^^Y#6axPuDABtqU96Q)Puq`53eY3}%An-gfrLLF%)w)wOr}Bbp z6`Cb7;3Qb7%JXvoXq6@29eCu6{?Gl_kZ>S0CCocpcnVK~->2IL@BzREc#R$`Xe%7B zM8!zZT=TrYt;th;dntpclMk%Y|5lzp=A|qOYZ>PlN#T#a|?{eR>zj{-tNb6;GkgkoM4FurjfuJoace z$|pdP7pjN*Ml%A7=H<%+N&6ygl`7y#HhOu62iWNXF{7a;djYj%y{myN@##&v*YC|E z%hs9aI=q-T=-J{=dA>WQ>kYN>KB_-KZn$&WEAQhK4hiL@)1Y`Fg(WB8OEF?D3Nh5z z@ASFC8*XpvZfa>Mi4m=-lb2UeEdC>2+t$(2(a_M)+l%CE(lU9yLo?$>1|JMV{eM^h zz2(!_;%A1IY6#=Q)AAKL4B}iiF*Mm$MjT~uS;OwxXg25fAEbv+RqU1JyEpE@KBc1L ze81SY0&an4EP?lr9lgKqZ3pmWAd-?g;ABAgCf;9IGLLhuQpk!0sS*WL~McJs)iy0 zh&lN)B@sLeE^clvE@0P00yL0=w+GpguDINf$suUmVxUthe*pZV$b1|eK$U5{4jpq< zTKUWS#K}Xu!?vNJp@`X}rYM85%8_c)K$Pj@KuFm8GqJHsv@wZO6*{>Vf1T2%H(;VC2@-5}k}XziVW-gI3cM=X(dJWSvMU5S78 z47rMv2n9=B4y2(|ScN9vIv!?_@qW1n?RPM}+e9}E0{c!jf#6jwOn(TR=yOP|I*FLW zj;i?c&<`*eYc}&yX?CMQ1e0&dRunug8`0EDDuKmL>AOU5o}X2mvj)AcJ`EDEe*?R^ zzpUnvc?Ea{+~$1p{Q4MZOg2tpsv}a2L1G6*hlKhsv#!jFln)QR(Uer}GP>b6)fn~} zLarPxyTo`W4jeh~mDH>LRv=7ub@W6P!H$ZeI-jkvgwO{^s*J0gVHD%UrY(n&7hi#W zK!TJcZ_=`d!t%He-EXdVadr_QfcyxJq7$Vg6d!lAn>6(a5PBrrNrKUm{-!)ll1HkI zip10aP_pI#C5={4gWRa6b`Ryar-}50{#uWKUy}_B;oGZDnsGJ_Yxfd3q1p4k`$#&H9j7V7k_4wEghc<#q4~o;X3^8_|#sN2Zl9vrD%Q6$?SuAF9s*_PMKwBU;A z=DI7NPc%uai)s=Saa=Bch0iF!(5EyDl7y#`UX(MuMAvIP#{y%iepAUi52}li*tIB> z2seCh6ps$Pv+%dlo@e*g*hzoiAX#jK@jonJS4gxRv2N4Voco&Jhu&G97LUA=SDD9? zBO4kLtEg&kZ(IGfdRx=d8Uq_Biub6#H#6WiP?QMg;zWe^u_hu+Q zMQV2m$p1JUzdfSQCtW(ziPvOIZr;+c~BM>cQ?C(!h%1n8SHM0Ns-Q3Ik z>7Einp4j(t^k}L%OCIYE-(>f@kgvrjz)fkk?aSX2ax!S0of`ft^8r=f|@_kohN5GVE?rybHG8n!0T2(zp%PQ+R_8ghUf< zzP0r>z{3F)c?|@%pdMpomfj!}THl>iT|uNchv61O)FJz1PcC$H*;E4o^pv3n7e>Js zka&Z#`$wHLC~run$hU zI4r%`p9J~DMnw(Jp-Xfh1XBZD=l6JmN?bA0sCs$?;1MHMWNGxN9_^Z(ySS(eP|cNR zcY9vP7;ElcES$3n^25MwF!|!L%AL4svX2ob_ zGB0`-t|SB``%oc4(KK1ype(a_xKI=wiXX7{Slk3=1(t+sAPv>4UnBAwVQ#27BZ3@G zi-5vtbNd(e;e0*^&_EEDs#ghZaN(1ai$3Vj9>J3vcYEiFGjxPy)|6==P0v7~;7wo` z4eF-8?z$ezyZ?Raot~guyfdCCH3q$3{fO{>NLy#mGsHrVXE`2l!d7X=JE0K=f0QX` zCbjqJrS+l#8}w`1%9jtjT+r)%zDd*3)7>mvJDPOi5Mq}CDmyQvXiAP#29%`K@ecwz z)>V}25mt(Z4`+%fhxW)^lutZ&uAl|?FH4@%yj>Ue&uFyJ-yopAr=RL%@!NDs-$to9 zOzC2Dnu#E^M0|qW247{fX+1k1>!7mZje;=zqFSvbm`F5k=^QkEZek}Us-F}^@l)fg zxabDue-(|+IZPi*LT%O6yi%a&dWKwc_w~-&Oy4gyaVydth@TB?oa3osrB}Wfi|Wmw zAyylgq(rFj^YgQDQk}h9RfBT@&!3gZVdg{E^Bpx4g3iX6J>``A9Zq{-QRB$n9a%fwKnQt+=k@L_rjR5yv!Sp&q_JORaa1~5c*I1k zV#a+X(k&Ji)(LRRZF1yuBiJ8|U8BVsK}qdnG|66pSD$Je#xBT95(Wkf61dI;#@^pB z=oagORI!ghwD98(6{xuG_dJnO>KZWaAz_t2V6_dY=;>QC^-J=dQR$*)%6VaBAm3Co zJu)r4;B@sr?{6yoC^{c~&;OhOe{vR_k{>^4b5cdG9x}1`<+u zq<15Y#fwnHaygq-B^Vs9_tE$zu{44b$GDB8_mrl!@+)!-uiN~L4k$Kn3Lr5Y%~$={ zf`J~9iddT{3hOIIQI=vsB}rk`Tel}7O#?v=f^iByDdv_Ralwo#VO-LH)LQ>S$ypas+(Kj=C2xFJ;hh&_y`oRi}j+^Dc!v`z`s!T z$`;eH^p)6PqHheHic?;!jkD6k40E>BBO|KdU5I|pvEz<8wLO5vc0B*+Wlb&UM9ZlWuPPnYwW#)N2Ea|Y>?rR}zf zJ9LMKK5RcPzMzJKso+kLT`apY#XYL<*-oO`_yX|<(Cd8- zOk&}G3o<;V!&(X=wQBq#Q6|2Z-=Gd~t67Fg$$)ruX{4C@LOF;~Tz%E3K}gdzA7iFF zYh6iue|YfHI)YGP&;ioxAL)>ifyXfCq2YKVC^LWZuia1Zx$Efe*%@L|;C!Qa|6pF|s1L5Jo0S)-jz}diy;+Nr? zlatS>r4P)z^co&wi8#0%0_-;VRKH~<7*Ai~&hIsbL$#l%orYF=hId|D;c6W9zBCC28=r3! z0$P7aW4?!P6McVVW4TqYf-8fM?L}A$reB#OxKIUvtI_G2^kv{1C|SE92@-yx|==V&m@1d$>*`0e4jd@*r69=Wu(h#i@;V35L*HAaA>1yHf#oE27lIbc?e zuf@RIcpkcRf-)@6lp$TV)`zV`5k_uGjr^_Gfv+X&3!^BMa>xOb2`@)Il)1(%sa%+L z5zz$~Q~`E$;Ff4y!EOlr%YM~?vbj2OFeys8mt^<0jvaE0rx=p|#02#Z7-0}~3fg5k zOi&R8Od?1%p6mi0ZUa=aATRL`P#t&@{HqS+sUcXy`;jhipuBg%bW5DSQjj$T2b)-)~ds6dutY$7eTdLGxddqL%E z4~L()KUnqIeN&c=G1CKx)!>jAFQbNAQ{z7&EiYA29T#Psbr!YgZjca2eEvM&V0e0f zvgXJfFVc3L#s@Emg~5-O#5@Os5Z}lF{hBsOgp_<;e{E!CB+uk$+LZ*+Drs{ED6xZL z2MR_%o?>msk;-jA2f`H}9um6(6HpD8iJ` zvP{T!K^RZ0?<6b0xzy+)WLy0Bhnuq) z?iJN7XsH`JAhX)EMV4UX8L)qcK<8Q=BzRR7zyjLQk7V! zj?gXE&nqY>2loSLxmVv ziAG}56v^tcj43JT9U`Sv>TTLJzdM`>f&Q<pJqfm5EP_Hn|NhK2*1vQH;TN=aX=~1{2H;)`fgFWHpqz zgBm(UxJ3q~2mCE2lWtMl_CLGL`kVPZPW84E2PEOvpp4hEXEQfU=B~xMv?al7<7`M7 z;Z4}Pt$pKWe+FatyJ4x*YGw49$JsgtQ`U(%9lR`5_TPa^a0`sb?)^cL2X1ZOAbF&G zlqs@y00|$C#SOIlYWUvYJ}T)h{HOCFaYqq1iMTMDZHHuSjL`d!!1hzLup) z8G0JH2X*ZkRb1DVepB}`KbWX>8(u>bs6vj-(R<^pVschZCui zO`wSCl&t?ZH5}a{2}GHASwg4X->S{kC4zjXCg(R)^%t*7)X;z54D8C}&^px%!odMX zKE^%4{=tq1(Cr9%v8O>JbgLB&cU$!2jC^Ig0G9EP5qeisLu=|jjnGZ%Jd(E}7|_sE zCri{?Vx_DVc{nA8ao}s;M{psx+uf`>Q=+zxacqd(cM|D=LiB`zYQPW6)J;zds|blI zV%Cn#XE6bfDvYCV`-g;r6xk-I1BzDov%M$Zks=}xDyzsw{PGA|L`Apu^4ps&hszPS zXrU<7N%Wf4A7JKJUIZ1OVavdRmPR%9f}HL48{OGnD}INSVvSGLM>&Kd^BVJ0L_u%G zO+&ff`-tqw_cH=XNIscU2~Gv}D{_@@;I+U@J&qbmJHn)kx%25`l=r~i%?{zng(}4& z4GJ5`P1iLvG@)cj!7WcsTj8+WPBiAlI71Axjlc^q969G7kPzxZC1DqEF^ci=9|}F7 z4u&o-*nQW*r}Pc@(Jg*zj?8E>4a_&eMg>IzAMsGulGxNbA6!&sDV6xL6qAL9X|=Mc z2H0zW8x3Ek#ZVQ4g7^b5ZTu{nubTQSPV)Z7cQ-c(aJ3pmlXVq$iBJyuw6rAQdSs(` zf4o|1EiZ12>eT*tb_Z7J9`6TMf6dw3ah6tNE!q5$5z0#iY;5ek`%2N0NpNsLa z^$`HhJZfS>h5*K-G&*HDEKK4M4x>@KMin&}f+PvrvnsQ=_&P3Kc*`N_`RFk%Z6qx0 z!}9ZdSYwJIs=6BI=l)iOK2t0B36YciaD~BYaxl1JKjH=0I~Lvs%>jQiNNw&NfO95# zN{si8-^5;%EA#uBF?wJvXU7=R9zy7}WuO~B;-aZO3!7CArGQ9wO%Nj!j5-!tY z0!PmTJaC2uj0NouoRuG8?~KWXD*6dJds7q!navfrGv9AleYvev#3qo}&~7o;_vvU2WFUCeI>7Ve-#gDjb2{($D2?5%0Q^uZ;YoI}(A zAl_oYNH2jg?*(Mw?uPtNk~W=1yvl}(jYAgpXwIn9GPyn4r}|-3$OdFfr?i?-Bu9@7 zW8M^U?jkf@lk>PZXP#_1+DA6X0-;PA+|zn#tto61GU+*ie+?Y7P;dmwg)iz@!ol|h zJios`!{G_BTXV*ZfTKHvF(n9Ol7o*|&)}3jDGKeoIG9sA$P-BEosG8N|eM2F*vtGkTBfVSS{eey(_2EKg z8|*i1`XOP9qA^l7&Sfo2LMwKSOSBPg6}QYiHPs<6_Tn?u<^1uI1c5%2GtwdC-a=9Y z+ibc4^P9I*n&ZlYpIh^zZ<2xqW84JD3R!MY)Ur!zYL^g98Iv_6MK8xF_|j-Uo=?{* z=Cxe2qZfb491t1>@zMq&AH2&GZ`8ECwWnus@du#WIDN2-$Wj1{c_NZ2z+xV(DwzyW z*T9x7PAH_1h$iFmA)dHE@dg9@gtJ&CJS&J!o}-4Pyqcs;lN&6Y9u~%t0o2JQLb{0~ zpYQDr)R{s+T)$a+WD-3_silN`XejrcR;pdvoguZ~;SsQOv@D;SFgr6-TVu|8Wd0qu z&SDWjj*fmn@I4A7B!{d;i}Ou>cwbR4N=~5XTLtvlAg!K_>J(L5wvtbPDt4zmMWp zTHO(XX%n?>?c9K%x+)=!ZQ;KQ@3(LXOPstR_MboLI z95&Cb=K@%Yxcv!)R1mlY{%59-Jd!K3|1RhNfV?9bN)O5uo z;Hb}~zRhecIk8tBCCQ_Gw)PQY3|NMcp+ufl8FDp5g*GnsxHZ)&w$%+Lvhs|mdYhTK zDwHJpH7a9dh~Gf~eIiln1kP}3;;yty%=vL0=nM2|By7{H=@ZQ?N)V2d1^^eRf-Wy{ z4uH-6SbzDSbXkJb@FRKysPz!I$r9mU3vS7Yt3I+2MeXbU0lKvGNlXUXpUF(fHl%Dh zkTOZBZKsv4uNDUt@_1_j(R7|PIg)8p=FZ7+fL4!!Pop6oG+`0U&BFEbQv(0)507KM zv9E!a>la|Ok#+YE%74WefhvmsinFFRk0s=dK&SjvL)F2&#=%NCSolWc>(pFDEkQHa zoj@EO5uZlS*FCJr!XwYH5$PIFZrV>Vw$e8#9MGy7Ka^+b)LR_PsWgY%dtEI!44b4Z z39ht8;@S-k3PBcG7)*;eZZsZhCr#ykuWmMlRCW^hvVcr@l&i>2nz^n$k2u|uTc8(lNgIn#- zKF}@BWT>w2V=N*Hzm`be`E!|d_rI47cl}sMww!|PTVcM)GU|@n?>d1DCtF-IvGt&3 zljJr3ioL!CebdyaAS(RvTir=Vb2o@Efpb*@6j(#y`i}0VU>{UDMIsaT$u6sB;JLHY z<%lgjpThK`Dncsx34K5DHE?a@}K`O&A#}NfqZ%yEjOxbORGR6|;%_ZKF#ppqUr-x4(}M8o~V^ zyMC)atO^hbY^TL3+Y8%{$^LaE2dfU?9nSA{#+xS%S&K*$Qwpw385IVFL`I$S1qljf zwazx99qYs8H^>yxK>~eGHY7#{g)8PHesK=iq!fR={x$~iD9i}q(!6LdDAOtY*5ZT{ zx`QSWPFtO69w89J5aJ^i#bU{DHb98Z^7RRVX3V(=bG)7NcUzbnT!wb5c;w zd3CUYd`EDceRXykyG#%z5}68FpsVT3RSbmH2>BGZL(rHFTM8+NU_SD^4iAsphOo1A z^@ehhGP@GUE?y*NTSi)oDP2>H>Za^Tn@IsN{B#vPE6UYp{m|DZwKMfBLcfN1} z?P+ohh(%;lYOzmQFCHfEpzwwMI)Yu_-NcqBVh85l2x%}AueHq7VIY!?N4SWSIT>l zi$b0pp|-__Au%2Qo8N!K!XV>khmYu5clrVX+$}JrWVlTv)^Lc3%6OgXg^qbg`I;kx-Sq4FcQ;qJ1R&R|R$!8=R#W(~IYCR4W#d z^dva`k2MOc=uLv!wTJ}*rM)-fz$Dqt1@__#;iZn>QWRt#SrqbX_-@IFsyo`t@EtP?h1;ZhwldrAH!9~I5O&fKE>*1%%m8-D#{`+dz z&pJ7iz{U5Ik_>Z5qbPK1S&3580lAB_GM z?xB1N$C@#TZ?^tK1lzKDj9flg*E17N8)3^q8mHxJv}2lb&dU{#Cd(X1pD-^kD^sQi zFkALAI-4u$aPlN1#O)29vF%M_E_akM+8a#J@}CK`UeK~{#Qcw*_%6;VAws{xGc^nN zQKHmGZ|b^3R%`WO?PnV*;dlQ7;<*7 z7VUx{a&7`sKYWmCa5UWLOQ?h8th)_dAn~o*UVqMn@ zj*E{oJ@K@2IR9XA_TUH+Rs@pnA*|PGo6s2w=9()JlrRfBeQ_kbj*rq>kJ46VKB%w? zv)nlI<ixcXDGT#D;hK`6h+q;S*$q{kYwAQRy`f zmsHnl)K^IK3$@T!Q(E_yP3!@}BoSWAALwysAe<11a8+BJh5```D6r_ntH8F?25t5U zNT}BT>Ei!yo8~+xl(uz*eaOzRgg8|e9{z0nGXL99B>-eF8YRB7C8R#cK(!-%`GJlM zL7tWkJ3M@Nqwcom+oCY0`G!HEpzTX%y`VXJI*D>FDk(cyWGS1+q%s&7*Ax-icMeM% z^02y~+lDMj-56@qNS>je2o`O3=j#@%6u`Ux@`@BbzT2L%x)G42WC%&*K5<|InrP8cgsXrY#%4p!o>Jy0_>e zGss=vf(KXJtQ9CX6DgGO$@0z@MKr=pki?|Jl>n%k!i!ncFT=w#ISB(9u60z=bI3y7 zApvT!;?Cle{>BU-YpJ7{Bl(1#(FP=)M*J?S7;R~pmc^stQ{`Cf>rP*_?Ca1WgkY97 zE;dqXiU!ry)%f_}G*fr^?%p0?uA1U8x+=Gc?}wh*apOTVOjy*`cxjm*wJT|I^=&3}C!t zM@krGp1+$P+Be7x%(CIk2?9O9@Rffy2A3{*y)_=q7$ohd?AN}hoBG9)RiZ~k`*6DF zbIXJG?vc;%F@OP+&m-fwo&2%MrHu{W&$yKhT1uyOYF#)vk7zZZHCBAHvM@ zqOMzXvXUL5A0_qvwRWYIL)%Baj9Vve1RdPDQ3*1@Yi3v<(@eaj$KIiW53_%Rc6eS? zkz8P2;=?PmDCZUfthK=+rhnzFl#oUDh}Fw0x_CKN0IgDU0nl8TOrLp@j?h{ko4QQ@ zP&*(WVg)HAF2ev-h+a{;ss1x~RW}hh*K@qAfUm+b9B zvoX{99YF_F+0?KrPLQv7>~ZUhMZn$3?$ zKT{1n)3(`qkfaI}sBfF-R;%xrwpAqp2$Z}kZ{t_Q@wNL8A7~ zgI%rHwmtknutsj$FK@w~D@&%qa^Bt4KJYHZxdTC|2A8hSJzD4>GqX=h`E3z7Y%}AC z=n~R{TiQMw2aR3rs+52K@jk!O{9)&-c~E=5pCU5-x?G#*i5c!YP>%~_?G|Q zeZcsFe|5Qt{fHH~Bx-0VxKh<3{oeMD@W=DzHI#BaqACxGop9cDJFZ3*b0HmakOd5k zIWsdeY^LeLGb!r4nPV2+5fyrQBRxth2qi=vdfKm9oR&UQ4xud556}j@;{hcX<+TYI5`|kdjEj^Oz8*!M4_H z7yF&}1O$MxBOxMIey>Lbv8rl-c1c7wF?J#4{l4u9e{RPU0%NaIAldcOHE561L+~bJ z4{a=42B&kST+jgmD=79m=l)EDehdp~gSOfCex7AKEx%O4(riJXA&-fIEqmAwq+FTN z(^ATog1Va7C63`sIe5xQg<)lcP{t;o)GxL6y}y4VSQol!}ydnV5@PrDo$2~yyl@# zKge5U<)Zv~Z3C}*=G>OgNQO^1!=v#pwn=` zNJ)&IwEx&9KfWF)4?4dU@2dH~)E58ydH;XZS8H#{snjz48h<6DKcWQxv3fdBt^Pz9>bS$=}P z|2xw?jR9V##xjiDfw-gG=RmT$JbLyCE=4Dt*7VE&qJpP;g9Rc5bqT$>0yvOf8v`9WFJv5B}GB2jNN{BH}+NELgJ>gM*gyrpI^_*|#!tMaD=tX*wQ#L#Z+n@lA{! zj8CyY4FeRs_iB(+o9(Fa>>iL6m6GM>V}6b%Q9L!aZd0j!i2ClM5`boW$U4v+5CA8p zl;8XO`+d9_h!&uZrZ3TyY0(EtDb<1L~x-B@+ zA3;_|TT-<%3_^FEFs%%IrfQZir3rg9}gvCs7fU={7Bk)&v7F zt%g$vM#bACFPwfw-`P^7a3p%QG&Y)0)t+v@s=Tb>;QgUcq_{9GRi7ep^ zUx`9Jm?p(58T|3qf-LPZOj-#+uR|jeoz^}m?z>E{Me+*^z8mjmCA=ld>4M594yI>E zno$!;$zuMlT%YGZag~t>BCX`JfQ3oQa=AoK`ZcXahA? z{r04h!unXjw?c*-zYvZ~XSxCV#A)JaN}*i3wxV=mn7v^WLT|iuW9Hm-%*%mR)h^a* zJ8N+MHT7J3%cfiw8u}}CIQirtaZHiJEf6$s_+tt@CosC=Fc@qZSt{^79Q#JR^?c}) zId5cjYCk73o<#W~tWk1QSwSS>P-*2kLcoV&pK0yts@#J$(wg z*~e=8IF^qPzmxBx)7r$`{yrA`J^`;Uh*teasDG>ey}U2a7ke-M14U8dC4*FcRPU#W z+9n%eCUubeccAOsz?nkes1htsAo(=2`O~2A6y? zR*Qh`WvyKQ4ar8bvx-OtXVi@sW>b7BH2z1oa?SJ8XzHtSYOEC*EtnLb75X~V&A)VGg-GS#p z^tyzplT^tDF@jFmWJA(88!*ObHHok6Bvj?ab+CCpBAdH}=!VVX(#P>}C+xGNTNdgvGCXiKVJ&KE#SPb5aYhH=rW`Y*S#+fdgi@rXaqysWa4MsW z;J<)bu4y0{+TO@~pznQAP6&?x z12>SF56`x{-BdA}^V5H5n{v#5J}Mx3fkmrzBTAV; zvf4e9=amt001*>r_?2ParHn57RvI|j^|2&#BGJP;w;9*g(Qq&@6Jv)t4;K?=g<`WouZ9uAaWcD@&0ttq|ql2d%hM zmk<7}9kqYk_tOebpHoJk!kgG;jD}a{S$2+bQ#TZWKgh(gf*H3^EdC?=+-3D`DBEr$ zY`Pl*xJdpsM+CWJ`S;ex%}DQ)PjmzWgZRkE_Db@xX80TD=){ms0O!PTZWexqoEjEg z18r?xeSIR-haQQg2#5bYVAQ9S#!!>l9z~65!=oj{GqPX z03#pIUnLZ#?p-RINi)W&NDRH7vgLf0@Y7*GPVkujITrT?9n0c!P4Wl_BF}L}f`}(vHB)g96~GJ>e?o-tBjwR- z{Jd-~58hCIG9WyT13Hwn%|BhxDB+;H@5&e6ND?eqizZ=EUp;0|N97L z{louT_Phvn!kRMfW}L}T#W&wf?@y!82Ow8Oz+owCcxG&rnyPtds90Igh?#-Wq38M2 z#pHUncIPv0V&{`kUTdfwBL8W!U5h_}{=*YVh?jw7Jsq#4-MqBeQJ^nsg!8GYMk$JJ zb*mRfW>-W_8hl6tM$SmZ#_W7FTcezVwj$+UE-h*s%iDW;p;I&1<;F>EW_^# zcl7lii9Mh${7<#zpg)%6-wFVvZ2MLLc2)L>2T2n~fu46^z$nVv2GfM33}%ORcSTB< z7vwtTucD8J?L({)md$Y%9SO*IQnO{{)xMGwv%mFXAc@akAX%73dTHo@Uj#a z6kyObKNEsUupSLU_#;UVQH1wKwW&1Ik|%qe4$+Vs{f<@M@k^TwNyCHGL?qsHjUGO|Z*Elhg%Wp%crT z#m37|6i{qQrT5LfC54-ccvi(RXa+_6rdM*8&MX*(r7MC~rlx}P^b*qZ(`~A zVo178lyO{qF1z3l-tXOa;uOQlVAewCe}H%}i$}=zhN}V)r?Z`TMfIoeoUE5JP>?A) z(@n-Bj0?pMxt$54^w96zmgYVc2x`c%r_RXFjhpxug1E!6l+<(CN5yjjcXrk2jr0x| z`gNCS6vh?6a*%2z&`u228R;bgg9}SVbN+Q9SF(R>eDu8-VSnu!CGD+$|L(v)>V4-6 zx}@Px;eY#iZ(F}@^wAfPK-ZvW-|W})gZp`b@1|Sn&`fD7x5rNfWF2`f4_Qc8Z!-~; z$RI$~i`gI>7azZRig@tr*w!(_V-mC`d&db(mMCDKb=CY(rTIzrUgg&8mDbO};j`!2 zq3EH<|7s)dLQDBL{K(aOA;+H*TGs*~sc(282LN0tK zIQ{;HC0co5JPIokCET~g(ZJtlGI)m$jF3p7{v%@<W5dvKU;x8Agp}8)^2Xg`q9DA%fD#`z1hDBSWqe>pQOubG~$o|CG?9B zC4zRIw#t;OzCHYWT`y~kR8N4kXze6TH|+eQ)BZH7C9FHKoQwFwkuoefP2Ffn zM*AYZ;ePIG|q9m}37qZ~^md8vu3z)=bN77VZ z`FL!?@B`zccL(=fK;JwQk>Tg$7@xtG>w^$6YvHQVEv}g}PbA?{f*-Dh(%N1P63-?> z$KTvqxX`#DdSFWNZ=cRS{Y63xZg-99k@N z?&O~b_QMx-5!_0IW+U$IQOav$n=X}wfMBvry8|&i@l%ALp=g*R^|BbZlLz=eiK7QA z9N3we_dvE=UAS`N(uTAP$KaHQU(!97@FhBLSWN|nNk!fD( z@uEV$ul}15A3rY(^`@M_AlelFE`z_sm?#>S!C7_})0l{e$mep@-7hcvNKa*% zj8V0{UOFo?v1t@lFgrI>_=|D6s57cmH9PPxeOW1mDk_LFh!QO*xK7}(dAeot*31X$WU<&!&3yjO*e>BCc!&;YCfs-9V($DP zV>=TYDtLMBwC(*R@UwUCk1NYx7PF0RYpntyOwtqX0M$N-*Zs}F=67qRrqR zV|$%@^Dn1jp09EIx%`)8J3eOa2rpK-n%c$pLEHx!0L;`RauEc*3FA`hBrMF&d9WHt zve8eH52zs7pZDqU5RH0}qLXEQ`}(Y$5~<@B&8Nc^tTi!swjq*#TC{ub#|^3VR6LgK zlfl$%STcWU5G6^8&GYSHSO}E1{{U%eizi9mVZvBim$w7Sz$F_*uv`KLGXn>IE2@bGt8QS@FF!DYXo}0j&V@m|-1EXhS zaPv@0R>IYLlK}RE4%t{yk)(K>{Kc7wr9KR> z;|;RaI5aJBrIDqIs6&oM>CfQ2omioQR>w@k2Fr>YBNME?tVt=HiCC4LVE!suNnVIv zvMbs8yYt0W_o6M(Z@Mx`3ch~ZK1m;94%x10&61KZA(sow|lEZl8B4izcs<=hc7NT0tB$zU?zH6q7|K13Q{3s zElIiqAokvx_?OflcDQIFMYZa;jB>IIT@TY|r)iAbbJqguHhWM>;{MZ7y}9+|>+ueF zT>aSn`{?wXG53Y+`Q>r<5@ryd6Rx%2fJ3nq1Xne4uIrC4#hrV{nyG+z!UjHJyi{_# zZ3>{`j9g2IkK40$$Cgq+CSq`KZ~$mY;>L;rN^*~~`ia<6CNlpP-?HO*p_Vcyz~XSM zCLb~16sI3!#;UCl+pL3#nJHL)2$^_9@!QoW;x_+M@?#4NvTQ+#$yu9T0fDjvVsNNZ zgvT#RP|8v8Twd=P;2c#e!1c7JVr8y@^>6>9Nedzsq^NEp!>B|UyKW?7{uYc_kmaxy zhNl{<{UA{6@)B*>!!!N)Rm#8sTX^PXpq+X!ktJm&@VhSD2I40GOc))(;EAmL|D)?2 zgDY#JF2LBfZCf4N>e#lej&0j^I<~EjZM(w`Z<4w1eDl@J)YR1Zaq8Y5x9U9idG=X* z@3q%*r^LyZ88Hz?%$74k;8&x=A^1H{O4SU(CTzS9x=wH`L`c3Lf8R3o2Tf* z*nwD-uU?CWjM136c($|~Y|b()*o#m@b&oz_mobCYmHDjQ8+lqC32iay@R9d%Sd6^D zG3xdOjR(T}z9WdH7W-~sUAfd*+llQBtmQ#1HwlPmG z;K!R$qO)i?oz-8AM6c9pk?tw{J|JpTnMFLUl)f>2Q8S^7iln7W!|V7>bL}x)0pp%L zME^vVZ$uNToBu!#W(qE5OO1>|sekc)$o0H%6LA82_li6pFDoAh zUueN*zOi9gE@vnsB=Q;BZ>?EJ%=Q7=9~A0&NH}yF(N>+%$k(9uauLXwdhrDv;5#t8~P6JZJUxh!Ve8&ZnZm~_+St&;9f(}fTm z)^`(UN!Xf|?HP)5#s6Bf53l63(+`G<(N#xJc*cWp5dUG-@R)1IPhlCbcNy?r^01xf zMioT9(u=J#KJmQ!F&)Q#Ndr6-B_wEg-oEEvO(39}O5De*dP(8r`{IFL-;RX8e;@zOZ~yB%)2a z^kL=8c>?p=2w?uc=8Ss!_v@Km=w--KFsSRL;rrdO@3A*S+WWE2(-1J)0P-*j&))wp z=UbXhV*l)K8S&?F9QO$0)$40VpxSW2$D5|+TIqUUU;p=uzqaB-Y-++d)nd-!_`9Y- z%yEY9EHVY3-biK^h@@7Pi3XKU37bM%#8ki~wft1IRQ@T?N(@k`jgD`NKK5&cR^5ju zljhtehog{LCfPco=1aMotr#|+*zdmrshiEyf0MLx1%kxSZ+@@Ra}i^%jgDxvaqyes zPk(TV2U)W2!lqZ$*qCg%5m{Di-HiIe>$4$dBp0+?2hLYlxx$nE)Lm8xmJy>pkvjn~H{+Z)$d!)n~_V&XEc z5|7gfBRig8(m-Hn5BPw@Sk~gk`e$RUpG0wtT+{lPyO%5YEi$<*io}|9A?R90Mqn(~ zxq6G|hACe2*WUQpDmKf8kwGnD(hl`kd-}@eoEb?ShlU=9PP7nt_&esgp3N zKs=c69J||WrkFN@q(x=R!|G+RTSt%+;#+NO0U3i6K0*n`W%5TW%A^uvc7ar~5XcTm z1{{Z#KSVJoTj56Cern`w7Tap@*{WnOtXw6gt@d+$gawK15ASDLJHix~M1s+@CfvW| z;82_AC0Mx$cR(effwyY!^d&u7%yF7#;+;;>>qi4UE!7gD9rbI1?5 z-yA+3?+dKQKt+U71t2;96;QaBv43<7%(my7p9%pNlhc?07=RgCVK|<*1T5Xp$<0u$HRFimcNh?O9GGhzo!JoXuVXCCX z>jknZt?%_yrJEBs%w(iCvG*yCk!8wh$($?MRorQ9Hz;b3GuCW|Wek6s?rbWHs-bO9 zm|sPhczZVs#Hd$^u^-vFe{Suem8jos)%smCXoHhJ-renM_5&oUMK9l{GWveEb$MJp z6M9^x%SrS+CI;0_sM2udnUbfVmw>G?(d%R$g_Ch1XR#jBy}`f<;RoLQJsiC#B6VvL z@l`;uopHQrCEFZFe%t%pZ;z<2xBaZ%up5j; zETpsRLA${Bqs|lY54Is7nsj;}I-l#&H9J1d>0%MGHX%ytK*+%t6H7-_co!Ov5{|Wc z#eQ+Inc_lhRLJu=C6^EpIDfD5#KoL@(P*Je`UsX43*z=CH9kR+noYK*=~kQ_Xo;4v z6q10Q!;S;bM*3ezufm@bSX%vfo%ltJ`@se1EY7;r1X>z#N?`q1dU;p03S%ucxTd z2^O3@POT{k!O>0ph;!d-&e#`-T@S0wmv{PrCE zmRw_qvR4XN!q8A7IN7>cWF8)E(KsDPcL)kNI|{o}4qtBGOK+C=w0&O#ua+jB|4rOl zd&99=sN^@`?(rb3x4}^YVy=-au7AGX=^t#b(}h2(5caqR~N}EJ01kub6>%F~$=`PBXE^hX=Z=z=jEMQFg6vir%LR zV?x+==(Bg^DpB!LgKCGTFYu+}S^?)=H|Cbaf;@uwj7Q!51+gb^Wpl#N4k@~GaDIY@ z(b7bF1fiZIa9u^3`YB!HL71lXRYdAI>M*;O-Rb21#oE%Cm6(<83u2@#45EQILxK-# zM2uxiQ?t2++YpD3$NQ~Hs6?B|mO?2HoftdvlX?F}6AelWW|N75V^A5DRC=LUwvzH< zZ&QKMSD(n2yeGWVmX-p-QM`KCB0!U?++vXyimWnGmUG=UTn3-BR2+qVZW71frfMPY zU)1qDe~$zoX*RLEY}a!jf3vPL4wdOYoTtLD2u>Iyo!YAq2+VjTpe%%GE9(_7RO~+~ z<0JZU0xKMT+lZKgLT=vxkbh*e1Ji$z)Edu&mv))bewMj#rPtd3C`KK6&(;i1_%F8vGl+BPbwVnXXi#0CY2Y<|fGPQ$DD<4*%TPs`MP1%?(Re}JzqpMU_MYCJ7Q25l@=Eat zC+FOX0~@=NmgGKN8YkcZ=K*deexl~CS=vYw#4yR>DwwKUGXW#TZW#?1Z60sVf$+Iai3(<=M@9ZPr$bBDTrSaj6p5O*uO2axXBM{t0nKSQHzLJ-5(^8VWZOt18n&Tm{FE@AYy`0Po*L z$(_EMNhZxF%i|3zRTbAmgU4Dv5}PR~dN0L{#%qE*K8GYTe?jF&>&jFk2Nrb*I;arV zfx|c199pgJi$Le=!@^$#mZM4HVj!~F($+%P6S0Vh+_DhMD-5Y-2D8A*q{=V#y|2CD zlB|G*`0?)PQ8VfSS)pAW%Psp;LzUTR-~?V7o09Pm4}v?Mcw!Rxi2GOU2jgU!M1Efw zeJ6mm7buTWh~_SE{GM)ohDXzXdTVo|ZV$$AW1WPp5>8-FAEC2#jIqLL3MPa475@f! z80NQ?*;*KvKEI5b3uFnCMZDDyY9VHwx3i-){f9Q+yD~9W88lecB#N3E8-qT{&6DdL zr#d6f?RacJO4PU5r1-+C@7QtrRoSDoS|8xdO&q4xR|?eZK~!5|gk35?(8G#OFjLHJ zl%AX$^g;4Tel5+z=Q+S}788cbL7dn*RX1z3ZU!mLjF3y6CDoI-CRG9)O?!1_%0`7M z2@t>#tLsW|Ch+zxHK9e8to<(7varTFi@>Oi6^h{`{VGngRxPa2sGJQ zie+96<@u|_94mSQE>mVOL@fpjU$U*iw6;{v(~?E}iC_y=o0IrBWq7ikXF*VO$u=Ka z{`<{q$CJ^CrR$XIjM``P-F@OQMgbH953pzhh`?H(I>Es29>(Nf^JFJC-9D zQ5$x;L0)L1gObDIY7+xQYHDD6Aut2EK01^v$VyFh_j6?=v|?)_f6SiktUD z+#j{~%7Qo9b^c>w5v2on-dBGwo*h9t26kp5Wx;%@fGh6rqGCh1a=vGMDl~8)nP7{q z%lWffR<--l^Hvv5bf5SuN2sg+x3rQz(2Fr6<7@u=d~+ooO zcxSfWDLQ&X=Pfcx=$H1q-0ORcp#Vm{##=jl6JM%4rTnT1E=`cO>`LcXd6V8+t^y_~9&pXjsdC>o+*`Sw z87fOJ4#Sye+-f}jWI%saMIm3}OsC%{_xET;DKsX*9Y^E$=#=olKoSuVOXQ?6Y$H|G z?`T`o($?GB*@q`)+tN)AS7w7r=|EFLrbgnP7z^iZE63q_K5*Gzt8(qtV~S%$CYmCB zyRTtmSrH4*fB|?~-e^z)jS5RdLttUY2B8ogpPzRaw9=aNp`kDvHq21rj8mmHIE_|I zhuEsCjd@&<@@QcS!OlVUi3XXC?9<2BsxyI31VM(tJ>BxQQ+q#xU3ER)Um^+2(Q*4W z{53#X8YX6N2M90JfN=)^jaA5JfcZ19k-yx}?DwT5qdAw~UH0(jy*#&>D|Z@!f;c?E zKh-E6J3?q6Noe|AOe};2s2+f!VXQ4l?PJHvGq~0g01^*R8V4Sbrsgf^- zgTyI%0@n~Jmh_)F64UOay!8lh;Qtl$aebXeqxyQ`(B2E)V9+5=SZ0;X0GF6p3f~Dh z-Tq@X=Ta~Io{PD?ZJC)i-MQ`s?u^nb=fDUci@meDe@6v{U z^cI_dzL$B?Hh?(Ts!`8O33CN;L_+oi)_tKSP#ntS7--fpQF|VLZbeG;WKn%}#_08h zcG)zAR1qOOR$8ih!BE|5maJ<~LG*ypW?UdADVJSWaCs;iJH#a>%AtGiEv$p=jwUq? zYZQsO?k9Gp;{s=D8xHCmoF<8Rz<8TX%yv2@45FHgvP5IA`NU{|+H5BYr+m*>8sCK) zWB-(G9Hap`9L?I@*(u{sWUY8l&rqTgPW`1Zdc?7EkktXvqMOS$XbcZ76aI^zKGUK$ zNYY&g0qI0bcKbC|99|mt0)xjA0&)=|4$bfHUy#f{2sZkpiv5R~4=&~{_he-vv^)^1 zE~ua(Wb+G z(oz5TT1}f{6f{9?{JLxi2x088J`ngQk>&&iZ7bs?4kK3?tE*4YLA z!s~#81b?58;Z9)sv7Tbb4A`bF2x$`*RCIiP7QSl!e(1ezZp=FWccsa5#9CWu4FuY0 z#0>W>S~Pu6!^FCzkHkAC5r|ig->VJeh7pvyrRs0l1{sfTpFd?z`Rj) z>Vgt72C_o4FvE=p3M|E}3vk!d`q`1Z^vFG^iI^2%KsA9{dhP71D5Ri#{AwMXDxD0J zNrjYhlDa}l0xHHKdIr()XNOl#_1zN4dSKM!sF{mpJ{xP3I#gNBxbslM!v)U4g zo0ux5$Sl*~c)ua!j5OJYLIPmGaVKIG!I**z(}RY@@0pzC8n-~2-%lzCYR{!bw1Y_* zcGX#BMr-JuWhFBL7pi&HPj)L8`RKZ1Y#e52b5i*ML9>GV8U6yuZm^ixFtR< zYqukJ4b<2dnJH>q)d=mp1qr4#Mtuuj=d5v`o}I0&ty%jzuy70fH&c~8X<}oYp2YI; z!?va-JpvorwG+tqOmu~CndYqn_ zs@1dEySiz(Wb9qSw~b&x1na_|M-U|nnWsUKL|c>(6=2PW`R3-rn~Znj84BPTVm%Tj zxo$*>vBNc{5H1#h2?`bFVD!0dzilwMk+aZPJ)GmEeq5cMs;#Ylv6-CVYp=QO_P)LS zO1~9&@tk|hyS)X3z60ySyj)yRKe1F=Jm)8x5a?SxTT<|6jO-X(0=eYXWroLYd@Md4 zEKe+d{WV{mO@D`PP@)V!V2@YAiJLMVuRu$=!yTuNl{{%Y`WYqj8heB;S@N)cUo}GE zS1x#Oe2r&6RSp!atIf=;zc4Fq7KmdSb?$(T^OwJpr?-0wzjppqNU{iEK7ne7hJH!j z^53y#hPj0_{b7?t2aP=*t}d;ZMuugo2sf7~0HqNc#=}+R%4GaO&}lj@k)dA85gGwfEXa`BjG87Z7w;WaBg^kG)Z#cX@t2;QhnnEPjCl z=)%!&x_XqN#IJ*f(5?IIMx_<`oKw@=tM4>AK2F`pbYazZSH}GP9`HsV67p%weU8dR z0cGDpj`o687{$s|ncgEkqbNV+m1JK^!Oe9@nze#p@8%~OE48)zaXt6FJ=bIJVUXD& zOKX6xU!L=IOg+j{bNlOg$5u;y-&ET^lc=GM??^h_eS2$dx<|Iw&fi2T;Iz5m<7V$2 zM@%z4>Y95ZfH8;&(h+(O{sSnFPi82wNY~ad7RT5|lk2aq@#Cxc-Do2o`v{j0EIyEY zABN|DZ{4wh^6Oy+?Ol42wG2^03`qmdsn&B(Pwp=st>|`CdZ2C&dfGIfhx;$mHO5xY zcQ}v8ch16xr{g4M-cs;ltr6<$rIm%@YG~NBO!@@rIor)k8DWK0F~dUx9G&J$qb#

Z{7L?Ebk0<>oET+Q{jU8*b^6=%%|G)6P7J&Ds|k;X*)=!eige1{i_-hON5 zcHfdZbYg6j3Ek!clTM1sBt$afst}5@rx_Ml6fo*MLBv1)_X!jNK?;QUG1xq7BupqR z9wA$Rn$ka8&##l45=_xsUJSBHQna+b^&^YWV3WOWXfdcWeFDpJXmN@JB8pvVw;tIm zpUh)niIMks7>V3jBLp9f)%K^AK+7zg#QkUFL)a{G3PXaYv^%{CDM5~Qd$ z3s-2|S4vJx+M0(>aO6GQHzzyV6O0c)(d)V$rc|iv@Pd%I_s`pa@2L~|RQTpc1xFvV zr{yZK2qa2fbJf+u2Q*M$X1$KP5Msdod+QYsB{CtN|8=93l#~)FQ5^%k^j(_Y*Xpe9 z*<3-t*FBj(gW2ipy{Vo;+2VS?c)JLBxS#jm?anpB0PuI(AZdkqHQ6PBUI8&NF{uP1 zTtPQ0Co7t~KP|P9u1FAf5j$P(SKFPB%zdv9H(RD!V#hPy$J%RrTCUeg-=i@Zuibuc zYy>~!3h082C!pWy<+q`Ud%mA8evT&)M?6k?&!huIdR)E^kiS89>2lW&4vM(@-=dn$ z{3A1174SCQe{Q-ToMagEIX_Z0FtWoAhI$M;5#sW`y&feH3wU5y(4lM4=A;G+rxI#a z7|C6MfFhqqp;HqD02;}q5z*u3Iqk%*hCNAs77nzo%z@q zGljkZN-+L<7!vy9pbn0P0YW76iKgQTBF}LREyDdq7-UThM9O;vpi%>&qjg?bO(x7DbTO#qVja^I4~jEJxtCYtaWMvLWBO7JQ@2eW$ncCrO*T#6VI> z4as~C2>p6~NTY9eh|lBoy_`5Wcy8keUqAbPrDyITiJiOsyx9}__skvhGX^$Ovii7o zaWCMJ+yCEoXNT~%qWf&S-{<(HF-3)~Ts$3=txamLi)q9l32`{%ctuibXF zin|cc{L3C-t$@ZLTGA`2an>7x!A$%>E!H}by{kUH>}_+c-~Hw??xpuu;Hsial5Fqm zd5`5(yeTOO9pOTak;%_x_-Wz10Wc-h@Bc~F+53-Ci3Mpuf9WT%D-|NN{8qfNW+>#j z_o+2E+std->YZQKKJtIBC~#px#ITvOap)V<)lXxLpW6<9%e7PeJoSYqQBBbjohUqK zW|Ub^+fOFG#sv#RHU-I`xI21?K%P1>%{7^$`)w_v7G8v2ZhF`{YG$r%zogriHUN;(}PVZaQ>eyVdVrt zAqkemsi8?~@NhFmJ`v&Tk?&R0s3nPGin!ZHSl?%@;dIIq*tof~5>`IWPpqcA47J4C zre3-qyGO~0s@|C=oG=p}5(LMaz+UV1NBz&*#8SO#(4TswLz^K#2?2{a+@_Ofyce!< zO3raJJp9=M+B=>RZgun)Lc5O0&`@oC9R>#UXLD%R`aDd>nmck!3ns%ZgkR{qq4pa< zq_eTHvbV?V$jK_6kq#r}^LRRIyH=kR`y>u3;QauxioVk3MAvB-520DF*XjHj9$mn3 zFq5?<&Pd5()51y0=jV^g$C;(q?Slwx=qd1I4=@$UM=e(4la1G~@Q6#?rALpT{lKZe zJek&PFzA#$#;>fzfd+aAe}4W7wW4IT<`HYUT664qTAaQ!aokZ=wNn9g99+qmWhz^0 z)>0){G8+!H6yWlJ?z%MhOVg}ZMi0&z(xsGSpwOxHWE7ACi)?G?{en_afpwU|A8aoE z!xG!wU4aGfBpjh{%sdJyh88;0j$mG65x)O<@kHD< zc>8yz)t~u0WzW(Wj&-2{xv0cI$K4KC5v*D-#Hdp~$R!UK7h~gmI8S#^)U&j4aoth* zMMR$3pgzz4J@&v&x*teh$f^+O2X}%Y8d*YxrI}E+M}J9 zX2FIjhOM`ol2i0A4q@#*d$EvSJw}XlRFG>WgMxtPuZlgdBfyZT zhrdG*DCk$ozb3)*;6gGq!oRop*H^>(qXjsbNh@A*07L)7lJBGMr+(G>GWwYais#x) zbB!mB@ShV9m7VZ4@lA>1eDotp`O_nhro^9j$4}cM#~dlV0RRAe*ys?v&@bGI58=M55@Y~WA79RiW{~HAS zpO9b~7A&(PY1Ir(sbZb6OSqb;6xCdkd6?WwXc%+!4=JT2Dii`%B(Bf_gnth-Odx-} zWKZTR*!|xl!`gOKxN3+k5E`fPLjz7%Ps=1$SPECY36S94xXEY<1su}(eSTm5syjNK zeLoP?;ed|NXo1@Ig~`v}<(2Pc=z*6=oRjJ{4Q1O!ne-e(To= zJo-lFNTd8pjdrJ7)la2OUHXIc%wr_H3sx%{zSYGR4j0iEVZkZXAGj$qqK=Un6eRf2 z6Z6io%2?TlX6)gC#7f0OQ#x!f;+YU9v0_dc6qZYK_>#Gzzs>ai{J^F}+(dN<1NU3) zK!c2zW;YZ1$aCyKyNyam`y#(a1ERY9a^O%cq+ABDTs29198vSz=s+)d@_0lX-$I^> zG0J|jABH}Og2Y+y=}rtqiFGh^(ED+9LL55M&~vzK zY?~yJ&hMvH>u+h=czL7RzW2)-q4x!$M4l8yWCSDvUKepTYXy=y4A3B7vttTpv&Prj zuVoZI2K@2_b$ke*W-qVz;fS+bNRrn@a;O6(7oFZ}1d&gmDC>6GqQJPbp(8Pk^K_@{ zng2rywiV2cfb+x1LWz`db~3vK29wfM*(6Z&%>NtU7c{2&cL=}_;^E;oZ}wUR0^^(J z!fHL!0iuN`w0AR1TFva={M~-%V@8MD+tf-5bv(0~`M<%@GRk9cXbinw`D|xqjj1GK zCI@3c%v*YtxGhzl&cx}d#o2g;#a-0_=aB(KjJcyApa_}mF~y*=@L4caO}1F@4Xh%A zrlq;}mx~3G61oLp`<){nEjh2<`Y)}dB+PVTy)o~%q zEIRQC(;?F#p&}WxAHXr(2_T_-S18nc=;T0n3cRLdOb6{Aht&lugM|tQw`d&WaA(n_ zdWCPUIMc{^-+x#??gyMy73$Xz+3~n_yAfDF9yS}~j=r`?k*9NEdH{S0hLwCueIh-gp`n9^{fBwshd{hox|N}pJ~WMj(_tug&cW7V@` z^@USBTVczwinq`=!fG_=))a}A2@+dsZdRAl2zd+*qal!3~MgF7=!W{t=w;C^m^ z(3h+~rQKa!BpStwn{j$&n7Kida7n57&`?m)P?_grl8j;YRY&1X%~a&3%BD)WJfLUE zsT9MDq^0L&F&U8$)04Zq1|@n&14l&zVqr+|%_&_c58kUTfr#*H7xIAioOvwM`m7SdjrT6tm0f3a{u|p#;s6W$|(lUphln5nTr%^DVph8F4+oR z9gcE6h#&D(V#A|fqKlEXa*we2a1$UC7(?l)neG;gMtn|~!utyzo-e|hWiXX36b{{t zPbSih%LFlrmMYeeH*El~ulj=Z924IR=>M*lj4*Q&zw6JC7i3>%H2R&a4$+uA~6fil^Vq#L|-ViW>6J3IZ_M;45r zq-iI>{Tf9EfF&83)rMqp%4n-YO5Jex|I@bUg8FwHSU)dCy$}^G1|qzIO(JU0_04RUT1J8l3X?$KN09Y(7H{ z#zF#|_Tz+kH?5Dz4%$CJ#t%OvXNzl4+-$ozBnHF{>;T3JE~{+Y3ne>*Ae#%-M71-C z|Ab*sJ{9n9FKoq*UwH(LA%KU;N{#4;U|MGA9Pl#-T>@c&to)EAK>-V1+W3!1WVl|J zbrvskRM#1zFP6aJuw+TSX&ckZAp;N2+{FY>WY9P&O1Z-4Cyyhz9sBPmeQpRD(s|ld z_Ce)0@=_FSRJ?Sdwz|rzGzs#%S3MDs`y)Cgtszv>bb>9TIGk-2GEli0ip0i(w72VB z+~~E=TV= z{@r8Eq;^x`$NINgO&FuhPmYInG8Th^Y8EJJ!UB-!YUp?+b*L2}cOcI5mJVx^LAcO1B-|gI9J)XI zpv{dT=RG=#*6Iz=!A<}K_GG}Va=pbu-=W8{=RaXe2=fRh zloT~1NCfF?=NA@KqEW8Mj!nrJ5QC&6!Xqa71B^gasZNrK+GyH^@daFtS;k;`7NaI* z{D=SW`ycZ3C{>FqvIrVC!By#Sd*zDjoCt1*n*F;YM-~9wi2-eI#5E<{f>LE&0!K$o zIZcD2%48#YqY9duOM01C;LSM;rsH-x!N1*g$VV4Zn$A3kK=HpHoc4K?A+(Lf2C>3^ z$pxLw% zHrE?FH1CVjJ7-o7r7PHnhllg@^MLi&!rAazRcJdgo)HNvF&JI#>#EKVPcRNTWP<<4 z_KR1dr279Y4I;coYUsO-vv~DP0mCtB_vRAHc=nI6>WeO84uBUu3<TTswvs`9GOsaW#*18RY?{rO6sFyNdpa9QbCU?EN%=F7NxA#>RMGdSiB06=Wo1^{ zKJ}S25eARW{H2CdLs5^=tdkYsVSKPu@J8UK>VQjd{r%eTIW_wu#mge9FB(jh)v{Qi#k|Yu}IH|#62Z5V3m{sJ}$4$zWxRLgLO(t zNt$T?zV!8QI&INh~Jsmc`0lOUL@u9-P$Yb6UJ)0@bD0z3`C8 zoIb1wzqsQ=At!d1A>U~UC47DY3v&1mi1af9!N-|Y7k>xvdVOiE?h93*UX{i$)GU?O zQ9r4!RH{r5v#IZEDHcKqi6}V6D!mWc5fi@VH@8PC4hMfNxNx(fA6xvZUM2ZQO&;40 zvw+?Ot#qWEvw-p}B(A2lEYd#*5u5g}x(m50#e!8vx=iACAMu?aN+*sg%^XaE;HN$O zH+@#xOVohcLKy$g<0=oT(I#476+@>Gju|2Z+KfinwoOP)g@gBy1C7>i2&M7yd*{z7 zJ}lyZyZeanOJoV~LDUIPm561{vu1C>t&7r79n6gJUB7DEfV7$iD!c={arLJg?Vn~e`9 z8%gO9^MA;8h?&{Sq?VRv7Uh~U8mM7bp`C6i=;%%~ zu-`K1T6IJY^ilWEsJWQ$7XSc3Qz##CI)3rE*735qEn16lu%d!O<1r-v@+9m-4hrAt zBASRE)fjbodHMY}>gUURk(ieKJYU0JM-Y7yAW7*VNcY#-AD(+<){?4$MpG%{+6OYH zH0l^gkSLvkF*)!WIc<*WSwBB zU}9d&^5t=zAzBYOCd*l}#a%=4KyP6pK{ps&lTqm@N)i5r;%R2}uLTQ4e9CCXf(6_{TL_GoPd-nvA(<*K7mD_l?iOxsy2&@{qIhkLTI|FS($I6LucRTa$4iD$bk0mXG2zaw4=O#-1P>%l3(9j0f1|AWFaq` zr`IdT-0%BGp|mauGRxZ^3ck1>vQ$U3xRObntbq&l56qgASs?WUELrRd(zWUL0J07L?^}Pjze6WS;|a!6hCNRA&o`{oH$l*UFcu;u;A6rH z`d*{+0^S8~TOPx|fi7gvXNJDzn}{br^9pNq@#j&n5?-6>kU9Rm|@KMUT4h<{xh zuOfRNP%|5J`s~Ph?|*%8{pw40`FunRyvR9520hF)r1U1~j6?^c40P`00S_V`nDE!+ zrmp)-*R#T&QEvt=2r*~KolFAl(mfSe!Ay4X+QA=cNcTUeG8O9EKy3x+`+N5VO1X)E z=1hLEY@laB5c+`_PZ?(i(Hts5bCoA`=t+!Yt$+H}%mwCV*Z~sP2$ytdAez3)WF=Kk z7er!CHjMBF;WI(3c3V&kYFcKCEpDyo&+3akjd*l0ZLRU_| z+K0*LxNu2#uaU(tN1^6bgEfliOGF-kTpiJ=$U+S=5-}UHzwjG$M^fVF!6AuaD+WLO z4#1c0$S4hlSMW;!Q7-Ji#B5sZbIb6&?XE>bmu#AmwQpH|d+HSazcfZW(w-fW5)k_7 zC4@TAySTPCU4ctPxXJbf3lq?ang3b)S0FV`G6EZ}ivs@sAk4(w7vo65{lb@qC0HGZ zHbW?4oF^Uv>c|&ttwAf%E4%iP0~y<#!QUBD4+hU;{Y29l*bFfQy`~w;o-{) zCB7zSr`V6mEF1foq9qh?w4sVQ%AO|=m|B^VjP};n$Xb~qrj*!VhNEUC22xVcDso3D zDPw;|SS6{p|FmV!nVvqqybLpq>hw7ut%k*9kYuXTjQrH9Mp25Jml1@3r2ob!EgRuZ?GRrmP`ay#D}`VpYcxW+o|CQ6!=;rwdeAC2WQs)6dmY&947uc zU!-)#%I9(RGcz-DvO+0l1n6AK6GpDU?WMA3nhwB*cWj-%)b`@AL3{+k%ZaZvZkakM zbrJ@g&Ce_I3;xNG5ZC4D^Bnt&fQ0m0+B^_#_44&~Bn%!K*u@nQ$zU=tQNl+i7F=H1 z5=*&ojv|(Pzmp!`olyD=ND$B8=~E79hz{M#VM1PP_4?j_R=bOG_67mXh_Fb5_G73$ zXKc>U(D*sI`uAC0Ga{59p}qYr-kMSD^XZWRYOL=Kufvy7H4nA5ajN6#FXko+FLYw& z7fAy~s=EJOfSLz>tLS3RA}LfwIhnAD9VL_@+k~1D@z?QfTklcTRRO?r!&Z~A__B*1 zT`HdFEpJa3+tj@T0E=XEg`N!S{`u_L*U!{GT|({uCe|O>_&g8(())Tyua%KG($Mdp z-%oNG+j`z@CmHKJ|@QYvgA@3)M&_YGls4f`AR&7>q>xwG12Sg zfbd>QLjQ%7kbe*XNi~$7`t;pMREeYSH2S`gm;YmDe=(^ZAE!?fV+!oiV}cN4vi2U2 zr@#BZ0=sNMFM~P3$9m>~6I-+C(AC?}M2ZOHufva@RT@NfNHkV)TwZ+|TZMxAAkLnU zWE>A-J-f;MbIFjtGRzN@lv=;0%BZ9}QlJ%ec4Ro(Gc))tPwF=Pn7gO*I}IAIYzgBk zpvlIm6Pf;t7H=KtT>ld_#s)uqFW*DlA+Mh38)ZY&rres;PfD<`jhX)y`Y5dZ9cd2x z0r!oba=W=nX*DJJm9}pnw2lh#8eQdy7V~F)_-gi)kk(v^O@v~7NPB}ivo|aId5Nqd zS+!Odb?^{tTbhkaXO;yEpH@2RBa2b`X9V=Bq_w;ZV|)0)_bCQqYujJ%SqXBw)l!QM zurBS56Il#y@9!#-j$fD0i{bH_z2^*^O@it9#SfIZ8_Ho2Q7oSG&) z5;G-HAr(Do_7+jz@j;^V2-UPY2*FQqs?*EP&z6NxXr7{SkCc?2={4yQFTtUeuPu3tiSf=X zIXd#(_tE)-Akf-IB_sLEC;(48UB?-IMs3DES)}bWAsUtO-&9&ns9{(;TnPpf+mmv= zm}r?Y8xcPGDUJJ3ta7&uhYu6#EQTiutTeLYzw?C>aTm&y6S)l9r`6dUh#z6((<4G{ zB~l3(nNZSt>nG+8YvJ>c3;!^~q5-pD112O{$>!txn{bnyMB|qgD%(9>1LG=ugECJ`-Mqs8FDb0)%-*MbHcpl_={G z^ikB*(3F8H5t=1h-O~`pMPTxmQ~>s0smt0-a;F4n>0zLp@2nsnWrlux7faOr50(L) zEI<`=dxogTbZ(({U_G--&FHy!A6MJp*L~UA^(8wHEEN2~`%>cnDz{y8aC$g^{<|gn zZo*oVltP^l@T4j9ME!lMnRQ~DkQVOd?%wyIFXRh&MXlOj&1c4~p9Ejh7`;vhm{B)t znex$*k%Koye?x*08LqtJCwON21oGA+Ys^IvT>m zp|sT&03NozQN%Z3U{*u>u|H8BlaUCnQhRXQhQ9bRdsXo^72^wMAdRYA$qDg zqy)+jn@&Lbtve)2DL~`Qk23H0qeZ}R%-t&1TiCFF8d5O$y?JsDEh>KQ5bEF5-Ze?F zpBiU9<_B|0U%mvOUuAKqseie_3;B2FEfD~vXafV7Q4lhqeShc$FdY_x9ee^IM93t# zOAIy{m?P$whMhU4PgVy)R7lSsocqvXY?ti1%r$Sg55aScsIB?VG@*qgUkF0j>M|AoUUTjUZ< z$`(>rl)B0qT>Sj}TnW!qdlS7GVkrB7T1@wsU+oH$NQx|fKtE$nL?=w!M=F165p6-n zo6Jlxe_Ql4(VW)7$S82iDN4XlzDadhv5Rn(=Mwg`+$=05d%zQ1r9z|!9jJZCecPp^pI>x zP%55g>Ht{+K@Pv~&zC$t_paU&LU3>ywEdCXGANUu>toDFLy;dZ%OvjqZM6WYASZ7p zZx)DXo=Rb_?~6V7jEL}6V&!-<2rR@D9RDO5S1RplcraY{Qsv2^2ERwb5~bpqC6A@J zoQ9z81+x9(E$SBNbIO#Q*t=Uv$V*JGZc9YuxEiBPR%$c%>EdQ-Hmv39$shcNS)_ zTR|+Es4O->9w}|0Jr|ioTGQ_5qtLXW18cz1X`QJQ(#wm7X*Q$Tqn39h zg#1guKV9Ns)2)q#`sZpFS7+KWUH?y0Vi~GKO~>v0%v`_yYg&V@3*K<~2d|@Zr&m~} z+PjG-$x9IUv=oMhs9s4NT)OyASt`K6){vw+H9F9;oTrK|57S?kC3e&_fgdoi!44z< zb-H3RAL05w9k5@lYMh!c!d+ayDxJnjeb4rPF~T(|{0YA!=Jmb?wn*2`(Uz)~H5N0P zlFn9^cK%%ve`6m9T&?10BOxQYq@9IPs$hQO&2dXBvBxNBAB$|vKIG`u9h<-yCeivd zFK)Ez+-#~eBf8(Zv@34KF+O;SvSSykre0{kEnc{Hqz-moF$ z5ehU;MrLk=<9q}TSn2?@SlM~#v2aOc?DZ+o=%cPM^vGym!&7jolbjbcuWT|Zn4(=9kYXtnA zn=Z)k;Coka1e!W6oNNff4({ehCwwo*{nGSfqq9I@it(VF&aFd{5gl6&(`g-g+a#W? zHdGbr9EX`GLEp8Zr_cY%v3Udl1QXsmD|mGCWKRu7OT}c6a*5UMu{k}3iQrFro+^GZy4ZrmxJ?s7 zWF$n{JZ$U+z1}g`GM|=gaEG8f+0)!2@#x=EC_-rf-tZ83Z;ZC9{e6-^V74P-3x&m1 z9g&fA*9fFcge~|!_py`x=o%~^b(e-*2fA-uGdoXAQK1}}YtNiP#x(v|w-tuK=Sji= zCvzxuNrkud0Q||j$g&Oxs|=Llj{09Mfa*?*N$NC3PY<{KyJOB7^X6@nFqcWXncg;M z?3@;n#^-ycLaY3HrC-$#W}k0#P*7n)dm&`VLC4*IZoq9_-|^m06_zJRyTY$@I`$YT z>IZSOdo5s>Wsq!p$gt)wp>kQ3w+Bu1CeBw{oj2Yo;|4MW3aLS!hOvJ$7PN=1cm)d@ zri!l=`(0_yKojOso10Fbx`ttM$dDg9Vw1LwJZny#(p-x)zf2MqT;f__Kxz82ifHyB z({k`hwq346OodcD@$eBjXEP^zm;rtxYTa%=)6CmBoS3dC&uEMm+XxxqjXmHVogU$m zT>v?CNrNOtrY$$AusTWF7J`d60H^5z*l#gQ!w;$-h{TPFfax02R9~K$e>c1=nFhiU zWW@i2tal8K^bNmtC$??dw(U%kj%{aR+qNdQZQHgp;l!Mnr+@pLf1SN+e@UmRzjRmE z`#d++x)w@4CAGE%Lr}*LgY5@lw-Qy5uZ-%n+uA!K{7Wb)&)JpxHD@QQe;-yvn2m1Z zX{pfh9KzoyEQRP-y~SVnr;g=0XdoSXg@R@MTe?OrrN`%m_U?x#hx+&4TvbP2`t$e9rw`u8r$mWlo_dasjxpM{yeiF~ zLpic$+9$|KtSKy12MmL?+gn48^!B1@M4G-s;;%u)A-V8yB}%bL|AX@?qbftw1AVih z3z!%H$&eC{fIu)9p*y{zRQLV4T8h+KepV9ARse(+D3R6_M_ULqiW~;ACBfAJf3Ego zfRYIeHW_I3aZ1dT2iTS@rOY}hZV8&^^FVn@AsS2p=eTnDUiD*TFW4{BcJANAl)W6r z3=J3Gwcm9z!CS$uf?s<;+3tB>H|=qJ|NC6$rI6Vdyn$qh#8K$JFOCJ)Ijtk5Db6o~ zIQVC8Kixd&TV$iNf~$PyqSyR?%N7DRCF-v~Daa8TiazpW$OEocy`}&AXVB9K1W)OyR15IU4 z=O=(l-yAzTJL&NmJT8y~%mJd2Wm0dW@Lj?~DyohuHBy2O+w8>lGA;+bK0kt8T8pOrNVw*THlZcF^ppzuYiXsiuWlOia%5V&lkpq!#61?CL@7gTp0yDfSKn zKz&0*o9wve^r(iu=hfozl-iF28mfVCJ0Ig9k8)swDBBX-r>5397P|b*dt;+00OkgE ze}y?Dk5@=294?OcN6=;m&waPEMK{9|q!;<&lNzt<={z%tL820M9n;r?#9pV@qqcS~d#QYtzT^)90stx_@<#;N!Kyzmww|If3`+Gm%M&<@dJEsbyM7M|GQc19XsMH!iHFyYzuYe>ze8dcFuXW(${1y7@7Oxm5o_j<8xF^bEbQnMN1qmU}`fS zEexW9IHjc0BG+qqyN*Yrsvk^%FRR!urvDs@h!Rq?W2cd0&bPE4wZ!>uscuClotnNg zFAu109u+4Fb)#!bP;p|swZRdrn!gD(ql3`txSzW|>x&J9y2 z8LbegqU{`)Ju{_QnEmcT`Wne`5HC6&|ChQZZMI1+>~{;gfb98rM6`I?)lbOE>kv}r z?jujGOW17l@GQ|wwJRijbMpzr?R|L58tlD^mGqJ~i=2_4(j6Ntbjf99)9a^zw-2my zlYK^xvJ6&1Wuji~j8`X}{;*~L1F61#*lALSS@%^X;#d!BWE5o=A>{}&T8Zn8M=XZR z+3jx{YO(M!FHxnG2l0vu0o6z89h|K=1}3CX1x%=2{uuQEFxTWny8T~T94@v2$_T79m_ zq7K{kmy@?D9|ds4Vc6+g@EP%pWN*OU>{}2Qa6p9;iWUEZXrKf%Zs<5vw}7KTnpsM4 z7tfdd(?^dapm2npirv~44LiM5zwjdiR#gMgb1^xOxh0=oG*J&`b*N{7y)7MPOZqKG zw=n`5vy#n7K}4Pa1|XJcJ$WlQBd|HI@(DImkcXjQ9tH*R_fISW!o&{WE}d(*hRcCT3P*uo(%MG-CF;QpAdLJikB*Qci8H>Jp} z+Br~ta62Q6czu1ge_W``T6hW+Z;iL;QgAW=V9AkLIaaW-4JE6FJ$syvX~p%qd$Wsm z?+3!k{(%)Io?ocyMOmDE5jW1@3NLBJ5;7MZ)U!Udi{)q{2C<(&C`Cn#TA}p$3Yi ztDD++X&v@*e~?Mm;Itk7&9A;c*8Jm&-$8Q4$_r~ zGb3A9uxGVi^f}Q(9niNIWkHix&q%p zf?ole4uzD+r=+RLdAN_{7O7X>C-xV+BX3eh<2ZgDxrQe-*r#tb@rE$`?BtVrZb1n& z5@ije(_~{74~s+Qbp?y1qqMWKr-ne@zSh*Q9|8`BUQ_?Ll70MXXR(9f*O{Lhv=okZ zECwwrVAR&Euiwa(p}FlHD#^Qmi%@9|U>E;zu~^l~&tA?yzUO1*l5;~w7`P%mHOYE- zNyqk2iUEi?fRhdhz5HVc!kE$foo(j+;nLIU*;h93bNkA`q3Mt*Z)7 zuClLh&KjHC{D3G1@RF0Er_A~1p;Sr|n8&ChdO%Jz+xKxl1ss)=)>FeP7bX}-Cnjw* zNJqH7ZQ9g16SBoqmklH2WaS)>k^#jrLVnqnrP~k|=q3n!*T5lvnPLtuF7952EE?qF z$1B`N4xf9j3GCoef!8o;&#!$_@hvR<7b#k|hf|bARnp8Mik3;Teznk-YIcMr2h*dY zv!x#$R}T|LFDVi)bah^TkBaBBT`A*Krexy;NfTRV;lkv(s~xXb$>21)|r}d zhNluH5o@&?#3q1^@OFKW>||zrc*i=~4@F#Ww+0lK(*TXuGELrm7*yNd45wqor+^tR z8Xa?FN&G<#yWpqs)M+$jj6C89VWPho6>s`^p7As7IAqhANmp_%Xslv%j(D{uybpGj z^9FvCjFuO28>u}mNp@6ObqPc20elu9ZY@G43j1b5Hy0cZ6)n8EYUATTlu=2J8G&v3 zB*u9C;DRKj+Lt%_UQF<&S1-RmjdcW>+f0`c~$wDDz0@5zr=LbUehx=#@5)> z+)FJFo8RiP<|ZiLVKZ-^-5}_4_d;q&dR?M0w*|vPBRW_rQk?*!bOT)Xy}TC^gaNgS zM8EI%{=l7~f4-L!uVbko9{aBmiN2+ZlC>N1<-12Rh$l=XJV6+@R+udZS-^ec{N{%8 z=$me*rLd~>ZwW+&Rf|l?&_mV3NGDVjkxuJ8!Lm3?sA4CK_yI+RR;I@qdDo7~QHF|( z83!)#k-v=ugDsF|611eb3~1EX93Ql%uwa$9SmfqoNu&K|wavyp#u+mI!*m-FEF<}a zW1zm_w|O2u?Oai_$<~btop36$D*TFcy9Pp9T5`4QT?%-p z8#-%FQA__PPoJIpI}9m`89DqB*kS`W%Wzg0Y_Wt@Rb5%q<;u(*aLzG%`O{*<;ABv! z%9t^L>zR}L4PC_G`1aypv0#hYY(bwRW>;cXI(|h|=dbmK!!jNr{_Wj`Fg&C|>XKw2 zLbUBvX0Llt^XlxZ0908qQHDETmsAO~F)6_3_KF1!U64@;lb3#2o%Tn?!+Jwe8PNXY zc`xqnj>RnuC|PO#JQ#^qc7hp?njZ2msRk#pFk+)hmSxT%X+E33yMO6j_p| z6{aM|?h=sfI8)QcMr+?LTzI{Oqm- zmrg0fC@g8zMD~TgfM^k=P1U*Qb{#H(Ye3I}TVf40U?sE&qSaNG-M7ClkXZNSj)cw> z)5nEV!KD#{9~5C|&E&4!&Xym>Au^2lf!>k)Q2}1cXfNwj%K6&>hJZ#4x-!8o6>$nM zidoFRK4{tl<#E0D549VDMndoFSlU!n2_x?}KQd39N?~|V=o_49{^dtOvbsCrl7e%} z7}K1Ne!*?&$q-f4Snh7XFCS6hq<)-E?bvQXW9ko6f}_ueFH9ftf0KJCb;A60lJC>? zR?^U6Z4|O%UI&bnU&Z^oWTVuI9EA(uOZS66ILBCKuBbtw_VB$KLW%)9dphvq9MtJS3_%2co_KH8xagiCj_j9+`E6&_q5doT|(C7s^3*w1S8nNO5r2wDXZhe zBOb!4^d1>ePd(l2>wxK~aq%*VQ%cZK{s!A$v~IOPG1P7}DdoQZ6Fd<^^LjX&FC<5F zJ&b&=QGQ?kor9@s$LCi{c;ek5E_8k-TC{_tBL@?lQm;R zmS68!3Q5_*lnDuK;%ZNVq_NelmD+Z>@vh19rL@pk!KS2D);Q14i86R|3HG-n@<+N zBWnyVJQ;L4p_egolxL~nf*jUtf_`vz%WQ^-gorpOHX<7`Jqf{TG!znC2ji+rq#DLH z4CrzFhgq$8FGV8c_km4Gn2CslWb{1XY36n?eM#TT|6BNz1%4t#>W2kJn5DN4p7?e_ z0g3Uj3c%?vDpWCfIGI$OCc5VE51T~Mi3BIOK;-%sEFOpH7{tn)%Y($QI~JXql5 zz=FZJ?6>MrQ)8KFQZZzw=5#l%hTjw zC>J(RM02B~nA5Ie2ohZPn?&j%{Ww}$o#-UJb5TjdoM1Y5FiMfz>^sBa<-8AS#{E;LnJOQT_xJf@V7D}%`XL`eo832xpV4= z#*}^rTBF@rU^=R|*GRST$%~q>ire5FO>ogc_@OF@%m&O@8GKw6QJfM4xfvCH9xFGk zAGaVzLQ2j$jgRs9qL_h(f9Cuev$?i7oI&5jEpSgXEA+(-VWi^b=4RMft+e*iXGMdD z=wMmofo4TN%76#8PK|AVDTi@_UkuPKbNhjAJYXy1tv3Yyrz&&xMf{HJATZ6MKu|)q z3^;UF{Gv`YwQ1v6K)D)GE}clEzR0C#`-5hJ`{(r_DWiA2YrPXQV+^-PFXS1rva+Sp z%gN!K%wtj$p$Lg}H$Y7tmP$irID@931^gE@FYh~MJ6Fw-;-e5A#?h-oNKB5q4^U7I z%82y;3#<`Y1PIk9z5k~_M|7icnaN4WhcS2n9RHQKLc9Ai$3ySmUqq4a*gnj<5# z=)gjxEy%G_!2+68P^{a-mSCl;)bOf6;6g1MbsRuti6{xR3r5{&ts}EVz>eyyV*spw zZoWXWq=N?fGcK>L1bpAvl`v7MrWMn=PXe97G>h30FlqMrjdTWe2(YpFy`Si5nQ3H( z7={r>ib)YN4cqtmi$0I0@AmqMtN0CvN$3T7dJc@DN2DR~Qgwz=tp=`bD7fjUNNS#t z;0?bAvnh0BLwI20ljWF2X!K%5?4yhclDO0P;#TCV)v4<>ooy5BD;UOrPiP1UY)!IM z2U`TJ0Ze|`vR&D|@Q`pPzn)h7+!XCaOHOufYGQT)l(Y5-2;8a$;#yl}*Yi#s z-5pZx?HHeuLi`9LOK#)_Yh{PrI6W_J6`+l6R3X1z6h_|D*X%xm2g~qi_&AaTy@qCN z1!3VdXtC=%w)4&D7Q8^A`M!EdIc)e!KWrjQy#EuY#6x)D&+~u3;T?&@=1+}}myAG> zZD8q@X-Wqvt07fNHl$lU17$c>_2;%PK-AMINM?x3+yO5DHI}od&5TpnDk^eNB}_q$ zp05Kl6eKDV-Cz)+bMixKIL^IcxUAaJFfn`dwZ_O7>8!@Ka&Xgq!6Rm`^Z^N7E=0Ak zOhqbg1THeN`)~uiwb}%Wv_fR6jjbN_v#9>eUy6veu2n%8RGMS{oEd|qV205y^xkvNw=79EB zs@ctSCgsEM4Loyh^#4v2h!Z{}3owp_WZVZtUrwj4ShM*$ejY%!KBC<@pwL3*;n?qu zLK*tPF<0G+9~hfLNb1_Nqj8b5LEP;}W>R0vM@njS)XZ7J^-UoEq3V@m{iV1WxMh%>Ve%xD%jnQ-MG*1x+8wsi~%aJj?tp z@#4uB1~dQaN&blx1QSA`B$TIN(|^E$#d}n()Bh4s2zNMzGzm3C&)-8)LiZw7-D=&% zU*<2RLh+{<`<{}APu2l!YMiTsiK`x`9#NRy>)*GF3sKC&%`IpAz9jPgV9D<{B_5{H z_~``&`BvbEYLxPfRqauy6qg;sBa3IGlq7i&29!dj(8&vtf6(430R2P*Re#bZ3=des zkuQ{jwxmffO<3N>GheEwRfkRG$h94jM9F<07NmgHvzSV^8#-)LTFUt(>LXq+4F@?n zEhf8AsPY!0xDJ_nE;mSCYHU8YvI!aWd9g^?1~m#Lox3Bj|8}Jas8YO*mX_T#6VZ_w zRpM;KxBwL13k#WpNd2uG84zzs^1cfWB7Y3YklS7wl0r<*Fn3CCK~%OPO+9gg?rP42 z4c4rtP{d8hPs%3uxm8k=j*0jZgAP9f{&}A-0tGEnuyI!KYQ_rImjQ-w2t1TsL<7 zz_4}C90}}0XoAUt!glhkF7jfLFNdiG`g5UE(d+_4Ci7++Q=m%g!Y>UYe#b^hbT^VZ z^KFC(MUluDs=e1tc$UEmcp5Yp4%E{D<@*hje4i2M5YcN{t^H!mqSLw!L zj%Ogk64q!A%g&PP1c^6EAy(AL>nvkwos)1x?)M!AWYYiv&n@Jc`VTvbq?K>F>MlMbKyRznJ-kaLf&Pmun>5&q5aki17G(&{BSC<`Sc{HY4jG%5cF( zi3KsoJy4T!F8^bxJqHItr}x2TU~W$%g+Na#1UidFRK^f`4SC_;{^-5|0Dq>avE zb9;AZYwb(YRf0VJqTZ!q76hs=ia73NvC=fKl@|~gUN`&{^OFUs8jR*>GS{2jE5ji8 z7zQ8XHiMf5hbmUvrH$rJ;vq=aC25WGB&2|*zTK3zw&`Nm)i6L2 zDt*K2kUmKBC~T|CgM=L_1lN$VNH00SM9epv&j~v3pWpnKWL>VL2F!O!N$%zOA7ly8 zZ#~ZroiC!LBfrm*1Jy%~VxfS9(`&BFmm@E%y@F!DQ2M*{YRfv}JXoT-)%8$B5#Ew| ztNgiE?oSK0VK25>GX8CtVQznJ@5Q#;xnx7%FwIc#$aebo8T(5xfwhZDw&5U?-Y7K2 zKZ7ou4yl9QaRKWWr{L1`VNKJiMs3RX{_GNT&C-GPKuYEJ7;*~umo-{d>T!@5%_sINB-1pkFS=#vuVb42neE@nVt?n{TUbW51c=> z#?&^@2*T&e<`6A4@+0PdZmeI-$ikU>ND@Jg?wY=%5+=mC$xvVc=9VQ|bmdDxDCChV z<@(1AUYjz?!U>GuMD8J^9WBS$y|Hmt7-(uh{^_*NvLDLfDlnYA(Q+z*)2_;axSULN zZJh~o7!GT9x&>1ZCtKvKq~VPg4^H)?%VTz!s7#;DrZWTnE${7>z2_@UWw@u+Ej@Lr z=ct0G4iI*3=8TG&I-Shg#VD5O@f_6_kzU)q>n8G~9Y&7aMig1e^RT+@VU9Fpa&8eBCNnE$Lb(aS^YM?Z+GPH-M(h4BYqXfv^4kCDj2<{1I2wpSh#S#x_$#fc{E)%E&U&7ZgiV_< zX`5Xkz1~k{iHH}N8POa?weGW}tWj`sZC%xmpU#$rk)mg4H0mP<7tODd>^W_vBZ#W> zQLAoZz{+)zAu!6>kS9LQ-ihQ^*DfnDQD-a)1z52;poJ_6$iX?1VdYEHmD~6wS>vT; zgw|%0kSY**o4Ka~MljFIX~S68SdHEkxE=t77X6B58l~Lz+45BW`F{FmjKk{J=f;@M z;3Ciu9dmCekejrqNgd14NP)@|e1p6|zU()&h(ATq_Ud0SQXrSbtDp-|<4eI8tt~WV z#fhmpl@2MFFG;eL(lxUoRxYopsK_uBMN<>AjgF#wo@8f&p`>TPG;<72TZ{h^BVgeV zJ;$!B5^T^`iUki8u$j}iN1@C23Z`4q>74A6jyy&NevuE)e_E?i$mUnpm98BOCF5z; zCbG@T#}slBlQzL)%1L2KfKnJn*#iWp(!)Wo>3ufz=L>6PovyZJ(k}$oWR(gNIFeGa z<8&3sXFw^_0dg@kNw=W?Z_I6?43mM(x5PGMon^`cm@}n{j*Fpzp@aUs^#80B&qzi% z&_v$fd!J&?Q(!e>BPba1TagFF+65n?bd9Z2uIBg!Na@Bg7HIzdEgTDji$;SwW&==q zseILr8+uTlObM9j1l;4ywk=nN5-M8`kAzBCqCdKz-XqX(McF5-CF2Hw{kr)RhF3DWMe=XA=`Nx_u$_3n0H) z{Q+inc-Qc^gP3|52E-94=VspCI#N>alG%MbHaVJ8a&q#jrp84t>7hC>yDfQh*8mG9 zC-Yyzzq6;9Ffdsj4{9o)SyxFfT3uSoUN49@tqZZG0e^xDv9R~ec&P@OJ@ol2_KXt4 z6zt?T4%fI2m|_Fl4bMD#!RuQ7CWd*FP&UDP?Us z^u8~Qvsk1D=ZD2_+!Bei16n|?L6W-q@Vm@y?k&S&s+#66Gnk;al(OnvO6ls<^65~o@3 zaPOei=${4uO0j!SQuM%4Q5{D`tJH~Igq8B6&zsr5Fjkh^6i|@&Y5#EcjG);@{iw5p zWc0MjZjsBl3kLxp2Oh<*bx=zDY*G)ZfT=I519dApEQ(oKmqlmF2*Igb9K2WEztMY5 z&G|kqUdb7AS;9YdE+N0Z{U~0vW$4hc(2n*_HR-g`k{esX+Bp61e4PyV@4+m171;HE zdj>{gEV6ZeDJvMTng$72V~8;f%-w>Rz_xoERf`78Q6^WICZ%rR#K4qUJ(!fo9<0oo z4+K&xymVNd5pqR+!KzBFY3f4i`<#1hSA@lQ+ud3|wTJNm@P~YdL6Ss-R%uiB1B2E> zR&Pf}BsK?wM7k@ROB!2rAqeaP`)rIl`=wMm1&-gEF6L^5Y|{4+ z8Fq;X+20p>Q++<~XznA?KTSPDAr4>CS}l^~ZAnB-&LC3_zJuK)%Y0je^(1mm>PpPK zyu2WHX|kk8pnr3EZn()DRbL~;--MUK9F^=xH&Yye@)ZOI@}L$-t~$#cDz%ut8UdN_!c%v_nT7El@V*$4Rwa-`y^Osm} zP^3=QY@%;6G`tnrT*t#pT|j*V&a-3 zwxAtbZOppYDn)E$%{Yz;Qe}u*93!|_ZEqz*sq^c0OE2mdRUxBE1chRmYa}m!1NLkI zkh-fKfdCJNA)MmT(+_Rs?!G3;8jJ#*5Gh~Xs z(D>?oc|SP(iLnzLvv$4;%#zGoNXw}Cp;){EP~VW0+wkJQmlgh)?j;j8h~-^gO%p*1 zDW4pJGmAfcr>_Yh9B;kh*!F_R$l(wa9C+w-+t{4<<63;MKAOOre5Wxt7(X*Ui>|AS z&$DIrW{3fzgBMBwscD|Z1evB%I+ad-da+Oqhw0)qZM60YuI*o6pFr3vEl6r(tXW*% zArREPuQ7HEte=htu6)~`uNb(;KMP{h3)#@qLj6VQA<}+aToVhLi0V?=?1Tgq!?xb3 zQ$UNIo@?_8fr2#6&Uas8IG1y#MlJGDe%|GAe? z$?{b+C+v1EyMUVU3ri=`?sn1J%Q7c60x73YITNOVAhoy0>1eokN*u&$9*n0AO7C0n zrLv|4%CoMn`xJz;Zz+F|9O~_{?c!W?*(O&%(a}d<<)}$P=-~eFCK@K>zXOXJXJl7o z#p{O1gXTYDDanV*xG75}0c93^wQadU)o;RB)W_u1v1FNopPPCL^<@?TuTuCMp|7EX zDg|Xl1oqdx?8whNx&Y0lm*R>a%7@9V1=*DSJlo(u490cX;hL77Fa`-Lt?)uf}Bj;o*z)O#$`G^Us1`p99AtUX!J-xxaBVQEh&r zGJ{3dPGY<2bYi5&_roq4+BLdDkW-q2j%i}L+N*2M0I9UM-J&g})z=QbxFrus$LH-= zM`&OQf1OZ;alm9(zoHqNydVSBG&@BLtn6=40I%IrksF$QCDdY>IqN{^IUSbd<9t(Y{R156p z2X?v7^UuEQ3|Wpj|K<5-erF$rAHsSZv4R|625aqk@=&VGOXz#<|^zlAut_p}un#M(#N#ag5leEj+nq*s=% z%14AkoAUyaeYT^zk>%3zTaiO`hPS5fWvUn3WyRSVDvA>2D_!f`nyLg4_&VL}`I!#O z4m!qigm`#DAw;kZeO`5q52iwxV9s?1%ZWvnChk~bgLD-2ZaV1 zL&9Rl4oh1?{FrgbPg|=UF3I0Lj=gB@A^C(m{YePUFvwyH@+>;TDv6MZKg5 zn)C#WZ)ACMP{t!zh{OdBn$Nqn?+>`|uVgfhx)8RI&dEQ|-!IWUQt`eoeeXGAd7hl@ z);vo(NiysD$bvKrea&AXD~N|M2DC#k=LMY>h^0ul}-#9;WD;!0)_}?q%JP0IgnzFX*LK$ii;Vp}FfuVURwlPss{Cmw-+oxe#B(^vP0=Zdp` zuiop!*Pr8#>tmb|oool%twQ4wwUL8zW3fllY4k*T68B9O8TQ*{b(0S@Q!Oc~Uxsr- zsCt@)!coLIvYztSa-YL?gz-)GG|OVT%LttTR(7ZLr=~jQPuAl2z(+g<1lt(AhLMRR znI8iFSLR^u?gtHVtZ~(aWNoB+=6#$gXi+T2YOVY)z@Okf0JP%TBghH_V`aH6oFOv4 z^>W6;FudWdSwnvkS3*cb>rrZYtFzkkXX=(Jg30%9;R@xB&x;$4q4*P9ja;yaw%SyC zb#HBde}qV{G$?OLeqq6~2R-;_IxCKFQIWmp84lFzhnhGPVTGW(j^^f&Nu_a>hdf=* zF)@omH0PE1@3s=IYXz|d+Y08EoZr7k!A*eZ7pZVYPsj9oYC+5eLMtxT-Iv3wt*g8n zo}RrjS~l2r?O}#_ENwIfyc)O$4W~v~P0MBPVu@|*p9qkLb8VZ?=}gY>a1lM-@b|E{ zX$|haE02KTe*ItRPy++{u*_Dt- zPNmA-;ANfrvFQ@gBP#M_S}BuR=VRWaejCF1IrW>bh7dqmeGtb41nP^Y{TdwbHbcBUjQrq&@xI8*m7^yRshApcMUUt5}I_5qECsYz&5~Y>g$#)1*ynPsx z@}f-ZBq&LmzQUD!KJHK z3vx~^j_0RWFNLn#g#i#Hf!Wyd4}&Mc5mTjLrfNCdUb#RRzMcLCl8n_gM<4g+Y6xVN zzvr=4>{?&#@l0O24?Av||Lw`j_T1F__g}wWg}bkV;sMp*#u5KY_sDC2E1MLPoVB9D z%=GLmDoAr#Syl@Tj{%3TNe($P!hZBGn6f1tV=NZrmcGX^a66kRLu=FsbXtbphtHb1 z*|fOjefRL@&5gJ%-&CU?&?zYRHFVYO#cw@})NMM{zd)AvgoU_JEmHDyra?+TSW4Az zdG54ZThq?2bf!%Wl72dSX?2p~PL0lOt{933YqoyKU{e}(O%i-0iuG)%DlGg7%ZuAm zwO8ukw@hDwKIGZD^7m*yZhLv(HN5GfN1~d%GG?DVNm@Uu*%&!i%>28rBSsd`7`_Wr zrIe;VE>rKHLSi1#($Ye}=SIGZ8b5powvw)A(vp)q`tnG z8d(I5e@4^+D`Fo6<9EyPpF2mNK?9uha8}PBxNF}E6F;Dd3}~?+i-Dqw#^)0I+r($} zlP9)|aIlmk@j?hc+J6`n<<`+L%51B!{us3x;93ks7LrF2+hSR#8@+ZIfvl&kUP~Z~ z7K5#dM~KXXeDf}@6?^hVqm7#2B{eS8erRXpy|-O?AFCEZGy4_e{R`6W?S|!5ACC9d zrsuk*msxqQ=w$Fj>buqnF&`_?YiKEA7DEN=$xh}zJ_kT1Ga6cQI1*AG51TA@&aXEO z15bfIO=dd67q<>f>6ChAj!&RQHmTtFeee+_d-7uL(`#+hUhmDv{%&RM&z@6)e?kgM#`}#> z6Qh6$heLMPudB`2uU^3)XV;g|i(3Po4_h^J>WgBAkQT#5&@c^FMTT)o3WGPG90p*y z;0BOZSZ6QEvqJq&da3UBCxYJ9?u|6D$>~q%_b#t}FKM?!f-mDm*{C?kBj2j4L{!ai_hIH83s!G-P0q&xUS2VyP{4R(m*lmVv^rC;5dD#|S=s{`sg}2hC zg0{WruL}dTVm-RJ4&Rf=8zZ_}7evJR8z*98!vqpJDIIvz%$y-)Ffu&kx{HTLIJG@Se5Z_xE$Z^-WBlO$kW; zF8ySvOTEDR^4*xafg^I^R84rJDfYGeZ z(_R4$6PwO+pO2De0=IiwjYzkzOLab<+Z}LeFDv7C{{MRVF3!(Cu=+maB3IREswi{S zZ0Q~&Q*P@r_3?sw#z(1iS^p|+GBS!`MvtFkE) z9)wz1pLQwv zJ82V4jHurjHIO&=U#k`tau&ak{pt%DE?t9o zIac~lx7j~?sqzPjCkQcv0DeW!Smr>Qic$4n5_9PYYTCNGE`K7i&jNT&9U@EN&4vr4 zS|K1z&6h#1Q znidX`ZIlpCC#NVg%wOX9QkiX?yOnW^oP2C>Q)w`^9~8+oPa>UNUZg{MS5|)`6=uvc zSs+1=OmMuuA<=ct{+uE$8-nmjS1nRCmuM&Eb$OHWIbrRj*d2u>sIvLiFXGR>{Hx(5 z91jThAdcjv=S+Nj1<^MA`vg=!YSQWg0j|1)FU7#smV*I^{~x?hU#v$dUdP!kEi> zZG|u-N$2P0)J4AaVIdZj7lU`W&bXBormx)_Wenr$Rl{m+JsDxvgBrgx|Ci@@p?~^j z{7xgodT_{jm41pE8cex;565*rHOm?`9B#Ikvlc?{Qhl#@M5(Y7J5EZmcKK~f#=X_Z zpa896j$|obj*t1vZQWS@r883vsjgLS*-#Al8klEf8NIX@P3>`1SC`1uUy5%UPmBAL zed-SH16OFOs@Xf1MgEA3-v)W_i$KZq8ZfUeQ|X%sDEE%{6*rl8a`gQw%$4q|d$ubO z)R9#(DbGYqtk<}4Pl*Rj#z{-pSZRO^_9-!=K(!#xF9{tqJ5nA)TV3%V^S^GXa~Z>% zkHDFn5*9X3Wly%X3C(Ro8*vw&rL);y3Jy6uyx+Tt_Qg7Ot&h)nM!HuY|N9x74{Tzn z$NvKVwDUv5dbE-&!e^a78Sh4f7RfbVJhl+<@;->JC!e{%j#ko>7(MlCCyffC!b$1* zHoN@M2^s*K-LOp}f$3N8hU4^Wy>abIhn>gYn!YWPh=E8dsQg6T;q-tVKk7kWes~5& zmmbvQSghR7lqRReQf7bs8DNY&9 zhlmU&L;6WpQ;1cE+BYv<^>>zDCggj|5c<|t>Yr&cjB4eR$t*c)VML)+CM`fnp%J(6 zZ-X%5d+%;;T$~$wkM}}?l}RIq$ddE$c6y`|Zl>zi|KP87oId{?TR6Y&+rhby?E2f6e7pF^KCyoJ zy}lnmJ=#C!mH*=`tWJ&=FA)RC6_k%KL{yS8^#H&-Y3a#iT03#$C4kfd`AUwFY|hvW zi*u2mRJV>+61HRRmNh|sR&f3*?%hDP9LhR+pfD&8azzR=C4&pW1BUWA}=2c-d#Xmr#uwtIa~fWcv^*@dsVUv+)&?n-?pd1^C%Zq;bd z)6Sbx9~LpW+gXQxA{McN4NgnROW!rJfZ+D?1XTV;Ze1RveSIAYui3*NH&i4-Od!*g zhtybv;kdCwmp7cjddT8kwJe7k<8|T~dcG@LmI8$z=(iZ9lzXT9nKB#pu_iQ2T(J;` zg@P2f!JHiuu|T^0=QeDnTT|1VJx~a{su+=5}D zhiHQ!%s$Nyj8r1{N{L(d26 zP|ea=>GZTf=ER-_Y3eU0bI7uQ)2?)1t!Abf51r|3b*0XR%+C8;p#$`UBG z>Lg1SQFdCDG3eZI{joe6aP5`G$@lmii66HG$9L$=GOOsJ7jf1QXXN&AA0s=dt4`G&# zV5D7l3!e`t|8JAo?}rhMnC8v2iQ8nvD8$%}RyA8cl4mi6q1Wf`3yYCJiI{ba0zm8N zVdShLes_YhRzau|TA~Qf$lG9gue@<Gv3vpIuqYl}D{zU{3YvoLa$(xpaR zV{mt({B>Id3~{*ee-m>20*2=J{uQ{kxp6vm zKf7gITvEASoV;kHOgvqjbSfYgbm`?5&X&Q7>{irf7}(bR#uOtjytFIOD;Xw#d;r`! z`BVm=@*cm0^p`uGzNmpvxJ=%`1pYjpzpDV1Jxw`811*{?I8=p5nXkwh3`YT#G*6Q_ zHs2N=w|nWS7v|JHLQV!}rI42m!(RVYG-+!piA!7VR4~aoU7$&id*+Gr zN+XJoYEtbce~MpWwJRC3!V&L%IvZ;puyB0F1sP5U>}EXh^EUq0K{Tl>aiFfT0lDUViVMVWP-k80bztPE4j(jqiBha*{W^z*C6u*wmDY zb`B<6-0xiOxzkmbq|!3&K~|jZpuLBIeVSH|^85N>@*#e6Y~{Umcek%Zl}~{0@EO|; z-EJ2{lLi*4ke=7+e$@k@kT+e`OmJ|JhPg$;Dw;u+5z*7w*MGQn3{vgnJyT2> zEE#A~BDipB+7Gm?D59q(r`(NoYe-&yr=f&Jjxr`n#0PHoy>e63Uv>C*d_a0dZdcfX zjM>+UUH>pbNoo85NtJBUn(DIBV)E- z?ZE3`hPwI^r7E}lzg1ZO1tb#}`TS#bGW;Qq5x$)j*e2~W9m^En*_0(iMK$~U9QOSD z%xJV5yvP(Q&^l`r1i8f8ZpTVUKKj}GRad!d**i@&XI)0>JA9UImmp)K3X}C>zWFnl zYS_`yGnR`3#mo?)Dl?QL1U62fGR;bl(-4Dx{ox;{Qd37OE=S`_j%WI%Otq=7ZUxaTaRr>Q6fe@! z%;BMGsnR6oh1Js({}9%@KmIqyDj!y4tdzsv#jL>_bCf-)m|z*BiEOK%_R}Z(+v2Qc z(UmzvFWmgX-S>c=miZom;KRp0266TbhoBrF9ihLgI{y4;92d)bkSa6*v`Rf%on{wV z+x0ZR+DaDhFLXE4t!KTzbb z?xvNOXf%6y&Vmbvg*vCOPxZ{|BZJbHcco6aQ* z+%G^fpe3zx2u*Jefejk3NYq9AQJ|%b9V$hiy4nj?i^2`{ip5g=;NqZ!T=&bq6RFv4 z?v(t;xy=9I?EdQ#o+H5blhORKVTsy_ZbU^b9)jOpz>H(G*KBEKtv7jsu5{j-PA8tT zojY%tXm#t@FV7im7bP$tc3o;G9xwHgQ8=5g+kx`{D{5t z9s%0{0|5tzLnE{ogCksAJ~P3uw5;{C;&S!T@3rU2of81u>b!69)4EUHsvJ9CZUv?B zIUkND9a-m2+)lce(McSzgnriBorACq{nXOA56rX*h<2KN~_9U z75|V&8saKf{kFR)67v+(NW;`_q};#%L2;(&EE2&?K5>S{d?uemF0m@Sj_&8$bCsiW zgzaVGE`FII(bA6{_&n)G+0#F9{eVrqnxVJqy}C9 zKB@6o$YklL!$N9ePb$KTO1_oB;7nRJx`py6b7phKBMmLH=fu^>ggq{zGXZVAgCeQg zZc%!6OC=;wTcxciGEB+m+Pv%h^z=u>b*qq9d2G6j(*{aE{xcwUuZ-j%Aal;51Ya>5 zUzx5y=SJIM&Hsk`3rv6UKj*d0cqo4ENtc$SC)FsWAn+tLhh| z2haJ_=*%u+#;En4%ZaiipTZUFYVla# zCI7r2zvqVwahC@VZy;pIe!ZYYby}YYW>~qQ*vdH;_D>v(4fYT1G0du$siUo*q|FId zciHLLV+YWFv1$qZveHtg&8{~nWX%Nn7di;w^|}5$kMqge#JSbH%=&PMuC#zl1mojb zUl&Y+Cw!NQN&50*ANcwR%;hracAKO?JDY~AKv871cQ4j>rfZQfNnt$4nd^dVPEO9A z)1_Q+)dg-#Q}}S%`=Psklg|5=~^bp=g_1xzInq|${i z1}eg{7TepyCS#4Yol*tmexqTcp~0r%^fhB+V{Z`#S~~XjFO}XCy&us=zaBQ+*x1N1 z0|;rZQ72c(apGW$WREVidXg7}9**jBb+fZQhXy)3t0uX$jZw&TKckTo9{=@9oM{4O zk2KPfWbgl4CPy5DO)9*f++kUg?Oj-CYIU=;oG@Fdum4(BU&+dP(;xhQqT1!h>EPxl zyn?9P6ih0nM0+1W37arqD)yuNRur{7Tu*U-LN z0^F3?X*$bS*OLc)9#7_O&EoZWKZnLG25(x6OU6gW$MBc5OzzGmziqq!-l0ifcr@Vd&|RAHnHnP&jatvOS>6&xK?czwOe*%`jOL0II8FH5-M&|IgcUZdJEryS-mUWA0XWLjRO12}Vr zBBZNkTy2qz#=)GBYlO34-8b-_g+-;)#l`fULd&Z@BP5h-74hOA!K5J81$1+E$s=P@3N;1m_M2VtEVLuJ0# zZ%B={jJSH#jz!oBg9L2Tw*yIS8m{zt^#1&yRQObp@hBtAVvLQ?Qp5>SWp?9w%nqVi zd;@;q!1nc5nX|yk$AcH;y7v<&!lhNh`u34?$Ral~2{R zI!seR^v9j^gYy#R5?DT_aq=rqBOq%wq87I5VZJre;*1vlo`YfGiLtRagchK1MvI<{kTeBn%WaCOwKjTc% zv`&L+E;6fP5&8c@zRezY+kgXyBPv9Hka*aRe~Ia*HBNoL5aj-Mmen{Bj9z;2RXUF- zp=vFxgZ0|BC2l{+*1$R%{g3BE(~H^^fp5*&t-co?Zec`~%El1y#Snz}$^22BcAecy{&)iFN}TcOSpN9s>culz0mYXGw_bS= zh@i)1XTw`gzZ6NoqgA(U!Y$YL%$@n!-g>EPSEcd=CHJB?SOUX?kj@=)d&Ca@3wS~m zgY20Id2syY(*Xgzp6wpwSC`jr-?kpDIyEkpRoJIkS(H>Jf6))vWh*p0d3Hao9IScw zhcJRqDr>tt+UmHs%#G~t3?U(aV|u5puFtCh7)-V54GsL`l5K4D@EQ;XGYK;JrWo55%vmzYc79eC9~ zu={*naJsqr*f(ETOwz*8$=1Zl@noXLCZyh_veTu|4Vtm3!*#{@=BQa(AnhcB%J|Gj z5Za&DpT~q0CH$?up4a%PF_nHX8TJL=(hw?O2~?b^@uYb$wE6@yU;+IlmNq(1F_fcC zqh(GVZ|0US@N-ojU_5|P^ss`k@(gQ!&PYsEX8|*Cs}oAeF0-;0sVb#gP7hZ^>ZQm0 zUGS}yW&Tlnes>BBw;c5?w(%C=>U)TajZ?L3vGJwDbX91!?RXcqUcRdYfFd|;avtNi zZn#t^BDb#23{TEQ45rsY%>O8}`l_{vjq zT{afmeAA!TEL>jt?O6&vpB~{))I=z7aPZYa(^}8q>3x&F)oM_TCL|&vLM`a+1)Uzi z;#kaa>R^@RTeg;^!+@b#{_A(^#W*eX>w( zxjcKYlPLhsrku&50G6y2sq3%H`l39k!^F-SN)mLR=1m7X68iHzSLWo`1t2pi-T3vpKPF^)f1WG{N0l*=91SOB5w6fDmaSqLUieH7p{ zz~hy%Es?;6#;g3BRCJDxWT%t)~=|ajT#=d!PIgJ-e>Lh3D<-cj!7$bG#})Qppy)H@u$>iNFYWvp1QXgaL9<#Ve&E?9Rz3 zvi=-?q97xiWDG&l&aTrQAI{T?t9pC>^NefW>{zZ zV(}GXU_B|^D`zKkp*W zpry?)PLt&4Ca+AU*jO3zr4gwhO%Tr#H#S&P*_hs`gr@F95aXElN}7v{t1~~XR%#5F zKI|*urI(XvphFJu-$g5m7;miZSYINu(^Y8uOFgoGG1BCSzFB0JK6YYK=y}4}zu1Wk zru_uCXmnUhb0?EJi(S(@ct9yUYVN~;LRf~I&OmLkU)&o0VVeFbewqP6D(Fyh7LyB8 z^CO<7^L?fW;t*?w7OKk(Qo5y z(Uaz{-rwKw5duaX`jO*PvIQNGG&7x8CmjPd#2T=!bHzOd(vdkIGoigz`!Pe`C;js|1z=RCy8@0T-%}NZ@N46f~)r*7D0B#j(W- za(yyy0`kVF@U;BH9 z63@re6#MmjzX|KXG~m9g8y zD&-(RjuBaY4bcVD+RypQkEo{s&UHEEX?e*o%QM#{A&V=pMzV9rZVr3b+W~tZIopyy zYL)<>81U)GWT1eGM_Dr3X0&-o;{Dp|SUW+;%)61zMCiy4zdXx25U>@Z1zGR%6xt#d z^l>>m;7h++sh(-11Fp!5xi)6TgzN@sy)awT8tcygmhh0WiLpK`RTeeQG`QJchSv{t zBNuf;7W66->GScV8qv6I%z8{vfJ_`rMhROI{V^U7P#=m2 z7cNc`zlpAJ>~8d2D4k6aq9PYx89O}Gy|LhFxcce2ys+?Tjl;d!sK${GSqxdKt84_f zPJem7c_!&o8~wD#YISS#;2c3xvz6+|Kl756BYd+dcKBTjF>Xmkx#79oXe2+5y4qS* z_bxw7$7HRhIwk`e88ux!)v!_+IOg&bB)-XWIJ-ZuQ0$vY#(&N&*U$Hd=49KVTH@MT zTOEhLThGT1I}_0^0|&m$I+(%1mO4gpv#QV=;QR5+@iC#$Ot=4|KlR;Ho`n3!>6w$= z4{h2JaTtr8yBp@W_ZMa_u?7)9Z4`zw&a~6LPV95$>I~mb#5(xm*hGUWUKJlYJ)4Hf z@D@B#j-O~qx zpr5I$sWrwukWFu~nXJ55a2Cw%$AMb`^YsDMrc%Q&j#OZMbxNCr{txh`63S%rdb9ON zy;R&R7tm(B9aN?+-2%tT4((@OUaty*J_6WZv2QQnAb&cA{yN)_gV-UUTB?h7++pA& zvq@cY(;Ee$vdMO~iCW^7+8hwiVIe0YBji_@>cz>0fUm>9KlT?ydv(G5%PEyLeOfxL zk5k>9Tj0ai*+-b?S=SwC9lB5`NO(nlALt6qf_G6rqm`q z0+W>g9co(^?@0vjCqN<*j<%bLpT3M39Il((o}*^Hw-KZWOPq460+(V-cQ(=U_R88k zC2w;nLfi3XAAuqA?Rc8Gydk%uo|UU{BJQ91UCBUbA^V_;T|$Jgc=8P;@RJPrDF`b& z{|=?<{Q!de1VQ^Sy^Rvp!Zy7AWXx*Z@_O};f{4V7(5ZpOj~i=Rat7N^#8Mxs8}4X$ zmX_~!O^nzb{FAgCzjBI-e&OUiWX8|QF{;u=6L@=jTQepQ;ano{42gfh4}6!zMc{T6 zUYYzU9kctDsJ;XD4e}=^T0TzKq(15kk+qf>L4zc~YA5mb3JQrGvZaf*D9YE zC2Q`n=d}Q*#;6lw1G!U;-UsjD?mfVP5s5?sEcvs2OOM!sURE~zcX*qDz^jYat)_RM z2;RwEt>enRen7g=>D8`~Q$J!4$lR!Uc)0JmKeQ+MYJ1`Ql|+WEHRx>PiY@%h;~IO< zQx|6+Qu4zZ5QaxnOu!wE6Qab5o(vnz(7RrcF+W-%3^LH4XLPD;s1taP&FHXT{A=~9 zhl2I(cn=ji33zKnhlB7z54R4GU|xGH5AtHq>o@kx&cx*FF9j4Y8^KaWcC+#I^~eH& z`^RBN(+&gEwDQ}@VreHG*dl$?F8eQaV8!vi@sH}sz9VaCEcT{V<%taRZv?bMH5%tw zo-eISJm?B7A{yeAYg2O(1oE=?4QW!CI_?oJ1IhSN3iq<3dF{#nG@o!a#S zj6eCx$H0=leM)!O{5uVnl_=}&d*9C=&Wqp+@{QbE=T}aC7;8;ej7=fjjBG8Q7~nZ{ zjA4_vbstdJ*`%d(mzBw77z8=_b5`U?=;L;Dc4W@aGffg0nBTNF2d$9zILI+d!&|Vr zUQ~YX?-QEl`jz{Dj-TY z`3;sPFAN1Y1S$RJ3}I@G`GUPUr0hkI^M|NdGH~K-|%TLLde>sMYDug z?jy_s>x{g^Y!;K`g@aA6e_+_g-hTi0WzC^}G-Xx64&S%74{w#JMyiuOH6{VYUq)Se z?7p*dBO2_N+t!A23-YaM-6gF*mWPb{Xzf!1?+*fNZwg{CtpY|05o1T z110O|l9JyoEt{89)nfC$LXeX-Hb|9@37jNjbjTP$#?pC^$OjQyjK-TpRWG z4C8}rjQT08oVjdILz{sp`A>>sP`+Lb_STqeTi5O8L(dfN#o1Kb$VS%NT=0(AtqqLi zyu)sw6;1y})8suZI%A`#Xk)^Uu=kPj^p*+sBgES{=y?!#_;=uS->^=NaU;{?`Hh7f zaojI(v@^I;Y3b@&WD9TvNuQ02Rert-I(jovCf7Cbe_Pyw-q#Y-(CYt%+yZXc-60gu zI}|SaskP*h!WtokbQP(2V(y^bK}8VQ89Kc6x^Cdy1)f7CU<-IL*n05_I$d0zj#XBI zYiDB>tRu@coP(R`eQ%f2m5iZs2!75~Fy7cKkU~OVXd`!iLzBIZR~SdK&rdrsA~3o9H#~QUN3>hOfAJWEc(WKH%s9w6-Sk=-U!(G77wiEN;_yQ{9X#*=kbMnILKI7uLzWe1|0zk0Dx}x5}*Pg zAy{oH(Y$W!pdbb+lbdCndvR~zupnN!BXNo?T)j$Yet;+M$0YaVhVr$#Hc!NA7M=^X zy{^GJ!`C)d>(YHM;`GPffO)!Bp&TMDE~zz?S&eGfTxn0wGQ(W#AP}A_dyQ2QTFvD( zet+&DdmdKjagY*~eJ=FkigY7bI0adC^Tb=OxJdL}+@J@Si*s{J@~RXK3u#n)7wLmS zC>4WSBlq&^?GxRGSzg=Du;1?wHv*R#fa)NxUS zC2*;bhuN0PW&17vZLXL;KS_mF_x;oUPi-Lu8%Ita9_9NX@*0`%n)obDbX{Xktc}*M zh@Le;pQg3G2nf8dukf;Shl)eDx3^WEbd9vUKmN$Y2;(zeqMyaImtnAhULC1rTUb?I z>7A_V`*#THA!Qx$$m!0cjzk+P?oH1RKv^Q~?=x6RzJ^N~QpdOYXw7d0EmNSp34&ag z%cg&V({2PdA4_vg=3J6fHid;#AaqM=UqA7@XHmW_4ZAi)ig{nUxV5&p zJioY>lhV+n*@@XYrrDW$qIl<84al<<71r2uWih*msq!RyO2}o;$csS`d(?rP9s#zI zAj`m~t*xE_0sn7CTASD9^V=0B+ZH^}6q7IFQ%Ty4nAj<F=E4+;-`146TqK4fJ9N%X_io;&Td;(iamvY?%ol8uqZ?8Z&@_u*t52q~*>`WO)JQ_XnC*W8r?SvA>{I;kz|1dcsHJsz(# zZy@1=%;&DNgnntU6jR#w1~M0`ESY`oXq8IVRb5rpq}cVZP7g{4xpDz;w~#k%fP!fz z8L=S0u<*i@s6Xu$wH(QKIO$E7JVtw!w0pq2WQ}rU24`|pTEV|+9fTAqBd;#LH@72( z|K^cge7wB04LUkrZnUMmlCznjzrE~x7Kl;f?cy?>%~J4`LM;Ya1`Iwir#Y63%;$Yi zZ;gx>$k<}PcDnm0FfFTN>C@P~fr71V<&P6+tnT{-|HvtA#IE8{B3JC|vx42j{YFUa zVEo)>gJ?yMIV|0=_5F;3iGd9}!uS0cmsJX^;fB5_WCH6)Z995{A)61EIa+QN)Dua= zwjYDP#)$9HGF;sDX*2=$&VzO?n)D0g5K zE6dllH3oYImql3T;6StHH>rTz^)?*Du(dT+tK@(!Zb~IF9;t@Y_~2#?^bd7vo{2iM z`3p1IdPR-i;9rsFlkWE=vbjN0;vRZ41!8$YZvwG>u{lw?hr+D4ig(*g2L(&*A4)mm zL~!2>hVrPUzoakz6-`32BzObH=%}LS?ns!?ZFJs?W}+ITNsj8t`%NX{!f0EfE*n;F z@4w(}Ld=hHWmD6v&{Oh7U6KKh2uO+MjT9dpF^EYNc@@>GZfBbh^UpGhcEz3}^PYC& z0^dwvU8c7BkZ78d3GvEwW?1cy5M;{++KdgE^pH6{0ysmndwhVh1 zo@One=XuZy^mhiF8CgBnzAp=-dEm&}8?D6KPDmy6XzQ>Ocx5lPFuzg4K)Ww9lLiD& z!I<)2N78`T&po;1_7c=bKrj%hJO#a{c$1*E@ducy?r2LGajhj|OIS1=yv{Uxsk^E>zEx-G_?G1e7rbM-G1-Y60bp1_) zU%{%-o4l6;zytH%UQ&JTmx87ia$%0AzraVaK*)qG5Ft0~>2|Re@~-n5)+U1{{E-_y zSzb1kdC_A4R@HWslany?G%PL9U>mUBf>V+heIX?;= z<}JvRltb{Ei5cS;hg;-hQfF^vc*$hyJ$f`5kj4zt@Y zJYux8Ve&2e+bYPDH-QD;ET$TdbUx{G+o{K_S663rQ=yCIyRcI1r_C?!xs~R0MLZ6w zaO1;`%pfKxJuDSWWaKti8>Fcm*l6z)y9-x)+DDKr2iiqPwkzpONJ9l_np^Cs`E65M z-wEE`HMJUu$r3ndDE6!|m`srpsOwX24#Cu~!7qNntoqJ!* z`nA+kJ6po2T0;#@>*T+NN=hQj^-!1rV%H8%$XOGRN%!bY$+yzpnI%cb3D%h4PTt1o zpSE_H;jR{{ZFZ`;R-}WPa*>D$<8;0y1y37 z%b(CFt}2i)FgS_BgfB{^FJ@n5{>kS;Z^v=P+!`M$Bq zNO1xMKD9G38brG9?&=>i z23JXw673p!=JQ>x4BJItvi{nyi|qO4#6yqtr}pk2zyIQ#VC%NVT6f&#WvSCuEMAd- zZ*x=y;o{lVRE5F8(UfbiT9Jzzllk%UCIuAX3VghLCo_~0_0blyq#-v}qUJ#tLhty; z@?fDi?a@&G9XE6#?}-}ah|tr+;k&Zv!|iW0mRC!tRBusEqwX zgUagM0~sT!&6Qd!KnNMRmh^27I#hl8;;cs)Cn%(5{kLC-mB@9MMtpM$l%d??FDM9E zp9Z_W-)!@J-F$nk&GoM@>olO8h;nFjE1idP^}{8K&KWm*Zx^=VAs7Gf@j^s6;8+zp zDt4G)(0cj#6qkC!wODL?x4?Qz}?x9h~t5p>`sHQJ~l)|PlBC5zL`=#*@((wMw4RLB(W6%z?m zuvJgdzB6+G-7PsYYU-wl6_+=s5Sny)#S;EKcEbxeoXCJcrm$Kg!e~O_G-qZ(RK|wV za;Rp6)9@=OCB#pAU~4OdB^=Fam^Bgq;YFaxhf62gJ0}B%bZX}Jry}{N8 zt@lmtPuv1Lj!65+<8pLVUu-sRPDfAJ4{RPfthJLNOrS$6W>EZxTteFaG(rEw{l*-T zs+_J`w0_u*kA409aPZv1>mtSFc%<}t4h|4~OD_5KnaB5CUzhLg(i8s$%=u9|gqd=F zdY=B>fiYu}a=(-U!64d~*$pl(Zi+rP1cPmb+iH4BE!%~Wb89Uln8biW&|`*@q5Fnr z(CI)=ORa6xorTYiDz_3{T@Bt9V0~Y|)by(tFQykg%GW1t~V}1PZgma`}RZIAuOD>*l2Ia~ANRB%}&m*Oia0 z(Y6#xfY*?a?vOx{KoM8|_@32|05(;AtTUi7Ph)v^LwOvfqnyF=%|Nhy;f<9ZGQy%Dgg}nx&Th1~t zhk34LJqvJfT*FF?(lv4{fHe>`o3g;_@z!+%)BAZsDq33dAwRB==n&Fn6G3N*1?kAt-%B3rJfjVG)=p* z&q)>d41D}zPYWvwa5M8a=#X<6|GGv9dUm%gMa^-YV6;tfj zWI|k=bA=gwA;(3lK}I>4vljZri!09f+8*BC_6Y-i2Vg8uvHzHzm#5}_4?t3{FB0gU*rP<&*QW&mLs{^#=x zR=;YyMg(EOOnKz7xrpdQC|xSS)f%%e{^iDuI`bwBQHK66;v}qspAMg{4d!azk|4CK z+*pEmw0hyC&NCP||4hS*oZy{iTKkl4;xiRQ##t(FVI#nC5n)A;&1&#kz83PGQU~)u z#bta*kN0*joNOl8l=?_T`dgWnc_j{^j(m8z$2Cgj!+_c1#4B{Xr~f~ z&2&hOdAem+3|l4JdY)+j^NXdQ%)Mg*w1Gl5?_}JE&|UgJ;t<tlxgFHI%Ad#e%MS zcEr#1=^Mk8Pfzr;3*IBa5hOyBGup$heG+=Gyq-(}V}ya-&a2uV19|zy>E0j89T8Ud z#b~iQe&K29D3Xb#d>C3KHfd2}UJ*Adq*t()00>)(5FM|5>}u^Fl0~G^X8o??$|Sb&04a@f zF!AZVAhWwF0@*}>ch0AW z!cx`yUr(6DNa_>C8Vj$>`jI9WK$;{XB+d#uswsE}fsFro*^LELVQM)EYwjWZFf8g$ zrAeiYvx~p|l;rgkjW%=Iby32^Rq2Y`D6Ez;ihEj|r*7eo^s68~Tj2htY0MiNsya5R zlW>>wd{>L7L5Q8S!x1>q@7fDf5uu}n4%N8OS%zD_$H1h34}HI0g){TLJlo+f=T^IW zT74T3NPyMg+WInLJXjQav18a+)@tM1VP#D$>ax1Zh2+=p-ljizf zVp{8sI%Z4?SCR06jUHy>oyrG9ONAe7i|@T&|Ku+!k(sn#0ik`1l{z>cp4wEox)~v; z-#;mx)_;_P=?`|0*2zdnUURm537nc+TOSw7lk#5Ik2*U2S!(lWwt4w~;(R=kJ)lV- z2YO$T3w{Z3Vv{%G+eWjj1~+$>3lJ8YG@OrqrlK9o&hCIo8RRGei$|Ti@0UiCrk@p1 zRcZ_x{2ZS^Zh}HrngyuEpZ6`lnx8u|NQ4iCwATzx%hHr|e!Cr-)Ouze#unz{@x3@b zu-B=j!YO@V-g@o)O)8RGuuusSvwNlml+-Tm0CrS&RHZ&tB(U}XW948C$0$x?t*0ME zm_*QMFb&4SgYHDQVdZK&_k1ScDo&Xw=ZDxE58>hjc8>B{z76cvvJX??WC}Y{0p<)|1m=~t zNGS5uR^MK!H3Fc&BT{;LHnmo~nu0rov;kQE%;b&L2}n}tU}i6+LlK$R^hMt;__foY z`oGP7lCTL)`N9E1cARIN*V-tHD*E#U5JiKJu$gYma{4N+%dX3q@c+{*JueUrT_wuP zt_TiPlPrN7ZK!BS`O1&v*NK64hjF)pbP+?VV1#5ZT``d6bL%c1cc%Bc2vbod@echZ z|0J|CI$~j@(27TeiMPC3{A|#a^~w5jztS&6lXgKsJc`$H1mk*C?USPaVb*hpYne5l ztBvQd1GjO>o!m%mb?QmD+`D;0>*jqdG=W{7s6jK7OSxzHqy?Wk&^KXROcc)sE$kq* zLzoYOM{}-kSR`{CBHPk#o3TNSd+ghv-0b@Yx$n*u9V?(=>x@)W4@0Uaq>`JWsmkQ8 z+q8S-5FwK*E+eUr0ik|Z&SNothlzkdUOY(Ebef;tj%p6>8PwpZQPkwLJWR|}r3&i2 zGyM`!UWN}@5U7U$VfvKYlH3k-@Yl27T{z!aB#yVyO70a}?rOo;2`*7Hh5a25Q-)ac zEPoi3Dk`(zC7Xtgmdt!s`^-`3aNdK0Xmk*bclxEyyZ>j21URd!TwlF!-)gw9v1!oK z9@8XOJPWH{;e*aSy+~Sn3z32~&XU)F%QMQEK;Cvsz3$rm;E+Cu6Ww9$;iv&qzY3LV z{%FsYpAvnJQc;e6&(bm5PS*YY|43kV8u~yFC z4##z2Y|CdDCXIkS2&KE?*)ryaVx?yHQIn8_B=Dpp?TIg?@S(hXbaqxfgR9qj15}AV zz0vK|lFbnEArdBLw9!$JXU2=Abps<5&1>C~ytfu@Q|OBYH+r@9R5h!-O?E0bWDH*uLmVb037Hqy}g9Tg15UCf!{ydwSz4Vs0WujpISB^r{|2J8<>;-=w&7b9`(? ze6_;#=`Is3Um-0Z1n>V(PgE8uhRN;12v#i?5RO60u5Rd^oOp2Q+PO=!eG8uOf3dje ziXmNnKTttLs-W?sF1ex1l2_*7t5!Lq82V2djh*8RZYAt90^(-rQ;JOurv|6LBd71k z(3Pa8+S^wnu=fkJXHWm;IBJZNh)AY1;M`<<^b~NHIiesXonh=`6q7JUVbM2?u0c_q zf9>=P9T7-HInOS&!GUced>*?u5CnWs)}JZ@U?ljuI4R$GRq~DffJ%koK}Jx zE4Wi{s$Jsc?FEypfa*^}R8)co5opg1FpA$Cv8<9 zTD;|uTV2M@P;*9**Jbm8L^%Z#&L7@^R?F1JfI=-poeZ^7sA&{aU*s zt8}Ho>%ZB+K`rE$pOnHG6Gx{lx6i?F6h0Tpa-$@RuQVrEmDJQ06E9D-LJL2q`}b1H zNy#dZKYkDoS6Z~vuS^{s{hGe0n8s$*6F{W#oT8KJv*!6Y5P8%Tr*_keGNfPKx>S9m z3fAEQ=_k^|RUR7R#ZAr&F3in8)7EpwIouz#aJnu3T8RGr`mPF|rPaq9?%=}zy>qhYDC zxxEZU@=ypeOspC~Xda#3pPT2$dS&0iU=d*#IjFLF(6qpvIG6#i8~T|cy}Z1>`!c}8 z!X#fk{(cDat1tr%n;Ej(o_D2we`DHfJBmq&8=sYY7Sr>y8!IWp|Bmkp7z5zLqMeH# z8gkr{B5GW&#;L-)d$p#_pS$U1^H4p<^0|dYvauB8je;-pd{$Bx6-1|*a|pIK)FcXX z>u=lLu`CSs$=UkYxyJs?1kd>!Zdx^VBChs}j*KTaTBBJaDVGOm1$T^JL=2fJyH0)< zs3=b>#i&{$fkQ%IqB(S{V)jWU`=o-r*LNm@t^~7B`^EtX!GiSaC^8JAN+dy*(kQIU z31Z`aV6!6z;WIn;gBZ3a8I2@HQfj;%k4mNfMN-|yr2?&9UZEOfV-C28=F$TVJzI$T zpKwr+{@+2KfuOC*T@5D08(-Qp|1;FjSu$>JR|hNuwq`-@M`Y5FGGh=h-eOfJuj}%? z8UMB9-v>Ep905+Dg_$)u7|$sxCL3X?@%LJmParJqBL<*%G=i?P?{`c6HB`z)%Apc( zuS%}mML(49_j(u4bC>@|JO7`fvNQx=o|LsT0;4#aSPO$NHIJ8!gT=WC-U0pG#rkl~ z?QlbR&Ljl$7lSioo|L8LmeA~<)|6g?_ynCDbor)wKVj;Rr|g}|6o9t(4(DK4GwPtM zf;i*ani(@}OO_tdSV?1r62#l!C_ThhY(tENe9+b+NZNaGZFib!u06ylCF=&E5!7&z)G{Q7v-Hq_TXR*aue^{8 zF3@zjvvA^^RUBeCyILtEsA930SUKf!7*$9{SuKDF_6Ty-3pCSnzSy3}v;W(*i6eaX zOVaQl*F-leM}jh+cT~pEz#t%4@rd@Q%FRzj;GdY7(2-SiSFqUSjQgmsp)iAvvol3_ z(U^be5mt?1OY;QlUPHJ&>pSV#o^QX(euanII1T%w6+~Tz?)+jhFoTC@AW>GtX{7Wn zgroh0@!xSygw)U()^foA!|a1Hew&OP!BNSf&*@;Ux^^``qkfka4Tsh7x93vJOf#hm zWGW&Q*~~DKxbUFFx=c}NwXCsuOUH+@l&}g?6z%V>*6uQ+jR^`#V@|ip#IX9YYf-jI zRH5Y6cLZ=ry|kL;v76C`{Mf;?%risWU6rwh5*SUHG9WX2EFb@1KS|=d4bsuW5-Tli zkUf|x+>SA~gsfy$@)AwJqu%iNBxnO?l| z=Wb)^p%B)H=4!trOTwq!%)Q?eqmdZn3`h@i5!8~tDxWSl-vj>qmB;O?k58;(xFkoO z)YZgKrYny5m_U@LHKVF5Z%kSKKLZ;78E7%Z#h9@~e4$eghmbOTx3BD$u2`0yTQk$b zM7w)f*|=mG$yO$8$8=gcFes#26H*> z!)K&x8?rt>j_D*Y3WTJ*KPbVAV{TO-)r$9X;&&m0wNyT%xy#|C1+831bByx?4z1E5 zI{X+({T=cDD|+|bKF9nSZ5qFuG9GtwfT0M(tZ+GRSH1vug|j1CRdS1 zzbS-0T94M|H4=awMk*1ip&|!;&Jp5IFGY9 z+ITuVKz#o*+RvihT2%Cz5}#-^M3*8G!r_I;W@{&KoUAY6*z@zzbT+@Mr20EVnu~c= zF@z7@S@3tKD~&dATK7E$@6aXhyzDmI?gG~O!KA%+Pfv)9h@M^qhoI}7zlIkddWf3M zil#-HB+<+1{$$cIoS0nNDPA~aYSRldyV7odT(z% zHR8^ggW{AKk`ZR#6~56~O--`uN<95|=U2=>C_O#>S?9t{FgiEsQx>m6d|AT>d7%#X zBd1aYR+Mk*APeHRLN--(H7qIT~g-&76R!euCZf&+-!am1843a6d zI?r6iQrJVZzf<#9_TMbMFhQg|o(y8KTq)Prkj%9=d=v@X9+ZON$12Af{k-XQU+*71 zJUyF2B!AATC{0tkcvmfgzb_!se6xe|$Ud(82Shl&*Bxkv=QQmgw*ivNG++qUZk z#Dfd8)vJhUbS64Q91+mNEA~5dAqH04g9t3JWh|o5~lGd?B0cVPqzt@a5%*eM? z;I!1AmNopDsQECTJH~q%Ei3RWG_xkMwIV7q?1LRtNPrOP*f)KKr0#6hvPOW;D19l1 zQMKB+7N`6Vz`eFU9)!wEWfbngY?7qxr@8J2>lW&zl>9Gg@xG=bk=wWZ|5DCZpncm@ zeG9-oD@R-m$qmsB;|Yjigy4tfO}$hb=+%TMq7)i$a^$Vq)i*R=eA`mdklD8jL|%2IE^35;-;4J-zyT*gG+vo zqcvB}frV@O46wwmf5M!kJ|e*9ld>fCFJ2~4%f0(bwx^?B1U8JuM>ZSG%g7)_Xdopa zY6qMxIi{Fn5s?$N35kgv+0ZR|mV_>)!uAnAso%9ziI-e5p>t~roCwuP8HX6E-&ce- zX3ew;l2S;fyRVKVXdiGvlW4B>) z=I3xw5!SF~JikmRs`fi=bwpO+M$>06tbaQ;)9`Q-aO{9f@pYygI6%WKbS9d+USruP~U4$GqDr$`lf!Y{!4D5=Cq(dDz}hXLw#Li zoIcMm|IoIG>AN2>AtW==Ny$~CinG?JGuNzqfrges#A`u=iqbsoI7y+$|B?KqUjA>e zaS{gUFnC=iCESwS&+sC?Rz$?G#EZtLuBLlLo#3M~en0ZrE_@p++YYAI7|%(T|NleQ zJ4Q$Lgi*h-ZQGvMwrx#}iS1-!+fF97CdS0JZQC8*{=d5Ky7x=>THT+{IaPJ4o@ejh zHqF-REY>Tif{!kQQqq%~v;^8FYq0XhKHUxSv8lZoi|MOjaz>N36K=QSA*?vWX%-Ll zedeH}1eH?<{^t~C5BAp{KIy8_*&ewUto0+d&Q`x$HG9rw&+g8>5>!Rqsjzb3<3`y* z#Q&oVPIM620A$X+JMxFP>ZbCT z#Gh${ZKF%={^arFcRoT^#9bsYZ{x1@zu2&zC%(PDPK?tIaCmY~>v9#B9q!nEosK{D zoJB4lEtgEa+g`odHck8O`#?6o4Ki$Ig3TjnZHPw;{0$FH3UERCAO1m}|4POG$L$3) z6#joLY^{kxiw^JNg`w}e7J-@~n8YJU*i_veEtp=HUdmRNvzK+J*p|o^47~vXi=x-B zcc${aAU3wy&*ik0#-h{ikGFjoJwnJte0U&(AWJo{tgA?%IiW?SRf;bIml3{$tfp+D z#XMQ{DAW0kGO9T~idaYbiDfu7I;Bmt0$TmyR`;x!+gy<5bW->tpJvzBaW}EYdH|cP zfkz}17EVqi0Ci$+_P=e8LU!AHR_j%9H&lm4E8%t+IMhiMnh<-=^NCEWHfE*n=B#kK z%pgoKmoes($L1pbep>4L#+rquv267zV$AXO=zeV&@U8LEIK@ja!$F#}iuX1Y_*Vye zNOthHKnxG`6Ftj|K4q`P>8@x46sU8wLkdh7cZqo2dK&ncHj;sLlClI3ewC!t!CiaA z$yOAvvw2EGEe@0xVN3##4oK3wIVoa;HpjdBqlwquT1(Vw_d}7Mp1Wau=B``*R|_NN zFDdJ#b=Vi@qGw=vZ3i&z0n}_uqNU8zNJa0G-ji4O1yM`lAO#%Y?+9bgX=$BrVhM31 zLX)95n-FZvKwGl+pYqfV$;?@Lcl zhOj~96(G0r;k`)MX^jOs4ni-`HOM#tC`=7_KaRy`weq*rN+-09FPBr{et5%oAi(3z z>8T+AAu&+BO0?0x;o|(qm6VetJoH5Si%C%LUNd454;KO0%djk>+B_;$Q*`a`3E z`q%=8KOcpev-ZGX*?d8lw<)fjgzwk81NQKEA;Ir|(8Roi;&Li&CTb2)WDAo_If8ys z!$V&mz(-0CxX$hTh@oSHc2q4HgVLi*j%jQ>YpC7Iji^YuW<%1^hjBqh1o6V^g?sNo1GBqoGd@I|9|nY69z z_C6f_Y14aeN?D(GUPM;X;{I24-g#3=UQFpa-P8RBEGZ%HLP;Q_rOr|-pbwe)Q+Fe2 zWwYdHtvwV_DZUh}h(Rqf68fr$2l_M^hNU{ov>-}WF>$kt0$;lCgL zFZXC$B1dNPR{Q4i+W3e~n-1bu+vlpIFX{NRW2!Y}PaV&08}<|~%^F=SD#>%(f{jYC z^zYDA<}BFmErStc;y_)d?p`ksd@+W#%BsMr2ca4d;&@o=mQFhc(h1FIK`pcaEnRUo zzIE^ftHR?1(k3-{TSY&;z9i=%f0dWuCRh&2Z>mWr+cE%pa4K?L$Pz6Qql2RStXiwm z+P#<6G4-VK@hG*~?g2j$vj;)PuAGf7M>!Lg6s4aaY69S^Jr12cZw$jb7GK<6hl-A1~p_-;zt3)rL7$p zI$3PsETbW(Lf%8F4#LoDf8;n(DJjOQj`4codM}YhC=(LSmXO|OX5~-_%tjS3b1XB# zs=gYU03@@^(2hV^B(SQQ9R9hSMoOC(8P(_xVxlW4f)rn_-HVAqX*YHPBkyFC`>S@7 z0y8d;06Mn{M-<-$;UKD+4VW1))mCv26*_y z55S8J_$p@&Q^lOT8t--7Gg&f9;iMz}ah{cx)8T!URS63pQC7(zwZW#YMX&wY!b?d6 z>S2YlbIL|bLI0v&`Gb3>jefuE8s%_MV1I7uQy6(1Bp1YMb`%!2#`bVzHKt~;YOuVs z0IJK~x@D5(-$#f6$igdo0*X~aCWN;pHU+jxD|_LBrpoReIdNXT`hTZa;7$hh2Q$ysSR&O73b#qQYr*w%70VKe{(}*uUM|3mSa3 z()hjIQDRo$n2%+4T zkNMpAz1){fJR(Kmwv4z9uce=5&M+CcXVA|~s>fA#smO(>&xJH8vP0;?p_JJwD#>DZ zpPH^WrpzLCbUOYD6CG}_Y}6^`f7#q$WbZW5Xv2gEIW3uC+UgV%)f3KsZ~$5e7e&KM zx%0|)imrfTP=jIrsIZaO>Q6&Dvyn=4PTYv{hN17>FL!?8rO-GGeo+3BFcndt@~ZK7 z0UX_w(&*y*%k@@=*F*zn6tSJop1LcAIiX-`KxSi&ByT+CV7m*mO0skM0?|rT5Sl7! zqJ+4FmwDnNH)J>-!y%eGAj>9BEatoTKrv1I=%-(gnL;;2M|}zA0~2x;cOC ze6m%$Vw!*?WvuwAX-sq zsoMPdUKTXp!0Y`YJu=RodNJ+ThsNk9TQyK2cq*t{9lAt@vx;^?%NWv!+7Q%36tVQR z?Uv#5W+vihGQweXD!>pynIVbHMhaWrebH|n@&n>+tt@+yOL zb)g&OtPP@u4k7Pf97{Tjc?+E5ESUZz75&%(t65;nF~;_9k#<~W(OTF_>KLPDGhKEO zM&@2>%+&afcsRs?*mi5r)5gh+k#NR85$k(4VO9&Fm(9o~%bA|9H(LT_GS>6~!GN>* z)Of+SjBq(+AtW83yGw%80ia=NPzga5u>6U<{VlwZ`Jfh*wUGuq7rk1(eVho5q?buy z(DzpUGfo8nw+i9ygt#+80g~w2J$uS~vM%^f2%T-efIefhq+Y*wB(w8=QBVFQ8_<7U zZar`3^nx99C*j2YgJl?hZA10k2Kbe#9$IfU0mrR9ZWqhBrXz7Qpo<(kEgB)aEnh{3 z0e+y1fk%Qdcku8quaEm>1hsj*UaY2gu9WsHs{yzFq=+I+hhB%z8?1|_EL3tBZT-zlSk-k&Txv5H~ zRw`2G$IhtB%gWD}GhV=dLt@z7YZ@`U_rP~|4UwiacvB%y=V2gCmqSdd{ETRIX3davKy}MVA*hgK- zJ@40@Flx*nCr(6$?;!Hn?HIXvx#XPCZ=h5rUTTQ-*#~ND5%|0aiJJk(lMmba-KIt> z6K)U3h>x4yKH)gRi9N6Lav%$MMHeNz`0KMD{qW2L+@1+t!Lml(VBF(n=a#JwTX{Id z`I&i10lvR5>QKgV>B4fnzPz?=?5MXp+#b4Lw((^~4J7WWkF$=KGfeOir0VlQm}Up? zoPn|1=`*<#o;r#_BJ$i4J~!Pr<^5Z1meXB;WxcGMTn^=Oyl|nn+kwP)a$~CPu>)#F z_ov6ddvd9$w0X7+4}6^GEgYA$4+d+*p29Ta?@8N9jYjIpQDn#)^vJ7O+IV5%(1u;d z??IyDXcBQukNs=dG!}|xnTbMQuf9?GZYG26R1e%&r=Kr7Wv`&;-H-FpuIk(>>t}<5 zuS-=cLa)2vO#qF3;!Jtv(R|=1{Z+HO+ge| z;+x&MSVbe^!=n z{Zl?`i;$^BV09vtw|5!^;etlzfrrED^o3jC*Cn!ChbGGk&4XL@r zi=;b}Z|WZX#`3wqnbw5^-+#h-JA^J!DK&+yAPzw>+(33@QEACsDY{$F{Q9R z2b377n0=Nk;7cx1!s1l|wOr7@Fe680`mL4}VN8C`{!SV;aI}0T1*w!4yp71^H4=Tq zuEs2oR=u{9AZ~l#&Dk3F76Y;RI7&hDO2$!x$`NJ2Y%DImYo`lW7!=E%skngg=!Lrt z#M?P@@;v53Q1@-y=O+LAmESTG;kn#dtJ~%dgX*B(A0wrLiCg-YRzyD910CT&%iB7~ zRa>D13Y7c-pcY0<5O4V{+8c0miydlwg(xVmXwd2JXYYP} zd!;z^@=R3pN2#aZm5z?L% z+(g5uk6_TWrQg|$z7LEAEQZhT?eU_n7b$LbVL-*ox8AVD6UWc-BJKE;SwYx)Rv8v1 z0a{X|Q<%lb7d7y}Yq1h4G0Wxa!z*#K-TxfV3f7!XEC3OiIP5tvB*6#}k%+!55~hWI9*GWFEih}(6m=QQP$8;V=!lyazOo93QejB4GrZCzeJh-1)0253sj?=Rh%`< zsjNa*$CRC8fVmLxAwhcEoX(L)_)JU*}c$%h^WUoZhy zQ--wu8nV6T8ollGf$;eI$!bCkP4Un1MAG7(jL^(6=Qep_UhJ>~)oUqz3Nf$Ur59 zCY5fyEex%a@6F3XA8%iAyM?Z8H9SH%+h9Nek=bSc+$WDluY@Uw@Bd32J0uO#` z-a5~ACSRl-!?o5{N_7584>YRe6?7uc^SVv;#_RP9rcn*xr@r4}wW4ufV1rya!~s&3 zrWjY^#NK>IXQ2VhcZZ(;gEO?qXvjI~R-1O@&CGgij@5B#=pUYiI`XwR(2i0XRRj4k zL|1s-RCYR`V-@|Sf zVG4o{){rIDv;;54nx9iI>7i3sBGePe`~?l0#;dl0dNjVw*j~Tk$lCb#k1jR z$!ZKQeFggr*UBD~=Zz0W>fou`Jn=W!T7rs$iC3UzL9WR>B%B1S_ubI{b zV9^N%WzC9%mGwtenzVmM>h&_K8I#>Pvke*e51vs7KA7IZRtL7x;8vUCvxPFxj(MiY zU(fy)Qu@EX+YhBW!XT)=JGb^O#!;6NaH)JrZ{ZFO0^w1Ry{8zcAV*mCRvSz$ft8@U zp{Bkb`=R92&_Y%b9#q%`5+tq|6=hVSLHHwdQQDWAo%h!Rrc>yx!YD9Smu=p`bd5+5u(0Byt7qpm z&5N|`IY~Z3V^s&TzHI@#J}r6Wkg-jw;lag4w=C1Qf-aes03BmAd+qhKJnh~aOQW^r z&YyFB1AhOULu(o?U6o&}Qn-r{k0|aKnaJwqGz*btxac29I!yaDpWpFhVzCsTr+9XL zey-jv7?0NsF8!Tm+pj*#tkH?g-}o_8OBE6cr@D`sMKcsmKrK0+nfdo13J{IJsfYzc zBdlV2jV`F*kQGfUw>nd^KXKS%EP^MD%|`3$S|yeGvoZT2ld;ie`puS~On1w}#*hmT zUQN5sArJ}{V&;Dzf^mfLBKVK1_-TrhYMz<4A2nl+qs3HPYKRaQcbL;H*){ zT}Q(WYb1%u3Urk_b~Q`1-l!DOd5nWefky_{urX9xc3bPyl8c(ilz@X{1!~{>F|HZa z4ne>n*=zOvSWAR2HVUC~7g%)O09ZhX<(KlPH`-uk14n&VF+qq6hcc zEe^*!=#_^DA3P$vO;(fOc(C3z>q-$awjX!2cv|fLYz-XlwO7agH-UldATneHGGr{d zE)>;-#FN`hBS8v%u z_t=@5%QihEc)&aVs~T5Acd!d!CD$Y_-?l;es<9i36G^RHSG)e*qUn(G5sBY9NoRTT#EYfHu!!a3XH}N6Jck6a}Hw2e^;l})R z8-w?ghO4bzhR6{k*$Frh+MH|Gfi}Z{O5M@Ol@0k z*$L}2XH-gkzyN(H)h>I_%hM{u@4G#jI%EFm`*t9ne?R&}R+HqnzQ(_HY9;kw51)!y z9v(sXjZ<>`9`?NGh$5puF{LtC>H>#$Q|r2)&*|%O_`Dw@s4UkVG4;{zRQXGIe+F~b z151uDY?RMlgU zz~IrJ6b6Tz7?Jdls~woFV`f1o_0fC6^udIpxV%fylFLgHQ?=7kEC{EuUaF3bLYYXP zMxB!QG}_BFOO!FrcSkPwxLaQ>bzCTQnYSMcuaN)CUryuxbD{lqkET8dtWXUOayyod zVE*PvR#V&0i@n-D+~!u>*AW%%6Bc+xieZegbu^}R+`ug?^8abiRL}sCo{Mc0XM&G0OMt3#7-g|Xv1ejZMsPQ%zKhhjGQuVx!t2m(dp?5Z4a?a)XCv{lGo=eK42%vIP-7#@EzJXkHD0LwYF+) znRclQcxq0x-Hp}7)dl3}f}~cP@bIrGWXGSPhG5@61|C*OLD*O&UpVt!=M0Y($|v<&@@Vz~@0384kd_B1hYis%vsrSk!61*BYT-_^q^tD~7W zl}B%}_=o{2n-OFj@6q$BC>lrbAQeD#nV{P_&#px2+a{Ki@4}XEwX+g@Tc%DTZ%z%D z=MVXTg*2`I?pcWobcqx)pT zCW_Y{PMGEvG}#L(v~-w7H>|xygCS@Ub1jM@xj{}7*-J}ft!t_D>ApS7WjF5$ zF_MK)GUibJ@RJQ6L-KM9yMr zCzU;I&Z%4(`Rq~9hugb`*{-T)53C)O4Zm}!|r3K*u|E*-tWoGg`CR%nDGN9it@3{ zI80uf0u`+k_b6OXE8cE&=<=MG!i-3ok*4-WNtXvDtL`gnNgntaXM$O1Zq4Bc7_lmFPZnXq!cE^Ug!LL-VR; z;(Gmbs6j=dEn-Tix9I4W(>czraK_m3f6L17iS0Mr&Zt8(znFWa4)EgbX%H}QuR=v! zJHm%~S?Vo~q!iBW`+juSP{kA(l>kInhJt<+fCNOlz77plWa>z<=00D_M{g!1Y{BtD zTcy%n#V#nd>o#f}zj*$0xAPCUbz}Mnh&u5w(RgcpbZ`p{XyXr=9Slqv70=@q_N6RCo)P`iOETs<}%O117fVVCtd5F zg*UfsM!^;m=EDUw`D+AIBsTJcj#!_RtyoAgb(row2|6XvB7y?$^XnqQx^Ti|{cj}q zloG=|amU|*E^}7@w7Yt9=o2aQ`ohwf)_2#g63&K>HEh}3)#Z(?v${QeT5H32uZAb( zEk9-1;j4DlEjC$X<(nUJJ3S-p1Q>BY^VaYw;;eH3Yn-_2IC*T&aS{pf@@*QN{~qvq%@9f(Hg&a8H|3?2Ns8&V+U4dU zI{y{bn}6mIVk5Rn4PaJ=(+GH8v*eX{*~85Hr7W78)1}hjRjP2q3D?)59rRWel7jP5 z{$~jL%G41iVBjhND@*xk94L&UH696%Cm35*0JmA*6#%1Eo+6-yJw)W<<>Ym~>kpks z|4%F|4Ka7Rmr4)Hq0SX;B(ehzI;iRVC6o<{_7C7gm73$06HAfVPNw#Ou@Rs!~epE0&Ow%Vy%;lNTnk7Y2Yzc|u(rwb{?wdvo}a z_f|i7Q+SBsCD*_EN&laD^0Id*q267vQc2drXa_yrG&hq;!Aik(E{dB*wKoa|L!A^0 z+DVh*dLEPksP@QorPT>2$T*@5PPx2OF?%@n0*QM7`Vbwu?x41wfZetiDak&|+`YnU z-irC9CD`jsB-+p!^>H4;?7#fe;2*2pxgk)BKcOzfDYh`dG-82ZlSRgnnLZ$t7emxj zGeV<-9i{@oTLLm}Kf-n~cjLCYb+c%%fCtj+mG=rNO(GAkw7 z#QQ1S@N%;S9Tlrp)S_YSs-i)g54{#*nal6Zp5p`oDpQ5JMq}K#9{ki7adtW<$>YIG z$kk8Q(}r;?FHie^B~#u2$#wrvF-rhTL1Bi6?Un*?OPmK0%%JMm&=_%e+VWK&@e}w}c$aW?_SjxO}b#_1eT|O5?+~A^9~z^=8W_A9BnLfy%uVl_+y3sid6h-B+rOUCz(RJSW6;!>Z<(V|haCKO@|;P%0qm%848bn*fkw6{PC24@@;WLU zdN%Xc0uQrfj>1yTKcpDN3nKoMqdAgT(D`wyb-RC6<8Un5=JMDQ+uYr{crq58|MB#3 zvc*Zv6#iGxz`9iAug_)|Pmu6Wc~`9q$IjDrlo zG#;!KY4N4<{tgW!AGu^OK;EiPOOlek`FUDdnV4*nCw}!!*$iXUtw_RJJ6!Bq>GV0? zgS%}Cc@~g&O+nq`lk|b3{lG;70Y{Vz%8`!H!;sX7+%1|hh73!2a!3px*3&-(qF}6D zV?bMDkPXAPQo{M+he2bfEXCM4L|9r?rOWNUCcAEPn`!eg3VwH(+utFA%7zANN1>Zz z{%(=w#*E;ln;kKcgx=g(hwC>(PJ1h1_6yp6U$e|PHtKN(z%f1o&!Oex81-6)I{dz# z8Isi6+_OPILfj7#FCccB&-XPVSOdcWVpdm5N=k+=y}lU&kc_o1(criq^+qR_W1E%n zr!FooPDxR*?dV_U%eCxY>{1137NI?N(pKf=XWn>LPy8ZpqAnF#$}6%a zkCCZJWV$7YheL|KjYSi~fqkfhYkQCl`L5ZCB-)(w~qP zf`a$EDqaCTA@o}MeR$KZc}4jtWmrDmb*OjmI3z^(N6yehbH+PcH9S+-OOWuD)%Egj zPD`1!2ypA+cz|6o0;QkJvbOM=+2{r#-xNKVL*1VyfrDj+2TF?1kgz0QPAYgH*oP*_ zC&pG(T5_7C_7Iur5;kD9X5CkY?YH45pQuG`b9ZtlxEsU#L)q%J9r!2m>l=?00_0OQ@z@C=`|D(V+uU*spEsGrvbYmsTEaL@Kdg zftoy_o4KibVjF#QmwG1zrOw)>Eke!#DJnUn#F7iG;z4Q+5#2d=+31=jcYv|dZIIh` zO2Q9}!Q>&qusC*K8d*~>XEN@BlJUduNUv=VEx&FI=+(JBaGdtF_kXkonSIH7{K6pZ zl0*HYMYDLYFZ?Bj_`Lh$A&hMv*eUKQi8&&K|9nL#t*lWRyatlBM_ftD&LvgRIbX1c z4)a0M8A&qmeg`TE0tUkmPzwllp)_1Tv;8zBuK1eViulz3)s*7}5>4j`MC0%N)v7Zb znieVF{wFden_J%xuAhu#51*R@f+7sHV4VEN$WU2jtBmwjp5X`jhJ?vX^E{kJa8n25 zQ9i#*oRNx{W|skY0*#dRfn7%4kR z5*zdM08mtYMeREbZ#e@d@bdT!us@5%ze;B|0Q(i%J9=d#g;8`+d|^AZ>~j2pCkRr_ z%Mv(oij7MoI7wdZ@t0Ifhe`m+7_ci%RV4Op@I*{CpWBYX`L2`CfAYJ>vQ#hLjfp1p*)( z72FIx7Ws{mib`$1k(OKO=1&W*Sk}dRfzV8@53X#g|8H67Rx51%5Y-dljhhJV9Z=sg zFmP#d+09EBl!1dRqSg*A1*VbojM#r7ErWi)gD_;wOP-%mG4H&xf_Kl@#5@p~1Y_s_5HlNASQVR`|+c zVO%tSHyPPLSSToA7Kg1K#KV!9QyVugc!b!n2W+>OYq1ZBtu78;PAclbz-#aney@9o z8~wf>U`q;Ic#!d0tEJVj?C4pMaoU;9Km#aIwp0oI2HLtm9~YE<63pZYWPAUVct}KF zGtO=F10GCBk~}ZUG#_0<94M^7dvrz6rGG1is6Sun62I$1GS}Zj=-*;&28*UZr8pjr zf`x%#K~R{urjXoXmGY)8UmRh$p8-+V+5C}UxK&zvS68sPXMKd#w!T4HX_u@O)4j3Z zPcWINDN1z01kG8@szPJXqYS7WLe9i`%Zvm1X}=NUU$M2jvlQ~Jk?xN989-GnQzT7% z-rpAIm8p3Qz|l!l2(Lh0D#G-=IZ9Be(K%K9(8~s@=5~a9UtxX{;S)mo33}a|DU~_s zx`ido%mAQRs-aWluS?_N6!jWjnb~F0RkWTg$@Avb4v13z0f{i>Kq5?d*kZLfTmaDL z|EG|1I_2(9Oe;sB=jrQgMmkYWKqc#vxD(sg>@2CU(gJ-Oom(81h*lZ)T}~Ezk(etZ z(Eq~>bjeErcsvu37DRAMz*KUsx4O#&rdyRUQ;PehvZZ{2FiXZ}Luusn-|3AqU2&rb zG~jsMO~~|zHww@|^+L6IE^pp?9h#vS%e$WTu5~SZ6`2a073au3YCa+meC*QKwIbiy~fj zu#&o~-HPE-MYoE-b02DSXv5tsC#{P5NNugXtZuD&ag{TBP*p&Ih6pS>*&{_F&?ZbM z1H2uQRsAjOLh4^ysE><>b*=P^iZ|RV-_fKBLBxoZdHMq71dImhl1TkV0O$3&sa@HUB>lTnw{i2>Jx z%tpQsQr_eqhjxOA@A4m$j#qc+Z`{IFAVY%9DG4JD`1NGg7mu6M6qvK;)3YphOOssGtJ(~itf`U-|e z^@h(PkJPGm?#jxDXPvxYg_W_|3F|1-jQn-FOy0k|PSRu{Z~sm=IgH9iyQ)gLt31}+ z)ah8%XIKFnk+6tbrd*e*)N-=N;zNVGqP+W|kU%`0({_%&C^pcWK*t%(_wz|>!vcQY zRD#u;-cn87W3K3U-F{4sRoz=MaIfDrWb$=;4g1;&GvfXsXGT4vrzdevH`@YcE)Tgm zIY|#=$s>OQjwC=WA#Jjp|FR2RKq@({D}zZvFx3-{%wz;*4{de6fEWg9w9pO~?j<&{ zvFW4epLcGwIt=J9swSGSfxj$BAmZ&2^Rn{tkJGybt63!UoXs}j5$&}}N-j>HJ?sTT zxBWiuYHPdQ{qhsUTC~O-t4J#i-@|^#9f^tH?QMzP0N6n0 zubZ*3xXirm$|^?tEbS|^Ih?XgZ);L z0)@Ks(Bve-U9j}S1at4#^F>|SMa1-UVhW11CyjGI5+fN1y1n1N42q2t2JsY`U;>%C zh`$OFXmAb>4+r2}@a}=*_ZH<)MMTc97DoUORgL@eUIts7d%BJSJ$)HVXZGkvqKT4x zZav-<8M`{|;1+d!K1nu?n70&L;d;&K-|F0un~I*ECZIT-{024tv&hEA%h_{q9d~fe`R~75*au$r>;DIHT)jYlQE1IPKbtPkJ(ocHtUi31mV>qj&MN>Bv}WV0lcz2)|c%Mv5w z+|4V7R6K;5or|yRtHZ{q=7z10p7Ady-Mclg6iwA3U;rdm8D>7Cur;NIukQc(WBw#k zDHDrgY4H3r!TRmBGA=$YCLT%eX#00ro;wN%9HtC`?slb_ViUk|qNeg)DhygGEIf*E zZ*@;11PMyIbF_i{>i|t&hM(Z-;DFPmu4TZisUtU%UHdp5CUR}6ept{#v5&pq(AF#d z!_YAMnsMWtb&_lgH|S~4Uh9o@XUu+yBLF+{dFOLjs*UU-e}W+0iO#S?z3&dKb*Y-i zhhmjZaoj;n<>Gz&&((vBo9>pSu&onjP?WGl0huytIgC049T+h-D4Cn|QiHL49}e`@ znJ|qi`?vJ6$+mlS{SEssVi?qHIL5+15OAL(0UthvVmkYTqb@8ZY*j8B^xGv7H+*hU zJh`StnjuF%=9zZ5_CSjwR^`KnLod_NfZBy;oB#V2muzw-U$JuD2Z$_Y-VxatBM0Jn zvOXPSrlAjEn;0#_H9dV7i_RcwAOch65VKlQ88>tUn9tF;xug@_0} z4>rUz-=q!qj}-C^oR+{XenM@u*eYFUTz36-X9>lO^qf!%{3d6=T}rRdHx3cIA+v6u zm9M6g$Htu5g^4UD!2J<$M>blKlf%C8N>yDmR_EJ;ckcX=|NRgEl!KM+!xomYK;eXs>N}9P){LXvv8`$Ug=OWkXNC$x^y$Y%`?DoFfH%FKXIw*iD71jBy`5%J;I5zsiNoRdQg{m_K zJlD0Jp0c@s>k=s#pkQPD>yCUnM+sm%J((jA@I@dp^pe{=mY)hCeGEts0IUGrY<3pM z1V4A5Y)$sa{j03HpO4aklllR}C%(wNG*4WXNHfm+h@mG>v?|H6|C@vSudbhXlGDm> z8lsZkua4a`Se2G{)yp47daAdW&Rbes-`6)^ z(O9S&)mMApZ=Wv#Etx^+soo)G_=GE|hH#&iDAt&Xt@c}CeZat`8s+^Q8|&B>)kEQ# zBn=BoONY(2ua|&t=+?#$iTQ$iVgV#rVpNK9;8VVgk#W%i=kT?$Ny2XkFrKrKO5U4Q zwEC@ax{i9~W&p&WyZ>(%fEW3}3>bGTPGA2t_(2h zc!`Z4YlF0$z7IYzj}>CzNP;F6Z$~+A`%eTh`fwQ}&vbYczprz3R|{1-%c7j4xchCC z`9GJpcPPCBZQ=|B?=#Ke4bL0oC1mIJa#Xe!;_eOs^b?YHw4Md8AG{d0Q1lZnj!Vg=5P2h!FxjNSF8I@|c9$dN%+5KhqyGXh1kn ztT5PvB%b|A1)7JCD3KPEjeM`j!#m4qeGVM@;H_9{uX$W>YHFIZlT`8n+TAwK z+ujK!CP9wb(3^h)M={Ox!1UK)%<1KFf5F%5!p!9(Kh=?wRs&Jl0*&$_O`)M&gAK-f zq{}(b;{Z&@J!}-?U6J>1kiRtf&1&sZXJ%d|BGOXqMt#QaK*}ARTs1k9*R5>&BZ!%a zsUa80M%2Q*XSrqrT%aFX8&exD9v%X8Pz$M2D<&X%F-+6yKvuNkYOL}yGw)I=caKp3 z^CAM#LKhRhFFG0r+LH=F=)qJj>dFp(H9`u53crHR&a7)=jj=~C5LxybNrc`K&l8A4 zJCKurjN*io)*bsZ4#X2j<<%q?D5E9dz_?{v^2M{Bxs(jtWM*iHsA1!0ctUE`ngN5( zt5hbu$0%aT=^IijU}+*LHa!?1FYbN+yjdDL5sOjf+i{jmi0$U-k9L--U$DX!I1^^< z{nF*HYbc4P#5(L2%8~8ua#xt~o}E`ZDgcG~5VSL)4?r2XGId?#kI~bYVK*}Puoq~Y zKPOAiVkTo?LZrs5tpyJzD>MY`!^i6C>+VZb##YVbPeg)5j;jK(LOyl}Rn9^M(#BEvF;3`Fqd^n_v`N52A50EJJBH;9dhD9wnJ}wCcJ-Cg7Uf|0*OyTh*$1?KY|K1vXPgO z3o^RXr!I-)K4}3H0~6W~{vv0%O5Up`mOp=I|RY+_`HD9`Sz z5yB-heFd7_bL5;pAh{1>e2++XEdEuPc0RLfc<}O#r!CDM!(-1%movHZw1&iJPHol8 zg6qWkwzU7(1S8-C8^l5PWq=Sx%6bMu6S8m)e7y7pn2|Ah;^J6Fi@7ZNv85ztwb7H@ ztyg_*7)-MWi1!BIhQTQhNZ?l3--^M7UfoEC<`$PCI^{7Kk9$HR_>ilr_EHdqi)gG9GJpR*mNbMrGZU=TB#&f|ghl+PC-n9D)Q zTJ5DsSUOj9ExFo;Z$N&4c#>mY%n^y->n&)nOkdh^RSGg_KKNHf<5s|}uo;7Y6`hG} zz^}R&DW%mfowd|H9ju?a)GdS2K#*ycr@B6b*)bnY*_LtWwrZ!;5)f|sq^eTZQQQ4D zx9#Rc_i+eYOZ)Bzav6kux{8FQCQVWPy)+Gtj63ZHFwJ512I4CRA1)f`VR6(wlJPnk z$L>J*%8KMM-vx~CxLO=D)IlZ&dQ~5j<7f4M3kQv&{7OCeeXY3J?;}=1t&~frLH__O z1f4py=cq_1h<^YBB`uMNX7VNSc@szEh6U7#G>qCD=boFZ{J^OgQjS^ls+bJ_MOTRw zg46yho}2sX`+0oxy+_Qh7KBFzd!wMBs30%dUCIYNymub_>#2Ibb=CdSb^Dy|efD1KxBNyJRudv2 zXR5J3tI4D@_PHz|=R+tOXE;0rhvvioQ-@+RfbYh;5Jw^s2H6XfT$@nmC*by-%*7R7 zLwDLA%rcNqCJda zc|0d7<@X5G#pi?#(dy81!8nN-YS-Lq?X^fMLj`4)-yYMeIZ{SR`$`qS3t-SmV<%#A zX$5qVEDiDd%T$E-d3Y;`HJX1=h9t!0D)kvCwH2XVBE}@5ijF2;uG^EI;O3^pWSH@b zPn(Al(<4XrS9f)Z;d|iN>Ae+}gy`mb2AcBzT{}Qot9!3k?kOBZ2`~C#mVj?X+=s^K z{7jNt8kq10#uvoRGI;#W8>Ua>%DIE_sq?A- z3ru;7nl^B%FkWuku1bEF$}?dU`{QDM=FvWe21 zr;@ud-!MzS12KgR7x;)dopV}cv7(0)?kk#U-;W6+OxJT@f>U!84&foH=GHl>h%1xV z+Y%ksZ9`{?s@;7Z&S-si-S?2`bA&-+7anj!=+nHSAxPa`PWMAYZ))x4FtBWw0WfqF zTb>bF-?nehS_23Alpdd|DY8w)EG&9erY5F3Js*@!f7&RIZxO>lMDG+myky*7?#J!J zn>^^x?$mDXdv#Swm%qUtTZh%J4q{Kka~KV`AF$akzFW0W@+RU@@*&nC2XOK>xDiaA zJzCCVZCJ(xq< zdCvgrkAQM3eK z9ok0avdp{n>E;u4@&3Vrfj7_^XJ=~Y=M>>2&4PmMcEhMAEh9>>0(9KF?VicX(h~`p zA~Q_6Si183@^Oh8C1x*6tP6pH`>O?IuofP}R5s5M1=Y8Aq(112jA|MzK8sEtFaDC=Z6j%BFY($EMBrc>n z)Vu$Vpx3&>3nEBg?h^~p`h+8s&Jsv>%`>G%X+-i*EI+jWT4U=y;9U@Pl_#T2x(k?y zZ&4rDZXs4)4ab;jjXy=jTJ`-?poF4o%dc&S`xCjt*F;>I0TvU@ed)j@U=@{aw|lvN zKTsl>Jqmx2-q)}`Ft0(t>9l{Owccj_FD5f6W?HBvZz;+i3Tk8GLf6emY5h0<;v$(b zn@OY{kbbNq6FSpUpV@7l z-0r4MY|IqQUoDxueVDuEc*(!y-U=QBmwh$4<#>5d?+Lb7qp^k$v9L%e;kjI^Q!QQZ;grj2noN9xAAK9_;vPsmbA3bWor~2 zNggUvIAB}4OhhTB|A!nSqONonw_I3SC%weDY}$Jk;dC6&zT?Sn;aDqijvo$$B!%nC zu)k9Yjv}IoSPY{bg&$Duiq^(erHfQ0QbHtgMLAB`LJ^1pnh*m_1+7C(3T!3DLWl#U zjm$Bsb>x%6u%Sg+gXgX968Xkc(R#0UJj%d(-JUMnzbNCex!Bmg6Cx)Fo)Mq6yYO}R zaCi#wBkrna+H4Kt$`!~PYsN=#sZl>xD>y>BsirL4_FAjiUQ|c2;Qy zeOkoNj!L`VwO~%S8RTzJ0k@R_k7K_-)|giH4tW*?FAkFqFkMR}&!kFtKcU!f*P)hyPialNEbHpb0-M`DC;YR~>h({hBP{XYp?#?zXY{cjYa;2{$j zj0{YwpHvLZ8HNTe-<+H*yFlL-w)fKcFP~7>nuJq3Cf-oJy(AydYk6gzI5!? zW5zp+4-`iZ9^Qpb8B4BGpk=fEN}qayz#Bz|C_Vm@n>HB5l$&l{b@>5|m>%^VX?*5N zbJtzrfmV?Fr9pi|?%2yOjb^s`vu5A8bYSMOe*~pYv%@v?B2~EKPrA4+hDnVHz(m|- zSaLxnjbFBi!~`Dc@qSi-82F>f;$<uDgL~Ew8uStRd~cepDr+M8w&G| zeh9Mhb-p14VZhtEUWtPR#;dTKpR2W?wl8S=*f zuU@UuX?x)H_Z_XQ;~y~84FjL`#c`}>LvE$$SxOOBm4R-PS_bvbY;vp9@Gg8Ne* z_Eis+`q!l+VjGT+5hGbCn!39wkpQ8b{{Aq8bs{N#*WX!H+S@t| zZPo??-3*V#-EdmMvf?8&A;J{O3b%aa(caUoo12qTvi-X>pYsAom5RFg0I7f)rS(>^DK>04L$ zSlgA_*r^c+_7TMk_O0ZBGSO1q!63iXOG{>APg!NHGtz{ZE+kox#IqRww2kqyf4!d{ zQJ@bCGVSZ`<_@q@K2M!~-r^y=7;`Ooyogf&bOsg)VKTsl#eWd|Z$VM5Gg(Fx4T#Qo|8y#;Wj;)Z4U;gG&>Z=aczR zD9icWu>rnL%VQw-_p!vuooM;!WM&VOb+iwnQVXFhex2pil^~8tK$RS*oKk!?+Q)Gk z;@@+|`u%W!I7QEiZRSoN#eB>NMkHdHqhp!Pdl8g~Kw&7on$4SbBMcpEavL%`o^jutQ>nh$}oC*6?3V zA*@0V@A1MpRNQY8TeT3uh)^4Y@KdZ($-(w3 zlM1Ljr-sTuy@RP)oVyXx{>B|>x|?h739C#XC#};!8z&dge2$7y-B)=0(WfwF?h(M< zkm|(jCLm1zGY*^C)F5F<$8-^0Mv4R$K}|%2L|G_y-&R9vQ~`;V7!WnWPJ$qgoHcx$ zF-tjR90&Y3QNB90CgA-bEUV$6(4;C*5J-&po+{|48QLnbPjE@Sz#Yx@DA}!8*&CnbX z30q&$e=oi)md5CwEuZo(RVMnH7M4E0IAW5S{Xo^0GY5J@CWF#7>oS6@2iFH`DaAci z>!#Y`=w9RDGyc*N&LSBR(0+|H?lJ8*t zNftM^VZ(5ZZ5m1|`R5g>KFQC#Q)y$14XrQHQFt!~6T%>cO3Y)NLST3EzpCby9_>Zouf1HgT&jkt zs$bQQeK=F0%jWS4ld;V5_}b**8UxE#vFjIOLBW8}q1rJnZ;2%!fy`vSBqvozoWMog zw6roKc;}Yv0mp+MT(z^9#I|8VWDEFdF`&L=n-j>7nkq-;I{&26bp z;w7sx6N3v7gt#mu;jLp>C}g(N4(Bi9oovtIPjSpd9IkL(%u?>L6r>C}Nh23LAOS!P z?J8x||L}82H1XXoxs^;bDdR>V(#rfA0VNm=;QVr6ekK6KP!#Jx54C0RnAM=fp3906nD1^|+WQO5J5SjoHOUH0LC zaewh@>F`Pg2k-RR)^QNhYbLc_5|gV4yL{-hYdCxen3fZU5Qu~oVsi_$FNPK&G0k)2 zTc5rG0e+U4yI#9dMZYa6fIa-AxpBsJWQj;_MS)dKx5k44wv9HYvyu4X4ImSSqeQMi z=n!GE7HIWh8oE@G4$F13Cq)yl5~uJ_5}gHDZ*@(CGn1Yv*xhNMvd=9`b25e`sJ zO2*!K4XhAJu;V1gXG7=AHtDPyjf`4;cl1~}c@xL88y3S04V|7r zxsQ5)mzB7(f*{S(@_;W=jk$hf2iipL&OmdWUlK-nlrZNKb3eM<5 z-7nsz^NoF9-M_B6@xS9B%|GEY(6UDnF4)TdyY_$ZkOLGS(3I@yd2kc+qp6KT&1C4~ zXgj3l^O&BWWau`v)C{xDL93u3ev0MVr7P<`JxD-pDfqo*t+aQ8j33Ry3UIkAwC6RP zMQgRV>Yer{C^cEjElKIK`=#j2mNpgx(;OI~?C*>X$sM4f3w(arGAq0sf{kll$1)cR zTpi^=YLU2VqKVVH#TFe;8y0wsYKFFrBc(Lnw3Ncte>XieI?ISBcTa#)ivE*KRwiivGdE3!I2Z2@!6RRHhu zk(X(E^mDmxb=tsK!LM@10rS8iB>#dB9_ZB^zm_4 z6lP=kV>C=AFyUi2He%qj8Gj^r7POL0Z>e2h)I zRH3S}!-+|2Iyxkj34=uuX*m=5?1$#heU;RPXi%jy{KkEey$Z=AOsXMTml>P?l#LpY4Wgts|c@NWVcAy106&I zrH<47n!leXLg6mnFXMZO^n*5tepM8p@3Hc&JV)V%;#DQtV)0Aa)4sdv)gYLJl26fF z6%VKEQ}rl$b-l*tT{lBarA_)|!)-V+aiLrW*)NY!cut?MN;Dex>kaTVB*XV1dB$K9 zfimt{e4wB5G2HK6BhI*acSQI3JjC|_v{ZY_xP^Z%eZ79spV7+?pHr+z#=~6SWPiO3 z;rYCuOr&#=Ci;9H`B1{(CyuWrx&R}C-;*_(tsSQKr%#X?5F<&+TC=l&tN%D7|vLSDqeX0ur`U>=|R9i~#)x zcpn370&~b--A`_fNPiX)M%C!~9^(#s-yb6-0QrDq%jgC%0wBWq^Zb_9ESLX@?INx%Hp)F9EZ z^yYG01&LBd$_e-SUShI8VXq1s6dg0U_-Z+akdhrNFGWo^JEo`dfPLHEHN}0!kXz9Q z{+}jy1UMIf7E}xr6Z-QPI>w;jRvp^O6(Ue~MN}Ur(a*@a$(fm<{Nu~YVK@3A(WYuV z$^0nyQciU;gZet&iWrR)s;h*zm)*n8G(1?e?4U|2;9~iKl<)E1i$B*}=8gtmE#W37 z3ZWM}=uXo$-iUk5R$Z!k^s>8k4KTW6Cfa&yQD`jkosuhpI^Y*8>SyfyNeyCjVEexH z7*B|2ZvM2g{?|m*_svR(AGx;uUShGqki~t%n_-?(S=2`S?budYZ!arvk0uN(F$qQhekc)97Mr26?u!}Ic9>Lfyk_No1APYr?^GFkE^ z0(laoq_V4C;%S2zjnt>VLou=Y)6V(XIyZ~1d*83EvNF<;)0$BmKd~T;1i{8XxSK2m z+QB>n5oSUW@-d<0UaU+kCb!gbo&>H!5jg=h)btntC9jj4lKzs@mqQfa`QPt@<>c zN!z8!PV!Vsti|nBMtyfzPm1VB>fNCfw`B2U+WD#kEUqOa4^|}>*|hV$>LSBK&59}A zWGgKcymWj|FE8ICr<37ZM8&lZCKfQA@rSF-I)~TBzOpJml=z3YXt`9pa#xp{W{1w+ z!2G}jJ{O+~qp}n6c4>Z~-j-}B(4(3e-gz3dLR2#XR1iH(KIPLaDK-Zy4tItX;oKhf z4G3dynJVLxkAS&?z&^nep7%4-SBf(2-OFE#A719l87L-tu&{ldw>y2oCmJt`hI7?` zPw{KTh$ZHJE~;N=KqZ{d>q#;Ooi^or`&E}*4!8a7!~5qO;1ekHIr?}*Fb&L-Z_&X7 z3PmP@26A+DxRUh~?7g)#5u5%(_!2e^OQC~Gl0~qOYcR8<#)|qcLQA!Hy-ijFHU$WV zrb#n`-80v^u1?~~0(Z2M#9<~*>oRT^E7$nG-kI3cG_FUkg=FJmk-%%fetZ&=293{) zqva|Xt3r@|e3Zm3cZe5C0xoCw`TISThL!Hil?|2s6z9o(-n8Q37y<9^W7U9-JXd3y z>UpZ|@q@8sp2UH&t8dI}L3RGzGbIzUsLY(CWzrW6HDeW!D+0pvYU*`6#8@d`i@ga% zPdURyNC8SB3@UTH=uF&NYryg=~i6hC^{0vppvwbeOe0%Upu9 zNL!`vk>Nh_ZS8jX<%alDkyeRvXW;cvbG4DakSf%d$#+FvJP$jc@pS_h%pO2`HmZ(O z1n-p(WoIYjGq#Ow)jT{)USP!0vf<$qeUL-`EpKQr9PBuP(`PjR#@he_PHtsXGt_Y{ zmJJ+)UOcQDrO>IZdLxVQB!0tCq)XP^%LKfvi`fjS)1gxI^p1q>G|+aWI2lZCz})vl z{*?)S&g-9~zOuZ)D%c-kLR9PISnXSv)h2~Ya=(7UO_-=J_=JgDr#SZ>ju{C={(wUM z$Pm6TGEmN|6s=qe%yV8i5K)+LW_dIm8?#neH5z(xe;H{!aQ2;>PnSt+cYEJYwQeLS zY{l%czsS6C_O`QheD3WYDGj|ozW7atM0SO=kS_dyF}f%Y-d(_ z_E>3|ey0ttuc#%XsI{sF3XOrKUFdMb?_cBwb{{-K;J>05fW{gm_{toj;CL*A*Z>~I zK>B@#YF?mc>>#WX=>yqAB$p?lrM==jD?nSItDBEE3g@Bb!4e0-4>XzCeIUzM4~;7! z9~MwnM6u6apQ}s}HLGX!*W3p!g_0KsyNo-Y|Gz#Yh{xM8uyR9Fubn0Dwkfy%Y*lV2 zEzme=%nRO6XD>qn_#NNw$n8XgzoC6gT z0j=HP*%N2~wE4kivz0{ZT7Z*D?AQs3aJA7+hxIY96)WD-ean1c4HTJ4XdFdG1OU0! z?9Ba>_6`nr6_V28sXV6y7QN@^=e=Or8qC$|wNQ{;r%)S|u4Ra2P0)r}R5E4>upO>S z6oFpQHONk*z|>#NXWwFbw1H}XR=H>q_6gp^3Tf8zmmtZXJSlVf_nWP3SJiBk`)AOtf%uo*5Mb7)V>5YG zrx9??kMkA%{FFyUf&Fl0gCo;~DI*{zt`r&}MSOHJv_zMba`7trSM3{aIl7VkD0Prh zU20(lY?Y(ySIGqPHR5vA;EY#!T-tu5)ye9MwVUM-xB7&KyhtLtu9PSB_|!M4-CaW4 z@t@1t%u#TL=d$PU&8(=kdjqV2mLO!wH~`O=(}6J+)YIG@q_z&DAO|EzN5hwSa3!lD zPWUV19?T$V=3I`)QKy67;uO(J${tA`R!(M35(euu01}PXsD}F&+Sd>VxQ%F0<};Z$Ea18 z2*Qd<%!Q{NF$s^0d3djG-qKV0LvRU2$g%Z=$4y76a=GzRvdTrO%KE>eCN~)(l-$@G z|59EldDV2JDt)r8W6e?WVIz4DU;Y?*44JMUy3)EvUZwhYFr9PjC_y~QdN|4sA=bCFboV-WKXyFllgVVsR@(zP8{0QPYrulFR7h$>%28Nn5-ianBK&BgWi;!>Lbw|md zC@^SBL8+?i8Y8K(Mzotl7K}b|cfAh})Wu$uIEkr{L(ZFC88sVr|GYcuw833>`ckzf zYT#QB=8f{BbNwX(X~$2|8rrmih2mJMTC|0pt6+zN`c2y>s|)nrTCGnzf>u zdAy8RrzJ!0{Rl)~!4-G#E$|xA<$(!SJw=7VQGgV1YVJXcadpNhAI@y_qyMK;m z`_1=a>N4LuI-0mKG%(=C-QdEnTuaz<_XDsjUCW)J%l53=zcu&Wq0Hd1F-8Y1Jt}`z zzv}>F7N3_4_RxgH72?9@_P!cm095lX`I z1cEXK$M)qL%CO{ClEa_Wa>}^q`diwNw-(QCrlw|y?LI_rr^_jmxQ4VA{+Syx?E2U~ zC?uQ{97va@j2VWEOT!NA4#&;ro;6wBtb0IW{H`f4j2ZATDUQa2rx~68*3CrHPm;=3ZwrF*g3Z4hD33zQo<~j72#d zP2%(?pBl1z9X9-|{ki~r_+;gIe4faBJprp*ph3^$_53BiSOzi2aFFqZV~MfQZVJeU zEp1bDcQzKGu?~fSLC5XP(2*Ef`xvyC=hVD4Y2=M>8}mxar(9*mELFCojGU`9P9jrv zb8Rd;Sh>RhMz)Pdgg3O+48uK*%oWQJf?T3_m!q0^0NjYBP%1~GHcOKpLE@Od!!$OM zCgZFQTq21&G)AMFOeaZCQRZgXN^RwsmSfTqcO6~yl-;?KI)|I*%EhrhN}f4CF;gB9 ztnkPWgsaCeqwhEcA00C2EpM_$XRC>vxC88v6N~T;O)~ko75n%IZa|0KuUZuJ-G>h2 z+-zlOrW4;^dFq7vQ;x5eWsGusY5+EYZgdg*oMY90xjqrjgEDsw8dY&OP8n^+bA^6u zsdKu)Z%<9@DcXZL;>pHNAM>cQIN1nKF$cd*YP4>8l{wtqJkw~RlNe@``3pnA@$I`A z%j{WC=){yh>!yzKJ$RMweFF#9)I)vWej+FshSNEGeB!FS1o+~Hsa+ae7I%;`Xm*@k zCkRF;rEzbhJ4>N7JHsuLj+H#J#?hbY@?=_HD{+b|v+o_0 zVU{a6PIjr@zq+1pur3x(Ou?I=FLXYE*Y21;byk8INn z&l}&<_}ppyDsDlN%787oo*4N9HoD%)y;j%spu?*dzuswmnk}CW@?LxVjjy$$l zd{sp-s7~65Lc6Hcf7b}<9dPnqS$kI9`urP<>}ic4b$No9@%}Ur{n)hn=q%q#ezpe+ zqhyzL-10k|cJva1i0jDAmH?V>D&QF<4Y=93U^53N1}2B;4h5fF=}i;ziG3_~rbh0cl`kF27BrsigA=rwCl}L9|AcHLahw?#M@phXzZP7Rd{}gzzn4fWy;oV+vhCZR8 zn_1|?*8A9Y%!h=&G4arJ2;O$OIyx3Eqtcp^3E1#>_;8K%IO2}rw@gqzSFY%|x`Vx< zDDj4Z)&UYS+H}j8kv|uC9W90~^$lVhxXRGcY|@sn)J=XT zToCFS6(8%?8TtYNV1B955s6=gk%W}rM`BbTfe@$Fg|NSEiK!6=O0Z#yY3@KKl+@;u zp-AApI4Mn*zbgZl67kBqGQh-s9vb|q-s@}MZ|3w?_E5{z3H$BuYd3utIY<;gD!4VTyI%e28dx;?1wFH3QQZsUf^k<&Wh2=?XibP00~4Jv0$r_&WeAGqFzR@KLCjmOg# zQZX{(`KKqH$})^=maLR>ryVs&JXud<$xp06{47KMZ{g8?1f2a)6p;-gkPX|!0wMP=w{ioZuVzN!VI9WSfWaj4r=COASS$hx8rasnTP`iETW>XLR!yjF=3g>AAx_^O+#;GOv_%^h z7S^4-+yd#gV=S}~z{jz3Xbp0Oh6g6s-J@jM; zcsLm4V?b5>AOtd(ZUu8>UkLvD!j|}@NAh`kby__;b!j?rbDZXSHjipX;P0WkXW5T} zXUf5VXPl|*q0RehZNTA#m=u@8p`)c9AJ^Ochynp`pUuO}zXKTb#SMXU`FGH&JY^c~ zHpkFtQabtX$v`T7B9sWdVpcw|HH*5>(pN1cwD1Iy)q*QiDa^j$DC~8A#P=oqjl=8q zQ!)R0S#J+=z)!c*l657Pn7)!?VUB}Js=ni63+V>yPWP8EiL-DFx|Z725&Fhxr;#t7 zkaIWii41>G!dc32+~OUe9qR{TIQ=T~-3j(DYuhenax%$GYN$1|`+Wl*a@LJs8OpU*aoHIh@Y$=FwX*#zwuU-s0$;(=7 zsk};#uka?JQh$?DYA^-CFLU(DVz3x9rO(?d#P8b1eie6U-9fTKB!J1>$UEacquv$a z(pjQB5zd+qZW?`)`W{kY58q;cZOtOr`$bQxI9mA}pZJVboa*Bb(C2p56?IbQp*L-& zV}Ip%?RIvU;;Sec&6TbYAwc$@jB!Y;ZCz1{d7 z$Q|{P18|y3BD>)1-6{hU`4aNxA}nfkrv$jmEtwG;gSXU-^fLMfU6R`8h9cIsot#4{ zD{gg<@gi#+`n}iC($bmQne%+b7oEeNj7o% zHoF^ti9h?QaZ~!-u)ITmo?Dw_!@jvF7_PBpt;_R8{^R;kzIrAo_qXptFajQ*$D^j{ z6q8*B`Zptc``g|DwWtKZ`zuwkSguH`lXeR|Rj0)DB9Z6QO+wv1-v@x1$`B+w zcIBx_3g)YkSZqKC$s}7dHJtGG$cG*O;06`-)A8{L-=YKBqZtnuG9ELDz6cf|&My8( z`r7xgO609f5!r2^ne#xxx)CTrQG)M_=Vf=f#10W^Zlubo+No`0SS^pMM@VM{w3p?_ z6A_u_aeG2@<;ip0go~#fzoO=51T2(`O|cF|x2G=u?ToMEn;8GiU`ieUg|&y*r9PGk z!d2!zoBcpiTbTyaBPDQDcSslFOT@LR)K*DKCF;09{}q^T&KL-oZY~%9E$<(8dkgsx>eGqvm70ds%{OkiZy#ekdU zr$&adXA?+aqT-F2U+sX||Np~1!83g`8be0I1tR@mhMX(WrFa}P=0+?bXYpXjz)D_u z)@1;Q7rW#!5fKVX?PwAfi2~;`O&?8e?q(N`uE3$_h}lA{$HtJl1Olfs<*WY{Lj*KC zCm+BxJFWF4P}R{~PEVOq(~N=_t#LaOp~{L6#uuSNJaiMY{l z^b_kc0i-0Q6B3=$=I$pMI0@=Fhs#mxpYYe}vu-8Y;Jy?u6Hgk%FVVDEh+M1@-8F3P z(Hk2tFT>JgxP07(PG;_*eg(O36Yjd6DQLage*CFMBMEe7G!cZ?`m;q#Kv~{t0P|?s zZC8DJgbw1ATD)5i!44{Zbns8D4dyqBpmFz`t#NlwSpN)wmR)IgQsjKCc7b(n;--2~ z>@;n6*3Pm7z(WI_RZ~f)uoHO^0>Vq6SRLddS^jpGVXO0D{SKVKd=>0#! z&c)0|zMWwLQ?ym3?JwxS8yo)PLi=z3whR>LVk0t4n3d$ZBCF(_NV{Daaay|gwFFji zO>J?dgKjap=1Nb8iiwKlPu(!km2j)m;~V{j8S8S%mM|f>~YZ$9+q@`P!JMz zPJmQsH`^q^0J$Q}aJHveh_ly(u%EwLs_Z`uXVo+{Wj9oGHs03&A9R4Pk1N;y+f1c8 zSnl5}k)o8}WOcR*zMDVO0p5Yu$-WC@0ni3iCW8syF8c#}w;HKL^#i&5{7mhfOR&wZ zdT;Fv3p^h8Tj1#f+%RAX)YJnnaZn}k(NbU=s2pe;;Uf<;I5Q2EW-0z(7C_6B-I9es zYDKbZ!eoON6KN_Kx%ld$cln8@s(|faZ=$@wspE$`)342itI^8crk@v^C65n^AAa4i zaE~%k2;uPe>rLzzR&u;G>oOlVMfIF;Rvn6C?Xwr7_G~6$qZ$QA?cCENeFlx7RL$g( z@N{Bw$~M9ph0IfU(<50T<=^sh(KY^u|j+ZHWs=Aih=^hWSEKWVqtBQ->#PkV_mN31BX~Kp2fpD;}YKs&J(`gVl{@;lD1W^o#D(c?k*1VJa zQqy-=kC1EKmX96U{CH1k(HzX&5{D=?K4TwxtkM)@{*SYf9sNfPgOJw##9_ex@3yRL z9d#bLqLFBQ7=cMFY(olSS_auzdO2xBPIP%5vz4Cr!6s45CJ@O#SidcnaiR$q+lxw7 z2_>92YR8WF2~39DcO+AXsjJ74j>6~6AH3E{qOL}ZM9GB;qjN0L*4N)>%L$SWmEh0% z?i+HY=NB?1C_hMK9F<-oug7z1h4?kGbX3)v<$07{L~1wxgT&w$-exC|-JJ^6nDXS; zBzZ|N@(w7;OT;c7R8)8I<6oK!?{8OMXTali9X4AK;_;EfEtkpSrYR!Pj{BQ<`<&2Q z89!8@`wLrRWRrPbA2RpI_R^90uOswK?$>sqV|BC2;%)=s_mJr@w}s2=&5RNN=|^*<=UU{$ zaq1Co!Oq*W<^8a7wZNmI`BrPTp=JD>BpWa5Y6XbbjmztieomQrWoo?w>myC#j^? zAf&#%%z443#rW{wS)q=YK3|ESQ$Wcl%D{@6Blt-#!jkJN=eApSKv!8&OKT(h7Omh< zS^1xR2YmYpgU^;EDeMziR)pBO83w}5oxulj&WJ(%ku)N#K)k}hkU?gbxK7XiVV6v5 zuT}A^uDWe~=Be+Qp%vp-byHZ>6omd%hl-`tBD~#o?%4eQer* z)!QH{?|3-!s|-ajD5dn%MO!vzaI%-i$=v)DIP?cvcs_vUrssbUozjniv1DLel+XR~ zOrZouYcr6vdx^&Gv`i?Y353*Ve8#y0Nv48zf}FjjEUJ z7w^Ujhx@F}v$tIKK-fW58Aei4(#u%bW0-p6DQbCF1yw`xo&!j+ge?f#5!Qz?3yDUN z+$E$eXsKkV8ZTC~BjPw<18mRln{aOwkHQ`j%VDEa$;rBAnV?QC0XeVkFZc$(UGCJ)V^4kd2` z-;$R#RVB}Vn$%%Bxd=EXPg5rUJ5JvDo7@THL_A&@Z+yf0mYKI?BGmb`6j}z88m{~z zlanuab9rfU`erA?CsvDvJ01dE=s~@@Zt76A(1ist+H&l_dKO*X_kM*{Qhs$K>zbEK zP~JbWFn{6TdZML=RNW>B$6Q8z@-%5hOr0bMlrw^?y)D~W`?aI724*ee8EIf}@=>&%VRQEVH5xMgAV>7aFFfvMB6S+ax3D6;$1+j~R zIeOwx5X@FFk__$;OA3E@3Gbps2C?339t2z2XeXq(=~F5k9{-FJMG)Zjwt?Py`VD7) zzDOuw2x(>Kuz$(kjM#1xfSsM^k<2uMY{V&^y?E2H!KIZDW?nP*uGeE#6HUv_uR&>D z&&IEFfrW|r3lArViE7U{Xdcd8G=yC1FvEz5Ho4DC(Ch`l0)ubQWlll8*5lRU zlap`#@co~MRU$=U+#_nh)G<+iaH^pNB`Q3Fu;I{YL-v)&GgBP=WF=K z@#LqsbeSf7psd&JGZbKaXD9aNhJcFLEQi8*C_3`wV^5NUkB^KAproCcmuJ6QkQ%n- zXSCip7$t3{5!zw{#+vDVP(Ejc1@IA#K8mJEYAtwh4ZG|)L}@Azu!6s zk57wrrF1dgE}R^t?80aTqFdeohxzENM~})ls4@~2Vt#e6Uw)a>C{ejT_5T=qtDv}| ztz9$_oZ#*bfgr(Mf&_Pm;O_43?oM!bcXxMpcZbHI;dJ(Y?yY_5)UCQTANryDVXdBP zjXC6#kGI8hSvB<2y+YiXlygT-C)}0F;nK}Mt;QX7E>;izccgV+(KK}#&ecdCasHg` z2fuw^nv%gTB5WIBSm5>M|S=USq_V zu;%>Ls1CzZxUUT3b}WE)x8Iy51j(-yVG81lj#j43lRq$~c?{$6;NbaguWufvsf~%r z9L~(p)-~|Zv6ew<2Pvxq-SwewHKD&&d6bc(2RlLFhei3<+#^l4);iPK8~iLHTtYh= z2fQ84hlt4<77*7KDx6N1hEKC^j$FkP_j?mh>9ZxQWP;kQSpd4@*9|b*fMw zwpm!coy9wJo<{QEoZTjolZ}#o3Oi1D)Pv$0<`{{f5}zAw)Zk%J^H%vq;3&NwRjZMs z#5sE)#Oy5G!srUBq~Be~KW|@5_Sc+s(-x{Zilm|byIJVg4k zL}~)IY%NUQgs(yTg$Ya~k1ZvyBTzeR+De{md$S(Ox2Gb8`%Z%~e@f{sa=ugKc74^E?fs$tUG6IBU8VX@tKeWg^au!AVzb$1P`kIu?E(_A?N3{j z>V}NXYV&xiswv|6Q<{M;C6nj9xmWcXZ|(8fm11ptRMEDgBDiuDY$4Ckj%}3~Qa%TV zb8R_}h%=SVKb@kqpqzdU%85oq9;SUhvfwH=Qw zpB?gKlfgBVFtdVQat3HRQG4>o+&BHXBs#&vAym`CL$*qykc6BYA8i{qQo%d*m?h$0 ze3u@!(p9gVbm_jmyEHzxQ-wTq_f?K@rB}X7tv=za+ZyMkwt8P?CYV^oJemk7ElF;R z7Pt|jr?YvH`kBkO)GfQWAHwzENtzO@Rwhm(Q^$h;+t7@8+Lhw z-r%*SxRIY(c9BitZI7HzE!pyQey+fc#;$1Fj-mr-g^FM)n5Xn>!lN6^wkct)Lgd zLq^5@w11DZX{LiYLxsC(*3$a$sK{oe()5}+dmprHT-HrA@sJ69Zz!)l9DLuKTMrU3 z{y@xj!dva=R@VsaiazM2xrY3Wz-O0b+c*4jb+9|4&NQD*EqJwx@Sa?FE>jd1C< zAet)EhLrfsRbe<`GlmLSUK^qrNnDGvboRFua(=3)YnAfuT*)Vz9i05kSkp-+A%;lw zKxQjBkFShQLLD_dyp* zHw7OA+Bj;`o%TkpLN$J*)Y!r2XL4@ve1?e!7!ZT`ixfDtAq^w_c$H;=~wku1T9JcwS0zEug&e&7u}7qpV)4cNd@?kHe5ztf%3)DUxjF|<(c`PRxv>a#2M73Ff?TH#Wx8Sl z9Gu0xEZ9;mLhq^lUE}CV5Zokp660U;1e#6&Y}zxj3;ggH*_bC#QW84%1KmFIX|*Q; z0r2qOloVPLn%3_KkI8?6{Ryj{2w(a`ozPx3zFZwB?qyLf+QeJLt=!&Nd`C8ScD{`1 zSbHp;nfhw0@TBzCYc#~yE4ZtRJDiL$yU)Qh#XvW?D(z&)`L){8u>H#51sLAy@JVHp zOnUBV2A%Wt(G`G~I9an}=$d*xcy?nhtmXB(hd_6BIP$*md~%wQkl!!lh%8eEy03EF z@?#Esn>#f+mch>G&VDh4xAO6^m#5CRAM#P8Wjymx4SVYUHo&E$a$o2#*4}@VO-um; zziz&YmrBuT&efBDJ2>YQoCYD5z6~4qwIay#ZiD+(5%zoB^#+I{T}3c+$x`reJ3Njh zNvc+RldzP^FhF}iTSYTaGoxX|3>TDSd$Ld$zspr?z1=PA*o1urFrOIo3zWc8Un{@1 zYy*y`-I~5gCSu$#6n*~$c7INPKF9DE9V_i<-n)qXlTn~Pp8kBA_5tpSt~GC>&s#h; z|NEJUJbn<$SMAWSKjjA?-3|~JB}EBagqliaX|_Bid7$^uPEwYk*KT%#kcE#gaVo8Y zoL$NheJy&ex{BTKL2gkZQj;F|yD9nHoQfiw7Uzzoeo#FmcfDC6IN%wm-_ zF2(v16C}67Y*KPj=y@Fqa8-`C;u3LOrDcALD@^E4D$g~_mJL>FnHC{D-fQ!kd0jV` zVQ;Jv{KM(MFY{-)&*ccB%!4D*-Vy4DTOa|{WXCnd2o4x=~=o6 zHiNP7pCs;Zy)EnZ(Z<4uSPS>!X1CFxDyG52!ouv}f`^wh#lF%xC&Ixe$fH9_pWz5y zbBP(fa+pJG+1&%o5VWJ5sHa9aqui?|+8-K`*KAM=Fy7 z7mPon$*@6Hoq&6yH=g>GxcBR8=sg8ELj876j|E|&Fz|^oZD){n_|LGlsKrj&8Btnt zL#foMrvWwkRNA51bL!7cR@gt@h0T@VR!oT%$g#DcN8>i9g{5ID7L2lR?$-;6T%skk;EkS)@f1#8~}y+V8j+OhsINCs~w zzL@=PqjG@eU9&*HX+$Fb*}Z2NM%a+hd_T^KEz~MDZVgsiCD~|ra1mz!^W23^A`puWDJtlu=BsSnz!SVp=yk2eqg zwGNhb2{WBTi>_0KI#7EtztYgY3956@;h zv#ysPC^!? zEU;-XeHQ6QJD|ZVE`@=X)0-ey1q%zLL81SeA7ek^ptpP3b2fL7x{4%Ij-qC&W6pCT z7|X@QGr={HXERo$sHKWwXBLv&O|*UfmRdhy%oNdq zl900NrV`FI)(t-KGb@hml04Knye~wqJY%ocyjakltUX7IK>CJe^<`tD1N-M*Yn=qh z=^|1&vYR$RlhClaM$TH5TRye9+~@8a64Gr2u;D(=FqP$()oUaZybT&4@E&FR;w~h~8Ad&@sTXpR( zNafk_$&npzsng|;wWkk%^MJap@POZgA+J!-k4<0uxjYu@^84)W(67$Mz)b4QCq(bHl&WvgLw-nM%vs|_ ztPCr%{JNFk9ccx;w>p4y--1YldbW1;;3&7{-1BBCGgvWzRGIExN6Hc<66YL^#^RV#nF%GdSeZ}x2f0%O%idPQRElgJDTCj+s z=v0Q{Yhf}?6y(`car?=7i{`1#YISv)@lENQwVaeqhiYa{_X%RIo+B$vP|f^IKCcY* ztYLwSZ1s0l%!8*n zXa4?fY$gG(_@^lOEJ!aJ2-duF61+3>KRX$_5$~&Uh~M-J8Z2pWisV$ZGsq)<;+Y%% z#s48@C|TU4WL}^2aO7P{P>s za76asxO&erzW&?#&_JhmPNscXG3g(D6~ReSG;FkmIEME8QL=1@4#E(y6~TxiMoMkx8(W@?teaKr0RO>(VXnBO)QB$uTDF3&;F5(9qU! zeYp#wXYWMa%pRtf0H&(TX@AWA5M;eJ{U(worbT8wATGXU0?ea+@g1wa>$wGqQur)> z^nJ~qc>jHPocYok{mH!#D7}*n=OJBMxv=yDth|i|;(X(^gq6Y{AuA;#R z{@gX1XK@O=JSuwmpk4OhoOm~VYPYXDMqQX8M&^`d3Ll-tISIuR*raG&ZKD`8-Wv($ zD=IJGvR0Loaas_&E#F_%f84D;*$g_Ed{l#w0%uP~>$j~qW8=jG$e&?j{fBQD*McvB zhhYF2k4z(X&x5`5rXVl=`i1vwc0Q7iz;(G)tfdPXnHsIXI%;r({d_vt`JU)aW!<8P zU?>8h)`|2Rnxy~LkXe%C_rYN?!EhN7WMb0I08R^VeAjlkbEO9P) zq7X6}H11kx@8~#iaeqbks?QW96;+7mZ*r0h{ym+PYQ;k}J({3svpu!`AuU-5U5@lk zMi#pCC!>IKH^$JYt;`}WaNdmP%N+$m!EKO@zNn2{Rx`A_kxQ2z1a??1 z36!{t*wx0Qd;h1?>wQBX^E-{d2fLDdj$q4~d0b&J{V?Z2v{Qz~`Xv9=F=QLmJE2%( z)y7)Q3EeE>fD4a?(N(Gq7JI3GU=*02%3yq$DHBi-Aq`GWIH001c{4(wM({NNTGBDCV)VcZVF~sKHY?JtGe3i96YuZ;7k%jZmY;u~ z`ivmu`oZLeZ>=IWKH;rUF$}th_Gc#cX6G`XivO&4jpE=tu7*-W|W7Eps)-BWG|3ko!p7fj=>V4n5uExhBD!qO) zx$Qc4Hh6>E6y=Fb;rq3-vxg_p z-7G$O%J$Ht=J!Hw_Q!$M6lg|fM0@j+DBL7BWy80kzJ^kpf3vcVJjI7e-s-r~krpif z*bCDyI*9WgG>#h7WhOlIl3m%?CHg6x(p%M@@Qw1NG{SjCG`n?pBD0i!3<5jHF9s`>|$NCx6J4;P4wggk>)6PgPWfzG2iR2Gihdgrf?5hAzfjC7)%mG-tG& ztLlq0*jkyXg5L$fV}X41G|lBH&Dqf{R>mySXNk!)P*M2O|ZRlnIk#D9bxUY|Fp2K4_@ zwg6zLLG#!mm$7+&P4a6Y>P#aRX=(}0@5eYC7ykfA;HM4J$2A$%Ndh@6!S#A)%{Pn?X~M)w=&y_=OX`)SHrczH^Gl-vhF() zR&QbVv!~jf?z%qDse8QoNR^*4QPD6()NQgc&qfugCUHAl{J42ej94l3KKc%VTJfsBI48%M@{I_CxK&;tcaS{}&BxL> zZAw1p?>A&yq)@nTQiwsr=B5t_bh!*1f@+AshBGXYv@#Ga9U8{9^auaKOCVRa+`k&G z>(e#VV*rlk$3-b2NmNBJ3zMPw`v}nimuPy?P@t;a4JifMmGVUa?$6Y)z_H6De96@N z>SAPY6V)SpkW6}};L*zqm_5!Yf+Zn22(FJ4W*2*mkD}w~ltdR>8%sCy%a-?U#`>3T z+|A2_ea~Upxx#reCXj05BI8lQ?1#FcdaG*%6gXXLQ|i!r(_ERShuEEzCmpy8LHx~I zSogC_{~M?_#-ltj)LNG20%G8ty(?!jl)aiQirNd@8U)%6oai4FMk6hLcoaPA0X#K4 zd;O&y_(){#bS|ziwg)?6+oq-!oF{ztBj8u}UKK%5mJTHF#99}=q3PR9w@0$C>@ytB zib^G!>nq$XM)r)GMx197U!j8-9fvlRHV;T5V^*FG3fPg&5_(}-lLO4S3%#-^E}BL! zp(O!>C}vb#43*Kh^E4ffenG!c5Zvvr9_osb2d%3*6Vo_xq8>H+dylr$rja80k(#0; zp6;YB;-Zi;il)2#v%TAw4WtF^0KfJNePv4xomy=y8OoB@Bg7@t*L#plPky32f<$~+ zApn>90C^3fgp3{pDfd-;P#i2?y;-7$xlrux&P@67q4fTP|6sX}*;n;Ha!w?j+<#|l zCmsk~ynY$N_j@4%Yh`Hh>G~%XghTQv=h(;(OP&vW^J%2+(X>&7>Xy=KvbB}24 z-n<^skt8q0#;H(=C6%313&fy-WG+Hu%YDI2K$MDePRVvkKd{SiC2D}b%@^xj0%wxTKx5;Su(6w1{smzB!ko$^8o|ZKvhid# zf;X(CU3Nblvg;ZhLUL3jrz)dgMu(>m-@e@ilaEs;5%=+!+RdyD`TOCYE7D_RkM&m0 z=E17N;DaCVcg~_TV=XdNG~ccU8H8n;!wF*Ro7Sz}_iD%~%!4aWmk4Nc1rgn4myku<*U8lwiRI!*=^EHmV>JTa;VItMf<0=Kp{X!+xJpx6j)k*`zS%453{WaduN5p~)iE z1`E-2;-Mvmzz-AsqvBRNCJAB_eVEdY^pE_zHe{7Mm z8No5_aYbLm3ug_YRs+oOqsxsb`S)tB(9s{6e^;?}lG^&h2(L(s#<}0IS8>J5NbYcA zqn6E|_3pG8lu{qRn&Fl1`;mTHdp8_0q$+u8a43D0UQ3#kfI`A~=ZWszhaw0X50a>_ zI6!#Z|A{2ZGr2PM(*XB!5?7knSks7QYPg>vHmFf8dc8wwnjaagD;I<}_jtL(2u*u0 zE|#_0`t$I${KV}~NIJyr4~XjgatkN>Q+>wlQ`2A2mExTi9seD(XR6{0Yy+re{r$0 z4SdR#Sz+HkjqjH>*{E(4bS^{Q{Z)bErnDYJ)z%LsM z+|hiEfp_LNIVF0ort+K=A12<;G8s$5FJ4RZkdaosqXg zsQ_0FXv;^anf(kTxxtxe!QGtXWc}==yxgSir}74%l2n@^fW)^tqxrgNdUG!}JaXc? z*un8soX-WMD~5Colz=Peo4YERavSvd{{j8K!pV;1z(>&xM@PGxc)SYMTzINYh?Rj^ zfUw8ddlHrrZi&$X*N&(!+eAa7DwdH_KW=&x1aIk*8TsVpZF!^N)1M;U01q*t`C0%a zBP|_&1B@vn9f6}5cfvq?)JWA)Gi?(Xo7w3p^ZC(Aq27$+aWrkMl*Q$<6=d7L9exbO z!KMWQ6#S|q$=$05in%hjJ!-H&}o=5AmygH9U5@EwM)(+HMZGo;6d>Gu1+vR$*(_#8-1H`TR)9QIT5LRmN z>(Q9h1vyaTZsK!$OZ^K7!{y_t&UO-9SkSJBzHdV;mJ(DlGTkE}e_@Rx^%Lyt;BQ=N zSWQ|1^wYJRl$9VOkI(Ehz}Cg)(^l70Q*7$^{?$gS3CLz2$ZS! z6sWv-`}*R4c#>(96&T)4^uyr(FwC=6yb6iOW3x-d_hDdivv4Bxh~PSKy~xBPm{REe z*Fvs`$*If@K?PJdnmYzVEzyjFkr zogWi7JuWfBWWSjb{JaMBzZZu#>PoxKXT>T!B7ubM)M>6Zo26Q{&o<#NnfY9fD6iW_ z9hG;x`xE&D+r&aJpu0A|<#+S=Tb_?-R*NMWSA#u%i)D~H?NY_9mdn;!m6gT*=mo{w z=O_bn$x!_X{`b2Kj~;bsaz9vzF^EBScHan5+vW~)W>r*DP2)Z1SF$JgrM zNC`n@l3wz^GP+|PHZMqc2b#&81qtH|ogrCOx@dWqEvAF9UcR)? z*Y)iDD{nb%uWnDiuqW|k)oBpt{o%sFtw%1CyYbrXltN~g=V4+65;fTXy3h2IjFiIpr$11PmIr|yaaan}R zninaH!Wk`V^doP;qrTB1V~eSlPX+w{TvUY+3rkYV3hppN*#j-cH=KIC%9^W60s>39 zI0?+JOkZnuUev}m$cb&ioa(&Xx%}zW%L+1Fvhlq1UeFkV#zhLyt3=c8Mk1;9^e|`P^&8np@By3Vp+$k(L|PHOt$X(3=|6xLpcT zGSY~U(%g*B3W)z+GGeg4#TqTHtI&#k{H`~)gW(u!4c1%5E>G|b9MCN^G?PP7nnSXw z9Zs5#JqGjpQNmrAs|{%{KV(Wi5~^soQkg5RPiP9PE|=MJ067-?eYEQ!AaXMU4;Lwu(cRd8(v?GaL9S6<_0Eu z7k=1U%vH@UIP4pa)(0v#6z>3|)f%mx>vnfK-}-v}4&OJ`06l*@X{6onr?X>o^&Z8# z&j(4thm@bcQpbIX)xSy=?!FZxeb51acDJ->QHIugFlM>g|I8-7_eAq~Hw&7s;m$LF zs2$TZIlfMKes=A8>RmX_^1&IPf%{_qWnG4Rt8l!l-FO8?#*y~S5I=iNWuf)wd%wS> z6J<~7rJRE?VG3FQ6?;`c)Ir=62fmVDrW-lZ#EgO(?Ekq;C1o{!%xmC|pPXeoLsR1? z*VZBpOc0M3Rv0@_N9Hv7;E+R09_fHj)MF3O{8$~qeC;@!`^dj}Ne(0Y-3_i7i{WTe zuy=%r<06hRFgl8}A-|a>rYD`r36mQb@ElmTp#A4&vWwl9NeGMwya@vA_}7~5l!{V| z9W47bgwR)1f8sC7Zjuy%*da5;g+}C*6jT9!jrvZ=>uioPWzP-%>pZY!693XkCHymp z)`Og)_;(;ib&gXp8V%Zsq61yNJ+$`9edwg}J1>un^&oIkB~D{8F9svU&|$kXOPDFTKa_i`5p z`INCFdbY21uV_|@~06gB3}%z{pV-qc2eg# zkA3LNLQMDb`#26U%BRcz2m_yo&Jk56essXwl?NeZGVWsjmN&r2Z%0?o2P9_4|Mo8F zdwGQmoS7S}r_iI4L+}GvzLorz6yz_kT4zdryQD`eybkK zd**7#vT57#tTTdydwB=6xrd~4o?Gmf?l})z^TgB}yhWdkUV94{VCgu1^doKcuZFce zU9L|%qe~?zGH2rf?pm<2Xy%kMJ*L#-P<9Ep8t7Qeo|DYA4N%;#>><&Ect^kIgu-PL z!|#iEOOyV}F-U6H-fFs!wy(LXeHfM}5VZ8FdFWk&cGRVVcNZ*W!x>B9NQTF)ZUsqu!n=OR(BXw8240~MfUUbo)C+f2Ut*$b zBuBm@?@XlsI9hB)hdT7mv?xLqDcv~+p=4ZieMZIu8=ID-O~?I*+UwMEf(+rvGTF4sMPeyzxnF( zSH}de=3#pYT9fGFc|;vL;|lx{NunK5WL@4?wjnOD!7-;CTST6weoJ>h@_fK9;%KOg zT4iGvO5KM>v54hW&6+w;TS*1;D2AL6EG~?4R3*<|fN4DWSK0*Kj@d~}&b=K(hFEO4 zN;rwKup!$YHyGgsgMo4=t5<)4#3TK|RTz~>5^&rGwV>T7cZ=hG0zq2cx5hii5e3dl z9;-Kd6UhnTSOaGxaqPAn%MGUv&6lAVoseEdcKcAkx5pCo z^4B^eeh}*7BCh!}ChCgbi}Ltj?|FF<_Q7=eTH3wSY<`HcN+OBI9>TeDjaA3{Fe-JW zMI<6cYi(a2@c7K(d=ZK=ZY9fio5P3;jd`30Kh2=obdl-8>+Akaq1d~#ZJ3I;cUZ8l zcKXTZIC~$(a7~p{*M!hUHhY+qxAa{YZ9i;dfX5J$ZyK)wmw=$%>J1TTtj`_YG;?>T z2Z22kgUSe7){f`#1W3sDc}cdENYrAJD2j_ot8uogs1|d7M#!Ys0S6cfg+cl}noNIJ ztqX@idJ>b;Gvb#8VGulCfHBHy#PmAa>O|~V^N66(!V*K}zyGwY8vl*&P?q;LR{d9% zM&np)In?kl(epvQ8OW4fRK6IEB3JAIBLDLw@<7QboY z*@&7s0!}e}U;n|cenv=23;bL_0Bk(mUO>UUGiTF1tMYh0%9v=vyn#UX#O zeI&1`@v|yDJz)lSjSlybgOQ4pVvuqhtGWA4UT^Tl<1;Pl@f1vjsc4Qo=$WalL#;lj;==%t}=g_{iF-y&Rrl~2AlOqYL} z^|TywTQb{0#>980Cd^f>?lD zxbfpq4}W<*K91-#b?`oyC^qSZQ6QHdhqKE)wAT=fEUuO#K7cN~r)Kj-hayArhv?~`?)Ttw&XnhO#7#NN1AvQ2BIO&Q)TsI(8ZTDC&9dFr7*SPJ+&zU}?VOi9_~ z9(ATQ%?AkHU4}Ud2BZYF7>a{BRc=lfGff(cV;9G39d3AR@7jNF5Qk9&e0f`;iM-*4 z1D>`AsYkDUZtMU@(!pBXhP{0h+g_jZAXg8Q>G#Oyx2Itrjt4;Z=Zniz)h3-L8-KZE z@m8n1>&~&gTz^O}TKQ!S+n4>)RI6vKuDgk4g z3a|KOJlQAYw5z41C0~5hNFv32zG#qDRcEz8oGcfI`>HV@1aX`5&Y0u3;!YJX6Vv+>BY+TyC~s zAK``QDb5${nkt|kHojK-?CI}MapXI%vsHeP1JAFO_NE=akc1GMC)%oL!7ZWQDbMs-u%PGEg_)4jG6e%=jSiX7((Y2kbO%Kxx zLMUMrZbL!c6KQm%zx=8nL9YGbA^x<*DcJUlMhcB8l^TG-hBWEFEP|#)K6i&}KFbE$ z&2E6AOm3%^yKp}!)#KjzV=|}xG!vbJMZh#)@_J5B%y$?u6s(%>(tQQMIpiw>-Z?TX zX5)#ViFUvJ)}!mjY#&Ci{UW*$L<(I=h!S9qA20{K$?Z&4TEdg-Ljy2vk}X@UQ#}>> zH{^}Hhq-wwO0{67eLdr4ak#aXCa2q{wkIR_b1;Ru$#PXMtoN1Hr_zyLa$% zvSsuYM0}a zheU!(OUA0D(Zml;`*31ZhTR?gL6hX`*vWA?{FQ}vU%~q)G`b{h z%cU!r{Mtt>ZYX{UY7^hetL`zHlBVs-aXm2L5|ljT$lIPyk$eK8#$Y7HU^EbfVjJ$I zF1m;~lTk4-HQEdf#X{?5?e(?uDrmtm>?!f|>6K{hL%uf3`TZGB?j57a z%}DHRN6~mZ#2_oo+v0j>^@CV=sy7F(W7AL`cv|qdiGs&KNgtc(!7t>W$vVSc-zKKve|DyPRv;Z~*5S#eK`s@EC zlI7DaYv56!*zg$(JZ%OF^_~YT(7Or5zLL8xg2Jhn=0;FG3J$ACe^ku*g(BSQz1 z^F#uaRREPnLyxRoK%IY*oITc)Rr5wq?L`Zi=pJm@5VCJs>u2xqVDOKugHWQDjM3{z ztc|kI0h`sfO<_@gI|Kb5SPcS>9EKd_yF`N7Dk_i~zq-uI{1KF_Pq zUqW7uM_tB~KW{z`*ddy^e0JH%T_?9c@p)X;MnZAlQtFQb__*H7=xjGV>tkgXb*Y(YW?0_}E02)dxV*XLTb z=mC?-^u`(^#O<#QZ6|+?NxU}7kW~=?fS6pRGP$Z@{iG&@( zCGpMZy3XQ`zpxHPId@=3ficJVUQm<05+FGtSnIgbzGJRK8ws=>FAgKBXG+?1uZE zOikp?Wp{_(Pt>aS_;&sh!RLBiITVFE0d&tTRfR#TlOb3K6L~n%HmxTU-8{bF1Tz6x z=`;7!kp<%&@e!mTU9mq7!p@sa-F~T*$!3Ip?ee1EY%nWl))f@oYwWjX17cT;G0$8M zN+x?f42s@)!4@$?54%k|vCroOwklz_4PbNwZ!hL!xC~gVopEQ(=A*iw@6KIf+M?2s z0cCpquacOPEHND5-Vm#ks94SAqE8W^@{p+(t-!5*Xb$QZ6nEv{>8$!MKCxF)9q+C7 ztXH6t{NM-C#4?qxgrTzpD#L5cY;^`F4O}y*;U1*)_2wWUz}0dO(xGG4Y#ik)=g6aqU=fUVful%z_Lhn4_Qda6% z_xvmBztTK}r?R?KCQ-*2^O;9jwNnE<29M2pXtUWy_E*Ioy*z21=o37f)mC~&yhf`6 zr;@akJk4doXRZVZOWE2I-Fi;7aycbnn!{6@fV&CJhd5q;J6g1drKA>V%SClK`f?u$ zKlSw%OPBt5LhDPFh;B3}>Vnh2;C``H^BFMRC>R|(zNH#osM3XPp0UV}z%e~gw=rmZIWGwX&0ZCZd zK#R#Wq+;*jES{rQs-16r%HJBTHyYA*3Lw_=u)PeUfmv^azvcq~BkR`sb-?Cr)o2eh zo}MC50&U-CVE}v1f6MEk4Zd&}!C>OQOBR<3|G)vvajr}!b``jATRHw(5AP7U49+y9 zM^BvOuSVbvoB>Snwol|kdg6zbMl+L$!AiKn`}sAD{)5l5P5>BBv}1qdcj{g)Vh;YuHUDV$lel7Ju@`$I zBDZJlaH!TOoHv?`Ulxr!t8rhD%T2NuUyATTl746!@9r60cRiuFrSW+oQpyJ~fXASx zi<*NwJBMho7icWfU|$!=r8abX+zaVU0~L-M5DH~Qtq1WL>m^$a!_?+u9#X?pFCRVYry zswdE`ozcwaHS~wd6k~*#CAFY37VzCI*$<*NTx-z}_{L(kW_rB^l;z`E^ z+J8}Mx?S}UeX=6U|98kF=vrjC%0$757xl>V!h3YkF~Bicv&qt8rKYQc^stU7z!?;x zZ)MyEBqPY^apm70t;Un++L1jU16{>ZSb?g&T^2!dbJgtOb0$}xWTt&Z3cCws|T+d!%8375-9O&gY5dW{YU_H~2E7(0mfSBPxXvDp*;mW4vk@JE`4#rZtxqte05 zc;h*-$yj5Xkemu-y>s?EzV-{c&g96Xm~tFY_IMsJu_GDupJpDYDfXn)3?4P5@H%K# z#s6Khd~D4>Js1%|@rVvXMwDwp_eu)+XP>Mz*pVx8jX`)^IaYER@6#{0_A1 zqlC&mp?oCCLR5^Snh5jCT+9QZLyT_$i_pTDuhwruT67n#^U>9tyqTcv_S1IlJjD5< z68U&u$%Cm3eKTS%TLyfhj0u54S9xw?jIrE(Q2s_J!k{i1%75s4%J)Eb21TwhJk1!1 zMB3gH-FP4&XUj_yg!EK zHwuxe8AxAbm2e1yP!f4ilS4xXKSerDRsxNX$zaL$u|pRtM!>mhBoU0y(FBR<#lPi> zvDumBlz)oxY@-rri-AMqkZY43-sO#5yty%BvK1`KIlKV1GVw%#ea zvS^LMjO|oXv2EL|sAAiw*tT7jETt_+JMPL*;R6NjM(A8!v(TJ0WANUXjZPi!0l zV^a&%=+H<6aMGtSEfjHHyVL_ST%%Kfac~E7aVy=ztZQ$%-fUA!gh}@fHFJh*CnrMm z?dE%~A5rO65XR?w;u91CK_v5N9iyDP-5kU~d~H%V9~$OeyuUtm6(2^x?$IuYge*C# zO_sX7w)8Dp5==T}|S}n5Q6On#T z>K6zuT}X^ecjSyXI9Nc&j3bSg2J&0)WT;La@Zg&}Jx>C>21)E>Wvd$XZ=m-ieqnH? zWYVftfP|y_)5R3nZn6&c5Iy-9pqTi9M$M)72Y`EmYZV{j{2KS}I{K>(662;@T+>S! zL_IC|*2WJoAE_2;BB=*buZxZu?#*6m4l`9Dv2!$24fxJg?9=7>;3x=N64849y^r zw|;ufj3Q%x^{(;!@9(nRir6)vBj<>?Faj968sVHyxosX4{ z)XN0y88bo%zL&cn=ggZvKP+S2l{urLJioxG)ewjaF}#Y>oXrrYP81q6z1U;T&}8xp zZQo-4sGLdjV$#p`r#37Z*Zy)4-)${>%eZLDVl+U@$b2b|IE_;- zzMMqz_wS)z?ty?avhUUo2braA3wVs}p88dY z=?Q2FdAnT~VYCTRg8ws+4SK#86xeen3$r8oyu9WVY?;*kp{vP*8=LVOX6s5E@H
UkMZ?Utbt##RYgBxQ^g*bbNtlf(kyol#LLr8!IG%v8+1C4`(p1q0h6qGNlZTN6 zjE=%&KjE>%NsMBnQ;(*T?5wppaY72)M}Q-#RQ!!My6B@LAW$q&Nxu$PsNBZc4fk%v zty}w-TAm#qGNJBgx~!iBoQIN7E?zS_`u@8HcQBOoGz+*dKvxkRB*n>y!O&>yg9_(S zWVO;(!nV!QW}?x2yK~W+v3@lIlfRo67JKZxb1IL&by2NTId#LNK^ORAM$d(f>Y7u0Om4$KE}+L2vTg2dRLHoQ^{Q`u;rTkv484fE@I6pTDBpeea0#phEbkOE&D~c?}_tZ~r=A z=yYVtQcn5|=uzj-4DbFU1HnU}f-}XP*7wtfotz<7Z$&QwV+CouOu^0dum#YlKcZ{V z`p#e?e+V4g5~p8|a}YrXP;M67zE_DS?A(rNLUhit>=&P-9dZ7;V9`UvB)ien<*9yt za67{=dvEN?|Bj|k7Ma_9-+-31|2wD_+#JPI3fwiYJm8hN$Vu{g39l#KVe?ws4ol$v zFDox7e#c!b>U;Pob_gqb_lC&%cq${WHTqyMebd)!4hG`@7 zanU*()#Yb+iBfvOt1d@t&y3J8?76voha$IEuceSfLnZ*}D&s&H(cbSY$qnnEJ&g)} z{_WxAwtq4iHSqbLIzLFat!AI915>Im6Q2}=-E+<8=j*v0p77(}lJ)x?I})_8x9Z41 z_P_Oq;~ps28eN_)#EFADM}Y3p?qVe=795b-xj*$L8I9%J_oACF1v2*^bW#`jot+7b{(_(y`r zw(r0nr%PnmXH{9Z`Zk6AL7yQ5@Lt`ieclm9EOgQ4^S zlcHO8{WP6dHDxq<9ag3$(G9Ki%Otf&PEhWM%!;wO)7m3@^ut5%y!7(R#z&y0(gAgj3#8g>AyANg%8RxIYKGmdi zIG$Wsz(pmm3wV@XsN7(nC9v^q6coVj950^A5ddBilzHW(q(Ug!YQ@v5G#e;Ns|q#< zxE+ICT0h>N8ZaX|#XH*>WG0jew4U=dECaa>fx1s&F)_HvMyW*EP*#in-Q7sp@hJA6 z7JGYp8fu0Zhz}Ttcr1nl@7ey=u%!QfP}B3%Gc%)F+ppH=Irf>Ap{5&#lpy{|=Bq!Z z;fpRrX40s<*U0b7&X-4~3VqS`xsf(q^z~~(DO&j2|6D2>eEe$PZg`kyn?o<~UHj*? z>%A?X{2;AO2-hNz#qrVe*-dRye!6XMKlaq(TCFuZ>i~d{r!xXYCgr0=q*Ck6S7quw zfAaP3me(FKIdiuk=v4YhB@+}JDkN1yz6)~YNu2c%yPPj+wg4}(u2*o|G%pRX0@s`k zZ2Lq|OFt#PMqzN4Fwg38>-f%>&_CCrp7-1OWU=jq9@&cow!)Gu@grh;);pd@<4(h2 zj6a>PClU$>k)`^*4TLERh6z#}>iIrQLSNyUQu**qaZ3_kwxr|JGdt#)Wm?`^9T_u;C4ao zdH@zK_EBEFr=BOQ8Dxv?=HsaG^xkwHY}S=&>H}x9IHH4XEQyto*}{@vUhf3o{zyHG zkd1ecwGkS@UxvKJ?Js+56y4Sz`0p{GGN5H1g8^-lGmCcJ?CEB$Hrn^IWZPai<-VRM z8Tc6-NC(*pcndj~nfl91HoRnIgo--evoDa0(s2+-I16qYQ8klk?CL_5`jctk!rKD; zsIAcCLCO%}A8TH8TImVPW}AC=PmFsc?+IL=WJRo z?NUN!AxMVYQ!17MKk=YLvD-$a|DfS$=!*EI5@(ci07x!>blS`&mTYd@ZYTyu{LFzR znbVJ%e;UvqdXZl#VsH)bT(0wcWl3I4Eci~dsUWFg=<VJYE79=X_ts}yHBvtNB{5O=v-zv#wWkuPj9TuM-;+NH#iiNH46{RHk0TV7nJWSwX$t0yEW* zkzv+ghMi2KhUT+43Uf^h#~Ov0MOd-i7KMt5h&jQZ$zd~`m?oscrAJ7$OGE@)&)!AM^(gtGavc-wV?};!#hGJr}aDSF7JLl*U|H~&> zB>n!rLL+y`zcR3xX1+P!VsUgem`rJ`CU815B)LX`AfC?7bTlO;$AOMqE*XUKq+-Vq zFWsT@LA&N%`-5ZTDRpj~nuInN?{iY>%{q9 zJ2v#(k>;aWqYeu3%t$EKM&_BrX3k=9oL!$$$93SE__wDgI=$`KEg^G>R= z^zv(ZgyxM~h51$z{CE1HXrqqiYOPk#q?tTfJ>OLjdl}9ctR|0%l*0+XYhh9LB98vbC$U9FbF5L*Yy~ z02aS$Koi2ZKh21Rjq0%#9X%E+x05IEZysoMAh(mm%?jz$!|5XUTZiChCzvxM?`wAk zbLKX`+x9NH-vt8g6)^iK3N|vZj#z_-{m@yx2SKT-6$e7ufIDNlL8G{Rj&$DZs7{3` z;^YP2_C!q06?G9_wOVXJXI{FHOCsaiB*l(EWTSf4TFU9$aO%BzAxwYTe-%)wOFy3=gXfL24>)x@1uLrNdJ| zcaKw=#;W6Pj#hwodtEG~1r=oy^9_Dn)DV}Gu5Bc0BEkf;$% zYR}A(+7cj@-A58H515?R6SilqYHq#0z+~*m3SqZ!mF+V2yuJpC%Yas2t)Pl_?*zFR z0;6{`Vfx`5{qM0xIbE#GJ)!QEz)Un!f4@Tox;I?dJawOVWt?=>-)_7YM=vY>c|Iyt zRy!84p~d_~-AOt)Xv_1Brqm77BSm?z${%$6#^C>v6I6`jBLO)#V_T9yn(V#hBjP_e zfI>_kKsYuieDs~F5gwe7H_`y&k7~NBqAJM@Bw}SxRepUxoHRyIo(=?D984HuWwq=U z)BvRdU+F(DGaHRx^0GgQEJ$R;SnMVS@oY7nQz^9VPeE7=T1Um`DNhw5t@+JkOT@^+ zijodBR5ianF-TH-!eu9l^@7%}$j|pFR%yUVk=W=27kDZpm#OeY3bHCxjYM_qL`>5{ zCkS8EPsp7;pDu0L_^O(6EY8LfRts342O$Lil=&EW3~LtTySfWwDNYZ;38v}4Nw-io zpjMuro6SC)Pf{N$u|JLJ4ja%B3%G^SN%&SEzB`S??w_fFyV>f1o}$*IIOj+e6aTw# zVd0yFf)O@R9(IBGZFmSmZ{gSb9iyLeyjFbD&!-idRsN^%y2?x zElP!nhM^jA7mGwm<~aHWd7RzlyD2f{_MaF+DB_v1weLu*M$(?s^f}xlko}pt1gjxuzm>55sE8YhTl+52b+%{`fhRcYvY&k7b|9oLw%IAuiTg$X?)YV{yk92G~ zxnanjuT?6|5M7mo=kpA^%9SbFx4k|$TigWMl$3J*ktI}By})CB-HcS+O$(a;b&B(v z0ZBTY?|A#QzipO^RzVt>B^_rXhei!rUn{0PPKFUwqBAyErN2?=3;CWEKki_O{69eeI z#&fs(^4%J3w~Rwd=8^?b5fOJx*x>~XV>`8A`ALJLU22nOokQMLBeXv$^_$`?u!at(gUDr0BM*+Iw_Pu_?gkuoc7&Ns{&jsZo4(%C z);yhV24N6F=i8a1veyBgv2?`W+$U4pN89BpP52n zn&vK%Td3fD#i_37tJ2ZW*UtcPPN!3bQrQxXg%rLKT_o^)jo#$9;DbuWVOC1pO3U(K zzD%HM_bZcu{4Kcy>=ehe69d|fB&5Yxhy&fmn04R#!i}TvQp06>4zkrSA4r->0B|Yrm#C*zp1R0`nnCbG>kF*;^(J-PL>sSo}b-5 zBa$nU+r`W$aO>Q9t%ETWq3~_NV8&2r*hNig?b+;yh-VM@4K!e?*T1h5=C?JDkgsmD z<4eOb($c2Y$oEd)G^cI;dBH4jI~Sy}IUB!2Ynw`y&eX|>=*etqJd@`UzmLV=_ayB$ zlIM0PCAUw7m3u<>9asKN_TVp%B%eZ%9&Yd-iXxr|nDYP8UM=55*9q4?6_8TtN|re_ zx#%$o)c8m&lq>0G>iyy7e&a793~RU!@lmqU_2OYuGX3eTrb+L*r3J;D0AgOi(%2+ub-=V4=N#G7jdminmNu2td zxXkpu9Jat@2MQB}gjC58QenRVE4BV1i@Q}s)-U!igr|ay9x=m@LamjSeMpE*QF$6mgyP`jfwGk9H<-!E{t*G`PwwkqYdYt!Ua{Zl zB~H0K&vKBUU;40G61ofCx!xV%1t9mR&4|UXm6hxhON(ea^(01pf*5)~BVwZUE(HZ% zm$R8#LvSPF)vTFzR@>udoAn*d9=)!NCM%;)xC=T@YKPybN@(8E_5H+7Q!g@P`J>c9 zB~?|oFqpIX@vIdhxBxScKrQSS3Zk3Qg7T|~(Or$Gc~!!nsWwBEjvihX=1T>#Q17PU zPFJm`={4FawbAFQU=72{&vrQz?&;0q(DKl7M4!^luee=P(l6>K34YC4xGJGem3)ni z*`#Kx#my}+qBouQ*&B}OHc;__W4)Oi%3P=A{#5qbAH6PDzjx5aY#A?|zn%EHTyBdo z=MO$qxa`*US8e8B&-;u*lT*A;)^LLI;v>`nWO&Hd8@A_Fw4v@f6yI7WDB<>2YTume7C`}{l6ovPu( z@hHy5;Au{wlaq*lzGJ**l5g_}SK|G09grhk6>^zA`7M{pL1Nv9E{~0PvV1;2UD73Z zi2gfYo;JFdVc*CNb-#?)&SBi|vIn=bfyw6eLXUg8D2Lx%z+|zYg1bV}wH4UK-+}1C zEqpVz(UZ-37ErUs#sSf)*6$%0+vht6Xef3FuI@CBMBY8|8rRqF*k}i*X+FoH>4|Gn+gE6~6)C zTR6R>E!Y7l`n*LCea0#^xd+D}sAmqT4$r0pjLY*4r+P&CuZ}56@F(ElPf1iG5VF{I z$gY=r4?1)U_^fe04&M6`i27cK9$dAv-~3P0&0RYimklabUlDP2^Hg&;Hgm9=benE# ziYIzHzPfqSAyDiD0+IP|*+wS-KpX(o+C@7)t>6a{Ps9m*?=>I!`~@E^wHK18&3s~t ztzPTsGZ$4NMh<&edmIL-%)D|u_woT&4Yl@X_L?`5#@pM$JR^_^zv`1FV4mr^+J0a) zpDHZzkngEw#Hlxv!*xP_M!j&o`Fe>4lRxrkcfGv5o9;34d+qq=+YkM#RUjhh3vUk!K1`DA|xgu>`Aez-2(YNAcfFP40p|gPb8=%GP+; zf2N-eV+E4^>ZfoEFh`1bR$lXPg1v=Z1gU+B9|6Y94YRbud*<-IvmiseIlP4dCO=6rCgFxFs23x^bxEIOUaWMWOwNvT(~ zPR`VKM^kg<=$eiJLAXwn(47`WMXkxyVd@$+%s(0#K4sbmR z^K)>rs`PvzgyDp^5zIh64{Yz>3I;bw1+$l|Es>#QuMc9bv7n$S_4*>slwE!$?Qd~^ zuJouu#;M&dXD+p0O!O;+sgNJ^lsi7PJb(XAj$45Lzl_2T$)=CeGvxoqgZ@1!o)Sp6 zfFzfb4}D?_RhEzAlphCbDpHAr^eZ z{hF`RRQ4}7kQl>VqnW^RsB@qbaXO$aNzP!i+4z%95|pN&$x*G{WTjf;%fBR}z_P!$ zS5R2E8;85d>^CM6ValY`WVJ{km+?akkP{$MK?vBus@Yl4pyS*VK$NC5-K# zUZVJ)6&9d-yQ^x{%M@}Tb(1XaJwny35%%4#cMNCW6_;7(SbyLST3m3o7OfYGp^_U zs0NmnN90oNuRJ!CyZP~mSF83j;U9?OCP^<$@Bh4ZV80pQMf3K8 zg6|A$RD*x@s0@e*yS>-o$l3Cxrc`aWZS;o2$e!QH~u!#M6g&Mr)MFH%v#P$iAz zddKz;`b;jW+t(;IK)FRzd_KPAa>W$T?J9k2xG78vE@mqi0$AjH~@}^;nN&GFm^&z`+Ce zAiIy$m4sNYP#Z5zHy2cV>gEO-djJm9U30CY72BIzl>hyN6-0F?EF{kBpBDlrye`OL zwh15;kVYCr-o`{IQ;#s$bfSB+@VHu!g#P5A>f3qz3rof6&BcrQv{cO-jZC$*OhILw zPJpHV^-%$vV<#D(oeBN5L!LM`C>HuJ_p}M&&fjRaL)3J*yZjUrMkbY388b5*kYaEK$Z8D z0yZk5X8kr^qo>p0C+9;P7}$JM6j9J-+Nn9G2?kE82>9r_U$yr)?PtVl)1Yx`D~QTCWS|Q3v)M;c!<1J`9%j z1i?rc4JDFD!_4$Gbdc#qWUW=EtcorK4#b*hz_@>0{6c4e&Bb_0Lh?|Y z^!hn`NH6DGuK2tt44t1Jjs#0qT9&O#mMLjlZdpz}MjZ}sK+ESEwzU zh~MhJdMnQtsPPHmG`&^{n^yrw`ah(q7)2 zz(Z@jB<*+7nf&Dq2&msm`_^tZ-p~27^^LnF<6qnU1u!L4#(S>CMJ42+^$h42;x$xD zNw71;GL#5Y&j=n<+`9f~MjDN7J+!CudwZ^P`NZ191dfx4|2orSx*oS{UJr69rww>G zkwg1rLVrf*O4@tieVt*w>K#}58+p9NsGkI?5I&#GFW4LGg&~s@Nu|yBG+AycwaywV z^w|=6Fp_k+-Q)XsKG_e8{BwASpQv-6k>c(LGQZWBMsSF%F3)(_L+SwpRT^^&0T^~jk)y3 z04OLD`xnBUYToQxD|A8Wuojl^hqKt=JON zD=Lxt8YLa2tsEmKWPLwXGWPM{Fp%Wp0#qvf~v%lvb|& z5Y2gmHpOCpE5)E!Y|+ueBM~n@-E3HA7lmf^iuP@CJlt+D^XYQGX#os&Gjp$?R~Lyb zU*mm=2l4Hotv)e_6p`JnPLFxZTtE9Q4_)B`p+?gQS7%ndWE%C(t9D}aZBI!41(Zqy zVqy)Ci=|5u;;pFNulRUCzVv%}NdhvUBCylbfvm`v255d#E%57Z7T|t?g>@Zi zzfcS9GFqXK&cG3S02#!ZFIn_3JKO9Ghxce~I0knwC~p*h*a&zPn7xKe6H=3DzXByp zNy!fSps%2Y#IJsEM1&da^a}jzdTUoSW$(e`><#(X^CkgAieX|cfi6$*!MV3Yee*TV zAGyA_yR&ZFv1Z7}EAZG7LP)#xB_urkq53XiyB?iz1UD6x=17m`yf{0`q&D$vX z?NV$dL=+fmvX4=djg?YrXHpGP>_n_MijsHL;f5L{{52A9zPE?Aq@Tl`@o>}#s1x|4 zcEe#j4OR~sD=WHUA4{2x`hJ^>5Jlxzb7gKDc~24>e0b7Dl8A%QZ1}2xCNag56(h>* zh7o+@#ES<>W&)COs4Juhp`1h#f){8%V*M%Ic*X>Rh>ZCjnDF7469^O80@ifib`enfR4-KoEXnT#mxuuV#C`dlLp89 zPxhF-1WntcM{2(#$2+hYryIYi>6!`3QRaLR1aYukjeM(O$S&#p!Yp);c+Ht5Ep7*d z;DX3fR!joBj)%|@LNB3LPOceaQHO`cRKc4S@czCxhM|0|$Ty>=Sa~wgUrQCBuiKZG zu`xCmPP7SQ7a6=G`af51$}j8phf=ic)E>pZNJyi!*@r`?fMNKVaM zA;lDcvrbg76BY4%I@|R=S6ux+W6Bo7JTwtZyozl_Q|WlywqNY4*d*lM=MieDvqW6&zq?;dmronrzz_{jc!!m zU~3z_=``~p>*kb8Od@bpX_IIt6RNdH5l0D=4jwOOtH@cipxQgygI0%!+6^C*C`QL5xzi(kVpQmt$dCnfHZ+D8g?7 z{C5oWiOtjqET}Va+M+P+j6k>G)-bX_kwEHM3d}U|rFBn=$>GqY9Vua5kCGHY;;w{+ zF@HPW{6GvAtVwH!%$x|H<&UDBb%%AEFFTfg4b} zLH=v`bKVwsXFRI#n&9riL15PL8}Y=qq$Wzkx!R|`bL z9?i2|D5z8wkwT(_2!XtOv-9a~&!-kRN2B#>y>5r==}f*Tuvp9*s8>C^ERHY!`uv2Z zuQLYv0@j)?XYzGbF@2gC!qy`2^9lXlJq~j#m#Vk@GuDb_%#AG9n_Y^flVx9@E>?rc z;}$E`zM9MsbAV)k<#M;~@f3bxK~k}5+vqaT39DYMh4`8;o32!?-9nLF_4>m#JQhCq zD)a%j_I)r1;FQmvt~L_~RsQH`R*Rdq$5+|ktMNm=`!$J;BN7f+_ptP;`bxYlL<@A0xumY%~xp+)vo2{dRq zw&Fr=!1cp#*~Y+FslhB}HT*!%{-00W=j}P+0Kg*Mg#MZ}Xt7x*K*d(<(c@>cw=?pd zX-zwkARH*6w)UBW*dP0>1o}CcTwoW_sN^@>&9OGQ(sl$aXW9!3jVskE(NwD|$^r>Y zLXzEq06yWWF4SKbQm8bjBy0n-Xy6MOxA$l1s@2wKlDF%*am?hP$JRG6X_Q_ZPrJS! z8!x5YXtrICb%6k>LXh&F1Hsy?BZUf-#-M#B<3h^$#%wOVQ0@eUI}KDZgF^oxO4&fr zenlY9d6^($eYVPSWQ*8^rL0Jw#e)Z_&F25gwCnl0EIuY+`<#NXzYe}bb<5{uc2{yL z6O6`=bLvy1G~Rb*2?QTDZ-=)ANhDi)Q=d2Q;rYD8q|cD^J!Vgl0qnxQKIgPsQ?e7{ zL=o?MMz}9=Zrk^wLdnEj&*z{2?%h)hIb-|?3nW+&zHk?6enIu)a@zjUs-`JUS@vD@ z)9LF(>~<>5`JQd^9wp8qvOOdVre>OieNOmz zz*Kex{~UzI7KUdxyEUEVO07VbSPqX<)iK~>LsO_$sP*M|_O68ZuNd#|JzlKJFZLf) zU{yY1bL>dYn3r{WLft*wq$jNK-}vs`mJdAV>vw3Td)4Sx)8)x5Nxw{4DO7##)297; zoLr_oH~*iOvj4Ne(jM)He~42E-oiEif?hL0`KIKRk7S#vzl%y}6diGCaWN{+FCiU) zV_wI7gO8x!AT7LyxF8@XVp3wlDtBPT=^d(2unWb*{LBh+!p) zrUkKZlPXIZ%F4p6d!vJ?yu>>Za@0tM#XB%19HXJZwe849E8rO*%*yQuqwGei$?V@Z zuxObNpk5*$z?P<98Om>SN%L>SJ)*PvQlh>&h9SG%iYP^uDWOJ)9SBZ7Rww)a&qrui z8e~G134vZOy8QUBg5sP%L5XB=F=U%fmHm98y6sAx!9%voD$v40MnU5RaUl>H5n=iv zUv=v=5>LaSJXBA8MpY9_jxTC6q(enRWhOU!!?zbge@4#8{1%56j+xv*@E*J)-YaM1Vn^Kgr8askEA*pP zd<_LDDE^jy;zr;>O6|tU-7%0&KYlJElRtgR(w|T^kg@*%zNmpegqFDbL@|+7X-`0v zhi+NbI1{-`DB)p@u}Z(?&+slQfIHSg^!@P9FHHa8$dH07WNzlp)e5Rs&km>jaVYp5 zab=+VZ!$n3w?w>gMv= zx`kT9AfSL|pjmW5U(X=T5v{`4d% zA)J((+Z2cjLnGtguH+6;Fw8VkRlZ;v=z)`9D@HhQ4HO8LmYCWXRGr*SsV~|5e;)0B zCjnWl$*FvF|DO)eyqmh%L=`ZZlrMzm=lW0npL6%$b?d85B7Zig+(pm@)b8^+xROi+ zHWDK?X)yRb1UZpw@ZDRrPr&8}k1KcAv#^LZ$_46(wsEA&9C$KJ&+&$s{zs{-Ms`*? ztN#dUps{HAj}^XC^{rVT3+h3*+!joGP+B1c%X?f8I=N*^de<48)})Su8XGq~zn5?k ztYNF@Trepy$OW1jG;YX})KK%{DdIFZG>QeRp+W)dwV!~tYUOKu2!E%18Uh8yPw0;o z|L3Tpta%+7vU}q<8q8=Kksyz>iY8 zgFRQu0DH zp|h=S-cebLYLsk|DCF<7^*wQl>W`8{LXOa2>&9ce7;yM4^eKJWN_N>86 zJtnoUY7@AWM|7ThSdAshj7~nW16#Z~3CBwpr^yhcnzgiUM{=j0+7z|T1g^f%GjUsW z^7upVFWAO=HG!Y7K=IH2-7rQ-OIXU*xv3_w#p3X)@xoQSd)a(@lM*pcNq8%~uX;RW zZno14WiF<1b8X+$d0~>7ndzdHQmm}Zb;z1PD!?3(gj@XZB~L~~1(SC+xSWMdiMEt=iKr5j~*=7&3Hf$wOS|(@MC#v zwkN-SE<`RWE?%nEo&m3i=TuG6eyN8$(r8_#o*$eNIG05VtSpeM385`0*r5ntEZD(A zm_~1#`O+SPAni(w8g@N`q-HD?P(~5x3vS9=G$>LTWvgQTj*hY1MmW`kD?22PI3ozD zWtyOFGtmOPFgWqHfLp@8_MiCtrJ##(?Kb?I4+8h)o2c3lcZ|yV5kRY8VH3n6%H2~g zKar#g{{7=vw-sHinims&%q$$7y{I!<{p3dk3d&=T48>qMM@bGZogCEBNg?^3psDDTGFgZwh*ol$8=b?5WPwtweF!T-G%f2^rrnyju%rs(pd3u0?Zad6PG2-Y?6Mx5qb) zgMHqxt^FAdQ@)UA-B(ze+?K9IqEq9iK^ZdNlk@|0#MQDfj7kaBGBoktv`w1UE98dx zeYqM-G6I*DdxBd8C4ra>_8^vB4XysVXTId``S-C^bWH}oQ>N0wiX-R9NheZh6iG1w9ViI70U7*f3_emw z*-!{`Z6gUNN_i);Y@E9abS;s3rTIBaxm_zAS@}{j6}+$ueKzxFyo|fW!fMt%UBz2Ie&9z+AN?BDJS)-zO57pyD+Y&BoGE9hycf$bn|a;0wVd%I|O9ds0Hun5}0(mrp`MEU50# zFbzdXFS+sOy?Y9yL;kRGc`q%9ZC-aB!E_@`4&=AY0};7b5UU^Z<~fwK!MPs-?NFwp zBWE(r0yE=9#s4ilE1GC}=sTNM^J8fLjDL|^@;R|dV4YW1n%_qzuP6G3p_P)%gPaYm z`-9YU9`$qKc=>Yjq#8TagJ@KLBBZ#cG{lT1eT7v-0{M6febi$(1vV}&G}r@x zi&3Q%%cQE6Ek$B@K!!f_1_Zr5UJ5!Mz#OGA>C>#?Bi!sR0@d|cZ|2qQCSwW7G@v2X zAdlaw5wlS`-VSh{ev@7cM3zWPliU1|;8-wx{T71Bf>@>+h=Jp@obF`$BZ=U0e{X-P ze7q1M0AmbF0Ny{jMGV64HcBuqBZvZn;i@B39`%!)+=?np>Ab#CdZQI1K6%2oN9M%X=zOc*~3RA1&$$%At1sc zD&jYtJEmrxRXyaQsWbs@Fx-=WE)U-6rBe4Qa^NEazw_IH*!efr3W{v}h|UvMtaw&f2mnNu zrjDhi7f(tqRU!h_T&X-78Of*>MF_Cwv17?N2ofG14nmYADwdAa>e2DN&=Ql_-gN93 zNg{SIouo%uLS+kF$r2??mI}iZj7E#91?H?Q-ePh!Dyk~RR@w6gl6B|Ko!htX0F8>3 zRuoQ>4`Oxi-hDfEM1yBdPELu8EK#vyg(_7lb0;_v0f*(n!cuZ_a>C(+y?giW-o1yY zVL}urvAcKgj*pK&a`XsaFhHfm1z1*uBOkT=2?<>hCIXp-1FW$6q-?kzcd>hW*PH(bB~tioCG5a600000NkvXXu0mjfjCn`` literal 0 HcmV?d00001 diff --git a/filebeat/module/misp/_meta/kibana/7/dashboard/Filebeat-MISP-Overview.json b/filebeat/module/misp/_meta/kibana/7/dashboard/Filebeat-MISP-Overview.json new file mode 100644 index 00000000000..909548471d0 --- /dev/null +++ b/filebeat/module/misp/_meta/kibana/7/dashboard/Filebeat-MISP-Overview.json @@ -0,0 +1,417 @@ +{ + "objects": [ + { + "attributes": { + "description": "Overview dashboard for Filebeat MSIP module.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "1", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "2", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "mapCenter": [ + 24.686952411999155, + 12.128906250000002 + ], + "mapZoom": 3 + }, + "gridData": { + "h": 24, + "i": "3", + "w": 48, + "x": 0, + "y": 15 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "8.0.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Filebeat MISP] Overview", + "version": 1 + }, + "id": "c6cac9e0-f105-11e9-9a88-690b10c8ee99", + "migrationVersion": { + "dashboard": "7.0.0" + }, + "references": [ + { + "id": "8fc4b140-ed36-11e9-9a88-690b10c8ee99", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "7d369390-f105-11e9-9a88-690b10c8ee99", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "73287f70-f1fb-11e9-9a88-690b10c8ee99", + "name": "panel_2", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2019-10-19T18:56:55.244Z", + "version": "WzM2NCwxNV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Threat Indicator Type [Filebeat MISP]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "misp.threat_indicator.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Threat Indicator Type [Filebeat MISP]", + "type": "pie" + } + }, + "id": "8fc4b140-ed36-11e9-9a88-690b10c8ee99", + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-10-19T19:03:26.386Z", + "version": "WzM2NSwxNV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Threat Indicators per Month [Filebeat MISP]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Indicators Per Month" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "M", + "min_doc_count": 1, + "timeRange": { + "from": "now-15M", + "to": "now" + }, + "time_zone": "America/Los_Angeles", + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "misp.threat_indicator.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Indicators Per Month" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Indicators Per Month" + }, + "type": "value" + } + ] + }, + "title": "Threat Indicators per Month [Filebeat MISP]", + "type": "histogram" + } + }, + "id": "7d369390-f105-11e9-9a88-690b10c8ee99", + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-10-19T19:03:46.399Z", + "version": "WzM2NiwxNV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Threat Indicator Geo Map [Filebeat MISP]", + "uiStateJSON": { + "mapCenter": [ + -0.17578097424708533, + 0 + ], + "mapZoom": 2 + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "source.geo.location", + "isFilteredByCollar": true, + "mapBounds": { + "bottom_right": { + "lat": -42.68243539838622, + "lon": 60.99609375000001 + }, + "top_left": { + "lat": 42.35854391749705, + "lon": -60.99609375000001 + } + }, + "mapCenter": { + "lat": -0.17578097424708533, + "lon": 0 + }, + "mapZoom": 4, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "colorSchema": "Yellow to Red", + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + }, + "selectedTmsLayer": { + "attribution": "\u003cp\u003e\u0026#169; \u003ca href=\"https://www.openstreetmap.org/copyright\"\u003eOpenStreetMap contributors\u003c/a\u003e|\u003ca href=\"https://openmaptiles.org\"\u003eOpenMapTiles\u003c/a\u003e|\u003ca href=\"https://www.maptiler.com\"\u003eMapTiler\u003c/a\u003e|\u003ca href=\"https://www.elastic.co/elastic-maps-service\"\u003eElastic Maps Service\u003c/a\u003e\u003c/p\u003e\u0026#10;", + "id": "road_map", + "maxZoom": 18, + "minZoom": 0, + "origin": "elastic_maps_service" + } + } + }, + "title": "Threat Indicator Geo Map [Filebeat MISP]", + "type": "tile_map" + } + }, + "id": "73287f70-f1fb-11e9-9a88-690b10c8ee99", + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-10-19T19:04:04.029Z", + "version": "WzM2NywxNV0=" + } + ], + "version": "8.0.0-SNAPSHOT" +} diff --git a/filebeat/module/misp/fields.go b/filebeat/module/misp/fields.go new file mode 100644 index 00000000000..5617eddd3d8 --- /dev/null +++ b/filebeat/module/misp/fields.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package misp + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "misp", asset.ModuleFieldsPri, AssetMisp); err != nil { + panic(err) + } +} + +// AssetMisp returns asset data. +// This is the base64 encoded gzipped contents of module/misp. +func AssetMisp() string { + return "eJzkPG1v28jR3/MrBvclCUDqeZKgwMVACxjJHWC0uaSxe1egKITVckTNebnL213KUX99sS+kSIqiKcWyLTRAezaX3HnZed8Zp3CLmwsoyJQvACxZgRfw6er6ywuADA3XVFpS8gL+8gIA4JPKKoGwVBpWTGaCZA52pZFZILlUumDubVhqVfhdZi8AloQiMxf++xQkK7CB5/7ZTYkXkGtV1U8G4Lp/P/t9tnsPAJ7Fl9sg22CZtYzfzktmLWrZLDeEX/p1+LKzblZK24saBbtiFgRa2KgKjFUa484QdzatT/dQ06Ko1GpNGYKpylJp67lrSuS03Dj+thnLFqqyfWCzNiE73BziR2upZg1lHdQErlFcAFcaO8/D/re4uVO6+8UInQBXGUpLS0INagl2hdvDy4gzq/RsDDn3/6dE7xdWYI1Yl7mjaLX2HMIOv1mUGWYDGFr8Zqej93G7eASWtyTEnK8YyXm5YgbNgbgezM2bFXqg4IGCB/rKvAar4G5FfAV2RaZHgTtKjaZUMjMD1NS0cFaUjPIB1f2wu3Kv0ta7tVXstJpbQzxPna2xfza6OgmhJ9TSSfgxQUdo5WG4XQqnZMzSGj1UA5XBzGkkhVPeBKWchPCStLFzgzjIzz3nnDGLh5kQSwUGrfWo1QoOd8wEFMChkABJ+Przh3fv3r2HoG6jyAv21Lg7DI5CXS1+R+6O8JTqdePw9bYHMlySROMluabgpTN6VDC9gVwxkWyRSty+pDEDVVmuCkxAaSAZJBhwuUQ+RF9j2lWlDc7Vcs54T1drE+/fcLp12X/jXlM/YIqb3QK82TTLf7mDBjhnJuMuYNktSkCyK9ROv0qNa5TWvxE8nvLPo7NzP26XPOJknFyUWuUazXk6ij6LntRhOH10MIZM3oGoPqErmYDn9rQdfXazq0FXuytHaE69/0SNqYECZxI0lhqNVwhuKyZ8ArCmrGLCOIORM0n/8cD8r0HYTQLMwB0K4f7LBTMGjWPFpI/PUoOudnj87DRnEopPqDGT8Ktlee6l6tTMdJ869KJCbAOERkfCFgs0CeAsnyXOOWyl3Al1W8xn8LlECb8qzhaQNsSknphUrWE8ElqgeJRkUJCxjmytBJohqkvUzsiYWQdRAPzGitIZrv6uH376PEaaQW6VflTaIsgh6hYolMwNWNU/L5lVxupNGj6+78C4kpZxOx/OVh9epxx5EWbHC7zCtGAkEihXSiLIqligTgAtn732KXCH/DFHJa2uDCk5N2gHvFW9DNed5SNcVmerqZGe7H7m47zgOzADg/7YWbZGbVw4vMAVW5PSwGTmojtVaY4G7siugKuiUD6mK1FbqpWAjJMNwnWwrgsEpfkKjdXMYgaLDTAwJHOBXa0/S4c2fALPz6tNxvMpXdtkJJ9NceEQpMcLDCN4f3ei3lX4E1YaHpeIo0sOLsc/rfA4/FeUr8LGAWAQ8z4licdJbBK4c6Qy7WjGDVjti61WQaZGiamN8tyDOjFVZDr1k7b9ZiISy2y7IN49NrspiTMhNnCn9K3pRQ6hXpDWFKV+v1Stx8iPdZt5oSytHyd6qEtFGplRMoEtaJ+flZUulUHnOklmA1wYpnq7yz0UG+RKZl2aTy/NDdRItmnTbdqEmwemvLldZeKOdZxlfbG7s3BELBU3mRhFxbdD8FTnPzc3X5oIiAmj4FaqO+mS+4IJ4qQqA1xl6GOp7SOjltZtloDGJbpgWwELlTJWtIpnBrWLn0j6dbMxFosEKlN5feJqjdp6O+JiM6edvkrp4zmuilKrgky42fYB8DK4MSbIbhL/bq79jy7YWzMSbEFurfbOa+KWipfGWXKWACtLQbx1+i4IZNYBCKjBq8/Xr/3CEpRdob4j40iXyhs2pSEjo6vS1jgFAGcZBu4Iz7MLAKdg+ISh3xT09mf2pyhmRGsDC3TyWRcwshn0vukYtPhR6lFN1XrnbZZ5TV8wfpsppZOFskmWKZNkWpUl6gS/lUKRTW/JJre4ESrPUSeaSaOK2kgUymLKOEdjUqvV70wmjcuM3wdvpFVeoUvDK6fZaWNotFLWAQDDNaJMOSttpTEx5cavx03XpCuT3CldjB3L+EV8MLMXYKwmmT9m6aJ/V298Et+KTBobLo1lkqOv5C6C/oyk91LZAR/0S/fpyR3QpYcY/I/Lw72h1x65UN0g2bmrX6NXUmcXVihKcHLiWBOdgV9zhlq6oA4Kh+L1zdU/4bO/CDPw6vrjZ+OWrr9+Nq/jbU/dKMCyjGIIyCQTG0PbUoBUtkbIO68YN1JO7vVwzzao9mdj/N1BjBouUxUuXjy18F/CQhMu2y8FX8CckEQkJiP9WM6gLsfFSGUSbqyyq0cqhMp2D5UH+8qJf8zk7sU0yPdc4/JRsB1QWRdrBp2NqTQGI+GrdM5E+EDORwwjRi/0tc2bvrZdA3gTOt+uBt641xj2vz1xo2G/Sc8ksbopfIGyYJav3JcP2ol4+uildnwhgilRpmsflniGB4ZQzNvrIGfbpzj1iuKjKpzb+M3xyAF8Tob4oObLNWqzx7Y9FIa/BhBHoedAnjTUjRJwMGL3+IU9+H13gnAQjkvEQ0TvMOTanXoRKwdvXNiYoGy+1Ko4AK0jK6a+k7xTgIssc3a4EpkLcbmShjLUmDnUKrYQ2M9USFoUgnKUHA+trwZyK2lpsB75sPT2y409aqUCoWSOeh/dbUJncBWLHVsK6vutjXOZqiBrMUvcSz6UDTUgqfzWVjNyYUwIcp03MTYeSiv1wK0Ut47ERWqH8tngGnW38WVKxvVw6bKX/hqLXif0lsjBJmhoe5kV5asxQutyFT+pTfzQQImV7NMR9NyS5vsb2++hfoDGgqzGuWXcEn9C8j5d3Xz9CQIa5juO9EqSJSbg0hdeJhCOfCXpjwqfnvYak+8h/6OmNaaLDXyoa8k4mqLtm0k6SdGuC23brbEl0BdKfHoUx6BcVlwHxb4u4RfrkO3t7P/hC9MW/gRp5zOS+WxiqPyvDI0l6TOPCyrhz/Dy/ZvZ2zfvZ2/fz978+OP/vXv78t/TeTi//eMQb3o6Pv7173+DPyrUsdPLp0sxr+h93+GvrfPTL9vdnYObyM0WM2dUXsAPfV7+MMZKiXk/uhhn30IpgUxOZ99vLiAw6CtsVlcuZupnXWxhvHPpDDvNd4adhnOpPU1FJzEb7RC3AeyJo2W41Bo1/APjTCdHM7aab2efpiAaqxqMd+sVJ0c2pg0e7him2yqSQb3GbJ4xy1r7xtLL57gMH7vLRxShO1tNLEU33zjsXKi2xo3p7O1B3zHTEOJC5HBLGApUEq3vB0jAVHzlTLNQedhP6XoVrGbLJfEEquYe88NmgTpi4KP5qHGc7e16P5u68p6zGMp3fWdRzdyTplwLzEn6q4Vall16c0cyU3fbCqM/ufaBH9Vl9CgEocxOS0poJD2GGH8nj/owegI4TxIV0fF4GpoZhdY1TKwUNxlum85ZaPf59I/rG5ef+o5tjw8s0N4hSnjjdff9+/dJ/B+Q5KIytJ5SFD9pLfQSMvIDJfHKY8dO1EVyf85Ne7rnSuxNXTJudy3XiJXWWCo90PD7tf/8CLsc9phokMPLxveScSUEek7E/rNYRtvWPGCpuL8mUrJz/WdVSbxlkVnnYkktgXX8WFJffocGkjj5VWceSRCNzBmO+rqxXXPP0DISw/nk2Rjs/iEN2rXT9zA0k45hgm/boFAJVgft3cC0bmgzldeK5norSPR4y0N4Z9vx0Hs3iEga3kpiw1cMeZM6WkvqEY+kSTSSWppqxUt921HcLkicVUok60pI1LFXadQOP2n/zQTZeKwb18uOIntxiFdoJmh+VEavoI2yDpqhASrKaiHIrIYd3YP2B7svWv3BQcSicwk220WL5LvjGqxgEc6DOzlSuifqx80u773efZD7huuOqnZueG3dMewbB3Wct4hD73vP6p7sp3ufe8kPvMvd9V3tnSZ6sPYnwY8NzVXWU5S98bHd8ZOmM9G3Rm47L0OD5Hk7nWHuPrXrGb5ubscL416lbef3+hbGLa3J2ISrokRLzidwTQWmZhP8CPrfSTKRrBi/RZ1QuABKGefePjPRPMrI5LqSVmCWhEJTaqzbw6A0scXdQTPlJrGotdL33H8/pcch05EMpyOd371kn7s7Okj+H2VmqGnC8B3PcW5o66M6R9Cbk6vMeNbkx0xPir3XX18o74+2dtkMpWAbc4ACu22G9DdHaZOMtJ8TdbEflo4S6XRMSeOfLTUzVlfcVhrTYMl3nzPNV2SR2zpsTEOv1hg/n3gIqM3Q754BMqpckbGx7HVyoswtCZE0tTZfvxSY5RifMQH+Kpxk7r0zfvMDogaBdQWpt3dRGQsrtkbfXBqmp1vV3QMkrsuQAdmTSmJSkKTCewCLusCMnLVn2ZpJjlkSBlZz4knAPyEp1brT2zakps97HKvD/p1prDH+7hvO6nN2G6IlXFSLxJtsYxOLrEjaGCa5WqOWBcpRL3oeA14dNzSFj52hp93IpolOuELNHeRMuUBGcnTZshIq3yRSWaUJ7SbpnnyaM5JJidoM/OZCGbMMf9cn8X/GJ8ekkqXGjLhlCzF6r3tew2f/K6dSb/Ooh1IDnXAmA7kKaMyZzgQav9zbv2fJvOvsH8fZn1+TiCslBhLw7tNjEm+lxNSEWykREm2BOVkqmMVmMDFAa03HhBrDNpczbX8dTuLMS7ld1j1RNo1wSzKr5w2UEu7Hg+bR3Ed70+cMJTGRqmVqUK+JY9IZHmvJU5ozl864cC7exTYjY1xjHCPtjZ61p9S6RdrUcOavEJ9r7jzh+M8lOb6PDicg85FW+IfuM4ygam47jWPGKE7+FqiZXL4X7+/967+He7vJY4UO90NnCocvMRpX8Oue5SN8QmerybOGna9CiaAgY9mtAzHsJ0JaLzaNw2AQSnBO2ZzvhGAboDXN3mr2OG/3sYfLz87OTcfzTAzefQS1oI0sjv3w3wAAAP//tGgQig==" +} diff --git a/filebeat/module/misp/module.yml b/filebeat/module/misp/module.yml new file mode 100644 index 00000000000..d3b327c7eb5 --- /dev/null +++ b/filebeat/module/misp/module.yml @@ -0,0 +1,3 @@ +dashboards: +- id: c6cac9e0-f105-11e9-9a88-690b10c8ee99 + file: Filebeat-MISP-Overview.json diff --git a/filebeat/module/misp/threat/_meta/fields.yml b/filebeat/module/misp/threat/_meta/fields.yml new file mode 100644 index 00000000000..293cf76b0b0 --- /dev/null +++ b/filebeat/module/misp/threat/_meta/fields.yml @@ -0,0 +1,710 @@ +- name: attack_pattern + title: Attack Pattern + short: Fields that let you store attack patterns + description: > + Fields provide support for specifying information about attack patterns. + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the threat indicator. + + - name: name + level: core + type: keyword + description: > + Name of the attack pattern. + + - name: description + level: extended + type: text + description: > + Description of the attack pattern. + + - name: kill_chain_phases + level: extended + type: keyword + description: > + The kill chain phase(s) to which this attack pattern corresponds. + +- name: campaign + title: Campaign + short: Fields that let you store campaign information + description: > + Fields provide support for specifying information about campaigns. + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the campaign. + + - name: name + level: core + type: keyword + description: > + Name of the campaign. + + - name: description + level: extended + type: text + description: > + Description of the campaign. + + - name: aliases + level: extended + type: text + description: > + Alternative names used to identify this campaign. + + - name: first_seen + level: core + type: date + description: > + The time that this Campaign was first seen, in RFC3339 format. + + - name: last_seen + level: core + type: date + description: > + The time that this Campaign was last seen, in RFC3339 format. + + - name: objective + level: core + type: keyword + description: > + This field defines the Campaign's primary goal, objective, desired outcome, or intended effect. + +- name: course_of_action + title: Course of Action + short: Fields that let you store information about course of action. + description: > + A Course of Action is an action taken either to prevent an attack or to respond to an attack that is in progress. + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the Course of Action. + + - name: name + level: core + type: keyword + description: > + The name used to identify the Course of Action. + + - name: description + level: extended + type: text + description: > + Description of the Course of Action. + +- name: identity + title: Identity + short: Fields that let you store information about identity. + description: > + Identity can represent actual individuals, organizations, or groups, as well as classes of individuals, organizations, or groups. + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the Identity. + + - name: name + level: core + type: keyword + description: > + The name used to identify the Identity. + + - name: description + level: extended + type: text + description: > + Description of the Identity. + + - name: identity_class + level: core + type: keyword + description: > + The type of entity that this Identity describes, e.g., an individual or organization. Open Vocab - identity-class-ov + + - name: labels + level: extended + type: keyword + description: > + The list of roles that this Identity performs. + example: > + CEO + + - name: sectors + level: extended + type: keyword + description: > + The list of sectors that this Identity belongs to. Open Vocab - industry-sector-ov + + - name: contact_information + level: extended + type: text + description: > + The contact information (e-mail, phone number, etc.) for this Identity. + +- name: intrusion_set + title: Intrusion Set + short: Fields that let you store information about Intrusion Set. + description: > + An Intrusion Set is a grouped set of adversary behavior and resources with common properties that is believed to be orchestrated by a single organization. + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the Intrusion Set. + + - name: name + level: core + type: keyword + description: > + The name used to identify the Intrusion Set. + + - name: description + level: extended + type: text + description: > + Description of the Intrusion Set. + + - name: aliases + level: extended + type: text + description: > + Alternative names used to identify the Intrusion Set. + + - name: first_seen + level: extended + type: date + description: > + The time that this Intrusion Set was first seen, in RFC3339 format. + + - name: last_seen + level: extended + type: date + description: > + The time that this Intrusion Set was last seen, in RFC3339 format. + + - name: goals + level: extended + type: text + description: > + The high level goals of this Intrusion Set, namely, what are they trying to do. + + - name: resource_level + level: extended + type: text + description: > + This defines the organizational level at which this Intrusion Set typically works. Open Vocab - attack-resource-level-ov + + - name: primary_motivation + level: extended + type: text + description: > + The primary reason, motivation, or purpose behind this Intrusion Set. Open Vocab - attack-motivation-ov + + - name: secondary_motivations + level: extended + type: text + description: > + The secondary reasons, motivations, or purposes behind this Intrusion Set. Open Vocab - attack-motivation-ov + +- name: malware + title: Malware + short: Fields that let you store information about Malware. + description: > + Malware is a type of TTP that is also known as malicious code and malicious software, refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system (OS) or of otherwise annoying or disrupting the victim. + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the Malware. + + - name: name + level: core + type: keyword + description: > + The name used to identify the Malware. + + - name: description + level: extended + type: text + description: > + Description of the Malware. + + - name: labels + level: core + type: keyword + description: > + The type of malware being described. + Open Vocab - malware-label-ov. + adware,backdoor,bot,ddos,dropper,exploit-kit,keylogger,ransomware, remote-access-trojan,resource-exploitation,rogue-security-software,rootkit, screen-capture,spyware,trojan,virus,worm + + - name: kill_chain_phases + format: string + level: extended + type: keyword + description: > + The list of kill chain phases for which this Malware instance can be used. + +- name: note + title: Note + short: Fields that let you store information about Malware. + description: > + A Note is a comment or note containing informative text to help explain the context of one or more STIX Objects (SDOs or SROs) or to provide additional analysis that is not contained in the original object. + + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the Note. + + - name: summary + level: extended + type: keyword + description: > + A brief description used as a summary of the Note. + + - name: description + level: extended + type: text + description: > + The content of the Note. + + - name: authors + level: extended + type: keyword + description: > + The name of the author(s) of this Note. + + - name: object_refs + level: extended + type: keyword + description: > + The STIX Objects (SDOs and SROs) that the note is being applied to. + +- name: threat_indicator + title: Threat Indicator + short: Fields that let you store Threat Indicators + description: > + Fields provide support for specifying information about threat indicators, and related matching patterns. + type: group + fields: + + - name: labels + level: core + type: keyword + description: > + list of type open-vocab that specifies the type of indicator. + example: > + Domain Watchlist + + - name: id + level: core + type: keyword + description: > + Identifier of the threat indicator. + + - name: version + level: core + type: keyword + description: > + Version of the threat indicator. + + - name: type + level: core + type: keyword + description: > + Type of the threat indicator. + + - name: description + level: core + type: text + description: > + Description of the threat indicator. + + - name: feed + level: core + type: text + description: > + Name of the threat feed. + + - name: valid_from + level: core + type: date + description: > + The time from which this Indicator should be considered valuable + intelligence, in RFC3339 format. + + - name: valid_until + level: core + type: date + description: > + The time at which this Indicator should no longer be considered valuable intelligence. If the valid_until property is omitted, then there is no constraint on the latest time for which the indicator should be used, in RFC3339 format. + + - name: severity + format: string + level: core + type: keyword + description: > + Threat severity to which this indicator corresponds. + example: high + + - name: confidence + level: core + type: keyword + description: > + Confidence level to which this indicator corresponds. + example: high + + - name: kill_chain_phases + format: string + level: extended + type: keyword + description: > + The kill chain phase(s) to which this indicator corresponds. + + - name: mitre_tactic + format: string + level: extended + type: keyword + description: > + MITRE tactics to which this indicator corresponds. + example: Initial Access + + - name: mitre_technique + format: string + level: extended + type: keyword + description: > + MITRE techniques to which this indicator corresponds. + example: Drive-by Compromise + + - name: attack_pattern + level: core + type: keyword + description: > + The attack_pattern for this indicator is a STIX Pattern as specified in STIX Version 2.0 Part 5 - STIX Patterning. + example: > + [destination:ip = '91.219.29.188/32'] + + - name: attack_pattern_kql + level: core + type: keyword + description: > + The attack_pattern for this indicator is KQL query that matches the attack_pattern specified in the STIX Pattern format. + example: > + destination.ip: "91.219.29.188/32" + + - name: negate + level: core + type: boolean + description: > + When set to true, it specifies the absence of the attack_pattern. + + - name: intrusion_set + level: extended + type: keyword + description: > + Name of the intrusion set if known. + + - name: campaign + level: extended + type: keyword + description: > + Name of the attack campaign if known. + + - name: threat_actor + level: extended + type: keyword + description: > + Name of the threat actor if known. + +- name: observed_data + title: Observed Data + short: Fields that let you store information about Observed Data. + description: > + Observed data conveys information that was observed on systems and networks, such as log data or network traffic, using the Cyber Observable specification. + + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the Observed Data. + + - name: first_observed + level: core + type: date + description: > + The beginning of the time window that the data was observed, in RFC3339 format. + + - name: last_observed + level: core + type: date + description: > + The end of the time window that the data was observed, in RFC3339 format. + + - name: number_observed + level: core + type: integer + description: > + The number of times the data represented in the objects property was observed. This MUST be an integer between 1 and 999,999,999 inclusive. + + - name: objects + level: core + type: keyword + description: > + A dictionary of Cyber Observable Objects that describes the single fact that was observed. + +- name: report + title: Report + short: Fields that let you store information about Report. + description: > + Reports are collections of threat intelligence focused on one or more topics, such as a description of a threat actor, malware, or attack technique, including context and related details. + + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the Report. + + - name: labels + level: core + type: keyword + description: > + This field is an Open Vocabulary that specifies the primary subject of this report. + Open Vocab - report-label-ov. + threat-report,attack-pattern,campaign,identity,indicator,malware,observed-data,threat-actor,tool,vulnerability + + - name: name + level: core + type: keyword + description: > + The name used to identify the Report. + + - name: description + level: extended + type: text + description: > + A description that provides more details and context about Report. + + - name: published + level: extended + type: date + description: > + The date that this report object was officially published by the creator of this report, in RFC3339 format. + + - name: object_refs + level: core + type: text + description: > + Specifies the STIX Objects that are referred to by this Report. + +- name: threat_actor + title: Threat Actor + short: Fields that let you store information about Threat Actor. + description: > + Threat Actors are actual individuals, groups, or organizations believed to be operating with malicious intent. + + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the Threat Actor. + + - name: labels + level: core + type: keyword + description: > + This field specifies the type of threat actor. + Open Vocab - threat-actor-label-ov. + activist,competitor,crime-syndicate,criminal,hacker,insider-accidental,insider-disgruntled,nation-state,sensationalist,spy,terrorist + + - name: name + level: core + type: keyword + description: > + The name used to identify this Threat Actor or Threat Actor group. + + - name: description + level: extended + type: text + description: > + A description that provides more details and context about the Threat Actor. + + - name: aliases + level: extended + type: text + description: > + A list of other names that this Threat Actor is believed to use. + + - name: roles + level: extended + type: text + description: > + This is a list of roles the Threat Actor plays. + Open Vocab - threat-actor-role-ov. + agent,director,independent,sponsor,infrastructure-operator,infrastructure-architect,malware-author + + - name: goals + level: extended + type: text + description: > + The high level goals of this Threat Actor, namely, what are they trying to do. + + - name: sophistication + level: extended + type: text + description: > + The skill, specific knowledge, special training, or expertise a Threat Actor + must have to perform the attack. + Open Vocab - threat-actor-sophistication-ov. + none,minimal,intermediate,advanced,strategic,expert,innovator + + - name: resource_level + level: extended + type: text + description: > + This defines the organizational level at which this Threat Actor typically works. + Open Vocab - attack-resource-level-ov. + individual,club,contest,team,organization,government + + - name: primary_motivation + level: extended + type: text + description: > + The primary reason, motivation, or purpose behind this Threat Actor. + Open Vocab - attack-motivation-ov. + accidental,coercion,dominance,ideology,notoriety,organizational-gain,personal-gain,personal-satisfaction,revenge,unpredictable + + - name: secondary_motivations + level: extended + type: text + description: > + The secondary reasons, motivations, or purposes behind this Threat Actor. + Open Vocab - attack-motivation-ov. + accidental,coercion,dominance,ideology,notoriety,organizational-gain,personal-gain,personal-satisfaction,revenge,unpredictable + + - name: personal_motivations + level: extended + type: text + description: > + The personal reasons, motivations, or purposes of the Threat Actor regardless of + organizational goals. + Open Vocab - attack-motivation-ov. + accidental,coercion,dominance,ideology,notoriety,organizational-gain,personal-gain,personal-satisfaction,revenge,unpredictable + +- name: tool + title: Tool + short: Fields that let you store information about Tool. + description: > + Tools are legitimate software that can be used by threat actors to perform attacks. + + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the Tool. + + - name: labels + level: core + type: keyword + description: > + The kind(s) of tool(s) being described. + Open Vocab - tool-label-ov. + denial-of-service,exploitation,information-gathering,network-capture,credential-exploitation,remote-access,vulnerability-scanning + + - name: name + level: core + type: keyword + description: > + The name used to identify the Tool. + + - name: description + level: extended + type: text + description: > + A description that provides more details and context about the Tool. + + - name: tool_version + level: extended + type: keyword + description: > + The version identifier associated with the Tool. + + - name: kill_chain_phases + level: extended + type: text + description: > + The list of kill chain phases for which this Tool instance can be used. + +- name: vulnerability + title: Vulnerability + short: Fields that let you store information about Vulnerability. + description: > + A Vulnerability is a mistake in software that can be directly used by a hacker to gain access to a system or network. + + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the Vulnerability. + + - name: name + level: core + type: keyword + description: > + The name used to identify the Vulnerability. + + - name: description + level: extended + type: text + description: > + A description that provides more details and context about the Vulnerability. + + + + + + + + + diff --git a/filebeat/module/misp/threat/config/input.yml b/filebeat/module/misp/threat/config/input.yml new file mode 100644 index 00000000000..ca06ddcd002 --- /dev/null +++ b/filebeat/module/misp/threat/config/input.yml @@ -0,0 +1,36 @@ +{{ if eq .input "httpjson" }} + +type: httpjson +api_key: {{ .api_key }} +http_client_timeout: {{ .http_client_timeout }} +http_method: {{ .http_method }} +http_headers: {{ .http_headers }} +http_request_body: {{ .http_request_body }} +interval: {{ .interval }} +json_objects_array: {{ .json_objects_array }} +pagination: {{ .pagination }} +url: {{ .url }} +ssl: {{ .ssl }} + +{{ else if eq .input "file" }} + +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] + +{{ end }} + +processors: + - script: + lang: javascript + id: misp_script + file: ${path.home}/module/misp/threat/config/pipeline.js + - timestamp: + field: json.timestamp + layouts: + - UNIX + - drop_fields: + fields: [json] diff --git a/filebeat/module/misp/threat/config/pipeline.js b/filebeat/module/misp/threat/config/pipeline.js new file mode 100644 index 00000000000..ff798a42d7f --- /dev/null +++ b/filebeat/module/misp/threat/config/pipeline.js @@ -0,0 +1,214 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +var threat = (function () { + var processor = require("processor"); + + var decodeJson = new processor.DecodeJSONFields({ + fields: ["message"], + target: "json", + }); + + var categorizeEvent = new processor.AddFields({ + target: "event", + fields: { + kind: "event", + category: "threat-intel", + type: "indicator", + }, + }); + + var setThreatFeedField = function (evt) { + evt.Put("misp.threat_indicator.feed", "misp"); + }; + + var convertFields = new processor.Convert({ + fields: [ + { from: "json.Event.id", to: "rule.id" }, + { from: "json.Event.info", to: "misp.threat_indicator.description" }, + { from: "json.Event.info", to: "rule.description" }, + { from: "json.Event.uuid", to: "misp.threat_indicator.id" }, + { from: "json.Event.uuid", to: "rule.uuid" }, + { from: "json.category", to: "rule.category" }, + { from: "json.uuid", to: "event.id" }, + ], + mode: "rename", + ignore_missing: true, + }); + + var setAttackPattern = function (evt) { + var indicator_type = evt.Get("json.type"); + var attackPattern; + var attackPatternKQL; + var arr; + var ip; + var filename; + var v = evt.Get("json.value"); + evt.Put("message", v); + evt.Put("misp.threat_indicator.type", indicator_type); + switch (indicator_type) { + case "AS": + var asn; + if (v.substring(0, 2) == "AS") { + asn = v.substring(2, v.length); + } else { + asn = v; + } + attackPattern = '[' + 'source:as:number = ' + '\'' + asn + '\'' + ' OR destination:as:number = ' + '\'' + asn + '\'' + ']'; + attackPatternKQL = 'source.as.number: ' + asn + ' OR destination.as.number: ' + asn; + break; + case 'btc': + attackPattern = '[' + 'bitcoin:address = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'bitcoin.address: ' + '"' + v + '"'; + break; + case "domain": + attackPattern = '[' + 'dns:question:name = ' + '\'' + v + '\'' + ' OR url:domain = ' + '\'' + v + '\'' + ' OR source:domain = ' + '\'' + v + '\'' + ' OR destination:domain = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'dns.question.name: ' + '"' + v + '"' + ' OR url.domain: ' + '"' + v + '"' + ' OR source.domain: ' + '"' + v + '"' + ' OR destination.domain: ' + '"' + v + '"'; + break; + case "domain|ip": + arr = v.split("|"); + if (arr.length == 2) { + var domain = arr[0]; + ip = arr[1].split("/")[0]; + attackPattern = '[' + '(' + 'dns:question:name = ' + '\'' + domain + '\'' + ' OR url:domain = ' + '\'' + domain + '\'' + ')' + + ' AND ' + '(' + 'source:ip = ' + '\'' + ip + '\'' + ' OR destination:ip = ' + '\'' + ip + '\'' + ')' + ']'; + attackPatternKQL = '(' + 'dns.question.name :' + '"' + domain + '"' + ' OR url.domain: ' + '"' + domain + '"' + ')' + ' AND ' + '(' + 'source.ip: ' + '"' + ip + '"' + ' OR destination.ip: ' + '"' + ip + '"' + ')'; + } + break; + case 'email-src': + attackPattern = '[' + 'user:email = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'user.email: ' + '"' + v + '"'; + evt.Put("user.email", v); + break; + case "filename": + attackPattern = '[' + 'file:path = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'file.path: ' + '"' + v + '"'; + evt.Put("file.path", v); + break; + case "filename|md5": + arr = v.split("|"); + if (arr.length == 2) { + filename = arr[0]; + var md5 = arr[1]; + attackPattern = '[' + 'file:hash:md5 = ' + '\'' + md5 + '\'' + ' AND file:path = ' + '\'' + filename + '\'' + ']'; + attackPatternKQL = 'file.hash.md5: ' + '"' + md5 + '"' + ' AND file.path: ' + '"' + filename + '"'; + evt.Put("file.hash.md5", md5); + evt.Put("file.path", filename); + } + break; + case "filename|sha1": + arr = v.split("|"); + if (arr.length == 2) { + filename = arr[0]; + var sha1 = arr[1]; + attackPattern = '[' + 'file:hash:sha1 = ' + '\'' + sha1 + '\'' + ' AND file:path = ' + '\'' + filename + '\'' + ']'; + attackPatternKQL = 'file.hash.sha1: ' + '"' + sha1 + '"' + ' AND file.path: ' + '"' + filename + '"'; + evt.Put("file.hash.sha1", sha1); + evt.Put("file.path", filename); + } + break; + case "filename|sha256": + arr = v.split("|"); + if (arr.length == 2) { + filename = arr[0]; + var sha256 = arr[1]; + attackPattern = '[' + 'file:hash:sha256 = ' + '\'' + sha256 + '\'' + ' AND file:path = ' + '\'' + filename + '\'' + ']'; + attackPatternKQL = 'file.hash.sha256: ' + '"' + sha256 + '"' + ' AND file.path: ' + '"' + filename + '"'; + evt.Put("file.hash.sha256", sha256); + evt.Put("file.path", filename); + } + break; + case 'github-username': + attackPattern = '[' + 'user:name = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'user.name: ' + '"' + v + '"'; + evt.Put("user.name", v); + break; + case "hostname": + attackPattern = '[' + 'source:domain = ' + '\'' + v + '\'' + ' OR destination:domain = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'source.domain: ' + '"' + v + '"' + ' OR destination.domain: ' + '"' + v + '"'; + break; + case "ip-dst": + ip = v.split("/")[0]; + attackPattern = '[destination:ip = ' + '\'' + ip + '\'' + ']'; + attackPatternKQL = 'destination.ip: ' + '"' + ip + '"'; + evt.Put("destination.ip", ip); + break; + case "ip-dst|port": + arr = v.split("|"); + if (arr.length == 2) { + attackPattern = '[destination:ip = ' + '\'' + arr[0] + '\'' + ' AND destination:port = ' + '\'' + arr[1] + '\'' + ']'; + attackPatternKQL = 'destination.ip: ' + '"' + arr[0] + '"' + ' AND destination.port: ' + arr[1]; + evt.Put("destination.ip", arr[0]); + evt.Put("destination.port", arr[1]); + } + break; + case "ip-src": + ip = v.split("/")[0]; + attackPattern = '[' + 'source:ip = ' + '\'' + ip + '\'' + ']'; + attackPatternKQL = 'source.ip: ' + '"' + ip + '"'; + evt.Put("source.ip", ip); + break; + case "link": + attackPattern = '[' + 'url:full = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'url.full: ' + '"' + v + '"'; + evt.Put("url.full", v); + break; + case "md5": + attackPattern = '[' + 'file:hash:md5 = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'file.hash.md5: ' + '"' + v + '"'; + evt.Put("file.hash.md5", v); + break; + case 'regkey': + attackPattern = '[' + 'regkey = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'regkey: ' + '"' + v + '"'; + evt.Put("registry.key", v); + break; + case "sha1": + attackPattern = '[' + 'file:hash:sha1 = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'file.hash.sha1: ' + '"' + v + '"'; + evt.Put("file.hash.sha1", v); + break; + case "sha256": + attackPattern = '[' + 'file:hash:sha256 = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'file.hash.sha256: ' + '"' + v + '"'; + evt.Put("file.hash.sha256", v); + break; + case "sha512": + attackPattern = '[' + 'file:hash:sha512 = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'file.hash.sha512: ' + '"' + v + '"'; + evt.Put("file.hash.sha512", v); + break; + case "url": + attackPattern = '[' + 'url:full = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'url.full: ' + '"' + v + '"'; + evt.Put("url.full", v); + break; + case 'yara': + attackPattern = '[' + 'yara:rule = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'yara.rule: ' + '"' + v + '"'; + break; + } + if (attackPattern == undefined || attackPatternKQL == undefined) { + evt.Put("error.message", 'Unsupported type: ' + indicator_type); + } + evt.Put("misp.threat_indicator.attack_pattern", attackPattern); + evt.Put("misp.threat_indicator.attack_pattern_kql", attackPatternKQL); + }; + + var pipeline = new processor.Chain() + .Add(decodeJson) + .Add(categorizeEvent) + .Add(setThreatFeedField) + .Add(convertFields) + .Add(setAttackPattern) + .Build(); + + return { + process: pipeline.Run, + }; +})(); + +function process(evt) { + return threat.process(evt); +} diff --git a/filebeat/module/misp/threat/ingest/pipeline.json b/filebeat/module/misp/threat/ingest/pipeline.json new file mode 100644 index 00000000000..0d710feeb24 --- /dev/null +++ b/filebeat/module/misp/threat/ingest/pipeline.json @@ -0,0 +1,26 @@ +{ + "description": "Pipeline for normalizing MISP threat", + "processors": [ + { + "geoip": { + "field": "destination.ip", + "target_field": "destination.geo", + "ignore_missing": true + } + }, + { + "geoip": { + "field": "source.ip", + "target_field": "source.geo", + "ignore_missing": true + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] + } + \ No newline at end of file diff --git a/filebeat/module/misp/threat/manifest.yml b/filebeat/module/misp/threat/manifest.yml new file mode 100644 index 00000000000..41a85a6f74d --- /dev/null +++ b/filebeat/module/misp/threat/manifest.yml @@ -0,0 +1,42 @@ +module_version: "1.0" + +var: + - name: input + default: httpjson + - name: api_key + default: "" + - name: http_client_timeout + default: 60 + - name: http_method + default: GET + - name: http_headers + default: |- + {} + - name: http_request_body + default: |- + {} + - name: interval + default: 0 + - name: json_objects_array + default: "response.Attribute" + - name: pagination + default: |- + { + "enabled": false, + "extra_body_content": {}, + "id_field": "", + "req_field": "", + "url": "" + } + - name: url + default: "" + - name: ssl + default: |- + {} + +input: config/input.yml +ingest_pipeline: ingest/pipeline.json + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/filebeat/module/misp/threat/test/misp-test.json.log b/filebeat/module/misp/threat/test/misp-test.json.log new file mode 100644 index 00000000000..cba6c830428 --- /dev/null +++ b/filebeat/module/misp/threat/test/misp-test.json.log @@ -0,0 +1,4 @@ +{"id":"1","event_id":"1","object_id":"0","object_relation":null,"category":"Network activity","type":"ip-dst","to_ids":false,"uuid":"5d2cb906-eff4-40f0-9f1d-10eb7d6a0c26","timestamp":"1490878466","distribution":"5","sharing_group_id":"0","comment":"","deleted":false,"disable_correlation":false,"value":"98.235.162.24","Event":{"org_id":"1","distribution":"3","id":"1","info":"Tor exit nodes feed","orgc_id":"2","uuid":"58dcfe62-ed84-4e5e-b293-4991950d210f"}} +{"id":"2","event_id":"2","object_id":"0","object_relation":null,"category":"Payload delivery","type":"md5","to_ids":true,"uuid":"5d159be2-d4b4-4d97-9e14-406a02de0b81","timestamp":"1490878466","distribution":"5","sharing_group_id":"0","comment":"","deleted":false,"disable_correlation":false,"value":"89357a1b2e32f2b9bddff94b8136810b","Event":{"org_id":"1","distribution":"3","id":"1","info":"OSINT - OSX/Linker: New Mac malware attempts zero-day Gatekeeper bypass","orgc_id":"2","uuid":"5d159be2-d4b4-4d97-9e14-406a02de0b81"}} +{"id":"3","event_id":"3","object_id":"0","object_relation":null,"category":"Payload delivery","type":"filename","to_ids":true,"uuid":"5d159be2-d4b4-4d97-9e14-406a02de0b81","timestamp":"1490878466","distribution":"5","sharing_group_id":"0","comment":"","deleted":false,"disable_correlation":false,"value":"f6bf5b8bb2400aad4ac844f2b94a4e556907f35b44c5ff462fb4e70c0208c9de","Event":{"org_id":"1","distribution":"3","id":"1","info":"OSINT - OSX/Linker: New Mac malware attempts zero-day Gatekeeper bypass","orgc_id":"2","uuid":"5d159be2-d4b4-4d97-9e14-406a02de0b81"}} +{"id":"4","event_id":"4","object_id":"0","object_relation":null,"category":"Bad Domain","type":"domain","to_ids":true,"uuid":"563b3ea6-b26c-401f-a68b-4d84950d210b","timestamp":"1490878466","distribution":"5","sharing_group_id":"0","comment":"","deleted":false,"disable_correlation":false,"value":"f6bf5b8bb2400aad4ac844f2b94a4e556907f35b44c5ff462fb4e70c0208c9de","Event":{"org_id":"4","distribution":"3","id":"4","info":"OSINT Expansion on Systematic cyber attacks against Israeli and Palestinian targets going on for a year by Norman","orgc_id":"2","uuid":"563b3ea6-b26c-401f-a68b-4d84950d210b"}} diff --git a/filebeat/module/misp/threat/test/misp-test.json.log-expected.json b/filebeat/module/misp/threat/test/misp-test.json.log-expected.json new file mode 100644 index 00000000000..a4b6019bc5d --- /dev/null +++ b/filebeat/module/misp/threat/test/misp-test.json.log-expected.json @@ -0,0 +1,108 @@ +[ + { + "@timestamp": "2017-03-30T12:54:26.000Z", + "destination.geo.city_name": "State College", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 40.7957, + "destination.geo.location.lon": -77.8618, + "destination.geo.region_iso_code": "US-PA", + "destination.geo.region_name": "Pennsylvania", + "destination.ip": "98.235.162.24", + "event.category": "threat-intel", + "event.dataset": "misp.threat", + "event.id": "5d2cb906-eff4-40f0-9f1d-10eb7d6a0c26", + "event.kind": "event", + "event.module": "misp", + "event.type": "indicator", + "fileset.name": "threat", + "input.type": "log", + "log.offset": 0, + "message": "98.235.162.24", + "misp.threat_indicator.attack_pattern": "[destination:ip = '98.235.162.24']", + "misp.threat_indicator.attack_pattern_kql": "destination.ip: \"98.235.162.24\"", + "misp.threat_indicator.description": "Tor exit nodes feed", + "misp.threat_indicator.feed": "misp", + "misp.threat_indicator.id": "58dcfe62-ed84-4e5e-b293-4991950d210f", + "misp.threat_indicator.type": "ip-dst", + "rule.category": "Network activity", + "rule.description": "Tor exit nodes feed", + "rule.id": "1", + "rule.uuid": "58dcfe62-ed84-4e5e-b293-4991950d210f", + "service.type": "misp" + }, + { + "@timestamp": "2017-03-30T12:54:26.000Z", + "event.category": "threat-intel", + "event.dataset": "misp.threat", + "event.id": "5d159be2-d4b4-4d97-9e14-406a02de0b81", + "event.kind": "event", + "event.module": "misp", + "event.type": "indicator", + "file.hash.md5": "89357a1b2e32f2b9bddff94b8136810b", + "fileset.name": "threat", + "input.type": "log", + "log.offset": 460, + "message": "89357a1b2e32f2b9bddff94b8136810b", + "misp.threat_indicator.attack_pattern": "[file:hash:md5 = '89357a1b2e32f2b9bddff94b8136810b']", + "misp.threat_indicator.attack_pattern_kql": "file.hash.md5: \"89357a1b2e32f2b9bddff94b8136810b\"", + "misp.threat_indicator.description": "OSINT - OSX/Linker: New Mac malware attempts zero-day Gatekeeper bypass", + "misp.threat_indicator.feed": "misp", + "misp.threat_indicator.id": "5d159be2-d4b4-4d97-9e14-406a02de0b81", + "misp.threat_indicator.type": "md5", + "rule.category": "Payload delivery", + "rule.description": "OSINT - OSX/Linker: New Mac malware attempts zero-day Gatekeeper bypass", + "rule.id": "1", + "rule.uuid": "5d159be2-d4b4-4d97-9e14-406a02de0b81", + "service.type": "misp" + }, + { + "@timestamp": "2017-03-30T12:54:26.000Z", + "event.category": "threat-intel", + "event.dataset": "misp.threat", + "event.id": "5d159be2-d4b4-4d97-9e14-406a02de0b81", + "event.kind": "event", + "event.module": "misp", + "event.type": "indicator", + "file.path": "f6bf5b8bb2400aad4ac844f2b94a4e556907f35b44c5ff462fb4e70c0208c9de", + "fileset.name": "threat", + "input.type": "log", + "log.offset": 987, + "message": "f6bf5b8bb2400aad4ac844f2b94a4e556907f35b44c5ff462fb4e70c0208c9de", + "misp.threat_indicator.attack_pattern": "[file:path = 'f6bf5b8bb2400aad4ac844f2b94a4e556907f35b44c5ff462fb4e70c0208c9de']", + "misp.threat_indicator.attack_pattern_kql": "file.path: \"f6bf5b8bb2400aad4ac844f2b94a4e556907f35b44c5ff462fb4e70c0208c9de\"", + "misp.threat_indicator.description": "OSINT - OSX/Linker: New Mac malware attempts zero-day Gatekeeper bypass", + "misp.threat_indicator.feed": "misp", + "misp.threat_indicator.id": "5d159be2-d4b4-4d97-9e14-406a02de0b81", + "misp.threat_indicator.type": "filename", + "rule.category": "Payload delivery", + "rule.description": "OSINT - OSX/Linker: New Mac malware attempts zero-day Gatekeeper bypass", + "rule.id": "1", + "rule.uuid": "5d159be2-d4b4-4d97-9e14-406a02de0b81", + "service.type": "misp" + }, + { + "@timestamp": "2017-03-30T12:54:26.000Z", + "event.category": "threat-intel", + "event.dataset": "misp.threat", + "event.id": "563b3ea6-b26c-401f-a68b-4d84950d210b", + "event.kind": "event", + "event.module": "misp", + "event.type": "indicator", + "fileset.name": "threat", + "input.type": "log", + "log.offset": 1551, + "message": "f6bf5b8bb2400aad4ac844f2b94a4e556907f35b44c5ff462fb4e70c0208c9de", + "misp.threat_indicator.attack_pattern": "[dns:question:name = 'f6bf5b8bb2400aad4ac844f2b94a4e556907f35b44c5ff462fb4e70c0208c9de' OR url:domain = 'f6bf5b8bb2400aad4ac844f2b94a4e556907f35b44c5ff462fb4e70c0208c9de' OR source:domain = 'f6bf5b8bb2400aad4ac844f2b94a4e556907f35b44c5ff462fb4e70c0208c9de' OR destination:domain = 'f6bf5b8bb2400aad4ac844f2b94a4e556907f35b44c5ff462fb4e70c0208c9de']", + "misp.threat_indicator.attack_pattern_kql": "dns.question.name: \"f6bf5b8bb2400aad4ac844f2b94a4e556907f35b44c5ff462fb4e70c0208c9de\" OR url.domain: \"f6bf5b8bb2400aad4ac844f2b94a4e556907f35b44c5ff462fb4e70c0208c9de\" OR source.domain: \"f6bf5b8bb2400aad4ac844f2b94a4e556907f35b44c5ff462fb4e70c0208c9de\" OR destination.domain: \"f6bf5b8bb2400aad4ac844f2b94a4e556907f35b44c5ff462fb4e70c0208c9de\"", + "misp.threat_indicator.description": "OSINT Expansion on Systematic cyber attacks against Israeli and Palestinian targets going on for a year by Norman", + "misp.threat_indicator.feed": "misp", + "misp.threat_indicator.id": "563b3ea6-b26c-401f-a68b-4d84950d210b", + "misp.threat_indicator.type": "domain", + "rule.category": "Bad Domain", + "rule.description": "OSINT Expansion on Systematic cyber attacks against Israeli and Palestinian targets going on for a year by Norman", + "rule.id": "4", + "rule.uuid": "563b3ea6-b26c-401f-a68b-4d84950d210b", + "service.type": "misp" + } +] \ No newline at end of file diff --git a/filebeat/module/mssql/_meta/config.yml b/filebeat/module/mssql/_meta/config.yml new file mode 100644 index 00000000000..652ca891056 --- /dev/null +++ b/filebeat/module/mssql/_meta/config.yml @@ -0,0 +1,8 @@ +- module: mssql + # Fileset for native deployment + log: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: diff --git a/filebeat/module/mssql/_meta/docs.asciidoc b/filebeat/module/mssql/_meta/docs.asciidoc new file mode 100644 index 00000000000..2861d2754ee --- /dev/null +++ b/filebeat/module/mssql/_meta/docs.asciidoc @@ -0,0 +1,52 @@ +:modulename: mssql +:has-dashboards: false + +== MSSQL module + +The +{modulename}+ module parses error logs created by MSSQL. + +include::../include/what-happens.asciidoc[] + +include::../include/gs-link.asciidoc[] + +//[float] +//=== Compatibility + +include::../include/configuring-intro.asciidoc[] + +The following example shows how to set paths in the +modules.d/{modulename}.yml+ +file to override the default paths for Træfik logs: + +["source","yaml",subs="attributes"] +----- +- module: mssql + log: + enabled: true + var.paths: ["/var/opt/mssql/log/error*"] +----- + + +To specify the same settings at the command line, you use: + +["source","sh",subs="attributes"] +----- +-M "mssql.log.var.paths=[/var/opt/mssql/log/error*]" +----- + +//set the fileset name used in the included example +:fileset_ex: log + +include::../include/config-option-intro.asciidoc[] + +[float] +==== `log` fileset settings + +include::../include/var-paths.asciidoc[] + +include::../include/timezone-support.asciidoc[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/mssql/_meta/fields.yml b/filebeat/module/mssql/_meta/fields.yml new file mode 100644 index 00000000000..3d555788242 --- /dev/null +++ b/filebeat/module/mssql/_meta/fields.yml @@ -0,0 +1,8 @@ +- key: mssql + title: "mssql" + description: MS SQL Filebeat Module + fields: + - name: mssql + type: group + description: Fields from the MSSQL log files + fields: diff --git a/filebeat/module/mssql/fields.go b/filebeat/module/mssql/fields.go new file mode 100644 index 00000000000..83429621326 --- /dev/null +++ b/filebeat/module/mssql/fields.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package mssql + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "mssql", asset.ModuleFieldsPri, AssetMssql); err != nil { + panic(err) + } +} + +// AssetMssql returns asset data. +// This is the base64 encoded gzipped contents of module/mssql. +func AssetMssql() string { + return "eJxsj0FugzAQRfec4ivr5gJsK2XVqKo4gYEPtTJm6IxJxe0rKGoJrXf+nv/e+Iwb5xLJ/UMKIMcsLHFa76cCaOmNxTFHHUpcK1RvL7hEYc2QcdV2EhZAFymtlwUAnDGExF/kcvI8skRvOo1b8sC9rHV0pgn5nbhWi0a0RxeFvlX2kr1ItP/JDuBnTUmHjbS0d4N/d/pPshepxT4OD08H3+s6Ae3WbyS6h55PmHwKIvMaOu1OQz1lxIwmDAjiipoIMDZ6p80YTRu6H1TfG984f6q1xVcAAAD//2bhgvE=" +} diff --git a/filebeat/module/mssql/log/_meta/fields.yml b/filebeat/module/mssql/log/_meta/fields.yml new file mode 100644 index 00000000000..fcfa7618a50 --- /dev/null +++ b/filebeat/module/mssql/log/_meta/fields.yml @@ -0,0 +1,7 @@ +- name: log + description: Common log fields + type: group + fields: + - name: origin + description: Origin of the message, usually the server but it can also be a recovery process + type: keyword diff --git a/filebeat/module/mssql/log/config/config.yml b/filebeat/module/mssql/log/config/config.yml new file mode 100644 index 00000000000..5e2e11c6a34 --- /dev/null +++ b/filebeat/module/mssql/log/config/config.yml @@ -0,0 +1,13 @@ +type: log +paths: + {{ range $i, $path := .paths }} +- {{$path}} + {{ end }} +exclude_files: [".gz$"] + +multiline.pattern: '^\d\d' +multiline.negate: true +multiline.match: after + +processors: +- add_locale: ~ diff --git a/filebeat/module/mssql/log/ingest/pipeline.yml b/filebeat/module/mssql/log/ingest/pipeline.yml new file mode 100644 index 00000000000..39a10a9ff99 --- /dev/null +++ b/filebeat/module/mssql/log/ingest/pipeline.yml @@ -0,0 +1,50 @@ +description: Pipeline to parse MSSQL logs +processors: +- grok: + field: message + patterns: + - '%{MSSQL_DATE:date} %{DATA:mssql.log.origin} [ ]*%{GREEDYDATA:msg_temp}' + pattern_definitions: + MSSQL_DATE: '%{DATA} %{DATA}' +- date: + if: ctx.event.timezone == null + field: date + formats: + - yyyy-MM-dd HH:mm:ss.SS + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- date: + if: ctx.event.timezone != null + field: date + formats: + - yyyy-MM-dd HH:mm:ss.SS + timezone: '{{ event.timezone }}' + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- remove: + field: date + ignore_missing: true +- rename: + field: message + target_field: log.original +- rename: + field: msg_temp + target_field: message + ignore_missing: true +- set: + field: event.kind + value: event +- append: + field: event.category + value: database +- append: + field: event.type + value: info +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/mssql/log/manifest.yml b/filebeat/module/mssql/log/manifest.yml new file mode 100644 index 00000000000..2e90ff36459 --- /dev/null +++ b/filebeat/module/mssql/log/manifest.yml @@ -0,0 +1,15 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/opt/mssql/log/error* + os.darwin: + - /var/opt/mssql/log/error* + os.windows: + - c:\ProgramFiles\Microsoft SQL Server\MSSQL.1MSSQL\LOG\ERRORLOG* + os.linux: + - /var/opt/mssql/log/error* + +ingest_pipeline: ingest/pipeline.yml +input: config/config.yml diff --git a/filebeat/module/mssql/log/test/test.log b/filebeat/module/mssql/log/test/test.log new file mode 100644 index 00000000000..9c9325ece09 --- /dev/null +++ b/filebeat/module/mssql/log/test/test.log @@ -0,0 +1,21 @@ +2019-05-03 09:01:09.99 Server Microsoft SQL Server 2017 (RTM-CU13) (KB4466404) - 14.0.3048.4 (X64) + Nov 30 2018 12:57:58 + Copyright (C) 2017 Microsoft Corporation + Developer Edition (64-bit) on Linux (Ubuntu 16.04.5 LTS) +2019-05-03 09:01:09.99 Server UTC adjustment: 0:00 +2019-05-03 09:01:09.99 Server (c) Microsoft Corporation. +2019-05-03 09:01:09.99 Server All rights reserved. +2019-05-03 09:01:10.00 Server Server process ID is 4124. +2019-05-03 09:01:10.00 Server Logging SQL Server messages in file '/var/opt/mssql/log/errorlog'. +2019-05-03 09:01:10.00 Server Registry startup parameters: + -d /var/opt/mssql/data/master.mdf + -l /var/opt/mssql/data/mastlog.ldf + -e /var/opt/mssql/log/errorlog +2019-05-03 09:01:10.00 Server SQL Server detected 1 sockets with 6 cores per socket and 12 logical processors per socket, 12 total logical processors; using 12 logical processors based on SQL Server licensing. This is an informational message; no user action is required. +2019-05-03 09:01:10.00 Server SQL Server is starting at normal priority base (=7). This is an informational message only. No user action is required. +2019-05-03 09:01:10.00 Server Detected 25445 MB of RAM. This is an informational message; no user action is required. +2019-05-03 09:01:10.00 Server Using conventional memory in the memory manager. +2019-05-03 09:01:10.01 Server Large Page Allocated: 32MB +2019-05-03 09:01:10.20 Server Buffer pool extension is already disabled. No action is n +2019-05-03 09:01:11.93 spid22s Service Broker manager has started. +2019-05-03 09:01:12.03 spid6s Recovery is complete. This is an informational message only. No user action is required. diff --git a/filebeat/module/mssql/log/test/test.log-expected.json b/filebeat/module/mssql/log/test/test.log-expected.json new file mode 100644 index 00000000000..ed90c872d5a --- /dev/null +++ b/filebeat/module/mssql/log/test/test.log-expected.json @@ -0,0 +1,308 @@ +[ + { + "@timestamp": "2019-05-03T09:01:09.990-02:00", + "event.category": [ + "database" + ], + "event.dataset": "mssql.log", + "event.kind": "event", + "event.module": "mssql", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 0, + "log.original": "2019-05-03 09:01:09.99 Server Microsoft SQL Server 2017 (RTM-CU13) (KB4466404) - 14.0.3048.4 (X64)\n\tNov 30 2018 12:57:58\n\tCopyright (C) 2017 Microsoft Corporation\n\tDeveloper Edition (64-bit) on Linux (Ubuntu 16.04.5 LTS)", + "message": "Microsoft SQL Server 2017 (RTM-CU13) (KB4466404) - 14.0.3048.4 (X64)", + "mssql.log.origin": "Server", + "service.type": "mssql" + }, + { + "@timestamp": "2019-05-03T09:01:09.990-02:00", + "event.category": [ + "database" + ], + "event.dataset": "mssql.log", + "event.kind": "event", + "event.module": "mssql", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.offset": 226, + "log.original": "2019-05-03 09:01:09.99 Server UTC adjustment: 0:00", + "message": "UTC adjustment: 0:00", + "mssql.log.origin": "Server", + "service.type": "mssql" + }, + { + "@timestamp": "2019-05-03T09:01:09.990-02:00", + "event.category": [ + "database" + ], + "event.dataset": "mssql.log", + "event.kind": "event", + "event.module": "mssql", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.offset": 282, + "log.original": "2019-05-03 09:01:09.99 Server (c) Microsoft Corporation.", + "message": "(c) Microsoft Corporation.", + "mssql.log.origin": "Server", + "service.type": "mssql" + }, + { + "@timestamp": "2019-05-03T09:01:09.990-02:00", + "event.category": [ + "database" + ], + "event.dataset": "mssql.log", + "event.kind": "event", + "event.module": "mssql", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.offset": 344, + "log.original": "2019-05-03 09:01:09.99 Server All rights reserved.", + "message": "All rights reserved.", + "mssql.log.origin": "Server", + "service.type": "mssql" + }, + { + "@timestamp": "2019-05-03T09:01:10.000-02:00", + "event.category": [ + "database" + ], + "event.dataset": "mssql.log", + "event.kind": "event", + "event.module": "mssql", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.offset": 400, + "log.original": "2019-05-03 09:01:10.00 Server Server process ID is 4124.", + "message": "Server process ID is 4124.", + "mssql.log.origin": "Server", + "service.type": "mssql" + }, + { + "@timestamp": "2019-05-03T09:01:10.000-02:00", + "event.category": [ + "database" + ], + "event.dataset": "mssql.log", + "event.kind": "event", + "event.module": "mssql", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.offset": 462, + "log.original": "2019-05-03 09:01:10.00 Server Logging SQL Server messages in file '/var/opt/mssql/log/errorlog'.", + "message": "Logging SQL Server messages in file '/var/opt/mssql/log/errorlog'.", + "mssql.log.origin": "Server", + "service.type": "mssql" + }, + { + "@timestamp": "2019-05-03T09:01:10.000-02:00", + "event.category": [ + "database" + ], + "event.dataset": "mssql.log", + "event.kind": "event", + "event.module": "mssql", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.offset": 564, + "log.original": "2019-05-03 09:01:10.00 Server Registry startup parameters:\n\t -d /var/opt/mssql/data/master.mdf\n\t -l /var/opt/mssql/data/mastlog.ldf\n\t -e /var/opt/mssql/log/errorlog", + "message": "Registry startup parameters:", + "mssql.log.origin": "Server", + "service.type": "mssql" + }, + { + "@timestamp": "2019-05-03T09:01:10.000-02:00", + "event.category": [ + "database" + ], + "event.dataset": "mssql.log", + "event.kind": "event", + "event.module": "mssql", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.offset": 734, + "log.original": "2019-05-03 09:01:10.00 Server SQL Server detected 1 sockets with 6 cores per socket and 12 logical processors per socket, 12 total logical processors; using 12 logical processors based on SQL Server licensing. This is an informational message; no user action is required.", + "message": "SQL Server detected 1 sockets with 6 cores per socket and 12 logical processors per socket, 12 total logical processors; using 12 logical processors based on SQL Server licensing. This is an informational message; no user action is required.", + "mssql.log.origin": "Server", + "service.type": "mssql" + }, + { + "@timestamp": "2019-05-03T09:01:10.000-02:00", + "event.category": [ + "database" + ], + "event.dataset": "mssql.log", + "event.kind": "event", + "event.module": "mssql", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.offset": 1011, + "log.original": "2019-05-03 09:01:10.00 Server SQL Server is starting at normal priority base (=7). This is an informational message only. No user action is required.", + "message": "SQL Server is starting at normal priority base (=7). This is an informational message only. No user action is required.", + "mssql.log.origin": "Server", + "service.type": "mssql" + }, + { + "@timestamp": "2019-05-03T09:01:10.000-02:00", + "event.category": [ + "database" + ], + "event.dataset": "mssql.log", + "event.kind": "event", + "event.module": "mssql", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.offset": 1166, + "log.original": "2019-05-03 09:01:10.00 Server Detected 25445 MB of RAM. This is an informational message; no user action is required.", + "message": "Detected 25445 MB of RAM. This is an informational message; no user action is required.", + "mssql.log.origin": "Server", + "service.type": "mssql" + }, + { + "@timestamp": "2019-05-03T09:01:10.000-02:00", + "event.category": [ + "database" + ], + "event.dataset": "mssql.log", + "event.kind": "event", + "event.module": "mssql", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.offset": 1289, + "log.original": "2019-05-03 09:01:10.00 Server Using conventional memory in the memory manager.", + "message": "Using conventional memory in the memory manager.", + "mssql.log.origin": "Server", + "service.type": "mssql" + }, + { + "@timestamp": "2019-05-03T09:01:10.010-02:00", + "event.category": [ + "database" + ], + "event.dataset": "mssql.log", + "event.kind": "event", + "event.module": "mssql", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.offset": 1373, + "log.original": "2019-05-03 09:01:10.01 Server Large Page Allocated: 32MB", + "message": "Large Page Allocated: 32MB", + "mssql.log.origin": "Server", + "service.type": "mssql" + }, + { + "@timestamp": "2019-05-03T09:01:10.200-02:00", + "event.category": [ + "database" + ], + "event.dataset": "mssql.log", + "event.kind": "event", + "event.module": "mssql", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.offset": 1435, + "log.original": "2019-05-03 09:01:10.20 Server Buffer pool extension is already disabled. No action is n", + "message": "Buffer pool extension is already disabled. No action is n", + "mssql.log.origin": "Server", + "service.type": "mssql" + }, + { + "@timestamp": "2019-05-03T09:01:11.930-02:00", + "event.category": [ + "database" + ], + "event.dataset": "mssql.log", + "event.kind": "event", + "event.module": "mssql", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.offset": 1528, + "log.original": "2019-05-03 09:01:11.93 spid22s Service Broker manager has started.", + "message": "Service Broker manager has started.", + "mssql.log.origin": "spid22s", + "service.type": "mssql" + }, + { + "@timestamp": "2019-05-03T09:01:12.030-02:00", + "event.category": [ + "database" + ], + "event.dataset": "mssql.log", + "event.kind": "event", + "event.module": "mssql", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.offset": 1599, + "log.original": "2019-05-03 09:01:12.03 spid6s Recovery is complete. This is an informational message only. No user action is required.", + "message": "Recovery is complete. This is an informational message only. No user action is required.", + "mssql.log.origin": "spid6s", + "service.type": "mssql" + } +] \ No newline at end of file diff --git a/filebeat/module/netflow/_meta/config.yml b/filebeat/module/netflow/_meta/config.yml new file mode 100644 index 00000000000..20d1905b6f4 --- /dev/null +++ b/filebeat/module/netflow/_meta/config.yml @@ -0,0 +1,6 @@ +- module: netflow + log: + enabled: true + var: + netflow_host: localhost + netflow_port: 2055 diff --git a/filebeat/module/netflow/_meta/docs.asciidoc b/filebeat/module/netflow/_meta/docs.asciidoc new file mode 100644 index 00000000000..f882a253fbd --- /dev/null +++ b/filebeat/module/netflow/_meta/docs.asciidoc @@ -0,0 +1,74 @@ +[role="xpack"] + +:modulename: netflow +:has-dashboards: false + +== NetFlow module + +This is a module for receiving NetFlow and IPFIX flow records over UDP. This +input supports NetFlow versions 1, 5, 6, 7, 8 and 9, as well as IPFIX. For +NetFlow versions older than 9, fields are mapped automatically to NetFlow v9. + +This module wraps the <> to enrich the +flow records with geolocation information about the IP endpoints by using +Elasticsearch Ingest Node. + +include::../include/gs-link.asciidoc[] + +include::../include/configuring-intro.asciidoc[] + +:fileset_ex: log + +include::../include/config-option-intro.asciidoc[] + +[float] +==== `log` fileset settings + +The fileset is by default configured to listen for UDP traffic on +`localhost:2055`. For most uses cases you will want to set the `netflow_host` +variable to allow the input bind to all interfaces so that it can receive +traffic from network devices. + +["source","yaml",subs="attributes"] +----- +- module: netflow + log: + enabled: true + var: + netflow_host: 0.0.0.0 + netflow_port: 2055 +----- + +`var.netflow_host`:: Address to find to. Defaults to `localhost`. + +`var.netflow_port`:: Port to listen on. Defaults to `2055`. + +`var.max_message_size`:: The maximum size of the message received over UDP. +The default is `10KiB`. + +`var.read_buffer`:: The size of the read buffer on the UDP socket. + +`var.timeout`:: The read and write timeout for socket operations. + +`var.expiration_timeout`:: The time before an idle session or unused template is +expired. Only applicable to v9 and IPFIX protocols. A value of zero disables +expiration. + +`var.queue_size`:: The maximum number of packets that can be queued for +processing. Use this setting to avoid packet-loss when dealing with occasional +bursts of traffic. + +`var.custom_definitions`:: A list of paths to field definitions YAML files. +These allow to update the NetFlow/IPFIX fields with vendor extensions and to +override existing fields. See <> for +details. + +`var.detect_sequence_reset`:: Flag controlling whether {beatname_uc} should +monitor sequence numbers in the Netflow packets to detect an Exporting Process +reset. See <> for details. + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/netflow/_meta/fields.yml b/filebeat/module/netflow/_meta/fields.yml new file mode 100644 index 00000000000..fc4bf3bb887 --- /dev/null +++ b/filebeat/module/netflow/_meta/fields.yml @@ -0,0 +1,6 @@ +- key: netflow-module + title: NetFlow + description: > + Module for receiving NetFlow and IPFIX flow records over UDP. The module + does not add fields beyond what the netflow input provides. + fields: diff --git a/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-autonomous-systems.json b/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-autonomous-systems.json new file mode 100644 index 00000000000..ad064618ead --- /dev/null +++ b/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-autonomous-systems.json @@ -0,0 +1,597 @@ +{ + "objects": [ + { + "attributes": { + "description": "Autonomous systems Netflow", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "input.type", + "negate": false, + "params": { + "query": "netflow" + }, + "type": "phrase", + "value": "netflow" + }, + "query": { + "match": { + "input.type": { + "query": "netflow", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "panelIndex": 1, + "panelRefName": "panel_0", + "row": 1, + "size_x": 12, + "size_y": 1 + }, + { + "col": 7, + "panelIndex": 2, + "panelRefName": "panel_1", + "row": 4, + "size_x": 6, + "size_y": 2 + }, + { + "col": 7, + "panelIndex": 3, + "panelRefName": "panel_2", + "row": 6, + "size_x": 6, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 4, + "panelRefName": "panel_3", + "row": 4, + "size_x": 6, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 5, + "panelRefName": "panel_4", + "row": 6, + "size_x": 6, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 6, + "panelRefName": "panel_5", + "row": 2, + "size_x": 4, + "size_y": 2 + }, + { + "col": 5, + "panelIndex": 7, + "panelRefName": "panel_6", + "row": 2, + "size_x": 4, + "size_y": 2 + }, + { + "col": 9, + "panelIndex": 8, + "panelRefName": "panel_7", + "row": 2, + "size_x": 4, + "size_y": 2 + } + ], + "timeRestore": false, + "title": "[Filebeat Netflow] Autonomous Systems", + "uiStateJSON": {}, + "version": 1 + }, + "id": "c64665f9-d222-421e-90b0-c7310d944b8a", + "migrationVersion": { + "dashboard": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "12aad647-c45d-4667-a029-152c1a97cbbc", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "d27b5d74-b3b4-4311-a0e6-08ff8f4345df", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "751ecb6f-11c3-458d-b039-f6d57a6379fa", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "f75063c7-48b7-4de4-b8cb-d07eb2cea0e9", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "f7808e70-df2a-4532-a350-966704567c24", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "aed09724-0a69-4331-84f5-3d2067c43930", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "f531f957-e8c0-497a-ad41-ef39c2d29671", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2019-07-11T04:44:31.601Z", + "version": "WzM0MDMsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Dashboard Navigation [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "markdown": "[Overview](#/dashboard/34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/94972700-de4a-4272-9143-2fa8d4981365)\n***" + }, + "title": "Dashboard Navigation [Filebeat Netflow]", + "type": "markdown" + } + }, + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NjQsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Destination Autonomous Systems (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.bytes\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Destination Autonomous Systems (bytes) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "12aad647-c45d-4667-a029-152c1a97cbbc", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:31.601Z", + "version": "WzM0MDUsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Destination Autonomous Systems (packets) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.packets\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Destination Autonomous Systems (packets) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "d27b5d74-b3b4-4311-a0e6-08ff8f4345df", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:31.601Z", + "version": "WzM0MDYsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Source Autonomous Systems (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.bytes\", split=\"source.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Source Autonomous Systems (bytes) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "751ecb6f-11c3-458d-b039-f6d57a6379fa", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:31.601Z", + "version": "WzM0MDcsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Source Autonomous Systems (packets) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.packets\", split=\"source.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Source Autonomous Systems (packets) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "f75063c7-48b7-4de4-b8cb-d07eb2cea0e9", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:31.601Z", + "version": "WzM0MDgsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destination and Source ASs (flow records) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination AS", + "field": "destination.as.organization.name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source AS", + "field": "source.as.organization.name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Destination and Source ASs (flow records) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "f7808e70-df2a-4532-a350-966704567c24", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:31.601Z", + "version": "WzM0MDksMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destinations and Sources (flow records) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Destinations and Sources (flow records) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "aed09724-0a69-4331-84f5-3d2067c43930", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:35.630Z", + "version": "WzM0MzUsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destination and Source Ports (flow records) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Port", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Port", + "field": "source.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Destination and Source Ports (flow records) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "f531f957-e8c0-497a-ad41-ef39c2d29671", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:35.630Z", + "version": "WzM0MzYsMV0=" + } + ], + "version": "7.2.0" +} diff --git a/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-conversation-partners.json b/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-conversation-partners.json new file mode 100644 index 00000000000..767679e38ad --- /dev/null +++ b/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-conversation-partners.json @@ -0,0 +1,599 @@ +{ + "objects": [ + { + "attributes": { + "description": "Netflow conversation partners", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "input.type", + "negate": false, + "params": { + "query": "netflow" + }, + "type": "phrase", + "value": "netflow" + }, + "query": { + "match": { + "input.type": { + "query": "netflow", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "panelIndex": 1, + "panelRefName": "panel_0", + "row": 4, + "size_x": 12, + "size_y": 5 + }, + { + "col": 9, + "panelIndex": 2, + "panelRefName": "panel_1", + "row": 2, + "size_x": 4, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 3, + "panelRefName": "panel_2", + "row": 2, + "size_x": 4, + "size_y": 2 + }, + { + "col": 5, + "panelIndex": 4, + "panelRefName": "panel_3", + "row": 2, + "size_x": 4, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 5, + "panelRefName": "panel_4", + "row": 1, + "size_x": 12, + "size_y": 1 + } + ], + "timeRestore": false, + "title": "[Filebeat Netflow] Conversation Partners", + "uiStateJSON": { + "P-1": { + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + } + } + }, + "version": 1 + }, + "id": "acd7a630-0c71-4840-bc9e-4a3801374a32", + "migrationVersion": { + "dashboard": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "ebea013f-9b5b-4f61-a9c8-c62bebf62ae9", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "ae334aec-31fa-4df7-a064-40b18831d819", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "e822f94c-5f65-4963-a540-74ca9c25bd2d", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "c54f5529-e6d7-4c26-8e8e-3b35de132035", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "name": "panel_4", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2019-07-11T04:44:32.531Z", + "version": "WzM0MTIsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Conversation Partners [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": 2, + "direction": "desc" + }, + "totalFunc": "sum" + }, + "title": "Conversation Partners [Filebeat Netflow]", + "type": "table" + } + }, + "id": "ebea013f-9b5b-4f61-a9c8-c62bebf62ae9", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:32.531Z", + "version": "WzM0MTMsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + } + }, + "title": "IP Version and Protocols (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "IP Version", + "field": "network.type", + "missingBucket": true, + "missingBucketLabel": "unset ip version", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Protocol", + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "sum", + "format": { + "id": "bytes" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "IP Version and Protocols (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "ae334aec-31fa-4df7-a064-40b18831d819", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:36.725Z", + "version": "WzM0MzksMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destinations and Sources (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Destinations and Sources (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "e822f94c-5f65-4963-a540-74ca9c25bd2d", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:32.531Z", + "version": "WzM0MTUsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destination and Source Ports (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Port", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Port", + "field": "source.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Destination and Source Ports (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "c54f5529-e6d7-4c26-8e8e-3b35de132035", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:32.531Z", + "version": "WzM0MTYsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Dashboard Navigation [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "markdown": "[Overview](#/dashboard/34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/94972700-de4a-4272-9143-2fa8d4981365)\n***" + }, + "title": "Dashboard Navigation [Filebeat Netflow]", + "type": "markdown" + } + }, + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NjQsMV0=" + } + ], + "version": "7.2.0" +} diff --git a/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-flow-exporters.json b/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-flow-exporters.json new file mode 100644 index 00000000000..f7e39060649 --- /dev/null +++ b/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-flow-exporters.json @@ -0,0 +1,554 @@ +{ + "objects": [ + { + "attributes": { + "description": "Netflow exporters", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "input.type", + "negate": false, + "params": { + "query": "netflow" + }, + "type": "phrase", + "value": "netflow" + }, + "query": { + "match": { + "input.type": { + "query": "netflow", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "panelIndex": 1, + "panelRefName": "panel_0", + "row": 1, + "size_x": 12, + "size_y": 1 + }, + { + "col": 1, + "panelIndex": 2, + "panelRefName": "panel_1", + "row": 2, + "size_x": 4, + "size_y": 2 + }, + { + "col": 5, + "panelIndex": 3, + "panelRefName": "panel_2", + "row": 2, + "size_x": 4, + "size_y": 2 + }, + { + "col": 9, + "panelIndex": 4, + "panelRefName": "panel_3", + "row": 2, + "size_x": 4, + "size_y": 2 + }, + { + "col": 7, + "panelIndex": 5, + "panelRefName": "panel_4", + "row": 4, + "size_x": 6, + "size_y": 2 + }, + { + "col": 7, + "panelIndex": 6, + "panelRefName": "panel_5", + "row": 6, + "size_x": 6, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 8, + "panelRefName": "panel_6", + "row": 6, + "size_x": 6, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 10, + "panelRefName": "panel_7", + "row": 4, + "size_x": 6, + "size_y": 2 + } + ], + "timeRestore": false, + "title": "[Filebeat Netflow] Flow Exporters", + "uiStateJSON": {}, + "version": 1 + }, + "id": "feebb4e6-b13e-4e4e-b9fc-d3a178276425", + "migrationVersion": { + "dashboard": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "441c6c50-fa1a-489c-96c6-76f7925dea24", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "14c7136d-b4aa-4367-9461-52bf8b5c4796", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "4ac97841-c89f-4d50-b3c6-6253f7e1dd1a", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "85ebf558-402b-45d2-a186-e15f8673ec07", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "f86a7769-8ef6-408d-bbe3-985d0ea0a3f7", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "1cd36f5d-d9c7-4098-acdb-14d312ecfb72", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "d3df8d28-65f8-4ea1-8b33-f479380a0600", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2019-07-11T04:44:33.653Z", + "version": "WzM0MTgsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Dashboard Navigation [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "markdown": "[Overview](#/dashboard/34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/94972700-de4a-4272-9143-2fa8d4981365)\n***" + }, + "title": "Dashboard Navigation [Filebeat Netflow]", + "type": "markdown" + } + }, + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NjQsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Flow Exporters (flow records) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Flow Exporter", + "field": "agent.hostname", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Flow Exporters (flow records) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "441c6c50-fa1a-489c-96c6-76f7925dea24", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:33.653Z", + "version": "WzM0MjAsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Ingress Interfaces (flow records) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Ingress Interface", + "field": "netflow.ingress_interface", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Ingress Interfaces (flow records) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "14c7136d-b4aa-4367-9461-52bf8b5c4796", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:33.653Z", + "version": "WzM0MjEsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Egress Interfaces (flow records) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Egress Interface", + "field": "netflow.egress_interface", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Egress Interfaces (flow records) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "4ac97841-c89f-4d50-b3c6-6253f7e1dd1a", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:33.653Z", + "version": "WzM0MjIsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Egress Interfaces (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.bytes\", split=\"netflow.egress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.egress_interface:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Egress Interfaces (bytes) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "85ebf558-402b-45d2-a186-e15f8673ec07", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:33.653Z", + "version": "WzM0MjMsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Egress Interfaces (packets) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.packets\", split=\"netflow.egress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.egress_interface:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Egress Interfaces (packets) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "f86a7769-8ef6-408d-bbe3-985d0ea0a3f7", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:33.653Z", + "version": "WzM0MjQsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Ingress Interfaces (packets) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.packets\", split=\"netflow.ingress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ingress_interface:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Ingress Interfaces (packets) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "1cd36f5d-d9c7-4098-acdb-14d312ecfb72", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:33.653Z", + "version": "WzM0MjUsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Ingress Interfaces (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.bytes\", split=\"netflow.ingress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ingress_interface:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Ingress Interfaces (bytes) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "d3df8d28-65f8-4ea1-8b33-f479380a0600", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:33.653Z", + "version": "WzM0MjYsMV0=" + } + ], + "version": "7.2.0" +} diff --git a/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-flow-records.json b/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-flow-records.json new file mode 100644 index 00000000000..c39a0fe2272 --- /dev/null +++ b/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-flow-records.json @@ -0,0 +1,476 @@ +{ + "objects": [ + { + "attributes": { + "description": "Netflow flow records", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "input.type", + "negate": false, + "params": { + "query": "netflow" + }, + "type": "phrase", + "value": "netflow" + }, + "query": { + "match": { + "input.type": { + "query": "netflow", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 4, + "panelIndex": 2, + "panelRefName": "panel_0", + "row": 2, + "size_x": 9, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 3, + "panelRefName": "panel_1", + "row": 2, + "size_x": 3, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 4, + "panelRefName": "panel_2", + "row": 1, + "size_x": 12, + "size_y": 1 + }, + { + "col": 1, + "columns": [ + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "network.transport", + "network.bytes", + "network.packets" + ], + "panelIndex": 5, + "panelRefName": "panel_3", + "row": 4, + "size_x": 12, + "size_y": 4, + "sort": [ + "@timestamp", + "desc" + ] + } + ], + "timeRestore": false, + "title": "[Filebeat Netflow] Flow records", + "uiStateJSON": { + "P-3": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + } + }, + "version": 1 + }, + "id": "94972700-de4a-4272-9143-2fa8d4981365", + "migrationVersion": { + "dashboard": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "4bb0255e-18ed-45e4-bfb9-de8e35b12094", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "c27c6a3b-93ee-44d5-8d0c-9b097e575f52", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "a34c6611-79d8-4b50-ae3f-8b328d28e24a", + "name": "panel_3", + "type": "search" + } + ], + "type": "dashboard", + "updated_at": "2019-07-11T04:44:34.680Z", + "version": "WzM0MjcsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Flow Records [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "legendOpen": true + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timeline", + "extended_bounds": {}, + "field": "event.end", + "interval": "s", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Version", + "field": "netflow.exporter.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Flow Records" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Flow Records [Filebeat Netflow]", + "type": "histogram" + } + }, + "id": "4bb0255e-18ed-45e4-bfb9-de8e35b12094", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:34.680Z", + "version": "WzM0MjgsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Flow Records [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "Flow Records [Filebeat Netflow]", + "type": "metric" + } + }, + "id": "c27c6a3b-93ee-44d5-8d0c-9b097e575f52", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:34.680Z", + "version": "WzM0MjksMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Dashboard Navigation [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "markdown": "[Overview](#/dashboard/34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/94972700-de4a-4272-9143-2fa8d4981365)\n***" + }, + "title": "Dashboard Navigation [Filebeat Netflow]", + "type": "markdown" + } + }, + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NjQsMV0=" + }, + { + "attributes": { + "columns": [ + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "network.transport", + "network.bytes", + "network.packets" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Flow Records [Filebeat Netflow]", + "version": 1 + }, + "id": "a34c6611-79d8-4b50-ae3f-8b328d28e24a", + "migrationVersion": { + "search": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2019-07-11T04:44:34.680Z", + "version": "WzM0MzEsMV0=" + } + ], + "version": "7.2.0" +} diff --git a/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-geo-location.json b/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-geo-location.json new file mode 100644 index 00000000000..4b3a59f635e --- /dev/null +++ b/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-geo-location.json @@ -0,0 +1,515 @@ +{ + "objects": [ + { + "attributes": { + "description": "Netflow geo location", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "input.type", + "negate": false, + "params": { + "query": "netflow" + }, + "type": "phrase", + "value": "netflow" + }, + "query": { + "match": { + "input.type": { + "query": "netflow", + "type": "phrase" + } + } + } + } + ] + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 5, + "panelIndex": 16, + "panelRefName": "panel_0", + "row": 2, + "size_x": 8, + "size_y": 6 + }, + { + "col": 1, + "panelIndex": 17, + "panelRefName": "panel_1", + "row": 2, + "size_x": 4, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 18, + "panelRefName": "panel_2", + "row": 4, + "size_x": 4, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 19, + "panelRefName": "panel_3", + "row": 6, + "size_x": 4, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 20, + "panelRefName": "panel_4", + "row": 1, + "size_x": 12, + "size_y": 1 + } + ], + "timeRestore": false, + "title": "[Filebeat Netflow] Geo Location", + "uiStateJSON": { + "P-16": { + "mapCenter": [ + 20.632784250388028, + 16.69921875 + ], + "mapZoom": 2 + } + }, + "version": 1 + }, + "id": "77326664-23be-4bf1-a126-6d7e60cfc024", + "migrationVersion": { + "dashboard": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "f4c8cb5a-7336-449e-ab99-6e867b435b85", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "2316bb53-d98a-4f0f-8cd8-51e9fb317823", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "aed09724-0a69-4331-84f5-3d2067c43930", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "f531f957-e8c0-497a-ad41-ef39c2d29671", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "name": "panel_4", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2019-07-11T04:44:35.630Z", + "version": "WzM0MzIsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destination Geo Location Heatmap [Filebeat Netflow]", + "uiStateJSON": { + "mapCenter": [ + 8.407168163601076, + 9.4921875 + ] + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "customLabel": "Location", + "field": "destination.geo.location", + "precision": 2 + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": "16", + "heatMaxZoom": 16, + "heatMinOpacity": "0.32", + "heatNormalizeData": true, + "heatRadius": "24", + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 15, + 5 + ], + "mapType": "Heatmap", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "Destination Geo Location Heatmap [Filebeat Netflow]", + "type": "tile_map" + } + }, + "id": "f4c8cb5a-7336-449e-ab99-6e867b435b85", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:35.630Z", + "version": "WzM0MzMsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Countries and Cities (flow records) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Country", + "field": "destination.geo.country_name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "City", + "field": "destination.geo.city_name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Countries and Cities (flow records) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "2316bb53-d98a-4f0f-8cd8-51e9fb317823", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:35.630Z", + "version": "WzM0MzQsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destinations and Sources (flow records) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Destinations and Sources (flow records) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "aed09724-0a69-4331-84f5-3d2067c43930", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:35.630Z", + "version": "WzM0MzUsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destination and Source Ports (flow records) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Port", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Port", + "field": "source.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Destination and Source Ports (flow records) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "f531f957-e8c0-497a-ad41-ef39c2d29671", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:35.630Z", + "version": "WzM0MzYsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Dashboard Navigation [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "markdown": "[Overview](#/dashboard/34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/94972700-de4a-4272-9143-2fa8d4981365)\n***" + }, + "title": "Dashboard Navigation [Filebeat Netflow]", + "type": "markdown" + } + }, + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NjQsMV0=" + } + ], + "version": "7.2.0" +} diff --git a/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-overview.json b/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-overview.json new file mode 100644 index 00000000000..c0380395a02 --- /dev/null +++ b/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-overview.json @@ -0,0 +1,1219 @@ +{ + "objects": [ + { + "attributes": { + "description": "Overview of Netflow", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "input.type", + "negate": false, + "params": { + "query": "netflow" + }, + "type": "phrase", + "value": "netflow" + }, + "query": { + "match": { + "input.type": { + "query": "netflow", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "panelIndex": 12, + "panelRefName": "panel_0", + "row": 2, + "size_x": 4, + "size_y": 2 + }, + { + "col": 5, + "panelIndex": 13, + "panelRefName": "panel_1", + "row": 2, + "size_x": 4, + "size_y": 2 + }, + { + "col": 9, + "panelIndex": 14, + "panelRefName": "panel_2", + "row": 2, + "size_x": 4, + "size_y": 2 + }, + { + "col": 5, + "panelIndex": 15, + "panelRefName": "panel_3", + "row": 4, + "size_x": 4, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 17, + "panelRefName": "panel_4", + "row": 1, + "size_x": 12, + "size_y": 1 + }, + { + "col": 9, + "panelIndex": 21, + "panelRefName": "panel_5", + "row": 4, + "size_x": 4, + "size_y": 2 + }, + { + "col": 5, + "panelIndex": 22, + "panelRefName": "panel_6", + "row": 6, + "size_x": 4, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 23, + "panelRefName": "panel_7", + "row": 4, + "size_x": 4, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 24, + "panelRefName": "panel_8", + "row": 6, + "size_x": 4, + "size_y": 2 + }, + { + "col": 9, + "panelIndex": 25, + "panelRefName": "panel_9", + "row": 6, + "size_x": 4, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 26, + "panelRefName": "panel_10", + "row": 8, + "size_x": 4, + "size_y": 2 + }, + { + "col": 5, + "panelIndex": 27, + "panelRefName": "panel_11", + "row": 8, + "size_x": 4, + "size_y": 2 + }, + { + "col": 9, + "panelIndex": 29, + "panelRefName": "panel_12", + "row": 8, + "size_x": 4, + "size_y": 2 + } + ], + "timeRestore": false, + "title": "[Filebeat Netflow] Overview", + "uiStateJSON": {}, + "version": 1 + }, + "id": "34e26884-161a-4448-9556-43b5bf2f62a2", + "migrationVersion": { + "dashboard": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "ae334aec-31fa-4df7-a064-40b18831d819", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "67fdca65-a9df-47f0-a8a4-1e8b056325de", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "1558508d-591c-49be-bef4-85fdac18a960", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "1cf30eac-aae8-47fa-a156-37f6346d2d5a", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "7fa6cb0a-518d-46e9-a228-15cd4253a957", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "f772028b-d5a6-4d55-b441-493871981a60", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "57e13a20-e94f-4465-a942-42148634a1d2", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "b02c2713-17f0-41dd-88a3-ce33b446f19d", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "5ccac452-e90a-4dde-ae9b-1be36ce3f761", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "31708a70-4957-4a8a-8065-5c88a344ad02", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "b677cd82-b33e-49b3-8b6e-0e110177b163", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "3dec20c0-0d4f-43ef-8864-3779e1a1b33f", + "name": "panel_12", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2019-07-11T04:44:36.725Z", + "version": "WzM0MzgsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + } + }, + "title": "IP Version and Protocols (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "IP Version", + "field": "network.type", + "missingBucket": true, + "missingBucketLabel": "unset ip version", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Protocol", + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "sum", + "format": { + "id": "bytes" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "IP Version and Protocols (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "ae334aec-31fa-4df7-a064-40b18831d819", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:36.725Z", + "version": "WzM0MzksMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destinations and Ports (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Port", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Destinations and Ports (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "67fdca65-a9df-47f0-a8a4-1e8b056325de", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:36.725Z", + "version": "WzM0NDAsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Sources and Ports (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Port", + "field": "source.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Sources and Ports (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "1558508d-591c-49be-bef4-85fdac18a960", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:36.725Z", + "version": "WzM0NDEsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Types of Service (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Type of Service", + "field": "netflow.ip_class_of_service", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Types of Service (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "1cf30eac-aae8-47fa-a156-37f6346d2d5a", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NzgsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Dashboard Navigation [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "markdown": "[Overview](#/dashboard/34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/94972700-de4a-4272-9143-2fa8d4981365)\n***" + }, + "title": "Dashboard Navigation [Filebeat Netflow]", + "type": "markdown" + } + }, + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NjQsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "VLANs (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "VLAN", + "field": "netflow.vlan_id", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "VLANs (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "7fa6cb0a-518d-46e9-a228-15cd4253a957", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NzksMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Autonomous Systems (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Autonomous System", + "field": "destination.as.organization.name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Autonomous Systems (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "f772028b-d5a6-4d55-b441-493871981a60", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0ODEsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "TCP Flags (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "TCP Flags", + "field": "netflow.tcp_control_bits", + "order": "desc", + "orderBy": "1", + "size": 255 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "TCP Flags (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "57e13a20-e94f-4465-a942-42148634a1d2", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0ODAsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Locality (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Locality", + "field": "flow.locality", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Locality (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "b02c2713-17f0-41dd-88a3-ce33b446f19d", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:36.725Z", + "version": "WzM0NDcsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Countries and Cities (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Country", + "field": "destination.geo.country_name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "City", + "field": "destination.geo.city_name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Countries and Cities (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "5ccac452-e90a-4dde-ae9b-1be36ce3f761", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:36.725Z", + "version": "WzM0NDgsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Flow Exporters (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Flow Exporter", + "field": "agent.hostname", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Flow Exporters (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "31708a70-4957-4a8a-8065-5c88a344ad02", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:36.725Z", + "version": "WzM0NDksMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Direction (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Direction", + "field": "network.direction", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Direction (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "b677cd82-b33e-49b3-8b6e-0e110177b163", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:36.725Z", + "version": "WzM0NTAsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Version (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Version", + "field": "netflow.exporter.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Version (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "3dec20c0-0d4f-43ef-8864-3779e1a1b33f", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:36.725Z", + "version": "WzM0NTEsMV0=" + } + ], + "version": "7.2.0" +} diff --git a/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-top-n.json b/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-top-n.json new file mode 100644 index 00000000000..437bc4c32b9 --- /dev/null +++ b/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-top-n.json @@ -0,0 +1,1138 @@ +{ + "objects": [ + { + "attributes": { + "description": "Netflow Top N flows", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "input.type", + "negate": false, + "params": { + "query": "netflow" + }, + "type": "phrase", + "value": "netflow" + }, + "query": { + "match": { + "input.type": { + "query": "netflow", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "panelIndex": 1, + "panelRefName": "panel_0", + "row": 1, + "size_x": 12, + "size_y": 1 + }, + { + "col": 1, + "panelIndex": 2, + "panelRefName": "panel_1", + "row": 2, + "size_x": 6, + "size_y": 5 + }, + { + "col": 7, + "panelIndex": 3, + "panelRefName": "panel_2", + "row": 2, + "size_x": 6, + "size_y": 5 + }, + { + "col": 1, + "panelIndex": 4, + "panelRefName": "panel_3", + "row": 7, + "size_x": 6, + "size_y": 5 + }, + { + "col": 7, + "panelIndex": 5, + "panelRefName": "panel_4", + "row": 7, + "size_x": 6, + "size_y": 5 + }, + { + "col": 1, + "panelIndex": 6, + "panelRefName": "panel_5", + "row": 12, + "size_x": 6, + "size_y": 5 + }, + { + "col": 7, + "panelIndex": 7, + "panelRefName": "panel_6", + "row": 12, + "size_x": 6, + "size_y": 5 + }, + { + "col": 1, + "panelIndex": 8, + "panelRefName": "panel_7", + "row": 17, + "size_x": 6, + "size_y": 5 + }, + { + "col": 7, + "panelIndex": 9, + "panelRefName": "panel_8", + "row": 17, + "size_x": 6, + "size_y": 5 + } + ], + "timeRestore": false, + "title": "[Filebeat Netflow] Top-N", + "uiStateJSON": { + "P-2": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-3": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-4": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-5": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-6": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-7": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-8": { + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + } + }, + "P-9": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + } + }, + "version": 1 + }, + "id": "14387a13-53bc-43a4-b9cd-63977aa8d87c", + "migrationVersion": { + "dashboard": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "15295ea6-ba84-47db-8ced-9312abbf495c", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "5303e99b-389c-47b7-ae7a-945c5a92ba49", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "e9ad835b-b2f2-42d3-a3e7-555a593deacf", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "31b5f6fd-eb9d-4e97-90fd-367062ef217f", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "2b3d4e86-2254-4033-8fe3-ce4753fafd03", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "036aef95-ec90-468d-ad7c-3cc4405e9e81", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "5292a65b-c532-422a-9008-1251a8073a3a", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "cccff92f-cb71-49a9-9caf-84867751d31e", + "name": "panel_8", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2019-07-11T04:44:37.748Z", + "version": "WzM0NTIsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Dashboard Navigation [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "markdown": "[Overview](#/dashboard/34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/94972700-de4a-4272-9143-2fa8d4981365)\n***" + }, + "title": "Dashboard Navigation [Filebeat Netflow]", + "type": "markdown" + } + }, + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NjQsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Top Sources [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Sources [Filebeat Netflow]", + "type": "table" + } + }, + "id": "15295ea6-ba84-47db-8ced-9312abbf495c", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:37.748Z", + "version": "WzM0NTQsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Top Destinations [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Destinations [Filebeat Netflow]", + "type": "table" + } + }, + "id": "5303e99b-389c-47b7-ae7a-945c5a92ba49", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:37.748Z", + "version": "WzM0NTUsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Top Source Ports [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source", + "field": "source.port", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Source Ports [Filebeat Netflow]", + "type": "table" + } + }, + "id": "e9ad835b-b2f2-42d3-a3e7-555a593deacf", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:37.748Z", + "version": "WzM0NTYsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Top Destination Ports [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination", + "field": "destination.port", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Destination Ports [Filebeat Netflow]", + "type": "table" + } + }, + "id": "31b5f6fd-eb9d-4e97-90fd-367062ef217f", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:37.748Z", + "version": "WzM0NTcsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Top Protocols [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Protocol", + "field": "network.transport", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Protocols [Filebeat Netflow]", + "type": "table" + } + }, + "id": "2b3d4e86-2254-4033-8fe3-ce4753fafd03", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:37.748Z", + "version": "WzM0NTgsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Top Autonomous Systems [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Autonomous System", + "field": "destination.as.organization.name", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Autonomous Systems [Filebeat Netflow]", + "type": "table" + } + }, + "id": "036aef95-ec90-468d-ad7c-3cc4405e9e81", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:37.748Z", + "version": "WzM0NTksMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Top Cities [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Country", + "field": "destination.geo.country_name", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "City", + "field": "destination.geo.city_name", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": true, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Cities [Filebeat Netflow]", + "type": "table" + } + }, + "id": "5292a65b-c532-422a-9008-1251a8073a3a", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:37.748Z", + "version": "WzM0NjAsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Top Flow Exporters [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Flow Exporter", + "field": "agent.hostname", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Flow Exporters [Filebeat Netflow]", + "type": "table" + } + }, + "id": "cccff92f-cb71-49a9-9caf-84867751d31e", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:37.748Z", + "version": "WzM0NjEsMV0=" + } + ], + "version": "7.2.0" +} diff --git a/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-traffic-analysis.json b/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-traffic-analysis.json new file mode 100644 index 00000000000..cab5c2a0e0b --- /dev/null +++ b/filebeat/module/netflow/_meta/kibana/7/dashboard/filebeat-netflow-traffic-analysis.json @@ -0,0 +1,3096 @@ +{ + "objects": [ + { + "attributes": { + "description": "Netflow traffic analysis", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "input.type", + "negate": false, + "params": { + "query": "netflow" + }, + "type": "phrase", + "value": "netflow" + }, + "query": { + "match": { + "input.type": { + "query": "netflow", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 7, + "panelIndex": 1, + "panelRefName": "panel_0", + "row": 22, + "size_x": 6, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 4, + "panelRefName": "panel_1", + "row": 1, + "size_x": 12, + "size_y": 1 + }, + { + "col": 7, + "panelIndex": 5, + "panelRefName": "panel_2", + "row": 28, + "size_x": 6, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 6, + "panelRefName": "panel_3", + "row": 28, + "size_x": 6, + "size_y": 2 + }, + { + "col": 7, + "panelIndex": 7, + "panelRefName": "panel_4", + "row": 10, + "size_x": 6, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 9, + "panelRefName": "panel_5", + "row": 22, + "size_x": 6, + "size_y": 2 + }, + { + "col": 7, + "panelIndex": 10, + "panelRefName": "panel_6", + "row": 16, + "size_x": 6, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 11, + "panelRefName": "panel_7", + "row": 16, + "size_x": 6, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 12, + "panelRefName": "panel_8", + "row": 10, + "size_x": 6, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 13, + "panelRefName": "panel_9", + "row": 4, + "size_x": 6, + "size_y": 2 + }, + { + "col": 7, + "panelIndex": 14, + "panelRefName": "panel_10", + "row": 4, + "size_x": 6, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 15, + "panelRefName": "panel_11", + "row": 2, + "size_x": 4, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 16, + "panelRefName": "panel_12", + "row": 8, + "size_x": 4, + "size_y": 2 + }, + { + "col": 7, + "panelIndex": 17, + "panelRefName": "panel_13", + "row": 2, + "size_x": 4, + "size_y": 2 + }, + { + "col": 7, + "panelIndex": 18, + "panelRefName": "panel_14", + "row": 8, + "size_x": 4, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 19, + "panelRefName": "panel_15", + "row": 14, + "size_x": 4, + "size_y": 2 + }, + { + "col": 7, + "panelIndex": 20, + "panelRefName": "panel_16", + "row": 14, + "size_x": 4, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 21, + "panelRefName": "panel_17", + "row": 20, + "size_x": 4, + "size_y": 2 + }, + { + "col": 7, + "panelIndex": 22, + "panelRefName": "panel_18", + "row": 20, + "size_x": 4, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 23, + "panelRefName": "panel_19", + "row": 26, + "size_x": 4, + "size_y": 2 + }, + { + "col": 7, + "panelIndex": 24, + "panelRefName": "panel_20", + "row": 26, + "size_x": 4, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 25, + "panelRefName": "panel_21", + "row": 6, + "size_x": 6, + "size_y": 2 + }, + { + "col": 11, + "panelIndex": 26, + "panelRefName": "panel_22", + "row": 2, + "size_x": 2, + "size_y": 2 + }, + { + "col": 5, + "panelIndex": 27, + "panelRefName": "panel_23", + "row": 2, + "size_x": 2, + "size_y": 2 + }, + { + "col": 7, + "panelIndex": 28, + "panelRefName": "panel_24", + "row": 6, + "size_x": 6, + "size_y": 2 + }, + { + "col": 11, + "panelIndex": 29, + "panelRefName": "panel_25", + "row": 8, + "size_x": 2, + "size_y": 2 + }, + { + "col": 5, + "panelIndex": 30, + "panelRefName": "panel_26", + "row": 8, + "size_x": 2, + "size_y": 2 + }, + { + "col": 7, + "panelIndex": 31, + "panelRefName": "panel_27", + "row": 24, + "size_x": 6, + "size_y": 2 + }, + { + "col": 7, + "panelIndex": 34, + "panelRefName": "panel_28", + "row": 30, + "size_x": 6, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 35, + "panelRefName": "panel_29", + "row": 30, + "size_x": 6, + "size_y": 2 + }, + { + "col": 7, + "panelIndex": 38, + "panelRefName": "panel_30", + "row": 12, + "size_x": 6, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 42, + "panelRefName": "panel_31", + "row": 12, + "size_x": 6, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 44, + "panelRefName": "panel_32", + "row": 24, + "size_x": 6, + "size_y": 2 + }, + { + "col": 1, + "panelIndex": 45, + "panelRefName": "panel_33", + "row": 18, + "size_x": 6, + "size_y": 2 + }, + { + "col": 7, + "panelIndex": 47, + "panelRefName": "panel_34", + "row": 18, + "size_x": 6, + "size_y": 2 + }, + { + "col": 5, + "panelIndex": 48, + "panelRefName": "panel_35", + "row": 14, + "size_x": 2, + "size_y": 2 + }, + { + "col": 11, + "panelIndex": 49, + "panelRefName": "panel_36", + "row": 14, + "size_x": 2, + "size_y": 2 + }, + { + "col": 11, + "panelIndex": 50, + "panelRefName": "panel_37", + "row": 20, + "size_x": 2, + "size_y": 2 + }, + { + "col": 11, + "panelIndex": 51, + "panelRefName": "panel_38", + "row": 26, + "size_x": 2, + "size_y": 2 + }, + { + "col": 5, + "panelIndex": 52, + "panelRefName": "panel_39", + "row": 26, + "size_x": 2, + "size_y": 2 + }, + { + "col": 5, + "panelIndex": 53, + "panelRefName": "panel_40", + "row": 20, + "size_x": 2, + "size_y": 2 + } + ], + "timeRestore": false, + "title": "[Filebeat Netflow] Traffic Analysis", + "uiStateJSON": { + "P-15": { + "vis": { + "legendOpen": true + } + }, + "P-26": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "P-27": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "P-29": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "P-30": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "P-48": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "P-49": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "P-50": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "P-51": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "P-52": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "P-53": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + } + }, + "version": 1 + }, + "id": "38012abe-c611-4124-8497-381fcd85acc8", + "migrationVersion": { + "dashboard": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "abfa0b19-60cd-4984-9c3d-02ebf0aa1dfb", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "1e74d5cb-556d-42ee-8042-88f6c1af47f0", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "5cfb2c9a-4815-4a25-9d7e-ab0ef55ffe63", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "3e27fb83-b3e3-4c15-b999-ed6da49b7a86", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "5d868836-c7b2-4812-bf47-4838aac281d9", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "a5efa3dd-f53a-4d14-9d3f-ee73345fd93d", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "717cd7c7-bfca-435d-8ee7-38259927aade", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "f668ecdb-eec7-44c6-9060-26aaf9fc8404", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "6bbd6712-494a-4fd9-b3d3-757304681f0f", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "681f0ce4-d828-4a99-b643-0c0715530050", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "fd6c1144-5026-4795-b7af-a9aa3fc28c56", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "0b2818fd-aecc-4bef-b566-9466eb702ae4", + "name": "panel_12", + "type": "visualization" + }, + { + "id": "248e00b4-8fc2-406f-8907-729d5380aaa7", + "name": "panel_13", + "type": "visualization" + }, + { + "id": "cf399a85-e348-4ac1-a399-e8f5a44114c4", + "name": "panel_14", + "type": "visualization" + }, + { + "id": "1cf30eac-aae8-47fa-a156-37f6346d2d5a", + "name": "panel_15", + "type": "visualization" + }, + { + "id": "7fa6cb0a-518d-46e9-a228-15cd4253a957", + "name": "panel_16", + "type": "visualization" + }, + { + "id": "57e13a20-e94f-4465-a942-42148634a1d2", + "name": "panel_17", + "type": "visualization" + }, + { + "id": "f772028b-d5a6-4d55-b441-493871981a60", + "name": "panel_18", + "type": "visualization" + }, + { + "id": "a14c3248-952d-42aa-bd7d-9b39157a776f", + "name": "panel_19", + "type": "visualization" + }, + { + "id": "a685420e-c45f-4b62-932b-5b76ac8b8ca2", + "name": "panel_20", + "type": "visualization" + }, + { + "id": "0528bc66-6981-400a-a02d-c1d221b38890", + "name": "panel_21", + "type": "visualization" + }, + { + "id": "e99dc327-03de-4561-9e0c-f550710125c2", + "name": "panel_22", + "type": "visualization" + }, + { + "id": "32e712ed-fa15-4db7-8575-8476e8d65b03", + "name": "panel_23", + "type": "visualization" + }, + { + "id": "d59a031c-70d6-47d7-966d-7fcb805be9be", + "name": "panel_24", + "type": "visualization" + }, + { + "id": "af707b01-29f1-462b-b279-6d2e803f3645", + "name": "panel_25", + "type": "visualization" + }, + { + "id": "ddd27657-c3c8-4f82-8059-6d7763dd599b", + "name": "panel_26", + "type": "visualization" + }, + { + "id": "30cd1009-2925-4c9b-820d-d689f5d1efda", + "name": "panel_27", + "type": "visualization" + }, + { + "id": "7d447b22-89dc-4f32-b549-4b8620af4d76", + "name": "panel_28", + "type": "visualization" + }, + { + "id": "d41a9663-e5ad-47a7-955e-3803ae4e23c0", + "name": "panel_29", + "type": "visualization" + }, + { + "id": "3a4209e2-281c-467e-b5cb-315bf4a2661f", + "name": "panel_30", + "type": "visualization" + }, + { + "id": "201d7dd1-a880-4a64-b631-db5629340db9", + "name": "panel_31", + "type": "visualization" + }, + { + "id": "8f83cf97-4a48-421f-8db5-690297d1f4fb", + "name": "panel_32", + "type": "visualization" + }, + { + "id": "a1704d46-15fc-41c2-851d-796ceb49877f", + "name": "panel_33", + "type": "visualization" + }, + { + "id": "15e2a267-2495-4df2-a121-abe410d2f18c", + "name": "panel_34", + "type": "visualization" + }, + { + "id": "f27c1479-0625-4cdc-92de-672e47db0f87", + "name": "panel_35", + "type": "visualization" + }, + { + "id": "0177bf1a-cba8-4ba6-a1d7-73caed86ffc2", + "name": "panel_36", + "type": "visualization" + }, + { + "id": "d5568704-e30b-4108-bb49-06a9b8dce6a6", + "name": "panel_37", + "type": "visualization" + }, + { + "id": "16262df9-a979-4136-935e-d883c7d373d7", + "name": "panel_38", + "type": "visualization" + }, + { + "id": "63ef5338-fdf2-488e-b78a-f0e98daccc95", + "name": "panel_39", + "type": "visualization" + }, + { + "id": "2dca3025-692c-4876-8bcc-e0b248dc9819", + "name": "panel_40", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NjIsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Autonomous Systems (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.bytes\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Autonomous Systems (bytes) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "abfa0b19-60cd-4984-9c3d-02ebf0aa1dfb", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NjMsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Dashboard Navigation [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "markdown": "[Overview](#/dashboard/34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/94972700-de4a-4272-9143-2fa8d4981365)\n***" + }, + "title": "Dashboard Navigation [Filebeat Netflow]", + "type": "markdown" + } + }, + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NjQsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Cities (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.bytes\", split=\"destination.geo.city_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.city_name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Cities (bytes) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "1e74d5cb-556d-42ee-8042-88f6c1af47f0", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NjUsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Countries (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.bytes\", split=\"destination.geo.country_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.country_name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Countries (bytes) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "5cfb2c9a-4815-4a25-9d7e-ab0ef55ffe63", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NjYsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Destination Ports (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.bytes\", split=\"destination.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.port:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Destination Ports (bytes) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "3e27fb83-b3e3-4c15-b999-ed6da49b7a86", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NjcsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "TCP Flags (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.bytes\", split=\"netflow.tcp_control_bits:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.tcp_control_bits:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "TCP Flags (bytes) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "5d868836-c7b2-4812-bf47-4838aac281d9", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NjgsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "VLANs (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.bytes\", split=\"netflow.vlan_id:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.vlan_id:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "VLANs (bytes) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "a5efa3dd-f53a-4d14-9d3f-ee73345fd93d", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NjksMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Types of Service (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.bytes\", split=\"netflow.ip_class_of_service:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ip_class_of_service:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Types of Service (bytes) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "717cd7c7-bfca-435d-8ee7-38259927aade", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NzAsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Source Ports (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.bytes\", split=\"source.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.port:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Source Ports (bytes) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "f668ecdb-eec7-44c6-9060-26aaf9fc8404", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NzEsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Sources (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.bytes\", split=\"source.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.ip:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Sources (bytes) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "6bbd6712-494a-4fd9-b3d3-757304681f0f", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NzIsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Destinations (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.bytes\", split=\"destination.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.ip:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Destinations (bytes) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "681f0ce4-d828-4a99-b643-0c0715530050", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NzMsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Sources (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Sources (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "fd6c1144-5026-4795-b7af-a9aa3fc28c56", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NzQsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Source Ports (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Port", + "field": "source.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Source Ports (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "0b2818fd-aecc-4bef-b566-9466eb702ae4", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NzUsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destinations (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Destinations (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "248e00b4-8fc2-406f-8907-729d5380aaa7", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NzYsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destination Ports (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Port", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Destination Ports (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "cf399a85-e348-4ac1-a399-e8f5a44114c4", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NzcsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Types of Service (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Type of Service", + "field": "netflow.ip_class_of_service", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Types of Service (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "1cf30eac-aae8-47fa-a156-37f6346d2d5a", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NzgsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "VLANs (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "VLAN", + "field": "netflow.vlan_id", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "VLANs (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "7fa6cb0a-518d-46e9-a228-15cd4253a957", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0NzksMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "TCP Flags (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "TCP Flags", + "field": "netflow.tcp_control_bits", + "order": "desc", + "orderBy": "1", + "size": 255 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "TCP Flags (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "57e13a20-e94f-4465-a942-42148634a1d2", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0ODAsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Autonomous Systems (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Autonomous System", + "field": "destination.as.organization.name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Autonomous Systems (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "f772028b-d5a6-4d55-b441-493871981a60", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0ODEsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Countries (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Country", + "field": "destination.geo.country_name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Countries (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "a14c3248-952d-42aa-bd7d-9b39157a776f", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0ODIsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Cities (bytes) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "City", + "field": "destination.geo.city_name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Cities (bytes) [Filebeat Netflow]", + "type": "pie" + } + }, + "id": "a685420e-c45f-4b62-932b-5b76ac8b8ca2", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0ODMsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Sources (packets) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.packets\", split=\"source.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.ip:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Sources (packets) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "0528bc66-6981-400a-a02d-c1d221b38890", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0ODQsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destination Count [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Destinations", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "fontSize": "32", + "handleNoResults": true + }, + "title": "Destination Count [Filebeat Netflow]", + "type": "metric" + } + }, + "id": "e99dc327-03de-4561-9e0c-f550710125c2", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0ODUsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Source Count [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "Source Count [Filebeat Netflow]", + "type": "metric" + } + }, + "id": "32e712ed-fa15-4db7-8575-8476e8d65b03", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0ODYsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Destinations (packets) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.packets\", split=\"destination.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.ip:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Destinations (packets) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "d59a031c-70d6-47d7-966d-7fcb805be9be", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0ODcsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destination Port Count [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "Destination Port Count [Filebeat Netflow]", + "type": "metric" + } + }, + "id": "af707b01-29f1-462b-b279-6d2e803f3645", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0ODgsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Source Port Count [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Source Ports", + "field": "source.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "Source Port Count [Filebeat Netflow]", + "type": "metric" + } + }, + "id": "ddd27657-c3c8-4f82-8059-6d7763dd599b", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0ODksMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Autonomous Systems (packets) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.packets\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Autonomous Systems (packets) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "30cd1009-2925-4c9b-820d-d689f5d1efda", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0OTAsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Cities (packets) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.packets\", split=\"destination.geo.city_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.city_name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Cities (packets) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "7d447b22-89dc-4f32-b549-4b8620af4d76", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0OTEsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Countries (packets) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.packets\", split=\"destination.geo.country_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.country_name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Countries (packets) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "d41a9663-e5ad-47a7-955e-3803ae4e23c0", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0OTIsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Destination Ports (packets) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.packets\", split=\"destination.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.port:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Destination Ports (packets) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "3a4209e2-281c-467e-b5cb-315bf4a2661f", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0OTMsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Source Ports (packets) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.packets\", split=\"source.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.port:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Source Ports (packets) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "201d7dd1-a880-4a64-b631-db5629340db9", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0OTQsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "TCP Flags (packets) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.packets\", split=\"netflow.tcp_control_bits:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.tcp_control_bits:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "TCP Flags (packets) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "8f83cf97-4a48-421f-8db5-690297d1f4fb", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0OTUsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Types of Service (packets) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.packets\", split=\"netflow.ip_class_of_service:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ip_class_of_service:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Types of Service (packets) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "a1704d46-15fc-41c2-851d-796ceb49877f", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0OTYsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "VLANs (packets) [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"filebeat-*\", metric=\"sum:network.packets\", split=\"netflow.vlan_id:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.vlan_id:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "VLANs (packets) [Filebeat Netflow]", + "type": "timelion" + } + }, + "id": "15e2a267-2495-4df2-a121-abe410d2f18c", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0OTcsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "ToS Count [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Types of Service", + "field": "netflow.ip_class_of_service" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "ToS Count [Filebeat Netflow]", + "type": "metric" + } + }, + "id": "f27c1479-0625-4cdc-92de-672e47db0f87", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0OTgsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "VLAN Count [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "VLANs", + "field": "netflow.vlan_id" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "VLAN Count [Filebeat Netflow]", + "type": "metric" + } + }, + "id": "0177bf1a-cba8-4ba6-a1d7-73caed86ffc2", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM0OTksMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Autonomous System Count [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Autonomous Systems", + "field": "destination.as.organization.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "Autonomous System Count [Filebeat Netflow]", + "type": "metric" + } + }, + "id": "d5568704-e30b-4108-bb49-06a9b8dce6a6", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM1MDAsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "City Count [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Cities", + "field": "destination.geo.city_name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "City Count [Filebeat Netflow]", + "type": "metric" + } + }, + "id": "16262df9-a979-4136-935e-d883c7d373d7", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM1MDEsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Country Count [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Countries", + "field": "destination.geo.country_name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "Country Count [Filebeat Netflow]", + "type": "metric" + } + }, + "id": "63ef5338-fdf2-488e-b78a-f0e98daccc95", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM1MDIsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "TCP Flags Count [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "TCP Flag States", + "field": "netflow.tcp_control_bits" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "TCP Flags Count [Filebeat Netflow]", + "type": "metric" + } + }, + "id": "2dca3025-692c-4876-8bcc-e0b248dc9819", + "migrationVersion": { + "visualization": "7.2.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-07-11T04:44:38.685Z", + "version": "WzM1MDMsMV0=" + } + ], + "version": "7.2.0" +} diff --git a/filebeat/module/netflow/dashboards.yml b/filebeat/module/netflow/dashboards.yml new file mode 100644 index 00000000000..313bfb6fc4b --- /dev/null +++ b/filebeat/module/netflow/dashboards.yml @@ -0,0 +1,26 @@ +--- + +dashboards: + - id: 77326664-23be-4bf1-a126-6d7e60cfc024 + file: filebeat-netflow-geo-location.json + + - id: 38012abe-c611-4124-8497-381fcd85acc8 + file: filebeat-netflow-traffic-analysis.json + + - id: c64665f9-d222-421e-90b0-c7310d944b8a + file: filebeat-netflow-autonomous-systems.json + + - id: acd7a630-0c71-4840-bc9e-4a3801374a32 + file: filebeat-netflow-conversation-partners.json + + - id: 34e26884-161a-4448-9556-43b5bf2f62a2 + file: filebeat-netflow-overview.json + + - id: feebb4e6-b13e-4e4e-b9fc-d3a178276425 + file: filebeat-netflow-flow-exporters.json + + - id: 94972700-de4a-4272-9143-2fa8d4981365 + file: filebeat-netflow-flow-records.json + + - id: 14387a13-53bc-43a4-b9cd-63977aa8d87c + file: filebeat-netflow-top-n.json diff --git a/filebeat/module/netflow/fields.go b/filebeat/module/netflow/fields.go new file mode 100644 index 00000000000..e56fad192b4 --- /dev/null +++ b/filebeat/module/netflow/fields.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package netflow + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "netflow", asset.ModuleFieldsPri, AssetNetflow); err != nil { + panic(err) + } +} + +// AssetNetflow returns asset data. +// This is the base64 encoded gzipped contents of module/netflow. +func AssetNetflow() string { + return "eJw8jjFOw0AQRfs9xbtAcoAtqFCkFKAUINGazBiPWHas3Ymt3B4Z4fTv/f8OfOs9UzXG4uvhx+VWNEFYFM28apyKrwlE+7XZHOY185QAXv5gRm80vaotVr92g6EK58vp/ME2vAHepOOLNt6fL0feJuVxB+LaqR4MIoymRTqfevcqrNMQxKR7JVbnWzA3X0y0HxP/Qk6/AQAA//9CcUYh" +} diff --git a/filebeat/module/netflow/log/config/netflow.yml b/filebeat/module/netflow/log/config/netflow.yml new file mode 100644 index 00000000000..460bd498a34 --- /dev/null +++ b/filebeat/module/netflow/log/config/netflow.yml @@ -0,0 +1,25 @@ +type: netflow +protocols: [v1, v5, v6, v7, v8, v9, ipfix] +host: '{{.netflow_host}}:{{.netflow_port}}' +max_message_size: '{{.max_message_size}}' +expiration_timeout: '{{.expiration_timeout}}' +queue_size: {{.queue_size}} + +{{if .timeout}} +timeout: '{{.timeout}}' +{{end}} + +{{if .read_buffer}} +read_buffer: '{{.read_buffer}}' +{{end}} + +{{ if .custom_definitions}} +custom_definitions: +{{range .custom_definitions}} +- '{{ . }}' +{{end}} +{{end}} + +{{ if .detect_sequence_reset}} +detect_sequence_reset: {{.detect_sequence_reset}} +{{end}} diff --git a/filebeat/module/netflow/log/ingest/pipeline.yml b/filebeat/module/netflow/log/ingest/pipeline.yml new file mode 100644 index 00000000000..934e33ad564 --- /dev/null +++ b/filebeat/module/netflow/log/ingest/pipeline.yml @@ -0,0 +1,54 @@ +--- +description: Pipeline for Filebeat NetFlow + +processors: + # IP Geolocation Lookup + - geoip: + if: ctx.source?.geo == null + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + if: ctx.destination?.geo == null + field: destination.ip + target_field: destination.geo + ignore_missing: true + + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + +on_failure: + - set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/filebeat/module/netflow/log/manifest.yml b/filebeat/module/netflow/log/manifest.yml new file mode 100644 index 00000000000..8e1e1b72739 --- /dev/null +++ b/filebeat/module/netflow/log/manifest.yml @@ -0,0 +1,23 @@ +module_version: "1.0" + +var: + - name: netflow_host + default: localhost + - name: netflow_port + default: 2055 + - name: max_message_size + default: 10KiB + - name: expiration_timeout + default: 30m + - name: queue_size + default: 8192 + - name: read_buffer + - name: timeout + - name: custom_definitions + - name: detect_sequence_reset +ingest_pipeline: ingest/pipeline.yml +input: config/netflow.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/filebeat/module/o365/_meta/config.yml b/filebeat/module/o365/_meta/config.yml new file mode 100644 index 00000000000..8114b404aa4 --- /dev/null +++ b/filebeat/module/o365/_meta/config.yml @@ -0,0 +1,45 @@ +- module: o365 + audit: + enabled: true + + # Set the application_id (also known as client ID): + var.application_id: "" + + # Configure the tenants to monitor: + # Use the tenant ID (also known as directory ID) and the domain name. + # var.tenants: + # - id: "tenant_id_1" + # name: "mydomain.onmicrosoft.com" + # - id: "tenant_id_2" + # name: "mycompany.com" + var.tenants: + - id: "" + name: "mytenant.onmicrosoft.com" + + # List of content-types to fetch. By default all known content-types + # are retrieved: + # var.content_type: + # - "Audit.AzureActiveDirectory" + # - "Audit.Exchange" + # - "Audit.SharePoint" + # - "Audit.General" + # - "DLP.All" + + # Use the following settings to enable certificate-based authentication: + # var.certificate: "/path/to/certificate.pem" + # var.key: "/path/to/private_key.pem" + # var.key_passphrase: "myPrivateKeyPassword" + + # Client-secret based authentication: + # Comment the following line if using certificate authentication. + var.client_secret: "" + + # Advanced settings, use with care: + # var.api: + # # Settings for custom endpoints: + # authentication_endpoint: "https://login.microsoftonline.us/" + # resource: "https://manage.office365.us" + # + # max_retention: 7d + # max_requests_per_minute: 2000 + # poll_interval: 3m diff --git a/filebeat/module/o365/_meta/docs.asciidoc b/filebeat/module/o365/_meta/docs.asciidoc new file mode 100644 index 00000000000..d2cf4730441 --- /dev/null +++ b/filebeat/module/o365/_meta/docs.asciidoc @@ -0,0 +1,213 @@ +[role="xpack"] + +:modulename: o365 +:has-dashboards: true + +== Office 365 module + +This is a module for Office 365 logs received via one of the Office 365 API +endpoints. It currently supports user, admin, system, and policy actions and +events from Office 365 and Azure AD activity logs exposed by the Office 365 +Management Activity API. + +The {plugins}/ingest-geoip.html[ingest-geoip] and +{plugins}/ingest-user-agent.html[ingest-user_agent] Elasticsearch plugins are +required to run this module. + +include::../include/gs-link.asciidoc[] + +include::../include/configuring-intro.asciidoc[] + +:fileset_ex: audit + +include::../include/config-option-intro.asciidoc[] + +[float] +==== `audit` fileset settings + +The `audit` fileset uses the Office 365 Management Activity API to retrieve +audit messages from Office 365 and Azure AD activity logs. These are the same +logs that are available under _Audit_ _Log_ _Search_ in the _Security_ _and_ +_Compliance_ _Center._ + +[float] +===== Setup + +To use this fileset you need to https://docs.microsoft.com/en-us/microsoft-365/compliance/turn-audit-log-search-on-or-off?view=o365-worldwide#turn-on-audit-log-search[enable Audit Log Search] + and https://docs.microsoft.com/en-us/office/office-365-management-api/get-started-with-office-365-management-apis#register-your-application-in-azure-ad[register an application in Azure AD.] + +Once this application is registered note the _Application (client) ID_ and the +_Directory (tenant) ID._ Then configure the authentication in the _Certificates & Secrets_ +section. + + +Example configuration `o365.yml` using client-secret authentication: + +[source,yaml] +---- + audit: + enabled: true + var.application_id: "" + var.tenants: + - id: "" + name: "mytenant.onmicrosoft.com" + var.client_secret: "" +---- + +Certificate-based authentication is specially useful when monitoring multiple +tenants. Example configuration: + +[source,yaml] +---- + audit: + enabled: true + var.application_id: "" + var.tenants: + - id: "" + name: "tenantA.onmicrosoft.com" + - id: "" + name: "tenantB.onmicrosoft.com" + var.certificate: "/path/to/certificate.pem" + var.key: "/path/to/private_key.pem" + var.key_passphrase: "my_passphrase" # (optional) for encrypted keys +---- + +Finally you need to add permissions in the _API permissions_ section and grant +it admin consent. Click on _Add permission_ and select +_Office 365 Management APIs._ The needed permissions are: + +- User.Read +- ActivityFeed.Read +- ActivityFeed.ReadDlp +- ServiceHealth.Read + +[role="screenshot"] +image::./images/filebeat-o365-azure-permissions.png[] + +Once the required permissions are added, click the _Grant admin consent_ button. +Note that it can take a while for the required permissions to be in effect, so +it's possible that you observe some permission errors when running {beatname_uc} +right away. + +[float] +===== Alternative endpoints + +This module supports custom endpoints for on-prem deployments as well as +alternative endpoints (GCC High endponts, U.S. DoD, European Union, etc). In +order to point the module to an alternative endpoint, you need to adjust the +`authentication_endpoint` and `resource` variables accordingly. For example: + +[source,yaml] +---- + var.api: + # default is https://login.microsoftonline.com/ + authentication_endpoint: https://login.microsoftonline.us/ + # default is https://manage.office.com + resource: https://manage.office365.us +---- + +[float] +===== Configuration options + +*`var.application_id`*:: + +The Application ID (also known as client ID) of the Azure application. + +*`var.tenants`*:: + +A list of one or more tenant IDs and name pairs. Set the `id` field to the +tenant ID (also known as Directory ID). Set the name to the host name for the +tenant, that is, the Office 365 domain for your organization. + +*`var.client_secret`*:: + +The client-secret (api_key) used to authenticate your Azure AD application. This +option cannot be specified at the same time as the `var.certificate` option. + +*`var.certificate`*:: + +Path to the certificate file used for client authentication. This option cannot +be specified at the same time as the `var.client_secret` option. + +*`var.key`*:: + +Path to the private key file used for client authentication. + +*`var.key_passphrase`*:: + +The passphrase used to decrypt an encrypted key stored in the configured +`var.key` file. Only set this option when the key is encrypted. + +*`var.content_type`*:: + +The list of content-types to subscribe to. By default, it subscribes to all +known content-types: +- Audit.AzureActiveDirectory +- Audit.Exchange +- Audit.SharePoint +- Audit.General +- DLP.All + + +[float] +===== Advanced configuration options + +The following configuration options are only recomended in case of problems. +They must be nested under a single `var.api` key, like this: + +[source,yaml] +---- + var.api: + authentication_endpoint: https://login.microsoftonline.com/ + resource: https://manage.office.com + max_retention: 168h + poll_interval: 3m + max_requests_per_minute: 2000 + max_query_size: 24h +---- + +*`var.api.authentication_endpoint`*:: + +The authentication endpoint used to authorize the Azure app. This is +`https://login.microsoftonline.com/` by default, and can be changed to access +alternative endpoints. + +*`var.api.resource`*:: + +The API resource to retrieve information from. This is +`https://manage.office.com` by default, and can be changed to access alternative +endpoints. + +*`var.api.max_retention`*:: + +The maximum data retention period to support. `168h` by default. {beatname_uc} +will fetch all retained data for a tenant when run for the first time. The +default is 7 days. Adjust it if your tenant has a different retention period. + +*`var.api.poll_interval`*:: + +The interval to wait before polling the API server for new events. Default `3m`. + +*`var.api.max_requests_per_minute`*:: + +The maximum number of requests to perform per minute, for each tenant. The +default is `2000`, as this is the server-side limit per tenant. + +*`var.api.max_query_size`*:: + +The maximum time window that API allows in a single query. Defaults to `24h` +to match Microsoft's documented limit. + +[float] +=== Example dashboard + +This module comes with a sample dashboard: + +[role="screenshot"] +image::./images/filebeat-o365-audit.png[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/o365/_meta/fields.yml b/filebeat/module/o365/_meta/fields.yml new file mode 100644 index 00000000000..c97ac480824 --- /dev/null +++ b/filebeat/module/o365/_meta/fields.yml @@ -0,0 +1,5 @@ +- key: o365 + title: Office 365 + description: > + Module for handling logs from Office 365. + fields: diff --git a/filebeat/module/o365/_meta/kibana/7/dashboard/Filebeat-O365-Audit.json b/filebeat/module/o365/_meta/kibana/7/dashboard/Filebeat-O365-Audit.json new file mode 100644 index 00000000000..16c63c4dbce --- /dev/null +++ b/filebeat/module/o365/_meta/kibana/7/dashboard/Filebeat-O365-Audit.json @@ -0,0 +1,1051 @@ +{ + "objects": [ + { + "attributes": { + "description": "Sample dashboard for Office 365 Management Activity events", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "Total audit events" + }, + "gridData": { + "h": 6, + "i": "b6942e2a-81dc-40e4-a932-8b7a864b28bc", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "b6942e2a-81dc-40e4-a932-8b7a864b28bc", + "panelRefName": "panel_0", + "title": "Total audit events", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "Event histogram by service" + }, + "gridData": { + "h": 14, + "i": "9673e6df-4b1e-4771-b1c6-c41c9bfc7272", + "w": 38, + "x": 10, + "y": 0 + }, + "panelIndex": "9673e6df-4b1e-4771-b1c6-c41c9bfc7272", + "panelRefName": "panel_1", + "title": "Event histogram by service", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "colors": { + "alert": "#EF843C", + "event": "#7EB26D" + }, + "legendOpen": true, + "title": "Events by type", + "vis": { + "colors": { + "alert": "#E24D42", + "event": "#7EB26D" + }, + "legendOpen": true + } + }, + "gridData": { + "h": 8, + "i": "70ab7239-c65c-41da-8242-da61750745d7", + "w": 10, + "x": 0, + "y": 6 + }, + "panelIndex": "70ab7239-c65c-41da-8242-da61750745d7", + "panelRefName": "panel_2", + "title": "Events by type", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "colors": { + "failure": "#E24D42", + "success": "#629E51" + }, + "legendOpen": false, + "title": "Top users by authentication failures", + "vis": { + "colors": { + "failure": "#E24D42", + "success": "#629E51" + }, + "legendOpen": true + } + }, + "gridData": { + "h": 17, + "i": "775ced7d-7c58-44bc-8d4e-2a757d2c218c", + "w": 10, + "x": 0, + "y": 14 + }, + "panelIndex": "775ced7d-7c58-44bc-8d4e-2a757d2c218c", + "panelRefName": "panel_3", + "title": "Top users by authentication failures", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "hiddenLayers": [], + "isLayerTOCOpen": false, + "mapCenter": { + "lat": 42.68781, + "lon": -48.94209, + "zoom": 1.88 + }, + "openTOCDetails": [], + "title": "Client geolocation map" + }, + "gridData": { + "h": 17, + "i": "15fe975b-6b8b-4445-872d-e06c041e2c31", + "w": 38, + "x": 10, + "y": 14 + }, + "panelIndex": "15fe975b-6b8b-4445-872d-e06c041e2c31", + "panelRefName": "panel_4", + "title": "Client geolocation map", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "Data Loss Prevention alerts" + }, + "gridData": { + "h": 13, + "i": "481f1778-caad-4971-b598-bb61c94bf998", + "w": 48, + "x": 0, + "y": 31 + }, + "panelIndex": "481f1778-caad-4971-b598-bb61c94bf998", + "panelRefName": "panel_5", + "title": "Data Loss Prevention alerts", + "version": "7.6.0" + } + ], + "timeRestore": false, + "title": "[Filebeat o365] Audit Dashboard ECS", + "version": 1 + }, + "id": "712e2c00-685d-11ea-8d6a-292ef5d68366", + "migrationVersion": { + "dashboard": "7.3.0" + }, + "references": [ + { + "id": "0be1adb0-6860-11ea-8d6a-292ef5d68366", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "8b033510-685a-11ea-8d6a-292ef5d68366", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "d43c95a0-6864-11ea-8d6a-292ef5d68366", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "897d0c70-6869-11ea-8d6a-292ef5d68366", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "dbae13c0-685c-11ea-8d6a-292ef5d68366", + "name": "panel_4", + "type": "map" + }, + { + "id": "8b8e5a10-6886-11ea-8d6a-292ef5d68366", + "name": "panel_5", + "type": "search" + } + ], + "type": "dashboard", + "updated_at": "2020-03-17T19:40:51.528Z", + "version": "WzY3MywyXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "savedSearchRefName": "search_0", + "title": "Audit Event Count [Filebeat o365]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 40, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Audit Event Count [Filebeat o365]", + "type": "metric" + } + }, + "id": "0be1adb0-6860-11ea-8d6a-292ef5d68366", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "fdc14020-6859-11ea-8d6a-292ef5d68366", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-03-17T15:42:14.802Z", + "version": "WzU5OCwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "savedSearchRefName": "search_0", + "title": "Events Histogram [Filebeat o365]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "2020-02-05T03:25:59.045Z", + "to": "2020-02-29T10:59:01.067Z" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "series": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other", + "parsedUrl": { + "basePath": "", + "origin": "http://localhost:5601", + "pathname": "/app/kibana" + } + } + }, + "label": "event.code: Descending", + "params": {} + } + ], + "x": { + "accessor": 1, + "aggType": "date_histogram", + "format": { + "id": "date", + "params": { + "pattern": "YYYY-MM-DD HH:mm" + } + }, + "label": "@timestamp per 12 hours", + "params": { + "bounds": { + "max": "2020-02-29T10:59:01.067Z", + "min": "2020-02-05T03:25:59.045Z" + }, + "date": true, + "format": "YYYY-MM-DD HH:mm", + "interval": "PT12H", + "intervalESUnit": "h", + "intervalESValue": 12 + } + }, + "y": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "label": "Count", + "params": {} + } + ] + }, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Events Histogram [Filebeat o365]", + "type": "histogram" + } + }, + "id": "8b033510-685a-11ea-8d6a-292ef5d68366", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "fdc14020-6859-11ea-8d6a-292ef5d68366", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-03-17T14:21:07.680Z", + "version": "WzU3MSwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "savedSearchRefName": "search_0", + "title": "Audit Event Type [Filebeat o365]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.kind", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "label": "Count", + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Audit Event Type [Filebeat o365]", + "type": "pie" + } + }, + "id": "d43c95a0-6864-11ea-8d6a-292ef5d68366", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "fdc14020-6859-11ea-8d6a-292ef5d68366", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-03-17T15:34:45.498Z", + "version": "WzU5NiwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.category", + "negate": false, + "params": { + "query": "authentication" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "authentication" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top Authentication Failures [Filebeat o365]", + "uiStateJSON": { + "vis": { + "colors": { + "failure": "#E24D42", + "success": "#629E51" + }, + "legendOpen": true + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "asc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 2 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "row": true, + "size": 15 + }, + "schema": "split", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": false, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "series": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other", + "parsedUrl": { + "basePath": "", + "origin": "http://localhost:5601", + "pathname": "/app/kibana" + } + } + }, + "label": "event.outcome: Ascending", + "params": {} + } + ], + "splitRow": [ + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other", + "parsedUrl": { + "basePath": "", + "origin": "http://localhost:5601", + "pathname": "/app/kibana" + } + } + }, + "label": "user.name: Descending", + "params": {} + } + ], + "x": null, + "y": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "label": "Count", + "params": {} + } + ] + }, + "grid": { + "categoryLines": false, + "valueAxis": "" + }, + "labels": { + "show": true + }, + "legendPosition": "bottom", + "orderBucketsBySum": true, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": false, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": false, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Top Authentication Failures [Filebeat o365]", + "type": "horizontal_bar" + } + }, + "id": "897d0c70-6869-11ea-8d6a-292ef5d68366", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "fdc14020-6859-11ea-8d6a-292ef5d68366", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-03-17T17:33:41.990Z", + "version": "WzYwOCwxXQ==" + }, + { + "attributes": { + "bounds": { + "coordinates": [ + [ + [ + -52.43037, + 65.94892 + ], + [ + -52.43037, + -22.98633 + ], + [ + 85.77811, + -22.98633 + ], + [ + 85.77811, + 65.94892 + ], + [ + -52.43037, + 65.94892 + ] + ] + ], + "type": "Polygon" + }, + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"0b910b6c-77c8-4223-892a-1ebf69b0ccb4\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"type\":\"ES_GEO_GRID\",\"id\":\"3ba31ffc-7051-44bf-96a0-a684020cd2a3\",\"geoField\":\"source.geo.location\",\"requestType\":\"point\",\"resolution\":\"FINE\",\"applyGlobalQuery\":true,\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFF\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":0}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":8,\"maxSize\":32,\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"}}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbol\":{\"options\":{\"symbolizeAs\":\"circle\",\"symbolId\":\"airfield\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"acc53b7b-3411-406b-9371-6fa62b6b9365\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\"}]", + "mapStateJSON": "{\"zoom\":2.88,\"center\":{\"lon\":16.67387,\"lat\":30.87292},\"timeFilters\":{\"from\":\"2020-02-05T03:25:59.045Z\",\"to\":\"2020-02-29T10:59:01.067Z\"},\"refreshConfig\":{\"isPaused\":false,\"interval\":0},\"query\":{\"query\":\"event.dataset:\\\"o365.audit\\\" \",\"language\":\"kuery\"},\"filters\":[]}", + "title": "Client Geo Map [Filebeat o365 audit]", + "uiStateJSON": { + "isLayerTOCOpen": true, + "openTOCDetails": [] + } + }, + "id": "dbae13c0-685c-11ea-8d6a-292ef5d68366", + "migrationVersion": { + "map": "7.6.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "type": "map", + "updated_at": "2020-03-17T14:45:09.571Z", + "version": "WzU4NCwxXQ==" + }, + { + "attributes": { + "columns": [ + "event.category", + "event.type", + "event.action", + "event.outcome", + "user.name", + "file.name", + "rule.name" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "o365.audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "o365.audit" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.kind", + "negate": false, + "params": { + "query": "alert" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.kind": "alert" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "ComplianceDLPSharePoint", + "ComplianceDLPExchange" + ], + "type": "phrases", + "value": "ComplianceDLPSharePoint, ComplianceDLPExchange" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "ComplianceDLPSharePoint" + } + }, + { + "match_phrase": { + "event.code": "ComplianceDLPExchange" + } + } + ] + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Data Loss Prevention [Filebeat o365]", + "version": 1 + }, + "id": "8b8e5a10-6886-11ea-8d6a-292ef5d68366", + "migrationVersion": { + "search": "7.4.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2020-03-17T19:36:06.449Z", + "version": "WzY3MCwyXQ==" + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset:\"o365.audit\" " + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Audit Events [Filebeat O365]", + "version": 1 + }, + "id": "fdc14020-6859-11ea-8d6a-292ef5d68366", + "migrationVersion": { + "search": "7.4.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2020-03-17T14:17:10.688Z", + "version": "WzU2OSwxXQ==" + } + ], + "version": "7.6.0" +} diff --git a/filebeat/module/o365/audit/_meta/fields.yml b/filebeat/module/o365/audit/_meta/fields.yml new file mode 100644 index 00000000000..7d3311fb20c --- /dev/null +++ b/filebeat/module/o365/audit/_meta/fields.yml @@ -0,0 +1,294 @@ + - name: o365.audit + type: group + default_field: false + description: > + Fields from Office 365 Management API audit logs. + fields: + - name: Actor + type: array + fields: + - name: ID + type: keyword + + - name: Type + type: keyword + + - name: ActorContextId + type: keyword + + - name: ActorIpAddress + type: keyword + + - name: ActorUserId + type: keyword + + - name: ActorYammerUserId + type: keyword + + - name: AlertEntityId + type: keyword + + - name: AlertId + type: keyword + + - name: AlertLinks + type: array + + - name: AlertType + type: keyword + + - name: AppId + type: keyword + + - name: ApplicationDisplayName + type: keyword + + - name: ApplicationId + type: keyword + + - name: AzureActiveDirectoryEventType + type: keyword + + - name: ExchangeMetaData.* + type: object + + - name: Category + type: keyword + + - name: ClientAppId + type: keyword + + - name: ClientInfoString + type: keyword + + - name: ClientIP + type: keyword + + - name: ClientIPAddress + type: keyword + + - name: Comments + type: text + norms: false + + - name: CorrelationId + type: keyword + + - name: CreationTime + type: keyword + + - name: CustomUniqueId + type: keyword + + - name: Data + type: keyword + + - name: DataType + type: keyword + + - name: EntityType + type: keyword + + - name: EventData + type: keyword + + - name: EventSource + type: keyword + + - name: ExceptionInfo.* + type: object + + - name: ExtendedProperties.* + type: object + + - name: ExternalAccess + type: keyword + + - name: GroupName + type: keyword + + - name: Id + type: keyword + + - name: ImplicitShare + type: keyword + + - name: IncidentId + type: keyword + + - name: InternalLogonType + type: keyword + + - name: InterSystemsId + type: keyword + + - name: IntraSystemId + type: keyword + + - name: Item.* + type: object + + - name: Item.*.* + type: object + + - name: ItemName + type: keyword + + - name: ItemType + type: keyword + + - name: ListId + type: keyword + + - name: ListItemUniqueId + type: keyword + + - name: LogonError + type: keyword + + - name: LogonType + type: keyword + + - name: LogonUserSid + type: keyword + + - name: MailboxGuid + type: keyword + + - name: MailboxOwnerMasterAccountSid + type: keyword + + - name: MailboxOwnerSid + type: keyword + + - name: MailboxOwnerUPN + type: keyword + + - name: Members + type: array + + - name: Members.* + type: object + + - name: ModifiedProperties.*.* + type: object + + - name: Name + type: keyword + + - name: ObjectId + type: keyword + + - name: Operation + type: keyword + + - name: OrganizationId + type: keyword + + - name: OrganizationName + type: keyword + + - name: OriginatingServer + type: keyword + + - name: Parameters.* + type: object + + - name: PolicyDetails + type: array + + - name: PolicyId + type: keyword + + - name: RecordType + type: keyword + + - name: ResultStatus + type: keyword + + - name: SensitiveInfoDetectionIsIncluded + type: keyword + + - name: SharePointMetaData.* + type: object + + - name: SessionId + type: keyword + + - name: Severity + type: keyword + + - name: Site + type: keyword + + - name: SiteUrl + type: keyword + + - name: Source + type: keyword + + - name: SourceFileExtension + type: keyword + + - name: SourceFileName + type: keyword + + - name: SourceRelativeUrl + type: keyword + + - name: Status + type: keyword + + - name: SupportTicketId + type: keyword + + - name: Target + type: array + fields: + - name: ID + type: keyword + + - name: Type + type: keyword + + - name: TargetContextId + type: keyword + + - name: TargetUserOrGroupName + type: keyword + + - name: TargetUserOrGroupType + type: keyword + + - name: TeamName + type: keyword + + - name: TeamGuid + type: keyword + + - name: UniqueSharingId + type: keyword + + - name: UserAgent + type: keyword + + - name: UserId + type: keyword + + - name: UserKey + type: keyword + + - name: UserType + type: keyword + + - name: Version + type: keyword + + - name: WebId + type: keyword + + - name: Workload + type: keyword + + - name: YammerNetworkId + type: keyword diff --git a/filebeat/module/o365/audit/config/input.yml b/filebeat/module/o365/audit/config/input.yml new file mode 100644 index 00000000000..93fe560ddc5 --- /dev/null +++ b/filebeat/module/o365/audit/config/input.yml @@ -0,0 +1,62 @@ +{{ if eq .input "o365audit" }} + +type: o365audit +{{ if .application_id }}application_id: {{ .application_id }}{{ end }} +tenant_id: +{{ range .tenants }} + - {{ .id }} +{{ end }} +{{ if .certificate }}certificate: {{ .certificate }}{{ end }} +{{ if .key }}key: {{ .key }}{{ end }} +{{ if .key_passphrase }}key_passphrase: {{ .key_passphrase }}{{ end }} +{{ if .client_secret }}client_secret: {{ .client_secret }}{{ end }} +{{ if eq "string" (printf "%T" .content_type) }} +content_type: {{ .content_type }} +{{ else }} +content_type: +{{ range .content_type }} + - {{ . }} +{{ end }} +{{ end }} +{{ if .api }} +api: +{{ range $k, $v := .api }} + - {{ $k }}: {{ $v -}} +{{ end }} +{{ end }} + +{{ else if eq .input "file" }} + +type: log +paths: +{{ range .paths }} + - {{ . }} +{{ end }} +exclude_files: [".gz$"] +json.add_error_key: true + +{{ end }} + +processors: +{{ if eq .input "file" }} + - rename: + fields: + - from: json + to: o365audit + - timestamp: + field: o365audit.CreationTime + layouts: + - 2006-01-02T15:04:05 +{{ end }} + - script: + lang: javascript + id: o365audit_script + file: ${path.home}/module/o365/audit/config/pipeline.js + params: + debug: false + tenants: + {{ range .tenants }} + - id: "{{ .id }}" + name: "{{ .name }}" + {{ end }} + diff --git a/filebeat/module/o365/audit/config/pipeline.js b/filebeat/module/o365/audit/config/pipeline.js new file mode 100644 index 00000000000..679330a494b --- /dev/null +++ b/filebeat/module/o365/audit/config/pipeline.js @@ -0,0 +1,852 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +var processor = require("processor"); +var console = require("console"); + +// PipelineBuilder to aid debugging of pipelines during development. +function PipelineBuilder(pipelineName, debug) { + this.pipeline = new processor.Chain(); + this.add = function (processor) { + this.pipeline = this.pipeline.Add(processor); + }; + this.Add = function (name, processor) { + this.add(processor); + if (debug) { + this.add(makeLogEvent("after " + pipelineName + "/" + name)); + } + }; + this.Build = function () { + if (debug) { + this.add(makeLogEvent(pipelineName + "processing done")); + } + return this.pipeline.Build(); + }; + if (debug) { + this.add(makeLogEvent(pipelineName + ": begin processing event")); + } +} + +function appendFields(options) { + return function(evt) { + options.fields.forEach(function (key) { + var value = evt.Get(key); + if (value != null) evt.AppendTo(options.to, value); + }); + } +} + +// logEvent(msg) +// +// Processor that logs the current value of evt to console.debug. +function makeLogEvent(msg) { + return function (evt) { + console.debug(msg + " :" + JSON.stringify(evt, null, 4)); + }; +} + +// makeConditional({condition:expr, result1:processor|expr, [...]}) +// +// Processor that selects which processor to run depending on the result of +// evaluating a _condition_. Result can be boolean (if-else equivalent) or any +// other value (switch equivalent). Unspecified values are a no-op. +function makeConditional(options) { + return function (evt) { + var branch = options[options.condition(evt)] || function(evt){}; + return (typeof branch === "function" ? branch : branch.Run)(evt); + }; +} + +// makeMapper({from:field, to:field, default:value mappings:{orig: new, [...]}}) +// +// Processor that sets the `to` field by mapping of `from` field's value. +function makeMapper(options) { + return function (evt) { + var key = evt.Get(options.from); + if (key == null && options.skip_missing) return; + if (options.lowercase && typeof key == "string") { + key = key.toLowerCase(); + } + var value = options.default; + if (key in options.mappings) { + value = options.mappings[key]; + } else if (typeof value === "function") { + value = value(key); + } + if (value != null) { + evt.Put(options.to, value); + } + }; +} + +// Makes sure a name can be used as a field in the output document. +function validFieldName(s) { + return s.replace(/[\ \.]/g, '_') +} + +/* Turns a `common.NameValuePair` array into an object. Multiple-value fields + are stored as arrays. + input (a NameValuePair array): + from_field: [ + {Name: name1, Value: value1}, + {Name: name2, Value: value2}, + {Name: name2, Value: value2b}, + [...] + {Name: nameN, Value: valueN} + ] + + output (an object): + to_field: { + name1: value1, + name2: [value2, value2b], + [...] + nameN: valueN + } +*/ +function makeObjFromNameValuePairArray(options) { + return function(evt) { + var src = evt.Get(options.from); + var dict = {}; + if (src == null || !(src instanceof Array)) return; + for (var i=0; i < src.length; i++) { + var name, value; + if (src[i] == null + || (name=src[i].Name) == null + || (value=src[i].Value) == null) continue; + name = validFieldName(name); + if (name in dict) { + if (dict[name] instanceof Array) { + dict[name].push(value); + } else { + dict[name] = [value]; + } + } else { + dict[name] = value; + } + } + evt.Put(options.to, dict); + } +} + +/* Converts a Common.ModifiedProperty array into an object. + input: + from_field: [ + {Name: name1, OldValue: old1, NewValue: new1}, + {Name: name2, OldValue: old2, NewValue: new2}, + {Name: name2, OldValue: old2b, NewValue: new2b}, + [...] + {Name: nameN, OldValue: oldN, NewValue: newN}, + ], + + output: + to_field: { + name1: { OldValue: old1, NewValue: new1 }, + name2: { OldValue: [old2, old2b], NewValue: [new2, new2b] }, + [...] + nameN: { OldValue: oldN, NewValue: newN } + } + */ +function makeDictFromModifiedPropertyArray(options) { + return function(evt) { + var src = evt.Get(options.from); + var dict = {}; + if (src == null || !(src instanceof Array)) return; + for (var i=0; i < src.length; i++) { + var name, newValue, oldValue; + if (src[i] == null + || (name=src[i].Name) == null + || (newValue=src[i].NewValue) == null + || (oldValue=src[i].OldValue)) continue; + name = validFieldName(name); + if (name in dict) { + if (dict[name].NewValue instanceof Array) { + dict[name].NewValue.push(newValue); + dict[name].OldValue.push(oldValue); + } else { + dict[name].NewValue = [newValue]; + dict[name].OldValue = [oldValue]; + } + } else { + dict[name] = { + NewValue: newValue, + OldValue: oldValue, + }; + } + } + evt.Put(options.to, dict); + } +} + +function exchangeAdminSchema(debug) { + var builder = new PipelineBuilder("o365.audit.ExchangeAdmin", debug); + builder.Add("saveFields", new processor.Convert({ + fields: [ + {from: 'o365audit.OrganizationName', to: 'organization.name'}, + {from: 'o365audit.OriginatingServer', to: 'server.address'}, + ], + ignore_missing: true, + fail_on_error: false + })); + return builder.Build(); +} + +function azureADLogonSchema(debug) { + var builder = new PipelineBuilder("o365.audit.AzureActiveDirectory", debug); + builder.Add("setEventAuthFields", function(evt){ + evt.Put("event.category", "authentication"); + var outcome = evt.Get("event.outcome"); + // As event.type is an array, this sets both the traditional + // "authentication_success"/"authentication_failure" + // and the ECS standard "start". + var types = ["start"]; + if (outcome != null && outcome !== "unknown") { + types.push("authentication_" + outcome); + } + evt.Put("event.type", types); + }); + return builder.Build(); +} + +function sharePointFileOperationSchema(debug) { + var builder = new PipelineBuilder("o365.audit.SharePointFileOperation", debug); + builder.Add("saveFields", new processor.Convert({ + fields: [ + {from: 'o365audit.ObjectId', to: 'url.original'}, + {from: 'o365audit.SourceRelativeUrl', to: 'file.directory'}, + {from: 'o365audit.SourceFileName', to: 'file.name'}, + {from: 'o365audit.SourceFileExtension', to: 'file.extension'}, + ], + ignore_missing: true, + fail_on_error: false + })); + builder.Add("setEventCategory", new processor.AddFields({ + target: 'event', + fields: { + category: 'file', + }, + })); + builder.Add("mapEventType", makeMapper({ + from: 'o365audit.Operation', + to: 'event.type', + mappings: { + 'FileAccessed': 'access', + 'FileDeleted': 'deletion', + 'FileDownloaded': 'access', + 'FileModified': 'change', + 'FileMoved': 'change', + 'FileRenamed': 'change', + 'FileRestored': 'change', + 'FileUploaded': 'creation', + 'FolderCopied': 'creation', + 'FolderCreated': 'creation', + 'FolderDeleted': 'deletion', + 'FolderModified': 'change', + 'FolderMoved': 'change', + 'FolderRenamed': 'change', + 'FolderRestored': 'change', + }, + })); + return builder.Build(); +} + +function exchangeMailboxSchema(debug) { + var builder = new PipelineBuilder("o365.audit.SharePointFileOperation", debug); + builder.Add("saveFields", new processor.Convert({ + fields: [ + {from: 'o365audit.MailboxOwnerUPN', to: 'user.email'}, + {from: 'o365audit.LogonUserSid', to: 'user.id', type: 'string'}, + {from: 'o365audit.LogonUserDisplayName', to: 'user.full_name'}, + {from: 'o365audit.OrganizationName', to: 'organization.name'}, + {from: 'o365audit.OriginatingServer', to: 'server.address'}, + {from: 'o365audit.ClientIPAddress', to: 'client.address'}, + {from: 'o365audit.ClientProcessName', to: 'process.name'}, + ], + ignore_missing: true, + fail_on_error: false + })); + return builder.Build(); +} + +function dataLossPreventionSchema(debug) { + var builder = new PipelineBuilder("o365.audit.DLP", debug); + builder.Add("setEventFields", new processor.AddFields({ + target: 'event', + fields: { + kind: 'alert', + category: 'file', + type: 'access', + }, + })); + + builder.Add("saveFields", new processor.Convert({ + fields: [ + // SharePoint metadata + {from: 'o365audit.SharePointMetaData.From', to: 'user.id'}, + {from: 'o365audit.SharePointMetaData.FileName', to: 'file.name'}, + {from: 'o365audit.SharePointMetaData.FilePathUrl', to: 'url.original'}, + {from: 'o365audit.SharePointMetaData.UniqueId', to: 'file.inode'}, + {from: 'o365audit.SharePointMetaData.UniqueID', to: 'file.inode'}, + {from: 'o365audit.SharePointMetaData.FileOwner', to: 'file.owner'}, + + // Exchange metadata + {from: 'o365audit.ExchangeMetaData.From', to: 'source.user.email'}, + {from: 'o365audit.ExchangeMetaData.Subject', to: 'message'}, + + // Policy details + {from: 'o365audit.PolicyId', to: 'rule.id'}, + {from: 'o365audit.PolicyName', to: 'rule.name'}, + ], + ignore_missing: true, + fail_on_error: false + })); + + builder.Add("setMTime", new processor.Timestamp({ + field: "o365audit.SharePointMetaData.LastModifiedTime", + target_field: "file.mtime", + layouts: [ + "2006-01-02T15:04:05", + "2006-01-02T15:04:05Z", + ], + ignore_missing: true, + ignore_failure: true, + })); + + builder.Add("appendDestinationEmails", function(evt) { + var list = []; + var fields = [ + 'o365audit.ExchangeMetaData.To', + 'o365audit.ExchangeMetaData.CC', + 'o365audit.ExchangeMetaData.BCC', + ]; + for (var i=0; i 1) { + evt.Put("destination.user.email", list); + } + }); + + // ExceptionInfo is documented as string but has been observed to be an object. + builder.Add("fixExceptionInfo", function(evt) { + var key = "o365audit.ExceptionInfo"; + var eInfo = evt.Get(key); + if (eInfo == null) return; + if (typeof eInfo === "string") { + if (eInfo === "") { + evt.Delete(key); + } else { + evt.Put(key, { + Reason: eInfo, + }); + } + } + }); + + builder.Add("extractRules", function(evt) { + var policies = evt.Get("o365audit.PolicyDetails"); + if (policies == null) return; + // rule.id will be an array of all rules' IDs. + var ruleIds = []; + // rule.name will be an array of all rules' names. + var ruleNames = []; + // event.severity will be the higher severity seen. + var maxSeverity = -1; + // event.outcome will determine if access to sensitive data was allowed. + // Either because the rules were configured to only alert or because + // the alert was overridden by the user. + var allowed = true; + for (var i = 0; i < policies.length; i++) { + var rules = policies[i].Rules; + if (rules == null) continue; + for (var j = 0; j < rules.length; j++) { + var rule = rules[j]; + var id = rule.RuleId; + var name = rule.RuleName; + var sev = severityToCode(rule.Severity); + if (id != null && name != null) { + ruleIds.push(id); + ruleNames.push(name); + } + if (sev > maxSeverity) maxSeverity = sev; + if (allowed) { + if (rule.Actions != null && rule.Actions.indexOf("BlockAccess") > -1) { + allowed = false; + } + } + } + } + if (ruleIds.length === 1) { + evt.Put("rule.id", ruleIds[0]); + evt.Put("rule.name", ruleNames[0]); + } else if (ruleIds.length > 0) { + evt.Put("rule.id", ruleIds); + evt.Put("rule.name", ruleNames); + } + if (maxSeverity > -1) { + evt.Put("event.severity", maxSeverity); + } + evt.Put("event.outcome", (allowed || isBlockOverride(evt))? "success" : "failure"); + }); + return builder.Build(); +} + +// Numeric mapping for o365 mgmt API severities. +function severityToCode(str) { + if (str == null) return -1; + switch (str.toLowerCase()) { + case 'informational': return 1; // undocumented severity. + case 'low': return 2; + case 'medium': return 3; + case 'high': return 4; + default: return -1; + } +} + +// Was a DLP alert overridden with an exception? +function isBlockOverride(evt) { + switch (evt.Get("o365audit.Operation").toLowerCase()) { + // Undo means the block was undone via change of policy or override. + case "dlpruleundo": return true; + // Info means it was detected as a false positive but no action taken. + case "dlpinfo": return false; + } + // It's not clear to me the format of ExceptionInfo. It could be an object + // or a string containing a JSON object. Assume that if present, an exception + // is made. + var exInfo = evt.Get('o365audit.ExceptionInfo'); + return exInfo != null && exInfo !== ""; +} + +function yammerSchema(debug) { + var builder = new PipelineBuilder("o365.audit.Yammer", debug); + builder.Add("saveFields", new processor.Convert({ + fields: [ + {from: 'o365audit.ActorUserId', to: 'user.email'}, + {from: 'o365audit.ActorYammerUserId', to: 'user.id', type: 'string'}, + {from: 'o365audit.FileId', to:'file.inode'}, + {from: 'o365audit.FileName', to: 'file.name'}, + {from: 'o365audit.GroupName', to: 'group.name'}, + {from: 'o365audit.TargetUserId', to: 'destination.user.email'}, + {from: 'o365audit.TargetYammerUserId', to: 'destination.user.id'}, + ], + ignore_missing: true, + fail_on_error: false + })); + + var actionToCategoryType = { + // Network or verified admin changes the information that appears on + // member profiles for network users network. + ProcessProfileFields: [ "iam", "user"], + // Verified admin updates the Yammer network's security configuration. + // This includes setting password expiration policies and restrictions + // on IP addresses. + NetworkSecurityConfigurationUpdated: [ "iam", "admin"], + // User uploads a file. + FileCreated: [ "file", "creation"], + // User creates a group. + GroupCreation: [ "iam", ["group", "creation"] ], + // A group is deleted from Yammer. + GroupDeletion: [ "iam", ["group", "deletion"] ], + // User downloads a file. + FileDownloaded: [ "file", "access"], + // User shares a file with another user. + FileShared: [ "file", "access"], + // Network or verified admin suspends (deactivates) a user from Yammer. + NetworkUserSuspended: [ "iam", "user"], + // User account is suspended (deactivated). + UserSuspension: [ "iam", "user"], + // User changes the description of a file. + FileUpdateDescription: [ "file", "access"], + // User changes the name of a file. + FileUpdateName: [ "file", "creation"], + // User views a file. + FileVisited: [ "file", "access"], + }; + + builder.Add("setEventFields", function(evt) { + var action = evt.Get("event.action"); + if (action == null) return; + var fields = actionToCategoryType[action]; + if (fields == null) return; + evt.Put("event.category", fields[0]); + evt.Put("event.type", fields[1]); + }); + return builder.Build(); +} + +function securityComplianceAlertsSchema(debug) { + var builder = new PipelineBuilder("o365.audit.SecurityComplianceAlerts", debug); + builder.Add("saveFields", new processor.Convert({ + fields: [ + {from: 'o365audit.Comments', to: 'message'}, + {from: 'o365audit.Name', to: 'rule.name'}, + {from: 'o365audit.PolicyId', to: 'rule.id'}, + {from: 'o365audit.Category', to: 'rule.category'}, + {from: 'o365audit.EntityType', to: 'rule.ruleset'}, + // This contains the entity that triggered the alert. + // Name of a malware or email address. + // Need to find a better ECS field for it. + {from: 'o365audit.AlertEntityId', to: 'rule.description'}, + {from: 'o365audit.AlertLinks', to: 'rule.reference'}, + ], + ignore_missing: true, + fail_on_error: false + })); + builder.Add("setEventFields", new processor.AddFields({ + target: 'event', + fields: { + kind: 'alert', + category: 'web', + type: 'info', + }, + })); + // event.severity is numeric. + builder.Add("mapSeverity", function(evt) { + var sev = severityToCode(evt.Get("o365audit.Severity")); + if (sev >= 0) { + evt.Put("event.severity", sev); + } + }); + builder.Add("mapCategory", makeMapper({ + from: 'o365audit.Category', + to: 'event.category', + default: 'authentication', + lowercase: true, + mappings: { + 'accessgovernance': 'authentication', + 'datagovernance': 'file', + 'datalossprevention': 'file', + 'threatmanagement': 'malware', + }, + })); + builder.Add("saveEntity", makeConditional({ + condition: function(evt) { + return evt.Get("o365audit.EntityType"); + }, + 'User': new processor.Convert({ + fields: [ + {from: "o365audit.AlertEntityId", to: "user.id", type: 'string'}, + ], + ignore_missing: true, + fail_on_error: false + }), + 'Recipients': new processor.Convert({ + fields: [ + {from: "o365audit.AlertEntityId", to: "user.email"}, + ], + ignore_missing: true, + fail_on_error: false + }), + 'Sender': new processor.Convert({ + fields: [ + {from: "o365audit.AlertEntityId", to: "user.email"}, + ], + ignore_missing: true, + fail_on_error: false + }), + 'MalwareFamily': new processor.Convert({ + fields: [ + {from: "o365audit.AlertEntityId", to: "threat.technique.id"}, + ], + ignore_missing: true, + fail_on_error: false + }), + })); + return builder.Build(); +} + +function AuditProcessor(tenant_names, debug) { + var builder = new PipelineBuilder("o365.audit", debug); + + var unsetIPValues = {"null": true, "": true, "": true}; + builder.Add("cleanupNulls", function(event) { + [ + "o365audit.ClientIP", + "o365audit.ClientIPAddress", + "o365audit.ActorIpAddress", + "o365audit.OriginatingServer" + ].forEach(function(field) { + if (event.Get(field) in unsetIPValues) event.Delete(field); + }); + }); + builder.Add("convertCommonAuditRecordFields", new processor.Convert({ + fields: [ + {from: "o365audit.Id", to: "event.id"}, + {from: "o365audit.ClientIP", to: "client.address"}, + {from: "o365audit.ClientIPAddress", to: "client.address"}, + {from: "o365audit.ActorIpAddress", to: "client.address"}, + {from: "o365audit.UserId", to: "user.id", type: "string"}, + {from: "o365audit.Workload", to: "event.provider"}, + {from: "o365audit.Operation", to: "event.action"}, + {from: "o365audit.OrganizationId", to: "organization.id"}, + // Extra common fields: + {from: "o365audit.UserAgent", to: "user_agent.original"}, + ], + ignore_missing: true, + fail_on_error: false + })); + builder.Add("mapEventType", makeMapper({ + from: 'o365audit.RecordType', + to: 'event.code', + // Keep original RecordType for unknown mappings. + default: function(recordType) { + return recordType; + }, + mappings: { + 1: 'ExchangeAdmin', // Events from the Exchange admin audit log. + 2: 'ExchangeItem', // Events from an Exchange mailbox audit log for actions that are performed on a single item, such as creating or receiving an email message. + 3: 'ExchangeItemGroup', // Events from an Exchange mailbox audit log for actions that can be performed on multiple items, such as moving or deleted one or more email messages. + 4: 'SharePoint', // SharePoint events. + 6: 'SharePointFileOperation', // SharePoint file operation events. + 8: 'AzureActiveDirectory', // Azure Active Directory events. + 9: 'AzureActiveDirectoryAccountLogon', // Azure Active Directory OrgId logon events (deprecating). + 10: 'DataCenterSecurityCmdlet', // Data Center security cmdlet events. + 11: 'ComplianceDLPSharePoint', // Data loss protection (DLP) events in SharePoint and OneDrive for Business. + 12: 'Sway', // Events from the Sway service and clients. + 13: 'ComplianceDLPExchange', // Data loss protection (DLP) events in Exchange, when configured via Unified DLP Policy. DLP events based on Exchange Transport Rules are not supported. + 14: 'SharePointSharingOperation', // SharePoint sharing events. + 15: 'AzureActiveDirectoryStsLogon', // Secure Token Service (STS) logon events in Azure Active Directory. + 18: 'SecurityComplianceCenterEOPCmdlet', // Admin actions from the Security & Compliance Center. + 20: 'PowerBIAudit', // Power BI events. + 21: 'CRM', // Microsoft CRM events. + 22: 'Yammer', // Yammer events. + 23: 'SkypeForBusinessCmdlets', // Skype for Business events. + 24: 'Discovery', // Events for eDiscovery activities performed by running content searches and managing eDiscovery cases in the Security & Compliance Center. + 25: 'MicrosoftTeams', // Events from Microsoft Teams. + 28: 'ThreatIntelligence', // Phishing and malware events from Exchange Online Protection and Office 365 Advanced Threat Protection. + 30: 'MicrosoftFlow', // Microsoft Power Automate (formerly called Microsoft Flow) events. + 31: 'AeD', // Advanced eDiscovery events. + 32: 'MicrosoftStream', // Microsoft Stream events. + 33: 'ComplianceDLPSharePointClassification', // Events related to DLP classification in SharePoint. + 35: 'Project', // Microsoft Project events. + 36: 'SharePointListOperation', // SharePoint List events. + 38: 'DataGovernance', // Events related to retention policies and retention labels in the Security & Compliance Center + 40: 'SecurityComplianceAlerts', // Security and compliance alert signals. + 41: 'ThreatIntelligenceUrl', // Safe links time-of-block and block override events from Office 365 Advanced Threat Protection. + 42: 'SecurityComplianceInsights', // Events related to insights and reports in the Office 365 security and compliance center. + 44: 'WorkplaceAnalytics', // Workplace Analytics events. + 45: 'PowerAppsApp', // Power Apps events. + 47: 'ThreatIntelligenceAtpContent', // Phishing and malware events for files in SharePoint, OneDrive for Business, and Microsoft Teams from Office 365 Advanced Threat Protection. + 49: 'TeamsHealthcare', // Events related to the Patients application in Microsoft Teams for Healthcare. + 52: 'DataInsightsRestApiAudit', // Data Insights REST API events. + 54: 'SharePointListItemOperation', // SharePoint list item events. + 55: 'SharePointContentTypeOperation', // SharePoint list content type events. + 56: 'SharePointFieldOperation', // SharePoint list field events. + 64: 'AirInvestigation', // Automated incident response (AIR) events. + 66: 'MicrosoftForms', // Microsoft Forms events. + }, + })); + + builder.Add("setEventFields", new processor.AddFields({ + target: 'event', + fields: { + kind: 'event', + type: 'info', + // Not so sure about web as a default category: + category: 'web', + }, + })); + + builder.Add("mapEventOutcome", makeMapper({ + from: 'o365audit.ResultStatus', + to: 'event.outcome', + lowercase: true, + default: 'success', + mappings: { + 'success': 'success', // This one is necessary to map Success + 'succeeded': 'success', + 'partiallysucceeded': 'success', + 'true': 'success', + 'failed': 'failure', + 'false': 'failure', + }, + })); + + builder.Add("makeParametersDict", makeObjFromNameValuePairArray({ + from: 'o365audit.Parameters', + to: 'o365audit.Parameters', + })); + + builder.Add("makeExtendedPropertiesDict", makeObjFromNameValuePairArray({ + from: 'o365audit.ExtendedProperties', + to: 'o365audit.ExtendedProperties', + })); + + builder.Add("makeModifiedPropertyDict", makeDictFromModifiedPropertyArray({ + from: 'o365audit.ModifiedProperties', + to: 'o365audit.ModifiedProperties', + })); + + // Turn AlertLinks into an array of keyword instead of array of objects. + builder.Add("alertLinks", function (evt) { + var list = evt.Get("o365audit.AlertLinks"); + if (list == null || !(list instanceof Array)) return; + var links = []; + for (var i=0; i 0) { + links.push(link); + } + } + switch (links.length) { + case 0: + evt.Delete('o365audit.AlertLinks'); + break; + case 1: + evt.Put("o365audit.AlertLinks", links[0]); + break; + default: + evt.Put("o365audit.AlertLinks", links); + } + }); + + // Populate event specific fields. + var dlp = dataLossPreventionSchema(debug); + builder.Add("productSpecific", makeConditional({ + condition: function(event) { + return event.Get("event.code"); + }, + 'ExchangeAdmin': exchangeAdminSchema(debug).Run, + 'ExchangeItem': exchangeMailboxSchema(debug).Run, + 'AzureActiveDirectoryStsLogon': azureADLogonSchema(debug).Run, + 'SharePointFileOperation': sharePointFileOperationSchema(debug).Run, + 'SecurityComplianceAlerts': securityComplianceAlertsSchema(debug).Run, + 'ComplianceDLPSharePoint': dlp.Run, + 'ComplianceDLPExchange': dlp.Run, + 'Yammer': yammerSchema(debug).Run, + })); + + builder.Add("extractClientIPv4Port", new processor.Dissect({ + tokenizer: '%{ip}:%{port}', + field: 'client.address', + target_prefix: 'client', + 'when.and': [ + {'contains.client.address': '.'}, + {'contains.client.address': ':'}, + ], + })); + builder.Add("extractClientIPv6Port", new processor.Dissect({ + tokenizer: '[%{ip}]:%{port}', + field: 'client.address', + target_prefix: 'client', + 'when.and': [ + {'contains.client.address': '['}, + {'contains.client.address': ':'}, + ], + })); + + // Copy the client/server.address to .ip fields if they are valid IPs. + builder.Add("convertIPs", new processor.Convert({ + fields: [ + {from: "client.address", to: "client.ip", type: "ip"}, + {from: "server.address", to: "server.ip", type: "ip"}, + ], + ignore_missing: true, + fail_on_error: false + })); + + builder.Add("setSrcDstFields", new processor.Convert({ + fields: [ + {from: "client.ip", to: "source.ip"}, + {from: "client.port", to: "source.port"}, + {from: "server.ip", to: "destination.ip"}, + ], + ignore_missing: true, + fail_on_error: false + })); + + builder.Add("setUserFieldsFromId", new processor.Dissect({ + tokenizer: "%{name}@%{domain}", + field: "user.id", + target_prefix: "user", + 'when.contains.user.id': '@', + })); + + builder.Add("setNetworkType", function(event) { + var ip = event.Get("client.ip"); + if (ip == null) return; + event.Put("network.type", ip.indexOf(".") !== -1? "ipv4" : "ipv6"); + }); + + builder.Add("setRelatedIP", appendFields({ + fields: [ + "client.ip", + "server.ip", + ], + to: 'related.ip' + })); + + builder.Add("setRelatedUser", appendFields({ + fields: [ + "user.name", + "file.owner", + ], + to: 'related.user' + })); + + // Set user-agent from an alternative location. + builder.Add("altUserAgent", function(evt) { + var ext = evt.Get("o365audit.ExtendedProperties.UserAgent"); + if (ext != null) evt.Put("user_agent.original", ext); + }); + + // Set host.name to the O365 tenant. This is necessary to aggregate events + // in SIEM app based on the tenant instead of the host where Filebeat is + // running. + builder.Add("setHostName", function(evt) { + var value; + if ((value=evt.Get("organization.id"))!=null) { + value = value.toLowerCase(); + evt.Put("host.id", value); + // Use tenant name provided in the configuration. + if (value in tenant_names && value !== "") { + evt.Put("organization.name", value); + evt.Put("host.name", tenant_names[value]); + return; + } + } + if ((value=evt.Get("organization.name"))!=null || + (value=evt.Get("user.domain")) != null ) { + evt.Put("host.name", value); + } + }); + + builder.Add("saveRaw", new processor.Convert({ + fields: [ + {from: "o365audit", to: "o365.audit"}, + ], + mode: "rename" + })); + + var chain = builder.Build(); + return { + process: chain.Run + }; +} + + +var audit; + +// Register params from configuration. +function register(params) { + var tenant_names = {}; + if (params.tenants != null) { + for (var i = 0; i < params.tenants.length; i++) { + tenant_names[params.tenants[i].id] = params.tenants[i].name.toLowerCase(); + } + } + audit = new AuditProcessor(tenant_names, params.debug); +} + +function process(evt) { + return audit.process(evt); +} diff --git a/filebeat/module/o365/audit/ingest/pipeline.yml b/filebeat/module/o365/audit/ingest/pipeline.yml new file mode 100644 index 00000000000..98fd4f0ff58 --- /dev/null +++ b/filebeat/module/o365/audit/ingest/pipeline.yml @@ -0,0 +1,33 @@ +description: Pipeline for Office 365 Audit logs + +processors: + - user_agent: + field: user_agent.original + ignore_missing: true + # IP Geolocation Lookup + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/o365/audit/manifest.yml b/filebeat/module/o365/audit/manifest.yml new file mode 100644 index 00000000000..a00b9626619 --- /dev/null +++ b/filebeat/module/o365/audit/manifest.yml @@ -0,0 +1,21 @@ +module_version: 1.0 + +var: + - name: input + default: o365audit + - name: certificate + - name: key + - name: key_passphrase + - name: application_id + - name: client_secret + - name: tenants + - name: content_type + - name: api +ingest_pipeline: ingest/pipeline.yml +input: config/input.yml + +requires.processors: + - name: geoip + plugin: ingest-geoip + - name: user_agent + plugin: ingest-user_agent diff --git a/filebeat/module/o365/audit/test/01-exchange-admin.log b/filebeat/module/o365/audit/test/01-exchange-admin.log new file mode 100644 index 00000000000..bb5a79acf8c --- /dev/null +++ b/filebeat/module/o365/audit/test/01-exchange-admin.log @@ -0,0 +1,100 @@ +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T20:49:49", "AppId": "", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "1c7412a6-858d-49ff-3f93-08d7ac0f45bf", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "6c3454e1-1a13-411b-bed1-08d7adfc0c09", "CreationTime": "2020-02-10T07:37:14"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "b5131b23-3efb-481a-c05b-08d7ac0f2a82", "CreationTime": "2020-02-07T20:49:03"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "testsiem.onmicrosoft.com\\2c6709f0-beaf-4ffd-99ea-d02c796c25d3", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Organization", "Value": "testsiem.onmicrosoft.com"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Install-DefaultSharingPolicy", "Id": "ef597809-1c52-4a85-7cce-08d7adfc0939", "CreationTime": "2020-02-10T07:37:09"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Organization", "Value": "testsiem.onmicrosoft.com"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Install-AdminAuditLogConfig", "Id": "362ff802-6df6-47e5-09a2-08d7adfc095b", "CreationTime": "2020-02-10T07:37:09"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "testsiem.onmicrosoft.com\\Transport Settings", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-10T07:37:13", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "testsiem.onmicrosoft.com"}, {"Name": "OrganizationFederatedMailbox", "Value": "FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@testsiem.onmicrosoft.com"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-TransportConfig", "Id": "ea769bfc-fa67-465c-767a-08d7adfc0b7b"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "Arbitration", "Value": "True"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}"}, {"Name": "UMDataStorage", "Value": "True"}, {"Name": "Force", "Value": "True"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}", "Id": "168019d2-1e8a-4394-e90b-08d7ac0f1e69", "CreationTime": "2020-02-07T20:48:43"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "InstantMessagingType", "Value": "Ocs"}, {"Name": "Identity", "Value": "testsiem.onmicrosoft.com\\OwaMailboxPolicy-Default"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T20:49:34", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-OwaMailboxPolicy", "ObjectId": "testsiem.onmicrosoft.com\\OwaMailboxPolicy-Default", "Id": "0d7995da-038f-40d9-2765-08d7ac0f3d4d"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-07T20:49:20", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", "Id": "b9f4dff2-c7f5-41eb-eae8-08d7ac0f3492"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:17", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "Id": "2202ec45-7abc-49dd-e35e-08d7adfc0e15"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "Parameters": [{"Name": "DoNotUpdateRecipients", "Value": "True"}, {"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}], "ObjectId": "testsiem.onmicrosoft.com", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-07T20:48:04", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "OrganizationName": "testsiem.onmicrosoft.com", "Operation": "Enable-AddressListPaging", "Id": "a0063917-bb25-4c17-fe2e-08d7ac0f0769", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "RecordType": 1, "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-07T20:48:58", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "a324e83b-d1a3-4855-db2a-08d7ac0f277b", "OrganizationName": "testsiem.onmicrosoft.com"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "RecordType": 1, "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:15", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "Id": "ebda487f-6177-432a-e91d-08d7adfc0d0d", "OrganizationName": "testsiem.onmicrosoft.com"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "RecordType": 1, "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T20:49:09", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "Id": "7dafe4a3-487a-46ec-dadc-08d7ac0f2e06", "OrganizationName": "testsiem.onmicrosoft.com"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "Version": 1, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Workload": "Exchange", "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "7b5e608f-0a09-4251-8922-08d7adfc0d15", "CreationTime": "2020-02-10T07:37:15", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-07T20:49:09", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "7dafe4a3-487a-46ec-dadc-08d7ac0f2e06", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "TenantAllowBlockLists", "Value": "True"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "a4912729-9b49-43b3-d21f-08d7adfc0e8e", "CreationTime": "2020-02-10T07:37:18", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "ObjectId": "testsiem.onmicrosoft.com", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "AppId": "", "CreationTime": "2020-02-07T20:49:55", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-TenantObjectVersion", "Id": "514d0e07-410f-469c-a7f9-08d7ac0f496e", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "ObjectId": "testsiem.onmicrosoft.com\\Transport Settings", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "testsiem.onmicrosoft.com"}, {"Name": "OrganizationFederatedMailbox", "Value": "FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@testsiem.onmicrosoft.com"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-TransportConfig", "Id": "ea769bfc-fa67-465c-767a-08d7adfc0b7b", "CreationTime": "2020-02-10T07:37:13", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}, {"Name": "SupervisionTags", "Value": "Reject;Allow"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-TransportConfig", "ObjectId": "testsiem.onmicrosoft.com\\Transport Settings", "Id": "e022fa0d-13b2-4314-b707-08d7adfc0868", "CreationTime": "2020-02-10T07:37:08", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-TenantObjectVersion", "ObjectId": "testsiem.onmicrosoft.com", "Id": "514d0e07-410f-469c-a7f9-08d7ac0f496e", "CreationTime": "2020-02-07T20:49:55", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "testsiem.onmicrosoft.com"}, {"Name": "OrganizationFederatedMailbox", "Value": "FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@testsiem.onmicrosoft.com"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-07T20:48:52", "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-TransportConfig", "ObjectId": "testsiem.onmicrosoft.com\\Transport Settings", "Id": "8a3c4f54-f2de-4717-dd56-08d7ac0f23be", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "OMEncryptionStore", "Value": "True"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "AppId": "", "CreationTime": "2020-02-07T20:48:49", "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}", "Id": "9eb764a6-fee5-4c3a-6adc-08d7ac0f220f", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "TenantAllowBlockLists", "Value": "True"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:18", "AppId": "", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063", "Id": "a4912729-9b49-43b3-d21f-08d7adfc0e8e", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-07T20:48:56", "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", "Id": "d83e97f0-951c-4ccc-630e-08d7ac0f267e", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:17", "AppId": "", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", "Id": "2cbbd2bb-607e-49b1-c02c-08d7adfc0e1c", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", "Id": "165a283d-6f9b-4dc2-1b86-08d7ac0f273c", "CreationTime": "2020-02-07T20:48:57", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "Id": "979931d3-c99d-45b1-14e1-08d7ac0f3209", "CreationTime": "2020-02-07T20:49:16", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-07T20:49:20", "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", "Id": "4bddac31-664e-4432-d181-08d7ac0f34d2", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", "Id": "4d2e1010-489d-4aa0-e300-08d7ac0f314c", "CreationTime": "2020-02-07T20:49:14", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136", "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T20:48:44", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "ProhibitSendReceiveQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "Management", "Value": "True"}, {"Name": "Force", "Value": "True"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "DisplayName", "Value": "Microsoft Exchange Migration"}, {"Name": "IssueWarningQuota", "Value": "9 GB (9,663,676,416 bytes)"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "Migration", "Value": "True"}, {"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "ProhibitSendQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136"}, {"Name": "Arbitration", "Value": "True"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "e79cb83c-25b7-4777-57f0-08d7ac0f1f74", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", "ClientAppId": "", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "Version": 1, "AppId": "", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Workload": "Exchange", "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "ee2a5c48-f068-4672-3e34-08d7adfc0bf4", "CreationTime": "2020-02-10T07:37:14", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-10T07:37:14", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "d3533d4d-f62f-4731-d0c9-08d7adfc0c7b", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "b9f4dff2-c7f5-41eb-eae8-08d7ac0f3492", "CreationTime": "2020-02-07T20:49:20", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "AppId": "", "CreationTime": "2020-02-07T20:49:08", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "bc03d223-966c-4e33-6cf7-08d7ac0f2d88", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "b9f4dff2-c7f5-41eb-eae8-08d7ac0f3492", "CreationTime": "2020-02-07T20:49:20", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T20:49:09", "AppId": "", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "7a500a7f-cc56-4dfd-d740-08d7ac0f2e45", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-07T20:49:10", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "6047e3da-8661-44a4-6fd2-08d7ac0f2e85", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592", "CreationTime": "2020-02-07T20:49:21", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "d16f181c-257c-4d40-45e1-08d7adfc0c02", "CreationTime": "2020-02-10T07:37:14", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}", "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "Force", "Value": "True"}, {"Name": "UMGrammar", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "MaxSendSize", "Value": "1 GB (1,073,741,824 bytes)"}, {"Name": "MailRouting", "Value": "True"}, {"Name": "MessageTracking", "Value": "True"}, {"Name": "OMEncryption", "Value": "True"}, {"Name": "OABGen", "Value": "True"}, {"Name": "ClientExtensions", "Value": "True"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}"}, {"Name": "GMGen", "Value": "True"}, {"Name": "SuiteServiceStorage", "Value": "True"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "27fdc2ec-edbd-445c-92bd-08d7ac0f1dc6", "CreationTime": "2020-02-07T20:48:42", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "IgnoreDehydratedFlag", "Value": "True"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}, {"Name": "AdminAuditLogEnabled", "Value": "True"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T20:49:55", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-AdminAuditLogConfig", "Id": "0caecd44-0161-44e5-0e45-08d7ac0f49d6", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "testsiem.onmicrosoft.com\\Transport Settings", "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "AppId": "", "CreationTime": "2020-02-07T20:49:52", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "testsiem.onmicrosoft.com"}, {"Name": "HygieneSuite", "Value": "Premium"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-TransportConfig", "Id": "fd804781-7d7f-4d3a-1ef0-08d7ac0f47e4", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "testsiem.onmicrosoft.com\\Transport Settings", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "testsiem.onmicrosoft.com"}, {"Name": "OrganizationFederatedMailbox", "Value": "FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@testsiem.onmicrosoft.com"}], "Workload": "Exchange", "UserType": 3, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T20:48:52", "ClientAppId": "", "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-TransportConfig", "Id": "8a3c4f54-f2de-4717-dd56-08d7ac0f23be", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Organization", "Value": "testsiem.onmicrosoft.com"}, {"Name": "IgnoreDehydratedFlag", "Value": "True"}], "ObjectId": "testsiem.onmicrosoft.com\\ExchangeAssistance", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "New-ExchangeAssistanceConfig", "Id": "627aa8ff-1411-475d-d202-08d7ac0f08a5", "CreationTime": "2020-02-07T20:48:06", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "ProhibitSendReceiveQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "Management", "Value": "True"}, {"Name": "Force", "Value": "True"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "DisplayName", "Value": "Microsoft Exchange Migration"}, {"Name": "IssueWarningQuota", "Value": "9 GB (9,663,676,416 bytes)"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "Migration", "Value": "True"}, {"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "ProhibitSendQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136"}, {"Name": "Arbitration", "Value": "True"}], "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "AppId": "", "CreationTime": "2020-02-10T07:37:12", "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136", "Id": "425128e3-4281-42f6-4ec7-08d7adfc0acd", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "TenantAllowBlockLists", "Value": "True"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-10T07:37:18", "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063", "Id": "a4912729-9b49-43b3-d21f-08d7adfc0e8e", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T20:49:21", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "Id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "Id": "8126fd52-b16b-45c5-6aff-08d7adfc0c97", "CreationTime": "2020-02-10T07:37:15", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-10T07:37:14", "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", "Id": "70f24b65-0224-473b-49b8-08d7adfc0c83", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", "Id": "515c88f2-2cbf-4214-2d9b-08d7adfc0e0f", "CreationTime": "2020-02-10T07:37:17", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-07T20:48:57", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", "Id": "02c7f756-40e0-4c47-d49d-08d7ac0f26bd", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-07T20:49:02", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "40786a66-fbd5-4a24-d9af-08d7ac0f2a42", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "Id": "ebda487f-6177-432a-e91d-08d7adfc0d0d", "CreationTime": "2020-02-10T07:37:15", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "DisplayName", "Value": "Microsoft Exchange"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "9 GB (9,663,676,416 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042"}, {"Name": "ProhibitSendReceiveQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T20:48:51", "AppId": "", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042", "Id": "93d5f028-263c-45f1-dcf9-08d7ac0f2378", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:17", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "Id": "1eea5379-4c86-4d6f-00cf-08d7adfc0e23"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:17", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "Id": "2202ec45-7abc-49dd-e35e-08d7adfc0e15"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:23", "AppId": "", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "IgnoreDehydratedFlag", "Value": "True"}, {"Name": "Identity", "Value": "testsiem.onmicrosoft.com\\Recipient Quota Policy"}, {"Name": "PublicFolderHierarchyMailboxCountQuota", "Value": "100"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-RecipientEnforcementProvisioningPolicy", "ObjectId": "testsiem.onmicrosoft.com\\Recipient Quota Policy", "Id": "80d8b808-c24c-4359-24cf-08d7adfc11e3"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:24", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "IgnoreDehydratedFlag", "Value": "True"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}, {"Name": "AdminAuditLogEnabled", "Value": "True"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-AdminAuditLogConfig", "ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings", "Id": "9edbf9fe-f844-401f-e9ec-08d7adfc1242"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-10T07:37:15", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", "Id": "7b5e608f-0a09-4251-8922-08d7adfc0d15"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-10T07:37:17", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", "Id": "2cbbd2bb-607e-49b1-c02c-08d7adfc0e1c"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "IgnoreDehydratedFlag", "Value": "True"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}, {"Name": "AdminAuditLogEnabled", "Value": "True"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-AdminAuditLogConfig", "ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings", "Id": "9edbf9fe-f844-401f-e9ec-08d7adfc1242", "CreationTime": "2020-02-10T07:37:24"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "InstantMessagingType", "Value": "Ocs"}, {"Name": "Identity", "Value": "testsiem.onmicrosoft.com\\OwaMailboxPolicy-Default"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-OwaMailboxPolicy", "ObjectId": "testsiem.onmicrosoft.com\\OwaMailboxPolicy-Default", "Id": "0d7995da-038f-40d9-2765-08d7ac0f3d4d", "CreationTime": "2020-02-07T20:49:34"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "ProhibitSendReceiveQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "Management", "Value": "True"}, {"Name": "Force", "Value": "True"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "DisplayName", "Value": "Microsoft Exchange Migration"}, {"Name": "IssueWarningQuota", "Value": "9 GB (9,663,676,416 bytes)"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "Migration", "Value": "True"}, {"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "ProhibitSendQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136"}, {"Name": "Arbitration", "Value": "True"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136", "Id": "425128e3-4281-42f6-4ec7-08d7adfc0acd", "CreationTime": "2020-02-10T07:37:12"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "Id": "6ddabbf8-4b7c-4982-2683-08d7adfc0c10", "CreationTime": "2020-02-10T07:37:14"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-10T07:37:13", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "DisplayName", "Value": "Microsoft Exchange"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "9 GB (9,663,676,416 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042"}, {"Name": "ProhibitSendReceiveQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042", "Id": "e6a88958-ff2a-4e9b-d681-08d7adfc0b73"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-07T20:49:02", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "f580aae6-d0d5-4204-1a13-08d7ac0f2a03"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-07T20:48:57", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "165a283d-6f9b-4dc2-1b86-08d7ac0f273c"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:15", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "2db154f6-63ae-4a31-c548-08d7adfc0d1d"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-07T20:49:21", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ClientAppId": "", "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "2202ec45-7abc-49dd-e35e-08d7adfc0e15", "CreationTime": "2020-02-10T07:37:17"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "testsiem.onmicrosoft.com", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-07T20:48:04", "Parameters": [{"Name": "DoNotUpdateRecipients", "Value": "True"}, {"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}], "UserType": 3, "Version": 1, "ClientAppId": "", "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Enable-AddressListPaging", "Id": "a0063917-bb25-4c17-fe2e-08d7ac0f0769"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-07T20:49:55", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "IgnoreDehydratedFlag", "Value": "True"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}, {"Name": "AdminAuditLogEnabled", "Value": "True"}], "UserType": 3, "Version": 1, "ClientAppId": "", "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-AdminAuditLogConfig", "Id": "0caecd44-0161-44e5-0e45-08d7ac0f49d6"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "testsiem.onmicrosoft.com\\ExchangeAssistance15", "UserType": 3, "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "Version": 1, "AppId": "", "CreationTime": "2020-02-10T07:37:24", "Parameters": [{"Name": "Identity", "Value": "testsiem.onmicrosoft.com"}, {"Name": "PrivacyStatementURL", "Value": "http://go.microsoft.com/fwlink/?LinkID=259417"}, {"Name": "PrivacyLinkDisplayEnabled", "Value": "True"}], "ClientAppId": "", "Workload": "Exchange", "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-ExchangeAssistanceConfig", "Id": "2cb36c1c-1368-4483-9801-08d7adfc11fe"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "testsiem.onmicrosoft.com\\Recipient Quota Policy", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "AppId": "", "CreationTime": "2020-02-10T07:37:23", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "IgnoreDehydratedFlag", "Value": "True"}, {"Name": "Identity", "Value": "testsiem.onmicrosoft.com\\Recipient Quota Policy"}, {"Name": "PublicFolderHierarchyMailboxCountQuota", "Value": "100"}], "UserType": 3, "Version": 1, "ClientAppId": "", "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-RecipientEnforcementProvisioningPolicy", "Id": "80d8b808-c24c-4359-24cf-08d7adfc11e3"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-10T07:37:24", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-TenantObjectVersion", "ObjectId": "testsiem.onmicrosoft.com", "Id": "a9fb5fce-4ce4-43eb-f429-08d7adfc122c"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}"}, {"Name": "User", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Discovery Management"}, {"Name": "AccessRights", "Value": "FullAccess"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-07T20:49:49", "ClientAppId": "", "Version": 1, "ResultStatus": "True", "UserType": 3, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Add-MailboxPermission", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}", "Id": "5f84ceaa-e6df-4ba1-1085-08d7ac0f4646"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}", "Id": "1c7412a6-858d-49ff-3f93-08d7ac0f45bf", "CreationTime": "2020-02-07T20:49:49"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "IgnoreDehydratedFlag", "Value": "True"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}, {"Name": "AdminAuditLogEnabled", "Value": "True"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T20:49:55", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-AdminAuditLogConfig", "ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings", "Id": "0caecd44-0161-44e5-0e45-08d7ac0f49d6"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "OMEncryptionStore", "Value": "True"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "Workload": "Exchange", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "ClientAppId": "", "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}", "Id": "7386959b-a0d0-459e-baf8-08d7adfc0b4b", "CreationTime": "2020-02-10T07:37:12"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", "Id": "7b5e608f-0a09-4251-8922-08d7adfc0d15", "CreationTime": "2020-02-10T07:37:15"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "CreationTime": "2020-02-07T20:49:03", "ClientAppId": "", "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", "Id": "96b98335-ab19-4e22-31e0-08d7ac0f2ac2"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-07T20:49:21", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "Id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "Id": "5cd5fc38-5b48-47d6-2e47-08d7ac0f2b01", "CreationTime": "2020-02-07T20:49:04"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "Workload": "Exchange", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "ClientAppId": "", "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "Id": "ff48ffeb-5c2a-468f-9113-08d7ac0f3512", "CreationTime": "2020-02-07T20:49:21"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:14", "UserType": 3, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "ClientAppId": "", "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "Id": "d16f181c-257c-4d40-45e1-08d7adfc0c02"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", "Id": "02c7f756-40e0-4c47-d49d-08d7ac0f26bd", "CreationTime": "2020-02-07T20:48:57"} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Workload": "Exchange", "ClientAppId": "", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:21", "AppId": "", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}"}, {"Name": "User", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Discovery Management"}, {"Name": "AccessRights", "Value": "FullAccess"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Add-MailboxPermission", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}", "Id": "86a8ddaf-15d2-44b4-62d5-08d7adfc1062", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Workload": "Exchange", "ClientAppId": "", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "Id": "8b544cbd-f42b-4910-82ef-08d7ac0f26fc", "CreationTime": "2020-02-07T20:48:57", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Workload": "Exchange", "ClientAppId": "", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "DisplayName", "Value": "Microsoft Exchange"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "9 GB (9,663,676,416 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042"}, {"Name": "ProhibitSendReceiveQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042", "Id": "e6a88958-ff2a-4e9b-d681-08d7adfc0b73", "CreationTime": "2020-02-10T07:37:13", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Workload": "Exchange", "ClientAppId": "", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-10T07:37:07", "Parameters": [{"Name": "DoNotUpdateRecipients", "Value": "True"}, {"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Enable-AddressListPaging", "ObjectId": "testsiem.onmicrosoft.com", "Id": "d7134fa4-2e25-4a7d-d84d-08d7adfc0802", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Workload": "Exchange", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", "UserType": 3, "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "ee2a5c48-f068-4672-3e34-08d7adfc0bf4", "CreationTime": "2020-02-10T07:37:14", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Workload": "Exchange", "ObjectId": "testsiem.onmicrosoft.com\\Resource Schema", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-07T20:48:32", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Organization", "Value": "testsiem.onmicrosoft.com"}], "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Install-ResourceConfig", "Id": "060e0f74-72a7-40d1-30fa-08d7ac0f17d8", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Workload": "Exchange", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "IgnoreDehydratedFlag", "Value": "True"}, {"Name": "Identity", "Value": "testsiem.onmicrosoft.com\\Recipient Quota Policy"}, {"Name": "PublicFolderHierarchyMailboxCountQuota", "Value": "100"}], "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-10T07:37:23", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-RecipientEnforcementProvisioningPolicy", "ObjectId": "testsiem.onmicrosoft.com\\Recipient Quota Policy", "Id": "80d8b808-c24c-4359-24cf-08d7adfc11e3", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Workload": "Exchange", "Parameters": [{"Name": "Force", "Value": "True"}, {"Name": "UMGrammar", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "MaxSendSize", "Value": "1 GB (1,073,741,824 bytes)"}, {"Name": "MailRouting", "Value": "True"}, {"Name": "MessageTracking", "Value": "True"}, {"Name": "OMEncryption", "Value": "True"}, {"Name": "OABGen", "Value": "True"}, {"Name": "ClientExtensions", "Value": "True"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}"}, {"Name": "GMGen", "Value": "True"}, {"Name": "SuiteServiceStorage", "Value": "True"}], "UserType": 3, "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-07T20:48:42", "ClientAppId": "", "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}", "Id": "27fdc2ec-edbd-445c-92bd-08d7ac0f1dc6", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "Version": 1, "ClientAppId": "", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-10T07:37:16", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Workload": "Exchange", "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "c6db95ea-9eae-4b58-d692-08d7adfc0d98", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "Version": 1, "ClientAppId": "", "ObjectId": "testsiem.onmicrosoft.com\\Recipient Quota Policy", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-07T20:49:52", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "IgnoreDehydratedFlag", "Value": "True"}, {"Name": "Identity", "Value": "testsiem.onmicrosoft.com\\Recipient Quota Policy"}, {"Name": "PublicFolderHierarchyMailboxCountQuota", "Value": "100"}], "UserType": 3, "Workload": "Exchange", "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "OrganizationName": "testsiem.onmicrosoft.com", "Operation": "Set-RecipientEnforcementProvisioningPolicy", "Id": "c706f54e-1b00-43ed-5b06-08d7ac0f47a6", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "Version": 1, "ClientAppId": "", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:15", "AppId": "", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "OrganizationName": "testsiem.onmicrosoft.com", "UserType": 3, "Workload": "Exchange", "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", "Id": "fcd82149-fc1c-4866-e16d-08d7adfc0cff", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "Version": 1, "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136", "Parameters": [{"Name": "ProhibitSendReceiveQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "Management", "Value": "True"}, {"Name": "Force", "Value": "True"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "DisplayName", "Value": "Microsoft Exchange Migration"}, {"Name": "IssueWarningQuota", "Value": "9 GB (9,663,676,416 bytes)"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "Migration", "Value": "True"}, {"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "ProhibitSendQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136"}, {"Name": "Arbitration", "Value": "True"}], "UserType": 3, "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Workload": "Exchange", "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "e79cb83c-25b7-4777-57f0-08d7ac0f1f74", "CreationTime": "2020-02-07T20:48:44", "RecordType": 1} +{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "Version": 1, "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", "ClientAppId": "", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Workload": "Exchange", "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "e9e580ee-ac04-436f-9214-08d7adfc0d8b", "CreationTime": "2020-02-10T07:37:16", "RecordType": 1} diff --git a/filebeat/module/o365/audit/test/01-exchange-admin.log-expected.json b/filebeat/module/o365/audit/test/01-exchange-admin.log-expected.json new file mode 100644 index 00000000000..43ed055dad6 --- /dev/null +++ b/filebeat/module/o365/audit/test/01-exchange-admin.log-expected.json @@ -0,0 +1,5010 @@ +[ + { + "@timestamp": "2020-02-07T20:49:49.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "1c7412a6-858d-49ff-3f93-08d7ac0f45bf", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 0, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:49", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "1c7412a6-858d-49ff-3f93-08d7ac0f45bf", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:14.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "6c3454e1-1a13-411b-bed1-08d7adfc0c09", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 980, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:14", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "6c3454e1-1a13-411b-bed1-08d7adfc0c09", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:03.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "b5131b23-3efb-481a-c05b-08d7ac0f2a82", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 2735, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:03", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "b5131b23-3efb-481a-c05b-08d7ac0f2a82", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:09.000Z", + "event.action": "Install-DefaultSharingPolicy", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "ef597809-1c52-4a85-7cce-08d7adfc0939", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 4490, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:09", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "ef597809-1c52-4a85-7cce-08d7adfc0939", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\2c6709f0-beaf-4ffd-99ea-d02c796c25d3", + "o365.audit.Operation": "Install-DefaultSharingPolicy", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Organization": "testsiem.onmicrosoft.com", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:09.000Z", + "event.action": "Install-AdminAuditLogConfig", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "362ff802-6df6-47e5-09a2-08d7adfc095b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 5269, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:09", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "362ff802-6df6-47e5-09a2-08d7adfc095b", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings", + "o365.audit.Operation": "Install-AdminAuditLogConfig", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Organization": "testsiem.onmicrosoft.com", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:13.000Z", + "event.action": "Set-TransportConfig", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "ea769bfc-fa67-465c-767a-08d7adfc0b7b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 6035, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:13", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "ea769bfc-fa67-465c-767a-08d7adfc0b7b", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Transport Settings", + "o365.audit.Operation": "Set-TransportConfig", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com", + "o365.audit.Parameters.OrganizationFederatedMailbox": "FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@testsiem.onmicrosoft.com", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:48:43.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "168019d2-1e8a-4394-e90b-08d7ac0f1e69", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 6914, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:48:43", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "168019d2-1e8a-4394-e90b-08d7ac0f1e69", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}", + "o365.audit.Parameters.UMDataStorage": "True", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:34.000Z", + "event.action": "Set-OwaMailboxPolicy", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "0d7995da-038f-40d9-2765-08d7ac0f3d4d", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 7955, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:34", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "0d7995da-038f-40d9-2765-08d7ac0f3d4d", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\OwaMailboxPolicy-Default", + "o365.audit.Operation": "Set-OwaMailboxPolicy", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com\\OwaMailboxPolicy-Default", + "o365.audit.Parameters.InstantMessagingType": "Ocs", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:20.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "b9f4dff2-c7f5-41eb-eae8-08d7ac0f3492", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 8743, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:20", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "b9f4dff2-c7f5-41eb-eae8-08d7ac0f3492", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:17.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "2202ec45-7abc-49dd-e35e-08d7adfc0e15", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 10498, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:17", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "2202ec45-7abc-49dd-e35e-08d7adfc0e15", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:48:04.000Z", + "event.action": "Enable-AddressListPaging", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "a0063917-bb25-4c17-fe2e-08d7ac0f0769", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 12253, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:48:04", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "a0063917-bb25-4c17-fe2e-08d7ac0f0769", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com", + "o365.audit.Operation": "Enable-AddressListPaging", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.DoNotUpdateRecipients": "True", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:48:58.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "a324e83b-d1a3-4855-db2a-08d7ac0f277b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 13107, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:48:58", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "a324e83b-d1a3-4855-db2a-08d7ac0f277b", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:15.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "ebda487f-6177-432a-e91d-08d7adfc0d0d", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 14862, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:15", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "ebda487f-6177-432a-e91d-08d7adfc0d0d", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:09.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "7dafe4a3-487a-46ec-dadc-08d7ac0f2e06", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 16617, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:09", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "7dafe4a3-487a-46ec-dadc-08d7ac0f2e06", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:15.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "7b5e608f-0a09-4251-8922-08d7adfc0d15", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 18372, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:15", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "7b5e608f-0a09-4251-8922-08d7adfc0d15", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:09.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "7dafe4a3-487a-46ec-dadc-08d7ac0f2e06", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 20127, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:09", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "7dafe4a3-487a-46ec-dadc-08d7ac0f2e06", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:18.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "a4912729-9b49-43b3-d21f-08d7adfc0e8e", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 21882, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:18", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "a4912729-9b49-43b3-d21f-08d7adfc0e8e", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.TenantAllowBlockLists": "True", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:55.000Z", + "event.action": "Set-TenantObjectVersion", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "514d0e07-410f-469c-a7f9-08d7ac0f496e", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 23638, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:55", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "514d0e07-410f-469c-a7f9-08d7ac0f496e", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com", + "o365.audit.Operation": "Set-TenantObjectVersion", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:13.000Z", + "event.action": "Set-TransportConfig", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "ea769bfc-fa67-465c-767a-08d7adfc0b7b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 24439, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:13", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "ea769bfc-fa67-465c-767a-08d7adfc0b7b", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Transport Settings", + "o365.audit.Operation": "Set-TransportConfig", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com", + "o365.audit.Parameters.OrganizationFederatedMailbox": "FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@testsiem.onmicrosoft.com", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:08.000Z", + "event.action": "Set-TransportConfig", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "e022fa0d-13b2-4314-b707-08d7adfc0868", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 25318, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:08", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "e022fa0d-13b2-4314-b707-08d7adfc0868", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Transport Settings", + "o365.audit.Operation": "Set-TransportConfig", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com", + "o365.audit.Parameters.SupervisionTags": "Reject;Allow", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:55.000Z", + "event.action": "Set-TenantObjectVersion", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "514d0e07-410f-469c-a7f9-08d7ac0f496e", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 26189, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:55", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "514d0e07-410f-469c-a7f9-08d7ac0f496e", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com", + "o365.audit.Operation": "Set-TenantObjectVersion", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:48:52.000Z", + "event.action": "Set-TransportConfig", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "8a3c4f54-f2de-4717-dd56-08d7ac0f23be", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 26990, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:48:52", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "8a3c4f54-f2de-4717-dd56-08d7ac0f23be", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Transport Settings", + "o365.audit.Operation": "Set-TransportConfig", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com", + "o365.audit.Parameters.OrganizationFederatedMailbox": "FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@testsiem.onmicrosoft.com", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:48:49.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "9eb764a6-fee5-4c3a-6adc-08d7ac0f220f", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 27869, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:48:49", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "9eb764a6-fee5-4c3a-6adc-08d7ac0f220f", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.OMEncryptionStore": "True", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:18.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "a4912729-9b49-43b3-d21f-08d7adfc0e8e", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 29609, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:18", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "a4912729-9b49-43b3-d21f-08d7adfc0e8e", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.TenantAllowBlockLists": "True", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:48:56.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "d83e97f0-951c-4ccc-630e-08d7ac0f267e", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 31365, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:48:56", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "d83e97f0-951c-4ccc-630e-08d7ac0f267e", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:17.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "2cbbd2bb-607e-49b1-c02c-08d7adfc0e1c", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 33120, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:17", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "2cbbd2bb-607e-49b1-c02c-08d7adfc0e1c", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:48:57.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "165a283d-6f9b-4dc2-1b86-08d7ac0f273c", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 34875, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:48:57", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "165a283d-6f9b-4dc2-1b86-08d7ac0f273c", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:16.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "979931d3-c99d-45b1-14e1-08d7ac0f3209", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 36630, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:16", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "979931d3-c99d-45b1-14e1-08d7ac0f3209", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:20.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "4bddac31-664e-4432-d181-08d7ac0f34d2", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 38385, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:20", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "4bddac31-664e-4432-d181-08d7ac0f34d2", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:14.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "4d2e1010-489d-4aa0-e300-08d7ac0f314c", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 40140, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:14", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "4d2e1010-489d-4aa0-e300-08d7ac0f314c", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:48:44.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "e79cb83c-25b7-4777-57f0-08d7ac0f1f74", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 41895, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:48:44", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "e79cb83c-25b7-4777-57f0-08d7ac0f1f74", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.DisplayName": "Microsoft Exchange Migration", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136", + "o365.audit.Parameters.IssueWarningQuota": "9 GB (9,663,676,416 bytes)", + "o365.audit.Parameters.Management": "True", + "o365.audit.Parameters.Migration": "True", + "o365.audit.Parameters.ProhibitSendQuota": "10 GB (10,737,418,240 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "10 GB (10,737,418,240 bytes)", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:14.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "ee2a5c48-f068-4672-3e34-08d7adfc0bf4", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 43719, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:14", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "ee2a5c48-f068-4672-3e34-08d7adfc0bf4", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:14.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "d3533d4d-f62f-4731-d0c9-08d7adfc0c7b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 45474, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:14", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "d3533d4d-f62f-4731-d0c9-08d7adfc0c7b", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:20.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "b9f4dff2-c7f5-41eb-eae8-08d7ac0f3492", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 47229, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:20", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "b9f4dff2-c7f5-41eb-eae8-08d7ac0f3492", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:08.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "bc03d223-966c-4e33-6cf7-08d7ac0f2d88", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 48984, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:08", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "bc03d223-966c-4e33-6cf7-08d7ac0f2d88", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:20.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "b9f4dff2-c7f5-41eb-eae8-08d7ac0f3492", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 50739, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:20", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "b9f4dff2-c7f5-41eb-eae8-08d7ac0f3492", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:09.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "7a500a7f-cc56-4dfd-d740-08d7ac0f2e45", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 52494, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:09", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "7a500a7f-cc56-4dfd-d740-08d7ac0f2e45", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:10.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "6047e3da-8661-44a4-6fd2-08d7ac0f2e85", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 54249, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:10", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "6047e3da-8661-44a4-6fd2-08d7ac0f2e85", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:21.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 56004, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:21", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:14.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "d16f181c-257c-4d40-45e1-08d7adfc0c02", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 57759, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:14", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "d16f181c-257c-4d40-45e1-08d7adfc0c02", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:48:42.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "27fdc2ec-edbd-445c-92bd-08d7ac0f1dc6", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 59514, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:48:42", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "27fdc2ec-edbd-445c-92bd-08d7ac0f1dc6", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.ClientExtensions": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.GMGen": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}", + "o365.audit.Parameters.MailRouting": "True", + "o365.audit.Parameters.MaxSendSize": "1 GB (1,073,741,824 bytes)", + "o365.audit.Parameters.MessageTracking": "True", + "o365.audit.Parameters.OABGen": "True", + "o365.audit.Parameters.OMEncryption": "True", + "o365.audit.Parameters.SuiteServiceStorage": "True", + "o365.audit.Parameters.UMGrammar": "True", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:55.000Z", + "event.action": "Set-AdminAuditLogConfig", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "0caecd44-0161-44e5-0e45-08d7ac0f49d6", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 60916, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:55", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "0caecd44-0161-44e5-0e45-08d7ac0f49d6", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings", + "o365.audit.Operation": "Set-AdminAuditLogConfig", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.AdminAuditLogEnabled": "True", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com", + "o365.audit.Parameters.IgnoreDehydratedFlag": "True", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:52.000Z", + "event.action": "Set-TransportConfig", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "fd804781-7d7f-4d3a-1ef0-08d7ac0f47e4", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 61845, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:52", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "fd804781-7d7f-4d3a-1ef0-08d7ac0f47e4", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Transport Settings", + "o365.audit.Operation": "Set-TransportConfig", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.HygieneSuite": "Premium", + "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:48:52.000Z", + "event.action": "Set-TransportConfig", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "8a3c4f54-f2de-4717-dd56-08d7ac0f23be", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 62639, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:48:52", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "8a3c4f54-f2de-4717-dd56-08d7ac0f23be", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Transport Settings", + "o365.audit.Operation": "Set-TransportConfig", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com", + "o365.audit.Parameters.OrganizationFederatedMailbox": "FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@testsiem.onmicrosoft.com", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:48:06.000Z", + "event.action": "New-ExchangeAssistanceConfig", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "627aa8ff-1411-475d-d202-08d7ac0f08a5", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 63518, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:48:06", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "627aa8ff-1411-475d-d202-08d7ac0f08a5", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\ExchangeAssistance", + "o365.audit.Operation": "New-ExchangeAssistanceConfig", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.IgnoreDehydratedFlag": "True", + "o365.audit.Parameters.Organization": "testsiem.onmicrosoft.com", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:12.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "425128e3-4281-42f6-4ec7-08d7adfc0acd", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 64330, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:12", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "425128e3-4281-42f6-4ec7-08d7adfc0acd", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.DisplayName": "Microsoft Exchange Migration", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136", + "o365.audit.Parameters.IssueWarningQuota": "9 GB (9,663,676,416 bytes)", + "o365.audit.Parameters.Management": "True", + "o365.audit.Parameters.Migration": "True", + "o365.audit.Parameters.ProhibitSendQuota": "10 GB (10,737,418,240 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "10 GB (10,737,418,240 bytes)", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:18.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "a4912729-9b49-43b3-d21f-08d7adfc0e8e", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 66154, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:18", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "a4912729-9b49-43b3-d21f-08d7adfc0e8e", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.TenantAllowBlockLists": "True", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:21.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 67910, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:21", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:15.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "8126fd52-b16b-45c5-6aff-08d7adfc0c97", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 69665, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:15", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "8126fd52-b16b-45c5-6aff-08d7adfc0c97", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:14.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "70f24b65-0224-473b-49b8-08d7adfc0c83", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 71420, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:14", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "70f24b65-0224-473b-49b8-08d7adfc0c83", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:17.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "515c88f2-2cbf-4214-2d9b-08d7adfc0e0f", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 73175, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:17", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "515c88f2-2cbf-4214-2d9b-08d7adfc0e0f", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:48:57.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "02c7f756-40e0-4c47-d49d-08d7ac0f26bd", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 74930, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:48:57", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "02c7f756-40e0-4c47-d49d-08d7ac0f26bd", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:02.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "40786a66-fbd5-4a24-d9af-08d7ac0f2a42", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 76685, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:02", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "40786a66-fbd5-4a24-d9af-08d7ac0f2a42", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:15.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "ebda487f-6177-432a-e91d-08d7adfc0d0d", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 78440, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:15", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "ebda487f-6177-432a-e91d-08d7adfc0d0d", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:48:51.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "93d5f028-263c-45f1-dcf9-08d7ac0f2378", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 80195, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:48:51", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "93d5f028-263c-45f1-dcf9-08d7ac0f2378", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.DisplayName": "Microsoft Exchange", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042", + "o365.audit.Parameters.IssueWarningQuota": "9 GB (9,663,676,416 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "10 GB (10,737,418,240 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "10 GB (10,737,418,240 bytes)", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:17.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "1eea5379-4c86-4d6f-00cf-08d7adfc0e23", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 81938, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:17", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "1eea5379-4c86-4d6f-00cf-08d7adfc0e23", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:17.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "2202ec45-7abc-49dd-e35e-08d7adfc0e15", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 83693, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:17", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "2202ec45-7abc-49dd-e35e-08d7adfc0e15", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:23.000Z", + "event.action": "Set-RecipientEnforcementProvisioningPolicy", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "80d8b808-c24c-4359-24cf-08d7adfc11e3", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 85448, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:23", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "80d8b808-c24c-4359-24cf-08d7adfc11e3", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Recipient Quota Policy", + "o365.audit.Operation": "Set-RecipientEnforcementProvisioningPolicy", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com\\Recipient Quota Policy", + "o365.audit.Parameters.IgnoreDehydratedFlag": "True", + "o365.audit.Parameters.PublicFolderHierarchyMailboxCountQuota": "100", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:24.000Z", + "event.action": "Set-AdminAuditLogConfig", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "9edbf9fe-f844-401f-e9ec-08d7adfc1242", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 86366, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:24", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "9edbf9fe-f844-401f-e9ec-08d7adfc1242", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings", + "o365.audit.Operation": "Set-AdminAuditLogConfig", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.AdminAuditLogEnabled": "True", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com", + "o365.audit.Parameters.IgnoreDehydratedFlag": "True", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:15.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "7b5e608f-0a09-4251-8922-08d7adfc0d15", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 87295, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:15", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "7b5e608f-0a09-4251-8922-08d7adfc0d15", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:17.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "2cbbd2bb-607e-49b1-c02c-08d7adfc0e1c", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 89050, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:17", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "2cbbd2bb-607e-49b1-c02c-08d7adfc0e1c", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:24.000Z", + "event.action": "Set-AdminAuditLogConfig", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "9edbf9fe-f844-401f-e9ec-08d7adfc1242", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 90805, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:24", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "9edbf9fe-f844-401f-e9ec-08d7adfc1242", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings", + "o365.audit.Operation": "Set-AdminAuditLogConfig", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.AdminAuditLogEnabled": "True", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com", + "o365.audit.Parameters.IgnoreDehydratedFlag": "True", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:34.000Z", + "event.action": "Set-OwaMailboxPolicy", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "0d7995da-038f-40d9-2765-08d7ac0f3d4d", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 91734, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:34", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "0d7995da-038f-40d9-2765-08d7ac0f3d4d", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\OwaMailboxPolicy-Default", + "o365.audit.Operation": "Set-OwaMailboxPolicy", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com\\OwaMailboxPolicy-Default", + "o365.audit.Parameters.InstantMessagingType": "Ocs", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:12.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "425128e3-4281-42f6-4ec7-08d7adfc0acd", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 92522, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:12", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "425128e3-4281-42f6-4ec7-08d7adfc0acd", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.DisplayName": "Microsoft Exchange Migration", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136", + "o365.audit.Parameters.IssueWarningQuota": "9 GB (9,663,676,416 bytes)", + "o365.audit.Parameters.Management": "True", + "o365.audit.Parameters.Migration": "True", + "o365.audit.Parameters.ProhibitSendQuota": "10 GB (10,737,418,240 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "10 GB (10,737,418,240 bytes)", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:14.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "6ddabbf8-4b7c-4982-2683-08d7adfc0c10", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 94346, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:14", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "6ddabbf8-4b7c-4982-2683-08d7adfc0c10", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:13.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "e6a88958-ff2a-4e9b-d681-08d7adfc0b73", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 96101, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:13", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "e6a88958-ff2a-4e9b-d681-08d7adfc0b73", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.DisplayName": "Microsoft Exchange", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042", + "o365.audit.Parameters.IssueWarningQuota": "9 GB (9,663,676,416 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "10 GB (10,737,418,240 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "10 GB (10,737,418,240 bytes)", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:02.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "f580aae6-d0d5-4204-1a13-08d7ac0f2a03", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 97844, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:02", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "f580aae6-d0d5-4204-1a13-08d7ac0f2a03", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:48:57.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "165a283d-6f9b-4dc2-1b86-08d7ac0f273c", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 99599, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:48:57", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "165a283d-6f9b-4dc2-1b86-08d7ac0f273c", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:15.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "2db154f6-63ae-4a31-c548-08d7adfc0d1d", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 101354, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:15", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "2db154f6-63ae-4a31-c548-08d7adfc0d1d", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:21.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 103109, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:21", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:17.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "2202ec45-7abc-49dd-e35e-08d7adfc0e15", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 104864, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:17", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "2202ec45-7abc-49dd-e35e-08d7adfc0e15", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:48:04.000Z", + "event.action": "Enable-AddressListPaging", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "a0063917-bb25-4c17-fe2e-08d7ac0f0769", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 106619, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:48:04", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "a0063917-bb25-4c17-fe2e-08d7ac0f0769", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com", + "o365.audit.Operation": "Enable-AddressListPaging", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.DoNotUpdateRecipients": "True", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:55.000Z", + "event.action": "Set-AdminAuditLogConfig", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "0caecd44-0161-44e5-0e45-08d7ac0f49d6", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 107473, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:55", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "0caecd44-0161-44e5-0e45-08d7ac0f49d6", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings", + "o365.audit.Operation": "Set-AdminAuditLogConfig", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.AdminAuditLogEnabled": "True", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com", + "o365.audit.Parameters.IgnoreDehydratedFlag": "True", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:24.000Z", + "event.action": "Set-ExchangeAssistanceConfig", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "2cb36c1c-1368-4483-9801-08d7adfc11fe", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 108402, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:24", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "2cb36c1c-1368-4483-9801-08d7adfc11fe", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\ExchangeAssistance15", + "o365.audit.Operation": "Set-ExchangeAssistanceConfig", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com", + "o365.audit.Parameters.PrivacyLinkDisplayEnabled": "True", + "o365.audit.Parameters.PrivacyStatementURL": "http://go.microsoft.com/fwlink/?LinkID=259417", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:23.000Z", + "event.action": "Set-RecipientEnforcementProvisioningPolicy", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "80d8b808-c24c-4359-24cf-08d7adfc11e3", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 109265, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:23", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "80d8b808-c24c-4359-24cf-08d7adfc11e3", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Recipient Quota Policy", + "o365.audit.Operation": "Set-RecipientEnforcementProvisioningPolicy", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com\\Recipient Quota Policy", + "o365.audit.Parameters.IgnoreDehydratedFlag": "True", + "o365.audit.Parameters.PublicFolderHierarchyMailboxCountQuota": "100", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:24.000Z", + "event.action": "Set-TenantObjectVersion", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "a9fb5fce-4ce4-43eb-f429-08d7adfc122c", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 110183, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:24", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "a9fb5fce-4ce4-43eb-f429-08d7adfc122c", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com", + "o365.audit.Operation": "Set-TenantObjectVersion", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:49.000Z", + "event.action": "Add-MailboxPermission", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "5f84ceaa-e6df-4ba1-1085-08d7ac0f4646", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 110984, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:49", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "5f84ceaa-e6df-4ba1-1085-08d7ac0f4646", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}", + "o365.audit.Operation": "Add-MailboxPermission", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.AccessRights": "FullAccess", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}", + "o365.audit.Parameters.User": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Discovery Management", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:49.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "1c7412a6-858d-49ff-3f93-08d7ac0f45bf", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 112168, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:49", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "1c7412a6-858d-49ff-3f93-08d7ac0f45bf", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:55.000Z", + "event.action": "Set-AdminAuditLogConfig", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "0caecd44-0161-44e5-0e45-08d7ac0f49d6", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 113148, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:55", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "0caecd44-0161-44e5-0e45-08d7ac0f49d6", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings", + "o365.audit.Operation": "Set-AdminAuditLogConfig", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.AdminAuditLogEnabled": "True", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com", + "o365.audit.Parameters.IgnoreDehydratedFlag": "True", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:12.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "7386959b-a0d0-459e-baf8-08d7adfc0b4b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 114077, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:12", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "7386959b-a0d0-459e-baf8-08d7adfc0b4b", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.OMEncryptionStore": "True", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:15.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "7b5e608f-0a09-4251-8922-08d7adfc0d15", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 115817, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:15", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "7b5e608f-0a09-4251-8922-08d7adfc0d15", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:03.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "96b98335-ab19-4e22-31e0-08d7ac0f2ac2", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 117572, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:03", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "96b98335-ab19-4e22-31e0-08d7ac0f2ac2", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:21.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 119327, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:21", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:04.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "5cd5fc38-5b48-47d6-2e47-08d7ac0f2b01", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 121082, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:04", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "5cd5fc38-5b48-47d6-2e47-08d7ac0f2b01", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:21.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "ff48ffeb-5c2a-468f-9113-08d7ac0f3512", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 122837, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:21", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "ff48ffeb-5c2a-468f-9113-08d7ac0f3512", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:14.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "d16f181c-257c-4d40-45e1-08d7adfc0c02", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 124592, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:14", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "d16f181c-257c-4d40-45e1-08d7adfc0c02", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:48:57.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "02c7f756-40e0-4c47-d49d-08d7ac0f26bd", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 126347, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:48:57", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "02c7f756-40e0-4c47-d49d-08d7ac0f26bd", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:21.000Z", + "event.action": "Add-MailboxPermission", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "86a8ddaf-15d2-44b4-62d5-08d7adfc1062", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 128102, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:21", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "86a8ddaf-15d2-44b4-62d5-08d7adfc1062", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}", + "o365.audit.Operation": "Add-MailboxPermission", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.AccessRights": "FullAccess", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}", + "o365.audit.Parameters.User": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Discovery Management", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:48:57.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "8b544cbd-f42b-4910-82ef-08d7ac0f26fc", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 129286, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:48:57", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "8b544cbd-f42b-4910-82ef-08d7ac0f26fc", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:13.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "e6a88958-ff2a-4e9b-d681-08d7adfc0b73", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 131041, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:13", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "e6a88958-ff2a-4e9b-d681-08d7adfc0b73", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.DisplayName": "Microsoft Exchange", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042", + "o365.audit.Parameters.IssueWarningQuota": "9 GB (9,663,676,416 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "10 GB (10,737,418,240 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "10 GB (10,737,418,240 bytes)", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:07.000Z", + "event.action": "Enable-AddressListPaging", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "d7134fa4-2e25-4a7d-d84d-08d7adfc0802", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 132784, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:07", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "d7134fa4-2e25-4a7d-d84d-08d7adfc0802", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com", + "o365.audit.Operation": "Enable-AddressListPaging", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.DoNotUpdateRecipients": "True", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:14.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "ee2a5c48-f068-4672-3e34-08d7adfc0bf4", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 133638, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:14", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "ee2a5c48-f068-4672-3e34-08d7adfc0bf4", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:48:32.000Z", + "event.action": "Install-ResourceConfig", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "060e0f74-72a7-40d1-30fa-08d7ac0f17d8", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 135393, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:48:32", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "060e0f74-72a7-40d1-30fa-08d7ac0f17d8", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Resource Schema", + "o365.audit.Operation": "Install-ResourceConfig", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Organization": "testsiem.onmicrosoft.com", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:23.000Z", + "event.action": "Set-RecipientEnforcementProvisioningPolicy", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "80d8b808-c24c-4359-24cf-08d7adfc11e3", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 136145, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:23", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "80d8b808-c24c-4359-24cf-08d7adfc11e3", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Recipient Quota Policy", + "o365.audit.Operation": "Set-RecipientEnforcementProvisioningPolicy", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com\\Recipient Quota Policy", + "o365.audit.Parameters.IgnoreDehydratedFlag": "True", + "o365.audit.Parameters.PublicFolderHierarchyMailboxCountQuota": "100", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:48:42.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "27fdc2ec-edbd-445c-92bd-08d7ac0f1dc6", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 137063, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:48:42", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "27fdc2ec-edbd-445c-92bd-08d7ac0f1dc6", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.ClientExtensions": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.GMGen": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}", + "o365.audit.Parameters.MailRouting": "True", + "o365.audit.Parameters.MaxSendSize": "1 GB (1,073,741,824 bytes)", + "o365.audit.Parameters.MessageTracking": "True", + "o365.audit.Parameters.OABGen": "True", + "o365.audit.Parameters.OMEncryption": "True", + "o365.audit.Parameters.SuiteServiceStorage": "True", + "o365.audit.Parameters.UMGrammar": "True", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:16.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "c6db95ea-9eae-4b58-d692-08d7adfc0d98", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 138465, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:16", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "c6db95ea-9eae-4b58-d692-08d7adfc0d98", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:49:52.000Z", + "event.action": "Set-RecipientEnforcementProvisioningPolicy", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "c706f54e-1b00-43ed-5b06-08d7ac0f47a6", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 140220, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:49:52", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "c706f54e-1b00-43ed-5b06-08d7ac0f47a6", + "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Recipient Quota Policy", + "o365.audit.Operation": "Set-RecipientEnforcementProvisioningPolicy", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.DomainController": "", + "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com\\Recipient Quota Policy", + "o365.audit.Parameters.IgnoreDehydratedFlag": "True", + "o365.audit.Parameters.PublicFolderHierarchyMailboxCountQuota": "100", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:15.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "fcd82149-fc1c-4866-e16d-08d7adfc0cff", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 141138, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:15", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "fcd82149-fc1c-4866-e16d-08d7adfc0cff", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-07T20:48:44.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "e79cb83c-25b7-4777-57f0-08d7ac0f1f74", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 142893, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-07T20:48:44", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "e79cb83c-25b7-4777-57f0-08d7ac0f1f74", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.DisplayName": "Microsoft Exchange Migration", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136", + "o365.audit.Parameters.IssueWarningQuota": "9 GB (9,663,676,416 bytes)", + "o365.audit.Parameters.Management": "True", + "o365.audit.Parameters.Migration": "True", + "o365.audit.Parameters.ProhibitSendQuota": "10 GB (10,737,418,240 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "10 GB (10,737,418,240 bytes)", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + }, + { + "@timestamp": "2020-02-10T07:37:16.000Z", + "event.action": "Set-Mailbox", + "event.category": "web", + "event.code": "ExchangeAdmin", + "event.dataset": "o365.audit", + "event.id": "e9e580ee-ac04-436f-9214-08d7adfc0d8b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 144717, + "o365.audit.AppId": "", + "o365.audit.ClientAppId": "", + "o365.audit.CreationTime": "2020-02-10T07:37:16", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "e9e580ee-ac04-436f-9214-08d7adfc0d8b", + "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", + "o365.audit.Operation": "Set-Mailbox", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", + "o365.audit.Parameters.Arbitration": "True", + "o365.audit.Parameters.Force": "True", + "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True", + "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", + "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)", + "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)", + "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)", + "o365.audit.Parameters.QuarantineMessageStore": "True", + "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)", + "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)", + "o365.audit.Parameters.SCLDeleteEnabled": "False", + "o365.audit.Parameters.SCLJunkEnabled": "False", + "o365.audit.Parameters.SCLQuarantineEnabled": "False", + "o365.audit.Parameters.SCLRejectEnabled": "False", + "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False", + "o365.audit.RecordType": 1, + "o365.audit.ResultStatus": "True", + "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", + "o365.audit.UserType": 3, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "server.address": "HE1PR0102MB3228 (15.20.2707.017)", + "service.type": "o365", + "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)" + } +] \ No newline at end of file diff --git a/filebeat/module/o365/audit/test/02-exchange-item.log b/filebeat/module/o365/audit/test/02-exchange-item.log new file mode 100644 index 00000000000..4343b23e7c3 --- /dev/null +++ b/filebeat/module/o365/audit/test/02-exchange-item.log @@ -0,0 +1,9 @@ +{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"26286ffa-073d-45ff-9fe9-539891984d69","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"Create","ClientIPAddress":"::1","Item":{"InternetMessageId":"","IsRecord":false,"Id":"RgAAAACklF6sEsJgSK/ulVd531/WBwCzgXIUnq3lQqXFeCmxHwmHAAAAAAEMAACzgXIUnq3lQqXFeCmxHwmHAAAAABULAAAJ","Attachments":"warming_email_03_2017_calendar.png (599b); warming_email_03_2017_conversation.png (614b); warming_email_03_2017_links.png (1403b); google_play_store_badge.png (4824b); apple_store_badge.png (4446b); windows_store_badge.png (3681b); warming_email_03_2017_files.png (809b); warming_email_03_2017_sharePoint.png (1432b)","ParentFolder":{"Path":"\\Inbox","Id":"LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAEMAAAB"},"Subject":"The new SIEMTest group is ready"},"LogonUserSid":"S-1-5-18","OriginatingServer":"AM6PR01MB4535 (15.20.2729.032)\n","RecordType":2,"Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"SIEMTest@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26680073","ResultStatus":"Succeeded","ExternalAccess":true,"LogonType":1,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T17:12:03","Id":"3be78a31-dbd3-4c2c-eaf9-08d7b3cc8226","UserType":2} +{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"778e6fd9-b5d5-4431-a10f-245bde6e0cb8","Operation":"Create","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","ClientIPAddress":"::1","Item":{"InternetMessageId":"","IsRecord":false,"Id":"RgAAAABQ7FIOAzxlR4hKCRQRbTbvBwBTdQb34omtRrZGvP+4ONQkAAAAAAEMAABTdQb34omtRrZGvP+4ONQkAAAAAA0lAAAJ","ParentFolder":{"Path":"\\Inbox","Id":"LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAEMAAAB"},"Attachments":"warming_email_03_2017_calendar.png (598b); warming_email_03_2017_conversation.png (613b); warming_email_03_2017_links.png (1402b); google_play_store_badge.png (4823b); apple_store_badge.png (4445b); windows_store_badge.png (3680b); warming_email_03_2017_files.png (808b); warming_email_03_2017_sharePoint.png (1431b)","Subject":"The new All Company group is ready"},"LogonUserSid":"S-1-5-18","RecordType":2,"OriginatingServer":"DB3PR0102MB3500 (15.20.2729.032)\n","Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"AllCompany.4529848321.eqpfynvc@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26679883","ResultStatus":"Succeeded","LogonType":1,"ExternalAccess":true,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T08:53:46","Id":"c0790552-9989-4e91-cba4-08d7b386e642","UserType":2} +{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"685170f5-2238-470d-824b-239a02afafbd","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"Create","ClientIPAddress":"::1","Item":{"InternetMessageId":"","IsRecord":false,"Id":"RgAAAABkkJvTy6NaRYV8EL+vMtzZBwAk6unHVumCRJNhRrAMRwYLAAAAAAEMAAAk6unHVumCRJNhRrAMRwYLAAAAAAk9AAAJ","ParentFolder":{"Path":"\\Inbox","Id":"LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAEMAAAB"},"Attachments":"warming_email_03_2017_calendar.png (598b); warming_email_03_2017_conversation.png (613b); warming_email_03_2017_links.png (1402b); google_play_store_badge.png (4823b); apple_store_badge.png (4445b); windows_store_badge.png (3680b); warming_email_03_2017_files.png (808b); warming_email_03_2017_sharePoint.png (1431b)","Subject":"The new All Company group is ready"},"LogonUserSid":"S-1-5-18","RecordType":2,"OriginatingServer":"DB7PR01MB4428 (15.20.2707.031)\n","Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"AllCompany.4529848321.sqtielgo@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26679882","ResultStatus":"Succeeded","ExternalAccess":true,"LogonType":1,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T08:53:31","Id":"c6b58ed7-a54a-47cf-a301-08d7b386dd7c","UserType":2} +{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"778e6fd9-b5d5-4431-a10f-245bde6e0cb8","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"ModifyFolderPermissions","ClientIPAddress":"::1","Item":{"Id":"LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAENAAAC","ParentFolder":{"Path":"\\Calendar","MemberRights":"ReadAny, Visible, FreeBusySimple, FreeBusyDetailed","MemberSid":"S-1-8-2005823449-1144108501-1529089953-3087822558-1","Id":"LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAENAAAC","MemberUpn":"Member@local","Name":"Calendar"}},"LogonUserSid":"S-1-5-18","RecordType":2,"OriginatingServer":"DB3PR0102MB3500 (15.20.2729.032)","Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"AllCompany.4529848321.eqpfynvc@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26679883","ResultStatus":"Succeeded","ExternalAccess":true,"LogonType":1,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T08:53:41","Id":"815684be-4e52-4cb2-9242-08d7b386e333","UserType":2} +{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"685170f5-2238-470d-824b-239a02afafbd","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"ModifyFolderPermissions","ClientIPAddress":"::1","Item":{"Id":"LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAENAAAC","ParentFolder":{"Path":"\\Calendar","MemberRights":"ReadAny, Create, EditOwned, DeleteOwned, EditAny, DeleteAny, Visible, FreeBusySimple, FreeBusyDetailed","MemberSid":"S-1-8-1750167797-1192043064-2586004354-3182407426-0","Id":"LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAENAAAC","MemberUpn":"Owner@local","Name":"Calendar"}},"LogonUserSid":"S-1-5-18","RecordType":2,"OriginatingServer":"DB7PR01MB4428 (15.20.2707.031)\n","Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"AllCompany.4529848321.sqtielgo@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26679882","ResultStatus":"Succeeded","ExternalAccess":true,"LogonType":1,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T08:53:22","Id":"f5b56c26-18aa-4984-822e-08d7b386d7e2","UserType":2} +{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"685170f5-2238-470d-824b-239a02afafbd","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"ModifyFolderPermissions","ClientIPAddress":"::1","Item":{"Id":"LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAENAAAC","ParentFolder":{"Path":"\\Calendar","MemberRights":"ReadAny, Visible, FreeBusySimple, FreeBusyDetailed","MemberSid":"S-1-8-1750167797-1192043064-2586004354-3182407426-1","Id":"LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAENAAAC","MemberUpn":"Member@local","Name":"Calendar"}},"LogonUserSid":"S-1-5-18","OriginatingServer":"DB7PR01MB4428 (15.20.2707.031)\n","RecordType":2,"Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"AllCompany.4529848321.sqtielgo@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26679882","ResultStatus":"Succeeded","LogonType":1,"ExternalAccess":true,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T08:53:22","Id":"25ccad93-82ad-4742-5231-08d7b386d7e6","UserType":2} +{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"778e6fd9-b5d5-4431-a10f-245bde6e0cb8","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"ModifyFolderPermissions","ClientIPAddress":"::1","Item":{"Id":"LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAENAAAC","ParentFolder":{"Path":"\\Calendar","MemberRights":"ReadAny, Create, EditOwned, DeleteOwned, EditAny, DeleteAny, Visible, FreeBusySimple, FreeBusyDetailed","MemberSid":"S-1-8-2005823449-1144108501-1529089953-3087822558-0","MemberUpn":"Owner@local","Id":"LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAENAAAC","Name":"Calendar"}},"LogonUserSid":"S-1-5-18","OriginatingServer":"DB3PR0102MB3500 (15.20.2729.032)\n","RecordType":2,"Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"AllCompany.4529848321.eqpfynvc@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26679883","ResultStatus":"Succeeded","LogonType":1,"ExternalAccess":true,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T08:53:41","Id":"edb9bb1f-9629-43a1-0a57-08d7b386e31c","UserType":2} +{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"26286ffa-073d-45ff-9fe9-539891984d69","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"ModifyFolderPermissions","ClientIPAddress":"::1","Item":{"Id":"LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAENAAAC","ParentFolder":{"Path":"\\Calendar","MemberRights":"ReadAny, Create, EditOwned, DeleteOwned, EditAny, DeleteAny, Visible, FreeBusySimple, FreeBusyDetailed","MemberSid":"S-1-8-640184314-1174341437-2555636127-1766693009-1","MemberUpn":"Member@local","Id":"LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAENAAAC","Name":"Calendar"}},"LogonUserSid":"S-1-5-18","OriginatingServer":"AM6PR01MB4535 (15.20.2729.032)\n","RecordType":2,"Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"SIEMTest@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26680073","ResultStatus":"Succeeded","LogonType":1,"ExternalAccess":true,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T17:12:03","Id":"df63d186-b4d9-49a8-748c-08d7b3cc81fb","UserType":2} +{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"26286ffa-073d-45ff-9fe9-539891984d69","Operation":"ModifyFolderPermissions","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","ClientIPAddress":"::1","Item":{"Id":"LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAENAAAC","ParentFolder":{"Path":"\\Calendar","MemberRights":"ReadAny, Create, EditOwned, DeleteOwned, EditAny, DeleteAny, Visible, FreeBusySimple, FreeBusyDetailed","MemberSid":"S-1-8-640184314-1174341437-2555636127-1766693009-0","Id":"LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAENAAAC","MemberUpn":"Owner@local","Name":"Calendar"}},"LogonUserSid":"S-1-5-18","OriginatingServer":"AM6PR01MB4535 (15.20.2729.032)\n","RecordType":2,"Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"SIEMTest@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26680073","ResultStatus":"Succeeded","ExternalAccess":true,"LogonType":1,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T17:12:03","Id":"284dfe85-ab53-48ad-0863-08d7b3cc81f7","UserType":2} diff --git a/filebeat/module/o365/audit/test/02-exchange-item.log-expected.json b/filebeat/module/o365/audit/test/02-exchange-item.log-expected.json new file mode 100644 index 00000000000..525e9dcf362 --- /dev/null +++ b/filebeat/module/o365/audit/test/02-exchange-item.log-expected.json @@ -0,0 +1,533 @@ +[ + { + "@timestamp": "2020-02-17T17:12:03.000Z", + "client.address": "::1", + "client.ip": "::1", + "event.action": "Create", + "event.category": "web", + "event.code": "ExchangeItem", + "event.dataset": "o365.audit", + "event.id": "3be78a31-dbd3-4c2c-eaf9-08d7b3cc8226", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 0, + "network.type": "ipv6", + "o365.audit.ClientIP": "::1", + "o365.audit.ClientIPAddress": "::1", + "o365.audit.ClientInfoString": "Client=WebServices;Action=ConfigureGroupMailbox", + "o365.audit.CreationTime": "2020-02-17T17:12:03", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "3be78a31-dbd3-4c2c-eaf9-08d7b3cc8226", + "o365.audit.InternalLogonType": 1, + "o365.audit.Item.Attachments": "warming_email_03_2017_calendar.png (599b); warming_email_03_2017_conversation.png (614b); warming_email_03_2017_links.png (1403b); google_play_store_badge.png (4824b); apple_store_badge.png (4446b); windows_store_badge.png (3681b); warming_email_03_2017_files.png (809b); warming_email_03_2017_sharePoint.png (1432b)", + "o365.audit.Item.Id": "RgAAAACklF6sEsJgSK/ulVd531/WBwCzgXIUnq3lQqXFeCmxHwmHAAAAAAEMAACzgXIUnq3lQqXFeCmxHwmHAAAAABULAAAJ", + "o365.audit.Item.InternetMessageId": "", + "o365.audit.Item.IsRecord": false, + "o365.audit.Item.ParentFolder.Id": "LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAEMAAAB", + "o365.audit.Item.ParentFolder.Path": "\\Inbox", + "o365.audit.Item.Subject": "The new SIEMTest group is ready", + "o365.audit.LogonType": 1, + "o365.audit.LogonUserSid": "S-1-5-18", + "o365.audit.MailboxGuid": "26286ffa-073d-45ff-9fe9-539891984d69", + "o365.audit.MailboxOwnerMasterAccountSid": "S-1-5-10", + "o365.audit.MailboxOwnerSid": "S-1-5-21-3422892061-1135328251-2670905592-26680073", + "o365.audit.MailboxOwnerUPN": "SIEMTest@testsiem.onmicrosoft.com", + "o365.audit.Operation": "Create", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "AM6PR01MB4535 (15.20.2729.032)\n", + "o365.audit.RecordType": 2, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.UserId": "S-1-5-18", + "o365.audit.UserKey": "S-1-5-18", + "o365.audit.UserType": 2, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "related.ip": "::1", + "server.address": "AM6PR01MB4535 (15.20.2729.032)\n", + "service.type": "o365", + "source.ip": "::1", + "user.email": "SIEMTest@testsiem.onmicrosoft.com", + "user.id": "S-1-5-18" + }, + { + "@timestamp": "2020-02-17T08:53:46.000Z", + "client.address": "::1", + "client.ip": "::1", + "event.action": "Create", + "event.category": "web", + "event.code": "ExchangeItem", + "event.dataset": "o365.audit", + "event.id": "c0790552-9989-4e91-cba4-08d7b386e642", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 1526, + "network.type": "ipv6", + "o365.audit.ClientIP": "::1", + "o365.audit.ClientIPAddress": "::1", + "o365.audit.ClientInfoString": "Client=WebServices;Action=ConfigureGroupMailbox", + "o365.audit.CreationTime": "2020-02-17T08:53:46", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "c0790552-9989-4e91-cba4-08d7b386e642", + "o365.audit.InternalLogonType": 1, + "o365.audit.Item.Attachments": "warming_email_03_2017_calendar.png (598b); warming_email_03_2017_conversation.png (613b); warming_email_03_2017_links.png (1402b); google_play_store_badge.png (4823b); apple_store_badge.png (4445b); windows_store_badge.png (3680b); warming_email_03_2017_files.png (808b); warming_email_03_2017_sharePoint.png (1431b)", + "o365.audit.Item.Id": "RgAAAABQ7FIOAzxlR4hKCRQRbTbvBwBTdQb34omtRrZGvP+4ONQkAAAAAAEMAABTdQb34omtRrZGvP+4ONQkAAAAAA0lAAAJ", + "o365.audit.Item.InternetMessageId": "", + "o365.audit.Item.IsRecord": false, + "o365.audit.Item.ParentFolder.Id": "LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAEMAAAB", + "o365.audit.Item.ParentFolder.Path": "\\Inbox", + "o365.audit.Item.Subject": "The new All Company group is ready", + "o365.audit.LogonType": 1, + "o365.audit.LogonUserSid": "S-1-5-18", + "o365.audit.MailboxGuid": "778e6fd9-b5d5-4431-a10f-245bde6e0cb8", + "o365.audit.MailboxOwnerMasterAccountSid": "S-1-5-10", + "o365.audit.MailboxOwnerSid": "S-1-5-21-3422892061-1135328251-2670905592-26679883", + "o365.audit.MailboxOwnerUPN": "AllCompany.4529848321.eqpfynvc@testsiem.onmicrosoft.com", + "o365.audit.Operation": "Create", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "DB3PR0102MB3500 (15.20.2729.032)\n", + "o365.audit.RecordType": 2, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.UserId": "S-1-5-18", + "o365.audit.UserKey": "S-1-5-18", + "o365.audit.UserType": 2, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "related.ip": "::1", + "server.address": "DB3PR0102MB3500 (15.20.2729.032)\n", + "service.type": "o365", + "source.ip": "::1", + "user.email": "AllCompany.4529848321.eqpfynvc@testsiem.onmicrosoft.com", + "user.id": "S-1-5-18" + }, + { + "@timestamp": "2020-02-17T08:53:31.000Z", + "client.address": "::1", + "client.ip": "::1", + "event.action": "Create", + "event.category": "web", + "event.code": "ExchangeItem", + "event.dataset": "o365.audit", + "event.id": "c6b58ed7-a54a-47cf-a301-08d7b386dd7c", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 3083, + "network.type": "ipv6", + "o365.audit.ClientIP": "::1", + "o365.audit.ClientIPAddress": "::1", + "o365.audit.ClientInfoString": "Client=WebServices;Action=ConfigureGroupMailbox", + "o365.audit.CreationTime": "2020-02-17T08:53:31", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "c6b58ed7-a54a-47cf-a301-08d7b386dd7c", + "o365.audit.InternalLogonType": 1, + "o365.audit.Item.Attachments": "warming_email_03_2017_calendar.png (598b); warming_email_03_2017_conversation.png (613b); warming_email_03_2017_links.png (1402b); google_play_store_badge.png (4823b); apple_store_badge.png (4445b); windows_store_badge.png (3680b); warming_email_03_2017_files.png (808b); warming_email_03_2017_sharePoint.png (1431b)", + "o365.audit.Item.Id": "RgAAAABkkJvTy6NaRYV8EL+vMtzZBwAk6unHVumCRJNhRrAMRwYLAAAAAAEMAAAk6unHVumCRJNhRrAMRwYLAAAAAAk9AAAJ", + "o365.audit.Item.InternetMessageId": "", + "o365.audit.Item.IsRecord": false, + "o365.audit.Item.ParentFolder.Id": "LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAEMAAAB", + "o365.audit.Item.ParentFolder.Path": "\\Inbox", + "o365.audit.Item.Subject": "The new All Company group is ready", + "o365.audit.LogonType": 1, + "o365.audit.LogonUserSid": "S-1-5-18", + "o365.audit.MailboxGuid": "685170f5-2238-470d-824b-239a02afafbd", + "o365.audit.MailboxOwnerMasterAccountSid": "S-1-5-10", + "o365.audit.MailboxOwnerSid": "S-1-5-21-3422892061-1135328251-2670905592-26679882", + "o365.audit.MailboxOwnerUPN": "AllCompany.4529848321.sqtielgo@testsiem.onmicrosoft.com", + "o365.audit.Operation": "Create", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "DB7PR01MB4428 (15.20.2707.031)\n", + "o365.audit.RecordType": 2, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.UserId": "S-1-5-18", + "o365.audit.UserKey": "S-1-5-18", + "o365.audit.UserType": 2, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "related.ip": "::1", + "server.address": "DB7PR01MB4428 (15.20.2707.031)\n", + "service.type": "o365", + "source.ip": "::1", + "user.email": "AllCompany.4529848321.sqtielgo@testsiem.onmicrosoft.com", + "user.id": "S-1-5-18" + }, + { + "@timestamp": "2020-02-17T08:53:41.000Z", + "client.address": "::1", + "client.ip": "::1", + "event.action": "ModifyFolderPermissions", + "event.category": "web", + "event.code": "ExchangeItem", + "event.dataset": "o365.audit", + "event.id": "815684be-4e52-4cb2-9242-08d7b386e333", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 4634, + "network.type": "ipv6", + "o365.audit.ClientIP": "::1", + "o365.audit.ClientIPAddress": "::1", + "o365.audit.ClientInfoString": "Client=WebServices;Action=ConfigureGroupMailbox", + "o365.audit.CreationTime": "2020-02-17T08:53:41", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "815684be-4e52-4cb2-9242-08d7b386e333", + "o365.audit.InternalLogonType": 1, + "o365.audit.Item.Id": "LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAENAAAC", + "o365.audit.Item.ParentFolder.Id": "LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAENAAAC", + "o365.audit.Item.ParentFolder.MemberRights": "ReadAny, Visible, FreeBusySimple, FreeBusyDetailed", + "o365.audit.Item.ParentFolder.MemberSid": "S-1-8-2005823449-1144108501-1529089953-3087822558-1", + "o365.audit.Item.ParentFolder.MemberUpn": "Member@local", + "o365.audit.Item.ParentFolder.Name": "Calendar", + "o365.audit.Item.ParentFolder.Path": "\\Calendar", + "o365.audit.LogonType": 1, + "o365.audit.LogonUserSid": "S-1-5-18", + "o365.audit.MailboxGuid": "778e6fd9-b5d5-4431-a10f-245bde6e0cb8", + "o365.audit.MailboxOwnerMasterAccountSid": "S-1-5-10", + "o365.audit.MailboxOwnerSid": "S-1-5-21-3422892061-1135328251-2670905592-26679883", + "o365.audit.MailboxOwnerUPN": "AllCompany.4529848321.eqpfynvc@testsiem.onmicrosoft.com", + "o365.audit.Operation": "ModifyFolderPermissions", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "DB3PR0102MB3500 (15.20.2729.032)", + "o365.audit.RecordType": 2, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.UserId": "S-1-5-18", + "o365.audit.UserKey": "S-1-5-18", + "o365.audit.UserType": 2, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "related.ip": "::1", + "server.address": "DB3PR0102MB3500 (15.20.2729.032)", + "service.type": "o365", + "source.ip": "::1", + "user.email": "AllCompany.4529848321.eqpfynvc@testsiem.onmicrosoft.com", + "user.id": "S-1-5-18" + }, + { + "@timestamp": "2020-02-17T08:53:22.000Z", + "client.address": "::1", + "client.ip": "::1", + "event.action": "ModifyFolderPermissions", + "event.category": "web", + "event.code": "ExchangeItem", + "event.dataset": "o365.audit", + "event.id": "f5b56c26-18aa-4984-822e-08d7b386d7e2", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 5847, + "network.type": "ipv6", + "o365.audit.ClientIP": "::1", + "o365.audit.ClientIPAddress": "::1", + "o365.audit.ClientInfoString": "Client=WebServices;Action=ConfigureGroupMailbox", + "o365.audit.CreationTime": "2020-02-17T08:53:22", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "f5b56c26-18aa-4984-822e-08d7b386d7e2", + "o365.audit.InternalLogonType": 1, + "o365.audit.Item.Id": "LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAENAAAC", + "o365.audit.Item.ParentFolder.Id": "LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAENAAAC", + "o365.audit.Item.ParentFolder.MemberRights": "ReadAny, Create, EditOwned, DeleteOwned, EditAny, DeleteAny, Visible, FreeBusySimple, FreeBusyDetailed", + "o365.audit.Item.ParentFolder.MemberSid": "S-1-8-1750167797-1192043064-2586004354-3182407426-0", + "o365.audit.Item.ParentFolder.MemberUpn": "Owner@local", + "o365.audit.Item.ParentFolder.Name": "Calendar", + "o365.audit.Item.ParentFolder.Path": "\\Calendar", + "o365.audit.LogonType": 1, + "o365.audit.LogonUserSid": "S-1-5-18", + "o365.audit.MailboxGuid": "685170f5-2238-470d-824b-239a02afafbd", + "o365.audit.MailboxOwnerMasterAccountSid": "S-1-5-10", + "o365.audit.MailboxOwnerSid": "S-1-5-21-3422892061-1135328251-2670905592-26679882", + "o365.audit.MailboxOwnerUPN": "AllCompany.4529848321.sqtielgo@testsiem.onmicrosoft.com", + "o365.audit.Operation": "ModifyFolderPermissions", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "DB7PR01MB4428 (15.20.2707.031)\n", + "o365.audit.RecordType": 2, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.UserId": "S-1-5-18", + "o365.audit.UserKey": "S-1-5-18", + "o365.audit.UserType": 2, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "related.ip": "::1", + "server.address": "DB7PR01MB4428 (15.20.2707.031)\n", + "service.type": "o365", + "source.ip": "::1", + "user.email": "AllCompany.4529848321.sqtielgo@testsiem.onmicrosoft.com", + "user.id": "S-1-5-18" + }, + { + "@timestamp": "2020-02-17T08:53:22.000Z", + "client.address": "::1", + "client.ip": "::1", + "event.action": "ModifyFolderPermissions", + "event.category": "web", + "event.code": "ExchangeItem", + "event.dataset": "o365.audit", + "event.id": "25ccad93-82ad-4742-5231-08d7b386d7e6", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 7111, + "network.type": "ipv6", + "o365.audit.ClientIP": "::1", + "o365.audit.ClientIPAddress": "::1", + "o365.audit.ClientInfoString": "Client=WebServices;Action=ConfigureGroupMailbox", + "o365.audit.CreationTime": "2020-02-17T08:53:22", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "25ccad93-82ad-4742-5231-08d7b386d7e6", + "o365.audit.InternalLogonType": 1, + "o365.audit.Item.Id": "LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAENAAAC", + "o365.audit.Item.ParentFolder.Id": "LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAENAAAC", + "o365.audit.Item.ParentFolder.MemberRights": "ReadAny, Visible, FreeBusySimple, FreeBusyDetailed", + "o365.audit.Item.ParentFolder.MemberSid": "S-1-8-1750167797-1192043064-2586004354-3182407426-1", + "o365.audit.Item.ParentFolder.MemberUpn": "Member@local", + "o365.audit.Item.ParentFolder.Name": "Calendar", + "o365.audit.Item.ParentFolder.Path": "\\Calendar", + "o365.audit.LogonType": 1, + "o365.audit.LogonUserSid": "S-1-5-18", + "o365.audit.MailboxGuid": "685170f5-2238-470d-824b-239a02afafbd", + "o365.audit.MailboxOwnerMasterAccountSid": "S-1-5-10", + "o365.audit.MailboxOwnerSid": "S-1-5-21-3422892061-1135328251-2670905592-26679882", + "o365.audit.MailboxOwnerUPN": "AllCompany.4529848321.sqtielgo@testsiem.onmicrosoft.com", + "o365.audit.Operation": "ModifyFolderPermissions", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "DB7PR01MB4428 (15.20.2707.031)\n", + "o365.audit.RecordType": 2, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.UserId": "S-1-5-18", + "o365.audit.UserKey": "S-1-5-18", + "o365.audit.UserType": 2, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "related.ip": "::1", + "server.address": "DB7PR01MB4428 (15.20.2707.031)\n", + "service.type": "o365", + "source.ip": "::1", + "user.email": "AllCompany.4529848321.sqtielgo@testsiem.onmicrosoft.com", + "user.id": "S-1-5-18" + }, + { + "@timestamp": "2020-02-17T08:53:41.000Z", + "client.address": "::1", + "client.ip": "::1", + "event.action": "ModifyFolderPermissions", + "event.category": "web", + "event.code": "ExchangeItem", + "event.dataset": "o365.audit", + "event.id": "edb9bb1f-9629-43a1-0a57-08d7b386e31c", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 8324, + "network.type": "ipv6", + "o365.audit.ClientIP": "::1", + "o365.audit.ClientIPAddress": "::1", + "o365.audit.ClientInfoString": "Client=WebServices;Action=ConfigureGroupMailbox", + "o365.audit.CreationTime": "2020-02-17T08:53:41", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "edb9bb1f-9629-43a1-0a57-08d7b386e31c", + "o365.audit.InternalLogonType": 1, + "o365.audit.Item.Id": "LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAENAAAC", + "o365.audit.Item.ParentFolder.Id": "LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAENAAAC", + "o365.audit.Item.ParentFolder.MemberRights": "ReadAny, Create, EditOwned, DeleteOwned, EditAny, DeleteAny, Visible, FreeBusySimple, FreeBusyDetailed", + "o365.audit.Item.ParentFolder.MemberSid": "S-1-8-2005823449-1144108501-1529089953-3087822558-0", + "o365.audit.Item.ParentFolder.MemberUpn": "Owner@local", + "o365.audit.Item.ParentFolder.Name": "Calendar", + "o365.audit.Item.ParentFolder.Path": "\\Calendar", + "o365.audit.LogonType": 1, + "o365.audit.LogonUserSid": "S-1-5-18", + "o365.audit.MailboxGuid": "778e6fd9-b5d5-4431-a10f-245bde6e0cb8", + "o365.audit.MailboxOwnerMasterAccountSid": "S-1-5-10", + "o365.audit.MailboxOwnerSid": "S-1-5-21-3422892061-1135328251-2670905592-26679883", + "o365.audit.MailboxOwnerUPN": "AllCompany.4529848321.eqpfynvc@testsiem.onmicrosoft.com", + "o365.audit.Operation": "ModifyFolderPermissions", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "DB3PR0102MB3500 (15.20.2729.032)\n", + "o365.audit.RecordType": 2, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.UserId": "S-1-5-18", + "o365.audit.UserKey": "S-1-5-18", + "o365.audit.UserType": 2, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "related.ip": "::1", + "server.address": "DB3PR0102MB3500 (15.20.2729.032)\n", + "service.type": "o365", + "source.ip": "::1", + "user.email": "AllCompany.4529848321.eqpfynvc@testsiem.onmicrosoft.com", + "user.id": "S-1-5-18" + }, + { + "@timestamp": "2020-02-17T17:12:03.000Z", + "client.address": "::1", + "client.ip": "::1", + "event.action": "ModifyFolderPermissions", + "event.category": "web", + "event.code": "ExchangeItem", + "event.dataset": "o365.audit", + "event.id": "df63d186-b4d9-49a8-748c-08d7b3cc81fb", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 9590, + "network.type": "ipv6", + "o365.audit.ClientIP": "::1", + "o365.audit.ClientIPAddress": "::1", + "o365.audit.ClientInfoString": "Client=WebServices;Action=ConfigureGroupMailbox", + "o365.audit.CreationTime": "2020-02-17T17:12:03", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "df63d186-b4d9-49a8-748c-08d7b3cc81fb", + "o365.audit.InternalLogonType": 1, + "o365.audit.Item.Id": "LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAENAAAC", + "o365.audit.Item.ParentFolder.Id": "LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAENAAAC", + "o365.audit.Item.ParentFolder.MemberRights": "ReadAny, Create, EditOwned, DeleteOwned, EditAny, DeleteAny, Visible, FreeBusySimple, FreeBusyDetailed", + "o365.audit.Item.ParentFolder.MemberSid": "S-1-8-640184314-1174341437-2555636127-1766693009-1", + "o365.audit.Item.ParentFolder.MemberUpn": "Member@local", + "o365.audit.Item.ParentFolder.Name": "Calendar", + "o365.audit.Item.ParentFolder.Path": "\\Calendar", + "o365.audit.LogonType": 1, + "o365.audit.LogonUserSid": "S-1-5-18", + "o365.audit.MailboxGuid": "26286ffa-073d-45ff-9fe9-539891984d69", + "o365.audit.MailboxOwnerMasterAccountSid": "S-1-5-10", + "o365.audit.MailboxOwnerSid": "S-1-5-21-3422892061-1135328251-2670905592-26680073", + "o365.audit.MailboxOwnerUPN": "SIEMTest@testsiem.onmicrosoft.com", + "o365.audit.Operation": "ModifyFolderPermissions", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "AM6PR01MB4535 (15.20.2729.032)\n", + "o365.audit.RecordType": 2, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.UserId": "S-1-5-18", + "o365.audit.UserKey": "S-1-5-18", + "o365.audit.UserType": 2, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "related.ip": "::1", + "server.address": "AM6PR01MB4535 (15.20.2729.032)\n", + "service.type": "o365", + "source.ip": "::1", + "user.email": "SIEMTest@testsiem.onmicrosoft.com", + "user.id": "S-1-5-18" + }, + { + "@timestamp": "2020-02-17T17:12:03.000Z", + "client.address": "::1", + "client.ip": "::1", + "event.action": "ModifyFolderPermissions", + "event.category": "web", + "event.code": "ExchangeItem", + "event.dataset": "o365.audit", + "event.id": "284dfe85-ab53-48ad-0863-08d7b3cc81f7", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 10832, + "network.type": "ipv6", + "o365.audit.ClientIP": "::1", + "o365.audit.ClientIPAddress": "::1", + "o365.audit.ClientInfoString": "Client=WebServices;Action=ConfigureGroupMailbox", + "o365.audit.CreationTime": "2020-02-17T17:12:03", + "o365.audit.ExternalAccess": true, + "o365.audit.Id": "284dfe85-ab53-48ad-0863-08d7b3cc81f7", + "o365.audit.InternalLogonType": 1, + "o365.audit.Item.Id": "LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAENAAAC", + "o365.audit.Item.ParentFolder.Id": "LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAENAAAC", + "o365.audit.Item.ParentFolder.MemberRights": "ReadAny, Create, EditOwned, DeleteOwned, EditAny, DeleteAny, Visible, FreeBusySimple, FreeBusyDetailed", + "o365.audit.Item.ParentFolder.MemberSid": "S-1-8-640184314-1174341437-2555636127-1766693009-0", + "o365.audit.Item.ParentFolder.MemberUpn": "Owner@local", + "o365.audit.Item.ParentFolder.Name": "Calendar", + "o365.audit.Item.ParentFolder.Path": "\\Calendar", + "o365.audit.LogonType": 1, + "o365.audit.LogonUserSid": "S-1-5-18", + "o365.audit.MailboxGuid": "26286ffa-073d-45ff-9fe9-539891984d69", + "o365.audit.MailboxOwnerMasterAccountSid": "S-1-5-10", + "o365.audit.MailboxOwnerSid": "S-1-5-21-3422892061-1135328251-2670905592-26680073", + "o365.audit.MailboxOwnerUPN": "SIEMTest@testsiem.onmicrosoft.com", + "o365.audit.Operation": "ModifyFolderPermissions", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.OrganizationName": "testsiem.onmicrosoft.com", + "o365.audit.OriginatingServer": "AM6PR01MB4535 (15.20.2729.032)\n", + "o365.audit.RecordType": 2, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.UserId": "S-1-5-18", + "o365.audit.UserKey": "S-1-5-18", + "o365.audit.UserType": 2, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "organization.name": "testsiem.onmicrosoft.com", + "related.ip": "::1", + "server.address": "AM6PR01MB4535 (15.20.2729.032)\n", + "service.type": "o365", + "source.ip": "::1", + "user.email": "SIEMTest@testsiem.onmicrosoft.com", + "user.id": "S-1-5-18" + } +] \ No newline at end of file diff --git a/filebeat/module/o365/audit/test/04-sharepoint.log b/filebeat/module/o365/audit/test/04-sharepoint.log new file mode 100644 index 00000000000..ff290c1041b --- /dev/null +++ b/filebeat/module/o365/audit/test/04-sharepoint.log @@ -0,0 +1,4 @@ +{"ListItemUniqueId": "59a8433d-9bb8-cfef-6edc-4c0fc8b86875", "ItemType": "Page", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx", "Workload": "OneDrive", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "asr@testsiem.onmicrosoft.com", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", "CustomUniqueId": true, "UserType": 0, "Version": 1, "EventSource": "SharePoint", "CorrelationId": "622b339f-4000-a000-f25f-92b3478c7a25", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "ClientIP": "213.97.47.133", "Operation": "PageViewed", "CreationTime": "2020-02-07T16:43:53", "RecordType": 4} +{"ListItemUniqueId": "59a8433d-9bb8-cfef-6edc-4c0fc8b86875", "ItemType": "Page", "Workload": "OneDrive", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "asr@testsiem.onmicrosoft.com", "CreationTime": "2020-02-07T16:43:53", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "ClientIP": "213.97.47.133", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "UserType": 0, "Version": 1, "EventSource": "SharePoint", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "CustomUniqueId": true, "Operation": "PageViewed", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx", "Id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", "CorrelationId": "622b339f-4000-a000-f25f-92b3478c7a25", "RecordType": 4} +{"UserId": "asr@testsiem.onmicrosoft.com", "ListItemUniqueId": "59a8433d-9bb8-cfef-6edc-4c0fc8b86875", "RecordType": 4, "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx", "Workload": "OneDrive", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "UserType": 0, "CreationTime": "2020-02-07T16:43:53", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "ClientIP": "213.97.47.133", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "Version": 1, "EventSource": "SharePoint", "CustomUniqueId": true, "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "Operation": "PageViewed", "Id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", "CorrelationId": "622b339f-4000-a000-f25f-92b3478c7a25", "ItemType": "Page"} +{"Workload": "OneDrive", "Version": 1, "RecordType": 4, "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "asr@testsiem.onmicrosoft.com", "CreationTime": "2020-02-07T16:43:53", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "UserType": 0, "ListItemUniqueId": "59a8433d-9bb8-cfef-6edc-4c0fc8b86875", "EventSource": "SharePoint", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "CustomUniqueId": true, "ClientIP": "213.97.47.133", "Operation": "PageViewed", "CorrelationId": "622b339f-4000-a000-f25f-92b3478c7a25", "ItemType": "Page"} diff --git a/filebeat/module/o365/audit/test/04-sharepoint.log-expected.json b/filebeat/module/o365/audit/test/04-sharepoint.log-expected.json new file mode 100644 index 00000000000..93b5869d874 --- /dev/null +++ b/filebeat/module/o365/audit/test/04-sharepoint.log-expected.json @@ -0,0 +1,258 @@ +[ + { + "@timestamp": "2020-02-07T16:43:53.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "PageViewed", + "event.category": "web", + "event.code": "SharePoint", + "event.dataset": "o365.audit", + "event.id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "OneDrive", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 0, + "network.type": "ipv4", + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CorrelationId": "622b339f-4000-a000-f25f-92b3478c7a25", + "o365.audit.CreationTime": "2020-02-07T16:43:53", + "o365.audit.CustomUniqueId": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", + "o365.audit.ItemType": "Page", + "o365.audit.ListItemUniqueId": "59a8433d-9bb8-cfef-6edc-4c0fc8b86875", + "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx", + "o365.audit.Operation": "PageViewed", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 4, + "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", + "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", + "o365.audit.Workload": "OneDrive", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:43:53.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "PageViewed", + "event.category": "web", + "event.code": "SharePoint", + "event.dataset": "o365.audit", + "event.id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "OneDrive", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 870, + "network.type": "ipv4", + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CorrelationId": "622b339f-4000-a000-f25f-92b3478c7a25", + "o365.audit.CreationTime": "2020-02-07T16:43:53", + "o365.audit.CustomUniqueId": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", + "o365.audit.ItemType": "Page", + "o365.audit.ListItemUniqueId": "59a8433d-9bb8-cfef-6edc-4c0fc8b86875", + "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx", + "o365.audit.Operation": "PageViewed", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 4, + "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", + "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", + "o365.audit.Workload": "OneDrive", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:43:53.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "PageViewed", + "event.category": "web", + "event.code": "SharePoint", + "event.dataset": "o365.audit", + "event.id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "OneDrive", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 1740, + "network.type": "ipv4", + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CorrelationId": "622b339f-4000-a000-f25f-92b3478c7a25", + "o365.audit.CreationTime": "2020-02-07T16:43:53", + "o365.audit.CustomUniqueId": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", + "o365.audit.ItemType": "Page", + "o365.audit.ListItemUniqueId": "59a8433d-9bb8-cfef-6edc-4c0fc8b86875", + "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx", + "o365.audit.Operation": "PageViewed", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 4, + "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", + "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", + "o365.audit.Workload": "OneDrive", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:43:53.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "PageViewed", + "event.category": "web", + "event.code": "SharePoint", + "event.dataset": "o365.audit", + "event.id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "OneDrive", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 2610, + "network.type": "ipv4", + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CorrelationId": "622b339f-4000-a000-f25f-92b3478c7a25", + "o365.audit.CreationTime": "2020-02-07T16:43:53", + "o365.audit.CustomUniqueId": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", + "o365.audit.ItemType": "Page", + "o365.audit.ListItemUniqueId": "59a8433d-9bb8-cfef-6edc-4c0fc8b86875", + "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx", + "o365.audit.Operation": "PageViewed", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 4, + "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", + "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", + "o365.audit.Workload": "OneDrive", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + } +] \ No newline at end of file diff --git a/filebeat/module/o365/audit/test/06-sharepointfileop.log b/filebeat/module/o365/audit/test/06-sharepointfileop.log new file mode 100644 index 00000000000..bc5573e588d --- /dev/null +++ b/filebeat/module/o365/audit/test/06-sharepointfileop.log @@ -0,0 +1,11 @@ +{"SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:07", "ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", "SourceRelativeUrl": "Documents", "RecordType": 6, "UserId": "asr@testsiem.onmicrosoft.com", "SourceFileExtension": "png", "UserType": 0, "EventSource": "SharePoint", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "ClientIP": "213.97.47.133", "CorrelationId": "652b339f-908c-a000-f25f-91423da7dd9b", "Workload": "OneDrive", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "SourceFileName": "Screenshot 2020-01-27 at 11.30.48.png", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "ItemType": "File", "ListItemUniqueId": "4803608a-df7d-4f63-aa73-67aa33bb576e", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Version": 1, "Operation": "FileDeleted", "Id": "ec04aa09-0a43-4879-cdc8-08d7abecf327"} +{"SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:07", "ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", "Version": 1, "SourceRelativeUrl": "Documents", "ItemType": "File", "UserId": "asr@testsiem.onmicrosoft.com", "SourceFileExtension": "png", "UserType": 0, "EventSource": "SharePoint", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "ClientIP": "213.97.47.133", "CorrelationId": "652b339f-908c-a000-f25f-91423da7dd9b", "Workload": "OneDrive", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "SourceFileName": "Screenshot 2020-01-27 at 11.30.48.png", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "RecordType": 6, "ListItemUniqueId": "4803608a-df7d-4f63-aa73-67aa33bb576e", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Operation": "FileDeleted", "Id": "ec04aa09-0a43-4879-cdc8-08d7abecf327"} +{"SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:08", "ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", "Version": 1, "SourceRelativeUrl": "Documents/Forms", "ItemType": "File", "UserId": "asr@testsiem.onmicrosoft.com", "SourceFileExtension": "aspx", "UserType": 0, "EventSource": "SharePoint", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "ClientIP": "213.97.47.133", "CorrelationId": "652b339f-90a0-a000-f25f-919afc141eb1", "Workload": "OneDrive", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Forms/All.aspx", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "SourceFileName": "All.aspx", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "RecordType": 6, "ListItemUniqueId": "ff3631c1-6189-45c7-ad45-c15cea9e9255", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Operation": "FileAccessed", "Id": "25b08f04-48ee-4755-ce22-08d7abecf3a9"} +{"SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:08", "ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", "Version": 1, "SourceRelativeUrl": "Documents/Forms", "RecordType": 6, "UserId": "asr@testsiem.onmicrosoft.com", "SourceFileExtension": "aspx", "UserType": 0, "EventSource": "SharePoint", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "ClientIP": "213.97.47.133", "CorrelationId": "652b339f-90a0-a000-f25f-919afc141eb1", "Workload": "OneDrive", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Forms/All.aspx", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "SourceFileName": "All.aspx", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "ItemType": "File", "ListItemUniqueId": "ff3631c1-6189-45c7-ad45-c15cea9e9255", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Operation": "FileAccessed", "Id": "25b08f04-48ee-4755-ce22-08d7abecf3a9"} +{"SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:21", "ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", "Version": 1, "SourceRelativeUrl": "Documents", "ImplicitShare": "No", "RecordType": 6, "UserId": "asr@testsiem.onmicrosoft.com", "SourceFileExtension": "png", "UserType": 0, "EventSource": "SharePoint", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "ClientIP": "213.97.47.133", "CorrelationId": "692b339f-c016-a000-f25f-990a07b2e011", "Workload": "OneDrive", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "SourceFileName": "Screenshot.png", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "ItemType": "File", "ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Operation": "FileUploaded", "Id": "dac93a9f-f2fb-4cac-d18f-08d7abecfbb6"} +{"SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:23", "ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", "Version": 1, "SourceRelativeUrl": "Documents", "RecordType": 6, "UserId": "asr@testsiem.onmicrosoft.com", "SourceFileExtension": "png", "UserType": 0, "EventSource": "SharePoint", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "ClientIP": "213.97.47.133", "CorrelationId": "692b339f-902e-a000-f25f-95def5f17903", "Workload": "OneDrive", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "SourceFileName": "Screenshot.png", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "ItemType": "File", "ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Operation": "FileModified", "Id": "5b02fadb-8eac-4aff-af87-08d7abecfca3"} +{"SourceRelativeUrl": "Documents", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:07", "ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", "Version": 1, "RecordType": 6, "UserId": "asr@testsiem.onmicrosoft.com", "SourceFileExtension": "png", "UserType": 0, "EventSource": "SharePoint", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "ClientIP": "213.97.47.133", "CorrelationId": "652b339f-908c-a000-f25f-91423da7dd9b", "Workload": "OneDrive", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", "SourceFileName": "Screenshot 2020-01-27 at 11.30.48.png", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "ItemType": "File", "ListItemUniqueId": "4803608a-df7d-4f63-aa73-67aa33bb576e", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Operation": "FileDeleted", "Id": "ec04aa09-0a43-4879-cdc8-08d7abecf327"} +{"SourceRelativeUrl": "Documents", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:21", "ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", "Version": 1, "ImplicitShare": "No", "ItemType": "File", "UserId": "asr@testsiem.onmicrosoft.com", "SourceFileExtension": "png", "UserType": 0, "EventSource": "SharePoint", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "ClientIP": "213.97.47.133", "CorrelationId": "692b339f-c016-a000-f25f-990a07b2e011", "Workload": "OneDrive", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", "SourceFileName": "Screenshot.png", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "RecordType": 6, "ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Operation": "FileUploaded", "Id": "dac93a9f-f2fb-4cac-d18f-08d7abecfbb6"} +{"SourceRelativeUrl": "Documents", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:23", "ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", "SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", "ItemType": "File", "UserId": "asr@testsiem.onmicrosoft.com", "SourceFileExtension": "png", "UserType": 0, "EventSource": "SharePoint", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "ClientIP": "213.97.47.133", "CorrelationId": "692b339f-902e-a000-f25f-95def5f17903", "Workload": "OneDrive", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "SourceFileName": "Screenshot.png", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "RecordType": 6, "ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Version": 1, "Operation": "FileModified", "Id": "5b02fadb-8eac-4aff-af87-08d7abecfca3"} +{"SourceRelativeUrl": "Documents", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:23", "ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", "Version": 1, "ItemType": "File", "UserId": "asr@testsiem.onmicrosoft.com", "SourceFileExtension": "png", "UserType": 0, "EventSource": "SharePoint", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "ClientIP": "213.97.47.133", "CorrelationId": "692b339f-902e-a000-f25f-95def5f17903", "Workload": "OneDrive", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", "SourceFileName": "Screenshot.png", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "RecordType": 6, "ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Operation": "FileModified", "Id": "5b02fadb-8eac-4aff-af87-08d7abecfca3"} +{"SourceRelativeUrl": "Documents", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:23", "ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", "Version": 1, "RecordType": 6, "UserId": "asr@testsiem.onmicrosoft.com", "SourceFileExtension": "png", "UserType": 0, "EventSource": "SharePoint", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "ClientIP": "213.97.47.133", "CorrelationId": "692b339f-902e-a000-f25f-95def5f17903", "Workload": "OneDrive", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", "SourceFileName": "Screenshot.png", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "ItemType": "File", "ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Operation": "FileModified", "Id": "5b02fadb-8eac-4aff-af87-08d7abecfca3"} diff --git a/filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json b/filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json new file mode 100644 index 00000000000..feaff17cf4c --- /dev/null +++ b/filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json @@ -0,0 +1,796 @@ +[ + { + "@timestamp": "2020-02-07T16:44:07.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "FileDeleted", + "event.category": "file", + "event.code": "SharePointFileOperation", + "event.dataset": "o365.audit", + "event.id": "ec04aa09-0a43-4879-cdc8-08d7abecf327", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "OneDrive", + "event.type": "deletion", + "file.directory": "Documents", + "file.extension": "png", + "file.name": "Screenshot 2020-01-27 at 11.30.48.png", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 0, + "network.type": "ipv4", + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CorrelationId": "652b339f-908c-a000-f25f-91423da7dd9b", + "o365.audit.CreationTime": "2020-02-07T16:44:07", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "ec04aa09-0a43-4879-cdc8-08d7abecf327", + "o365.audit.ItemType": "File", + "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", + "o365.audit.ListItemUniqueId": "4803608a-df7d-4f63-aa73-67aa33bb576e", + "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png", + "o365.audit.Operation": "FileDeleted", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 6, + "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", + "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", + "o365.audit.SourceFileExtension": "png", + "o365.audit.SourceFileName": "Screenshot 2020-01-27 at 11.30.48.png", + "o365.audit.SourceRelativeUrl": "Documents", + "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", + "o365.audit.Workload": "OneDrive", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "url.original": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:44:07.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "FileDeleted", + "event.category": "file", + "event.code": "SharePointFileOperation", + "event.dataset": "o365.audit", + "event.id": "ec04aa09-0a43-4879-cdc8-08d7abecf327", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "OneDrive", + "event.type": "deletion", + "file.directory": "Documents", + "file.extension": "png", + "file.name": "Screenshot 2020-01-27 at 11.30.48.png", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 1130, + "network.type": "ipv4", + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CorrelationId": "652b339f-908c-a000-f25f-91423da7dd9b", + "o365.audit.CreationTime": "2020-02-07T16:44:07", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "ec04aa09-0a43-4879-cdc8-08d7abecf327", + "o365.audit.ItemType": "File", + "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", + "o365.audit.ListItemUniqueId": "4803608a-df7d-4f63-aa73-67aa33bb576e", + "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png", + "o365.audit.Operation": "FileDeleted", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 6, + "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", + "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", + "o365.audit.SourceFileExtension": "png", + "o365.audit.SourceFileName": "Screenshot 2020-01-27 at 11.30.48.png", + "o365.audit.SourceRelativeUrl": "Documents", + "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", + "o365.audit.Workload": "OneDrive", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "url.original": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:44:08.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "FileAccessed", + "event.category": "file", + "event.code": "SharePointFileOperation", + "event.dataset": "o365.audit", + "event.id": "25b08f04-48ee-4755-ce22-08d7abecf3a9", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "OneDrive", + "event.type": "access", + "file.directory": "Documents/Forms", + "file.extension": "aspx", + "file.name": "All.aspx", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 2260, + "network.type": "ipv4", + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CorrelationId": "652b339f-90a0-a000-f25f-919afc141eb1", + "o365.audit.CreationTime": "2020-02-07T16:44:08", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "25b08f04-48ee-4755-ce22-08d7abecf3a9", + "o365.audit.ItemType": "File", + "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", + "o365.audit.ListItemUniqueId": "ff3631c1-6189-45c7-ad45-c15cea9e9255", + "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Forms/All.aspx", + "o365.audit.Operation": "FileAccessed", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 6, + "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", + "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", + "o365.audit.SourceFileExtension": "aspx", + "o365.audit.SourceFileName": "All.aspx", + "o365.audit.SourceRelativeUrl": "Documents/Forms", + "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", + "o365.audit.Workload": "OneDrive", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "url.original": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Forms/All.aspx", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:44:08.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "FileAccessed", + "event.category": "file", + "event.code": "SharePointFileOperation", + "event.dataset": "o365.audit", + "event.id": "25b08f04-48ee-4755-ce22-08d7abecf3a9", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "OneDrive", + "event.type": "access", + "file.directory": "Documents/Forms", + "file.extension": "aspx", + "file.name": "All.aspx", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 3346, + "network.type": "ipv4", + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CorrelationId": "652b339f-90a0-a000-f25f-919afc141eb1", + "o365.audit.CreationTime": "2020-02-07T16:44:08", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "25b08f04-48ee-4755-ce22-08d7abecf3a9", + "o365.audit.ItemType": "File", + "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", + "o365.audit.ListItemUniqueId": "ff3631c1-6189-45c7-ad45-c15cea9e9255", + "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Forms/All.aspx", + "o365.audit.Operation": "FileAccessed", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 6, + "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", + "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", + "o365.audit.SourceFileExtension": "aspx", + "o365.audit.SourceFileName": "All.aspx", + "o365.audit.SourceRelativeUrl": "Documents/Forms", + "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", + "o365.audit.Workload": "OneDrive", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "url.original": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Forms/All.aspx", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:44:21.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "FileUploaded", + "event.category": "file", + "event.code": "SharePointFileOperation", + "event.dataset": "o365.audit", + "event.id": "dac93a9f-f2fb-4cac-d18f-08d7abecfbb6", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "OneDrive", + "event.type": "creation", + "file.directory": "Documents", + "file.extension": "png", + "file.name": "Screenshot.png", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 4432, + "network.type": "ipv4", + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CorrelationId": "692b339f-c016-a000-f25f-990a07b2e011", + "o365.audit.CreationTime": "2020-02-07T16:44:21", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "dac93a9f-f2fb-4cac-d18f-08d7abecfbb6", + "o365.audit.ImplicitShare": "No", + "o365.audit.ItemType": "File", + "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", + "o365.audit.ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8", + "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", + "o365.audit.Operation": "FileUploaded", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 6, + "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", + "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", + "o365.audit.SourceFileExtension": "png", + "o365.audit.SourceFileName": "Screenshot.png", + "o365.audit.SourceRelativeUrl": "Documents", + "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", + "o365.audit.Workload": "OneDrive", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "url.original": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:44:23.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "FileModified", + "event.category": "file", + "event.code": "SharePointFileOperation", + "event.dataset": "o365.audit", + "event.id": "5b02fadb-8eac-4aff-af87-08d7abecfca3", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "OneDrive", + "event.type": "change", + "file.directory": "Documents", + "file.extension": "png", + "file.name": "Screenshot.png", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 5540, + "network.type": "ipv4", + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CorrelationId": "692b339f-902e-a000-f25f-95def5f17903", + "o365.audit.CreationTime": "2020-02-07T16:44:23", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "5b02fadb-8eac-4aff-af87-08d7abecfca3", + "o365.audit.ItemType": "File", + "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", + "o365.audit.ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8", + "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", + "o365.audit.Operation": "FileModified", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 6, + "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", + "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", + "o365.audit.SourceFileExtension": "png", + "o365.audit.SourceFileName": "Screenshot.png", + "o365.audit.SourceRelativeUrl": "Documents", + "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", + "o365.audit.Workload": "OneDrive", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "url.original": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:44:07.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "FileDeleted", + "event.category": "file", + "event.code": "SharePointFileOperation", + "event.dataset": "o365.audit", + "event.id": "ec04aa09-0a43-4879-cdc8-08d7abecf327", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "OneDrive", + "event.type": "deletion", + "file.directory": "Documents", + "file.extension": "png", + "file.name": "Screenshot 2020-01-27 at 11.30.48.png", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 6625, + "network.type": "ipv4", + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CorrelationId": "652b339f-908c-a000-f25f-91423da7dd9b", + "o365.audit.CreationTime": "2020-02-07T16:44:07", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "ec04aa09-0a43-4879-cdc8-08d7abecf327", + "o365.audit.ItemType": "File", + "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", + "o365.audit.ListItemUniqueId": "4803608a-df7d-4f63-aa73-67aa33bb576e", + "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png", + "o365.audit.Operation": "FileDeleted", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 6, + "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", + "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", + "o365.audit.SourceFileExtension": "png", + "o365.audit.SourceFileName": "Screenshot 2020-01-27 at 11.30.48.png", + "o365.audit.SourceRelativeUrl": "Documents", + "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", + "o365.audit.Workload": "OneDrive", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "url.original": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:44:21.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "FileUploaded", + "event.category": "file", + "event.code": "SharePointFileOperation", + "event.dataset": "o365.audit", + "event.id": "dac93a9f-f2fb-4cac-d18f-08d7abecfbb6", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "OneDrive", + "event.type": "creation", + "file.directory": "Documents", + "file.extension": "png", + "file.name": "Screenshot.png", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 7755, + "network.type": "ipv4", + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CorrelationId": "692b339f-c016-a000-f25f-990a07b2e011", + "o365.audit.CreationTime": "2020-02-07T16:44:21", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "dac93a9f-f2fb-4cac-d18f-08d7abecfbb6", + "o365.audit.ImplicitShare": "No", + "o365.audit.ItemType": "File", + "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", + "o365.audit.ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8", + "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", + "o365.audit.Operation": "FileUploaded", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 6, + "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", + "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", + "o365.audit.SourceFileExtension": "png", + "o365.audit.SourceFileName": "Screenshot.png", + "o365.audit.SourceRelativeUrl": "Documents", + "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", + "o365.audit.Workload": "OneDrive", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "url.original": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:44:23.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "FileModified", + "event.category": "file", + "event.code": "SharePointFileOperation", + "event.dataset": "o365.audit", + "event.id": "5b02fadb-8eac-4aff-af87-08d7abecfca3", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "OneDrive", + "event.type": "change", + "file.directory": "Documents", + "file.extension": "png", + "file.name": "Screenshot.png", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 8863, + "network.type": "ipv4", + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CorrelationId": "692b339f-902e-a000-f25f-95def5f17903", + "o365.audit.CreationTime": "2020-02-07T16:44:23", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "5b02fadb-8eac-4aff-af87-08d7abecfca3", + "o365.audit.ItemType": "File", + "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", + "o365.audit.ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8", + "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", + "o365.audit.Operation": "FileModified", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 6, + "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", + "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", + "o365.audit.SourceFileExtension": "png", + "o365.audit.SourceFileName": "Screenshot.png", + "o365.audit.SourceRelativeUrl": "Documents", + "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", + "o365.audit.Workload": "OneDrive", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "url.original": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:44:23.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "FileModified", + "event.category": "file", + "event.code": "SharePointFileOperation", + "event.dataset": "o365.audit", + "event.id": "5b02fadb-8eac-4aff-af87-08d7abecfca3", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "OneDrive", + "event.type": "change", + "file.directory": "Documents", + "file.extension": "png", + "file.name": "Screenshot.png", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 9948, + "network.type": "ipv4", + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CorrelationId": "692b339f-902e-a000-f25f-95def5f17903", + "o365.audit.CreationTime": "2020-02-07T16:44:23", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "5b02fadb-8eac-4aff-af87-08d7abecfca3", + "o365.audit.ItemType": "File", + "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", + "o365.audit.ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8", + "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", + "o365.audit.Operation": "FileModified", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 6, + "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", + "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", + "o365.audit.SourceFileExtension": "png", + "o365.audit.SourceFileName": "Screenshot.png", + "o365.audit.SourceRelativeUrl": "Documents", + "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", + "o365.audit.Workload": "OneDrive", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "url.original": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:44:23.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "FileModified", + "event.category": "file", + "event.code": "SharePointFileOperation", + "event.dataset": "o365.audit", + "event.id": "5b02fadb-8eac-4aff-af87-08d7abecfca3", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "OneDrive", + "event.type": "change", + "file.directory": "Documents", + "file.extension": "png", + "file.name": "Screenshot.png", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 11033, + "network.type": "ipv4", + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CorrelationId": "692b339f-902e-a000-f25f-95def5f17903", + "o365.audit.CreationTime": "2020-02-07T16:44:23", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "5b02fadb-8eac-4aff-af87-08d7abecfca3", + "o365.audit.ItemType": "File", + "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", + "o365.audit.ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8", + "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", + "o365.audit.Operation": "FileModified", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 6, + "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", + "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", + "o365.audit.SourceFileExtension": "png", + "o365.audit.SourceFileName": "Screenshot.png", + "o365.audit.SourceRelativeUrl": "Documents", + "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", + "o365.audit.Workload": "OneDrive", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "url.original": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + } +] \ No newline at end of file diff --git a/filebeat/module/o365/audit/test/08-azuread.log b/filebeat/module/o365/audit/test/08-azuread.log new file mode 100644 index 00000000000..7f53e3e5cf9 --- /dev/null +++ b/filebeat/module/o365/audit/test/08-azuread.log @@ -0,0 +1,100 @@ +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:33:26", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "RequiredResourceAccess", "OldValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n },\r\n {\r\n \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"594c1fb6-4f81-4475-ae41-0c394909246c\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]", "NewValue": "[\r\n {\r\n \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n },\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "RequiredResourceAccess"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "528b5206-f6de-4c1f-86db-5f750a9960c9"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:33:26.1037807Z"}, {"Name": "env_epoch", "Value": "31CXC"}, {"Name": "env_seqNum", "Value": "38438635"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1_00000000-0000-0000-0000-000000000000_ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR556"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "8f6eb24b-6e61-4ee2-a376-31368c300613"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:33:26", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "RequiredResourceAccess", "OldValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n },\r\n {\r\n \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"594c1fb6-4f81-4475-ae41-0c394909246c\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]", "NewValue": "[\r\n {\r\n \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n },\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]"}, {"NewValue": "RequiredResourceAccess", "OldValue": "", "Name": "Included Updated Properties"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "528b5206-f6de-4c1f-86db-5f750a9960c9"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:33:26.1037807Z"}, {"Name": "env_epoch", "Value": "31CXC"}, {"Name": "env_seqNum", "Value": "38438635"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1_00000000-0000-0000-0000-000000000000_ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR556"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "8f6eb24b-6e61-4ee2-a376-31368c300613"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:33:26", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem"}], "ObjectId": "Not Available", "ModifiedProperties": [{"NewValue": "[\r\n {\r\n \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n },\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]", "OldValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n },\r\n {\r\n \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"594c1fb6-4f81-4475-ae41-0c394909246c\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]", "Name": "RequiredResourceAccess"}, {"NewValue": "RequiredResourceAccess", "OldValue": "", "Name": "Included Updated Properties"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "528b5206-f6de-4c1f-86db-5f750a9960c9"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:33:26.1037807Z"}, {"Name": "env_epoch", "Value": "31CXC"}, {"Name": "env_seqNum", "Value": "38438635"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1_00000000-0000-0000-0000-000000000000_ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR556"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "8f6eb24b-6e61-4ee2-a376-31368c300613"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:33:26", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem"}, {"Type": 2, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Type": 4, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", "ModifiedProperties": [{"Name": "Included Updated Properties", "OldValue": "", "NewValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "528b5206-f6de-4c1f-86db-5f750a9960c9"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:33:26.1638042Z"}, {"Name": "env_epoch", "Value": "31CXC"}, {"Name": "env_seqNum", "Value": "38438642"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1_00000000-0000-0000-0000-000000000000_ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR556"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update service principal.", "Id": "b2cc2456-5ac5-4399-b960-82a40036476f"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:33:26", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem"}, {"Type": 2, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Type": 4, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", "ModifiedProperties": [{"Name": "Included Updated Properties", "OldValue": "", "NewValue": ""}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "528b5206-f6de-4c1f-86db-5f750a9960c9"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:33:26.1638042Z"}, {"Name": "env_epoch", "Value": "31CXC"}, {"Name": "env_seqNum", "Value": "38438642"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1_00000000-0000-0000-0000-000000000000_ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR556"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update service principal.", "Id": "b2cc2456-5ac5-4399-b960-82a40036476f"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "ac045271-8d7f-49b2-abc9-5130051d879f"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:06.3062012Z"}, {"Name": "env_epoch", "Value": "31CXC"}, {"Name": "env_seqNum", "Value": "38464425"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##2b06f483-d288-458d-b40b-af7ad69a2407_00000000-0000-0000-0000-000000000000_2b06f483-d288-458d-b40b-af7ad69a2407"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR556"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "7f09b681-251f-4ff0-97cf-5247891b6981"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "ac045271-8d7f-49b2-abc9-5130051d879f"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:06.3062012Z"}, {"Name": "env_epoch", "Value": "31CXC"}, {"Name": "env_seqNum", "Value": "38464434"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##2b06f483-d288-458d-b40b-af7ad69a2407_00000000-0000-0000-0000-000000000000_2b06f483-d288-458d-b40b-af7ad69a2407"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR556"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "d8a2ae24-a752-4f8e-adca-c57189a76a71"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "ac045271-8d7f-49b2-abc9-5130051d879f"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:06.3062012Z"}, {"Name": "env_epoch", "Value": "31CXC"}, {"Name": "env_seqNum", "Value": "38464425"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##2b06f483-d288-458d-b40b-af7ad69a2407_00000000-0000-0000-0000-000000000000_2b06f483-d288-458d-b40b-af7ad69a2407"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR556"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "7f09b681-251f-4ff0-97cf-5247891b6981"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"NewValue": "siem", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "ac045271-8d7f-49b2-abc9-5130051d879f"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:06.3062012Z"}, {"Name": "env_epoch", "Value": "31CXC"}, {"Name": "env_seqNum", "Value": "38464434"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##2b06f483-d288-458d-b40b-af7ad69a2407_00000000-0000-0000-0000-000000000000_2b06f483-d288-458d-b40b-af7ad69a2407"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR556"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "d8a2ae24-a752-4f8e-adca-c57189a76a71"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", "OldValue": "", "Name": "ServicePrincipal.ObjectID"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "ac045271-8d7f-49b2-abc9-5130051d879f"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:06.3062012Z"}, {"Name": "env_epoch", "Value": "31CXC"}, {"Name": "env_seqNum", "Value": "38464425"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##2b06f483-d288-458d-b40b-af7ad69a2407_00000000-0000-0000-0000-000000000000_2b06f483-d288-458d-b40b-af7ad69a2407"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR556"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "7f09b681-251f-4ff0-97cf-5247891b6981"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:47", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "d37460cd-3d19-4ae9-9515-015f27036e74"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:47.4999796Z"}, {"Name": "env_epoch", "Value": "FYE60"}, {"Name": "env_seqNum", "Value": "51372061"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "02868191-019a-453a-a3a9-a21f44898778"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:47", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "d37460cd-3d19-4ae9-9515-015f27036e74"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:47.4999796Z"}, {"Name": "env_epoch", "Value": "FYE60"}, {"Name": "env_seqNum", "Value": "51372061"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "02868191-019a-453a-a3a9-a21f44898778"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:47", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"NewValue": "siem", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "d37460cd-3d19-4ae9-9515-015f27036e74"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:47.4999796Z"}, {"Name": "env_epoch", "Value": "FYE60"}, {"Name": "env_seqNum", "Value": "51372052"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:47", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"NewValue": "siem", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "d37460cd-3d19-4ae9-9515-015f27036e74"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:47.4999796Z"}, {"Name": "env_epoch", "Value": "FYE60"}, {"Name": "env_seqNum", "Value": "51372061"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "02868191-019a-453a-a3a9-a21f44898778"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:47", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"NewValue": "siem", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "ServicePrincipal.AppId"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "d37460cd-3d19-4ae9-9515-015f27036e74"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:47.4999796Z"}, {"Name": "env_epoch", "Value": "FYE60"}, {"Name": "env_seqNum", "Value": "51372052"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:47", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"NewValue": "siem", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "ServicePrincipal.AppId"}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "ServicePrincipal.Name"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "d37460cd-3d19-4ae9-9515-015f27036e74"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:47.4999796Z"}, {"Name": "env_epoch", "Value": "FYE60"}, {"Name": "env_seqNum", "Value": "51372052"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:47", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", "OldValue": "", "Name": "ServicePrincipal.ObjectID"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "d37460cd-3d19-4ae9-9515-015f27036e74"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:47.4999796Z"}, {"Name": "env_epoch", "Value": "FYE60"}, {"Name": "env_seqNum", "Value": "51372061"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "02868191-019a-453a-a3a9-a21f44898778"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:47", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", "OldValue": "", "Name": "ServicePrincipal.ObjectID"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "ServicePrincipal.Name"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "d37460cd-3d19-4ae9-9515-015f27036e74"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:47.4999796Z"}, {"Name": "env_epoch", "Value": "FYE60"}, {"Name": "env_seqNum", "Value": "51372052"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:52", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "RequiredResourceAccess", "OldValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n },\r\n {\r\n \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]", "NewValue": "[\r\n {\r\n \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n },\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "RequiredResourceAccess"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "5345f95e-44e0-48fc-823c-8206ff821338"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:52.5873254Z"}, {"Name": "env_epoch", "Value": "FQXLK"}, {"Name": "env_seqNum", "Value": "42492828"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##957dae7d-5f0a-4e82-a428-61c0dba2878b_00000000-0000-0000-0000-000000000000_957dae7d-5f0a-4e82-a428-61c0dba2878b"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR565"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "fe115c66-3e08-4ab4-8a00-84ae25a59078"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:52", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem"}], "ObjectId": "Not Available", "ModifiedProperties": [{"NewValue": "[\r\n {\r\n \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n },\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]", "OldValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n },\r\n {\r\n \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]", "Name": "RequiredResourceAccess"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "RequiredResourceAccess"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "5345f95e-44e0-48fc-823c-8206ff821338"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:52.5873254Z"}, {"Name": "env_epoch", "Value": "FQXLK"}, {"Name": "env_seqNum", "Value": "42492828"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##957dae7d-5f0a-4e82-a428-61c0dba2878b_00000000-0000-0000-0000-000000000000_957dae7d-5f0a-4e82-a428-61c0dba2878b"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR565"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "fe115c66-3e08-4ab4-8a00-84ae25a59078"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:52", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem"}, {"Type": 2, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Type": 4, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", "ModifiedProperties": [{"Name": "Included Updated Properties", "OldValue": "", "NewValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "5345f95e-44e0-48fc-823c-8206ff821338"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:52.6473040Z"}, {"Name": "env_epoch", "Value": "FQXLK"}, {"Name": "env_seqNum", "Value": "42492835"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##957dae7d-5f0a-4e82-a428-61c0dba2878b_00000000-0000-0000-0000-000000000000_957dae7d-5f0a-4e82-a428-61c0dba2878b"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR565"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update service principal.", "Id": "76f9b173-c35c-4dbb-b5f7-64750ae994ce"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:25:54", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "RequiredResourceAccess", "OldValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n },\r\n {\r\n \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]", "NewValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n },\r\n {\r\n \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"594c1fb6-4f81-4475-ae41-0c394909246c\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "RequiredResourceAccess"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "51e48c97-80b1-42bb-b732-8b578dfac528"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:25:54.7174137Z"}, {"Name": "env_epoch", "Value": "73AB6"}, {"Name": "env_seqNum", "Value": "43793182"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##a3a48e48-9c2c-4655-9862-13069eb7726c_00000000-0000-0000-0000-000000000000_a3a48e48-9c2c-4655-9862-13069eb7726c"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR575"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "d6ad8dba-dd88-499e-a1e1-e649bf8eeb71"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:25:54", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "RequiredResourceAccess", "OldValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n },\r\n {\r\n \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]", "NewValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n },\r\n {\r\n \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"594c1fb6-4f81-4475-ae41-0c394909246c\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]"}, {"NewValue": "RequiredResourceAccess", "OldValue": "", "Name": "Included Updated Properties"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "51e48c97-80b1-42bb-b732-8b578dfac528"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:25:54.7174137Z"}, {"Name": "env_epoch", "Value": "73AB6"}, {"Name": "env_seqNum", "Value": "43793182"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##a3a48e48-9c2c-4655-9862-13069eb7726c_00000000-0000-0000-0000-000000000000_a3a48e48-9c2c-4655-9862-13069eb7726c"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR575"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "d6ad8dba-dd88-499e-a1e1-e649bf8eeb71"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:25:54", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem"}], "ObjectId": "Not Available", "ModifiedProperties": [{"NewValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n },\r\n {\r\n \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"594c1fb6-4f81-4475-ae41-0c394909246c\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]", "OldValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n },\r\n {\r\n \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]", "Name": "RequiredResourceAccess"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "RequiredResourceAccess"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "51e48c97-80b1-42bb-b732-8b578dfac528"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:25:54.7174137Z"}, {"Name": "env_epoch", "Value": "73AB6"}, {"Name": "env_seqNum", "Value": "43793182"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##a3a48e48-9c2c-4655-9862-13069eb7726c_00000000-0000-0000-0000-000000000000_a3a48e48-9c2c-4655-9862-13069eb7726c"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR575"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "d6ad8dba-dd88-499e-a1e1-e649bf8eeb71"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:25:54", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem"}, {"Type": 2, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Type": 4, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", "ModifiedProperties": [{"Name": "Included Updated Properties", "OldValue": "", "NewValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "51e48c97-80b1-42bb-b732-8b578dfac528"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:25:54.7823970Z"}, {"Name": "env_epoch", "Value": "73AB6"}, {"Name": "env_seqNum", "Value": "43793206"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##a3a48e48-9c2c-4655-9862-13069eb7726c_00000000-0000-0000-0000-000000000000_a3a48e48-9c2c-4655-9862-13069eb7726c"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR575"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update service principal.", "Id": "606ae654-e71e-4a6b-a07c-85acd775667b"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:26:05", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "206711cb-0722-49cc-a9ad-af7f34da9452"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:26:05.9242333Z"}, {"Name": "env_epoch", "Value": "0871Y"}, {"Name": "env_seqNum", "Value": "46795815"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR530"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:26:05", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "206711cb-0722-49cc-a9ad-af7f34da9452"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:26:05.9992570Z"}, {"Name": "env_epoch", "Value": "0871Y"}, {"Name": "env_seqNum", "Value": "46795878"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR530"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:26:05", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "206711cb-0722-49cc-a9ad-af7f34da9452"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:26:05.9242333Z"}, {"Name": "env_epoch", "Value": "0871Y"}, {"Name": "env_seqNum", "Value": "46795815"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR530"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:26:05", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "206711cb-0722-49cc-a9ad-af7f34da9452"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:26:05.9992570Z"}, {"Name": "env_epoch", "Value": "0871Y"}, {"Name": "env_seqNum", "Value": "46795878"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR530"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:26:05", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "ServicePrincipal.Name"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "206711cb-0722-49cc-a9ad-af7f34da9452"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:26:05.9242333Z"}, {"Name": "env_epoch", "Value": "0871Y"}, {"Name": "env_seqNum", "Value": "46795815"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR530"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:26:05", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"NewValue": "siem", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "206711cb-0722-49cc-a9ad-af7f34da9452"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:26:05.9992570Z"}, {"Name": "env_epoch", "Value": "0871Y"}, {"Name": "env_seqNum", "Value": "46795878"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR530"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:26:05", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"NewValue": "siem", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "ServicePrincipal.Name"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "206711cb-0722-49cc-a9ad-af7f34da9452"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:26:05.9992570Z"}, {"Name": "env_epoch", "Value": "0871Y"}, {"Name": "env_seqNum", "Value": "46795878"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR530"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:26:05", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", "OldValue": "", "Name": "ServicePrincipal.ObjectID"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "ServicePrincipal.Name"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "206711cb-0722-49cc-a9ad-af7f34da9452"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:26:05.9242333Z"}, {"Name": "env_epoch", "Value": "0871Y"}, {"Name": "env_seqNum", "Value": "46795815"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR530"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:26:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem"}, {"Type": 2, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Type": 4, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", "ModifiedProperties": [{"Name": "ConsentContext.IsAdminConsent", "OldValue": "", "NewValue": "True"}, {"Name": "ConsentContext.IsAppOnly", "OldValue": "", "NewValue": "False"}, {"Name": "ConsentContext.OnBehalfOfAll", "OldValue": "", "NewValue": "True"}, {"Name": "ConsentContext.Tags", "OldValue": "", "NewValue": ""}, {"Name": "ConsentAction.Permissions", "OldValue": "", "NewValue": "[[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]] => [[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; "}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "206711cb-0722-49cc-a9ad-af7f34da9452"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:26:06.0142481Z"}, {"Name": "env_epoch", "Value": "0871Y"}, {"Name": "env_seqNum", "Value": "46795893"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR530"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Consent to application.", "Id": "821dc03c-4e38-4cd1-82b2-3155b41b4418"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:26:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem"}, {"Type": 2, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Type": 4, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", "ModifiedProperties": [{"Name": "ConsentContext.IsAdminConsent", "OldValue": "", "NewValue": "True"}, {"NewValue": "False", "OldValue": "", "Name": "ConsentContext.IsAppOnly"}, {"Name": "ConsentContext.OnBehalfOfAll", "OldValue": "", "NewValue": "True"}, {"Name": "ConsentContext.Tags", "OldValue": "", "NewValue": ""}, {"Name": "ConsentAction.Permissions", "OldValue": "", "NewValue": "[[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]] => [[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; "}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "206711cb-0722-49cc-a9ad-af7f34da9452"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:26:06.0142481Z"}, {"Name": "env_epoch", "Value": "0871Y"}, {"Name": "env_seqNum", "Value": "46795893"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR530"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Consent to application.", "Id": "821dc03c-4e38-4cd1-82b2-3155b41b4418"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:15:04", "Actor": [{"Type": 5, "ID": "fim_password_service@support.onmicrosoft.com"}, {"Type": 3, "ID": "100300008060F582"}, {"Type": 2, "ID": "User_00000000-0000-0000-0000-000000000000"}, {"Type": 2, "ID": "00000000-0000-0000-0000-000000000000"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "d51ef8df-6617-4356-b8d4-89ad7efef31e", "RecordType": 8, "ActorIpAddress": "", "UserId": "fim_password_service@support.onmicrosoft.com", "UserType": 0, "UserKey": "100300008060F582@support.onmicrosoft.com", "ClientIP": "", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "ObjectId": "asr@testsiem.onmicrosoft.com", "ModifiedProperties": [{"Name": "StrongAuthenticationPhoneAppDetail", "OldValue": "[\r\n {\r\n \"DeviceName\": \"NO_DEVICE\",\r\n \"DeviceToken\": \"NO_DEVICE_TOKEN\",\r\n \"DeviceTag\": \"SoftwareTokenActivated\",\r\n \"PhoneAppVersion\": \"NO_PHONE_APP_VERSION\",\r\n \"OathTokenTimeDrift\": 0,\r\n \"DeviceId\": null,\r\n \"Id\": \"3b539b10-3846-4f9b-877d-55b0b8e76147\",\r\n \"TimeInterval\": null,\r\n \"AuthenticationType\": 2,\r\n \"NotificationType\": 1,\r\n \"SecuredPartitionId\": 0,\r\n \"SecuredKeyId\": 0\r\n }\r\n]", "NewValue": "[\r\n {\r\n \"DeviceName\": \"NO_DEVICE\",\r\n \"DeviceToken\": \"NO_DEVICE_TOKEN\",\r\n \"DeviceTag\": \"SoftwareTokenActivated\",\r\n \"PhoneAppVersion\": \"NO_PHONE_APP_VERSION\",\r\n \"OathTokenTimeDrift\": -1,\r\n \"DeviceId\": null,\r\n \"Id\": \"3b539b10-3846-4f9b-877d-55b0b8e76147\",\r\n \"TimeInterval\": null,\r\n \"AuthenticationType\": 2,\r\n \"NotificationType\": 1,\r\n \"SecuredPartitionId\": 0,\r\n \"SecuredKeyId\": 0\r\n }\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "StrongAuthenticationPhoneAppDetail"}, {"Name": "TargetId.UserType", "OldValue": "", "NewValue": "Member"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "d51ef8df-6617-4356-b8d4-89ad7efef31e"}, {"Name": "actorObjectId", "Value": "00000000-0000-0000-0000-000000000000"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "fim_password_service@support.onmicrosoft.com"}, {"Name": "actorPUID", "Value": "100300008060F582"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "extendedAuditEventCategory", "Value": "User"}, {"Name": "targetUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "targetPUID", "Value": "1003200096971F55"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"StrongAuthenticationPhoneAppDetail\",\"TargetId.UserType\"]"}, {"Name": "correlationId", "Value": "4aa56c6c-8fa5-4787-a165-03f181541438"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"UserType\":\"Member\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "UserManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:15:04.2043419Z"}, {"Name": "env_epoch", "Value": "4QPHR"}, {"Name": "env_seqNum", "Value": "87075075"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##00000000-0000-0000-0000-000000000000_00000000-0000-0000-0000-000000000000_00000000-0000-0000-0000-000000000000"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "becwebservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "becwebservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RBWSR554"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update user.", "Id": "83c924c1-f2e2-4b39-8eda-b80c3823a875"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:16:18", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Microsoft Graph"}, {"Type": 2, "ID": "00000003-0000-0000-c000-000000000000"}, {"Type": 4, "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": ""}, {"NewValue": "", "OldValue": "", "Name": "ServicePrincipal.Name"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}, {"Name": "targetName", "Value": "Microsoft Graph"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "2e358876-29c8-45b5-8dba-e233cf769988"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:16:18.9844570Z"}, {"Name": "env_epoch", "Value": "Z4XUI"}, {"Name": "env_seqNum", "Value": "43649666"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##b2c3071c-9589-469b-9fb1-9311682625c0_00000000-0000-0000-0000-000000000000_b2c3071c-9589-469b-9fb1-9311682625c0"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR581"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove OAuth2PermissionGrant.", "Id": "ec6ba716-ec04-460a-8d9e-661d732c4689"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:16:18", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Microsoft Graph"}, {"Type": 2, "ID": "00000003-0000-0000-c000-000000000000"}, {"Type": 4, "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": ""}, {"NewValue": "", "OldValue": "", "Name": "ServicePrincipal.AppId"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}, {"Name": "targetName", "Value": "Microsoft Graph"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "2e358876-29c8-45b5-8dba-e233cf769988"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:16:18.9844570Z"}, {"Name": "env_epoch", "Value": "Z4XUI"}, {"Name": "env_seqNum", "Value": "43649666"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##b2c3071c-9589-469b-9fb1-9311682625c0_00000000-0000-0000-0000-000000000000_b2c3071c-9589-469b-9fb1-9311682625c0"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR581"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove OAuth2PermissionGrant.", "Id": "ec6ba716-ec04-460a-8d9e-661d732c4689"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:16:18", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Microsoft Graph"}, {"Type": 2, "ID": "00000003-0000-0000-c000-000000000000"}, {"Type": 4, "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "ModifiedProperties": [{"NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", "OldValue": "", "Name": "ServicePrincipal.ObjectID"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}, {"Name": "targetName", "Value": "Microsoft Graph"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "2e358876-29c8-45b5-8dba-e233cf769988"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:16:18.9844570Z"}, {"Name": "env_epoch", "Value": "Z4XUI"}, {"Name": "env_seqNum", "Value": "43649666"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##b2c3071c-9589-469b-9fb1-9311682625c0_00000000-0000-0000-0000-000000000000_b2c3071c-9589-469b-9fb1-9311682625c0"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR581"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove OAuth2PermissionGrant.", "Id": "ec6ba716-ec04-460a-8d9e-661d732c4689"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:00", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "b2484c3c-5461-43ab-850b-70fccf706796"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:00.2133065Z"}, {"Name": "env_epoch", "Value": "OLE3R"}, {"Name": "env_seqNum", "Value": "55908032"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##53a69eec-6bcd-473f-9c68-150d680e0776_00000000-0000-0000-0000-000000000000_53a69eec-6bcd-473f-9c68-150d680e0776"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR551"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "31d7436e-85aa-4aee-a945-6a0ff51ea975"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:00", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "b2484c3c-5461-43ab-850b-70fccf706796"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:00.2133065Z"}, {"Name": "env_epoch", "Value": "OLE3R"}, {"Name": "env_seqNum", "Value": "55908041"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##53a69eec-6bcd-473f-9c68-150d680e0776_00000000-0000-0000-0000-000000000000_53a69eec-6bcd-473f-9c68-150d680e0776"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR551"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "7bca6665-4d58-4df9-bd34-4d92e1fc63aa"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:00", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "ServicePrincipal.Name"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "b2484c3c-5461-43ab-850b-70fccf706796"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:00.2133065Z"}, {"Name": "env_epoch", "Value": "OLE3R"}, {"Name": "env_seqNum", "Value": "55908032"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##53a69eec-6bcd-473f-9c68-150d680e0776_00000000-0000-0000-0000-000000000000_53a69eec-6bcd-473f-9c68-150d680e0776"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR551"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "31d7436e-85aa-4aee-a945-6a0ff51ea975"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:00", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"NewValue": "siem", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "b2484c3c-5461-43ab-850b-70fccf706796"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:00.2133065Z"}, {"Name": "env_epoch", "Value": "OLE3R"}, {"Name": "env_seqNum", "Value": "55908041"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##53a69eec-6bcd-473f-9c68-150d680e0776_00000000-0000-0000-0000-000000000000_53a69eec-6bcd-473f-9c68-150d680e0776"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR551"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "7bca6665-4d58-4df9-bd34-4d92e1fc63aa"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:00", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"NewValue": "siem", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "ServicePrincipal.AppId"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "b2484c3c-5461-43ab-850b-70fccf706796"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:00.2133065Z"}, {"Name": "env_epoch", "Value": "OLE3R"}, {"Name": "env_seqNum", "Value": "55908041"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##53a69eec-6bcd-473f-9c68-150d680e0776_00000000-0000-0000-0000-000000000000_53a69eec-6bcd-473f-9c68-150d680e0776"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR551"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "7bca6665-4d58-4df9-bd34-4d92e1fc63aa"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "2f79971d-1802-40d2-b048-6cf4f85c010b"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:45.3474390Z"}, {"Name": "env_epoch", "Value": "95CEL"}, {"Name": "env_seqNum", "Value": "44735117"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR519"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "227bc85c-0c21-4df3-9e11-3a24f104e1e4"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "2f79971d-1802-40d2-b048-6cf4f85c010b"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:45.3474390Z"}, {"Name": "env_epoch", "Value": "95CEL"}, {"Name": "env_seqNum", "Value": "44735126"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR519"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "2f79971d-1802-40d2-b048-6cf4f85c010b"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:45.3474390Z"}, {"Name": "env_epoch", "Value": "95CEL"}, {"Name": "env_seqNum", "Value": "44735126"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR519"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "ServicePrincipal.Name"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "2f79971d-1802-40d2-b048-6cf4f85c010b"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:45.3474390Z"}, {"Name": "env_epoch", "Value": "95CEL"}, {"Name": "env_seqNum", "Value": "44735117"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR519"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "227bc85c-0c21-4df3-9e11-3a24f104e1e4"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", "OldValue": "", "Name": "ServicePrincipal.ObjectID"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "2f79971d-1802-40d2-b048-6cf4f85c010b"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:45.3474390Z"}, {"Name": "env_epoch", "Value": "95CEL"}, {"Name": "env_seqNum", "Value": "44735117"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR519"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "227bc85c-0c21-4df3-9e11-3a24f104e1e4"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", "OldValue": "", "Name": "ServicePrincipal.ObjectID"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "2f79971d-1802-40d2-b048-6cf4f85c010b"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:45.3474390Z"}, {"Name": "env_epoch", "Value": "95CEL"}, {"Name": "env_seqNum", "Value": "44735126"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR519"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", "OldValue": "", "Name": "ServicePrincipal.ObjectID"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "ServicePrincipal.AppId"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "2f79971d-1802-40d2-b048-6cf4f85c010b"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:45.3474390Z"}, {"Name": "env_epoch", "Value": "95CEL"}, {"Name": "env_seqNum", "Value": "44735126"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR519"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:30:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem"}, {"Type": 2, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Type": 4, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", "ModifiedProperties": [{"Name": "ConsentContext.IsAdminConsent", "OldValue": "", "NewValue": "True"}, {"Name": "ConsentContext.IsAppOnly", "OldValue": "", "NewValue": "False"}, {"Name": "ConsentContext.OnBehalfOfAll", "OldValue": "", "NewValue": "True"}, {"Name": "ConsentContext.Tags", "OldValue": "", "NewValue": ""}, {"Name": "ConsentAction.Permissions", "OldValue": "", "NewValue": "[] => [[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; "}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "654d7080-aee6-4826-abd9-c5710b336614"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:30:06.3393756Z"}, {"Name": "env_epoch", "Value": "38FW7"}, {"Name": "env_seqNum", "Value": "43118027"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR57"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Consent to application.", "Id": "0031778a-80cf-49f8-aea2-f798c9bf1ec9"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:30:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem"}, {"Type": 2, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Type": 4, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", "ModifiedProperties": [{"Name": "ConsentContext.IsAdminConsent", "OldValue": "", "NewValue": "True"}, {"Name": "ConsentContext.IsAppOnly", "OldValue": "", "NewValue": "False"}, {"NewValue": "True", "OldValue": "", "Name": "ConsentContext.OnBehalfOfAll"}, {"Name": "ConsentContext.Tags", "OldValue": "", "NewValue": ""}, {"Name": "ConsentAction.Permissions", "OldValue": "", "NewValue": "[] => [[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; "}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "654d7080-aee6-4826-abd9-c5710b336614"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:30:06.3393756Z"}, {"Name": "env_epoch", "Value": "38FW7"}, {"Name": "env_seqNum", "Value": "43118027"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR57"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Consent to application.", "Id": "0031778a-80cf-49f8-aea2-f798c9bf1ec9"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:30:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Microsoft Graph"}, {"Type": 2, "ID": "00000003-0000-0000-c000-000000000000"}, {"Type": 4, "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}, {"Name": "targetName", "Value": "Microsoft Graph"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "654d7080-aee6-4826-abd9-c5710b336614"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:30:06.3343965Z"}, {"Name": "env_epoch", "Value": "38FW7"}, {"Name": "env_seqNum", "Value": "43118019"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR57"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add OAuth2PermissionGrant.", "Id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:30:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Microsoft Graph"}, {"Type": 2, "ID": "00000003-0000-0000-c000-000000000000"}, {"Type": 4, "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": ""}, {"NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}, {"Name": "targetName", "Value": "Microsoft Graph"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "654d7080-aee6-4826-abd9-c5710b336614"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:30:06.3343965Z"}, {"Name": "env_epoch", "Value": "38FW7"}, {"Name": "env_seqNum", "Value": "43118019"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR57"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add OAuth2PermissionGrant.", "Id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:30:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Microsoft Graph"}, {"Type": 2, "ID": "00000003-0000-0000-c000-000000000000"}, {"Type": 4, "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"NewValue": "", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}, {"Name": "targetName", "Value": "Microsoft Graph"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "654d7080-aee6-4826-abd9-c5710b336614"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:30:06.3343965Z"}, {"Name": "env_epoch", "Value": "38FW7"}, {"Name": "env_seqNum", "Value": "43118019"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR57"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add OAuth2PermissionGrant.", "Id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:30:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Microsoft Graph"}, {"Type": 2, "ID": "00000003-0000-0000-c000-000000000000"}, {"Type": 4, "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "ModifiedProperties": [{"NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", "OldValue": "", "Name": "ServicePrincipal.ObjectID"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": ""}, {"NewValue": "", "OldValue": "", "Name": "ServicePrincipal.AppId"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": ""}, {"NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}, {"Name": "targetName", "Value": "Microsoft Graph"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "654d7080-aee6-4826-abd9-c5710b336614"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:30:06.3343965Z"}, {"Name": "env_epoch", "Value": "38FW7"}, {"Name": "env_seqNum", "Value": "43118019"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR57"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add OAuth2PermissionGrant.", "Id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:30:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "654d7080-aee6-4826-abd9-c5710b336614"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:30:06.1843731Z"}, {"Name": "env_epoch", "Value": "38FW7"}, {"Name": "env_seqNum", "Value": "43117912"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR57"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "678f80a3-92c4-4bb6-83a1-1c39d5a87225"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:30:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "654d7080-aee6-4826-abd9-c5710b336614"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:30:06.2593808Z"}, {"Name": "env_epoch", "Value": "38FW7"}, {"Name": "env_seqNum", "Value": "43117959"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR57"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "a73c1c7e-5591-4912-94cc-527ad6f48ed8"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:30:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "654d7080-aee6-4826-abd9-c5710b336614"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:30:06.2593808Z"}, {"Name": "env_epoch", "Value": "38FW7"}, {"Name": "env_seqNum", "Value": "43117959"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR57"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "a73c1c7e-5591-4912-94cc-527ad6f48ed8"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:30:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"NewValue": "siem", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "654d7080-aee6-4826-abd9-c5710b336614"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:30:06.1843731Z"}, {"Name": "env_epoch", "Value": "38FW7"}, {"Name": "env_seqNum", "Value": "43117912"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR57"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "678f80a3-92c4-4bb6-83a1-1c39d5a87225"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:30:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", "OldValue": "", "Name": "ServicePrincipal.ObjectID"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "654d7080-aee6-4826-abd9-c5710b336614"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:30:06.1843731Z"}, {"Name": "env_epoch", "Value": "38FW7"}, {"Name": "env_seqNum", "Value": "43117912"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR57"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "678f80a3-92c4-4bb6-83a1-1c39d5a87225"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:36:30", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem2"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "AppId", "OldValue": "[]", "NewValue": "[\r\n \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]"}, {"Name": "AvailableToOtherTenants", "OldValue": "[]", "NewValue": "[\r\n false\r\n]"}, {"Name": "DisplayName", "OldValue": "[]", "NewValue": "[\r\n \"siem2\"\r\n]"}, {"Name": "RequiredResourceAccess", "OldValue": "[]", "NewValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "AppId, AvailableToOtherTenants, DisplayName, RequiredResourceAccess"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"AppId\",\"AvailableToOtherTenants\",\"DisplayName\",\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "484659af-7387-4b77-b889-c4d2a8060004"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:36:30.6833528Z"}, {"Name": "env_epoch", "Value": "SDA9U"}, {"Name": "env_seqNum", "Value": "41554400"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##9758fd77-23a7-4fdc-951a-f9200b1a4af9_00000000-0000-0000-0000-000000000000_9758fd77-23a7-4fdc-951a-f9200b1a4af9"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR521"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add application.", "Id": "689aaff0-b34f-4077-9244-0563b9f9c03b"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:36:30", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem2"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "AppId", "OldValue": "[]", "NewValue": "[\r\n \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]"}, {"Name": "AvailableToOtherTenants", "OldValue": "[]", "NewValue": "[\r\n false\r\n]"}, {"Name": "DisplayName", "OldValue": "[]", "NewValue": "[\r\n \"siem2\"\r\n]"}, {"NewValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]", "OldValue": "[]", "Name": "RequiredResourceAccess"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "AppId, AvailableToOtherTenants, DisplayName, RequiredResourceAccess"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"AppId\",\"AvailableToOtherTenants\",\"DisplayName\",\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "484659af-7387-4b77-b889-c4d2a8060004"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:36:30.6833528Z"}, {"Name": "env_epoch", "Value": "SDA9U"}, {"Name": "env_seqNum", "Value": "41554400"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##9758fd77-23a7-4fdc-951a-f9200b1a4af9_00000000-0000-0000-0000-000000000000_9758fd77-23a7-4fdc-951a-f9200b1a4af9"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR521"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add application.", "Id": "689aaff0-b34f-4077-9244-0563b9f9c03b"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:36:30", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem2"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "AppId", "OldValue": "[]", "NewValue": "[\r\n \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]"}, {"Name": "AvailableToOtherTenants", "OldValue": "[]", "NewValue": "[\r\n false\r\n]"}, {"NewValue": "[\r\n \"siem2\"\r\n]", "OldValue": "[]", "Name": "DisplayName"}, {"Name": "RequiredResourceAccess", "OldValue": "[]", "NewValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "AppId, AvailableToOtherTenants, DisplayName, RequiredResourceAccess"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"AppId\",\"AvailableToOtherTenants\",\"DisplayName\",\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "484659af-7387-4b77-b889-c4d2a8060004"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:36:30.6833528Z"}, {"Name": "env_epoch", "Value": "SDA9U"}, {"Name": "env_seqNum", "Value": "41554400"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##9758fd77-23a7-4fdc-951a-f9200b1a4af9_00000000-0000-0000-0000-000000000000_9758fd77-23a7-4fdc-951a-f9200b1a4af9"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR521"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add application.", "Id": "689aaff0-b34f-4077-9244-0563b9f9c03b"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:36:30", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem2"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "AppId", "OldValue": "[]", "NewValue": "[\r\n \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]"}, {"NewValue": "[\r\n false\r\n]", "OldValue": "[]", "Name": "AvailableToOtherTenants"}, {"Name": "DisplayName", "OldValue": "[]", "NewValue": "[\r\n \"siem2\"\r\n]"}, {"Name": "RequiredResourceAccess", "OldValue": "[]", "NewValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "AppId, AvailableToOtherTenants, DisplayName, RequiredResourceAccess"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"AppId\",\"AvailableToOtherTenants\",\"DisplayName\",\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "484659af-7387-4b77-b889-c4d2a8060004"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:36:30.6833528Z"}, {"Name": "env_epoch", "Value": "SDA9U"}, {"Name": "env_seqNum", "Value": "41554400"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##9758fd77-23a7-4fdc-951a-f9200b1a4af9_00000000-0000-0000-0000-000000000000_9758fd77-23a7-4fdc-951a-f9200b1a4af9"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR521"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add application.", "Id": "689aaff0-b34f-4077-9244-0563b9f9c03b"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:36:30", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "ObjectId": "asr@testsiem.onmicrosoft.com", "ModifiedProperties": [{"Name": "Application.ObjectID", "OldValue": "", "NewValue": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Name": "Application.DisplayName", "OldValue": "", "NewValue": "siem2"}, {"Name": "Application.AppId", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "targetPUID", "Value": "1003200096971F55"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"Application.ObjectID\",\"Application.DisplayName\",\"Application.AppId\"]"}, {"Name": "correlationId", "Value": "484659af-7387-4b77-b889-c4d2a8060004"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"33cdc459-1335-4d6c-b773-f5eef4df7793\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"Application\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:36:30.7383513Z"}, {"Name": "env_epoch", "Value": "SDA9U"}, {"Name": "env_seqNum", "Value": "41554439"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##9758fd77-23a7-4fdc-951a-f9200b1a4af9_00000000-0000-0000-0000-000000000000_9758fd77-23a7-4fdc-951a-f9200b1a4af9"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR521"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add owner to application.", "Id": "ccbe264f-f6bc-42bd-b5b6-2893ce2f465f"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:36:31", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "AccountEnabled", "OldValue": "[]", "NewValue": "[\r\n true\r\n]"}, {"Name": "AppPrincipalId", "OldValue": "[]", "NewValue": "[\r\n \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]"}, {"Name": "DisplayName", "OldValue": "[]", "NewValue": "[\r\n \"siem2\"\r\n]"}, {"Name": "ServicePrincipalName", "OldValue": "[]", "NewValue": "[\r\n \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]"}, {"Name": "Credential", "OldValue": "[]", "NewValue": "[\r\n {\r\n \"CredentialType\": 2,\r\n \"KeyStoreId\": \"291154f0-a9f5-45bb-87be-9c8ee5b6d62c\",\r\n \"KeyGroupId\": \"291154f0-a9f5-45bb-87be-9c8ee5b6d62c\"\r\n }\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "AccountEnabled, AppPrincipalId, DisplayName, ServicePrincipalName, Credential"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"AccountEnabled\",\"AppPrincipalId\",\"DisplayName\",\"ServicePrincipalName\",\"Credential\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "381d015d-6660-4dce-af99-4cd8c3b61d4d"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:36:31.1327910Z"}, {"Name": "env_epoch", "Value": "NNJOH"}, {"Name": "env_seqNum", "Value": "39121960"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##d409567a-16bf-49cb-a4c9-cb4608f62168_00000000-0000-0000-0000-000000000000_d409567a-16bf-49cb-a4c9-cb4608f62168"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add service principal.", "Id": "48403af8-b712-4e63-a999-686b631240ac"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:36:31", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "AccountEnabled", "OldValue": "[]", "NewValue": "[\r\n true\r\n]"}, {"Name": "AppPrincipalId", "OldValue": "[]", "NewValue": "[\r\n \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]"}, {"NewValue": "[\r\n \"siem2\"\r\n]", "OldValue": "[]", "Name": "DisplayName"}, {"Name": "ServicePrincipalName", "OldValue": "[]", "NewValue": "[\r\n \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]"}, {"NewValue": "[\r\n {\r\n \"CredentialType\": 2,\r\n \"KeyStoreId\": \"291154f0-a9f5-45bb-87be-9c8ee5b6d62c\",\r\n \"KeyGroupId\": \"291154f0-a9f5-45bb-87be-9c8ee5b6d62c\"\r\n }\r\n]", "OldValue": "[]", "Name": "Credential"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "AccountEnabled, AppPrincipalId, DisplayName, ServicePrincipalName, Credential"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"AccountEnabled\",\"AppPrincipalId\",\"DisplayName\",\"ServicePrincipalName\",\"Credential\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "381d015d-6660-4dce-af99-4cd8c3b61d4d"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:36:31.1327910Z"}, {"Name": "env_epoch", "Value": "NNJOH"}, {"Name": "env_seqNum", "Value": "39121960"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##d409567a-16bf-49cb-a4c9-cb4608f62168_00000000-0000-0000-0000-000000000000_d409567a-16bf-49cb-a4c9-cb4608f62168"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add service principal.", "Id": "48403af8-b712-4e63-a999-686b631240ac"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:36:31", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"NewValue": "[\r\n true\r\n]", "OldValue": "[]", "Name": "AccountEnabled"}, {"Name": "AppPrincipalId", "OldValue": "[]", "NewValue": "[\r\n \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]"}, {"Name": "DisplayName", "OldValue": "[]", "NewValue": "[\r\n \"siem2\"\r\n]"}, {"Name": "ServicePrincipalName", "OldValue": "[]", "NewValue": "[\r\n \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]"}, {"Name": "Credential", "OldValue": "[]", "NewValue": "[\r\n {\r\n \"CredentialType\": 2,\r\n \"KeyStoreId\": \"291154f0-a9f5-45bb-87be-9c8ee5b6d62c\",\r\n \"KeyGroupId\": \"291154f0-a9f5-45bb-87be-9c8ee5b6d62c\"\r\n }\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "AccountEnabled, AppPrincipalId, DisplayName, ServicePrincipalName, Credential"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"AccountEnabled\",\"AppPrincipalId\",\"DisplayName\",\"ServicePrincipalName\",\"Credential\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "381d015d-6660-4dce-af99-4cd8c3b61d4d"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:36:31.1327910Z"}, {"Name": "env_epoch", "Value": "NNJOH"}, {"Name": "env_seqNum", "Value": "39121960"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##d409567a-16bf-49cb-a4c9-cb4608f62168_00000000-0000-0000-0000-000000000000_d409567a-16bf-49cb-a4c9-cb4608f62168"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add service principal.", "Id": "48403af8-b712-4e63-a999-686b631240ac"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:36:31", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"NewValue": "[\r\n true\r\n]", "OldValue": "[]", "Name": "AccountEnabled"}, {"Name": "AppPrincipalId", "OldValue": "[]", "NewValue": "[\r\n \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]"}, {"NewValue": "[\r\n \"siem2\"\r\n]", "OldValue": "[]", "Name": "DisplayName"}, {"NewValue": "[\r\n \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]", "OldValue": "[]", "Name": "ServicePrincipalName"}, {"Name": "Credential", "OldValue": "[]", "NewValue": "[\r\n {\r\n \"CredentialType\": 2,\r\n \"KeyStoreId\": \"291154f0-a9f5-45bb-87be-9c8ee5b6d62c\",\r\n \"KeyGroupId\": \"291154f0-a9f5-45bb-87be-9c8ee5b6d62c\"\r\n }\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "AccountEnabled, AppPrincipalId, DisplayName, ServicePrincipalName, Credential"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"AccountEnabled\",\"AppPrincipalId\",\"DisplayName\",\"ServicePrincipalName\",\"Credential\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "381d015d-6660-4dce-af99-4cd8c3b61d4d"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:36:31.1327910Z"}, {"Name": "env_epoch", "Value": "NNJOH"}, {"Name": "env_seqNum", "Value": "39121960"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##d409567a-16bf-49cb-a4c9-cb4608f62168_00000000-0000-0000-0000-000000000000_d409567a-16bf-49cb-a4c9-cb4608f62168"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add service principal.", "Id": "48403af8-b712-4e63-a999-686b631240ac"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:42:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem2"}], "ObjectId": "Not Available", "ModifiedProperties": [], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[]"}, {"Name": "correlationId", "Value": "531446ed-abd2-468f-96a8-a4dcc7b05168"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:42:45.0442303Z"}, {"Name": "env_epoch", "Value": "VYXPT"}, {"Name": "env_seqNum", "Value": "45826392"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR559"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "aaa361ac-50e8-43f4-9aaf-c19c09e3e3bc"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:42:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem2"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "KeyDescription", "OldValue": "[]", "NewValue": "[\r\n \"[KeyIdentifier=6d944a5f-234c-4879-8de4-39f089d8b96b,KeyType=AsymmetricX509Cert,KeyUsage=Verify,DisplayName=E=asr@example.net, CN=testsiem.onmicrosoft.com, OU=SIEM, O=Elastic, L=Barcelona, S=Barce]\"\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "KeyDescription"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"KeyDescription\"]"}, {"Name": "correlationId", "Value": "531446ed-abd2-468f-96a8-a4dcc7b05168"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:42:45.0442303Z"}, {"Name": "env_epoch", "Value": "VYXPT"}, {"Name": "env_seqNum", "Value": "45826385"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR559"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application \u2013 Certificates and secrets management ", "Id": "20a82fa1-625b-491a-a3e8-54d779a9b17e"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:42:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem2"}], "ObjectId": "Not Available", "ModifiedProperties": [{"NewValue": "[\r\n \"[KeyIdentifier=6d944a5f-234c-4879-8de4-39f089d8b96b,KeyType=AsymmetricX509Cert,KeyUsage=Verify,DisplayName=E=asr@example.net, CN=testsiem.onmicrosoft.com, OU=SIEM, O=Elastic, L=Barcelona, S=Barce]\"\r\n]", "OldValue": "[]", "Name": "KeyDescription"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "KeyDescription"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"KeyDescription\"]"}, {"Name": "correlationId", "Value": "531446ed-abd2-468f-96a8-a4dcc7b05168"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:42:45.0442303Z"}, {"Name": "env_epoch", "Value": "VYXPT"}, {"Name": "env_seqNum", "Value": "45826385"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR559"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application \u2013 Certificates and secrets management ", "Id": "20a82fa1-625b-491a-a3e8-54d779a9b17e"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:42:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "Included Updated Properties", "OldValue": "", "NewValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "531446ed-abd2-468f-96a8-a4dcc7b05168"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:42:45.1042022Z"}, {"Name": "env_epoch", "Value": "VYXPT"}, {"Name": "env_seqNum", "Value": "45826464"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR559"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update service principal.", "Id": "15adbe69-7974-41ec-8341-208456600ad3"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:42:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "Included Updated Properties", "OldValue": "", "NewValue": ""}, {"NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "531446ed-abd2-468f-96a8-a4dcc7b05168"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:42:45.1042022Z"}, {"Name": "env_epoch", "Value": "VYXPT"}, {"Name": "env_seqNum", "Value": "45826464"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR559"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update service principal.", "Id": "15adbe69-7974-41ec-8341-208456600ad3"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:42:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"NewValue": "", "OldValue": "", "Name": "Included Updated Properties"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "531446ed-abd2-468f-96a8-a4dcc7b05168"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:42:45.1042022Z"}, {"Name": "env_epoch", "Value": "VYXPT"}, {"Name": "env_seqNum", "Value": "45826464"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR559"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update service principal.", "Id": "15adbe69-7974-41ec-8341-208456600ad3"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:37", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem2"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "RequiredResourceAccess", "OldValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]", "NewValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n },\r\n {\r\n \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"594c1fb6-4f81-4475-ae41-0c394909246c\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "RequiredResourceAccess"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "811fd012-35a6-4a0c-abce-79fb08b9ab6c"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:37.2045249Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34620418"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "d23b201c-5436-4ecc-a789-18d3f00ea76c"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:37", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem2"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "RequiredResourceAccess", "OldValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]", "NewValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n },\r\n {\r\n \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"594c1fb6-4f81-4475-ae41-0c394909246c\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]"}, {"NewValue": "RequiredResourceAccess", "OldValue": "", "Name": "Included Updated Properties"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "811fd012-35a6-4a0c-abce-79fb08b9ab6c"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:37.2045249Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34620418"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "d23b201c-5436-4ecc-a789-18d3f00ea76c"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:37", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem2"}], "ObjectId": "Not Available", "ModifiedProperties": [{"NewValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n },\r\n {\r\n \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"594c1fb6-4f81-4475-ae41-0c394909246c\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]", "OldValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]", "Name": "RequiredResourceAccess"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "RequiredResourceAccess"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "811fd012-35a6-4a0c-abce-79fb08b9ab6c"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:37.2045249Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34620418"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "d23b201c-5436-4ecc-a789-18d3f00ea76c"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:37", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "Included Updated Properties", "OldValue": "", "NewValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "811fd012-35a6-4a0c-abce-79fb08b9ab6c"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:37.2595378Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34620448"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update service principal.", "Id": "99a3d3e3-e4f6-4de7-96e0-6333564e1b25"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:37", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "Included Updated Properties", "OldValue": "", "NewValue": ""}, {"NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "811fd012-35a6-4a0c-abce-79fb08b9ab6c"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:37.2595378Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34620448"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update service principal.", "Id": "99a3d3e3-e4f6-4de7-96e0-6333564e1b25"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:37", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"NewValue": "", "OldValue": "", "Name": "Included Updated Properties"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "811fd012-35a6-4a0c-abce-79fb08b9ab6c"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:37.2595378Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34620448"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update service principal.", "Id": "99a3d3e3-e4f6-4de7-96e0-6333564e1b25"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:41", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem2"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:41.8071361Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622707"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "256e3859-87ca-4b23-b2c0-45a26ccd7925"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:41", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem2"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:41.8821342Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622751"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "411fc666-cabf-4cb0-b8a3-e5a2cc515b79"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:41", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem2"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:41.9571526Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622781"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "a4a12952-3467-4d48-9950-48b4b9ac87b3"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:41", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem2"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:41.8821342Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622751"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "411fc666-cabf-4cb0-b8a3-e5a2cc515b79"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:41", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem2"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "OldValue": "", "Name": "ServicePrincipal.Name"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:41.9571526Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622781"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "a4a12952-3467-4d48-9950-48b4b9ac87b3"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:41", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem2"}, {"NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "OldValue": "", "Name": "ServicePrincipal.AppId"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:41.8821342Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622751"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "411fc666-cabf-4cb0-b8a3-e5a2cc515b79"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:41", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem2"}, {"NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "OldValue": "", "Name": "ServicePrincipal.AppId"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:41.8071361Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622707"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "256e3859-87ca-4b23-b2c0-45a26ccd7925"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:41", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"NewValue": "siem2", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:41.9571526Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622781"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "a4a12952-3467-4d48-9950-48b4b9ac87b3"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:42", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Microsoft Graph"}, {"Type": 2, "ID": "00000003-0000-0000-c000-000000000000"}, {"Type": 4, "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}, {"Name": "targetName", "Value": "Microsoft Graph"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:42.0571467Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622817"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add OAuth2PermissionGrant.", "Id": "db3ce560-1c2f-4c85-b305-55ad6476250f"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:42", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Microsoft Graph"}, {"Type": 2, "ID": "00000003-0000-0000-c000-000000000000"}, {"Type": 4, "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"NewValue": "", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}, {"Name": "targetName", "Value": "Microsoft Graph"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:42.0571467Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622817"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add OAuth2PermissionGrant.", "Id": "db3ce560-1c2f-4c85-b305-55ad6476250f"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:42", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Microsoft Graph"}, {"Type": 2, "ID": "00000003-0000-0000-c000-000000000000"}, {"Type": 4, "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "ModifiedProperties": [{"NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855", "OldValue": "", "Name": "ServicePrincipal.ObjectID"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": ""}, {"NewValue": "", "OldValue": "", "Name": "ServicePrincipal.Name"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}, {"Name": "targetName", "Value": "Microsoft Graph"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:42.0571467Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622817"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add OAuth2PermissionGrant.", "Id": "db3ce560-1c2f-4c85-b305-55ad6476250f"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:42", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "ConsentContext.IsAdminConsent", "OldValue": "", "NewValue": "True"}, {"Name": "ConsentContext.IsAppOnly", "OldValue": "", "NewValue": "False"}, {"Name": "ConsentContext.OnBehalfOfAll", "OldValue": "", "NewValue": "True"}, {"NewValue": "", "OldValue": "", "Name": "ConsentContext.Tags"}, {"Name": "ConsentAction.Permissions", "OldValue": "", "NewValue": "[] => [[Id: 8OmR-4WUaEqJ6aFk0groVfmOUpib6JpGsZv6jnKgD6Y, ClientId: fb91e9f0-9485-4a68-89e9-a164d20ae855, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; "}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:42.1421458Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622848"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Consent to application.", "Id": "24524679-8930-4afd-83b8-2dc70aa0a016"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:42", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "ConsentContext.IsAdminConsent", "OldValue": "", "NewValue": "True"}, {"NewValue": "False", "OldValue": "", "Name": "ConsentContext.IsAppOnly"}, {"Name": "ConsentContext.OnBehalfOfAll", "OldValue": "", "NewValue": "True"}, {"Name": "ConsentContext.Tags", "OldValue": "", "NewValue": ""}, {"Name": "ConsentAction.Permissions", "OldValue": "", "NewValue": "[] => [[Id: 8OmR-4WUaEqJ6aFk0groVfmOUpib6JpGsZv6jnKgD6Y, ClientId: fb91e9f0-9485-4a68-89e9-a164d20ae855, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; "}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:42.1421458Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622848"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Consent to application.", "Id": "24524679-8930-4afd-83b8-2dc70aa0a016"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:42", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "ConsentContext.IsAdminConsent", "OldValue": "", "NewValue": "True"}, {"NewValue": "False", "OldValue": "", "Name": "ConsentContext.IsAppOnly"}, {"NewValue": "True", "OldValue": "", "Name": "ConsentContext.OnBehalfOfAll"}, {"Name": "ConsentContext.Tags", "OldValue": "", "NewValue": ""}, {"Name": "ConsentAction.Permissions", "OldValue": "", "NewValue": "[] => [[Id: 8OmR-4WUaEqJ6aFk0groVfmOUpib6JpGsZv6jnKgD6Y, ClientId: fb91e9f0-9485-4a68-89e9-a164d20ae855, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; "}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:42.1421458Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622848"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Consent to application.", "Id": "24524679-8930-4afd-83b8-2dc70aa0a016"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:42", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "User.ObjectID", "OldValue": "", "NewValue": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "User.UPN", "OldValue": "", "NewValue": "asr@testsiem.onmicrosoft.com"}, {"Name": "User.PUID", "OldValue": "", "NewValue": "1003200096971F55"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "UserManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "User"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"User.ObjectID\",\"User.UPN\",\"User.PUID\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"755e500a-6c03-46b0-b53b-282f23374e3b\",\"ObjectClass\":\"User\",\"UPN\":\"asr@testsiem.onmicrosoft.com\",\"PUID\":\"1003200096971F55\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:42.1421458Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622843"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment grant to user.", "Id": "fb84e87b-9a45-49bf-91d8-30f3880ca99d"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:42", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "User.ObjectID", "OldValue": "", "NewValue": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "User.UPN", "OldValue": "", "NewValue": "asr@testsiem.onmicrosoft.com"}, {"Name": "User.PUID", "OldValue": "", "NewValue": "1003200096971F55"}, {"NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "UserManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "User"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"User.ObjectID\",\"User.UPN\",\"User.PUID\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"755e500a-6c03-46b0-b53b-282f23374e3b\",\"ObjectClass\":\"User\",\"UPN\":\"asr@testsiem.onmicrosoft.com\",\"PUID\":\"1003200096971F55\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:42.1421458Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622843"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment grant to user.", "Id": "fb84e87b-9a45-49bf-91d8-30f3880ca99d"} +{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:42", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "User.ObjectID", "OldValue": "", "NewValue": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"NewValue": "asr@testsiem.onmicrosoft.com", "OldValue": "", "Name": "User.UPN"}, {"Name": "User.PUID", "OldValue": "", "NewValue": "1003200096971F55"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "UserManagement"}, {"Name": "nCloud", "Value": ""}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "User"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"User.ObjectID\",\"User.UPN\",\"User.PUID\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"755e500a-6c03-46b0-b53b-282f23374e3b\",\"ObjectClass\":\"User\",\"UPN\":\"asr@testsiem.onmicrosoft.com\",\"PUID\":\"1003200096971F55\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:42.1421458Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622843"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": ""}, {"Name": "env_osVer", "Value": ""}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment grant to user.", "Id": "fb84e87b-9a45-49bf-91d8-30f3880ca99d"} diff --git a/filebeat/module/o365/audit/test/08-azuread.log-expected.json b/filebeat/module/o365/audit/test/08-azuread.log-expected.json new file mode 100644 index 00000000000..8c4c7233407 --- /dev/null +++ b/filebeat/module/o365/audit/test/08-azuread.log-expected.json @@ -0,0 +1,15239 @@ +[ + { + "@timestamp": "2020-02-09T15:33:26.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "8f6eb24b-6e61-4ee2-a376-31368c300613", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 0, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:33:26", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "528b5206-f6de-4c1f-86db-5f750a9960c9", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR556", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1_00000000-0000-0000-0000-000000000000_ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1", + "o365.audit.ExtendedProperties.env_epoch": "31CXC", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "38438635", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:33:26.1037807Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"RequiredResourceAccess\"]", + "o365.audit.ExtendedProperties.targetName": "siem", + "o365.audit.ExtendedProperties.targetObjectId": "08d8bb01-c269-4a92-9929-a1a89b729512", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "8f6eb24b-6e61-4ee2-a376-31368c300613", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "RequiredResourceAccess", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ObjectId": "Not Available", + "o365.audit.Operation": "Update application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512", + "Type": 2 + }, + { + "ID": "08d8bb01-c269-4a92-9929-a1a89b729512", + "Type": 2 + }, + { + "ID": "Application", + "Type": 2 + }, + { + "ID": "siem", + "Type": 1 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T15:33:26.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "8f6eb24b-6e61-4ee2-a376-31368c300613", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 5611, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:33:26", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "528b5206-f6de-4c1f-86db-5f750a9960c9", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR556", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1_00000000-0000-0000-0000-000000000000_ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1", + "o365.audit.ExtendedProperties.env_epoch": "31CXC", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "38438635", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:33:26.1037807Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"RequiredResourceAccess\"]", + "o365.audit.ExtendedProperties.targetName": "siem", + "o365.audit.ExtendedProperties.targetObjectId": "08d8bb01-c269-4a92-9929-a1a89b729512", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "8f6eb24b-6e61-4ee2-a376-31368c300613", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "RequiredResourceAccess", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ObjectId": "Not Available", + "o365.audit.Operation": "Update application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512", + "Type": 2 + }, + { + "ID": "08d8bb01-c269-4a92-9929-a1a89b729512", + "Type": 2 + }, + { + "ID": "Application", + "Type": 2 + }, + { + "ID": "siem", + "Type": 1 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T15:33:26.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "8f6eb24b-6e61-4ee2-a376-31368c300613", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 11222, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:33:26", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "528b5206-f6de-4c1f-86db-5f750a9960c9", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR556", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1_00000000-0000-0000-0000-000000000000_ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1", + "o365.audit.ExtendedProperties.env_epoch": "31CXC", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "38438635", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:33:26.1037807Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"RequiredResourceAccess\"]", + "o365.audit.ExtendedProperties.targetName": "siem", + "o365.audit.ExtendedProperties.targetObjectId": "08d8bb01-c269-4a92-9929-a1a89b729512", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "8f6eb24b-6e61-4ee2-a376-31368c300613", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "RequiredResourceAccess", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ObjectId": "Not Available", + "o365.audit.Operation": "Update application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512", + "Type": 2 + }, + { + "ID": "08d8bb01-c269-4a92-9929-a1a89b729512", + "Type": 2 + }, + { + "ID": "Application", + "Type": 2 + }, + { + "ID": "siem", + "Type": 1 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T15:33:26.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "b2cc2456-5ac5-4399-b960-82a40036476f", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 16833, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:33:26", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "528b5206-f6de-4c1f-86db-5f750a9960c9", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR556", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1_00000000-0000-0000-0000-000000000000_ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1", + "o365.audit.ExtendedProperties.env_epoch": "31CXC", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "38438642", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:33:26.1638042Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem", + "o365.audit.ExtendedProperties.targetObjectId": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ExtendedProperties.targetSPN": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "b2cc2456-5ac5-4399-b960-82a40036476f", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.Operation": "Update service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23", + "Type": 2 + }, + { + "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem", + "Type": 1 + }, + { + "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "Type": 2 + }, + { + "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T15:33:26.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "b2cc2456-5ac5-4399-b960-82a40036476f", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 20744, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:33:26", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "528b5206-f6de-4c1f-86db-5f750a9960c9", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR556", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1_00000000-0000-0000-0000-000000000000_ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1", + "o365.audit.ExtendedProperties.env_epoch": "31CXC", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "38438642", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:33:26.1638042Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem", + "o365.audit.ExtendedProperties.targetObjectId": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ExtendedProperties.targetSPN": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "b2cc2456-5ac5-4399-b960-82a40036476f", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.Operation": "Update service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23", + "Type": 2 + }, + { + "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem", + "Type": 1 + }, + { + "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "Type": 2 + }, + { + "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T15:34:06.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Remove app role assignment from service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "7f09b681-251f-4ff0-97cf-5247891b6981", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 24655, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:34:06", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "ac045271-8d7f-49b2-abc9-5130051d879f", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR556", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##2b06f483-d288-458d-b40b-af7ad69a2407_00000000-0000-0000-0000-000000000000_2b06f483-d288-458d-b40b-af7ad69a2407", + "o365.audit.ExtendedProperties.env_epoch": "31CXC", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "38464425", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:06.3062012Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "7f09b681-251f-4ff0-97cf-5247891b6981", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Remove app role assignment from service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T15:34:06.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "d8a2ae24-a752-4f8e-adca-c57189a76a71", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 29810, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:34:06", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "ac045271-8d7f-49b2-abc9-5130051d879f", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR556", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##2b06f483-d288-458d-b40b-af7ad69a2407_00000000-0000-0000-0000-000000000000_2b06f483-d288-458d-b40b-af7ad69a2407", + "o365.audit.ExtendedProperties.env_epoch": "31CXC", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "38464434", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:06.3062012Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "d8a2ae24-a752-4f8e-adca-c57189a76a71", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T15:34:06.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Remove app role assignment from service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "7f09b681-251f-4ff0-97cf-5247891b6981", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 35008, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:34:06", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "ac045271-8d7f-49b2-abc9-5130051d879f", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR556", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##2b06f483-d288-458d-b40b-af7ad69a2407_00000000-0000-0000-0000-000000000000_2b06f483-d288-458d-b40b-af7ad69a2407", + "o365.audit.ExtendedProperties.env_epoch": "31CXC", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "38464425", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:06.3062012Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "7f09b681-251f-4ff0-97cf-5247891b6981", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Remove app role assignment from service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T15:34:06.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "d8a2ae24-a752-4f8e-adca-c57189a76a71", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 40163, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:34:06", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "ac045271-8d7f-49b2-abc9-5130051d879f", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR556", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##2b06f483-d288-458d-b40b-af7ad69a2407_00000000-0000-0000-0000-000000000000_2b06f483-d288-458d-b40b-af7ad69a2407", + "o365.audit.ExtendedProperties.env_epoch": "31CXC", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "38464434", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:06.3062012Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "d8a2ae24-a752-4f8e-adca-c57189a76a71", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T15:34:06.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Remove app role assignment from service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "7f09b681-251f-4ff0-97cf-5247891b6981", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 45361, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:34:06", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "ac045271-8d7f-49b2-abc9-5130051d879f", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR556", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##2b06f483-d288-458d-b40b-af7ad69a2407_00000000-0000-0000-0000-000000000000_2b06f483-d288-458d-b40b-af7ad69a2407", + "o365.audit.ExtendedProperties.env_epoch": "31CXC", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "38464425", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:06.3062012Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "7f09b681-251f-4ff0-97cf-5247891b6981", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Remove app role assignment from service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T15:34:47.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "02868191-019a-453a-a3a9-a21f44898778", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 50516, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:34:47", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555", + "o365.audit.ExtendedProperties.env_epoch": "FYE60", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "51372061", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:47.4999796Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "02868191-019a-453a-a3a9-a21f44898778", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T15:34:47.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "02868191-019a-453a-a3a9-a21f44898778", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 55714, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:34:47", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555", + "o365.audit.ExtendedProperties.env_epoch": "FYE60", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "51372061", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:47.4999796Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "02868191-019a-453a-a3a9-a21f44898778", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T15:34:47.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Remove app role assignment from service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 60912, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:34:47", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555", + "o365.audit.ExtendedProperties.env_epoch": "FYE60", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "51372052", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:47.4999796Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Remove app role assignment from service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T15:34:47.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "02868191-019a-453a-a3a9-a21f44898778", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 66067, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:34:47", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555", + "o365.audit.ExtendedProperties.env_epoch": "FYE60", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "51372061", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:47.4999796Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "02868191-019a-453a-a3a9-a21f44898778", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T15:34:47.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Remove app role assignment from service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 71265, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:34:47", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555", + "o365.audit.ExtendedProperties.env_epoch": "FYE60", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "51372052", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:47.4999796Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Remove app role assignment from service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T15:34:47.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Remove app role assignment from service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 76420, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:34:47", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555", + "o365.audit.ExtendedProperties.env_epoch": "FYE60", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "51372052", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:47.4999796Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Remove app role assignment from service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T15:34:47.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "02868191-019a-453a-a3a9-a21f44898778", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 81575, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:34:47", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555", + "o365.audit.ExtendedProperties.env_epoch": "FYE60", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "51372061", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:47.4999796Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "02868191-019a-453a-a3a9-a21f44898778", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T15:34:47.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Remove app role assignment from service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 86773, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:34:47", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555", + "o365.audit.ExtendedProperties.env_epoch": "FYE60", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "51372052", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:47.4999796Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Remove app role assignment from service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T15:34:52.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "fe115c66-3e08-4ab4-8a00-84ae25a59078", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 91928, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:34:52", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "5345f95e-44e0-48fc-823c-8206ff821338", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR565", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##957dae7d-5f0a-4e82-a428-61c0dba2878b_00000000-0000-0000-0000-000000000000_957dae7d-5f0a-4e82-a428-61c0dba2878b", + "o365.audit.ExtendedProperties.env_epoch": "FQXLK", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "42492828", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:52.5873254Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"RequiredResourceAccess\"]", + "o365.audit.ExtendedProperties.targetName": "siem", + "o365.audit.ExtendedProperties.targetObjectId": "08d8bb01-c269-4a92-9929-a1a89b729512", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "fe115c66-3e08-4ab4-8a00-84ae25a59078", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "RequiredResourceAccess", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ObjectId": "Not Available", + "o365.audit.Operation": "Update application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512", + "Type": 2 + }, + { + "ID": "08d8bb01-c269-4a92-9929-a1a89b729512", + "Type": 2 + }, + { + "ID": "Application", + "Type": 2 + }, + { + "ID": "siem", + "Type": 1 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T15:34:52.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "fe115c66-3e08-4ab4-8a00-84ae25a59078", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 97179, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:34:52", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "5345f95e-44e0-48fc-823c-8206ff821338", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR565", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##957dae7d-5f0a-4e82-a428-61c0dba2878b_00000000-0000-0000-0000-000000000000_957dae7d-5f0a-4e82-a428-61c0dba2878b", + "o365.audit.ExtendedProperties.env_epoch": "FQXLK", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "42492828", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:52.5873254Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"RequiredResourceAccess\"]", + "o365.audit.ExtendedProperties.targetName": "siem", + "o365.audit.ExtendedProperties.targetObjectId": "08d8bb01-c269-4a92-9929-a1a89b729512", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "fe115c66-3e08-4ab4-8a00-84ae25a59078", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "RequiredResourceAccess", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ObjectId": "Not Available", + "o365.audit.Operation": "Update application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512", + "Type": 2 + }, + { + "ID": "08d8bb01-c269-4a92-9929-a1a89b729512", + "Type": 2 + }, + { + "ID": "Application", + "Type": 2 + }, + { + "ID": "siem", + "Type": 1 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T15:34:52.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "76f9b173-c35c-4dbb-b5f7-64750ae994ce", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 102430, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:34:52", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "5345f95e-44e0-48fc-823c-8206ff821338", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR565", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##957dae7d-5f0a-4e82-a428-61c0dba2878b_00000000-0000-0000-0000-000000000000_957dae7d-5f0a-4e82-a428-61c0dba2878b", + "o365.audit.ExtendedProperties.env_epoch": "FQXLK", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "42492835", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:52.6473040Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem", + "o365.audit.ExtendedProperties.targetObjectId": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ExtendedProperties.targetSPN": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "76f9b173-c35c-4dbb-b5f7-64750ae994ce", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.Operation": "Update service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23", + "Type": 2 + }, + { + "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem", + "Type": 1 + }, + { + "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "Type": 2 + }, + { + "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T18:25:54.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "d6ad8dba-dd88-499e-a1e1-e649bf8eeb71", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 106341, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T18:25:54", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "51e48c97-80b1-42bb-b732-8b578dfac528", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR575", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##a3a48e48-9c2c-4655-9862-13069eb7726c_00000000-0000-0000-0000-000000000000_a3a48e48-9c2c-4655-9862-13069eb7726c", + "o365.audit.ExtendedProperties.env_epoch": "73AB6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "43793182", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:25:54.7174137Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"RequiredResourceAccess\"]", + "o365.audit.ExtendedProperties.targetName": "siem", + "o365.audit.ExtendedProperties.targetObjectId": "08d8bb01-c269-4a92-9929-a1a89b729512", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "d6ad8dba-dd88-499e-a1e1-e649bf8eeb71", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "RequiredResourceAccess", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ObjectId": "Not Available", + "o365.audit.Operation": "Update application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512", + "Type": 2 + }, + { + "ID": "08d8bb01-c269-4a92-9929-a1a89b729512", + "Type": 2 + }, + { + "ID": "Application", + "Type": 2 + }, + { + "ID": "siem", + "Type": 1 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T18:25:54.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "d6ad8dba-dd88-499e-a1e1-e649bf8eeb71", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 111772, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T18:25:54", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "51e48c97-80b1-42bb-b732-8b578dfac528", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR575", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##a3a48e48-9c2c-4655-9862-13069eb7726c_00000000-0000-0000-0000-000000000000_a3a48e48-9c2c-4655-9862-13069eb7726c", + "o365.audit.ExtendedProperties.env_epoch": "73AB6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "43793182", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:25:54.7174137Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"RequiredResourceAccess\"]", + "o365.audit.ExtendedProperties.targetName": "siem", + "o365.audit.ExtendedProperties.targetObjectId": "08d8bb01-c269-4a92-9929-a1a89b729512", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "d6ad8dba-dd88-499e-a1e1-e649bf8eeb71", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "RequiredResourceAccess", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ObjectId": "Not Available", + "o365.audit.Operation": "Update application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512", + "Type": 2 + }, + { + "ID": "08d8bb01-c269-4a92-9929-a1a89b729512", + "Type": 2 + }, + { + "ID": "Application", + "Type": 2 + }, + { + "ID": "siem", + "Type": 1 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T18:25:54.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "d6ad8dba-dd88-499e-a1e1-e649bf8eeb71", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 117203, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T18:25:54", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "51e48c97-80b1-42bb-b732-8b578dfac528", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR575", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##a3a48e48-9c2c-4655-9862-13069eb7726c_00000000-0000-0000-0000-000000000000_a3a48e48-9c2c-4655-9862-13069eb7726c", + "o365.audit.ExtendedProperties.env_epoch": "73AB6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "43793182", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:25:54.7174137Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"RequiredResourceAccess\"]", + "o365.audit.ExtendedProperties.targetName": "siem", + "o365.audit.ExtendedProperties.targetObjectId": "08d8bb01-c269-4a92-9929-a1a89b729512", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "d6ad8dba-dd88-499e-a1e1-e649bf8eeb71", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "RequiredResourceAccess", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ObjectId": "Not Available", + "o365.audit.Operation": "Update application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512", + "Type": 2 + }, + { + "ID": "08d8bb01-c269-4a92-9929-a1a89b729512", + "Type": 2 + }, + { + "ID": "Application", + "Type": 2 + }, + { + "ID": "siem", + "Type": 1 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T18:25:54.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "606ae654-e71e-4a6b-a07c-85acd775667b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 122634, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T18:25:54", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "51e48c97-80b1-42bb-b732-8b578dfac528", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR575", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##a3a48e48-9c2c-4655-9862-13069eb7726c_00000000-0000-0000-0000-000000000000_a3a48e48-9c2c-4655-9862-13069eb7726c", + "o365.audit.ExtendedProperties.env_epoch": "73AB6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "43793206", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:25:54.7823970Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem", + "o365.audit.ExtendedProperties.targetObjectId": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ExtendedProperties.targetSPN": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "606ae654-e71e-4a6b-a07c-85acd775667b", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.Operation": "Update service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23", + "Type": 2 + }, + { + "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem", + "Type": 1 + }, + { + "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "Type": 2 + }, + { + "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T18:26:05.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment to service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 126545, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T18:26:05", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR530", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99", + "o365.audit.ExtendedProperties.env_epoch": "0871Y", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "46795815", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:26:05.9242333Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add app role assignment to service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T18:26:05.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment to service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 131695, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T18:26:05", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR530", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99", + "o365.audit.ExtendedProperties.env_epoch": "0871Y", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "46795878", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:26:05.9992570Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add app role assignment to service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T18:26:05.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment to service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 136845, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T18:26:05", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR530", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99", + "o365.audit.ExtendedProperties.env_epoch": "0871Y", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "46795815", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:26:05.9242333Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add app role assignment to service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T18:26:05.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment to service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 141995, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T18:26:05", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR530", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99", + "o365.audit.ExtendedProperties.env_epoch": "0871Y", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "46795878", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:26:05.9992570Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add app role assignment to service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T18:26:05.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment to service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 147145, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T18:26:05", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR530", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99", + "o365.audit.ExtendedProperties.env_epoch": "0871Y", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "46795815", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:26:05.9242333Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add app role assignment to service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T18:26:05.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment to service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 152295, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T18:26:05", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR530", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99", + "o365.audit.ExtendedProperties.env_epoch": "0871Y", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "46795878", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:26:05.9992570Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add app role assignment to service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T18:26:05.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment to service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 157445, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T18:26:05", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR530", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99", + "o365.audit.ExtendedProperties.env_epoch": "0871Y", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "46795878", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:26:05.9992570Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add app role assignment to service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T18:26:05.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment to service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 162595, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T18:26:05", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR530", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99", + "o365.audit.ExtendedProperties.env_epoch": "0871Y", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "46795815", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:26:05.9242333Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add app role assignment to service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T18:26:06.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Consent to application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "821dc03c-4e38-4cd1-82b2-3155b41b4418", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 167745, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T18:26:06", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR530", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99", + "o365.audit.ExtendedProperties.env_epoch": "0871Y", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "46795893", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:26:06.0142481Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem", + "o365.audit.ExtendedProperties.targetObjectId": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ExtendedProperties.targetSPN": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "821dc03c-4e38-4cd1-82b2-3155b41b4418", + "o365.audit.ModifiedProperties.ConsentAction_Permissions.NewValue": "[[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]] => [[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; ", + "o365.audit.ModifiedProperties.ConsentAction_Permissions.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.NewValue": "True", + "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.NewValue": "False", + "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.NewValue": "True", + "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_Tags.NewValue": "", + "o365.audit.ModifiedProperties.ConsentContext_Tags.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.Operation": "Consent to application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23", + "Type": 2 + }, + { + "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem", + "Type": 1 + }, + { + "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "Type": 2 + }, + { + "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-09T18:26:06.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Consent to application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "821dc03c-4e38-4cd1-82b2-3155b41b4418", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 172525, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T18:26:06", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR530", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99", + "o365.audit.ExtendedProperties.env_epoch": "0871Y", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "46795893", + "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:26:06.0142481Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem", + "o365.audit.ExtendedProperties.targetObjectId": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ExtendedProperties.targetSPN": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "821dc03c-4e38-4cd1-82b2-3155b41b4418", + "o365.audit.ModifiedProperties.ConsentAction_Permissions.NewValue": "[[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]] => [[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; ", + "o365.audit.ModifiedProperties.ConsentAction_Permissions.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.NewValue": "True", + "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.NewValue": "False", + "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.NewValue": "True", + "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_Tags.NewValue": "", + "o365.audit.ModifiedProperties.ConsentContext_Tags.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.Operation": "Consent to application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23", + "Type": 2 + }, + { + "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem", + "Type": 1 + }, + { + "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "Type": 2 + }, + { + "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:15:04.000Z", + "event.action": "Update user.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "83c924c1-f2e2-4b39-8eda-b80c3823a875", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 177305, + "o365.audit.Actor": [ + { + "ID": "fim_password_service@support.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "100300008060F582", + "Type": 3 + }, + { + "ID": "User_00000000-0000-0000-0000-000000000000", + "Type": 2 + }, + { + "ID": "00000000-0000-0000-0000-000000000000", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "d51ef8df-6617-4356-b8d4-89ad7efef31e", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.CreationTime": "2020-02-10T15:15:04", + "o365.audit.ExtendedProperties.actorContextId": "d51ef8df-6617-4356-b8d4-89ad7efef31e", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "00000000-0000-0000-0000-000000000000", + "o365.audit.ExtendedProperties.actorPUID": "100300008060F582", + "o365.audit.ExtendedProperties.actorUPN": "fim_password_service@support.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"UserType\":\"Member\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "UserManagement", + "o365.audit.ExtendedProperties.correlationId": "4aa56c6c-8fa5-4787-a165-03f181541438", + "o365.audit.ExtendedProperties.env_appId": "becwebservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "becwebservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RBWSR554", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##00000000-0000-0000-0000-000000000000_00000000-0000-0000-0000-000000000000_00000000-0000-0000-0000-000000000000", + "o365.audit.ExtendedProperties.env_epoch": "4QPHR", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "87075075", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:15:04.2043419Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "User", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"StrongAuthenticationPhoneAppDetail\",\"TargetId.UserType\"]", + "o365.audit.ExtendedProperties.targetObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.targetPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.targetUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "83c924c1-f2e2-4b39-8eda-b80c3823a875", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "StrongAuthenticationPhoneAppDetail", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_UserType.NewValue": "Member", + "o365.audit.ModifiedProperties.TargetId_UserType.OldValue": "", + "o365.audit.ObjectId": "asr@testsiem.onmicrosoft.com", + "o365.audit.Operation": "Update user.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "fim_password_service@support.onmicrosoft.com", + "o365.audit.UserKey": "100300008060F582@support.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.user": "fim_password_service", + "service.type": "o365", + "user.domain": "support.onmicrosoft.com", + "user.id": "fim_password_service@support.onmicrosoft.com", + "user.name": "fim_password_service" + }, + { + "@timestamp": "2020-02-10T15:16:18.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Remove OAuth2PermissionGrant.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "ec6ba716-ec04-460a-8d9e-661d732c4689", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 181962, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:16:18", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "2e358876-29c8-45b5-8dba-e233cf769988", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR581", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##b2c3071c-9589-469b-9fb1-9311682625c0_00000000-0000-0000-0000-000000000000_b2c3071c-9589-469b-9fb1-9311682625c0", + "o365.audit.ExtendedProperties.env_epoch": "Z4XUI", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "43649666", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:16:18.9844570Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Microsoft Graph", + "o365.audit.ExtendedProperties.targetObjectId": "98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "o365.audit.ExtendedProperties.targetSPN": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "ec6ba716-ec04-460a-8d9e-661d732c4689", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.Operation": "Remove OAuth2PermissionGrant.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "Type": 2 + }, + { + "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Microsoft Graph", + "Type": 1 + }, + { + "ID": "00000003-0000-0000-c000-000000000000", + "Type": 2 + }, + { + "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:16:18.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Remove OAuth2PermissionGrant.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "ec6ba716-ec04-460a-8d9e-661d732c4689", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 187354, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:16:18", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "2e358876-29c8-45b5-8dba-e233cf769988", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR581", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##b2c3071c-9589-469b-9fb1-9311682625c0_00000000-0000-0000-0000-000000000000_b2c3071c-9589-469b-9fb1-9311682625c0", + "o365.audit.ExtendedProperties.env_epoch": "Z4XUI", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "43649666", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:16:18.9844570Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Microsoft Graph", + "o365.audit.ExtendedProperties.targetObjectId": "98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "o365.audit.ExtendedProperties.targetSPN": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "ec6ba716-ec04-460a-8d9e-661d732c4689", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.Operation": "Remove OAuth2PermissionGrant.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "Type": 2 + }, + { + "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Microsoft Graph", + "Type": 1 + }, + { + "ID": "00000003-0000-0000-c000-000000000000", + "Type": 2 + }, + { + "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:16:18.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Remove OAuth2PermissionGrant.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "ec6ba716-ec04-460a-8d9e-661d732c4689", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 192746, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:16:18", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "2e358876-29c8-45b5-8dba-e233cf769988", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR581", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##b2c3071c-9589-469b-9fb1-9311682625c0_00000000-0000-0000-0000-000000000000_b2c3071c-9589-469b-9fb1-9311682625c0", + "o365.audit.ExtendedProperties.env_epoch": "Z4XUI", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "43649666", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:16:18.9844570Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Microsoft Graph", + "o365.audit.ExtendedProperties.targetObjectId": "98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "o365.audit.ExtendedProperties.targetSPN": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "ec6ba716-ec04-460a-8d9e-661d732c4689", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.Operation": "Remove OAuth2PermissionGrant.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "Type": 2 + }, + { + "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Microsoft Graph", + "Type": 1 + }, + { + "ID": "00000003-0000-0000-c000-000000000000", + "Type": 2 + }, + { + "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:17:00.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Remove app role assignment from service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "31d7436e-85aa-4aee-a945-6a0ff51ea975", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 198138, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:17:00", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "b2484c3c-5461-43ab-850b-70fccf706796", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR551", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##53a69eec-6bcd-473f-9c68-150d680e0776_00000000-0000-0000-0000-000000000000_53a69eec-6bcd-473f-9c68-150d680e0776", + "o365.audit.ExtendedProperties.env_epoch": "OLE3R", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "55908032", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:00.2133065Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "31d7436e-85aa-4aee-a945-6a0ff51ea975", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Remove app role assignment from service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:17:00.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "7bca6665-4d58-4df9-bd34-4d92e1fc63aa", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 203293, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:17:00", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "b2484c3c-5461-43ab-850b-70fccf706796", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR551", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##53a69eec-6bcd-473f-9c68-150d680e0776_00000000-0000-0000-0000-000000000000_53a69eec-6bcd-473f-9c68-150d680e0776", + "o365.audit.ExtendedProperties.env_epoch": "OLE3R", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "55908041", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:00.2133065Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "7bca6665-4d58-4df9-bd34-4d92e1fc63aa", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:17:00.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Remove app role assignment from service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "31d7436e-85aa-4aee-a945-6a0ff51ea975", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 208491, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:17:00", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "b2484c3c-5461-43ab-850b-70fccf706796", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR551", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##53a69eec-6bcd-473f-9c68-150d680e0776_00000000-0000-0000-0000-000000000000_53a69eec-6bcd-473f-9c68-150d680e0776", + "o365.audit.ExtendedProperties.env_epoch": "OLE3R", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "55908032", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:00.2133065Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "31d7436e-85aa-4aee-a945-6a0ff51ea975", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Remove app role assignment from service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:17:00.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "7bca6665-4d58-4df9-bd34-4d92e1fc63aa", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 213646, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:17:00", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "b2484c3c-5461-43ab-850b-70fccf706796", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR551", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##53a69eec-6bcd-473f-9c68-150d680e0776_00000000-0000-0000-0000-000000000000_53a69eec-6bcd-473f-9c68-150d680e0776", + "o365.audit.ExtendedProperties.env_epoch": "OLE3R", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "55908041", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:00.2133065Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "7bca6665-4d58-4df9-bd34-4d92e1fc63aa", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:17:00.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "7bca6665-4d58-4df9-bd34-4d92e1fc63aa", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 218844, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:17:00", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "b2484c3c-5461-43ab-850b-70fccf706796", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR551", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##53a69eec-6bcd-473f-9c68-150d680e0776_00000000-0000-0000-0000-000000000000_53a69eec-6bcd-473f-9c68-150d680e0776", + "o365.audit.ExtendedProperties.env_epoch": "OLE3R", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "55908041", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:00.2133065Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "7bca6665-4d58-4df9-bd34-4d92e1fc63aa", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:17:45.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Remove app role assignment from service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "227bc85c-0c21-4df3-9e11-3a24f104e1e4", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 224042, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:17:45", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "2f79971d-1802-40d2-b048-6cf4f85c010b", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR519", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c", + "o365.audit.ExtendedProperties.env_epoch": "95CEL", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "44735117", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:45.3474390Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "227bc85c-0c21-4df3-9e11-3a24f104e1e4", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Remove app role assignment from service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:17:45.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 229197, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:17:45", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "2f79971d-1802-40d2-b048-6cf4f85c010b", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR519", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c", + "o365.audit.ExtendedProperties.env_epoch": "95CEL", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "44735126", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:45.3474390Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:17:45.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 234395, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:17:45", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "2f79971d-1802-40d2-b048-6cf4f85c010b", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR519", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c", + "o365.audit.ExtendedProperties.env_epoch": "95CEL", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "44735126", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:45.3474390Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:17:45.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Remove app role assignment from service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "227bc85c-0c21-4df3-9e11-3a24f104e1e4", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 239593, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:17:45", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "2f79971d-1802-40d2-b048-6cf4f85c010b", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR519", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c", + "o365.audit.ExtendedProperties.env_epoch": "95CEL", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "44735117", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:45.3474390Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "227bc85c-0c21-4df3-9e11-3a24f104e1e4", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Remove app role assignment from service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:17:45.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Remove app role assignment from service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "227bc85c-0c21-4df3-9e11-3a24f104e1e4", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 244748, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:17:45", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "2f79971d-1802-40d2-b048-6cf4f85c010b", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR519", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c", + "o365.audit.ExtendedProperties.env_epoch": "95CEL", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "44735117", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:45.3474390Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "227bc85c-0c21-4df3-9e11-3a24f104e1e4", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Remove app role assignment from service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:17:45.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 249903, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:17:45", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "2f79971d-1802-40d2-b048-6cf4f85c010b", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR519", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c", + "o365.audit.ExtendedProperties.env_epoch": "95CEL", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "44735126", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:45.3474390Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:17:45.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 255101, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:17:45", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "2f79971d-1802-40d2-b048-6cf4f85c010b", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR519", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c", + "o365.audit.ExtendedProperties.env_epoch": "95CEL", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "44735126", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:45.3474390Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:30:06.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Consent to application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "0031778a-80cf-49f8-aea2-f798c9bf1ec9", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 260299, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:30:06", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "654d7080-aee6-4826-abd9-c5710b336614", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR57", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78", + "o365.audit.ExtendedProperties.env_epoch": "38FW7", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "43118027", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:30:06.3393756Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem", + "o365.audit.ExtendedProperties.targetObjectId": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ExtendedProperties.targetSPN": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "0031778a-80cf-49f8-aea2-f798c9bf1ec9", + "o365.audit.ModifiedProperties.ConsentAction_Permissions.NewValue": "[] => [[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; ", + "o365.audit.ModifiedProperties.ConsentAction_Permissions.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.NewValue": "True", + "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.NewValue": "False", + "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.NewValue": "True", + "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_Tags.NewValue": "", + "o365.audit.ModifiedProperties.ConsentContext_Tags.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.Operation": "Consent to application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23", + "Type": 2 + }, + { + "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem", + "Type": 1 + }, + { + "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "Type": 2 + }, + { + "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:30:06.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Consent to application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "0031778a-80cf-49f8-aea2-f798c9bf1ec9", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 264870, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:30:06", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "654d7080-aee6-4826-abd9-c5710b336614", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR57", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78", + "o365.audit.ExtendedProperties.env_epoch": "38FW7", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "43118027", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:30:06.3393756Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem", + "o365.audit.ExtendedProperties.targetObjectId": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ExtendedProperties.targetSPN": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "0031778a-80cf-49f8-aea2-f798c9bf1ec9", + "o365.audit.ModifiedProperties.ConsentAction_Permissions.NewValue": "[] => [[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; ", + "o365.audit.ModifiedProperties.ConsentAction_Permissions.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.NewValue": "True", + "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.NewValue": "False", + "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.NewValue": "True", + "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_Tags.NewValue": "", + "o365.audit.ModifiedProperties.ConsentContext_Tags.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.Operation": "Consent to application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23", + "Type": 2 + }, + { + "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem", + "Type": 1 + }, + { + "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "Type": 2 + }, + { + "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:30:06.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add OAuth2PermissionGrant.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 269441, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:30:06", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "654d7080-aee6-4826-abd9-c5710b336614", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR57", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78", + "o365.audit.ExtendedProperties.env_epoch": "38FW7", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "43118019", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:30:06.3343965Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Microsoft Graph", + "o365.audit.ExtendedProperties.targetObjectId": "98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "o365.audit.ExtendedProperties.targetSPN": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.Operation": "Add OAuth2PermissionGrant.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "Type": 2 + }, + { + "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Microsoft Graph", + "Type": 1 + }, + { + "ID": "00000003-0000-0000-c000-000000000000", + "Type": 2 + }, + { + "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:30:06.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add OAuth2PermissionGrant.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 274829, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:30:06", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "654d7080-aee6-4826-abd9-c5710b336614", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR57", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78", + "o365.audit.ExtendedProperties.env_epoch": "38FW7", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "43118019", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:30:06.3343965Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Microsoft Graph", + "o365.audit.ExtendedProperties.targetObjectId": "98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "o365.audit.ExtendedProperties.targetSPN": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.Operation": "Add OAuth2PermissionGrant.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "Type": 2 + }, + { + "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Microsoft Graph", + "Type": 1 + }, + { + "ID": "00000003-0000-0000-c000-000000000000", + "Type": 2 + }, + { + "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:30:06.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add OAuth2PermissionGrant.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 280217, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:30:06", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "654d7080-aee6-4826-abd9-c5710b336614", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR57", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78", + "o365.audit.ExtendedProperties.env_epoch": "38FW7", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "43118019", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:30:06.3343965Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Microsoft Graph", + "o365.audit.ExtendedProperties.targetObjectId": "98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "o365.audit.ExtendedProperties.targetSPN": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.Operation": "Add OAuth2PermissionGrant.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "Type": 2 + }, + { + "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Microsoft Graph", + "Type": 1 + }, + { + "ID": "00000003-0000-0000-c000-000000000000", + "Type": 2 + }, + { + "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:30:06.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add OAuth2PermissionGrant.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 285605, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:30:06", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "654d7080-aee6-4826-abd9-c5710b336614", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR57", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78", + "o365.audit.ExtendedProperties.env_epoch": "38FW7", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "43118019", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:30:06.3343965Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Microsoft Graph", + "o365.audit.ExtendedProperties.targetObjectId": "98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "o365.audit.ExtendedProperties.targetSPN": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.Operation": "Add OAuth2PermissionGrant.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "Type": 2 + }, + { + "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Microsoft Graph", + "Type": 1 + }, + { + "ID": "00000003-0000-0000-c000-000000000000", + "Type": 2 + }, + { + "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:30:06.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment to service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "678f80a3-92c4-4bb6-83a1-1c39d5a87225", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 290993, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:30:06", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "654d7080-aee6-4826-abd9-c5710b336614", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR57", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78", + "o365.audit.ExtendedProperties.env_epoch": "38FW7", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "43117912", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:30:06.1843731Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "678f80a3-92c4-4bb6-83a1-1c39d5a87225", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add app role assignment to service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:30:06.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment to service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "a73c1c7e-5591-4912-94cc-527ad6f48ed8", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 296142, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:30:06", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "654d7080-aee6-4826-abd9-c5710b336614", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR57", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78", + "o365.audit.ExtendedProperties.env_epoch": "38FW7", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "43117959", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:30:06.2593808Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "a73c1c7e-5591-4912-94cc-527ad6f48ed8", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add app role assignment to service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:30:06.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment to service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "a73c1c7e-5591-4912-94cc-527ad6f48ed8", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 301291, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:30:06", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "654d7080-aee6-4826-abd9-c5710b336614", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR57", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78", + "o365.audit.ExtendedProperties.env_epoch": "38FW7", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "43117959", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:30:06.2593808Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "a73c1c7e-5591-4912-94cc-527ad6f48ed8", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add app role assignment to service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:30:06.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment to service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "678f80a3-92c4-4bb6-83a1-1c39d5a87225", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 306440, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:30:06", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "654d7080-aee6-4826-abd9-c5710b336614", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR57", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78", + "o365.audit.ExtendedProperties.env_epoch": "38FW7", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "43117912", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:30:06.1843731Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "678f80a3-92c4-4bb6-83a1-1c39d5a87225", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add app role assignment to service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-10T15:30:06.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment to service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "678f80a3-92c4-4bb6-83a1-1c39d5a87225", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 311589, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:30:06", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "654d7080-aee6-4826-abd9-c5710b336614", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR57", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78", + "o365.audit.ExtendedProperties.env_epoch": "38FW7", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "43117912", + "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:30:06.1843731Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "678f80a3-92c4-4bb6-83a1-1c39d5a87225", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add app role assignment to service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:36:30.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "689aaff0-b34f-4077-9244-0563b9f9c03b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 316738, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:36:30", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "484659af-7387-4b77-b889-c4d2a8060004", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR521", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##9758fd77-23a7-4fdc-951a-f9200b1a4af9_00000000-0000-0000-0000-000000000000_9758fd77-23a7-4fdc-951a-f9200b1a4af9", + "o365.audit.ExtendedProperties.env_epoch": "SDA9U", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "41554400", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:36:30.6833528Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"AppId\",\"AvailableToOtherTenants\",\"DisplayName\",\"RequiredResourceAccess\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "33cdc459-1335-4d6c-b773-f5eef4df7793", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "689aaff0-b34f-4077-9244-0563b9f9c03b", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "AppId, AvailableToOtherTenants, DisplayName, RequiredResourceAccess", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ObjectId": "Not Available", + "o365.audit.Operation": "Add application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793", + "Type": 2 + }, + { + "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793", + "Type": 2 + }, + { + "ID": "Application", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:36:30.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "689aaff0-b34f-4077-9244-0563b9f9c03b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 321131, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:36:30", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "484659af-7387-4b77-b889-c4d2a8060004", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR521", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##9758fd77-23a7-4fdc-951a-f9200b1a4af9_00000000-0000-0000-0000-000000000000_9758fd77-23a7-4fdc-951a-f9200b1a4af9", + "o365.audit.ExtendedProperties.env_epoch": "SDA9U", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "41554400", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:36:30.6833528Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"AppId\",\"AvailableToOtherTenants\",\"DisplayName\",\"RequiredResourceAccess\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "33cdc459-1335-4d6c-b773-f5eef4df7793", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "689aaff0-b34f-4077-9244-0563b9f9c03b", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "AppId, AvailableToOtherTenants, DisplayName, RequiredResourceAccess", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ObjectId": "Not Available", + "o365.audit.Operation": "Add application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793", + "Type": 2 + }, + { + "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793", + "Type": 2 + }, + { + "ID": "Application", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:36:30.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "689aaff0-b34f-4077-9244-0563b9f9c03b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 325524, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:36:30", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "484659af-7387-4b77-b889-c4d2a8060004", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR521", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##9758fd77-23a7-4fdc-951a-f9200b1a4af9_00000000-0000-0000-0000-000000000000_9758fd77-23a7-4fdc-951a-f9200b1a4af9", + "o365.audit.ExtendedProperties.env_epoch": "SDA9U", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "41554400", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:36:30.6833528Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"AppId\",\"AvailableToOtherTenants\",\"DisplayName\",\"RequiredResourceAccess\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "33cdc459-1335-4d6c-b773-f5eef4df7793", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "689aaff0-b34f-4077-9244-0563b9f9c03b", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "AppId, AvailableToOtherTenants, DisplayName, RequiredResourceAccess", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ObjectId": "Not Available", + "o365.audit.Operation": "Add application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793", + "Type": 2 + }, + { + "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793", + "Type": 2 + }, + { + "ID": "Application", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:36:30.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "689aaff0-b34f-4077-9244-0563b9f9c03b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 329917, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:36:30", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "484659af-7387-4b77-b889-c4d2a8060004", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR521", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##9758fd77-23a7-4fdc-951a-f9200b1a4af9_00000000-0000-0000-0000-000000000000_9758fd77-23a7-4fdc-951a-f9200b1a4af9", + "o365.audit.ExtendedProperties.env_epoch": "SDA9U", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "41554400", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:36:30.6833528Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"AppId\",\"AvailableToOtherTenants\",\"DisplayName\",\"RequiredResourceAccess\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "33cdc459-1335-4d6c-b773-f5eef4df7793", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "689aaff0-b34f-4077-9244-0563b9f9c03b", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "AppId, AvailableToOtherTenants, DisplayName, RequiredResourceAccess", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ObjectId": "Not Available", + "o365.audit.Operation": "Add application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793", + "Type": 2 + }, + { + "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793", + "Type": 2 + }, + { + "ID": "Application", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:36:30.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add owner to application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "ccbe264f-f6bc-42bd-b5b6-2893ce2f465f", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 334310, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:36:30", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"33cdc459-1335-4d6c-b773-f5eef4df7793\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"Application\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "484659af-7387-4b77-b889-c4d2a8060004", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR521", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##9758fd77-23a7-4fdc-951a-f9200b1a4af9_00000000-0000-0000-0000-000000000000_9758fd77-23a7-4fdc-951a-f9200b1a4af9", + "o365.audit.ExtendedProperties.env_epoch": "SDA9U", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "41554439", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:36:30.7383513Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"Application.ObjectID\",\"Application.DisplayName\",\"Application.AppId\"]", + "o365.audit.ExtendedProperties.targetObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.targetPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.targetUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "ccbe264f-f6bc-42bd-b5b6-2893ce2f465f", + "o365.audit.ModifiedProperties.Application_AppId.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.Application_AppId.OldValue": "", + "o365.audit.ModifiedProperties.Application_DisplayName.NewValue": "siem2", + "o365.audit.ModifiedProperties.Application_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.Application_ObjectID.NewValue": "33cdc459-1335-4d6c-b773-f5eef4df7793", + "o365.audit.ModifiedProperties.Application_ObjectID.OldValue": "", + "o365.audit.ObjectId": "asr@testsiem.onmicrosoft.com", + "o365.audit.Operation": "Add owner to application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:36:31.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "48403af8-b712-4e63-a999-686b631240ac", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 338473, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:36:31", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "381d015d-6660-4dce-af99-4cd8c3b61d4d", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##d409567a-16bf-49cb-a4c9-cb4608f62168_00000000-0000-0000-0000-000000000000_d409567a-16bf-49cb-a4c9-cb4608f62168", + "o365.audit.ExtendedProperties.env_epoch": "NNJOH", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "39121960", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:36:31.1327910Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"AccountEnabled\",\"AppPrincipalId\",\"DisplayName\",\"ServicePrincipalName\",\"Credential\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "48403af8-b712-4e63-a999-686b631240ac", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "AccountEnabled, AppPrincipalId, DisplayName, ServicePrincipalName, Credential", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.Operation": "Add service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 2 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:36:31.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "48403af8-b712-4e63-a999-686b631240ac", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 343183, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:36:31", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "381d015d-6660-4dce-af99-4cd8c3b61d4d", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##d409567a-16bf-49cb-a4c9-cb4608f62168_00000000-0000-0000-0000-000000000000_d409567a-16bf-49cb-a4c9-cb4608f62168", + "o365.audit.ExtendedProperties.env_epoch": "NNJOH", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "39121960", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:36:31.1327910Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"AccountEnabled\",\"AppPrincipalId\",\"DisplayName\",\"ServicePrincipalName\",\"Credential\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "48403af8-b712-4e63-a999-686b631240ac", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "AccountEnabled, AppPrincipalId, DisplayName, ServicePrincipalName, Credential", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.Operation": "Add service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 2 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:36:31.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "48403af8-b712-4e63-a999-686b631240ac", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 347893, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:36:31", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "381d015d-6660-4dce-af99-4cd8c3b61d4d", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##d409567a-16bf-49cb-a4c9-cb4608f62168_00000000-0000-0000-0000-000000000000_d409567a-16bf-49cb-a4c9-cb4608f62168", + "o365.audit.ExtendedProperties.env_epoch": "NNJOH", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "39121960", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:36:31.1327910Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"AccountEnabled\",\"AppPrincipalId\",\"DisplayName\",\"ServicePrincipalName\",\"Credential\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "48403af8-b712-4e63-a999-686b631240ac", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "AccountEnabled, AppPrincipalId, DisplayName, ServicePrincipalName, Credential", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.Operation": "Add service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 2 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:36:31.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "48403af8-b712-4e63-a999-686b631240ac", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 352603, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:36:31", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "381d015d-6660-4dce-af99-4cd8c3b61d4d", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##d409567a-16bf-49cb-a4c9-cb4608f62168_00000000-0000-0000-0000-000000000000_d409567a-16bf-49cb-a4c9-cb4608f62168", + "o365.audit.ExtendedProperties.env_epoch": "NNJOH", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "39121960", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:36:31.1327910Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"AccountEnabled\",\"AppPrincipalId\",\"DisplayName\",\"ServicePrincipalName\",\"Credential\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "48403af8-b712-4e63-a999-686b631240ac", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "AccountEnabled, AppPrincipalId, DisplayName, ServicePrincipalName, Credential", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.Operation": "Add service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 2 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:42:45.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "aaa361ac-50e8-43f4-9aaf-c19c09e3e3bc", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 357313, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:42:45", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "531446ed-abd2-468f-96a8-a4dcc7b05168", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR559", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be", + "o365.audit.ExtendedProperties.env_epoch": "VYXPT", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "45826392", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:42:45.0442303Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "33cdc459-1335-4d6c-b773-f5eef4df7793", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "aaa361ac-50e8-43f4-9aaf-c19c09e3e3bc", + "o365.audit.ObjectId": "Not Available", + "o365.audit.Operation": "Update application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793", + "Type": 2 + }, + { + "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793", + "Type": 2 + }, + { + "ID": "Application", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:42:45.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update application \u2013 Certificates and secrets management ", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "20a82fa1-625b-491a-a3e8-54d779a9b17e", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 360775, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:42:45", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "531446ed-abd2-468f-96a8-a4dcc7b05168", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR559", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be", + "o365.audit.ExtendedProperties.env_epoch": "VYXPT", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "45826385", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:42:45.0442303Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"KeyDescription\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "33cdc459-1335-4d6c-b773-f5eef4df7793", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "20a82fa1-625b-491a-a3e8-54d779a9b17e", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "KeyDescription", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ObjectId": "Not Available", + "o365.audit.Operation": "Update application \u2013 Certificates and secrets management ", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793", + "Type": 2 + }, + { + "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793", + "Type": 2 + }, + { + "ID": "Application", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:42:45.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update application \u2013 Certificates and secrets management ", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "20a82fa1-625b-491a-a3e8-54d779a9b17e", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 364657, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:42:45", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "531446ed-abd2-468f-96a8-a4dcc7b05168", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR559", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be", + "o365.audit.ExtendedProperties.env_epoch": "VYXPT", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "45826385", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:42:45.0442303Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"KeyDescription\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "33cdc459-1335-4d6c-b773-f5eef4df7793", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "20a82fa1-625b-491a-a3e8-54d779a9b17e", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "KeyDescription", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ObjectId": "Not Available", + "o365.audit.Operation": "Update application \u2013 Certificates and secrets management ", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793", + "Type": 2 + }, + { + "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793", + "Type": 2 + }, + { + "ID": "Application", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:42:45.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "15adbe69-7974-41ec-8341-208456600ad3", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 368539, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:42:45", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "531446ed-abd2-468f-96a8-a4dcc7b05168", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR559", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be", + "o365.audit.ExtendedProperties.env_epoch": "VYXPT", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "45826464", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:42:45.1042022Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "15adbe69-7974-41ec-8341-208456600ad3", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.Operation": "Update service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 2 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:42:45.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "15adbe69-7974-41ec-8341-208456600ad3", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 372452, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:42:45", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "531446ed-abd2-468f-96a8-a4dcc7b05168", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR559", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be", + "o365.audit.ExtendedProperties.env_epoch": "VYXPT", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "45826464", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:42:45.1042022Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "15adbe69-7974-41ec-8341-208456600ad3", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.Operation": "Update service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 2 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:42:45.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "15adbe69-7974-41ec-8341-208456600ad3", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 376365, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:42:45", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "531446ed-abd2-468f-96a8-a4dcc7b05168", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR559", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be", + "o365.audit.ExtendedProperties.env_epoch": "VYXPT", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "45826464", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:42:45.1042022Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "15adbe69-7974-41ec-8341-208456600ad3", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.Operation": "Update service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 2 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:45:37.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "d23b201c-5436-4ecc-a789-18d3f00ea76c", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 380278, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:45:37", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "811fd012-35a6-4a0c-abce-79fb08b9ab6c", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337", + "o365.audit.ExtendedProperties.env_epoch": "748B6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "34620418", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:37.2045249Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"RequiredResourceAccess\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "33cdc459-1335-4d6c-b773-f5eef4df7793", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "d23b201c-5436-4ecc-a789-18d3f00ea76c", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "RequiredResourceAccess", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ObjectId": "Not Available", + "o365.audit.Operation": "Update application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793", + "Type": 2 + }, + { + "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793", + "Type": 2 + }, + { + "ID": "Application", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:45:37.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "d23b201c-5436-4ecc-a789-18d3f00ea76c", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 385372, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:45:37", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "811fd012-35a6-4a0c-abce-79fb08b9ab6c", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337", + "o365.audit.ExtendedProperties.env_epoch": "748B6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "34620418", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:37.2045249Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"RequiredResourceAccess\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "33cdc459-1335-4d6c-b773-f5eef4df7793", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "d23b201c-5436-4ecc-a789-18d3f00ea76c", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "RequiredResourceAccess", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ObjectId": "Not Available", + "o365.audit.Operation": "Update application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793", + "Type": 2 + }, + { + "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793", + "Type": 2 + }, + { + "ID": "Application", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:45:37.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "d23b201c-5436-4ecc-a789-18d3f00ea76c", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 390466, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:45:37", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "811fd012-35a6-4a0c-abce-79fb08b9ab6c", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337", + "o365.audit.ExtendedProperties.env_epoch": "748B6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "34620418", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:37.2045249Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"RequiredResourceAccess\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "33cdc459-1335-4d6c-b773-f5eef4df7793", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "d23b201c-5436-4ecc-a789-18d3f00ea76c", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "RequiredResourceAccess", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ObjectId": "Not Available", + "o365.audit.Operation": "Update application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793", + "Type": 2 + }, + { + "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793", + "Type": 2 + }, + { + "ID": "Application", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:45:37.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "99a3d3e3-e4f6-4de7-96e0-6333564e1b25", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 395560, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:45:37", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "811fd012-35a6-4a0c-abce-79fb08b9ab6c", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337", + "o365.audit.ExtendedProperties.env_epoch": "748B6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "34620448", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:37.2595378Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "99a3d3e3-e4f6-4de7-96e0-6333564e1b25", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.Operation": "Update service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 2 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:45:37.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "99a3d3e3-e4f6-4de7-96e0-6333564e1b25", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 399473, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:45:37", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "811fd012-35a6-4a0c-abce-79fb08b9ab6c", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337", + "o365.audit.ExtendedProperties.env_epoch": "748B6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "34620448", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:37.2595378Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "99a3d3e3-e4f6-4de7-96e0-6333564e1b25", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.Operation": "Update service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 2 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:45:37.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Update service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "99a3d3e3-e4f6-4de7-96e0-6333564e1b25", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 403386, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:45:37", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "811fd012-35a6-4a0c-abce-79fb08b9ab6c", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337", + "o365.audit.ExtendedProperties.env_epoch": "748B6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "34620448", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:37.2595378Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "99a3d3e3-e4f6-4de7-96e0-6333564e1b25", + "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "", + "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.Operation": "Update service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 2 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:45:41.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment to service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "256e3859-87ca-4b23-b2c0-45a26ccd7925", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 407299, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:45:41", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e", + "o365.audit.ExtendedProperties.env_epoch": "748B6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "34622707", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:41.8071361Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "256e3859-87ca-4b23-b2c0-45a26ccd7925", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem2", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add app role assignment to service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:45:41.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment to service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "411fc666-cabf-4cb0-b8a3-e5a2cc515b79", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 412451, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:45:41", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e", + "o365.audit.ExtendedProperties.env_epoch": "748B6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "34622751", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:41.8821342Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "411fc666-cabf-4cb0-b8a3-e5a2cc515b79", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem2", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add app role assignment to service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:45:41.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment to service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "a4a12952-3467-4d48-9950-48b4b9ac87b3", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 417603, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:45:41", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e", + "o365.audit.ExtendedProperties.env_epoch": "748B6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "34622781", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:41.9571526Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "a4a12952-3467-4d48-9950-48b4b9ac87b3", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem2", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add app role assignment to service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:45:41.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment to service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "411fc666-cabf-4cb0-b8a3-e5a2cc515b79", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 422755, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:45:41", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e", + "o365.audit.ExtendedProperties.env_epoch": "748B6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "34622751", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:41.8821342Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "411fc666-cabf-4cb0-b8a3-e5a2cc515b79", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem2", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add app role assignment to service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:45:41.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment to service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "a4a12952-3467-4d48-9950-48b4b9ac87b3", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 427907, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:45:41", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e", + "o365.audit.ExtendedProperties.env_epoch": "748B6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "34622781", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:41.9571526Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "a4a12952-3467-4d48-9950-48b4b9ac87b3", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem2", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add app role assignment to service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:45:41.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment to service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "411fc666-cabf-4cb0-b8a3-e5a2cc515b79", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 433059, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:45:41", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e", + "o365.audit.ExtendedProperties.env_epoch": "748B6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "34622751", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:41.8821342Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "411fc666-cabf-4cb0-b8a3-e5a2cc515b79", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem2", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add app role assignment to service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:45:41.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment to service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "256e3859-87ca-4b23-b2c0-45a26ccd7925", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 438211, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:45:41", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e", + "o365.audit.ExtendedProperties.env_epoch": "748B6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "34622707", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:41.8071361Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "256e3859-87ca-4b23-b2c0-45a26ccd7925", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem2", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add app role assignment to service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:45:41.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment to service principal.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "a4a12952-3467-4d48-9950-48b4b9ac87b3", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 443363, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:45:41", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e", + "o365.audit.ExtendedProperties.env_epoch": "748B6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "34622781", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:41.9571526Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs", + "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "a4a12952-3467-4d48-9950-48b4b9ac87b3", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem2", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "o365.audit.Operation": "Add app role assignment to service principal.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Office 365 Management APIs", + "Type": 1 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2", + "Type": 2 + }, + { + "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:45:42.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add OAuth2PermissionGrant.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "db3ce560-1c2f-4c85-b305-55ad6476250f", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 448515, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:45:42", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e", + "o365.audit.ExtendedProperties.env_epoch": "748B6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "34622817", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:42.0571467Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Microsoft Graph", + "o365.audit.ExtendedProperties.targetObjectId": "98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "o365.audit.ExtendedProperties.targetSPN": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "db3ce560-1c2f-4c85-b305-55ad6476250f", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.Operation": "Add OAuth2PermissionGrant.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "Type": 2 + }, + { + "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Microsoft Graph", + "Type": 1 + }, + { + "ID": "00000003-0000-0000-c000-000000000000", + "Type": 2 + }, + { + "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:45:42.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add OAuth2PermissionGrant.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "db3ce560-1c2f-4c85-b305-55ad6476250f", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 453904, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:45:42", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e", + "o365.audit.ExtendedProperties.env_epoch": "748B6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "34622817", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:42.0571467Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Microsoft Graph", + "o365.audit.ExtendedProperties.targetObjectId": "98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "o365.audit.ExtendedProperties.targetSPN": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "db3ce560-1c2f-4c85-b305-55ad6476250f", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.Operation": "Add OAuth2PermissionGrant.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "Type": 2 + }, + { + "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Microsoft Graph", + "Type": 1 + }, + { + "ID": "00000003-0000-0000-c000-000000000000", + "Type": 2 + }, + { + "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:45:42.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add OAuth2PermissionGrant.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "db3ce560-1c2f-4c85-b305-55ad6476250f", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 459293, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:45:42", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e", + "o365.audit.ExtendedProperties.env_epoch": "748B6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "34622817", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:42.0571467Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "Microsoft Graph", + "o365.audit.ExtendedProperties.targetObjectId": "98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "o365.audit.ExtendedProperties.targetSPN": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "db3ce560-1c2f-4c85-b305-55ad6476250f", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "o365.audit.Operation": "Add OAuth2PermissionGrant.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "Type": 2 + }, + { + "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "Microsoft Graph", + "Type": 1 + }, + { + "ID": "00000003-0000-0000-c000-000000000000", + "Type": 2 + }, + { + "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:45:42.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Consent to application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "24524679-8930-4afd-83b8-2dc70aa0a016", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 464682, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:45:42", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e", + "o365.audit.ExtendedProperties.env_epoch": "748B6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "34622848", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:42.1421458Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "24524679-8930-4afd-83b8-2dc70aa0a016", + "o365.audit.ModifiedProperties.ConsentAction_Permissions.NewValue": "[] => [[Id: 8OmR-4WUaEqJ6aFk0groVfmOUpib6JpGsZv6jnKgD6Y, ClientId: fb91e9f0-9485-4a68-89e9-a164d20ae855, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; ", + "o365.audit.ModifiedProperties.ConsentAction_Permissions.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.NewValue": "True", + "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.NewValue": "False", + "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.NewValue": "True", + "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_Tags.NewValue": "", + "o365.audit.ModifiedProperties.ConsentContext_Tags.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.Operation": "Consent to application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 2 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:45:42.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Consent to application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "24524679-8930-4afd-83b8-2dc70aa0a016", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 469256, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:45:42", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e", + "o365.audit.ExtendedProperties.env_epoch": "748B6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "34622848", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:42.1421458Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "24524679-8930-4afd-83b8-2dc70aa0a016", + "o365.audit.ModifiedProperties.ConsentAction_Permissions.NewValue": "[] => [[Id: 8OmR-4WUaEqJ6aFk0groVfmOUpib6JpGsZv6jnKgD6Y, ClientId: fb91e9f0-9485-4a68-89e9-a164d20ae855, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; ", + "o365.audit.ModifiedProperties.ConsentAction_Permissions.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.NewValue": "True", + "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.NewValue": "False", + "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.NewValue": "True", + "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_Tags.NewValue": "", + "o365.audit.ModifiedProperties.ConsentContext_Tags.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.Operation": "Consent to application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 2 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:45:42.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Consent to application.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "24524679-8930-4afd-83b8-2dc70aa0a016", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 473830, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:45:42", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement", + "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e", + "o365.audit.ExtendedProperties.env_epoch": "748B6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "34622848", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:42.1421458Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "24524679-8930-4afd-83b8-2dc70aa0a016", + "o365.audit.ModifiedProperties.ConsentAction_Permissions.NewValue": "[] => [[Id: 8OmR-4WUaEqJ6aFk0groVfmOUpib6JpGsZv6jnKgD6Y, ClientId: fb91e9f0-9485-4a68-89e9-a164d20ae855, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; ", + "o365.audit.ModifiedProperties.ConsentAction_Permissions.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.NewValue": "True", + "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.NewValue": "False", + "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.NewValue": "True", + "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.OldValue": "", + "o365.audit.ModifiedProperties.ConsentContext_Tags.NewValue": "", + "o365.audit.ModifiedProperties.ConsentContext_Tags.OldValue": "", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.Operation": "Consent to application.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 2 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:45:42.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment grant to user.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "fb84e87b-9a45-49bf-91d8-30f3880ca99d", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 478404, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:45:42", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"755e500a-6c03-46b0-b53b-282f23374e3b\",\"ObjectClass\":\"User\",\"UPN\":\"asr@testsiem.onmicrosoft.com\",\"PUID\":\"1003200096971F55\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "UserManagement", + "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e", + "o365.audit.ExtendedProperties.env_epoch": "748B6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "34622843", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:42.1421458Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "User", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"User.ObjectID\",\"User.UPN\",\"User.PUID\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "fb84e87b-9a45-49bf-91d8-30f3880ca99d", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ModifiedProperties.User_ObjectID.NewValue": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ModifiedProperties.User_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.User_PUID.NewValue": "1003200096971F55", + "o365.audit.ModifiedProperties.User_PUID.OldValue": "", + "o365.audit.ModifiedProperties.User_UPN.NewValue": "asr@testsiem.onmicrosoft.com", + "o365.audit.ModifiedProperties.User_UPN.OldValue": "", + "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.Operation": "Add app role assignment grant to user.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 2 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:45:42.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment grant to user.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "fb84e87b-9a45-49bf-91d8-30f3880ca99d", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 482728, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:45:42", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"755e500a-6c03-46b0-b53b-282f23374e3b\",\"ObjectClass\":\"User\",\"UPN\":\"asr@testsiem.onmicrosoft.com\",\"PUID\":\"1003200096971F55\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "UserManagement", + "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e", + "o365.audit.ExtendedProperties.env_epoch": "748B6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "34622843", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:42.1421458Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "User", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"User.ObjectID\",\"User.UPN\",\"User.PUID\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "fb84e87b-9a45-49bf-91d8-30f3880ca99d", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ModifiedProperties.User_ObjectID.NewValue": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ModifiedProperties.User_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.User_PUID.NewValue": "1003200096971F55", + "o365.audit.ModifiedProperties.User_PUID.OldValue": "", + "o365.audit.ModifiedProperties.User_UPN.NewValue": "asr@testsiem.onmicrosoft.com", + "o365.audit.ModifiedProperties.User_UPN.OldValue": "", + "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.Operation": "Add app role assignment grant to user.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 2 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-11T16:45:42.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "Add app role assignment grant to user.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "fb84e87b-9a45-49bf-91d8-30f3880ca99d", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 487052, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + }, + { + "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "Type": 2 + }, + { + "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:45:42", + "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", + "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.actorObjectClass": "User", + "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55", + "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com", + "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"755e500a-6c03-46b0-b53b-282f23374e3b\",\"ObjectClass\":\"User\",\"UPN\":\"asr@testsiem.onmicrosoft.com\",\"PUID\":\"1003200096971F55\"}]", + "o365.audit.ExtendedProperties.auditEventCategory": "UserManagement", + "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", + "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5", + "o365.audit.ExtendedProperties.env_cloud_environment": "PROD", + "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R", + "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice", + "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571", + "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0", + "o365.audit.ExtendedProperties.env_cloud_ver": "1.0", + "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e", + "o365.audit.ExtendedProperties.env_epoch": "748B6", + "o365.audit.ExtendedProperties.env_flags": "257", + "o365.audit.ExtendedProperties.env_iKey": "ikey", + "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent", + "o365.audit.ExtendedProperties.env_os": "", + "o365.audit.ExtendedProperties.env_osVer": "", + "o365.audit.ExtendedProperties.env_popSample": "0", + "o365.audit.ExtendedProperties.env_seqNum": "34622843", + "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:42.1421458Z", + "o365.audit.ExtendedProperties.env_ver": "2.1", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "User", + "o365.audit.ExtendedProperties.nCloud": "", + "o365.audit.ExtendedProperties.resultType": "Success", + "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"User.ObjectID\",\"User.UPN\",\"User.PUID\",\"TargetId.ServicePrincipalNames\"]", + "o365.audit.ExtendedProperties.targetName": "siem2", + "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ExtendedProperties.teamName": "MSODS.", + "o365.audit.ExtendedProperties.version": "2", + "o365.audit.Id": "fb84e87b-9a45-49bf-91d8-30f3880ca99d", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "", + "o365.audit.ModifiedProperties.User_ObjectID.NewValue": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.ModifiedProperties.User_ObjectID.OldValue": "", + "o365.audit.ModifiedProperties.User_PUID.NewValue": "1003200096971F55", + "o365.audit.ModifiedProperties.User_PUID.OldValue": "", + "o365.audit.ModifiedProperties.User_UPN.NewValue": "asr@testsiem.onmicrosoft.com", + "o365.audit.ModifiedProperties.User_UPN.OldValue": "", + "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "o365.audit.Operation": "Add app role assignment grant to user.", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + }, + { + "ID": "siem2", + "Type": 1 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 2 + }, + { + "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", + "Type": 4 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + } +] \ No newline at end of file diff --git a/filebeat/module/o365/audit/test/11-dlp-sharepoint.log b/filebeat/module/o365/audit/test/11-dlp-sharepoint.log new file mode 100644 index 00000000000..ee5223f953d --- /dev/null +++ b/filebeat/module/o365/audit/test/11-dlp-sharepoint.log @@ -0,0 +1,7 @@ +{"Workload": "OneDrive", "SensitiveInfoDetectionIsIncluded": false, "ObjectId": "9cc7be1c-dd5a-4895-b7cb-757de6d51b42", "OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", "UserId": "DlpPolicyEventBasedAssistantOneDriveForBusiness", "CreationTime": "2020-02-25T16:20:15", "UserType": 4, "Version": 1, "PolicyDetails": [{"Rules": [{"Severity": "Low", "RuleId": "c5981414-9f1f-4275-a2df-2fbfb1d03795", "ConditionsMatched": {"SensitiveInformation": [{"Count": 1, "Confidence": 75, "SensitiveType": "cb353f78-2b72-4c3c-8827-92ebe4f69fdf"}]}, "Actions": ["NotifyUser"], "RuleName": "Low volume of content detected U.S. Financial", "ActionParameters": [], "RuleMode": "Enable"}], "PolicyName": "U.S. Financial Data", "PolicyId": "a15b4790-085f-43c1-90ad-853b16cedeec"}], "SharePointMetaData": {"From": "ASR@TESTSIEM2.ONMICROSOFT.COM", "FilePathUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data.docx", "ItemLastModifiedTime": "2020-02-25T16:19:43", "ItemCreationTime": "2020-02-25T15:22:49", "FileName": "Customers Financial Data.docx", "SiteCollectionGuid": "eae3edad-a192-43a9-b317-98d7ea5e3939", "UniqueID": "9cc7be1c-dd5a-4895-b7cb-757de6d51b42", "FileOwner": "Alan Smithee", "SiteCollectionUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com"}, "UserKey": "DlpPolicyEventBasedAssistantOneDriveForBusiness", "Operation": "DLPRuleMatch", "IncidentId": "3066c3c5-eb56-dd03-b000-08d7ba115afd", "Id": "a21f13b9-22b6-405b-bf9e-a07ad8d456da", "RecordType": 11} +{"Workload": "OneDrive", "SensitiveInfoDetectionIsIncluded": false, "ObjectId": "856386d5-c9cd-46e9-b53b-fd01ed590b68", "OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", "UserId": "DlpPolicyEventBasedAssistantOneDriveForBusiness", "CreationTime": "2020-02-25T16:23:39", "UserType": 4, "Version": 1, "PolicyDetails": [{"Rules": [{"Severity": "High", "RuleId": "7503b92a-67c2-494b-8a46-57ef0d738886", "ConditionsMatched": {"SensitiveInformation": [{"Count": 12, "Confidence": 85, "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085"}, {"Count": 1, "Confidence": 75, "SensitiveType": "cb353f78-2b72-4c3c-8827-92ebe4f69fdf"}]}, "Actions": ["BlockAccess", "NotifyUser", "GenerateIncidentReport"], "RuleName": "High volume of content detected U.S. Financial", "ActionParameters": ["GenerateIncidentReport:SiteAdmin"], "RuleMode": "Enable"}], "PolicyName": "U.S. Financial Data", "PolicyId": "a15b4790-085f-43c1-90ad-853b16cedeec"}], "SharePointMetaData": {"From": "ASR@TESTSIEM2.ONMICROSOFT.COM", "FilePathUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data%20Copy.docx", "ItemLastModifiedTime": "2020-02-25T16:21:44", "SiteCollectionUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com", "ItemCreationTime": "2020-02-25T16:21:50", "FileName": "Customers Financial Data Copy.docx", "SiteCollectionGuid": "eae3edad-a192-43a9-b317-98d7ea5e3939", "UniqueID": "856386d5-c9cd-46e9-b53b-fd01ed590b68", "FileOwner": "Alan Smithee"}, "UserKey": "DlpPolicyEventBasedAssistantOneDriveForBusiness", "Operation": "DLPRuleMatch", "IncidentId": "eeeb7b44-fc69-c19f-b000-08d7ba115afd", "Id": "eb8259c8-d2c2-449d-bd35-5c8a033eb629", "RecordType": 11} +{"Workload": "OneDrive", "RecordType": 11, "ObjectId": "856386d5-c9cd-46e9-b53b-fd01ed590b68", "OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", "UserId": "DlpPolicyEventBasedAssistantOneDriveForBusiness", "CreationTime": "2020-02-25T16:23:39", "UserType": 4, "Version": 1, "PolicyDetails": [{"Rules": [{"Severity": "Low", "RuleId": "c5981414-9f1f-4275-a2df-2fbfb1d03795", "ConditionsMatched": {"SensitiveInformation": [{"Count": 12, "Confidence": 85, "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085"}, {"Count": 1, "Confidence": 75, "SensitiveType": "cb353f78-2b72-4c3c-8827-92ebe4f69fdf"}]}, "Actions": ["NotifyUser"], "RuleName": "Low volume of content detected U.S. Financial", "ActionParameters": [], "RuleMode": "Enable"}], "PolicyName": "U.S. Financial Data", "PolicyId": "a15b4790-085f-43c1-90ad-853b16cedeec"}], "SharePointMetaData": {"From": "ASR@TESTSIEM2.ONMICROSOFT.COM", "FilePathUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data%20Copy.docx", "ItemLastModifiedTime": "2020-02-25T16:21:44", "ItemCreationTime": "2020-02-25T16:21:50", "FileName": "Customers Financial Data Copy.docx", "SiteCollectionGuid": "eae3edad-a192-43a9-b317-98d7ea5e3939", "UniqueID": "856386d5-c9cd-46e9-b53b-fd01ed590b68", "FileOwner": "Alan Smithee", "SiteCollectionUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com"}, "UserKey": "DlpPolicyEventBasedAssistantOneDriveForBusiness", "Operation": "DLPRuleMatch", "IncidentId": "eeeb7b44-fc69-c19f-b000-08d7ba115afd", "Id": "50a90c83-7e15-4679-8778-d9dd30927e66", "SensitiveInfoDetectionIsIncluded": false} +{"Workload": "OneDrive", "RecordType": 11, "ObjectId": "9cc7be1c-dd5a-4895-b7cb-757de6d51b42", "OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", "CreationTime": "2020-02-25T16:22:22", "UserId": "DlpPolicyEventBasedAssistantOneDriveForBusiness", "UserType": 4, "Version": 1, "PolicyDetails": [{"Rules": [{"Severity": "High", "RuleId": "7503b92a-67c2-494b-8a46-57ef0d738886", "ConditionsMatched": {"SensitiveInformation": [{"Count": 12, "Confidence": 85, "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085"}, {"Count": 1, "Confidence": 75, "SensitiveType": "cb353f78-2b72-4c3c-8827-92ebe4f69fdf"}]}, "Actions": ["BlockAccess", "NotifyUser", "GenerateIncidentReport"], "RuleName": "High volume of content detected U.S. Financial", "ActionParameters": ["GenerateIncidentReport:SiteAdmin"], "RuleMode": "Enable"}], "PolicyName": "U.S. Financial Data", "PolicyId": "a15b4790-085f-43c1-90ad-853b16cedeec"}], "SharePointMetaData": {"From": "ASR@TESTSIEM2.ONMICROSOFT.COM", "FilePathUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data.docx", "ItemLastModifiedTime": "2020-02-25T16:21:44", "ItemCreationTime": "2020-02-25T15:22:49", "SiteCollectionUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com", "SiteCollectionGuid": "eae3edad-a192-43a9-b317-98d7ea5e3939", "UniqueID": "9cc7be1c-dd5a-4895-b7cb-757de6d51b42", "FileOwner": "Alan Smithee", "FileName": "Customers Financial Data.docx"}, "UserKey": "DlpPolicyEventBasedAssistantOneDriveForBusiness", "Operation": "DLPRuleMatch", "IncidentId": "3066c3c5-eb56-dd03-b000-08d7ba115afd", "Id": "59652f9a-087c-4b65-b88c-b293ade34202", "SensitiveInfoDetectionIsIncluded": false} +{"Workload": "OneDrive", "RecordType": 11, "ObjectId": "f026407b-090a-4c15-99b5-09851842d96d", "OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", "UserId": "DlpPolicyEventBasedAssistantOneDriveForBusiness", "CreationTime": "2020-02-26T10:13:48", "UserType": 4, "Version": 1, "PolicyDetails": [{"Rules": [{"Severity": "High", "RuleId": "bc4d376f-b038-4695-9362-609d32f963cf", "ConditionsMatched": {"SensitiveInformation": [{"Count": 42, "Confidence": 85, "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085"}, {"Count": 23, "Confidence": 85, "SensitiveType": "0e9b3178-9678-47dd-a509-37222ca96b42"}]}, "Actions": ["BlockAccess", "NotifyUser", "GenerateIncidentReport"], "RuleName": "High volume of content detected France Financial", "ActionParameters": ["GenerateIncidentReport:SiteAdmin"], "RuleMode": "Enable"}], "PolicyName": "Financial Data Detection", "PolicyId": "08745d02-5d45-48bd-98e1-8199ab1efdbe"}], "SharePointMetaData": {"From": "ASR@TESTSIEM2.ONMICROSOFT.COM", "FilePathUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/INTERNAL%20CREDIT%20CARD%20NUMBERS.docx", "ItemLastModifiedTime": "2020-02-26T09:46:23", "SiteCollectionUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com", "ItemCreationTime": "2020-02-26T09:44:40", "FileName": "INTERNAL CREDIT CARD NUMBERS.docx", "SiteCollectionGuid": "eae3edad-a192-43a9-b317-98d7ea5e3939", "UniqueID": "f026407b-090a-4c15-99b5-09851842d96d", "FileOwner": "Alan Smithee"}, "UserKey": "DlpPolicyEventBasedAssistantOneDriveForBusiness", "Operation": "DLPRuleMatch", "IncidentId": "f7295114-e601-f2b6-8800-08d7baa56f8b", "Id": "d69c6758-f210-43bd-bac1-563adef4b4cf", "SensitiveInfoDetectionIsIncluded": false} +{"Workload": "SharePoint", "SensitiveInfoDetectionIsIncluded": false, "OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", "UserId": "DLPAgent", "CreationTime": "2020-02-26T12:39:40", "UserType": 4, "Version": 1, "PolicyDetails": [{"Rules": [{"Severity": "High", "RuleId": "121c85c3-b2b2-4d5b-af11-b1d1bc0b36fd", "RuleName": "Low volume of content detected France Financial", "Actions": ["NotifyUser", "GenerateAlert"], "ConditionsMatched": {"SensitiveInformation": [{"Count": 42, "Confidence": 85, "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085"}, {"Count": 2, "Confidence": 85, "SensitiveType": "0e9b3178-9678-47dd-a509-37222ca96b42"}]}, "ActionParameters": ["GenerateAlert:asr@testsiem2.onmicrosoft.com"], "RuleMode": "Enable"}], "PolicyName": "Financial Data Detection", "PolicyId": "08745d02-5d45-48bd-98e1-8199ab1efdbe"}], "SharePointMetaData": {"From": "alice@testsiem2.onmicrosoft.com", "UniqueID": "3ace820e-9358-4520-9df6-5bd65602cef0", "FilePathUrl": "https://testsiem2.sharepoint.com/sites/Internalcommunications/Shared%20Documents/Document.docx", "ItemLastModifiedTime": "2020-02-26T09:56:12", "SiteCollectionUrl": "https://testsiem2.sharepoint.com/sites/Internalcommunications", "ItemCreationTime": "2020-02-26T09:55:38", "SiteCollectionGuid": "4aaa3319-df17-4ea0-a142-42cf204cfc62", "FileSize": 35920, "IsViewableByExternalUsers": false, "FileOwner": "alice@testsiem2.onmicrosoft.com", "FileName": "Document.docx"}, "UserKey": "DLPAgent", "Operation": "DLPRuleMatch", "IncidentId": "0ae82be2-e321-ab52-d000-08d7bab8fe55", "Id": "93585ace-96eb-4af1-fdb2-08d7bab8f2bd", "RecordType": 11} +{"Workload": "SharePoint", "SensitiveInfoDetectionIsIncluded": false, "OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", "UserId": "DLPAgent", "CreationTime": "2020-02-26T12:39:40", "UserType": 4, "Version": 1, "PolicyDetails": [{"Rules": [{"Severity": "High", "RuleId": "121c85c3-b2b2-4d5b-af11-b1d1bc0b36fd", "ConditionsMatched": {"SensitiveInformation": [{"Count": 42, "Confidence": 85, "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085"}, {"Count": 2, "Confidence": 85, "SensitiveType": "0e9b3178-9678-47dd-a509-37222ca96b42"}]}, "Actions": ["NotifyUser", "GenerateAlert"], "RuleName": "Low volume of content detected France Financial", "ActionParameters": ["GenerateAlert:asr@testsiem2.onmicrosoft.com"], "RuleMode": "Enable"}], "PolicyName": "Financial Data Detection", "PolicyId": "08745d02-5d45-48bd-98e1-8199ab1efdbe"}], "SharePointMetaData": {"From": "alice@testsiem2.onmicrosoft.com", "IsViewableByExternalUsers": false, "FilePathUrl": "https://testsiem2.sharepoint.com/sites/Internalcommunications/Shared%20Documents/Document.docx", "ItemLastModifiedTime": "2020-02-26T09:56:12", "SiteCollectionUrl": "https://testsiem2.sharepoint.com/sites/Internalcommunications", "ItemCreationTime": "2020-02-26T09:55:38", "FileName": "Document.docx", "SiteCollectionGuid": "4aaa3319-df17-4ea0-a142-42cf204cfc62", "FileSize": 35920, "UniqueID": "3ace820e-9358-4520-9df6-5bd65602cef0", "FileOwner": "alice@testsiem2.onmicrosoft.com"}, "UserKey": "DLPAgent", "Operation": "DLPRuleMatch", "IncidentId": "0ae82be2-e321-ab52-d000-08d7bab8fe55", "Id": "93585ace-96eb-4af1-fdb2-08d7bab8f2bd", "RecordType": 11} diff --git a/filebeat/module/o365/audit/test/11-dlp-sharepoint.log-expected.json b/filebeat/module/o365/audit/test/11-dlp-sharepoint.log-expected.json new file mode 100644 index 00000000000..8d1e8e5a328 --- /dev/null +++ b/filebeat/module/o365/audit/test/11-dlp-sharepoint.log-expected.json @@ -0,0 +1,626 @@ +[ + { + "@timestamp": "2020-02-25T16:20:15.000Z", + "event.action": "DLPRuleMatch", + "event.category": "file", + "event.code": "ComplianceDLPSharePoint", + "event.dataset": "o365.audit", + "event.id": "a21f13b9-22b6-405b-bf9e-a07ad8d456da", + "event.kind": "alert", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "OneDrive", + "event.severity": 2, + "event.type": "access", + "file.inode": "9cc7be1c-dd5a-4895-b7cb-757de6d51b42", + "file.name": "Customers Financial Data.docx", + "file.owner": "Alan Smithee", + "fileset.name": "audit", + "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "input.type": "log", + "log.offset": 0, + "o365.audit.CreationTime": "2020-02-25T16:20:15", + "o365.audit.Id": "a21f13b9-22b6-405b-bf9e-a07ad8d456da", + "o365.audit.IncidentId": "3066c3c5-eb56-dd03-b000-08d7ba115afd", + "o365.audit.ObjectId": "9cc7be1c-dd5a-4895-b7cb-757de6d51b42", + "o365.audit.Operation": "DLPRuleMatch", + "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "o365.audit.PolicyDetails": [ + { + "PolicyId": "a15b4790-085f-43c1-90ad-853b16cedeec", + "PolicyName": "U.S. Financial Data", + "Rules": [ + { + "ActionParameters": [], + "Actions": [ + "NotifyUser" + ], + "ConditionsMatched": { + "SensitiveInformation": [ + { + "Confidence": 75, + "Count": 1, + "SensitiveType": "cb353f78-2b72-4c3c-8827-92ebe4f69fdf" + } + ] + }, + "RuleId": "c5981414-9f1f-4275-a2df-2fbfb1d03795", + "RuleMode": "Enable", + "RuleName": "Low volume of content detected U.S. Financial", + "Severity": "Low" + } + ] + } + ], + "o365.audit.RecordType": 11, + "o365.audit.SensitiveInfoDetectionIsIncluded": false, + "o365.audit.SharePointMetaData.FileName": "Customers Financial Data.docx", + "o365.audit.SharePointMetaData.FileOwner": "Alan Smithee", + "o365.audit.SharePointMetaData.FilePathUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data.docx", + "o365.audit.SharePointMetaData.From": "ASR@TESTSIEM2.ONMICROSOFT.COM", + "o365.audit.SharePointMetaData.ItemCreationTime": "2020-02-25T15:22:49", + "o365.audit.SharePointMetaData.ItemLastModifiedTime": "2020-02-25T16:19:43", + "o365.audit.SharePointMetaData.SiteCollectionGuid": "eae3edad-a192-43a9-b317-98d7ea5e3939", + "o365.audit.SharePointMetaData.SiteCollectionUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com", + "o365.audit.SharePointMetaData.UniqueID": "9cc7be1c-dd5a-4895-b7cb-757de6d51b42", + "o365.audit.UserId": "DlpPolicyEventBasedAssistantOneDriveForBusiness", + "o365.audit.UserKey": "DlpPolicyEventBasedAssistantOneDriveForBusiness", + "o365.audit.UserType": 4, + "o365.audit.Version": 1, + "o365.audit.Workload": "OneDrive", + "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "related.user": [ + "ASR", + "Alan Smithee" + ], + "rule.id": "c5981414-9f1f-4275-a2df-2fbfb1d03795", + "rule.name": "Low volume of content detected U.S. Financial", + "service.type": "o365", + "url.original": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data.docx", + "user.domain": "TESTSIEM2.ONMICROSOFT.COM", + "user.id": "ASR@TESTSIEM2.ONMICROSOFT.COM", + "user.name": "ASR" + }, + { + "@timestamp": "2020-02-25T16:23:39.000Z", + "event.action": "DLPRuleMatch", + "event.category": "file", + "event.code": "ComplianceDLPSharePoint", + "event.dataset": "o365.audit", + "event.id": "eb8259c8-d2c2-449d-bd35-5c8a033eb629", + "event.kind": "alert", + "event.module": "o365", + "event.outcome": "failure", + "event.provider": "OneDrive", + "event.severity": 4, + "event.type": "access", + "file.inode": "856386d5-c9cd-46e9-b53b-fd01ed590b68", + "file.name": "Customers Financial Data Copy.docx", + "file.owner": "Alan Smithee", + "fileset.name": "audit", + "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "input.type": "log", + "log.offset": 1559, + "o365.audit.CreationTime": "2020-02-25T16:23:39", + "o365.audit.Id": "eb8259c8-d2c2-449d-bd35-5c8a033eb629", + "o365.audit.IncidentId": "eeeb7b44-fc69-c19f-b000-08d7ba115afd", + "o365.audit.ObjectId": "856386d5-c9cd-46e9-b53b-fd01ed590b68", + "o365.audit.Operation": "DLPRuleMatch", + "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "o365.audit.PolicyDetails": [ + { + "PolicyId": "a15b4790-085f-43c1-90ad-853b16cedeec", + "PolicyName": "U.S. Financial Data", + "Rules": [ + { + "ActionParameters": [ + "GenerateIncidentReport:SiteAdmin" + ], + "Actions": [ + "BlockAccess", + "NotifyUser", + "GenerateIncidentReport" + ], + "ConditionsMatched": { + "SensitiveInformation": [ + { + "Confidence": 85, + "Count": 12, + "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085" + }, + { + "Confidence": 75, + "Count": 1, + "SensitiveType": "cb353f78-2b72-4c3c-8827-92ebe4f69fdf" + } + ] + }, + "RuleId": "7503b92a-67c2-494b-8a46-57ef0d738886", + "RuleMode": "Enable", + "RuleName": "High volume of content detected U.S. Financial", + "Severity": "High" + } + ] + } + ], + "o365.audit.RecordType": 11, + "o365.audit.SensitiveInfoDetectionIsIncluded": false, + "o365.audit.SharePointMetaData.FileName": "Customers Financial Data Copy.docx", + "o365.audit.SharePointMetaData.FileOwner": "Alan Smithee", + "o365.audit.SharePointMetaData.FilePathUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data%20Copy.docx", + "o365.audit.SharePointMetaData.From": "ASR@TESTSIEM2.ONMICROSOFT.COM", + "o365.audit.SharePointMetaData.ItemCreationTime": "2020-02-25T16:21:50", + "o365.audit.SharePointMetaData.ItemLastModifiedTime": "2020-02-25T16:21:44", + "o365.audit.SharePointMetaData.SiteCollectionGuid": "eae3edad-a192-43a9-b317-98d7ea5e3939", + "o365.audit.SharePointMetaData.SiteCollectionUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com", + "o365.audit.SharePointMetaData.UniqueID": "856386d5-c9cd-46e9-b53b-fd01ed590b68", + "o365.audit.UserId": "DlpPolicyEventBasedAssistantOneDriveForBusiness", + "o365.audit.UserKey": "DlpPolicyEventBasedAssistantOneDriveForBusiness", + "o365.audit.UserType": 4, + "o365.audit.Version": 1, + "o365.audit.Workload": "OneDrive", + "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "related.user": [ + "ASR", + "Alan Smithee" + ], + "rule.id": "7503b92a-67c2-494b-8a46-57ef0d738886", + "rule.name": "High volume of content detected U.S. Financial", + "service.type": "o365", + "url.original": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data%20Copy.docx", + "user.domain": "TESTSIEM2.ONMICROSOFT.COM", + "user.id": "ASR@TESTSIEM2.ONMICROSOFT.COM", + "user.name": "ASR" + }, + { + "@timestamp": "2020-02-25T16:23:39.000Z", + "event.action": "DLPRuleMatch", + "event.category": "file", + "event.code": "ComplianceDLPSharePoint", + "event.dataset": "o365.audit", + "event.id": "50a90c83-7e15-4679-8778-d9dd30927e66", + "event.kind": "alert", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "OneDrive", + "event.severity": 2, + "event.type": "access", + "file.inode": "856386d5-c9cd-46e9-b53b-fd01ed590b68", + "file.name": "Customers Financial Data Copy.docx", + "file.owner": "Alan Smithee", + "fileset.name": "audit", + "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "input.type": "log", + "log.offset": 3297, + "o365.audit.CreationTime": "2020-02-25T16:23:39", + "o365.audit.Id": "50a90c83-7e15-4679-8778-d9dd30927e66", + "o365.audit.IncidentId": "eeeb7b44-fc69-c19f-b000-08d7ba115afd", + "o365.audit.ObjectId": "856386d5-c9cd-46e9-b53b-fd01ed590b68", + "o365.audit.Operation": "DLPRuleMatch", + "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "o365.audit.PolicyDetails": [ + { + "PolicyId": "a15b4790-085f-43c1-90ad-853b16cedeec", + "PolicyName": "U.S. Financial Data", + "Rules": [ + { + "ActionParameters": [], + "Actions": [ + "NotifyUser" + ], + "ConditionsMatched": { + "SensitiveInformation": [ + { + "Confidence": 85, + "Count": 12, + "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085" + }, + { + "Confidence": 75, + "Count": 1, + "SensitiveType": "cb353f78-2b72-4c3c-8827-92ebe4f69fdf" + } + ] + }, + "RuleId": "c5981414-9f1f-4275-a2df-2fbfb1d03795", + "RuleMode": "Enable", + "RuleName": "Low volume of content detected U.S. Financial", + "Severity": "Low" + } + ] + } + ], + "o365.audit.RecordType": 11, + "o365.audit.SensitiveInfoDetectionIsIncluded": false, + "o365.audit.SharePointMetaData.FileName": "Customers Financial Data Copy.docx", + "o365.audit.SharePointMetaData.FileOwner": "Alan Smithee", + "o365.audit.SharePointMetaData.FilePathUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data%20Copy.docx", + "o365.audit.SharePointMetaData.From": "ASR@TESTSIEM2.ONMICROSOFT.COM", + "o365.audit.SharePointMetaData.ItemCreationTime": "2020-02-25T16:21:50", + "o365.audit.SharePointMetaData.ItemLastModifiedTime": "2020-02-25T16:21:44", + "o365.audit.SharePointMetaData.SiteCollectionGuid": "eae3edad-a192-43a9-b317-98d7ea5e3939", + "o365.audit.SharePointMetaData.SiteCollectionUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com", + "o365.audit.SharePointMetaData.UniqueID": "856386d5-c9cd-46e9-b53b-fd01ed590b68", + "o365.audit.UserId": "DlpPolicyEventBasedAssistantOneDriveForBusiness", + "o365.audit.UserKey": "DlpPolicyEventBasedAssistantOneDriveForBusiness", + "o365.audit.UserType": 4, + "o365.audit.Version": 1, + "o365.audit.Workload": "OneDrive", + "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "related.user": [ + "ASR", + "Alan Smithee" + ], + "rule.id": "c5981414-9f1f-4275-a2df-2fbfb1d03795", + "rule.name": "Low volume of content detected U.S. Financial", + "service.type": "o365", + "url.original": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data%20Copy.docx", + "user.domain": "TESTSIEM2.ONMICROSOFT.COM", + "user.id": "ASR@TESTSIEM2.ONMICROSOFT.COM", + "user.name": "ASR" + }, + { + "@timestamp": "2020-02-25T16:22:22.000Z", + "event.action": "DLPRuleMatch", + "event.category": "file", + "event.code": "ComplianceDLPSharePoint", + "event.dataset": "o365.audit", + "event.id": "59652f9a-087c-4b65-b88c-b293ade34202", + "event.kind": "alert", + "event.module": "o365", + "event.outcome": "failure", + "event.provider": "OneDrive", + "event.severity": 4, + "event.type": "access", + "file.inode": "9cc7be1c-dd5a-4895-b7cb-757de6d51b42", + "file.name": "Customers Financial Data.docx", + "file.owner": "Alan Smithee", + "fileset.name": "audit", + "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "input.type": "log", + "log.offset": 4958, + "o365.audit.CreationTime": "2020-02-25T16:22:22", + "o365.audit.Id": "59652f9a-087c-4b65-b88c-b293ade34202", + "o365.audit.IncidentId": "3066c3c5-eb56-dd03-b000-08d7ba115afd", + "o365.audit.ObjectId": "9cc7be1c-dd5a-4895-b7cb-757de6d51b42", + "o365.audit.Operation": "DLPRuleMatch", + "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "o365.audit.PolicyDetails": [ + { + "PolicyId": "a15b4790-085f-43c1-90ad-853b16cedeec", + "PolicyName": "U.S. Financial Data", + "Rules": [ + { + "ActionParameters": [ + "GenerateIncidentReport:SiteAdmin" + ], + "Actions": [ + "BlockAccess", + "NotifyUser", + "GenerateIncidentReport" + ], + "ConditionsMatched": { + "SensitiveInformation": [ + { + "Confidence": 85, + "Count": 12, + "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085" + }, + { + "Confidence": 75, + "Count": 1, + "SensitiveType": "cb353f78-2b72-4c3c-8827-92ebe4f69fdf" + } + ] + }, + "RuleId": "7503b92a-67c2-494b-8a46-57ef0d738886", + "RuleMode": "Enable", + "RuleName": "High volume of content detected U.S. Financial", + "Severity": "High" + } + ] + } + ], + "o365.audit.RecordType": 11, + "o365.audit.SensitiveInfoDetectionIsIncluded": false, + "o365.audit.SharePointMetaData.FileName": "Customers Financial Data.docx", + "o365.audit.SharePointMetaData.FileOwner": "Alan Smithee", + "o365.audit.SharePointMetaData.FilePathUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data.docx", + "o365.audit.SharePointMetaData.From": "ASR@TESTSIEM2.ONMICROSOFT.COM", + "o365.audit.SharePointMetaData.ItemCreationTime": "2020-02-25T15:22:49", + "o365.audit.SharePointMetaData.ItemLastModifiedTime": "2020-02-25T16:21:44", + "o365.audit.SharePointMetaData.SiteCollectionGuid": "eae3edad-a192-43a9-b317-98d7ea5e3939", + "o365.audit.SharePointMetaData.SiteCollectionUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com", + "o365.audit.SharePointMetaData.UniqueID": "9cc7be1c-dd5a-4895-b7cb-757de6d51b42", + "o365.audit.UserId": "DlpPolicyEventBasedAssistantOneDriveForBusiness", + "o365.audit.UserKey": "DlpPolicyEventBasedAssistantOneDriveForBusiness", + "o365.audit.UserType": 4, + "o365.audit.Version": 1, + "o365.audit.Workload": "OneDrive", + "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "related.user": [ + "ASR", + "Alan Smithee" + ], + "rule.id": "7503b92a-67c2-494b-8a46-57ef0d738886", + "rule.name": "High volume of content detected U.S. Financial", + "service.type": "o365", + "url.original": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data.docx", + "user.domain": "TESTSIEM2.ONMICROSOFT.COM", + "user.id": "ASR@TESTSIEM2.ONMICROSOFT.COM", + "user.name": "ASR" + }, + { + "@timestamp": "2020-02-26T10:13:48.000Z", + "event.action": "DLPRuleMatch", + "event.category": "file", + "event.code": "ComplianceDLPSharePoint", + "event.dataset": "o365.audit", + "event.id": "d69c6758-f210-43bd-bac1-563adef4b4cf", + "event.kind": "alert", + "event.module": "o365", + "event.outcome": "failure", + "event.provider": "OneDrive", + "event.severity": 4, + "event.type": "access", + "file.inode": "f026407b-090a-4c15-99b5-09851842d96d", + "file.name": "INTERNAL CREDIT CARD NUMBERS.docx", + "file.owner": "Alan Smithee", + "fileset.name": "audit", + "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "input.type": "log", + "log.offset": 6684, + "o365.audit.CreationTime": "2020-02-26T10:13:48", + "o365.audit.Id": "d69c6758-f210-43bd-bac1-563adef4b4cf", + "o365.audit.IncidentId": "f7295114-e601-f2b6-8800-08d7baa56f8b", + "o365.audit.ObjectId": "f026407b-090a-4c15-99b5-09851842d96d", + "o365.audit.Operation": "DLPRuleMatch", + "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "o365.audit.PolicyDetails": [ + { + "PolicyId": "08745d02-5d45-48bd-98e1-8199ab1efdbe", + "PolicyName": "Financial Data Detection", + "Rules": [ + { + "ActionParameters": [ + "GenerateIncidentReport:SiteAdmin" + ], + "Actions": [ + "BlockAccess", + "NotifyUser", + "GenerateIncidentReport" + ], + "ConditionsMatched": { + "SensitiveInformation": [ + { + "Confidence": 85, + "Count": 42, + "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085" + }, + { + "Confidence": 85, + "Count": 23, + "SensitiveType": "0e9b3178-9678-47dd-a509-37222ca96b42" + } + ] + }, + "RuleId": "bc4d376f-b038-4695-9362-609d32f963cf", + "RuleMode": "Enable", + "RuleName": "High volume of content detected France Financial", + "Severity": "High" + } + ] + } + ], + "o365.audit.RecordType": 11, + "o365.audit.SensitiveInfoDetectionIsIncluded": false, + "o365.audit.SharePointMetaData.FileName": "INTERNAL CREDIT CARD NUMBERS.docx", + "o365.audit.SharePointMetaData.FileOwner": "Alan Smithee", + "o365.audit.SharePointMetaData.FilePathUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/INTERNAL%20CREDIT%20CARD%20NUMBERS.docx", + "o365.audit.SharePointMetaData.From": "ASR@TESTSIEM2.ONMICROSOFT.COM", + "o365.audit.SharePointMetaData.ItemCreationTime": "2020-02-26T09:44:40", + "o365.audit.SharePointMetaData.ItemLastModifiedTime": "2020-02-26T09:46:23", + "o365.audit.SharePointMetaData.SiteCollectionGuid": "eae3edad-a192-43a9-b317-98d7ea5e3939", + "o365.audit.SharePointMetaData.SiteCollectionUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com", + "o365.audit.SharePointMetaData.UniqueID": "f026407b-090a-4c15-99b5-09851842d96d", + "o365.audit.UserId": "DlpPolicyEventBasedAssistantOneDriveForBusiness", + "o365.audit.UserKey": "DlpPolicyEventBasedAssistantOneDriveForBusiness", + "o365.audit.UserType": 4, + "o365.audit.Version": 1, + "o365.audit.Workload": "OneDrive", + "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "related.user": [ + "ASR", + "Alan Smithee" + ], + "rule.id": "bc4d376f-b038-4695-9362-609d32f963cf", + "rule.name": "High volume of content detected France Financial", + "service.type": "o365", + "url.original": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/INTERNAL%20CREDIT%20CARD%20NUMBERS.docx", + "user.domain": "TESTSIEM2.ONMICROSOFT.COM", + "user.id": "ASR@TESTSIEM2.ONMICROSOFT.COM", + "user.name": "ASR" + }, + { + "@timestamp": "2020-02-26T12:39:40.000Z", + "event.action": "DLPRuleMatch", + "event.category": "file", + "event.code": "ComplianceDLPSharePoint", + "event.dataset": "o365.audit", + "event.id": "93585ace-96eb-4af1-fdb2-08d7bab8f2bd", + "event.kind": "alert", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.severity": 4, + "event.type": "access", + "file.inode": "3ace820e-9358-4520-9df6-5bd65602cef0", + "file.name": "Document.docx", + "file.owner": "alice@testsiem2.onmicrosoft.com", + "fileset.name": "audit", + "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "input.type": "log", + "log.offset": 8428, + "o365.audit.CreationTime": "2020-02-26T12:39:40", + "o365.audit.Id": "93585ace-96eb-4af1-fdb2-08d7bab8f2bd", + "o365.audit.IncidentId": "0ae82be2-e321-ab52-d000-08d7bab8fe55", + "o365.audit.Operation": "DLPRuleMatch", + "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "o365.audit.PolicyDetails": [ + { + "PolicyId": "08745d02-5d45-48bd-98e1-8199ab1efdbe", + "PolicyName": "Financial Data Detection", + "Rules": [ + { + "ActionParameters": [ + "GenerateAlert:asr@testsiem2.onmicrosoft.com" + ], + "Actions": [ + "NotifyUser", + "GenerateAlert" + ], + "ConditionsMatched": { + "SensitiveInformation": [ + { + "Confidence": 85, + "Count": 42, + "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085" + }, + { + "Confidence": 85, + "Count": 2, + "SensitiveType": "0e9b3178-9678-47dd-a509-37222ca96b42" + } + ] + }, + "RuleId": "121c85c3-b2b2-4d5b-af11-b1d1bc0b36fd", + "RuleMode": "Enable", + "RuleName": "Low volume of content detected France Financial", + "Severity": "High" + } + ] + } + ], + "o365.audit.RecordType": 11, + "o365.audit.SensitiveInfoDetectionIsIncluded": false, + "o365.audit.SharePointMetaData.FileName": "Document.docx", + "o365.audit.SharePointMetaData.FileOwner": "alice@testsiem2.onmicrosoft.com", + "o365.audit.SharePointMetaData.FilePathUrl": "https://testsiem2.sharepoint.com/sites/Internalcommunications/Shared%20Documents/Document.docx", + "o365.audit.SharePointMetaData.FileSize": 35920, + "o365.audit.SharePointMetaData.From": "alice@testsiem2.onmicrosoft.com", + "o365.audit.SharePointMetaData.IsViewableByExternalUsers": false, + "o365.audit.SharePointMetaData.ItemCreationTime": "2020-02-26T09:55:38", + "o365.audit.SharePointMetaData.ItemLastModifiedTime": "2020-02-26T09:56:12", + "o365.audit.SharePointMetaData.SiteCollectionGuid": "4aaa3319-df17-4ea0-a142-42cf204cfc62", + "o365.audit.SharePointMetaData.SiteCollectionUrl": "https://testsiem2.sharepoint.com/sites/Internalcommunications", + "o365.audit.SharePointMetaData.UniqueID": "3ace820e-9358-4520-9df6-5bd65602cef0", + "o365.audit.UserId": "DLPAgent", + "o365.audit.UserKey": "DLPAgent", + "o365.audit.UserType": 4, + "o365.audit.Version": 1, + "o365.audit.Workload": "SharePoint", + "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "related.user": [ + "alice", + "alice@testsiem2.onmicrosoft.com" + ], + "rule.id": "121c85c3-b2b2-4d5b-af11-b1d1bc0b36fd", + "rule.name": "Low volume of content detected France Financial", + "service.type": "o365", + "url.original": "https://testsiem2.sharepoint.com/sites/Internalcommunications/Shared%20Documents/Document.docx", + "user.domain": "testsiem2.onmicrosoft.com", + "user.id": "alice@testsiem2.onmicrosoft.com", + "user.name": "alice" + }, + { + "@timestamp": "2020-02-26T12:39:40.000Z", + "event.action": "DLPRuleMatch", + "event.category": "file", + "event.code": "ComplianceDLPSharePoint", + "event.dataset": "o365.audit", + "event.id": "93585ace-96eb-4af1-fdb2-08d7bab8f2bd", + "event.kind": "alert", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.severity": 4, + "event.type": "access", + "file.inode": "3ace820e-9358-4520-9df6-5bd65602cef0", + "file.name": "Document.docx", + "file.owner": "alice@testsiem2.onmicrosoft.com", + "fileset.name": "audit", + "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "input.type": "log", + "log.offset": 10042, + "o365.audit.CreationTime": "2020-02-26T12:39:40", + "o365.audit.Id": "93585ace-96eb-4af1-fdb2-08d7bab8f2bd", + "o365.audit.IncidentId": "0ae82be2-e321-ab52-d000-08d7bab8fe55", + "o365.audit.Operation": "DLPRuleMatch", + "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "o365.audit.PolicyDetails": [ + { + "PolicyId": "08745d02-5d45-48bd-98e1-8199ab1efdbe", + "PolicyName": "Financial Data Detection", + "Rules": [ + { + "ActionParameters": [ + "GenerateAlert:asr@testsiem2.onmicrosoft.com" + ], + "Actions": [ + "NotifyUser", + "GenerateAlert" + ], + "ConditionsMatched": { + "SensitiveInformation": [ + { + "Confidence": 85, + "Count": 42, + "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085" + }, + { + "Confidence": 85, + "Count": 2, + "SensitiveType": "0e9b3178-9678-47dd-a509-37222ca96b42" + } + ] + }, + "RuleId": "121c85c3-b2b2-4d5b-af11-b1d1bc0b36fd", + "RuleMode": "Enable", + "RuleName": "Low volume of content detected France Financial", + "Severity": "High" + } + ] + } + ], + "o365.audit.RecordType": 11, + "o365.audit.SensitiveInfoDetectionIsIncluded": false, + "o365.audit.SharePointMetaData.FileName": "Document.docx", + "o365.audit.SharePointMetaData.FileOwner": "alice@testsiem2.onmicrosoft.com", + "o365.audit.SharePointMetaData.FilePathUrl": "https://testsiem2.sharepoint.com/sites/Internalcommunications/Shared%20Documents/Document.docx", + "o365.audit.SharePointMetaData.FileSize": 35920, + "o365.audit.SharePointMetaData.From": "alice@testsiem2.onmicrosoft.com", + "o365.audit.SharePointMetaData.IsViewableByExternalUsers": false, + "o365.audit.SharePointMetaData.ItemCreationTime": "2020-02-26T09:55:38", + "o365.audit.SharePointMetaData.ItemLastModifiedTime": "2020-02-26T09:56:12", + "o365.audit.SharePointMetaData.SiteCollectionGuid": "4aaa3319-df17-4ea0-a142-42cf204cfc62", + "o365.audit.SharePointMetaData.SiteCollectionUrl": "https://testsiem2.sharepoint.com/sites/Internalcommunications", + "o365.audit.SharePointMetaData.UniqueID": "3ace820e-9358-4520-9df6-5bd65602cef0", + "o365.audit.UserId": "DLPAgent", + "o365.audit.UserKey": "DLPAgent", + "o365.audit.UserType": 4, + "o365.audit.Version": 1, + "o365.audit.Workload": "SharePoint", + "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "related.user": [ + "alice", + "alice@testsiem2.onmicrosoft.com" + ], + "rule.id": "121c85c3-b2b2-4d5b-af11-b1d1bc0b36fd", + "rule.name": "Low volume of content detected France Financial", + "service.type": "o365", + "url.original": "https://testsiem2.sharepoint.com/sites/Internalcommunications/Shared%20Documents/Document.docx", + "user.domain": "testsiem2.onmicrosoft.com", + "user.id": "alice@testsiem2.onmicrosoft.com", + "user.name": "alice" + } +] \ No newline at end of file diff --git a/filebeat/module/o365/audit/test/13-dlp-exchange.log b/filebeat/module/o365/audit/test/13-dlp-exchange.log new file mode 100644 index 00000000000..8d0622d352f --- /dev/null +++ b/filebeat/module/o365/audit/test/13-dlp-exchange.log @@ -0,0 +1,6 @@ +{"Workload":"Exchange","SensitiveInfoDetectionIsIncluded":false,"ObjectId":"","OrganizationId":"0e1dddce-163e-4b0b-9e33-87ba56ac4655","CreationTime":"2020-02-24T20:11:15","UserId":"DlpAgent","UserType":4,"Version":1,"PolicyDetails":[{"Rules":[{"Severity":"High","RuleId":"51e3d97a-e159-4645-9092-608bd24e083a","ConditionsMatched":{"OtherConditions":[{"Name":"AccessScope","Value":"IncludeExternalUsers"}],"SensitiveInformation":[{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"419f449f-6d9d-4be1-a154-b531f7a91b41"},{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"b8fe86d1-c056-453b-bfaa-9fe698699ecc"}]},"Actions":["BlockAccess","NotifyUser","GenerateIncidentReport"],"RuleName":"High volume of content detected test","ActionParameters":["GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"],"RuleMode":"Enable"},{"Severity":"Medium","RuleId":"51e3d97a-1234-4645-9092-608bd24e083a","ConditionsMatched":{"OtherConditions":[{"Name":"AccessScope","Value":"IncludeExternalUsers"}],"SensitiveInformation":[{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"419f449f-6d9d-4be1-a154-b531f7a91b41"},{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"b8fe86d1-c056-453b-bfaa-9fe698699ecc"}]},"Actions":["BlockAccess","NotifyUser","GenerateIncidentReport"],"RuleName":"Mid volume of content detected test","ActionParameters":["GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"],"RuleMode":"Enable"}],"PolicyName":"test","PolicyId":"88956b36-45b3-4828-bf53-78603c0e5f58"}],"ExchangeMetaData":{"From":"asr@testsiem2.onmicrosoft.com","CC":["asr@example.net"],"BCC":[],"To":["asr@example.org"],"FileSize":13405,"UniqueID":"8e103f2f-b293-4062-38b8-08d7b965b2fa","MessageID":"","RecipientCount":2,"Sent":"2020-02-24T20:11:14","Subject":"Here's the phony data"},"UserKey":"1153801116545789462","Operation":"DlpRuleMatch","IncidentId":"c1dc582b-fa61-6020-1800-08d7b966ec64","Id":"d5a0e7d9-e06f-498c-8413-eb83b7dbd516","RecordType":13} +{"Workload":"Exchange","SensitiveInfoDetectionIsIncluded":false,"ObjectId":"","OrganizationId":"0e1dddce-163e-4b0b-9e33-87ba56ac4655","CreationTime":"2020-02-24T20:11:15","UserId":"DlpAgent","UserType":4,"Version":1,"PolicyDetails":[{"Rules":[{"Severity":"High","RuleId":"51e3d97a-e159-4645-9092-608bd24e083a","ConditionsMatched":{"OtherConditions":[{"Name":"AccessScope","Value":"IncludeExternalUsers"}],"SensitiveInformation":[{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"419f449f-6d9d-4be1-a154-b531f7a91b41"},{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"b8fe86d1-c056-453b-bfaa-9fe698699ecc"}]},"Actions":["BlockAccess","NotifyUser","GenerateIncidentReport"],"RuleName":"High volume of content detected test","ActionParameters":["GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"],"RuleMode":"Enable"},{"Severity":"Medium","RuleId":"51e3d97a-1234-4645-9092-608bd24e083a","ConditionsMatched":{"OtherConditions":[{"Name":"AccessScope","Value":"IncludeExternalUsers"}],"SensitiveInformation":[{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"419f449f-6d9d-4be1-a154-b531f7a91b41"},{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"b8fe86d1-c056-453b-bfaa-9fe698699ecc"}]},"Actions":["BlockAccess","NotifyUser","GenerateIncidentReport"],"RuleName":"Mid volume of content detected test","ActionParameters":["GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"],"RuleMode":"Enable"}],"PolicyName":"test","PolicyId":"88956b36-45b3-4828-bf53-78603c0e5f58"}],"ExchangeMetaData":{"From":"asr@testsiem2.onmicrosoft.com","CC":["asr@example.net"],"BCC":[],"To":["asr@example.org"],"FileSize":13405,"UniqueID":"8e103f2f-b293-4062-38b8-08d7b965b2fa","MessageID":"","RecipientCount":2,"Sent":"2020-02-24T20:11:14","Subject":"Here's the phony data"},"UserKey":"1153801116545789462","Operation":"DlpRuleUndo","IncidentId":"c1dc582b-fa61-6020-1800-08d7b966ec64","Id":"d5a0e7d9-e06f-498c-8413-eb83b7dbd516","RecordType":13} +{"Workload":"Exchange","SensitiveInfoDetectionIsIncluded":false,"ObjectId":"","OrganizationId":"0e1dddce-163e-4b0b-9e33-87ba56ac4655","CreationTime":"2020-02-24T20:11:15","UserId":"DlpAgent","UserType":4,"Version":1,"ExceptionInfo":"{ \"Justification\": \"I really need to share those files\" }","PolicyDetails":[{"Rules":[{"Severity":"High","RuleId":"51e3d97a-e159-4645-9092-608bd24e083a","ConditionsMatched":{"OtherConditions":[{"Name":"AccessScope","Value":"IncludeExternalUsers"}],"SensitiveInformation":[{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"419f449f-6d9d-4be1-a154-b531f7a91b41"},{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"b8fe86d1-c056-453b-bfaa-9fe698699ecc"}]},"Actions":["BlockAccess","NotifyUser","GenerateIncidentReport"],"RuleName":"High volume of content detected test","ActionParameters":["GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"],"RuleMode":"Enable"},{"Severity":"Medium","RuleId":"51e3d97a-1234-4645-9092-608bd24e083a","ConditionsMatched":{"OtherConditions":[{"Name":"AccessScope","Value":"IncludeExternalUsers"}],"SensitiveInformation":[{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"419f449f-6d9d-4be1-a154-b531f7a91b41"},{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"b8fe86d1-c056-453b-bfaa-9fe698699ecc"}]},"Actions":["BlockAccess","NotifyUser","GenerateIncidentReport"],"RuleName":"Mid volume of content detected test","ActionParameters":["GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"],"RuleMode":"Enable"}],"PolicyName":"test","PolicyId":"88956b36-45b3-4828-bf53-78603c0e5f58"}],"ExchangeMetaData":{"From":"asr@testsiem2.onmicrosoft.com","CC":["asr@example.net"],"BCC":[],"To":["asr@example.org"],"FileSize":13405,"UniqueID":"8e103f2f-b293-4062-38b8-08d7b965b2fa","MessageID":"","RecipientCount":2,"Sent":"2020-02-24T20:11:14","Subject":"Here's the phony data"},"UserKey":"1153801116545789462","Operation":"DlpRuleMatch","IncidentId":"c1dc582b-fa61-6020-1800-08d7b966ec64","Id":"d5a0e7d9-e06f-498c-8413-eb83b7dbd516","RecordType":13} +{"Workload":"Exchange","SensitiveInfoDetectionIsIncluded":false,"ObjectId":"","OrganizationId":"0e1dddce-163e-4b0b-9e33-87ba56ac4655","CreationTime":"2020-02-24T20:11:15","UserId":"DlpAgent","UserType":4,"Version":1,"ExceptionInfo":{ "FalsePositive": true },"PolicyDetails":[{"Rules":[{"Severity":"High","RuleId":"51e3d97a-e159-4645-9092-608bd24e083a","ConditionsMatched":{"OtherConditions":[{"Name":"AccessScope","Value":"IncludeExternalUsers"}],"SensitiveInformation":[{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"419f449f-6d9d-4be1-a154-b531f7a91b41"},{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"b8fe86d1-c056-453b-bfaa-9fe698699ecc"}]},"Actions":["BlockAccess","NotifyUser","GenerateIncidentReport"],"RuleName":"High volume of content detected test","ActionParameters":["GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"],"RuleMode":"Enable"},{"Severity":"Medium","RuleId":"51e3d97a-1234-4645-9092-608bd24e083a","ConditionsMatched":{"OtherConditions":[{"Name":"AccessScope","Value":"IncludeExternalUsers"}],"SensitiveInformation":[{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"419f449f-6d9d-4be1-a154-b531f7a91b41"},{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"b8fe86d1-c056-453b-bfaa-9fe698699ecc"}]},"Actions":["BlockAccess","NotifyUser","GenerateIncidentReport"],"RuleName":"Mid volume of content detected test","ActionParameters":["GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"],"RuleMode":"Enable"}],"PolicyName":"test","PolicyId":"88956b36-45b3-4828-bf53-78603c0e5f58"}],"ExchangeMetaData":{"From":"asr@testsiem2.onmicrosoft.com","CC":["asr@example.net"],"BCC":[],"To":["asr@example.org"],"FileSize":13405,"UniqueID":"8e103f2f-b293-4062-38b8-08d7b965b2fa","MessageID":"","RecipientCount":2,"Sent":"2020-02-24T20:11:14","Subject":"Here's the phony data"},"UserKey":"1153801116545789462","Operation":"DlpRuleMatch","IncidentId":"c1dc582b-fa61-6020-1800-08d7b966ec64","Id":"d5a0e7d9-e06f-498c-8413-eb83b7dbd516","RecordType":13} +{"Workload":"Exchange","SensitiveInfoDetectionIsIncluded":false,"ObjectId":"","OrganizationId":"0e1dddce-163e-4b0b-9e33-87ba56ac4655","UserId":"DlpAgent","CreationTime":"2020-02-24T20:11:15","UserType":4,"Version":1,"PolicyDetails":[{"Rules":[{"Severity":"Low","RuleId":"8398c03a-a00d-42bb-8f80-ead0ad04e1df","RuleName":"Low volume of content detected test","Actions":["NotifyUser"],"ConditionsMatched":{"OtherConditions":[{"Name":"AccessScope","Value":"IncludeExternalUsers"}],"SensitiveInformation":[{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"419f449f-6d9d-4be1-a154-b531f7a91b41"},{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"b8fe86d1-c056-453b-bfaa-9fe698699ecc"}]},"RuleMode":"Enable"}],"PolicyName":"test","PolicyId":"88956b36-45b3-4828-bf53-78603c0e5f58"}],"ExchangeMetaData":{"From":"asr@testsiem2.onmicrosoft.com","CC":["asr@example.net"],"BCC":[],"To":["asr@example.org"],"FileSize":13310,"UniqueID":"8e103f2f-b293-4062-38b8-08d7b965b2fa","MessageID":"","RecipientCount":2,"Sent":"2020-02-24T20:11:14","Subject":"Here's the phony data"},"UserKey":"1153801116545789462","Operation":"DlpRuleMatch","IncidentId":"c1dc582b-fa61-6020-1800-08d7b966ec64","Id":"a42123a9-1c07-4dde-9be6-ac71cb9fd16b","RecordType":13} +{"Workload":"Exchange","SensitiveInfoDetectionIsIncluded":false,"ObjectId":"","OrganizationId":"0e1dddce-163e-4b0b-9e33-87ba56ac4655","UserId":"DlpAgent","CreationTime":"2020-02-24T20:11:15","UserType":4,"Version":1,"PolicyDetails":[{"Rules":[{"Severity":"Low","RuleId":"8398c03a-a00d-42bb-8f80-ead0ad04e1df","RuleName":"Low volume of content detected test","Actions":["NotifyUser"],"ConditionsMatched":{"OtherConditions":[{"Name":"AccessScope","Value":"IncludeExternalUsers"}],"SensitiveInformation":[{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"419f449f-6d9d-4be1-a154-b531f7a91b41"},{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"b8fe86d1-c056-453b-bfaa-9fe698699ecc"}]},"RuleMode":"Enable"}],"PolicyName":"test","PolicyId":"88956b36-45b3-4828-bf53-78603c0e5f58"}],"SharePointMetaData":{"From":"alice@testsiem2.onmicrosoft.com","itemCreationTime":"2020-02-20T11:23:45","UniqueID":"8e103f2f-b293-4062-38b8-08d7b965b2fa","FileName":"Company-Internal-Financial.docx","FileOwner":"alice@testsiem2.onmicrosoft.com","FilePathUrl":"https://example.net/testsiem2.onmicrosoft.com/sharepoint","LastModifiedTime":"2020-02-24T12:13:14Z"},"UserKey":"1153801116545789462","Operation":"DlpRuleMatch","IncidentId":"c1dc582b-fa61-6020-1800-08d7b966ec64","Id":"a42123a9-1c07-4dde-9be6-ac71cb9fd16b","RecordType":13} diff --git a/filebeat/module/o365/audit/test/13-dlp-exchange.log-expected.json b/filebeat/module/o365/audit/test/13-dlp-exchange.log-expected.json new file mode 100644 index 00000000000..2a245f64168 --- /dev/null +++ b/filebeat/module/o365/audit/test/13-dlp-exchange.log-expected.json @@ -0,0 +1,780 @@ +[ + { + "@timestamp": "2020-02-24T20:11:15.000Z", + "destination.user.email": [ + "asr@example.org", + "asr@example.net" + ], + "event.action": "DlpRuleMatch", + "event.category": "file", + "event.code": "ComplianceDLPExchange", + "event.dataset": "o365.audit", + "event.id": "d5a0e7d9-e06f-498c-8413-eb83b7dbd516", + "event.kind": "alert", + "event.module": "o365", + "event.outcome": "failure", + "event.provider": "Exchange", + "event.severity": 4, + "event.type": "access", + "fileset.name": "audit", + "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "input.type": "log", + "log.offset": 0, + "message": "Here's the phony data", + "o365.audit.CreationTime": "2020-02-24T20:11:15", + "o365.audit.ExchangeMetaData.BCC": [], + "o365.audit.ExchangeMetaData.CC": [ + "asr@example.net" + ], + "o365.audit.ExchangeMetaData.FileSize": 13405, + "o365.audit.ExchangeMetaData.From": "asr@testsiem2.onmicrosoft.com", + "o365.audit.ExchangeMetaData.MessageID": "", + "o365.audit.ExchangeMetaData.RecipientCount": 2, + "o365.audit.ExchangeMetaData.Sent": "2020-02-24T20:11:14", + "o365.audit.ExchangeMetaData.Subject": "Here's the phony data", + "o365.audit.ExchangeMetaData.To": [ + "asr@example.org" + ], + "o365.audit.ExchangeMetaData.UniqueID": "8e103f2f-b293-4062-38b8-08d7b965b2fa", + "o365.audit.Id": "d5a0e7d9-e06f-498c-8413-eb83b7dbd516", + "o365.audit.IncidentId": "c1dc582b-fa61-6020-1800-08d7b966ec64", + "o365.audit.ObjectId": "", + "o365.audit.Operation": "DlpRuleMatch", + "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "o365.audit.PolicyDetails": [ + { + "PolicyId": "88956b36-45b3-4828-bf53-78603c0e5f58", + "PolicyName": "test", + "Rules": [ + { + "ActionParameters": [ + "GenerateIncidentReport:asr@testsiem2.onmicrosoft.com" + ], + "Actions": [ + "BlockAccess", + "NotifyUser", + "GenerateIncidentReport" + ], + "ConditionsMatched": { + "OtherConditions": [ + { + "Name": "AccessScope", + "Value": "IncludeExternalUsers" + } + ], + "SensitiveInformation": [ + { + "Confidence": 75, + "Count": 1, + "Location": "Message Body", + "SensitiveType": "419f449f-6d9d-4be1-a154-b531f7a91b41", + "UniqueCount": 1 + }, + { + "Confidence": 75, + "Count": 1, + "Location": "Message Body", + "SensitiveType": "b8fe86d1-c056-453b-bfaa-9fe698699ecc", + "UniqueCount": 1 + } + ] + }, + "RuleId": "51e3d97a-e159-4645-9092-608bd24e083a", + "RuleMode": "Enable", + "RuleName": "High volume of content detected test", + "Severity": "High" + }, + { + "ActionParameters": [ + "GenerateIncidentReport:asr@testsiem2.onmicrosoft.com" + ], + "Actions": [ + "BlockAccess", + "NotifyUser", + "GenerateIncidentReport" + ], + "ConditionsMatched": { + "OtherConditions": [ + { + "Name": "AccessScope", + "Value": "IncludeExternalUsers" + } + ], + "SensitiveInformation": [ + { + "Confidence": 75, + "Count": 1, + "Location": "Message Body", + "SensitiveType": "419f449f-6d9d-4be1-a154-b531f7a91b41", + "UniqueCount": 1 + }, + { + "Confidence": 75, + "Count": 1, + "Location": "Message Body", + "SensitiveType": "b8fe86d1-c056-453b-bfaa-9fe698699ecc", + "UniqueCount": 1 + } + ] + }, + "RuleId": "51e3d97a-1234-4645-9092-608bd24e083a", + "RuleMode": "Enable", + "RuleName": "Mid volume of content detected test", + "Severity": "Medium" + } + ] + } + ], + "o365.audit.RecordType": 13, + "o365.audit.SensitiveInfoDetectionIsIncluded": false, + "o365.audit.UserId": "DlpAgent", + "o365.audit.UserKey": "1153801116545789462", + "o365.audit.UserType": 4, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "rule.id": [ + "51e3d97a-e159-4645-9092-608bd24e083a", + "51e3d97a-1234-4645-9092-608bd24e083a" + ], + "rule.name": [ + "High volume of content detected test", + "Mid volume of content detected test" + ], + "service.type": "o365", + "source.user.email": "asr@testsiem2.onmicrosoft.com", + "user.id": "DlpAgent" + }, + { + "@timestamp": "2020-02-24T20:11:15.000Z", + "destination.user.email": [ + "asr@example.org", + "asr@example.net" + ], + "event.action": "DlpRuleUndo", + "event.category": "file", + "event.code": "ComplianceDLPExchange", + "event.dataset": "o365.audit", + "event.id": "d5a0e7d9-e06f-498c-8413-eb83b7dbd516", + "event.kind": "alert", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.severity": 4, + "event.type": "access", + "fileset.name": "audit", + "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "input.type": "log", + "log.offset": 2230, + "message": "Here's the phony data", + "o365.audit.CreationTime": "2020-02-24T20:11:15", + "o365.audit.ExchangeMetaData.BCC": [], + "o365.audit.ExchangeMetaData.CC": [ + "asr@example.net" + ], + "o365.audit.ExchangeMetaData.FileSize": 13405, + "o365.audit.ExchangeMetaData.From": "asr@testsiem2.onmicrosoft.com", + "o365.audit.ExchangeMetaData.MessageID": "", + "o365.audit.ExchangeMetaData.RecipientCount": 2, + "o365.audit.ExchangeMetaData.Sent": "2020-02-24T20:11:14", + "o365.audit.ExchangeMetaData.Subject": "Here's the phony data", + "o365.audit.ExchangeMetaData.To": [ + "asr@example.org" + ], + "o365.audit.ExchangeMetaData.UniqueID": "8e103f2f-b293-4062-38b8-08d7b965b2fa", + "o365.audit.Id": "d5a0e7d9-e06f-498c-8413-eb83b7dbd516", + "o365.audit.IncidentId": "c1dc582b-fa61-6020-1800-08d7b966ec64", + "o365.audit.ObjectId": "", + "o365.audit.Operation": "DlpRuleUndo", + "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "o365.audit.PolicyDetails": [ + { + "PolicyId": "88956b36-45b3-4828-bf53-78603c0e5f58", + "PolicyName": "test", + "Rules": [ + { + "ActionParameters": [ + "GenerateIncidentReport:asr@testsiem2.onmicrosoft.com" + ], + "Actions": [ + "BlockAccess", + "NotifyUser", + "GenerateIncidentReport" + ], + "ConditionsMatched": { + "OtherConditions": [ + { + "Name": "AccessScope", + "Value": "IncludeExternalUsers" + } + ], + "SensitiveInformation": [ + { + "Confidence": 75, + "Count": 1, + "Location": "Message Body", + "SensitiveType": "419f449f-6d9d-4be1-a154-b531f7a91b41", + "UniqueCount": 1 + }, + { + "Confidence": 75, + "Count": 1, + "Location": "Message Body", + "SensitiveType": "b8fe86d1-c056-453b-bfaa-9fe698699ecc", + "UniqueCount": 1 + } + ] + }, + "RuleId": "51e3d97a-e159-4645-9092-608bd24e083a", + "RuleMode": "Enable", + "RuleName": "High volume of content detected test", + "Severity": "High" + }, + { + "ActionParameters": [ + "GenerateIncidentReport:asr@testsiem2.onmicrosoft.com" + ], + "Actions": [ + "BlockAccess", + "NotifyUser", + "GenerateIncidentReport" + ], + "ConditionsMatched": { + "OtherConditions": [ + { + "Name": "AccessScope", + "Value": "IncludeExternalUsers" + } + ], + "SensitiveInformation": [ + { + "Confidence": 75, + "Count": 1, + "Location": "Message Body", + "SensitiveType": "419f449f-6d9d-4be1-a154-b531f7a91b41", + "UniqueCount": 1 + }, + { + "Confidence": 75, + "Count": 1, + "Location": "Message Body", + "SensitiveType": "b8fe86d1-c056-453b-bfaa-9fe698699ecc", + "UniqueCount": 1 + } + ] + }, + "RuleId": "51e3d97a-1234-4645-9092-608bd24e083a", + "RuleMode": "Enable", + "RuleName": "Mid volume of content detected test", + "Severity": "Medium" + } + ] + } + ], + "o365.audit.RecordType": 13, + "o365.audit.SensitiveInfoDetectionIsIncluded": false, + "o365.audit.UserId": "DlpAgent", + "o365.audit.UserKey": "1153801116545789462", + "o365.audit.UserType": 4, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "rule.id": [ + "51e3d97a-e159-4645-9092-608bd24e083a", + "51e3d97a-1234-4645-9092-608bd24e083a" + ], + "rule.name": [ + "High volume of content detected test", + "Mid volume of content detected test" + ], + "service.type": "o365", + "source.user.email": "asr@testsiem2.onmicrosoft.com", + "user.id": "DlpAgent" + }, + { + "@timestamp": "2020-02-24T20:11:15.000Z", + "destination.user.email": [ + "asr@example.org", + "asr@example.net" + ], + "event.action": "DlpRuleMatch", + "event.category": "file", + "event.code": "ComplianceDLPExchange", + "event.dataset": "o365.audit", + "event.id": "d5a0e7d9-e06f-498c-8413-eb83b7dbd516", + "event.kind": "alert", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.severity": 4, + "event.type": "access", + "fileset.name": "audit", + "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "input.type": "log", + "log.offset": 4459, + "message": "Here's the phony data", + "o365.audit.CreationTime": "2020-02-24T20:11:15", + "o365.audit.ExceptionInfo.Reason": "{ \"Justification\": \"I really need to share those files\" }", + "o365.audit.ExchangeMetaData.BCC": [], + "o365.audit.ExchangeMetaData.CC": [ + "asr@example.net" + ], + "o365.audit.ExchangeMetaData.FileSize": 13405, + "o365.audit.ExchangeMetaData.From": "asr@testsiem2.onmicrosoft.com", + "o365.audit.ExchangeMetaData.MessageID": "", + "o365.audit.ExchangeMetaData.RecipientCount": 2, + "o365.audit.ExchangeMetaData.Sent": "2020-02-24T20:11:14", + "o365.audit.ExchangeMetaData.Subject": "Here's the phony data", + "o365.audit.ExchangeMetaData.To": [ + "asr@example.org" + ], + "o365.audit.ExchangeMetaData.UniqueID": "8e103f2f-b293-4062-38b8-08d7b965b2fa", + "o365.audit.Id": "d5a0e7d9-e06f-498c-8413-eb83b7dbd516", + "o365.audit.IncidentId": "c1dc582b-fa61-6020-1800-08d7b966ec64", + "o365.audit.ObjectId": "", + "o365.audit.Operation": "DlpRuleMatch", + "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "o365.audit.PolicyDetails": [ + { + "PolicyId": "88956b36-45b3-4828-bf53-78603c0e5f58", + "PolicyName": "test", + "Rules": [ + { + "ActionParameters": [ + "GenerateIncidentReport:asr@testsiem2.onmicrosoft.com" + ], + "Actions": [ + "BlockAccess", + "NotifyUser", + "GenerateIncidentReport" + ], + "ConditionsMatched": { + "OtherConditions": [ + { + "Name": "AccessScope", + "Value": "IncludeExternalUsers" + } + ], + "SensitiveInformation": [ + { + "Confidence": 75, + "Count": 1, + "Location": "Message Body", + "SensitiveType": "419f449f-6d9d-4be1-a154-b531f7a91b41", + "UniqueCount": 1 + }, + { + "Confidence": 75, + "Count": 1, + "Location": "Message Body", + "SensitiveType": "b8fe86d1-c056-453b-bfaa-9fe698699ecc", + "UniqueCount": 1 + } + ] + }, + "RuleId": "51e3d97a-e159-4645-9092-608bd24e083a", + "RuleMode": "Enable", + "RuleName": "High volume of content detected test", + "Severity": "High" + }, + { + "ActionParameters": [ + "GenerateIncidentReport:asr@testsiem2.onmicrosoft.com" + ], + "Actions": [ + "BlockAccess", + "NotifyUser", + "GenerateIncidentReport" + ], + "ConditionsMatched": { + "OtherConditions": [ + { + "Name": "AccessScope", + "Value": "IncludeExternalUsers" + } + ], + "SensitiveInformation": [ + { + "Confidence": 75, + "Count": 1, + "Location": "Message Body", + "SensitiveType": "419f449f-6d9d-4be1-a154-b531f7a91b41", + "UniqueCount": 1 + }, + { + "Confidence": 75, + "Count": 1, + "Location": "Message Body", + "SensitiveType": "b8fe86d1-c056-453b-bfaa-9fe698699ecc", + "UniqueCount": 1 + } + ] + }, + "RuleId": "51e3d97a-1234-4645-9092-608bd24e083a", + "RuleMode": "Enable", + "RuleName": "Mid volume of content detected test", + "Severity": "Medium" + } + ] + } + ], + "o365.audit.RecordType": 13, + "o365.audit.SensitiveInfoDetectionIsIncluded": false, + "o365.audit.UserId": "DlpAgent", + "o365.audit.UserKey": "1153801116545789462", + "o365.audit.UserType": 4, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "rule.id": [ + "51e3d97a-e159-4645-9092-608bd24e083a", + "51e3d97a-1234-4645-9092-608bd24e083a" + ], + "rule.name": [ + "High volume of content detected test", + "Mid volume of content detected test" + ], + "service.type": "o365", + "source.user.email": "asr@testsiem2.onmicrosoft.com", + "user.id": "DlpAgent" + }, + { + "@timestamp": "2020-02-24T20:11:15.000Z", + "destination.user.email": [ + "asr@example.org", + "asr@example.net" + ], + "event.action": "DlpRuleMatch", + "event.category": "file", + "event.code": "ComplianceDLPExchange", + "event.dataset": "o365.audit", + "event.id": "d5a0e7d9-e06f-498c-8413-eb83b7dbd516", + "event.kind": "alert", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.severity": 4, + "event.type": "access", + "fileset.name": "audit", + "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "input.type": "log", + "log.offset": 6769, + "message": "Here's the phony data", + "o365.audit.CreationTime": "2020-02-24T20:11:15", + "o365.audit.ExceptionInfo.FalsePositive": true, + "o365.audit.ExchangeMetaData.BCC": [], + "o365.audit.ExchangeMetaData.CC": [ + "asr@example.net" + ], + "o365.audit.ExchangeMetaData.FileSize": 13405, + "o365.audit.ExchangeMetaData.From": "asr@testsiem2.onmicrosoft.com", + "o365.audit.ExchangeMetaData.MessageID": "", + "o365.audit.ExchangeMetaData.RecipientCount": 2, + "o365.audit.ExchangeMetaData.Sent": "2020-02-24T20:11:14", + "o365.audit.ExchangeMetaData.Subject": "Here's the phony data", + "o365.audit.ExchangeMetaData.To": [ + "asr@example.org" + ], + "o365.audit.ExchangeMetaData.UniqueID": "8e103f2f-b293-4062-38b8-08d7b965b2fa", + "o365.audit.Id": "d5a0e7d9-e06f-498c-8413-eb83b7dbd516", + "o365.audit.IncidentId": "c1dc582b-fa61-6020-1800-08d7b966ec64", + "o365.audit.ObjectId": "", + "o365.audit.Operation": "DlpRuleMatch", + "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "o365.audit.PolicyDetails": [ + { + "PolicyId": "88956b36-45b3-4828-bf53-78603c0e5f58", + "PolicyName": "test", + "Rules": [ + { + "ActionParameters": [ + "GenerateIncidentReport:asr@testsiem2.onmicrosoft.com" + ], + "Actions": [ + "BlockAccess", + "NotifyUser", + "GenerateIncidentReport" + ], + "ConditionsMatched": { + "OtherConditions": [ + { + "Name": "AccessScope", + "Value": "IncludeExternalUsers" + } + ], + "SensitiveInformation": [ + { + "Confidence": 75, + "Count": 1, + "Location": "Message Body", + "SensitiveType": "419f449f-6d9d-4be1-a154-b531f7a91b41", + "UniqueCount": 1 + }, + { + "Confidence": 75, + "Count": 1, + "Location": "Message Body", + "SensitiveType": "b8fe86d1-c056-453b-bfaa-9fe698699ecc", + "UniqueCount": 1 + } + ] + }, + "RuleId": "51e3d97a-e159-4645-9092-608bd24e083a", + "RuleMode": "Enable", + "RuleName": "High volume of content detected test", + "Severity": "High" + }, + { + "ActionParameters": [ + "GenerateIncidentReport:asr@testsiem2.onmicrosoft.com" + ], + "Actions": [ + "BlockAccess", + "NotifyUser", + "GenerateIncidentReport" + ], + "ConditionsMatched": { + "OtherConditions": [ + { + "Name": "AccessScope", + "Value": "IncludeExternalUsers" + } + ], + "SensitiveInformation": [ + { + "Confidence": 75, + "Count": 1, + "Location": "Message Body", + "SensitiveType": "419f449f-6d9d-4be1-a154-b531f7a91b41", + "UniqueCount": 1 + }, + { + "Confidence": 75, + "Count": 1, + "Location": "Message Body", + "SensitiveType": "b8fe86d1-c056-453b-bfaa-9fe698699ecc", + "UniqueCount": 1 + } + ] + }, + "RuleId": "51e3d97a-1234-4645-9092-608bd24e083a", + "RuleMode": "Enable", + "RuleName": "Mid volume of content detected test", + "Severity": "Medium" + } + ] + } + ], + "o365.audit.RecordType": 13, + "o365.audit.SensitiveInfoDetectionIsIncluded": false, + "o365.audit.UserId": "DlpAgent", + "o365.audit.UserKey": "1153801116545789462", + "o365.audit.UserType": 4, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "rule.id": [ + "51e3d97a-e159-4645-9092-608bd24e083a", + "51e3d97a-1234-4645-9092-608bd24e083a" + ], + "rule.name": [ + "High volume of content detected test", + "Mid volume of content detected test" + ], + "service.type": "o365", + "source.user.email": "asr@testsiem2.onmicrosoft.com", + "user.id": "DlpAgent" + }, + { + "@timestamp": "2020-02-24T20:11:15.000Z", + "destination.user.email": [ + "asr@example.org", + "asr@example.net" + ], + "event.action": "DlpRuleMatch", + "event.category": "file", + "event.code": "ComplianceDLPExchange", + "event.dataset": "o365.audit", + "event.id": "a42123a9-1c07-4dde-9be6-ac71cb9fd16b", + "event.kind": "alert", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.severity": 2, + "event.type": "access", + "fileset.name": "audit", + "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "input.type": "log", + "log.offset": 9041, + "message": "Here's the phony data", + "o365.audit.CreationTime": "2020-02-24T20:11:15", + "o365.audit.ExchangeMetaData.BCC": [], + "o365.audit.ExchangeMetaData.CC": [ + "asr@example.net" + ], + "o365.audit.ExchangeMetaData.FileSize": 13310, + "o365.audit.ExchangeMetaData.From": "asr@testsiem2.onmicrosoft.com", + "o365.audit.ExchangeMetaData.MessageID": "", + "o365.audit.ExchangeMetaData.RecipientCount": 2, + "o365.audit.ExchangeMetaData.Sent": "2020-02-24T20:11:14", + "o365.audit.ExchangeMetaData.Subject": "Here's the phony data", + "o365.audit.ExchangeMetaData.To": [ + "asr@example.org" + ], + "o365.audit.ExchangeMetaData.UniqueID": "8e103f2f-b293-4062-38b8-08d7b965b2fa", + "o365.audit.Id": "a42123a9-1c07-4dde-9be6-ac71cb9fd16b", + "o365.audit.IncidentId": "c1dc582b-fa61-6020-1800-08d7b966ec64", + "o365.audit.ObjectId": "", + "o365.audit.Operation": "DlpRuleMatch", + "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "o365.audit.PolicyDetails": [ + { + "PolicyId": "88956b36-45b3-4828-bf53-78603c0e5f58", + "PolicyName": "test", + "Rules": [ + { + "Actions": [ + "NotifyUser" + ], + "ConditionsMatched": { + "OtherConditions": [ + { + "Name": "AccessScope", + "Value": "IncludeExternalUsers" + } + ], + "SensitiveInformation": [ + { + "Confidence": 75, + "Count": 1, + "Location": "Message Body", + "SensitiveType": "419f449f-6d9d-4be1-a154-b531f7a91b41", + "UniqueCount": 1 + }, + { + "Confidence": 75, + "Count": 1, + "Location": "Message Body", + "SensitiveType": "b8fe86d1-c056-453b-bfaa-9fe698699ecc", + "UniqueCount": 1 + } + ] + }, + "RuleId": "8398c03a-a00d-42bb-8f80-ead0ad04e1df", + "RuleMode": "Enable", + "RuleName": "Low volume of content detected test", + "Severity": "Low" + } + ] + } + ], + "o365.audit.RecordType": 13, + "o365.audit.SensitiveInfoDetectionIsIncluded": false, + "o365.audit.UserId": "DlpAgent", + "o365.audit.UserKey": "1153801116545789462", + "o365.audit.UserType": 4, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "rule.id": "8398c03a-a00d-42bb-8f80-ead0ad04e1df", + "rule.name": "Low volume of content detected test", + "service.type": "o365", + "source.user.email": "asr@testsiem2.onmicrosoft.com", + "user.id": "DlpAgent" + }, + { + "@timestamp": "2020-02-24T20:11:15.000Z", + "event.action": "DlpRuleMatch", + "event.category": "file", + "event.code": "ComplianceDLPExchange", + "event.dataset": "o365.audit", + "event.id": "a42123a9-1c07-4dde-9be6-ac71cb9fd16b", + "event.kind": "alert", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Exchange", + "event.severity": 2, + "event.type": "access", + "file.inode": "8e103f2f-b293-4062-38b8-08d7b965b2fa", + "file.mtime": "2020-02-24T12:13:14.000Z", + "file.name": "Company-Internal-Financial.docx", + "file.owner": "alice@testsiem2.onmicrosoft.com", + "fileset.name": "audit", + "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "input.type": "log", + "log.offset": 10504, + "o365.audit.CreationTime": "2020-02-24T20:11:15", + "o365.audit.Id": "a42123a9-1c07-4dde-9be6-ac71cb9fd16b", + "o365.audit.IncidentId": "c1dc582b-fa61-6020-1800-08d7b966ec64", + "o365.audit.ObjectId": "", + "o365.audit.Operation": "DlpRuleMatch", + "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "o365.audit.PolicyDetails": [ + { + "PolicyId": "88956b36-45b3-4828-bf53-78603c0e5f58", + "PolicyName": "test", + "Rules": [ + { + "Actions": [ + "NotifyUser" + ], + "ConditionsMatched": { + "OtherConditions": [ + { + "Name": "AccessScope", + "Value": "IncludeExternalUsers" + } + ], + "SensitiveInformation": [ + { + "Confidence": 75, + "Count": 1, + "Location": "Message Body", + "SensitiveType": "419f449f-6d9d-4be1-a154-b531f7a91b41", + "UniqueCount": 1 + }, + { + "Confidence": 75, + "Count": 1, + "Location": "Message Body", + "SensitiveType": "b8fe86d1-c056-453b-bfaa-9fe698699ecc", + "UniqueCount": 1 + } + ] + }, + "RuleId": "8398c03a-a00d-42bb-8f80-ead0ad04e1df", + "RuleMode": "Enable", + "RuleName": "Low volume of content detected test", + "Severity": "Low" + } + ] + } + ], + "o365.audit.RecordType": 13, + "o365.audit.SensitiveInfoDetectionIsIncluded": false, + "o365.audit.SharePointMetaData.FileName": "Company-Internal-Financial.docx", + "o365.audit.SharePointMetaData.FileOwner": "alice@testsiem2.onmicrosoft.com", + "o365.audit.SharePointMetaData.FilePathUrl": "https://example.net/testsiem2.onmicrosoft.com/sharepoint", + "o365.audit.SharePointMetaData.From": "alice@testsiem2.onmicrosoft.com", + "o365.audit.SharePointMetaData.LastModifiedTime": "2020-02-24T12:13:14Z", + "o365.audit.SharePointMetaData.UniqueID": "8e103f2f-b293-4062-38b8-08d7b965b2fa", + "o365.audit.SharePointMetaData.itemCreationTime": "2020-02-20T11:23:45", + "o365.audit.UserId": "DlpAgent", + "o365.audit.UserKey": "1153801116545789462", + "o365.audit.UserType": 4, + "o365.audit.Version": 1, + "o365.audit.Workload": "Exchange", + "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "related.user": [ + "alice", + "alice@testsiem2.onmicrosoft.com" + ], + "rule.id": "8398c03a-a00d-42bb-8f80-ead0ad04e1df", + "rule.name": "Low volume of content detected test", + "service.type": "o365", + "url.original": "https://example.net/testsiem2.onmicrosoft.com/sharepoint", + "user.domain": "testsiem2.onmicrosoft.com", + "user.id": "alice@testsiem2.onmicrosoft.com", + "user.name": "alice" + } +] \ No newline at end of file diff --git a/filebeat/module/o365/audit/test/14-sp-sharing-op.log b/filebeat/module/o365/audit/test/14-sp-sharing-op.log new file mode 100644 index 00000000000..1e4f08e2f59 --- /dev/null +++ b/filebeat/module/o365/audit/test/14-sp-sharing-op.log @@ -0,0 +1,10 @@ +{"Site":"9d58b52e-2adb-4976-8c1f-9932c32a8bd2","ObjectId":"https://testsiem.sharepoint.com/sites/SIEMTest","ItemType":"Web","UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","TargetUserOrGroupName":"Everyone except external users","Operation":"AddedToGroup","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","SiteUrl":"https://testsiem.sharepoint.com/sites/SIEMTest","ClientIP":"","EventData":"Site Members","Workload":"SharePoint","EventSource":"SharePoint","RecordType":14,"TargetUserOrGroupType":"SecurityGroup","Version":1,"UserId":"app@sharepoint","WebId":"54cfe39c-0e16-4f8e-bd62-f2ac40248083","CreationTime":"2020-02-17T16:59:50","UserAgent":"","Id":"4d1a6a2b-360c-423d-96e5-08d7b3cacd83","CorrelationId":"4464369f-303c-b000-7cb1-c0cce4f2da18","UserType":0} +{"Site":"9d58b52e-2adb-4976-8c1f-9932c32a8bd2","ObjectId":"https://testsiem.sharepoint.com/sites/SIEMTest","ItemType":"Web","UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","TargetUserOrGroupName":"SHAREPOINT\\system","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","SiteUrl":"https://testsiem.sharepoint.com/sites/SIEMTest","Operation":"AddedToGroup","ClientIP":"","EventData":"Site Owners","Workload":"SharePoint","EventSource":"SharePoint","RecordType":14,"Version":1,"TargetUserOrGroupType":"Member","WebId":"54cfe39c-0e16-4f8e-bd62-f2ac40248083","UserId":"app@sharepoint","UserAgent":"","CreationTime":"2020-02-17T16:59:50","Id":"56696ec0-5a7e-4561-5e88-08d7b3cacd4a","CorrelationId":"4464369f-303c-b000-7cb1-c0cce4f2da18","UserType":0} +{"Site":"9d58b52e-2adb-4976-8c1f-9932c32a8bd2","ObjectId":"https://testsiem.sharepoint.com/sites/SIEMTest","UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","ItemType":"Web","TargetUserOrGroupName":"SIEMTest Owners","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","SiteUrl":"https://testsiem.sharepoint.com/sites/SIEMTest","Operation":"AddedToGroup","ClientIP":"","EventData":"Site Owners","Workload":"SharePoint","EventSource":"SharePoint","RecordType":14,"Version":1,"TargetUserOrGroupType":"SecurityGroup","WebId":"54cfe39c-0e16-4f8e-bd62-f2ac40248083","UserId":"app@sharepoint","CreationTime":"2020-02-17T16:59:50","UserAgent":"","CorrelationId":"4464369f-303c-b000-7cb1-c0cce4f2da18","Id":"b8c880ff-e8fe-407c-9ce9-08d7b3cacd07","UserType":0} +{"Site":"9d58b52e-2adb-4976-8c1f-9932c32a8bd2","ObjectId":"https://testsiem.sharepoint.com/sites/SIEMTest","ItemType":"Web","UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","TargetUserOrGroupName":"SIEMTest Members","Operation":"AddedToGroup","SiteUrl":"https://testsiem.sharepoint.com/sites/SIEMTest","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","ClientIP":"","EventData":"Site Members","Workload":"SharePoint","EventSource":"SharePoint","RecordType":14,"Version":1,"TargetUserOrGroupType":"SecurityGroup","UserId":"app@sharepoint","WebId":"54cfe39c-0e16-4f8e-bd62-f2ac40248083","UserAgent":"","CreationTime":"2020-02-17T16:59:50","CorrelationId":"4464369f-303c-b000-7cb1-c0cce4f2da18","Id":"483f657f-9141-45fc-b141-08d7b3caccfb","UserType":0} +{"Site":"9d58b52e-2adb-4976-8c1f-9932c32a8bd2","ObjectId":"https://testsiem.sharepoint.com/sites/SIEMTest","ItemType":"Web","TargetUserOrGroupName":"SHAREPOINT\\system","UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","SiteUrl":"https://testsiem.sharepoint.com/sites/SIEMTest","Operation":"AddedToGroup","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","ClientIP":"","EventData":"Site Owners","Workload":"SharePoint","EventSource":"SharePoint","RecordType":14,"TargetUserOrGroupType":"Member","Version":1,"UserId":"app@sharepoint","WebId":"54cfe39c-0e16-4f8e-bd62-f2ac40248083","CreationTime":"2020-02-17T16:59:49","UserAgent":"","CorrelationId":"4464369f-303c-b000-7cb1-c0cce4f2da18","Id":"13004a30-d15a-48a5-16ec-08d7b3caccc0","UserType":0} +{"Site":"d5180cfc-3479-44d6-b410-8c985ac894e3","ObjectId":"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com//personal/asr_testsiem_onmicrosoft_com/Sharing Links","ItemType":"List","UserKey":"i:0h.f|membership|1003200096971f55@live.com","SiteUrl":"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"SharingInheritanceBroken","ClientIP":"79.159.10.151","EventData":"FalseFalse","Workload":"OneDrive","SourceRelativeUrl":"Sharing Links","EventSource":"SharePoint","ListId":"b108938d-3546-4359-925d-a1b54b4db8c2","RecordType":14,"Version":1,"WebId":"8c5c94bb-8396-470c-87d7-8999f440cd30","UserId":"asr@testsiem.onmicrosoft.com","CreationTime":"2020-02-14T18:25:45","UserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0","Id":"dd162cd7-5df5-4fef-078a-08d7b17b4e95","CorrelationId":"fe71359f-005f-9000-7cb1-ccf5124703db","UserType":0} +{"Site":"d5180cfc-3479-44d6-b410-8c985ac894e3","UserKey":"i:0h.f|membership|1003200096971f55@live.com","ItemType":"File","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"AnonymousLinkCreated","EventData":"Edit","ListId":"2b6ad2bd-0fd7-4556-9c89-a97847085b85","RecordType":14,"Version":1,"WebId":"8c5c94bb-8396-470c-87d7-8999f440cd30","UserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0","CorrelationId":"fe71359f-005f-9000-7cb1-ccf5124703db","ListItemUniqueId":"7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8","UniqueSharingId":"d323b5ea-ceca-4d65-a628-e22ca9296a76","SourceFileName":"Screenshot.png","ObjectId":"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png","SiteUrl":"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com","SourceFileExtension":"png","ClientIP":"79.159.10.151","Workload":"OneDrive","SourceRelativeUrl":"Documents/Screenshot.png","EventSource":"SharePoint","UserId":"asr@testsiem.onmicrosoft.com","CreationTime":"2020-02-14T18:25:45","Id":"1cb54d72-3a76-4a7c-7b3d-08d7b17b4ec9","UserType":0} +{"Site":"d5180cfc-3479-44d6-b410-8c985ac894e3","UserKey":"i:0h.f|membership|1003200096971f55@live.com","ItemType":"File","TargetUserOrGroupName":"SharingLinks.7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8.AnonymousEdit.d323b5ea-ceca-4d65-a628-e22ca9296a76","Operation":"SharingSet","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","EventData":"Contribute","ListId":"2b6ad2bd-0fd7-4556-9c89-a97847085b85","RecordType":14,"Version":1,"WebId":"8c5c94bb-8396-470c-87d7-8999f440cd30","UserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0","CorrelationId":"fe71359f-005f-9000-7cb1-ccf5124703db","ListItemUniqueId":"7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8","ObjectId":"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png","SourceFileName":"Screenshot.png","SiteUrl":"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com","ClientIP":"79.159.10.151","SourceFileExtension":"png","Workload":"OneDrive","SourceRelativeUrl":"Documents/Screenshot.png","EventSource":"SharePoint","TargetUserOrGroupType":"SharePointGroup","UserId":"asr@testsiem.onmicrosoft.com","CreationTime":"2020-02-14T18:25:45","Id":"a8c23ab8-9447-4824-3208-08d7b17b4e5e","UserType":0} +{"Site":"d5180cfc-3479-44d6-b410-8c985ac894e3","TargetUserOrGroupName":"Limited Access System Group","UserKey":"i:0h.f|membership|1003200096971f55@live.com","ItemType":"File","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"SharingSet","EventData":"Limited Access","RecordType":14,"ListId":"2b6ad2bd-0fd7-4556-9c89-a97847085b85","Version":1,"WebId":"8c5c94bb-8396-470c-87d7-8999f440cd30","UserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0","CorrelationId":"fe71359f-005f-9000-7cb1-ccf5124703db","ListItemUniqueId":"7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8","SourceFileName":"Screenshot.png","ObjectId":"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png","SiteUrl":"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com","SourceFileExtension":"png","ClientIP":"79.159.10.151","Workload":"OneDrive","SourceRelativeUrl":"Documents/Screenshot.png","EventSource":"SharePoint","TargetUserOrGroupType":"SharePointGroup","UserId":"asr@testsiem.onmicrosoft.com","CreationTime":"2020-02-14T18:25:44","Id":"88a041e3-2f3a-483c-cf76-08d7b17b4e5b","UserType":0} +{"Site":"d5180cfc-3479-44d6-b410-8c985ac894e3","ItemType":"File","UserKey":"i:0h.f|membership|1003200096971f55@live.com","TargetUserOrGroupName":"4da1e7f54501bb99b6e0ab2ff8749842152ac02ff8c0c8017b0e40e6b67fecdd","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"SharingSet","EventData":"System.LimitedEdit","ListId":"2b6ad2bd-0fd7-4556-9c89-a97847085b85","RecordType":14,"Version":1,"WebId":"8c5c94bb-8396-470c-87d7-8999f440cd30","UserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0","CorrelationId":"fe71359f-005f-9000-7cb1-ccf5124703db","ListItemUniqueId":"7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8","ObjectId":"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png","SourceFileName":"Screenshot.png","SiteUrl":"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com","ClientIP":"79.159.10.151","SourceFileExtension":"png","Workload":"OneDrive","SourceRelativeUrl":"Documents/Screenshot.png","EventSource":"SharePoint","TargetUserOrGroupType":"SecurityGroup","UserId":"asr@testsiem.onmicrosoft.com","CreationTime":"2020-02-14T18:25:44","Id":"98633e47-3540-4e8a-bcfc-08d7b17b4e48","UserType":0} diff --git a/filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json b/filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json new file mode 100644 index 00000000000..399814ae9a0 --- /dev/null +++ b/filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json @@ -0,0 +1,586 @@ +[ + { + "@timestamp": "2020-02-17T16:59:50.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "4d1a6a2b-360c-423d-96e5-08d7b3cacd83", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 0, + "o365.audit.CorrelationId": "4464369f-303c-b000-7cb1-c0cce4f2da18", + "o365.audit.CreationTime": "2020-02-17T16:59:50", + "o365.audit.EventData": "Site Members", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "4d1a6a2b-360c-423d-96e5-08d7b3cacd83", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem.sharepoint.com/sites/SIEMTest", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 14, + "o365.audit.Site": "9d58b52e-2adb-4976-8c1f-9932c32a8bd2", + "o365.audit.SiteUrl": "https://testsiem.sharepoint.com/sites/SIEMTest", + "o365.audit.TargetUserOrGroupName": "Everyone except external users", + "o365.audit.TargetUserOrGroupType": "SecurityGroup", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "54cfe39c-0e16-4f8e-bd62-f2ac40248083", + "o365.audit.Workload": "SharePoint", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.user": "app", + "service.type": "o365", + "user.domain": "sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2020-02-17T16:59:50.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "56696ec0-5a7e-4561-5e88-08d7b3cacd4a", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 807, + "o365.audit.CorrelationId": "4464369f-303c-b000-7cb1-c0cce4f2da18", + "o365.audit.CreationTime": "2020-02-17T16:59:50", + "o365.audit.EventData": "Site Owners", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "56696ec0-5a7e-4561-5e88-08d7b3cacd4a", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem.sharepoint.com/sites/SIEMTest", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 14, + "o365.audit.Site": "9d58b52e-2adb-4976-8c1f-9932c32a8bd2", + "o365.audit.SiteUrl": "https://testsiem.sharepoint.com/sites/SIEMTest", + "o365.audit.TargetUserOrGroupName": "SHAREPOINT\\system", + "o365.audit.TargetUserOrGroupType": "Member", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "54cfe39c-0e16-4f8e-bd62-f2ac40248083", + "o365.audit.Workload": "SharePoint", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.user": "app", + "service.type": "o365", + "user.domain": "sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2020-02-17T16:59:50.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "b8c880ff-e8fe-407c-9ce9-08d7b3cacd07", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 1594, + "o365.audit.CorrelationId": "4464369f-303c-b000-7cb1-c0cce4f2da18", + "o365.audit.CreationTime": "2020-02-17T16:59:50", + "o365.audit.EventData": "Site Owners", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "b8c880ff-e8fe-407c-9ce9-08d7b3cacd07", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem.sharepoint.com/sites/SIEMTest", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 14, + "o365.audit.Site": "9d58b52e-2adb-4976-8c1f-9932c32a8bd2", + "o365.audit.SiteUrl": "https://testsiem.sharepoint.com/sites/SIEMTest", + "o365.audit.TargetUserOrGroupName": "SIEMTest Owners", + "o365.audit.TargetUserOrGroupType": "SecurityGroup", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "54cfe39c-0e16-4f8e-bd62-f2ac40248083", + "o365.audit.Workload": "SharePoint", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.user": "app", + "service.type": "o365", + "user.domain": "sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2020-02-17T16:59:50.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "483f657f-9141-45fc-b141-08d7b3caccfb", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 2385, + "o365.audit.CorrelationId": "4464369f-303c-b000-7cb1-c0cce4f2da18", + "o365.audit.CreationTime": "2020-02-17T16:59:50", + "o365.audit.EventData": "Site Members", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "483f657f-9141-45fc-b141-08d7b3caccfb", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem.sharepoint.com/sites/SIEMTest", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 14, + "o365.audit.Site": "9d58b52e-2adb-4976-8c1f-9932c32a8bd2", + "o365.audit.SiteUrl": "https://testsiem.sharepoint.com/sites/SIEMTest", + "o365.audit.TargetUserOrGroupName": "SIEMTest Members", + "o365.audit.TargetUserOrGroupType": "SecurityGroup", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "54cfe39c-0e16-4f8e-bd62-f2ac40248083", + "o365.audit.Workload": "SharePoint", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.user": "app", + "service.type": "o365", + "user.domain": "sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2020-02-17T16:59:49.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "13004a30-d15a-48a5-16ec-08d7b3caccc0", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 3178, + "o365.audit.CorrelationId": "4464369f-303c-b000-7cb1-c0cce4f2da18", + "o365.audit.CreationTime": "2020-02-17T16:59:49", + "o365.audit.EventData": "Site Owners", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "13004a30-d15a-48a5-16ec-08d7b3caccc0", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem.sharepoint.com/sites/SIEMTest", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 14, + "o365.audit.Site": "9d58b52e-2adb-4976-8c1f-9932c32a8bd2", + "o365.audit.SiteUrl": "https://testsiem.sharepoint.com/sites/SIEMTest", + "o365.audit.TargetUserOrGroupName": "SHAREPOINT\\system", + "o365.audit.TargetUserOrGroupType": "Member", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "54cfe39c-0e16-4f8e-bd62-f2ac40248083", + "o365.audit.Workload": "SharePoint", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.user": "app", + "service.type": "o365", + "user.domain": "sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2020-02-14T18:25:45.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "SharingInheritanceBroken", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "dd162cd7-5df5-4fef-078a-08d7b17b4e95", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "OneDrive", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 3965, + "network.type": "ipv4", + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CorrelationId": "fe71359f-005f-9000-7cb1-ccf5124703db", + "o365.audit.CreationTime": "2020-02-14T18:25:45", + "o365.audit.EventData": "FalseFalse", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "dd162cd7-5df5-4fef-078a-08d7b17b4e95", + "o365.audit.ItemType": "List", + "o365.audit.ListId": "b108938d-3546-4359-925d-a1b54b4db8c2", + "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com//personal/asr_testsiem_onmicrosoft_com/Sharing Links", + "o365.audit.Operation": "SharingInheritanceBroken", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 14, + "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", + "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com", + "o365.audit.SourceRelativeUrl": "Sharing Links", + "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", + "o365.audit.Workload": "OneDrive", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "73.0." + }, + { + "@timestamp": "2020-02-14T18:25:45.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "AnonymousLinkCreated", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "1cb54d72-3a76-4a7c-7b3d-08d7b17b4ec9", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "OneDrive", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 5028, + "network.type": "ipv4", + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CorrelationId": "fe71359f-005f-9000-7cb1-ccf5124703db", + "o365.audit.CreationTime": "2020-02-14T18:25:45", + "o365.audit.EventData": "Edit", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "1cb54d72-3a76-4a7c-7b3d-08d7b17b4ec9", + "o365.audit.ItemType": "File", + "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", + "o365.audit.ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8", + "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", + "o365.audit.Operation": "AnonymousLinkCreated", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 14, + "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", + "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com", + "o365.audit.SourceFileExtension": "png", + "o365.audit.SourceFileName": "Screenshot.png", + "o365.audit.SourceRelativeUrl": "Documents/Screenshot.png", + "o365.audit.UniqueSharingId": "d323b5ea-ceca-4d65-a628-e22ca9296a76", + "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", + "o365.audit.Workload": "OneDrive", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "73.0." + }, + { + "@timestamp": "2020-02-14T18:25:45.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "SharingSet", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "a8c23ab8-9447-4824-3208-08d7b17b4e5e", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "OneDrive", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 6178, + "network.type": "ipv4", + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CorrelationId": "fe71359f-005f-9000-7cb1-ccf5124703db", + "o365.audit.CreationTime": "2020-02-14T18:25:45", + "o365.audit.EventData": "Contribute", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "a8c23ab8-9447-4824-3208-08d7b17b4e5e", + "o365.audit.ItemType": "File", + "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", + "o365.audit.ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8", + "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", + "o365.audit.Operation": "SharingSet", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 14, + "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", + "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com", + "o365.audit.SourceFileExtension": "png", + "o365.audit.SourceFileName": "Screenshot.png", + "o365.audit.SourceRelativeUrl": "Documents/Screenshot.png", + "o365.audit.TargetUserOrGroupName": "SharingLinks.7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8.AnonymousEdit.d323b5ea-ceca-4d65-a628-e22ca9296a76", + "o365.audit.TargetUserOrGroupType": "SharePointGroup", + "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", + "o365.audit.Workload": "OneDrive", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "73.0." + }, + { + "@timestamp": "2020-02-14T18:25:44.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "SharingSet", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "88a041e3-2f3a-483c-cf76-08d7b17b4e5b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "OneDrive", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 7466, + "network.type": "ipv4", + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CorrelationId": "fe71359f-005f-9000-7cb1-ccf5124703db", + "o365.audit.CreationTime": "2020-02-14T18:25:44", + "o365.audit.EventData": "Limited Access", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "88a041e3-2f3a-483c-cf76-08d7b17b4e5b", + "o365.audit.ItemType": "File", + "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", + "o365.audit.ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8", + "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", + "o365.audit.Operation": "SharingSet", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 14, + "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", + "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com", + "o365.audit.SourceFileExtension": "png", + "o365.audit.SourceFileName": "Screenshot.png", + "o365.audit.SourceRelativeUrl": "Documents/Screenshot.png", + "o365.audit.TargetUserOrGroupName": "Limited Access System Group", + "o365.audit.TargetUserOrGroupType": "SharePointGroup", + "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", + "o365.audit.Workload": "OneDrive", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "73.0." + }, + { + "@timestamp": "2020-02-14T18:25:44.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "SharingSet", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "98633e47-3540-4e8a-bcfc-08d7b17b4e48", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "OneDrive", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 8685, + "network.type": "ipv4", + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CorrelationId": "fe71359f-005f-9000-7cb1-ccf5124703db", + "o365.audit.CreationTime": "2020-02-14T18:25:44", + "o365.audit.EventData": "System.LimitedEdit", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "98633e47-3540-4e8a-bcfc-08d7b17b4e48", + "o365.audit.ItemType": "File", + "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", + "o365.audit.ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8", + "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", + "o365.audit.Operation": "SharingSet", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 14, + "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", + "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com", + "o365.audit.SourceFileExtension": "png", + "o365.audit.SourceFileName": "Screenshot.png", + "o365.audit.SourceRelativeUrl": "Documents/Screenshot.png", + "o365.audit.TargetUserOrGroupName": "4da1e7f54501bb99b6e0ab2ff8749842152ac02ff8c0c8017b0e40e6b67fecdd", + "o365.audit.TargetUserOrGroupType": "SecurityGroup", + "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", + "o365.audit.Workload": "OneDrive", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "73.0." + } +] \ No newline at end of file diff --git a/filebeat/module/o365/audit/test/15-azuread-sts-logon.log b/filebeat/module/o365/audit/test/15-azuread-sts-logon.log new file mode 100644 index 00000000000..c3ce778caf0 --- /dev/null +++ b/filebeat/module/o365/audit/test/15-azuread-sts-logon.log @@ -0,0 +1,69 @@ +{"InterSystemsId": "03616b3a-fc75-46a1-b34a-2d82fc8f1e7e", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:13", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "c4206c29-46c2-4a6f-a46b-735107705400", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "ca0efc24-1b89-4962-8fef-a3ac5437302f"} +{"InterSystemsId": "05d69096-cb90-4690-ae69-8acd5177b3e0", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:53:24", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0000-c000-000000000000"}], "ObjectId": "00000003-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "ed155e11-60b3-4764-b9aa-05c35f3bb800", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "b53de36d-ea71-4ebf-9b71-feb431bd4eba"} +{"InterSystemsId": "0f5eb16e-8b22-49bf-a927-f6f310fd5879", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:29:01", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "6634d05a-72ec-4c27-8e69-03c57b202000", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "10e2d141-839e-4913-ab3d-6cf1f4856eae"} +{"InterSystemsId": "1150acae-a48d-4752-8847-7bacb7fe6e6c", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:52:06", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0000-c000-000000000000"}], "ObjectId": "00000003-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "1809f830-b010-4389-9607-e01ae175ca00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "68b3fd99-0dae-4479-926d-03cc0073dd08"} +{"InterSystemsId": "16e81fcc-add3-46c2-8834-10ce330ffe76", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:53:22", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "2a84e6ff-7340-426e-9d0d-e53092c0c600", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "550af372-cdfd-4286-a1b7-d58df0dcd5d6"} +{"InterSystemsId": "172703f7-324e-415a-a846-c39ca97eb1c8", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:43:23", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "5f09333a-842c-47da-a157-57da27fcbca5"}], "ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "d66cd29f-596e-4878-b756-92b545d25f00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "b5f59a43-00cf-42c4-8685-a7166fd20e38"} +{"InterSystemsId": "17f8756c-0bfa-49ad-8537-ada4e17a5f7d", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:43:41", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0000-c000-000000000000"}], "ObjectId": "00000003-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "1b395e92-5d02-408f-8bfe-139098a95500", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "32e7fb94-6289-4fb4-855b-2ab78671ca4e"} +{"InterSystemsId": "22aac168-9d0d-4c70-b94d-adc337ab7b06", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:43:22", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "280b3410-9d51-4ce3-952d-5bba18ea6600", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "7314a65a-f383-40fb-a0c7-00c6c4cfabc0"} +{"InterSystemsId": "23321532-a321-4c97-909d-9489979777d6", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:52:05", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "1909acba-a486-4ffc-805c-09fb73c0bf00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "97b494ee-9ba1-4444-b052-3459bdc9eaa5"} +{"InterSystemsId": "291fb7ce-4e56-47fd-a78e-4e9012f112ab", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:43:45", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "5e3ce6c0-2b1f-4285-8d4b-75ee78787346", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "9d47f3e0-1b2d-4c1c-b47b-dcf4bc4d5700", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "391870e6-1729-40ae-9ebb-51e0652fec9b"} +{"InterSystemsId": "30e5377b-31d8-42c2-8170-13404afacde7", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:51:49", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "00000002-0000-0ff1-ce00-000000000000", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0ff1-ce00-000000000000"}], "ObjectId": "00000002-0000-0ff1-ce00-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "8971516f-3ef3-4de0-b6b8-ebfae386bc00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "a7538fb0-3213-41dc-ab38-1aed787e0cdc"} +{"InterSystemsId": "32e2f533-40fb-4783-8c66-d1bad7e1cc88", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:29:02", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0000-c000-000000000000"}], "ObjectId": "00000003-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "74ab94ce-8928-4aff-8fa2-a66ad6d41f00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "e2a15fc0-6892-41f5-a41c-e515231cbb0a"} +{"InterSystemsId": "3c5d16f4-16a6-45f4-a53d-abb86e35005b", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:08", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "f67a1615-4606-4673-b6fb-68f716345800", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "e11538ff-5fe1-4fdd-8c5d-219d85c47bb3"} +{"InterSystemsId": "40077a75-7b58-4623-a64a-f1b7de70fa54", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:43:27", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "00000002-0000-0ff1-ce00-000000000000", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0ff1-ce00-000000000000"}], "ObjectId": "00000002-0000-0ff1-ce00-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "4d1bd763-9b0b-4d5a-bda9-5c7a0a0a6000", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "e031670b-bb84-45ee-94ff-0e70a8cd1138"} +{"InterSystemsId": "425503c9-ccbf-4674-8f1e-4d56510474fd", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-08T14:33:54", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "37.29.234.179", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "37.29.234.179", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0000-c000-000000000000"}], "ObjectId": "00000003-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "57ef1056-6ce2-424a-b241-ce3939d00900", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "d39944c4-6766-4a89-8d5a-c789175830ee"} +{"InterSystemsId": "4409eeeb-0ca5-42dd-99d9-4a6b2fabfa4f", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:12", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "0c8fcffc-a810-4a85-b8e2-3a2fda925c00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "6f2b7716-1acc-450d-ae13-afad7e02d07e"} +{"InterSystemsId": "4542ce7e-270b-435e-8f81-ee23ea74be75", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:38:35", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "9718abaa-220e-49c5-8c9b-588d32b8db00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "47f3c440-3fb7-4b5e-9c20-455470b289d2"} +{"InterSystemsId": "4836e306-1460-4f34-ab55-a74c9a14f50d", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-08T14:38:40", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "37.29.234.179", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "37.29.234.179", "ApplicationId": "80ccca67-54bd-44ab-8625-4b79c4dc7775", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "2fde8302-c39e-40b6-9c7f-1bb9d4800a00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "5a3435d0-229a-41c8-bd21-b4f2b662d0f6"} +{"InterSystemsId": "4a50a549-adf3-4a22-9037-7fd8cd3d0116", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:16", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "1d856a16-b179-41ab-9c0d-af1d2b925100", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "5aff2d1c-b203-46a6-96f0-b8f908f0e968"} +{"InterSystemsId": "4e44a55e-9c0d-4cea-b000-1b79e96dcf57", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:16", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "fc33c54e-38b9-4ef2-a4ee-a3a324a45500", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "3d8033cf-eecd-4eee-87a5-795efd8a1d3d"} +{"InterSystemsId": "4e91c3e1-819e-4ebc-ae68-2037cfc2db92", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:38:25", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "a063e495-5883-4837-8186-5828f9f2d500", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "8bd0a250-74f6-4eeb-ba20-c5bdbd977013"} +{"InterSystemsId": "50d648cb-466d-4cf4-b2f8-3b7e84f47040", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:04", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "08e18876-6177-487e-b8b5-cf950c1e598c", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0ff1-ce00-000000000000"}], "ObjectId": "00000003-0000-0ff1-ce00-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "64613cae-510d-4a52-b486-070b775e5800", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "a6fc9a9b-3b7e-4d33-8c0c-1d33d023e558"} +{"InterSystemsId": "5a453031-0cc3-4577-a589-4c3bf37eed78", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:51:45", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "814a32f0-27fd-4e82-855c-13da15a4c300", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "19d57a4a-d32e-4dc6-971f-3491bc440023"} +{"InterSystemsId": "5cd6215d-e206-4c3f-805d-6e386cbdab7a", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:01", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "9c218a27-ed51-4011-8383-e76850e85000", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "0b158f74-e223-43c8-9cfd-5f4442f29fc7"} +{"InterSystemsId": "612b339f-1088-a000-f25f-9c8af4d57894", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:43:51", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0ff1-ce00-000000000000"}], "ObjectId": "00000003-0000-0ff1-ce00-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "c847a864-4ba2-4d8b-a9f2-5f1c1c5c5e00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "4819a0c2-2050-4549-ab66-f5b90cbbcc5a"} +{"InterSystemsId": "61eb5713-2687-4c00-a7b2-fde4788c395b", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:38:29", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "80ccca67-54bd-44ab-8625-4b79c4dc7775", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "3db9a461-6dd1-4950-b3e3-fbe8c2d5c700", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "e94002d9-f6e8-46f9-8702-2a29e908e73d"} +{"InterSystemsId": "61f81224-65fd-4c1b-b388-ee0e25485191", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:38:37", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0000-c000-000000000000"}], "ObjectId": "00000003-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "dc0cc415-9a00-470d-bda3-867e11fdd400", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "1ca4f684-3a34-44a8-99b8-064d1071768a"} +{"InterSystemsId": "661f2330-3e04-483d-9781-caaa4543cc13", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:51:50", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0000-c000-000000000000"}], "ObjectId": "00000003-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "01c15486-46e2-487a-91f5-11445da0b600", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "3f6c8eb2-c64b-4dc5-b8fd-be252f8e09c2"} +{"InterSystemsId": "68d7eaa4-aa57-4508-9792-09e80c911aa1", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:42", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "0f698dd4-f011-4d23-a33e-b36416dcb1e6"}], "ObjectId": "0f698dd4-f011-4d23-a33e-b36416dcb1e6", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "1590b91f-bffe-4cd8-9028-de52692f5400", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "b290b902-b6f2-49f6-b7f8-ea1541d85c8c"} +{"InterSystemsId": "6ae96167-2df2-425c-9f91-27e6345eb782", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:42:59", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "LogonError": "FlowTokenExpired", "ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "f54da4fe-0a54-45f3-b6ea-39f873eb6000", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "RequestType", "Value": "Login:login"}, {"Name": "ResultStatusDetail", "Value": "Success"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "b0c1c4a7-c6db-4f14-b628-54e37a7a6785"} +{"InterSystemsId": "6ae96167-2df2-425c-9f91-27e6345eb782", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:43:02", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "LogonError": "UserStrongAuthClientAuthNRequiredInterrupt", "ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Failed", "IntraSystemId": "7fa5e138-ac87-4063-a278-56c6c6965e00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "FlowTokenScenario", "Value": "Login"}, {"Name": "UserAuthenticationMethod", "Value": "1"}, {"Name": "RequestType", "Value": "Login:login"}, {"Name": "ResultStatusDetail", "Value": "Success"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoginFailed", "Id": "82d834e4-f6f2-476a-902e-e1e9fd6f87d8"} +{"InterSystemsId": "6b9a8662-857f-45e4-bbb2-d106d5aab41e", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:38:19", "Actor": [{"Type": 0, "ID": "Unknown"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "Unknown", "UserType": 5, "UserKey": "Not Available", "ClientIP": "79.159.10.151", "LogonError": "None", "ApplicationId": "", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "0fee3b91-5e56-45f6-9b3c-792602b1e500", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "RequestType", "Value": "OAuth2:Logout"}, {"Name": "ResultStatusDetail", "Value": "Success"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "e5e2c41a-55ea-4681-9d64-78ddd7145bd2"} +{"InterSystemsId": "6bab76a8-98bd-42e4-b722-a31fe81b030a", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:43:40", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "5f09333a-842c-47da-a157-57da27fcbca5"}], "ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "c3ebcde8-62f6-4cc4-8e0c-c11c08e76100", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "2a23206a-2f5d-4cb7-aeb8-f285d10e6f80"} +{"InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:30:58", "Actor": [{"Type": 0, "ID": "Unknown"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "Unknown", "UserType": 5, "UserKey": "Not Available", "ClientIP": "83.57.233.151", "LogonError": "None", "ApplicationId": "", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "8b270c82-1240-4a0a-ac15-1e1116261400", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "RequestType", "Value": "OAuth2:Logout"}, {"Name": "ResultStatusDetail", "Value": "Success"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "c0a0d198-825b-4e39-b868-0a7b0552b209"} +{"InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:31:33", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "LogonError": "UserStrongAuthClientAuthNRequiredInterrupt", "ApplicationId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "797f4846-ba00-4fd7-ba43-dac1f8f63013"}], "ObjectId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "ModifiedProperties": [], "ResultStatus": "Failed", "IntraSystemId": "b0faaf7a-913e-4a93-8ccc-ecfaa2b42400", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "FlowTokenScenario", "Value": "Login"}, {"Name": "UserAuthenticationMethod", "Value": "1"}, {"Name": "RequestType", "Value": "Login:login"}, {"Name": "ResultStatusDetail", "Value": "Success"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoginFailed", "Id": "52b07191-3887-40fb-a001-f4122b0851d1"} +{"InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:14:25", "Actor": [{"Type": 0, "ID": "Unknown"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "Unknown", "UserType": 5, "UserKey": "Not Available", "ClientIP": "83.57.233.151", "LogonError": "None", "ApplicationId": "", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "d949d6c2-472e-4901-bd70-96cbfe534c00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "RequestType", "Value": "OAuth2:Logout"}, {"Name": "ResultStatusDetail", "Value": "Success"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "c62fa78d-daab-494e-a638-8321ebd71b9e"} +{"InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:14:51", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "LogonError": "UserStrongAuthClientAuthNRequiredInterrupt", "ApplicationId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "797f4846-ba00-4fd7-ba43-dac1f8f63013"}], "ObjectId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "ModifiedProperties": [], "ResultStatus": "Failed", "IntraSystemId": "42c7ec91-1e2f-4505-b728-3a165b244f00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "FlowTokenScenario", "Value": "Login"}, {"Name": "UserAuthenticationMethod", "Value": "1"}, {"Name": "RequestType", "Value": "Login:login"}, {"Name": "ResultStatusDetail", "Value": "Success"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoginFailed", "Id": "73c76212-8120-4e21-a383-c80d8327b606"} +{"InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:29:56", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "797f4846-ba00-4fd7-ba43-dac1f8f63013"}], "ObjectId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "8b8e8663-8a8c-4959-a692-e3eece085300", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "29f94716-3717-4671-962e-9c739b764f07"} +{"InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:51:23", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "797f4846-ba00-4fd7-ba43-dac1f8f63013"}], "ObjectId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "361dd87e-3bc9-4f0a-b236-ed7365e28d00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "17d02385-1e30-45b7-949c-4d3dd549a0e7"} +{"InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:39:45", "Actor": [{"Type": 0, "ID": "Unknown"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "Unknown", "UserType": 5, "UserKey": "Not Available", "ClientIP": "79.159.10.151", "LogonError": "None", "ApplicationId": "", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "32b4cec1-00eb-44ea-be73-adc82387db00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "RequestType", "Value": "OAuth2:Logout"}, {"Name": "ResultStatusDetail", "Value": "Success"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "e3346dd0-ecf6-4676-8765-365c7370b6fe"} +{"InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:40:16", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "LogonError": "UserStrongAuthClientAuthNRequiredInterrupt", "ApplicationId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "797f4846-ba00-4fd7-ba43-dac1f8f63013"}], "ObjectId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "ModifiedProperties": [], "ResultStatus": "Failed", "IntraSystemId": "a063e495-5883-4837-8186-582817fdd500", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "FlowTokenScenario", "Value": "Login"}, {"Name": "UserAuthenticationMethod", "Value": "1"}, {"Name": "RequestType", "Value": "Login:login"}, {"Name": "ResultStatusDetail", "Value": "Success"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoginFailed", "Id": "a772fd76-847f-4703-90f1-37eb81c9f392"} +{"InterSystemsId": "7766ac63-ae7f-43e6-868a-a5422a96fd8b", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-08T14:33:52", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "37.29.234.179", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "37.29.234.179", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "5f09333a-842c-47da-a157-57da27fcbca5"}], "ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "adc9d69c-8ae6-41c7-b685-331453060a00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "487e4f43-53db-4d6f-a314-5355746d4853"} +{"InterSystemsId": "781c1055-e731-48ee-a806-c3f39ba160e3", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:53:24", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "5f09333a-842c-47da-a157-57da27fcbca5"}], "ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "e7fe21ea-ec03-46dd-b272-0a72ebbeac00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "41f6b2dc-4db6-444c-93d9-829a842b87e2"} +{"InterSystemsId": "82b07417-7b33-4531-952f-d3f719e2356a", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:43:22", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "00000002-0000-0ff1-ce00-000000000000", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0ff1-ce00-000000000000"}], "ObjectId": "00000002-0000-0ff1-ce00-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "280b3410-9d51-4ce3-952d-5bba0bea6600", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "ec9fa29b-6201-456d-b228-ca1759e0bf6c"} +{"InterSystemsId": "8571fe85-eb4a-430d-b468-97900e344923", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-06T09:28:04", "Actor": [{"Type": 0, "ID": "Unknown"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "Unknown", "UserType": 5, "UserKey": "Not Available", "ClientIP": "83.57.233.151", "LogonError": "None", "ApplicationId": "", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "d239e473-6687-4ff9-ac65-0e3c59961600", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "RequestType", "Value": "OAuth2:Logout"}, {"Name": "ResultStatusDetail", "Value": "Success"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "e988fd90-2eff-4ad7-9f02-030a9d73ad6e"} +{"InterSystemsId": "8d662bc0-0011-424d-a7dc-56bfc5a142b4", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:38:35", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "00000002-0000-0ff1-ce00-000000000000", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0ff1-ce00-000000000000"}], "ObjectId": "00000002-0000-0ff1-ce00-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "d0a4e1ed-206d-4602-aaae-406a02c5c300", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "3cbf15a5-84d0-4b0e-ba8e-c3ed43477293"} +{"InterSystemsId": "9270f20a-56f2-493e-b6a7-a859adcaf626", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:36", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "00000002-0000-0ff1-ce00-000000000000", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0ff1-ce00-000000000000"}], "ObjectId": "00000002-0000-0ff1-ce00-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "97aa710f-536f-44c8-a8d5-711dc55f5500", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "d2bb7eae-bc6e-42d2-b270-a885ec626235"} +{"InterSystemsId": "97c52753-c410-438f-89e2-22741e5ccc6a", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:51:49", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "c9ef5d5f-e3af-4669-b465-921d8b58bd00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "03de6d95-b955-451c-8311-473b6853d774"} +{"InterSystemsId": "9e0a494b-0db0-4481-a70e-eea6124b7018", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:43:37", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "e48d4214-364e-4731-b2b6-47dabf529218", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000004-0000-0ff1-ce00-000000000000"}], "ObjectId": "00000004-0000-0ff1-ce00-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "e7a84bcf-41ff-4953-8e99-fb1820685f00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "ac8fcffb-7c44-498d-ad6b-24b85a3a1b59"} +{"InterSystemsId": "9fc4af4c-bf19-4f88-92ac-0fd029ca21bd", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:36", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "56fa424b-64bd-4ea5-abc4-38256f8a5600", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "880fb7bc-5708-42d1-86a8-760c32ac5e6b"} +{"InterSystemsId": "a35e980b-88be-4343-9691-629473e01983", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:38:37", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "5f09333a-842c-47da-a157-57da27fcbca5"}], "ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "78a2aa65-5026-4124-970a-00e06dc7df00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "30c7afcc-f74d-4b5a-898e-ce72da9386b8"} +{"InterSystemsId": "a89e9b3b-b394-4ecf-8abc-a3f6aaf9237f", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-06T09:28:00", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "bfe22fb6-c763-4972-91a7-5b13d3d51400", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "d4f90f07-f5c4-4b36-a81c-6c9bae8660d6"} +{"InterSystemsId": "aca3d9a3-792d-4357-87c6-ef50c3215baa", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:28:52", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "5f09333a-842c-47da-a157-57da27fcbca5"}], "ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "f67a1615-4606-4673-b6fb-68f714fa2200", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "d2ad235b-d73f-4bd8-8aef-6e4909ee1b7c"} +{"InterSystemsId": "ae211253-88cf-4921-9014-2f9beab64fb0", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:37", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "5f09333a-842c-47da-a157-57da27fcbca5"}], "ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "ccfec0f3-498b-43b1-a4c0-fb42f0fb5300", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "8ff18278-32ca-49d1-8658-91e577e0854f"} +{"InterSystemsId": "b3997fcc-6b0e-45b1-b88d-b4ee4a8a7ddc", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:28:52", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0000-c000-000000000000"}], "ObjectId": "00000003-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "c1ffa732-6576-4f86-9294-44387abc1f00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "a3939990-f7b4-4dc5-af4d-42b70a9485ea"} +{"InterSystemsId": "b3ab6d58-7b90-45d6-95e3-ee11333ebc34", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:01", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "d949d6c2-472e-4901-bd70-96cb90424c00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "61ba70f4-bd75-4bc2-a681-2e219d920e63"} +{"InterSystemsId": "b5c5fd00-b659-413e-8739-6271a4d70506", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:53:12", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "80ccca67-54bd-44ab-8625-4b79c4dc7775", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "fabbe34e-a6dd-46f8-805f-4ca633c2ae00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "3e17bf8e-92de-45b6-b668-7618ab0e0c95"} +{"InterSystemsId": "b744259e-13e0-43d7-9f56-82cdbd54cf7c", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:52:06", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "5f09333a-842c-47da-a157-57da27fcbca5"}], "ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "ce9f104d-1a1b-488e-9313-b9729e99c400", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "f100d714-ffa2-4077-bf90-2f57a3b366c0"} +{"InterSystemsId": "b7d9a234-9fdd-4e36-9cf3-fd825f22697a", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-08T14:33:50", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "37.29.234.179", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "37.29.234.179", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "49092519-a590-4207-b1b3-1d49f9100a00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "4b0f0d57-0766-4621-8aa0-04b8d8b63a78"} +{"InterSystemsId": "bb677f9e-953a-4bde-bb91-0ef8209200a1", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:38", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0000-c000-000000000000"}], "ObjectId": "00000003-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "1da3c318-642f-48dc-836b-e83b27655b00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "8d9a1fa8-7b85-4c5d-9e96-5728d572fb95"} +{"InterSystemsId": "c355f078-53d7-4d60-b836-851a09a98208", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:05", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0000-c000-000000000000"}], "ObjectId": "00000003-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "20e56367-e902-4200-855b-2ef7b99e5f00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "9756fe5b-ea0d-42fa-a665-be8e0eb100e5"} +{"InterSystemsId": "c5874ff2-7c53-4d51-9252-7abbf0524b1c", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:28:51", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "3188aef9-6b4e-44f2-8455-c28b49552200", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "abbf584f-b3a9-4b6d-9b37-4cc4b802ca4d"} +{"InterSystemsId": "cf2168a1-6537-4ed6-80a5-797c3458180c", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:25:21", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0000-c000-000000000000"}], "ObjectId": "00000003-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "23f53edd-63a7-4292-9d80-4fbc49c11e00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "d137a5e4-7004-493a-acca-5fb167d1f207"} +{"InterSystemsId": "d21f6867-0670-4c94-b6fa-bde326fcf3c6", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:38:20", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "1fa4819f-605a-4ebe-a2c3-bc11c3f8e200", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "73f0a2ef-35be-4a71-9545-59d879fc8fb2"} +{"InterSystemsId": "d5effb7f-9d39-4893-90f6-9cfeec7ed1a7", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:02", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "f22a3ad7-22e7-4296-a600-e4e9161a6000", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "3783acda-5ded-4d69-95b6-3df5344c0ce0"} +{"InterSystemsId": "d960e058-1adb-4a84-a65b-1a6ce367e323", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:03", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "5f09333a-842c-47da-a157-57da27fcbca5"}], "ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "1dfdb693-18a1-4cff-aa3e-61feaa356100", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "f67568b1-64c4-4165-bdd9-16a5b9142eef"} +{"InterSystemsId": "e2565aaf-91b0-4ccd-8810-743123eb7383", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:29:02", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "5f09333a-842c-47da-a157-57da27fcbca5"}], "ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "21166e08-6589-4c2d-a325-c97ba45f2200", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "a8114a24-d342-4689-b75e-51e6386763de"} +{"InterSystemsId": "ede626b9-2035-4d02-8330-201c4ae82af6", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:25:21", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "5f09333a-842c-47da-a157-57da27fcbca5"}], "ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "98612804-9aa6-40a4-b72a-808bc7742000", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "1eaf9c65-8c67-4cd9-9277-771589113752"} +{"InterSystemsId": "fc5c6c90-a6ba-486c-b685-8d67c529d3aa", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:43:39", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "6e184f6f-887b-4410-b24d-723031366000", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "3c439e46-d454-4767-9320-1e75540821b7"} diff --git a/filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json b/filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json new file mode 100644 index 00000000000..948359f11ca --- /dev/null +++ b/filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json @@ -0,0 +1,6350 @@ +[ + { + "@timestamp": "2020-02-10T15:13:13.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "ca0efc24-1b89-4962-8fef-a3ac5437302f", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 0, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:13:13", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "ca0efc24-1b89-4962-8fef-a3ac5437302f", + "o365.audit.InterSystemsId": "03616b3a-fc75-46a1-b34a-2d82fc8f1e7e", + "o365.audit.IntraSystemId": "c4206c29-46c2-4a6f-a46b-735107705400", + "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-12T10:53:24.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "b53de36d-ea71-4ebf-9b71-feb431bd4eba", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 1450, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "79.159.10.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CreationTime": "2020-02-12T10:53:24", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "b53de36d-ea71-4ebf-9b71-feb431bd4eba", + "o365.audit.InterSystemsId": "05d69096-cb90-4690-ae69-8acd5177b3e0", + "o365.audit.IntraSystemId": "ed155e11-60b3-4764-b9aa-05c35f3bb800", + "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000003-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-09T15:29:01.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "10e2d141-839e-4913-ab3d-6cf1f4856eae", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 2901, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:29:01", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "10e2d141-839e-4913-ab3d-6cf1f4856eae", + "o365.audit.InterSystemsId": "0f5eb16e-8b22-49bf-a927-f6f310fd5879", + "o365.audit.IntraSystemId": "6634d05a-72ec-4c27-8e69-03c57b202000", + "o365.audit.ObjectId": "Unknown", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-12T10:52:06.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "68b3fd99-0dae-4479-926d-03cc0073dd08", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 4293, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "79.159.10.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CreationTime": "2020-02-12T10:52:06", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "68b3fd99-0dae-4479-926d-03cc0073dd08", + "o365.audit.InterSystemsId": "1150acae-a48d-4752-8847-7bacb7fe6e6c", + "o365.audit.IntraSystemId": "1809f830-b010-4389-9607-e01ae175ca00", + "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000003-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-12T10:53:22.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "550af372-cdfd-4286-a1b7-d58df0dcd5d6", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 5744, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "79.159.10.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CreationTime": "2020-02-12T10:53:22", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "550af372-cdfd-4286-a1b7-d58df0dcd5d6", + "o365.audit.InterSystemsId": "16e81fcc-add3-46c2-8834-10ce330ffe76", + "o365.audit.IntraSystemId": "2a84e6ff-7340-426e-9d0d-e53092c0c600", + "o365.audit.ObjectId": "Unknown", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:43:23.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "b5f59a43-00cf-42c4-8685-a7166fd20e38", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 7137, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "213.97.47.133", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CreationTime": "2020-02-07T16:43:23", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "b5f59a43-00cf-42c4-8685-a7166fd20e38", + "o365.audit.InterSystemsId": "172703f7-324e-415a-a846-c39ca97eb1c8", + "o365.audit.IntraSystemId": "d66cd29f-596e-4878-b756-92b545d25f00", + "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "5f09333a-842c-47da-a157-57da27fcbca5", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:43:41.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "32e7fb94-6289-4fb4-855b-2ab78671ca4e", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 8587, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "213.97.47.133", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CreationTime": "2020-02-07T16:43:41", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "32e7fb94-6289-4fb4-855b-2ab78671ca4e", + "o365.audit.InterSystemsId": "17f8756c-0bfa-49ad-8537-ada4e17a5f7d", + "o365.audit.IntraSystemId": "1b395e92-5d02-408f-8bfe-139098a95500", + "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000003-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:43:22.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "7314a65a-f383-40fb-a0c7-00c6c4cfabc0", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 10037, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "213.97.47.133", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CreationTime": "2020-02-07T16:43:22", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "7314a65a-f383-40fb-a0c7-00c6c4cfabc0", + "o365.audit.InterSystemsId": "22aac168-9d0d-4c70-b94d-adc337ab7b06", + "o365.audit.IntraSystemId": "280b3410-9d51-4ce3-952d-5bba18ea6600", + "o365.audit.ObjectId": "Unknown", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-12T10:52:05.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "97b494ee-9ba1-4444-b052-3459bdc9eaa5", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 11429, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "79.159.10.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CreationTime": "2020-02-12T10:52:05", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "97b494ee-9ba1-4444-b052-3459bdc9eaa5", + "o365.audit.InterSystemsId": "23321532-a321-4c97-909d-9489979777d6", + "o365.audit.IntraSystemId": "1909acba-a486-4ffc-805c-09fb73c0bf00", + "o365.audit.ObjectId": "Unknown", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:43:45.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "391870e6-1729-40ae-9ebb-51e0652fec9b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 12822, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "213.97.47.133", + "o365.audit.ApplicationId": "5e3ce6c0-2b1f-4285-8d4b-75ee78787346", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CreationTime": "2020-02-07T16:43:45", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "391870e6-1729-40ae-9ebb-51e0652fec9b", + "o365.audit.InterSystemsId": "291fb7ce-4e56-47fd-a78e-4e9012f112ab", + "o365.audit.IntraSystemId": "9d47f3e0-1b2d-4c1c-b47b-dcf4bc4d5700", + "o365.audit.ObjectId": "Unknown", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-12T10:51:49.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "a7538fb0-3213-41dc-ab38-1aed787e0cdc", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 14214, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "79.159.10.151", + "o365.audit.ApplicationId": "00000002-0000-0ff1-ce00-000000000000", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CreationTime": "2020-02-12T10:51:49", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "a7538fb0-3213-41dc-ab38-1aed787e0cdc", + "o365.audit.InterSystemsId": "30e5377b-31d8-42c2-8170-13404afacde7", + "o365.audit.IntraSystemId": "8971516f-3ef3-4de0-b6b8-ebfae386bc00", + "o365.audit.ObjectId": "00000002-0000-0ff1-ce00-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0ff1-ce00-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-09T15:29:02.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "e2a15fc0-6892-41f5-a41c-e515231cbb0a", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 15664, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:29:02", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "e2a15fc0-6892-41f5-a41c-e515231cbb0a", + "o365.audit.InterSystemsId": "32e2f533-40fb-4783-8c66-d1bad7e1cc88", + "o365.audit.IntraSystemId": "74ab94ce-8928-4aff-8fa2-a66ad6d41f00", + "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000003-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-10T15:13:08.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "e11538ff-5fe1-4fdd-8c5d-219d85c47bb3", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 17114, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:13:08", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "e11538ff-5fe1-4fdd-8c5d-219d85c47bb3", + "o365.audit.InterSystemsId": "3c5d16f4-16a6-45f4-a53d-abb86e35005b", + "o365.audit.IntraSystemId": "f67a1615-4606-4673-b6fb-68f716345800", + "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:43:27.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "e031670b-bb84-45ee-94ff-0e70a8cd1138", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 18564, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "213.97.47.133", + "o365.audit.ApplicationId": "00000002-0000-0ff1-ce00-000000000000", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CreationTime": "2020-02-07T16:43:27", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "e031670b-bb84-45ee-94ff-0e70a8cd1138", + "o365.audit.InterSystemsId": "40077a75-7b58-4623-a64a-f1b7de70fa54", + "o365.audit.IntraSystemId": "4d1bd763-9b0b-4d5a-bda9-5c7a0a0a6000", + "o365.audit.ObjectId": "00000002-0000-0ff1-ce00-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0ff1-ce00-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-08T14:33:54.000Z", + "client.address": "37.29.234.179", + "client.ip": "37.29.234.179", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "d39944c4-6766-4a89-8d5a-c789175830ee", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 20013, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "37.29.234.179", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "37.29.234.179", + "o365.audit.CreationTime": "2020-02-08T14:33:54", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "d39944c4-6766-4a89-8d5a-c789175830ee", + "o365.audit.InterSystemsId": "425503c9-ccbf-4674-8f1e-4d56510474fd", + "o365.audit.IntraSystemId": "57ef1056-6ce2-424a-b241-ce3939d00900", + "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000003-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "37.29.234.179", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 16299, + "source.as.organization.name": "XFERA Moviles S.A.", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.4172, + "source.geo.location.lon": -3.684, + "source.ip": "37.29.234.179", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-10T15:13:12.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "6f2b7716-1acc-450d-ae13-afad7e02d07e", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 21463, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:13:12", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "6f2b7716-1acc-450d-ae13-afad7e02d07e", + "o365.audit.InterSystemsId": "4409eeeb-0ca5-42dd-99d9-4a6b2fabfa4f", + "o365.audit.IntraSystemId": "0c8fcffc-a810-4a85-b8e2-3a2fda925c00", + "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-12T21:38:35.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "47f3c440-3fb7-4b5e-9c20-455470b289d2", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 22913, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "79.159.10.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CreationTime": "2020-02-12T21:38:35", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "47f3c440-3fb7-4b5e-9c20-455470b289d2", + "o365.audit.InterSystemsId": "4542ce7e-270b-435e-8f81-ee23ea74be75", + "o365.audit.IntraSystemId": "9718abaa-220e-49c5-8c9b-588d32b8db00", + "o365.audit.ObjectId": "Unknown", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-08T14:38:40.000Z", + "client.address": "37.29.234.179", + "client.ip": "37.29.234.179", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "5a3435d0-229a-41c8-bd21-b4f2b662d0f6", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 24306, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "37.29.234.179", + "o365.audit.ApplicationId": "80ccca67-54bd-44ab-8625-4b79c4dc7775", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "37.29.234.179", + "o365.audit.CreationTime": "2020-02-08T14:38:40", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "5a3435d0-229a-41c8-bd21-b4f2b662d0f6", + "o365.audit.InterSystemsId": "4836e306-1460-4f34-ab55-a74c9a14f50d", + "o365.audit.IntraSystemId": "2fde8302-c39e-40b6-9c7f-1bb9d4800a00", + "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "37.29.234.179", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 16299, + "source.as.organization.name": "XFERA Moviles S.A.", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.4172, + "source.geo.location.lon": -3.684, + "source.ip": "37.29.234.179", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-10T15:13:16.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "5aff2d1c-b203-46a6-96f0-b8f908f0e968", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 25755, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:13:16", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "5aff2d1c-b203-46a6-96f0-b8f908f0e968", + "o365.audit.InterSystemsId": "4a50a549-adf3-4a22-9037-7fd8cd3d0116", + "o365.audit.IntraSystemId": "1d856a16-b179-41ab-9c0d-af1d2b925100", + "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-10T15:13:16.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "3d8033cf-eecd-4eee-87a5-795efd8a1d3d", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 27205, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:13:16", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "3d8033cf-eecd-4eee-87a5-795efd8a1d3d", + "o365.audit.InterSystemsId": "4e44a55e-9c0d-4cea-b000-1b79e96dcf57", + "o365.audit.IntraSystemId": "fc33c54e-38b9-4ef2-a4ee-a3a324a45500", + "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-12T21:38:25.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "8bd0a250-74f6-4eeb-ba20-c5bdbd977013", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 28655, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "79.159.10.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CreationTime": "2020-02-12T21:38:25", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "8bd0a250-74f6-4eeb-ba20-c5bdbd977013", + "o365.audit.InterSystemsId": "4e91c3e1-819e-4ebc-ae68-2037cfc2db92", + "o365.audit.IntraSystemId": "a063e495-5883-4837-8186-5828f9f2d500", + "o365.audit.ObjectId": "Unknown", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:44:04.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "a6fc9a9b-3b7e-4d33-8c0c-1d33d023e558", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 30048, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "213.97.47.133", + "o365.audit.ApplicationId": "08e18876-6177-487e-b8b5-cf950c1e598c", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CreationTime": "2020-02-07T16:44:04", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "a6fc9a9b-3b7e-4d33-8c0c-1d33d023e558", + "o365.audit.InterSystemsId": "50d648cb-466d-4cf4-b2f8-3b7e84f47040", + "o365.audit.IntraSystemId": "64613cae-510d-4a52-b486-070b775e5800", + "o365.audit.ObjectId": "00000003-0000-0ff1-ce00-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000003-0000-0ff1-ce00-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-12T10:51:45.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "19d57a4a-d32e-4dc6-971f-3491bc440023", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 31498, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "79.159.10.151", + "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CreationTime": "2020-02-12T10:51:45", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "19d57a4a-d32e-4dc6-971f-3491bc440023", + "o365.audit.InterSystemsId": "5a453031-0cc3-4577-a589-4c3bf37eed78", + "o365.audit.IntraSystemId": "814a32f0-27fd-4e82-855c-13da15a4c300", + "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-10T15:13:01.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "0b158f74-e223-43c8-9cfd-5f4442f29fc7", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 32948, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:13:01", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "0b158f74-e223-43c8-9cfd-5f4442f29fc7", + "o365.audit.InterSystemsId": "5cd6215d-e206-4c3f-805d-6e386cbdab7a", + "o365.audit.IntraSystemId": "9c218a27-ed51-4011-8383-e76850e85000", + "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:43:51.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "4819a0c2-2050-4549-ab66-f5b90cbbcc5a", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 34398, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "213.97.47.133", + "o365.audit.ApplicationId": "00000003-0000-0ff1-ce00-000000000000", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CreationTime": "2020-02-07T16:43:51", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "4819a0c2-2050-4549-ab66-f5b90cbbcc5a", + "o365.audit.InterSystemsId": "612b339f-1088-a000-f25f-9c8af4d57894", + "o365.audit.IntraSystemId": "c847a864-4ba2-4d8b-a9f2-5f1c1c5c5e00", + "o365.audit.ObjectId": "00000003-0000-0ff1-ce00-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000003-0000-0ff1-ce00-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-12T21:38:29.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "e94002d9-f6e8-46f9-8702-2a29e908e73d", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 35847, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "79.159.10.151", + "o365.audit.ApplicationId": "80ccca67-54bd-44ab-8625-4b79c4dc7775", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CreationTime": "2020-02-12T21:38:29", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "e94002d9-f6e8-46f9-8702-2a29e908e73d", + "o365.audit.InterSystemsId": "61eb5713-2687-4c00-a7b2-fde4788c395b", + "o365.audit.IntraSystemId": "3db9a461-6dd1-4950-b3e3-fbe8c2d5c700", + "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-12T21:38:37.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "1ca4f684-3a34-44a8-99b8-064d1071768a", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 37297, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "79.159.10.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CreationTime": "2020-02-12T21:38:37", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "1ca4f684-3a34-44a8-99b8-064d1071768a", + "o365.audit.InterSystemsId": "61f81224-65fd-4c1b-b388-ee0e25485191", + "o365.audit.IntraSystemId": "dc0cc415-9a00-470d-bda3-867e11fdd400", + "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000003-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-12T10:51:50.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "3f6c8eb2-c64b-4dc5-b8fd-be252f8e09c2", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 38748, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "79.159.10.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CreationTime": "2020-02-12T10:51:50", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "3f6c8eb2-c64b-4dc5-b8fd-be252f8e09c2", + "o365.audit.InterSystemsId": "661f2330-3e04-483d-9781-caaa4543cc13", + "o365.audit.IntraSystemId": "01c15486-46e2-487a-91f5-11445da0b600", + "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000003-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-10T15:13:42.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "b290b902-b6f2-49f6-b7f8-ea1541d85c8c", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 40199, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:13:42", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "b290b902-b6f2-49f6-b7f8-ea1541d85c8c", + "o365.audit.InterSystemsId": "68d7eaa4-aa57-4508-9792-09e80c911aa1", + "o365.audit.IntraSystemId": "1590b91f-bffe-4cd8-9028-de52692f5400", + "o365.audit.ObjectId": "0f698dd4-f011-4d23-a33e-b36416dcb1e6", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "0f698dd4-f011-4d23-a33e-b36416dcb1e6", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:42:59.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "b0c1c4a7-c6db-4f14-b628-54e37a7a6785", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 41650, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "213.97.47.133", + "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CreationTime": "2020-02-07T16:42:59", + "o365.audit.ExtendedProperties.RequestType": "Login:login", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.Id": "b0c1c4a7-c6db-4f14-b628-54e37a7a6785", + "o365.audit.InterSystemsId": "6ae96167-2df2-425c-9f91-27e6345eb782", + "o365.audit.IntraSystemId": "f54da4fe-0a54-45f3-b6ea-39f873eb6000", + "o365.audit.LogonError": "FlowTokenExpired", + "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:43:02.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "UserLoginFailed", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "82d834e4-f6f2-476a-902e-e1e9fd6f87d8", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "failure", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_failure" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 43031, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "213.97.47.133", + "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CreationTime": "2020-02-07T16:43:02", + "o365.audit.ExtendedProperties.FlowTokenScenario": "Login", + "o365.audit.ExtendedProperties.RequestType": "Login:login", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "1", + "o365.audit.Id": "82d834e4-f6f2-476a-902e-e1e9fd6f87d8", + "o365.audit.InterSystemsId": "6ae96167-2df2-425c-9f91-27e6345eb782", + "o365.audit.IntraSystemId": "7fa5e138-ac87-4063-a278-56c6c6965e00", + "o365.audit.LogonError": "UserStrongAuthClientAuthNRequiredInterrupt", + "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoginFailed", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Failed", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-12T21:38:19.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "e5e2c41a-55ea-4681-9d64-78ddd7145bd2", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 44539, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "79.159.10.151", + "o365.audit.ApplicationId": "", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CreationTime": "2020-02-12T21:38:19", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Logout", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.Id": "e5e2c41a-55ea-4681-9d64-78ddd7145bd2", + "o365.audit.InterSystemsId": "6b9a8662-857f-45e4-bbb2-d106d5aab41e", + "o365.audit.IntraSystemId": "0fee3b91-5e56-45f6-9b3c-792602b1e500", + "o365.audit.LogonError": "None", + "o365.audit.ObjectId": "Unknown", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "Unknown", + "o365.audit.UserKey": "Not Available", + "o365.audit.UserType": 5, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.id": "Unknown", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:43:40.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "2a23206a-2f5d-4cb7-aeb8-f285d10e6f80", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 45648, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "213.97.47.133", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CreationTime": "2020-02-07T16:43:40", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "2a23206a-2f5d-4cb7-aeb8-f285d10e6f80", + "o365.audit.InterSystemsId": "6bab76a8-98bd-42e4-b722-a31fe81b030a", + "o365.audit.IntraSystemId": "c3ebcde8-62f6-4cc4-8e0c-c11c08e76100", + "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "5f09333a-842c-47da-a157-57da27fcbca5", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-09T15:30:58.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "c0a0d198-825b-4e39-b868-0a7b0552b209", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 47098, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:30:58", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Logout", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.Id": "c0a0d198-825b-4e39-b868-0a7b0552b209", + "o365.audit.InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", + "o365.audit.IntraSystemId": "8b270c82-1240-4a0a-ac15-1e1116261400", + "o365.audit.LogonError": "None", + "o365.audit.ObjectId": "Unknown", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "Unknown", + "o365.audit.UserKey": "Not Available", + "o365.audit.UserType": 5, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.id": "Unknown", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-09T15:31:33.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoginFailed", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "52b07191-3887-40fb-a001-f4122b0851d1", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "failure", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_failure" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 48207, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:31:33", + "o365.audit.ExtendedProperties.FlowTokenScenario": "Login", + "o365.audit.ExtendedProperties.RequestType": "Login:login", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "1", + "o365.audit.Id": "52b07191-3887-40fb-a001-f4122b0851d1", + "o365.audit.InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", + "o365.audit.IntraSystemId": "b0faaf7a-913e-4a93-8ccc-ecfaa2b42400", + "o365.audit.LogonError": "UserStrongAuthClientAuthNRequiredInterrupt", + "o365.audit.ObjectId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", + "o365.audit.Operation": "UserLoginFailed", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Failed", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "797f4846-ba00-4fd7-ba43-dac1f8f63013", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-10T15:14:25.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "c62fa78d-daab-494e-a638-8321ebd71b9e", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 49715, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:14:25", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Logout", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.Id": "c62fa78d-daab-494e-a638-8321ebd71b9e", + "o365.audit.InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", + "o365.audit.IntraSystemId": "d949d6c2-472e-4901-bd70-96cbfe534c00", + "o365.audit.LogonError": "None", + "o365.audit.ObjectId": "Unknown", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "Unknown", + "o365.audit.UserKey": "Not Available", + "o365.audit.UserType": 5, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.id": "Unknown", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-10T15:14:51.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoginFailed", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "73c76212-8120-4e21-a383-c80d8327b606", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "failure", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_failure" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 50824, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:14:51", + "o365.audit.ExtendedProperties.FlowTokenScenario": "Login", + "o365.audit.ExtendedProperties.RequestType": "Login:login", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "1", + "o365.audit.Id": "73c76212-8120-4e21-a383-c80d8327b606", + "o365.audit.InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", + "o365.audit.IntraSystemId": "42c7ec91-1e2f-4505-b728-3a165b244f00", + "o365.audit.LogonError": "UserStrongAuthClientAuthNRequiredInterrupt", + "o365.audit.ObjectId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", + "o365.audit.Operation": "UserLoginFailed", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Failed", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "797f4846-ba00-4fd7-ba43-dac1f8f63013", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-10T15:29:56.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "29f94716-3717-4671-962e-9c739b764f07", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 52332, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:29:56", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "29f94716-3717-4671-962e-9c739b764f07", + "o365.audit.InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", + "o365.audit.IntraSystemId": "8b8e8663-8a8c-4959-a692-e3eece085300", + "o365.audit.ObjectId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "797f4846-ba00-4fd7-ba43-dac1f8f63013", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-11T16:51:23.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "17d02385-1e30-45b7-949c-4d3dd549a0e7", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 53782, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-11T16:51:23", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "17d02385-1e30-45b7-949c-4d3dd549a0e7", + "o365.audit.InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", + "o365.audit.IntraSystemId": "361dd87e-3bc9-4f0a-b236-ed7365e28d00", + "o365.audit.ObjectId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "797f4846-ba00-4fd7-ba43-dac1f8f63013", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-12T21:39:45.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "e3346dd0-ecf6-4676-8765-365c7370b6fe", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 55232, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "79.159.10.151", + "o365.audit.ApplicationId": "", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CreationTime": "2020-02-12T21:39:45", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Logout", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.Id": "e3346dd0-ecf6-4676-8765-365c7370b6fe", + "o365.audit.InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", + "o365.audit.IntraSystemId": "32b4cec1-00eb-44ea-be73-adc82387db00", + "o365.audit.LogonError": "None", + "o365.audit.ObjectId": "Unknown", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "Unknown", + "o365.audit.UserKey": "Not Available", + "o365.audit.UserType": 5, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.id": "Unknown", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-12T21:40:16.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "UserLoginFailed", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "a772fd76-847f-4703-90f1-37eb81c9f392", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "failure", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_failure" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 56341, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "79.159.10.151", + "o365.audit.ApplicationId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CreationTime": "2020-02-12T21:40:16", + "o365.audit.ExtendedProperties.FlowTokenScenario": "Login", + "o365.audit.ExtendedProperties.RequestType": "Login:login", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "1", + "o365.audit.Id": "a772fd76-847f-4703-90f1-37eb81c9f392", + "o365.audit.InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", + "o365.audit.IntraSystemId": "a063e495-5883-4837-8186-582817fdd500", + "o365.audit.LogonError": "UserStrongAuthClientAuthNRequiredInterrupt", + "o365.audit.ObjectId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", + "o365.audit.Operation": "UserLoginFailed", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Failed", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "797f4846-ba00-4fd7-ba43-dac1f8f63013", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-08T14:33:52.000Z", + "client.address": "37.29.234.179", + "client.ip": "37.29.234.179", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "487e4f43-53db-4d6f-a314-5355746d4853", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 57849, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "37.29.234.179", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "37.29.234.179", + "o365.audit.CreationTime": "2020-02-08T14:33:52", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "487e4f43-53db-4d6f-a314-5355746d4853", + "o365.audit.InterSystemsId": "7766ac63-ae7f-43e6-868a-a5422a96fd8b", + "o365.audit.IntraSystemId": "adc9d69c-8ae6-41c7-b685-331453060a00", + "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "5f09333a-842c-47da-a157-57da27fcbca5", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "37.29.234.179", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 16299, + "source.as.organization.name": "XFERA Moviles S.A.", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.4172, + "source.geo.location.lon": -3.684, + "source.ip": "37.29.234.179", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-12T10:53:24.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "41f6b2dc-4db6-444c-93d9-829a842b87e2", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 59299, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "79.159.10.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CreationTime": "2020-02-12T10:53:24", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "41f6b2dc-4db6-444c-93d9-829a842b87e2", + "o365.audit.InterSystemsId": "781c1055-e731-48ee-a806-c3f39ba160e3", + "o365.audit.IntraSystemId": "e7fe21ea-ec03-46dd-b272-0a72ebbeac00", + "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "5f09333a-842c-47da-a157-57da27fcbca5", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:43:22.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "ec9fa29b-6201-456d-b228-ca1759e0bf6c", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 60750, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "213.97.47.133", + "o365.audit.ApplicationId": "00000002-0000-0ff1-ce00-000000000000", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CreationTime": "2020-02-07T16:43:22", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "ec9fa29b-6201-456d-b228-ca1759e0bf6c", + "o365.audit.InterSystemsId": "82b07417-7b33-4531-952f-d3f719e2356a", + "o365.audit.IntraSystemId": "280b3410-9d51-4ce3-952d-5bba0bea6600", + "o365.audit.ObjectId": "00000002-0000-0ff1-ce00-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0ff1-ce00-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-06T09:28:04.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "e988fd90-2eff-4ad7-9f02-030a9d73ad6e", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 62199, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-06T09:28:04", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Logout", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.Id": "e988fd90-2eff-4ad7-9f02-030a9d73ad6e", + "o365.audit.InterSystemsId": "8571fe85-eb4a-430d-b468-97900e344923", + "o365.audit.IntraSystemId": "d239e473-6687-4ff9-ac65-0e3c59961600", + "o365.audit.LogonError": "None", + "o365.audit.ObjectId": "Unknown", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "Unknown", + "o365.audit.UserKey": "Not Available", + "o365.audit.UserType": 5, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.id": "Unknown", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-12T21:38:35.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "3cbf15a5-84d0-4b0e-ba8e-c3ed43477293", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 63308, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "79.159.10.151", + "o365.audit.ApplicationId": "00000002-0000-0ff1-ce00-000000000000", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CreationTime": "2020-02-12T21:38:35", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "3cbf15a5-84d0-4b0e-ba8e-c3ed43477293", + "o365.audit.InterSystemsId": "8d662bc0-0011-424d-a7dc-56bfc5a142b4", + "o365.audit.IntraSystemId": "d0a4e1ed-206d-4602-aaae-406a02c5c300", + "o365.audit.ObjectId": "00000002-0000-0ff1-ce00-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0ff1-ce00-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-10T15:13:36.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "d2bb7eae-bc6e-42d2-b270-a885ec626235", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 64758, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "00000002-0000-0ff1-ce00-000000000000", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:13:36", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "d2bb7eae-bc6e-42d2-b270-a885ec626235", + "o365.audit.InterSystemsId": "9270f20a-56f2-493e-b6a7-a859adcaf626", + "o365.audit.IntraSystemId": "97aa710f-536f-44c8-a8d5-711dc55f5500", + "o365.audit.ObjectId": "00000002-0000-0ff1-ce00-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0ff1-ce00-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-12T10:51:49.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "03de6d95-b955-451c-8311-473b6853d774", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 66208, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "79.159.10.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CreationTime": "2020-02-12T10:51:49", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "03de6d95-b955-451c-8311-473b6853d774", + "o365.audit.InterSystemsId": "97c52753-c410-438f-89e2-22741e5ccc6a", + "o365.audit.IntraSystemId": "c9ef5d5f-e3af-4669-b465-921d8b58bd00", + "o365.audit.ObjectId": "Unknown", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:43:37.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "ac8fcffb-7c44-498d-ad6b-24b85a3a1b59", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 67601, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "213.97.47.133", + "o365.audit.ApplicationId": "e48d4214-364e-4731-b2b6-47dabf529218", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CreationTime": "2020-02-07T16:43:37", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "ac8fcffb-7c44-498d-ad6b-24b85a3a1b59", + "o365.audit.InterSystemsId": "9e0a494b-0db0-4481-a70e-eea6124b7018", + "o365.audit.IntraSystemId": "e7a84bcf-41ff-4953-8e99-fb1820685f00", + "o365.audit.ObjectId": "00000004-0000-0ff1-ce00-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000004-0000-0ff1-ce00-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-10T15:13:36.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "880fb7bc-5708-42d1-86a8-760c32ac5e6b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 69051, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:13:36", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "880fb7bc-5708-42d1-86a8-760c32ac5e6b", + "o365.audit.InterSystemsId": "9fc4af4c-bf19-4f88-92ac-0fd029ca21bd", + "o365.audit.IntraSystemId": "56fa424b-64bd-4ea5-abc4-38256f8a5600", + "o365.audit.ObjectId": "Unknown", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-12T21:38:37.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "30c7afcc-f74d-4b5a-898e-ce72da9386b8", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 70444, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "79.159.10.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CreationTime": "2020-02-12T21:38:37", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "30c7afcc-f74d-4b5a-898e-ce72da9386b8", + "o365.audit.InterSystemsId": "a35e980b-88be-4343-9691-629473e01983", + "o365.audit.IntraSystemId": "78a2aa65-5026-4124-970a-00e06dc7df00", + "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "5f09333a-842c-47da-a157-57da27fcbca5", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-06T09:28:00.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "d4f90f07-f5c4-4b36-a81c-6c9bae8660d6", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 71895, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-06T09:28:00", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "d4f90f07-f5c4-4b36-a81c-6c9bae8660d6", + "o365.audit.InterSystemsId": "a89e9b3b-b394-4ecf-8abc-a3f6aaf9237f", + "o365.audit.IntraSystemId": "bfe22fb6-c763-4972-91a7-5b13d3d51400", + "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-09T15:28:52.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "d2ad235b-d73f-4bd8-8aef-6e4909ee1b7c", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 73345, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:28:52", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "d2ad235b-d73f-4bd8-8aef-6e4909ee1b7c", + "o365.audit.InterSystemsId": "aca3d9a3-792d-4357-87c6-ef50c3215baa", + "o365.audit.IntraSystemId": "f67a1615-4606-4673-b6fb-68f714fa2200", + "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "5f09333a-842c-47da-a157-57da27fcbca5", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-10T15:13:37.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "8ff18278-32ca-49d1-8658-91e577e0854f", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 74795, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:13:37", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "8ff18278-32ca-49d1-8658-91e577e0854f", + "o365.audit.InterSystemsId": "ae211253-88cf-4921-9014-2f9beab64fb0", + "o365.audit.IntraSystemId": "ccfec0f3-498b-43b1-a4c0-fb42f0fb5300", + "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "5f09333a-842c-47da-a157-57da27fcbca5", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-09T15:28:52.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "a3939990-f7b4-4dc5-af4d-42b70a9485ea", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 76246, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:28:52", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "a3939990-f7b4-4dc5-af4d-42b70a9485ea", + "o365.audit.InterSystemsId": "b3997fcc-6b0e-45b1-b88d-b4ee4a8a7ddc", + "o365.audit.IntraSystemId": "c1ffa732-6576-4f86-9294-44387abc1f00", + "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000003-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-10T15:13:01.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "61ba70f4-bd75-4bc2-a681-2e219d920e63", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 77696, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:13:01", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "61ba70f4-bd75-4bc2-a681-2e219d920e63", + "o365.audit.InterSystemsId": "b3ab6d58-7b90-45d6-95e3-ee11333ebc34", + "o365.audit.IntraSystemId": "d949d6c2-472e-4901-bd70-96cb90424c00", + "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-12T10:53:12.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "3e17bf8e-92de-45b6-b668-7618ab0e0c95", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 79146, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "79.159.10.151", + "o365.audit.ApplicationId": "80ccca67-54bd-44ab-8625-4b79c4dc7775", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CreationTime": "2020-02-12T10:53:12", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "3e17bf8e-92de-45b6-b668-7618ab0e0c95", + "o365.audit.InterSystemsId": "b5c5fd00-b659-413e-8739-6271a4d70506", + "o365.audit.IntraSystemId": "fabbe34e-a6dd-46f8-805f-4ca633c2ae00", + "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-12T10:52:06.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "f100d714-ffa2-4077-bf90-2f57a3b366c0", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 80596, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "79.159.10.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CreationTime": "2020-02-12T10:52:06", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "f100d714-ffa2-4077-bf90-2f57a3b366c0", + "o365.audit.InterSystemsId": "b744259e-13e0-43d7-9f56-82cdbd54cf7c", + "o365.audit.IntraSystemId": "ce9f104d-1a1b-488e-9313-b9729e99c400", + "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "5f09333a-842c-47da-a157-57da27fcbca5", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-08T14:33:50.000Z", + "client.address": "37.29.234.179", + "client.ip": "37.29.234.179", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "4b0f0d57-0766-4621-8aa0-04b8d8b63a78", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 82047, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "37.29.234.179", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "37.29.234.179", + "o365.audit.CreationTime": "2020-02-08T14:33:50", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "4b0f0d57-0766-4621-8aa0-04b8d8b63a78", + "o365.audit.InterSystemsId": "b7d9a234-9fdd-4e36-9cf3-fd825f22697a", + "o365.audit.IntraSystemId": "49092519-a590-4207-b1b3-1d49f9100a00", + "o365.audit.ObjectId": "Unknown", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "37.29.234.179", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 16299, + "source.as.organization.name": "XFERA Moviles S.A.", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 40.4172, + "source.geo.location.lon": -3.684, + "source.ip": "37.29.234.179", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-10T15:13:38.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "8d9a1fa8-7b85-4c5d-9e96-5728d572fb95", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 83439, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-10T15:13:38", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "8d9a1fa8-7b85-4c5d-9e96-5728d572fb95", + "o365.audit.InterSystemsId": "bb677f9e-953a-4bde-bb91-0ef8209200a1", + "o365.audit.IntraSystemId": "1da3c318-642f-48dc-836b-e83b27655b00", + "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000003-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:44:05.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "9756fe5b-ea0d-42fa-a665-be8e0eb100e5", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 84890, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "213.97.47.133", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CreationTime": "2020-02-07T16:44:05", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "9756fe5b-ea0d-42fa-a665-be8e0eb100e5", + "o365.audit.InterSystemsId": "c355f078-53d7-4d60-b836-851a09a98208", + "o365.audit.IntraSystemId": "20e56367-e902-4200-855b-2ef7b99e5f00", + "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000003-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-09T15:28:51.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "abbf584f-b3a9-4b6d-9b37-4cc4b802ca4d", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 86340, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:28:51", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "abbf584f-b3a9-4b6d-9b37-4cc4b802ca4d", + "o365.audit.InterSystemsId": "c5874ff2-7c53-4d51-9252-7abbf0524b1c", + "o365.audit.IntraSystemId": "3188aef9-6b4e-44f2-8455-c28b49552200", + "o365.audit.ObjectId": "Unknown", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-09T15:25:21.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "d137a5e4-7004-493a-acca-5fb167d1f207", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 87732, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:25:21", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "d137a5e4-7004-493a-acca-5fb167d1f207", + "o365.audit.InterSystemsId": "cf2168a1-6537-4ed6-80a5-797c3458180c", + "o365.audit.IntraSystemId": "23f53edd-63a7-4292-9d80-4fbc49c11e00", + "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000003-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-12T21:38:20.000Z", + "client.address": "79.159.10.151", + "client.ip": "79.159.10.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "73f0a2ef-35be-4a71-9545-59d879fc8fb2", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 89182, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "79.159.10.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.10.151", + "o365.audit.CreationTime": "2020-02-12T21:38:20", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "False", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "73f0a2ef-35be-4a71-9545-59d879fc8fb2", + "o365.audit.InterSystemsId": "d21f6867-0670-4c94-b6fa-bde326fcf3c6", + "o365.audit.IntraSystemId": "1fa4819f-605a-4ebe-a2c3-bc11c3f8e200", + "o365.audit.ObjectId": "Unknown", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "79.159.10.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:44:02.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "3783acda-5ded-4d69-95b6-3df5344c0ce0", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 90575, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "213.97.47.133", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CreationTime": "2020-02-07T16:44:02", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "3783acda-5ded-4d69-95b6-3df5344c0ce0", + "o365.audit.InterSystemsId": "d5effb7f-9d39-4893-90f6-9cfeec7ed1a7", + "o365.audit.IntraSystemId": "f22a3ad7-22e7-4296-a600-e4e9161a6000", + "o365.audit.ObjectId": "Unknown", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:44:03.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "f67568b1-64c4-4165-bdd9-16a5b9142eef", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 91967, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "213.97.47.133", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CreationTime": "2020-02-07T16:44:03", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "f67568b1-64c4-4165-bdd9-16a5b9142eef", + "o365.audit.InterSystemsId": "d960e058-1adb-4a84-a65b-1a6ce367e323", + "o365.audit.IntraSystemId": "1dfdb693-18a1-4cff-aa3e-61feaa356100", + "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "5f09333a-842c-47da-a157-57da27fcbca5", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-09T15:29:02.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "a8114a24-d342-4689-b75e-51e6386763de", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 93417, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:29:02", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "a8114a24-d342-4689-b75e-51e6386763de", + "o365.audit.InterSystemsId": "e2565aaf-91b0-4ccd-8810-743123eb7383", + "o365.audit.IntraSystemId": "21166e08-6589-4c2d-a325-c97ba45f2200", + "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "5f09333a-842c-47da-a157-57da27fcbca5", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-09T15:25:21.000Z", + "client.address": "83.57.233.151", + "client.ip": "83.57.233.151", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "1eaf9c65-8c67-4cd9-9277-771589113752", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 94867, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "83.57.233.151", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "83.57.233.151", + "o365.audit.CreationTime": "2020-02-09T15:25:21", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "1eaf9c65-8c67-4cd9-9277-771589113752", + "o365.audit.InterSystemsId": "ede626b9-2035-4d02-8330-201c4ae82af6", + "o365.audit.IntraSystemId": "98612804-9aa6-40a4-b72a-808bc7742000", + "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "5f09333a-842c-47da-a157-57da27fcbca5", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "83.57.233.151", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "83.57.233.151", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T16:43:39.000Z", + "client.address": "213.97.47.133", + "client.ip": "213.97.47.133", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "3c439e46-d454-4767-9320-1e75540821b7", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 96317, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "755e500a-6c03-46b0-b53b-282f23374e3b", + "Type": 0 + }, + { + "ID": "asr@testsiem.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200096971F55", + "Type": 3 + } + ], + "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.ActorIpAddress": "213.97.47.133", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "213.97.47.133", + "o365.audit.CreationTime": "2020-02-07T16:43:39", + "o365.audit.ExtendedProperties.KeepMeSignedIn": "True", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9", + "o365.audit.Id": "3c439e46-d454-4767-9320-1e75540821b7", + "o365.audit.InterSystemsId": "fc5c6c90-a6ba-486c-b685-8d67c529d3aa", + "o365.audit.IntraSystemId": "6e184f6f-887b-4410-b24d-723031366000", + "o365.audit.ObjectId": "Unknown", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.ip": "213.97.47.133", + "related.user": "asr", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "213.97.47.133", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." + } +] \ No newline at end of file diff --git a/filebeat/module/o365/audit/test/22-yammer.log b/filebeat/module/o365/audit/test/22-yammer.log new file mode 100644 index 00000000000..1c2fa3766b2 --- /dev/null +++ b/filebeat/module/o365/audit/test/22-yammer.log @@ -0,0 +1,2 @@ +{"ObjectId":"Sales","Id":"2af7bbf1-d5d8-5cb0-8aca-f4ad8a087594","CreationTime":"2020-02-28T09:42:45","UserKey":"100320009d6edf94","YammerNetworkId":5846122497,"Operation":"GroupCreation","ClientIP":"79.159.10.151:12345","ActorYammerUserId":36787265537,"UserType":0,"ResultStatus":"TRUE","RecordType":22,"Workload":"Yammer","Version":1,"GroupName":"Sales","OrganizationId":"0e1dddce-163e-4b0b-9e33-87ba56ac4655","UserId":"alice@testsiem2.onmicrosoft.com","ActorUserId":"alice@testsiem2.onmicrosoft.com"} +{"CreationTime":"2020-02-28T09:39:20","ActorUserId":"asr@testsiem2.onmicrosoft.com","ObjectId":"Company group","UserKey":"100320009d292e16","Id":"3f3e7f1c-84c1-55fc-9bb2-c8b8563eae06","ActorYammerUserId":36085768193,"ClientIP":"[fdfd::555]:12346","UserId":"asr@testsiem2.onmicrosoft.com","Operation":"GroupCreation","ResultStatus":"TRUE","UserType":0,"Workload":"Yammer","Version":1,"OrganizationId":"0e1dddce-163e-4b0b-9e33-87ba56ac4655","YammerNetworkId":5846122497,"RecordType":22,"GroupName":"Company group"} diff --git a/filebeat/module/o365/audit/test/22-yammer.log-expected.json b/filebeat/module/o365/audit/test/22-yammer.log-expected.json new file mode 100644 index 00000000000..d0ed002d522 --- /dev/null +++ b/filebeat/module/o365/audit/test/22-yammer.log-expected.json @@ -0,0 +1,109 @@ +[ + { + "@timestamp": "2020-02-28T09:42:45.000Z", + "client.address": "79.159.10.151:12345", + "client.ip": "79.159.10.151", + "client.port": "12345", + "event.action": "GroupCreation", + "event.category": "iam", + "event.code": "Yammer", + "event.dataset": "o365.audit", + "event.id": "2af7bbf1-d5d8-5cb0-8aca-f4ad8a087594", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Yammer", + "event.type": [ + "group", + "creation" + ], + "fileset.name": "audit", + "group.name": "Sales", + "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "input.type": "log", + "log.offset": 0, + "network.type": "ipv4", + "o365.audit.ActorUserId": "alice@testsiem2.onmicrosoft.com", + "o365.audit.ActorYammerUserId": 36787265537, + "o365.audit.ClientIP": "79.159.10.151:12345", + "o365.audit.CreationTime": "2020-02-28T09:42:45", + "o365.audit.GroupName": "Sales", + "o365.audit.Id": "2af7bbf1-d5d8-5cb0-8aca-f4ad8a087594", + "o365.audit.ObjectId": "Sales", + "o365.audit.Operation": "GroupCreation", + "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "o365.audit.RecordType": 22, + "o365.audit.ResultStatus": "TRUE", + "o365.audit.UserId": "alice@testsiem2.onmicrosoft.com", + "o365.audit.UserKey": "100320009d6edf94", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "Yammer", + "o365.audit.YammerNetworkId": 5846122497, + "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "related.ip": "79.159.10.151", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.10.151", + "source.port": "12345", + "user.email": "alice@testsiem2.onmicrosoft.com", + "user.id": "36787265537" + }, + { + "@timestamp": "2020-02-28T09:39:20.000Z", + "client.address": "[fdfd::555]:12346", + "client.ip": "fdfd::555", + "client.port": "12346", + "event.action": "GroupCreation", + "event.category": "iam", + "event.code": "Yammer", + "event.dataset": "o365.audit", + "event.id": "3f3e7f1c-84c1-55fc-9bb2-c8b8563eae06", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "Yammer", + "event.type": [ + "group", + "creation" + ], + "fileset.name": "audit", + "group.name": "Company group", + "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "input.type": "log", + "log.offset": 503, + "network.type": "ipv6", + "o365.audit.ActorUserId": "asr@testsiem2.onmicrosoft.com", + "o365.audit.ActorYammerUserId": 36085768193, + "o365.audit.ClientIP": "[fdfd::555]:12346", + "o365.audit.CreationTime": "2020-02-28T09:39:20", + "o365.audit.GroupName": "Company group", + "o365.audit.Id": "3f3e7f1c-84c1-55fc-9bb2-c8b8563eae06", + "o365.audit.ObjectId": "Company group", + "o365.audit.Operation": "GroupCreation", + "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "o365.audit.RecordType": 22, + "o365.audit.ResultStatus": "TRUE", + "o365.audit.UserId": "asr@testsiem2.onmicrosoft.com", + "o365.audit.UserKey": "100320009d292e16", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "Yammer", + "o365.audit.YammerNetworkId": 5846122497, + "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "related.ip": "fdfd::555", + "service.type": "o365", + "source.ip": "fdfd::555", + "source.port": "12346", + "user.email": "asr@testsiem2.onmicrosoft.com", + "user.id": "36085768193" + } +] \ No newline at end of file diff --git a/filebeat/module/o365/audit/test/25-ms-teams.log b/filebeat/module/o365/audit/test/25-ms-teams.log new file mode 100644 index 00000000000..d3d294cee90 --- /dev/null +++ b/filebeat/module/o365/audit/test/25-ms-teams.log @@ -0,0 +1,4 @@ +{"RecordType":25,"Version":1,"TeamGuid":"19:5ad83cb367fc48358e759dccff238f46@thread.skype","UserId":"Application","UserKey":"","CreationTime":"2020-02-17T16:59:44","TeamName":"SIEMTest","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"TeamCreated","Id":"49fa9883-50a9-4c9c-8e12-57e0948a9d8a","UserType":5,"Workload":"MicrosoftTeams"} +{"TeamGuid":"19:5ad83cb367fc48358e759dccff238f46@thread.skype","UserKey":"755e500a-6c03-46b0-b53b-282f23374e3b","TeamName":"SIEMTest","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"MemberAdded","Workload":"MicrosoftTeams","RecordType":25,"Version":1,"UserId":"asr@testsiem.onmicrosoft.com","CreationTime":"2020-02-17T16:59:47","ItemName":"SIEMTest","Id":"3a951c24-3214-5529-b2fe-097628a39ecd","UserType":0,"Members":[{"Role":1,"UPN":"david@testsiem.onmicrosoft.com","DisplayName":"David"},{"Role":1,"UPN":"chuck@testsiem.onmicrosoft.com","DisplayName":"Chuck"},{"Role":1,"UPN":"bob@testsiem.onmicrosoft.com","DisplayName":"Bob"},{"Role":1,"UPN":"alice@testsiem.onmicrosoft.com","DisplayName":"Alice"}]} +{"TeamGuid":"19:5ad83cb367fc48358e759dccff238f46@thread.skype","UserKey":"755e500a-6c03-46b0-b53b-282f23374e3b","TeamName":"SIEMTest","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"MemberAdded","Workload":"MicrosoftTeams","RecordType":25,"Version":1,"UserId":"asr@testsiem.onmicrosoft.com","CreationTime":"2020-02-17T16:59:44","ItemName":"SIEMTest","Id":"3350cfd2-1020-5b11-99d8-2701f3a29ea3","UserType":0,"Members":[{"Role":2,"UPN":"asr@testsiem.onmicrosoft.com","DisplayName":"Alan Smithee"}]} +{"RecordType":25,"Version":1,"ObjectId":"Unknown (Unknown)","UserId":"bob@testsiem.onmicrosoft.com","UserKey":"d0e0cfb0-284d-4b0a-83fe-dd543a1c1ed0","CreationTime":"2020-02-17T16:59:34","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Id":"d7636db2-859f-437e-8dff-573726578ad7","Operation":"TeamsSessionStarted","UserType":0,"Workload":"MicrosoftTeams"} diff --git a/filebeat/module/o365/audit/test/25-ms-teams.log-expected.json b/filebeat/module/o365/audit/test/25-ms-teams.log-expected.json new file mode 100644 index 00000000000..40e3e3dd3ad --- /dev/null +++ b/filebeat/module/o365/audit/test/25-ms-teams.log-expected.json @@ -0,0 +1,169 @@ +[ + { + "@timestamp": "2020-02-17T16:59:44.000Z", + "event.action": "TeamCreated", + "event.category": "web", + "event.code": "MicrosoftTeams", + "event.dataset": "o365.audit", + "event.id": "49fa9883-50a9-4c9c-8e12-57e0948a9d8a", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "MicrosoftTeams", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 0, + "o365.audit.CreationTime": "2020-02-17T16:59:44", + "o365.audit.Id": "49fa9883-50a9-4c9c-8e12-57e0948a9d8a", + "o365.audit.Operation": "TeamCreated", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 25, + "o365.audit.TeamGuid": "19:5ad83cb367fc48358e759dccff238f46@thread.skype", + "o365.audit.TeamName": "SIEMTest", + "o365.audit.UserId": "Application", + "o365.audit.UserKey": "", + "o365.audit.UserType": 5, + "o365.audit.Version": 1, + "o365.audit.Workload": "MicrosoftTeams", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "service.type": "o365", + "user.id": "Application" + }, + { + "@timestamp": "2020-02-17T16:59:47.000Z", + "event.action": "MemberAdded", + "event.category": "web", + "event.code": "MicrosoftTeams", + "event.dataset": "o365.audit", + "event.id": "3a951c24-3214-5529-b2fe-097628a39ecd", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "MicrosoftTeams", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 354, + "o365.audit.CreationTime": "2020-02-17T16:59:47", + "o365.audit.Id": "3a951c24-3214-5529-b2fe-097628a39ecd", + "o365.audit.ItemName": "SIEMTest", + "o365.audit.Members": [ + { + "DisplayName": "David", + "Role": 1, + "UPN": "david@testsiem.onmicrosoft.com" + }, + { + "DisplayName": "Chuck", + "Role": 1, + "UPN": "chuck@testsiem.onmicrosoft.com" + }, + { + "DisplayName": "Bob", + "Role": 1, + "UPN": "bob@testsiem.onmicrosoft.com" + }, + { + "DisplayName": "Alice", + "Role": 1, + "UPN": "alice@testsiem.onmicrosoft.com" + } + ], + "o365.audit.Operation": "MemberAdded", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 25, + "o365.audit.TeamGuid": "19:5ad83cb367fc48358e759dccff238f46@thread.skype", + "o365.audit.TeamName": "SIEMTest", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "MicrosoftTeams", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.user": "asr", + "service.type": "o365", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-17T16:59:44.000Z", + "event.action": "MemberAdded", + "event.category": "web", + "event.code": "MicrosoftTeams", + "event.dataset": "o365.audit", + "event.id": "3350cfd2-1020-5b11-99d8-2701f3a29ea3", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "MicrosoftTeams", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 1079, + "o365.audit.CreationTime": "2020-02-17T16:59:44", + "o365.audit.Id": "3350cfd2-1020-5b11-99d8-2701f3a29ea3", + "o365.audit.ItemName": "SIEMTest", + "o365.audit.Members": [ + { + "DisplayName": "Alan Smithee", + "Role": 2, + "UPN": "asr@testsiem.onmicrosoft.com" + } + ], + "o365.audit.Operation": "MemberAdded", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 25, + "o365.audit.TeamGuid": "19:5ad83cb367fc48358e759dccff238f46@thread.skype", + "o365.audit.TeamName": "SIEMTest", + "o365.audit.UserId": "asr@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "755e500a-6c03-46b0-b53b-282f23374e3b", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "MicrosoftTeams", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.user": "asr", + "service.type": "o365", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-17T16:59:34.000Z", + "event.action": "TeamsSessionStarted", + "event.category": "web", + "event.code": "MicrosoftTeams", + "event.dataset": "o365.audit", + "event.id": "d7636db2-859f-437e-8dff-573726578ad7", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "MicrosoftTeams", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 1597, + "o365.audit.CreationTime": "2020-02-17T16:59:34", + "o365.audit.Id": "d7636db2-859f-437e-8dff-573726578ad7", + "o365.audit.ObjectId": "Unknown (Unknown)", + "o365.audit.Operation": "TeamsSessionStarted", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 25, + "o365.audit.UserId": "bob@testsiem.onmicrosoft.com", + "o365.audit.UserKey": "d0e0cfb0-284d-4b0a-83fe-dd543a1c1ed0", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "MicrosoftTeams", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.user": "bob", + "service.type": "o365", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "bob@testsiem.onmicrosoft.com", + "user.name": "bob" + } +] \ No newline at end of file diff --git a/filebeat/module/o365/audit/test/40-sec-comp-alerts.log b/filebeat/module/o365/audit/test/40-sec-comp-alerts.log new file mode 100644 index 00000000000..7a61bbe30f6 --- /dev/null +++ b/filebeat/module/o365/audit/test/40-sec-comp-alerts.log @@ -0,0 +1,3 @@ +{"Category": "AccessGovernance", "UserKey": "SecurityComplianceAlerts", "Operation": "AlertEntityGenerated", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AlertEntityId" : "asr@testsiem.onmicrosoft.com", "Source" : "Office 365 Security & Compliance", "Name" : "Elevation of Exchange admin privilege", "AlertType" : "System", "RecordType" : 40, "Version" : 1, "Status" : "Active", "ObjectId" : "asr@testsiem.onmicrosoft.com", "ResultStatus" : "Succeeded", "Comments" : "New alert", "AlertLinks" : [ { "AlertLinkHref" : "http://example.net/alert" }, { "AlertLinkHref" : "http://example.net/info" } ], "Severity" : "Low", "Data" : "{\"etype\":\"User\",\"eid\":\"asr@testsiem.onmicrosoft.com\",\"tid\":\"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd\",\"ts\":\"2020-02-14T18:54:45.0000000Z\",\"te\":\"2020-02-14T18:54:45.0000000Z\",\"op\":\"GrantAdminPermission\",\"tdc\":\"1\",\"suid\":\"asr@testsiem.onmicrosoft.com\",\"ut\":\"Admin\",\"lon\":\"GrantAdminPermission\"}", "Workload" : "SecurityComplianceCenter", "EntityType" : "User", "AlertId" : "5ba6e029-8b6e-13bd-b800-08d7b180173c", "UserId" : "SecurityComplianceAlerts", "CreationTime" : "2020-02-14T19:00:00", "Id" : "448854d7-81f6-4a06-d31a-08d7b1c1fb2f", "UserType" : 4, "PolicyId" : "17d51759-88e1-40c1-8df3-20bcf2e43057" } +{ "Status" : "Active", "Category" : "AccessGovernance", "ResultStatus" : "Succeeded", "ObjectId" : "5ba6e029-8b6e-13bd-b800-08d7b180173c", "Comments" : "New alert", "UserKey" : "SecurityComplianceAlerts", "AlertLinks" : [ { "AlertLinkHref" : "http://example.net/single" } ], "Data" : "{\"f3u\":\"asr@testsiem.onmicrosoft.com\",\"ts\":\"2020-02-14T18:45:00.0000000Z\",\"te\":\"2020-02-14T19:00:00.0000000Z\",\"op\":\"GrantAdminPermission\",\"wl\":\"Exchange\",\"tid\":\"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd\",\"tdc\":\"1\",\"reid\":\"23a5e271-e297-4f35-ff57-08d7b17f5bf2\",\"rid\":\"f81f1b69-dc60-4ded-918e-e17d5c73b29f\",\"cid\":\"17d51759-88e1-40c1-8df3-20bcf2e43057\",\"ad\":\"This alert is triggered when someone in your organization becomes an Exchange admin or gets new Exchange admin permissions -V1.0.0.1\",\"lon\":\"GrantAdminPermission\",\"an\":\"Elevation of Exchange admin privilege\",\"sev\":\"Low\"}", "Severity" : "Low", "Operation" : "AlertTriggered", "OrganizationId" : "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "Source" : "Office 365 Security & Compliance", "Workload" : "SecurityComplianceCenter", "Name" : "Elevation of Exchange admin privilege", "AlertType" : "System", "AlertId" : "5ba6e029-8b6e-13bd-b800-08d7b180173c", "RecordType" : 40, "Version" : 1, "UserId" : "SecurityComplianceAlerts", "CreationTime" : "2020-02-14T19:00:00", "Id" : "7d6297b5-e4a7-46f0-3c1e-08d7b1c1fb22", "UserType" : 4, "PolicyId" : "17d51759-88e1-40c1-8df3-20bcf2e43057" } +{ "Status" : "Active", "Category" : "ThreatManagement", "ResultStatus" : "Succeeded", "ObjectId" : "12345678-8b6e-13bd-b800-08d7b180173c", "Comments" : "This is a phony threat alert", "UserKey" : "SecurityComplianceAlerts", "AlertLinks" : [], "Data" : "{\"something\":\"blabla\"}", "Severity" : "High", "Operation" : "AlertTriggered", "OrganizationId" : "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "Source" : "Office 365 Security & Compliance", "Workload" : "SecurityComplianceCenter", "Name" : "Phony Malware Alert", "AlertType" : "System", "AlertId" : "1233344-8b6e-13bd-b800-08d7b180173c", "RecordType" : 40, "Version" : 1, "UserId" : "SecurityComplianceAlerts", "CreationTime" : "2020-02-14T19:00:00", "Id" : "7d6297b5-e4a7-46f0-3c1e-08d7b1c1fb22", "UserType" : 4, "PolicyId" : "17d51759-88e1-40c1-8df3-20bcf2e43057", "AlertEntityId" : "Malware/Evil.Malware.B", "EntityType" : "MalwareFamily"} diff --git a/filebeat/module/o365/audit/test/40-sec-comp-alerts.log-expected.json b/filebeat/module/o365/audit/test/40-sec-comp-alerts.log-expected.json new file mode 100644 index 00000000000..beee3341761 --- /dev/null +++ b/filebeat/module/o365/audit/test/40-sec-comp-alerts.log-expected.json @@ -0,0 +1,165 @@ +[ + { + "@timestamp": "2020-02-14T19:00:00.000Z", + "event.action": "AlertEntityGenerated", + "event.category": "authentication", + "event.code": "SecurityComplianceAlerts", + "event.dataset": "o365.audit", + "event.id": "448854d7-81f6-4a06-d31a-08d7b1c1fb2f", + "event.kind": "alert", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SecurityComplianceCenter", + "event.severity": 2, + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 0, + "message": "New alert", + "o365.audit.AlertEntityId": "asr@testsiem.onmicrosoft.com", + "o365.audit.AlertId": "5ba6e029-8b6e-13bd-b800-08d7b180173c", + "o365.audit.AlertLinks": [ + "http://example.net/alert", + "http://example.net/info" + ], + "o365.audit.AlertType": "System", + "o365.audit.Category": "AccessGovernance", + "o365.audit.Comments": "New alert", + "o365.audit.CreationTime": "2020-02-14T19:00:00", + "o365.audit.Data": "{\"etype\":\"User\",\"eid\":\"asr@testsiem.onmicrosoft.com\",\"tid\":\"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd\",\"ts\":\"2020-02-14T18:54:45.0000000Z\",\"te\":\"2020-02-14T18:54:45.0000000Z\",\"op\":\"GrantAdminPermission\",\"tdc\":\"1\",\"suid\":\"asr@testsiem.onmicrosoft.com\",\"ut\":\"Admin\",\"lon\":\"GrantAdminPermission\"}", + "o365.audit.EntityType": "User", + "o365.audit.Id": "448854d7-81f6-4a06-d31a-08d7b1c1fb2f", + "o365.audit.Name": "Elevation of Exchange admin privilege", + "o365.audit.ObjectId": "asr@testsiem.onmicrosoft.com", + "o365.audit.Operation": "AlertEntityGenerated", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.PolicyId": "17d51759-88e1-40c1-8df3-20bcf2e43057", + "o365.audit.RecordType": 40, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.Severity": "Low", + "o365.audit.Source": "Office 365 Security & Compliance", + "o365.audit.Status": "Active", + "o365.audit.UserId": "SecurityComplianceAlerts", + "o365.audit.UserKey": "SecurityComplianceAlerts", + "o365.audit.UserType": 4, + "o365.audit.Version": 1, + "o365.audit.Workload": "SecurityComplianceCenter", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "related.user": "asr", + "rule.category": "AccessGovernance", + "rule.description": "asr@testsiem.onmicrosoft.com", + "rule.id": "17d51759-88e1-40c1-8df3-20bcf2e43057", + "rule.name": "Elevation of Exchange admin privilege", + "rule.reference": [ + "http://example.net/alert", + "http://example.net/info" + ], + "rule.ruleset": "User", + "service.type": "o365", + "user.domain": "testsiem.onmicrosoft.com", + "user.id": "asr@testsiem.onmicrosoft.com", + "user.name": "asr" + }, + { + "@timestamp": "2020-02-14T19:00:00.000Z", + "event.action": "AlertTriggered", + "event.category": "authentication", + "event.code": "SecurityComplianceAlerts", + "event.dataset": "o365.audit", + "event.id": "7d6297b5-e4a7-46f0-3c1e-08d7b1c1fb22", + "event.kind": "alert", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SecurityComplianceCenter", + "event.severity": 2, + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 1285, + "message": "New alert", + "o365.audit.AlertId": "5ba6e029-8b6e-13bd-b800-08d7b180173c", + "o365.audit.AlertLinks": "http://example.net/single", + "o365.audit.AlertType": "System", + "o365.audit.Category": "AccessGovernance", + "o365.audit.Comments": "New alert", + "o365.audit.CreationTime": "2020-02-14T19:00:00", + "o365.audit.Data": "{\"f3u\":\"asr@testsiem.onmicrosoft.com\",\"ts\":\"2020-02-14T18:45:00.0000000Z\",\"te\":\"2020-02-14T19:00:00.0000000Z\",\"op\":\"GrantAdminPermission\",\"wl\":\"Exchange\",\"tid\":\"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd\",\"tdc\":\"1\",\"reid\":\"23a5e271-e297-4f35-ff57-08d7b17f5bf2\",\"rid\":\"f81f1b69-dc60-4ded-918e-e17d5c73b29f\",\"cid\":\"17d51759-88e1-40c1-8df3-20bcf2e43057\",\"ad\":\"This alert is triggered when someone in your organization becomes an Exchange admin or gets new Exchange admin permissions -V1.0.0.1\",\"lon\":\"GrantAdminPermission\",\"an\":\"Elevation of Exchange admin privilege\",\"sev\":\"Low\"}", + "o365.audit.Id": "7d6297b5-e4a7-46f0-3c1e-08d7b1c1fb22", + "o365.audit.Name": "Elevation of Exchange admin privilege", + "o365.audit.ObjectId": "5ba6e029-8b6e-13bd-b800-08d7b180173c", + "o365.audit.Operation": "AlertTriggered", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.PolicyId": "17d51759-88e1-40c1-8df3-20bcf2e43057", + "o365.audit.RecordType": 40, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.Severity": "Low", + "o365.audit.Source": "Office 365 Security & Compliance", + "o365.audit.Status": "Active", + "o365.audit.UserId": "SecurityComplianceAlerts", + "o365.audit.UserKey": "SecurityComplianceAlerts", + "o365.audit.UserType": 4, + "o365.audit.Version": 1, + "o365.audit.Workload": "SecurityComplianceCenter", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "rule.category": "AccessGovernance", + "rule.id": "17d51759-88e1-40c1-8df3-20bcf2e43057", + "rule.name": "Elevation of Exchange admin privilege", + "rule.reference": "http://example.net/single", + "service.type": "o365", + "user.id": "SecurityComplianceAlerts" + }, + { + "@timestamp": "2020-02-14T19:00:00.000Z", + "event.action": "AlertTriggered", + "event.category": "malware", + "event.code": "SecurityComplianceAlerts", + "event.dataset": "o365.audit", + "event.id": "7d6297b5-e4a7-46f0-3c1e-08d7b1c1fb22", + "event.kind": "alert", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SecurityComplianceCenter", + "event.severity": 4, + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 2755, + "message": "This is a phony threat alert", + "o365.audit.AlertEntityId": "Malware/Evil.Malware.B", + "o365.audit.AlertId": "1233344-8b6e-13bd-b800-08d7b180173c", + "o365.audit.AlertType": "System", + "o365.audit.Category": "ThreatManagement", + "o365.audit.Comments": "This is a phony threat alert", + "o365.audit.CreationTime": "2020-02-14T19:00:00", + "o365.audit.Data": "{\"something\":\"blabla\"}", + "o365.audit.EntityType": "MalwareFamily", + "o365.audit.Id": "7d6297b5-e4a7-46f0-3c1e-08d7b1c1fb22", + "o365.audit.Name": "Phony Malware Alert", + "o365.audit.ObjectId": "12345678-8b6e-13bd-b800-08d7b180173c", + "o365.audit.Operation": "AlertTriggered", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.PolicyId": "17d51759-88e1-40c1-8df3-20bcf2e43057", + "o365.audit.RecordType": 40, + "o365.audit.ResultStatus": "Succeeded", + "o365.audit.Severity": "High", + "o365.audit.Source": "Office 365 Security & Compliance", + "o365.audit.Status": "Active", + "o365.audit.UserId": "SecurityComplianceAlerts", + "o365.audit.UserKey": "SecurityComplianceAlerts", + "o365.audit.UserType": 4, + "o365.audit.Version": 1, + "o365.audit.Workload": "SecurityComplianceCenter", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "rule.category": "ThreatManagement", + "rule.description": "Malware/Evil.Malware.B", + "rule.id": "17d51759-88e1-40c1-8df3-20bcf2e43057", + "rule.name": "Phony Malware Alert", + "rule.ruleset": "MalwareFamily", + "service.type": "o365", + "threat.technique.id": "Malware/Evil.Malware.B", + "user.id": "SecurityComplianceAlerts" + } +] \ No newline at end of file diff --git a/filebeat/module/o365/audit/test/52-data-insights-api.log b/filebeat/module/o365/audit/test/52-data-insights-api.log new file mode 100644 index 00000000000..c1e20b772c4 --- /dev/null +++ b/filebeat/module/o365/audit/test/52-data-insights-api.log @@ -0,0 +1,9 @@ +{"Workload": "SecurityComplianceCenter", "DataType": "DataInsightsSubscription", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:38", "UserId": "Service Account", "UserType": 5, "Version": 1, "UserKey": "Service Account", "Operation": "SearchDataInsightsSubscription", "Id": "20a7bbcf-8e64-4e60-b075-08d7ae3bcea0", "RecordType": 52} +{"Workload": "SecurityComplianceCenter", "DataType": "DataInsightsSubscription", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:38:38", "UserId": "Service Account", "UserType": 5, "Version": 1, "UserKey": "Service Account", "Operation": "SearchDataInsightsSubscription", "Id": "0ff67168-de8c-45fb-3f7d-08d7b003ebdc", "RecordType": 52} +{"Workload": "SecurityComplianceCenter", "RecordType": 52, "DataType": "DataInsightsSubscription", "CreationTime": "2020-02-10T15:13:38", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "Service Account", "UserType": 5, "Version": 1, "UserKey": "Service Account", "Operation": "SearchDataInsightsSubscription", "Id": "20a7bbcf-8e64-4e60-b075-08d7ae3bcea0"} +{"Workload": "SecurityComplianceCenter", "RecordType": 52, "DataType": "DataInsightsSubscription", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:53:26", "UserId": "Service Account", "UserType": 5, "Version": 1, "UserKey": "Service Account", "Operation": "SearchDataInsightsSubscription", "Id": "3b492d08-23a8-4e65-75ea-08d7afa9c9a2"} +{"Workload": "SecurityComplianceCenter", "RecordType": 52, "DataType": "DataInsightsSubscription", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:38:38", "UserId": "Service Account", "UserType": 5, "Version": 1, "UserKey": "Service Account", "Operation": "SearchDataInsightsSubscription", "Id": "0ff67168-de8c-45fb-3f7d-08d7b003ebdc"} +{"Workload": "SecurityComplianceCenter", "RecordType": 52, "UserType": 5, "DataType": "DataInsightsSubscription", "CreationTime": "2020-02-12T10:53:26", "UserId": "Service Account", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "Version": 1, "UserKey": "Service Account", "Operation": "SearchDataInsightsSubscription", "Id": "3b492d08-23a8-4e65-75ea-08d7afa9c9a2"} +{"Workload": "SecurityComplianceCenter", "RecordType": 52, "UserType": 5, "DataType": "DataInsightsSubscription", "UserId": "Service Account", "CreationTime": "2020-02-10T15:13:38", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "Version": 1, "UserKey": "Service Account", "Operation": "SearchDataInsightsSubscription", "Id": "20a7bbcf-8e64-4e60-b075-08d7ae3bcea0"} +{"Workload": "SecurityComplianceCenter", "RecordType": 52, "UserType": 5, "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:53:26", "UserId": "Service Account", "DataType": "DataInsightsSubscription", "Version": 1, "UserKey": "Service Account", "Operation": "SearchDataInsightsSubscription", "Id": "3b492d08-23a8-4e65-75ea-08d7afa9c9a2"} +{"Workload": "SecurityComplianceCenter", "RecordType": 52, "UserType": 5, "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "Service Account", "CreationTime": "2020-02-12T21:38:38", "DataType": "DataInsightsSubscription", "Version": 1, "UserKey": "Service Account", "Operation": "SearchDataInsightsSubscription", "Id": "0ff67168-de8c-45fb-3f7d-08d7b003ebdc"} diff --git a/filebeat/module/o365/audit/test/52-data-insights-api.log-expected.json b/filebeat/module/o365/audit/test/52-data-insights-api.log-expected.json new file mode 100644 index 00000000000..3ea637aee91 --- /dev/null +++ b/filebeat/module/o365/audit/test/52-data-insights-api.log-expected.json @@ -0,0 +1,281 @@ +[ + { + "@timestamp": "2020-02-10T15:13:38.000Z", + "event.action": "SearchDataInsightsSubscription", + "event.category": "web", + "event.code": "DataInsightsRestApiAudit", + "event.dataset": "o365.audit", + "event.id": "20a7bbcf-8e64-4e60-b075-08d7ae3bcea0", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SecurityComplianceCenter", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 0, + "o365.audit.CreationTime": "2020-02-10T15:13:38", + "o365.audit.DataType": "DataInsightsSubscription", + "o365.audit.Id": "20a7bbcf-8e64-4e60-b075-08d7ae3bcea0", + "o365.audit.Operation": "SearchDataInsightsSubscription", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 52, + "o365.audit.UserId": "Service Account", + "o365.audit.UserKey": "Service Account", + "o365.audit.UserType": 5, + "o365.audit.Version": 1, + "o365.audit.Workload": "SecurityComplianceCenter", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "service.type": "o365", + "user.id": "Service Account" + }, + { + "@timestamp": "2020-02-12T21:38:38.000Z", + "event.action": "SearchDataInsightsSubscription", + "event.category": "web", + "event.code": "DataInsightsRestApiAudit", + "event.dataset": "o365.audit", + "event.id": "0ff67168-de8c-45fb-3f7d-08d7b003ebdc", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SecurityComplianceCenter", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 377, + "o365.audit.CreationTime": "2020-02-12T21:38:38", + "o365.audit.DataType": "DataInsightsSubscription", + "o365.audit.Id": "0ff67168-de8c-45fb-3f7d-08d7b003ebdc", + "o365.audit.Operation": "SearchDataInsightsSubscription", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 52, + "o365.audit.UserId": "Service Account", + "o365.audit.UserKey": "Service Account", + "o365.audit.UserType": 5, + "o365.audit.Version": 1, + "o365.audit.Workload": "SecurityComplianceCenter", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "service.type": "o365", + "user.id": "Service Account" + }, + { + "@timestamp": "2020-02-10T15:13:38.000Z", + "event.action": "SearchDataInsightsSubscription", + "event.category": "web", + "event.code": "DataInsightsRestApiAudit", + "event.dataset": "o365.audit", + "event.id": "20a7bbcf-8e64-4e60-b075-08d7ae3bcea0", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SecurityComplianceCenter", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 754, + "o365.audit.CreationTime": "2020-02-10T15:13:38", + "o365.audit.DataType": "DataInsightsSubscription", + "o365.audit.Id": "20a7bbcf-8e64-4e60-b075-08d7ae3bcea0", + "o365.audit.Operation": "SearchDataInsightsSubscription", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 52, + "o365.audit.UserId": "Service Account", + "o365.audit.UserKey": "Service Account", + "o365.audit.UserType": 5, + "o365.audit.Version": 1, + "o365.audit.Workload": "SecurityComplianceCenter", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "service.type": "o365", + "user.id": "Service Account" + }, + { + "@timestamp": "2020-02-12T10:53:26.000Z", + "event.action": "SearchDataInsightsSubscription", + "event.category": "web", + "event.code": "DataInsightsRestApiAudit", + "event.dataset": "o365.audit", + "event.id": "3b492d08-23a8-4e65-75ea-08d7afa9c9a2", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SecurityComplianceCenter", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 1131, + "o365.audit.CreationTime": "2020-02-12T10:53:26", + "o365.audit.DataType": "DataInsightsSubscription", + "o365.audit.Id": "3b492d08-23a8-4e65-75ea-08d7afa9c9a2", + "o365.audit.Operation": "SearchDataInsightsSubscription", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 52, + "o365.audit.UserId": "Service Account", + "o365.audit.UserKey": "Service Account", + "o365.audit.UserType": 5, + "o365.audit.Version": 1, + "o365.audit.Workload": "SecurityComplianceCenter", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "service.type": "o365", + "user.id": "Service Account" + }, + { + "@timestamp": "2020-02-12T21:38:38.000Z", + "event.action": "SearchDataInsightsSubscription", + "event.category": "web", + "event.code": "DataInsightsRestApiAudit", + "event.dataset": "o365.audit", + "event.id": "0ff67168-de8c-45fb-3f7d-08d7b003ebdc", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SecurityComplianceCenter", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 1508, + "o365.audit.CreationTime": "2020-02-12T21:38:38", + "o365.audit.DataType": "DataInsightsSubscription", + "o365.audit.Id": "0ff67168-de8c-45fb-3f7d-08d7b003ebdc", + "o365.audit.Operation": "SearchDataInsightsSubscription", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 52, + "o365.audit.UserId": "Service Account", + "o365.audit.UserKey": "Service Account", + "o365.audit.UserType": 5, + "o365.audit.Version": 1, + "o365.audit.Workload": "SecurityComplianceCenter", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "service.type": "o365", + "user.id": "Service Account" + }, + { + "@timestamp": "2020-02-12T10:53:26.000Z", + "event.action": "SearchDataInsightsSubscription", + "event.category": "web", + "event.code": "DataInsightsRestApiAudit", + "event.dataset": "o365.audit", + "event.id": "3b492d08-23a8-4e65-75ea-08d7afa9c9a2", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SecurityComplianceCenter", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 1885, + "o365.audit.CreationTime": "2020-02-12T10:53:26", + "o365.audit.DataType": "DataInsightsSubscription", + "o365.audit.Id": "3b492d08-23a8-4e65-75ea-08d7afa9c9a2", + "o365.audit.Operation": "SearchDataInsightsSubscription", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 52, + "o365.audit.UserId": "Service Account", + "o365.audit.UserKey": "Service Account", + "o365.audit.UserType": 5, + "o365.audit.Version": 1, + "o365.audit.Workload": "SecurityComplianceCenter", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "service.type": "o365", + "user.id": "Service Account" + }, + { + "@timestamp": "2020-02-10T15:13:38.000Z", + "event.action": "SearchDataInsightsSubscription", + "event.category": "web", + "event.code": "DataInsightsRestApiAudit", + "event.dataset": "o365.audit", + "event.id": "20a7bbcf-8e64-4e60-b075-08d7ae3bcea0", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SecurityComplianceCenter", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 2262, + "o365.audit.CreationTime": "2020-02-10T15:13:38", + "o365.audit.DataType": "DataInsightsSubscription", + "o365.audit.Id": "20a7bbcf-8e64-4e60-b075-08d7ae3bcea0", + "o365.audit.Operation": "SearchDataInsightsSubscription", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 52, + "o365.audit.UserId": "Service Account", + "o365.audit.UserKey": "Service Account", + "o365.audit.UserType": 5, + "o365.audit.Version": 1, + "o365.audit.Workload": "SecurityComplianceCenter", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "service.type": "o365", + "user.id": "Service Account" + }, + { + "@timestamp": "2020-02-12T10:53:26.000Z", + "event.action": "SearchDataInsightsSubscription", + "event.category": "web", + "event.code": "DataInsightsRestApiAudit", + "event.dataset": "o365.audit", + "event.id": "3b492d08-23a8-4e65-75ea-08d7afa9c9a2", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SecurityComplianceCenter", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 2639, + "o365.audit.CreationTime": "2020-02-12T10:53:26", + "o365.audit.DataType": "DataInsightsSubscription", + "o365.audit.Id": "3b492d08-23a8-4e65-75ea-08d7afa9c9a2", + "o365.audit.Operation": "SearchDataInsightsSubscription", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 52, + "o365.audit.UserId": "Service Account", + "o365.audit.UserKey": "Service Account", + "o365.audit.UserType": 5, + "o365.audit.Version": 1, + "o365.audit.Workload": "SecurityComplianceCenter", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "service.type": "o365", + "user.id": "Service Account" + }, + { + "@timestamp": "2020-02-12T21:38:38.000Z", + "event.action": "SearchDataInsightsSubscription", + "event.category": "web", + "event.code": "DataInsightsRestApiAudit", + "event.dataset": "o365.audit", + "event.id": "0ff67168-de8c-45fb-3f7d-08d7b003ebdc", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SecurityComplianceCenter", + "event.type": "info", + "fileset.name": "audit", + "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "input.type": "log", + "log.offset": 3016, + "o365.audit.CreationTime": "2020-02-12T21:38:38", + "o365.audit.DataType": "DataInsightsSubscription", + "o365.audit.Id": "0ff67168-de8c-45fb-3f7d-08d7b003ebdc", + "o365.audit.Operation": "SearchDataInsightsSubscription", + "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "o365.audit.RecordType": 52, + "o365.audit.UserId": "Service Account", + "o365.audit.UserKey": "Service Account", + "o365.audit.UserType": 5, + "o365.audit.Version": 1, + "o365.audit.Workload": "SecurityComplianceCenter", + "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "service.type": "o365", + "user.id": "Service Account" + } +] \ No newline at end of file diff --git a/filebeat/module/o365/fields.go b/filebeat/module/o365/fields.go new file mode 100644 index 00000000000..5d363b39d82 --- /dev/null +++ b/filebeat/module/o365/fields.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package o365 + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "o365", asset.ModuleFieldsPri, AssetO365); err != nil { + panic(err) + } +} + +// AssetO365 returns asset data. +// This is the base64 encoded gzipped contents of module/o365. +func AssetO365() string { + return "eJzUmcFu40YMhu95ijkX2FyK9uBDAcP2LozGsRE5XfRUTCRaYT2aUTmUE+3TFzPqNrHitNn8vqyPnvATSZH/kM4Hs6d+YsKPP/90YYyyOpqY9W7HJZnhu4piKdwqBz8xv1wYY8wqVJ0jswti7q2vHPvauFBHs5PQPLO+vDBmx+SqOMl2w+eD8bah4ZmXtqtYnx0ao31LE1NL6Nqj7yva2c7pHxk4MTvrIo3+4IWjT5+P2Y2xg2Zlva2pIa9mulma7E0O5fLI/mUQT2FMSw0yetoQgxWx/ejkFOmJtZyPDr6i9tQ/BKn+PX3Fftu39B7CUSyz4JUedVmdDOrtnGU7rSqhGEHObSSBnfndNg3hKEeiC6+sPYyBAVfs96dze1x4rxNOlMu3ONG2UAxt67i0qV3nHFtn+2vbYO585UFufemEpqXygeYslGqnXxzIg8laPJb31te0IrVzq/byh5OscPcnlfrfqJlVqoOMleUbnJk5Jq/g+xsgS78LhQr7GiZtcAIsOLPQpMvgNCGp4ujAB2ni+DJ6hSxCDi7PmVBmbBnplVkXNTS3nv/qCPEmVTJmDXZVlmKQkZobCyQjitBJiSkE5eEltRQgD4tHJV9RtZHQkihTBGHirZuWJdRXn9I4h+k7UqfLJt0NrMW9FcQFX3KVhAZxxQ8ZvQp18FjlZlTRR6Umgi6JHTgQRqkBSm0wBwFgiSk12Cu54ghVR7ZXOoM05/paiLyym7ydASYkIdLYXTAQzMqyuwuPn7ozQNYPnmRlo5JMyzJ0Xs/hWqaeDXS7uQZA1NyRvHsz+MccaMRVqHjHxzcQgMN6ep2fgHTSuiXJMxeAkNp6/gJPf885YFqEa/ZW2dcFyYEAldhYsQ0pVjOb4Ljs56SW3btLd4AgCb6hMkiFSd4Nxc5poVY7YGIqyEdOW2gaB+ekVObiiUtfuq4iIMY8BG0Cez3DMlpQjGBRF3QgYQX22YIVeF/J+lYcAAAn/8H+IzvKs3uEpOYJhgnEwLnJK+sBzA/aCl3bBtEtl3uClHxrpabxCv+9/lY7BHOGH2sHUJrR1nKGPe0FDlPTLVlwqk8EbHIcpvGkm+xrJNUpK9Oa/OkafDMCdeFXAsQ2AbBX+hsJpnGf6Q5JwecgexcsQBj+m3BN+hBk/z+u/B0AAP//cb9ybQ==" +} diff --git a/filebeat/module/o365/module.yml b/filebeat/module/o365/module.yml new file mode 100644 index 00000000000..2ef22242db8 --- /dev/null +++ b/filebeat/module/o365/module.yml @@ -0,0 +1,3 @@ +dashboards: + - id: 712e2c00-685d-11ea-8d6a-292ef5d68366 + file: Filebeat-O365-Audit.json diff --git a/filebeat/module/okta/README.md b/filebeat/module/okta/README.md new file mode 100644 index 00000000000..55cbcf6e926 --- /dev/null +++ b/filebeat/module/okta/README.md @@ -0,0 +1,24 @@ +# Okta module + +## Caveats + +* Module is to be considered _beta_. + +## How to try the module from distribution install + + +``` +./filebeat setup --modules=okta -e --dashboards +``` + +Enable the Okta module + +``` +./filebeat modules enable okta +``` + +Start Filebeat + +``` +./filebeat -e +``` diff --git a/filebeat/module/okta/_meta/config.yml b/filebeat/module/okta/_meta/config.yml new file mode 100644 index 00000000000..31853e0130d --- /dev/null +++ b/filebeat/module/okta/_meta/config.yml @@ -0,0 +1,14 @@ +- module: okta + system: + enabled: true + # API key to access Okta + #var.api_key + + # URL of the Okta REST API + #var.url + + # Disable SSL verification + #var.ssl: |- + # { + # "verification_mode": "none" + # } diff --git a/filebeat/module/okta/_meta/docs.asciidoc b/filebeat/module/okta/_meta/docs.asciidoc new file mode 100644 index 00000000000..9c6b91d6646 --- /dev/null +++ b/filebeat/module/okta/_meta/docs.asciidoc @@ -0,0 +1,19 @@ +[role="xpack"] + +:modulename: okta +:has-dashboards: false + +== Okta module + +beta[] + +This is a filebeat module for retrieving system logs from Okta (www.okta.com) via API. + +:has-dashboards!: + +This module comes with a sample dashboard. For example: + +[role="screenshot"] +image::./images/filebeat-okta-dashboard.png[] + +:modulename!: diff --git a/filebeat/module/okta/_meta/fields.yml b/filebeat/module/okta/_meta/fields.yml new file mode 100644 index 00000000000..51d1fd723e4 --- /dev/null +++ b/filebeat/module/okta/_meta/fields.yml @@ -0,0 +1,11 @@ +- key: okta + title: Okta + description: > + Module for handling system logs from Okta. + fields: + - name: okta + type: group + default_field: false + description: > + Fields from Okta. + fields: diff --git a/filebeat/module/okta/_meta/images/filebeat-okta-dashboard.png b/filebeat/module/okta/_meta/images/filebeat-okta-dashboard.png new file mode 100644 index 0000000000000000000000000000000000000000..6a28b4363b05bbde414362c7a5b35f6ef932b7fe GIT binary patch literal 443571 zcmZ^K1z21?*6<)jibHXCDDLi1tT;uAI}{ik28ZJAZpGax?zFf|aVzdN*kC{JyZe3n z?QZ{>Cr{2z&N)eLlAB`*Q&yBlc}wsX005xK%1EjL0I;thbTR_mYc_v*vgl2YK+)ebQI_SV$J#gQcWb9uzVo#}Jom19x4#W7{**r;H! z3ExLBG~=jC)>Q15g?^2q;QsN|R)ujvFIGxY4;P7hwjD{Z_tbN*!)+~-WAEj3<=$eq zYwzVOjnwbMZsIEaUlWHc4smAx1_y{^I=$j!I7!)5y|oc=8)?-u9^?Dh`x~Zqf%rm2eRED3+qCKgs>&! z(wJLJ5brWaR;s>W(mvU-sbRD6Wjeo!sWOus^cOGXji}#vc_ez#sjD|N;bUYid`p!( zwGcWNv@()OSY@bk*f7Y3bNS&>T8j)RiqNErlgvHRJ+s^X=SqbYhDjz3vN^-=?K+cz zR2GzQe3PLSOQ|YOS%7sUU;IUT-6(I6Ubh9q?>!`AtbSf4JQ3T-!ZfzcEn%p)ZIU>Z zB{?i_FGwc{E3`Zt!7NAEb=Xc$Z)$VHzdQ9G?L}y9u@#1eFM%Grzd7Xa26gey8^pN`_29juUUl zZ7&8`)Y`c+#9$1dp!0XBL40orfBe2w_dDIewppi{d4*xcLJ&h~faAgy z#NtIKj5_giZzE+xbBp2p;T+}e>Q3hl_y~9w@c%GLyMQT(Xd_NRp2ZrYEJ;UsOg@Xn zjDCvlfk+xENfBTv>r5GpnGlNqBk0H658EI7#z?gR3lcM$0=h(0RPL=27$nQcF9&unLG3tz^@r^mO%7poRvDp~nYe=b~= z8T??VBCD08u^eCioTD{ITS2B!wv2Br7T*q+#pZW|9NIyx3 z`AqOR;rs9JyVjq+WKAC$Z{Xn|b5lmtCOZU94c)Q#7(!b^`}US0e#ZhT-j!4qpA?VH zGykfZ>CAtU3Ms`ZNGPq>FIL&BW!9hn;MRI7xO&ox>uhjfb?AQJa2oM7#<&)>A_^Py~wi;0`G%%8%~$Nk7e6Os0l z(IVRd74L{JgkU7nji8ATEln%^M;aqfDTlj_9GeS|0>`T5(ieV1b5rg)n>g*LMHnY) zCpRbmd-E&qs~DVQ97G%jCIY5xoi93dOjk_SjHKFA6<(E&6=fAb9jwaLN{-4V?e!Wl zTU{Gi?j-JcTNNEmo!k@d<>;`$FcK^&ta6&Q@A*r$$Ct-nj$2RgZ!m5~P6$s7l-M&8 z1+AV68fDjsb&2YTTm=N3XYG-lbWazK?|u#ShaIUOI4`H|5*@eCwhY~mnJy1K4lUEJ zJLR^0bkRPTKD->88~gP8^U>0o`EK&>#<`QKwj$5OhcCDCB(P|{F@+?wLc*S{9=jeS z7mqU|;|w#_UGrD;$!d3Mu1W_N+!wo`Gw|u95v1Vm@pxv(`gr7`^3waz;&9+4 z&fKg9wMPFz;7!hJKk) zQ)ytR7m*o$5|)cGzk|mtc=%u3`*iYjC9bFJW@)6~ z2(AivOL%m3Ybw)#sFBe%5Y|lt&5sA~Qt{JTc+|3!Vn3xQj4KWaGf$(Ng^y2gWeWHL zLl!i2sZNJ4Mi&z~$PiPG<0z)Jr;BtID)?Gy>f@itj>fNs%10kKS$x)}?hmh|uBw@8 zv}?YI8Ti;gvmjj{wIJ!>;VLo9(pkHW;tYdUqtR5jw zPGR=#qA-$j$`vybGnzmn7nyxm`c5|dv)5r0#^pW;Hy@Bh*T5ld`AgxRLdA?=M?Wt4sdirrX8%2$W)5a9YxOV3=lc|t0 zLX&c`@NtoGdF9jVhpFMG%}6Vg0Rt?y+xsVmqsBu!z3)%TJB-r>qMqbz377 zy*Xzm$cu~0W-6Z=BbpiP=Id84+LnDBUJ5;8PP5~M)^EaZTu&m_+&Y&kTRpm-pTBci zMpYEObdSRDpu&;ZlzlH>)gCBe;DZe@4bdl34#nfq0-Vx{2G9Yd)t&r1rMpVrW?HbMde2qD*E%CXobR^BSp@%R?K;V)ie- zO0)^;>^5&7$o&n{CN8rcawn)NYR+{x{$gwgMcL6@ur>4ip|8vR_s-St z9h#|}-8#5-^>zjw94Cs>7P@;KZ5(H=t6Qs{J|aiY8Sw6C z!6Z0>6oT)4DsGyO!=4k$)+>C=j~q|<=ZF`)Ppn2~LWEYbQ@Z4RUzT+4B5x`xCQ7Oy zEi+dMPd!gO`lFz!2h~T%{ZCV*hrTx6w%3q_93NkOLK&icZ%TJc-!@3rcw5IAZI>N! zB!Sl@`9t62z;7k~oEvY~mz5jpP5Jf7_UeM_o%M zqQXY(kC#tF-{IcFzwF@Py$f09c$ICF&9r3A6%+vPUtt8m8z@Ww%qs--`UgM}0N(r! z0|0VRg#QbxLec#b2O0nfvHDw3e#HiSeocS2WNK$@#tgEx|BDYm5XAoq+L}2Vk%4S&fKL1%A&S2-_+R0_idiVg z{zh@O7NXEnP$rYGb2KC4V&-IKr4W8gMn)#+Xll-{D*54`ZjutFze0+Q?tn4i8>`bp1Oiu1VXCn|3(24RNO#X+Dq?wb6qm{k0l^u}mFTO^` zb}r6B6cm3o^uND<^wZhO{9i2ro&Gtj*8#HpRl~x@%*yg7GBc3X|A*|antzb}J+6N= zC-@gLekDgMv)2y))h%H*!M_{$x3YhA?;rT8W=?iCE`Ona0$Mo>v;ULiKZ^ek)n9G% ze{wQ&l(4h4eQiqkU-K%+@?VwzNvLcEGPBW=w0fm<`m2i^eC*u+B>T^*Kay(yiuRW%0yL;noE_u;GpE_Um)Ri7oD;+YPCgSNTlne0*7w&|+T z_;-l>QxO1S045c(7)YcWbf)JP<9T7>;%qUmehWqhV1A zKYl9(0&n4;!VZZ-W`gfe*jikur@L@t_G?`{FX$Ei`@Q(fzk#a#zTz4^X~B;+7=gOI zkd2nHn8=s&6Y0KI^#>Fg5hEWPPelAFqOvNt0Ko8(mV=G;gY1zb-9rdz@pil*_iRhP zc7lSFuVJ7U5&gzhZQO(`+%GOc8Q;|<(NFkk9~F#40NWBUTO}}&czQ|fC;q40kn(KB z&uY3j$stv7Q*8OmC}c}ii?-7|ODkrR-4P-%>Ij^r1G6TH_>n5%a;~JVF#A1mY;y8Z z-AoYbrhAj5ARY~o*bK#tu?Ti%=stACZ#CipaVwG(lr5}nN45J4Oa8w4P8S3L`%}7q z7;(fKf0afB>BVRTC6kOr%BcDd!HAO`Lsl8-7!ssKt9r}(OS8oE^xj=CZ^q18F#oas z;POqrGr4QZf?9n3Dl<}-K#W#FF3uh5^nm%)f<0!`J&k3grjJqP%p$-{=&?5TVuF)x zO~R2qmiz@FU;{}2P|!!EmC$}^FaTE=!_FGSTsx9iEo2$#r`$104gFBI1n$?AK8d zMST1NmG%Tve6+M`3}kP=>Mmcu;spF1m!4+$5SU%)@D-C75!q7uQs)sSp3BrW%fJD4 zPgnBmo12S;E4(t(;qmdtxs1lqQDiwW(?DzHQ;$S4&4Tr{HT}cm zt;=_A4g4G*l>OK)SM+l62hZ1G3A3@Xyl}cDGOUb`tT`{H%k5!O-}N);B5>K82N2|n z7gC}~T+gEkD{@(UIhdl&&Zitu#M=l7dE!Jc)Pj13Kp;^dYaM|TFDI6$$ZldWb)9ul z&$TtB^IZfMXEbEw;3IoXZjeab+= zBo!*DupA+ezEX8ZV-|_eoeIArn2w8^OU+Xno|w-ul4S9**@%>cWLNmH=y5{=?JB4W zrPN{fD>o>~wEYPN#{ALHW5a)4*~COG^<|-U3%uU>MC@_DGtc{yBY38Ay2rK!3zz|n zrF0+6Goz~jw5kP6_?d=^*+TJMKVAP)eheH8Wjo~*Yz+k%EG61df#o0Nr z@eGtT{_EG&!3V9g zT_6r~MbY%Ms(yn|H#lXim)kj9h#C?XLJ2Swm$;@o>v>s@=GhOr=>yk}Qahj6N$<-~ zJfajDe5Y!^MC!Sd9d(Zwp}7d8S+Fk}zL#`cA5T8)lXO9moI^t2vqNkNZ$#C^Dq|(s zn<)R5!L2W^sVgk0^my|oeM~=Y)pKnV8zf@eekyl(dRmx2prop8#Wt295HeC+nnDci z#4rq^Zp(B%U6QV}C075eDmic9Nqq#$_GtF*YyH#^I&eE(E`a=PUf-KNX85D7ZJ2 z{U}XFex>a58f46sYqG;F_NxGh*4CPGxK~{x9Jsv>6G(Y@*gN0-aZR0}r`mk$-4Cw( z8nlc}bZXEad=I%kqNAnFC|k%L9T~|NZ&W#2U<35&-Lb)2Mp*2Gq9kUd$ot;o`icuI z^u&(GEjaC}TU# z$g>FZe95dF72#Kh?AY(nbtZDDpNGh3RuY16dLbCYG1$k$_fAn$`sL))T?f1S+ld#{S2En`_+1~qz{97vwgXD)xc$|OlSkhBkjSDA%glk13j+w{faGY z`wDa4$9y+@O8kDoZ8>@K4F3K|q(D~WQG`8;1rEY32l7h*9ArjGM7|3$2Q&Kv1AtIU zYHq?SB$Soy`z(c3bY>C)t+76^*mDsyv99F%C~c5yk?roE?SA9l8Rs~vQ1AUfh-?B? zsZ|@f=3yOk0q1>jm6I36qieSj0RKL1Kv`b{csP>Gl-v0%yd|jBtDkRO)fvy+lqUp&G}Xw@WQfxLLdo@i><#FSRk=ff|>1x5ta}=ekVhi#Io}{LcHVPp57y7k4Ry z7O*!zi9{T}t}Xidefcsz*=SqsIlSy0{??r&P10H;pwI z*)d7`ebUkO7>682*JCy-6Z9 zkGHW>#Ifw~LdyQZ)=MCA; zbgPSXyp>SdpfIXB6?fE%3gHQr&=6F5<(>xLcQn z#$iuLjjzoc&}Ea7lkL}VZMfE&Vo5>84V^|CwvO{&oOe-Gd_-LKPuKI)2G4U%AY^)V zJw3A}vaW+hG(71ynFKPL`tE#Bm-A?8)&YE5D=?Yv%H2*uSew7lR!mU`N-8UPR8V*> zHNup<54+L_0fWn1qIwB`kP~oWppDBn1bG&cL#Nk#H@?;K++O`QS97Yb^{pB6*bSSQ zGkHKgD9YfTwm5rf;FCsmS+M05Wz~>-#-X+PVQA#_yxjF1&aC5v|1^WvDg7#7E3EUn zBr;D7<@?%H<$GR5ln5pW;pI-k#Yv$q>#ae@VtOF?Nhnc>kT%|S5sWKi5-trf3XJz# zt4i@vJ1A-zY;Lc(LFEK42yx39Fytsvub>4plchHSYV=Dbnq*gMn^Dk{eGkFfU#!o* zE%U6tIuO1bWsH7#$_qj&DK3uDOjdG&?G`MfW8wPE%I|=uZ)JrzH^(#WA0WNJt1qgl z+ZY{vF?@Y9@8;mn^y$-hK7p`}5ok~e>HQwTs@6RV3j-GhG(0M?QMDpBlf@Pu9Mg2S zayJq3W;-_2!wpKB&%?4sN#xG-^t1vVg2vgVRu8ZJBnj$V+jFb+y*Zy@FE4sF8jJ@| zb>`W+Z>;cBsZtF_XJX&wZCW2Sx<>q%ch07A!e}J&Qn!l@hbY4HXVe*Kap&%6;`WX$ zH=X^%@~Uq~yhL54rD4JsVGnmJf%S<$H*e~ZkPfKM6tu@%YcFFQD)idYJv==W_MheS zbEQAGgV?G!NDGRyeUg(IwM`?vR%{MRhZ;8Pu8H{ALM|8iE`C)B_1{(h4n>m0ARB!X zjn+A1IhOv3(`}r{wX9(hZVeg=zI!~&F0B$Zl`xN{tPE$eZb#l~r;N{e2RlVNXwZ=8 zkEa6Sz{J9=&AidW&9YsW1e#!Tn(ffFjRkiq-O0;UfUl8`by!$u z@Y7zSZLZE5G?^V9`f4iW9U);xX#kol+9eJ+I$CjUdR0QtD_RF_*(MZ0tGAKhSg8p} zIgv$h>*p*y%CNtF*UPh?<9jKzB(zzqb94O7MVoJS#KvNQ^#vit*J&pzaX7e@Z9F#! ztHIDv$XjB!;Q=|C!hV0efIk?n^lmK0l9{kSe^ekkt+vOK(e3!bVk;*mD&Nr+o#+y6 zs^@xs>b(yN84-#jpm)-K5^qM!Jx5XeE(mWswr|Z@68?uA&_`D*aDtMY0ANRPE{AYr zAEM)YjjH0K2se{I;I%!dvXv;hAQZoGR>-5Dk+E)#tajjb6x+JtSBd&6Ws7hvBi4A> z-C}s7NdgV=>-W*K%o)A*LPtK_6?i9BC$Ve`Vx;f>L7Ue_MhJc47`5v{vZwR$0h%x1 zBwvI@!L%JjW!cqvZ{>gVQClG+WftkTIMwqUo9hR@>#QNdHRS3&4ZCaM9@YZqZo}bE$HBxp>n%Isrw)m zZ>rw_bo3LeussRO5_x>$J_n;i#U22@m0NdWYYMYyi0c%CAUCmD^*j0M^Kj-(7(GZF zyQ5VKw}7-j{21kj_Q^@$h##|yl?1cwb|5@oJg%OlWz5eIZYmuEE!47mR}AgG64F1s zruGqpZcwm0<^+@| zGoK0XwK-T#5LBd}*w z2K@&s)~gn?K_S|`94_1ibH%rburCLVig_Rkq7I2v>)#8c7ht%**m~0)MWu%Ao#5o~ zmbdjp;?c%EpAk&XABa=UZ0jnVq<`M(E-5_ANndXkIG-gUW0}{jmlMu>qP8>1U{&VX zO%gCTUU)pp!>O)2b>>}P5}UHKK( zsO7?=2a?K}#|s=NM}fpn?lLbw>OT?mOopriQ>JW=Tt;M8PvtG+Jr5EtmKzTI{MuigqLW%n2DDC<}OeZoX313 zp1{8(nbT%7FNNBmRcD!CdgMGKi3|SmJ0NnE*$b$>DG_aYwYcT{IZJ7?*2;BpmDy$6 z^>X^`r^(1j=C=VR7Oz*!51&Tc>!v!@1taPmx{_3n?Mi5aPKcauS48Eh7Cj_G6tIZD z=AR?zfeM9Zyxt2I>>~;)^t;Jv|s-^YhcttlTYlhgJwQ zxn~L+-HO+%IUV7Yt)^7=ZN_wJXb41HwD?dkwsdFLF?fA}pVlxrZF-0C%dIPBEF`%tSCXc- zBymkvbe>Z|yW>(C`>IV>AX{$I;ohV1Rj;sL9bnMZai{HSul0<%YPMWVgFNtdQ>uR1 zB*~Vq&E{&^xw=jvAhQj4booAq`aLIDFx=J<75rQpXb8&9YMrqt(IzFA?6qHCI(7Eb#(@9>*>*nn<6-dE>#;b z1VB^oFURg{cX?zuY@YUw77_jT25@Aomc9i4Kw z5!=d48S-(m@D-am`hNTC_3Yz%$469wS~BMKaJ4gDxA^Oxk-5<#k^>i?ORHIEVClJ{ zDtv94>}XiFbzO|mvtJ$Q9x%11SiHV@P6Zk)tv;4SWR6+SbPS72L~sAv1iCfTTp{Y+sko&C4V+3qlDN00 zfldB2*IFlysBMf}_9I9!tIVw(OQP}xdXThmgWY%XwA;3NK<`uT2Fft~Vw_UXYpfW9 zZED;O*XTyAyG3W6kVGk*mic<~A=Tjp>mm7_AP= z^SXQ>%D2<>CpTI>)-$U+TJ5n{a=k1bfzth0)p{W6+i8F9+~rnDk);#%!}vgh!$FgS z^s+IaG+#0>SN^Ywu~n5m{Rz(xI^m9slExw#q~vR7eSGRsA;2fzYHGb8JQcSCMU09$ zdkhVb!aJkYj|p(Y5vJ<4c7VUqJb}Jv_-CN)%M%cwB4`$v1yh4)gP))d3Gs^F8EljF z;Fqbf{p&nyMn}kOdbwx$v7ui4KPRmH1tq|QV5q`f;O7w)pqNdXf~skCN9R- z+2Di6A)jSBBR`w}?J}*3hWXMPfQh58oXVg59`F3M5H=LN6f=~(-o_7LUgRyaUmgkv zK2c(l(OYRWW3gx#(*M~D6yDty0yxvMkKdj-;FqJ>RyCXvse5C@Kb)xf-zNNjIGUL8 zpgWO@7F8qn0gHrjKbYZ{9mt%CO3=M~a|<{0-VgI`j&y5Lm2HYUiwKWjV6C8`y4$nz zzFhHyum<;XZU@SZzPXAw-5tVyNSDd@lQc^QeMSmf7UKAC(lK*^jtPWb#8SSS<5+5E5r2 zp$GYT5NSRr-&G5-cm9}~Kry3A{P8QLi7Bh0P`=kRB@sDB)&~k*p6{>^P*fcj~GfVRpE1BpRryd|mov~80ot(Fgj7USjETGDUlr5ClNdJlqRSikhZ z_qj(_>a?>=?PZunes0J|-Xi`0Y!7VdT@YDbkuN6nu)NMQ9v+b^Y>kF0V;tdnGCbYz zuO%hIw;;-N@B=P^i1ul-$)kJ>j~@a|8jkEa3hS^o>I%(frv#AEps{z&Qu%ll;}PW) z71>?(2Xy^~`pNnQ`+p~il9;7Y(k_?yvRc;Ye6I;*znhB$8JJ1vboEpgT8C<=j}xG1D4D|h9X zbLsKW%7jYf+MJ220qxuqPZ|X+6T6teGqM($lEmcr@QTo689YKv%VEC1&H$x^wesF67p4jeo09P25Lrx2zlVJH8LM+ z9Et=|0Q;F;03QMe1FmN(rso=yUMX}CL`IHLR&XK}y6@Na`DEe;eXPDP6dek0z-I&k zf&Qc^E5oi8BYX@8pl_|8-Oe=H3efRU2gR$YS(Y@#yl2>(8BSurM0Mjyt-a8WO%mS; zN>kTPm$3K@IXExnUTQWHelkCDD0@FrgvkAiV*x>WU5ngz%Mh!>y&`M)Er;dI&egs< z_YVR1ubcurQDt)V2O&CN_A^L7f2bz?Vjj{<*U{J&ChUG?>|x`HQdnc;Ra2Dkiz!n< z#OE2dGBv?O<4UCG#GX}#x9h><_eoGk`)B>(t;gTQBUY(V=UXUG;NecVLsF8$7@)4q z#93MX=`%pDDK8M(AH&1mg3^0yoVww*^7Aiw@a~jG>q}!HO~G0vsUiX|J!=u#Y%OeuY^bX;#85hFp{KRRB)~oU5(w6U0 zsKorn6fl_KuzoJX!EEBUZX{NPO-hYwBGu2u_2il3n`f-)aUXHs=Vxc68C#C*?PM@P zD_`y1RvJO2~5iFAJ-WiRPR@ZxC3 zsrlb0*Tz$jXd(>2=;|*QOm3lkin7s^4FLf`o_~*+MAvn4#{Otp{X1m1D6DSuE$^C5 zWEigQ@}r!cqzfIE3~4j>gNClE5Y#zmd%Txe?KcC%kIH_1FA_ros9y=^6K8yF1mvTL z1Ns+$+scnm#mj>e?OJ2~;T~pU{7HMoGf5F|`Pj)q-Yz(>#^l3Qeg14Jz6-CthhWEn zw}}VB+fI%VYkix;QxnrfPPBIdb8Gimk;}%g>6{y84=yg8{{h3uWb(g^_k3{C+~A@NM>46hkJwy0`h*$@ob6jLgw^A1dCp0LFllBg$huE0Q-FH0aJf$z~@m>_}v)_ck}${M1BU( zC?!$q%Qm44XBTh8Zi?yEd#|@iwYq#E^<54PW0F|9^<`hDy=5B`j-0~lEVH$>m5MM? z{gntv^WBfh&R;$6Sy^#%o}llK)X{)uTRlFeJ%j*6eT*D~ba@}t7=xc7xHspW5au=L znyS{=@GB0w43uNO6(zXahhG=2WgBdtK5e^KJ@+Yw^kk1QoXiz!gO7DwX8W(&Z(F~} z?ex8s*IGArMHTGcqc+Uwb1C0DfBRIz7s%ROel5R?t*k8uXDc!*Cq*Py0|NT*X~XSEb#-M?PuJ7D zq;d^qF(04TjUs0#hlT<_8uqM>AIEz8u94Hhv7@4Q%h^YE*H1V(a5KCTx}*=04ATE< zc7tD&{fgQURhJLtWuul+2|F2c1yjIWzV$8t1!M>9r?~gSyWOAcGpXXE(hdUPoGi>A zMHt#vp&~!O$pL^ez`0xNJNkM~gCVa7s zNU0gnckZ*~Dt-!qr6>}Lw8rZm&-R)Mf#4Bto|;~TT}1j&Af{){*|fdLcox8#;Hx09 zekC_Ms(%QRkr`rJC^U#m(5PPd1@B|=tXQp*kG6@v%i{tcA_?(li>bui2Q2k@G)HpJ zntc~p+YHrrQvUx)F(IPruz=tg>@RpB4+~I}zt+T3^cu4@E7VGo&;TpG8)U1`J4i94dwj2(juuo?;BcPwWsPA;Oigrb zXj}9F{wI>h-UwY#FGMV`CdB z56j(6Wg>zUGn-y>kP711#3`jDY7C4Em8T$TkO=wU&?u!k>Jb=EDG{|TYlQtne!rJ! z?TlS07kd$U*W?)4okUGvvyIK04Exg()GHI+Noq$rip2(5?;!kUGAtMr`q?fu2jLwO zHWSm=z-apyLlhTNOLIVO%OHTN38W%fcRd&z`S#h~fYQP-IhKjcj1J|Rw)KQ&hG;sf zt{^rvfF+dCbXy2CWn;iIn|~h2ULZ>xV!1h<8sy%~OGti1Ioni%)THIi@xcoHL%G2W zDnD)@qYXO837wXpV+ZX}AZVL^aDkjTyqEI;*_I-NJ-)4aa-sL>>p+oqt8yTScd=Fc z2WyOU2114dyKm}zIZ=E}yiqz+1ase(D}88{V{Y(pp+&hIFKyWsNz4jO?|W^jbR z{f%|@3LHz&9-fhu0+7CiTsxAhyR;&FAGtQy&tEHfN1gmpYeL=DFw!~DsnPy9o=Pw= z1ABm#B(8A~AkJyZE?hj7mVj?kLWm!|$pI~B>%+yx|4ukj;pbcm`SQmVW=3&Wb$;hu zF~vI@;)GpTC>3-}Og)tb!E?1BE*5@RL{MXYP+Y#QugX?*1J~2F(u07D%$`ve)aD z>(pidHuH6Bhv4{FWt1^{>9-6n@!he)QRNDJ{~>HavGt2cDWpO6l$wDvEo3%sAimyx zJPFO4%>DYT;Ri{G=U-OH?c(9Bi+q$Jp-vEcbl`3Ape(bl+FZ}xF2-W%l8tZ%PquK= zsJdg=J~SF;O~Xhq9wfAwR-f=k@t39t*#brgRm@ySL)(=kL?%!g-0I%3ug@7LK^Xs_ z?^-f-x7dE+9L{*D<<-c%d7CGjk;1Igq=$pglHSnbv?&!$b(>F!yXn+yJb`vn3t9zB zIwLAoc$GOwFk@tEL2O&+?@Xr1Xz^OzS6mJ#afnY|ZHa4H%j~X;V?3YqOsV0!5>0j* z70+cbKNg&hOXXx_%d9d*@JBik#UBIZC3DV2aS%-g>JNDd@vN+bO&&ITyiA=FHHj$U z4cZ&vxQ(_XmnJ2FF^1#%hJ9K@4kkI)K!>i_p z;K+u2FJV;*$nT493h|M+*IG^yb2R*tIVpmm-%(P|3oYku*Kb#MrTB1G$8gI}PX~50 zN`X4GofG!VsR6r%t0pScXMucy-O0!oFn5uENvb5g>GmyRk*rJ zQSFZU?8Iit{Z1GC#e7()+^&9CO%aE=T*7M(nmFacmZd)`|q=Z)YMnK=?(zhPzz0P-^5@K2IG&{c$Nr|#vVJu z7`Fed5OlPVbta&y#n@jUXnkB`qWa^@Zi0oCk2}8$;g-ldzOCOepMnk!o?YFi+P5cY zbN0oBdwr4WEvBCPyupWS{623UzYKib?Qcc}REsI5z_9{OgXAWoM6fD?*!f%SSM^G) zO7#CtX7GyYfO#okgRUXLLneUnPR z;bqJ0?u5C1XT;0Fo7WR&W(+L|lgZo+(|xcD?PE-lJCsUPKUeS{BC)PI!XQjJN6G%u z8@!UINH3__ayh9DRZ+6Ivowdk+FE3hZaSr5TgBF+n|2J^K-}-kg8MU70qY70{M#xY zy2K@bwEJ~ddCNtMk9342Ugrg-ZSAkR7W}K?uADC!U;l;lcOU}X0AKGtizFu6>BmMk z-O!5?#eW~CJd*$9Rv8=ScHG=kBwy5k(Zo=Og(IP@&>Y6A*cw8!FaAbuo z&S?tXeJZT3NFEDn<$?8ZTc3CS?CVr=v%5R+TUxCEO({pj!eQN_?%3YdN$jJ|z1#UB zNux_NPD#08HfPm05>s)QD_Oz>WF=HA_Pc5n+q?06|AcMDvHN!f&Z9=FV~j8Z675v% zz@WV`C^B3fA9NEGI3AcA0rx_c%-~^^)P;Mw{fWiCpV>*1J@6b;w#?y9788=XX8*1} zGpoR!dqo7j7c4J2&-S2FLlv6&E%-k3JVu15ohQLmgpx2|!3BXFlCXWfQM%w5{-uzyn!Zrm$29#n@XRcV&aZxh&jBKl zS-ay<{K_-3Tqqq4=CW+WLdy!&_XiEF9^9XjchlWGOazA>+4|wJhoOnGH62R61w#4{ ziM^hlo?dlBGcDx-CsyzVK8Y-{S7L2wu!S)%a(4(1CHMwKSy7Su2>;vZDf6yuZhXA) z3@W}`uaj^;wZ{}~{OmdyIrJe`+zRA$omoBs-7-| zc4ByepDWwucJ$)y?-&{lmhb5Tf?6TsW$No{uOjUj*ION4O z60)cwT6%1_-55->%OI2cHrdK}PgIRCN4Xn(xM&4N%hCB@0D63P?Z(khZPj1Pnk75_ zesrSX>M|uow*IP~o`HjDHwNtytNB~VgfpALdt&}ou}|3doOpQoTaOaA)63Vp;=kc~ zqyp>7f?l=v|mOIy2T5 z)@8)>4_3nt)eMJs|UYF*Df{xk`D zJB4ceA~1XA#i|+~-gY=N|76Qt;O=&!&qTR|gPK(#G5_2S8-OrT_Zl3#B4`(Y3n!fI z1|Jgq5#Iw2KI9|mhWE`P?x<58W3murApx9_^N17^*L=d~@o?g{4?dXr01uX?K+3fE z0)~=)1M%O261;p|ou9XeY+734|0^)MNbvYJqXik67b$UXCbUnBGs^(>?$_2)vgGRP zy}?`D=qZ8YcF1NzNJ-WAnCu0OzFYdP`>$=VXg1}Yx!+nkwE(WPl1OBmo`8U<3B{&? zbzTX*3c?RQ7F|wu4Y$ZsyYq_p%P6h4EiMdKmi(ct3_yKuDV=@+Vj(im`3LFW?CI1CEHRk}%DO z8PN0k%MWo#gtc6We-@NxHC_J8ZSY%2o4~FL+8K+?CNt$auLa|UFuqdcx;VE%ZdaL5$F@6!6fq?@2g!3f|=SQjI#O|O9+XD`g?3SN=yCKX%bJEh* zZLhY|fVT@rZ_!lSN#VfrYg1C#JB7Pw!M?cCFqxIMhJ1NaNVqk7bty|r0(4wlNoD1` zGtV&6bSx|>;ct;j8at;}WFpEK5JhA{qBB`}&JL4Ce%}z9K;-`Yo=!6?h9A_-^ht4! zh*Mza{Z!KSZH%g>uix`==XcI`c!g&oKCzeXJ0ek0v1!z_hqD7{C6gQ$t~7*mTMfp* zY;A-9|Df+vVTgGAL$B7H?+rHk!b}+kmaPKa5nrOR0-Ohuk~ZDE2M7jW3Ae|^wb@-< zTxNb%vdo|h0D!FrALNxwyPo^ zX?5WC8D6gsQW)LoFB;6t=O0rATs$u-j96YV&>oNxj=LFX^l-1hjxmkraVU5vj=LJM z5%!FEy{xqxWw%U_EO>l{JW)D-%gq6Hd65WR^RsL>qD}?}1tktW8n_?6(`(C{T?l`j z_>8lWsH0tiPN-+$JlnC}-}GHbVdAMj*GJZJ*&ydTJK))Ien?7j#(uE%+k?Y0uP^%q zdBvblA}N}C4~rOvzbzLQH}@Ql`4(kgo-&FLIQ}1BUl|rxkgnNCkl+y9J!s?Z?gR)L zGT3h;Ii zJLdQFB#Dxj&mv-U@kSKWE&?5yJWu{?Z(z-*Fpne^!+w(2)1v)}1^?&6@iSc+h`m-5 zV_YO?h1B(wA9J8;?FwzbyXDI4JTs4iP24K16jJAUw zT+s3*R{R%O=G+FFg=^$}7&tQ(GAEp>mpHuH^jcTQ zvM$FHx4egS@!aDU$dW;P5L5WX%e9e!9*98VtXe*15r9`~|dpX;vtdg8XdU^@K(B2SmvlKwVFt-o4_g)lwb>%F8Z zq;pBD>p2D55p?EMnN5o1sR%OaLRX=NT?7B_f024(4bwfg1hyV`hqROsP-X^F@jBz3T{*~3 z_af}(EpO;104Dn+yX84<$kFcWje{wVK+ z4Zo0_!N1Ph9GAU;w8i*$g@&43C6Q%L4*~n-FarY{xMkk+nq6jlu9=eCv9LL-X4;Et z2!JNoe1h|`dIqyJ$)%qTG589 zziyq&Z@EAo5dgw!N|9LPP3cGW1zKszEaRq|I%npvGQ8fT{J=`{Qmks*b_(GLAZ2f? zoBF#eJM!zj8iO5lPm#hOR`R_!b6^oPy^F8i7K*#crK=sO z*NZ6Pz8I)|)aXX^pGf-+FFzsRxw!XEUf97Ke(8Z;mVlh9!?ihf{THUUp64quV%*@ z-*dgYdxr8H^Q$!_9v?WKFVBgcLe~{LW`0dfO8AB#=;7kzJiVJ#UIa_z*(-*mZ`@Ip z?Q6Z_+7?nbY6R6$RTXXBdW)6k@mNFoMSoQzx^*+?xY+*9)BPbvQr_sdrC_rC&!LM7 za$gTfG@3t4LDz@p0v@=8f6og<*$KbLBd8=c){(Pi;dX`1^yl1^{tY`w@nZPiCBYxQ zLfFq+;%@C{F3HA?WfxQRsVK7pY8jbrTH6`2v)UK#V$3glP}U8_3;zCkb9ktP3Fv>; zniJZ=3svW2)Apfm{ssOB%z)jg)qk*q29ROD9n_%zr=0Y;9B^~ z#ou;q4H9)OSqMUqtc0faD=)c!qUz2?4i&cqZG^eK!^W0jmMX`&$I}8h5ZY$q@6k`g z@a_JHv~8*tvjs!8Awe!)mvdI+;68$(sObD@(<3u|{pi0~Bm37VS0zP_jDH4r4qIZn4c%vt%(c z)b=5wbod}gU12&dnCGy=yDF5{)wre>DAeJ421mS-B;2T{%6aKDrQ6kciQ0lN~2v&PS?YhFIPx=xSnq>ZjQ^a)+}MxoU3&)$OK$w-OuMO$H;5Hmqk79PS_)Zb94WT zA*LZ`^>=Q6EDWJ7-gbbPE7LW8V74C7obC$&gx`S5zON(p3msa0B7!T}WgB=Ki$#ZA|F_3WC<3*t zksu$AgsL3R@bR!Tm1Kp!K+U~VNO?l2o0N!zI)9V}x*=)S1|ot_QVT@>0j+zUE8MQ~ z#NpTPpn^ni?{)O2Lr%4CKcceKR57QfZP+Jp1ui=R6t8Ry`vV^n?Th||cj6>+UWoH{%h7PawxB6lEsfnjwa(!)1YQBuI2t|)KOUA@> zGO>s7Mv_?Da?hXjOBH5_7s8$upekgt-w|n=;!T;mgG$2c1~ygB@E{EPd>B>$z{f_w zgbfTsGN#z?Ct38gv-8itLg| z(fo7~Zp(hukJJGR!10sgVnaQ37ReX(jc^Yq6m*v&Cy$KD8X5zH!)MBuz2pHe4Eol& zP`JndYxvu4MyV;}js1QjXIjJm%(WzuK>i#Vnz#go1i)GoaKPk!dUka^=b>zqPL}?dnXhDLSfLwbT#K;<_fc`#R$4ERJ!gh4tTA0K96-S#EhjCf711 zCN0@XvJ ze4L%>kw|lDQ_)o^2pNZC<8;5TF?>YsdIUws z-`{_;5shnnZQ^)fgG7Xj7Mi;9anO~`#|EvF|F_kOCx)`1+PXAV_cZ>4CAe^8I{!Y|8wK{V1+Q$wma>0aWR!1gC4W;K1f{u$}a8YtJYPycV;~b*rMS^e;z70;Uw*yE`d-g`}Y1 zsO66KznuhA&9&aXYi2~q`0pFNexBqb4yMe!XIx7LdgpMf%CTdxkCcK8tBm2nj`@(ju2(TNSB;JMm9)M%p`NG9Z**I*13(Do%D+eW?(?Hg3%6JRMDmA8y3366Kw{k%y$M6= zk^mqP*&jyWBgH~JqXf>X3-LA=U1gMQ{TD^sxgzuj&*qWnn%;X&9Zmp>M8SlY=kRpZ zb|T{L`RSS%{*fd|o+%m3b%PE26W^bZX95KuLxXvw2Uo+@8Ob6-uX6%K0Emt?HNaWB z(vD(5Kf(dNF>&(wq}7;5c=}R}0VadhHWT(O1~+kph^Hc3u8)NKH=sU{=d^OpsoF$F z4rtp_lFeIB+lLKs-z)VX+cj)EwY`G)!JU0O?N~Y0$=y4^A#lxwAzRvN#Y(iMfC7B-~?)1A43i=cG|$`p&SX&n&fqO zC1X!KP6%%!8tlX69%Q&8Ov^uzCqi{PAOPBJA4GyX9PI-&2$xQX!)#IDv25*X9>2wD zzoA{rGzpzS3-uVl!%mZ? zRWAk|oC3$HA`YwTE-^CLnfiuwvihtcWoCDA{+N5w+TXgQ^%+g`IR%%`S!ZaVuZx6j zroeI-zH)W%?8h-SHsn=?5LfHG6YDzSTPHu`DH*wy66@z{iQ)$O;)hi3`%o_U@WNsN zvZ?)|fF8i4EW~-o{)4l?txq@3`-HX6>Eo#9UOB*fj29~H<4IKZ5R(~%AB?DO}1WYp&CNdZf_?z|9!Ic;cv;GM35!z0EQP1%=?#So-E z+bXG@d5{@Fwk4bzOWS^3aN_zLz45)XBA_IeOD6z01fkF8$>+8$Z?H|AIr?Evci&6d zKd{hyCXay+ejXsovK9UPX`gfI80#{(Pi;ul5#1h3oX{uoZNYx&UsFe1Nm0GqZ+`Ku zv+=doD7Zm#xIGA~6|)}CjPyKKxhJPECMZKQszP79rqZSyeBo#s=3*1{Pujm6l@+t5 zZ96yS1!oN}qqt_pa?8yS4O74Z!oA}}5^t2ellDX6ib|TB1BZr(<#3{1(a=L7H`cm< zEYAD;THtRPf|4BsYW5ZGs=EJNQ{Q7iJTG2(lKS@lT2m!1KxQWh=b%d^=yPC97~s30 zwOH%-VI2CdhSns8)_D)$9Wh*e*N7e;-0L~MRynZs&-!zJXsGu_ndQ0`Vfmu6|1|;A zR9v2V38GVe!~}f|00#{jpzcGj*AVY~x+Y5eHnEBZ3z$eJ!$p2OAiiLYq*CjS0Ti0W zYv0JJVhaqW5ce>_lGs{%uUHbEvFuFPlu^74#DHA4FQwARPd%6ZAzqK7+@5VLpJ((q ztXfubzLp~7RxYdNDxbV+2(MG5ZhTJkCIvbqIs-EOA+*y}Potp*Y@{LYSk3}l?TjF|WcCtRYR(A`QUSv=@9IJbh z+-mm23!V)h<&wpTu3^>gH|OK{w?Jf~Nd~LzJ{dAnkty)421Yk7> zp}WpSpoc1Tk>O;Psyz1EKQ0FSO8>bwTy!w(a6)1C?4pg=W;V4qG>PrVi(nV?9;$5_ z^Y_&!@FnZ_ocRsz?Ry4;X%aa<7#I@1!-BQ*;fY~nOCz?D(q${^d!F8F9L^p7Aya}) z3fc6235Eb&c0>1S7>X@_&01&X1;#o1IPqJp>h#~`U&BC!oyO8{ahe3=;n5D;9|YAq zjPNn*<$s0s^|aZE?s$D^9|M83TO!wAn;$2s&8DpyQ|Eu<41NpnrRjg@y#I6#6{wrO zgp(okslS<84&0o*FS$M<;rRB!d%UR*J+5!Gfnay=4%$eh%>FOk)>!FZFVCYkzJiTK zcK!%GRgP|Ix8*RSX-K-Y>!9g9K62U0Y2`PMAp(@?brmVbOLK>GuEz&eA6LRc_22S{ zl8Z~?lyzk_Bsb37z%kiqaGXEGSsLc!X%~GiApjihtb6DO-pVC=df7iKN>8`+wlRhA zK(;j@O*=Hgt8i3&)yz{&(j>4*-gvvj%cNkT*l*i|D#cOsSQ4t`h z)|y70$oBw>EuTLdMnC|%amqV39V$o7Gg=MA6yo_`@UHCN(X>zmH)t5UC~{=2VucA1 zt~Ru5>}tIFG7fs_`4Y)07=4hL&BxvQ3Dn(bUr}y6Rxwlt6=wzF?7|cVbD)eVDw%m0 z&c}+v2Z^H8$Gd|$($o)PWn1U@cjo9=ti3ioD(&o|RFD6wetXFzM|F3M6oD9@q@pF6 zvuS@BTUOR(YhBGdc?>`4!oJot=J8qrRS)TUc}$W3rJ2xEX9{#2#7VFqJ;w*EFv315 z_=dp02|Ou30Ucg&BLz* z(<@RJRkEf)VL4)T9wX&Y0*`ms;|(O_oA z(zi(FQ#m-8XE{VCocEVR435G$v-wH2U#EC%w_gMzE>kfJ;xl572%0t;7BZ}hZbL2$ zYvLflFJF1-nRJR7KlaQyBAL~(ajL5!dz`9b(2=5SN=!aXzp>qF6r4*W< zv?*Z3F}kLk_!toY$~}M7sb_2CN>ii%x)X;JS6pHk-9Y%Okhd~f(M_|&vZ^N=Jj53T zDSMv7H%AMq8b~(CE_#S9`9S+Re3Ag73xPpB6r}q=~Vx#mv`F)?B5p|HY z|B9P&wLa`|{FRe8BGi8RYlfolz@S_Kn?MeG;Cc=h*icqJ#Td-dZAu{2PoLR?!wY|b zZ4u7G@t?+ikN%Ibr=NG}kNbq$U=bD{W*d!Nv&J6oEF$x$O)EeMFxg6rGoI>G1H#Sw zx2PipHsGKuWRag&=r&h_CWsS~?>kRSlcgv-~$xoPezwnT>4p4%E}|O?F&yDhmsF(tTq`rAC0`Zvo+7B z-(xcGgHP5^13@gG?H}H=eFC(&hBk8Me|@F)*ApLTIa+=?-0$EO{?KceR4>~QKqlL$ zk29%a7h(j9eN*x12$6!bzv(Oq5@<1zM&pIkGFv}n#6u3B(orAHD{nnEk0wOT>Tn9F zeIgE3>Ln1QHe=*(ow{gkl<6nDNw3Jj7L`B>oKTQ?( z-OQqt=l)J-Tk0`I^?U-;K3%QS$rlTD-^XB$4i^nCP5{Tov)BBx;U9sU4AAqHUkg8o z--BJ3)J5U0Wr&5#Z{zL`Zj3&*{q{ZQ>FoMZ-~Ocs{h#^i3+((91?WU`|8q9JG5Z=v zAktCui-RF6PV!Y$_%H3Kfg!IDe@|Zg=<}%^3?Tg3a{J34fHCrx!-=D40P7|c{@w@g zN#bSe^$By|IGGj7otxnOw6^W$F|D+uz#+O3tL~ezImf9fwUBuiYP~bcbdYhMV{zg1 z2?y6)Xb&7=V-Kn%B}o}^Ff@#7lwjhmKH#mGd_^|RxR5NWcnDzbJ&#T{Ftlh8Y?{!=BWD+ zU0+4i*4e4zswVEDi=6dPpYS?2W9XhkVBVb?+6b!Mdc8P9av`Vk!ae{xy<6Okn?raO z+AICk80d2uJdVtg8{z1)(j23GLU~WU|K~x@c>fyJC$4^UH4H2lr83!_}q#dkX$JH?Pwpr1O&tK;K@Y z>;Cfa1*%8b-A#|Y;5qhd#Icp7tzIoCVDEbH<>w3a=OBlzcX|wV{ih8S2U`+eNLwNR z)}5UKK;%U@DZtiikr9x3ttGU-AuI;vyWSs+x&?v|!}~|e&P>&GLhyaSkxGct(NFQ; z1#*0h&9<7Hi2)X%u(D71n2B~?MZU{ol{uDIO*y zVhZTw2+Cjxs-G!hrNbFE1oiubtBv$E%}+A|GXrG~4^IpbDNbO8qw zYlls;yT7o!X8dI!G@1DQPgL~(yjxo(GN#=hfRRwn<(6Ad{k2A79_ftNkERfgAz9Hv z*_N!c3H+Il43ICtKsi+QFWt=loRrfNBn?miEP?lkOX&xxo;T*FV4q*Pu)5ZWPLT7y z|JJ|tk3+EO3+ja<0B1TgX}=Zr>5$Inq3Gt-=SlMF`Blt0uApUzff7rA>zW4wcla5Yg!H6u}>}pZolG559H)FlyueY$SbpN0Cl#lu+ z62LV40-DfcPCID+@pXHH=IOb$T{eL-Fg__mMz6KjcW!LFC7-I;U-jSb|1S`0mx5h~ zo&X5S1xhA1g6xe09Ao2r$&x+}NbgFLHTvTJ7-z`{fXs37N?w1!PRJz(oD@bEFhVkI zAcdT|CSOfU=bfP95Y{##3zcr8+TQ$;$O&_H(K#3}Hu@UI_~8W)U<6H3y~^k;6&=mX zW*t;HeIA{&ND_}q3QvP+)}Wbl{qPnC5&grZ%8pgU-W}D#fKkf7_Hf!>pm%_VYmUA8 zUk>6oz3p;)w-=1Mz`!VSdzW|N#7x}nOBnN=Cb55 zn=TiXi2X5FD7%>1Iw7WDKcOU%I*3DRdMvV<0b1IgJh^Og%CT;29X{iBz1^NWobz+$ zbiTalweYWSJ#}8+h)CEv^bP;8e6Kt@KBKxd5*)-@fyuE@R7wWhItYc|cVcvBBDWJWIyy*1Ctw zr8-OKF|a7geEiO7J%sPm77Ay~ZkIw9^eyU9)0>!XF~X4)4j3(>8BZz?R{Ykf2iPr1 zb7D&;0wBlUyby07p>x^>s$x>zVvAUC9VvDy@BLP_xiS`aN&hg$?x(DL4TlVwqyt}2 zD}9|tOM%UxIFVCKLW2g6k!LJ|pgk~kRUo4#iIG$O!+!oGd@Xb4*8B)sva(z`JrH$t zt#^wMHWI5G=$qcQ7F|t@voCu)5m@DGU`!jAkD^Y31MZyKiNFjNa>w_cQ&xJnnOV1W z8%A}7?InupJft^h*2aGAOB&gK6yHPp*qc8?tFCTNLvJ|61z1?Xm8b-HGhbRu5B%hF zMAH75q4+NJMHk%>Kh?O?=@BhUQAsn#$%Et61ySkeB z%8mjs^~nhk-s8F_$mdJ~Z~^zXQw>TI88ldXk^7s1^+2<5#1Bb=nhc#l z*M!NK`DXGgUbGSj?Jq4&VQ7DY9uXzkK*jY$C@NUy|BO1V2mYig&6gMwP5%_zF0Pk< z7XFC{2iL`j2&WOF*x(pl;728^_v`n6zhSq?Q5#HCtin&#h`Et{cWmrJfvK)^h`VTO z=Ykvp1|o0NT*RAjzTtJ>4G%7upefVxq(V80VvI0nT-)v`nGf|^bRa2XivJE&o zK0b^I=KP2cMQyt}D*djaBHGs0b|d(!L;DT->0)g#q#vN|aqq`XHv({CvDQ>x5FJe)rr_Tt?R*?@LS%5A$iebN zGT3a8fXzEsC?N?RNkF#fok%B>_wB5e<8%c6AyZ{pRtdMLF=%UjY3T#l`bcfm5|Lcc z_kO9SK9uJ;k(HG-*SGZz4Gle@pPHealvjL%4s zP}gz7OsH*#C31}xcngV|uAkQyb-Hz8n-CPbMMAncVI80Jy7!9LFRs+71&8k+7G>oG zdtWoHek38{=RGf3R2F=X{N@X_@nii7_Gnw`Q@F=^yVuQzXh%+)$NC<3!Q_XONJ-b5 zv8{dE>2Gl{6U=*QWt)U%N{Z#kd4W!=iwc#EgRdx5a>v~g$J68Zdq#gtyvaCYE?os^ zMT|0?$1M~F7B)g9FD;McBOeleXmBiNKhqVPJ3qoXGmi6EFGWs&m>2SVEJ=CTE z?F~49g&Y`aV@Bm60svPO%>14*?ipIqai+x)8|;>_Vx#twmYQn5JGARKJj#iihi3{y z|G|DX!a3rSd*2?ZI^OHJOhM?*o*y3J z9sS~HxK}1W9vdAkn2JS@6q915yP`aC6fzQyR^P5x)lVl!h#t@24JJp^&B5qb#My4E ztc*%z&=E~<5uQR$t|Fz+Eb9a*p7npux$vRg{U_LRk(7Ozucy;I3?0C^B zoW}|Tj&osG=>R0&Habaozv31D62?sUf~|tUD}u$KE#9fy80(-&=<_3Mgm=K(Hi3Vo*KL%hN#J5(bY_gg2h-!YH zveZ75+I8?P>rY< z#qm`bRfm5_y)Ini{SYR^>*Ko(`nm#_#6#&W=jK z8HHQ?kcZUX`+&J9$Lw%u|1U)IziZEbl>4A#xIbP3Ob49Hlhcm`0u(l|0Q?CI%NIq* zhRKIP^7!~v6T}C2UHGi}pA3}7`#eeziT*-7RfGVIQ{vxHBtQ(E6y%sd87dGV^;OTL zFDHyE6;sb9YGO@uz!>+9ZSmYGkV`|uq@C3uUh$mCjciv{XjX2veHp}!;_rk zKC@i?TogaTrSZgxe{B_wVlB-pOAfE`(MnM}$^K(ec0OZ6JU5cXXtvDnp9C`0PV~u) zOz%2kQct-d5*6va8H8PjV~esG)bQJQjKR|-|DGJ#)akVh-2@ela?Ifj1a>}q%1wBU z8m-_|PMb*h2(-AbAEKUo(1uz2a*s4H*;Mr$=wA0Gsb6*E^Zbx=?@VN#4srV-P#d)Q z*>Q5Odv=^eQ?O+A<`1N0w&r*HBn*MC zKJoGNWGd@K8mq*gBUNOttC+#N;85+)Ie!>u3J@7x_{k3IqzPHN>A07^NuXy;nM@l_ zT5{)6+-&v%Pp7DycFx*`uJI}vERwp2>EN?=svm@0{=s;}hD#3xnR&qpN;QO6$)Q%b zRQmjuVWl?HCAB%lA;%*$9VLB`N1@kRPU@Y+m7W;~^^Nd$08AxO>yfFH^aG9`%UCJM zmw-V8lN5#^oliCmQnIq};(yYEW0N0CTv+6}|;qD(Ke+eIb+T=3b zW&V;qPSRlqRTNJ}Im+VI&H2?u8?oAfOw>n3@JuI{O%ELjnyQ#0?0owKVfowkL4Hd zaFt&2`jfB_)7h>J9pLhue9;Mei;3a5p&XnfWv6yAYchrL$B5re%MPp!0Vju7!h%ot z*K0P>a^=9l2))KIyNIiE9V0f~Yr7lwarGr8$au;@jZc1Ak1!~!>1>q24_u!ha-is=w^DbtTQKs(PDe=NKI@PHXjztqI1s}BTns& z1lJ~<9c=`2|ha*Pr+4v=6IrR~MX#inz-2yD6)UA>#0^Jmj{obin7?WQ}ZtGcK< zIUx_#(95dTSQ_I0h_nZ=rW^aFP@bH1k`i|_LItNlJt zU9t~H!-0>JQQKu#D`(|Bx;tsok0*tPdebaRSdzJi&O$mQh5!wai2J>sxtE46|Rqw4jwEpDQ%nZdtdzHYl^3 zZwFlQPiFiQC3^|0RVnkZ9D54tOaJxfPh-NA-muNghgDdPI%9{c){1o#bqT@~!Lapr z&{Gg(&rYm9Em0(Rl;>F%lWRKeCw6c2;LNLxE6b_rC@w)(Etm{#8P}woth3L-IXBH_ zYoGpezO?J^dXjtA10$bXJeHg2F{UT7lNy4A0!Pgr#d{%c%mXf*M)}9 zUmO5}g=I17EtDGR`bFlk@_DyM#ibPqBk7yY4b@X?CP=DU%lpzT`1yfNHUaycv6qs; zDe@ibDy$>ud=u}TVWskhp;sCd#HKB(ffPh4|A#oUhaIGM%+9RiimZMW(xGS39&*VM zE9sf~F`FQD4`lP6gojP%E!Z8 zK}M>W#vBn8eHg%mu*0Gc?8{+DC*{twodCgm?SbN5rk+!~T z?ZSfc7Vm4PXqRPNXb~bO^+~dF7uZMZOH(FdbRR{j}Im=Lw$>7f7y$OB+?hiHcHQi7!Ih2?Tihaq`D+gQF~2vI+9kh zSvIjxNO9u(HjV|2m=*8r8!dduX81BX)pRs1O%*bnz*5%M4F#t8<{vc`N2VtHgMhsM0Is!b+u8KU=Wbf z-*(SHD+o1CqbVE$RX{8*wZL*lxsdIF0=^Eb{mR;^3tI#;^gDwnl=mske4-D_oD&R$ zlWochf4E%1!r&V>-8foIrG<1PmXnny2}o)v`r=-C2u?VOly-CXOiC+}!5mMD51kDs z%>ZP%7b~jU^LM?DR=Lc*oSKPxk1b3iKvO^Zn~lVurJ{}@AJ%2}0;jw-;oo*vM-s;> z`S3A0cG17ce||wanipU*ebkH{K=8AVh^4dA&~^v!bc)sCChZPc{$VsGu&|sM?XER@ za>5YO_gpDaP;b>b9wp`yz97G}MuQM6;%=xF8K52MU`kQZ zPiYS()UdL!Sn0dU6@?Qv@an$vJa2{pHR~1dk55i&z(M76cI~qgPA88C2gQ*hHnqHG zO`~{t_$MQWtUQS?#jiWO>(;@#?u!bUJXVz+t5$bIbiq#Fp9mEebh+FVUUf|rz0YZe zr(?G7+bL%kE_Opk`XsG$dacugJoB8|b*CTsZUqsp z4K+W5xkG-`KfK&1O44O;0nIyZT@sa5@#}2}Ycu^4US4^9{Ul)EY#ZRHDN43kV|S#< z<~bXxHkpwZ*p36sqC%TQM5s^gOQutI4?h1~WyO=e(t;)b{ZoZHeh433$=67s@%S_1 zqo&5p=auQi(a-SL_O&%_xtZdPH=;+p*mkSJ(_@h znH_LspeJppH^h2tw9zsM=yQZ8!$9K0nmX&~hmyH3yi*2h6edazhv}ybS@rm|rsW#r zO!zuXRU*1{2^j6>8m_)E+_~%l4b>sPFZPX#M{2m2b#S}3(&s9L%Po41btq7?+?mdV zOr)@{6m;XNq$2%}JrJwLoFYdwb>7NOF=}HTkMV={xYVDbCYbpwVCnWOeG>A^rkaf3 zWNi&H;JTq;Hxb!UP_9Y0~U4bGLr3{q=fV(PDi1itr{BrgI zY`C~g!+AVU?xkZqUVFKxYqJ~Yl~~NOf;acK%ccU);+4~l9k2Psif>y8z{UCYy8y4p zVZAsB$rvxS_2Gj0%hry2>PU6({Z_@r%9o=oO+}Ze`PVSLmzFdM(Cev9Jy7tj2?-@? zp?3UD2r*{*?&VsrZf~z}z>x%z2Wa)`ipaOTwdnAZ9Pj#2x?w{x@_IRN+g_ZKz>#uXG9`+E_OnRzAz4hLOU?+J-)0yr$J*m@W& z9ISL{JIU?laSQqPJUpP*#XLkYomp{Gu7V#o8++KRHifV`hDxz|hkV@5-^lpBCVJH0 z4Mmn}+ag0A?h>I9FrAoZrRspd-MHU3+BT%AePq_`m6Jh=(r{k}(#c;lC4WfYu=;=m|b zV^E{Zgcqp}LpPmh7>sg~9pF zv$ej?k;?!<)K_SAl5u2g%${p9vlNX9qO-80rKP)8QU$6|$Xqjo|E24G@%S7xn%cnW zt|$09<8XJ;b6$g%!mrz8JNb4H}pfxeqqXd|x4i%(|f^J3kq+Yt+og z+=SkbduyDo*dJhjY~jShfhy!&^A$SVn&E4WJ6{6|kr6XqPcQ8F$ zKLzX{rK&HKY zM6s#fIj_~09e$<&R}%qjc#b&MlDix66sSK3>!h$=@hZUmAI4f1V=}xDRH6f>{I>as zU?>Y^{}H9scup(w2?4eYeX6dJ?9}B?up%uRwk^QfF=_nI{eDhY4mI_zW6L@@cAR8E z-O`WnBvHp!AUCL3pIB5Wkxo*;=WyrkPbmeb(=ATl@FbF>tM95JH%}at3EBu#*STVx zPV?D2Bim3~&%dAas1D>?wtETAc-SI)L)Ssn)YMoe&D1;!kVyba-tr4UpqRqkFDWd`iFUo-S>X8Io8C)<|wNRDY- z-|+yqy91Gv;O1qGUqN*wjDI?9EX!2+$26?16ThE$Sc#-U%-a7+W@JSAyD1r&8G|7# zU1w1cn&Yb?&;i~!L`i#r%@J2nh$Q59pL%llIGt6GTC{3h{k5vIde=P8Ps`wIqorDq zeu{~$^*X0T-Js|8sM;s^VXUE4eiY1ovaYsHK@5+KY~H@TZ+j+Pu5f<87W4vxDKFQW z^9HTa{5vy^%G^$<~qn)%b4N<0F@u z%xh;j+sea{wfCd=eDa9tU4pY0^kU_Sc&5VUn@AwQH3FAOUDRtZcoS0V8I;4-#IABw zwnD&-H?cK6$4eD#BLWj>7x?>YEXQg2SoPM5l-1xd9!p3Ecs7}>7?yal1d_gHQd_rO z!A?4^u@Vg$G=2;F^OsiZPR4DF41vF&O}GHp(ZUH)A~{FqH02n6d%THT39GY58=N)i z3}}6%Q{(53kTyN$L&Hsx6oa`2hpv=ibwp_Twv{D;GRmKKX1j`OAQUrZpjh=^j%?=bmwE6gj+s*!6kAU%kyEpi)j5Y`Z}-A60Ev88 zO<>_fuaLHpy5sz8*@v_gSD|LW_3c{(hwex@nKLLjkd3acLH8qv)|(ZkFagCSf-%{X z8TPLmm%_zvQEn0qTiwxqcGOwopILxYt_RbpldPFr%1%@0UjW)!ccV-4=9ReTWbexMUiaR9vMmOtm~76{<(qh7I-YOY(rbQww_^ z_#DRJdWXF8K~6gA@%HPmq( zq}l4ewdc&nA6{NiwG{T{TD8hoecTf@Ar|=2+Xh{0<7^SB`SFwbL$pyi3UHefiwz^mK%@=Aq4O_ z_ilRvmon)OE_{;ab*Be?P zw4Yq?YnS-{BClB6tbI+?Z5=Lb`9Ys&88%vIqNO=kMu>_*3>h65{yiKYj5%%re<`&j zBOQH|n~M|^`byqk zfAjVw9$=oj!iaT;vdDk9K|1w2fW6ba@?Iq=;YYXk3=k^2_VP~cJL7J@Tp=m8pW)1* zuh@aF9*c5(pz3-FW>IRL-*@^nwEt%S{jwWOG1%cG8*m^^ylyE`ja#s=1|^13v&xu~e*$-X`tsSA*f z`r5fA+RU|9R4{V?!mlYTgqfwGHFtGo>#n`!quDoaQ;x`*g#4q@hQ8<^idtEq5aJ}~ z3F9LqgQ5Vy00dhub7Kni;;lnQLR=11dq2<#p`%1XIsE46`64AfOO+N&1(pmuQa^#_ zv*UuabM%xsl-OM-QJlK^X=726j)IJcEW4FOZvGySr1CAg()mtSHd`#f=|i`$_!BZ( zPfsr^eJ|l@P(;x4FxdizZ7@lMi*d{@wHIvF%_W@ct7<_6m> z4t1EbO_MDQCY*a3`dw?M|s^$8Y;{nc+>izTOA=X+73fY>UYiiy}}(o2pl<7C|YbMOLu|U zI+Ab-A;bLaGp3&k3Y_gh19;OWmWoaRVv_!D`~{Vy6|{e3I%GHMomjmYN$u4JP;b$| zsy`LDdf>x<_u3qLMJ}MJyBOplp1|~jsmg^oREO*7s?XAtILAff@a2Q~tkz_^BAh-$ z9&Kbo%Fd$!8B}mv;0QdTa$sKwc|CFK720FOL}t9g`Vpp zm5vcFUM1;9%4L$l>_d(=B_Nu{>GOXHA1aO31oU%~@;hTXiwF1`XM`r*FskmEfDG3* zP&R)bjoZ2KhE0)0;2105bCBx?Bd?_V*dQ$Zv_Y~mz8&OPT0r`P(k?jz&6D{t$BIc4 z?qO$RV1bOe^>RlKc~h}19#uoM3YdFkc)Lo*N(PC3Cr&8i=#^X1-TH#zh9te3X@BdZ zz2k!&*ie;u<1Q3H-WFAl+n#JU^XR zYjaC4C)RtG&3{>LBOB_O_qr|Uy(I9^6}*wh;l&!uPT?`NS|ZK*h%`p1(f*0@7Yq5($``dmj+qy`boRCu%ivX`gPt-)V#n6G#dY zyy$GZ8(|$^9)ItTS`zeps{P&LajKH_{IMR0k7Y|n$I~qb84!(}LP?53058C?j zak3%&%kFYm z%;z^J&iT}QTSHyv(7vhGC(H@3*YmjYfK-Vwvn_#nH5RpQKH~Xsc*OU%v$L%-1H2M5-}8oj4eluk|l&{gMdK9G!?zEBjK)-)JCT4ReRtMcJnJh?wmgo3lH&3b7R|#DI>* zaY6w!VNlvT*t;SLS64a=LbL$S#HNPl<0AgC!AGqhc%sVBk(}k6lPzf)aOXYD4Txm` zPFhbNGNG{8J;*xDg8(N!#RspC{)F!vQTrz?u<8+WvQBU>5;F(})DfLjk)NiM25Kc0 zRC`t$3osuDKHs?NN8M>BW6$TB-o=kiJtjjE0!av5MF=ntH3jF1euPVf+9U7>lPetM zgnV}}N12~U`dLVz-_pbZI3*!QjRbUIPG3e>Qm0c@!fCtNEE^?(^kCD~uWTL>IEhXw$6_vTdA zv-L8#gDBg(e}|nse%79P`jFjv%U+lCQ=g+pFW5Gz=vT{zd|dTF8=y_c@FCTuo~7d= zYIU3)&Xu>+R@>Zjvu^JXj_~A@&)LU5_NVspp_i4<328cPvnRg!9XZ0Qa;-!p>4O7< z(uy0F1HBge>Q}xgb^3pi3jLRD*RE!zIc`7u(YMNp;7Kt*Dx3j=8A4!OM6KBP-#}-O z1Mm(sOvn)piSR9YM<){!t^g`7IBw+6;l1+aITkN^8@|OQyh^uIGP}SFKjTNr3cg1r zRQalu3Pp;`(MwnGqqbUOp{?4@s;`(5^x=P?tl^J&YO7JVo<_%`F;xSE0~r zoF(&w%`d*K*Rl$c9pJRePmQU;EvyZT>k(~uxl(oCy{pNk7ad&}9H}Uj=EB(6logLm z+liiOdo{g4$VH{yAPtf1bQaENEs4*MQeZAsYy2?&Q&aDB002M$NklzK&@4mJAn$I5rQWnmPr- zpEZKtNXKREZ}xKZjBSLBjOSNoorh&qf57{y|A)XI6^cKM*t@NB2crc?fukB*I6S5Pneurszn_sX8Ill4Lg1=Ffb}L#M1Q%MnH5?`igcA# zpELYex7quTYps*5tTo3G`zgA|R0)kV)}ZySD@!$KS_IZx-ux!3sI0NBjy9M4zvJz1 z69FHo^@EGpoc!SkS3yX&qq*50`PVNCtg)$sZ~~#I$o8*rXUsN3<>)1X#YR{ z$3OWIgRQOYVgi)AsoR;;r{zTNsF(v=#QbQ|@pN@|(ZdO;h=4;tCYWl<((BS)hA263pgV9VhE9H zKjsaa$6yF~zgAbq3PfZ}OPAoc!!T=DtB{E63XmYpyG{yy7x314ixC*$x{^EwF8+d0BL%YZ2WK9 z5-~9#pm`4*<6%j8i$W|8V}ttf!@L8NjnF@f;%~x(j|WwXv3jOoZBv;rlW3PSbyP;E zGgs<#S-lhLp(wuFV%h=o2`1&RD1tsu z>nn4bwT0!Mxy|}kCB|Q!j`zfO5vD)Itbh8Ut;9T5v`q=v{pZSi{M@vTJr)8e%Iux3tzDKc=`D@`H%syz zUk3L26Jki5l9RZGh8hv#mC{;3TQ6JnFO}WD%nk(1P&X%R^o%e7oIf)&%U+TCf0u0c z-|>#OhyhUG$K7GqfB*e&w6A>i-~9Nz`|rEkVY6@ljqd%vSEd0UeE8jV`)xP5{eMH_ zHhc4%?~^}*<1Sp_1b{j@$$S6%-z^^k`SP)lE#^eIm?x8t69if!v}HY4_tm6c$E;#p z=9HX1aG|Bs9TU=SRMmksWw4$v^vZfldF|u+7!s2PKUbYyecqq+U+BxLSwrR&V+3Ip z#}96)DUaZJH4D9ldHdK-2yctVV} zTp#D8Ck}IKR3<3t!n1)R`^ z(bd0lEjrSgDgEmND6HJyP?Z z$;fp_DcN%quF6(Yx6SLs(OCtO?!K=6>Qs?QgAV}g;>BCiPh&}%2L;)ZRJ((g&D!Fx zPW{Q%Yp6d<4EsfedRwK2Ur>;98Ii$^VTMACF|RJ4L5s3l_XG0}^8@ODIzL4DQi0d8 zHOoIo@kA79onWrRz=+loEtql;*xue{uN-f)YEk4{s!RPCppY*<2Qt-%Y}%v)K1f7Z zcaYqi>`%7~qmn|*Ub3m-ew&ixll zP85sKMl+#CYdM7R(ydNRefcwR;b^3Moyb6WAgCJ+BxMVL*lg92R-tYX?S9U^u9)jA z(?vdZr~~=XM%v0fY5T-f7!-WiW020HO6wmSQ&GmC1wF30mRWu{e=+b zTd0TkpYi}vhtYryJz51z!GAuJE4ZOe)PZ_;j?CHZIR4V{e@On~=SYaxqq@M{*j5}d zHbT9Zssd?(1d+UO28eHjWJp3F34v<^0ginwl^>bC(t2X;V@@W{Kwq2m0S2W9BE;^O zTeo5{*L-15#2H+W+ED<+F-~#ao4pWv_D`I|MNZ>5F(*?fwlo5y4X|9mLEr9O4Ka1B#ABtk%IqLt9G*(~ zA3&1=0R-{DBSIZ1kLo7&Y5aHM_xBIkDfu-hFDr8582qA4_dPuW)~#Q@@W{r7T4%se z7HP=)M={Ws;B3c^pR@h@wmbfHE!zRyIPMWs08Sua%+W_bsv(Re>K}j4a~O-@smvp> z$)w#X^-2Ze0*hy!c}@(mQo*8GCtHkofA9^a6T-?6k2RrFT15GBF6#3_{RsX%CKJ+d z3IO?~LyU*@EOCee=kRW+`_K>Z>ET?s^gphbu+&H17dauo11JIh4Q|BgS z16gd<x#L{x| zExWYR#{0T#LYgUgRkeN$i+kCnu-F0wB8WG42sY{`WdtWi7uKg}`JpZJOMM|~k`WO} zHX9A(kLeU$OdYOd*pZg1aI{{DRPYHr^8?2s|CQ}5IH6AAZ_ zr1LqNNZ9*N=)Au>>&z;}48eBaxzkD)wT&{PjgGuwnxLV^1DDiLYqUG4o_7gLyYcn!4FM`mEcD@(%}Duyk6lL zK$%wH8-a9*`G<0n*CYgz5ZF8j6lCcX5jlrVml*)gVdMRdgi^vhUNk3}yqg%<&mtRV zG9_~eFD;+!SOzG5uTHzI2KoV>mlYNLL!UFW7Yd6dol!=%$>2^$A?$<B22a*J%; zML)?0gNR{lyL;wrk1|9$?h;_i&~GyW^=9FY2>Hu%q~5@>Lv3l*Nf8_s*CgV)1g5{1 zj>HX=w)-Nfgej>~-PiNpJx$gvl`)8aR1k}``NCL2!vn3PX>mr69y_aZdULH)P6S6M z<%F_8oct|KlDJ5sqDp4w7uw`tpAB6+V_EsdmQ!9OKLFbJgn&4}RZmv3@;pojsDo_8 zV>axxigp0M5ZvkSLelVhLswuB-yf7kfxu!Tf%IO#SYonS3xjRB@;omA2c{T~7pd*h zK9h>Rm>`1f1C7zRLV6F9I2m*5F(rG^JTx1G41!Ee>HW~G`b*A1VFZdl7>x}P{sm&X zOlv<8ZsHE~xL%C_EU4#{R2=TA7h^-?kY^uvp-e?09)VZb5EEda@!sL2d#_`N=rIH% zU4?rZM;YP=fbq*5#so=A-+aEY=*deG0!avLA_Q2Y`lXFjA%-P>Oqjr~p%t62VV_-Y zt=q(^cvgw~TOwf}$_w$rHN20%@@;r{%!&$iQcbM@8UyxZca4N<6mCc{hW|Guq5RYE6W?@U8V`|4HSkLt4J73x7>WQJ^0p# z?2BLcjNNq8K{@gmw68w)h%%|S`|iCbs#2KM@p&jixFxBP3V@0Yktkmg1)#(L5JI_$ z-;&SQ1_B_&I4~QK{eQ=>Jb=p{7|z~8cgg-mLvuioRLzXm%pc?zHU7U+zvZ zxk_={ZC7Pf{gw-Cs1VwXazGXWa4p2sy*@nKCJDDpF79rKq}CzMW?WItqm0Cbh`ecA zY*}zS^Kvm_fGxyyAgGqF0}GzUi#BT1@i=ps4Ggcy*guw)N<%>724Zq@s?^&1houT7 zTX!J>3@216XE|Cl7P52-MW)VR9qZ|^!Sg39r>x4d3rn3*L|m;P^QTuFmS=k;zKop? zX{zkh2?6`6RhJmCNV_&`ye7hpG70e#`RL68EF-|i=1%w+clG+M@ErGP)!Wck`eJ$p z;yp48pabvQ9%)2iG63<x;n5Am45=8(t^LV5zhYFj=1```j314U{t9ouK7XTgqJ!q1SgAp zCotC-i{gDsg*Ea+0W)zz%&7emSapaIC+m`ANJ1b9fvX4s_Ioq{Fz15ty+zD(gbrvF z;SV5~YcW@uj*08!Rjk?-XU#t0l5JgKx`W?9C?ln3edUK{n|5Mfvw#J07WNlfyMQON z#<6aZCxP@xW-rReK!JSn@O>e~r;9#>ytxvh`lZclF#z0b(IRN@L422&abzJ*GH6nI8^M~@2_V1h(Ui->7}1|r0Bu`~}) z%0B`GTAA8}2}giId@VO}?~vtB)K%U;^aJ}Vnujq^uPJNbNWJLSbLZM@MCKEro-jq4 z8f%?dvZl;7F%oqEuJpmF&KB#EzXhIQ+R!JQa}R?c)O8b!-qfrX=GDsC&Oson|6F<> z>pC67>8FA`|AQA~-kPa7Jt3ylo<$k}jDvY|B0Zotnl=aX53K+OO%&4o zJ~n{D3K#!KRG#AlX{cLB>+$svDjFY`dkTa;pTB3diG`4+P!sF_{=~=Zzy3*`{ox<{ zu77>#Js+|^`h(wgXCCB%6N3;a8%+YFN>q>wfrh5a{%Exj0J>Vdm`0IHB=Mq)T3Y<1@j_Jx z&WO)a-H;^2*L#yHwI~~E2+@veb*mT;5Pa;#c%(ljDfI3V9iJl@VuOuZ@k$7bFAU0$ zjlx5$`M|kUL~*7H8j!6J(oTq(0B)aZ;USiEy%**%TzMApr6e3wrAiLbRIK+k1l8)q z|3WQTPa+Ki0ZIYn2ZFs_s^}bdha@>ec7h-+IGA*EBsGk5^PR7BLE4{RU1!r1<2KsW z8kq%D%C=A11GC!5-KT({gEKsqG{);CiNLpsQAPiRvE&umq(5Fyo95Gc3xWd^7(F5@U z`G{Z^ZFsZ?0-AS~8rx$^+oJa7$y0u#G(*N@x^hN708ns?Z~JC62lx?a2Uv&Jck4!x{j*i3c%{=2EYiP3QY(?ZKvKd<5+Q7(+OZJgFnb&g;|##!rsg zv_r)Iq&8{hFpM4M<7T%jYE|-Y5&}sG1PByl%alu+MIB-?Iw7oCm!r9i{}N0N3uDZH zIJ7k+y)Lip5$vrnS22MLcIdAjKj&)HsIO0F6xdu&iJabMSiKn5oIZlqRR#;50(%>~ z4Er?eH0v6BDTH{3h%g-eAvI?|rz{C(wN6Lz15rjk!7dq`BeJ_kywjv21v}w(Uu(Qm+*zgS+V{HB*NA{o=;W$UT=j;|~w4jyf zc*q(`2)G!|92qao+v}o!Qr`o2LcBA_HDtMIQNRzt!K-u>Ah6DpHb=KiIAFwV)e)1W zf<5qFZX9e{MK+jG7^fk5{Bty}G_d?XeUPn=5FXz+pcF{vDlemi~QNfWP08QTbZ%Rw$ zwr$&LfBjc~VZZfTzvc^1O?9;BL z0OAfca~x+~6e7HX%7(0Pv|&9V$cs0y{PV_U@IyL%Rs` zadbobNSmSj%G9ng?Jm!@0r%)!WNgK0D_-nr`;~-rAsJy>E|r%Ps-X-jse2w*Sz_j^ z6s;8zd?3m>%eh~~80oXrE{JzF4EgSfLR`kc00Ix_Q1q-2j#P13i*zLA#8AJDw4WCP zAm4H;YJ7o>7y(h$~tjOD11tMeBI84MK|00gSeyn$Ffqtgv?q{+b%d%^>K zjKDf_qCPwNiQLhy`h_};iBWUx_<5ZQC7)r6b3F#?xq683Y=^VvE=gcU zNxHo#X=o$y!u_HMdI;YbcbzhY-LbvFMult5%}q%Ir9|_)%QXc;ytF@1NX%rT&vXIj zMj{=9jshYEU}IPjp4@v0&!AYT&#gu;)?}?Fih4E zcSsA`S)Dh<`H*-U4e1#J@qn4XUtw^}$MKpZ|6EfDsJ~c;QM;2So^8=lJRr`zV=?1w zY{m?Bz}(kK17N`(d^2krE#{2b_`ukJ%LoTN5Y6%5Rkc-#?fCdta_?}`J_RAWt87*# z6JnmIx;Uf5R00ACVq`5?32jQW86qjm4Tun$78MZt%C}5}KYj(+Odz@zFG=ff5px++ z4;Hz=Sx(Hwo1s5UTZk(NK6ntEBi7~ z0b?y!;+Se3V!G zkIA$rch+vIPq%JKcwT<_go+kZLhCjRm@#>9hMP}Y!iKb3-DnSR0P#7gV+9!#Jg+4X zZBl@Oc#ryb^;G1I7u^xr=rbIcA5Qegu6$=5n9>@B9X}2=`OXg{Dqjm5M=etC0ofbZ zpfw~NW3*AI1Mi2#*xaUmVZ7vL&RK&TUcw+46(hmt^y<}2#z;aS34u+70P`9~CIWFZ z6OZ<2Zfbtw2ZU{edC9!j<+=#0pWrAE`!5|jZi6EBOC?#~y}Q9Bq!6k|OOd1^?ZtzA zLv4wrkM&r&9G8s99190|Fb(Rr*4wB4_8;ugN55hZKKOt=^2nE^W;`j?`3C#PfBvj( z-`;4CJo-h&?el&7D_{MFed3dUucP*I?8P6xVvm3Ao09CG5e{E!zy2G4Bpdh|Yiw$? z4?O$}Rw$MDy>eJKb7|7G6NaRIUsGM~xPAa6L^}Iv_(jjl6Fnha{1teB<6IQM175dH zcKI-!m)d98f8u}aW1(#FjQK!!1|K*Y)l2p%V7dsc?kO~ zCa8yG`Z+8!JC3SkoU%VvNpoe3_K<+Dtu#i%xWNPhJa?zYi_XB-xDGf_g!9FkdgYbh zU=F}D^a)qS1h@moU-nCr1m+9c83FDq6{GHrHR`pUzra2Ozt zLx3J*7(mG4k=`Z0dPx^Xh<4-|8{)rMgeZim=mt&l4Hvm=!q~7`^qsMhn=6jC)WsN+ ziGgZdg{mYLZ7iJg9BG{pBNh~CPBxQ_iM)y}R#?}hBLj!zAK;`j z1kyOdNttC!x&iTaSb`K+;oc0Og*vE~^c`a{zz^v%dqoJegRz2U&7O)m+a;|UkOKnq zi#qY0e%Q=Fehe!Z564CP>r_vZg{IwFr{kD3SkK4<^G!GIa@Ee0Qu_oU!dc^yqi1|G z2T@vUm0%K{)CmCC(1VDtHIP4T2L|g2q+>mzDDLBbHyUXTmzZ57iF(VH}Su!xL`NkdtqiaT*j`)M?AD-6fMlr2iUC}I{oa-TkKH=(u zB-NQQ&N#wUcO|@*`iC~N_rlm?{{@b`Cxm;RW3QqQ8~n>WOAO1sgI=XnPvYfYPQQk< zT*E#2d&=0m@V>CH(BAeF_t>#xC#BMl=aW*nCvfvbD>6q8% zEkwUB?5ecaTg7TUTze33gB{y)iO5dH%rh4@7v|&~ZO&_{H|8PdWkS~_qG`2_h;frH zwJ9XAuXLx`xTGOzGZU7Qo+0Udj-P*;DncEpy{`+Z37Y{76r`}I%jZgBJ1EJk!&u)J zg;<4g7MQ9$i^K%LIp9dgMH_BAFQBOcI*njbw(5;y_ODjoMR~9B0qH-;8*4Icph~f7 zEy^Jb3EEaC!m~jVW*9jzIcPJ#5NA=s4Lo?Wl^+a-<8su82EgF>tld$IN@$v-BNzOf zX8bPf-nmUaU8;1B?KV5GzuAv#>(eu?!NkxKsoA!hj^A~+fmMxO7aDigm3I3H`5sxi*UXkVB72LMa%lOYL# zBm`bt2(Z2}XXVO7nmc0TX)Sf>s^0T0U3*H7RNQm&^PRATxaB@aXK*`XQ;}G=iG#)} z0n^s(>}+4dQH#&iJ(6SYbMgy3E;hX65%O9N3hVJ7mO@te5M2Lg(Gs2BJ= zHq{VMJl}HjZY!&-vR7U?YA@?|;XrhjzCE{tT!)GgIcNVD#ke&0B+GNkzeu0XlhTcA%N`Z<2_tQ;4n zNvN|_KZmM^HshZMCI`ogGtPKVpEzEm`@kHy7VQPD)R}${_4IbBEilT4hK5x)zEa19 zYqCFc|c&Embd?;OP^|?wJl&59w^57LxW@I=e z$=SGE6{Cs}7PI)mFHe2>8<+S~d5Hhe%FCmz?@cTpX96fw02$RQ0#bZIp*_nLu-fwU2U&V~&is0r)n>Qm+CddUy z6Ox^^uETJ;_emQ7W&m?-LR#sb5*0?xo>T!RSaC6bmG<-fxbTfVC(kXxMCj?Sdoix=kX z&YI{H502v`eKI5=kc7bX0RgnTn7e3Pv0h*vHzDR7#D2fj?a!P!Cq#SH_Uzs5g!kFg zXI=8vyuHy)eg@=${^X&fcHqDs5&l_r^!RCaF4xf5Al2Lsm&!FXHcE2dZ7;p_oZIW} z*tx@wojB=Ic+6t=?cL$#Yw>Fodjcx%5J2pyFjkRvuVrr_?aepscCYU^3(S`7dq&oX zefv94*+)M79!ci&?O(s}xV`J0Z?(^S_6w@l5uMO=K=tjGTJd4owU>!V!PKBcYS@vZ zyDkykfBeV4skpD$*S_`*JALN7J@L)&$TZ+p``MrUkiGKqVG$b)vGlJ+Rpyc-92Et#BfFmzZQ6`xqyU-CKQhL_Qj75_f15t@81ckuqbKRM@mQ2{#C50QYicLR_9v zF0cJx;0N=iTD}4LF<+5(3Yr%2{T*ORZ98N#aZaXpXepxM31U_v&0@^&5RSljAJ;eh z`Jjo1d2N8-dRxofT0KN`t2!VmD3*jvbfl$@*i1Y>u=c?zVH=0uC<2a1M%1K^(Ve-zqE6wG)Ja| zher;S7uA!B16XVbE?l^vV?J7)W7pigUA8(^UV#v2QNraOlphTWKcc}0xRL<8!Y_1@ z=kImr4)lt^JuwyNkT8p)H_5-(2?XetaV(%6muQ7c9F+(5GH5&=6FY&60E9F5s1g7tD zflq91eIqmW!;VYxLn5CeNa&?9vNe0g+Qj9S0;6`aDNBK9zd;B_lce>i zUBgA+F2XV!$BL55B5A%TM^Ju*n+l1q0*rwvZ6Z_b##&=CimR-=u-N)!5>T`?#}3K- zpjfteY%F0sFIWHdya#q5e52BC!1>Ku?B1w1KeTBujeyC~Ju++W+O?jN7vjerj_&5;d&ilyJD;~lN<;CAI z{wN!ygtY;L2tpc%dpOh!<0U@LO81N#)bMju_l6>wnheMmU-_?IlcjT|e!xf7bNJ+D zDo-J^AQsd$1oG#(NQ_U$or-iu3jH%A1`YMvXdOZs$!ihZrK0_Ms0|+RyxlU$uuGdb6b0-C`h=+kgJ0-?3l( zg%3Fqu+)OU+Bq&p>VWK^Z#cNqkNMNedU>O@C{cIT+z{A zv!8s&+ay(uB-TIoKYc_d1$81GDy+A+&vxu+b{wdrq*(R(s5Lfi*ZJ(@_S?Vps}iD2 z+rtk(q|*Tkt*NO&Oov%#{%MDr&mQN3oMeEn0EA7I zGP{T;ROuD=HQJgk0tpkaT$zm_3}Zhbu&2;{?75W^j%j!}E{63)T(^4M@P|E`0D~O= zMm)k`KBH5S*nc?Ima?a13c?8K#!0QT)$kz@a2NJj;#`k`@jRlV9l4%5ebH{cWv^G$ z$GYwi3ej%NNW0W-@HQBE+LqN?opvQ{&%Q3SKZVNyVA`s@o^KOFzHZLy#2f&2%fWY} zFkzf}zXDj5xj;+sLgqZWOd&`3l+PA*_9dZ4R_@cIV&u&*AqOes1wemm(X=!MzZk7m4B99dNwp1A&1L*1h zVrByG1X#VKSpLozzeHK_uK-49d;I(4{ndv6U0#T@EU7(pO2w{5lWx(Xw$@JEXjRqs zfiPJvi=YVr@r?5_#!J2!0Y8diEvnW_wTo`RCLa~G3T;d-&0H$tD({$QXaRsArRyqC zt~q#A{fS?YY0nsTP0DD0xe%hcY|E20w>)oJ#J)BNClF_C7&Y_ETr16-ac}ZCltcm! zF^L^Ln`N^+v=i71woCf}33InL4v0bm3p3yP$NJ8MXgFvy4Ek34W)~dAjv$hkkjlbje z8|?PmZn4U$O2>`g_{KXO(LR0poHGR=^8fAYPuP=^e!~FR(cC10{{egKv9HOqd6l%E zO6;kpp3%`>ud|=~x&NSCMFb8ET8)mGL&9EBQSQjSywGTUh{^>Af!Mv!(k>}zsb$EE zXsW0f*08V+MhlrzhzP*TN<8yFQ}KD8)&_`%7W+wyP65~|6D_?wZ6)2ZVpT&t@B?X9VC`3STaJ zFCNmq&$;ch^7_9;(n}F#-F+^>rL1UEmmPa)WW&xn>RO)wc^!d0l6;$*bc8RPQNoIP zHE@0QHI5Xt2CirIoE_Hy-xG!y(wMAX9whLMg;0fzVm zaA6VR^d*Ek_!j#Wf{PuJ{BsZPqN3-6UU`=@G`WYNg4x-i7z#+f85;<{!F5Q+UOJ$4vJg+C>Nm|ZLaEGd=qPAq@M>`CRQc?nkn@})@;BI%QX-u0V=Ja|lazYrsN_gX@LE@PpiCu95SHLQ*ZQg*x*0>g%J zh{G3|ygAqL@^QIB2G`Li>b>4T3ShuS)T#{y!UYxb^>Rl&ALZq10IMAowfFkkYD9EY z*dVIo15JWsS|WrG19jhnP)zN|E-L%NA6d1NnP1wD@*OpRTa9)OyeL+GOhqd%kDNDz-M-o@$wp zs0OZf7Aj3SO6wJ){O~^E%6kVY2u#wI`jzAqi60F(``jnOP_LE^ zz!!J`Cp_4n?Zlh$9a{Bp3?>_6DRnoCs4`kiSUM5ygoAOHI}pR0mSw+zifYjFU#Zp)(KLuIK zx23}E+A$k|@jfW?hIaW97}jxjrSgQIo0Dw?%4d4IPv!;fE)_@mSW=v?wNR(P=sTfZ zgffg_Z08~5Al577;F!SPv=VNyc&{UkucVHjLHtwq0(UML+1wMKUu1qrSrP`QUHD|c zM4A1-1tZGJ;ih_$BWZ}ocfZ$rHo;IL43vfM$|D9_^7K;~BrG~6-wgOhD3p~+Y=E(d_9Z??plKM(I+xEoI$Z++=36|a zvxor@4dzsFBEN69+<2oPmu64A@SN3%+xPU*SMAO_UT6RC>3hx(lBpU}*X3#V^aA3bLR+P0602zS{gGac;%oTWjq!M$apBTxDSwWt*3=}UrM@}6NtU~?}m$gl}{ znjDk#p2ZJ7v)&ixL_jvavAToc*IIZRYP z+7t2v35py`NpnI{rg&AyrSe|yJ6Z@V3dMLRlJ-H5G&Bl?n1fJtjY{oSICQy~1HCf+ zxTH?RmXD)Ej|m|P;{~JuZI&WwZ|tg!90HAs$rJJpZCP*KHX5IP0Rc#cBm|NWxPBqP z`T>#Jt~KZ4u$+79l#~9!A-nso+w8ym+OK%U4<9~mzyJIHMUvij`{EZLb936Ce8(F_ zs5H85INrD+noCQI?E~_hfAEHbveo^P-FVXt_P_%_?e@Dk7ObkOl09#mH8gA!@m%B* zzi5Su_A8|S5Z)pM><7m>rOrETxpFjEsr^TyTwjpcx1?)lU2Prq{bygX2OqfIiD1;G zdwL||)QZPZeAvr#RN!t&Q72?x7S?Rm@+h!rC@8;6PCSdrAQfY07-+HNG?y(~%2m$- zIW8Nu&Q3AG<%?j??gp2N{7XqIur6?mL;DHS%MYx1s>3+#55@?F4W0Dm;XtqVPwOg;2F56SoMV%3xZ8{R*q{*(5^HwgUFw9ApW_+ zNFPl@0I&j43p3qV5Or=!zfw6T zulyQ`R#I_#19M7ciW!cXBm0@?MGvvwyX>Bv&}w-}jD|NzFo1x7@_rNo@TJc=hB03Z zruMc@ds*55!v&3YNwWd1z(DxNw|^~dg8>38u2x_Sg}^QSiz(uWG&L|&XpkxD;JD_> zq&hrR6`4!7r`x9O=E_+=E*&8h-m2^-rg`%BXw0jhNoAw{L(U%tpAAtP^Vql)=UXXY?gWUv^4O5N!lUDzxa) zClO*0?RbfG@K^NlcK!}0HGshwI&*r$DeD6fMJDY>s3&)?a4pFV{@OBa} z{i!TbRRsK;Btj8mf@_}~9O2Lpc%fN}9qHj7A#&<7`i?;QA)Qok*H(>VF$g#SyFf(0 zZQ`8pVeyEZNdqppbd5cE@=p>1NeKKqg#c>@dk^bW|5Tb70;yJCQ)XLgDuv_DxasVc zE!DC|zDb1c8GruBhuu*-?u?b{ng;Fnut<2Jp!QTE~6MELKvH@xAXefN9M zXzfXnz5Gr&NiCOm{}ZlKj^jKhJY#Dq>wjx&w{>(4*i8qvTSIk$OaO*u|68i~k$QQC zn8O481MYCIPDiHUE1D_U6Pj7>Qz*PSQz}Zyio2 zK)N_B={?8krs&tzJ*0B0tf;KS^Qf#SwVL`Ze$oNMgg6=6t6*ph434VZ^|qzH#`2^M zP%6elTSvbWu}JMvZH_OWJ%s>a1HOR918Vm8!9kMGuR{z6%ohg5e83LBLYfpW$noG` z{q^74kt4@#tKf^1xWD+zPulmN`GMLfoBYN``}tq^HQU~_)oSav+VA}CA8TKqwcUI6 z*q{E{$8>bzX}kT7+wGA@zGRO)`k3ASzWo9cZCh(}3P6=JOJK4vPO^na49oE>9`}RlIq_*J`wrs^`~ao^cousX zW_LqVVy??S+u2iRZCG?rr*MOo@mx8iWEY(CeGbAOZ9@pj2y*(gOi;GIcQRV=y-=jG z*bjeH0^@`}1CL10FSX7~`8usbcoB`?U;yTrOGr`FeL)3WZ-d!gmMn~C|KJ@2-YABR z`umx-6zdq$(T;WUe<4l(8Xd(wBtHfHVg!^*OR%X_an)Alei}5d?m7K{XXdfP!QVx3 zU{a;VXk^_wKAD!D={OqYFT%dVq}#K1k0!};;?xb>P1~C6#>OUbQqt^*juhD5)Zh+D zg0{eAty|*7BB_6DGKZ0gLkt>m`t%uj8-0iLNt=b?DidM*)in+F3%~Gl;*cJ&J6?Bt z#6Sp$Er3&A^8=iGH5lT%9Y9BI;_ZCQC2E*_^;$w8^jYuNoQ@6?F(j#+7}Ty_mM*($ zHlIb4W|hi@aZEHg%8XTd-$y}gOoXuk!2!VnXO?>${3UKcOBEMR4G8%x73X?=N1eka zADcEzC8p1O2=L+s-#q9$TvZlGG12|KXz2*HdKdCYyv9<;eUF$eZub{Hu5zUcaB~le z1B#7ckp8pqam)^RA#Gl6oOshzF|Md=X6eVqfu<46gK4QVvUoCfP=AaMz{P*Dm$aXa zQ^Up8w(%azX#)5lz-bINbpv8Bl*(4COvvGIZ=3a~oZ`9$9Wj_Lr-Wz}MB{Nvl6~4% zChY;n6h};9T0uoAGe-nzv!8?zrBM|f{_$LTn6dIj<>Qz34{P#d&t}fIgK@o)Kq}hG zkwd*wdwspm8?Kev1B?w7Gfzw>=FKWRIx2Ng5&vr~d%1o~%sV`*TCRGsP8&a(07(0R(S$T6$^}oD6%hZV1Fj=_k1Zw0&MCzO`KeGJ+*&8I0NLRm*Slad z7@db>SO5S(07*naRLV?VlMqNkAPE5=0D~}7i{qe((8lU|YuMjl6FN?hwdL+N-0p-r zlGzV@;9U-|Y1z?_4forgolPz|=H)c|*7%sc?|tu-z+V1p#)j zt6GQ?8ajrMlNug=|2vK234i&Qf72N|#rs zgbG4hMR=oGNdGVv(1HMlQ^G@GgtGymjmTbfPE2*SX7<<+!fmGZF-*c9vgjA8z>ho2sp*8ZO<_(!1X^Hfdl*Zd9<()g*5BBI#2^-qwA3) zN0mj5{mozewkC(9zFP1g{Ql-se{auAWeNtsLdByrNaaM2%m+GazG>X(85Y4}wgB&m zI3II9ee&kDfdE}dcc2Ev!U*%Ov_Rh4HTbb{gX_zhPMol?E=){M?G@)ci>woL&KZt4 zgQP(kxl|wxoNqS4kPbp{A^*jxSj@@G7ju2$ez~}dQ(hlW4kNAbsAwY%XA@Y63xBIT@xtsF)c0GY1}NOl1B*Um4QT-V7=pKl1}Okr5Ig!8NeRy&hxE@{ z$EjzfKWrwnxkCgo4iPcW5nsdG8ee`?a`cz-&@iF=t&;E{Y2n?<0Xtf8u~&_Ec`kS~ z#^F-N+=P4rk0IQ?>O#?ZC3t0O1bbC{3Ask+%IWUKpU*8qS$_T=(rpURw$W{!Iet- z_QqOwSj=9zZ{K!l6r7dByw4@m2uRpJ2urQge9I7b`S_8O_Q_BFgZwcEwCc7`Z;^A6VBsehP=md`IeT8Rxi)x zhmRby4}R#q_SLWan?3W)3u2tS&YcW$lpc27;3eP>923hihX`qQOSPZ<4aPr!;aV%r z2E6N|T8{vSeLPe3<`~0AAAQ_S8~*&y|Ja^=_64h}ua&k#o>k~5zCk%zeDJ}$omu_W zuYNoJ?ccIjq-gLj`oh|JJ1f{_E$l(+A zmbct1?S~?|Qf34h&S*i?5*!CD1vCVyHUwt7H2N@I3o7c~0darm6274cfMl2eW4j<@ z)&^#aEK|(tgIo1p=k&F-_1MV^t=2wVWLvh@$qA!2X)3XX0N&CieB(x)xF7`**EV4P z3}bW+S-d7uz=eP%lKKl`qyS5&A5`<$aNbb8fCriu`N9Qo^obB*jiB`M!dzNY;i_oM zu*SEvIxh6jSe1M#!4ROp4rxK7N#CcwxxFUUg+kycbNU89(0hnZqMNB8|8yv04cBm;oBx8HWFRG4lN*X*=7d8cHn^d32~DD(+OBbQn%NVi(>;+NWINR51Oa8hd281~m6a9KNeOl5N*-L*!q|nE{+_z=&Rfsb1E5$vTuIwj&pjDq zIS4SJ*-Rm{@W2@nmFZe=C$+i72ux8*sK7yBp!O0Zwh(OuxU5c)YvM%C`XV)$<;vte zbBCcsI+zV(;^?zrN2BWUl#DIvlO;88La5v2F|W@zw3T^<%Jt=eS+o2+;cKcmZk2+S z)-21!3_#M?ED^5Jj3aHxBU}?pVeRl0%rdlDuXnyte->r>3*-gj4}>6a{S!-D?V0jJ zU_7}=f|`Mi9x#HNPn6Rl5|Q$U%`vE$F@9WyPgh#c#!)S`Elv(_2#5g229tb7y4ozS zqDDk$x|kNzuHw}wi9h50qK;9<3p~XAur_=(&xBXn@oq__>!W$WI|5~{6o5rePGD%w z%rnvA+e-Q6c!VR# z{7HKyxC_Mb&K=v_3w_9AC0w5ROe)_!dv@8c|N4KjuRi__+rGU~$J~{8^0u}%yXQ?0 z+Rok0_RpXFlKsTn-eRBs+`r1PVWIuRPrTU~0C^&+5eEGI|MyS!gCD#kf_}(umU+bf z{Zg41li-KaEY8o*lgj?fcK`kN3b51eBY-^<4LxwVva%v?LxoHWa7-BLOdp`Jx1+h< zjvYU5`^Dh!Z>o2nOdo#cqwkkrgj{<{0?hmGf1`ck6Mv`rH;BPsU^QE6d|&2Rwa-8D z75n-B_){YOPe?I+Z*n>(?0mY_o^L-#Kfp|#>K-Q zct{QukLskfC+#QS{x-EG*9N7TfEgS|;6nTprnLWb45j)pd>r?>+8)FHL;Kjr7-#HR zXvsDg&Dfr*=o@3HslLJmwMWFH8IrknfgBNY5`zFiu^zZ1zxY7DBl4+KAjxy1v?|d8 zVDIGp^&HsC@dX7wa#1)F!js4(=khkLryaltkPXQn**@Vr0mp~~<9f1N6xU&|&Sb7K zKC>k7z?tarehfkdb9L~f7>Edk&?LR95mR}ukr+Yvp@{0^c$#Mxwbi>yf1)dRxbD<} zuJ-Tk(X%Aww1GJO9m#ntEXx4kJ4kl3Y+U$-5E>Ak*ME(qZ?P)t5>@8ro22%XvfX~~ zcYo9B8gFz!waS~ey4c=$&)o^dD2+D)NJP+xK()}Ykbu&>(cwk%dR;<*o`d*-0l+0 z<<}@Pa;E?2PnbAtl)y4<=F1d$*=zbB1Q49%+Y(}}{R%TFTMS1uA!gLr9F2)i31xbv zmX(<%O%W~BDPhnkTiPU$xGhz$HjZr~{tsw#W~06!Z}~{5kf8(}lJ9(zvp8o&Ydk-)>m$T0E?VNK~x1?5%H|Qp(>+6dHj^Od|n7s2CSeAid zU`I_Ino`~SUls{8a& zhtsW=bPcDZK3}S;uj;M(>J9aV!x!vL_idAg2jA_&OL!%h+|zJ-8-^r|xj2|DyZt#i zOUiNrMzSC$s@yrCn0oTFn=fS|tt;B$5QAT??lE_PCBg%_sIg5F3Se*9uKsd=xm}rs z7G=&d5XeB_A3FqCUyAZ%1|V}H)+21SVWO5;B5ymWScB0pLvszrv!%J-&EjZdsumV` z-6Or|fYlPa`}z3=vai1;M}fVr>c72pvpxItv)b*iv$wwWE%w)c^(8C+M!D_Zv)wke zD9oMI^c$oJke`?D{s}M#gOP7lxyHr@d-wZ(T&4hz8_p7G-=RYai@1A-ef6tP+GCHt z*|ir4lLwswoUVH^f57yq&jEP_{ZxiTzuCe1^sYp0)I<&)%U7xWrwI4zP*pP=|hG_9=UIdeudbo$GL`(@VFb<2; zO*g`0>d2%!3jxNieQ?&^u{EgPL}rLqFdVFD8dk3OS(JDlXK|b-i!!X?0@Y=9epi|U zyn~%*K4=65Fj#mY{dP#S9aXxeH2_xb0pBpSEEGb)#kWv#!yb3`X;2^g4bgZ2`>eH+z$e?IFCndCa2IY4du%5po9WqhPNm(2f_#Ps>n@W zA28=T;0f@0^~h<(cy4w=bTt8h3V8|wJ2^x;b4m82+ojB;s}~dc@dQCmyJ;TJfGx7i<_-enI`N=>a z1Az<#mVp5438BVjB`p3V>%4KsWsmfUO8{$Y;z|W}rW3q?;9$-L99KuDKzuRYeIwk9?OtnJ_@)>qj*Jub-~z?E5-RG1BAOKe06f>4C<3e_!d`3n zmGT3h0*&v4ka_2Df%S>&gb>IQlE;}7Ld+bz?g9O{6*~#=J*2K1H!^yF-u~0l+qaA?RD&$2gfpWN1x|SYbrvGHhEv} zR!Ax8u9d20h2kAYl~Wa2HPJp|N@Es*ohtqSvP4No*q)Rb!id!2s*6KhW9A^lPK~aI zMAUrkV%U8He)*E1qtaL>E1rnFxlhCO-^Yd{skK5{5F(f&ytyBrd4|kS1_BufWFW8v z1Xw57k?fYHSB>od$Fx&-eQ3^FB@jmwX&oqSiMOPG3!DWm#362A`ol`bFY9P(T3Gv2 zpQK!?Bh;5G8t35tT{fbv*Td~Mtf;)j`*^Hf0{Fa2%c`!iSGvaSecKAHvNYdg(4T9Q zc30IVyT4VMRRBflhI|@`N>T)`Jgcs4w%)E@JALw;YXrjF-_XJit_?!r&=z=dG!a_m z=L!|Jim^V=RBE)A}{aZ8R3oJ_Lh4U0(C&0kQ8enLl7n(}NKqeUdI_)59C|ol| zP4*DJ&?!aIWZYC9wEN!ON*KTdBfMfu-T)8PKQt2g?tlw(d##Bw@ELvjZkt7~H46@@ zf)9os7~&`x8e%QU1y33kG#g>~`5W=gq-@_5*}S>Y%H?^ub1YXhmfoRg9LE&8aL3j< zMZ~BRgDx6T6c}0!P(X|uZPvlB=aQV>0Rx_gl%SXVI-K*2=zF1_C~%rD;Kf!I0L1EV z<;W|OKbYjYVsrSY_=w8NO67p?-uWz)1D{r4Nr?M;?2zQE<=D( zVe#^vJ1){pOHGS3i{6xtdB*&MNm_~dj|G$GbDq@1VO;X$b(cDpoUgH9;uy-u`52Ee zQ@oDH)cf%|`M6x(c%NfP?7XihvEWd&S`6)k)YGFRdaZTQ_aJB?-mV<>+`{fX($$U(%wQE;AyU@mGbF5UWWnNLSO^ps))@+`Ty&@2Z8+B-E0wbXZxj4g_ zXipRbG{{#1<^b16w3{I(fQ6McHZ>x{f0btL16RTVskr(R?!_+A9(I=S6|mkpALlEC zRUlx5^j&C$14xah1RH~*h0ga+Yka3|pO}9<5zmTl6E1XwtL*ddSCgEe!qF4V|2FM7 zkqQ49gn~`y8;Jemn<&6%~$ zLgJWPRLMco!xEDCW3`#~(oPca1+fEb>>dgGhwUKDKPl!5SDD`o1TqlFKwx6{wBuT5hsDrLiIHkTFs@y5H0xeJao$4(LIYrO zNr*gBzwG9(iy>k+y;Lgwkxro>4RYFt>1Rnvp=On;$qCY@zJ&Cdi5is#QAbPDp!jPMWLzM$--jPhp zt@b|VWOq-$qE8IlxHdE}DP}XIp`pfoGDU3w=%Y48EWlS|VR@C^BgaJ7+uE$7chD-D zHruQ;Os8ijy$x}`g?9&LK6XAaWy2!?q&dYs{pz1zhIz>q59p9TSon7ChyWlC7R};3 zw8L8>;0L1D+v^|Df_-xQr~oX9yr|A_-)~Vxs3z1&ClhJ@d3P<)X+eH*vuhKp1-eEn!5da;T?%NN;^5HUfLh(3U$Uh;*s`&RCzxLmi*}^7DT7s1ewre+fJ!$^?RbkF=B~d=qmwsQ;c^^{Pq3L`ZlM|;Ygt4j_k(?BPe@H+21t?78*uZu>)2yaY`4Z>E*}^<`v|VtvNF*48YC?d1!rQkr2Hk z(}cED^?ozE)B|bPI4D^xDjGe zj<&xM6a6Rp(>0k=;yjUa?yVn#WtT5dwWh zg0^AqA|^z80r~?+&wL|uY5+62e(QF-FxhXzZRc&Kw9aZOtK}#Vhvy4CMc|*+$YsVU zJP+d-+a1;b6`+_CI}k?;6~wQ^8+s>xczuDW+w<4@ZP%7s-$hG)Z)kAxorUvA5T0%8 z^>Pd*oeqi7i|65vUqwjpIFsIx5MYQP+F9KAxLMHdbi$!vv`1e&i&k$5bCwUE`0Hh| zyGx$K^v&m~PT1)LIl$E8Gk|=tt80Dd>aAKjM?ipr@fv_k+ptA%6JqI?WSO1ngOVcS zHQm+F*4TL90m7m!{M|}oVa1$aqY|wFkq$`6aa^kB+1a@v9<0V{Mmr4bV&qD~KcSA} z9sezxwd#lgB@%!m;w4}~7g6Z~8Fx=(nWaTt@oF(8h~9e11A>OxofLOUC?&}k{My^3 zcihnWcA`tt|3GnU2f0(cB?Ond(f>&sEO4J~qk8wz7!>Q{NcCIJi_Sa-f zQZ3&Xng`73h*0n?fNun%bHsA1wT1p9stEPy0+=>IIbMhIDPAq z{8sFciJ|Cj#&13JM6C069-$2`4#*+0`sGYBonCJe9OyqLh0w1vNpM;3xFpYA{7*0{ z%w@hm63^p2g;typZ3DcuzbCB*1T~5dF)XLpRn?YVUTWQKSG1uhlgdpkE=0iJn5yvR zMSeFK1hEU;3**fD{MEcXu_%Qb{LVkqd14wRGT*KPEsJl}SBi~ihtwoK|HKiimjMb+ zI9w*Ce90Z7Ik6v}+ajS?LYa#{FD(`yg?r43OXJ-t#(=Zb=t@`M!EB&f~#OeD=naZ1{t)p;Jy;-qng7dSF7Sbvd|lAGmq^c{Vn5 zBRfa-_5uVBkFu#VQ5Y?cLYW9`)^0mtVkU&ZLCn__iQrK&;9C@Z2}d~Cx}#RP7NpHQ z#n}<6^`|AR#@XKe_wDg<@OkP3qxK01c$}S5SQ;D$&54Su*4RU+&8j_N{3N81cEqGq z-HMh7$;VD38xTFcQqNl^(QYk;o_r0|59?<-iRBYbs>?8#I`{HP1wmmrUggL$ zUw2vG^~USNf>EJ-#MD*UxpP;=w6{qQvT&>g>#kbFKw| zIyLQfjY~aea|PT6<^T?lJiK4NX}avSqh~xK!oc9Lb#?VyZEdA(lP`g_Y=9(nG3`@8 zIxD{r;H1qJ5{d{f0TYD$9M_Y)yedWrPMA8-E;z7LA#cxV$KQ9e_1p#EdI9iv80kFu zo#09$<&0<)kN1e~*7GVw%^?&Z^^ww@6CwBQ`HlVUlJK7X!Thf$F&5Ado^&je#^wth zFyC{wOW!Te$g}WbJ{kI;f!d(JWY_o zrX4mt+-;{$U9h_PS~Mqil% z+lX)=wf++5MFWP8FIT!%`n3TuhI=^nYkqAh?#BGd`33hnHfT zC{vY*aeMjrWvf(Jqk}sd-3F5onDg+8lY_qMT!L(0o68Gj6hU2y=gj4CS2Gnd)4WIG z%{VOg`A}4kr8yx_#cF?{`jacJ921Het-~Ec^06%IKysp7xB7dZ>>hW^Zcj1?ZyW97 z88-c=dqZfT329HD@)+L-<4>Ep<}Z^n5Xe9v1A$wG0P7CS9S%ov{0AOjJ-SujIa{M;F9sVTMWU0dwb>C1NSy}O)&PcF~-JTB5XI6hAfcQF+1){cHjS-BO2s(u~uV}LZrk_n2-j(`})N96>F-KT~rX8C* zXZu7;sXUts)WP$+p41LB9S5}GL?8I(lIK@C?W3;0oI2~&4v4ln+C`KG%~A0UyEfG*%yzk*Jabi1 zGlp!}&du|D#8U5|j`n+-e20`!_KfhHgNXigk1>>0Pi9RXA8ct~! zFoq$WkR!$$!e+jvEVq`dQnw>&!JmFX>|7P|PkU#j;!Z-!%T74?T&0hDtBe=VvBAS> zT_glpoA4ztGljmS7Gfc~UP<;_WGlH<$jK$~Du<-L66w6|L2#Yz16gS|1)l?YK0mee z%+Hf<2qeDS&J$UmSy%6{J$d-5m2cW=544uLfC{@r`j?u3D{U&yos(cHM{0AJYpAKp zNOpu<{9!r}%VU?hY@)2np`LhBeW;he19paB{vlqR7)>-IsSCay5SFJvNDS=`YZ*AZNjMuk5w(%htz)C} zfz#P^D3fVnU*C}7Z5%;3LID_F)^6I_Ck-@0#c>afvu;1kR6O-+n- zln58#m{r>JNwm#P+5HA}LGPDny+7QE3E2(Xt{2wG;cK^4`kOb^-=xZ)T$AHo;fO!` z^Z)6)tM7QnqxKh{{wwvbStbN~?TcUfJ8dQw+q>WWxIOjMb5i{ukznC~_xtImU$9^K zm0z$w{j<;6?%g}=(EW!Lg&>3tj+-;d?^^9V(oOIl@Go%_a#p+x^rI&xh7yA3PMJ!; zsDs}&3J);`r3E4S&C4Bvt?G`NZEGQUXeIeM!uU6q$;Xhi0XoDK*N8F2!65IV-JwT1 zxx)!i!WV3kw|<=eVgJ8YSjK)rw-N%e1{zzvqVLTTb};AH0=HWML2L{3+(S)aqXHnq z^cQHt;7s&*kF9^CWP1O;9Uf+rNCEfWBY~L)Jn|0nA75h5CAV#!@n;Z~B8?XE zEbzvfKDR&l1mZ`3Gz20VCVpBfrZe&yI+LYy5vbErDV0L3oQo{{agRKTkf>w09|Qn2 z9pW{#KOSRm61U^!U7N)74al4<3jxLo<}!5*mo2b?4;&G)8!tqOC;!DC%GzH20NH`qBN68Fs(Bk%x7;2F4dKv1qwsO6FjN?NrTAatM_ZtHS)P)9sFJ^1) zKuUhe5@7r z%y9lfyIr|*-EkIpEB>w22c9{;7SoRw9U60lce{M~nw^%v1sv&eA9@cQ=yj@0w;ayi zjs#7BuPkspIR93Y3j$OROz41c>tXFgA8rqu2cYJ=iAQN0nhN(f$dRN36C#n8rCFAO z1LfHy$P@AK{Ix9m#>L>1g8R^ScPqIdLv6qTpwpK+=LmhcL&BE^(MV`V-jHME7759k zW&U#d^d-@`xeMdL$H8Ax;ws!xh5AoIXs|fjLOFrv4x~gIS)}-5H$O`%wU6v+w1z6F zzw(9q|3r&#YEoeIDLWv2&m)(#g+x8xv4t+{RwjKLLtr&zayz=loPp7Sfn-N|BN9yi zaw&O^lFN58b;A8SHGNlV-*W9vz8|}n++Oa%xI#p%miUhOO&W4sQvG^_}A$*Y5KiigN724r=$2MJy!9+zaN5s<&alJSp#bFB?06V1i z>2O%3`ON7q*>~Zf2PT!+vK11Z+z ztOgX=Ru^l%)&i~JRa=8IB?MfHl3thUT#3H($L^Rm%X~)!JH^Pz)53_P7S)w{q0YMJ zU)`q-#TuV`BoIJ2bEFHCj8zEN)cRJrroOwe7Om2(%;O9MG7wk>0&y+#HD#GR8+Ds^ zu}1KR0D!gljgY|WFro(!?64u3#9h2}P0@ZPEWfVYx}|ybx^@>?Z^6;D8Jt%rd_$C* zm*u^`LB0(3$rKTWoxVkw#=iNrHsrD(Tr;8qEVuarZy=>#``MrQ-|RPj<99qd0L*`}!tvtJucM<&jsb`5 z10Q^^J^$Q`wrkf87X}OukE;DycI4Hg*3;c0$$khQmW`(_bv#+D(zie?gotv@7vE(YQMz0H6&thSx(tj*7zF)lh1CHcO{-jj6J< zPz3U<9lp>nb?X!&RPUIloNuZ(0g0RLXKvhW2rw@g9h}T@em4@aIk6viVbmRLfX~W1 zIyF&WW8qkTTB^A?aT^vx=J9@4soIgcR%BEZV_Uel5eSnyLCW}Hn2@n}I_3cMhj|BM zirsyM7;z8`_WwxRbDSE|4c!DmPD>?maDttXfSi2tru3Qm$cxJ55k(U~J^lLdti8QO zz7*s*@a5}70)Wzznx@(ef`Ykq#IEz@5>26AY~A}OW%oXl>yG-cM`eed=e&DP_JM^G z4ipQk40W_Q0W()tE&F-Jmra+u)qCR3y|+gdW0ME520;`P)n%(uQ;B)S`?-g`KQ?!$ z{f|jF0W7JH=jkM10gj`+ghxb620;Sqd_ArWVF-@mzCQk+e83^22 z2(Z?$_OS@CzATxPCwY;$)%AjP7H6su?VR6^^teqU3uo$a2r zt0UQtJ6CESnrUSUW&6}sX>&=)u%mXyqZYh=;(~{vC6sKc5PnC)j|fma2TW=EGB$=Iqg}8V7a5 z!($65kw)GKdM%yaGY(M*P^yg$oC2m;`lVBi_p3?TD;E?3aku86YjCQ=s(#~=Dx*H9 zIij-7W3SV* zQQix1<%z3>S`#-H-C3MJ=ExlH90Ys>G)P1NaO8dSfNe-)yjuN)IkmV-<|cxvv>Btt z#lOw2LKwo0Y&3)gVb&lD7(*7YrQjUj$@k7T?#R~{t)R^lpT{G0#I+#aKZ!sX#2~r5FD|cXZ3P@cdAojf%sb9v@J-K-d8n z|DJTsy$M~h+mDt({q{Z9K6t}+S7yncUyQk!bJpUO6Fw?twc8S!ME$6l0td#9?}jRf zYday$h6080Gv$TIM5Ey~G3XHHTvK-S_bqM>WzdkR(~d-^)F}rp&)HkIN~ogqW8DFN zQ0EHZT3lh8SIps!t~1S7XR>7=kbyv&5MX^EA$YEpdN5i-FfAm0lfPls_n4n&aZO58 zF~4wwCk@hYhtSQ z@89kwY-|>cj*g4LkG>LuzXaY+U-^U49~~R_*zWh;E9t!wI538I^Bel9Q1~|Dzt_sN z;o_xsH^UgrZM0koVCKM!8#+VcTW`-1xCbFX2>bl4OLO*Et8l(1q|-lQCh1P_F%kK< z+tZf$TJ=8Kg#*f79oLhXpM0}>szu7{t-|iC(9@17WC7iq+)E8 zFO*HnqpalLw|AQzKYq?i?+H;fn2UTP2&pFJ;F<3yN5U+8k-_vMK;t+jLD;qS4$Cbp zvCUhy1lo=Hy{G{jd_n&r@r)-zI)@@D9bqDo7*zh~x)YST2-n;Tod#IR2|FYh|3Ip< ztmurFk#v~PK7SG(-TX_L#dY7DCv)d^LICJvOU8$ZIvt4ab_@yig8+HgQfYqvEcI}M z?xXeYaaq}ijR_Z@13iAZVGe}yAy_qFfliV zdbOZSs=zLVuZfgJm=)UPNJbh4Rn4ugwcw4_GdDX?&eam-5p?9tp(}^eqd)*sj`J{1 zp`Sfs${UIZ!xUzBo7xETk9sI@xRnI4KC7QzX;Yli9P87#P$l5W7SAR(RU))8JiCS7`By&O_u15Jk`Um$G!iN#w3!ipYTCNPdfG4B*|V2y$BwOHEQxy_ zfi0Y)&}uL;S1-3oy&v;m359FQjIg}$0R#~byhV7=gzVs)4$%8(DyrT&S+mx5rQPbP zOBF`2)K&EZvqgJDi|H411Amya%?MG#=(n`gd(^V%IFPo@w=dB}%1mfN_YY#kTO2CA&qoIwKs%|h0JwIs4b`_#xG=He(l%Q)Zb#8p#1%XQB zhvPe37^a9AXv-WweqMewDxI-M2tYzu#UIy{4fh>#da5;2`6smg;k1$v&dkf(Cjd|b z{KMkgQX5>IA$(_QoMslInUs<{+t$|ZWm=k>y^+b!D8eE#N7Mi=R1aDh)cz(`Xyq%>;5w{ifF4p76Oj5ilag?5OOk9&B1*c9-ia2m_M~RLQ+9TFv>c z`EDU_I8rtoK_pzK9vA1Ak5JFYy2C;U(LhuHj_D@mB#0&2(yJN~W8N@dUzj_SG6Coi z0@vPTaJlr`94IqF)!yM1t@1-NflHOtRNH0R zK-+=oD$QS|*39D!1Tql#c7p)x0K!!KsElfX+abqt&5DSE4;1i6t>}naMN;v_fy{}- zX;?4BOzQ++F8E3r!8A$qvopWS0Yd<`KtRBH3&X(L&6>)+8R4yt%a?6yQ>ER%wZicW z>*Piy1g=98P@I+H)&U*CMU!&a*Cr==%`$<4mVr^-BPX=j>cfCT{?lggCIaG%5*#?w zFXoz+GxU4q7RDa97KQrVs`%uoG!iw$zDD|iuH(fVd{!wq4TzS*Ou*lnz?;c$=00V} ze@dYNfiF0vzHFP#cAvLSsqi;RrJs1}yo>j+VKFi~W@pd0%gJGbGv)aDSzyQmT@dIh zgbE8i=3Uf5*yZ~AYJ2^}MLQr30CumrpPXXf*kmZsJG10%pL@_MQQbN@f9g4#1-uBdw6|LvM+JKsr_yy*4!jM%xEYI|T?xz!X-S!eg49Y1kirY7aq*jOV$fOa<$ z2_XSOvS|ru0-P7-P0X{NBg2XiZ1JeAy(Z`fgcz8uBIwel`CS>OIKOZ10X+yZ>yzg!u6!IT&e_rXy~9#3sbKWDh>_o+5wuojDhD7F*_{D3F}9wPqb8g!A2hW zuzZjb$6yD;9TpXK?-##~do-x0r`KM3Sq?g?rDCLpzkd9Lz4^_LNMcv9=wqdJ>Igf2 zp|02=e=#3DxA|Ge2e^(Rp%IzibwL1i4sIFUPaiu1qUMO69JX6bOh^c+m!d(S>ELWzr^?$+xj0?PBCiS$##0 zJjc#B;R?eI(E*WoLqsD|a^9<@)a~a%p6t|Pu0eRe81r|DCNH{`?A;$JG{TkS#25o> zv@IqTr|-H{Pieo@3MQ zi)CCiIdU&1u9YYUvtKUZWlUZqaake_tvYG4k$gSYeasYjJX3=w`peeQIpbmMuu+_NnZRr?3mP`_w8*}y;4gT0)j!up8)0wgg}HjiW@Dwo7n2jo9f&|;I-FID?-3d zb&}1)pjk*B=rWG+ocH_q>0Z=4r1_lt1|)+d5Yq;jD(2M1{v10e+8|#V5qQ;C(QoVI zu+x}V)YJ&4%c)||thJWs+WxJjwz=hoU2X5NQ>QPxCII72{(PBf;uo`7jb7{_<8-b7vbsti9$XgM%VHPq{F+fwZS4(ZUG%jct&q~wkUnwI$< zg#gSu-oszA`HYuTQRuQ9Ie{i0LN(0q^Ay1&*1O>XfY@xc$Uhz$5>vPni2az4WBgEG zdF8M@_V!1uq(ov|rGbF~d-;`D?OpGDoXbTi09PH+d%}w}ik<*Q;v?k&=lZ9qx2XJz z7wes+D^{9$mSJnJ$17_!}RQ_4fc9S%pn$Z`=-Q)ct;ZRQ3&L2 zChUPC)6EgYN1GgJClF#lctJ47x0VVXUZr)U!>@LL2WPFmJkN^6u`v$G zDIi+GKotZvrHzFLucOAeI3~Y4-Sb7WfzH!WCHjK%n2urX)JQ!uT@|wA`ltgtw6d8& z8_X-Uonq<_$|(&}Y5l)xrQ*%JzFNdywTP@NG5j6bCDzu{Z>0^zRwY9A#%y>4ngZ-1 z(PTyM3*)0B1R`^vwiigH6a<>+65VSn$aw$&KmbWZK~!2cG4@el#gXe=?T!H3I43wF z)F=`q+BrDo1SG^A?cV5gJL=r%HfHL}Kp+EwjfDW~6+8d4B4GDPiw|0X^$S6x9?d5| zk2g|}^SQ#>s7h0NDGy|kpX#A@s7Tn!iIzpa3;MrVq=h>+3Rb&Xu}4yU9}$;?h#0&rlZOC#hO$*{t`+dcs;x z^q5Iq1D_}$4LR5L3p@(N#p0>Ie|X%(>j7hN;@(b}|B8xo#|OhQuPf6oJg^y)m+}Jb zLT;+ckw%=#i2}cW^r2`lV7guNjbNmRGHF-b-YcYzY2 z!5wa=4@}QrXp?PyrES~3*(PLjK%G3KUpaNr)%u4O{h*_xN4wIs zE;xv^R*pjW=E*m}w(VPO^2SBW)ir|b$;nA8DlYb&Rq)!hHVmdE*g&X}Um`#Nc#YM> zgv<$xid%5u^{z__-B@i10%ir*@EzRD z9H&cv^S$d8E^J}`tS2$w2(x!p(V0%jiRIh320r)#b2Y5J{hC!& zRyy;4>hu{cDEYQ+TdNfn7Rq~Px7F84dZ&>Oom9ExH>iB*d~l+L8P z4*?{41C#QmE<92qCdP#Us|*t}XO%3AI!0b3^l9G@*JzVR1o5R2s9OneK#gKuQv z=r~_Tpo^E#0-iFotDRWX}LRb0FmPiq_P$li9irR zgpFOULd`so|3TUA;!lOdy0hNoWn%^LxJqTLzw9o%gWdVBWluz&kYAGc?pf6?Cg&d23ctX=B*o9sXQ@+a&^ zf8+;j@4mfu@%WQ={N#E2=l}92?ce|WuiE$j@DEr?^FHgvqb^7&B{8NjUTECq<;+-1 zeYqVydD)7~du`{|S{vvec3(bwc5ij&-|?=HTT4r$t3RJR-)2{@b~xfhBY^h5svZ6! z(HK>g<*o^U3Bj-;7d-p5Cynrck3ar48yFgu$Nnq!&_fT}OE11;t=qQQ6G{dFf4+W^UXm2>3{7*icu-#x9+YnNjAWU6}mowU#MJTIn52eW;<- z#{SZlWR>cTtv$WkP}MG!Is_r|u-zhT-ojD4_ClV1oj4Xra!!ofLXQ5IIM+R%g|gvT zqB`>=yrT~4&CSUb!Gz?OMPGxb{u84ZB8qk_tPAP2J>6Wu83cq{6bmd1F6#o!E63&j zTxg()27$@W3+?l~iMI28>h@imbQ_bDk9o$tyK{>aFf)cj_p&I#Ny%>Qbz%{j{nqdNfgL+>)&{g|{u4j-3)b5| zV$VEx*iM{2Z=d?~XYIfK&L7%~FCCFDm0A0PPyea?-X}j}&pi9Ge5Q=pfBrB3&Hm)G zpLfskfAfXU+t)t-8SA}#(poBW?e{+MD>l)6*=ouQojGDHCvgNGaXp7|VXaPMNvC*V z{zZn5DyAwz;#e=3WLS}93QEfCp*KBjJ9h1~@BQdMu^<1jAG9rE-hTC0e%{N!_~K#v z#IOB^z4+oQe%;g4mtfvz?9Fd^lWg@b+kgM$f45R;3$*OqCvCv7piSVp7yr;^gw*`e zA9mgwckj0&=lkr0Y|L|o2rDZ}M7z<-&{FU*c)hHw#AyhGEeHs}@!;;~x9lzk5Ogoqh?|3+!+H z_G|XU6HnTAJpQQEt>t7w(EZ|<{@#B3w?1uClN0v(>!++&d0%?zu)QFL|Kf#9*3l&- zt3LesXFq3u^@YE->}hEYXwsq`_YWm80#N`}Ek6#uQ#tmv3o;uS79lUj9&hxRUGg`j z4FSwN_wL$an>W?C*-Tegzta%sFI<)Bz$H5`0nYK)&wGCC)Kkq1li>y!F>l#YhA=G7 zhU6S;J7>PRMx;KVm#$~qk^5isi1a~B zUEWqawu}7iE(@2qZCtvl*RlL+$A!7ITFzU0&a{Iey_*RYt*|2=TERGw;xSy!f1&Ym z#bYd+dMwb+hUBXAW$8Z)AdKYb=%_WwX76?-Jo4f!2!TVMM7#JtSTJ)48Untqh-g54 z4*>-WF{+A~H_pv2m@g1cFGs44F@b;*V2ig_JpvmD9l};U`+A3MX|C5!k#6cgf~^7V z)L)SeC=7I-+73ZBIg>3P0oqTvF=ZB^_JA*2Ye=Kx|W zlMO4#je57pW)`zA-b<(_5O^Z{ifyL7)LSNxzcK6|f*=y}hZGTGt_)U73gv-T2>QCd z(byi(l=;a(AOnF61a1)mEIHW4k8Agl*!DZ*HwaCqyRp`=TUj7{aPs6?E0Ke_&dv^N zZQWwWj-In`e)CCpItMeudif(C`$79}pZx!1w|>(7S$+TaeUJVA?|({a=(+AqeM)8o zmoHuM-O`-=V!I|M*qFiQ7FXCAX~RCcW!H+33oG%8S>_)KwMiokr^|D8ui)1!5ASU< zXG4g976Eqan2P1A?E^Bl7HOt-N<%?^S=xxZa^<33x^&fk=m)>Y{`imo!oKUfKA=98 z2|ozO3t@2nvH#_x_Let4WUrsO>`novge-GGd}$=`2^$FY+jmLu-D_=!FDm}btZi)# z0w8b~erVX`$KJoYXTTnN^w7MZpI1P09J+sx7|U~xTg%13=c`UO884i_WZSlFbw{@F z6{LoSItdu0`JjBoQu8N0`|L~h6F>1W<-Z_JgDO}3hd%h=2j8h!?5|sWL%sc-1PC=X zRd&C$B*w-@ZOitZcIo0pYu&a*@5{5R7tdSm_Jek1d|3TY2jlvy-|#>5ggFNd1U=Cy zReB;oJ+>`q9VUN|jOU~_ahVtU_T3tE%QGWxU4DANF*GBwhsmeo7BoPH`CFJ5iaq~^S4ynLJiCR zI-RL{pqmaKIb{uX)zUWEWG7|1g3k)fh}i6g=Gy4AQhU?;D${AvQVr*x-%mVDoC~z` zHTq;q^!jaYd#jx|c}mjJ=j|I>L@!*pXpidNO-c0tQ2)m$DRJ$I3U5mBW+Kl`&oejf z1_T&7?DAzc?DlJX;7g4V_jrcd4^p}-1Bo4gl+0YF+)BG!k)cVuz&bNBO>^Rkv(7qh zwHQ)%LG)IuNvphnr+ll4KZG9;Mo8~n?NP+fN()q4FIgrNu%>Q8){JO(hBk1`{rUE= zsEY}wU1%w=ob1iE{u_Ccs^?j|kZPOM>$>`e>_+!ho9eh|vy!N1)$OqA`X+mPi+o$u z$+?b*Vd_my+@r00W9-VeRt1$&B1xH@++CHE{o-$?*1l)(kl(o6o4y< zBTF~CtfTU}KRu~G-5i;iv2iiDr01S{(Ym{OU6}F26R+4gG05NmcFxfTo7JFfmtFox zKl&q9T2*8HBa;$(uMHu9o58siHDb&gcG^&Gm3`xq1mOx#SSWkWt5>gCgM0#j#}NV? zJ$6po!qwn+2~GZLI4_iOV)$|FnSe&#;REsi4}erUf00o&vk zpw{s!pa1F$!&IjI4g7Hs z$pE1i^dj1-y?q0IfT-7`Zv@v;k zFMsPzvHWUv2!yvGdAkFH4p`+pQc2gMMjdwHhQAn4GC=?;QqRZV@pk_Z={u4)63^(! zV!$hd3Ws|-(Pb8~4Sg8Bn0`W@a4QU2tSjb7J+20@)cl$2TY~@+JiLnzDnwry&TYh8 zg?Z0-Y5WquTwyBk<`xMHrh+Y!ul1fI`~=nGAZ1%Tjtg}qWluT{YT1j+@Obrdp%U5| z^TuO%viMgHeS{2&E5A~%#bq}B3W8*zy>uN;QV>nD2I0wss}139wTBjd;d88yc!y z6QEpzhvdXuV@--jo^hTnM3AqD1}k|QUt zDsFMEJ$kT71k;q&lqlSkoa&q(%Cj5FGd<8@H^xUDKCGAQ66F+$kSuSsd^y%3{8Mv< zJRIx0nU;1yy0q0&8xV`v)0;a$w|{sa5$kN)Vh_J^PTjJ^9kj|(T&+ebd~ zL2GH=WY0bSl0ER?A^T@P`Z4>;m%eBP@_qF)Kliit+|y54f2TA8WJf6weD%(?|L)OtIjRa}w+4z)vb5+>Z9XlOQwq3bupZJge&UQ** z(bUu+4Tv+gfBzo)<3IVF`deln|GA&?9sGL_?oOB*g!Vd~N@{r0X;KT4PBngnkwY7x zR^h;hCuZ%1>p8Y}c+k#tPTM;kX>~0(6U~3_{1vH^U$wn^w*^x)Gz{f?p-qkg5#;CR z_c}bQ6kY7qSC85c|L{lcz=1t34EWE#@w*aMe78&-S`<}aw^aY1uucg$e&`3k*Z%x3 zzM%So&wwte_y33g>ldxAuGaoiCIh+h+wf06@*yANuYC2J(gw+wPlRi3y7#Yt@#i)F zvhC|%{woO|CS2&V8m>+1`HH7}1Is2J3b3ofcG(Kn{(yI3nlmmf#2%@O5M~&mfRjr} z)$u)&(89oELqyP`1f8*|sZI_Yd;PnG35M|oZn11E08Pd__tng5!vSv#x1MMn{xC`u z9jQ#tHTwDnt*5(B{D{Iu>KPg^SFUtQSW%bQt=EUNN}}y-ww>#qwqb=Ym>uk}rkYYW zS2->1n4zH&H>tfx5h0LP}p&Tt*iX>q)6 z>m0DJ9=&F@a`J%*fZO-#n2i9yR~i8X3Ryj)d=LsObkpmku}h@n_bu@_b87=3z=$9K z=uiywt)(+|U(=jELdGRA?h8XU|5k>Vp%V}7i8;aUB)b9FJ?Cc6D#RL#3|{GjFksP< zIkg0PG9>3PsmviSK#YZe3Zlc0T74GkQ{&YZRMHmiE%8p3f$<0V4o+&m$~$g@ViGRV zz0j%K{EMU>8~wXI*LnYtobi;D6gm8EXSaD59-GnhpzkXYhZ<^)*PNZzj(od>0J*bM zj3M->@MGvaYHA z;Tf4Gj1J1)^O~6bQY$E{RCGX%k1D{kGa-?-l-#iDoKdTk?Mw9dA4sdE-k5l^9{Kmd z{9QC}!!>PU?IcfX0$xb%F`vNOGnxRd1}DJ{J}km_7mjiLNvsx-a9RNS4*I9Sy&gT31)|O;U{NS=d6jr31Eru9MeAhvpLt8*&XH$JN!R_LNNv@azqWf549PtMwVb_j;r{=1I)wjvMYgUb^68_VS1Kn#}K zC999LpN8YFsaf{drP}eG5ObC%Px@#x@EmwkgX02aM=(RNw*DJ-F%i}DE$?c57x0@A#x z-pgH=IYsv<8XvMRmyl{i+v5H5hJPywFh$tOjf5xa2QG2UxXCs5!NbY-Ly6n>D>6cT zp0iCdD|uvdLa;=m*N|v0ZSU(JvbMG^Hw!>B0LGiB3~`>tD(R~f5Uov-l+P&iB9V35l~Jo{YIIt0K%p(SE5b!>(UiS@N+Az5A9n6gN0s<~q5Wy! znX^~K+_xsiN~SClVstA~)6>U0EvK;5MijpJ!w*)=>81dt0fnX_(d;~}A=ELZC>JMA zUbF`e?On8vc*a}&0lp&=q~#SBdmpIo_GkbkH53La%mv6*b(N9h$c$DBgsGp-|HMU` zg(aCdWkK?gDD))OHLpz&>d(@(3juh|d|Grde>Zb-cOk$i^3meWwo^_-#;dftX+d{} zTB{0+?))4G(E@$?(Mdi=1Rd*UzHpBZ zlKD1&KT&^bd9DMYq4>Yb&n|72kT>n-8Nvr_-jd%rOBpebBNGZeBSx^Px+ra1?2R6! z@wKB05L#mEz2axBad`XVS zM@O`Vhedl*JKdO25vAyApG?nuB^Prrm#A0Q;EzP{rCO5KJ>CuzUm|)7(@T*f!bPe# zrS!F-z?g8`b-M(2n4GbxIXm4sXK&vkTYs6qO-_zGjU`Zf`=|-k{g47ZzNJDYcm=`- z@@+#t68)IeMi0X6boxXd+6vCCtt^sIdenAo7Jd<}KcluGfFaL`lNao*Z@JfTHFROX zgKRpg-xG4WEBr62%w9isN?Hp$Y;0uM>9rej>POybGJ5-fh|cw&`(b=J&vrr1r3;s2 z0?_B72J36fty_YCmtQ)nP0t+byHRA5WzFu#r%NG_7`L^WKzJh(Ka@wKPN>@JB;@ZV z31PsijOF;WGK6NUfx*vDH@5L0-^Bg+IJw@9JV)45rbrT<5(2nZ2~AoA%hlheB0f&F z@~J@dhW2Y+ZrVY#jr#g((HVuJr-Lw!+8A$~C%05&+lZuEZNrMRA;vn+vDM$WI0xTc zmP~HOJ1^PQ3OTZF-fg1-{)mKSL;CA)yJ7F&lcVsIyR=(>T_!MRU41{yvBh<9MKlmJ zgpQw+Fk|a3Im^zMuLSWZz0-DY)2wLT@J*4IzDHUNGZh?d_e&6hK+9<@A4qbM7|n%q zz)TyKOnL}!lNgFbU5j(x9`YX?z>C-VZO@ik{{R;^Y55KXuiR$m z+xq;Ya^XUv^9};ur;`Ydr2sR3FF-E!)tT!%3;~9rP{^-mO0iS5z!TzQtsgPtouje` zWI`bRN{jBSJLZ9bVS2=&jvvBOUBr=3_}CUdrS8OZUi1Kj2(iKZhKc1}B;LoO&AYf0 zCE+|1&eU$Ic6Fsf9zw`b``u1aYL7&6THj-k_|J;CLBby#lYnHyQUNpQDH$+24_Xj% zxG4Zo4@c?(5mSfv6yPK!U`HMpNSN~5nP@kf5A4LOmT0A9IFi)L;Y{9y9q$;D3Sp6Z z^xa!FYfbWgDDNHyHfdGn=XHt4`*N0^*Us-2^SI%0Q?D%H{my!N% zE3B-wvQ4cbPUJ90!VuAlR<9r^_iU2cOJTMM8XPkT>8H{5)V|S|rRHzUhd?Bbd%PEp zAgF9dya-MpvPcXebKCo;BatL}6ce~pL}QT%ARG_Y6soN9F;gH$R(iizn)%5obxBnhA!eyG$sn4sNe3q%e)W_K1u7~^UC8X^S9!;J z9>-niP!>TzqLz5n^YbYcN&Xc<( zoV_R~ijC#kan<_lnr!ivINw39U>jte(KU zV!FA%F7yE00V+AuD{V1pzzMZ2**9vT#C&aP143+=!@~vu#pZ8;3gr)9*ZZ=ys?`zvSmVOC{P%b_7FYLFh3mMzK=x+bYL* zwb~m1zXBA;!JJC7n#3=)QszdN##PQ8eOz>p-EIC-nxZGSo_svj?=kt7sFa|G`3vn7 zgfiKI_EUdWOL45wgrWb03}k}=c%3?Z*|xPd$w^~{j}7BNel{{DB?X!6IB(^Z+iiSK zn||u$n)^v7G(TpBdMv-B!b-LCKQ5XkP%fHdqW7*2W?P4R95s~PP+NlUhYJ_mU7g=e z73Mpr_p7>Gg*oi+AGDd`8jmVLq$C7Z?V=m^*FzhJF^t7xpJ+T0H;5!s-w>D~r=zJ< z583z${Zy-?O6nAv@h@h&`A|r-(a99gSoIbTk^e1lV>`gYcYs0K-;=8I=eG7!i>AOnH*K!9bavM9%nbxdm~)NJ?8&5l#F`Z^65 zaWS|bCgSY5E7rQTN&ciN94DpXpY^oiR?GOBs2@-ROZtU=(F`8_#YtqRYj5=(OO@xn zFoHywX_w!b0&(9k=&ak`rX>m`-$!GaC=9v68{fD*Yj2T&dW#(C3w6S~ zk0%}JbHB6>u4=~?P3Y7_R`AV?3K7Kz_;3wAbzG$9L{{jPw{}{M(0x{P2+!~?AIvPE zO~P|<9CN~(1TCQa&>7%8G(^C8Hzb^gKEP2RW&+Kd>YRCk4vGn((v>UM{jyT;8CF6dYx&pA`y|g4I${^$?MKFcu^cN?QfoUEQ9hoIz*FEz2)2Mk4 z+?e|?_?{LQ4)^pN8uWmKEq#J98Ulq|_0K)y9G65=(WaOo5;v~dY-CR>fZb$F2Xhwa&=uvAF(Rq zgNh&3T9AFZdBfBS^N0m&{`*bLIq|bLBq@2H1QEw2iESza>CD*{`LpC5@~%VmxvOzl|Nz=FO`@N zEYR49fzaYS40%Nys90$p+7QLoTe{8LG$jJ0Fnh{MG*56qQ!fn>2s9A=j09OY9lVtU zV)OZ?chjCY&%<0qO%^-I8JD)BentxI4(|2=5WQxX9O5R^(%>%M71R8=PJjdbua=fre`1%K`XXM2e##Y{U#doqiXkT) zA+-Len6ApwLeUCh+SQ4%sR^qnk#?Na^d?5e+)-h%%;#>%oT5-R`aa?+H#H%DN6G^p zoR-EN1Auxpc(46hw=-_wJ9d+c(E?Sz*H2uq9XndYYZPj(VbU3*0--^;Nznl=U%l-2 zcJJ5{gc2%~gOpzV!g1ljhHSS@Z_|!30v4EhU{a+%7fxQY{Gvu}c8Q4Sqj=O?n1=`92z?F~9{lxmb+nD;@INKpnbA zonBAKvTSwBJy0>%?xSw}5%p<9wtlL^+Aie<8cFm73_3f`$Bv(~1N*jnqY%UdlR`!Z z=6YfC3|o1G1}(Dt#|d7YoZyYh9{$MT6L#-CyCg_xb`SdZ-?v+|6}~5C#DJd-!aap= zoSV5}tuhBVrwCy_r)lJxlQyyhE7vqnln30*`AW1tCFD4%InR8jFWV*DI4g~igPJD@ zE3n^(-b6@2DwV_OthNr@Tsmc&Mc*+l%=4w!D=*?dtYJ?-{i4&-2&kTU=0*EIfAtq+ z>QrjK{_DSOANas~?DL=hYkS{&-)VpOmtVG@{ui5Mf^tO8NPkk_LAmJe*X+vWD@M4> zx4rcd`_?y~)_Z5|KmOY9+8=%P_q7HD6J=f&TDtJ=4LOS+b8=l^pTfI zWvf^cF{B=@K09A9jvnAw54Y_p~$L42Wo&K_Q7) zBF?m>94Qhj$?XkO7(oHdT7XIFG)_$OMC+3B>iu5Ej}#6!LS6BiHXuCXF*WmT@fWIN zp>RJ2LYCk4p&ztQ{o$WU%6P~n-1YUfz9>zpBOm_o2dqK1Szr3{SM6gT`ypre_wL?q zAN;^~%A0G0_4fAJzx?SRvx5is+dCfr9)*9o-*#=^BI)V4zdzA}EV zK#Itoc>+9^coh%QP7p&k0X(gJsOPE7og4T$+|*Dg2$)Achf z>w_=wD$?%%xKI!bHw<~Y$-ifHh-0lH*c_KCzo>WL=)g>k<-bO9WSFL3-7EIm@l$rsJqPS{MJ8bPzC$7X-uvEn+Y2wgtc{3r+q-** znENwsE<&_}GHnPHX)^<10Gkjr7-0kU{TDA@6D|+o1f2#DVy>(xar^A2o_b!<%HAfE z)k5pOeoYK(rJcKYS&V6pwQkvL!_tIoDan;b{37enj`EOvKB+R-d_Mflb9U(M?~_`& z{17Q5a9-Ao^^DD0OI5y&^>oOm#R)NX@3rErN#S5=XlQ;woAI}n1RX(A;2__<-lMR2 zXkMU|fJOj5h8Qcx-s=z9!*6_-#)@$ykvHC^41x^>h_H&hX?y#wG6^?`=oCU*@|^)w zv?B0se?&Xw`}c2G9a+xQPfE*TLf_|vj?f~|9;Ky49u5$-dVG4+)m4kR-(;swT~w5Z ztG0WOB0R`k@zo=zt**98^yPqu62w0MG#+EMNkR|klri;Zf&mQJMplRw?bLy^3)0>;LJO6s_dAZB=eKdA`3X zF^%ti-#fHewD_(+VQ*-kT9!BlCYME>1oAs|>byPi#5e7qeB`@jJ6_~{%+%+v~%7=y+0 zFhDBKflw9q=r;(JL^bhU)ERC3!qc_oh0?cU)`y6+BhhPrk7qD~>c^Y>ZH+n5t`i+^p-;NM~ zxR)PQIp_*D?d)pDsl}QP^N&NgJ-fGx@ss`kU1a{5(=bmx+C4-K8^#|7g?SD=5Y@8p z z(_UFP>r5La0mE|S+$cu4>)KiS^e6wswzjs)PtKIR_|mJk>)w6Z4SvnquU^rP<}rbJjlbiQls~J@TNu|99B?-~W?#`O??z=+Wb1CO3&OJ7teQ{+RvgpMF6M&<-)` z)mEup)TX9dZ#$bE&|u)SDd9od1{@meD)d+B%qq-(p@iZ&Y&we3>gylX#z(z}Zv57_ zp7bz*2lnr`XP#*K3D2HAYwv&0JMH|duh@_zEtpQe=Uwk~wfGB1pLH7S zzC#b$r3+{6fww$vuf6oF6-tY;uByb!ML&*78y0~`oY%=POy``wkSGs3RWDx&4bm>; zeyzOq<0D{L3_PX=2=&RsGtaN@iEChiQ(rcU;+$p7q1B6IT5wSFr&)d^OhOE_6@xQj zT`NH=j!Qz&(%c};iXsVNj$4gX)}u`gXl>o2PbBI}KKGkT{6rWe zKcXy&dD~K+Wv8V%QzY_vZ~crMK`Ja@W3AxE4nJDRXf?<+s1_x(6zD6@0&O4aS?-s2 z^DeYWYHO?Q>1UpIt%999x7*jh{w@2n|M6uHUCF#=o!hf#msJ1%hrR2agFc`3?%gHY zok#)`_QLZo+VB4EA1dVK_c~pE_Uw5#n=dJ=a^Vh7+G{^pSTl z*ZHuKbn;Gbqh5rERvfvZX2;^xjcJ4IxNvYtF3RDh803QUyiku8JKbji;r^h)<54$% zT%)$*iwb3QPJGhEWrIUP>Yy#bd0(h=;X2rD)23-*XX@d*85te3&wS?d_MZ1VW}o}q zU)vTj{f)BY|K>NJvVZ;)KWcyQsXw;g{LTN{{>{JsH&QP;;`twb_(3h&mlRj`xDfAq z?6ud9d0&6*$NrfWmlWII{_R)gKcHID@L~He|Mia)ANa?mdKMg&q<)KBBgN%=r)?XR zLcLRA%~&giqecLGnB#Pv@9{py2w})-%uZ?_Rg|S`K2aCrPGZelbJ85hk!!cJIH} zUVQ3nwoQ^|oH_MhJuTu$gp^eN^CtUkdZgP8+rM^srv%cq2ZE=>$LFBL~P3AR(fd2a*9px5f(6p(R6O5|ju%3>IA;A9# zYa;7rW=;XEOacNE+HKw~KO^GJBxquGXg+D4u=Wze8*R~+mURf6bZJ2AtsMNp zY@r1PigS&CJKQL~F?`tIYiW0t1ON?z-Xav>dcQ5cOi(L*LX&}k=+UnCcKHT?$Kajh z(e3%fIe#KQ{JnAm=1i&BB&!fZ_^q$}ofYdiK0Yeus$PQWX*+aqx0w5@Vx$#$rliF7 z?b%^Ze)CB^uW^2$TK|%6}8i_c|1Hr*|@6;}%r-vB@8lW4E^J9oiV#EIaic;rnU3 z|Ih=9OfYOMyAN4zNtMk_jmf;=noO4^%ut@a55L=HvgBh&ao~B!hrjznHX)<=b7#&t zow|R|PCI-0qy+P5=*`&H&6{=HSdA6F5#Y^uK%Z7Q%yBk6CvAk_w*aP@d0C@pE!s`r zRweLmxJ%a?V4os?LWOdVC=s9!gc#7=z@KI^UzbYUMw4Y)`N;>)UH{dqZEo`Zq3?R1&)NO^cUqTr{p;%Mw6<;X`S;O}eps6~ zn?-XM34Yf!_ZwX+;LxFarHR`p!C05wf8Tzm$xod+WBGDsy}6~u-@*9YRsjHxqK2aY z04NGNuIjH-faFQ{vl2`^_BJr%F!#xSeoqoO7IGH$@GNK&P=@=|=fp*F-RdCs{2x$V zDkbtP^(b@i_CtVafjScQPAktmg?Er2HE*w1^}%pAG&KoX=1Efid28C#VBhz>ACY8r%23t1 z_r7~1fo-*_>L#gi?UhvhwA7C#?2$(vaDfH=zW2U^LTKZ5?AQtW)|1aVlZlhgZ+`O` zNz4cA-~Qsy$gxg?O(nwZB*Thxhh=1(`Ih~g_9fm~_y5@1mbGQemZvO_#LjXOvO^Xmgw+70&_Wqy1PTEf3Y3;YOG`@!6le>b zK%xCJTJ|VqlaNJr>?GcM$&$7A{C_{^>PpYgPx6!WTt{_Z$;oqgnwNK#uI z%Yl#Z4$TClz+BHHY1p)ub?)f5MbQON5r;^mT;P$M;#y{ZzyxklX|BAlx7q)E{rh(F zi*B~3KK#+%JbUDc{kBBmo7-9%WDZbf8!y;sEv+rG(Z0vc>xzm?ZQG^?HNTi{I9Zg5 zoHXJ}7u8uuYm+RX2joBCkkzlMlZ0C)1NjBk-qvpQveo|OU3ZJK^OY>l9)rNb4H+YU#4>dDLVH2rINap>)hcV*9b9+bf$D^lB!$BCFTNa z6klX8KvmIBSx|rv1kqL!Hor#GV6(6yw z#OuU7sjgX$%x%KdP;N4FA=Nk2c}6|-fnU_y^5hI~K+q8bLiLOSBCSv1o(< zo9QO%f{D;5Pq;91P+NpU9{Zk7xoV0Zh(Gc*}```P%U4O&% z*4omdIaX|k4;|;cd?=CTLdh8-0Tz7o? zJ60vFfu7-9yWsLG?dzZaXM1wf!}jh!`MB*9qfUC8Q)+8E{mJGzvmj6->Hp)0`mC;6 zk}qK#rE;VRdURCbBH0g1Q2o<`kk*|GF0 zrD}Xsp_%fu)=$0?&n#FyQ(LQ{v?A@(>~-vKU7{E{N9Tzd&2tEVPVM3DpiL4#_EgmQ zd!!kXCr4mcEW_it<^vN(lf=W#Di3Ee&S}>uLICI491#OLq_nq*l2gL*Es|Co#`$~B z4KchkotURP~v4ykpnsVTC}cYn{8uR2R;jpEPm-)Bo!oh>}0*tT!_l`UVn zO49!$j^C^Ra6pg0S$CFf)sNZ2WoxXjy-`sQWbfZ}%o+0Y79_0;hRW_WY~s zm$`t8^72K*e)O+CWtU#|EL*=}y?x{B-_ckelyK=HdqQgNmq^RBM7Ylne()1FMZNUW zXW4hZ`vVEj^6aw9F1Cv<-e|Yp`fhv2JKiX*fHM2UC;rKhh&K!7H{SFdyY)@C+1qY^ zm!eWFwD-U3cKhh3K536V_<&U{St)bI#lmO$Pry@{yZhUQ?b_ug9}di6m}eS$Y46}X zaX@opftVx{F}0=wlgaV|FXlXndEodb&vegzi5Ud`6>yNqUKZYvH_Y4cOKu-IO3{BZ zEzvfYUo>CLDdFWx;jdq2@=u%{@prUrwIv|2NbPA55?lTCMzaCved4O)GiDn9>zDsr zOF+^!zvrDNIvKC|^@>8dy5_rVI(;F41_0_blO@#W8Rg{Zk^D`V7s*d&=ib$hv`43E zlh4S}X~!nQRAqDVgLjhV(0&q&JYG+deOj+Tm|!gUrlR@?=hxfS;Rsf*4jz^Zw%{ht zq7&8n4NHo=^h{aQ8R2Zs6aXOi;uyQM*&ki^=N? zZ)2OO8|gor`$YYntUSJHZf+4AP>;O8{^Y}dZlC?Pf0eD>LUH2fNfm6F@53MX;}6=` z{^zUG0Qr&}#+1trvshg4cDEB;x@@VC#~~}PUSwMz_?hk6B-Xd)1NmAHHj3dpDD4!v#iejiX1tx z+nQyjw6bocl}JRnY15;&t+&|iw5zJCoajeN#{AoN;Giw2S>Oc5zWoQ?IaY1$Vyj!Z z%z?dS8_uyRv=53HY&_;t#U-`a8TU+UpG_V?_I(KJ-I6Gyxrh|;sZ2;mk?mfP)Izw@^~$8sT_oM1Th+Cg8P8an^APm@_BW z&Rbk=!`;ocxN@Et6FS4I7C6CmSZ0f*%Qx78HsKmlSy(DFgRb^wTPQVg{DSS?eL#YS zK1oAYsei*(D^+svjGoSR;W2Y0VXv}B4h`6ovJpSGN(}BL;f$tjsEl*e({`8x{KkYY z1EHTfGYe$SIb@43e4+I#147NS7Ks28y-Me?6{5dR;W5})2{0Afn}-$3JV_yQv&8H_h>$pNX0f&ixyW5XGPcx z4t$6JUFiAfuUhBo{F?YI4v31V>hDCq?jc5yLhK0VOJ~dGv8IiWABzE|LTp+p9jQZlJCeHKl=q+P*q~9 zRxY(yy!h2tyJUfV^S{4lt5z(Q&GZ)g?ce?*nIz@8^zSb|`u7Sy`y4l2d+|$dwKu=% zRrd2={L=pNul_+XyBAAh)^2C7mnZp#Mq5?CN}j}P?aHgJusiO&OA%~-WY=EzY#W%s zL~SZ?XV-&}M5TOdv%=JcX+M=B#_~@81Q{#BFDQq0p`O3DRpHB|+DsccdRb4XzV|3< zQHD_sC!)pA^GFA>K5+aF6rFlW{Gb8aEDeb*$J7utrd4bHs2mBl_vu670*e(bXMgLU zYxWIl(xBzhErhX9giK9w2xkU9L3Eqldk)%J>sAUkk&h*POJ1Hs7f767-C|_#@6f)a zc)ZXgXq7_f9}<&>{-Z(;Q4fif2>UTu>3N6R*DNMLxAvno<%70NPUlMVLVNP%3~xcv zptK%_tt4l_D)PfUW)Q*WfE+HXO$cD{9RM8og&RX#c|I(r!Ax)mHSx4c0e@4I)YoIj z+T76}I89D|u^dMKLJsP7*#3R{ZKarVKm5NR+Kn%Gk>flMKlq?x*-0|Tr)2;M5o0W-CfMOKmNe&zE02G_;S1Z&d(c?lMnyd z$6PfWro=6`Jl}Tj+GAU`?r__>7rfvm`>+4{iX83iv{%3CW%lf=F7bnG|Dgu^^k+Wn zMC>v--g(Dux7wk@4ff}M{&68}CHB&nzR<3^{9{mF&u2tZB!IZi< zmKo*=QUJ=CNt){S^kZaX<{AJnvX}#Tf`zMs0SnD-=1;15obtK8fq-{}NNSPmWDACh ze}&+G&9kqPWG$%061K5N2kj!|1^qeD5;Q+Lg(3ClE!3eQ$F5SJEi77W3(i_5giR6( z+0fJ5;o5N^|7>TF9)HAASH1 zwDda@pimSMa|4P00+|W)iK@rx60yA(h|tIBAK#;OQmuRT*g>shoWz2lWz*9K0_<5# zkXv4Mi|o7~wXIvWx(||pBzlBsPrl@z=0G_+7J9kMG`Z@;@ML0I5*>T2_S|YYnowMq`4L zx>Q;~IBYvC-$_r(Ea7>p31cU%5YfqD{VVLO~kQ z&P>bz!2=`hK)?K2?E${vVQ3re72$tKb@%8jbGYb*=N;{YvUz^`LE;_SP51^_FDHu2 z$`$Gv;g#BsH+=HZcIt@YN51iYs5dLcHjyKw@aw{m(I-#0A0*Z|{9|l3ZQgG4r3J8X zk@kI=-Msg`w~2^7X5aY6_x=3?_ueBXh)Zl`-AdcKZM&ORyz`y6I)S@+^OLR>)Ggmm z*u3xAv(MiD{&%U&Clw;^KH)k2&IH)2=POn&x7*%*yKR2#5o>HXY)e+w%WR|G9{bfj zZeG-#0=MK5W7#C;5UTP>{uw)nett>d$;qEGrr_4`mwa)Ylb@gL9q&nrWrZilKLaPL ztSpsZg$4=PdR<5rnE>9_g!aU?#BvgUXN>{Cw5B2aB8lQZ5LqTV>VHTL1zKP9A=haB zupaa-rnr>!!VA;$QR1Hk$C5?bKpnB1_~nGZe3(tA4Fs4c3ndYH;Lxyd?i>cmi!9y7 zve|H$Bm6DVVTVU@7yz@8SlnLU1cfupXbxUiFIXHhA^AvW_60(c5F*ouMRK#)2(Yz$ z@B9ABKK3{7msi}2e4|;uwAOy__7B=WedezvWvR8VeEEOuMK^D>U;N@Od!xMi|KT6J z)86ym583Np`$|cXFSOTw{!8|*cfQ#!yyybE^Uizhjyry(C<34Me!-c=S<9zB^)IsJ zy1-uc(qFUp|KW%2hd=zOtzEm?otu2*BOh=kLAQubyzB!*+7+DL>42456RP|i7}HBg z;%7#PGe*ooB$`u6I4Pa!nE5!lCJS>J9|!D}p&bEHIPnmQ$PsfgF+u!O9{;c_q%2_5 z+t%i$7Qh}K4#eRl^dtQ~+9SeCzwErddPbc{MtD!CK-4LzrXL22-jRoAJ$e`FN^C*) z`soe ziFp;jJ0{HlzJmbZ8F`tXJkuxHbf!Z0|1P2srM1>8VxXt6$9)47iMfqw8_d%#okOS& zS1A(BfBnDzvH$zwFYHVI?_cbvKl`PfFKOU?_dTq5>$`krCo3e)cbL?Oe)Y0_4e2}T z6~E1&rCH3Bv(d*wRjlsVgALMxlwjuSm4c1hLbRk732W#x`69f)-G;@Oc<_*jGQk9R z!~_mSsi&@Pi5MmO1e;Z^F^nb& zkJv~4;#2Ylf2TV{Dl01$H?dr*L{+kb z?6n{NS|( zbanMedf)HPUto~*%CrJbIKRB_khuVkBe^E}0q_gg-1qr?Z=W1!NyB15gnFm2m;Ein zE=_|YAJre*E^%KhOSo8bDy7y!kJbxBfyW z__2*Gv@)sp6Vk6@UY?k+nDEVU=URoMlPh0&dCn~k!xoq3*(x~=#Dri;S-#Aray%?x zsW5dsga?Ex*yytDPGea=4IusW=>mA)fxY|fw%>c3y3ZMV|Tk*S~F7TycrbSN_L0KOvRlT~;Tr>sMX%EIAkZv4@p=WvE1 zm#A6b=haLrILY_a!O4L(0MdQ=26u+#yd70gStBVvN_&@F9&dbz=&Jj#ja zAGv6k|8kx1FMdDOUsd6KqF;&sVmT1Mr1);^IgJ}l{!aN~p7@*iK3>oEFLi^{5aw^W zLUiugz1Qx$`yqRL(-!NI4=T=swX2s}duyw0dh|*6{V``m<{a{sfCJ)TN%-f8NzAx3 zA8k+sg;sxt?~W1qS%CTW&bPnbmapAlkIRO!p{?Kc$+^RJIg{Nh6_kSt=din}&l==o zhVe<2m}~fefa%jNhQTIjp&XGpWUjQ%F@J4pZns8-8Et56vGz{kS<;duv|g7qALUug z@7YI2cPn3>KieyZeqHjM*@M=l zm=2Ul*xaL3dkm7H+8~Z!_0w*{Dq?F^&V`0zx>V z0?vj#TZy`mG_a}ym-6H_jnB%-^HMfMTc&*gc$)~cA< zf#Z1n4cFK~5%k~t{!i?N=UnS+^yk00+ZM_;346=0e&uVjFJJ0j=(lg*ZtuSRZB`{G zOdOt!Rbpb3;u*i#zNgx>67x@V%^uOE%{IVrbn}@gbBgE8$)K4auB+x!Iw{TxG#9v@ zYKq?w5rM-JwKgNra3TI-6u=z@mdt(n4csUTKLXtIOLIUb`(>Wc z+%6_S?tDAar7&zolCJ4M<=_J$+S4Yu>EHvIC5A3ct4QF(;buHyJEz*eZ2qSg1eoCi znjkeI{#zBv<$!E;m&@57HvYSWbk#2`kb3Q~JM}A57^Y%TMfd=znlFc+T2f^q><5Kt z!2}>2V27k@?Q#rA^SY-PeyW|0VrPWKS^|K%T&>+-b_|jh&@|t5+@?v++g%{g0okeX8 z2XwB~i|{Y9`uaNgm?^OX{}Fr1OP=q<{S`7h zyY9Mc+jS zku(ICVVkc~@JP@1l$TC9C#h!aHG6!Y2-vd~ZW&^U#5f%83`~YJnjAiw=3n}wW6UMz z_ynkx+Pr(-*EM1HQuQ^}GpeU7%!fw$MMUM7*xK6pI-7J3ssheVlG6%ta{!*YMumTl z@*U~Yd8!Qt0t&p7O$7CQQv4*2fj`q9U1{geWrz zFc`=1%QZCQ@ok#uj4{)=DUE0frdyV(K)n7i-(m0fb_CH8Os{sjrf z%C!gmT)s!{R>XsC(r#F2UsGg*1;UxX_@Dpn!n5bz{3d(Lt-q=7o26}gt-bztUaD`u zD1QbD$GmKree>J@YhV5EZ`;k!zsbJvg)hs0Q-QtbeSa?P*?RlQPw!9|?k#G6jy?Y5 zR<+|3as+tPuD$ju`{_@AVYj~ZLw4(%Uu}~vVJ6-rP^e4RYtfTqKH})}K==t~tJ(`J!K7~B9h=|dBH)3z8;+#(<$ev{w5HSGlNBPA6PRW0e|zi|0vbT zZu^VBc(;i1h3;qtX$hJWY#5*U%m?h(e(i;Fy0XzXv#YMYQUrUYA0jNi8aZV7gYV1TU7Kv0aNx`uzON*YO5kUDc3&LKm zhdk4P3;~B^m%OY=@{pH%`jAa$HUwbZq1wyXHcEdPA|C_{#2j^FhPYP}syPovpS~jsoBKJFoIR zsJya7@#I^qLi_&f!JKi8+Gr zqRvs~X*#C>^9$xHnlTR?9JX_7OmXOghHLyj{!X<$$@ys?j594iw{r##FaZ!OvW~f* z?L-{{vDEkH*nWkXT`$#Y%p=#zBR@9yyJR|%yw)b_KepP-#6g(5xY!z6daQROUts}9 zglnKVhcjZd=mLY>eF}*vCPKh~V7)?7Byto&uth{?nKTcvrzWH`+L7)3Ir2XeOqCMr z<{Eg-FPtl>uwbcv;I#DG6{Fg#dY>s6az;X=;aHhIK)i!j6iEG>Q@5Z%k&e_)5)O(x zJHwfeCMQgQZfW^N;X#Mqk*8N)^GUf995DAOi++c2&-pH8PmPQDXBqp0umbJRMoF*h zS1pzLe}x?TZFO9&PXdjGqs?kto-}{XbyLu$W36%=SgEr_;WQ-^xmiuHIbJLozURXOO4TKlHP};29 zw%bcz@3OR4nN$T>5S5y}+y@ZNhi*+UOLWgiqd>VY?8{f6( zKKB~C`q@{g&Jla)p-1gq?|8H3WsaO7HrN|p|7-TxV~=Zm^X=Meu67M4)&fz!CQ9jv zwkG;I?dKr!Y{2>e=n7EBO*ZGejSiJwD`!|uqa3-hYDRa5(I4fZEVAmC3#Cx*Xj$P& z$miGDKc_1MSiEpjwU-O23t>3mxH7WoBu1R6h0P95q~sjfRnF4+c4m3fZQ;~v!5%1o zB(pvMI2>>)_s-kiXl?E7uJX^JH+Swl`2_foi1#7;4aHG)PwpLUlBzsQl9F>|BQ9qx zzyCH7k$HYleE37})d3`1aBV!LrKNWEx_W;{Xr;bhapZMaty{aw{{EAHVXacRtDyYE3DJhvJwe~JI4LEMENcBOAXUr$I2Z(<-%-FccXDPC$ zcqC?t;59WuHE`8wFaJ0Y(n;h+l@*PJl9FOS>^LYB%W$MX@a_>312RxiF54C*^1u~m zEFk{T2!MG4^MiNv0sFJVjm?tED*R5xavM4PkQFajBM-|Xwng!>Ygeq1H{%hh$;orF z4y5v8F&T7-jI{2TYF?AouDVcamQpDjXw>=2;tU5DgkQVb%mGv;Gmd^SB64&9FDO(j z=fMJba32tYRVc(0#zvp!l_E?iFMa9KJ?k}_&P)g}bP)Lqiu3GTjFW7&V zl;=u)amd<*Brg#mk9U8h_h_LE56h{S2z#V)i_3B~FJ;c6Z$PkN2sFx900}y*L*c&A z1}KvD0Ga^gTe+aXS|omBe$Qr_<>F_v>8E|!z_wFk*?P3gnMUmSJVSkTFL6Y5&Grd# z%sz3jZ9wX*nlq+fsgIMPXH-(pJm{6vzdV`!J+^7PU2xu7mmosS>p&XA4pod}iR|f| zKZ8;`rp~xc^L{$SKdqq*h*I%PMMMT+M)K}Y`LSRAjs8H8J6bHQnav_BSp&1NFH(1( z5UMiKkg~MXTIC*-g+Mp~hf|U0D@1>zB(x133I!>x2bd6?MTew`kjfk&xm|euUr{~Z zn)Yt7AAILKZpOIim9Ma0Jo>2Jch9dREnQ_V5TS+ym4U%g@g|vnY~J*w;=^BWtJkiz zFa7)H{M`KYm%qgBzyCoIrHAdh>#woORp$#f*iJhYa$MDDCoNMudAC!{3d}W1B_W;) zo_bt?6Wnk<=80&(^X>;^YWZcIojrElwO6=S3q;hbU;RpH$o$+1|EsUQ!e0BjcM4Bi zXB#%G6aMy6`@jeP%Kq%be_-GG_VXCwJK(4VkhOT(q1+0H$u-kB8ODr?p(mlNq-V#KYrm8+K6!w)@a zM-LsA(5cKGd2E|-$stL)kLkN(`fjx|2*8107GO?*a0ej>dj+Xa5gleSpH;N4F~dOdIvp?587G4KALWqrCAZw9e$@;AZC5zLD*d)e z+hoW-{HK2i^rX`7N16D4e18vR%7&E1JoDVyG;)s_IHbJy|NBU2pNQiC_N8ckK4x zdsE=Nc}tJ~Gj&$y@!zMs3&Rk$zr;h@uX#K=I{f%QTA>Tx`+qp~6Zz)%W0}IBa_fl; zCRM0r^bs$|A9(n{m_K}#{d*ciz}N5i@NrhApO_2E-PkkNez-@mq{S4?m7W;~^X#VC zsQ^OBr+5a7XFUx{4G1Y5-r+}vunF&y9hHbPoyr4!-9pMGZ;?F}UX+LW<=LI*!nly& z*|0e3lDrfN(8%?lHt+5|zvEDT`Z?=Ax?SO>q*0*f zLrpv63BJ&Z`x>ls?<3ZK_z6kzFwx22u0Yn3fE#X zkaz3h{-7NoO@rihlCchE3z~HZu(e_?lBaQxyDa0GuV?u}>UjrJkCRB4jTMp{qqgl% zpOueuA#wbR84pyehTDCH^f=pS$KKu)}W? z?VPMRoU@J_4fWb*|M}nS#uvTVUi!-4v}y?%wrt;JH{N)y?b&xwri?okcCOjZJ8!+D z#Wj)~@3qydSJ?Wq*V(tf@hw}jYMs6Aw%e_0(NfKq?Y8Euvu)9mW!jg5-=Ji8&?fQZ z-R>VIiY!uOsv*a6f+u4~yEBzI*NJz3y%-X=|K6KziDKQq{q1kIO8H)DIwqhgA<^#_ zE{ETxbJo|{`~Tow_92;W9%(o#T%gdt^3|`~&YgQ?`tm|MBq{U@o`0PjGQUWSgsX%j z6xhH1%jabFvdylR7U!VKaQ|$X>VV1t91$j3-hr_tRu`HFRq|dB-a3)=Zr!#W66@muHE`C|NL2vORLqbTIrFlKKY41mqzBG-F4S} zcFu;g>;r%FZu`O)|66l%mwb<0D$RusC)APdBlscj?mhdRS%9yn<;$1Jk>NG=(ZBj{ zH#PX>T@TuW4?JSu|KA@;x-UOFa&}4rc4*7pAxGSAdgH6?)>~iaVHMG|CC_u7dxL%X z%m3UOZ_=oLj!MP^NKd1)B;JOH$NwE~uAaw?D%y_? zH~`8pUPt&A;y;_tEC{esK&-Wi)5->mm({osPu3Hr1&d)p@f^E&L9f0CxnvH6Ie4<~ zr}LgUH(RB%xZ?&oowiN%4Q<9bo;%2!o1@Te#mXwxIUOjud6LkI^E@PV^1QqOITV@a z_Ls!2bw3B3(n^W?L{8< zhxhb7s=fu{`nW7<-Gp+a5+=kDn=@d_p#!0O@+2<2ROJGv_vE=jP}zr2-^ZyT-{GvU zSeggp=q>wH=v&k-;4p*u=Nl6JPTtEBYme`MNv~A#Q3d3{XFT)V7%^96X#I$pa8zn` z1!_-uMVaN7F0^7v;2R`0dEFb{DiyS2Vi5EyJkDChYtNB7b*^oB@J_3%tFy-+e#l;U z%dfi%TbrCf7R@iSCm;Hyt*l!mORgL_?%HL=Wz~KN7VX_6^|Qmaa9O=Qbl+V$YZj zpugr>m&;~5U#5sUuXQfANmG%tXhcp51HQp1jVIbvp?8PmpW%qKCkg~hOp&%Vjo8IY zLm$R-&-6+}rZiMAh($V#<7E=qW{%FyHeC_xUp0e9YeR*7w+7e)Ju-bZM=K z=T`g6zx)&X?svcM-{lGi_|A8KB)j=GkLvXL*S*S?%HI6md+w9}jQKK&X>(%RGiT_J zwtwM$Xo)E#W{ZgOKH>A4{}(Tl_M!-P;@4M5aKzYSicl&-f8DwjcHm%x<7qGekgm73 zb$Ylv7zE%{j1B7>yy?)PMhQEFS0d?A!haF#4!;s7n?on-X28RMxk5aaNaLeLA;sl8 zqexmuuYc`ty7mIvvwtMU%f9^w?3J&0iHA3Q?Q32k0Zp0xrtUixiDcvX8>~{&{dc|d zO=^GGpEh1_j%#@IOITDO=EvLK`a3djXm%}C%3(fUcIky;-2BK1`A>b~!|vw%;ofWcScp_=fQ4ce~+S>E|{j!^b{{wPPtKK8_C$oQRKjS>EQuN0ADzgFpq z2zRRQ{iE!k(+&b~)~dA0KB5DvLg82D$u3N5KJ6i7I-q8{u6CX^w{}{N?7JX}Ap8>N zNTxc@W)u#KOqDoZ4umS3<7}h|3&Qn%<6GbNP3GpCZ?vYPN9{{r`G(!14P~jgo0}eg zQtELJ+bduBGW*{j{@A(dD^@I%D%q9x-S7Obq|6=SR6g4l%clP;U;U!{19;g>Uo4xh z$Lt6H_Y>J}EwESo#!EB?xw3)!oLwQOf#;vU-g=}B0CzW?lqnb>T}L903Vm=cn7q*( z-x}r;V*rO%$Nljy6YhW|2nNJ>7&DLw;aHUJ2Vdtucfj&? zl7DGl@Zcng`ltuy0@q0U;{g~x4^k9Vt@DaY$D>rIuD{>&`jf7S*k_!~1r*4Q0N( z%$AmxS?${Mr7_ZD`yanoYg8(7=bqz!3G&tN;iC>zCiZcln@sqFc zkT?4`KmhoG7ZeK@=$6CC146`!?87{P;EsvClXGU*?gO%?l@l>t2T9?nn&e(X_+xcn9QG#bHEXo&@NVf81*}Qy*>Cv>I~*oKNSU$?f**uGiS|Nw;vA0ew7rduwP(o0AGI6C zKB1LK#d1>l$itiM)pC~l*yG#mqV+2r_qgoRbM1vMyvc3C**q}?yzjpIrEdN)yZGV@ zeLsEWD{qk&z)fN-47us&Z~ykK?wEN*1TAYRlZp9FB%yXWcI*(d&YesOSQjmp@MW$f z{tCC*FEaq}mU#AqXO)UzEkC=|`-Ish;|Admz816@!HHqefSU!if3!qd>-c^kVne3( z*a#EqqCZkba&2=Q>6Mqtu3l~L?e27q)(!GYGN3usE2b3Mu!P@3%XVH>nfIZ;r_243 z(00bNKpGhIt)MvkR*509u)5se@f^4e>zu36Gp@@^7W;3NB4km9n>MLU)%tEo+O!K) z&wv;L;A53#2=thnp?wSW4%lwpw#Qn<_^Of9Qw0fB4tgbAlFS)NiId374ueJ6YqmP1N`>5%17VFd@(QODN#kJMi1gMO@y)XJ=a*Kc$fV>Lm*z$k` zhM{I*@Q(yx#eb<1NWqYNN0f-*V-rC_3c)q{X{t}A{fxyJk=bb%GQo%5$JAY%;EVJh z14nGk8k>&Ur$6&W`;X6m#Z3WvB%Oc9JKkdV-1{qeJk7PQh#Bz4H{L4kfL^H*eZ$T> zcfDOB2PDLB{nD4eZ8tvmS`qlSxsBS^Ejy%IRwNGYA$!ehZnx*({2bY9ovqEgz_xGS zsjz~7q$mMD)P^-RyZTIw8)ZN=({B!plO^(zAI>R<&qOH>5BXp;LDZv)Poj)@lIjPi zeL;Pn`GN`?Fu>j)1eL^L#)dsv3WvwAr1IS!5|A?RYruh$oK##;w;ss#Hoc4*&D>uEpc$W0$u+Axw`_Fs*k z{^2RRM+abKRh4UsY`*V4+wtUM(*7v4&h}Po*tgAAtz2Q7@43TvKYqW}tv<^Ss6l;) z8A_(YTP62Bdw*&n!2ai|k*XGx0FdGMjBB3xxvf9s8_yH&gL*eP!ad(Y_{TEidw%t5 z?452;%fw!jn79Rb)H0jk#7fMay-o!I&U7TkisEHYN);D|N^78r#d0=7a<_?}%SrjDfk zFiODt(rpv@j>*5wD_{2pTU1+XmtTFQhmXAS>Z@(lnzeTQ^Iz;{a__wD^{(|WAp7>$ zzvkt(YDKMewKX{o^X50a!sdv0%2lYeSHI>}wsN5);lgt!!smcnuc&;+4+nrSQ_%F_ zdGeai*ifo$B*d%N)T>BEinwT_ox8r?{`mLbYjX#>6mjW#huLxoWuANE4epfgSNA_; z8x{QmQ-}Aw=dJd=@BPSa!oTyKAK9P$>0i4>1R;`FONz{zp+D(E-ZM}5hqBn0JG4$8 z5mN_03CDWz>!9(L3 z4)}SIKL?fgO!X$zMzv@$D3YzuC7z-IOIrg@HY7X(*P3q9M=ekNc?h7KKc`X zaRSJ@9%TwjHej5r`Ez`R3KeC&`t@!JhcN=Wt&E?pbNGRtd(;(V_LJxvHQ;D)WWebEV5Q{p~3AhxMl)DrkJ9jwD z_4Rc|*rhkV={@#rc^!TE%WttyD;_iOe&74vX&?L8KX_knx=BuSR@d9@xBs!d_O&m! zd+vF_KKRG)6(ix_?Rn3;!S+iXYTv#C_U1SLj*ZB-z?|Fy`^4YiMW?>7YwD;a33FF6x1ikg6ZF0M%1e?)FM0PP_@5FYm}ba=ZrNUO3WY zOXWbROYkqs6(KJNkh>e&tgF36(HR!|eA~Nwr&ZU~T1i>Ck5hkci4_fZxEY96oP0TG z&Wsd@BR*s$a*%_~Zc9^xJ$V1Uw*G?4tfX?GwKg8MMa$}J-%f?sDk+n+zt)Dko2@Um z)bfUd8AwyVumblCn=S;h`LYl=y&(Xy2*ICCnTG&JECfdDs57<=HRE-#$3i?jxn;LI z6Jw8^EzQ62TEkV`bC1Zbe!JA2xkm+>-=}j@7ek5{>TqJ8{V{*^P|L!JGtQ>{ZNqkB zT_6Y_KRU+_cflAu{@c-#C;iFOISwP6)UMFE_$ES4obY^0<%G0Q_~X(FdG?oQL4-;D za;gkIQJT|h3o7-U%-Px$z2s0QVRdt@P3BCLGf`@kNm8X8!yW6ABU1UdVXdS6cFsZ= zRHMZ0L?2J%x%;}1nI>q(T$wsM(JUMAc4=PDm-z#00iOi{A7Il#J7Uz=k?!!7fEqnv zG>1_ARyp9oltcJK7mSGsGE>|txof}$LZAA;LFDJts^lAE!=mtv`ZjIe;r=>M{T~rN z!TM#*lK5VPsiw{Nv+!p8FJ+6 z;D-(j+huimw)MaPyJN>@+uhY>mo8di*PnI19M=^(ftpNU(KRMKgc`Ae+uG!~PDDDy zAB!_p{^@{&@>NZo*3&6s;%`*&=yI7j&otjSQ$d^VJ@?)(kD^WPVCBXeuXblSS6;Ev zRqOu#AOF>Exb7-BW_i>P80`FCt_T6=pMS19nt^crT@JQ%z|>M z*E5geCLiZbw~z!v)$kmrE#>maKN0ayQ^^+-m(&k87RFRMiF!e9ae&1))RkCfVi~{` zgaIc@8x~0QQ8tT@3CZf$iCiul>&`i)wrTr-UAknR)mG}=0U=Cz)m9{jG)KiPpxm;$ zjjp=gD(~*OIrD8$UZcA7J0b^G^aL280yi`)kN$aLejVN>bAp3XyJV<;<1po63m?e`5Qy*I5Xh$q>jA|FbuG>^tzoabmZ$ zEHGNY6?pDUZJqH;Y8SdQvGdMd=e$`8CfX5y-PVIb@zM84h0l7mMdzEx!5z5r@+y{%Jo^XBuVdNn3FG zT%0c-A#y;5`hX&mpz2SP$0gd|V)ZB6Fp*_rPJZW(iko zN^n}58ahNep^x}HDHG#+Nog=sCAZJR)SpfJDbAEf1mrNk3AIZ_{qm)fCoQ@jKdWI9 z0N+8`*MleIl379>PHLF{?wd%so@-F)a~v=eju#w6KAC4F!OW3+1W#uv#N*n^FgKVJ ztVgseaoCBlxKe8DZ88k!?L~Kf)oLm#ZJ~(DzufsN`=dj6Qa(Yx+?)c*5}pOjsEuYLH#AGeit zE3H(v;Ophc?YCd^oA&PCJ80jP3Km`M^IvVRkiUSx`@4VDzkhIVrW{ZkHmtGtzV|jc=efZ?^$(x3=g7M)8z)4hcYeZ7 zjuPMAf(bLF^@0t%RG|eS*aruLqrMoU{`dlbx|}uXkn(w`Qx`5SaDy?x!HL$ykV29% z{@CwN1<9mLYG4i`jYx+nMfqqM5E_v=Je7pk|58aOwj5K)zCInkIkMAMA5dF6d{j|0 zx)t(ojtKnjewPf;=`JyII53bD5H5>fcS=OV)q27_k`H94O>w&Cm)F^%lBMorpjBbp zh%TWYSNHBl(?fYdnuc@$Q5J{|Fy?tSWg+lPhXAV}dHa8+!z5MzBaF0t$@c{Qf=?AxUx&KVNNb*dfX{J@k9m{*CR03L|> z5GEo>=C4?e&jUh_$}fXxpQF+=z)4)2=1%{R)TLGNAqkl{ACc&H$@fja9;ONbNZT+| zpskg1G`*)o{wNg2u%b|m0QJ2*SpH453u)yK^C|R`55Pa@dptjRKYksd8S;;>fxx`? z3ia)5&QV%G`TS~Ve0*SDa18;Bj{@+iT17WND8m@`3ikWN1ZYu|7$ohOSun2YBycGg zj%d!Q*Xewcb{9|0-lKDp_PQ-2D65UM7NE z7~3s!Pn;NQRKQ8tX|oV#k|+#TKawZV7TrcF=S0)^%&l3xH!HWn>jEar8u?6vkP%*#@Zm$=*F zOvn8o89u-O0vVzk?Txr!B zL5NcpDs{`Am}GXYD3-#loJ7zx`wdr z#ILfyXCefA>y?ex@Q_rU=5}afFA(vf6|Py_BPSOd<+auC)9f5`4Cy~ifbMSD*GmOy z;(3=|p%8$S!NM9{%V~Ycti?tU)u-L^Y77@0)ke2{8Z7~C_EgGDt72th4Gl<*tW476 zN~yT_cDDPcE0-<`>s6J)xvZ_JmfyEt+3PR%Fn@K+7t3Z#C#v4#1f^creRwyO*U{?g zwPOJ2>lJaWlklpmE^!7R(qah1o{kpR8d#@Tym;|->Hp|~J8|2?w^N1hMCAcb`d^`V zx@_Q#Un28{v5eCG`6B+AFC^f>cWmZi%o#7#zb4zeCTc}^PI*ZGyX0p89}?Urr}!xN z7?_%-0cFMAkzbG=h<}hSKhPAmu~3e+Al_%10?{wnslhWZZKkcsexHTFnFRrspq8Z* zM%ndq^05O(?By}BZ_kyj^xl1kC4F1wOj(3bXdBH&qG|{O{&5WxAEJ@_XG$s(0@ESF zXaW6Jr;*qK3``(6))^lNa^S<6(*TMj#}_7Q6vD#0kXuu zpce39@FH-naGyBF0~!pR`<;DOojviyE@_*tvf`qATUUe zRSb-CVPFV%LnsvSH~J5b7`GmTSVU@qDcRiIW(O6z@W8>N?)!;73fyu*b%lpSj7)-ftEyc4sI=Q;5mWlWGJ`)q~s+^Q%NjNr2nWOb%_a3Ea^1QrkjvDjOb*UN)gn?`GRBh z#~a1D)C2isa|9xB+Jd~qO=P<5o9H{%8$|q|8Xg_-^~ww&)EAg@cn{4{tXVvevQ|;w zj*#MeJdHvG^BcX8QXkLYX7ZdA%XCc!7ya8rEYxf=;w(BL8FBO{T3>vL7oa44iBe}M8*y_vY+AjGa;5$W+_Bj-5#FB)vyu8te z%rUyavjQO}#0p=b11j07v z#B>s4t}e)2MB0(*`i?5uSwo%l!PKlU}2pI8@oTNEHIko2E_ICDn()*Vc% zU5ADL5zT-y6PXFIyo~+Q8BgQDm^B7~SEbI6SC!n2*chHqoa^|n62CeA&DdQc^v52a zc)`GA)9DQXHW^fEu3UbpJ+$R3Hd3aL8zTx&r%*2M%CE4CSFV*x&VUxTR(_g^#Rvxy z2P7~8P~Vv@=Z){e#uik`)0tDux?DNLIov6(vk0+Emgs?|HEWY8NuMc)vd7kInthu} zHg9Xf8gK$Vp@3NT7;Kd{amB>G@*A(?=c%5BcOvMgfGN55fZ#wgV|!v9GyMh5z}TJW zC^qdJX`8^fK>a^T{$ri-H@TnFZ3E?@Y0xd{KTL%R9foM75HbvY~KXMPWy2zoAKt%D;8D%08D`TP%rS{-IFbI<#bM_j$(pC9LDoKvEo=3 z-^7$W#_FQ{2h5T01F4=%YJH(_IrMtMXB7&B9j(Bvd=rHDb#v#^IR` z3>mW`m9tKc2XT4~?$bXc2ZLe=bnBY68pk!A@;ncNN$BFE2W-3iLzIX?v21CLOYo8I zr-RQ%ypjAQ1dk{ z1Hju0v;p8r)0BrLb%|-!MU&ELQ|c(9PGp3V!U)-^TT8Onr1iRw;&ziiTEk2F`=by^}}Wje(Gn0S*UBzEl9>G6{JhsI^&Xv!qP^v0!;d87KZu{64lb@%Q*L;W;coHOC! zn7Inl7Ht*7s86ljZ0;-svJl8Z;HiKB`xOK$A;OUA;&~sU72<)EBYfbH80-57=31ld zz@hf8S`qfW>7F6UM-TVAb#}u{#VH&F?A??U!S` zh4X?p_Y#c}>i4`~B4@Pj^pA2A3z>y$+E3~g!M0R=gH{D5z^6paiG^~z(={N6bJ7Ng z44m-AiGLktdK_Vzn1gyaUn`5|*dY8j!CPrK*WEOmxI|3^Q}e~92XliWoq`y%!$mgZB z9uc+)^R!1B)j!QupVyO?aQsX5np`xCs+L%FZLY1Z$q`MWwoSukKf)EbA&87=Sa$jK ztClK+=^i&xULkW^@W7}!5c5sA=AT>y#-&UH!^YTwiNl6CiQ!Ot%hS)J&_c zQ73??w`zvC6TltO31DWbI5zhDLwsZ)c}W6lAWzamgm@|>1F5Zgxm)Dz333=SH8;S|qwtSLV^Q6C2x9{&rZWnK~P2lOM0D#QUd8bv$?)J$C(?`h5S6`SlA!gnuP+p0-HDF3|{p0iOA* zgg$i3(H-~Rez`IqRw%p?`BSP9T<~6BraZuff3m8y2jxT!*x@q0(N|zeGyw?EL((odTPo}e^$fdl`b$}<65|`+Q5K1@r|iVB z4{uWcrF{BJe!k-$mBR3+NXqj*X!3xILcB(NBo{%GUOG-9oR09$;97BRgXe;ifg^$| zVaJXgKM{$*Kk*?1{tB+TsHV!pJ?}rzVCS8?cC4|KL846Xxu&KT+bsM4b7cSDaJ1Q~ ztI8E7uUz#8za8`=&i}DOrf~rnfCFphnAXJ(G43$kiGC<1EK>E;R^SK|g1v=k5vxmv z?UH39jvvN8O<2YhUeL~9@~g0zM;hHEfY65c4u~cJalEEb>{wRtN5*gK);+eoZiUS& zDU*;(ozm=>T?T+SjfajYE@ET=(4;uC#+o<7i*#4XXf@MCrf1m7?B_Ft01F^2WD(B! zLw4D6HkGikOt)yJBE&0FU0@Woc8FTD9#g@V6yMB@3IicLLdu)(-8u3e~oR6 zQa|=N;rgD~>$u0^X_2IW&yspJOkMU*lKl_G2_ zB~XAt;cCw+3tWk^Ab1d**jx!sy4&sO!9#Yz`D;b|suMcd=p(?OKlE#pB&EkhEH9BX zwpi-z2Sm8Ln*3P9PkupLX=Ag>xoA-c5x7-M6GHGse-|e&W#&253~7nTv%J){4@)Ct zo#0t7!u+s&7aWkL2=G$Zr=9o~iFL%~fMuWXhkP+wHprz9eJzt5l(AsE5)-$;35L>9 zg+zoNW4vh3BJAa2~W0oAe%G4DTS+F`kZ$+?Zn9%L?EHx$`sd~=WGHeTjXrKc$Xz-I_=<4C(<6Xo&%Ck zQ+)?_5$Al&*V&%4v5v45<9dva@#tGfCo&x*w+jF(u>ponaJ&Xu8s3gS zOXn)WleWWLa5en-c`BdHRhy;e){tzzwlpZdeNLVZX)vTw=0_YX=7uUKKjj4N3?f#b z2%s!8N_E2YIHSX*1dZ zhh@XROR?=e^szdIu%fcE)aq8&I>8Rk!FNP*B7tv!10CFd#EH!F&Ryg1h{Qj6BF@Ei zV!~tqDK{De5WOxGQ74l7n)uChu7MMb8s^`cN-?Cw+`=~iegRlBL=7NuT`WzSaxrb@ z3r%C~@J&p>mw%Ku8wofejKoI(eg+k~K6z`v3yFHQZ0SPB zdFM!*I;K<40Ejj7n>f;}qRCQX-pTS!@NS|>I6?O83FIB;m5Y>Lv}IL#+(x91tnIMu~I z)nTI@Y%nlC*v#43Bhea(+3-8A!tcbT+6UpurVZ?3zouIMWce{wXp^^84j4kF_?QUL zIjRrSf@pfcZ{mRy%cM;{Pjo@wAjByHO$Ykf(k%6V5#+7~p!X2r1;WVk#Ut%k#EAiY zTqzI75pkp3#PJyKbC`*|qrPGJEnwcvb?1VCIfQB*aAY%P*5->F6!OS(t`1pzQDA~m zAg*|vccDDxqx}@jm;Q@q-EcB-KS#(TiT3b~J5SUz?n4@JyETx*7OBPd3;9C@EU_;! zXZAM>fh+{F5IB<{Ft*JlH5z1np7vQ(!MntNMFRjLi!HQKD#73q4Uz^TC5MobmELiQ ze8~j=M0Fkap>D_rorvVPXaGdq z0Njccge8Ge4md}^U(gWPwfm58m>h-0TN7}!6nL{2lJp07Q5Gfum;#{oJ~X5{c#+{m zk<4!fy+rUpJi;@;2^^`BxdK|nHP845+{cn$@NPC!#KEf-8jvUf;I%MmcI`gs(F4G@ z(Ub^y;N&e~3>iQ2<6N51)*U@V8msZ|G(}F6Gz)_sdzKEcV&3fU=?Q_jK+Cjv56d2> zzAAHz(KiBL{Bzui2_XXAE*zV9?E;C5p8b$Rx1npU?UPztao(`yX@dq)V1r4_J5xxi zNwc1)1F18f=plv+&^c5}T#jsvVGV^Ag^f}ORF_VfX&s|p#iW12<`wM!aTr6}Vmo*j z$BcH3-P7)*Qo}c4bB6$LX=zswY7qC`70onl+_#QDzc1|DH7GhI)%yetH= z5XeH{bbtW6Iz&*X_Tz^SkJyzfL}cln@O_&_I6*YARrBk+;piTp-1e#Nl;o#eZ0`{+ zEEf}b(Ws5MxVdBJ30pA#U;;pFK=AvyHrjx=XD7CYe9l8o%#+ma#9J805D|o2BmOvq zUaE2_j_)A)AD0;bgbzfjs+&2x;Lw>(3eq(~Zrd15;Ch{+y# zEHHhJ$_(T2Bbo~`*MPx-IR{QGfo~#=X&>WIAylAEKBMm1H*D9{jn5IZR(KCnX`3`x z2zQ4~J7q98NN(d!CZ%J-VV=KM8neQ2nkBJbe)e!p_?wOZ? z;18v$J~b3)#Ypd~s!DD7vc+y^9)%Y%-($bgC zRax$MzI1<7M1+La_{j>K(fbJ185J_Kj{!tBJv|`6!Yvo~_J|k&Pc)3!`WiT#n$8&- zVm4nkM^tdI)n@KMn6aps${gxAli7Nt*SdystWDgsZO!>suFajerEK__n)1}0p>CaY z@R1m^5tHKP3oH^-+*o+#@DQgtN-~b$LKDB5*)>v%L2)lfd?O5H#dgH@op7I`O5s1^ z>;}IIaJ@aMny8*;q49cgW_6*Lod-jjmYH5979)hU~s_V`2rvQTq z<`HLnV)9%40Uym5?zFF|+Xfop@UfsPM&!js+9*oa~zU zi7x;maS=jr)v9HVo6QC;6x%We^0ABfCjB)y{>AKE(KKMdKNxu6t@vR`9-qY8c?Z2h zei%1IX4t*wkUM8Yt7A};Do_>U6DH#f02-bGu8HkDW!IAd>y$MjTTw={(5=WJgHf(m8NGv!cxTxQtmW|3yzP!9Rp{T<%Z_a?7y(mwPU*MAGIG3$Mj)riw zgOiXeV^li2dJo=738>)dI6d(<)sKaKN z0MnUD*>AEC$U@)@gMbST#L(>!VfLVWVWCEkYCD8kCK7u)XD4_FM4ckKiXa-cYgPoi zZ=SOchjZw}8ue;+lPZRIAhc`{Wu&eS{saVNx$vs}avp~hwCR9|{t$;fM}Wx`UY5GW z(|ei<-aMO5Ut+Xj4DDbZV?loxfQ>s z4%b|nr~n$KM$K(IWRL7_wijQq+{((!oDnn=Tq^dLU)qTFXkUN7<1mTu(!HiFFb{A{ zxMj;8{o5siwb~tE&n8}!Zu?G$eBg%QiS06n1%FJHfE7%>efye)U-o)F@Xh-ArSk7k z;@TCd%ziS?0Px1CF}|Sq^Ax2_P4cIx`PphGfdHHB;?g;G_rVc+u812vbHXuYL&`*= ze2xRc`{Aq&={Sr4XAVe(&pm{ql8(4o`A{>2js($2-uS269u{w=`g5{2&@VO?>I;28 z*%#q`w5b>5^&s`elwL`xbFqeDgwVEJVQf=rTXKnfi^QKY=ZJewm{KRYQ_LA2;k}n0 z@m-26$;D544iZ^xu1O#dbGacL=1pfEp~r=3Dj<=tY&{hEHO zvR`H)kcB`N0;dK7NLk$*d_JM+g55vi@}lbfOj<$NNMt!E7Ro^%j@v*Ba3F@n7Q7@= zIKfQX$=Oqgd-zF`y5enLDR24E8I3w8=^y9dR1*1fGt_B6e`#1k;&!TSO8ES^%ZT%U zyG^UF`p(NxsYUq#SQE7kn8uWF>5r1SIQESGL-<4RCno=1f2cbZFnB*AfmQF^d3NQ7 z9QXf#)4fzgU}Cvbxdv~+UsTW@P1S?+O7lLdoO91v?OFf_WL9vrvBefGs>K50Qx*bQ z2xK8}CP1J?jsRClTd+p9__cDz2Yrf4exy_5>B4Wk=3Tr_>?2zz@A$>RV1@huUA{zK z{1*k=?J9ZZ$H5=_?dgGv24}ta>^T{3OrOAI)-O<$0WmaCRZj(jM0ljSrr)Xh&Y8ry z%5S{p`{X)k2Pt2SfAYn$z_|uEoF_@iWlfZoGQl0e<pea%_Q+Z){i(aV-Kcx0WO4DK$jr|~XUnOC5oePVxWZwYTRQyuWc90CHdp^Dq*-}HK4UVO z7M12Y{92?oQ6?J$;MCADAlLw6#8g0YbB?ttB;c~*VY{T3aFBD|M-EX7D3cR+B8Fmg_9Q-sW9N$AS2e@cy z;OZw#yNq;_`8vONp2sR3Cwkc+XD>nYvJuixerGey(Fvqzu49K?x^>OA1_1pIrVyDM zQQ%4#K+|WdKjh=z7_~CIpkpthctnQ z#1Mdc%N(Pxal?nZdom`03Y;{l32y(tMh=9!DSqpSqNkykcGgR z3jy|R_PciZ=vgVrzbvoZX)ya@sg8j2#01za<|q#P5)*qpcKb_YI@K*g>?o@6It@e? z%H~f6$7GOYFMqud%y-{3GiWUh%w}Zm=EOw%d7^US-?2Y_T$R zk(6;}Rv9S}cai*=N;FnO>M(2EYWPcHBhK#AD&7n~wW7 z-H)>Qo|X_`bJlrb3ySC1ww4hO4Op%X9S&(`w&-!Nad?)<9H3JUF>n@aJ3f~!|xz45|f0(2#&137cmcq8e%;@Cm-rscwmJaOTLcI zF0YF`{BxpT-_GM;O#mBhA@!<#*y|CR5o9K@?=eqe|0cTT*xcVr9BecXgaD69vJ$GC z=+o@;ECjL;$U@+ZhJbJ9+U$shzNB>gY-2wKZ-60imYlspJf=ztZEl?+JQqsZ57D=4 z`(7(7tFjHtE3B$e5@?-!nT$e|stuWV#(9S0S!pUAW|Xhzd}@ALhC`^=VJy`EmAk#x57&UxQ+_St9eb@pC+ z^<~EzM#Rj=*w!`4cA|0ET6KP7L4wZ3+K~&xwz)XbG5cqlN1Ur>kDj-_Fwsuwx4@uJ zj8)_(T3he9)pd@_B_z()6(rd!4Wo|X&s5v}!?Ct8XF~3BX8q!|Fssj&(O|l0oo2<3 zAm#&YEk_9i7xDJ+L*KH!x8G@d_U*H-)<*m2U;Q83wR^kWe9JyNS9`%)np^DHkt5b4 z8V0)J(Bb3O+S+DY_6cs?JvKT#U@yGzioN!AcUo>iv9-u_gLf>-MwtWxYe!ENGu@L? z(&RJVD4M9xa&mJuFJdjfAkP{bn)QBSt-G_!a&oeDEyvEBJMV-A<>jT;tbRb7=H_Hc zU@+q78>|}_LYK@0H`*XRQcFvR(_#nhLdD$Jh4%=}3e3qI1)LDvY}s5XI&;8TC?l9b zxHm;Y&KqD@xm?}CBwfJg>UK7K`qhTObchBd3POg-aeKM`aCF}}E_78)4U!z1zA#5I zt-&3@<>b_Nox1o8UvD{%v>W({2NLMzXmhqUKqj%0_%0Mofty04+1PAPS@<>j!!zjL zLi-l^H20p=7R)-5Qrb)u!b}i_2eS?X&ykIlO$X+i4N1%R^INjCBqxqP+k$3y5ZG>auGA*a^HCM9DwfHfn3+4&co2l|HYf zcg!{wC0eR9_Vt}(Rw=&qqNH~`enHZ)*$A+p=-=G7OI}kbx06^ zHGwHebG@#i`N!RWzGDf1i@`cE{(Mgq3{JP``C0K+q)&$|5;7!&K={zFXVHga?J@R3 zW2_x$iM4~RD41gGTu-bG$|7XBn12r-RG=_#DJdy#P8FAy*w&ji+qNCsEjPcwo_zAh z_Qtzzx7XZ$vo$ug+H)@*ww-(SIAzB8*r*K-3|LZfvc3Cve%rqOwQt$cLx(I)ZJ}(y zbpWfCIMFsdhjYoQd+PLA``E`nr8IGMc1{fbKmW^rSZz(cefB@TXg~PD5ABQp^;P>P zojY{snBD)cpSP!;enx_Uc>D7Y{*8U|@9%eR1}KhDa6q>#md3sa15G^IX;tvQIt2mT zzHPk|RzcI>$OZZlD+|^yd`Ce41vEEnH7hG!YXjGbC^M#c0!`>GEFlC|KLnWU&Qx6s zVj@z4tqUvw@I;(U)&k#VB%f?t{Da9NQfXlN<`EV5P-gng!b?a<*1{UOtPUHh^G(vC zOp)2usHh4w0n1q!D@-O`0c3GH+cqo%EU5to~fP@Tu)rK_}5GF7; zf_5)mkL>q^1WKui1ZW8?8zTD+#!>KRbJSSp(D^9HZ`?56XC!=c=}O0n8nHLUb*Ip z8-uGDh1yHmH@Fv}I5a~}nq1oyR{#cGyrYCNV#xKP@^#*44#-k)=QFK=nKRdVw3os7 z^DYp&i2Sn*)yYqf)1Ib&st)feQ!WOriYJhpD#3m4gx>v_t;vp;5NOhh#prV{?goR3 zvRA6}^odWRg5vgw@js_$QoprdX6#t~Oa)p9Mwh(xJ9lh!Z8BFQX{4F%y`IlQDVm$-zJB zCB$el`1j-6T-1?9XnR2UMhTKenk{@;8rlb}x{HN`F-llM2rLo;n&o+kihL?eRn_{5C~uq#1SlG_y&gNrIs!moLPm$7Pu44@g6gd&pex2>}7HraxYqJ6nIIL+ad% z8w!C8!KeUaP~)D1Me}e$LkC@LC9g5CS0tt~LZb&K{5%`F$JQ z_O>itLgQI|=Dcm*RJkneEpHh+{j@DZGOQhxelF4lmvG|+Wo0`TkR+68F>)}_exvAx!I z?A&50$w}^=;sVgx+HSw`n}2A3^U)7jfz1E;{-rPdn|=4Y-?MLg{k!T}jD70UAGd%1 z_Xq6u+i$Vj+Vl2bU;Mgg=otICpM8sj0lO_t@5Z+|6TDR2Dd+^|X=xDV9u|)^wGEC= z!2d%WE*ajs`sI6}hlFqbKZ9@t$lw$iz zr$=myeI0I7xPle{f##a0F03F(fl)>(31KvuMj7sW-80 zw0k+CKi+A1`)r-87V`44U7usse`irA1_74AjYV4Kc)7b-T%t9#_F9D^(!+GZ7{{qi zs2gl7$%+8;%wFR6mHCbV*b{sYCNQ#~q=6B~-=A%e%Y6#k$X+@zIp&l&{Zhto5f-Ld z(f|EEPMh?Md%ENvKta)nHlLP!AF1D=xj_3A_G~f_upj$6?iubXOqBa_MgH(8EFtRJ z3y8yh1Pm$FSUu7GV0x`6DpzyEVqUw=W&=csjeciV?P^as}6(`yfW{vmt4;teE7AOY<+6YWEPIuv|ZvWpYUe*yp0LDF2TLC0)jK6-4H@CDqVF-#N4;SWpg5F`A*6h&GpvB9om9-9JNBFII z6eoU($uKH@1?AbWVt^nhO42ze)SCihC;+%I=F_!5O3ivuI3Fa%If~eN^4Uiu%~GTm zJ82b_Rd(e0AKRY2`-J>*tXtBvthgcT9vQS9`(9&p3T{Gxwuis{O_@4vv15vSx@Gfb z`|&f+2mz)!4gZ!co9(zFs*Y;I*|zN_D=99vR+(M>_?c&&({Nb zyEf%Z8qG!;pzGxXGLrkrNf!0W7dAqVTo&>)kTyQ-@$pG+GwqWmd`OHb3@L;X#0Wu$ z5DHLtx@UL-D*76~b&I>lGvf>C8+9RcK%Ddu6Mg@zx!MW(>hP!Dtcw1Cbe#`r)Xnr0 zp+PX_O9Vw!wTnNgmn`8De*GyDN{CdGkYRrFCxA&H)F6N$f&?rNFr8F4G#7(ZM#`Gx ztQ4Y&t&5!qzl0D7ArL~~I)wnrTwI`X5+_aZ`lMB6A6fcf*%w^Q7VRte+`_QTcTZXR z(`Rpiy)r@R-yVJJhxX{BPe`MiYdd%Dkn*C_e&ttw(Z2GPui4hETkO=y(^h-F&ffdp zcT3y*kSrNC%K!Vb_KtVF%{sbzozmmpH@#k3$9g+<^rZdihdyABegAR$!6T2@?|a>}1}zg3ST^*P2*9rg9ncb)S^yz#{sOnn%5x1;Ll+S57O z@+GoO>IQX!>wLc&B|$Vw@a!OiL3AHnAJs+2uwfOTe*`w>C~pM~ko%#r^i|Bij2QHu zi2ox^@kFdkVeJ@fRlt&U^TsM?6$>q!lbt0xY1rQP-rulsSs~nW&t2|)kS(dAqFl67 z;O2=H<+zBT^3qcKvp@MA(RfkrxKW*^TPRSDwh=#T((YP!={-kPbuVE+DU(r0#um9`G}N|haUcYBjf z$`tC>`+maZOdaU&wXFOSX+9+&h#|mRf(>>na_XU%t*5iqo_+avBUa))L^hWnVD)!uS&r747>Na*P0a7IxIDX=!m^DR8&Ca&=_I9gSTjB1_$jERK zTjAY{o7Zwe60I`G{7Mv<(nzV`LZ1mzLL-7T0H*DM>w=GRKj|XkB_v=o z!RN~}(42!=ACjaJ=9r@&|6++OHWH#Aqy1MG=PW$WSpbN@o9?a7^g2M+2yCXiC;FlE zBS9PIxaRItr-tmba#1JB?{Yr<^KAhSgd3Tesd7J1RtgcjZHi8OMuCcYWC4KR;zHW< z?S{t?0wDxK2wbZW@XQ=BPtaiRk@nw}dEox}ju}m9f?VB*`{D(%^SyT^>#=u1)4b&^ z_ga-S{`cH{m+juQT}=E5_t^Hfb_tC8+&=%izxz+}D?VjiN;8+ApKGOSikyG=*B<)1 z-FC;FcI%zDTUKs?l~z=Wr4$3FHqvtntiI-)yhVtJ%9AqrkcH?hsb9~_jkH$zR&*X>u_Wp^va5&RDplfQWC`Y zbt{!%lTr+pJ8eD0L5!>`%Jtqel%{xSKzX$FJ5|1{qf(d=|3La1msy~wFvn7o6q#Sa z2Rk%}2!x!b=)!3-FPt2oU*I`hJX(hoN2w{Wr1X9D0A?LAr#fWrp041?^HYcTyRXk9 zFo1T=&&#^F4*W=C!~=cnTi>&L?|ZLPxSc+I#=iCKM{S+ll{>q7?2rHCBcj1mWc8D0 zBciGQ_7k76IPpWLPFCA@A9=zOWsc!#>QDgSp&A}nH3Zn;n6xcT4HnbiDRb<2F+aW5 za=y)a#o!kd6xqI8ZntNi{(-e$IA{5pNp|+wOLp_?@3TF3+-swQz1GoKE5<9yn!BW> zmf2gL(rQ$nJ!>`R&%3sZr13|>fBWsXD`3uM>u7ItizrT#b);rD@4s2r1DnKnW!ZyY z`Dzdeb%oTdXwPBd823sSo`G51Qi>;r0_GH-eFfQ>(*7e!CU70hHG%*n)m(ScO%>@L zb9S%gryYWwAe6wOz?(jCej$bSXgBcXpD&t|L_KVKBP#+O%ehuq@8&_F02+pAcQ~&fmI6u&-fGbWK>$u z^_dE)w*J+T|Ceh3Zts#w^a8h}<$C-K?O=%}zi}}Rm~>-hhEP8aPEG|EN^-fA>E_W# z|JJ^wDDN#YFJ^D1epXhd{oN=2+Ma&=ar@B^pOafPkVI+6v6I;T&b zlXm&E%brBsi%exVf{qJ)dRi9sTv$pK_gE)r-WH79l{qXk|}dCu$wHDRx7@GCzFs6YsGD2M$@bf<<tjccD_g{VXTf|y!5o2Mrm{-?-QRu2zVzVNBbR9<*Yz60NCaOLtA;t?eV764+lS6>N&#KH`~ zz>`z`;qN>mfA5!^Id@HMo&3Nz+df5h|MNe8zvAQc+LKQ`Z-);Zvt!3kicu`LQ^$|n zxie?&_^}iA*!LcF(dNl7|Kq2AXoJ07N|Pr6JsWITRviRH@+ek-H2?9FR-`nD7aH4b z*Yh! zqY++CjJqQArB@f;Q>?cp~SjX;+JgtXZ!%{bC|ED~0- z@GQ*ldCp4vH1ZCk;ibomL7#bq0W+>tcHMn~htl)OlnHG+_svusqLlO$3j#75pt0fH zT!p^jdcelB5LnPQ)&>YIE~@9}dYG;=1jg6X)2E=4$xb^nS3ensy65sVpXwm5vfLKt z9@;#56IKZ!5JDh?!0Lwp=ne*-SSR=vug@kutAd^?WDZf`!H2W$4~rckxEbcCQ^M#r z*?;1U-8XWbFRkG1!D?IS5~#zQq!@hJZ`x~CDt;W zWCOB*SgO_FQpX$Ke>ntr|HK1o>6daLSKm9&SdRiP?%loF(X%tnQ|2|-pp%F?e@Yeu zC~DT07duN5=D4qO`4eCLi+a##ZJoXLk-z-E_W%6S+g%XtAOHAy+p%MdvIo3XOl^n# z!TUdKfBlz#Vx?te_V{B@*i%nG>*(G8`9FTi#cMcsuFke^+u(!_Gxht`Pha{O`cH&? zs55YgeyZ>XWfE2qfnp2Vji8M|G=AVmh)Qsem~?JjA_5BF81Ldd9X)o&_U+y3o|UW! z{-68Luh=cO>`}_cDt&*@@^W+ZzOp2!dyS1LhQrst@vzqUIZKgZ?d@;-X}Jr0*M9xi z-(^P*AF;#7&)M65?xzG-Wkgf|LjizZT3D_P2(TzHpQd;%EzBU_S$te$-Jw0F7T3u0 zN?~DgKQ*b3pdddb#=1IMC0K~JTQ=rv@dPQ_s89M81!lEFEwPpnH*WjOXd?*t29t=7 z%}OCA+QknZ-}RN2g7T~@B>(`f3oX1eU_c*X%IB9for6Q=eYEvYbuuPn(#h6j8Bd_kTF&``df1&srOsr5Uz}pa;ezrk+*J-Y#XI{0IJ$ zR}f77UvB~SO_2??>I&eElbxLuKBx!N6#J1G*s|N=?yh(<^YlE){^!!;|I{H2I4~>W z4byKL|LOIX1zEf~?Oef2vX>8OY%|#V{FR$12Sjbx0ldVgNCpx#93IHo=+$LMWO>wB zD&6zEP9J!%#Y!Y!PsMUp$pnUf5z7=r)()F-r{pW5U4uP%bZbNVEeL{lY%;@PBFw#N#Kj3-@F)ki+RFh6@F@P zR0m-)fi$UK)9{JVCLi2oiDM2~=m-^`iT6#Nc<1uWJVs*}2TOU`C!HOgI&xJXIscoR zP$5U5{IJ$`u-Aky3Eg7;yo(yV>#FG|=UJ(VHg}e3hw(>xL(qZsbTzVY-NeR*Q*oVB zQ^T)Gd3`%KqKUcBQiDl!0*-Q~Ocj0lfhYt&=PpTDI0;~}s8LUbdU_!6ryepNeMY~U z*Iu&~J`<|07(!&g-H5rW-JJK?`c8DfZb0i+DotY_XHW9w>5?;qo^PrguZ-}k-k=x7 z=5{aqFjb*A8hNf3zW5PI!$e!k9Ftd;Yr4A9db*XT9L|_?cs*|V*R;K@ZBZwt)%us9 z&Ze6y@tH?39d1@ z!u3$8Tz$dh{A^L$bG)CSlcc9%P(JUwyFXI+Xj9UlT@{hd{5+Mlsm4L6*T%N+b)UEp z9oiBp)pujDV8=@~k}mZg&eBV4tRoQFu+|}YpV+{`zhQNet`GT1tOOLg{|8xV>jy_R~S;tNjBd0 zI&X)n)4$majZAli!O!XQXj&es_KM?yqpRL(-niVS`W&@X9X~)%))Qzh|F5l}y62(9 zajs`i)EQeMbhuY65G~XtFUTo`ELHql3AUmeW-s|57Tt036IOeSOw{nr0Gj4dlKern z0Qyd8OiE?Q=6{9^97**WD%ciPr_BQ450*)#^3%926T3`8J_@C+AGPcET|X4KM1aW| z;rjWD^f$_gBYI7tA^Jm;)ZX>$G8cQN{<*v}MMk2#tj)NC$LJj>zo8YYI&aG{ z7wqA6k?B3h_{0g-7o}SN_N1b}$Yho?-wJ*jO^C6ss#%m75M91P{1phM$QzbPueNr_ zXyo^u;n8q(_q(K-G4N~hD=Jh-rp58V+UwHAL+@VVDgMy^zsV?EsQU~k@~wG9 zpP}jNCGw#5y21MeeTpi*Tx2FNPc8llc52Ha5P;8F-asZf$z?1oA+eGVJw$hXP5RYX z*Dq~&l1j;~%Iob$Y!`_~c{|jC)yJ5K*`)m4*h=5M#32jwbiN?2D~JXJp6Ay`qtzp%V!R`j!Hef@0&KF1@j5zJwc=+Y*fGczMX$2j78gEQ+36f1Bz zkF~SRbBYb2c+fY$mh`>NkO$a5tXDPp?vrg#}#yhu^9k$scHV9mA`l{QpUp4AIU49m69DZw9-9$44Q(j)5fe!*UB zN=(FD?9w!bf0=^y6+VZfxnJ5 zp9T}TybrgEPr)ItGRXiSA+K$4UgW*nriT;(sK{}b56I9ERDe+Y2A=QN^3elY;@P-D z;>>b5y-2C@^iYt43DAG#A$J1JCnls_BQX1Wb_(bpAa(wx^t_M5I?@d`d|j5lH{)>K z8udi=_0h=tNIZ&eN0cp&ckb#Un#+D?x|r4ifWbIQ+E)HO-_g`|Z7_5W--xz%_n8G4 zEdj`_I@o&iIyE@#*wULkRrd4+oBHejD>R9T0!}5Rr{}w0UpnjW?>p?$l^yq(hN@MdaFM|g5&#}2{y)2_51o-etnH$T|s=#&p7wYmboA;7ex zA)%%>F+V7iYfQ1+g?NmhSTFw_Nt`O!YD0%<=He+GC1^`VWK-(W%bZ%*YcLHiuk)O` zKh?g#{5qttpsp_*eK?QA*?;3K7oEIP;~nr@m!-}$TgXue3M~RIMH*8(F~U;FdEXYG-|>UZ1XHRbSi84~`z)s1`BM#mwJv<^Cd zec8MdSeo24*9Bhsipxit)h62)Oh)x=yd)Z7DFubDy?xq|5@^0b2NawJ z-A`9`tr>Mn0;epIoO@4&BTc#TC$}Xz7K2?V%qD(89`n0ZFmp%-N2N23N^7F)O*5&5 zs@kGP6E=0ap*E}#7&I0kud<9(b|0*kpd5b)EV&(S9| zDGCV(3||7mCS@5sGh_)8pft;7mP}SkwY*JvnE3`u0kGpRfiBZFhf}U^FE{@87Xm~D zY?f1I24M4O9OB7 z>a1D2h`QH&q0F-Eb-79yQ`?7syYw!MzF>6>v0O%161uMLnqfM3yd#Z%_K?F|bVaU~ z*~fwY-gn)wxwV1AMpBaOdbUK(V${{-#WvoCLU{m5>b1 z64IM}Mp$jH>3ynzP0sGI5=Ir)_V4g)RL_{%X`o9YJh83x8Jp`mnwZ75L0i|+xexky zj_z>Sigk8!3B#dojPX6~yU)7dGxO1=0HRE>UQ%Ii&5M9s;9+ZouJ6ukp*2e}Xfi0Hy*|EgleRj4!zde&16ag<1B`1W_1qxlk^37}v;W~Orm8pw&kHa=+g2j?FS z3sa~-D5bqSg{Qi4;w#p7A9JReTLIh)tDqC9Oh1yl4)v){`ub*Kn$2@Y*l2)Pn&Ec^o0 z^(EVDLi$j}&c_T3)aW|>Ehh3kDcpI%!W}G2H`2aMdnXDCc~2yvK! zh&;Y9H)o@wVjTWn#dpSRhe+QY@rJJ<8e@=1sJNfL=K!5+UH`yf@GkQ&+0JvIw_L=n z>8%!Um>eWh{JcQr3T=QhrMt4=QrUSOwcPw1u~9kSh_rNGkGFJ#_wd$09ON=n)tbrUpvNkQrAhf?N^H_gx^y#}fe)z{3wF zVaJZg&s2rpoDu4X;Ci2H|FS6>9Y3m{nyBXsCF{=5E>oo9K?aG1rYt!4P9aUkG%%(~ zq9J`5oQEe2+!D^0@`f4>k{ME;Kj2%00-kGPkOr7%m6@s?@LYnqi}m8!aY&s$IgKFK zp20oNu4RvlIEIIb1H5VL8uvVw9s{Gwck#^=Unn28H?#LIO@D~%%*ih&y5Ik`-na_SsB=QNGui5C*$z8iuUpx`4F`N5s;lnU4^>-h5<)2IuA;reb5NZ%R z8m4f_ypX*h7tPem2;2^L;Hcl=KEvMlGGKLeq1}1w?0rp{NbQKYnfk`;LZvX@%J10s zd>wHB-cv$Q6kH-WF#rl#GN_rKXH|2m!bszHG}5%1`Bcn)2_9%8NcIZYYJHp@Ix;F- zyGVyMenMl#x=a&b4J|>xn$Kyam3;Qg&9`NnfZ^q}GIeQ6QcGU_i*aC-{_C%->+a1> zru=iu=&P}8^ihhqrJ7m}2AsZ2cEo%Lu5bNhz=*sU2Sny)xxA!Xvu+kE) z+I_3brIK!Ng&h`l z8Y~B$o}RQt{2pDcS&^)}o)`<-18`y>_;+WuVhNPN)!t{hLda_@2T#E+)1g!{q|&bN zA55%0?gEJGT*CC!Bi!kJNouCJY}zff5-(8iv$q5nm08W`l)a>4DRdUxwp_Bw{1 z38~11466yAR1kHdRaq`PJL;UqPZrDymFyJaF)!+D-~FF+wu&kwnwgabnP%D1`#@6? zh7$4+g|x(w^fx)zn?u->dcQBsVLc)U0%u~M6A78SRe0@R?GO_8pWpled>f^GKJ<*b zCc|XW%W{b@G2{9oKt8`wJ;o)OWkLNwxcI>b@U*EZfXvazR;RTr$MO*2!*5$5CHE@@ z6y?tDw_@;1>hrC1hs(#Kr zKiGt!e$p}26dW5az<9tKaQ~wodc||GaZpwjc@0zVl^fRkJBc&p#drtCbI}Vb@bN@j z!(yACED-pS+uZjp>7iEpzxM}+yw9c58qSQQE>BN2SdXn0T<~L4n|^mA+@0O2V@h1igKf?@ZJBtG$`USoWqO#m1Jd2 z2`1`|ltn@1_R2w7n2lN`bIs-)KS?{sc8z`*Ec)x{wqbzaD*TEr-Xe|`o@NK+-DvHs{>mp^=YBj%&@-L-GKnOJ4ur5X}H_IVDOq&{{F zTK8BTcRAc5`Gf?U*YoCn6&h3Azg-A2_<6^4Tt!tWM_Y@BrJNA1aNPfbbI0A1fi#MV zd%Ic*a-)R=M6v5piNAynayb@lKx+rc+aH+~;|>)@$9w;%S{Ny+1+vj12s&YpQD3Zo zw(KRf77P(4VVTtVi&jo9vMNeQavb7kZ{untS!b*+cjd8a8lPuz%o##coD7&nN5ln( zq1>DLpXoDz=K@Iq+D~Y!;pu)6&0%i-pER z(YrvGg=f(rZ-OJ`pT?S0m9ddAJP^aB)4QKBG_=`OM~~-Xzj{SqAcsriWH79Z7P1lv z-VYT)NL0kK)djCyI=9+Ecb(XboL(|K+@Yeear!eKRc>G%7NHcwA&}ct#N%_+X#6zD z>yI}$gC4w8rSM#@9n{EZXWasMRs0a)e6{R&S34|~EMA5gRq{>n zR}ne_AQ?VZpLLM~C`1BUktKQlU4fwaTdFUG!A%7KpI{LjPa@u%8tdHT^M&TyIU)|G zABXMCz!#}_pu3nbPzWw4zTif9M|vu^?tqc2NWf==iq1^VH)!3hlL<5nE|#@F|wm6DJd1Xk$`P)H2GUy`v%JiiF?J8)mX9h1PW4N;FY+mH2_UPm<8n# z46Gd)PxUyF)8$24B?)suiU4NfKjXhb)MEMx66Cv*-*^t>JC$FN(k3s4TiAddXPIggCc(2yx-V-a(-EZ(nW`g zrOtbX7H_m|>@V2hqQZ)AbmOeEYB(jC^udCHM>v{ov8$mF<{W#Y#Duo%_&isQ+6ds{s#V zOyJz#8UYTD^{>EpRlp%KJ!CFESJPS$c3vF%Kyv~im`f%O;?a$q_*i^r0q-SG+WZ^9 z{E)p&1g)dL*D>$6+XK$m6`j_DNA(>pVZ>kglesj9oQ%JPM?_n!NRbrzfe=1OPE;NQ z+PeftaFX-G8|WI$a71g8Dc;PX7Se&%Lye^Y%zyM?csa1O+QF`IJ{{m54<}}EYJv(1GXh4KF@3!|MA&?n9pr#4~!=*?E$yx4@o=O|o8VW|!b3wyKr9r5Vq#nf_Dva2Erw7Euz6A_}PdU_B4W)mV{H zoyyEcTS2@(4!Wml?OeSGI-RaZXEN{4XuPQ|fl!34@Q!YmbojSWtx71tGDngJLtOs2 zq_Bjzw0K1Kz|1&UoQbAd@H0@wk}*aHAorJFd}M*MU<8h1W>;)fY8Q=l&79c%gLv6< z<6#wjt$sO9G~{gK<-FmSMit-t62^VN#ldph#uK9Ik62T|k9*xZ!N=XrhE*H7#u)G0 zi@l6&Gr_xrhvf(+!s?8Ni$*P*W%Egamv9-!sD@*abw0i`AYpI@62y~*C4OWxIvh0W z1VjD!;REU$KCY6ROBL|zRA2XPD^ohFx&Z-cHO60?4!C1Y>oNop+m znu$;{j=JvUHt)XSqX0S?_`#tBxJeRDtqr-1jytq|agLwfsw>$-s+W#M0GnkgqF~!a zmf5}+?E8=+crb%O)^*hmfhJ@)Ryd5f{Qxbhr;YeckYNJ)$0;FZO;X-%rUeBZh5W%T z0~z=sc7E!zN)Zc>3h`^qnT8H1Gf>5fM|5?JN&dR@bEgSs@f>Q<*IJ-uCcJXN;U4C zZRb+1bdz0uJUbsgwP}b?0dm_*BKvk=v)~Q&&GnZdQyBcQnn$fbS{KfDD38Zs7E5dM z##z$|Eep+7!}l7HD3rjWK;07Bud^3ioEK`Fpn!1CZuO^bvn@zJfG5S!`8`*N^7ysU zc)Kb>0>e{6W1Cs83y!?HIghHAQYTRBs{Vz<4adY?2mxm$)?jser?3~h2e#*eE7~mP zp~mf&S`x!89)fL>ON_MnW*Hsk=lAOEAw?S35ZUQ~+XQ>AJaFoB!x4syWr-45_><%^ zc^@Jbt`JyQSgO0u?BxF2@prT&eybDdn{taA37nw!?GWN7EsFjXCVlm{Aj(zWQJ)T0 z<=1e;^p9ezQ8}&Cf`y*`r9TZ)tX-X@N{$_h!lk^KLQyE9WIK{E-LN+w1MRklU$q&o z(uNpvwJVE5P}JxiYyFib^K{JWT~4y3LiABTNEx zzMPG?{XLzc)5PF$WVv8)h_(Nap}6i>>SVQ-Y#;@73o&}=EbwyCmf(t^tM#Fa=sAlD zaSf*Zxg#0Cau~t_9r97(SZ<3+q3h#xs1cU=Sykj&{C#*m))opBw9gV0e6oAiV-~H zPM<4|tT>>sLhoiOmZ?*QqaI!@M%gTE`llXanpnp7@N4M|WozAgE$d=(s@8Ytixdz~ zk7v|e(WN$mq(CH;KCs{Fq52z7WPgW+O$&an;7u?f{ZWDyA&g{1&Rr&)$}c$}iHp z2}P}Ge@p2y7P5uWC@p5S2&Qa4g~~wGRAQhy!&KDrH!Y$I%erwbPMNYCa)|>Dmeck7 z=f(AN+$1LNBTMx3;?>EwHLaw@_JL2XprZXi>)*3W@5b{&PBkp?Yw#y;FynKDaFADf#V`<1)3p!O z{KS#EY#q=y3g%}xvpNLSy0;^@6aF_5Z=)N?Izp%im^23Q#&~{8dOYfv)E|6;C==!< z_8R%&iP_8w*pS=?w>Je>o8?^4W)C$s;B8mK1?0-C5|o=P5l`V&VLlM)gy6%ejLVRv zO-qwlCzQS7kM{d|F3+n0sPF*$h)+CG0^$#=)!Vc4 zgow$>LR9!=4ih5GSzKC)bcyRk%O7+@`1KItn3I0KcL0t6<9>XidP}&sbL(?^L|3T84k^>silu-HwUA^tG&X zsaAR}3HRk2Sy-PX0_un5K)%)jhTH4W(iTBMm?t^tMG%=^{`K;3k^_f%y*53*TTrZv z&qSba9MnOx_}P&nX8cS^4NYA7-d08{bghPn=jX(7QdVV~{I6-XaWn*-yaP25jk|IF zn$X&-7WXVDx~~g1)kAhMSaQhNI*uNQd+MPrIU`+g7}n3mJ40WQKrbAgfJyxw&heXS zU`ZtgKq=Sx;(h035hu1xv^suHDP{*6pe^JemqSA7)lCQ&)%}xE72mzK;Xz?3?p|ou ztHyd!>CvVRq$_5hsq{nuM<%_u)-@+UX@>~|~G zhWy_chl>>>-swMj>F)3@?eOU|U{IQESDyz7(8dX_ySvalYOj!Pr@^N?F*01am(NR?QCJ6KuZ{o+ zz|RSPl-Lpo`~zo05=(eKpH7}d{G%=GTEWPs9IBq2qF?R!o4LfaL*J!;gkw@|ir2<( zvK>Yz+k)!Hwc$JO$D&u>4 z$I^lJ-xnb;8R`C|uC~-RKUzI3DTIN8n@Inbkr2>DW_N;n>;m>*1XqFOowxl0AF3fv zE7cxK{)?XI~{5wYQ8#xUB5K=_XpPrgsTpB zuy}!p)77u$FRZfr*w*5c6(#$9eFUgr0Qkqyn4sv&6KgHxpD~5%g$;X|>8A-ldo3~( z!YKYl$p)d9kT4$tbuS?&1Bj{0dg*dwdKd)O9R?XysCjfqJ^ok*P6z{p`uk`Nze;x3 z816GcXLpGlD*@4nChlK9-M9mVFo7UN$%aZEtREFxJuW;>r^G}}9u-v(8dr%0K#0-7 z#CS`Q-cxvZ2uhiTc5 zxcwO$B_ZMb4jtxfv;+Ptr650zM$b=b@o#Ec z+R?<`zR74liwbtW``6V!kmile-5J~tg;zHQop0flLvO#_RJAh?))3)5q9_1PQ>k1x z0|Eivan0^q{wb6cvhnhBob}xL$f|VZSNreko_WHKV!i$b8t0IX=fbJ|uPv$(IFN)% z7lI`?H@7I?hnf}DzdeW`f-Rk~1K&D#PywdehuPIlR-jzm_#q*HT{8vTy~wR<$WpO~ zgf~YqiaC)Z2Gtom)@TzqgUKbtPN?#|pN%PWwQ)kh%k^S9yuD&huk**cplgxm>s^w- zwHNt~)vz#t>@EqJ{kX>lsGZ*0ZA;zWKQjh|e|ORPlS&u34sE~mdLu@LLx>W)z@ z^Myhpe1eBbWq9vtRKTgnzE{&x!LDClpA5{OzcU4!`!uEcuthT8mm6=$7{=5;q`^DD zrq(B*W0$8?3ti($iXll^h(!WI;m(cIjf(TE=f0+Z0s3G|EvB{(+cgc?+_&P2(Ty9v z7a~=}{}9gZjBbcmSRyN8#c;MX#ZAr5=C{O-K3~+j=LD?tRO20u+jkjPX+ z?GdI92O*#zzer-0kV4%Cy z>kPybPw$(|%&F#>c5RU!>QKhMKHVi$+G6pQsu|X9T|lsto#E}P@Q)`bw|64ijs^yq673MtOxC`GY@fFZ&b z;|+8=OJmGoV-pjKni;CluXrw+2S?8k`8{3{o_h5piA!dWQ9l=rF#rL7wExyz(x+Mw zooVCVI)(b-vTR1XXSbp_N(^PX0D6Tkf*sd}-fD>&Myyy)XO`;n7H<2s9#UVQ!fMNS z;)05rL;4Xbb>8k(m_-ZB6jZWsEoWe67Zh~hA>bNvU)sC#^hZpQS?8@ssD+8!0X^*b zt@0=R*3T%yqFW$?qCjJN)b0VOsP|NC1673HM3xk6n(vu`vxg_pPT^^i37}YBIRQ;c zQYE#2)X@R;h&ZhhnW%mbn}y8t%(v=TiXUDfGm6K*1k9*I*r%1)XlCm7Gbm*BHm=@3 zNAu5RYX{WL^V<%{bWb<(B7k;#L-Wh-?6PEavVPG1X(q%Q`D58Fi^}zBO9=JUR^aTH zf-@Km+Z;K{y0NmhpSEno2pWV42W}h*mn@u8DR_;TejnbDRZGcudSFAX_S@(QLSHcr zKW(9n-Ht*UoZHrXfH;`*CWx-Xg0jQ`L%1bPb<)g<$jB?_~Zq#k;ti z$~DGL(o*`7G@n`3m=|cJ+{`^1zazI=&0k!<*8g^tcml`hDcIrkC1kkrSKLJ;K2Li| z;dqZj+twj8d)#GO8EgA0AmcebWs9g4;FcQrnI8Iq3MNT_&L0~Xm)?Wv9_*74i%rpn zb~R5(YcBW6qMY6=&54c^^^DBv{<`jpH+w+$D~~J`GVr_Dt3Ev7I`P0Q@z9i(2qFL^ zR1LBsk7B6Mk#|^~Uj7|g=`G(Yn+tl~YYAbgbh6KAC+e-6g3PNp!|2=Kl>Vn|4w>kJ zR?+#$P@GqYVipBv`8Q3`%b30jc!EB=+^8jw{fmnBBayO5Ue+_C{*2iw0uN(ywnviBIHfp)}V2xoeW&Z`ApgW-k$fWbXY18X}?zSx+U z7tH^wJP|@}33>VI_qxzd;h)4d@atRwS;p`^@hFE*b*SVQnh92z`Iw3Dj?5V~x&7_C zKI9fR?z|>qGSqp-83>c9C>iveOabS#02qD@gfFSSgirjl+Eaz%IBdsnwUMAycU6=0 zEeGd)ct^qku`;u<;*(qP0NsRvjoWi(Z0Ygd~#Z)-gs@i6h@w;kV)Y4 z_Zo+*1k2)EK1Ki;qzAkEIHo}|0hirOODH6wUYH(&KFTfZ#RN_zYvUI6isSLuhkkwG zd@{Be$O3I7NL-=iCR8HP|0*KjAX2AZ=Wuyf`%1pAQv22!eb3WBS9V@2Ok{ry4lvUL zmVB{6Ls7<5U#B9zmV+)pMFhgCL0y26;INfGuf5$K;*t2d^$8-1orHlnFjIYHH)-h> zxFR5YZv4zF<_2e`Hf*ty_Bdz+N07{U)k?t=pjV3lv7DpCqhwjZCb-~rgQAnY06}VV zF1w=c(Cw}gB&%x-%sR^bmS38#@GV)(hm;*mxDKyF-9cLd@F6$P@v3=Hov z7czPNU0G+zs`+%)0^Lg8f+;Qe)+^bipLTC$M*5c@_-K)2!@O#70ka;M5khZ>X@3X0 zQUKY0)!|2wR%CD2+$oG&Gi)6NEB7qW&_DTLp3Zkkg^&PVd#(RMv~!*O+xhp6+SuO5 z@`fADhB~O^ga7BTHx3dC8T+`PMzlMU?c6|Z^}Ew7pPy%M;oB~l3R+%j{_$z)pus>{ zMv+b!3bs!pn(X3*ub{}HChAc%Pvsh@eGOKF>=VI>OUILmE7MuhS`i=BvsPW_Hpj<2 zMdeAj>8w7xWURx&*b1yaO}l=H!GYqhRL4oERm@DBf!WX5`YR`A-ROBhDG61JlKY_= z{?s)mNH66sAL|i&7q_D=l5S z$~TqH#@VD*>XY)FmXES1$MJE+bXX0YxNNWpr7XpwLy87EVF#3}enzLP*LdhSDpWq3 z%}L8l6mQ4W0Uhm?xuB~XOo27@P^J+7t6=}=yShpL5Z|n1u&!!eD3=c~_rgzR< zjH|1jObpphl;R*O@G7^yn@rdB?gf1#dJ-d)+bMcQ!ln^QJXJV`WP}RJN;N|?6$eZc zB>(4vtHMBT`II-MW6HV)IP}{l18_-RoJLW47g@Pd@kAe!F%L$?=@+H~(dm(4`r+G) zqfy87^}isng{wngQd=`Kx5nx34xv=c&Crg*L08=zR1SLiB?oQ<$jye>@?D# z79cHVwgh-sOQF{$6G69O5lS|aLL%02RQqsyoR(Lll);uDhe1IbdKZR=koY4&LiW}h zq$SYP5kfxd_Xt_EP6}M+HZ(M785-7A<}5VG9?V=$EfOWimMSCJHok3Kd<4nZ4!0m@ zaIUub?tZZvEoxBBbpjJVb%&fq^V&3o5WR*w%Lr9lAIP8JtGz-+VbP6a)b`S&y($jF z2hvIPFn%%e!?*lKMyBHBycI8k1o)PTbeP2vWdQy%$NjTTOoU>udWd)1r30 z+SWu!Ky+B^6vN}Lnu3-o7O+}NIFDugV&Q_Q&`LX_1h(`Vyg_kBUpVH(d$4R<1Ki@S zFt{CMr=lJs91KF;vBIHr6kdP_0;ci3?Ia&vxk26g;iPtkKl10pw!f@F7@SorL7`ve zZ21O!dnx`mf{-h-47JnHXb=DCPmNx|^m0_1!hvu2HlT1Oo4{Xs_H+!~q>4RPSJYVf z>IXJ}yWo;bXmg~=c{W_X(-G+i0#>nDLD@BuT$*y%4|^(`OTp|GDJ;>@%S~t%3{jX@ z+kZQ0=BZTWQp`>JYe|eYXNP&sNbv}0dlF5DSc$N=ln&o(h@-;Qxn^^0#&!CV1va?% z2A6m1yO5(Q5G>Ts1NHkk^wuxmtDLseK0ic`Pfr>y`=`)*4Hu4M+QVUTLaXnh2%%|VeEv&0 zQGmIyddxUVLP@Fby?>I72bb!QXL!usF#i_g7j=<~nn+6vizI4xsn}U1?AwLZ<2;tq zjkg(cRYGn!i$cd$$LTNR(7^~u4sW%O)kG6ixS%V|M1WI;r{XdKJ_P8?z{vQEf4xo$ z_M}$Q+hy^8hv0yrIDo$_6H9y>QuW#He<^y`Y_Ks!TTXkjb-C+um(;lYOa^#8Sc6m~ zb7v_L12m1@hdYhX*yT<}9m8u_)ExG{&XAV{s$mwG_-fciv!Ktr>4rHdD%`cvd(X%t z!k}yGo<3aPl3PK;G2>hpDjlhSLAWS>%j2Gq&wIr~-{Erkwns?8DuAB%1tS?a5NlNI z6RgK4x6aH91XX{JII2A`bFS&!r!D_}sDw+T6x`vWQ_a{D7WYzQI>U@O$c7zt#+b%I zwq@e`8zfcu_(u1L^&S-rz{UVth(<_x0hRjJ51Avv;`F{}h-{%lSYI83ou}=z<2LEx zuns|(a{U|@)5UJ#=SFgh&;#Nz3$mknRGkf#E)w@XO_Ajjk0U3XGg>W2RkYi71US(8J50} zA;fi)f|pH=-a}ev!*RAthB5pkMVyNk6WI+1Io=cUIi<-B+245Y?nnN048erW@CSM3 zZr1g`ih5S0h*RHgH7G$s{4D;bDS7q(a?+i(+IUm z!cv$q_B$!59x4r;NzIX_?h>)yU!Ec(+9^^S9&>a7{q*;h#f|-itNSxf8X3v1-wK;{ ziIGoGf^7|I6%V$Klp9gu$M3Ig@`N}!1)0n zqkCc(h(5ND5Kcf2x*3%y2WBC6iKKGMY*57BpIe`kLK|VgXJT7O$5SSt0o$8t(zNUN z>?DPtwpxY~f_CGd_>D5ExPqdzb!ty;z z-MU3$ zLx)m|7Jy&6R^2-4um1$LEeAL=5 zmTxrg_F4JeYS8-!YOCnrcRwd@=F}%EbP&jY1hqK`#Qo2SFkUKMPb7i{PF9{)hltV! zWRd;@aDS4%46S5S{*@xb?G|Ql>yI?Z#Q+9?;f*|sAOu(vp(bg$PxsavZ_$%hfX<$4 z*?K^5BDMM!*iGvPa3m=5ZWWo5#YJO_K#j*liE9qKm^)Hl!wTF0u3kHr5bHD(`)B@a z%QASk9m%S%5bt@8FnJH~40yy(;E_!(f3la)!} zT7zg{xLZ+ICPOnCKj1{$#9cI{q)=2)zyo7uV4$rzjl{w)Y7v4|BklQ zrfshBA%m?hQ^NDG>j4PYOAo>F{eWYQue3mxlwqm|aSC#vEFXKAl!q zphA`*L&iC7K2)^0_BQUxsk3}#-KJzh+VwQjujr0M8VLu8asL>GCz;-x@}J!g$3zB^kSq(_`@T;LeB|ghKK5h2T&s0b zGzHZqC&uS#-}HU5Y44mbV}frX{12~mBek<8zVAIL`|T!o%*hwa zY@r<9M%()FjK$@~jD^*rTB{JIc+4h}U*Mg9ZicTgufg}^GCvcvAqWVI5{Qbm5idpb zL$p{*AUI`Er`FdkVNtSvHU>gaU8++HO#OuaAFRevSPyB8MP-RixczM8M>{vC-akIF zFVg|GEusR-xS>#iKZ;OeR7?1EiBTo%g#opeC15bR@o}}jcbYcD1XmzZd^X}0fLM0f zv*Aa_4Caad0vtKY6QqU!r`R;69%Hoz#&$~7n~LE`3M zE2zrMsjy3vYDg^=2Ik-8yhSf-wz*WX?4!w{jLo934XTT}f@C2}UPK7@f%rZ}p+@^N zQE+r$VlHw2)54R20FOKx*#D2Gb8w6+?6&^IY;4xb0(Lx*^ao1?(}DHCrZ|)f|I=g5;e<)Z_B=vtb zvRnR4y*I&_d)9?$Pb zv}K0vjS4^TX{h4_)NM2rg^l5$hSR!t9CfQd>IH`t==C|rOQkwYek(@ajQk%9z)y?u ziCyx;QiVx+EEsAWO)u&&1S?Qlx#PGF3rfNESK}zAuhVWAlm7e94rdgTcdd(hd$@mb zm_U;)w=ce)^A&^d948`JB6vR23tg>ze!Z>?)p;#^)}9sAixERVVf-~1u0tXa3o*cK zmv0aWbt}ylI6VgWnTf(V`k_NdLOjQaiFu%{Y#dMc-CqIm;=BS<{;?oZIDhL(N4Syx zM!^&G8;y!qAueWZ;ytT2aB_9>HkCKn=f94zFX<;O7@&)y^C6|T*GB1>guQZ0*j58c zdhZQI8Plo+u6}d#6uiZvOqARWB4T~VGHUpd%e#iRz#6R6n}3Rv8198F`pRB|bZ z#Yc%d4FxQtOx8ogE)Dd5C;UR(*lSAg)E|Tceo;hvC|UPE(gyo9%mHqHnPbPfk~n^) zcjl_xYuxzMCDR25@*CeD#{E!?BCSUev1%V_n|UPRPfkI<7>sgBPfDUv9rBeN6;^xh z=Y}M;6?y)hdz|QX%yE7FQ1?Xc5+>hK=rQL$`kq#x2`ljqeK~^M#UoiTsF@vdAM>f> ziTFPNn#E86jX%?H{~jN>{RKm2zgr`?sK#Uui+)gI+=h@ZA@I8J=JRt8xQ_MGo4lQ~ zu^aPE%;^PQbQCXRKARJc>?wv~yHuyu^I_luyNO$w)t~R$QnBc&NI1kIh zB@Q7IO|7Q3XN(mE@e29msA9Cq zq=T_gl+7yuRTVXYuo*~8k)_;EM-&EA6i$n`J0@PQ*fF%{)I2w;z<2)j%rK}gvoOsu zr9%0zWcZWhS3(4wW7cm+VsJ=?bfeD^^Fy(8sDCs@H-ir^Sb5mmxlaS{2EY6DC|RsJ zLxcSMAY_vMXaq~5uCimiqFI1tg7NI0pn$vl0Eh*76^~Kh!nCA3F3I0MWwdU?ft6u( zuJ<+17 z^uph#7WLm}OSOzx5cu5Y-}>e?Bnv?|{}x*9E1UoJFkN`DwwjBEU4NFSYt%Z85+MYQ z-=gViwk%PldM7kna$jwq@Ps>My&lodPme0~+G%MX>VdyQvzB%2^E0axITo~PeFa>U zVCWn8cqkX%mK6v6i4AL4v!U!68dWjT%h3#ur1R|<;n4n9(rAH%h=iykVG;fdB9>P> z3pJcFr{K$lY$*~vH8e#{qakqe}fbs}c*^R}!r)$K3Z8_jCpw}>>K%Apl2wT*S#ag*F zSk3gyYIN^(H!oATNNl&G@!Vqu^ixQ0fr};mC#pfi(D$O9;J+UJ)3c#fy?=yu26;+v z&l@LWU1jCvv1&u5vkbGK34vF`^%`F|g>T>tCKO=|=l%CuKH7pCoP>YLo^0ZaMVnQ% z3gv!F@CQeRV~>^#E9(QFhSpLzqvhxfnINHvXvLQe{d$9>P|{Lihh~sxBjX#`%k*BX zl#A**Q@B@%50%p2f9hhYoyE#Mn28m}UEg{I_w5U-#y-$Yh!t)~9A%@E>N(U)V<3H% z*K`p8F}J$vgXsOX943OJ=ZOlz0Yu@xTU-JHjjtFPYJo|JP=-lCT3E$=L5C5=oW-LY zNJw-OoDu!^EGA1XX6s6LyP9;i-_3p@@bB0q*txFT5v7~N=Vwhnpdc1VN^0h>wuo3? zMW^%g@AQZ<2flM~9EY=2b8UE)O6l!J7*YCt^5qw^Y*hS3ScdWfilw44XLq+PoKx%u_$PNlPP&t2OX|Ss{NywlvQRx^k??_?4TmlKQUG=`1(fB`Ye4Q*|EM#h>}r+M!$a_gT18pnSYegRiLpoOLMx&~Ww5gt0tC_7#5m6OvZ zCTMW*!YXw%icu+PY!~{n%&SRjAjQBw)%XR3#4_u|!r~K#HoHT+ zJ>zDY!Z{4v?5n@Af8LR%i(_TdTj*ksovlFsfm7YD^7*_sl-HDYuP4v5RX25RBM}SG zN(d>(`W1D?FYybqjw$5wI-s-OEX{0KFn4+O#pmz)m9~45)DiIf98t(=7+ZNhKnI6K znVFwi_rbJE%>=yXAqi%P(m#s}R8!BP4Lwh6+ zC3R3d=|)?Ig^CJ(yZNy`%ITAoWH}I*oh|Df)ko_Teqppr!&DY5*$%9{6CRkOgDY$*T47m$d9 zLlrTS|Da%_y{My@i##1J3TSMgq@vU@HYnrdXr)z8Z)(IKR%0IfSKH$x z{1bv;MQJV-?^a4T*7Ow>9>6vE)JiMZC(mX{J`Kr2p)Y@*0}E?A#b}+f^fUhEmwO@V zYV-e9lvQA0um|q64R>jD^->y+JH@nH4~>_?U61#Vy6)~B&OQ!~C+2OomCcMM&|_>V z+1Vz)_OA@7zF{u`q+k1JOp)T-&uVjjF&H3!_dHH@HbED2c+iH>{NNH<*;DzOCzEN~3Ne8YpV1+5c(YKu-aJt zY#SI+=)BVt@~vJ|P+MLp-u6*JbgseK5%T~w0lQ5U`EOz~Pv&d&*Ya!XmqpPhDb6D- zjHU`_?bAzlwY4jYnzM^nt%;*rM3O@>VZPXqy{~7AG$GM^GtUOrs6x=4g9gT^9D(vNcTp+MBLT;nIt|DMm6^nm@E`xteav%c z!l%L<`h*DF9GD_}F*)y-aMUkMJzTUEPf2HzR)x3F(-KbhWg(@gRdPR6^I+*3Qoi zLGg>r#4QdqrMvaQq`mj04r^bk5^dk8)7z+_U;pLjlphyEpH$tC(k%Qd1%qVE`+RHW zL;wA7J=#WQF1USrHnxXB0pP-~eH3w90wuHQG))7GFJSC%x8^o_@A84mp0~Eg{S@G- zc!F~h?|t6~J@bSIEr8#$ZR-{5?Rf+wvB;9=-2CTZX?YzA+cx>zj}@Xof$)Zx<+u>a z0Hl)?RmG{B8Q8VmSXA!D0XD$S>{AtV7Y(kTq-;rx%wHHAfGJpGC-Zja-b2I!wOOZQ z8_$iHBfI-KKMe|yDh%WSANhUuYgdMV_#qCWDVLiCFey=Jtp$SZ zl!?w*R6;b7&BdMr%0j1%rm~Irvva1JJ~ArdW(>$s9v8&Myza}6e*HzoD>gT`SXtltgx0*+fw&52v)lMHZA|#S zD7kfY__wOIV{+^Bk$cta$gVX3v=_k%JmJ+I9rJ?L@l;d!xwYT)t767)`1Zm9G%9$P z70?>P+@tiHj=s8}zVGt`ow#AS_fwHkxqXd$%QJVt-*d65wizu*xK%o;=W(qHbJH=d zdoN+j_9#DKi=v(!2)d7RA*V0OIUN1%TBPSO$jA>0ROwmS5hqljmy-*iYg-cEfQ|Xr zkHB2-@Chux*u46b6*shXGXO;p`Ri;QxpyAr!RR-KPr9(J42{vCJEXQz2n?vZW@6aO zs9S>vO6GxW**(oM_pwW6j4HOXB~zTd?*8yMUDs1Qxnojc!8|^jb1O7&BVfAb3d}l* z`QYzD#-(bhR=3wLA_y6EZ)}=+$@%25d=0l(Uwmk_c_Pht>$Sgd#{M*{Jc1+gVyg?0 zLT~=hv+NfKGY~ZRWDo~$hR4|79e3(<3R|-FYjke?H^?cHrF`tgi)0b}wBN8+OndMhF(lNY zn9Qn?$F)+)=`{^ekwd~~yCQTpV;bNxtr+Jd*V!GgFqfJT$O>Nk!zCdwjf3cQ_m|tG zJd`!-rNPi~UPA(KWq{?}RNs-Pe^CeORdbzmaLf0ng`xsh2hU|UVz&VfKKA$08-@nH zW)Z+h?09hCEUgt7)PGJ-Eh~5w%y=B;AIt!Odmm3lHzh8cAksXGUviQ4AmrbR2cQ_tNJMvY-Xy)YDp3ZF~Rcr)hrc zFGH7*l!$+!uW!Vl7jdsy=C701ubZ5AL>XKq5cZX^uQAP7Y5la zPGmObJ9V{ZBiV?aAxx^L3gBx`<&2J{>!7C2jVR!?=ks+!ZOkN#kax}u=8?FW^QgN1 zE#N6JEh9s_SVcrN)J<4=g7CY$wy9~#HQ`!~t9F#%LDhD)TBaeqxu%D)ot|Mts>424 zge*xi8m91z-LV_nZIYs4zW7T#Z-4;sc;&i)^EafiLZyn1tNr7U<4oC|atG^F#!TW;a+wB=nx*73O;!*hQ>g{Svv_Mqk34#rF zo?7XVY8vt-g9_Z{1Kx&_)+Rwscp-C~1{0r=Obn2+t}4nAmGUdRN3kN6Rpk#gWhk=o zUj@9#KyZHm!>Vtln#Ip^pKAHfzD!gkJmNEMEm#^9C6a1OU~@7&@i?yYB)NEf49>Bo#u9)6(AOn z#U_l-HsST|_hAYgb~qNc5@;?6)e4WjkFlfpVSu9^A7JJ3Bw@N|ZPWn)nKb69G|npV zPKxWC+3duCI8HzHS-$80sz|?Ona5|g>MnOp+9vo_H{l1Nx%-dQ~ujB{+I9S+q#OP+z-=nbVHXX=o^pG`#P*SFziJzibJ zIMCTc40LnU1QoE8eBxUe{awdba@K;ne?_FV(AvZI?+A|->VuqiAyCkqqQ5!ET3JlU zN42J3I_aiUCenC;BstiTq)ji67dy_is(#|O{+qO_N~7gs<{S?j=vMk}g`G~VW%rgC z%Yd$tNn|R3W(3nB2l>NEqxph|jRH_*rCC#S0tmpm0GtsYL^>_Kr5s{;nw-03iQLPIt_{2m^ zPGiGL^yR`0W7zggWP6rXx8IwM?RSQ8M+fp~o=Dp`PvzCd zxGKx`n3_|qO>wo-j5Ug)&n_)4*@vOabES8lYUx0CA(ki05y%8Rkbx&d$w@6x-{uf; zQZL7J5pB=6iTPQQTm#P%Vr+ukzv`hXwqdrBi4|&BpJRvgP1Y28uaeh&$QWf#m_9Y@ zEq$k$zxn^Yzoo%KNihB>gps1UQwV4kP@pr(RVX6D4e#}K_bcD*M|VF7>jRECH9Q#}EAE5wfiSRS;qE*1(+ zDZK%Evst(2lkRqZAOG{i(vhHc0JgmxirL{Qf{#a-!XSZlY@+%~0i*d?$Dafp0@B5fH|_o(7bu}H|PEp;7} zUe6IQub5l`VN0~7O7LtFnT3D-JKyIJ2ynJ$5{vK-3*P5@nVF|4;rqsppnxueAgPM@iVYd#~WiRb4n0yi};V1$gg{&8c;ip<&#@H4p)MfJv+d|w-ZJsadU z>knw}%?V+D{>pH<-f&PD6inG)PF@Cw2vm&P`CcHLN!y1IAp(pUn>aU+=#HG2HC>%k|5U867){s-kl2&eQ zvX|nBb}fBifxrH3kMD#EUZPGhx*ttiBzacI>{WITt6AH{@M2k^S&K<5tG%9EXz>jP-RT3kwI;s|d%I zD_Yyxq#jan@!FhSUb=X_;y|KQ@>-B$01ly^d1Pc>8bu~hXLgLmA({~!0-FKTCkV4m zNUxZGAeI%!#iC>wE?2xp)078EghQd9D6E=PjXaeO&`bN~0iDHhGVKqrqjwjjq)7J< zKUZZnagP10R|yLu7QO-+i0wb5-)XV10Fn3XQ=me9b1L|f*NP$)O*tfX*S!VvI7YM* zf9pg-0fF=~l{lJuzse2PneB1{keMtR;9q1c@u;qVz(;ysSx5fQZa;`6Ev}Czt@mAkHlumh(_7LBLdX)Z1npK>u4#r*0GZ!06I3~nT`vLCNqoUBj_d|cD{9j9q zatniuh3XFgVhD#gVyZa}nO1zI|15*{2e_CN7vi@8uy6uI7#{CuKQ#sNsJ6U$rDDc8 z#@(I=Iw(!tnh_l%0FOkp5ov+2Cv6`EU7poHb|y5yVek;E=qf8zG$apQUm|*#+a0*& z?|7ShhS-EfxfL1KAk6WGl6>~kzcWgL$Zp;*8iht~<=)?BNOk0DT#V#i)J@Ez8Az^r zH4Or)d$XcpcZm8X$3TjTDw#Q^!F%cXSfyj*6P#uQ1Ox7KFleQAZBOy-qW~O^<$5g+ z%izGM@(I}bV(lk`$#*dztZBJ1&yE%%zAC8 zDR5M~bl9h|KOb9XmVzSdZWh)}63391+2bNf!pCAlAtNIfQw)M_F>EQS zxW-%c4%?UFm*w-o16JVxedT#;|71XfD*=7R*uEEchE3z+c%?rE*Ymd?CEYK}TrTnq zH|-oe2N=OYHjbD?f;Y$@`!VqF!**|=kG*ET- z`-41Z=a<+ZytW)URPpd%qMUB6#+!6CDW+B)X}6cMw&qS*D$+0|fs&QgPk%19K7#dK zX8F>BV%5w;vDIH2=9lsUl7=Wtwa;dCa2NS5a$4}Kt6El(F8B&$P{uSGyjzL_i>q}} zD|kw*M(szv?6nm!6!PtH)k!7uFV&moRHN>3h~=7RVN3A|N=rOT_S!=B*q|d}LRcjR z5(6hMI_7Wo)S`Yqw9_Qb+=)F(;WAIU5pV-77V16_(JE zi0@r$0?K_`>WhixWRZ#eX9YA9;)4!%qT;B<1hQ*PvRpsnGPf%epzE~Jyu+Ilb+pL% z*q;!(3Hw(=P$Uw7f}5>^{*FqK;88`L^@qHf*@2z($}d8ALywp>KuIYb7?|n7etXMy z0vNCL*-_e=iOF?JqW9_HH9{?O?vUZd2XMVhhDraE^Rhp5-ux^0pVl|WAHHw-11MMg z1DBe*R~Pm(6xnBs*COJY8v}q*`BACu|EF=9_Ps@fmU=Sx6cEcPO$qySQRUvdioFLI z$+i0yh9D}Z^Rw~pG#N`c1j~|KV0z&Vn4+6nd1L^5gv&RvD-V(ka|!a;6^ru-@dYsg z1uYGq>*`k6Rkp0<<)R6bj(o@pJx!p}!(J&KFWAI;?Pxu2!}0tX8y zfPJ27_E?MhZMyHNA9d0}iBZ2lazE*KNOt;NAQ(C;BPQ@)7i{_+)#Fe}e7~ zn5#~MSGzs7%>zK7kB}jW*wxR?&hy{fLiW1(UTZ`FI|jVv7!QG82#PWM;pP3J0hhi+ zh+2qf0q7D1@rp-@(lsNq;39$4@k)+x!5{)>eg&c;z_X()D^-2`UJ~`}j}3>KJK$gW zd0+w5f2O=B7&{*dGx#gTEXCd9KmJkfUy#EG9$?T8X*qZqTmEFRO4Y6ou!G;`EqcH9 z)V}e|0)`$M{vs^e5jAD4(@S-RrcYZ>^$5AZ zsj0^8&quKJR=0?>bc}Y7ym9oTemKw1Fl2)(3^`7fWo4N)~{U^G0*DdInS+}<4 zW?m608t{L^zZ_cEx84kVcJh2M)Hx0@&P8uOLFbkp9nmm2vr??5mzS6h+DEa(@HX|j z4gnE_D@~HLinvUEfoNs8+N(@8u1Ia8v}f1ac+g-k?+?l{!RgAEqF1C(8@*R4ZO-glpszyAMgbg&;Lmqh&%m(XY>{m z;&)38D&xLD6w#SzDvSWSUE;b?8jItoM&iryiby|tr8&dQyMQzbFRva_M9mMlMB;jyv0W_Cd| zwPJXPNJ#DXko@bPFvaz<;)#|`)zvd}>Dcr-1sW}r`1-Y1s}=Xj{mLbC(O;>{bgCXJ zoAmW)1?UIciQ2)fp|k~W1D%>=3;?s*6GW%jy!Fvm+aNIT*k$%(ugE0k1czjwB2(Lm zr6bJoEynj)y7i{EwXazj^-e$O+jYdY&Dm0o>nuRGRj_>R{zF4u-BeMiTl7tXFA&() z{So&#%)Mpn0Xp=L;GUhEt4)s3f4m-0)cW#%a?&O5Z21s35baVWS`rhPqGRvj*6Qf4 ztHG53@$hwXNC63-y4$zjoj1eCwEs%C)mg2Qj8)7W(+IpnU1sWBXMdC;>bs7G^)pG$ zzY?9Do;QE^Jn6U_q5EWTg88fyR+bB~VgG-0F6*Km25|6Y!7PSb$LE)nPdzhcJ^XAD#2{ zuc&^x_szX37*XIKKz`|~cj5gLom$ie2SfUZX#7B7om4(gqVSg{fcq11ZGw%+& zK+wn)$BGD$i!3hQxfUIR*+Yyts>?pKYxnOXg<~o0RF?txGhjJHB6r*C=v1RK=m2sL z{6%WR!xFO3_UN|(ZFe2TdIK&UU#YgnfEix?xN2m}f#X2#_?gccmp^xBVp}}?6u$gn zUS8Tu8yohL_&N;afcpXF>qs-wkuL%%%6X0$Tcj0wR68KpEenKjd5Y6nkHGS*!b3j&qbJv@v7Ry-HS*} zY`7BD_SaNQem5PP4L;f0)CU+f=bJCrV;gtZrv*K;t_2JdQ7gVfhk~*cT^Mx^003wc z_-NMmxoF|4zK!`O*6J%Bc9HTg9<`W6NY`eP$a@EDHxhB>p{;8b-X-~BG$>a?$G|?| z(XuUSMC@4qL^=QEapcOobF;W2A_N9$%}4OszjJqydv({ZlR@1mDx$fzt$d=k>y<7> zb_(@E9m<5O(C`RJ^82H2#jP;XG?Tb-y+U9_{hg}AX9z_9Zhb5u3Ophae=5H9H&Ru9 z`psO}fmpfVLP10zczGB&&A_J0hAG+bMVD_7SoF=3d(b59f^v5}qli-&EATO|kKNl< z&i*~rj^R3$SER3>K{S^w?hg{=5SP5fcO3;pPoDggzkL!Myq2^Z0mAnr_ua(~leAA! zDu?rEq3*iuX86(nax(HAKXV@jWKbg;^>AVF_(nDa0S$r3^=!;bX^8w}%_|4ItnO;V zAr!dwQczms-}s8J>6`v~?a9oKVb4>*1}V&-th5V#eNX?L1?$lQ48g3kSz2Xdx=%R< zOp*%Up&QVsQHab$&f(gr2MLCfT>~pmyW{{Gaze(>s#QCom+zr}I$x@WeaPZytS zr5ba~QrReZWuEWmbe36i*w0Chmdp98&77_1=5#F+k1ak2M`ieUPuWjtQo;lTSx)G! z?KA5s$7&#Fay76(8ECZy974kMe@Kmj>*gG2!9wPr5~zY7pK5C?e8ZyKmXlpqG;cWn z!qvEDjo~XG5MB4^zQJ~rW16$ne%wp;CbeuV&K-2&FJo7+_{VzYaP#u6-Tusn6ePGS${eR`PR@d_U^K zElLrNJECLKwo0zx^cA-=36umXWiX2|Xf{*)e+HcauHo?bpf_K5{8{nJe+Vih;5M~{ z$;6;cX_r?a{I@TQ`SBGP(f%%K!qY3nW_;F2ZJQ>@(KYoU;)l&rahK|2Q%;PDm>C%? zA&%^-7Pn4GS;p_4kj0E8n&odcQWv&8EUCIAmW0&t8HPg~iwG2ePIqO!@)U;qY^39dWV21XtA7hRtZBWP*k6YB!d_Y!cYi# zEcfn#%`>A9e|(hr!;FK}q9J=B zzVs~~RH&Wp0J78eshQ(qRMv{-|Bv^8+alfEz{CcCc zT)FD%fO9@?$kn#w>gYf!d)Z5^AL}V!C8*980Xvq%zTt<|HKn zrfIMGq0E$JM=sjsa*4=K`6^&Cuy#lb;#b8h=Ksja?;aketp7vlNBCyp^%>_+J3Gqr zkK*jxBis+&iCC}@u@VuYVTo{zQz0|l7pSE|6@Of5R%fa)WlCnRQ2u?~%E8bgMf~J0 zLQYa&MA~UO6dHaoTyQk>YC~&e804?6gDNXJnH0}Rjw1*(B#l+dZ(<%{<`eXw{D@rs zr^GjRz-30RoB7f#=6R&EL!95(u`&?ck{*g+ZyrA(ES;cQzz+3MjnO#O;CShj;dCzM zi*Y85qfblCLk9ie8P`J{RzE+bBoa|8>$GIjKNmUoG#EZ3pkS9}L)j9^@`(yZ`JwVk zT~hxvK{y1%B1F|BwWwZWkJ+?5$wNVpxEueFTM1PauqkRh8(;k1DGuHl^)OVk& z@#oV##C1EP{GPnGMJ??L8O6ww**#Hv-62<}*-y@je>lyJvkW>6@F~vpm7schXnWZ{ z7X`gb+&unzLh>5%p4=1D+$VOs-Tvg!gO8Y2REwdo{jR6#pxb8O=9#vSPkho8nxvqs znQhWgtdI0urvZG~`cPk5=cbvN`&l(dEyy&CmaJ0UP&$EkaFGzDh^8@2T2)<(ZqXN5 zT2iXxqWhoKEPK?i8-T>uy($pNJhZ)@rhgiU-{h9Hr%`dcJ=UKi60Z8V5PaL$uEfv> z$V5mB_5+6xjRF^}3Ss>>RGuo?!VvmG+qfcAi0x316*g)5wO1cPJWzoi)+NVe(L@#D zeCjiIgZ5Jodh)V@ih>(A)XP?o(0fRp_CivDE*vl&r5SzeFN&sBdeq70l{#_P*7VI1 z+Ru?+8G>dnbns<_Q7s-T#Z}rpnNl)NtEhh(p6wq7U74i_Coy4m9UU&p6pD>#`Y$|( zu|_3|!R7Oz{1J}>zHuK%szhq9a@gk=2`pjbedgV_O%>;p2 z(CJMEqHrK9%Q`(dxk4q#jf*0Ive#O#yw?yXywj}n8q*aSIH9L4K3;B2QRq}BU>eBq z<0rc@@AHRebU;Z9+u>KQ{ewLi3 z5xCJTR7ZYANn6VNdy|@fa4dN&8qezV&TNK%tavn|OR_HX@TSa4obqAS(C;3-wX0ez z4ea*ZB_C9|$jz}ngl%XQaI>3$@Kz}5Y+5qFspT^L^KDME$6Np$bt7P>zLF%z26S5o zGDa4<4c)vyJv)CnGHC7vtpuz@N2{pIST$YwzKyhc-Fa(r?#4TO^f|jYGcb}5s0EF@;_q=8+jhSe((btpBv14H=|@`J%xGLB3OhcWK)|69}=_;fvY!y^}o z03_xp!2V38oiq~rnMu>0Cz9^IcmwI#i4TyW#~>BHspD;LIcPt(?x{*oOo6@l5)=n%p;^h3842op^oqaDHuDu_|}B4@CIb zP$_DqTB6nScq-sNf-Pv8uz4qYR{h;9VdF!UemuVIh{&gp?+kf0uO?x=t_LLFc^1%X zjovMse#`HsQ z`q1IfJ@wj`^zBH-x@3X*gnN{US^4Dv;~!2ds$104cFLha574#OGa>4*aBkt#oq03x zt}7WY!6KB2PF6h3!;@jfI%)z%=xfQ zJ&-cx{~|DsP$wkmR+ppH<&|}rgm?l%(MZWvqc{xVL_|b16I=y~jJoxcDJWokt528u zAVMSinKKid+pR4MO=F?Q1a~HEUW?JrVyNOwzyr4rn8u>> ztmJ@=NB*j&cP2{#{D@FNr!@F70)p;256W)^gMT}(bKZu{Fm9HX6sk0$ctyr0)V&kj zJcF<+S&=ZbdRPGkfqB)zV+3JfAy;YivV?e_wVP>3#|W;D{JZzKm+iKNR%{vmA7?*! zPt)7(9nEv^7V$gKq+t3Y~*-5dXjg z(l-(xS*Mc%>IKNaWTNl%#-VsnWf{qgm|PK_1Qm#8iP;#HUg^JsDQi6c5u<-+?n+?i zOj_Cn3xb2xqK>Cr`il0dVJB#=fOJ-W3#}PTsV3uf?ztVZJ<>hD=ql%_@?-+?TBfOl znlRF`DjOx>KE{DwYU#lAcJl=Cegr}kYFk=n2weA>J~jlrM_wqu42%%@49`I#W>s6d zA5^AIXL43x1cHrO;-E*z#4u2Ek9-BwCak}0gOuNnC54QR^4tDGzrO03fh|wg^qny) zuREK|mC6`|%yH_mR*6%|7y-1*f?>+Pni-j|t)^ISy^4o*yiw)b{vIu%6=iLj# zA=Oc)QrXbIICYeVHl1eL7fZ#-{Vsbt?glSNP$CfOx;@426Q{k5K?OWHC1-AJb=H(# zBbCRzABLNMwI^fka|ZDsvH}hxU>uMxTL?_-ANaVfn@>0mY%SPN!Bf^trDkcyI}q0# z$Je>c`*!&~IzU%9Be(5^pp6*_={I|;W)9{XIb6oI-d3l>xty}7SX+hmS1@*@9Hdgb zC=wshzU;N#5?HiSb3A?9>;y&&yr||sEI~rybgT&3I;2u~{pR=2v=Dg{6CwzW>XR`-j`| z3U|+oA9b(a>pX~p2+L;sWh=o}Dtx-J(L|saJTE>WLvO=~xvO3jI+$a<+omqJ(>ix9 zp)qHEvJ-(>dG=$8_|hSa46H-FB?=b#c&cOQ=MUVzp(0nuyg+d30zf|oIDD*e&y|p$ z5vja?3i<4unPjAKcDVxMQFQe{zsKH-0pgd$O{bBk^T&12ARa#6mrC$l zsZVq0c~Xi^OTjkw`C2Dr@8Gw7b`G-*YX9g3Jt>0A{B8_TVp{lk0u2g&eN0VLCceM8 z?3!&4gzZ)v7yWN1wpT|4Ke-xbI{0NE64SM@&G#9AofZ1@@>`ss zWwNU^vdYpX;Jya3vY`Gl*?w8_z@TI`!{@e7`QrZmcqL>^_V$eK0?27@miNjfbbBZ_PD+ z^@WKdV6T0CYfoXgCY}~|9Y3LiIHnH}xJ6b|Ces1T!ri_bYMtY5q>6iqcrm5&Uyf+irI*;F7TCQYd<)l?{v(*YA zd|Y!bh=6HK{9v%8YJ?yGB2NgtUVa(N0y^hbKCM=XVO$Fg~}Jvmxv z4hXUo!DJH2uJGQBmz`bRRn7xCbZt!nyY`z@NnL?cb%30e(5}HDFO@ebDXYQpmD6R` zw~h~<7xv1bp=ROlX2=kMmH7S`yRIV&ZAe}yiB=KBBssqo#t7~M$k2m3 z^VcA73pC##7#M#I(R$%5fN0diqElF5 z!}!5aENaLlmP=8O1OI;d3sC3EkV?7vQ4HD;k4yjV-KP*}OU{>oB=Rn@)JXW6FZS>I znGgtoLoaA*;eR+0mj?r;St}^2P2u?dGa)nrquI%f`dW!`UTt@!`#%IEaG)Q*MPA!AmzL7mqO}3@XetC0tRU{j$5CZ zB~1(aPz(p7FbM$u{{Ry~?7qb(X!cS|NlCWOwpJ77iM6%1Ijd@<1TzE=aYnb#EA0g z0ty5a2q@6hJ8oB(NTHApM+EnDtQ&>9rM1K5|NC4B4v&Eu&;NACEHq`wW#`=CYzXx9 z883nV+>I-(N*?nUcO0};!U@38;9cv|p4*sz@oeJlCIr7upnTvOtX`Glc{ttuI=O4` z=|WC54LU%7&Vk32?b8{6d0(g<=kz5%hP(v|F(EMZEj|KV@qvw{f zbFKw_b`gbi-OT50Ls8Z}5@Y8Tj$4k9_?gU^hl%WrnuoT=u{ed+OAd)`i?oJb8So@e zX!XoZx1Gq*97QX-CxD$#?opVz?-{mfRkepm|W zqmMr61cvmqbo-t{|L^+sckSaJ|D*s?9u^M3fc?`y|DApCgYOma$*lrR`J_?+*4s7L zTw(9J?Va}C_x+tUH#OU@e{r|{^*?+>Iq`%#Dc?}D%3?6NMZXC;Aqqcb{f>&6AL;f= zy$oO!m}KnSCjb?jJNn$*I-tK#RSTI`WdVDX^OqSPp{RjjYwa6S-Pj3RnWOO9K`-nq zLKAr0gp4dI6PT&lBU9-G7y+pJ%k<@0`A_YtU#a)y)Tk019Z=xxp#VGp?^lxmYBvg4 zwooO=ro)wC?jYnFg$*SxKQG&PgAsm}?BqP~LoZQoa`H;h>?{mN}WtX6@td5cHsl$xCjHT!2^(7D8(GbPtSdGyOi=_-DjsQ zF4!${?~kr`|GrA=ib%7vqAZ(;9CdO7%Ar#s`QuN@ZpGY(!?oa)NRrSo)+?1yk%K<1 zr}n}r=pGPhq6cQXXH$+bGWzF(=r z_%e(L0e%A*n30*Oe95D>LxM)>vNB7{DX^NBeiu@@)Fv0ldietpr)e{+e%YQJj`H6- zG;Zf)MOc%({)EpGO^;`t$bdNI^bsD$dM0N2g%%hEm<0S~e$!v8>i@3Glo3EeIJvm& zgHgwC?60m}9$B@}g8dLOzi)rPaDDq@3|D_aKLG^-3M@Sez(0Bg{1++r)O9O7z6L*< z+WgS}Lx+#Jl6eThjy>s{@NL4WJA^Sqy=**V^AV1xo^!U}@Th26F9>O;{2a<8z;X+5 zZmyRU2NXqe$59f92Eco~Q0JWO`ls8@IEm7L24EPV;Fgx=xsr`2)Tf#vG4-6B&yO&` z*Z>Z|$=rW$ype9qR3tc}a)TIMid8Ydt3*JFN6#}m_1yFQ?TtA`(T&xLS{QZZDmmwI z&pj*rIe6;E(DnXu=zv1^XS;s$%=C=K>0KLDiMVkmL%7}ieW&)r`pILDjU)6NEc?f@ ztM(%oski%7Y0IN99R@%U0dT664UP{eaGELL&jSpD7air0vVeP4&oy1% z;gT6@Hv7YNj7-wrGEJ-qEEPgF9Z@O3GJyag7!)ZqutX@oH1ePL4D@tZYI1^Q3I*8B z8akemfkXX0wtnqOX{175R!G!fZ|At<^!VOx# zQ@XVhnxa&PHUwfmCu$srqMw=&X?0@g?C*R1IS$KuT=cl^Nu=#pI)I8lxW)v{BKy+^ zMjTc!HmW<+_eWS;y;l!7H_5ZkvmeLdrBme|0S)TBd79+)0ANY3R8&B`CKkG4-*7eh zqR*fO6bLBr%A^4AIJ~HDEXvkrDHK|v|8hz?e&k;;BigOb*{vl3-^`>HxkCB z4+1dW<}q1CnP(QOae7V%`u~VZ7A)ksxkkL+e6L-z+<^m<5>Q@VsQln`H>ZXw0E4@;ATqK6;vZdzK3XJk0hjK^ttwEb^?457cLTh=l`%ocP}bEKsZuu6jn?mBalRQA zjdU-JCE~*hy`Qi&;kOV@k9VH+)Zg`u0x0fW3lp_}yz69!Kb(R~g={|QpkcJU{}@Nw z20X>x-{yDY|33CTxj;DHn4&a}NU=XES&B3dCiG@SdQ_x&SObiav5|U^l_1ZZI<43K z3Px~aLC|1aG{1lE*U9~*pP&U42q^H%r2wzEQ@*-dtXcCwOwYIti5Yr=t5CAVAW{C| zX$Z0i!sL+m3jZaPxiF7lL>|&SfiS$7%@e|--8dPyn~xS~0Dj*n)1*M8NijWeuvQTW z-OlsPX~XTUp39~9G~gaps#_sRK zF=HA(^aFU2(u0&11bYFaMu{93fCYv-ieXs!F3^X5=Q8K}2U+=I)+87Xg!)kRZdGR~aKg*jU{v?Mx}bH~~y{3m`Q~dAe1dG6E-eBnTAW}M0rI~9@8wBASF6migH=1YThbJqF8jIOdoZwvBXohFGt>XJnp61 zhQXj!l@g%qe49ho7XkW(%6l@3H1`u40O-SU&TyfXcq&NuST5Wp*0T@ejMx3f@RJft zyanq8Or!ODIF?J8%Y8r?aOb9zpam2NC~($L0DZlucE2S@4!T_E{()gv7K_kmlreY% z%mE&hC?yYpmyr8Th5Nt!)9Vy86t~507$91uEM}@ymz&=fcmSLO+TaN+5O`frPrnq^ zdZ)O8ldxC~#hiy{hneP?Qfq_-&|p+K@vvg9F=l*5B23h;czCnej%4?k`{`suHP0kBVaPUA|K z%~uNS_4clJ-DK$*8FuNFZ?Ox{UuUIdW%h`qaJjXOCOL4%g(5PyPPZ_q0uVgG0R_$m3J^+!2RlxlZGZp~))t$8!zc*_h4El* zE=r!TgUV5l)3OsDCvODfLMcU6B~Ojt{^aB@gHgbgg_27PJtk7epwRlqxE-eX!vxkU ztM*#ex6M^~9lYvHbbeoq0pKIHoqLr3ivSQSV*&t! zGkFZ=a~;7k0R;jIEMW?WF^rE4Sxjn{m8@GX11P1kU|KKd6c`Cu$G4{_z5JTI^&XNo z^8p_k5oA-BJ;g`7OT3C@`lD|`Y~3=y-56NyExY-}A$3Q(W5!j2i~ZS+eq5xQBHKns zN1P(+(7bhS`d_H#j~ykODlTa8!(M*wV%jcvA9I78{_ z$qt0k866h+T0^gUDK0~8qb15vb@1RJyZNT8 ztgEw2pq70C3eB@`eEp~Phky8Lmx|LZ*MEeJGN+>jDFCN~>cKe!3M?=MVDw#s<92PC z=M8oYd=WV~LI!04Q9Qv6VD`vO9=AFnN~3r(xv-5e_93B@WG1L~u$W-8t6qTNfCz?2 zO+3n(lD3TTpm#)JRe(}S;djR*D)&kV`N9;`Z||5W9W%B06I#10+WAt3SLb+uR?vuu z1Y}y|K}R0<=jA=1tOMBBBqi8Qm~^;A8l)xFV`mHFpRi&@GH_iOHlQK*UGlNJJ`6#L zq8HcNt1v?Z0F-(fQ4L(We`)lQs9Z$BHi$^xc7GfD2Q8pLK!H~%1;o1}B9%KY#W7W3 zQqMOkJXO}@bp=ZA!oWDqW&4U50P14s&_X4{gJXitZfMiNe*vjOurM7Q^ySuDz42j`2x1pf|TNDi`Dr@R22Y2!9q7^LTRu}DF}7)f>UKDGc(PVc_lJoAsX{8 zI1IfCE#9}k#+A^+>yI&HA#?rbaxM9ah#+)7Hz&hJRLO>UXui#V-uy_0LRDU%RN&Eu z7TdM^uz|`BFdMYM*sz#JkNIBHLLbMgi7eBnxxY(uKg%Jn>#@^wTX2LRlT~#p#ZZm~ zz=x3uPT`gv>;KGNfMPO8iWubfrwSv25PysU1LA4#x&3ukd!*hP8k+3OU;cB)$6k2; zMXRl?)B2ocf3LC=d#-yj9x%zhe!(FYWmmI5$$ zO|jM?3vQ7txO16o{mI}|nGm_5v8oub|6rv(^4Q~6Q+vdc(=x2Rwb_aa@|6l8#a|~$ zQn=oz-0nFNkYa}0t#;q@mb+}V@}LA>C*iMOVS`Bu!7Iv2vYH)_E6*y;h9eW4V#_gc zBb`>WcbjFGtX8ChA`28^IV6pD>a}t`Tw9xHacPM+nfa**Y@51&C_x>&*G>o91;VHB ze_vq^-RE>KBTL50GSMureurQi008Wlr@y|-OJ%?qz;*Z^gm?@vsWP}E$^;B%04WL3 zBvdYC*+0h7NqwBsw+^1`@u!=n!TAFUoV65~WQZu;QBtmB#Xvg6SKzTp$_+;On);cJ zR=n#`LJxf6sjbrEqbxf&-(GlemxSYHD=90t-MjZGJigA#mRH#R1BaCRJR)y-hHZO( zhrDW;_S92bY}d}cmZyp{mDNY=`R8{EY_QE8w{PD;>l3nkenElVci+R7lb35rQvM%$ z=y4Z*%lxx<|6%34_t=(g&s#}psYOP|*zX>ARLdm}9FPbE#<;M}i)5g34pkD!4^B#w zVO-vMny<))V+<(yaRU2kZ|`>a18dflJ4M)e{lk2&lNm49=nO-eOd1+mRmv~z7!ca2 zUcZ05pH_f@B}*T$4k#ap;-8X|=+1}2M)QxE=^BWhpmGH@-{W=P{D_p9_CJ%>Gp94p zK9PTvE^ZU%P?=H;UGR=JPJiTdy}k0*@$B%dC8hulIcoR+?qPd&%X7AQ z^9HM^SguN1Es8=(6A);lU2y&;mDxO`${5o@La862$h^`vTR>)rUjwh|=(0+@Quvl7k0dKu0DEO%ptiwy-{q`){ zEVIu4cztOSRsU|^$#eM2+SQ#`QX2n*7EmCdz-giY-g6=WNXv>-G|=;n!WB_IaE8)? z;0?3CpL&ON{CnQ}w-RE&wlR9cGq1G*jwNBI=lb=2b~A4 zeAzPl4edDwnwD_2(7?eF;~`>T(<$9C-4Y1dwNjlJpstjNvprn(Y5w7Ob4&{t~i2(4y0&9;nxpf!< zFhu#OC;l;v!M_K5b9|c&0AK*Tk_-U;Gr%(m1^{?Kq38|V%9mUSK8&5U8H9_M!!pK_39P2dD8}^qU6ii zSZo(vxLJH`nJpJDD<~?mveoNsELs>AMWyz~@BUMZO-yysx}ncwxXHl%(k(pB01%`A zgqzYqe*pzfBL!gMgw?mm+kJVF0Pe^OSIF0Nyc(u}p#TM!?{?LjU$5}^YzcVO40TNY zB(H_ZAxex8um5HNo+PIv+psL2ef`5$RavdFNEtQ}8DlBRjoNWg08>Y6EiN@*f@QMx zbhK!FlI7*)*|SeSWob!qRxQK81y^2g2lnoElTTV=tQ~sxca~XDW*N~*Hs0TE+n;_| zVW!FU>=O^$`B%nRLRN({GE8NtCnIk-I*I^*C{}`7Af$10XDv%P!vOJU1$Aa&82J6MkwHd#vY;X_q+ z@x|vWhrC$Fu8|k5$S%F~LTjmLv0Qome|hI!_Vb_Jsr>T2cK-RB?Q38Ca|a0b$fJ)7 z9llWc;aPUuyI$jj^JkvfYQOx&ukG1qpK}I=h?AKRLays%7nz61S;wQiVZ#bLbm)l7 zSw{)ZQkg&>xQI)uj!)!e){C2KsL^R0D z%aYNi#YJym5E<1(#C#O4=F^UJ2g3hXt}J!w5R?uCC!n|}*F_*evru}oFUR8TC-npr z_g7-$T_*aH56jTrz2EvKy)ivWbkK6Y=H5XGfuvgEAUG@s$bgnt3qL7Q2*Wb7NQjV- zaTYb685+Qvq}bFcr2pK_YivT#@bF;2b2_D`Cc2c@h*%FiGBG>N8B7LyJ0(*`nc`nu z3hZ#Z1a7ssgnU&3plqu9x#)jhnNRtmlQB49K!GJh0r4qN><`NWJQ-;??ciW%aWVmx zsEk~xknr)2^PBba9h3Ntk2S+S=~& zOs~53CJB-`Zokm+`^!^9+@~dqzf$AmTtkG$Ygw0dMl{Arj^DU0_OfCR!58CBkJh=5 z3>t*M5HL~AghdS)xUwqd(YIfN}zxbZ@H5|0x{NU?Wk{)ICd$w77)lU2M zcfV?xQGK@m*@x|(?|s$chubV^yxYF}`A=GDMznR*?zZ3G{SzzAjI{&LKBUwHAvtRt zX9(HPh-V`hWI%!WP{4l&iQd7u$Zy`w*_)??g4kYOUTXjLiOSepOR*#F`qL6h_u9hJ=L%@j8W1&Xqs;3bsCCJF_E zAK$}rcJK_kvVemV)+`~6_ntoCZ~X(pBRP#U3{n7I$xm-^ZD$4Xn4zpSh*C*U1CaM0R1I)#RsWS#mhRsQ8u z&paz3ui54QuUx&>c0d1=bu`ska$Yy!Ov&n`d z;$0b=>OId{bA7eEM5$J>aXF_9`!?IZ9Xu|Fqju~~fTd=;{eADXU;W}&E|TLXKe@{)RxNiz`@MJHXV>5GDj9w1 ztzt!mz5aC{v}>=w*qWM}1()pqSUBri?5!hZ+s zgCF>mU3Ja*R#jDH1!b#ja9knCX9CfKF$NTP1ycYKABSk0LV+v9LvvI?Mf&B-cA-D)?AXY7>s{)#IuRXMHw_V6Q*+pX_>v%+f& zq|kQRyZ-p?wq@&c^4>OEe_y|yf59dvSf?nmi~;24%EN!#JFQ%yxEKP`)6x_Pu*uf0 zU1m{Iwh6sQ+2?#W-+Z0D@r|z&C||Oa>t>wt{^ zN)_}Y0Wh*9D0Ht^N@_~HQXqQAtUM=9>68=hlbsx;vcgf;Avx+m%cx|O!D-cce++Jv!@t#=pD$(O%t$eqW3;8Vz;U^DfO2uONTnDqBu zjO*i`i)9~|0uZ4Kc!{H&!bs?ZlVH&xq%%>B7f^$vnl%n}5*F%tmQLXm!Jz>K0t(EL z0`7&^OWE8zZr7JfxmQhlyuL7^>6&8#`XgQymIiZ+Qn+`6JUX;&83dSw0YhqOYj?aN zNkA%feR0;+-r~abl9E&9y&tpA_EyVK9o6wDfh7$O+CX2IA__8;pB^ay!Ewt{A=|Ou zHYec4fdDNWfPv0t1p|y)Op0nR%gY^l9g>Z#qkr69vtn)r4rl?L2&3Q8969fF2zTM9 z;SXa+k>|Quh8FsNtg*~Cnopm#tsFM&6Vv0X{W31^pMKzI@EoeXjEoFRP>*r=B=kF`l7H?uXO#>(CWZzmT#mwVM~0Qc z6yw#3r{aJE-qL=jqcMIrPfEc+Ij*d#cl4=PUhKSvp<`k{uA9(){t@XwNd3Wswa&x6 zqN2nd!+uM#ajjeKvNqL1C2$;thudGDk6lU^gDjygJeti7Y#y_cyn z&H*xsVTk?w6q4CaLeI!CJDUM%mH|LC_s%xkk>T48S0Iu#J!Z_-7A82J%DS0Njo~|Y z&{IHxfC7t50j5^GHiU9NQ9EuoRFJ3bF>83;RE7;Ra8g;A#tB13*ec8ysDK(}om7cQ zOm)DrGd-_|3Qa4ge84)RvMf#mXzfzYxAu)qF0dxWt&fcqZ{1eIvDy?c3`k$vVf zU$l~vLV4|1$h+U_>e}Y#=elF->W*4zKW?9l?4;MqiXL43V@^ zDfpa^-~Ko2S@zSjh8bW;8ynT!fvT*XFgn!L9uYtD^1O!!2i&o2Kb?)S(MDvMhv%lI zCOM^)xsz>#pu2ta8)cs|g6^XbWR#O(VXWllX1Kcdeu=-+c|Eh8+bPw0c<`v64zBKz z`z6JV=!+bcBs{FJ|9(}J;5l(=36qb7e}87Xt}|}CuFu0X^4=k$NAUjlsciJRf>>*p ztVLKl`Ts-%ROEU^>Tw_u5dfHSX;y?icf@R+rhdUPol?~3V$;u8_Wkp6pYil#VBG;TD zja8nSQLjW2A({zFV}NOPDlCn1feaSqp2>-R@&5QANB((2FNl2s@e}fZZO&I+TY=fQ zZeBjb<9DkNl_Lbq1xRNJY8glgrgn- z^QBv-EicS;Xu;(2c6awl;m>xHA|4%b-(m%TL%dgva%`#i&_672!7fFGDHoWAK_FG7 zuqLAPJm@nqGGKxbv~ht$MoQ=%9~rWq5rqy*AXzNBpA>qgetx3Ah(tSE5`*Xh0uPKMBY)2Gyu1_1=F z5?~-D6VC)%&i6L*efyR6M4?Qr2`$&0_ddj7oHoA2BlaU@1>hj%9*8 zhGS7OAP8fiqhDpI5;AN+_jgF?1M+RDd{vSRQey&U8r1l;UE`0?HJykS{#b+WfC2#p z7M21;lMy{Os1&TH6is&RahbN*qyNCkuqX-B5x7b{L_RGPuNdAAbQ2aYP zyB(jWIsnM^0N4>7;Cm?@pBMj!m!B!hKNR2^nZMlpv?Oi;a)V?bJr~gQY-mmf(4`_1 zI+;k0Ampb$Rr47U8vUTY;}oOrO8#oU#8?4v%4$0-77g={q zstt)rV<2D-C%+0ND_KL6nSha&dFx=pO!l+2SfL;~;2U|ZhXj%Xf=gt=%0cx@v5u4Q=mbSgWbtv{z6fAoFpy6R5-oiU zsSlTnsSD&9IS;gQmU68jCpS}78=`yatWozaL7U0b(2C&4z+)xvGAs--lxZ2^InhoFx?C9RyPZkl4B|p@d5z$WSnk z0}MR_Xn^oe{`s)HyTV3w^Tb@{g2lQt#s_aMEXZ-dfGnf@GiH?2Wbsdo7+&bHn6nzk zgnqjpOZbm}jWBf20I+m8xlhX_Oun!V4ay@YfjkY+a=XA50g*ii^& z8*EazewQuR_MX~ZRuJ1~6`7INw12B554YHwfyl^c$%h}X7hl|IKmWzO5>_(>>U2=+yX@Zk9<*mv&TISj9f|}P zv&SBN!j2rNbKrkZJn^i(@Zw&3{Hf>MzUlIGZQr`hdb+#q$N&2yTfKI@C8nfl@+PXm z6GZgo?w_KLjn5Ec(r+i5>b->(;ELf(L&~@307}N@6rW}F&bqOqaTu!1ySp~oaC`^lS zAKv@)gec3GfuJ}eR?AAP)O?(gp!Av+A`8_i9WP?z8FCSbI6Z`maX{r8N%g6$suMm@ zn{$egT9chEN5!%NfjlmA(KIWS>QPo&Xn8{MC(OS{pp>;o8jrmT{(Cl`OW`qso}^gp zXo;{o0WG5Zv(7~X%%{@@JSH#zEFf`%t^*1zMGDBNAaFZ{fe9fGBLE&9yykL#J4WS? z8QEb{e(+b#|C>oh0?p-@U1mQNm>jv@B_$;STxpZyHzH*+%Wiqy>n&d?0@P}bQ>LmXRpx}9mp5)} zGrj5uc&a2r9XB_HUKbMy<$r2w>TO?Dt2I?u+Gt;=^|>;1r(ZH)tntcS?PzJTCm(sx zB1Z@9y>EZ7)g0U>t$olg+H{VM5BAxPZCmVfpZGV+(KY|_2j8=Y?zzj-l-KvQ|N5f! zsItOue*P0{sI9RvA^MLfg5o`IeV^5;kMyKCH~AqH3@Gwpxdej?3&$NDFUVK<#I!NX z5&G?;k36A?v&dFfEOW^Ju@Y2MReEvP?gOfAeU6ou6xq0t9wTDoUH$GTp?}9GrCL&2 zhO!BwTz>0lbdqxaW9&Qu01l}}Zme)1F1c*8Wfl}m0G7u=6K6{FxI6#G9Dx#LNl2Oe zWXs6I7=sp2AfUkMp#bwlH~4yIP=jTl2;c=gekNEt7lPu!T*Sv$LQtIbe_kzKX?N5v zch@gI8>=#S2`a}6HVZ8wQR!JKr-;#kbqUGI7O!>DI)?ocbbL6Pe?9Pbm)^xiErsR} zL*E#>&$dQ-XkPM!ZI--*(H|o~i$ImjvX!1EV|<1{GYR*vZ5wsy|FQD0xActJ(auq& z33wo#sd6T@%EMjN?m3bcYkuaL!l*Z($VbXx9Z2x0LcD)0|d$QIiJSU`l+T!{%m zMqd{m#=GoZVSTgjslL7l83zwn*~SeUY{$->cIhRTxH`|p#l=oYX;UOXR(7@>JaEX? zu2~}tfM{!PZI#C$+E%SzZBIV>pv9?b!0L)JJGlD=Ypy+L%gV&$rI3z_nUey56&e9G zUe}eXa8=C@ZtQp+UJ|Ihur4ge-a7549m&1y=o($qHTaK*Rm6bJCF6Es1v>B#r9Z4Y6=`?fd6!*!*~MDdsLB9)6@?IOiRn2KFh*SEh84;yq;dlShU`8L z46;MdD0OrRqYGL5oMU`E`cXGvHl>|5L7%G^xytG-vFD_b=s! zf`c;B+SVz>CdJKBa~&_o#>fa;SzYJmKT@@h)Hhn6uK&P+!xpWSvGj~g+y3Hi+q36@ zW#{I(GKo7>!gWC5&@tM+W5;gMYgj1xIWkCSVr3FKg+@uoUV-fqVvWK@guzm{2gm{B zg!lILJ5TXa8P_S0dd`RP1|Tz$0+6N1$rMevsd5-RUpwTC07pAUB^Qp%;~%4lfJm!u z9kDfqan{r|YRRe&&^IJZ4ZTN+0&A}76tAi*V1kgwv+xcB@k9%)GoT zD=#Z_A^iSh>P60Y5iaEa`;GC2eprueiZP&DK!8++z({a1&n9$)H}Zj&s(f$N-H}d~ ze(B8q2u{y8W7MsdOf_LSisImXWL;1N;Pl*&;H&`!mIMVH6VM;5zl4CJ_$5Y5fY3L& z*m%`*^&$5Q1~=aZLj}nnWg8}qp>1)}{K;4UMhtvd$6MQj)9( z)twP`sKcX$d@=LAB;YM@N@s<>cDo!;QI zj`3ntDEfo_eG<3^Y}GldZ1>JR_J_CJtT6ot?83{hw9>*n`_8w%W2@G#wWl9{(mwFv zzqGOBLTm3C&;$+ukoP?B3}DPnQ@BX#M33_bVL6{r1VN|JsR1G+4InEi(mKZl{--A< zVxY@vYin)g>NUD|5)3M~}5!Fb!H@s*So+fa16 z3;Oij*VWlMqo{(Ux*FMW$T(O|kC9tz$3~-*? z+12AX!1ARPZiX=%+BFe|XYv~SB1Kvs?L)~{RWH0@ILRstle8BPdjy|_g)&JI9&oTF zFrnd-&&!Or`i>#r;}N>F_6ko>$mBOxN(d}ml9?L2G=y_^B5Zv|kI(Cg&nD|LSz+k) zDKf_P9s4EVSmxJ(b`R@OY^{@(F!?>01lzXnmGEhy=J~0W0V5PO{~?)95OJ%aC(h*S z__Xll$y+)7yYwiE0x*5}MQ=tBcwIt(1(-z@IKQ&H z)aKPJ4lZ6~XHSZ=EN!kE_w2TAF+y&<`K?yDe5KV^S6f$0gB28&*m4o`**V$P*WKl| z^-ET*aoFzIxZW=Mh$E3kXsbDur`>lYNuJHhUF$DOv~;x)E*-8z^2<8+VB6A;mL zOhkY^W7a36Z8$O0M!JyNq-xw`V<6uGI0`(Z_}hmhB}j-L7UMwD`=kuZsaPW>O5l7U zwP>*;u3KsqIUp&|(#r~MfP$53v}=ya<}hFW9NHuq8k9o{R10~!Pg*JAJmVUsz)TVU zlsB73SIvo11c6x(f$+QGc)ldQb0HzKMe0fApgtc8xpA&(PjlQ&Z=f66rDnNY#Fci2zJ_ zZ6s5u^JH1#Tzf20T;NIm081X9;awRXoOQ= z;K(w-HGrWz8`k9JJH_)p-zWJdrXz%XVE4bLs@fJUoaZ>+pg57IO0>t8Pks0~BGLv7 zv$C>c;h>?vkl36@pMxj$is0X*aEkaR0(YY2;3~5UeLT9^M_r)=9Hj^X5dn_epxE9VNb^18lC?_x7vJEHRtJZQ49mtBU|EH9Kg?;=jE&Aa?&*DBPb#@Zx;bI>m zYiuB>Wd*8PvFDSwfO3(Zplv`|%f#6yX0od?j<=XR*hgX;ibvR>&d~FJV7~S-+li_bBvY%&x^|b|eMJTX2nYD$d9dzzNfl zIB^iD&+Y3}m)p|mevh2hAG#uET24L^+&-?1!HnzCVqVaE_ny zQidN zgv=0sM5&3=xrG3@58p(Rm@(MBx5&(-sinh8it?;nf}Y)t(jZjGPt5Va3BU!w7rOdk z^y4QW*uk}3d*Xl;e2zkFG)j2#QuUZ!CME#)nL}uD9^750FnifnAoCCA5_kgNB1fEG z(w=k)b`aFSEPy2dqsVarJ!I~XpXWI2OHWUgDM_~D6sJS{(*f$B{JAnE*uAG(j;iPQ zJ)TWWe2esp_JRu|?MM2L*(vu(m4mj8_y0JD66qUJ>qINJ~i7cdArQemd-!n;Jw zDXiYgBH3iiE}KUz`o0j3Zv>usntx7)V8lL;J)f*P2=j@2)LQ`+Nt+@8>*495{?e!hnh~wq4chK5;2AuGwKfuK| zceOMm=DVA2a>6I8V%4iqi&sCV8XOpE^m7sr^K-T(+5{mm zs7;|XD`@L%Yvb|S!#{T`a*3{f?#f5pcYDJ|xi5!qd z-(2B)b&}?fimA^xPYUq^u8)Tsfjbq72~a0o@zt6!yK25nM`h}_Yu5oQ5mDVMT%%ET z``~9xX>by7FoZR%e~pbT&ZI*qgVR1%LU1?2_LV3^CUd7pW{s3_@!Dn1JeUl3@CKja zA8^AAX_cZ0(9+srMG6lHV}kN&EA0#W4M<>w2o`5xw}&F!U5Y0TG;0*ek@2}zBIwLe!I>1VH`yZ<+Hz7?Fmrl z^M6^*0|Mko?I*8=c8-n=+k4-0w-auc$Pw)7&wtuq{O)(Y zO&1ysJck>iK)+ehkbuo z6ZpfSPH8pj{!E!BdWC2CPs9K?%K(q6iy&}5LVyL()tt0YH_1DEot(bl4Z1W-apUDA z5H2W-Bb$3jWGO5E&uR)5@)7q8d;J?Pu{~1h%29Zj%uG3{^9>`mMS)5vs_Ws(9`@m^ zH~b_}qKzRjA8tat5_>)q*C%PldH>i)KXwY7_dSX_aNa{eA2HuI%v9FSaC&l__F>R)y>>RygG%jfIpu zTa;5-b z`_j_omq_2p_}A#)YMlC!pl=vIQq)Bn*7;Nt?a9v0RCx{ZqtxYiW2gKZwJ7>fvwo=h z$0pWld}rx!-lhOT=WX+&hDQ*HAaFJyz#i)!he{-k%1R|&b?t%~g3)x_Gx>XG`JgDxn`3IL~8F<>qGE zTsb{P-JQ7*s`rzV{LF*KZTac;*tG^7Q9bB>cGe^1Yd^n?Zz;d`3~lWfPKZeQD& z1I#DVc+>ovd*OYwbb1wr@?XArzZh!?_UNNe+vATvYhU~4Z`n%h&E&C9lH&jI`UFMd_uX1YJ)d5R(po$ULeS2Pa> zMxnwa?>f|OJ6aO#wFa5LcErj2)ti3QpVtE(5itOc8q(+@f0nXT!i)rp?ZfL90)d1B zX-xRz9Ts^uwD5=8Sh}JIT(o+TJ9oj^4M-qJ4|&KxG#q$)rJNyEidxsGo^eiHIKLTk zq=_1+V@!y!>gQpU&Pxce(KCPfMJa;7Y=A(xoQ&hhzV-}jg0kjKOlKSMgm@Sjk*#jq zA#1HWWHogy3ai&C=W&656>M~KL{wx+%WBJ(Dr=YY47J}7v7gxfb8*dDpPQR)wY5#Y z?oZY>^3>MU%WM9xZJ@u;e(-~bcq#)K4JPj(*r%rl?jpYWT5P=39n_#`1_ang8^!b^OjsPP05`y#6I z@(U~{FIN(B2z4QF(s~(FK8|t9!#gRGtm9;_JSX0Y74ow*C&9|3?ztc@$;xt)MI=MC z9}6iW_`pnH4AGv6?`@H`L9@+YP9@A0A%*z9H2SM2RhJyA5Ojo3Qm|N}Gx!*eH^tc@@4!y`V zzD&<_^QKf@KwOMik(`}%baW})U6YlU&-FbcB!KA)gk(jhj<5tioqLZI%@)me?DwyV`#I7CH_!C|qeOV>7BTzx(dntf1sAwrk4| z#Xw4OyzO9hwPh$Ir@qQ&d{-u*wcm&5=- zSaa#6YxuBFIKHf<-O^m$E&&!tv;e^Sm>5ir*U|Ji1`eR@QHmfCK_G&_X+gjj%JG#F zWGX{=Uxv&CcD2XbuMa9*ip&E@q107QXtf~(_aORl(#-3f3Ljt9D&~PS3dqo@a5THy z;%#$doNZ}NFrfnW+G`u_Tk>FhK;d8x)iv9}L-m#{m9JM`+pL)NBi7Q^V?X=ZudG`^ zTK65Ov!DFrVX17sV0-o*u#FqH*#i$eB2}@2(h4{rX;!^B;ssV++ib7B^pY)`n`YV8 zX$RLoZ3_!i74E*r1{-!-Szd|=|3oXz7_oh?JtaqoIFm~By#+@w{NzB_kFGWs1B;-S z(cjqs0fq%FkR%vM5%E78h9qjkaUd|hgdFvhHFHQhwlD$4m(Qb~&-6tc)RDYkjdnF# zZb80lKEZ6|H#mL_?0ZL?z(ZYq%|%P}eAue?9UP)PjornzV7Z`TeD`B{pBbAk6m-^mDbwYCXImSY}Kk|cG+bY z+q2q7YHRB3IT0Y6H*FEKqso5%i)Y;=B4LJ1A0T=m)*$B6)6@J&-_Dl=oFV@A?yJ!} z7_p^G=1+Je zVw+hX`1JQn%^%_)KUXXdzK%@H{5rgj7yz%sL5;c;LEv0N079R|6=yPWlCWG@Emsggmt3;e9{ll_ZPm(Ul8jz!mtDHf{>%G++itq~M!WZ(yKLpE z6?TjEfTpHqCn7)d>5sZJIw)`Q_J{TGH09pCG95 z4S|>Wl?pF6c#QMiV;dL1F5dpnKmD`qk?J>&>Gtm1Z{Pd=10WFgz3)BfL}^!7k6ohi z_|;R-`hE6%{4e~UfBL#@+_cqFq!BQ2o=vO`_!3U8wYAej%GHW_;3409229L-eqJXg zCi!=YRGc}~Cym8Vefo=b@4a`)n|^`JVe~C4Wh>Mp=Sj)Q(yU0ePkiEk`P@eGKiJnR zZJ17JQuf*N&;Hux>E3hCJZteI19Aj+HJguC|YSJ_$Ji~$${Xa{WFx?SJwa%uO>v&Bmm+b@3c zm}@YMN>k*hZ{2%7zJBV1bbg@jX}Qq1IsWhhIS93mQUrkr0ucnx3($|cf0%sbd6bNN}P3x^GZI~1mLlL;W`YF=C?oqM~7_7t1sDm-v3{%?%-aj?I%mp zknB<&a$%2|nwl&-)UEcTA3kW$|N2F{>Z&X3da1N!Wo23A!b&SB$hFsIs2ELHmOb-(!6u`uFYGZTElg3$|_JtG0H{MQ(>yo}1t*h!4N|iv8$EKe6q4 zcEhz7o0J+YCoXI){TovloZtv!V|S~hIl_tQLu@W`MCsf>fN}77#h^qfg1~tOfwR4i zxOeY@a?6osw$tz@_-;Z(JB+weCcE!Vn|E8W9BZK+5ZZu4C=!pnSrWVY`W7Mb6;Ajv z6d?f@637sgd#bA4IoW(y-5=*1pW?V7<;4svRWZhoac-ymWn^T?mM^XFbv|EGQT)TK zSX$}C!{Fe6^>w$~MXQ!L0l#GNeAO;MNYbecHX`+QLYN&dTpoRKMubxvFivIrrTg8kCp1t}wNYmz&Cw?}X7jYJz-)|Fuk{?*7pFfE{Is*JAKX;(nLz z;m?nJo_CUlIs%oDXxTY=wqJ-rv%LCmlrxyirIxvE`z}dsTE*4xb(PJBA9=#w{N`)y z!3Q6=-}}A$w2=(CGbf5|llSU--gSrKy%zgsc*|`!+24Kc%Xar&Z?#sb$?d7CvR7Ua zw^`ih8mW2~7ZqDad%F#56RD}KvtRuDDZBMnsmVR`gf^yItfY93JB;!$QDNiNm#~kC z@?jw6yKgog%8v(8I;Rj|2pmt)F$`aMP8$?e?hKi5eV8gZ7{~CFo9a8~Yd#QF;l^h@ zv3^x|n5`|6HdiXn0Fjslj=o}%Y8u8GP2xU3u93n+$Zk>m?&ZrCh!LA1!erQqu6Ehu zu~=M0ajwjY&o?D<<;+pVdw!3y&81?zrWx~$UP zp?!Au?keBIpMU;81?M<>;lf#=TT#0lWpF-RYd%}fTBANgcw8oDKxiqNK(8| zf&(#v1asYX_=k+A7oG}$dSxf<#J(NeCK99MnbMBMEy25pyYA|Kf|+_?%XQ>;oTouS?a_ zkIxkj2%Y6RcTDx3Sod*p!!96`I}ipy=?C70SmKlrZg+FN6HzvEU(P^6~6 zf4|*+`z`j%Up_8-up-Ns)20m@H`^U|++zR!@87lk`wxnUzeyfryIig9$zMHdsFv-M zj{ukmID)$L(o5`tAOF;y1g>Ad(VacfhE*$keG;b z@`Z_9lU=(+NoC@Znxep~!NDmzOs|KpjPBr5gtZ5!fY|;cxjNG+Si;7vXE?z!;z#Ye z1#);QRcw&%k#XcdByhL~8VLd8&qdJk47GpmbC2+2I0vk(ERzjymNN#n%RBs>!dxqs zU2k(!t5kUR%5h+hEtL5{ShkP8fPmx{;xcI0^m-30k+?%_&qShc5caecVjfKe7#_il z4QFmJ3t?O|OX{4dNC}uFB#Oa|ojeX^d5<4(LNy(Ubgn|4g<2Fd(bh9v2C$$%)rT5f z%VOEm1ntM=aCxz8Sa;2{s^Rx2hv<`|g% zRqZ|Kz7o*rtEecqcgs8@T{eR-{Et^J&4C%UVtM6+Ji$6NmA1y_VRRY81mPVlMA+6- z_n;gXrntt-h>xd9c%g|W(*{w*dMQQp5ljOd7pA5LCMi6_fgkN3IgZ+TY~9B@r%lYu zL@~@f3AVM;D2bD%Vu{rFeW4T_hR2y)@gkDZ7@$o9Vp73qQ)d0wT-G<&r6yOm4q0vc zfaPSSxxc2a-oXNWJU}0)zag1eysgeF5Rm zdWuP4nE$Lb@GMsZ=-D%KlVq}5nx^R}6A|5u7yxH^AfoCb2t*K=9t2p#3$juyRlCc8 zxWa5yo&96(XP_c?MBZULM6hRxv!A35R33!2=_2U~kpZL(Y-)rMWH$ooA~YcP3i7k% zVK_hxSr|u!}2vFYnlE#-EXKa8x_Y96HI?3q~z*Frzb*ISBK&cq6wT*4Icus;9=D&uE+rF%Q%sn3~IoaIY?9j z#;syO>1k_MP-aqcigkAP+0#!yCwui`tEjBdyl=5pt5@0j*EU#1#e9zILTsp0l3HN#0Pr?UL`NZmG+&F5@j9SdTB&o;Uo% zw}4aRA#pFSTOeOfa`VBOKH1oW@65!JwonIigdbC+U+w4`jI-80vko1(CLe@9c{zW* zC;B-V10dm3N;B1YDjCw`Vnbjd2ee&%L)Iz|QUWs~N)ZGi2t*K=CInchJLO2AtyhS? zG&9?T@Z+4Sx?{xZnpxeegPF;vM=^PWr7&6#9eC&PkA}?#<$Qv95T%)ifa3##Z;6Qi>Xu>a9S8__>_#(Wdyyt7 zXqpK3J`uMq-6KwP!eE;tf*w!PnR?bQ1hP0g$+A-uEK@(1gbQ=alC#bfVW7mGhWH23 z8-ftk$5oh>C~0|s-68QgZ&8o&X^Bu7$A4!7QS~v?+E(Inw#6 zz13nMcS>WS%*sj%#rVi{59T<%W9=`NX#*b33+LpzNpa2!muNe8?z4Gi#jfQ*KN+i2OJlwV!wh0c9u+~a*&ul7BZhhJdvLHnvnPv{@Ap|V zhO~#1Z?ZaRA7e(epx)jAk4kVl#C6yw82^M7{_>Z<;mm|9ue@B23lAtN!SnWpH(Y7| z@DE>6IK3tAz;N-R3VT?Z4Ow!!S6EbNfBL6?C5Bp;T`Pxn-}(0U?XGux*#6>Ue`w$T z!GrG69xa*EX=Cu61R6Ps5@d8q0Kwcv1BLm;8>feRzsJ1k)cWlb{7)R88lzrIJ|o5kxbR@6+^=u@5&A+V=#WZ9rC9PumF zs7O)=rQ*N8Gv3wwd&Ib)U2F}LwRs9voVQsRB7tARGda_ihib-{d%=o(-gYZ$cm#n6 z0v8ellE8+;q*WZ1P6&pE`gR*l$g@SGlE5TNB~#&q!W6sda2JGtjjmrrdZ+9yD=JEb zJcLLWNM`tEa6EE(^fNXZb`&;8q*vQ_>^Gc4wYGKohFel1j(fHo4Qa83Sx_tvdUYpU zXIdSla}5EIOw_BT;e0`;0iJDm>ywh?Cy*9(i})|d2&6`N>52Bl_Fh{)S5nd9WZPLg z;EVv_neuM0Z=_XfwE9<)lVC+6<~#c&Na%-fGKJ$zuxw$JPw(i}^F&)!mSQz+Lmtu* z#sW-(gJL$IRgj;qbE)Dc>4QGszPE{M(AjK1NOFppGds3zml|=J-G0ZdwrkgJ>ypXT z$`wnU*w4?;@sMKgdCxoDPQFjJ^DstnFt%Sr&;fe*sIIyvP_)UmKI@03*kC-wmt zhuRgws@FrWlc%l7LOffVYZoBO*nnNA(GgRv#?mqXqkJ?Xu z`ZK|Aj=!UpPoq7@e}%DuVUZ|p06sGae{d6=O)g(v;hKud^ZnkdOrgF|x5E(}%#*tCZCre?TAjDLlDz|l8l_X;2+BCDR zvZBnE$(wX;PNvs~r(GmF#pzOSmL1;YrA}5;bni?;fN@9{ff~+}Gg;S#R<=GpSKTj` zv|(r6pb$v2KB@kLOm>TyugFi5>VAT?bVYu3)T-XsqBp~_i=m5jv<0v6m|oyuF*Mhki3%`HKy99|bNAi%4*Tez{k8RK+z)EL_x5z#_U(IIir%hR z_51f9u%~1uP*zrIFTU`SG(@V!4BIJ3#+ww8pvCUF=T1e#Xtclj)c@#!0vO17n~?ArqTq zzOzk!I}XU?1%Dt!a9UcR@Sq~{S;J$8&Ckczbu_?vK9h;!m?z;}VgG>m-`pf7ouvOE z(JuutPvoEBCIkha=YJyxzwzhqS}9CCF)$_Q=kKtlL+3dGUa}ciuBKX^7 z-=Cxp5+4ALxC!n<$~d6wWPPL@`CiG7Z-87$`Y{_wOOErhIz;Gaq>4Dz5d@iW<9*5_ z59dQNbj*->07O?nc+G6TE`-uR)-kVm^*>*5q#kFf5VNiAU2b00r}H`yD{s2~I<0|S zF2%$zLx%{3j?NBOd)~QguNbT^+nS4(c?|DI>RMN;>NKw@uT4+z(Gn$Dbt!Hg6Y5B?1ziXprpKu;&p z77_#}W)k>MK&731$O&9M5A&Q(J=1xYdT9gg!6x6o>**A9hTie^X`w)!o%tEsxz9v( z5Y~z6_j3w2{LsUX+8_Sm@7m>;Un0ByrS`X<{Rex8oD$C$b70BR#R@C@poA2KcFomS z$1eao0FsHM0d(W<_33mIMd(5$hc1l{8BJKFTZS+%yPQi zOa&N$t1J)>g9A>UC+hp3U#@F8?OeF9T$+vLF4R~dZGk>92{vuoWxX<{Pm`o&Y2K(y z+nJ^M1P&*z(aMq)_>8Il^C>XL*eCFf!VgD&%?bhl@gM8dkNWvV>G%+coB$plHqny^ z0ucnxLkO@rbZgT|lf6@x9NO|j4j3m@{G@?4Yiq2tMT;w>nwqAK32)W%(l3>`UAqsu zL?=ZKctC1O6>By}cAXw7NN`}IM8efCY0$oXHI4+LN>?s~uuRe*?EXR0CMNFSfMtDs z{CF6xi8-R{a{&Ry1@%OR>=+fsbJ3vJNu2>)$E-Y0nl_UD$S0bc0-(yTPfOoooE?%^ zY1IF5@Yk*TGVm3_C6Cj+`o8qBWJ;Q!ohF8vkUNmPlH5dB^%p%QhF+XJQVU^~Rsdty zA;to{ItYG=rmV4RMCJu4(g2W&Pd`otX;GA>0s$a}FNL`|(!%I&uzgkgY}x9IEMMxv z4F`9-Bz)n*N_W&&HgBFCJaEwOm6w;w27H&BLakf3#=Wx>rgd(~Txkeos#N)cC@q!x ze6vf^k*FV#6cj%K^GZ>bKRQO68KBN;a|W^rGjug!?_(^$5xJ(4-6>GDfS8nTC-+}n78p( zCy)QTWDdZLK;RP0jGza#ouhU`g;~CoeZ*&=`%_9`8DVB#Q&sN7Z@;uWo8`%$vbZk= zFc0y^Qa|y%@cj$<2#ml%qbL9u@+^q@9zoy&fB+i+OaSNs2nhZ6&221B_QVY}wx}e> zmX>B%YJ9L6gRI31;bUX$kx2l~a2gt0T!Mo~V`4Rf#5Fdy%A;?+;uWVjG6AO?^|&0V z`X3MZqAhG%bzO0`qg9d;opUcr=Nfi}SYAA5hCb|R(6X1_y` zFbD~lulwBul~>BpN6{#Cecr*J2jju7QRV?K0zfePr1sBwlkUM}E0FmB&I6J9=cMVr zoCtDGbOD??_Dd9m-+(Ah9|A;ENfpPXty`g;rP6%;B1yA_Zlm1JDs-r{C1mdJ}@4 zgf>?|+{@XlB>y<_%aU{0rSj_n;mvargb}vgVZXQs(Zv0bctU%iMZN+K9ITVygi4Qu z5Nd>xf2xUc*moNAqkiC?E@niM_A4B__4g5uZOqLP@)gM@miP|ZNxOnJhiyAv-C_I5 z7v`mplpm(U_jM0#1mK0a!=9>YCxBsiz^LFG4c}s&Jr{}opn*ZS$!zV><@1W1K^694 zX4-`I#rXI$kH+Ug;LG3$qX-y`irDthdXrSl^P}LUa%L(42N(eOt8iO>6?{4{V9a55 zG&Q%`LE%H-NSHQuj@#cOe1QqTSH-bIT3neD##~zwNb673Gho1T)_;zGfqTFh>3&OZ zobBt-`mU`bmT6DkC>keU%oFDtPI z5e`iUFcNH0zM)a*;SHYr(e~v)JIjB7yqwVo2*z2i`}JNO(;K3{ zx^2)U@E~;6a@L159!Y(l$Dj_7y7oRv@X4Um(23+L_*eb6ckWR@WtTS5ZH z#funCBzgnpP@^Jv+nhk{=;(1KDJE8=a4m#@#eaaPX-PSUMLbAqtioNwtvM0qJLQI+ z#tYP$rVw(h$6Xy=PB5m3z&<3Ru}n_<<`l@GnfEGCD%&ZkI&ERf*J zQ@#2Xul^wkc4upea+D_T|3pVPSluK>LYg}b4Cm%ln#|sT%{6-qAq0{1hx-ig6V?rh zGbR~3b{2YQVk+ zBd1;wbn5B@GY7)z)zmgRv!XySL-LJA5C6oMJ7)=#3>YJ5>Y=?i^9j5nC^d9M7{V90 z$EJ8m_fM2gWp13PoY-fy0aHaZT42(}GKgaHoys|7V(M5Z<{d(lOC`4#T8~u&yoHr$_?|{Nz%9q7HD*Iv)yB z&IHURw(a$N9Wel2&!ZdlErP%W4uM$QgAIsXC_`$*V^S4vl6rE3)X0)V;AiSyQKnSz zv}I)_kJvzby4A;LNrIDLxd|h-X6}H8e3~O?gCIyqI4~aoNlKBFfqQWHLn%>+Y=C$P z4^xsPOk3QrJOvXKAXLEvvEqC((}4?o=+1ceoe!g0LIf_h!ttr%2ubYy=zQuB0It}8 zhTkCPz#I?#*!x4Y3oUeee@ew10HU4m6rwY*;RnGMaj$ElZt^}10KONHMcxU%#o(C4 z&G8i08(v4pQ-c7+Cgv7M_KM5O9Kjz((pOV$1=(p%R2I+47SWt2X<)kujb0}lk(#3& z1-c(guu?n318ZaXyty&~sI}MD@087SrE6WWhK9t`skL-^xtX6@v2DYq?ehQ9V)M$& z6-Ktu_Uzkj6$>$Q=v3I*erYZYD31CrtE{Xr;<|6$PMeonm7*PV$c}n=cu+oI=Btb* z<(coQ-@B>~$Yy$xR{cKNO7~g1%piyqlb)X9>ij3_CwmG+H$DU);#aL&tWb=DPV9@` zKPKUvam__bY@_V5fj0y=_T5NmkiH0Y5c$**CdP#J?A?3FaQenI^^(ZT zH4@)+X?LJ~kgm{%IJ#rJmoHo3j0xVSZ(HOq0gbpsF-dyGn8QJDy8Ls*e3oIgXXVHk zv%vR?NpgJh^Q<)GtXIMqGaq08WNMDgWdA7_e+s3FbTq6>5>Nsyg(r`oC8WR&&EWQ!w4AA zt}_^)=0rxim;yGSa8LPJ*3;1@NlTv`;w*3ub&nk3WPsFZ6KrX1x3mnI6i6b}CnRrJ zB9AnkCrSF#pm0~+-F=>y&2dh)5U99*9n%yacf_(1haIs(eK`gvJJ%q(AnIpJI^MR# zZpAz~-t!9rKr`4$;E8Q{NlucrcFSwO7y!*WX31fnXcGTsc$OxW9jk?2n92Bi}^FHeMt#6jevdukUy%ofF*l2IN z6=f&cGC2h+EXY1AAnVg42FW(eWWTe%+hb?iT&co+3*!<%b zMSHN-#tGZUKK@x-v}nFP`Q+2`NwC^z%f0Wgj4tK&>R~XdocDg=rGLH}ME8A?(S!d(S~@ZfSRicZ>&)-EtMq ztwr|^DdZarw{)3ckRN6>M|{^nz@>?}N4pKlE)0V?IwCzMcD!p7NNcA<;ScNNO+G0x z(S0LuKhPQo;>IVayzSeotWlag+ZB#&Z&#|K-w>fAVE(ZVoUH`o0;W=x7#nC%aD5>q z<`Hxl-v1d#=1~x0ab`w=c?j`epm`0W3A4$fq5}C|(jtt2Me6$01mm}(f6Nw0na1%g z-&g~pp68l|j#F)GjwCA@7yjo*Ek`P?FFo_P9oY7oJ@lQgTYPVWeOJif z`i+~dLsE||+jiPL_x*RRo(cA=Up;64asLDM&40V!L*sl`-hTi28{fA0q!fGP=TF%8 zfB2A9*ECpDZMD7h^rNzgPOt~Q^)GJg{L<5p+4sKwW!W>cAO{5JjCV3BaM}M<@GH*`9Q#4Q7s~d(wsk~N1I8>*aixkyWcKKMpTYu)FXvhV z!sV^HW!UyLqW*7=$kca?xI@62wh{L$FpEKO-ZhQ&5jc-#71_Ls3fZz(NbW*XIS+pTgZI!BK+PP&5`vWHCrT%Kexi3Ldj?Th zT$CrGw%%i~r%KXIh(c1XqPjrn66Ua1ehubIVz2q6Znv3Fmo@gY3n>XnPEWbPbi8l=ei9QNN!m&~^wF{5#ahfO%l z0vz8G<$%Zr3l+YWvPhvR0M|(NVG2~tFO^oq0uK?lXwf{c6aP8n35e|xMZ(FlB-K|s zM-B?R5872lJ(e$j9Wcd%k|(zQ%v=LUm=jyJRypyTB~!g{ex8{cXHTj0oiTyz~?dO$tQWugTz2X^f~pn8+6GI!LL7ntQKYK!z8ZB+U8wMY{{#6D7dOfz*$ z+5y@Rv~+Bd2mcmH{!_=b251W_LF{ij?K_=!Xdm_CZvZEQXe7Me5@Px&MG%M}5JBLA zhJbhgBH$A(IWy0G^~96fvf{0%q|DY{dZ}%YjoTHMueIO0;kSgKj@m;%-D)?y>2lk> ztI9nfBdtM25-AagB1mLa)n0kU-fi!C=bb|QI$X+vbTVF2r%~AgcC@$2lWvUn?Gv$IDB^*H7QoKdLA!QohCRQ#*B$<0E>PP(Y}YPHv(1MF z{9ZH<9b7Z=2Z9a8O2b!dG&BxXyYq`CbX9|%rjzjsT54xyppRni~*kJBIw^bfhG z`fNoHfY3+6UtT`<7y>^*1h$9D(~HcJFvXsS_aHDJ>L6rhD!J*F7XRztc#VDi>)*2O z8+xRA-y~c9L94E=vBis}#xG*Ly{$uQeX8ZY&fCTmlicfzZ& z?!V)G_u0j3@3sH^_aC&KJ9gVM&;F-fa>;5r3>>jHz42-fKbtIgA$3P`I)6Seff&NM zVqgM+R2AF*xy1zzTZnOu^bxW#1Th*+#^IGQEXts z(5A4S@JJa*jYr0U^1?F1Hcf06OdRSjDbBN8%^MgE1vyI&m&^NSBL(n~sY!XU`z0W3 zUB!YDH&>W!Zk>%bolYHLn`6givhv8scf#1>n31^!Lx^!|(K7vG@hOrkpZf;+_n!^WRTJhTbB ze(;IekeJtmFH9Eqd8HT`U21FZkoG3snTi~%$V z2>*wADUkyX$-y9z0Xhi#H*q4q9szom`UG-6)YWP&l90#uw_9Iln>93dx?~Y2sTGnM zBOOMaAC+-b|L02boSK&GL;(`%YhpUt$t* zc0#n=n z38ioU#}5@UE!S?n^=3)TciHW?y-f~ZvqZpGsXtlvu6NyGn>TNldiepXuWL|PS@{gm z`hV@USKES$95FwJof-U|`|fgcg7q7=DrDLUspQXfi8S`~s7#}_kF7suWJI5#--o0z zM%yYSRfVvcYCpq#p_+Gi4IIMrkO)L8Ah79A^Y1OZe>|A+e)x+mFE&3gMbo20k#SHv zFV>jC{DC=wIl`HcK*!cU*?FcU-^Ef(hq=N0!wv z18Hu7Em}BF=7_0Mu|M*?uy^z0+hV<)34)e(qDjeGuxayd|ITabT5P_UOT`6QR^LSk zSUGha)Y>jde}|3(BL3MIXant;iFQl{K2yn~?l?074VMxrk7US+0S*WUv|gN#iB`jO znP>tKr%5&=aHkL|>6QA|AdWvY>BL^N+Lm71(~jE55zdpcMJa+n1c3+wvjPIck|@o| zNw)GxJHU)x~!+;g|=KcBI_-X2>ZZhGFFBCA-k++KY4X>D9% zcEuH!IMd*zSGU@I_uk4Y+UViBn+q8az-FC;V)+**f zR)LT~J$vDV&ppFg`a?TtSCq~!1b};~901l!YLBlC?D?}4fumK#eSz%y_cssO z!opULK-hcOTmq?iWu z%8yEq;@IQ3FhA8gwA6t4|7%_w& z@R-R2A=uE+YHjVE9vTu&w`I#J4r@5fWL+mKi#{?wjNxw0q2-!qVZTrI?zw! zIkv1*JrC>Nx$A&4mS6@VSV_}&st_5rxhcU~`tS!3tP{Ris1nwUvyrIBaSfeJwNCQ$ z8Ka@VXAJBxT{s^TZO4QmH)+IHmZn)kVzBl`41n`-G@~|05Qrc!V-R3NfbcHJN)`er zL`~;u@@x$vt8GJ@unYo(6oTx+wO)`tqR@fEl7J`Mp)PFThCDo0R=N;Bos$R&1(M6g zctCM$I|mdxNl2$?lyTw{hl3(?RA0I%oGyjj>QWvS>e-yI-)j@`KO`q^cdaH4^oS$$ zJKB@2Yls-`cw?7#fRGG56#*CThz1+y#EqBhbJ1Uj6-NeUGoW9GZ3CGFk;;`H45x+E z$5u)4nHiaK2AC=d5w^mea`=}bE)zZjbZOo4CeFLO$9&PLGYw!Ma51chDf)nevh*-Y zGYbI`x`~1>>rceIkHD%Uj zB=Q;ZYOht_z4Nm;b00fqLg{ghIRHd$vKSM?Y71*#l9wG4Urv1IiAWAjR!*G%Ts&odAi>9WpU{pt?`zYyf&YfK zwk{8^IoaF?u9(O4^hn@Zb;zSaP*!Z>QYeURZj7^^rFRv+sw$sn+A4?l^F! z3!|ylb*AzG_sJLlTH&G;K_G%a1c3_|0xXUYg>`L;cg2OyN5=-nkv5imkivc;uW^b; ztJuu7V|LRb7Sv(e)ez^z$KIAftH>U+RmCD=^h%s|J2qT4n~rWteB|90ZGiwy4$5R> zp}OX7Vx>!}#KkO4v<(=w_Q_mA(%0pR_j}+#jWx9P%6X4Gwa+ORQXJ%=8-t?UGLwbK zXN|eaUu?H{9zY=W?%6w^&2T<@P&oTFG2bER8@pudtm>HqgaYI%fXK%g6jyv_L<#6o zEOM@4q;bM~VdA}3N&7wNnIpH+z=q(N*`wkw%4}RwOBjtf+tg%M(jRY4J&LiOI%dlX zL@>kLbcwhanKEU9c?xlh$w!zV6hhnd@E(M5X=#!Fkjf+dN0Oc^XL1nTmU<3vx_cTJA5JMUt-+wo4}aSKl((-K$rpNf}s%*sA5hF_SBE|$hm08 zR7R3{0sOLLHiPp;A}}nG-v+b+8XMcBt&;E0!+CY2%s|tDNDnZzm}ep5EzF~$^{&}` z;VCfk4|JF<%f~cJ`?Z!*o=+z+ukn3^mIA~-J}e|z79J$#UPrvu^unk;yTT3c%6Na& z6l)XSlA9!Lhq>7E$Jwqn@Uf}&miJ$;DPjP;UPm_SR|J6w0;dE49E}}GI_DB~08fF` zDo0*zQDb}N;HX_D)wwy6`VY!3EKS7kwpNIjFwN)E zo!V%t+JsPx@iB53jscV4d{w1W_o8$f5MVx`q93Mk-b3VvpC9+g658^Ic_zLWFb{(H z#vBdvg=I&_nSucJ-$&qEAV-b8A{dgTr7<9mPJNFYj16>&Kxq+SCF!^b=&bB?nLgz? z!4I**+JGh%D@u4B9wEj^NZRpwPu~9ifO+8WjK5DFyqRZ+sNA?|r>m7ie4I*R{Y@7E zNJu^iB)KE%b?Af2^-{3fan0jLsEf?Nia9i6eC&!1aU)So%;z`sc?$4gMMI60L)5C z0_T4?=!>6@S^`$r-k9gb*}r zI+La2+@37!jNhYfr^j>xasWC#AbdPS3=I;SY0sb>;Yh`Iq57AdonqAo8pPa)x7Ewa ztx9&=agq>%-H{jgU^fTRpC=?^r384CKRn)f&fBCCxL;-wr0F6a{&LJ8N~8TjsWA_t z(^&_BDN(%_`ZqfjZ|$>PP{G7>9_Tp6>D9@Y^K!dlb|Y;AVNU+ z85=^wCFsY+h|~#O8Y{w=?;nXf`7oQ}S%MtlAr%jZ3mo;0`aQnx!Tx?*wqmgy@3qKW zpvfvLOP%nU%6Cs)l!-$)2&F{lLQe7~ZPEIM9dnj^5TN@1>Z|MRfgk_WeZt&)^Nqfy z&7VKdiLIxe`i*__8~-Rme#k!fp^w>JcfH**alGdJM=~ojC=p0_WhW{Egc=M1Lh8lZ za+9x5{R0+hauP@z&ld&&aHak98OMnDGr*q%>gPyIJ85hujcq558rw-@+dffaHMVWzB=>xO_ulynW}au>*|XPP z>$CoXvq*4;tL$WKn1|BR%TQ~MA74hufjUNc+& zqfYwsH)^(^kd5zN;N;u7xKXp@A9QF5z3cznB``uTWPtzKnbhIxf`E3CVT`04A}CoE z3{*91Uy|k-1lhLchB3~$);ce$=~NFGc-69;viW#zF5$W7=QrL$s_M{P`n>T0L#c$aE4Jn7F`bt3I3Z5&G=bO7zZo1-E* z4sPV>cJC!Q!B?eJP7BT>hRL89E@lDnfoUT3MKoqT;Cl;YmB%h<-cIh`A3A7>4*DH& zJ{*cnk-HYB8uycCH$Y~HAAN#H^^Mp$k`ol}8H6UIsNk~pNR{jRulsY$eQgpUsbe~o zDXF6_VyB|}t@twAUKgD8tgQ74v0HCjsp&qXrJ@FBR8@ZjnfM%@9EnGiE;Bgv&R+b^ z^S|`!R3LpGHerwc4&8tG~Ll&m+LWh|KTlnI-byhvzxg zwVwVwRQEa4b*Kw?ADLdw1FcY9D5Ad&4Y}+O^)3{@rE|Nw-fQVAbfaIQVtbzU?`+Y^ zNT2dWg#C)zgT}BGN`kzQP&McA6jd| zWnb+C5mloZ$@WfL{821AA>ixi5C|5p%~n1gUa=i6Un)LCM~9^HXAVxs1Rs-ZVeRqJ zZ2*dB5cc5a!#qfUupFpyeVILwPuFF1=^U>SAuPsms0hKcecZpiXhLpTjvUipIJVpZ z2|^1;`7cyM;~2wWhDN@?vq2N+)aa;KI{}F~|D9!hOMp`B7MF`nD`Vn>TG~%5F4`n) z99tLu8>m6HG&E=SSDv6*z^4f%h3Vde#U@as&xc*V0q+X7Z7pyWP4I34_c|{E!Vv=1 z|KG!Z0*N9aqQTwpjte8Z#eM-M^iKgb;%q*`F#^UEGkgXHcmuhbOU2>9d)Qs^6aVuNz8$#f=M(1w*2KyM>I<<=+SfUo8k3u1|pm~R0 z)zFmAs~&yv$31sY)}~eK)`#HRl7oN$rt@CbMRA%zbF+=c+Bj2f>((b|3zIb2mZ|5t z0W_`TJBq`gW0h8|d+_)ezJyRp6dWszlo0=VTa1}mt2CuSH&hjo(&baKEJPdfa9lyh z^iWr)B=C^keZb(*^tAq@NSF5+;diDhbY16uHzs$W?%&=7V7&+cfi!&?yguJHFU0-3 z-Umn$>}I{S$rZvXYr6hspn%9?f!~QpXJUU$b?|ETz{3@4D#yD#i&zn1)|iJAPXuGG zBB^wk9vKYC`DOU>8Ug$LegM6G>3IGUz37N?hYMs|ci)a??`m#V^U*BK+xvmh>CLXp z&Z4*q`HEIDI!x!wnKXiCzgAqXtQ>zKE^rX85VV3Jo)N#2{0dPONek9Af3U=3%+JxQ z$b+$Wn#Ay>@G4BZg6DT61yMsFrDQJ8Y@OjV>D-_o|CcuDrIIoSDQuLna!UN4nZt~p z0m~fviG#oQvc8F$N{q}kV4UHXaS~|XLT*{7WTWqPF{@wnQw?YS;g*1c1D+I!4C+}3 zKmZ9caJIjoolQJl3nu#DVI5>RuV&!F;Q+7tw$xhh%U^V$7)5yarT78|n?GGqkO*VD z@F;nH{{ILp8C*6ibe)KzqMRmN7ka0ONG!wjl+zKH1!qNbvL7pUjdr&jF! zT_%E)jpl5M*v1bWcq4iHsc-36;e>x>m7)*}UQ%wyonbi(!`^+Wd#f zNrRfKr`%`a5MEPaH;#?e0GUgFjN77i0h#-z%O@X`&%~Kf#&)I)Dp6R}{6<_A>NObl z1w{sqwHV=VTOeTDIl&U)a{BLv_R~KBw9KMEieO~ zR9R1hcCtWa=ry)={C*N!h76Zv%LHwV%_@fCSevY)rt8!h{R1^J-M?|Sei~gQ`;P<5 z6zjn?y^zrK=JhW*H>MRZ&!pGQdY5gQ-=Ub&g>pmwM%fCs5;by$Iwjew6I9##7SVkT z9Cv>)$3;|5{3pi;FI5quIuNdG8WVgh_AQUR`OPazDwaa9NoHg*kHf+w*qDW6*UI?7 zmySN$6c(&SbLqK7>Q@unbw260j*qUC6@j`Fuc_K2g^Pb|EL9mChBCSl^Zuawgidk( zA|0A6n3j9XsHz&#x<|Pg#*&biwio(CN~$#r2`Q46tO9|ZP6tVx{66xa{+wP8d;cIlz81orO@HL`i9pJ3F;Ly zXEJL$=JE#km&+4WUR-x}`$?8~EF7?u^BBpoZ8F^9_kWTB&|ErRq2+xqW_Q1BnX%r<5ynaGU^0QV z_mCI<|1SRf+LOV_qe9v;`>n<-r(eIHZ{{_VlD|NpPfm{Bw@rmM(M}TNa75s9QnOMLy!*2szx6Jk2<&jxB(<{txY+QT1taTEF zGbvZZaP>#qkd{;_v{#K__2=G|`$vXWLsjo*-W^iU!pTZqV$#LI$-cT=SM)gdczSlS z2qI-clw#1FLYNnyMY?~`3NUQ7{YYYvc){GoVi7s}bVtufUYMJ^ECEFR1k>JR`NOu) zlPh>>m!63tlH4_NL|X*hm^Te7ep$0rSO&9SAgxu9KfSL`-*ltxBi=pVF~`N~k-s44 zby}=?W*BQz{j@n}gVScmiGLp;*vWL3K?^_&voispO`({u_~Pge%jc>ILOX?ItM1Af zUt|_vsuSNKy|##}T4zHvC=na~Ah3qGf>m{&;ORJ6Z&)~`Fc#Wy55F++SF|Xdc47bi zNLc1n{-OF3;n?Zlk0}WwkK`EjfbVXF^5m7SK=GNLQH5jbpD@9Qu^)YWBowd?_Q+P8 zA$(4KDe`mLiwW5EJ3T*dnhw~hye&^K0VO_uf{uDmy)L`X#GIFTD9S+wFLlrP^4zrD z*$x3mZ^0|+pnh1Pa^LdD6QzL7$4fpVaBid_oaiGg-9x)YVQas-wP(`*@oofKoCk!N zZ47y%ACAPd2o>Rx4yYW0HmV(-Mnex%r3jVA!S3xa`d34f7S&6JS;sVuuBcqm9Z*ms zwgc%2WnTaJ7U!Zktak3@$@B=J2OR&9EfN)Sopt}jhP$`jd3SSM@GX) zbCGmjv}jVgaO3M{+aRC=v-TOS0k-&-aS1{ZFfC19q5}73o>uf(xu1_}f>-X>Mk

    3^c*q=o$Z6jRBY>-qpnlHKw2_iLRiRH4^321VGoN8 z)0^Rcku-TINHkyR1Fb!8Y?pAyfE+ z4Q6Brk%;p5`#*VXG6bLJcWr@>Sze-2#;dj5KZShuaWDDnnwkci0sb$?wd<&(mO^hr zl#zNTJrFu;yj2Rcn}uY{+U@R_>sL1a@^Lss6IDLsYVBQu5lrIae@e@f7U4*DAQ;0W zK;B3Qkq~J6k$9_`YsMTsyQ2q%B^nfR2=A_>|9CHt^WdIS!k9AF9PM9Uyzr^+=-9k? zZna;dJF!c`1X3lFRla+c+nD}TXN(DBw-)>zwX<#3o7*2RtxCMFxs^jIDn2YX7VXVW zd%>(L`5>1V8Rj5=x>OgTmu3QG^bQZV zDm;|?8@EmgXOBt= z1vl$k)?l)A-In(qezj@=-PYUY2+|h*4nn-R zp~?m4D8NAwjwJ&-L|n!?p^v|xM}r{zT3u5_T=fbkys=hT)jVLUKGam&P_Ym*E41fd#6y32;U_hN=BNuV%b$A(s)Pmf`yaHCx zut<_)1PVL@wVaq=e<^rJ(XSK)=7IgU!oWhJC7~sBW{#Zis+Qx7m2bq~FD%g@83j!o z!};Ob>p0fXN&MYyE0GXqgFe}pEt|IAVSWdzlS_>HjA=2-J zhR;!PzkF4g$+VNU@VD`E6Gvt%8uFLu@>NpvZ{*K1tWKIZu3rO?>@Y>&q(g&=WbS6c z_mM}=Z7K8m*Mi8K>+$v;<7sZ8<-iMKFU({8rj>QOs7{SE>Zdnk0BrpN(L(P3h4;~j z1U@j!$p;R1j zeTARKP&R!@l3FMt~ z<2xQ26C?!U*fS6Z!-CWZXtT;oONR6XDp7g2y*72=pMXyV<;qq4SQM*6!1LxH`GN4? z7ackieZGi;=-g=~qUMHRBpxx}#R_bQo$g-0xQn$;r70MjeOu0PB2REtoV`P{+im^z z^+0d(bSSch4)2ox)zf9;NS^O7r|mL5_B-T@re`N;7dKAZ&MrjXV?*7fsH*Pm>N8=@ z_H*iLosJ<~@U3(jl(gy7s{VIG#L!_HK2m>miDbTRE|CXDd+U?)rK-Mug`2l(i;t(WmkMo2DShBU`@(6B06-T$Uj6Y*JFp=OW5o zq~fx}?~twi{rsYvzNGPrMc$f>A7yu^OJi^+Q;3rsGBE1~dp|(XqJHx>Zy06D(>!f? z+E9I=dbq!@_z=n1+Ky$j`%djt^A*)64Mxiafgzt>H`$$dzVv z8Kgj5hLw|urc=WcM+N>zSNq?|ZYc^x+scczb8sn$LjmKuS)#C|kaCk~i_gNrkY37z zOi}EF7oUJNEk)I7YnGO2dRLV0c!4ErXH*9w5qWlkWgVBsr()Czi$k0{xHn+J0$&X+ zOK>jJp!^QzXSDNSXtH#Q=D0htjBmpj!cLv~Z?x=tVKb#>1!H1x`e!0$8{Tck@&^PP z>RsT(#p=6AIld2Mc#vJ9Mxx@rA<18KPz=}uWJHU$oi(5+ zATzjir>foiV`7HPTKd7&qZ0&TL>EC*I%z;0`3<)Vvs+fup>cZOO*R}Q!H?7--r0*A z$=-a5ikN1o3{|R=*3ntjT)a@+CcUj)d!22l99Zo|q8)Y}Xtnp%26srA>U7Qukwhg7 zKG3YCzFr|zJ_@c7nrcx+f5b^YPaclMRf+OJS^{5&K9q6-hGH9^>*Ai1n>_f}V3AR^ zg5w4BDw2GgR1NzJN4u6|GFg~FhiRPO@c?+|@>hh^Z;*8NZR=_6kt^WN>kSMhvPF$T zzg`AY`$~l#oT#45-b#f)Vcq%@i8ff;1%`*%TQ5@~j|;W$IT7zd%?=-DxPAgxNlGC< zcw&82QN9X2l=r$m+(bQXV$K6im8_|B(3$y302}P`dp#b8F*Z;}Z&y7yzUxhzQI208 z3)r8RF-ikqwFj7cA1WkFAkPy5B3RL9Up7(GktsUx1`E;*zy6p{#xoIB0G4fn%{2;2jHyui zcoCX3AfP(meu}IaCF0uW|6G`-9o+=k^E?#L%y;S8nJ&7tOz7b+{Eb`U zaYn2+d9hEIKXVq5$+mTi|5I#yH0Aqmc^Cul6Al)#hV!&I!2*xP2<<1F5p@6SfxOk# z=E@v+D5z>NQ-kJKomB*Es)g+IqE5`tfZ(&j-qKOl#1KPj=ydw&Fn1;sfSwgO(F522 ze32ml{ITqNZa!)$=W5kTsfJtzn&rpuq`l@r9a%0dDX1pcwJ+8J%^DlbMj0+cVQGWG zgn7=u3;$i7n6T$CI2^_E%}W-RK){h;gL^(WG zG>aG(>^$u3y$QEe1_PY9=jsQ6o!amJSlO$-?W?Q~+>Gw`Ba8_bmD z-G*Ery6?I$CK0tbM*{C&S?R@OsIfD`EQFzZ-g|e4J@A300lPUe4S=S8*s0Gkt;i-4 zC5Rg4r%fQ1w9)j4+bQ0p?AtpuH7gp)F!3!hV#-OhF#Nb(I{&x=E!+2;e32=1F*Ara z?tSZg;z1(vyQg`Jjsw+Gj3Tp&l+}~*xa-#CPk@nx;8Se}w4LxfK6c2OZucCys3R;%WwADU1e@1>o^fxP=7ze& zyPRruT0~~UX}oB$NG1G*!jEvmlUP2%l^ZbAnl_SVkF5Ve`3r6$u2{}2mPBhVKnI2# zq8HBUmoUAiMzXgbGxm4j8a~&i;Guv^F<1~YFAlS(-Id2~HvVz2FJ z|HD!sqXkkAJrbt`5KJD(&;d9eEFa@m61!AZh8uTGOEat(RZsn z&?*2xp@4>j`k)|b^q9MzkU3~L0kuwq zkBQ3*OdXDba^T_=m| zrkwlgq2lGPdm^55n-(xU%`G_Ofs#|is#>Rcre)NC$O3})8uM=O@W^dZUi84&G%i!< z#Pe^!dFOtRQE>j-=ZX(%AAb$&#;5vKw^ky9u5*Hq0s)^>$2_Jg2{ar>a#$E*=ehZd z%awlWhPj8aG5q-)DFg;21^9yI?BbKYHcIak{9 zWwV^hzMGohaqu$;Wo@xW+#x6!atOye<65-$0KQ9Ku(pQAhI-%gsg#}ZVU@;IaxVHp z8(*uT#qLttnnohqvB^SO*|Kcf)ffbkqno|GKZ1?Bs@g_T>SC?~Uthi7 zrgENSJQZ6U{O?d7d)DkV@bCUvPH$|u+15GaUT>Y#ufeTjbul}})#A*UoP0nzi%dH` z@wyUx`{y_w!3;^sHLZZ2lOAB>M!jK`q?dA&pf^Y%1 zc?9$Ys^1}tJ;vF}aoVu#Pw<^GB+0)$c;y{tp2=u1$aM)ZUM`!t%v~C zueHWvOGE;L%;{}&!n-*A3QLFtbh`?h$2X^@Gm8Heq(i_AXF+~APqL5PiV5nZr@Y!j za7Ya6{z5zb)AZaj)`3Q4IQ1Le3x}A|Mp&y!ESU(+B^?XjoaWXkTxCKwvK1Qit9(p4 z$|c(7hgPjQ?Y029f|q}oY)&d(aoY^{cmxhx-z*+9y}f@@O|6c6G;Y81awP~z|kDwW@*rhA~0#1lGQl(3o-fB)>_*KF$>8>L9~|x zt788hvfz3ldOXXaxjMe5)F^O5^M4)8%FfO4M?AsQqs{O0RPAHCr&+KxFGOZ1LIZ3i zi}a5*Is)I{h|@iwxvJXWM&J_R^vL1i>~j~Qk>Yji>$ zUA0_1jbPG4cTkOULgGLYL}`8UPZ{UB>}aXdvTm_V-%e`55tr54I78-MDe6-5a_r*s+eUD4Q}yg>Dp0>Nr)o?9j5(%+nRAVn z`v=MHN&W|WuFq?Ri}t&Q=`}Mv_j%Qw&ODl=%YJ!~t^li?9Glav07lI`>eJfQchJ#` z$?tVBEWWB6exDni`O!e(4uMx3IvelmxpRd)#vMa#=2bXy_<3%2qF?zI*+&pGL@#CP z&6GRpBSnXf7ag+v$6`@FIR7+JW*u@TXO4QLo+_n+g@8g)@Nj`9!oqJgxoZ~m-j6Dm z_jDmDtz8_xN^t{6Pe{Xm%cTSm!mjh=YQj9EYGa=&HvC6@1C={K8@I24eIcMjf?Vt_ z<33%hWQb4?`~&>^eQx5-?0&Uhu^JbzZe34(G1l<|+nHUOeD0~#zSMFEby^-|_tVO$U;rdhj3&9%Yj@tNb0VK$pt4hbWd2qN9_3jIEo zPRRy+7^E3OSU{%9r^^?HGqJTI{Eyu!FM_8Gcsmr`_dOz)ZS?{rvFHHbHdC>)*Iw&i zsG!wa`7b#p2=D%cJ}{qE+kF2$CT2mPmTi#yXvOlXS;DBcMtV{{yY~R%!=^8}lVb27 zDLiohH);-)q))HPw?XOlD099aXy4=vLGGZd85gwsZ}?dPa(0wa-JB?ot_BR$MF)9=e57ckd_$zb_|`CQ)=LHk-|29o)|Z&!`*h zm~$F+`QIFw@_+qnF(dy4hDHqU%qr}Ki<7Y*%*fvK_g<>a$zLy@3GNKI!LM8rh?uX> z+iaL)y`~*fBpXI8CbG+u z-KV(=_%VIq;Ge18zx`tbk$oX%f*i9C;vidZ+;p-%_PY+aqi3c#9ULB7JG0?hslD_P z_T(YF&D1gqc;DMQ9oLAltj=+{H1T;{Nz2g$LWh~X-&_7>n)AP%_c@2(;mBw9e9geU zfSmOYkjW6BqeL}|?a9C7<$Q*Hy%o6;J_bb5b-{_g$r86y8T)?0Ar)SoJx4#Md6zL)Tj2v zlRwDE|9H;`DikkYUgYJ#ioskn8H?}ZW_gf;Ps`u{Xn2bVO++gJbA@{^VLZ}abZvW% z4p&U+Ndub_#VWH*e#Q<+R!D5k&kk)k2q};+c#iZ~=2&qf81* z2)SW0cQn6Qh$lnXX&aShx&-_E9(Q&YZUE0wpQ2>W)aWc{I7dCn4KrR~_e5kZjnrrv zW5@Th?1F`{DH3MblK1(74W1p%n_u+zH@AASI>XPn3ORg&r&z+T=-qcuJSAjBmh{hB zRQ+mYDX>rmm>Z{jq)2Uya-MZw}rq1WgTiRiRJ6iGOmIJ%?V|N=>Hwcuwy-IYTd|L?P88VdO z^fE+@|Ag@yX1LMx$X_b0;I1wJ5zf?S*>|m)i+V00YjVp88if{J`0PenQW&+Yo~eEZXp~}N#n#L1 zU?N{`G7s!&r%{UZ%56domW62aTD#OQwt3>#PCEtA`wNNn@*LV1>dKQ5l!$imYk^r* z8!guJIOcrIrr_eaEjUb)>D+)1^HTm(w7-<>%RPQ+42JGCXJB8}A>HKWLW@LH^g?ZS z%|{JpoUnK94&oK${fHRQ=TJoz$?(Z_qat%c#c{JEM&vxh-2=x4!>4`_v^f3te+`Q3T@rbyOlUu@n(_0djJ|6C(970 z16|8*x4A4~CW(A7;UYdd-E^$RTIZq6c+5o;yG={SE|;xr2|vxWGyF3>@yE$+6f_8q z8clgyz7TLu9q~c~xvAaj-mTwrD{5nVfhE?o)^mHn2i?@D$QS@6YWC4?w_LZvi70IO z)3_()e6yT;AS1Qtc|ySFkuNaE9G9tHlj0hR_r83ZRzJz)@(~Aj&GO?lHm1*$^e)qn#n`J=5QC zQz5w-BkQ8<&)3uF2_~@*C+g{a8kexr5v|a~_%G1WlFEfn@tWq?6j6+6z%vDb6 zOH$o~o@gXhkAl+Cz7n1dqZ488_23WkGc(3o&-~%3Nku4D_7hA{nNtkK8a6D)`qg<# z$zOH{?;M?#u<8&^g|vK*)y}a<%pQp~MR>=4R4porZTkg_8$=zbOjJ2Txn4+@StlR6 zE_L`-`1={)dYe=J(z@?|cWuRp_o zdx+Umu>c=7mul5~UO%8Yw(OdKpw{T?)yZj{lK<|228B{|-p9RtknAG$dhtvSuXZjL z14DIeZheD+6dhJjbMj&VtS2s3;48`)iL$}t41{|)9=>)@JV zSnUSedDLmE=#v@(U;*80bT~m1`}jKtE5gVtUIa2wOuZhjJEXHny8W(G2-B`~ZLyj! zdG}U^X8ijKI5keCJS*mYQj8njBEUESE(hRi8(*{7IKc^aOYP;ty+xEn!I4&iiy%~ZZz@`oF z2mDw2Cc0#cqpe>5Qm7-D8DN|Fyv5P$GO5L7^HFZ&ZG|_TeN??Z2S)P19zB}|Qdu1Y zfS>}KckFI=4)vOfw5 zd?a_%XBGg!7k^ekFu_1=FHit>RVW$*D%l%>ZS8TIOB~r zJQOEg;Z`aFw4=;s;6W*pR@8G%WCH@l!=kpmXCc=29Y)vP!E)?ubnvnts1yX@ba%ZB zbF!IB+7Pogsu#2k56P!Rt_4k{G?fD28EU`3T=Cgv*1~r~rybohpo9)sKfa@)X|X0i zkcFPxx!6=QF$9e`$U^Au#)D&$!SBm?x!{t)TcP-CWwj+EKT&bR{Erk|hX&w;mCsYB zP;vW(6IJKNLsBO_Q^23@GVa&NB*q2b%^DuHo2^VK6+q}*AMsmV(s4WssrUy`hc zgO!I_?^Bi^)@l94l8DvABXK#dH~)QlWtosY<5ISgBp!4LPh%->!Mc#(Iu{7yx5M!L zC=kyog=D?t&E0GxUqSF$7lJ}li+jkx)2X@IuyvCbRbx!QYXAX8noHf-WpZ+|;aGCb z?y7rK@TvD>Y&B&**ID>ZAnFS<5@U~NhQ8Cm&{WjN`(5qd1O7GbOv5>W?bWkIyN0<$ zRdi@yR;6Ldgnpeb-a=bhi&ryj>SwX!WpllI*t_N0rKS`USDW2ihtqk5zj4;irvvxd5h^RyG{>VO|24Emwax1g%h`mPHZDU_D=-Z3s~?B zI%=o_Hc1%-fpZvSc9)6fC4a^E+8omK{WccdhnmN-DkTIp5Vd8&#iCQ0bQT^p2j-T4 zIoMVOKkA>>UXJoCv1M~o3fL7IEv8k+N^Etj+7#k_eGY(L2hB@mIpgLq(r9SPe;8=w zTb`MR`e?e9YO642K{?Jbn6!<7pWkT&iBSR7ZYDU2m+pP810(|z=u|wJ58-rZnE2H_ z>Z8F>jUnct%k$q^T%1f&QyB$D7 z4~;5JIOc~47U0gUW78|C>_!vA9&g8MSILZNCbD@pG`c$^k@n2Sr$(I?iwOCmbAV)q zzqy5F1eLMs3nKR9udVX*K-VZ5<2pZ_d(m1WEn%z3vy{2|Jxv>b1J+Iq=r)^iR_FI^fXI zRkIn~Y#sm8W;$Z9Q)D*gldo_zRo7hGYft>#=LU{sU;jIq2g5R*nGe@7L;HVP$6rTb zK*5}Oda-1mKTGk&y%3XdL34)Eb2-Esvxw}7_@UiU$piGJ5x)vQiyaRmqBubFe?Od} zQMG@;-3O&oz|5FU?r9C3Wy5d_2rM8JBek73q(I6|w9=dNZhK|$^K3Qe(b0WIA*S-6 zc4{|9B{S@J>o$1y@Dp{oZemrcr9w53U>&bJ7MB!VufMPg0@-n1N=k6JrjV+gY67ZI z3x6khy2#us%G_M)+Q$Pe|K#{gi8jxhac%ilWB)Z#i0WGJBEV&J+Uu-Y0L9LL6kTOe zfjBsf=@;=J6|#wRmPriCeW=yHZZGk&&QF)BVUiQBXKGEkY0BnfR!v#M`)a-$8+nX>7SOA)qR=4F(xHjjN2A3jbT?UU2i*6-5PW7=MK?pqil@7Jsq@*+TUi02l#2O_DiBlebCe@CZ_b?gR2NT+N-iLJO8+M^VQB!~P*!(% z9TWeJm^V(cG4l6^P*729;LtY{k!sdg&@t|7h0qu`qAoJm+T zqbsCEE6!85x*g|RqOPqh#tHyf-BdH~oCLfm!Pi(7DPFC#K5GoaHMGf@%RHJIbN&*H zLfNp@R6AtB*g0{k<6W(=7`pEnpAzxsJ4&Dh!UmJ%N*<*@msl>3>y1y;_Rf`6Y_R9CaRJJpILAc@ zoEs?TEef+;;?Enp#|gIS$dj8?`cP;Jc&1j)lccWYf6z2SR`@#sTbmfT!S#M`isM|y^O#)2ZtKQS8($Zt4b`M^4OIgy8~gd)86U6&`{n4Z!cziHdTo0TZNdWlUXzHw>6yM> zBzbgAZ@_v8(XZ`b>XFegLz;$PqcG~!|L{9)v4uaw%;xCQ6n)}IquQZR1IB%@T!hzd!as`_sr-&e30-g8j^)?ypK@T)mOKCchpeU zS-7a=42ZFB)4Ns$q~3ep=MXti2YCRJNXYZh7Lg`KN~0pWj+b5<)y#>~VV7M`A+4Cp zmU2u6*6=bi8q97Lcb7Mt-Hk5hs91ojKHTre&i~CusSu1-S{7vl7o1(J#ILX#?H3R2 z#rmiwYAZvV+_l;~3~*Oojm$|M^nu|fztNHcCLs0w%kB`?LNhf=Z|``{i0G&@WvS9r zrx^1;>6xyv*0VUVfx85eZ{(6G&(ic_0zZu2vwl$@P6bBEBW?cnK#( zbNM^8m97~cy3#)vfy8!#fmjlOLQ=8Cz5iks+Cx1_*3svJaPj&YvN*5YFW8BaCPI4! z32hbp8NaZ z?xAqCmt_pOz#8?kR7Jb@ECMOLvw9XQZe>x1kYd7zDY41z+k45hs&@^eI?L7TB278@$6Pszs)vI0297Vx20Sy_##9P(5^~G zLCs+t355K4fWaFkN28ZNM@o?t=k?kIxm4eM3!P434tEkLn#LC(4=&E+8Fp>CmG&5e zJYggKD8nN)0Kh_ z$2?>gF;;F{zawhM<1qsL%JCj?(W6HFyVC}jr0OsWB%`8;EkzrAQxtq18~bL1hBDq{ zt(FZL-(-7pD;qo_VP*LtmptyA=3kgB-Uhvo{L$KzvVM<2aWIrp9S=BUhyI%gI%s%2 zYPXO~?6a>f1FhIl6o&))Orb~U&^xttF1^|12Q%CnrLjfXU%VD6pmY&PCw zoHi9(s52>*3ldvv#%L-K)6w{KJJ`B>bs3=Lv~`srOkfTcwnJU2dr!y4Vf;0J@*S+W zfomei<>*zT(n`-$bvMmfDxS8*;$*dxj9Yt-^npP%t+)nS=EQHuuzJfYYDz*5#9bf_ zOP()EmZQKGl>7KM4!s~8&%*d&v>AaefHEr*u8HV|RoL$?k|o!=FEt&f&ZTWpanTx8 zuNcKFT}srSOUn+IK7HEf@ajHk{^aZaCs&`^2t}xJ1xyQsXm6`iO$LH-A1Q*#;-`M=2(9*l(xN2!cejt z6Rpe%X;r)pu^w3OVe3SVs%4YD`$sJSk8wgQ!- zzO4PX@zKoW(;moSzWh8~^Sh_g0QP?B`W6(AWTdqIT3H=)TvItJPI0zLk9~P~ zE~z`V7HCX9HmE$Gt}FWI%7Pk#m=_y20yz>K8AfP>U)~`cEcw^csibfH7XKH#5&7vr zmE(o|4!Rj#374FGeo^h%xMJ(wl&)D=gHaJByeku_qG^rIb^9|< zwETd_%@?CDJFI2E__#}6jD2=Cd@hAQC5OhsR!E(h->w?cvaI({%*2vA_C)xsS?e%p zRlc#Qw6Tq%pPMK~A49}As?!Xu|06>}$|&m+551Rafp~URPjMg;qo&jSH%Rg9__Q&x zMa!p7vrix`GufAlUkr%v7L12^{2J)p&*8*s2EVJV(!Ld5kyr zjC@dUccr8m7PUQL1@#H;h%#TkU&dvNddAGXON^<05O2LYv_DNJu}U+3=s0O0VqJob zxjBgaBx*n@A@5E(^rhuxYKj-T{S?>fb!pI1#=x5ynKjM>emg7-+7O6{@Y~r7Y{*hmiv5Bvo&m?EZSDAB*?~qnN$F&q}K_I4*TKQ!3L{!{4&&S+kSm5Vd>QLyr^VJnWbOZAe(KYZW z@Owd?H2l3l!-uAgK~O1hAkGDJC2gmc2kdF|BV5WtOaAZc_1~M!txpYz6PXaK`qd>{ zJcQHBDtn|g)*)U#;PP9GL9=Aj`;%4;wJG^71F5)$(Ih&Ewqt6l* zA~AIjGxb06T<55Dua#dJg)?6k-yw#KUlHqjd&R6v*R`4k2#>NtLc*A%?3*w00x~pJN;YcFpKu7n1gzPj(pNy>DoixYvEWYHT~q z4%Q)Yu|60zg-FGVUclaTvC|?@TZqC{x_f!4>+h$`sl~w^Bv}hgfLm$m8l)lV8Mcp3Jey;wWUOQ6xTRQJKx%T1q>+NtA zt|k8sswq7qfwr~+f%Hnr74kbIFU*q5?z7m4pq`J|6RB^|2Eg$=_=Rmf-*B2MME0XJ<*K$!?gl?O zZq2gt&xLAfny)C+49v#U^7cemFT0=oX~g#*xkPWQzqq5MW0`UFk(XEv?+;8b!Ij3g ztqC~1qsvH^jzuVBCqjMr^rxeLsGyjDh-uzKNv}~fMs*t$;_L!fT;A8noM9;c|29*R z3W2}^vYG5{t?&WWU(z?Zcr1R72hAQI#XI`Nlj)d#n7&VI7!E4%hGcU7A5ezTe5vXW zq#tevYS}9#rNM{g>m?hLFXr@D9j)^mzFfXvx1y_Fe$S6Wyra!KOMAYb=}RRZxxLd4 zd0S%9na&!aCZu#%w2au>%E9`c{i3C4*BPBNE@fLQbcny-kDXIQnfVNYqmSOvbQqTZ z`>oyP#+s?TM8N47q=r|{NU~M3{KYY9C#a$Euye=GEZX zoc#y#g-hCeF}w9oV!mul9|=?^k8PGsXeLNN1f zuqDA|&vg6di}}hylJL`K`tp8_CRa;6^%^U9KW!guY&cSBsfucK9y;U@VZThe0n=Y1 z_#tBX=|-riL4$Mh8bqQBeV)S0zrJ7v_+F^$U8!vyO)!GXE4?Of@2EQX@0A2^nmUgn zA=Ui}U)+92kbsjQb4II+wnu3%Qgx+`Hy%gXm=L1N5 zMZ5v*aM7m451f;te z8l51L#mXgAHZ6>IUytdb182>YIx2N!J`<*ba42;M3wRIzpf96F73C@HU(tR}ziWAr{ zK|3RL;#k6gY@oliip{iqW9iLEHdOmIE=;>g_Th_;#*Tli%o)tp4$25@3T;HpLML!Y+f)bjgDs)*+q%}UoRSEmc1!U%bH&rMb+zS|9xRm0+$3>QXGw~;ND;7 zwmqMwhJG8eahR7q!QRX9TA82Yf3t*l0SDOSq6U%(+d#nVpvqOZ$G20GMYKC?aNooy ze<0#I|MhqHm4D^}^yG2GnOL+|AANCC>A(TVW@$W^8%${Tsvvd>V2bmqWdYe9^-U;^ zJG{0#h6B;mWO#t=IofhNy?K>tO4hj!T3Y~BN*Iw`NB9;TzIEMVsTPl-Wn@fvSnV7q z&(F+O(`ZSbYgqCD`Zi(;z!Z0Cq{lE0UTkVwk@Z>V*83e8qoS?u7{KOG(e{E zbN-`aiNlb@)Ha0?b9!7)?#xM*r&LW3hw4de;TRh>&l$m7(I1C``if0LgkHSHU+mv- zYks)s>vf2;BSF(Ab7A0)DFPa18S9L{S~PvD=UO=RL9mPNyi$$dBJn>w72M%c5^>dv zZ$+RiD=1quNl+#BH*(R0)XN2|?^9JtEaJ>JAEM1O0p?3?)bs#d_oXV~$e$*YQH%t&R7l zxo3JsZJV)eosY0=>1VctS8h~)QiIxN^v(7jla!& z@x=H_K)>6sn8xnr7&((Oin-wzqb9Q<80Z}OLWSEOB<3q$pJ=HHf<^YvXMo%J4g-8A z0EqsjcFy?Ut9Rys+$l32U-*6)N9<@&ey@b^Lqxr)YcFCToPWBHnoD}E>N+TbGZc%e zR5NecLw9L03EVuU&Cv^!F)6l&L5r5C$y8z8JE>4+Iu~&nfAFRT{KIUy-KJ z#b@$;CVp-`@9L%+DL##XM%vGX^&+-Tm!6Pcp``Z~LnqZ*ehRtLgyS5#p^;evzTT@_Q%k{L0Pl>Q9Ff%dZD8 za(br=vvyBrx!K!opY-T^5lJkB`e4Xa<+SmgbA>3s1YO5`BB~&GvO+r3QPDFDYnJ{| zv<7&Whm*s?aOahoQ|zg8@=dPu7i-VtRyZ7kZ8#H=L-FI4yB0z@l?vQYg9uQ_%;AM);D(V2_kq$sGM2~ z7(tBwiENG5a3m|6N)&CHT{32j;C} z9UChfoooD)AWIh|?MRiNbM0xEV$F|U96Hy(wB5*70B;zb??knRRaTejN(QQ_>N0j`(-ZLrkjhsLx7?pivO^R}$z zzg=1!vGqOTw_spaVdkKN7{?Je5QJ8upY&g@K2h7CSl6upp@jYmh84fKw*G6{7q-EmK(@$6Q)&5tA zzAKnxt}li5U*h6l_yS(p{|0^d6N+*4<}^Z-s>9Ntk)tk9seP z-*Sc7?3(Ji80x3&0{~bce`!!>Fq;BfMb?Z`cQXOXvSjtEBg$I@5G_tLq%N8M>rG?eR|dM3oi# zS!17(&sk*8mAyZaTVK@tgt^C~QZx9hmr*}VRoq;?ij0hM4U$4WX_rr)g9%3+Z~WeG zf%JB_qzQR+cTSI~UT_I7fZcDnIpUU=t?D(vEQSVZTv_?fe_RId-1LL@Qemo?5`I_I zUFS^f7g>!F2)(Y<7Yesk#_Q`LinKe5qSfaD%vL9!%7xppc(8FUCxrcX2y^>d^Y{(h zuOZ_6#4YHKwYH;}eNn%2)e=nMndI?w6Wi%jtN6IN>Udniu$sH35Z0c0j>YPY!`c|G z>garlE~vr03Tu6yqbgN;Pz>TTptymVsGX#@mmU(Qto}{r$`+!}XPxJN1-*@O{}xVC z4G$mAt;TM04e0z#KS{GRs7qpGt;RRhDZhVMP^A>GueBVn<2Ep~yxJXi(YSqk9$RTJ z>3g`%th-*EiPdw(vka2QQZl2r0Axjf9?>?76=b81h# zphJx7j*imJ{)Ri^MPh&BE{wuv)*~yFh{H$>Tj~9Ylajh!_QUA{$(bgqPRmDnpdVTR z8SCb`NDYvH3h{b&-_=fPVT;8B27q; zhp$ip#`Y>XMzKntznkt?=oB(f9aUMribr}G(*=D0?v?e!F)ttG5CO-7PPr4?frw_r zK@YNuhQw6&``I5SfM)hX7mEsmLeXfdF@J--%KK(Kc}0b!y$M%*BGmB5P~l61z7&UA z81o$s9p_G@7Y{TurNKnyrlGIDZ8DspeFRNEE4_PaqSu3#s@^U_$b6+sLDnzGD6~T; zB6#K$byU|6cB1-oSsj^424|(>WGV7*{o>As6&Hz~B&zRP>TOm{skEAXnX!{;{y9?pr za-pZf?x##Qtk6sghU%X`br61Ps_7pkBBiAfDjEl;gEMd>kw5{kbyf1!x41h9JL<`2 z6$eF=!^(2)caSq3_Y8ukBZsD0JXV8(d9d~$@nF+Oo@;T#>R(hpoFgs$KQ)%AN3ts2 zV-yrpjZzHZ9Jc9)R0BRCk@nlzH1L&yR?D|=Ap>-G5~P(k`7!8)m2c@f6P`y6f}qvU zb)diBK6gXL#DTMA6RDHCRh>6)R?aa8n(II|+K+Ha|HD)t)c`)io()H4PK&-WVms91 zVm>W$3Fm&H+YN|RH_7bECewfjpp2yJeMwxXM` zU}um!&CF=dL+PO42c)G*05PjY;mw1o;c#D*Oj&{r;;@Z}*^e<;Bl zGdFI3FZ*s+bt@X0QSgTJpVgb^-4`yeQof$DJw37dtRffT$rychnN@;SxxMneIDIIT zz5hy5GiF*Z{o|D2%h&~4f3dwzng7=HFAc6bZFie&T*dDCd2AEwn7IY_8M=`osfq{n z%T>|!JwAGT`VL1<*Ci5xKf>$psQ)D7l=Pr*^2J%4+kzbH)ef|)$3l@i=_beK55vEY z)CRe%{n&elRhM5Ye$QGnG7JU)TV)T_uy7?(#4_{Pl%qDQLZ&(fZE(A)42pVFt1l#qpXKliir5lmv z$k4g;bcb*(U-_+fQZ#ntkb4f#&Z_i>$Ht^&f~l{ab0RNMvT)WFVwpER{QX{eTl6bJ zd{9@xr>EI|Z1<$ta3HwO)Ippt$p5WO2TH(3`mg#?nta)c>~(CPid-%Tu?2whLM%Nz zXh9T0A6bO{7)|05mi;biu*~*ZU}@hr0YfvFj%V+d&A@l3?jS+l z-<2(23ju?qbu*=NOQ>^( z&AEj)1Fp0-jzHDfb_>lYxXDwD6Wkb^xS^~RBxWyeK2+y(C^Q*%bU)sy_Wn6;QLJrI zVeTUW`ITOdNlO*#*g3@C)Z2{xm~1U}PjF9kCtO!LG&;Nkta%0$C_|4CBP01+`9yAu`31|Saa0I0GZd{<>T4onvkT+^<2@$lUj zFnqnqKfiI56FS+JvD7P|v65cwXE_uP9LVaP87v#&<^FLe&Z z5(q_rOuB4M`a|VDqmfhYBBU-D#{BL{P4{mea3Jh--q}rdPSPOGS(jpIx#IinPfwL^ zk74?`_bQj1WQl!N$;y4%KBu@(oA|;uYfq=>$NFb28pcQr$qd70lAg_}Nd&D|V`SQ* zUDWB+4gtqdXJ(yKt^6Kr>`VwgOXH#V%#cTwCVSb;ZCH%o#3h|#6-%y)`%TDF|JNP- zl!;g~5)A?s8vH#mcJToah8R$bR;%$N1Aqr1Hoq~|eQG8MswkUQ0nm16f>H{wkw#ai zPF^Vs9hKoqISbLdMr2v#fW_y(%#b=l7+#X8lt*Qd2uQHTZr^!LzXJ?W$eYSH!n(He z*JDkpe1C-F_M0nnNAkOib6_bk%^AN!a~tCHzr%z*dDl4^JZ8w)>x68Fs&VI*u?cY{ zG#9sf^4~#m#6f56jv#KX%l1_bT~j=r+wi4$%iHY|3zg^^mOrg!uD_(}Hn{;S~Xxuj|GE2omkH zm4aaOc_>SuM*ygPi?rOUcu7u+`^w9kHYVTgr|MG(*y35(Je{H6b0L0|j>uYf&&lv7 z)p|fu&xx4`a_vM4bGls5i5aK}>A6uFZMnnmTZIo2nMKD#u{$Ez|jT|+Xoje_KM)ekEEw(iSU(cj6&C-mSlJfG=0QH?UXz6tV zko_1-tT%;H^|Rv4+O98qU=NIAwHCkX{`e5I7RLiY)!*}jm$DUq z!&4iav|Pb**~;=S{eyV_!lkzxsY$#~L-Knaj6#V;51h+qtkj%ood{Ky;rc+|{ z;XPIVDqa-f4lD)Qgk~!<>q11rX)G4GlSyv73ZXqVc5nb?r|KfnS)fsvV+srP9SOhu z^4-Pq1UOM_oKe|DrZTv+MxAAI0c(P8$6Qxhw-md(B%AjBk;_=ZcDYGG&RP~u)v zTS6FKf+m&9ZDC};7>QlQKMkP6Nml$DTTDnpaIxFCJ0%fNa1@<@U4lS z8FB%h1xcb<@(GX_{t;O#`aD+8EZ3)1f)kJAjQdAHR13{z1Lc#%3bqQ!<1EthFWs^6 zK7qhuF8u~}u2NI~veDD_376fWM96Ic-=kO1`DyjwaTVqFhHoA@RJIsj)hKs(+EC9n ztKH3mv4d8mRmeB9zeF!y(fT^dg9~_jNDy`-mnJ9wQl&7OKWP+qfTul{TD`5ZvdrS6(4)UBtS&1LlH zeFhx(;;|fVD#kOWq=(kp0!~zFQ>;#(Q3L{NYruB~q15eW7a)qbBB)9Mvak2NH=4eq z$0y2={n5N;jF-BwGfI^}Z=LDR+PZ{Gw7SS;cciY_1^-WAA_K-Rq}wcAhX$8qCP(%( zHI&Ot@-CmjFSZw7%wY!;Ksmo#ROq)rc!?j43%YsMxn-aF9v3Fyim1&0SbMQbzn88O z{>Re{upk2h%CO5W)JZlpW~OaO^fx(~`_KksAo5QoLC3z6A^5T5M#c%Z9&h_SOWIAo zd8+NCiDG&BS!ls{>J5jDLJBJzv%l8NDArr$3@}iU!9SD-@+EK*yZOIz;un7P!9cY> z8l)ev{4&zlTS!OU%Xh?DaXnH`g$w&Pm+X*IIuV)tqw1RfN3Sf{-Z=0L=FrrnYKD=v zw)WBHrPB_AX`y&Gj~EMF0HmN!Rab6{+w$kIYHS)*2MGhv7d#TMK?-s3+bcN zID~?H9G?D}MD;@=BU-kr_wnB2HOjE?0Sx-rR(VoT&NcepOW#fCDmv`ZM7L5m`nfki z+Tw3_UQah<&2TI%VPfrlmTl#Uebs)4TRW4ThT0NSZks_CDyT`l*k6h4t!?5c*nW!C zbln#NB>Dr+{%JL6iy>WWI7g**f9%59(|?+At2bjoO`rCMz4nvO;^UeJRh3WM(UVUA z7UHu22^>;)LKk9q&S`r6NonFc#+G6b!O?x=BasFWR=oZk$ zfuO7C)avLgm2DbD<+HwsRY#`)w@jA{9GF-ulPv>l_A!Lwa9G=rtkb52!hdqhTlR0G zynz#MV@`4+qd;vRMG-sat#GIRcRlbYgV;RN!Y`IJU|hDE{Wp^&FYt}CH!l5LM%K9N zvJ3}=#~l2YD)}cJ-t-PpnTdl4I!xqoCQSlU1w`O7b${yw4zZa4Y;TH%UUI6k;ZmaDyPGE+FOeC ziYKp!+PpE)HJ4-+RFOfGM62*fj?ca``02ziMm?Mj%-DOXBLXZPWz6L{GBG$qJsMkoZi1 zsESNpmGz_k!3@eg6DUbY)V1zb+YMqHjeS|FF^{Q2e$=}qdfYDC(vda^;Skpm{fJ8L zx>Y^9JW1KPpdsCQeQg%%4!rG}blGjX86BqP2&Qde`?{xS9op@R{`Ff71!nfA5Q~BW z>Os!896Kzxu50Ur3~4|(VAjd-p_A(f|7EFS0;#`WCt?rQhmo*9-q!*4W;w+V@qL#w*y@Vg`m8g;hc0kMsyResm%&Dy5r6WdBcB14F;gyczzG zFz%TTG6z4ItKc*G;}Thf>kX1yn1vp?B#67zo!*X4_DG~2B>qa@S$CxBctVoapLi-~HwneS4Q34$W@S8(u?eN9+D%jpnq35R;>BjjRHHwxCua6i=&kkC%sz z4A48ih;~`Zlgz^zM|Cc-w6m}?v0Hz(Te_3&5~R8QXs_F-y+DchV#IuD&%E}k19J;J zq6YYA9d(I|JfIrDTwl%!E=uobe_~&%AAW?>5hk@Y`Ut3Mvc4iU-XC!u0xYH+4$P25 z!=H8{JsVs1@rPiftjIm!lfPyIE~3>qI{`ds0f9aLNvohpBVa>VQZzFpt$J2N)7%=9 zgv&)WetCJT+~6V*Dlpag?QAwMctY~4RDPFK7>$jK;_qVJnTTg04K+>J0pO)+{C#jN zF%c2ncXFNCV4=NT{Onlj2ykhHD69e(1w&tRANL+Ijs<>b(QyD57XMs5-e8QE{HzQJGN;Moybk&;1wblr#n~+;0 zZ#g-1J}F#zq!C3cpN0d6yx52%92?}oPd=S3pJq4jND2{}f4WSc<%V>0uE)(0rc4sb zvCovBAwJw6UZUYlxPK${vOoVfP@*;g^b8^QzD>bEQxHG-RTZ7Y@{Bc;JUoH*sa?lV^>A5A2T>j z6Y2}nd=%>Lsq!|R5ngRscTeM;eY<~B40Z53-Q$O<{4cIgpeAnnfI-C+e?d{x$T(e} ztl3ndz9Vj)WkA_!SP=UYAqZ1~z|toNZ74__L?j`Lfm}yl(+WoRw>LF}jaXIU`-Oq>A_}w3J;|!!0 zdEX)&JG|X;grk<#*;I6NLo;=0XvAB5Zv9@!*ik)i$=05K696?%Ht=B{qbz~zioHmi z9S0`62x*Cbf4~O;x8h?lSie`R?~ygbk04hRIT?faR9j8WrHsB}JQ_z@ft#+{j&6yp z#t^pQ!)Pp5mk*+I%>@P+r=b#PRh<(YR5RRtlrEthxH8rzbr5YxN`Sa*vJHdyXN=FH zMsU2ONkLms4u}+)?SyUoVstu;sKpX#PA|{y_J$swK{5Fa&4+4VS}tgw0{>#0ptimH z;AaMEYYNkSJd?mG0qOg9j`9&0sG_k zRozq)`6E*2p>7k#Ru@a_JR8=&7uMS--pye!8insZ7NV-gqp*EsR2lEei4W!S4)6)A z=yMp`BdsD6aTnlhLTI{sn%mZyj))6|C=C)^lTtFEgW#2l_iwxcz88=Itfx*G>v)gj^D~F(`QLC zd^v1984!MSXZ*=K)o~4Z%kB)C9h_m+sCd1P1Eaj6`(2|vZ4U?=rBt?!oOT>(-tL?F zIf2?2z7!fQZm6z8)mYzg@rL*)`g3&ObwPnkyO`$-C;l(rWUBp8P8#l3jX5mwWFM+V z#{}K87SR#{bEbdcDmFyla#=DH@WB$m6QG$Op}_qPy?K*R1$9va?n5V{J5N)TEu>Ni z)Ha9-J_uzE?++Gr0aPp-91$BBByn?bS+E0cpHi;U*maDTSoK0*8|uFeeRHWf;(kKI zp9u+It>iJICp0?u>W%d@y)1J>Qh^bBLURP5O)xKyG-;ikg^;SOIO3DGHVm!=YK{gsSKXgX!yBN8+A30;Yb%EoYu!FwhaX*cR-KO`0r1{Z zABg3Wi*(J^%TZ7e^C;Rh%wAw{jVQ=5Gm3M0eceDoWhiAz;U@LuVy&v_HzNZoq~IesgDpqawb_eFi>RIPe#>;CU&pU)RXNR?R z{CA5Eepj)$XUw&!!DdShrZF!Ual%Wllg=TD^$S~mUUDMNJ9yaHX5)eoxe|pVW?GiN zvv%{e0m{grM7W^4@4PV&IOD&pL7AoHYP7fvw5e}CZ3KtP&klzThyt;m*gGFww$oGz zP>#fkV6B)AMjq@@35dx*ogc7Grt*$?!QG;+6%Yk$2xXENxh^Er_zygrh4>-zxQzlG zUI^r5-@IPA2Yi$}b6;{QuZiFQTChg2sO220*#kA%dxRSh*?Sz_uY#CK5b-C0$cRgED5;Os|+F z@RtShtlD}#iOUiUfX{Df8C!LSR!h~$k3$V19({f2vtcErm6eS}Szan~K^BFmUvW7e z%D%bP@zai5e)j&@{mJN{v(#uKkgx%2ObK<2Bp0l!@Ee-?U-ka$|SgE;7yE4ZDl+{uZ&Ym6e|nvb?yV$w-|BYU}vIf+9cORl3c zQteywdok=N@}!&LvRgKBe|etcg3_^1DV2WGHhrT1G~bc{R?vMN8`VCo-9$XC5NqqI zS#qyE`yCgi7$#kl+6zBiR1!(a79+_{3%5a=VLld}laaC<;caAh#=U;`2K}1Hj*}&&sX% zpmPgY;R+-c1+l=7xH8qF?Zh!+jNW-OYqJ%i!w@&NjEm-OkL$~kuUpfBfWsY!gZ*kR zYiCNu?Gm9{E8JKI+M*TClnmEwHB=B@sAQoeGLjLfGyJp9)JRN+b4 z3DMY_Y&Pl=82*!HtEvC3x$adRYR0mRii*00rmXQwc1sIg0t-18StfG4EW=ViG0YjG zlr*`rq=7Lw4%KP%>{5&#NF^7yy*Z|F!nbUtGQ`ePWfu$2<;l>Q>-`@#yl z$2UM9usm{M8^HYSkEzip(URUQOc@=$0)V8KQcBQDxe`YyDT#CF2iu<;;p;~s8w9m4 z<@00y?0k>Dun?#K*$zhpHx&!pg1^xgW5^GpFqUmKF7#67vmPC@^xRi#mxNRIkZ@^M z?@)84$<#PG3DX@ai!*4`n7-DyKRkSQ!V%k;{PB; z()U5z5a4Yd&H7~)f9+@p;xN)Pk`i_K8(IadoZ%g(b zbkNNQU(EbcjBZ=ivqgeeI(8xfie~UVscc<{<0+a!XoLr z^y27{>UG2FOOw{^yq%!H(vL9IidB_wS1GtD3yd-T1V;z9waqT!$72pYqs$ddk8FB| z5107VRYNo?1~5K?`dpHM-lD!)HuuAZkA^z?PsiBq%covf&5+krQ#{HrOm%I~1>{!e z9m(HY+S{%C!8`?*khj~ZF*!7gPRC!U6-U})Iy<=&yKI1}aB{>Rv&fKxpfn&2Avpu= z;n$Z_WpBn=q&65MEu-XU%_clNALV5E;or;mQhW$MRgBv9>4reg9HuwfJPZTu^$Q@W zKu;P{JR5=$?1N-PLMv;#T4>U%%ZOt%lU`FmVB6;wrr4Ujk*wcfF^~RgWJJ76f;d55 z9e|SE5LocXHph307NP$g<}UP|ZR6e&757ID1{S={&Gu-ltJUIqesRMS@o{O!Pc&_F zHonV{%HA;*p1H^Rql_Yg)8%!9kt7?T60IW~v}9UVe@%_{ir7j@PmgvBzbEeO_#B;$ zPL;4fcLEi^%YI+RLQCm~FD-^@I4jGc71GHq&6UTUqBpYk$5>wqxhDkhw`K{JU(!%i z#!ME-7QBde^+uc=?)DblZ%I%R;(uZ^3N@nj(wCyy*j3EVFNc8=aN8S5tg26&KDQc$ z;|#&9fR3n!QEjRL&h=&Gh+2klvHL8+-L$??JM&y{?vhp$=n^yIl>KZhiu)tlaR=_*DgR6dxs^WKu2{{I{ z-Z7%6J4N#r#Plrpb;!L)?_g9loJb!sE+j-4lvO|AYv%HDz&mqK!RXN)pl5-soiE1I zVoSb+HK|JJv`nH|4CR3+uVlI*!tjqkG?8*WzCSnbuyGfaAO`3E{DGZm3P1(^rKZd>?qJ?JO6=C~VWym9k{|Jc;; z##)!9(*FhQzO>nQW$xsFTfAhu2iM@|m-dg`!tFwG_+7-?YWvg4uk;Evey4`rn;ZMF zuQm>v@4TXYb~!G&Qn{z(hCbjpCtI*W+7?F>;D#t&a*lJ-=Z*^2VQr*P0_)}dsY6Iy z4kk7SQWNrp{3c=PJV+f#2p0Pfu8C~?B7@&F=WH=p0-3H=8w74fBDidBnU-q75W(lc zEe$n&Q;xl{q$Jrd?;+~d+wax z|5FuobJ8HqAeDEW7c(5<8udTjFf;)M;9}?E-ZUz6)Oi0xNIpWdg_PlDz>r!VBPzc> zu^Dnjxmc%^r@ucMEx`W8*W1U62x|3U**jU%q@d`~^gs$xOdYrslcQ#0Kd!8Fh{uJ9 zgM1osi_Z!iHe2)%HnP2-x#EnUfZu0X>(FUC0pTb!G<%$;M#5y-e^FO%$5CItC+>g3 zG2RmczE3=AR$mgp7e#`Sh3m(;0A&B`dqjDhul(UsyCsgJ3=Bvr4K`QsrSuC9jFk|T z=4pg7X$?z+Sw5aM*Wsb%2_YknkKIfh26DOq-6qVxqKfBvN@LC6r@YP2%ZysD!j84g zlz5J3H+~KAi%*IxX#VWdJeGf7a#VGkXC%dYs5;Dmu#(k|u&mc;m0M-?N%PSq%Woi+ zwM&r#;-m66QDqMJmNE4}kV~;BXw_cc=dJyeDkO zaB#p?;`p=N&$QfU=jtun=ZgOgnvT&X7WnpXTkha9FZ8@|w*&)u%g5BXYegVyyjye2 z_jv;g*R-C!b^r(r>-Zs898ZT(M=CRpTTI3uVlw~DF8w=U2rEf0c)6?14er2)xX?#t2KTjk1mg_4Z+c@@C# zuF16%@_OTN;&ayC=XSEpj3F{RfQAxfm%Atn#3oCk@C}cO<9s_q0(e4k-R+ktL`g1YYh%-@ zkjeMAu*k$1{e;9vlE;#X4b!`7wNe*yMbIDHK%ddWWq*k{kGR=XZo;edInsq8-zvt7 z9ys4Ww4HtSo^S_!kD^T}J(<N>lnJvt))Te9mcR(;+OJ|Oo zeehN0K-?<#g*t>$`5b=#_*lgdtalIcxp|Up|BEcWG0>N?R96RNSA}UP;ag@`CoPoX z=jZt+t+X>u3>dk81M)AoKDi0@3qA!hP!aLjbx%Jeb9(+#=W^55&7Qc<-z=||veW!%ddWhIPfs8L<>3DIdFO)n2bg`ooJCfWg}6(mk^IX)fSk5(;t2 z^}QC+;(iD&oyqOth%qlHYI?v&a6z8S(+4Qxk7TpJ0kg~oygb<7a=if~EMhk=p3|I{ z(J%Q#1x|g#m)YdpKHU_wN@>&q;70v#H|ELt?*!3>?xmlO#=S?}?6e&WpD&B-GHdpj z4C*?4Z)?X}>(Ao`vTByw1T2{i+1y*01ub(GGP$%|Si>bmJtG*{id{S-D&Om|TXBN(p%lWI znvVDzXUc4-h_vTK>MCLa7F{~UGZEo}TA;}1J7ho&33CcLad|56Au6z{;MeHa#U#Z~ zD(v?Pg$;W*MNAxJtF%&$Iy!#s&>V83EcL<7)x7I+Xl>VeAz1!HnU2N_eZXY>hgD%N z3R$r&7Vt*j3<%3seGwwzsb@FE&OlfPzd#=u%4HJ84_^hOU~x7+BV~MJWtd19k2O8soF9NJad@7Xgm7zrontm z3h6a{hyAYu5x4!^V?)md>@w7%cU+tO+R#ZPzv9EZ0$FRYT|MrmA8e>Ke!=_O{!jlQ zjd=_OZjKnBY1fDX=Tx7&tcr_a%f{v_ab;}DXH5AN7AGxqXfmSP=u8S@uu)6dtFXqs zUfvk7@@{qn?gv#P{K2D~>ReIeKsr6Xb!bAfwDC5va;ia%?$z_tk)cC@L(8`G=1KC5 zU*q!Y!zf)rD^(`xu`o2Nkqw{-R0*P0$^z*S!Mak?E^>;FRL$WT2Bn7*p}$0N#=@bW zu-lyzt(dH>`!g$vqqKsnWn+adqAgoOrAX)=0_;!8XZZR+0I(%3OyOS*b zo0~?938`9Nuh%_1TaEOiuPYJN$(_xE3;rFJq`%txAG}h$&SH0pFJkAFXXj!-Z}?$| z;(yE9f-G>CU^gYOOk%126c>EGF<@J<452eKpWnSX3Q_GULwML|)KM{0u1KAP0a{k)ixQ7!|g-$N&J!keeAdTN9FD1G;!WD1$) z86SniB3s{YWk!QKfS;9n$w2oeT;F%$Ax|@$S?AMu1!O}fq*mdZNOf~Fw!{|HFgsp7 zy-iJ5kdmClZzNrF<|^A{*ya&X!=`5q2j_{#NY2QiZQzI>?4S| z`t9{~{M!nl+gUsMaF0;~O_5A$((Dd^CU?P4e;}ETD7|a1?RFh&S6je3(5`L?@u8hB z03ltHM)tzN37PV@{XxA}ecXpNt&4-2L}Y)-uNVDj&2_SYV(d9;oP@bph;kwU?(lHi z4E79SKI4k-mD`H61G|}fdSLtM3U<=MdrC{n8^0ngJekX8@vtw^A_kC-`qB6FalJF% z?@;6PIwL{BpVG2Y5G$g^@oyUktVOx{tooI0Fqp{ghI#fLc0jX|!Ah8sPAKJNW!RmGIKG2^Sl16I2^~8ZNL~WH!0k^yrU;h%%~vSOsl7@ikw)Ezm0h@+dUq z0IKMLgQHpllSF=r-_mw%}&SpM2xtBUjIOnZKe!450coaf^Q>Nx7A9%pOF`I z#uW_3xc1LgHlwgqRbdBHN}5hf3zRc+Zp?m)mGC9*-oPP&o6+iUB(2P6C>me-7g29J zVbB>QzCvQR_}d(r^kJ0fgTE!VZU3+wvwRxN;MMqm^))AwQ`IWQoRrw6)In3QF&dG8 zTlUjK=aan?g^j1&+|trt6MQCJv%T!biE=}G>-b?`OWlOgOu?1i(aaJSlzq)yg5h!9 z<6SqLm29XWsczx4gZ58QSxt=wd54|bLEmtF@^v!?>e?2n(W>kHdA)nv!Cp=D* z)U7wO>A_JPQ-y$N^?Af2Dw}g?F^}wU%e`l9IVa%7Q`=V2h=H`^!00W#KqLp?kpTNn zk<1X;-$GYsuen=MF~-%&u08&?7Ax!_NraWdPu>z@y;|*x^ss_;xCGwb#A6LG9EdmR zW~O23ma_rd#gC24g*QBEIA_c8<}}rQt{1n)JVYdgp;FS_;;+c5_Xp9*17TbFnw?lw ze?yRDvxd3H?F}Jl`@+?!y`8236cygXvnylRowZpg&1>a#y}j6L2LaR74%DL0W={v% z(o0%Szk?%VcGiF!VO{>b1%3mj$41l#OCxz8?ew1rJqRY5Ai(hCbhiM48|N+i4;i{Y zb`$9RAZ-5llmOvV?kj~mtYB3CblMH#{ByO_k0T-e^qfPNkc-&8$A~A^C#dikx{obL z14o?)=mBX|J)C#_!!N`ekh+5DS;%Wk#D!4Rn?DS7d2Fk1({2-AZVQJr_i*`hrLarr z%Xz3fFKgLbc6%dW>>JdM*vvsC*L z{+PIv^L)Y5P)sj{=@_F*wxa2ovTTZXa%G{!hKo=E9?tB1Cgb=M=YuedKu}1`tTN90 z`;^M955oGw{2egv6TCVGk>38jirA}yH80{v;MdXKrusVB7=RUsJ2gLB|-{} z=Z)=%Xc`F3KA3wh9z52xf}xMV_9Qs(g%E%XUSg!b6xa4kGc^8-;rG@E=AXjS{=Q*J zjS7$sY?;PIGzI5nO^9TR3%eHCAvm2OK%~j}(FMd$VLSgghDWh3#yx#2xdk6J=nLlO z>VERv(kB?&WSUYkYIAvcEi40K)k44#1dREd8=~Q4!2w-@KVq{6^Nmz4yfS#PPNv5~D?L7+t3xSyn0gyl%1Hk?e$IAVlYY8tXY9Fx65kykQX2T-5j_EV9`R*K7Wnf zQdUtb^I`eLwbXINboXfTbM}`)2(G{Wh!Ze=9iF`Gbbm^FRqlL~k)EtLjqouzjPLDE zWaPQl^FG)20Q?aDmtw2D7AOOjrTIxyT_d*44bW|4x$6RjINnkZtTddquxrdXfy0Or zKpS%U(%p@HWs!(4xpgpuKGJ=z8{0jyFBFDz3t;Z-(~BJ?*tdxi(L9CHb)7zPpwSUh zGdr8JX?j4wZUZy6ySUxWIS=}?5&&d~p!gtNGNTjwPYHT)(~w-0DUufDFnSXqUJ^_+c_%^8f`Cob zT+^(aU`U5+0DUXzKhL0f^wl(p0)&&5*k|^k5GMSYS;??Qa7;N3v2#4_@O|9nJg<*c z7t7KVl|qoogaA&TscGp|Q&!eXVux@c0mLH%0G>*Mlzk;(6$tYt3Ub&dcj6`2D=t|r z*!J%bh^p3Jtd)qB6%371EVhEI2C?P2qzTM_ zBt->_-|&E%_J<-8J@!X|P<9aOO}F~(w{`R&uFL=wBS1DjWF&`1*FVPss$bVdKR<3= z>aVz!I9At3)X%z@7?_oAUyN(QXYRFIGaTcG`H8zqN-K1Wxl_5`9-}KK<+15MaR{y7 zN=hqb{=6I&0C+ZF@)8F4uNr>}`zzWUp?^y+*7pvq^-z>?&95phf_6Vs7N-Yj+$?@) z;tcnCuXVCM&&E8i-EDh3@_NbmJluVUR(jqnRe=y+&Py_Va6fXg zde869XUZPWcw-sXPw2Q|=C0TCoIP>BgHy+``{!BDv97gVW|{z2$13mnoISML0D3~j zUQY`M==9MAgHq0634;XyHTk{3YP1Mo%1#J`Yd}9t{joe-KXJw`+!9*scHDD)8# zVF*T)a1vk0X^)zEKVLs(pv@lA$J>Y}LifBrc72Zaf1+~iDc2vul<;9trKreoT#v;| zATlOn&f}?0BowJ7a)b@e+GpCtDh8J)2!mRDqzWdLkdJ~8gmwm)Jp|*t8A5?J_*rsm zK=&9SVQ7N`8YtSMg}~Vb0j^4t?{!iPr89Qvc~J!!?)@`I-0*t!-V{*?_LBfElbD_*@x1o&etd z5U%hWF@RrBKi2bJUybk5J^&Xq#ic$H6UG3)gRto9mk`9X+0z^VH`hV927>m5fFRHh zxL+50tsLzIf({x|n2xpOw99_+yRk2%7nm3mfPLkk!FO)>^IkBv38Zj`j6bhUy<_JX zXNY>(2IikW|FkxwfQSLPd9LO3{YjlT3^lPZT?4gU?FsEAI6h%Dh(B7zsQ{nj4}Wf9 zKHo18@5!3oYt!Q{RvI$NJ~cgtU$%&hLYgWF#vKI(_gc&$>B}a9iCg2{ZoD z>VW5>4 z>+Hyg&_I$TkT|w5q(&Cn>G8_Wh<5tI5$nF@d>}&?889qsGx5+F(#Pz$K?2nNyA$uz zl%9T?ad9vuK%y@og9sfwcmxrlbCpnFz7tKXBMf^*Qz?!6K!|H36Yuk!>y)#D z$*>fcR6x+2jHeVvPu&W@taW5AX=Ok+D7v+cG^LFh28s=Hon$Y}J?+s*U)U#S9e0GN zhS6o8O&Vhg!Hnadu9zd`-=Bv#f^X!!tHRP`8aX;UP&rSSmoa+k8XLfr_ClZ=BehV6 zS9V9ra9gnCM!=^Z!U2{c6Y2*BoZInrW81~_^dzZ9P}hC1cufo$k_5jt=?jWP%lLNv zZPFbWiSOqpeR%&=Si@HI1W64d>y;pO)}^^25*E-8JP#ORi^j6bY6N5q!wv#rYL&QGz7bEyN1(2bI%UG6qEj^BHw7(pdt@w$un?4m zV4u4X1!7$Ff-XwLnD1(;7QdiS35to)vK1Rn?w`h0>UWUw9Yiu1rw^u-Y-grYr;Nw&{EaxBvdvK`hoAt=Xj$!DRcm-EdR zW1KF}#NV(tln`I=K5cNt36GG$&C?vqr49O@Y#u)3}a35f_|6oY7yWtd4 z&T&p@Gm(lRZg|anhJbOdnT1kvhge}rCYCV>Au%CF8k<@XaX(zrK&-Vkw;>9BC$`<= zHh0HH9FxJ2ZLocA+1K6Oi#?%hH9+BHWlrTYn$y#)lt=UaY_A7{4(KlrBHc*AwlP+2O8u@Mp(1lqRx2wYwf+aVQ# zfQl0I(_f-uW95k_pOdGbdr{i3onL42g0xy%wg%#3aLlX$H>S?-EMH-fkXIK zKpcQ|ap_T51g1(wRgDIT@x#H2*z z?bb5k5m8c5S}UEc^^%hiCg1qNCuBVWNYWbfj_WUykA32k(%Do4d<7+e|Dd#1mtxm0 z2&C|ScmDiGhy?~~7BKbIM~kFj*LGR8Vu>{3eN*D2Bxtx-I_r*NY=ucTB;b)@LDF4Q zD6c;KS1CETSK_!OWpubSRuoHIWT+%Wg-TmZu_R&lA>Y1sX|F4jjKoOUyX_6x{PHtG zvLE+jUz<#$^Z{YLgbcV>Wiw=xeD#drgv-5T$+b z>+it356hGHV|&KjOd0BFlm6CP6;ABku|&Ov`TklrNjd1^B4*v_nfczU7Vg^N{c9ir(8#JJlnljL&`Su(OOlN8wga`RcY-9)| zy}^)tgLnYZLxd9%8VGYtKMBWncioWW&rS@MXqf(yxevzHO++eO*p(0=p#sFMCTJi~ z_?*`PK=hm+!H`Ce5iJijdh4xQd$pmbaYB&Qo0n>(Up&`4UPzV*vDUHod(~-hFSc?AcQwd-fH`)~!2b!NLXDX`xAe^SeJw;h`dI9UCr3 zN=p%RaS;?!K@g0<)dCFMPk#DKiH%Q`haP?$LV#M;nim(9NHVryEGjCNU3(5lZ)b~I z4Mc!Je+I$z@k|BIcfPkQ0k)6`q(J!5CEeKjzBZn$l1?i*%F@HKZ`V$_^y=#% zMCg(WFTX}<`aQT85g9EdhxhN2l0*BY9`MS`oh40Bdd!?n8`-e2mo^X@hWuaHFt??~;|8DDP}~4RqR3iH(kwnzCZ4EiaLl zx=Puzb1VAYA*~HHa{nKHCkyAzmWcQ?>FR|$4JJMDI_UyW0l;`w$8=q_Y`@M42mlAb z0EU8HFengHbIZPDF!NzhU6F|=V+Xnz#4P=Q9O9M(n?e4V>e`$b0rjwZrGS8m&-s*j zST83p@3AeL&Q1t$47DI2Qer5!kHoflJ&+WW!KT)f!@_*~Gc^vB;DI(dE_hH5Z+l7J ze&#_5?{Ac}umRcf>_c*3)AJJ6TPrn%J7vwR2x%_crwAb^G*X^^_GKw3EP>V{QnqY+ zSMI&{VcEQSyZ8mdOb*1*i!Z(|zx(~YQdoQxc_M(ox5$0SbFi>fH6xr0j!As494V_- zlXvz9|J78#@Nk(138WbrU2gd7L=v?uBm!w|K*siTC-&b7s7K2nn9@ObVoXfQ%u@iM zOg-{3P~b#~+JBntF`yvN`6?$0n~BM=+(=;{Ey2nBL%ytQ#>sjiu3f5G#~K-oK!99JCQHoEHJORq*HT!! zXki|9d4exIa5V$qQ8-K7K|#WucixMw?3PMBu3H`c zumAOBIZ$v&>-_o8?~(@}d=l1e9rC3we-nWP^W@4aE|x`$KOxQ7V)m8S-h!t5dAS`s z9%N>w!yT?h-UDO5e*Ic7nYXG18@2ae{_@Y{x#wTfsQ4Q%SSQt0)lviI{krR}P)578 z75EMRK7RW@$f}h~Wy6NGD!^@OZdFTyE=1xlD=(J=2a6!250|>yT3HUp`f%Z4#V2VH zG%)VLfr3KBo9Ti8V=i92ADZSSx#gDYEuJU)_U^&9juAqkK^G(>dHHjs zyru~z_5qTaktzod9oBd6hFN|_Mmhu%e}W+79RvYR1`Z2_WkQ`?eBlQ9$cJy1n{T>a za%bh}t`CO_i*zjTx~{fPg~Qod88Dwm07%l!_@+788S>7ycVyqb0}u=>k?5#Mw3)5~ zg$8UhxnTYrX>V;t{GnvI@|tVqy?5V}h4W{_!mtTt_Q_4xUMf4bzoUX__M-!_b+U73 zLlDF5CtLAdTX7GJFSb2wh5JNzXFG%hB?AJZ2ndD3;3l|ue!e{P;6w8B?|nrM?Axnb zX!ZeD*EKXsdRC5v!3v_Yor4#_n44Shjq-79f(u1}#KkAz8}5}At5(YDwd>TnfmaJ#JC zc!{KD=3vK;C@Ct0MF)5&PCwEG6D7azAx-q~c<-|z5-ij_k+9+mwRiVR6NnH75wXca z;8+kK5z6TQ4D46e3iBYC?sKa@O0LP&N5cMn%U9N}TP=6p z`3De7^JVw$y$BrFEk}=*%e(LH27z;leE<7Dll34%9zfZ}ix=$}OVvPuAi9{BOgdq6DiZswE>L|v(1r|x5Jp=d z5bL^p;NvKgiGYw4akc}urs3R;UD+kBmlT+mWBhX)rXW}jtj}_Yf6fO}fcfZC2un?g zqg5>efAtT;9Rh9xe8zhDXOo41g}}^*0H=N!c33*vig`~LA;b*9@;?qQp6FY0jV0qt z{1OT4vWcv|9OmC~z2fcx$;t7OoehmUP4lr{Wnf)Pr|TO!O-m)JZZ>V+CLjOU&2rv( zYvi}TyH{4gJpAYpXh>lZkd&AJ%eEldvE!)B&P!M3bo=&QvTp5i;GQTj#)b0LuYMky z_7vpnP%rVgl0AFAtUCV!Ak6{EnY&O@(HD-7_UAYQvXGwHyf`q|efANwf8c_MIH{Os%%T`EA-eT$Z3y~C9Z|vV+AgecA3jTva zeeCFT`BgyBff5`ZE%6XAgaKBZCrKGOFx?N4xY%gPnw1N;jS5+|`h3Yl`}K9TItDUk zHD;Y`p9$NlwjxNgv`%K!q9?6DG6fV@w4^YFngLh{H)Qcv=8}OSj2F zV0uA-%s;pJ%T1)8KcZgO^~o%plb{U%QlURTcL3;s`YRAO>)T=euR;QB)fMUoO91$L zVPr?6o*?)bF}45&36vx!0_#<`!miAwvl;@*<6zYrkrk=dgV+&k;j~Cf{DAR{f+<%? zaS43aB2@B!@fBBzAG9A;hmS~1j1#CY2IhBRFg@F~Yp;Cb_8Sner$HL(>tUXlBCA#{ z0}--Je)jYKh6X!WKKhZHBsVWl&O3hv2%|F9YP|f)8_ zD4SLsH0k$IlYYD!1f9;<#%*QX8R5GFf`X5ey!2SO}O@X1MJ(;=Ngl zBX9rs)k^FA;eYOhhWje`(-&dA4*{cIr%~dA!Q7RWmdO=hj2Rc833Zu78Zi{XV(B(; z)s+{k*89N+pH>0GOD}Cv^ZMCff_tHnHE4sHdtQVgFkVGP4bB~j3bn=8Tz$ENI)N+R z-E|O*cZ|Y?>-Vxna~-!k5UaE*7{)>jbp_UJ1ZGHDg!P+kK!6^Zgg|qE0RHeptM+UuLJr5}pKW!!+pt;~bums0!g8^q*gw-naIKrY_DT(;$l!`|&%YW$2M2(Q5qoUmdhJsu#gn zxP(V!KzIUNjsDc*eZo=~==~Ka+tJ-8t!R76g*O71V=HqA$WrE|NIUYbx$-vbcGfFF zc&B!}V*o5e^4F!S>nO($@%m)R3IHa9j(v7oA;2|`+xL-Kj{+0K$o*vSsR`rX5LQiY z1(=f%fQbMfXfXB#5ES5`i_GlgK;11MBQ`+uQTxvw1>QT_BUy0)Fdae})KAkGKEpa> z(^(Dy3@J^z4o;)*O+-i&Zw8@T2~)6?q(f3Gcx$NAzOZs7&cM#7G!Q^lC>Sc<+UV}+v6#ND^Z{8_4Tz`!;zuGK|7tNO% z`1Dc290-QBv8hFU;Ip$*Rr_xUE*_Qf9O#u~_;EHgwCD~2si_GXM9<_qo*_d`Hmwtg zh^TR=wZR9e=Xl!mmY0MS8TBwk);9qGr^@)d>!a|1@4@Y^y1EdM2qugS78L?whV_wX zJ<(ytb&0_rYq94u&0vEAVC4krZ(i&$0+~9lPh2ZWcOGbfmJDtI6nK(Aq^m$VEDz}> z!07*s{XIV()>AkqGf(2t%n9>eY>$2K1ffAfnPt)=;WB}jDM0-(h#N2f*8rB+d1MOO zqlJKlz>I?c=fBQ*9KouB;ej;(<~Y}ssU)u7W-a%o-Dfr2n$2;&@?Im?8*0qya>gBL z7%-M*&cqjysr|tb+LT?|N95I_L|G(hyVI(x#{K`6qg!+y$(0KPWWqIaw%L37R`|# z{NShR&wtfbmr6=PtTbZ#zrsVM2m+S?ON4Ov-gjtFTng4{&36>8cynfhrUhdchy}U^ zv0kbm?G1&c2H(96Ot_=NWv@xMLU_}LEv@5*WZm)w2tWrbYrus&?)V<5gwQ`lgZq+s zAAnYzFl8BDYYnJ0gaZJnrluOghYj-8ul*AQBA3fcFTD&L5Ud*ddMFyYQGV8}9B9jd z2+($CXQxzGR>AMT5dj}zj^Ek>GymPdH_&V&(ta7-C350t1NRIlUET#|o(R$DKU@v9 zRcEXh5(B*#83aK@%Jy0E(?y<6Df{hh<3-U1HePC3Ebb@~3{n}jNhEXs3(>Br;X%qIvl;^P)WjGYsmzpLp>&Sys zMBJx{G)z15{9rl+(H!}E5a8o7>lrcBJz%}dOw`O~M z*3u5?JrV^{w4^~bz|WW;c+PhquI8~F^atr0&L=+Whfts$bP4;bZD=hM|M;Mws~Zz% zJk}Fdf<9^>4*EjSUy^TK)zl?LE!5l+P&QczObh`M&${Tr{FDI!XC(zl1GM?otpl<& zGZ9BQHUB9f! z4V7I-yCpf=AHf8v(X`1z;LJdPOD@eM)8X^~`twi17qMM#gfAXVydQyISyEDh+;r=Q z<((bx%Cb-jpNM2r!n*Ecxe)O@YpoOTG zOD^6ZtJkcQM;>`nuDkY1Xf)o?;4*QrCfKv*plbGm;G;Q_=9&C*p2)c8W^A z6@iYR488;3#SnpfX3hy&J|m%6R|jnkeCP9KWsGhqbY>v$wCa9`584lcfI9+EAi&7Y zj5zJY6kveHlY{Ai*A=IlKC)J>c}x^~*1)uXN41Znz$yT-hm>HcXm=QO<{3uc&d+pq z1OWX30)=-cPG;*tg%7i#K?)*5p~!2)9@7UJiQ#Rs5U>!K=@0-pj%~z-5qAc=h$J|c za+9rEhE3qwKs-|lMl%E3)zM7c5$bY1^uv1SY~fc}cvNG*(51{%=xgvoV`D4a&FX-Q zW~z*w6`Uip$twJ!pR+#7~!2~~9HTp+j=|(^4xVTs_rEw4>^gz%Xsy^T;Fc+sr zoBrNhvl$zJTi-2&>s%0U6aCt&;LBeOGkRJOPsgikfa};;-{rA*i8(3@!$8Y3LyyQ3Pgoc`H{_->iNpu3lQrJTH zQD{$?(oa1jBN;RTBHDw&X8#O)9ry>Rm0vq71?Ix#@WB54*pZ+eaLPmsgk2EM1j_8$ zc`De5g8M{0EDo2#%)b_jgst!F(5>b!ykNcT2Ryl(0fTg}Si3>$unR#jwEGR>nm#q>Z$^mfyu?8G|2yXXrPv#l*CCLOwnGR&;Xpdv0ickBhH6;Ku@@?}{2d4a zm!FI+F%T1=4HgBo4%lDWD=E=_kgj5%Pmc*YEnePs;+%m1$2nbH7#)`9B%Frf6X=Xf zn15ru4-ESuP#ZPQ2na{%Jxm`5`ykx~q2&jyGZBpv3ApYD(L)6955!F~Ng}{L5G?)( zIy2DUCxHn5QxD{Q^hgB+0kf1bXPbs7@B}=OE88JMzyClntO#andj_Ra>dZ*`Bs}Qn zNFPQL8uYf}rh5q3Ip+Ow^`lAEx^?;ZLORz#4lmL;FO52i*b)zY|TP zHJB5$MWk&Kzdben^-z9<2O^LktYM)5fayNBzl5tmj>Eibpf40+UnffZCJb;$?T=e? zz&7+%aNJdcy^1*uJ?i15>EcB7+xr#*76Q`?0-U#HtwVCfERk3QRO8y=Ik(wkt__Zs z5lkHjtx`nl=h{zZXTkhgiYJ&)P4dBTGXK8)#qcA~0)8N#djIM`3xWN}L&kS9K{V?% ziS@ERuD7(FBSTIGo^fh;kL}RZor#)L-ltYtkHDXNPJeb}MnJu8#Z#;^2=}!=ozHzc3 zB~+HC05?JaVEW5C=mIe(KMSyjKp6$!#X1YibG6puyWlqBz#wi7o-wu&cYn!;H5j*e z<(7F&2F3>7wQ%99(YQO|@TG@IKJc$w5WxJTA=r;T2t9+?YtlM zn+H9?b6SHHHDWg{1Rg}=>L%8SPKP1hR(tmVzK^xARp3pNAI^1e0)SKN0>D;nvJf~9 z2w*Ky4LuolGWhvPfe3nq?aF!vB`Ly3a$)|@1*)L~Ob*6ZMyx*&7tB>*G0=@5fmzV{ z^ExZeS8Cx8#NdC)VEUV&^`}KZJ??R#L0mJ;!I7#5Y&yx|431Z z)I&S4cu}4r{mGbr)|*(MryOABDfd1Hwtbm@w-?i~+tk;c%j96n&1KjIR-&7=in^+r=0IPTzm7 zp$lO49|o%cSYqlrIlkohE4~K_S;lEF=7c5(J~gx%B2};~XvZ4MF*P#mlt8760tr(n z!$t{Kj$xZD1S|xmHv~BEW3U(dp?X9g&vLAaxTd%h^YmkFsH<;NzkXjV1`H58cW$=y zz$AIs?n0QHCjsvaAZAPj&Xd(VI}CpGWQ55qb6qrvIDkUZ+R8@6xQWzt((U(e@_9QN z{0O839O*kE=ms;5EpNHV4S|6tBku>spNn7*n0UHpv3WZfdbob z1PoXsap8md84R(mrB{~B50rU{+~V2?E_ltl1ut;~-1RyC0sF)BRBUM%PDvaSyJiJGNJ@FG0tq^EX zra}O`H(m^X&bJzb(tz-AC$`ZKcm??lgLXk6$reAHca!?iY{UT=5~}_7DC(}po}Y0D zjD6QrW&sdJ7XVC{%Em4!h6@1wA2_jWvJjXI0vwuT@HtfI57kHN5{V`?lqv>r9N}6` zZFnCm4Hp|~{|#xXc}K5V+NsYBdn*7SOl&&S5HRC$qJD5ki$pMZxv|vh!c-Aj-8k&u zyfWR{zKH@blQ<`M=^Uvkp+*GxK!BB%*J!K(YHM_Ef#5Ji5zCuuSaw`O1tbm_IIj|f z1PL(CJN_}sFo_BZ3Fv=FlS2}Gb=U`)ngt1 z3zT3S(*1yIE;Uh+0We2}V3w8$#&dN!HA9^KXqx8TsAoqQ136}#S z0H~})Od9Y9bR$rP)MK&Gydz-aIho|Zpb#mqtbrMRsha99L$rHti^d4++~$va!&5t5 zP;gKpBO(wtXQ{dYaJ#g5^XFpQKJ2aD)}euMckS9E9boQh@}4(4PXqBXDn5hVH8x=T zxPygiIk0Nga&<4*vgIA@NgttG5W-eKx6~!x+q!i-BJzjJn$;_??O~9*7*wMj3I|r9 z{hd4aNnC2W%*~3yG78sK;D&v$s7nWKtgdZ<`~gAc=45H~c#WHY4^q;M-HRY_ZGq+L zT!brNXuviEfu%KTJcPYn;LSt9gfC1UzrK$fW&DVMDTNmlGE`L5N-KgUrosv@3Ez=v z0McDgIJ@iM($D04H)lQPc{2jb9)*<|x0mJk(ea`=$9_!Nu{-wcOhSO)jjU7@TmTlN zhN|@k`*Vsd0H{%b`6?#5FZUNdlMt|N&lm_OA&uTTd$x1vI)j(QDJ7sxCJ!Z;99X<| zl9Olbns*)1z(@v_dYW^4v=ErC5TKh&HGJu+D?p%utLgy4O$334B~^g`CuFdwjc-6i zT@r15(27Jyg-bpda1v1r@TQ#MlwO+H9p>fGRLrN3BGz$duCXxY88isg7^fg$AnT@Z zAw4Zo(ozx-c^TUi6&;oQ*;&X*vq)I(P@PPQ;cQI6Z(N^9{072hBLG}7VKU)IIu$VB zw}K^SIK~ZKqLeV34BW^-jUEFThJ^-czbV|oAQ?-zuOL{7_+DVq7eil+vfNfh8E0dh{h_lXBGk$0@DEkobKU>sZ;~ua$y530W#66 zk@?R#%m8EzHk+N5jP29nWY}nrA^05zK8QyEzeH%7nP`?zJVV+GMI94zkM-WElY&y@ z!1~Dg2a#tyy{6TT|6yOiRNr^sL)i1YLvc-Uaf!^EH%B&HaGN~w*qth1eiYl%9WE@! zt~sGnQc{Yo_cG;Af4X0O_xt~py?ge_+t^0%iwFp~?!2`q^Cb3-Un7+jd*t=k-$eNU z`Q+byT-~7l>1*GYJ3jwm-Rka^n?H>*pHR1ezTO^e`xb?5Z5!nJ>pmsl`u3M(Ct~$H z_2jei^I!bC{P2fAMZBJc*qvvEuBT}!aR>l-KmrCbRVZFjQHSXK$=I(wP5tZ1kViq7 zqHYC%1%j z=DkxZ06+ub!TypE46{fOrJVdWSqNANSO{1MOaTH|FNy3sp`qbIjSvB90nps;Fl1c7 z-HAk052XE$wjO)CLrb3+8K#6$V;f=wxHBKexh~uM@uJbcS3@MH4#bNswp5S7lyzf+lf zs#DB51Lw<;b#CmQQ_}k{R~OdVH-z{y!w@JUS~~>?2A6m*#U`-k40p-AMN6PD&r`wk zuHF05r(k*Dp}S=L#*MneO*-~!-*DkYu)qqHt=rzkzVVTA*;Q8pFZN3m_I_W!dae4? z|KU#$%DN2~$RGZ6C!(hJNzUv!Xat&eSP1yRrQo|i{AbiOeERc$CpUfQCKYIQ z!v&xneJ(j#BVYR3=jFQVuSZn>Ho52iN2Cl|_8V@wS=O#z4l9E+SXH%2NO+_qrXlz( z-naN@1ETB0av~&51@s-g*z%9>5A5z%p)BXB*})&W=ma9!<$02VTR!0vtM zcp}j0{o!FmkcZ|VIXw*)4ee4;T%*#h!rG(smg4A9y{L zx;*o_>vx}<`rSwK+)gyN}Kj=hw5$MDJ(nGG*Q6yxns@H+}J} z!&^CXk4JYM?)wv+Pu7lk=I#AVeWpEgbl>N>fuXl^-t%n3U5|O@F6-`#=X2&`n&`gs zbPPt`+A{t1c68V6?uWVWdC%P*&pn^J+jr+RZF?)@&S##R_jQ*u&v^7~$K)T$e>oCvU_sscZb(uCzUeEV8^}6eDmzgZT=QC5z8(d8LXvZ76P<(<1 zlNB{pO!a7Zf#a=}47BNo8$4uanI?PA_s}xLNswNWF?aH_tOI0&r^eNTa?I;aT9@m- zy4Q`?M>snD(OQwuokpMGzBzY4H|N^dkqf6DT%cN~W|QmqkNQ1X)kq(wTEl1`OaX5l zF|Rt&GjI1zeLNmddFEw(=E(Bil6me~xBI^7m&wC=JnxxncN?Y-_dRdt-txKcnRZPZ z=9&A*dimVjJ=3On#%tHP&NGzd(f!#^xeI{44_eguGvc>m`f86B0u}-e1kAji2p&3* z@Q`!bCJTX?41uYP-lJj z5r%%E{1e?DE$?w+1O&%h&Z8Q8X(4dZA)vTm1R;3HqE2xP0B|d0Sai?M<1{xp=}@p0 zS_n*Y2oQ-dV2jG>3YqaBFDT<76KLm6GMO+ zJjQM?+E0^H=Z~eg3^?r3Lcl`6Lg1W-0Nrl5tB2e244!7^&$%!H&YgFpB)W%tL_-EmUr3Ys7&#sf zr!?M8A$znCI0qp>|KVQDpuc*6+Z?s=)u?eu`hqxGv$fj{ng+~?lv(h9~( zjP`GWyyI?=UYt`92taU_wvKKk;25ZdsSld}a76Cpb~)Y>$Cfj^ zN5&R8tM`r7sg5y^e5i|en4AT}r02fIHdvr2GSS?f>NY2Ld@{It*uS(MMp<_0lyP8$}HxNZ;cO_A}6XQ z3z%nI=-uaL;paV`o9nSgoG6?qG#b>yy)%LF;~CA*Iz}!`JLZ|WcK3nLOn=?a-Th#D z=9+m-n`8ZOf;70xn{(5)yFAa$wRvujGYgEuK5?Gd6#C zkL9=p37+zDwD0cr#+@_MNS~ckr<`erdCfbFE62u>%)H=n1T1>r%t6h@7aYycXvYq` zO`@r%#Jjabwyob}sXrIToV|rwd zXDbBwy>-mu1t|pJ@KAb->zA24BQHNGz8Il!%(&EXig9nQJ;$gSXRO+cf9IZ;`GdOo zjFH}rm5-@+tUP<}EW!Fd&gIBGXB~I9$p@Z&GWU4jB-4($$2y$)oj#d5J?k?0O+EH# zAz&e3Au!V+KpMgZGcwN*e0xrMS36va+&97wbAad-uKfBs)8M^qyJBJ&)z( z<=Fo-Oqmld@Grmeiah-ABa)n)guST)<&8Jqki5KHt*5%WMv)S?12Oe%-n>Qr`qzhL z*|Md`A0U7G+Y7R3)7w&b_^>RPKYuiz$?xsR_p7O?!G52Sn!lr?LmqhWA=$Qdo4y14 z=Pp+X7z70c>)zS!`^R%`klV@nj<%lD4*@edxnC{6z1spH2%Bz`nK9q_CqMnER8~}C z+nFAD>7|#YtgIY+ySC^YDk&+I*w|PJ4i3_KI3792^78V=jXQ7StGc=x?fUE3=ks^p zeNXQG^F6RW@RRiPba~;$7qP!>rao_MY=jV^S3*NWN9#Rspg``r>$kFS;X>RGk!PNL zR<^zKj_lmAQ}eQ{w|0;B9)%x#U$+0&TW=ln-8ioagT4FqN^Nc3B>5fU(p!HF>`(v5 zID1NH6#5|~3JHR{7@qMv^kV#e;R|1sn3!leT2>~nyz;6vH#bXVWtB8F zHA+!Y(Kvij4;-=s<1Hs=YWN}|B0?D%eqWA}M;>`Zl9H0JJyfu~_S);C_=5O}bHj}< z*q7&?drp=vU8XpP{e9tu7lk-0Gc#k{SntCA(VR1E&)fLoJvSjgMoo~-R`h6+)f`f{8NQ;>=6CK;z z+vVw}pV7HbJmbborc4|1yo5f@nKNg?`V7p*!`fb12v`VM2+UvzfH^0BPK#ooi&6gK z)CvF~jix{#Bm_*h^8Y@H1W2HL?sIp@zy14Mwk1`tSO(pRon2}0@x zcl)hTg6TrYwtIeN5A2_-K4>(;H4*|TRWq4?Z$&&zEe z{;>S`CqI$YloTN&kdTldyLa!FAN=tDmtO4KnUFU zU-a&~W7~~w+iGJpww<)GwPV{x8#HK=#X;X&}_z~17jy@lGbr2yIH-&xn*)k|~5#G+a zKC(F!sc!kK3*Ulkcr7DpKDB+YcJ$$)RBE1=;ge)zs=gStYy0!(y=R^L#EfK=2&5q;2nN z&O3t-tss^&6CgaND0+U#ln?qBDe0jnXZU&kwI>w(Ehe&*Pz|kIY+vK_3d}g*Nu|&i7oP$%4QK|CP1~ z*qG;k1NN#C+BYi^(8ZnUIlML#@vAa4tvlCM&44yMy5eNxD)dBeWuNa$MIzZ7zlGZU z2tLy5x&MBw_{I|;T>g32b(y5>zw6G%DX5UGj|N1SW2T!kXnC)p72;9q7)zxJ4`;HSn)*Wko{WlRXWj6^1muV z7YN8A#20j^fRSswQgwhBG*Y`ucY%w7cjglSkb^s<0FhMm>-I^N?`&x+IC8uSvEE)QsY-xj2 zZKA^-o$t(rj)9mr!Ek7@H1J&v)-_L)HYa7Z_%ewh6wGKDhCUbE-_)7^{$-ez-EG04l$8Pk_8ez^g_aMHCu5>n zw&9JVH3-og=g5wO7mzt;fJ<~g#?a-dM#cWWAyTcNiv=yioJU!k%2@8?fYmr1~>JqvJL`;#4 zbW>4MDmvder{Zs*LJYQh-Kq0Q{l#Vuqw^)}>u(_< zBC32Z*0k<}A>0S|Zg0?4uIFm{gC2m4!;I71DD?P*<$P>R4($}=v*v~}Ix?aXmH;(| z8Aj{i%?}9}f(&pZ9$e*NW5ex^0S%*fp%${i4ETV~Q~R{<{uod}DTp(4al%MBNH&kL zW0op(RqOr`zCHfk&Hl?gFL1~@ahd^aFS_cBo9WYUL`X{n$$cwOYe~=9BdJC(7(HB%XD4Xgy+uZLqZF%T007Gib-Tg3~SJnag2yt z2q*EDX?Q{&mAW{)J&#DnSAa~mK!C`ln3r=AhQ-*YWA3TV;*zyYG4 zK;$RCy)X>Gq3gY|D*gfGp`gQ1EznlaCmV5w4xNROHTYo6tUwV}V)`6uCo{fM`=36E z-@TKDt5EpA$p?M{xft(hYtW`o{w~t&&u4AHySsn>L9$bmlWAa2($^bkW|tTC!_OVN zt%NIIu*W>k#cCo*j9lrY7+lpIzmL@fR0ki$bB6ly>S4M0j>X4G5gW%C8Pu(%LnlPo zo`r=sYPg!UZitScnJ53yk-rafo8YcKHvvCAre)m(L{Cp`ai*9JTEB*Rha;hl(ZB=g zu@7H2U9R3SAx+?pl<=Xc6x?(3Cn>icC;khlJjumGvfiMRF#w+NOeH!>Z{a9$G~k{r z`PCdW^ZmZh@<3KR!)BGp412bd31dXh@$u1w2f|4$(=ON;4#gqZn&o8vVaQ~^1Dte5 zaDy(&d_hKO0w_$8drnJ=K9|pTwBgMTAB{eVuNu%{9i-6I1QeLMDb5aCod%hHQ8Oom z;y+Vlsi})c#lAP8OE>| zaAHBLBFzN}8r}SuugQj>|8`ym1_ri_TY@pftUl_v_x1Z)A87y0L0Tj$CC}r-t9*g? z-MUZc7Xtqg80{QA&v9H{QKcFbpC-U0FBP@=fyCMlSQNxy5HkNz%;w3oJ-^|S3{XJn zLgBug4+0)A8fhZo_*+%A=_A=RD&*9d^m!Xd+ih=t!}71H@J&ljj%9a`<_(H*uk+U2~k*b33zCT z6m2!JwS|Shdr5Zu%+{+Wqo%O`Pse=xsMc@@C1JxZ%n*J6ffJ2rv){X&{I;w4Tl>+^tw~?>z7y*Juli5 zq$_Hu7IsPEWnr|Hw{4QEacn6P+LFg^bWfqU^|M*(KHAK;U1A(Vu%TO-v2QPFhNhc!{?|X0a%Jo=SJ`Wh_bZJ-a{a}BePUYL~`&HMq7d0fkPUp_c*@CSxLOqLy#zOhUePI791z7~(N9kSu zr(3D-)1qGLit#jkRu+$#vl9JXZE>{vom?!9;>$_2oQn;I`UqL?pP$sbziGl}e^3bP zlAQ||0gLG z5`)COjmn>vTv$gqF(_`FvKu~E)ipbT+)kTRcIS2N6u8hlN&OV)AD@F8#4kv zSBjsJC%?xVy(ih4@WaWl6_=LMySS5cl@VRld$vH|r9;Bg0NEVq>C51^amy4k2SMF_ zm^tU4Oyg=<=CHp-%gStiBd-l2@sv+fAR^C}YcQr-7u$%2TI=)D@sa%#@YvLEdHNN- zfMfms@?dMReMMSOGUGJOGlREAl_fuS5RNO}>4;O1mRd5068pfg-FA?smooCpF>sv9 z4CTA3++SR71qJsw0_(h|n|EBmym4F;z?dWpB-JD2xzWm9?nDJOaV3V7rv7H&ep0L* zoy}&sH%}cp?j|c+=DSbX6v)0=un4J7nQroTpZ6d`2bmmWh=N(l8eFk-(TfNC^ctBQ zN%Oky>G}veQ-75a`s&M$1X%`%VO<>K2358BqbVK^VdKx=ZaEEE;YdG-efJx{NiP#b zPzc9`0s#`7; z8U2O~W)=JVuVI7k(U(0`eXj!?4!AT+Y?@^!@7+C@)};XYYY`+sD>S$u`zOJ8SIu-Tj@zn9hEY9_XO{JBn;rNW*}LZIy|D2UoqyMbB!(gm5FGYox$A=YekdaWNSTglzpanREsJS+u)a;h zQX_xCw=HRFeXTjBxZZ$AU(x5RPf-tb6t~*#NN(BopMG%{kJ5*{JFx>F#D|Z*&cR&_ zMK;=vP3gne*SnQ{awtaf`wO&syXtX)cmmA*%M{7`roKi4ev1p~IDCi?+OzAUTO)d3 za4-G2K2^Uz^W2KR>M>u$vuy)Ir1Seq-^@mz5&<0qRT74jH)wxPqnIA{H`0X<9Ehc={U3$gzX^9S4V?d{G5fZVtz2+9KATZOOoc z82_mTO##k-`q^%KPb6==b^T%01ss8ZV-QXlh`xLe*T-pi3<=Yr+tYd^z&gN@6JFnQ zV?;mM(IcNT{&m&Qew5HO|A8~p&d-H1k}cDT%gvKRr9`OimY`Y(?{l0pukMITnrBKU ze`Lr-P4tT0%kXR>@pWj_?DqE9e#mbt5BxM0z5$FkCxzp{y2}*J7d=a&e@s&oLTqL^ zAg`(Vp0d%xbC#iYt_7Y*m!RJpDJFp?`|NiS&k8_KdrW4`r!66urb4$u61D1)zFH;0 zoa_>sBkS9kN2sO^kmsb;+a7M{y`!_62BPTUDUk`7^)c+SHaXTwD+&cpFH6T?kT zx7)19r4pq>;&|3;*PyaG==`OR)%j4a9s}N#CCugm{Nah^xQ-R-Q zKK#kasBKEI;V`dFS;)hvj%CVDt?RY(bzKM~q(mKWMc^ZRM{ax=|N7cC^&EC-2WmOu zoU-#U$?liEl?d={v8F-Lo+?8!-JU_Y3nc=vez$lzE?zEitW zjY!)NO}59%sZq1Xk84MjOWQoqXYCjJwN{@+IqD!evC_entQ z&%XcP6Xhh51(fa${2-jegIqsF5ntxcsIgZr3=B0W44rX{t%;><(sGsV_H|RDxisTixE%0Ctw+G=8_gU;xuf# zx>*N{f-Z=V8E|h_Y+;;mgNK1l{H{tpL!Fi2f|vh2x}7Az_Z^32%<~#49uPv*^v3QR zL%xSx*S9*+;&o{0jm+8qyT##gf@i5RI0(vv5}fvT6XwjANgxP5v|hCo z0SR+jKCk=P->!j~eL83mh*Qmr70nqAf*grbmuJLP4>Ff6k`QcHS^NV>c}MO4Qy=_) zuAv1Uf)T)n*Y!f+ZPoXNhKw>=GMcM8tI0A_c;jsH@&y3}-o0K(?&?`aL!+U-zJ7SU z#ia-=G=a0(({`jeO>znfG4qRyat40EUmI{bT&L87Vejc$7IIV$im zY|oNVezW@5Y4==d@{ang{o`w7ogd=Ak%1l_P2b^(aB*qCiIUzHY;62L1|CQ->ql1i z9Y6N|lT82ju)>G*-;xy2@hj->02+UX6<>#iePRqcbdzx`NLLEo}U?@#h*f2M44?fac2cCCkY8aKgujKbUn< z5fT@w9s#{Q4p^D(bqg6w*EPgzb?_1BNBe`;?%^H-}K(w0XPvoCr6FZ{9!3JJGS z3>K9c;ciQdi?VWZw{+zE#A2&+Yt_hwU0swJ$7iGo+XaB3UnT;s(~l-{=xpOs1BZw! zEw-hu3+}RacN41bmJL(}X;gt2sKKf_8q{!TxN>wEX;;1=IA?I!I?7nx$r6r;7W@oK zudnASD=SO%*ji)W*)geg*n;>k^N&2G(1ci!)>!Qz<`gA{W+EdaAJ-LhlZ}jxE!?JQtFkTUC&NQnSi^-M9Ggi~AD5He#6RHW^NY-O z{MBRF{FA^>n)mx}aY@lAIXobaNSHw$mo-J$2P6y5{@3@O7FX2C!@|MMBN_vGtG~ck z_DV=9o3j4Y0DJneAYqMMm(t~>XDBi8eF*T^A#RXlljC-WitTQ=F|+n7w>mpJG0~6V zV<`d!t%V!C#x!+0Y^mQMzizJ9>x2$P! zF2D*8J8U2X8yD5(@$W5Bp`sZ7fcWZrl*d?0M3`h3a3s!vb$>fn-TTY@I}E_Q930i9 zlG_Gna$z+*L3}{WBEsgERaGf9ykSgV(^B=@wQyHx$$`maEmxgz-QQ70-Ox$uo0`Vz zri804mPx@8pArwWb(+w;AeD&t^#y4F6f!iVNTLYG^q!0feGwueqWaH+IB?a|!;%pt z@TpIDGzVGYI}RQx9E4{5cQq0c43=m-=9KbN+Y6dZ67Y1BhVXoLx6{U=h8SkKrVc`0ek7%v<_7YBt*ZtGHHc%W-!i1#CrBak zg#YgzlLNMy;sTELtwf<%6(LdSsVT%+VzL;4_N(L-kjdso4zWzAN@;J)IWtNNeN8|l zE-(S~Mp<4y)i^_1^kJS;?oFjHKPiU_?fpT8`jU>R*|_idb~_kN-sS|O;fr>SF$pvz zv-AG2O2!ARtpWSLnIxq20L`a}&f8NvU0%P6|4I*V(8+>#@V043@My<+veD#*AILf8 z;RCxn$z^r2IjUsiBnKgfyVyXi*q#TyK~c_~TMfCM6`SaFC4^CdY>{=Qu^HR0CAuN8fiNZx#xGEb3hz&?IGDgh zm_*&r-J_`D#|7ORq`TxCJ!dK#omoDb{z?QQkfk(IYk9(nl_@|0R^V)?!y5XZklrkS ziELG{b!QR1@(l9G(L=eb|7$LzJt{ucOMWm+1tC*mm-f}cqV=8D9Po-g}O~>=;CQ%U)L-McU4rGuJ9Asoi z;H@hjHvXX9^!svVo|G76Zb1|5zd^Q1%q7%WBbCHL9?Nls&+f+0BWUQbnoXB?fi;^? zmt8ZZy>xY<$PYKyN4iPmumk#J8~`1D+-LY#!9+H!!)hhdqtkx>2E*`5r&HlEc%e>G zJfRZ93=i06{?6>n*Sw=~yV2_v^Q9NZB+{u?#g1fb{=e~HsCs?S>pYL8ra?W&yeL(t zKbu9#LFd^=*+ut#)q4&m0Nv;~d`NeY+s_ZSmiacY?nC5>PnFe@?jlbe?_jSu&gEgWNV% zs=9c{e~0eaxdLwz?iT;KZd22QbVDXk)K!PjTS$fwA)7Lqq*Yv9szZT=E8{!TA2tN1)DC3i=+IOzp>ob*DMfGtvd)e< z=HaC>O6Fly;Y0F#&`@FBCVsXYTz#PshknEO^g2SnMs{8^&2JT4Cti~e`17nvQ2uj& zouGHyR?7I9V}Js$9m_|A!#0l8m>uqNA>h$RTnwP@E_^wUe9#_Uo+6Uq#Cy0T%EjG9)#?^EFrE;4c6I7Fny{wuP@- zGj}3K8`d1ITf->IgIoItGw@~4!W$s3zk6tInYX_m+LXpQC(c?$Q^98P41k=ZB-Jhv zP4W==6W9V>FWYnJ&0q6d1+l47_CQ{EHeQDixova0r4tkTj1gnSA2T(axl87FZx1%? zWi(Z}`-%;Hc$`)Y7tTV~@O%3`#V>Z}fTBKA6w!h(e|RkK?4pW?fO;*Ee1=27IEq|K zD27fgepbQrzm_CyT(qrD3`L4jr*`(N4+RCH`g75o?@A*Sf>5A#tY9zYjN^xp~(DDc4ED6DI$6vQu4K*qQ9G{|6 z_jqJiY%|&j7N%A6T?{bb4;t8Ge4W1MFIp23AM(u)7vu61E(B|rECAv*zFqZAf-^Dz zyBV8>tnTBX30K}|&)$YLq`!NJ^ckIv)ju($WS5niR3Z>r8#jg>0vmQ*y#ipi&@IcQ zwq;T>i5hoNhM8_27f;*8n^DuAsl1t|9PTsM0-PiEpX&e;8I|6?GW-nY>4o}j?zXE% zO~WS}ey@I%ak6!@zXYqaH>L12NQ*_(KbE&8c@;a|=)1VQOy%=$g0qR#YTJrN&GHxJ z9X>Bl@BIFrAB{`A-WG|lE=`5zUp|(?XdD2aBM~@gQT{3VnQ>YnXbyU`UHOpvd)`v2 zD4+{VCA6U2+jCrMh$?})A`_n|V%E)ism=xM0q`YAvPFkRmgimZ)!!@OLIuf_ay;xt zlu{P`k|Bd{HvVB19(#6AD$k4NI;@5wcyQU;L@i9F%JX$HwE+Rif+Pe2q43`-4}(et zfD(WE!BrU=2Ci1meP^BUtObgdHow>De5RR`6GAH9bCi|WJ2py~cA^>ae1JYMfbio- z_wy#p;L`hzbe_){{Mk%oQ7Yeq=NPZS6#-u}-0QKhR;h4eXeV!8_P;Z)3kF-|DKcne zwV$18K&xoil&kc|*}t=D9WZNRi*eTHzXy2vP_~jG^?iS`?P<3-of5(M=w6SLBKz#a zSATvk`=E8pRG%8YS+^DuJk;viXsx|gHC=iCG+Sq%Fjhc9U`+_w7Y`7VkT5j71r~`( zV2&b@vm!vlLucDVF2jQC9sVt?`7GFaG@M#^KY#jzvIVmi%6%zqr1FcdF5^1g$6AgS z)h_v^x|FFUqWA%#Ns_h*?hqN!-|X2iy9K^ipis#bE*?>NK3YY!Y?p1)6(d!p*TN7E zXlz})8JdasIRD4KzC5cj8dtg%>psE#VeNIZW?d7T+Bm(%UHM|$ z=qrpmK1fQxX@0<|`oa0)x5!~P;Jy0Ou3io^L=t!&Ma9>qC)IsSTR%v)`ce@mBH`ZyftcI@){ z#$vN#nmUhFJ*20Qu>c#S%xkWQDB0h1NmYZBRGjF-*(eY1mpNj+9qQ-+(o11l2|40= zhLm1b%u@taBb1m`;9VF57s*<9;415vtCuVZ!hr&kFM+(_o)j$qzH4u2v5I}BVj{RB zN3`|-ot^Q^Tf4$d$IIe6$8S}c>%JrEV6e(?IH5~xKK@vBx%s8f=PI*qSk2|I4*$2H zg4S6h-IZF$C|5~K!X@BY=sr8n%m^tOVgZ#-6|1DDk#pAP4dz7jfsX2ZNIXYtr`;cC z{@$rE`DX4Htwo)7po(Nh5lwHu68oxqLq0LhzED_5*`5c7p99`Y8Ud3opnAp)I zUh&yNKnho<;i%R+!-rP|XV^X0okVHlZNuIz`N>ra*~cwxS(Q;Tgxj&_Fp22fV7EtK zEcv@|vd#;QAX?|FO@r>W;|)Q$Xa_0^Uih=FFgmTia#<^3tW>H1(7~blw&c4^>P6z} z;OSExv~Mt05Op^JV#r404>Ge{H1T08w%~;r5!VV%Y`09ST}Od&T7m$p^Vk_wC$_E6 zpIg!v9-!b^**p>5+soolNd&9hZ%X`br`YiCZeZt}#KZ6C)gvQMmBaa^vAHRsXpw}Z zpL$KhdBW9lZ1^Fx=^XqhyoccBO?`7zN>@u8v-nfKP@~3a57ukjM|7WY&d+R-6Hu?h zBKIcyM7rvuL-KMd>-C6~t9s6oR8F|QUD;i1f?aj^OPk1PB1EYA$Q-eMfkx_quFU1x zBCbNgbXmb4PZwg#-bZOu-z&Gh&?&sK!k{VwDBPm!K79CWrFm5(SZ|JV<3VrzfDaL};jJa7c^06&EIy>3$kwieLBsCu)k+?YO!qnm8aOCx<%O;3l5>aFDJO+c0m)s) zyOEotyp%NI>S3`luQy#P-=~6pG}2`CGD!irBY=z#@u1OTXl z9_9hX0oC;gqo4nv4`HaL@zIT7^aqO@T(l81L|!!(+eXUP`<-Xrn;)jdpPx^;`4~c; zp}Gdq-b&g}#*A={3dRG7uOgcEhLjob(y2H|eBKZijJ7@+n|9w3`2BZ_oIjiVUK{P2 zyRm|2m2x>@*&=W9Y2M%pcDEWnF$nnHUFvBkW4#H*?yI{yR1u*3@;Z!>wY~_lW{l3* zdq%-Wu3@pIK!!yN915b!lp7QNFt>$oUYDPDsX4GA;JZ`1S+q}&T5uR(Z3m zcA=(p8ugpWAb?_{V`Ej%Rfa{M;Flnk2mJU}7V!1ZJErB-wh!l`(+|!Ztn~GjYbQNz zb$u56SavjU*Ua?Eixu^}PFO9n0hh!vJNF5I4P=tF?iacTK`B+(T9w-5;Ji_gy1M#s z9I+sW%bPWs)t+CyC#9d+OXMND>Souqz$2%uXO_TGEWSkKQ_ zy8|st>K-3s#ra2rH6+gt1)3aG+)w#>#j23Wij-Exv6@37es6_Fhqdye*CL0*DLd7( z9-tq{$5BPEN@zH2|FnG-CpX6gx&QUR6IP;s{U}|1KQDgt2qe(;i#l4Q>1U*uLnEfz(@#e6-<03 z5z&{Mse=+ihXh8gDmv5A^MLQeb)PX&5W7isnvF%GJm|?)$p*7t&1&9p_cBZGxz6vD zyu$;1)gu+aw;|PkrkPoE#K!y04$UNA{l(tm-{f*K&ZEel@5e*kT<#;y@i7(e1Fth{ zpwVEd7ora^_Ns@$u4SQJqboQFHFAxyiXu~!(B>%i(BdVGJeX?=i>ga$jS zZ>CX`{a+%$jUz@Dw0!qTL*Kly7}lu%e4hbc@m^}a+-D?dKr2(2w0jC4suQ-!wo*9zCpo^c{nsSQQqk7Xqs8Tc<$eLtf&T@;iM7Zg#Qlds{dB za+DMDXqH)4;NB3V_|#I$OTO@%Aw5e6VF3Z|`xJ>+KG%4cI3!!Zup=V$Yq5O#L0(g* zPHTlXkP1t(`5~WFC}Sfxd*c z78qO&|3-T-Na$f~@650;$}z6-&r{*cA=mJ~y`h8dKuJ|q{YrIakBiOUlZN&|_X8+y z6X}Ml^t4KO>Zch(@y|?yY?nr~+3p+vLD+^QUqhXqyo%F1TMG&{h< zae{FbKULU~6njF$WCYs+e82Gbe48?HHVi2L)wlqho39z#(u)S4m9VAu!81i+Y6x|g zya>|0wJ{{IeUbNjiQq0AkOs_=W`7G{0o)Weal(Nv{X~+MK_q6Dd)Xr{9DC>@yKJOS z*-U(qZIQe2J`j&bnAR3R$LHkR*xyaVCAUqZ2GN_<-R2)}N)K;pw8~@eAfS;<4Oo@` zd%J$eI?UVkK-_W{w^rkCkVN`%Olyodo_vc4?`5U}4<)3kp#dY+jqu<%nZwV(ic;4( zo7cTVDSZ$K*U8Ge<*TN2oSBLY_z+!lguzFDq#6DI-BCw{EY2W|NE%s!=wxmn}OTf?ajX71FNFvu2JI>;N6p)fjX z7MTD_KB=AHG#Dak84p&AqWa2c(6VRE+|trg;IL>VkJWwvd$X`TT?}C%u`L()FZ+&$ zgvXM=cyVFdOK!IPoAjC3jl`0fiU*k}#Jl?s-eZ0ayBLvkb!pKBJ|RML^SRIr{m-_w zqW2MZgv(!nob@x1P5tqvPG=D^b0y5q=+s_^6Y0R@}WK>j5l8nwH5Dupz`AoX) z@U~{981yhfP*$U_uQ=?#=T?>=P02R$sKoXPMNXDK|Jec`j8NQiD(Qq|XPxohdV--=W0+XmvslR_jUZ z)Py*#|EaH6&u!3eac&WMTu$D7@IJWS`8}(Vt8d*xCcjvfn0Ci3VKafHEL6Oh zzwo_hy~QrReQ(oee<0mZ(<^bgRJ_#a{nY8lG{b(!l~?-gwoS`)`DQYPco;FkazjId zoM2&NqtviWjraBIdsF}#^qVb|k&X_+L};*W9t-STu=tctJFOX&pmlHLU2E1_ooH6G z)#eIvz|FqNuM8(?a$oafbe2s$43Q1k6;C3M(7TlHST$aw{t_#vJeD*+wtVZI5RZao zpTbQYVWQbn90Q%gxItS5hkeKnsg?F=A!3^BF)%2TM0_ zXNwD5Lw}n(4QF`teef^a_uSE6!gym^TnOg{QYPy6*2f&DgdH?pD6ZUe+NV%G*8MB8 z(*FpH`Nm_j3Zh(D;XnltBFG`oKU{_Pb0j(sM+RTq#sj@IH}BnL0IkWvvmgJ4cE0N? zjc_(V?iOT~7hdWx7T>-%;vLXxxsMLvwQFqFY|}WI&e@`@0bnJ(4uSR!^17>Ls%nQR zo5rfX*9p_>e@47j%9C(#4r+g#s5Zz}?23uqf*F@|^b-~`KAL}Z3%MZkJa6gCg31rU z=Th1$FOc8?`lPOl8K{J}Q(WXuD?k0p|HyrT#S*SRh3nSjgg$*fvsZpo@6JSR5UXer&P$kOo98 zG4looV&K%s6xrP2YW$`6L#;OPh&<`764inVJr^wlm<`)nWZ~Iz^z6SoJH9<2A}$C|2IG)7e7={ zDmZ~6c-ZuFN=wELX8JW?tV{LR#cT0_)s)QhDVog1p-+KIa@uw6+x;MoQ9(=^D>WlB zM9wqF(;>~;Q#6B;(O7z)txB+{(mC)&sRTKG$}vv&pD+LXf>Bst@!ElhKgjI1`t$ai z%-`44kdK3O55!14j#w|~fbz6xJXUo=j;=2C*ak#v2z{G23UVU)g0K}7V;aX`DcFFi zBPdC<5Yi77M5QnyUcGrKJBT}DGQNV<*z7hWW9Wp)zx4~Su{8p5n8I zAFP`?t>g4r5<*>tKN5HDy%eN@?mdJ{ITU$rrmSFdryRFp@PmPocErHzi(`+)oF1ug zFMT6!QA>T&St_C#P_AOgQ1xu|{2Ej!sif)|w9C=O8=4vfks$uGYWLyJhcjZ5|d(z_vfv?8fb0 zA8fJ3x;3f zSwTF~h&&wls!BwA)&Qt&nI^8y_U~`J257&^NTIO?@o+<(;L;?~2nX3|tquDg4sC-^ z*lK`cs2}$QIh`lsBC3lbju>p zlDw7N%~$;#WA)d1iStFm{QNd;sEd4vseU%6tDUT7gg=P<7&*o}44<3hD?R*;9kRd; zu<(tx9@QJwUmkW+nDK$vPaX1Zsr;*2IZ6Ob@LlJS7K>f=Cm#Rps1-G)09ofObFJy# zCua2&Ta^rK_uI4L?d@3GeAwNDgFj^q9m?=Tb(x;t7Cn!_$#K3Ir~zdM#g`$z=Nl-s^_$eBS)drMjh#eKPt|D?b#xuC zH`J9+nJ(WG{vR(|?!$WSemeHdKU3J|{b1X=_xJkX`c%_*w^>Ys?}y|!!N_p})uFOQ zSYrpXt$4|e>_@<;@x=y`Y?lAjs{QR#Eb(q2kW7G2FJ3UY2Gu7&k;kXfx)PRkP^u1SqZiOZTP{vZu{ zyN~7QbyEC0b@qD3J2PKdBpnWF;T=99?S3N8KwWBuAfj)&>7Yd(;UiiMo02^UiNVeo7b=G>dBoP3cJ?o}MdD zQr*#L#D01!Jav4EX55w9t*aaJ5QNEl*)=*QN8@_#AoQ@v_lp>Ys*-<7pZ0t{B1?J#tzi&V2;W(17{V{)H^ZlEBx6fc1@M+rll$8NXONMg=sS*ZHNA` zvthzoazTkSXs@q#T%`G3Pv^|HTHI1HK8Zr@XVkLCSJ03vy zx$dE?bMkfTJN6Fbw&9D)$eB=n$ri}7WlB1wX!3M?9D>?PU_sw|N=o-5u@jRF%u%gk zwNI&T1T)Wl4$fu?FSITpOVbdHx6`qhcIF6~V_iZk?hoa+)V_3+=EGgZ*1rhPojtW5 z`3PnV1=yn1BP<*Q{}f+&STU%*;(e5Dr)AkhA$yzo5p~U5r&O4mB%RFR$WO%`o&KdA zvQfGdk0s_zefUqXM}<~UcyR5}h0lINbtlb?2s*zxW+H-d3F@H=uc^YLbQrSzbB=#0 z*2%~C(fNn)dYzJ)5iKc{?tyS9%F2LM7xe|}Te0(r)_w>NYRr8Z1l#jKxo>n11QGYK zrh@YH&N1BJy2d`VB!JZ#8jbhqremg*h8UX!2|(G6qs_7-&pNUKCmQOtjT}WqxkzSB z+o6C(@THk8!V6VjxTH4ul)c|!#Y{1t*02ufJu&RhdvAC&1wwxDc@*BVI2x#Z5F8u} zlRxSMX(EPX77|Oj=6miU;B%aRU;L#1_Hm+2s{X+5egCJ{4tz(JyD^%;l6-5D-v^>| zT{{2mKNU?*o!j!tw1YySlkhWXGt>`oSj6gk(_iQ5BTe0&N}%a+nYe%yE%a5DG#|=& zXJ8=q6t3fns;bsy61;ly!y|p1la|_HQn=w|>KU)*X!wU|?Av8Ip2YxRPR;iz7~r{_ zqo`CE1jted^Gh%`hcCeqzo1h`N(cmHxDW;Ta|NBguNXrYtFu!12AP86Wht_4I<+zU zQ%#EtB~&dW9|2Vj86nv4eh`ln{2cOqkwH0EXv0N&^6I1ZZD4gPsid2z7(pyHpbV+< zA8}@8flQyZ+oiEV1as&#%tezAvAyJ3lZ)K9}?BQ*Wa z6*2HaFO}xG)z`cUZY4os?K0y@3cRK-yA60-(e|WC{3oRdN2?D@V^a9?1_Y`fZr<=> zS{s(~RH`k-%VML(&lEb8qDm<_&;$}8-eZekSx$y>0h)=zu-n?&QhWMgkZ^~C(M0GR zJo`3ApI8QS6)};%w7#oIfV+Pb zzVrKJF|DyQs$0Ir7KD1-$0Eax#15h)f9=1XH`@fG&|LDy3$R&s)m zEe$(OGoy_6yuHQofSMl_u^6%OzQi}v&&uIvG3Eg4-OuYt!{=}ZqXgAIFl|n#e2CmT z=LeY}_V(YJ-An$<4EgWD)VDp=JY(;qBD8l`_g_dLYO#v+)G^)@u7BstH`CG+EBE!X zO4Xp#*WMons4w&cZ0P5w^qs!91v}a3e`ir~Q0@G8+(flap9l}@W7kaFg=*8I zQ=m4Zgb*D39YJH7!HPWtGK?_NQ#VR9ak8HwWE;(!1sU2f?r}KW==qng*SoZZiPu~T z8w4M@V-nd1er=@kL(EmMQ_KXy7N_E)d9M{Q@R(Pr)|+F&>qJPM;#CdPkrTUng{ z=bxPSaUG{>7&TiGeTUE*4vdMD#!;#-XRsssE+~=#clJh1A9_Z#|KjYIQ3Ghib%ot4 znP}dK*%+6C*uEU=941;zE4X+0G%>x1Mw_p6jKzF>m4aCaIA^nCFNplKCOzB@|I{_z z7$SQ%vi?YpiP(-ij{Ab(W0Ce@uizd&AnR!hSS0=NA&BR=nLlVg%kbG(&kmBShnrp{NDj}pNp5;uMfBRuPNzZy zxejLDx>EGJh|Quw#D0BAntgOt_jI-z5vH!)BRw@gS(VFds?ldCj~*ZmAeCu;Z0317 z;MJOHJ9UHZEP`` z1MAC>2?xk{Jo1-cah@?V07#>RNTbl(=G_QEY|S z>3jW+?-=xRb~@t=>D57^PN&aKqvOr?t0w;G+HddQ?Uk+{cL`PJsp_w+`VXQpCsZ+C zN4Zl54!})d3QR3n(!TJw|0Ld%j4wM)fUvrxR14RF2ZhoMRm@Wz_4blv+h#m&8O z@SZP|aTtAz1OaEKgsz;CP}?zyTsbW9-eZbrcX;c;Fn}>ltQTZ3j6ZPDAU$Am6wjAS zk9`7JeF01WTEvH8z%;Dm&)-gIMGS1+x>XUj+u^B%Qrcp8Lzp*jp1KZ&mvi?}BVSBI z$-SP}ho&*}tPKE?0JCDynh92gkGSXF$g1$MO{t|oJX$pnHvT5kk4LH-82}8aB4`D3 znk_Qi8maP3t~nYutF|#cWG0gaLvSQK*zczv12c*Npo#w@C;Q~{ko?onJjU0U0!Lb; zZ>)05{f~CYmbDe~kuR;5PwdzuYwm`mz84b}r2QoP`CelRYJ?kJY`{ClIU-C8g6 z7gb29e|T%FoP^0>U{DhYIEj3x$y2`bB4hrl;O=O7)k3)&Uwb3{a=iPD?7VVNp6NOu z2O@3K>?#BC?o;Rbd9t7N$~7=e6q~wYXcvUQ1o$MF0AJkjQE4ulTM#CICfM6r`{ld; zd_c||=$D!%pZwa#SIMGfRccY-gx22PA-i_(F*YLGwn}erFI+nrzL`&-#s(b|GqFgQ zfWaXAFkfhqWlNXJWmsB|!B;cW)0ok!)hng0wpN~h{v{ZXawf_Gd8my%Ib!J*1J4dvz~|3hS}7%S7URopl86Q+ z(sfDt&b%u9r=Nxf!)q8fm8x8HY=e+jxs2lv(}UP|mM)h|kAE6ve?iI?ZonLBGXchd zP0J_Y`pfl^>aqNhP|J1=Xoet~==#d^{MliA7_d72tPWoW>+FK#*=T1n7~zI}8*_Oq ziL+h^F$e(}h!->CE7!Ox^8){wHf>yByjZQc8N&e3#Q(Y0pnL(6|7x85<=CYl(M(7n zVm)jGeB&n<sNbdcM3-a7o+oj=puXLS`O8bGhZ2P@R`Mv);Usi9NBV`p(Wljg9 zvl|Z>*O@`g!OZ8uU~K9JpGn&o02=EZh#zdW%DjHrRKG_3-V?rC_FO(7|K0k$JTq`g z7Jv~@4k><=XGgO$GI>vMXdIACfFKN8kqPk6n?5OXN^A1U1Tf}2OnUIf@D&i7uY99N znqKdf{r7jvXW_&7A0NFL$0cyK6``f2Md9%EH{YaO+5F-c4@-AXFU}_}lT)WpgE3&V zEg1lGJ9OZ{LB#;Lbm_8mc6KRd!JT*BE)PHQD}1S2i??TS{fwe=G-a;e_S!sDv(rBys`nM9)Vhehz0DOTmDv2S*+n1>_tsZ>1?P z&bDD4JuAG@3)>$ree5OK{Q1q|Z}8hpfN|n;IwmtVTMk7$w>O7NP@7Vx_*0SM85Ft^Ws6RoFEiv>ECQ1qo5R0#{*{~ z^1`c~^1hF(kthE0Njdqmpltq7g?#+q7R$QLP}fYW_G_YFFO1_Ik7@%5AdU3K6rl3P zE|1?TePwcc^A5SOX|uf6c38f5?lF11?}V)MR4c=Ql<4O)aj-1>$OI^by@AenP(HW+ zoASBMzb_>`YYJTEWr8+10Md4;PmcU&zbtxVu{ugI=LWBw`FU7Q9qEt_*Eg!>qT1of zlc%J%rdq0NYLuE`Sy=$YeWz4ZR7f}+5f>X6fv^Vr#@R%s^Lm5ubvYo9Kk<}e9?S=m z;JN3Xhp+KsS-oa8jvVB%jtU~{|H&r)cm3uraa2RXR{^bxTn+tYRaHsqIp(?&5Be%m8WykQtC`zyL_Wwt;)DTcT}I+4TpzWb6NhbhaL<)0hZsn*g~Y zbehH2a~ufR*2n)v!fiXnRoXlO$v^raj%krA74JVT?(&r|eEBz!ly4N5&!0h#BA7Y* zV$Qmju+KyrBjK*T-ZcntBm$>mq5)ML}L`?m6i=2 zqX;g?LFTsdp?e17Bx_}ho_2ho%hGs zQ|I>4hOrAVN%f?p?2a<2`$(PCZK#t#0}PbGzJm_M<%ZTwW&@C3#Msx=yL42hahJjf zA%20m0hzlMM^rGrds}*??UgpU{A8Q-KMvpQ4REDdk10$u0tSoHMUH$$TrxadRW5k! zfN{W2@0P89zg3EBiftyq$XJ_EUoO4)eHl3OQ@Fib0pdS|y5-V=22nw){E6@tHFs8R z{)AMmy*)$t8-}x+c>bLfjSqxYme}r!~2VHv}edP8ip)|8{ zTYY9b4rg=!nasLRdj^0;#*cq>Q4Zi7aYLm`q9Ek;Ak*K+x{~|m!v2g$0oq{XZ{Oh_ zx%;k#nPlpS0VXbL8Wb|9tsTnMi~!mTxU=~N*;Kb$zH|KN@*i!_%W6*zCK50~sFIlj zaLhZ5P2ECwm3;fki!%Rsz1+9-t{hpB<_hG5#eHIJy2 z*Cb0<)}%MCMN(5;E#>89D&qho|F_+Ci`qcH^2)1lPgDvk#r1ON;30YR(Z^)Vmd$d@ zEjP>efAAyW`Tq6m*U90-M`Yc)wO}ql#TSeMCyop}{q(c4e8qBUoC^bAYJ;2$rp(pR z>ajHOKX7?K_WaQv)u)_3NdBYTz~=xx2Me_EN&G9qzaMA(-(4&7-!xyUmsLa3I7sLy z!XD9$_8(-PsnXCVbhu_gLmBMz{7=}JXT`z_^;`Vr#d77~6*>FgXO+=HN4-N_b+8`* z!-Xoo&UCCR@?{z_0V3xjvg=QG$+mykCSEWqG_JaMir2d8vLMlF2Aw-pf{+&0Xe?+viOk-SW6@8xB_cyJS_I6Rt|6M;5f_8dTHWI~HkvX`+4IqRV(RdW) z4ep&r%0rJ4UTLSpYJD(!jIa(?gHPj?22AtOzB>Qua4kaPOv((a7lmL5XLsT6yR;Zm z5fER&P*f@_N^_zw%py*o```Imr~Kpn7iE5p8`9$3tHTr?NcejP65@rszz^O7LUL7w z(Q#G9xT!J=Res}XMgVOEFg(+;TmJsU50p_g+6IWE%=r=>3Z)l*rFTaz$#>WNfm~O& zBCqxUSoXf%7vS%@06AdDfao9EW0L{MVx3NO5@yE)qP~W?IgJ4)V zumOV`NYuYS7?$!tv3fTV7&Ja&!I-@Chc8L!ct~8eX`(rozK!uf<9x~fq{I%!r1nF# zviKc~rE*DS20Rka9PqmBG9M;*qw+-_85MmLbLH?AIr-g_()ryk@mvRw5xmXyo+uhj2Ux?&dJTa=i$JV^UdOk{48H zf;il9LC!t+5g5v=Ksjt={&ES3PwV~(5I=C~SGDD%QnUUp)B(&i#e`LzKbH*i8dozt zSja%@F}d{A7jabKEY9>pg%4M)H7tG68YvR58r1r+YlInGL81*)>d1Y!lOdJDT zE4e2bzOO`CTYE5ST zTvxIKZSs(Lplt_ae=~E>d0@IQ07yU#t-qN%<}(iQ$Mz!wz~eFY5cw=`ym?2XQ3c<4 z)8{iCaY*<`T&umt)m?nTMRSdy9jk+vcgn9Wd_Zof|GaE%e3NO0gB~NiTA2YrMu*33 z-9AYC&6dC}%-Z%3gw<}x=QT90r>zD6Cth{#zbhi&{8^jKt#Apg`Hv@%_`lp8msRt9 z^4srhl$uIIRatcqi}ew(BGhJC6LhbGZGgoU^W<;$e@hOATGf#NO7(LEn>GPfLNfH_ z<3EruSA0?e9=ehmB*4dm*J0D7dm`;A@TbFIS!s1}d?5bydws9t>uWCWReS1$v+Szt ze&A~dWMKDzc$ax4iQ_Ukbrf`}A}cGgzEnr@TM-Qiem9)S7B`IlG zCdIYQz^QE%FgH9}Gd79$_3PJXfP4MxU!S?x>xh0a+_QeCuR5;TE7R$;`f4_9A>w7j zlzm@_vdxr1m^57aY9?JF<7C5F$a2k=rQuWSf3BP9F$*y=j3x&l*a0IoWq1S7WsaE~ z5whd*-fBU?hc%YLitt$tUsDCo*!m_@1=$$o>Q42OUtN}PECttaBnrkzG|Xo=i2v5k zxZJieAfNoe0!92&v%u;>*PmRrMt{A0Zqx6}?Gdz>BCL3<10Hd#J|p85$O5oGea8beaD!G4}z7$C!lp?&Wo62AB(EdJLhb@tq9 zktY7bm&9GRQ0CwB_llsVgqv z`zyJXNPPGdLnWC}Uo|`6ax2M>T{sNrvBDB5O=ie`r(TTmCzrUxWyACn&11NHXUjXQ zfK05Spma0T@z8$KxSt=l1oqF2BK zfO=Y1JTtcuXbvofcY&{5d`$Mj;{dsz%sU@}IMzQ4GBEQ|D^b#x+1{S*BONy0Y9y6>!$H6L7~4D@N@SQFz@Q9)HUU?eO)xRKoW$&Iq= zUsp-&9E=izF<9h5Ma>QbM#b>~?-s8d{Q2!lcFCPEj)*KmV0zx6L+E22&j)Jno`dO%IQJ`>4-uo52(4L7_`s<(X_ zWBVBT`8b#WST7vjDv4ZrS~?FruJW`urV0(y`VX1tJdP6%hm|Tn)uA=BeOgz{2HqMN zFuNXG1KLT4La#a`{9Q#}FaSojhrm5J|JlLDKt3=q?HB+Qk zN7aAMKP3JyfcSs!ZI$wlH>3?WA@k`({Ob;(nE*~O13tX=J@WqA8{`O>06wJ&V1Bmc zG{d6+3tVOL%~QXSXaYt`s5Wbwg3=J#S4&_3O-}+j5lP75ufWeatme}Ixaq+3IPV|7 z6c;z_Yi#@4Hfg+`uD{SD@S94)|EfBm;}RB4s4uvEfo%GZP3X+9tw zQgZm~hZXa{GWEQw()NQ{3~0%G+s+5jo}A@!-B7WwL+u|&ti1KxVfgM7uzpV?dQf@i zF@k9p6h63+BGhhri&Ss_Gz=Mn;fp%v7I+jO0*1;`FjoFUB0X(N3&Lgs)VLADm3=|b&@84Oq*e-rH=nTk%=o3z9$4trfr zXi#Y{0NKlu-g6(k@|^tg9oLMuFLE-wX|R48w1nM27n?wFo2%h-Jw+X=fdhg zUH+L3jL9?qRQtc@hH`o9?Z!EDov+z^tQOB;0)T-5+>i+n+n11^bnJ$O|4L=)-|SdS zfY_%o!KeFA%JUcY$Sw1?8^m6E(z05;ZFok;fbP?$9y%p`kM@ag6QuuU&;64S2Js(j ziHUy$3^o46Mk%g_i#&|AY}bAxmtOcUnouVrpaxzgw*A{SdF9Vuk;nyb+G}tu#-wpT zdPQ(Ix~2V_?Q-UZGqT{e1&X<#^DlhO>=MU|0WJOSJ^hLV&pe1T?{N92R4&cVh!_Yk z_?L)uh^OW{nfHc2!lQ5668{-Iay};$0N2_LZ-jCG5Ih9HD}urg&!n2g4`RZgRWi~q z?Yn<0jkoV9H1xCoDK*Da^hh2zaZ=?Y&^-xC~HxYO|QI$mR&D#JYe(eSB0=rqPj zo{E}KwuFh;Ubn7P-u0$Nm6G|+ zgpNSsKS>->6JX7|<>HbEc#~h zu;WZU2Dtc>VC^~EBd5P`8W!?l^v|s7Kj{Lf{ge0)YzxSi|8I-9{Wwy>Jn6XB;(_%h ztbsnXmZ}2#;>m%oWrY*Vo!FmBCN&VJ$NFv-P zy@$Rdu2M3*Xc*AkSWnS4AUq269e+RuR^9@;2+NVJZ4mGpd|Uj5-UkJPK}A?JG&IP; zg9qi}#f!psv?|XqxK~Oki~Twszj4z~2Et$*zRfK#J@e$xYJv6A@L7@gBEEDR#2uXL ztQXj>#36rH4TOztJ&}GqQr$Q=I$*Sngug>PxJD&`GtATk(CYp?dh2w!#3eqNQ@jH6 zw7|22p^>Zmpn?x6tjOdc{&YXI;y7m8(1XHk57QC@PrckBy)f8SpQGh}?%9GMf|?)= z{Ed5>Ft{;UVlpD(JX3Zl< zlD99pT}?82ax#;L9cOAWprzHvzHCZO}68|8q zr%TXGfRefrg9-4lof3zePbb{{QHx>Bkj4WU2Pc1eQr3NF-Iz)22-d;?Hy+$1^_<)- zk+$c>6@X`loZa4GgB9zNhP(d?ENgh%E#BXgoFC@aq!oJSCBKxPbFiVZz9P zfZ*oURW2QS{~HW|PXX`K?`Xt`IGQCNG_g}&UM@?QE|r0S0lDwK`xFyk(V|7-^?EaX zg(zWsy8O!y>`N2%ug!c(T=QqeK=@css}c}|jcx$h4pt4sp_Sny-jo|az?rX*D#E@T z+P29e9HVkMh5vNWM16M*M$Qu<#fv2aE_)Ad<_tSbt6)x3 z3r=TuRG!?^Cp7_b&`fOPv-3jq7$k!qy01}6irGPD7V)pEY8(ehN^MD%{MpL)%lUXO zjE&^h)KP5y7P%|r`xl>vO; z#{^tpu5J3vCh?YG(}(;tL%~!Y7Kx;p0F>Tu_`3~of{GqY+?ZU`i8Ieqk6irbMWsoh zHhyW`TBM3L7$agpOaCL%wf`sL@HJu6PGd_Z8=o=31WgQ_l-isAmz2(d;lPA!GPo}8#iv0k`gdb zw``H7rY2Pp_LZ>$3DAiIrk`jY6DfbXr?oo%G<;UyPv)x+>UzhLeZ~=hR1p3B>bX*v z-5a?iFvqF7q<+T-jYF&U)v16_<8>g~Bi}pn7t+>$_8Pod6<<>YS8i0{R6&Vyb>r^d z-z{B~T|0kx(^nuX%sMrz_D=Zr>9g3GaKL>vbLk<2?Khr>N~SfqE}wT zx%~hZ5%VgiMLhQpqksM-@06;QuQS@-q7uo;Kp`deWN^^4LEY>A2z5UP21t$)L=bL8 z&Qj?<^r(R^6U5?Vz;5SJ7!2q!Rglu`zEco1Pembm4b7HjPX!!fm8szzD_*YOb-iP$ z5Cm&jXOdB9=U&YK&>B?z@k{su4FCk4&Unae52Mn|l0Po2TOA>~aURsDm?c%uxti00 z0YHW_Roe%Gad~ogk5u^`7&P3Ln+s0VvL~33?JG*;#?A2mjF7LvZ4RQs#L^SS+ZNv@ zuL~@eZm1HuaO%ixphtlDu7Lc!^#zIGoD!J|nh|3*4?A9AF`%XYm-k(k&L4D&s~*Ph z;wHulqVU{*WM4#a4?cm`^)2iuP;@O4`hx-NEk<}je8|7ZXEtT^X@18P#}NvU}3Voa*vT`h~> zxL6f76PaYo?p-E<*99ce#WTz1#{!S%wLIBkG(rx^%(a>wYcesQ)hUB*XC&PEl=4-d zv-CfBPHMJ)SUdqT!mt6$Vcwj~x=dAGbzAOJ43J!p0w_&__yFuKyqpF-$Ax;TDr}dV z!2s8Ip3kNMz?WZsSz23LW$)g->RkEQYXY|66C5i{KhZogm6?S%R>z-)&&qAAVa#Xu z0SiDG`XkY*1BqDvV~D``Y&3ZVPlhDhz?bo@5b$Z3#&ex2_zc{oq%+)#cUl+$q~(8xT?gTY2Cm5xIZ*#DNHE)a;_{~J%a!Us7dM^Xwdk06ZmsF6Oa-+dOxWFG1gHze1T zV4DdlZL&yKd=M6AG2C=sX3|cFI9!leC#TmbD?hSQcK!NpJA&v(m}pI?#S zy+J9d!O;keDPuvN4z-_cFdFMc@2Q<=b6QsB5i*m3#!{nQ;%j)lR4m`25-G{J$>h^M zni?lb@s!m{<%SPP`wM>!*MQ4_$Ec~Q(aVCvJ4gCYJ}x!ay#eE`1jq;WCrA{UD%_4V zVGL;EpYHzV&z~>RXjB$2UM#0ipH`j#%F4Gc5~*?6SfLkyREl0DQW7OTToi0V?1nDo zcDki6)TOip5{V?*lad^xujxL>D~;?~u@7o50EDq{@KJNZA@NjHx*}lyN3mCPl_^|n zrb>2O(omt5`(QS#`MS5f27sPlFSm!~wG$x;z=}5oGG+q@7t`E&y`lO)8@WMxiF*6O zTg404BJ_MbALs352A4a&R>VNc5 zR2F_>p_I+T29Fvt)A-!~2-Q?|V&AP^Q7ug$Zj|V8llA~GT&N)tJsOoudoCH-n;$|W zfn&eV2L{l-T+|bh0U0>+G>FkU%va{E+4J0BGI~X-*58YKj15^nz_fCndQ(IOh^uU+ zBx!}(>|_G`JD`FY>p3U`mrkf^W=puNTyGn;K@1!@azyIu>!q==QJ#D5Ipq<6OaTVn zKlDAH^-o1e$Kj@1Z@h=5(P=aB)BOusWr9v)X=>bx`G((q;8r=K%< z4f(DC$dsSXU%wxEWjPE(%QN2V3Jt=a9arD0E6OnfQl{@SS0ndKU9;osdSt)LzE^N* z7}Isp?{wPiYxY=I@t8)Z8|Ge@b#)%$m6w4b4R7W-D^7NvoD;bh;SqqOzy<)0s8Lv_;AT;{ z?T_|CLjcTzR6o97%h1uVF<(`qEL>&EC#>loi6kuc3PE_PS0!l z-_ZA}ApBu|>Ko(fbUIbmb9Vepy!3aKK6B6fj8b*J>KQmBF8dRw)X@q=N36l}bsoIh z0iG_bjsy-AHuIt5ec*^CrK}hO#-#OsO8+l+$K`D|RY+~s)h=wTUhm0-kM_ z$UEzqn+0TF+d^}i$$~#MCwDA z#JvF0e=}$Qc_d~aDa9L$rTO+|0|;ZTo*+QhPQLI>3+2-HFBv#uea9f^X+Yk!*d-Sq zz9`MNG>g+?sO4F^ma`8!JvW7}oCOhj1U~H-f}wS_lyXF@fcQ_q=xOo1yQQqzaQmo@ zF^!mJCVo)s1w4WH{8F*z9l2`(U`tz6X}e%oPsU_fuw*REYFbUQ{#JiP!= z@~^&eo=i6M$-ea+(WdkpD6ChwUVxG+(}fvy3YKF}nw<50Z=4#o^f<1BYd-!py6B_QK7A3InL z14dg8v~aF6(XLtGQ~IBZbx7svHy|mQrX~hZR{EKAt2ay)%eIRvupA~7=!(iDK6&iI zQ!SwjyCe}FP`Cs#XA*j5d|iA#pCZD!uGH1l37^#(W1BLNH=H@xo-UxEEDXj9=VdjfMRgB};z@ze*4 z{h12*G;ZTKhD4*k@kE;OpO1#L7{12~j-?p@y4^avqH^LwL`pnV?=V+YW%(bH&Fw2o zrEyNN;;AVPwz=dpE*2Rn42vq}$(t&#leT!jxRlD#*j1&?1$7Jn619#{w@RQVqOnuk zF$#i#^v0}XUxyTx|b&QrBPN*iGZ17TK-g^`e>7$A_+6_<&B z@$DewFG8YXR$&nB;POeV@0f(zmh=4_HSLH%drb6I0ke- zN-x6&FW+o|`RsxTtV>k=Hy8jhNXrM0scGhGPqY;bfHHOD`I=+9R!5#$Bn8_#_)Ljxd@iexkdGC8L6$voRPRF6k>${5bok*OSq}LmX#? zQyR86j23HVeoHT)b8nt2V$#MLiGF7#jsd*XC;gZE6<%ibX2xPYLyv=S$2l;-`Z3>` zU*4!GP~;9spn1KjRW9?Q#n3Qm;OOJQh#N$(FE`dd*w^r{&DfzJ%;p7Z86b-DHsX9T^F; z!OCKqiEx5CEJxR=>e|H`2 zl4KvKdJ}u?B52dZ+v8GkdxezGD_7N7>tu57w~p2 zEbpMzoz-gjA(tZYGpcu7Ib9u(9KZw&*tWUhv8^l{V$B1n&7zz*6 zgeY=2rF8yQ3Aa8WE)R^rnpiKWdEs#RCE9sJVgo(mF0DXw*bDJkUC|2P!{M-$mzPU* zb+uvy&+W)zT!iG;PUZ3A+;ccT$HJ-_B!AGPO8=i%TvPLo48*K)=ipYUln zfW(8w$$0b2M>@i!Va!MVlaVLgOIkUwAJd54c>D24bt9A7?eIt>8o?9^LwRuTN3Uk# z2%d{m5{XB|w*97%7|?`!&#@kH)QnBUD%ddc6DX+I9)lm5!ho&Tr$ zeihf+|i`ktK7MN+&k1TFYW=I51G)%Q_KifoGBq#Q@N2&)8}0 z7*l}(y+^97tW;8es{h}2-+l7xtFOwOIdi16wDhXI6gSlwo;>oEhIQ2SBmqHKtrisFibZ{>hXyObNxWGZKH@4LUI0|zhJccaR9s@5 zPL34{ZJ><{p^Qu1==;#ZN%r9y#j$5RlcB~R_H1qkpOF~dPI(QmA_D+>D@WY$0#L{? zVlb;A!zqdYZ}p)4VYn8k@)VKKzji&>^PQE(MWJD_E(0J5G zGG2ASA@dq21u_<nPbrwVVKZeLNT@h~He3*PrMLVQD*rgZ%oP|L;H2FOEt`GtG<>t~nJBsajq&g}_g7(P`Y(tgDf;@pI;Y0p6TdPU$~s z90AbG7jud2Sb4($H{#fw$AaB(|93Kd{+|szb})!qhmgp%!_^qj>xHjsuDHsU!x&&E zHmYuN&#sO*%u^9mky4OeMY}Ib>72#G#IRpk6$9(nuZI*bp(Ou}jg1+Ce(0uI6U4e6 ze4dB~0P|sbY8VbJOP4X#*KD}5@246rT|V)bq+2=Q(5iv3O$YcU9maH%@LazVPb)km zu@5&iY4m=gAKqwO5V)~?2ME{%)dUbUJdBsQw_rOHw!*__AU6slfNn>HL{soUqi{BU zjU<)94E}R1Tf{1rP46!*U7-OC^K>T9egvaQS=8W_%5vz;AXspGOdXcf6Hs+=g)H;c zOE3xb7?V^yhO`X8Za`-kXF(Ch-U3ctHD^o7S|S(j4ol=D)WeD~q>Z&=WE3Du0!L&@ zHkF8f?ku*Ek)9aJ=9P(el}D11u_qcbR~%&y88|v1(f+g=qdgEt?rR15qQ^n3zZ>m% z1ylri+h!UD6C&m`XYpL|l-Db0InUW4jRB4k5c^JViTLW);HU(=z?ifHpzx2)YqaN* z&df&ZG{AtCYHPKB5|j-3{a95n8*ik1n0}&pjFk6mcyD$5>A89~w8b@bOfybn*mo-i zfLd#kaP_D662_XJBe!fzPQj66+U8I?LwkH&gW1e#&tnoUM>&pA&~>dHM#F$* z833Albfq&YZbRc`w0dN|ajgnLjdxzX7o226B`x#OzQJ?@oZz3&<&{Fe1JR{2?Cd#c`I1n&(Uv z4b{LD3@*7VmOxG2u!UiBjIYL=?%$s3W=Qm5T+xh?5oDn@uh24!^bP&;T$qBc|~e?bBTQ!nCnn%Gel)^|y~5DLV${vt+zaJe7-Z zrjndydv}_Rp6q*1SzY#{iF+ClERlHsB`^-K!BreL8^0zHH>FWHCqD7S6LR|WX}NIW zf;|8H^FnU`ruSf)vpUXNkOAkoJgjm z3#!UW1Hk0IfkY~e$7=QenbTC0Sra0&Na}o*I46Tm8lH?dqnD9HEPs(lTEoUBTMxL= zQ`uh&fq`&4)SYQ)TkEZ>)s@p8YQ_E>=YNo;`cy)?06tUHd#pva;x!27_HpK zgl{7KcsOJx(RZk%8Hcf2ZZ`N#(|?I9yG7Bx5{VCcJwN}x5-2Rwn%0tSmQP_JHitlIa6>o@s&XGsPC+7XQg zwHKV_Cj-EP5o30qWm+#h29)`Ys@cq+k-JWrFCfJ*Eouzfk>lwvYy%Itkv;GNKo>y6 zxz^Be?Q4NBke<_G15hbLzc&>q=*Btr;#$Kk;UceO- z?FiVx`WT@4e{F583=9lNUtgb`I(152Y4M*yk2P+%BXD1q9q4|JwgX5wjc4=EyqSki zKb}0Y;hF4v4WEWfUnjeq@#aVPNE~M4aJ+ftGacd6{V1R1j3;lxMK^$KTip-Glh1Hz zz#bE)%PG+q#!U)s1!h}O(gC6s#|bg5(%4^_yH={a%fx~2WE2#oToQ>HF71qVHQYRE z*sRzG$wbr)o*-Cyt)LNQ@Tw(Gr6KnGp-5%D)3%GMrScVXzxe+^r~$r$Zr zRG3O(N19p;l$4Z++vAopXPLbBz3-L7hY!oDRjZWSHtqrRn!_tK1%?KX2mJ)!#v7QH z#0`H|44Uwwn>Z^5wh>{px|==r6Dx=OxB)sE z*=7Mud1pZrBtuwO%#LPonu|)Ic%}^iPI(2U5P<=db+}ADkHWJSe9jI$n5(5VS*&T;c`in|0OW`+)1=mbIW*18SUel! zN;3e=Zp!GNH*JugU#Ly#n8m6mB2a^OZ7ohnVQW5*BDQnSne|~ zwWS#VaWDX=($B7LlKxi%21jh58e}60z%+x?(R4>nI+GE5TEoehA85p26g@k5q8%)k>E(od(4FG#YjM5TB z4m~B9TrUQ5Lc4G$Ylmrr0qzZ2T3Xau=o2SSNJmG98dn8tN4vjFo4%4Opt=v~Yp&@F z6+fTwB|z{icdF>;WCYOizYd{zFWzyo<&Vd1VI*)UL(U!_8eQtjwVxpYdp@yb2snfB z*;Hf@ulDkz@H6y}r5ON}z~tuffF2!`56*S^CQH3 z%vq1=f*^ndj|0+trM_-vpkPcTA~e!sx1?^MBsh(!IPhTxe~g3m+F5LzztfA4&da_| z4F=Ra25E^oE|`XqjY*5y*GfEf4Et)#6I?G+bVo(C{`7`xY}`OI2`ZQl`-sKZsIou| zP4v+H-!soVBgc*%Q^fy)0|$i00mo#nVK|K$XN-C>{Y3K^qlg*(+3NVy@L9QyHH?$p zQFNV2s5-z*O%;&=03lq~`V&cnl>}Rrjq$|qaY(bd&(P`f1>a=Vx6truElhe#B`{I>5#N=Tn2nyo{#p$eCVM;1q+&pg8;plwFsO+Cva&MSzkk2Hx&z6VT?!Bl0^_yLRy)&_D@=syw!n7H|9x5uLXvHzYc|Zvl0b^m{BaP?=tr&s;IE-b7-Z0`42F?U_O6f*XGYNEia(@X?@!igBv`L7)qBPHShied5zIE!J8RIAKR z?gTkf+4lS4F`)NHj$)iA1LJGV9X6w2FP`W~NUYD;ym3*QwIN+~y5k`OAeRNf0gJtM zuo4EK2?IlQis&>67U#4S&RixUv{G+}VKI;%BRpQAGyrfA%zU5*fG^9&g87to%)(+o z&waGqeakJk2)zNUT)9%7fBtz1hr<#G1Qb9z-l))xb4khG>t)}MT2=u+S`nt~>JvT< zqrPT;x59lkj8=eWC=7YU8^;BHaT@ufwi?Y!h`HXwUu~ty+3)u6D$01eLScpMGEh!=3lxtK>q6rvRRA|&Oh9sQjkCxT|;5mMu z$00raV2v5twqrIIJ;wxtDG7#T??OjI3N!$UuwE27wUNcqBHQ1r zfB`Z9=FFKR_4W0NA==&DEv2Q`y2&IXV5loMN}nggeHv{L@Mpz9xJcYs)dd@2W7}BO zO`&d6tHYO132~|@swCD99&=8)A+3(U9iXwFh{KJY+l4t3(o9DRR=3C~z)=Byr<*{% zNwNAE;apJgG2-Ap04^4x8A1G|9H0Y%G8eQ1hH3!lemI-2mYiX^cVqB^_^&E+N)+n+ z`knD*@Wla22#4hJu-kJ05t4p22E@h9u@G|o4FzQoWjR+!}%(q z8fHcVfS{5#g0wr_6`n%CtyOfWBS#4^G@*;@uJwU!ty;|(Sx!Pj@ z(aN&T02mWp@lc;6BOSmO|nb=nigm51lmazJdbAwD`CJ@ zLJa^jjc7ov=02#X$NH|Q7dfpnR;qX&VIhtfV*MRB0x+O9uI7p}j#s$+jnI}!j}^0= zd~*fZvGRlgN*5_i;cqI!RFyjwb)9Wx>bBKatJXgs@afUSBLL8GG4|d{#Xq9%6L7H_ zN%kl!_L|8`1_9ODW6%=Fgee-Aner`qLvIRd4F{qfWbCII02T#z%E7WO10cQWsHt>A z1AvV=I<7b#l-B@g%M^Qx0RD z=~Y8WH(L!kd@U{e#j*XA%g-*7_VgcHVQ_h^5MltcQJ?Sf=9tT3$;2(2%vPDkTr z*$z{Rfpim;)|QI9*)6FkM#~t@LhJv|a;FR&8<5yQmK}g8tw`Yu*Bg;YPeg)8g5nHd z(H+Y(0&q(ld**t?Q)ZlNRvhQTgKw9Zg#q0L?$SzV^p|3PWRk5(1^~{e$NJ7-Ec6&T z4!7WBl{MRL)kYPS4qZM9W=Xke+;R&>1B>qR28A+XGdtU`H~s1xiNJq$JT9%Rt@7lP zPpb3(r%#_&h5*e7RLsN~4J%AP(L6@Wf2M!4I{sAKjo;yj7El>2dUDphz zJ?DBPdMqm5^3Y+V!9$@TJFBm+~D4hhF73C8g?;8!!UH7t{1tW@VUU9Xm904ORISgo$`N;M>N-NA(P zM-t%Z;9aRxmNgX13K0AYLGahsy2M=)!};_cxiD~89_>0OKRdEpKD^*DdRn9t{xX{&(TQ_*86z+aJpjzX2C%|wxC0_1!46Z80WPQxmqYwZ{nGnX zuQ)3q$p&L=)PS~2!COZAfp*0J7&Y!p{h02*?R(p$sF(;bQBfQ*q6dY*au7mH0%qiF zK0;vvV}*&5W?s39{o)GDmuSa95UYMPkeNnh9H#^?9+5!vTHL2QMqwbgbSat{Lgq-K z|CBh2o3ODm+)<4MIJGc}TmkWv*QcY}cpVF8R`|~KWY3;G;`8~0#Q#e#y(HDu)#CSK zJRxXCF|S^4nhBZ)oSS|U?j)SXLmV?twVtIJ0OQFc4N6`vy6%LF^|T^S46 zqYy5udI4Y?6NiLvy!}|$bLdsM^rN9VwG)~F_(v}*4hMYHgL37J zNf;>APQtAny`j126#z>X-&?g0Y8=vYK_U7e87uq`))y@Pdw?5wS8#ek`+;Btx|}dv zOB%)wS7X4k3;^_Z75t?xX|DIk0Em?h%gUs=u|%qCoRIKG<^N~zP2lT1%5(8oI*W9) z@0M)Id%VPs6K~nb0%2bQm(tSS`!C#IX$xFR|Al)gg+ieeDD;+=w70a-lG_4h4>+#X#CBpQ-gnEkY-`_-&XMl(%y(XC^!Xg=9Bn?5X6&PxZn=r6@fi)E;dUxxAXHt)syfHZHz!Cvo#5Sv(CGk(fB z5(6-?FAVeyNXs)V5?qME5^fJk%V4W`$xG^9ee!u3-26_-4N<5`bgJws;U(jyyYW>hyD*D_mrGi`1Pb>dd@q8~H1BVg?x(sXZ{zsO z|Jm?|aMfaHSx8D3d)r`~RFfrr0Bq=Nb$-nXY2U-We~FGU9*dl*#%h6q)|aKP`IHpY zu5jOr1ZHM`YAh;U$DV?c1luE^SWnMjP&?2rc?~y6Ag=(GV>E8*C3Ueb83G)z^WDhV zPyRR)8V-BgDD|B=9&_o&OGSt2`EzDs2xL2c^R;gE`@~u4L2OUwe_n_#p?hRsxvKE6p&SGp`PkimPWCh(lp7Xp z9v&QC48i>I(HGDw7Y@qdfmXRPZ-MluIiO?OFgn!A(!~kD(i~jRA9ycWNp)#c@uFfW zyt+_&5B5rKp;-?#HcttGw(-eEqX0-(UK*R|ED23C-_wts_LL@ADK?(rQvXlx7N6%@q*18}FxVW1u;;S#_)en$n5!6NQZBQEA2U(C z=TAuV!izXJWC_+->OoXvQ=;NvDBdZN1*=U&{q~HV%7tbF0;&YyK4=R6+)qnofP2?v zL+#7~9_IPbkqQ7RQu)2&WF>7r4`ORoKNJ9g9A254@P|#4gRwWy4p761QD3n06CMPe)oPdAwiIZM==7Y?W zz~=aa$7QgK*TAI%7U03_gEuTxu1%b3o@TP_YAAD?8#8Mi2uZ=BjWQT*#vm)*y?+>F zVP#pYbDwk^d&z*LgRr@cSc=kN0LAZbfBQMeZ{IxVTuJeDX=zxDkB`1M99XZ$GWwFX(0%e{}1!x+h}$=}m;j zOr&9z%|t$#=8^6A*=;4$vd!xFi3tO9@;~|t2Weh;*pjfiFpd=fSmqzV6@Vk<^x7DX z`$O1B{~HeHXgtyHve9PAW{NN7)sHh2c&MTo2LQ9^V5g@z0o?Snd13tdZnAm{04qoL zns2FGD?e=BCbhv5v*bUWieneUd64p}Q%}oB%a@>w&EFBbmi>WK&qx6@WSOW!cphmh z?$^AwnkQs?9oh}(3=~=ON9&_}dASt6rck0yIIs)C{dg5^?zCSWmJ_$1kop_yB~lqN zFG;1BH3gg^M)cHvUj29a_R|tx0d0G9e60tS1hJNwl-^Q0y#If$Vl+iiUs5tf4I89w z7xn^Xzy+6K=H@Mw_PzH@`KoK781n97=HP6;8KdMyx!VsuD}#OKBv`c490HgQ4ph3t zqvxb($?up070qBQ&6ODG(06gB7Xh9u{`~XL%i_h0W%K6E(%9H&4g};j02+PoQIPXr z1IXMoh>|)Kh}$lVYcvQ^FjV5+D2?T)8Qsx-2TG4 zok|}0P7PspzaQ864Pv|5VBAxjaXkR81;7=6ozffafW(4pX|Wba+ z3ol3mFi96j;@^wCN9*!xWKG3#1BcehT)<||lmYKC3b&zxkkr1dRt|smu;g8t#=&+N zUr|xef4EQ`M~+B+eZ9FIz|?JG z&`cq{pa2Iv`V7wv(0=F(O6!qn^%VBB63lQURZgfvWQMaJH#^o5c??0o$!4R6OJ*yN zQ+@7*Dph$%eQvII&EOD}092R-p={n08T~#qzjVLEdrskfz*FGU#DL!yoV^gP z+$52z1_PVHa6SPz%gdUVmnT~`Z;>@?)<|`AwOn(}HL_&Ml0;pO|Lx}(VKT-HPm%P5hF?wID#~k!$PO-P%w~T>X?GZL|2Ee?< zFiGX>+lDI+IBeCk&Nxvygq0J6iLtDErCbbN`jYg;X=ltwm%`k*U?Z;m!yXxEad%v|82YqAd7L)*Usj7(! z%M|U5%Km@YFQGMQ3jY9y7{-pqq~`54xYHb~D)=Qy6V|D!TSq5-1ayT`$?`3jG2s=k z>8~2&N`YLQk227@TUuZJwaHWk;`BL~y)kvUK2QE{fAxEq{a=#N>_3$)gZ*cvc*V_T z3kB&pGy4!w0Yhz;z;;i2iSR9RW^N)d-<9Wavzlr|f?>bP%?V4-KpV#9yatd8>ydD} zy+Z(bwXHK3Bj9001xaiWN_$9%{AQb*XmB9b0AxmIk|QuH6af0dSYNeDuElc1F6>9= zzVvhrw*oX^`@lC2-6>rIyeAS01Prxzat*EB|)nZdnm3OMB@*p`oIs6^H-5 zv3Rwtu3T==amiU{Km*8N6#xbjfx>0d z^5VZrUo&RF&G%wH2(sRwiAs?3+kODd^3awt`%ZGJKp?V6N>*$&?NF65u2Ie|1h{;+ zql33$5bp@r75`g&~`? zU`WzEEWj#3Zye8S0J|^R$F6Z^yUj9Ac)Xbab^uqz4-DZ90DkL14;zVaxgIwH!s{;evIwG5mZNN*JYD%NZTxFS!Eeesx_eetX};F|+m0d&A|^ns(&__apw;6H48NT)I9 zgmECy;Q?9r{)JLf&)H-ONv;=Ud+*UYFI#hqxsN_`#U+)*B27>KU)a2|37<-O%weP3 zelEQ9p!6Ka$^W?a73=xaFL5pouj)G^MJwJa;o?fuR{&i4>0QiAj)3+XUi-Iu_ij0R z_N*K{cu;ok+&O&k*mz7%_Wj88lcg~pk8?RZ+wseG{)XGe6u-K(P4h513a3Unns`43 z@b2uvA%A$`nhDBLic|2xZ2?>zfIBw~d)bbm&7UXOkNxd5@zWWQ4Oh;HLq9Pwe5(ef z-}_brGY>-?h^gn-XvC4E^WK&Iw8$lfN;|~$bsOcfQ;$eLDx3Xt>}EB>bQJL~3s=fN zH9jbpmoJyi3)UNfma75gqM@+PvOV3nL;ms1BeF4Xf%GLXOQ*biJ#nSQ^@U4iV+{_5 zgV7gQI_X`UONW5j>yG8_%iptHF8q|UpXu|$a|5_Me)pg4mdO8&m=o`Z;t+b%y(%yL ztY##pVsU==dD;Kz{gQu8z6|x@t&t`sEPJ3lAWPr2bVm4fnM@4=`mQRfUn}`_ua)S9 z-B5&;;DeFwvJcE;Ljdk=d_*qn*d*1P-+^xpXBE$ z@8jq|RPu2fN7nZdya!k|)^Q-$JE)M?9O`$OWn(*_VxvFaEzh6%xva0cMXIoRj3@Zp z@f3$tHt7TdL5W5OkSF>iCaug33sjci41nl>_l`1{S@ND9q?n5CeDI&T);-N=u|co{ zmFJhrd+TnJ!_ii(0?15%F@W^Tunhk5d%r7B<_k_O>lX9v@wktLCg;sS%TmP0MF>tnklv<&#hC!;qSe7>8Hk1Jm*4TFkr3+WKg!(t@6ij=9vzxDD6Bx zEN^L;mXR~`zdZ4NY47tUt0=$NamIH8Ghh;pbFaUL8!@AchbQ*OaCSlx%oN}GY-c7x zUt*+m_T_c;SIbY%Jb_gJ17;zOSLNd~$0osL?HJn0-|qRIe0lR9Nnt25r&a=}@Za3q zCZFGZyX2z-c*>J>QR3czZ}$HhoVRfO!c7KP`=dWT(k@1}Ah6=yE9Bgr=hD6rfPC{j zfIwkD23iK>g+G5mwtjW16jT>@0x$&X*JNTWTdMAfUG#! zJt&bYBeLSw6<(2NN6}|P^~?y5X4yV+Dp`7^v@Uvs^qt!!x#3bY@HAHekW0))1R@P` z_R%j$=w1J4gj=00pOHdLb0&J|-%xx&8Xvw*Vx31NHy<}$OlbBW%9bnMY&iA?U(?LI zBR}N`=y$%bu+ZEBke`n$G-1li%gxne9E@um+PpEqHdGo+#r0{Notw(pSDVMlx>;`G zkgY2ew2oL0*=%?Zd$t;4I2G;KE}tio;`5V>ZwlHsf4JDsTv->y3V_boDX9)D_S(Hs zR*$64#g%qLxF%3?F>8)-OehpYJe<-sg)01jb4OT2hu-XqqxR%`jH=2?qRz!HcS|NgTN}5(>)=&>E=J1 z&`N$0j>fl4;09ro<{k*m%oeUCr~0lDL}fj z-Kg;2gG2wm`trZa`GF283gl&U>OZm6+5ZnLd;740B$Ey~+i{!={F^}vmO>TbMt~Kc zSRws8@N&#YcTcCY;N3eE#Rsqw+S8N$^8BA{lg>sQ0>vedJQE-t8kY)0vd2Lxc)hUq zg1qpN7r5F^awC|%P4ikrme1_{e|11s|H*3a9c zRspcAYz#<~lP`@Ad{O$_&za@Tb73WbCn$JBfYXoPF1@FpfU=`5W8t66{^LEzq;&oJ zB)<}ek6J?F>}oBJTSb5acnbflORfTlL?UU|E7MHIF#Tj{OeX)?o;KU@Q~t8Oj;ESG zr5B51MJAO_b5N%Ca{t zlgj_EQU=c8K)`gj0#FHngYtqE*l*T0Alp8?P0sJZGHR{>U>FqvS!N7RWDg(L#^)O4 z#rMA`f(fbsPWku%j05HPhSpdbC{k9Aa z-)o;iQMi37R3L+Wt#b0-&q=g{{eas6GFVBFL3T3{)tmYE+BAj#&V!hx!OaIlW*KEB zZ5;zTqzU4zn5rw^W?0W8^-Pr2mNtLJVZ@b4US0-`C zqs8!4^iuh!Lo->Nsix=Uq3uZRWI11YKfCQuEel06606rnb7Vi+Zkxi)xK+3xL>YpCfV|Z7Yn*$~g;fvD^2)hq3=>9qfi}$g zKi73q&h|egRrxEWCw^3pwCov0;urc8SR!Y?)+DIw)2ot zaBz!+|3#9#8I1Tce)~{V{_FC$zy*EU99S7KQo4EOLIs+o@DN@v{~!)>gz{L0jgNjyI&daV5X$r+b6+yw`so_+egjfCt23C7oL-lP-W+9ghR_Xf$fh0622wh~ag-S+tSyhWBCc=HU`r?nrZdW& z5DdI%jPJEajWdd#HR{uFrpwr!pff_7!b37%$&32i?(y;jy~Mu>@plm~K6=BnJ%8q5 z&MO(_bv*uNYr)A1kM;Kj7b zUFN(p%^(!Y6imIF0I($)?_&P)10@h(xh;a*lt+H%88Qyf35X|@&ZGO8-A8=9COBul z8RKwKy8{jWOZa=(kn#v^Q?HnX58+Ihj@}k|>B3K?A|De_`O9U;`8&+{2S(0Hd^caY z@Pw4$jItQYRb8-Bb~pdZ(DUe|Uw=$AfNyjFx4jwch$#`n%Dv%R01V|3UK5Y=+M0C= z0M-^85F6q8s#WsQg>R69(Pqg|!vE>6bMhIKVMq6IX~02;EE~(1t|4}L!0?s+^YV#?TV;7!gTa`1I5T?@ zP(i)8zF5|Ld5!dM!!;?G;ZD1=Fe(IS3ew?KVcGvD2V~oqwt0sGa#oz-mufWt8m&=q zV4%u!cAV^x=l|k)Ir>*eB@fpbn)7t1`~{Ecnw%i^j2(>06<@eQA{AKn>X!be3tjfc zL;Ij$8ZN1p%B%l}#Jdj|!8QF(z@niMVL4+?xC~d_U62!ZeL}iVgAVs#azJDama-QJ z_80H8|9F45oP6LPr1QX!C0L9T|1+NX2O?(a|7j^)@!L|q<~63+X2nG|1K@Z|3jrPE z@7uReDk>`E%$YON+uI94W$c$JXDGdW$(*R+b!Xl`<4&ZtSD!E+kESlEXseRr)?)0ZPqFMP5r?h zleW@>P2ClMA+Bv4BsQ|LEG`zZ3B5;L>rV7ZJK%5eCKL; zF{Z%%84?}r!uH&52(FzNs^E100KP5Khr8@M@$0gForu?C;>0norx|INUKuqXyN_Jt z*8GRt13z0M{bjh_`S`wwHs~mAkCzb~3}0N`fdAW1LzoXV8@_qFK`iIEY{xBZG+gP> z(cdD6I`5N$aEbK9E=UL``Co`WEhpOc8C*T=NBGk+r^2;A-T}@B41UBl3LGV8KzifY z`Um65cB6SU0rU7z;4fjOs{HKE12HU9K?4utkP3DLK1cGyiC587<>b*}=UZL2R9-sw ziZsW%Bp+HQZ5-+3#0C~am#YjE$_bn&@Kn<-xx8ozG*K0NOwe47W~C7aXJ!t8zJ8ubfwN14 z+^dX9dt70XpBFNI6Xn8ur0^{&U0N#9im0^Q(ITP6=qu^YjI#;wTZZprXlY2gcXi9@ z2TqGrh!odDYaQ~GM5+kTkK#o69WR|3V1OSA{mg5idq57~b6EC#YL7&lq7q&iHrp4* zqcbWT^m4IPpzpapS#{egsecXjGE?}clEay4L4eByqtTf8RF8u@D^1Z$PQ^G@~(%juBKivOGDG4l+W37AS z&O=`WjV1EZ*(c<|6+ta<2QB{9ymbq$0Rn4mQ6icOCu`=&g_)XC9P?kN+FoOXSH@ zKarj19+dJ>wcLC7n{v42C5hw~$xjdbwX}5Oj1bhvfA0NLT!)w=J^h{X-F+X$;_hl` z>N*a-KQ86LrE&nYe{tlmq&mD3d!X-^M^D~v_L z-{++Rw{#3*kM#HVeNrSAk&eD|D8r|uFsE7?I}XZ^5B#}QhL*_Q^Uuk>C;nDy!YgFk z>HFmIQ~xei;QNtd-^Ez@K`908yAFO$PPHGvq)$YCwEr{G-PdjQmw#{X$0RUVENwk! z<@@{prsJ~^h``qKGtA8;#Jag*jsJ}a;BD_!@JbJsldj2WYUxoY} zw9j-L#>(70`Qg6L0E1qM4fF%!k4X@;TYH-1M~6T=K-#a$9fv+6RpI6GGM0-!aO|JJ zE9>v4^8D$$LAzG&JMzzRsQD!+#Fo~d0ps(XXVEfpQT9(uw0}@~qa6m5@KA}I?>>q8 z`=pejZ5(OcjkfW5V7we{1GG>4AGksL#GSZy&g1*OBj1#RE!(9qw*+PU651B)Z%BT0 z@Kady6_joWssFj}Pf&lgILZEy{P4gh6ZN+pZR0D3_KRm8kVj7d<8XsKe*8zWqv<}h zjRkV|;eQ4XJEZ`$e|q4nXd9<-hF?JLJMlM&yIK}SHe!cjg_Hyvqz~W0{hi;CHATM* z`pYGfQzM0eI`CC11v#}i%d1X~ckYlTl)XF*+DC6g{T)Kv$d@1Q|GaeecH-8K0pRdy zkvL}G`>R@vLJ7x97Y?u^Y9l;o$WmHm^{_^UD;4`3*MF9_;oVx%Gr>XUwFL| zQRRzSs{r7~i9&E5mLRSzULrp}{gjkq`9~%S09KkR0g40p(t~TCzJKNksUFJ1p%hEZ z>6{#-nt1%$W`W^Hm;WgIN73Pbe)tjj%)#$V6$YgRD1S7eb4K0-eH|LdnHZuk4p>qs-8>s!V8)1vN=peUbUZdShm<|L(8umZtw`lF;%H_WNTX zjI#?eDifj`;eThJ)csMNT>d_6mmppwGFAMKRknE=Hj@efLhK2_xe}>eEgc6Rhe8Wd z3-?@_-oY5@7&Ztf0dUfAPOt=f=YJ;AE-1MdTqc3AcW4^vv3+KR;r9YRy_dap-&1nt zq0eD(+YO<;8p6MIB~=Ct=iplt@7gB|UiSqlT!<9}iIoKzkZ@5ai2$3}bSnUO_20H_ z+srKh4GmZo2%hb>&Dmz2hHp+a$Eov$5CE5!Un$jvi=`Ms(2DX+IJCJ|O7j-Uii*ur zl2?W223c9YSqib5rn+FMEGxT8BB2tgEnFc>%C3OmUnup(Yoxwx4Xz+Ahu;RNEn0>H ziK|T9s=|6H0&UVL%dY`#y0=JiekGP0GoMXT0D7doygWg>Xt^vdT@U`srM_gXEW)an zNU&0tlx~m(MN2`i7I8O9MP#9rgcgFv7SOH+?S--u?&7=(sf^U4Jewsiw-8I3;jY{W z8pTqF?K6u@*WrHlVp$B@3qiYpIFw!?HK1Kg+GRHF%~A@!%b@sRK1Jbj&~7kT72s^D z8t}ced;@5d8d?pdYeBmdwAbNzrAHe$)f6s4c`8l1ih^2$_hp9HN(hV#WL4GGpj`&q zi%~XWQYH&xA5If8tML464@4wM`I>xx%^UX8)Hy1>JjSe8dvf3?72GjOOx{Q(ow z1MMpCO^k_mUEy-ziIsDBFOqfxXcGrwQw#hHpfFipcBNE;HU(euN7@Dl)*mpgAg;)# z5ZkS)!8hAR0q8OP5`%GxX&Z}5J&c!>tv6w8cdS3s)^_K$4Pb0&mygg!*{gxWGVnrP z7vied2GB0R^`~rii%M2WXsFnPFDPDWFd+^VI3TqoRA+D~#k;dC(Kd?mNZV_7+~h;MuJ|&Pw_Y~Y-U>Qf5w-!p^}uR_)EB-gNP7j!P!7H~jA|RixCBZA;=ukl%s1Oz0on%I zroou?2ig&|wME4cq)S$#ZLt2X@cLh{+SErCZU-v{4y>p0$O6+}wB42G0iR0tkpfv+ z@;ceP=xr!lq8y;zQ1}}3^X0&JHF&C(&9(28l~vc6^0N+>lx~!o{Hu}AM)bc0-h0E; zUuB|?fLF9*?Q`VS^k>vrS$HvUeFx}WoycZ}B9jqi;Gc(2Tt zK^{jWegy!OU5QckBtJ&x!vGpRz5Nn}7P>H!Z|;%p>5WQxS>d#eqje_y*Qd72AMd+e zHlYFbn&t1A6^Q(sT{aMUxeWeYcmcnEZ8pGkLu0kgVk%8Yn{&=U--&5z8IHzN2UR8s*>Ceo$_z-{OS-j1ZjK$ZZ`xW-yhH zRWq#fuAV+AEshw!$>yXp+WqbQvh7pbr1xMilmJ+%lc~T=M({S_fr9ZiEbTfHlajZU zNW;4tq;^xSgp0!?tfGMpzhaoiBpeA&>S7uWHQ6{}{Il?Vt$lLlg)?&UrzfTRv2F>i z#R`ccYztyJGBrrT8v^OdZn-+-@I3O zg;;OjfRvXOOk0suQ0+XvTN>~GC}!|4gCf8?Svm7e(VDU9EY@>ELdDCa=7v9#;>A}O zGTP=ZSsO}xFLZXJzpY8mJ@69cfju%a17!k~<+09#Qg+pcrS`ht zVF&l5Q7ta6gI3HNq*4(;GgAXQ&XSQY zE(>R#&An}M*O7kO7|=08&; zr!M|@#O&;5-ga!6ARx3*&u@GARlMLOJ=^uCOR5(UVbW z`c9Laed(-pwRQ122?-a5@d1EZEzx#OpRwc(6_PYd6V3<38I=ZJ(axy3*6;Ao56gku z4w$@#!b1{ThE)utN&Yi6=rk1m$$QCbN@eqBw-{_xQIaV+7e6xuW_kqxxnsNHN`Snw zS{!V-K)Me96j$FZ!pom~E3L+vZc*^=4d5`@K`bNgfI_yvqff%6brQmXc&0s@_xB90 z2pG=KTaClL{>{4|k+YBgwG6Z!z>@!EC@VTHM`#(Bmn#V{^WS$?A`5SlMX&o1%9t3$ z16OBe76C#&-75h2j`sHSr&l)iE%W|HbhCOg(JVY=f+sk0q~-NPj#|{s_UO6$2fRTl zl@9iJ%eX<0BuSg)H{%}TM!)8hx?w9l{my9LM?fNf<<(nFs@=iFAH}yf#w2~x7>Gs9 z!D758-jvs-XS*$4mA1#9kME0kwJ}M-tI20H4j#r(*kEN-f2JtsJ|rYPm5~fK<;eX!*0{2$8HZv>DgrmS4vOg z&UKr0IOkRXu+p?6@;bjS?)X=Ey5oS#!=(}T zcO2`G)>m4kb62PI?!+NfML80x#~xQ4WN6MX@V>E{JbfFT#|Zz&qf&5Xfn4*|Ys|_8 z#U_11F6KlLxD+b@JYMQUV$W^cp>5K->xU5h_h8n485%qk zeHfHYEN^xgo*RO#1Nm4M`mV1?sIbhGX;=whvE-c7ivY*K9OO^u3V`V?L2BxKeYjQ< z!Zm-{Xm~RM$4Pm4IA}Ht4OeXNY=(k@>03!PnPL+=9w-@!M5cV~JQ=?1wB(QVn~Czv zPCwml_7MvIRPtn_85kHaD~Iy)^Rtn?dB>BEc>F5>X8jfbtx0O9I7`l}@IJTWUu0kJ z8L7rh{zR_AQ<}8HI2peWgQmj+t+ERHpMJCMM!9Ce2JDepU<783t3o>mSNt%W!I%c7 zuqlKm{v!soawaVjCk(@nx1W}$&g_tT&u^E*P(~~dl^dR-X8ESZ%*-a;d@TDv6YG#G zv7hI!Hh%;w9P*5YPfse%jG~J@RS3+40)V`#pxb?}TVD9o3(|KGGnb38j1*Vkp&3rx zuDhlomIQj*7ge&kX4@3fnfEmIv)`6A*iMBA}aOyjkCujzY#{la&D`#I@6`l56kco+vAZkJr_sm%@I zfIcJmduhhZB2^%i8&n?f%z(x3x=r#c7r~8w&07$hnQ;UX&38^J0Aev*la`o$opE5( z$dCdy%}j2KNQ156D15h&$81%gkWmVV*($t}Kej>E?^I9jk@i%WZ0{r7j>KO!x525X zhuK1dUw)1*=BxsM6~W~yoHcLlYnM;$_=cR0wn{lp_@As2fCIEJ20*-8@AyDFPPWaH zn@d;A4b@l5s`6zx^rKRO<}fL8F=C8>&qx2b3pFu3=o^V{TwKL)rt7@yYdI{>H@_;6 zb?k)#B8IE|N^nwU$ZTyGrt3?a&Z7$d=WuJnQYbXOyy+u2zy$YOC$LM0hKn$AJ7om)fg$Xxqk@4p1^b~McO@v3XlaJH>xA#fSAJ)iKe|(j<=idqc6G3xQX)dV( zfK8I+#?y%a06+jqL_t)mr|`XqW4Y(a`@U*U#Saufu$`ybikTau81R}pn(By2sT{yf3LO`u=iE{0KE6Y`PdqBjGZ%*)<%Wt- zMy$p`IVWW({Da0Iwu&u!`)ydwv&ISklLB<|iRZEcVDjiV3Jw8>fJ49`pa@U|<#=LF zD*#wn6=cu#G|T_m@qeTROBQ)G9)1LFAlw#0j+3BLuHUAYP;X>KfE zB`b>SaZ+Wu*(OjJia;qaGUJnses2uRobhYH^*N_-mBq2nM%mkWTwdrt4*GqvAW$Hc zpwG<+0~ml!M(}6;D*T_t%>OE!%=?9nA9BKfvWmHcelw{6Fl{0s_zn&X%Ik(;EWD!;Nns{ESweZvW&VK9NkV*X1RzJkmSk)((Zq}UzU7riL86y zI>V1DLM}?-Um6v`sePs+7-f{2;ExC?3X&Wpd`yBQVnn z0G8MmfDhk$SPp*npad4-YNwLKm3o&RmPvEKS^t41C;Q-8|Oby|^ z5IR)?bVR%4?_U0{JlOuKtj6pJ_w!G+p&}q)UamMz7XP9+g|&AmD!rUJ!N-bc^z*Pj znji*(oYCi&f&vKqVQd}XIRoZ{#<+;bG*fN3=YKzDabAo2SwDT%2XF^x(J)3+otL9G zaRe@f0)X7=3z_cb1I@DMZ}v#fwjRk_kAse;V>JLXnr?$`#H$L~o%&wvlk)eJ%liL+ zy%aAh_R7mwqBka*ZcZHiBnV`S0)VWk5?~M~kT*X1P3b;zrvz~q@(>iZQ*Q7Lz;yla zJD)S`+@o(44)|_>8T`k03O1DnW)%V6-&7XxAio?4<~dxJkB03D{pg@mYLGAT8jQAp z&3sw()-OxJf@N;ze@Zc)95Kos9CFOXLjdh>(Re6j5_hU-ac^^~!{L-4we37Ps+-K` zCK*kezPeNK$MiH5%50M=z8z;Qce;Ejjj`fSG)!qHv&W*DZhWPoww*4SpB+9~cQX3P z{4^hbnEzShO~g({D_uX$FIjvIbN2Kgpzj|47JylQ4PYv`_>!X%ARmX@y{7gm8R+Sh zyKovZ_tFy#isPeSgQ+Nu@6V<66!JM^PvM=j_xYHSDaL95{>lOooJHXMN->}+#;*|J zR0fa-JFWMM9zV}?VvrVxnL!K|clMu^57oU+KDOa~!tDvFAW4Ugi!*ZwOy@O#W0k@T z3eaHqaxSPUkVS7;B(d_CwEnUc*QMdQnKB*%1`1QzamHe3GGQnO&kvyRKX3|yRr`=E z`-^3=;UgO)zYHsJbie;py#OY|>pV`&gIlA~n1n-6fZ~14wimFJT0ni})|FyFBWF#h6;FUtP?`wh)q zyLL%iTbq=WmI&!DSg=5L@7^tk4jq!Zx;k^PS!-*ny!6sbChYm=pO?dj4;wejwR7iA zLrcro*w`qwwY3vEG*E@5z5DhG`67MtL44?b_St7m`8zr~Wc&8*21}m)f9~8ldF-*r zq@<+8oVZV%i68MfapHu*yR@`a4jw#c;#O2tOp3oVXU@n|Pd#PofY=aE^08yb4mp4R zyiu4iJRA;7Sy`Fknf1!k>{-XeaN)v*h6m!t=W_6L;`j;Kv2%wh7f+N|JkqUVjZb`j z{p(*#cXzirAo0m3pOoTaT=#w8fT=6;Mf`aBKid)w+i6o%lR3;z+Zo#e4=^O}j7$EX zd+s^I7u&Jsmo9%Ak2Kk?+2(n09%)iBL+pql%T8X8962J37cVyT`0~pyoBl)mUU=aJ z)4#Ni*+$4av3}x-C#1c--Lyf?Zz49^AKMYz-JU&rg!RlDF<4hDH`@UF3G0z@PM$nz z%2ZfbXwn@$dUUvs+3tupv8F%kr@Xv;!uU<3Jo7CLhr9l30F!SxoFm9k5T~FUhOqt7 zEB>2&W%+wC3*L-F0dXi3mt#&-IgLU9`Eu5uzX1%^>|YGe^ry05`gjmiM&1^%FM2_~ zw(@u7gX?|^+Yv&*Wb_q-bbWPPRA09@ASIFt0z-?E64E_{g3=)+t%P(p3?(3v(mf&q z(mgaoC^eLffH3sXFmw(uyyNe=_kQku?{oh=Gw1BH&)#dVUf%`Bk6@QZPkEc4Kq(KS<$$f_`#ok_$wU-V>+FnHWJeQQ|iKfjpWajI17BFrw=5zl-H zC}38*sKt7R+*!(THpPf8OY1CKrSi9AxB|4_GF89)b>usg?0b{8x*Uh+JA1q9ipZ$L zm-!4@8%k5Q{F>xBsc%TH5UnUi@PMS8I)FbHYWabXgogU}rdF6YYPL~1v!F|X?PEAY zBms%+N#VE%y;4|8_=Cuzz`Yg~{h;-rn?V(c$6*DDR!A!N_|O-yW!v0QPT^<(kUIzgK)0312Ksl;feE%#NoyIXd?#UuWOZz3i~4_F0Mv_=(_Y&R_Lmm zu>J%d;X_cRJ^SIfGgYbl(fR#*!5&ffCu0?QM@qP9c(Rd>Bz0JHQgK!0DRzI0+P9JR zV->CtTAomjcYg?9r36O~Me1zNtm_JST(e#k>f+*=yTRf1;L7r~4FmT!S6_3jIia!nZDZBG+ zhSiv(#)M(&|3fMh?=XQB;`Hd$wlfgS(QP$ zCpfcr5vpt1sx5of)hVa9wdRVVY+Hd<6ei*B0a72FJXJ%|EiG-YyY(tWIc@~b)U5TN zi(%XfoiMAm-1c2%EL@_0e&rp2pU|WiIc4ICr{P@aS9ItA7ET44ncWJ0v?d0q;?x5| zU1wTsBzAxzUB?7~qU|Vwmp2T+Pc+2Ma+Hb@ZQHIclc(w#QT652>f99vD&3Kb4@n59 z8M%Ldr<7Mn!lOk#i@W(8E=O>ehctmn+IB*hwSZLtH(|Q*&^U5U9o8SjRUvrOIBo9u zfs^Dc7gh8{1LMyrLl8tFNlng8{MmI~BP`iwIqp2>#}Gk!v?2!$Gj$SIL;Y~p(SV2u z^@>Dc;PHq!gAE=`t&=;>Jmlt7`D4+NR%hwsf-kBC$x-d@4s^#v!Y2cf&!!Di+;#>4jPyRB{$u}lNj1a#fg%d;Q(8DxHRro#n+RTEF0Z=$j}(!CB=CkUt%9t~x_s`JDTYTcyR(EB#OK^1>~nIr zrq23=YGp`s;;b0pGoCy=1NS0B)?b(#@AEwNd=fuJyCZ!+WPnA18 zE0f=>_4l`;z(-LMHF@&;wNhlvc?qWn1%gT6q#qF-? z6B`Dkuh7pC^UsHn6LGA9c1<{O)H>=)Yo^i+^wqn8W++?wO;mat!s4^guJ_Zfd{zEM z@V%(;5P`Eq=Fo6tgm=>bXO$mRgnAl)5|DN(X8F<*I_SjHTQrNe)c+Fk$(TRU_;liD zk*$fmwdeEJv6Gkk4`hW>V=3;CldNu`u|DW7u~`v0&64FzV*kt;OihOCu9x~sKT;Rn zr)zw(HCcBS?CAd1zjnEY?-D#ZlqrF7n#B_=qxREUc@eWuV30_o|8lS_$4%eTD1d<_ z$`_yam76?^-Ofh%t2tfDeW_5yU9puKC^U6qEvF-SIWTM6AiPEUWX7CO4DPgm*LC<1 z%1&)7AwAeFM<7K)T5eD&r1*>gcXVB^*{s#8H0xRMxJGxBqPQ~;>E=2Q-e|He>tobN zj(85e8A&r1zu`fZCdrRn?k6GC&$o)*#?~;@<^vQ21|*+yf7&vVM6QMf=}45|sK_;6 zXDL2`dvaj6gU%3NyLtHcrXPxqn&q2P#dl&hm(|!mNn-vb<1cJ*(jEW>VOjz@i2=y&}I4A=CokD@O7SDs0dOI4Vp=cp3$q$TG;{`Qc1nCo3#YW;Im=A2`jN$tjP0c(66e?j&hnG>3si-LM~l$)zYbUx zT=s+E z<`y3v-ph%{XOUNu*oc>fd7eU`+uW?AGZjqWW6 zDgN{!KqPU@s(aB5g|TM9oADyHSM@|;> z-QhEXKf`X(1s0#g2CnrEGloKn{qkX#H5&pns#Y1_PI-)ac!>+Zh8 z4@pRH&IWAmRw!7Cap8~}#e@kzsq$+ud~+tlQz;NkRI=Kn%BoA@n$Oq02Ejz-iE1Yb zehmj!Q8RvOR9!yuRXbf@Ou8OIKi5&AW@eAc|zTBQG& zrFc-ebRR|?(}zqPOkK2UJ;)(V6w9M_A`5hs8=Uw?qIYZc=z-f~m;gQf2rt%@dnXlj zY>b?-8r)3SDDmox?RS&5knTJZRELqmWtc^W6ZYryB0|Y)^YFTQ;Q92fyH3e%i9mke z{QlCq2p!`%y-aRX&lflpJ1~x3SWf83EIw10~6-8as-kS|M= z-MOrD)O&omi%ESeIRz4sZTUYe+gO;7$o%QB;pQ4k+^P{%3)Uxw>8h96Lfj_i96#^X z{#d+!G#>{w7~ie2i^pTdE$IM!f!^dc?1HqV&KJXu(XC&IyY3?VC@8Y-Tongw!K`;4 zTiJ_*ZhIwp z0wo&45efD~O(CnG7c(q3_Q)SpKE%UJ_*~sbusv#=PN_Au$Xh=n){)ZD`lEr;jWxTC z{LjjapMFz5O~22a^g%FxZmc<@M|+bZRHgG;YNf+NXo?%wvvve28#(HW+Nl|Xj@G>B z2D_gS1aSL#`)e|W85iKxe6o`pVvKt;ghNQ-Me%Yhl6lKzJH1NJY-0Wo->-W*F=EU3 zYX+tx)6x0A6D?9>KI6;_Gzl7d#Ckq4qE5Yz3X1vt;+v%v7W0~2*T{q`ax(J%0Q?C7 z^8;#h)2hz=QIgO33dEO3wAbf>)@v4XV;d#rI_i9o;iZow zO^|W<&RenFV&z7oIPp1Pfpu+XVdX9+#x=k4Po@USPVRV{8t1s>%+7FTgpRFS2nt8% z4p%O^_vwhI%#LkCwzwW)1W%jnOTqO_c*g{|s+F3!g38XG^s=}Uv@i6|31$`=Oqivi zdii@&JZvAP6zG!@jhWjM9w%JD{oPn2{qm<0BY)cp&cy5A-FRyjE~(#A>(X103lWpwc z-&%3m=Jj&p*qWtDMuo|jbu0&gJ%+oKZvDP6Q}BFSwhEO|A7x4Zl<;a5BY|~%7E-#A zgzC6`12w<5j1K#~JoVt{x+P=n*Lue4B<5I|UYn-N!+MUDQt%GHi)$aS{YQI9=@#d` zXToR1OFa0ahbe>^=f0Nf#Wpq5!`H4q%;AnhSTDQ2qqX->p}~880xyBk!A)uCOhlKH z0ZyDEy(=T+9j4?N39iE*A;Ds2&WS>kCFo@eE&;7*4prs|3C_>STMQH9CRU6@f7|)N zztyc;7X~q;q!}`G;)dN_$tB@Rnn}PKtc#=)lvVMjr3rTREH%Pm$yqg${3GCJ6FO5SDg1RjJVqi3^7N6;i;fs}(-n=?#%n48gw4cw#4GOA3pnC)9)is+ zhH8ADfWRLEBU@8DTsd8*-M=N+!x?L%Wux0TFy&bcME*HyX-z{T4s2aY)9Era}46o^Gw<-4g z)Mwv(d{NjV-y{%+FO`7}cq~z72HPe==MCs;;*}E zrqMB@eM`eth?mH(lBL>hRX+rJ@l#+p&9gl!X_^hw&2k;qlAq8JwK$_^VXE?rO|bm$ zaiE_3nSp`e+I&;z0lG3ND#2C<)y-E#IY14w$=GS{Xj6TX+(+ws* zxuM*B_i`tXQC>CkZqFjld%YJ)L<-7jUn~4eiyrptaVrK9=a)>Pn7Z0oPM|!z-eL|V|6J!QkID(We%t^hP zUWFixx1>YV(IyFM6<4`G0uOeadvtG@AIG!txjYaQA3u1mzUrEa_nQ15!Q~o{YL~w& zZ-wCWK94z9LEVdF!EA6(c-X*G*KhVO;bIn6OiWBi zEn~r&F3=mFmdi$Q*z_%C$F>i%mSG{*BOMt6Sg^XSbPZNpKu)$~%xzdgv9g|<4 z?o8)Q;z7>?p?24xYa~lf+XfVKS`D)UUK!WdSz=u*985F>`uh4uInc`-+f(@$FCrTn z8?$8QSg=7aOMKiC9J=mDrLkW>IgpMpCh8EbzNGY(7kFCs3|i?C`3e#Js)ZiQ1`UncYPV8)Z%A8`{e*VJ3ey*D>yf{gETKS{3J zlKJNoLzR}2*>Tb;sb;&0J875Id zd8~)kxOMF2Rz!v~H1LvpY5MnXI^53ka#$`?mm4!B9Wj2KslqZA@EQx8U^7!^qbw;O ziIYY~KtN!dhO-4}YRVDD0RRA`vMBLy8*xgOovdGuT5d^kN^mlJ9xjcXg|d!wEalU? zmyUhRqdXkR9ErJNZyvVD(8C#CYz4bM0sE4Kexun9e%fCB!)TF&2R4 zi2q~czrkQZ0^&_|IRXzrW4}kvNA8t`Z!DF9Oow)gi9KAvC)-YcBgU*JqksOYqrjaOuCLZ)RQZo6^MBs*UzeF4__=tNLu}so|8ZLWGUop=m!x1~ z2?F`E$r$9o|Nqy2-l>-ms)wU4`7Pm#k|hu2fo5|aiRwQ~@}D>S*XvmE;AJ>&kK!Dy z$-`nE38FtBVszcN{#j8hKLD{V^_d^wUCZaaO)(8Gt}f*E!s7{TqJ7vrkQrp1g4Ou;`-i;6Aw2;?pskGOED%JELUD> zpEbGe(VYnj|^O*MF3X$S=jRp;^R%M_Jd&e)5@o%t~e5JKl;62oX&{*|ps) zqty{&gPWYO?@FeHJ|_S>`s$Bs=1Y50E)k%7L=cn50ZKc0Q?E>m;nGx)f5h$S{wpp9RolU8U#PWCdKg(!$Ws#LukPd+m1 zVkrsV!aitCVGn-k;+?t znGiCTu`~E75V3_4L^${B__i+lw7+&KDupm5g3!B7qM%ktaT5{&+BV2J)NOGFY(tP` zEY7FryM961;oV6wU6|f(Q&Q0KT&ND^A8r93-pW`dcT{3Y(fAj$vy$=54lC`lh&{WVhgo*QkuaMN> z^-H}QXKa-DKZ&N%x%KbGYZvJ}6aYYfCfs0o!3XNMSL znZ9-E*FQIM?<0YqI3&`F8#ga%fhP@S8&WQ3ma%I*<3eT_SRvT=>S6xyn3fjud*w1H zu;QS$=h|z+Uo#`WPY;-Z?U_5e$(K9kU z%u2Msffpy!Sj{9OW9y^pn-)(9mhI!*IEr_7qUsdPjXLX|f<3A&O<;v-`_`U&z}j^e!h+uWl&Z z{lfN^(Bt!U&B@707WwYhxG4)jVW7p97H?tL8b`G%{AE7=vp{|F40{<&%1V%)&r^TDiH`CbrVP8B?GBd3+|7JLv^HbJv&%nSi`80zimz_h`bzb(<4cGYAG&O>XZg^Evwffa&b3I5Kut%W1*sfq+d7|9)e<>wguJ5kZm_`p#rV&O(M0!K zW6zl3o~F0%@%{gZuwfwna8vh{=J!WkgjTbLIGMv;&-tUguj%}+FQ7(ZYNM#X;#m=A z{)Ik%)oq+&pX~56e6Q1ch^qrbMcEA_V>5R~Ja~BMmAU%8iiGd~GG^k5H;smXX+j+& zp&vN119SW@LIL{tT*6|W+qS0hb|r;5?jn^p6&O_|;*_#y0ft9Rw*=3 zdEUneOT6Od0J4%1FOi`;^J0A7@#$)&#_@aY>;E!))m zSwR1&bXtx(N-!95S+h0k60e3xsK%Te_uJ9MqsuEn4Ja=_l~`{IeH8rS@*qfnzYw*r zRp@V{2v2Y#>0Ww1%Fl4*>@V7yTG)M>-uZ3XI zgw|e6Uc{*sjyVK&E?A&vlxqvXQI|KmvYfHiUa1yx2p2i{cQ67=7cHr{+^Qf%VABAkB{wv2z!**r(Z_P0I<7=KxNFTgmTPqOj zDr)xP<%2?RCG}+x7ME-k5GXcZN^}m(Mf3Y61^FzbwnQ|9r1b;V)Q%^wckSZe!C$VI zTsmYw!wXReJ-@8KIbVeGdpA<91|mbPX${S=mW_T@hUfu za1kxs`tIr=t&m71WMrG24gD?ILix{W|6gh#)^4K4lW~)L$RINP>DWgu+g=~%K*Wv& z2I+EYQ?Yi@%1l&J>V_ATQq%oNBXGFbM*giXA^0#Hq1~aK3pH==flK!gE|LeWYuZgu!^k-%U`tJ*xu>WO-j52I9DYIL} zU)p{5NH>I6?7niLhkXjd0>2MTH33?z&0-*AJyRCn-@m1C*w*UC!5c> zxww+fJI|XQ$2pR{*UXc8LPX9e(je~AJ~UnceP|Tv*+{SKxgUJ~>K)R4?gi@Cy=4*} zQA{&>ZgEin+fg9h29}<6Ez+5;0nYo&Z~mM5|6lVCQwt9jb=R~B6{nFK;l+unS6Js^ zZE9#3V7VRaUjt(f#V%*YKpfZ}uZg>hPzwi#vZBgLGjnX59kZ6Rm>$jCtYQwjwAtF* z``pyNHlk}}#09-rlRb)>UVM}z=A3-IAu#YRQI>-ji|$!g<}k-F&nxY_cc0{tfPl)l z-S64NemZd#`y3Hke8H`dQPKlHnyPOt-Zdx!KSJShP-`z~@e*}Dgg)I_ZQ00A!Db9u z#XMJUZEdZ|W@Y`GWc1e$lPnu}Hh}Fgw0hK-k)uyk?LTs=9P`VsRVO<;d$rQlKNj0n zm?Gma`E?EK_y69pf31rcUX1?1wrC|U&TClL@N3+z8T3wdn=&>-B7Wx9SLv=>$x~A! z&Kz;q^bFPm3$un7Xf*oqhnX8Br{+)yW`m-rwe^il>y~n9r5P)QWuv^gdHz$gR%+qf zc#qp^<|Gr>;Arhyc`53FmQSI)#LNK~RGzwBWa908#D_rW4y}-g#AE$Q{W@>h!v`T( zSaeebD_l(#QkWU^;t4ew!F`gb)hs)3uWGn1*OS@RrEVo{K)X5UIt4t?w%}hLbf{*L z-hM4}x#1e52XUHt>O7E0g7c5i{dZKFR7vcYvtAM-?Ks(e;NefQC(zmaKzMHq=G%E} z)`H%yoS2>E5T6f<&6V;Wdb+*@fg2((TewI=`1{XQs7z~Z>H z$0`>!ZjOzWS)Qr)q_Y3+uYQ~T@+-;>TYDFmbPWb^#Vu{eR9f+QuM}!pnh2=ks^`N` zk&G>;dHYHI%(sn%b{^ZQ{M|VieQ2|AWb~bBQwNY&kF zFjd($M|_Z$MpMVQOz`>ROcP7jt0RmgzUHe`;{UL3cH!;s(8^EjTmG zAi8Bd<<^sBFm<`hORC{n*JmaK4?{us@Nd@F9~#F7O;wrQdC^6fvUp^p7XNkyOK#!~ z^iAKt59FH2zrbmtTwRum^ly#vzfARseCUxs^@BB$?jL+O zl9WRw*0b5qGZnO4q0bBOxqd7J?ltZIQ!`j__g&wx%Ol0QyiuQ&_2YXd7l-t9URi#)IH-kK#itkZP&S1!WFT4t>;f2pk!$?~zgqeyO7QQPDC<3{Om_mD zXJ51{72D(zZG_{Z6q^A+GPK^3xQ`;6<<+x+(G)8&+1q-i;;r9U<=OVl|4ry4#Bncw z&kPqKNB*yKPagJ)P4I>U$5j`ktKRzK-_7V>T>e|MJkPTrG!4$&Hh3jh;eqwxejbS> zWQV~bc#7++zIAd+!r|(sKVV7_VbC<8XL4g-j$kRqT4b7q_BUc!C8YQqn7C2BjGXya z4(!uNO9T#U_6kDjW66;Y&9hij9wmq_J-phfU!1zwn$2EFaJ?!uaqc^AyL7rL`f77^ zHIF$d&A-8XQv%*xZf$$kd6Cw`FXyujkXZiQq_ODZ_y!6_fu9Z+?^8_MHHx}OjbS9R zr`G$=)Yc578Yc6eRx#Q3>xVREP5E#Z7P*TsJ0mLXe`_JjL+b3Lon)Hw7LD9RLmE-d zrSIRHLY+$*=K)$bC&tdFhB+9t9@b1=xw_f4L*&Jg_lhPgI`ra>mW;I}~~$BPv)E2a93O`;=Y_0EXPu+m|88o8U8E zq6x)1CP?fjYtrNoTijejCSHdGLr}FnyMA7drr31^V!tBWz&V8ZWLoe)?5zK=)VB?0 zF?OdcV_28Q*X6{*!)wU8O}`k4aviE0RiAQD}I&k(Bbo|?ezlBd9Z z#noO;P^_UVY|soG*0KOkLXf;SuOWStZgQN3ShWW|<5Sll<}A%W4_Jguq7usw^&(4- zw3IoSpk7<{GPBqKAObYF^7t5j;`8QI&9>yhSVEx-0x~}wF}7XeUmP%Xynnq654a~! z+Jtj*_M+%(gZAY=rq_Ro-2bUL2#3o1YC%cgDuR?09r058uNln*ocD)sIx*-%*KQz504y!O_k+=}|MF zcP*k8eTNy-#c5CTi*?Wdm92|jQD$dpmpZ!;)1NPH(!?9nqJa5mxIw2#Lf#Zh;+Vtr z;cu*#eCbS9=)6&WxCtJ59IFHbtjz}kF3XqM0zI%-kUMN^!|Q`tqc?_2QU6rw_U$D#xiPG)ZOeL($Qy#CH@2JEm3nG z1i0^Z*vp3*U2*;Aa58V$R!W)-Y=6CWR&x3_eq8~1(VLo&E_d#4nkPL6Isy>P0trA< zEGgMP@w`G_g0qxwej7*y73(-{o%I)32q6mgYitUO6ii;h}ip!_ftIhL_)6(>}dKBo|iI!#Wzr?${Unwsyc)KX)3S?r|QhY9N z{k)i8Wyxe1=O;Fg8j@!7cBN9`H<7*932}{k!%+9(QJHbEpvgcoX+fg8(W}J zk%NP7flTY@k-)4lJNXCRyv z9FGbUBW!zb) z$N&G>{~YOHvIhrTr*#KMYf`vLKjZ~&a%ivNJrn5K`28=3EJ|ywE$ky|JFC3lbZ2fL zUxxWc`LWF_wdLWCbvX?+D;IuQzFu#ami0YPcnAO1<&C$Crk^t8E5V=otffI1_mUs5XsmF20 zd`a*bh>1LU1l|z>J+Ch**+@TXpAT9q&A?0uf%4V^ftREC>!-7$&U9|GxDQ5tskqP! zWCZ#+6|c#nVkM+yT7uWqwBWjavh!mt&TDPwX!HKD%b|cbE=*b*bJ=L~1;pXi+%d8t z&E&k?Z6B#N2FjxV9c9B@`DHDnD_=P}2bw3;Ta=(m>@SB_)zo%EXsYVv{LUUJ-n{n3 zv8GC?zg=XfJnX=k(e)RYsN3>h=uuUNU5MIrRL?b>V8X=web^KX-T*lko5W=ES{EML zgEU$*4ja~wI^u)Y2CuM9G?ZNMIh|oUIuKEn(T0YLOyxIX9i!7)j>mA1tO+nxoyYQEM`BGQepANBjX5-E z-%jAB`P_WpK3^~M$ZSI`F#DjP@n)@0UX_CT+vNmHTKeA&(L~%ns_qB@!hHi!HGbJ( zSy|bpRF#&wAn3X0tihglr%--+;Akbn=e8{#w}hf5$-Knq75vz&#GbD)1#&4;<+*$y zcT|L3ohrD9Ye|cz%go$W(CHf}30Cj24VBZFcKL)2C2H2aN(;ywDE6NT5 zY;zCDPeFYKsZM3^37S8_lqP&>E|Q6d2kokH)9x-FLRo#e_Vz8coVkJL3$9Xhhnu+1 zXqOT*KoaEpi>}#B$$B!n`QzV_r(rU%Z}KwjE&=<~T6p4K)A*%L*C(S(oAiZ^*TD_x z;O{rz`o>lzv`Q{4HD%`uUWmE*wZcdyuBEViV6{I&>^S4}er^ZzjbB?nc-;o>_1TrV z!{tps{QJ(9=~bqTY{$7sXbDSohDnqMXf^#1q{kQt@b-WON^eQ>flWBY1uBW4^v+?| ztA6)IQbne>)!fD(3%?a*fzIC@p4v>C^1Arut<@<9mmJBsm9TI4`FZrURMSGnvi5P- zP)Y-%vxKIelm`5I77aUiv)8!jiIGv^cd|Fh-#Eajw$S76(CSyr&rpM{mLu0>5{08n zHl{cQP~}f%av=&G>j~>apYzYssxh+k+U+{hMX^C^`PSLp^dbl@m zZaY`To2SCOLoAL-SV|r1Ca5rLlFO9~=4d}Wo$hJz-00mF-RU{8*XwC^f7jd3B0$mP zvPdq_(frtJYhs4Fr${YBaq@Fv0XE&bpxN&w-8dB57y(B$o$h={hs6w!p16-e5K zB;0QFgPF8%w4u2__c-PgO?l7mjBsx}gLrQp1&}=Ubrm+{)#?^=2R)&vWYqrNYIC~U zKUZp^N>n7OylL-;$-97;rjIKyqHG#=s(x=q8y_@|Jvhg=UHNRkA13wr4>wB+iwIZt z_D}vm-yP~!@4fG<3}}6liZeWdB1Sda?Ajbt%6BnD(JM9{W2qYOW-Ww4)lolB<-2A- zq(SqfU*dggI931PA7rx-5<)l_Qe)~A>xE_&5T?6dQI;{r!6mB~bwtsqCYjt3(pHOW z`QdD9LDFmQkAk+TZkB^h_}HIl(KP#sfR_sP>u=J?#L0C@heLD7mwQg5+^)!v_fedJ z+@dUT4Yd8#JDYuRc5b}_l_}h@o= z#n*vW7fRlJi`!>CI@*$Ka_WS%2fY#F+nC0Rr(9XS%ADeqF$GX(FT8^Z7-&4UA!lLI zvc{cpFSf*86L!@ImRacppY$GbHKkKWp=AJl+&gXPYy72Kue@!1>8_ z5<=^#3Pmm14$M6_Yz9V&6WS@|^KtAh+K5rkv4{pa%tvdboDk)v-@5T8!ixg#y=MP@6lcQB` z3sc+`-65M1EFMiYff?gP@2;GTCxV}nOFO%hZRW2#o4mL=445mK&R;Z@vXN{bn{$L} zT|MEGZLi80L;*WoM?{^)4f#hLOXGSsY?fG{pw|qQ+;%CSvv^s6sCDxcALLn{+nQ}5 zdLseo&c7ASUWr7#QC765B`qyWQR=0b?;k2qica|28>j&>c$4Tz-aTHc6o|C(lUn@4 zt$fRfRhx`kF{Z5`UXjOQT2fWJ-Vd=@Ovn;B6-bS>!E7v~7YYf(*1p`q{Yp9i5Ja+|1 z^oQc!^pZ?!)4ItrLbV|{In7`xG2{^+1W zf_vt{r)zG_bv&#Kpv-B3f;O@F_qiz5CoD_(`p;2;!Rr~0Xe2GX#eh}8e_F(q@q8aVxoGd; zSvRVusMJe+_nf=c75#bd{Cr=l)+2x2Zh{+m4&vY&QG>tBISCZD%vemF$apDKLh8rl zx-{YTv$?y(L6DrK+=78TwV$e=IgN2k$GtJ+3%Oq*9|(kU{$=6B4giBRX3jjQ_vamZ ztlG3`_|3AZ92_}fL668?7UC|Ng9AUk7hDmwc2ij>0r#<76b~OF^?KG|wWE>u^nOoK z6AW{dHYw8+pP#llUbq1)LBZydS3w&S)JV-ke4w8(qXi46J+Vf=3DGjR^Qnc%OBTi@ zZd8P$fC_`@F*3XTrK3h4o^xjC6ur?!cOZX5X-4`odURfEgw-nmM>)dKfBeo37aKxc z1fMjuFd-f&oSrjX9j!*oZ+pz(LWvXWIm^}JW+pOVg(?@S=?-M<@?+P_zs?b7c#4X% z9$kZFkf{uOX>AR-7w|}$fm&jWGq{)HPI@fUML z`fX3QGaqi`np|)#Va=bJuf- zt5@J`9*Yp7Q{Gjgb9t0=)60TJnHwk$<*^=rur4(S#esTBvD)q)i{1KH{CCcH$_o?4R1OYM=C@OX0ezU%6u*jT{| zYoB@JU{-eGg9wY&y;GC;P+}wHJ4@ja!WZp6sO-s+#|-(#f}tGmV;wJ&j)rj|WYg2t zi#0NSS#=O}g;(Dua6kI!oBMjkDAT#`3)h2KmQ}s{h}y2>)ZX<&j8>i$lV+}j{fRvD z^lISMf`yq`hh>M$);KvbteQJ|xW(=8t6A@DV}F9p)mMw5F1?eVr&+>wWTV({f*k7| zE|`p79|d$hNWp`gKBf5bVnW1k&Pw==w%HIHl&gQNe{K4Nh$$lEqR*?IM{o4KvdF;a zqZ|uqCcOmqiPsG+TuLk&V$Z+nyhohQV;kZ+&&_~B*?I-K66K1nQPSr<8i$-j&f$sm zc7>)*&u^?SW>cRDHD7tkh)zV2vgnVUDdZmmrU~n}llzQ9VM~#Qr^iAdvN+Y@qq=T& z*+Z)7Yg2xm)Ci23!MOQwqBJ8T#qS7O`d-OHj+@Wep0dmN;B$@q)1vw!6Rp}?qJypD z@*o!QhOp-B@iRESKZlCO=+7^0@cYf3k!IxySr35CXDs%cts;xC7R|K<*p=j(Yv0ak zmZyL#?JKiA?m&&BPxWKGTk>{ZmBL%0uo;-3X8#@U8$ghDh6wo1cJjKXdOkAFk-S=K zMkG-zG{Qe#s40f?J^V5p)RE_CSRKimAz&=s@PdWBDWmY|*22D$P3kmOd#rFCH}7V2 zh51fX;{V`4TDt6!D3dqYCAo5HKBrf^l2aKle^~!{dH8{xu~gI40PRW14S3s6H~1MF zosbjf){mh=!ja%ZCN6b||QRIB&9f9XUHqpsM{B+@Y1bQXvVn3Vh_B#)D zcj>LVx-iS*-AY3{Z&7LK>2%L}i09jU#pjr0-#7=?ncx(D4OBQ6R7B!HDFZ#DwJk?U zY%;-~B$i%!Ih3piI1K9UIwZZhy3dwga66^)9Ya=-iAolzIUKRs=7P%^Xh=wN5n49j zjMPqKVWA^1`qXh6@bp`rl)rBCp2Ki}<|y&Rhrl5p18KS|=_c2E5z*8+YzqoEYI{+8 zc`w9KRoo~6k&FjQ*v6MBS|oge@FF#+I@QJ zZGqy&i|xkWYiU%Is6R!KG!{NuINvklVlUD50_^DSXW4zSrt>nqEO0naeEeG)Ht5{& zOwb@su&+zh?@kDDd3}%Fw9CA@rP;U(%?AR)zV -f^p5QoE&ikKahQ4P;;ngqTSY_)FfeFHYZW)YS4Mh$l!? zWbXC&Uc&OkRb$J8N-GCGsWX z%hMse>CeXrPnTa@#9kHx-6E)PhEuz#HWxZrD~uZ_X2YtxeqmFc)%m-{O~hUA{#1&d z4FVpkUyZ*?h(#GtQrxXLu)95mPFI0DInD*EZc)%HVFG-M@u1s?W%BlFD4J9 z*GE;$2NGf~bBz2$p`7wDcgQMr(tVORcNJHfxvt;s3RrXwS>q`f4G95>o|N!BmZo4S zOTDJIYObi1wQWmQRZ~;%ZgIMWVved`++!k*R?7&s_9#~w3$L+<8>ro}laS#Q-Ltqs z%QhMU0_+zg#he$M+G+!+PsZC-?p#^i<^aihqbM3#_uruAwhJZS=4;n*SzNq$FGQDF zk8Q;qdp-t$GEvUuG&zaR+`3{=;7DWP5?-zjUdGZ1av@3b*K<|wlY^{#Phuwac@3=AoKzt&3d7&~$1FKi`b@ALh` zIl9E0{>mK-~loxYw1ktQ=e$AaQ|GiRB7Ob@ueZX=H z51FchN@howbJR=R9vSXu=J)$psysTG)~XAwb)`zs`bZe)=raAW?{0$?^2@E(z5Ynm z=!c;h;4PBn`^~TVyKU5$X!`Nm>#pu&q&YSivJBp!S;3fTmfMa4cMj5&PPFyqCpS%* zyQn#RZJXP$2&=J$jwo?#S4)CFV(U-8hgd5#y6Nkg@k$UyVN(Ydmn`ibc|=B1jUN2w zT*<5Y3bf{Fj^=l{*R0C7(>&?V39hjm1#GK;pig^Ygy*}nHVsnRUh4Edfxn2nD9GPOcr<9_X>LDY zh&$U6vFi}wII8JLa1rPi)Pfo<>kLvQ2OC5Li-rdV(#w=0cXCYB1FFR1+Gr6d$JLm4h` z{Kh-F>J=eG4Ql@D87yvW?2KT$(dRRve7NM}Z4J0Vzr9UH*Rp5Kd+zf7z?Z$9gra?| zMstlJonrp z>l6Ef1rm6gU?=!MmNYirwtAFD2SV$}3*-QH7cir{I%cjv&G-Y*3w9{74qAqvpm}fv ztpNx4172{$`Hsq85$rw1%Z@X*d+3L9&?c~PoE08v&-h7j0T1}2E$9eY%9w#6`bJ$$ z7B^&gA;{ z9vm}zl)>;P|I@$LPV?stCSdb0CHfT*xCMmL4Oz+OoBsnK#FAU+-I$4 z(waM%)QJ}sHVI~h=;6?}m4h;CmI)3Z8Hpa3Gn=tBSumvV(zYHE&In-B?O1?H|| z0>*{XTEAhl8L2$Nz_@xyK(Ol0t_A`Z2+#FWVm}aWI9kG`70@3Dfq2=vHEWE)h7=bY zQBRySDI7d-z?c%_f_`AQLz*jaH+kw*ISYrwi1PAKq(>i)R#t_*dv=?km@{u)s8n9X z<}G2?v(JY5x;hbA+#Rq{gg&x-q%q`H3Ag8$ED6Vj^L;WTV5q(_+N+OLhtjeU2G5jf z)5E8C5jrtS_rV8>xL>~*Mvp!roVAlOyDxkPF{_*t+3Es6tX@szErdV#10ska{QT$C z4GR9WlY+k=1d{5Z7=sjI2rs@Eg1VRB4^j>x$X?bCjv#n~#)z=%DkB92H6VQJTM-U$ z+n`QX$|ynz3@ILBf(5+o*uLGIwwj|y4QE2H1wK$d!%IrSzCC-x%vrO|kgE_N$3+{3 zGGrJ#iVa~z+EE3W%14a~$EBE2He<$(Ga-9Y!f$v_WK=+ozl`m2>O)h;Yqa$oeXsJUdbNXQN~Dd8M(1n&5OFVe>< zz9u;-+@Vl=2ya)Vq~hwdim9B8H_hpuUAsfAU|;myVg=KV8n1WL_(lpY40w2;pJ;~w zS6A&=8KZ^|9Xu#_Czzl`KpxWgszgiB5j1jBE435FXZ12RFI+euo}D{ayMJWhE1Q*XSkm*abno4M~2{ylCm=Ox83L#rGODNVd5kUG=aNGQ>It|1zKaEE_4YhZd1MT zkt3xfJ8JJogUOr~avlk^@%RqLF-|dx?Co!V%Wwn&Y4?DP;)4o^&0Dy@6bnukiul>N zbCkE=@LVd`pa*!0aUYY>MIfL|4m9J3#x|^57mXw-M&=&lW7ODjf>V7qUX$(XTYM~iL?ZMW9N3o%IW z!V8Pdv3hp)ER(xSmwsfy)N7K}tQ3QD<{yIyT||1d#=~P|&^*R9&O{#>ZDnO8VTJyvZ_k*XI9v^FYX5W_FLaH{c%Bb(XXhl;eoR75ORO-?%i^rs>8y?i$k3p zO*5cnNK93``-KniG(z-AfP!6LqehQ5ekc_!Aj@%JnGc*ScW`Ovq=Gn%oq#lkDLh8d ziNGYssL^AD!)PGjXrbc>0^tyJFX(R0A5I^#YVxFs3jQ1x4_%X7E{||)e0@b%Q>Vs9 z+@R6%qL&IiibtTDKn1w$(4kYP)%bSq*r5Q!4r09O=93z?C zhsZK$dTRyFc5RsRtn`Xx0R2HL>(*}2{N4*MJpY{a4Ue+3k)4L{$e@7(1F-O@;(H2M z0XO}O6n=0b2%rs;-X}0hpR8K47&2Ni{Q9*Ul8qxIvk%*jNwd8KFm%zce?JRWELbp4 z!P6}YQXEyVhy{d8l69R;KA|_ugac^foaPvLfR04=u$V*tW5$d!`ugcl|1o@Db`6e3 zaq$p?Wz*)Z;b?VDm@;LOWWaHQjh&Z6MfW_uNibl^3(tq|y#1C17_c=7Zf+7hEbv^> zeU*ZI@F}o>gLA@9r51U>KRZERd3lNHEdo~<^(-K5R=;Oe?t9<;w%KjilRTbPEqzU} z4Sr-X=}2XjIWW&HdBOM#JuzDJbF}J+C_)QRGBU8^aQvZT9H>gs9yEr2=+vpRY^UR9 zV_i5eN2nup_^cK1vUh9V+&=P^GTB?E1+@6~wt9R$4zd1ENmt|NV9PRBS0xj`bzk9w zd8`rtBWnowLyOD{yg_~D9^S$x*s^Jp1k*e&eI35t7awhzyUcfVtx#D1jqF0Q%(4yR542LC>l9$-W((HtrgqC ztXVTebdl(R4`Rj0hM`f`MD&Uj`Nx@&nSKj8k{Q(O_UW319KtVi0Y4( zKn1t!wDK`;!2&bl5VnjB;|N8A(OxEDg8)D|5l|SZzyX2>ClJORIB<|){!~J=PZ%v0a-jZF*Qh z_LsnrGGgm;2qh(~>ISW32hBy0GZKRaEUJoZg7{b~-ZFki#d1P(c==_Rw|!W&=&n|P zr9j61akzKCbKr^3y5n_nB6o!H(W5Mai4wx;L^5V>iqSwH&2A4>S`ut+O7#}J;b z0U@LjlB^OpXv;AIn7O;U-m{wX;N|4B4bD0nUf0xE!|>6DTQ5=0Sas%FQI z?GlI+V=zEAiRe7&v6c|jjRiyY?dvFdZ4_M&(eDpM^BqE?3{DiqWo^BJcZt$tjKBEO zOD6b_$*3oiiqNFY^cgdZrl60Z;?Xfu608nm*x>l1xVKkSn1M5Y(W0=i|M|>QpU6`bx0V|Bm4F`B))q;Qvt0=$#p5W_(E+QHob#?Vd z_pJOvr*Wn5a;R57L~9A;aeVD-uLRyVf&omwH*epwdAFSyB21J8+xfro)?4Pxpzx4W z%q?SvH!uK+W)G6%QC>bO^yt;Yf`td9U@_#r@zysKOgLcpV21>>)2U;7tha_CCPy~Oxn|W2XP>|%XI6f2il2(_1DT71i`-|`<>$Zn zb@;ly4<@d(BjeE-1=26CzWRz87&vBczx^#U(Ac&0!ykOl_>srjhDnYiiw|kODNKL} zT1CnCmjQ$B!ysoa%SuZ$Z)XjEtSUC#)ryXU7WxOdLBIhS{My&w5Dc{e9>QVA0mPsm zQ9e?})i?{XU=R~b^58KzpCVzn@{{F~g^d=3v;fN+Z-h0gSDPU_S~?CR96rFnx-GfI zJ44t3fFpwAJzNet0Sssty6mrjV`t%!N9#t6EK|T~arp3~PZa2o0WWxX7Y#bQoA?ex z4r6DqbPBX{N6u@5y(dJ0M9m4~V6`58cvDeUi4AjZ7(W3#^dpYR!o|-iU?8JU&LVPj zNbx|US9Vn~W>%R9;=l3DZ(1F5mSi}igOJHMxEOWlGGx;{8H?1JE4_{pi$Pf`BmLG* zJ?|{|F-j?ilY{ZeY6&}%hDZmJPG1E2Xye=8`;HmDLq)eZ8ZJ-R0l*wq%JKW24DI8` zwM$PlG*EPp!H%;F|4meoig)+$m=1x!7hZVI?1kmh5g4)4#H;9gcHk_LQ#nvO3zsin zY4}|rqY-}DCVhla3f{~E&|jPg78sy;_~4vunGqV}!UgjUF7n}#%1ZINV8XCx&XFm_ z#e;23z{|qKVCCZ+;y^6Z&ViR+S`yZ*U1y6c)xsV0jE+Zs50W!Z@UXJ-i1F6^d2_|z zUBbF`8zrY2&CaUVoP)=&=}}B{9)S$(G{yi8B6H);%SyAua7e$V_aGscUU~UN%VXEj zNYUTRFTH3xOn?<#ylcDjY@(nr7Vgx!B+Xi`s&BHvh(v4G%tw%r_JP`O` zOvsyR$uVRba^R?Thn6YmXbU;FSPhMIjQodJ&#R5s-+aRsPH=?5IYC_<4Hi>gdgT@4 zVdNV0h)gCZ2EC&9(Axy9$BHk}A2??O0pVL#D&fH!f*YEhJAb|f?AESXZT8m!>Bz$h zq%Tl;oXmTYC7nCA*9xU}4M@f^e*`nYJGkAodyg$%L7&Jh*#gY~IcLC1pp-es#=WXCOJuuMRaIJ_ zjQ_@s>o!-@<=oy=kaXs=&zcO|zi)p)Cebbn5G?i>FA4YEBu81jhVH@ZPyYUA##?94 zoHhLcp4kb^yS$)(e2PhOwArojs_cv1yLMafUF^@E;`s67EJ#fN zj-3bnMO*CH86~+(;0m3DocZ2&-!{1dEf9=D|KsCu%_9Id$Bmh}mab$q{(C?Cu57UF zb`6fO@sS4vRoSTn9Iw9iqV1Ao5r-fN^f_*PdDyaXOPD6T0!>4&@B{fQ2oQAn(I5Q2 z;U5}@9tosjFE9W2W2*!2VjGjj91$QQsL77X@BiqBW?$4FuL}e#&|S#tA(Dm24&)2^ z37ZLj2RYrXTlett*S=;BKTbUM6#+N&>1(gQB)wB_I{D3SeIqP=?*onbLiqmg{mASF z7JOnbWVp>OyoTID!J{kL0l>~EY(ZoYyOn0lm~Ot@u3dXf7GskUAVWVANXFk|F@|>D z(T*qHGgBwHu}?Udk0*W5V(t!rFEjwapqLO0I-*!yKWd;DW(WbIC=e?~DJ$|QGaLbk z5aI7_!Ndqw1ONsi2xdFU5D^JwPA7Sp{LjQS{V@iHYiQpnQqupe#5TC*z<#2W3${v`t+O`Y@%SadHiOL>Qyv z5VxU1xU|V54)hI9`f9wCe-tibA3VR-sJ1(bnXj3_)3>OvMYMjd$S14w2voM);K1RC zF;;sVK=81o1|i8dI|MW<&oDR+6)V^n+C6&oG=+zFgvse*6ujkoN zCc}ga0s@SUZO^Rs1VvB@0CeecRV!zIA%$KdBeFo_EmY*XP^$@ra^@9%-CHOlwrRUR zX{S%cM*ym-;+FPl(+b1i{7qr_=l?uzWj}T-=JUt^j|1=s!HE;B3Km-XJ$e*M2=|t= zQ()<1$No1GJ~Fzc1erqwG;}p=*l-gvzxw$v!gs#^JyX&+w+J+tyikD|6gk_Dz!7-F zP=JQFY1I%#F=5iAut`dd{4xnk4C1ccx|p%LYv&%riKK%Z_#H+Y&;kzZbtxQoCJ7+W zE|GtfG+V6@e(i)q9;3K>_q2rK-zwNtCSw2|>Jz^G?YQ;7p`lQ;S|}r#F~>(HItj;{ zHx~-$g;Fqug0oPDexcfrc)E3~w`h=6^P!^8A1VN#=iW5G2|iIt9<65D z>b0Wd82!*Q!WcZpL(f{P9%VSAV8GjDtvvV98OQcuM#;iw&=`UYr;75tF9QVtP2otG zgQ;jUashrt5m*2%6Gdh|=(}Hky;M}j2mBBBb6gUo=Hyh6F`*0ypK5>aSYHKB3%hLt?#lJVY=B0%91 zTmU}!8y?%cXRq@0IECaTbqSy-UT;bV7vyLuEeduJOb52P8Wsgs@3LLkB86WIDl0E3+m(Ww$Gi550!rxZA0m4&UAtY9JM$Bi3fvL1TC z*u@E8wU9Z*`9VgroqDj~TeW(vtwgf3fR#uLLEy!CrA?fD^p>P~*uG<@DR7)LaL(%B zk{6yc!+N)jYuhQHJbMwX=8z!mA#J(Eh+(CfddPj8p3$R6$w1e8RAf^?2dr{H>o}Fr z?q0RW{9|Auf1wZN8oKEw-3P8Qaxl`_D%+`Z7d<+%Ibf{T)>Io_S;hG9gQYUSE|`8} zXBW>@;?&X?h8grFO{bt?N8ztgjuUtpWU?OF1>Vky&sdEn@U&X1OgNI|2_UIo1YRCu1#TgyON-(=42neww1sRSkg3pTj#Yb-j2q*9o z`2-EvrNDu1!?-4x2%g#QitdD_*ztrTLI4)y8r}7bURFy0fVNmg#<>I*>=!yej$XW0#d6Usag=v=#QgV8fPPH<|mk=SAnuAnXC zFaaK%$BCjH0)z)etE?$ZA3Nh{;vc3LRGH<429=jKI?AT@a=dlW8 z8mr0BFMPd1vI|;8PO#6y(c_op#GW~=cPEI( z2^b6!E(j()l zYO0Tg!5SN@$ooVK>{?<>$P5Ar@M?wNB4E-*cwtQ72uJje;D#4jjb)yZfxwUBj9z6I z32?A;jXLl#yZ|oYIRcmcrT2N1g51jYk21ADz$c zWyZz(EC|YS#$xHj2j(8fCPU7`k)TZJvJS*hkS-UvE!hnF_MS-jGqph>_rY>OK%hI&`02$ zU2|N6i!Rc8z<`c}?`*+VIt3jE?E6J;*euW|fn97mc55C!RAu}F&+k!xBg9j^wJ1s8 ziCxVE(g^@DFT-W?6PUn;!#^X)!^@eu-XI+FULOLb1P7R7bS3(3g7hHs&LZv#*_anE zT{PJak29{fzV)Up3PZEZDfHVKf6f@Im476%#rtuGA9TjiP8}h~KKDT*ba1obw!Ijk zyBL!RzA1%Y*jq?Qdhjk=Ge9rPIW6z$p5|w|@v=lGaa_}bJkO_&-?ZRkO-svryY%6(sd-wldoP>jTW&0r)X6_R-mj0r`^bRR?1}d?oVjw-#)Lq{;fBF+ z1TcnJm4Tsf))1;ri~`7D@-51g;n^RUhB5W+TVxIp0^1Bp;fxiR?rN7Z2mqe>!GLA8 z3S$Ffjy`ad5DwrO=LsdES7U?$y>xC@BjHdcK~B&luJo&lgmsYOjN8)1&r;$t)U*>? z@=SEcT*;W$f{5%g847WgTZ_?BD6tOd8oq>~p6@OS60&-8fMPQuTQMxp<;PWV$tB_D zvYv(O70zosohAG*-Z97#Y%o4bg9tM84&E3m_+h-@3xSDp0Vv8N#BlTxau@^Pg!yC( zA%Y%f7^47Z1)<0mcUIGgaI=*Pp+{fz!5o51BIg*W1P3sJ!C{AI?uULoyQ}T3G7@HM z9C25KiU`+n#{=U8XR;wA6y*pPL_A1u*r6c`rnuXJIwBFnFL|s)J1@^3kGGtbI<*I2`QpF`oqa75Mt);0?=8AqA@7)h)#ZxF0lo!efBcSSVrN&%iPQy3fe%olAxdk^qe<&5;#Ia!9 z&kF2C^`hlKse!wv=6FPfU?-LQctTr%SWY|Rk9k8nozQ;+X9L9VXt+1ZFc-`u=T8Lg?w*)fd@S(#pp0&$E zI{~0i@{q6a2SzPU2z&_tW7tJn)brdJ_>v8*Mq+#tG(e6p9!;LjAC55P;7P8@XH4K4 z`k{T7$BdWx;EZmB4v`VeE4v8@D3*>Wv%nXtSFC(8Uf&f_K=8Z0oXDQY6XYfDFt}*r zgs%v!uqvP82f7B|IL+`Ouo5hQb_wj#4~_y3D0snf1#TP_=uBxnG0x) zc9<{t3`eWDILc4*xTc=-hykrXh9BX8Knb)8uY&{Z1n-A2Fu%+*@PIdty1IIUm$KLZ zESTW1Z~&VA(a$$a~}lG6-H{43Q^efZ2H& ze1SJ`PFds&?Xc^Jl~UjXzwCS<*o%`u9dN~X;A3c-bbbYEAkUrb6idv!4#av(PPKh7@=|6plx^#$BcOg7t~|!z&G|5vV%UM5AaX$ zrL$~@zCEHG1qSRMcnmr~wt#zh9DTs!B*+Hd??F%(I-nn~$Ct>ki>XI_R*{)2-~$f$ z0vr(lU<}9+%7H8JK_0w{JU}kcH!`bt@19yHknMa~MxDmX<5WCuiG4-iEF=vYELu<= ze1cxV#=%ZvJlMdrPkDBRV8cV})CDGjVfFQKm7ZV`0oDG>XFixic$hIk8}I=0<$8&E zqK%!~x0{S*S7=FTsmUH}Z00{ZhpI;qfyXm=+MVe!F+HfG7;9uks2X+ww4YwI+ z6aHXsm;>}C_Z-Y4v_l!@?MWZ#Z*Y5EUozvmi)=HF-$($!dj10cfK*pnpSN4uN{=Vi zZrbM4yaxQU+E$Li3Gum5K{yg2Mo2*+L|}0|Sg}eE#!Ef$!0Ic;6vy4WdhwiuR(lyM zJhMk5+|w>h3DHx>`V&*o55gX$1fzFUB$-uLjyuZl-noMWC@-kuMJ_*6Dh5>y$WZ2S z4h8XoWQPRI~Fk_+Xsi2D~v=syf|q2Df%7 z9h@TUD2EUSCmi6DXfXd+!6hA`VD0Lf{tO(IrHr+&^7IWZQJBmbZGgj`-SiBvb`yk9 ztKU2Nu^T1Mr<%up$$JP~^%=9$>!!kFG8Z89`=TYS#$S~|qPmqMfCj4l?IEVL&xBszRt^lMA60Pob_T!jS)Clf$;fLf;x%3 zV&ew~f?Wk7uRu#WC=Xu&Cyy(5Syv$G{bwCVS}(me0QBckX+95LK0T*-X*=n4TE4k- z%8vLr|iXGK@By zLFmO~g~kkxb5P#oGI`=X499Ag>R75nSq#aT=`QloPr$a9@7<)qZUvSY&A927Bpgoh66rDFBl#q2TaBaAEW~ZxFOGV z3qg}2J)Qs=AP=*hT5FM)tUYih95a5}p#m^CE-X!TI3r6qgHOr>GYu0&faj^lBTeS0 z=pG}T6&9SX-oj&R4%&CxO|Pk&-lx~O?Y5McTlP`+hF6W%@zWe^X*veQ5d_ezhn~+DaSp`iV0Uz*k05iJ;2qh!!kQ& zeSGu1Jq15? z(tYWOGN#P>H(9NAsB3enGc-wnhC&XfrD+D8X1S+-qh)wU`VQWr|2T#WU5myY4q)|w z5#z!J#~x)Nj=)HN1$x;5kcw#(aH*@_8K zh;ogIOeALbDJDmfFbZ>(<;@;HH$JS&VrS&pnRx4J{ z&lwz$==DKh_L_3Kw_-pLGc1i;7b3uKS-Iy-#n^@vwuBOfyzhX?H=YOkqL+9uUeEJu z&K#Z|?|?a8@m6H;qY^Pe87O;<6O=gu&MQ0Kyp7mq#9O90&&txMjf+$j_WDM9>W4a6 zyf}cl=_+I8GWm`tXbeRS&2czA+YN)u>CfTFww3AUmK2M9!`=H=0~kIiRf1zY(-xrw zXPRf-SsT_7S#kV+Yv)Xw_l2>U8WmpF+v48oB)#@A`IytQx8distf!@I`88+S$-Vdb z5Jt?kBH2FepK0&qH;* zzn1dSaq{Ud-jbiKC!koR#&Cg$a5|Nl?aMAQe=IeJUZ{s*M(_-yg}yL)nq-1%W#);h zyfcJVLx<^sF=|^oGwQH4ho47{m3IX38QOF{fite!$6#$Ecr*rI znS-%(o8>Pn6ARk79%@f{*1iFxtN5Q9*|BCDv{o(4I!WtUpK60$Lncp1NZN3mW@=~K zZVr!LzP0%Fc60lDRDJI!t?zB*!bV$Z`Lyk{ewv}{ zbyUUZ#bNe)&Ne>I`dNP@>Vj2Cf3J-tMdW4i?s)Mw8E&=hv30KMtRl&F#<9V`l6}*M<|vYdU_<^K&MT>Q+k?AH-*- zk(g_!@ch^ZnAiAq1Dwbr>{lOy!*1QEjMp)I(4`Jfi#HLMUXQeV*RR^<*n!*>4(^^~EuRI2ftq{Ur z>ca)cBb?0N&={Pl=-#7!zadbX>DKYb*{_=^`k9j*3oX#nBk0T{q25w!L5a<_&~IxS zdI&e(rsK>Z^K;s;r+J+;FLV8f@#m@0LQ)D7#r*#B2Dw`3vXxm64>K1x!0Kr9*?`8c=eskBkb@SbOUCtb-97yxh^jI?fP3xuU`L3Vd zDq6nY9!mRMy!udU4<$IZ$Y`C-k>WJ1Z7t|eE)AvW5${gdxwR?znUAN8C*VrqZ5^&Y z^Jwx^O!4ZF_&HB;LF;(Vmz$gRux#+QIdi1_$CQYXe0g5S%RTAy=WRc(!ar%K+S=1D z)ixyj?qPs!U03x8z?bQW0`2jH;N!yIOIy8pD=vpC1kSn7-jJ3G{F{7jyn1@SQu7e0T(oPTG3Rv&W8eFUL9e@G`u)mhIAQN5lZA>Y{C*y})Az zDJlLOZ;r1N$GLf4rnP4t|KL+XzsVzxwRMKVtu5g=#fO*6*9PU% ze7{cXd%ZM|G=Fw5H$AP}Twa<^dGEvPrupRgy?+YG=m%pq> zYvm-U=pY>N>@SaBapdA5y|)7Tlj4;$zrTFrw%)+b^WR?bt9x!O4xiKrdBlZz=$M%Y z+I8GJeyuNXn}>$UbNcjpRz6Ah`zLj#AMdlJHUXJ;Xkc^X!q!r~&zi^FQ*B`x*uZCSfK_8AGrs^n`o9e0|aUQ?O-r)}%DcHUYVKY0w97qCLNz}?*O zMb3S5Fpv(s5zHngiqobH9W9N)3Owc?zN*sPBQ4D}mCj9b*Ui=aT}f{X0Q|1ZbY`45 zs+Vux)^lo+QQ>40oaAS?Iu$=w%FB?i!^+2u$mmD{<+)(a*IrYe1iTej1J+(N+Ih3R zy?{i|OFtkyGQyCTgs1|&E1#;l*FeURFW-{GB`M8;a*}A@`|z_1h}2m1Ys%1@kJ0OJ zzM?j7>DgT#Avc(4+ln^9M^z4Q!`h2CATyJx1nP3HOJ0H!k9^~?%CW4K&%u2%PnkwC zeRCJ<^1LEAk1uRgGJSht&KWo|gUK^Ciez?X05W~%nUgqH(U=r_d_iQ!*r$EE(eK7> zz2ryFx4VGP*2$Eyg2^9VPIN^y%n^s0pV3(Z+(_F7@IyR~f_0#+!pj%Z}{< zXQa8zxEV9gWHW-8Y1grt*eiViOG~&(>o>Je9Xhw_nYqi3B*IQ6g{;GPx^^q#v74Sv zi&+5HbkIIO0$z>_gHc7|3#c;lse8(Kp10t2(tDnPMV@2>V3~Rbt*#9|Rd7f=J#8yq z(`qbl{i?3x!`sLVDuZroNm;BqyquqN^QcFj*X7<1 z9~bv&z1(|~77q^7n|P>R+E3a(&q`muLEwnFruxHt>|MkeqKKDC=d7u&I=3>652}l| zO=U?)bqU1uKpznh8ngpBDdA;u635b7qKvMoXZ>WZ`4s9i3as;@PL7uFX9Y5Ua?9~9 zk?ZNZX)fDNls^s!jbw4GtF+Gy6c3~s9Lk`1^fGVg=3p$I z$9;Nj9gvvk$gM|_eEdzijV0-ay7}r;)`*BXU_jg^^;&A*3hNKfKkp04(nqEp!(#?# zUY4`B&zZwu<$`<4Q$J=YsmbmDH$a%HpHqIO89#hH+?PI4>ayZTQ~;5gxz9{KMRY_maXD)#RyJnDF)~;2D?@sD zop>9W%KM(M@o0@NCD?_4F(e>Fz>9PEoQg9r?He=Fw_u<={qghuy>0IKkw+SR^Fk(G?nXVF zHTvMKxTIB7Y`1T8^C=`g$KicZzgC|Vpb4#QRE+UxLQ8s2_N z8S-!HQzm@&gm3;*hWVl&hm&>%jD4G%Px;t*GUMi&I#Ga1psFnGdO9%pHD&l@44+Hl zQ#*t785Qrt&p4l~GVnqb-lWX;()nZ)-+kt7vKRFo6`gfANd@}dK?z+9Y(If zJNH~WZ2@z>xv=trnS92Rl_#RJw2g=4iN?X5B_sN^O9iC3YE4ZcIk3U{+pLOH2PkZ+4wa?t0*Bkd~6Iy3H zxxb@Ft0hN{*qiQ|FXoCe9GsCuJ9g|0C3-9Ny7e3E+vUUbX`)m56w#qWhqIq+tE;OI zzkcUEqp!Yw`s$m)t87mAf7yGmB;l6eXW2` zPQ5Fd>MgwT3B=_qR)s;L8*smO-+uc%5_EJ|E8I6_Jku94iBH;r5%B19;PcWPA5)ik zGG5U&@-y;Al>e5mIi+p*jrrsAluj4kK4}D(zy@59@O zu*SfCghyYQklbX|(8jKQ)~;P|Z=L6Jc*~csGFqi9{IzY{4&$L6`fM#UT`j$1b0J>l z(_hTv;mRs~R&GhBgT*EK9<+%59XbkK(?&G+l z&Ea@-oH*{lD>$PK%JV~~P#!#bIX;EP7i;(&8fi{X%)5OqPqc^w#<5v+jLt^>{qmRZ z*xd5z!0p?2NM>v^dBGe0d9(V86{`$)Ws(c~4;(aHLvLO5z2#M_*4SqU`7V5C!MH|q z1pVK>eJlLqKmEdR&C5^Mt=nMoiBB-n?nfVe62KR>0At&;cb|RQkp7tGed0Of9G|DW zCWqO_ZsQdmQe36@%8RQ^dB>H@M&$f0eZrEj86X>|OE3UF%SWTsN5Aq_7e1Rv9pJ(~ z2FJibKolLrkAt?DXPw@ zL0#yF&jl`h@4ZkuVuXF-6&Mt=u`oB@@bpH3;^uad~evWF&va$#D3+|zqFP9n5X#JV10sK1KGd-fXxdsefRFY57;qj zz4Y3E{Vn>#eDakV4(6DnEdXF>_}%#|2<8%XHO>6`@GqWya`% z+4C`s-JxLp(zrCDeW!)_!IjEDzm}&Vo}a~r;}s9jHNA`H|rB0@e@~T zSFg6ugkadMS+&Z(*;#$`s2OYhG={Az%eQE|cP|JvN+%6Ch^`_u*GquBxa4{JM)A=j z)q*KHlNh>upLW%%wf4qrU^{r|kbN5%#k5%lLQPFg7+PFx0_(cAKDU#D2L85e-eg82 zZ`%HF=~5GP2qM0b3O>N=&K*0<$;Gf(E4cYyDc`f-ym6y_Di3D_(Z6T+?yzO!Cczv( zfwMulBtX(z_+F>6bwor~t2fbyS$20h@^VY2u zVdBK`;gG)H2;MLNUU>dF6I%8Sc+DR)jKVm0;DFI#-=ZR;0q_7$`GzaXg}DUR>(xJa zIIOwcC#Q{X7^A%T9x*s2*aHoN=e@#xkDk5k+po|x-vNj2K3cZSj2b?r#!;bh;o#Hm zHho)G>Q3|DHLMmN(KcQWBcgLVmqFn_N2z{C2r>#QCDmr9L&w`iqr-=a{Z zYrcoe_mp=jjeNdy56z$e8KcynzT@6aE7b}R$-%6xJ!X#Iciw(0R8~b;_U+$q-#i9y zhYwfk``ZIUg^XYFXUv#p#u`BZ9Ji&*J~DjN2+r->ciOjb8}!Xzj*Xi(o54jeM;}A8 zE!-Fhzzlu!87!P8=z(wj0ylKRcXFX8aLQ4qKpQxOM(Xq}X2wg94ZLAs!oxc>Zj`pk z7s(;=pf_X(vWdC`Ucd$Of_wrFKE23!?V2?p`W?Z4*&P4QY8#wVmTwDh z-?q)h0G+`HV!()3$p`RCKoDnO%H&BlCLBD*c3Sk`r%!Kl9&m;+h;iyRZQ7!sM1eVk zIQh&sjyKR|m+jfT0qehzC;XCCRI4Eiy_-WIonEd*OpZz?1_dDMX>%|ka zu~h~)eQn&hCA{^mH_bR6HLBcb4IJ}r=zaSSiT4y-6K^BeSFBiNbhAwcJN0mO>LmBT z1>a`Jcn05mZyMtY1AD>zx#Fun=IGCuJ}vYS&)~%G${169Wbi?Qb&?~;kJp8T3+9`Q zC3vv(!;iz%DU&QX0vxnAX7s3RAkX+%vnZ$RWw^wWpr_?4g4IYHQw}^(}OFlKlna?Fcv%A%1ZEcNx zR~r38`S;#=*JL!X(YDDlrSolQpM()3MjG#OzjFBsvjxzJ$UWwkzyR_RIN((d zcpd%Dn8;hba;44d5!oWh6UGJ{=ftaw8CpQsx060006-n;{?{M>RQX-Qlqr+N*XKgl zZe7E4(eau!>qEV8N#JVS*s&JSn>TNcIkD7TCfbD`#*7^;+5Jp7EqHN&`-v6~D&VzC z-#X`WuQ;PslA~9z>Koxbdsu*HnPh1H{zb+|s})4(A-kyIRzp}TIYv;|WdO8-gMvID z_(0$d*?dWQYw6MtjsA<|BxAn-(~XSH!Q6vyoZ{QU|1#Me*ee8EOm~Z>FDZDwb<1X( zZ{#pE1kTVm$XECUy^l{}E%%6mXR1LH>ufFc(NB2Sz!UZ49t zW%GaR*l`O~vVelakGzAnuwk(G7$dr6=FAz=KUHCq@c8`mi%pg=M<0CfVHlvfBk1_` zufJxpX87=-VUlF+`t=*bw5gLVxB_hv_`NJ!0U7ka{QLh9N=k-?ar&-%aq$ofs3C7~ zxOvo-v7m1qR}GTkA1#ZxLM9SqAOOO5>^F;+_*C4fQ_)sJzkq`Za3wqwUIdZI@`57F9&a7=Ou`x%>w02HzeI}P1|&jEcRr{HIT3h4P0 z;@Q&D63zQ?>9EZfRAwHaopa*HE5h~v`oI03rnd-Gt>3Uoa-qm%)#lCUy#7}2miPud ztP_2~1MtHKA1pOnH|06-|5ZQQ0svq28GHipONMCmG=8E6#fm`2$RQXoZ@~gHxM5%n zXcP=T7!e`F=R77)ooWhxn}l~Kt)!4YW9DQraujA521jJ*9I2|50PbQ8jFO)@dzKj# zD62ja0w0OV=FXpILi+geV-l=ACCmq!@qrDpW=wd zw0!59vKS%NM~<4}L(s9^w^&9MW90AvK%I=#2~u7t?(I8vnxRxyS{7IZV63A@mzyHT zNFF$#zbPKtMpz(-8yXbMkm1bd6fsiv%4i|tI83WM0IEP$zbMu@^X8e5$ACqEVIWo> zI&8|OOi|NH3Ap)-7MWqWMyq%|Ftm5=Haub6fx{WIW|}cnE2Dq|Tr(ydM~pa(!Lj2; z${}AKMwXXL7#Evy%Y0#!;n;Lg%!yPMtB`j7bzLWoZM)n=yBiu*E>0Ict^~8T&<7;H+HmAz-WI zc%qOF9@sD8U7~(^X{Adm6YblXfx&9oIl(YmP7L_$rg6@iHN%W1#>7e*3Jyhx;e9(yEn!66>Ku@1OQ3`T{8ILIJYOOFt z8t!Z`)6SfEb2TrOhFct4llBS7+hnV<6PoMVTg3=+ASPVa06r!z`)7FNgiHWYV919F-4$--7{myk2k}D z?@_Z=9Y@uitTCg^P%SMjQ6E9h)L8|V_JMxky{GK}=-sP#7+x|=ZP$lUaz1hT_Q;fKkSCWdVa0$?cN%rZx-R;`mUJ<(QdSY>J7p}ppPof%s=**IDA7cMl18b^B2 zpuwVt^QQQjE9MMiW7eEGHZB}8XqsT%%-K`rgzq*3Xt?HZmtZ(1gNGePW-MqvCr+AV z4gmAX?uL^mPTE{E&lojZHf}P*bB5>;`XrzT{@`JZ7UUZ;1}6uH0mB4-xgq0htPIIR z!fW}cQD(p(L!3UhZQE{!4Gsfx0Nf58S{$y*(Wh$STqKgS~oUWMcfk(QDjxi?tDKH9c(Ef@~J~1AJ9*}n!#RR4> zK-rOov59PfwxD%ZC`XSOW4aL;-cd5OS^-#$d*DHy6WAm8C-%z*04#{50L_a_Ua(ye z@C8AE!=kylbDuRl4I5UhK+$e<{Kk(TE9b1p0sx=N*+kaE7h~j@B0Hc_aI{@*GQa4% z{rmQZbK-0G0UZubz%x!e&imm*2g6X|4>?Vske~=UiB;HBa@@#c{5VMHlPS}tnQ@Qf zI9YORTgBF}@VUh%D=CM;OaQg3@Q8dXR(*o7?0A?lbEe5!oSY)T3j8b*z{CCe^*336 zKmh}GgHhJxv}kdZXok5U7>$farjw66XN=dbT~i+i#V6V!sPV(Y*Z??fI8xlhBVB|O z0=oo^I%xj7c8sft`-CHjKXd%2%83M4=ny()w+(YQRdx+<6C5a$E+n6$R1OBaU7!za zrT5=oW-wNXR&Z(;Em{~(%7MCg;ZiuOdt`ErbPF~VJkM?b>hzX=XWknd?-<@oOQrkN z9z4yDU`FGeMzdR>kqXHfc8M%lFi#HFr{b?z7M_m5?+&Jmv3poe#^ylYLhCqU@CvemO20I9Y!}cF97M-^fw)9P-b0=t;(~2!M{d zAsiy}X3m_hV1wSrbN!~#1_2Rd0D79aEELV-pv{@{tjVCO*RG1ss>9f^V?r)o##$MIkF+^gftuyZS1LF<+2#vdj(W)0(URTlK4zyN z_8HDU`gX8n8NsFb!UMR1?gtGXVs;qz74r_iwKg8~2zCxX_{@WE=xb;Lex4@VZ-9a>1RXfvmTpC6LR06@pR;-b z-Q)`VgIz=b78w9eyUMPCUXWD;ajcB^mf!>Z9hICz7QiP2>9K1&DIL1wvwQF=csYOm zqJlle##02M=pP%K;5$3wh7gBSrl_c&m~g0+??tPJV}_H3aUv^O4t!5jrUsO#4rfI@)5Z|fV^7^G;W*M647+1aI)b!B`BjvgmbXU1D&0`OP z-RGY6z)8f8aHIYQ4jg0#IoDmf3V*^OhCz{(7I;1<1HH0R&XtU4lsw89`1wKOMmri4 zL7I}%QlklI2+RWuM`=lkj3gO7a$r`kUTdq2IG7lcz>gzo&+Vxl<1vj_;FyAC^$0re zDtajrZQx+rIMgAM@EZpc0tXJb=LfwP$e=Bjan5s*&>aUf zMqreK-7s&w@wz$C7(B=%;Q8@SeyVNteGDI@u~UXIT)TE%v=E(W-%^hZgC~*Cw2h|`4xx+Ew>+sHEJ(`1P1LmLGO6wxL!6CMK>1Vu5lkvqtxehPrI;|yKM zJhO|BVD)ST^^gIKk@xy=04K0N@Qx1QlfV^njd{I7;6^mSswQb& z1>WZ1d|Qsk0MRi!Fo3}x%}^d=2QSb|oLkM2@(Bh*3l-XxfnG8RB_cr2J54hO%p*9Z zKX?W@rA=1xM{4Zw7J43lsjCa&C_Z99uq)EFTDK1Leg&<(a}b=btgMo3KWX!eZfD0C zTdd(fXzH*3=5I}A5L5*I$&)4t@8?YxA**<-qFN3p2YLyIl0Yzz=@6iSu6WF8_UxIW z`71^PfAxR=Kej^<{Y6_xjvTd}9N=Vw03c6Vm$jEizfsQ$dMF@fmdqqA(ZW274~|pbvN-8o)j%DHUHy z9?hCL!**C99|m1+@I>VMctsgu#e*8GwrA9yy`wcn3c#-Lh&*iu^@LT$){h#W1 zQe%Sz+ui~2q_FvP+JUI!+tb_0AgVVaXQde<0_Sz+?AaDsBg&7G9i|94hQu&A(-<5m zc~($yN?_!2ts=3qfI)$iyH^q2QYk_lGs+VA!=c=;cD*qvtN$1rtf;J4B$9UM2cd}p z$Vw4g#}S+u1Z>GgsIct^=O3YiP$N1xKupXtln6M4JIsrbMB4}##!49+LF#Z{(3$O- zF#y6gXoT{-xpPeDutmD8v^12Kme_Vaj|3uw`t~g}2j2~F3?#Pn87?KDi1@O_iKs4) zI#JdVwS_QcM*`d6Fvf7`iP$5&SOFQKvfzjaE7u4vj4hmd9s^)Ji=KPV6gmo<)#XYV z;y79pWgOaks86;&qd=$4m|?4$JXWx9@nU;ctG=$@R*_gW0k0f`<>V02#bHGm;pk#C zAaq$3+qrGKDeNIbiVbh1u~IWexMe#RD@PogwY3U`P(FH;tw>;y5Lnu>X``*gvf{v2 z@3>oGyqts)HXrO_Kwe-dV4!r6jOQHy2x^?4wW62dieyinI>lC2cSv!wYKCKqjNv(1 z3_Of_6fxt5mIzYJ5DjB&v6YPZCsK@&&h|1Moq&#~h&~be1i6?m+F?utp7zVh#V{Ht z#Y_28!3<5U)6Ry{vND?=j7MC>k&wOLw$W|)_LMG6LJ ztT-dZGN>_T+bO7Ls}hVgD;QMVA+ie94S%ges zJ~5o&4fvO>z|SpSXmi2}7(84g+)<8QEvyP*_~5;g<_EF?r|gp{3 z%2)_6)QUG)L1EnF@!T#u4en@l581vBLuH=x;a|aN|t+X~r9` zy-_mp@XYmFnR7IzZ*wT{U`Lg}x2@0cP3KuD)mE>|w=F}RUgZ$Lz4=k!)glDB{7!x< zfsd?)HeJsZ^U+Q}O%SNz#M|LiJ37!}VCDpPwzI%Wvp}bDlZ|**qFWX$SXeE|%9p8!a3Er@?a?16i-5^uHt)X*o|5+o!q z?4)3W!3R1w2OoU!o%%VSoe|^##~zRRxqzUdotDOL4*V?b^f>*^wu1}7m~>r>K7E@z z))sHU7`qMxk$2C0m`D5<>00)gvC-G)lRbux*k|l9_8JEry%nw^qYgZ1dURZVI`zn- zwHu7SSR0(6U9uZL;y?1|=(%&NUfFvY2m64-OO6Y+(aU{s>-EB;c{1Pr744)PJ%iqM ziJob85aTHSm+XfFd`O0~H{l-~?}S(E=rorL?_7`tv!lvpG57R1`xB3_H;tW*Xty9) zYL3mlcJ>Y4z1JR`kdgX3>C{t8-m~wU-D7^9j*ehUqAxOKMRv9bJj^<5b_LmO#TS6E z3((lu_xN0!&o4kc9izwt5o@Y0#S-raG(oYP1+_-%NP+M$qKLL0>zQ8v5 z@6g-}7F$S}8~R1>_*@_6Y-Q~5r$XNsTyS2|v7bo_+6gY9*V0`x*(Y|*_B)T^`o|?1 z$@mU{ZNexas~A1UU2JXPhkyYF;|p&j+M7hs zmY@s?AaqP+&g8Xs1g&TJ40nl8S61?l@FFx8J@7y|0D=gVxZeh~GK8>IFnLxx8Nc$> z*N1Joo(bi-8%o3`a^xzv{FE<_4d8ZGlVP5I*-D6VdPe_KYyi^@o$b-@Wwa zdqwYH)W77~#%q-nE@`fY4+h8f+xH*l8He9E)PYM%>!_oSF2~#0>s_LnBG`ITu8p@D zEQO=YhY>QUAdJoPy= z#w5^zR`jbZc-;4}hnB|XM*e$=`a1q*_Z-uxj=asK55Dug?!`CP*E}{lZS`ub>7V*9 zJdMWey?-?qX&hY2O7g)-S=lORPEI}j^rAU)*6J#QhHGVJ1Y_ZQM3WRh=k;MfBZ;AB z3n7Ks@S$D*Bz;?1^P79)74)!UL)k{-@>}2PspGlfr`~6rl%Mxj?tOuL`0=ai>__+q zUA_25zlyxcxftOc?8Ya#DsK$#+nAIwek*aDK=gG|f(VQlxK_?s8-1zU=25=7$~4+{ z-*A{0MayWkmqGnky<43|6Rpjvn>OE1zkBXHt=ld1DRHzp(u^!^OUiy&Qnr;F-hWuV zO}*b#8*A6vYPnOvxT!MZZ4S!~@5jrHKR3D@&u`D;ZGnwJD{vqH@Y0+83fiV}n< z_0|626&N3-k54(AX&p3$Jy%bjC9 z?wzmCE8i%>s=t+8vS3S+pOw9qV*sb6t;X~E5dhR?qiyeuLuzuUV9gl58$DsCfixV8 z=Lx)c7^P}|#5=V+WR!24u%90YcAR?pX_c$K@=~j(5Ab+LCbY53Yp}IC4POm*`K@j> znm^tdOG^!AW!t?vLtbt$SgrRVwS9Nrsa4;oy@?l_xf#dXriyN9x$*i>WC6m01BYWv zlfLlG2U%^M(&h+$;Et`Ptb6z}2NUvkwDp?a7{U&>0;Ya8rB1{3N7c_;I+l-8ZV2bF z-c^%{)d(B z-+!DsTh{X5PN_yuZ@-g;(SWdHf`Zc406?MPAJ!iqM)5D)R|79*bmuvYNnBxoN~34@ zEw5+Z%9&tf#)+-`D%Dfj)GQG0!X{H=U25E@bw7zBC0y|!om9zZ1q z@aCztQP&atZEW%w@SIG^SlW2>)1I54@Z9dJ!W4hJw-U`*6Ij^*p6Y)z-VrP{_>?M` z2IZ@1WePdHA?5x%iI@wDF!);Pi|A|Aj%)t4u~gfm{`z|*l~-!i#ptQ(q`_8yQ+RK1 zxwf*}q6i9ixi>#O3>%Jl2+xM~Te$?HBGmVeU~K=mRd?t26q4!|`dPx=NdF0GB^-V!lMIwfo&{*K6%- zC|Q*hw_4V4t}k@n!`+u@WARk^qpRn>yZmhpCeQB&_X!?r>tmiZ~tY1mH>v-}>0DgmA}VECh3&27{ch-*%(Qs^^VTOBE8zJ~Z4zaJIfpiIM^tE7(9 zp6g-sr?qDuBxPFtQIWc|a+`YB=B1Tubz9%<*%dgAUi#-r`cQtnjqyI)bF~fLQRA&% zdq2Dm`*GgA-!vB>dC`}v5)(M8wyWKK?#$s-v{QApk$*j!M{_^Ic^a%%{HZeSI(R=> zqAyyrHG1FL?;B6a{{Jed9JxV`wXb+LxYd(tUPn0U$Jyf=pGr!}cg*QuN4|0LT3?zN zw%6|aT7A7<4r!~$Q(tCuuLG(28UgNp1e?BlFnXB!R%}1tF2VC}*H3!r_aWY^y;iRp zkTcn4&zPh327Oh%JU4u*D(SN&lr+JE^`dXLb+f^B^uEVwPtSWLpzOq-{?!16)Db&g~2d9-+zv>LyYHilL{As$Zp5dpZezNOH?j$sQe^!AV zpV{}75-DH!(8lmy3#0yPtOL1Hy^YFON27k=fOD6MRaKEq>1S;=ol)%%$1rMi90$Ya z;eCUlUE90XZo7Kl-nk#;$7 zhn453lzc5fKdkf?z8~SUoVX7gd&BP#w+*l3Fb&JLccZ+9_aTIoRHb2A8F?O-uX4(? z_N&sC{qbejp)s^2wRH2H>;#yKekN$F!K1-;->xmsbuj*-;XG3q?Ou^e>V8-n&6_4m z`)zLSQnt#aXycuYnjgV7Sx~zhl}c8WZVZT~bjQ1G&9s{1&n^GsUO6pOfc0^k+W>bP z$&-)Y>c^_NUFdT-KaK8(c^|dmas0REcHLBa?R~o{=U!^$`NM#(Z}Er!cPiLQ7j3Sq zHo);RyFf>EqBZx&PhorqR}%u?_Es zoyZ@K-MgvExBA2Ptz5f~y=!vtF&%_{%nq@vCwzZ&;`0wQJsKT3pgc0E5Et zZC{~vIeM&2dBf+vsKY1!bxQGwQfYj0SuwY7<>;K;{K!)~W)qYc-)R@Qw3 zujRF8@1#xTw|A}l=E_w=e*=HO0G{yxz~mQG{sw^9+Qr`;4E!Jr^>=3!e>WhhmE4an zpZ;zP;_n$0gqf9zt!ZNnG<`dK)09!m8-H&3ANTsB3a))zcz%@iCJdS%pp$X@x94`< zRMYK!yDB%luji=q z8_yI&{Gn!Tibh%|!}r7csou9d*Qv_3_rrI?`}Y3t%5`f1;P1*z{0+ikb-~tkyU_nO ziL)Z$0bpV)6nI8Taay)B*YACT7cjPHx%Z-3?e|Hod_&)`+=h8p@mkL2ui6;4J8X0O zU2Cb8@!aaRJkP_ea;?thuAAz|PYsNt^)WG*?I#7J8STfqg#+FkARpmftwLwz#n#Io zWqL2P+g1%59)6VlX&cQs3JG1-v*o3v*1xAsVS7jiRcSMST06dT@NGY-N!nEXP0`3^ zn*Z3ZjLk=&+6w15Oj`m=t5cX8@mRwjz}kCx?pvGfS($bZ{kG%|aXxHU*_NuUJhWXV z<2uaLl(D4RskI(lA{$U>tHhIJQ_UuaT`uhFG$$0yE8^4<>r?t`JN(p_ArzS^R zejBIf+Fg|E5Y}NE%1Z5htJ|L2JJj4gXr*93DRGJ)L2f#NRZIz_qzVHtbwF zr0189GTzO#`-8mu(OT+12xMF9{>U)!+S}hQ;awd>nqU+RNwTziBwBfWq59kYR2fnz zsWI8;u@%X6@_oJ2b{M`fHc{gD(u_sFIkSCo`1>=ChL8AI9U5m8eYT@Prg{g6$$o|~ zj>ZQTV;%##jb->wnW=tL+v>Kmt!_hr_rttl8?8*cwl+Ms`&PHL)2{9Jy6xHb2j0o= zueZx@rVF3>jXRur?>gCL?nW?;&$YQ~f}OGJ|AM2c49C&WX|+ia-zkNcL_^6NQmfNz7mdK_3>8D!9~BmLav^#qpJ#n276@;>l)Aq!pUxi zeYL`4c>{bIpSt_(maksN5N_iEL*3_EwI@4hjZTyu8Vd~vh3C|5$us5k@>}ngai!e0 z2|Ddk z#y@>V63UZHuICd!OnwC8qh#XS#sNE`a8zB0&( z`{WND*#?X9tLOYx6F+U;k-|dl)K}rpG%1UU3PO5s^OER9}n1|zQ?^-$6DyxP3-`|6Ao9@*S z9wyobpE6DMPTaRXwdP(s{k@y&vmPfg;L!)q(9wjxNS}qJ6l*Z6K^N1>bn|dr)nxvR z=Xq{;YVXj$v)MNo%cyPvT#fZW_jvE&?!T?#n=C!-lj9%3nC!mRsBQ}AGjB(A`f@!! z`ZiTiVmPimj_UR0hx6p!Fg4t8{9n$8`5c3X#%gh*aFo*UKDeJ8V-H!;Xo@+m60a6~ z>KI^E4}_!p%II_J?+~`(eJeMSr-`)P#=G;h@78b4`yMtNZ>!tmuE&AA@#j}ZHe`LP zCEvL*nwpay!3BS-<6U(=DpPPMm+T1`wJ;i|qaz*RHZgxyb^_XzoJTA3#`PqM~Xk=5ub?P=5kq2G$ zFz3EcW}qc7Pr}xh&U0Sxx$_PaAJ-knmD&vt!*}vMOT+h`eUIpkeDi@l44=KO+z`(- zzUqAv)~VW?XnTmmsy7;c-%yW>(LETXA-u!!zBl4MV{d)7@~)D8Tm5$J-}HZndBZk_ zWw!Kw>oI^^im4xya#j;C2*HI(9Pfou{ASJv=juNB2#b+rd;1PP=n(}%2rw3W8J$9w z-&W$awXHfSr>yt&b=CT6eY?*WS4a8Ey!_IOWh^?*L%)vgaAXIz1SiGJa0QDq%$?V{ zTaMxKku_i9_7(14F!ht8oUeuxj_oV1@*GRVC>=LUy&L}1ir@1)*2!12+dIcOQ7nu| zXIuMfZ!_2%vljg6$62@f_TF(PzDTURqqAJ$xV77^tqsrZ-myRWGrpDwKI7)}!4p{D zSnmwx?Q&$)yLq>&{}^BL;n2}L^(Fk8uYRu07udj|U459VJQPiUy?3rd6X_d$c!w4m z9VnB`i9YlN_GXmlF-NxaCrq?4%4@0Rxk~lit^*tl%k?F5Y+%OA(00_Dd3Nj%I75gv zjykErSVnY+9*qxd@+35%Ny8lF#^RDPS<%j&BE}GPy;|kH4)aY*l*5pmxXDsd= z{bsHl=jOT1=lH#6>D_$%@!c57`f`Mm<9Qs9<>)22Z)0*i&o23*x+8e-vv-=%KG@B( z`Gyl?tuh&(UgR~}GOvY?ly9_9bda(>`lXz@-$`2{_GAK{LWj!f54{d)+c=D8IL5bf zOl1mp>z;kCj-FBvpEZ2o@i*UmE5{G+R;PBLbw~2)e_f6kbu1@Y0r$`3m?1}H4co_W zjS!P3)%C9NI9TzxV~w=2GGA>cXN*l!=iPU6+J}#!`TBgG zok`u(RsXR_eHcHOefV*Q9j4W}?~djKi+6bSyBYI#*-6s3)6*iFBR9UCapCLwD)^`z z{;c^-zZpu+Cpf>GkE}Wh)ED*Nc>T51e=kQ%X1#uhYYo z`FG;TEBSJ>W4YRV3~}zO&Ys(t9p`60%@2GywZWJ9(S#$s9DfK$&t|U8n*}s5R1sF^BJV2!8sx`2Gam-bp=UP}VrnG`WRN@dtd@{O8#i z@ekY-Uc%eTyO+o~{oob#(p;ZE;t}Ix_kmMjQ@hWsU01L>a#8!>(`Lh6)yZ?a$~RW+ z!%?G`_Fji|uaSxSp6A|7;K;a)SN(M2>&+ur!Pej|0_n#&8pQS)qjnoU;K1nu8Exi0 zav`+g3~%#_mf!@>(;Mip@ju-zFxghiwdvT%Uan3C>G4sIXlA^_1rCZ7GWVEr2 zhFiMIm}h~N7b1af5x2mobRT~&;uNC{M?%xSM8t?&*mB~z*4fg z?QTdtdH$hOe2+d_-td~D$?uP5`yjFQZ|7`sV@D6Y4KnI0daCqi#-)5uhoQmTvt^Ve z*97pCGsd2dCTSC1%w^#x@WWrtd*n<%XXdk)GjC%a^_E^Jf(Mx!!`VX%c--nLD*ziA^{^BR|)Q>Z^eekNC zzHD}k1fS*^&(J;1KBTwQ!E5>hhZ!cTmKio$BB5uI64pji231uET%ByehDTf3!A!4B*xPz!oC! z$E6satFuHys0_~Mb4D^@L#R0G*ZHIjYy`&`D}j_F;?#3&nKPdmi3F*m;~0Pv!x_)Z zoTa>G_0u_;?UUVu4=#xl@oX9L2On~934Tf(6aDA^@|!t7_n*e4Fei_D`n1A}u|3!EHd7myJOgJmIEcKmTO6g3Weo!3)N4V; z1?{}(9U_b!5nakjI4y=4H(_*Z`8ueu|TIJ{`^ z#Su+$E}UC$zBtg%)YYD^;KthPUdUL`jj@2onYs)I=es+Xney<@d$f1c^*7|KJMhAzkO-~ESQ=`OnPf}->Hb7s8r z%qi)&bEG8svNrVgZ~y(T)_L6E#*-^@yx81hj;?v-DBhd1!OcIXZt>!W%6WV#b4wvE ze(<3pShBXEI{Z;s?7m zktycJd^p$pw}0n(u2RZP<3z6rUGjqwJ%70F~CwI5qc4zoIL6nuNDmaJ6|Kv~qqC4aCQ>)xVOCGKu z$-a?~jOKs*zx}gr-rS>$)?W->ul&oax|2^jp#ooIo4I{0ZJ=$&AbHf|W?{`s$})~xWt_lkGvDMw?%^`iUkE8LP><_b+Q5(O>1Cnv}`?dy{qldt^>Dg?KT z+!g?MHZ*hPl~+ZN?N&HJ>v$K>_WZtWaI_*a;_*7_P5bEZsH2XodAs|bdvh-RoRZ~? zRCNVM@D2S5r(hIFdRxFgauAP`+u-z-ZTH6A_+8*>=bifi8Jf~2dN&^OfGjg+c%C+G z$Bupz*nU3rLmzXV1iyFNZTG_W%aKXsE_vPLAO7cv8soqDxBp+AXWs&8=<*kS`JZ;5 zz3{x6n+J0o>hc_Qw>)^jr{=Ft3yF*ZH<*kA&gc>P%8K0!FTN0dcq@JHQanf||8@A+ z(ZbKpI+`IMWn@dmD`Ri%(?F1-#{rz&uKjSw(vJK6@9b9OOGuF-+ zFI;7AIS*tqKEU&9*RBg~-(Gx-egu95BqTr2*e3Mx(Bj24Ci2c4ft!s)pRlitm%P6H z)>~_i56GG5=8%k6hn!Ka<~YyheBHXWMFS5+XT2IZ{mJNe@(L}OYxL^4HTV$3GrxG> zIQNWxBf}lnYwQ9xXhOT3E_AIw0nt78+#~${Xaxny;6tM;pMK_N_r{HdvU3LxJInzEkCEL<; zck_)m2G27pzzAM#?z(GaTH2xC$u)B2o$$SRBt!LuzHYhcrjESS4jWRyss%sEa&nuz zaSZ9Lx8B|@Sa^4L*kQ9Gqps`@J!E>#gZO@``UW@Pa$;?DmcQYwkRg7xbiYp$Rfef9OCWJK5xP3SKYS znm&~ybJ@D!^fLgqBKi1NS6v;N&e7AMTlfQ41t^2BhCBJ%Vq2j%?cvkLi*HBAI*yuM zizeU&jp6y?iHwgu!W|DI3-J(Iga>q`p8kv*4vlxndt_tT?<3xG6s&ri z$a9XE(>=84!4h1A$1|yOPXr`^OPJmrBlxM6Pel-ZyBrXNdPsp+Bl&9jIOgc1 zx?lZIzuA4}{Bz22q(}%OivF4yf@{`1QwI1m&#a3={a$zV)z_9nIq<*(%aJ)G%7|0E zB!LG;Gs9?QaQM#pcgpFUIdewhpMp94Z$lr-d>nq{k(rNv2L$ELp%4rp9G1lCVK50y zEWZDN?#av@$Bz&v#15NtcsUkVUv*U(4f4$2!aMIQV+>NoWJT z5NHG^Bdr8}R>~;<-}>#}EhCx2elc@FDL%1md3Vn}_myI#fO;i7ySpRKm-%%3;o{5< z17vaFem+WHo9626ce5(EZ4_N-mBM=Pfkh>h83*^@cV8I>ggA#vdM@(r+zdlB^VG_fMT>$^f*~BYCzdXY!@aD=WKPio<+<%PS+&k;10~M5edg&X+&n-0 z@S`yl4@n?sQFma1Sl3*0U5v5yaR#3&MP>Zvonxrah2akdzjVi)cSRw+)IAma9(m*u zfi1y{D0_j8$77VC2?~p%dF{1Vizg{y^SU}guH~VvWlJCLUQQWvYVH^b6tX$I@%rn_ zafbWlPb}+ZA9h$7or^=qdt^-JnBnkL9CC(%I(Oc7Tk*Deek}nk3X<~KX}dlEU_5{H zCs%ftU-pI2>jP1GZzeD{ue&ez_zGX(pTpvy3c}%0JUL_Lp$X7UFGK3Y6ONxy+!Xz> z$IdI~1pLN!@#j9^=!Bpxq;mI4u3mC|L!E6u)4{j2O-g1%c4xG9Gg2%(LcKuukB0`#5w<;wUT%o;agR z9(t%-6~1Q3-~~a7yA~{{D_KRk3z(qUr{nxcz1t}LUxU>2e@M`?K z$DVt2J0xf&kjlB-HL`G80!@tDFJAhE$n#ft@ZG5qe)8-q^8l#>py!Fh(gJ_#lD7_p;(;{D1g+zgGsC0NASVD*ome>vK)o zfXf|YI4*tc@xV8;yDvd5XV;rkc)|y3Lp#TY-t=)-=$$N~!|)Yj(KAO_-nuxWoWr~B zT+r-h=jPXVkBCg? zn3_{T?0fIMznh+*&$7tr2Ny3XStqc?z&rl9W6P-TgS?;U?g&rfQAR0Q``BZTO&GHa zLo?`g|2UQApX@h>909s@S#+#AkEagW;7HwpQTmO%5I}z;G$i=IQ6t;-PY`MO zvSoG8xTaI+EOv-C?c8}gvfLK-XG7;tE?-__hWkgN7oSL7wghM3j$3bwjNYx}IeCM( z=sEMxX~th1X}Z8FHwS^CE|5KKyR6)0Y>$P81Q0pJ#~v+Mor#Wr;gX}uLHDc=i7t9N z_31CN_};tk={^eX@7- zKUwRy$O2l%d3WR)*#hRW+0qvIuw=<2B@Zs{X*uI`OeDH{ zc3p56-n{ObYl>Ici-MW+jytYs6kg0RSOu!CzvkL*hsY#Ow6b&>o-_Z-El&XajW=E| zy+@a`S(ZjGRM03g6wl%dP9@qx=i5YI?;iYYpT%0TPZIduci+7`!B{dI{sb54*TRO(216yDKzB@59}-*Il0g&tBor_e(!M5&J@*N$`w3d_OjzF`{es0=X(6 zw)&~3%B~e8yYr4a3XkXxeIIr7(Z%nAV=rYM+1qse1NYun3qb5OAY1T*XJo3n+k)cnQ41rH}_S(R&KLH@NaRp9e8{zr4vIAh-$oQv1 z^8%fC5iLF(oEek*d+xeBFeNaT@?e@C-Lv0*`&U`d7MJiWoYBX4mc7L$f@^j#+IgaQ z@1c!&4}S3@y2N|v7>+jNy-y@?w5AgXr#I0I*w79Cfeo=LxY{>*291z87XQ}74hI|l zv>U;E3OK+EyOUps_NPj6#{&RikFDt+90o!_h~$`g^UAR2uuEV4$)6}@eKW>9LrJ3i z&prSAGJZIiU-{aXD$lmTS+fr-WgOlO;l*W%;6#AihLDem@v9F;yVc8Cvu9O=>wpN` zGtNA-ge)OKz|RdFpTFb_Ma(Cid{QwRf!OF6;ZjT=#4*Gq`jAATMaFD7v(iqnQBLX- zLX1jIrgsO(8K)KVU3kHH-HCB9e(!(%Vd29TR#C}31(!id}?*~g)dy(9dpc4wMzEsv(M@-`{E_t>tRF+k}>j)tYmSH zFh2##fdM;3f9|%aW$U%?t7qnBFxTNBNQ0U|NLM4-*JxSmXQDK zMHg07RXdz~QC5OrR-C$nVn`C&+M@sjKW5IFofXLUx+BsKqk}Mh>Zz68jG427!EH(i z&z*N{BDdR>kUlcyK6AkZQO?iTd{~iW$V%s)cV2dA9N2w2cwsa?7U3+yoFUfg+7Y1- z#wEi-G8bpgKRspNEaw<4a1P=6=-`g9M`!1J`mA!0R;^l7L60|M{4p>&c{69sC?osT z7<`q|7s6n`F_;v_;QXJw;X^| zPCK>x%!L^o=s3>P6^jzqUaf6=udr#(|O*xpYF~&>x^3AJ>}#R%c+?+_n55s z%_zh0lF*Lefj|c5y&Qo^@1-#|PB`KCq8TgORwFJ8eF_dpx)6;f*g1)4=*R?=;7Sl_ z*6i5@8{z-{2k&=hXFg`mn$?|k&N=0zKafBOcz4OF2}N{l3@>FF$ETcjS{Y^X;n=Dj z{*!;)2`6-Ok3F`O_Q|K7+Fg9np;L3{6i628-qpQVBXxhg%|Hi z)`ZsE&j!%h@gqLsY)ad08@e9#?->l9{WF)Y=)`J~K*0eA?APH>K`CPub-yMKot2H% zt5(;}2L_71>|l~Ou?z(co9Mj25XDY```LzINNpn=ArIZ3A3jz`A_LyZ7E1;ld23~m zV{qVs2UXCD(~EYkd~v}BB6n_sTgti1{@C4r4HhPT{!g)7-ZP^uc$rry^x)iUI z3Gjgy$Y}Ukc;|wm0Y<9;uQt&7{IkyLX3n0~9W?!*a`c3Vhxl&n~>vT(w%ZOOc-XUvk-c6r(dHyI~zGd<2Q+N8hEJp1hK z?8vhF@4dGiUSkFa1OBoruINq;oJ$^huz12;k+D1H+YDBikBNLB3;*iMZ$w@kTu$vp zpSw8ocx*W+oI~?%74XzE&M15cz_+=zv+Ig0E(`q}Ui$Z{Z(dt)S$sJ4l#?o$Y2K$t zb_vu-^(~1s0Qc}mk30|_pl2@o(w8bYJ1a0*QB{VXMANpkdp;pH&pENN*g|OXYd`a~ z3gim#X@i_N@SrRRL}#%fK6BAU-9Z@}=T8~3POt!v9C!Q)kr_uvj?as;wm9v7(6JFL;bz666ptm^pK1 z(Iwjv&7f(vs6hPb^Uvr`I{D&vf8Xo*MIVl ze<3@+wUx!g)Z|fD71XVlih_Ee5PX`*kvWi zazyBfLn{dTrOUrqi#;5>Pen%16$1C?eERGPFg+7G7aSCTn19CUwfGUBCg7SEJ#&6` z+pUTt`f36M=!HCC8=xyeg8kyG)8)J5drTHJ@YYwp_SFPJpDwQ5( zGs<@`zWMP@PS3w*o_RWBKDicy*m{1pCopR9N{B6DB@-ng3=OcpD}Yr ztse9a`5`e7-YbXf@hE)+f6(;lwUfX$I6{lzufLsQIPVam7rpfx=i6?-Baz6bx(mV} zqT_emxv)DRTU8mOH{N(l2@8&c?Nhd!6S{;Wg|^>*`=;Nbttul`!C z{OulR$O4W2rx!(=ER`+dre=-Kt2`3zvF&*BC_HlUDWR5O8Z+MK%f#hL;jf6>!0b12OB?gaG zKv7K2g)v%bg%8gE>?nNnV&xI889DOdKA{g7ZKAlfTF|_#?71wnGJt)`pJu zPtZkK4)VNtb2Fd$t!wDXHe>WnM-|=2kTMS(SN+lhue|bd;mi9~89N?;TkvzVI7j#2 zdw=l<`DL|>e6$KAQ0%87cuBzJ=ws&A+;HM;gJ;kSC|Et>pwf};^gak376~ zfe5&wd9n!oHC`6*JnASojBJYxcqps2Ph?KXKr4zI6Y$VucyzzeEm=g5*inWbZEN){ z5J6AlIv^`&`$t|ZyyK3NS9Z)<5u}gdOTw>Koj>>a&!0=N<>ei99TFo6O@3;R^wfJF~0n zwFFbb23%kvPtCC%4)P8S&(c?LW4Dr^fn7}MfDzxl znDMJ;b?$^1`+xZRf7pE~!C*4%p{)GUJEzCt_tOHqhy)2ZqI3)T-f8>nY}n2>BDSlo z;b?VwV4%0mTZUV!vVJPYsYCC3M;6gvegg2l*c{}ft=Vi4!D!EDNAO*FI|R_C1rkoK zcG*MqeWAdP-n_pnj%wi|b4Xutc5J_19eBZ4`Y>~1?&$0fzVkt3=-w4vrIX01f-kg< zwgi6Q@W~Y`LZka;ymkQe{h>#z;2ii*Ms8)8H3tVCbU=+44!{J@e&V=q+C<~*4zx)> zakh<>uC%KJjdDcs6?>4w#7+QIUIj*peH*7=!|~%6WN#V1!T-~0w2Egvn2}(9RHWY2Xuwq zc@|v`39M*$&-`?ibMJcxoN$W>#!cUGRAN0N;__4@TbE87e5u zVY6d}zGM#y__7DV4R+XmkV@KR7m|aAgbv6evPOOd1%r1xq#k_mk?vFJ_w~SPC4A1| zhZh~&4a9L4#Icyfp|yME&Da|I3t+zVN{x@L>1S$I%i%+xf;GyaKlA{H-aQ?WX`ao&>I56@0$?kmQ6GsW2RQJ4F7tL| zB3syw06UuTB3p?q#a^bX;2RC1OFj&J!|tKG?0g_!+`k{&bI;fqWC)pP7X!N)-{28= z1s6L=-<on8XqA~BRW{0ExL|G*(HO6 zjP?2b+FpD1A9ni)&226EBf@~-%!_ZVFCrl{F*66wm2rd#BnA<}L$K!7J;6%Z2pC{) zWt3;I`WP7}7V%+lOeP5+P*fNO;Zjak?DfZJ#q5j|!UzM)w+a|9uiGnM2;F7$HThQG?Xa<9FcV?ba0xeLn}A{fE%9h|v>tvy?15x8Ne53zf1BKu3goyDR{P>6tfyMA)Oqiqf5k|H;!8Jw8nPP03D*{X) z0W9!mRm8+o=JlKQK?F3K{{FDMG z8-C!z6^)`7u%kmt4j-sb8N&$!r73H{9swIc0BzudHKBcmG+e?RShcClr$%2@1}j`j zt_^kyO26u9&z!a7!%2)!@S}6eOWJOc8n$bG^ z3#NeEdxlUSl<0c~n~%(q7ZT&oTnu?l`;9lz0U8`ntuOiQ9&WVbTNdUJe=_3a^&h`$ zAN0z{AVa&~F52y#G}~2QO^}V_?Po@4!%nI<0xQ12n`B%6t%6sIHUxX@cF}+DZ1nO0 zjoiI(VRzQ2KV3#LCuG|M8@7#ev&YWizXahW^Z|eV33l}k5a;yG!ZR7o5H?Tn-f*tJ zk|iVkfW`%vuz)trxqtW;4y;r(8qpVC^S-r-?$K*YeOdCSrzsztdolRJVfYHJw2hYG zz?|dB-g${!&%BdyE#KG}kUg#Vjc9()n#SPRJkwox0u1Irn?6)Xp5a07@Rs(-c0A+T zCj0HNa|5}?g1(jEfRf+pac1CEJLXTGu}k0*@F4^6{cFCz68S7~P8#jgxq=*phc|lp zh)?02JQfsWP-~kUh8IRK9I1!ECmMuZ9z&rT_jxVnBE!m& zE57z&zMdC~9`fF<2V)j+G)F#G`PO^+DP9~h@R}#9#=iZbKl+!PfM55m%eHSKOF~O=GrbQZI}~02|i9U+&A0Dz4yk*zT$kq4LVllQ=wz@Oh)5Z z^r(EBKX9>GIAZe60XoqaSYLR3JyaD9crUO-uX5I>Wu7>JXq`>M84@7v%tB@aDPj@;#!T~aoHp9k1w zs2%0h(@xWuXxew<4}(2Mp8-oTFE z(H~x+ARFnLNDzE4%0$TSpXCak-!ee;4(h%;YEM7Qz2tSBlK0P!?)q%paF2S`Nacp zj_={ccPZ!x^~raAp+V!8=qEDMe4=Ii3y(EFKOpbXAwf@4KBStlSqNcoz?X$C@`DTp z?^|!ZUG_xd=f?NS*-e5T$s@X_3-KaLghdsI%d zNEAX7xx+9RMRWsLzCf(IZ#*ImV)Gp5tHwo;DP$uM69k> zzX^44U~E@LS}xtE;zZWD!zrhpq)xk^>bVMS=FfQjVNqk$wtpOMLWY7G)=Bqy-`5gp zW!w--Kde+ZNhd>QZvD5bzS{k3naj8H9RPT1d6Vz^FC+JJ#OOC)wq03i=(k3zV{TlH z&7XctV?W5+LLI}VZ?hkJ>&HA9dpoiR-U!@J?z-c|mtEUj5ukqCWL37+pM-OS(CTIL ze;j%EYL1dJ-j)jPKy7u9V)C<)qSw%H(PLmLeAdMI*+~C&Svv;gQ;Hk{G%p(eURGr| zPmDN5bi*y&I0kEn(EW!ch8ZCa4u-_gp_JF=cZiGDCZpdmfD{@0Gpf*|_I64TNF8&g z9m)6&tzG4t7v-#S8izdNF21h*jiEOtN;9Ml(+@66k-^QuvqA+1JUuPr7TB4@yxu>4 zLYF^G-eJTsH2W3Y4IL6t!iUsoa;oR{PPz8pbvR$cXXRRw-|FkCpOeWvGS~50MZ0-V zzM79noLbFsRmt3JN1TBvM17}a5A1hd>-CwX#9Di z@!a%y=(pdu@i!iKt@}7TRs>#$C9SmocL?@8uQFgB)%2 z?L^i`=I*=4PUVOV;cNHRS8&zRa7^v~wHTm|!_>aHV-uJIPObT9PIi?a=``(4z|hJ? z9<{mBub+X`4weMrp3dr?74Zr{#OWaql(pqppT?_1RbWXn!Z|4&y*;9KPT(u$x29tOXt;LU&*{hhR0& z<^#<1O5JA;(V%&(@f1Dc`-~Co4tO39H`q(Yq3_Y0HhR?td=70$c_kyphFWD!+8_<{ zhWD*V>%Tp_wsHd5YeItp!G6xQsnp7E>isaEP4H4^tOX@Al+kqeHW*zh!9O{GPT1%A z@DIY+_hk!atmvlaf!^OcLBGo~^;i#6N5 zfg+h<>eW-_5S9c>9$H;@lXV97TUd6(wqg*35jp=YfmOnM(m3Cgw6@iMFT$#? zUn3e79o&!RpnuWVGtlqOdi18R;jy(jx~AR2Rh8`XI3DezJF>^eRpm$Z zyf0iC#NfWoLuF3!$96addY?wn<-))rtSfCa=HVE@ZIz}E+%y9vnW^6^C-?o>M`KN+ zzJ9%ZehW5LYU6|>T}y4O{nLiHXyx1Z$Hz?JGc2V(q8>%`9mc-ANtmj@#B_8=Y)!T)=4HG#pizqd&vC)ki8c zyln2>c-aqo9&c;By!WkN?^ns5s)x~i%bLW!dFhL_ zJWrE#z}p*URv{I}qVz4LS(j z^q@^a2dPl)On{Yf)DTm)a4;szHo!~6MZ0RG-M4GsaBZbVTVrWBhOt)#m%K(R#xSX` zMx{3gKUfM3;~u~>8du-KD1X$>L@*&bf+N!c)D0I^XQF=pflRC6Esf97L_Qw;{v-@- zOy2w17I|HH6QH_D8uis@PuA~WR)NXe-1V}#!82-OIQEJAO|{hk(CldLM=*d79eZqP zljF@~4aeBZyQ(w6n^VFwgl%}Q_CWuP;F7z+{7$rK1pS*TGLhffY}fJn8{3e5{r+#G z+1Bt*Ock`)##{Fb(SrZGuT$wejbg|EoU@ZG_jJ z63XVw>q#1$=&kR5ihBJFRHIdMRItCFDBs}d-}dme`w`Mc_-wF^+lopze6^axydmxz zQA~wD@fe2XwW7c(wv5)uuu#hzUWbhj^QXGsTwAqE zA)V*{aokSTlsuqLg(vR{SABCEu;38fAvojr+R(n_=LL1&GWzVvzr)ItxgY;-OWWJh zasx=(4xNTKxc09-4~l;1?Uu`hv8FZwHyFlIY#xXFri|)sg1xK9{!;aaeAsBIjjuf` zUTyV_ZF2lW+zjtW-PL8P{PDc;=T?6l6`LwIQGPI2%1Zq>`ukRHe7x=1`>GbaLEW&8 zdgo8l@LiuVLUcV${;6`K@^VKYx%0S5yw=OHKOZ*svEoxcw(+Fn31A98gVGaYOPMyR zf_8*k_k9`g4=Uz%0?U1cdO5^@>uapqhK+oLr^#+6dhUT5O=5#@s&Wk$lj6Q5RR@oi zJ<JvHm9Ws`RM+QFB{#(SmLH6GT=G<Tm)u#HXL3=l(E%(wS4SYC_ zRr&m>n)%a{*T(I5(bLWNJ1zA64EwKK@Qmv9rK;%0eT?8Xi4*<18Krio=i&X3rWI}P zM%A|HGQ{6h75dTkZ4bvc%vZ0$)~+qDwb@`Buh-tU@~zzF@`rs4%l&QNZw&zaZO_2p zLjOK8_U60!%}^+JfZ!pyeBbVEqk1jBA?E-|`X0jA-}i4u2&!_e z?*{9p>nKhnG_f&`gKBO92ezCK%l2>kI_~wi>$L5=-A2DXZDVWKQXCol@LKgoc|+mU z>TL9WRH%*7`&Jg@?9tBUzz&9jjacIoUZ*&9bOuI8{%d((7spA zSGmH4dvnrvQXegHYh|R0kJnK-Fp&!zmh+;=+YpADs}cO$M&|65V3N(mTC1|hxzXPYjuX@+WmNW`GR-t`v$F?>#&`6 z->y@=mskC}NosxdPaC$^@~YhEVc2$RPZSyExBGTgsNE08-tva;hk32>@w^7}FyFm2 z6De&~J2kw1jKi|+e*CKbmgcp-TKOK8Q{!{k?sz%xdN4oUxT^kW zoDG(CZFAL^nS{-=)ZP!T{hR);8m+C3;Lbcq?R~o%jeDu)U{GdLbGHFxA93#V)B0}x z4fBTgt(-i`&rn{^2M<9z0WGdjc=me z*1(5chvTcdV>lXCAC{f!ULL-xc19I9f^pbj?uYNkUTyN-c%AX*@pk^Uo*Q@mZS}vk z-@joDSmAmjAIkVn3~?VgtB<#YC+auVF{JT_cRkr7+kA*-`yDF(yLq{BIV66z@FE|tB zTxmX_I(u3FO|cEjwtF8S^4m2qfX(<_1IFb2D4!AP_t%b{Q)W1ps>7F2KQJr%{ro;K z#R^7aG9KfudZYW+PvPLTH&R|BJ>L5j>mKLTezn^rSd;mxK!N^7zs=6ohjDzpyD2kQ zIM8;(0aQ)mC||VBS3`YSw7rLy_TERt{PQ6-9}<(CPB2XBJN`-F!q?O#{pr^nNDbHS z^`nlj#}51SPEt>Q-VN&w@B5M){~ea;`|km8L{Xb#c=MZf_%u%w^PT55cawA6)3>>6 z^JY$3xqgo8r2^F^9@4fx%&mI$oBhy?kN=q;AE41@&Gm>5s*l{aYnyLZAF*k{i{Yq; z^gkT?u#9`SY`7kO=a?M00e2`*=?(ZD@3-;e#qGlTHP+mN&3)Cui=%tvLi-K3z83CZ z;U)Nh6Z7L3NO;O;)e09AxJ`X+z>_cfD)))-opN9?*4B1wv*F!)M<(JC$+&&Q(ASk4 z4%BbB8|GDo(I3Cxg&S~8$i+-(>rX#D51Qw|lW~}5_saNsv8%Ddi+gp(WtslL;)*YP z;n=-@Z{+;S?$Ve?_FD6U#xDt2tIJPa;EbDY(PiJ8<*S4wZ4Zm*zgFqZR}cCesg0(7ydOmGfr@}x~}Rs9B8|xAx+iz^1|4L zsg27x&NBu5cw5=lr#aRqoJiVlJlpVPJYZ^lHe7ku z?ocoG?N0WWyK1-fH}%~0yxRH$lX+7|0$)q=3dX?ezTu_8q#T=!JR=`V&IN>KE0TGo zJ95p-l7Y=`>}gJRFVCAyRjy=at5e@sNIRKx?J4g)8Jo)nc97Axae%S?OLnC;Fa1dS zJUW%_3!Wz9ky}589=2Y_PmY29QwBUf`doZiy1s9t-sQaoH31T-_3a*9?YZHU{Au^- zgN~zU3@*5k!24288<3}*cG^4df=Tj;ncO$&xx()ExRUreiC7G1M_-j+Rl*vo>zJ{`&6K z9MLs1XO}v9!?82IME<_7iN|0jsFZzr_3ApeT3^m<^`Ra|yZJCkxU@dJw@bcOi(&m! z@1A?^tFz!6)4Mt+(~(o!Ub%8r!QM_M01v_G$RYPqoqiCZ?p#pE1^EIzctWftC>?hK z2Vi&aY-DuoOTysLC)_x~B#&iC_~?*t2oW^xi=xVUhG*@#I<7`pIP>1Qya!F6K5--v zI0#hr;Ki4(l?y_;o$>)TA4OcUu=2Y+(&me+;~%+gQ}e4=AOzq*f-sDOXWE` z7EXTqxBpwU

    &z=jNMl%lp-p=ZG0c>^M{O(3}Ika^+LqH@|gFwd1Sx4?ei0&iP%L zcC`nVB}*PDrTk#dxOLo>K8=qt;rw$(6uOWYCGhU+|1XCooSRHZIigB(q}8?8-B5Xs zyqP}zpi*|=hDVAEz1mSSt`yLNwkae^;r5&>Y>e4ZEi5f zna8C$Z@Rwno#S34eQDqEQqa#>G;cK(d9OeHIu_>cg$r^f?x9s?r{Lk$;B)n=RrT%< z{^#%2dB(=VkWn5TpdWdT-r@9`bMN%q&v%y{0R0IaWgw06AARicIzQOac*-?;koQfZxT79;jn*%;}Im>*%dG zCB7sK=e`Q8e_!5S{=~8zwbLIF>U4#jb3CVWq8U&6GY9IxLE|%H*FU)+=?hH#mxD95 z)FDeGbK|^Tyjy&ox*Wz`vQtJozw=-JM;+ti*uQ3=ELd~y*heDK;ya;Pa!*Ay<_9>?egU-axCd>Ij4J{Zo$I4yCn}lQb#O0rR0ViZ>}=FNd1k!{Ht!wnrG@% z3bN#hoQ?cSf+fzsHt%3vy6lOPG0q}xIC9j~ZRr=k?;qLl@FS1roazNNcCwLiY+eKx zug#g-Yt}qn{gWXJ0}q4o;De`k@1{&7dT=NZ)YZEO9$1|G9CNzU&fWFb-`G95a%GMR zJ*d0!rkf)(->hIanbfBuc`z~})E6`ind?YcTT ziec)AByz|6JsDiBSn*`{t*fuCGrG|WI`j{HdN#kVaN&#IzxiALHL`23l5vikyyxzF z>)5ngZ@s;Oq44Th)>WC48*jWNXS}~qM^xSzS!`a(j(zsoyMj{A8($Xu9(YjB3=gl} zdfV+KQ;$CC$ihE3jN#XQ{WrVm!NIdRsbq0vt@#E2O*h|K^Z*y;>oZ#&0H0a2Sdc=trcv}n{|E)STW?f{*!=Yz9aKZ`4b$8sc zAjhoUSG+wv`qP5L@1#vff9ki*-8I)-SMx*WsDJYjhvt+#de-M1*?_)eYoE(rd+|NZv@&+(B#y{(I0s?W7+b2`v2 z-6P=Ll}_N?M5y8VIRM%#`nGyi|`r+?m^ zeDaBfM?56`{vZ5N$xUBY*WYc?gN~%TAItj~!_(tY>bT}KP*pALEVT}N%^gOI5Q9;X=4 zKaV~9@PwXO5gETnWSufjns^~}M^4dO0NN?L0GucRR{d&sb@075^nhpN-*?{w!ST|P z5svfxtH1hI;l>F+H{EM;~*|TPK|IfevcirK04of@lh1ag`)}+7Lp$+<|$ucy$ zZ0Qq`tC5wF@lQn`IWqR~w0}>I4|XyP7|`yjRjZ5EolJ1U4L6mHKm72+yKjW|(ak~8 zV`Mgd1oNE3W*59`o_?le{`%nOw%hJ3o6nf9y6RiqJE57qV!J={%rj+ozL4V&=LBZ+ zRk}NUvtQ_LcqUKK9a+E@ef70hi}u^xqCw?6w=ueBXa2i?|Et}3=bh92#b5ko;RIj) ztN-&~7tgbGoZMvW=;zmegcjHO27z?|(os*LBxi+s!-fxH{K&!JT*3nXnHo zUfewv!{W&&S9HslEvs`!DFa5K{yBsk1xB=};(q(@pS8a@K{+0T0ASGFd(Zuyvs7o# zo?S|nk^0FPWeXNioU6-OCWJ+gDf7F<~QQSFOo8Xw0ehKy4Z@Hy=Buc@#)614F z?I<}024`e(oDz6^>BSc+xUllcCo6zJq1|xZbtUMRM!~L(f$N-M?J@MV$-w1A-F(B1 z-BWq5{pG<2!wsG}Hx(SoAlI&4*Bv%zcDFRb-+AWpr%ykq1pO6PTvqME8|ATh@se)d zvB#8BH}}dB*v@oyj=Fh#_E~tHRY3%b_~@gLDx-jNe(Gr_mok7qZE`G*$@`@-W{x=W z@KP-M?cbl7{&bWDB}Rz997nhe#u#@y<$Pv_llPPsI1Y@_Eb{$Uls4ta!GII>8HBx2 zbXOTZ&&PQ2WpiiOu3WjQ6w>{18g`8`<7`ke3^~DvPbCoICobmr?}G`QLu)trhgzJ#DUtgTx_(uYEHYt1>ru11*|Y z&Y^VIf*7wEGbdb`?Q+Z(##rM(I(wTUhfl$}H*;?9 zD*`YH(7Y4+-{uqBb&o#0B=oy1qZ>yT3c*e>^-+`5TjSy`7(Xdt}9HfoG>Ucdx~`x$mBPYaSf0`BH*D z_={3@F7$#s?ns|I)lrAf2fu&(2Y*;+J9D)0mb0!IUgpr*?au0bF7tRma2yLV^1`{w zug0*xwmaw3XU3U%w7V-fVGuJAoX>pw?F&i{2sqsyM}lEIJHaihK#rUfhy?SR$duTl zamL>6ZocuxnoIM1UF0452H%1NP)|PPl;U|uN;0m=jpv_#t^$TjBP-3np8?puihrCw zVdo6Tk~1=I?lIlnaVQz~CmerVcjtn;x?|_ftv>qm-oIDkIDGXhS9JHrpygn2NUYv-b_EU?;pUe!`{gfR9(lZ^WN_o}Afn{X z;puno+`08$uwmxRL*u|6T5^Iea8Jgca>_{wB0XQm^lO2~SQwNXqnR^jR$#^vnU6iT zv>b_pf-8;|qY~T!Sa(Cm71eC#M)n0+{6A+{~4L ziet8B$Dlmm`r^gV{!vFA zS^c3APT%v-y-;*|%rQrYKi-dg*fV^1Pz637O5lbZhj)6zILR;b&#^>P=$kC~(wDwi zK?6>ldE>aE4fMm|GH;H?QugGNPpWx`ckmo{?7aS*>a;D$&MCql953>D*320dkUrvw z!^^q8=%Nb>KTkiiE{=PGx$Cp*C-|pZ&^_AH@6%7O4ZR%}2WL(Nj5uw^cJfIlc6TQT z20r+I;f0q(@b0O8pjNOqaC~&L(c%ZYLqccha{2NnyPx{Wua<)?Sc4wcu8kf( zY*xV_O8HET<4ZJRSY~ zT6PD1`HIUEu)npN7kL10YcqF89(hDRcNrvF0h{_KBrswTz})CdFvLCCO23!S^jQD^ zKmbWZK~ySp`st?@t(o_^$ILBfecig}3g3@Lb_+_OX~7jZqE`j8=FUCZ@G5xhO4pH( zZ)KMR9dTo98~V`PTz~DgB`YoZ{6zv5^Nu^VWE34s_6r2>6`6H^p6OOW-J5Q>v4Zsi z7Ifm?ImiBi`|gi^dc5$=9%2)+gLWP*gsfV%y6iwYQL^H_)6P2Q}-k$rF zPpwYCX-?7K+wb+q+|m7X`8$z)aC_4YH-zV&&tlY`-3`}Xmw8!V4)kAMd1ZH8MmKYU@i!Sb zCw2_E!TCM;q!a2WLV*HKFdn@2x*J0yN7fk0t@&r1-rale{l)+IM_><}*WYkc?1x{RsLCr0RcG0@*i5hW?|U`{|M`cy3YbeL+j}xMa!0708+v-AoS5J?5D1 z{sh6vE&)`*J^asRzvb3DGT+l`7sQVeIS{0b*sEqWYPi{>eC^Yf3mO&nUK% zCrH3iCIr^SQIM)#Mo$FQr_VdLJL~MTyZf>lD*gN~{$e>X1gTXGk;1w2=0yP$tkV6isfB?gnF~&)t>{iAhIyi#t)YDHd!9@7M zrESV~SA6Yf;C;{Tp%@&eMHruS%E>XXU+(6gc~%)E1$04}b8Tbji_XIVp}0eKGYIBL z6dA)wV1%J(kw+62)g2^eMXwlHZa5ihzgob3gmjBZa!K96Na#YUpCy z+YIx|M)Clhdcq&p;vT_EP!7*{|0^`9?e6MY;V=MlY< zRTA1i|GZC^)6Ym}G;*-a6I$g+SuMLGhJaNMhE1*Nqv=rqQLyjg!1#2WyCn}jRPv52 zuw%t)FZp1;&prRV%=d29H^)n$uC64TI#~zz{JwM}z#^antbb#g)jnXQUx~xT0Te{SU$$Iwq^wvA)`A;NO5jBEo&$LE&9`+I zUhtXjC%*dSlA{X3nZ#jh$qMW7;bo5fiomdA0#=+$iIZ&g4W8%BIjrcP(|sDtHgAiM6Zz9g6a624!}PGrknw(t@beX z(LcVFMwbdEkOz|B&)mo^veCQ?s0kWL#z}@A6$jHh#!2!Fn=<#;G&B^TlOK^g5S?x{J9F+TRFF2B0xcB&JB!59eqqU=ZM3@H*>m$ z2{62#9b^K?%AP)de%cHK={uBNppb2L{48JbWXVX2J$4lcARQWA!NKM*UlyIT-+p~y zq#gB$PWIks@9xseF0WvP{)}hl%$a4I3WOK~e1m!a&=ER7uMgaJUw3Te+Lylk<&v)_ z#{nh38|?vZ@q-U_mq!m=bkPN+cQ3u<^W7IO{X*?vwO}KW>uj-q_D}!!*jTS5aQS$5 z#T8$y1q8GzfFqCq-^!s|_Rr%>mzB&|wQ6T9b% z_0TlEDzGO&M@HZ?i#=!$A6%ax>qQB2fafb;{!;hZ;OI~P?8@31_RGKY^|BYPyZ)xy zk%oS6zWLUYIi=5nvr8_yxOVK=4J>d%f5Xww|D&I+g{o(wcLh4g(X-E*A9xm2-{h9D zDhsbtqw{+B2l{7g0N@|!#3O!8;!44Zuv*2l%J<1IGDU9X-YTZmS%O+5mf>sXfP97@ z0V5hJa=UKrGZCDA@B4N+$Q%s{n(!td_2Wv26R@JU0tjHRb!^vNcdGyc2eTLR+42=Q z7@HWLBUwg8ga-%3wpEcxI|O#wm2tmUZK)$DC;AFJ`XU@B5_r<5e*N3`Q~QQLI+B_mkwiyqUA|y~+97?O5 zb`MOO7Go%Qzbh-o93X)cf{MWgZ%?jRUT{tzBd}=0DxWR0`mq9RMVQ0CPn6mXH{2As zAFZvEC&aMeNLx7M9eeHd*t4E)PfOjccBkofD^jAE6BxmqNdN=`z)Xrc zfI-^-@4W8-7mwcuLKI1f?C(k7d+&yG?>+bAd*63)0$G7Uroao}QiaT+`>8&kp#L~Z zIBC!(&OU}XI|VSBm?z{Ct1ON$U_e)_fMQgU2TTHj-~j$%8zS2)nOB@Uj9iyX4u?7z z`8e$B)~qqdvV#JeIDD*R!4D_3dO>g!x!6M6S~1{RxdN9MZ0zhn_QV(S%nAxy9D#vh zkFmE#PARL`7&`DOJ7`#$1qVZi4zblgoFVuF9I%^%au`6X%Ycn8`={SwlVb=;qkH!n$I&1 zbYEl|g{Vpf|764+1)nk? zN0DRHV`U2Y$j%7x0dI04i%aLs z>7-;A0xNVFpc|#DSovb>I$L(>qX^XI09oyA`W9GL`w7S}f2@*WEZfSX0y4}!tMcH6 zzz6c5`QY;m=Jedz^Y$4}nUsZ3z#%wi2MNKUzx>Pp*Mek>1>Aub zE}s`@s!=xNc^=$ai)$a2+Wp0Kspi)VWgNc%yU#!8+O^ zSdUy8q6I8I^+1L-(`R@WL_<4eV-lQakpVf4?t~|hCGZ`vKKS568!rJcY#eY@TwG+d z4FB6_my%D|SipW?<>3PYSbS!K+(2d^r&uhZK0A=uxw%993j6`$WtMxXo+0x}hu zMo^9&WY`)kHV_mb$j+F+4>}zA3Ei->bm4+|76e7cGaua*e5uhVxWMO=7j|evSU&R<^u z46v>1+||UuV+$8iR+xwtD4Z0W*luDX9C`#HP7W*C2ufBJSdl{@v+WjxrlMSeq(@K7 zhp`aq_ARs&8Qc1C8n`eXZ_9XPHvkF`K}TP31XeCvW}gkP>wt(aK>@^R_YQo6oosW% zki{@WkYSvmR0j?mV2TD~0VYSVq0|r}kTuRRN(+aEEnST9;TC@ zpg!XRK6nKW;1C6gqO&Ncgc)OCEGRPO0^!xIy^L=eJ}6NXGY$YoG=|9V;loV0vnpOD zp-2$JxA3AI!3Bl@<4;xqZZ3J4kTm;G5fb?uCmt^b6N2$F_fP$>$x6IW-!z8e5|%s&o@YmEa;W1f1jifLmk~vXc3P z)__}7RAh!P?XvZgRVs{Hj8AraLF*W%1nw||D=Ll{Zi96 z{mV*YZn}2uVh%ILZ+poAu0&>^HX6WDLykfxT&(Ot8|+@-LMMXg?dh{sMS(L$1foIvtzzQ4}_;LDh-1t25sR&!k zk?+V^c2%GYz&*Gm2n$a^ALwXgI4kcsAbcMT9pebGqky0#7rF@ivu(SR_yAh~I;CHx zJ2hT#34EM=WGpm@&ZnQqlEa!$cCp|zK|A1wzVq4I@BYrWEse6kS~V8PeO z0s>YEt*~pMx#0oW;1`}p*3%w1Kne3n5p#F``~{oLb!_zEu@XXlzix$ytJA=tXo1iw@>;nJy4q-v zohI0)=r-Dh{?PmM3;1TsNH-1|C_6)eHiAgt2>PKdcH1FGxd@ygclaEO9XnjiEB)e5 z&=49X_z3+2gLV!oSi|lycpv!$PZE5EW|&u}I|KL}|ATmd?yujtZMJZM0wY}c0Dz(4 zx91;-{_GVAaxpCe7$X8DjUhv{3_%K$u!@LaLg6EXG8)DNG|GfkHX^}nUqsOuGl|5A z&>|3saN-aWo#SG4l+|X87Zg6_F%Byz>MoWD!gpkB5kB+U4PhyF9HP^IyfGQENg1AELYz?&0IEA*6^oB7z0;B zWvxK;4?zhG{ajZJD}JWDx62)z<+{@Ka+M?fVP%or&|yPmyrL9fPkBQhL0Nxuk?NgP_x1f2ql0?+MA{s*^ddkN@JN$kR@&%or9s_+dT`9foeZ$5@m$P8S zA`K%+Bvbv)rSTfS$IppznmAS{iT5X1{ z;JLG23tAlL<)~ZxTw6d7aH(L{W4cV5=TRJ@#Bj#>!XPoRsd}{8p|yUURl<}DI1UTJ zW$&uZ_VYN;3TOGp>m))?tKo8j?6?<~(sV?ZwSfT}wP%t%lka_hpq!LJBK4DT1Iyb) zk=XVy!K|0&D#FH-d=^1HyBt@U*S7jG#MUjPOf#3Y?|1-TCL9y^v4HpT+~YdD(-*(U z^L$UM?Q5prUf#>ab-XNflYE?jy73xJniC$qehe>8i~CPHR}9~u$&1HLIfn!7UQqx5 zr_QcS+qGpf^X28$0F^UklV{6|X#pH#nA93Ba!fP%4i`8!E{CNI-sulrsBOpF^E-Kd zDXqQcyCAcYKtF2x>1A|xJVZ&gX`bhIFJpa?p#uGbn_Aw^^aBidT0DNQPyb2hsx7By z;2QqYcjaa4J8-OgIzLWVo(c(XhPebzJRg*`5(*9|yOK3sCN<2c#V|1%hF+A9vC8?-{5rH>-UsiW_tn$A z9CyR5?rFY==gP}_*)&{-Z>UtoxE+7?y1+{6L(BEswSbk<9A2)vaXRvkKo52Ja~R%d zZ_o3Sw(HvPwsPI6?|FK#A;!3}b~I*I#3|=EuxDk)Woer~H?n;k-Y0_Idz$yhL3usDlb-GeX;z=R{(LN?`$e5tPNv~`yPh83{n=r~eI<{pF=^h0!*RHN zC*9$B8NX+P&tRb`A6HzK=QP|HhUa^o`0n*6Z@7%)yVrY^Ho+AA)xQZ1Mva0-BTN00 z#sTl%UbZoK8sPld@1!|wp1Eq@X;3ddUh?94wa=MyymN6<$`$SKg@>)v8G!bgrzVAR zZZ}#T^5ZK5k0cwb-V?}iAw83*s@A_~4q`iqytw}{gg8AO3t-vl#WBH@`7C2#WO3iI z&*-0DuJauyl(oL39fHBj5ec5d%+;h7hG(vHDL^^8fyJW8mr0;N!>hv)uQ` zjSY-c{&yqtal_9B?`h-zX}0&gw&nBqRL4i78K=zK&)@SH$YUUnfrc=UD*%vuu+mV? zd|n;{PZ$GF)6jatL&<~xoG|e8XejUae@;{Ug>Uxh(ct4p#k1V^$BhkJ9eT=a{ls^g>4%nGQtpTFlZkjFqC1CN4%d;s84u=b4C;YS+%6M%;*uVgXgk#&xO z)!G`XqoP{r+u>;Ijz`T&i?``GYO|$z9(VG&YPS|eTa`!$K9|Gi*|#h4>=)&dqRDn5 z@1y58bhoW=S}Mxb2kO@E2YssBzD0f-25H&)5W}HN((k%H8$N_fwq|F$C?CUR%<(p> zG(3k9x0`N*m9ltyZ@LYK!QJ8b-RFY$xSl_IU*mkzl0L8ny>3gj!;kAyj`9x2`$BrI z`HI_enB24V)!|Zyi}wfWlaaxDI-mF2EorHK#&E1$MC*X`>tSP|u3rh>9;6TJKgEn5 z>gdVq#)3BoX0cyUf-X2_bZ0$`JR`)lka65 zMmo*=9m^2l4{-mUJCzN>u1V1UMRzrhGmIa{^3(8Y$f{*lZ-6NQmi%!@DVxHre}M|bj8a1 zvzKcK#;0wgh3v2Pty*U7m*dRw!+e697(ZUd)BWA+*bf7OBl|QU89_XrTx0Pvx$+$s z=%xlY+$leq)uhHl;nf0e`~!V$*<8m%%Z~NSdBXAH>D z#zUQi@Nb_T#*sR(qnp(5{t!I5PSK*zp$Qm9aexw_YZ$Z*_!P|Ag4{99QW! zJpFmR=YIt7d7RY-#sqQuj{x#xCj8KeF@PAtl`T%Bf6E1vV1)A{ft15(G(iw6WdxQI zV>pRWQX&11Ug)TA`VpSBtnNSEQAKc^qY?ay8(zNhQQc|3c*-_!YxeUIxK zjYqVThLNk!4#V%%i=X3n(mgMxGfzvmnNIh2zo*N`ZSkD$b3^qUR$PYqX`YDl<2s(+ zm~nYM?p`nbobBDysN?j*v!`?SbRWCltx)D4PmA03e9}BU9*gH^yL)-RXDy?|#>kOu zbv-Q?{D+Ol$C0Z(@X3qwd3IcS`(6%saaqr&AKn)7NQG+4)uw0KqE4LVF#I0FcertR zK^8u*U#7}5m3s-W&PR5>_2?R4}S84vDQY0Rscge>fnJA%!9t- zAM;J%S;^XVm}kA%@5#_>js@k%==kwj%G)0SLOnbF-5#So`;k)p)`(>S+M3rtx}cw= zUIrVwVSja!{najGe_6rIKR(VlEq<;COBv~R%3jcq1KyGo3ppl1ZGN;hv$m+V`9Wk* zzo>gAic6nRiJjR{#R;E#v7f$$(c4?Z9M(_-OnLYuy zwx34-nbwjj_CvF6qTgdmdXnJ9>pG6O^B2n;PooX~7y~~{cwZ+|(K+je`iE`K@0MVb z`>~6Zr@mkOepW3!B|1J-j6q};XOi()o+T&vv(_@OVz@km4?}V$-)>5V?tshh-1ueX zc~PC@Sw8|!1%C&e;gLd_{?otA75f@V+ssrGIsZBWvVCisd*JdhlTi=1B&cojfyG}e zXFQ!^@kKh9=O^Px-aRc_zEyfg{$YfmGW{C>P5(^S;~E1E+|}wbzqZ*z0s!Rk-b%mF zoMj##SF?FIp8^9g=ZzZuYN>v?lryw@>4+>Y=7*zFU~+!wieJ7)>A~!rq0KRVFq5V0 zmtOfXG=8xd(aJL?2*9ik2gc+V#1T>mcz(g2BT`_l@`?(bIl9e`?4a!xD_7aCWpmUS z7j3Rvx89C8;rKFVX1{Y(4CktHrgNc=V&SN|)j9{1bDbFjS5;ND9h<}vDYV5o%p9Xa zf4CeL$K7n(w%uTGq!Pcb>v`Pcvi72XTqx|>yD#k3aZ$y^I;uuTkF8v_#*UrwV{@p_ zQC4L-pOmA5Omlx(o$ z`Z&^rbFS?ex$YbrST{b(GH)DJ1YF88Dt^J1vr{>9m?Hx@?u-8Q623WF#RVtl$TA|?*!ym8}ZI}Qzc z;m9eDBjb3Sb~@69esbjBx{?z8%5poyE$7Q}m236+CDKxWGbgHc-!1hi`V(JY?p1M!IRJuzY5+$rwu@V zT;5;$$C#1t$UKMV{i7^+U%!5%9rwwxfbh^J;lz*D@_7Lczf#XpN*o{ek&bo(M_>kc zoaam*k;NPjwPC|Xqj&Jl#W7gmnj^^=19FRFHo-mpLN@ObevluGi(hm1y5!Ra^vfJ0 zXUKzYnFnYn9@9?AFphp=-odqx+wc2zyc>Pw)E49)yvMj42E2=WY2Uts@f^SI?sXY& z?X&uYY+x+VYppyGuapRHf^!?n0w>^W2CL*NWLa^)Yf|Gvewc)92e;QNX+0S z(hocAbcSqW;dm|Pk9Nr4yLZ1G)#-r&_zwMoj6<)-eP>=cOC3Id29Y@@M1ROj`Vh+x z-V<3?X|m8A58#o`F^U}Nw`ubhJ9^T`z_0(q_w<7!8NGel<{7y}|2fJG{8UyR4O>dL znT+BnST1BTym(GBu7e#9nD8U@krl`Z+Cy%^Plt32Ex15maKU@KbpAJb0p9170CYAo zoy+@_zLN*sYx-eOJ%nRNj~Z@)fqjJh^Jm)QbQIFfR#G0k11}?MnGYNtY$z_u!v_~H zUa%t$p;eAL~=#K&)1Q1%c)JbBh1CF6R zbOX=WPQc>Njxm(&g8s`U<0!*%h8z#ce8d0v4#;6>-j5P=c-%R9)#)`(_h&=SGx!hq zy^}dr4B5by4*(b%etZ5wh}^uRv$pTv4U67+*UmDADGPK2QOUZs<|K8J;M%)qkDY;z z(0b#CKME5jPB6jB8L9h}hwwSDf4?y%3Vi$4t#(c}LSy~9#4yECr(7F3OB{~UN|DnG zQV2K+g9Z)=hjm^njEI1%l97mm#u?HWdKds_U0yf%A7uXXRq}P!_?1V}asAsbU~-p84i2Tf$`-kr>D*U<^!zI(R{tV9cOUcrGc~ zV9p5T5Lm#(sKt@#A!ir^7NLP5MNohXp^q{3qaXc54%8`~Z>qC(Po1%GaXvW?*R|`{ z%z!6)O&;f>R!LZK#x;%?LUfDziSe{((P9%;80U%Oy}`~%<(KG>9X&1q+ROwU$Jrd! zJBBUBCwQ!sVe$4m@9SLamrT&ozg4T(TK_PH850gm7dec~3Fn{Nk$Mt_fBNtL*D!PD zRGnL|b6C}{a?K4m!T>*}Gp0GN4F?gNtXR25eY_#(LzUtVeN7j zG!7qU;9~4C9?p+teo&^zk5`$nU%q^$;bGpq*@9PQ4%|M`Fz4rTl;g^ktL+?Gf-xA7 zj0ppmzA|PUOdMg9AVD79SFKuW=hC8F4$1K-D?bvZPoHW5jBcV0`VVcOSaITUSPmRG zWC{knOrA8+oOl$i;Y9rT?tAas+3edDAV9IAY~e#3=&I^!bDV(j7ytL)gl~NPt7ha5 z7*J$RDfB?u9jc4s15fA9owtC({CRWaEVNDnAEIRpKWLk=5d7h+_8oG>P^7@XsQ&Z+ z>#yX@w6oyanl&ZXfBFfJqKI)Ij>$j-Kg`jD3FFNH96EGJEw4Boa*jE;X1?I1-Fx=h z*~2I!jJALGC;v;BFn)~50gR5b3Wy;S=s!+bspJNVnPAFKfA$N50gV86zXCS|rf_2X ztn{<0=Xj^TI6N3H98*}jbz7J^WwP$uRpt{5?o`SF<{Wlt3|vr#qX&^s&i6QoI4J`M z6zlBv1EQOI3Yzt>bHkx$&R`~p_VZu-%I10E#PLRlJ$v;q`i6EYE05WE@tl85pZXN` zk%PQN&e8@2PkLvL5NvLIfZRexE?v6ZcpL)~I)XL`D)f>3B7mwXvH3VFL-Vxo#<}CH z9M$M}OdLey9mk`AXLt+R-cq{N3_Q+FzIF3<5^#}Yv_rC!GVJ;y5cj|RhyPQ2I>hh< zeIdg+0~&ffDxATWHzlKS$T&Zp@qll14ful23YCUaiJW1@^S1Cx-s#h4O>QDH2qX~n zBA`P11Psn!IB)%0rU2&T$qBE}_ka57&#jGV)23KE&?NJYE@I^x!w^2k!Nj-)9zlxN zfB2IycFbtgDP1K?w{6{Fa_zX}IW+l$*M4Nd4$gr8)vx~9`f4~AUNKaWu+(@J{$Z>eq!W=xcSTbevTwfiZWuduv<0;L>+EX`-T(3r zKM243>NiavfeU0f^$9jtq8D{MA9Go)fG5FT=oEcPpoD-SK?(8+V&g>6Zk2cp;~5zL z>JR^Y`1Uuy9F{CuroO*me1lwOJ{B)tYVrrYii5Ou+cuLE*a*xMbm7NsQXYC_Jm3aA zqZ9u5H}6=`8##*Ojy^{B!}FUZ55WK7vT{pXtl;q^@f)-TZxFPCr|IjSJ^KvKn{U0N zcD7qNf^hH`@(Eo_zi@Op5522o8`n)OmN1V?KKLM<(_A8tIX8Z@f?Ss_Ukcr1OJE0) zhb;Q>>p#?y#-q%UKQEfuCc6l@@cpKZ8_jVqJA62tm3}9!M1gx`B91@xH^_E6B^lDc zs3>eJEj4^~R$q4R*b%BVAIRCCzVSvV?AyUs64 zYd9*q<(U3@DL8pjdXIXYBop9gU}B5z*|p2$8$pRRl7r{ZpR+mQC{}R7QO(Fa3tFgb zx$GPGp8oBW4DBe{&fM+VxzhqG%w;?A2t2q|GL!z_kbLCG-?nYr>BN~}C-fk@uo36a zpA$Y1oufnV-o0aT6*+(`$EHPhAOnsG*T^_kq>NA>`3I(U31Nu)MeRP@}GF1C%Fz!31I$^cPMr;J^mWhf z-Bt(PzFC11J~lowkw7^0hYcHIbn?!-i_C_>HYb4lz3;si z#*7}N=QAd|(LewB@BTqJ>1I5%S##_GV(dM3Wpot((?9U|EM4?A9{_lkX6y;{6~etK zqZQ*017N^_0pXC07L*9iB~B=cqf|`WQ$io6M2UFfUcjzW%fKb7} zJS^wuybNvx21W+wc8g0)2q4G^0B}?aj&mz9?YMDc&ACG9Eto&o6dQ)j=+Pt1@Sd-< zjxty`ZQg1|#{e1JFf@XM-~kE>BN&B${`>`+l7X=!ytr__^{-pEE;2}O*~$UJ8polq zuuwu`kc>jDoXZg+YK|etiWA1+E3dp{egDmyZyA0L$sr}Zs~n-GaYfUvydOCY4bjH2^WLKw9eK1J$hr%oNr zL3Y7Kn+q4rGlhjAKV`}!Gh_*fj2t<_6cQ_pbLY&oc^{_!V=V1Ia4<}tG0hAC0uifL zuQNR2FjZAoS=}vLwuOHE`tv-+od$rUYcT025=Kv2zh*z+uF&$MKy%Z?54F!+eJN3f^&2 zFI@b{6amIDeJU%fFz0==`a*CB;eN9El&viH@7K>1!tfEp!YJW`fXAjyGQg#@!8;B( z#?bW}a%M$~1OUJf#^aHSN;8C^6^!byf9)&Q9}LrG&6>**Iu=Ha8f8itBaCr)Km&eY zwF~Ez;0%Ey=oUpbY0^aNH#-e5hMAkrojV#nFKTS822Y+m(dZP~8$W)W(Fy$|3Xide zbBZ!tw{E?Ri?$ZPA>xkFF@F458TVDz27M*y*0*mTTiM0IW1cW{;L9A%V?4 z24lydMn)maFqXF~0EFyeZn>B*;L|P!!GZtEC_OjIxkx;`R9eY0f3NXbfM z*Q7}kY<28dCMd}Ga6oW289#w5=89k{w2Q-EApU}Wam>(B7>3L%cw;;m?9g!c?mgr* zz7?jaf1BjYU6lhvpb4iO2NwQ>=86TMKqT9`!2$AwU`#t1`F;Bp8l4lUA*hI>iTq)H z*2+=8e(kz~x7TI-wlld)Kc-BcWOxLB1ak%sEVj949xsZHCW$YLi;8UC;dkU7yaP|; zbfPb53;E1=F_H;pE|@>toMPzt?%lg48=*%W=p8$Dt4*yAHfySR9%*_SorIhOhu~@Q zZ>XWmL4$K zMF5<>B4??Gd^mUhyzn{Dg6*spHrK8fcxcwl=@#UpKgbCJ)aZ5W2U>950@&kN>M6AU>oCj#dY zJ|r-SGc3gpiSlnd{Y)25x_24yH>0H-R+s+ z4L0T#(J4;#ZP^M(E04(8K4$@kV{!oLJ3KpN*l>fhe94k9WcaYKUwVc`oHF%?ws1r* zX#NR`;EawOJ=z?2oXo*PhFCC&T}cFo`buwOlVU3#lMnYz77gIU!YhYF7uZC$%Sv^c3y&Ppiyk64GDfll-2jfDd+-D; zG0)hB=tAb5ARr4X1W1dEC40nsBg97pRBzp70p_X&Nd^xcYR||scGHYb}o z?|1OebUC{+k>QIL zEjC?%jfi}J*I7V7?}7vRxLPt{a@00mPV8B>my?TCksa!fjLwHmk{?QITZ*Glr7h6IZS3@B z9Xc9wBBXE{1}fs%TSm`N2`iYoLQzQ=3nhF_WeO#P5g4Q=t)qer)ptYjY&tZm_Uf9E@9bTdYbphJhsY&$qik8b4 zdxjZ{-~t>Bkugnu`aVp~I0ol71y67QP#`#E7)sC!D@6+z%s0h=!CJC@gV898m%s-* z0e<|(Kbg~LM*HYdffZt$c`kQi;0+8$`pXK&Pk;8yFn+>VqdEG@7H4Q=`HEEu4NAeT zT(!pFLf<&B7~SSfYVP6TS+iys%|nyU1I!E2Y@89se^v9woPZw!T+lEyzDhuWw zT!9lD75D;Ln>A~?jRSfFhZt|HP=b3tUEyNY3dM}E{)d0?uWZ#6MgHn{zG?FVzMx}p zfCG-hgp#KpjC1hd#HnCqre}|yX4LiS*~?@HbcNFje#Dk`VW7bC7(f_>@bw!%`I+sm z!P$iW;9cnVt+(GZo?<1I{t|e>$z%rtjxpn4M+nY*k#LCP56{4l)JG=3D;SgXmz8y# zPgY6k8$m*d4ugbMnJYGi9=0-$)AJ?CBDRp@I1>0lhH`;lF1EoVXQ2mV3M zLa)dWR;V$!*kMDxAO7eK3*bQa&@HkWCjnYu7tKe)=^uah---sSjeiN0K?mRc?jIOG zA>WvLc1qx!AVZL;ILa7e&|s&Ios5Ryckn~G5hF$zudpivM+N-6yJ)c)%fQ5VWDaq9 zf9KV28ciUFx^?dwip8fmXuv}5u?wcW{D=Y`Q;g@JKmL$m1Wj1sg!kCm4s9cssf!FF zXf#+sWCFtA>VN#>KQfvJcZ>xC^}B!c2d3X}aM^V;Q!)dZBzS~efoE`@E{k5ErP;G* zTHmi}ZW#*~tJ>&AXa^pFe(6J@c$WJ7@yXjVWxwzFPI1P9rH44&Kz4EW%ZHOLU!Xpdq;#vf<(x5czEdW z;RcdbPaIX8A)F{yaM3U5YR19pE!+IDYX)mfEWofErmt50kw4%K-oGMVL+256?IGEP ze7h<;h}FwN;fi+HtpI;M1fjzK06+jqL_t&~&I$`M+P*Gb&Tb9LBL9E?U;duq96Ny( zZJc%JlnbX1yb|Oi7(~F}ylCV-@g8{PV!rufrMypJU(snVlLc(?$5~`71O~|C69Di) z&=E=pK07|(b>2H`ob>;u>;Py8M-p13{{#S_QEX1i6RabR`2xq#AZ5o-m=J#T^IwKy z$-AyyJDdD~X2A6@$q@o_>>lXZtEcrD{WNIE5Cu&7Xskok_ZoAQabA(R;E`4IIy@%2 z8u`sdpc0-!HlvpbhC#FFLFfvd$UA*U_CV+C#$rbWW2bM(l@{Vr#={&#+X#2&fij+s zO+9qjaI@(cEAp55yng+f;S!wzZD5D9STShuphV`#j%4*8dbxS?j@^6p>TPsNR@fr!R59B^{Tw-Zqy=KYB@2Ym4|(tabBw*pt^xEX>A)T! z8w)%$H}w6Y@WuQU6>C9EIA+n21&Jn%J`shcW06bP*uY?(M~)m}3j*kHY-1Jyz$1FL zzZRd+ci^r+K8^CBMJ^V*zVek<6ws?s-^$D;Vw{zg`ou>zHJ{pnKYR{!JD+a(ghgj17|+X@L4XmhLtwM*hppA^#ON>rs~4>7pn!%c3cYIi3KJd(LKI<_Zrau- zVa5&sjD+MffKsh)%rgeXF~%UCG--mZ4=mRsb>ZU~C+U<_IJd zp@bUSeObxDNNUxpwFwdW%ua)~>-0Uan0fZ>nO459ggUF+jEk*6C{ThK;06JT;etTG z$e19bl>QO%#c;>DM%W{)FpP1=UVdqzDMyS9loQ+KFtlj9P;K?mJFA^rv|_^eX@{K% zC@~xY3=o7lFqsp^PkEI0QLRE16-&uUaR3u%rgiH!W}JTT!ICg%_AGN!*RS7Th83%B z7_N+o?Z90%K8!6C5zYzt;tz$qYUOI1&k@6i*>4B{ADprJ4Gvg^Mj5e+iNk~8!$mpp z%$%_e4&#!o-{6eZd-{Y^z*rH`tcZ;oH6jDMuPJ}#2&HiPG&=*voAMwaK{TFi@!$<5 z30`mt=_9)}-g#${)ng9$-nY28$P@y&Twk)$0x(sg4IEllb6Ks$_#dwNIP>5Y#k^qy zTi<2CiS`Mwu)@i%2%P(`eEAg{Z*eg@CpxJQEewYk=zIhH%F8dBLSTi93uOacV(h*B z_PeGu220Ul__CsgaRNRu%u(zZ5;)6j%f=}HUnM2$&0%G{7|BaSbJM0zwYoR};Fxsq zPT+x6Oxj~^w#m^bXw}jjfPSJK<_CTRZ^;UDkv@HR*OV$e!u(^v!WZxWtL!LY=zPlL zi3T5fBc0!eU{!7o6bTR!OkpPxze{oT%C+#)iwkTup6&Pa1)f@~ z&j*r~xly*-&x$sR7X=L+L2CpN25LN4wJL*A&*vo=5d`blov~HUA9*upOgE<)V;0c6M*tH?^p#g$l2cnQgZZY71zEy8j~zS4XslRp72U*U$ssS!1YTM1eQv1s*C^kPaCL zkAwGuf>t)RK7D#w5D#OR-B-vzj3nq2htp)590~#v1Zku-D2<*tE5HhBf$j%7|3dL8gonlY}Tw9%I{}E2jKEK8ZwOe z1IOS7{(w)1%CJKo@%cw#VQ-@+WCBh-^o|pIRO80sW=9uw86UXfvxTA3k%I;evavLg z5mc&xEP+&lFgQ)fCg=>O2O}9=;D{0&U=?e zK79s1tbWcAzrkDR6L=5Df^X>AIl$Zyc*n?xE|B%$j&UNt7s*ld`8uYydWk2XT>^LG z$B(rDIC6ci#z4QI^92j$8Es%t z3|WHlPSA1Bo_&UE=nt8W(>rYVP`jgV!8@N}ptlKX&>s339J4+96FDL`#p5`F(Cu)| z>n6?F-MiYcIA*ME%jQShSiNPXn$>R{D4Zo$o>{p^-xA1T(P4}5T3uab&W?Q(Et!w= z0$y-B&7m4S#&!kZ6i%2p(LTxCw{Nelc%z5eRf()RB0j-+Wfw(v$wFxCnB*3VIph;q zz<@HpcBZOCAorr{NVi$O~*P* ztLQm`9|VV34JRmIznvqT;QY0P)-)gNET|N2`>0R$34r?7S-jJ%iGGhkI{;9o*kbS` zdT{DgcC{&BD*79tU4z)B{1yndCivpQ-avlv$pvFZmlIgJa^tq)gij*Ymz3C|SqGH` zf9O>lZyaEDGcXs-AG#BVot6J<*RG1z+F9U+PfnWXzgctUs(;5!*H4~0C2Y}le`s>z z%e-yYF;5e-84#{>s3e0S9;A>cEO`1&IBG478)$Nfq_pTCxDWk+Yatz?sBlg7Ly zyD4$Hu#a#g_|aqRAM)50gChrAZ~{swYyazovRrIq&VV#K3|Kg%IMz5pb{U=U+c`-a zIEGe9nWWJ_`bhwf9V$tkPb~PwcIpnT8*hIR%!jS6abD(#OXDAMPp~Y z>XKcC2ib@8iSZkL3|HV!wx-636M0aA?{R!zIaBi5$vZy zc2VuwwbMTRnJ{URww9kzx_)m%&N6&Oz>u8nTV`HQd;RjSEbKBH#YIqQix$IdsItw?YTas`3hbRy= zdhA%+c>yeFsE$rl2|9FoW2}~>M(hF9@{n9cYuNMn0hXi`)n}IrJEPVrC^P@X7tI#C zCFh@@SMNTBwm_Khzzd?sJ2o#=$2S0eEuX0=aLzjmXtcpX8)dq;Z>4srRo5Th9(EZ{ z7<20KHo<2!#8j#Jud&Sa`t?gZ8*kthET&HZ$OizPjrn`5y+qh?IYD#hazW?M+z|i? z59(hlmXMOAJ0n|#gsJQ5Cgpes05Dvzq}#PJseDiKdp)6{M2A7XKl|P5@c!UMPm;ia zm-jnmlOfjSla_AV3W1I+@N36N8~V@7q+xiQey1HSe@{T??nhm@WQ-0!fs*{|Y4P3j zsqa@h-(i#Q< z)%$6QnSXMXad>gQ*YiByvpvUYahdw*$>e#O->r=#D|yryy#JPm_SudBZ zj1^A(6PHWZO%=7*hRS>3wJWTzwwcLu zhdwan@nBooj8?~;N~?OEEHYTpe8yw;wz+fV%5&Ip`M7M{h5^z)Ue@!tJDfO;XRe&^ z)HfSZBwv#nb!{}%f697a{O969`?^`y@a)T`~E2ACNqon*D0-39ef0*R9J+VNj6Us>b=gUiRsv%}@tuWV`LdAh?f{P{em$78^fhU@i3 z=}s#KQ=alY1%6m{C+O~Dt)n0M%=ox6a}tj=^GvSOTU}|dn~a+>6en;)X#!mF^+4O1 zF;T|n&db-1LGWtFmuV)OZ1;MObe&~T9BuUFakqrv9tecs?jGC%1oz;<9fAz*F2OxO z2<|p83^KR}4?4KJ47T&`zxLDaew&)A?x~*Y+kKzsp5Hk#fW1?@K=twqC&$mviWwI| zo}_{58PI3_j@*VT#2_2H`OARkUh^K*A(9%4`28t3-r&&Zmk+rTjSp`hNo1lJ2z;@d zTmg!zH{FVkjbCv_Ocp3hyi#)}if0H)P3{hmrsPX>TKK#h>+HPy=t)zWu&n%|-itBG z+9f)&SP(C)_T~Vgr{oMZkROtFW(DUWh>#~6-uwQ1%y)cSP<|n*ZedT#<`<`SCTnN;`PFfIzDw6)HBhTr z??a#L1$B@F>*^Ja7kbUB2EVSz0k93v_n?waFzv=4G-&rixtF}FE4;cs>&>yg*tw86 z3jgldd!)3$H*wYt95XvRc>rtwk9MIOf1Po87Bdus<2CiXg&dvhw8sdG`GcGz@0b5N*lX#Jx5;iOpdjnQtt7m`X3mUCw z&y*Q=du^Ux<-TO62Tu;ZCLHWJH96HLExeKGm4Pk(&H{OR2Wtucod)VB zt7spo6PKokS z{@v9hnAj@XLH^zysZ&dnAgF#4KNR}#4-PMtuZumK-;wIDlOAxJum{|=Y+dHhPpxk9 zer23+zd!hK;9Z-_1~&;^g8#3Pn|BUU=(VqP9eAOB9cscHf$+w8bNdrCAm(ZoejRrn z`ZMm&zWS4UVic4d^8F=6@XO&kHW180=b%}C7Bc>M2k9BnIn$USKa|Ir9Njt0+0$Y& z%z_h#5;aG5OQ-S7BpDZb_tX-zXlMDmj=TPo_ZtUKOfU+Br_0mo72%S$zLHmhG<;UT z zq1vIgl9)z7Sf_AVv%K0B25|#+{{KJt-*G)!eUh_f9E%6kYa4{mZzK(`b>GnrIwSm` zxx5oa%U8tt1^5Du<&NU`4kGWJOg+9z4O^Ycy!7?O5oN{^#mf$)n|SL zc>8eopkJP2)Afp960{fKk5BP>mH)cJ32GMiIg#P6RQEs+;*)wu+x%Qm@~N%id8^#& z^J~8qbnmx9mplhF8aSKKI^dVPd&a@5VHx&Xd`Sa%st=BCRrT@Z{?-N@-03nhir{6R z0XpQK*)?TUiXWInUcTV`BNacJoV@XEw2cYki5ky`Jy?kOf%4zsHMZW`)t~zmS~}k- z_D-yQ6X#0|W{M3Sl$uRMhNM#MG@^G66)SJxix4reCw z6zU6ixA2m(m9yhYI3iEL3Q$X=3FW16wt#K;oC{xcCW@&cmz58myO(M}%;k3;t|4H? z;hXj1;>43=ny0ERAjq{*;}&`6J7F<;ExeGwvL0D<)PS@ELo&|4>R=QI*Hb(8pA0yr zoSqC$#@n8tj@!Nb=;lgFk0>N5_)$(JFT+nBGdnZ+*WHI%Pd&E#@F3pP^Gp zt$x+HXXVEB`RPpn}BHB`?5v|MX@{Sey~$_k1mKU{bJ0igspXGI*x= z{jzr9244Ie6btbM!|GiUYXAJM)L|y-j5cIi6So%rrRQH_Gul+hTNW<-{v|EYv*ptO z5=JkNcf=$pRBBTvltCh*k?DcDzTFjo`C29#gecDKgoEMKa_Pt06X{N`6F1>X6EFD4 zyvP~UUF2S_wt0OpyIGRR9-d4u|M?5w+4SdJVcD!i={xGxz8Yh{-a+9Q7x>z`NWEZ9 zClcuSfueV+NT&DPT&Az(M5K4Aaj%z!14Ig!3BFTO;*W5JLc-u9roIT=oZgd_);^%G zyEI(PQk|D0;2Z%rDp+==xIQxc?b;;JcI|CE3_Fj`r5z~{^W(45eXh`AitH5+s2ZCt z8N^wGyP)*KwNiZpu{7aiJY{6mr)yml{ElmH+a~jPR$vWobJ?7}GyR+{8wi!^63VSk z*nNNR;4|@XxY#v}c-)W_Cj@;ku>b>Z_l;d57e5xQi?BLXfurlZ%9UAgOOrz)$W|6$ z^EM}P8@0<;wz%oou_6uY%9QY=H)z(?Sfs`74OX^H{&8=cq2b(y_3~~OOZE#xQSvK) zx467DFJ^}G-!Mb((>WSHi)BrT)QbUyQIj_?aMV*3NpFRF4$|`$lVBIeyY-UnC@S%+_M?Rt z{$7E)oeybK;XYNcLlJk;jW?uV9YX#HKW&6q#J+53F^VE^VAjmf)ZcIfV^Vp(#WS?r zRusLx7t+Pw;uh_DY_gvGv)%MIV-&Tr$fNe`4&JKjq&PEZ*E){Ol8mYg+tE^*z|^dB zA)Sfgd-rg>k!+^zDbI#u(B0oxUp@B7huoV5JwC|#p0UFXeEWXCV^rYGGTq9A@li}H zW4Ns$BY<x$&3UEmWb1WHT!%iHw8(SRTS#E@z5V8Gp4`@JvGp2q4ryulW_FZTreK}4W= zH}MLujlO^Fjnb7m)p5tvJ+%Z;g$6ASr9wUH4-*1?fY&)^=~@#p8CO?Vz0R7?38xs9 zAiLS0oW7U+Q;qV8Uvx~~z~%mZG|wvlLhJEd>Oi-9WF>Gb1jp=x;|s2h{neDrY38+!O4YHYcp-CZ6rVs(?n zH1LDR=|7?4FL}gl1_~S9W@@k{9-F>j(S*G%)rulLf8fJmPP_8U{R>Hi;2_9mL(Ei( zU+Yw*&7{lLXYIvCn}SoO-cc+iR^txQ>o1%osw*w#10!=qzki#ym9%&t|07y%v8xOM z=hZo{zi?WQ?Vp>1?hG=;1KdIp5#m-WHI0bpst1&yG}!{q)TgVd(gf);Jx1N`U@z-J zBi{L4EEWH!i)WYDz{@OY_Dv+5z|7(UY*oUxkVy0JE#`d$-+WDx+I?{aGGR6D$)3dZ$^v79&g{f{o3q5TPkoR_>NN9Y1T#Uw9baHK!YeSuf<1@_<)MKTv!m{`V>9aUb|r;ZHjh~ z{Gwsoe_v$ysG~yze57=}V_ES3vRh+Ixi|jxox<}wl2W+pNohIArVZ$blo*$Kbi4W( zv4>Y}$oMzqfW>#sxpvR{5?&E*C}hdnt{q*UU%#xGr%+1xQQJ*Ca{1>!uS(5VI$xg( z4Z~N$kta7@Ca~4n)a7B&5Dg4kN130Y*mvuZ+tOCmy7TZaI1k>z0^vdc??cG*W}fKe z-D8&lc`;I{_^S4(OhjlIqt=;SzQnkvx`&r4o-iKkbMg9qJ8|)(gU=23((<|J>62@{ z%zn&0Lwusc&8%Itnw^v9CVJ$nq|hc_K(7_-qcQE(=~X&?rwMnkT}Z>Z?ab*Q+KL?w zbt#+K+QPav*{t!(2gHGndZwo6(_fTVM0a4jjLTuQKf-IpJf1E|>YiskQCH8aZz=8v zH(e7S-$)F)*v(!6opR4kewg@suSL%S?ZuteX3v=mB68UG9)4+wN63?B^xZVzrzsEd zXeC@?vT_tiD!$xsNe`O2EV&C|})D{S_o zFTQjiq4N$r3uO16gtl*D2M)z!JEI$P zt0S~anH>nJfflsA+B})t3;g|uGu`^ax*IOMaF)zV9e=msOq$ei`FQxf%QC{3$fieH zLS@S~s2evYfBN<2r8!n~`I7s<8_U;36MFExay{uGR5ZvcSjzL747SEp$*4@AqwVS*2rg<`Dk_%yx;`MTTb z!4jF`R`pI7PrUAGT*1 zdgrT&zJsKL3$RWKe@_|dU^o+P6=IFzOHIN`9G)`RPPT`!HYEXUhZ(Ae={AQMm}`Kf zR9ylm=Ebc5o2LXCNb*Tm!^hHhxip0ocL564BMw0CB`QA;Yg0GRXv4I3|5TA#ehSj%7iy$;@JCDt-ZRVdI@BpRTVD#9S+4 zbYXV`gEV1D(++Ig92-%4Jl;h)Xc(z1m zJ|vGvzp}FOc&)?p$VCU}Zvy;h2#gDE^V^%4(h|jYI$Z_XjFc6ITUIXrdV$AwRf~lr zwK^|^tv~HLrrMO2uBiNMc3fcxKFqI#`0>9Zy1}Pm*C%FY-q)*GRWNKxi{W>Uj9n(u zHr93whO~YFz+a`(fMKiiG3`=OFP=B&3>#YwiCp#ehpXP}0z!sxYsLF^dIL%8+x@lG zT>|~jrb`;04^niYYL%^;`Mj-}I&usXmiBC6C1 zDYa3{n>fc$Pj5VoJ3M?Fu9O}5NdOO`QZhzB=am+E!hJ_3D%Uln>LG8Krk%o}S!Zk|s&KO7YH6$;v@XJejxdJvrM!e>Q5{Z@OD+g%V z_}0MB8Tvd1)6QTT4>NAIosiz&HlWOYsnlF~cjXhzDrzpkWd zdx@j7ZGftFNA|t;^!?bQJZ}<3{`ERz`(u-%55oOqg^pe`+PVd4x%-;2_B1r!?5BKu ze49X6uam@a2*noR%z;Qot2)4kk)!*O$LAaRhA}F`a+93}6lu>SA12yZ8066Q-DAGb z2ZQvW1z5A7zLz>dbCNIO&6umPvM+G1PycMpPJKY1jX06N+9{)a08B_Z^DceGcuTKd z*i~(S5EQsi(}@m%HJU~g$wZJEZCJ$C4QT{42z#8&Xm?`EzLpxQvU~1NaaEag@xwvx z$^BHS_;cET4hFbWr^|!9q4>huUBoFXH!XHuUlNtkgs#XOgp2KqnLMp2UQC8QhPlA* z?TJVq*9ouX8eF<+qPVt%0orPQ7uL@wZklH_8wAWOtj zG?;c3Q^NzNWWT>!P%wEW)yI->)DM)g7h@tJw7&DOR%t@S3o5wgA#)DN7<-Q{ICPzL zsn{-@_ZVV{?QzK2CZYlw6!ciaO`xiE754;EUDJswEl<CvckF^=0%ntMD*$ifde;?gnFVYVplk#_uD;d zU1eG;qc0`YR&_!+uF@tfOXSDbX49FM`!vL%)80o5&b&FuOA*ieB-kVN3)T1}>?Rlk z1G2k>-Om$#)~(a0sU1Q7do{$)p77#U=R-j7t6vV8>3bNgm!);Hq7bwr{Zo|&x=1aE z%rMDz4j~LhDmjZ`Y;PtIw;ZD7=?x0~*5g7`?Rb7R5|kxm(ZMW)!rmVe0vq4}5Sawr ztdxBr2x~$PrAu1kI_C&H)7GkUXfLmQDx#ejwFUm7LZ;#^>XBylOw~%ffZK7(uF$#Y z!~0InsSdc7LROk2vN@i)v`ku9PD@_sgfyV)m`2oR5##P~?r0tz@oPWB}V#CYGgW)7!kJ46wVvzczhR z*!7DRYJ&kIBEs})zHw(ST<#5*-K>!=Ki(d5E&po^>?$>FbCL2fw2SzN22C`5HP3{P z{Ft3k{?6b_@CHj4qFbbMW3-t*Z)KQIZAiI^s)rM~xd?k7P_kpqrwqj6)^7OkT<(+| z-zo}9Eu2rm@5^|(Q)RmXja8@Y0>+rngrD2J&*EHeLeEP%a7hB4l)+6uWlRZn$62NX zu|JETVnq?zmaB$zs^(yQK12PZOB>oKDcvMl(D2T7t;e1vzBcvHM7PK6ci0u^r^O$H zAQ;%+d8vt+auKwiJCD58cXKpvM^q1qyY)PT;$G~D-MG%h>{$P{5PXG7JS}kg>=S^G zoII6xNWoA+@Jg!_ZYhknOt*GTE)=MRE(*3O|9rP$l<9I=i)b#rWb|Lm}^_DsvVeKWMHXkIOr9j#OIci-

    p4*i|7OmU5KUoWyiM{Uq)2GiYl^<5vQQ`<} z^KLPzWsczOYtnnNf%fXE?Y;-`O|-p)!+sc*Guvq=7mE|;whO_!*8y$|({TEOV}`Zdj7^vD4(>x^jhr`^OP22zmxn1dUcwHQYemYBN5?9oImj5-|JQIR%c>3fm!L<0t26ma$#Z}m5^4h)Y8&LdeZ z*j*v|+Z*`pz6w6~u!ZioI<@-t1u~2ip4g27-LKCJrLow^YG&a+D8jw^`Qna$t~bQe zE4bRDq{c#!`3aiTX*QDo1KLxNnH(amDv)U58?p7W34GZ!I5yj&oxH?=HddANeul#*JV$MC1A(=^STJt1t&bHc$8aeR_x=ghU10O48~E| zctjCmby2;0UVmrmwA?m*NJ5=SOH| zGwh#{he93c8fy7D0m&0=&F?Hy7j(teNP>;+x02a&S6LgVES1A&em(RiWp7vw={(eA z(ByLh*qdUYbK}6)s`TbL^SCdOL1wAxQ&;jk={O=9Wu4K#Ago%0?O=>-m%cUyi%f50`U(xRz@XYWorXV-MFtx8U1 zxpv>eD9j7@eA3vyR!=J+q*)qsl;lDLY6SEptxYSOomZ;Enc(D9VkqO40F>z;+N z3r_w@?2@l0h_7~g=G=sGaf1BC6OQ#hJY$*0lM2oFkgX2C|L_!#_n~e|NdzJLC}Dlh z7#Q4`m>1?C!7OqG56w!ef%U^6q)E>A<*$8buh@;unJiBQ1F;zgv$vbOl|QB;FB7l6 zzc(weM?m-nzUKMz|EBlV?JWDzIs6!HaX)mAQQrT)Yl!LHns3kAH%KMwQ*beGs%$ptZDAC|9 z7qBSVA7d2^$2XhMDfp&s9|}pOxjzJW+rXZx@t@^L`?uI|M65;++aU$1?9+%NKRsdyI?dU*`Q+@9aRe-Q0uT9ja^ zUYg2&nMnNBm%2|ut^uE$^uHSY5|VZOq{$K*O@*MEolEQ#NGtO@bax{TNrA7|H-5K5 z4y#NKn6y#cmg)G+=N4!G`4y9zg~h(VoKKUSZ*#Gp9J7ghT1dqG_pGunAn6!kDtDa_ z6im2F9*Kk~=04A=)uOGfjS?TfzKA=mj+K#)L)nLj94o8U$5(*5skbxD>Hk+@MX|T- z3!}wgBEEclmr z$hyR89}#O3hYq|F=Mh)84x=D!@aQaX`fG$$F_w(!g&$3IhsISLx)_Uct3u8b@;aNd z1wOhGJ2y7pS@48RC~%pkQ}+1!9Hi^22z~oFO#%x>4AzM6!=Jq2F(E6w6~>exvBw36 zb96C4pY=$&zJKk(2q?1SVWy~d8zGQ>^L~Ld&Gk!gERWc?dro(TDA=s7m)t7QSH|7j zXyPB`(L&t8?C09nosVZ29PGKZLdRwaeFW2UfzvLffzV%`IXc82g~SiaK!>LmN-efCegrzP~D z>OY(I!$ECB%pJ1Gdd=$?`fzb`0R$yVGJnb7)yL)fiye+G)-3nc5WYC?#<))S77-~M zG_2mDT45p!72(vMwWG@(OufBbs!T&xJr1~#<@s4zsb=Z3pNsm7(^4mCFC zE}Nd2zwf1`r&%~D6*iuW4@5oJ48qtci?tI5g~u=JeOeA0R99l8C)t}Qa0aX6%-35C zW={yS(l@Js>uwEHB?6CsPvawoSrkWeK_S`5?g~&DCmIqlqhxbY>oHOuplkN0?fz!X zI^<{hFZksoVo`)1YW_e;(H}P>RypXD#Nt+0R0#V9NaCP7zuM&xbcngcIAH=|r<0y4 zjYMFT(2$>OrxElolLw4$^CIRvbTj^+#R60>U>BX{tCCHjmfUbc&qT1zv=nIy3b4); zqtJY#(SHBD$jwm2cB!~D1c2>OnjAE@0Y+AptG7?oX7M1G`b6m!!t0-+z87g-=TRv{G?D#Dn`%q=gRU@=r_Uyd>CYb?@ZUyjBYIP=kxjAtNY}SX!oS-? z1d3R^wh?T8jhr7qd&3V~&sBr)L_+4i6MrFA3WR$L&f6xSM$BPx_qemVNCFzIl%;AH za|M-p!shjTif|gRA40~gTmPDm3k0KWle@ruQL6oQ3UjQHqLAYUF)X7iRMtw=7s(XO zd|N!;@W11x4v6c+Tz_9sK9Ok--&A)z&dbLVZ~TasxOG4K+LbMkixZ-Ae)9KVmhIj{ zS}GS286ES~Zk7qTU;Vh4R&QdDd667tO+NM%o|=x&aV4U(2tKwA+LcTE$^NGLY~e{I zS8(mvHY9r^Er|P;Tk1yK?PJaXkJ>$vO*AbfqMX?qoE*BYZgb=4cp|ZgRrw^UJQZ>9 zq3hx7sqr#baeW~L7(A35+Sl-brI&Qr^d74#s$^d3@~|!hMex-0WqD!jO?bf+onXqM z#1IVEZE=W+K;hhd|J!IZ8xY415UmTf3Rt&D2h_K4q+jg&{>mId+cwyk?(S9VVR zz{4Q%w^r<6Cd=Md5SyPG5LI=?*@r@WutuUJ9NEL8!b`M7y$z#=Tm4+VF)n^g4Ve<) zpngo`PljYZCEN)v8&&UNs;CmR{*iCCcVoX0KcS@DYG^nmUJy`3;}W)F%esMN0E;<~ z3&j^R%aHbaq6^K!w!Av_y<#;}4#GA(X&QNXJzm9}GSU7)bDt4F_?QruB#BMyh2kNA z%d1?QK(*p1l3*{YsH!?Q_LV#9>-aD3tY4ZH6J}D}1Mby5DM4znL>ePoO zAz%{Zc+u4>1%>s0vfX|4JM~*T3#=8##N2OLtwt_b^P3dg6Pom$Xw2Ko^_#THFeae5 zGV`Ba+F8N&$})o5#~NK<>2|-|jPRTl_OZP)c3<^uZbMBlHi8=hvUclOd-|Z@F4P)| z+(Ceb^dnfLh0EaEI|MzV^`ql4tyr(k0{dHG%~t79p^oA3p&E&b=~}0<`^exrcy=}q28kTvbNcH62mT9e9Y$d#ijnsFW8YZC z#<3y+Xl=eSweYpb(-QNH%DEOEc&Ki5yIjmAVJbX?+Vw4qQhS+k;BvQkpvFv9? zGPz#j$}q1LhX*Hhz|2dbcq1cUagw-p;x?=ZsR3yfT%v+j6T_e5zaigE^#K9%bP3jW zZs$A_7QJqIj7{i!eaTdg#jk$=QcMYN9}Z7TURflJ*C(c>`%c-2;uC;o$qv#VTtD>$LTz0Y)rw(i=wXmo~)#??;@dM!#$+#&>+>0wN zSGYd4m@QiZxShOQeD_0qDtcklA&%^8Dhsbo;Q^h6b`B(Nho^zQHl_4@|Ul>ivA&N>2mY zzam!WzK1SLQ|pjL>LyAv*#dYPp1#f|^yxrf|3DUM`r;1yVsY7s8KOw3CsNl07>YDb za?wZPWEzknj2CDZ7WQZAk*US38_JOYm>k&PA@~;4oQTuw>L@VKSmX)0%Qc&ayy(7W zfWERsWbAqJ@Lv20QN)W3$!~nbVSl?8z}J?8F}g4g=fFF2POBv>6h_Ab1ur;$hrQ; zII|FV&|xqDHZ^U79U4qaqSGXlUNsAF;7N3S8|b%e{6P5m2QVNf+`^$sm4DIM|64}% zoK33MEn)&=DGRp{JwB31AZjxMcQWL=s9+qWCgPSwqFBi``3p>D@ZrO(VQaTW0==MR ze6B;F?75jCi0uBY5b7eARRCM%BdB}AGH|e-#)VEv(rfCeune>SayJy zrPGxH6X*hFUut;ZP}?zG9U|+%w79RHn5yL;GLdSV*}!OgpMY}|`jP|8W`MhNF&;gj zs!!#c@Dkg?4tI59(d2D3W7rw77&k(g)vJBVAUktS-U=c6Fmoij{mzeIJ7Hxr$)LAv z@yK0LUMj`$8MN60IBwq1_yt|b1eH1vFV&Iq+u& z_GWAgs2H?ik!I;-Du~@?rk~i&)xvF!wWs2#`PV#Jx?vwAPD;A>>o-DBm&C3uQJpp% z-haMDNmTiTBC+^YO3^1-y#Wj{%-vu)n2o^Yz)iqD1O9Yntc5X=s>`VhZswjZ#pcx# zW)Z|4`DgWg!arI1#!pxfQYp65c@s?iu8L#nmyEP?Cz|+Ju^}33$6eYb{t(JT>xzwy z0~gu5v62z;gja9n~Cx&FKnXACq8-*oA==@2YVd;S9@Eb zFU}WBARUW@*0_ny3yB1L)~7J*5ObeS?4gDzeO^TX>R;!!myQ&>wy^?%+VeYCk0*%r z5eXUcqBMPAdZP6mtj)5c2I?efo% zBDmF^8o33~{Ar*4`d3DJy^mF~BhGkE9EVUDHj4gqY8*DT0xY4!GG_Ascmc4VYfw9{ z2y@(nU*EP_>F&2AoJBrk0&=}y9zr8&{6BUgza3MO7$P**`yu)iK6oJ0rrva#nYIZNk}O^)?QGT%JG`+6=AoIs_;f<=s*m#n2am4LjL+Dm zT;&-N!v>Y=(=Ay{(i+njd01kE>3bjLP=wK7V_Bt~AMpv7?cQi&&HlXc-OD#5{8IUz z#Kc2`SqUrhebKoPFG`lCxIpEcS!R=dFkLQ+3Wbf$meK)%Bv#Ry;?sU#l?e?oc!jtP zM2rk#TVe3tU7AoafdWD8JR?pvl>K?pWoL0nQJT3Rp8FFV){!4J5NjL8KO)M$pp3mk z$F*a6E)l59@z^JIUDGTQll_hH+;*Pl00}j1#z;&YO7DL;c2~~*i!|asqhVaUw8txN z?+Ivy=%nHwTp0y-bS|f7TNtO^uyFG_b;$$2;Jvr_bJl`Z9IwC~t{|m9t(zZmi4}FC z_rBI_Dc|#}0LuoO;ec;$W`8a!P4r@@=W zS9$ch8F{8s7-POFqzCFQq4**C=pa8x;l!!GN`~%f!>D+9>6!!03j+^P(v-l~<#+Li zm89;RYA|D5`62I0qc{c}caq)sxcV#@6Di3e=J{m6!Q#w>40zSU9qFj4^QsgA^C)N% zMeC@We1_2TltKh((fYj}ft1I(Pnt$Fw-v(%uRv43MJeH1w%w|wpSDQrCWv*jL!T}~ zQ1>$E1AC(fZNAwz@BZcPb#L4P`0KDt(12rR}1*MR35y0d|?W;Y1Ru`>m#J>+%PYxk+wK`@t)woy~Ac=?9(+(?I?B z<}*r{AMu1sGu}^Dx*5j!mJSAtX112i?W#Ie6D!nqd;PG_SQn$ZAUCb)AqI<=Cto5n z-|ghV_Zj6@H!oEvUGr(7fd{3=Jwb#lW&vaMV4-9HKXUcH6d{iwxhY{2g;QJ2{g6CD z0A0bA2I9^XZov^~RT4?c^bxY4d{_MD1u}atzdj^#A7a4xo-sG~E6i4HzdBbNNS`1I zG?9I87-FZ>!*C-guzJLqB^fp;7`QKEtqLIyV^Zn45bA(36H3xtSrMZ04@KAW2XkL& zsY&+#ip_o0vmSI_wRhc<^`1`DiK@yB+|0JedKLIaF`;Oz_CaX6Ec&C3Ze2(M?V07G zUp?b*SRXi-r+h_GPJN~%*RONQx_r_ncl?c6J@P@OMMC_lNcrJB3SUR(!H16i!?Zo0 zA$wPyCkFn}k-R*FV+67m!cZzPvwN%{xBK~DG2)v%iyEq5C2rwjGaciUui(KWjSIAJ%H(+wOtqt$=a#iEW{=zR{MOZgsC!)7+6X277ErX zdIbTu?I|Y>94z^NjHT{>=N?_x4<8&aO*4_n?B~J_pmmqNqw+ zU!;(gc&VuO)W<3YkDDEG;@_=gn^-U%etPaI>Tg82GnI)eH@gMBKDvsoGn~^p%RR?8 z9>U9t({C3LnlZJ2mca^cEwJ@ciM6EQom3W*}a#7z-Z^qg$DI~^fnRoLTSGa0^c1jp;d zBMl>hyX0`z+)=o$v9|CqUiKu@@1ec=w`y`jWX2NkVP?Y;qmvh6A)&GPO|Ce%4n@NX zY1z|o@~aKw?$-Rq4b&}iyd|7Q`(>Kwx#ZT zRB!4Ao1Xsow{~FVT_U@_L9I6#Q()r7U?l9u=o(655qj)){sMAs7W`BwRXgK-i~}M% zxsUHgG)va6TVKz3FR^_c&6Ho&^As;&RKRs=fP>7pqH* zqAcIz1tCjkI`O|S8zOy1b_QLU1c+|`rU#1TvH`g62Wd!3Uzj%m*@qqX`fnPOj~YYn z>|i&FhrO@xr{rJxa*RnSbgzg7rMS7TAUd6D)=dBC7@dMhBWVp%73gpg0yOA}DdjLr z0$PJ-U6$4~Z8m&mBp%KbZ5yJ6#^ngg8UE#MuO==RWMwf`pSrdD)Kz&eUcTZ)Vc9uL zt7K*RC!07X$$;q5#0QoMuGB#Ifu~y;MAL6qsbEQ&aQF5rd=X#0fdA&8MnWgnUzFkD zVL*U!7>7_e3ckFZ$_;Lraoo`nV)_35czHXsjUUH0c4FCyX1@L{O1I5n%qQxAe(*!F zfK`ekL8$W8afIj*EU7G1t3g6T^P>8REMt8V6LU#CvnQm!nGpPm&ZrAMbtgwmT-wVu zPPX$1E&&~?kXHEoVNTk1pWkLiE)#d#J^Z2I{bYk4!VLlQoTuH4eJ`@{A$(>&f<=uc z?M<0bB@8EPOfXT4)x)w5AJbIUOqOoF;)`5^g1GA9C$^`;j3iMeeXRd6K(&3_<#;eB zAf{gpuZ@==0+7EX%U$GJJDM%F89#hfb6##gpng6)HjXdeqsB^p)>TVZ(^NN-0PEaL1KYA zXYVO*D&G2|kf{ILTjn(`)~8bTsZGAQ39q8o?zwG_mf!xdbhU?}s6ism^0U>byk$0I%|lNoDZplHniiY%ytW|Zw%TB*FF^46 zVX+^2dmNaq_+XtlM`VVog3yf}=z&OWH7c)WxbfZnmx#2tc(|_qjzH%)pj0Mrel~^w zmLaFpZ*6j+V15woZuTWaoeA_R1((?1<8FS^dn?|XdOs?8t~;Gi-H-0V_4B^kzww;9 z<9y(}Zj}l`YD{e6YK4R{Nc;zt-sK#f)ZaXymj}{%vVk%>Q8CzP0oF6Q5vmndtL*W5 znApVkWB}5;ypP&3*g(UJUsDyZj|4GARj<1cn3X}hgg4tI0tJ7Y?N|DB>s>umjwP{| zQ|D08UIf6WB%6ie!!$6`O$Ua@Dg^Cg~7bC ze0rGq^d-Mrfr^h>(0uu;7C^N5XZ$?c&BD$awMaT-NuhM{rlMEdog=;BeMJt@BQe$;dD#pD&ZGc5`vMoPNqD%k>`x z^zWlZdY_>mm)WrSV0kslMWjbNQgK`>(z#X&L z@Nq|yRn`O(Qb%qMdn}4^JM2SDdmA~(f${y}A)?b;C2jzj#0l0e6r$>f27hKDtVdF-GN-7gC5^BFqj(`o^e zYoq=BT)rpm>u&5&46Hym3<_tJLksZf`LUU*QD?dRb+sQFpv@CR1v?4k4!}zM#Qz{9 zh%3L~vUjg|86PbQmOY`(@&X3B{8Ko?y8OTch-XJN!|3CKHNEf~1lIyVt72NMrW0KZ zlLcSzaeYgg&z8QPd<|cd!1b~R&C!6VTIfNqRn6;{@^|$IFUZarHl4xK=l_gzplx>c z-&h%K3j>eTU&*Nh{84^uy8VTRs~qzG^S177Vv994&co}DuE2aN4yM7CxMA=V$sB0~ z{^0JdJ(5{S45acoSlI@OkKuU{4N2&{EXDjJXLqr!SO;AIbtXu*@_eQUoC1RIpSMYH z4IXY+ZY+=_&O19Cd&lJWUF0g2q;M1CM!(+G9Z8TfrjICAi!D@-|47?1_M>uow&}|T zQ;yY)!v`#XeZGAyA0cv^t9im)q@Q7^?c7zSBzbK%@g?7y8_^Bz0(wcj09RX0cVG*h zl?yHu9P5+L&+koBW~pKFp}HclIK|nDloh$F1e^*!uyX)Vm>dJ*5$os3DrZq;jinlQ zL7MxWL?`5%2`I1drfmXMl3v1tQLx3{QP>8ngf9B=;hIMdIw(D!7d zGI|Iyre^zJe4S}HRDamVRU~^Q`!bcH$S%84DgLsR7-cVO+4r%`*g|AUl4O|>vW|Uc z4B6MQ4aS&Z$Zp0u!x$dVi|6h0=A3uuI_F&H{I2`{eZSw&ec+&S-H3bL9N|Q z<6NU2D`C+*4G+)m0pI84uYMR5C8iyvc;lQ$kLlq_&BCF;`Lu#143V;D6om6MJtKHh ze!FeDXecA|VaMQpB4Jj#zWD@HaMps;20#a3;vAXKQ{}lLJb6HAx@qu;p6IL5Ikcp@`IvSHT}2yA%@R3Ukx3r5 z;;ISg_3;`bqvhG^9aY#i^iwL#D0duaMF{?5b!BVes7>QTjai8i8fefnuxY@;HgHM= z3$P7u&#tEt)7~Ed4?OID9h3?zS#M|tsRjpmhEJKop#6c*j*>G&F3SKJKDGYgFQ;6S({}j~fPj3oNQYWCXRp7} zgol%_^Lz%NAK@inJ}TKAsnZyo ze}yQ0e;PFDNGYrol*m@HTP4|yyfAdjkbvhMORm!jHw($bH1pAH?96$fWhv80jy*Wky z0@6ee8o8cF?X)GP31B&>icROQhj{fnro--ao2GV|GwfekQl6(9^8sdcvEk)E!j=+6 z;AU!X&w%==c6t~8ZP7%Xbg>4ns7?eV(*_CanGnybyhU2zpMw< zeAslj*9{ja-3cN7p7MHmVTNMgGI%E>K#5!HXKfEuEdTJ)KT;F2?9`JtI`w%ue^{T@ z&?o)jKW+7;m8w;!8*Ucs<2gn>8mNj?j1}Jqt=4U%98!Nf{S;P{Rg-OM)9eGng{SgI+4Xg^tvG1#_M}V2@yHUjn#&lf2l-);nDaGv63y;-DwMm@Q&D3x zB2hbdzEY`m?RoKbifZF$yXb*dvE@ltmq@M+2LphR7lx;+ZcJO_aMT}MfM3rZRE!1AmyrqQEi0aOe; zWWqV15m8QD{hH19<=;hv;OGKzzZ18%PMN3h=Yd>#SfvpDGA#KB#4vIaIMq)MYzQ;l zF*5Ui!eQ{zzQ1%zyYqejlTLjH@{&)ybA#ATnp3N6@nNuUfJ!O^WHmGUFB4an1#sWB z(419V1wt^@>w6Va;Qm9{`Gkq!U4DJ|%_V;YVE_KwpUpcqJeT&53r?iomkxgVK51C# zW0qf=adC_54;CrTtJSbjAP$0TNNvn7D`y3Sr^Q2rgSYA?T;LA1Hc7|NGU97bK((ne z`GCL|H2^MF4tmED%_fv>Fh1x(LNR&o)oCv!h5&yr9+CKL0D83WFl4qGXtTdp_~(!_ z_2Giw*;7BNSaUU;2(CX@Al230uFfy7vs~VBdjjlF^8NlOz&yZrYs!H9GO_Oon(3z2 zY-_z~zwu7a+et&}P4=PD`MovmKa3Kbu4f6IdfG_$br$jdcvh&ER0V{J|7|DQRx$G} zvd$d9m*%*-un5V4HYV@HYL%3^9f?C*>sgwUJNORkXF<=`O)TObH4gBl!kiJc%QS-3 zaYo$f#_EGV*B%`K2CqR<(AfbMPpVHCLFCW?8;Hpi)fidu;v#%omH)|DOjJ`q@lUUL zzXz!T2~Nl#mIco1*pe2z&Ab>+nsK$u#_te?5{3(SjmHDAa#${%g*@cqm3xIOLZsQrLePPc_1Z@TMN2B_@h>iQ1Se-ae>dV zca1@JhrPqaLaUzKh51?W>8`Jxm7^GIYB2xj#BL49b>(?K@-kI*_x*pETwCPkLW&dR zDhJc$S3kjU^bfqXL+i%s%lySV+ ziVcXbul&Z(TEE*e{sz*2&>$$1QTG$*x~ur6KBCw@lGv8NO>oVoR@gGw*YLMk0FKf9 z3u1t^Z^sHBmd#tII>0JqqPEVM$Mv}$Dhl~U^S2)ANwCH-cxs(Ja0JqMsoX){xM)G) zaaw_osI53W^LXs9pALDuH6X~aPh3XaLJ} zVq4=21J)g90wy)ard#5;1oDyX1PBjUeza=bOvaRJysuebIam&E(YNs@UC936cfP!- z(t^>!5yZxtgR+p`(zbf}1F(PoXt_YiOH3m+YP%Cy-=@Ztlce-II|1W#WSruLW{cjK z`nR23zYDeCm&WW0uwftwOW40`@<7Kz!fIN;BH47r2bZmMqWXiXE#X&;UClmzG0%u4 z*QicsSuQ*-I+bkOqU4J5w^NKvC=uvU>h$AM-tOK&}G8+qHJoFys-U#Whda%;8C3JacPrd18|$S zeWbXI<_Y9uc={AV_vM#L;TYhSPe?k!_O@K7t_SelcXj6S0le^p*12V4! zHiM>k0&7b&`;Wy#;~W`AdY*beeSRbPzuO_1T`lT1iT+Dz@;?@SOUejwE?El@TlU-& zg=fFz`B<0bIpEj$1oICcORUVPT`pMojbJlN)&pcjCdqmFZb={sHO$u;LIY?~d3pXd zXoKTsj#DI;`++(-yGNgkZQ*^3ARj}yx7zuYIQDYtW&c3)1=Ts2p!okJU=YP~zMmxl zO~fGI)Dq)u3*%8ZN(u3bAPp|ZBtv;uH-6W;->lDw{XxS$GdC6NO+!Y0p=_6xV)%#| zQmAw3kFt#dd2&jP2Wu66<-mY9#B=0%k}Ub*Y@hlZq;6HHh=E#uI{+KkdS4{mj!$kF0j_mG|mQT8%*O z8(_bys;XR8Abovvz^n)zh`14H!C!z+p$_|;yW-MdaL z3#I;G6@HYgb)rr10~_c0iiIOpx&CCGa~cPqGW(bE7TTfO#;U||S71*f@`;a3txg-n zA*81n_`E^QVj>~B#xzd*H;>S_KtC*Rj94j{WY^K|qx*|Gn64=?1j~nj zW?6IG=ybAkVwvR$=_@~vOy5vk=9Kqya7bX{a>((T(`7IQ6+Y{CXY&$=x=EltXKTjE zerW9_Vcc8lp-_Iz@kn8lA|Dyyv|lOU@6%spVDsCA8s?L7VOeMr9g>&`4?b43yI5b~ zkzhx_T24KLhTMk^@AHj+ZtIWCGjxLG)yFjd%I-tChcN0aW4#C5@+}0@j(m5s0Sd~e?cbSp#N8zUX>#D%r;sfKMFQfw zi*p_;H2s+8Oof7OHD1*5irNJZ$t(TR#os?+S^d+*oha6dLt&9 z9|8R3hZ`of#dEfOPT-X>4OY91>t;MTbORVAM~C5tsEskSqgk@B3d53?{c zFRT-#&!n3OiK^UJae;Lr>ibW?t3%V7c0Pk;z+|tcM&Fkq+FPBMY}NoabXh0wKeKhS zZ0iN=Z5hY7F9UWt`&O%Zi}NCr;(?xbTo3M&er_&Roe$ixYjfOcdT9gFCVnM?{Lj0p zrbu$3Mh=-G8%DiE7dors2iQq^kQy1jhSu>??U_zrPn-jjPN{@HnZ_&L#uo)u;to*x zdU-e5g? zcC2pCnAl3)HonNHGmY-zL&!7dCocE;9NgDiaWke9H6D&JO}hqNMKZDo_qgcJdL7<# z*rZ%rsa18_uSHu+ST4!S(a&BpxUrn|d7EF^BHiwEQBOMc>zI@8>v||e#p7FU^&A7U zvS)6c5wJ3MT^W&@gD+jqoekPd)`{aj4kqV5^BYW14ETG?ll#!c!g?TmZDb<7P4IKq z+NGc$`?-~NhP>PmUu~(Nrh>oUA6Q#b)I7MXl-%ZCJC${W%PIOFL%risdC1Q6lAaa8 zg|x*lFA8o{?_~n4s(zEqs~v~%!y>tp04(u1FGCawuaX11>0tL~DW9d7b37q^7S^2L{>vkIp8Sk7El zqib(GJB_)_W8Gj&niw}iFRf<>69JZcT_rIqs2G4;;L`v?^)0*Q)w_g^AJvT8&G6yx zep01*7Rs5!aO?;MOi!x0-xSe__1PtnG` zX3gN%rrkryF{HPwfFOLhvZBCekn<-5vCZctRzUjXgZgMktLAQ4=>E#mE5ouqk1Q4T z`mf{rUcvUsEyXLA&JDuBb31nnzfs?Meee!)6fI^<6A40Fky)YZ0yYV+>RMLqIu_=9 z)oVkJIQgjZ>oX$h-<0)&y)wm|*Z~>UDB=KbE2l8zTr*@ea+F(Ff47yAtkcPI(N5GW z_Xu=nU&u(+pWSdcteb1)0pRLK%bB%f{I zC2Shslki&Su*k-ve-@XA->%%ifeC4s1Lgt)vLxcscPq9>=nHmuX}j%_9H}9ig7el@ zOQ^AA(ZY*#iItp>euW-HiRhd`wtdW|_RdR<6!~fC5*KCf2BYVQ8OGz6!IaID%u61* z`KKOd!$kJ-ChxZiB8A?8!~B}(!@<50tqDlAA?{?mptwY3S;FHpd}EqTkV?y*W8cnO zFaHEdYGgpKY`UaMA~Z;BB`<~TxE)L=;pw#Tm3-~;PHz>YtJ!xC%JmV+V*e_zNvr9o z8CPa!jV$b0dxs3K7m?VHtnM-RB&f-y$d`Qvd1UZnv_tm2PE=jQ!{HnrdN2Kqu>Q@N z>J5G8l!9~rhpA`#;TgyEKRCX*-k30^CVXf}h`#f4|5YyUPD7y3kIc<34h<9kYaX3! zlK6y?{gO@nVV;1RNs*l76rO3z3o1x!xq$Weg=w_MVj-8<&8s#BBKI~bIo8#8D7*AT zGj5>ogBcJE*M7O(ECNTQ72<>je`=KM(+B@&l;JDjvOM9`jPExjLRAZ|!2I2Py@tHc^L|=UoRWNTw|Mu=esW zzlg1KJOfi!Vv(2F2>5h*^o#JsFd>;~m)2jRa{K^Y=)_tVBN~8(c<}rl{1IHPIkYk@ z*p$mj>t)|l=_O`6S)=efZs9%#jsE*lsrRbQG#4mpkhK- zi2qm*#@8+Vz?H!~))hC^!GCRoxtm9Sw%}77_4v!;IcK_>SNABp4*9Up?3F!*%j&_q z^$)7lB#{mWck9wQjzP};L7T(57~&r*=j=Wlzg0&;Sdw(#-O!F$vGq}>ftb3-77@O_ z&#UF}6|CJDnElDd(`eFwM5WR|u0X-F??SjBqm!BUmG`>^5FSQ0s{=hEa9_6cg@DYT zr(d{gZgzrGSr@r37%KP~)h}{Z=@qPfsomi_0?3c3me?N_aT%qaE?)Wtd&CN$D|3QD z{1=9#NRm4@f(_0!1ZkZlp{%+c>DJ%F(W^W1!#{wp`I?K$IE~bcHZKZu=_`xdV964s zR`2r~yeJvzGptg$L|2j~Pj}ew)5V6slfhmprVVcWl_*~kB^K&HSJu0d6A9k(f4AvD#gsfne zYhHZFv|FjwtX=Fw{!{i6{cq#?TTBJiitk<`=Uq7oc9#4K-<{4{N#mRNu>tA+zq_dG z+}*BPpi)rJj@RWdcz=^(jJc4y z-RAN#Gw)4)Sif$(&!N4jz_+~EJ5C1QQak@!X!)Yao@&K7tG3&l$85+#2lnr~%cB!M z6vuhei%%%?U>$z`EvTXleQPI;QEKEajKlD8!5J3ErCuP+f94r#-+~9s>3N|#mPfvy@w+cm=c|<$65vT@A%a9kU-+uX{0GNzz{_lDfws3^bl1g-Yp%ve(6 znE4%*=LZ$d10fup9sok$J?pEMtrv&r__JAZA5}(J8%`k^IozqIuX@r()%6Dllw|3&~m)TR4Ae%I%N4{%$5)ji*L|NEnbrN(u-qHVSImf>aE ztH+TO@~DSi;QI<=jEN=c;m-|+RDAxOlhXwX!485ZkOIw#l~Q<8xv?-{OifTeq*~SP z?x-$N1>U66zWm4Oy33fsWv3{`l}!2O%pP-^9$mt#{uwKTyA}$%Hm1XGcrrDW_Xhd6l$FVIN2V*Oqi)t<4(S$dA=h2eD_)%k z=+yB@C(^~4wFpkWv?b)odT)N3rGoM;yXK=w$>bT44;|G~wCpI4>z^zdNW0AHzCr6- z-eU)txI(7U^O#4pjwAb2xm8+w|2{H3hvO$xHos2L1U~p^ zVO1#g=AhTz0aBG5&}n!^gt2vr(u^w!PDvJ9^c>bCws@=KD$KcsMYRMv)IecnnM|at ztjaE};S5nDc-!%F-}MM)WmK0DaK}EiFsXFR%Xx=LMg;7I33a+GRWh`%86JNbY~ulo zj?|qJ?n~rlo~HIMrH3h;=D_GPMiBtIn+WGS4TrUGXrrjE;B&dI0!yEv$u4=2HpA+9 zzs+Uk{gPplo(`x=!iNjJ3cxnrt5FW905(*WiEb_-*JXwFpE?@?GPBw*LNw)1oHxHm ziSG9@tLe%OyWYg^hv2{Hgx{rU$~WWmYZ7)73|u+0}#wmTkBGrI%FK{H(jq zV9XE>UT0>1(k@0E`D@(*t9;}X^l^U8mG+s-QtQ%V2L%;5yLZn{dbOIeUW{n#?6OT0 zS)^NjiGHCxx_Z_|ZNf*;$ifRQ%dc{PmoF_`~}6TBid8BioS+kLZ85uLhZPcNmsbjl{YN35QoR}k z%!U>^ZGbqtJGXCfZKf9e{HujHqr5s>-3t!(MTYa$j`_ z?Pb&0cih~Mi$6CBr#TF2meNJz&$VxxBUdv^uRsQ-;iT-}E2|Q!6D4<9o=}T+^GVe0Wv)NRK03nVUtMBTfJkX-eD+Tcaen^uP%Mu5h&=DIT6^AEKuBlosAD#AX!`r7XbjPuglHjnwY1(R;>U z2y9UEP3gT4-h2qrCuaq%zt5Lmcm|-_aZG2)+ex3~c6D-SynYPczl$R&;_!@2O%qmQLDG=&{7v4vwjxxZwX4>?WL#tkf!CFFKl(!x&2@34U7llC#)ldKv})ebTXzV zEtOqc5_5JBZzMcFRDDkSs@N?g$aYY&)%`hM-Y#=Cp+~qlN9G42bz7Smo7JtscSRs&|dJGZXM`B zUR@}>^7QvJ;rkvDdKWxPmtwCl-}nTLlk%BX($QrCT6!)-Ib6M$oL4B6#WX!Nt7S;&de#!w*dc92_s%-=Ys90 z6YOhu%j*3nUUx9j48|C==$S@G*csU$5ZdoCDQ5DBh2K)VUnSDcn=QouYIap*-J|6m zNhB!_#hj^_{_vEfde`o=4gHP%&SDiYEKK&=Gtl?W=#`(j3m}jpF0?cbPbCLPqMvmGg_BwpjuTQZ&!l(Go7U^s``FA%)-7t0T za|Vy_cliQH@tj(-U~sVL_Xu9GY~ObVtmd#`=CjGC=SGpIUEm|Nt$o)c7ENA&x}kqf z=+j{q;K?Uwt2DWLyxw`R?jDzi3--8I6>JGD|pvSptNBset3WMgEhFDl6zF0{?slA zLz%}NL3cFG-)J;!?hc4_0>1A#3#viBnt6;Fv0rLDLF#11`-tzjAjcb|4|C(`BD5~3@U(jw#1-KZ}{15Nxx>Ij@z`1yHk!z$+@@Jj|__UW* zW7mX&|6BTX;gzb8JZy=9-FgsK%C3TLyb_; zF|1*Rn}eQV-|xX~-V(6r6?-9$p*ZyqX!lRuV)*~aSaQ4Vu!*ZNu#%Yb4POF=+hTI3#n!kPml6fp9J+!IaXcaP@FvsN`Y~Ie552-Arf@9 znwQk~+Y@T**X*HxQCId=Urn`7cSz6wZngGlK$j&dHuCNAUd=eD_EIVqL{C>YY45;e z;rsn>-muEdT-BG!u67&|w?eWj9xJ7DeY~c8{Xfo{TqmNwTup@0X)rh4I#y=!zaa6hK6 zv~O*nFQU??neH5&^OXH=xU>2|J>KqDO4vQhY63hpKbXBY6!16gM;enRre7*!Gq-3* zZXWy-w{ToKZN5AW@Kt0#Pwy3MR#X=9>`2q>8LzNwhq|Rnp{lx5M*q9uIlXG8r6V!Y zy@sGo+Qec5TkxH0nkPND1cQuMRngo^^OSsZT7BHvk$#mS2YbW^1|>Tq(be~MAKPr_ z{V_u6o6-+{cpi}vdjJWUpx2wU-DRVx4Z4U2-Pq^Ejsa;2@PR=rNf_IL?_hbJO`p{Z z5Uy&bHz*4th}67u+G+MjF>BxwL$#$y+3m_|j{{f)@qJaq!1)jrnN`up+Pk9QzQVec z_{4G1td}gd$Quc3Ed`p)N4F|#BhjRkr%BVg_op309{8W!1aEMt^|g&T_zDHRu6Z&1 zdM$}Tb~ot54k7*<)_R#FU}KOq0B^|Uo>*mBo{>LH4mJ9hfC%Fce!GFFt6|~@VE`hG zVeA@%63=74k90C#Cq440$?II@4dqTXjNMug0duu$G>yLW)f@f!ZS&`|fC~?i{{>C4 zhi#NMi#DC6GrwR`HW-y`7R?P_OEXw_14mnB->mIJgxzaZ)%1=r^s(!VcSz{@4GKMR zKSW$45tIsoH?Lg?-DnNDaTjq8BQ5FsdpFJ6Jl?}%qT|XLpV!Z4pZH#1G`e?Bvt$Z1 zReI%z=O=gLcY>FmoP^|}L8tom_boeyDL+WBcM8Mq0WbEnTgWc`HU64OO^B7t&ir*@ z+fZ4RHB46|Y6u+JSK-UPnauU{D$~le&x2?8%Rn0`ZAPD;RCO4|#>#v) z$N7%4EkghwrAWSox;BFR8!%>sZ{@`@F|3 z7+QPtrmY4v#ODdo)>ClEBqGRdqX(sO9WGO)ea{y&jazgW%jsfMCA8N+qpdM+QP0ni z)r(#277#~ugZZu76@IW?=-dsjtbaLa$Ri;txfr9&1f_hQxF`2E$BWVO05Ufw8GV7rK}Al;&Qb zoRl*&`o5T|sj=}sAna*(qrQ_P36|3rYmzY~Hg9`jtJt+f=7&dFREc_ksVcX83 z!v>W;`D=eWGcA*e7M-1P|KVf7;Q5S{e>`5Sq~ zxs*};uF;E7&{AG`9|C-k*i*Ae{n;M%FDnmN0(z?-&3DJUM|O;-#1Y)hth(ZE9$_C7 z_2oP$;9af3Ned6a@X;EWir2-M`M)Zgl&I<$A*<@-V6Iu56X_`7S6=E7M&CM8a>{?M-@wv!Yk$2P=;;}rO*tN{9dE!TEL{!i7T?aP7Rst>ZUMMjYXb*d9^P6|2=pLt z&R~Cpoej#5O#Z%P2)eb_yHQSiXYj%>HZmVDKe_ykNp&<0WN#J~o%v5BvA6$2re4cZ zZMgS-uF=U?C8P#UuR^t7mIxeuxC+88UbXh!>B`ZyPLGvrTK9oTXuR!;D;Ludlz(g@ z=jwvk-Ti4GdsIlEXH#wi7lIbP#)zqubZ1G*N>K*y@MbycoDRG<(3}Q@e8ALUH9`4p zq%LW0c1l@>Gr*<=`M%cYqoF{^H*$uE-PoRhlH=VqAFfX&0haRq5nf93r2Mf2(948y z-J$@K^Pbe_VR(qN9Sy0&`1cJ~c;4EE_J&u(IalYTJRrgCXt5T31Mb1p4 z_i7X0c>|&(>V|JQsFR$u_F9{L=d($_tN%^_HOc&MMZ^QN)LW^Z!sw5pB&*c5B{)UPt!XKCeT>*7-RhNtwNpFC<=7+gyN{wb5Z|m6d^qW`{2Klteb{)uahJ4orh(1r z1s^$X*Q{9j;9Hf|=R34U3xVSX=rnfua-Te-0me_ji5M+*6;DrH@D6rbpA({f|BF*h zPa}#&LZrIdX+#|10s&8yE0#2`S_CN~9Z&ARcx<@;Y7~#bH8z3)ni-_3B2ajl_qfmQ z4qbBx>?h<{bNqFq*qv{BK2Drj z80G+0Q_@QtlrCRPXtW6CixMs`Tm?4&1HG5z1pSc-Ic&p(l`1-K-zCHf*KurZ+k))2>2%80;(M| zbDeg|C>!z8{ssl(#h#=oC6NeY-8?mi$ufk{lTzJ0cV9X5t1D4j`WM1cw)Hk73+P4+^m(CBu>B-F!-zI=?&-!2Qeg`L%&unU z{xmmV7l@f*AUQ#i)^y`8q0@F`=*~v2K2%vJp7XxTb6vprc>j3nWtT-23S;7KD%vp* zk~-2VyU6>q9YlLy zk2p9X-^;p#a#4l(mq*~5>>|MZfm^aOf4I^~D-Y3D7MD$^#wDMXox85O>rP;K-^h~O zeKzz;#=DDAl}0cSx9bsw^f7Ny{ht~Sr{%&LhxF0xp#)~WPaI~t6cQWC1Gzq9#FzMD zL(`JBkTV59WC7Re(wRpCacINO1Kd)A=ju^&W?+qb5poY>9H5KyZQ+pO&xIkT99_&b z4zTqT&Rf>NCgA{k|66Q`?QJ3V;p|8HCFq_UB;VOq{R~1_y1t&=99ikV)%5e}1alzi zOnI(*As$C$f+b0)orW0r`=|fCBKT`VBKVu#KCxQ|5YGZWRn409YNQ$_szK%EDWlRF zb`D0g%X!OzQU|c`Nu%tCr|*v-r=HmLYF$xXF(C+e;hxPp`a z37s$ru{*lp{1yZ<8J=Zml%|gOUSi{SpYPP0eBCK8D%StW! zFF4dFzf`Z~N6xq!D$PrJoYW)Tj|gPR(35&X$Ie_5LMi8AEH?>@xpDpPVIYGnzyqTL zv-=CsYO3GyaLa47&B)5>Z_=?#iMGo-JDdV4fnm$U`NSwii#IkOLsi*Th~ zG!K+&_nJ%G_~8~Ujxy0T6PJ1M4}WZ#o&LA2Zl+wc)8OK;)_E-}Md#;|p6!1j0RZYb zG+(f=oHo4O=uXQy1G;af64wJLF7<1XP&KxdXr4?}tGR<74Q1}XgAAlU?Pa^WNcs^t zm0hQHq9k;qsg}@Pi$xkI8N@?fpLt%}-9Gn`EFwBNHXx$I$lm9ME_!H=e`wJiUWQtj=V`i`JE&*N(X2qhs z(r@b0x8xU4W@+=M#bnSbMLV;$K!)EEoG^ZUu7hXh-ru+B{qQzF<s$xVlIMoR-OMc!h_wd}B=J~`_cLG{N0n8s)3`Qg(j{cJrE$4EpdZ-`=w8 z`*yG7ow8rsM(b8iO|mEP4}4$y8+nPa?{9NK+Hz<5swO#a(f#mtZPQl0>3cHtu8yS2 z_u}q%)BnY!X37EqhXW&0zFU*E9j*@z_?q2E3k_WPg|+S8*@}5%Oc7gF-M_eguA9|| z2^U1N^Y1#XVm!RY{79MN3FFU0e`_~GvvPHuWvm_55tD13?tUj@0OJyLf4y9p^#GAD zc5afDK(Ff`Yy?VRvIkOTA!lY#mmb-$+6+bqDnuH%cF$EXKM}L*kzhm~d^9=vCBVF> z+s3N3-0?zDsBvC@fC}5`ghMm8=#CMh>~hej;aHXKjZgF!egh5Wl#cwd=Mga2lA6$4 zy^A6dE@fCKAG#SYs2*2PgvvH}6JR3sXbe;`zM7wSY^vn2KzJyF*-Wuo))~1a7m@b) zchJ=8c#MrvbExPfV@*Gqxq;p=_y~?FcFCdEYXC|nu?4+57jt6#N+=2FS#XUi+cu^3 ztZLWzq#faBBh_APx$ZpeZ5P1s}h|?;wWI>l}*n zk8s(gOXWuL2mDDOXlI$+#@gx;sXWg|w9zng#;S_i`7&(Hcbzfq#Q%prer%ae^KWfj z!py>3EPE_FdCIXwDPp|PV$$VqGwx;M+u-dZ;L_vKk$TDXmsbx4UmxydvkqBpSVY3i zh`W9S&O()2c0YI;UhO<3`!3=>NYp3jh-Pmd6;EP(iZnHh)P!dMbd+)VcbfM4xPh5J zS@^Gix`np_io2;J$LP)~dhb>6p-@)QO#`g(4`2RenOhZQ`9>mN7({H#m``NBa;?!P zWHiwx3>5CZcbG1AMi3K(x6JIyn41akYdmnvCtC&U*NtTBcBJB(Nx&EqFf!#AsF8qz5W!!dROb>PHm;Olv z>RFM?a`T(goqs+_V_9$G`q=P}U@iuak)l-IcQ@vQh@Ed-8umAgQqiHO@8N0?xdUf? zhG16e%j9UWrirJD*gf~RHkY-d$et+tW=^lQ#>E(|=yFMVZKtN3D3fNwJ1!8m} z$F8(=&&oCmZG#OF72@|Oy3{15TKt%kshjDt9z@8Lk4iFP{Dp3hXDO$iuqG3z*e<4tG=O~ZpFJ>Zy1ZH^?ND>L1WSnp{*`QKp-I> zTe73Oxo1*w9N7GBEVOCkKui)oPhH;dx2up?(pcGaX@2z>BfuLHK0Le$-No4w12@SN zKb^*U5`xT%sr5(~#MTT2G60y$?TyafN_po`f>_!ZEZsN}pMDa}($x4yKI- z?^zxJ6U$C}Cb4MmvJ)p7hBSw`gs(2xgo3H}D_|G@p94wk)5T^MI{lUxM`BlIXn#&T z?}zct2W#4N3=vIUmKB+MuqsSeLxx-`M4z=gh`y=uzP}hyA?dffi?&fI&gFW$nY$9G z4sySZ$Yx73J#2#CM>IPVwn0Ap(An`=D^IBqjahl_lw-AzuViA*YW(>HZOcAdRAzrG z__GlhsadpnL#fP?nw8rt^~O_0x#Z{|dy4cPQE#hDYmsuoopN1(Ps&z|jX;oI9_Bxp zv({fbdY2y+3!7GIYbrrhYhC7^*v~=|0!&9V?bPQTj10s`78a1#yLST_ znw!(AQ?_GpYN*(c^g1G#BfBIDqtupJ$Wi znw1Z9s~@EQrE#ukC^w#Sxff-Q`pN?cGIM}$P4-Rsz_wLXll<@J2W_ct2#BC%J+y8G zN_8W{QAnj&b2WkkRc8IoEjd2{f&=+LnBD)1Vbob$`)#y+4z3VVgn&Cx_vbK8>#v>M zk3$5tVI06j;r_M^ualI__!1&?pQ;k;aZ7Uv`w}M~mc{-jh8}$VEUAB4mcN$T^u2Ia zrq&p~@pqZ>DxPDO3dqvK_pYCx6kV7u^Cmo6}eJ(6_^ucz2UC_(qwi>s^**Xi%t~;h? zsnc6*#qRmTg>|N*D?K^;HPk0XX6&pZzYFNhXZi(C<*glCPACunC|Hqe?r_lKEYQUW zs%Kkw;*a%kGD2JI(Jm09W~8u?hC=EeV><3Z6z{{PBvctrDn#{b!p`5(Os-PPBwNtY z`S9pJgYBeSO(MZWoBr__>uYbKaP#~1Mu>Xv^$r2Gc>zdpyOPN7+?N}609gO4cNa%q z!YmpS4frwsag9j+F&6rsH%IMe20x4Cu?>E10gs}8F~eS}Y5a^FKQ47`{tka@YjCQx zLij5B$(Gk*xv5PYRlDf229z?{*By#5^Ng+$I)rPG|0Gz&SUA0od1vevpj-s^%`ri2 zZ)miHoKv<1o4u{v8S6KAZVI&sXED!~UuEtQ&WbBA^`B0&$~K6WErxkR1htRCCr22Y zu+8pUTocw7c}}e@pgN>GqW?I|gxcj(PE@0mC+%Ei{+0>A`X!$f ze?ctlEq*`s(>T=Nc5J137Is7htv@{4;;>Db^b)-EtJ7_oc%Bi=PN{XEHct|-oqWh* z=YzJe16DLC{(>k}us1F>#)bU$9&YT#ypqCi?Y*X9&G}j~vNby9B=3EFAZOiu9!)tr4{{Bcm3j#K;-qAS@yA=v1TIyXkoKzD>FoQ{F~lZovy1ePtL@tx;Ai2hZ$X3s$2>}>gQ=jqz`AM0AvXI7@b?A@~pfk~)_p2kW%q2zme z>hV^M({4A6`n_x8s26l3%cnKjeCk(gsdQpai#7`2fG=zqc0x@sts5^h*8WPh$gW$Y z)UL0)Q-e*8gP$C;NEWT~-YFT9VrhC-`W@ZxI|E4FWTE5b0W4;kxU<5FIX{)@N20b_ z4l5F!wx~ws`Rg9ne8E{&Dep&9FT#($l6Y2a>t~4K$>HhF)dG3;6V=}}8!hu*aHZ!8 z@-}z4%S3aDFX)J zockbQyI^gkf2b&l@oq8NfMl=;sjXRO;O51<4^+ymtK5z@Ir@?*T|@}9QLSD4P{q(D zUxgdd*$K&HYlE{VQJkMRe6nN_rTnr|`O=uiSnhvbBYx=@7zx)Exc}G z6GM7_?^5IowbM^Nw<{hO7);Od#0!1S^AKHQbEmq=%+E?Q zxAN%-$6m66%`YDu$3Jr+^g6fz#(9FW%F9?$EloPU z(+INGU^b`wl~gZB&iP4&bvhlF!x)$D zi4+|)B2A}a=FdqdiHHn!{r1~x{`oQ{hEgwVtor=U;INp0gm8JE)HO0Z)GBOuq&fZO z@t zcD@NGT*Ary7-a+rC$btLSqwcrXhg%JReQexh$}$VSE|J)B-Q0)dA8_^hfZ6_UE$W= zhUyRvpN}`*bdaG+g~V}h)lU=7e-a6bscVE^=Y>eqr`_ER%i{?bg|90OT2;D^eZ~F< zL-Gd;i_^Er7T&Jhfr&*<3&hY*C&My8_Xb9q?^%Exm>$A^`*!{9& z~N~B#_F5R_rgVvrmZ`#WqbOHs=V(0I^V6782*8P|D&aP zJxRIA%O`PV*Gt#iF@9&{nhLUaTEI?MU|3D*)MG^?Cy{e69y;lG9-Ak#N-uha&?%8L zugvcA9KGa_#7}mAg$(3%l#MTBL7%1ldO`cZ`M2}QEATIMf1<>hlEua^ybRc;QPM?{z!$X2uFFXxqZ-=-^iM ze#zPbgkiqHeiuSbkvvnK8*fG)>?me#>Z;?EjWNC8Am+Z z;nB%`pB_~x|ERCeX{P#Irx~Ozsf~#-f+u|7QvFDtmf+j^)i0+$RE)PH;f$a1MUT{N zyiqhj%Utxwl-}_XYI-NlhPF9AH*orkN%&Shuq5}!_w^iU?C3gu(Jr`7JEB7*G?B

    =2Uz1HTae)`sA&-|vzp0QR|djEYNgPu4g zq4n1@Z9}ephxhH;^N&j~96ttde*oa)sP<#_Jp5W`ql%DH@{Zke_Aw!JedJL&cQuZP z=Zq2tbR?Hw_mmQ4$l-ScoO9&cGrt5ll}m^@^c*-0&M7@I^*E2}IWN>X=FXreyepr5 zuFgDmzOYF&#y&jC=+HRDFXue&JMLICc=oxKgEMDLuXB}`EqlBiG3R#bhh*~b&;HqO z4o=U}b&L`!ZSxG-AEoYs+nZCXIZub>`%J7am7Y**Y=f1(^mtUF* ziGB|T8#ivM^RgXX_51(%4|2xxMT6JlSW4=E_e9R5e(A-RbI$FZIrj3{I`8y9|Cc|g zfPpri$+^{zz=AK@sl%}_k)%MJnal8Yj_KQjzwv+k?ZM}+x-zuszO=9Ws?}@iT<*1N z*VUP)>X}S9KJl(ai|TCGe@k4U-GBfR{FmLpc|z{dRT$91vK}=|vM~%fFckcGXE+>Z2h(EM80< z{Py7e_t*Ko`v3HbC+i&F<8me~d>t=oEZzvJ96Lx>JZDJWk0WZ8 znBjUZ=iok>^M>DuW3qPj>N@k+QHAKTC6k?_GRA^Z+%E9Y+;M`&9l^EFh>}fbIy=*Q z=B!zRt>FbulCqB4Gfo0ZV4M$V9i&#(RZKOfw5 zMSn|nbIm4mpd%@q>tB1z=-kcy4W^!fhccu;U z?~HFcmOO1sUmZWGU&@uNraoE4!@v2P|Elt)Pd}sXJ^!b_@h_^q8PmHn({H`?_R>Sn zb9OY`yKz_qGfY&rZQWM&wMBQ}ug9Wa=yd01I|lE$=)o5gsB|8-V>j{b5eZc2_o|gE z>m2eq^X3j-P8l|X?$THEfg?U5Q4d%_8Gk7t9n|tqlAbR+v!KtU7 zQseM)`0Aa&KJC;~2kX~w$n*O%UHrg(_m{jdxb+mu@;iZF>;RQN}js$x&Cb6~jsIe`3v9p`7J@~-=g*zJt2RaB% z*<0fXA7lIYvSpS|K5A+toqW$>8JkEWhFc5BRyaeZZda7 z#;JU$;OwKZ4=;YG&Xn(t06nl)T-hx&qFevkU;kT!FJAqHYU}rY@4r;=@A&wPfApCN5)=j7p=8}-tWBg_TYpQPpo|9@CW`eCdSE_sY8~~-Jj=9^};u;Eckf#toRRf zyK;25@!64az+3pOcs19?L0fo5;Etc_4{ptNH9K_3!F-E@Yiw@6oo(?s(OYhO}+6n7K>p+!KHP(8CX_vgLmTACqkSO#b1O&KIwp9A1YP zeDN&)Rt{h3tG1=4o6t*tb}M_K5!u^8*GwUM0s!P9MG@IPL=it0H&hKPgq{~qYPE}W$>Lp`ol6hC!BD?VEJQ@ z)kMRVqD^s*DcY6KJvZ1G$LN83@2mUeF??&*tS+H=eA)8BQ<+F%$XT;zN6{=VMMF?F zhAEfi4DV7jaYCKv&A<`j`=dZiGSuN{b67Zu&qm2oz$R-H8o@avit(^SZkH~7ba3UB z3kP%O&KcZy{{v+JfBxtGY&q6z)~+jjz~W7Eybg=NJG$uB+wLggCDfb~iirZ=xN%bn zv&kC8`pk}QOV^Ylv@%67DHIMN#kO+QssX2z z5&!mgzE_;cu>#lR@4^cg3?9uyYwfyq1(UL~GvM^oPaT{!^UP9kZ)K&}ir9To9P{SS zD&(BkQc_hx2$q7Yo;=L>~!SQ7HqFD#W9D7_=+~RD6wkEwxmON79r@TqP zjEtQC5`}!*ZQUeOaN?+GN7ne=dduzQ1X#gZwCJvyBwCfG^q+ffRT+H_biKRwQ6_ew z7l-fkOd_{zel`5Tp?G7kBEcq3KL<#EAA97HOst;GyS)`Q-#KxJShK z<4AEz{@;K3TZ3Qzb3Z>={P2>{`1!%Yg_lOo?jJ0F{E0Hk+}TPzVP|a)kGZ+36lKuPyf_l zQ6}0KTyTEXMfaJZzcwU0WjJilhnKfU7yRs>{prE|2@t##zWL@if420Nvf3y20xTxA z_e9s75@S3w^3@{u^D-f|D}XV^$LF7aZqZ2KKtRvfi>%L{HLJ##!}n)?>g$8M@4mP6 zz=Pq@6Qd^NX$7(3G_DMfEm^#{f?0UT#NmaFn`->-&X{l*Ip7?_J8rveaN237 zS9wkw`NjWq?1RyXbeuANIcEYF&TuEQ9F?b6tcZSpaQ4?2EpW-IZ~wkDhkaU~c#V@6j*#_=VV`+7S?X z?AZQha5*_(vs#-YwS(>=^sw?ap7@6VGi9DS6m*MSzq$Ae%*$` zQGeFQeym!xHi3k>6%as2cuxyH^z={vnQshkyY-I2b=O^6lRvzJUj?hLykcSMt{zO! zM7{bK-7s(NIW>tsE)%+U-hF3q(M1=;f%|aqc8)IP@c*ZO|2w6tUk+axBf&xjj6+Eu zk$aQBJ8rvua87i>laZ+>pLo1@1O1*z9XjjM%PuWilHpUMcjyLuf!-#Q_ye8EurdDL zx4%6&=ICRJ=gychBkzLen9boU0H??4Hp%|_*S}KZF6d^$n~H-!{G)G|?b@<=O9k2l zr;YEEPp*g@&#g%%`|3HlJS}qneEfj>?tidk#txjDZ@x9WbAF9g1wv9EKF^2tC!Bav z`4h`BVKMQfkDg7ih%do0XR~UHd1$wO?b@ObyH`3bb_0yrXP;em=|BJO@0HFFP&z)o z%_9kzg0(vQ@$$cri4mQ`ld0Iq$r42ahI5 zd4KvxSJ3Hiy~{QoTy255VZ-{GObYB6Q?|xfytwJb;=kK(xpgozffnP&=Q5`Hjb{Yr z`B(T*;P;UwOUplcG{5u#`{b_$4ZvNydQAd*AJo`eTwxp7a)G+SA^qnUJRiJHKmCl- zldZo`hdy`TeP8Ju4oUp z?KOVnR)E^Go4@njvOjF0N&RIDFE1ZYAe&#p=i^U&|9ju7z8MQLy)F}+En7C%L9tL=Jl#TwyU-;U$j*&J#7Jcf~dcBAA@xDZ%ttUfmq~zAb+1?StdukFqzbR;?+2&?Inr z>>z#nQ38Wow!AucEPmp;jE@PhMS{}xsk3R*rm`hyBA*{OXYSn6XY>T!%*T2vHsPuG zV(gx>^u|5$_cp{QhJW#5_5qY%g%7^--J8o_GV!)Y4J_kg(FHDdM*f}) zFVoNb3jKR9{@pWqZX#Wi_MxA+?9oTce%Ku=pI+P$ALp3J7<)`%!}X8 z&go0}PwA`nZu|Z%HBKkRkKqI1Q@R&S0T@2;nvv|?Qwy7&>^)!p<^!?otHZyCM3$dV z+ozw=$(~nm1ONov`2EJ)qLSS@OX45fk;ayHKIswRrKN)>GhPC)d}je9<@Mhp%d^iu z7vB6q@dFtsn_isQ{X-VVcK}QsD(F?(fBEA{0sfwq8Oj5LnKb@||L!lAV_;&$p(5RH zzPW91{Y^L4HOK6~`3t{NQ8N>TnP<()%FZiMXc(*8Its1?ww(o=V!&UG;dH+##>iyg z+An>nlprO~vAN))iv~acOTSoA^2@KhvT*wF1G@k^SkW=1usC}Z1jQk7Y$+55k#pzQ z%D>43Ds}c|K(pQhxPn8 z`LU_mM7?O84FjQoajp3t3QpB`t= zSeqcCxv?|09FWV?_aov2qU||x_P_G=uT^lyJ>|SH&Ix+n_~kE`p}79W8w(ds>KW5# zl#_W%4Bxruoj-ISx`8tu=Z0rK$mEEV#2`NU=(52DaRR5$h|t2G`q=%v^WETdpzZZiAjuYR?ZvB~|f{OYe3uAKaeNXH@K zP+gs|qNtRbu>@3TX6s_2CoXC!2Ygw`-Q6)=-5=B}h2oNB8FN0nNz+iv@FaXg8 zy#u6>|8L)Kzjxn>y?gJe`|PvNZs**4E~p&<82NF>A3yonCq5A&5hflX zu-D#uM~FQX$HAdhmiN4ws{4=q=tpYR*h=&nA3CiJqT`P{wj5Pf5Ps&TKU0G2-Z*>E z?y|j>mQrO!!7h@&8)N0ltR^$ADH*mV3$SNZfs$hm3Hzj<+ibT@Js))N!IJ|HI;il@ zD}LICK2%1Vc}0j&vIr}%nn%lmQ-Z-Nz^SL5UP6rnff8U>fVz%N-w#PY{fzg~#~wTR ziO+ndl&)hlCn-_pRRLGw=F9a88 zi_o@pv_g<6PX~Aai#R_p!M`7c0{=Mf*rO+Q8NgB1mHd<>%EFf0UhEY zFTVIfl;hQLUJhgC`qd~8A=#qWe)XV)a}arRj2#ZSO|wdSNgP7Q1kXSDcRy3OFkc1m zGA?${^Vi~(VbD;9cMdI6w!8*%#z)R91&`u9tmeI5JE}Nwf8m#YsT{c+Dxdy|AFmw% zl$-+(I=B>dyAQx4P*U*|0WPfuTj|tap?43!pVj3K=nNhH=*K@^bBWQ3{uskq2dnwG zYm8%tD<|1;AN*h$FW}oc#tGy9$YYL~{P<7(WGVQYW@j_r1Fsw)KmSX=Q2c1uC{BCr zy-#+`3|l4}ZpteIMOy-+$qKkt=$&?2l2xp%@+9aVgVk7CwdO>^S3m#xFP3BDzx{9i zVJYZV-}K4&;vwkq!mQF*#lb)D_QRs^3s&ejDXmyBv_AKjUzjWnPvzhhz83zX{17N* z1HEq_T0Z8uy0e zHS*^8zh{ z{i)~}b~c=S)>%a>@WRP-(y6Bo@B|5sk2_Y}HTi|$7#|^b|F7Ttt#TBi7xI4FZNrQ8 zJ9urU<1mX-Np3#=$xoC#CQBH+AIq~vl4a>1{QzB^7+J2r@7pl$tjwp=&pcytO!%&y z9dPpVnY)a9^o`EIc3}7$c?AET`mrCYxy#UIc;Y`_kMVcHNhg);GRE%@U2-y_1x6*l zdg4hZ*RwJ2{u<}qgGY-DoCpj+df=_M-X7kvPsZ=@iYKQyVATT#bI#ZpgHL|?@05OV zLmYrV^YcGHw;;l>vOs`;pK|(Xxo%(cn~eRXU;d?{b@Z}#HeM%sU0WdBD?x8zKCJ$e*=@kI0{{Nw2KpUiVVyzDe7BYjo$5Y9Eb z#)KV{2QTFS`zQb8zt8JpPsZ@St7Jnl@8sbmup0$m#CPD6L4Qc}F7!X_8a=9LAMY_Q zZjAH#GoSg137vr6!^w>Q;V;JXXMg51q4lS01(-gBd)aCBiRe3=PmYbAZ+5f-;Cx7qn|7^zl(a8>x6F--{*M>ji<;Il0#c`m2WRRVhbj(lw zoln)yD|~CW-FA;-ci2Vu;g5c_=Ixmu{YcRUUcY;ELCzpB9va;rKew16SmoANPI^u^ zxU>Vyy!*+>udA=QF3!4LN?)>ikGEVCK6A{`N0yFHW(#P@&Jd1f^8_7Se(7bCGXu|Y z;VBl!_Df%ct+w7WHpyu*!UsOV5%(c?fyHn44?Hbv;Mq8-6YZOO9~Reur{mpLp`gXBp;J@NZmZyLDqF^Nzt#PQzmf1(nci+X#JnCM!87O`G)VKj z`DWRw_;xFKFW+|*0~wOZi?4a7?VB~pdo@I(yn%!bL2+%iLoysGOD2)Y&fr@U#hu`! zobXQVkrl82MOomz=b^{AFcyZr ztz(|;fH3+@QXDudDWhO?uF{- zl1zT9>Q?_S3WDphl(9sk4;^@jKDs3;q^MghDdo>CrU+dL_QwlRI=BWDaA@l0@ST5-4H%P?jXG1N_J@AzTp zjDNcimPTo!R1(M!M_3$w=zdk60n4!Ro~jiH%;5Q~I&d=ZNHSs>^%y!OpK=KAJdVa& zo^p}|AJ0GkTroVjwaP*%vpQ(3wuw-nun_{qoI@L%WvkbY8CTAcB|9xCC5=LkMs~>< z>mLKj*lrNvXjREpw#T1XTdVz6hY8O|9(inX!U@NRPVUc`t*n(IxTH`~Fd2NyLQ~I1 zF|(!iiIgXxt$b4^UyPu(1AsDH+soqtW<*#;z>EnVftT9O6ZB|HF-3yX#cNA}u)0rC zI_E22DTPs*oi3EmeUsnLgcqVvEnT*BZdHBDt+t+Qyg_iW$wsx^*n7?TjnDDAQz~qc zC6rcYoH)KH#$FvU_Hey?`Hd0od(}9iQ7itG|2-mn9*#o7FtMfD+34mNk2|480N=ZE z)nsY+)WBo(&&qL}D8U6q!wLktwc>?m zz7oEbHyg|FKtt$_A_Q*jQPLjFD*reCCQ5kp0**p3?H;AkeBB~E)BId<+wDbj_~UEY zR&47jnAG*qnqdbDI(YGg=R@Z^L=hg|p#+@q-aZBshl|%h(6?1NPA0rTUl5~RE5G;q zf0S3NjxB}Rw%y0Gvu3yOF+B6e8*eK9o$hALvgJ5D$9SVD>C2WbEd%qmD8Q$la#AVi z=Hl=C&hLk(9al!&ewn}bhX--yaw?$6-gfce zb8yEvCF{s*209D*rRX5uxqtkzN2?$BDA{4$8GP^!f9T|kpZ}}L2Twe)#uvUA<#Y=R z2+ALJRG}m)?r=7AbIdUFfASXD@$OPM~jkBFH^6Im>D;?jr zYY*?Uq6{~7#Ni8M1G?Z$5&D$}ufwGKr3avua;Ag_;w@eg+cSLJy!w&Q8~WaR@4YhC znUCo+9D$FMkIq0ZU_?EiKJ6C#8WSt^3`IJ~=5cs>g#&-R{np!RK7bJ&!xi44U-TV% z3^~MkfM;27&=+;-2in3z8F=O*I#P~N1z(=G43F7tW3LSj4huBRq0CVQMs&}KylwDy z*=3iPEZbz0O>0ikS?uoQ^f)ety!O!XwQ)#r7+ATr1Ma-@E(lMw!*J`;tBfT&H=pjh z`|ffWzC;H|J<5cc@2n_eyzWe& z@L%QWIq+h>Sx|ZLg_jH8_^Fk9`YgJ#a~7?<^2)GX-R=Op`OqyoTb1W!nMZGg-n?3B zt{fHP7Hw;noZ$@GDL6OwejKIrN&MLO$xCN6_jU=+o(^2{+nr&Y(PFfydIf-9eC~PY z*I4_8jRk|9ciAaBQSPq=q@{7-S#a2Gx6uCMYikAl{TWBL!M)LK=!#oywPn#Ierp%= z((r9ORom0<;4F@9tMfIPB<^9I$jF_6k06hZGtV(9Sq`n%x1AZy2Q4??O|*J_a~v9(#6RL>PoENFUf^&rISM!)PC^6=7q=SSE-t34}x#W5nJMl%G<{ zVB}pVya)~T$;%MM%mv;+MwLnLT}H-*EjJjiZSI&oWfmMe?Yv7(HtlX0Lf>}tP3FE( zOgR-WZOXx#HSs*AZ7Zuhg&2j&-%Qgst%n|ds3y1VF(wm3n^G?;t6twk}Y{V?y%!vFh}4&{_OBYSONfZ;FO^VP#V2=i1AUP zjL{%C2SH8{U^d=C!=O16zyY6>I5-w4Xge<1sgzR;pV5LQ^nswk(2PAp1oLLh#BVd% zX`A6&1B8$9h8ru2M;>|DWUnw^iZO3CA&k+)!Hs> zd>BD!7~OGTPzJ!JoM*~KpL75x-nnaBQ!1?fXp5rn*@`Xv7UN=*;bUCrMw$Dggi!?Sl2{T2l+mayMqrv3MHDk?D8wi0c4B0G=>_XOhH4B6zpZ86^b8zQ3`10FDC_O$+BfjtKJMk z;rsE&BD~WsIypQ$EUeZF6coaG>C&b3jCa^!L(q44{`nWuM<031xQCyh(P4Zi)wWjv z7-Sp);Nk$lFBl(`oN=7Gj4$U$2l&AU1SbIa61)#j+M=tklmki|{%EVed4nb>^zcOi zrburUClq{|cX)+uy5S@>Hpbb?p?2UKJ(~ZVVU!rS7sqhI3%A;8;as&9HN{GqR0p`o zb*}}$Ki-EAaSGz2!m~~xdDS-xUQXHJ6(`#|DU}p)EA!}!qK7~0511&9AK$x!_<4&nrhA&=+8 z1Zn6Uj0`}ADV|g9g-1NOmN6GT5k6+zv}f#$FXNa|!{9=H<~*1frf^91;%jhA`P7DO zr^=%Z&Li!>%XTpq^6Kqm=WT~oGcYoE)P?pRh#_zOdVPhHmZOW21ZQZk`(>*?nPGQ; zev#FT8tvS7-|BJ{!53T@BlP=Nh5=!+sxmk}qBTXiH^ zU|b!egM3mSc+G+69)`{TC&a8kHWM0Ao!)~l)6Mr>x~%B_+0Z5(9)I*Y9G*rO-y=Ij>E-4I`JtSh z!gvTiz~O|R+PMri^A}8B&$N30o{Ss5?J6D3TBK2rv13nc9mnM68^3R|{g#>InO|V> zgL5*8{%)rP9CNnex3>PnAsoTu6PX{Lci(-t8sgFu!z8Cxd2#_N;WGf)!#KAb+ZS>~1So&#Wnq#uS`6Xx+SZD)+P z(PjHneI+`cr&h9ftazCTT><0kFU^{?gfpfhzlm=3*0W#>S>H={ZH3)W{WWG{(@-=CMb(Jc9?zc_;p>^m*3=S=4+d>XGZt9%=n%Yz&q3g z<+~Ns?*|X-3k?TnjFohbUc#Dm(dxp31H6F&m_|!OuOH}(2=#69E zNaIOclcxm}PxfGZM&S)@NE64yxJ?{4j+bhtqaTDgqu(n54ZHa9z2~Zt`tV^4 zu@36c7@=3IN8gB&9@^DM@r0wk!;9dV!f=0-5B=YB+0rV@QNdZj_}?(~Q|btH#*#KD zdrNW*9?$Jt1&o=Ip&a4P7;K!5`#iqyIvw?6j&dycM`-zWg4G~G$T*u%z3q8CF4{2m zrD&&b`r32Z%C0^tXZ{K1ZJ{M~8ZYsjMFcNpkz)%Dng6i&{um43dN%?Ef&%|mwElM6 zA~elg0+A4hTcPppevI$g^l@6}bzNWiahkk6@7xRO^wY<#-odNM{W#|Q#KTO}vbj(&8V%}2@r&AcjyRr&}{JPBQ*D?6d=9#fg}lvi__ za))mX_{nQM;V)osIA&p-9f#TU@6>Y{s53Zg7~Ao(@(yr-uX!B4+;!`(^dA4pJLQ9%vlMGak@2WDGS6R4{abCC*XBk?-@O%Hx;^;< zQtF#8F;1J0U3k}J)`q{ml(A;?nj3>$8s>v>7u1KA@g)5-_V^*184QZ>`OFc{*_sRF zlk}7`S61A9M;Y1-O%65R5-|_7rM$VIE%n#@%JVMx+qhE;!C&taXPB>#)2nK(!FAv+ z{U)?aZ(`_of5FnSrTQAUyMJgM9rWCFk4Fe4ujyu~+nhm9#@ln@34sJx>Qs+8sf>2J zzvli%aX@}M{U!f7a*Cd({6!nZ1A<>;;s@8@LeKh-fQ=zuU@-wq#(8cYBn{lgR=hc& zFGbT$8>tVU5RazSKklQrq3@xa)T5ttq{cHiXG7OD8{f~1rLQlJ&a-l*)%GRj5bJur zovV*$av$*znGc)VJH2la8J-wuAJq(6B&hVJvh z73UgV5Nv1!j)dX?=?~c5>%aS;srpwm8~DhhzK6e(qfM8=Ga4P{-eAip|5kHPo#g5+ z+s4tFHXAqK8s9JWEbdzgjh8n$05W-vQtB-3`p)ZCwh%WE;Y;zZ`@-=Sy#pXyl(*mZ zy&VAW9I@ZI5_iyGW>y(1)(onQu^;{EP$&~N1l@A#S_`vjjVcvm3 zRGzs%CSAiZO;1_dtj7#NTS86JT!*%Y{IhBDRqj!l**smoT}@+a~{wkzxZyW^LCvLN2ibD7t}ZElRB&_J!dQ%;a%}`5Y&Uo7KRI^LAmbw3p#Z! zHZ-YgKA(zZ8pdJB>6WVi06+jqL_t(|qI?Yf@+=8svvZ@3MCA*Hsle^}T!rpiJxu>} z++tUXtn;HO9}9!8RY!78PD>}g|yr4fUm}Hq*RP?r%cz?<=6MT zSXt%9?RRQ_*PEne0`6GZGo=gN@U|p`uM)bxbTt8eI3_VWs=fx zbs6zPzG2RHS@GJPovRfuX{P^`eKg*l$GGFr;IuNF)y5PT6*28#*EyGN=nL74_qW%5)r zm5KTSej<82X7e;&#^X3&*NA`10FNE?eLAPQ&H>+e<$T^A13OT**?iM-M9o(*Py5}! zSzLA9<1+5M@8k4w9i875?V}s~+`q-j%GWq@KMvi7^aV1gGX)ilOHNN?=S%tS;r31a z(SH8nZ(cd(aq4QBTxsJm97+tuM)|tGLqh)6 zaMCY^$}4?{9M#ab$&5A<8iv{aF4jMJg>HL%O-0q`;mF#-VI!u-GS?cDT-7nYpKE8@ z=dM%PMaQuK$e-%MJe_n~m5^5Jx%!xXPT^Km@S1}!%#TC2yVzB}!c*!i_(P+u&vYGK z&a?XtvpDN`*UmStyX)yR`DW|rJY9!*!^VP>aTxNA_(P4+ln;*b%GdNau6rJb)BYRH z*}O2Fdc{{LTu<>orp1{t=<#wLkF#nV^*!+Op~|ki+v%&+zVGWeuJ2vv^uz^ov4}|W zTs?F5Q`qY{FwVjtK85mU=y&(0;(Pc{YV3#R3qe zyx9Q&Q}0sH_=_)b0OWm$Y|)^szV`~iyM)~Ls`;*Cz$9GPgaXW4rGM7}{yuMTtVDlj zKy5bnPHO*F%Di>`W7-(szjevQasjzi2>HdIuzo+mHmCMQ{Pt@cuyXEUk%3(H88E^&N=`#LZrg*_suvORL;S(_vX~W zt1$dsXe{vrR-J#lbk@aC@B_=Qy0wA9ye{qu1P%g9rG%yl+pzRb9$#qYps!-t9Wq*WP<+?_uCQ z416DB;Co>F&+TCYx3k#b^gvI?&bE~bbMaI7=blqZD(@Az_4W=; zB=}p!0o4yfHIwb~p|wr&VUTIoA%7lb75ul=UX>o&@*d_hc~{Su)`hBX0B6Y1a7@co z{X@=aj6$6_y|40JFxPQ^x>V(vJ}5sfGh1JmaZNtkg|^(x7WF(%5d!YMmu<1wG#}Pa9ZVzc4#x&M=>GavOj#qXzZ`aq?PJg>? zb~$Zy*>POo&%)I4uCws<^K5-xW}M#l($<%MHm%Ez;aXQ6op)X7;>V%$&(=N8)9|b- z?`*oV9oJ(su5VrS%;(|InaA}QwywA97`N4Nok!X@uJ7mD8SXlN!#d8_X|r+t-059s z$M^H>wexpA&kODqn9iNW@^*c=P2R$)Ey`WK)A~AFUi@r(;>P7?%k=X&-?$F(ulW0JDVm>y0Tqt#O<_JmxZB&bJnJC}P*d(vcXr^H9 z@>O8*xM@;dWOq6T-HCo*u&a0hY?&z7T*v8_FUe2nC4z^KkkFBE*$HwL;GGc*gA4s+&DCB-Bv%#Bd(wOzVj_M zPdcsZpDjCE=j?Nrf4k*o+v(?qb+-O~?tHV?Znxtbo_=2670r1KLmgeNaWsxo2OG5C zt?xR!Oh5lnUeQ}R4qrVM8@%w+%bo_pZQ{>WOlKO9H3;L7Z9UG-+1wP1$<4{hvV448|U2{AK>WmlV)6df+Gil(N|f0 z1%EDnCZFzATCQk7-mWVND6Z&B-GaP+J}}}nk$MY7V)CITf4z&hbH0)(sLM}&R})_V zn|jpY>bcWB3!a5ee2VsT7tW^nx*q8rqz{Tl$1J=So<{97ZHRj2#nbUmHcu=R6S+U=a?<`F6E*8f1E!LKLyKd!Y z^N;Hs=Nre5@5klG@w4~eZoia&D;&(i@@}-LAB*8(F?eR%_pIz&!QHs({EM|W&NHU- z**5V9@9_K3tRpY!uRffpOu^j!DH0y&82?vK&)lbOBtm z>dLir1raG%p>dI`?=JaJ@-(3?TI#-&W#bQ%(JnY>eeu8XIR~@)QbYGq{9HY0+kHR# zvid7=jF79o%OOZ>ndZLx?_NJkZ%hl0Wh`6_g%<`f28{=YuxI4LF?^9zUH5{ihri{?jIb9rx%m`tqbm)kGgF-{QzXc z-@Lea@R6M?t8Ae|6vKn0G&Rc;~?GlDF7S(>aYIVZ$Pj_ z9v0X9NA5K+2B&@%Kg}cGlrWU(K@!KHG|`HIX43m|_U8EttvcTe-&+hA0;{7h<=7_5 zzw>GxfnjWnyK^Q@Ad|(HF9{J$(vf2fJ`>DWH64M`fZVax;#Z|`FNWz ztS?!T^Q;5^-FL67kNt2yjcKxB)y9jj#30L;Pan;3XukIDs4Bt?T)yTXQB`01Y?vLB zqP;#+3|{=;Xy{L1N!xIP<_njB6&|Zx$_nZRhj{nege%7o!KZlR<6b!d45_##tdH1m z*f?V8)|?maD482>xN&mR&9_W;&R1rA)!wl+Up@D0bySHnW3_kFO*hvUUwswb$L_AU z;;O=vFVt(xaZrwXa{SdTx863n?%L%!w|3>kdEAa4x$uIEidN)@)73c|Y0X0qP1fe? z+|IwHY-mTE^GF-l^1AnPL`xr6GEVoE+>0){q|TxRzc1YPxDDm!dCNGy>+U#pUUSWL z_0@fNe6hY-yHSqCdZdn}>Z5Ar$2dw@%FK;%`q|?ZLd-a3wIpMNUVMbi*Kg&gbfJSj zkJXr?b?4Zs%eeWvuH#{R-TvIOzmoHAcgk1kmsG#dOn>#h^VbnjJ>KXlbqd27vFU%> zRStX)KDegF!d&dWkFSkyN5s4s+J@6{deMJYKsLx1n^)ybUq>|gLN*~>bQk5tuAqj^ zN8%g>q`&a-P}+B#l{o_+>UKf^6TWzUR+uP2j&Qp2%B$+QL&xWR>C0!=m-!u=bl!RA z*D-sJ^U)`B)^S}s2Zz^Ob8Ve#>o_qdMqGUHr3IgpI2=!O`Q=yExyp`?b8OW)Up=>I z&hbf}ufF=)Ix88Uxai_bs(rY0#CtRI#&Urb~Cui4ZZZuuqnen_bbHq_c zzR)j^Gr=8$1y4N|&XK{J(uRo z&?_hBW}bovj?X&loZ?|$``U#Qr$xZ^_1E8!{14ahPhFRJdhfmW);ZhDm)}rx-+9hx zYJh8)Z;sWx?D8uncinY&_1D}U(?Qp#jNn<_jy@6t&&qBc+7N%ml~)JW_ZL0M@62L9 zN4*)BbG~|B(M&OP`1I@S@L;h|TD4vph|t5;9H`qi)1dCQK!gTq^IyFK{0D#suW_;8;04L9Cc z<0M^h#g~0C8~tCm{Q5c$4}P@0I>+*qD%JeLzW z%oTOsa?7om*DvN6*d5ZZLD|K>ua6wqI>$p^owJ}7&`mxua>T0 zPAPAUFAR@&1SG>1jOx~RM|+)p_PIs7#!emAU3Y!;y-z#AXB??%z8P=w%emP2rt%kD zcu~zA{n6fS`SSnem*sfTj1L+(?`s!i?mt`ftB-5eJd|_Bzm}s=w=VjCE3!j*{L;r) zH+bJhlLs^Qsj%Qy54!aWumwB#@yR}7%|d|yM)C5wj>|al0NmyS8DVaKNf}2fJH>`R z*1Q!p`H-P!0pG{R9$GUTfoKk)ZCC9C+|t|Cdtdkj-Q2N|K7I%{TWsR1?;95F-*sos zcVD)2s_%!cZ@s;aGn6i`pL$&dtl|Y{(C5aP=#D3Y1JC$R--AQH#XASR^+xgZo~l3f z$x~lm55&@x@1L?Ar}e^TXajHBA}j4qPXSxmE4k7E=|wNRnB!7MyuAC+HVVh}i?0q& zm(|ff=>^~s^uZW*+uG#(aqc@hSBHK(8qP^U&t)7Ok&K6Pz9hpYR|mKhv9~E=SyGyO7)K%A8g5ib_(9W>U!UOtE+yz z#8H%Zl=4F3OTH>Ir9Job33}o_d+$}S-jlH-C*clnGxqwaZvzimUeDw;nDqzD<2I_% zAF@Ai`Pyp({nx2I>HmiR>R*J(NQLIas51v;{mL+zDiFylSufjW5PHV0=@sG5C0d9Jx)Ljobt<4#jeL7CJ%X9=K-&sdop7aB+ zuABrec3KR$=tvzt>M=W~ekEtSl4AKmr~mqSjS6zewP~dU^M=mT*~Brts<#R)Fs!Az zXYO2Tk9NOG+jiYE5gnC7%8m7* z9nKo{Sc=ZMKF(4gQmf1R(T}5dRjtHB+AgbsHLs<*nJFX`%Y>@p^mD!^|LIOZL~7rytgXjyAOJ|J_UZtnZu?vV5Kz z&8+a7@*C>rFzWim>>A%crp0T-ko!m5*0XkW!a&(XTTnf`m)C3dy9%|^qus{u#X1@K zDi?FAd7*@fe397CzsDO~QFmvd9brCugp<@%eWHz3ao6skq*B+DOcr>CwfC#a5!J$DyIN=~iEs;Yo zd9cW`%If09n2GNPDRgiW@V=Y+L`-8%l#sreW$-`y=gw0`0W(%UddWRam>d%)S@8we zs@p07i{T;g6T%%kr!U#`lu6YRab^&|sYSq2(>hGh+rpr-U#Zh3nUr`r*WSX1WpU5w z!j!MhzVfFj+6DJIWTc}KtNjev5(Iq2B(y%(UPv#a^Mc)kWK7ds;}q^804;)=)plQ2 zHDs*&Ai+`um>#I0&hh zfK$)=_GPX?*nPTzm&JX?Pjj+~+VD)ZzCNuK*deLcRdHfktQaS`PD@m4K>K|9p}VMGnhG-gu=)!m2uRg%JNn4^YL&``}^5^kUe?Cxi=+ z>9Wth{VO(Znd|t7V}XAw)!>NpDXF^wH;30<;i2)o^@-&EgZ2$LQH*^eV#R|&)rLn> zjJM$}45SD!C|=F*2E0~NU$7sMauI69d0Ctt{u*8JLhzYT3s9sK3gxba>7g&9X!s26 z%2X1nqymRXi2KKOOH))#X_M;aM(VGKc)s9g;G0*+$SZH}MK1)K_?BE%((UJJD)&(4 zKIa5()X<`kAKLHpsJwz4I?3Zwih}`Nff5Xr@_we;5jt)52%#mn#F3X!kDC%lto`kz zkT2!sIy{N*;B&y0_mf!u7buIP$3Z!7!$+eoIC*)!&TRdz4#AjE_g^s(tJ=X=K4)w3 z)8@-OJy)c@j>iK1T{NgVd_2a=u+>n}^ZA;+bM)r#(MPDy>SPfbtT{}uGD`7y_=Kc= z3K;z(m~?~^-p+fM+@8a%cV4pPO$(~0Pd4lHVM zD(lb;t8j;{jmA5iwVj@xX}sX~4LsgBwTA}aZ_FT@YmkOVU(SN5 zr1>awQopGD(u)qfz{=&AQ)My(f5;Z+jHZW#h#7*#XKxOpd%6^H{aFne3;djKa~{0f zan+1{ludJOKQd)z{i-#}D>%qLLxWxkULEI4=ibd~KFmctALz@(QV6$?1U>b5H9PA_ zkE!fXIS;r-Mhs>0Sk|U!dEZ*+UGQko^UcmKV}ccxNjYv!F3LD@Ar~hwxkpn9+`0VI zbBD)2N{a-f?m*lB!Tb3?Vb41EFHa-#c)Yg?i}$^rS#l!gkHnQAp6@bt79RWbD9`Eo zch6ORQnOFhxPMf9T!8y_%WGr(Hz1mNtUe`K+QY0Wyue4?S zAAKJ8)9DCgE;9aJng+yr0A&*JLIc1s=qtBEnlRZ`)R45kINw3l^>D}V;+f6a3OqG} zfDHFL{AqCI9C(&66u*=pKGu<=-l0?*pSPcIh3lkn?Kbll34(*wPQ#@IC`W&;I$?4% z*u+E6uqkQf1*KQ$j!WiZ@gguWmOsO&O=F~4K5j;|&txspu%O^<7?Gx@eaB3e&F>BaPNuiHe`yhB6Fx7Ls%W;Dd$925@DnhQvFW6TZIyaSvBV<4J2qfLyCNH`w- zClQ04z1MMCR?4ni*%KBYSC#K{G+Yu;feN*%ugaBM7y*S_LJFmF`!@E@xtd0?|kCg zqw7nSKEk&Yd9BD6%$(CLWAy2)Ps(i~r9AUq`^7G2$)9hnr|}AYE~B9WGPK#j~A*i9Z7{5_Z~gO+9xv$nO4^ z_kPv>`y$6$q!*B{l$JWgi6M&BE{&BfZ6Mv&pOlk+A*refE`~`ZsPVBrE3&(NNCsieCP7S@w=CS_&LPNRok6ZzD}t?3zWx#q&Htl7y+I92s)kQFL_ObS zLDTN~J`q|6{h5z;998Ot*}apxH>(ZZ#I%;vnQREPrF~Gw&+?x@m7Bn2QLS4cadJY9 zX$4{GtcUJEObWZ}`N4X}^M#6nwodYo!TZClOC)Y2QNOG6d5zxcC|=gc)ax}9CDY<% z59jv}T7xOQTcE=qMeF}HDg@3-6T{4vtA~A2AoBXfH-ldn;F)8;xP;z@u3}8kIcFKv#gfx}5YSALrBR@djDRvDD_}1>PEzn8^<>lM+z5;$ z9H>zLYI1jCraH{DlcK3vXLuwv*E+2d8(M`^s{JE30!uYes7B)sS1|`B_%WIxa$@kq_xwy{r>C#$W$bJoUO^M$GZXi^?ASl4Qw{y!1QoZHj4LY| zj0$`Szv`P*J6Jx^@~;SL6d|3NJO4Nit9!Zdy*gR<0w&p>k=k5lcUm6exL)R%4kA^0MRVfz1tLPnSZrxvcFq%sh z37MDxF^l@zfu)>uM5=*`BmrLYQl2Y1FWt_U?wI{xW0I8YPWQUf1h=Y$q9yzp9<)f} zSOO7v9DJRkP`EiMD1h*6704*aIl(|WJT_tn@PtF42f*d7?@Tj0ZR|0f%LdXlq%w2K|?wtI?P{z)j4 zg$+f!^Lh*D&n5=>BpVpHzOAMt=H%-T3iHjZ>m+684wv8ccE2Qom-8w+S1{^RYGmFM zxiLj1n7)?y99X8+f#FSyi0F^B10J3^S)cy`sq_2;&ZsfJy)@$~tbi|$EL0K&0x1MK zX81>0dWa;MjX2j+|AJghkJ;*G0>$l7LKL$iV}}!_j+L`pCcd{9)pEr%}n;{qU8r)5knMx8~aZHeDn`TdjSPqdBUI zd=`uzo8v&2$0j-vG0fhd__*VzWlyxfjvh44 z+FQrd7ap(A2w5rI`m#r1JyK24lfQdMBEKsXvf60?(gXwlqJ%bXynf=ty|H3r#T3z{ z^j9>LW2JDna_$ex8+9Qjpl=vneLT|8j%{2#3$K>St*okQpJpOc)G4A9Gc7>fbtF<8 zc1vh8OT~+AS|v4kPh|c(YINg=zR#`-uqB3m@FJdt*ONYb_m?gG4?=krH}C;ofcUi7 zfAoV)2B^c_Qheqf!tJC+Bbsw3%TP17`4oY+0}cJ?+S2~@r1_!dEdlzO=JUa)fhw;xaC<`_p#^oNPw$K?mMzBgrQ zN{`{bhr{p!7V) zh6(4xS?wuA_%Z*h;max(7}89^yj*ah-4C4w9N6xz-;9Y2VVFvgDKfIjv>jEyiaIEW zB`;0AqchMepz`VEtl%0_lT1gIh*KXB>MUqzZiP^$h5xHb*8|;+p$$)<-xoVu^Q6^K zVi#Bfv;rJ%Bq_rg0tZy?2qb+sA`|3+&t`T~ef|F3kVyM9?1etxQ}{2=o)tPqnjd7P zNfsw}P{ZqepI7K`7j{GD8owXgm5-Hz*QSJy$vd7x(r2IxF_4tV;*S#DwcnBOH1ao0 zB3AXartITc?`)3*$#@>%1yUO6enOUbDAEuQvrjHX{~mjn0`(z z{Pjs3{JqqsAI-q1=0AalMK*k$;!!H2J<~5?_kIu~h$LAyD*2v+ewHxqn*jrmj@tq5 zPv{^q*0&Jjmktu@iSCydPDCzIwjjE^rCVFC7%1WU8NpXTxoW~p%l!< z4KH0mo4D#;%Q4m zU1}#0Z{mZ`1-{fj$SRqjYv$JD$#=Llw4acbR_vrDq#9 zy%J9%Rlz(xOI1BTdOam2U;d(qrRrPIWt0ylHUG?9D0zG85kKXg{F42Ii%wfrn+i@k zEXK@zU0_eV6}JxhwCZTA_!q<_l+R$)$_{)wxX`;LsXzE;(N$~lt1NT6R3gL~;c+W0 zbvkI$f+*z+w`r41xL%9*p>2~p-(5Lh@}6CNHE$B{eS^o-t@DFdt=`O{7Aua4Id_Jg z;YRRZ=+2$h_nnY7F&m5DOYF{?;c*9t*vgciv(fFDUjT1XcG+M{QnA)p^{WIFMA-*A z6SbuFASW)Bc&SljIMz+=Ny;FeG(8ZG7RdGOw#**PfB^5bNsl!5&}*SvgO7X7%{^B| z?tb?KPZFNG=7JHLX6)dB<0oeRnGPVn`8-X{}a z93x2Dab1L`k#3#xtUIIMeMAiuo60Gzb*j1=2?*w%`Qmwi2H0`!?}WOHsXBmOY-upe zp_c+52~b!?rjqKK^r%Psck)iYl7VZ@awg$%sb7r{&s}IZlr`?yjWhjGCc$?+qv;@L zLmJ+15MgW(;@SG$8souRQgB}~{m0b#X4S{N1E8KnyXQ|l(9zssFd{jKKJDK(DKB7Ok(HTJgHntg;(1!B(dJ%fT^5jj$a;k1&)t_sEvcb zV#gXmN0Wh3$<~X7zRi8cK8@$hK{NrRtrLD@RGn$$Qa%y7%c}mBH8X1HX6Jj2LHmM( zHC?;3>TFfWr zAP6ZL6LrT~DvqIYbH1rbV>%ig{<7Xbd>;RkM@Um-qo^Pokp-#a(XF3j_WGWlLB6Pb z&b61u;G~0;|5Nm3I^oV%bDY<>di^h*q}&MLxngEhz3S%dcoBL7wk2cVw!~}Ah>DbW zwDnb=T726uAKW~m6RhdpYNDe~4dnu}o* z10nB(Ez_^)FaVpHxEA8aQ-KDXN;+6C{wlgIi5bo61>33o|ZP^jU_PcQ$9~ z1|D)kEV~i@AnW}${+Q9YbRqbdob7s*7CHZ9U_V!9=FNv+5A6QDW`Co!Q@^mcsq}j{ zv^3YhGM5I>(YfF%n<#%<{qM7KOKCK%phYxS^YX6J)tTL(#A+CPv~8gUn#mQXcGCv* zFIzNxMHeHfnvhZ<(b@zc$Q~Hy`)aezN$4iLOAlYb@4^Bl!x~5zPbht6sHsoa8$=Jk zZA=V%l<>;9LkK(S;n1p65$!WgU?Eh0hutaa%GECL#0Jxh_$_!C)5=aJtedoIi{*}3 z`rYe$eOWWlVXO8*5uC*5Q?oQl_YvKU(}}Xo|^(Z5aBj> zmf=ItKa8W2rErx++i z$<`|Hlme)0?I75b))`E7*Ow{$Xt43tUQ*_Sfnr^fZc7-BT)U^p2q5Tc3Kh(2Fl%#l zEhSqo_?;6x(7(A_P>{{d^Mp+&bd6*$`Wi}N?7#3wJ#Bg5mwrDLZ0itPxR!n|j%A*b zznCt3(#Z^db+HR6TQiMM0V_~D6OzB|dvO75z_2ysqdG4?=96#f#dk19-HU&D2jog&c6slKVND#ep@C#iD!;hRX zS%kV5**AXBqJif{chX(|8iMY2cbtb&ox!E++&mhTOPK`hs`jvA~gD$kqbSqTIjvXs081nJG?)sXW8#%kF9u zX$-dKaJ)~V{=ok8Zv|$EPK^t)Z!BF~t?41OR;Y>j8MBelUDAqPG<8B>wT(eWv8B(W zHK%4$x+t?~(v^%ubI50*-(X;%3=9|ili7u<-5RTU`gvwR%D3*h)@>$*jgPO#;#CuG zpl@Pl*6C%{YSDE$lHCNF6@j|%tQjt{KpFXT9by# zmhuL_aPW4Osw}WK*jk$etvRfy1N^D7FoZW5PurLPi=Tt6qxi8*@AZc=?UmZotRzh9 z@k`K;>F7Vc1fDh+%$6pHm(0dtOUig{+ST`+)2B$!UQ>f{My=0z)Q^CP89a%etJbtOA`HWY2x@P8G`C(Cz;_Wd3 zUf(KEFfMSV=f2h&tcNkBS}{}iFSZ}4)x!-+UNsLs(Ep25zvVkY%v&M?Neaq16 z$ZKYVEGr_-Nrtc5jUloe`WU|l=JZd{7#FosI^;N*>NPyWB7Q0ZPb z&0(=nK6^v+wI7w0KCfvUAHLw7xNs51TY2zg%RgtGH^48m7yFldq6E8&bN3i&2R>Ex45&#X>!)XvDN93*C!HhE^bN6;c zouK$+V#D@^_Nr^k_KS{YD^@L|!Zb_XxIo7=4IrdvRWK_%u7AI^f;p+6EXrJV{PG9& z3OZk`$Q^Qa!tR@NC-i4EwN=DeUHVWIwI$7LODdZ+?qAWBZ!nT(DANg|!e`C!Y$5rc zHr2zH0S>Y6!zkWRif8Hz+b>HS@id&)Ha8Q7J%@l{gHz)dN568fvS31Mw$Ep`|Decw5{nyDntK-u)XmuvrpmEX%~ zC<-a!(QK`eSUJ9IQW$}_D>)y`@KJDCbg1V=O02<2fo)K^exTlJrrTN-yV{ZB31KhM zgsgr(be7R(1hxQlvB0mqnq5g_W#~!_-R3=t@mfBqdp_2c0vIG*nM%O0B;-Qb3GTJG z@&{N$Rf0s-D-60>T`tay%={kievscdcP55tLiB&)>HRi@sN@b$W5w^r?Qsiy4lrd_ zIqO_^#Z@sLtJj}>gdEKLO;*n!K@0AoEC0ey_Jm5KtV9UKZF~7;p(}K}qSGZowie*t z){Q6j3m_2=fi~M+*NM$Wx6+d-?K|-z7=6rsc>e^6V37=2@%sQ=32295vAbSrv(FKR zdG1FQo^yWwO_en$D<>4-mgn=I`&Yg|tJr{Oxw3D>pZ_l5E4q1%P~RAlEA!n<)#qCI zmFo$P>`zL2IjDm~-3tVSyZbSaKMc5aD+=TRgTKZ}wq3%qk=hjt^w$UQ_Xpx%AF{@! z42?<0HNQ5?`UW~VPPe2`-J<8<_0K1A zP|`D-DE(6n)V3}WkBxr2^inV)ZrsB=Lx#NF>Ey1%ihgEM*`$UhnCeLd4+G95?AdF4 zVc^(16@X3{muLCTX#8J9zkqP_Bl&=3$3%s;?cHv_0@ z)L{ya#rDJNVRKGF3Q2>0mXMi@=^)1{tSf!1XneEB`4WEi`Tl4SA;@Z`vSFOj#Z2p_{%bOXni2$N9THk0yk@$aW-9WPq8A<;wt0 zimhaU3>KwZgD(P~IZFYS_#5x17%ev6-D?fw#b6uTOt%lGCGoCZ(qTD0U@s-xFaFgm1}7`}jX6ffLuyg}X*@$>Z`;qhRePqX z1dMH&o_wBLP0*tqnIk2Y5(e8B{U0^G%m$VA6b1nhMkJ{6=(#jsu9L{*B5PkRnxL~pT`S;Dv!Tz9x{nNO1CORY8>1boF`L{Aj zgT80WFCYz)AunSaD@e91%b-gj%9#U*a-tK6b>oTqv(4*#d&%dcVYuL%bd^2K8+;K6 zS6nZo>u1p@ZI&ymyy_I$vIaOC!pX!nOkgU>d5PPAj4U1GaO0KVCKtYGFahQHB3!p6 zw|xZbdkfL{QtRLsi&E@q_wc&x@M(zE?-U*8z)T?WfJ8Q+yu-vhM)ikb`@*4yF$%u9 zgz2NUpeGow-O!$}%Uo_wgYIlXhKFZ6!;x=Z07Dba4eV7i7C4T%7W-0fo^zW(bG4_A zDHDc&y&jK&zf^AR&7W)kY0%+#zTWt?VcVh<|8g!az%r%L|GxONc+ga}c}Lprar1$b z_R6KwLc_qJSRHt8AvB~XbRW|`GKOYrhigDKu~z|HGleOEOCW!AcnLCBVRbhd^c?b` z8UzTSfWJ^0mi_3$`O0$&&DN`7;p5P}B@?FBu5Cd(nmrLu*KDB9Jt2jS5%~9Vtoh_8 zRcA*p#Zo^@Byxk75S6d%(D~z%%F_Ua@IqY_HW>kL8)^I}%JCUA9sTtS;`q0DH3^jf z^{<}q+}QGdiTuG#acjbucg1Y%|A17fmj&Fmc9^3F?{KI7t*DRt$e>VL0-z#-j$yn{l}iTD6j6$wSsxm_ojIce(5PhdVd^+LWt2QwMt@ zu~>dO(N@JOSAJu5Q^EXTIi|=ANX71_O|rh}PTqRn`m3bDwt(xl9x`k7eIbXCT$>@U z<_*9KlEb-D#z39k$CuDOyY@5vQcQ7!Du3m@2&XVnwD+x=>&l1bj)#%UnuWIV8mKLI zwlgNDw~q+C9%$Z|s&W5lypk{q+^gpv?Iy?Px!uWBS^I25q)CAs^z}&H5J9f&B1&8( zPkNmVH zQ%AyG#LoRu%|oE;Giw6Q(p@uan|(*@yu#8#z(PKMKd;-|x5dStqcULpu=~$ce1LK2 zr&bppIg3a?9=LlGCp<`@Z6c265`Uqm<=VL1(jFfLC%Y527i*?%upmOO+pW1Pw5MCS z-fHKV{+LldW@M;896=al+oU|TCu3e&P; zC?e{@uS=d=)x*xReSaonS;7yx!TT<=egEt7F4m$>GP`{b!?z#j$)Ux2tzWg>|7iTN z9O)-*N{W6(5J+vj<(Bhp>>lqx;%3Sp{BFxsN+tA^fF^Xw9|z<#{Ii#Q{aVDs(!UX6 zzP}(`V=j6mdsPd^r{pO6)PQ%v#$rL6Uipr z`pKug+_L&tBX1bhj+8$bStlLwD&zaNq94$d9*$)Y&FQu&%U(khZl?!?wEO zMMERwqYD~t`ez08LfiS?UNQ~0EEnM)6Te8<=voJYA$F&E^9yTAj;MyN0=bcqTl>ez ziT)?R`DrCIco8Z8$9%D|rp=F?@z)I0Qmf%%WtPuGS+GLeU;=jrUWqbye-z(SH`vY< zH=??t-?erU*$Iv-YOwL+)gDmft}O;y)#r0NuJCMK%>Bt*D;xB0ZWNmcs}?2cqXO01 zy{;mYC+u^*Kf?##=7JG^zHK$X zE6bAp3^43Fm*g(?Jk7|E)8BX6|Ih!G7bD6|F}Y~Zf_)&rBz}%K-plC6)U?Uo42!F% z8gCv7Z3Wypq;RfRadGC z+k59TlP9L#w!HSj#pJ}{II(Gn*Xpi9?L7|$y9UL|GL&W8_IQnZeNH$niXi+3jr<4= zbogOwJk!`-cu8LWt@pb{GFHMv$GXFdx5f)a+}`rVFL^+EZ(5aLUutF!3s_rU?kS~v z5lXQKf^Ar=l6uy?We{?D<-D2b#+!%mTCz^*F}zkv_r33|@7(Qk z(bcil7I^Gf(L*zDui=86H4*hxS-j(PxJl`yLAn|pG@1|2crDr}V9{y}O6fRnl82X7 zo|^kE_cp7Fnb=A4l6E9-t^BJS^)J-gN(OIUW$xqTj_vt#*$LZxYHuiq83^0_hAM*h zq1PLnN_e?U{p=P^p-|LrSdHC}owkk@BL<~(_q%|4=0cEI|9`kD%A%GXrmdIHQjLP? zhi!EwAAO%>a4(3L;$xi&inlz}eWbWSVQXQ(aC82Ui9c#$C4H;Put-!bWIaZ*t~q>vxz zb$F5N7=ZF6Ba@YV{-4?l?ARBXppcweSw4uJLZ^jv(_YwL&$BPxWQo3;Q&VSIy=}p< z`ZICiN$Pm=y|53QRhbo~Z{4d^qA6O(J5fysmAMCJiNJXunFWcf@w%C#2!=9{Er-}i zXFi0+E4S*POf)V|a*s@tI92^$V%^l))`6iople)$!}6_#@_1L(a@^oQ`n}C;JuIP1 z&>({gPgR}^tp?w#^2Ty=2EqLR8IqzdMTina%aOcWt{4;_VRiZT4)p83q@ih~t8J2* z1mS1Mvv_7;yCul!xDGqj9&(c8r2^l46UK`e9ISU#7-iQJ-nxt60M zH=|$Nh5xQH+I(IT=zIw42B@xj@W}DL$DYpx@_K?sU$6a8Dd))*IH_mtY@{DQfp*^H zx5*4S+)iX*+>fjxZ=c`Gr#0|{Y_8g!0gB+0|D3KwI;{vl_6mdteI zPp#Nx^icw3E&u503;)hcCvclNm;7s=*RxZO=%nHFM2GWn_9z+dry@IU(~t${o(k-O zOlNBj?l`}pGusB(94mEWXn_>O9wHAZIh#LIqR=^kvRNcp(?^L#Y4 z4&>1h&PJ4B`oy(T7QF}E{gP0nz_U8du{*wKMtjpm&pxF^eX>iH$KGaE@+2O;!oj$ZYXWMEZeKtf6I{MYK$;k z3Rt;Jwen&3R#d_hhH?HO#yqp_6@K{A3}T@b%`)E(+WqlBi!W+_+cmBxgtvO4DgclQ z$FPH?r&vU+G2|VDsy2_Hu>NJda;IMiEciw#LBi55ECN383cu}rdM*t1xH;_Hlle3H zkQzoB`CDj-3k|+1^XkD{| z7x4oMGc=wV<{G^4sr^(G*ZDK4+LPmq5iEwRemPGitP)#7>2R>3NeDPPVS}Q!y zV>K&>51z!Nql$R4H~aV+{gTEa8waf>iYO;ns79n&l`T~ch4 z)w20&vh_?6cjJ0Xx4G%`%4!*cs$wGF8+Jk{fN$?!T>#6ycs%ouKA9M#6iNrLakwkK z(FN8PsvaJj^(8mdV7ur$0_hgHg@1R}G{;ph{BUMSWDMl?Z!WFnQYb6qkwmpya<|%SmxJ4D`!pDr-YwYXlr`9Ja z3d)0icm_^QnQrcnIDjo<|K;crwZF}|=U^2(}V7B?7kn&Z{KM46Mm#Feh% zMzJbuzXDZFWFE$0GT`JQ?pJGR3!_MpOnqI2)2hk%XZwFT>qIqVPqs zK^R!h!!w8RL?{un)#9_mOONgwC%uzRXc+vX_WtUexGSy()w^{{5^=kQnWRf^N0dQ+5vor*_2oHYN-|oyJt?> zoWC|pX!?XXPYnm{P3oN#(-$rsx8veC^7>hv?FEz+9rxB`nWtOFR8&U)K)44!Bgjie z!ZW_O{S5H5&k_jlH>|y%FG*H){$f|_dK|MSuhbRG%9m7Tql9~VCh0+l#FJ>NWIu*w z(?VH9dBu=rjE~52Jo(zQwpB_}{I7D@C;~a<6-#J1$f*Q@!j7w)UvT&DFZYACT7BbJ zX8~rfJ?TtAA*kekl}$o?$vwhVtuM4@*6BSiS{Y4}#`GU2YC1d4-ia%dG-CVRx>k1CIbkD0FuhAGK7 zE^f_cYwUlAsvex#`F($Y8~!J$U+bjQ!4l4#ve$JJL3saYk|rDvjft3Uq>RViZvig; z#6zzhH9uL)ZQqai))i!@6gtD0S4&a(P8x}OFSm*$@~m<*gk4h5ND!$(fH4a9UxTxN zRQZxxMyILx$(wP|jq<%=d9E#X@ou}JklIER4D2uI4&pHRigG!icLzt^9NE-JoqrTT ziH9>Lb2BSt4gF_vnVPapn-}Fs-6YhG_P$lR2dpLI%u%RvT+8r*&(dv@dGf16mJ~0> zZMdKINsztIkSLe1hZr&$A;DzcOf8Qwykv2hHe4H=tnk#h9qqDtom10pY=$9$GSHFp zI{3_aExxk3l!1l18>5Qn1ef7g6{vSVX|?kedKu__COx1HBb9z7*aXEK@>U1Qdncd~ z1`~nrxuVG|?sdJ6y_DiD#|aX3IndnxogACE2gP@uD|5uYkJ1VX#C63doE!atCcXLX zp1E^`>@d`g^y&n4y)Z-X%sJ>}e7XHrc0G2ZiFhdNbH7(wwtBx6yH^XWa@m><5TR8Z z$~Inz+mM~Hwn&Qk?aL?LoBSsJt)ZKBAJ;(|-GCsq`YUQyN8R(Vooaz^xXtoO!Mo@b z5ZwXrIwIn=_H6jYE~}a%AS3Mw?m{v_(tBWIDas_Ds{_J3F@DA9<$J5vDc{FKXnRCD zZenm;m4SzX-;J6_#r(I?WR6;dU0Tr5X*)nJ;;N}*AgjWO&4fag2*|%E^6g5L0`NR! zuzdLJ_Vvmo>RJfX#P_N;QqtS>7Nr54);#yZ3=&eu<`PED>JZy~K52qXL!5m`60n06 zhB%Le`0q(*#mVtr^pdSda#>5imVH(4_BIbHs_;EYx;7~!h`KE}ncre{ExR8l7&b z@>)i*^K7?;JS>VxZSv_6dWIv9KUW1~%YC##ODwU|+L8S5X}C?Wr04%pBXATz>Ut;t zny`V0*hzJ$oqDxIiU4Y3O$=15j$7o8C`2Wnh_!Bw_me^aR>!SM13A*ZLi_*6s%?Jg zvO}rax=NLUu2Qa#p750LdA@#^?~HX{eNyXcYvB=cIjBtBh#U*B;yD6U)C?ti|qRRj}kw#8-H zIn(j30+a41$k5#HL1c}NL}(_a3G3^J`T6G66rJRLJAV;KMH)S)&*=KYOrrQBZ^#X` zlqRY!=X-St;HVrtS`XmOUr})As;j(d1n$?JjLzaV_O2f6+%TCz8ZzQa_}T)Eq>;*4 z&Q#)R{s;^|D370jC;>?1l=m<9jvoKim-uB1I{^bQ`%_^8^CQ%`?gkyj$EWcfSD?#gAG>d@?-3CJFVS_|C#dQ1xM24shl$`u;}_rovtq|dS9xv?_zG-wKIq*}{k zCSImE5?H=wk9epE2esF*Jx);3qRIhBGzX=GuS;$}0m|Epbhd|P1%;5nd;=!% zS%HfI81>idSf_)isvmw@8qtcD&9WCc0Ja)&9ceC|Ve+r$ATf9zYuISm>2k}+{p*Zt z!it{CQL3t`&pKfUSut)F`ggGtB6zW}sw_-{5un*_14na8xaOhu>xpMYbr?4m^8tC)h=Y#Z@ zk-q9}%R^N{k!nBJ`o)V29^Y(4r|)E?nNd|g(OA`zTSw}!AeyQCsAozqzEKt?;kORF zAjwfTbRY_@-r;9NNd(VJ+{f#!R9#96Lhs=GhihZ!58OwsKJBj+$a;FtPa0N&T|E!F z?c*OR>hD3qAX^dc!yh_`M@T&q(AKdojf~?1Pfh7n8N!Vau5Y$b{OE4kwGN|dR~2s; z(G=9@nl*|~W(_Oh7S4i)GCr6+P>AU4Dr5fjBIZ$xCUfK<6i$YE_GAIVyuToF?CEs2 z!I6a!-{d))>4t6vu-JmX`PJOadeVS#mIi|9!1+UO{X8kT?BJh*sF53wz=xr$3;aIY z#3U@{db>&hc#h-h(shg7`S|-jQ(m_E0{8c7S!NYOnWpDk=J`;al?FOynMWi~cpDl{ zsv3|bJs_dB-m7Z9gL*El(2m{dZ&U740({|Tg`Y(g;~(XlU;Kxj+a<~Eq^~4*q)k&o zFV{wQ2l^d9^#}fy_1db?Qw6kS$MdZY9wei0x07DhvhErnZN&V&P&aqaV9bAtNP7`e z_!xBqJ{CH5O(_B8Q)>V0^|UCPige-qwB&N6Cy-J~jODbp{KE&G2iLPGzbugM;mT{Y z@-3v9QF@_}8RGMI@pev{WA$+?&Y8G+&>23Hz@Dmi<2qS>(eO;m)xar~+aomL%3W#X zdOk>29&cG+>-?TaQ-H6N4$>|6HlQ~_k&cf@SH-zU>#lONBfVy;^J{T_)!f=_gz|_R z(!{FE1=P9=37dMEx>Us96u%-WUE<$V==6L3GLgy5QQyPTXFDv_fmfFM#hkRB?A6Xc@JToHx%H7(Ut<_rv_3-S06&0y&Gqxj7 zWLUEJaJ5Tk9NFG+7gg&!msec1N*Zd1rs_oyFcC&Xs{InhZfwMrcz*JcW6OGapqNu- zWGP6FmwEb>*;ryd>l;^@t^7z1#j08OrdfE=&8P8;cFSpss!7?#kw48!OaIzMHd{i{ zL%;%LL%U?OpS9=SBX-(wmr>+QWC*f58R@nh@IXJdp|_T zB3%fV-R@r!tJOWI4Ii|veDmEL{|l52ripj?^M4>=p!{=#ct=+Aaj-2 z{JP3Zwfqp z{}&n}<=y6)ABsZoUB?uwuQpEgc8<)m7b+#>=6EWEaqU@J7Iopx#|X>h}kJoeaQ$~o}Rnukj< z+&xB;a*sdpcp21Itq68X+nNYi0_&7hPA+5Uv{O$m;}v}zb>tD{h(QAnu2~a&A28V? z2HN3=A6ANfP%$|)v~BF34edVq*yE*CqObd7w0*VPzFu|P{YU(D|Cn{x z)mm+<@{|xvLKKXZQlEgBAfSL)6as}5wflL`_ntf7T)FNf1Z3-LIdJ9saL$=CGiT16 znK^S^w}6aI(`L9P#-@#i(|PyZpRBdAa>a_0X#s%MtKx*D9oZHDz$5yT@g-t?*Il2; ziS&^QT)`EeNh{crs_#uw(q-Q2HPb9H3>nF?+# zhye+Xpdu$+J8M9(L7UG{#8@<6&nKJU6Cb~`95nP^AGzZ6JrZMn)m1A>9=sE9;N)JL zpb^K+X|K~P1}r%1!xOw(yLL^jSx&$YB1hLr!obaD7NQ+R*b zWgMu(W#|ef>1+P1Esn^waq?u;(3PH_qGLFhp-C`Q@Ibv2H$gxF83sJv?BnG8gE{%2 z2RZy4(U)F&sf=QJ8oxX615!FW2djuvt*AgSF2 znM+RDmC;R$BcmKBb0Mfjmyr>8;src@8XCdE2e%^S)&5uD|42;3Zd^H|CL_rL$c zl5ts`*7MIpm$gTp1=Iv*InZ>*57Jh^9-ZjIOF`6~+qc&GLJPjph31QMdrurAw&TTF zQ)E(rTOTrH9`GL=b1lfo5w|88_{&0vy}-J&cav?#IY*xHD)Ys=PkrjH$i}~yPFxUP z*e^I*^a9;0ps{7k<{HaB&*+CgoyKVsj55FWN_f%D0&DgO?T^Nu_2XGTPN2~K|C7Kp zH?QYFfYbkK=su9(9Q{om;I!_VYpU<_(Isyhdi?SAE#Newvoh|XBti2b)a{%mo^gZwOuet7heN9v%596pnI zQ3vOjvS$d6EQ-GW?!kkZC*yr6aE9zFGHAU$9oyuhtcRaP-{HT5osVYEek*kH5$M}m zGl6qBdmNok-mMvZ?PX*^=Fku6q0lpY#X#WqqRfBvdHhCt!QOw>RV&lycNN5V^2tNh zRsf4EnRh`5YyJKQc7&hOJEl1C@$=MkHl0%aXIk2I(A9>_p z%^}%a5*yFq2)mVhI20@0wRCCp)x{;BHFh3;`YegiQ=*hV1#?}T^kvx$)^FHQ(d6f{cs>?m;k7Ih3gr4Y#Vd0HvGnq# zQs@zBI@eI0#7LgPBDkDjF}j896^hnlf7}{4Z$iW6^Sr%C@3Qa#>k6?iikovu5Xxjek5*cd+?N`Zt+F8Sjqp$l`O|M4=^Y(9VbC!a0@ zhH_+N3Peaj!&7tTv=rYwb9QA!;1%B6s2&e*^xJmh)-u=yKWtV`dk)5Ed;Rq{X8u>A zrMK?fUUSB{lrKg@EPwYQK!%7XLOJ=L59Vl$A+;q z1_dM2CTK%97nJwk{Pkx`9<=|9|N3VYh!AYxw4tXAyUaOW%PR2he}4Xdmt$8!nap9Q zF7Mg1H|<`jC_Mak?ATseAvW_Zn>UxNND(8W-{XMBp@b{hU%hJO%8YzTU*v^6(5avQ{1<8r&giX?OW6XCW;_NEyakwEi2(qg zb`r_enmGTyHgPx`vU$N5yfi-?#e433VCFNQ{!}@*j3&XMty?zN35b)8KmW5otxcWW zal!>dIC(2pEUz^#&}4q#Zfx^!Ztzs#gDlDf;aI^JeH=T+#}ITPqYHBa`%LkqjGoMe zd3P^L@533e0W-9B?%ZDMi!5=P)H62Uj6wN@FMO%sGN>5xc*jWPMA8jt;>2?(8Ci73 zXaDLi%dq9Nd^$lFK_hZfPFG~d8eW#*201ET#t^yu@}-r9fdVV&}3g@SI z8(E@z8FZ_o*Q{gf{>m6@3@4|c){P*6U>hgU`c^p2Xyd@GTer66fIhk7j$6wx<@5+F zeDtH26b*Dt$f<%3@*N0Y7}UhIqGOOJo?OJAxv9)-+ps~t=Cs3#CM{PtdZTj_mq5^2On!zHp1O^-&K6(s4(;dC+KonSOOB| zNQPE=$({rUdxCXM-oLqbe>u?0A{(0$$g_;5?Rf zD!@WdI6((TCYk=%M6Xyw*6)p5Hy2zwPoWFQFqi^MKgfw8T|jm@=jKuX)G5_npSZK+ z%iNIbH{X0Cv^-mx4{)(J_*#<`-r#TC-pnV1mt4{piLa0MO621j~Ha9JGL7noH966jy+wB|dw zTo8NC-XPFuoqqC@A1|8@pU5Hm%(~gRa|l%V%7wtSY#n;Te9|Xq7vQ*V{rbv);P85f zj~vR&g5RP=!|C(J?6dGv;7y0fO0e&&j(!)&cqy>V*;U~WyUd}}ru2I)bB<9P<63CeoTJfT^z#FdUC{{pvyaBxxVi?SZ*I(yZz>|p|8Y%J^8JXj}+K*@Q@ z-q^HdO9e3mm@>@FFQa=o%VdVVd}-_ra!9t>;gAlrnjt%-fi4tXICu!9B8KKmSB zugabvkig#Oe6Pt~L5_csc_fFcR<91OFU`{SMy*eF1i2-1>_-PY)`xL61P?)-Lr*1u zbe%&KUj_I;Iq-Z5vh#G-3cAP%nzVz{+BoF)oM+GHft*3%smV*FTg`;TxP?htGifAARm~pZgyK@OZ^Qn0E?>iL!8{lx|lK zv(J4mTJuI00Y(!NZ3&ydIe1R)m4cW1zVJ zKl{G!(KCU|0LMZcq9om~`&Rw1PUmnO!x;L{;&1E$R9(mI=I&?lnZtJ$C(laLUFheP zesg?j*rRsS>YIi!Ot6Ox0H;a6jS~G;o$^cJxA1ny5vB~Uiqj&}ZDUy(NACG-#@dT+ zThxqK%8S7--I8LYfGBwBZx05}>oMdQBn&2*1o^g4enIt|ET*K+#;~!Gh@Lu){l~9; zqYM-qJiIxQyLazNX2SVVfKD5}{`GrGxiGY(S35~~;DOyS=6&xHZ!V~J z#^oSh5ar9E5_v}xzDrZ;6u0~D-(9JU@Nvqja99~b<^x}B@PZ$VZO-Ed69L6H3R1Mx z#>%n!%2)nAo8_WXz6>JDxg5w4#Nf0c|M*8w)CR`DF^|$uIiqCLiJ-{0K*H9oo9pCF zJ;lnf=A=;UPSl+4kPS3(I*dcnORZ)2m@^KV-x2Yv`*S44S5(!peTaK0#fC*(G%Z$~Bv2k5ri zw4HD`?dKGe8OEekY-z`g19D+=f~zroFYc>f{l|jG@h{r4QQ3T)UPxhQSePFM`QE+z zV}L$ehWU5n%##W72d8`QyT1%#bNbLjduQc(_zt|&#cS5Bjq~!GGLZJ|d${PbM$H`~ z!*3W^V}dGp^>=^w)mp>W$REYnB@@!=o{rJ$M3!u$=eldJEnYi?+_r6N;UkJ}j(ol0 z`;m7+6ErMcdRaL+PVVqZ+O-Y()}1@bIY5WgU9|7owI_SQZ;B>7vQF`ZVPS*i1ohNKw{TJ1GlVLE(S{#4`=QtC0+;Lli4?m70=Opff zwPwlM4RKVZ=Gz0w?ce{y*Xp^9i|7IC<*7r5N=I#vgUH#s@4j8NKFB~jLktu~ofA>n zP30_Z+foi2J?zAUBd~Yx!xhlEDGrbnOU~|3`CSh_rumW1Z3gFNSVGTXHYMfT3uBh>Towv3T*~INlePE|+N_OAKE0iHx^jJC>u{e z*~yu&`Yn&crkIQGJ@!}`y<3qtG=GoLJr(*$q2Omtb18} zc;)2(=&P^QUPV`YbML;a#q+}Nk0tQ%RK6~>rfdi6S8(j!`yR-N`H|>{n`+I{aps>+ zALQnS!kb=T%sW999JA-x3*hK0d328X;Fumwwgl7nS8*mT3C;G^t7GFl966&a)gz1ovt=j1@#5HJ=j3p1;RWYaI=b=5GCgF? z;1T(}D){4}bp;o}5jH(NDJV`?ZrLKEYDskKe-w|5D@)>>*byAFJ-c?-i8Hu>r{Bi;()A36{p^CUxe`SKODha1n=V+7m;nU21Cw0Li> z4}Rw$2V!Px^uCkpa^N>@o;mRF{t6y%*tn^_BC;y-E#tsf3pn_`azG|`+;(g9+w=8R z4mJ+n;48f>2qGgw=EjH4{ZO6w|003yu&eNO(of&`+KS8!SqHL%WmJ$SegJr69bWbm zc$j;K$Cq4kY0V#bae%xa87ugOAJ)FFmF)hx$-emnM3j58Z8C)0z4#t~t5HDW1V6OkT{RrIqx93^p|3fk4 zFE}@EBElJv(g#~{54OHtyz}fm_!d3*-s|tfi3CGC_);=mI78Z~>pnIsrTaELo&^lF z^)Vjh1U93FV^4WI?GVXjcz~%GM;lkPz7@r9Gb)&Y)9}Do(Ba*f7VqHVqcGqYq!q*n z9%H(^16x}(gX0;F@Gy6H+%%|HwAq)FkFD9j88&c0LyxIV)1*(2qaRqFdmi-fem$;d zZO{VW0rsF|-0MTpYB%PYaTT!Df!Fl**xtbj&fqi9r2|v?oB?uRZk-GWju=N7+77rH z6a1z{{g__wn?7R|t{G1N6JOD$G|aFi{2ziC-mBNHaq$lR-n$yR@X9z&uZ_{Tz=IRL zW5+Gk1{`yXXYkg)114lr${Xi*fKToQIn)+h1#ErBbM5`KHPG_b?X^?DX!*@ka2ZZ| zz*MK835~`@hkzi1oMS1CmQhU})!{*xG4BT+;n%SC(4pXUt-;K#b!RLzqoMf%Kkq!7 ze@>X8I%W*qX3 z_Qn@%2jVrvs(hj~|;M06we&y;E&(b@Rbl_klW+B+ni!qq$bCmpV|ycrh` zc&V-a>fDdt>EAMf*AA^5c=UmkKHz}o)BI^UP{#?dzYI7gUH@oKLZkP(ZKkq<<{Ucu zs%cPfKAWdt`7~_w40O;PC+abE#tT+)G+MWWH_xD&_NCa9Z-qzJsjrvx z9MxZg3d6MbBZnNvqBH$MZry_?YtJdJ@8KVggQ?A(cimNO1l0VlK?n{Gu_Ns7;RToq zIr9z-{d~aTm~Kk2z*i^~C(MFb=4as7u#N?k(BX3&x5ha(AXzZ!)^7N?@WUURxo|;r zsyD$M{`f++8cySempu>ay7X9{$rgLu5a#~hbLfUooM=73LYn}F>=QBoRMR@>rQwHx z|0$U-vM{b#o~*nrTM|rsrRKzZ;+;Oeu8Du<$ee=D;l<}vXKx*B9pm!_nx@7N{}lZ> z_z&*dm7u|GGr!Iuny(u84FOpz_yQguf)0Sgn7?G*|KZLK-_7i{}B9j2fK-hxl?agUy!8$lfbX$4=kX`S2air$B7_o>Ez zApfxQj^;1Gk)LzV9e8q1jOaWL%o!6kzMo{Y_QNC%6X0J!F#p%DBmfX$69B-dV-dD- z06<@58qA^Q{eOR-957Fmc1_r5px%7Ud*7?>Kj}vaj%8xhwQe~iZ8TZ5b8Risz%<|f zGC;qlc*uuR?TuQJSg+>fW3v5NZrrQ)8N&mi+o>Dh56}n2+OP*^9LG%?C!h?QhTUy@ zoJqJnhHKN+W4Vs&5y~(bziar~j_;k!nu9=4HCME0T)cGe-N}6irgnQ{d(+R|2QH1z z>G1D9ljAlF{oQLf-@C2@qwihEG^ta@?;1yKDdoa-mZomkZ5jt{$7Nja{g~b{j4@u_ zzw14_AH#M(`L6plEYHSo9=RVIrs^9`x9L9K`;1G|(ru>E(si!m{*7zD8`GxkWHDCb z-gV=5<9o1_##voIcRSBxe5*nJ>9(%jU)`W5j?0U8jeEmvc$2hM|Ir$mY_ERuUBl?U zVE1^hawV?e#ydH-<6D!|{31?s)s-y2x4~XFYD? zIv%g<#&`~64F7gp*Y2;T-+QMtZ|Y(8pYglN_6@J!>*Buo(e!xVW4Kqe>;B!Y`>Jmq zx*r#9$2g7a`o3XL;z15;4^6{qFvjn|P{w$V;i~KQlke4yOYcejZcIauqi#G_w{;zl zqs@4{?mzCUz30icW0-xfzjocn`+jbjAJt%LH8~ z;WPmRzZClEm7E5DBu=E0V>IAj(VzOlGq#YxOY?4c7ha{FWh0}JV_H8x7-x>&Q#g8P z8JB5u)Ac9e+KPT<=te0*a2Vprjud*hDn<{qQy*Kf9M?{%Jw?)2-T?O;g#WYkAly$hoMQSOx=lwrROfC%t}m#H$7RN+>f6{@qc~v z^(c(|a&l5_L~{fK7G0P>(J;ZZ$>$#L{p;_a1H)1&IXFQd^{h{;SJ&^SVK}ZI-*?-F z-Ondnr*$}?!5KV|*$Ek&>vb0J=L2VL%qzQRG0q&0^W2uG)GqpSOz_Bui1 zB)n;3o)+e58q5dtr1ulJod)dxyXq01ll(htq((3s#!39?iudSx!uV70J0%)#xBV%B zon7Ur=H>+2&IJ5v=y}`lCdND!u9}YFkMAeIyep5>;GYh^cQWv_@y-a|Y35{J7~_89 z`*}N@dBv${nOgTQk3YurU752HerJOJsm7eze~hsE(RhG!Uj zRv%9JB(3^%+j0NCpRcapPrC{vkPTlM1H9Wz+QtAEU{y2?w|R;( + Fields that let you store information about the debug context. + type: group + fields: + + - name: debug_data + description: > + The debug data. + type: group + fields: + + - name: device_fingerprint + type: keyword + description: > + The fingerprint of the device. + + - name: request_id + type: keyword + description: > + The identifier of the request. + + - name: request_uri + type: keyword + description: > + The request URI. + + - name: threat_suspected + type: keyword + description: > + Threat suspected. + + - name: url + type: keyword + description: > + The URL. + +- name: authentication_context + title: Authentication Context + short: Fields that let you store information about authentication context. + description: > + Fields that let you store information about authentication context. + type: group + fields: + + - name: authentication_provider + type: keyword + description: > + The information about the authentication provider. Must be one of OKTA_AUTHENTICATION_PROVIDER, ACTIVE_DIRECTORY, LDAP, FEDERATION, SOCIAL, FACTOR_PROVIDER. + + - name: authentication_step + type: integer + description: > + The authentication step. + + - name: credential_provider + type: keyword + description: > + The information about credential provider. Must be one of OKTA_CREDENTIAL_PROVIDER, RSA, SYMANTEC, GOOGLE, DUO, YUBIKEY. + + - name: credential_type + type: keyword + description: > + The information about credential type. Must be one of OTP, SMS, PASSWORD, ASSERTION, IWA, EMAIL, OAUTH2, JWT, CERTIFICATE, PRE_SHARED_SYMMETRIC_KEY, OKTA_CLIENT_SESSION, DEVICE_UDID. + + - name: issuer + description: > + The information about the issuer. + type: array + fields: + + - name: id + type: keyword + description: > + The identifier of the issuer. + + - name: type + type: keyword + description: > + The type of the issuer. + + - name: external_session_id + type: keyword + description: > + The session identifer of the external session if any. + + - name: interface + type: keyword + description: > + The interface used. e.g., Outlook, Office365, wsTrust + +- name: security_context + title: Security Context + short: Fields that let you store information about security context. + description: > + Fields that let you store information about security context. + type: group + fields: + + - name: as + type: group + description: > + The autonomous system. + fields: + + - name: number + type: integer + description: > + The AS number. + + - name: organization + type: group + description: > + The organization that owns the AS number. + fields: + + - name: name + type: keyword + description: > + The organization name. + + - name: isp + type: keyword + description: > + The Internet Service Provider. + + - name: domain + type: keyword + description: > + The domain name. + + - name: is_proxy + type: boolean + description: > + Whether it is a proxy or not. + +- name: request + title: Request + short: Fields that let you store information about the request. + description: > + Fields that let you store information about the request, in the form of list of ip_chain. + type: group + fields: + + - name: ip_chain + description: > + List of ip_chain objects. + type: group + fields: + + - name: ip + type: ip + description: > + IP address. + + - name: version + type: keyword + description: > + IP version. Must be one of V4, V6. + + - name: source + type: keyword + description: > + Source information. + + - name: geographical_context + description: > + Geographical information. + type: group + fields: + + - name: city + type: keyword + description: The city. + + - name: state + type: keyword + description: The state. + + - name: postal_code + type: keyword + description: The postal code. + + - name: country + type: keyword + description: The country. + + - name: geolocation + description: > + Geolocation information. + type: geo_point diff --git a/filebeat/module/okta/system/config/input.yml b/filebeat/module/okta/system/config/input.yml new file mode 100644 index 00000000000..3d64581b838 --- /dev/null +++ b/filebeat/module/okta/system/config/input.yml @@ -0,0 +1,35 @@ +{{ if eq .input "httpjson" }} + +type: httpjson +api_key: {{ .api_key }} +authentication_scheme: {{.authentication_scheme}} +http_client_timeout: {{ .http_client_timeout }} +http_method: {{ .http_method }} +http_headers: {{ .http_headers }} +http_request_body: {{ .http_request_body }} +no_http_body: {{ .no_http_body }} +interval: {{ .interval }} +json_objects_array: {{ .json_objects_array }} +pagination: {{ .pagination }} +rate_limit: {{ .rate_limit }} +url: {{ .url }} +ssl: {{ .ssl }} + +{{ else if eq .input "file" }} + +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] + +{{ end }} + +processors: + - script: + lang: javascript + id: okta_system_script + file: ${path.home}/module/okta/system/config/pipeline.js + params: + keep_original_message: {{ .keep_original_message }} diff --git a/filebeat/module/okta/system/config/pipeline.js b/filebeat/module/okta/system/config/pipeline.js new file mode 100644 index 00000000000..396650259c5 --- /dev/null +++ b/filebeat/module/okta/system/config/pipeline.js @@ -0,0 +1,206 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +function OktaSystem(keep_original_message) { + var processor = require("processor"); + + var decodeJson = new processor.DecodeJSONFields({ + fields: ["message"], + target: "json", + }); + + var parseTimestamp = new processor.Timestamp({ + field: "json.published", + timezone: "UTC", + layouts: ["2006-01-02T15:04:05.999Z"], + tests: ["2020-02-05T18:19:23.599Z"], + ignore_missing: true, + }); + + var saveOriginalMessage = function(evt) {}; + if (keep_original_message) { + saveOriginalMessage = new processor.Convert({ + fields: [ + {from: "message", to: "event.original"} + ], + mode: "rename" + }); + } + + var dropOriginalMessage = function(evt) { + evt.Delete("message"); + }; + + var categorizeEvent = new processor.AddFields({ + target: "event", + fields: { + category: ["authentication"], + kind: "event", + type: ["access"], + + }, + }); + + var convertFields = new processor.Convert({ + fields: [ + { from: "json.displayMessage", to: "okta.display_message" }, + { from: "json.eventType", to: "okta.event_type" }, + { from: "json.uuid", to: "okta.uuid" }, + { from: "json.actor.alternateId", to: "okta.actor.alternate_id" }, + { from: "json.actor.displayName", to: "okta.actor.display_name" }, + { from: "json.actor.id", to: "okta.actor.id" }, + { from: "json.actor.type", to: "okta.actor.type" }, + { from: "json.client.device", to: "okta.client.device" }, + { from: "json.client.geographicalContext.geolocation", to: "client.geo.location" }, + { from: "json.client.geographicalContext.city", to: "client.geo.city_name" }, + { from: "json.client.geographicalContext.state", to: "client.geo.region_name" }, + { from: "json.client.geographicalContext.country", to: "client.geo.country_name" }, + { from: "json.client.id", to: "okta.client.id" }, + { from: "json.client.ipAddress", to: "okta.client.ip" }, + { from: "json.client.userAgent.browser", to: "okta.client.user_agent.browser" }, + { from: "json.client.userAgent.os", to: "okta.client.user_agent.os" }, + { from: "json.client.userAgent.rawUserAgent", to: "okta.client.user_agent.raw_user_agent" }, + { from: "json.client.zone", to: "okta.client.zone" }, + { from: "json.outcome.reason", to: "okta.outcome.reason" }, + { from: "json.outcome.result", to: "okta.outcome.result" }, + { from: "json.target", to: "okta.target" }, + { from: "json.transaction.id", to: "okta.transaction.id" }, + { from: "json.transaction.type", to: "okta.transaction.type" }, + { from: "json.debugContext.debugData.deviceFingerprint", to: "okta.debug_context.debug_data.device_fingerprint" }, + { from: "json.debugContext.debugData.requestId", to: "okta.debug_context.debug_data.request_id" }, + { from: "json.debugContext.debugData.requestUri", to: "okta.debug_context.debug_data.request_uri" }, + { from: "json.debugContext.debugData.threatSuspected", to: "okta.debug_context.debug_data.threat_suspected" }, + { from: "json.debugContext.debugData.url", to: "okta.debug_context.debug_data.url" }, + { from: "json.authenticationContext.authenticationProvider", to: "okta.authentication_context.authentication_provider" }, + { from: "json.authenticationContext.authenticationStep", to: "okta.authentication_context.authentication_step" }, + { from: "json.authenticationContext.credentialProvider", to: "okta.authentication_context.credential_provider" }, + { from: "json.authenticationContext.credentialType", to: "okta.authentication_context.credential_type" }, + { from: "json.authenticationContext.externalSessionId", to: "okta.authentication_context.external_session_id" }, + { from: "json.authenticationContext.interface", to: "okta.authentication_context.authentication_provider" }, + { from: "json.authenticationContext.issuer", to: "okta.authentication_context.issuer" }, + { from: "json.securityContext.asNumber", to: "okta.security_context.as.number" }, + { from: "json.securityContext.asOrg", to: "okta.security_context.as.organization.name" }, + { from: "json.securityContext.domain", to: "okta.security_context.domain" }, + { from: "json.securityContext.isProxy", to: "okta.security_context.is_proxy" }, + { from: "json.securityContext.isp", to: "okta.security_context.isp" }, + ], + mode: "rename", + ignore_missing: true, + fail_on_error: false, + }); + + var copyFields = new processor.Convert({ + fields: [ + { from: "okta.client.user_agent.raw_user_agent", to: "user_agent.original" }, + { from: "okta.client.ip", to: "client.ip" }, + { from: "okta.client.ip", to: "source.ip" }, + { from: "okta.event_type", to: "event.action" }, + { from: "okta.security_context.as.number", to: "client.as.number" }, + { from: "okta.security_context.as.organization.name", to: "client.as.organization.name" }, + { from: "okta.security_context.domain", to: "client.domain" }, + { from: "okta.security_context.domain", to: "source.domain" }, + { from: "okta.uuid", to: "event.id" }, + { from: "okta.uuid", to: "_id" }, + ], + ignore_missing: true, + fail_on_error: false, + }); + + var setEventOutcome = function(evt) { + var outcome = evt.Get("okta.outcome.result") + if (outcome != null) { + var o = outcome.toLowerCase(); + if (o == "success" || o == "allow") { + evt.Put("event.outcome", "success"); + } else if (o == "failure" || o == "deny") { + evt.Put("event.outcome", "failure"); + } else { + evt.Put("event.outcome", "unknown"); + } + } + } + + // Update nested fields + var renameNestedFields = function(evt) { + var arr = evt.Get("okta.target"); + if (arr != null) { + for (var i = 0; i < arr.length; i++) { + arr[i].alternate_id = arr[i].alternateId; + arr[i].display_name = arr[i].displayName; + delete arr[i].alternateId; + delete arr[i].displayName; + delete arr[i].detailEntry; + } + } + }; + + // Set user info if actor type is User + var setUserInfo = function(evt) { + if (evt.Get("okta.actor.type") === "User") { + evt.Put("client.user.full_name", evt.Get("okta.actor.display_name")); + evt.Put("source.user.full_name", evt.Get("okta.actor.display_name")); + evt.Put("related.user", evt.Get("okta.actor.display_name")); + evt.Put("client.user.id", evt.Get("okta.actor.id")); + evt.Put("source.user.id", evt.Get("okta.actor.id")); + } + }; + + // Set related.ip field + var setRelatedIP = function(event) { + if (event.Get("source.ip") != null) { + event.AppendTo("related.ip", event.Get("source.ip")); + } + if (event.Get("destination.ip") != null) { + event.AppendTo("related.ip", event.Get("destination.ip")); + } + }; + + // Drop extra fields + var dropExtraFields = function(evt) { + evt.Delete("json"); + }; + + // Remove null fields + var dropNullFields = function(evt) { + function dropNull(obj) { + Object.keys(obj).forEach(function(key) { + (obj[key] && typeof obj[key] === 'object') && dropNull(obj[key]) || + (obj[key] === null) && delete obj[key] + }); + return obj; + }; + dropNull(evt); + }; + + var pipeline = new processor.Chain() + .Add(decodeJson) + .Add(parseTimestamp) + .Add(saveOriginalMessage) + .Add(dropOriginalMessage) + .Add(categorizeEvent) + .Add(convertFields) + .Add(copyFields) + .Add(setEventOutcome) + .Add(renameNestedFields) + .Add(setUserInfo) + .Add(setRelatedIP) + .Add(dropExtraFields) + .Add(dropNullFields) + .Build(); + + return { + process: pipeline.Run, + }; +}; + +var oktaSystem; + +// Register params from configuration. +function register(params) { + oktaSystem = new OktaSystem(params.keep_original_message); +} + +function process(evt) { + return oktaSystem.process(evt); +} diff --git a/filebeat/module/okta/system/ingest/pipeline.yml b/filebeat/module/okta/system/ingest/pipeline.yml new file mode 100644 index 00000000000..78f6fa37047 --- /dev/null +++ b/filebeat/module/okta/system/ingest/pipeline.yml @@ -0,0 +1,51 @@ +description: Pipeline for Okta system logs. + +processors: + - user_agent: + field: user_agent.original + ignore_missing: true + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + field: destination.ip + target_field: source.geo + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/okta/system/manifest.yml b/filebeat/module/okta/system/manifest.yml new file mode 100644 index 00000000000..639a4c95c80 --- /dev/null +++ b/filebeat/module/okta/system/manifest.yml @@ -0,0 +1,55 @@ +module_version: "1.0" + +var: + - name: input + default: httpjson + - name: api_key + default: "" + - name: authentication_scheme + default: "SSWS" + - name: http_client_timeout + default: 60 + - name: http_method + default: GET + - name: http_headers + default: |- + {} + - name: http_request_body + default: |- + {} + - name: no_http_body + default: true + - name: interval + default: 60 + - name: json_objects_array + default: "" + - name: keep_original_message + default: true + - name: pagination + default: |- + { + "enabled": true, + "header": { + "field_name": "Link", + "regex_pattern": "<([^>]+)>; *rel=\"next\"(?:,|$)" + }, + } + - name: rate_limit + default: |- + { + "limit": "X-Rate-Limit-Limit", + "remaining": "X-Rate-Limit-Remaining", + "reset": "X-Rate-Limit-Reset" + } + - name: url + default: "" + - name: ssl + default: |- + {} + +input: config/input.yml +ingest_pipeline: ingest/pipeline.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/filebeat/module/okta/system/test/okta-system-test.json.log b/filebeat/module/okta/system/test/okta-system-test.json.log new file mode 100644 index 00000000000..a2644a7d3be --- /dev/null +++ b/filebeat/module/okta/system/test/okta-system-test.json.log @@ -0,0 +1,3 @@ +{"actor":{"alternateId":"xxxxxx@elastic.co","detailEntry":null,"displayName":"xxxxxx","id":"00u1abvz4pYqdM8ms4x6","type":"User"},"authenticationContext":{"authenticationProvider":null,"authenticationStep":0,"credentialProvider":null,"credentialType":null,"externalSessionId":"102nZHzd6OHSfGG51vsoc22gw","interface":null,"issuer":null},"client":{"device":"Computer","geographicalContext":{"city":"Dublin","country":"United States","geolocation":{"lat":37.7201,"lon":-121.919},"postalCode":"94568","state":"California"},"id":null,"ipAddress":"108.255.197.247","userAgent":{"browser":"FIREFOX","os":"Mac OS X","rawUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0"},"zone":"null"},"debugContext":{"debugData":{"authnRequestId":"XkcAsWb8WjwDP76xh@1v8wAABp0","requestId":"XkccyyMli2Uay2I93ZgRzQAAB0c","requestUri":"/login/signout","threatSuspected":"false","url":"/login/signout?message=login_page_messages.session_has_expired"}},"displayMessage":"User logout from Okta","eventType":"user.session.end","legacyEventType":"core.user_auth.logout_success","outcome":{"reason":null,"result":"SUCCESS"},"published":"2020-02-14T22:18:51.843Z","request":{"ipChain":[{"geographicalContext":{"city":"Dublin","country":"United States","geolocation":{"lat":37.7201,"lon":-121.919},"postalCode":"94568","state":"California"},"ip":"108.255.197.247","source":null,"version":"V4"}]},"securityContext":{"asNumber":null,"asOrg":null,"domain":null,"isProxy":null,"isp":null},"severity":"INFO","target":null,"transaction":{"detail":{},"id":"XkccyyMli2Uay2I93ZgRzQAAB0c","type":"WEB"},"uuid":"faf7398a-4f77-11ea-97fb-5925e98228bd","version":"0"} +{"actor":{"alternateId":"xxxxxx@elastic.co","detailEntry":null,"displayName":"xxxxxx","id":"00u1abvz4pYqdM8ms4x6","type":"User"},"authenticationContext":{"authenticationProvider":null,"authenticationStep":0,"credentialProvider":null,"credentialType":null,"externalSessionId":"102bZDNFfWaQSyEZQuDgWt-uQ","interface":null,"issuer":null},"client":{"device":"Computer","geographicalContext":{"city":"Dublin","country":"United States","geolocation":{"lat":37.7201,"lon":-121.919},"postalCode":"94568","state":"California"},"id":null,"ipAddress":"108.255.197.247","userAgent":{"browser":"FIREFOX","os":"Mac OS X","rawUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0"},"zone":"null"},"debugContext":{"debugData":{"deviceFingerprint":"541daf91d15bef64a7e08c946fd9a9d0","requestId":"XkcAsWb8WjwDP76xh@1v8wAABp0","requestUri":"/api/v1/authn","threatSuspected":"false","url":"/api/v1/authn?"}},"displayMessage":"User login to Okta","eventType":"user.session.start","legacyEventType":"core.user_auth.login_success","outcome":{"reason":null,"result":"SUCCESS"},"published":"2020-02-14T20:18:57.718Z","request":{"ipChain":[{"geographicalContext":{"city":"Dublin","country":"United States","geolocation":{"lat":37.7201,"lon":-121.919},"postalCode":"94568","state":"California"},"ip":"108.255.197.247","source":null,"version":"V4"}]},"securityContext":{"asNumber":null,"asOrg":null,"domain":null,"isProxy":null,"isp":null},"severity":"INFO","target":null,"transaction":{"detail":{},"id":"XkcAsWb8WjwDP76xh@1v8wAABp0","type":"WEB"},"uuid":"3aeede38-4f67-11ea-abd3-1f5d113f2546","version":"0"} +{"actor":{"alternateId":"xxxxxx@elastic.co","detailEntry":null,"displayName":"xxxxxx","id":"00u1abvz4pYqdM8ms4x6","type":"User"},"authenticationContext":{"authenticationProvider":null,"authenticationStep":0,"credentialProvider":null,"credentialType":null,"externalSessionId":"102bZDNFfWaQSyEZQuDgWt-uQ","interface":null,"issuer":null},"client":{"device":"Computer","geographicalContext":{"city":"Dublin","country":"United States","geolocation":{"lat":37.7201,"lon":-121.919},"postalCode":"94568","state":"California"},"id":null,"ipAddress":"108.255.197.247","userAgent":{"browser":"FIREFOX","os":"Mac OS X","rawUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0"},"zone":"null"},"debugContext":{"debugData":{"deviceFingerprint":"541daf91d15bef64a7e08c946fd9a9d0","requestId":"XkcAsWb8WjwDP76xh@1v8wAABp0","requestUri":"/api/v1/authn","threatSuspected":"false","url":"/api/v1/authn?"}},"displayMessage":"Evaluation of sign-on policy","eventType":"policy.evaluate_sign_on","legacyEventType":null,"outcome":{"reason":"Sign-on policy evaluation resulted in ALLOW","result":"ALLOW"},"published":"2020-02-14T20:18:57.762Z","request":{"ipChain":[{"geographicalContext":{"city":"Dublin","country":"United States","geolocation":{"lat":37.7201,"lon":-121.919},"postalCode":"94568","state":"California"},"ip":"108.255.197.247","source":null,"version":"V4"}]},"securityContext":{"asNumber":null,"asOrg":null,"domain":null,"isProxy":null,"isp":null},"severity":"INFO","target":[{"alternateId":"unknown","detailEntry":{"policyType":"OktaSignOn"},"displayName":"Default Policy","id":"00p1abvweGGDW10Ur4x6","type":"PolicyEntity"},{"alternateId":"00p1abvweGGDW10Ur4x6","detailEntry":null,"displayName":"Default Rule","id":"0pr1abvwfqGFI4n064x6","type":"PolicyRule"}],"transaction":{"detail":{},"id":"XkcAsWb8WjwDP76xh@1v8wAABp0","type":"WEB"},"uuid":"3af594f9-4f67-11ea-abd3-1f5d113f2546","version":"0"} diff --git a/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json b/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json new file mode 100644 index 00000000000..5406413e333 --- /dev/null +++ b/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json @@ -0,0 +1,232 @@ +[ + { + "@timestamp": "2020-02-14T22:18:51.843Z", + "client.geo.city_name": "Dublin", + "client.geo.country_name": "United States", + "client.geo.location.lat": 37.7201, + "client.geo.location.lon": -121.919, + "client.geo.region_name": "California", + "client.ip": "108.255.197.247", + "client.user.full_name": "xxxxxx", + "client.user.id": "00u1abvz4pYqdM8ms4x6", + "event.action": "user.session.end", + "event.category": [ + "authentication" + ], + "event.dataset": "okta.system", + "event.id": "faf7398a-4f77-11ea-97fb-5925e98228bd", + "event.kind": "event", + "event.module": "okta", + "event.original": "{\"actor\":{\"alternateId\":\"xxxxxx@elastic.co\",\"detailEntry\":null,\"displayName\":\"xxxxxx\",\"id\":\"00u1abvz4pYqdM8ms4x6\",\"type\":\"User\"},\"authenticationContext\":{\"authenticationProvider\":null,\"authenticationStep\":0,\"credentialProvider\":null,\"credentialType\":null,\"externalSessionId\":\"102nZHzd6OHSfGG51vsoc22gw\",\"interface\":null,\"issuer\":null},\"client\":{\"device\":\"Computer\",\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"id\":null,\"ipAddress\":\"108.255.197.247\",\"userAgent\":{\"browser\":\"FIREFOX\",\"os\":\"Mac OS X\",\"rawUserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0\"},\"zone\":\"null\"},\"debugContext\":{\"debugData\":{\"authnRequestId\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"requestId\":\"XkccyyMli2Uay2I93ZgRzQAAB0c\",\"requestUri\":\"/login/signout\",\"threatSuspected\":\"false\",\"url\":\"/login/signout?message=login_page_messages.session_has_expired\"}},\"displayMessage\":\"User logout from Okta\",\"eventType\":\"user.session.end\",\"legacyEventType\":\"core.user_auth.logout_success\",\"outcome\":{\"reason\":null,\"result\":\"SUCCESS\"},\"published\":\"2020-02-14T22:18:51.843Z\",\"request\":{\"ipChain\":[{\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"ip\":\"108.255.197.247\",\"source\":null,\"version\":\"V4\"}]},\"securityContext\":{\"asNumber\":null,\"asOrg\":null,\"domain\":null,\"isProxy\":null,\"isp\":null},\"severity\":\"INFO\",\"target\":null,\"transaction\":{\"detail\":{},\"id\":\"XkccyyMli2Uay2I93ZgRzQAAB0c\",\"type\":\"WEB\"},\"uuid\":\"faf7398a-4f77-11ea-97fb-5925e98228bd\",\"version\":\"0\"}", + "event.outcome": "success", + "event.type": [ + "access" + ], + "fileset.name": "system", + "input.type": "log", + "log.offset": 0, + "okta.actor.alternate_id": "xxxxxx@elastic.co", + "okta.actor.display_name": "xxxxxx", + "okta.actor.id": "00u1abvz4pYqdM8ms4x6", + "okta.actor.type": "User", + "okta.authentication_context.authentication_step": 0, + "okta.authentication_context.external_session_id": "102nZHzd6OHSfGG51vsoc22gw", + "okta.client.device": "Computer", + "okta.client.ip": "108.255.197.247", + "okta.client.user_agent.browser": "FIREFOX", + "okta.client.user_agent.os": "Mac OS X", + "okta.client.user_agent.raw_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0", + "okta.client.zone": "null", + "okta.debug_context.debug_data.request_id": "XkccyyMli2Uay2I93ZgRzQAAB0c", + "okta.debug_context.debug_data.request_uri": "/login/signout", + "okta.debug_context.debug_data.threat_suspected": "false", + "okta.debug_context.debug_data.url": "/login/signout?message=login_page_messages.session_has_expired", + "okta.display_message": "User logout from Okta", + "okta.event_type": "user.session.end", + "okta.outcome.result": "SUCCESS", + "okta.transaction.id": "XkccyyMli2Uay2I93ZgRzQAAB0c", + "okta.transaction.type": "WEB", + "okta.uuid": "faf7398a-4f77-11ea-97fb-5925e98228bd", + "related.ip": "108.255.197.247", + "related.user": "xxxxxx", + "service.type": "okta", + "source.as.number": 7018, + "source.as.organization.name": "AT&T Services, Inc.", + "source.geo.city_name": "Dublin", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.7201, + "source.geo.location.lon": -121.919, + "source.geo.region_iso_code": "US-CA", + "source.geo.region_name": "California", + "source.ip": "108.255.197.247", + "source.user.full_name": "xxxxxx", + "source.user.id": "00u1abvz4pYqdM8ms4x6", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.15", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.15", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-14T20:18:57.718Z", + "client.geo.city_name": "Dublin", + "client.geo.country_name": "United States", + "client.geo.location.lat": 37.7201, + "client.geo.location.lon": -121.919, + "client.geo.region_name": "California", + "client.ip": "108.255.197.247", + "client.user.full_name": "xxxxxx", + "client.user.id": "00u1abvz4pYqdM8ms4x6", + "event.action": "user.session.start", + "event.category": [ + "authentication" + ], + "event.dataset": "okta.system", + "event.id": "3aeede38-4f67-11ea-abd3-1f5d113f2546", + "event.kind": "event", + "event.module": "okta", + "event.original": "{\"actor\":{\"alternateId\":\"xxxxxx@elastic.co\",\"detailEntry\":null,\"displayName\":\"xxxxxx\",\"id\":\"00u1abvz4pYqdM8ms4x6\",\"type\":\"User\"},\"authenticationContext\":{\"authenticationProvider\":null,\"authenticationStep\":0,\"credentialProvider\":null,\"credentialType\":null,\"externalSessionId\":\"102bZDNFfWaQSyEZQuDgWt-uQ\",\"interface\":null,\"issuer\":null},\"client\":{\"device\":\"Computer\",\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"id\":null,\"ipAddress\":\"108.255.197.247\",\"userAgent\":{\"browser\":\"FIREFOX\",\"os\":\"Mac OS X\",\"rawUserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0\"},\"zone\":\"null\"},\"debugContext\":{\"debugData\":{\"deviceFingerprint\":\"541daf91d15bef64a7e08c946fd9a9d0\",\"requestId\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"requestUri\":\"/api/v1/authn\",\"threatSuspected\":\"false\",\"url\":\"/api/v1/authn?\"}},\"displayMessage\":\"User login to Okta\",\"eventType\":\"user.session.start\",\"legacyEventType\":\"core.user_auth.login_success\",\"outcome\":{\"reason\":null,\"result\":\"SUCCESS\"},\"published\":\"2020-02-14T20:18:57.718Z\",\"request\":{\"ipChain\":[{\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"ip\":\"108.255.197.247\",\"source\":null,\"version\":\"V4\"}]},\"securityContext\":{\"asNumber\":null,\"asOrg\":null,\"domain\":null,\"isProxy\":null,\"isp\":null},\"severity\":\"INFO\",\"target\":null,\"transaction\":{\"detail\":{},\"id\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"type\":\"WEB\"},\"uuid\":\"3aeede38-4f67-11ea-abd3-1f5d113f2546\",\"version\":\"0\"}", + "event.outcome": "success", + "event.type": [ + "access" + ], + "fileset.name": "system", + "input.type": "log", + "log.offset": 1665, + "okta.actor.alternate_id": "xxxxxx@elastic.co", + "okta.actor.display_name": "xxxxxx", + "okta.actor.id": "00u1abvz4pYqdM8ms4x6", + "okta.actor.type": "User", + "okta.authentication_context.authentication_step": 0, + "okta.authentication_context.external_session_id": "102bZDNFfWaQSyEZQuDgWt-uQ", + "okta.client.device": "Computer", + "okta.client.ip": "108.255.197.247", + "okta.client.user_agent.browser": "FIREFOX", + "okta.client.user_agent.os": "Mac OS X", + "okta.client.user_agent.raw_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0", + "okta.client.zone": "null", + "okta.debug_context.debug_data.device_fingerprint": "541daf91d15bef64a7e08c946fd9a9d0", + "okta.debug_context.debug_data.request_id": "XkcAsWb8WjwDP76xh@1v8wAABp0", + "okta.debug_context.debug_data.request_uri": "/api/v1/authn", + "okta.debug_context.debug_data.threat_suspected": "false", + "okta.debug_context.debug_data.url": "/api/v1/authn?", + "okta.display_message": "User login to Okta", + "okta.event_type": "user.session.start", + "okta.outcome.result": "SUCCESS", + "okta.transaction.id": "XkcAsWb8WjwDP76xh@1v8wAABp0", + "okta.transaction.type": "WEB", + "okta.uuid": "3aeede38-4f67-11ea-abd3-1f5d113f2546", + "related.ip": "108.255.197.247", + "related.user": "xxxxxx", + "service.type": "okta", + "source.as.number": 7018, + "source.as.organization.name": "AT&T Services, Inc.", + "source.geo.city_name": "Dublin", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.7201, + "source.geo.location.lon": -121.919, + "source.geo.region_iso_code": "US-CA", + "source.geo.region_name": "California", + "source.ip": "108.255.197.247", + "source.user.full_name": "xxxxxx", + "source.user.id": "00u1abvz4pYqdM8ms4x6", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.15", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.15", + "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-14T20:18:57.762Z", + "client.geo.city_name": "Dublin", + "client.geo.country_name": "United States", + "client.geo.location.lat": 37.7201, + "client.geo.location.lon": -121.919, + "client.geo.region_name": "California", + "client.ip": "108.255.197.247", + "client.user.full_name": "xxxxxx", + "client.user.id": "00u1abvz4pYqdM8ms4x6", + "event.action": "policy.evaluate_sign_on", + "event.category": [ + "authentication" + ], + "event.dataset": "okta.system", + "event.id": "3af594f9-4f67-11ea-abd3-1f5d113f2546", + "event.kind": "event", + "event.module": "okta", + "event.original": "{\"actor\":{\"alternateId\":\"xxxxxx@elastic.co\",\"detailEntry\":null,\"displayName\":\"xxxxxx\",\"id\":\"00u1abvz4pYqdM8ms4x6\",\"type\":\"User\"},\"authenticationContext\":{\"authenticationProvider\":null,\"authenticationStep\":0,\"credentialProvider\":null,\"credentialType\":null,\"externalSessionId\":\"102bZDNFfWaQSyEZQuDgWt-uQ\",\"interface\":null,\"issuer\":null},\"client\":{\"device\":\"Computer\",\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"id\":null,\"ipAddress\":\"108.255.197.247\",\"userAgent\":{\"browser\":\"FIREFOX\",\"os\":\"Mac OS X\",\"rawUserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0\"},\"zone\":\"null\"},\"debugContext\":{\"debugData\":{\"deviceFingerprint\":\"541daf91d15bef64a7e08c946fd9a9d0\",\"requestId\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"requestUri\":\"/api/v1/authn\",\"threatSuspected\":\"false\",\"url\":\"/api/v1/authn?\"}},\"displayMessage\":\"Evaluation of sign-on policy\",\"eventType\":\"policy.evaluate_sign_on\",\"legacyEventType\":null,\"outcome\":{\"reason\":\"Sign-on policy evaluation resulted in ALLOW\",\"result\":\"ALLOW\"},\"published\":\"2020-02-14T20:18:57.762Z\",\"request\":{\"ipChain\":[{\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"ip\":\"108.255.197.247\",\"source\":null,\"version\":\"V4\"}]},\"securityContext\":{\"asNumber\":null,\"asOrg\":null,\"domain\":null,\"isProxy\":null,\"isp\":null},\"severity\":\"INFO\",\"target\":[{\"alternateId\":\"unknown\",\"detailEntry\":{\"policyType\":\"OktaSignOn\"},\"displayName\":\"Default Policy\",\"id\":\"00p1abvweGGDW10Ur4x6\",\"type\":\"PolicyEntity\"},{\"alternateId\":\"00p1abvweGGDW10Ur4x6\",\"detailEntry\":null,\"displayName\":\"Default Rule\",\"id\":\"0pr1abvwfqGFI4n064x6\",\"type\":\"PolicyRule\"}],\"transaction\":{\"detail\":{},\"id\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"type\":\"WEB\"},\"uuid\":\"3af594f9-4f67-11ea-abd3-1f5d113f2546\",\"version\":\"0\"}", + "event.outcome": "success", + "event.type": [ + "access" + ], + "fileset.name": "system", + "input.type": "log", + "log.offset": 3287, + "okta.actor.alternate_id": "xxxxxx@elastic.co", + "okta.actor.display_name": "xxxxxx", + "okta.actor.id": "00u1abvz4pYqdM8ms4x6", + "okta.actor.type": "User", + "okta.authentication_context.authentication_step": 0, + "okta.authentication_context.external_session_id": "102bZDNFfWaQSyEZQuDgWt-uQ", + "okta.client.device": "Computer", + "okta.client.ip": "108.255.197.247", + "okta.client.user_agent.browser": "FIREFOX", + "okta.client.user_agent.os": "Mac OS X", + "okta.client.user_agent.raw_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0", + "okta.client.zone": "null", + "okta.debug_context.debug_data.device_fingerprint": "541daf91d15bef64a7e08c946fd9a9d0", + "okta.debug_context.debug_data.request_id": "XkcAsWb8WjwDP76xh@1v8wAABp0", + "okta.debug_context.debug_data.request_uri": "/api/v1/authn", + "okta.debug_context.debug_data.threat_suspected": "false", + "okta.debug_context.debug_data.url": "/api/v1/authn?", + "okta.display_message": "Evaluation of sign-on policy", + "okta.event_type": "policy.evaluate_sign_on", + "okta.outcome.reason": "Sign-on policy evaluation resulted in ALLOW", + "okta.outcome.result": "ALLOW", + "okta.target": [ + { + "alternate_id": "unknown", + "display_name": "Default Policy", + "id": "00p1abvweGGDW10Ur4x6", + "type": "PolicyEntity" + }, + { + "alternate_id": "00p1abvweGGDW10Ur4x6", + "display_name": "Default Rule", + "id": "0pr1abvwfqGFI4n064x6", + "type": "PolicyRule" + } + ], + "okta.transaction.id": "XkcAsWb8WjwDP76xh@1v8wAABp0", + "okta.transaction.type": "WEB", + "okta.uuid": "3af594f9-4f67-11ea-abd3-1f5d113f2546", + "related.ip": "108.255.197.247", + "related.user": "xxxxxx", + "service.type": "okta", + "source.as.number": 7018, + "source.as.organization.name": "AT&T Services, Inc.", + "source.geo.city_name": "Dublin", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.7201, + "source.geo.location.lon": -121.919, + "source.geo.region_iso_code": "US-CA", + "source.geo.region_name": "California", + "source.ip": "108.255.197.247", + "source.user.full_name": "xxxxxx", + "source.user.id": "00u1abvz4pYqdM8ms4x6", + "user_agent.device.name": "Other", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.15", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.15", + "user_agent.version": "72.0." + } +] \ No newline at end of file diff --git a/filebeat/module/panw/README.md b/filebeat/module/panw/README.md new file mode 100644 index 00000000000..0a61fcdd806 --- /dev/null +++ b/filebeat/module/panw/README.md @@ -0,0 +1,2 @@ +# Palo Alto Networks module + diff --git a/filebeat/module/panw/_meta/config.yml b/filebeat/module/panw/_meta/config.yml new file mode 100644 index 00000000000..41c54c3700c --- /dev/null +++ b/filebeat/module/panw/_meta/config.yml @@ -0,0 +1,10 @@ +- module: panw + panos: + enabled: true + + # Set which input to use between syslog (default) or file. + #var.input: + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: diff --git a/filebeat/module/panw/_meta/docs.asciidoc b/filebeat/module/panw/_meta/docs.asciidoc new file mode 100644 index 00000000000..2a7f045e82a --- /dev/null +++ b/filebeat/module/panw/_meta/docs.asciidoc @@ -0,0 +1,179 @@ +[role="xpack"] + +:modulename: panw +:has-dashboards: true + +== Palo Alto Networks module + +This is a module for Palo Alto Networks PAN-OS firewall monitoring logs received +over Syslog or read from a file. It currently supports messages of Traffic and +Threat types. + +include::../include/gs-link.asciidoc[] + +[float] +=== Compatibility + +This module has been tested with logs generated by devices running PAN-OS +versions 7.1 to 9.0 but limited compatibility is expected for earlier versions. + +The {plugins}/ingest-geoip.html[ingest-geoip] +Elasticsearch plugin is required to run this module. + +include::../include/configuring-intro.asciidoc[] + +The module is by default configured to run via syslog on port 9001. However +it can also be configured to read logs from a file. See the following example. + +["source","yaml",subs="attributes"] +----- +- module: panw + panos: + enabled: true + var.paths: ["/var/log/pan-os.log"] + var.input: "file" +----- + +:fileset_ex: panos + +include::../include/config-option-intro.asciidoc[] + +[float] +==== `panos` fileset settings + +Example config: + +[source,yaml] +---- + panos: + var.syslog_host: 0.0.0.0 + var.syslog_port: 514 +---- + +include::../include/var-paths.asciidoc[] + +*`var.syslog_host`*:: + +The interface to listen to UDP based syslog traffic. Defaults to `localhost`. +Set to `0.0.0.0` to bind to all available interfaces. + +*`var.syslog_port`*:: + +The UDP port to listen for syslog traffic. Defaults to `9001` + +NOTE: Ports below 1024 require {beatname_uc} to run as root. + +include::../include/timezone-support.asciidoc[] + +[float] +=== ECS field mappings + +These are the PAN-OS to ECS field mappings as well as those fields still not +in ECS that are added under the `panw.panos` prefix: + +.Traffic log mappings +[options="header"] +|============== +| PAN-OS Field | ECS Field | Non-standard field +| Receive Time | event.created | +| Serial Number | observer.serial_number | +| Type | event.category | +| Subtype | event.action | +| Generated Time | `@timestamp` | +| Source IP | client.ip source.ip | +| Destination IP | server.ip destination.ip | +| NAT Source IP | | panw.panos.source.nat.ip +| NAT Destination IP | | panw.panos.destination.nat.ip +| Rule Name | | panw.panos.ruleset +| Source User | client.user.name source.user.name | +| Destination User | server.user.name destination.user.name | +| Application | network.application | +| Source Zone | | panw.panos.source.zone +| Destination Zone | | panw.panos.destination.zone +| Ingress Interface | | panw.panos.source.interface +| Egress Interface | | panw.panos.destination.interface +| Session ID | | panw.panos.flow_id +| Source Port | client.port source.port | +| Destination Port | destination.port server.port | +| NAT Source Port | | panw.panos.source.nat.port +| NAT Destination Port | | panw.panos.destination.nat.port +| Flags | labels | +| Protocol | network.transport | +| Action | event.outcome | +| Bytes | network.bytes | +| Bytes Sent | client.bytes destination.bytes | +| Bytes Received | server.bytes source.bytes | +| Packets | network.packets | +| Start Time | event.start | +| Elapsed Time | event.duration | +| Category | | panw.panos.url.category +| Sequence Number | | panw.panos.sequence_number +| Packets Sent | server.packets destination.packets | +| Packets Received | client.packets source.packets | +| Device Name | observer.hostname | +|============== + +.Threat logs mappings +[options="header"] +|============== +| PAN-OS Field | ECS Field | Non-standard field +| Receive Time | event.created | +| Serial Number | observer.serial_number | +| Type | event.category | +| Subtype | event.action | +| Generated Time | `@timestamp` | +| Source IP | client.ip source.ip | +| Destination IP | server.ip destination.ip | +| NAT Source IP | | panw.panos.source.nat.ip +| NAT Destination IP | | panw.panos.destination.nat.ip +| Rule Name | | panw.panos.ruleset +| Source User | client.user.name source.user.name | +| Destination User | server.user.name destination.user.name | +| Application | network.application | +| Source Zone | | panw.panos.source.zone +| Destination Zone | | panw.panos.destination.zone +| Ingress Interface | | panw.panos.source.interface +| Egress Interface | | panw.panos.destination.interface +| Session ID | | panw.panos.flow_id +| Source Port | client.port source.port | +| Destination Port | destination.port server.port | +| NAT Source Port | | panw.panos.source.nat.port +| NAT Destination Port | | panw.panos.destination.nat.port +| Flags | labels | +| Protocol | network.transport | +| Action | event.outcome | +| Miscellaneous | url.original | panw.panos.threat.resource +| Threat ID | | panw.panos.threat.id +| Category | | panw.panos.url.category +| Severity | log.level | +| Direction | network.direction | +| Source Location | source.geo.name | +| Destination Location | destination.geo.name | +| PCAP_id | | panw.panos.network.pcap_id +| Filedigest | | panw.panos.file.hash +| User Agent | user_agent.original | +| File Type | file.type | +| X-Forwarded-For | network.forwarded_ip | +| Referer | http.request.referer | +| Sender | source.user.email | +| Subject | | panw.panos.subject +| Recipient | destination.user.email | +| Device Name | observer.hostname | +|============== + +[float] +=== Example dashboard + +This module comes with two sample dashboards: + +[role="screenshot"] +image::./images/filebeat-panw-traffic.png[] + +[role="screenshot"] +image::./images/filebeat-panw-threat.png[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/panw/_meta/fields.yml b/filebeat/module/panw/_meta/fields.yml new file mode 100644 index 00000000000..6cd468b1015 --- /dev/null +++ b/filebeat/module/panw/_meta/fields.yml @@ -0,0 +1,10 @@ +- key: panw + title: panw + description: > + Module for Palo Alto Networks (PAN-OS) + fields: + - name: panw + type: group + description: > + Fields from the panw module. + fields: diff --git a/filebeat/module/panw/_meta/kibana/7/dashboard/Filebeat-panw-network-overview.json b/filebeat/module/panw/_meta/kibana/7/dashboard/Filebeat-panw-network-overview.json new file mode 100644 index 00000000000..7dd3fd7f17e --- /dev/null +++ b/filebeat/module/panw/_meta/kibana/7/dashboard/Filebeat-panw-network-overview.json @@ -0,0 +1,1107 @@ +{ + "objects": [ + { + "attributes": { + "description": "Palo Alto Networks PAN-OS Networks Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "1", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.1.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "2", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.1.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.1.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "4", + "w": 12, + "x": 24, + "y": 15 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.1.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "5", + "w": 12, + "x": 36, + "y": 15 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.1.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "6", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "7.1.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "7", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "version": "7.1.0" + } + ], + "timeRestore": false, + "title": "[Filebeat PANW] Network Flows ECS", + "version": 1 + }, + "id": "e40ba240-7572-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "dashboard": "7.0.0" + }, + "references": [ + { + "id": "091fe860-756a-11e9-976e-65a8f47cc4c1", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "87f30f60-7569-11e9-976e-65a8f47cc4c1", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "78e7e820-756d-11e9-976e-65a8f47cc4c1", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "d9cab170-756f-11e9-976e-65a8f47cc4c1", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "135930b0-7570-11e9-976e-65a8f47cc4c1", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "e46331c0-756a-11e9-976e-65a8f47cc4c1", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "0407a3e0-756f-11e9-976e-65a8f47cc4c1", + "name": "panel_6", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2019-05-13T11:33:12.420Z", + "version": "WzI0NSwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Destination Flows Map [Filebeat PANW] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "destination.geo.location", + "isFilteredByCollar": true, + "mapCenter": [ + 0, + 0 + ], + "mapZoom": 2, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "colorSchema": "Yellow to Red", + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + } + } + }, + "title": "Destination Flows Map [Filebeat PANW] ECS", + "type": "tile_map" + } + }, + "id": "091fe860-756a-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T10:29:49.158Z", + "version": "WzIzOCwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Source Flows Map [Filebeat PANW] ECS", + "uiStateJSON": { + "mapCenter": [ + -0.17578097424708533, + 0.17578125 + ], + "mapZoom": 1 + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "source.geo.location", + "isFilteredByCollar": true, + "mapCenter": [ + 0, + 0 + ], + "mapZoom": 2, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "colorSchema": "Yellow to Red", + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + } + } + }, + "title": "Source Flows Map [Filebeat PANW] ECS", + "type": "tile_map" + } + }, + "id": "87f30f60-7569-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T10:26:12.438Z", + "version": "WzIzNywxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": true, + "params": { + "query": "flow_terminated" + }, + "type": "phrase", + "value": "flow_terminated" + }, + "query": { + "match": { + "event.action": { + "query": "flow_terminated", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Flow Creation Histogram [Filebeat PANW] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "2018-04-10T04:36:19.586Z", + "to": "2018-04-10T04:39:56.264Z" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Flow Creation Histogram [Filebeat PANW] ECS", + "type": "histogram" + } + }, + "id": "78e7e820-756d-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T10:54:25.186Z", + "version": "WzI0MCwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": true, + "params": { + "query": "flow_started" + }, + "type": "phrase", + "value": "flow_started" + }, + "query": { + "match": { + "event.action": { + "query": "flow_started", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Source Zone breakout [Filebeat PANW] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "panw.panos.source.zone", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Source Zone breakout [Filebeat PANW] ECS", + "type": "horizontal_bar" + } + }, + "id": "d9cab170-756f-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T11:12:26.462Z", + "version": "WzI0MywxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": true, + "params": { + "query": "flow_started" + }, + "type": "phrase", + "value": "flow_started" + }, + "query": { + "match": { + "event.action": { + "query": "flow_started", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Destination Zone breakout [Filebeat PANW] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "panw.panos.destination.zone", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Destination Zone breakout [Filebeat PANW] ECS", + "type": "horizontal_bar" + } + }, + "id": "135930b0-7570-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T11:13:03.291Z", + "version": "WzI0NCwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Event Outcome by Transport and Destination Port [Filebeat PANW] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Event Outcome by Transport and Destination Port [Filebeat PANW] ECS", + "type": "pie" + } + }, + "id": "e46331c0-756a-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T10:35:57.020Z", + "version": "WzIzOSwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Network Application breakout [Filebeat PANW] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "network.application", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Network Application breakout [Filebeat PANW] ECS", + "type": "pie" + } + }, + "id": "0407a3e0-756f-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T11:05:28.094Z", + "version": "WzI0MSwxXQ==" + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "panw.panos:* and event.category: \"network_traffic\"" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "PAN-OS Flows [Filebeat PANW] ECS", + "version": 1 + }, + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "search": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2019-05-13T10:23:33.182Z", + "version": "WzIzNSwxXQ==" + } + ], + "version": "7.1.0" +} diff --git a/filebeat/module/panw/_meta/kibana/7/dashboard/Filebeat-panw-threat-overview.json b/filebeat/module/panw/_meta/kibana/7/dashboard/Filebeat-panw-threat-overview.json new file mode 100644 index 00000000000..c33b9e51027 --- /dev/null +++ b/filebeat/module/panw/_meta/kibana/7/dashboard/Filebeat-panw-threat-overview.json @@ -0,0 +1,796 @@ +{ + "objects": [ + { + "attributes": { + "description": "Palo Alto Networks PAN-OS Threats Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "1", + "w": 31, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Threat outcome histogram", + "version": "7.1.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "2", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Top threats by name", + "version": "7.1.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Top threats by resource", + "version": "7.1.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "4", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "Top attackers (clients)", + "version": "7.1.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "5", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "Top attackers (servers)", + "version": "7.1.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": true + } + }, + "gridData": { + "h": 15, + "i": "6", + "w": 17, + "x": 31, + "y": 0 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "title": "Outcome by threat type", + "version": "7.1.0" + } + ], + "timeRestore": false, + "title": "[Filebeat PANW] Threats Overview ECS", + "version": 1 + }, + "id": "772964e0-7591-11e9-aacf-79a3704914a0", + "migrationVersion": { + "dashboard": "7.0.0" + }, + "references": [ + { + "id": "0bd2a0c0-7574-11e9-976e-65a8f47cc4c1", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "3eca1070-7589-11e9-aacf-79a3704914a0", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "5bd32b20-7575-11e9-976e-65a8f47cc4c1", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "90ce3300-758a-11e9-aacf-79a3704914a0", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "a95aaf20-758a-11e9-aacf-79a3704914a0", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "6dce7930-758c-11e9-aacf-79a3704914a0", + "name": "panel_5", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2019-05-13T15:12:04.141Z", + "version": "WzI1NiwyXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Threat outcome histogram [Filebeat PANW] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "2018-04-10T04:36:19.586Z", + "to": "2018-04-10T04:39:56.264Z" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Threat outcome histogram [Filebeat PANW] ECS", + "type": "histogram" + } + }, + "id": "0bd2a0c0-7574-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T11:41:28.652Z", + "version": "WzI0NiwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Threat ID Cloud [Filebeat PANW] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "panw.panos.threat.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear", + "showLabel": true + }, + "title": "Threat ID Cloud [Filebeat PANW] ECS", + "type": "tagcloud" + } + }, + "id": "3eca1070-7589-11e9-aacf-79a3704914a0", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T15:06:36.839Z", + "version": "WzI1NSwyXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Threat Resource Cloud [Filebeat PANW] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "url.original", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear", + "showLabel": true + }, + "title": "Threat Resource Cloud [Filebeat PANW] ECS", + "type": "tagcloud" + } + }, + "id": "5bd32b20-7575-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T11:50:52.370Z", + "version": "WzI0NywxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "network.direction", + "negate": false, + "params": { + "query": "inbound" + }, + "type": "phrase", + "value": "inbound" + }, + "query": { + "match": { + "network.direction": { + "query": "inbound", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top attackers (clients) [Filebeat PANW] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top attackers (clients) [Filebeat PANW] ECS", + "type": "table" + } + }, + "id": "90ce3300-758a-11e9-aacf-79a3704914a0", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T14:22:40.688Z", + "version": "WzI1MSwyXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "network.direction", + "negate": false, + "params": { + "query": "outbound" + }, + "type": "phrase", + "value": "outbound" + }, + "query": { + "match": { + "network.direction": { + "query": "outbound", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top attackers (servers) [Filebeat PANW] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "server.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top attackers (servers) [Filebeat PANW] ECS", + "type": "table" + } + }, + "id": "a95aaf20-758a-11e9-aacf-79a3704914a0", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T14:23:21.874Z", + "version": "WzI1MiwyXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Outcome by Threat Type [Filebeat PANW] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Outcome by Threat Type [Filebeat PANW] ECS", + "type": "pie" + } + }, + "id": "6dce7930-758c-11e9-aacf-79a3704914a0", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T14:36:00.962Z", + "version": "WzI1MywyXQ==" + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "panw.panos:* and event.category: \"security_threat\"" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "PAN-OS Threats [Filebeat PANW] ECS", + "version": 1 + }, + "id": "3cea1360-7569-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "search": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2019-05-13T10:24:06.550Z", + "version": "WzIzNiwxXQ==" + } + ], + "version": "7.1.0" +} diff --git a/filebeat/module/panw/fields.go b/filebeat/module/panw/fields.go new file mode 100644 index 00000000000..df941c12df4 --- /dev/null +++ b/filebeat/module/panw/fields.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package panw + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "panw", asset.ModuleFieldsPri, AssetPanw); err != nil { + panic(err) + } +} + +// AssetPanw returns asset data. +// This is the base64 encoded gzipped contents of module/panw. +func AssetPanw() string { + return "eJzMmM9u4zYQxu95irm5BeLcesmhQNpFgABpauw26HFBUyOJNcXRDkdxtU+/IC3LWouOtE42iG6STH6/+fNRpJewwfYaauW2FwBixGJ/l6HXbGox5K7h9wsAgL8oayxCTgwrZQlurBA8oGyJNx5+Wd08LP/+9OsFQG7QZv46DlqCU9Vh2nBJW+M1FExN3T1JiIXrNs4DOVMFUmKcA6pIcdX9aCgFR3rkD49Tqs9Jf6dPHOUTQe9iBkuFvxqOHWENyLix6FG+l+rwNthuibOjd88xAsCDqhAoj4xhcpBSCVRKdIkZSGk8ePTekLtKAnlqWGOSZ5SuaZouaUKA/wu6LGIJ1UuLT2g7MaD1f6jl6mh0Km1D0q/kjjmncjeDOFyfdlhBoKv3qawNeYwT5FyNkve6UL3KD5A5ddxg8GxRZxKtyMvy4eaffRlVljF6fwkm3z8Kb42HGjknrjAbM56u8yCzKcB9ACdezuAfR3C3SgH2qwhxKo97EEuueD2UIHaASVo1Qy/GqTDvG/l1oPjuTPthwPa+nDske4/2HVZ16OHh85cZedLKE2ae6aETMaVdPcPXk85+GdcMi7vd3uKN7N2pnWntWqv6s0l55BU8tFJ6gwJa1dIwwt2H6B8FUjKqU1mEF5poTkNrqqrGGWnToc8Jf2YKwvXnXi1mwNJ2WSpf9pvS0GG/LaWpD3viE42VG/tWm7wgdWZLheDO65c/jFPcQp+dfafsaDw6CbxrBOWUbb9iui7rNsbyr7HZreEwjp+MxtRyki5yMvcN2zdKfcP2zMxrJVgQtz/HzbexX2M9Hj/eh6+NLHxkf/x432unV+0wdl+QyzjmCTkzWoBcvI0VVi4D45MToJESGRaVskYbavziEhYFq3arGBeXQAyLNTpTuMWUiSxtx7Z/weHtLuwOnLLgmgrZaDAZOjG5QY5djEqX4/1C+hyHXxp0Gj+7plojJxkT37UJwHsqAJ1wOySLJ0zjwTjNWKETzDp5McraRB0fnfnS4CEkS0VEmoipW+wZnzmknpX30HXEu84JUnM+LkdQr9kGif8Wjhoh2vwH6MLNT+Xrs5YiGwIpffK8ModlOYK5iROCqA26nqD3yLcAAAD//yC/rB0=" +} diff --git a/filebeat/module/panw/module.yml b/filebeat/module/panw/module.yml new file mode 100644 index 00000000000..ed975d78f70 --- /dev/null +++ b/filebeat/module/panw/module.yml @@ -0,0 +1,5 @@ +dashboards: + - id: 772964e0-7591-11e9-aacf-79a3704914a0 + file: Filebeat-panw-threat-overview.json + - id: e40ba240-7572-11e9-976e-65a8f47cc4c1 + file: Filebeat-panw-network-overview.json diff --git a/filebeat/module/panw/panos/_meta/fields.yml b/filebeat/module/panw/panos/_meta/fields.yml new file mode 100644 index 00000000000..a5900461f08 --- /dev/null +++ b/filebeat/module/panw/panos/_meta/fields.yml @@ -0,0 +1,133 @@ + - name: panos + type: group + description: > + Fields for the Palo Alto Networks PAN-OS logs. + fields: + - name: ruleset + type: keyword + description: > + Name of the rule that matched this session. + - name: source + type: group + description: > + Fields to extend the top-level source object. + fields: + - name: zone + type: keyword + description: > + Source zone for this session. + - name: interface + type: keyword + description: > + Source interface for this session. + - name: nat + type: group + description: > + Post-NAT source address, if source NAT is performed. + fields: + - name: ip + type: ip + description: > + Post-NAT source IP. + - name: port + type: long + description: > + Post-NAT source port. + + - name: destination + type: group + description: > + Fields to extend the top-level destination object. + fields: + - name: zone + type: keyword + description: > + Destination zone for this session. + - name: interface + type: keyword + description: > + Destination interface for this session. + - name: nat + type: group + description: > + Post-NAT destination address, if destination NAT is performed. + fields: + - name: ip + type: ip + description: > + Post-NAT destination IP. + - name: port + type: long + description: > + Post-NAT destination port. + + - name: network + type: group + description: > + Fields to extend the top-level network object. + fields: + - name: pcap_id + type: keyword + description: > + Packet capture ID for a threat. + + - name: nat + type: group + fields: + - name: community_id + type: keyword + description: > + Community ID flow-hash for the NAT 5-tuple. + + - name: file + type: group + description: > + Fields to extend the top-level file object. + fields: + - name: hash + description: > + Binary hash for a threat file sent to be analyzed + by the WildFire service. + type: keyword + + - name: url + type: group + description: > + Fields to extend the top-level url object. + fields: + - name: category + type: keyword + description: > + For threat URLs, it's the URL category. + For WildFire, the verdict on the file and is + either 'malicious', 'grayware', or 'benign'. + + - name: flow_id + type: keyword + description: > + Internal numeric identifier for each session. + + - name: sequence_number + type: long + description: > + Log entry identifier that is incremented sequentially. + Unique for each log type. + + - name: threat.resource + type: keyword + description: > + URL or file name for a threat. + + - name: threat.id + type: keyword + description: > + Palo Alto Networks identifier for the threat. + + - name: threat.name + type: keyword + description: > + Palo Alto Networks name for the threat. + - name: action + type: keyword + description: >- + Action taken for the session. diff --git a/filebeat/module/panw/panos/config/input.yml b/filebeat/module/panw/panos/config/input.yml new file mode 100644 index 00000000000..929237b99af --- /dev/null +++ b/filebeat/module/panw/panos/config/input.yml @@ -0,0 +1,168 @@ +{{ if eq .input "syslog" }} + +type: syslog +protocol.udp: + host: "{{.syslog_host}}:{{.syslog_port}}" + +{{ else if eq .input "file" }} + +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] + +{{ end }} + +tags: {{.tags}} + +processors: + - add_locale: ~ + + - decode_csv_fields: + fields: + message: csv + + - extract_array: + field: csv + overwrite_keys: true + mappings: + event.created: 1 + observer.serial_number: 2 + _temp_.message_type: 3 + _temp_.message_subtype: 4 + _temp_.generated_time: 6 + + - extract_array: + when: + equals: + _temp_.message_type: TRAFFIC + field: csv + overwrite_keys: true + omit_empty: true + fail_on_error: false + mappings: + client.ip: 7 + source.ip: 7 + source.address: 7 + server.ip: 8 + destination.ip: 8 + destination.address: 8 + source.nat.ip: 9 + destination.nat.ip: 10 + panw.panos.ruleset: 11 + client.user.name: 12 + source.user.name: 12 + server.user.name: 13 + destination.user.name: 13 + network.application: 14 + panw.panos.source.zone: 16 + panw.panos.destination.zone: 17 + panw.panos.source.interface: 18 + panw.panos.destination.interface: 19 + panw.panos.flow_id: 22 + client.port: 24 + source.port: 24 + destination.port: 25 + server.port: 25 + source.nat.port: 26 + destination.nat.port: 27 + _temp_.labels: 28 + network.transport: 29 + panw.panos.action: 30 + network.bytes: 31 + client.bytes: 32 + destination.bytes: 32 + server.bytes: 33 + source.bytes: 33 + network.packets: 34 + event.start: 35 + event.duration: 36 + panw.panos.url.category: 37 + panw.panos.sequence_number: 39 + server.packets: 44 + destination.packets: 44 + client.packets: 45 + source.packets: 45 + observer.hostname: 52 + + - extract_array: + when: + equals: + _temp_.message_type: THREAT + field: csv + omit_empty: true + overwrite_keys: true + fail_on_error: false + mappings: + client.ip: 7 + source.ip: 7 + source.address: 7 + server.ip: 8 + destination.ip: 8 + destination.address: 8 + source.nat.ip: 9 + destination.nat.ip: 10 + panw.panos.ruleset: 11 + client.user.name: 12 + source.user.name: 12 + server.user.name: 13 + destination.user.name: 13 + network.application: 14 + panw.panos.source.zone: 16 + panw.panos.destination.zone: 17 + panw.panos.source.interface: 18 + panw.panos.destination.interface: 19 + panw.panos.flow_id: 22 + client.port: 24 + source.port: 24 + destination.port: 25 + server.port: 25 + source.nat.port: 26 + destination.nat.port: 27 + _temp_.labels: 28 + network.transport: 29 + panw.panos.action: 30 + panw.panos.threat.resource: 31 + url.original: 31 + panw.panos.threat.name: 32 + panw.panos.url.category: 33 + log.level: 34 + _temp_.direction: 35 + _temp_.srcloc: 38 + _temp_.dstloc: 39 + panw.panos.network.pcap_id: 42 + panw.panos.file.hash: 43 + user_agent.original: 46 + file.type: 47 + network.forwarded_ip: 48 + http.request.referer: 49 + source.user.email: 50 + panw.panos.subject: 51 + destination.user.email: 52 + observer.hostname: 59 + + - drop_fields: + fields: + - csv + + - community_id: ~ + + - community_id: + target: panw.panos.network.nat.community_id + fields: + source_ip: source.nat.ip + source_port: source.nat.port + destination_ip: destination.nat.ip + destination_port: destination.nat.port + + # Copy NAT data from ECS fields to the original non-ECS fields to retain + # backward compatibility. This should be removed for 8.0. + - convert: + ignore_missing: true + fields: + - {from: source.nat.ip, to: panw.panos.source.nat.ip, type: ip} + - {from: destination.nat.ip, to: panw.panos.destination.nat.ip, type: ip} + - {from: source.nat.port, to: panw.panos.source.nat.port, type: long} + - {from: destination.nat.port, to: panw.panos.destination.nat.port, type: long} diff --git a/filebeat/module/panw/panos/ingest/pipeline.yml b/filebeat/module/panw/panos/ingest/pipeline.yml new file mode 100644 index 00000000000..1c2c912bd87 --- /dev/null +++ b/filebeat/module/panw/panos/ingest/pipeline.yml @@ -0,0 +1,485 @@ +description: "Pipeline for Palo Alto Networks PAN-OS Logs" +processors: + +# keep message as log.original. + - rename: + field: message + target_field: log.original + +# Set @timestamp to the time when the entry was generated at the data plane. + - date: + if: "ctx.event.timezone == null" + field: "_temp_.generated_time" + formats: + - "yyyy/MM/dd HH:mm:ss" + on_failure: [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] + - date: + if: "ctx.event.timezone != null" + field: "_temp_.generated_time" + formats: + - "yyyy/MM/dd HH:mm:ss" + timezone: "{{ event.timezone }}" + on_failure: [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] + +# event.created is the time the event was received at the management plane. + - date: + if: "ctx.event.timezone == null && ctx.event.created != null " + field: "event.created" + target_field: "event.created" + formats: + - "yyyy/MM/dd HH:mm:ss" + on_failure: [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] + - date: + if: "ctx.event.timezone != null && ctx.event.created != null " + field: "event.created" + target_field: "event.created" + formats: + - "yyyy/MM/dd HH:mm:ss" + timezone: "{{ event.timezone }}" + on_failure: [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] + +# event.start (traffic only) is the time the session started. + - date: + if: "ctx.event.timezone == null && ctx.event.start != null" + field: "event.start" + target_field: "event.start" + formats: + - "yyyy/MM/dd HH:mm:ss" + on_failure: [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] + - date: + if: "ctx.event.timezone != null && ctx.event.start != null" + field: "event.start" + target_field: "event.start" + timezone: "{{ event.timezone }}" + formats: + - "yyyy/MM/dd HH:mm:ss" + on_failure: [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] + +# convert integer fields as the output of the CSV processor is always a string. + - convert: { type: long, ignore_missing: true, field: client.bytes } + - convert: { type: long, ignore_missing: true, field: client.packets } + - convert: { type: long, ignore_missing: true, field: client.port } + - convert: { type: long, ignore_missing: true, field: server.bytes } + - convert: { type: long, ignore_missing: true, field: server.packets } + - convert: { type: long, ignore_missing: true, field: server.port } + - convert: { type: long, ignore_missing: true, field: source.bytes } + - convert: { type: long, ignore_missing: true, field: source.packets } + - convert: { type: long, ignore_missing: true, field: source.port } + - convert: { type: long, ignore_missing: true, field: destination.bytes } + - convert: { type: long, ignore_missing: true, field: destination.packets } + - convert: { type: long, ignore_missing: true, field: destination.port } + - convert: { type: long, ignore_missing: true, field: network.bytes } + - convert: { type: long, ignore_missing: true, field: network.packets } + - convert: { type: long, ignore_missing: true, field: event.duration } + - convert: { type: long, ignore_missing: true, field: _temp_.labels } + - convert: { type: long, ignore_missing: true, field: panw.panos.sequence_number } + - convert: { type: long, ignore_missing: true, field: source.nat.port } + - convert: { type: long, ignore_missing: true, field: destination.nat.port } + +# Remove PCAP ID when zero (no packet capture). + - remove: + if: 'ctx?.panw?.panos?.network?.pcap_id == "0"' + field: + - panw.panos.network.pcap_id + +# Extract 'flags' bitfield into labels. + - script: + lang: painless + if: 'ctx?._temp_?.labels != null && ctx._temp_.labels != 0' + params: + pcap_included: 0x80000000 + ipv6_session: 0x02000000 + ssl_decrypted: 0x01000000 + url_filter_denied: 0x00800000 + nat_translated: 0x00400000 + captive_portal: 0x00200000 + x_forwarded_for: 0x00080000 + http_proxy: 0x00040000 + container_page: 0x00008000 + temporary_match: 0x00002000 + symmetric_return: 0x00000800 + source: > + def labels = ctx?.labels; + if (labels == null) { + labels = new HashMap(); + ctx['labels'] = labels; + } + long value = ctx._temp_.labels; + for (entry in params.entrySet()) { + if ((value & entry.getValue()) != 0) { + labels[entry.getKey()] = true; + } + } + +# normalize event.duration and determine event.end. + - script: + lang: painless + if: 'ctx?.event?.duration != null' + params: + NANOS_IN_A_SECOND: 1000000000 + source: > + long nanos = ctx['event']['duration'] * params.NANOS_IN_A_SECOND; + ctx['event']['duration'] = nanos; + def start = ctx.event?.start; + if (start != null) { + ctx.event['end'] = ZonedDateTime.parse(start).plusNanos(nanos); + } + +# Set network.direction using src/dst zone (traffic logs). + - set: + field: network.direction + value: inbound + if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.panw?.panos?.source?.zone == "untrust" && ctx?.panw?.panos?.destination?.zone == "trust"' + - set: + field: network.direction + value: outbound + if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.panw?.panos?.source?.zone == "trust" && ctx?.panw?.panos?.destination?.zone == "untrust"' + - set: + field: network.direction + value: internal + if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.panw?.panos?.source?.zone == "trust" && ctx?.panw?.panos?.destination?.zone == "trust"' + - set: + field: network.direction + value: external + if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.panw?.panos?.source?.zone == "untrust" && ctx?.panw?.panos?.destination?.zone == "untrust"' + - set: + field: network.direction + value: unknown + if: 'ctx?._temp_?.message_type == "TRAFFIC" && ((ctx?.panw?.panos?.source?.zone != "trust" && ctx?.panw?.panos?.source?.zone != "untrust") || (ctx?.panw?.panos?.destination?.zone != "trust" && ctx?.panw?.panos?.destination?.zone != "untrust"))' + +# Set network.direction from threat direction (Threat logs). + - set: + field: network.direction + value: inbound + if: 'ctx?._temp_?.message_type == "THREAT" && (ctx?._temp_?.direction == "0" || ctx?._temp_?.direction == "client-to-server")' + + - set: + field: network.direction + value: outbound + if: 'ctx?._temp_?.message_type == "THREAT" && (ctx?._temp_?.direction == "1" || ctx?._temp_?.direction == "server-to-client")' + + - set: + field: network.direction + value: unknown + if: 'ctx?._temp_?.message_type == "THREAT" && ctx?.network?.direction == null' + +# Set network.type for TRAFFIC. + - set: + field: network.type + value: 'ipv4' + if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.labels?.ipv6_session == null' + - set: + field: network.type + value: 'ipv6' + if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.labels?.ipv6_session != null' + + # Set event.category depending on log type. + - set: + field: event.kind + value: event + if: 'ctx?._temp_?.message_type == "TRAFFIC"' + - append: + field: event.category + value: + - network_traffic + - network + if: 'ctx?._temp_?.message_type == "TRAFFIC"' + - set: + field: event.kind + value: alert + if: 'ctx?._temp_?.message_type == "THREAT"' + - append: + field: event.category + value: + - security_threat + - intrusion_detection + - network + if: 'ctx?._temp_?.message_type == "THREAT"' + - drop: + if: 'ctx?.event?.category == null' + - append: + field: event.type + value: allowed + if: "ctx?.panw?.panos?.action != null && ['alert', 'allow', 'continue'].contains(ctx.panw.panos.action)" + - append: + field: event.type + value: denied + if: "ctx?.panw?.panos?.action != null && ['deny', 'drop', 'reset-client', 'reset-server', 'reset-both', 'block-url', 'block-ip', 'random-drop', 'sinkhole', 'block'].contains(ctx.panw.panos.action)" + - set: + field: event.outcome + value: success + + +# event.action for traffic logs. + - set: + field: event.action + value: flow_started + if: 'ctx?._temp_?.message_subtype == "start"' + - append: + field: event.type + value: + - start + - connection + if: 'ctx?._temp_?.message_subtype == "start"' + - set: + field: event.action + value: flow_terminated + if: 'ctx?._temp_?.message_subtype == "end"' + - append: + field: event.type + value: + - end + - connection + if: 'ctx?._temp_?.message_subtype == "end"' + - set: + field: event.action + value: flow_dropped + if: 'ctx?._temp_?.message_subtype == "drop"' + - append: + field: event.type + value: + - denied + - connection + if: 'ctx?._temp_?.message_subtype == "drop"' + - set: + field: event.action + value: flow_denied + if: 'ctx?._temp_?.message_subtype == "deny"' + - append: + field: event.type + value: + - denied + - connection + if: 'ctx?._temp_?.message_subtype == "deny"' + +# event.action for threat logs. + - set: + field: event.action + value: data_match + if: 'ctx?._temp_?.message_subtype == "data"' + - set: + field: event.action + value: file_match + if: 'ctx?._temp_?.message_subtype == "file"' + - set: + field: event.action + value: flood_detected + if: 'ctx?._temp_?.message_subtype == "flood"' + - set: + field: event.action + value: packet_attack + if: 'ctx?._temp_?.message_subtype == "packet"' + - set: + field: event.action + value: scan_detected + if: 'ctx?._temp_?.message_subtype == "scan"' + - set: + field: event.action + value: spyware_detected + if: 'ctx?._temp_?.message_subtype == "spyware"' + - set: + field: event.action + value: url_filtering + if: 'ctx?._temp_?.message_subtype == "url"' + - set: + field: event.action + value: virus_detected + if: 'ctx?._temp_?.message_subtype == "virus"' + - set: + field: event.action + value: exploit_detected + if: 'ctx?._temp_?.message_subtype == "vulnerability"' + - set: + field: event.action + value: wildfire_veredict + if: 'ctx?._temp_?.message_subtype == "wildfire"' + - set: + field: event.action + value: wildfire_virus_detected + if: 'ctx?._temp_?.message_subtype == "wildfire-virus"' + + +# Set numeric log.level from event.severity. + - set: + field: "event.severity" + if: 'ctx.log.level == "critical"' + value: 1 + - set: + field: "event.severity" + if: 'ctx.log.level == "high"' + value: 2 + - set: + field: "event.severity" + if: 'ctx.log.level == "medium"' + value: 3 + - set: + field: "event.severity" + if: 'ctx.log.level == "low"' + value: 4 + - set: + field: "event.severity" + if: 'ctx.log.level == "informational"' + value: 5 + +# Normalize event.outcome. +# These values appear in the TRAFFIC docs but look like a mistake. + - set: + field: panw.panos.action + value: 'drop-icmp' + if: 'ctx?.panw?.panos?.action == "drop icmp" || ctx?.panw?.panos?.action == "drop ICMP"' + - set: + field: panw.panos.action + value: 'reset-both' + if: 'ctx?.panw?.panos?.action == "reset both"' + - set: + field: panw.panos.action + value: 'reset-client' + if: 'ctx?.panw?.panos?.action == "reset client"' + - set: + field: panw.panos.action + value: 'reset-server' + if: 'ctx?.panw?.panos?.action == "reset server"' + +# Build related.ip array from src/dest/NAT IPs. + - append: + if: 'ctx?.source?.ip != null' + field: related.ip + value: + - '{{source.ip}}' + - append: + if: 'ctx?.destination?.ip != null' + field: related.ip + value: + - '{{destination.ip}}' + - append: + if: 'ctx?.source?.nat?.ip != null' + field: related.ip + value: + - '{{source.nat.ip}}' + - append: + if: 'ctx?.destination?.nat?.ip != null' + field: related.ip + value: + - '{{destination.nat.ip}}' + +# Geolocation for source. + - geoip: + if: 'ctx?.source?.ip != null' + field: source.ip + target_field: source.geo + +# Geolocation for destination. + - geoip: + if: 'ctx?.destination?.ip != null' + field: destination.ip + target_field: destination.geo + +# IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + +# Set source|destination.geo.name from panw's srcloc|dstloc + - rename: + if: 'ctx.source?.geo?.name == null' + field: _temp_.srcloc + target_field: source.geo.name + ignore_missing: true + - rename: + if: 'ctx.destination?.geo?.name == null' + field: _temp_.dstloc + target_field: destination.geo.name + ignore_missing: true + +# Append NAT community_id to network.community_id + - append: + if: 'ctx?.panw?.panos?.network?.nat?.community_id != null && ctx.panw.panos.network.nat.community_id != ctx?.network?.community_id' + field: network.community_id + value: + - '{{panw.panos.network.nat.community_id}}' + + - grok: + if: 'ctx?.panw?.panos?.threat?.name != null' + field: panw.panos.threat.name + ignore_failure: true + patterns: + - '%{GREEDYDATA:panw.panos.threat.name}\(\s*%{GREEDYDATA:panw.panos.threat.id}\s*\)' + + - set: + field: panw.panos.threat.name + value: 'URL-filtering' + if: 'ctx?.panw?.panos?.threat?.id == "9999"' + + - set: + field: rule.name + value: "{{panw.panos.ruleset}}" + if: "ctx?.panw?.panos?.ruleset != null" + + - append: + field: related.user + value: "{{client.user.name}}" + if: "ctx?.client?.user?.name != null" + + - append: + field: related.user + value: "{{source.user.name}}" + if: "ctx?.source?.user?.name != null" + + - append: + field: related.user + value: "{{server.user.name}}" + if: "ctx?.server?.user?.name != null" + + - append: + field: related.user + value: "{{destination.user.name}}" + if: "ctx?.destination?.user?.name != null" + + - append: + field: related.hash + value: "{{panw.panos.file.hash}}" + if: "ctx?.panw?.panos?.file?.hash != null" + +# Remove temporary fields. + - remove: + field: + - _temp_ + ignore_missing: true + +on_failure: + - set: + field: "error.message" + value: "{{ _ingest.on_failure_message }}" + - remove: + field: + - _temp_ + ignore_missing: true diff --git a/filebeat/module/panw/panos/manifest.yml b/filebeat/module/panw/panos/manifest.yml new file mode 100644 index 00000000000..4c356d65080 --- /dev/null +++ b/filebeat/module/panw/panos/manifest.yml @@ -0,0 +1,23 @@ +module_version: "1.0" + +var: + - name: paths + default: + - /var/log/pan-os.log + - name: tags + default: [pan-os] + - name: syslog_host + default: localhost + - name: syslog_port + default: 9001 + - name: input + default: syslog + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/input.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/filebeat/module/panw/panos/test/pan_inc_other.log b/filebeat/module/panw/panos/test/pan_inc_other.log new file mode 100644 index 00000000000..421c6f796a6 --- /dev/null +++ b/filebeat/module/panw/panos/test/pan_inc_other.log @@ -0,0 +1,34 @@ +Mar 25 23:58:57 1,2013/03/25 23:58:57,1606001116,CONFIG,0,0,2012/02/25 00:51:50,192.168.0.2,,set,admin,Web,Succeeded, config shared local-user-database user badguy,0,0x0 +Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,CONFIG,0,0,2012/02/25 00:53:22,192.168.0.2,,set,admin,Web,Succeeded, config mgt-config users badguy,0,0x0 +Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,CONFIG,0,0,2012/02/25 00:53:40,192.168.0.2,,commit,admin,Web,Submitted,,0,0x0 +Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,SYSTEM,routing,0,2012/02/25 00:53:53,,routed-config-p1-success,,0,0,general,informational,Route daemon configuration load phase-1 succeeded.,0,0x0 +Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,SYSTEM,vpn,0,2012/02/25 00:53:56,,ike-config-p1-success,,0,0,general,informational,IKE daemon configuration load phase-1 succeeded.,0,0x0 +Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,SYSTEM,routing,0,2012/02/25 00:54:16,,routed-config-p2-success,,0,0,general,informational,Route daemon configuration load phase-2 succeeded.,0,0x0 +Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,SYSTEM,ras,0,2012/02/25 00:54:16,,rasmgr-config-p2-success,,0,0,general,informational,RASMGR daemon configuration load phase-2 succeeded.,0,0x0 +Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,CONFIG,0,0,2012/02/25 00:57:17,192.168.0.2,,edit,badguy,Web,Succeeded, vsys vsys1 profiles url-filtering monzyspolicy,0,0x0 +Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,CONFIG,0,0,2012/02/25 00:57:36,192.168.0.2,,commit,badguy,Web,Submitted,,0,0x0 +Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,SYSTEM,routing,0,2012/02/25 00:57:49,,routed-config-p1-success,,0,0,general,informational,Route daemon configuration load phase-1 succeeded.,0,0x0 +Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,SYSTEM,vpn,0,2012/02/25 00:57:52,,ike-config-p1-success,,0,0,general,informational,IKE daemon configuration load phase-1 succeeded.,0,0x0 +Mar 25 23:59:07 1,2013/03/25 23:59:07,1606001116,SYSTEM,routing,0,2012/02/25 00:58:12,,routed-config-p2-success,,0,0,general,informational,Route daemon configuration load phase-2 succeeded.,0,0x0 +Mar 25 23:59:07 1,2013/03/25 23:59:07,1606001116,SYSTEM,vpn,0,2012/02/25 00:58:12,,ike-config-p2-success,,0,0,general,informational,IKE daemon configuration load phase-2 succeeded.,0,0x0 +Mar 25 23:59:07 1,2013/03/25 23:59:07,1606001116,SYSTEM,ras,0,2012/02/25 00:58:12,,rasmgr-config-p2-success,,0,0,general,informational,RASMGR daemon configuration load phase-2 succeeded.,0,0x0 +Mar 25 23:59:07 1,2013/03/25 23:59:07,1606001116,SYSTEM,general,1,2012/02/25 00:58:14,,unknown,,0,0,general,informational,Config installed,909,0x0 +Mar 25 23:59:07 1,2013/03/25 23:59:07,1606001116,SYSTEM,general,0,2012/02/25 00:59:36,,general,,0,0,general,informational,Log type config cleared by user badguy ,0,0x0 +Mar 25 23:59:22 1,2013/03/25 23:59:22,01606001116,SYSTEM,general,1,2012/04/10 03:11:57,,unknown,,0,0,general,informational,Config installed,884,0x0 +Mar 25 23:59:22 1,2013/03/25 23:59:22,01606001116,SYSTEM,ras,0,2012/04/10 03:11:56,,rasmgr-config-p2-success,,0,0,general,informational,RASMGR daemon configuration load phase-2 succeeded.,0,0x0 +Mar 25 23:59:22 1,2013/03/25 23:59:22,01606001116,SYSTEM,vpn,0,2012/04/10 03:11:56,,ike-config-p2-success,,0,0,general,informational,IKE daemon configuration load phase-2 succeeded.,0,0x0 +Mar 25 23:59:22 1,2013/03/25 23:59:22,01606001116,SYSTEM,routing,0,2012/04/10 03:11:56,,routed-config-p2-success,,0,0,general,informational,Route daemon configuration load phase-2 succeeded.,0,0x0 +Mar 25 23:59:22 1,2013/03/25 23:59:22,01606001116,SYSTEM,ras,0,2012/04/10 03:06:11,,rasmgr-config-p1-success,,0,0,general,informational,RASMGR daemon configuration load phase-1 succeeded.,0,0x0 +Mar 25 23:59:27 1,2013/03/25 23:59:27,01606001116,SYSTEM,routing,0,2012/04/10 03:06:00,,routed-config-p1-success,,0,0,general,informational,Route daemon configuration load phase-1 succeeded.,0,0x0 +Mar 25 23:59:27 1,2013/03/25 23:59:27,01606001116,SYSTEM,general,1,2012/04/09 09:02:53,,unknown,,0,0,general,informational,Config installed,840,0x0 +Mar 25 23:59:27 1,2013/03/25 23:59:27,01606001116,SYSTEM,ras,0,2012/04/09 09:02:52,,rasmgr-config-p2-success,,0,0,general,informational,RASMGR daemon configuration load phase-2 succeeded.,0,0x0 +Mar 25 23:59:27 1,2013/03/25 23:59:27,01606001116,SYSTEM,vpn,0,2012/04/09 09:02:52,,ike-config-p2-success,,0,0,general,informational,IKE daemon configuration load phase-2 succeeded.,0,0x0 +Mar 25 23:59:27 1,2013/03/25 23:59:27,01606001116,SYSTEM,routing,0,2012/04/09 09:02:52,,routed-config-p2-success,,0,0,general,informational,Route daemon configuration load phase-2 succeeded.,0,0x0 +Mar 25 23:59:27 1,2013/03/25 23:59:27,01606001116,SYSTEM,ras,0,2012/04/09 09:00:55,,rasmgr-config-p1-success,,0,0,general,informational,RASMGR daemon configuration load phase-1 succeeded.,0,0x0 +Mar 25 23:59:27 1,2013/03/25 23:59:27,01606001116,SYSTEM,vpn,0,2012/04/09 09:00:52,,ike-config-p1-success,,0,0,general,informational,IKE daemon configuration load phase-1 succeeded.,0,0x0 +Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,CONFIG,0,0,2012/04/09 09:00:35,192.168.0.2,,commit,admin,Web,Submitted,,0,0x0 +Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,CONFIG,0,0,2012/04/09 09:00:20,192.168.0.2,,edit,admin,Web,Succeeded, vsys vsys1 profiles data-objects PII,0,0x0 +Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,SYSTEM,general,1,2012/04/09 03:21:53,,unknown,,0,0,general,informational,Config installed,821,0x0 +Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,SYSTEM,ras,0,2012/04/09 03:21:53,,rasmgr-config-p2-success,,0,0,general,informational,RASMGR daemon configuration load phase-2 succeeded.,0,0x0 +Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,SYSTEM,vpn,0,2012/04/09 03:21:53,,ike-config-p2-success,,0,0,general,informational,IKE daemon configuration load phase-2 succeeded.,0,0x0 +Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,start,1,2012/04/10 04:39:56,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,25149,1,59309,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:56,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 diff --git a/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json b/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json new file mode 100644 index 00000000000..5b43295399c --- /dev/null +++ b/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json @@ -0,0 +1,97 @@ +[ + { + "@timestamp": "2012-04-10T04:39:56.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59309, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:56.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:56.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 5853, + "log.original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,start,1,2012/04/10 04:39:56,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,25149,1,59309,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:56,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:mY2EPMYo0US42k87/2uTzjo/rGA=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25149", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59309, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/panw/panos/test/pan_inc_threat.log b/filebeat/module/panw/panos/test/pan_inc_threat.log new file mode 100644 index 00000000000..b493a709848 --- /dev/null +++ b/filebeat/module/panw/panos/test/pan_inc_threat.log @@ -0,0 +1,100 @@ +Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,THREAT,url,1,2012/04/10 04:39:56,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25149,1,59309,80,0,0,0x208000,tcp,alert,"lorexx.cn/loader.exe",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,THREAT,url,1,2012/04/10 04:39:56,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,26067,1,59313,80,0,0,0x208000,tcp,alert,"lsiu.info/evo/count.php?o=2",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,THREAT,url,1,2012/04/10 04:39:56,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,26522,1,59314,80,0,0,0x208000,tcp,alert,"lsiu.info/evo/count.php?o=5",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,THREAT,url,1,2012/04/10 04:39:57,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25112,1,59315,80,0,0,0x208000,tcp,alert,"lsiu.info/evo/count.php?o=7",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,THREAT,url,1,2012/04/10 04:39:57,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25179,1,59316,80,0,0,0x208000,tcp,alert,"lsiu.info/evo/exploits/x18.php?o=2&t=1241403746&i=1365814122",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,THREAT,url,1,2012/04/10 04:39:57,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25848,1,59317,80,0,0,0x208000,tcp,alert,"lsiu.info/evo/exploits/x19.php?o=2&t=1241403746&i=1365814122",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,THREAT,url,1,2012/04/10 04:39:54,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,24910,1,59302,80,0,0,0x208000,tcp,alert,"liteautobestguide.cn/load.php",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,THREAT,url,1,2012/04/10 04:39:54,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,26862,1,59301,80,0,0,0x208000,tcp,alert,"liteautobestguide.cn/index.php",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,THREAT,url,1,2012/04/10 04:39:55,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,22860,1,59303,80,0,0,0x208000,tcp,alert,"litetopdetect.cn/index.php",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,THREAT,url,1,2012/04/10 04:39:55,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,26360,1,59304,80,0,0,0x208000,tcp,alert,"lkmpmlm.com/fff9999.php?aid=0&uid=6cbbc5081e7548e276611ff5059df6ed30c8f8f1&os=513",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,THREAT,url,1,2012/04/10 04:39:52,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:54,25543,1,59297,80,0,0,0x208000,tcp,alert,"girlteenxxxfreemov.com/",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,THREAT,url,1,2012/04/10 04:39:53,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,25437,1,59299,80,0,0,0x208000,tcp,alert,"imagesrepository.com/resolution.php",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,THREAT,url,1,2012/04/10 04:39:53,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,26338,1,59298,80,0,0,0x208000,tcp,alert,"hottestfiles.com/search/search.php?q=xxx",(9999),search-engines,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,THREAT,url,1,2012/04/10 04:39:54,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,25713,1,59300,80,0,0,0x200000,tcp,block-url,"infodist1.com/in.cgi?11¶meter=404",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,THREAT,url,1,2012/04/10 04:39:51,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,25451,1,59295,80,0,0,0x208000,tcp,alert,"cls-softwares.com/suc.php",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,THREAT,url,1,2012/04/10 04:39:51,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,26414,1,59291,80,0,0,0x208000,tcp,alert,"cls-softwares.com/softwarefortubeview.40013.exe",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,THREAT,url,1,2012/04/10 04:39:52,192.168.0.2,78.159.99.224,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,26927,1,59296,80,0,0,0x200000,tcp,block-url,"findmorepill.com/klik/search.php?q=xxx",(9999),online-gambling,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Germany,0, +Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,THREAT,url,1,2012/04/10 04:39:48,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:51,26127,1,59280,80,0,0,0x208000,tcp,alert,"allowedwebsurfing.com/",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,THREAT,url,1,2012/04/10 04:39:49,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:51,25306,1,59281,80,0,0,0x208000,tcp,alert,"antivirus-remote.com/",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,THREAT,url,1,2012/04/10 04:39:49,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:52,24561,1,59282,80,0,0,0x208000,tcp,alert,"bklinkov.ru/hi/start.cfg",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,THREAT,url,1,2012/04/10 04:39:50,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:52,15099,1,59290,80,0,0,0x208000,tcp,alert,"blogsexnakedgirlxxx.com/",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,THREAT,url,1,2012/04/10 04:39:50,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:52,24955,1,59286,80,0,0,0x208000,tcp,alert,"bklinkov.ru/hi/start.exe",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,THREAT,url,1,2012/04/10 04:39:47,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:49,25398,1,59275,80,0,0,0x208000,tcp,alert,"-/",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,THREAT,url,1,2012/04/10 04:39:47,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:49,25945,1,59277,80,0,0,0x208000,tcp,alert,"-/",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,THREAT,url,1,2012/04/10 04:39:47,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:49,27111,1,59276,80,0,0,0x208000,tcp,alert,"-/",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,THREAT,url,1,2012/04/10 04:39:48,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,25871,1,59278,80,0,0,0x208000,tcp,alert,"-/",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,THREAT,url,1,2012/04/10 04:39:48,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,26251,1,59279,80,0,0,0x208000,tcp,alert,"-/",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,THREAT,url,1,2012/04/10 04:39:45,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:47,24816,1,59271,80,0,0,0x208000,tcp,alert,"-/",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,THREAT,url,1,2012/04/10 04:39:45,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:47,25062,1,59269,80,0,0,0x208000,tcp,alert,"-/",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,THREAT,url,1,2012/04/10 04:39:45,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:47,26266,1,59270,80,0,0,0x208000,tcp,alert,"-/",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,THREAT,url,1,2012/04/10 04:39:46,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:48,23898,1,59274,80,0,0,0x208000,tcp,alert,"-/",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,THREAT,url,1,2012/04/10 04:39:46,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:48,25259,1,59273,80,0,0,0x208000,tcp,alert,"-/",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,THREAT,url,1,2012/04/10 04:39:46,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:48,26466,1,59272,80,0,0,0x208000,tcp,alert,"-/",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html +Oct 30 09:46:47 1,2012/10/30 09:46:47,01606001116,THREAT,url,1,2012/04/10 04:39:43,192.168.0.2,69.43.161.167,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:44,4086,1,59261,80,0,0,0x200000,tcp,block-url,"wantfinest.com/tds/in.cgi?default",(9999),unknown,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Oct 30 09:47:02 1,2012/10/30 09:47:02,01606001116,THREAT,url,1,2012/04/10 04:39:38,192.168.0.2,202.31.187.154,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:39,26534,1,59248,80,0,0,0x200000,tcp,block-url,"sameshitasiteverwas.com/traf/tds/in.cgi?2",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Korea Republic Of,0, +Oct 30 09:47:02 1,2012/10/30 09:47:02,01606001116,THREAT,url,1,2012/04/10 04:39:39,192.168.0.2,89.111.176.67,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:40,26965,1,59251,80,0,0,0x200000,tcp,block-url,"svarkon.ru/update.exe",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Russian Federation,0, +Oct 30 09:47:12 1,2012/10/30 09:47:12,01606001116,THREAT,url,1,2012/04/10 04:39:36,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:37,26076,1,59244,80,0,0,0x200000,tcp,block-url,"onlinescanxpp.com/land/eurl/1.php?code=",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Oct 30 09:47:17 1,2012/10/30 09:47:17,01606001116,THREAT,url,1,2012/04/10 04:39:34,192.168.0.2,208.73.210.29,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:35,26198,1,59237,80,0,0,0x200000,tcp,block-url,"nolagtime.com/conn/?JKV_1RWbUUdIfRUWUaITfdIfbREdYEYdfTTRI-6XBB_1WQR-6GF5_1AU-6LC6_1Y-gW-gEUQQ-gE-tsDF6K5D_rpX51_rR-t-66FC_1Q_fQ_fQ_fQ_fQ_fQ_fQ_fQ-62BG_1Q-672V_1YOR-6N8J_1Q-6252_1WQRR-69LV_1-65GZ_1W-6",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Oct 30 09:47:17 1,2012/10/30 09:47:17,01606001116,THREAT,url,1,2012/04/10 04:39:35,192.168.0.2,208.73.210.29,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:36,26056,1,59238,80,0,0,0x200000,tcp,block-url,"nolagtime.com/gwc.txt",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Oct 30 09:51:03 1,2012/10/30 09:51:03,01606001116,THREAT,url,1,2012/04/10 04:38:19,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:38:20,25465,1,59010,80,0,0,0x200000,tcp,block-url,"karavan.us/bon/index.php",(9999),unknown,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Oct 30 09:51:23 1,2012/10/30 09:51:23,01606001116,THREAT,url,1,2012/04/10 04:38:14,192.168.0.2,208.73.210.29,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:38:15,24316,1,58969,80,0,0,0x200000,tcp,block-url,"findnolimits.com/go.php?sid=1",(9999),dead-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Oct 30 09:51:33 1,2012/10/30 09:51:33,01606001116,THREAT,url,1,2012/04/10 04:38:12,192.168.0.2,89.108.64.156,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:38:13,17258,1,58941,80,0,0,0x200000,tcp,block-url,"bizoplata.ru/moun.html",(9999),parked-domains,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Russian Federation,0, +Oct 30 09:51:33 1,2012/10/30 09:51:33,01606001116,THREAT,url,1,2012/04/10 04:38:12,192.168.0.2,89.108.64.156,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:38:13,24735,1,58942,80,0,0,0x200000,tcp,block-url,"bizoplata.ru/palast.html",(9999),parked-domains,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Russian Federation,0, +Oct 30 09:53:33 1,2012/10/30 09:53:33,01606001116,THREAT,spyware,1,2012/04/10 04:37:28,204.232.231.46,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:37:33,23497,1,80,58849,0,0,0x200000,tcp,drop-all-packets,"controller.php",Bredolab.Gen Command and Control Traffic(13024),any,critical,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Oct 30 09:53:38 1,2012/10/30 09:53:38,01606001116,THREAT,url,1,2012/04/10 04:37:32,192.168.0.2,216.8.179.25,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:37:32,23711,1,58856,80,0,0,0x200000,tcp,block-url,"www.15min.it/",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Canada,0, +Oct 30 09:53:48 1,2012/10/30 09:53:48,01606001116,THREAT,url,1,2012/04/10 04:37:27,192.168.0.2,69.43.161.154,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:37:27,23659,1,58847,80,0,0,0x200000,tcp,block-url,"tubemov.com/",(9999),adult-and-pornography,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Oct 30 09:53:58 1,2012/10/30 09:53:58,01606001116,THREAT,url,1,2012/04/10 04:37:25,192.168.0.2,208.91.196.252,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:37:25,23782,1,58841,80,0,0,0x200000,tcp,block-url,"pagesinxt.com/?dn=teenstube.us&flrdr=yes&nxte=js",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Virgin Islands British,0, +Oct 30 09:55:23 1,2012/10/30 09:55:23,01606001116,THREAT,url,1,2012/04/10 04:37:05,192.168.0.2,208.73.210.29,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:37:06,23239,1,58795,80,0,0,0x200000,tcp,block-url,"movfree.com/",(9999),spyware-and-adware,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Oct 30 09:56:23 1,2012/10/30 09:56:23,01606001116,THREAT,url,1,2012/04/10 04:36:51,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:36:52,22479,1,58753,80,0,0,0x200000,tcp,block-url,"gometascan.com/",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Oct 30 09:57:33 1,2012/10/30 09:57:33,01606001116,THREAT,url,1,2012/04/10 04:36:39,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:36:40,21458,1,58708,80,0,0,0x200000,tcp,block-url,"antivirus-powerful-scannerv2.com/download/Install_11-1.exe",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Oct 30 09:57:38 1,2012/10/30 09:57:38,01606001116,THREAT,url,1,2012/04/10 04:36:38,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:36:39,21577,1,58707,80,0,0,0x200000,tcp,block-url,"antivirus-powerful-scannerv2.com/1/?id=11-1&back==TQzyDTyMUQNMI=N",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Mar 25 23:58:52 1,2013/03/25 23:58:52,1606001116,THREAT,url,1,2012/04/10 04:36:27,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:36:28,21487,1,58603,80,0,0,0x200000,tcp,block-url,"basdzsdas.com/poker/config.bin",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Mar 25 23:58:52 1,2013/03/25 23:58:52,1606001116,THREAT,url,1,2012/04/10 04:36:27,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:36:28,21487,1,58603,80,0,0,0x200000,tcp,block-url,"basdzsdas.com/poker/config.bin",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Mar 25 23:58:57 1,2013/03/25 23:58:57,1606001116,THREAT,file,1,2012/04/10 04:19:59,173.236.179.57,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:20:05,64856,1,80,54431,0,0,0x200000,tcp,deny,"uLLGRaXP.exe",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:58:57 1,2013/03/25 23:58:57,1606001116,THREAT,url,1,2012/04/10 04:36:27,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:36:28,21487,1,58603,80,0,0,0x200000,tcp,block-url,"basdzsdas.com/poker/config.bin",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Mar 25 23:59:07 1,2013/03/25 23:59:07,01606001116,THREAT,file,1,2012/04/10 04:51:29,91.209.163.202,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:51:34,37983,1,80,61220,0,0,0x200000,tcp,deny,"FunkyEmoticons_setup.exe",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,European Union,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:07 1,2013/03/25 23:59:07,01606001116,THREAT,file,1,2012/04/10 04:54:33,122.226.169.183,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:54:38,41989,1,80,61726,0,0,0x200000,tcp,deny,"52hxw.exe",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,China,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:07 1,2013/03/25 23:59:07,01606001116,THREAT,url,1,2012/04/10 05:01:00,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 05:01:00,49238,1,63007,80,0,0,0x200000,tcp,block-url,"softsellfast.com/test/config.bin",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Mar 25 23:59:12 1,2013/03/25 23:59:12,01606001116,THREAT,file,1,2012/04/10 04:45:17,109.201.131.15,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:45:23,21592,1,80,60212,0,0,0x200000,tcp,deny,"setup.exe",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,Netherlands,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:12 1,2013/03/25 23:59:12,01606001116,THREAT,file,1,2012/04/10 04:46:16,91.209.163.202,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:46:22,33760,1,80,60392,0,0,0x200000,tcp,deny,"Live-Player_setup.exe",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,European Union,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:12 1,2013/03/25 23:59:12,01606001116,THREAT,url,1,2012/04/10 04:42:39,192.168.0.2,213.180.199.61,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:42:39,28723,1,59709,80,0,0,0x200000,tcp,block-url,"boialex.narod.ru/config.txt",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Russian Federation,0, +Mar 25 23:59:12 1,2013/03/25 23:59:12,01606001116,THREAT,url,1,2012/04/10 04:42:42,192.168.0.2,213.180.199.61,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:42:42,28932,1,59721,80,0,0,0x200000,tcp,block-url,"edw-melon.narod.ru/config.txt",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Russian Federation,0, +Mar 25 23:59:12 1,2013/03/25 23:59:12,01606001116,THREAT,url,1,2012/04/10 04:42:51,192.168.0.2,213.180.199.61,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:42:51,28953,1,59752,80,0,0,0x200000,tcp,block-url,"maximtushin.narod.ru/config.txt",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Russian Federation,0, +Mar 25 23:59:17 1,2013/03/25 23:59:17,01606001116,THREAT,file,1,2012/04/10 04:19:59,173.236.179.57,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:20:05,64856,1,80,54431,0,0,0x200000,tcp,deny,"uLLGRaXP.exe",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:22 1,2013/03/25 23:59:22,01606001116,THREAT,url,1,2012/04/10 04:09:01,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:09:01,55402,1,63183,80,0,0,0x200000,tcp,block-url,"marketingsoluchion.biz/fkn/config.bin",(9999),unknown,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:18:27,192.168.0.6,207.46.140.46,0.0.0.0,0.0.0.0,rule1,jordy,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:18:32,25217,1,1047,80,0,0,0x200000,tcp,alert,"default.aspx",PII(60000),any,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:18:29,65.54.161.34,192.168.0.6,0.0.0.0,0.0.0.0,rule1,,jordy,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:18:34,25653,1,80,1039,0,0,0x200000,tcp,alert,"sck.aspx",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:18:32,65.55.5.231,192.168.0.6,0.0.0.0,0.0.0.0,rule1,,jordy,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:18:37,25717,3,80,1064,0,0,0x200000,tcp,alert,"ADSAdClient31.dll",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:18:33,192.168.0.6,65.54.71.11,0.0.0.0,0.0.0.0,rule1,jordy,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:18:38,25290,1,1048,80,0,0,0x200000,tcp,alert,"c.gif",PII(60000),any,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:18:37,74.125.239.17,192.168.0.6,0.0.0.0,0.0.0.0,rule1,,jordy,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:18:42,25932,1,80,1071,0,0,0x200000,tcp,alert,"csi",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:50:12,192.168.0.2,208.85.40.48,0.0.0.0,0.0.0.0,rule1,picard,,pandora,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:50:17,28264,1,57502,80,0,0,0x200000,tcp,alert,"internal-tuner.pandora.com",PII(60000),any,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:58:18,74.125.224.198,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:58:22,29312,1,80,57876,0,0,0x200000,tcp,reset-both,"js",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,file,1,2012/04/09 08:22:27,188.190.124.75,192.168.0.6,0.0.0.0,0.0.0.0,rule1,,jordy,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:22:31,26747,1,80,1082,0,0,0x200000,tcp,deny,"about.exe",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,Ukraine,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 07:11:43,74.125.224.200,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 07:11:48,19205,1,80,50986,0,0,0x200000,tcp,reset-both,"js",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 07:14:02,74.125.239.3,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 07:14:07,19360,1,80,51716,0,0,0x200000,tcp,reset-both,"js",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 07:14:39,74.125.239.3,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 07:14:44,19696,1,80,52119,0,0,0x200000,tcp,reset-both,"js",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 07:16:03,74.125.224.200,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 07:16:08,19679,1,80,52411,0,0,0x200000,tcp,reset-both,"js",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 07:18:14,192.168.0.2,74.125.239.6,0.0.0.0,0.0.0.0,rule1,picard,,google-analytics,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 07:18:19,19448,1,52366,80,0,0,0x200000,tcp,alert,"__utm.gif",PII(60000),any,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 07:25:04,74.125.224.193,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 07:25:09,20422,1,80,53026,0,0,0x200000,tcp,reset-both,"js",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 07:36:04,74.125.239.20,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 07:36:09,21267,1,80,53809,0,0,0x200000,tcp,alert,"nav_logo107.png",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 08:08:08,208.80.154.225,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:08:13,24567,1,80,55912,0,0,0x200000,tcp,alert,"Eadweard_Muybridge",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 08:08:44,208.80.154.234,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:08:49,24646,1,80,55916,0,0,0x200000,tcp,alert,"load.php",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 08:16:57,65.54.75.25,192.168.0.6,0.0.0.0,0.0.0.0,rule1,,jordy,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:17:01,25874,1,80,1046,0,0,0x200000,tcp,reset-both,"8fe44cb728c0f40750c64ee906eb72.css",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 04:06:41,74.125.224.206,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 04:06:46,2175,1,80,61734,0,0,0x200000,tcp,reset-both,"js",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 04:12:52,74.125.224.195,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 04:12:57,3046,1,80,62292,0,0,0x200000,tcp,reset-both,"js",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:07:49,207.178.96.34,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,rss,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:07:54,1560,1,80,64669,0,0,0x200000,tcp,alert,"appcast.xml",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:48:44,74.125.224.195,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:48:48,16852,1,80,65265,0,0,0x200000,tcp,reset-both,"js",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:48:59,74.125.239.20,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:49:05,15948,1,80,64979,0,0,0x200000,tcp,alert,"csi",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:50:14,66.152.109.24,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:50:19,17028,1,80,49432,0,0,0x200000,tcp,alert,"index.php",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:51:34,74.125.224.200,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:51:39,15878,1,80,49722,0,0,0x200000,tcp,reset-both,"js",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:53:41,192.168.0.2,74.125.224.201,0.0.0.0,0.0.0.0,rule1,picard,,google-analytics,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:53:47,16602,1,49681,80,0,0,0x200000,tcp,alert,"__utm.gif",PII(60000),any,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:54:35,74.125.224.200,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:54:41,17433,1,80,50108,0,0,0x200000,tcp,reset-both,"js",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:54:55,74.125.224.200,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:55:00,17104,1,80,50387,0,0,0x200000,tcp,reset-both,"js",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,THREAT,data,1,2012/04/09 03:44:49,192.168.0.2,208.85.40.48,0.0.0.0,0.0.0.0,rule1,jordy,,pandora,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 03:44:55,63706,1,59781,80,0,0,0x200000,tcp,alert,"internal-tuner.pandora.com",PII(60000),any,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,THREAT,data,1,2012/04/09 03:45:45,74.125.224.201,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 03:45:50,65257,1,80,60005,0,0,0x200000,tcp,reset-both,"js",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,THREAT,data,1,2012/04/09 03:49:17,74.125.224.201,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 03:49:22,537,1,80,60443,0,0,0x200000,tcp,reset-both,"js",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,THREAT,data,1,2012/04/09 03:53:41,74.125.224.200,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 03:53:45,914,1,80,60822,0,0,0x200000,tcp,reset-both,"js",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,THREAT,data,1,2012/04/09 03:55:23,74.125.224.200,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 03:55:28,1475,1,80,61105,0,0,0x200000,tcp,reset-both,"js",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,THREAT,data,1,2012/04/09 03:55:52,74.125.224.198,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-analytics,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 03:55:57,883,1,80,60782,0,0,0x200000,tcp,alert,"ga.js",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, +Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,THREAT,data,1,2012/04/09 04:03:55,74.125.224.200,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 04:04:00,1965,1,80,61470,0,0,0x200000,tcp,reset-both,"js",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, diff --git a/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json b/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json new file mode 100644 index 00000000000..f6ca00ac200 --- /dev/null +++ b/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json @@ -0,0 +1,8600 @@ +[ + { + "@timestamp": "2012-04-10T04:39:56.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59309, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 0, + "log.original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,THREAT,url,1,2012/04/10 04:39:56,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25149,1,59309,80,0,0,0x208000,tcp,alert,\"lorexx.cn/loader.exe\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:mY2EPMYo0US42k87/2uTzjo/rGA=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25149", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "lorexx.cn/loader.exe", + "panw.panos.url.category": "not-resolved", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59309, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "lorexx.cn/loader.exe" + }, + { + "@timestamp": "2012-04-10T04:39:56.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59313, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 403, + "log.original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,THREAT,url,1,2012/04/10 04:39:56,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,26067,1,59313,80,0,0,0x208000,tcp,alert,\"lsiu.info/evo/count.php?o=2\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:0fIOSC1t62T9ExNKvZaxl657EVc=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26067", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "lsiu.info/evo/count.php?o=2", + "panw.panos.url.category": "not-resolved", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59313, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "lsiu.info/evo/count.php?o=2" + }, + { + "@timestamp": "2012-04-10T04:39:56.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59314, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 813, + "log.original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,THREAT,url,1,2012/04/10 04:39:56,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,26522,1,59314,80,0,0,0x208000,tcp,alert,\"lsiu.info/evo/count.php?o=5\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:bZl1JgwyPgfsbSrD+z8I/hpbdc4=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26522", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "lsiu.info/evo/count.php?o=5", + "panw.panos.url.category": "not-resolved", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59314, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "lsiu.info/evo/count.php?o=5" + }, + { + "@timestamp": "2012-04-10T04:39:57.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59315, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 1223, + "log.original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,THREAT,url,1,2012/04/10 04:39:57,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25112,1,59315,80,0,0,0x208000,tcp,alert,\"lsiu.info/evo/count.php?o=7\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:ghLw4NDj0JmAhH9lVtlhdQpqEQ0=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25112", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "lsiu.info/evo/count.php?o=7", + "panw.panos.url.category": "not-resolved", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59315, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "lsiu.info/evo/count.php?o=7" + }, + { + "@timestamp": "2012-04-10T04:39:57.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59316, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 1633, + "log.original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,THREAT,url,1,2012/04/10 04:39:57,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25179,1,59316,80,0,0,0x208000,tcp,alert,\"lsiu.info/evo/exploits/x18.php?o=2&t=1241403746&i=1365814122\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:aiB5YppFUGX0pM/1Xtp3qOSFXJw=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25179", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "lsiu.info/evo/exploits/x18.php?o=2&t=1241403746&i=1365814122", + "panw.panos.url.category": "not-resolved", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59316, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "lsiu.info/evo/exploits/x18.php?o=2&t=1241403746&i=1365814122" + }, + { + "@timestamp": "2012-04-10T04:39:57.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59317, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 2076, + "log.original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,THREAT,url,1,2012/04/10 04:39:57,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25848,1,59317,80,0,0,0x208000,tcp,alert,\"lsiu.info/evo/exploits/x19.php?o=2&t=1241403746&i=1365814122\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:GOqfpUTezPkpm6axBI22kY90kU4=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25848", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "lsiu.info/evo/exploits/x19.php?o=2&t=1241403746&i=1365814122", + "panw.panos.url.category": "not-resolved", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59317, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "lsiu.info/evo/exploits/x19.php?o=2&t=1241403746&i=1365814122" + }, + { + "@timestamp": "2012-04-10T04:39:54.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59302, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 2519, + "log.original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,THREAT,url,1,2012/04/10 04:39:54,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,24910,1,59302,80,0,0,0x208000,tcp,alert,\"liteautobestguide.cn/load.php\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:22ouAyA1O0KgUQOEKP20E7gNa2U=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24910", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "liteautobestguide.cn/load.php", + "panw.panos.url.category": "not-resolved", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59302, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "liteautobestguide.cn/load.php" + }, + { + "@timestamp": "2012-04-10T04:39:54.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59301, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 2931, + "log.original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,THREAT,url,1,2012/04/10 04:39:54,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,26862,1,59301,80,0,0,0x208000,tcp,alert,\"liteautobestguide.cn/index.php\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:phQpgsVhj3YxNYzeNkqdzDgcMCg=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26862", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "liteautobestguide.cn/index.php", + "panw.panos.url.category": "not-resolved", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59301, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "liteautobestguide.cn/index.php" + }, + { + "@timestamp": "2012-04-10T04:39:55.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59303, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 3344, + "log.original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,THREAT,url,1,2012/04/10 04:39:55,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,22860,1,59303,80,0,0,0x208000,tcp,alert,\"litetopdetect.cn/index.php\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:6kV576B7jMsBLC62npA6Dgi/zMI=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "22860", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "litetopdetect.cn/index.php", + "panw.panos.url.category": "not-resolved", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59303, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "litetopdetect.cn/index.php" + }, + { + "@timestamp": "2012-04-10T04:39:55.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59304, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 3753, + "log.original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,THREAT,url,1,2012/04/10 04:39:55,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,26360,1,59304,80,0,0,0x208000,tcp,alert,\"lkmpmlm.com/fff9999.php?aid=0&uid=6cbbc5081e7548e276611ff5059df6ed30c8f8f1&os=513\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:h+XKHvMK2Oz7QQvaJdhsJWE2c9E=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26360", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "lkmpmlm.com/fff9999.php?aid=0&uid=6cbbc5081e7548e276611ff5059df6ed30c8f8f1&os=513", + "panw.panos.url.category": "not-resolved", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59304, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "lkmpmlm.com/fff9999.php?aid=0&uid=6cbbc5081e7548e276611ff5059df6ed30c8f8f1&os=513" + }, + { + "@timestamp": "2012-04-10T04:39:52.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59297, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 4217, + "log.original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,THREAT,url,1,2012/04/10 04:39:52,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:54,25543,1,59297,80,0,0,0x208000,tcp,alert,\"girlteenxxxfreemov.com/\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:Sa+u435/AIAAeEelFduJmiGLOv0=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25543", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "girlteenxxxfreemov.com/", + "panw.panos.url.category": "not-resolved", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59297, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "girlteenxxxfreemov.com/" + }, + { + "@timestamp": "2012-04-10T04:39:53.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59299, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 4623, + "log.original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,THREAT,url,1,2012/04/10 04:39:53,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,25437,1,59299,80,0,0,0x208000,tcp,alert,\"imagesrepository.com/resolution.php\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:C9009xCOuCuGvMPT4caMCizoYr0=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25437", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "imagesrepository.com/resolution.php", + "panw.panos.url.category": "not-resolved", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59299, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "imagesrepository.com/resolution.php" + }, + { + "@timestamp": "2012-04-10T04:39:53.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59298, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 5041, + "log.original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,THREAT,url,1,2012/04/10 04:39:53,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,26338,1,59298,80,0,0,0x208000,tcp,alert,\"hottestfiles.com/search/search.php?q=xxx\",(9999),search-engines,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:BG6Rk6e+H9jRcZHXqRPFG4iA3uU=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26338", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "hottestfiles.com/search/search.php?q=xxx", + "panw.panos.url.category": "search-engines", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59298, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "hottestfiles.com/search/search.php?q=xxx" + }, + { + "@timestamp": "2012-04-10T04:39:54.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59300, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 5466, + "log.original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,THREAT,url,1,2012/04/10 04:39:54,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,25713,1,59300,80,0,0,0x200000,tcp,block-url,\"infodist1.com/in.cgi?11¶meter=404\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "network.application": "web-browsing", + "network.community_id": "1:YDMNSbru670DK5EMT3E28WFJPz4=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25713", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "infodist1.com/in.cgi?11¶meter=404", + "panw.panos.url.category": "malware-sites", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59300, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "infodist1.com/in.cgi?11¶meter=404" + }, + { + "@timestamp": "2012-04-10T04:39:51.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59295, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 5882, + "log.original": "Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,THREAT,url,1,2012/04/10 04:39:51,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,25451,1,59295,80,0,0,0x208000,tcp,alert,\"cls-softwares.com/suc.php\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:AEtFqIuwxZ9TQ3w9m74nOrboCXE=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25451", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "cls-softwares.com/suc.php", + "panw.panos.url.category": "not-resolved", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59295, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "cls-softwares.com/suc.php" + }, + { + "@timestamp": "2012-04-10T04:39:51.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59291, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 6290, + "log.original": "Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,THREAT,url,1,2012/04/10 04:39:51,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,26414,1,59291,80,0,0,0x208000,tcp,alert,\"cls-softwares.com/softwarefortubeview.40013.exe\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:AuQEAPptnfXLW8oL/ac3CM4Gnnw=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26414", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "cls-softwares.com/softwarefortubeview.40013.exe", + "panw.panos.url.category": "not-resolved", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59291, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "cls-softwares.com/softwarefortubeview.40013.exe" + }, + { + "@timestamp": "2012-04-10T04:39:52.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59296, + "client.user.name": "crusher", + "destination.address": "78.159.99.224", + "destination.as.number": 28753, + "destination.as.organization.name": "Leaseweb Deutschland GmbH", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "DE", + "destination.geo.location.lat": 51.2993, + "destination.geo.location.lon": 9.491, + "destination.geo.name": "Germany", + "destination.ip": "78.159.99.224", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 6720, + "log.original": "Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,THREAT,url,1,2012/04/10 04:39:52,192.168.0.2,78.159.99.224,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,26927,1,59296,80,0,0,0x200000,tcp,block-url,\"findmorepill.com/klik/search.php?q=xxx\",(9999),online-gambling,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Germany,0,", + "network.application": "web-browsing", + "network.community_id": "1:v73LbTZDPLO+1dzNRixeZAmolJ0=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26927", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "findmorepill.com/klik/search.php?q=xxx", + "panw.panos.url.category": "online-gambling", + "related.ip": [ + "192.168.0.2", + "78.159.99.224", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "78.159.99.224", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59296, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "findmorepill.com/klik/search.php?q=xxx" + }, + { + "@timestamp": "2012-04-10T04:39:48.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59280, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 7132, + "log.original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,THREAT,url,1,2012/04/10 04:39:48,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:51,26127,1,59280,80,0,0,0x208000,tcp,alert,\"allowedwebsurfing.com/\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:IRI0j5xLyLhwaONpy7gVZdl/Qow=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26127", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "allowedwebsurfing.com/", + "panw.panos.url.category": "not-resolved", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59280, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "allowedwebsurfing.com/" + }, + { + "@timestamp": "2012-04-10T04:39:49.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59281, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 7537, + "log.original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,THREAT,url,1,2012/04/10 04:39:49,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:51,25306,1,59281,80,0,0,0x208000,tcp,alert,\"antivirus-remote.com/\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:/tG+YfZ8qFKrUDfQ7EThCBXci9Y=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25306", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "antivirus-remote.com/", + "panw.panos.url.category": "not-resolved", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59281, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "antivirus-remote.com/" + }, + { + "@timestamp": "2012-04-10T04:39:49.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59282, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 7941, + "log.original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,THREAT,url,1,2012/04/10 04:39:49,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:52,24561,1,59282,80,0,0,0x208000,tcp,alert,\"bklinkov.ru/hi/start.cfg\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:Vfi4CxQayypb3DoxclNfeNjXdjo=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24561", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "bklinkov.ru/hi/start.cfg", + "panw.panos.url.category": "not-resolved", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59282, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "bklinkov.ru/hi/start.cfg" + }, + { + "@timestamp": "2012-04-10T04:39:50.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59290, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 8348, + "log.original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,THREAT,url,1,2012/04/10 04:39:50,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:52,15099,1,59290,80,0,0,0x208000,tcp,alert,\"blogsexnakedgirlxxx.com/\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:2UbFMV1DsXMB0b/AUotNCCsHm0s=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "15099", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "blogsexnakedgirlxxx.com/", + "panw.panos.url.category": "not-resolved", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59290, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "blogsexnakedgirlxxx.com/" + }, + { + "@timestamp": "2012-04-10T04:39:50.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59286, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 8755, + "log.original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,THREAT,url,1,2012/04/10 04:39:50,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:52,24955,1,59286,80,0,0,0x208000,tcp,alert,\"bklinkov.ru/hi/start.exe\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:M8DHGZjrHyuCRpC9MNNfDUke5g4=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24955", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "bklinkov.ru/hi/start.exe", + "panw.panos.url.category": "not-resolved", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59286, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "bklinkov.ru/hi/start.exe" + }, + { + "@timestamp": "2012-04-10T04:39:47.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59275, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 9162, + "log.original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,THREAT,url,1,2012/04/10 04:39:47,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:49,25398,1,59275,80,0,0,0x208000,tcp,alert,\"-/\",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:AVMiOufq2owuhWpcu/TfRJ38tv4=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25398", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "-/", + "panw.panos.url.category": "private-ip-addresses", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59275, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "-/" + }, + { + "@timestamp": "2012-04-10T04:39:47.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59277, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 9555, + "log.original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,THREAT,url,1,2012/04/10 04:39:47,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:49,25945,1,59277,80,0,0,0x208000,tcp,alert,\"-/\",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:/+Opb16c1ye6uLeu1/TNC+SGnYs=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25945", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "-/", + "panw.panos.url.category": "private-ip-addresses", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59277, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "-/" + }, + { + "@timestamp": "2012-04-10T04:39:47.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59276, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 9948, + "log.original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,THREAT,url,1,2012/04/10 04:39:47,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:49,27111,1,59276,80,0,0,0x208000,tcp,alert,\"-/\",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:uslltTePy/m8Gxhk/MgPbZfk6Rg=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "27111", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "-/", + "panw.panos.url.category": "private-ip-addresses", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59276, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "-/" + }, + { + "@timestamp": "2012-04-10T04:39:48.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59278, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 10341, + "log.original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,THREAT,url,1,2012/04/10 04:39:48,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,25871,1,59278,80,0,0,0x208000,tcp,alert,\"-/\",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:WiUImNtgjkeNDi1Qigg7+Y6pDAg=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25871", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "-/", + "panw.panos.url.category": "private-ip-addresses", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59278, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "-/" + }, + { + "@timestamp": "2012-04-10T04:39:48.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59279, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 10734, + "log.original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,THREAT,url,1,2012/04/10 04:39:48,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,26251,1,59279,80,0,0,0x208000,tcp,alert,\"-/\",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:FmIwID3HJ4Q0574SjlhMHApz/Hs=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26251", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "-/", + "panw.panos.url.category": "private-ip-addresses", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59279, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "-/" + }, + { + "@timestamp": "2012-04-10T04:39:45.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59271, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 11127, + "log.original": "Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,THREAT,url,1,2012/04/10 04:39:45,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:47,24816,1,59271,80,0,0,0x208000,tcp,alert,\"-/\",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:6AuZBrHKsUJjLNgm/mJ5QToaPo8=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24816", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "-/", + "panw.panos.url.category": "private-ip-addresses", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59271, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "-/" + }, + { + "@timestamp": "2012-04-10T04:39:45.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59269, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 11520, + "log.original": "Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,THREAT,url,1,2012/04/10 04:39:45,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:47,25062,1,59269,80,0,0,0x208000,tcp,alert,\"-/\",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:NwAT+gtzMjRwKS71Tn+YaKwyOvI=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25062", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "-/", + "panw.panos.url.category": "private-ip-addresses", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59269, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "-/" + }, + { + "@timestamp": "2012-04-10T04:39:45.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59270, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 11913, + "log.original": "Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,THREAT,url,1,2012/04/10 04:39:45,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:47,26266,1,59270,80,0,0,0x208000,tcp,alert,\"-/\",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:mTTbk9h6Dgx6lH3l4aEHguufZVE=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26266", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "-/", + "panw.panos.url.category": "private-ip-addresses", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59270, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "-/" + }, + { + "@timestamp": "2012-04-10T04:39:46.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59274, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 12306, + "log.original": "Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,THREAT,url,1,2012/04/10 04:39:46,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:48,23898,1,59274,80,0,0,0x208000,tcp,alert,\"-/\",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:/0xM0KlMLwieymkDApfqS3/WWiQ=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23898", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "-/", + "panw.panos.url.category": "private-ip-addresses", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59274, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "-/" + }, + { + "@timestamp": "2012-04-10T04:39:46.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59273, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 12699, + "log.original": "Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,THREAT,url,1,2012/04/10 04:39:46,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:48,25259,1,59273,80,0,0,0x208000,tcp,alert,\"-/\",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:VLKKVfau50s2qjTDcucU+VKCAqY=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25259", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "-/", + "panw.panos.url.category": "private-ip-addresses", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59273, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "-/" + }, + { + "@timestamp": "2012-04-10T04:39:46.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59272, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "labels.container_page": true, + "log.level": "informational", + "log.offset": 13092, + "log.original": "Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,THREAT,url,1,2012/04/10 04:39:46,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:48,26466,1,59272,80,0,0,0x208000,tcp,alert,\"-/\",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", + "network.application": "web-browsing", + "network.community_id": "1:jAvA0C85T0GFKryKA312lLEtKIM=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26466", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "-/", + "panw.panos.url.category": "private-ip-addresses", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59272, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "-/" + }, + { + "@timestamp": "2012-04-10T04:39:43.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59261, + "client.user.name": "crusher", + "destination.address": "69.43.161.167", + "destination.as.number": 22489, + "destination.as.organization.name": "Castle Access Inc", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "69.43.161.167", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 13485, + "log.original": "Oct 30 09:46:47 1,2012/10/30 09:46:47,01606001116,THREAT,url,1,2012/04/10 04:39:43,192.168.0.2,69.43.161.167,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:44,4086,1,59261,80,0,0,0x200000,tcp,block-url,\"wantfinest.com/tds/in.cgi?default\",(9999),unknown,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "network.application": "web-browsing", + "network.community_id": "1:Jqiwb/u74kolY3Y1yGkp+oMAxT4=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "4086", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "wantfinest.com/tds/in.cgi?default", + "panw.panos.url.category": "unknown", + "related.ip": [ + "192.168.0.2", + "69.43.161.167", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "69.43.161.167", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59261, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "wantfinest.com/tds/in.cgi?default" + }, + { + "@timestamp": "2012-04-10T04:39:38.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59248, + "client.user.name": "crusher", + "destination.address": "202.31.187.154", + "destination.as.number": 17848, + "destination.as.organization.name": "INAMES", + "destination.geo.continent_name": "Asia", + "destination.geo.country_iso_code": "KR", + "destination.geo.location.lat": 37.5112, + "destination.geo.location.lon": 126.9741, + "destination.geo.name": "Korea Republic Of", + "destination.ip": "202.31.187.154", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 13889, + "log.original": "Oct 30 09:47:02 1,2012/10/30 09:47:02,01606001116,THREAT,url,1,2012/04/10 04:39:38,192.168.0.2,202.31.187.154,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:39,26534,1,59248,80,0,0,0x200000,tcp,block-url,\"sameshitasiteverwas.com/traf/tds/in.cgi?2\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Korea Republic Of,0,", + "network.application": "web-browsing", + "network.community_id": "1:q84mXt2kLt843wk0Y5vtvJwq+bc=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26534", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "sameshitasiteverwas.com/traf/tds/in.cgi?2", + "panw.panos.url.category": "malware-sites", + "related.ip": [ + "192.168.0.2", + "202.31.187.154", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "202.31.187.154", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59248, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "sameshitasiteverwas.com/traf/tds/in.cgi?2" + }, + { + "@timestamp": "2012-04-10T04:39:39.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59251, + "client.user.name": "crusher", + "destination.address": "89.111.176.67", + "destination.as.number": 41126, + "destination.as.organization.name": "CJSC Registrar R01", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "RU", + "destination.geo.location.lat": 55.7386, + "destination.geo.location.lon": 37.6068, + "destination.geo.name": "Russian Federation", + "destination.ip": "89.111.176.67", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 14313, + "log.original": "Oct 30 09:47:02 1,2012/10/30 09:47:02,01606001116,THREAT,url,1,2012/04/10 04:39:39,192.168.0.2,89.111.176.67,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:40,26965,1,59251,80,0,0,0x200000,tcp,block-url,\"svarkon.ru/update.exe\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Russian Federation,0,", + "network.application": "web-browsing", + "network.community_id": "1:1jDSU+BTdTOAQSrWGRbSjxehwNg=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26965", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "svarkon.ru/update.exe", + "panw.panos.url.category": "malware-sites", + "related.ip": [ + "192.168.0.2", + "89.111.176.67", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "89.111.176.67", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59251, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "svarkon.ru/update.exe" + }, + { + "@timestamp": "2012-04-10T04:39:36.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59244, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 14717, + "log.original": "Oct 30 09:47:12 1,2012/10/30 09:47:12,01606001116,THREAT,url,1,2012/04/10 04:39:36,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:37,26076,1,59244,80,0,0,0x200000,tcp,block-url,\"onlinescanxpp.com/land/eurl/1.php?code=\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "network.application": "web-browsing", + "network.community_id": "1:vGp9HpobYZmzzLGyDAG6oVAe4dg=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26076", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "onlinescanxpp.com/land/eurl/1.php?code=", + "panw.panos.url.category": "malware-sites", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59244, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "onlinescanxpp.com/land/eurl/1.php?code=" + }, + { + "@timestamp": "2012-04-10T04:39:34.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59237, + "client.user.name": "crusher", + "destination.address": "208.73.210.29", + "destination.as.number": 40034, + "destination.as.organization.name": "Confluence Networks Inc", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "208.73.210.29", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 15135, + "log.original": "Oct 30 09:47:17 1,2012/10/30 09:47:17,01606001116,THREAT,url,1,2012/04/10 04:39:34,192.168.0.2,208.73.210.29,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:35,26198,1,59237,80,0,0,0x200000,tcp,block-url,\"nolagtime.com/conn/?JKV_1RWbUUdIfRUWUaITfdIfbREdYEYdfTTRI-6XBB_1WQR-6GF5_1AU-6LC6_1Y-gW-gEUQQ-gE-tsDF6K5D_rpX51_rR-t-66FC_1Q_fQ_fQ_fQ_fQ_fQ_fQ_fQ-62BG_1Q-672V_1YOR-6N8J_1Q-6252_1WQRR-69LV_1-65GZ_1W-6\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "network.application": "web-browsing", + "network.community_id": "1:8JiI5Ka3Oyz6yaLm3xObTqAo/Jw=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26198", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "nolagtime.com/conn/?JKV_1RWbUUdIfRUWUaITfdIfbREdYEYdfTTRI-6XBB_1WQR-6GF5_1AU-6LC6_1Y-gW-gEUQQ-gE-tsDF6K5D_rpX51_rR-t-66FC_1Q_fQ_fQ_fQ_fQ_fQ_fQ_fQ-62BG_1Q-672V_1YOR-6N8J_1Q-6252_1WQRR-69LV_1-65GZ_1W-6", + "panw.panos.url.category": "malware-sites", + "related.ip": [ + "192.168.0.2", + "208.73.210.29", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "208.73.210.29", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59237, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "nolagtime.com/conn/?JKV_1RWbUUdIfRUWUaITfdIfbREdYEYdfTTRI-6XBB_1WQR-6GF5_1AU-6LC6_1Y-gW-gEUQQ-gE-tsDF6K5D_rpX51_rR-t-66FC_1Q_fQ_fQ_fQ_fQ_fQ_fQ_fQ-62BG_1Q-672V_1YOR-6N8J_1Q-6252_1WQRR-69LV_1-65GZ_1W-6" + }, + { + "@timestamp": "2012-04-10T04:39:35.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59238, + "client.user.name": "crusher", + "destination.address": "208.73.210.29", + "destination.as.number": 40034, + "destination.as.organization.name": "Confluence Networks Inc", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "208.73.210.29", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 15712, + "log.original": "Oct 30 09:47:17 1,2012/10/30 09:47:17,01606001116,THREAT,url,1,2012/04/10 04:39:35,192.168.0.2,208.73.210.29,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:36,26056,1,59238,80,0,0,0x200000,tcp,block-url,\"nolagtime.com/gwc.txt\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "network.application": "web-browsing", + "network.community_id": "1:lOdKYo+aMIHRMMJPawuXy8Bk2I0=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26056", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "nolagtime.com/gwc.txt", + "panw.panos.url.category": "malware-sites", + "related.ip": [ + "192.168.0.2", + "208.73.210.29", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "208.73.210.29", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59238, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "nolagtime.com/gwc.txt" + }, + { + "@timestamp": "2012-04-10T04:38:19.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59010, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 16111, + "log.original": "Oct 30 09:51:03 1,2012/10/30 09:51:03,01606001116,THREAT,url,1,2012/04/10 04:38:19,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:38:20,25465,1,59010,80,0,0,0x200000,tcp,block-url,\"karavan.us/bon/index.php\",(9999),unknown,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "network.application": "web-browsing", + "network.community_id": "1:rDRkkTH2aHta89i52OraqG5WcDI=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25465", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "karavan.us/bon/index.php", + "panw.panos.url.category": "unknown", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59010, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "karavan.us/bon/index.php" + }, + { + "@timestamp": "2012-04-10T04:38:14.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 58969, + "client.user.name": "crusher", + "destination.address": "208.73.210.29", + "destination.as.number": 40034, + "destination.as.organization.name": "Confluence Networks Inc", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "208.73.210.29", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 16508, + "log.original": "Oct 30 09:51:23 1,2012/10/30 09:51:23,01606001116,THREAT,url,1,2012/04/10 04:38:14,192.168.0.2,208.73.210.29,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:38:15,24316,1,58969,80,0,0,0x200000,tcp,block-url,\"findnolimits.com/go.php?sid=1\",(9999),dead-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "network.application": "web-browsing", + "network.community_id": "1:00fHGTkjtblnJQ9P4Wiw9QuDEpI=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24316", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "findnolimits.com/go.php?sid=1", + "panw.panos.url.category": "dead-sites", + "related.ip": [ + "192.168.0.2", + "208.73.210.29", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "208.73.210.29", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 58969, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "findnolimits.com/go.php?sid=1" + }, + { + "@timestamp": "2012-04-10T04:38:12.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 58941, + "client.user.name": "crusher", + "destination.address": "89.108.64.156", + "destination.as.number": 197695, + "destination.as.organization.name": "Domain names registrar REG.RU, Ltd", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "RU", + "destination.geo.location.lat": 55.7386, + "destination.geo.location.lon": 37.6068, + "destination.geo.name": "Russian Federation", + "destination.ip": "89.108.64.156", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 16912, + "log.original": "Oct 30 09:51:33 1,2012/10/30 09:51:33,01606001116,THREAT,url,1,2012/04/10 04:38:12,192.168.0.2,89.108.64.156,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:38:13,17258,1,58941,80,0,0,0x200000,tcp,block-url,\"bizoplata.ru/moun.html\",(9999),parked-domains,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Russian Federation,0,", + "network.application": "web-browsing", + "network.community_id": "1:sQ6YL9T0OZftMg71BK+1IHpXIRM=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "17258", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "bizoplata.ru/moun.html", + "panw.panos.url.category": "parked-domains", + "related.ip": [ + "192.168.0.2", + "89.108.64.156", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "89.108.64.156", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 58941, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "bizoplata.ru/moun.html" + }, + { + "@timestamp": "2012-04-10T04:38:12.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 58942, + "client.user.name": "crusher", + "destination.address": "89.108.64.156", + "destination.as.number": 197695, + "destination.as.organization.name": "Domain names registrar REG.RU, Ltd", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "RU", + "destination.geo.location.lat": 55.7386, + "destination.geo.location.lon": 37.6068, + "destination.geo.name": "Russian Federation", + "destination.ip": "89.108.64.156", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 17318, + "log.original": "Oct 30 09:51:33 1,2012/10/30 09:51:33,01606001116,THREAT,url,1,2012/04/10 04:38:12,192.168.0.2,89.108.64.156,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:38:13,24735,1,58942,80,0,0,0x200000,tcp,block-url,\"bizoplata.ru/palast.html\",(9999),parked-domains,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Russian Federation,0,", + "network.application": "web-browsing", + "network.community_id": "1:a3rlKRtYt43mps+uHBznJUtG3Qg=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24735", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "bizoplata.ru/palast.html", + "panw.panos.url.category": "parked-domains", + "related.ip": [ + "192.168.0.2", + "89.108.64.156", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "89.108.64.156", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 58942, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "bizoplata.ru/palast.html" + }, + { + "@timestamp": "2012-04-10T04:37:28.000-02:00", + "client.ip": "204.232.231.46", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 58849, + "destination.user.name": "crusher", + "event.action": "spyware_detected", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 1, + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "critical", + "log.offset": 17726, + "log.original": "Oct 30 09:53:33 1,2012/10/30 09:53:33,01606001116,THREAT,spyware,1,2012/04/10 04:37:28,204.232.231.46,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:37:33,23497,1,80,58849,0,0,0x200000,tcp,drop-all-packets,\"controller.php\",Bredolab.Gen Command and Control Traffic(13024),any,critical,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "web-browsing", + "network.community_id": "1:gfZAOGdC3xAoPZCFZCwHJJ7Iin4=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "drop-all-packets", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "23497", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "13024", + "panw.panos.threat.name": "Bredolab.Gen Command and Control Traffic", + "panw.panos.threat.resource": "controller.php", + "panw.panos.url.category": "any", + "related.ip": [ + "204.232.231.46", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 58849, + "server.user.name": "crusher", + "service.type": "panw", + "source.address": "204.232.231.46", + "source.as.number": 27357, + "source.as.organization.name": "Rackspace Hosting", + "source.geo.city_name": "Fort Lauderdale", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 26.1792, + "source.geo.location.lon": -80.1749, + "source.geo.name": "United States", + "source.geo.region_iso_code": "US-FL", + "source.geo.region_name": "Florida", + "source.ip": "204.232.231.46", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "controller.php" + }, + { + "@timestamp": "2012-04-10T04:37:32.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 58856, + "client.user.name": "crusher", + "destination.address": "216.8.179.25", + "destination.as.number": 13727, + "destination.as.organization.name": "NEXT DIMENSION INC", + "destination.geo.city_name": "Kitchener", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "CA", + "destination.geo.location.lat": 43.4419, + "destination.geo.location.lon": -80.4216, + "destination.geo.name": "Canada", + "destination.geo.region_iso_code": "CA-ON", + "destination.geo.region_name": "Ontario", + "destination.ip": "216.8.179.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 18156, + "log.original": "Oct 30 09:53:38 1,2012/10/30 09:53:38,01606001116,THREAT,url,1,2012/04/10 04:37:32,192.168.0.2,216.8.179.25,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:37:32,23711,1,58856,80,0,0,0x200000,tcp,block-url,\"www.15min.it/\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Canada,0,", + "network.application": "web-browsing", + "network.community_id": "1:VeoAydUSFUdh8ZddIqbsMY32sBU=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23711", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "www.15min.it/", + "panw.panos.url.category": "malware-sites", + "related.ip": [ + "192.168.0.2", + "216.8.179.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "216.8.179.25", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 58856, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "www.15min.it/" + }, + { + "@timestamp": "2012-04-10T04:37:27.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 58847, + "client.user.name": "crusher", + "destination.address": "69.43.161.154", + "destination.as.number": 22489, + "destination.as.organization.name": "Castle Access Inc", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "69.43.161.154", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 18539, + "log.original": "Oct 30 09:53:48 1,2012/10/30 09:53:48,01606001116,THREAT,url,1,2012/04/10 04:37:27,192.168.0.2,69.43.161.154,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:37:27,23659,1,58847,80,0,0,0x200000,tcp,block-url,\"tubemov.com/\",(9999),adult-and-pornography,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "network.application": "web-browsing", + "network.community_id": "1:ZsFVG8FJVifp8WmzI9Zj/lo+dB4=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23659", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "tubemov.com/", + "panw.panos.url.category": "adult-and-pornography", + "related.ip": [ + "192.168.0.2", + "69.43.161.154", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "69.43.161.154", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 58847, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "tubemov.com/" + }, + { + "@timestamp": "2012-04-10T04:37:25.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 58841, + "client.user.name": "crusher", + "destination.address": "208.91.196.252", + "destination.as.number": 40034, + "destination.as.organization.name": "Confluence Networks Inc", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "VG", + "destination.geo.location.lat": 18.5, + "destination.geo.location.lon": -64.5, + "destination.geo.name": "Virgin Islands British", + "destination.ip": "208.91.196.252", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 18937, + "log.original": "Oct 30 09:53:58 1,2012/10/30 09:53:58,01606001116,THREAT,url,1,2012/04/10 04:37:25,192.168.0.2,208.91.196.252,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:37:25,23782,1,58841,80,0,0,0x200000,tcp,block-url,\"pagesinxt.com/?dn=teenstube.us&flrdr=yes&nxte=js\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Virgin Islands British,0,", + "network.application": "web-browsing", + "network.community_id": "1:NAfQ33YdKJSvbcxpFK8HIhI39lk=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23782", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "pagesinxt.com/?dn=teenstube.us&flrdr=yes&nxte=js", + "panw.panos.url.category": "malware-sites", + "related.ip": [ + "192.168.0.2", + "208.91.196.252", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "208.91.196.252", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 58841, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "pagesinxt.com/?dn=teenstube.us&flrdr=yes&nxte=js" + }, + { + "@timestamp": "2012-04-10T04:37:05.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 58795, + "client.user.name": "crusher", + "destination.address": "208.73.210.29", + "destination.as.number": 40034, + "destination.as.organization.name": "Confluence Networks Inc", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "208.73.210.29", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 19373, + "log.original": "Oct 30 09:55:23 1,2012/10/30 09:55:23,01606001116,THREAT,url,1,2012/04/10 04:37:05,192.168.0.2,208.73.210.29,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:37:06,23239,1,58795,80,0,0,0x200000,tcp,block-url,\"movfree.com/\",(9999),spyware-and-adware,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "network.application": "web-browsing", + "network.community_id": "1:AMcTUl91PN0z8TJr2QwdEOP+Fmo=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23239", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "movfree.com/", + "panw.panos.url.category": "spyware-and-adware", + "related.ip": [ + "192.168.0.2", + "208.73.210.29", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "208.73.210.29", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 58795, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "movfree.com/" + }, + { + "@timestamp": "2012-04-10T04:36:51.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 58753, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 19768, + "log.original": "Oct 30 09:56:23 1,2012/10/30 09:56:23,01606001116,THREAT,url,1,2012/04/10 04:36:51,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:36:52,22479,1,58753,80,0,0,0x200000,tcp,block-url,\"gometascan.com/\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "network.application": "web-browsing", + "network.community_id": "1:7Tdwe73AJMSdJL4hxpQDyl5Lwn4=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "22479", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "gometascan.com/", + "panw.panos.url.category": "malware-sites", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 58753, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "gometascan.com/" + }, + { + "@timestamp": "2012-04-10T04:36:39.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 58708, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 20162, + "log.original": "Oct 30 09:57:33 1,2012/10/30 09:57:33,01606001116,THREAT,url,1,2012/04/10 04:36:39,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:36:40,21458,1,58708,80,0,0,0x200000,tcp,block-url,\"antivirus-powerful-scannerv2.com/download/Install_11-1.exe\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "network.application": "web-browsing", + "network.community_id": "1:q7ERSuCoAPSiI8xLXZCI+1M9B8I=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "21458", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "antivirus-powerful-scannerv2.com/download/Install_11-1.exe", + "panw.panos.url.category": "malware-sites", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 58708, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "antivirus-powerful-scannerv2.com/download/Install_11-1.exe" + }, + { + "@timestamp": "2012-04-10T04:36:38.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 58707, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 20599, + "log.original": "Oct 30 09:57:38 1,2012/10/30 09:57:38,01606001116,THREAT,url,1,2012/04/10 04:36:38,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:36:39,21577,1,58707,80,0,0,0x200000,tcp,block-url,\"antivirus-powerful-scannerv2.com/1/?id=11-1&back==TQzyDTyMUQNMI=N\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "network.application": "web-browsing", + "network.community_id": "1:AsPpOgQhhKdBtPhY4zahdBuNcTc=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "21577", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "antivirus-powerful-scannerv2.com/1/?id=11-1&back==TQzyDTyMUQNMI=N", + "panw.panos.url.category": "malware-sites", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 58707, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "antivirus-powerful-scannerv2.com/1/?id=11-1&back==TQzyDTyMUQNMI=N" + }, + { + "@timestamp": "2012-04-10T04:36:27.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 58603, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 21043, + "log.original": "Mar 25 23:58:52 1,2013/03/25 23:58:52,1606001116,THREAT,url,1,2012/04/10 04:36:27,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:36:28,21487,1,58603,80,0,0,0x200000,tcp,block-url,\"basdzsdas.com/poker/config.bin\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "network.application": "web-browsing", + "network.community_id": "1:Inta5pHrKZ+nIMo9QJjgmv1raGE=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "1606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "21487", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "basdzsdas.com/poker/config.bin", + "panw.panos.url.category": "malware-sites", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 58603, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "basdzsdas.com/poker/config.bin" + }, + { + "@timestamp": "2012-04-10T04:36:27.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 58603, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 21451, + "log.original": "Mar 25 23:58:52 1,2013/03/25 23:58:52,1606001116,THREAT,url,1,2012/04/10 04:36:27,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:36:28,21487,1,58603,80,0,0,0x200000,tcp,block-url,\"basdzsdas.com/poker/config.bin\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "network.application": "web-browsing", + "network.community_id": "1:Inta5pHrKZ+nIMo9QJjgmv1raGE=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "1606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "21487", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "basdzsdas.com/poker/config.bin", + "panw.panos.url.category": "malware-sites", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 58603, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "basdzsdas.com/poker/config.bin" + }, + { + "@timestamp": "2012-04-10T04:19:59.000-02:00", + "client.ip": "173.236.179.57", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 54431, + "destination.user.name": "crusher", + "event.action": "file_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 4, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "low", + "log.offset": 21859, + "log.original": "Mar 25 23:58:57 1,2013/03/25 23:58:57,1606001116,THREAT,file,1,2012/04/10 04:19:59,173.236.179.57,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:20:05,64856,1,80,54431,0,0,0x200000,tcp,deny,\"uLLGRaXP.exe\",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "web-browsing", + "network.community_id": "1:to6WA2KM9vqO74DfMPJ8+v0cKPs=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "1606001116", + "panw.panos.action": "deny", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "64856", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "52020", + "panw.panos.threat.name": "Windows Executable (EXE)", + "panw.panos.threat.resource": "uLLGRaXP.exe", + "panw.panos.url.category": "any", + "related.ip": [ + "173.236.179.57", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 54431, + "server.user.name": "crusher", + "service.type": "panw", + "source.address": "173.236.179.57", + "source.as.number": 26347, + "source.as.organization.name": "New Dream Network, LLC", + "source.geo.city_name": "Brea", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 33.9339, + "source.geo.location.lon": -117.8854, + "source.geo.name": "United States", + "source.geo.region_iso_code": "US-CA", + "source.geo.region_name": "California", + "source.ip": "173.236.179.57", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "uLLGRaXP.exe" + }, + { + "@timestamp": "2012-04-10T04:36:27.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 58603, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 22250, + "log.original": "Mar 25 23:58:57 1,2013/03/25 23:58:57,1606001116,THREAT,url,1,2012/04/10 04:36:27,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:36:28,21487,1,58603,80,0,0,0x200000,tcp,block-url,\"basdzsdas.com/poker/config.bin\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "network.application": "web-browsing", + "network.community_id": "1:Inta5pHrKZ+nIMo9QJjgmv1raGE=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "1606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "21487", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "basdzsdas.com/poker/config.bin", + "panw.panos.url.category": "malware-sites", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 58603, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "basdzsdas.com/poker/config.bin" + }, + { + "@timestamp": "2012-04-10T04:51:29.000-02:00", + "client.ip": "91.209.163.202", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 61220, + "destination.user.name": "crusher", + "event.action": "file_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 4, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "low", + "log.offset": 22658, + "log.original": "Mar 25 23:59:07 1,2013/03/25 23:59:07,01606001116,THREAT,file,1,2012/04/10 04:51:29,91.209.163.202,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:51:34,37983,1,80,61220,0,0,0x200000,tcp,deny,\"FunkyEmoticons_setup.exe\",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,European Union,192.168.0.0-192.168.255.255,0,", + "network.application": "web-browsing", + "network.community_id": "1:dHpseryW+AZk/t5IUvlyhaLSGI0=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "deny", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "37983", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "52020", + "panw.panos.threat.name": "Windows Executable (EXE)", + "panw.panos.threat.resource": "FunkyEmoticons_setup.exe", + "panw.panos.url.category": "any", + "related.ip": [ + "91.209.163.202", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 61220, + "server.user.name": "crusher", + "service.type": "panw", + "source.address": "91.209.163.202", + "source.as.number": 9009, + "source.as.organization.name": "M247 Ltd", + "source.geo.city_name": "Montreal", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "CA", + "source.geo.location.lat": 45.4995, + "source.geo.location.lon": -73.5848, + "source.geo.name": "European Union", + "source.geo.region_iso_code": "CA-QC", + "source.geo.region_name": "Quebec", + "source.ip": "91.209.163.202", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "FunkyEmoticons_setup.exe" + }, + { + "@timestamp": "2012-04-10T04:54:33.000-02:00", + "client.ip": "122.226.169.183", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 61726, + "destination.user.name": "crusher", + "event.action": "file_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 4, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "low", + "log.offset": 23063, + "log.original": "Mar 25 23:59:07 1,2013/03/25 23:59:07,01606001116,THREAT,file,1,2012/04/10 04:54:33,122.226.169.183,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:54:38,41989,1,80,61726,0,0,0x200000,tcp,deny,\"52hxw.exe\",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,China,192.168.0.0-192.168.255.255,0,", + "network.application": "web-browsing", + "network.community_id": "1:lIp7rPLlF21gCwZ63WafZ2HbNKA=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "deny", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "41989", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "52020", + "panw.panos.threat.name": "Windows Executable (EXE)", + "panw.panos.threat.resource": "52hxw.exe", + "panw.panos.url.category": "any", + "related.ip": [ + "122.226.169.183", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 61726, + "server.user.name": "crusher", + "service.type": "panw", + "source.address": "122.226.169.183", + "source.as.number": 4134, + "source.as.organization.name": "No.31,Jin-rong Street", + "source.geo.continent_name": "Asia", + "source.geo.country_iso_code": "CN", + "source.geo.location.lat": 30.294, + "source.geo.location.lon": 120.1619, + "source.geo.name": "China", + "source.geo.region_iso_code": "CN-ZJ", + "source.geo.region_name": "Zhejiang", + "source.ip": "122.226.169.183", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "52hxw.exe" + }, + { + "@timestamp": "2012-04-10T05:01:00.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 63007, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 23445, + "log.original": "Mar 25 23:59:07 1,2013/03/25 23:59:07,01606001116,THREAT,url,1,2012/04/10 05:01:00,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 05:01:00,49238,1,63007,80,0,0,0x200000,tcp,block-url,\"softsellfast.com/test/config.bin\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "network.application": "web-browsing", + "network.community_id": "1:n39Q6RPkLwPiDU/pfHT7uRZGkXY=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "49238", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "softsellfast.com/test/config.bin", + "panw.panos.url.category": "malware-sites", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 63007, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "softsellfast.com/test/config.bin" + }, + { + "@timestamp": "2012-04-10T04:45:17.000-02:00", + "client.ip": "109.201.131.15", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 60212, + "destination.user.name": "crusher", + "event.action": "file_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 4, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "low", + "log.offset": 23856, + "log.original": "Mar 25 23:59:12 1,2013/03/25 23:59:12,01606001116,THREAT,file,1,2012/04/10 04:45:17,109.201.131.15,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:45:23,21592,1,80,60212,0,0,0x200000,tcp,deny,\"setup.exe\",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,Netherlands,192.168.0.0-192.168.255.255,0,", + "network.application": "web-browsing", + "network.community_id": "1:69YGwS9/vtp36Khj80nU/Q0TTfM=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "deny", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "21592", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "52020", + "panw.panos.threat.name": "Windows Executable (EXE)", + "panw.panos.threat.resource": "setup.exe", + "panw.panos.url.category": "any", + "related.ip": [ + "109.201.131.15", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 60212, + "server.user.name": "crusher", + "service.type": "panw", + "source.address": "109.201.131.15", + "source.as.number": 43350, + "source.as.organization.name": "NForce Entertainment B.V.", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "NL", + "source.geo.location.lat": 52.3824, + "source.geo.location.lon": 4.8995, + "source.geo.name": "Netherlands", + "source.ip": "109.201.131.15", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "setup.exe" + }, + { + "@timestamp": "2012-04-10T04:46:16.000-02:00", + "client.ip": "91.209.163.202", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 60392, + "destination.user.name": "crusher", + "event.action": "file_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 4, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "low", + "log.offset": 24243, + "log.original": "Mar 25 23:59:12 1,2013/03/25 23:59:12,01606001116,THREAT,file,1,2012/04/10 04:46:16,91.209.163.202,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:46:22,33760,1,80,60392,0,0,0x200000,tcp,deny,\"Live-Player_setup.exe\",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,European Union,192.168.0.0-192.168.255.255,0,", + "network.application": "web-browsing", + "network.community_id": "1:MKMWzixtfYaSoShU7T3wN6MLk5g=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "deny", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "33760", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "52020", + "panw.panos.threat.name": "Windows Executable (EXE)", + "panw.panos.threat.resource": "Live-Player_setup.exe", + "panw.panos.url.category": "any", + "related.ip": [ + "91.209.163.202", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 60392, + "server.user.name": "crusher", + "service.type": "panw", + "source.address": "91.209.163.202", + "source.as.number": 9009, + "source.as.organization.name": "M247 Ltd", + "source.geo.city_name": "Montreal", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "CA", + "source.geo.location.lat": 45.4995, + "source.geo.location.lon": -73.5848, + "source.geo.name": "European Union", + "source.geo.region_iso_code": "CA-QC", + "source.geo.region_name": "Quebec", + "source.ip": "91.209.163.202", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "Live-Player_setup.exe" + }, + { + "@timestamp": "2012-04-10T04:42:39.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59709, + "client.user.name": "crusher", + "destination.address": "213.180.199.61", + "destination.as.number": 13238, + "destination.as.organization.name": "YANDEX LLC", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "RU", + "destination.geo.location.lat": 55.7386, + "destination.geo.location.lon": 37.6068, + "destination.geo.name": "Russian Federation", + "destination.ip": "213.180.199.61", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 24645, + "log.original": "Mar 25 23:59:12 1,2013/03/25 23:59:12,01606001116,THREAT,url,1,2012/04/10 04:42:39,192.168.0.2,213.180.199.61,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:42:39,28723,1,59709,80,0,0,0x200000,tcp,block-url,\"boialex.narod.ru/config.txt\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Russian Federation,0,", + "network.application": "web-browsing", + "network.community_id": "1:J4hfLZVy8UJEkW68RkW2hMu84Wk=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28723", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "boialex.narod.ru/config.txt", + "panw.panos.url.category": "malware-sites", + "related.ip": [ + "192.168.0.2", + "213.180.199.61", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "213.180.199.61", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59709, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "boialex.narod.ru/config.txt" + }, + { + "@timestamp": "2012-04-10T04:42:42.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59721, + "client.user.name": "crusher", + "destination.address": "213.180.199.61", + "destination.as.number": 13238, + "destination.as.organization.name": "YANDEX LLC", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "RU", + "destination.geo.location.lat": 55.7386, + "destination.geo.location.lon": 37.6068, + "destination.geo.name": "Russian Federation", + "destination.ip": "213.180.199.61", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 25056, + "log.original": "Mar 25 23:59:12 1,2013/03/25 23:59:12,01606001116,THREAT,url,1,2012/04/10 04:42:42,192.168.0.2,213.180.199.61,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:42:42,28932,1,59721,80,0,0,0x200000,tcp,block-url,\"edw-melon.narod.ru/config.txt\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Russian Federation,0,", + "network.application": "web-browsing", + "network.community_id": "1:1211QM61Juawz4PBXLQBL9Q2FNA=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28932", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "edw-melon.narod.ru/config.txt", + "panw.panos.url.category": "malware-sites", + "related.ip": [ + "192.168.0.2", + "213.180.199.61", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "213.180.199.61", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59721, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "edw-melon.narod.ru/config.txt" + }, + { + "@timestamp": "2012-04-10T04:42:51.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59752, + "client.user.name": "crusher", + "destination.address": "213.180.199.61", + "destination.as.number": 13238, + "destination.as.organization.name": "YANDEX LLC", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "RU", + "destination.geo.location.lat": 55.7386, + "destination.geo.location.lon": 37.6068, + "destination.geo.name": "Russian Federation", + "destination.ip": "213.180.199.61", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 25469, + "log.original": "Mar 25 23:59:12 1,2013/03/25 23:59:12,01606001116,THREAT,url,1,2012/04/10 04:42:51,192.168.0.2,213.180.199.61,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:42:51,28953,1,59752,80,0,0,0x200000,tcp,block-url,\"maximtushin.narod.ru/config.txt\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Russian Federation,0,", + "network.application": "web-browsing", + "network.community_id": "1:MQfJlERz16LAn6Hn1YhCNKLOjjA=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28953", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "maximtushin.narod.ru/config.txt", + "panw.panos.url.category": "malware-sites", + "related.ip": [ + "192.168.0.2", + "213.180.199.61", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "213.180.199.61", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59752, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "maximtushin.narod.ru/config.txt" + }, + { + "@timestamp": "2012-04-10T04:19:59.000-02:00", + "client.ip": "173.236.179.57", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 54431, + "destination.user.name": "crusher", + "event.action": "file_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 4, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "low", + "log.offset": 25884, + "log.original": "Mar 25 23:59:17 1,2013/03/25 23:59:17,01606001116,THREAT,file,1,2012/04/10 04:19:59,173.236.179.57,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:20:05,64856,1,80,54431,0,0,0x200000,tcp,deny,\"uLLGRaXP.exe\",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "web-browsing", + "network.community_id": "1:to6WA2KM9vqO74DfMPJ8+v0cKPs=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "deny", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "64856", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "52020", + "panw.panos.threat.name": "Windows Executable (EXE)", + "panw.panos.threat.resource": "uLLGRaXP.exe", + "panw.panos.url.category": "any", + "related.ip": [ + "173.236.179.57", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 54431, + "server.user.name": "crusher", + "service.type": "panw", + "source.address": "173.236.179.57", + "source.as.number": 26347, + "source.as.organization.name": "New Dream Network, LLC", + "source.geo.city_name": "Brea", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 33.9339, + "source.geo.location.lon": -117.8854, + "source.geo.name": "United States", + "source.geo.region_iso_code": "US-CA", + "source.geo.region_name": "California", + "source.ip": "173.236.179.57", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "uLLGRaXP.exe" + }, + { + "@timestamp": "2012-04-10T04:09:01.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 63183, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 26276, + "log.original": "Mar 25 23:59:22 1,2013/03/25 23:59:22,01606001116,THREAT,url,1,2012/04/10 04:09:01,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:09:01,55402,1,63183,80,0,0,0x200000,tcp,block-url,\"marketingsoluchion.biz/fkn/config.bin\",(9999),unknown,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "network.application": "web-browsing", + "network.community_id": "1:uO6RhHsqSUg1LHv5h+n+FE4cqrE=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "55402", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "marketingsoluchion.biz/fkn/config.bin", + "panw.panos.url.category": "unknown", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.ip": "204.232.231.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 63183, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ], + "url.original": "marketingsoluchion.biz/fkn/config.bin" + }, + { + "@timestamp": "2012-04-09T08:18:27.000-02:00", + "client.ip": "192.168.0.6", + "client.port": 1047, + "client.user.name": "jordy", + "destination.address": "207.46.140.46", + "destination.as.number": 8075, + "destination.as.organization.name": "Microsoft Corporation", + "destination.geo.city_name": "Central", + "destination.geo.continent_name": "Asia", + "destination.geo.country_iso_code": "HK", + "destination.geo.location.lat": 22.2909, + "destination.geo.location.lon": 114.15, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "HK-HCW", + "destination.geo.region_name": "Central and Western District", + "destination.ip": "207.46.140.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 26686, + "log.original": "Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:18:27,192.168.0.6,207.46.140.46,0.0.0.0,0.0.0.0,rule1,jordy,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:18:32,25217,1,1047,80,0,0,0x200000,tcp,alert,\"default.aspx\",PII(60000),any,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "network.application": "web-browsing", + "network.community_id": "1:KC3xpBK9CdouZqamG9S6Mjl6LIo=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25217", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "default.aspx", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.6", + "207.46.140.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", + "server.ip": "207.46.140.46", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.6", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.6", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 1047, + "source.user.name": "jordy", + "tags": [ + "pan-os" + ], + "url.original": "default.aspx" + }, + { + "@timestamp": "2012-04-09T08:18:29.000-02:00", + "client.ip": "65.54.161.34", + "client.port": 80, + "destination.address": "192.168.0.6", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.6", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 1039, + "destination.user.name": "jordy", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 27064, + "log.original": "Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:18:29,65.54.161.34,192.168.0.6,0.0.0.0,0.0.0.0,rule1,,jordy,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:18:34,25653,1,80,1039,0,0,0x200000,tcp,alert,\"sck.aspx\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "web-browsing", + "network.community_id": "1:qtNTXnMjHLAldLWQ5/jdyuCV6Yk=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "25653", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "sck.aspx", + "panw.panos.url.category": "any", + "related.ip": [ + "65.54.161.34", + "192.168.0.6", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.6", + "server.port": 1039, + "server.user.name": "jordy", + "service.type": "panw", + "source.address": "65.54.161.34", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Redmond", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 47.6722, + "source.geo.location.lon": -122.1257, + "source.geo.name": "United States", + "source.geo.region_iso_code": "US-WA", + "source.geo.region_name": "Washington", + "source.ip": "65.54.161.34", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "sck.aspx" + }, + { + "@timestamp": "2012-04-09T08:18:32.000-02:00", + "client.ip": "65.55.5.231", + "client.port": 80, + "destination.address": "192.168.0.6", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.6", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 1064, + "destination.user.name": "jordy", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 27437, + "log.original": "Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:18:32,65.55.5.231,192.168.0.6,0.0.0.0,0.0.0.0,rule1,,jordy,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:18:37,25717,3,80,1064,0,0,0x200000,tcp,alert,\"ADSAdClient31.dll\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "web-browsing", + "network.community_id": "1:OSQCnxYE2CqKztyfnzJHya/llPw=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "25717", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "ADSAdClient31.dll", + "panw.panos.url.category": "any", + "related.ip": [ + "65.55.5.231", + "192.168.0.6", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.6", + "server.port": 1064, + "server.user.name": "jordy", + "service.type": "panw", + "source.address": "65.55.5.231", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Redmond", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 47.6722, + "source.geo.location.lon": -122.1257, + "source.geo.name": "United States", + "source.geo.region_iso_code": "US-WA", + "source.geo.region_name": "Washington", + "source.ip": "65.55.5.231", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "ADSAdClient31.dll" + }, + { + "@timestamp": "2012-04-09T08:18:33.000-02:00", + "client.ip": "192.168.0.6", + "client.port": 1048, + "client.user.name": "jordy", + "destination.address": "65.54.71.11", + "destination.as.number": 8075, + "destination.as.organization.name": "Microsoft Corporation", + "destination.geo.city_name": "Los Angeles", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 34.0544, + "destination.geo.location.lon": -118.244, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", + "destination.ip": "65.54.71.11", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 27818, + "log.original": "Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:18:33,192.168.0.6,65.54.71.11,0.0.0.0,0.0.0.0,rule1,jordy,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:18:38,25290,1,1048,80,0,0,0x200000,tcp,alert,\"c.gif\",PII(60000),any,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "network.application": "web-browsing", + "network.community_id": "1:MeB0cefg5kMN7f+LW+cirwH2nA8=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25290", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "c.gif", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.6", + "65.54.71.11", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", + "server.ip": "65.54.71.11", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.6", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.6", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 1048, + "source.user.name": "jordy", + "tags": [ + "pan-os" + ], + "url.original": "c.gif" + }, + { + "@timestamp": "2012-04-09T08:18:37.000-02:00", + "client.ip": "74.125.239.17", + "client.port": 80, + "destination.address": "192.168.0.6", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.6", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 1071, + "destination.user.name": "jordy", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 28187, + "log.original": "Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:18:37,74.125.239.17,192.168.0.6,0.0.0.0,0.0.0.0,rule1,,jordy,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:18:42,25932,1,80,1071,0,0,0x200000,tcp,alert,\"csi\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "web-browsing", + "network.community_id": "1:iDmf9CnG+CdUuHWmwVsmhee3/Qs=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "25932", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "csi", + "panw.panos.url.category": "any", + "related.ip": [ + "74.125.239.17", + "192.168.0.6", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.6", + "server.port": 1071, + "server.user.name": "jordy", + "service.type": "panw", + "source.address": "74.125.239.17", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.geo.name": "United States", + "source.ip": "74.125.239.17", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "csi" + }, + { + "@timestamp": "2012-04-09T08:50:12.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 57502, + "client.user.name": "picard", + "destination.address": "208.85.40.48", + "destination.as.number": 40428, + "destination.as.organization.name": "Pandora Media, Inc", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "208.85.40.48", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 28556, + "log.original": "Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:50:12,192.168.0.2,208.85.40.48,0.0.0.0,0.0.0.0,rule1,picard,,pandora,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:50:17,28264,1,57502,80,0,0,0x200000,tcp,alert,\"internal-tuner.pandora.com\",PII(60000),any,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "network.application": "pandora", + "network.community_id": "1:c67I85z1uJV7VW6M9MR5Q8fjHQM=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28264", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "internal-tuner.pandora.com", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "208.85.40.48", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", + "server.ip": "208.85.40.48", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 57502, + "source.user.name": "picard", + "tags": [ + "pan-os" + ], + "url.original": "internal-tuner.pandora.com" + }, + { + "@timestamp": "2012-04-09T08:58:18.000-02:00", + "client.ip": "74.125.224.198", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 57876, + "destination.user.name": "picard", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 28944, + "log.original": "Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:58:18,74.125.224.198,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:58:22,29312,1,80,57876,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "google-maps", + "network.community_id": "1:w5GKumufuJCv3Gw8bvP3vTxap24=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "29312", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", + "related.ip": [ + "74.125.224.198", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 57876, + "server.user.name": "picard", + "service.type": "panw", + "source.address": "74.125.224.198", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.geo.name": "United States", + "source.ip": "74.125.224.198", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "js" + }, + { + "@timestamp": "2012-04-09T08:22:27.000-02:00", + "client.ip": "188.190.124.75", + "client.port": 80, + "destination.address": "192.168.0.6", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.6", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 1082, + "destination.user.name": "jordy", + "event.action": "file_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 4, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "low", + "log.offset": 29319, + "log.original": "Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,file,1,2012/04/09 08:22:27,188.190.124.75,192.168.0.6,0.0.0.0,0.0.0.0,rule1,,jordy,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:22:31,26747,1,80,1082,0,0,0x200000,tcp,deny,\"about.exe\",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,Ukraine,192.168.0.0-192.168.255.255,0,", + "network.application": "web-browsing", + "network.community_id": "1:a7oyQr47OdJP8ZnG9SCELvH8aco=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "deny", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "26747", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "52020", + "panw.panos.threat.name": "Windows Executable (EXE)", + "panw.panos.threat.resource": "about.exe", + "panw.panos.url.category": "any", + "related.ip": [ + "188.190.124.75", + "192.168.0.6", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.6", + "server.port": 1082, + "server.user.name": "jordy", + "service.type": "panw", + "source.address": "188.190.124.75", + "source.as.number": 12357, + "source.as.organization.name": "Vodafone Spain", + "source.geo.city_name": "Oliva", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.location.lat": 38.9197, + "source.geo.location.lon": -0.1193, + "source.geo.name": "Ukraine", + "source.geo.region_iso_code": "ES-V", + "source.geo.region_name": "Valencia", + "source.ip": "188.190.124.75", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "about.exe" + }, + { + "@timestamp": "2012-04-09T07:11:43.000-02:00", + "client.ip": "74.125.224.200", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 50986, + "destination.user.name": "picard", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 29699, + "log.original": "Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 07:11:43,74.125.224.200,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 07:11:48,19205,1,80,50986,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "google-maps", + "network.community_id": "1:yyAK8WOE46l0/k8dVOECI6qa2zQ=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "19205", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", + "related.ip": [ + "74.125.224.200", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 50986, + "server.user.name": "picard", + "service.type": "panw", + "source.address": "74.125.224.200", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.geo.name": "United States", + "source.ip": "74.125.224.200", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "js" + }, + { + "@timestamp": "2012-04-09T07:14:02.000-02:00", + "client.ip": "74.125.239.3", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 51716, + "destination.user.name": "picard", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 30074, + "log.original": "Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 07:14:02,74.125.239.3,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 07:14:07,19360,1,80,51716,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "google-maps", + "network.community_id": "1:15fj8zz0nlNi/Fnz8ibhS9Ihqdg=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "19360", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", + "related.ip": [ + "74.125.239.3", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 51716, + "server.user.name": "picard", + "service.type": "panw", + "source.address": "74.125.239.3", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.geo.name": "United States", + "source.ip": "74.125.239.3", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "js" + }, + { + "@timestamp": "2012-04-09T07:14:39.000-02:00", + "client.ip": "74.125.239.3", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 52119, + "destination.user.name": "picard", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 30447, + "log.original": "Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 07:14:39,74.125.239.3,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 07:14:44,19696,1,80,52119,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "google-maps", + "network.community_id": "1:fl9AVyrQeXPX/eoeKOy+6/UoR8M=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "19696", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", + "related.ip": [ + "74.125.239.3", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 52119, + "server.user.name": "picard", + "service.type": "panw", + "source.address": "74.125.239.3", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.geo.name": "United States", + "source.ip": "74.125.239.3", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "js" + }, + { + "@timestamp": "2012-04-09T07:16:03.000-02:00", + "client.ip": "74.125.224.200", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 52411, + "destination.user.name": "picard", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 30820, + "log.original": "Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 07:16:03,74.125.224.200,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 07:16:08,19679,1,80,52411,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "google-maps", + "network.community_id": "1:cHzYL+SCc86AntedL6fbRx+2wzE=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "19679", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", + "related.ip": [ + "74.125.224.200", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 52411, + "server.user.name": "picard", + "service.type": "panw", + "source.address": "74.125.224.200", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.geo.name": "United States", + "source.ip": "74.125.224.200", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "js" + }, + { + "@timestamp": "2012-04-09T07:18:14.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 52366, + "client.user.name": "picard", + "destination.address": "74.125.239.6", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "74.125.239.6", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 31195, + "log.original": "Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 07:18:14,192.168.0.2,74.125.239.6,0.0.0.0,0.0.0.0,rule1,picard,,google-analytics,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 07:18:19,19448,1,52366,80,0,0,0x200000,tcp,alert,\"__utm.gif\",PII(60000),any,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "network.application": "google-analytics", + "network.community_id": "1:pRuFj5DzdmtFceU+OTawbYPhbJg=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "19448", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "__utm.gif", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "74.125.239.6", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", + "server.ip": "74.125.239.6", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 52366, + "source.user.name": "picard", + "tags": [ + "pan-os" + ], + "url.original": "__utm.gif" + }, + { + "@timestamp": "2012-04-09T07:25:04.000-02:00", + "client.ip": "74.125.224.193", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 53026, + "destination.user.name": "picard", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 31575, + "log.original": "Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 07:25:04,74.125.224.193,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 07:25:09,20422,1,80,53026,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "google-maps", + "network.community_id": "1:e27i7C6aBac+TOOJNFkXsvos7v0=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "20422", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", + "related.ip": [ + "74.125.224.193", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 53026, + "server.user.name": "picard", + "service.type": "panw", + "source.address": "74.125.224.193", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.geo.name": "United States", + "source.ip": "74.125.224.193", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "js" + }, + { + "@timestamp": "2012-04-09T07:36:04.000-02:00", + "client.ip": "74.125.239.20", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 53809, + "destination.user.name": "picard", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 31950, + "log.original": "Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 07:36:04,74.125.239.20,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 07:36:09,21267,1,80,53809,0,0,0x200000,tcp,alert,\"nav_logo107.png\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "web-browsing", + "network.community_id": "1:I0nRW7fXHKg0He8sWEMh90mqrd8=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "21267", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "nav_logo107.png", + "panw.panos.url.category": "any", + "related.ip": [ + "74.125.239.20", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 53809, + "server.user.name": "picard", + "service.type": "panw", + "source.address": "74.125.239.20", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.geo.name": "United States", + "source.ip": "74.125.239.20", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "nav_logo107.png" + }, + { + "@timestamp": "2012-04-09T08:08:08.000-02:00", + "client.ip": "208.80.154.225", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 55912, + "destination.user.name": "picard", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 32333, + "log.original": "Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 08:08:08,208.80.154.225,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:08:13,24567,1,80,55912,0,0,0x200000,tcp,alert,\"Eadweard_Muybridge\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "web-browsing", + "network.community_id": "1:W08oA4XVHxagaCryNLen9OoTnPk=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "24567", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "Eadweard_Muybridge", + "panw.panos.url.category": "any", + "related.ip": [ + "208.80.154.225", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 55912, + "server.user.name": "picard", + "service.type": "panw", + "source.address": "208.80.154.225", + "source.as.number": 14907, + "source.as.organization.name": "Wikimedia Foundation Inc.", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.geo.name": "United States", + "source.ip": "208.80.154.225", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "Eadweard_Muybridge" + }, + { + "@timestamp": "2012-04-09T08:08:44.000-02:00", + "client.ip": "208.80.154.234", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 55916, + "destination.user.name": "picard", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 32720, + "log.original": "Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 08:08:44,208.80.154.234,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:08:49,24646,1,80,55916,0,0,0x200000,tcp,alert,\"load.php\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "web-browsing", + "network.community_id": "1:tvB7u/5+rW38IXXGXjbdYYdzJ5s=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "24646", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "load.php", + "panw.panos.url.category": "any", + "related.ip": [ + "208.80.154.234", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 55916, + "server.user.name": "picard", + "service.type": "panw", + "source.address": "208.80.154.234", + "source.as.number": 14907, + "source.as.organization.name": "Wikimedia Foundation Inc.", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.geo.name": "United States", + "source.ip": "208.80.154.234", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "load.php" + }, + { + "@timestamp": "2012-04-09T08:16:57.000-02:00", + "client.ip": "65.54.75.25", + "client.port": 80, + "destination.address": "192.168.0.6", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.6", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 1046, + "destination.user.name": "jordy", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 33097, + "log.original": "Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 08:16:57,65.54.75.25,192.168.0.6,0.0.0.0,0.0.0.0,rule1,,jordy,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:17:01,25874,1,80,1046,0,0,0x200000,tcp,reset-both,\"8fe44cb728c0f40750c64ee906eb72.css\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "web-browsing", + "network.community_id": "1:LvKTW1EWi7nem/oAlX14Sg2W9kU=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "25874", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "8fe44cb728c0f40750c64ee906eb72.css", + "panw.panos.url.category": "any", + "related.ip": [ + "65.54.75.25", + "192.168.0.6", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.6", + "server.port": 1046, + "server.user.name": "jordy", + "service.type": "panw", + "source.address": "65.54.75.25", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Los Angeles", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 34.0544, + "source.geo.location.lon": -118.244, + "source.geo.name": "United States", + "source.geo.region_iso_code": "US-CA", + "source.geo.region_name": "California", + "source.ip": "65.54.75.25", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "8fe44cb728c0f40750c64ee906eb72.css" + }, + { + "@timestamp": "2012-04-09T04:06:41.000-02:00", + "client.ip": "74.125.224.206", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 61734, + "destination.user.name": "jordy", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 33500, + "log.original": "Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 04:06:41,74.125.224.206,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 04:06:46,2175,1,80,61734,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "google-maps", + "network.community_id": "1:Iur0h7DmmxbVfmJ8EKqn0v73b88=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "2175", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", + "related.ip": [ + "74.125.224.206", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 61734, + "server.user.name": "jordy", + "service.type": "panw", + "source.address": "74.125.224.206", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.geo.name": "United States", + "source.ip": "74.125.224.206", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "js" + }, + { + "@timestamp": "2012-04-09T04:12:52.000-02:00", + "client.ip": "74.125.224.195", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 62292, + "destination.user.name": "jordy", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 33873, + "log.original": "Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 04:12:52,74.125.224.195,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 04:12:57,3046,1,80,62292,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "google-maps", + "network.community_id": "1:n3f9RX9U3DOM57vpn8aB1QSo2Yw=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "3046", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", + "related.ip": [ + "74.125.224.195", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 62292, + "server.user.name": "jordy", + "service.type": "panw", + "source.address": "74.125.224.195", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.geo.name": "United States", + "source.ip": "74.125.224.195", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "js" + }, + { + "@timestamp": "2012-04-09T06:07:49.000-02:00", + "client.ip": "207.178.96.34", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 64669, + "destination.user.name": "jordy", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 34246, + "log.original": "Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:07:49,207.178.96.34,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,rss,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:07:54,1560,1,80,64669,0,0,0x200000,tcp,alert,\"appcast.xml\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "rss", + "network.community_id": "1:K6mY9EnrwYs1/a01d++OZ3kna2g=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "1560", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "appcast.xml", + "panw.panos.url.category": "any", + "related.ip": [ + "207.178.96.34", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 64669, + "server.user.name": "jordy", + "service.type": "panw", + "source.address": "207.178.96.34", + "source.as.number": 20376, + "source.as.organization.name": "Hubris Communications", + "source.geo.city_name": "Liberal", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.0438, + "source.geo.location.lon": -100.9286, + "source.geo.name": "United States", + "source.geo.region_iso_code": "US-KS", + "source.geo.region_name": "Kansas", + "source.ip": "207.178.96.34", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "appcast.xml" + }, + { + "@timestamp": "2012-04-09T06:48:44.000-02:00", + "client.ip": "74.125.224.195", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 65265, + "destination.user.name": "picard", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 34614, + "log.original": "Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:48:44,74.125.224.195,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:48:48,16852,1,80,65265,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "google-maps", + "network.community_id": "1:u89cWOeFF4sWlYYJHVB+nr6g6Qg=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "16852", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", + "related.ip": [ + "74.125.224.195", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 65265, + "server.user.name": "picard", + "service.type": "panw", + "source.address": "74.125.224.195", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.geo.name": "United States", + "source.ip": "74.125.224.195", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "js" + }, + { + "@timestamp": "2012-04-09T06:48:59.000-02:00", + "client.ip": "74.125.239.20", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 64979, + "destination.user.name": "picard", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 34989, + "log.original": "Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:48:59,74.125.239.20,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:49:05,15948,1,80,64979,0,0,0x200000,tcp,alert,\"csi\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "web-browsing", + "network.community_id": "1:QmMWJ0pdk04yRgDj9m6OAKnXpDY=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "15948", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "csi", + "panw.panos.url.category": "any", + "related.ip": [ + "74.125.239.20", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 64979, + "server.user.name": "picard", + "service.type": "panw", + "source.address": "74.125.239.20", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.geo.name": "United States", + "source.ip": "74.125.239.20", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "csi" + }, + { + "@timestamp": "2012-04-09T06:50:14.000-02:00", + "client.ip": "66.152.109.24", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 49432, + "destination.user.name": "picard", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 35360, + "log.original": "Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:50:14,66.152.109.24,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:50:19,17028,1,80,49432,0,0,0x200000,tcp,alert,\"index.php\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "web-browsing", + "network.community_id": "1:d3Kvg96HWrCNAfAK3vx2Uqglkdo=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "17028", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "index.php", + "panw.panos.url.category": "any", + "related.ip": [ + "66.152.109.24", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 49432, + "server.user.name": "picard", + "service.type": "panw", + "source.address": "66.152.109.24", + "source.as.number": 13536, + "source.as.organization.name": "First Light Fiber", + "source.geo.city_name": "Albany", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 42.7008, + "source.geo.location.lon": -73.8601, + "source.geo.name": "United States", + "source.geo.region_iso_code": "US-NY", + "source.geo.region_name": "New York", + "source.ip": "66.152.109.24", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "index.php" + }, + { + "@timestamp": "2012-04-09T06:51:34.000-02:00", + "client.ip": "74.125.224.200", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 49722, + "destination.user.name": "picard", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 35737, + "log.original": "Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:51:34,74.125.224.200,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:51:39,15878,1,80,49722,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "google-maps", + "network.community_id": "1:+c2DVc+anjtRZ3iRsjbG51UM+JA=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "15878", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", + "related.ip": [ + "74.125.224.200", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 49722, + "server.user.name": "picard", + "service.type": "panw", + "source.address": "74.125.224.200", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.geo.name": "United States", + "source.ip": "74.125.224.200", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "js" + }, + { + "@timestamp": "2012-04-09T06:53:41.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 49681, + "client.user.name": "picard", + "destination.address": "74.125.224.201", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "74.125.224.201", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 36112, + "log.original": "Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:53:41,192.168.0.2,74.125.224.201,0.0.0.0,0.0.0.0,rule1,picard,,google-analytics,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:53:47,16602,1,49681,80,0,0,0x200000,tcp,alert,\"__utm.gif\",PII(60000),any,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "network.application": "google-analytics", + "network.community_id": "1:5z6QdMj01RaYM1NdZtQSRQgE9gk=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "16602", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "__utm.gif", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "74.125.224.201", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", + "server.ip": "74.125.224.201", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 49681, + "source.user.name": "picard", + "tags": [ + "pan-os" + ], + "url.original": "__utm.gif" + }, + { + "@timestamp": "2012-04-09T06:54:35.000-02:00", + "client.ip": "74.125.224.200", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 50108, + "destination.user.name": "picard", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 36494, + "log.original": "Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:54:35,74.125.224.200,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:54:41,17433,1,80,50108,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "google-maps", + "network.community_id": "1:Ut9W+vlgpMAH7M4p87nZ/gF7zO8=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "17433", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", + "related.ip": [ + "74.125.224.200", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 50108, + "server.user.name": "picard", + "service.type": "panw", + "source.address": "74.125.224.200", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.geo.name": "United States", + "source.ip": "74.125.224.200", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "js" + }, + { + "@timestamp": "2012-04-09T06:54:55.000-02:00", + "client.ip": "74.125.224.200", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 50387, + "destination.user.name": "picard", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 36869, + "log.original": "Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:54:55,74.125.224.200,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:55:00,17104,1,80,50387,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "google-maps", + "network.community_id": "1:MNjszUBgbVupAxKdr7W7OIvU2lo=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "17104", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", + "related.ip": [ + "74.125.224.200", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 50387, + "server.user.name": "picard", + "service.type": "panw", + "source.address": "74.125.224.200", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.geo.name": "United States", + "source.ip": "74.125.224.200", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "js" + }, + { + "@timestamp": "2012-04-09T03:44:49.000-02:00", + "client.ip": "192.168.0.2", + "client.port": 59781, + "client.user.name": "jordy", + "destination.address": "208.85.40.48", + "destination.as.number": 40428, + "destination.as.organization.name": "Pandora Media, Inc", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "208.85.40.48", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 80, + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 37244, + "log.original": "Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,THREAT,data,1,2012/04/09 03:44:49,192.168.0.2,208.85.40.48,0.0.0.0,0.0.0.0,rule1,jordy,,pandora,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 03:44:55,63706,1,59781,80,0,0,0x200000,tcp,alert,\"internal-tuner.pandora.com\",PII(60000),any,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "network.application": "pandora", + "network.community_id": "1:PzMJQoALQDxnDaqwOEEz4zxyhHU=", + "network.direction": "inbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "63706", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "internal-tuner.pandora.com", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "208.85.40.48", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", + "server.ip": "208.85.40.48", + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 59781, + "source.user.name": "jordy", + "tags": [ + "pan-os" + ], + "url.original": "internal-tuner.pandora.com" + }, + { + "@timestamp": "2012-04-09T03:45:45.000-02:00", + "client.ip": "74.125.224.201", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 60005, + "destination.user.name": "jordy", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 37631, + "log.original": "Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,THREAT,data,1,2012/04/09 03:45:45,74.125.224.201,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 03:45:50,65257,1,80,60005,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "google-maps", + "network.community_id": "1:ThkQfWduH5PZoI7qa/R4rWqT2VM=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "65257", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", + "related.ip": [ + "74.125.224.201", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 60005, + "server.user.name": "jordy", + "service.type": "panw", + "source.address": "74.125.224.201", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.geo.name": "United States", + "source.ip": "74.125.224.201", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "js" + }, + { + "@timestamp": "2012-04-09T03:49:17.000-02:00", + "client.ip": "74.125.224.201", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 60443, + "destination.user.name": "jordy", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 38005, + "log.original": "Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,THREAT,data,1,2012/04/09 03:49:17,74.125.224.201,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 03:49:22,537,1,80,60443,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "google-maps", + "network.community_id": "1:Fd/TWc6RIS9q2bsgzztXrAAL4Ek=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "537", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", + "related.ip": [ + "74.125.224.201", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 60443, + "server.user.name": "jordy", + "service.type": "panw", + "source.address": "74.125.224.201", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.geo.name": "United States", + "source.ip": "74.125.224.201", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "js" + }, + { + "@timestamp": "2012-04-09T03:53:41.000-02:00", + "client.ip": "74.125.224.200", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 60822, + "destination.user.name": "jordy", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 38377, + "log.original": "Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,THREAT,data,1,2012/04/09 03:53:41,74.125.224.200,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 03:53:45,914,1,80,60822,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "google-maps", + "network.community_id": "1:7gqxhjxtnxyQnsvGukcI+WZWzAY=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "914", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", + "related.ip": [ + "74.125.224.200", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 60822, + "server.user.name": "jordy", + "service.type": "panw", + "source.address": "74.125.224.200", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.geo.name": "United States", + "source.ip": "74.125.224.200", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "js" + }, + { + "@timestamp": "2012-04-09T03:55:23.000-02:00", + "client.ip": "74.125.224.200", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 61105, + "destination.user.name": "jordy", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 38749, + "log.original": "Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,THREAT,data,1,2012/04/09 03:55:23,74.125.224.200,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 03:55:28,1475,1,80,61105,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "google-maps", + "network.community_id": "1:ZzHOd7AFzjbGqVCj9S3bTNHFX4Q=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "1475", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", + "related.ip": [ + "74.125.224.200", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 61105, + "server.user.name": "jordy", + "service.type": "panw", + "source.address": "74.125.224.200", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.geo.name": "United States", + "source.ip": "74.125.224.200", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "js" + }, + { + "@timestamp": "2012-04-09T03:55:52.000-02:00", + "client.ip": "74.125.224.198", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 60782, + "destination.user.name": "jordy", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 39122, + "log.original": "Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,THREAT,data,1,2012/04/09 03:55:52,74.125.224.198,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-analytics,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 03:55:57,883,1,80,60782,0,0,0x200000,tcp,alert,\"ga.js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "google-analytics", + "network.community_id": "1:uH37XIov0Sgv5kARW8dP9vrOs7w=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "alert", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "883", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "ga.js", + "panw.panos.url.category": "any", + "related.ip": [ + "74.125.224.198", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 60782, + "server.user.name": "jordy", + "service.type": "panw", + "source.address": "74.125.224.198", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.geo.name": "United States", + "source.ip": "74.125.224.198", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "ga.js" + }, + { + "@timestamp": "2012-04-09T04:03:55.000-02:00", + "client.ip": "74.125.224.200", + "client.port": 80, + "destination.address": "192.168.0.2", + "destination.geo.name": "192.168.0.0-192.168.255.255", + "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.port": 61470, + "destination.user.name": "jordy", + "event.action": "data_match", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.level": "informational", + "log.offset": 39497, + "log.original": "Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,THREAT,data,1,2012/04/09 04:03:55,74.125.224.200,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 04:04:00,1965,1,80,61470,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", + "network.application": "google-maps", + "network.community_id": "1:9jnjFXERN6VFakI1U/qwzyqifzg=", + "network.direction": "outbound", + "network.transport": "tcp", + "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "1965", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", + "related.ip": [ + "74.125.224.200", + "192.168.0.2", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", + "server.ip": "192.168.0.2", + "server.port": 61470, + "server.user.name": "jordy", + "service.type": "panw", + "source.address": "74.125.224.200", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.geo.name": "United States", + "source.ip": "74.125.224.200", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.port": 80, + "tags": [ + "pan-os" + ], + "url.original": "js" + } +] \ No newline at end of file diff --git a/filebeat/module/panw/panos/test/pan_inc_traffic.log b/filebeat/module/panw/panos/test/pan_inc_traffic.log new file mode 100644 index 00000000000..70d2804a712 --- /dev/null +++ b/filebeat/module/panw/panos/test/pan_inc_traffic.log @@ -0,0 +1,100 @@ +Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:58,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:59,11449,1,59324,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:59,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:58,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:59,25572,1,54448,53,0,0,0x200000,udp,allow,76,76,0,1,2012/04/10 04:39:58,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:58,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:59,26208,1,53121,53,0,0,0x200000,udp,allow,76,76,0,1,2012/04/10 04:39:58,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:58,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:59,14931,1,59323,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:58,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:58,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:59,25544,1,59322,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:58,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:58,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:59,25308,1,55766,53,0,0,0x200000,udp,allow,74,74,0,1,2012/04/10 04:39:58,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:58,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:59,26376,1,55072,53,0,0,0x200000,udp,allow,74,74,0,1,2012/04/10 04:39:58,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,end,1,2012/04/10 04:39:58,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25118,1,59207,80,0,0,0x200000,tcp,allow,1355,549,806,10,2012/04/10 04:39:27,1,private-ip-addresses,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,6,4 +Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,end,1,2012/04/10 04:39:58,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,26146,1,59209,80,0,0,0x200000,tcp,allow,1355,549,806,10,2012/04/10 04:39:28,0,private-ip-addresses,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,6,4 +Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,end,1,2012/04/10 04:39:58,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25272,1,59208,80,0,0,0x200000,tcp,allow,1355,549,806,10,2012/04/10 04:39:27,1,private-ip-addresses,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,6,4 +Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:57,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,24069,1,59318,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:58,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:57,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25848,1,59317,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:57,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:57,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25179,1,59316,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:57,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:57,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25112,1,59315,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:57,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,end,1,2012/04/10 04:39:57,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,26161,1,59206,80,0,0,0x200000,tcp,allow,1355,549,806,10,2012/04/10 04:39:27,0,private-ip-addresses,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,6,4 +Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,end,1,2012/04/10 04:39:57,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,26000,1,59205,80,0,0,0x200000,tcp,allow,1355,549,806,10,2012/04/10 04:39:26,1,private-ip-addresses,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,6,4 +Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,end,1,2012/04/10 04:39:56,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,65184,1,56858,80,0,0,0x200000,tcp,allow,1910,1359,551,21,2012/04/10 04:29:54,512,malware-sites,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,18,3 +Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,start,1,2012/04/10 04:39:56,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,26522,1,59314,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:56,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,start,1,2012/04/10 04:39:56,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,26067,1,59313,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:56,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,start,1,2012/04/10 04:39:56,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,26573,1,52139,53,0,0,0x200000,udp,allow,69,69,0,1,2012/04/10 04:39:56,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,start,1,2012/04/10 04:39:56,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,26894,1,60592,53,0,0,0x200000,udp,allow,69,69,0,1,2012/04/10 04:39:56,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,start,1,2012/04/10 04:39:56,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,25149,1,59309,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:56,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,end,1,2012/04/10 04:39:56,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,25258,1,57322,53,0,0,0x200000,udp,allow,164,66,98,2,2012/04/10 04:39:26,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,1 +Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,end,1,2012/04/10 04:39:56,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,25025,1,59204,80,0,0,0x200000,tcp,allow,1355,549,806,10,2012/04/10 04:39:26,0,private-ip-addresses,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,6,4 +Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,end,1,2012/04/10 04:39:56,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,26138,1,59203,80,0,0,0x200000,tcp,allow,1355,549,806,10,2012/04/10 04:39:26,0,private-ip-addresses,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,6,4 +Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,start,1,2012/04/10 04:39:55,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,27175,1,59305,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:56,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,start,1,2012/04/10 04:39:55,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,26261,1,64005,53,0,0,0x200000,udp,allow,69,69,0,1,2012/04/10 04:39:55,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,start,1,2012/04/10 04:39:55,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,25022,1,58768,53,0,0,0x200000,udp,allow,69,69,0,1,2012/04/10 04:39:55,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,start,1,2012/04/10 04:39:55,192.168.0.2,98.149.55.63,0.0.0.0,0.0.0.0,rule1,crusher,,skype,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,24027,1,47752,13069,0,0,0x200000,udp,allow,1008,504,504,16,2012/04/10 04:37:50,125,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,8,8 +Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,start,1,2012/04/10 04:39:55,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,26360,1,59304,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:55,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,start,1,2012/04/10 04:39:55,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,26394,1,54533,53,0,0,0x200000,udp,allow,71,71,0,1,2012/04/10 04:39:55,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,end,1,2012/04/10 04:39:55,192.168.0.2,212.48.10.58,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,24917,1,59201,80,0,0,0x200000,tcp,allow,9967,837,9130,20,2012/04/10 04:39:24,1,search-engines,0,0,0x0,192.168.0.0-192.168.255.255,Italy,0,10,10 +Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,start,1,2012/04/10 04:39:54,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,22860,1,59303,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:55,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,start,1,2012/04/10 04:39:54,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,14146,1,50876,53,0,0,0x200000,udp,allow,76,76,0,1,2012/04/10 04:39:54,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,start,1,2012/04/10 04:39:54,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,25876,1,57657,53,0,0,0x200000,udp,allow,76,76,0,1,2012/04/10 04:39:54,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,start,1,2012/04/10 04:39:54,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,24910,1,59302,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:54,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,start,1,2012/04/10 04:39:54,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,26862,1,59301,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:54,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,start,1,2012/04/10 04:39:54,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,26222,1,64844,53,0,0,0x200000,udp,allow,80,80,0,1,2012/04/10 04:39:54,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,start,1,2012/04/10 04:39:54,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,26329,1,52257,53,0,0,0x200000,udp,allow,80,80,0,1,2012/04/10 04:39:54,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,end,1,2012/04/10 04:39:54,192.168.0.100,8.8.8.8,0.0.0.0,0.0.0.0,rule1,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:54,25142,1,38796,53,0,0,0x0,udp,allow,206,95,111,2,2012/04/10 04:39:24,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,1 +Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,end,1,2012/04/10 04:39:54,192.168.0.2,62.211.68.12,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:54,25095,1,59200,80,0,0,0x200000,tcp,allow,1503,597,906,13,2012/04/10 04:39:23,1,entertainment-and-arts,0,0,0x0,192.168.0.0-192.168.255.255,Italy,0,6,7 +Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,end,1,2012/04/10 04:39:54,192.168.0.100,50.19.102.116,0.0.0.0,0.0.0.0,rule1,,,paloalto-wildfire-cloud,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:54,24787,1,48412,443,0,0,0x0,tcp,allow,5817,804,5013,17,2012/04/10 04:39:24,0,computer-and-internet-security,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,10,7 +Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,end,1,2012/04/10 04:39:54,192.168.0.2,65.55.223.19,0.0.0.0,0.0.0.0,rule1,crusher,,skype-probe,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:54,25948,1,47752,40026,0,0,0x200000,udp,allow,286,187,99,2,2012/04/10 04:39:24,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,1 +Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,end,1,2012/04/10 04:39:54,192.168.0.2,65.55.223.24,0.0.0.0,0.0.0.0,rule1,crusher,,skype-probe,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:54,25444,1,47752,40029,0,0,0x200000,udp,allow,978,76,902,2,2012/04/10 04:39:24,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,1 +Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,end,1,2012/04/10 04:39:54,192.168.0.100,8.8.8.8,0.0.0.0,0.0.0.0,rule1,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:54,25349,1,52189,53,0,0,0x0,udp,allow,227,86,141,2,2012/04/10 04:39:24,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,1 +Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,start,1,2012/04/10 04:39:53,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:54,25713,1,59300,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:54,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,start,1,2012/04/10 04:39:53,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:54,26499,1,54414,53,0,0,0x200000,udp,allow,73,73,0,1,2012/04/10 04:39:53,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,start,1,2012/04/10 04:39:53,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,25437,1,59299,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:53,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,start,1,2012/04/10 04:39:53,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,24848,1,60399,53,0,0,0x200000,udp,allow,80,80,0,1,2012/04/10 04:39:53,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,end,1,2012/04/10 04:39:53,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,24924,1,59626,53,0,0,0x200000,udp,allow,482,166,316,4,2012/04/10 04:39:22,1,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,2,2 +Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,end,1,2012/04/10 04:39:53,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,25899,1,51542,53,0,0,0x200000,udp,allow,196,75,121,2,2012/04/10 04:39:23,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,1 +Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,end,1,2012/04/10 04:39:53,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,26066,1,54182,53,0,0,0x200000,udp,allow,244,75,169,2,2012/04/10 04:39:23,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,1 +Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,end,1,2012/04/10 04:39:53,192.168.0.2,62.211.68.12,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,24908,1,59199,80,0,0,0x200000,tcp,allow,1548,594,954,13,2012/04/10 04:39:23,0,business-and-economy,0,0,0x0,192.168.0.0-192.168.255.255,Italy,0,6,7 +Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,end,1,2012/04/10 04:39:53,192.168.0.2,212.48.10.58,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,25105,1,59198,80,0,0,0x200000,tcp,allow,10135,1005,9130,22,2012/04/10 04:39:21,2,search-engines,0,0,0x0,192.168.0.0-192.168.255.255,Italy,0,12,10 +Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,end,1,2012/04/10 04:39:53,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,11964,1,56856,80,0,0,0x200000,tcp,allow,1918,1363,555,21,2012/04/10 04:29:51,512,malware-sites,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,18,3 +Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,start,1,2012/04/10 04:39:53,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,26502,1,52489,53,0,0,0x200000,udp,allow,80,80,0,1,2012/04/10 04:39:53,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,start,1,2012/04/10 04:39:52,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,26338,1,59298,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:53,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,start,1,2012/04/10 04:39:52,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,24919,1,60185,53,0,0,0x200000,udp,allow,76,76,0,1,2012/04/10 04:39:52,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,start,1,2012/04/10 04:39:52,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,26731,1,51817,53,0,0,0x200000,udp,allow,76,76,0,1,2012/04/10 04:39:52,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,start,1,2012/04/10 04:39:52,192.168.0.2,65.55.223.31,0.0.0.0,0.0.0.0,rule1,crusher,,skype-probe,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,26504,1,47752,40043,0,0,0x200000,udp,allow,186,186,0,1,2012/04/10 04:39:52,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,start,1,2012/04/10 04:39:52,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,25543,1,59297,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:52,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,start,1,2012/04/10 04:39:52,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,21948,1,52537,53,0,0,0x200000,udp,allow,82,82,0,1,2012/04/10 04:39:52,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,start,1,2012/04/10 04:39:52,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:52,26279,1,53155,53,0,0,0x200000,udp,allow,82,82,0,1,2012/04/10 04:39:52,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,end,1,2012/04/10 04:39:52,192.168.0.2,62.211.68.12,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:52,24894,1,59197,80,0,0,0x200000,tcp,allow,1487,581,906,13,2012/04/10 04:39:21,1,entertainment-and-arts,0,0,0x0,192.168.0.0-192.168.255.255,Italy,0,6,7 +Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,end,1,2012/04/10 04:39:52,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:52,24985,1,56995,53,0,0,0x200000,udp,allow,251,88,163,2,2012/04/10 04:39:22,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,1 +Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,start,1,2012/04/10 04:39:51,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:52,25380,1,59069,53,0,0,0x200000,udp,allow,76,76,0,1,2012/04/10 04:39:51,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,start,1,2012/04/10 04:39:51,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:52,24994,1,55697,53,0,0,0x200000,udp,allow,76,76,0,1,2012/04/10 04:39:51,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,start,1,2012/04/10 04:39:51,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:52,25451,1,59295,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:51,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,end,1,2012/04/10 04:39:51,192.168.0.2,62.211.68.12,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:51,24866,1,59196,80,0,0,0x200000,tcp,allow,1500,578,922,13,2012/04/10 04:39:20,1,business-and-economy,0,0,0x0,192.168.0.0-192.168.255.255,Italy,0,6,7 +Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,start,1,2012/04/10 04:39:50,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:51,26414,1,59291,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:51,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,start,1,2012/04/10 04:39:50,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:51,26131,1,52858,53,0,0,0x200000,udp,allow,77,77,0,1,2012/04/10 04:39:50,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,start,1,2012/04/10 04:39:50,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:51,26555,1,61383,53,0,0,0x200000,udp,allow,77,77,0,1,2012/04/10 04:39:50,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,start,1,2012/04/10 04:39:50,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,15099,1,59290,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:50,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,end,1,2012/04/10 04:39:50,192.168.0.2,8.5.1.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,24980,1,59195,80,0,0,0x200000,tcp,allow,28096,1310,26786,39,2012/04/10 04:39:20,0,not-resolved,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,17,22 +Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,start,1,2012/04/10 04:39:50,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,26215,1,49812,53,0,0,0x200000,udp,allow,83,83,0,1,2012/04/10 04:39:50,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,start,1,2012/04/10 04:39:50,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,25881,1,50185,53,0,0,0x200000,udp,allow,83,83,0,1,2012/04/10 04:39:50,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,start,1,2012/04/10 04:39:50,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,24955,1,59286,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:50,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,end,1,2012/04/10 04:39:50,192.168.0.2,192.168.0.1,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,24961,1,52531,53,0,0,0x200000,udp,allow,244,75,169,2,2012/04/10 04:39:20,0,any,0,0,0x0,192.168.0.0-192.168.255.255,192.168.0.0-192.168.255.255,0,1,1 +Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,end,1,2012/04/10 04:39:50,192.168.0.2,212.48.10.58,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,24226,1,59194,80,0,0,0x200000,tcp,allow,10097,1033,9064,21,2012/04/10 04:39:17,3,search-engines,0,0,0x0,192.168.0.0-192.168.255.255,Italy,0,12,9 +Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,end,1,2012/04/10 04:39:50,192.168.0.2,212.48.10.58,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,25129,1,59192,80,0,0,0x200000,tcp,allow,10105,981,9124,22,2012/04/10 04:39:13,7,search-engines,0,0,0x0,192.168.0.0-192.168.255.255,Italy,0,12,10 +Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,end,1,2012/04/10 04:39:50,192.168.0.2,192.168.0.1,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,25194,1,56463,53,0,0,0x200000,udp,allow,214,77,137,2,2012/04/10 04:39:20,0,any,0,0,0x0,192.168.0.0-192.168.255.255,192.168.0.0-192.168.255.255,0,1,1 +Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,end,1,2012/04/10 04:39:50,192.168.0.2,192.168.0.1,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,26257,1,55849,53,0,0,0x200000,udp,allow,170,77,93,2,2012/04/10 04:39:20,0,any,0,0,0x0,192.168.0.0-192.168.255.255,192.168.0.0-192.168.255.255,0,1,1 +Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,start,1,2012/04/10 04:39:49,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,24561,1,59282,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:49,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,start,1,2012/04/10 04:39:49,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,26150,1,57846,53,0,0,0x200000,udp,allow,71,71,0,1,2012/04/10 04:39:49,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,start,1,2012/04/10 04:39:49,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,25676,1,51008,53,0,0,0x200000,udp,allow,71,71,0,1,2012/04/10 04:39:49,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,start,1,2012/04/10 04:39:49,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,25306,1,59281,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:49,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,start,1,2012/04/10 04:39:49,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,26411,1,55252,53,0,0,0x200000,udp,allow,80,80,0,1,2012/04/10 04:39:49,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,end,1,2012/04/10 04:39:49,192.168.0.2,192.168.0.1,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,24844,1,56995,53,0,0,0x200000,udp,allow,176,176,0,2,2012/04/10 04:39:18,1,any,0,0,0x0,192.168.0.0-192.168.255.255,192.168.0.0-192.168.255.255,0,2,0 +Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,start,1,2012/04/10 04:39:49,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:49,26335,1,60989,53,0,0,0x200000,udp,allow,80,80,0,1,2012/04/10 04:39:49,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,start,1,2012/04/10 04:39:48,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:49,26127,1,59280,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:48,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,start,1,2012/04/10 04:39:48,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:49,25488,1,53766,53,0,0,0x200000,udp,allow,81,81,0,1,2012/04/10 04:39:48,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,start,1,2012/04/10 04:39:48,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:49,25269,1,56032,53,0,0,0x200000,udp,allow,81,81,0,1,2012/04/10 04:39:48,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,end,1,2012/04/10 04:39:48,192.168.0.2,62.211.68.12,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:48,25715,1,59193,80,0,0,0x200000,tcp,allow,1487,581,906,13,2012/04/10 04:39:17,1,entertainment-and-arts,0,0,0x0,192.168.0.0-192.168.255.255,Italy,0,6,7 +Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,TRAFFIC,start,1,2012/04/10 04:39:48,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:48,26251,1,59279,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:48,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,TRAFFIC,start,1,2012/04/10 04:39:47,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:48,25871,1,59278,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:48,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,TRAFFIC,start,1,2012/04/10 04:39:47,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:48,25945,1,59277,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:47,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 +Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,TRAFFIC,end,1,2012/04/10 04:39:47,192.168.0.2,192.168.0.1,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:48,25310,1,60026,53,0,0,0x200000,udp,allow,166,166,0,2,2012/04/10 04:39:16,1,any,0,0,0x0,192.168.0.0-192.168.255.255,192.168.0.0-192.168.255.255,0,2,0 +Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,TRAFFIC,start,1,2012/04/10 04:39:47,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:47,27111,1,59276,80,0,0,0x200000,tcp,allow,429,351,78,4,2012/04/10 04:39:47,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,3,1 +Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,TRAFFIC,start,1,2012/04/10 04:39:47,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:47,25398,1,59275,80,0,0,0x200000,tcp,allow,429,351,78,4,2012/04/10 04:39:47,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,3,1 +Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,TRAFFIC,start,1,2012/04/10 04:39:46,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:47,23898,1,59274,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:46,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0 diff --git a/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json b/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json new file mode 100644 index 00000000000..c285f88d43d --- /dev/null +++ b/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json @@ -0,0 +1,9301 @@ +[ + { + "@timestamp": "2012-04-10T04:39:58.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59324, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:59.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:59.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 0, + "log.original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:58,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:59,11449,1,59324,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:59,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:MaqerLAYuvMg6JWjWKmIMO6QJ6s=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "11449", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59324, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:58.000-02:00", + "client.bytes": 76, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 54448, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 76, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:58.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:58.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 364, + "log.original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:58,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:59,25572,1,54448,53,0,0,0x200000,udp,allow,76,76,0,1,2012/04/10 04:39:58,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 76, + "network.community_id": "1:rmRctS0ZS56Ixay3V5beNERhPNc=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25572", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 54448, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:58.000-02:00", + "client.bytes": 76, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 53121, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 76, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:58.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:58.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 717, + "log.original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:58,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:59,26208,1,53121,53,0,0,0x200000,udp,allow,76,76,0,1,2012/04/10 04:39:58,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 76, + "network.community_id": "1:NmeRH4O3xNBaUjzIOpdGXeAJ/sg=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26208", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 53121, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:58.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59323, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:58.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:58.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 1070, + "log.original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:58,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:59,14931,1,59323,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:58,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:ej/0QPUwuraByxuNxWsOp2ouPuE=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "14931", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59323, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:58.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59322, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:58.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:58.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 1434, + "log.original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:58,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:59,25544,1,59322,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:58,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:XHKuVPA6enGOr0Qng8AJtYTgWAQ=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25544", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59322, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:58.000-02:00", + "client.bytes": 74, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 55766, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 74, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:58.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:58.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 1798, + "log.original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:58,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:59,25308,1,55766,53,0,0,0x200000,udp,allow,74,74,0,1,2012/04/10 04:39:58,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 74, + "network.community_id": "1:bkpOCSg/r3P7zn1eVdfrSSHQMn0=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25308", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 55766, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:58.000-02:00", + "client.bytes": 74, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 55072, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 74, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:58.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:58.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 2151, + "log.original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:58,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:59,26376,1,55072,53,0,0,0x200000,udp,allow,74,74,0,1,2012/04/10 04:39:58,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 74, + "network.community_id": "1:f08UBDqcNW5jC3R+i40XfD1g8l8=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26376", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 55072, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:58.000-02:00", + "client.bytes": 549, + "client.ip": "192.168.0.2", + "client.packets": 4, + "client.port": 59207, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 549, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 6, + "destination.port": 80, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 1000000000, + "event.end": "2012-04-10T04:39:28.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:27.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 2504, + "log.original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,end,1,2012/04/10 04:39:58,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25118,1,59207,80,0,0,0x200000,tcp,allow,1355,549,806,10,2012/04/10 04:39:27,1,private-ip-addresses,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,6,4", + "network.application": "web-browsing", + "network.bytes": 1355, + "network.community_id": "1:kGyE7FdnFLrk4Cc6NHaD5WeE81A=", + "network.direction": "outbound", + "network.packets": 10, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25118", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "private-ip-addresses", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 806, + "server.ip": "204.232.231.46", + "server.packets": 6, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 806, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 4, + "source.port": 59207, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:58.000-02:00", + "client.bytes": 549, + "client.ip": "192.168.0.2", + "client.packets": 4, + "client.port": 59209, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 549, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 6, + "destination.port": 80, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:28.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:28.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 2889, + "log.original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,end,1,2012/04/10 04:39:58,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,26146,1,59209,80,0,0,0x200000,tcp,allow,1355,549,806,10,2012/04/10 04:39:28,0,private-ip-addresses,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,6,4", + "network.application": "web-browsing", + "network.bytes": 1355, + "network.community_id": "1:pxN/AvFcFozLjRgniFdZmScORYQ=", + "network.direction": "outbound", + "network.packets": 10, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26146", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "private-ip-addresses", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 806, + "server.ip": "204.232.231.46", + "server.packets": 6, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 806, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 4, + "source.port": 59209, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:58.000-02:00", + "client.bytes": 549, + "client.ip": "192.168.0.2", + "client.packets": 4, + "client.port": 59208, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 549, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 6, + "destination.port": 80, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 1000000000, + "event.end": "2012-04-10T04:39:28.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:27.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 3274, + "log.original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,end,1,2012/04/10 04:39:58,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25272,1,59208,80,0,0,0x200000,tcp,allow,1355,549,806,10,2012/04/10 04:39:27,1,private-ip-addresses,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,6,4", + "network.application": "web-browsing", + "network.bytes": 1355, + "network.community_id": "1:HmuQtYxq+NpgJ0zVEIpz7zLNOKM=", + "network.direction": "outbound", + "network.packets": 10, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25272", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "private-ip-addresses", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 806, + "server.ip": "204.232.231.46", + "server.packets": 6, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 806, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 4, + "source.port": 59208, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:57.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59318, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:58.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:58.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 3659, + "log.original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:57,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,24069,1,59318,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:58,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:I7NZAEypUvCTVa5iVWyAsWeEWgY=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24069", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59318, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:57.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59317, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:57.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:57.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 4023, + "log.original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:57,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25848,1,59317,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:57,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:GOqfpUTezPkpm6axBI22kY90kU4=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25848", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59317, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:57.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59316, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:57.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:57.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 4387, + "log.original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:57,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25179,1,59316,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:57,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:aiB5YppFUGX0pM/1Xtp3qOSFXJw=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25179", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59316, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:57.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59315, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:57.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:57.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 4751, + "log.original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:57,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25112,1,59315,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:57,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:ghLw4NDj0JmAhH9lVtlhdQpqEQ0=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25112", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59315, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:57.000-02:00", + "client.bytes": 549, + "client.ip": "192.168.0.2", + "client.packets": 4, + "client.port": 59206, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 549, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 6, + "destination.port": 80, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:27.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:27.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 5115, + "log.original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,end,1,2012/04/10 04:39:57,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,26161,1,59206,80,0,0,0x200000,tcp,allow,1355,549,806,10,2012/04/10 04:39:27,0,private-ip-addresses,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,6,4", + "network.application": "web-browsing", + "network.bytes": 1355, + "network.community_id": "1:SIxV4kkvJlBljF+gLKAaihputgk=", + "network.direction": "outbound", + "network.packets": 10, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26161", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "private-ip-addresses", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 806, + "server.ip": "204.232.231.46", + "server.packets": 6, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 806, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 4, + "source.port": 59206, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:57.000-02:00", + "client.bytes": 549, + "client.ip": "192.168.0.2", + "client.packets": 4, + "client.port": 59205, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 549, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 6, + "destination.port": 80, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 1000000000, + "event.end": "2012-04-10T04:39:27.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:26.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 5500, + "log.original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,end,1,2012/04/10 04:39:57,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,26000,1,59205,80,0,0,0x200000,tcp,allow,1355,549,806,10,2012/04/10 04:39:26,1,private-ip-addresses,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,6,4", + "network.application": "web-browsing", + "network.bytes": 1355, + "network.community_id": "1:rpU2pqp4ioYKgiuDEfjZitnLkow=", + "network.direction": "outbound", + "network.packets": 10, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26000", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "private-ip-addresses", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 806, + "server.ip": "204.232.231.46", + "server.packets": 6, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 806, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 4, + "source.port": 59205, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:56.000-02:00", + "client.bytes": 1359, + "client.ip": "192.168.0.2", + "client.packets": 3, + "client.port": 56858, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 1359, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 18, + "destination.port": 80, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 512000000000, + "event.end": "2012-04-10T04:38:26.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:29:54.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 5885, + "log.original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,end,1,2012/04/10 04:39:56,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,65184,1,56858,80,0,0,0x200000,tcp,allow,1910,1359,551,21,2012/04/10 04:29:54,512,malware-sites,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,18,3", + "network.application": "web-browsing", + "network.bytes": 1910, + "network.community_id": "1:JuKJfhPs1pDZMiwy04nz1EsD7PA=", + "network.direction": "outbound", + "network.packets": 21, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "65184", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "malware-sites", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 551, + "server.ip": "204.232.231.46", + "server.packets": 18, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 551, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 3, + "source.port": 56858, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:56.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59314, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:56.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:56.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 6267, + "log.original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,start,1,2012/04/10 04:39:56,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,26522,1,59314,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:56,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:bZl1JgwyPgfsbSrD+z8I/hpbdc4=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26522", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59314, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:56.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59313, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:56.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:56.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 6631, + "log.original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,start,1,2012/04/10 04:39:56,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,26067,1,59313,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:56,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:0fIOSC1t62T9ExNKvZaxl657EVc=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26067", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59313, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:56.000-02:00", + "client.bytes": 69, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 52139, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 69, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:56.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:56.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 6995, + "log.original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,start,1,2012/04/10 04:39:56,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,26573,1,52139,53,0,0,0x200000,udp,allow,69,69,0,1,2012/04/10 04:39:56,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 69, + "network.community_id": "1:vFErz1cKNExckY21peQ3YAc8Tmk=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26573", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 52139, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:56.000-02:00", + "client.bytes": 69, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 60592, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 69, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:56.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:56.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 7348, + "log.original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,start,1,2012/04/10 04:39:56,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,26894,1,60592,53,0,0,0x200000,udp,allow,69,69,0,1,2012/04/10 04:39:56,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 69, + "network.community_id": "1:i4rdWjY94ZjxNIBve+QH3YwdL04=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26894", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 60592, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:56.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59309, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:56.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:56.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 7701, + "log.original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,start,1,2012/04/10 04:39:56,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,25149,1,59309,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:56,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:mY2EPMYo0US42k87/2uTzjo/rGA=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25149", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59309, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:56.000-02:00", + "client.bytes": 66, + "client.ip": "192.168.0.2", + "client.packets": 1, + "client.port": 57322, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 66, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:26.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:26.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 8065, + "log.original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,end,1,2012/04/10 04:39:56,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,25258,1,57322,53,0,0,0x200000,udp,allow,164,66,98,2,2012/04/10 04:39:26,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,1", + "network.application": "dns", + "network.bytes": 164, + "network.community_id": "1:GjCL7PEzM4X3r7frQ42mW+tNEIQ=", + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25258", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 98, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 98, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 1, + "source.port": 57322, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:56.000-02:00", + "client.bytes": 549, + "client.ip": "192.168.0.2", + "client.packets": 4, + "client.port": 59204, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 549, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 6, + "destination.port": 80, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:26.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:26.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 8418, + "log.original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,end,1,2012/04/10 04:39:56,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,25025,1,59204,80,0,0,0x200000,tcp,allow,1355,549,806,10,2012/04/10 04:39:26,0,private-ip-addresses,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,6,4", + "network.application": "web-browsing", + "network.bytes": 1355, + "network.community_id": "1:2+g5+FYJDJku+1Cl3ZbhVCYdAog=", + "network.direction": "outbound", + "network.packets": 10, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25025", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "private-ip-addresses", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 806, + "server.ip": "204.232.231.46", + "server.packets": 6, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 806, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 4, + "source.port": 59204, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:56.000-02:00", + "client.bytes": 549, + "client.ip": "192.168.0.2", + "client.packets": 4, + "client.port": 59203, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 549, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 6, + "destination.port": 80, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:26.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:26.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 8803, + "log.original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,end,1,2012/04/10 04:39:56,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,26138,1,59203,80,0,0,0x200000,tcp,allow,1355,549,806,10,2012/04/10 04:39:26,0,private-ip-addresses,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,6,4", + "network.application": "web-browsing", + "network.bytes": 1355, + "network.community_id": "1:+ENVPObTW4uBLTLg/Gs7oB3/t0E=", + "network.direction": "outbound", + "network.packets": 10, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26138", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "private-ip-addresses", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 806, + "server.ip": "204.232.231.46", + "server.packets": 6, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 806, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 4, + "source.port": 59203, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:55.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59305, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:56.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:56.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 9188, + "log.original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,start,1,2012/04/10 04:39:55,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,27175,1,59305,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:56,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:TPp8b1ubMhxmeJWRt0DCagjd7jA=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "27175", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59305, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:55.000-02:00", + "client.bytes": 69, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 64005, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 69, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:55.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:55.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 9552, + "log.original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,start,1,2012/04/10 04:39:55,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,26261,1,64005,53,0,0,0x200000,udp,allow,69,69,0,1,2012/04/10 04:39:55,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 69, + "network.community_id": "1:9xSXx0HsnsbhZkZ6kFjNeIn1Aw8=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26261", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 64005, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:55.000-02:00", + "client.bytes": 69, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 58768, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 69, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:55.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:55.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 9905, + "log.original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,start,1,2012/04/10 04:39:55,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,25022,1,58768,53,0,0,0x200000,udp,allow,69,69,0,1,2012/04/10 04:39:55,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 69, + "network.community_id": "1:Ukie7FwgRVUkTl4/hKbkxseBqj0=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25022", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 58768, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:55.000-02:00", + "client.bytes": 504, + "client.ip": "192.168.0.2", + "client.packets": 8, + "client.port": 47752, + "client.user.name": "crusher", + "destination.address": "98.149.55.63", + "destination.as.number": 20001, + "destination.as.organization.name": "Charter Communications Inc", + "destination.bytes": 504, + "destination.geo.city_name": "Westminster", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 33.7518, + "destination.geo.location.lon": -117.9932, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", + "destination.ip": "98.149.55.63", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 8, + "destination.port": 13069, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 125000000000, + "event.end": "2012-04-10T04:39:55.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:37:50.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 10258, + "log.original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,start,1,2012/04/10 04:39:55,192.168.0.2,98.149.55.63,0.0.0.0,0.0.0.0,rule1,crusher,,skype,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,24027,1,47752,13069,0,0,0x200000,udp,allow,1008,504,504,16,2012/04/10 04:37:50,125,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,8,8", + "network.application": "skype", + "network.bytes": 1008, + "network.community_id": "1:7+CQvC/DGk2fhUdWzglWwYXYMZE=", + "network.direction": "outbound", + "network.packets": 16, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24027", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "98.149.55.63", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 504, + "server.ip": "98.149.55.63", + "server.packets": 8, + "server.port": 13069, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 504, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 8, + "source.port": 47752, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:55.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59304, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:55.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:55.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 10624, + "log.original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,start,1,2012/04/10 04:39:55,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,26360,1,59304,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:55,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:h+XKHvMK2Oz7QQvaJdhsJWE2c9E=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26360", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59304, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:55.000-02:00", + "client.bytes": 71, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 54533, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 71, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:55.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:55.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 10988, + "log.original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,start,1,2012/04/10 04:39:55,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,26394,1,54533,53,0,0,0x200000,udp,allow,71,71,0,1,2012/04/10 04:39:55,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 71, + "network.community_id": "1:x/kpg5sNW5nn7RkabTWPIKsvO58=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26394", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 54533, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:55.000-02:00", + "client.bytes": 837, + "client.ip": "192.168.0.2", + "client.packets": 10, + "client.port": 59201, + "client.user.name": "crusher", + "destination.address": "212.48.10.58", + "destination.as.number": 8660, + "destination.as.organization.name": "Italiaonline S.p.A.", + "destination.bytes": 837, + "destination.geo.city_name": "Assago", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "IT", + "destination.geo.location.lat": 45.4087, + "destination.geo.location.lon": 9.1225, + "destination.geo.region_iso_code": "IT-MI", + "destination.geo.region_name": "Milan", + "destination.ip": "212.48.10.58", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 10, + "destination.port": 80, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 1000000000, + "event.end": "2012-04-10T04:39:25.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:24.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 11341, + "log.original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,end,1,2012/04/10 04:39:55,192.168.0.2,212.48.10.58,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,24917,1,59201,80,0,0,0x200000,tcp,allow,9967,837,9130,20,2012/04/10 04:39:24,1,search-engines,0,0,0x0,192.168.0.0-192.168.255.255,Italy,0,10,10", + "network.application": "web-browsing", + "network.bytes": 9967, + "network.community_id": "1:GL6UBrkzpi/gQHrUyqxHb1jJeUU=", + "network.direction": "outbound", + "network.packets": 20, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24917", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "search-engines", + "related.ip": [ + "192.168.0.2", + "212.48.10.58", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 9130, + "server.ip": "212.48.10.58", + "server.packets": 10, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 9130, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 10, + "source.port": 59201, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:54.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59303, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:55.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:55.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 11713, + "log.original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,start,1,2012/04/10 04:39:54,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,22860,1,59303,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:55,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:6kV576B7jMsBLC62npA6Dgi/zMI=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "22860", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59303, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:54.000-02:00", + "client.bytes": 76, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 50876, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 76, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:54.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:54.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 12077, + "log.original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,start,1,2012/04/10 04:39:54,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,14146,1,50876,53,0,0,0x200000,udp,allow,76,76,0,1,2012/04/10 04:39:54,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 76, + "network.community_id": "1:TuGe54F1FJdU+mNdTf97Ced2UmI=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "14146", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 50876, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:54.000-02:00", + "client.bytes": 76, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 57657, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 76, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:54.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:54.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 12430, + "log.original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,start,1,2012/04/10 04:39:54,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,25876,1,57657,53,0,0,0x200000,udp,allow,76,76,0,1,2012/04/10 04:39:54,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 76, + "network.community_id": "1:1yn57zVSr0UsUwbuL7XvzIWMbpM=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25876", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 57657, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:54.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59302, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:54.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:54.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 12783, + "log.original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,start,1,2012/04/10 04:39:54,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,24910,1,59302,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:54,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:22ouAyA1O0KgUQOEKP20E7gNa2U=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24910", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59302, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:54.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59301, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:54.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:54.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 13147, + "log.original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,start,1,2012/04/10 04:39:54,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,26862,1,59301,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:54,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:phQpgsVhj3YxNYzeNkqdzDgcMCg=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26862", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59301, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:54.000-02:00", + "client.bytes": 80, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 64844, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 80, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:54.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:54.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 13511, + "log.original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,start,1,2012/04/10 04:39:54,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,26222,1,64844,53,0,0,0x200000,udp,allow,80,80,0,1,2012/04/10 04:39:54,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 80, + "network.community_id": "1:SxifLhXvL8EiCuMvSbDcRARZyRw=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26222", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 64844, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:54.000-02:00", + "client.bytes": 80, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 52257, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 80, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:54.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:54.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 13864, + "log.original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,start,1,2012/04/10 04:39:54,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,26329,1,52257,53,0,0,0x200000,udp,allow,80,80,0,1,2012/04/10 04:39:54,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 80, + "network.community_id": "1:QYDqyZAUrBKpnIVn+epBn1ew/so=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26329", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 52257, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:54.000-02:00", + "client.bytes": 95, + "client.ip": "192.168.0.100", + "client.packets": 1, + "client.port": 38796, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 95, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:24.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:24.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "log.offset": 14217, + "log.original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,end,1,2012/04/10 04:39:54,192.168.0.100,8.8.8.8,0.0.0.0,0.0.0.0,rule1,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:54,25142,1,38796,53,0,0,0x0,udp,allow,206,95,111,2,2012/04/10 04:39:24,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,1", + "network.application": "dns", + "network.bytes": 206, + "network.community_id": "1:shHCpyazCigToSNjn/e4N7P4biU=", + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25142", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.100", + "8.8.8.8", + "0.0.0.0", + "0.0.0.0" + ], + "rule.name": "rule1", + "server.bytes": 111, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.100", + "source.bytes": 111, + "source.ip": "192.168.0.100", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 1, + "source.port": 38796, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:54.000-02:00", + "client.bytes": 597, + "client.ip": "192.168.0.2", + "client.packets": 7, + "client.port": 59200, + "client.user.name": "crusher", + "destination.address": "62.211.68.12", + "destination.as.number": 3269, + "destination.as.organization.name": "Telecom Italia", + "destination.bytes": 597, + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "IT", + "destination.geo.location.lat": 43.1479, + "destination.geo.location.lon": 12.1097, + "destination.ip": "62.211.68.12", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 6, + "destination.port": 80, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 1000000000, + "event.end": "2012-04-10T04:39:24.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:23.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 14556, + "log.original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,end,1,2012/04/10 04:39:54,192.168.0.2,62.211.68.12,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:54,25095,1,59200,80,0,0,0x200000,tcp,allow,1503,597,906,13,2012/04/10 04:39:23,1,entertainment-and-arts,0,0,0x0,192.168.0.0-192.168.255.255,Italy,0,6,7", + "network.application": "web-browsing", + "network.bytes": 1503, + "network.community_id": "1:cDqhuLJdpDu0NsYQNFC3GAMS3GQ=", + "network.direction": "outbound", + "network.packets": 13, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25095", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "entertainment-and-arts", + "related.ip": [ + "192.168.0.2", + "62.211.68.12", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 906, + "server.ip": "62.211.68.12", + "server.packets": 6, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 906, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 7, + "source.port": 59200, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:54.000-02:00", + "client.bytes": 804, + "client.ip": "192.168.0.100", + "client.packets": 7, + "client.port": 48412, + "destination.address": "50.19.102.116", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.bytes": 804, + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "50.19.102.116", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 10, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:24.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:24.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "log.offset": 14933, + "log.original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,end,1,2012/04/10 04:39:54,192.168.0.100,50.19.102.116,0.0.0.0,0.0.0.0,rule1,,,paloalto-wildfire-cloud,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:54,24787,1,48412,443,0,0,0x0,tcp,allow,5817,804,5013,17,2012/04/10 04:39:24,0,computer-and-internet-security,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,10,7", + "network.application": "paloalto-wildfire-cloud", + "network.bytes": 5817, + "network.community_id": "1:uf1iUYRFFiUYttG2AFf4pcXOdjw=", + "network.direction": "outbound", + "network.packets": 17, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24787", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-security", + "related.ip": [ + "192.168.0.100", + "50.19.102.116", + "0.0.0.0", + "0.0.0.0" + ], + "rule.name": "rule1", + "server.bytes": 5013, + "server.ip": "50.19.102.116", + "server.packets": 10, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.0.100", + "source.bytes": 5013, + "source.ip": "192.168.0.100", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 7, + "source.port": 48412, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:54.000-02:00", + "client.bytes": 187, + "client.ip": "192.168.0.2", + "client.packets": 1, + "client.port": 47752, + "client.user.name": "crusher", + "destination.address": "65.55.223.19", + "destination.as.number": 8075, + "destination.as.organization.name": "Microsoft Corporation", + "destination.bytes": 187, + "destination.geo.city_name": "Washington", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 38.7095, + "destination.geo.location.lon": -78.1539, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "65.55.223.19", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 40026, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:24.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:24.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 15331, + "log.original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,end,1,2012/04/10 04:39:54,192.168.0.2,65.55.223.19,0.0.0.0,0.0.0.0,rule1,crusher,,skype-probe,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:54,25948,1,47752,40026,0,0,0x200000,udp,allow,286,187,99,2,2012/04/10 04:39:24,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,1", + "network.application": "skype-probe", + "network.bytes": 286, + "network.community_id": "1:XF4dVSWPB46mtqr78f9EFUDEn6I=", + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25948", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "65.55.223.19", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 99, + "server.ip": "65.55.223.19", + "server.packets": 1, + "server.port": 40026, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 99, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 1, + "source.port": 47752, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:54.000-02:00", + "client.bytes": 76, + "client.ip": "192.168.0.2", + "client.packets": 1, + "client.port": 47752, + "client.user.name": "crusher", + "destination.address": "65.55.223.24", + "destination.as.number": 8075, + "destination.as.organization.name": "Microsoft Corporation", + "destination.bytes": 76, + "destination.geo.city_name": "Washington", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 38.7095, + "destination.geo.location.lon": -78.1539, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "65.55.223.24", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 40029, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:24.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:24.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 15696, + "log.original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,end,1,2012/04/10 04:39:54,192.168.0.2,65.55.223.24,0.0.0.0,0.0.0.0,rule1,crusher,,skype-probe,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:54,25444,1,47752,40029,0,0,0x200000,udp,allow,978,76,902,2,2012/04/10 04:39:24,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,1", + "network.application": "skype-probe", + "network.bytes": 978, + "network.community_id": "1:HEEGx0vjlpNA8Pw0s6pBr2v0rpo=", + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25444", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "65.55.223.24", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 902, + "server.ip": "65.55.223.24", + "server.packets": 1, + "server.port": 40029, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 902, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 1, + "source.port": 47752, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:54.000-02:00", + "client.bytes": 86, + "client.ip": "192.168.0.100", + "client.packets": 1, + "client.port": 52189, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 86, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:24.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:24.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "log.offset": 16061, + "log.original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,end,1,2012/04/10 04:39:54,192.168.0.100,8.8.8.8,0.0.0.0,0.0.0.0,rule1,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:54,25349,1,52189,53,0,0,0x0,udp,allow,227,86,141,2,2012/04/10 04:39:24,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,1", + "network.application": "dns", + "network.bytes": 227, + "network.community_id": "1:1CvVfwyezBZcR2u+VcrEzfuQK9s=", + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25349", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.100", + "8.8.8.8", + "0.0.0.0", + "0.0.0.0" + ], + "rule.name": "rule1", + "server.bytes": 141, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.100", + "source.bytes": 141, + "source.ip": "192.168.0.100", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 1, + "source.port": 52189, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:53.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59300, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:54.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:54.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 16400, + "log.original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,start,1,2012/04/10 04:39:53,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:54,25713,1,59300,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:54,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:YDMNSbru670DK5EMT3E28WFJPz4=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25713", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59300, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:53.000-02:00", + "client.bytes": 73, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 54414, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 73, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:53.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:53.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 16764, + "log.original": "Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,start,1,2012/04/10 04:39:53,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:54,26499,1,54414,53,0,0,0x200000,udp,allow,73,73,0,1,2012/04/10 04:39:53,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 73, + "network.community_id": "1:K6PPTb7ohj/4wQV86uCrgAF1mcY=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26499", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 54414, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:53.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59299, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:53.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:53.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 17117, + "log.original": "Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,start,1,2012/04/10 04:39:53,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,25437,1,59299,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:53,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:C9009xCOuCuGvMPT4caMCizoYr0=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25437", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59299, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:53.000-02:00", + "client.bytes": 80, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 60399, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 80, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:53.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:53.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 17481, + "log.original": "Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,start,1,2012/04/10 04:39:53,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,24848,1,60399,53,0,0,0x200000,udp,allow,80,80,0,1,2012/04/10 04:39:53,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 80, + "network.community_id": "1:BKNHj3e0QZpWJwLNiG4yqJnbrxk=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24848", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 60399, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:53.000-02:00", + "client.bytes": 166, + "client.ip": "192.168.0.2", + "client.packets": 2, + "client.port": 59626, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 166, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 2, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 1000000000, + "event.end": "2012-04-10T04:39:23.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:22.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 17834, + "log.original": "Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,end,1,2012/04/10 04:39:53,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,24924,1,59626,53,0,0,0x200000,udp,allow,482,166,316,4,2012/04/10 04:39:22,1,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,2,2", + "network.application": "dns", + "network.bytes": 482, + "network.community_id": "1:RQ3lmwvSayYq24fFbjpDDqDG+Dg=", + "network.direction": "outbound", + "network.packets": 4, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24924", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 316, + "server.ip": "205.171.2.25", + "server.packets": 2, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 316, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 2, + "source.port": 59626, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:53.000-02:00", + "client.bytes": 75, + "client.ip": "192.168.0.2", + "client.packets": 1, + "client.port": 51542, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 75, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:23.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:23.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 18189, + "log.original": "Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,end,1,2012/04/10 04:39:53,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,25899,1,51542,53,0,0,0x200000,udp,allow,196,75,121,2,2012/04/10 04:39:23,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,1", + "network.application": "dns", + "network.bytes": 196, + "network.community_id": "1:g5ixoTtR3QVz4le7g1L6PZ67CmU=", + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25899", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 121, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 121, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 1, + "source.port": 51542, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:53.000-02:00", + "client.bytes": 75, + "client.ip": "192.168.0.2", + "client.packets": 1, + "client.port": 54182, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 75, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:23.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:23.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 18543, + "log.original": "Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,end,1,2012/04/10 04:39:53,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,26066,1,54182,53,0,0,0x200000,udp,allow,244,75,169,2,2012/04/10 04:39:23,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,1", + "network.application": "dns", + "network.bytes": 244, + "network.community_id": "1:z0genl/l2JGIJaNTqaSLGCLTlo4=", + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26066", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 169, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 169, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 1, + "source.port": 54182, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:53.000-02:00", + "client.bytes": 594, + "client.ip": "192.168.0.2", + "client.packets": 7, + "client.port": 59199, + "client.user.name": "crusher", + "destination.address": "62.211.68.12", + "destination.as.number": 3269, + "destination.as.organization.name": "Telecom Italia", + "destination.bytes": 594, + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "IT", + "destination.geo.location.lat": 43.1479, + "destination.geo.location.lon": 12.1097, + "destination.ip": "62.211.68.12", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 6, + "destination.port": 80, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:23.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:23.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 18897, + "log.original": "Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,end,1,2012/04/10 04:39:53,192.168.0.2,62.211.68.12,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,24908,1,59199,80,0,0,0x200000,tcp,allow,1548,594,954,13,2012/04/10 04:39:23,0,business-and-economy,0,0,0x0,192.168.0.0-192.168.255.255,Italy,0,6,7", + "network.application": "web-browsing", + "network.bytes": 1548, + "network.community_id": "1:cIfWskY1iVpg8gxVVTX1K8A7+MA=", + "network.direction": "outbound", + "network.packets": 13, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24908", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.0.2", + "62.211.68.12", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 954, + "server.ip": "62.211.68.12", + "server.packets": 6, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 954, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 7, + "source.port": 59199, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:53.000-02:00", + "client.bytes": 1005, + "client.ip": "192.168.0.2", + "client.packets": 10, + "client.port": 59198, + "client.user.name": "crusher", + "destination.address": "212.48.10.58", + "destination.as.number": 8660, + "destination.as.organization.name": "Italiaonline S.p.A.", + "destination.bytes": 1005, + "destination.geo.city_name": "Assago", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "IT", + "destination.geo.location.lat": 45.4087, + "destination.geo.location.lon": 9.1225, + "destination.geo.region_iso_code": "IT-MI", + "destination.geo.region_name": "Milan", + "destination.ip": "212.48.10.58", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 12, + "destination.port": 80, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 2000000000, + "event.end": "2012-04-10T04:39:23.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:21.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 19272, + "log.original": "Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,end,1,2012/04/10 04:39:53,192.168.0.2,212.48.10.58,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,25105,1,59198,80,0,0,0x200000,tcp,allow,10135,1005,9130,22,2012/04/10 04:39:21,2,search-engines,0,0,0x0,192.168.0.0-192.168.255.255,Italy,0,12,10", + "network.application": "web-browsing", + "network.bytes": 10135, + "network.community_id": "1:UPWyVvocuULCMUmJlrn6XBha7JE=", + "network.direction": "outbound", + "network.packets": 22, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25105", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "search-engines", + "related.ip": [ + "192.168.0.2", + "212.48.10.58", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 9130, + "server.ip": "212.48.10.58", + "server.packets": 12, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 9130, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 10, + "source.port": 59198, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:53.000-02:00", + "client.bytes": 1363, + "client.ip": "192.168.0.2", + "client.packets": 3, + "client.port": 56856, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 1363, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 18, + "destination.port": 80, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 512000000000, + "event.end": "2012-04-10T04:38:23.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:29:51.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 19646, + "log.original": "Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,end,1,2012/04/10 04:39:53,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,11964,1,56856,80,0,0,0x200000,tcp,allow,1918,1363,555,21,2012/04/10 04:29:51,512,malware-sites,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,18,3", + "network.application": "web-browsing", + "network.bytes": 1918, + "network.community_id": "1:jFqkUdvAr9S/yeKacw5dlE+0/o0=", + "network.direction": "outbound", + "network.packets": 21, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "11964", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "malware-sites", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 555, + "server.ip": "204.232.231.46", + "server.packets": 18, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 555, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 3, + "source.port": 56856, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:53.000-02:00", + "client.bytes": 80, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 52489, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 80, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:53.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:53.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 20028, + "log.original": "Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,start,1,2012/04/10 04:39:53,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,26502,1,52489,53,0,0,0x200000,udp,allow,80,80,0,1,2012/04/10 04:39:53,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 80, + "network.community_id": "1:dQTHsEW3omlFoTmdZu1fchcTb9c=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26502", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 52489, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:52.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59298, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:53.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:53.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 20381, + "log.original": "Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,start,1,2012/04/10 04:39:52,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,26338,1,59298,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:53,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:BG6Rk6e+H9jRcZHXqRPFG4iA3uU=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26338", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59298, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:52.000-02:00", + "client.bytes": 76, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 60185, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 76, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:52.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:52.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 20745, + "log.original": "Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,start,1,2012/04/10 04:39:52,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,24919,1,60185,53,0,0,0x200000,udp,allow,76,76,0,1,2012/04/10 04:39:52,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 76, + "network.community_id": "1:eLVg5C7+4Gz+x6GBj4MlJHk/vyk=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24919", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 60185, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:52.000-02:00", + "client.bytes": 76, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 51817, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 76, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:52.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:52.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 21098, + "log.original": "Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,start,1,2012/04/10 04:39:52,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,26731,1,51817,53,0,0,0x200000,udp,allow,76,76,0,1,2012/04/10 04:39:52,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 76, + "network.community_id": "1:2v1FAVArMu9Fw0rZTZH/beAYGjs=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26731", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 51817, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:52.000-02:00", + "client.bytes": 186, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 47752, + "client.user.name": "crusher", + "destination.address": "65.55.223.31", + "destination.as.number": 8075, + "destination.as.organization.name": "Microsoft Corporation", + "destination.bytes": 186, + "destination.geo.city_name": "Washington", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 38.7095, + "destination.geo.location.lon": -78.1539, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "65.55.223.31", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 40043, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:52.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:52.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 21451, + "log.original": "Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,start,1,2012/04/10 04:39:52,192.168.0.2,65.55.223.31,0.0.0.0,0.0.0.0,rule1,crusher,,skype-probe,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,26504,1,47752,40043,0,0,0x200000,udp,allow,186,186,0,1,2012/04/10 04:39:52,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "skype-probe", + "network.bytes": 186, + "network.community_id": "1:2fa34ze5XsRR97Shg/2DWoWt57c=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26504", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "65.55.223.31", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "65.55.223.31", + "server.packets": 1, + "server.port": 40043, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 47752, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:52.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59297, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:52.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:52.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 21817, + "log.original": "Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,start,1,2012/04/10 04:39:52,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,25543,1,59297,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:52,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:Sa+u435/AIAAeEelFduJmiGLOv0=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25543", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59297, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:52.000-02:00", + "client.bytes": 82, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 52537, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 82, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:52.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:52.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 22181, + "log.original": "Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,start,1,2012/04/10 04:39:52,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,21948,1,52537,53,0,0,0x200000,udp,allow,82,82,0,1,2012/04/10 04:39:52,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 82, + "network.community_id": "1:Uym9anPFBcnC+VaX8dVhkzw/pgg=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "21948", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 52537, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:52.000-02:00", + "client.bytes": 82, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 53155, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 82, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:52.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:52.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 22534, + "log.original": "Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,TRAFFIC,start,1,2012/04/10 04:39:52,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:52,26279,1,53155,53,0,0,0x200000,udp,allow,82,82,0,1,2012/04/10 04:39:52,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 82, + "network.community_id": "1:BWJpN5ucpEKzwxBd0yrkows1+X4=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26279", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 53155, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:52.000-02:00", + "client.bytes": 581, + "client.ip": "192.168.0.2", + "client.packets": 7, + "client.port": 59197, + "client.user.name": "crusher", + "destination.address": "62.211.68.12", + "destination.as.number": 3269, + "destination.as.organization.name": "Telecom Italia", + "destination.bytes": 581, + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "IT", + "destination.geo.location.lat": 43.1479, + "destination.geo.location.lon": 12.1097, + "destination.ip": "62.211.68.12", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 6, + "destination.port": 80, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 1000000000, + "event.end": "2012-04-10T04:39:22.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:21.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 22887, + "log.original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,end,1,2012/04/10 04:39:52,192.168.0.2,62.211.68.12,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:52,24894,1,59197,80,0,0,0x200000,tcp,allow,1487,581,906,13,2012/04/10 04:39:21,1,entertainment-and-arts,0,0,0x0,192.168.0.0-192.168.255.255,Italy,0,6,7", + "network.application": "web-browsing", + "network.bytes": 1487, + "network.community_id": "1:k2B753fAG7GMJoQhAbMrDsOfDxA=", + "network.direction": "outbound", + "network.packets": 13, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24894", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "entertainment-and-arts", + "related.ip": [ + "192.168.0.2", + "62.211.68.12", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 906, + "server.ip": "62.211.68.12", + "server.packets": 6, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 906, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 7, + "source.port": 59197, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:52.000-02:00", + "client.bytes": 88, + "client.ip": "192.168.0.2", + "client.packets": 1, + "client.port": 56995, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 88, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:22.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:22.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 23264, + "log.original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,end,1,2012/04/10 04:39:52,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:52,24985,1,56995,53,0,0,0x200000,udp,allow,251,88,163,2,2012/04/10 04:39:22,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,1", + "network.application": "dns", + "network.bytes": 251, + "network.community_id": "1:PkU1rpfXiwvVRig4MJMcDvEUEas=", + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24985", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 163, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 163, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 1, + "source.port": 56995, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:51.000-02:00", + "client.bytes": 76, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59069, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 76, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:51.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:51.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 23618, + "log.original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,start,1,2012/04/10 04:39:51,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:52,25380,1,59069,53,0,0,0x200000,udp,allow,76,76,0,1,2012/04/10 04:39:51,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 76, + "network.community_id": "1:BYZjFq0Mi2hPewpUDaO1jY2UNnA=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25380", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59069, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:51.000-02:00", + "client.bytes": 76, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 55697, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 76, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:51.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:51.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 23971, + "log.original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,start,1,2012/04/10 04:39:51,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:52,24994,1,55697,53,0,0,0x200000,udp,allow,76,76,0,1,2012/04/10 04:39:51,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 76, + "network.community_id": "1:l0WoNEsuwN4ml47IyB3IhM2NX6A=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24994", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 55697, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:51.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59295, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:51.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:51.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 24324, + "log.original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,start,1,2012/04/10 04:39:51,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:52,25451,1,59295,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:51,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:AEtFqIuwxZ9TQ3w9m74nOrboCXE=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25451", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59295, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:51.000-02:00", + "client.bytes": 578, + "client.ip": "192.168.0.2", + "client.packets": 7, + "client.port": 59196, + "client.user.name": "crusher", + "destination.address": "62.211.68.12", + "destination.as.number": 3269, + "destination.as.organization.name": "Telecom Italia", + "destination.bytes": 578, + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "IT", + "destination.geo.location.lat": 43.1479, + "destination.geo.location.lon": 12.1097, + "destination.ip": "62.211.68.12", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 6, + "destination.port": 80, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 1000000000, + "event.end": "2012-04-10T04:39:21.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:20.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 24688, + "log.original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,end,1,2012/04/10 04:39:51,192.168.0.2,62.211.68.12,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:51,24866,1,59196,80,0,0,0x200000,tcp,allow,1500,578,922,13,2012/04/10 04:39:20,1,business-and-economy,0,0,0x0,192.168.0.0-192.168.255.255,Italy,0,6,7", + "network.application": "web-browsing", + "network.bytes": 1500, + "network.community_id": "1:t42FnU6e46qlRX0ij7ufkKPs3Co=", + "network.direction": "outbound", + "network.packets": 13, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24866", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.0.2", + "62.211.68.12", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 922, + "server.ip": "62.211.68.12", + "server.packets": 6, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 922, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 7, + "source.port": 59196, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:50.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59291, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:51.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:51.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 25063, + "log.original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,start,1,2012/04/10 04:39:50,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:51,26414,1,59291,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:51,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:AuQEAPptnfXLW8oL/ac3CM4Gnnw=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26414", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59291, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:50.000-02:00", + "client.bytes": 77, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 52858, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 77, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:50.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:50.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 25427, + "log.original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,start,1,2012/04/10 04:39:50,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:51,26131,1,52858,53,0,0,0x200000,udp,allow,77,77,0,1,2012/04/10 04:39:50,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 77, + "network.community_id": "1:ZVsgbE2ux52iF80QIxJN36vdI1M=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26131", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 52858, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:50.000-02:00", + "client.bytes": 77, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 61383, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 77, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:50.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:50.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 25780, + "log.original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,start,1,2012/04/10 04:39:50,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:51,26555,1,61383,53,0,0,0x200000,udp,allow,77,77,0,1,2012/04/10 04:39:50,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 77, + "network.community_id": "1:p68po3QtexuC2kor01hJgMDKiPM=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26555", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 61383, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:50.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59290, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:50.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:50.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 26133, + "log.original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,start,1,2012/04/10 04:39:50,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,15099,1,59290,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:50,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:2UbFMV1DsXMB0b/AUotNCCsHm0s=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "15099", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59290, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:50.000-02:00", + "client.bytes": 1310, + "client.ip": "192.168.0.2", + "client.packets": 22, + "client.port": 59195, + "client.user.name": "crusher", + "destination.address": "8.5.1.1", + "destination.as.number": 3356, + "destination.as.organization.name": "Level 3 Parent, LLC", + "destination.bytes": 1310, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.5.1.1", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 17, + "destination.port": 80, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:20.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:20.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 26497, + "log.original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,end,1,2012/04/10 04:39:50,192.168.0.2,8.5.1.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,24980,1,59195,80,0,0,0x200000,tcp,allow,28096,1310,26786,39,2012/04/10 04:39:20,0,not-resolved,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,17,22", + "network.application": "web-browsing", + "network.bytes": 28096, + "network.community_id": "1:J6pba/4Qby485gtIOBCJnQ0T04E=", + "network.direction": "outbound", + "network.packets": 39, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24980", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "not-resolved", + "related.ip": [ + "192.168.0.2", + "8.5.1.1", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 26786, + "server.ip": "8.5.1.1", + "server.packets": 17, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 26786, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 22, + "source.port": 59195, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:50.000-02:00", + "client.bytes": 83, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 49812, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 83, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:50.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:50.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 26873, + "log.original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,start,1,2012/04/10 04:39:50,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,26215,1,49812,53,0,0,0x200000,udp,allow,83,83,0,1,2012/04/10 04:39:50,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 83, + "network.community_id": "1:iSTXT01g3/K5eC8sEHIzTaFShsA=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26215", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 49812, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:50.000-02:00", + "client.bytes": 83, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 50185, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 83, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:50.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:50.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 27226, + "log.original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,start,1,2012/04/10 04:39:50,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,25881,1,50185,53,0,0,0x200000,udp,allow,83,83,0,1,2012/04/10 04:39:50,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 83, + "network.community_id": "1:3UaggcKnXvkcjpVHqbTU3mCMT5E=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25881", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 50185, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:50.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59286, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:50.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:50.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 27579, + "log.original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,start,1,2012/04/10 04:39:50,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,24955,1,59286,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:50,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:M8DHGZjrHyuCRpC9MNNfDUke5g4=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24955", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59286, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:50.000-02:00", + "client.bytes": 75, + "client.ip": "192.168.0.2", + "client.packets": 1, + "client.port": 52531, + "client.user.name": "crusher", + "destination.address": "192.168.0.1", + "destination.bytes": 75, + "destination.ip": "192.168.0.1", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:20.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:20.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 27943, + "log.original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,TRAFFIC,end,1,2012/04/10 04:39:50,192.168.0.2,192.168.0.1,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,24961,1,52531,53,0,0,0x200000,udp,allow,244,75,169,2,2012/04/10 04:39:20,0,any,0,0,0x0,192.168.0.0-192.168.255.255,192.168.0.0-192.168.255.255,0,1,1", + "network.application": "dns", + "network.bytes": 244, + "network.community_id": "1:aqHtUqeIwO72eo1M5ATE45cIze8=", + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24961", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "192.168.0.1", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 169, + "server.ip": "192.168.0.1", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 169, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 1, + "source.port": 52531, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:50.000-02:00", + "client.bytes": 1033, + "client.ip": "192.168.0.2", + "client.packets": 9, + "client.port": 59194, + "client.user.name": "crusher", + "destination.address": "212.48.10.58", + "destination.as.number": 8660, + "destination.as.organization.name": "Italiaonline S.p.A.", + "destination.bytes": 1033, + "destination.geo.city_name": "Assago", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "IT", + "destination.geo.location.lat": 45.4087, + "destination.geo.location.lon": 9.1225, + "destination.geo.region_iso_code": "IT-MI", + "destination.geo.region_name": "Milan", + "destination.ip": "212.48.10.58", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 12, + "destination.port": 80, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 3000000000, + "event.end": "2012-04-10T04:39:20.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:17.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 28310, + "log.original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,end,1,2012/04/10 04:39:50,192.168.0.2,212.48.10.58,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,24226,1,59194,80,0,0,0x200000,tcp,allow,10097,1033,9064,21,2012/04/10 04:39:17,3,search-engines,0,0,0x0,192.168.0.0-192.168.255.255,Italy,0,12,9", + "network.application": "web-browsing", + "network.bytes": 10097, + "network.community_id": "1:ZM81iQMHQAIwuZHdw5tm5lXF25A=", + "network.direction": "outbound", + "network.packets": 21, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24226", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "search-engines", + "related.ip": [ + "192.168.0.2", + "212.48.10.58", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 9064, + "server.ip": "212.48.10.58", + "server.packets": 12, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 9064, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 9, + "source.port": 59194, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:50.000-02:00", + "client.bytes": 981, + "client.ip": "192.168.0.2", + "client.packets": 10, + "client.port": 59192, + "client.user.name": "crusher", + "destination.address": "212.48.10.58", + "destination.as.number": 8660, + "destination.as.organization.name": "Italiaonline S.p.A.", + "destination.bytes": 981, + "destination.geo.city_name": "Assago", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "IT", + "destination.geo.location.lat": 45.4087, + "destination.geo.location.lon": 9.1225, + "destination.geo.region_iso_code": "IT-MI", + "destination.geo.region_name": "Milan", + "destination.ip": "212.48.10.58", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 12, + "destination.port": 80, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 7000000000, + "event.end": "2012-04-10T04:39:20.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:13.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 28683, + "log.original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,end,1,2012/04/10 04:39:50,192.168.0.2,212.48.10.58,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,25129,1,59192,80,0,0,0x200000,tcp,allow,10105,981,9124,22,2012/04/10 04:39:13,7,search-engines,0,0,0x0,192.168.0.0-192.168.255.255,Italy,0,12,10", + "network.application": "web-browsing", + "network.bytes": 10105, + "network.community_id": "1:yYl3JBOjYyGDcmf0pDc+hxky9gU=", + "network.direction": "outbound", + "network.packets": 22, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25129", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "search-engines", + "related.ip": [ + "192.168.0.2", + "212.48.10.58", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 9124, + "server.ip": "212.48.10.58", + "server.packets": 12, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 9124, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 10, + "source.port": 59192, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:50.000-02:00", + "client.bytes": 77, + "client.ip": "192.168.0.2", + "client.packets": 1, + "client.port": 56463, + "client.user.name": "crusher", + "destination.address": "192.168.0.1", + "destination.bytes": 77, + "destination.ip": "192.168.0.1", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:20.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:20.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 29056, + "log.original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,end,1,2012/04/10 04:39:50,192.168.0.2,192.168.0.1,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,25194,1,56463,53,0,0,0x200000,udp,allow,214,77,137,2,2012/04/10 04:39:20,0,any,0,0,0x0,192.168.0.0-192.168.255.255,192.168.0.0-192.168.255.255,0,1,1", + "network.application": "dns", + "network.bytes": 214, + "network.community_id": "1:VW3f2r1OUrbsOCF06MDfY/o+epU=", + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25194", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "192.168.0.1", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 137, + "server.ip": "192.168.0.1", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 137, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 1, + "source.port": 56463, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:50.000-02:00", + "client.bytes": 77, + "client.ip": "192.168.0.2", + "client.packets": 1, + "client.port": 55849, + "client.user.name": "crusher", + "destination.address": "192.168.0.1", + "destination.bytes": 77, + "destination.ip": "192.168.0.1", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:20.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:20.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 29423, + "log.original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,end,1,2012/04/10 04:39:50,192.168.0.2,192.168.0.1,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,26257,1,55849,53,0,0,0x200000,udp,allow,170,77,93,2,2012/04/10 04:39:20,0,any,0,0,0x0,192.168.0.0-192.168.255.255,192.168.0.0-192.168.255.255,0,1,1", + "network.application": "dns", + "network.bytes": 170, + "network.community_id": "1:yvOxIP48drmX6OmaQqFTRaGanko=", + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26257", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "192.168.0.1", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 93, + "server.ip": "192.168.0.1", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 93, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 1, + "source.port": 55849, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:49.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59282, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:49.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:49.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 29789, + "log.original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,start,1,2012/04/10 04:39:49,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,24561,1,59282,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:49,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:Vfi4CxQayypb3DoxclNfeNjXdjo=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24561", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59282, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:49.000-02:00", + "client.bytes": 71, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 57846, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 71, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:49.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:49.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 30153, + "log.original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,start,1,2012/04/10 04:39:49,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,26150,1,57846,53,0,0,0x200000,udp,allow,71,71,0,1,2012/04/10 04:39:49,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 71, + "network.community_id": "1:cWkoifFGPLq+ZcxaNzzYym9H7jI=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26150", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 57846, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:49.000-02:00", + "client.bytes": 71, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 51008, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 71, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:49.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:49.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 30506, + "log.original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,start,1,2012/04/10 04:39:49,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,25676,1,51008,53,0,0,0x200000,udp,allow,71,71,0,1,2012/04/10 04:39:49,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 71, + "network.community_id": "1:SicjKSp4oQCovx4rjFSg+IThGYA=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25676", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 51008, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:49.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59281, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:49.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:49.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 30859, + "log.original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,start,1,2012/04/10 04:39:49,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,25306,1,59281,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:49,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:/tG+YfZ8qFKrUDfQ7EThCBXci9Y=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25306", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59281, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:49.000-02:00", + "client.bytes": 80, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 55252, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 80, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:49.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:49.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 31223, + "log.original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,start,1,2012/04/10 04:39:49,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,26411,1,55252,53,0,0,0x200000,udp,allow,80,80,0,1,2012/04/10 04:39:49,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 80, + "network.community_id": "1:cp0HVI5MHMB+G4/hIuKGoX1WWac=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26411", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 55252, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:49.000-02:00", + "client.bytes": 176, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 56995, + "client.user.name": "crusher", + "destination.address": "192.168.0.1", + "destination.bytes": 176, + "destination.ip": "192.168.0.1", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 2, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 1000000000, + "event.end": "2012-04-10T04:39:19.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:18.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 31576, + "log.original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,end,1,2012/04/10 04:39:49,192.168.0.2,192.168.0.1,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,24844,1,56995,53,0,0,0x200000,udp,allow,176,176,0,2,2012/04/10 04:39:18,1,any,0,0,0x0,192.168.0.0-192.168.255.255,192.168.0.0-192.168.255.255,0,2,0", + "network.application": "dns", + "network.bytes": 176, + "network.community_id": "1:X6pWtJqspZOnEXaF1nKblB/B3f4=", + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24844", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "192.168.0.1", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "192.168.0.1", + "server.packets": 2, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 56995, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:49.000-02:00", + "client.bytes": 80, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 60989, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 80, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:49.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:49.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 31942, + "log.original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,start,1,2012/04/10 04:39:49,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:49,26335,1,60989,53,0,0,0x200000,udp,allow,80,80,0,1,2012/04/10 04:39:49,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 80, + "network.community_id": "1:bIf8k1Z5+8sNSsr63qo8XknzQDo=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26335", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 60989, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:48.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59280, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:48.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:48.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 32295, + "log.original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,start,1,2012/04/10 04:39:48,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:49,26127,1,59280,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:48,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:IRI0j5xLyLhwaONpy7gVZdl/Qow=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26127", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59280, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:48.000-02:00", + "client.bytes": 81, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 53766, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 81, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:48.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:48.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 32659, + "log.original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,start,1,2012/04/10 04:39:48,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:49,25488,1,53766,53,0,0,0x200000,udp,allow,81,81,0,1,2012/04/10 04:39:48,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 81, + "network.community_id": "1:VJaNvIgkNIXRerGHtYQC0HUPZh8=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25488", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 53766, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:48.000-02:00", + "client.bytes": 81, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 56032, + "client.user.name": "crusher", + "destination.address": "205.171.2.25", + "destination.as.number": 209, + "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.bytes": 81, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:48.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:48.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 33012, + "log.original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,start,1,2012/04/10 04:39:48,192.168.0.2,205.171.2.25,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:49,25269,1,56032,53,0,0,0x200000,udp,allow,81,81,0,1,2012/04/10 04:39:48,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "dns", + "network.bytes": 81, + "network.community_id": "1:fMeKYeqX7mnB812D1vOtHs7BRO4=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25269", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "205.171.2.25", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "205.171.2.25", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 56032, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:48.000-02:00", + "client.bytes": 581, + "client.ip": "192.168.0.2", + "client.packets": 7, + "client.port": 59193, + "client.user.name": "crusher", + "destination.address": "62.211.68.12", + "destination.as.number": 3269, + "destination.as.organization.name": "Telecom Italia", + "destination.bytes": 581, + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "IT", + "destination.geo.location.lat": 43.1479, + "destination.geo.location.lon": 12.1097, + "destination.ip": "62.211.68.12", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 6, + "destination.port": 80, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 1000000000, + "event.end": "2012-04-10T04:39:18.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:17.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 33365, + "log.original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,TRAFFIC,end,1,2012/04/10 04:39:48,192.168.0.2,62.211.68.12,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:48,25715,1,59193,80,0,0,0x200000,tcp,allow,1487,581,906,13,2012/04/10 04:39:17,1,entertainment-and-arts,0,0,0x0,192.168.0.0-192.168.255.255,Italy,0,6,7", + "network.application": "web-browsing", + "network.bytes": 1487, + "network.community_id": "1:2482BoM8NEujTrlI4lp2vfAxmus=", + "network.direction": "outbound", + "network.packets": 13, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25715", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "entertainment-and-arts", + "related.ip": [ + "192.168.0.2", + "62.211.68.12", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 906, + "server.ip": "62.211.68.12", + "server.packets": 6, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 906, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 7, + "source.port": 59193, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:48.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59279, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:48.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:48.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 33742, + "log.original": "Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,TRAFFIC,start,1,2012/04/10 04:39:48,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:48,26251,1,59279,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:48,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:FmIwID3HJ4Q0574SjlhMHApz/Hs=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26251", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59279, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:47.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59278, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:48.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:48.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 34106, + "log.original": "Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,TRAFFIC,start,1,2012/04/10 04:39:47,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:48,25871,1,59278,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:48,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:WiUImNtgjkeNDi1Qigg7+Y6pDAg=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25871", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59278, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:47.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59277, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:47.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:47.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 34470, + "log.original": "Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,TRAFFIC,start,1,2012/04/10 04:39:47,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:48,25945,1,59277,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:47,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:/+Opb16c1ye6uLeu1/TNC+SGnYs=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25945", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59277, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:47.000-02:00", + "client.bytes": 166, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 60026, + "client.user.name": "crusher", + "destination.address": "192.168.0.1", + "destination.bytes": 166, + "destination.ip": "192.168.0.1", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 2, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 1000000000, + "event.end": "2012-04-10T04:39:17.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:16.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 34834, + "log.original": "Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,TRAFFIC,end,1,2012/04/10 04:39:47,192.168.0.2,192.168.0.1,0.0.0.0,0.0.0.0,rule1,crusher,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:48,25310,1,60026,53,0,0,0x200000,udp,allow,166,166,0,2,2012/04/10 04:39:16,1,any,0,0,0x0,192.168.0.0-192.168.255.255,192.168.0.0-192.168.255.255,0,2,0", + "network.application": "dns", + "network.bytes": 166, + "network.community_id": "1:h46cgrbWRw4seDnSlCbWxjLRmqs=", + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25310", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "192.168.0.1", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "192.168.0.1", + "server.packets": 2, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 60026, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:47.000-02:00", + "client.bytes": 351, + "client.ip": "192.168.0.2", + "client.packets": 1, + "client.port": 59276, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 351, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 3, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:47.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:47.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 35200, + "log.original": "Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,TRAFFIC,start,1,2012/04/10 04:39:47,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:47,27111,1,59276,80,0,0,0x200000,tcp,allow,429,351,78,4,2012/04/10 04:39:47,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,3,1", + "network.application": "web-browsing", + "network.bytes": 429, + "network.community_id": "1:uslltTePy/m8Gxhk/MgPbZfk6Rg=", + "network.direction": "outbound", + "network.packets": 4, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "27111", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 78, + "server.ip": "204.232.231.46", + "server.packets": 3, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 78, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 1, + "source.port": 59276, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:47.000-02:00", + "client.bytes": 351, + "client.ip": "192.168.0.2", + "client.packets": 1, + "client.port": 59275, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 351, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 3, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:47.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:47.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 35567, + "log.original": "Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,TRAFFIC,start,1,2012/04/10 04:39:47,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:47,25398,1,59275,80,0,0,0x200000,tcp,allow,429,351,78,4,2012/04/10 04:39:47,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,3,1", + "network.application": "web-browsing", + "network.bytes": 429, + "network.community_id": "1:AVMiOufq2owuhWpcu/TfRJ38tv4=", + "network.direction": "outbound", + "network.packets": 4, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25398", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 78, + "server.ip": "204.232.231.46", + "server.packets": 3, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 78, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 1, + "source.port": 59275, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2012-04-10T04:39:46.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.0.2", + "client.packets": 0, + "client.port": 59274, + "client.user.name": "crusher", + "destination.address": "204.232.231.46", + "destination.as.number": 27357, + "destination.as.organization.name": "Rackspace Hosting", + "destination.bytes": 78, + "destination.geo.city_name": "Fort Lauderdale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 26.1792, + "destination.geo.location.lon": -80.1749, + "destination.geo.region_iso_code": "US-FL", + "destination.geo.region_name": "Florida", + "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, + "destination.packets": 1, + "destination.port": 80, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2012-04-10T04:39:46.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2012-04-10T04:39:46.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.captive_portal": true, + "log.offset": 35934, + "log.original": "Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,TRAFFIC,start,1,2012/04/10 04:39:46,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:47,23898,1,59274,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:46,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", + "network.application": "web-browsing", + "network.bytes": 78, + "network.community_id": "1:/0xM0KlMLwieymkDApfqS3/WWiQ=", + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.serial_number": "01606001116", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23898", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.0.2", + "204.232.231.46", + "0.0.0.0", + "0.0.0.0" + ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", + "server.bytes": 0, + "server.ip": "204.232.231.46", + "server.packets": 1, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.0.2", + "source.bytes": 0, + "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 59274, + "source.user.name": "crusher", + "tags": [ + "pan-os" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/panw/panos/test/threat.log b/filebeat/module/panw/panos/test/threat.log new file mode 100644 index 00000000000..2b6854cf5a5 --- /dev/null +++ b/filebeat/module/panw/panos/test/threat.log @@ -0,0 +1,76 @@ +Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28191,1,52984,443,37679,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7726,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28219,1,52983,443,28249,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7727,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,27723,1,52986,443,63898,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7728,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28172,1,52985,443,7515,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7729,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28151,1,52987,443,3225,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7730,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28076,1,52988,443,60449,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7731,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28173,1,52990,443,60559,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7732,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28186,1,52989,443,47414,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7733,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28192,1,52992,443,37673,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7734,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,27011,1,52991,443,8232,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7735,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28240,1,52994,443,32982,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7736,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28143,1,52993,443,10473,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7737,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28272,1,52995,443,20446,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7738,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28146,1,52996,443,34699,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7739,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28278,1,52997,443,22820,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7740,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:37,012801096514,THREAT,url,2049,2018/11/30 16:44:37,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:37,28185,1,52998,443,41060,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7741,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:37,012801096514,THREAT,url,2049,2018/11/30 16:44:37,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:37,28201,1,52999,443,9058,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7742,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:37,012801096514,THREAT,url,2049,2018/11/30 16:44:37,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:37,28148,1,53001,443,54846,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7743,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:37,012801096514,THREAT,url,2049,2018/11/30 16:44:37,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:37,28121,1,53002,443,52731,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7744,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:38 PA-220 1,2018/11/30 16:44:38,012801096514,THREAT,url,2049,2018/11/30 16:44:38,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:38,28228,1,53003,443,15165,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7745,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:38 PA-220 1,2018/11/30 16:44:38,012801096514,THREAT,url,2049,2018/11/30 16:44:38,192.168.15.224,23.72.137.131,192.168.1.63,23.72.137.131,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:38,28196,1,53004,443,53918,443,0x403000,tcp,block-url,"b.scorecardresearch.com/",(9999),business-and-economy,informational,client-to-server,7746,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:38 PA-220 1,2018/11/30 16:44:38,012801096514,THREAT,url,2049,2018/11/30 16:44:38,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:38,28007,1,53000,443,40792,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7747,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28117,1,53006,443,54044,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7748,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28109,1,53007,443,19544,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7749,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28260,1,53008,443,13462,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7750,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28275,1,53010,443,44892,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7752,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28266,1,53011,443,16487,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7753,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28294,1,53012,443,23952,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7754,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28248,1,53013,443,2810,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7755,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28274,1,53014,443,13272,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7756,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:47 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28285,1,53022,443,8663,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7762,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:47 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28306,1,53023,443,55738,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7763,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:47 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28116,1,53024,443,10650,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7764,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:47 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28214,1,53025,443,44087,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7765,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:47 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28080,1,53026,443,15915,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7766,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:53 PA-220 1,2018/11/30 16:44:53,012801096514,THREAT,url,2049,2018/11/30 16:44:53,192.168.15.224,151.101.2.2,192.168.1.63,151.101.2.2,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:53,28318,1,53041,443,41165,443,0x403000,tcp,block-url,"cdn.taboola.com/",(9999),business-and-economy,informational,client-to-server,7768,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:54 PA-220 1,2018/11/30 16:44:54,012801096514,THREAT,url,2049,2018/11/30 16:44:54,192.168.15.224,54.192.7.152,192.168.1.63,54.192.7.152,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:54,28300,1,53040,443,54133,443,0x403000,tcp,block-url,"rules.quantcount.com/",(9999),business-and-economy,informational,client-to-server,7769,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:59 PA-220 1,2018/11/30 16:44:58,012801096514,THREAT,url,2049,2018/11/30 16:44:58,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:58,28339,1,53093,443,8485,443,0x403000,tcp,block-url,"srv-2018-11-30-22.config.parsely.com/",(9999),business-and-economy,informational,client-to-server,7770,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:59 PA-220 1,2018/11/30 16:44:58,012801096514,THREAT,url,2049,2018/11/30 16:44:58,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:58,28299,1,53094,443,12496,443,0x403000,tcp,block-url,"srv-2018-11-30-22.config.parsely.com/",(9999),business-and-economy,informational,client-to-server,7771,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:59 PA-220 1,2018/11/30 16:44:58,012801096514,THREAT,url,2049,2018/11/30 16:44:58,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:58,28303,1,53095,443,17029,443,0x403000,tcp,block-url,"srv-2018-11-30-22.config.parsely.com/",(9999),business-and-economy,informational,client-to-server,7772,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:44:59 PA-220 1,2018/11/30 16:44:58,012801096514,THREAT,url,2049,2018/11/30 16:44:58,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:58,28390,1,53096,443,23696,443,0x403000,tcp,block-url,"srv-2018-11-30-22.config.parsely.com/",(9999),business-and-economy,informational,client-to-server,7773,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:00 PA-220 1,2018/11/30 16:44:59,012801096514,THREAT,url,2049,2018/11/30 16:44:59,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:59,28433,1,53097,443,34769,443,0x403000,tcp,block-url,"srv-2018-11-30-22.config.parsely.com/",(9999),business-and-economy,informational,client-to-server,7774,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:00 PA-220 1,2018/11/30 16:44:59,012801096514,THREAT,url,2049,2018/11/30 16:44:59,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:59,28380,1,53099,443,22486,443,0x403000,tcp,block-url,"srv-2018-11-30-22.config.parsely.com/",(9999),business-and-economy,informational,client-to-server,7775,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:00 PA-220 1,2018/11/30 16:44:59,012801096514,THREAT,url,2049,2018/11/30 16:44:59,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:59,28363,1,53100,443,12894,443,0x403000,tcp,block-url,"srv-2018-11-30-22.config.parsely.com/",(9999),business-and-economy,informational,client-to-server,7776,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:00 PA-220 1,2018/11/30 16:45:00,012801096514,THREAT,url,2049,2018/11/30 16:45:00,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:00,28349,1,53101,443,62348,443,0x403000,tcp,block-url,"srv-2018-11-30-22.config.parsely.com/",(9999),business-and-economy,informational,client-to-server,7777,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:00 PA-220 1,2018/11/30 16:45:00,012801096514,THREAT,url,2049,2018/11/30 16:45:00,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:00,28411,1,53104,443,6224,443,0x403000,tcp,block-url,"srv-2018-11-30-22.config.parsely.com/",(9999),business-and-economy,informational,client-to-server,7778,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:00 PA-220 1,2018/11/30 16:45:00,012801096514,THREAT,url,2049,2018/11/30 16:45:00,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:00,28397,1,53107,443,44120,443,0x403000,tcp,block-url,"srv-2018-11-30-22.config.parsely.com/",(9999),business-and-economy,informational,client-to-server,7779,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:00 PA-220 1,2018/11/30 16:45:00,012801096514,THREAT,url,2049,2018/11/30 16:45:00,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:00,28347,1,53108,443,44228,443,0x403000,tcp,block-url,"srv-2018-11-30-22.config.parsely.com/",(9999),business-and-economy,informational,client-to-server,7780,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:00 PA-220 1,2018/11/30 16:45:00,012801096514,THREAT,url,2049,2018/11/30 16:45:00,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:00,28443,1,53109,443,31322,443,0x403000,tcp,block-url,"srv-2018-11-30-22.config.parsely.com/",(9999),business-and-economy,informational,client-to-server,7781,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:14 PA-220 1,2018/11/30 16:45:13,012801096514,THREAT,url,2049,2018/11/30 16:45:13,192.168.15.224,216.58.194.98,192.168.1.63,216.58.194.98,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:13,28439,1,53118,443,1672,443,0x403000,tcp,block-url,"www.googleadservices.com/",(9999),business-and-economy,informational,client-to-server,7782,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:15,012801096514,THREAT,url,2049,2018/11/30 16:45:15,192.168.15.224,23.72.145.245,192.168.1.63,23.72.145.245,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:15,25958,1,53126,443,20801,443,0x403000,tcp,block-url,"service.maxymiser.net/",(9999),business-and-economy,informational,client-to-server,7783,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:15,012801096514,THREAT,url,2049,2018/11/30 16:45:15,192.168.15.224,23.72.145.245,192.168.1.63,23.72.145.245,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:15,28429,1,53127,443,24533,443,0x403000,tcp,block-url,"service.maxymiser.net/",(9999),business-and-economy,informational,client-to-server,7784,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:15,012801096514,THREAT,url,2049,2018/11/30 16:45:15,192.168.15.224,23.72.145.245,192.168.1.63,23.72.145.245,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:15,28465,1,53128,443,30150,443,0x403000,tcp,block-url,"service.maxymiser.net/",(9999),business-and-economy,informational,client-to-server,7785,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:15,012801096514,THREAT,url,2049,2018/11/30 16:45:15,192.168.15.224,23.72.145.245,192.168.1.63,23.72.145.245,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:15,28504,1,53129,443,36305,443,0x403000,tcp,block-url,"service.maxymiser.net/",(9999),business-and-economy,informational,client-to-server,7786,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:16,012801096514,THREAT,url,2049,2018/11/30 16:45:16,192.168.15.224,23.72.145.245,192.168.1.63,23.72.145.245,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:16,28458,1,53130,443,42682,443,0x403000,tcp,block-url,"service.maxymiser.net/",(9999),business-and-economy,informational,client-to-server,7787,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:16,012801096514,THREAT,url,2049,2018/11/30 16:45:16,192.168.15.224,23.72.145.245,192.168.1.63,23.72.145.245,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:16,28491,1,53131,443,22530,443,0x403000,tcp,block-url,"service.maxymiser.net/",(9999),business-and-economy,informational,client-to-server,7788,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:16,012801096514,THREAT,url,2049,2018/11/30 16:45:16,192.168.15.224,23.72.145.245,192.168.1.63,23.72.145.245,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:16,28520,1,53132,443,43713,443,0x403000,tcp,block-url,"service.maxymiser.net/",(9999),business-and-economy,informational,client-to-server,7789,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:16,012801096514,THREAT,url,2049,2018/11/30 16:45:16,192.168.15.224,23.72.145.245,192.168.1.63,23.72.145.245,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:16,28335,1,53133,443,60608,443,0x403000,tcp,block-url,"service.maxymiser.net/",(9999),business-and-economy,informational,client-to-server,7790,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:16,012801096514,THREAT,url,2049,2018/11/30 16:45:16,192.168.15.224,23.72.145.245,192.168.1.63,23.72.145.245,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:16,28414,1,53134,443,9302,443,0x403000,tcp,block-url,"service.maxymiser.net/",(9999),business-and-economy,informational,client-to-server,7791,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:17 PA-220 1,2018/11/30 16:45:16,012801096514,THREAT,url,2049,2018/11/30 16:45:16,192.168.15.224,23.72.145.245,192.168.1.63,23.72.145.245,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:16,28488,1,53135,443,11634,443,0x403000,tcp,block-url,"service.maxymiser.net/",(9999),business-and-economy,informational,client-to-server,7792,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:26,012801096514,THREAT,url,2049,2018/11/30 16:45:26,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:26,28469,1,53152,443,30818,443,0x403000,tcp,block-url,"segment-data.zqtk.net/",(9999),business-and-economy,informational,client-to-server,7793,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:26,012801096514,THREAT,url,2049,2018/11/30 16:45:26,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:26,28556,1,53155,443,64260,443,0x403000,tcp,block-url,"segment-data.zqtk.net/",(9999),business-and-economy,informational,client-to-server,7794,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:26,012801096514,THREAT,url,2049,2018/11/30 16:45:26,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:26,28558,1,53158,443,7071,443,0x403000,tcp,block-url,"segment-data.zqtk.net/",(9999),business-and-economy,informational,client-to-server,7795,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:26,012801096514,THREAT,url,2049,2018/11/30 16:45:26,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:26,28531,1,53160,443,4512,443,0x403000,tcp,block-url,"segment-data.zqtk.net/",(9999),business-and-economy,informational,client-to-server,7796,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:26,012801096514,THREAT,url,2049,2018/11/30 16:45:26,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:26,28580,1,53161,443,3422,443,0x403000,tcp,block-url,"segment-data.zqtk.net/",(9999),business-and-economy,informational,client-to-server,7797,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:27,012801096514,THREAT,url,2049,2018/11/30 16:45:27,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:27,28477,1,53162,443,4651,443,0x403000,tcp,block-url,"segment-data.zqtk.net/",(9999),business-and-economy,informational,client-to-server,7798,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:27,012801096514,THREAT,url,2049,2018/11/30 16:45:27,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:27,28484,1,53163,443,19068,443,0x403000,tcp,block-url,"segment-data.zqtk.net/",(9999),business-and-economy,informational,client-to-server,7799,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:27,012801096514,THREAT,url,2049,2018/11/30 16:45:27,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:27,28609,1,53164,443,5831,443,0x403000,tcp,block-url,"segment-data.zqtk.net/",(9999),business-and-economy,informational,client-to-server,7800,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:27,012801096514,THREAT,url,2049,2018/11/30 16:45:27,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:27,28564,1,53165,443,7084,443,0x403000,tcp,block-url,"segment-data.zqtk.net/",(9999),business-and-economy,informational,client-to-server,7801,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:27,012801096514,THREAT,url,2049,2018/11/30 16:45:27,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:27,28542,1,53166,443,18633,443,0x403000,tcp,block-url,"segment-data.zqtk.net/",(9999),business-and-economy,informational,client-to-server,7802,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:28 PA-220 1,2018/11/30 16:45:27,012801096514,THREAT,url,2049,2018/11/30 16:45:27,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:27,28590,1,53167,443,25557,443,0x403000,tcp,block-url,"segment-data.zqtk.net/",(9999),business-and-economy,informational,client-to-server,7803,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:28 PA-220 1,2018/11/30 16:45:27,012801096514,THREAT,url,2049,2018/11/30 16:45:27,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:27,28455,1,53150,443,20661,443,0x403000,tcp,block-url,"segment-data.zqtk.net/",(9999),business-and-economy,informational,client-to-server,7804,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:29 PA-220 1,2018/11/30 16:45:28,012801096514,THREAT,url,2049,2018/11/30 16:45:28,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:28,28585,1,53185,443,65438,443,0x403000,tcp,block-url,"segment-data.zqtk.net/",(9999),business-and-economy,informational,client-to-server,7805,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:29 PA-220 1,2018/11/30 16:45:28,012801096514,THREAT,url,2049,2018/11/30 16:45:28,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:28,28462,1,53187,443,53101,443,0x403000,tcp,block-url,"segment-data.zqtk.net/",(9999),business-and-economy,informational,client-to-server,7806,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:29 PA-220 1,2018/11/30 16:45:28,012801096514,THREAT,url,2049,2018/11/30 16:45:28,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:28,28839,1,53188,443,35463,443,0x403000,tcp,block-url,"segment-data.zqtk.net/",(9999),business-and-economy,informational,client-to-server,7807,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, +Nov 30 16:45:30 PA-220 1,2018/11/30 16:45:29,012801096514,THREAT,url,2049,2018/11/30 16:45:29,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:29,28400,1,53178,443,45769,443,0x403000,tcp,block-url,"segment-data.zqtk.net/",(9999),business-and-economy,informational,client-to-server,7808,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, diff --git a/filebeat/module/panw/panos/test/threat.log-expected.json b/filebeat/module/panw/panos/test/threat.log-expected.json new file mode 100644 index 00000000000..c17fcbee131 --- /dev/null +++ b/filebeat/module/panw/panos/test/threat.log-expected.json @@ -0,0 +1,6476 @@ +[ + { + "@timestamp": "2018-11-30T16:44:36.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 52984, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 0, + "log.original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28191,1,52984,443,37679,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7726,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:mDxnuNGkonQEEYcMT0Dur/FCt/I=", + "1:qjpdroY6VaRSEUbSXzSWtUX00kc=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28191", + "panw.panos.network.nat.community_id": "1:qjpdroY6VaRSEUbSXzSWtUX00kc=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 37679, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 37679, + "source.port": 52984, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:36.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 52983, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 546, + "log.original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28219,1,52983,443,28249,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7727,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:svoGHRUXQeOT1QlGYhMbEalRiPU=", + "1:j6so5fl9DGKhDhaNmjI+6ipOFyc=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28219", + "panw.panos.network.nat.community_id": "1:j6so5fl9DGKhDhaNmjI+6ipOFyc=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 28249, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 28249, + "source.port": 52983, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:36.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 52986, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 1092, + "log.original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,27723,1,52986,443,63898,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7728,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:cl1ZW9fCG1bKgQuAww26hYqxyq0=", + "1:c4Xs8aAPhIYB760P+BLmrzOvjv4=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "27723", + "panw.panos.network.nat.community_id": "1:c4Xs8aAPhIYB760P+BLmrzOvjv4=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 63898, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 63898, + "source.port": 52986, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:36.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 52985, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 1638, + "log.original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28172,1,52985,443,7515,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7729,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:0KdQcz2+OQg8Kuyqn3tvtzrtAtk=", + "1:RU/nMZByVkBbsckJ18XtpXhQlPg=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28172", + "panw.panos.network.nat.community_id": "1:RU/nMZByVkBbsckJ18XtpXhQlPg=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 7515, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 7515, + "source.port": 52985, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:36.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 52987, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 2183, + "log.original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28151,1,52987,443,3225,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7730,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:ZuULYSnnlQSsdqWsfJBHQTPqbJo=", + "1:FTVZK5v5Nqts17X+FJm/bQk1rwM=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28151", + "panw.panos.network.nat.community_id": "1:FTVZK5v5Nqts17X+FJm/bQk1rwM=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 3225, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 3225, + "source.port": 52987, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:36.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 52988, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 2728, + "log.original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28076,1,52988,443,60449,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7731,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:ovf/7i/MclKhY1UKalpHzmmlthk=", + "1:iHTY/vpQo2TsRYJW2n+lqb0w5f4=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28076", + "panw.panos.network.nat.community_id": "1:iHTY/vpQo2TsRYJW2n+lqb0w5f4=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 60449, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 60449, + "source.port": 52988, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:36.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 52990, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 3274, + "log.original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28173,1,52990,443,60559,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7732,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:K7vLQF60EynWhcmrB6/wjEG8qzI=", + "1:f+u5A73xp5gqmRCSN2kCCSbvBRg=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28173", + "panw.panos.network.nat.community_id": "1:f+u5A73xp5gqmRCSN2kCCSbvBRg=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 60559, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 60559, + "source.port": 52990, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:36.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 52989, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 3820, + "log.original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28186,1,52989,443,47414,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7733,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:nMc/XZ2HhyrMMpTfW7UK0Q7QRJM=", + "1:v4+MIeqiGJJ9Z3SUTNLFEoYtw74=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28186", + "panw.panos.network.nat.community_id": "1:v4+MIeqiGJJ9Z3SUTNLFEoYtw74=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 47414, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 47414, + "source.port": 52989, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:36.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 52992, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 4366, + "log.original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28192,1,52992,443,37673,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7734,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:UDkY52oWrSsYAqwPSTAKyKhwzvQ=", + "1:BilmVEwf9nQIXodvin3X6lZuVAc=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28192", + "panw.panos.network.nat.community_id": "1:BilmVEwf9nQIXodvin3X6lZuVAc=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 37673, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 37673, + "source.port": 52992, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:36.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 52991, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 4912, + "log.original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,27011,1,52991,443,8232,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7735,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:pWCQCkwDKmw2APwAJ2GcT6QNXQg=", + "1:CmZ6KkZzaxpkJHXJn0lNskvvZLA=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "27011", + "panw.panos.network.nat.community_id": "1:CmZ6KkZzaxpkJHXJn0lNskvvZLA=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 8232, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 8232, + "source.port": 52991, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:36.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 52994, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 5457, + "log.original": "Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28240,1,52994,443,32982,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7736,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:3V7ODANn0gD6PFiGWb7LVZcr3TY=", + "1:Xy6vXuBmLPx1/PDpu/KMI1ZPnW0=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28240", + "panw.panos.network.nat.community_id": "1:Xy6vXuBmLPx1/PDpu/KMI1ZPnW0=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 32982, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 32982, + "source.port": 52994, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:36.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 52993, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 6003, + "log.original": "Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28143,1,52993,443,10473,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7737,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:7WQBEq/QCPNFLId7r93vN98nPHQ=", + "1:nmxmtIja0z/MV5rgbBnScsKtW0U=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28143", + "panw.panos.network.nat.community_id": "1:nmxmtIja0z/MV5rgbBnScsKtW0U=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 10473, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 10473, + "source.port": 52993, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:36.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 52995, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 6549, + "log.original": "Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28272,1,52995,443,20446,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7738,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:r3rve3ghPTa/BACcRlan0FEgZFw=", + "1:XNlHvX7cDGGCkvSS/aFHGg/RnAk=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28272", + "panw.panos.network.nat.community_id": "1:XNlHvX7cDGGCkvSS/aFHGg/RnAk=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 20446, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 20446, + "source.port": 52995, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:36.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 52996, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 7095, + "log.original": "Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28146,1,52996,443,34699,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7739,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:2A2PtRAEa2EIbgp0B+6pQMVyM1o=", + "1:DqCF4BufQU/spPG8UYok6IrChWo=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28146", + "panw.panos.network.nat.community_id": "1:DqCF4BufQU/spPG8UYok6IrChWo=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 34699, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 34699, + "source.port": 52996, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:36.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 52997, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 7641, + "log.original": "Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28278,1,52997,443,22820,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7740,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:ttgSlbqHs+GKueSexHsquCbfjCk=", + "1:lJHLfl+/x95GohXozN52zokIxvA=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28278", + "panw.panos.network.nat.community_id": "1:lJHLfl+/x95GohXozN52zokIxvA=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 22820, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 22820, + "source.port": 52997, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:37.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 52998, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 8187, + "log.original": "Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:37,012801096514,THREAT,url,2049,2018/11/30 16:44:37,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:37,28185,1,52998,443,41060,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7741,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:h4Yhxi4lfeFiizTNiugYzEk9CM4=", + "1:OVE3ctnTt5X1L6qNDr4QILL0dFg=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28185", + "panw.panos.network.nat.community_id": "1:OVE3ctnTt5X1L6qNDr4QILL0dFg=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 41060, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 41060, + "source.port": 52998, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:37.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 52999, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 8733, + "log.original": "Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:37,012801096514,THREAT,url,2049,2018/11/30 16:44:37,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:37,28201,1,52999,443,9058,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7742,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:SsYXkesHdCi9Tx1qsjfCIH8mHm4=", + "1:bzhUSIQYpz+jY7TA+j8UmFOdJ08=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28201", + "panw.panos.network.nat.community_id": "1:bzhUSIQYpz+jY7TA+j8UmFOdJ08=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 9058, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 9058, + "source.port": 52999, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:37.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53001, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 9278, + "log.original": "Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:37,012801096514,THREAT,url,2049,2018/11/30 16:44:37,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:37,28148,1,53001,443,54846,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7743,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:84WYKtahMlLwf+ZletWf/DNnE30=", + "1:NRiTxPYsIvfOnUXhwuF5KPucNf8=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28148", + "panw.panos.network.nat.community_id": "1:NRiTxPYsIvfOnUXhwuF5KPucNf8=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 54846, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 54846, + "source.port": 53001, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:37.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53002, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 9824, + "log.original": "Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:37,012801096514,THREAT,url,2049,2018/11/30 16:44:37,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:37,28121,1,53002,443,52731,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7744,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:X4Zvg9D/bP0EYECRSLna3za4r68=", + "1:9noBCzeHKSZpuQWETkS7W5mOTT0=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28121", + "panw.panos.network.nat.community_id": "1:9noBCzeHKSZpuQWETkS7W5mOTT0=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 52731, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 52731, + "source.port": 53002, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:38.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53003, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 10370, + "log.original": "Nov 30 16:44:38 PA-220 1,2018/11/30 16:44:38,012801096514,THREAT,url,2049,2018/11/30 16:44:38,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:38,28228,1,53003,443,15165,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7745,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:greC2ffRfw5diAvjZvd+je5rhrk=", + "1:NQ3UU1pIt7hTJ2TYkbe6yjIVIsw=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28228", + "panw.panos.network.nat.community_id": "1:NQ3UU1pIt7hTJ2TYkbe6yjIVIsw=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 15165, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 15165, + "source.port": 53003, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:38.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53004, + "destination.address": "23.72.137.131", + "destination.as.number": 20940, + "destination.as.organization.name": "Akamai International B.V.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "23.72.137.131", + "destination.nat.ip": "23.72.137.131", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 10916, + "log.original": "Nov 30 16:44:38 PA-220 1,2018/11/30 16:44:38,012801096514,THREAT,url,2049,2018/11/30 16:44:38,192.168.15.224,23.72.137.131,192.168.1.63,23.72.137.131,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:38,28196,1,53004,443,53918,443,0x403000,tcp,block-url,\"b.scorecardresearch.com/\",(9999),business-and-economy,informational,client-to-server,7746,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:EcYXcH6rGmgtHGDCjUQcmM+hR0c=", + "1:pzcUv98hFdzW07/5bQ15jcEOAAM=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.72.137.131", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28196", + "panw.panos.network.nat.community_id": "1:pzcUv98hFdzW07/5bQ15jcEOAAM=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 53918, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "b.scorecardresearch.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "23.72.137.131", + "192.168.1.63", + "23.72.137.131" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "23.72.137.131", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 53918, + "source.port": 53004, + "tags": [ + "pan-os" + ], + "url.original": "b.scorecardresearch.com/" + }, + { + "@timestamp": "2018-11-30T16:44:38.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53000, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 11463, + "log.original": "Nov 30 16:44:38 PA-220 1,2018/11/30 16:44:38,012801096514,THREAT,url,2049,2018/11/30 16:44:38,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:38,28007,1,53000,443,40792,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7747,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:OX20k3mW9JzBo4RmzVjTtvOawu4=", + "1:iHNZW72XqbNDDHf4ziF4MHkPsq8=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28007", + "panw.panos.network.nat.community_id": "1:iHNZW72XqbNDDHf4ziF4MHkPsq8=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 40792, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 40792, + "source.port": 53000, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:46.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53006, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 12009, + "log.original": "Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28117,1,53006,443,54044,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7748,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:oWKucHrzLhzCpDmWJPLBELyMrzw=", + "1:WmnET8BZufXJpdVk04PIVGj+Kgk=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28117", + "panw.panos.network.nat.community_id": "1:WmnET8BZufXJpdVk04PIVGj+Kgk=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 54044, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 54044, + "source.port": 53006, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:46.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53007, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 12555, + "log.original": "Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28109,1,53007,443,19544,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7749,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:63h3SPrH4/pr2GMJEkpg++zeJMU=", + "1:qCp/BEY5ANYRj3J+xhPpjW00kTA=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28109", + "panw.panos.network.nat.community_id": "1:qCp/BEY5ANYRj3J+xhPpjW00kTA=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 19544, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 19544, + "source.port": 53007, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:46.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53008, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 13101, + "log.original": "Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28260,1,53008,443,13462,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7750,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:MpnxD3AYYy43RYm8rBQmgxv2NQ0=", + "1:QTdF07Qsc5riXT20oN+YWQ2Yt6U=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28260", + "panw.panos.network.nat.community_id": "1:QTdF07Qsc5riXT20oN+YWQ2Yt6U=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 13462, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 13462, + "source.port": 53008, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:46.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53010, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 13647, + "log.original": "Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28275,1,53010,443,44892,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7752,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:kibVei9WSdxBMV8iUIg8nZMCiss=", + "1:v9tvyVPSkJni3/nd8jUVgcsqqQk=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28275", + "panw.panos.network.nat.community_id": "1:v9tvyVPSkJni3/nd8jUVgcsqqQk=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 44892, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 44892, + "source.port": 53010, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:46.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53011, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 14193, + "log.original": "Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28266,1,53011,443,16487,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7753,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:l33FK2i+ASkvlnDYQYRCH4evHcI=", + "1:00oN9bToRGtVdpy+GQ742sbkpfI=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28266", + "panw.panos.network.nat.community_id": "1:00oN9bToRGtVdpy+GQ742sbkpfI=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 16487, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 16487, + "source.port": 53011, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:46.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53012, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 14739, + "log.original": "Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28294,1,53012,443,23952,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7754,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:cSD3ZfDTv0BFEStL/v2rRm0wow0=", + "1:AmJtkqyAyzgRUMxNGxjT3hhwb8c=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28294", + "panw.panos.network.nat.community_id": "1:AmJtkqyAyzgRUMxNGxjT3hhwb8c=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 23952, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 23952, + "source.port": 53012, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:46.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53013, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 15285, + "log.original": "Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28248,1,53013,443,2810,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7755,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:l8cnTJWO0qdKrXtvCBWHbQUpvgE=", + "1:CzGrIa22/gNrIvkcJMIh6eWNjFI=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28248", + "panw.panos.network.nat.community_id": "1:CzGrIa22/gNrIvkcJMIh6eWNjFI=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 2810, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 2810, + "source.port": 53013, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:46.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53014, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 15830, + "log.original": "Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28274,1,53014,443,13272,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7756,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:2dLIQC1NuJw/6kPkSukOc7rN5UE=", + "1:b3MpSidntZseAvCtO89765ETlyI=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28274", + "panw.panos.network.nat.community_id": "1:b3MpSidntZseAvCtO89765ETlyI=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 13272, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 13272, + "source.port": 53014, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:46.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53022, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 16376, + "log.original": "Nov 30 16:44:47 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28285,1,53022,443,8663,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7762,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:39KkS/Y1cEc0OLIWR3+26TPoFhQ=", + "1:wug3mTERsDOMF1R52vDi6SpWbMc=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28285", + "panw.panos.network.nat.community_id": "1:wug3mTERsDOMF1R52vDi6SpWbMc=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 8663, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 8663, + "source.port": 53022, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:46.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53023, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 16921, + "log.original": "Nov 30 16:44:47 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28306,1,53023,443,55738,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7763,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:IFLzwMkLmz8UfCYPFfRgTIBIzSI=", + "1:ktdKYACJa2q76tdS55sj5QaeMBs=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28306", + "panw.panos.network.nat.community_id": "1:ktdKYACJa2q76tdS55sj5QaeMBs=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 55738, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 55738, + "source.port": 53023, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:46.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53024, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 17467, + "log.original": "Nov 30 16:44:47 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28116,1,53024,443,10650,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7764,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:spPQtp0F92JeXKXtvGndU6vymNo=", + "1:sWvGFBOOisURcvYe5nB5HUSa6B8=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28116", + "panw.panos.network.nat.community_id": "1:sWvGFBOOisURcvYe5nB5HUSa6B8=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 10650, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 10650, + "source.port": 53024, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:46.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53025, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 18013, + "log.original": "Nov 30 16:44:47 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28214,1,53025,443,44087,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7765,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:xBwOt7zrEs9oyuV1oEHKLKXdg1Q=", + "1:LHZawFx+zgZPTd01rJqX/31kNmE=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28214", + "panw.panos.network.nat.community_id": "1:LHZawFx+zgZPTd01rJqX/31kNmE=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 44087, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 44087, + "source.port": 53025, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:46.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53026, + "destination.address": "152.195.55.192", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 18559, + "log.original": "Nov 30 16:44:47 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28080,1,53026,443,15915,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7766,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:z5jHjldbSP1U0TqDWR9Uox2k3Js=", + "1:XcghkvaiKIQS/KgINx7Mb5Vvn3M=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28080", + "panw.panos.network.nat.community_id": "1:XcghkvaiKIQS/KgINx7Mb5Vvn3M=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 15915, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "152.195.55.192", + "192.168.1.63", + "152.195.55.192" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "152.195.55.192", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 15915, + "source.port": 53026, + "tags": [ + "pan-os" + ], + "url.original": "consent.cmp.oath.com/" + }, + { + "@timestamp": "2018-11-30T16:44:53.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53041, + "destination.address": "151.101.2.2", + "destination.as.number": 54113, + "destination.as.organization.name": "Fastly", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "151.101.2.2", + "destination.nat.ip": "151.101.2.2", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 19105, + "log.original": "Nov 30 16:44:53 PA-220 1,2018/11/30 16:44:53,012801096514,THREAT,url,2049,2018/11/30 16:44:53,192.168.15.224,151.101.2.2,192.168.1.63,151.101.2.2,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:53,28318,1,53041,443,41165,443,0x403000,tcp,block-url,\"cdn.taboola.com/\",(9999),business-and-economy,informational,client-to-server,7768,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:tQxUFWF1PJh9XS+U53oZgNQELoA=", + "1:XdO4yHx+1HZM4GcutRTyur9ixdM=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "151.101.2.2", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28318", + "panw.panos.network.nat.community_id": "1:XdO4yHx+1HZM4GcutRTyur9ixdM=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 41165, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "cdn.taboola.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "151.101.2.2", + "192.168.1.63", + "151.101.2.2" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "151.101.2.2", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 41165, + "source.port": 53041, + "tags": [ + "pan-os" + ], + "url.original": "cdn.taboola.com/" + }, + { + "@timestamp": "2018-11-30T16:44:54.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53040, + "destination.address": "54.192.7.152", + "destination.as.number": 16509, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Seattle", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 47.6109, + "destination.geo.location.lon": -122.3303, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-WA", + "destination.geo.region_name": "Washington", + "destination.ip": "54.192.7.152", + "destination.nat.ip": "54.192.7.152", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 19640, + "log.original": "Nov 30 16:44:54 PA-220 1,2018/11/30 16:44:54,012801096514,THREAT,url,2049,2018/11/30 16:44:54,192.168.15.224,54.192.7.152,192.168.1.63,54.192.7.152,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:54,28300,1,53040,443,54133,443,0x403000,tcp,block-url,\"rules.quantcount.com/\",(9999),business-and-economy,informational,client-to-server,7769,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:J9ymoylt3wkbcwWFUbTc1FK8W6k=", + "1:kCzU3MoZUMh7VlhTewngoP1twbw=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.192.7.152", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28300", + "panw.panos.network.nat.community_id": "1:kCzU3MoZUMh7VlhTewngoP1twbw=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 54133, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "rules.quantcount.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "54.192.7.152", + "192.168.1.63", + "54.192.7.152" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "54.192.7.152", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 54133, + "source.port": 53040, + "tags": [ + "pan-os" + ], + "url.original": "rules.quantcount.com/" + }, + { + "@timestamp": "2018-11-30T16:44:58.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53093, + "destination.address": "52.4.120.175", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 20182, + "log.original": "Nov 30 16:44:59 PA-220 1,2018/11/30 16:44:58,012801096514,THREAT,url,2049,2018/11/30 16:44:58,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:58,28339,1,53093,443,8485,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7770,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:DDpR8PTbIvvnd+7Hcre+jZQVtaY=", + "1:fj3W3hxHPqT4snZlcRibDiqLNvs=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28339", + "panw.panos.network.nat.community_id": "1:fj3W3hxHPqT4snZlcRibDiqLNvs=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 8485, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "52.4.120.175", + "192.168.1.63", + "52.4.120.175" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "52.4.120.175", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 8485, + "source.port": 53093, + "tags": [ + "pan-os" + ], + "url.original": "srv-2018-11-30-22.config.parsely.com/" + }, + { + "@timestamp": "2018-11-30T16:44:58.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53094, + "destination.address": "52.4.120.175", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 20739, + "log.original": "Nov 30 16:44:59 PA-220 1,2018/11/30 16:44:58,012801096514,THREAT,url,2049,2018/11/30 16:44:58,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:58,28299,1,53094,443,12496,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7771,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:1dccHKUcnMkeYh68uGS1Jhl6+Hk=", + "1:HLMiinoD9jzLzaYU394wqKksBUE=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28299", + "panw.panos.network.nat.community_id": "1:HLMiinoD9jzLzaYU394wqKksBUE=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 12496, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "52.4.120.175", + "192.168.1.63", + "52.4.120.175" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "52.4.120.175", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 12496, + "source.port": 53094, + "tags": [ + "pan-os" + ], + "url.original": "srv-2018-11-30-22.config.parsely.com/" + }, + { + "@timestamp": "2018-11-30T16:44:58.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53095, + "destination.address": "52.4.120.175", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 21297, + "log.original": "Nov 30 16:44:59 PA-220 1,2018/11/30 16:44:58,012801096514,THREAT,url,2049,2018/11/30 16:44:58,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:58,28303,1,53095,443,17029,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7772,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:URFNGbFKOwT3Iaugo33D1mB/ndw=", + "1:pNMLPgDpZv2+S840jW/Ggq8ng2I=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28303", + "panw.panos.network.nat.community_id": "1:pNMLPgDpZv2+S840jW/Ggq8ng2I=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 17029, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "52.4.120.175", + "192.168.1.63", + "52.4.120.175" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "52.4.120.175", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 17029, + "source.port": 53095, + "tags": [ + "pan-os" + ], + "url.original": "srv-2018-11-30-22.config.parsely.com/" + }, + { + "@timestamp": "2018-11-30T16:44:58.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53096, + "destination.address": "52.4.120.175", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 21855, + "log.original": "Nov 30 16:44:59 PA-220 1,2018/11/30 16:44:58,012801096514,THREAT,url,2049,2018/11/30 16:44:58,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:58,28390,1,53096,443,23696,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7773,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:/KMTfFetIlydTraxch89t5PYve0=", + "1:l6AkSmB92aDAHpLhiSCR28J+ANI=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28390", + "panw.panos.network.nat.community_id": "1:l6AkSmB92aDAHpLhiSCR28J+ANI=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 23696, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "52.4.120.175", + "192.168.1.63", + "52.4.120.175" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "52.4.120.175", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 23696, + "source.port": 53096, + "tags": [ + "pan-os" + ], + "url.original": "srv-2018-11-30-22.config.parsely.com/" + }, + { + "@timestamp": "2018-11-30T16:44:59.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53097, + "destination.address": "52.4.120.175", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 22413, + "log.original": "Nov 30 16:45:00 PA-220 1,2018/11/30 16:44:59,012801096514,THREAT,url,2049,2018/11/30 16:44:59,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:59,28433,1,53097,443,34769,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7774,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:Z8gFtZEJJ5xho2+kyaSyoXp1O/I=", + "1:33ah/rOB1xL3Yy0FUH0sEGuRvx8=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28433", + "panw.panos.network.nat.community_id": "1:33ah/rOB1xL3Yy0FUH0sEGuRvx8=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 34769, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "52.4.120.175", + "192.168.1.63", + "52.4.120.175" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "52.4.120.175", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 34769, + "source.port": 53097, + "tags": [ + "pan-os" + ], + "url.original": "srv-2018-11-30-22.config.parsely.com/" + }, + { + "@timestamp": "2018-11-30T16:44:59.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53099, + "destination.address": "52.4.120.175", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 22971, + "log.original": "Nov 30 16:45:00 PA-220 1,2018/11/30 16:44:59,012801096514,THREAT,url,2049,2018/11/30 16:44:59,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:59,28380,1,53099,443,22486,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7775,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:dS0Vb9L/suztc58TuCJc5kLrnd4=", + "1:zOzoB9ZSg+/QZ7bt4sM6/I2TOXc=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28380", + "panw.panos.network.nat.community_id": "1:zOzoB9ZSg+/QZ7bt4sM6/I2TOXc=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 22486, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "52.4.120.175", + "192.168.1.63", + "52.4.120.175" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "52.4.120.175", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 22486, + "source.port": 53099, + "tags": [ + "pan-os" + ], + "url.original": "srv-2018-11-30-22.config.parsely.com/" + }, + { + "@timestamp": "2018-11-30T16:44:59.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53100, + "destination.address": "52.4.120.175", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 23529, + "log.original": "Nov 30 16:45:00 PA-220 1,2018/11/30 16:44:59,012801096514,THREAT,url,2049,2018/11/30 16:44:59,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:59,28363,1,53100,443,12894,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7776,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:ZWPOx8XRihDI9+WqUDIHe1OyInQ=", + "1:l+VVTNzHKEhzOIqE/8PVt4xidPQ=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28363", + "panw.panos.network.nat.community_id": "1:l+VVTNzHKEhzOIqE/8PVt4xidPQ=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 12894, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "52.4.120.175", + "192.168.1.63", + "52.4.120.175" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "52.4.120.175", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 12894, + "source.port": 53100, + "tags": [ + "pan-os" + ], + "url.original": "srv-2018-11-30-22.config.parsely.com/" + }, + { + "@timestamp": "2018-11-30T16:45:00.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53101, + "destination.address": "52.4.120.175", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 24087, + "log.original": "Nov 30 16:45:00 PA-220 1,2018/11/30 16:45:00,012801096514,THREAT,url,2049,2018/11/30 16:45:00,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:00,28349,1,53101,443,62348,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7777,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:T7UcACShDtZytIaufQKjiQ8jkhM=", + "1:/GTSxrH684FoBXpyEBepCy2M81Q=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28349", + "panw.panos.network.nat.community_id": "1:/GTSxrH684FoBXpyEBepCy2M81Q=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 62348, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "52.4.120.175", + "192.168.1.63", + "52.4.120.175" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "52.4.120.175", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 62348, + "source.port": 53101, + "tags": [ + "pan-os" + ], + "url.original": "srv-2018-11-30-22.config.parsely.com/" + }, + { + "@timestamp": "2018-11-30T16:45:00.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53104, + "destination.address": "52.4.120.175", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 24645, + "log.original": "Nov 30 16:45:00 PA-220 1,2018/11/30 16:45:00,012801096514,THREAT,url,2049,2018/11/30 16:45:00,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:00,28411,1,53104,443,6224,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7778,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:v2q2MvHECPCP6FDhZOfU9EhWDmw=", + "1:z/innn6bIUB0vbGtF+NoTKxtaCQ=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28411", + "panw.panos.network.nat.community_id": "1:z/innn6bIUB0vbGtF+NoTKxtaCQ=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 6224, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "52.4.120.175", + "192.168.1.63", + "52.4.120.175" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "52.4.120.175", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 6224, + "source.port": 53104, + "tags": [ + "pan-os" + ], + "url.original": "srv-2018-11-30-22.config.parsely.com/" + }, + { + "@timestamp": "2018-11-30T16:45:00.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53107, + "destination.address": "52.4.120.175", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 25202, + "log.original": "Nov 30 16:45:00 PA-220 1,2018/11/30 16:45:00,012801096514,THREAT,url,2049,2018/11/30 16:45:00,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:00,28397,1,53107,443,44120,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7779,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:/FL+10fyEBLqVR4oJrH3NBEx/pg=", + "1:7H4lb05cbTOpCa4pIgruj3M2WrY=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28397", + "panw.panos.network.nat.community_id": "1:7H4lb05cbTOpCa4pIgruj3M2WrY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 44120, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "52.4.120.175", + "192.168.1.63", + "52.4.120.175" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "52.4.120.175", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 44120, + "source.port": 53107, + "tags": [ + "pan-os" + ], + "url.original": "srv-2018-11-30-22.config.parsely.com/" + }, + { + "@timestamp": "2018-11-30T16:45:00.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53108, + "destination.address": "52.4.120.175", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 25760, + "log.original": "Nov 30 16:45:00 PA-220 1,2018/11/30 16:45:00,012801096514,THREAT,url,2049,2018/11/30 16:45:00,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:00,28347,1,53108,443,44228,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7780,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:abQPCp6V8x2Fumiz5x/+vZnuNfM=", + "1:G3GfJYWnCjo8Ato/aBgr49UKGTI=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28347", + "panw.panos.network.nat.community_id": "1:G3GfJYWnCjo8Ato/aBgr49UKGTI=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 44228, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "52.4.120.175", + "192.168.1.63", + "52.4.120.175" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "52.4.120.175", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 44228, + "source.port": 53108, + "tags": [ + "pan-os" + ], + "url.original": "srv-2018-11-30-22.config.parsely.com/" + }, + { + "@timestamp": "2018-11-30T16:45:00.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53109, + "destination.address": "52.4.120.175", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 26318, + "log.original": "Nov 30 16:45:00 PA-220 1,2018/11/30 16:45:00,012801096514,THREAT,url,2049,2018/11/30 16:45:00,192.168.15.224,52.4.120.175,192.168.1.63,52.4.120.175,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:00,28443,1,53109,443,31322,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7781,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:Ix3Fldb6W5hQx30Bw7Vd5/lm8hw=", + "1:Ni0ZlLTDuNH8F3hFm9nLZkj/SKI=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28443", + "panw.panos.network.nat.community_id": "1:Ni0ZlLTDuNH8F3hFm9nLZkj/SKI=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 31322, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "52.4.120.175", + "192.168.1.63", + "52.4.120.175" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "52.4.120.175", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 31322, + "source.port": 53109, + "tags": [ + "pan-os" + ], + "url.original": "srv-2018-11-30-22.config.parsely.com/" + }, + { + "@timestamp": "2018-11-30T16:45:13.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53118, + "destination.address": "216.58.194.98", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.city_name": "Mountain View", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.3861, + "destination.geo.location.lon": -122.0839, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", + "destination.ip": "216.58.194.98", + "destination.nat.ip": "216.58.194.98", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 26876, + "log.original": "Nov 30 16:45:14 PA-220 1,2018/11/30 16:45:13,012801096514,THREAT,url,2049,2018/11/30 16:45:13,192.168.15.224,216.58.194.98,192.168.1.63,216.58.194.98,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:13,28439,1,53118,443,1672,443,0x403000,tcp,block-url,\"www.googleadservices.com/\",(9999),business-and-economy,informational,client-to-server,7782,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:iBwlaPm6awPJaLJMdMMVOH9f5RU=", + "1:WQC21tSR1QNUhWYgrcbgaLyTkos=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "216.58.194.98", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28439", + "panw.panos.network.nat.community_id": "1:WQC21tSR1QNUhWYgrcbgaLyTkos=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 1672, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "www.googleadservices.com/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "216.58.194.98", + "192.168.1.63", + "216.58.194.98" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "216.58.194.98", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 1672, + "source.port": 53118, + "tags": [ + "pan-os" + ], + "url.original": "www.googleadservices.com/" + }, + { + "@timestamp": "2018-11-30T16:45:15.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53126, + "destination.address": "23.72.145.245", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "23.72.145.245", + "destination.nat.ip": "23.72.145.245", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 27423, + "log.original": "Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:15,012801096514,THREAT,url,2049,2018/11/30 16:45:15,192.168.15.224,23.72.145.245,192.168.1.63,23.72.145.245,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:15,25958,1,53126,443,20801,443,0x403000,tcp,block-url,\"service.maxymiser.net/\",(9999),business-and-economy,informational,client-to-server,7783,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:0TIOUPyQekmpFSgX6VlMP7asdJs=", + "1:hYoXMUwV0cAKhYUb4hSHsLUSo1s=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.72.145.245", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25958", + "panw.panos.network.nat.community_id": "1:hYoXMUwV0cAKhYUb4hSHsLUSo1s=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 20801, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "23.72.145.245", + "192.168.1.63", + "23.72.145.245" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "23.72.145.245", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 20801, + "source.port": 53126, + "tags": [ + "pan-os" + ], + "url.original": "service.maxymiser.net/" + }, + { + "@timestamp": "2018-11-30T16:45:15.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53127, + "destination.address": "23.72.145.245", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "23.72.145.245", + "destination.nat.ip": "23.72.145.245", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 27968, + "log.original": "Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:15,012801096514,THREAT,url,2049,2018/11/30 16:45:15,192.168.15.224,23.72.145.245,192.168.1.63,23.72.145.245,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:15,28429,1,53127,443,24533,443,0x403000,tcp,block-url,\"service.maxymiser.net/\",(9999),business-and-economy,informational,client-to-server,7784,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:5CeaDtLLJAW4qpNe5rR3zJ3u1KM=", + "1:al192CljLcXBQ5a9fXhiLM+uAKg=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.72.145.245", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28429", + "panw.panos.network.nat.community_id": "1:al192CljLcXBQ5a9fXhiLM+uAKg=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 24533, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "23.72.145.245", + "192.168.1.63", + "23.72.145.245" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "23.72.145.245", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 24533, + "source.port": 53127, + "tags": [ + "pan-os" + ], + "url.original": "service.maxymiser.net/" + }, + { + "@timestamp": "2018-11-30T16:45:15.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53128, + "destination.address": "23.72.145.245", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "23.72.145.245", + "destination.nat.ip": "23.72.145.245", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 28513, + "log.original": "Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:15,012801096514,THREAT,url,2049,2018/11/30 16:45:15,192.168.15.224,23.72.145.245,192.168.1.63,23.72.145.245,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:15,28465,1,53128,443,30150,443,0x403000,tcp,block-url,\"service.maxymiser.net/\",(9999),business-and-economy,informational,client-to-server,7785,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:HYgrk1tiJGzjAjdHLQJ54QqqEH0=", + "1:qI8dj7I/HOk1zkz/wkZBjQ/igsw=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.72.145.245", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28465", + "panw.panos.network.nat.community_id": "1:qI8dj7I/HOk1zkz/wkZBjQ/igsw=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 30150, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "23.72.145.245", + "192.168.1.63", + "23.72.145.245" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "23.72.145.245", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 30150, + "source.port": 53128, + "tags": [ + "pan-os" + ], + "url.original": "service.maxymiser.net/" + }, + { + "@timestamp": "2018-11-30T16:45:15.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53129, + "destination.address": "23.72.145.245", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "23.72.145.245", + "destination.nat.ip": "23.72.145.245", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 29058, + "log.original": "Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:15,012801096514,THREAT,url,2049,2018/11/30 16:45:15,192.168.15.224,23.72.145.245,192.168.1.63,23.72.145.245,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:15,28504,1,53129,443,36305,443,0x403000,tcp,block-url,\"service.maxymiser.net/\",(9999),business-and-economy,informational,client-to-server,7786,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:8k83tpdWoK7nNJrq4t81UXuScHA=", + "1:NTrpQ6lfrWcfRCXSB/tQ49z7sOQ=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.72.145.245", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28504", + "panw.panos.network.nat.community_id": "1:NTrpQ6lfrWcfRCXSB/tQ49z7sOQ=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 36305, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "23.72.145.245", + "192.168.1.63", + "23.72.145.245" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "23.72.145.245", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 36305, + "source.port": 53129, + "tags": [ + "pan-os" + ], + "url.original": "service.maxymiser.net/" + }, + { + "@timestamp": "2018-11-30T16:45:16.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53130, + "destination.address": "23.72.145.245", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "23.72.145.245", + "destination.nat.ip": "23.72.145.245", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 29603, + "log.original": "Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:16,012801096514,THREAT,url,2049,2018/11/30 16:45:16,192.168.15.224,23.72.145.245,192.168.1.63,23.72.145.245,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:16,28458,1,53130,443,42682,443,0x403000,tcp,block-url,\"service.maxymiser.net/\",(9999),business-and-economy,informational,client-to-server,7787,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:Ob0VEjF8YeGq1hR7SbX0pZ+5/EI=", + "1:93oplAL+YibXq75Qng9iomHp97k=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.72.145.245", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28458", + "panw.panos.network.nat.community_id": "1:93oplAL+YibXq75Qng9iomHp97k=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 42682, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "23.72.145.245", + "192.168.1.63", + "23.72.145.245" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "23.72.145.245", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 42682, + "source.port": 53130, + "tags": [ + "pan-os" + ], + "url.original": "service.maxymiser.net/" + }, + { + "@timestamp": "2018-11-30T16:45:16.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53131, + "destination.address": "23.72.145.245", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "23.72.145.245", + "destination.nat.ip": "23.72.145.245", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 30148, + "log.original": "Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:16,012801096514,THREAT,url,2049,2018/11/30 16:45:16,192.168.15.224,23.72.145.245,192.168.1.63,23.72.145.245,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:16,28491,1,53131,443,22530,443,0x403000,tcp,block-url,\"service.maxymiser.net/\",(9999),business-and-economy,informational,client-to-server,7788,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:WlDGM7WbDrN83JffZtwB6PNK3Y8=", + "1:uhEHJXnnMaxBL0QYfNxS8lxZkls=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.72.145.245", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28491", + "panw.panos.network.nat.community_id": "1:uhEHJXnnMaxBL0QYfNxS8lxZkls=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 22530, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "23.72.145.245", + "192.168.1.63", + "23.72.145.245" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "23.72.145.245", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 22530, + "source.port": 53131, + "tags": [ + "pan-os" + ], + "url.original": "service.maxymiser.net/" + }, + { + "@timestamp": "2018-11-30T16:45:16.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53132, + "destination.address": "23.72.145.245", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "23.72.145.245", + "destination.nat.ip": "23.72.145.245", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 30693, + "log.original": "Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:16,012801096514,THREAT,url,2049,2018/11/30 16:45:16,192.168.15.224,23.72.145.245,192.168.1.63,23.72.145.245,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:16,28520,1,53132,443,43713,443,0x403000,tcp,block-url,\"service.maxymiser.net/\",(9999),business-and-economy,informational,client-to-server,7789,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:U5qBRasQ13RQONeFOyA2+9QbWK8=", + "1:KtlZO5BbsoCg/ymqE05xAvw/iIA=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.72.145.245", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28520", + "panw.panos.network.nat.community_id": "1:KtlZO5BbsoCg/ymqE05xAvw/iIA=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 43713, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "23.72.145.245", + "192.168.1.63", + "23.72.145.245" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "23.72.145.245", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 43713, + "source.port": 53132, + "tags": [ + "pan-os" + ], + "url.original": "service.maxymiser.net/" + }, + { + "@timestamp": "2018-11-30T16:45:16.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53133, + "destination.address": "23.72.145.245", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "23.72.145.245", + "destination.nat.ip": "23.72.145.245", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 31238, + "log.original": "Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:16,012801096514,THREAT,url,2049,2018/11/30 16:45:16,192.168.15.224,23.72.145.245,192.168.1.63,23.72.145.245,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:16,28335,1,53133,443,60608,443,0x403000,tcp,block-url,\"service.maxymiser.net/\",(9999),business-and-economy,informational,client-to-server,7790,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:S99EiT3uXg1VHeNM5TVPoeW1Zrk=", + "1:4MqfykfAOpIQmtvXcxzLNXqgyTs=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.72.145.245", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28335", + "panw.panos.network.nat.community_id": "1:4MqfykfAOpIQmtvXcxzLNXqgyTs=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 60608, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "23.72.145.245", + "192.168.1.63", + "23.72.145.245" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "23.72.145.245", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 60608, + "source.port": 53133, + "tags": [ + "pan-os" + ], + "url.original": "service.maxymiser.net/" + }, + { + "@timestamp": "2018-11-30T16:45:16.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53134, + "destination.address": "23.72.145.245", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "23.72.145.245", + "destination.nat.ip": "23.72.145.245", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 31783, + "log.original": "Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:16,012801096514,THREAT,url,2049,2018/11/30 16:45:16,192.168.15.224,23.72.145.245,192.168.1.63,23.72.145.245,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:16,28414,1,53134,443,9302,443,0x403000,tcp,block-url,\"service.maxymiser.net/\",(9999),business-and-economy,informational,client-to-server,7791,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:IMZ08eMrtDP/qCq8+cruyYo5r98=", + "1:Qj+AYB26PhFUPHkeHTP+u0XmR3A=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.72.145.245", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28414", + "panw.panos.network.nat.community_id": "1:Qj+AYB26PhFUPHkeHTP+u0XmR3A=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 9302, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "23.72.145.245", + "192.168.1.63", + "23.72.145.245" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "23.72.145.245", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 9302, + "source.port": 53134, + "tags": [ + "pan-os" + ], + "url.original": "service.maxymiser.net/" + }, + { + "@timestamp": "2018-11-30T16:45:16.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53135, + "destination.address": "23.72.145.245", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.geo.name": "United States", + "destination.ip": "23.72.145.245", + "destination.nat.ip": "23.72.145.245", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 32327, + "log.original": "Nov 30 16:45:17 PA-220 1,2018/11/30 16:45:16,012801096514,THREAT,url,2049,2018/11/30 16:45:16,192.168.15.224,23.72.145.245,192.168.1.63,23.72.145.245,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:16,28488,1,53135,443,11634,443,0x403000,tcp,block-url,\"service.maxymiser.net/\",(9999),business-and-economy,informational,client-to-server,7792,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:Z6zBvBoA+0NQryjJ96nYaFcOuXw=", + "1:BQw3RXiNvT4NW4kw0J5Ol6rFN5A=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.72.145.245", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28488", + "panw.panos.network.nat.community_id": "1:BQw3RXiNvT4NW4kw0J5Ol6rFN5A=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 11634, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "23.72.145.245", + "192.168.1.63", + "23.72.145.245" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "23.72.145.245", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 11634, + "source.port": 53135, + "tags": [ + "pan-os" + ], + "url.original": "service.maxymiser.net/" + }, + { + "@timestamp": "2018-11-30T16:45:26.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53152, + "destination.address": "54.209.101.70", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 32872, + "log.original": "Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:26,012801096514,THREAT,url,2049,2018/11/30 16:45:26,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:26,28469,1,53152,443,30818,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7793,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:Qo8vSWzvn9QN5ADlmHxjJft+bxA=", + "1:1XJhGS1EujYy5wSCA64wjjK7hwA=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28469", + "panw.panos.network.nat.community_id": "1:1XJhGS1EujYy5wSCA64wjjK7hwA=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 30818, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "54.209.101.70", + "192.168.1.63", + "54.209.101.70" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "54.209.101.70", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 30818, + "source.port": 53152, + "tags": [ + "pan-os" + ], + "url.original": "segment-data.zqtk.net/" + }, + { + "@timestamp": "2018-11-30T16:45:26.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53155, + "destination.address": "54.209.101.70", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 33417, + "log.original": "Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:26,012801096514,THREAT,url,2049,2018/11/30 16:45:26,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:26,28556,1,53155,443,64260,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7794,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:N2DPhwTnklulMwYKpcc4j0nLwu4=", + "1:YHN6cU700Mp7622M1rIzbnPQ+ik=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28556", + "panw.panos.network.nat.community_id": "1:YHN6cU700Mp7622M1rIzbnPQ+ik=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 64260, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "54.209.101.70", + "192.168.1.63", + "54.209.101.70" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "54.209.101.70", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 64260, + "source.port": 53155, + "tags": [ + "pan-os" + ], + "url.original": "segment-data.zqtk.net/" + }, + { + "@timestamp": "2018-11-30T16:45:26.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53158, + "destination.address": "54.209.101.70", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 33962, + "log.original": "Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:26,012801096514,THREAT,url,2049,2018/11/30 16:45:26,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:26,28558,1,53158,443,7071,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7795,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:j5m21kfahBuP4jLMiqVnsVTJZ+Q=", + "1:o5UB5uvp2ThXPXChyc7lgvBMH0s=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28558", + "panw.panos.network.nat.community_id": "1:o5UB5uvp2ThXPXChyc7lgvBMH0s=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 7071, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "54.209.101.70", + "192.168.1.63", + "54.209.101.70" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "54.209.101.70", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 7071, + "source.port": 53158, + "tags": [ + "pan-os" + ], + "url.original": "segment-data.zqtk.net/" + }, + { + "@timestamp": "2018-11-30T16:45:26.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53160, + "destination.address": "54.209.101.70", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 34506, + "log.original": "Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:26,012801096514,THREAT,url,2049,2018/11/30 16:45:26,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:26,28531,1,53160,443,4512,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7796,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:8jQcqVCl+Q8N6jDNJlJwuydmDsA=", + "1:RRfOKybSMc/qYj1QHLEpuh+r0Eg=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28531", + "panw.panos.network.nat.community_id": "1:RRfOKybSMc/qYj1QHLEpuh+r0Eg=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 4512, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "54.209.101.70", + "192.168.1.63", + "54.209.101.70" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "54.209.101.70", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 4512, + "source.port": 53160, + "tags": [ + "pan-os" + ], + "url.original": "segment-data.zqtk.net/" + }, + { + "@timestamp": "2018-11-30T16:45:26.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53161, + "destination.address": "54.209.101.70", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 35050, + "log.original": "Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:26,012801096514,THREAT,url,2049,2018/11/30 16:45:26,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:26,28580,1,53161,443,3422,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7797,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:zcJ3HhZj3urz6vGwVhseviLv7kY=", + "1:KhCfFcRk3sovsTfN9pRRfgjsP84=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28580", + "panw.panos.network.nat.community_id": "1:KhCfFcRk3sovsTfN9pRRfgjsP84=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 3422, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "54.209.101.70", + "192.168.1.63", + "54.209.101.70" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "54.209.101.70", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 3422, + "source.port": 53161, + "tags": [ + "pan-os" + ], + "url.original": "segment-data.zqtk.net/" + }, + { + "@timestamp": "2018-11-30T16:45:27.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53162, + "destination.address": "54.209.101.70", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 35594, + "log.original": "Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:27,012801096514,THREAT,url,2049,2018/11/30 16:45:27,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:27,28477,1,53162,443,4651,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7798,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:DJHoN3ahXiIF4S4aGocL7KS/AhY=", + "1:hZhkH3fz7n30Q+zsXnQejsna14Q=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28477", + "panw.panos.network.nat.community_id": "1:hZhkH3fz7n30Q+zsXnQejsna14Q=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 4651, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "54.209.101.70", + "192.168.1.63", + "54.209.101.70" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "54.209.101.70", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 4651, + "source.port": 53162, + "tags": [ + "pan-os" + ], + "url.original": "segment-data.zqtk.net/" + }, + { + "@timestamp": "2018-11-30T16:45:27.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53163, + "destination.address": "54.209.101.70", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 36138, + "log.original": "Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:27,012801096514,THREAT,url,2049,2018/11/30 16:45:27,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:27,28484,1,53163,443,19068,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7799,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:oQCUvcNDUq8NlFsOiIljRD/md2E=", + "1:lFuLGvzKiGz77tAPKRWLQ7eIBNw=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28484", + "panw.panos.network.nat.community_id": "1:lFuLGvzKiGz77tAPKRWLQ7eIBNw=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 19068, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "54.209.101.70", + "192.168.1.63", + "54.209.101.70" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "54.209.101.70", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 19068, + "source.port": 53163, + "tags": [ + "pan-os" + ], + "url.original": "segment-data.zqtk.net/" + }, + { + "@timestamp": "2018-11-30T16:45:27.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53164, + "destination.address": "54.209.101.70", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 36683, + "log.original": "Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:27,012801096514,THREAT,url,2049,2018/11/30 16:45:27,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:27,28609,1,53164,443,5831,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7800,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:DjIyvY/MLQ8U4RrMwFVhfq30m6g=", + "1:lXgqW6uer7QCnFv+5qVbgX4vM6E=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28609", + "panw.panos.network.nat.community_id": "1:lXgqW6uer7QCnFv+5qVbgX4vM6E=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 5831, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "54.209.101.70", + "192.168.1.63", + "54.209.101.70" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "54.209.101.70", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 5831, + "source.port": 53164, + "tags": [ + "pan-os" + ], + "url.original": "segment-data.zqtk.net/" + }, + { + "@timestamp": "2018-11-30T16:45:27.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53165, + "destination.address": "54.209.101.70", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 37227, + "log.original": "Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:27,012801096514,THREAT,url,2049,2018/11/30 16:45:27,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:27,28564,1,53165,443,7084,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7801,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:fsi7g4zFbrFG09Mvo8P/WofCEKc=", + "1:SDf7YJ4JLx2oja8SY0iCD/f9ZYk=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28564", + "panw.panos.network.nat.community_id": "1:SDf7YJ4JLx2oja8SY0iCD/f9ZYk=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 7084, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "54.209.101.70", + "192.168.1.63", + "54.209.101.70" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "54.209.101.70", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 7084, + "source.port": 53165, + "tags": [ + "pan-os" + ], + "url.original": "segment-data.zqtk.net/" + }, + { + "@timestamp": "2018-11-30T16:45:27.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53166, + "destination.address": "54.209.101.70", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 37771, + "log.original": "Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:27,012801096514,THREAT,url,2049,2018/11/30 16:45:27,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:27,28542,1,53166,443,18633,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7802,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:wICcAfDG87s8YdjIhDgBqv6mTws=", + "1:/wf94ECkqPez+fxVgk+3KErtaBQ=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28542", + "panw.panos.network.nat.community_id": "1:/wf94ECkqPez+fxVgk+3KErtaBQ=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 18633, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "54.209.101.70", + "192.168.1.63", + "54.209.101.70" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "54.209.101.70", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 18633, + "source.port": 53166, + "tags": [ + "pan-os" + ], + "url.original": "segment-data.zqtk.net/" + }, + { + "@timestamp": "2018-11-30T16:45:27.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53167, + "destination.address": "54.209.101.70", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 38316, + "log.original": "Nov 30 16:45:28 PA-220 1,2018/11/30 16:45:27,012801096514,THREAT,url,2049,2018/11/30 16:45:27,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:27,28590,1,53167,443,25557,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7803,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:L9I6mLjr15WmWcGfC1vPrN0NmY0=", + "1:lGMn2sEJLK3qbOX02axD1srH/FY=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28590", + "panw.panos.network.nat.community_id": "1:lGMn2sEJLK3qbOX02axD1srH/FY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 25557, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "54.209.101.70", + "192.168.1.63", + "54.209.101.70" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "54.209.101.70", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 25557, + "source.port": 53167, + "tags": [ + "pan-os" + ], + "url.original": "segment-data.zqtk.net/" + }, + { + "@timestamp": "2018-11-30T16:45:27.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53150, + "destination.address": "54.209.101.70", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 38861, + "log.original": "Nov 30 16:45:28 PA-220 1,2018/11/30 16:45:27,012801096514,THREAT,url,2049,2018/11/30 16:45:27,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:27,28455,1,53150,443,20661,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7804,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:pvzPjqjqA6kLTjxiRDVSDxuidwg=", + "1:O1zDnt5d52xTreiMgL/sHMRHiXA=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28455", + "panw.panos.network.nat.community_id": "1:O1zDnt5d52xTreiMgL/sHMRHiXA=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 20661, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "54.209.101.70", + "192.168.1.63", + "54.209.101.70" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "54.209.101.70", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 20661, + "source.port": 53150, + "tags": [ + "pan-os" + ], + "url.original": "segment-data.zqtk.net/" + }, + { + "@timestamp": "2018-11-30T16:45:28.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53185, + "destination.address": "54.209.101.70", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 39406, + "log.original": "Nov 30 16:45:29 PA-220 1,2018/11/30 16:45:28,012801096514,THREAT,url,2049,2018/11/30 16:45:28,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:28,28585,1,53185,443,65438,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7805,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:hu8p8gkxiimZqTLhIkgVfSePEqk=", + "1:CwNRTMQumfdoC3msd4z5PIYkKLU=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28585", + "panw.panos.network.nat.community_id": "1:CwNRTMQumfdoC3msd4z5PIYkKLU=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 65438, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "54.209.101.70", + "192.168.1.63", + "54.209.101.70" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "54.209.101.70", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 65438, + "source.port": 53185, + "tags": [ + "pan-os" + ], + "url.original": "segment-data.zqtk.net/" + }, + { + "@timestamp": "2018-11-30T16:45:28.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53187, + "destination.address": "54.209.101.70", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 39951, + "log.original": "Nov 30 16:45:29 PA-220 1,2018/11/30 16:45:28,012801096514,THREAT,url,2049,2018/11/30 16:45:28,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:28,28462,1,53187,443,53101,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7806,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:z12wzV1bKYppHPfC9LypWH+RtE4=", + "1:0YBp8myYbHSoKWG2HvxutMfose0=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28462", + "panw.panos.network.nat.community_id": "1:0YBp8myYbHSoKWG2HvxutMfose0=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 53101, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "54.209.101.70", + "192.168.1.63", + "54.209.101.70" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "54.209.101.70", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 53101, + "source.port": 53187, + "tags": [ + "pan-os" + ], + "url.original": "segment-data.zqtk.net/" + }, + { + "@timestamp": "2018-11-30T16:45:28.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53188, + "destination.address": "54.209.101.70", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 40496, + "log.original": "Nov 30 16:45:29 PA-220 1,2018/11/30 16:45:28,012801096514,THREAT,url,2049,2018/11/30 16:45:28,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:28,28839,1,53188,443,35463,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7807,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:eJYKKiIqzYxe5ja/6/hDB3CgzSI=", + "1:CQrsQ2CJN8/aVtRj6kkSqGiLA4w=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28839", + "panw.panos.network.nat.community_id": "1:CQrsQ2CJN8/aVtRj6kkSqGiLA4w=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 35463, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "54.209.101.70", + "192.168.1.63", + "54.209.101.70" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "54.209.101.70", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 35463, + "source.port": 53188, + "tags": [ + "pan-os" + ], + "url.original": "segment-data.zqtk.net/" + }, + { + "@timestamp": "2018-11-30T16:45:29.000-02:00", + "client.ip": "192.168.15.224", + "client.port": 53178, + "destination.address": "54.209.101.70", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, + "destination.port": 443, + "event.action": "url_filtering", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], + "event.dataset": "panw.panos", + "event.kind": "alert", + "event.module": "panw", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "labels.temporary_match": true, + "log.level": "informational", + "log.offset": 41041, + "log.original": "Nov 30 16:45:30 PA-220 1,2018/11/30 16:45:29,012801096514,THREAT,url,2049,2018/11/30 16:45:29,192.168.15.224,54.209.101.70,192.168.1.63,54.209.101.70,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:29,28400,1,53178,443,45769,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7808,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", + "network.application": "ssl", + "network.community_id": [ + "1:f+00RNTWn2IGrM2JmEAnEPoRwDg=", + "1:vbknc+k7pE33+aNpIggpIzlC7MY=" + ], + "network.direction": "inbound", + "network.transport": "tcp", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28400", + "panw.panos.network.nat.community_id": "1:vbknc+k7pE33+aNpIggpIzlC7MY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 45769, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "54.209.101.70", + "192.168.1.63", + "54.209.101.70" + ], + "rule.name": "new_outbound_from_trust", + "server.ip": "54.209.101.70", + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.geo.name": "192.168.0.0-192.168.255.255", + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 45769, + "source.port": 53178, + "tags": [ + "pan-os" + ], + "url.original": "segment-data.zqtk.net/" + } +] \ No newline at end of file diff --git a/filebeat/module/panw/panos/test/traffic.log b/filebeat/module/panw/panos/test/traffic.log new file mode 100644 index 00000000000..c3e74310f06 --- /dev/null +++ b/filebeat/module/panw/panos/test/traffic.log @@ -0,0 +1,100 @@ +Nov 30 16:09:08 PA-220 1,2018/11/30 16:09:07,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:07,192.168.15.207,184.51.253.152,192.168.1.63,184.51.253.152,new_outbound_from_trust,,,apple-maps,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:07,22751,1,55113,443,16418,443,0x400053,tcp,allow,7734,1758,5976,36,2018/11/30 15:59:04,586,computer-and-internet-info,0,32091112,0x0,192.168.0.0-192.168.255.255,United States,0,16,20,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:10 PA-220 1,2018/11/30 16:09:09,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:09,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,ping,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:09,24223,6,0,0,0,0,0x500019,icmp,allow,1176,588,588,12,2018/11/30 16:08:55,0,any,0,32091113,0x0,192.168.0.0-192.168.255.255,United States,0,6,6,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:10 PA-220 1,2018/11/30 16:09:09,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:09,192.168.15.207,17.253.3.202,192.168.1.63,17.253.3.202,new_outbound_from_trust,,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:09,24138,1,55114,80,51990,80,0x40001c,tcp,allow,1574,539,1035,11,2018/11/30 16:08:51,1,computer-and-internet-info,0,32091114,0x0,192.168.0.0-192.168.255.255,United States,0,6,5,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:16 PA-220 1,2018/11/30 16:09:15,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:15,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,ping,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:15,24043,6,0,0,0,0,0x500019,icmp,allow,1176,588,588,12,2018/11/30 16:09:01,0,any,0,32091115,0x0,192.168.0.0-192.168.255.255,United States,0,6,6,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:16 PA-220 1,2018/11/30 16:09:15,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:15,192.168.15.196,216.58.194.99,192.168.1.63,216.58.194.99,new_outbound_from_trust,,,quic,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:15,23003,1,46774,443,15252,443,0x400019,udp,allow,3627,2014,1613,8,2018/11/30 16:07:13,0,any,0,32091116,0x0,192.168.0.0-192.168.255.255,United States,0,5,3,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:16 PA-220 1,2018/11/30 16:09:15,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:15,192.168.15.224,209.234.224.22,192.168.1.63,209.234.224.22,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:15,23919,1,52408,443,40763,443,0x400053,tcp,allow,41753,20642,21111,113,2018/11/30 16:07:33,85,web-advertisements,0,32091117,0x0,192.168.0.0-192.168.255.255,United States,0,62,51,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:22 PA-220 1,2018/11/30 16:09:21,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:21,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,ping,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:21,21394,6,0,0,0,0,0x500019,icmp,allow,1176,588,588,12,2018/11/30 16:09:07,0,any,0,32091118,0x0,192.168.0.0-192.168.255.255,United States,0,6,6,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:22 PA-220 1,2018/11/30 16:09:21,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:21,192.168.15.224,172.217.2.238,192.168.1.63,172.217.2.238,new_outbound_from_trust,,,quic,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:21,23698,1,59190,443,52881,443,0x400019,udp,allow,7097,3365,3732,16,2018/11/30 16:07:04,15,any,0,32091119,0x0,192.168.0.0-192.168.255.255,United States,0,7,9,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:23 PA-220 1,2018/11/30 16:09:22,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:22,192.168.15.207,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:22,24179,1,49728,53,26654,53,0x400019,udp,allow,301,80,221,2,2018/11/30 16:08:50,0,any,0,32091120,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:24 PA-220 1,2018/11/30 16:09:23,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:23,192.168.15.207,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:23,23933,1,50500,53,2486,53,0x400019,udp,allow,298,77,221,2,2018/11/30 16:08:51,0,any,0,32091121,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:25 PA-220 1,2018/11/30 16:09:24,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:24,192.168.15.207,17.249.60.78,192.168.1.63,17.249.60.78,new_outbound_from_trust,,,apple-push-notifications,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:24,22662,1,55112,443,42021,443,0x400053,tcp,allow,9978,4509,5469,32,2018/11/30 15:58:59,593,computer-and-internet-info,0,32091122,0x0,192.168.0.0-192.168.255.255,United States,0,16,16,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:25 PA-220 1,2018/11/30 16:09:24,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:24,192.168.15.207,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:24,24161,1,57632,53,24377,53,0x400019,udp,allow,297,73,224,2,2018/11/30 16:08:52,0,any,0,32091123,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:25 PA-220 1,2018/11/30 16:09:24,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:24,192.168.15.207,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:24,24107,1,50271,53,48792,53,0x400019,udp,allow,186,69,117,2,2018/11/30 16:08:52,0,any,0,32091124,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:25 PA-220 1,2018/11/30 16:09:24,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:24,192.168.15.207,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:24,24063,1,54061,53,2987,53,0x400019,udp,allow,392,85,307,2,2018/11/30 16:08:52,0,any,0,32091125,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:25 PA-220 1,2018/11/30 16:09:24,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:24,192.168.15.207,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:24,24145,1,52701,53,6945,53,0x400019,udp,allow,440,75,365,2,2018/11/30 16:08:52,0,any,0,32091126,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:28 PA-220 1,2018/11/30 16:09:27,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:27,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,ping,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:27,24245,6,0,0,0,0,0x500019,icmp,allow,1176,588,588,12,2018/11/30 16:09:13,0,any,0,32091127,0x0,192.168.0.0-192.168.255.255,United States,0,6,6,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:28 PA-220 1,2018/11/30 16:09:27,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:27,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:27,24167,1,62503,53,42208,53,0x400019,udp,allow,258,97,161,2,2018/11/30 16:08:54,1,any,0,32091128,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:29 PA-220 1,2018/11/30 16:09:28,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:28,192.168.15.224,98.138.49.44,192.168.1.63,98.138.49.44,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:28,24212,1,52442,443,14660,443,0x40001c,tcp,allow,9891,2086,7805,27,2018/11/30 16:08:54,17,web-advertisements,0,32091129,0x0,192.168.0.0-192.168.255.255,United States,0,14,13,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:29 PA-220 1,2018/11/30 16:09:28,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:28,192.168.15.224,72.30.3.43,192.168.1.63,72.30.3.43,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:28,24149,1,52441,443,16483,443,0x40001c,tcp,allow,8460,2354,6106,24,2018/11/30 16:08:54,17,web-advertisements,0,32091130,0x0,192.168.0.0-192.168.255.255,United States,0,13,11,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:30 PA-220 1,2018/11/30 16:09:29,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:29,192.168.15.196,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,ping,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:29,24185,2,0,0,0,0,0x500019,icmp,allow,392,196,196,4,2018/11/30 16:09:15,0,any,0,32091131,0x0,192.168.0.0-192.168.255.255,United States,0,2,2,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:30 PA-220 1,2018/11/30 16:09:29,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:29,192.168.15.224,172.217.9.142,192.168.1.63,172.217.9.142,new_outbound_from_trust,,,ocsp,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:29,23856,1,52355,80,5570,80,0x40001c,tcp,allow,5790,2545,3245,36,2018/11/30 16:07:16,116,computer-and-internet-info,0,32091132,0x0,192.168.0.0-192.168.255.255,United States,0,19,17,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:30 PA-220 1,2018/11/30 16:09:29,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:29,192.168.15.207,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:29,24173,1,50196,53,24430,53,0x400019,udp,allow,261,82,179,2,2018/11/30 16:08:57,0,any,0,32091133,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:31 PA-220 1,2018/11/30 16:09:30,012801096514,TRAFFIC,start,2049,2018/11/30 16:09:30,192.168.15.224,54.84.80.198,192.168.1.63,54.84.80.198,new_outbound_from_trust,,,traps-management-service,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:30,24257,1,52454,443,12122,443,0x400053,tcp,allow,6295,1758,4537,25,2018/11/30 16:09:13,0,computer-and-internet-info,0,32091134,0x0,192.168.0.0-192.168.255.255,United States,0,13,12,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:33 PA-220 1,2018/11/30 16:09:32,012801096514,TRAFFIC,drop,2049,2018/11/30 16:09:32,192.168.15.224,199.167.55.52,192.168.1.63,199.167.55.52,new_outbound_from_trust,,,incomplete,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:32,24090,1,52445,4282,49145,4282,0x400019,tcp,allow,624,624,0,8,2018/11/30 16:09:12,13,any,0,32091135,0x0,192.168.0.0-192.168.255.255,United States,0,8,0,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:34 PA-220 1,2018/11/30 16:09:33,012801096514,TRAFFIC,deny,2049,2018/11/30 16:09:33,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,ping,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:33,24242,6,0,0,0,0,0x500019,icmp,allow,1176,588,588,12,2018/11/30 16:09:19,0,any,0,32091136,0x0,192.168.0.0-192.168.255.255,United States,0,6,6,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:35 PA-220 1,2018/11/30 16:09:34,012801096514,TRAFFIC,,2049,2018/11/30 16:09:34,192.168.15.210,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:34,24190,1,35485,53,33110,53,0x400019,udp,allow,215,85,130,2,2018/11/30 16:09:02,0,any,0,32091137,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:38 PA-220 1,2018/11/30 16:09:37,012801096514,TRAFFIC,test,2049,2018/11/30 16:09:37,192.168.15.224,172.217.9.142,192.168.1.63,172.217.9.142,new_outbound_from_trust,,,quic,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:37,23892,1,62730,443,9299,443,0x400019,udp,allow,4867,2876,1991,12,2018/11/30 16:07:20,15,any,0,32091138,0x0,192.168.0.0-192.168.255.255,United States,0,6,6,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:39 PA-220 1,2018/11/30 16:09:38,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:38,192.168.15.224,151.101.2.2,192.168.1.63,151.101.2.2,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:38,24360,1,52506,443,47194,443,0x40001c,tcp,allow,1623,1100,523,13,2018/11/30 16:09:21,0,business-and-economy,0,32091139,0x0,192.168.0.0-192.168.255.255,United States,0,8,5,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:39 PA-220 1,2018/11/30 16:09:38,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:38,192.168.15.224,216.58.194.66,192.168.1.63,216.58.194.66,new_outbound_from_trust,,,quic,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:38,23952,1,60596,443,62921,443,0x400019,udp,allow,4405,1977,2428,9,2018/11/30 16:07:36,0,any,0,32091140,0x0,192.168.0.0-192.168.255.255,United States,0,5,4,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:40 PA-220 1,2018/11/30 16:09:39,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:39,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,ping,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:39,24328,6,0,0,0,0,0x500019,icmp,allow,1176,588,588,12,2018/11/30 16:09:25,0,any,0,32091141,0x0,192.168.0.0-192.168.255.255,United States,0,6,6,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:40 PA-220 1,2018/11/30 16:09:39,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:39,192.168.15.210,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,ping,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:39,24385,2,0,0,0,0,0x500019,icmp,allow,392,196,196,4,2018/11/30 16:09:25,0,any,0,32091142,0x0,192.168.0.0-192.168.255.255,United States,0,2,2,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:40 PA-220 1,2018/11/30 16:09:39,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:39,192.168.15.224,184.51.253.193,192.168.1.63,184.51.253.193,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:39,24172,1,52514,443,41958,443,0x40001c,tcp,allow,7231,2228,5003,22,2018/11/30 16:09:22,0,web-advertisements,0,32091143,0x0,192.168.0.0-192.168.255.255,United States,0,12,10,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:41 PA-220 1,2018/11/30 16:09:40,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:40,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:40,24131,1,55155,53,51374,53,0x400019,udp,allow,267,96,171,2,2018/11/30 16:09:08,0,any,0,32091144,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:41 PA-220 1,2018/11/30 16:09:40,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:40,192.168.15.224,199.167.55.52,192.168.1.63,199.167.55.52,new_outbound_from_trust,,,incomplete,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:40,24393,1,52445,4282,25566,4282,0x400019,tcp,allow,78,78,0,1,2018/11/30 16:09:33,0,any,0,32091145,0x0,192.168.0.0-192.168.255.255,United States,0,1,0,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:43 PA-220 1,2018/11/30 16:09:42,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:42,192.168.15.224,199.167.52.219,192.168.1.63,199.167.52.219,new_outbound_from_trust,,,tanium,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:42,24976,1,52516,17472,63757,17472,0x40005e,tcp,allow,3402,1086,2316,20,2018/11/30 16:09:25,0,any,0,32091146,0x0,192.168.0.0-192.168.255.255,United States,0,11,9,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:43 PA-220 1,2018/11/30 16:09:42,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:42,192.168.15.224,52.71.117.196,192.168.1.63,52.71.117.196,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:42,24348,1,52511,443,3803,443,0x400053,tcp,allow,16594,2628,13966,38,2018/11/30 16:09:21,4,computer-and-internet-info,0,32091147,0x0,192.168.0.0-192.168.255.255,United States,0,19,19,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24046,1,3018,53,34994,53,0x400019,udp,allow,323,79,244,2,2018/11/30 16:09:12,0,any,0,32091148,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24196,1,16569,53,38064,53,0x400019,udp,allow,300,95,205,2,2018/11/30 16:09:12,0,any,0,32091149,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,35.186.194.41,192.168.1.63,35.186.194.41,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24264,1,52479,443,42924,443,0x400053,tcp,allow,6598,4296,2302,44,2018/11/30 16:09:19,8,insufficient-content,0,32091150,0x0,192.168.0.0-192.168.255.255,United States,0,24,20,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,35.201.124.9,192.168.1.63,35.201.124.9,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24248,1,52478,443,58977,443,0x400053,tcp,allow,65588,58831,6757,104,2018/11/30 16:09:19,8,insufficient-content,0,32091151,0x0,192.168.0.0-192.168.255.255,Asia Pacific Region,0,63,41,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,100.24.131.237,192.168.1.63,100.24.131.237,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24268,1,52502,443,64732,443,0x400053,tcp,allow,13076,4069,9007,32,2018/11/30 16:09:21,6,business-and-economy,0,32091152,0x0,192.168.0.0-192.168.255.255,United States,0,17,15,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,184.51.252.247,192.168.1.63,184.51.252.247,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24175,1,52458,443,58292,443,0x40001c,tcp,allow,1761,1100,661,15,2018/11/30 16:09:14,13,computer-and-internet-info,0,32091153,0x0,192.168.0.0-192.168.255.255,United States,0,8,7,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,35.190.88.148,192.168.1.63,35.190.88.148,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24312,1,52484,443,32209,443,0x400053,tcp,allow,14732,3596,11136,31,2018/11/30 16:09:19,8,computer-and-internet-info,0,32091154,0x0,192.168.0.0-192.168.255.255,United States,0,15,16,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,35.186.243.83,192.168.1.63,35.186.243.83,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24164,1,52482,443,38822,443,0x400053,tcp,allow,14732,3596,11136,31,2018/11/30 16:09:19,8,computer-and-internet-info,0,32091155,0x0,192.168.0.0-192.168.255.255,United States,0,15,16,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,untrust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24198,1,33769,53,16044,53,0x400019,udp,allow,266,84,182,2,2018/11/30 16:09:12,0,any,0,32091156,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,trust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24184,1,14106,53,56614,53,0x400019,udp,allow,164,74,90,2,2018/11/30 16:09:12,0,any,0,32091157,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,100.24.165.74,192.168.1.63,100.24.165.74,new_outbound_from_trust,,,ssl,vsys1,untrust,trust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24314,1,52503,443,53168,443,0x400053,tcp,allow,9400,2731,6669,30,2018/11/30 16:09:21,6,business-and-economy,0,32091158,0x0,192.168.0.0-192.168.255.255,United States,0,17,13,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,184.51.252.247,192.168.1.63,184.51.252.247,new_outbound_from_trust,,,ssl,vsys1,xtrust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24204,1,52459,443,28012,443,0x40001c,tcp,allow,1761,1100,661,15,2018/11/30 16:09:14,13,computer-and-internet-info,0,32091159,0x0,192.168.0.0-192.168.255.255,United States,0,8,7,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,35.201.94.140,192.168.1.63,35.201.94.140,new_outbound_from_trust,,,ssl,vsys1,trust,xuntrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24234,1,52483,443,16050,443,0x400053,tcp,allow,14732,3596,11136,31,2018/11/30 16:09:19,8,computer-and-internet-info,0,32091160,0x0,192.168.0.0-192.168.255.255,Asia Pacific Region,0,15,16,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,ping,vsys1,,,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24390,6,0,0,0,0,0x500019,icmp,allow,1176,588,588,12,2018/11/30 16:09:31,0,any,0,32091161,0x0,192.168.0.0-192.168.255.255,United States,0,6,6,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24093,1,38663,53,61722,53,0x400019,udp,allow,228,84,144,2,2018/11/30 16:09:13,0,any,0,32091162,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24117,1,50443,53,14247,53,0x400019,udp,allow,337,131,206,2,2018/11/30 16:09:13,0,any,0,32091163,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24142,1,54215,53,33580,53,0x400019,udp,allow,337,131,206,2,2018/11/30 16:09:13,0,any,0,32091164,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24195,1,35827,53,13498,53,0x400019,udp,allow,252,83,169,2,2018/11/30 16:09:13,0,any,0,32091165,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24124,1,60609,53,20365,53,0x400019,udp,allow,232,100,132,2,2018/11/30 16:09:13,0,any,0,32091166,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24153,1,3248,53,61464,53,0x400019,udp,allow,206,79,127,2,2018/11/30 16:09:13,0,any,0,32091167,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.196,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24122,1,49284,53,42877,53,0x400019,udp,allow,194,89,105,2,2018/11/30 16:09:13,0,any,0,32091168,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24171,1,57732,53,5918,53,0x400019,udp,allow,269,97,172,2,2018/11/30 16:09:13,0,any,0,32091169,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24069,1,49195,53,28944,53,0x400019,udp,allow,212,78,134,2,2018/11/30 16:09:13,0,any,0,32091170,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24282,1,17266,53,13415,53,0x400019,udp,allow,252,73,179,2,2018/11/30 16:09:13,0,any,0,32091171,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24218,1,48631,53,2489,53,0x400019,udp,allow,308,90,218,2,2018/11/30 16:09:13,0,any,0,32091172,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24200,1,58540,53,49328,53,0x400019,udp,allow,249,77,172,2,2018/11/30 16:09:13,0,any,0,32091173,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24224,1,42678,53,36036,53,0x400019,udp,allow,379,74,305,2,2018/11/30 16:09:13,0,any,0,32091174,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:47 PA-220 1,2018/11/30 16:09:47,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:47,192.168.15.224,66.28.0.45,192.168.1.63,66.28.0.45,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:47,24240,1,16576,53,33744,53,0x400019,udp,allow,603,76,527,2,2018/11/30 16:09:14,0,any,0,32091175,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:47 PA-220 1,2018/11/30 16:09:47,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:47,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:47,24183,1,39830,53,45809,53,0x400019,udp,allow,242,89,153,2,2018/11/30 16:09:14,0,any,0,32091176,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:47 PA-220 1,2018/11/30 16:09:47,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:47,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:47,24211,1,6185,53,3675,53,0x400019,udp,allow,240,71,169,2,2018/11/30 16:09:14,0,any,0,32091177,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:47 PA-220 1,2018/11/30 16:09:47,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:47,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:47,24253,1,8781,53,5787,53,0x400019,udp,allow,208,80,128,2,2018/11/30 16:09:14,0,any,0,32091178,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:47 PA-220 1,2018/11/30 16:09:47,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:47,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:47,24221,1,16788,53,12342,53,0x400019,udp,allow,253,72,181,2,2018/11/30 16:09:14,0,any,0,32091179,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:47 PA-220 1,2018/11/30 16:09:47,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:47,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:47,24310,1,45307,53,18729,53,0x400019,udp,allow,197,76,121,2,2018/11/30 16:09:14,0,any,0,32091180,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:47 PA-220 1,2018/11/30 16:09:47,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:47,192.168.15.224,23.52.174.25,192.168.1.63,23.52.174.25,new_outbound_from_trust,,,ocsp,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:47,24326,1,52520,80,57858,80,0x400053,tcp,allow,1927,681,1246,11,2018/11/30 16:09:29,0,computer-and-internet-info,0,32091181,0x0,192.168.0.0-192.168.255.255,United States,0,6,5,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:47 PA-220 1,2018/11/30 16:09:47,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:47,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:47,24201,1,8503,53,2722,53,0x400019,udp,allow,394,79,315,2,2018/11/30 16:09:13,1,any,0,32091182,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:47 PA-220 1,2018/11/30 16:09:47,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:47,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:47,24130,1,6910,53,6674,53,0x400019,udp,allow,212,82,130,2,2018/11/30 16:09:14,0,any,0,32091183,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:47 PA-220 1,2018/11/30 16:09:47,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:47,192.168.15.224,54.230.5.228,192.168.1.63,54.230.5.228,new_outbound_from_trust,,,incomplete,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:47,24237,1,52475,443,37427,443,0x40001c,tcp,allow,642,354,288,9,2018/11/30 16:09:17,12,any,0,32091184,0x0,192.168.0.0-192.168.255.255,United States,0,5,4,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:47 PA-220 1,2018/11/30 16:09:47,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:47,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:47,24108,1,14342,53,22408,53,0x400019,udp,allow,225,76,149,2,2018/11/30 16:09:14,0,any,0,32091185,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:48 PA-220 1,2018/11/30 16:09:48,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:48,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:48,24247,1,48197,53,27899,53,0x400019,udp,allow,273,71,202,2,2018/11/30 16:09:15,0,any,0,32091186,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:48 PA-220 1,2018/11/30 16:09:48,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:48,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:48,24098,1,32296,53,52939,53,0x400019,udp,allow,270,75,195,2,2018/11/30 16:09:15,0,any,0,32091187,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:48 PA-220 1,2018/11/30 16:09:48,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:48,192.168.15.195,208.83.246.20,192.168.1.63,208.83.246.20,new_outbound_from_trust,,,ntp,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:48,24263,1,33870,123,42907,123,0x400053,udp,allow,180,90,90,2,2018/11/30 16:09:15,0,any,0,32091188,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:49 PA-220 1,2018/11/30 16:09:49,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:49,192.168.15.196,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:49,24258,1,54659,53,19658,53,0x400019,udp,drop ICMP,340,148,192,4,2018/11/30 16:09:16,0,any,0,32091189,0x0,192.168.0.0-192.168.255.255,United States,0,2,2,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:49 PA-220 1,2018/11/30 16:09:49,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:49,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:49,24155,1,57446,53,64352,53,0x400019,udp,reset client,291,83,208,2,2018/11/30 16:09:16,0,any,0,32091190,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:49 PA-220 1,2018/11/30 16:09:49,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:49,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:49,24232,1,22655,53,60126,53,0x400019,udp,reset server,184,84,100,2,2018/11/30 16:09:16,0,any,0,32091191,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:49 PA-220 1,2018/11/30 16:09:49,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:49,192.168.15.224,35.185.88.112,192.168.1.63,35.185.88.112,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:49,24330,1,52509,443,59771,443,0x40001a,tcp,reset both,9290,2053,7237,24,2018/11/30 16:09:21,10,business-and-economy,0,32091192,0x0,192.168.0.0-192.168.255.255,United States,0,13,11,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:49 PA-220 1,2018/11/30 16:09:49,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:49,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:49,23960,1,27192,53,35748,53,0x400019,udp,allow,202,93,109,2,2018/11/30 16:09:16,0,any,0,32091193,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:49 PA-220 1,2018/11/30 16:09:49,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:49,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:49,24236,1,30221,53,63701,53,0x400019,udp,allow,200,84,116,2,2018/11/30 16:09:16,0,any,0,32091194,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:49 PA-220 1,2018/11/30 16:09:49,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:49,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:49,24276,1,30570,53,57872,53,0x400019,udp,allow,160,64,96,2,2018/11/30 16:09:16,0,any,0,32091195,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:50 PA-220 1,2018/11/30 16:09:50,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:50,192.168.15.224,50.19.85.24,192.168.1.63,50.19.85.24,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:50,24299,1,52497,443,37581,443,0x40001c,tcp,allow,1754,1100,654,15,2018/11/30 16:09:21,11,business-and-economy,0,32091196,0x0,192.168.0.0-192.168.255.255,United States,0,8,7,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:50 PA-220 1,2018/11/30 16:09:50,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:50,192.168.15.224,50.19.85.24,192.168.1.63,50.19.85.24,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:50,24229,1,52498,443,19226,443,0x40001c,tcp,allow,1754,1100,654,15,2018/11/30 16:09:21,11,business-and-economy,0,32091197,0x0,192.168.0.0-192.168.255.255,United States,0,8,7,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:50 PA-220 1,2018/11/30 16:09:50,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:50,192.168.15.224,50.19.85.24,192.168.1.63,50.19.85.24,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:50,24283,1,52496,443,61721,443,0x40001c,tcp,allow,1754,1100,654,15,2018/11/30 16:09:21,11,business-and-economy,0,32091198,0x0,192.168.0.0-192.168.255.255,United States,0,8,7,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:50 PA-220 1,2018/11/30 16:09:50,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:50,192.168.15.224,104.254.150.9,192.168.1.63,104.254.150.9,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:50,24369,1,52510,443,10098,443,0x40001a,tcp,allow,10511,2691,7820,22,2018/11/30 16:09:21,11,web-advertisements,0,32091199,0x0,192.168.0.0-192.168.255.255,United States,0,12,10,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:50 PA-220 1,2018/11/30 16:09:50,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:50,192.168.15.224,50.19.85.24,192.168.1.63,50.19.85.24,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:50,24354,1,52495,443,4564,443,0x40001c,tcp,allow,1754,1100,654,15,2018/11/30 16:09:21,11,business-and-economy,0,32091200,0x0,192.168.0.0-192.168.255.255,United States,0,8,7,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:50 PA-220 1,2018/11/30 16:09:50,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:50,192.168.15.224,52.0.218.108,192.168.1.63,52.0.218.108,new_outbound_from_trust,,,incomplete,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:50,24254,1,52486,443,32104,443,0x40001c,tcp,allow,490,276,214,7,2018/11/30 16:09:20,12,any,0,32091201,0x0,192.168.0.0-192.168.255.255,United States,0,4,3,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:50 PA-220 1,2018/11/30 16:09:50,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:50,192.168.15.224,52.6.117.19,192.168.1.63,52.6.117.19,new_outbound_from_trust,,,incomplete,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:50,24246,1,52489,443,14172,443,0x40001c,tcp,allow,490,276,214,7,2018/11/30 16:09:20,12,any,0,32091202,0x0,192.168.0.0-192.168.255.255,United States,0,4,3,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:50 PA-220 1,2018/11/30 16:09:50,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:50,192.168.15.224,34.238.96.22,192.168.1.63,34.238.96.22,new_outbound_from_trust,,,incomplete,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:50,24343,1,52490,443,10286,443,0x40001c,tcp,allow,490,276,214,7,2018/11/30 16:09:20,12,any,0,32091203,0x0,192.168.0.0-192.168.255.255,United States,0,4,3,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:50 PA-220 1,2018/11/30 16:09:50,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:50,192.168.15.224,130.211.47.17,192.168.1.63,130.211.47.17,new_outbound_from_trust,,,incomplete,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:50,24262,1,52493,443,30799,443,0x40001c,tcp,allow,556,276,280,8,2018/11/30 16:09:20,12,any,0,32091204,0x0,192.168.0.0-192.168.255.255,United States,0,4,4,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:51 PA-220 1,2018/11/30 16:09:51,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:51,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:51,24281,1,59320,53,13490,53,0x400019,udp,allow,269,97,172,2,2018/11/30 16:09:18,0,any,0,32091205,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:52 PA-220 1,2018/11/30 16:09:52,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:52,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,ping,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:52,24424,6,0,0,0,0,0x500019,icmp,allow,1176,588,588,12,2018/11/30 16:09:37,0,any,0,32091206,0x0,192.168.0.0-192.168.255.255,United States,0,6,6,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:52 PA-220 1,2018/11/30 16:09:52,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:52,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:52,24230,1,13076,53,53751,53,0x400019,udp,allow,172,78,94,2,2018/11/30 16:09:19,0,any,0,32091207,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:52 PA-220 1,2018/11/30 16:09:52,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:52,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:52,24243,1,5511,53,21643,53,0x400019,udp,allow,242,72,170,2,2018/11/30 16:09:19,0,any,0,32091208,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:52 PA-220 1,2018/11/30 16:09:52,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:52,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:52,24077,1,9799,53,22446,53,0x400019,udp,allow,172,78,94,2,2018/11/30 16:09:19,0,any,0,32091209,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:52 PA-220 1,2018/11/30 16:09:52,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:52,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:52,24266,1,39169,53,22301,53,0x400019,udp,allow,172,78,94,2,2018/11/30 16:09:19,0,any,0,32091210,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 +Nov 30 16:09:52 PA-220 1,2018/11/30 16:09:52,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:52,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:52,24269,1,42476,53,58124,53,0x400019,udp,allow,238,72,166,2,2018/11/30 16:09:19,0,any,0,32091211,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0 diff --git a/filebeat/module/panw/panos/test/traffic.log-expected.json b/filebeat/module/panw/panos/test/traffic.log-expected.json new file mode 100644 index 00000000000..9e1333f9fb8 --- /dev/null +++ b/filebeat/module/panw/panos/test/traffic.log-expected.json @@ -0,0 +1,9158 @@ +[ + { + "@timestamp": "2018-11-30T16:09:07.000-02:00", + "client.bytes": 1758, + "client.ip": "192.168.15.207", + "client.packets": 20, + "client.port": 55113, + "destination.address": "184.51.253.152", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.bytes": 1758, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "184.51.253.152", + "destination.nat.ip": "184.51.253.152", + "destination.nat.port": 443, + "destination.packets": 16, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 586000000000, + "event.end": "2018-11-30T16:08:50.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T15:59:04.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 0, + "log.original": "Nov 30 16:09:08 PA-220 1,2018/11/30 16:09:07,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:07,192.168.15.207,184.51.253.152,192.168.1.63,184.51.253.152,new_outbound_from_trust,,,apple-maps,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:07,22751,1,55113,443,16418,443,0x400053,tcp,allow,7734,1758,5976,36,2018/11/30 15:59:04,586,computer-and-internet-info,0,32091112,0x0,192.168.0.0-192.168.255.255,United States,0,16,20,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "apple-maps", + "network.bytes": 7734, + "network.community_id": [ + "1:MhgXJlTEvCKgoyqMC+Xo7qMVGqc=", + "1:D1fZ8H3SfYS5p3yDzVdiwbnGJlU=" + ], + "network.direction": "outbound", + "network.packets": 36, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "184.51.253.152", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "22751", + "panw.panos.network.nat.community_id": "1:D1fZ8H3SfYS5p3yDzVdiwbnGJlU=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091112, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 16418, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-info", + "related.ip": [ + "192.168.15.207", + "184.51.253.152", + "192.168.1.63", + "184.51.253.152" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 5976, + "server.ip": "184.51.253.152", + "server.packets": 16, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.207", + "source.bytes": 5976, + "source.ip": "192.168.15.207", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 16418, + "source.packets": 20, + "source.port": 55113, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:09.000-02:00", + "client.bytes": 588, + "client.ip": "192.168.15.224", + "client.packets": 6, + "client.port": 0, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 588, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 0, + "destination.packets": 6, + "destination.port": 0, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:08:55.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:08:55.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 503, + "log.original": "Nov 30 16:09:10 PA-220 1,2018/11/30 16:09:09,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:09,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,ping,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:09,24223,6,0,0,0,0,0x500019,icmp,allow,1176,588,588,12,2018/11/30 16:08:55,0,any,0,32091113,0x0,192.168.0.0-192.168.255.255,United States,0,6,6,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ping", + "network.bytes": 1176, + "network.community_id": [ + "1:iNhLzwoKKarTKCq59Sts/hhZN7Q=", + "1:QVXHpdoObbzEeqP6DGULYxqYgAY=" + ], + "network.direction": "outbound", + "network.packets": 12, + "network.transport": "icmp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24223", + "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091113, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 588, + "server.ip": "8.8.8.8", + "server.packets": 6, + "server.port": 0, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 588, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 0, + "source.packets": 6, + "source.port": 0, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:09.000-02:00", + "client.bytes": 539, + "client.ip": "192.168.15.207", + "client.packets": 5, + "client.port": 55114, + "destination.address": "17.253.3.202", + "destination.as.number": 6185, + "destination.as.organization.name": "Apple Inc.", + "destination.bytes": 539, + "destination.geo.city_name": "Dallas", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 32.7787, + "destination.geo.location.lon": -96.8217, + "destination.geo.region_iso_code": "US-TX", + "destination.geo.region_name": "Texas", + "destination.ip": "17.253.3.202", + "destination.nat.ip": "17.253.3.202", + "destination.nat.port": 80, + "destination.packets": 6, + "destination.port": 80, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 1000000000, + "event.end": "2018-11-30T16:08:52.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:08:51.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 947, + "log.original": "Nov 30 16:09:10 PA-220 1,2018/11/30 16:09:09,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:09,192.168.15.207,17.253.3.202,192.168.1.63,17.253.3.202,new_outbound_from_trust,,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:09,24138,1,55114,80,51990,80,0x40001c,tcp,allow,1574,539,1035,11,2018/11/30 16:08:51,1,computer-and-internet-info,0,32091114,0x0,192.168.0.0-192.168.255.255,United States,0,6,5,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "web-browsing", + "network.bytes": 1574, + "network.community_id": [ + "1:L9wP4JYo+V/38JhXYBMQf/hWYoQ=", + "1:VnGCPYRgvHZCFJBmPOwtCg7/sMY=" + ], + "network.direction": "outbound", + "network.packets": 11, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "17.253.3.202", + "panw.panos.destination.nat.port": 80, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24138", + "panw.panos.network.nat.community_id": "1:VnGCPYRgvHZCFJBmPOwtCg7/sMY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091114, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 51990, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-info", + "related.ip": [ + "192.168.15.207", + "17.253.3.202", + "192.168.1.63", + "17.253.3.202" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 1035, + "server.ip": "17.253.3.202", + "server.packets": 6, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.15.207", + "source.bytes": 1035, + "source.ip": "192.168.15.207", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 51990, + "source.packets": 5, + "source.port": 55114, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:15.000-02:00", + "client.bytes": 588, + "client.ip": "192.168.15.224", + "client.packets": 6, + "client.port": 0, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 588, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 0, + "destination.packets": 6, + "destination.port": 0, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:01.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:01.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 1441, + "log.original": "Nov 30 16:09:16 PA-220 1,2018/11/30 16:09:15,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:15,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,ping,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:15,24043,6,0,0,0,0,0x500019,icmp,allow,1176,588,588,12,2018/11/30 16:09:01,0,any,0,32091115,0x0,192.168.0.0-192.168.255.255,United States,0,6,6,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ping", + "network.bytes": 1176, + "network.community_id": [ + "1:iNhLzwoKKarTKCq59Sts/hhZN7Q=", + "1:QVXHpdoObbzEeqP6DGULYxqYgAY=" + ], + "network.direction": "outbound", + "network.packets": 12, + "network.transport": "icmp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24043", + "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091115, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 588, + "server.ip": "8.8.8.8", + "server.packets": 6, + "server.port": 0, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 588, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 0, + "source.packets": 6, + "source.port": 0, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:15.000-02:00", + "client.bytes": 2014, + "client.ip": "192.168.15.196", + "client.packets": 3, + "client.port": 46774, + "destination.address": "216.58.194.99", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 2014, + "destination.geo.city_name": "Mountain View", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.3861, + "destination.geo.location.lon": -122.0839, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", + "destination.ip": "216.58.194.99", + "destination.nat.ip": "216.58.194.99", + "destination.nat.port": 443, + "destination.packets": 5, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:07:13.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:07:13.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 1885, + "log.original": "Nov 30 16:09:16 PA-220 1,2018/11/30 16:09:15,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:15,192.168.15.196,216.58.194.99,192.168.1.63,216.58.194.99,new_outbound_from_trust,,,quic,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:15,23003,1,46774,443,15252,443,0x400019,udp,allow,3627,2014,1613,8,2018/11/30 16:07:13,0,any,0,32091116,0x0,192.168.0.0-192.168.255.255,United States,0,5,3,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "quic", + "network.bytes": 3627, + "network.community_id": [ + "1:bfDHy9SG4Mhm/ohGXQNZR3yF5sI=", + "1:pvg9sIAzBs2eyqMclcdCIYEBO1Q=" + ], + "network.direction": "outbound", + "network.packets": 8, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "216.58.194.99", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23003", + "panw.panos.network.nat.community_id": "1:pvg9sIAzBs2eyqMclcdCIYEBO1Q=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091116, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 15252, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.196", + "216.58.194.99", + "192.168.1.63", + "216.58.194.99" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 1613, + "server.ip": "216.58.194.99", + "server.packets": 5, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.196", + "source.bytes": 1613, + "source.ip": "192.168.15.196", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 15252, + "source.packets": 3, + "source.port": 46774, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:15.000-02:00", + "client.bytes": 20642, + "client.ip": "192.168.15.224", + "client.packets": 51, + "client.port": 52408, + "destination.address": "209.234.224.22", + "destination.as.number": 395162, + "destination.as.organization.name": "Markit On Demand, Inc.", + "destination.bytes": 20642, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "209.234.224.22", + "destination.nat.ip": "209.234.224.22", + "destination.nat.port": 443, + "destination.packets": 62, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 85000000000, + "event.end": "2018-11-30T16:08:58.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:07:33.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 2353, + "log.original": "Nov 30 16:09:16 PA-220 1,2018/11/30 16:09:15,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:15,192.168.15.224,209.234.224.22,192.168.1.63,209.234.224.22,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:15,23919,1,52408,443,40763,443,0x400053,tcp,allow,41753,20642,21111,113,2018/11/30 16:07:33,85,web-advertisements,0,32091117,0x0,192.168.0.0-192.168.255.255,United States,0,62,51,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ssl", + "network.bytes": 41753, + "network.community_id": [ + "1:A+0qkq/2rxZS/+I/sm0SFOWOkwY=", + "1:u81/Ahz4HsL4LAVrUEiPkbXlX9A=" + ], + "network.direction": "outbound", + "network.packets": 113, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "209.234.224.22", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23919", + "panw.panos.network.nat.community_id": "1:u81/Ahz4HsL4LAVrUEiPkbXlX9A=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091117, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 40763, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "web-advertisements", + "related.ip": [ + "192.168.15.224", + "209.234.224.22", + "192.168.1.63", + "209.234.224.22" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 21111, + "server.ip": "209.234.224.22", + "server.packets": 62, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 21111, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 40763, + "source.packets": 51, + "source.port": 52408, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:21.000-02:00", + "client.bytes": 588, + "client.ip": "192.168.15.224", + "client.packets": 6, + "client.port": 0, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 588, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 0, + "destination.packets": 6, + "destination.port": 0, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:07.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:07.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 2844, + "log.original": "Nov 30 16:09:22 PA-220 1,2018/11/30 16:09:21,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:21,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,ping,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:21,21394,6,0,0,0,0,0x500019,icmp,allow,1176,588,588,12,2018/11/30 16:09:07,0,any,0,32091118,0x0,192.168.0.0-192.168.255.255,United States,0,6,6,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ping", + "network.bytes": 1176, + "network.community_id": [ + "1:iNhLzwoKKarTKCq59Sts/hhZN7Q=", + "1:QVXHpdoObbzEeqP6DGULYxqYgAY=" + ], + "network.direction": "outbound", + "network.packets": 12, + "network.transport": "icmp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "21394", + "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091118, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 588, + "server.ip": "8.8.8.8", + "server.packets": 6, + "server.port": 0, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 588, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 0, + "source.packets": 6, + "source.port": 0, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:21.000-02:00", + "client.bytes": 3365, + "client.ip": "192.168.15.224", + "client.packets": 9, + "client.port": 59190, + "destination.address": "172.217.2.238", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 3365, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "172.217.2.238", + "destination.nat.ip": "172.217.2.238", + "destination.nat.port": 443, + "destination.packets": 7, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 15000000000, + "event.end": "2018-11-30T16:07:19.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:07:04.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 3288, + "log.original": "Nov 30 16:09:22 PA-220 1,2018/11/30 16:09:21,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:21,192.168.15.224,172.217.2.238,192.168.1.63,172.217.2.238,new_outbound_from_trust,,,quic,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:21,23698,1,59190,443,52881,443,0x400019,udp,allow,7097,3365,3732,16,2018/11/30 16:07:04,15,any,0,32091119,0x0,192.168.0.0-192.168.255.255,United States,0,7,9,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "quic", + "network.bytes": 7097, + "network.community_id": [ + "1:q1tj6dPFkb+U8mUSdFp3CbUFXUk=", + "1:DoBKpBbAds/XQwbKPGjMrcuHTGo=" + ], + "network.direction": "outbound", + "network.packets": 16, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "172.217.2.238", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23698", + "panw.panos.network.nat.community_id": "1:DoBKpBbAds/XQwbKPGjMrcuHTGo=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091119, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 52881, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "172.217.2.238", + "192.168.1.63", + "172.217.2.238" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 3732, + "server.ip": "172.217.2.238", + "server.packets": 7, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 3732, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 52881, + "source.packets": 9, + "source.port": 59190, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:22.000-02:00", + "client.bytes": 80, + "client.ip": "192.168.15.207", + "client.packets": 1, + "client.port": 49728, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 80, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:08:50.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:08:50.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 3758, + "log.original": "Nov 30 16:09:23 PA-220 1,2018/11/30 16:09:22,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:22,192.168.15.207,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:22,24179,1,49728,53,26654,53,0x400019,udp,allow,301,80,221,2,2018/11/30 16:08:50,0,any,0,32091120,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 301, + "network.community_id": [ + "1:l1lEn2QIKjwJgww02PEndRveudE=", + "1:viuINkmqZ3Q7wH9NHmhVu6rZuOs=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24179", + "panw.panos.network.nat.community_id": "1:viuINkmqZ3Q7wH9NHmhVu6rZuOs=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091120, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 26654, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.207", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 221, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.207", + "source.bytes": 221, + "source.ip": "192.168.15.207", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 26654, + "source.packets": 1, + "source.port": 49728, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:23.000-02:00", + "client.bytes": 77, + "client.ip": "192.168.15.207", + "client.packets": 1, + "client.port": 50500, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 77, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:08:51.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:08:51.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 4207, + "log.original": "Nov 30 16:09:24 PA-220 1,2018/11/30 16:09:23,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:23,192.168.15.207,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:23,23933,1,50500,53,2486,53,0x400019,udp,allow,298,77,221,2,2018/11/30 16:08:51,0,any,0,32091121,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 298, + "network.community_id": [ + "1:RK6Ut4Rb0DTrl9IRf27cop79UwI=", + "1:wR8JpmqlhC4f7BvxdzxRlKdkPiQ=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23933", + "panw.panos.network.nat.community_id": "1:wR8JpmqlhC4f7BvxdzxRlKdkPiQ=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091121, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 2486, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.207", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 221, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.207", + "source.bytes": 221, + "source.ip": "192.168.15.207", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 2486, + "source.packets": 1, + "source.port": 50500, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:24.000-02:00", + "client.bytes": 4509, + "client.ip": "192.168.15.207", + "client.packets": 16, + "client.port": 55112, + "destination.address": "17.249.60.78", + "destination.as.number": 714, + "destination.as.organization.name": "Apple Inc.", + "destination.bytes": 4509, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "17.249.60.78", + "destination.nat.ip": "17.249.60.78", + "destination.nat.port": 443, + "destination.packets": 16, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 593000000000, + "event.end": "2018-11-30T16:08:52.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T15:58:59.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 4655, + "log.original": "Nov 30 16:09:25 PA-220 1,2018/11/30 16:09:24,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:24,192.168.15.207,17.249.60.78,192.168.1.63,17.249.60.78,new_outbound_from_trust,,,apple-push-notifications,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:24,22662,1,55112,443,42021,443,0x400053,tcp,allow,9978,4509,5469,32,2018/11/30 15:58:59,593,computer-and-internet-info,0,32091122,0x0,192.168.0.0-192.168.255.255,United States,0,16,16,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "apple-push-notifications", + "network.bytes": 9978, + "network.community_id": [ + "1:89DsXq0JlAcm8a60Q9a+OELsT0Y=", + "1:JuPhgq+FyomxcGW/tt851C0l4Hg=" + ], + "network.direction": "outbound", + "network.packets": 32, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "17.249.60.78", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "22662", + "panw.panos.network.nat.community_id": "1:JuPhgq+FyomxcGW/tt851C0l4Hg=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091122, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 42021, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-info", + "related.ip": [ + "192.168.15.207", + "17.249.60.78", + "192.168.1.63", + "17.249.60.78" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 5469, + "server.ip": "17.249.60.78", + "server.packets": 16, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.207", + "source.bytes": 5469, + "source.ip": "192.168.15.207", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 42021, + "source.packets": 16, + "source.port": 55112, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:24.000-02:00", + "client.bytes": 73, + "client.ip": "192.168.15.207", + "client.packets": 1, + "client.port": 57632, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 73, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:08:52.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:08:52.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 5180, + "log.original": "Nov 30 16:09:25 PA-220 1,2018/11/30 16:09:24,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:24,192.168.15.207,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:24,24161,1,57632,53,24377,53,0x400019,udp,allow,297,73,224,2,2018/11/30 16:08:52,0,any,0,32091123,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 297, + "network.community_id": [ + "1:5lGtGtzRH+NHOqMOFVuXwxg5nCo=", + "1:rsDXUIQYGBC2VYTxep2/bVIc3Xs=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24161", + "panw.panos.network.nat.community_id": "1:rsDXUIQYGBC2VYTxep2/bVIc3Xs=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091123, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 24377, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.207", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 224, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.207", + "source.bytes": 224, + "source.ip": "192.168.15.207", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 24377, + "source.packets": 1, + "source.port": 57632, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:24.000-02:00", + "client.bytes": 69, + "client.ip": "192.168.15.207", + "client.packets": 1, + "client.port": 50271, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 69, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:08:52.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:08:52.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 5629, + "log.original": "Nov 30 16:09:25 PA-220 1,2018/11/30 16:09:24,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:24,192.168.15.207,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:24,24107,1,50271,53,48792,53,0x400019,udp,allow,186,69,117,2,2018/11/30 16:08:52,0,any,0,32091124,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 186, + "network.community_id": [ + "1:WbAIgVVT23pzqAJkSDF68HGSPY4=", + "1:ewaPydF3S4wOU8oEi8ykj+ETSIY=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24107", + "panw.panos.network.nat.community_id": "1:ewaPydF3S4wOU8oEi8ykj+ETSIY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091124, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 48792, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.207", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 117, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.207", + "source.bytes": 117, + "source.ip": "192.168.15.207", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 48792, + "source.packets": 1, + "source.port": 50271, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:24.000-02:00", + "client.bytes": 85, + "client.ip": "192.168.15.207", + "client.packets": 1, + "client.port": 54061, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 85, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:08:52.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:08:52.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 6078, + "log.original": "Nov 30 16:09:25 PA-220 1,2018/11/30 16:09:24,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:24,192.168.15.207,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:24,24063,1,54061,53,2987,53,0x400019,udp,allow,392,85,307,2,2018/11/30 16:08:52,0,any,0,32091125,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 392, + "network.community_id": [ + "1:b+lWViOjpbOZConz3JzrSDR609Q=", + "1:+6FjOLCCWY+JDxSWKn7tYpAXksA=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24063", + "panw.panos.network.nat.community_id": "1:+6FjOLCCWY+JDxSWKn7tYpAXksA=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091125, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 2987, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.207", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 307, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.207", + "source.bytes": 307, + "source.ip": "192.168.15.207", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 2987, + "source.packets": 1, + "source.port": 54061, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:24.000-02:00", + "client.bytes": 75, + "client.ip": "192.168.15.207", + "client.packets": 1, + "client.port": 52701, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 75, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:08:52.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:08:52.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 6526, + "log.original": "Nov 30 16:09:25 PA-220 1,2018/11/30 16:09:24,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:24,192.168.15.207,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:24,24145,1,52701,53,6945,53,0x400019,udp,allow,440,75,365,2,2018/11/30 16:08:52,0,any,0,32091126,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 440, + "network.community_id": [ + "1:dnGaTG13rwIh66+Pj0GQSdJMhu8=", + "1:rR5F8eZHI1nwmznedxqG9e8vUQE=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24145", + "panw.panos.network.nat.community_id": "1:rR5F8eZHI1nwmznedxqG9e8vUQE=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091126, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 6945, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.207", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 365, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.207", + "source.bytes": 365, + "source.ip": "192.168.15.207", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 6945, + "source.packets": 1, + "source.port": 52701, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:27.000-02:00", + "client.bytes": 588, + "client.ip": "192.168.15.224", + "client.packets": 6, + "client.port": 0, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 588, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 0, + "destination.packets": 6, + "destination.port": 0, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:13.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 6974, + "log.original": "Nov 30 16:09:28 PA-220 1,2018/11/30 16:09:27,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:27,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,ping,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:27,24245,6,0,0,0,0,0x500019,icmp,allow,1176,588,588,12,2018/11/30 16:09:13,0,any,0,32091127,0x0,192.168.0.0-192.168.255.255,United States,0,6,6,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ping", + "network.bytes": 1176, + "network.community_id": [ + "1:iNhLzwoKKarTKCq59Sts/hhZN7Q=", + "1:QVXHpdoObbzEeqP6DGULYxqYgAY=" + ], + "network.direction": "outbound", + "network.packets": 12, + "network.transport": "icmp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24245", + "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091127, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 588, + "server.ip": "8.8.8.8", + "server.packets": 6, + "server.port": 0, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 588, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 0, + "source.packets": 6, + "source.port": 0, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:27.000-02:00", + "client.bytes": 97, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 62503, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 97, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 1000000000, + "event.end": "2018-11-30T16:08:55.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:08:54.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 7418, + "log.original": "Nov 30 16:09:28 PA-220 1,2018/11/30 16:09:27,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:27,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:27,24167,1,62503,53,42208,53,0x400019,udp,allow,258,97,161,2,2018/11/30 16:08:54,1,any,0,32091128,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 258, + "network.community_id": [ + "1:Jof66SUOY3j4C+WrZwbgtKls1/Y=", + "1:81Mi4MwpmNYtUrc7CMJH0MPRelU=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24167", + "panw.panos.network.nat.community_id": "1:81Mi4MwpmNYtUrc7CMJH0MPRelU=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091128, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 42208, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 161, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 161, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 42208, + "source.packets": 1, + "source.port": 62503, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:28.000-02:00", + "client.bytes": 2086, + "client.ip": "192.168.15.224", + "client.packets": 13, + "client.port": 52442, + "destination.address": "98.138.49.44", + "destination.as.number": 36646, + "destination.as.organization.name": "Oath Holdings Inc.", + "destination.bytes": 2086, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "98.138.49.44", + "destination.nat.ip": "98.138.49.44", + "destination.nat.port": 443, + "destination.packets": 14, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 17000000000, + "event.end": "2018-11-30T16:09:11.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:08:54.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 7867, + "log.original": "Nov 30 16:09:29 PA-220 1,2018/11/30 16:09:28,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:28,192.168.15.224,98.138.49.44,192.168.1.63,98.138.49.44,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:28,24212,1,52442,443,14660,443,0x40001c,tcp,allow,9891,2086,7805,27,2018/11/30 16:08:54,17,web-advertisements,0,32091129,0x0,192.168.0.0-192.168.255.255,United States,0,14,13,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ssl", + "network.bytes": 9891, + "network.community_id": [ + "1:08BinpWe/JWymiOV0oCsRR8Lo4Q=", + "1:FfbVY/+5Mds7zDjSs5/Yfw5bxNQ=" + ], + "network.direction": "outbound", + "network.packets": 27, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "98.138.49.44", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24212", + "panw.panos.network.nat.community_id": "1:FfbVY/+5Mds7zDjSs5/Yfw5bxNQ=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091129, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 14660, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "web-advertisements", + "related.ip": [ + "192.168.15.224", + "98.138.49.44", + "192.168.1.63", + "98.138.49.44" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 7805, + "server.ip": "98.138.49.44", + "server.packets": 14, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 7805, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 14660, + "source.packets": 13, + "source.port": 52442, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:28.000-02:00", + "client.bytes": 2354, + "client.ip": "192.168.15.224", + "client.packets": 11, + "client.port": 52441, + "destination.address": "72.30.3.43", + "destination.as.number": 26101, + "destination.as.organization.name": "Oath Holdings Inc.", + "destination.bytes": 2354, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "72.30.3.43", + "destination.nat.ip": "72.30.3.43", + "destination.nat.port": 443, + "destination.packets": 13, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 17000000000, + "event.end": "2018-11-30T16:09:11.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:08:54.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 8350, + "log.original": "Nov 30 16:09:29 PA-220 1,2018/11/30 16:09:28,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:28,192.168.15.224,72.30.3.43,192.168.1.63,72.30.3.43,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:28,24149,1,52441,443,16483,443,0x40001c,tcp,allow,8460,2354,6106,24,2018/11/30 16:08:54,17,web-advertisements,0,32091130,0x0,192.168.0.0-192.168.255.255,United States,0,13,11,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ssl", + "network.bytes": 8460, + "network.community_id": [ + "1:2NNXjZpDcB9oYU1TRLRSU5v7hoQ=", + "1:TGvDRLypWuNWkuMsAxPzc5TSbAo=" + ], + "network.direction": "outbound", + "network.packets": 24, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "72.30.3.43", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24149", + "panw.panos.network.nat.community_id": "1:TGvDRLypWuNWkuMsAxPzc5TSbAo=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091130, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 16483, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "web-advertisements", + "related.ip": [ + "192.168.15.224", + "72.30.3.43", + "192.168.1.63", + "72.30.3.43" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 6106, + "server.ip": "72.30.3.43", + "server.packets": 13, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 6106, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 16483, + "source.packets": 11, + "source.port": 52441, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:29.000-02:00", + "client.bytes": 196, + "client.ip": "192.168.15.196", + "client.packets": 2, + "client.port": 0, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 196, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 0, + "destination.packets": 2, + "destination.port": 0, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:15.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:15.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 8829, + "log.original": "Nov 30 16:09:30 PA-220 1,2018/11/30 16:09:29,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:29,192.168.15.196,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,ping,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:29,24185,2,0,0,0,0,0x500019,icmp,allow,392,196,196,4,2018/11/30 16:09:15,0,any,0,32091131,0x0,192.168.0.0-192.168.255.255,United States,0,2,2,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ping", + "network.bytes": 392, + "network.community_id": [ + "1:/l9vT9UwjkUeC6vNW93wy71+TBk=", + "1:QVXHpdoObbzEeqP6DGULYxqYgAY=" + ], + "network.direction": "outbound", + "network.packets": 4, + "network.transport": "icmp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24185", + "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091131, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.196", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 196, + "server.ip": "8.8.8.8", + "server.packets": 2, + "server.port": 0, + "service.type": "panw", + "source.address": "192.168.15.196", + "source.bytes": 196, + "source.ip": "192.168.15.196", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 0, + "source.packets": 2, + "source.port": 0, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:29.000-02:00", + "client.bytes": 2545, + "client.ip": "192.168.15.224", + "client.packets": 17, + "client.port": 52355, + "destination.address": "172.217.9.142", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 2545, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "172.217.9.142", + "destination.nat.ip": "172.217.9.142", + "destination.nat.port": 80, + "destination.packets": 19, + "destination.port": 80, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 116000000000, + "event.end": "2018-11-30T16:09:12.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:07:16.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 9271, + "log.original": "Nov 30 16:09:30 PA-220 1,2018/11/30 16:09:29,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:29,192.168.15.224,172.217.9.142,192.168.1.63,172.217.9.142,new_outbound_from_trust,,,ocsp,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:29,23856,1,52355,80,5570,80,0x40001c,tcp,allow,5790,2545,3245,36,2018/11/30 16:07:16,116,computer-and-internet-info,0,32091132,0x0,192.168.0.0-192.168.255.255,United States,0,19,17,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ocsp", + "network.bytes": 5790, + "network.community_id": [ + "1:JJQ4CQTTE3x7lV+Npo80V7dd6ts=", + "1:NNgF+9vrbBFNpCI3JhUT4YWepd4=" + ], + "network.direction": "outbound", + "network.packets": 36, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "172.217.9.142", + "panw.panos.destination.nat.port": 80, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23856", + "panw.panos.network.nat.community_id": "1:NNgF+9vrbBFNpCI3JhUT4YWepd4=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091132, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 5570, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-info", + "related.ip": [ + "192.168.15.224", + "172.217.9.142", + "192.168.1.63", + "172.217.9.142" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 3245, + "server.ip": "172.217.9.142", + "server.packets": 19, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 3245, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 5570, + "source.packets": 17, + "source.port": 52355, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:29.000-02:00", + "client.bytes": 82, + "client.ip": "192.168.15.207", + "client.packets": 1, + "client.port": 50196, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 82, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:08:57.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:08:57.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 9763, + "log.original": "Nov 30 16:09:30 PA-220 1,2018/11/30 16:09:29,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:29,192.168.15.207,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:29,24173,1,50196,53,24430,53,0x400019,udp,allow,261,82,179,2,2018/11/30 16:08:57,0,any,0,32091133,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 261, + "network.community_id": [ + "1:URR/wC9NPuHbnjGQ1Y7LffVYlTc=", + "1:9T+RKr8xDB21pvAf/Fihyq72sLY=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24173", + "panw.panos.network.nat.community_id": "1:9T+RKr8xDB21pvAf/Fihyq72sLY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091133, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 24430, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.207", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 179, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.207", + "source.bytes": 179, + "source.ip": "192.168.15.207", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 24430, + "source.packets": 1, + "source.port": 50196, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:30.000-02:00", + "client.bytes": 1758, + "client.ip": "192.168.15.224", + "client.packets": 12, + "client.port": 52454, + "destination.address": "54.84.80.198", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.bytes": 1758, + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "54.84.80.198", + "destination.nat.ip": "54.84.80.198", + "destination.nat.port": 443, + "destination.packets": 13, + "destination.port": 443, + "event.action": "flow_started", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:13.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 10212, + "log.original": "Nov 30 16:09:31 PA-220 1,2018/11/30 16:09:30,012801096514,TRAFFIC,start,2049,2018/11/30 16:09:30,192.168.15.224,54.84.80.198,192.168.1.63,54.84.80.198,new_outbound_from_trust,,,traps-management-service,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:30,24257,1,52454,443,12122,443,0x400053,tcp,allow,6295,1758,4537,25,2018/11/30 16:09:13,0,computer-and-internet-info,0,32091134,0x0,192.168.0.0-192.168.255.255,United States,0,13,12,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "traps-management-service", + "network.bytes": 6295, + "network.community_id": [ + "1:OnS/uikvrbdse63UYQtmHKrEk7k=", + "1:k69UBIONLgCiGo9UhMOEY0pQnZ4=" + ], + "network.direction": "outbound", + "network.packets": 25, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.84.80.198", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24257", + "panw.panos.network.nat.community_id": "1:k69UBIONLgCiGo9UhMOEY0pQnZ4=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091134, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 12122, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-info", + "related.ip": [ + "192.168.15.224", + "54.84.80.198", + "192.168.1.63", + "54.84.80.198" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 4537, + "server.ip": "54.84.80.198", + "server.packets": 13, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 4537, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 12122, + "source.packets": 12, + "source.port": 52454, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:32.000-02:00", + "client.bytes": 624, + "client.ip": "192.168.15.224", + "client.packets": 0, + "client.port": 52445, + "destination.address": "199.167.55.52", + "destination.bytes": 624, + "destination.geo.city_name": "Sunnyvale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.386, + "destination.geo.location.lon": -122.0144, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", + "destination.ip": "199.167.55.52", + "destination.nat.ip": "199.167.55.52", + "destination.nat.port": 4282, + "destination.packets": 8, + "destination.port": 4282, + "event.action": "flow_dropped", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 13000000000, + "event.end": "2018-11-30T16:09:25.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:12.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "denied", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 10725, + "log.original": "Nov 30 16:09:33 PA-220 1,2018/11/30 16:09:32,012801096514,TRAFFIC,drop,2049,2018/11/30 16:09:32,192.168.15.224,199.167.55.52,192.168.1.63,199.167.55.52,new_outbound_from_trust,,,incomplete,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:32,24090,1,52445,4282,49145,4282,0x400019,tcp,allow,624,624,0,8,2018/11/30 16:09:12,13,any,0,32091135,0x0,192.168.0.0-192.168.255.255,United States,0,8,0,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "incomplete", + "network.bytes": 624, + "network.community_id": [ + "1:wFD93203ukPDpbZjVJE5SAMYrw4=", + "1:07q7McJtir76GhJwAJffz+C0sNo=" + ], + "network.direction": "outbound", + "network.packets": 8, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "199.167.55.52", + "panw.panos.destination.nat.port": 4282, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24090", + "panw.panos.network.nat.community_id": "1:07q7McJtir76GhJwAJffz+C0sNo=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091135, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 49145, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "199.167.55.52", + "192.168.1.63", + "199.167.55.52" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 0, + "server.ip": "199.167.55.52", + "server.packets": 8, + "server.port": 4282, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 0, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 49145, + "source.packets": 0, + "source.port": 52445, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:33.000-02:00", + "client.bytes": 588, + "client.ip": "192.168.15.224", + "client.packets": 6, + "client.port": 0, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 588, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 0, + "destination.packets": 6, + "destination.port": 0, + "event.action": "flow_denied", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:19.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:19.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "denied", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 11198, + "log.original": "Nov 30 16:09:34 PA-220 1,2018/11/30 16:09:33,012801096514,TRAFFIC,deny,2049,2018/11/30 16:09:33,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,ping,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:33,24242,6,0,0,0,0,0x500019,icmp,allow,1176,588,588,12,2018/11/30 16:09:19,0,any,0,32091136,0x0,192.168.0.0-192.168.255.255,United States,0,6,6,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ping", + "network.bytes": 1176, + "network.community_id": [ + "1:iNhLzwoKKarTKCq59Sts/hhZN7Q=", + "1:QVXHpdoObbzEeqP6DGULYxqYgAY=" + ], + "network.direction": "outbound", + "network.packets": 12, + "network.transport": "icmp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24242", + "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091136, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 588, + "server.ip": "8.8.8.8", + "server.packets": 6, + "server.port": 0, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 588, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 0, + "source.packets": 6, + "source.port": 0, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:34.000-02:00", + "client.bytes": 85, + "client.ip": "192.168.15.210", + "client.packets": 1, + "client.port": 35485, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 85, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:02.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:02.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 11643, + "log.original": "Nov 30 16:09:35 PA-220 1,2018/11/30 16:09:34,012801096514,TRAFFIC,,2049,2018/11/30 16:09:34,192.168.15.210,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:34,24190,1,35485,53,33110,53,0x400019,udp,allow,215,85,130,2,2018/11/30 16:09:02,0,any,0,32091137,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 215, + "network.community_id": [ + "1:XjmNQR0k4Z9rGS6dXH+3mvmrqzA=", + "1:JM1EdN05nKTy8Sq9WGpY15fCNJk=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24190", + "panw.panos.network.nat.community_id": "1:JM1EdN05nKTy8Sq9WGpY15fCNJk=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091137, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 33110, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.210", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 130, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.210", + "source.bytes": 130, + "source.ip": "192.168.15.210", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 33110, + "source.packets": 1, + "source.port": 35485, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:37.000-02:00", + "client.bytes": 2876, + "client.ip": "192.168.15.224", + "client.packets": 6, + "client.port": 62730, + "destination.address": "172.217.9.142", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 2876, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "172.217.9.142", + "destination.nat.ip": "172.217.9.142", + "destination.nat.port": 443, + "destination.packets": 6, + "destination.port": 443, + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 15000000000, + "event.end": "2018-11-30T16:07:35.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:07:20.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 12089, + "log.original": "Nov 30 16:09:38 PA-220 1,2018/11/30 16:09:37,012801096514,TRAFFIC,test,2049,2018/11/30 16:09:37,192.168.15.224,172.217.9.142,192.168.1.63,172.217.9.142,new_outbound_from_trust,,,quic,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:37,23892,1,62730,443,9299,443,0x400019,udp,allow,4867,2876,1991,12,2018/11/30 16:07:20,15,any,0,32091138,0x0,192.168.0.0-192.168.255.255,United States,0,6,6,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "quic", + "network.bytes": 4867, + "network.community_id": [ + "1:lVJii2BraOSOIissazAe7/enqkQ=", + "1:3vS12CJ5QBY6RbGXOUPYKL9E0+U=" + ], + "network.direction": "outbound", + "network.packets": 12, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "172.217.9.142", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23892", + "panw.panos.network.nat.community_id": "1:3vS12CJ5QBY6RbGXOUPYKL9E0+U=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091138, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 9299, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "172.217.9.142", + "192.168.1.63", + "172.217.9.142" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 1991, + "server.ip": "172.217.9.142", + "server.packets": 6, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 1991, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 9299, + "source.packets": 6, + "source.port": 62730, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:38.000-02:00", + "client.bytes": 1100, + "client.ip": "192.168.15.224", + "client.packets": 5, + "client.port": 52506, + "destination.address": "151.101.2.2", + "destination.as.number": 54113, + "destination.as.organization.name": "Fastly", + "destination.bytes": 1100, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "151.101.2.2", + "destination.nat.ip": "151.101.2.2", + "destination.nat.port": 443, + "destination.packets": 8, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:21.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:21.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 12559, + "log.original": "Nov 30 16:09:39 PA-220 1,2018/11/30 16:09:38,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:38,192.168.15.224,151.101.2.2,192.168.1.63,151.101.2.2,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:38,24360,1,52506,443,47194,443,0x40001c,tcp,allow,1623,1100,523,13,2018/11/30 16:09:21,0,business-and-economy,0,32091139,0x0,192.168.0.0-192.168.255.255,United States,0,8,5,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ssl", + "network.bytes": 1623, + "network.community_id": [ + "1:Te0H9rrEbN0bNEjgdC1n6hD8kQU=", + "1:l6nFWeOSs/2aQaVCfYhfQ09l0ko=" + ], + "network.direction": "outbound", + "network.packets": 13, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "151.101.2.2", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24360", + "panw.panos.network.nat.community_id": "1:l6nFWeOSs/2aQaVCfYhfQ09l0ko=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091139, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 47194, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "151.101.2.2", + "192.168.1.63", + "151.101.2.2" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 523, + "server.ip": "151.101.2.2", + "server.packets": 8, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 523, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 47194, + "source.packets": 5, + "source.port": 52506, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:38.000-02:00", + "client.bytes": 1977, + "client.ip": "192.168.15.224", + "client.packets": 4, + "client.port": 60596, + "destination.address": "216.58.194.66", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 1977, + "destination.geo.city_name": "Mountain View", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.3861, + "destination.geo.location.lon": -122.0839, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", + "destination.ip": "216.58.194.66", + "destination.nat.ip": "216.58.194.66", + "destination.nat.port": 443, + "destination.packets": 5, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:07:36.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:07:36.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 13050, + "log.original": "Nov 30 16:09:39 PA-220 1,2018/11/30 16:09:38,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:38,192.168.15.224,216.58.194.66,192.168.1.63,216.58.194.66,new_outbound_from_trust,,,quic,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:38,23952,1,60596,443,62921,443,0x400019,udp,allow,4405,1977,2428,9,2018/11/30 16:07:36,0,any,0,32091140,0x0,192.168.0.0-192.168.255.255,United States,0,5,4,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "quic", + "network.bytes": 4405, + "network.community_id": [ + "1:5umxbSgQhlPOZM9gbu1iBMqzRr8=", + "1:hVpNmZPedeB/gYRm9U4/gS+LNkQ=" + ], + "network.direction": "outbound", + "network.packets": 9, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "216.58.194.66", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23952", + "panw.panos.network.nat.community_id": "1:hVpNmZPedeB/gYRm9U4/gS+LNkQ=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091140, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 62921, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "216.58.194.66", + "192.168.1.63", + "216.58.194.66" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 2428, + "server.ip": "216.58.194.66", + "server.packets": 5, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 2428, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 62921, + "source.packets": 4, + "source.port": 60596, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:39.000-02:00", + "client.bytes": 588, + "client.ip": "192.168.15.224", + "client.packets": 6, + "client.port": 0, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 588, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 0, + "destination.packets": 6, + "destination.port": 0, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:25.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:25.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 13518, + "log.original": "Nov 30 16:09:40 PA-220 1,2018/11/30 16:09:39,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:39,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,ping,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:39,24328,6,0,0,0,0,0x500019,icmp,allow,1176,588,588,12,2018/11/30 16:09:25,0,any,0,32091141,0x0,192.168.0.0-192.168.255.255,United States,0,6,6,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ping", + "network.bytes": 1176, + "network.community_id": [ + "1:iNhLzwoKKarTKCq59Sts/hhZN7Q=", + "1:QVXHpdoObbzEeqP6DGULYxqYgAY=" + ], + "network.direction": "outbound", + "network.packets": 12, + "network.transport": "icmp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24328", + "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091141, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 588, + "server.ip": "8.8.8.8", + "server.packets": 6, + "server.port": 0, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 588, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 0, + "source.packets": 6, + "source.port": 0, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:39.000-02:00", + "client.bytes": 196, + "client.ip": "192.168.15.210", + "client.packets": 2, + "client.port": 0, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 196, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 0, + "destination.packets": 2, + "destination.port": 0, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:25.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:25.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 13962, + "log.original": "Nov 30 16:09:40 PA-220 1,2018/11/30 16:09:39,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:39,192.168.15.210,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,ping,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:39,24385,2,0,0,0,0,0x500019,icmp,allow,392,196,196,4,2018/11/30 16:09:25,0,any,0,32091142,0x0,192.168.0.0-192.168.255.255,United States,0,2,2,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ping", + "network.bytes": 392, + "network.community_id": [ + "1:7LdGPOlsucPADJQxcTlIy8FSIxU=", + "1:QVXHpdoObbzEeqP6DGULYxqYgAY=" + ], + "network.direction": "outbound", + "network.packets": 4, + "network.transport": "icmp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24385", + "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091142, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.210", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 196, + "server.ip": "8.8.8.8", + "server.packets": 2, + "server.port": 0, + "service.type": "panw", + "source.address": "192.168.15.210", + "source.bytes": 196, + "source.ip": "192.168.15.210", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 0, + "source.packets": 2, + "source.port": 0, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:39.000-02:00", + "client.bytes": 2228, + "client.ip": "192.168.15.224", + "client.packets": 10, + "client.port": 52514, + "destination.address": "184.51.253.193", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.bytes": 2228, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "184.51.253.193", + "destination.nat.ip": "184.51.253.193", + "destination.nat.port": 443, + "destination.packets": 12, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:22.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:22.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 14404, + "log.original": "Nov 30 16:09:40 PA-220 1,2018/11/30 16:09:39,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:39,192.168.15.224,184.51.253.193,192.168.1.63,184.51.253.193,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:39,24172,1,52514,443,41958,443,0x40001c,tcp,allow,7231,2228,5003,22,2018/11/30 16:09:22,0,web-advertisements,0,32091143,0x0,192.168.0.0-192.168.255.255,United States,0,12,10,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ssl", + "network.bytes": 7231, + "network.community_id": [ + "1:zaX+BV1nxniPCPzIGKhVpm2i7CE=", + "1:zBrhHOnlJT7YZV7WXiPAQBEhScI=" + ], + "network.direction": "outbound", + "network.packets": 22, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "184.51.253.193", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24172", + "panw.panos.network.nat.community_id": "1:zBrhHOnlJT7YZV7WXiPAQBEhScI=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091143, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 41958, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "web-advertisements", + "related.ip": [ + "192.168.15.224", + "184.51.253.193", + "192.168.1.63", + "184.51.253.193" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 5003, + "server.ip": "184.51.253.193", + "server.packets": 12, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 5003, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 41958, + "source.packets": 10, + "source.port": 52514, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:40.000-02:00", + "client.bytes": 96, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 55155, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 96, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:08.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:08.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 14890, + "log.original": "Nov 30 16:09:41 PA-220 1,2018/11/30 16:09:40,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:40,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:40,24131,1,55155,53,51374,53,0x400019,udp,allow,267,96,171,2,2018/11/30 16:09:08,0,any,0,32091144,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 267, + "network.community_id": [ + "1:BengLCKQRlHSjje1eFQLdxgTKJc=", + "1:QjiWUuclXv+JzWhbuYDyyP+YyTk=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24131", + "panw.panos.network.nat.community_id": "1:QjiWUuclXv+JzWhbuYDyyP+YyTk=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091144, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 51374, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 171, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 171, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 51374, + "source.packets": 1, + "source.port": 55155, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:40.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.15.224", + "client.packets": 0, + "client.port": 52445, + "destination.address": "199.167.55.52", + "destination.bytes": 78, + "destination.geo.city_name": "Sunnyvale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.386, + "destination.geo.location.lon": -122.0144, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", + "destination.ip": "199.167.55.52", + "destination.nat.ip": "199.167.55.52", + "destination.nat.port": 4282, + "destination.packets": 1, + "destination.port": 4282, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:33.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:33.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 15339, + "log.original": "Nov 30 16:09:41 PA-220 1,2018/11/30 16:09:40,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:40,192.168.15.224,199.167.55.52,192.168.1.63,199.167.55.52,new_outbound_from_trust,,,incomplete,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:40,24393,1,52445,4282,25566,4282,0x400019,tcp,allow,78,78,0,1,2018/11/30 16:09:33,0,any,0,32091145,0x0,192.168.0.0-192.168.255.255,United States,0,1,0,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "incomplete", + "network.bytes": 78, + "network.community_id": [ + "1:wFD93203ukPDpbZjVJE5SAMYrw4=", + "1:WSYAeVnYXY4WmfLFYEEo/atQJE8=" + ], + "network.direction": "outbound", + "network.packets": 1, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "199.167.55.52", + "panw.panos.destination.nat.port": 4282, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24393", + "panw.panos.network.nat.community_id": "1:WSYAeVnYXY4WmfLFYEEo/atQJE8=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091145, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 25566, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "199.167.55.52", + "192.168.1.63", + "199.167.55.52" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 0, + "server.ip": "199.167.55.52", + "server.packets": 1, + "server.port": 4282, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 0, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 25566, + "source.packets": 0, + "source.port": 52445, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:42.000-02:00", + "client.bytes": 1086, + "client.ip": "192.168.15.224", + "client.packets": 9, + "client.port": 52516, + "destination.address": "199.167.52.219", + "destination.as.number": 54538, + "destination.as.organization.name": "PALO ALTO NETWORKS", + "destination.bytes": 1086, + "destination.geo.city_name": "Sunnyvale", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.386, + "destination.geo.location.lon": -122.0144, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", + "destination.ip": "199.167.52.219", + "destination.nat.ip": "199.167.52.219", + "destination.nat.port": 17472, + "destination.packets": 11, + "destination.port": 17472, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:25.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:25.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 15808, + "log.original": "Nov 30 16:09:43 PA-220 1,2018/11/30 16:09:42,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:42,192.168.15.224,199.167.52.219,192.168.1.63,199.167.52.219,new_outbound_from_trust,,,tanium,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:42,24976,1,52516,17472,63757,17472,0x40005e,tcp,allow,3402,1086,2316,20,2018/11/30 16:09:25,0,any,0,32091146,0x0,192.168.0.0-192.168.255.255,United States,0,11,9,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "tanium", + "network.bytes": 3402, + "network.community_id": [ + "1:9oIDq1tuilAK1JGhtfp35vZpz4w=", + "1:XrQuj5ypAzAqGAy0lpIvWQVVZ2E=" + ], + "network.direction": "outbound", + "network.packets": 20, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "199.167.52.219", + "panw.panos.destination.nat.port": 17472, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24976", + "panw.panos.network.nat.community_id": "1:XrQuj5ypAzAqGAy0lpIvWQVVZ2E=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091146, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 63757, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "199.167.52.219", + "192.168.1.63", + "199.167.52.219" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 2316, + "server.ip": "199.167.52.219", + "server.packets": 11, + "server.port": 17472, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 2316, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 63757, + "source.packets": 9, + "source.port": 52516, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:42.000-02:00", + "client.bytes": 2628, + "client.ip": "192.168.15.224", + "client.packets": 19, + "client.port": 52511, + "destination.address": "52.71.117.196", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.bytes": 2628, + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "52.71.117.196", + "destination.nat.ip": "52.71.117.196", + "destination.nat.port": 443, + "destination.packets": 19, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 4000000000, + "event.end": "2018-11-30T16:09:25.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:21.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 16297, + "log.original": "Nov 30 16:09:43 PA-220 1,2018/11/30 16:09:42,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:42,192.168.15.224,52.71.117.196,192.168.1.63,52.71.117.196,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:42,24348,1,52511,443,3803,443,0x400053,tcp,allow,16594,2628,13966,38,2018/11/30 16:09:21,4,computer-and-internet-info,0,32091147,0x0,192.168.0.0-192.168.255.255,United States,0,19,19,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ssl", + "network.bytes": 16594, + "network.community_id": [ + "1:lrruE+4dZreV0/+v9V1CpxRnfsE=", + "1:EG9O/WtvoWuYwaB1MXJTgr43kac=" + ], + "network.direction": "outbound", + "network.packets": 38, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.71.117.196", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24348", + "panw.panos.network.nat.community_id": "1:EG9O/WtvoWuYwaB1MXJTgr43kac=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091147, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 3803, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-info", + "related.ip": [ + "192.168.15.224", + "52.71.117.196", + "192.168.1.63", + "52.71.117.196" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 13966, + "server.ip": "52.71.117.196", + "server.packets": 19, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 13966, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 3803, + "source.packets": 19, + "source.port": 52511, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:45.000-02:00", + "client.bytes": 79, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 3018, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 79, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:12.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:12.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 16802, + "log.original": "Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24046,1,3018,53,34994,53,0x400019,udp,allow,323,79,244,2,2018/11/30 16:09:12,0,any,0,32091148,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 323, + "network.community_id": [ + "1:b/0kdGUcINh0ryiR0w0QTg0t0jQ=", + "1:eI0W7/EQJgRBimA1ZM4XVOSKMqo=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24046", + "panw.panos.network.nat.community_id": "1:eI0W7/EQJgRBimA1ZM4XVOSKMqo=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091148, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 34994, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 244, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 244, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 34994, + "source.packets": 1, + "source.port": 3018, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:45.000-02:00", + "client.bytes": 95, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 16569, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 95, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:12.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:12.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 17250, + "log.original": "Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24196,1,16569,53,38064,53,0x400019,udp,allow,300,95,205,2,2018/11/30 16:09:12,0,any,0,32091149,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 300, + "network.community_id": [ + "1:SsNvr7qdck7W52PZqREypGPIglo=", + "1:uSrPYHIl4eJpdC+J0IAMuGStuNc=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24196", + "panw.panos.network.nat.community_id": "1:uSrPYHIl4eJpdC+J0IAMuGStuNc=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091149, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 38064, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 205, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 205, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 38064, + "source.packets": 1, + "source.port": 16569, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:45.000-02:00", + "client.bytes": 4296, + "client.ip": "192.168.15.224", + "client.packets": 20, + "client.port": 52479, + "destination.address": "35.186.194.41", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 4296, + "destination.geo.city_name": "Mountain View", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.4043, + "destination.geo.location.lon": -122.0748, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", + "destination.ip": "35.186.194.41", + "destination.nat.ip": "35.186.194.41", + "destination.nat.port": 443, + "destination.packets": 24, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 8000000000, + "event.end": "2018-11-30T16:09:27.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:19.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 17699, + "log.original": "Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,35.186.194.41,192.168.1.63,35.186.194.41,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24264,1,52479,443,42924,443,0x400053,tcp,allow,6598,4296,2302,44,2018/11/30 16:09:19,8,insufficient-content,0,32091150,0x0,192.168.0.0-192.168.255.255,United States,0,24,20,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ssl", + "network.bytes": 6598, + "network.community_id": [ + "1:oy06sQtSbOzvWgK/dr7N5HKE5Ng=", + "1:djhBHAw6H+Q9Bcz6i7V+GTrjtzA=" + ], + "network.direction": "outbound", + "network.packets": 44, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "35.186.194.41", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24264", + "panw.panos.network.nat.community_id": "1:djhBHAw6H+Q9Bcz6i7V+GTrjtzA=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091150, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 42924, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "insufficient-content", + "related.ip": [ + "192.168.15.224", + "35.186.194.41", + "192.168.1.63", + "35.186.194.41" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 2302, + "server.ip": "35.186.194.41", + "server.packets": 24, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 2302, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 42924, + "source.packets": 20, + "source.port": 52479, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:45.000-02:00", + "client.bytes": 58831, + "client.ip": "192.168.15.224", + "client.packets": 41, + "client.port": 52478, + "destination.address": "35.201.124.9", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 58831, + "destination.geo.continent_name": "Asia", + "destination.geo.location.lat": 35.0, + "destination.geo.location.lon": 105.0, + "destination.ip": "35.201.124.9", + "destination.nat.ip": "35.201.124.9", + "destination.nat.port": 443, + "destination.packets": 63, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 8000000000, + "event.end": "2018-11-30T16:09:27.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:19.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 18185, + "log.original": "Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,35.201.124.9,192.168.1.63,35.201.124.9,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24248,1,52478,443,58977,443,0x400053,tcp,allow,65588,58831,6757,104,2018/11/30 16:09:19,8,insufficient-content,0,32091151,0x0,192.168.0.0-192.168.255.255,Asia Pacific Region,0,63,41,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ssl", + "network.bytes": 65588, + "network.community_id": [ + "1:DBvAD0JZYsb+pmUJkhTQYOcLJls=", + "1:hIY5A8O11VWtEfpYG2l5voTvbVQ=" + ], + "network.direction": "outbound", + "network.packets": 104, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "35.201.124.9", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24248", + "panw.panos.network.nat.community_id": "1:hIY5A8O11VWtEfpYG2l5voTvbVQ=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091151, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 58977, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "insufficient-content", + "related.ip": [ + "192.168.15.224", + "35.201.124.9", + "192.168.1.63", + "35.201.124.9" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 6757, + "server.ip": "35.201.124.9", + "server.packets": 63, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 6757, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 58977, + "source.packets": 41, + "source.port": 52478, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:45.000-02:00", + "client.bytes": 4069, + "client.ip": "192.168.15.224", + "client.packets": 15, + "client.port": 52502, + "destination.address": "100.24.131.237", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.bytes": 4069, + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "100.24.131.237", + "destination.nat.ip": "100.24.131.237", + "destination.nat.port": 443, + "destination.packets": 17, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 6000000000, + "event.end": "2018-11-30T16:09:27.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:21.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 18678, + "log.original": "Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,100.24.131.237,192.168.1.63,100.24.131.237,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24268,1,52502,443,64732,443,0x400053,tcp,allow,13076,4069,9007,32,2018/11/30 16:09:21,6,business-and-economy,0,32091152,0x0,192.168.0.0-192.168.255.255,United States,0,17,15,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ssl", + "network.bytes": 13076, + "network.community_id": [ + "1:3G8yDLybfwtFo10J4I/c5Ayd4Qk=", + "1:sXYelUOdA/EfjcKKE8M5kPe+M+c=" + ], + "network.direction": "outbound", + "network.packets": 32, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "100.24.131.237", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24268", + "panw.panos.network.nat.community_id": "1:sXYelUOdA/EfjcKKE8M5kPe+M+c=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091152, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 64732, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "100.24.131.237", + "192.168.1.63", + "100.24.131.237" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 9007, + "server.ip": "100.24.131.237", + "server.packets": 17, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 9007, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 64732, + "source.packets": 15, + "source.port": 52502, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:45.000-02:00", + "client.bytes": 1100, + "client.ip": "192.168.15.224", + "client.packets": 7, + "client.port": 52458, + "destination.address": "184.51.252.247", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.bytes": 1100, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "184.51.252.247", + "destination.nat.ip": "184.51.252.247", + "destination.nat.port": 443, + "destination.packets": 8, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 13000000000, + "event.end": "2018-11-30T16:09:27.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:14.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 19179, + "log.original": "Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,184.51.252.247,192.168.1.63,184.51.252.247,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24175,1,52458,443,58292,443,0x40001c,tcp,allow,1761,1100,661,15,2018/11/30 16:09:14,13,computer-and-internet-info,0,32091153,0x0,192.168.0.0-192.168.255.255,United States,0,8,7,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ssl", + "network.bytes": 1761, + "network.community_id": [ + "1:ZTCXYP/obCmlK+BT3BISstdxpCk=", + "1:D6pPzYoIWTOXxVzuweKvZYK6FVE=" + ], + "network.direction": "outbound", + "network.packets": 15, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "184.51.252.247", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24175", + "panw.panos.network.nat.community_id": "1:D6pPzYoIWTOXxVzuweKvZYK6FVE=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091153, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 58292, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-info", + "related.ip": [ + "192.168.15.224", + "184.51.252.247", + "192.168.1.63", + "184.51.252.247" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 661, + "server.ip": "184.51.252.247", + "server.packets": 8, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 661, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 58292, + "source.packets": 7, + "source.port": 52458, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:45.000-02:00", + "client.bytes": 3596, + "client.ip": "192.168.15.224", + "client.packets": 16, + "client.port": 52484, + "destination.address": "35.190.88.148", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 3596, + "destination.geo.city_name": "Mountain View", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.4043, + "destination.geo.location.lon": -122.0748, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", + "destination.ip": "35.190.88.148", + "destination.nat.ip": "35.190.88.148", + "destination.nat.port": 443, + "destination.packets": 15, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 8000000000, + "event.end": "2018-11-30T16:09:27.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:19.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 19683, + "log.original": "Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,35.190.88.148,192.168.1.63,35.190.88.148,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24312,1,52484,443,32209,443,0x400053,tcp,allow,14732,3596,11136,31,2018/11/30 16:09:19,8,computer-and-internet-info,0,32091154,0x0,192.168.0.0-192.168.255.255,United States,0,15,16,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ssl", + "network.bytes": 14732, + "network.community_id": [ + "1:DEAqTvDzZjanGG1P2CcnR3CKUfc=", + "1:VFQjrA+iaNcIu6vFJNU6ls7+4Is=" + ], + "network.direction": "outbound", + "network.packets": 31, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "35.190.88.148", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24312", + "panw.panos.network.nat.community_id": "1:VFQjrA+iaNcIu6vFJNU6ls7+4Is=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091154, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 32209, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-info", + "related.ip": [ + "192.168.15.224", + "35.190.88.148", + "192.168.1.63", + "35.190.88.148" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 11136, + "server.ip": "35.190.88.148", + "server.packets": 15, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 11136, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 32209, + "source.packets": 16, + "source.port": 52484, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:45.000-02:00", + "client.bytes": 3596, + "client.ip": "192.168.15.224", + "client.packets": 16, + "client.port": 52482, + "destination.address": "35.186.243.83", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 3596, + "destination.geo.city_name": "Mountain View", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.4043, + "destination.geo.location.lon": -122.0748, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", + "destination.ip": "35.186.243.83", + "destination.nat.ip": "35.186.243.83", + "destination.nat.port": 443, + "destination.packets": 15, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 8000000000, + "event.end": "2018-11-30T16:09:27.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:19.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 20177, + "log.original": "Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,35.186.243.83,192.168.1.63,35.186.243.83,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24164,1,52482,443,38822,443,0x400053,tcp,allow,14732,3596,11136,31,2018/11/30 16:09:19,8,computer-and-internet-info,0,32091155,0x0,192.168.0.0-192.168.255.255,United States,0,15,16,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ssl", + "network.bytes": 14732, + "network.community_id": [ + "1:t/ErTuEXtgYIkRnq4+UdhVKcFnA=", + "1:Xx31zYZNYc/mjf2GOihkp6JogmA=" + ], + "network.direction": "outbound", + "network.packets": 31, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "35.186.243.83", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24164", + "panw.panos.network.nat.community_id": "1:Xx31zYZNYc/mjf2GOihkp6JogmA=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091155, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 38822, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-info", + "related.ip": [ + "192.168.15.224", + "35.186.243.83", + "192.168.1.63", + "35.186.243.83" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 11136, + "server.ip": "35.186.243.83", + "server.packets": 15, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 11136, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 38822, + "source.packets": 16, + "source.port": 52482, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:45.000-02:00", + "client.bytes": 84, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 33769, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 84, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:12.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:12.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 20671, + "log.original": "Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,untrust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24198,1,33769,53,16044,53,0x400019,udp,allow,266,84,182,2,2018/11/30 16:09:12,0,any,0,32091156,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 266, + "network.community_id": [ + "1:Y7iOj20be5Di4rx5iGHLO9k0YoU=", + "1:445AeHI1LAvb+ii4arRZeLAO4zM=" + ], + "network.direction": "external", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24198", + "panw.panos.network.nat.community_id": "1:445AeHI1LAvb+ii4arRZeLAO4zM=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091156, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 16044, + "panw.panos.source.zone": "untrust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 182, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 182, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 16044, + "source.packets": 1, + "source.port": 33769, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:45.000-02:00", + "client.bytes": 74, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 14106, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 74, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:12.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:12.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 21122, + "log.original": "Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,trust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24184,1,14106,53,56614,53,0x400019,udp,allow,164,74,90,2,2018/11/30 16:09:12,0,any,0,32091157,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 164, + "network.community_id": [ + "1:8HlDMcJ2vfYtzQNW4/YDX7avDu8=", + "1:+5KwsEYW+tFecEENSBwHbKTvUv8=" + ], + "network.direction": "internal", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "24184", + "panw.panos.network.nat.community_id": "1:+5KwsEYW+tFecEENSBwHbKTvUv8=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091157, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 56614, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 90, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 90, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 56614, + "source.packets": 1, + "source.port": 14106, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:45.000-02:00", + "client.bytes": 2731, + "client.ip": "192.168.15.224", + "client.packets": 13, + "client.port": 52503, + "destination.address": "100.24.165.74", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.bytes": 2731, + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "100.24.165.74", + "destination.nat.ip": "100.24.165.74", + "destination.nat.port": 443, + "destination.packets": 17, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 6000000000, + "event.end": "2018-11-30T16:09:27.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:21.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 21568, + "log.original": "Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,100.24.165.74,192.168.1.63,100.24.165.74,new_outbound_from_trust,,,ssl,vsys1,untrust,trust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24314,1,52503,443,53168,443,0x400053,tcp,allow,9400,2731,6669,30,2018/11/30 16:09:21,6,business-and-economy,0,32091158,0x0,192.168.0.0-192.168.255.255,United States,0,17,13,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ssl", + "network.bytes": 9400, + "network.community_id": [ + "1:dDqHJ1Y91GSM0iyiXXbBnOasVJM=", + "1:DRqq/mx90TOYq1a5yLf562kwIvc=" + ], + "network.direction": "inbound", + "network.packets": 30, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "100.24.165.74", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "24314", + "panw.panos.network.nat.community_id": "1:DRqq/mx90TOYq1a5yLf562kwIvc=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091158, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 53168, + "panw.panos.source.zone": "untrust", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "100.24.165.74", + "192.168.1.63", + "100.24.165.74" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 6669, + "server.ip": "100.24.165.74", + "server.packets": 17, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 6669, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 53168, + "source.packets": 13, + "source.port": 52503, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:45.000-02:00", + "client.bytes": 1100, + "client.ip": "192.168.15.224", + "client.packets": 7, + "client.port": 52459, + "destination.address": "184.51.252.247", + "destination.as.number": 16625, + "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.bytes": 1100, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "184.51.252.247", + "destination.nat.ip": "184.51.252.247", + "destination.nat.port": 443, + "destination.packets": 8, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 13000000000, + "event.end": "2018-11-30T16:09:27.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:14.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 22066, + "log.original": "Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,184.51.252.247,192.168.1.63,184.51.252.247,new_outbound_from_trust,,,ssl,vsys1,xtrust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24204,1,52459,443,28012,443,0x40001c,tcp,allow,1761,1100,661,15,2018/11/30 16:09:14,13,computer-and-internet-info,0,32091159,0x0,192.168.0.0-192.168.255.255,United States,0,8,7,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ssl", + "network.bytes": 1761, + "network.community_id": [ + "1:LeVVxJ/qJ69xMnerDRfh9DhS1wg=", + "1:vx03vuDn4sh2/e89Lm3RoSpVIVM=" + ], + "network.direction": "unknown", + "network.packets": 15, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "184.51.252.247", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24204", + "panw.panos.network.nat.community_id": "1:vx03vuDn4sh2/e89Lm3RoSpVIVM=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091159, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 28012, + "panw.panos.source.zone": "xtrust", + "panw.panos.url.category": "computer-and-internet-info", + "related.ip": [ + "192.168.15.224", + "184.51.252.247", + "192.168.1.63", + "184.51.252.247" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 661, + "server.ip": "184.51.252.247", + "server.packets": 8, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 661, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 28012, + "source.packets": 7, + "source.port": 52459, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:45.000-02:00", + "client.bytes": 3596, + "client.ip": "192.168.15.224", + "client.packets": 16, + "client.port": 52483, + "destination.address": "35.201.94.140", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 3596, + "destination.geo.continent_name": "Asia", + "destination.geo.location.lat": 35.0, + "destination.geo.location.lon": 105.0, + "destination.ip": "35.201.94.140", + "destination.nat.ip": "35.201.94.140", + "destination.nat.port": 443, + "destination.packets": 15, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 8000000000, + "event.end": "2018-11-30T16:09:27.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:19.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 22571, + "log.original": "Nov 30 16:09:45 PA-220 1,2018/11/30 16:09:45,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:45,192.168.15.224,35.201.94.140,192.168.1.63,35.201.94.140,new_outbound_from_trust,,,ssl,vsys1,trust,xuntrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:45,24234,1,52483,443,16050,443,0x400053,tcp,allow,14732,3596,11136,31,2018/11/30 16:09:19,8,computer-and-internet-info,0,32091160,0x0,192.168.0.0-192.168.255.255,Asia Pacific Region,0,15,16,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ssl", + "network.bytes": 14732, + "network.community_id": [ + "1:b6jBmvbfVzb1LGTW2RD80kK1rMs=", + "1:u1uvQ3wfJoaG/nNiBhvQMHQSVlU=" + ], + "network.direction": "unknown", + "network.packets": 31, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "35.201.94.140", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "xuntrust", + "panw.panos.flow_id": "24234", + "panw.panos.network.nat.community_id": "1:u1uvQ3wfJoaG/nNiBhvQMHQSVlU=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091160, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 16050, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-info", + "related.ip": [ + "192.168.15.224", + "35.201.94.140", + "192.168.1.63", + "35.201.94.140" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 11136, + "server.ip": "35.201.94.140", + "server.packets": 15, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 11136, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 16050, + "source.packets": 16, + "source.port": 52483, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:46.000-02:00", + "client.bytes": 588, + "client.ip": "192.168.15.224", + "client.packets": 6, + "client.port": 0, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 588, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 0, + "destination.packets": 6, + "destination.port": 0, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:31.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:31.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 23072, + "log.original": "Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,ping,vsys1,,,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24390,6,0,0,0,0,0x500019,icmp,allow,1176,588,588,12,2018/11/30 16:09:31,0,any,0,32091161,0x0,192.168.0.0-192.168.255.255,United States,0,6,6,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ping", + "network.bytes": 1176, + "network.community_id": [ + "1:iNhLzwoKKarTKCq59Sts/hhZN7Q=", + "1:QVXHpdoObbzEeqP6DGULYxqYgAY=" + ], + "network.direction": "unknown", + "network.packets": 12, + "network.transport": "icmp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 0, + "panw.panos.flow_id": "24390", + "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091161, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 0, + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 588, + "server.ip": "8.8.8.8", + "server.packets": 6, + "server.port": 0, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 588, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 0, + "source.packets": 6, + "source.port": 0, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:46.000-02:00", + "client.bytes": 84, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 38663, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 84, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:13.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 23504, + "log.original": "Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24093,1,38663,53,61722,53,0x400019,udp,allow,228,84,144,2,2018/11/30 16:09:13,0,any,0,32091162,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 228, + "network.community_id": [ + "1:jK1/samUe1w5J1uVlmH7SIXX1YE=", + "1:lz0ZCL4R4wwyqmvefpkiJk7yR18=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24093", + "panw.panos.network.nat.community_id": "1:lz0ZCL4R4wwyqmvefpkiJk7yR18=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091162, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 61722, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 144, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 144, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 61722, + "source.packets": 1, + "source.port": 38663, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:46.000-02:00", + "client.bytes": 131, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 50443, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 131, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:13.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 23953, + "log.original": "Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24117,1,50443,53,14247,53,0x400019,udp,allow,337,131,206,2,2018/11/30 16:09:13,0,any,0,32091163,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 337, + "network.community_id": [ + "1:pe+tF7SEY/Km9LRsrGI4UWHmV8E=", + "1:DkOVz0BGrlh9OPZZ8+58eugW7gU=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24117", + "panw.panos.network.nat.community_id": "1:DkOVz0BGrlh9OPZZ8+58eugW7gU=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091163, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 14247, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 206, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 206, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 14247, + "source.packets": 1, + "source.port": 50443, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:46.000-02:00", + "client.bytes": 131, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 54215, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 131, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:13.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 24403, + "log.original": "Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24142,1,54215,53,33580,53,0x400019,udp,allow,337,131,206,2,2018/11/30 16:09:13,0,any,0,32091164,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 337, + "network.community_id": [ + "1:qHh6xeCGBZ5pLwaBsFDRVbP5MZU=", + "1:twx1eOqehbazvI0g0nkTeVynrY0=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24142", + "panw.panos.network.nat.community_id": "1:twx1eOqehbazvI0g0nkTeVynrY0=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091164, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 33580, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 206, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 206, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 33580, + "source.packets": 1, + "source.port": 54215, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:46.000-02:00", + "client.bytes": 83, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 35827, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 83, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:13.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 24853, + "log.original": "Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24195,1,35827,53,13498,53,0x400019,udp,allow,252,83,169,2,2018/11/30 16:09:13,0,any,0,32091165,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 252, + "network.community_id": [ + "1:7yZMN4i1Gxii2+FmEtBbvDk3lvA=", + "1:hcgjXpi+ne3QnFDBLeskkVg4V+M=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24195", + "panw.panos.network.nat.community_id": "1:hcgjXpi+ne3QnFDBLeskkVg4V+M=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091165, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 13498, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 169, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 169, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 13498, + "source.packets": 1, + "source.port": 35827, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:46.000-02:00", + "client.bytes": 100, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 60609, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 100, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:13.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 25302, + "log.original": "Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24124,1,60609,53,20365,53,0x400019,udp,allow,232,100,132,2,2018/11/30 16:09:13,0,any,0,32091166,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 232, + "network.community_id": [ + "1:0vV/bWp15XA8ntbAvsV9+ktbx6E=", + "1:C91XK45Q10iqwwp4XYM+Wg1Ua8A=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24124", + "panw.panos.network.nat.community_id": "1:C91XK45Q10iqwwp4XYM+Wg1Ua8A=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091166, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 20365, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 132, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 132, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 20365, + "source.packets": 1, + "source.port": 60609, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:46.000-02:00", + "client.bytes": 79, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 3248, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 79, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:13.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 25752, + "log.original": "Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24153,1,3248,53,61464,53,0x400019,udp,allow,206,79,127,2,2018/11/30 16:09:13,0,any,0,32091167,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 206, + "network.community_id": [ + "1:v2Rn2HMvdhM3B2CXYva9UePt+Og=", + "1:hsTAFtOdeb7+Ofe152B+9h69mbE=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24153", + "panw.panos.network.nat.community_id": "1:hsTAFtOdeb7+Ofe152B+9h69mbE=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091167, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 61464, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 127, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 127, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 61464, + "source.packets": 1, + "source.port": 3248, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:46.000-02:00", + "client.bytes": 89, + "client.ip": "192.168.15.196", + "client.packets": 1, + "client.port": 49284, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 89, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:13.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 26200, + "log.original": "Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.196,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24122,1,49284,53,42877,53,0x400019,udp,allow,194,89,105,2,2018/11/30 16:09:13,0,any,0,32091168,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 194, + "network.community_id": [ + "1:tO559KwdaAXfBh7HmZSLp9/JUJQ=", + "1:htOXUg3QOGd0fpgLjYzQlvRMzUQ=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24122", + "panw.panos.network.nat.community_id": "1:htOXUg3QOGd0fpgLjYzQlvRMzUQ=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091168, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 42877, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.196", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 105, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.196", + "source.bytes": 105, + "source.ip": "192.168.15.196", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 42877, + "source.packets": 1, + "source.port": 49284, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:46.000-02:00", + "client.bytes": 97, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 57732, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 97, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:13.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 26649, + "log.original": "Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24171,1,57732,53,5918,53,0x400019,udp,allow,269,97,172,2,2018/11/30 16:09:13,0,any,0,32091169,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 269, + "network.community_id": [ + "1:aMEfJV/f54B1+0RNtWjw49JfNFU=", + "1:gHWCOTtilTTqOn7fOKh7zVq45Xw=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24171", + "panw.panos.network.nat.community_id": "1:gHWCOTtilTTqOn7fOKh7zVq45Xw=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091169, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 5918, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 172, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 172, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 5918, + "source.packets": 1, + "source.port": 57732, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:46.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 49195, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 78, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:13.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 27097, + "log.original": "Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24069,1,49195,53,28944,53,0x400019,udp,allow,212,78,134,2,2018/11/30 16:09:13,0,any,0,32091170,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 212, + "network.community_id": [ + "1:WgGQfntwYS3voQPhGfI/qhx0SVk=", + "1:OGDvpe1+4KQfCsxk0I61jm0+DIc=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24069", + "panw.panos.network.nat.community_id": "1:OGDvpe1+4KQfCsxk0I61jm0+DIc=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091170, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 28944, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 134, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 134, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 28944, + "source.packets": 1, + "source.port": 49195, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:46.000-02:00", + "client.bytes": 73, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 17266, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 73, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:13.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 27546, + "log.original": "Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24282,1,17266,53,13415,53,0x400019,udp,allow,252,73,179,2,2018/11/30 16:09:13,0,any,0,32091171,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 252, + "network.community_id": [ + "1:RM5edUgZPywM/hIejzFVba+A4co=", + "1:po/vy4RoD5WeFPgCZnduQkE47yY=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24282", + "panw.panos.network.nat.community_id": "1:po/vy4RoD5WeFPgCZnduQkE47yY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091171, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 13415, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 179, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 179, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 13415, + "source.packets": 1, + "source.port": 17266, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:46.000-02:00", + "client.bytes": 90, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 48631, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 90, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:13.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 27995, + "log.original": "Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24218,1,48631,53,2489,53,0x400019,udp,allow,308,90,218,2,2018/11/30 16:09:13,0,any,0,32091172,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 308, + "network.community_id": [ + "1:jJo7FJWI3gHbC96nTsyT17hVP98=", + "1:wIxYOe++IxscmxBcRwrPGEIlZF4=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24218", + "panw.panos.network.nat.community_id": "1:wIxYOe++IxscmxBcRwrPGEIlZF4=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091172, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 2489, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 218, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 218, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 2489, + "source.packets": 1, + "source.port": 48631, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:46.000-02:00", + "client.bytes": 77, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 58540, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 77, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:13.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 28443, + "log.original": "Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24200,1,58540,53,49328,53,0x400019,udp,allow,249,77,172,2,2018/11/30 16:09:13,0,any,0,32091173,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 249, + "network.community_id": [ + "1:eWhg/7DfJGJNfW90sKt5WEYnI9g=", + "1:xN7R3QI47jVAQhgJrOAvdsu+oes=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24200", + "panw.panos.network.nat.community_id": "1:xN7R3QI47jVAQhgJrOAvdsu+oes=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091173, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 49328, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 172, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 172, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 49328, + "source.packets": 1, + "source.port": 58540, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:46.000-02:00", + "client.bytes": 74, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 42678, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 74, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:13.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 28892, + "log.original": "Nov 30 16:09:46 PA-220 1,2018/11/30 16:09:46,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:46,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:46,24224,1,42678,53,36036,53,0x400019,udp,allow,379,74,305,2,2018/11/30 16:09:13,0,any,0,32091174,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 379, + "network.community_id": [ + "1:dhAcAsMUxJrHfinQA5Q7eglS7T0=", + "1:BxuDgAhR5Rh55XOXYnYF+6GKhps=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24224", + "panw.panos.network.nat.community_id": "1:BxuDgAhR5Rh55XOXYnYF+6GKhps=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091174, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 36036, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 305, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 305, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 36036, + "source.packets": 1, + "source.port": 42678, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:47.000-02:00", + "client.bytes": 76, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 16576, + "destination.address": "66.28.0.45", + "destination.as.number": 174, + "destination.as.organization.name": "Cogent Communications", + "destination.bytes": 76, + "destination.geo.city_name": "Lanham", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 38.9705, + "destination.geo.location.lon": -76.8388, + "destination.geo.region_iso_code": "US-MD", + "destination.geo.region_name": "Maryland", + "destination.ip": "66.28.0.45", + "destination.nat.ip": "66.28.0.45", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:14.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:14.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 29341, + "log.original": "Nov 30 16:09:47 PA-220 1,2018/11/30 16:09:47,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:47,192.168.15.224,66.28.0.45,192.168.1.63,66.28.0.45,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:47,24240,1,16576,53,33744,53,0x400019,udp,allow,603,76,527,2,2018/11/30 16:09:14,0,any,0,32091175,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 603, + "network.community_id": [ + "1:4i/owhGS2IpySKH+SyV4sXRj0+A=", + "1:Yv+Yq/7HK9SajeKHOV50RYQWjRU=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "66.28.0.45", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24240", + "panw.panos.network.nat.community_id": "1:Yv+Yq/7HK9SajeKHOV50RYQWjRU=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091175, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 33744, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "66.28.0.45", + "192.168.1.63", + "66.28.0.45" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 527, + "server.ip": "66.28.0.45", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 527, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 33744, + "source.packets": 1, + "source.port": 16576, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:47.000-02:00", + "client.bytes": 89, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 39830, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 89, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:14.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:14.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 29796, + "log.original": "Nov 30 16:09:47 PA-220 1,2018/11/30 16:09:47,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:47,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:47,24183,1,39830,53,45809,53,0x400019,udp,allow,242,89,153,2,2018/11/30 16:09:14,0,any,0,32091176,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 242, + "network.community_id": [ + "1:KZzZcwEN4cbaTck1z2Wa/3P3YjU=", + "1:MxVcaRP5Y1xyEiYiNsmO1lVcN+A=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24183", + "panw.panos.network.nat.community_id": "1:MxVcaRP5Y1xyEiYiNsmO1lVcN+A=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091176, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 45809, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 153, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 153, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 45809, + "source.packets": 1, + "source.port": 39830, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:47.000-02:00", + "client.bytes": 71, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 6185, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 71, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:14.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:14.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 30245, + "log.original": "Nov 30 16:09:47 PA-220 1,2018/11/30 16:09:47,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:47,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:47,24211,1,6185,53,3675,53,0x400019,udp,allow,240,71,169,2,2018/11/30 16:09:14,0,any,0,32091177,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 240, + "network.community_id": [ + "1:LJ6ZkdUI9SYHDvi3B2Yn/9ILMbM=", + "1:p8DU1xLXG63f/3s/r6ZKJcQo9u8=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24211", + "panw.panos.network.nat.community_id": "1:p8DU1xLXG63f/3s/r6ZKJcQo9u8=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091177, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 3675, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 169, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 169, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 3675, + "source.packets": 1, + "source.port": 6185, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:47.000-02:00", + "client.bytes": 80, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 8781, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 80, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:14.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:14.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 30692, + "log.original": "Nov 30 16:09:47 PA-220 1,2018/11/30 16:09:47,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:47,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:47,24253,1,8781,53,5787,53,0x400019,udp,allow,208,80,128,2,2018/11/30 16:09:14,0,any,0,32091178,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 208, + "network.community_id": [ + "1:8CDWB7X3kkKjoV2bprSLSQY1py4=", + "1:bU3nBIz+M3cDoPKg8azcJgVx+8Q=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24253", + "panw.panos.network.nat.community_id": "1:bU3nBIz+M3cDoPKg8azcJgVx+8Q=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091178, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 5787, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 128, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 128, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 5787, + "source.packets": 1, + "source.port": 8781, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:47.000-02:00", + "client.bytes": 72, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 16788, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 72, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:14.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:14.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 31139, + "log.original": "Nov 30 16:09:47 PA-220 1,2018/11/30 16:09:47,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:47,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:47,24221,1,16788,53,12342,53,0x400019,udp,allow,253,72,181,2,2018/11/30 16:09:14,0,any,0,32091179,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 253, + "network.community_id": [ + "1:ScmRIn+bxqoJafQfJfEaH/CdCjE=", + "1:vnb4ttnFy2i39tg89p3jkGs6eDg=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24221", + "panw.panos.network.nat.community_id": "1:vnb4ttnFy2i39tg89p3jkGs6eDg=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091179, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 12342, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 181, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 181, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 12342, + "source.packets": 1, + "source.port": 16788, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:47.000-02:00", + "client.bytes": 76, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 45307, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 76, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:14.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:14.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 31588, + "log.original": "Nov 30 16:09:47 PA-220 1,2018/11/30 16:09:47,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:47,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:47,24310,1,45307,53,18729,53,0x400019,udp,allow,197,76,121,2,2018/11/30 16:09:14,0,any,0,32091180,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 197, + "network.community_id": [ + "1:eupsSNkv67+oInX/FQ2hHpUMyR8=", + "1:71/qcXOmOV3sXCqZ1T6JVPlE9y8=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24310", + "panw.panos.network.nat.community_id": "1:71/qcXOmOV3sXCqZ1T6JVPlE9y8=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091180, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 18729, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 121, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 121, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 18729, + "source.packets": 1, + "source.port": 45307, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:47.000-02:00", + "client.bytes": 681, + "client.ip": "192.168.15.224", + "client.packets": 5, + "client.port": 52520, + "destination.address": "23.52.174.25", + "destination.as.number": 20940, + "destination.as.organization.name": "Akamai International B.V.", + "destination.bytes": 681, + "destination.geo.city_name": "San Antonio", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 29.4551, + "destination.geo.location.lon": -98.6498, + "destination.geo.region_iso_code": "US-TX", + "destination.geo.region_name": "Texas", + "destination.ip": "23.52.174.25", + "destination.nat.ip": "23.52.174.25", + "destination.nat.port": 80, + "destination.packets": 6, + "destination.port": 80, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:29.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:29.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 32037, + "log.original": "Nov 30 16:09:47 PA-220 1,2018/11/30 16:09:47,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:47,192.168.15.224,23.52.174.25,192.168.1.63,23.52.174.25,new_outbound_from_trust,,,ocsp,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:47,24326,1,52520,80,57858,80,0x400053,tcp,allow,1927,681,1246,11,2018/11/30 16:09:29,0,computer-and-internet-info,0,32091181,0x0,192.168.0.0-192.168.255.255,United States,0,6,5,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ocsp", + "network.bytes": 1927, + "network.community_id": [ + "1://eZmJioBenLsE0zEL0rhbQ7JT8=", + "1:5ECmBtgiSUvWFJAA318pVeeu5Pw=" + ], + "network.direction": "outbound", + "network.packets": 11, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.52.174.25", + "panw.panos.destination.nat.port": 80, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24326", + "panw.panos.network.nat.community_id": "1:5ECmBtgiSUvWFJAA318pVeeu5Pw=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091181, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 57858, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-info", + "related.ip": [ + "192.168.15.224", + "23.52.174.25", + "192.168.1.63", + "23.52.174.25" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 1246, + "server.ip": "23.52.174.25", + "server.packets": 6, + "server.port": 80, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 1246, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 57858, + "source.packets": 5, + "source.port": 52520, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:47.000-02:00", + "client.bytes": 79, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 8503, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 79, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 1000000000, + "event.end": "2018-11-30T16:09:14.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:13.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 32523, + "log.original": "Nov 30 16:09:47 PA-220 1,2018/11/30 16:09:47,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:47,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:47,24201,1,8503,53,2722,53,0x400019,udp,allow,394,79,315,2,2018/11/30 16:09:13,1,any,0,32091182,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 394, + "network.community_id": [ + "1:5CL0nRdjk2Nab0PzB6vfyC1FbtI=", + "1:hxrz+dYE5XEf60JMlFz6JKWD6Ek=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24201", + "panw.panos.network.nat.community_id": "1:hxrz+dYE5XEf60JMlFz6JKWD6Ek=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091182, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 2722, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 315, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 315, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 2722, + "source.packets": 1, + "source.port": 8503, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:47.000-02:00", + "client.bytes": 82, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 6910, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 82, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:14.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:14.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 32970, + "log.original": "Nov 30 16:09:47 PA-220 1,2018/11/30 16:09:47,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:47,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:47,24130,1,6910,53,6674,53,0x400019,udp,allow,212,82,130,2,2018/11/30 16:09:14,0,any,0,32091183,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 212, + "network.community_id": [ + "1:3cIrQ2yt0QUupDVmbBJXH54+2pA=", + "1:8cb9oPS9OJnzqGAkowgmRpiqmJU=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24130", + "panw.panos.network.nat.community_id": "1:8cb9oPS9OJnzqGAkowgmRpiqmJU=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091183, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 6674, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 130, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 130, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 6674, + "source.packets": 1, + "source.port": 6910, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:47.000-02:00", + "client.bytes": 354, + "client.ip": "192.168.15.224", + "client.packets": 4, + "client.port": 52475, + "destination.address": "54.230.5.228", + "destination.as.number": 16509, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.bytes": 354, + "destination.geo.city_name": "Seattle", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 47.54, + "destination.geo.location.lon": -122.3032, + "destination.geo.region_iso_code": "US-WA", + "destination.geo.region_name": "Washington", + "destination.ip": "54.230.5.228", + "destination.nat.ip": "54.230.5.228", + "destination.nat.port": 443, + "destination.packets": 5, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 12000000000, + "event.end": "2018-11-30T16:09:29.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:17.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 33417, + "log.original": "Nov 30 16:09:47 PA-220 1,2018/11/30 16:09:47,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:47,192.168.15.224,54.230.5.228,192.168.1.63,54.230.5.228,new_outbound_from_trust,,,incomplete,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:47,24237,1,52475,443,37427,443,0x40001c,tcp,allow,642,354,288,9,2018/11/30 16:09:17,12,any,0,32091184,0x0,192.168.0.0-192.168.255.255,United States,0,5,4,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "incomplete", + "network.bytes": 642, + "network.community_id": [ + "1:ArbNq6iF9i1NLk5zDU1qThAZf4g=", + "1:Qc2oBV7ermdHPwGTWFOi4D1TcLg=" + ], + "network.direction": "outbound", + "network.packets": 9, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.230.5.228", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24237", + "panw.panos.network.nat.community_id": "1:Qc2oBV7ermdHPwGTWFOi4D1TcLg=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091184, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 37427, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "54.230.5.228", + "192.168.1.63", + "54.230.5.228" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 288, + "server.ip": "54.230.5.228", + "server.packets": 5, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 288, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 37427, + "source.packets": 4, + "source.port": 52475, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:47.000-02:00", + "client.bytes": 76, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 14342, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 76, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:14.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:14.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 33886, + "log.original": "Nov 30 16:09:47 PA-220 1,2018/11/30 16:09:47,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:47,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:47,24108,1,14342,53,22408,53,0x400019,udp,allow,225,76,149,2,2018/11/30 16:09:14,0,any,0,32091185,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 225, + "network.community_id": [ + "1:uTxp5xDc9k43Sc1xNxNrsxzfM/I=", + "1:5IHTDvzRd4yPLPdpI4ErHcRK4/w=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24108", + "panw.panos.network.nat.community_id": "1:5IHTDvzRd4yPLPdpI4ErHcRK4/w=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091185, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 22408, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 149, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 149, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 22408, + "source.packets": 1, + "source.port": 14342, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:48.000-02:00", + "client.bytes": 71, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 48197, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 71, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:15.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:15.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 34335, + "log.original": "Nov 30 16:09:48 PA-220 1,2018/11/30 16:09:48,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:48,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:48,24247,1,48197,53,27899,53,0x400019,udp,allow,273,71,202,2,2018/11/30 16:09:15,0,any,0,32091186,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 273, + "network.community_id": [ + "1:hwpLJFJeocCuki/uuS7DMUwYAcc=", + "1:0s4n+/itsIbV3mUc8OnOxmZ6exs=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24247", + "panw.panos.network.nat.community_id": "1:0s4n+/itsIbV3mUc8OnOxmZ6exs=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091186, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 27899, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 202, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 202, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 27899, + "source.packets": 1, + "source.port": 48197, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:48.000-02:00", + "client.bytes": 75, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 32296, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 75, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:15.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:15.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 34784, + "log.original": "Nov 30 16:09:48 PA-220 1,2018/11/30 16:09:48,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:48,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:48,24098,1,32296,53,52939,53,0x400019,udp,allow,270,75,195,2,2018/11/30 16:09:15,0,any,0,32091187,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 270, + "network.community_id": [ + "1:PL/uhiXbtv9YRtGDNEfmkWyMpEw=", + "1:+GsjKlESn/QeXwrAsS8c8EaMzi0=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24098", + "panw.panos.network.nat.community_id": "1:+GsjKlESn/QeXwrAsS8c8EaMzi0=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091187, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 52939, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 195, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 195, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 52939, + "source.packets": 1, + "source.port": 32296, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:48.000-02:00", + "client.bytes": 90, + "client.ip": "192.168.15.195", + "client.packets": 1, + "client.port": 33870, + "destination.address": "208.83.246.20", + "destination.as.number": 30303, + "destination.as.organization.name": "Ooma, Inc.", + "destination.bytes": 90, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "208.83.246.20", + "destination.nat.ip": "208.83.246.20", + "destination.nat.port": 123, + "destination.packets": 1, + "destination.port": 123, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:15.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:15.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 35233, + "log.original": "Nov 30 16:09:48 PA-220 1,2018/11/30 16:09:48,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:48,192.168.15.195,208.83.246.20,192.168.1.63,208.83.246.20,new_outbound_from_trust,,,ntp,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:48,24263,1,33870,123,42907,123,0x400053,udp,allow,180,90,90,2,2018/11/30 16:09:15,0,any,0,32091188,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ntp", + "network.bytes": 180, + "network.community_id": [ + "1:zSTxlbsV3qi7ri6QQifUc6oMz/o=", + "1:OSARbLstqz9D5CGo0NQuv0a9g20=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "208.83.246.20", + "panw.panos.destination.nat.port": 123, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24263", + "panw.panos.network.nat.community_id": "1:OSARbLstqz9D5CGo0NQuv0a9g20=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091188, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 42907, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.195", + "208.83.246.20", + "192.168.1.63", + "208.83.246.20" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 90, + "server.ip": "208.83.246.20", + "server.packets": 1, + "server.port": 123, + "service.type": "panw", + "source.address": "192.168.15.195", + "source.bytes": 90, + "source.ip": "192.168.15.195", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 42907, + "source.packets": 1, + "source.port": 33870, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:49.000-02:00", + "client.bytes": 148, + "client.ip": "192.168.15.196", + "client.packets": 2, + "client.port": 54659, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 148, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 2, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:16.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:16.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 35695, + "log.original": "Nov 30 16:09:49 PA-220 1,2018/11/30 16:09:49,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:49,192.168.15.196,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:49,24258,1,54659,53,19658,53,0x400019,udp,drop ICMP,340,148,192,4,2018/11/30 16:09:16,0,any,0,32091189,0x0,192.168.0.0-192.168.255.255,United States,0,2,2,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 340, + "network.community_id": [ + "1:E2LqiKHR3ZQXGMA0QsH84jNNC/0=", + "1:Cc+ekkpKaB3f2BPdSyd/esY/QVI=" + ], + "network.direction": "outbound", + "network.packets": 4, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "drop-icmp", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24258", + "panw.panos.network.nat.community_id": "1:Cc+ekkpKaB3f2BPdSyd/esY/QVI=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091189, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 19658, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.196", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 192, + "server.ip": "8.8.8.8", + "server.packets": 2, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.196", + "source.bytes": 192, + "source.ip": "192.168.15.196", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 19658, + "source.packets": 2, + "source.port": 54659, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:49.000-02:00", + "client.bytes": 83, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 57446, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 83, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:16.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:16.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 36149, + "log.original": "Nov 30 16:09:49 PA-220 1,2018/11/30 16:09:49,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:49,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:49,24155,1,57446,53,64352,53,0x400019,udp,reset client,291,83,208,2,2018/11/30 16:09:16,0,any,0,32091190,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 291, + "network.community_id": [ + "1:wZXxVANJq0JID3j0Sh2o/qnIa7A=", + "1:uPFYX4KL/wjyCp4kt+08v7myT3w=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "reset-client", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24155", + "panw.panos.network.nat.community_id": "1:uPFYX4KL/wjyCp4kt+08v7myT3w=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091190, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 64352, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 208, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 208, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 64352, + "source.packets": 1, + "source.port": 57446, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:49.000-02:00", + "client.bytes": 84, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 22655, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 84, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:16.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:16.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 36605, + "log.original": "Nov 30 16:09:49 PA-220 1,2018/11/30 16:09:49,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:49,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:49,24232,1,22655,53,60126,53,0x400019,udp,reset server,184,84,100,2,2018/11/30 16:09:16,0,any,0,32091191,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 184, + "network.community_id": [ + "1:GzSDvCcBuprowvf40RNRaGTOn+A=", + "1:f3vxOCmoOo/FOLV6VRqKjZ7eUVE=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "reset-server", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24232", + "panw.panos.network.nat.community_id": "1:f3vxOCmoOo/FOLV6VRqKjZ7eUVE=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091191, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 60126, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 100, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 100, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 60126, + "source.packets": 1, + "source.port": 22655, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:49.000-02:00", + "client.bytes": 2053, + "client.ip": "192.168.15.224", + "client.packets": 11, + "client.port": 52509, + "destination.address": "35.185.88.112", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 2053, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 38.6583, + "destination.geo.location.lon": -77.2481, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "35.185.88.112", + "destination.nat.ip": "35.185.88.112", + "destination.nat.port": 443, + "destination.packets": 13, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 10000000000, + "event.end": "2018-11-30T16:09:31.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:21.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 37061, + "log.original": "Nov 30 16:09:49 PA-220 1,2018/11/30 16:09:49,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:49,192.168.15.224,35.185.88.112,192.168.1.63,35.185.88.112,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:49,24330,1,52509,443,59771,443,0x40001a,tcp,reset both,9290,2053,7237,24,2018/11/30 16:09:21,10,business-and-economy,0,32091192,0x0,192.168.0.0-192.168.255.255,United States,0,13,11,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ssl", + "network.bytes": 9290, + "network.community_id": [ + "1:WVDXvoZNkWqELBhlp2DzAjKS6V4=", + "1:/rmnQ6QBbJzgkfNBrkCgvu5UHiU=" + ], + "network.direction": "outbound", + "network.packets": 24, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "reset-both", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "35.185.88.112", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24330", + "panw.panos.network.nat.community_id": "1:/rmnQ6QBbJzgkfNBrkCgvu5UHiU=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091192, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 59771, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "35.185.88.112", + "192.168.1.63", + "35.185.88.112" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 7237, + "server.ip": "35.185.88.112", + "server.packets": 13, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 7237, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 59771, + "source.packets": 11, + "source.port": 52509, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:49.000-02:00", + "client.bytes": 93, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 27192, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 93, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:16.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:16.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 37565, + "log.original": "Nov 30 16:09:49 PA-220 1,2018/11/30 16:09:49,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:49,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:49,23960,1,27192,53,35748,53,0x400019,udp,allow,202,93,109,2,2018/11/30 16:09:16,0,any,0,32091193,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 202, + "network.community_id": [ + "1:SaW9SLCHEmuQYbHgbCLPVZmIrWo=", + "1:9Ub1pskil4C0tLo85OJa61g1D0Q=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23960", + "panw.panos.network.nat.community_id": "1:9Ub1pskil4C0tLo85OJa61g1D0Q=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091193, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 35748, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 109, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 109, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 35748, + "source.packets": 1, + "source.port": 27192, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:49.000-02:00", + "client.bytes": 84, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 30221, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 84, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:16.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:16.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 38014, + "log.original": "Nov 30 16:09:49 PA-220 1,2018/11/30 16:09:49,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:49,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:49,24236,1,30221,53,63701,53,0x400019,udp,allow,200,84,116,2,2018/11/30 16:09:16,0,any,0,32091194,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 200, + "network.community_id": [ + "1:UKGEn5x2xKPJhb0aLNUd3IM2xP0=", + "1:rh7nCIUBzUAekx4F+OTwBbpRh+E=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24236", + "panw.panos.network.nat.community_id": "1:rh7nCIUBzUAekx4F+OTwBbpRh+E=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091194, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 63701, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 116, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 116, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 63701, + "source.packets": 1, + "source.port": 30221, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:49.000-02:00", + "client.bytes": 64, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 30570, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 64, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:16.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:16.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 38463, + "log.original": "Nov 30 16:09:49 PA-220 1,2018/11/30 16:09:49,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:49,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:49,24276,1,30570,53,57872,53,0x400019,udp,allow,160,64,96,2,2018/11/30 16:09:16,0,any,0,32091195,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 160, + "network.community_id": [ + "1:7WDGZhY7X3GTZLGCIDWzxK5juF4=", + "1:eIIc+AXkJtZLyfNqUAVZLumaYVQ=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24276", + "panw.panos.network.nat.community_id": "1:eIIc+AXkJtZLyfNqUAVZLumaYVQ=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091195, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 57872, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 96, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 96, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 57872, + "source.packets": 1, + "source.port": 30570, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:50.000-02:00", + "client.bytes": 1100, + "client.ip": "192.168.15.224", + "client.packets": 7, + "client.port": 52497, + "destination.address": "50.19.85.24", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.bytes": 1100, + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "50.19.85.24", + "destination.nat.ip": "50.19.85.24", + "destination.nat.port": 443, + "destination.packets": 8, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 11000000000, + "event.end": "2018-11-30T16:09:32.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:21.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 38911, + "log.original": "Nov 30 16:09:50 PA-220 1,2018/11/30 16:09:50,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:50,192.168.15.224,50.19.85.24,192.168.1.63,50.19.85.24,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:50,24299,1,52497,443,37581,443,0x40001c,tcp,allow,1754,1100,654,15,2018/11/30 16:09:21,11,business-and-economy,0,32091196,0x0,192.168.0.0-192.168.255.255,United States,0,8,7,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ssl", + "network.bytes": 1754, + "network.community_id": [ + "1:wOhR5YstpLgnt5WE19sGYKCmyZU=", + "1:Mn7w9ScywW3qjDMNsO8QsGj6BY0=" + ], + "network.direction": "outbound", + "network.packets": 15, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "50.19.85.24", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24299", + "panw.panos.network.nat.community_id": "1:Mn7w9ScywW3qjDMNsO8QsGj6BY0=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091196, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 37581, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "50.19.85.24", + "192.168.1.63", + "50.19.85.24" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 654, + "server.ip": "50.19.85.24", + "server.packets": 8, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 654, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 37581, + "source.packets": 7, + "source.port": 52497, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:50.000-02:00", + "client.bytes": 1100, + "client.ip": "192.168.15.224", + "client.packets": 7, + "client.port": 52498, + "destination.address": "50.19.85.24", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.bytes": 1100, + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "50.19.85.24", + "destination.nat.ip": "50.19.85.24", + "destination.nat.port": 443, + "destination.packets": 8, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 11000000000, + "event.end": "2018-11-30T16:09:32.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:21.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 39403, + "log.original": "Nov 30 16:09:50 PA-220 1,2018/11/30 16:09:50,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:50,192.168.15.224,50.19.85.24,192.168.1.63,50.19.85.24,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:50,24229,1,52498,443,19226,443,0x40001c,tcp,allow,1754,1100,654,15,2018/11/30 16:09:21,11,business-and-economy,0,32091197,0x0,192.168.0.0-192.168.255.255,United States,0,8,7,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ssl", + "network.bytes": 1754, + "network.community_id": [ + "1:6h8eY2s13iXP9cVx+C3Odlnn4+A=", + "1:8oAG19bm5FROhazDy0CcTH+Cfqc=" + ], + "network.direction": "outbound", + "network.packets": 15, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "50.19.85.24", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24229", + "panw.panos.network.nat.community_id": "1:8oAG19bm5FROhazDy0CcTH+Cfqc=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091197, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 19226, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "50.19.85.24", + "192.168.1.63", + "50.19.85.24" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 654, + "server.ip": "50.19.85.24", + "server.packets": 8, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 654, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 19226, + "source.packets": 7, + "source.port": 52498, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:50.000-02:00", + "client.bytes": 1100, + "client.ip": "192.168.15.224", + "client.packets": 7, + "client.port": 52496, + "destination.address": "50.19.85.24", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.bytes": 1100, + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "50.19.85.24", + "destination.nat.ip": "50.19.85.24", + "destination.nat.port": 443, + "destination.packets": 8, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 11000000000, + "event.end": "2018-11-30T16:09:32.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:21.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 39895, + "log.original": "Nov 30 16:09:50 PA-220 1,2018/11/30 16:09:50,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:50,192.168.15.224,50.19.85.24,192.168.1.63,50.19.85.24,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:50,24283,1,52496,443,61721,443,0x40001c,tcp,allow,1754,1100,654,15,2018/11/30 16:09:21,11,business-and-economy,0,32091198,0x0,192.168.0.0-192.168.255.255,United States,0,8,7,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ssl", + "network.bytes": 1754, + "network.community_id": [ + "1:/ZL4TDk4BgzLIyz/Xp1oJ9ew5cE=", + "1:ZhVElLU1QcpGayhElc2L/+Rp+xw=" + ], + "network.direction": "outbound", + "network.packets": 15, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "50.19.85.24", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24283", + "panw.panos.network.nat.community_id": "1:ZhVElLU1QcpGayhElc2L/+Rp+xw=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091198, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 61721, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "50.19.85.24", + "192.168.1.63", + "50.19.85.24" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 654, + "server.ip": "50.19.85.24", + "server.packets": 8, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 654, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 61721, + "source.packets": 7, + "source.port": 52496, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:50.000-02:00", + "client.bytes": 2691, + "client.ip": "192.168.15.224", + "client.packets": 10, + "client.port": 52510, + "destination.address": "104.254.150.9", + "destination.as.number": 29990, + "destination.as.organization.name": "AppNexus, Inc", + "destination.bytes": 2691, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "104.254.150.9", + "destination.nat.ip": "104.254.150.9", + "destination.nat.port": 443, + "destination.packets": 12, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 11000000000, + "event.end": "2018-11-30T16:09:32.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:21.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 40387, + "log.original": "Nov 30 16:09:50 PA-220 1,2018/11/30 16:09:50,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:50,192.168.15.224,104.254.150.9,192.168.1.63,104.254.150.9,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:50,24369,1,52510,443,10098,443,0x40001a,tcp,allow,10511,2691,7820,22,2018/11/30 16:09:21,11,web-advertisements,0,32091199,0x0,192.168.0.0-192.168.255.255,United States,0,12,10,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ssl", + "network.bytes": 10511, + "network.community_id": [ + "1:xYiSF9gJFyCzwbXQPyFt8YU2J78=", + "1:aHhDlT3Bx285CJRrBykpRsei1a0=" + ], + "network.direction": "outbound", + "network.packets": 22, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "104.254.150.9", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24369", + "panw.panos.network.nat.community_id": "1:aHhDlT3Bx285CJRrBykpRsei1a0=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091199, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 10098, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "web-advertisements", + "related.ip": [ + "192.168.15.224", + "104.254.150.9", + "192.168.1.63", + "104.254.150.9" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 7820, + "server.ip": "104.254.150.9", + "server.packets": 12, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 7820, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 10098, + "source.packets": 10, + "source.port": 52510, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:50.000-02:00", + "client.bytes": 1100, + "client.ip": "192.168.15.224", + "client.packets": 7, + "client.port": 52495, + "destination.address": "50.19.85.24", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.bytes": 1100, + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "50.19.85.24", + "destination.nat.ip": "50.19.85.24", + "destination.nat.port": 443, + "destination.packets": 8, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 11000000000, + "event.end": "2018-11-30T16:09:32.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:21.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 40885, + "log.original": "Nov 30 16:09:50 PA-220 1,2018/11/30 16:09:50,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:50,192.168.15.224,50.19.85.24,192.168.1.63,50.19.85.24,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:50,24354,1,52495,443,4564,443,0x40001c,tcp,allow,1754,1100,654,15,2018/11/30 16:09:21,11,business-and-economy,0,32091200,0x0,192.168.0.0-192.168.255.255,United States,0,8,7,tcp-rst-from-client,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ssl", + "network.bytes": 1754, + "network.community_id": [ + "1:QTH4ra5ZOxMb5v4tYy8DkqQsSus=", + "1:RLfRarGPGl+PnGhB8fb+S+uTX1o=" + ], + "network.direction": "outbound", + "network.packets": 15, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "50.19.85.24", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24354", + "panw.panos.network.nat.community_id": "1:RLfRarGPGl+PnGhB8fb+S+uTX1o=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091200, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 4564, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "business-and-economy", + "related.ip": [ + "192.168.15.224", + "50.19.85.24", + "192.168.1.63", + "50.19.85.24" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 654, + "server.ip": "50.19.85.24", + "server.packets": 8, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 654, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 4564, + "source.packets": 7, + "source.port": 52495, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:50.000-02:00", + "client.bytes": 276, + "client.ip": "192.168.15.224", + "client.packets": 3, + "client.port": 52486, + "destination.address": "52.0.218.108", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.bytes": 276, + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "52.0.218.108", + "destination.nat.ip": "52.0.218.108", + "destination.nat.port": 443, + "destination.packets": 4, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 12000000000, + "event.end": "2018-11-30T16:09:32.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:20.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 41376, + "log.original": "Nov 30 16:09:50 PA-220 1,2018/11/30 16:09:50,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:50,192.168.15.224,52.0.218.108,192.168.1.63,52.0.218.108,new_outbound_from_trust,,,incomplete,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:50,24254,1,52486,443,32104,443,0x40001c,tcp,allow,490,276,214,7,2018/11/30 16:09:20,12,any,0,32091201,0x0,192.168.0.0-192.168.255.255,United States,0,4,3,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "incomplete", + "network.bytes": 490, + "network.community_id": [ + "1:pRGS72RJ+/RdCMjmtcrBxdR6i9w=", + "1:/0iCZCsnpk+5MR4Tc26unyr/T4Q=" + ], + "network.direction": "outbound", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.0.218.108", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24254", + "panw.panos.network.nat.community_id": "1:/0iCZCsnpk+5MR4Tc26unyr/T4Q=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091201, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 32104, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "52.0.218.108", + "192.168.1.63", + "52.0.218.108" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 214, + "server.ip": "52.0.218.108", + "server.packets": 4, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 214, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 32104, + "source.packets": 3, + "source.port": 52486, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:50.000-02:00", + "client.bytes": 276, + "client.ip": "192.168.15.224", + "client.packets": 3, + "client.port": 52489, + "destination.address": "52.6.117.19", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.bytes": 276, + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "52.6.117.19", + "destination.nat.ip": "52.6.117.19", + "destination.nat.port": 443, + "destination.packets": 4, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 12000000000, + "event.end": "2018-11-30T16:09:32.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:20.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 41845, + "log.original": "Nov 30 16:09:50 PA-220 1,2018/11/30 16:09:50,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:50,192.168.15.224,52.6.117.19,192.168.1.63,52.6.117.19,new_outbound_from_trust,,,incomplete,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:50,24246,1,52489,443,14172,443,0x40001c,tcp,allow,490,276,214,7,2018/11/30 16:09:20,12,any,0,32091202,0x0,192.168.0.0-192.168.255.255,United States,0,4,3,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "incomplete", + "network.bytes": 490, + "network.community_id": [ + "1:zaENYnP2VlZewYNuHhpqTvNAf4Y=", + "1:486dmnLzuTH8P7j6jI6JsUtW2VU=" + ], + "network.direction": "outbound", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.6.117.19", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24246", + "panw.panos.network.nat.community_id": "1:486dmnLzuTH8P7j6jI6JsUtW2VU=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091202, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 14172, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "52.6.117.19", + "192.168.1.63", + "52.6.117.19" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 214, + "server.ip": "52.6.117.19", + "server.packets": 4, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 214, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 14172, + "source.packets": 3, + "source.port": 52489, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:50.000-02:00", + "client.bytes": 276, + "client.ip": "192.168.15.224", + "client.packets": 3, + "client.port": 52490, + "destination.address": "34.238.96.22", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.bytes": 276, + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "34.238.96.22", + "destination.nat.ip": "34.238.96.22", + "destination.nat.port": 443, + "destination.packets": 4, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 12000000000, + "event.end": "2018-11-30T16:09:32.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:20.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 42312, + "log.original": "Nov 30 16:09:50 PA-220 1,2018/11/30 16:09:50,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:50,192.168.15.224,34.238.96.22,192.168.1.63,34.238.96.22,new_outbound_from_trust,,,incomplete,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:50,24343,1,52490,443,10286,443,0x40001c,tcp,allow,490,276,214,7,2018/11/30 16:09:20,12,any,0,32091203,0x0,192.168.0.0-192.168.255.255,United States,0,4,3,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "incomplete", + "network.bytes": 490, + "network.community_id": [ + "1:FdupsUbF1ju1djczW9JAKlxKNC4=", + "1:6LTK93w8ZdfxzSfZXzebKR6jWxo=" + ], + "network.direction": "outbound", + "network.packets": 7, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "34.238.96.22", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24343", + "panw.panos.network.nat.community_id": "1:6LTK93w8ZdfxzSfZXzebKR6jWxo=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091203, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 10286, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "34.238.96.22", + "192.168.1.63", + "34.238.96.22" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 214, + "server.ip": "34.238.96.22", + "server.packets": 4, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 214, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 10286, + "source.packets": 3, + "source.port": 52490, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:50.000-02:00", + "client.bytes": 276, + "client.ip": "192.168.15.224", + "client.packets": 4, + "client.port": 52493, + "destination.address": "130.211.47.17", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 276, + "destination.geo.city_name": "Mountain View", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.4043, + "destination.geo.location.lon": -122.0748, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", + "destination.ip": "130.211.47.17", + "destination.nat.ip": "130.211.47.17", + "destination.nat.port": 443, + "destination.packets": 4, + "destination.port": 443, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 12000000000, + "event.end": "2018-11-30T16:09:32.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:20.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 42781, + "log.original": "Nov 30 16:09:50 PA-220 1,2018/11/30 16:09:50,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:50,192.168.15.224,130.211.47.17,192.168.1.63,130.211.47.17,new_outbound_from_trust,,,incomplete,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:50,24262,1,52493,443,30799,443,0x40001c,tcp,allow,556,276,280,8,2018/11/30 16:09:20,12,any,0,32091204,0x0,192.168.0.0-192.168.255.255,United States,0,4,4,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "incomplete", + "network.bytes": 556, + "network.community_id": [ + "1:fHitWYVd9RNFs7M5hQrqw/dmY8Y=", + "1:roV5JFl0FdQHIRUkgeZm+ZeyeCQ=" + ], + "network.direction": "outbound", + "network.packets": 8, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "130.211.47.17", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24262", + "panw.panos.network.nat.community_id": "1:roV5JFl0FdQHIRUkgeZm+ZeyeCQ=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091204, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 30799, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "130.211.47.17", + "192.168.1.63", + "130.211.47.17" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 280, + "server.ip": "130.211.47.17", + "server.packets": 4, + "server.port": 443, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 280, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 30799, + "source.packets": 4, + "source.port": 52493, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:51.000-02:00", + "client.bytes": 97, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 59320, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 97, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:18.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:18.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 43252, + "log.original": "Nov 30 16:09:51 PA-220 1,2018/11/30 16:09:51,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:51,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:51,24281,1,59320,53,13490,53,0x400019,udp,allow,269,97,172,2,2018/11/30 16:09:18,0,any,0,32091205,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 269, + "network.community_id": [ + "1:n/IZF37E/7cErtK4po3ewuEQScY=", + "1:5G+JVi/ClM/MfHhUL//vH/GmuaA=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24281", + "panw.panos.network.nat.community_id": "1:5G+JVi/ClM/MfHhUL//vH/GmuaA=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091205, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 13490, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 172, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 172, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 13490, + "source.packets": 1, + "source.port": 59320, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:52.000-02:00", + "client.bytes": 588, + "client.ip": "192.168.15.224", + "client.packets": 6, + "client.port": 0, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 588, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 0, + "destination.packets": 6, + "destination.port": 0, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:37.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:37.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 43701, + "log.original": "Nov 30 16:09:52 PA-220 1,2018/11/30 16:09:52,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:52,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,ping,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:52,24424,6,0,0,0,0,0x500019,icmp,allow,1176,588,588,12,2018/11/30 16:09:37,0,any,0,32091206,0x0,192.168.0.0-192.168.255.255,United States,0,6,6,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "ping", + "network.bytes": 1176, + "network.community_id": [ + "1:iNhLzwoKKarTKCq59Sts/hhZN7Q=", + "1:QVXHpdoObbzEeqP6DGULYxqYgAY=" + ], + "network.direction": "outbound", + "network.packets": 12, + "network.transport": "icmp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24424", + "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091206, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 588, + "server.ip": "8.8.8.8", + "server.packets": 6, + "server.port": 0, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 588, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 0, + "source.packets": 6, + "source.port": 0, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:52.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 13076, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 78, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:19.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:19.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 44145, + "log.original": "Nov 30 16:09:52 PA-220 1,2018/11/30 16:09:52,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:52,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:52,24230,1,13076,53,53751,53,0x400019,udp,allow,172,78,94,2,2018/11/30 16:09:19,0,any,0,32091207,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 172, + "network.community_id": [ + "1:jKueIOIhkRRjHQyRO93QyuKEiP8=", + "1:mdksC4jGw6MN7g3nGdquiqQ95vU=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24230", + "panw.panos.network.nat.community_id": "1:mdksC4jGw6MN7g3nGdquiqQ95vU=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091207, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 53751, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 94, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 94, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 53751, + "source.packets": 1, + "source.port": 13076, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:52.000-02:00", + "client.bytes": 72, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 5511, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 72, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:19.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:19.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 44593, + "log.original": "Nov 30 16:09:52 PA-220 1,2018/11/30 16:09:52,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:52,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:52,24243,1,5511,53,21643,53,0x400019,udp,allow,242,72,170,2,2018/11/30 16:09:19,0,any,0,32091208,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 242, + "network.community_id": [ + "1:mci4o+GZJDLvZr11UdJH9bepPqU=", + "1:+zC2Y+UE7UqApr01oqb755Xyuf4=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24243", + "panw.panos.network.nat.community_id": "1:+zC2Y+UE7UqApr01oqb755Xyuf4=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091208, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 21643, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 170, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 170, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 21643, + "source.packets": 1, + "source.port": 5511, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:52.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 9799, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 78, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:19.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:19.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 45041, + "log.original": "Nov 30 16:09:52 PA-220 1,2018/11/30 16:09:52,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:52,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:52,24077,1,9799,53,22446,53,0x400019,udp,allow,172,78,94,2,2018/11/30 16:09:19,0,any,0,32091209,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 172, + "network.community_id": [ + "1:Px8uRfOgVDuaWj/VKxjTwyAzHAM=", + "1:xawqUBgLyfe1E61ObEXv4nbO590=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24077", + "panw.panos.network.nat.community_id": "1:xawqUBgLyfe1E61ObEXv4nbO590=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091209, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 22446, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 94, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 94, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 22446, + "source.packets": 1, + "source.port": 9799, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:52.000-02:00", + "client.bytes": 78, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 39169, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 78, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:19.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:19.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 45488, + "log.original": "Nov 30 16:09:52 PA-220 1,2018/11/30 16:09:52,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:52,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:52,24266,1,39169,53,22301,53,0x400019,udp,allow,172,78,94,2,2018/11/30 16:09:19,0,any,0,32091210,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 172, + "network.community_id": [ + "1:6tSek5GUc9k56LSY4NgTMd0igd8=", + "1:PDWWOeDVqKGZ/hwjVVdCDdF6qB4=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24266", + "panw.panos.network.nat.community_id": "1:PDWWOeDVqKGZ/hwjVVdCDdF6qB4=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091210, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 22301, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 94, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 94, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 22301, + "source.packets": 1, + "source.port": 39169, + "tags": [ + "pan-os" + ] + }, + { + "@timestamp": "2018-11-30T16:09:52.000-02:00", + "client.bytes": 72, + "client.ip": "192.168.15.224", + "client.packets": 1, + "client.port": 42476, + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 72, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, + "destination.packets": 1, + "destination.port": 53, + "event.action": "flow_terminated", + "event.category": [ + "network_traffic", + "network" + ], + "event.dataset": "panw.panos", + "event.duration": 0, + "event.end": "2018-11-30T16:09:19.000-02:00", + "event.kind": "event", + "event.module": "panw", + "event.outcome": "success", + "event.start": "2018-11-30T16:09:19.000-02:00", + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], + "fileset.name": "panos", + "input.type": "log", + "labels.nat_translated": true, + "log.offset": 45936, + "log.original": "Nov 30 16:09:52 PA-220 1,2018/11/30 16:09:52,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:52,192.168.15.224,8.8.8.8,192.168.1.63,8.8.8.8,new_outbound_from_trust,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:52,24269,1,42476,53,58124,53,0x400019,udp,allow,238,72,166,2,2018/11/30 16:09:19,0,any,0,32091211,0x0,192.168.0.0-192.168.255.255,United States,0,1,1,aged-out,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0", + "network.application": "dns", + "network.bytes": 238, + "network.community_id": [ + "1:xl0u/+SYGciPtyPuv813G1aTEdI=", + "1:yNIHAg1M08IChho9000mtg7zUOc=" + ], + "network.direction": "outbound", + "network.packets": 2, + "network.transport": "udp", + "network.type": "ipv4", + "observer.hostname": "PA-220", + "observer.serial_number": "012801096514", + "panw.panos.action": "allow", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24269", + "panw.panos.network.nat.community_id": "1:yNIHAg1M08IChho9000mtg7zUOc=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091211, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 58124, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", + "related.ip": [ + "192.168.15.224", + "8.8.8.8", + "192.168.1.63", + "8.8.8.8" + ], + "rule.name": "new_outbound_from_trust", + "server.bytes": 166, + "server.ip": "8.8.8.8", + "server.packets": 1, + "server.port": 53, + "service.type": "panw", + "source.address": "192.168.15.224", + "source.bytes": 166, + "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 58124, + "source.packets": 1, + "source.port": 42476, + "tags": [ + "pan-os" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/rabbitmq/_meta/config.yml b/filebeat/module/rabbitmq/_meta/config.yml new file mode 100644 index 00000000000..246c13225c6 --- /dev/null +++ b/filebeat/module/rabbitmq/_meta/config.yml @@ -0,0 +1,8 @@ +- module: rabbitmq + # All logs + log: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: ["/var/log/rabbitmq/rabbit@localhost.log*"] diff --git a/filebeat/module/rabbitmq/_meta/docs.asciidoc b/filebeat/module/rabbitmq/_meta/docs.asciidoc new file mode 100644 index 00000000000..2222da5e045 --- /dev/null +++ b/filebeat/module/rabbitmq/_meta/docs.asciidoc @@ -0,0 +1,56 @@ +:modulename: rabbitmq +:has-dashboards: false + +== RabbitMQ module + +This is the module for parsing https://www.rabbitmq.com/logging.html[RabbitMQ log files] + +include::../include/what-happens.asciidoc[] + +include::../include/gs-link.asciidoc[] + +[float] +=== Compatibility + +Parses https://www.rabbitmq.com/logging.html[single file format] introduced in 3.7.0. + +Tested with version 3.7.14. + +include::../include/configuring-intro.asciidoc[] + +The following example shows how to set paths in the +modules.d/{modulename}.yml+ +file to override the default paths for RabbitMQ logs: + + +["source","yaml",subs="attributes"] +----- +- module: rabbitmq + log: + enabled: true + var.paths: ["/path/to/log/rabbitmq/*.log*"] +----- + + +To specify the same settings at the command line, you use: + +["source","sh",subs="attributes"] +----- +-M "rabbitmq.log.var.paths=[/path/to/log/rabbitmq/*.log*]" +----- + +:fileset_ex: log + +include::../include/config-option-intro.asciidoc[] + +[float] +==== `log` fileset settings + +include::../include/var-paths.asciidoc[] + +include::../include/timezone-support.asciidoc[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/rabbitmq/_meta/fields.yml b/filebeat/module/rabbitmq/_meta/fields.yml new file mode 100644 index 00000000000..af823334ce0 --- /dev/null +++ b/filebeat/module/rabbitmq/_meta/fields.yml @@ -0,0 +1,9 @@ +- key: rabbitmq + title: "RabbitMQ" + description: > + RabbitMQ Module + fields: + - name: rabbitmq + type: group + description: > + fields: diff --git a/filebeat/module/rabbitmq/fields.go b/filebeat/module/rabbitmq/fields.go new file mode 100644 index 00000000000..6aabd0a5f8b --- /dev/null +++ b/filebeat/module/rabbitmq/fields.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package rabbitmq + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "rabbitmq", asset.ModuleFieldsPri, AssetRabbitmq); err != nil { + panic(err) + } +} + +// AssetRabbitmq returns asset data. +// This is the base64 encoded gzipped contents of module/rabbitmq. +func AssetRabbitmq() string { + return "eJx0kMFuhSAURPd8xcS9xrgkjbsuXbTpD6BcKRGFAqb17xttNeLz3eWc5Mzk5hho4fCibXUcvxgQdTTEkb1vUfOWMUBS6Lx2UduJo2YAsGM0Vs6GGNBrMjLwjeaYxEiJd724OOJQ3s7uP7kxp6azzVh1ZHeyp8K/OyYbq9BrQ+GEr53nXqdlku/dAy3f1l9ZsuDjk/DqjZgUnLcdhYAHGf2I0a0/fymLqqqKsma/AQAA///y5GyB" +} diff --git a/filebeat/module/rabbitmq/log/_meta/fields.yml b/filebeat/module/rabbitmq/log/_meta/fields.yml new file mode 100644 index 00000000000..ba6eb546629 --- /dev/null +++ b/filebeat/module/rabbitmq/log/_meta/fields.yml @@ -0,0 +1,9 @@ +- name: log + type: group + description: > + RabbitMQ log files + fields: + - name: pid + type: keyword + description: The Erlang process id + example: <0.222.0> diff --git a/filebeat/module/rabbitmq/log/config/log.yml b/filebeat/module/rabbitmq/log/config/log.yml new file mode 100644 index 00000000000..c584a841aa3 --- /dev/null +++ b/filebeat/module/rabbitmq/log/config/log.yml @@ -0,0 +1,17 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] + +# If the line doesn't start with a timestamp, consider it a continuation of the previous line +# From https://www.elastic.co/guide/en/beats/filebeat/current/_examples_of_multiline_configuration.html#_timestamps +# ideally, this would be the same pattern (`DATESTAMP`) used in `processors.grok.patterns` +multiline: + pattern: '[0-9]{4}-[0-9]{2}-[0-9]{2}' + negate: true + match: after + +processors: + - add_locale: ~ diff --git a/filebeat/module/rabbitmq/log/ingest/pipeline.yml b/filebeat/module/rabbitmq/log/ingest/pipeline.yml new file mode 100644 index 00000000000..58097c578d8 --- /dev/null +++ b/filebeat/module/rabbitmq/log/ingest/pipeline.yml @@ -0,0 +1,35 @@ +--- +description: Pipeline for parsing RabbitMQ logs +processors: +- grok: + field: message + pattern_definitions: + GREEDYMULTILINE: "(.|\n)*" + ERL_PID: "\\<%{INT}+\\.%{INT}+\\.%{INT}+\\>" + patterns: + - "%{DATESTAMP:timestamp} \\[%{WORD:log.level}\\] %{ERL_PID:rabbitmq.log.pid} + %{GREEDYMULTILINE:message}" + ignore_missing: true +- date: + if: "ctx.event.timezone == null" + field: timestamp + target_field: "@timestamp" + formats: + - yy-MM-dd HH:mm:ss.SSS +- date: + if: "ctx.event.timezone != null" + field: "timestamp" + target_field: "@timestamp" + timezone: "{{ event.timezone }}" + formats: + - yy-MM-dd HH:mm:ss.SSS +- remove: + field: + - timestamp +- set: + field: event.kind + value: event +on_failure: +- set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/filebeat/module/rabbitmq/log/manifest.yml b/filebeat/module/rabbitmq/log/manifest.yml new file mode 100644 index 00000000000..6ec5ae57f0f --- /dev/null +++ b/filebeat/module/rabbitmq/log/manifest.yml @@ -0,0 +1,12 @@ +module_version: 1.0 + +var: + - name: paths + default: + - ${RABBITMQ_LOGS:/var/log/rabbitmq/rabbit@localhost.log*} + os.darwin: + - ${RABBITMQ_LOGS:/usr/local/var/log/rabbitmq/rabbit@localhost.log*} + os.windows: + #- '%APPDATA%\RabbitMQ\log\rabbit@localhost.log*' +ingest_pipeline: ingest/pipeline.yml +input: config/log.yml diff --git a/filebeat/module/rabbitmq/log/test/test.log b/filebeat/module/rabbitmq/log/test/test.log new file mode 100644 index 00000000000..91a0d3a63e4 --- /dev/null +++ b/filebeat/module/rabbitmq/log/test/test.log @@ -0,0 +1,78 @@ +2019-04-03 11:13:15.076 [info] <0.8.0> Log file opened with Lager +2019-04-03 11:13:15.510 [info] <0.222.0> + Starting RabbitMQ 3.7.14 on Erlang 21.3.2 + Copyright (C) 2007-2019 Pivotal Software, Inc. + Licensed under the MPL. See https://www.rabbitmq.com/ +2019-04-03 11:13:15.512 [info] <0.222.0> + node : rabbit@localhost + home dir : /Users/jfsiii + config file(s) : (none) + cookie hash : 1FLKC2GJUcbFjO6klcgs8Q== + log(s) : /usr/local/var/log/rabbitmq/rabbit@localhost.log + : /usr/local/var/log/rabbitmq/rabbit@localhost_upgrade.log + database dir : /usr/local/var/lib/rabbitmq/mnesia/rabbit@localhost +2019-04-12 10:00:53.458 [info] <0.1398.0> RabbitMQ is asked to stop... +2019-04-12 10:00:53.550 [info] <0.1398.0> Stopping RabbitMQ applications and their dependencies in the following order: + rabbitmq_management + rabbitmq_stomp + rabbitmq_amqp1_0 + rabbitmq_mqtt + amqp_client + rabbitmq_web_dispatch + cowboy + cowlib + rabbitmq_management_agent + rabbit + mnesia + rabbit_common + sysmon_handler + os_mon + amqp10_common +2019-04-12 10:00:53.550 [info] <0.1398.0> Stopping application 'rabbitmq_management' +2019-04-12 10:00:54.553 [warning] <0.490.0> RabbitMQ HTTP listener registry could not find context rabbitmq_management_tls +2019-04-12 10:00:54.555 [info] <0.43.0> Application rabbitmq_management exited with reason: stopped +2019-04-12 10:00:54.567 [info] <0.1398.0> Stopping application 'rabbit' +2019-04-12 10:00:54.567 [info] <0.286.0> Peer discovery backend rabbit_peer_discovery_classic_config does not support registration, skipping unregistration. +2019-04-12 10:00:54.568 [info] <0.419.0> stopped TCP listener on 127.0.0.1:5672 +2019-04-12 10:00:54.569 [info] <0.324.0> Closing all connections in vhost '/' on node 'rabbit@localhost' because the vhost is stopping +2019-04-12 10:00:54.579 [info] <0.374.0> Stopping message store for directory '/usr/local/var/lib/rabbitmq/mnesia/rabbit@localhost/msg_stores/vhosts/628WB79CIFDYO9LJI6DKMI09L/msg_store_persistent' +2019-04-12 10:00:54.588 [info] <0.374.0> Message store for directory '/usr/local/var/lib/rabbitmq/mnesia/rabbit@localhost/msg_stores/vhosts/628WB79CIFDYO9LJI6DKMI09L/msg_store_persistent' is stopped +2019-04-12 10:00:54.589 [info] <0.371.0> Stopping message store for directory '/usr/local/var/lib/rabbitmq/mnesia/rabbit@localhost/msg_stores/vhosts/628WB79CIFDYO9LJI6DKMI09L/msg_store_transient' +2019-04-12 10:00:54.598 [info] <0.371.0> Message store for directory '/usr/local/var/lib/rabbitmq/mnesia/rabbit@localhost/msg_stores/vhosts/628WB79CIFDYO9LJI6DKMI09L/msg_store_transient' is stopped +2019-04-12 10:00:54.606 [info] <0.43.0> Application rabbit exited with reason: stopped +2019-04-12 10:00:54.615 [info] <0.1398.0> Successfully stopped RabbitMQ and its dependencies +2019-04-12 10:00:54.615 [info] <0.1398.0> Halting Erlang VM with the following applications: + ranch + ssl + public_key + sasl + inets + asn1 + crypto + jsx + xmerl + recon + lager + goldrush + compiler + syntax_tools + stdlib + kernel +2019-04-12 10:01:01.031 [info] <0.8.0> Server startup complete; 6 plugins started. + * rabbitmq_stomp + * rabbitmq_management + * rabbitmq_web_dispatch + * rabbitmq_amqp1_0 + * rabbitmq_mqtt + * rabbitmq_management_agent +2019-04-12 10:11:15.094 [info] <0.1345.0> accepting AMQP connection <0.1345.0> (127.0.0.1:64875 -> 127.0.0.1:5672) +2019-04-12 10:11:15.101 [info] <0.1345.0> connection <0.1345.0> (127.0.0.1:64875 -> 127.0.0.1:5672): user 'guest' authenticated and granted access to vhost '/' +2019-04-12 10:19:14.450 [error] <0.1345.0> Error on AMQP connection <0.1345.0> (127.0.0.1:64875 -> 127.0.0.1:5672, vhost: '/', user: 'guest', state: running), channel 0: + operation none caused a connection exception connection_forced: [240,159,145, + 139,240,159, + 143,190,240, + 159,144,135, + 240,159,164, + 163] +2019-04-12 10:19:14.450 [info] <0.1902.0> Closing connection <0.1345.0> because <<240,159,145,139,240,159,143,190,240,159,144,135,240,159,164,163>> +2019-04-12 10:19:14.451 [info] <0.1345.0> closing AMQP connection <0.1345.0> (127.0.0.1:64875 -> 127.0.0.1:5672, vhost: '/', user: 'guest') diff --git a/filebeat/module/rabbitmq/log/test/test.log-expected.json b/filebeat/module/rabbitmq/log/test/test.log-expected.json new file mode 100644 index 00000000000..0bdae14b894 --- /dev/null +++ b/filebeat/module/rabbitmq/log/test/test.log-expected.json @@ -0,0 +1,370 @@ +[ + { + "@timestamp": "2019-04-03T11:13:15.076-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.level": "info", + "log.offset": 0, + "message": "Log file opened with Lager", + "rabbitmq.log.pid": "<0.8.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-03T11:13:15.510-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "info", + "log.offset": 66, + "message": "\n Starting RabbitMQ 3.7.14 on Erlang 21.3.2\n Copyright (C) 2007-2019 Pivotal Software, Inc.\n Licensed under the MPL. See https://www.rabbitmq.com/", + "rabbitmq.log.pid": "<0.222.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-03T11:13:15.512-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "info", + "log.offset": 255, + "message": " \n node : rabbit@localhost\n home dir : /Users/jfsiii\n config file(s) : (none)\n cookie hash : 1FLKC2GJUcbFjO6klcgs8Q==\n log(s) : /usr/local/var/log/rabbitmq/rabbit@localhost.log\n : /usr/local/var/log/rabbitmq/rabbit@localhost_upgrade.log\n database dir : /usr/local/var/lib/rabbitmq/mnesia/rabbit@localhost", + "rabbitmq.log.pid": "<0.222.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-12T10:00:53.458-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.level": "info", + "log.offset": 645, + "message": "RabbitMQ is asked to stop...", + "rabbitmq.log.pid": "<0.1398.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-12T10:00:53.550-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "info", + "log.offset": 716, + "message": "Stopping RabbitMQ applications and their dependencies in the following order:\n rabbitmq_management\n rabbitmq_stomp\n rabbitmq_amqp1_0\n rabbitmq_mqtt\n amqp_client\n rabbitmq_web_dispatch\n cowboy\n cowlib\n rabbitmq_management_agent\n rabbit\n mnesia\n rabbit_common\n sysmon_handler\n os_mon\n amqp10_common", + "rabbitmq.log.pid": "<0.1398.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-12T10:00:53.550-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.level": "info", + "log.offset": 1100, + "message": "Stopping application 'rabbitmq_management'", + "rabbitmq.log.pid": "<0.1398.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-12T10:00:54.553-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.level": "warning", + "log.offset": 1185, + "message": "RabbitMQ HTTP listener registry could not find context rabbitmq_management_tls", + "rabbitmq.log.pid": "<0.490.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-12T10:00:54.555-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.level": "info", + "log.offset": 1308, + "message": "Application rabbitmq_management exited with reason: stopped", + "rabbitmq.log.pid": "<0.43.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-12T10:00:54.567-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.level": "info", + "log.offset": 1408, + "message": "Stopping application 'rabbit'", + "rabbitmq.log.pid": "<0.1398.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-12T10:00:54.567-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.level": "info", + "log.offset": 1480, + "message": "Peer discovery backend rabbit_peer_discovery_classic_config does not support registration, skipping unregistration.", + "rabbitmq.log.pid": "<0.286.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-12T10:00:54.568-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.level": "info", + "log.offset": 1637, + "message": "stopped TCP listener on 127.0.0.1:5672", + "rabbitmq.log.pid": "<0.419.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-12T10:00:54.569-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.level": "info", + "log.offset": 1717, + "message": "Closing all connections in vhost '/' on node 'rabbit@localhost' because the vhost is stopping", + "rabbitmq.log.pid": "<0.324.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-12T10:00:54.579-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.level": "info", + "log.offset": 1852, + "message": "Stopping message store for directory '/usr/local/var/lib/rabbitmq/mnesia/rabbit@localhost/msg_stores/vhosts/628WB79CIFDYO9LJI6DKMI09L/msg_store_persistent'", + "rabbitmq.log.pid": "<0.374.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-12T10:00:54.588-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.level": "info", + "log.offset": 2049, + "message": "Message store for directory '/usr/local/var/lib/rabbitmq/mnesia/rabbit@localhost/msg_stores/vhosts/628WB79CIFDYO9LJI6DKMI09L/msg_store_persistent' is stopped", + "rabbitmq.log.pid": "<0.374.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-12T10:00:54.589-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.level": "info", + "log.offset": 2248, + "message": "Stopping message store for directory '/usr/local/var/lib/rabbitmq/mnesia/rabbit@localhost/msg_stores/vhosts/628WB79CIFDYO9LJI6DKMI09L/msg_store_transient'", + "rabbitmq.log.pid": "<0.371.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-12T10:00:54.598-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.level": "info", + "log.offset": 2444, + "message": "Message store for directory '/usr/local/var/lib/rabbitmq/mnesia/rabbit@localhost/msg_stores/vhosts/628WB79CIFDYO9LJI6DKMI09L/msg_store_transient' is stopped", + "rabbitmq.log.pid": "<0.371.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-12T10:00:54.606-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.level": "info", + "log.offset": 2642, + "message": "Application rabbit exited with reason: stopped", + "rabbitmq.log.pid": "<0.43.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-12T10:00:54.615-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.level": "info", + "log.offset": 2729, + "message": "Successfully stopped RabbitMQ and its dependencies", + "rabbitmq.log.pid": "<0.1398.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-12T10:00:54.615-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "info", + "log.offset": 2822, + "message": "Halting Erlang VM with the following applications:\n ranch\n ssl\n public_key\n sasl\n inets\n asn1\n crypto\n jsx\n xmerl\n recon\n lager\n goldrush\n compiler\n syntax_tools\n stdlib\n kernel", + "rabbitmq.log.pid": "<0.1398.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-12T10:01:01.031-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "info", + "log.offset": 3090, + "message": "Server startup complete; 6 plugins started.\n * rabbitmq_stomp\n * rabbitmq_management\n * rabbitmq_web_dispatch\n * rabbitmq_amqp1_0\n * rabbitmq_mqtt\n * rabbitmq_management_agent", + "rabbitmq.log.pid": "<0.8.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-12T10:11:15.094-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.level": "info", + "log.offset": 3305, + "message": "accepting AMQP connection <0.1345.0> (127.0.0.1:64875 -> 127.0.0.1:5672)", + "rabbitmq.log.pid": "<0.1345.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-12T10:11:15.101-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.level": "info", + "log.offset": 3420, + "message": "connection <0.1345.0> (127.0.0.1:64875 -> 127.0.0.1:5672): user 'guest' authenticated and granted access to vhost '/'", + "rabbitmq.log.pid": "<0.1345.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-12T10:19:14.450-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "error", + "log.offset": 3580, + "message": "Error on AMQP connection <0.1345.0> (127.0.0.1:64875 -> 127.0.0.1:5672, vhost: '/', user: 'guest', state: running), channel 0:\n operation none caused a connection exception connection_forced: [240,159,145,\n 139,240,159,\n 143,190,240,\n 159,144,135,\n 240,159,164,\n 163]", + "rabbitmq.log.pid": "<0.1345.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-12T10:19:14.450-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.level": "info", + "log.offset": 4211, + "message": "Closing connection <0.1345.0> because <<240,159,145,139,240,159,143,190,240,159,144,135,240,159,164,163>>", + "rabbitmq.log.pid": "<0.1902.0>", + "service.type": "rabbitmq" + }, + { + "@timestamp": "2019-04-12T10:19:14.451-02:00", + "event.dataset": "rabbitmq.log", + "event.kind": "event", + "event.module": "rabbitmq", + "event.timezone": "-02:00", + "fileset.name": "log", + "input.type": "log", + "log.level": "info", + "log.offset": 4359, + "message": "closing AMQP connection <0.1345.0> (127.0.0.1:64875 -> 127.0.0.1:5672, vhost: '/', user: 'guest')", + "rabbitmq.log.pid": "<0.1345.0>", + "service.type": "rabbitmq" + } +] \ No newline at end of file diff --git a/filebeat/module/suricata/README.md b/filebeat/module/suricata/README.md new file mode 100644 index 00000000000..402f37f4982 --- /dev/null +++ b/filebeat/module/suricata/README.md @@ -0,0 +1,43 @@ +# Suricata module + +## Caveats + +* Original Suricata event shoved as is `suricata.eve.` + +## How to try the module from source + +Build Filebeat + +``` +cd x-pack/filebeat +make mage +mage build update +./filebeat setup --modules=suricata -e -d "*" -c filebeat.yml -E 'setup.dashboards.directory=build/kibana' +``` + +Install Suricata (for MacOS with Brew) + +``` +brew install suricata --with-jansson +``` + +Configure it to generate the EVE JSON log. Edit `/usr/local/etc/suricata/suricata.yaml` and set + +``` +- eve-log: + enabled: yes +``` + +Start Suricata + +``` +sudo suricata -i en0 # optionally more -i en1 -i en2... +``` + +Start the Suricata Filebeat module + +``` +./filebeat --modules=suricata -e -d "*" -c filebeat.yml +``` + +You can look for the Suricata saved searches and dashboards in Kibana. diff --git a/filebeat/module/suricata/_meta/config.yml b/filebeat/module/suricata/_meta/config.yml new file mode 100644 index 00000000000..1556d5d0451 --- /dev/null +++ b/filebeat/module/suricata/_meta/config.yml @@ -0,0 +1,8 @@ +- module: suricata + # All logs + eve: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: diff --git a/filebeat/module/suricata/_meta/docs.asciidoc b/filebeat/module/suricata/_meta/docs.asciidoc new file mode 100644 index 00000000000..4cdff6aa3d2 --- /dev/null +++ b/filebeat/module/suricata/_meta/docs.asciidoc @@ -0,0 +1,59 @@ +[role="xpack"] + +:modulename: suricata +:has-dashboards: true + +== Suricata module + +This is a module to the Suricata IDS/IPS/NSM log. It parses logs that are in the +https://suricata.readthedocs.io/en/latest/output/eve/eve-json-format.html[ +Suricata Eve JSON format]. + +include::../include/what-happens.asciidoc[] + +include::../include/gs-link.asciidoc[] + +[float] +=== Compatibility + +This module has been developed against Suricata v4.0.4, but is expected to work +with other versions of Suricata. + +include::../include/configuring-intro.asciidoc[] + +This is an example of how to overwrite the default log file path. + +[source,yaml] +---- +- module: suricata + eve: + enabled: true + var.paths: ["/my/path/suricata.json"] +---- + +:fileset_ex: eve + +include::../include/config-option-intro.asciidoc[] + +[float] +==== `eve` log fileset settings + +include::../include/var-paths.asciidoc[] + +[float] +=== Example dashboard + +This module comes with sample dashboards. For example: + +[role="screenshot"] +image::./images/filebeat-suricata-events.png[] + +[role="screenshot"] +image::./images/filebeat-suricata-alerts.png[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: + diff --git a/filebeat/module/suricata/_meta/fields.yml b/filebeat/module/suricata/_meta/fields.yml new file mode 100644 index 00000000000..59cd3817df3 --- /dev/null +++ b/filebeat/module/suricata/_meta/fields.yml @@ -0,0 +1,10 @@ +- key: suricata + title: Suricata + description: > + Module for handling the EVE JSON logs produced by Suricata. + fields: + - name: suricata + type: group + description: > + Fields from the Suricata EVE log file. + fields: diff --git a/filebeat/module/suricata/_meta/kibana/7/dashboard/Filebeat-Suricata-Alert-Overview.json b/filebeat/module/suricata/_meta/kibana/7/dashboard/Filebeat-Suricata-Alert-Overview.json new file mode 100644 index 00000000000..c2c7d067e68 --- /dev/null +++ b/filebeat/module/suricata/_meta/kibana/7/dashboard/Filebeat-Suricata-Alert-Overview.json @@ -0,0 +1,786 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "1c2bcec0-86d1-11e8-b59d-21efb914e65c-ecs", + "title": "Top Alerting Hosts [Filebeat Suricata] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Top Alerting Hosts [Filebeat Suricata] ECS", + "type": "histogram" + } + }, + "id": "494fa290-86d2-11e8-b59d-21efb914e65c-ecs", + "type": "visualization", + "updated_at": "2018-11-07T22:56:23.933Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "1c2bcec0-86d1-11e8-b59d-21efb914e65c-ecs", + "title": "Top Alert Signatures [Filebeat Suricata] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Alert Signature", + "field": "suricata.eve.alert.signature", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Alert Category", + "field": "suricata.eve.alert.category", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Alert Signatures [Filebeat Suricata] ECS", + "type": "table" + } + }, + "id": "16033310-86d3-11e8-b59d-21efb914e65c-ecs", + "type": "visualization", + "updated_at": "2018-11-07T22:56:23.933Z", + "version": 1 + }, + { + "attributes": { + "columns": [ + "host.name", + "suricata.eve.flow_id", + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "source.geo.country_iso_code", + "destination.geo.country_iso_code" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "suricata.eve.event_type", + "negate": false, + "params": { + "query": "alert", + "type": "phrase" + }, + "type": "phrase", + "value": "alert" + }, + "query": { + "match": { + "suricata.eve.event_type": { + "query": "alert", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "event.module", + "negate": false, + "params": { + "query": "suricata", + "type": "phrase" + }, + "type": "phrase", + "value": "suricata" + }, + "query": { + "match": { + "event.module": { + "query": "suricata", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Alerts [Filebeat Suricata] ECS", + "version": 1 + }, + "id": "1c2bcec0-86d1-11e8-b59d-21efb914e65c-ecs", + "type": "search", + "updated_at": "2018-11-07T22:56:23.933Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "1c2bcec0-86d1-11e8-b59d-21efb914e65c-ecs", + "title": "Alert - Source Location [Filebeat Suricata] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "source.geo.location", + "isFilteredByCollar": true, + "mapCenter": [ + 0, + 0 + ], + "mapZoom": 2, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "colorSchema": "Yellow to Red", + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "baseLayersAreLoaded": {}, + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + }, + "selectedTmsLayer": { + "attribution": "\u003cp\u003e\u0026#169; \u003ca href=\"http://www.openstreetmap.org/copyright\"\u003eOpenStreetMap\u003c/a\u003e contributors | \u003ca href=\"https://www.elastic.co/elastic-maps-service\"\u003eElastic Maps Service\u003c/a\u003e\u003c/p\u003e\u0026#10;", + "id": "road_map", + "maxZoom": 18, + "minZoom": 0, + "subdomains": [], + "url": "https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree\u0026my_app_name=kibana\u0026my_app_version=6.3.0\u0026license=fc9de2c1-5f06-4080-8dd0-8a334171d89a" + }, + "tmsLayers": [ + { + "attribution": "\u003cp\u003e\u0026#169; \u003ca href=\"http://www.openstreetmap.org/copyright\"\u003eOpenStreetMap\u003c/a\u003e contributors | \u003ca href=\"https://www.elastic.co/elastic-maps-service\"\u003eElastic Maps Service\u003c/a\u003e\u003c/p\u003e\u0026#10;", + "id": "road_map", + "maxZoom": 18, + "minZoom": 0, + "subdomains": [], + "url": "https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree\u0026my_app_name=kibana\u0026my_app_version=6.3.0\u0026license=fc9de2c1-5f06-4080-8dd0-8a334171d89a" + } + ] + } + }, + "title": "Alert - Source Location [Filebeat Suricata] ECS", + "type": "tile_map" + } + }, + "id": "85fed080-86d7-11e8-b59d-21efb914e65c-ecs", + "type": "visualization", + "updated_at": "2018-11-07T22:56:23.933Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "1c2bcec0-86d1-11e8-b59d-21efb914e65c-ecs", + "title": "Alert - Destination Location [Filebeat Suricata] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "destination.geo.location", + "isFilteredByCollar": true, + "mapCenter": [ + 0, + 0 + ], + "mapZoom": 2, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "colorSchema": "Yellow to Red", + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "baseLayersAreLoaded": {}, + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + }, + "selectedTmsLayer": { + "attribution": "\u003cp\u003e\u0026#169; \u003ca href=\"http://www.openstreetmap.org/copyright\"\u003eOpenStreetMap\u003c/a\u003e contributors | \u003ca href=\"https://www.elastic.co/elastic-maps-service\"\u003eElastic Maps Service\u003c/a\u003e\u003c/p\u003e\u0026#10;", + "id": "road_map", + "maxZoom": 18, + "minZoom": 0, + "subdomains": [], + "url": "https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree\u0026my_app_name=kibana\u0026my_app_version=6.3.0\u0026license=fc9de2c1-5f06-4080-8dd0-8a334171d89a" + }, + "tmsLayers": [ + { + "attribution": "\u003cp\u003e\u0026#169; \u003ca href=\"http://www.openstreetmap.org/copyright\"\u003eOpenStreetMap\u003c/a\u003e contributors | \u003ca href=\"https://www.elastic.co/elastic-maps-service\"\u003eElastic Maps Service\u003c/a\u003e\u003c/p\u003e\u0026#10;", + "id": "road_map", + "maxZoom": 18, + "minZoom": 0, + "subdomains": [], + "url": "https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree\u0026my_app_name=kibana\u0026my_app_version=6.3.0\u0026license=fc9de2c1-5f06-4080-8dd0-8a334171d89a" + } + ] + } + }, + "title": "Alert - Destination Location [Filebeat Suricata] ECS", + "type": "tile_map" + } + }, + "id": "a09ca070-86d7-11e8-b59d-21efb914e65c-ecs", + "type": "visualization", + "updated_at": "2018-11-07T22:56:23.933Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "1c2bcec0-86d1-11e8-b59d-21efb914e65c-ecs", + "title": "Alerts - Top Destination Countries [Filebeat Suricata] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Country", + "field": "destination.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 5, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Alerts - Top Destination Countries [Filebeat Suricata] ECS", + "type": "table" + } + }, + "id": "2ccdc1a0-86d8-11e8-b59d-21efb914e65c-ecs", + "type": "visualization", + "updated_at": "2018-11-07T22:56:23.933Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "1c2bcec0-86d1-11e8-b59d-21efb914e65c-ecs", + "title": "Alerts - Top Source Countries [Filebeat Suricata] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Country", + "field": "source.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 5, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Alerts - Top Source Countries [Filebeat Suricata] ECS", + "type": "table" + } + }, + "id": "c7b8b8f0-86d8-11e8-b59d-21efb914e65c-ecs", + "type": "visualization", + "updated_at": "2018-11-07T22:56:23.933Z", + "version": 1 + }, + { + "attributes": { + "description": "Overview of the Suricata Alerts dashboard.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "1", + "w": 23, + "x": 0, + "y": 0 + }, + "id": "494fa290-86d2-11e8-b59d-21efb914e65c-ecs", + "panelIndex": "1", + "type": "visualization", + "version": "6.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 22, + "i": "2", + "w": 25, + "x": 23, + "y": 0 + }, + "id": "16033310-86d3-11e8-b59d-21efb914e65c-ecs", + "panelIndex": "2", + "type": "visualization", + "version": "6.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "3", + "w": 48, + "x": 0, + "y": 37 + }, + "id": "1c2bcec0-86d1-11e8-b59d-21efb914e65c-ecs", + "panelIndex": "3", + "type": "search", + "version": "6.3.0" + }, + { + "embeddableConfig": { + "mapCenter": [ + 38.548165423046584, + -6.328125000000001 + ], + "mapZoom": 2 + }, + "gridData": { + "h": 15, + "i": "4", + "w": 23, + "x": 0, + "y": 22 + }, + "id": "85fed080-86d7-11e8-b59d-21efb914e65c-ecs", + "panelIndex": "4", + "type": "visualization", + "version": "6.3.0" + }, + { + "embeddableConfig": { + "mapCenter": [ + 41.77131167976407, + 1.9335937500000002 + ], + "mapZoom": 2 + }, + "gridData": { + "h": 15, + "i": "5", + "w": 25, + "x": 23, + "y": 22 + }, + "id": "a09ca070-86d7-11e8-b59d-21efb914e65c-ecs", + "panelIndex": "5", + "type": "visualization", + "version": "6.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "7", + "w": 12, + "x": 11, + "y": 10 + }, + "id": "2ccdc1a0-86d8-11e8-b59d-21efb914e65c-ecs", + "panelIndex": "7", + "type": "visualization", + "version": "6.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "8", + "w": 11, + "x": 0, + "y": 10 + }, + "id": "c7b8b8f0-86d8-11e8-b59d-21efb914e65c-ecs", + "panelIndex": "8", + "type": "visualization", + "version": "6.3.0" + } + ], + "timeRestore": false, + "title": "[Filebeat Suricata] Alert Overview ECS", + "version": 1 + }, + "id": "05268ee0-86d1-11e8-b59d-21efb914e65c-ecs", + "type": "dashboard", + "updated_at": "2018-11-07T22:56:23.933Z", + "version": 1 + } + ], + "version": "6.4.3" +} diff --git a/filebeat/module/suricata/_meta/kibana/7/dashboard/Filebeat-Suricata-Overview.json b/filebeat/module/suricata/_meta/kibana/7/dashboard/Filebeat-Suricata-Overview.json new file mode 100644 index 00000000000..0ef910161a7 --- /dev/null +++ b/filebeat/module/suricata/_meta/kibana/7/dashboard/Filebeat-Suricata-Overview.json @@ -0,0 +1,919 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "13dd22f0-86cc-11e8-b59d-21efb914e65c-ecs", + "title": "Activity Types over Time [Filebeat Suricata] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "suricata.eve.event_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Activity Types over Time [Filebeat Suricata] ECS", + "type": "histogram" + } + }, + "id": "c7d46c60-86da-11e8-b59d-21efb914e65c-ecs", + "type": "visualization", + "updated_at": "2018-11-07T22:56:24.962Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "13dd22f0-86cc-11e8-b59d-21efb914e65c-ecs", + "title": "Event Types [Filebeat Suricata] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "suricata.eve.event_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "bottom", + "type": "pie" + }, + "title": "Event Types [Filebeat Suricata] ECS", + "type": "pie" + } + }, + "id": "0a0aa630-86db-11e8-b59d-21efb914e65c-ecs", + "type": "visualization", + "updated_at": "2018-11-07T22:56:24.962Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "13dd22f0-86cc-11e8-b59d-21efb914e65c-ecs", + "title": "Top Application Protocols [Filebeat Suricata] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.protocol", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "bottom", + "type": "pie" + }, + "title": "Top Application Protocols [Filebeat Suricata] ECS", + "type": "pie" + } + }, + "id": "728f64c0-86db-11e8-b59d-21efb914e65c-ecs", + "type": "visualization", + "updated_at": "2018-11-07T22:56:24.962Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "13dd22f0-86cc-11e8-b59d-21efb914e65c-ecs", + "title": "Top Hosts Generating Events [Filebeat Suricata] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Top Hosts Generating Events [Filebeat Suricata] ECS", + "type": "histogram" + } + }, + "id": "9d5b5b50-86db-11e8-b59d-21efb914e65c-ecs", + "type": "visualization", + "updated_at": "2018-11-07T22:56:24.962Z", + "version": 1 + }, + { + "attributes": { + "columns": [ + "host.name", + "suricata.eve.event_type", + "suricata.eve.flow_id", + "network.transport", + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "destination.geo.region_name", + "destination.geo.country_iso_code" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "suricata.eve.event_type", + "negate": true, + "params": { + "query": "stats", + "type": "phrase" + }, + "type": "phrase", + "value": "stats" + }, + "query": { + "match": { + "suricata.eve.event_type": { + "query": "stats", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "event.module", + "negate": false, + "params": { + "query": "suricata", + "type": "phrase" + }, + "type": "phrase", + "value": "suricata" + }, + "query": { + "match": { + "event.module": { + "query": "suricata", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Events [Filebeat Suricata] ECS", + "version": 1 + }, + "id": "13dd22f0-86cc-11e8-b59d-21efb914e65c-ecs", + "type": "search", + "updated_at": "2018-11-07T22:56:24.962Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "13dd22f0-86cc-11e8-b59d-21efb914e65c-ecs", + "title": "Top Connection Source Countries [Filebeat Suricata] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Top Connection Source Countries", + "field": "source.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear", + "showLabel": true + }, + "title": "Top Connection Source Countries [Filebeat Suricata] ECS", + "type": "tagcloud" + } + }, + "id": "5f99eb50-86dc-11e8-b59d-21efb914e65c-ecs", + "type": "visualization", + "updated_at": "2018-11-07T22:56:24.962Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "13dd22f0-86cc-11e8-b59d-21efb914e65c-ecs", + "title": "Top Connection Destination Countries [Filebeat Suricata] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Top Connection Destination Countries", + "field": "destination.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear", + "showLabel": true + }, + "title": "Top Connection Destination Countries [Filebeat Suricata] ECS", + "type": "tagcloud" + } + }, + "id": "8e7f88d0-86dc-11e8-b59d-21efb914e65c-ecs", + "type": "visualization", + "updated_at": "2018-11-07T22:56:24.962Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchId": "13dd22f0-86cc-11e8-b59d-21efb914e65c-ecs", + "title": "Top Network Protocols [Filebeat Suricata] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "bottom", + "type": "pie" + }, + "title": "Top Network Protocols [Filebeat Suricata] ECS", + "type": "pie" + } + }, + "id": "0a363820-86dd-11e8-b59d-21efb914e65c-ecs", + "type": "visualization", + "updated_at": "2018-11-07T22:56:24.962Z", + "version": 1 + }, + { + "attributes": { + "columns": [ + "host.name", + "suricata.eve.stats.detect.alert", + "suricata.eve.stats.app_layer.flow.dns_udp", + "suricata.eve.stats.app_layer.flow.tls", + "suricata.eve.stats.app_layer.flow.http", + "suricata.eve.stats.app_layer.flow.ssh", + "suricata.eve.stats.tcp.sessions" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "suricata.eve.event_type", + "negate": false, + "params": { + "query": "stats", + "type": "phrase" + }, + "type": "phrase", + "value": "stats" + }, + "query": { + "match": { + "suricata.eve.event_type": { + "query": "stats", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "event.module", + "negate": false, + "params": { + "query": "suricata", + "type": "phrase" + }, + "type": "phrase", + "value": "suricata" + }, + "query": { + "match": { + "event.module": { + "query": "suricata", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Host Stats [Filebeat Suricata] ECS", + "version": 1 + }, + "id": "d57a2db0-86ca-11e8-b59d-21efb914e65c-ecs", + "type": "search", + "updated_at": "2018-11-07T22:56:24.962Z", + "version": 1 + }, + { + "attributes": { + "description": "Overview of the Surcata events dashboard.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "1", + "w": 48, + "x": 0, + "y": 0 + }, + "id": "c7d46c60-86da-11e8-b59d-21efb914e65c-ecs", + "panelIndex": "1", + "type": "visualization", + "version": "6.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "2", + "w": 9, + "x": 0, + "y": 20 + }, + "id": "0a0aa630-86db-11e8-b59d-21efb914e65c-ecs", + "panelIndex": "2", + "type": "visualization", + "version": "6.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "3", + "w": 11, + "x": 19, + "y": 20 + }, + "id": "728f64c0-86db-11e8-b59d-21efb914e65c-ecs", + "panelIndex": "3", + "type": "visualization", + "version": "6.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "4", + "w": 48, + "x": 0, + "y": 10 + }, + "id": "9d5b5b50-86db-11e8-b59d-21efb914e65c-ecs", + "panelIndex": "4", + "type": "visualization", + "version": "6.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 19, + "i": "5", + "w": 48, + "x": 0, + "y": 34 + }, + "id": "13dd22f0-86cc-11e8-b59d-21efb914e65c-ecs", + "panelIndex": "5", + "type": "search", + "version": "6.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "6", + "w": 9, + "x": 30, + "y": 20 + }, + "id": "5f99eb50-86dc-11e8-b59d-21efb914e65c-ecs", + "panelIndex": "6", + "type": "visualization", + "version": "6.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "7", + "w": 9, + "x": 39, + "y": 20 + }, + "id": "8e7f88d0-86dc-11e8-b59d-21efb914e65c-ecs", + "panelIndex": "7", + "type": "visualization", + "version": "6.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "8", + "w": 10, + "x": 9, + "y": 20 + }, + "id": "0a363820-86dd-11e8-b59d-21efb914e65c-ecs", + "panelIndex": "8", + "type": "visualization", + "version": "6.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "9", + "w": 48, + "x": 0, + "y": 53 + }, + "id": "d57a2db0-86ca-11e8-b59d-21efb914e65c-ecs", + "panelIndex": "9", + "type": "search", + "version": "6.3.0" + } + ], + "timeRestore": false, + "title": "[Filebeat Suricata] Events Overview ECS", + "version": 1 + }, + "id": "78289c40-86da-11e8-b59d-21efb914e65c-ecs", + "type": "dashboard", + "updated_at": "2018-11-07T22:56:24.962Z", + "version": 1 + } + ], + "version": "6.4.3" +} diff --git a/filebeat/module/suricata/eve/_meta/fields.yml b/filebeat/module/suricata/eve/_meta/fields.yml new file mode 100644 index 00000000000..7529cba1b52 --- /dev/null +++ b/filebeat/module/suricata/eve/_meta/fields.yml @@ -0,0 +1,736 @@ +- name: eve + type: group + description: > + Fields exported by the EVE JSON logs + fields: + - name: event_type + type: keyword + + - name: app_proto_orig + type: keyword + + - name: tcp + type: group + fields: + - name: tcp_flags + type: keyword + + - name: psh + type: boolean + + - name: tcp_flags_tc + type: keyword + + - name: ack + type: boolean + + - name: syn + type: boolean + + - name: state + type: keyword + + - name: tcp_flags_ts + type: keyword + + - name: rst + type: boolean + + - name: fin + type: boolean + + - name: fileinfo + type: group + fields: + - name: sha1 + type: keyword + + - name: filename + type: alias + path: file.path + + - name: tx_id + type: long + + - name: state + type: keyword + + - name: stored + type: boolean + + - name: gaps + type: boolean + + - name: sha256 + type: keyword + + - name: md5 + type: keyword + + - name: size + type: alias + path: file.size + + - name: icmp_type + type: long + + - name: dest_port + type: alias + path: destination.port + + - name: src_port + type: alias + path: source.port + + - name: proto + type: alias + path: network.transport + + - name: pcap_cnt + type: long + + - name: src_ip + type: alias + path: source.ip + + - name: dns + type: group + fields: + - name: type + type: keyword + + - name: rrtype + type: keyword + + - name: rrname + type: keyword + + - name: rdata + type: keyword + + - name: tx_id + type: long + + - name: ttl + type: long + + - name: rcode + type: keyword + + - name: id + type: long + + - name: flow_id + type: keyword + + - name: email + type: group + fields: + - name: status + type: keyword + + - name: dest_ip + type: alias + path: destination.ip + + - name: icmp_code + type: long + + - name: http + type: group + fields: + - name: status + type: alias + path: http.response.status_code + + - name: redirect + type: keyword + + - name: http_user_agent + type: alias + path: user_agent.original + + - name: protocol + type: keyword + + - name: http_refer + type: alias + path: http.request.referrer + + - name: url + type: alias + path: url.original + + - name: hostname + type: alias + path: url.domain + + - name: length + type: alias + path: http.response.body.bytes + + - name: http_method + type: alias + path: http.request.method + + - name: http_content_type + type: keyword + + - name: timestamp + type: alias + path: '@timestamp' + + - name: in_iface + type: keyword + + - name: alert + type: group + fields: + - name: category + type: keyword + + - name: severity + type: alias + path: event.severity + + - name: rev + type: long + + - name: gid + type: long + + - name: signature + type: keyword + + - name: action + type: alias + path: event.outcome + + - name: signature_id + type: long + + - name: ssh + type: group + fields: + - name: client + type: group + fields: + - name: proto_version + type: keyword + + - name: software_version + type: keyword + + - name: server + type: group + fields: + - name: proto_version + type: keyword + + - name: software_version + type: keyword + + - name: stats + type: group + fields: + - name: capture + type: group + fields: + - name: kernel_packets + type: long + + - name: kernel_drops + type: long + + - name: kernel_ifdrops + type: long + + - name: uptime + type: long + + - name: detect + type: group + fields: + - name: alert + type: long + + - name: http + type: group + fields: + - name: memcap + type: long + + - name: memuse + type: long + + - name: file_store + type: group + fields: + - name: open_files + type: long + + - name: defrag + type: group + fields: + - name: max_frag_hits + type: long + + - name: ipv4 + type: group + fields: + - name: timeouts + type: long + + - name: fragments + type: long + + - name: reassembled + type: long + + - name: ipv6 + type: group + fields: + - name: timeouts + type: long + + - name: fragments + type: long + + - name: reassembled + type: long + + - name: flow + type: group + fields: + - name: tcp_reuse + type: long + + - name: udp + type: long + + - name: memcap + type: long + + - name: emerg_mode_entered + type: long + + - name: emerg_mode_over + type: long + + - name: tcp + type: long + + - name: icmpv6 + type: long + + - name: icmpv4 + type: long + + - name: spare + type: long + + - name: memuse + type: long + + - name: tcp + type: group + fields: + - name: pseudo_failed + type: long + + - name: ssn_memcap_drop + type: long + + - name: insert_data_overlap_fail + type: long + + - name: sessions + type: long + + - name: pseudo + type: long + + - name: synack + type: long + + - name: insert_data_normal_fail + type: long + + - name: syn + type: long + + - name: memuse + type: long + + - name: invalid_checksum + type: long + + - name: segment_memcap_drop + type: long + + - name: overlap + type: long + + - name: insert_list_fail + type: long + + - name: rst + type: long + + - name: stream_depth_reached + type: long + + - name: reassembly_memuse + type: long + + - name: reassembly_gap + type: long + + - name: overlap_diff_data + type: long + + - name: no_flow + type: long + + - name: decoder + type: group + fields: + - name: avg_pkt_size + type: long + + - name: bytes + type: long + + - name: tcp + type: long + + - name: raw + type: long + + - name: ppp + type: long + + - name: vlan_qinq + type: long + + - name: 'null' + type: long + + - name: ltnull + type: group + fields: + - name: unsupported_type + type: long + + - name: pkt_too_small + type: long + + - name: invalid + type: long + + - name: gre + type: long + + - name: ipv4 + type: long + + - name: ipv6 + type: long + + - name: pkts + type: long + + - name: ipv6_in_ipv6 + type: long + + - name: ipraw + type: group + fields: + - name: invalid_ip_version + type: long + + - name: pppoe + type: long + + - name: udp + type: long + + - name: dce + type: group + fields: + - name: pkt_too_small + type: long + + - name: vlan + type: long + + - name: sctp + type: long + + - name: max_pkt_size + type: long + + - name: teredo + type: long + + - name: mpls + type: long + + - name: sll + type: long + + - name: icmpv6 + type: long + + - name: icmpv4 + type: long + + - name: erspan + type: long + + - name: ethernet + type: long + + - name: ipv4_in_ipv6 + type: long + + - name: ieee8021ah + type: long + + - name: dns + type: group + fields: + - name: memcap_global + type: long + + - name: memcap_state + type: long + + - name: memuse + type: long + + - name: flow_mgr + type: group + fields: + - name: rows_busy + type: long + + - name: flows_timeout + type: long + + - name: flows_notimeout + type: long + + - name: rows_skipped + type: long + + - name: closed_pruned + type: long + + - name: new_pruned + type: long + + - name: flows_removed + type: long + + - name: bypassed_pruned + type: long + + - name: est_pruned + type: long + + - name: flows_timeout_inuse + type: long + + - name: flows_checked + type: long + + - name: rows_maxlen + type: long + + - name: rows_checked + type: long + + - name: rows_empty + type: long + + - name: app_layer + type: group + fields: + - name: flow + type: group + fields: + - name: tls + type: long + + - name: ftp + type: long + + - name: http + type: long + + - name: failed_udp + type: long + + - name: dns_udp + type: long + + - name: dns_tcp + type: long + + - name: smtp + type: long + + - name: failed_tcp + type: long + + - name: msn + type: long + + - name: ssh + type: long + + - name: imap + type: long + + - name: dcerpc_udp + type: long + + - name: dcerpc_tcp + type: long + + - name: smb + type: long + + - name: tx + type: group + fields: + - name: tls + type: long + + - name: ftp + type: long + + - name: http + type: long + + - name: dns_udp + type: long + + - name: dns_tcp + type: long + + - name: smtp + type: long + + - name: ssh + type: long + + - name: dcerpc_udp + type: long + + - name: dcerpc_tcp + type: long + + - name: smb + type: long + + - name: tls + type: group + fields: + - name: notbefore + type: date + + - name: issuerdn + type: keyword + + - name: sni + type: keyword + + - name: version + type: keyword + + - name: session_resumed + type: boolean + + - name: fingerprint + type: keyword + + - name: serial + type: keyword + + - name: notafter + type: date + + - name: subject + type: keyword + + - name: app_proto_ts + type: keyword + + - name: flow + type: group + fields: + - name: bytes_toclient + type: alias + path: destination.bytes + + - name: start + type: alias + path: event.start + + - name: pkts_toclient + type: alias + path: destination.packets + + - name: age + type: long + + - name: state + type: keyword + + - name: bytes_toserver + type: alias + path: source.bytes + + - name: reason + type: keyword + + - name: pkts_toserver + type: alias + path: source.packets + + - name: end + type: date + + - name: alerted + type: boolean + + - name: app_proto + type: alias + path: network.protocol + + - name: tx_id + type: long + + - name: app_proto_tc + type: keyword + + - name: smtp + type: group + fields: + - name: rcpt_to + type: keyword + + - name: mail_from + type: keyword + + - name: helo + type: keyword + + - name: app_proto_expected + type: keyword + + - name: flags + type: group + fields: diff --git a/filebeat/module/suricata/eve/config/eve.yml b/filebeat/module/suricata/eve/config/eve.yml new file mode 100644 index 00000000000..780a68083bf --- /dev/null +++ b/filebeat/module/suricata/eve/config/eve.yml @@ -0,0 +1,405 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +processors: + - rename: + fields: + - {from: message, to: event.original} + - decode_json_fields: + fields: [event.original] + target: suricata.eve + - convert: + ignore_missing: true + ignore_failure: true + mode: rename + fields: + - {from: suricata.eve.src_ip, to: source.address} + - {from: suricata.eve.src_port, to: source.port, type: long} + - {from: suricata.eve.dest_ip, to: destination.address} + - {from: suricata.eve.dest_port, to: destination.port, type: long} + - {from: suricata.eve.proto, to: network.transport} + - convert: + ignore_missing: true + ignore_failure: true + mode: copy + fields: + - {from: source.address, to: source.ip, type: ip} + - {from: destination.address, to: destination.ip, type: ip} + - {from: '@timestamp', to: event.created} + - timestamp: + field: suricata.eve.timestamp + layouts: + - '2006-01-02T15:04:05.999999999Z0700' # ISO8601 + - drop_fields: + fields: + - suricata.eve.timestamp +{{ if .community_id }} + - community_id: +{{ end }} + - if: + equals: + suricata.eve.event_type: dns + then: + - convert: + ignore_missing: true + ignore_failure: true + mode: copy + fields: + - {from: suricata.eve.dns.id, to: dns.id, type: string} + - {from: suricata.eve.dns.rcode, to: dns.response_code} + - {from: suricata.eve.dns.type, to: dns.type} + - convert: + when.equals.dns.type: query + ignore_missing: true + ignore_failure: true + mode: copy + fields: + - {from: suricata.eve.dns.rrname, to: dns.question.name} + - {from: suricata.eve.dns.rrtype, to: dns.question.type} + - if: + and: + - equals.dns.type: answer + - equals.suricata.eve.dns.version: 2 + then: + - convert: + ignore_missing: true + ignore_failure: true + mode: copy + fields: + - {from: suricata.eve.dns.rrname, to: dns.question.name} + - {from: suricata.eve.dns.rrtype, to: dns.question.type} + - registered_domain: + ignore_missing: true + ignore_failure: true + field: dns.question.name + target_field: dns.question.registered_domain + - script: + id: eve_process + lang: javascript + source: >- + function addEcsCategorization(evt) { + var event_type = evt.Get("suricata.eve.event_type"); + if (event_type == null) { + return; + } + var catArray = []; + var typeArray = []; + evt.Put("suricata.eve.event_type", event_type.toLowerCase()); + switch (event_type.toLowerCase()) { + case "alert": + evt.Put("event.kind", "alert"); + catArray.push("network"); + catArray.push("intrusion_detection"); + break; + case "anomaly": + evt.Put("event.kind", "event"); + catArray.push("network"); + break; + case "http": + evt.Put("event.kind", "event"); + catArray.push("network"); + catArray.push("web"); + typeArray.push("access"); + typeArray.push("protocol"); + evt.Put("network.protocol", "http"); + var status = evt.Get("suricata.eve.http.status"); + if (status == null) { + break; + } + if (status < 400) { + evt.Put("event.outcome", "success"); + } + if (status >= 400 ) { + evt.Put("event.outcome", "failure"); + } + break; + case "dns": + evt.Put("event.kind", "event"); + catArray.push("network"); + typeArray.push("protocol"); + evt.Put("network.protocol", "dns"); + break; + case "ftp": + evt.Put("event.kind", "event"); + catArray.push("network"); + typeArray.push("protocol"); + evt.Put("network.protocol", "ftp"); + break; + case "ftp_data": + evt.Put("event.kind", "event"); + catArray.push("network"); + typeArray.push("protocol"); + evt.Put("network.protocol", "ftp"); + break; + case "tls": + evt.Put("event.kind", "event"); + catArray.push("network"); + typeArray.push("protocol"); + evt.Put("network.protocol", "tls"); + break; + case "tftp": + evt.Put("event.kind", "event"); + catArray.push("network"); + typeArray.push("protocol"); + evt.Put("network.protocol", "tftp"); + break; + case "smb": + evt.Put("event.kind", "event"); + catArray.push("network"); + typeArray.push("protocol"); + evt.Put("network.protocol", "smb"); + break; + case "ssh": + evt.Put("event.kind", "event"); + catArray.push("network"); + typeArray.push("protocol"); + evt.Put("network.protocol", "ssh"); + break; + case "flow": + evt.Put("event.kind", "event"); + catArray.push("network"); + typeArray.push("connection"); + var state = evt.Get("suricata.eve.flow.state"); + if (state == null) { + break; + } + switch (state) { + case "new": + typeArray.push("start"); + break; + case "closed": + typeArray.push("end"); + break; + } + break; + case "rdp": + evt.Put("event.kind", "event"); + catArray.push("network"); + typeArray.push("protocol"); + evt.Put("network.protocol", "rdp"); + break; + case "stats": + evt.Put("event.kind", "metric"); + break; + default: + evt.Put("event.kind", "event"); + catArray.push("network"); + } + if (catArray.length > 0) { + evt.Put("event.category", catArray); + } + if (typeArray.length > 0) { + evt.Put("event.type", typeArray); + } + } + function setDnsV1Answers(evt) { + var dns_type = evt.Get("dns.type") + if (dns_type != "answer") { + return; + } + var version = evt.Get("suricata.eve.dns.version") + if (version == "2") { + return; + } + var name = evt.Get("suricata.eve.dns.rrname"); + var data = evt.Get("suricata.eve.dns.rdata"); + var type = evt.Get("suricata.eve.dns.rrtype"); + var ttl = evt.Get("suricata.eve.dns.ttl"); + var answer = {}; + if (name) { + answer.name = name; + } + if (data) { + answer.data = data; + } + if (type) { + answer.type = type; + } + if (ttl) { + answer.ttl = ttl; + } + if (Object.keys(answer).length === 0) { + return; + } + evt.Put("dns.answers", [answer]); + } + function addDnsV2Answers(evt) { + var type = evt.Get("dns.type") + if (type != "answer") { + return; + } + var version = evt.Get("suricata.eve.dns.version") + if (version != 2) { + return; + } + var answers = evt.Get("suricata.eve.dns.answers"); + if (!answers) { + return; + } + evt.Delete("suricata.eve.dns.answers"); + var resolvedIps = []; + for (var i = 0; i < answers.length; i++) { + var answer = answers[i]; + + // Rename properties. + var name = answer["rrname"]; + delete answer["rrname"]; + var type = answer["rrtype"]; + delete answer["rrtype"]; + var data = answer["rdata"]; + delete answer["rdata"]; + + answer["name"] = name; + answer["type"] = type; + answer["data"] = data; + + // Append IP addresses to dns.resolved_ip. + if (type === "A" || type === "AAAA") { + resolvedIps.push(data); + } + } + evt.Put("dns.answers", answers); + if (resolvedIps.length > 0) { + evt.Put("dns.resolved_ip", resolvedIps); + } + } + function addDnsV2HeaderFlags(evt) { + var type = evt.Get("dns.type") + if (type != "answer") { + return; + } + var version = evt.Get("suricata.eve.dns.version") + if (version != 2) { + return; + } + var flag = evt.Get("suricata.eve.dns.aa"); + if (flag === true) { + evt.AppendTo("dns.header_flags", "AA"); + } + + flag = evt.Get("suricata.eve.dns.tc"); + if (flag === true) { + evt.AppendTo("dns.header_flags", "TC"); + } + + flag = evt.Get("suricata.eve.dns.rd"); + if (flag === true) { + evt.AppendTo("dns.header_flags", "RD"); + } + + flag = evt.Get("suricata.eve.dns.ra"); + if (flag === true) { + evt.AppendTo("dns.header_flags", "RA"); + } + } + function addTopLevelDomain(evt) { + var rd = evt.Get("dns.question.registered_domain"); + if (rd == null) { + return; + } + var firstPeriod = rd.indexOf("."); + if (firstPeriod == -1) { + return; + } + evt.Put("dns.question.top_level_domain", rd.substr(firstPeriod + 1)); + } + function cleanupAppProto(evt) { + var proto = evt.Get("suricata.eve.app_proto"); + if (proto == null){ + return; + } + switch (proto.toLowerCase()) { + case "failed": + case "template": + case "template-rust": + break; + case "ftp-data": + evt.Put("network.protocol", "ftp"); + break; + default: + evt.Put("network.protocol", proto.toLowerCase()); + } + evt.Delete("suricata.eve.app_proto"); + } + function addRelatedIps(evt) { + var src_ip = evt.Get("source.ip"); + if (src_ip != null) { + evt.AppendTo("related.ip", src_ip); + } + var dst_ip = evt.Get("destination.ip"); + if (dst_ip != null) { + evt.AppendTo("related.ip", dst_ip); + } + } + function addTlsVersion(evt) { + var tls_version = evt.Get("suricata.eve.tls.version"); + if (tls_version == null) { + return; + } + var parts = tls_version.split(" "); + if (parts.length < 2) { + return; + } + evt.Put("tls.version_protocol", parts[0].toLowerCase()); + evt.Put("tls.version", parts[1]); + } + function cleanupTlsSni(evt) { + var sni = evt.Get("suricata.eve.tls.sni"); + if (sni == null) { + return; + } + if ("." == sni.charAt(sni.length - 1)) { + evt.Put("suricata.eve.tls.sni", sni.substring(0, sni.length - 1)); + } + } + function process(evt) { + var event_type = evt.Get("suricata.eve.event_type"); + + addEcsCategorization(evt); + if (event_type == "dns") { + setDnsV1Answers(evt); + addDnsV2Answers(evt); + addDnsV2HeaderFlags(evt); + addTopLevelDomain(evt); + } + cleanupAppProto(evt); + addRelatedIps(evt); + addTlsVersion(evt); + cleanupTlsSni(evt); + } + - if: + equals: + suricata.eve.event_type: tls + then: + - convert: + ignore_missing: true + ignore_failure: true + mode: copy + fields: + - {from: suricata.eve.tls.subject, to: tls.server.subject} + - {from: suricata.eve.tls.issuerdn, to: tls.server.issuer} + - {from: suricata.eve.tls.session_resumed, to: tls.resumed, type: boolean} + - {from: suricata.eve.tls.fingerprint, to: tls.server.hash.sha1} + - {from: suricata.eve.tls.sni, to: tls.client.server_name} + - {from: suricata.eve.tls.sni, to: destination.domain} + - {from: suricata.eve.tls.notbefore, to: tls.server.not_before} + - {from: suricata.eve.tls.notafter, to: tls.server.not_after} + - {from: suricata.eve.tls.ja3s, to: tls.server.ja3s} + - {from: suricata.eve.tls.certificate, to: tls.server.certificate} + - {from: suricata.eve.tls.chain, to: tls.server.certificate_chain} + - drop_fields: + ignore_missing: true + fields: + - suricata.eve.dns.aa + - suricata.eve.dns.tc + - suricata.eve.dns.rd + - suricata.eve.dns.ra + - suricata.eve.dns.qr + - suricata.eve.dns.version + - suricata.eve.dns.flags + - suricata.eve.dns.grouped diff --git a/filebeat/module/suricata/eve/ingest/pipeline.yml b/filebeat/module/suricata/eve/ingest/pipeline.yml new file mode 100644 index 00000000000..4da1873e26a --- /dev/null +++ b/filebeat/module/suricata/eve/ingest/pipeline.yml @@ -0,0 +1,244 @@ +--- +description: Pipeline for parsing Suricata EVE logs + +processors: + - lowercase: + field: suricata.eve.http.http_method + target_field: http.request.method + ignore_missing: true + - rename: + field: suricata.eve.http.status + target_field: http.response.status_code + ignore_missing: true + - append: + if: ctx.suricata?.eve?.http?.hostname != null + value: '{{suricata.eve.http.hostname}}' + field: destination.domain + - remove: + field: suricata.eve.http.hostname + ignore_failure: true + - script: + lang: painless + source: > + def domain = ctx.destination?.domain; + if (domain instanceof Collection) { + domain = domain.stream().distinct().collect(Collectors.toList()); + if (domain.length == 1) { + domain = domain[0]; + } + ctx.destination.domain = domain; + } + ignore_failure: true + - set: + if: "ctx?.destination?.domain != null && ctx?.network?.protocol == 'http'" + field: url.domain + value: '{{destination.domain}}' + - grok: + field: suricata.eve.http.url + patterns: + - '%{PATH:url.path}(?:\?%{QUERY:url.query})?(?:#%{ANY:url.fragment})?' + ignore_missing: true + pattern_definitions: + PATH: '[^?#]*' + QUERY: '[^#]*' + ANY: '.*' + - rename: + field: suricata.eve.http.url + target_field: url.original + ignore_missing: true + - rename: + field: suricata.eve.http.http_refer + target_field: http.request.referrer + ignore_missing: true + - rename: + field: suricata.eve.http.length + target_field: http.response.body.bytes + ignore_missing: true + - rename: + field: suricata.eve.fileinfo.filename + target_field: file.path + ignore_missing: true + - rename: + field: suricata.eve.fileinfo.size + target_field: file.size + ignore_missing: true + - lowercase: + field: network.transport + ignore_missing: true + - convert: + field: suricata.eve.alert.category + target_field: message + type: string + ignore_missing: true + - set: + field: rule.category + value: "{{suricata.eve.alert.category}}" + if: "ctx?.suricata?.eve?.alert?.category != null" + - set: + field: rule.id + value: "{{suricata.eve.alert.signature_id}}" + if: "ctx?.suricata?.eve?.alert?.signature_id != null" + - set: + field: rule.name + value: "{{suricata.eve.alert.signature}}" + if: "ctx?.suricata?.eve?.alert?.signature != null" + - set: + field: suricata.eve.alert.action + value: denied + if: "ctx?.suricata?.eve?.alert?.action == 'blocked'" + - append: + field: event.type + value: "{{suricata.eve.alert.action}}" + if: "ctx?.suricata?.eve?.alert?.action != null" + - remove: + field: suricata.eve.alert.action + ignore_failure: true + - rename: + field: suricata.eve.alert.severity + target_field: event.severity + ignore_missing: true + - rename: + field: suricata.eve.flow.pkts_toclient + target_field: destination.packets + ignore_missing: true + - rename: + field: suricata.eve.flow.pkts_toserver + target_field: source.packets + ignore_missing: true + - rename: + field: suricata.eve.flow.bytes_toclient + target_field: destination.bytes + ignore_missing: true + - rename: + field: suricata.eve.flow.bytes_toserver + target_field: source.bytes + ignore_missing: true + - script: + lang: painless + source: > + long getOrZero(def map, def key) { + if (map!=null && map[key]!=null) { + return map[key]; + } + return 0; + } + def network=ctx['network'], source=ctx['source'], dest=ctx['destination']; + def sp=getOrZero(source,'packets'), sb=getOrZero(source,'bytes'), dp=getOrZero(dest,'packets'), db=getOrZero(dest,'bytes'); + if (sb+db+sp+dp > 0) { + if (network == null) { + network=new HashMap(); + ctx['network']=network; + } + if (sb+db > 0) { + network['bytes'] = sb+db; + } + if(sp+dp>0) { + network['packets'] = sp+dp; + } + } + - date: + field: suricata.eve.flow.start + target_field: event.start + formats: + - ISO8601 + ignore_failure: true + - date: + field: suricata.eve.flow.end + target_field: event.end + formats: + - ISO8601 + ignore_failure: true + - script: + lang: painless + source: > + Instant ins(def d) { + try { + return Instant.parse(d); + } catch(Exception e) { + return null; + } + } + def ev = ctx['event']; + if (ev != null) { + def start = ins(ev['start']); + def end = ins(ev['end']); + if (start != null && end != null && !start.isAfter(end)) { + ev['duration'] = Duration.between(start,end).toNanos(); + } + } + - lowercase: + field: suricata.eve.proto + target_field: network.transport + ignore_missing: true + - user_agent: + field: suricata.eve.http.http_user_agent + ignore_missing: true + - geoip: + if: ctx.source?.geo == null + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + if: ctx.destination?.geo == null + field: destination.ip + target_field: destination.geo + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + - uppercase: + field: tls.server.hash.sha1 + ignore_missing: true + - split: + field: tls.server.hash.sha1 + separator: ":" + ignore_missing: true + - join: + field: tls.server.hash.sha1 + separator: "" + ignore_failure: true + - append: + field: related.hash + value: "{{tls.server.hash.sha1}}" + if: "ctx?.tls?.server?.hash?.sha1 != null" + - remove: + field: + - suricata.eve.app_proto + - suricata.eve.flow.end + - suricata.eve.flow.start + - suricata.eve.http.http_method + - suricata.eve.http.http_user_agent + ignore_missing: true +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/suricata/eve/manifest.yml b/filebeat/module/suricata/eve/manifest.yml new file mode 100644 index 00000000000..804dc96bed9 --- /dev/null +++ b/filebeat/module/suricata/eve/manifest.yml @@ -0,0 +1,25 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/suricata/eve.json + os.darwin: + - /usr/local/var/log/suricata/eve.json + os.windows: + - 'c:/program files/suricata/log/eve.json' + - name: tags + default: [suricata] + - name: community_id + default: true + + # - name: nested_ecs + # default: false +ingest_pipeline: ingest/pipeline.yml +input: config/eve.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip +- name: user_agent + plugin: ingest-user-agent diff --git a/filebeat/module/suricata/eve/test/eve-alerts.log b/filebeat/module/suricata/eve/test/eve-alerts.log new file mode 100644 index 00000000000..81bc39dbf4f --- /dev/null +++ b/filebeat/module/suricata/eve/test/eve-alerts.log @@ -0,0 +1,20 @@ +{"timestamp":"2018-10-03T14:42:44.836744+0000","flow_id":2191386088856669,"in_iface":"enp0s3","event_type":"alert","src_ip":"192.168.1.146","src_port":32858,"dest_ip":"93.184.216.34","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013028,"rev":4,"signature":"ET POLICY curl User-Agent Outbound","category":"Attempted Information Leak","severity":2},"http":{"hostname":"example.net","url":"\/","http_user_agent":"curl\/7.58.0","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1121},"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":347,"bytes_toclient":1654,"start":"2018-10-03T14:42:44.613469+0000"}} +{"timestamp":"2018-10-03T16:16:26.711841+0000","flow_id":678269478904081,"in_iface":"enp0s3","event_type":"alert","src_ip":"192.168.1.146","src_port":32864,"dest_ip":"93.184.216.34","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013028,"rev":4,"signature":"ET POLICY curl User-Agent Outbound","category":"Attempted Information Leak","severity":2},"http":{"hostname":"example.net","url":"\/","http_user_agent":"curl\/7.58.0","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1121},"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":347,"bytes_toclient":1654,"start":"2018-10-03T16:16:26.467217+0000"}} +{"timestamp":"2018-10-03T16:44:50.813100+0000","flow_id":1170030461115650,"in_iface":"enp0s3","event_type":"alert","src_ip":"192.168.1.146","src_port":32870,"dest_ip":"93.184.216.34","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013028,"rev":4,"signature":"ET POLICY curl User-Agent Outbound","category":"Attempted Information Leak","severity":2},"http":{"hostname":"example.net","url":"\/","http_user_agent":"curl\/7.58.0","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1126},"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":347,"bytes_toclient":1654,"start":"2018-10-03T16:44:50.580866+0000"}} +{"timestamp":"2018-10-03T16:45:09.267308+0000","flow_id":49628113637132,"in_iface":"enp0s3","event_type":"alert","src_ip":"192.168.1.146","src_port":32872,"dest_ip":"93.184.216.34","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013028,"rev":4,"signature":"ET POLICY curl User-Agent Outbound","category":"Attempted Information Leak","severity":2},"http":{"hostname":"example.org","url":"\/","http_user_agent":"curl\/7.58.0","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1121},"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":347,"bytes_toclient":1654,"start":"2018-10-03T16:45:09.036620+0000"}} +{"timestamp":"2018-10-03T16:45:34.481113+0000","flow_id":116307482565223,"in_iface":"enp0s3","event_type":"alert","src_ip":"192.168.1.146","src_port":32876,"dest_ip":"93.184.216.34","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013028,"rev":4,"signature":"ET POLICY curl User-Agent Outbound","category":"Attempted Information Leak","severity":2},"http":{"hostname":"example.org","url":"\/","http_user_agent":"curl\/7.58.0","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1121},"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":347,"bytes_toclient":1654,"start":"2018-10-03T16:45:34.252519+0000"}} +{"timestamp":"2018-10-03T17:02:38.900976+0000","flow_id":1205867738178946,"in_iface":"enp0s3","event_type":"alert","src_ip":"192.168.1.146","src_port":32892,"dest_ip":"93.184.216.34","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013028,"rev":4,"signature":"ET POLICY curl User-Agent Outbound","category":"Attempted Information Leak","severity":2},"http":{"hostname":"example.org","url":"\/","http_user_agent":"curl\/7.58.0","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1126},"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":347,"bytes_toclient":1654,"start":"2018-10-03T17:02:38.599426+0000"}} +{"timestamp":"2018-10-04T09:34:59.009897+0000","flow_id":764842923400056,"in_iface":"enp0s3","event_type":"alert","src_ip":"192.168.1.146","src_port":37742,"dest_ip":"91.189.88.152","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"security.ubuntu.com","url":"\/ubuntu\/dists\/bionic-security\/InRelease","http_user_agent":"Debian APT-HTTP\/1.3 (1.6.3ubuntu0.1)","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1138},"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":497,"bytes_toclient":1654,"start":"2018-10-04T09:34:58.924536+0000"}} +{"timestamp":"2018-10-04T09:34:59.168340+0000","flow_id":112424506237238,"in_iface":"enp0s3","event_type":"alert","src_ip":"192.168.1.146","src_port":52340,"dest_ip":"91.189.91.23","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"archive.ubuntu.com","url":"\/ubuntu\/dists\/bionic\/InRelease","http_user_agent":"Debian APT-HTTP\/1.3 (1.6.3ubuntu0.1)","http_method":"GET","protocol":"HTTP\/1.1","status":304,"length":0},"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":487,"bytes_toclient":417,"start":"2018-10-04T09:34:58.926006+0000"}} +{"timestamp":"2018-10-04T09:34:59.288862+0000","flow_id":112424506237238,"in_iface":"enp0s3","event_type":"alert","src_ip":"192.168.1.146","src_port":52340,"dest_ip":"91.189.91.23","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"archive.ubuntu.com","url":"\/ubuntu\/dists\/bionic-updates\/InRelease","http_user_agent":"Debian APT-HTTP\/1.3 (1.6.3ubuntu0.1)","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":2601},"app_proto":"http","flow":{"pkts_toserver":6,"pkts_toclient":5,"bytes_toserver":842,"bytes_toclient":3445,"start":"2018-10-04T09:34:58.926006+0000"}} +{"timestamp":"2018-10-04T09:34:59.289324+0000","flow_id":764842923400056,"in_iface":"enp0s3","event_type":"alert","src_ip":"192.168.1.146","src_port":37742,"dest_ip":"91.189.88.152","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"security.ubuntu.com","url":"\/ubuntu\/dists\/bionic-security\/main\/source\/by-hash\/SHA256\/f5ec03d97ca76c98162d9233c8b7c578c52897e2136428277baf2e7b633a8e72","http_user_agent":"Debian APT-HTTP\/1.3 (1.6.3ubuntu0.1)","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1241},"app_proto":"http","flow":{"pkts_toserver":64,"pkts_toclient":62,"bytes_toserver":4810,"bytes_toclient":90543,"start":"2018-10-04T09:34:58.924536+0000"}} +{"timestamp":"2018-10-04T09:34:59.356132+0000","flow_id":764842923400056,"in_iface":"enp0s3","event_type":"alert","src_ip":"192.168.1.146","src_port":37742,"dest_ip":"91.189.88.152","dest_port":80,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"security.ubuntu.com","url":"\/ubuntu\/dists\/bionic-security\/main\/binary-amd64\/by-hash\/SHA256\/c5b8346a3221bc9a23a79ba4dc4e730a6319a77fc9d63872dfc56539a0810015","http_user_agent":"Debian APT-HTTP\/1.3 (1.6.3ubuntu0.1)","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":2687},"app_proto":"http","flow":{"pkts_toserver":87,"pkts_toclient":98,"bytes_toserver":6591,"bytes_toclient":145014,"start":"2018-10-04T09:34:58.924536+0000"}} +{"timestamp":"2018-10-04T09:34:59.456919+0000","flow_id":764842923400056,"in_iface":"enp0s3","event_type":"alert","src_ip":"192.168.1.146","src_port":37742,"dest_ip":"91.189.88.152","dest_port":80,"proto":"TCP","tx_id":3,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"security.ubuntu.com","url":"\/ubuntu\/dists\/bionic-security\/universe\/binary-amd64\/by-hash\/SHA256\/e5cc957139a25a0fee47cbf2c0fac8ad5cab50346d6a74abe031748924c5b558","http_user_agent":"Debian APT-HTTP\/1.3 (1.6.3ubuntu0.1)","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":2688},"app_proto":"http","flow":{"pkts_toserver":156,"pkts_toclient":221,"bytes_toserver":11460,"bytes_toclient":330525,"start":"2018-10-04T09:34:58.924536+0000"}} +{"timestamp":"2018-10-04T09:34:59.747122+0000","flow_id":112424506237238,"in_iface":"enp0s3","event_type":"alert","src_ip":"192.168.1.146","src_port":52340,"dest_ip":"91.189.91.23","dest_port":80,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"archive.ubuntu.com","url":"\/ubuntu\/dists\/bionic-backports\/InRelease","http_user_agent":"Debian APT-HTTP\/1.3 (1.6.3ubuntu0.1)","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":2601},"app_proto":"http","flow":{"pkts_toserver":64,"pkts_toclient":67,"bytes_toserver":4895,"bytes_toclient":96554,"start":"2018-10-04T09:34:58.926006+0000"}} +{"timestamp":"2018-10-04T09:34:59.953886+0000","flow_id":112424506237238,"in_iface":"enp0s3","event_type":"alert","src_ip":"192.168.1.146","src_port":52340,"dest_ip":"91.189.91.23","dest_port":80,"proto":"TCP","tx_id":3,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"archive.ubuntu.com","url":"\/ubuntu\/dists\/bionic-updates\/main\/source\/by-hash\/SHA256\/65f2e3a4e9d89d9d4b5e3d42e586bc96f48a24466b0ad0b4a707255e44a26b03","http_user_agent":"Debian APT-HTTP\/1.3 (1.6.3ubuntu0.1)","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":2687},"app_proto":"http","flow":{"pkts_toserver":91,"pkts_toclient":119,"bytes_toserver":6932,"bytes_toclient":174843,"start":"2018-10-04T09:34:58.926006+0000"}} +{"timestamp":"2018-10-04T09:35:00.250560+0000","flow_id":112424506237238,"in_iface":"enp0s3","event_type":"alert","src_ip":"192.168.1.146","src_port":52340,"dest_ip":"91.189.91.23","dest_port":80,"proto":"TCP","tx_id":4,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"archive.ubuntu.com","url":"\/ubuntu\/dists\/bionic-updates\/universe\/source\/by-hash\/SHA256\/56cfd9cc2efa61dff7428dddf921c3cd6047ab8e6484a7f1888e4c3f7252f1ef","http_user_agent":"Debian APT-HTTP\/1.3 (1.6.3ubuntu0.1)","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":2688},"app_proto":"http","flow":{"pkts_toserver":159,"pkts_toclient":253,"bytes_toserver":11679,"bytes_toclient":376452,"start":"2018-10-04T09:34:58.926006+0000"}} +{"timestamp":"2018-10-04T09:35:00.401788+0000","flow_id":112424506237238,"in_iface":"enp0s3","event_type":"alert","src_ip":"192.168.1.146","src_port":52340,"dest_ip":"91.189.91.23","dest_port":80,"proto":"TCP","tx_id":5,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"archive.ubuntu.com","url":"\/ubuntu\/dists\/bionic-updates\/main\/binary-amd64\/by-hash\/SHA256\/4360137dc8f98b47648da1fef5472ef234fb02115bc2b29873bcaeee62637e70","http_user_agent":"Debian APT-HTTP\/1.3 (1.6.3ubuntu0.1)","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":2687},"app_proto":"http","flow":{"pkts_toserver":190,"pkts_toclient":314,"bytes_toserver":13986,"bytes_toclient":468170,"start":"2018-10-04T09:34:58.926006+0000"}} +{"timestamp":"2018-10-04T09:35:00.776438+0000","flow_id":112424506237238,"in_iface":"enp0s3","event_type":"alert","src_ip":"192.168.1.146","src_port":52340,"dest_ip":"91.189.91.23","dest_port":80,"proto":"TCP","tx_id":6,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"archive.ubuntu.com","url":"\/ubuntu\/dists\/bionic-updates\/restricted\/binary-amd64\/by-hash\/SHA256\/c93fdc7f10cad1263349fd7b5bdd6a7f7163165b96ad263b3e12022e319d0d12","http_user_agent":"Debian APT-HTTP\/1.3 (1.6.3ubuntu0.1)","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":2691},"app_proto":"http","flow":{"pkts_toserver":328,"pkts_toclient":588,"bytes_toserver":23361,"bytes_toclient":880323,"start":"2018-10-04T09:34:58.926006+0000"}} +{"timestamp":"2018-10-04T09:35:00.897009+0000","flow_id":112424506237238,"in_iface":"enp0s3","event_type":"alert","src_ip":"192.168.1.146","src_port":52340,"dest_ip":"91.189.91.23","dest_port":80,"proto":"TCP","tx_id":7,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"archive.ubuntu.com","url":"\/ubuntu\/dists\/bionic-updates\/universe\/binary-amd64\/by-hash\/SHA256\/5190f7afbee38b3cb32225db478fdbabd46f76eaa9c5921a13091891bf3e9bbc","http_user_agent":"Debian APT-HTTP\/1.3 (1.6.3ubuntu0.1)","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":2687},"app_proto":"http","flow":{"pkts_toserver":330,"pkts_toclient":591,"bytes_toserver":23758,"bytes_toclient":884342,"start":"2018-10-04T09:34:58.926006+0000"}} +{"timestamp":"2018-10-04T09:35:01.362208+0000","flow_id":112424506237238,"in_iface":"enp0s3","event_type":"alert","src_ip":"192.168.1.146","src_port":52340,"dest_ip":"91.189.91.23","dest_port":80,"proto":"TCP","tx_id":8,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"archive.ubuntu.com","url":"\/ubuntu\/dists\/bionic-updates\/universe\/i18n\/by-hash\/SHA256\/9fe539b7036e51327cd85ca5e0a4dd4eb47f69168875de2ac9842a5e36ebd4a4","http_user_agent":"Debian APT-HTTP\/1.3 (1.6.3ubuntu0.1)","http_method":"GET","protocol":"HTTP\/1.1","length":0},"app_proto":"http","flow":{"pkts_toserver":524,"pkts_toclient":979,"bytes_toserver":36819,"bytes_toclient":1467603,"start":"2018-10-04T09:34:58.926006+0000"}} +{"timestamp":"2018-10-04T09:35:01.575088+0000","flow_id":112424506237238,"in_iface":"enp0s3","event_type":"alert","src_ip":"192.168.1.146","src_port":52340,"dest_ip":"91.189.91.23","dest_port":80,"proto":"TCP","tx_id":9,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"archive.ubuntu.com","url":"\/ubuntu\/dists\/bionic-updates\/multiverse\/binary-amd64\/by-hash\/SHA256\/8ab8cb220c0e50521c589acc2bc2b43a3121210f0b035a0605972bcffd73dd16","http_user_agent":"Debian APT-HTTP\/1.3 (1.6.3ubuntu0.1)","http_method":"GET","protocol":"HTTP\/1.1","length":0},"app_proto":"http","flow":{"pkts_toserver":575,"pkts_toclient":1079,"bytes_toserver":40452,"bytes_toclient":1618380,"start":"2018-10-04T09:34:58.926006+0000"}} diff --git a/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json b/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json new file mode 100644 index 00000000000..e7c96246e7c --- /dev/null +++ b/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json @@ -0,0 +1,1540 @@ +[ + { + "@timestamp": "2018-10-03T14:42:44.836Z", + "destination.address": "93.184.216.34", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.bytes": 1654, + "destination.domain": "example.net", + "destination.geo.city_name": "Norwell", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 42.1596, + "destination.geo.location.lon": -70.8217, + "destination.geo.region_iso_code": "US-MA", + "destination.geo.region_name": "Massachusetts", + "destination.ip": "93.184.216.34", + "destination.packets": 3, + "destination.port": 80, + "event.category": [ + "network", + "intrusion_detection" + ], + "event.dataset": "suricata.eve", + "event.kind": "alert", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-10-03T14:42:44.836744+0000\",\"flow_id\":2191386088856669,\"in_iface\":\"enp0s3\",\"event_type\":\"alert\",\"src_ip\":\"192.168.1.146\",\"src_port\":32858,\"dest_ip\":\"93.184.216.34\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013028,\"rev\":4,\"signature\":\"ET POLICY curl User-Agent Outbound\",\"category\":\"Attempted Information Leak\",\"severity\":2},\"http\":{\"hostname\":\"example.net\",\"url\":\"\\/\",\"http_user_agent\":\"curl\\/7.58.0\",\"http_content_type\":\"text\\/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP\\/1.1\",\"status\":200,\"length\":1121},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":347,\"bytes_toclient\":1654,\"start\":\"2018-10-03T14:42:44.613469+0000\"}}", + "event.severity": 2, + "event.start": "2018-10-03T14:42:44.613Z", + "event.type": [ + "allowed" + ], + "fileset.name": "eve", + "http.request.method": "get", + "http.response.body.bytes": 1121, + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 0, + "message": "Attempted Information Leak", + "network.bytes": 2001, + "network.community_id": "1:Tx1T2pcsxn4KDSlkBTi/5q9tZuo=", + "network.packets": 7, + "network.protocol": "http", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.146", + "93.184.216.34" + ], + "rule.category": "Attempted Information Leak", + "rule.id": "2013028", + "rule.name": "ET POLICY curl User-Agent Outbound", + "service.type": "suricata", + "source.address": "192.168.1.146", + "source.bytes": 347, + "source.ip": "192.168.1.146", + "source.packets": 4, + "source.port": 32858, + "suricata.eve.alert.category": "Attempted Information Leak", + "suricata.eve.alert.gid": 1, + "suricata.eve.alert.rev": 4, + "suricata.eve.alert.signature": "ET POLICY curl User-Agent Outbound", + "suricata.eve.alert.signature_id": 2013028, + "suricata.eve.event_type": "alert", + "suricata.eve.flow_id": 2191386088856669, + "suricata.eve.http.http_content_type": "text/html", + "suricata.eve.http.protocol": "HTTP/1.1", + "suricata.eve.in_iface": "enp0s3", + "suricata.eve.tx_id": 0, + "tags": [ + "suricata" + ], + "url.domain": "example.net", + "url.original": "/", + "url.path": "/", + "user_agent.device.name": "Other", + "user_agent.name": "curl", + "user_agent.original": "curl/7.58.0", + "user_agent.version": "7.58.0" + }, + { + "@timestamp": "2018-10-03T16:16:26.711Z", + "destination.address": "93.184.216.34", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.bytes": 1654, + "destination.domain": "example.net", + "destination.geo.city_name": "Norwell", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 42.1596, + "destination.geo.location.lon": -70.8217, + "destination.geo.region_iso_code": "US-MA", + "destination.geo.region_name": "Massachusetts", + "destination.ip": "93.184.216.34", + "destination.packets": 3, + "destination.port": 80, + "event.category": [ + "network", + "intrusion_detection" + ], + "event.dataset": "suricata.eve", + "event.kind": "alert", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-10-03T16:16:26.711841+0000\",\"flow_id\":678269478904081,\"in_iface\":\"enp0s3\",\"event_type\":\"alert\",\"src_ip\":\"192.168.1.146\",\"src_port\":32864,\"dest_ip\":\"93.184.216.34\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013028,\"rev\":4,\"signature\":\"ET POLICY curl User-Agent Outbound\",\"category\":\"Attempted Information Leak\",\"severity\":2},\"http\":{\"hostname\":\"example.net\",\"url\":\"\\/\",\"http_user_agent\":\"curl\\/7.58.0\",\"http_content_type\":\"text\\/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP\\/1.1\",\"status\":200,\"length\":1121},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":347,\"bytes_toclient\":1654,\"start\":\"2018-10-03T16:16:26.467217+0000\"}}", + "event.severity": 2, + "event.start": "2018-10-03T16:16:26.467Z", + "event.type": [ + "allowed" + ], + "fileset.name": "eve", + "http.request.method": "get", + "http.response.body.bytes": 1121, + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 723, + "message": "Attempted Information Leak", + "network.bytes": 2001, + "network.community_id": "1:A30Bhw0tTI2EifayU+MwAocMCZs=", + "network.packets": 7, + "network.protocol": "http", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.146", + "93.184.216.34" + ], + "rule.category": "Attempted Information Leak", + "rule.id": "2013028", + "rule.name": "ET POLICY curl User-Agent Outbound", + "service.type": "suricata", + "source.address": "192.168.1.146", + "source.bytes": 347, + "source.ip": "192.168.1.146", + "source.packets": 4, + "source.port": 32864, + "suricata.eve.alert.category": "Attempted Information Leak", + "suricata.eve.alert.gid": 1, + "suricata.eve.alert.rev": 4, + "suricata.eve.alert.signature": "ET POLICY curl User-Agent Outbound", + "suricata.eve.alert.signature_id": 2013028, + "suricata.eve.event_type": "alert", + "suricata.eve.flow_id": 678269478904081, + "suricata.eve.http.http_content_type": "text/html", + "suricata.eve.http.protocol": "HTTP/1.1", + "suricata.eve.in_iface": "enp0s3", + "suricata.eve.tx_id": 0, + "tags": [ + "suricata" + ], + "url.domain": "example.net", + "url.original": "/", + "url.path": "/", + "user_agent.device.name": "Other", + "user_agent.name": "curl", + "user_agent.original": "curl/7.58.0", + "user_agent.version": "7.58.0" + }, + { + "@timestamp": "2018-10-03T16:44:50.813Z", + "destination.address": "93.184.216.34", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.bytes": 1654, + "destination.domain": "example.net", + "destination.geo.city_name": "Norwell", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 42.1596, + "destination.geo.location.lon": -70.8217, + "destination.geo.region_iso_code": "US-MA", + "destination.geo.region_name": "Massachusetts", + "destination.ip": "93.184.216.34", + "destination.packets": 3, + "destination.port": 80, + "event.category": [ + "network", + "intrusion_detection" + ], + "event.dataset": "suricata.eve", + "event.kind": "alert", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-10-03T16:44:50.813100+0000\",\"flow_id\":1170030461115650,\"in_iface\":\"enp0s3\",\"event_type\":\"alert\",\"src_ip\":\"192.168.1.146\",\"src_port\":32870,\"dest_ip\":\"93.184.216.34\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013028,\"rev\":4,\"signature\":\"ET POLICY curl User-Agent Outbound\",\"category\":\"Attempted Information Leak\",\"severity\":2},\"http\":{\"hostname\":\"example.net\",\"url\":\"\\/\",\"http_user_agent\":\"curl\\/7.58.0\",\"http_content_type\":\"text\\/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP\\/1.1\",\"status\":200,\"length\":1126},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":347,\"bytes_toclient\":1654,\"start\":\"2018-10-03T16:44:50.580866+0000\"}}", + "event.severity": 2, + "event.start": "2018-10-03T16:44:50.580Z", + "event.type": [ + "allowed" + ], + "fileset.name": "eve", + "http.request.method": "get", + "http.response.body.bytes": 1126, + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 1445, + "message": "Attempted Information Leak", + "network.bytes": 2001, + "network.community_id": "1:QI9ZBw/ltPo2cnzG5ne3IrgSdhw=", + "network.packets": 7, + "network.protocol": "http", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.146", + "93.184.216.34" + ], + "rule.category": "Attempted Information Leak", + "rule.id": "2013028", + "rule.name": "ET POLICY curl User-Agent Outbound", + "service.type": "suricata", + "source.address": "192.168.1.146", + "source.bytes": 347, + "source.ip": "192.168.1.146", + "source.packets": 4, + "source.port": 32870, + "suricata.eve.alert.category": "Attempted Information Leak", + "suricata.eve.alert.gid": 1, + "suricata.eve.alert.rev": 4, + "suricata.eve.alert.signature": "ET POLICY curl User-Agent Outbound", + "suricata.eve.alert.signature_id": 2013028, + "suricata.eve.event_type": "alert", + "suricata.eve.flow_id": 1170030461115650, + "suricata.eve.http.http_content_type": "text/html", + "suricata.eve.http.protocol": "HTTP/1.1", + "suricata.eve.in_iface": "enp0s3", + "suricata.eve.tx_id": 0, + "tags": [ + "suricata" + ], + "url.domain": "example.net", + "url.original": "/", + "url.path": "/", + "user_agent.device.name": "Other", + "user_agent.name": "curl", + "user_agent.original": "curl/7.58.0", + "user_agent.version": "7.58.0" + }, + { + "@timestamp": "2018-10-03T16:45:09.267Z", + "destination.address": "93.184.216.34", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.bytes": 1654, + "destination.domain": "example.org", + "destination.geo.city_name": "Norwell", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 42.1596, + "destination.geo.location.lon": -70.8217, + "destination.geo.region_iso_code": "US-MA", + "destination.geo.region_name": "Massachusetts", + "destination.ip": "93.184.216.34", + "destination.packets": 3, + "destination.port": 80, + "event.category": [ + "network", + "intrusion_detection" + ], + "event.dataset": "suricata.eve", + "event.kind": "alert", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-10-03T16:45:09.267308+0000\",\"flow_id\":49628113637132,\"in_iface\":\"enp0s3\",\"event_type\":\"alert\",\"src_ip\":\"192.168.1.146\",\"src_port\":32872,\"dest_ip\":\"93.184.216.34\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013028,\"rev\":4,\"signature\":\"ET POLICY curl User-Agent Outbound\",\"category\":\"Attempted Information Leak\",\"severity\":2},\"http\":{\"hostname\":\"example.org\",\"url\":\"\\/\",\"http_user_agent\":\"curl\\/7.58.0\",\"http_content_type\":\"text\\/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP\\/1.1\",\"status\":200,\"length\":1121},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":347,\"bytes_toclient\":1654,\"start\":\"2018-10-03T16:45:09.036620+0000\"}}", + "event.severity": 2, + "event.start": "2018-10-03T16:45:09.036Z", + "event.type": [ + "allowed" + ], + "fileset.name": "eve", + "http.request.method": "get", + "http.response.body.bytes": 1121, + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 2168, + "message": "Attempted Information Leak", + "network.bytes": 2001, + "network.community_id": "1:kvem4ydd+kylAQHyyYnQUREfRDY=", + "network.packets": 7, + "network.protocol": "http", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.146", + "93.184.216.34" + ], + "rule.category": "Attempted Information Leak", + "rule.id": "2013028", + "rule.name": "ET POLICY curl User-Agent Outbound", + "service.type": "suricata", + "source.address": "192.168.1.146", + "source.bytes": 347, + "source.ip": "192.168.1.146", + "source.packets": 4, + "source.port": 32872, + "suricata.eve.alert.category": "Attempted Information Leak", + "suricata.eve.alert.gid": 1, + "suricata.eve.alert.rev": 4, + "suricata.eve.alert.signature": "ET POLICY curl User-Agent Outbound", + "suricata.eve.alert.signature_id": 2013028, + "suricata.eve.event_type": "alert", + "suricata.eve.flow_id": 49628113637132, + "suricata.eve.http.http_content_type": "text/html", + "suricata.eve.http.protocol": "HTTP/1.1", + "suricata.eve.in_iface": "enp0s3", + "suricata.eve.tx_id": 0, + "tags": [ + "suricata" + ], + "url.domain": "example.org", + "url.original": "/", + "url.path": "/", + "user_agent.device.name": "Other", + "user_agent.name": "curl", + "user_agent.original": "curl/7.58.0", + "user_agent.version": "7.58.0" + }, + { + "@timestamp": "2018-10-03T16:45:34.481Z", + "destination.address": "93.184.216.34", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.bytes": 1654, + "destination.domain": "example.org", + "destination.geo.city_name": "Norwell", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 42.1596, + "destination.geo.location.lon": -70.8217, + "destination.geo.region_iso_code": "US-MA", + "destination.geo.region_name": "Massachusetts", + "destination.ip": "93.184.216.34", + "destination.packets": 3, + "destination.port": 80, + "event.category": [ + "network", + "intrusion_detection" + ], + "event.dataset": "suricata.eve", + "event.kind": "alert", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-10-03T16:45:34.481113+0000\",\"flow_id\":116307482565223,\"in_iface\":\"enp0s3\",\"event_type\":\"alert\",\"src_ip\":\"192.168.1.146\",\"src_port\":32876,\"dest_ip\":\"93.184.216.34\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013028,\"rev\":4,\"signature\":\"ET POLICY curl User-Agent Outbound\",\"category\":\"Attempted Information Leak\",\"severity\":2},\"http\":{\"hostname\":\"example.org\",\"url\":\"\\/\",\"http_user_agent\":\"curl\\/7.58.0\",\"http_content_type\":\"text\\/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP\\/1.1\",\"status\":200,\"length\":1121},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":347,\"bytes_toclient\":1654,\"start\":\"2018-10-03T16:45:34.252519+0000\"}}", + "event.severity": 2, + "event.start": "2018-10-03T16:45:34.252Z", + "event.type": [ + "allowed" + ], + "fileset.name": "eve", + "http.request.method": "get", + "http.response.body.bytes": 1121, + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 2889, + "message": "Attempted Information Leak", + "network.bytes": 2001, + "network.community_id": "1:HpBUwS4J4Fkh+ON3BdMMGV4jy8I=", + "network.packets": 7, + "network.protocol": "http", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.146", + "93.184.216.34" + ], + "rule.category": "Attempted Information Leak", + "rule.id": "2013028", + "rule.name": "ET POLICY curl User-Agent Outbound", + "service.type": "suricata", + "source.address": "192.168.1.146", + "source.bytes": 347, + "source.ip": "192.168.1.146", + "source.packets": 4, + "source.port": 32876, + "suricata.eve.alert.category": "Attempted Information Leak", + "suricata.eve.alert.gid": 1, + "suricata.eve.alert.rev": 4, + "suricata.eve.alert.signature": "ET POLICY curl User-Agent Outbound", + "suricata.eve.alert.signature_id": 2013028, + "suricata.eve.event_type": "alert", + "suricata.eve.flow_id": 116307482565223, + "suricata.eve.http.http_content_type": "text/html", + "suricata.eve.http.protocol": "HTTP/1.1", + "suricata.eve.in_iface": "enp0s3", + "suricata.eve.tx_id": 0, + "tags": [ + "suricata" + ], + "url.domain": "example.org", + "url.original": "/", + "url.path": "/", + "user_agent.device.name": "Other", + "user_agent.name": "curl", + "user_agent.original": "curl/7.58.0", + "user_agent.version": "7.58.0" + }, + { + "@timestamp": "2018-10-03T17:02:38.900Z", + "destination.address": "93.184.216.34", + "destination.as.number": 15133, + "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.bytes": 1654, + "destination.domain": "example.org", + "destination.geo.city_name": "Norwell", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 42.1596, + "destination.geo.location.lon": -70.8217, + "destination.geo.region_iso_code": "US-MA", + "destination.geo.region_name": "Massachusetts", + "destination.ip": "93.184.216.34", + "destination.packets": 3, + "destination.port": 80, + "event.category": [ + "network", + "intrusion_detection" + ], + "event.dataset": "suricata.eve", + "event.kind": "alert", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-10-03T17:02:38.900976+0000\",\"flow_id\":1205867738178946,\"in_iface\":\"enp0s3\",\"event_type\":\"alert\",\"src_ip\":\"192.168.1.146\",\"src_port\":32892,\"dest_ip\":\"93.184.216.34\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013028,\"rev\":4,\"signature\":\"ET POLICY curl User-Agent Outbound\",\"category\":\"Attempted Information Leak\",\"severity\":2},\"http\":{\"hostname\":\"example.org\",\"url\":\"\\/\",\"http_user_agent\":\"curl\\/7.58.0\",\"http_content_type\":\"text\\/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP\\/1.1\",\"status\":200,\"length\":1126},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":347,\"bytes_toclient\":1654,\"start\":\"2018-10-03T17:02:38.599426+0000\"}}", + "event.severity": 2, + "event.start": "2018-10-03T17:02:38.599Z", + "event.type": [ + "allowed" + ], + "fileset.name": "eve", + "http.request.method": "get", + "http.response.body.bytes": 1126, + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 3611, + "message": "Attempted Information Leak", + "network.bytes": 2001, + "network.community_id": "1:Bp3vB9bJiV2y/u23rxSpviRLSto=", + "network.packets": 7, + "network.protocol": "http", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.146", + "93.184.216.34" + ], + "rule.category": "Attempted Information Leak", + "rule.id": "2013028", + "rule.name": "ET POLICY curl User-Agent Outbound", + "service.type": "suricata", + "source.address": "192.168.1.146", + "source.bytes": 347, + "source.ip": "192.168.1.146", + "source.packets": 4, + "source.port": 32892, + "suricata.eve.alert.category": "Attempted Information Leak", + "suricata.eve.alert.gid": 1, + "suricata.eve.alert.rev": 4, + "suricata.eve.alert.signature": "ET POLICY curl User-Agent Outbound", + "suricata.eve.alert.signature_id": 2013028, + "suricata.eve.event_type": "alert", + "suricata.eve.flow_id": 1205867738178946, + "suricata.eve.http.http_content_type": "text/html", + "suricata.eve.http.protocol": "HTTP/1.1", + "suricata.eve.in_iface": "enp0s3", + "suricata.eve.tx_id": 0, + "tags": [ + "suricata" + ], + "url.domain": "example.org", + "url.original": "/", + "url.path": "/", + "user_agent.device.name": "Other", + "user_agent.name": "curl", + "user_agent.original": "curl/7.58.0", + "user_agent.version": "7.58.0" + }, + { + "@timestamp": "2018-10-04T09:34:59.009Z", + "destination.address": "91.189.88.152", + "destination.as.number": 41231, + "destination.as.organization.name": "Canonical Group Limited", + "destination.bytes": 1654, + "destination.domain": "security.ubuntu.com", + "destination.geo.city_name": "London", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "GB", + "destination.geo.location.lat": 51.5132, + "destination.geo.location.lon": -0.0961, + "destination.geo.region_iso_code": "GB-ENG", + "destination.geo.region_name": "England", + "destination.ip": "91.189.88.152", + "destination.packets": 3, + "destination.port": 80, + "event.category": [ + "network", + "intrusion_detection" + ], + "event.dataset": "suricata.eve", + "event.kind": "alert", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-10-04T09:34:59.009897+0000\",\"flow_id\":764842923400056,\"in_iface\":\"enp0s3\",\"event_type\":\"alert\",\"src_ip\":\"192.168.1.146\",\"src_port\":37742,\"dest_ip\":\"91.189.88.152\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013504,\"rev\":5,\"signature\":\"ET POLICY GNU\\/Linux APT User-Agent Outbound likely related to package management\",\"category\":\"Not Suspicious Traffic\",\"severity\":3},\"http\":{\"hostname\":\"security.ubuntu.com\",\"url\":\"\\/ubuntu\\/dists\\/bionic-security\\/InRelease\",\"http_user_agent\":\"Debian APT-HTTP\\/1.3 (1.6.3ubuntu0.1)\",\"http_method\":\"GET\",\"protocol\":\"HTTP\\/1.1\",\"status\":200,\"length\":1138},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":497,\"bytes_toclient\":1654,\"start\":\"2018-10-04T09:34:58.924536+0000\"}}", + "event.severity": 3, + "event.start": "2018-10-04T09:34:58.924Z", + "event.type": [ + "allowed" + ], + "fileset.name": "eve", + "http.request.method": "get", + "http.response.body.bytes": 1138, + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 4334, + "message": "Not Suspicious Traffic", + "network.bytes": 2151, + "network.community_id": "1:/kMBCIkdcM80Xtj2MYPWlkzcovg=", + "network.packets": 7, + "network.protocol": "http", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.146", + "91.189.88.152" + ], + "rule.category": "Not Suspicious Traffic", + "rule.id": "2013504", + "rule.name": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "service.type": "suricata", + "source.address": "192.168.1.146", + "source.bytes": 497, + "source.ip": "192.168.1.146", + "source.packets": 4, + "source.port": 37742, + "suricata.eve.alert.category": "Not Suspicious Traffic", + "suricata.eve.alert.gid": 1, + "suricata.eve.alert.rev": 5, + "suricata.eve.alert.signature": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "suricata.eve.alert.signature_id": 2013504, + "suricata.eve.event_type": "alert", + "suricata.eve.flow_id": 764842923400056, + "suricata.eve.http.protocol": "HTTP/1.1", + "suricata.eve.in_iface": "enp0s3", + "suricata.eve.tx_id": 0, + "tags": [ + "suricata" + ], + "url.domain": "security.ubuntu.com", + "url.original": "/ubuntu/dists/bionic-security/InRelease", + "url.path": "/ubuntu/dists/bionic-security/InRelease", + "user_agent.device.name": "Other", + "user_agent.name": "Debian APT-HTTP", + "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", + "user_agent.os.name": "Debian", + "user_agent.version": "1.3" + }, + { + "@timestamp": "2018-10-04T09:34:59.168Z", + "destination.address": "91.189.91.23", + "destination.as.number": 41231, + "destination.as.organization.name": "Canonical Group Limited", + "destination.bytes": 417, + "destination.domain": "archive.ubuntu.com", + "destination.geo.city_name": "Boston", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 42.3562, + "destination.geo.location.lon": -71.0631, + "destination.geo.region_iso_code": "US-MA", + "destination.geo.region_name": "Massachusetts", + "destination.ip": "91.189.91.23", + "destination.packets": 3, + "destination.port": 80, + "event.category": [ + "network", + "intrusion_detection" + ], + "event.dataset": "suricata.eve", + "event.kind": "alert", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-10-04T09:34:59.168340+0000\",\"flow_id\":112424506237238,\"in_iface\":\"enp0s3\",\"event_type\":\"alert\",\"src_ip\":\"192.168.1.146\",\"src_port\":52340,\"dest_ip\":\"91.189.91.23\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013504,\"rev\":5,\"signature\":\"ET POLICY GNU\\/Linux APT User-Agent Outbound likely related to package management\",\"category\":\"Not Suspicious Traffic\",\"severity\":3},\"http\":{\"hostname\":\"archive.ubuntu.com\",\"url\":\"\\/ubuntu\\/dists\\/bionic\\/InRelease\",\"http_user_agent\":\"Debian APT-HTTP\\/1.3 (1.6.3ubuntu0.1)\",\"http_method\":\"GET\",\"protocol\":\"HTTP\\/1.1\",\"status\":304,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":487,\"bytes_toclient\":417,\"start\":\"2018-10-04T09:34:58.926006+0000\"}}", + "event.severity": 3, + "event.start": "2018-10-04T09:34:58.926Z", + "event.type": [ + "allowed" + ], + "fileset.name": "eve", + "http.request.method": "get", + "http.response.body.bytes": 0, + "http.response.status_code": 304, + "input.type": "log", + "log.offset": 5140, + "message": "Not Suspicious Traffic", + "network.bytes": 904, + "network.community_id": "1:v4+r8WgQyj/+LOpAIRGXwdlh/Xk=", + "network.packets": 7, + "network.protocol": "http", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.146", + "91.189.91.23" + ], + "rule.category": "Not Suspicious Traffic", + "rule.id": "2013504", + "rule.name": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "service.type": "suricata", + "source.address": "192.168.1.146", + "source.bytes": 487, + "source.ip": "192.168.1.146", + "source.packets": 4, + "source.port": 52340, + "suricata.eve.alert.category": "Not Suspicious Traffic", + "suricata.eve.alert.gid": 1, + "suricata.eve.alert.rev": 5, + "suricata.eve.alert.signature": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "suricata.eve.alert.signature_id": 2013504, + "suricata.eve.event_type": "alert", + "suricata.eve.flow_id": 112424506237238, + "suricata.eve.http.protocol": "HTTP/1.1", + "suricata.eve.in_iface": "enp0s3", + "suricata.eve.tx_id": 0, + "tags": [ + "suricata" + ], + "url.domain": "archive.ubuntu.com", + "url.original": "/ubuntu/dists/bionic/InRelease", + "url.path": "/ubuntu/dists/bionic/InRelease", + "user_agent.device.name": "Other", + "user_agent.name": "Debian APT-HTTP", + "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", + "user_agent.os.name": "Debian", + "user_agent.version": "1.3" + }, + { + "@timestamp": "2018-10-04T09:34:59.288Z", + "destination.address": "91.189.91.23", + "destination.as.number": 41231, + "destination.as.organization.name": "Canonical Group Limited", + "destination.bytes": 3445, + "destination.domain": "archive.ubuntu.com", + "destination.geo.city_name": "Boston", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 42.3562, + "destination.geo.location.lon": -71.0631, + "destination.geo.region_iso_code": "US-MA", + "destination.geo.region_name": "Massachusetts", + "destination.ip": "91.189.91.23", + "destination.packets": 5, + "destination.port": 80, + "event.category": [ + "network", + "intrusion_detection" + ], + "event.dataset": "suricata.eve", + "event.kind": "alert", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-10-04T09:34:59.288862+0000\",\"flow_id\":112424506237238,\"in_iface\":\"enp0s3\",\"event_type\":\"alert\",\"src_ip\":\"192.168.1.146\",\"src_port\":52340,\"dest_ip\":\"91.189.91.23\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013504,\"rev\":5,\"signature\":\"ET POLICY GNU\\/Linux APT User-Agent Outbound likely related to package management\",\"category\":\"Not Suspicious Traffic\",\"severity\":3},\"http\":{\"hostname\":\"archive.ubuntu.com\",\"url\":\"\\/ubuntu\\/dists\\/bionic-updates\\/InRelease\",\"http_user_agent\":\"Debian APT-HTTP\\/1.3 (1.6.3ubuntu0.1)\",\"http_method\":\"GET\",\"protocol\":\"HTTP\\/1.1\",\"status\":200,\"length\":2601},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":842,\"bytes_toclient\":3445,\"start\":\"2018-10-04T09:34:58.926006+0000\"}}", + "event.severity": 3, + "event.start": "2018-10-04T09:34:58.926Z", + "event.type": [ + "allowed" + ], + "fileset.name": "eve", + "http.request.method": "get", + "http.response.body.bytes": 2601, + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 5931, + "message": "Not Suspicious Traffic", + "network.bytes": 4287, + "network.community_id": "1:v4+r8WgQyj/+LOpAIRGXwdlh/Xk=", + "network.packets": 11, + "network.protocol": "http", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.146", + "91.189.91.23" + ], + "rule.category": "Not Suspicious Traffic", + "rule.id": "2013504", + "rule.name": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "service.type": "suricata", + "source.address": "192.168.1.146", + "source.bytes": 842, + "source.ip": "192.168.1.146", + "source.packets": 6, + "source.port": 52340, + "suricata.eve.alert.category": "Not Suspicious Traffic", + "suricata.eve.alert.gid": 1, + "suricata.eve.alert.rev": 5, + "suricata.eve.alert.signature": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "suricata.eve.alert.signature_id": 2013504, + "suricata.eve.event_type": "alert", + "suricata.eve.flow_id": 112424506237238, + "suricata.eve.http.protocol": "HTTP/1.1", + "suricata.eve.in_iface": "enp0s3", + "suricata.eve.tx_id": 1, + "tags": [ + "suricata" + ], + "url.domain": "archive.ubuntu.com", + "url.original": "/ubuntu/dists/bionic-updates/InRelease", + "url.path": "/ubuntu/dists/bionic-updates/InRelease", + "user_agent.device.name": "Other", + "user_agent.name": "Debian APT-HTTP", + "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", + "user_agent.os.name": "Debian", + "user_agent.version": "1.3" + }, + { + "@timestamp": "2018-10-04T09:34:59.289Z", + "destination.address": "91.189.88.152", + "destination.as.number": 41231, + "destination.as.organization.name": "Canonical Group Limited", + "destination.bytes": 90543, + "destination.domain": "security.ubuntu.com", + "destination.geo.city_name": "London", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "GB", + "destination.geo.location.lat": 51.5132, + "destination.geo.location.lon": -0.0961, + "destination.geo.region_iso_code": "GB-ENG", + "destination.geo.region_name": "England", + "destination.ip": "91.189.88.152", + "destination.packets": 62, + "destination.port": 80, + "event.category": [ + "network", + "intrusion_detection" + ], + "event.dataset": "suricata.eve", + "event.kind": "alert", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-10-04T09:34:59.289324+0000\",\"flow_id\":764842923400056,\"in_iface\":\"enp0s3\",\"event_type\":\"alert\",\"src_ip\":\"192.168.1.146\",\"src_port\":37742,\"dest_ip\":\"91.189.88.152\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013504,\"rev\":5,\"signature\":\"ET POLICY GNU\\/Linux APT User-Agent Outbound likely related to package management\",\"category\":\"Not Suspicious Traffic\",\"severity\":3},\"http\":{\"hostname\":\"security.ubuntu.com\",\"url\":\"\\/ubuntu\\/dists\\/bionic-security\\/main\\/source\\/by-hash\\/SHA256\\/f5ec03d97ca76c98162d9233c8b7c578c52897e2136428277baf2e7b633a8e72\",\"http_user_agent\":\"Debian APT-HTTP\\/1.3 (1.6.3ubuntu0.1)\",\"http_method\":\"GET\",\"protocol\":\"HTTP\\/1.1\",\"status\":200,\"length\":1241},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":64,\"pkts_toclient\":62,\"bytes_toserver\":4810,\"bytes_toclient\":90543,\"start\":\"2018-10-04T09:34:58.924536+0000\"}}", + "event.severity": 3, + "event.start": "2018-10-04T09:34:58.924Z", + "event.type": [ + "allowed" + ], + "fileset.name": "eve", + "http.request.method": "get", + "http.response.body.bytes": 1241, + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 6734, + "message": "Not Suspicious Traffic", + "network.bytes": 95353, + "network.community_id": "1:/kMBCIkdcM80Xtj2MYPWlkzcovg=", + "network.packets": 126, + "network.protocol": "http", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.146", + "91.189.88.152" + ], + "rule.category": "Not Suspicious Traffic", + "rule.id": "2013504", + "rule.name": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "service.type": "suricata", + "source.address": "192.168.1.146", + "source.bytes": 4810, + "source.ip": "192.168.1.146", + "source.packets": 64, + "source.port": 37742, + "suricata.eve.alert.category": "Not Suspicious Traffic", + "suricata.eve.alert.gid": 1, + "suricata.eve.alert.rev": 5, + "suricata.eve.alert.signature": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "suricata.eve.alert.signature_id": 2013504, + "suricata.eve.event_type": "alert", + "suricata.eve.flow_id": 764842923400056, + "suricata.eve.http.protocol": "HTTP/1.1", + "suricata.eve.in_iface": "enp0s3", + "suricata.eve.tx_id": 1, + "tags": [ + "suricata" + ], + "url.domain": "security.ubuntu.com", + "url.original": "/ubuntu/dists/bionic-security/main/source/by-hash/SHA256/f5ec03d97ca76c98162d9233c8b7c578c52897e2136428277baf2e7b633a8e72", + "url.path": "/ubuntu/dists/bionic-security/main/source/by-hash/SHA256/f5ec03d97ca76c98162d9233c8b7c578c52897e2136428277baf2e7b633a8e72", + "user_agent.device.name": "Other", + "user_agent.name": "Debian APT-HTTP", + "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", + "user_agent.os.name": "Debian", + "user_agent.version": "1.3" + }, + { + "@timestamp": "2018-10-04T09:34:59.356Z", + "destination.address": "91.189.88.152", + "destination.as.number": 41231, + "destination.as.organization.name": "Canonical Group Limited", + "destination.bytes": 145014, + "destination.domain": "security.ubuntu.com", + "destination.geo.city_name": "London", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "GB", + "destination.geo.location.lat": 51.5132, + "destination.geo.location.lon": -0.0961, + "destination.geo.region_iso_code": "GB-ENG", + "destination.geo.region_name": "England", + "destination.ip": "91.189.88.152", + "destination.packets": 98, + "destination.port": 80, + "event.category": [ + "network", + "intrusion_detection" + ], + "event.dataset": "suricata.eve", + "event.kind": "alert", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-10-04T09:34:59.356132+0000\",\"flow_id\":764842923400056,\"in_iface\":\"enp0s3\",\"event_type\":\"alert\",\"src_ip\":\"192.168.1.146\",\"src_port\":37742,\"dest_ip\":\"91.189.88.152\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013504,\"rev\":5,\"signature\":\"ET POLICY GNU\\/Linux APT User-Agent Outbound likely related to package management\",\"category\":\"Not Suspicious Traffic\",\"severity\":3},\"http\":{\"hostname\":\"security.ubuntu.com\",\"url\":\"\\/ubuntu\\/dists\\/bionic-security\\/main\\/binary-amd64\\/by-hash\\/SHA256\\/c5b8346a3221bc9a23a79ba4dc4e730a6319a77fc9d63872dfc56539a0810015\",\"http_user_agent\":\"Debian APT-HTTP\\/1.3 (1.6.3ubuntu0.1)\",\"http_method\":\"GET\",\"protocol\":\"HTTP\\/1.1\",\"status\":200,\"length\":2687},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":87,\"pkts_toclient\":98,\"bytes_toserver\":6591,\"bytes_toclient\":145014,\"start\":\"2018-10-04T09:34:58.924536+0000\"}}", + "event.severity": 3, + "event.start": "2018-10-04T09:34:58.924Z", + "event.type": [ + "allowed" + ], + "fileset.name": "eve", + "http.request.method": "get", + "http.response.body.bytes": 2687, + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 7630, + "message": "Not Suspicious Traffic", + "network.bytes": 151605, + "network.community_id": "1:/kMBCIkdcM80Xtj2MYPWlkzcovg=", + "network.packets": 185, + "network.protocol": "http", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.146", + "91.189.88.152" + ], + "rule.category": "Not Suspicious Traffic", + "rule.id": "2013504", + "rule.name": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "service.type": "suricata", + "source.address": "192.168.1.146", + "source.bytes": 6591, + "source.ip": "192.168.1.146", + "source.packets": 87, + "source.port": 37742, + "suricata.eve.alert.category": "Not Suspicious Traffic", + "suricata.eve.alert.gid": 1, + "suricata.eve.alert.rev": 5, + "suricata.eve.alert.signature": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "suricata.eve.alert.signature_id": 2013504, + "suricata.eve.event_type": "alert", + "suricata.eve.flow_id": 764842923400056, + "suricata.eve.http.protocol": "HTTP/1.1", + "suricata.eve.in_iface": "enp0s3", + "suricata.eve.tx_id": 2, + "tags": [ + "suricata" + ], + "url.domain": "security.ubuntu.com", + "url.original": "/ubuntu/dists/bionic-security/main/binary-amd64/by-hash/SHA256/c5b8346a3221bc9a23a79ba4dc4e730a6319a77fc9d63872dfc56539a0810015", + "url.path": "/ubuntu/dists/bionic-security/main/binary-amd64/by-hash/SHA256/c5b8346a3221bc9a23a79ba4dc4e730a6319a77fc9d63872dfc56539a0810015", + "user_agent.device.name": "Other", + "user_agent.name": "Debian APT-HTTP", + "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", + "user_agent.os.name": "Debian", + "user_agent.version": "1.3" + }, + { + "@timestamp": "2018-10-04T09:34:59.456Z", + "destination.address": "91.189.88.152", + "destination.as.number": 41231, + "destination.as.organization.name": "Canonical Group Limited", + "destination.bytes": 330525, + "destination.domain": "security.ubuntu.com", + "destination.geo.city_name": "London", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "GB", + "destination.geo.location.lat": 51.5132, + "destination.geo.location.lon": -0.0961, + "destination.geo.region_iso_code": "GB-ENG", + "destination.geo.region_name": "England", + "destination.ip": "91.189.88.152", + "destination.packets": 221, + "destination.port": 80, + "event.category": [ + "network", + "intrusion_detection" + ], + "event.dataset": "suricata.eve", + "event.kind": "alert", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-10-04T09:34:59.456919+0000\",\"flow_id\":764842923400056,\"in_iface\":\"enp0s3\",\"event_type\":\"alert\",\"src_ip\":\"192.168.1.146\",\"src_port\":37742,\"dest_ip\":\"91.189.88.152\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013504,\"rev\":5,\"signature\":\"ET POLICY GNU\\/Linux APT User-Agent Outbound likely related to package management\",\"category\":\"Not Suspicious Traffic\",\"severity\":3},\"http\":{\"hostname\":\"security.ubuntu.com\",\"url\":\"\\/ubuntu\\/dists\\/bionic-security\\/universe\\/binary-amd64\\/by-hash\\/SHA256\\/e5cc957139a25a0fee47cbf2c0fac8ad5cab50346d6a74abe031748924c5b558\",\"http_user_agent\":\"Debian APT-HTTP\\/1.3 (1.6.3ubuntu0.1)\",\"http_method\":\"GET\",\"protocol\":\"HTTP\\/1.1\",\"status\":200,\"length\":2688},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":156,\"pkts_toclient\":221,\"bytes_toserver\":11460,\"bytes_toclient\":330525,\"start\":\"2018-10-04T09:34:58.924536+0000\"}}", + "event.severity": 3, + "event.start": "2018-10-04T09:34:58.924Z", + "event.type": [ + "allowed" + ], + "fileset.name": "eve", + "http.request.method": "get", + "http.response.body.bytes": 2688, + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 8533, + "message": "Not Suspicious Traffic", + "network.bytes": 341985, + "network.community_id": "1:/kMBCIkdcM80Xtj2MYPWlkzcovg=", + "network.packets": 377, + "network.protocol": "http", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.146", + "91.189.88.152" + ], + "rule.category": "Not Suspicious Traffic", + "rule.id": "2013504", + "rule.name": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "service.type": "suricata", + "source.address": "192.168.1.146", + "source.bytes": 11460, + "source.ip": "192.168.1.146", + "source.packets": 156, + "source.port": 37742, + "suricata.eve.alert.category": "Not Suspicious Traffic", + "suricata.eve.alert.gid": 1, + "suricata.eve.alert.rev": 5, + "suricata.eve.alert.signature": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "suricata.eve.alert.signature_id": 2013504, + "suricata.eve.event_type": "alert", + "suricata.eve.flow_id": 764842923400056, + "suricata.eve.http.protocol": "HTTP/1.1", + "suricata.eve.in_iface": "enp0s3", + "suricata.eve.tx_id": 3, + "tags": [ + "suricata" + ], + "url.domain": "security.ubuntu.com", + "url.original": "/ubuntu/dists/bionic-security/universe/binary-amd64/by-hash/SHA256/e5cc957139a25a0fee47cbf2c0fac8ad5cab50346d6a74abe031748924c5b558", + "url.path": "/ubuntu/dists/bionic-security/universe/binary-amd64/by-hash/SHA256/e5cc957139a25a0fee47cbf2c0fac8ad5cab50346d6a74abe031748924c5b558", + "user_agent.device.name": "Other", + "user_agent.name": "Debian APT-HTTP", + "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", + "user_agent.os.name": "Debian", + "user_agent.version": "1.3" + }, + { + "@timestamp": "2018-10-04T09:34:59.747Z", + "destination.address": "91.189.91.23", + "destination.as.number": 41231, + "destination.as.organization.name": "Canonical Group Limited", + "destination.bytes": 96554, + "destination.domain": "archive.ubuntu.com", + "destination.geo.city_name": "Boston", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 42.3562, + "destination.geo.location.lon": -71.0631, + "destination.geo.region_iso_code": "US-MA", + "destination.geo.region_name": "Massachusetts", + "destination.ip": "91.189.91.23", + "destination.packets": 67, + "destination.port": 80, + "event.category": [ + "network", + "intrusion_detection" + ], + "event.dataset": "suricata.eve", + "event.kind": "alert", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-10-04T09:34:59.747122+0000\",\"flow_id\":112424506237238,\"in_iface\":\"enp0s3\",\"event_type\":\"alert\",\"src_ip\":\"192.168.1.146\",\"src_port\":52340,\"dest_ip\":\"91.189.91.23\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013504,\"rev\":5,\"signature\":\"ET POLICY GNU\\/Linux APT User-Agent Outbound likely related to package management\",\"category\":\"Not Suspicious Traffic\",\"severity\":3},\"http\":{\"hostname\":\"archive.ubuntu.com\",\"url\":\"\\/ubuntu\\/dists\\/bionic-backports\\/InRelease\",\"http_user_agent\":\"Debian APT-HTTP\\/1.3 (1.6.3ubuntu0.1)\",\"http_method\":\"GET\",\"protocol\":\"HTTP\\/1.1\",\"status\":200,\"length\":2601},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":64,\"pkts_toclient\":67,\"bytes_toserver\":4895,\"bytes_toclient\":96554,\"start\":\"2018-10-04T09:34:58.926006+0000\"}}", + "event.severity": 3, + "event.start": "2018-10-04T09:34:58.926Z", + "event.type": [ + "allowed" + ], + "fileset.name": "eve", + "http.request.method": "get", + "http.response.body.bytes": 2601, + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 9443, + "message": "Not Suspicious Traffic", + "network.bytes": 101449, + "network.community_id": "1:v4+r8WgQyj/+LOpAIRGXwdlh/Xk=", + "network.packets": 131, + "network.protocol": "http", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.146", + "91.189.91.23" + ], + "rule.category": "Not Suspicious Traffic", + "rule.id": "2013504", + "rule.name": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "service.type": "suricata", + "source.address": "192.168.1.146", + "source.bytes": 4895, + "source.ip": "192.168.1.146", + "source.packets": 64, + "source.port": 52340, + "suricata.eve.alert.category": "Not Suspicious Traffic", + "suricata.eve.alert.gid": 1, + "suricata.eve.alert.rev": 5, + "suricata.eve.alert.signature": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "suricata.eve.alert.signature_id": 2013504, + "suricata.eve.event_type": "alert", + "suricata.eve.flow_id": 112424506237238, + "suricata.eve.http.protocol": "HTTP/1.1", + "suricata.eve.in_iface": "enp0s3", + "suricata.eve.tx_id": 2, + "tags": [ + "suricata" + ], + "url.domain": "archive.ubuntu.com", + "url.original": "/ubuntu/dists/bionic-backports/InRelease", + "url.path": "/ubuntu/dists/bionic-backports/InRelease", + "user_agent.device.name": "Other", + "user_agent.name": "Debian APT-HTTP", + "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", + "user_agent.os.name": "Debian", + "user_agent.version": "1.3" + }, + { + "@timestamp": "2018-10-04T09:34:59.953Z", + "destination.address": "91.189.91.23", + "destination.as.number": 41231, + "destination.as.organization.name": "Canonical Group Limited", + "destination.bytes": 174843, + "destination.domain": "archive.ubuntu.com", + "destination.geo.city_name": "Boston", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 42.3562, + "destination.geo.location.lon": -71.0631, + "destination.geo.region_iso_code": "US-MA", + "destination.geo.region_name": "Massachusetts", + "destination.ip": "91.189.91.23", + "destination.packets": 119, + "destination.port": 80, + "event.category": [ + "network", + "intrusion_detection" + ], + "event.dataset": "suricata.eve", + "event.kind": "alert", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-10-04T09:34:59.953886+0000\",\"flow_id\":112424506237238,\"in_iface\":\"enp0s3\",\"event_type\":\"alert\",\"src_ip\":\"192.168.1.146\",\"src_port\":52340,\"dest_ip\":\"91.189.91.23\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013504,\"rev\":5,\"signature\":\"ET POLICY GNU\\/Linux APT User-Agent Outbound likely related to package management\",\"category\":\"Not Suspicious Traffic\",\"severity\":3},\"http\":{\"hostname\":\"archive.ubuntu.com\",\"url\":\"\\/ubuntu\\/dists\\/bionic-updates\\/main\\/source\\/by-hash\\/SHA256\\/65f2e3a4e9d89d9d4b5e3d42e586bc96f48a24466b0ad0b4a707255e44a26b03\",\"http_user_agent\":\"Debian APT-HTTP\\/1.3 (1.6.3ubuntu0.1)\",\"http_method\":\"GET\",\"protocol\":\"HTTP\\/1.1\",\"status\":200,\"length\":2687},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":91,\"pkts_toclient\":119,\"bytes_toserver\":6932,\"bytes_toclient\":174843,\"start\":\"2018-10-04T09:34:58.926006+0000\"}}", + "event.severity": 3, + "event.start": "2018-10-04T09:34:58.926Z", + "event.type": [ + "allowed" + ], + "fileset.name": "eve", + "http.request.method": "get", + "http.response.body.bytes": 2687, + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 10252, + "message": "Not Suspicious Traffic", + "network.bytes": 181775, + "network.community_id": "1:v4+r8WgQyj/+LOpAIRGXwdlh/Xk=", + "network.packets": 210, + "network.protocol": "http", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.146", + "91.189.91.23" + ], + "rule.category": "Not Suspicious Traffic", + "rule.id": "2013504", + "rule.name": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "service.type": "suricata", + "source.address": "192.168.1.146", + "source.bytes": 6932, + "source.ip": "192.168.1.146", + "source.packets": 91, + "source.port": 52340, + "suricata.eve.alert.category": "Not Suspicious Traffic", + "suricata.eve.alert.gid": 1, + "suricata.eve.alert.rev": 5, + "suricata.eve.alert.signature": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "suricata.eve.alert.signature_id": 2013504, + "suricata.eve.event_type": "alert", + "suricata.eve.flow_id": 112424506237238, + "suricata.eve.http.protocol": "HTTP/1.1", + "suricata.eve.in_iface": "enp0s3", + "suricata.eve.tx_id": 3, + "tags": [ + "suricata" + ], + "url.domain": "archive.ubuntu.com", + "url.original": "/ubuntu/dists/bionic-updates/main/source/by-hash/SHA256/65f2e3a4e9d89d9d4b5e3d42e586bc96f48a24466b0ad0b4a707255e44a26b03", + "url.path": "/ubuntu/dists/bionic-updates/main/source/by-hash/SHA256/65f2e3a4e9d89d9d4b5e3d42e586bc96f48a24466b0ad0b4a707255e44a26b03", + "user_agent.device.name": "Other", + "user_agent.name": "Debian APT-HTTP", + "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", + "user_agent.os.name": "Debian", + "user_agent.version": "1.3" + }, + { + "@timestamp": "2018-10-04T09:35:00.250Z", + "destination.address": "91.189.91.23", + "destination.as.number": 41231, + "destination.as.organization.name": "Canonical Group Limited", + "destination.bytes": 376452, + "destination.domain": "archive.ubuntu.com", + "destination.geo.city_name": "Boston", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 42.3562, + "destination.geo.location.lon": -71.0631, + "destination.geo.region_iso_code": "US-MA", + "destination.geo.region_name": "Massachusetts", + "destination.ip": "91.189.91.23", + "destination.packets": 253, + "destination.port": 80, + "event.category": [ + "network", + "intrusion_detection" + ], + "event.dataset": "suricata.eve", + "event.kind": "alert", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-10-04T09:35:00.250560+0000\",\"flow_id\":112424506237238,\"in_iface\":\"enp0s3\",\"event_type\":\"alert\",\"src_ip\":\"192.168.1.146\",\"src_port\":52340,\"dest_ip\":\"91.189.91.23\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013504,\"rev\":5,\"signature\":\"ET POLICY GNU\\/Linux APT User-Agent Outbound likely related to package management\",\"category\":\"Not Suspicious Traffic\",\"severity\":3},\"http\":{\"hostname\":\"archive.ubuntu.com\",\"url\":\"\\/ubuntu\\/dists\\/bionic-updates\\/universe\\/source\\/by-hash\\/SHA256\\/56cfd9cc2efa61dff7428dddf921c3cd6047ab8e6484a7f1888e4c3f7252f1ef\",\"http_user_agent\":\"Debian APT-HTTP\\/1.3 (1.6.3ubuntu0.1)\",\"http_method\":\"GET\",\"protocol\":\"HTTP\\/1.1\",\"status\":200,\"length\":2688},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":159,\"pkts_toclient\":253,\"bytes_toserver\":11679,\"bytes_toclient\":376452,\"start\":\"2018-10-04T09:34:58.926006+0000\"}}", + "event.severity": 3, + "event.start": "2018-10-04T09:34:58.926Z", + "event.type": [ + "allowed" + ], + "fileset.name": "eve", + "http.request.method": "get", + "http.response.body.bytes": 2688, + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 11147, + "message": "Not Suspicious Traffic", + "network.bytes": 388131, + "network.community_id": "1:v4+r8WgQyj/+LOpAIRGXwdlh/Xk=", + "network.packets": 412, + "network.protocol": "http", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.146", + "91.189.91.23" + ], + "rule.category": "Not Suspicious Traffic", + "rule.id": "2013504", + "rule.name": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "service.type": "suricata", + "source.address": "192.168.1.146", + "source.bytes": 11679, + "source.ip": "192.168.1.146", + "source.packets": 159, + "source.port": 52340, + "suricata.eve.alert.category": "Not Suspicious Traffic", + "suricata.eve.alert.gid": 1, + "suricata.eve.alert.rev": 5, + "suricata.eve.alert.signature": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "suricata.eve.alert.signature_id": 2013504, + "suricata.eve.event_type": "alert", + "suricata.eve.flow_id": 112424506237238, + "suricata.eve.http.protocol": "HTTP/1.1", + "suricata.eve.in_iface": "enp0s3", + "suricata.eve.tx_id": 4, + "tags": [ + "suricata" + ], + "url.domain": "archive.ubuntu.com", + "url.original": "/ubuntu/dists/bionic-updates/universe/source/by-hash/SHA256/56cfd9cc2efa61dff7428dddf921c3cd6047ab8e6484a7f1888e4c3f7252f1ef", + "url.path": "/ubuntu/dists/bionic-updates/universe/source/by-hash/SHA256/56cfd9cc2efa61dff7428dddf921c3cd6047ab8e6484a7f1888e4c3f7252f1ef", + "user_agent.device.name": "Other", + "user_agent.name": "Debian APT-HTTP", + "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", + "user_agent.os.name": "Debian", + "user_agent.version": "1.3" + }, + { + "@timestamp": "2018-10-04T09:35:00.401Z", + "destination.address": "91.189.91.23", + "destination.as.number": 41231, + "destination.as.organization.name": "Canonical Group Limited", + "destination.bytes": 468170, + "destination.domain": "archive.ubuntu.com", + "destination.geo.city_name": "Boston", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 42.3562, + "destination.geo.location.lon": -71.0631, + "destination.geo.region_iso_code": "US-MA", + "destination.geo.region_name": "Massachusetts", + "destination.ip": "91.189.91.23", + "destination.packets": 314, + "destination.port": 80, + "event.category": [ + "network", + "intrusion_detection" + ], + "event.dataset": "suricata.eve", + "event.kind": "alert", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-10-04T09:35:00.401788+0000\",\"flow_id\":112424506237238,\"in_iface\":\"enp0s3\",\"event_type\":\"alert\",\"src_ip\":\"192.168.1.146\",\"src_port\":52340,\"dest_ip\":\"91.189.91.23\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013504,\"rev\":5,\"signature\":\"ET POLICY GNU\\/Linux APT User-Agent Outbound likely related to package management\",\"category\":\"Not Suspicious Traffic\",\"severity\":3},\"http\":{\"hostname\":\"archive.ubuntu.com\",\"url\":\"\\/ubuntu\\/dists\\/bionic-updates\\/main\\/binary-amd64\\/by-hash\\/SHA256\\/4360137dc8f98b47648da1fef5472ef234fb02115bc2b29873bcaeee62637e70\",\"http_user_agent\":\"Debian APT-HTTP\\/1.3 (1.6.3ubuntu0.1)\",\"http_method\":\"GET\",\"protocol\":\"HTTP\\/1.1\",\"status\":200,\"length\":2687},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":190,\"pkts_toclient\":314,\"bytes_toserver\":13986,\"bytes_toclient\":468170,\"start\":\"2018-10-04T09:34:58.926006+0000\"}}", + "event.severity": 3, + "event.start": "2018-10-04T09:34:58.926Z", + "event.type": [ + "allowed" + ], + "fileset.name": "eve", + "http.request.method": "get", + "http.response.body.bytes": 2687, + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 12048, + "message": "Not Suspicious Traffic", + "network.bytes": 482156, + "network.community_id": "1:v4+r8WgQyj/+LOpAIRGXwdlh/Xk=", + "network.packets": 504, + "network.protocol": "http", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.146", + "91.189.91.23" + ], + "rule.category": "Not Suspicious Traffic", + "rule.id": "2013504", + "rule.name": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "service.type": "suricata", + "source.address": "192.168.1.146", + "source.bytes": 13986, + "source.ip": "192.168.1.146", + "source.packets": 190, + "source.port": 52340, + "suricata.eve.alert.category": "Not Suspicious Traffic", + "suricata.eve.alert.gid": 1, + "suricata.eve.alert.rev": 5, + "suricata.eve.alert.signature": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "suricata.eve.alert.signature_id": 2013504, + "suricata.eve.event_type": "alert", + "suricata.eve.flow_id": 112424506237238, + "suricata.eve.http.protocol": "HTTP/1.1", + "suricata.eve.in_iface": "enp0s3", + "suricata.eve.tx_id": 5, + "tags": [ + "suricata" + ], + "url.domain": "archive.ubuntu.com", + "url.original": "/ubuntu/dists/bionic-updates/main/binary-amd64/by-hash/SHA256/4360137dc8f98b47648da1fef5472ef234fb02115bc2b29873bcaeee62637e70", + "url.path": "/ubuntu/dists/bionic-updates/main/binary-amd64/by-hash/SHA256/4360137dc8f98b47648da1fef5472ef234fb02115bc2b29873bcaeee62637e70", + "user_agent.device.name": "Other", + "user_agent.name": "Debian APT-HTTP", + "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", + "user_agent.os.name": "Debian", + "user_agent.version": "1.3" + }, + { + "@timestamp": "2018-10-04T09:35:00.776Z", + "destination.address": "91.189.91.23", + "destination.as.number": 41231, + "destination.as.organization.name": "Canonical Group Limited", + "destination.bytes": 880323, + "destination.domain": "archive.ubuntu.com", + "destination.geo.city_name": "Boston", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 42.3562, + "destination.geo.location.lon": -71.0631, + "destination.geo.region_iso_code": "US-MA", + "destination.geo.region_name": "Massachusetts", + "destination.ip": "91.189.91.23", + "destination.packets": 588, + "destination.port": 80, + "event.category": [ + "network", + "intrusion_detection" + ], + "event.dataset": "suricata.eve", + "event.kind": "alert", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-10-04T09:35:00.776438+0000\",\"flow_id\":112424506237238,\"in_iface\":\"enp0s3\",\"event_type\":\"alert\",\"src_ip\":\"192.168.1.146\",\"src_port\":52340,\"dest_ip\":\"91.189.91.23\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":6,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013504,\"rev\":5,\"signature\":\"ET POLICY GNU\\/Linux APT User-Agent Outbound likely related to package management\",\"category\":\"Not Suspicious Traffic\",\"severity\":3},\"http\":{\"hostname\":\"archive.ubuntu.com\",\"url\":\"\\/ubuntu\\/dists\\/bionic-updates\\/restricted\\/binary-amd64\\/by-hash\\/SHA256\\/c93fdc7f10cad1263349fd7b5bdd6a7f7163165b96ad263b3e12022e319d0d12\",\"http_user_agent\":\"Debian APT-HTTP\\/1.3 (1.6.3ubuntu0.1)\",\"http_method\":\"GET\",\"protocol\":\"HTTP\\/1.1\",\"status\":200,\"length\":2691},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":328,\"pkts_toclient\":588,\"bytes_toserver\":23361,\"bytes_toclient\":880323,\"start\":\"2018-10-04T09:34:58.926006+0000\"}}", + "event.severity": 3, + "event.start": "2018-10-04T09:34:58.926Z", + "event.type": [ + "allowed" + ], + "fileset.name": "eve", + "http.request.method": "get", + "http.response.body.bytes": 2691, + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 12951, + "message": "Not Suspicious Traffic", + "network.bytes": 903684, + "network.community_id": "1:v4+r8WgQyj/+LOpAIRGXwdlh/Xk=", + "network.packets": 916, + "network.protocol": "http", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.146", + "91.189.91.23" + ], + "rule.category": "Not Suspicious Traffic", + "rule.id": "2013504", + "rule.name": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "service.type": "suricata", + "source.address": "192.168.1.146", + "source.bytes": 23361, + "source.ip": "192.168.1.146", + "source.packets": 328, + "source.port": 52340, + "suricata.eve.alert.category": "Not Suspicious Traffic", + "suricata.eve.alert.gid": 1, + "suricata.eve.alert.rev": 5, + "suricata.eve.alert.signature": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "suricata.eve.alert.signature_id": 2013504, + "suricata.eve.event_type": "alert", + "suricata.eve.flow_id": 112424506237238, + "suricata.eve.http.protocol": "HTTP/1.1", + "suricata.eve.in_iface": "enp0s3", + "suricata.eve.tx_id": 6, + "tags": [ + "suricata" + ], + "url.domain": "archive.ubuntu.com", + "url.original": "/ubuntu/dists/bionic-updates/restricted/binary-amd64/by-hash/SHA256/c93fdc7f10cad1263349fd7b5bdd6a7f7163165b96ad263b3e12022e319d0d12", + "url.path": "/ubuntu/dists/bionic-updates/restricted/binary-amd64/by-hash/SHA256/c93fdc7f10cad1263349fd7b5bdd6a7f7163165b96ad263b3e12022e319d0d12", + "user_agent.device.name": "Other", + "user_agent.name": "Debian APT-HTTP", + "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", + "user_agent.os.name": "Debian", + "user_agent.version": "1.3" + }, + { + "@timestamp": "2018-10-04T09:35:00.897Z", + "destination.address": "91.189.91.23", + "destination.as.number": 41231, + "destination.as.organization.name": "Canonical Group Limited", + "destination.bytes": 884342, + "destination.domain": "archive.ubuntu.com", + "destination.geo.city_name": "Boston", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 42.3562, + "destination.geo.location.lon": -71.0631, + "destination.geo.region_iso_code": "US-MA", + "destination.geo.region_name": "Massachusetts", + "destination.ip": "91.189.91.23", + "destination.packets": 591, + "destination.port": 80, + "event.category": [ + "network", + "intrusion_detection" + ], + "event.dataset": "suricata.eve", + "event.kind": "alert", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-10-04T09:35:00.897009+0000\",\"flow_id\":112424506237238,\"in_iface\":\"enp0s3\",\"event_type\":\"alert\",\"src_ip\":\"192.168.1.146\",\"src_port\":52340,\"dest_ip\":\"91.189.91.23\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":7,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013504,\"rev\":5,\"signature\":\"ET POLICY GNU\\/Linux APT User-Agent Outbound likely related to package management\",\"category\":\"Not Suspicious Traffic\",\"severity\":3},\"http\":{\"hostname\":\"archive.ubuntu.com\",\"url\":\"\\/ubuntu\\/dists\\/bionic-updates\\/universe\\/binary-amd64\\/by-hash\\/SHA256\\/5190f7afbee38b3cb32225db478fdbabd46f76eaa9c5921a13091891bf3e9bbc\",\"http_user_agent\":\"Debian APT-HTTP\\/1.3 (1.6.3ubuntu0.1)\",\"http_method\":\"GET\",\"protocol\":\"HTTP\\/1.1\",\"status\":200,\"length\":2687},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":330,\"pkts_toclient\":591,\"bytes_toserver\":23758,\"bytes_toclient\":884342,\"start\":\"2018-10-04T09:34:58.926006+0000\"}}", + "event.severity": 3, + "event.start": "2018-10-04T09:34:58.926Z", + "event.type": [ + "allowed" + ], + "fileset.name": "eve", + "http.request.method": "get", + "http.response.body.bytes": 2687, + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 13860, + "message": "Not Suspicious Traffic", + "network.bytes": 908100, + "network.community_id": "1:v4+r8WgQyj/+LOpAIRGXwdlh/Xk=", + "network.packets": 921, + "network.protocol": "http", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.146", + "91.189.91.23" + ], + "rule.category": "Not Suspicious Traffic", + "rule.id": "2013504", + "rule.name": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "service.type": "suricata", + "source.address": "192.168.1.146", + "source.bytes": 23758, + "source.ip": "192.168.1.146", + "source.packets": 330, + "source.port": 52340, + "suricata.eve.alert.category": "Not Suspicious Traffic", + "suricata.eve.alert.gid": 1, + "suricata.eve.alert.rev": 5, + "suricata.eve.alert.signature": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "suricata.eve.alert.signature_id": 2013504, + "suricata.eve.event_type": "alert", + "suricata.eve.flow_id": 112424506237238, + "suricata.eve.http.protocol": "HTTP/1.1", + "suricata.eve.in_iface": "enp0s3", + "suricata.eve.tx_id": 7, + "tags": [ + "suricata" + ], + "url.domain": "archive.ubuntu.com", + "url.original": "/ubuntu/dists/bionic-updates/universe/binary-amd64/by-hash/SHA256/5190f7afbee38b3cb32225db478fdbabd46f76eaa9c5921a13091891bf3e9bbc", + "url.path": "/ubuntu/dists/bionic-updates/universe/binary-amd64/by-hash/SHA256/5190f7afbee38b3cb32225db478fdbabd46f76eaa9c5921a13091891bf3e9bbc", + "user_agent.device.name": "Other", + "user_agent.name": "Debian APT-HTTP", + "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", + "user_agent.os.name": "Debian", + "user_agent.version": "1.3" + }, + { + "@timestamp": "2018-10-04T09:35:01.362Z", + "destination.address": "91.189.91.23", + "destination.as.number": 41231, + "destination.as.organization.name": "Canonical Group Limited", + "destination.bytes": 1467603, + "destination.domain": "archive.ubuntu.com", + "destination.geo.city_name": "Boston", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 42.3562, + "destination.geo.location.lon": -71.0631, + "destination.geo.region_iso_code": "US-MA", + "destination.geo.region_name": "Massachusetts", + "destination.ip": "91.189.91.23", + "destination.packets": 979, + "destination.port": 80, + "event.category": [ + "network", + "intrusion_detection" + ], + "event.dataset": "suricata.eve", + "event.kind": "alert", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-10-04T09:35:01.362208+0000\",\"flow_id\":112424506237238,\"in_iface\":\"enp0s3\",\"event_type\":\"alert\",\"src_ip\":\"192.168.1.146\",\"src_port\":52340,\"dest_ip\":\"91.189.91.23\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":8,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013504,\"rev\":5,\"signature\":\"ET POLICY GNU\\/Linux APT User-Agent Outbound likely related to package management\",\"category\":\"Not Suspicious Traffic\",\"severity\":3},\"http\":{\"hostname\":\"archive.ubuntu.com\",\"url\":\"\\/ubuntu\\/dists\\/bionic-updates\\/universe\\/i18n\\/by-hash\\/SHA256\\/9fe539b7036e51327cd85ca5e0a4dd4eb47f69168875de2ac9842a5e36ebd4a4\",\"http_user_agent\":\"Debian APT-HTTP\\/1.3 (1.6.3ubuntu0.1)\",\"http_method\":\"GET\",\"protocol\":\"HTTP\\/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":524,\"pkts_toclient\":979,\"bytes_toserver\":36819,\"bytes_toclient\":1467603,\"start\":\"2018-10-04T09:34:58.926006+0000\"}}", + "event.severity": 3, + "event.start": "2018-10-04T09:34:58.926Z", + "event.type": [ + "allowed" + ], + "fileset.name": "eve", + "http.request.method": "get", + "http.response.body.bytes": 0, + "input.type": "log", + "log.offset": 14767, + "message": "Not Suspicious Traffic", + "network.bytes": 1504422, + "network.community_id": "1:v4+r8WgQyj/+LOpAIRGXwdlh/Xk=", + "network.packets": 1503, + "network.protocol": "http", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.146", + "91.189.91.23" + ], + "rule.category": "Not Suspicious Traffic", + "rule.id": "2013504", + "rule.name": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "service.type": "suricata", + "source.address": "192.168.1.146", + "source.bytes": 36819, + "source.ip": "192.168.1.146", + "source.packets": 524, + "source.port": 52340, + "suricata.eve.alert.category": "Not Suspicious Traffic", + "suricata.eve.alert.gid": 1, + "suricata.eve.alert.rev": 5, + "suricata.eve.alert.signature": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "suricata.eve.alert.signature_id": 2013504, + "suricata.eve.event_type": "alert", + "suricata.eve.flow_id": 112424506237238, + "suricata.eve.http.protocol": "HTTP/1.1", + "suricata.eve.in_iface": "enp0s3", + "suricata.eve.tx_id": 8, + "tags": [ + "suricata" + ], + "url.domain": "archive.ubuntu.com", + "url.original": "/ubuntu/dists/bionic-updates/universe/i18n/by-hash/SHA256/9fe539b7036e51327cd85ca5e0a4dd4eb47f69168875de2ac9842a5e36ebd4a4", + "url.path": "/ubuntu/dists/bionic-updates/universe/i18n/by-hash/SHA256/9fe539b7036e51327cd85ca5e0a4dd4eb47f69168875de2ac9842a5e36ebd4a4", + "user_agent.device.name": "Other", + "user_agent.name": "Debian APT-HTTP", + "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", + "user_agent.os.name": "Debian", + "user_agent.version": "1.3" + }, + { + "@timestamp": "2018-10-04T09:35:01.575Z", + "destination.address": "91.189.91.23", + "destination.as.number": 41231, + "destination.as.organization.name": "Canonical Group Limited", + "destination.bytes": 1618380, + "destination.domain": "archive.ubuntu.com", + "destination.geo.city_name": "Boston", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 42.3562, + "destination.geo.location.lon": -71.0631, + "destination.geo.region_iso_code": "US-MA", + "destination.geo.region_name": "Massachusetts", + "destination.ip": "91.189.91.23", + "destination.packets": 1079, + "destination.port": 80, + "event.category": [ + "network", + "intrusion_detection" + ], + "event.dataset": "suricata.eve", + "event.kind": "alert", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-10-04T09:35:01.575088+0000\",\"flow_id\":112424506237238,\"in_iface\":\"enp0s3\",\"event_type\":\"alert\",\"src_ip\":\"192.168.1.146\",\"src_port\":52340,\"dest_ip\":\"91.189.91.23\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":9,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013504,\"rev\":5,\"signature\":\"ET POLICY GNU\\/Linux APT User-Agent Outbound likely related to package management\",\"category\":\"Not Suspicious Traffic\",\"severity\":3},\"http\":{\"hostname\":\"archive.ubuntu.com\",\"url\":\"\\/ubuntu\\/dists\\/bionic-updates\\/multiverse\\/binary-amd64\\/by-hash\\/SHA256\\/8ab8cb220c0e50521c589acc2bc2b43a3121210f0b035a0605972bcffd73dd16\",\"http_user_agent\":\"Debian APT-HTTP\\/1.3 (1.6.3ubuntu0.1)\",\"http_method\":\"GET\",\"protocol\":\"HTTP\\/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":575,\"pkts_toclient\":1079,\"bytes_toserver\":40452,\"bytes_toclient\":1618380,\"start\":\"2018-10-04T09:34:58.926006+0000\"}}", + "event.severity": 3, + "event.start": "2018-10-04T09:34:58.926Z", + "event.type": [ + "allowed" + ], + "fileset.name": "eve", + "http.request.method": "get", + "http.response.body.bytes": 0, + "input.type": "log", + "log.offset": 15651, + "message": "Not Suspicious Traffic", + "network.bytes": 1658832, + "network.community_id": "1:v4+r8WgQyj/+LOpAIRGXwdlh/Xk=", + "network.packets": 1654, + "network.protocol": "http", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.146", + "91.189.91.23" + ], + "rule.category": "Not Suspicious Traffic", + "rule.id": "2013504", + "rule.name": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "service.type": "suricata", + "source.address": "192.168.1.146", + "source.bytes": 40452, + "source.ip": "192.168.1.146", + "source.packets": 575, + "source.port": 52340, + "suricata.eve.alert.category": "Not Suspicious Traffic", + "suricata.eve.alert.gid": 1, + "suricata.eve.alert.rev": 5, + "suricata.eve.alert.signature": "ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management", + "suricata.eve.alert.signature_id": 2013504, + "suricata.eve.event_type": "alert", + "suricata.eve.flow_id": 112424506237238, + "suricata.eve.http.protocol": "HTTP/1.1", + "suricata.eve.in_iface": "enp0s3", + "suricata.eve.tx_id": 9, + "tags": [ + "suricata" + ], + "url.domain": "archive.ubuntu.com", + "url.original": "/ubuntu/dists/bionic-updates/multiverse/binary-amd64/by-hash/SHA256/8ab8cb220c0e50521c589acc2bc2b43a3121210f0b035a0605972bcffd73dd16", + "url.path": "/ubuntu/dists/bionic-updates/multiverse/binary-amd64/by-hash/SHA256/8ab8cb220c0e50521c589acc2bc2b43a3121210f0b035a0605972bcffd73dd16", + "user_agent.device.name": "Other", + "user_agent.name": "Debian APT-HTTP", + "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", + "user_agent.os.name": "Debian", + "user_agent.version": "1.3" + } +] \ No newline at end of file diff --git a/filebeat/module/suricata/eve/test/eve-dns-4.1.4.log b/filebeat/module/suricata/eve/test/eve-dns-4.1.4.log new file mode 100644 index 00000000000..4f625ae98f8 --- /dev/null +++ b/filebeat/module/suricata/eve/test/eve-dns-4.1.4.log @@ -0,0 +1,24 @@ +{"timestamp":"2019-08-22T23:48:27.924120+0000","flow_id":885455453886936,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.15","src_port":46686,"dest_ip":"10.0.2.3","dest_port":53,"proto":"UDP","dns":{"type":"query","id":51803,"rrname":"google.com","rrtype":"A","tx_id":0}} +{"timestamp":"2019-08-22T23:48:27.924282+0000","flow_id":1418448010418810,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.15","src_port":36993,"dest_ip":"10.0.2.3","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39523,"rrname":"google.com","rrtype":"AAAA","tx_id":0}} +{"timestamp":"2019-08-22T23:48:27.950946+0000","flow_id":1418448010418810,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.3","src_port":53,"dest_ip":"10.0.2.15","dest_port":36993,"proto":"UDP","dns":{"version":2,"type":"answer","id":39523,"flags":"8180","qr":true,"rd":true,"ra":true,"rcode":"NOERROR","rrname":"google.com","rrtype":"AAAA","answers":[{"rrname":"google.com","rrtype":"AAAA","ttl":272,"rdata":"2607:f8b0:4006:0805:0000:0000:0000:200e"}],"grouped":{"AAAA":["2607:f8b0:4006:0805:0000:0000:0000:200e"]}}} +{"timestamp":"2019-08-22T23:48:27.957906+0000","flow_id":885455453886936,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.3","src_port":53,"dest_ip":"10.0.2.15","dest_port":46686,"proto":"UDP","dns":{"version":2,"type":"answer","id":51803,"flags":"8180","qr":true,"rd":true,"ra":true,"rcode":"NOERROR","rrname":"google.com","rrtype":"A","answers":[{"rrname":"google.com","rrtype":"A","ttl":299,"rdata":"172.217.11.46"}],"grouped":{"A":["172.217.11.46"]}}} +{"timestamp":"2019-08-22T23:48:48.839495+0000","flow_id":40074894954311,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.15","src_port":50720,"dest_ip":"10.0.2.3","dest_port":53,"proto":"UDP","dns":{"type":"query","id":60273,"rrname":"www.elastic.co","rrtype":"A","tx_id":0}} +{"timestamp":"2019-08-22T23:48:48.839714+0000","flow_id":2130691028471842,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.15","src_port":41979,"dest_ip":"10.0.2.3","dest_port":53,"proto":"UDP","dns":{"type":"query","id":4210,"rrname":"www.elastic.co","rrtype":"AAAA","tx_id":0}} +{"timestamp":"2019-08-22T23:48:48.901548+0000","flow_id":40074894954311,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.3","src_port":53,"dest_ip":"10.0.2.15","dest_port":50720,"proto":"UDP","dns":{"version":2,"type":"answer","id":60273,"flags":"8180","qr":true,"rd":true,"ra":true,"rcode":"NOERROR","rrname":"www.elastic.co","rrtype":"A","answers":[{"rrname":"www.elastic.co","rrtype":"CNAME","ttl":270,"rdata":"dualstack.r2.shared.global.fastly.net"},{"rrname":"dualstack.r2.shared.global.fastly.net","rrtype":"A","ttl":29,"rdata":"151.101.130.217"},{"rrname":"dualstack.r2.shared.global.fastly.net","rrtype":"A","ttl":29,"rdata":"151.101.194.217"},{"rrname":"dualstack.r2.shared.global.fastly.net","rrtype":"A","ttl":29,"rdata":"151.101.2.217"},{"rrname":"dualstack.r2.shared.global.fastly.net","rrtype":"A","ttl":29,"rdata":"151.101.66.217"}],"grouped":{"A":["151.101.130.217","151.101.194.217","151.101.2.217","151.101.66.217"],"CNAME":["dualstack.r2.shared.global.fastly.net"]}}} +{"timestamp":"2019-08-22T23:48:48.902685+0000","flow_id":2130691028471842,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.3","src_port":53,"dest_ip":"10.0.2.15","dest_port":41979,"proto":"UDP","dns":{"version":2,"type":"answer","id":4210,"flags":"8180","qr":true,"rd":true,"ra":true,"rcode":"NOERROR","rrname":"www.elastic.co","rrtype":"AAAA","answers":[{"rrname":"www.elastic.co","rrtype":"CNAME","ttl":299,"rdata":"dualstack.r2.shared.global.fastly.net"},{"rrname":"dualstack.r2.shared.global.fastly.net","rrtype":"AAAA","ttl":29,"rdata":"2a04:4e42:0600:0000:0000:0000:0000:0729"},{"rrname":"dualstack.r2.shared.global.fastly.net","rrtype":"AAAA","ttl":29,"rdata":"2a04:4e42:0000:0000:0000:0000:0000:0729"},{"rrname":"dualstack.r2.shared.global.fastly.net","rrtype":"AAAA","ttl":29,"rdata":"2a04:4e42:0200:0000:0000:0000:0000:0729"},{"rrname":"dualstack.r2.shared.global.fastly.net","rrtype":"AAAA","ttl":29,"rdata":"2a04:4e42:0400:0000:0000:0000:0000:0729"}],"grouped":{"AAAA":["2a04:4e42:0600:0000:0000:0000:0000:0729","2a04:4e42:0000:0000:0000:0000:0000:0729","2a04:4e42:0200:0000:0000:0000:0000:0729","2a04:4e42:0400:0000:0000:0000:0000:0729"],"CNAME":["dualstack.r2.shared.global.fastly.net"]}}} +{"timestamp":"2019-08-23T01:22:31.812655+0000","flow_id":814378410010223,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.15","src_port":44773,"dest_ip":"10.0.2.3","dest_port":53,"proto":"UDP","dns":{"type":"query","id":28329,"rrname":"www.yahoo.com","rrtype":"A","tx_id":0}} +{"timestamp":"2019-08-23T01:22:31.812828+0000","flow_id":1887239765714716,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.15","src_port":55246,"dest_ip":"10.0.2.3","dest_port":53,"proto":"UDP","dns":{"type":"query","id":7050,"rrname":"www.yahoo.com","rrtype":"AAAA","tx_id":0}} +{"timestamp":"2019-08-23T01:22:31.846575+0000","flow_id":814378410010223,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.3","src_port":53,"dest_ip":"10.0.2.15","dest_port":44773,"proto":"UDP","dns":{"type":"answer","id":28329,"flags":"8180","qr":true,"rd":true,"ra":true,"rcode":"NOERROR","rrname":"www.yahoo.com","rrtype":"CNAME","ttl":1315,"rdata":"atsv2-fp-shed.wg1.b.yahoo.com"}} +{"timestamp":"2019-08-23T01:22:31.846575+0000","flow_id":814378410010223,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.3","src_port":53,"dest_ip":"10.0.2.15","dest_port":44773,"proto":"UDP","dns":{"type":"answer","id":28329,"flags":"8180","qr":true,"rd":true,"ra":true,"rcode":"NOERROR","rrname":"atsv2-fp-shed.wg1.b.yahoo.com","rrtype":"A","ttl":15,"rdata":"98.138.219.232"}} +{"timestamp":"2019-08-23T01:22:31.846575+0000","flow_id":814378410010223,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.3","src_port":53,"dest_ip":"10.0.2.15","dest_port":44773,"proto":"UDP","dns":{"type":"answer","id":28329,"flags":"8180","qr":true,"rd":true,"ra":true,"rcode":"NOERROR","rrname":"atsv2-fp-shed.wg1.b.yahoo.com","rrtype":"A","ttl":15,"rdata":"98.138.219.231"}} +{"timestamp":"2019-08-23T01:22:31.846575+0000","flow_id":814378410010223,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.3","src_port":53,"dest_ip":"10.0.2.15","dest_port":44773,"proto":"UDP","dns":{"type":"answer","id":28329,"flags":"8180","qr":true,"rd":true,"ra":true,"rcode":"NOERROR","rrname":"atsv2-fp-shed.wg1.b.yahoo.com","rrtype":"A","ttl":15,"rdata":"72.30.35.10"}} +{"timestamp":"2019-08-23T01:22:31.846575+0000","flow_id":814378410010223,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.3","src_port":53,"dest_ip":"10.0.2.15","dest_port":44773,"proto":"UDP","dns":{"type":"answer","id":28329,"flags":"8180","qr":true,"rd":true,"ra":true,"rcode":"NOERROR","rrname":"atsv2-fp-shed.wg1.b.yahoo.com","rrtype":"A","ttl":15,"rdata":"72.30.35.9"}} +{"timestamp":"2019-08-23T01:22:31.847379+0000","flow_id":1887239765714716,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.3","src_port":53,"dest_ip":"10.0.2.15","dest_port":55246,"proto":"UDP","dns":{"type":"answer","id":7050,"flags":"8180","qr":true,"rd":true,"ra":true,"rcode":"NOERROR","rrname":"www.yahoo.com","rrtype":"CNAME","ttl":1268,"rdata":"atsv2-fp-shed.wg1.b.yahoo.com"}} +{"timestamp":"2019-08-23T01:22:31.847379+0000","flow_id":1887239765714716,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.3","src_port":53,"dest_ip":"10.0.2.15","dest_port":55246,"proto":"UDP","dns":{"type":"answer","id":7050,"flags":"8180","qr":true,"rd":true,"ra":true,"rcode":"NOERROR","rrname":"atsv2-fp-shed.wg1.b.yahoo.com","rrtype":"AAAA","ttl":53,"rdata":"2001:4998:0058:1836:0000:0000:0000:0010"}} +{"timestamp":"2019-08-23T01:22:31.847379+0000","flow_id":1887239765714716,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.3","src_port":53,"dest_ip":"10.0.2.15","dest_port":55246,"proto":"UDP","dns":{"type":"answer","id":7050,"flags":"8180","qr":true,"rd":true,"ra":true,"rcode":"NOERROR","rrname":"atsv2-fp-shed.wg1.b.yahoo.com","rrtype":"AAAA","ttl":53,"rdata":"2001:4998:0044:041d:0000:0000:0000:0003"}} +{"timestamp":"2019-08-23T01:22:31.847379+0000","flow_id":1887239765714716,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.3","src_port":53,"dest_ip":"10.0.2.15","dest_port":55246,"proto":"UDP","dns":{"type":"answer","id":7050,"flags":"8180","qr":true,"rd":true,"ra":true,"rcode":"NOERROR","rrname":"atsv2-fp-shed.wg1.b.yahoo.com","rrtype":"AAAA","ttl":53,"rdata":"2001:4998:0058:1836:0000:0000:0000:0011"}} +{"timestamp":"2019-08-23T01:22:31.847379+0000","flow_id":1887239765714716,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.3","src_port":53,"dest_ip":"10.0.2.15","dest_port":55246,"proto":"UDP","dns":{"type":"answer","id":7050,"flags":"8180","qr":true,"rd":true,"ra":true,"rcode":"NOERROR","rrname":"atsv2-fp-shed.wg1.b.yahoo.com","rrtype":"AAAA","ttl":53,"rdata":"2001:4998:0044:041d:0000:0000:0000:0004"}} +{"timestamp":"2019-08-23T02:03:36.578089+0000","flow_id":2181951993205289,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.15","src_port":48288,"dest_ip":"10.0.2.3","dest_port":53,"proto":"UDP","dns":{"type":"query","id":9104,"rrname":"www.elastic.co","rrtype":"A","tx_id":0}} +{"timestamp":"2019-08-23T02:03:36.578262+0000","flow_id":928596784370390,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.15","src_port":59203,"dest_ip":"10.0.2.3","dest_port":53,"proto":"UDP","dns":{"type":"query","id":12859,"rrname":"www.elastic.co","rrtype":"AAAA","tx_id":0}} +{"timestamp":"2019-08-23T02:03:36.619381+0000","flow_id":2181951993205289,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.3","src_port":53,"dest_ip":"10.0.2.15","dest_port":48288,"proto":"UDP","dns":{"version":2,"type":"answer","id":9104,"flags":"8180","qr":true,"rd":true,"ra":true,"rcode":"NOERROR","rrname":"www.elastic.co","rrtype":"A","answers":[{"rrname":"www.elastic.co","rrtype":"CNAME","ttl":150,"rdata":"dualstack.r2.shared.global.fastly.net"},{"rrname":"dualstack.r2.shared.global.fastly.net","rrtype":"A","ttl":29,"rdata":"151.101.194.217"},{"rrname":"dualstack.r2.shared.global.fastly.net","rrtype":"A","ttl":29,"rdata":"151.101.2.217"},{"rrname":"dualstack.r2.shared.global.fastly.net","rrtype":"A","ttl":29,"rdata":"151.101.66.217"},{"rrname":"dualstack.r2.shared.global.fastly.net","rrtype":"A","ttl":29,"rdata":"151.101.130.217"}]}} +{"timestamp":"2019-08-23T02:03:36.626559+0000","flow_id":928596784370390,"in_iface":"enp0s3","event_type":"dns","src_ip":"10.0.2.3","src_port":53,"dest_ip":"10.0.2.15","dest_port":59203,"proto":"UDP","dns":{"version":2,"type":"answer","id":12859,"flags":"8180","qr":true,"rd":true,"ra":true,"rcode":"NOERROR","rrname":"www.elastic.co","rrtype":"AAAA","answers":[{"rrname":"www.elastic.co","rrtype":"CNAME","ttl":269,"rdata":"dualstack.r2.shared.global.fastly.net"},{"rrname":"dualstack.r2.shared.global.fastly.net","rrtype":"AAAA","ttl":29,"rdata":"2a04:4e42:0000:0000:0000:0000:0000:0729"},{"rrname":"dualstack.r2.shared.global.fastly.net","rrtype":"AAAA","ttl":29,"rdata":"2a04:4e42:0200:0000:0000:0000:0000:0729"},{"rrname":"dualstack.r2.shared.global.fastly.net","rrtype":"AAAA","ttl":29,"rdata":"2a04:4e42:0400:0000:0000:0000:0000:0729"},{"rrname":"dualstack.r2.shared.global.fastly.net","rrtype":"AAAA","ttl":29,"rdata":"2a04:4e42:0600:0000:0000:0000:0000:0729"}]}} diff --git a/filebeat/module/suricata/eve/test/eve-dns-4.1.4.log-expected.json b/filebeat/module/suricata/eve/test/eve-dns-4.1.4.log-expected.json new file mode 100644 index 00000000000..a36d9d951ad --- /dev/null +++ b/filebeat/module/suricata/eve/test/eve-dns-4.1.4.log-expected.json @@ -0,0 +1,1404 @@ +[ + { + "@timestamp": "2019-08-22T23:48:27.924Z", + "destination.address": "10.0.2.3", + "destination.ip": "10.0.2.3", + "destination.port": 53, + "dns.id": "51803", + "dns.question.name": "google.com", + "dns.question.registered_domain": "google.com", + "dns.question.top_level_domain": "com", + "dns.question.type": "A", + "dns.type": "query", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-22T23:48:27.924120+0000\",\"flow_id\":885455453886936,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.15\",\"src_port\":46686,\"dest_ip\":\"10.0.2.3\",\"dest_port\":53,\"proto\":\"UDP\",\"dns\":{\"type\":\"query\",\"id\":51803,\"rrname\":\"google.com\",\"rrtype\":\"A\",\"tx_id\":0}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:HActqwgIaYeC8fc4sfMGrL8jjaI=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.15", + "10.0.2.3" + ], + "service.type": "suricata", + "source.address": "10.0.2.15", + "source.ip": "10.0.2.15", + "source.port": 46686, + "suricata.eve.dns.id": 51803, + "suricata.eve.dns.rrname": "google.com", + "suricata.eve.dns.rrtype": "A", + "suricata.eve.dns.tx_id": 0, + "suricata.eve.dns.type": "query", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 885455453886936, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2019-08-22T23:48:27.924Z", + "destination.address": "10.0.2.3", + "destination.ip": "10.0.2.3", + "destination.port": 53, + "dns.id": "39523", + "dns.question.name": "google.com", + "dns.question.registered_domain": "google.com", + "dns.question.top_level_domain": "com", + "dns.question.type": "AAAA", + "dns.type": "query", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-22T23:48:27.924282+0000\",\"flow_id\":1418448010418810,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.15\",\"src_port\":36993,\"dest_ip\":\"10.0.2.3\",\"dest_port\":53,\"proto\":\"UDP\",\"dns\":{\"type\":\"query\",\"id\":39523,\"rrname\":\"google.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 280, + "network.community_id": "1:Z5dwZB2hQ1ZuxC+6Jw04VtuJ1lw=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.15", + "10.0.2.3" + ], + "service.type": "suricata", + "source.address": "10.0.2.15", + "source.ip": "10.0.2.15", + "source.port": 36993, + "suricata.eve.dns.id": 39523, + "suricata.eve.dns.rrname": "google.com", + "suricata.eve.dns.rrtype": "AAAA", + "suricata.eve.dns.tx_id": 0, + "suricata.eve.dns.type": "query", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 1418448010418810, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2019-08-22T23:48:27.950Z", + "destination.address": "10.0.2.15", + "destination.ip": "10.0.2.15", + "destination.port": 36993, + "dns.answers": [ + { + "data": "2607:f8b0:4006:0805:0000:0000:0000:200e", + "name": "google.com", + "ttl": 272, + "type": "AAAA" + } + ], + "dns.header_flags": [ + "RD", + "RA" + ], + "dns.id": "39523", + "dns.question.name": "google.com", + "dns.question.registered_domain": "google.com", + "dns.question.top_level_domain": "com", + "dns.question.type": "AAAA", + "dns.resolved_ip": [ + "2607:f8b0:4006:0805:0000:0000:0000:200e" + ], + "dns.response_code": "NOERROR", + "dns.type": "answer", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-22T23:48:27.950946+0000\",\"flow_id\":1418448010418810,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":36993,\"proto\":\"UDP\",\"dns\":{\"version\":2,\"type\":\"answer\",\"id\":39523,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"google.com\",\"rrtype\":\"AAAA\",\"answers\":[{\"rrname\":\"google.com\",\"rrtype\":\"AAAA\",\"ttl\":272,\"rdata\":\"2607:f8b0:4006:0805:0000:0000:0000:200e\"}],\"grouped\":{\"AAAA\":[\"2607:f8b0:4006:0805:0000:0000:0000:200e\"]}}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 564, + "network.community_id": "1:Z5dwZB2hQ1ZuxC+6Jw04VtuJ1lw=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.3", + "10.0.2.15" + ], + "service.type": "suricata", + "source.address": "10.0.2.3", + "source.ip": "10.0.2.3", + "source.port": 53, + "suricata.eve.dns.id": 39523, + "suricata.eve.dns.rcode": "NOERROR", + "suricata.eve.dns.rrname": "google.com", + "suricata.eve.dns.rrtype": "AAAA", + "suricata.eve.dns.type": "answer", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 1418448010418810, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2019-08-22T23:48:27.957Z", + "destination.address": "10.0.2.15", + "destination.ip": "10.0.2.15", + "destination.port": 46686, + "dns.answers": [ + { + "data": "172.217.11.46", + "name": "google.com", + "ttl": 299, + "type": "A" + } + ], + "dns.header_flags": [ + "RD", + "RA" + ], + "dns.id": "51803", + "dns.question.name": "google.com", + "dns.question.registered_domain": "google.com", + "dns.question.top_level_domain": "com", + "dns.question.type": "A", + "dns.resolved_ip": [ + "172.217.11.46" + ], + "dns.response_code": "NOERROR", + "dns.type": "answer", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-22T23:48:27.957906+0000\",\"flow_id\":885455453886936,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":46686,\"proto\":\"UDP\",\"dns\":{\"version\":2,\"type\":\"answer\",\"id\":51803,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"google.com\",\"rrtype\":\"A\",\"answers\":[{\"rrname\":\"google.com\",\"rrtype\":\"A\",\"ttl\":299,\"rdata\":\"172.217.11.46\"}],\"grouped\":{\"A\":[\"172.217.11.46\"]}}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 1089, + "network.community_id": "1:HActqwgIaYeC8fc4sfMGrL8jjaI=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.3", + "10.0.2.15" + ], + "service.type": "suricata", + "source.address": "10.0.2.3", + "source.ip": "10.0.2.3", + "source.port": 53, + "suricata.eve.dns.id": 51803, + "suricata.eve.dns.rcode": "NOERROR", + "suricata.eve.dns.rrname": "google.com", + "suricata.eve.dns.rrtype": "A", + "suricata.eve.dns.type": "answer", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 885455453886936, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2019-08-22T23:48:48.839Z", + "destination.address": "10.0.2.3", + "destination.ip": "10.0.2.3", + "destination.port": 53, + "dns.id": "60273", + "dns.question.name": "www.elastic.co", + "dns.question.registered_domain": "elastic.co", + "dns.question.top_level_domain": "co", + "dns.question.type": "A", + "dns.type": "query", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-22T23:48:48.839495+0000\",\"flow_id\":40074894954311,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.15\",\"src_port\":50720,\"dest_ip\":\"10.0.2.3\",\"dest_port\":53,\"proto\":\"UDP\",\"dns\":{\"type\":\"query\",\"id\":60273,\"rrname\":\"www.elastic.co\",\"rrtype\":\"A\",\"tx_id\":0}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 1552, + "network.community_id": "1:vfjW/QLkaS6+iMbv/HRuEOgqA4o=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.15", + "10.0.2.3" + ], + "service.type": "suricata", + "source.address": "10.0.2.15", + "source.ip": "10.0.2.15", + "source.port": 50720, + "suricata.eve.dns.id": 60273, + "suricata.eve.dns.rrname": "www.elastic.co", + "suricata.eve.dns.rrtype": "A", + "suricata.eve.dns.tx_id": 0, + "suricata.eve.dns.type": "query", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 40074894954311, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2019-08-22T23:48:48.839Z", + "destination.address": "10.0.2.3", + "destination.ip": "10.0.2.3", + "destination.port": 53, + "dns.id": "4210", + "dns.question.name": "www.elastic.co", + "dns.question.registered_domain": "elastic.co", + "dns.question.top_level_domain": "co", + "dns.question.type": "AAAA", + "dns.type": "query", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-22T23:48:48.839714+0000\",\"flow_id\":2130691028471842,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.15\",\"src_port\":41979,\"dest_ip\":\"10.0.2.3\",\"dest_port\":53,\"proto\":\"UDP\",\"dns\":{\"type\":\"query\",\"id\":4210,\"rrname\":\"www.elastic.co\",\"rrtype\":\"AAAA\",\"tx_id\":0}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 1835, + "network.community_id": "1:SDBTqhsjpXwQyrvRX6xpeEaMsAg=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.15", + "10.0.2.3" + ], + "service.type": "suricata", + "source.address": "10.0.2.15", + "source.ip": "10.0.2.15", + "source.port": 41979, + "suricata.eve.dns.id": 4210, + "suricata.eve.dns.rrname": "www.elastic.co", + "suricata.eve.dns.rrtype": "AAAA", + "suricata.eve.dns.tx_id": 0, + "suricata.eve.dns.type": "query", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 2130691028471842, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2019-08-22T23:48:48.901Z", + "destination.address": "10.0.2.15", + "destination.ip": "10.0.2.15", + "destination.port": 50720, + "dns.answers": [ + { + "data": "dualstack.r2.shared.global.fastly.net", + "name": "www.elastic.co", + "ttl": 270, + "type": "CNAME" + }, + { + "data": "151.101.130.217", + "name": "dualstack.r2.shared.global.fastly.net", + "ttl": 29, + "type": "A" + }, + { + "data": "151.101.194.217", + "name": "dualstack.r2.shared.global.fastly.net", + "ttl": 29, + "type": "A" + }, + { + "data": "151.101.2.217", + "name": "dualstack.r2.shared.global.fastly.net", + "ttl": 29, + "type": "A" + }, + { + "data": "151.101.66.217", + "name": "dualstack.r2.shared.global.fastly.net", + "ttl": 29, + "type": "A" + } + ], + "dns.header_flags": [ + "RD", + "RA" + ], + "dns.id": "60273", + "dns.question.name": "www.elastic.co", + "dns.question.registered_domain": "elastic.co", + "dns.question.top_level_domain": "co", + "dns.question.type": "A", + "dns.resolved_ip": [ + "151.101.130.217", + "151.101.194.217", + "151.101.2.217", + "151.101.66.217" + ], + "dns.response_code": "NOERROR", + "dns.type": "answer", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-22T23:48:48.901548+0000\",\"flow_id\":40074894954311,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":50720,\"proto\":\"UDP\",\"dns\":{\"version\":2,\"type\":\"answer\",\"id\":60273,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"www.elastic.co\",\"rrtype\":\"A\",\"answers\":[{\"rrname\":\"www.elastic.co\",\"rrtype\":\"CNAME\",\"ttl\":270,\"rdata\":\"dualstack.r2.shared.global.fastly.net\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"A\",\"ttl\":29,\"rdata\":\"151.101.130.217\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"A\",\"ttl\":29,\"rdata\":\"151.101.194.217\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"A\",\"ttl\":29,\"rdata\":\"151.101.2.217\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"A\",\"ttl\":29,\"rdata\":\"151.101.66.217\"}],\"grouped\":{\"A\":[\"151.101.130.217\",\"151.101.194.217\",\"151.101.2.217\",\"151.101.66.217\"],\"CNAME\":[\"dualstack.r2.shared.global.fastly.net\"]}}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 2122, + "network.community_id": "1:vfjW/QLkaS6+iMbv/HRuEOgqA4o=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.3", + "10.0.2.15" + ], + "service.type": "suricata", + "source.address": "10.0.2.3", + "source.ip": "10.0.2.3", + "source.port": 53, + "suricata.eve.dns.id": 60273, + "suricata.eve.dns.rcode": "NOERROR", + "suricata.eve.dns.rrname": "www.elastic.co", + "suricata.eve.dns.rrtype": "A", + "suricata.eve.dns.type": "answer", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 40074894954311, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2019-08-22T23:48:48.902Z", + "destination.address": "10.0.2.15", + "destination.ip": "10.0.2.15", + "destination.port": 41979, + "dns.answers": [ + { + "data": "dualstack.r2.shared.global.fastly.net", + "name": "www.elastic.co", + "ttl": 299, + "type": "CNAME" + }, + { + "data": "2a04:4e42:0600:0000:0000:0000:0000:0729", + "name": "dualstack.r2.shared.global.fastly.net", + "ttl": 29, + "type": "AAAA" + }, + { + "data": "2a04:4e42:0000:0000:0000:0000:0000:0729", + "name": "dualstack.r2.shared.global.fastly.net", + "ttl": 29, + "type": "AAAA" + }, + { + "data": "2a04:4e42:0200:0000:0000:0000:0000:0729", + "name": "dualstack.r2.shared.global.fastly.net", + "ttl": 29, + "type": "AAAA" + }, + { + "data": "2a04:4e42:0400:0000:0000:0000:0000:0729", + "name": "dualstack.r2.shared.global.fastly.net", + "ttl": 29, + "type": "AAAA" + } + ], + "dns.header_flags": [ + "RD", + "RA" + ], + "dns.id": "4210", + "dns.question.name": "www.elastic.co", + "dns.question.registered_domain": "elastic.co", + "dns.question.top_level_domain": "co", + "dns.question.type": "AAAA", + "dns.resolved_ip": [ + "2a04:4e42:0600:0000:0000:0000:0000:0729", + "2a04:4e42:0000:0000:0000:0000:0000:0729", + "2a04:4e42:0200:0000:0000:0000:0000:0729", + "2a04:4e42:0400:0000:0000:0000:0000:0729" + ], + "dns.response_code": "NOERROR", + "dns.type": "answer", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-22T23:48:48.902685+0000\",\"flow_id\":2130691028471842,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":41979,\"proto\":\"UDP\",\"dns\":{\"version\":2,\"type\":\"answer\",\"id\":4210,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"www.elastic.co\",\"rrtype\":\"AAAA\",\"answers\":[{\"rrname\":\"www.elastic.co\",\"rrtype\":\"CNAME\",\"ttl\":299,\"rdata\":\"dualstack.r2.shared.global.fastly.net\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"AAAA\",\"ttl\":29,\"rdata\":\"2a04:4e42:0600:0000:0000:0000:0000:0729\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"AAAA\",\"ttl\":29,\"rdata\":\"2a04:4e42:0000:0000:0000:0000:0000:0729\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"AAAA\",\"ttl\":29,\"rdata\":\"2a04:4e42:0200:0000:0000:0000:0000:0729\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"AAAA\",\"ttl\":29,\"rdata\":\"2a04:4e42:0400:0000:0000:0000:0000:0729\"}],\"grouped\":{\"AAAA\":[\"2a04:4e42:0600:0000:0000:0000:0000:0729\",\"2a04:4e42:0000:0000:0000:0000:0000:0729\",\"2a04:4e42:0200:0000:0000:0000:0000:0729\",\"2a04:4e42:0400:0000:0000:0000:0000:0729\"],\"CNAME\":[\"dualstack.r2.shared.global.fastly.net\"]}}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 3116, + "network.community_id": "1:SDBTqhsjpXwQyrvRX6xpeEaMsAg=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.3", + "10.0.2.15" + ], + "service.type": "suricata", + "source.address": "10.0.2.3", + "source.ip": "10.0.2.3", + "source.port": 53, + "suricata.eve.dns.id": 4210, + "suricata.eve.dns.rcode": "NOERROR", + "suricata.eve.dns.rrname": "www.elastic.co", + "suricata.eve.dns.rrtype": "AAAA", + "suricata.eve.dns.type": "answer", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 2130691028471842, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2019-08-23T01:22:31.812Z", + "destination.address": "10.0.2.3", + "destination.ip": "10.0.2.3", + "destination.port": 53, + "dns.id": "28329", + "dns.question.name": "www.yahoo.com", + "dns.question.registered_domain": "yahoo.com", + "dns.question.top_level_domain": "com", + "dns.question.type": "A", + "dns.type": "query", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-23T01:22:31.812655+0000\",\"flow_id\":814378410010223,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.15\",\"src_port\":44773,\"dest_ip\":\"10.0.2.3\",\"dest_port\":53,\"proto\":\"UDP\",\"dns\":{\"type\":\"query\",\"id\":28329,\"rrname\":\"www.yahoo.com\",\"rrtype\":\"A\",\"tx_id\":0}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 4327, + "network.community_id": "1:O4Lt3gevExgYQL5MQJq7vgssBrQ=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.15", + "10.0.2.3" + ], + "service.type": "suricata", + "source.address": "10.0.2.15", + "source.ip": "10.0.2.15", + "source.port": 44773, + "suricata.eve.dns.id": 28329, + "suricata.eve.dns.rrname": "www.yahoo.com", + "suricata.eve.dns.rrtype": "A", + "suricata.eve.dns.tx_id": 0, + "suricata.eve.dns.type": "query", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 814378410010223, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2019-08-23T01:22:31.812Z", + "destination.address": "10.0.2.3", + "destination.ip": "10.0.2.3", + "destination.port": 53, + "dns.id": "7050", + "dns.question.name": "www.yahoo.com", + "dns.question.registered_domain": "yahoo.com", + "dns.question.top_level_domain": "com", + "dns.question.type": "AAAA", + "dns.type": "query", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-23T01:22:31.812828+0000\",\"flow_id\":1887239765714716,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.15\",\"src_port\":55246,\"dest_ip\":\"10.0.2.3\",\"dest_port\":53,\"proto\":\"UDP\",\"dns\":{\"type\":\"query\",\"id\":7050,\"rrname\":\"www.yahoo.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 4610, + "network.community_id": "1:NKecJMP5cHplk+fr2uNww69SdWg=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.15", + "10.0.2.3" + ], + "service.type": "suricata", + "source.address": "10.0.2.15", + "source.ip": "10.0.2.15", + "source.port": 55246, + "suricata.eve.dns.id": 7050, + "suricata.eve.dns.rrname": "www.yahoo.com", + "suricata.eve.dns.rrtype": "AAAA", + "suricata.eve.dns.tx_id": 0, + "suricata.eve.dns.type": "query", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 1887239765714716, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2019-08-23T01:22:31.846Z", + "destination.address": "10.0.2.15", + "destination.ip": "10.0.2.15", + "destination.port": 44773, + "dns.answers": [ + { + "data": "atsv2-fp-shed.wg1.b.yahoo.com", + "name": "www.yahoo.com", + "ttl": 1315, + "type": "CNAME" + } + ], + "dns.id": "28329", + "dns.response_code": "NOERROR", + "dns.type": "answer", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-23T01:22:31.846575+0000\",\"flow_id\":814378410010223,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":44773,\"proto\":\"UDP\",\"dns\":{\"type\":\"answer\",\"id\":28329,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"www.yahoo.com\",\"rrtype\":\"CNAME\",\"ttl\":1315,\"rdata\":\"atsv2-fp-shed.wg1.b.yahoo.com\"}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 4896, + "network.community_id": "1:O4Lt3gevExgYQL5MQJq7vgssBrQ=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.3", + "10.0.2.15" + ], + "service.type": "suricata", + "source.address": "10.0.2.3", + "source.ip": "10.0.2.3", + "source.port": 53, + "suricata.eve.dns.id": 28329, + "suricata.eve.dns.rcode": "NOERROR", + "suricata.eve.dns.rdata": "atsv2-fp-shed.wg1.b.yahoo.com", + "suricata.eve.dns.rrname": "www.yahoo.com", + "suricata.eve.dns.rrtype": "CNAME", + "suricata.eve.dns.ttl": 1315, + "suricata.eve.dns.type": "answer", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 814378410010223, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2019-08-23T01:22:31.846Z", + "destination.address": "10.0.2.15", + "destination.ip": "10.0.2.15", + "destination.port": 44773, + "dns.answers": [ + { + "data": "98.138.219.232", + "name": "atsv2-fp-shed.wg1.b.yahoo.com", + "ttl": 15, + "type": "A" + } + ], + "dns.id": "28329", + "dns.response_code": "NOERROR", + "dns.type": "answer", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-23T01:22:31.846575+0000\",\"flow_id\":814378410010223,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":44773,\"proto\":\"UDP\",\"dns\":{\"type\":\"answer\",\"id\":28329,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"atsv2-fp-shed.wg1.b.yahoo.com\",\"rrtype\":\"A\",\"ttl\":15,\"rdata\":\"98.138.219.232\"}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 5288, + "network.community_id": "1:O4Lt3gevExgYQL5MQJq7vgssBrQ=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.3", + "10.0.2.15" + ], + "service.type": "suricata", + "source.address": "10.0.2.3", + "source.ip": "10.0.2.3", + "source.port": 53, + "suricata.eve.dns.id": 28329, + "suricata.eve.dns.rcode": "NOERROR", + "suricata.eve.dns.rdata": "98.138.219.232", + "suricata.eve.dns.rrname": "atsv2-fp-shed.wg1.b.yahoo.com", + "suricata.eve.dns.rrtype": "A", + "suricata.eve.dns.ttl": 15, + "suricata.eve.dns.type": "answer", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 814378410010223, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2019-08-23T01:22:31.846Z", + "destination.address": "10.0.2.15", + "destination.ip": "10.0.2.15", + "destination.port": 44773, + "dns.answers": [ + { + "data": "98.138.219.231", + "name": "atsv2-fp-shed.wg1.b.yahoo.com", + "ttl": 15, + "type": "A" + } + ], + "dns.id": "28329", + "dns.response_code": "NOERROR", + "dns.type": "answer", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-23T01:22:31.846575+0000\",\"flow_id\":814378410010223,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":44773,\"proto\":\"UDP\",\"dns\":{\"type\":\"answer\",\"id\":28329,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"atsv2-fp-shed.wg1.b.yahoo.com\",\"rrtype\":\"A\",\"ttl\":15,\"rdata\":\"98.138.219.231\"}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 5675, + "network.community_id": "1:O4Lt3gevExgYQL5MQJq7vgssBrQ=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.3", + "10.0.2.15" + ], + "service.type": "suricata", + "source.address": "10.0.2.3", + "source.ip": "10.0.2.3", + "source.port": 53, + "suricata.eve.dns.id": 28329, + "suricata.eve.dns.rcode": "NOERROR", + "suricata.eve.dns.rdata": "98.138.219.231", + "suricata.eve.dns.rrname": "atsv2-fp-shed.wg1.b.yahoo.com", + "suricata.eve.dns.rrtype": "A", + "suricata.eve.dns.ttl": 15, + "suricata.eve.dns.type": "answer", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 814378410010223, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2019-08-23T01:22:31.846Z", + "destination.address": "10.0.2.15", + "destination.ip": "10.0.2.15", + "destination.port": 44773, + "dns.answers": [ + { + "data": "72.30.35.10", + "name": "atsv2-fp-shed.wg1.b.yahoo.com", + "ttl": 15, + "type": "A" + } + ], + "dns.id": "28329", + "dns.response_code": "NOERROR", + "dns.type": "answer", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-23T01:22:31.846575+0000\",\"flow_id\":814378410010223,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":44773,\"proto\":\"UDP\",\"dns\":{\"type\":\"answer\",\"id\":28329,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"atsv2-fp-shed.wg1.b.yahoo.com\",\"rrtype\":\"A\",\"ttl\":15,\"rdata\":\"72.30.35.10\"}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 6062, + "network.community_id": "1:O4Lt3gevExgYQL5MQJq7vgssBrQ=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.3", + "10.0.2.15" + ], + "service.type": "suricata", + "source.address": "10.0.2.3", + "source.ip": "10.0.2.3", + "source.port": 53, + "suricata.eve.dns.id": 28329, + "suricata.eve.dns.rcode": "NOERROR", + "suricata.eve.dns.rdata": "72.30.35.10", + "suricata.eve.dns.rrname": "atsv2-fp-shed.wg1.b.yahoo.com", + "suricata.eve.dns.rrtype": "A", + "suricata.eve.dns.ttl": 15, + "suricata.eve.dns.type": "answer", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 814378410010223, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2019-08-23T01:22:31.846Z", + "destination.address": "10.0.2.15", + "destination.ip": "10.0.2.15", + "destination.port": 44773, + "dns.answers": [ + { + "data": "72.30.35.9", + "name": "atsv2-fp-shed.wg1.b.yahoo.com", + "ttl": 15, + "type": "A" + } + ], + "dns.id": "28329", + "dns.response_code": "NOERROR", + "dns.type": "answer", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-23T01:22:31.846575+0000\",\"flow_id\":814378410010223,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":44773,\"proto\":\"UDP\",\"dns\":{\"type\":\"answer\",\"id\":28329,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"atsv2-fp-shed.wg1.b.yahoo.com\",\"rrtype\":\"A\",\"ttl\":15,\"rdata\":\"72.30.35.9\"}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 6446, + "network.community_id": "1:O4Lt3gevExgYQL5MQJq7vgssBrQ=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.3", + "10.0.2.15" + ], + "service.type": "suricata", + "source.address": "10.0.2.3", + "source.ip": "10.0.2.3", + "source.port": 53, + "suricata.eve.dns.id": 28329, + "suricata.eve.dns.rcode": "NOERROR", + "suricata.eve.dns.rdata": "72.30.35.9", + "suricata.eve.dns.rrname": "atsv2-fp-shed.wg1.b.yahoo.com", + "suricata.eve.dns.rrtype": "A", + "suricata.eve.dns.ttl": 15, + "suricata.eve.dns.type": "answer", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 814378410010223, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2019-08-23T01:22:31.847Z", + "destination.address": "10.0.2.15", + "destination.ip": "10.0.2.15", + "destination.port": 55246, + "dns.answers": [ + { + "data": "atsv2-fp-shed.wg1.b.yahoo.com", + "name": "www.yahoo.com", + "ttl": 1268, + "type": "CNAME" + } + ], + "dns.id": "7050", + "dns.response_code": "NOERROR", + "dns.type": "answer", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-23T01:22:31.847379+0000\",\"flow_id\":1887239765714716,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":55246,\"proto\":\"UDP\",\"dns\":{\"type\":\"answer\",\"id\":7050,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"www.yahoo.com\",\"rrtype\":\"CNAME\",\"ttl\":1268,\"rdata\":\"atsv2-fp-shed.wg1.b.yahoo.com\"}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 6829, + "network.community_id": "1:NKecJMP5cHplk+fr2uNww69SdWg=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.3", + "10.0.2.15" + ], + "service.type": "suricata", + "source.address": "10.0.2.3", + "source.ip": "10.0.2.3", + "source.port": 53, + "suricata.eve.dns.id": 7050, + "suricata.eve.dns.rcode": "NOERROR", + "suricata.eve.dns.rdata": "atsv2-fp-shed.wg1.b.yahoo.com", + "suricata.eve.dns.rrname": "www.yahoo.com", + "suricata.eve.dns.rrtype": "CNAME", + "suricata.eve.dns.ttl": 1268, + "suricata.eve.dns.type": "answer", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 1887239765714716, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2019-08-23T01:22:31.847Z", + "destination.address": "10.0.2.15", + "destination.ip": "10.0.2.15", + "destination.port": 55246, + "dns.answers": [ + { + "data": "2001:4998:0058:1836:0000:0000:0000:0010", + "name": "atsv2-fp-shed.wg1.b.yahoo.com", + "ttl": 53, + "type": "AAAA" + } + ], + "dns.id": "7050", + "dns.response_code": "NOERROR", + "dns.type": "answer", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-23T01:22:31.847379+0000\",\"flow_id\":1887239765714716,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":55246,\"proto\":\"UDP\",\"dns\":{\"type\":\"answer\",\"id\":7050,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"atsv2-fp-shed.wg1.b.yahoo.com\",\"rrtype\":\"AAAA\",\"ttl\":53,\"rdata\":\"2001:4998:0058:1836:0000:0000:0000:0010\"}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 7221, + "network.community_id": "1:NKecJMP5cHplk+fr2uNww69SdWg=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.3", + "10.0.2.15" + ], + "service.type": "suricata", + "source.address": "10.0.2.3", + "source.ip": "10.0.2.3", + "source.port": 53, + "suricata.eve.dns.id": 7050, + "suricata.eve.dns.rcode": "NOERROR", + "suricata.eve.dns.rdata": "2001:4998:0058:1836:0000:0000:0000:0010", + "suricata.eve.dns.rrname": "atsv2-fp-shed.wg1.b.yahoo.com", + "suricata.eve.dns.rrtype": "AAAA", + "suricata.eve.dns.ttl": 53, + "suricata.eve.dns.type": "answer", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 1887239765714716, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2019-08-23T01:22:31.847Z", + "destination.address": "10.0.2.15", + "destination.ip": "10.0.2.15", + "destination.port": 55246, + "dns.answers": [ + { + "data": "2001:4998:0044:041d:0000:0000:0000:0003", + "name": "atsv2-fp-shed.wg1.b.yahoo.com", + "ttl": 53, + "type": "AAAA" + } + ], + "dns.id": "7050", + "dns.response_code": "NOERROR", + "dns.type": "answer", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-23T01:22:31.847379+0000\",\"flow_id\":1887239765714716,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":55246,\"proto\":\"UDP\",\"dns\":{\"type\":\"answer\",\"id\":7050,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"atsv2-fp-shed.wg1.b.yahoo.com\",\"rrtype\":\"AAAA\",\"ttl\":53,\"rdata\":\"2001:4998:0044:041d:0000:0000:0000:0003\"}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 7636, + "network.community_id": "1:NKecJMP5cHplk+fr2uNww69SdWg=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.3", + "10.0.2.15" + ], + "service.type": "suricata", + "source.address": "10.0.2.3", + "source.ip": "10.0.2.3", + "source.port": 53, + "suricata.eve.dns.id": 7050, + "suricata.eve.dns.rcode": "NOERROR", + "suricata.eve.dns.rdata": "2001:4998:0044:041d:0000:0000:0000:0003", + "suricata.eve.dns.rrname": "atsv2-fp-shed.wg1.b.yahoo.com", + "suricata.eve.dns.rrtype": "AAAA", + "suricata.eve.dns.ttl": 53, + "suricata.eve.dns.type": "answer", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 1887239765714716, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2019-08-23T01:22:31.847Z", + "destination.address": "10.0.2.15", + "destination.ip": "10.0.2.15", + "destination.port": 55246, + "dns.answers": [ + { + "data": "2001:4998:0058:1836:0000:0000:0000:0011", + "name": "atsv2-fp-shed.wg1.b.yahoo.com", + "ttl": 53, + "type": "AAAA" + } + ], + "dns.id": "7050", + "dns.response_code": "NOERROR", + "dns.type": "answer", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-23T01:22:31.847379+0000\",\"flow_id\":1887239765714716,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":55246,\"proto\":\"UDP\",\"dns\":{\"type\":\"answer\",\"id\":7050,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"atsv2-fp-shed.wg1.b.yahoo.com\",\"rrtype\":\"AAAA\",\"ttl\":53,\"rdata\":\"2001:4998:0058:1836:0000:0000:0000:0011\"}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 8051, + "network.community_id": "1:NKecJMP5cHplk+fr2uNww69SdWg=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.3", + "10.0.2.15" + ], + "service.type": "suricata", + "source.address": "10.0.2.3", + "source.ip": "10.0.2.3", + "source.port": 53, + "suricata.eve.dns.id": 7050, + "suricata.eve.dns.rcode": "NOERROR", + "suricata.eve.dns.rdata": "2001:4998:0058:1836:0000:0000:0000:0011", + "suricata.eve.dns.rrname": "atsv2-fp-shed.wg1.b.yahoo.com", + "suricata.eve.dns.rrtype": "AAAA", + "suricata.eve.dns.ttl": 53, + "suricata.eve.dns.type": "answer", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 1887239765714716, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2019-08-23T01:22:31.847Z", + "destination.address": "10.0.2.15", + "destination.ip": "10.0.2.15", + "destination.port": 55246, + "dns.answers": [ + { + "data": "2001:4998:0044:041d:0000:0000:0000:0004", + "name": "atsv2-fp-shed.wg1.b.yahoo.com", + "ttl": 53, + "type": "AAAA" + } + ], + "dns.id": "7050", + "dns.response_code": "NOERROR", + "dns.type": "answer", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-23T01:22:31.847379+0000\",\"flow_id\":1887239765714716,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":55246,\"proto\":\"UDP\",\"dns\":{\"type\":\"answer\",\"id\":7050,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"atsv2-fp-shed.wg1.b.yahoo.com\",\"rrtype\":\"AAAA\",\"ttl\":53,\"rdata\":\"2001:4998:0044:041d:0000:0000:0000:0004\"}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 8466, + "network.community_id": "1:NKecJMP5cHplk+fr2uNww69SdWg=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.3", + "10.0.2.15" + ], + "service.type": "suricata", + "source.address": "10.0.2.3", + "source.ip": "10.0.2.3", + "source.port": 53, + "suricata.eve.dns.id": 7050, + "suricata.eve.dns.rcode": "NOERROR", + "suricata.eve.dns.rdata": "2001:4998:0044:041d:0000:0000:0000:0004", + "suricata.eve.dns.rrname": "atsv2-fp-shed.wg1.b.yahoo.com", + "suricata.eve.dns.rrtype": "AAAA", + "suricata.eve.dns.ttl": 53, + "suricata.eve.dns.type": "answer", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 1887239765714716, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2019-08-23T02:03:36.578Z", + "destination.address": "10.0.2.3", + "destination.ip": "10.0.2.3", + "destination.port": 53, + "dns.id": "9104", + "dns.question.name": "www.elastic.co", + "dns.question.registered_domain": "elastic.co", + "dns.question.top_level_domain": "co", + "dns.question.type": "A", + "dns.type": "query", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-23T02:03:36.578089+0000\",\"flow_id\":2181951993205289,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.15\",\"src_port\":48288,\"dest_ip\":\"10.0.2.3\",\"dest_port\":53,\"proto\":\"UDP\",\"dns\":{\"type\":\"query\",\"id\":9104,\"rrname\":\"www.elastic.co\",\"rrtype\":\"A\",\"tx_id\":0}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 8881, + "network.community_id": "1:zh0UVYktuWGDSL+4ROPa1CTtEPE=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.15", + "10.0.2.3" + ], + "service.type": "suricata", + "source.address": "10.0.2.15", + "source.ip": "10.0.2.15", + "source.port": 48288, + "suricata.eve.dns.id": 9104, + "suricata.eve.dns.rrname": "www.elastic.co", + "suricata.eve.dns.rrtype": "A", + "suricata.eve.dns.tx_id": 0, + "suricata.eve.dns.type": "query", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 2181951993205289, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2019-08-23T02:03:36.578Z", + "destination.address": "10.0.2.3", + "destination.ip": "10.0.2.3", + "destination.port": 53, + "dns.id": "12859", + "dns.question.name": "www.elastic.co", + "dns.question.registered_domain": "elastic.co", + "dns.question.top_level_domain": "co", + "dns.question.type": "AAAA", + "dns.type": "query", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-23T02:03:36.578262+0000\",\"flow_id\":928596784370390,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.15\",\"src_port\":59203,\"dest_ip\":\"10.0.2.3\",\"dest_port\":53,\"proto\":\"UDP\",\"dns\":{\"type\":\"query\",\"id\":12859,\"rrname\":\"www.elastic.co\",\"rrtype\":\"AAAA\",\"tx_id\":0}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 9165, + "network.community_id": "1:fuLDtU46PU3PHindOSCj0JKYUaA=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.15", + "10.0.2.3" + ], + "service.type": "suricata", + "source.address": "10.0.2.15", + "source.ip": "10.0.2.15", + "source.port": 59203, + "suricata.eve.dns.id": 12859, + "suricata.eve.dns.rrname": "www.elastic.co", + "suricata.eve.dns.rrtype": "AAAA", + "suricata.eve.dns.tx_id": 0, + "suricata.eve.dns.type": "query", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 928596784370390, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2019-08-23T02:03:36.619Z", + "destination.address": "10.0.2.15", + "destination.ip": "10.0.2.15", + "destination.port": 48288, + "dns.answers": [ + { + "data": "dualstack.r2.shared.global.fastly.net", + "name": "www.elastic.co", + "ttl": 150, + "type": "CNAME" + }, + { + "data": "151.101.194.217", + "name": "dualstack.r2.shared.global.fastly.net", + "ttl": 29, + "type": "A" + }, + { + "data": "151.101.2.217", + "name": "dualstack.r2.shared.global.fastly.net", + "ttl": 29, + "type": "A" + }, + { + "data": "151.101.66.217", + "name": "dualstack.r2.shared.global.fastly.net", + "ttl": 29, + "type": "A" + }, + { + "data": "151.101.130.217", + "name": "dualstack.r2.shared.global.fastly.net", + "ttl": 29, + "type": "A" + } + ], + "dns.header_flags": [ + "RD", + "RA" + ], + "dns.id": "9104", + "dns.question.name": "www.elastic.co", + "dns.question.registered_domain": "elastic.co", + "dns.question.top_level_domain": "co", + "dns.question.type": "A", + "dns.resolved_ip": [ + "151.101.194.217", + "151.101.2.217", + "151.101.66.217", + "151.101.130.217" + ], + "dns.response_code": "NOERROR", + "dns.type": "answer", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-23T02:03:36.619381+0000\",\"flow_id\":2181951993205289,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":48288,\"proto\":\"UDP\",\"dns\":{\"version\":2,\"type\":\"answer\",\"id\":9104,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"www.elastic.co\",\"rrtype\":\"A\",\"answers\":[{\"rrname\":\"www.elastic.co\",\"rrtype\":\"CNAME\",\"ttl\":150,\"rdata\":\"dualstack.r2.shared.global.fastly.net\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"A\",\"ttl\":29,\"rdata\":\"151.101.194.217\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"A\",\"ttl\":29,\"rdata\":\"151.101.2.217\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"A\",\"ttl\":29,\"rdata\":\"151.101.66.217\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"A\",\"ttl\":29,\"rdata\":\"151.101.130.217\"}]}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 9452, + "network.community_id": "1:zh0UVYktuWGDSL+4ROPa1CTtEPE=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.3", + "10.0.2.15" + ], + "service.type": "suricata", + "source.address": "10.0.2.3", + "source.ip": "10.0.2.3", + "source.port": 53, + "suricata.eve.dns.id": 9104, + "suricata.eve.dns.rcode": "NOERROR", + "suricata.eve.dns.rrname": "www.elastic.co", + "suricata.eve.dns.rrtype": "A", + "suricata.eve.dns.type": "answer", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 2181951993205289, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2019-08-23T02:03:36.626Z", + "destination.address": "10.0.2.15", + "destination.ip": "10.0.2.15", + "destination.port": 59203, + "dns.answers": [ + { + "data": "dualstack.r2.shared.global.fastly.net", + "name": "www.elastic.co", + "ttl": 269, + "type": "CNAME" + }, + { + "data": "2a04:4e42:0000:0000:0000:0000:0000:0729", + "name": "dualstack.r2.shared.global.fastly.net", + "ttl": 29, + "type": "AAAA" + }, + { + "data": "2a04:4e42:0200:0000:0000:0000:0000:0729", + "name": "dualstack.r2.shared.global.fastly.net", + "ttl": 29, + "type": "AAAA" + }, + { + "data": "2a04:4e42:0400:0000:0000:0000:0000:0729", + "name": "dualstack.r2.shared.global.fastly.net", + "ttl": 29, + "type": "AAAA" + }, + { + "data": "2a04:4e42:0600:0000:0000:0000:0000:0729", + "name": "dualstack.r2.shared.global.fastly.net", + "ttl": 29, + "type": "AAAA" + } + ], + "dns.header_flags": [ + "RD", + "RA" + ], + "dns.id": "12859", + "dns.question.name": "www.elastic.co", + "dns.question.registered_domain": "elastic.co", + "dns.question.top_level_domain": "co", + "dns.question.type": "AAAA", + "dns.resolved_ip": [ + "2a04:4e42:0000:0000:0000:0000:0000:0729", + "2a04:4e42:0200:0000:0000:0000:0000:0729", + "2a04:4e42:0400:0000:0000:0000:0000:0729", + "2a04:4e42:0600:0000:0000:0000:0000:0729" + ], + "dns.response_code": "NOERROR", + "dns.type": "answer", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2019-08-23T02:03:36.626559+0000\",\"flow_id\":928596784370390,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":59203,\"proto\":\"UDP\",\"dns\":{\"version\":2,\"type\":\"answer\",\"id\":12859,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"www.elastic.co\",\"rrtype\":\"AAAA\",\"answers\":[{\"rrname\":\"www.elastic.co\",\"rrtype\":\"CNAME\",\"ttl\":269,\"rdata\":\"dualstack.r2.shared.global.fastly.net\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"AAAA\",\"ttl\":29,\"rdata\":\"2a04:4e42:0000:0000:0000:0000:0000:0729\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"AAAA\",\"ttl\":29,\"rdata\":\"2a04:4e42:0200:0000:0000:0000:0000:0729\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"AAAA\",\"ttl\":29,\"rdata\":\"2a04:4e42:0400:0000:0000:0000:0000:0729\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"AAAA\",\"ttl\":29,\"rdata\":\"2a04:4e42:0600:0000:0000:0000:0000:0729\"}]}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 10310, + "network.community_id": "1:fuLDtU46PU3PHindOSCj0JKYUaA=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "10.0.2.3", + "10.0.2.15" + ], + "service.type": "suricata", + "source.address": "10.0.2.3", + "source.ip": "10.0.2.3", + "source.port": 53, + "suricata.eve.dns.id": 12859, + "suricata.eve.dns.rcode": "NOERROR", + "suricata.eve.dns.rrname": "www.elastic.co", + "suricata.eve.dns.rrtype": "AAAA", + "suricata.eve.dns.type": "answer", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 928596784370390, + "suricata.eve.in_iface": "enp0s3", + "tags": [ + "suricata" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/suricata/eve/test/eve-small.log b/filebeat/module/suricata/eve/test/eve-small.log new file mode 100644 index 00000000000..2902334be8b --- /dev/null +++ b/filebeat/module/suricata/eve/test/eve-small.log @@ -0,0 +1,8 @@ +{"timestamp":"2018-07-05T15:01:09.820360-0400","flow_id":298824096901438,"in_iface":"en0","event_type":"ssh","src_ip":"192.168.86.85","src_port":55406,"dest_ip":"192.168.253.112","dest_port":22,"proto":"TCP","ssh":{"client":{"proto_version":"2.0","software_version":"OpenSSH_7.6"},"server":{"proto_version":"2.0","software_version":"libssh_0.7.0"}}} +{"timestamp":"2018-07-05T15:07:20.910626-0400","flow_id":904992230150281,"in_iface":"en0","event_type":"alert","src_ip":"192.168.86.85","src_port":55641,"dest_ip":"192.168.156.70","dest_port":443,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024833,"rev":3,"signature":"ET POLICY Observed IP Lookup Domain (l2 .io in TLS SNI)","category":"Potential Corporate Privacy Violation","severity":1},"tls":{"session_resumed":true,"sni":"l2.io","version":"TLS 1.2"},"app_proto":"tls","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":793,"bytes_toclient":343,"start":"2018-07-05T15:07:19.659593-0400"}} +{"timestamp":"2018-07-05T15:43:47.690014-0400","flow_id":2115002772430095,"in_iface":"en0","event_type":"http","src_ip":"192.168.86.85","src_port":56119,"dest_ip":"192.168.86.28","dest_port":63963,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.86.28","url":"\/dd.xml","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/67.0.3396.99 Safari\/537.36","http_content_type":"text\/xml","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1155}} +{"timestamp":"2018-07-05T15:44:33.222441-0400","flow_id":2211411903323127,"in_iface":"en0","event_type":"fileinfo","src_ip":"192.168.86.28","src_port":8008,"dest_ip":"192.168.86.85","dest_port":56118,"proto":"TCP","http":{"hostname":"192.168.86.28","url":"\/ssdp\/device-desc.xml","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/67.0.3396.99 Safari\/537.36","http_content_type":"application\/xml","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1071},"app_proto":"http","fileinfo":{"filename":"\/ssdp\/device-desc.xml","gaps":false,"state":"CLOSED","md5":"427b7337ff37eeb24d74f47d8e04cf21","sha1":"313573490192c685e9e53abef25453ed0d5e2aee","sha256":"f610428ebddf6f8cf9e39322e672583c45fcdcf885efad0ab48fd53a3dfc2c4b","stored":false,"size":1071,"tx_id":0}} +{"timestamp":"2018-07-05T15:51:20.213418-0400","flow_id":1684780223079543,"in_iface":"en0","event_type":"dns","src_ip":"192.168.86.1","src_port":53,"dest_ip":"192.168.86.85","dest_port":39464,"proto":"UDP","dns":{"type":"answer","id":12308,"rcode":"NOERROR","rrname":"clients.l.google.com","rrtype":"A","ttl":299,"rdata":"172.217.13.110"}} +{"timestamp":"2018-07-05T15:51:23.009510-0400","event_type":"stats","stats":{"uptime":5400,"capture":{"kernel_packets":430313,"kernel_drops":0,"kernel_ifdrops":0},"decoder":{"pkts":430313,"bytes":335138381,"invalid":2,"ipv4":425873,"ipv6":3785,"ethernet":430313,"raw":0,"null":0,"sll":0,"tcp":370093,"udp":58337,"sctp":0,"icmpv4":186,"icmpv6":1019,"ppp":0,"pppoe":0,"gre":0,"vlan":0,"vlan_qinq":0,"ieee8021ah":0,"teredo":1,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":778,"max_pkt_size":1514,"erspan":0,"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"dce":{"pkt_too_small":0}},"flow":{"memcap":0,"tcp":1113,"udp":1881,"icmpv4":0,"icmpv6":677,"spare":10000,"emerg_mode_entered":0,"emerg_mode_over":0,"tcp_reuse":0,"memuse":11537312},"defrag":{"ipv4":{"fragments":0,"reassembled":0,"timeouts":0},"ipv6":{"fragments":0,"reassembled":0,"timeouts":0},"max_frag_hits":0},"tcp":{"sessions":842,"ssn_memcap_drop":0,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"no_flow":0,"syn":1138,"synack":656,"rst":1165,"segment_memcap_drop":0,"stream_depth_reached":63,"reassembly_gap":0,"overlap":5979,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"insert_list_fail":0,"memuse":4587520,"reassembly_memuse":768000},"detect":{"alert":2},"app_layer":{"flow":{"http":22,"ftp":0,"smtp":0,"tls":560,"ssh":4,"imap":0,"msn":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"failed_tcp":2,"dcerpc_udp":0,"dns_udp":762,"failed_udp":1119},"tx":{"http":25,"ftp":0,"smtp":0,"tls":0,"ssh":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"dcerpc_udp":0,"dns_udp":762}},"flow_mgr":{"closed_pruned":729,"new_pruned":1879,"est_pruned":975,"bypassed_pruned":0,"flows_checked":8,"flows_notimeout":8,"flows_timeout":0,"flows_timeout_inuse":0,"flows_removed":0,"rows_checked":65536,"rows_skipped":65530,"rows_empty":0,"rows_busy":0,"rows_maxlen":2},"file_store":{"open_files":0},"dns":{"memuse":7749,"memcap_state":0,"memcap_global":0},"http":{"memuse":17861,"memcap":0}}} +{"timestamp":"2018-07-05T15:51:50.666597-0400","flow_id":89751777876473,"in_iface":"en0","event_type":"tls","src_ip":"192.168.86.85","src_port":56187,"dest_ip":"17.142.164.13","dest_port":443,"proto":"TCP","tls":{"subject":"CN=*.icloud.com\/OU=management:idms.group.506364\/O=Apple Inc.\/ST=California\/C=US","issuerdn":"CN=Apple IST CA 2 - G1\/OU=Certification Authority\/O=Apple Inc.\/C=US","serial":"5C:9C:E1:09:78:87:F8:07","fingerprint":"6a:ff:ac:a6:5f:8a:05:e7:a9:8c:76:29:b9:08:c7:69:ad:dc:72:47","sni":"p33-btmmdns.icloud.com.","version":"TLS 1.2","notbefore":"2017-02-27T17:54:31","notafter":"2019-03-29T17:54:31"}} +{"timestamp":"2018-07-05T15:51:54.001329-0400","flow_id":1828507008887644,"event_type":"flow","src_ip":"fe80:0000:0000:0000:fada:0cff:fedc:87f1","src_port":546,"dest_ip":"ff02:0000:0000:0000:0000:0000:0001:0002","dest_port":547,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":110,"bytes_toclient":0,"start":"2018-07-05T15:51:23.453468-0400","end":"2018-07-05T15:51:23.453468-0400","age":0,"state":"new","reason":"timeout","alerted":false}} diff --git a/filebeat/module/suricata/eve/test/eve-small.log-expected.json b/filebeat/module/suricata/eve/test/eve-small.log-expected.json new file mode 100644 index 00000000000..2f53173a641 --- /dev/null +++ b/filebeat/module/suricata/eve/test/eve-small.log-expected.json @@ -0,0 +1,511 @@ +[ + { + "@timestamp": "2018-07-05T19:01:09.820Z", + "destination.address": "192.168.253.112", + "destination.ip": "192.168.253.112", + "destination.port": 22, + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-07-05T15:01:09.820360-0400\",\"flow_id\":298824096901438,\"in_iface\":\"en0\",\"event_type\":\"ssh\",\"src_ip\":\"192.168.86.85\",\"src_port\":55406,\"dest_ip\":\"192.168.253.112\",\"dest_port\":22,\"proto\":\"TCP\",\"ssh\":{\"client\":{\"proto_version\":\"2.0\",\"software_version\":\"OpenSSH_7.6\"},\"server\":{\"proto_version\":\"2.0\",\"software_version\":\"libssh_0.7.0\"}}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:NLm1MbaBR6humQxEQI2Ai7h/XiI=", + "network.protocol": "ssh", + "network.transport": "tcp", + "related.ip": [ + "192.168.86.85", + "192.168.253.112" + ], + "service.type": "suricata", + "source.address": "192.168.86.85", + "source.ip": "192.168.86.85", + "source.port": 55406, + "suricata.eve.event_type": "ssh", + "suricata.eve.flow_id": 298824096901438, + "suricata.eve.in_iface": "en0", + "suricata.eve.ssh.client.proto_version": "2.0", + "suricata.eve.ssh.client.software_version": "OpenSSH_7.6", + "suricata.eve.ssh.server.proto_version": "2.0", + "suricata.eve.ssh.server.software_version": "libssh_0.7.0", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2018-07-05T19:07:20.910Z", + "destination.address": "192.168.156.70", + "destination.bytes": 343, + "destination.ip": "192.168.156.70", + "destination.packets": 3, + "destination.port": 443, + "event.category": [ + "network", + "intrusion_detection" + ], + "event.dataset": "suricata.eve", + "event.kind": "alert", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-07-05T15:07:20.910626-0400\",\"flow_id\":904992230150281,\"in_iface\":\"en0\",\"event_type\":\"alert\",\"src_ip\":\"192.168.86.85\",\"src_port\":55641,\"dest_ip\":\"192.168.156.70\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024833,\"rev\":3,\"signature\":\"ET POLICY Observed IP Lookup Domain (l2 .io in TLS SNI)\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1},\"tls\":{\"session_resumed\":true,\"sni\":\"l2.io\",\"version\":\"TLS 1.2\"},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":793,\"bytes_toclient\":343,\"start\":\"2018-07-05T15:07:19.659593-0400\"}}", + "event.severity": 1, + "event.start": "2018-07-05T19:07:19.659Z", + "event.type": [ + "allowed" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 350, + "message": "Potential Corporate Privacy Violation", + "network.bytes": 1136, + "network.community_id": "1:BWtsS+4pk477zAwfzve3Nm+x1Ms=", + "network.packets": 7, + "network.protocol": "tls", + "network.transport": "tcp", + "related.ip": [ + "192.168.86.85", + "192.168.156.70" + ], + "rule.category": "Potential Corporate Privacy Violation", + "rule.id": "2024833", + "rule.name": "ET POLICY Observed IP Lookup Domain (l2 .io in TLS SNI)", + "service.type": "suricata", + "source.address": "192.168.86.85", + "source.bytes": 793, + "source.ip": "192.168.86.85", + "source.packets": 4, + "source.port": 55641, + "suricata.eve.alert.category": "Potential Corporate Privacy Violation", + "suricata.eve.alert.gid": 1, + "suricata.eve.alert.rev": 3, + "suricata.eve.alert.signature": "ET POLICY Observed IP Lookup Domain (l2 .io in TLS SNI)", + "suricata.eve.alert.signature_id": 2024833, + "suricata.eve.event_type": "alert", + "suricata.eve.flow_id": 904992230150281, + "suricata.eve.in_iface": "en0", + "suricata.eve.tls.session_resumed": true, + "suricata.eve.tls.sni": "l2.io", + "suricata.eve.tls.version": "TLS 1.2", + "suricata.eve.tx_id": 0, + "tags": [ + "suricata" + ], + "tls.version": "1.2", + "tls.version_protocol": "tls" + }, + { + "@timestamp": "2018-07-05T19:43:47.690Z", + "destination.address": "192.168.86.28", + "destination.domain": "192.168.86.28", + "destination.ip": "192.168.86.28", + "destination.port": 63963, + "event.category": [ + "network", + "web" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-07-05T15:43:47.690014-0400\",\"flow_id\":2115002772430095,\"in_iface\":\"en0\",\"event_type\":\"http\",\"src_ip\":\"192.168.86.85\",\"src_port\":56119,\"dest_ip\":\"192.168.86.28\",\"dest_port\":63963,\"proto\":\"TCP\",\"tx_id\":0,\"http\":{\"hostname\":\"192.168.86.28\",\"url\":\"\\/dd.xml\",\"http_user_agent\":\"Mozilla\\/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/67.0.3396.99 Safari\\/537.36\",\"http_content_type\":\"text\\/xml\",\"http_method\":\"GET\",\"protocol\":\"HTTP\\/1.1\",\"status\":200,\"length\":1155}}", + "event.outcome": "success", + "event.type": [ + "access", + "protocol" + ], + "fileset.name": "eve", + "http.request.method": "get", + "http.response.body.bytes": 1155, + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 985, + "network.community_id": "1:gjMiDGtS5SVvdwzjjQdAKGBrDA4=", + "network.protocol": "http", + "network.transport": "tcp", + "related.ip": [ + "192.168.86.85", + "192.168.86.28" + ], + "service.type": "suricata", + "source.address": "192.168.86.85", + "source.ip": "192.168.86.85", + "source.port": 56119, + "suricata.eve.event_type": "http", + "suricata.eve.flow_id": 2115002772430095, + "suricata.eve.http.http_content_type": "text/xml", + "suricata.eve.http.protocol": "HTTP/1.1", + "suricata.eve.in_iface": "en0", + "suricata.eve.tx_id": 0, + "tags": [ + "suricata" + ], + "url.domain": "192.168.86.28", + "url.original": "/dd.xml", + "url.path": "/dd.xml", + "user_agent.device.name": "Other", + "user_agent.name": "Chrome", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36", + "user_agent.os.full": "Mac OS X 10.13.5", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.13.5", + "user_agent.version": "67.0.3396.99" + }, + { + "@timestamp": "2018-07-05T19:44:33.222Z", + "destination.address": "192.168.86.85", + "destination.domain": "192.168.86.28", + "destination.ip": "192.168.86.85", + "destination.port": 56118, + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-07-05T15:44:33.222441-0400\",\"flow_id\":2211411903323127,\"in_iface\":\"en0\",\"event_type\":\"fileinfo\",\"src_ip\":\"192.168.86.28\",\"src_port\":8008,\"dest_ip\":\"192.168.86.85\",\"dest_port\":56118,\"proto\":\"TCP\",\"http\":{\"hostname\":\"192.168.86.28\",\"url\":\"\\/ssdp\\/device-desc.xml\",\"http_user_agent\":\"Mozilla\\/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/67.0.3396.99 Safari\\/537.36\",\"http_content_type\":\"application\\/xml\",\"http_method\":\"GET\",\"protocol\":\"HTTP\\/1.1\",\"status\":200,\"length\":1071},\"app_proto\":\"http\",\"fileinfo\":{\"filename\":\"\\/ssdp\\/device-desc.xml\",\"gaps\":false,\"state\":\"CLOSED\",\"md5\":\"427b7337ff37eeb24d74f47d8e04cf21\",\"sha1\":\"313573490192c685e9e53abef25453ed0d5e2aee\",\"sha256\":\"f610428ebddf6f8cf9e39322e672583c45fcdcf885efad0ab48fd53a3dfc2c4b\",\"stored\":false,\"size\":1071,\"tx_id\":0}}", + "file.path": "/ssdp/device-desc.xml", + "file.size": 1071, + "fileset.name": "eve", + "http.request.method": "get", + "http.response.body.bytes": 1071, + "http.response.status_code": 200, + "input.type": "log", + "log.offset": 1507, + "network.community_id": "1:XhhAO/Twj86+bD+1fV8FnpLIEDs=", + "network.protocol": "http", + "network.transport": "tcp", + "related.ip": [ + "192.168.86.28", + "192.168.86.85" + ], + "service.type": "suricata", + "source.address": "192.168.86.28", + "source.ip": "192.168.86.28", + "source.port": 8008, + "suricata.eve.event_type": "fileinfo", + "suricata.eve.fileinfo.gaps": false, + "suricata.eve.fileinfo.md5": "427b7337ff37eeb24d74f47d8e04cf21", + "suricata.eve.fileinfo.sha1": "313573490192c685e9e53abef25453ed0d5e2aee", + "suricata.eve.fileinfo.sha256": "f610428ebddf6f8cf9e39322e672583c45fcdcf885efad0ab48fd53a3dfc2c4b", + "suricata.eve.fileinfo.state": "CLOSED", + "suricata.eve.fileinfo.stored": false, + "suricata.eve.fileinfo.tx_id": 0, + "suricata.eve.flow_id": 2211411903323127, + "suricata.eve.http.http_content_type": "application/xml", + "suricata.eve.http.protocol": "HTTP/1.1", + "suricata.eve.in_iface": "en0", + "tags": [ + "suricata" + ], + "url.domain": "192.168.86.28", + "url.original": "/ssdp/device-desc.xml", + "url.path": "/ssdp/device-desc.xml", + "user_agent.device.name": "Other", + "user_agent.name": "Chrome", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36", + "user_agent.os.full": "Mac OS X 10.13.5", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.13.5", + "user_agent.version": "67.0.3396.99" + }, + { + "@timestamp": "2018-07-05T19:51:20.213Z", + "destination.address": "192.168.86.85", + "destination.ip": "192.168.86.85", + "destination.port": 39464, + "dns.answers": [ + { + "data": "172.217.13.110", + "name": "clients.l.google.com", + "ttl": 299, + "type": "A" + } + ], + "dns.id": "12308", + "dns.response_code": "NOERROR", + "dns.type": "answer", + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-07-05T15:51:20.213418-0400\",\"flow_id\":1684780223079543,\"in_iface\":\"en0\",\"event_type\":\"dns\",\"src_ip\":\"192.168.86.1\",\"src_port\":53,\"dest_ip\":\"192.168.86.85\",\"dest_port\":39464,\"proto\":\"UDP\",\"dns\":{\"type\":\"answer\",\"id\":12308,\"rcode\":\"NOERROR\",\"rrname\":\"clients.l.google.com\",\"rrtype\":\"A\",\"ttl\":299,\"rdata\":\"172.217.13.110\"}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 2347, + "network.community_id": "1:pC3b0nBNCU4LxSue53drHp4b4cs=", + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "192.168.86.1", + "192.168.86.85" + ], + "service.type": "suricata", + "source.address": "192.168.86.1", + "source.ip": "192.168.86.1", + "source.port": 53, + "suricata.eve.dns.id": 12308, + "suricata.eve.dns.rcode": "NOERROR", + "suricata.eve.dns.rdata": "172.217.13.110", + "suricata.eve.dns.rrname": "clients.l.google.com", + "suricata.eve.dns.rrtype": "A", + "suricata.eve.dns.ttl": 299, + "suricata.eve.dns.type": "answer", + "suricata.eve.event_type": "dns", + "suricata.eve.flow_id": 1684780223079543, + "suricata.eve.in_iface": "en0", + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2018-07-05T19:51:23.009Z", + "event.dataset": "suricata.eve", + "event.kind": "metric", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-07-05T15:51:23.009510-0400\",\"event_type\":\"stats\",\"stats\":{\"uptime\":5400,\"capture\":{\"kernel_packets\":430313,\"kernel_drops\":0,\"kernel_ifdrops\":0},\"decoder\":{\"pkts\":430313,\"bytes\":335138381,\"invalid\":2,\"ipv4\":425873,\"ipv6\":3785,\"ethernet\":430313,\"raw\":0,\"null\":0,\"sll\":0,\"tcp\":370093,\"udp\":58337,\"sctp\":0,\"icmpv4\":186,\"icmpv6\":1019,\"ppp\":0,\"pppoe\":0,\"gre\":0,\"vlan\":0,\"vlan_qinq\":0,\"ieee8021ah\":0,\"teredo\":1,\"ipv4_in_ipv6\":0,\"ipv6_in_ipv6\":0,\"mpls\":0,\"avg_pkt_size\":778,\"max_pkt_size\":1514,\"erspan\":0,\"ipraw\":{\"invalid_ip_version\":0},\"ltnull\":{\"pkt_too_small\":0,\"unsupported_type\":0},\"dce\":{\"pkt_too_small\":0}},\"flow\":{\"memcap\":0,\"tcp\":1113,\"udp\":1881,\"icmpv4\":0,\"icmpv6\":677,\"spare\":10000,\"emerg_mode_entered\":0,\"emerg_mode_over\":0,\"tcp_reuse\":0,\"memuse\":11537312},\"defrag\":{\"ipv4\":{\"fragments\":0,\"reassembled\":0,\"timeouts\":0},\"ipv6\":{\"fragments\":0,\"reassembled\":0,\"timeouts\":0},\"max_frag_hits\":0},\"tcp\":{\"sessions\":842,\"ssn_memcap_drop\":0,\"pseudo\":0,\"pseudo_failed\":0,\"invalid_checksum\":0,\"no_flow\":0,\"syn\":1138,\"synack\":656,\"rst\":1165,\"segment_memcap_drop\":0,\"stream_depth_reached\":63,\"reassembly_gap\":0,\"overlap\":5979,\"overlap_diff_data\":0,\"insert_data_normal_fail\":0,\"insert_data_overlap_fail\":0,\"insert_list_fail\":0,\"memuse\":4587520,\"reassembly_memuse\":768000},\"detect\":{\"alert\":2},\"app_layer\":{\"flow\":{\"http\":22,\"ftp\":0,\"smtp\":0,\"tls\":560,\"ssh\":4,\"imap\":0,\"msn\":0,\"smb\":0,\"dcerpc_tcp\":0,\"dns_tcp\":0,\"failed_tcp\":2,\"dcerpc_udp\":0,\"dns_udp\":762,\"failed_udp\":1119},\"tx\":{\"http\":25,\"ftp\":0,\"smtp\":0,\"tls\":0,\"ssh\":0,\"smb\":0,\"dcerpc_tcp\":0,\"dns_tcp\":0,\"dcerpc_udp\":0,\"dns_udp\":762}},\"flow_mgr\":{\"closed_pruned\":729,\"new_pruned\":1879,\"est_pruned\":975,\"bypassed_pruned\":0,\"flows_checked\":8,\"flows_notimeout\":8,\"flows_timeout\":0,\"flows_timeout_inuse\":0,\"flows_removed\":0,\"rows_checked\":65536,\"rows_skipped\":65530,\"rows_empty\":0,\"rows_busy\":0,\"rows_maxlen\":2},\"file_store\":{\"open_files\":0},\"dns\":{\"memuse\":7749,\"memcap_state\":0,\"memcap_global\":0},\"http\":{\"memuse\":17861,\"memcap\":0}}}", + "fileset.name": "eve", + "input.type": "log", + "log.offset": 2687, + "service.type": "suricata", + "suricata.eve.event_type": "stats", + "suricata.eve.stats.app_layer.flow.dcerpc_tcp": 0, + "suricata.eve.stats.app_layer.flow.dcerpc_udp": 0, + "suricata.eve.stats.app_layer.flow.dns_tcp": 0, + "suricata.eve.stats.app_layer.flow.dns_udp": 762, + "suricata.eve.stats.app_layer.flow.failed_tcp": 2, + "suricata.eve.stats.app_layer.flow.failed_udp": 1119, + "suricata.eve.stats.app_layer.flow.ftp": 0, + "suricata.eve.stats.app_layer.flow.http": 22, + "suricata.eve.stats.app_layer.flow.imap": 0, + "suricata.eve.stats.app_layer.flow.msn": 0, + "suricata.eve.stats.app_layer.flow.smb": 0, + "suricata.eve.stats.app_layer.flow.smtp": 0, + "suricata.eve.stats.app_layer.flow.ssh": 4, + "suricata.eve.stats.app_layer.flow.tls": 560, + "suricata.eve.stats.app_layer.tx.dcerpc_tcp": 0, + "suricata.eve.stats.app_layer.tx.dcerpc_udp": 0, + "suricata.eve.stats.app_layer.tx.dns_tcp": 0, + "suricata.eve.stats.app_layer.tx.dns_udp": 762, + "suricata.eve.stats.app_layer.tx.ftp": 0, + "suricata.eve.stats.app_layer.tx.http": 25, + "suricata.eve.stats.app_layer.tx.smb": 0, + "suricata.eve.stats.app_layer.tx.smtp": 0, + "suricata.eve.stats.app_layer.tx.ssh": 0, + "suricata.eve.stats.app_layer.tx.tls": 0, + "suricata.eve.stats.capture.kernel_drops": 0, + "suricata.eve.stats.capture.kernel_ifdrops": 0, + "suricata.eve.stats.capture.kernel_packets": 430313, + "suricata.eve.stats.decoder.avg_pkt_size": 778, + "suricata.eve.stats.decoder.bytes": 335138381, + "suricata.eve.stats.decoder.dce.pkt_too_small": 0, + "suricata.eve.stats.decoder.erspan": 0, + "suricata.eve.stats.decoder.ethernet": 430313, + "suricata.eve.stats.decoder.gre": 0, + "suricata.eve.stats.decoder.icmpv4": 186, + "suricata.eve.stats.decoder.icmpv6": 1019, + "suricata.eve.stats.decoder.ieee8021ah": 0, + "suricata.eve.stats.decoder.invalid": 2, + "suricata.eve.stats.decoder.ipraw.invalid_ip_version": 0, + "suricata.eve.stats.decoder.ipv4": 425873, + "suricata.eve.stats.decoder.ipv4_in_ipv6": 0, + "suricata.eve.stats.decoder.ipv6": 3785, + "suricata.eve.stats.decoder.ipv6_in_ipv6": 0, + "suricata.eve.stats.decoder.ltnull.pkt_too_small": 0, + "suricata.eve.stats.decoder.ltnull.unsupported_type": 0, + "suricata.eve.stats.decoder.max_pkt_size": 1514, + "suricata.eve.stats.decoder.mpls": 0, + "suricata.eve.stats.decoder.null": 0, + "suricata.eve.stats.decoder.pkts": 430313, + "suricata.eve.stats.decoder.ppp": 0, + "suricata.eve.stats.decoder.pppoe": 0, + "suricata.eve.stats.decoder.raw": 0, + "suricata.eve.stats.decoder.sctp": 0, + "suricata.eve.stats.decoder.sll": 0, + "suricata.eve.stats.decoder.tcp": 370093, + "suricata.eve.stats.decoder.teredo": 1, + "suricata.eve.stats.decoder.udp": 58337, + "suricata.eve.stats.decoder.vlan": 0, + "suricata.eve.stats.decoder.vlan_qinq": 0, + "suricata.eve.stats.defrag.ipv4.fragments": 0, + "suricata.eve.stats.defrag.ipv4.reassembled": 0, + "suricata.eve.stats.defrag.ipv4.timeouts": 0, + "suricata.eve.stats.defrag.ipv6.fragments": 0, + "suricata.eve.stats.defrag.ipv6.reassembled": 0, + "suricata.eve.stats.defrag.ipv6.timeouts": 0, + "suricata.eve.stats.defrag.max_frag_hits": 0, + "suricata.eve.stats.detect.alert": 2, + "suricata.eve.stats.dns.memcap_global": 0, + "suricata.eve.stats.dns.memcap_state": 0, + "suricata.eve.stats.dns.memuse": 7749, + "suricata.eve.stats.file_store.open_files": 0, + "suricata.eve.stats.flow.emerg_mode_entered": 0, + "suricata.eve.stats.flow.emerg_mode_over": 0, + "suricata.eve.stats.flow.icmpv4": 0, + "suricata.eve.stats.flow.icmpv6": 677, + "suricata.eve.stats.flow.memcap": 0, + "suricata.eve.stats.flow.memuse": 11537312, + "suricata.eve.stats.flow.spare": 10000, + "suricata.eve.stats.flow.tcp": 1113, + "suricata.eve.stats.flow.tcp_reuse": 0, + "suricata.eve.stats.flow.udp": 1881, + "suricata.eve.stats.flow_mgr.bypassed_pruned": 0, + "suricata.eve.stats.flow_mgr.closed_pruned": 729, + "suricata.eve.stats.flow_mgr.est_pruned": 975, + "suricata.eve.stats.flow_mgr.flows_checked": 8, + "suricata.eve.stats.flow_mgr.flows_notimeout": 8, + "suricata.eve.stats.flow_mgr.flows_removed": 0, + "suricata.eve.stats.flow_mgr.flows_timeout": 0, + "suricata.eve.stats.flow_mgr.flows_timeout_inuse": 0, + "suricata.eve.stats.flow_mgr.new_pruned": 1879, + "suricata.eve.stats.flow_mgr.rows_busy": 0, + "suricata.eve.stats.flow_mgr.rows_checked": 65536, + "suricata.eve.stats.flow_mgr.rows_empty": 0, + "suricata.eve.stats.flow_mgr.rows_maxlen": 2, + "suricata.eve.stats.flow_mgr.rows_skipped": 65530, + "suricata.eve.stats.http.memcap": 0, + "suricata.eve.stats.http.memuse": 17861, + "suricata.eve.stats.tcp.insert_data_normal_fail": 0, + "suricata.eve.stats.tcp.insert_data_overlap_fail": 0, + "suricata.eve.stats.tcp.insert_list_fail": 0, + "suricata.eve.stats.tcp.invalid_checksum": 0, + "suricata.eve.stats.tcp.memuse": 4587520, + "suricata.eve.stats.tcp.no_flow": 0, + "suricata.eve.stats.tcp.overlap": 5979, + "suricata.eve.stats.tcp.overlap_diff_data": 0, + "suricata.eve.stats.tcp.pseudo": 0, + "suricata.eve.stats.tcp.pseudo_failed": 0, + "suricata.eve.stats.tcp.reassembly_gap": 0, + "suricata.eve.stats.tcp.reassembly_memuse": 768000, + "suricata.eve.stats.tcp.rst": 1165, + "suricata.eve.stats.tcp.segment_memcap_drop": 0, + "suricata.eve.stats.tcp.sessions": 842, + "suricata.eve.stats.tcp.ssn_memcap_drop": 0, + "suricata.eve.stats.tcp.stream_depth_reached": 63, + "suricata.eve.stats.tcp.syn": 1138, + "suricata.eve.stats.tcp.synack": 656, + "suricata.eve.stats.uptime": 5400, + "tags": [ + "suricata" + ] + }, + { + "@timestamp": "2018-07-05T19:51:50.666Z", + "destination.address": "17.142.164.13", + "destination.as.number": 714, + "destination.as.organization.name": "Apple Inc.", + "destination.domain": "p33-btmmdns.icloud.com", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "17.142.164.13", + "destination.port": 443, + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-07-05T15:51:50.666597-0400\",\"flow_id\":89751777876473,\"in_iface\":\"en0\",\"event_type\":\"tls\",\"src_ip\":\"192.168.86.85\",\"src_port\":56187,\"dest_ip\":\"17.142.164.13\",\"dest_port\":443,\"proto\":\"TCP\",\"tls\":{\"subject\":\"CN=*.icloud.com\\/OU=management:idms.group.506364\\/O=Apple Inc.\\/ST=California\\/C=US\",\"issuerdn\":\"CN=Apple IST CA 2 - G1\\/OU=Certification Authority\\/O=Apple Inc.\\/C=US\",\"serial\":\"5C:9C:E1:09:78:87:F8:07\",\"fingerprint\":\"6a:ff:ac:a6:5f:8a:05:e7:a9:8c:76:29:b9:08:c7:69:ad:dc:72:47\",\"sni\":\"p33-btmmdns.icloud.com.\",\"version\":\"TLS 1.2\",\"notbefore\":\"2017-02-27T17:54:31\",\"notafter\":\"2019-03-29T17:54:31\"}}", + "event.type": [ + "protocol" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 4683, + "network.community_id": "1:u67AuA4ybOaspT7mp9OZ3jWvnKw=", + "network.protocol": "tls", + "network.transport": "tcp", + "related.hash": [ + "6AFFACA65F8A05E7A98C7629B908C769ADDC7247" + ], + "related.ip": [ + "192.168.86.85", + "17.142.164.13" + ], + "service.type": "suricata", + "source.address": "192.168.86.85", + "source.ip": "192.168.86.85", + "source.port": 56187, + "suricata.eve.event_type": "tls", + "suricata.eve.flow_id": 89751777876473, + "suricata.eve.in_iface": "en0", + "suricata.eve.tls.fingerprint": "6a:ff:ac:a6:5f:8a:05:e7:a9:8c:76:29:b9:08:c7:69:ad:dc:72:47", + "suricata.eve.tls.issuerdn": "CN=Apple IST CA 2 - G1/OU=Certification Authority/O=Apple Inc./C=US", + "suricata.eve.tls.notafter": "2019-03-29T17:54:31", + "suricata.eve.tls.notbefore": "2017-02-27T17:54:31", + "suricata.eve.tls.serial": "5C:9C:E1:09:78:87:F8:07", + "suricata.eve.tls.sni": "p33-btmmdns.icloud.com", + "suricata.eve.tls.subject": "CN=*.icloud.com/OU=management:idms.group.506364/O=Apple Inc./ST=California/C=US", + "suricata.eve.tls.version": "TLS 1.2", + "tags": [ + "suricata" + ], + "tls.client.server_name": "p33-btmmdns.icloud.com", + "tls.server.hash.sha1": "6AFFACA65F8A05E7A98C7629B908C769ADDC7247", + "tls.server.issuer": "CN=Apple IST CA 2 - G1/OU=Certification Authority/O=Apple Inc./C=US", + "tls.server.not_after": "2019-03-29T17:54:31", + "tls.server.not_before": "2017-02-27T17:54:31", + "tls.server.subject": "CN=*.icloud.com/OU=management:idms.group.506364/O=Apple Inc./ST=California/C=US", + "tls.version": "1.2", + "tls.version_protocol": "tls" + }, + { + "@timestamp": "2018-07-05T19:51:54.001Z", + "destination.address": "ff02:0000:0000:0000:0000:0000:0001:0002", + "destination.bytes": 0, + "destination.ip": "ff02:0000:0000:0000:0000:0000:0001:0002", + "destination.packets": 0, + "destination.port": 547, + "event.category": [ + "network" + ], + "event.dataset": "suricata.eve", + "event.duration": 0, + "event.end": "2018-07-05T19:51:23.453Z", + "event.kind": "event", + "event.module": "suricata", + "event.original": "{\"timestamp\":\"2018-07-05T15:51:54.001329-0400\",\"flow_id\":1828507008887644,\"event_type\":\"flow\",\"src_ip\":\"fe80:0000:0000:0000:fada:0cff:fedc:87f1\",\"src_port\":546,\"dest_ip\":\"ff02:0000:0000:0000:0000:0000:0001:0002\",\"dest_port\":547,\"proto\":\"UDP\",\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":110,\"bytes_toclient\":0,\"start\":\"2018-07-05T15:51:23.453468-0400\",\"end\":\"2018-07-05T15:51:23.453468-0400\",\"age\":0,\"state\":\"new\",\"reason\":\"timeout\",\"alerted\":false}}", + "event.start": "2018-07-05T19:51:23.453Z", + "event.type": [ + "connection", + "start" + ], + "fileset.name": "eve", + "input.type": "log", + "log.offset": 5308, + "network.bytes": 110, + "network.community_id": "1:fNUIKjMfx/xaM1gOO3eaVAeWLZA=", + "network.packets": 1, + "network.transport": "udp", + "related.ip": [ + "fe80:0000:0000:0000:fada:0cff:fedc:87f1", + "ff02:0000:0000:0000:0000:0000:0001:0002" + ], + "service.type": "suricata", + "source.address": "fe80:0000:0000:0000:fada:0cff:fedc:87f1", + "source.bytes": 110, + "source.ip": "fe80:0000:0000:0000:fada:0cff:fedc:87f1", + "source.packets": 1, + "source.port": 546, + "suricata.eve.event_type": "flow", + "suricata.eve.flow.age": 0, + "suricata.eve.flow.alerted": false, + "suricata.eve.flow.reason": "timeout", + "suricata.eve.flow.state": "new", + "suricata.eve.flow_id": 1828507008887644, + "tags": [ + "suricata" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/suricata/fields.go b/filebeat/module/suricata/fields.go new file mode 100644 index 00000000000..d4f95151f6f --- /dev/null +++ b/filebeat/module/suricata/fields.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package suricata + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "suricata", asset.ModuleFieldsPri, AssetSuricata); err != nil { + panic(err) + } +} + +// AssetSuricata returns asset data. +// This is the base64 encoded gzipped contents of module/suricata. +func AssetSuricata() string { + return "eJzsXEuP27oV3udXaDerGE3QBMUsim7SRYG2iwDdEsfkkcyar5CUPe6vLyR7PLJFyuIDc3Fzk1UwCT+e94tH87HZ4+m5cb3lFDx8aBrPvcDn5vvbTxg6arnxXKvn5q8fmqZp/qlZL7BptW12oJjgqmv8Dptv//nW/OP7v//VCN25xljNeoqs2Z6ueJsPTdNyFMw9j0gfGwUSbygY/viTweems7o3l58EqBj+/H3Ealqr5UjB6z0jKUJ3TcsFbi7/fXrx9HI84PVnobsX7p/QgC9GW39mdyaMyYF7Ku4oUZ4MFNz88ytRezwdtWXXfwtigDHEWO010ZZ3+TiemuDhe8nEeLpBIq2AGymsJucNxrhdBGCrtUBQjwCudBBPy0gBui8jxZ1UIYAHf28kiUxMxFGoGet8GTctzxLH23GBXLW6kr26HXwqE8hA0PC3CAoIDnORG/C789HN8NeH6nshnEUuEFp172BBzmuLMRpWqr4DE7O+ta6wg89fvpZxItmXQlHw/2Vr++Zs0MA5lSaeFuLafj3P0HkypKfg+RCBZ/KGc1zBkPU2N8eDtzhLcy5xurcUV+CPWS0RXKE/arvfeAvKrbiCgiFUhVl4LOdBAjycNh/yPzkX1qG6P56dj+eGlBrwbQ2MhQi5FoO91YyZEKVh1HtRcNpSzQplkEH9NU0JfZxzn1AjogR+z3521vXg+6xC5CbKJbvfNMY98sExDgdUtlbgO+9rFdWL4lpKOQMNG4vOaOVwc4a55Slmq8i4RRor9Vaa63A96R1aAh3OAu0aBt4Ob4YOhysQjy4dMwfVMU9NId1iizZf7D96dH4zgtgJTuTG3sZIXhSQFasls9POZ1aqwzVMS+APKzSBqvOx5m29rW41O222J49ulaYk+p2OBcfVqrpDWbqQauUj/Xta580lOg8yNZI9/e168ulBHFOEt0BLpgwCI4Veeiij4LHT9lRYgeMBLfcxlCWFj2OXzQwgGgcPBRm/K2vaeKfA97awZgA6pLtsSeneUy0fJowrsTkV1hVkNvXJNjPB4wknBBcDvMsr5IDWhcS5UikTXnXrj2CxFPHNJewhmqx+Io6nNVGtJomCWfCzPOHt0SoUxADdY2DmtiYQzMCY1YEBShYUb/PBrhWLGXJQQYRj6OM1Zp7YQ7kqjahA3V5GkkRJYX4sTW0SZe/msk5hrOUCyTjGq8qeNqjIgF1mTAxbC/dPGIWChxcygJIdL/ZAbg5/jkKEyYsTeFv+6T5I3Tr6Juq10ElUVbAsgnMotyIw8V2LNpHcfGD7S3KP3VXoY1V38HToaHOjyCTsswrBrDwiokTbEakZElQeQ48T2YA6VEqloc2fVFMROJVLrpMAEo9c60CcgUDSePcEFhJpUX3rsGeatMDD3pokIqfI2azHKq1Ua8qh9YSBh9EWBZiRzFIi0Q2Fd2kuPMutlJaTCr2s58tJaStBVBFT4MH+3Yx9ytwBBGeE7pDuXS+LlT8muYpWerHMOjoU3PkaygvtJyQKylsESRgavyMWge6Ko8O1KjiRKqYxweuKFfAaYBhvWxJ8ZEvDU5oEa5e0boBqVnmcAYeOmL0nwef7NBZvB9N5GOUFgoU8IU8iuSml4SBAkR9c/SjEeVK9EE+FIMIPKFGQ/GajV64355W/8MR/LaUT0e898VoTJyFIclauKJRfV1zlLbbJFfrFlWa9r9HvfyVckQrUcLPkqPlG+VofcLMwUU2OB/q3bw/Z7LGqqSCuug43xL3SOoMGBo2JdSa81EppYwddWtRLI0odzy0E8N9b34zWmWIzQb9Dq7C0qh0ic62Ahoh/+dPnTzB/5k+q8QKNaPmcnXRCb6HUhi5Y4b3Z95/cC30ksqtbDlt9dGTbu/kjehp/A3GOXMaxVbCUroM2cuj23JjiBo4K7ZARY3tVjKXwWAfoLC2LUh+KsbYnM7SUlVgcV5DrsXgxB8JVeet8RhxnKuVt/QAl4UVgaZC3lYlCaQLbMSkxB4whAk6Ve/DFwUDBY1Cw7Eh+BwrWY6kowffjDGLGqTQJV9OpYEy5ikjhyUUqkpM15VSHJunye6ilNaYcFC6Dk71khVG0htbS/hmslgFss1Gujv/yK5r8wQNAHW/7+dwkbs1x/1hek1Pab7GN7w+xabMUweDO9WhZbB917bKj4mUAsYFZGhXn51Ri0fWy9NvIlqsOrbE8ura6fhGUB/rfJAylPbQ+WvutUbTrt//N/IBkWoKed1Ajm56rUAIlZ64DjM8+xOvF7eKllerp90erPm5wHgLrjI8vumy535yOXGH2vhpP99uukSuhK9karfAx86siF5eml5i+fMe5SocWwZWGmouSSuldqR9UsWC2xvPHFdy8cDjz/KDjPv4CePYNWDgzBj4HXZtVJ7Hp/vdLJMSmQAmUG5ssNZ7MBJZoZhK4IK3V812TJJgdiixC5sLFF4N0bkxJ4X/+y0gey/j/AQAA//93dIZ1" +} diff --git a/filebeat/module/suricata/module.yml b/filebeat/module/suricata/module.yml new file mode 100644 index 00000000000..9e114208933 --- /dev/null +++ b/filebeat/module/suricata/module.yml @@ -0,0 +1,5 @@ +dashboards: +- id: 78289c40-86da-11e8-b59d-21efb914e65c + file: Filebeat-Suricata-Overview.json +- id: 05268ee0-86d1-11e8-b59d-21efb914e65c + file: Filebeat-Suricata-Alert-Overview.json diff --git a/filebeat/module/zeek/README-developer.md b/filebeat/module/zeek/README-developer.md new file mode 100644 index 00000000000..72f516fb2b3 --- /dev/null +++ b/filebeat/module/zeek/README-developer.md @@ -0,0 +1,66 @@ +# Zeek (Bro) module + +## Install and Configure Zeek/Bro + +### Install Zeek/Bro (for MacOS with Brew) + +``` +brew install bro +``` + +* Configure it to process network traffic and generate logs. +* Edit `/usr/local/etc/node.cfg` to use the proper network interfaces. +* Edit `/usr/local/etc/networks.cfg` to specify local networks accordingly. +* Set `redef LogAscii::use_json=T;` in `/usr/local/share/bro/site/local.bro` to use JSON output. + +### Install Zeek/Bro (for Ubuntu Linux) + +``` +apt install bro +apt install broctl +``` + +* Configure it to process network traffic and generate logs. +* Edit `/etc/bro/node.cfg` to use the proper network interfaces. +* Edit `/etc/bro/networks.cfg` to specify local networks accordingly. +* Set `redef LogAscii::use_json=T;` in `/usr/share/bro/site/local.bro` to use JSON output. + +## Start Zeek/Bro + +``` +sudo broctl deploy +``` + +## How to try the module from source + +Clone and build Filebeat + +``` +git clone git@github.com:elastic/beats.git +cd beats/x-pack/filebeat +make mage +mage clean update +mage build +``` + +## Configure Filebeat module and run + +Update filebeat.yml to point to Elasticsearch and Kibana. Setup Filebeat. + +``` +./filebeat setup --modules zeek -e -E 'setup.dashboards.directory=build/kibana' +``` + +Enable the Filebeat zeek module + +``` +./filebeat modules enable zeek +``` + +Start Filebeat + +``` +./filebeat -e +``` + +Now, you should see the Zeek logs and dashboards in Kibana. diff --git a/filebeat/module/zeek/README.md b/filebeat/module/zeek/README.md new file mode 100644 index 00000000000..4f97e7e9de0 --- /dev/null +++ b/filebeat/module/zeek/README.md @@ -0,0 +1,58 @@ +# Zeek (Bro) module + +## Install and Configure Zeek/Bro + +### Install Zeek/Bro (for MacOS with Brew) + +``` +brew install bro +``` + +* Configure it to process network traffic and generate logs. +* Edit `/usr/local/etc/node.cfg` to use the proper network interfaces. +* Edit `/usr/local/etc/networks.cfg` to specify local networks accordingly. +* Set `redef LogAscii::use_json=T;` in `/usr/local/share/bro/site/local.bro` to use JSON output. + +### Install Zeek/Bro (for Ubuntu Linux) + +``` +apt install bro +apt install broctl +``` + +* Configure it to process network traffic and generate logs. +* Edit `/etc/bro/node.cfg` to use the proper network interfaces. +* Edit `/etc/bro/networks.cfg` to specify local networks accordingly. +* Set `redef LogAscii::use_json=T;` in `/usr/share/bro/site/local.bro` to use JSON output. + +## Start Zeek/Bro + +``` +sudo broctl deploy +``` + +## Download and install Filebeat + +Grab the filebeat binary from elastic.co, and install it by following the instructions. + +## Configure Filebeat module and run + +Update filebeat.yml to point to Elasticsearch and Kibana. Setup Filebeat. + +``` +./filebeat setup --modules zeek -e -E 'setup.dashboards.enabled=true' +``` + +Enable the Filebeat zeek module + +``` +./filebeat modules enable zeek +``` + +Start Filebeat + +``` +./filebeat -e +``` + +Now, you should see the Zeek logs and dashboards in Kibana. diff --git a/filebeat/module/zeek/_meta/config.yml b/filebeat/module/zeek/_meta/config.yml new file mode 100644 index 00000000000..c779378ebc6 --- /dev/null +++ b/filebeat/module/zeek/_meta/config.yml @@ -0,0 +1,81 @@ +- module: zeek + capture_loss: + enabled: true + connection: + enabled: true + dce_rpc: + enabled: true + dhcp: + enabled: true + dnp3: + enabled: true + dns: + enabled: true + dpd: + enabled: true + files: + enabled: true + ftp: + enabled: true + http: + enabled: true + intel: + enabled: true + irc: + enabled: true + kerberos: + enabled: true + modbus: + enabled: true + mysql: + enabled: true + notice: + enabled: true + ntlm: + enabled: true + ocsp: + enabled: true + pe: + enabled: true + radius: + enabled: true + rdp: + enabled: true + rfb: + enabled: true + signatures: + enabled: true + sip: + enabled: true + smb_cmd: + enabled: true + smb_files: + enabled: true + smb_mapping: + enabled: true + smtp: + enabled: true + snmp: + enabled: true + socks: + enabled: true + ssh: + enabled: true + ssl: + enabled: true + stats: + enabled: true + syslog: + enabled: true + traceroute: + enabled: true + tunnel: + enabled: true + weird: + enabled: true + x509: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: diff --git a/filebeat/module/zeek/_meta/docs.asciidoc b/filebeat/module/zeek/_meta/docs.asciidoc new file mode 100644 index 00000000000..e9b4bc6627d --- /dev/null +++ b/filebeat/module/zeek/_meta/docs.asciidoc @@ -0,0 +1,33 @@ +[role="xpack"] + +:modulename: zeek +:has-dashboards: true + +== Zeek (Bro) Module + +This is a module for Zeek, which used to be called Bro. It parses logs that are in the +https://www.zeek.org/manual/release/logs/index.html[Zeek JSON format]. + +include::../include/gs-link.asciidoc[] + +[float] +=== Compatibility + +This module has been developed against Zeek 2.6.1, but is expected to work +with other versions of Zeek. + +Zeek requires a Unix-like platform, and it currently supports Linux, FreeBSD, and Mac OS X. +Find out how to use Zeek here: https://www.zeek.org/ + +[float] +=== Example dashboard + +This module comes with a sample dashboard. For example: + +[role="screenshot"] +image::./images/kibana-zeek.png[] + +:has-dashboards!: + +:modulename!: + diff --git a/filebeat/module/zeek/_meta/fields.yml b/filebeat/module/zeek/_meta/fields.yml new file mode 100644 index 00000000000..66234178354 --- /dev/null +++ b/filebeat/module/zeek/_meta/fields.yml @@ -0,0 +1,14 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session diff --git a/filebeat/module/zeek/_meta/images/kibana-zeek.png b/filebeat/module/zeek/_meta/images/kibana-zeek.png new file mode 100644 index 0000000000000000000000000000000000000000..7c8458f19afb011247ae2128998e8fb179b91f65 GIT binary patch literal 451430 zcmY(qcU)7?(>9D>3yKONN=F3}kSq`3+nH=KkxY?$=TiPIXk;MGkaY#VH#=*cS&eTh=_>pf)r&niHL5&iHL5T z-@JNJqR|p^aPf7``laeiBBF}u+b5>iFYd3nYAQ$*mG#mu6A@h{(ooTsJ3l{v@}czN zvwvi2XlUpu8#^g2$L{VfgQ*`4EyL-_(cbPZk&g56@p0eqRL|ge_s}?IXrdQ4d3JWT zv$In@8P_*F**`orJUl!xF>!u&f*Bg`!A*{hjrHOt4i5GY4-YptH_y+{78jTFzWN>? z9kpn@SXo|f)N1S*#AAjhTgqSj`t_^jh2rYk+WPwX$;nY4Zj#75Z*F$>?DS-Nd#873 za`*S|&VjM>)02gTh11j1{{H@s{?W1Ng~gS%(W$u?8ZEseQ-gzp*wN{h7hdSz;jY1P zsq*Hnt?fblO!v^lmoJr4Eup2QWpfM5ElDpH*EZUEa8*^+({qd6m)#zBW5+|jNfi_n zPt5$PLDhci8eAi6cuKWo3h@8<(OF;L`2AaJ%a4KPrWUD|n(Q1ns`(|6x_x(d&-&)} z)YR15&`~tH9XT0WKb@MAnidlii<_7o9-moX-ogxy_u-}<7<;w#);FU2UfQ(0NNVZr z?cLnj3k?ko2nzSFEKHT`vpFi#F z>@+nsF~busuC9>ATTV_+wcopmWXzKKElY<(&(4ppwNxr7D1>)ueD3j`THcC&(JUe& zLgbcRU%*aelPX>BkU!#6T>GuM3Ed=~?^MtlRnw)`RkMS|7>!wOPJr8sEvHO zcX(3AWj{*jX!)64r(CzTzq0ug+rTf*D_ys{@^dmZ8?J2BAj4(0W7TJi$o1~1^ue5ni+tf&cyW*rn0;76Yz=c@r@>Bk;K%A_8)7@=*1sRrk}^F z%B$vIwCD~;20JAca@&3g#eP-|jIaCEzBJv~W%>F`9eeFlem>*+ULWUL1K`v8O7@08 z5zZQy?l|*0Htf*IV2zhF@huBG z$o}Qm?o}F%P z9wYMnREUV45P@W0YJ1_=n*7xbmYdH5Ygy7avPLuk`OCiGn&-RaL^RbGr3&8|k7n84HO4Pp_md~KF$_?q*9_s+&)Vnu62Fz1{@IR}3 zPB(FEY><@?1T-yXhoyyv%%g>#R4+caIj!%tOU`DHG%dkyT!jb^SxeFlmL_MaH{JS z#J2oL^tCQl;lKDa$7nZfDHuzEhiBXXTG7$- z`Ebhe+jP6tDCeyX4AA^EUT4qRkIFr*?T(L3v>rZB(V($(FrgdQnt7{82fxG0QN5Gj z3|^l~hKbk9v4-a{RitecSJpLn&A9?ibS3bOz3ywx)2x8^1^WidJ#}{swO?=S zSmHxQvFGqCu#8#_XmHXlncRKYdA;iQho~V8csFkt0~?F1Jk%U`1{J3wBI=FgC|Ep% zl-doK2E^SZ$n#iwb_4w@+N$==R_25Rz6~OH>hyWHe$qKVh-PRk<%#+I5XAVrub)f( z`;j8xoTAjdC<5&-0{mbFYJlA&`?n>|p1c`BGiNU}-9tv3S4^vU% zdr#VNlbP221}kSDX0S;Mp%dLAr$=>?WEB3>nOum7YgU5|w&l+gj22rnl`{9KCkYKt zz{uKk%?jiSZCKEcu_gXaY@TYB$eRRxy%sv#TTlIYV~oZ_Zf+Y95eYw^%Nxxc6X%^0 zw96O%P9M^5xrQlLcWOYqV)q+d>FAttggCb~(Z)&I%J}AuNQk}I;cdbN zqSw|PMUnTx$~Qh{FRj~P!=A|=iE|x>{{AVsQM|k(lKP(Bp<#pR*oXW?5$L4}CENg~ z^c1O$h|uffRt1x~0bC1TQO6G!jYaYtdyQy)Htd+qARHS#jqy=eBWvG2GfqjvsWs_S z>0}A;9(Jk2P*sDa#D*|%c}+Y)Bdue!#2O6UqVBKD53WDTIqV7(q*d##`E3m%<^+b#c0Nr?-FU1Ih$+>UY0Qx zyinC1xD#Ea&M^r&d%b|_qI-Nm_e$|6r_T3i%jhfsSKDwaW%GN#ME&mziSY6u!z+8) zxM$_~nn>YD3e%&hpN6Cj5_u^2*0@ETE17~9fNQeZeZh4({q=Dfqhz6@#HH4mlEH=} z@_}m`#PsJCM>0D7Nzu$NgJYZ? zNB6qMq2Nae{OlwX;2V&(Blu?cDfOZ6tz`_U)H!2>YW$-fNT?1kBkz%Oi(n`4cK{r)}VfSgSCI(lLgs zpN4xK6)m3Tpi2E*R~IcJkV;iE5wO6%z&UOp%L~ua;3sr@1PQ2heOb%hp`KbuYPH(t zpO)OQA$ekWVEJslAw??t_1HpHd#m9`1P2ARcnM8FIc=W_%;T-(aBqwNcoCQ4UaqF= z7!!s&U&bXgg_i1AmYQ(SSBt* zBlQFC5%rZr} zv1@VCdMS#=f}tY*iLdjXk?C|Cuu6e*&`$-K>nsggzthX5WxHv-N|Orxx-y$niwc)X>Dbn3J(Lmo1F={)`OZSXT&39qi2bS*AdR$JSf+s+3tlx~-M)<0IwMnTI<^ zyJ^+@00#wK%QbxmmjeBwO5OVQpQcrHt*H;4{0qu<*1xm{f^EOGvX?(ZxaWTm^cfkC z>0Ix^b;|HH**?=lxGCfP)-zcAN*ZRFlRle|4;N66<8|hj;Zr~W7qo)yJzeOUjaj}PG<4^9jK?$$zUe{48?m68_^RodQMKZ>l5ptCkD(G$!6AlK*%Os=aw1MN|=n=&bZa=MoQsJda|khI>A zQP%VpG-$G*%=b{*Fz0FImoJ6v-K)pAmZ&5p?c@hZpa!oo;cuiOSchaN}k957{@3i%d#Uj7izq*sr&kSQJjiVPepcQe3jl=Q*%AGmQqkIJtrar~* zS?lzENvO3i({JA`$98VO1aMEPd6pmL@p)%*2f4f#!;9_Wnt%lQlX?#;_X17;;fsFB z%4{Q7YFQog?}!@dlBCr&jnzre4bQ?|-WkXC4;TY36BZCfbyj)Mj|yAeG=c6022ZWo z53m(@PK8Y(oJ|)VmdyAP%5o>;rc0s!8jDPL-Qj5p_jbALtE1X=ma$JB)w;h|dkS=e z;UZ9=j~384lZQ}Y#%Tmg_t`ZD-R|$;rjN{1TD31MjE=euqEOCTZcV=b_?rXvnKQ@W z$YZ4@XAxR05OxAToFg~I(C%V{waII2M&e*d3kZ-tlWg-;iPHa*Smfs50|JcWe7ezIsK_%Sbd+o^c!)IM_9R9N$y|lIdk?HmHG~ zRixMm$QW31h4~lzB#h`N<}~j1$ur5WI%O@?ecli#uo+P()e|hKoMGRY+%a4zhfE(!L+xAh%;DW->`rT ze-5YONCvKDHP`_oyUOgyMdaFada2(Dnf0&seL;fL1jsX%2Ut{1BHQoBD|)Jxhj-zy zAdoqhS_%fPuqVG8YbBTV+d>(Ok|Wd7bQyp%^*|s*crkY4P zDL@O{_tzr;(fbcf9Cp((c`dfb?3dWFYR_9H1MAeYtKiZCO#v>)3mR_dh| z8VMd7Y9>5IyXyiQWtFgGYwq9_4y`V@W**H#e`^YdcZj&}_YFYT1a=8o0 zAo%6Q*>y$+fY7PTVuIL9n9u0MFN1qH3}&|~m(!n;Z9_TDXMie<3lw)vdlLo9I6^EM znxuG+bc^g?#od4*a|%gR6AtpLDgtta0O3kW@H*swmeA%hh2S2}^;G=;UAP9p`f7#{ zgq&PrJ4*{IipwyL*ow-$arH6JPX>^d3olpBeJhcVnX;Nt!yqM^%&%>VhFHy1yRaNF z^-g^iI_!eSMlU~56`Hrp5LAq7&`NK~oyu?kjjKR&(pZzj*MrJy;JjQn;kXpYoKLW9 zUzmzo9MXMY*uIe&q7aMB){G)W#1ug7K}&s4OXoR747Ow!BfpWwA=7lpdevU&dgZk=feMhpj>Yq{o6$lme;yv zupmTM>Kn6FRLm4&G8;c{3raP(AJ79-UAO=AkfKUXYSN|(IG+qxO@f`!MYT1Uha2ie z^-Gwp!USUL-IdbzuH2<#p)S8_ZH~SeF|uzoOp%sXo$4G8$1JffF+Y*HoEUQ;SAwL- zwNNOXcKs+9q`h~^B22U3jc_@+v1L#%Xz@u@*g9ZNNkP}(171<5|k7T^juUwg!g;DVrG(S{|$ zrLd^7e@htUAlhZ4T`^LP<#G|I~l36eJl&kSHFAWYa*1&b6tFAUh3 zoXT)>^-=$yU#>a1vOFB*<4J%s<}bSwSo& z37E`{omXh!DTuAiJ2HhocZz7q${7yz(>~$OPVxn%dYle{kK0UOC@%KVTDU5d6tUVk znL5m(DiE_FoBTUil5IXZn0=R;X8$7-M9hiwC^~Lop3ueaHxp?EG%4@ka7JleEa@=o zNnFO1QniUwzxaL83hE7&{=$(GOOr|cGP`1h4Q-D4UJBwV8i0fM^BU?f*&NfUdj5yc z6wLYj{|h%=we?7Iq&m8Q#1I1pej+kvmLkO?K4c1abG8bUUy~TNhB=_>#?M?V@8K|w zp4Kn23@d^tz*B`09X?zky`Cxh{sQ#M32mW*1+T{<9`25F!c(8ixGjo7Q{h|9Z6OmY ziV@R~$}}Cvb6g&Bu7!k1`xTNZbbo;zZ3Yz9jvG(b!N?q(Iy|Zf-|Tn!vo&nMW>qH% z^@jcRhtik(>Xe$jdK*7B+30jL9~ISks|k24Ot@M`F653f^=W4htNaoCKKVRtI#XT zEzXS>?#Lp=k#SR<&Vemt`njyW*K>;GAGC^C6+f{a;~vBYTJ$PNMA_gb&{l)>KVEiH zR#}T2oh^w)+qpWrGG)14SuWJUbwAgVFMnqwS)Ay`o+_NZz$% z`0a34&MPSRWdBw|^LY6VGk`#NIsMI^u;o%$3Vn{ghpMg|QEqQHL3h{lkwpojDKb~; zMbjdl&rMZEH6&L|*{BM3TRK&b-3$i`tMXt91@W;0>U&=Ht|<888VlO32+&NQ9G7QS z^rIz@bLW|ZZ+{@2ag-(q*N&taDF~hwg&i?HF0pT!O!1VXSbyM2c#$d;pWn@!$gz#v zKHA&#D?v_c^0BOlUlsAMxc9?;poUlJovpc&!Rnp13ukplK+A8B(_3k%QTT=ouS6_a zYz>5Xj%^9riL=-jhP=Fcx7d)dyBtKsOe3= zO)dFxo8r|5d<9yE7I#pNz>B`dvL1sB7ArImj-T808ul$2*`y8XY~lf`_6nxVY)Zzg zjJ@DNM&CjmMZ;>+N`vc_yx$k)lc8OP{&*z?#;!GuEpf7Byy%Wd^jwv#QpN_QWJ1=5 z$s9~vKFpJe&dM-e&tK`z8*5?PG*)?C^F)EXGXC0hornUy?ru}CVof`ULJ%EA&lbcZ z<2huew0fn>u8ZXWFY>&|Y%AinjHeur!tv*o-VtJJap$jfRaJv^qu)9iSX^JZ|LUk(*X*^~j@Rr3V&6!0rq-@pR|OSe%S~W27esXvEs*LNobmSV*r%0e zY-oMUNnl|q`OyQcNX7;h-W+fC?i=GKH;{u`{evmu(oeo zS$jaP@`wVM&}U1?qRj=6P=Gj&^Hc2Y9)Cr8!_TJl#F^zO4Ef zzF0;OuBVvQ5>BIxj_ugPyeeHDJ~_3Vw1zlPbg z6wIpJL&9#RNuEHo$eiDoU%F`M28*b-Uaxe(XEf8HA_z0)JZWtZyp;*#V69eWdI*#A)?J1}G&l?46Wf4oSj625ob zB2czr@Mc>pPEP zk&mvzcMZ^mk&$GVZ8qx$Pfv<6d9)1tKUE6p`|5ndYkL`HgS+3K#c44RE<6?9L(9t+@A??dM->;x(nIT&#*RBQ%a%x`USKnugeM245(Kiy zbr~*OWl6{n#=>YL#FyQEGdMU9blcCIcZvQ=SrKnd z4r*w{*b`zk~JNSCaH?j$CN*}d_P z&n0|(|5p)@-z6cuBew1;)Uag%i4*tHVdK z1nHVa3igZVZzmzAFJ4Mdc&m1oB7^uynbzDIl=j+=$TPEwjqUVKlra|gtCJraq@@z( z-9B78cf4>LY0|A$ap$;JcHl;&|CA7_FMV)ys{9ooKS9(gXz;(w#X4_0BsFoI@&2cB z08Yk9^8<`ty?4>@NlCkAg^mB0h);P#ecl9p8i%q=+LnW8341gh}CaTKb5d} z_N8)NqgOJiC)+V&MO9BLyeG50jSlbN+dgP8oiTfZk ze@iD{`t&-stu{Dc>;K?F2JdZB+gIHu`P5Xzt>lTsnb+cT$r24sJP&yPT%sW?_2_4|mn>P>#8He7bc{ zYJ{+SZB&J#)mRnmPIXOBPw?+V7Rd5FL`Mj$JA#W6%r#z8;WpG+zvuX?ldlVpN}>=a z&CgT1Hhe<(9j-5LW#CC;*pZ!wsJ>MYODQN%ab?woQxybV=r}m@w;fUpyG2mtw9?`h z${Mpc5V%l$2RZZ(xdv=;zXe!|J~c3Px8@owPo~3R75YWc59(>G$8wlL)YQ@vS{Cc! zmf&(2gXTz(KTX(DYossd4}3;lt|qkd%Q3;rIB|80FJ*#s90K+RAW(Bs;;&ngJF?ie z&(#^kchhGw9%cFiBkj$Uvs^RQN$e#>a@fc-3Yrk_m?#-uPvcpkTZD0oovtV5;g)ve zaxm2Q|GJsmAE_de*}lm^MKBzRU|`PR(zK!ebk#NSj0e2HFJ_OBG_2d?P#wOmG6L7_ zl)h%#s#Mj=V9MX)@)1N6z4BM zC0=!KL6eGB(4G<%S=U)>r+g#>t>?=80co1Jh1ix-9AQEPU{?wwp?|~&=4uH95T<=W z_*GBh3c|SOOzBicj{!R&!vs>3Izjmpc)wH;%vI=U^;_Y#ExVYx#qo-ZKpNhhTQKcM zaZhY`+x?;*`)FHLRJxEW=GBg^knP}iHJ8HAEF@vc)lIGo;GHmSkMWnT6va@C1x1)j z+fvv=OecXQaGw< ze{AXxw*{rf=owNqvD!?zqCf7rLIIFs>CUviS`gNLcI`GOS1zNc)$_jE`Xz8d zw334|;y{4`#Zp?SI6Pw&aml45oP=KyzcjR%85DAZdoo{mrKjBHe-!#XanZO; z(FGb=_-aJh)wS7VI?j4b~S*&ag!0+C(7W?VUf`<2blLhL~E1 zu%}7Lp-dpn1u@5Gs1n|OJ~3R%VggcHN2)m1cZmB=88NMIlMqX-F?4vyKUhxws$i3ZfbN zMRIAyza{}7&W~QsT@RG8HrFwhq2fteEiKy-qIG^X*~!v0UmI1DK4c@{23Lw}%noGk zwPTYqz>?CCb>ZB_W5CdklC^#gzlc5ElK5_c8rtZQQGO*w36rvT5O)33G!-*M-r*gx z=4=p%*;{A=s9Ft%v_VuyGkS7Zw5kRp>b76KQteyGW!foV+pj!HP>Gt>s`bNkZvqrYm=+662arx_! z_8p3CdQao-S;#cjyAC)Q_Y}uxV*IXMdQdan-<(DSWmWTgil=0@bBfzY-Qhy+PI2K2 z`8B-&hLm`OQX;&Kqxu!Oix{VF%K2NY(9ssms&wRag;yTEleeZufgCoqQ97;z6J)HC z=nfAF#U*AY%)xD`oXzA|!*RMJYsS(pV~C#gv3_lx&U zyswuYnGYWGvI_AXuKkEfQ64D^%a{$PoC9}Y(-}8$t4fieF+K-A`ZSKs^w~$L15*p zVwP9MqL!<*@-6*UN~Y6Qx7@2PqiRGyg>?+%dYzG_LH0B|UApP)n~(ENlY79nZ zDB{7HSrS5VoBhohT%b8R0eOnm1&JxC-(G1*?H~3YTaT`)yfXiDK6p)<8(`chNG*dA z>nsKc^7+b#xIF;P?aW{Ct^WDgrj3w$wG{vPdDr~PM~VcW#}`K>x5nug)z}%WbVm@! zs!7wft!ua0L1e2MfN%1QB7|htd zr}Z-tUNP3#pp1pveOE3D9$bA3ZOK+nq7AzGQ*f=hj)Q{(;0ieI8Ik+ThSn5 z)iB)GITd-P24dmLiW zW8IP7W4)&zyO8g+II~@%M*NP(%-k$}#k%PFLgNMqFN8%gW+^(|e(Vk3&P@S_Z>ohepjT6!}x!`AYOS)DmbI1H)Kk-iPV)#ZlA1;4ISF{iwLe0$Idk*WSKl zOjXJ=t)Y`domACc`!W_Uv^ju=)XQdGe@BUl!t6Nq;VLTCvqEFIYhiE&?B(nn5HzGV zY0|s%4f`FLrr~2!;-&&i$>ggO6m=hrB{r z6Dx_xy*H?^!r1F11nvxr&wtodqSr9EgO_)lpXB{9eyj2=wR9;o2)7<@hY*6$O-!{Z zGAJ2hLmVcw*JBj#2ByQko2paGRM>}0V>NVEL;F&lo$8c!x||8*tCq%*3&XR&k2b%U z?1E=8#d<$aJ3y(n)z>2W6?` z4T~%si>Lh*GNxgxbF*I$8N*scv&a*vWSa=8XiN*XF^uw4`9x9$pzp2 z$Y`ZDuOle8DzaU?ptTbmPaPOJ)diqG(-TV2i-N%;OUBl&xpwdswb=@^8QC(vQcU(P z0C7OAw8rd(;usC_xo9()2<|1n=9sLlovY?xu1E`6{Z&P#Cy&zab=vQ|>LUqmq@^Vn zjP|=?iHhm7UKpd)PgYr}?)4kE<6Yn^n4oUSL}J(*^~qTrHD;T6pLUB^`Gc;%BXCKv z)GYnN9ZF+VPY1z{<;*T(3cmxGAiPrz`~#xs2|9_tx->p-aw~C8M>ChDYP`hKxN-Pi ztHTmIE>-B7LeoT{4#$?Ry#iHD930)W_JzD$rzvu#Lmt~W6@K$m0>|t(b<2z-sivy$ zfsno}@l?a2B{%$BHap?rlp)qf7F*Wr?M&KhJUIr*?@$wmgT!QD=B`EqnNjdN4n7Ak zR5p1S2(~5w=|for^i3fr0w6Gp-0q(RT6S@#bB=+AiZ?pnM&zHK^0usbM#nu2Ne@WD zuqcdbtY%+5tTU^WjGNMd8Os2(MoSX!Y`9z0|rr*bg}Q+*khX^2BR6FNrCem@<*Ej9PBVx2$SaG+DZnrXG0) zberdGwz&5h2D#bL7BLlks3P9EVC8V;w>gkr2rhTB|D>i%eFTWw5xPMLBE}JEB;B?a3&4uNbJ4?moUv7futvg&Ov; zwYFtx_4y^p)w)to|<_XLBslv>JaPl(>6ZA>?bjQTtlI~HU#e;)X_~{V$2|1Yrp5madxwSmLu9R4Aus>^yudNV>ZRm5uKXWn+RhB(2Xkb- zhwBu3$o@fiHwy|lVC^jK2~who;Ibu_F-v)DdYTOPW&iK`va(g{=6M3ZBMBUVob&P- zSm&@NG0SLkn`@W#Gp^P@enOOE&v6Nz2D{ODLf-QU=X@n%DFbY(zLyP%B%Shs1r>8V z0cZhX;ibd#v)Zh0FXOQDHc9tD=JG9r`F~pZO^v3XUA$RWSG(r3+FzvgNfRg21t-eq zAC;Bq!tE`RXhF}IkeHsYVS`lNGw<`=w2vPLfdrCX;N>H}2LF^&#*&(xOs$)L(eiaB`U|`tJb*3S zi^`W$#ga~O#$-B791~1p&bS*z-u<0mzyCn1k3nKyGLDpfrwc21+;b-<7@|qyU$s#) zT;vFZ{{|Il5Ab(>`vryac>8uUwW2jsF!LXF4^2Qe$09#Y(;SB`aeoC8Fln^rEq?%l zi=+s>i>~LaJQym@xw)Ub`>i?b=P^;t);V{_0jedkZrN zp{sv|x)}<><8i*62WEtoZ-%+lALbr)>cvRZ)&FA^4z2WkI| z_CK%xVp~=AE!W##IC+g}y@yNnFlmJ{m0t^l30>FkP zl?A`->{`M|H2$sif*9mfEV9IN^ka#gonZS3UBHz2yFTy#u^Mim)$xX^c3-z<;a^QR zKD5N8Bbr`$U0)(rOjW1R@atfSYB_cJdIsxzjXao9{YV(>F+b!Q87K_BeC_ zkIU#UU%c5Kw0it*7kuH9R*yJM4=+%AB3+eJ`%EIAH-+l@@stnIM%rS;L^caS6qw2w z0n5|{p;U3Dg*)J;dU*n{eEql3$1OgLb@US9fZrfbh-L)meQ*7(X}ucEgSGZvoBJPW zCvihgnIXC(q$V4iy&1FLG|ond?R5J%AiWS{RV;1|)}&t~bP-YxC`p>b6stkuO?TQ$ zFkZnm>b^Aguv}b$yN(zrwaB1sIKZmfrFyKN0Xr?|Xvi?im@4XVn zK1R|e33wFnb>3L$(rIUD5;SORKUkvQv&}Q&j)M^{u)Uw)w^V(%_I6h< zWLC4Xd5T=3|ESC(@S7>p?Wj=W|aKWZ6_R}FfLe<^>JOM%I((Jz{CkD#2>ynPW0;L{ zs(Rh_r~P&NYlP_j28zpmVvrYcVM%mT>~vmjEF7x7xu%sof{mf229ih)9Y#nr>9W6X zm8KXQ#8Yvl%zla1{3_Nc20&Q4a-Ev>Pi9ykEy(rs_`(F>&vEQh7eVx{Pu3XkMt4IK43)KoU;=LZ1@w|ook?R77jtw(9@2z(si5;-TVck(*Pi-6W&(~vqz(R0}{);;H7&DXW<8ZXpd6f=hOMw}<9O~y|KJGSdD{}w`km|Y0)k2wC98FwZJ#9aBSRR7ryqW`}=G>U;|&s}y&bP+N1 z=j&fi-I*Y-sK@nx)}-%dOD>#;{QupJC8)99`lpPogQoMIFNH-XB44E|U-t0scB>*x z-VX`KGzt94(t8J$_ApWbIE!Hl~y{xe~RAbiS&1tCrs{5J~LcqBhFgt)r%cz@C4@jn?z zBH+7`aE6IR7w|t~*3S&Y|G!EpkeC?EDo_fk%Bu>zJpZS-HS*8F+vDd;7u8pbo*dP z#;V8Gf4Z5ux@j2NO9v`pNdHGdZz?F`2Wwb`Ww7$4|7P=Id@%}*ORJ4*1_ z3I*{DA1S7G68|&DZ$LXKz0a?8fG(r*F0LdVh<~wId9&9fv>BJdLh;YCe*|JIL>oL= zJ4e3Z|JO827JH#_s~@f%Nc~UJu>vv|iE(Msu>yG;JGUMj_I%{c+(_nm!5~pWIw5}9 z|A8AUzl9UT-(gl^VWE7eUh(&>=Y>+OnZx!#J?V{_ZzQimSsSaX2FmkxW^>){Dr=LyKZD zS}NwO)e3YXeBk#RzM%07F84zEY!K3>_q75b3Q_?Wc)7;GL{(NXQSV9OCppdwtogB) zF((o;+7pzr;C$7kOjbuw07GBl#zd(Dr`|6L)04it(+=TZWgZBs$KvZ@7@sK8ETCLN58apSSsHBinm&^&kB!Hs+Zq2u2FqQ_T^x1hOyi#x1 z_d3gVPWY>V^zX^D7AV;&BWgj7O0$<6M922P+^UWlQl|&FAL*6M+ESg#zoV_+ zI>row&hIVP@T5J1QCb14F9Y`f8mf(N_GsHo`sQ(#31?yI+s>IB?T!e%#7^<@D z<6%~&0WH&tFrij6nojw4!SRczLruG{DA>X>X0fzgI#C^%+XGXjl)3ZQ@lgjrk{*HP z5<Wo6C9lq{5{!sjUwtE&`O&fl<5j^?Y9@!Ii` zD?9!*3!7m8!hL2)j^`rDV;#;!_eXheI7?uL8S%&_`o~_(@yKTi^;{4NvzgmPpPM-# zO6<%%UGgw1Ts_2v@d4NHcP`utOn|K%#SA%CfVFSien8=4k@Fr-*Ibo%Y@XX1?)>QA z1|k0_(yyV}0KOCp6_$}s3r%MGx)(gHr+*$!$wE+YE#jTx=2CKsh^RW<0^hEZ1^eh? z_gn#vl#*qstQ2;jR4%jv{?jIDY6md#x=S!od38^FGVe>X4nN9Z#M^GXN==)RVk+BL z4i#(HpD4I~3MT(R5OjMH+pPdw=!FCFpN29m*FNNhcAC19Tb~*5iE5NoM?;DWk%`)CY{)k^n|37Mv@eK}U#^teE+k4<#)WB8 zfbdKtomda7&k?V@yVsWE%bF}xgsb~CLv1Q#gjM$P?3M$V(Cc*G8>l7#R!FF6YO-!} zmTgy4@?p08n>2dH`$?o8ysf7|55*s`m=R~~r1iv}(tP1U_`hXkl|maBGJ1@Uj2zANq|= zR}uMsQF(st@&D@sd_#=?S>P#YM*d4+lu?iTCt{)Vjd@~i>oWc?;L>_)zLQOqC4&D8 zibQy2nUWKlUgB$=o7C1{{{tYhWG0`mp6wZQj_82N&Qylwnw!m2-2X8tI#wt2`*;+- znQjYIVIOVCW?k|A3mp<`^-nZpnY69Do1&iPN_Cqs{y)MXMMU$>f>-S{TtBbCW>pUSs)5~9@L$8D!KCNusO!Uny#usQZ z{RbS$|Kaiw_#d8C}R3=?}^Ia6^@6_Bt zTR&)OAn(UKHEggdh4lCZ2sM>3|C3|uj&T0Z5G{>}n|2c^=EzshWI_*m9;7CQA zLA%vWtMWJhf5)ebt5q)%9BwAly1if=l{F|(tGFx~6Ihz~&n1Y2g_CwubnCptcw`cZOVO19!dT$PbHti zm1m|st~c45e1~P`u_55Fu=E$DZ)&#fKa(^3hYQhztA`b(wj~8f6fS(^<%PiJEFpU_bs+ZiPMnP=l@KUa9M9sS5PvO zg@KNc<60Z_NFx_FHy*A+n;V;5L+pdrhet&lY9`7tHo%sGcywtPbS!nHJ{e3tv`tG@y*CDhzg3Y$gwyQV6U3e2n(RCx;V zdo6u_@%XHJK;mN-6~mUAaJo1}mQUM>gsw-(nNY^&8M7ASd`W~j)AG{9cECi3L(ov3 z40pNO2?t0M11F@p$jg6x5E@hOzVpmXC@35-0Dqy*?! zrnIv+k>y#m6&ZpCsSnf;Izg<9T*E8@T@_H5d+>Pg{dQ$3N&5`P zkhUB`w$0GO^z20NxgUv-OzNSn>{O=6`0Yw&!p`gVdXLYoJx;^PijU`M3eWY~>T_B{ zyACMR`{itZ%80_>&2Pvu!)V#X5O}^9Z}attWbIR7$nLt8tNSqbj*r*&P!*TQ<3fP{ z^_t*faQ)YI&FbeggQcS4Gy{j#=6hS&^AX`j*rM0icIC6@LfL zOcG3{50q5_szvt)=ssAedE+jNVF}sJ_Mv)nDDU!Qp2y>qP2J`8#b$Hfwn+Sbarl*__4SIuAeOG< zE%F-ksHJ7iYEEgX{Wieef|brNiyAet#l_^s3YGGY&av<3_r_ zZ#kq$PgGFz)pm36tJ6jNqKc7)x2eh6)oxmuVVnd6vRt&v;55I_V_=B(=MrD;= zz<1|^iDB4TFArDmpM6fgGPH+O`aiv(tlVM?Hr!1W@ut*9-l&~F&5hW=mUCmtGamKk z0=(|7{xmHq2lzbvAQJW}NorbZI2FlCbr)^%sI9Iju857}k=(z#WE4H9ZX$c$2fW$$}TyVvAN9C@#>?X0G`M zoB160o3Y882zF@%pUJL);Dv}D%MAiOaI@dzgEqGP@_|Se9Y@h8y2twj>Jj0)0@wxY zg{`B3+}#o|G|emhHr&w9EgP6atf5HZh>+h72_Ydqc;Q=zx@hy&SyOMrZGt5rAmGK* z`Y6#7(4%g|pM<_RKi|DP?D96ia`|b|j{QsH)=}p3+i|0TU5CfeqlX`3mtw
    jNK zqxI^v(nJ3ikBtP6m8_&R0}a5>8=MOVh%{zf z0G|G3EpLJs@Z!NMJ{MaJMc4s;7gr|<%BuJkuVb;d4sMo@%9$@?ssQ)r+1R;7@Ivg{ zE!x`Y-VEyyZd)l;s8?L^cfY+~zM4F)Q1`7=cV4y$0L9cqz18N!ZAcR;cEIC+LsD5~ zrjZ<=u+hPTgHvuSG3^CAGCyO4A;Eojr_KiEe|sH$D5}5d>#=#*Vc2prtliMjeE)o0 z+_V(Ci+{3e;E1WaBSCGNmscLOHl*SyPu$2MV5{4B8@nLmso!i$K$0my1>*6iU=j75T@n}8De zW8a>Rsorq8UGDb`h-?q-?JuNqcz6IoYRVSbc8=B(&dRcgh_NCT^-?;Am&g`tLG|11 zE#te6us)B+ljZJm)K<{J>c73b2`0q$5LA!KfX5MR-Yox)>7_?0)TE{m%Z}xTZQ>4R z(WmSF=+irzj+>rq5~J5M#m9tzF}9t$N{8jUb07bazGtaVu6YLYMb>K(ZUCDorS-qD zC+(H5a!ao}50DU=rDU1`kh=HF)%q{7sm&0Np%{~pcC#sh;|f#T`9hh(;z3j+qu2Aa z#|D}5?@jktr|5+qqj1>W^ys&l%LbrJ3?-&msf?2lOyK%MUDheAXv*oh5*uH^m53aZ zKGtESMV5ctY~Xkon_RS`e17M}`E)0vl0vBc@v`A6zUBP7&cS}QrOB9hmcweP`*^S= z;Qo>AHsJoo!NUR8=5_k8S^2NL0-PRk*=vHm`Z6r6YkYFkaNE&At8_EAVgAbNm(Yha z@^ET%e5tIxp*M8$;vcJV{H0+35f%1oVSSZ*dM%x&{(8MNN7vv#A=2^0a|bSpQWNt) zAUl1npK?j6IlU9Uh<4|&3StX*&e(o+-|UC=UcAZ=8$G7%;?4p4vhFWTKlw_-E)}23 z-O#MeVE!&<7yTorS<3w10XH*2K8`LTxVlbtqIP+&yyS+OM_1t!91zJcE?bImxpLqT zl!ug(^YJ8R{$&jIGQRq98-TauaJ=uZQTuv*cxtZ#;CXO9=rZcNNV;EXbdvDJX-;`P zIjroUlIU1T24k|VwE6s5&4V8O@tIRZl;$7*>#|NevI}0ou>dsCSX^B#1E+aBJgk3g zO`!#=(TzYWm{$zrSOI_XwCT-!y-w@~&0@30Se~|(G+}R zP?@Ssk+!f58&JnQb-B(jg2Exh@6y1fr0Ihrf?=d z-A}oyh(6ErLL6>PPltCa!F|u@J1|cryz8lYQbDcd1`0Qi)cAc$owA4N+jIdpxpx~p z?Wtd*!^JPm=+abF@~q)8A3jqC^}q>GUqJ;z7mTqu-y83Evw!ypvnA?*vQl_|%d)Rz z*Q_+o+a0P8_!xFF@iUp9!}*`rGiS$IUaRj#moSBBqJtSIu!3B-h7McBWQqM3t*4lA zzZRTqXWp0V$FbXdzZ97~z6gez8Yn&!MjvGBcOES`M6#5i2+fWsOT_1OW9E=zRfJ9f zzJQiUw8I}&AF(P*q}B8KAo?Y_nvkm|ZZ^r#Iz@%HYK1a(m~G<%Iby8x?IqtQz_$8l zCiOo$v$>@7n(tBZeFX(67GF1fGjngc*pV3k_uTm-Y!>VwVPf#v#Ptc=*3`rHXiZeEtOQ4rRB#k-320S zhRiesvrEE6`@B;Yc?B(EDvY7NyHsWSZ6r2i};_Uv6hPXFy$>GEtU{*=;4tsmZ6ddJDfSZ>4fX*Atk3f z$!PFK*!;%T%FRW_cikiGmUiE-e|6v>E~43@_9vs>+)6u_?~xS~_HZy3u+ccllGK{H z=g3yLt_6SA8rX#<=`~kKmU4BL>6?4P46!J+jkTPE<6+zQzt%-g6pHfSt9cEZc^&!w z(=)W3ood8yeUuQ0sAri(#J1&bXv$a$HrW zdQSuhHVCkQ2Rh!fHiILqE@M`z9-QRSWH~RhpJVh63R6qPfHMww&y%8WKWWow+L0^8 z)%n)ZjQjD22?0(qx*wv2sZBvn21D1jWv6SDFCmH9!|nkZf17nY1;}F`;5ak?!QK49 zy4v#HG7fHixh*c>_|aLWNrZ*kPGR3tE*)Zs!p?+t86UM?9CnkBEJVX0eKheABQNQP zi0L|yKv%xS!p*-}AI4Vm=d`(iyPintXphQ{EJe3d{7i}t_0FTe=>d0_=cNszzf3qv zN%B_MJ=m|YskaM;tKI1F7I~7`xQy+eMv>U?1;^QS@2Th5yYp~yE zT$-fycT!rO9e2OOct_40JJGhDyFn4h)NEYnOSnK$P%oL)QBvISCC0G#zhwqO3e6%O z{3@(D4|~1zS@-46Lv}J{bCxB9jM|gnNb2%%aRM_;b#eDanvtJ8r@e?Bdblg$j(c3! zun~ZY+2<9JkfO|V+4O_Z?=9`ysmR2t%M%~>-|Gh?J-W;oqREZbR{9Hh3*cDaNa1|`v|YJ^ZBMiX;J@g(zGSl5P3+d)7}8Gq7V+US#lzJ#w1ZL<_wvTQ z_k@!l`tVE&2q|)SJqz2k9N}eaXFc+#{sNrbH2VOIkcfT{^`9*0wyol}Dk_rv@lRH6 zvufEOMbu`DfA->$pNe-WBvb7zd@QysFHhj)JsiXo)wsWQXZKRF0^yj#c&7wCz;J`M zIU)Fy*FQ2HKT+4o?I8XpLyr+@Ir59WV}mC+L&n5hz^r^%v2TI68qAcuq9(kmA-OPPUW^Gmr>fxV#U= z7&l4ubKW*cYUY=bSbo>GUO7I1`e%OMr3O1#W0WyPk)JqIgpmuDl};*ZBkF$+cu2n5 zI-d%%+9F=V?Voz7g_607R<^i>j zQ!QeoP#D{Z#KuN)B2_5qdga9}NvEYVp+Ld$%(-cEqKrKE`^|7|NDWdfl*U1*5ND-P zzJO5fAbUQf<-60GmoLHo;U9T=A@oHG@00u`ipCQpZk%l04hN^c_s*y~_|$gXLuRhD z@N~g4?-u2h?+Lrmof}OWsU!XWJ*?s`;+gg0vSy6v)61Y>)C>{0l@toMyEQ0ICja&7=N0qgKA@~eB? zn&1uT9&?Bdn9k=3U0Biv*`SBA{N=G@GpW~lx$wWp!*>YervmH1EO&1ukolqifOpJ4 ziCW#Ij<9+{=*m^P+0_*>AX>=AT6%nZn0}QA>^)-qTIl}CL>adk(VQTZXm4~-F=i6I zT26)#HPn^vXn&&e9VhRe-?FhNh*kSU!QT3UqQGJGeoK>Wi3F14w?PqMX}D$r`r_jA zg@cI_v!jp8b;a1qCmeuF9U?%{K-^GCq|Y#kYmCoo0?3QCnNgELR(a)z&c|;z6Lprs zqfmB6VWvYzIleH&OX140{rb5M2O!|eFr5-fAf1iS9Hb8+&zi#)Eo;*BwP?KlV9e7C z`xqdwaD@syZ#F_cvRY8BcgO4hbokYv?LQXe*$wdWN zn#m1^*ga#z{k^LcOS6!yA) zJqPO$@mfV9yK&x7Y!~!@MT%;3pVH7~=8;&4O!M5%mN$6)sLeWvwH*5CPDJpPmhXGD z<99|Bk+Y8Xa>>1YjzS74nbyJ-Jjq;Fx*P4nuiRTy9fC+U4(c@w58OwyI%))*z)8EM@ zR!*qY!u~nosLwQ%V3MyeB(V) zjmJ~YP@#Hgl}J^^?7*}f$t&V{q`Zk@x_U-2`o$Y7jlf7bPbqFEIye3pJExt>sH@&X z%8}nu=G|Kc@S({0JBg>6$Du?!2%@!qX+Kn#sc(GQUC9a>7S$+)qakGg%-iA?e`Bkh zA^n}ClWP6#h}ix(>hbz)!*b38hqWHhll5M=wsGN$WtDrhp0cx@=gr%JF=7WL@_r@z&YCr7sE9&Q& z8HdqAai^drJIy-)P*c`Vu!)e@i=yCF@KXKPFH)ZSc_j|#Ib!*3-VHc3LW-a0NN?hG ztxqRYC>lrYG^=tnTq;pInUO)oga9|D=_p@DT#*)ml@BhUzW0io)y^0J)jxT;V{wMy zOCE2mmWN0+BYpzH4`;(n_U3jVCu)fYq4P*``k_(qWMg@833};)86iYtW!*=Vk%*rQ zVsR47XgOj0s*S1vMiP}nbr^nXJ4{fzMqQm!Uz4?Lga+bZJy{o-dYy4f998i@d3 zoKr^_?FfBN1M;(4h5cWijt@6CHxuV7l?{dITvc)C?)R@<47$HQfu{^nnB{6osLgAj zZSKAw4$i>0h@%71*`iRRs=dGh@aOw?F+_g@VvChYkynkOK8fs_Y-ThOwT64^YS!{b zbmVOaNAWI68RE5<2{lKu4vBPJK^`WfFbxLstK&$h%V1EYGEwxyY~ziM@ra5zFT;fT zVARBp1^RLA^Lu`pV_|PoP~s9}h!#ygw<6p3{#nVzlbYfE&owGP7cr&n267UY>q9Y( zG2aWtWWOUjnd%fsuBNv{+ptB;tu#-K#!#X4>H5Ou-MppZnL&_kCq&#>JutUW5n{PC zkca=I&q8m~Fx%HfXz0LmbEwqUoy`peK`+CTNcv;MH;~1LmAyZ4m<{OS|2ifLv^a9= zIK+%kd=uW|$v#RjoI=#f^zxtC)$xdpwd81L z3455`t?np4X2X91MVCwb1dm&kufMg}l#k`~o<#BuHkeONE9qU#*8ggL9WScU$HlNPzUdFAwB4ry3R_(#qn^ zln4;?pWqSIh7UkxaoGlgt~o=^JD zZ;j#)RAvr5*vL=ietw)I?;SK{oXpPn-WTgbHs2a92sU5n9mZ6TABg$w-$1UNas6K} zKqg71A^UsPAU<;K7ZbvMR{vyF<8Qk5x%vbexLsBX8Ry9}G)(YK+mxjN8sJs3N zzIrn8)fcTM-Dagi`Pe1Kz3TWIcxHbz#8G9jwvaC-x7Mt|V`(2A^Sv-o2Zema%Ch?* zU7{gl{90(C<}pt-YpI9n5pN(*U+x{DyG$+>qmVYL(@c5Rxj}$X{V&4nIN_Rwij`Yo zI@G`%K?(FQb3(=hr}FdGv`O>h!igA`%5ZCD_vUF6`T;DtP-J`EPe>?vt?g*@?AaOG z*=#GAHg0U_%d#qClNn%v&0`jb98p3BXHs}YA3twQD# z15rhW$g@Y7c=kUWw!AY2AV8tDe+uCs`*g;IQ?fox?;_AfzCUsshf0u|R=G|qcR?E$ zawa`rjw?2tuk|9h(2q$8^$b6^@vQLQ>M+shrU}SsCh@h{IV$8+*?jybP6|WmgqC0H z6e)fJWo&%M&+{i>=%g6QVKsfh=z;ck*$@KWAcy7Mmrf}5MpbZGydT%qqsWi)CYBHU zvmuCf3o2wWR4xhj2|XB#rXz?X1xsJL@C;LWFqHF9ti(+~k~TMAe^4bGvtpbWJ0U<@ zy~kU_oU)5dDhR3e=+9J_=<{qbAQ3Xpii?$l%?Lx`WEqcE9Tb zFB9#@o#(-p)AoSL)#TLJ_DmM$ukF^Y!Y{-F#ihVC8u?wC-?hs`Xl(Y*JZxEDMTa4K z#9);mT7?%X^8SV|SxW^b^zW3yr7*^_$lAG zm>DOYTXP>l;#R@`hR0UYMq}vxX(RVVGV`hl3$Il{g-}a0K!_WS!QxBR@Kw;HOezou zO~jq{LDJ+}Zi{E*cah@i{0eEnyt=a27A zuvS`j!Iz%c&qkRzpkot|@Jn+l?~7H#!^_O3fhT!gswR%E!PkE0Pr_;>i3^gu+PZ<@ zDrJ9-eqb>^d!DC8ZiZIIF7~HH6cCLa;f(9RP20gWdt`p5{Bfnn$31y1So3^0C%vvwzK-IYPA4|zKTKltXR9EtU5}3&72?4(%r$_!#XmrLFqp=6FA=L6IrJ3>OU9cF(417tv}*&A$vPQ zRID+8ugFSR5FZf!jIlefTn!q86%s=ou};36xZ|e7e+xY&Sa`-iV|GUlaJ9G8p?P_^ z#uk0KeaFp5_{K<(_8QO$nhF zzU$XV&B7j5I-JK;V2uD~TMRPPrn(|y7w%GX%^9baZ}=PwiV10X1g=H(Wbs;7-s_cA zla6D&iI1aoaxkF)gcQRF1k%Kx1iL#DL~IZX4rBCW^%|uxoDejhMQ3%tLuH?GnH~w< zjnI;O?zDsQI#gmln?+Iuml^(RKaMQ$?$-L9p9m|sn#70ui)+pL!a}=DhSQ2YK_#$2 z_pCLD0I4Fev9WY>pY?-|JawJfmo6LU^eP15Z=|}BP&FyFOKHEz-JFi3;yyCVx?}74CM5jjn|%9Rz(C)jXJ7qW0D}0qX=TF-{VKTLLqS<58fxb!(TNuxx@-+ zkAFiME}NDY8XH0JYxP`hxCG&($C`SHK6=49f-NrLjQ!7hE{^Rsr;bMe3AB;yn$ozz}2Nug`f8XdVnq(q`N**I58x^EBCiRNOyO69N`OK4>gUIh*nFa!D^o$Z%c>TJS8DuwkO)t6gTgl!sQ|J{4=I zc=JOYd#Hq^ZAbLTd)OA~25Q(%2`6Sckf?mV_%wvD+-za^q+qH1<- z9J!WD0%-Ddy4Y>%904&(j$Idc;BuABxta*SMt652Kz!ikskeo_5-Xo59l_ggIv_r+ zrwqg@+ed2{h{I#6lNUJAHy{rRdV8c09JE(v_P4Sb1S-#)vMwqpj+D-RrGxSGoZbrS! zUi^iQ+KQ*Ui;$HZvaCGqQCwOZoF`(21YM4Y0$o8*AX%?z%8q|kE4_e|+BQm;26$Tr zB*_`z%1rUN`p-drX7Qc*Bdt4JPIqBKBUSo2u7lQR%ddME{f3YIcTgGmdd?MDOYU85 z9AJnIC9SA(ei!1EIKe*@3`9HH9gIyz@ztpda$1e8RBl{T^@RE-TqXuSR!kiPr#|V1 z${4Boox~YM+%P_;Y&$)~^!vpPdUocpq+bul;hB`)iy#aZtfF%h7fo+kkCwig55brg z4H*mELS6F~o5{gcYMh1G7>Jr%_6F%lHyk=u(=m1(!wuiEarwW-IhD+^eiFbMdUArD zZu()cKE8}^u`?y~b~OfwDKiD(cfaRz`9d|jd(D;-339}6ac2}5AJN|yv4_jcxDLmR z)czJN8s%3iNQ&iB9)hgp6d;Aq)4|#3iAA!^5#gmq4mRM=(i5dP5=bf2wTRi--J}E* zORkj~;g88LlFWmf+`G3Scm!-?WX76g*=K3}hr1D*nORSCI+3i$JTS7?9|_L-3L}{j zmnTBPUfSGPg-Re|8x+`pB!=joiE^*3`Nd<-S$h3SQmzat$gQdGIf>z?PRq{*2JsZK zV8b{WrXL#ip*oafVNKw8@CT6Q`yeUR%IINy+`h!L~=Mq`LLsJ z_Vo=xpBKwNkKE1t04%oz7rn`0-2;CKl!BDVI;X zyHBg##NF{_4IP=&`nQ8pNC2KdFn2FIlUgP{hJ~dA5<3Z{Bpv%Fu$N`Xo63*;&MQaa zbP_Cj^zHE!Yhx0pxJ8rDC$HO3l6+(NL&`FUx9&Fz2=fr(%6YF|EQDpa&LpxEO3MzB zc(^Fz9>SuNF4C_U!KXqETsZRop;a+mwK?=2w^P;vSZw2=4m1|_j& zQC9C|`V-!!tQPcXnB;BOYo&Pi_)r;#iW7*S3TWKTPx~ zhT3Sl%2*1Ud|HetH!?^$aT_n4s8EOrrP2j7!%NFmQ3uS@$&}(*KfH-C;-=rX(w_XC zI-*mU4FBG{fd2Fk3#+}g`RK&BdMl7p+(ya3po2ld$Zling1SBzc;Fa`iWReVZPv|E ztPQVHn06E^Be9wpbQBMVUBI=$-Um;r9_&tzz&wdNWBL%NQ@=vjiH;f-Q~`P~kl)Na z=F%tEMmcPexw$2fMbV|*%IxyUUKU*=Ra~|0)3}-lP*@o>a8aP&@&3kJGq6hqGj;M` z{xYF}2Ost(`NLsyF$qsjN;v(vy`%Ea`gIef&eE;(OK!fuD{0ldoAWV!NlyY{Ar$}K z?DaRc#G@&Vthbzw^tiUCVSO_~q{}q+FGI1p$=4mx}*bjqg7fx zF^qe_KEJzDtBx4-CAMzZ0bi^@`ezsMf|RBpWts=!PLvh$2Mn6&GcBpj_>qmR+B-Sl zwwO}{qv)~Iuq)rEIm*aG)Dy}6`L11On_WZ<)(qv7te)jg5lMbgin9HMd&mXTF z&^%N{dvAO6yEPlekmuUk84ChWm|sU=qK{QLIxXEYb~~iP7xeb*<9fqEaKsObr5*B# z;5fr{0_|_A29C@S@_-!_OiePScZML_Q1E8Xex~qCpWAH`HCCFsA`|^yV$*Ov&as2S zgrxo?1wNo(OWxWY$jImB zm!7V~-5j}KaE=@N@O3&f(y_vX2atC{(MvtIWuX}SmE9Yo!9K)dtKVXl5^}y+bF6o6 zq+e;tCGX)r=H`stGgIW66g2;gSVb@6h`k@vUBOS$*5{Q$Yfk;2XVH%z0ygYsza+HJ zvZ*`!SIw5#vex*dcvN}y#37QcQ?UJ2DeC~|`RHyX(f6i$SIsc=PcUzX zpg#-=W$UY`ZX$EJYPw?|>r&1{FJdV%N$(G=xpFx?>9S*dQYV>q>u|SzMRyS?>Os76 ztCEt^KeM<}yj~KniYs8RhMKaRJ*lmE9-HeG;E62BkI|h*9odg8MdP@v-I=-KvV4tK z-;^)D)seJx@;oi$C@RWfTYDcw4XCCw?6y<{@dGu7Msoe_4HrA$tJiuo6S$qT^y<0Y>b!d zXu;%9CU7v?_P4)!Q`MA`pA6>vro$i{5dXpF59&#T-P`vW+eTzFmb;sZ3}?MGqZrNJ zB0$;UOQ%&2XA!0T7NJPcfjN$~VLRcw7tq!&wt?5#%UxfocC3f??j`m1#Q9^JZ{}1l zyNjwaBB;&oz$&Fq%%U(ycTl&Q>*4qH7%0qn|y99Ue2r zvMY+Ae6IvWr3n#=<^tN6#pkQF_f@cc{C8l<4}}Jv9_^)BBtI&O%Svj%(q;+3>N9F_Tvvqa|X zmIKAI(V3K&_u>2bnNO&!VuA#5ik=U@v#fqMiEj9Pp^Os?;l?55+q$%s?O+U&jTmmK zo+FFyVe%JiLuLQ;6&m507)#W|4rM$Prod)Gu)+KaWlTY)-Sty*jPp~Ii6ReOs7iZ_ zeT1v=l=~TFE*ZGdmR2bEIt+vDUMi0k&SWSckI6e}-OVUw!IX=<*9VsfVlRz<0|%WL zVAy!Y4?BGx!g~z)+*iv{F>GK~o7W5$m`D3Ja za7md+A6jfm_N{1pdlr$^sP_vjGLr3hc}09Am*VpkY2Jbe4(M|B@^{R`rp zEiqsC_U+i+O0T+D-`Ov&3Vs*&^ha%24IUfYnGFcF8!jnSqV-lbG>?V4kBO4gZA;bH zVop%@t4}pAzpF49iXEgCj4ct=xTbEhV-)X8v8>`wqS;!U3A-)HGT7!Di;lY0BfMsb z*^gtY`-g?lm>YcGcQ2G};w}n(k`YRqp|gVA-)}tJTWXJud60shH;$~1ec>sNIfZ)G zJ7Mj8k@kE4qs=@WKNg*pX!WQ3+IifRZX&8oA+E4A1A$>CpzSHR(0u?+@d^)TWdn}A zys_5l7W-zOlJ;K&t}BL4TM!IP5X|`+lEdBOO7IhBg~1*eU(-nD4iAV=`XNzhstm~F zn)Ps}0h%eK>bYo`4?8i+-k&gpYDr=vL)3QmCVq88#R}|FEQS1T6h$~$@YE1ECtYNc z=-w6rrnfI=3{cc#atf_@MbjyAAgR83TAo)gnuW(LT3+0WzUU1ivN=KydnbP0%t?OS5_*m77+T#N~;qbmOzwS%L-z4+Q!YC zVb*PV8vou@shbnsb*fjLZalL>~)XUfyqBSRUsE$qwoRvDjUM`zT}OcHco6ztEP zTagyGvO~S@^mc9Zi)a9FA{B3k9Y@=YpIdEG*HuR)SxAVDUYQtEP3Wk5e=EbI6j-j2 z@rf{-1SmBd5~FPtaeP~27|U*65dy|m5+Cc>(S)7l1;e+sgVCiCevEuJIH0qIz^ zPaS(?o2w9<-ZT|F6?35oryRuW@PDc&Yd!NB#5rt&i*A+kGISE{rY+|OjC5vngF~0w zWivLY*vZ*dgFzJV{llk;ny%@Jx7=x21Y$0cA_76ML3L+ITCi@fy75|3NYHB1` zDMf<=h?U!Hnkfc#7-ZWR8MgRM(t05LJdRQ^cS6g<2FyYV>M0A;B|F%O`hbDH^Yh0F zZ8vXkzNFN+2hU)fRffq#VZ9i#CpyI*C0Tll>Be}mUYR-`(~s`5&$2i%k~nLFf^ZOA z#lMsU1fuDdQ!7<4H}{J3UCEHl;R_4F$e!eS{A21wWYTXI-`wIyktj#7<2F5?)prks zS`pYKOqkI!-ek3R%j{6`-6~V<^f5eO=ql71q$8cxxHH1Qcd{+pBAYL^J%j9C~N4q>5nNO3t$)QWtYdTs>3qNc}HnS#%OLNgv73n+v+Il?hVH&7vHUF z_iLt9;QE*%uvjjt+VcmIx4m z22IRYtW8s8aOvA zH@dBxtiGUs?aB9O^Vy7c90zR@1^d|Y8Y1Ju$hXgXy3-;P$gm$hdOlmdc+H74a$`@a zpp_STbsTE9vNadMmJo&u?63VOIFup`^kGVy|EcEKrp!OpOZ>CEsjaaVld?RUE>Lhd z(m{W5KG2>EFMa827Z#d?JjqVzj=5Cz zEvAAXc(-->kA=>J4Iy_C4)TXBWBMuaeFuWR zY-08(M#XQMyzKD+HOE3j2{na1wsjIm}n-F&fGuXPPy{nFa+nDhUVsQ9~EaF)*? zOuOsl01d?OUQ;cPtoQ;>g5TDnz*`SK|NTzIM3CjoIKx{4(`{NGsc|LIP`&keug&kT^J1HYE zZ7bIdrP5sNVK>uD>TKDs|HC7P>~Ta<-U$U!el*5EVwhVprq7qxHo+GTcI9~6Mu|xh zhc0Mo_p`mN!YQPkw)KJQHSbwXctj6kq}Fdfx4)UmivC!la=0dL1?cl67)lkiBy4^H z5$WnTeGz_$G9P~L;*I0!ciJo_mUT;5r;*Bd929B}E8^)XgE$y0Vs+6|e`?(`wRh4L zla0t1pMtccxM=|Vv{x`V2Mhui7TliOewl=F?pv4a`<^_s$S7OqZHq84Z5z3aycyZ> z_zgbZd3xiZrvjP@8IZnzqqrr+I3NL*N1;^*Zdg$}0|`q_?FnY2oW?vG|cKehB*<$j<8 zk-f~%^Z@Zq?IhCi)v2`?RJGTgqkAN}6{=`vmsIckrYyo%3uzo8KGh0Y`gI)9%LPq6 zuwB~KZ~2#(Fu3B}@eHaBFQwH)d{4;C?i5M=@=;o73}^FClfGoQTe<_C(juB6yxm?_ z+hE&wGjB5dR=J6*2Ca!r9aiLur~RUi3ho=-vYO@`m{ zEl8t~x_up%#Bvd#92lIfSSyRQ1Dd$|nn^4wZQ}p+0_ZS<+&Ph;4a})?qMGZB*Fz?1 zY8tJMDz8T?mQ;&;esjwG2q54MqGc^xYic?2WhDmdbKF)Y%g6U^`{szMTYCTs#Gwq{4}kJb&^unP5(6N;D}&> zWB-S^R|@(EZ(<#B#h5bx@ul$kq`f_qcpfH$Jo&bHEUlee@6}Glq=lPvK{VlvmPH3A zQ2_(zR`lJ_Gub>`OHaGtoNS4?rKLFEX)B86`>o51n)q5eNU~{W9o~a{2gNVyS}8sp z^6W3Ve98ND{J-HFOiRfXf`x=Tgoe-9Qg-+6k+J9uCD-w91l0ceIG5sBCu7`nrE!8$K}TO6 zW*^PWDLm|2^)06;1CjQ0ZJCJHh&`UOY`$3>!}`8UV20<>aD5K#Sdp$pt}#VktL06^*7}YEm3hw>pwy!ZdWoDA zN5Ds)z4OC?8TeL>EmjsgN-X%ZzqnE^5zC+0ao|gcw2sAfYek`Afk@MC7HQR|ZLRm+ zi)YhIt8W|c-#*pz$S;J)o9Kply?y-TUE9x0LwPyjSh-jndc7@eel~we1|9cD9915= ziv*I<6uEnw+F%4fjzbvcBRyGJY67s!rjqi-m#%|I%ghILrEUEQ)}}j&|2!^Mynrg! z@?9p1Y_WKRZ7G}+l4S74DYS;Z9ry4a=-L)k`VAs&@j|6tIulAOIeg-N?PXzi9*K*2 z2LFLUc8jsh(5uzZ_Z)gN7}S*b-?es+vatjb%SHK!6ei%WtYMh+Ozc>>hn~^XsJiU#JdeSx`}3%ALfq7fQ{OA4%)PZl1WYnADM!XUA7WTI1d8r};in znghfzHXDKnZzc^Fw|y`K-Z--N0B($=Ws~guAU=9(X*)36 zEYenCrexOg97&5uRzup2=FOlmhuN*n_GT50JhZvJM_O+WU_@cm-zM5JcLww;8E16{170D0rl@<=j4l%9nGPaRg>@QZ;ig@n@SL zS|Zq14T{4m4QJe)k+(P_iy-G@fsw3R96q>6qlzuAmZ#=C|HO1>^_!BSeEar?^}XgL z{rT(Xxv)0$M6i&)$-;{aRI@moA=ny?L6&HaP^)vS)oR|qQ%AE5NH}6!Z978WAMRWJ zQlu4hIyE;;?HFVYV2Dl6#G5Q_6N66Df{~qmAuP67*KsCX zd4Ipm;f)soWJQi_geR0S+el91(P(fXd#;P_zmDM+A`O!*S&5X7=(rZ9r4`o)ZayY* z<3#=B{TS0dmm2x;jk!$l;uB+<#9^FmdPJPnK2IW^#QCger1!##Z*dG%nG97{ESGJP zFV^k~i~xF<4Uk#ToNVuEWE$Rgvf+fM!!G4vw-SSQ#Dp>`0^W8BcfJb4TXt66Rho)n zXlC^@qZ6a5*Y~?TgPm9SwF(S&romq-%vt`GEHFH|INpYe%YV3fK0iM{|Ejol{{G_p zBUa9v4Ys702Qqua%!?rBbNTrgr(Cg%FUe6s*lVY4SM(6uwM!c) zHI*C8hd9>Z_nY481eTJdn%+#m^pqzUKJu@)#oabU+SH=nYsF`jefY}kx{BneQ<|)5FgBgn#UxV-pP*2wzF1i|-7UeLL zEigIvanEnz-B*gZ{&RgS?=vmS4w{lyr9a};U7u-#7-YdPLph0OE!T` zGD6$NdtmW`HSRl+RGKiJNQsmCTV95w(d}NtX~38xnW5l=kw3KMRo~gBIkl+J+pFqY zh=6Na;;v4pEA)YGhK(;BVj)dK3;ni5+NGE@?2`2CELB3B!e&w#lGM=US?YUno-tnB z_s>6kIPdrUm3aOyE7FXHx6D{3nWEQAR=4Fflmun{^Rf5o)vqv!L(d+piL}dYEXp-k zHK@3gaAU+r-oEs$)E0x?C5}JCa(*Qw?XNu!=x+y8bYBLZ}GEaov*id7}s#kL~4-0QJSq3S>j(%R3I_ zNBhei1oBx*az3>@e}DaaF5lsLw&TG5tcX1CI}S^k6(N!hkY`5~a&(3l4|r}9s>68l z_Vv#*Z>dqBlhVq1&hK74(pJ;dO2(TPUl(RDt4_|XrXhX2wk1RoA~54xX8<$wQEE?w zKoqE~cYl!5}%_8x9FWm_{7-sU2TkJT1C-M3DjvfSNANu`%sNA~=+*YJrI14*%m%g|trEXO> z)?haJa2uH6$d8e4ty`Se<}1>Bp6q7v#z)LsCcvyOw(+hQh8oUbCX$T(*zd?%wq@0D zT5z5nuz1@~H6Gi^wJ=LC%slsy@8;*@A{MYI!&hBku!AzBVwm+lt947#-e_!>JCs$gL(SP^P$7^3Sf3DKH`s1q~=EF^7C`w^h z{|;mu+3XB?LQv~dD5)wRrEAoXnb}>QCpkYX+c6}CRLH>T%@1MDP8{+NHpH)Vk&lky`EzXC7d`%WUtG+y6#3C)j$?0~@H!mKq5Jq2Z z4bNY_o9-^gG#W(Ovlq{?Ck^N9xd=`%%$mxzfqNy_@8-7wFhi20;$*@I=Rw#O%&Z`E zniyslU#?8hZIuT@XfPTFJt+IE+OaoqDrJDq108u@W$1|9T!lKHc1Ly0Ecs5AjHxzeFU?yFL zSpi_y0G@$O$;|rurJlcUkNUoK8YZC_#OCMJx~|Zu?{jM-(?+t0_gUTf$A810KYo@- zidl(%*y?)m|Ae#-z{n+tFqkavMY*LqAUfcEU zGQ;5Y%gpc;`^44hbgJ&$JD3&J`asC6O5peHk$(}#oW*XG80B=v8|m z>fJAg@rG@ouBeNb*&>GDP#URLbz_o*494ho!yBEC`In zgBed#y79HURA{DoW1QQLiY0=wlU!V+QXvsW{bA0q&f*VhekAf#NQ1pB+KYEP$W#W73G2FU~|UYC2*_H7|XbOK$olFQ5dj=Jr66=#P&V$!Ram;TXoV6_ExeBW)Nzzb4!9 z0L+Au+Xyhs!jf_|cQ9TK#&;O9S53EuVWt7hrrNzj^9>yhE+&@j*&`T!0A>}7?_ikS zib6&;OjO5h8XER7%%(cDd~|lyx!Ups0srr8 zXmeJ}EXAl-x);ngYzuW|+)J{Hxk`(sPNJI`7HL4LDNQEQ{&)ifsgNB}TvLu)aEQQsZ{ z%yzJCK?BURrGf%Vx08m;%qyFrR*A!~1ZD{m;?ndkllik98jMJ5gn>U47g<(1;%fOT zM*y>q_*uzpb9MG_fB%2~`q#hy-+%hIjaqGkNXx`Lne9**Toq|2>mu!^YFksjJ9$1c z77g7A0!NkTH}9Xo!%79($r?Kj*B_6;2vl|@X{99?yF1A0bDjs5Js7#1heeT*uLZup zNOLG*62ElhzCZTiS%!k=hE4UB1y2=S3BwIZ4U{bW;v&t^;@`SR`*BZN-Axck4K|W9 zB^w9oX)H3{r4Q~8nLF`3VQAY$Z!jMFl%w9GrlrE;lQ*}RyVJnPL$kdRb#)ccgBQQ-?yBe_F0IEaU7BPvj5J(JuC14{?Am2dhNj-=Trd+_L5}j3Dbx}p zrTYGnxA7ykKzl%GP0Akh$3Dp)LMJH8UXt1~4oH7ecG}1ds10RM2`0z zFMyp?TXe8%pqfAQZt)2=-GTQdKhz`)xUS%60GB84PQKkx`G)c1i)V9@W+VZqcS-s2 z?GyMdyv0}M6cP+Go4{TcXgB=gBJDu^?TfT;cBPfK9qA!wQ4Nj2%;+5o;?)L697CsfBxgI|KWqe`rV%Wlfyq}tXc{ik<7mUcB&Rn1h96ckv# zKk5gLNh_*u%=X3uL$%^}slW{nClf&TCQhuP~ z$1t44`0^qxjLqLN*rdHjd#b7^OV_1Nn@DhH^Ws_w1Op7%Q6fGvgF?Kv_w zQ7K85QFtLcTxJKq1PpH!URccH7lXAUDsbo|43oJ_e3_#6CXqI6CT6w06O|mZo%L1*zgHZ=A7Yrr05cJL1GdmKlX7kDl(V!K{E`HqS=A({`@FEOQT?UN3Bc z>R`J=%d!Dxll#ET`08sAX6c9cYR;QM_Jh0AutQeJizP%%fw`o zdDaTd3WYWbL%}Lv-`~OBLl|Za<=`%zaGEBiURyKTPFiw(oAEx$9|AKhUBt;9J!yaZ z`~OY0)%^XM&+9LL|HoTTcd{}kRLVurXn$UM(*E&({_DT|>)-v||NNJK{nvkaKL0ZL zsY=t|zI~=e%Tz`$$eddK`G>JT@M7#im86da-HiRQ&vGz2 z&}}CeX1(o96fTT>L&r~;!EoFt zEHi!WmL~I*WJZM3t+c34r$cqlcwVTN`NNdf4%)8G3Cx+*@7H1{?U~bidD3n*-B}=k z`SxND;K*pYnGCHT?@)47XDEK)lYMrvVYeCtPU9Fb`f?uU%dJemh1j`Hq>ay^bk}p` z(P-r3c-0Oi@;I{`t}~J6@t(+V#Ir!8NXlo$s54KntUW{5%nRQi52^(XN4E709OYQE zp%ZfT${G1h98Q4?g}*SBdYz?`cI;N~6gp(+$;HTW+mhrAtO1Mw4BX?{?9LYDcc6SY z%HMQRE>l5x2)AG92m<^o@a10wp+3w~(>)8aFbIPVXr7%z>)k&1dL_RsqSW=i{I*7dft0DRt*4kSavX+u>Ev%_$5#3Yh* zH<)eovweA(K@|q!^tTH$!)QGE3Au65SoUpcmv+T@-UQu8_z&@ihJ~qM7wrH z=+psb7TBM?-hDl3pPud{cVmS8c(E{2s%Gvf!0ZFSjI9GNK>0vd7(jCsR(F6`0cPH% z;Qx(bYx-R_pEU|O%sdw>G=SNWnD^Q_iO%NzU91CTY->&yab5%k$Y5B}X@_p}PB4q~MC{v>l626h0qXlKM$7Wfa1bovEtEee z%LR8PdSOWMW!Ag1NSj=fEW^KpNVB@da-~wV{S{BzSO1DH_;>$~|NQ6oDe0wia8l{;!tdKfyuWzu;yV z_4dC(|8VknEsY7lEcyB5xq|!*!z_|?3^Qv6v(qe2a40m4KIbE=+X-oqY^7M(QkFx# zM6dcPi~~a{0nB=hWNZ5#J&3zr$ujjfEz+J1P1aHA zc!BfCF8)%Mk8(2BWjRldEke%+-ne1rXm_mdDm9kjm)Zcc^RdO`NfH+Po1oBjlbV0{Kn=EBPpnvzg>-1kebgvj6d|lHD#hJ%PHiK zs*_dtJmLLt7&tE-$J7kn3@35u24di(rRja|q44PVU2pd`tptx0ek7+r(&@vck(p)MVz1luU)so+4v_-UCL?y$t zBYYQ~GXBMVQa^Bn^&00o-Y9#SP8%n0pMR6TFM6-BmJ*Ic*nRzCxo`lRe4!jGjd$-G z;RhMRj5Z6>0UdG{o{lF%&CarH0W%X1VLw ztV%PC<{N<7Xgz1xj;gFY;LD(rH}Rrn1x^DwrfwLeFaw$G)W7+MA01rGk=y7dscqEI3tl*A!HFr4qlLg;=pY< zUe|8jb>YAt|ANmR{hya#Ig|hQtH1n}B&7YzA8#F#CJrm|uvW8t_os8^^1^{1*1kx- zMh)d-_1(Lbbf8)_3`@Jp*UR9DhtYV5Q{;ZYQho&QO9)?}s(c|Awasq$h9wd_M9ndq<<0?XDLz=fby#9M7{|j$@Wt(dg7H zC5{88;1-hEf=DxOCDOtb07pjZ;*e8~uDXK^x%?4F8m`s#!u3(zP|RlRC{EbBaYdw| zf-x9d9=bW`a%wtpL(l6Wl1!kGMIBiam$i#r@u1{vuOo z+l^;VwOvKdTu>4HQQtqsp0=r~qR{PjfjI(LojeaEwuGZ1K4LkcUbOlb$O+@Pd50FN z(}@>1_x9}3XpEDEllv(P0xo~Qcmy{~$}e&P*vb`rrLGvhL~h(u5M|jhqP&+%!;R6* z$r$xqww#}T1ckx*yucT^3LLPl|Bt=5>uub~+C_ozYKvo1!MU2j*_Y?nyo31# z`5UKJk@~PL%OCAYwRvpYw+U%1+&~QLDrsL^unY}zu)Rd>4T88$ii~`_`xjJBa|rd zMW8#InSO+8$=qxXjDJ_&mf^P)O%65^O&`**AE@jqroly>EHL&{C#bTd;85-m> zAHb#tCv@hMGah+00%lH>mTn)nsViwltVgU(!>LEWtPb}htolCyB!ZhI{gclLvhV{b z>fj`qDYlCmcTF7l`JcrX{_D?w_|Lz6lot*7=g+qnvlXO9nQ$~OI6J>Vf+PKtb@oNa z{^8AMt4ca09qQW}rSISTv1DhpP_msf*h!i>jgu2z<2Ax_tq>xz5rMVkvej%Vod*fE zRlC?P{Tm!{X~rCYUpvJXHNa4ZB-mnKT(!-pIoTk!6f ze(RXDSWP2aT?fx86@_}=j*{X403ZNKL_t(57WVjb3b7nD$qfP#ahIgJV-U5By2&Wp zDGo_Un&V^=lG2^;leM!`&sOw2zATxbc^1t>NF`b|@eoZU zT94My(a1A6-VP7E^v+Y&Ei3y$cm?IGpXbK2NyKUqg z)M4LCUCnVu)|6_v<#z@<7L+=pl)5VGFgP0gwYzn_s zF=4{Ay_C1F=Hj$k`EdEm>nBzE%QXv-C=c~fX zhVPrnbZU(?7?#IDloCrTufdd~nXWznnB6)iEjEbZxGp#+FU$qqNh;X`05fuzJvR#u zP%pV8;3q#Z&yrSx2$=0Et4>yR$EhN%Bk!~?I-_&XW@)_?P_ISvdE$7;$r=Z_>MYFP zTud9>=VGozE27C6g`ikZqh&a=yvV?}m4jKIfQOl~`)43d-;ik4PBP0Io66ZDjUG;- zTc^Yj-dEDotmZgSuY6*ON1Mn3V7b{pL-lP5*Cb%3#CmDb2~h2>p0pK7JOA^~|A~t4 z{^Rx}Eoex@+6FuP{CsaWN$X6{&!^Mr`QK5hEH(ypEO)SW=U;PT} z+s-Ix?ZjbaHe*e^zdI^TZJMJ~YYrAoET_`MC3fB13y*0!Kbbf6Tqup4ks;<+p3 z_e0ySe(%Y$*Y(-De;N#Qviu<@^$TZt(97W%X_iI^@XYm|LuvIK|NDt+Z_v(&0Q6*X z5zJsH%B^pnfAWOfGyyX^0xvuV2f!0ZBM!A%k{Q+#mw@3st@-Be*Q?(ck``kw7gy$rw%V6Tosq|y}CliLo4*0{_Tl? zY7#Kpce6wSFhd7Ru;G^d=Yg>+WPv|6s&2rzt;IrbW#jDy)<3&(yAzK8dp=v9{?{Ez zn$#e4^n7{)N!vfCJD1bb(~#NJr7+q*zI^l9)41ekVbE1T_aw~<#dLa*S9K8J3whxW zMM#W)4_GU;Bkl3-5D=2~@%KsDt98iAdlsbY;<}~2gOU_CJS!g$JrOK7`Cn0J>kf$n z#v+fF18HkN!j!NXi;jaVL1gB0H>s#lXnh7r=qGU#_ndlGJWrfnYjwc zW~G{QGng%I1hZ1g0GRC&FpCJ7nQ1UU*MS+sNi;Q+;p&z~b504E?X9qx*lt1@>OG-a z(2|?`S`KE{&UQ{fR(9+0M!1O^j?M}&+tu%dBXGzgBw*G_ljC0UA9syO``gvz&i4QN z=R1co#|9)9>EwU-%&T+bLn^mSs&&r&!)3X`j6Om^H{U*-8Qk#W6}Yze&;{ z%-5M2aq0KtT9SsnRDZM>Er0Q+PqVUxTqp2Orz5Acvh5Un>>(?hhJ$>4D{C3{^?wC| z-@%i%O2Q-$oQ?8ADl(ge;rM7yQ23}35etq@Gsj#>yfkMRCmON)paMHH+UfnLnZ`FS zxCGdar_*ZpiH^}^fR(giF=d4KlWhSkNiu42%8P6gj>RDA;wm4h?WU4u>l9=|C!{SwHPXK!vuECJA@!IR z;<;(6~}nd4wIHjtkRlF5~!OwKBslWEK!G za}(1@M+D3Uz3a(TRYacU;#-Cs7>g)ef*H!o72XESI2a9(nuXKMwLiLROxk}fWjFr$ zkN+Cn)05U{pwK!S?R~WK$o@99#>2*e$a~?1T1ks9Uw;mY+;XW;)5VQav{_~W4n9ju zzmv3GBrS{m+-j%-tvu4!3Zt11C+Rc{V4g_JUP>g2RSlJNxU092*@MNZAoW)xa*zG;cRYBlFRl zOqrQcx|wVka$8TV5E8Wz8r_zofm{frcul60%wMD(|+U%hn{+vLw~pcSG)*)t2r;((*4{r~popUFQVJ%4eRm^7gwN{!*bo1RZ@Bxw_* z)d{I1Z{xyyU3~fS%WliwUm_t0+Ksuu1-8ufB&cu4m!szIxVD3&*`BLBGLp8=5s*8- zgyEo09moQ2O?vBnrS?p+P+63iylgE;2HNRV+fQx(P60T3P~m5%J$Hxg&f@U1QN-rs z*ih2w*y8K+w7;);bGub>LS|!6E8c4*ffHfCm8N1Rj=guM(Y$q2#87=3M~;&TW5n1C z!^VCzcNvLW?F!^)+}LRv>-tx|zjxCMry~yL{9H%%mV7{koDwZ>&5>n!kI}c8vCp7E~S?+Q-WoY8ag_C*iO@AYf(* zLo^+)bKKe$-a|w2s2Jni5b}MIo!YHC*=(wQldQ@ewmXYQUdb$6=xG>AH_|-59;B>I zzzqAWGdbG;Geh?imx7t1G#C3xhVMqwjIBGos@VZBa~cRqxM_6oEDF|OMkaDTMWunG z$ZTrc0A|bdv99J3FpJk|r7~+N(O@hb z9*FgNPr7ht1v2K9SgV(SsBTe-b1k8&LDsG-MKfc^FvXDd>Btl^ML@iP0H|8QcGC*(n6H@*u|Tv zlkp9a9eUq~>L&UQo_2Rnn%d*MUKPxzJm-C%<=R|HanCfglzLT3@#3 z3dKoiPi*(V6}8cvl@0x`FTbOaIJy~alC-!q(-z}j&F4tkAaGtf?+m7Y7 zFAk`3VKLYN%&er38|&EpoW#Vty>R@;ubT%DipMhfEk_nJ>*$Yzu(Eyo4`!dqQDw5 z)v8!8ynI}JxiYPh>!&5Mkp7F0juFAsYT!mXxx`0zF0lTG019mWuYdgGKmYO1|FuW+ zJnv9o-9;lb3?kP$bF&*rn)5dgjmUv|Ze!ls`0?zYUVUOaxWYEqJ4r*Uejpq?Gy4%& z7P#sO3Yp69*5{4^lvM13>eD3)r(D!W^*r!>R+osMl1N~1p*Nh8!R3X+)uUFzn3l+2wdIU7MW z0z*kWN4bzOM7dVCf=3x!YTj%(FT*%gMO8~|GRo2|I(Ss9R8}0`%M=6ZpzNtlF!VTz z4?JH6VB?@gCuivM&$atW zw`B@!yfk6Z71rptDMgYfSJe>Fk_>G@*!1~m(1V6Y{zs> zN7iGav9V!B0Rc0b-K+oj_wzyRcu>y0WflT3gAv?Z_{q4O%QGwou-Qr9LIaR z!K`FJ(J=yMJ93Ne>`5bN%VG*UI8yKmXzOB#lGF;7!uZ z%l7|zGfA_MH6B|KRJ16qgQFK;KL4((G@q=q_H-M0o>g{I-SDGeAoN73HviDmvfnGH z#44VK_)!2`OiOUd`)DK~ydd17X?y41K&XQZDX7m|#JsdC27#;88HLvHhzxdt{E@8m zBAEy%tj**Ss0)$9fX-BV#O#!{h?^-U1POQSzW!j_on-tfsS`vrC=DtTvuvm8+Tijs zRNEypvL#<0AgY~3{oAC#=zCyM%j$kY(Aamh?7E5)@g62~B`YZ06S?)Q#}AJHJOrV} ziv%7hF2LQ&&5ob*c)4{JhLg#BgZP=zv$-@BxuG|ihSs<)G1XpKsMl&#^@p65%Mz9D zC%x7P(EyL;S=3EtW`E}+iaa#&1fXF<@=aoEf`lx2nb1E!B>mTq^8RTBCwd0`GXmdm zk|eS#%60PVdfazC7&o;2A-yxwKS%p7_n?1x1f+ksc>YTya=jr>u=I$0i!|$1nI0Wn z1ZX+VMctH|-(!BCJm|cIoZQ{_w%40|sGx97STN|Hgk)i{bq0?|sCSX<*$;v%M zp_lAe44E)b0%l&h$_ZLN{uxoL5iql6Z9NAwnQmgLsdd)c8Fr?o(Tv47#jO5dBn>D? z>bTJhH7~OcRn@C!1k6Ac!#GH8G6YMlK$IU4CFmXkCtV_b~-J!l8oHSb@#Am zYn~SrfjhC`KjZjAIy2#siHs!RJWeDwWHp@?$ZbjhW*dRbx*0k1>QI#G76miVKm4g& zs|&!=xH^Ch%zSZ3XMT@4608tOQ8!Bam7Q|}d)5RBb>{a&P;I?39q{Cxm*GkTDajcq zKa&3I&_CgHjX8jsnHzg|Cux89`Op9S+y7U5t@*$Hxz&$$eOV~JhrHvnQD%2;CTSDG z()coRZI&|W74q%BdG*Iw-pFW^Q)H2&ffX6FJ?BT-Xx>sk@Hwl#SDhlck50ApF_c-) z<0)i3nIdnL;3#s#^HW5YNlq*e1)&T=gpvmgSs#*mrnqWgfUtc3yO_?me}b+ zSrC$T9HOk@u4P+{l8Gb7Jv{AFJ3zfqiV2lPt(Kya(bLz}7p7Z1Xaz0eXkX?L)5c~Z{15INqexeccRwtx4Vmw((E`t#Oogb1`7%c95= zFr%+#Rm=6WZ(sf>UjVZi@+=G0A_8V9fZ1S_b@x7SFw>RAd%XJF%Gp$V6d9fr%nSpE zQ_CAU7$>fGK1BlpW(_(R$GkP2P6!ehWG+u9)_{z%Ax8}f7;jY}oTP1|05e~e{lp#p z{X)L*mTN9drDS&fmhzA!tt9IN%<^1yun!5CrHdRo2$&_7EnoTR0A^2b?stKslr?0d zdp2S0CIPc+oe41;Og!YQ=+?rtp9Md`WEJU@9*^-V^skaQcG@H+oa~>4D3IK>6DQUQ zm_1{}!y$+gL3tCHDA>215wknKF7~52%E1ioC+|#Lu1qUr z5jK#8{E@C{f-515%=@>-H6-n`-6W0Bw4eVO{70VR`SZ`)Iogiw&H-#TQZM500KeK}x{?N<0DV@7j z#eQ&Cnk`K<`-9Kzk9C|uh^pL?v^fI_P_+1TE+qvu9La*(uqNl{*8ZMiXT4)IhABa} ztZLMo!y(U&>{fR_N)pFSusc1SPL6MrVx;b1(f1>1pd_1Yi0rJE=C_M97;PD|vD(5# zk(3>=zfGGNX^i7UHclc_i2_@>md-`tgjh2hS5i#d9h9jLo;*+F*)(}fu0;F&4pcj` zO)}T)1kdnhMVJ_bIHW^f11e$CN_0aw8ywhvLJZimXxEAo zmu60VSk%O1PT-65P1Bc2Rc&eiTwe38wyvg0Fpd_5n>y^){tda3O{W&!H-h$bTOse_ zgziLM>0c_w4?}+({h~;J60;m!e)W`>?-7QUM6Wa$3QU>5JC5*jhdoPe2=_hJaa6fZ1WWY+1P7rXC55O#-lq+3{iSB{;>&#+}D{#mBue&-24Z4~SAR z^K<;UF!OUH8c4X6gcH||c1fZbdwy~_D3F5b0jxpHS@m#*EEoGYlnRu^rhoHL2zd zv7Ib$oJVj-Gy$$E3TSeQ_U&jsccH*zk!nZ|8am{W)!CIGHR|+q>P@B|y0vK6LzA>p zY~t=V`{9Y1oo%rgWj%F;l%^CY*S{)-U`}uxo}RVj1q-6!Gr4`$kfn~a6irZ>+azfa z5m&^plIJ<_oRpQ@Z6%q6QHPnji32s%_t@s1*-|fdICFxbAg$j-k*ZWAD;>eRsV+Yf zd1;nvA&Q)2*A@Zj#ff!Mk~ZJ(h5or^|ICH{x$4ny3}uwGB;DdMFjQq9O}+X?`_KXdYioc zWmyW@ucF2YA5Iy&1q-^G5-|I)*@sbaoc9_vXY8epR@+xTaEnt`vZ-qlON8yFe&kIH zFhk68zEEaB!0gl9p=j|oFKhO}leDDrexX+?K&<0npBiQ4h0X#C@dJ?=So{_78ZSi00n=cvs!nqQ4@8KlrW!5HAvWf-cO4#( zIPlGV7N+J53c%(eNt^bhVkf?Fbr-4cV=_^dlH9b@z3Y-vVX&)y;@Hi$Y{*6>O}nlB zrQ}^*C6|;-IJCG1A1x6IdX&{jTIMS<4YFo9-HMrbWDTIDBNzVPa-opx{Nesu$)23~M z@ZCorefH|*XCH0fj6TlC>%qJ*iex1qU`Exw~wnBGRhOIF8@y z`<^E@_+&}aV$x--Vrf;RL`2qTp7#A5%q#+ClHH^?YFy$6v9UeBb}<`2s{H3CUNJ1eysyCHN=sTsdrBvBy6m-4@e4)Ql}cYxRDHolRv3;TC2B(+DPD9~)llu4$CEW+ z8Iwll(BcU(G=;+rwmY4AjS*P@LdbO@|L@LnIK3R5Y_JiOV7n!u;cL@QXLkx01BdOv=+=kC>(CDuCG_ z$!piEKfd|~z^u6fGezlRm*c(Z=^5xG86SK^JmHn^nWWJ|7ztS{K5Ra#H;Wk@11m`8 zj(fuJ*5In1Gy*USx6TBy0JHHJc?8TD2eV+?+2XZB$Srfmu_HWd@swtCW-6CQb?chxFg7TVxAVw_Z~ zR4;JgRo_*_{l43s00*{juxW)1Wz$xSOZ$s}LVM(9$O%4`w@ z4ne^rk;2gOMz*dt)lwnKYxFY*vlxNAMSYn#ATJy%QujJR!wrH0p{ljKl7olJWi&1i zi2aG5KG_IHTT=!-&3NI~B#nSA0|`sJ(q&XaNZmu}9dND3*iU8o!tjaZzB@UcE~}C} z&~bDWJe#}w>RuY9M%(}H)vK3Zz3OZsX>vacEs5@(IO{qnN@^E`qFs6Yrc;0!H9_OI zgsmox#@L!@okvmc$Y`d~`zC4RMfa1MGyAX~*k(a=RWT!}x0R%EyanR6aOii|HiQV5vFs}qukTgR{tfZ-?nXmz7Lo3X|j31ye0INV$ zzduHkNp#`f*3V5%ow9IC7d{7ICPlWdER3CdCW$L>@8qh-di(9K?MeHOfR9+!wx&`4 z`&aDEByCJqrPVHrp{h$-_W7&7s(#xIxpp@4|u|0-kGF*{MEPjB57nrOO-Su zkY;Ag?hVse@3^DPaq&X2-CB|$FWDNOO<2gNqhO8Limsh7cxKxjoJF>iMU^LXT`>Al zIPoNJ3htyJDt3EiMLYLE3>@3|*>Z0saCulC#FOgLPj#t!U`-k}yWz}P%S*&8c2DS& zUzakzD&1eak)aocbCcC~C!&?~E+bs71F+G*bhV$Gs7?)t7fZ@2h5(Pu9%aw%cGK$ z>S(3Rx+UOZ#U1r;sLI)8tiWL+b|gOpp{+sAYvY53>kI z_yvCE7DBWH%n02jU`EV0fvX;%$=QB?6Z(yf-APyEF0LFaRNyW`MpYo4X1=1{@Z8lj z7*;RW8IZ1DnO2Yl?E%cNudu)Vb|>G!eHBm7qwY6f-$>HJa@1k3hL^?d?l<3l{x*Lz zX<#=~LaPZgV^cetCn@_lW@yDWA54Pd{;bq^QaL;Ka8s5a3AD9+VN6LHSI*@DK@2Ug z99iYc141;8j+m4BKr8-OFH{XdJn*p4eC7uh!tYMfp5Kq8!9ev>Ct~H6ldM(}E(zMucd{CX+ z&2}4d5o9Apr_*VzrKq|xbMm~!6HXYT0Y#D{fv+>n(DF3r#WE$_3J3r-xS3!25*x%ucH&>++L&YEKN5vm& zOW@S%k|<^KOwt^GNh)>L#*s@+>0Z&k{8MpfT8+7Qvkd9~r!*Z&XyqC9Mi0lv%cC z8rs0}@OvX^3p(FF|EhVTn5_dc$?D}8zxGG_ufFZJbK}#D_M7R* z!zw|4W3OUAmLhJ3zyDxGfpw(>Ywo?eGmKQ4cu|X0ABU#7Y)VKRSObZ$FOb@(a*eW9 z9`>qGX9FZ|i1Addy3FwaY$>T;*2wfAf0RHsnzVOaZZJlcV86fZ&R9)TrAt<9rNXMK z*U-G0lW3^vJhT0NlWHr;ZQTy=)j=c6rNyG}N2nZimDy}h@fBma))}QVLr98R70g%` zr%P{r} zu4N`!a73PQ8LDg+?Sbf#Gg=YgL?C~w6*+5Rn5A8Fv1^gFGshWGMFQx8Za-9eWzt6> zs#4Zy!a7{33@oZzU-wTwsvVCYbN%n1D&2cA@=Kg1IUUfd&Rv;0y<!Qw^-jw!duilU^=Z0H?m6jGpO&C{tzhgcYFstAPs{~BI47RK92WF)X6QZR1Xu!;O zM-3bsa3s`%+srL_TOMk}*WBl1~$ z|Y#Kr2AOG6b6r2jmsj07k0I zm5HG%6XZH@y>!Z7MLzx?{mjbgUeKD)R|(v*tQ{o&=8Y|heD zGc}d$w9z5!U2N$33&_2KLf_Wse?v=8&0C;M}K|(9a-W)p7=6p zn7PyQsfEfs3cA~%iSTs)o9BO8f>|Z?mE^o;1DHXC+G8PUCVsH`E=w@G=RPlF&1hNV zKZwCte#c^t@`kubIbEx}Kq_(e&cHQ^&JUNEEW2Mx|(q??+@Pa)O+SIhcJI(B@o1c z2ViFBk_JX6JVzr(p(bZDbuwvuOu($RYJW(vt89w6n`IT zMhp&MWg>V2VAJF2n>)-QhOSHp>;3^_07-id(!Q|*vsIDvU&)iU=i7M->Kl;B>F`JEqLeMvWd48^WiQ#`Vm9Q}<)!qFa-q!H5Y>?@1Z-@DJx zj|~<}RydUwkKx(LY&1X?S$0M09WIy4!xOrR1!o+?4aQE#wku}D2o0bl5-smohP_Vk zR+HJ~I?l7m+Lt~rJ^G295L@x&(3;fj z9rcxCwM$^qBL*_nC;k${1EXdrTV zdw!!mxwA|C!}fzv-s~UtQmex1e#-O=%FWn{9aL*LvL;sRBl**p-^2SPk9zaR#j?@W zAorhKfFC7m$<1||tl?*_-~Hz0U;0mTy>8|#wGry&FY(b-qkKq`W~g?uuQXf!z2L|o zV8#$IW7x;wOEcI=pkP)fgO?622%M}_ScAf2gV8*-alaC|P&W$7x8+Dj+8>Fe{Q$ts zNz8XOuiqhYpcMPIS$ccXd+eTjv#T0dv0j8>$_vbN`&o1u%nSl%XWp4ofLScJBB*h) z5d_;*nkEIaG2f72cO(b1Q7X5pr&Djx;K?6PCj`uR0Sf&FPEeB^7r;!Q72t@a2#)n7 zN$Wf0`&I;*)i7|FnukPisIS`RD+la&76RD$^A`ckG~DrbfLSY{U^XaLrW{6KFSY1j zf*n|Tw(5VqrqRN61k2EXx4gYy*^?Hf`^gJmQNDQd{FfU@S~9i!OOggWZTTjZ`7~3A z`S}-^hlUbOPqEU8BL5Lp3x}7uc*v?yO2v*^QP#O1uItUdZ)TSAIQ9rCj)=TGv$bUD zs1UV3J@BHH5hBY%-9uc@w8X?J!gjKt#c!S|kD1P~t_RIbcR{gI=5^YaYQX0$qIVsxr8Xf!C=_D!npQ#$%Z(eoC3b#lv z3H2KO8AJg}bL_Zy{j)dR{YEpH25kR3>WKr=J3arr*-0K7n3Wdn1MXlDFvFcFv(=~f z`+DDRWm@HtfLS6S&&q?Q1Twe|mV*&Kat|zTx z^Tl@O{RW-hwHFt8G6A!5D`DmM@_iY3u70eiiQhq2!0bu005b!?jOMIE)Y{(0eHl=G zsxd_Z)k3QlU{>umu{Qy!YS@UJPNyDWy(h;AWgVL-z$|YMb?>Y(TshbEG97{xq0>>` z%A|`BAt>E@QeU;dF!Os$B!c?HXmU17?H&69Y*MpA)H__^N%761f9Y!fYoyED6EOR! zT5VLH{>s^%6}Dg5GgKgHAKyUIunSRr3o63m<8(O^V=@L1*1O-n`WTiYJw5ga6J}Z6 zcwD$<#1H7WlABS@ahYU)cCXwfGW0*f+T)0TkxS{EtmNEAGCGXtd>|0!r5zWZ%_{QTQ5X6(H>GE96?1W`Bb1Wlz@ytP~kO=)WOXGw7R z6+xA!({K*D107p0vA(_EZ5og{yczCckl|qw!!UmsJyGNi5T7I?0wH-!{2?*f=&4jk zS`rDCH8?DuCp7UWD;dQTvY$ z%t{aGgeS`-leun!XZLcZ#j@PC-PWUcg7IGJjEjl`>+!Z4|6C4cC^GRps~>C*!8uNb zlKaeuvYGGvQz3ES_5SRBTRXBDT?8|uVn=AIwd8FsgWL>l_Wk7SDwyH$e3G?vL+;?% zVEqnG379q0i?M5RDe_K=Cnbpl%s2qE!BSL?6UVtY8AOhalSr~GBwPS99wmOOOSf8M zedbuxQz31!Pxfpyv1mcN>Q#KWveHy}Yn&wZVh5PHBah7f+u+I8m2BBw41Q&j_7Oyl zspc2{{=lz4oH(Zm|6xxJCo zyr%`(-mks*z?TN2*l<(kp2zRfuz`Xap39)}rjVc;JhO4;JXB6CC27e$rS4+o#pR$` zLrJmCs;Pa+pBc+~YIiD6+fVvQ^-8G~!*mG`a0uL`+F4)03HAXQ)4*A6_dujnTgJ$B zFX;b6xC7#tBk4f=iTvqktz}Cr&!Kp7QB$mEc~uufeF7+e)J?Xje>f3xr(rAAC>N9xUrn6Dm%aCz64H0)l z9-d`yIs+;zFf-)01k4!oqtCv5{W;yvNujQtQTnZenSg4Hq&e(8QC+s(4_=9*h+kx% z5sUMB-FX6LV{aM;jKyD2MRgq;2M&H9Fe4=Gt2aO5`&IUWI<%KS>j@!NWS*z^QY~Af zZ4i_*OKn+6t`@K~p2m8dBmRoMH0yBd^S^FdG9bJ4#0A>~hGDr<^ z6U>GHW_;sPp^+2hNp7@9D;^M*wgxj74Q{V$#vuY`QU4m^LBK2{U^YB@037?(Ng6HK zL`a(Qrm8efeVPm@H=S??Ndu##Dp-@rBt$10pSn(j@r#-AKpRO=ao~r~@$7z& zEHbqj#+3kTzc&ZKepVNtUISQ(+rT)0`>buTZ@phgyY%! z^YI0e#vFi-x5yj?!Tec-gM*Df5MaAnK50M*hnuo}8j7Y@umnYEP!G}w-v+V&h>qA>twb;fmrc@jl)X`?v9HZbGL;Ur}2 zWzb6>Ga&&pE6W=EUBFBrU>01XiLURlw(~$>ww zg>4^0B_xeH7B;G;7{6VATHM67GbeBs@_m6Z{q-}VWOf1 z(lqF?ZVq)OvYqH5cU?bz{!J%J@8?M~TG16R0Z2F)X@iiMjjDEP8sr5{P?WM;%w{Ex z=08PBv!6&IIgZqpFhzD8m-<=F--`

    %K&op%`|>baN&0kgh3%hqc{wI>K0lK%ymRmB|49Ndp%nm0Enz|0yR+yTr81C;FT zv$StJ$I{q(kUDhl&y&V}cQ=x@pG7$7#<6ODSAX?7&bp#>vQc2(5(~N>N}H@ILpe8|sU9w;-^t;!Ugv>Om`$88IL@sisgeIt zJW7%?M}06BPf1!AckfBk(xfkMcZh0CXR&@0vuqNMw3_2Ecx!yH-mKVB$B&{e+ia#; zXhn))EcWrjSXQXBwdv_JM2CP-hr-eFku^ZBR$?$=etl;QXd(*Y(iM4->+DxWCJ6E< zuEPPcBx!m&vh(}&p9x+#v6%5#YurMb|^@UIPf%kTVidjUFKNJFvi{G zU^3)SbCO0l^I|odOl?|3$qdKQrl*0tk|45^l-QXm6Pb}~%1`#+yxhM$9@O6~mH|ma zL0YNYn`jX*EB)$V#=gk3%)h1gDb+MvQ5La6Ng8)3FxStV;ebEL!K|1Gl9WVR_Hf(c z)RSi7?mbCbH`|&^YbepEW-pf2E#ue+FdJ)*Q`=Xz%0)F6@8CQG$3gQ#hgA`#(z}_*by+Jl|KN?&ZNmH+Rq`? zOd4JoT8+WD&T)<9%=r-xlvXHp3G8M>DUG*<5&&V&i z+W)%!*nLl)G==@k^E;334-pJun%qBUY!i6#>?I>XIW3cYf*u4zJ{=B(vz>Z-_VplS>8?}I@;g%5^W z5zG-}Q5K{R#?qiH)DPXx{o<43xErx=w>y*^&ztYh^3cL3`o48KZOo$?TiL!(D=T*D zr;!z;dqzpI-Eah<9t#Dw59#0cA}Gf^kid+D=W|e~^J}1mS)KcGyLA>?BEyONATON6 z%@Zf99tE6qI7Ub~I-&yDg8|aUlj*7Jm)^>;T=J7+%kp?P2pC?|@?1&Mza}pGr|C-! zC_y%Iqn6jo($NqFQFaSJdbZ{8zd z*1$@~^}Hd|C{$`;d{UKKG9POiRkbCHxi%;t6oZk@ucM=^^O~?6NcG-SEYZIpV-#DVSA%;s<%{5N`g=30yZ|dH`mJRf1-m2s%Au6atv(G>OcN zpw83S%_x}VU;vuc^`d``B4d?K;FN!p%nG^pW)WV53 z5QV&g08|{{%L1GofYjBnSLno3k>~@^jfSu(H?cweW%gj+3Gk%7NjmpSh%z8?Al{nD zshb#0y|WGtSlP4Brc({i`pvi3lv9!`%vqKZ3qI)*Y*5lD=@61;5bhTFkn3*Z2B>6= z8(iRuApS@z0vv(@Sc4!yP-(N-=@fBQaX9YH=Pp?RGHm)YJDLY4JhG63=U{q{iSbEH zLu)!Yvr96Wi%pwBW+(?Ux8_YeUV>3fD-O`{ z-&j^00OBS!YJ5JPr3O#NKUupu$4d@GW zr>QiZj_|CaT$hh3FKV?cb4FQ`K8Z_8H*)M|T!2|j!R&0}Sx9RXV3St_5JAxJkRxC= zYqJgkvjegc@C^!POonHE*N&WkD6B=lK=ptk z1=Ok$Ys-oN`Ca_S|NB z#Jn$0+Txe5pKnwg_`m*-;`nc0UM6X!r8avJt?|~tR%U+w`qd}8Oasq1+^%P?DEeS% z001BWNklmVd(S1`~_QKQ*1sYNqhNPyQeW5H&fi{wzlRuK2hcb zy+>GSw@WtRYniQp*!DHJrglasi?C~r_NfR_lcl>0MkUj1*^n0znuLTbXak-R2jvs4 zehkltSe{(1EC|TUqHJ>Nk<;>kcRKrwHXcO^nPYnu8%NLFEb; zFH3+|D>#Edwa~M8jvMkd(ksE7{7t~isg;ND{6+2nu0+myM~&LC=ABNeR}&!UEk`aI zZ?qSW#99r`YNY@C?2udcUx)WgNawcpNA>(n;12Tk#>l|B`k8 zV$lT|QUf<}=1i8VPcANTKYsPPb&;g`3>60^U#!)}9$Ni%CB0FE3=%L4{4ZX=q+k|r z1S86`v$K}`+Xb^`^KspSTsfYG!ECR2(>|*qm(rvL3VsEcO+pLA@#%PjnMrI-IzA7` z85xUY9&ubglFIcX82@}=D<-kW{0B41DM=$>cEA3bX_R)mTjK{Iq3Qe_0hk#t&}kR| zn8nwmSHz{6Wd+f`i#$w2Je!4}1M66}4AL8fR(az?Z2%97z<`Lw+jeYJViI)~LqD%2f1!NI!yKaSY_5-toInO&Hjc{q&|S3 zZlv~gTBU{o@+o9~uINTQ^FoAgtcGmJdLJVw4sIcY%7hqLpw4wt?7~r3cW+2ea=(iJ zA4$X-5y>Bq#Ut1SMWX~FdQIEzKNL%&p0w<~k{X^t;Tff5v=Hy#|?q*+YvhwN)OPmy@3@@LB>|o z1_bvQdoQga%frNqjX@JsF=5BeP&!Vd$C1Z5LIa*3dxS!sPcqvyBWVB?^k7r(qy}#S zwj!Z_y4Ao5^!bAaphi9dyAY~;TCgZZ+ooyTbUj4xY}uaqiN4=z(HY%3DEhBL0p!7e zZcT7-aoS!YCv@xbsJ?1n+iX8rwHKD{`LQ^6Bs3W3SAy}gZVykYdP2WQ+BXJL5+zY| zNj}AB|MmF~{zZ~zW)^=`6=@eD5{kV{Lx(6UAlwSuEOvw<=leI$zoa0hwAMSE5ZA%} zhV!6|4**VgXqAH51PWzqF!Qwu!un0Lnu6JA31))=%;;`reF+ zT~QUxWHiro`EZS<9kt}xsGOY=%jbkSC~G;gRO`!`Nmc^bzXUKN&xzPs3~qM8)gR@t zxeCh?Fk_zrnDq`giGbOdUxL{*uzeFBQ7{{m1!IL=>zSXgG~muW8Im_~Onv>e0e~5K z8{5LtDw$`|m$_~)tkx(BPFMRM7VQTY+8?|}368IR*x2r5%}Q}Ry+G0wg-vIwuJrqh zN)%D`yI56B=k?cr>9=!fqHH5FP5liA+kOzxs^DmQQOwxT_jI;mwpg82a=9~E#mGW< z_pS!P!X}#r#PGC;VIq>5!--_o3)d9~Xaq;KSExDXy3Toc$5PF?dN|f-gp1y?{fCkn zp*m@udw(6o0{xWLw_+Z43E+5E=uN_&4Yi`1Y38)H7P8W*j9_We&%0`_ys4_H(wLB` zH6+yIs3#m9h%3eZlU%q~;E@N(>r~-ibZ06iD~D(2btDZcjZa^u9f-nDRqpWcP^?xD zA(-RzbmH0$5_`nd>s?jsKUq}-SXCUL5f)6n4yB2;tx*Z>itF)L+7~+CJNp-}wwIRe zj}Dd<5Y`n3Ruv8M+5^LJ4UE>U?eqKzkb;LTQn8oW5l%aoN!s@>Kfbua$z2U(m4%(hp4h>g8HmF=4| zc8@LWELq*xEDi5=tjDsfvYl)KMJ97FtL9+FE%AzmOVYufXW%rJV74*X2gI<2Y3XDC zp(1Q)#eweqk#SGeuLCm(iy&Zz2$)TVc8Q?9nr2x`zXlX_sydW+MOcDSe7?|2vXV@u zdA{^|X0D#kNnJRmU`ET8G(2D%`f;GiLL5&^UNQ5EVF0GKh@LG=T0 z!e5;ECz}-k8q#XbDOMVSpWeu+Yr#zxd_9zx<;@_jMG!nWt_1E;aOC4>sy-FLq^6xvq>Eg;^`G^WZ{t zmZ33^cfT`z!Qu>oJ4j;I8a4xqzkLd`>oOu^Q$M4sH1EdZ;~gaJ{b8&1<$d9%}u$E)JlVonR-ASBlHslY{(7Vx69}23k7%2k%pbPoumn7w&#(192 zI216hdc&a=t$1vq2NCi$eNEY9D-?EM~n+)e&N+D(?Zlkl-TvqB{7KpQCKS)@r;1rb6(cmif?`ETl+jbk&KGY9J_E#zS4AtVKN z1~ZO;Sz~)LT5En$efSYda4Z&o`tO_Do!62yHc8l$+C8hL73`#jT#0O_=Dqytj&bE?$BLn1 zB(>IsA=$($d{cyqY$Iu#5GNo_Lt{p=v@2=lY9G%pvK2t5&>C|=P(8UT=nOqt*YC>B zn~5|&c@HEFqP1(cQJs{S07@mY?83P0N&D*CO8Z)pRvlZ3*y z$WHjttFM2-RR;t;$Re&@UABHlv-jdiW0Qt`O(aGofgC0%4r@&l!r5ZkPqIuJGWJfA zCRY-P@PTFhqI;3F9L$UxNY{31xwng?eVrFre-JP$8GA*UPJIn#LT;%TaujO#7Evd0 zY2T{NR$wM85dpJX3iuN+8);+)9wF^YT?4gm&o5c3Cj`vAu^0r*oyBMCmgV&2t7}*# zk{(Ky`#pNn{`&H3Y7u`XBZxHU!CvaI`?;bKO+^X>C*x|_U{jjRp3g10iiAZg85#Us}*5ipb4XyoGT z^;bVQ$ETAFUUhtxyXwD#+4};ssI|?L9;<2Qt-%c9C=3}-CI}6Z%B~)ts{0`gnz{sL zw}b7t#1$lsm7FTpw7C&f7ai#Ts(E%_a_{gF?=oA-}ys(q4W8n^XPBsl0O*UeioQflWsH%yc}6 z^gsCj*?YSlw~cIF7%(vxyE)CT5y*s;Nl6VMpkU|&LrHXEnnatRAgR%WX-Y!VBoJGM z;V3YWBf<(A@YOjG4o*7fHSl(T+-#hy1ZOVaUo(UG1^F9qts<$9mb$I(c4m8LTeFkR zsFzAqan(~#t*Z5`%GCG$D8(qH+1)8?R;wQffszL0>JcBNr(LL&q*2TMIb5kblU2aO zWH@gS7t_4Zkcw&c;wNR6(dEEytv!h??H^uvBn0CimKGIZmq1h6`(m zyV~+i)K#Cn(w@80J_GbaM%M!cG=UU%x~}^<|KgjYyQ^4)mi_edF6dF3YEX=n`*T;d z0L(P8I0%V*Z;zfQU=}NPhTFi*`mdbh`5y{q%62fD2XMv;G7S3&%px@C$OH5QJ;Uf- zksqm*+P;d6a8Am?r@%)rNn3GQV&iJ@N13Mcw4s`%Ys!;oB>=OyjgQ4?i}a%P?M_6} zG}4{k9?Z(Qz`$TuBQ4MABQVP&FbksekU*ii+gZBdee*2HDC5t?vlTGA1ngI40t99w zo)B1ruUcVdu0+=Ob+auRkF_cTvY*)Wgb`i5J*UNk5Vr=0foMP?F^PV5Qh;7f)jnD~dw&+ zu&KaFY~tm7KD82fMoLbSQ*1}&@`mo`l)`mR`G{pS&a9*YU@lU$a{I!$SRiTNtV`Y|t!o^Gb!d2I zsJEQ)SPzOg4BqvlB+rpNh*g~>ghpmBuvlp=X)JxKC9xOVM=n*l+@6&#+Rr3*(SCAF zo8ah9K9w%d>?wBXZ*2CKPW0j`JgC4ks@XJ&wEBt))b2;h(#H|?Ahlr0y91Iwt?A@wDfA}6NLQ7;MVpxyFCx*mLnvhXMXPIQo+Zp zjn?_gw>vehX^l^DCiF$*0+I%(migNmuJ!?tmz-25cqvh}MK0UvJx`!Nfx zv=_Oq6+;e^hQLg$=h~Yj?Q2BRhV4MOebG}AL8tGN1^)~!IAt5%KU$=axof9v4Hb6* zX2UP^q!<*Rj!c1)Q!o=M5}Wqty9GWVFynB_Sg;uxR9wC<5caA)WP=-?qjOY)&1Mdc z#R7?|&ud{%<);O05Svr;9Zm_D# zqID7tI@36FU8pcBos3(VR{MB3HTtRwsSg?k_=_Vbk5JmakG9O zu`uDF9r@LD&|XB+_S#vd-pyb8h>t1FqM{vyr{Rb~NYRn2Yg%0IUwUe(JZdvtunzZp z$H0Y*Q0LJzMAATtA1hT5vwo&<&h=BpeyX)X(uP~`^5L}Cv#HjqJtzo_8jU=yGMTQw zn&c|6S#5*W_Ol8CG$hN%ZA~l{nt^Vc3M5@cKH=y*w#OBppnL?AU#~dOV$#|M0wRb> zRw-_u+O)?hzq5rsx*sOe=^oz1d}1Bk$-_MmIdCK+D?-7WSc*y9?9c6Yc8 zw}_f@@b>64MAGVHQYiwhCM6wxGRZ<^oHwZ~E$s3P_W;ba49uS1HEl=Iv#-8Ub(QVUlf$8cYb~v=l1W{bAe=%QDABt zB<(dmlScZt_P07(&nnHDQZmOFzPbEpV3zil6ZH;zok^@uQ@SabX(cx__;h3@$R#t$ z_!U5>A2S-XG|y_!urw9~0+P15fYucAp#@-uR%djE4;ak!cYHs?NKR7KmXKC7zr0HndN-vi6tu_?wXZ^(zj% z`u^{Kd-;D~uKn}(Kfl_Yqyf!5C@RX`lb7!!X+P9*$~>t!P)Ie>3SYiHe)glHn0AY5 zK>BRFd8TP!Q9cQAd_*sigw0M)Kpcw6_jO$gn$ch!>I}lU>Eu$*F+?9b^>kGhU>NrE zP&fe8;qxrR>W0orSY1#+9F5IGj-o*2(G`ux0timGuswRK-)f=H=;#joqU(}7dB$+B z7Kf)}&ohFW(hT05@v%&p>(phLIDl4;?HiJ`dYaQ&FT=SnKUeA!p~De&Z)#b)WyB9x zcx95gnyJueiWS1ywhHR6mL#=$He4`_ObN3-)9TX_pY&&+KBFMZiRBpSogmQCHX#9R z4%G}S+vZ0M2yufwi2QU|cpiBM8e452t|}Br{iF6%dt~*F0)cH+cRUCOkOzblqIDJm z@OorPPKR2tXQVtsBl}tMNz^`izO6pPz+1R|E@_{YmiGA-dkXy?WPf(SzQr;OZY;H@ zSa25j^n>X=fL0+q7PAh%+g5(mbi~sm%`%nEjwAk8PTwMhML8_O?B@`ll7=$MYJJu-TbU zoP`B2n?yVu$*6E#e7UqWd<=mZqF4eC{>dViCbU3HS;AljLny6P|b05dF9j7ug|lF6-tk#1?<;jc^5 ze)?x({+H!Hf4TF|pRN;0E7#&)G{5`ueTf6L6_N&<3L08^D|eqf{dO+iCw*C`)sY?= zn|m|p2^T)0$;Sh0rJ9Zpq=DKyQ9;Z)aP?CsUm1-$w4I&p!CU#-5Nkw&T7g!|^}?~& z$8~&guml2TNjxOa7@k417$`xxkO%oec*zin!C%C|N+`X8ND0EVv8s;G2RoGr5bOT< z-0&ke@GZC63qcsn3D#4sp?2r}z|bl=M1;8990+OK6IKU=dB@a+LX`e;Oc^Nhh^RpgK)Q-#*u9T3MO+mOpJ#`OXO2 z!|sc!s!-eH9WTSBeaa{HxJoH*jLPhnch*?g&tL}x`iCcGEfucN zluQJH-<>ODH(Eq7>fN9h-TCt9_($06R0zifS00L02a)X=gZ-0{0;RO#J0MVi{wXP+ zKY8+bSript9?=~HW{zJLH^J$m~0?0 zg9;KjA|&QwZ|rp{*rfml6Muu?3QHp}gOJcH!M6&5rf77<D{l@DuoK0A4q6gJZe9{|j>LN%_5^$7yAX#!@~ zJ3}Ydf;DnAydN=1ufxcPs+!5j#9+WceY*=Y0m7dd>f+8Qj<)@rAp)~5fEhQ-?1elA zGmKmrGA3X{v!FVQziGAo#T8m#Id(8ug4y2QBseqlReQLz{sN4%nTcp6?F+=BeSzKh zC7gXjlD7W39!cA4$Bs{a@#4h2lB4baaIcmlQ<9eStXBT<+0(mrg@Bwz(^nl=pE?;&vWl^r$?>s58k zo65dIHls-tdmhfpI$NtyhsA80>t(gC{Zb-#xl`J;+``Z0TrH~Q3YV6Fy0{A&EpiJ2 zd$PJb7UzMZvsvdM2&%AHjRUHg;N9V527vPsn5)3<;i1gXBV!bFFWFBmH>04^5*GG6 z0vZYH`X55IR2;L%2(;2ZwbDKzV=H9OB18+%PZ4?NtpJ3_H1dEj^wgfs?144nIsj?= z0zToJ{G_CPZoB>Ro05rfmioia_5%Eo!S)G4=c$UW`jKgprP5a`(-9dszSe&Gw0Z|C zcUmT%`@|Zp^8{W+FtS_;svB;niS>KWjy_XL2-RG);zUbz-HSI00cwgL6hDR1K9-l3 zvz!FXpoXS^fJhpQ!@f<(c3?*B#exQ0pxkWl4>c_Tv+=11V756DW~dD;O;05Ld6@cV zpC?jo2B!rM{EJr3!B-{q?4rA7Z zPe*WUN7o0|WNR`98h*{1&!=D};j+FmdOR&^1t}nqh1uZBOtad4iYF}uW*!1FZ*XP> z0o0LEOdEk&vKyPtOvxO@QkzJ`W$kabzkbDm6_WP1^P7>hx?;*fmwfc{S>Y;@7XSKV zQ<)=@2B`+3SkjtqFgX71SHEx{7O)mRbtg;y+MY8cuZX0jnxE8#wvE^S0OneP18Fqm zt)!VNZ*(X0Xo2Vj5xJM9Oo~b|w^t(FcmM@;^t}g`d(+?I%}gbrp`s9>^2*-V7|${K5=W zhvAp@+dfGU+x_9a_QG!Vt7bi$T5~R(q!~oM*{r$M6@|=lL>m0cKdZp;rJ!9}Jk}uwGyk`v@1FVvc>GQ44Uhbpr7uL%?u+8jN-%Ig2|sQ<5Am=6 z$`a1KUhyOrz)Yuz-oq-nzfg;q0GJ)bZ{*kt%=%u=w8L>CSh&UC4m-|>*c>^?A6CI^ zF}@Btj%QiFoPpVUTw_?D$fu!I2d$u?s8s>X208*Wf+UxRG;nrj;ZEsJX&adBc92)h z#d@}@iIx`LpeEwYub+2b%@_HsGF4TLSEaSks`<=e*GK;0dY1`X2e+(ys(DGm!mu6* z4l7_VOVdVep4);fSG1pgaFl_WZl3{|nP$K^qphF347r3$zUf9197~ec`RUcaqt5|V zyADZ%P#Sq)HkHp#PF|bk{c^cnC=`-^FJ9$BG(P#o3%-oVIp%0&vFi4`(_dbmoTFYZ ziKRWWhX9c05K&(3_;NRD!+JLQ6iM5%)FJ=nhxIfq7mvfys=f_1(scw_yr0V?8HXh$ z=$S<`_Ri1GPtVUKQuDpj@CsF&OLWo%q1Ur7%7O7bLc89KiL1@XcMJ7yQF#woD1jFm zc7!$L#d>S&yJtoz4ycCpWj>09~x@)y>fe(I(S2^7zb%D z4EJ&YVRd0sza8bS{?y9XnVwO_Y0q=Z30AjbMa44oRcYAw>ZC2@8D;a5Jz?}MhE55w zKTWco2%hD4ZT6zR&Mul#y`YTUdD^#mW z>EP+>+B*4%f`iuKAuJo@jx!Epvsz5Jov75RZtMV<{i?fVh%;1sXh0w^tF3nYu-=Sv zKkrAD`3cN6Uxoh=Fq?)5mR7u!>mV>|2t?4t>rD+G$?@ZZqG>s&379p@P#1jdQ@iP; z@xAHh*y1S!W``X+%0+=&*SfX$fmt~SLx+zr=Ml98%s5^R2d-t}!itEy;Yiw(yI&$O z`*A&%D*~A1lwD|=*hOGATx@0~^*1##YQCpWm&^HT=;3*LWyqiV001BWNkl9*Z)MDkLtu6z1fn`nhE)eJGb8}B_&Svc(5eXb}<{qv(2Uq65G?CBGD9X&b1uj7}C*Dt^RIwn9Ka5x<10v65% z!T*gz;$YHL(41DW(Q0>H9bIeNo<;6AqxL5h+Z+#M)UFTz)!&IY+69SHj;f$3iHLBZ zO57{&EA8OaFyrz0*n@h*W6$lLoqGBe>hqV8G;U^ZkOn)peD|TPqZ!uKZKdwV(Utp? z!#%XZG8*c@1!4KJR(5S0wQ3(aVHn0mvR=~4N6ObvwPjpFDE+)^j4fCYi)G6TRyY2KN-!8TZbH%oop!fp z;cH^uWl_iXrc^5W$O+cN-icBVdALX7Nw+m{`TWT)dWzK=5Qcu?SFY~({_A;qoIktF>44F+k_PzB0~H7N-h{1ZVV4M z0ka^o5d>bb{KLUFw+6d zd<15`be+0|A6(29leAxcLI3kxAUL=_P3vYy(UR3Bbr9$9v!{C`}R2| zX}=ud|Dmhnm*0K&9Z%8oplyLRaKNype9`OdoP7Jl$97E;Tj%hwJiz`;mIe zN9Fpb+Qi#l*REW7>ph5};(OtM+ZE zsymJ&=mXPjLSkoAfJ77kvksuT=jef=nS9T5tqVDKUFlS<0$hHAuB~A9yA#3Tg$TRv zEKA|8tphE5gde~x@_Fx6@(l!LEJaay-P3!9M_;v&xs0S$va-4>akQ!bSSg!`q>a_U z3hH%#;EQ`#fLTe2L#Jc8juVxBR?J*3&_{N!rRx~X!n2yvb*-SSWMFoDTrI7DnRdYY z<^3qOx;u1NeSal72037GbbK&yw=9V>kJg&5sVo94k1fZ>6>AjBSd%vs=dsbh;XpRx zt(zK3TPaj~37Dmiv_CE03d{tG@9V}Owusn|RaW?YN!t4&Y5)GyPltCPjQ01Re){{J zJAZq19i22h+tihVZ;p@detGx7H($Sgef}K1&f$OO&wn{SL9buX>(|rM&=~k`U_lj* z(9w0hMG1$9r8(iL+7u6DE2oebMyi5ntg^<{KfPAB2!3bss^Oi$|svQ(6zlakD`BgD}_=x9uXPw_Tsu4v2Tv+@_cdq%+=dXq(kXeU|MQ;py1Wp==*o zDfDW&Vm0{f#mVy;1~zRd*6U)u+KZ#I61mZJq!ZAfNP(+NLTF`knL6nvA~a=JvKEn? zvN8$WwuUL0)h(}7dKAf?vnW^2akGS^HMrTL7Z=2~vam|}Gw<1pWA4M1#cwTetCp&= zbVu*-iG4m$4tSbdG`478Xk^TMvwgT)Tu}VT2}4~yv)P2CU1>kdu9odDp7fgi;Z^oj zW>vXpzvvcL*E?($D_K~Lj4gC|E{+_|_Vt(7BdWaxa{GZ1gahSe@yEZ2d+>@it~LG=l`wt$)Pd#}W`1k4uIBb$7P!Aw|q zc5*PY=QayiQN>0pQXYz{NuHN3IXD2b(VG2=r}EGkkTh!Hl}pI0FbsFWo<+b^7AMor zC_IgG1;v%dmbiVftR;1ay9msPgL&k4OQf#?n00!2eMBczZUM7G24KV}(;dkF-zihv;_~WKMeeLYdSO56i-~RFa_y7F+PtKh?g@67NilqPT z)pc~z@Do%X9Us5_;)@?Y|LnI14<5WluLlplK7akqgV(?Q^2_lNkhF8y5C~NRZ*e+C zhwXG^0p@{xVERGs=UjDC-Z(c|FDU!ka2|C(h0?aX_Q|I5JF?edp?MI&kkA%u&%kq7 zp3mg8c{UNz<^`)MilAVs!@&*5GuV;m=yV$T(ZkS?FNkiZpCl+bt2j`RQqgBBFR@Ad ztddVj8nsmL9(kb}TlO2e?~DyAu$}Q(+E%>TVn@1d@hYA=jQm2CeN_O_1l-0# zbBEqYxWs<7qCtAKXdfhnxXeCPAV+5J4%h9`FPAs%H@+#K*|UbBw^A2ObioN;Vsv@R zI~O7Y(BpTHj~|iZ+QzU_jpkxA5JrxpN@$`+zi=F$4aTQ9h&Dn@7o3;M_bt;$gP~oW z6t;m`d5EZ9@e`PB3#B12`#srfp=(AUvz(16jr1L-&t)S=fRR(dn*tBJK&1C0X#r*q z0<(OYArs=_mB~n}B;`;Rp4vhqC#yIhXLSbB_!%#!dddK1Nv#e_^}(9xyYXwTFZu-|aC!@HrnT?TciJe-(f!9{XhQk z4}J1y2%#aCwtwyH&b?vIjONYfCtufcwd$8Ye*5|7G5X)#!2{$&zkU1LgYmC8j`k}e zY2kQ0Mh-MK5I>{Xkv?LHsqdOitxgt}qvv8U2YJDPWqy)M+qMl~ZGRwK8v>U|UWr_U zC=Nx4t@EaqtES^Z?4E@>C=D_+Mj3R$pjq&ciLvB5;&6z6qnE+tbwgK?8MyDej^XHX zGA&|z$WG6$pfQF=Bn_=InN(c@q!KF0(ldDr+v9|Ff$caU#-}|)>1QNzM)LD#$45`^ z=AvG&E$&5rbNAIJ85mai@>GMNn2QGiRQA?}^;~n6B_xADn@6tMMtxdztH~ivOwwp5 z1R&tfW2v6a;r`*VbU(UkB?8_El`2VXB$Z}x>`~8Dy6a?@T+OnABCG~lg+pr9jAm5b z%4vI15An7%JALuIR@-Or!b5V=t{=@i7upk$3WBhA> zKKZ6C4z;W%l(yfD%pf33O5_sAQ{V+O6ita(b)>@y99qD$0)SZ;InI1|Nw5sZyrI6Hnk@zGz~(iSbzcELL`mPkPAZ|ZXaJUNx{z4|0!vN!EEfP>L>%V zu|40^)+61Z=Q*}(dE>E;us8N=iXUcR=JZqbnGtw7a&-W+u^y|Zp-H}e@|l8sdHyW| zvnO}kkY2dvyzCD3${RW*D3(=nL4>MPN2cq%hFR zjY&e8$+RM5?N_odU(7U2i^v{kzLRVuW0EGw+wJKDx#*SlF}Y0a@!}0GnABcByuo%S zS-5lOmw){G4RzA?hUOq9YcHPNYqyIB_YMxeym#+Q|MTB48~g2U{N?9}*dvMtE*OS5 zh^F=e-*w%Gwj_DuyJ!M@-)3gLX(hEjKfNvt-iZ7#Bu&%`WNuQ-k-4bWF4ho#AdAY} zAEPHXaC@FV$1(HLX2RF?|kAGFkiSH*uh~E`z#IgO?KfJlIP# zV&#smcNlzU+wJM4J@^9)Kk4kEJ$mkI_B0FMl-lRhJL5Siv*)(jw~##+0cRj=lIOX^ zlO&!pJT&jQEAgA57!7)4`}xx^v|(An0nVWaCk4+4BCZy5_sJgQd^rYkK@UxZp`+6_ z2D8AH^3LgRIr04}du=Q3emcIf8A)qLq{LJ4TUrZXh=&4!jk@x zU`XdV85VfSTO9;uVghDW%b&DYe@3_GupABc5|gKOU~`I(mQXD8KLaD5P1?_98fc%E zz@7#q#o&sNrJvZdV9%srmds>QIy14Tvs>xR#AP#6pU=Lj0=J#n)0sV;+Ovl@l;HSk z|E6NLqG&p2ZSwi^+?+f(Q-f-)dT=jBt~dVm*HdTk?H4g*J|WHzu;v)Xh>P7wsh7)j z#SHxM%V)LHdqO+_dyzXSf5NqkzE7IP!iVUU;m>5`TRrKlXT|#9pyve5ZXo%lcZz6r z=$-x=`nfrTx+j)zS}IE0GH~}BlkYct}0L~5)B$!76=(#AX2DX?FG-* z#FW#-p(CTkfQ05zvQNfJ`~7RBko9Ib{Y)*P5$2T1sujnCHdB zwFzd`$p_i))b_|4fEjCBy}_9q>p^ki3%+aMAU|SiVbE0Sh)Hx2yS5;T!!12;q+97k zBa(!tb7;hM5Spp5cbQrV0=MR=^wN2uf&kALo&yoKL#(6U2QW)24p52bsmqE3;QtJS z@&ON7M7TzsfzcziEMIGw#BztQqj6>jt_lFw(d{^>3IJv!G}O?{-=ft-1D0Yt&^~~{ z2!okpwdY?xd-CI*?z58zdk4oS4}4WGYJ2tlYwWn!>*f6`miGk!Gej=Oyg!LZbm#4j zZEL(qHmtiYnejSHX9=ultwNVcYEoV%!8cZhD!pkb2Vqe`0L%aCYMgE@pcQ8ifmv|@ zX4>3kX<=c1h)5b5ZWD{*)91yfwMcDWGYzumR29eY1d3j_Z(U-aR!qo# z2@h2}FWUd>D-P7lT054z?dQ+idrji}SLcgj5lx37anC;s4g0Uv`1Bm2XSzN>6DmU2 z_@Sxby-jVeppcJFUKFn;X>&Y%mH&v9p|o47(P}w2_aTnAKmsIQc%8y_^r=5MA3J(@ z>Jh3l;vm9=h+3~!$H`8v8#H(viq0oTo(@~RDAlmly0XFAwk>e2Rtulq2CL+V6uvr4 zw&(N7S&l<^3vcIF(Bc!n#b@>cm$grESrhQb3YBbAvPlyS76_N^lY3gdj@N6rmI-1S zis?perD-|dC|}7-mT&8@bAcMg$9)ApYaf48+E|~3<0pjKz5DFzFCH8{|AOp2J%0AU zwsOO3rmhUH5?>~L2hx=wd#5!TiSk7*iVh$_G(HQ8@M%J-; zd;$WjutvZvpJzI@nVqJqE2I*|2g(v)%>YyZxWt~~peCDEFsD@VB=A$JWIeTPA3q#? z1#it3Pi|q4bv>z_>~XWRg^N&E*)OhU7yJiZ$P0V!f_+0?u}{vnr7qRdJ9_B2EA>+M z$f??$zkX4^qgdl}wL8>ES5^IP)0bkuSgtyujs@lg@I0291}5@105h#zQ0|_*Z^c=j zCtx=JLxS1uKHoMcAEaBf930k4!0dEvspqF26vyOgW5o9HX0>BSg#wv?8PBKAk{nE9 z?UV!TX-&eAKopA0BQRTxv;`7z>z=wmE&wy5@?OZ}v#SM|2{X8&1)tPXFdNnZ%(S64 zH~olIa)IZKShSR~TnuI%w#6kP)Qk3s1(SG;!?o5f=7o^?>X=b#xM zD4NQkTeTb10a?hh1vTx*r%&%)=>p>3LGl>>NEHXPVNxsrYM9=tp#nK4Kfvl!Z1Y&- zDfI9r4n9$YIfOo<>`GonYtkTyl)xApJ;zJV_AGS_dd2kFh`FB8Ap(DT{jB8CEo5kf zycC<|y>1szmQhembadwBJ+XwC4V>AcM!JEpc~p6S8a1b*-#v}q9v__?J(^7H!GovI z4<-fegUw_^QL(}?S`Eij-)uIUIb~QdRV2 zBI+W)t!eX`+tiB0*jdPG+3_LaD)Vf*yDvh>;>rk_sF_$cSNj8r*(P;MalEB|JB%(U z3aQ-whJMc37|gr`%$y~dA>2ZIodYndw*5h95D3iFb(yq9X-F|Q)kpS2e|mjwXT%0? z?yh;JXBNcn1iVCytO%cM9nR+n%oN*b0rZYW_z1@iO40lXEwy{iM<-8Cjvq9e_TaZC zFU+X?;lKm4ANu<^TTq)vhG19N5+w5xsu-y6K`J5vpdp z+bvdW?RJ|i`k=NkHq_2wph`?$4qSU+X1Q)!Ir{DR<=15CN($eN2X6fjw$Z62Qr5Y^ z@^6>5s_ivDz@apew8mqn1E(z@Jb)I0{XUjlcJw}4g~$yy4g!Lo;$$MQJY0pfid9IT z;J)cOBg=H{#^H7SwsRYj)-s5QbO}Cin}tabyGqWSBxy*R5}EE4EjAe__QK9~qI|kH z_JX%3Cr?k$eAkK(ULQUBPzRdJWNv=HY&zqfIq7zrWEtma>=kmg_eMlD#kZ-$>+7Tm zlr>p9BciS3nu>E@l9%o9F;?>?CuUFhqi{4qu&0;)ni-r3k86vyc-`l%GqwB8chAYl z@N`Fx(CWXCBlqqja%;N5nddBIwS>T&>WRiX{%8%rtbHYzX}Q?&>*5~^%Mvit0L&)0 z1hZW2_J`6mG6>hfj0P~%(FF?vr5qOrmMwq^6o8qx4rauHUzAN9^vK*EFI=Cbb#6h@ z9Co6Z{22nXdeK5));@@!u)DT5EC85sP(maOjh(=ZXdy5Q{Rb~!J~>BV7TD42<3}Gz z0DV|*H|J;xx?{_9?kvcv-b*#_c{< z6U^HHn>Mf3Zha_C+e7Snl&(O)$J3p%8JEX$K9&4Pg>$GOdb);VbXseu#o1{482wf$9m46PNzL;b}f=7u=e9iJ#4ri4OIWJ zJH>cuPpwplQrv$WSN;eL?U1J^NoBd#rP7#=?k}pDh+0iL9iMu^-M2rs1H|e_0Xgxj znpmE+#S+9n(VV^@v`p-?j#Gb$Le+PB`oSLw%!c)@*_?OHw%B$p zo-l6{2}3KY+O5yD+%LO^mxY=`bB(35QMGR)4O}b9(`n+nEO$27hpTs*8n*o4gSZcQbA2n;~q2qo1*}a~j zyV0A2FP|O1RX&IViiM!(<|2L^H|u!6f2YmS?A7*r2+gSL$z2O*vbo$t>e1Q2kIZBj z0D)P008Xq&Q|>=EN&EAkzele>|MSi-KmGI0KY#k=&OehkcHQp$OAnZtqgP9%uI(5^ zP_5aHPb$U0ESi>wCQkhgTF}TX-H=(Gw)ugt;H5kyv~{2Tx8q>3lLR#qFJge=T7Dc3 z%<>;+vvar?NReWxwNhOxxRQUHoiwf7RBk`mOg=O+W!dHOW)Y6&^E6~2IfhQ>8x05@ zQ#`*=PNlNChZ-E!?+bJo>gfc}^O^qX(ms2OpqB0PDM{lg;ewSwW$W0Lt3?xh`WB_L zHUx3QQ_r_TLkh=su01`oCYn}PqSzP_N&U~v{_6J8a*fl+hOg{b8N;2}7J2aO_`|R? zF(-!>TG`pP``3Ty8k!HI$n90|&88$xSoGpD&cD*d6hYC9Tewuiyikq(wy3!F49#Xe zH~!{QyEhd^?3#V{pbsfwrZdq(H*2p* zz})Q^)jOqj?C4X!M#i46iHaX7)c}E6QdAp%B|pmdY<&r4d(B_}+exs%Ddc*a3CFJG zBL6&?|AD}49yClcAgV(Rff*6p3XKZ6+k%;fz>M&W%JKnUa2A2*-WW*&8_jVT%!CE( z2ppUTOAp9do+D8mFErBa(CtVhZ1Yr1()g?Va|<$N7nDAlh8WDoZZLNE@RT5xo*EYc z%xbZ-0cKaWPY478Gc+OJk5tEPtFiLM)00OZgr$kfn^UV@=5 zXQu7;?De-hU%h(u(@)O-_dOMjT@4q*5a!tNE8Zf7##v z>Mwu!%U550wGXealGlFJGi=K>{lOcPBs^kVuQ%nLaVCC-p zKTssikE5y-=R}0$jmOpeX8{_|N06P}f+{)oWo=3~F?l{>(R%SQs8|*?sI%}U|Wj?7mAh#NsRT`}m^8HLvKWjp$u$h9i z%r;V7^Fol>=op^Fd*kt#h#&-Ol8Au123jWA)7Zu`g3ISG>l_!3WAbLKT7D>3@^sO{Z$Fc9Wv`?+HpKLg@3;%hSO?a6-wPMe0 z+UGaz^IPnxO?&>L{cLG3;XTgScYW7~V;|OxImS zX~sklDSJ)BGtta{Q1xNGY0&9}&9-K}hpy?41}@ny1DLhz+Be^w1pDd38x|(pz^n>j zHYomaLTOsrwM^5FyPBrmFV}8&c%xqU0AMDCUbZVR%bql~@YDvI=jaaIf_%U1j|*^W z(bHO*IXHA3uLGN&oORIrS?}DVFP+VzDa^X9d}pKdGMu!Se{|gue0S3NS0=$a(^1 zR1X)x!LOztOgGzaWREc07vdH(O*RuCHno^(THLkl-?2;ki!%+C?_6KZ7BW2l4h5lr zq~WXWMwgK^XC$$@F%8Tpa0_=Xf9+50YA&+JV|xnapK3v%h`+r&%CwBN^1)zmP}rh( zrF&z2@<%$zp|s7ommJ^JZdb=|cx(Mfac+UwYX?tsLW`jjg?5U~u4INzcM9{JR52Um z4e*f&ij{iH?OJQBQ|~|>V|12qG@4FX-5E_MF3mAmKVtQpW-QG}xZ*&bN$nv$9k&lw zSS}K*(((o9j|?6tOM7bMc#ht$2zdvKjOuP#s}~dm`5?qGHe~DJ)LyX%*~jF57LCo= zmHR>PEgRu@VA+l%oej{^;`67E3LnG+b3s+qv@4(ayl^>x8;XkGpoBc?St#I*`=^oC zrcC<>bukv!#6N^Ngaa%_aCt@VeN6sHfBFzj16fEZXV&~)qLG`Z+T!%_%rmn7hv&O^ zI7~9lt=Ts+`$T@5%lsj|v&5cW+RN+qGi24;w12m0FC~iNnLYX=5d^&!;WrD4(mo(Y z{L)?q=f(E#kQe0hBgb%+Ih@jN+9Bd-Y`$Z}f!XxUc3D$g!y?flL@{j#q+FOJOBCHj z=V8>Y#p6@L0x&Cr((T=s$7Xs$Mys0x!{4Cd8tlc5ov8H3!LmAlSzN`zL2dtbXVR1? zcRMXivz0N$CNU|*5E8PYHvB( z#LO~#1jbA<^5F{K4~6idPi4PcCU^v9deHMc)iw~AeR=fY!+;rSnE+;2JhS?IUcUm& z_JcgXM3#5V%Kb~Y^FWA0UiANrK(Oot%}e)F@vW3eclyvJ7x}AgGjj2%w0FyyBSQ*m zb*7=W%rxv`rdhYgNL0xl{?Z>3dwJEKS=eK@MD{vy1CsXY`^Sf`USX2<>Q(RY_ph!) z(o~&gY2->xQpqWIu6ilD$~%x1J(hlW{dHg=lJ@1%agd&=8j^vt1=rwM+H?>%|46bz zKkq3~;J1@H8n^mkXwLTAw>pznQjF8kP$kelBRG{|aV-H#Qu}$V2+c`Mo>gVcxmXsf z!tlr|S&;al*p3wy7H4wwkOn44vw2{3yv*eDjGE|KCHA1U%ra`CpT@Ab{h0)2^2iwF z(FG0FDJ#%EmYB&WUx|?v^l&Mxwx92Vs*nKoZ?L@tl8%6Xtl>DIRvR?QZuw_%c)#Ed zLPN6Lz;1API-h5O((nv?6Rc{vtbL)6uPPWe(N$ik7;wf-vImBv8$tEO(|aFgW>u8; z%~Ym&MJfoQ4Fud@p6PQvyTzcs&iY5f6A^T=1Pa&!blDrGBGBIHsde=^sNvpZLKaq5 zy-mL-rQpMP7&EvTx!gDc=W{ zc8ETOoKa%D)A0b|j#jFMV+VZ!qkBF{B94#dkz7xz;#6!?fYMKBaDXHh_@|*0wt>NH zbno@+9|DUkeeqs%vsX6_JiKQWK<@?Dh;C9)a$hY0xty(CN(ioH} z=)QnC5ptWvKl6$6Ht@*LV;TT>f*xiCk9Q1a{Uw-{t7rF};q=s@{kPXd9N zZna5BgVMyZiNFjI$)HDZvdS*n&-YdEf0<6(C!l?X#$W*7Bnu6Fd_MNhY~64M&coc( zqkDHg$g_W+vVf?V?iFALm7bYwra{a`%CC=ijL$3{(&_Ue`p)TTeD!XvR_{hozi7eS zatO@&pjU=wGGJ+V=8&-RV?TYELNdAKF|A5xnl1KxKbx7jg+04!-v^eqVc*E?*~ETC z-GHS1^mh4kudF0ZFn#zVzFOMn`3CyW7E6!bpq58(+{n_c zTDgGZA06Jdb%=s2?K!xg^h$56&r~sF+A1kbUM!X{M?DBajcKM5%{O>AsU5c zM783Xl~i#htx%Vc|FC%(e`Q1WLNxI?2+WQXFe{XlufKa%O$TG4YnqcSXV0{9w^~#F zSVFd9y=p~>%I@c)=B-e%JaN0X+j~85(1Mez;O7e)09@*yRCa~@Cw=%0icLp81uD&) zjleA1$AN+%-YCI`rM=u|7WNpzVCF+_^=S+v%k~kNNqru@B_$kV33*)Ns0>B*6Y%4N z3bvA%g*~nqg1s0f_L1%uEhmTy`&HW+LsfDNX3O@Od2w$%&-zTdlNxHhqNIOu)iS!>-RXjpa;}+4F1m7iK1IWoFv6pDlh#EA=;y zC9a(~fauph|NiRLpI`ms@86?;zxw+>uN6tNInZhLJhwj2y@#avzlO+HIQ^HG&mX-$ zK7LfbQ+@W`iMz=5yksG!-CQP7Q9f2=BTYDyHg^eAycJ}ZquebbX+IZSY3x9>Hc?3C zl1g+mjWrnabQ;FTs`hxpiOa0=Heve_xxZ8|h+;X8c^or7#GmA|#`@`gT=L1}o2ayX zx^f8iMp8_3*?wX_%iec`+Vk% zuz5~zvByCfPVY|&*4T*;TmZ8MLfwG})kF_7XU}JNOIOy~U)&FFpB~XdwHdgQ?}yIW z(b12k-wDi0rQu2-Ef}Boa$-j5wv@gLj6UH1yA0W>_4{w7`-w@}OAG-WJ@m}|Yk5^u z=>~RkOpjWhIa=A|miPl)wGLNjnhW;q+RTIt4ZzLfLMOZ1S9&)fX@C9+$If2;^lJGZ zJCn3trP3fM-EsHG;#XIbGrZRDeMHlW(Z>pG zb)_(b@RRJ{E~Tm7y@gJiwr4sB*0MaKG{Fe2(j+$YI?OJpg%w;$Q#i}I)>!05k9!Q2 z+4F1mSGP~-&S>3USl9~-dtuSUX8TKfYD7##(w)kxHx3QC2iYn;sL;1t`^%ec>AG*m zJ+uOqoWYBe*X`c}*M?f#G;<5k*@sG8LALmu7dNUI4(EPymR3N3%_lMwe40#ze~7U8 zyaYk_tVAq#_uX~HoO0Zvv#)Ib!t-6&AFkUASJ*H7VF&wl|5>+B-s%xLB3uEPQ^Xpt z_a0i)>C_gIKVEF2(c(C$0So0QV6lQ04Z7neX(AeFCR>)8<{GFod>1XrlTS8S%9c68 zX3x*7rRHZ(jvxK-`sDcQ+O-FxwqtIbrgf_yF____7lPkZZgHw?Sa04!Ck@U4h7P^W zQ`bG|!r%bT75gh=5Ch}Hjm&9s{Cgd2c4&X(=)_`VZgJV=mmjXRzs-I`*Gi-tpQ%m) zW_}fe+2L;OFRwVm@vC;M`;Xs*(({w&%I`wb?gN-Di_V$h={SqwYxCNsq^IW6`NeHt za{m{RnnGaKOw&7dysfX+!HoJqGtIV{V;B1yh}rJ?x{Rc8Jw-$T+&!nKfN z(F03CME=_+$44hGUsSK3(W8(%LV@B2laE>mw{0N~k-NoFjv*#{H{Pd+q*JGL6R8)f z!@+-tPfyIkZl87x^-63u@LR2P%eQ)0UzO^;@*EX#=Z1+_~aFA_pcx>djEwwYb`_ zKJjDzKWW(kJC1dFYD0bHVK?w6WOEYv_GJp^P$P`(bkYywkCH;9kzsRgRyEbCjW_kTI`cP4n$36OHQuVj0IB=n40L`O;oAV_EX05=DeFZH)`TPwO1ND%% z_~~eB2AD#tIt>>4lDQKO%MNbkH) zR_`J(<3AdF`qz^*TQ*6TXAQ%uy^o|7zwEj(*PurhscEJ8x6j|cK0bPI-2jEQX9m?> zbkm0WRVy|NA1$s8#knu@J(rx{c=cH?@9p1w=~}Lyg--uwj@Ho+F2*zKrQ*Qo-)v%k zub8cE?@URirlJ*0$#ZnNXEq-fn=V0jZX##cavVAC>2Ctdk^KixuC9%7Lmwc6K`1>= z-FaA#Y{xd!wP(FtJ2Nish9mYgr4I$dKHNpjc9tpD>3XCMA&YZI8ljb|L2UmgEe^%X zHr=x%0ZyTp6{TFSYh)l_l$UgVbb`$gI4&u&Q4Iv>oJr>=t5(kdt`+a_sFNS7FO$J`)k-RTGorrn@D12ak=n9yR|HFvA3I4nm1 zX2O4Al15D00mDn-`0U>DOxnHw`M>v*tMJ$_$F;w|x? zATI8(UKNAlA$p3Q?mceaqUSeNao1xjY`s|wJ_XUs%*d_|i_mhSGlN1&Lo{GT+EmS^pe z&Z`4AsgtR}GM+bfiHdM`L#eR`w&Z?K_?`y3x4Q9X*chp5=tLOTK;b*Gu*V zv|EuhKbk0u`8Rs!by9U;t?BxMaFe7pV?!nY%=q_(?FA|=Ax{V$BOn3H2L7(lt5m1? z|H6^9zdY<6xNme>a!$wblB7NQ?|*71SKpm1-kjXaDU&HJ2Sr>+NGz4a&u&E0-j}PE z>`<7lUu}~0j~3M?Zp{q3k#H8=SkAtn+;}&4ST?;=kG-@a0KZldAlsi`$THenQV>g# zH`r>wy?tt<;=qOu_evcAzOhBudBeU@v7)*-6uYrw(2c&%#XrUdlO8V$WYuLEzfM>F`PHm zZ1ZebF!kgtH$KU;p$m=`#SeQAA6iq_ly$zLheotA0cd-c)8biuU>M2afR2oX8%c|n ztw{!ErO$6b()N67hnR+@R9)Zvh{0@cauAt*6!p%m=FJl$ZY;B=6-?vQ8&T`ycX@T? z$mclQ-DH+xr0c>Oa$SKG>+P>s9M}qe9Dfl~x7o|nXeer84uKhi+)s{u3$3g5)+PA7 z1zcC!*A0Vr5tw;2A3uI@@|?W$p-Gxn?vh{aEei-0r-q)?3>*#-Y7L}l%XTN_o0Cb` zoL;~aVWWu1LNgYDS=_~7R@{}OY03nF*^U(fcz&0e<~f|NQCy{Ez>IUjO@l9xp?>Ol8e zKbBoK5q;RJw_}gDsu#O?Sf7~HTpdBTGBJINqEp3kF3B!Rx-7Yx(fM94l~Nz*aWM@m zY2r>t)wNRj@f7t+q9O}9R&v&U`c#p#v=(1p$^MwyQ<**bqqMv;V&nO4+IKeWXIuP- zrBl{5TmEuYO3xSpM;psZJ)QN%CQNgQ{o%rYD0=07W&}TdXaxroS2tR4I5}39xTJ}` zqvu&C^hUT1ZZw65q}3;`*&0?w07+s@nW>YI!iggVD|BzN7JIIZyvM}y5AyI z>&B}cac&L}m^Bia>?E&q{rRS<+USp&^D=Z=E`S>mTR0jbX|x3P%)+x%`%32QOR!w} za|`ki5lK7bSMY7=vYCA+-LYIkn0PU8N!&wpN39{k+~6?SD|85gTVH5 zVh_^L%(8v>UTC~)M3*#Khyz_c{7l* zQyjV2BUVmSielR1`^$xEt{NPU;CTs27bm3?R7Ohj4@V<{042@_!wej|mK?7V>&@;C z^JraZ9>jd?N*G$^b|%V2x_$8GlP!k$~Rr@%g+ zl;7E~pE2~(US(5z8ndpYJv5R0@|F%HZRAHL)<)IDg6}wbVt65?yZeW)C zsKwPZvU*?^Z#N7I%1yy+KRP=d8<<52EqJVe6b(GM0Vx`NC>MaPC{Xy%^LXSVXThG$ z(UiZ9{))}1O|-CoCP+c2_7Z|YXn(eBpT+)+HE+Qlz)S-F2k?`@|1snx_TWEK2Q5S} z_#w}e@zsX?VIIItYgX+s`fZ~O%*GB*T>*PKu}8lbk2ES9F9g0t7@5$R+E476k>NQH zU0!k@o3^e#KY4L)@6HB@4|Be$e4xNap&jV{JelapI26ofikrB}t;)H`Cv+O)0~*q} zHUQi|&CH53Y4xnWk;P(f+u+9$l71d1X%P(s9+=& z(mDgUKbQ86OYHMYdm*!@w%bz-qx1jjNSfOet7nqTj=b|;wgMrCt7*6FVVutPaUz+RdYVniAbm z8BFEjmop8?N?D@l-D`$wFj@r{fTG$LTzm*F(?fbn-K5me_NtJ(IOB zfz&S48OTF91xm&`(-N{rU-(9MLe;g;%!w-*gKwT4J^!{l-+-4wWJThKm_oIBl`!mD z8d)h%e7{*=B3?5+vZE~vg4fGUzsKe&3UN%V*iTU{xPN@rr*+4HGgRpJ$|FaG^XWrT zQ_MJizv|7f-t=YN&^t6MLHnTVFG*?pc^a-*+=Vz+?9=v>U$SD)Vte=|U{N5n4Bxb74{j-~+e>J<^O-`-mW)sEn6FvV)aGi4#sX|5<@T$p$HTKQ5kU6 ziermdMi_*(zyV>fl!Pd%5Jg&zm9!$I_eD#*7nPFM(W#P3`=+nDrM^7BX0`ek^xrsh zPJi&709C7cy{xS+Z+MtEo?|{^%#ZPmlAk6TeLmx^I5Mns#`6UDzj7JgMH$#Xo;^6o zWV3+GSV(5*fquEIo#)qGN?R?eV~erhc$tD6Ug(M;lQ-l#`AhM}C922ndytJ@p%P6Z4LsNJtvJKlW*vtj_#c3baGC}Pl`)n&b zsvv;yun91+0C*^^pQ50B1|s(XIBX$B0`fb83b<2vV9&ICBI3z`3dsx@Z{Qx0S&wg* z$w~Z?&D2i&kyO+rS2QwhGDZr!5fTJ>yeOxBtZ0N1Zd}x_Zu9erD7k_9ZOF{$GiBw- zw9opra&cX+xSNx$B%UwEoIO!bSJ0QtYbpuI9x=7eEa0z3YOzOT8BDzRFbJ>$BqXza z`1Q9Oo3SkO^}Edl^=C+CVdyW$o&eIm?P-o|PXj(gMJWQ|f=yuv?;qpg74l4!>zV8# z7RYlTyvHo?n+x#-S*E}9N~VpsssI2W07*naRN5ceB$wBvFfTMd{bO9ZbN6@uo7~!} zb^rJG6G7VPPqkXDd2zFQdU17#daspuQ|o5781C1hjoDKsthj-`Smve7akmLyHkp0Q{Q!|$2esy} zL}sn+-#D4Ie6g=5vpl;QkDAYYJWqFy&##H+nkTB=qff` zL7I?5WF`=>stoGFiT1~yz#)Tl$+jQD^E8Ml<~@honI+fWJkLbhg@hO53w}!e&MRqK zT&op7QQLx`^gkuNcx>-?e`B|P>TXR1X~#d+I@i~oPQ8A8eQ}F}eobt>Yt|07IL6z| z`6h(%6*UUJ=b^N`ky*Ce$+cFDy*4V)-eOp*uOJca2zc4Gf#FpNZBV&yrQwy|`_S*= z+vI{8t3IaqtcVgHn8#DojV)+D%>a==Zoex$<$V#=C4g6`wl2DYOZI?;!CPo&3!%`S zo{LYD?V-ssOi}8=@_lIinIhUekE%t^<3rQ!A9?pfyB{Jv#W#eWqBMpwPg~aQhs#d$ zv^ev(!@3btW&Iq_Ibm5YrfK+uubU*$q-p4jcDy)W#?PZFgcHvbbs-g!ReGpPe)0$_ zVX%&Pj)@H$RyJ5%VOOd3)}$K^9uiN)eNwd7Us3n@pbw9{oZT0RiD79-jI} zc>Bkv@R;4xQ4((MpoE-OGOl3_!804wzux^nfY~oH#t<(9kHWRUpd5zzDoIjOg>xe5 zq$%`)Ng+IJf~+bRoldvwkXh%tyIcJ7g=4l3n)P=!nQ`Bi%zpc924?EwvJk7)T5Yo+ zw-K3v7+UI~3@AG4GRu+MzvG^!Tub$j$q9Z)kc)OZnIgvPQk$5^Ke(2>Nk)K*e_29vn2C$m;g(@$ac={#$ z!vy}jXLoMF6Yz>6@MnDEF*XsT{V#i6-%3seX&>+Qc20M8PLFqvYrsCTzC-5e)GJBS9AqirmMuQTvcJCsb^7FdgxGX$q!$)M3i%Zu1ek&HuWLG z1AjKBplb^mT2VeSj~`zxYaip4vYnbWe?K7)6`H>v5AUZi4a8`i7zHyXCwD4Dh1+dv zF@EOn^)G85o^RrLL6y&}A)U#;dFs}l;xi}jTS1Gr4mI$~uG}A7Q8#pBCi8zAXO|u7 z=aRwTLWKgRctVnPmRV`${{2To!=g#Z9`u7Gfgo)pKMJC6wZsA3G|qT*k`TN?OYFhF zW^7*PvC7gJC%0;en2m^3 z7kcfN?ZLfR@L?NUbfOeDdObO6Cxx$JsrFlL#euQCEg(Pt^wktTL`U@)Z~>WnKxQsQ zQsgX|EoF&!F*=2Ui zZ7(A;{3IHk8Tk%nKL9ctVkA1$=LcjqVp!`@(0r>6H9V`I@zGb9Wi?OpmG~Dc4*dRC z3es9oSh&GQ!qKz-WRUi^>+`Lx*i?{~{TN5Wtz3e=eY&XK9K1QbtX*8zz^wG?={S@4 zMp~h)sRJv^=32jTUeoxVyjXmL;|9jWd8C)taf9n`cXGL`)#$Z17s29(3o_P|M&q%! zsfN$%I%zL!=*SWnz+!G7YO>-;Sz$61d-XqHU-^0I=z39H1AqFmI zh6T$2L0WueqvI-;(gG$#Bggo@utvX84#{BBZkbGr6%FMR zIuta8ZT#b@n0WhzL9av-kXilw;PCXW*}Vf~)_giXKKNF(5p6OvfAeG}rh4+?Ag$#C zWLDW;!RTVe^|w3UZfC(j;x{L=_He#lC>PU}e!rpc{|zzQk}T;%zsO}L$qbbjdH5D& z)+PjAlIbX~>ssZ*Mf2U9*B#s|APCa5!OH7tOwm$$WgUlP_QO|_nI@^BMWjO!GMH?& z;enZlp;;^fG8nE_r9UClX)o$W)$uVyue3F|Ain; z0&Yw@(KSry^}H}~jT!|n6I(S9DW4hQFcpnThM51jlbv0P0;H~LmE=U`<*Z%KcT&u> z!UoI>W%K6Xt8#pEtf}ck%)fxwghqoWC_hHY-dcj{QBYGs(#r8;n{6) z@8;^d)2v?}2ERse$|Ex_s9Q1_($*%k*7qedFy|1gg`s3CH;_LGW^NTRICE_e(DDH? z>j~86WY#{JpXS0th=|Ov?;oUufO}=+rLn z_E;vz?p|E(o!7d1qpz5L=3*>v*XJ!}E2gd$bL-L~7tCg}l`n~JH3@!MkE+GRv{Y)L zjxEEg{ZG~^BoAg2>#8SlIg>``s5gGmyfJ?Oiy5_hl%Mk0a!udP~Yb6GWC0&Y6<6AN!g^ znJr%~iHnBnpY78EOz$M95SX0nj$)v5zNxj^P6n4WPt^Y#gEX3^;K7x~nYa!AUNDc= z)mPN$tFRmwXUcpyG#s!Q-D+qFZXh>=HeZfRf44*ywCxGs#v~H&0GVCg?Tix1(e1_M z?s>hr^R;AFDZ-csH}i2_3$D*SML=e8ZtL5T8TaBoWo(~JEtCmia0`&xDmmz_SY_R6 z1+Anh_dtxcdBvZHvau*gqZ<)GW}fMnzFUx18k(%`l9_TgUi*>18JQ7+#EOI^>q9FT z%gmb=7u2+(Z()Cf2~Q zEy>cd$&72QTpUUbg?_U^+ON5imW0dka#$?xH~!9!cQ$|e6L|gfr@#H~|6CusZ)QHk zi%yW{^Cgmd&GUmGAV!8^`P@%SUjUkDY~*qZ>*^Fd-_TTQF5{Ebv-)L=0=Ac3#3~Sz`KeTTv~`0 zT+wRxGZ&u*LE3_qv{b|S0un-lq(Z&izIz4nC`h9mxj*co;AjnEY0@dp67ul0TZJ)X z<7rvkHd8XjHyRCr=c}PP{J1f)1sFRYfhp7mnufZcP0UExGugy>HIr-TneSS8~lV zI*XTOvdzPnqQj{UEZbBxNN4A$QWfXE}C)XQ~jQiT#d}uoml6@vwp8lBYm_e?b(}SEJx&nLk0!v z!L^^XXEipNwHF3ynBr=j!T=Di$y1Bk_ZlmB?E^dt(kODy{=F-j9Fr^M6>&k|4~a}% zk!8UlGY_Bku0k`k?0>m^5AVE112T(NG7Ux2Q!>sD_ZN^^%v`902`6ppa~PXn*9H8; zav})DHA}O}Z1Zen=sAnx(ACg(RADiq-42joB>FLZYLd)xx!7vu#1NUG?gF0U!F^rdBy(r*9kG({k=Hu z1!)X^TCaVySLDAW5()06{`3`-&qR>_BuL(Qn>7=N876_>UUsgpuR9mr=H9}xW^3hG zwSa#!FmY+1#j(1in*%kxsNO;XR~o`aL6J)tej`2tC{ZOuYwXH=S z0&h84tAP|TjSo%YQ?}eV4dOpu7iGng?u}T67UwOY#bk{odVjd6YnnK-p=qyYy&Z@# z-(WCeMmn8Zy!AazU))Ra)Q=~ss#>Z{mPxxr7Ey*;*d>}e8BBe%)eXM55 zGJI5^m+V|Cs5D7A?WY1x{}L(tdHRV|%C?_^+h3qF1JP-Gr~oYE1w0X1iU+@B6CpKW zTu$u)2VW|w!yy(S?g@b>MYJvH^SzB3g1vf7yC&|Bq#O}&KX@xr_WLCf3LSvbO`nFG_MNvbroTHBXM!Bt2tFi-WXaSmE_wrGhfU4W1wSe95r~ z5*6M#f|iPg^ikEZRDT3~7;@^05T5-Yd!u-1v@l3}aO@3AI$_UYJ0+b8+j`TOKk70aFh@FOTNLGxS&@PacN1VLRN%FZ)XKafiZDhA`WJvrWs?B+A}|VmCRnU zY7WFxfXpmQ#Q>Q(kGM=yCFnS$>8fo69Ig{^GtG<@iLucWb9&(fm3UZe3ip_ArDa6kRe!TA6C zPv`0>o^yh<;7+r1vF|yLMDC_@zWGX8E@(7TT7}&(c26Ym-HZCg)6ULaty#a?pO1aO zBqCE>d8Ws)8C{pH0k?c(Lj%e;fLrgf9)|ONVg(D z6n+M;(olM<3M&G@CXncJ8fpl^iU3gKlqg3*jHb%Z{l|WTr%E(E#s_RXlqyBqMxivU zI1sTbEI7YJho{L`WU6X)m&E+|Fd|zJi^O(yTZjo)w!C* zJB1bO&J4k~pjHvW!}eAEx%&^x)GS`$b(YB$aWd2t*UJg?FTLGKQPGl7W zb_d7|`Eh8}K7j{h*5f6EFP|xrDam6p8=34E zZ_O#jEja*z$Jm+U9$e83!gJ;<4lE(bFf8_|zaSf9p3GjFa>g7o6VU;+5FN0GZAsM! zlZKnawPDJuYtVX)%tV{apgj~kvZvhkt4>9O2~QJ1btF7I6>zKEOyfz%(*RGl1Rr+s zz%zaKvQR(VK>x@qjb885e2_N%+UwLiPeG)!&yDt)^_zq7I%Ohv4kn+Q25DfX7dAFI zs@r0=wi4|A-tk?ne)(pUV6wX(E^DWw1xn1=+4MT=OUE?cg78Zdi`y?->F7s&Q4VSg zml_RB{0ea-ZpmplE~fQA^?6b*h@#vk9!ilwm?TNy?Etrdt1#5-gu;O&U>_(cPr{ib zETaUk0+fw!EAv4b$0YR#@8U_K%^#`d20HMXiF+ z(QDuS@i88bF1xXEnHL(psMH2OM2Ax2-Od)9HCcvhF|X}D&27`@&l*}=D~hmiYm3#N zjmqd%-<=VI$=6m@Il!Z)ivIE=@UZWpaCvL`kgqIYS|w*6m=iU#63k5xiE+Jmw!#+m z6H!XtM=9V0s<71pRPDE)Pbq3&g`vJX>^WEf!hYD~gCF6cw@8Nr4xSq0ZOa(rDL-^@ zu!B52_$3=fczDvqyPY$G54U-J@N`{&x0TcGg)ne@r+j#5a2-(4-l1u`-;M!477Oy);^#xRT`?+>G@r^{)F3WXQSI@ z{rq6;*IFEyac;bl#cFq@C=aI=m3yevwrz8mSEz$Z!QV)yY1frs5XcDYML)l~xD+@SepLS^< zc!I#J=XmfJT+ig;OJn>3Pg8L1!NGf;26!g&dk1OB<{j{o4dE=Myc(osc5kk`nHC7r zI4*NlJH;nx3x2`9hQwbc09g zv2ZGfc8k!u5!~HF^G>u6qYU2sCX%#BKYLu}32iQImzjE=|1U^uPzl1j003H@D z5E{a>(r+k&@;uRJz@Lh2ET3Pu02wZYAv2_*$`nC>9xX&HxzTS>xV0B;fE_4xbQ003#I_MO>65V<@9VRl=T^ zm+cj;($A=WQ6)q4VF*>P2ao$9WcM%9fStwr-Oeve;h_nl&iC-x&#>pJb9e%79gOjQ zv`&ERGb#-}cI&5XF)Nk?A)Gop>kF`cHsjNIzHP6KhK>ja5Bk?N!D{tWr&c?c8-0a; zmgzG-QXtweJm;ypKjzK6FBjYGG_zZ%XR?>|<4H1uLE6p6D`_!P zjSiUgW0^!E4#?~jk=YF*Gca}9YhKQgS>gv#=ueSZYn06tmpWxlioZ@~Tv3~^hymh8 z5j;?%_%&n}TrA)5wrKTwd^k$*Cq{|~mQjk{yY`7F16=v3duTsL$bP`kNA?qj_C`5) zelAG+@+FtdnL|hvL>1W^2)eN75mut?_Cw?LZA-P=ckvG-i0;uj322|lcx^l)KWMzL z&VX&tsHSHMk}DuHvtpjvWEO1;Fu9a;@oCI9c69Cp;qCSzKaU3oydQ*zD}E&p|3FOP z0|klz?2HMJ%o_Zp*~S2wCG+`pQ_W)%j~Ik81r=~3$K}me$*jd_!t)BDdyC_63y|48 z;B$Eh$!umrsv?R(4jDMZ0y0YtZBdRzWahKU%#a z+`;&E>K6x_rLA+mxGD_swRjD5Y=Xfn`**cwx7)os&EO+<5h{Cmm0^S9`DcsqvGI&1 zN!dxNVuF%tE^XbE_P1Zv3}skxfi-hEt)~c?uSlO~4SDg_8JKt&!=WKn;o2wCf23Wh zWIFArC)*0iW5sN*;sE7V5FloQG$t0`7qdpV?BO2>$T6V_k$3x-O0E{ReZ0fN`}u}l zap1_4Za#AF$E!Gi8nbo2;adUB&~z)>Xz=K?!V%OnLmM7b_?Zd<Kt+q%){ zDin(Fja~z=nxF`i$2H&yZ!xb)=Jq;K8u*rk7Sdogp;6?x7)%=Arpd`Ehn^g-PUJ0N zr5|eL%qUMlDSoPSVip}HY`Ga%VEE;dY%mC7w{0-$6H<=928nM-PoMp^ud%}!Rg zDob`dO?^0&qhIA@}Us z54NCvdaPj2JGyQDC6qVjL%(}JRT`4nGa|DG%qBCmbs3$)kI8JBpVRJJm{)Yc!;e3- z?>~eUJTg;;6YCd*t29RV_PnsSXbnagcMGJ~a8K-}37(AH;egd;Koe~~%4@`lI^1a5%LAhSd# zD;i8x5EwsMR7+r{0>aVicxoa3yJvU)F*p)sGQ}(X$4{SL-|oC_z8QfqWE4EVzMI|; z_!2y?Jq4M~f;5efuDYVm*}7GrtAd%+t7iRb?;w+j+t%d4>)Cp_MHzhw^Gs=%&5eUJuBAWrwdBGl2~+!Vb|4FKS}35* z@{lK%xN>rGTCt{|HO#SUfazvooT&~=GOZ(-)?Pz`!%0S`LJ|!po`h`QdWb&y71bhO z1~^|Xw*_oE2Y?HpUs(VEAOJ~3K~xpB{6JbLKJe1!Jn)g|8>1o~TL|l`J zPkc$lS2;)orVmbzE7g`YxANF1=2nV@#V8HoInT86lAuUZ)Xs@EjbIBc@(KFXjsbA@ zV7SC8hARKY)i`8XE>WrGb?vI#ywgohZ7XoGK(oDYtm5XsE-`DqZRB$qnI;3Uul=ez zRMRkJAN)t> zjL0mB7mL{)KxP+v`v*3eIVTQ%*~^Q=o%4@LuY?JEuyc8_n`dJ)JFMc;rTbP=v&`2G zFBe-tW?#&(!Uuk2HdSP3<@A0}Te5tdgk)x_0_ZwBbIv~@W4)>bhcF`#k`zuM54_Qti6f1)G zjEhUNGmKmkY7pc`tmq!nW|I1FH8N`zr8B}laNm~ojMG=KSj;0c4%g3);tU7LY$!eJ zaI|lmMx_O&qpZOj$r&&xlQO@`a8)pj>J$kFoYm=;@+)*xGPO!DyVqT8(1>fmpu2RWnvMGJ!THET73~!ehVRpOO6zttCmbj!v3tzvwcsIj95nJwgXrg(nIC zS%au%VkNBwSHVWfVsNyc=fPcN1b703i)qjC8D7Ihy~4C`JscL@o*Wg6Q?7eyt|v1H z@pi^OB}6s2tJMMquSr@Er5S|fwOS-Ac zR9Y^T{B&t(#?Xo67(URYz4K?e1#W5dhwY||M)uCFP_PjEgwV1cy z#&Y`(nbr1kP{MYC%wjwB`bE71qB0KL443d_p8%QF<_aR@*ySFx^)_xvD@-{TRhDHm zFturm8`rghK^mW3LT1q6Ch~FsFu@TB&{aq8l~#2_UU`DZ(?3o;Z7wFZ`;U;!9yTYl zb#&5PGHb)_C?W8j$jsj+$WS#PG%S|!HX#8^#PC?IxaNLmuIS0UFkfKFPN9;RnUjhj zWMWu7ENG0|t@+^8GQ!eqW2PbtPI5I*YPho^w=ZcG5HY~HWsogOy|V$sRV1F*P18P; zme;_H6W_O#$JErqASAO^+-mc@tpe~{3(|fa364L;xL6F=p801>+IuBP+wI<*o_Crz z$9FJ4{BGt18do{4U2U{S!1+W=5>0j`3e23|+?=1EU(~yo=cl{3w|QpTK)BJzi)%ph zo#x%m(;Ga&WbSGg&FiaTV)+jH!W}ImzY!~OxYZ-dU$NcU@>MkPg)=1FNaJaeZG~?Th#@Zz+hk}j!F&A9veK*6NRs^`jvyUke`OKMPRZVB4G7&Kkfexn)sp6 z@I(S!8sP&x4JL{sC-V;FMz*-M3u;e&p_K%-GBXx}l58>zs|jI~TXMF0X(AI7l&X%( z6R#MMvp9y!-osoJz``smT81dXGrqt`)wWTwL%&vD!x>x``d~soxxv(mnfsb1g;fb7 ze%mW)w5;VTrkOddT|@ba%LcG1RW1mPXa=zg$5pHsWKT=Pz0NYp7%R$zs++-BP_t5v zwmQ_sf#b$GW;G&Ly*-VfII`Fi1@$T(Lm32)>W-Dn_bJei300f&V248GJE(6GFv@J^V1<&EylZk zCTfeT?>$R)XcX2%VWr1;U$-}4P(~C~MdEMD#4^FS@=Lb9W=521R zu&Fhwup2Q`(P{{V$jR!5QsDOO*4C8GznB=x6eYnLk|aH36Ce!0(8&k>K14?+b_^!3 zJmPRK%DglVuv@I&>yenB@@Q=iKXtXZeH5g5sL;gKOcS98G9XK8v_MgQlJv{3;ivB> zgl&Y!9_~Rzt4nf$$A;FAF*YM6p(YP&?u#tLabKw~&|>p5hnKm$dN0D|w9rx+7uIw# zG#8ybRGlEL+T+a_i2F@VZGWZSpQ2YRplB>bX#4Ryq()|XF@z3KRpJVrB z;n~p4BCb2an=d^wY|)b~eIGnk9uC0tn#u1zJw2Uw|K8_Gl4z4vrKj7gJPdmRRh$>K zdgP}mqAiQ;TP~T`B)}ygYGFmCc_x}ud5s+OCw9?JW()8B1jwug$n17Dg%Zj@UhKv< zundmPNU7DxjQLo z2t?H0M_-l9;8GyB!h*4ru5bdv=x8(~1(~-Xygovk{9%kn>m>fr@{#Xe5WF<5tOv+U zX%K#Y+P@l^&9#p{L_ylCl;`MZ$p#>^LK=`6{W^Z}{j7u^e@GEBBD1tW57kU^B#Oya zi(z7>CgKU-*OOUgW*wL*T4y5Y9PL@oGE2#9uvl1)OPZGLnEdS?4|ivAbKg?VEDMrZ z76)XevvwwE(v)1$ZYB?ga2)G5qS#qf^R{$3U?KcH)Lj5%7V$5%hb8^Hz%!Lr=$wW4 z!e&9*`+xQHUqGPtOZlIFe!pIjrkOEcGRejV`ONO_4==@N+5havN7<|E=GEm6h(YE( zOd@;LY3}AWv65}=ES^}2ZjL*hi>Kqg4E&kJvMMlBWORG8^VI3w>|J%b$CX6(sd=%> zeuq+cEuYbUY-99l*GH8`{LP1{6t33Gk3c*zEF!AHNb7A74gr`=M8c9zbTsV9 z)ze{Hbr!1nIP~Esoev2?9dG$DtRe7Fe`f+uP2({tYzvQ~_Pwh~JQTA9JY_F*guq+Q zT|~mpTXZ07pU-_D+e6Ku+GQw>Q5fUxqa2a2Ev)U~L;iHwmVburzmCTs{%8j8Cxqyr zaw5U=ys~9vGpezjh*j{QE?FA8&Em1I?f2ZwvPK+BiHv#HXq<^ldK1@E2D>aFMIuoG zSva6TsW3(q;PRNH^!vS(Rx~B4;@CZxthmbvOvRFd1FNk{l4Znm-jQ@u=r<&oEnJa? zCm2k94cq5uu@D)Kx@y{C_bt-tIq;UMJP~JxF$lRw44*98D$!y+*|a!hFXde5p^gRR9%asee1j}Pw|%hPp9!0W^O#W zB|8)N<#p}y@-&!OG#iWqGTYlI6Y2+1Fjph9ozC^e)9KEEOJraaFPj16zJcw zAP^JF`!CFp>lEG@nTzm*zz>3w zM1p^1ONyJA1XI88qHd@<>-*+p1|lZxOiaWDr6GuKm-M1`CN0Yd#U)$JFdRU-ha5_Q zl_dd?*_oa<4fl92JjdaYS#T&-23ATv0c2)+E3r&A)o)l8AD7FYSSK>nn05Ii1Ux~= z^*N3w0G;W14!bhkEBNq2e8|CjKCLZpwB7mnpIcjh{P*X7|8Z;UpP$zgvkeY#m@mfS z!K`t!lYAk!^9BTIc>K8egpc5%{4a9>N+Nf7)4V*`AWGw6`kA;&4PP#P)9Ku0eaV-U zLD5;=z094HuKYG?AH;nGRDegB;z*s@&f<&`sj8ibRZXQ}rn{`l zBrl(+1QCgVAZ->88nYFoA4nSy5B)mA@=zMu)|yA6^JBdGp^b+X4XW;syV~@;qG+0B z5p5_fqKnd*lrL5^aUjMuOUsHT+xptrd}cPPouy1pgL0};aS67f>-b{V$>0_UM*IbW z2nZxBr6=|tdxVPdDcI|k(P)$#pZOV+p{C&#DP(BI1g&vN{jp&Ud|#NP9@Z)+CE$iq zNOjh($lz5Ruobooge%AHRS*Ere-7_f5C}a4JiKdMM^o)nQ}}Uh1Bef}#uczr`r3-_ zOTaUJXr=2%tN=W4xy+Z_;e97ai|N%gEHYu+vr}=PRHBK1q-9Q25f8?TXwxg_ocKDd z{X<+HFEH#*?VM#HnavN^#1HRoYFC@&t8-vP?XMCPah2oF^<{<|*~fF1u1&p7vawx6 zW*4_Oporj3v$hjU{2E07rVq@;`N!TFX5_h*$?U@pBD2Fhv$Z0bK^=J&m^IF|n3y;$ zfiSFnZ>gYXDYqiPn7JU?AomFk$z~Qp!Mw8upaqR+BRo{8g^Csv_G#mfAQRCpvqatY zT|Bf;7^IOd**r{9Ueu1(Y>F&_i2+Z833DJ436#sk5#}(LlXd9f$*Bqge!FOjOHR=K zXYf(CmJGzBi8B0qUHqBS(?nHj12R(}nekSznAgO-R@}GrED~<~mShH==^1Zs?LR&~ z_J_0CDNe>YmzS2ww6t)k{ea5Lgn1IUEKY1Z_EIW#b`QyH5KE47iy}Ks3+5%5|8JP% z^THz?#Aqh)vLijJ=XKfd_dLhXuIKPqVNW~HGgWYzfDLzCJ z8&w>5|M}ko@Qq(S{{sH^$3HLG@myA5J(f)7a-$Jm%)Z;ZJKy`y<>k}Pf2LnM|JmC+ zy?pv`P{G;E1a+XUoWuh%=5*%K%pU>IQKl(@Hvq2%bx9w9Ij0t6SvI!hlrHe( zzJVc21M^2uv>9rI&>GzDYmGF+^yLk?3LaG0dp_Z439A3w{p+XDBO_h=fg$t*e6Vmj zKgRo4!ei(y;%A5_96bE68VGxM%EpuMez1a|=;I2goQOf;TTG5d$#F%ayj&(6W5J-- zE^NY*BumwcNmIjr$c?5RY2u(+`>;HiY5C%p=gGw-%yXk+C388O!oDJzW$)Ge3RJ`8 z4!fO;cdb{$tyTg*zOJ2LTpo-VxL;e`1!R`|wSzP+9s*=0(Am{UsrbPovrgwSgBRB$ zv!oBqtMMOCA`wdhWJb~y8qy%%r|t0$jH?iKuKZQke*EP|)P2?*EL@XnkByP?@MM@A z^FsiB81mW=jq#{i@=R#kChp;Z@zT#Ox!QafplKD58EKPQBrw&!N0tP_BdJsx)oHPf z*YDvU&`-kg5}j?|e#^#3C-IQX%%LFgiXdh6C?GSb5-XbKc1)Bk1OLW$!DNNU{{BGj z_mqA^p9`~8MNQI8^F-3}4w)?+ek_}d8>(bZkQr3! zf@B7Br$j(zf6-wDy-804;&;F637q~V{T|tb<~-9R-u4{f3A}&KGa)6bPygrt`BMi~!9@ST{{gRh z?c!1!URsaO!C$$kDvwfP&@U@-NTQE2M4>|pX#;RQ)R`9pJ3__ zm6R%)CYq*HHiB$k63S5NvxFpU;YJgcLRWAaW9u#YZLLJ2-H5s?X)RWxQ;I-9dxgtV zllUsMYFByDmLLUFP#RXxKqY<9hiE+{5)c{!L55(_Ga>->{%mB{=P2xi~KH%Y_llUm%Xs*KQE)X9gl)kFb zd^^nd6ijH)VE8A2EsSzpELbTfzb&ohaM5b?`Ljj?{H^^NW7rNBUpsjSgEUz^0)H?i zG%$FwAjXb3B zmJxNgq7fG}cs}ZXKoYh@1gRFQKjL_P@9JPHmaoiKabymfo!u8gAci}y?dBGaRd)BH zdr_+&Zxp1(D)E&H+$DlHo$KzdJLX>~hM0eTJjAo{oJ(eJE}G!RU&`tHS~BAj<{2Qf zYI`LC%NB?4)NC?)vwyI6aowpkpR%i+kK$S=^2|A87BDJo{)BH6V8Ta7;P8bjrxY5< zU?hh~cW~R|oo~=ikk*1nmQo6De>jN`AY-)g;Yntp$4n7+@E8e&uOWXv*!%|KIfwEf z`5`MtGs`wDsXSi>kqd8=rHv;LA37S#{t3LRNlUuqittEdJYxTnhmTI;9Wr+K7OInz z%A+a*GK0~Y3dzjM0y1L(JHV(uFUX*QXa5t%)zGcxG;qFbG=wUo?ML00|cYA6cG ztinJk4_oXEC7v%eiZ5IYkXZ(gC36#GmXFy##Nyzu4Gww2bq>#-&jG;|s;dS2w`98s zU_TG8zi?3DSv)a?57~I4;Cd#AcRZ7SeKFhjpZ|TbwWa*>%fH@(IP8~Sl&!7De|=sr zNP{bBaKH22?SIZ|fBLERkAGbJW9oHvdH1yU@gQErbL{!z8l9Z)%>@YUF7~n;o#R+B z!;VY5ySV=8`rKW0d*M5*X~Kkdued0FT03Vs(-3{XM&)zc9w)`)O94)`xklKg@cOT-L?N4tkKIVB2DIdz6@MR&V`03WVE-sW-{ z%@7`YfY%V7n!*zv9@c!s?1~1mCDT<$hr2X^7o3U%1&3p>Bd=yC1@Te4{pgX>5O^>L zEKexL2VC7~yXGVMW^{Z%uyPtXr7-W|(cg>k&-4U-{P%{^4jxRnc~!=uQ9y7#OSUv9 z?}-8)xYyPCrmP0#Au(QQ52YwY3Oy`8eFR4`UtKL0!G0T-!mRpz!kQVCM}Sz!av-di8?+I&K2E?17X*GkjFUkPvYrmysH3D5DzYX z{QQ^U$tirnvs6Op_q`MMTvmlanyj0#B#w^>pD(8|#Gpu*Jrp4&JdyD2)eg59cBVE1 z7{Z6miv#AR5`#C3*UC8V9VD~vUUnmw*J4&1#fc0gv%9s)j7yAmYM1yQ<13Td2Aj4; z^|3ENGFwF(6_8o?;&}JKJ}#3xxM@N%!@sQYd%lb=0y3ioiA}&@9BC||ScN>As#sz3 zn^V)12nau$h|ETS%=kVcvm>WW>=^IV=ydH9#by*Fv+0pga4HT6c8ynra?1;#-G93x zKnb3MY)3JN%-Z&N!KV4=eg^N7<%7%5<8m%9;!AUQKhfhYRgU~zfMkYQ``UJ5OlIGB zIklBh0htLyDI6jB{&R4a%-+6AX0!^(EE<958SV!RR0?UmO1dpTW`Bfa7MqOzTHd$7 zUkk_#Q^-lrK`rncfl1GS&d7$QJq`I1p7bxmr`2^=(%%2FwH5otN$Z6F{KCS;v~_|s zw3G&dw0P#-?Q!j=&LvC>Kfgo&!GF(hZk|p-jFznw0fpYoiElWAZ2z);adQ~^HMbNw z?%=X^cXzp$cg*Ca6wH}8oy%UIx%x4KD96NiAj9F?ktZ z8o#GnYRNy}KIUkK!)%y^P53ccRZCP`0Fh*s@*h1oACB?U-&}S-A@6=x!+Te>&>$ok z{GnAvu`oTanJnOdr5iFicJtjNE~lL-1gV;pAw`i&cv3wV@S678wtg#S%9yU{D%=B6 z!bqADmR}FPGDTpG46aFHeEE>zSd9>l=AKVz{^7m&JZJEw#Z9b@_Xm_`z2bxfFi4B~ z{ZUL~$8^pFqn56ns9xWz!y_3)FO|FI!Im#JyT8VOdD)ASv|qN4udmpJL0aYxlG(3% zKBC2C0GXX%?l@#NdZFiLBsMrMepla%vCKg=}MH&)UpueJB~3MC05Su#6BX{A(a2Wv zFYkqOtS%M-nN`>qAX*qnu=!W_94|fprT95dv$h1s`#=9>OZnI5&wu#y`}co%|NhT^ z`26`_%GO^Nbi5cGj%A9{?E?d-tFN*HXg)Bqr;2N(_-%WvR6CL zgBGXc7{BrUIQMjY5y#_>K|+;vX7%sx)~+f)4Dzci{xcOr%j2;%h>hbadaAFGlD=9p z6vJLz-(|)HWC4jX%+7UZf1Ncv5KFQ-T~MSL^W{g3Tva-T=@Cm_*vThnuJ~3D-43CNxZ*Hb}&5)wB$?6mtf}(U2 z_5hP~Uf(VgQ$1b|!E{}LN9zPWT$i<%S9KWHvNY?=va&A(Y5QURzx4c9ctv?t*KO6+ z79*zGA?$%~sQ6T=Rg>KwoRn;b7NR91rD(DEQ>T{MTC}pg*S$DgzTL@i2Une&g&Ue& z;zRwi^6Qcr_vQ4u8z05(?eErh)`+j6+jCpHsBFbo5i-Te|o5^I^Uy0ZfiM`Gh?kPU9qP}`PpB7WR>F%zm#thR-OwnAl z($6Fo(LToovB$ok>cQM<+3w8fywkax40oZ%(CPIhyY=b}e8QGZ6Yv_ZkC-oFcx8P* zN(e)3U$~MctffK^qOA7nK^hW4v$exPgmy&vsX`?5-_nVGXe$Ekhr6O>AtmY9naFBO z*E|6M=!4d#)6ZNk$%=ARx^BUi8@FZHIgfdWEa$jk@9;DG)M$_fY za$ZYjqQBuFjVkGyk%^)7Y@aTGAPof6>LiyyufX6s

    %SbS-snCiiOB-R#0q6FjZ& zY;j8?k<3LMkQuX(%-+?T2P`DB%&$deOk%gw9oGy6WR_>vh-i+RfXr6o8hl^NhzlJx zw=f5@#pUIGUs3hSXtf_murTR}cg6O&mp6a}Lxbg#Um%ZixPtYsMkU@op_-)??V zEyreLUQ86FLa3m~lfS}oE38LwBMnv^gl8UjWtd0D{`rPJdM!wMhGb@mOP5qyqYU<2 z3esL&NsECX?eixuyYtiM^@B8fzmo+Y#IxDc&gJ3$yUEx7!2t-oD#0Q<%HDO(vm-|g za@yY{M|<_=`DL@)Z8n#j#{KG7j(vA^75DZ(axA{anQx9c>~;@U%v|4QSys~)+5Kr@ zP!RwCAOJ~3K~xCGb91M+IR;k&tqo0f^+US(|I{vK9KcrgqVsC4f{FP{D>u;DeStP} z45KT7Rjn*7v>|)8l3J8s(>}`)8S^g<(n8Y}Q)J97#24~|nbdz*@ZQhE%6jk^u+TW8 zl}5<0toYK(U--Tl+nm>+IKFIhNpmREuy@uC_r9=(!lShWQb}ds`dTq9YQ?6z{l+G} zW=X*9``V%%CO~G%IY--KaH|K&49~5mkOr%y>@=^Y%L#Fb>{adX?W^}T@z5(;UOb~g zkNPyeylMcH<|(L3$&Ez0y&l6*fvAjyRtwV9VF`nUQk+FNe+m0ptGer2=qIEc}3Hkm!|G(R#nH+=Ev z4G>(5dw1T1iJ;fD%d1ZJ%|_V+ExR!1vcr#DE_2hZofnxUCpBJ=>33?UtE$Mr!ms=D zrkzNBxVk%l)j}tBVOlLFsrCDUj;~|EiP8DROy(3bI=;SnWe1nZixU#eU;>qtq$GH1 zx)K3?%iB$)yn|*G<-J9_L7EUmD`}GAEv(QJc>fHZ_L@is!Zfu24}-Lj_eCs3hh%lA zLRGY=J>5)GZbctI+*47U9I7U2rK+lKbj|R}u;i8#bvJT-*XGb}BdibR+ zh(yjf3sC7Y0`xP#^TYp-E%(Q)W!D{};%ky`>sSuTedSzO#FBrw->Lku3@SCd{ zIdW!n+PQlr!;{O4?6^3FCgoYfV1YgBLKPYd9hxDtqj`Iy`4rqHMmo0CEcwwc?S$s+ z4GF{^*<3M6mLU|Rjad+bHC+GzoIqp0nUw&UQO?1!=o~ZpCz=>jDvd2=(gpmy4xZu_ zSg8TBTCZ_t0Ww>DJ_E3crF{jNaTSFQCYYqC7I;Bh`>t!cCRm9SxU=k&)%^*2G=DvW(}b`(1l0|(2gyS9Xbj-> z&?^<8{E>3m(W7*l2!X4Bt?LY$a4G^s!=z2e{;;d7oqh#xUxB|jVxRV1fcKMus^8VQ z2lx;voZYv;`VY&$^|t^9BrQVnLVQ`pjV0~s;sENwF#0dYQrNkjHwS% z17^9meC&cqFNWhIm;mJ_{k5j|j}|y(?T9Zs3je60M9C@D6;8XQ0UU*Ms_Iq*hy=pR z@dZ~d{b2#V;NUS2A6ks3kj2Ux3l&BxqSgQO=}{pS2 z__AKxTf8R;g0#-g()7;c!Cn34;Au=|35U!$?i7;Q^%Wp9fI0svGRrO7&;cRh)4R=m z=T^4cTy-f8ZQn0=Jn_p8Bs1Tb%s^PlW-O)OpvBf2x5j*Vb1@sFam;R~`|jl+EvCtF zw}(L>X%tyWf?9AIPx>KeIO7*sUdXc_yMjQ#sUQHNlrwaeuM%z8i_d^5Uch@y1atcM zGCYtAD-=MyEJJ)cbPs|wz#?dGQ!`E*I z*M>9^4ypdABaFNXnQ>!ETS8|0P*cgN2#|IwG61pUcWd$-P_ySKl~Wq^4)eXc0TT$9we9qeq6iwxIrk@ zDtv-NE^)UhCzwk%j2us6}VB{zDb7F zCAsnGQ(w{XwGs_JHtRdHPbqP5Q9FG3P+Br$1l=GlQPj1d)>lj)!)f6NOehc7*~m~7 zCW_gq=t!#%v$Ko+DBD~C-{2BCz0qqg$0M;Bznh&NMdT46%4H5(;?4@`lnA+Mrj{jub#3P;wtx)Gp-YX0yXbMmlfJ;tTWm zhd{u_V+c=8;U5AXo|wRgr}1sUF!Q+tE-C#_kMIyn6q7_V2uAxP75q>Xv7Q2JSCnW2 z(8N~pvU6QOU2<;h#g#M|C)K-G*EK+9m-SB9A+rzht;C0JbLY+8F(k9mX&ve-uHAuO z@HfY&w}8xcid%_A38d_Cr*@iQHm+3%$?S$*mCQtaZt zTC66ih|G+26rLI1$8K$hot<$WTr@wvOxB~!co&u_YFb6>2^sLTML%ha?9i_C1S~WF zJSE_Vv^(BOw@Q+jvv0hz_|906P95!NMGj3<|PnzV=aJQHY)r#D$id;jnL z4^EIa{P&+X3es{Y!xMyQqj$B=9>fHp5VZXd{1S-JMxz{)y|})vU+#htoH@R{s=*D; zi*ED$cCXtx9lb@t2gB|*FAmoZrMLtb>DSjas9Ak{`yo3?&Gr^(i_6}1>X#oX8;g%7 zf>+%`CIO$*dkDQ_qNscVGk<<~Qd!4*xyl8Y|Ie@Z?skq} zIg;k{QWHkOecjafPmeOrwK6ghNI~uEFm(jRG`xx)9g*OIss^Z|XgH8glPQt{ZxOrz z0!mgB`utIZKzQ)Ys*NYpX^5vFJ`zCqYC0WAkw+9sfL6<6JV}wMa+xHf1R%)3GgXaJ zZ%A0OIeX6L`|a zQ-NtbxFU%uJn7-Vv}gh!xF_jo87Z`dDVkJzv}9yn-p(1BdSbec zl(<1NEnFx0a+Or)D~ydxvWZx{sL5gLwb?C~Napjo0o`kaBLo!*1fmq^ObR_bsQyEx z!|-`RV}VPOpnpm5AwZ$dhj?HaHa<#C;E4h?iGQY!3RC!qhYt`4Pfp+?Hl9pJkmd0W zB{kGEsqxtF2|Vz(z%lZICC0(6j}JWLrCwj*Ns4ass`2sThXee$UOQd(_a}ng&fZcY zO5j)5*PYAVAm__YlG%sdZs!TbWq`~^x6SUyKW?qt{|s|@fyk_0fBJBnnVNFiMg z&cBY#82qaF25{L*%lEiAcP5QvPwQ6);7>pL@lG80WzyFzKjZ@5;7ePRDlVGf&D}S5lBv8NQc1{WRNszGabqEAfRM5 zz9&SY#55l8$s8V#8HwyaFx@^0=%*a0f;JR|4@c60pQ#8Pkx3y?MP%0IL9B+xODX`# zjI_x$J<%$7D+=vDg_sMHCBolB=7mfL=ojLn5D)Di;UQ7mOb4z~)dhGoGAHoxuc2v3 zW^I6{BT5f5B=Kbx#n`|QHzhM>q@O9u5Rh47zzgE`2BLeoe#EE3QMIyw%-roNQ#Nr; zC9T({v@IqV%#Y$&uR#Kip$IZUMPW|^DmkJeHWSTwjx=TW1iT__=0bSnnW#mcCJOQB zn*=e9zmHb2rHKQ}R?^t5Px{u@w*GGvq-|{tKK*?wwr-FHqqJNSZg`F|SJ#(W7^FF` zq8+7y@GY6kF>rzWridi(V{GxXS*z9RwN9r77;eX5AI_J#x_lSM*9_dbc^vEHjC2wm=}v>wtRUpJNx~Q zwPqa5i*wn=-)rD+e+n{CpDM+lVH%tBt#u%6r+&Jitl(Dmy7|g}=XhlR%#Y$Y2ArCr zC7HM-v?G4IB0$P6f|0W84A`R81S%JWDhSXdZv|PY|EN6J^4JKERBBNXN6HqRFS+=% zE5BX!+v`#`K0?4ij098AK%*xFXn&;53xd*6_%xi8mSF`1TUWjelhu!ADgr=VZ6xAM z(vC_kLD9B0A=*RwW5||Q`1@xAn@UoGCi|#Kd_{W0zO?5ax z1dLfBasU`5FQuNv_0OKSlBQaYNRm9uSqz7}x5WkbSx&>SGxHVGWAUsN+P5B+p`ixS z==rDM+!9R?Q-OyN_H)>&Gk{c!QJp&4ex66p^PIpJoZ17Ec>gMRDEAU^D;m&tg#s7f z7W(~0@A1=PUupXv04?%L{}H@+O*Y&GXDCk6;K@QD^6>bN{$s6k-FaJ{5|SBbli3T=8X~jgjMmzlZubEE>B+1B$*g&k zecNiWdYC_xb$qSRkzse5rwdja69@I~!7CEX+&GNX<9Vy!?+aRti%WbPSdvo_fO2bH zKr)MZI`NLZk!@>$8@)$`4AJ(;FSy2AO}qH$7!OrX%afMs;6WT#CjB8f49F~;#?o!U zAu~VGMnv}zLRBDBUIl>(a)lMDP(=VJR!O0&2#w9+!|wg3A`Tg+>~bzI;s1a3-mN#0 zEY16sKz&g}nNuSU!66_JLNHbkmKP?{1qm_;3mgini7-|WAaN2ZjF7U7(zB768L78; zU%gK6-CJ@?skxb}PVKoF)m**Oe1KB-?cB_$)gPexroO?}Xs@;6z}abMXI6GeLsfP~ z2Y&)GVy)kL*6IJ)HT_w@(4$;3S2oAV3I6h2Jy$BI`<(W}>>yqF(4?MZtQMM@b17KH zTsN@G`TPVH;GlhT<%BTXG?{6T2FzdqAS^X=>Alydh{%nnR+!bN&FX~{BmNwfhm{Nh z4y{?yNEFhB&Q@BQ6HSjlx!H0!%vySZ6}@|@cRqhj+TWQ>zdZZrKYsHK`al0~5@m=o z5zh|NEbIa;OIw63;fU`p9b3M_;e&&4j19v#V=)UgRt8Zu7JEUHM2bm8gTDD-J`#jr z?5!Soj|5T4R-Qwj2Ac{F_+C5}k4BjB>G43GFnFief^bD#Owc=ypawOZNfmkV_(MJ7 z0f6zNuOo_H7m3~3AAwN=u;C3f15=UrvNZfJQGOW5i(T=QM%%J7@JUgCd`=xORYd-D zNB`WE7KXm3_S<6=0jSG9$JI*&4f2`|M!?}v4SbUDK%Gc;!lQsXwGLlybCOFiwf?Mr zQqtaZ8gDN3XZoq6{w6-P)Ssbmx;39Ak3zXRhg5-c4u)x0@X&p-c2%eT!R7B!m$s?D z2dy4?pZ>(U{Qa6fq%M70)jQVpW?heO24260^%uE%xsY#%L4$pyIeLl@(B6?WcP+}@ z5M<+^?QbA7`r*1Vs_%dxi*L{7uARh_$a~l8ZZ~dkSc^Lr)`^#e=?VcRm+j zk5i8e**S#SDDtdPa!bnB69(}}Jeo@R4i5)%F9o~5fL#!oh$|H=j!`!g#E6ua7w$fI z^#+La24e`bqKkY>E(qeW$O?YW=JooM&Vl4clD@r%lY%Q`mBCo)O^n>SyuSA zj}(U9Y4%t{0ZxUP(}rM%HY0e}k!RIQF+MsA?B?fEpWLn-%ioh+<1Ic)u2+ua_Qjk! z%<$0#SFb~u!RHGb=)EoD!3V>P3`>{Mb{RPqvh7g6@BuJGJKS#a*ZBenOTX*k?AJeH!Ler~?aK?3 zN%~JU;lP*Q{Pvr_{f}#t>E=U%w8er7)26+zuP8jIiK`PLNa2}&_V(qw~V7vzgOMNqn(C`|(lWW_v02mE$n@PLM^=p&mPVk}DvVm34oDMk@ zM!P0y=uB@IG(GjsH2_UVpZlo9*i<^5uL{3Du?bg|bikLY8v5!tCY-)Pr`YHLWbe zfksAhPp==Hf&gSb2cw_<>pV+TbB@2_hjM;(t}O@G3R9r)tLt`z0{V;mWu@r}oV3Jj z#WxuQC_l+bw=S4vn%3hLY zgM%*GsJX8MfEY_|z-%$^;eidZa#e2AF`p7dIaVIokh(u6y%TrtNhi}2!TV$~0zeb) zvelXMq)D>vIe7-m{M<)_nH9n8%CMUMIl!#sEVl|wt<93{HuwZ~F@U`;v|Z*YL0d@T zs3omM`%g4jKro}&aBLH1?p7(XvhgWXD^1(6$CsnEFA>aa`7m*l^Z%8Z+3rgV_2oaC zOfUcV<(Du_`{uV_{`PMlOs3XhS?A`8Tb8 z`RZJv7B%Nzv6=0PX{e6FLi+&GA-IzIPRc2_7sd*v>%tcDO~FW$oM3s+auErG~*#E&ZAsnKz9gH+^25AU0 z;&3v2B@d#h?hwOlA_`uLg)lpv3*9Kak7n%1r)ljuY5tE1qTF+d#l2069jB?sj*N zJ3{u!y-zYT&DlzUfCPiI%GCd~2H0J?sb1yIKV|_x|9J&zp0lcyFI?7JiCT)dmWWSb zy$l+ZROj+B^4iALjOoZ2;R+LN*N3haZ;*M;eZ3LotyUYb)xy$bo14|o9iGB9d3{y3 zd44{R$!gA9=olkOwVE`&ge~!Hg*l0(Thp&bm1T&q-fb~qs5HbVi^j{9X?aE-hGjKv_ev_0F!XHH;eS@e!-mcO?+<_tFA~+BQWiaS{T9)Yp0LM32(T~^r0MrWn#&0VN6uOD`%#caNP(os2-B>_k=tt2 zX3d7D+BB>C*P+V#emy!eR6F!;El6|gGgXGlV@wx#483Q0iO2Px_v_7%>-V0rUWBAf zyHF@hOSQH%WvEYKD&GJpu3vSLsnAg^vs{}|h}Nb?4g!)UpJ`z#T}rzL{_u#lg@sLW z3{TvtQ}r~P&bwRn3#YY|kA$PRMubygS6qmcYHkd-oF=S#rybNm@w^_N6FwL6T!C|W&_yU6=7UE=!)|g4b=Hel(PW+o<^pY z#)(eFo)5w-0{@!xY;b%Zr}oSuQ>ip^R?}}0nVN{>@SatFFc5rCTCEko$#jW3F*`yq zNCSlA4taK!q|M50trkib7apyed)}*G$AV{9NyR~$`;qd$%0u^lepCJN%rd2Lyr8J%P2PA!rhKxzme0167J|AW^|32F)1Tz3(W{Cl` zzfXl3$-44rQ)kjys)fU~a{a>ncuV6kZq&zYnH>8w4(t!ozWnC5Wh3Lj*>8WlNAzfr zW&u7~4nH2GQI!Sj@{00kN3~;P)LKhNM>$1ovw%fB zn2IrR;w|>=25(~-U+0uUULbmyU8}8Pgrv-U=?R;#V#vxE{alKDLDTpAD?bJVL)i2?(F5i4a zzxv5tdhKG#(CrSrRX?>)Z#}Pbd6uGx+H`8>LWMRJ{sdeDu4&zTO;!q$;eODdnwRdW zK_=K0eOBUY9ONzYRjpnA<-l4yBKB{*b`Xu_mO+G&@HOu{0s}KMDv_vcb03ZNK zL_t)P%gA`|g5wGlh{f*sp*%T`P%PSwzL6vy(8q$zi$!XI;t`ga$jDs-rAk>J&nAM3 z+}V|2{eYrYhX=@X$AFoOuI7nHZ3Nsj_Ap@Uj zhHO}_tB%`H(z5}xBj*Mw&Z;*hPMh^wA;nI;XPrd5^&vImz!G`x734Wrkhfm`tL{r=yUzwEcDN%y@+GN!)JS*_D>Y zXqld+kRXjEy|3hh$AdH?wa9pRVP4r8 zTcq+SYBfqu-QSM{ao!WeUN#B?lsyASmLNY6I}_2nHRr?<3(~?G^9v-sNXO{q5`AEa zZUkusfBq@U7}cF(>hf5c8KAxA77~I^f0tr9ypm-IOD$J6*TSZ(JQzoOUWUj}3m>nj zW`3$4GH?aEd{=?;I1@)Z>XqXRvDo~3SbT~IUxPv_7^P5%xQO`#-euaix1lF{S#tkW zKd2Paz^FQf^MLuPT!MFxbXBi3`$XhPs~v^xcDqAAx_|{OR4SC}bv4hYQ&(9}cIs9C zS@Ros>Q;5TwqtKav&YciqHjV$nkS&^lXgvyR2NBIrEZ_G!Z-1Ds-@no>+vTy^yp}Z z{=(4XH}~mJbiI9D@2K|^Or?!-Y_toZW}0C>#aJ4VZ$bzy^lf*zLCi>nyzWlZpi2E` zX7-H1hMirOtd$=fnR0a)&D6_v7}E4x^|If5i97`Qv$D-<=D0RUPwSl38qn{LbMmhi2NY-T!_1(7N8L>(QIo)fQjkH|zS_HT{WJxNHvdnYmg`^dBBz zY=(`IbKHp)_Ha))e=Q6E9lKM8GT$9XIVoQ$@O+Zq;PfkpRKGIX!@g17?%LX#w7%^2!vUOv5-KASp!Cg174ZOiExd}nQN4#$PavsFBs1d z6xyh-PLJXr(Xb$xDe&L|#(#c{qS{kHx8ZF1I@#a2# zaz)RXKV&2gMqvN>$G`ms#$o^Q$8WxTevpP{JAqFY-V>x{7%HmBSz>pcqiWM8MHa47KIJ96h>8UXh^@0&n^?pRK-l@VsWA8cu_+w-wRns|26qf&QW!MiXm zeB*^WWmFl7LNP_qGz|2cZP;&SdNQx@f~a&y@W{Ki#DZL;4)5;|83Ju{b)~$p7dkjz zOR_?e>5(i3=yx>=6?l0 z>A?PJTl!m7f0ermzyq7@2pN9A4qPBhBTvBQ2&fi94x8h`=C`8Az!q?z;_gBE*DHGD zU!?0j7pwXU^ef=SF5oAj%6(xEICkl6*v}2=1FL%L1^Q*{dI#5tY$(BL%Y0p{ z?b#Uj7txNTs0E9bqpNFdanlZv7lS_d)h@rAHJ`WAcV+c0AeK(3WX1o0Y)FxZ1&qt^ zA^KmGU$yFF?bzWh4EWK_xJ5_E-^p_XZyC-=16wk93N>_A_{ja( zpUQ#W)E}m+5HduZFIQ0PfCO2jte3&bG57J-QLe(k^&5%)AzZ`;( zFmdj%qjY7k8(ULN4&NT~!=apIlvl!5kVYR0Lfr6#AT7+i7!L|VzUR|6Y@^ymrn>Tc z&k7zYKW!4Ekrfq?EK9`WM0zrmAq;#py=!e6AWuc!*AWDHuobj4-fnIf*{I&_{MynU zmUzBLAAm6G3fZv9G7c^PhFNB$h;xP@HJGs^Gm!-m!>rR2__dyKgQQZY7-laZ%rYsj z$Sb`&b`@qc8JP=;H+ndLP#46`p@nAeA%+ zyB}3<5Aw5uaI!m5W~X{RcaGXtCoEjL9+gxG161AuC`yAE zLFH2`Tn?KGGo)8*!nz*9EQF|rLNXW$1?&mcpA8-1@|-|CQOy?-{M;z4+OIcbJ%;gX zbcFaBN?a`Ujvact4PPIB6V}^RJ*r<9n%|nCS78=q;eC$w-Iroz0RUg87znyD6^xaaMBFTKc zUNAR_^o~rOEJ3h;0oNKU5NgDjnz}>KI7d=auGN};@OG@mbwM9X1~F;&&?=X69GA1* zNK&cXQv09~bDYB&I!7&EEm3RVa90keGvIXK4!`!u;muQTnf=I$GPa^qNAS(p_{i#n zQJSiE+VQ=!8+xazckIyn*Yu919z6-95BYVyV^e?RIJdoq<+NTt=gOQt-Pj`X0d7<#+AD~~)1WelBAAhxqAYs} zyiTn_xlmrj1%_F6q9B<0BI^SmwG z%p2XeKbmAma?cm^rT46|g)plb;3r*E1hcC`rhyV}Tybi7fX(DB>@uPwSbmZYy`-X= ze}!SD^2DZ*4>PyKEJ(WDsyE$*aAg-%GMT?K||`E9qvDl8;kWuJbp7R5I`upNOTBsh%^iCCV|v?C54*;Ns)=ABcUA5oF zhK~5o;yHnJz0J_0H`Vg?M7?#F{_F}Ox?H}rqPZeS)vIdlrQ`gHtF~7r1xfN0+vvzW z%f@rFMfnX*Kb`1Q3=wLvZ z-X416EcsbrW}(ScZzwAeX4wN1496hMR(#+{)Qd$hvj7OQY&L4y1+!(hg0$R=qAwMp z=q1ef!KnoqC9$qbe4uoB7^np!mc4&nz@B!8vMfxz$1J@YX2v>nv|gjkoty+n15S^!|OM(94^eVAE#g^n@_O&a!F_P(A0SEx8IOvyng; z=LT>*U4Mr37fb!wPW{;~y>q9%nu63mEk zy*`bsZ@i?WH)y%&2M1~GL?W^RGe`0_4qJlDxogDV)uuQNwC%)!pQX*ybdhbzMNP}j zf@J2-wU!3w1_&6>7p<$XYIy@zO2)31=|sQT*7cUjv9o1LKHq}lFAmbQyq%O!Tn*Cx zpI`st7r*|+|LUxq$_hQ@p0&jG1ZkERR4tU_3a$-r367Ig*wzUPWc6-@Uk(p}l${a`(C<{E#l+IC= zPbQP4!7hvN9b?sR)X;wEpA(iU?_#VCX=A-&Eu6(tw_gM8ycnrMt%g_j~omms{6Axu$n={Z=)x%I$zNt|Sig*#LH49Q(Y8FbNTaR|jHlMFsKZQT((I2$+F@5qw^yY27 zafIEywY4HikK0ztM+-MqcXM@!3RcRD)aiElcjM#3jA=CpK*356?-xhU1EAo8CQlU^ znN`ThJZ&g<=HmS$wGb?7ZUnPNW8H27fhsmCF8Z^<40Z$4u7g7iGf^2I zLzoSEStFQi5bacYVNAP2j$7UfGfIV-55ugBVAhG^O$o?&HmmrUkutbjynXCCd^}B&}3wtLOICK+<|ivhL8k_42mV zyLafX%G{Yzo_8S6YTmkj@)PQfnseqhc)O*y=K6gEvlxb1{pxxRX81o}En&8XwADj; z2|9XJv2hUR<%fi{7MnN1*AQm;{oRxI*~wfNP`D2J5NW2#mF@7USe+;KT#J+17-p&^ z3+De#jQ|t@qt2IwCL_HpRGm9onk8)9=2a5yYne6*i)Vk!8z_G?r=? z@)X+XNt_ObvLN*CE5u?sAC)p+P7Nz<@H8uKGRTV}ni>^wLOdoz>4n)85xXgqbjeuW zvnib=GQ|BrekGr7B`qS!d~N0Sf@=roEZGy%A~UVG64vBrvMT-Anc13Eu(fI#^zdt* z@@y82rf3jvT6n!dV;9tQCAM5YzPZV8)6d(OaZo!AR0b`1 zv&15A`u)12bo26M^W{y+UvBleLi<`eTNVcARLd0~rt-~pICfnK{FVEqdC*JCXn~g9 zl=A88n$%vOlLn@L`~JtTfBgSoW%EWdEA0Saqg}bjP=F*-sf-0}=Ld07?i71HwC__C z(R80Y&(M!dRfpTvehb3vU^6i}O%#P4`xya<50p5tfX@Z9aH?6OSXiDZ*d>NA8z7kJ zkyrzyN|)1$kw@W4%mr*vS%Fz6zDyWpV!8tc)ZRqHZy!(2$r3~c!fYtqQCl!;w4>Cr zH38RV&T01hB_ds@*CEWTpQq^Aa#ue;n7Lt;RwK~E$1p2x!;FdE-9H;1&;TdlgSbW^}EvzJ?~T;W&OQpvjFQT71wwWj_zp&@6qe(5$dzg9WS?cCv@OFSfeGwZSq8f8?11xHJ)u z$4`r0WiYyD7?;I>Az;TskZhOB1pVGVF-(#+0WtA06^@-S$5`5?<;7rvCP`cf3_KgJ3C&xgJg`P*+5 zbB%})t2G9Y$Wns{Q{jUh#UR|SEY{k!2D{Lzp6Z&wvJh{vN|Wo)>h41AIs+^Bb+Z)U zTK#_R$n98(!wL+gTIQ#(iN)J+zH0xO1kz_7l!U-h&gH*COPALJCe#1^`n#{c{`$Kg z1%c;Bt7aO2P4(n%kf7$gI62G^spz;X&j})(%FYi{sYqnp9m=rFv_9g$ITwdv7RhV| zV?hYB2)W(XFg@ke^0{CJh-jg3jZzK+;Dr(BPzWB-tC3iY35A}U&7G#0ICEMYK$zV@ zn6XQkEqsbM*1o)|yccFPO+uJuWq!`A++oyWvsA5SjH99TX|{8-*G_^BT*@8%}!8-*&@7%?Sxrmv0iyu zUB|`{%~+J$4#Mmbb~uj;wKfWVU~CrP>ivHCH%AWrNkgdJFxny%2(vI)07A@qri(Py5p+ z&D*1uyIFY{q?co8@DrT> zmZY?9+(Cukl8dH4;rN+6qGYL1D7iy9jv*V3jWEjeFF$_w=Rf@6`@i|__xZuA!J6aQ zTe>nCD&CPWR2wW&kS8hRikTq*n#*D5V)1lY6G3AmwI#+>*ma$kZfff$DF9@L!l*)S zhIZg>kng4G&(-0yw51f91#mT`^hg*51vzM1n;Rx$mB{mVj3Ss(5N7E$m;vN9eoquy zQ{ss*%VcHbETl(hD$JzS@(qY4S_I@Q5TKTWFgtgCrXu(A4ARWja|pAXnWAY3v)?`Z z5G_z^vKWkkfn8iS&@gl|)JV*9iz2919O0kxtif-INg;6Smkj?Se5u|CubU(jmj2aVC-6gepYv?iWCBo9p zHT%?TXPLR&)6>ra8l>XX!MYnAnXYollKJW;MiyW(wxX>qo2J;yBe#BJ-H}1yx%%}_ zsu>5|&&wdN?W_Hf^qwc{tyg8(ahv8BuEJUU|M>m)fBN6VzY-Z-Nzxf&^R<2E$*&BN z8u3E6E6am>v|;WAa%6~I=d0z`tUv45x1CEHmh|+pnqQs=RIOTfqY%A8GMqn+6Wx+* z;bB(3$*03=VFNFSW+<5q*kHtt90yeU;?mM#1Z9(4G%sJ5syj0RxX(5n&OMK25ZKo5 zNKf%xy>V2M@>1>kTB;UqN^Np`GvlAW`}aSf*VjKD50vBe^)Pg%Gn7SHo&>WKQ6BR1 zAQMCR*-X^kXf&E&4R$2ngU=SE zfqZj8!?unn)JI~Mp^6Y@G+5gb@Ik9ebeNHA*2(mplC4luA@xL;KLFBMe!^(|OL&_j zabgk4uSSh8(uFIh*=j3Lq?Eg|-Z~t~{WW=4-hjtyzWGs7EK90;E8~Fmu?zz46<9t} zoXl%5E++7ELVDiM)37iZtZxv2-ipux&vA6-obWBo!<{f z@>2}6S-rU<6BvBBrP^X;*c7VYV2?=9PQ1CsFnhr^RhUs)%lU$kAk0o|R~&bulc-d! z8J9<&UPuWQW{*A8l*&D433tT`1N`%gUD^&N&@b8LohCN&Rd{SxjK{qp)J*1dZBBYNYTJkFi^6ZOZg{(e<& zFT=iDZu;``FowLqM&WM80%|>>RDw&-j${twfeSM}N` zigZm-mPYzl?Q3S+q6e6M|K0aENc)?w|4YuURVolW?FhnT)G0EwC34pt_P#P9lN{>a zmlb7291e%wh`Ip;yK7X60|mm&%djSLa~g32W@sU;!l)GykkZ4Y4l`oHe?FMO5dJ1j zlCYFOn2A0M?BVgf=r47cS(rTW5m){K*4sU$8-(jC6HPy&7KJ&sB5DHClvC_M1|yIii-pOtn5X$WSO<*+H*BvLLwh;L$r^3vt-%ockxtBdgJJ-0F>+W20p4fBZrlMf;~;eDROQ#sTjuzT>+)jx#BWBvOYR zc_=FbUKj)!YI~L7S_P#|i&6IwHxz(OC;Eo%0Lox6%9zN;=fGMln#dI@FvJ{--OiXm zrk5Rl;5&@q{xoov-&ERd>SKY8W(Eq{K5I!I9><@yQ<-FYauKy7#NjwAiu`autS?ck zOwmT9P`Uo5#K8lr!+x%9IQH9ZxGuXxel-h$)g7|gkV`FuncZgdJMmU!yKPl(RrTr~ zl5-R*5SD)I!-B~WHYRc}RmW}wRcxZZ>G zcC0tA>#-xW=NA3`lWqOU4*ij)e~oLYpDWid-S)FTfA`(LfB*gWfAigs|FR<$M1v*v zwZ33&a|hV72cSWza74-J1<&^6rkxHpJZ2~g}fv+ zYdFW_f{Ix{rB=&J^%+--;YK>r&NGpApA1Lj!xNrrS5UtE+^1 ze>_L{{#damt<4s2<1oplmLHGPp=Gf^r&Rr|-Il;lVyQ=)-u;0!Jvya6=^gr8c!c%l zNA%VZ_qqmq>J4_|PV5NMc)dS03ZNKL_t*dP@57IlsJ4p zeGKouER2qQlYuCX#>a>86oeU-Iz-c=5N7iGVFo))v8-~)sxZs=XU4bz;T46B%k)|H z4FEQuC>J7tChtXMGNxc#o9YN%2s1T?N?*QdLzsQEUGYqBfVvqVeR>=xo@8)OQxhS3 zK$A2P9nTd6vo%X5V7Z1cb9(~0@*DFxck6*g3Od_)v%0g}-KIdRhUr_W>T$!hSI`lM@bsNEH}$Z zc#&dQgBe%nuCyk{iph>(#^~!9fd;cej=Q?jS^@-n$68Bc#w`uD5<1#$X{@NF3GC3L z`|sYV=iEQ>bSDi|Z+mv(Ivg3hJBMEw^POM(Ph&R$GZ2O-70aOKi+X#azze)LRYY0d zj@M`Kz}o5#l8#jvl!64PlbxPfRgZjF3ssc)`waD2xVETq{nnd2weSv37pN5jY`i1L z!sL{tVL>dstGWuM^v9ZvHF<}Fc!a6IuYmB3(N78^QBsw~A_H%-*!6XWy>*9hmwDE* zpE>=x@@1}UgY-x^0v8F`@o;0)YQNhGnSnC`xUEMhgMdBZv|6$6b;5BAj}odqwyr-~ z(Yp=(5%$UUBfV`+Z*v-YE_a1|{gJ!lt<&}z>M!7tnsMO7ieQNyzo8!cK%-xQe4QOw zZ}+e19lGAO)ZfB4HNAC*UNy}(^tO{Ny-`P>h-@CzecN@;OoclzTef# zrlo7JYht?rsP^iV4~(96`Z_csiF%F2exSht+A*gniu~%^SF-%-l`u<`TjqAgMQzVC ztuZdPfUlT7VPuJgEtLDAj6$k3xF z7t$XNdUCdMxk*rX*+FAhAYl5_cR!+M_WgH1Dw7Bm$yn5(F`9l$o$^93rf~>%#|Fdh zX(lokc%B!tlqE({K2er2%!2V?Pk}HKiWL}T34{CfK}~$?R-!*Pof>x)9AE&DF3mhk zcrCoLFeWI==YW|dnnN%P$9&2uZVdro5X?HM7zw)wg;^<8s75|ok25IrPE$-I-a(yo z>M3z4O?CKedO^9o3NH@49l5u*=K#1${g%yhYs=*>xtz`8ai|#qZq@SXS8FnYP2dPI z!+~<2pdy7-=*=ztt*+NfwyL-5`ja*NYa7;M0J%U$zfxS~I5mSnNJSomB`Tj7mhgkO zew@4INad#vOHF^|-_lzRSZeyC6}@{+kL%Zl-safS+x7YqNQB(0dKgJ?rAS38R7<&1 zd*2=wKs0ylhJ&^21;w@rv11v3j+tHKy&;g}I@ z#lkFAoz*4k1xj>ANTpmWr^5`5rNJ1@0eK!Oy}Skn%)&5=q@r)2h&xwXnj<^DWw5ad zVLeJEcVV;yI_YkmM$56$(x~5L=L&%>!KKqhdAR!v?2S@*PRno>b@(F*2Xv4Sa`9ZjJ+H&>Uf|i!UP8x;5zrPk_R1- zV}2<1f|bv*XPrvd60>@Z3ieVafLq*H1R{hN?@0>@+rK88NrykyAfL%63re>;5MK>N zUhz>+=zao=PZa0HVo%_U@rWh6K9UAvg;~FRZnryZ&go^DQ{rnrth^F?GJzW`s@F_J(RY{PnqqOh-DXHLP|7O z7C)z@{LV%iRI28-YJ5gT;)l_AG}wFft^80fzms1Lf7fr7%k^CCJzE1ecTZ2c z%H$9)!l5WC?wt#=SDOGOsqqB%_(i2Fh`~6+WM}|mEw2n=CPJEFm`x7H-3~>ij=RIj zddhY9j2FvYr7;5eeyK^_8kWlCL;s}_q67LE!ffD;e3to6DxFWvT2lC~n?f_TX!B$` z2!qe=m<1$J>K7;ovyb&<^q3b!6=poI1c@h1g^&khMI0526JDI3MquZBZ6pnZn=K48 z`+2DP8n(K)h-~r)9ffpq?IOj+BV=(KdZ%9_*KQIam>E1o8wUd$uw1>W_T~iegKe9c9rKZBKCQ+Tmi|zrOUmyYJ|SJD zH*M?~2w}!Rn8nAU3bO|YGZE$5gfNRe0cMTWfgRUnOQO`Bh-@Zb$f+<(>d5xPmcw>l zxP~yJ7U&O=Z&NIlmtN;ewsR{^42W4P$(PtM=7)v9m2{JsA`66=tF3Q~uxiT`H=UN<$ z@B_COH>oM?{RQxzb!z~=@GN^09jUp2^&>Yrz_aX5{gh{2?_PWJiTWg0=9VfvIE{|* zDiEuF%5#fOxs6lSRlR4aM@L7xK49qaCy&fhJ7di|&BJ^Jr=nyp;c37`SV1zFr7}{glbK5tulSXy)KGcmSMEL?L_Zi?ev}vNUV0!VI7^OoEVQ$>ns+ zPX;rZ29>5eN*{L_llIl*f{FWherzFQmG+7m(8qvTkyn23^VxB|*GvM!>;}P1l1jBm!GD=3ot1Q$g$&pmHxEDG+Z`k_ z^tVsbJ5~K7yE{M8NE-j`E9AdDlm{y#X(rSE{6aNJ`}G%wO`56rYH~=iXc7DIT?Q?> z1zx;^s0cf#D?>alsAgh1<)$umV=gGl0*o;L?rZ^~Cgn4$_K+YI40@IBq1Ha(Na?3x z8vxXTrYRR?8h3pZpxXI#OwC{CljpEA`mr5$>9p^7@#1v!17V5;yL|8o>(T%nM_Z+f z;|lyS_X;0eDfnb;TIXQNv0BZE8>(GJ1H0<7NBBB3j*J7tq&OVzsG zvwmdW^X5;c-+t3kE{%Wun?L;F_kU35&b~MOaz~7{V}Q&B3v-@nyH@%fY)X>SyK}BC z&%Us?U|=^Q>a>JzZ<^dAIe;z^2`GDreE@oiov-T+t>gylc`j>3+vjmJmPXC z?%|=2vfn+--sD=Pn|i$|72x;od|vp-vwpO$`b7F2pFFxkn=1MV$+d5I+VZDA|NHN~ z?_?N&bvqs56^5BC^zcYpLl4r#SIT|HSM&zs7HyLvG2yce_Tq>gj?*Y|ql1FNkhE7= ztC@{O^Kx3qX{#PykU<$IWmiKs471g?kc%)m%rP{%kP`X* zDbLvS_5c~kV3;xK)giZQshMum#8zA4uWH3&10XNCWsz4zy1v@}1x1qbq` zRyrL~nPh)hn%SBL@GF1ukN@XC3IP4;b6rdDAq1b z+wB@QoNJH=>B%c0SWAPY*Y$?+@C%ysDIG{Yw0f-_VPh@|e7v0m5R@yUb1Ro67l-q? z_x?1VicUnx|}$dR0hFJ>~xgw=sx8w zGTL*X31yh2N%G)8Z(7KOm+xhes|2>o!5jYHMmoZXFvWXvcV!;#AX2JAnBi$3K(d+9 zEBS}oH3@bu8dO)~j+F^z!mHPqh$ZGCEFW=O6j;qcv1*CIo@PhhyVGbY-r>Czd0k4V zi;GA)((Oh+L8z#2^Mf!0$6e+ADLrebe~YKH=tW1EyTEFVxGZ02$xBL=MZWqui{{VN zCryLd)n%I|!%cIWe5@Glm@bc`*{$+SRo(|PU}^hjEtI+0V=gqS9&^bt6NW=^=E%ny z&uFDHH+}AhE{54Cg?}JQ*}eudGg`TmTZ365*Xnb%G*htKe!3F#laHjCCbGbHgWj$% zlqX*;gEZC%U#;c(`eBgDz$gvxn9?55y~6ug;FbA1R$a`8CIJf7w&g1p0gJX= z*QW1=!Yp8zO*giZM!>2|jJkI)GNalO=c!54LanlU_3g8L%K&LXv#f8mrG_um78Pf% zpotzzcA|89%CH+pj*{&dz?GJz%QrM z=C1l%{kpjjiM-()o}a@5ayqWc{rdhy_l=lWP=W+tVU1Q{790oyAB>^lF&ILaOqM%d z_L46$`HT^yMHInjnCI(b_@`YV7^8i%;0u#Lg&824r8YpR9nk-+s4#n-*Db@qPMBqt z@dB-zIONZTnj}9cJdpi@z&;&a(M44$|D_Qh;j`M-Y&IuK?(2(zMQuTbF5HJG8T zx8@Rt+0~T_v(S;lUA04)xeM(|Dd+#(LE5KGupaCRDCe-i%ddn3)1$A$A0k?iw#*9^ z6uK$kQ{-NX4x=@@tc7$n)par~MG$R&fA;WDpBnqx*>G%o*%`=Wg+as=ZnkFl^)L&y zcP~z(;5R%YN&^m5%ITd)oQYO^RkxC-&Ct-5Ur)NI{#|;1F_cBHNgHsJSrS% zPV=WqCq*n=BRTs*)wW9x7?|PZEl1`v>&ut=-xK{Qm8?~BuAJi>oRq)JIe#XP=HcPC>3T67^KxG6tTq+%tHM>gjsdDni|2Zv9))uC=B2QBo$^44>SKBn8ELOF3f6` zc0PjB%~Di41%cII36va|qs6*M2s;xT3=yKnB zJRS%$_X^Cao@$9Jm$}!M&Ak7ogxOC%lJ?7Su!lmlV!SAq#?ewAGIAB@@9omxuIQIXT9D?{jB%k#v#|9Tde3k4BX=mN0XVrs zA3FL#eR8RHZtAU}(3W2RWuB9S?L2q(t3QAD_4jz&z|#lP9(iqL3X$=TQq#ro7BhQhZ$9Pq* zmjbJ`DG%3Y*LX2mee<3)~fA{wq26H^h}ubTbCNl+=T*HZe{>UG~E&m$RdM| z%Y|XaWZ1PyQA;>0bUsPyy%-hG4ip9AOcD6!1Zkve!h2UXgOI62T_4xAUc5{ds*;3? zZ|K&emxtSx^65b^OD>W08?CVH)2n>g)tV^mL7H=`{4e3>4lUv8G~%Pp^1uA# zd-U$Dn&w>5dsZ;M&gUKaP{Mwm<7%jkf4n*NSZx2u8yWEwt|82%Yhr<6c4ID83r(q@ zV3@sqKg_WIqYJ`}nTS3>)3G8ySJ!+th-RR4Q}wt#2xji;uWC-G@%M#)F0Qy7$3d7~ zVwmk{X>`7=v`iu6;X5B|X>PalAwzE~{lp__U-d+OD0)vbu~e`VemqEH##=!e$@G-N zxqwoWH|zaATH=ca(Eu51PwTT;zYn|Z(>!5}Y@^gR)0&Ij7{$L=hC;D<-p^e)9p@Zp z&$V_0X@CwNmLDFtof}SevVe^yX0!SwEHwo`%G27KmGdzGd&horwN@#LLDc`I;e|I5 zW-5M?APrdVCWd@7+)_<_wl#ZPKgw3hd zRxLZD+mWz^aK=ujP19Q)iG*5ep&q-`B2U_Ny?Lkpc1>?x>S2)P!A3Hg-iF!YaoQ6X zc>A6wkkItW3+*R*oVwn#s<$omc#9{x{w}@xd)}kJNUD09EwHJ#t9tlj&uxzL#IOG4 zdz7pDyYGJd6a5!I_y&=0@7&u&R8V3RDow#Z>C6Gd7mJsl7bF<49r%P-e2~IM;SGc~ zqRs4HiiH;WUWWl`I_5`d(n2qad{(b76?ZOqQ$R(&dV3^MwX!BYdVQ=Dx!Zhk}CaX-E7}?gm{4 zFVsmwl1w4{!EL^fsUCmm6$DubN_EJtODPRM^5QKSOX)DnRo7sauU2d6%_+UZ?ogOZ z{(jDJ6o4?h;9AmFkk$a?K`n=2)_5vA^8VR_3bWT3X0Rt4vot8_wPz~1ykZf1#DOiC zfwx}%Qv_)wdp}VGSt+V8%RFPOj*fKs@e=SbI_7d$=MJ2B=j3V%Z+_yYdgO#9=~fM6 zU}5oSA6iy;`_b7~q|2eTyfIJ+n9A-&YLI`C1%z2toJ2^p zTvVLvHXxM}=hk3mwMv;>W6l`zPz-;5-Bn0iZKH(DlaVeUz;wH!uE zrs|Wr-m_EBd4A%Nv;&ATc@lyB&`j#?J=2}-acUz-YtW}k_p~Dpl%DU+tkr69)n;Cr zcYc@_{QU8YG*7>}xfj z7^I+;Cq*E0fyjEn#mZqK=zLBOHwk&m^S zUcj&0X@@p42(0Oyy5733cj$V%8$M;HL(d?9Ou8>n?g8Y(ZNESc{~^0wHGM{T0Bp$T z+nO{o4j>#81QD6knB2hb-~eL&Bcu&KA9U#6Mh+ie^- zz5drf{rit!|M>mCnf`LXHByD0YpC8bQ)jYvsFVAzKo2m4&Ecsw2yTQD@G?2g0B$cke7TZOQ~kozbW#h$+*K*}J&HN3;Au9QaBz7zE|2&D!C- zQ=CrU^dDw*3^Q(JveObv=TQoX^@$=tMCYRLP|i7VBB4Owvb-InA#b0E^ajD~iMcPS z+U0C^9&Ja`uF5LRVlHOdDo?xOmnZ)Kiei!Y_%LJRJq$Af!|YkKB;(2;zD!JS zNf*kwbGsc4`dZI(em8^}=SI&SX9TcfuYZ&gz#1^SVfnFYWI=jVe(ZKM+;McF=NfTd z=z5$%Ac<@KQjbWd=~c2|eMr|koDgPiyPiP+m;aESWW}$hC(<$qxI=ozmW>PrOTCsP zK!>YdIgsAAu3y$PoT0#>>(y^UddCvpyY*^@f-7#CPqQCwAdQSnYrEDO&~0;@McL@y zT7YV9hSr<2gsYN{fp9o;I1ywBGfAqoQ9`nGGf_xyPpN`%yV;CbP|n#b@570Omq8jC zlVEX}PMa@FR%f+cX@=ZZEvbq9#O=0Xn4Mohd~@*j*e*~;fZy1)^a4rT65#S+WN=uv zG`MAQ>Me~!Z)uR;oD8h#14hfC={fVBk+e_dlO_&E*+VKu5$X8zgETX(UbL z^GvM?o1aSTsiiB?ueREO`3<2XH< z<$2@LBr%ug#$9ZnjeT|Q$c$X5Ljg4CTQ8T(u&5@H%XTOPOHvYY$q{nekE*5fbErZ# z+hbc2yEz40s(8%zO8rI@VUU5(`M-Hy53>u${ccL#+N{PWXv22zG`$18sq3w~^$w&@S}#=niKa)tOx5FC zkjqW;#4k;YfB7Y>cpsqws}y#QkbsEP-tJ8{ER-w7)C$vPzQlj~?eAd6u%4UN@|8?& zT667M(Nk+8qe?(WMIlaWL7HydYGG=n%ZUtP001BWNkl8((gx)+~(9vhRx99Cl^wm z9M-?KA-z2S--8!h)%!nG56j!hRk=SaP&y^9F)1E9A@5jLrY&gWBF!Aj$_5$=NFU-3==Kii)-hx@#?r=C@YhYf@90)8_s>ZD4 zMI~X(QbRDia^lM2Jclsb2+{ye<@0$6Gc?YU`0;lR(3z3g@x@~r%%0Wkqh&|Sun`b9tvZKb1D~|xN`qOBOE{6sJSNdC zuB-u@yIS&}qr!qh7gY~SHZ0G9Pzc$^!*CAkkCtRXSqIki@M8WIeL&OObvgc4gw zE~E4olJ}XRD><#Z2TmzOE=Itfkf++)=B0dM3M6>OY|R4EBF;bkAMC6%WAR zXXdV~YBg1r6$xJgh*;~he(Ux91rr@nYv27lbnTW@l5k$s1Q;Hm!X3og~6A zS7C2AAKyt=HwI~`CT1eH+mrS=W#e^1-BH7vI;Db`3`}hRvnqmFA%~cumIs=C4+#Ru z_t3k;mrNmhkXUVLJaF?56#f?pLTMbFi-pgG-ddyj~ zHFW)oAnjCYG+Ngj3x3f;QY;TsP)K+D&u%I^$+k`Rf3GcjB}8J?WJTJ0AkR5( z^7UIgkuPa1#G_ukfw_|VVdlj)a6I~&hTTeQhtq!wTyDrgjAAVdy2=8Ki=h9GT}LoT z1j7%|>9W*O&!AxRP(>1tW#CbBc#*)p1;w2ivi7KYEQ0}GaI{wDrPlRFLD0k00pY^> zBN$jtmXkQM8KvoQZ|6NEVARfU2TEGrdyeo>3B0(hzbLAD{7&d@DthuUJ-Mn^e))uSY5P%dRZppU#1TO}k8NBTlMk6s8;xE+;pjCcA(Ofokl_rm{%8^oh4)+1X@uV$ zSHMWMQR#+GrOiDsp4$V#DaTgJGZDpBWmx*3+&gs65X^GWYp+xHU{*sgTOPIGP1a7R zD$EcJ>&nHpTk6y0jRQQuY&ZKMJnm?hBlM>>q@q*(ou(Rhumrp+&cnJw9d zk>|l3hFLuTO9iI+$YU@=;M!JNIEGEg6RVOKmyf0LzH<@^3M$_MGX>han{$NS}V8(&J)|#}f5ab$+ zpdc-O=zi5m+GsQm?M}skXgN5b>H;|}#UhbT`L=Ad(X^|WJMY{ddgWJl`{s>cO;;`& zg9qUDYYPTRPfAZ<@&-0U`oeChaUANz(H(s@7W^eqOy}2wcSxYM1Eu$}7LbfH>8_uiOIiUOtDb=y`lP~hb_M|#GA z)rat6cB@@eBc z`Lfj?HYRZc$ISP8Qbm?8t(-prX7~K2APvE+8xA3umB|CwK~4xvOZkZD9@Li8M%N;-tOBzmrRE@*S;*2-7CbJ3V76Uplsh3SyJ@HULoiE;<#fJQ+Ym5u zk^E^-K7AlaW9A8|J2!C42}oZLGu(K>Pw*jrZkxE*!OYRx)|YJZ-W_2ek_v3-sEeWy z%;*E^{i3A8S|H+x2)YW!x&|}5mO+5fy#8sOTv7XShJwfSp0$hyi;M$HeA7zhk#730 zlTpuj@=U$`^Yj~X$BY(p@sQ_C3v^z=B3mH=lE zAl5TVtY#2c)i1Ri7wh`fmg&)q1AqHh+TH1e?mCR5rG&e~aOjao`1*QnO&YU1M4iu` zB+Uf8yoCs+Q)U$QZS5StFPuYfv5P8UF$?PTbLF+E=xW7Gwe#P z|BB6Qp|j*HeMyr7-qdNvo_nX?n5U>!7loWqNS&0lb$8e}V@sd`S5p2pvuvQpmtC zb07Oj8_H}7$+mpfkQ%bw+c&dTpD(|=w>Or1Auy8OxYB{=LKtQh`37$_v=hsVe`%7wt!$(vLcvyI{>q?5d8(f?DH}X zynFX@pEN$A1Ziw(cAIfK9(!c=!J=nncPH;Xt&AEyX*4rt)h#E^^UfTB&DSjDQ|WZb z>V5PE*SJo3P!{Sg%`v(8Z9bnrNrjYjD?E!Lw2IuzxM#zbJUnGzFc1~-cG95@D{%KG zy_N*taQ)Cj)15oRMsL`4Z14L_%;#i>GK9vC7{hVqjNIy9o*tTCz9N7*go56XxAhqs zCT<&ux)U=^7d+{c>iv8JHsbBu0ul5Ssh=Z8`&DNg0Io&9Xpm-N^3~@CY5Y7Thyry% z8`B~GH(qP%!`cpb6 zO;aY0;n)(DEUW3d{xbw=>G%V+^}08bcMZzA0QLHx1ZK1L>~gz1%Uo?wdc9t&HJtSO z-5z+Lv8Mwan@{G)LY)DCu@7#sb=q$St6TG7mOZPu^9Y0+UQ?% z#sOI6;{38f8WT%DH%Q~XsemYu2N(A9Z@s)X{;lz*adwAbb|AKGt8RhdYoowyClorI zAeil`$<`voWWTurdCWZ#_msF}u_sXV4>YYJGsYk;8GT z(U2;=e)n>hf9=>Y&+iT8%EYmMn5gu&L$OcXOU-NeH~ZsWLmGYeT`SJ%OQq9gk{ zFn1uFoAc>at`Wxbw*_aeXd?*we+6kz2Whs{7ad9Shn_u>#^kff<7hUUO?SLCRMa|Y z;`VGt6wZlUS*$J(1T&G{%w*D?^jnqQ5cVrx?rVmnrf_EBoQjBQo@(j5*@@Q}b10n@ zlgF0-Br%%NWqBYS0~5)N8r>MT+M%z)0`&8gM{Iic^EBy?HnLA{y zy?CmVH|<^a8Zy8vtWAh8=B8M-ESf)(63$~MZ|}Jo8`EzKRIaGySNyLa?eQSZv-2f` zv|1$e?2$CaI)y+gTR2a#2xgH^I(Rp_IRco8;_{9gRGdSZ?h?#em)CO*W|%wW$tUK5g#xJb6p|0d%dwdV=uUtBman+@8@^Ntq^ zeSW8eC^tZzT0K9f{b=on+aD_#cH*zAH$JA{@J?5*x;ZlxZ#o<{CV5zM%q$I08d2vZ z84%01lj}yKzx&4LxJ-bu<=j0!(-@l-mgrCXzm$+pwV`$`yQ<#u_x zV|{GFg*Dw)vVh=kZKGV_RhT*C$*z}Syy0<%gl5#qR4#cABUD@|0GU9tQt%u<=i7exSRTFTK_B=#xgypmJ#=n-HuozQc)F&;TK7Z~i9kwLY zDVjL1Dljv}-d@~{?&u2*W(yO1_Oy>W4G3dW1(-HI)Lb`U#klW1hFKxyHJMpctW=r` zurHC+ZGSf){^c!={k8go!Yg-oe*7VA@a6`8Fx)&e=lRfdCu54>-JL1%?uj7n^1HLv zZbT2#VACb{iRaDffx3*{ctKG#DHKAf59lhF#iWn~vW3|<4`#`!mfJa4|8YUNY_`JN zb7$4O(j&gC9D+fkd73OSOvIOvde<+Ab=LQjF#J`ewF@~snaD{h|Il)A9(YAwOVVjEjl%iibTGbP4dd~(ujm>P4UNMfeqo))V z;nJS6xhTa8kO)%Lg#yNn`U7G`Z+u8^e}=wza8HkpR6Vh*KPXN+Uor=E?Ic}dpLM<( zbJ9!~NXpfWvwo$}G;?=nw*s9`RkNOHx-?fdI&lVbrqbIs`{yR>haLYMJ=AZ^T4O$6 zC!GWjmh{OM|0&ifIcM#`tehk%GNWy7VqL%ZX1bov2@eEmCZ5}F46O#nZ;fjco-ja@q^V>XF{rxJ zlN~Hj&J+nvF%-77uA!&_VCK}nA|)6@p(U8Lvp$x8FhNxb!AyH6 zf>}DZV(Ey2H0j!az{92iW~Nw1s$9J!N{g&-L)mXtcCq`hDPQtE1hX0sgh##WxEsN2 zKW3i4W+3gb)sLI6#{JRw#>jfO1ij7v&ksn_VT5Yf-rF)qJeCujuU$=^;p?sRiFui+{qS9oe+|Zk~~QTG0Kftx4$Q z?%uWXbt3+)NA>tI_l+CU*pYv^4L!q-M`HsQVdGZzl_3DbIOHK~>csRx0`HDEYuA-B z7*H|-90_E}UyE0>M?oikDxJ>)s2FIKoMsIpo^M`GkVGrRDHDcWe`A@?6tY9IV%3yzuw@#CHXN`6tlg=I|+o(hxe9QS06pWt3-#nZy?uk8N(M?>4+Lq3 zQ)wJBdpiZx9gN@&kUZ+rC#gSDbwO-@=p42xdmNAZ=-ZWTJVngzPUMDks%=l?8NWI2 zi*IqJQu#*haT4HbUd+{v!VJSKdStJ+Z*GKUe(S*?O%R>16A_g%ib61(8beFXC2!71 z`>=G*TS}v5l;P(NxwZGI#T1MVv+dTE2D8YMF#9wQU&@uPBm5eeT{gNA1T#n#`nnhZ zvj6q1-<-sBe$RIVu&q^Zw6fq#aH9T=xl}lcQn?%oN6uB4Vc4MhtELw?(Dc!wTCy=& zaN#9%a;@s=NAwnaG6JU~fFKPWDDb#g$vEIqI;d+I0qnY-Sjjl>kRDWIRM#6H(-Z3T zS)89*JwIe9P<}7yokH6B1#?0{#(~Z0Q#QaX-#M8IB>7fZhhF;>PbY8A8iPX0%XUgt zW0vI7TfttB9eq?$_x z-QU20vWpyDY+Zk#v;>Qm14_n<-i}&UCGiU3+@yb9#({V5-krbw%}4aVcOQQ={Q2Wc zEI7muA=VE;T7LS}NZL-nGU^@9Bc@snU25x9x7Qk@FF9?OlXbXOU?@&mNI^tBPEn|n zmJ9S$vOKt%9jEXn#|=ft97>~36Af>))a!yV6=PRN(prZA(uf()T=E8*@17gc*sS!Q^%Lz3m|mnU>Y5N`BYo@ZXaT$ks={Z^dwYcVbpDWMom z$f1S{>=7yKIBgS+`AE%VPNfSU>IdlW(`->d9e>>KfGbOZ-8FH5_2|fE(cbC7m)(O? z51=D(Y^I&?BKSM$`o$+L^dImMt?8+HvW`{Ium|z^Q7r;{N<{^BKB^ucfF%vq;}@xW zdiy;+<$OwSvn+iQ$WX;n^r+UUdfUT#K`5EN=)>>zJ}bX5Z%U=iDcBmT+BERyX<4{A zJDZi*8t-M}rIL3G^)vI$4|k)=p)!Cy4_TKMjCl8iHf)bhqNpUb#V~9W)we;rEVu|8 z?L^&A@E^NCzu)4-7DDjDo%;20DyHhn5kcciMrlt$Nc^b&Lb;jidZ(`U96eWmU~!_O zKQ5ggT#Mic8pwJQ_1gStGjPCpSRnHTonHP3e4IVW)>#`KZSzf*(_PYFxyb2 zSp+j0DiiwF_2XmPJ(#f$Y}X0d&%H|Ec)!Wb;Bz|5)ZKiq>QkdDB4S12%m z2BR%ie^CULb6pSpkA>c&!EB*dJ_)>ObiMLUYDKSnGeZAnc8zqJ9>J3*<3CO(2K^)E^)r{T)%n`l6->9(nK)>QdSu zI|>QqkJj{dm!c<@^fW#y+LXLbINuTsOCdcCshE;5w`Pa*o!}=J#Yync5$aMxP7V_L z2}1S~e1u;lL65UDktD6@5ezSs7d^(sJ2gFFkKWTGGF=pvPg>S{?(6M#RUh4?w+TY( z3p=tuvlZk`=_=&JNfu7j(w!cNX|ZuOgRM}g-QKdM(piru>%9GLG}WfYyjzPIq#anU z0V6%RoIss$jJXN@(A)v~Wll(xVplF6j7LFs8hpQ$>w|fRZwW-QE~T>S`UAqQ=$#8a zp=77Q`adfAsCILZ9$(L;^A}h2&U^X`dsNZ8R6Ue8@Pemux%U@@CxG=d^o-#km#doB zMy}LuA8+2DG^81dpKfO5G?@4Bk?UUBCiYcEkDL6DI^iha&`i;SAnZ2z^q;MZVpy>QwM!0q<=J`4;~Dv zD?8g!kXFG#n%=c!B96u|Y`}d^1!m700pZQff&#M|w=Xa3ES?23cCRbT<5fID*w`U`VW>zrwFKvxEKgKSD05iG+9Zm&i$}Oa5 z`-OsWO5qjezuFQwZ5mlpixI&1@gu-TCo{w!zT; zsQ>K`KfWMH`$ibth$R++w4ZuUOm}uFqef#S4`HF-xL28E+>T6NlBAo9tWxeRIR9B4 zJ(M(KO1?4TKp4z~RLH&UW7dNs##@RC*qxb11RQuy)`PSf%nj(>=KQ$QJ>AY+jxRIl z5BKwS(J^^rSxozI;>5$2boipJNgTI3lpQZOZsZJ^QSY;|OY!{fu(w!(&iG4ZnCryF z1&?{7vX>LiPn0HKh8+_H`#>M4t-lhRDVgYs%X%mob{n;Lop1QHIXpFCDHrRX$&e~oY|lhk#m7f>FR!Z@xk9--O>MU- zrzX^NMNS(H94Db`n1HZMgPDY2=5|aZNxmVn#tW@Aw*$f(vHKMg0!XRj*E|_$|}>)ad00 zlB*NAJaqn7>5tam`KX?FN*~R3zD|&4GO_-SkaU5Y zzA}GeD~ei2p+fZ*QWb;Z*?#mv_-)cy|^HP9-*C`4rZdVyzJ;% z*9RZj*Y)-%^{eIKQ9bbjJw?0Trc$N1>Ga!b`aBEf)>*ra2+Z#GS4ZKQNVrt$RWF~T58NYN{FJlV3ds5+7OmT-R@);G^U^dWg4QNdFMegH-72 z!R#cEq=alp9Z4%yW87{<3DS6Psx0d;3xw`3Fy*}^1!fd+fqscgC>y8knd)P(;rIS5 zEzM^AgBBbQj-CGPQ*&fB!FoJq)gQlI zOm~i3ayL9@(Zja~>7;mmE7lA=$1jr>Z$}OA+#kE$+xsz&TMUk&eqnuKSS2)L-bFGT zHAq7-c1qs{#YFbH!~Qtq&WtCSQ`9Sr+>f|m+bKFbo-nViFPJQ45p7*+?jQM4u z6X$QWe1;coUS~`@eeBBpIeim@!Pl=eJH9!?^Kbm|YOm&rblcKu*7EUx{lbJ|*Prby~~I;g6UMS0kA2G}R*UwDjHC-MBov zxfx75_cGw3Vjd2_)PRy%3G!Zwuz#TVt4=UbNHOJXnV&;=nsah?S&>vM}uhHLS z3>;)Z!lgYDFMSxak8SCY)#NXg(eK7fgN>HtRE;D)MXXgih&tLrxm_;bjVjknygM2- zGS=|vcF4r-^yP_xPes33B=|d7sQFsz&b_}zM3bSk9GR$~$L5G>WE;eIJ1L?|0 z8n{j@wm|Ta9e|kwV0L*mkrQh$Lw#EK#f%?d7ULEVg8@D`awUyl3N!Ptw~IICKObiP zoo=O-@O@5?6RZ^`t!)IeH?XxnUJ8`;Oap2?Jg=U6cJ%eP=nW@!s*o)fe`X8QU$svf zK^0EER*+`;rXvXUI#p6UpCge7&+RqNZt(V*c>4Ccv);IkVHUa%GZTN}0hnpqS_uVa z)GrZc51QFNxF${6De&>nhVzqiSor^2!^w%^$B)kr(#~m%Xw3WP%Rw6Z-~Z(=_Mjtr6OI1Sspb<%DDe>kYoQM~LY;DXjQR8tR}HeSvMEBS zlS<;v{|eHcS%s*o`KtwKkrWEj$YfgWC-M9z!~RH~sxX_4MpuzIz|0yk-KUwiBxBDnd>}|m8!16Z=U0L>^WXpN z->8qj{hP2Jr0w=Aqt-5uebUsa|9MMz02Lh?L%en6B92i z>cmmKJP^}n6oTXBifWKnV>_M0L#vO%>|j>?89J~mAr2gGtx@ciuM_SYSxWxuFP+6!B+4s~Fp z#B+U>P>plQ+ukj&-^7NRWx26y_{NL62Wx{EHNImPb1UV+MXDB1zt+dWxo?hlMbuz! zv!?EPL_PAYa95UFt;yk}GTDdZz#S**ccY*b))|-EqGDQ~ofa+-%(UG0Oum4ZBhr+R z6z|SPlU~IU-tWl`xg~W&d&5R0WLVnf!J9$|X3x5S2g!C@1eon!1I$8)+k3IOI+C{3 zz~{kY@d z{FU6;exZ9z%@i9;{X}Lv6pyPc1DJW&X4BQL#v_=GQG6KT_|JhEgtV}|qirjNQ%xtj zfcHE1l&us8nBjNC(t=P2nEm_>^{+cf3wBIjZ(5*Zql_-Gz%J%?w&e`FHTOrnou()? z_6+=Hn3=*^F}GYE2$#im@e6G)UOtkBgS3x-_WpSD<2iokpa1-VAnmu+Y#r5wsgGR= z(*8z&{QY7iZF@A5PEi1*WgI}^@yRqd zQspobzPfC+#+l3R&7C}wE3)Lc9#$Ni`WlayY{OxzA21i7p5VcnuA~88F+X-8I3B9 zQKK@@ovV0Ji$)pD<|A?PGr{&E4cb`oGFz$|@qsr(?A`B((Aj-TNf>r{c6lC4oE zMRY@Xiw1R4*z}seAdCGGeQ={5f;3|3Dcc(S*2(x%{U$!YR8MTu7cC*vS9>t|EJe`5 zR1eaA8yd=chP)25Jr25Fn+j(>4KQ2$-k^uR&xZ{y$C6$rUGNdT{ndKgLQlPTcjw0+ zP)PRf<0R{>dOM@!eT3Y+9s+;yErw3I_C{ZLogZxX^t98tNl&clJ-S}WI1qF?Rfm6%Rvv=-S%XfC;suEG z7R}dL)6<$BeWdEE{ghrc8K<1C)lXW{TPR(xzH^h_l6=t2{^#IY*j6;!gtV5qj@j*< z$vY?6n_FpghAN!nq5M)jpR%E--R`njvl+{NL*$z!^TLST=rWx z0S|Scx~hTqCt**2o608ZLc5$+{AO$Z&N=Fl=js%ds|)43##t}4R~e0ZhwNpeA&+`_ z!%CIw1d>H4&x`t^nUY&51!hMc?Rs7a7oIr&gYq`FT%o+@xRB%qR3VRUcUBwQm-nZ1?pRAz5X=+DIC6 zVk8Orcro3%J3N#3PO`IGsexeD`spDr2Hy0oU9c%Fhr<6Q*efl;qGsCRV&89RD7EES z(Q7TihL%a!2bcBqLoJh?TC_~U%YD*5{t2SAcfa{z@z|Ji;DI15Z!9O1<-y>?PH2BQ zNc(&I&q|Os{%>cMJw10P!^QXA4snpfo?AE&Q+E5iY&IK3*6S9112Ha`L=p9RMQ~Q< znfUddc^(>%8W|RaQEc@HZ-T{oIv^yE-IoBV zxYX-uQLbztU=!YcE6&;|{+xX%?HCaO1pzxif-@hfUw>5())x3hxL>$d+nh*+DPSXY zy@gzQC$@VBJ#N^S^@^PjIRAn53JTJKpa<4rw=_JJp=@v`)RKYEs%(XZqhN7GkKI5l zYkH%uC$tUL_Jw=Mik{q{$9t%ilWCuHUk`?*(|qmu!vbHJYaJ(vz*|)Zbr|NdAq@%x zY4qKHI~!Gw^KTy9?#GveI==o&)CF77El&LsC{I~5s}@ilsQ1faIa<+QXnMP@zko|d zsn^GXZw}VucfvmP#m#pA!*t{w3fN`BSy9v}y zsto&gNeX<7j9F|=V7UkqRW?>A3rVqE&W7<4F@7F8CsCacEWrzc6lcy4IPK-tg zfSI@IF$NV+5-?5BVAkk{88EXo9AcRD6D_&7$FFS?aLD5=!vbcp?bcZj!z|HFgck6{+cA8Ifg_bLcxF}%A9MV^O_iB#!pFgu*T z8fJ_szIV0VlPB9hRc>b@X}cgX%%BxqahITTZ%YEe>}F;wl~AjMSeC<4vf?vg*Q_)2 z`m2&|xxV9K93)k}9mrK&v`p({aoV(Z>Ut`Of;3#jDHVPe@*e!0YI(-KHAVfb+WGJ6 zJ(8_u;^Lr$Tnr#%6tAZA}{E^9Y28YR|>-qA=N4yCS-O|*8|;df`f)6*U6 zXiZcV77!}W9pT^5RtdYl1ER!lb20qAqiZrYv?A`;Oqi!+Mu1eRev6{JCr?od#9 zC*%b{MU6r)lAv(0Rb&I~qmLBNat~$^)j&@O|FH z5k4z?A9MttOS?!_Pm@lhFItxM_*>xb1MhU9ZqAb4vZSXU(!(zYJ+-VSv7S=&=qEXC z7V-F5yViMzQ7Xch^dVxxAL>QnJgj>-^hUGt?b+GcNS>W`9?2&bVPH1z0R1=@sr(W; z=yJmSMGamM^{wGzxR3zfFN#K2%0ovF(EVEI@x@ryAHbDb)uZ!U@SWbMha;?a(F;Ag z&d~!nnG5s>6xO5bPm#Lb0{Rb2dLV_3F5fmr@_2jFPlPwD6;SG*-+Fj>wNny>Kf?D3 z+R&Xw<;Ri}(&l_tL_rw}VvHeJ&JU*c=`895QwKEtUJ%N&+q1@DXgF%LhW$xP?#4KE z?<9MeLGeyY9t6=ZcPS;+=_--6-{eASoxp?fR-`A><)a8IQW!$l4O zW|O#q;Uj+4^b=vntig-{nDwlN^%k#F_)vP(pix`yr)r|`^}jCjFxaGo=5O|U66_33CGT!Tfr{EZWF05MfLjh#)aimNWw9lNboza{-9~X* z+v!XyFhh5Of|~5XdJ?rXSdX69YJM^3d5_C8DoH3v0X?bfi(1Qs^-4)y){5e0gs zCM&1#DD_d-!|z?v7mp}08RDJ?v%khjnoXc`(~deo@msb(x+~v~FwD}Azzmhac+=y7 zL3rHc&_&d8AT&g2mqH??w;X@kYRFPWZp`X9iHhn2T}W3`-=<2{RO%djpmBy3f`SPL@bMJ} zfp9!;^(&hs`FuidK*nSCC;2vzrBxq#`tIyZy1ki(CUPd8X&qiS&hBhhQ-o(im5~E= z^_IPa7~Uc283cHCy9JXWdu9}#ePZ-tSc60=eiIjoqke209;9`$;?!Jw)=-Kv zmw-xn#2mh?fXz{(>qcQ!Cd~TvRlu(taCsB%5BJTe12Q}{pP-Iq{h$u+(j?AX0Y`8> zu?aQla*^$Fy3-Vr`RSqj$&GkGo}PqG6=jxA5eOMc0~^v z2a2l0ypeW_%oS8kzA^_~QO!0005z`cwBy012506I|JoVAPtv~lsyC4EuT(~s$C z&6Hd-m3~}LC&g!(+0NN-*nj%hfBpA={>JbHxfVMobHErS3|q-%QOLH#0w0G@bv zX`h5$Ndu5>f?n6#RK5LCeReQvASB4LB#-0#!>vn%4Nbw!N-<$q%7aigp6oaU8b(HE zv-V}4L-oGqkEN>3DJhVU_|GNW!5Y8I#_-C@&i7hU$YA!xScYTv5zHzGW;Z!1h_iO$ z@&D|(0<%);oc37AI%KQ2BbZroq=!H-6MW{pbv)qU|4bW;ThO}x}&Fc+_rY=vw?seX7Tvv z{VM8m1PMKKvvks9Rijft1Z*PM!i-Z)S)vN#Z+6S!HKa$;{ z(4PAk@(iFt4nt+xbSlQOUY2F&=2Eqp%~{ke+|Y?O8neQk)El+ZO6h&r1! z#uOgI!s5x!PR4Cr?TBO2uvh(7WxN+=H>D!;T76dki%0XBIJyFtT?rB19WsA@?*z8g zH(KL~JlXNH%>gV!yKteaqUQRgC}mFuERtm~=I(;GFtaiKrB zueS+e)%!HoYA0_KfB7Cge)li`_~oKBe%@)OL)ypl;9rY6o_EJ3^VUO|X?fVY!&*g#NYuA47fquX2+V#0uy*{9)*7aC+HXxJANEHLM>w>X4UiXv^2MAkfSDP?j5VW3ub|EZ z69{IIwI0Dt2AEyVc?2`xVQ8lZOEdsxcb)<+Z=gSk{8Cc@`>MwD@SkzmPf9Y?-N|&^UL%{EBd4L569nMugM2G zj2C(v_I;^7Bh@D7GdAO2es`z0^Y(3uUBFC~HJE*~+2{Zv&hPiLsb;!R$SQ!=k+I?a z+V$(RsQHiS7Z>khr6sthx2>0l#m!M_@{;~R3y#Nfcj7&sTYql5J%^wm=~O$U@#r*ajV9x z-F8GA*@8hRT}MXe9eVSq(c2C=y8T|IHEhY1meiA^L^G@Jx24MiF-Ino&5pYzNsUUS z(eJPjKXKOns50sI6D!$P7{gU%pPSDaF5hhoFQri>laMQW{K|kEA`loTbkpKW707*naROu7Pc&+)}ZTI1vdqsq{x?O>1412QFk`U~#d2U`!)}PpZ zp36?#Lb`bliye!_i?3(DQ2$k%+2)c>^V9draPlADfB!%JXb^&X#n>8Qq-^7a%1h`$~8~S)|h#xb=KcJUk4S&_hB#) zsrz@ao)nTwSAp;d*4-e7sis24VS@lK>JhS@mGt-x$Y+BVEthKr9It&B915*b;#W|ntSU~7zULXsbb znTdH-cahVr4xul zpOjMQgWtYQpBK(c@udxokd7dfYG#eZg^SMGX`0TaOV^G}#?hBs5aW$TjYeZMOtet{ z(;6%2Zfi%uVv)WmLe9NRtA(IfaVR?j81Ly&hUIGA-31P6=1u~2*Sg(=Vcbw4?6e!#?q9piCd>N$KS<_nig7_DVElb?Il8Z>4lr!sE{4`s*UcIMI%XP7q~ zl6tC5OFGlp!g<#A)yeQ{4$|zDP^+7g4&>6P743Yf;3vl<~fctcN?w!%|k(Krov1Wgt&x1nbCDI8S(jXS5JRlrrru_a z_6x)@ql>1E>C(Oevr1osS)-TfH5%i*dAhhQ1X*-lP!M-J6qsccnDPGoK8D$38D{Ls zPoqk=+r4yjrQRWnqBI${qdLOcI!L7DtQcl3471u7h8e>H%$V20Y5Y|dkALk zJbI~PB<)Y#`}gTWVVeEwCHhzGlV+sE>eh2sSr}*Sbo`4?c-|j%FtM=>wrGn<*KqZH zSrppvH79qI zUZd~xr_vv&^!eLTsnhACLe|JVW-#89of14!_|Fc@GoKi4chYF|$K4^`KI9HvU1q`z zTPoz9sD_U1?Xip~ z2V?dVH|$A5UCsHNizj4R>WvR0f2DmdHU4!}W6^cVNA!NI?`qf>vtU>B#$@uFOHbOz z6G@|QO55sR-Ddt*9i$oQ_ob(~X86ays4*HuY5!{YtC@B{S>hj_PzX%}$ufAYB1@naRlgaZhed5<7E$ypyUZ`uWz^`*>WG>ktO?cYkL$KkrPF?e=VTBgx~PY7!g=+hjV$ z!ZxAErhOY*e)NKW3wz+=L;{TI3icncZb{nPn$JxUzaOl7s#!Hevqk9w^kt{b7?_QN z-}vHu{`uU$)0_CTc)ezdm73|}_J>P(BwtP%vOH=yID@Z08cA-J)Y*C_6&8Jdt>y#!V z9@Q@$t?4(slh~vuHtKPZrsd6EsO*F`Yhl;*c1^WGZ``C`yh!LTZqnOdtGCh7)YHom z4gd80U;a&deE%2I(?e-Ir&gRV7titYlrfMk5a6}qBG&Ggas6T&*N)cj@3Q{rXV)*? z90;OfI7rJxHdR%=miNqHmRHRoZ`VK4ZalAsSbyqB?dsVtEJCu}7MdNiax1*4w?>!! zfU2_0;jkgMy8C9InaQVx0l=)%nCz4U46{0d8NZ2TH6T@F>4EDhzt@uX81__>uOm9l zSPf)xn#l~F(vqmGq8LX4hNOqvk zTYTp_%4~-`6in92Z+uc|2SrudaF)d3931Lhm7;(c^^iyc@ums^ zBZ65{$f<*989E$}jk+~OEQEyLR0mMkIG~|pqep(qdx;}=RJ0w|#VYaT- z6k&c*SVO<0g!2!ku|0Uiye&0`+jBgvQDaQ(bk@!pZ637*5gw0L4?Wr_f`=5EETVoW zD`>scsHQh=(rYi;^cQK*!mi$SUr#UT?T_o#i~~_kulan_+6UPe-$yqA-=GibdV1;m z-`6ir@oYVzV%c-Cu6Mc4eNRX4hJV!u(*Et={_b~AuS$ay*uGPD7^>RmMP>`v4?dnQ zi%C@F>N#@pd-b1W(~q>fr2Awq9Lsh6#dGzV1OJj4Or> z*O=X&d*h<0Pw^@0bqnfk^=Q*0N9ZdC>8hVGeQT_1x7ssKIPz2_TpyMZs3hN0`ms|Jo*)9kwbV!ra^G=BXGn_f2X0oEMI@~tvNrk5<_$AQ&wXfDk$RMDRh0HbMTU-86Ay?E| zNKf#-1ALTTBMYI!X-Th@yd^!oK~HbgD;Wp0^V>YS>AYTZmPo2+9C$=eER*-Xp3p0w zP0JYalz#1#mi1KO4OVBnSI@wwATk|TO~m(LXalT7D3wPNBDX=E87Dix~ybTD3`OvQ&-unu#qCqlF{6%XC);id zt^g3fc#YMJbrHb4jlpT@;tz zxzH=aHa4efS8reFDWu042V53)FR#s_9R<-Tg1QQC&w(TSeL%0cGOp+?t9s+}^!5#U z+M@Wk-qR}=z-L{tj6FhUb>+mg zi2<0|wDZ#hT~D^#O&Hrsc|_-Vr&_cKQ>))CRSr3h3$?|g; z_P+>bdll&#)#aNrX&-0kgg?BfM$*bR6YAACz|8c}PTk$%a0O;Ho&}h-mSNU&`*=R4 z!c6Y%zWIg0%oJf$9)MZ7IY&Q$^Cc=3M;K2vLx|QXwA)G7fpe*HD;R+)sw5UUAai2& z1i{Ro%I1{vxdMZQUMcLrw+p*gK9$N{d|a<=tg=6*zrd9Pf;38lA0SUbhE0bhBGCt< z21{IuZL4|>mQHma%bMP<*Gzb)u2<@daiOQwqlff5+4ahuJ3c>o=6sPq@^woQ?=Ok% za#Lix!ct#j3!-3;1dGI>lGiJURTdgE3UPMPPmmrNt_rqHBO8SeAjjm9a& zXRzRuiQ5Nd3j24t1Tpab{dp(y&`CLew{p6=L!99ZtXmq5V1{4>t9Ua$KgWb8a?i2j zJG{OQ|H38*OpLesp*#?&qL7Z&z+U94A??3We-mfTii0*uxB?cJ1^mGXDo}LcvIicC z7VvgKF&agR=a2%V=1-A0N~4$b=m?Mk`Xaalp*Y;-!Y(^D3S5aE(_3`?dz#Sn@Zsc& z{=E&-p&*&XQ%}}i=zt`nVEFwWeIy0>SV_u-y@v>jq>5k{4etNo6>5i=tLUOYZ!0== zy;ITKi>ltJ=npi#WuXUuBu%fMAKdN1gOpg(6GixDt9lpc->Z636wgm0PZeRqzkmN9 zdXVVK7W^g!VuGUmT}3*jEpx8UFEK{_?xO{Kvl=ehZEgTuLkp6zwD_Ckd8z z7wDEaN!ad>E&z0g-{gU2(c6BU04qm z(@s*m`A)FkCa}JU^-yXQeNoY0Jfa74BTY{hi@3ZgdZ$*nge>Y>aptb<-V}x~@#H`h zP$&n+RxWC4tV5J$D?$-Lbs@q;s-lSRFFK_QqVT9N5DQgrtvQ&@2F<2N5XEUik~1u0 zVmh$6O%#%Ko6$zv5X{WL+qn1B%eHriy9j1i+;wBL%`w=W5%saM7-m6>6JX{H==PqQ zXgHQmSMzuxn9WyUmhjCXpny z^siml+woJX9!RvTx2t;X{1oVoSPvyN3Vv-C7lIkU4>#;K;4Oxq2g+vve`LUg>x+?o z9{~8-APiG$+6KK5>oHtOT~9t+k6pWP<#5tUeJtM7d*EA>s-8k6{F$xYS1d&+U_k#c zA)zc30cI3V1Q09&yj=iqa_RoMAa=4thhJ+6kcy1jm-O_Ko>CeUq}N*x7rMVlZ^L^0 z;&RL60+J#lllmcxa~MdgT}dn647X~|rmj{1_%2-2#@vl;5hC+h?u z2x&9NERX!ZV4v=x0}&@N?#cbrJY(8%?D;t>!fBnNz<1o!zP-H}Oj+i^iNe!X&%L}$ zoR1uCyC*X0cTR@zXKM)C9n1-7c+Fzp++SMHlV_{to13;^A*$AIc=JxP+8<5Ac;7s% zvdf|-CFw+^mqxLYlcJoc!9gVkA9-vjNbt`(F^C{Xh8ef1tzv?R#aEW|;qv@4x@u@4o;3-yuzG4Fzdp-2-OjHeeh6{xs_D zQP2(7ZXvvg?~)~I3p(H9-y21j;GX_K(<7M^t`wZYrt4kg`(?coYUYxj()94EQr?ih z2zvNtoAgescWUQ%YI;i3lfpFii3ukvjqMH7owa#&))v4QJeRFjDIt55%PA*=@{_c6 zOr|EpaOgQwxxcjMxICCS<7V5e+#U#?fRG&A$)lm~6HW%*h90MIY%|t{bo|vY+jWek zO5(C74^Mpzv-{J&pE2iVVn8j=iYN0nGm<^gd zWBO%3VDbo+j*uYcAcur4>QeZR$WB^TS`N7RD*ru;mLTd;c#hslYAwfsdRNtVf;;e1 z%c1D0rIzNtUTJ9#=;fAXMX$9?l<}3jJ72#ht(nXfkAM=@MmfW-GPiQ3Dnp$K@x%rlvn%<0RRwIpO(W_Fw+jrBg(f0>b*P{M` zPp#?iJSQ&PeMvj3T=l+mS7s#fBQEDW&+k0v_IoOgM&&fV)opZlc_E_8x*By_`S77H zSJ&r@lj57*!v3_sAWd!tpq1S%6bIb~>VdWfSHazz{bF$wW;rG4S%qjdSc>9RF8Zo0 zXGWb@p6yZj;^O`L@>e)7l_Vu(bWX|Gwd|4sU7DLnnK>>sh4vH?P!(KCyd#~bb;0aa z_*CA=c8PzPC-i)E55N;syxmBE<}!atD~Q(!0}sRU5ktUR7kwsYZ^=+*PC5gha?YKc z;z8qa1)iYS;A7+x{`xMwOYM*D-1ut=fBVhBC-~TNe79As1nX50H0})rmn9$|bV{_$+>&v+UA2IPTjPG2kUky(icsv2% zHols{I~lDXJYz|D13zBIYg+KD@iDq-lf=!&acgfykOmz&1?+*$q)(!ZQm13M3Z3{y zs((AoSCu@@rIAnR^;@qiZ6y&+Lhd^hkoo2I`{T+>D_#ZLNvo=SSU)+7%5c<%v6OSkHm+@1BpzUTu2LZgc2M&-Waf)2RL7FX1!&i6Vkr4)rlcb3! zjjxC~e85Dpx8b!r$!dN6`kaa9OgsnIBA1_sy%W!V44%9z$SY8XP!E`}T`F z6gVuFzy0p}|D5}L|GWSDW2DtUob3mF@a~6F5=9$j#f2<`GYf+=D}vKsDPR^sz_bGL z{`iH;zY|X~Y1TD1@3an2&e>;R8P9SAMc|$arZaUpgD6#mE8#Uia(ivk&l9n@d+O53l@b@IM z+MG20&?h zqV)X8EE-2-roezm{*bM9s;WU|Y645il;pBTX5_qOutv?1x^t6C9S3P*JeN07EATU9 zzy@YK;Z}U$PW+S^*}5vH?xeiw^#gPEybe#U@l5kh>{H?M?Ii!agS2qGnkM^nR-f2_r#O8-~(&$h|Gxm6u-LVSSx1xsYcR18>uqQy4_CL-D$gH>o zHo3-!dd1$2L(`_^ZD+@=t&q(p#N#&a*2d`&bwq*K4uofCtx~wdHk)ZbeqAmmC)53Y zTd70#`F=T}1!;bn$ffV2*dmXjxU4(!Pppysv(7jGz0YR&)!n07|M9~&-~8PVUwre; zx3})slq~=K{r7+Wp9@ji_kaBeDUQ#k+ZF!qi>;L6R8;Dj$=8w$E$CMLS?MH6lMkQwS@#i!p%@4|xZB_gw7Wq`@7wK;5@1*x(-JxgYz+oatk3D%np zt{mDjTi!D~E+8@sPY{_!H#e>>3q?d`t>XUkBQvWnm`*0sbtMDit@*#OG+qw$lfzZ&$bex>}}3L23abEi(< z`iujgXe8}(wJpcAAg%pjbZdqD*s3+ed}zO0IRou8I18(4_Z=dS z{`Z++^Eh^PcS7E+!eGz$q@B+vxEN|1P*m0~Yn`=R649EXsVTUWq=U!9gqWW7>%Hb60F^_>=cSOD@KiYp^195x$_)B%c@#W&Ha|6oN2jT zUZLw8QRGB0$x@m}p?;An=Mp}icO;o~S{sG4`|IjqaCsz6ikC{Z+Wfk>;3&Br)i;2K zeUrqfy4z~)1~Hj6dO_jrcrYrfv+nzqqMqy1o$JWVd(f@)b_M8jO4jTUky#XznJCyM zaZF~X#n$fAYH>e-W~5|mwlSIE*BvE^a$lv!1T4l!F*BBb^mJYm^u6?H^RMx2=SfJE;UPWJz^_em;J$=O7Ya^Jsl2uTOrYQ z)~K|VdC#<$)2QPpy?gf#=SHus=zrRFhLy@NB=WB$UW}dH$@E2y)`=tM+hCR##;C+=Db(O?Sfl^Ac{KF&ZHnZxS6}G>2j| z^5;lqADg@LgwISMz(TAh!QL~iHC38+E%ObDi(!u3{D#=!A zI;6!(1EJFqjDaNe!g&(vLS6vLySF3o{A90JD11=Nj03PnfIe(`YLX~g!h2g=JCl`5 zRz=6gpwK&j)f|##vv3AUF8J`(QE$U5y^?BtbideWZ9ZN1Q?dqwlSc<>*|e-=7{-NH zC!$_G6)?03b5T6oxqEqeR4De%Owan+sm?S$La{QPE7?$g*ee9vvN2q{N&%ZS4_4?{ ze>{Hn$#9UyvbX9wFX@7RGCa5L`PbqpwLJ2o_*l9lLBMDC$sl0)+lqlS7)lF0d??NG z?_YeOXQKMn^7*-(2`ttZcdNqxvQGIO_|(Jj(+mQzMl#KjX@a>oUauw-pHbyzP~fAN zm8}(hD@jP?>U1QZ$p^G71?)`50WHBg#RN>zaBcNYiXf>-HAwUo#>h~>wlydYHg++Y-4uF|cU`i+Jn9`_RSQ0TP-wKad{0Ma;mSE{T>t9-PqV~6^nyYpD2p&mb-$!onfok+JA}2 zaj#q1M*KE;IcOCM8`_R{$JVgY+IuoR7~a}U+8%o`)YK#+M4G{RQDmOhv{}F~oav~~ zW3irA8pT5E0#ApMw9`Kt$*{5 z6j`sO@l5&auY|t(O8?3@$dB7QuBcbWKhTmy=1> zti!-~I;Cng>Nsm02pXBe`5+>*w$Ao0{A4s;)yV9iTP$`reHKyVm&3I1&Lxo9O`PY0 zgTk(em~!0Rgr7;S6%tY@11JjJs!%nK*$?RFKX z(teIXniQ|*{PMZii+Y@z5H0dwXKaDY2(wB8v~#iiSL2O~(KGcsHmaOnXqkxFmSYKT zchX-4h_T!4&rmuH8Lxq_r$0J(=f{qu)$5r&9dlDMipBcxkADrHfB1)g_{V?zN9_;v z7kqwQxELk<<-=-lR7d?Hl2%aYHtNifhGg@u+>t5qQnng0fRMc|%%dRfprjCSUGUIq zO{fYD?hU(V?dXVhmweuhO0nDR4!Xt4#%?fVTNVhCB;n<7Q0eZ7VrWp@6-A48P}vwZ zdZ6L`&SDXzgW{3xLA_6jU)u$dtigovcq^TRN~LP9ogNAOKTu?dn04cj9gX{FZl3g z5ydFdQV>&Zt00}_*EBt_y*OV2|Rnt}EWyvP`GnpHy0J%U$zbcc$ zc=+X4oV%ULrH$M9}^fUYOx~<*0UyXTzyDrTAH6KcTP=v8Iz* zr>xTE^PnRaT@5=nS|*w8?EslcOY|b_4hOB)o+x_H8dr$S9E0M)WdkQ9kYLhtqd1#s z%qP?&m7W$Z2{mBMoPIO?Jm8If7&v{E=b*f=enGg!8mvVR4h ziS09>GYdp@%z4wTj80$)3vtm_GuV^IdP{)t`31bjL|AJc`|mnDCIc61;z`Y(DIISx z1^y-M@dP}wPZXqqPK?QKTH*j!yFNUH;c2K(Kv6g&6Kn7xVd6;xPt4=54ZI!y@*a3n z!&3`*w^PTnhNoesMxM{f<-^0nKw32R>)(G$rR_w5*m7 zN2Bk~K72qt0-@UR%m?IpKBN=gVAJ0(qwa1x&AF6vyI(HN3{&xm^vdiyVb4jkWYgmx z9)x9i3*xo2QCl(AwDDp`R%BFsTujq}9%tmLcfU{^?(T--q02&{((P?zm*yi7bqS%J zVc|-Ywu;@5#b?_pw)QrQ-KZ#uzPK$M-Yj&z58^eS%@OykJ?YczzV?_2e_uC)`%zm!Y8eD*4q4JH9z?D=7VA>`8Ip^Dj`bAppTjd#Jcwvxyq0kQRSwp@ z_9J2=X+Mqd5fd+K83*1_3^#_S1~pM`jCG??R|Lopbe-Xr6zD+1RRIsV2hdgDxLj0z ziYG};1RtH$@D#$2r+B+l$7>l4(DP_`3hyQX$y4yY zEQF~zg8<;|I$p~-U`O^g#cLS>A{^vl06aO1$LiY}9(37V%XpWLN0z{hSrBcfT)9!& z#Osx*+!sb)KTH!Dk=gn{>?z2sCWU=IM-@d0h|F?i-o-%OaO1pERxp`u z*nE@lq?8Uo45E1^wokj}nNXP#mQLrCbSGS^g|lf?S9V;PwB8bEc&F*fc2@*wfyRkf zINg88BpI8#{u|0*3Jq`9@yHm#o*AR10le-BV~vR*z?9PA-I$^|l7%YmP4b;f~DI+8{+sPhYIw(WNL z@VoE!_b-p$!$zgX`{M5#@6jLlulMgi$lJD1HP?oe12W>%I;E(GrSL4Tjh5D^!C700 z%XNH`g#39j5d>TCQt31@4?Au5%S!p;?S~JW0_rnMuWYXm{gD2H#e(j37fv4r zM=UJiuq$fW?Zwk8lTlla0e@*p%b@+6!v_e$g-_^-}@; z`W&OY@rstsVlTM3w!za$%I$Inr%%N7<%IO4ByMQYEypn}i$Z{e0TQP@BOj)#UZ0ic zt<^RV7P^B|&&5|)R8?s@M4@zEzGy=t;y0PPT~_7lj0_7ON+(v689@Yr%&Zgi0W#Z* z+xEJJBl%)vEa~7K=PZnYIN^QK^U!j?z27PvIKmUFh{)`8P%IW8{rKV#dwipNcGNfv zz3jGbY?G~4rFa$+4!S5X6Lx!peMDxJ>_dVyDc(Fh_tfs#I1mm$hRkXbf09NGU$cYA zENze(C4)HnhqqgC6vx&iTa&88_$Rr*KX8;zyAhb{gz@-gvaHbL)bm&1-3D_Rp06ct z#JL#P9!WdTrI}bJlaXccs*A(T&8_d=zF+!$`0(MP zYV#)5vZ@>+a0UhJd081{C8HxI@j}$>wn5eh^q<7PlHP^ArI1JB#mP3h_OLf-Ra!9W z-{@VpiKxLK9>+;3$=2;y7IW87`p5hiASI!b2ny1jn2_f&9v~)Ug>FWzVOuoY zsh-DREe9Qe(aeiJR&=yVpKrTmN?Tfm+F!h+C*Z=93G8{5KryvkdVzPdzDmMwC=Nn? zoCSRWujNX2=_%4#fZV|2 zCLW*Ep9g*LSNNBAD~EX?P}H9L8vtnmTW$5t;e1 z_KKAcH(`G+c2;JJCucpMbsL_HkH*@?Tqb$kfyXzGxb$Cg?j=0z=E7^}VA@M(MtqVp z$kJdsgPhP;?swCNbSgj&f6{ryIX@|1Jostj~heBgO&nGukPBL&PPXT zI{uh_R(!mAo;(S|YuQdpxqN_y{W)Z0?2^^A&h?IFW^C-((f8b86hY^jemVX6OF`?F zM02u%Vwdr(d7z~RFpt*ZQ}@D?^LRp5>r<4b>ulgT6VJ_Ef}O(?_rr5{;@6$L6Q4W$ z;frZ%PRnN>AEfQ93(|^~kL1moC*dxu@*C19bi`)$4iIUWV1RfR?5|=xk41C6@?^<(dx|XB?4pw{hJ|aDxD+Kxm2qBmP>d$RnnD4 z+{9$m{)IBCPNWiaALdLJb)9878L|a4Dov&kL&F6llyW$#c62g>d(My#FTJyVE(8UO zXK&+Fuvl!T!$GCeDqu1@12XHCk~8v7|cr8=L zlsuSYD)%3+E1f4h;dheA3nwMK zTNV{D7a60t*AQuPRJG`6-jWdI#d1knCYlLdx;%PbH_T?0<;{OJwQTY>OT8PvV5xOg z+bo}2LwVEdr{*ksicj4OPuz)L;W_uj)5<7ed!|8}FTo-*qsZ0IztD0J^DV)h_!TY3 zBU`2jO*3=&A3x)Ouf}(hug?)xp(w3=@!|c4??x&P%FIu{-*1=E|Jwd$m8jE^ToSP& zei8H&HCO7`@O(rSa(QYSJOyu}WAm1Fx6byrE?bS({>H{xrP4cs^yl3zM>xAVJS%iJ z9WUl07b#jjC*4edaR&%ePU^d*45pMs@32)l+Pn(s(-5^+JA>kZck&KIJT}g{M^~r& zSMVd@pfW(gU;}kM8?9cYF$_(f)XI3T|LsNdQTpGA#Jz&GW_2V+1S{K3T~6}6T8--? zlZkp@l}bzCFjr!eU&gh<;XO(D8OS#O+;!5>=k?Jvf%+FeJYw$vZ~5mnyE})LM-W@} zoMMPy_=lwBav$dW-?mF(srF8^CAJgrsVe2VF71&*RLL;u^Ydi2R86|sT(guYB@(6U zR^bK(S0~BW$u#cv)=`+&ZgyVFt`+w=RIaO~9K~>m%p&PDPEaZRL?ng0FfC(aPnv( z&Yu;tmq2ExAwz2fQmE{E5qnpN^f-d-ea zwa1ZJR*-7pc;cM6KBP?TEB3rvit1CU2{y7?MLJ#0B@=ON9Z5}S9zKJF8b5cPG;HB= zTPgXT=UAHLNi>u6&zH=8^pP~wY}6cyYPwFlU2kAv+65jq>$lMd|DlO+s46;zVl~xI zyXf3&lA@uIIj4+*H}x=qx}917+rEs|h!QLb0;1DHlni<*EW(_3;F#FSKK`hJ8MK zVzY5vYz@xN&U(Wu@718t+kVod#IT9jO?V$A)DRA%=kz7gWk?Fe%+!Cvm`4>8@-#?G zP1PWoOfsH`8k^2|q26|-{!fth=uhf=_(VaP)$-Tx|M35i+pqn=?k5%nOy4?Bhp*dkQ3B}zFh zkL)-mtH`+&WkvFi7%1PW&PagCH3>V7r)Fu?Nku*U5+bwcH6pWfOlG__=tg7~Xd+dtv>HI zkQrX3W!c4K)4az4BP6(AT9CH$>DHuKu-J`TmECTa(^)@6yms;S zLK8<*%c}M#3egl4z?BhMDs_gc!`>_xtihvjScf`dLbQrJwBJ_};jm!quy_DYIV%>= z_FwL7I~-oG!#1&q`^CYj0I5%2iTr7ywQCjUgvBN63y&vyV)J-BlgaWHOGy-NhOI^y zry&=4Uwpr{rH^O92p%uJ!%QgI4jRSFAbwTBC-L4v<3N1U+{DPpq6ypMbR{LLCmdAX z_EC$JpVmLE(#CaBkT$jBbS_62VtS**i?Hc_yl|*K1KH+Zz)0Hp^$$h{rf#_3b<$YEI2iBwk%G?TFmqO-O_!!|*C9XaFnTg^-v3rW?hZn`0O5vqdTnNN`n9KwqvlT=6V)*5- zTWswhGOLOF#CA~G(ge{!vj}vRah7aJ*eDi6+kjBaW=exbr=lwa8 z*-tT&COJlBHBW-VQJu>86|FC;eN=oP%ZG=uEN9?9+MdbCnw*G}q9`I)NBz%3=b@^~ z8Kr-5SSp>nl{WN#%h$a|cU$n4ny_CHM%a8ugB>IGl5Cg7!Omo|AVVZcFMxel=eVm` zJ&uh+WygZpS@1%-0WZI}R|&;x8^zYkxK+C+FNu?3V<@c2n)i{MRFlGZH5@S>e z=Qiq>bO)C4`Vkko1&@vhv+~#D$L{fMc-DNf75MdUf-Fxi+rMkQe~Y3s8SzhsiohBO zg3VP?)FXJXH`nxK5c(keQDrwQS!?lRS^dhiPnOEm&G|R;=A6sLx)GbvjLR--iw!s@ zWv{d6ezn~`yw=F9eW6rKBNmaFf_kU)S);WlOcLjU2$E%}S2*lW$xJ{I+m280Eo`5Z z!oC;l$jn-sI5sPVJqsi;$Zib^gPE~;bEO);S*+aHbTX49(YoI_6T;F{vKgY>$C8sG5k+m<%#kz~5pip){DI73kTilLk_o|TZl0*Uv*lzGIi_wbIv(54 zc+s8%Q%VX<$?RVEukOHW83&f^nV6*v(mXQec5lH?J@XE{`yTieznsGx*h`nY=*7QeaiP;I0|EFZL67ODY$yVS|%Q0TYM{aAGR^S=KlBjiJw*TW3j-)x7 zvdplNH;0G}?S2%4!O$5F%VY@B4i67OqC=_Eh}39jy`I4mbR1o;(^Mqwq~$gYzR3(1 zKv7z|je5Uop3cbqR-*-3PMYnJHaa9uj)oJ_q@P`MesJJ@kcKudzO1x@7G4aVwTi{F zofQMRyfi%S+AQW(dEaTJIM|wqPn##>(U}LVrE*`*kW40{Yfm#Exj`wcF#*y+0%@Tf0>v$6VQqy|Y@F++_#!G2mAv}d0g=6ggJl?*?x%?U)B;T}01Qj3+&zbnK z-A_&N<288m`os(#y)WLVNv^pC78 z3vE>X5*}S_T5~J#ZY>O6g{S2 z7Z+`X;aC|FS-al{GNa`7`vwXE#dpZqaui?Ry{f6gLy65BTbDBN-XYibk&vWy5 zWL$Y|(*WQx6GgzXxuxp|I0(|*Gxj_~d7AyW{Ra6t{eG>jH}O-?#N@h+XV&5=13&XT z%XoCLDW9*$J7u*W5yWR1q)n=r%s{VB>oe*4)ZDb?2vB}Xt4tTA)fbk1XH0wG=3AP; zT+6Y5pKF<7>+r10XgLB{azp1g4NuPCW$q_fljb?8rrnWz2E}FdJnhWjF*Mol_sjSI zMQ)U=por}aax6-Avml`dy32JKRzoC8!^$)nl>8{v{k(u}SOL3TZl4|9SoxYY)YSJq ziN2$wXuqSgVp(4y-MY1e}60Z zd{$EO;lyFTO<~POthlbJMPJiwRo9LaJ9Wyb>nM*iP!F$zrE^!+G3~DN*-|1w)B%Nw zgajRHy!gY76|G4v;{c^)5P&-Y9bg^nDc*S}o>|5-3;2wZ3AiXMQUkJslsyl*2LgGV zdjLmkc1`qIQ*$Ocf(*DcU2QBVi?xcl0EmF+BRU?t2k1bf>%+-qJUPWvl#ZvT_?Zj^ z`jeS>5Y0F7ST&7f?I}eUv;9`IJdTAx&-M@VG1~9``j}a&+6!qs%SZqKAOJ~3K~(Sd zIhAqhiv75JaBM%u?+bwslh-pWXoYQNh`{*qGJc#layhKP2XMxLlu@1mCMA6v$cv4lWwboQZ*h40e2G>RUnT(cB(ypY!U)3AlRY?Ev?&1#D7 zP`@dco@4@ZHdZ*tsVK1hF!liJq+(;3>x2v-85E-GWCqQ;PG&4?xBC&9omx=^dYig` zq9Cm|B{Ru(Gi)3mJ#5wx?|d4bhAi8S%5ZCEC7JQtgVyZoSIMT6*~ZTEA+wq<@uuId zk4Zz}AC$#F8n!h_`qsBY2@C}o(yLkfV>2G6YtjWc7)Fu83%N-oS{4?*7bMl z83C{w9?j~rN;7!(ES|u4w}E#WcxoPxU1Ex-jf?|!BSV3PXPr9UY&jP3jFzFGuJ+qi zfq#xsS~$C%#AK%P53Nz~jAsG`XbS&d8TA!#E#uv0OMnhEyn6w!wH$UcBZH2gZ<*+6 z#sU1xnG6oIEe)gLS7#jfv?FOSmX@qjs831z5B(HOYQi6xdL05Z^sjoRF4s};R<}Ey zvOKE3&YhpHY@Q@G=40FJIdR>>;g?= z6ht`PZjkX!p(s5K3v2iq&kM~mBwq*Zy?nA%f+T^WCs+z45;eS7h37@vh^=0$a@|Re zQ7xcrpo<~A+wF!V2B4wt6j%@4uhPvi^tfzyI6hF&C|c zLr~NH80m7_agmK7n=8C;43$5w63TpECy7W%e_ss`X}vVOeIAc%nlkaUhIixgwC4d& z&)_wCn8PC;Tf*Zz+3}N^_-RegT_4^AyapZMhwh8RJGI zo>ArW`L*9kF?Mwnei~|-edK#g4 zjA2=qKXZ6^SVvFghsjPEJ)hGr*AEZlqZTrJKoQwVKSK@DlPkWVG%zgXP9! z+<7yxec8RJ2Z+3St|tgE1R|wSZ#c^=A_~$DmV&ff$MGe8v(oBy3x(FuyN(fg-$7-= zrs+m%AB*L*SRAw(M~@x;wPkHjlMjuL68*MZ$Ab5SuCmX7sI-z3M9E{b#ZQuITV_(I zcaf2ECsv=&XXQoyRX8{*2@|PS3&%qz$#SmL?kiCKc$@&#nIY7-R zGm9VNqnQ3n=x%b__1EF^vv~U(me8Mvz8BsJC2N!v^xNRcQ2C_FXW#wS@_1sCEL;DC z!n8m9;qU+c?@@&I{r82(1b&jlPe%QIS%&T-t`bO%%Ho%Ek)YTQ{YVB6g~2P4dSO#0 z-frS!kkmLnu}ZJ$jq8OJDVjlKH59pU!tU2;~v3S&vwl4wjGn4BV}rGot!*H5`M`{x$% zQ_IfJ%$T0MfQN|^m)>$L;@>Reop5tz0dKYhb9i#8W%}rh1HbwjeefS&|LUPZn#5-b zl>!Yy7AHf9p=j0phN7r9aBz(cC=g&-)b(|tm`yD!=~0eI5s*#871MRcLG;-jAzmk< zyM3#B`l(!VT)iSbDwwdLr2p&E`l( zK^zT>a09Mf2Wxs-1)JdUB@!KwQhOC0Dc9|?TWzb_ekv@wjh8^fk*-T^Tpzw-^b7(n zJxPFpCrms!hj*Fy$nwP&@BvxRI1n*(nz23TD<%8(X&vsPop#0^aH^@is#B<60e?^=n=qe-$t+m8KN6tP-PKnk1p2h{fjduM^(w z%CFx?(!^LHwr#UkA%$Od&nB~Ec3Np{EMD^}KG88&E+FjfAlceoIYZr#^ zB*|uw*+HXlb5rR?E$<#RMOjLhJWnysQsX;Hx$cV5nkBKOy)pD_!D@1g^CYiBDec_sjm`Md9CbMwHo#ydVOPa^Kr+97-&n)4m z83$(g%_Orq`!PiDXHU-KQzo9BC#U&~1?K#hxfk9=-h#(VQn^g~qGaJ~&ujMpA~PY0 z$jn79dnRjEiP;jkjh15-KC+CD+=gdv!?U;GU96?5Pk;Ms!E1Tc;GE<*aWw0S z9N~!nZ9eolBy&Vzkt9iR;U%hJM{}hz+De%MrmkpWLvntF8@UeO zw)%+70*K7y55?J~8YmRJEDU`>LSe18cPfp8MdFgerQ4G8yz?Hl_IN3t^{rjF@ws=1 z$P8l7aOg-QvtGB-J)QV2iyQGr*=P8vf;1ROtFMqZ8{6fPH`pY~Ahjv$Tkeu5M#E&5 z_NSAH=nF5Qk?5Y`=w%CG~&(=1;%*)xCqXT3CQA4Z4%D>pv#5jbk`Pv7BGwP;|S{_)x~mU+H@H zxVT}ce${wUI4E>smppn3EYoP+(j?F3W3-^6B-SoH;rWe5*CATh?roBI(YI9?;6Yv# z&=rq1FI&Y%<>)jx5&6?rp||^}Cw2WoPnDyM57bt8{t{hMa0f zC7zErb7}eFqFgR{L{CZXD@wnQqBI4C%Fn`XGryD|jR?rZ`KTK5yn1~5B_j9oP0$~Y znwP5aymzGZ+ww18C2gjGC+50pmQbsBb!(7j+b{ND=eUsI$`24kB?GREMrJDnq3QB_ zOlFAZ($t6J;(;N)4T*@i3auMVW|~^Qbk(Q?EsJqbP%dw;l|hiitwt+qSwAI;I8)jz zv_e33paXYydf93;3P-0q6H&Zs6$UqtA+vBiYkMMz2G2?|i#QLjlg={MKz9->bTQJ+ zEPCB|b(B^>RIMuTlkLO4s(@}fA~S`07B>Ei&`HzGTPBjDYRC6%Qmxl&Qg$S_+dtB$`ijK{rN^8r8y2jQ-6*Q(L-$rF)aq(--=dD&l>$pP-?+hBl zTNcbp(W}j^UZZD&yNbbX@xT_nIXKw#@}T7%-ETBD9+!6Z$<&EzR!1kvEC*={q$Mt+ zRs*%kbyq6DHXS0LNT&N2*RZUX$XZ3ADg*Ih5XG?1!ft;#K^j?C+x;?IJ$Z^z2Hx`6 z5DkPHqUUYcW%$3*I2s$MI_AP%N3XbfOOVFfPzP`iR!%@7cKHE5ktWD7BD2`4=zzs! zhV@y<^ysY73L0bC&HS8uoNF@< z+`7B->wmGl@EB3opZ;vI*nabXAgu%|)UgDJ=^~sNbS-@~bF_?y#d!M6vWsk94T_g> zZOve3a#FKO!hYrEVH=EiVWTqG4&O2xdebTviu%SUKE6@t?t%oQ zCjD3wZ;HjM7tg_5ao?CP1=xl1B=yuZnLs3;rzpn7y3b3c#NpdA%XX}eq`x}hqocMe z*XuM*(Q<}cTN4C#TYWt#p3{T02jK7i>Phh2N8n=$>il1{-&7qhV49%z6VDY0p~R?- zLbN=)rk3tmU-!jx_bT;!-RWcTDUutV%%$}e<43m!X`;7M{4SC8p_obO>si(w|2%{% zudiHUnb$YH;?SXynRN$|S#J~mC0VQG(S)~3la0dW1IcW%Rq1Y9Zy~ciOlDfAl(%ga zS}#RjdZ+8yihG6P=8I?1@Pe0EO9Z)4uv`pse5o?*x-)(2@dey`go3@p?<}HYMH^Cl^nPl^x47n4jlu&RGq3P|!Rg&69Bb z1w8o#cot5Am@UFHQ+v?xF5@fKMQifjWI)T5NUXufw6D-n>!9H)p zqnFF$n=^LEjdoEUC17Qv$7b{WbS5L&s(wh1Th|^IoKJgmaMqOmN^a9L^`Y6ZSw68< zco(}CKdlLR#`D+WiCH{z8=hUn#|-?~#K-b3Jd{tISHGMe@D}64!W}_ctK3dUC2Kb6 zA;t_c%4G6L*U^TftBMk!&`+*|o`m zK3d*AwKvv9(J>l}Ow>^bhRBT8$Sj-i`aC5iEr`vx7b;k2$|cKhIJ2cOYJ!>8+;U4Z z(=r(+UH8C)z1@z7APrc};6puE0cm;~Yg&@qFcy|x=FfZKi8(yG7C&WPgj#&EWjs2< zX3ykdX5gYdO5l{)w)jt|$?>^R^1}kqIz!CWFK0eK7s%`W2r-E1nPbBqTuXS9xt8!8 zX`GyCIcD(rrR%R~X;$D#SAE^?&f7=Q{$%<6d(Yc{`Tg(z<=pb8uYdEK-`soSz-JR{ zI9qDwSU2OM{7!9e3T5c{#{9a%Ig>YZof&j8pzW$NbdCcQCR(qE_2-s!G7^|V1_{bj-__^`h5uYK$JjG|hNN7?Yt+?jru}6l!B48AP~z}y+Z#^5 zE#sLl6r{qLd+bqYZLFuAhGYo@wZI8;boTZHROuynhjI zW&~iC@uZ0dPhQ9%FvZ6Vroec^^G##1>${9+GYB}zxjW&nShF(c@VVCsA-veD*)MEb zZVS>{g|^~MpuS(U)Ev3#fQynQ*06^ZWS|)9cumfnL;k1@?vQp_ z8CH666eaTSCWy5v2XS*HnJ)^{of02HQJnW7Guu))*gGEFMrOiBW3Xf7&Esu@)(n|h z#hq61^cmiHq2clM4NsWjxjCkD z;UJBkv45ww@!QNGz%FMHfFDxKJXzkBaRAC^22U7x_ZmE89H1hGCr>jDtiqE9UL!L< zWZmvxs3ie)B|6Q{PiHAF5^5hs>9WxtL1hw#XJS?$&H6QC5HfF6Cc^s-yg$DV&zZ)8 zV-`a9WG#aL=`=GA%;Ale$sf}_pQ6l`2FJRy_**g#+&Yr>FE9T5U%&m+Z~pw}-+Vwp z+OK}~fZd&8Yb`7|nip@&Aoc8Iu*wuog9tBZwa{3i1-`OV&M`^G@KuP4)?cHPxb$5UAAgvZIm9JrtM)c-fdU=w1d1fN#=Ug2fWxirwpF}5Cj}S^`oE=M) zy}0({y#lBwLIEBmVX@*gtCc?sxp3fO$T!(*ID%G(al%QAx9fNiB3+5k&*Hf$o;Hr$ zM&%QW__|WZD6A5sSq6!P%e3o*oDaGLmUf4)G-ILllX)Fan0VGc^Gh1*)lBiEaed7! zm+`c7?qV}|=W0AY`4#>Oc`52Dp^uEhG^Hx=(n+pq`-vj^8Z5CY!_q_ih{)5R2wYg$ z2NfrTG`I+y*RafezP>>9XC7|{{21fytMT|G;GwYd_~bqCG+|Uuz{HbFc;_76Wikam z06g{t%9U$&Y@S7(8%XW8aZ4qL@w4KvlZDt0ky*9>p`4-eR3>KDF9**9cLJ3xWCeMO zj*yUN15QF1hAm?}i;o$2j=^NMUqfUT4jr@>$qYx7Qh2+I`R)OY)?|2_aw8(ML1Pd! zq}Nc8Rym!S9Ig2_3xl0kKQ)_4zHL}23tK$TT{JGmuZUSPqtI6whHZADLKw*G4cp

    ezs-8c=MMogIRQOGB`qH=Ef$= z;Jh3N1^#7{AL}%jPCEk1Sj3yp19*A?PtM}$CA{W2@Jh4znZmG7J=1=@jHgX}4Ddi^ zhf2F&Mr0<&+2l`0W+4KRnIdQG&=PQr$+z0`k7vkOZ#m%kjh17I=cagiHQos=4YSbF ztiaPV*I#a#IKAekEsc(^6CXK}HZ$G%^~1$%`E0M!k8u&kU#F-HHHK_OkT{1y_PQdq;5q3{u7;>VnZclC?M$B48<(Yo0!6hZ61Hq-P}gV6ax)OuXl z3_l=B<0r$x&f57$}+1{Gx+=i@TfDoh)11K zk}>dO9nZ2cDkHZq{9aM?Bsw0LX8Q3*(|Epfjp{s;iIJT4O8GGtzx`c*D<#P)@vWUm_pyBhRmdys^HG7-Ej}5$QCH^bzD56yk z!ypdSnZ?EFc;FM+Ud?*mtw_il?Dj(I=MG_1s<0th@RA29epcwyh|KJDY@btmBO>^z zolbJ>VxZDdV}}#OP|)qc{(|g*8^=uh(ayDj%nm?*^{QJaATpbctWK&4AT!=})F^H} zgv_kI%kIwFcar!`L}sTZneoD~IJlXTnPhPcid*7OO=h)lv{VxCBt{c;CQN%^PzVgU zYvekzw>l;>w&~yznfVj(WZNV&nl&p2q|vc`f*vkdHnvo)rQv2<8Xa%?yN;)4@J7qz z((>+M&$$;KJPpKb5g+2m!6RAN*zK77u%)^UzC}zrB})d|kKbjS1iZ_@o6MUs@#A^C zeTsL@;0fA~kCyN->`ZF-d}@m4^d~d$b~=Ktnvu(Im5@aYC%*K6O5KlcHj+VR6wT^n zj9LOlBV)uwT1x=_NY5Q%OL7@_y>Xy9z2$I57V&liPp!gJv1Po`M$O`}y{*Ns7qk5z zx35V%Ir;3jUv@fQdLA02;kHNg9d$QK)z_s`HAiPOU2t5}oZf=DQn}ZqM5&o0SW?eC zrt5aYk%5Pls2ZMbw~CF%rSM{JztY-2s0_AerX8&%nSfQd{A72(QrX|}@%InXj(Xnp zR4p78E_bFIS$N;eZsW*d5}9rHvRl}ap22*lfF}qfUrE!83Fu6LJW>V$x)edAb40nV zTqqr0^sxPOvfNhHvJ9EJTzau#BS zoY`!ON4!RB83*(qal&@snv6Tfk?O_Qmkv;BtsQn-fv|v7@u3P9AKD_mwJ>usy-ySh|0|7uwI4#+Hl$gB=s?=fZ6FXmoaBeQA_ z?^)L@)wE|ATETd`fv4Q%3L>+kiFI$kRk_?~b@!&RQB6w7*HIv_38K2f{!aMbWG4A8 z2j1E(<7`DlX49a|x;<$0Of_!FwzuCcZivrd!c!2mw@K7xt$wwz${;fm$c$CnYX2}O zi9)WO9-)7zs#34ZKxWwAAz8ZCWNSGwvHfsbnoMj-8YN9zrhsvBil4LW#g>Vg;X7D;?YOnS-z^MIt=U0i z-)5OITQ)h;B!^y2PP@gy=DoAf@z%?QOm=g2aML|=h;uY}+NumsHLW%f?{1*Z?j1o| z?MD=7=A-BO?lGf0!Ljh3|8!2d==(V~D8A^FalexZxEaP+JgVbK1{bzb6Z$ez<150v z>h$_^_yA!XnfQQti7B3(Ke+-=$ZDN5emH%K=@BviJm&RD^Lg%v=jML70?$4fo}t~! zheo5&>h{hmh0Cj87+dg5P z_Q0*foBsO=@#I`#gSJ0S&tFW(lgxQ%MT{m|cnpStT(N~5br64pme9#Xf*B!(tezs$u)f| zLo^v1&s!>k0}hf*r{#-&ol6I$a1ha2zl_KXvZapaEPFf-EPFmX>%ZiJCy=+`Q-Qf( z-ie>NQ(cvbJ1LJ`LzXM>3w*nRiBj|S_Vjo+?Up|@jtdnav&Q9V&}RYDk$$8R3q)qs z!+u*qWM=wTV7`2~RV@cPCf0Z+cUMdE1o$;A(^?6RyGGJ7xfichSysP%V378Ca3V>< zRkv`qjm5LWR-u!4ou1dLA=A~U4-0?`B}96x8@b&bYEy3!g|vFz*5JTvvFvn@3zsiL zVUtp9*-1^?jv3xQDs;E+AEX^Dh zpVV;Y{33jEzFIKG?Uxlrb(XdrqJwL<%Vp(xtN;CSbkb%uw5Sio*8b+UV{$WSReBq{ zA)hEt9OkNaUetU@{3N^<&9(dGL*`-1Q5=yYp1TAQt1TE>btZGZANR*;z$#4CivIgyUInLEfVow}GMv*6&kID8p= zVJ2k~bTUJZy>nEk?A~|CRpK{_t9L<3yv4#F6npcXS6$(g~6^MX{0g}r|^>FpmkuoCzbHh zM&V3Y-sbfVb+zM;(B)zT$NTmXmF?(x-osnP?zVLM3X5#DYWt+T7WNsdqCxP;R$bXZ zq}%~2Pb+m)?tG}MQdIq!D>VNigEWFv`nh-*@t4ngbyg`9dRJLnXeTO(JpNd1jx72( zgikSEAynIag&IGYKp5uPi{85FHP+19UoQ=+hkcG7VvkB?E-lk4$J#k79)-jSisp`X z3^J3fo?wod%_fjyUS~A|s?~tZ&PV4gO|Yq3$Sl`KWVSB^PlJfec7__6y%fUw?tvLH z;~g87{rk#g!>Y5Muq+8AAu@9~vim543ZcEM#2aK5 z)yV7DomSf zUiL0-*lksA_^V1`(>AkNNODvovt&lPO5r&&v+eXQfXo&~AX9|#ja_+*$ZW$R3Er(< zw_9j!?c5v{D`ziPkQpE9R!;A^;0N-n54^P{G7E>j2Z+oHh08fI<9)!>K_dhd_X>qQ zaqUhzoy?TPr_{x&**aN|z8NZPwQVCZTV=9L0FjwJLsT8&2_=&p`OMkuml>oHWA(c8 zIdA2o)nIUm%qDvpnYAt_Prn%@+;O*+z{BG$lDPn}Ku*7{^Yrr@N&Dy^t+ln;YTa1p z+}#(<(JV=(AeIF&gG^PJUFRS=&W_(!ORvxIHUd~hiMsE(^Caq&a;`usm1aK_VL#NS z2vTU3v#qObL9}{Lj|!FHo>g23$iz^$^-{WTkcRrn-C=OPhbam-n?uB!g~pM0Zg`&; z4vJ?sW8h6fL0aQ1xFYYTBpIW7lWa4261G}D*}^nFnoM^*pwaD1l%k$Q+U<6-W-!be zG1?nYld`LBwqwasv^Jbc8kQSb#IuYM=&@$kgPr1;+wklPJh^};Z^L67fgp`zmTt*S zQ2`@8IC_3=`ojm{(esQK@uZ1onHBiRZFq7K&o1FvRVlrYB)(Ku(#cMAcMF;Gpm#JJ z4lge+hl56I>-2Q1)z}xFn%E@BE8#L*JhS}AMiFok#_Vq{+0Q-kkyUuc#FO{HPfK?E zFg&pWPZOo3WR#XrrFe7|714*k)3t`hEflED?-#FyJ82*#*hdey9LrVPjN|iSe0cn! zT5X=E5t)&sX8(xHlA{p`n+S*$CNtFIwC1-?oR_>wM_Mm>OX~~F(wR@RxArHPuW{E^Wg7z~fvoP?d-`nFOt%~Vu*>!EudB*c z*VWMn{S$d*Zxo1GWm-pKw&aOKjPL8?lqqISWTf2=PaIZ&gS?WrkVjXIhdXrq-NX!y z<{vV6YiB50y$WPXeqTAUT7T%I1bd2@G*^hqR{}%o18r6jhx!(=S~6|5WO{S`Oe}a| zm8Z>#wI+TRZz(BlyMzFLiM+ z)GGs6dZ`OpNq@vruE?S!W~)7i*Y>;)eB!(C+{boz z{_W$hI|uuh`Y^R36oJgo4+T0Ra1v~wO)nJrq^|${JayHJR(~!~5rO7fk!-bh z*X#YcK^4onl2Fk*c*TT#TDhIX6d4?4%Sv#6SRY(ogyi2=jI{B|mPVT5jvY=qmF3r? zO7OW;Z&&tX_xsUh%@PBb$VjuEO*|RjwkI)hwGt}sxDt=u;hFnSp1mX3FZ|tfEs$y8 zsWj!NpjE}djb!@vqXbDZJe>QbA~DjW>umL*D3FteM{B=idPJ8b!=trdlFWzzVZU{; z1wY%&OJ9T)p2uEhmUw=Rr-d&zp2yB?Bb;RV?UoEb-?YT~jAgtMaZHI?rc|C8m0e1% z@si;l-p;e8ALs=y5qX8L44!r3IqUjHYz$5^+>;At%79N8JiFk@oo4A;0d2Gp77rys5^M5;n%!GpKYvgep5Uk< z?`LrQwZ6aK9-q5bTO3$m5dkF;m1-ni=q(N8qMi2N_x6aGc@dRt`H7fCk(hCGi9*A| z_HE}(R*oyTeI#aRl!*l5>JW+9^Xc5RyuKnhuy164r<8*SlYyRJdOa#$T_Q2l^Rbux zljS-ky7O(D?^`i8yhX{8<+Z94SCqRR*6VoSJOpVKzn_>@@31qWz(cwk_cZ)!%k=PX z)i=I~a*?LWS_{Ms@3CDdMN+c!#FHq?8Vlfgqq2B~w|U7};BE1=ohL1SR$k{(O*v+3a%;^7}jo=sd$JzTB-v?Z2HynmIqS{m;t-m5(A%nNHhha{}?BxSjDSGbBR za^~sl*RN8><2J;sO~kA{kzKNUJZL|AzOk6OkJVbsw-9gE*f8QVdL}Pq9yw`sZV~K% z&fv{hASNGi;L9c-vGJ1C6Zlqo8ZY)gXYXk!=bpym7d?}@yPveb{N*qI_8))y+yDJ{ z_}`t&^?!FV(msvz`}N_uy!sOPDwC-;vbmyK6U#6ilpZJ?sL^xUV;Af^fJNkxY*Xn z;?k%gioHTw#l8u#w*t~@f=@C@i11vxR@1squ+=ERvc$1G_&_E+cvrLWeqwo`BkbXy zWf_wXGuR5*z#BK03?4Qdn|C4}dx(<-c9mxg9$hTV(#S}|Df4@=4`=kDDVqZZatZVL zR>~O0;>%m`jLE}E>@?iB##8G&c3^~sf5GFe>zMbkb{;#X#tw#fd?&SAy9tQD_0;a@ z>1(Y4K89lXNxzTApXiUv)3~UJ^2u1AoXmgw;4ssvOIMVenrfAo^}M#-_)vrqA~p#0(i}m4ofK%!%=f&e8}~Ie%_^-QetvwR) zz^zI!#B8LJ#uqlk!(N|B6bOE)J^H++GQ!dOJZmZ=WAb4e@1PWd{Z3fSI2svg;L4u$ zo7Z1RBtG(+;)h#inKmTGN)PMATgr=haKLA4nS!BoHvWsrV@ZOGnS7Wfqe{-AB(r7u zt(FNrfytZCt9H9c%;a7g#H`!+Bq}lzvk8b9`s4ZZH&p3du|azh{b)RP$Ize<-!{!W zGOIO%Ln)I?F(&oF>N)7;^72_?WAT2o{t#YzgU3A+F5k%d^&@uWvh_@y$>aR@+Idyj zIpV;7pwGYloAJr*I+ONkJnUE2j5Jsh8VY%O)htzPG0bBlwe)&1I?#=U7YGaV8aKxt zyw0jQzuOCV0)LuM>iL85tAa(RzL>UG+;OaI_lj+72QFtPDP>#hT^3(E)0kVaFTWj} z!~>!A4aIW&pi@6wxEgZD-JX|eMIT9}$y(EVQGe6> z)XRp`jF08`gkNGK5paZ_@H1Q_!b%d;N{^n>YE4ZfV04Mb7JMQBuCX!CFL<^bi6E;B zon(CIq-61a!t)kS?gTswzqIpkw8HbNyx-y_#^TG!n&ebXMWY+=@SRAY@8O631p22R zoIJzzAN@G}Jo+b(?#3s4==wZo<9$v%Ne^f8J_e=7hc6*yM3RS%b&rW#=K;gil&L?<+%1^0l;^l`R-( zkawJ~AS2Dat&ujKtQ%=qrQ(5J^=In3RpywVmlo5DF~cV;x^*Z%ziZr7J)g*X(z|mc zW}n=bmFN4xy$plA%gQup$^;U#tHWWXvlLfd3_R=o)K6gaZ6P3v{L^XO?xa@{Un`x9 zcwoLB^;1+{2lf3WF$?oESC$o~q#6&=-a^cp@#>>?GZ(+Fm?^r9yd)tpLn(-0G4q2k;`%S)BdoHZyhQwb5mNs-Gd-Bc^`G#Z z!TU@;vdW{JTIP|>W%5kf;(gZh8a%h)LF}0Y?_c6si|5plnv%tc%O~;+jt3h=$Y)iACh75OFa{3>zPa*>dz8irZ#LG*ff*&mw&x;9UTS! z4}AWl{pG96^`AQ#Y5y|T^-6x-t3?xDFvO4css*OSX7B7{PrTIs)f`YFtvZ?;I~J8d zrWe4&-_BqULg%&lgmk#&7y8{_8gQMEhNTnfm z8F3|Tj|hNcuBEeCG&m&#Paab&P1*Ud!4sFFKAOt;!Y0pz3GX%doD(m=XfTY!9heac zD8fVd3~re(FL>JIu}5x*IN&$jC)&J4`vu}Flz1wYmLme#d9TGA?%{cR1OY!|c%~%z z!|;ZeQ5ZEY_{1tt8?hXmc)v5xE%QEsuW6Z2V(>xrQ)=x2hu9VuA7fHf3{EP~DclC& z>>Ja^CvXk(+)Lw|Y#bJP&v*Q8k;Wos&WUV*q4pAlceIPN7*KaR_1Fns`Nq@P>pB7t_L@mvlyS zr=Ba7&Y645X?FR1fW++5S&#|TQ5u=03JyC)tmb`$mV^KNEL<68$FP%=m zbLw(8WmjsbFFc!}!it~gD?_`OiAroxKl^kP7nNk}h?!?TUx*np(ypaU{2!ra-~vrGBLeuXhyV$^e8Uj4qH1`S zCGD$hHMu3;IwBtU7d&{>U*&l_Zz%<-Z_rHq%Ml7BC!Sv7al`>*LOo2J_=jP7#`5sb z8%mAmwm4IaE#8P-;lSgQVWWM~n8z)d{4)0zPZORAFZ1Emhz2&ETjnJ?QtM{o@_9)W z3Tn3mui4kdOoX>zeGhH}aQ3ai#+sN_AEF*CW^TnMW}zGG9e8GCu@T|L>?Tn9iC5dj zSD;smBTMOWMz{%-*`}Vq!ShruY4Y?6zjP;yr`CDzI=^$ofxrCauZ!hq|MDOIn)};^ zb!(f9v|(FcS)pndw|L;sKW7_Pq2+fmFN1y0iUb}xmC{<8D}ZWn#4Uk<4oF~MG&X9f#cG3V zapp;&jM%a007s>!;j0MYjjt%5$mw9po2T7CXa+FuC6|TgqhnByN7D;uf@o`#Sug|EZ4QTR((Rl`}R{GmCHr``P2%aSE?IV(Mo>qhKq^qDQE+7CzG zrSwNkY-irLR2difvw_cH-uoUeSbW4hNiUZducmJdYl1ZGql>9Ne2s4F(!wq8jc?o2 zO>qg30T$@pATj&2Tq38P{lL;d&J=}E^d^G}RPj8wEAbIwR ziG1WAl7nYA5bdDY0mMT}zmFKyx0*C{n_9Bp_fbpYhxL;(D|=)~{8q02E}!!)@v|j;cHk+WbNZ7x^9b`ftLNa&CbvkL!ROT4 zmn#_+RHQ&_YQ{0P2ddNOV?7V=x={BW*d%66B4(uHR02rM3fCZJ*GSCL;p{nBZe-#E z#7tVW_vQSbSy?u-(r-zI1Mgk#+}`DhY%bpkEBi7ptoIym@EculY+RG}m;d$efBpTh zE5(k5@M`B08h=bq(qQk47g@rKRco<`=A;ue*B8aGr~Om-wrKsBE;yjoYHCjo zG%0MfI49Vj-(Gf9bh}lSya&A@B7;%q}aPKJ4^#tai)W+5e!JEy?1tn8jkfMv2}eW&&R>_|pvi zPf$0Rbn6Fgbwaw;{);P~pcS8V`ukN&oWT%CP~$=9xeyAj95aMLcR~ zM9k0!i`kdsfTt=Hu$aYD)e`qZbqS@N*QEUg3^U^cGi$req`5BZ2XAj~2TOUS5YGk& z^9>7OZyHCyAL{yH$QA7CgUPFBtrCE+UBqP(hLDH#@nqU*SDsMmwiYuL^N`}Wp!#Ik z9!&OMW9QL}lj!Sy{&F&|Or5-3DrivJzjrtzpLXi~{K-{*ppWl8Tl4{nOjZwlc#LV@ zp*in)nycrk$>K&Qe-SpVsr)}fy)FK*MjEYZHv#b~i%e-QT}o}xH6=Q(yeP8!3?h$p zo}&&g-vdF_hGA6Vns%#7VYHQ$Oy9E;s~6 z@O{SnlYVo3I=6TolAC{}S5+F+0OzrjPezCk=V6 z_YWMR7Rx7{$~1rM*@u8ssU5`ZqbtLIT8!Rw|hGCXrw zvxVq2;&3dfp=|;{2jt={z5vz2}o#_ME-MVlRisp$}PTZcoozBy;r; zU3udfI?oie#KwUSpXB~2WbFqw(kP#%WrLo(#^(~1R*yG0I#xdI>-GJhr>_tD(?Ml; z5^t_q5DyOpG!PkSVeLt4WHP-}rl6{i{EScXk;tztt%j%7Mh__%yacL(K>e^E+HzrM z|MCIcNH=BAX?{@0t^xA9c{XXfW5a%6NAp8G84RP2vu}z!dmV*Y&*MRRdjC493|}2w zNGbBwq>jbxUtF>2ASzciEN0zN!CJi*+#qJKKDJV?4?)a^AZG1B|K4elzkJp21Rcyz zWI)z0J@Rkj{CHBSKOesCiSLQo#aR@I*~N$U?=?Zp%pcxmqbr_=LwlK0I=OMg3E?{b zDQf4BYorx;t@aQMTs2Cif~IY9bgamSdSyT6p0uY(%yb6_Sz^5KP%_1=)`(_$=f_CQ zxFn6mjAzi8lZe@#f zAb>10+0f*MS~_2Ls}!haN}A>AlcudB>y>A2^()Fo(d%DP-<78}@YqPBP2ZD_53)G& zS|`1$Cmp`pj(57#ALDUEM=v^1yQ6T`vYD(D2;ppq4$I^e!lE6I_VU8Ba(T$(G+R39uO z&9S9@! zdZuJ)XFq9w&`6t4Dwn(M&~D1Hv3{^&@R><>8v)T>RnyOdO8>;Y$yN{C4=WXj$k)~@ z&acI*LC)lBfFCma9x zJQ`(|G_)DYe5s|)Xwz>-1mL%dAiz8F^g2&}j2G73$zZ7wR-jSbCg%VyCIP*r3m6omsV%Zs^QknS%KgUYw6gEm<#*xV% z?AH&M9v*b%ppIm zuioT0*PoB`GuzD_@^iuGR(P{WK7XE(BcagPgM|{YVS9Xb?n!w9fq;8QGvc@Svpxy! zwk|;o4v7m6r`M5ba4e-{)b!;T4LIH6hHWGB7Z9@w7PG-?g8@JKf||BE!6PJQap!ju zmC8ZjT`}|I_0FkVbX+}DkGdfBitIkDSK9j?&wQhpx#!UN)+?1kr#*Iew!yg0YiesJU@* zNFa7{ae8`sadJPbU;ce`&9a=pYub%Dovv(fWFUI>JJXZ6`zP#NN?uO}{7&{vDua8c zDSa@~ZU+}}vc)(RJLuF0!$Xfkd`IFXD~j7(TMNsAAy!}X;vyRCxAUo3Y&W-%O;0s@ zQ#BVd#baN-EIV-$jePIn>@I1>(#ui4%AA@>>mxwz=icXsRtZe6J z7EdqnUT40%!V8k&ejfaSlV8ptWjNx1&%C~Xl1K(s5%Ut5!rOD;2w#7hCr5~9BTGEB z;L$CKS4Ib(`qi0F?!eDXo}{c`{4zqg-XeA zif!c&)C`~bysP}o%rXZaP7>a`#QQDYDmlW_cAkBU=S+TabC#rxx#q~0fh4Iv1?-X& z{j%`6dLD1O#n`mckA{|<0_UFy^Mu0~p4-*1zC_t*Rr0UmUoP<-8^tuA0jbRL_^G)>kER>)t@VagMi|^#JfE>{e(47^u%5} z6(nXUQ@x0o{YfF>riii0pfcD$IlhR+Ci-(Q7Mt&Aq*ZTjs^%)+P^{qXEon3wafZ7p z@dc0dWM}vo<6h^j$_soM^UF0gLTrj<9*i{3R4$M_ z-V9P=h%4g1P^MV=DeL-}GW7)W{0h%G^Yju=Sv+mFOyJ2c1*;|dC8K>U^It5bu(eE> zNy82l=^3kyv<&uXr>2iLb^KyHc5!(K@5B_>Yr7M)Z>@9NQPBj>?&_5wSSGr%064~Ik@fkW#z(3 zN@RAa=fKqfQ6Gpn@W+j`$u~37+)6yt3P;_6f^?@i`7T?UdnX_9w4>|wuFuDC-d0U| z*S)xS-mi4Vlg5U{CqE%=7u~POkPA3lhrvtzw)1>~H+G70=yck?t@MxMGW?EMebIBQ zm5BB3b30o+27uz#URWXolEIV;RMw(h{vEZwP@-seP_));# z{845IROz!6W_{R7qdA5xRAatKlh9e(Deq|&d_WI*3Gh7)O zE~@_wxQ+Ef%Pjji$>Q-z;30|Vc@Yopq6v@MChbG%;lS56U1rOOpMk#}llPhYjD_?h zy;v!h_ypyRunS(Y@sOY38EwJ)B;W3q^h7V0y4v>~4UiEFh z{6zP8LmiDYmE|~`8R(j-+A8voX)WEt?s<@sax8h?qBbhbVZ6{oMjCb>K7-7F2s7RU zN*ES$!hQeeF0f!P^zKV0p2J11>iZ0FB?2(^1R8@3!X9R8{s*@;vr>lCyR%Z z-kF^*vkRUxc^F&MN#M(Hk|`D$zmG0`E}=Y@B);$&i8mW=l_Njj1;}2@`sCvwwtkD} z^=asv8ENi#G<=odGM23;S^Wr})P(5my>`cENMB!G{wjkHwNfM=WY-FmFy;CJimk z#`6^E2{11_T0CxPCXb)jFFEtrrPmTqdIFO#aJ8rKmC`Gy>8IW~i}K|RUXscjyWo+@4Lwtt)E_%vHh81wF!+QQe0&-`O~mS%IJ0M>aZkfx zo`s%ijb{wLNdLoU(k{Q@Od58=p%#Lk2Q?Fa&)PCJgUf+~=Sg4V(GYPz_I8wU^#1c(>MSP8(P8Ih(`DrIgGtBS*r|w0G~c;xkDo91PvU#0`f;2VsFt#V%J9gxg0EOEfocps@(X-@1)7uaFAW~`;5_0v!V6_`6fv(~M!#fD zo_UW)&3uh#7CcI9SyHt$I!N#gUr4|uP1MZ8!uRV6181#MC)Ql94bWVI(Ew& zoe~)Df|S?#*xVGQ%rk}26UZ8ml8tXE3CMP4X`iZsJO4+ViiE)8gt4u37N&s3U_ten zS)33gOtA@+WlKEHA2@0^&!-ta%i>I$E9;YzUer z@vK#U%=Yzbu~^C$ibbP7z<|j(f+oi?7LV&7M@NW0AQ|*a&b1ii&s+)6({6%)@3DrXdqSuZ3p4)4?1 zu&qxHPCYI(s&vg?CxhEtWT;*CA(C=m?+okh+uQp7%b@*?hV@PH(^c<08YD8vQ}boG&rusqahhZ;{V}*t44Zw_68eidpCZbxJyssoHd`9@Qd_& zjm*QIIQ`~Vi~O<5%P3#3`MkWHr{3q2CeOXe)9d`q+v_0MUdZ7uijHfm+3!P2Ix4+!B2YC>)`b6(cLCh-ogR%Y` z{1Zyur}N(Vk!!xM>zzvH;+w^bLN;0#iJ3PSF>5NFH0nbR#4N2^^#Q*$XP4`bjV}~v zW~p&w-fw;-tXd_r#%ej(p)7uAbOtLL*f`l3H79> zuibPj?9lQdJ-?dI>ovrT!QR*u&yC+t@@J8rUn!&HaQ<*+5zaRC1pX!7>a6IEJ&k#i z-ICAQd44k=`G@cBj2~8Zok7q04D8+QY7as8VgM>S ztU7}z1E-#l)4=kwQm@wsn|9Tk_X|az2OYhBd3terdJ<6LC)2@jJQxr3dIjm*@%(T) zMRr@gbBSGF#_vkro)W(p>%+52`#I=tej{DW)ShbBIBF~UkmU|=gun5nHN&liV0=a8 z;AD<+;tTkz$Xk5G;upVk;AxA`ZQyB>qAWhAYAsA9m}1$FBLY~w*W$f!EqXouTk`bw zyznjg1XrdXvei^mx%$k7(Kwczt(I9e!RE;BRUA=PQ6yd~ zW4%H;3l;&=!-5|t%vK~zRmAp7{FT>ukcjn25vx=q8+h*@=cx_6;J|xf1+%Y})>Q7H zL<@XNZTWt_o5w@(xY05%I`@BMChefItC6O>Wu&>4J?RO@1>Z%?0+yK7y0ucww&Gu0 zpIK{)KOJ_?oOVgcfqf)q6(nYF#f4SGI2N z-fIcl@-0oxkws!f#=lAOEPkcEpOi3jvBQ1ZXK7eu24E0JJ5kGnfCcOzI?u| zpU5uvTs*1V4lhu~C`~a?^)^ze!%n+?;d*K74v|hj)T5wbdRLR^4UXkGwV2%2af^^B z@c*^0PtAw}uzm7}^OW!9T7`@UwrJk{jBGXyb=k_hZ@;30_A{}~6 zrdGgX+drkUksr@flUMM1{pB*(QdwT`(ll4deEMmzNk}>F?2F=WA8b-TeVVlUp>JuV ziGhbM#0BsAd)qhq&>ayoZ&E{I77iLOj+$t2cyzQj!c)Zi4iYnm6ui{OXZsT*W^Wr( zNF!6H;CB?n>_BnJAZB}eC*$Y*ZRNt{Qs(ZH&h79N$GQ+b)k5PubN4LAL!}Hb)ETk(N>38*z%U z!R-VVd5Fs+zr7o4QiugGzmRvgTq>dFc#J+@8IV{NCU|5#@R8b*Srl z9pYBS6}+4_IzG&|$FX=IFn0$IDwP*BsE^M>N2&9@gJE62)h}G3Lwy{Rzlo9Nu3o

    y9W(%wVtg-Kv{oMSQJPh9|3vr6^~e&avn@54|5AK$JtV zvndg?gL#OES!|p?Y!70}(Hz9AQ$K(dATjftUxApl^;g&YuriLy-()Ine*CC0n>%lM zduvCaO4NU?nEk*J2cWZ1(@4JJ@jrz!p9N}`t_kmonc|+@4v~?j1PitFZkp5rF>`yO z)tk}}WAFasXVT*N%8t7`VXbZDVDl^)8dM21MXTK}z3pENHr?k$*id^0x1OaQEO6ax zJcLK1hpS~_gPkYO?e+B(qVnACAIV#~|50Qmc6N4gHf&eMusuK&U9s`=MAygtDY%wI zW7B1$;W zLY1njY31CGH@m)*-95@*yVN3h7#H^pwsl&G##!=jC$T?g!Ur()KHz{Py$r$PAQS?u-1O z-R|_CFY^cc_4=S*@96qqpzED}{zQz&vf19BQq%U}J|KEdQpk|g>nGp9ND~9u>u!y> z{W8T(FpqMjpDEHiFX9z1j@EfUSK@pIMX&S1Do*Y1AI!EJ^#(7rdXsT2y@IonPrfi+JJ)HgeALADh1lH@@H|6nHIqGw7*}6ID4Evo< z{!0GPTe!ewd%UZWcK+5(8Zx#U37!@>wN|*=WyqN#VutE$Q5%h}vq;QJYE2tGY1R13 z?xEMqVS5-8*Tm_t(z(3ae!l{!nfo|Dwu#xeUawc`9VBR-Y5v3=kKNovKOv)ZaNrR= zv6Ld8)H@g7U?xrU+=Od2*12WUrEJN&L(Am20`J?pW!kAN`8QiWR7-5632)SACuRKJ zyo3HzTk@;FWVEMlEq!yO#D1oD9}=^4& zt#Jfm7Q9i>h!eytQ7CNWot2&X&isx&4fhY9NjvD&4|kqPd+T+lTRDn8a6HQuwe$`z zJl(&!GpI2ObW&nDCf$8{f+)q^8aVu{+N+QfI?313c=2NHun;KUsa&|WzbD=`FCIUm z;by%J;R0{lmCit)9-rm&XM1P_an#Fr(15dDzYvLsNMxjSqVl&e(!PvpMX2y!By+jO z7sePt7D}JV>r0xGj2W`Uk>BJ6$?#=ZVAE zz(}LnN8bF(NFt(458Gxcyw*v<&hsXp^lsv5pLx=W=ZsWS4t&JqDc>8s*E+d)UY~K2 zMpE|mNv-aAVmC#GYiXly)@f;?VtHUy;)j)b{^j`ifhn4IVmK@Fl6Xy;*UFz6XFM;J zWYV>8^hgOE1s>8otY-72uM5NmT9nt!O8?AEKlmt!-MW#HHaPhfMp~-S)nFpcn*=Xr%Pqf9dZ5X= zYjiSa*3SrKeznT`RJFw~w|w3_xy)}=3X7-sN26vt@J=#?cp8kfoL%zF`tM(pNQ!4I zv2@~zS7-3ow#qx`vt8NO_(e;8n`gdI>%6ecdl_x?^{dv{^V~JA!#*Ttqt8zBG)-&M zo+2OUdj9_8_#xa{O^@{?w3VKS#3ju1sI}`%2#J{|o91aWD&tkPP$0>$@ltZ7NGPjF zBBnAfc=|1#=4|zWEHptq(>l*==DqAAx6(7A>vLw$(JE}(-T9qn(*9+r=XZ=r{LY#* z5Vk5f1qi2Wg}ogNCS;^R&m}P|>qCXB;Q+3q-)q;}%_mTC5;V>&r>5=tVQL;XN2In; zDslHg{nfRrBeQrQ5ZF7IOos!#-RU50JCx(|ISEP-3L(QRTG_|3gqv=~71f8qZ(yX! z0ciyBpaeg7T!)G;d;zxzH1-UwYATQG1Iv&Wz)K7{LbA^gkIML$z|)ChT2uWNk2erY z#xH5$aVy0<1P-8i)aP*cmmF(sXnuw|FyUG>>^?qzOJ2yNje~=+nR*xEHR^ zf~tCXd(kmcC4-nop)yP6O3 z-nji7*l{`AJ4PDF5;$=Pt2JS7hc|-?GSUi2%)$)kgUVxwSy$Dvad{C^r-&yx0w zYc}SwQXmBjgH`@zm z-jcQS^NY!|%RIGEc8ljt9;YAQ$uF5L`8}R7dICEy5gvLr?H%^4Nba_^@5+X(-$?VP070>2;o7;#rHwJptnX z@ev0uD?9ER*uqFt?mo994hM_&Y%KvzcjJ*MG;R_s$8cV6gh8WDwfOb6-bJO1lm}T& zSlnFao!fleg=45F*w|mh#Zz2omCN9KM~#6O1!5@R2}B2#{rhqI7D*$Hg@B)>smL$- zJ(05JZ}S8FGVsSYL^Wj(EaLEb!4I@A%oPg6uRp_k(Kx48(^Sdp^%@Zbyr^b?>uE_a zc|YwH{3b6*t(Llp=a+bf;n5L;BM8jwJQwC{Jd1g7iX8@?vv}+joABu95%Dv^L&O1e z@CfONFpoY|gn}310KhGQ#~z_+atRJKKd_0G`NSH}M9@j_1C5#!ob=&X1zrIe@jj-E zczze2H?I#T*LknSaHkNDK0H*-F;9FRJnXdf+xCd# z@bx)#Cz4q3Qp=ZMstLkJkgt$12qb^X>8@6t$3+iSE21>1YFfQc7jeRDywBn##)k?Y z#|?m!e3^LoC+SBceBiOib;Q$zr|mqq%=_1Q7V~Ao&rBZs`F7wrMq1~Q)r)!7mjAFp z0@+qqLtO`F6Yzgse?cuTbw6nLW1(H+t9vdh&!2X*Ih1#dw5E9Vxy5lzQLANB+l!e} zMP_y5XMrh$n9&>-v!~lix9h(;LShzzCAT7yfx+#w8^jD8YlFOnKE*9DJE`SzxAiMS%#1)$&HK)QF}zg*hxN;Eu~l786>2JKOyJiaVxJUdxaF`BSigzHEM3O! z(P(L?exmx1D=+3rV>g`JVwkvUl?3g_V>1oh_mLtjnaRWGpn z5#BlCz;~QUa|NfJ!yN-szU_hozwoU3IXc-&k7|vrr|DqGS}XLb6bBASYxq0MLzCS1~1A728T%8z#U0_a`9Tv zy94kEk(agdS-o;h2DJYYe6G|_l|MfARF3`}*3?I&{j5Ocxa(F6d_hB~67CV}IXK+L z;Z6j60G|0G_=t^QU$dOWgM)3FUgo(a9vt~WTq%e(M|ks>h{vkMfkRUp&l-G$@YbEm zG>(fwere~ynXMmF48A^%ZwWm4A-E~T;Sm@vg2$MMvh&bBSNSC7(J0V?#~9{GD!{=i z;aQ9K<){Q}`z43n$VRvo-e==ytGqy-7xPHiYNOKL)dPp}U)3JY*CT|*16M)IH4Lgz zf#_*|{JZ8O7eh~Oq(6tQ--1|rUhqBn$l)O(P)H?`s6HS8eb}2p9{$&CLT~e2eGvH5 zSbOrOQY8qupu#J!bu|Mqv$pJs@;rL6kHjo#wtRAZ@BtekMIu;AO67>2<01hu3m#R& z5H*S^7C9ztR0$goE^G~+Gkby=sSi9&aqK#8maoy%uomyLc&n%3C`)?5xwTRvV3*hj8KMp-`aI8ntJpMhT$7V_y8&=umN=3~%-Q;J7mF zPpAF$qIeS`M{fofPQV#!G06;G<#!s~q^WmYO9K?if5HD5Ea zWWF6on8h!Pay~dBGuOsRG(Kgm$yy`uuEkUSt$A((Pi^Ay;*tn5(u|i~22Up;!UlfX zm9%aN;f2X$JPrzC=e;IRVIC%%aV&Onv2~u}O`cxn6YIR+fv4>})HmXTH}NLVq_u~= zPni;(l+^Ahd=m?8UXy051k+lI$?TJSTI_nB3ME8_8B7;-7Q8fk}b>YozKqK;x#)Sl9J z+iyw=91EY%GyXEEKagdG>MIg6E{(+O>(i+ArBEpS+`H&ZGu6h;&BLR&kws#5U8Ag> zPe{y$?dK1QS<@XI-nK8V`hzKa`ujl`TZ*w^Wj{c~ES0a+4+7sr%p{2A$PiiZLSR~4 zA0T`YtdsE4yjkCH%jB*4gI^l*}i_nBf`=B@fH7<$MpVxL=l(&Vkc+=S09c%Pl;Ht-Zscrl-i=j=RA8N_-o z3HwJ;z3#TIT)hykA)7>DB9#%=W&|dpATJ z_@28v#lUo!0MbA$zuIZ#!!|}*ph_XTS72)C9h^Wa=QlTdRRLv#fIc~DR%jewwtxAZ zW>l>Pi*MmmleGHRu-5G&ts5C%s^`{bFcA$EhcWkuq(=@7&~?Fk-1}s>=dJ{ua+qX zp0=>uM|oifo-!j2SiINby%z7aF1CLCw|V-bym$FdZ}RlJJk3a%Pok$$@C!V$(z;(V z?^QH0-q6x$)ZviqM1kz!&A~TbD`U;wq^+CmwaUX+1=t2k3lV$aukde{?}z!^GVgtZ zx9YSvL#H?$H*+{*zQiF`n&N%upF;n8F zgIoPFbzg7mSj?uUam6i0$Hu-VF?3L`AI$&w%T8sUQAag~$6{6j)#o|?%%RAaYo1_L zv*jw{R8yC0(nok<7rv#bl+`jFByXkVSl8c@r$5Rs^gp*fpWDPII5iUz1C0U?V)it8 zeAh#FQ*LzA<(+$`1j^5BHjHGD7HAMN@Z7(d->B>#=D&5%^pE$GCWj`S%d=Q$`#tZl zCarSt_5iPWSAxaTUbU5pZ|`0xbTi$5;EY{3USy*oiMhS~iY(m-$CX>EreS^i{VV8O zw~LOuHTX`u$?RcEAG|mo^(*<0tr~-c$K!)w+OBQz-1_fabr~=g0PwX8B9w`9?r?_e!wvmD5H~1h0}24YsABC{mNEQuMY zS*_N!#O$g`#LVSVCi?To#7y)I+vCHaGCx3Kb_rsZpNmcLWY8hLxaIk@{Ty=rQ6o(e zQ&nlyRk@t-xfh6*{9Ynv|I9V>2lta^H9!W5nQ}+5Sj@UlLg1aAO%WSib@wPJ$SzBd zMm5+9hej$@WXJP}=5`N#W7Q{pcJy*@sS1-{M30b?laX%wJ1ldaEp?roz(HRaQ~ z-s$q#oK5i5&7ORy>r=B{cxj&JIW>)>EUl`=BD~;cd_2U+8;u&GOF4NxySO+z9NZ2+ zwi;Hx8tc!|INt6V4;}a0gA)+SyxtEGT~o&G!?`CA|6{V|zRGH&T8q!oR3oG`!lsc1 z4nF_KNc(U7@u}&X;8Chn#1@;{RU3P64?mT7Lu2S&jWjP+Dsh?yUeYL@u2u^$$DS+w zSb518GQ{y1%%r`n7-{qI)H9z4&Zd>l%Y6G6ev12atXIbS+l$#d0oI9_1@Lq?h*@lF zHyq&WLhp=-m0*Tg+?G=i2H2wVu`!om75l*Y(?9e)(nkK_e}Yuj>=^TSb(`6QuTsa@>=OjR(d8W@Mz@ zPVe&vdw*p3smLCxJF3B4j6Zv>%s;2`TYVZmn9c3r{}^fiEk6Qm@N8UViN^41t(JY; z$&3=Z(Kdu&eQPEy!nCBMk5u%>mgFa%M}DllEM<&X1Ne34nvph9T(Yd}<@Nghp0Y!O zJHul3vh)+>!>>CHF-u`Fi>OG(Gp4z|M4u<;eZTqheA6shC zjGrIY$LBKH(W#?>rVI5S9erZt1v1h=IV-0whxx;;w|oYwsH11R0?(H+?oSy;19yvp zugD~M#`F|xJ)GYPobLbCtRsFix(06s4WjLtvCa!`@n&2}+np?@*jw?K!bV!ePn(qW z%G%@?cr39;Qc0VX5NCQ`8Rpq&U<}OpFdYKIO-42q`S33 z@U3t`V5GH@=JkC>etO~h*hr(zEcRM)z2HVP$N9Y|%OE|i8du<$2qi#zt-01^o_v)s zi^S_UGmrM0rXB6KMmdSi{LG2>ukrlHc_Xp8&rx&ihK#iO!LlJGhlW$|cOfc)mvMdg zdbITt11x6K_7sbmV$JPuE+gftU)f}&eYzq8%w|0H8D7@3P~m5{cf=Mr8MgmQ#H_k^ zi z%*a~-Fw$<3nAKk$o_%{U^E9-P){5{TW=El(kY*AvXf86G-}Hoy>Zeio3IEI#?_bT9 zX4U_Qd9>iIqc?f46K^$ctA5TFJpT?)A`UFXZ@s1QOX6o7QCso+DsTVg8+^iv_pkCa zzXP9CYfs$=L(C#9h}qq5@64nXlUC1U^#p!uMcI)!*_3_8bAEb8Zpmoj0#{BV&4pWf zDJOn4^ZZUd$LyoL-{KQ*^-OQ@GiI|h+wV4$1|Gj%v2kS|LcU?&V4^$^&gD%_wJC3W z-3hbbH^g~%yhpY0H0tPU_hxHh6UFF2|9dKcQW-!-(IrGbS3H@UQZ9lw>#@X_Dynbc zu#c<(Er(e?!D!vT{!*_sqG$IvfA?oX9~&Nu@k4!>!n$^;=R2J4W9Cw{ERbr8vT-6;RW+z!22y8{}S`GaVNwhBh4GZ zjw+xUL;AhAKC|I6-tOo1q4FX@zsN>$itKG(JTLww;u(Wy4IZCd;jweHH6FW*w(+nr zd?U{zK4J2BF4HTp*rfzqjA5+&Av|U9UK}8*)a(76qiMESOxJ2}x&l-}jkL;OVe``H z=EU{-uXv+)sgRp7VZ(6aY*`HXIB2Pg5@tXB*X0~J>ZPib&S$}A+QU85}FFWx@OSbr&&xyB`(c)R~?1z^u zgh}P~E>ed0vY}ky-wTX1zu8`>CCMWjA{OE*g&9L4&H7JSVk}rZG(O5y>ck2U7ZXgq zajkJvV<%%2!DHYyH zLWHMuZ0q2}vV72)p2JRj1sQ42`sG}9D@W(OOf_4eY#!`k!?)k`OU>~}CZ2x((hG>P zOUaZPAKX~3%n#~=6PQMn^OgPjFMU_6GTDDMuco+P_ph!xNY_>}MsWrA^QR%#yX%z| zPa{1VrF{@CMpdJ-7$|9J7JK;TeUjF1j! zJZf{{NsNEW!&Dq{O6iRds& ze*~78tF2spTxJf($I+W zR-azx@6RF7xCe<@|KNPn68SfbG$pED8)CLsNPF>%u z{TYebPazPqpQ#-7o6ebj_pzZtCn3xDL|GmE9*%;TxuS)e54!wO-1qhR3HnP^_B)gM z?KFNem>j-(tl`7iVJtS**J2uoa_}&JI+tBrh?zPXK~M~iQNx*^M9*hU#Strn8LooZ z{d|%!Jp3ohW=qB=7ZC?=W0mYYyWk^U>@5g*uMyE8V#OvA>^$iSEFQOHAJor?*^+&N zU5OlcFX4+2aeyJQTX39^h2)X)GL>2&5eH}zlw}i7@yp6?MjT)W5BiLi9Vp4-Ig@9X zc*^2&L<2{jcIKhJNx~BEQ(?$?*DECvA1;Cu?RRF<%-9B!8GFX+nIdrgveh|bvGjvy zv}6KhY%z=re-=h!mTnb&NX&S)$Z*R%M37;yhySwK6Zk$};$om$`}(B$P-9~G7BbT0 zfYfc}BB&MdNjA)*+QGpiNfAEGCV4++J}=@U5oDF}5D*}Oc@DAw@#rZ02s~%-VP_sS zCg3H)M+hJ0Y&^Hh`*J?k1@w+0P~LS5{_< z=$2)ztEt7JD*0PUY@$PYEFKZ)k^FG|q>(=i1BGv-AIjZmFOtENnz4b$>9O(bG7t3u zc*coGcS(yt8iEANcu_*BoEGf0YjF|LdcJ=^&| z6GhMKunuB|UFgg&onsx`Pb44-MeewxB|5$8k-5p+dDyhr* z2ZmoSeWiC^Ve z8y{hocnzhhlCSsNaG2@V!A)W&<3m1`iA~9p6Wge7;!`BC~VIYa9kjaf! zug{vwW%7KP@T}1}keVH)$U_#2cbEc>h-~N|K;p{s`nTB&pi!RMdmQfkh5%ghDQr<{TT%@+1aqF zX;d{8%TzwCw2_@U(Ca6z=90M;N6BkXu<3|wtdon2(~FD! zu|DW`bX}i1`bbv-9{2n_77X@o)NU<(&ES`|O!`<C_I6Vs<+#1^W z@)FN3@iP{u%;E(co57Kn(5Q~rM%RJ{8$P^TQSClmM>p+}Q$p42G!536asA}t`bEKq zhj%_wpS?JXi;VDddFJ$^TTjC_9h3qpV6R7LZ(n){9D=;v;L%e{~pPb><1k zvJ896!NQt|%$j`T)1lf#WM-Z+eeOFjR9mp&J zWES_KK43luGIRFQLLpCNFPRJ{`cXt?Y8jCeB`_C_lqaD!CBuG@ae;O$o+~eKMti3S z*;wx@5LH_p?>F!)={QWww&S_`6+E&xg0D&&cp4TlN&A%yJhU{NGY7nG*$_S@2IPlZ zCd!Xaeu9pdVut+#`RPpUHd-=;CCPRBH`Ct@Ux=;d2k;9EkMA&^)=SD{>TP&D5l31k z%w-dN#(H0Y%TA;2CO*A}$gKIGUWT@gI1ev0GyQ^*eoWUlCuDEWf0<6_5t+3OGLzVQ zy4*#sTBe#sWX9qUg?OUOZvQdN=ZJYpk@g3C$UK<@Q zJsaCO@WBBYhY4Q2PTHkP`&^Vok>?td&5Vlf`I2~BGpyg^3na5AXXYv}4-UE4&0 zKIM%QQIdogqSJ7LHzshB#Im5oF?@KqJBRVAlKPsn<)ZAX&yui0@JSoLzpnRso6*!o z@AwL{dTMzR0M86cZ19A}@Aa$Jjl(YAj-2azbN*pdYfh&cs$*7yW?t3q_Rjr76|ZI* zuf)U4;T3)k?h3~Hl8roYM;Tvolrvu7obi&0Pp^EmBYySEm{}8)e(nuNgvV7PapVxL zBn92Z9aeJ&JU-+j1daTgc$^EoNplr1?T&X_cy1G)HZn`C=HJ5eFW_FK-ERmA=HEC9S5wqn#56!MMp%YKEwyG*4Hy#Lj> zs|ZXL;_V?uS5>tt@uiBHAFE0v<9!#a^=qadG>r@6&GIa~ju$rY+)Mbyt9Y2I{HPb0 zB0kp6_BP@Q$f?KrwbhhFaTy=?Ca14%p%<0q4H{xTVKQ5u_@HUldeOWC> zFCQtx(ugaD(}&VIKKAgHWESX+ld>XulG^0vx`xOsvHtqv@vK*jh(Kn0`(uO5_V?b; z5t;2fMcoz??Y)G%+0=&9X*RRSWLU7DYWD6p%n!4$(#EZj8D)?M+1Q2cO)%^sz0$t$ zY2TPH001BWNkl>d=?CC6%M~Crv{EKg1n^>bc$}jTKe1M3rR~ytv zPl=GS4Et*1q_Rqb9T={PZSCU)go2q4ZF&p>DwRev`xR%J{|T?|_mSZEQ4|hYHA@@E zx~Q@?bZ=2*K~7q?yiKIoF2NySP_Weg%W*ZcGOSxOe= zR2Y^9M(;zNH8NB7Ms;6mlgtv2Q-43<4K0@mL}sUZ$Bh!+Y9w^EHw0Suh!H|&?-7}e zkF2Sw$X@RDrKT^GRc)x|37H)vEzaltgJbZ0wH_nH{Z_Uq=j&$45(4 zR7az64UI|bt=i}Yky#|^gWb8}>MAsJ1WF^C_v>VKZ>nr8)NH<;)!2UtGNZHI|4U?s zoKhQ^HK%^>Rwqr}MVmyxWG1A6%n}tC&$iJZAo4DB*=Sc5 zzpbnKcs7~ONAq#LHbys-R_lR9^+4a}4&J~n9og6&ab2@brHRX&n|(oihvF*j%TG8S zptx-FZExzW%LDJuy{CiTb2OLmBM!=+POdg*(v)SOUY|WKU9NrPp!Kfb$4}pf|0w^0 ziYqj)?WbH~$B1sz=_sAfFP_U>X{t@9S~jazIa~hO;YCI3{!7r>_t8l!-G2N*G!7}d z?65#L%UdGUDv<`i%}KNCq*cgO%IErbDumJ)2J`uTE+nTydyUeH@*~Cn=z{KU_ie-L zAu*st`K*5J-E`7CUj{2qnnx6m_h<5v(q*f|&sGV$y z@uB4ST?(dTl3Dxi0+X3PpKl{F^B^*-lx}TCPVtoc$K$dWX41AwaQt=S`e}D3?cHFu zAGS~bAT|rs^sQj1xh4a%+W73q&TQC8tGCQ+FhGCNKlQ7t+MqS4^+4T+e5N~Ttn?-) z&7(88EbrH5mc@vBmF|o4PSSn;_=8B)lHAR{_pLtK!GBclO3%Mehrx?!Guw=Y&w8_` z^@S{Dd0M<~)t}cmNoE6+%;?;koV1SNj^5P9 zCoXH#L`BWKR7x>_{#?YH-#VevSCH8Gf%m?% z+2DFG-Ukm2`(%oEQ)^u#GCK){_7Dfcsi#XsW}mZ|%veljw&4er)h^WFzXq9oA1AGJ z2Vp9HKr+jQx9uwM_N%YBFA^d%fsk3La;rT|)sjTWOwH#`KBT;f#z!G$^U{7q`}m58 z13&%0zy12_-)w(={oDWhX=f)b@_4kqLYI0!FeLlIQ%auA>N8*BoylwvaiBgA?3>pO z`FC-22DiS^WO5z2As+|sIk$iYpZW8zn6DQVUu$H}y^4{BmX%CL$C{Ed?^vx_`h;Ib zUY3UKw>?n_CHm1Rbd4&qsb-nZX7?w9Q>QR6qEhUQ2Up`+D|~jqjAK@>Ek*W<9e4UNmD@K61KqZ-3wKir@8@&UoUaePjAmwajqT-Ny>$ z{`SQFSMd5>S?zBLJfNf+w)i+JPbyU0sHcO2oDh;4UC4_^eAdiX^1O7RLCo!k=53>W zc@P4fKwYRFZ*=)i_51taOYHRQ>FLI}CcTNn$X!`p&)0WEAvf%?);c?vow*{3z8odi z1kn^FKA0JP9deYyh|I>mBa6&DO8B}yv2ht8uA9FTG7H$q>}LNyi1N>=cj2$t$FGR{ zt+_d8D5efI%^I~ilvF0$bQ6bDe0Mi&zwI2961qfW_5fstddQ}#X4SxC9Cz9PB6@tt zN9~Pgv(sX)^^|hSM9)-A7RSA-+NhN8-?fh;dzZPqNoG|?GQ)v?{z+QxHzh`#v~NwH z?b4`u6EgcTTBb4H-nKWX^C1_r#)xa_^D*?cw{Vb?lYq@Qsf@@>E#-MOipgx+yhCKR z^d{Ps5=G>kF_{(qu|3m2pwG-y-YRDM(;qa~AODEAx{|@^A6>5UAAZ`^N&Ay`{Roeu zBq!r9OXK{z;z=bR$E{f);c@+9o$d^zQp-prvV<#w|5+|WA@twKGUN>{4TAjW<0} zIcUJS1Jp-$@uo()tWH~3la%N*%_kqtYQ3xaRqf=YRsSNNBoAbBw_fk+SHxt~;N^K9 zIeU;~w%qON@f-Ods}nQNvOLd$J~YP~aRyjcpI1YDwi8}o)Ma&*MUbU8@%l$!k9YWG zaCbb2*_!zm%=}XlOBQ$qbVua9sTivZp>E&>kS<~ouPsU?ioQ4T`nrmhn3+Dh%b4k> z*YUxs6P{Yd3wFG;iP!B76{7=Qm*4g`wVboHbyAm=E}dS(qld=?cjfl>W4m$rDc5M+ zvi@k9tuku1%yus>x{DZFrn^nVY}1F}p6ofvweyuy35@;cLglVfLPe!li2!=ur@gd(K`fvf7qg{qvW)Pg;bVaf{LXqk3AwTefU%2Dfh!#*wi;srdm zPr+z%n|R3)4^EmBf0`|aH(Nr`_K}GqcMFM$(xrYSRw{8(3vaXpXQtjv|7ASCt>^d( zJYhz+qz!Z1Hly>SPw}E~qLpKn;_bKP;xagv?4PKOAiI zDA{^~m|_2dq%*slxAh#{de33UvzvIy0k4yvRAo&v-UV;9OsTu|bmvwl?LVuo^-KEC zpLP$hzIiA;;;T)Lt=$u%xJ0AW`V0 zwy#taLs$pwG@>thif{_b^%9wxcLzXbEUK2qSByB7<@HP_Gn7pqpKrr#Zx7*UU@YD)ExQe$$96)%przE}^bPoD? zd#gPfa{gA&L^lm5t+T1T*Vj~Oy=Q_qFMVtzy_n429W)ql(vZ`Xp<;-_R6M_m$*ehT zHa>{RP5adNct=&c$m6^H__0D6_K)KLkjjkFM&+}^2a?(Qyj|Oqu1RHYG_TrC& z!Td`IX4Vur{8E7Rm886VRb@dQu$1&DZ>F`Ifw|gw@ToM^x~MX-D$K&qutYK@gYQ7{ zhDF|cH#;0&R7w{^H2m|wEuM-uuc^qmXgq6Ap;XoB^WVcxOQuRHm3*xC0?GK%fp|En z4Qjnw0E$CAzvFq-#j0wy**}av3^lDQ#XvO*jVr(<3o;DJKl-R@>Y<^Jf>_7}p};HR z8H^X~_|I^M@%Vj%lnqZ+F`l>K-J5tJvx1NMar;`uFYI^@@X*VWCpo0AzX|#>*v)n^ zs!Ex7B3z@R7$f}{d0zoblC9&RFuJH`;oQMe->uRn9ty)uY!z=yAMPyt&l`BRiMMhF zct8Hqj@Jusfj`O^c-jFEVn~vjbtkcVmP&cnPphPI_bP7kHaxm3NAsUT5s+!_D3KhW z1;fUYLkubaytxOJKTUUOwHeJVmyy)F&}ClWB%-tqT8@n0U(mBie}?51dbPeNtp5g$ z1M9z`8x!xxc+(!7@l~7{!7~ncxU=CI@}-5(;GAJRZNpcoi(c;{o=CzK4u_M+OUK2* zGvr4pPV+wFy3detpa`M>vV&@)FJOMJB+$>Wlk&e8#JuKAv8e$uf z1IwsQ_vO2{l36G9G?;`;GOJ9RWz;!fy*tZ3am%NHDL$iGE+aBiOO+^)S-0^vGDDpy zjo7TK`U@3Mb5^Ghe@~_y$t(gR@M7ZhDD+MzGaq=(%6VQ$YZ{Q5mTv^7)25~dDT<;Q ziAZj7_V#5bv!C%teiqv^`3O2vZd-f&*{~lA50 zcz@NFK1pnqxe%EJ4Pz&$&u$x2^Cq5r5K*zSfToI0uN@ z*-1kT`81fXo@zwQ_B5)sM(>xhBD&7!TOtlPI%xu5Rhz@oC*^H>#1z>(sy||0Qw}cg zqH0!+vY;}CC?8^Rfe<8A=|bTBG<0a7%m;B>9?+mq%Qmy^T#J!!B>PrR9rd%a@FCCeR8Dp{Og5B@wmM$W6N@%;SIq^UHkYHB~0lyHaDlUR5<%Cbe zm*`Hw;Vf4C{-A{y z(mI~f@if9$H}M?)5~7xD$ES7ty@~f5_;NScKL%S%om?KT6WfQqkEqBnp2yLvNcyz; z@qmnTkdJmT)T*e6?`glEu5t^mO8bdDaERNqhvCKNzE>0vjz8u46|S4r)Gi_)z?1Ss z=_C6`-3C+%{1SZ$`A2tYC@DW^{!>EGZ{ULl9<`ip_=S!~m5=fFYj|cmo(h`nk-<;O z2!^pByre$=*33s_bH3eq2Ul?r2s!OFi0rp&^J3E4d)C2@+jTOv<$$diAFLhG7G>|3 zQLQ%m0%Rtiyva#J@2fVapOeblqMj@A^4d`5UScxKM%kES?t69R+ z`9*F_pC5)%KFxHsi+oi`emN2ga-e{Q{ z_$X#-f~Ryox4nsuXQOI0PiB0*mm3?&#gjZodK%Po;78(~gVFN3X>}qA|4?J#m1sZW zGel;D<3IDj)MX&EVE#lDAvjvQ66~s4whQ(z8GLRqI}bDt%*#H&__TqS_{?@O+rR8`y7Lb|{o$vd-X6PieKXkMxOF72 zaa|`IKm)B}GISJpZ0+czDWL}4g+UG)6n;L8yoK0AmwYa-WSh%*kO zMH#y3MByBN6f8q%#iq)!+1vBfu3n*ne9(SYE5iabw0IJkn{7T%KQ~r0t+-suP3!8a z*Sq$*u+F3$O76XH^?VR+m`Ah*v%4|$z894;Tf%bhbg*EEKF9DZwVpnXoq*?zW5z2L zOgxdhj_IQ0PIx?{wT>^qo(^X`ZQ&^!9_I{)VIz2nOy28w^WkgwDvwto^oRo#t4AEL z6#mnOnlptJzd_9z*PI^*EiiPZ1y+}m)^(#ftng36WRl8}*b+g?&}HZFD#r@mia3Cu zWavg?U2O+Ejv$cU#8a#@9tRUn8#&vCXXtJvfln`c8}4?bv%cB!GB2=3!~vXyA4eL_ z>y{;kD$}8w#sPj&$)?GS3R&%iV0_S1H}fG`jvR<^gn)s~9+Yk1bgb7bz=Fh&zkmz&S3S9Dk! zUUAY|kB)jx%HICCSD*My%`q_*pVhDT#AWU2CcTavqqp24{(7BJeoq?dqg8 zSQV4m6!F5r8^{c~f^uR!AnSO_ahI0z!j={^bhZmNPS=0ggC;7t9F1Q8tRi3jaFg8RQD?9c|%R9nahY9(@U9 zmJJr9E-j}*8IIDPO8=iBHPXi+4Epx*yd2)Y z@zrXx(Y)6R>>ZG^>Yly$_|G#>s&O$yejeFqR!aMC`?n?3>d;j%QsvF`@kfQt{9E|K zCf@OV?fBRxKIVX@z71d4#Jg3kOBrc7z3*CmQN|q=v)>sTTse+qrQ7yLxAZf=1Kytg z8eUla<@dx}cd@b?FRiD%jl0cdDe%%_-1?KKa-T%}R3eG&ROMI8GiEFQAg!wIe&evw z?>E}FwQ~sbH(@7xSS!3;@mzTr^@^{BG^$Vb zoX>GaPUnMKZ4zI?&I?%%-5{?bwAIa0`M6N$=5<;HmSFK;U%HM)Jc4NHS;P!W<(=|U$}#8btlGnO z!1K;6|LgG73;2SC?`o=h)t*-=udvAv{3hObU&Lh@_O{)3S9ilZ^7$Imt@a#+)t=+6 zJ9kzkY?n+#& za(i20vwlQoT$OXb!0c<$hI{P^XhiXy>2M3NbFr^JiEa~=A@3W69&1~$& z9^>f>W)Ni@adJwyYziPwdQ z;^_U^p!I@}hT7~?ZN4en(NR1H$umS|_4&1L*T}-&3hBKUX!wSPoSoN)f5?f9B;$cO zkePnENc@!5Xg0R1ZQ;g1x0jw>$t)LalF1B1d$6D%PgBuIw-K@VoDel@;0t?BYlzI^ zcyuA|oeg^Rvt_C>)yUp#zHp1ltncRjuaMbyia21?9%J(-p*H`cy!}PagW6N-AhdLp z=XP(zm0&A+U?6et?o~2l;nX_jGDKz>0g+kT{oC^$A+sNX&E6hy03YRnyth%EY|`1`{pI%AE&T|Ul3IrLo+h<=ZT=Ud2wPwZKOsD*koYiOZctm!E2fZE%v+i*v>sP&EO7=2M za#+jFR~lXgFOK}5;kEMjcG7tIF8nU{gSa4^I{bWzH_kd8r|G0V<=1(Q=Zt8!;<-Ef zibQ0A)|$g6y0Ah_hU;eYC-GYCizgEC_J2fm+ceu>zUHJowZ`FXy0xOR^wq{kOYfKY zpoZfPzci6`(+W5N@Tv9r)%ZBFE18L*Th(}j?68~Ies;<@5DH}W1;}jj6!tFl#mHk? z6@)k1S7k>sQ}))$%y81&6x-FbyJX6AbrX}?c>X0Mx)7@&GQ(atOFwRJ;|A(Bk@^>b)Xeq4x#}A@wE2vZdr6;9y6sH|cis$%tgX+r-ee;^QSJGY~ zGm6%RCYhBvuB+yc4_meUROG58p2BZDc02M4@)h?dPcj&p=e zH+pYMV2Pe$eU=PEFo9(vKD(O3+bFJZ>#7zILwT*MYwc8WUQb6pcWY|l{|c{te zTeY~18px;iZRLlvmY|w{WhTud9u5ZEoHUTG4b~9N~k}C`3W0Ynob%lGe<6g@b3H4QdRLtGw zyeUyUFKPcGF`s@9Cygq1^LJ78$CyehATrY`+sW(zk=bg$MpZ5ip{%_;^V;eWS1wD4 z%(yCq-~lqL93Qo6H#(W!mh4l=Kbn)a)9Fq)Hh`~hok`n_D{ks@#LajFyX@l#^;t7| zt2)e|Y+DvM4qT5QX5P5gyK4F3AW3Vkg7@!&Ds5Qo_c`o0Kil8aU+0{tID=Ui2b$vBQLwZG&Bk|&(b-mB4 zED40&EnT9abfl5hjIfP7$C)!I2GxPwIF^y8O#hHG?zZ9WIeQJy?}+C&pTtvZc-pyB+YBJ@6apyJIioO-nNHJeS_YFLuDY zgXQLQnr(-~Et}!JZFh`^VlNaZROuXB%8@z%E=NZ4|L!7IE5qWRUoHLP=PF z3<&D8ef9AXMDTfca(wyG4HG8?ij$1`T2N-kY$V~BzGWHiHDf^!Ds0E6Ej(x9sh#nh z=D&RRO1lhCTHBqpjwgBDYSns^r+Cuy@`f_Sb+fs@)^w*%$Fq>UGnp;hbTw^~+1(al zc2V})$gJjrEE@W-?+}^sh7Um58n=7hq)dBub7_js=0m%XnFsXOx|~jC1t2qU(hyl< zaYMSBZCfH}Xq35h5i;{U_U0j3QGSt^r^RvWI^b5xpetRj{0H*U4jNspZ1IV(MwX;y z@_fOaHcSxNoA3&rd=xYB8_e#A=U&3|4tU|scyQ7vexpg)$j`)^O!^|8SDQd)Lcxit zE&OiGPHi^U?}J~MLqcu(p!Jt>XWJoXiU%@V6wv#ii*+|bWOuggZB*donP4lQ^m_V~ zq)UdQY`|`Owc8KW2B$z~5%2M3zeEC#aT&Ac*supHePJ_wdr#wl-*{h#p5qlf`}Tta zj^Wn-`c0=hm&L74n&^4|CMPZOsa@ho1hbghRC7*KX`&q7pV#WO)_8LL_;@y+oy$fz zOc2n!gZMaP5_Q4)iCna>@cVT|>x|zJJ!k!fF14TKs`M^1X>uxeF;tl-t&0vD=~E~P z9y@8-htJ1~K9DZfuO2&k2qzWbrYOxEb_jjoWew|5DB7kHwRAw3#jIO(E#_ z>)V8benV8+@8|eR8}-mt$xwv$`-3my$u`EI|E+kxp)+lK$!*{%bZ6nYm+kIp4l}d?<5yyGKy7T>y`BJoWU7v?T=i%gG<1p8_%kY5W*&u{J z#mr&^6)nO+SCqw?cZ0b$y8wqUeq4 z#gq$?neQxcbTjTv+P4g;-z-G*J8AoY%uM??f_C^N!$eT!SNb0-EF08YX4+;y2LBkw zB5-EQM>*S$x1MCj6WYi2CcKJAA35O7md5g%Jx2_S*>ZlXy?@>yKa(O6S(+3XwD1O# z>UctCoE?vnVAsf%vZrq`yV<#YJ)T?3k3-J^-HMU3E+VssVf$bUnSD3`GGkRbhRCe{ zu@t>K$2wUblEo1sGY%-gQ0zBTjS+H%n4Sfl%%}{I*=@yNdaO^9p-!CbO7S(4z)Q&OL`gHhP2t^GmDe04Du9e9Y)+EGFgI?zcHn?7SppN3=b z1vdL&L;(dSt?p9{Cv8>>JOyr!u6yp1uERv)!e)o9eh<5tA`Ej(?!Zxp>R|0*8cVLS+06XACY&pF}s^dVG1 z6i0P{Cs}yLz?0LQ+!{uWX z@dAt;%BPZV=Nf%j)f8AYnD6Ir@7$$%Z*tfVmiXp$cv0b5it6Wp;G_cTlNVC+w%n)LNdqSpDc~N{nm12At-ks*KvyN{u@>ia_gRKYU1&i!4=1c@Pwa%c?~>hx>9yLgc2ak zYo>3<+nHU*TW_xC+P#YRui)K&#=@J8JIXL_gW1>cpA9?@WEMnZ*39RUh|HWCm=ZZ} zyE#l|$H$F!0+E^Q`s2~4*L%();*1#-DVP*V={-RSky(R~nVVIA#$;A<&wI0Y87w zW0a4|zxCk2$~@ZtGhDAf{?A{(!AU!sjK7zYrpPYuS?vL&KpCk!Z07f1<_sYQGv_Hm!8h(al*chK-ST4vi91m*697|U@ z9@6I+M&i>PQ{Lt)d%QLy*~4SR7iYKyUA5Jlmu7R@ZpuFN^?~@$n!y(?OFAB2PJdtY5eJ0rhKa+vV1ib!A zF+1Ltf2oS@B$nXemlz*h!TWLgX$wyZj|M!>VwGLTR{<}r;&IMU}?VAfY^7rBM6qK7`qqs!p6N$^qkL51Qvi`zD z?-{ic4vH*8><5`3DsUdRoR#!ZV}d(BvCm9~GwqFa!b>q?89E*;Tes&7wrms61B#_F zp4Rahj7RpSYL(+}chatF#aERnluly){hTz}75Y0SGgMdQ;qdOH)6vO{u$kC_vqh5| zFNFF8G6TiQL;V4vPs!XJA~Vp*B9@)OEe*GP^gpO2`%%lMv3=4yQ)EzCa;SOTy>ik5 z)-MT}0p4N?hAOf5KxUXCfy@lYY;V>pdi0qz@1)+UwQ7jWij!K=i^wdHyT$2Lam+;^ zGt>YHxpFAOF|da!5L%39kzq+?wy{)z%(`7{4^_y&h35z!Wdq@>n2EsHX}t;Q_QvwK zC9L6tm^Mk{s6vrR79LwR?g=csPO~N+{gPwvx8e1k1Cdq?6cNEb5t*?Txnjygc%Aan z7E@!&;B>Ogko1GN)WQBSo;L6-joS-mQahd_wPfJU^ljwo=T>_T9dGiFg*Tact*5c| z93*EXKOp66!)I*xU{EKsq}O2wM@NYqBQlGm5SgJrCyDs`_woH%uQh6FG|n-hNC{`w z=m{Wwj&`>%FB|y^s%RRMSyojMnavQHJ(y(1=5vV5`duJ1mYVi{gU*4)oj=MyEXqKF zXg4CZ3)0T1s>nA&f{R~_(vf;V~^BmI~SPY0{+x9>@_J8A!=|JwUaPTJ{g z7XCiVor;nQy&u=7pcc&vTy{Fld&SgV80F%`>kT2tEQJFLoOnQf9M4j9LdDt*baNfC zbBIjkVc1>ZK#w#Lk!SH8hlf4z(ZWsXcNC}y;x7evP#soYJLaD{FFijGvt5j5^dt(9 z1PqiYE(&)nt>yI-QL;R`8WE0Dl;q&5H%5jz{^CgvdOp`_eb&EKVIW48HAHKgdXGh! zX&iB~K=KdatNc+t{c`jWalF!Cx>funiNvNO5h_W35WXPkcsI!p13@!h$4fZ2Cym49 z2?UQ`&cbsR9)E-ek}%-5llp?` zZ_cmZ>0jcY5qf1>_=R4D1vheWx8eoz5o6+mShZ5e2Tglm3_Q1qPjBL>s%}5VlbrFU zy-}{)$Dr}r-iT->bE-z#7>cy`{R0T(5hYad~FT7ZLsGcDW9~P$N2$eO~`*) z8){KMBC{^4LYR%74u{j}^Ka2C8Vf)WZB5H|%UP{C#kXoV$_UzTO+Tq}fn+g?OdOYg z)SuSh7pIRO39(atHX2ib;K3f)SMkh3(D50)Wx`q;#+PyVtmD%JpVjX6UUkx1r!PB9 zyE$nv;`~ldnj)q`r?cJzyg`scWHv=)wmbUGwGGq*_gHlI|+ie>GlbV@i=|m-eAg`>kj!>$V^NfS1_4jJhWuYjL3Q7yR>Dp z*5)?ZbKRSt;K8usNsJMh`4E}iERmC0T*h0o{o8UEWs%2Z)>Ij+%TDam9W;!E*W05& z(QG3nim3)y*4qo^cEU3TKb!55TE|06Fn-DFv~S>{rLjiiv+(AVc(Wz1~lO;BXQ$;9hqHbi9B*=%H;cgrOvGsPpPZpQT% z>=5l0PqTOo5;XXhHS3q7+zV91U9H)?@Mp6Z7oh0hHOTDwLbb?DC1jQ*WX4k2--dd9 z2}V!g#<65p?8p8jv!^K-c$mFi!L!czjM39jD?L+r1ip)3+>lei?6d z(mI|u&7_HY#aU}GLUqQ%Vv(dhG#dvuIJz?W*JO14xSxDKo+oX`MLY8Q)+7N!EsCcP zW|Ad~OW;+LWdc?YQqN&W8!x-S9a%6oztq^oi^tZLWrJ@bUy7_RxMODe8GHItfzsUi zK8}peP~ph{GG>Bq5@Y|RT7vL=LheAkc?D~^b3sI z04vY&Oo2Sfz{iaI;ExK@=KFpPK0_IWw~DuNwphWlui|4C9`Ra+Y%M_-Z~Tyi^WCg3 zoJE|UwDF~oc>!UG^%99-MmObo-FThR4G%3ocuWfku3ZCw&+7Man?WY5W@WdWt zpQW-qo%AN}PY->q;&~eaY7rB(QVqhLpyvmri7w=c0gPf*7=HqpHJjkLaa1gwmXPy? zM!rK$RS_!fPDi;H+l!gLmH*f(-Zb9V@sjZ+|5Ev^;IkKv&<90%L2g=+12vyldBsWd z?ck)vXWN$retDad=Jm~5t&tGxVtWW;-LWsTfk9@EkAcMLDw!$rVQqXw&KeOi%dC_S zZgP@oZw0*Uwb>GaTJ)7j#0NPyA+yz%ETEbsfyIeEbJ>!v&*yoUoYx+)8YUvMS#N#> zWabr>(?M-N{Mf=|hRvTwWM+{8XV`r zPr0%Os@1aif(Gq=eH4C)XXKN4eV3WEo7M|^Hx74q(v(PIRIiPmlDU$uD#U41_eqhE z*|kAtt(%oRiF=Q&C)d04L?ThL;tcHA(yWilYX7CFG%?i2WJYb!j!-JutB_Mm3D}g@ z@irQvqj77WP^340lkA8h1S6K0qu%HwTpWxq3^Jpr*DcAf;>~W}Mv3~TY?*KAIZQEI z;f>7ukH)+IH}OC`K?u4N%{L<3$xJ+XtY7(n%qBMnd6nj0C|FF8n9RDoejaN97l+7< zwv!nRaoG`>k(d-Ery_epPw>q>6C7Z$p|*?J{(pbj#Yy|aAHH3JL;O>*_kEl+aqq0& z@|}pv@vWie$z|#Gyf^!D6!wPS2hPsUX7yI_SX>q4I2=!I`kz%*)gzO9opzO)5B>5& zV1sjYs_i1~#W5dGJROhXI>~D15Uu8%l-Vz^I*Z2>vWT2CyvgIbQQ27xhs>mTJg!Uj z$Crux?mB5d@Wqvf(`oj$@##Qx_8}B+V9*;SMc2_d?#*X+2undx)Ox%Po?8fOn13R* zOvGz1eG3ZghXG$;d!RT)erin;FFR?I`s*`kq8R9XA16)RD6e) zmqgfm9!F$WoYZTNt8o$(hq{$%4RcPt((ZIFT`j7?E^$+&f;FB6+viD>K~`@ zj{ljiBjmu^Y;(Hro0*GcNkb{Md|pu$Lmv%itHd>*>os3QR`4Y%N5%cM50t&y3yL{8e$ z<+&LQ0*#OET{}xZ4qvN;8eRH_7rp(rleW@L;T;@&KNn7!%4s$->$v_HpR}$+;``an zd8x|-nf*g}r}VqA8O5^vPEOj6%bnluq#>r6)qL9)3KbU`{!eyv(mHay)jAbBSke}` z$`l1tnZsKBI^husGbl=GxgH^GnbUsz^|=Y>J|uI(-EeA+`Fz`*`6XrCVLZ2u*ASV8 z+Co&*^sN@o>6;%#-Dp6M*yrq*$$GdmM3va>;PI&4~c=zjgA&vKQ zOox1KZ}~ySgyua@hQlYGKfy7-k-vy83ID=F(aTHharEKkLFdL6&_qmghMP{GEd$8?RS%y#FpVeze%fPtU&vy9&DD$PcbPTut)h_uBUHH1ylrWiX zR3Y{4J!mTt6N3fPP|5Hoe7c^f{hxj#9-Ln_qJo~KQGV=|GqA zcR59j^oLV*JDzijIKaJx=ih|qH|6aq^Otr!wT|aj@Y^B|#5U{8UYY9=4V)tsaAy6c z*ORd0sU7gtu6VhcV=uIfEDyqYwW&4lj#ElUPRv`iTCeqV z{#gI*!KnQbrH>UY5q7hD1X~p@);}`w?lnBnnjJ4}wFfJ)g;^6X+0RaRii5+zWTjvg zUwXc(pPn4=dBcHLZ*mB;Vatdf>(UH+DY}jZXD7}vH{p`yLo|L@UKu5x&wAI(Z6OI# z%h1zccPH(%hP6DDgND0`!&#t`S073zsg=BSR>>@>lUaca@|(+skP-qZNo`JDf;SzfLDz8dad`L z^6X}Kkc|ieg;*(ndl(T9+RbTp6aRu@eA>x=HX;JNh<`DH0RK|YLD_najfevd_Rrh+ zYMn{#__TYIEVnbeJ$>#?c3AX!BABI6fW|3n|W~GxqDIPgY$n3~_ zRvRNSGk8`fGk%k~>}0%AnRfeMVJ_ei2RC3Ve!JVS8-9)HgrMIa15Xi)t$ky}fp2!w z#Kfe2eX@<##KdSk=*@R@(ol0B?BjuQ>O9X^1kjH_O~9WMw{NdNe;XQ{Q%8kyPgE1# z3szS(6f%DOEGFp9k-G&s2<^rP&k3HAqM%PfXYckL9`vX4J2l%JqLD34gcq?aDH;Ez z{WM7orOyz03aUfxK3d8mr!K2a`>xZP!^m9rUiT1#qc3~!UFZv)P~i1s0VU!s*9q@D2O4m44Tmh__f0-pEl zD3I-Q!28oWDyqjGKzC%ehckYODu>SChyy>^UQa$Cg!eHK)^IGmG5u z&*~6lfF3?4mSQT%2iZ!*D{w?BYT?cIB|@KoXH2}AzWz!qZMC!we8$2X_LkYe zQyi#ha+KaONfrsdIlYNsS+UR|VjJWoC5wU3GPF$Hj1q{Q$hC|Q_EXAgOiX+rbO~1| zax|;$zZ?a>|vwP`*TADnHhigZNpV{dRO%crgSP3p2l0)=E~o4x%^vS>&Y3;yf{A~R1U zcY(acv|%EaJ?QwVfk(zgOo}6V90p$4z{gB`)?300c(W$}jZ+7F72^e~=P+6hv@{F< zGmbcb@dibbF5V&|GK1#^X#9KW9s9bE~jh-fI#ENjn(?&~Xh-IYj zo$xxd13tal@=<1q1h1Pn_{8c7Ko2CiiN|JBkh&(BY3{y_%nn5PriRF@coXvaT8PZ1 zHZtp1+|GG!`FI_g}? zMQ#=CCxy3(7cw?xjApjrQU1$xFb0Ew7^4cmuaow{Te-(xSO5SZ07*naRIFVeZ{r;$ zRIH6hqnq6#mxJCK$kK`sakx<_F=f;?c{j@@J~;orqjbbnq8}Yx(8u}iBI3OQ{Vew*R8r3vzh^TX8{V;Yn@tmeLHp9d!q5kxFnx#SLl*QW3R{AkN zL;D#>%+FLA1{{;1zuQFih(^OIO{>%V(X4*taM;3i)au1$@#L&G3;(Hsr$$lY49Kg1 z1P{6kVoqWh#*f2;MAhc47xhx5=@9EExcMOZE_&~P4+5S+8G`ra{OBVF;z2_F3**v)n&R5>7@=H{#SOck_v zz)kXFl^}}M^CNJ`&1P^BOa3alg(Rx<1|GRdRb0Ou1NaQa(^VE)HAV0ggk!oVUIn6M zn#J1C3j+^NsJEvg6U4pl@-|Ib=Tuo~}ZyD1jn) z^za}9qB@dP*04Y$5dmtV|6Ux1z6=I&P}LG6;XvzZ5Z^mT*Ivl$jU1deDpD-NU`H~8 z>>n2~dL%JMA^2)%0ISracg;L-aoQ0-#-!Fa}o zFWB)J15crfFz{>@+mDVXmWP^?v;gs;DzPLT&+(0jxg0sEpLyi7dTkEDE?Ye;&O@$2 z>r`Cb9*+-%9-Uo}06eH)AHSj<=JnM^$MV(_kv<@^{pC(0PDMGIv<_tjQKRy%QK`^f zriwZW35_^ATgXfiJ(qp|5T8!s;LV|9ftFCky)tTF$l%ffZePUMc?K+-!w!&v_Y*v& zH5&(;PYE>;nQ1hap`oxB;O3d>qnfBPnNkI0TWL&Y=_=}Jv0mr}O=pLT-~tICgH2k#6CT0uG2V|`<_aDeFHP)?(R+dd!2`1}&@xRt^c-lk z%P=Oh5EstGqD zAasI9@98)3&<*hhUNCzm%5VHqf|iNP$A$;_LbyXcQ@8N@E_ceOfRZ~16k+Yg7m zyUnBh;_bo+k+6ZmiDt6hv)39`+#GxKAO(c|A(BQ^O_@Eyj zM8t!|i?KL6mW2j6dB9_F{0tEnM*k;i(@kA-MY#;Z6HtAx;URtG6b4bnE%*rdUEaEmT3;9&+|Y*;Ff@7JtRiMBe5hnO4T2B z$zDGiXd~0i5Ik$)?^p4lxli&F1igGa9vSb;_%sw53o_vZ&s2F{$4dksM6HqFu}n4a zM+Wc`eiGo>sDY;)@P1Xx!VM_=Fc!`-alO3|e8!F^PXayidpn*bcnMw(sOgg6H zp{7aBK$V;PvgDQ|C?AA38WX}tySL|tXQPOxgP!kr(i&g&CZqZF%H<2&1;<>8;`Ldv zSe*6Hh`lu!&mP0C>ERxY#|c+w+fry^Tn`-YN@j`@XpPS0a55swu2ADv?ZOLwE@#^Z zit~ZXQ9BBFWZq{)Z1-i_-d zkH{=T>Q_%Sh+7(Toxtb7&t2_vQkG9jO%<9VyM|BuEj+Xr^h#KnAM*o8@O~YSW$*pw zlR*C-;nNt;p$?gZxzO?c4Lo5M% z{06lYt(p{x@D@d`;TZ#ekC~Ju%+8bdt)`8ZDG~A`%x>a=Pi%PISYE>Wx8RNUC3q0u z_gnZX!Q-Ce=T)X4Jq_V(j1MC3RnvyL93$<|P9LY;)#oFL$`9UW$5xEwj z{PVBRw8XNch{2vSdiqciRmcyWv6=+tbB+Og)z)6%j;kUvt3vP+qw_b&FKyy8daZIs zPa_eg&e(b;*48uG@m0NN((z``WZ@B+u@dfSIM)5U9vo1XXRZB%t=tzX)+b?EQFh}s zG4(jOQC$0@oAX5ceLP>ftsuX;o5i7_He=p-Kjr%B!!yisvE^>Ji)SN)G`eB&LK1ug z(~=Up>Eb~h-POP3=vBOc!=Tcrv2Bb#6(#pMdlBuHX^iJ=cytHz<~)s_4pRq|AAN*1 zqCwiFOQVmn!AY;^l~>sqhlN3mf215M;ri8$>mY~5VqI7oDlpM*7nWX0{-f~7806ni zQEE2+>G+@zV<#@!)$x)8p22uL>)h?)c$Nfj+|eeU48m9NT_~Rg;OR{~ev$*8l;;Y* zz(zOmWxXZ}EQoaDqp(n(cv25a5$7iZsaEkM6x?MfBYpmj_?VuvGJ|WWtN#+?nb+_I zrflG8J^uu6S(0Sf1LUm0&?|U;JD$7=3;56WkBC+^P`Ik9Wr%B0imB6w=HP0U6!F2o zr`q_`TKW&ipPu&Ty+8j-xgiNAt=n@M?33i5(~AtZ1e_l{X~M7J7bO3x%9UQgb1Qg1 zx{I3jLmT$MnD5JEbUax>#rVty-YOr|9h6E1^mIEOmJ6g(?!X>qZcw{!J;o>3N$+Yr zElcPeHL^(JX;L55u6n)J1o>)#r}$Cm6(Uk1zM60AJQ>6Sn1x-tl9}Quw)Q=)oB7Rg zGXACAM`V_PC|%9FJ*QYy-f*ISp_7?m4+6_<+D{bhvj8)YhJB_PCp;oEt-YaVt0Y)W zEtjL%WQB~0_m@rktV*~^lSgvyLXgH}hES>>4tFXWWae@uX0`XJy$A#(mJf20N@L5j z>>pxqcWJ{O5OYzg+P>WLwtr3=_P>J1cXm9wGwnHM;xi_`id(XQ$L(u3JZ|r_(Gm#L z8F+VQB|j!ptl`}dKBWp-1XOvYCvana#;aqJ*Vb-R=L>P%xQeEL2fhcJw_!2ZbR>(%2f@q|)?9KV`b zGym=w`H0q{S@&h5#KvNjWIX8wJZesWDj4r;;jJfa;e5noWXF29n# zurTm~iLzd9HPzkl_|6Hx*a=U4Pked>&#jb?)0>#-LzJD~)eI|>%85yBUvasx!zQ~T zXSF&^5RD&VC2WSu=5J#s1guVE-&^bS=bo#gp{6;nNQI#S3_j;!&&F#K*Y& zCuL>cX4Y%%zYB#@#;!B-GN!2`$BDqWHF!)Ed*jg!MEPAtQY5B>vUN+ClKL_u-te}F zP^~Y!lbNFUYS-~2i_8M;JgVQa=Du8uYXW2z?q2|zHM8ZkqdhEES~72v**5z@A7!%W zQR^`rfy_{07x%A=#aiu)Ebf(5{X`A5 z(lRak!3QEQRCgkG$MLA1gBwh}h8GNbaA-mf_{C0mZVTS2=Xe?4)l`%Jt)75)+uqlP z$MzrF9dEVd0=LoAyo`@IF(z73CBjY($Q?|QmZ z^p0AAt)~LS)LCzKzI!-g(NnC$1(ADuJ#;gE%H0;+T=t@|x*^z;ig+$BNLU;8JF4tZ zRZVMb1|CbK-z*+$h!0m)ZC1C9&J{5+s^P2NtHa-VZxoirP^J93SQ?wvhRxDPL4|`W z|4iC_UvqW;t&_In#c8$PZ};c2C`PWYdXLFaXo<|o6Ivz)z47%;a<8v`FKuHg=oa|j z?L{e0k|YQ5E~?vY;7GlCuwFT}Uwb?ew?`ikJ*T5Vy?%Wda-G(Td-`wTrzAqADE{KS z=j^%_*glb__i^y!FjFiiu z^oqPxrQl3v6dJ>>Xvis^qfu*(%#xz$z1`t8fXp;RX0*Ff`r(_X8FAp>*DF^{tzG?= zJ(fi|eBJ9^Cqp=*r)RlL%n+IF1DUbkjZV-Y^N9QemAcUmJ?(L0}o zw`_z(u<*P$3BS=vYt<)Dcz70ndK?V?-mV~$w&v||ylKyI`|i$9JT&3E%2gLst-TRL zQM}~7x))qz^YKA#|6NBP=YI%|db2>_EO3pO`>H-EPU`!p%MIn39Xdx=WBct~o^SsL zDwW?+tM7YU{}!{|`SOF9OZy~syx;1zT7%gnfcnY!WIU)}C-#<}^V{#|q;Z8hilkEb$oP16+SztiNf9G~alO|H?4?9GIT+Y>x_2U>Q25J{H{ww|=ER#t zW}(qwdt51HZ?rwE$~GshRiE7)5i&a)w2G+N3bfX@lbOeJg2?Ribo%|t%w2BwH)j6C zPi*k5PMSGf$lg88(4bt=<1i{G*Y&Y4Q1o5bddLr*Jx*%ACF&FUv0cb48~oVL_1*nk z`wlVL4?XDox0vm&S1CPwo;KTF&&ea|>RV$(W+!6mbdJbubhNirj`OPY-N=mM7yl&V z?Em$dG!V*$u_^q8z$Z7$Ekjz-d@u2a;IFX8YBgbF%&j$0u z$Z2g3GiiM`xJz% zpZa4MHN}IzstVtY*ZwJ;G%EWrzrG&LCzI>_FUKIYG_LP=I$L&*g+jhseY773IWuwT zs}H`IJF`N*$z0S7?wb>gel_9I(k4eZwjU*14wisEbeP7N}XMekFq z=0jwb(eiqJIuQKwAXmX;R;Io`nQ>WuBg*=RPp^^LOHNuTcQY72rSODgCzX7xk58A8 z(DL~G{@HjQ_r4#@lOX)P6JK__u$x6dWY+KB-sasuaNL1^J85rd%o!lF(y%_>CuDXM zE)EcxU5BA-Z(OMScO$bOz)AbdU;Z&pnk{^B@-#O!i6|BS@!4#ccgAH}!iHR&#Q z%+Y+y|K)17-Ro~}!CO{K%o6WAFy&;^CrI`dj%g9SOdTmr_{F>b-WRx_i-Sz27yAUVbl(#7vvF(|U4Q0yYfh8%7RM6!@>< zy@UDhIWqC(e{-C)|2R2Du35d`G3%qcG0OLh>2EhHGu~^Ve0?&PzgX5H5y(y8-U}Mh zcI%zp>V4|%DNJ<_Ga^KedU~prc$F`4^o_5=)5cJ&=K!fk>q~~`tyM0J!Y}YXA8*C# z^Cfx8>$U8B;bMNdkvLLDigkD^9w@JnsH(moF28(VkQ7?Js3?q3D?T76?NWbw@ttl3 zrma2XlHnAM_6)UPOl<%YU7sUHE#MP}0hlNI2Zz`M>n-I<< zF7ozKkY2f{aErVoEc3z!9u@XwJeS9N-=;K1Pc`6phHOC=9J4{Zi!@`JB4M z``kPU$q78caz827N9at;JpEFnyl)dPIXu72tF*~xj^$Z_7lBVv-Z{Btsczn~?3tcM z_Z^8_H`=aFTfNSB;wSsqk&~8ATlO~Nttg$iiODZ{`iORB*MFv{Iconu*b#3ez|=p&+wd8#T2jj3c{x`nrru`BcoM6M$^R5PT!n_ z{uBF73lqbSedNuJ&h701^4aLe(b*Qf^4!|4n|H7@?VxAWd-c}1b9ZobK0)(LOU(ND zi8;uh{KrZ$oA1=8hhH({jJ&RoLR&6j)a1K5r0QkwPa%Mt|HM}$Vy0JAo`z)h{lulH z#3(b`nRuF&g69`M`iZkXLOo$-E5*zbvu=4&f8Sh6B>L?N9xNL&4!~W)V)jsQBo8Sm zGb3yNe((ORDakEGjfvUrM3&iOf=bXg^$~ zi?wc7Y?rTeRzbYv?fHn$Sv0W@EKKgiy2Uzr@>0 zEpR2?O3cJPrWQty6+DbI)|poE>;_)tmw1)4N4{oZT?mf<_xn6ad(}sxHn}@F%8xpu zy|Dki`S%}JW?RwbuRG>*K>NIJM$)iqa(rM;<`MT|6B$2C%MPC&F3(QG)hJG)-c55% zPT)%=2y92f_VLJ(%|Spr4qkyuDGtI0NqAE_N5Yvy70PH7BC-7#5u*I5Xm}m9E^hRvr-$1>;MmB^Z*Fz*<`oGr zzIAGt$6MF)Dw^NoFo;k-t|Cqf1Ca$u$HkFl^{Z;&Ew=Asq5P<)(>nHw$R#cF*b14T zRUZ;#)-K=TOFB6d=7W^S9n0o%%?KX^N~G<%f)Cm}K2wmM$>H&t804gp_Jms!0}66R z;7E!pZem;n?g>_`L}{7#;g2vs<85AX^C`;X@ZqFBGnk$^1+ont`EKv?B7{D{nFxDw!&9pdKVAtpN#t8b%bQE)B+C>agHIL5U0QvD~K^m zZV9%}p!H>mIFhtJ#8?*iRJ6p#K-X|#%RI4v%;R6W%cquS^C???C`wbntV1P6ojO}zkc&3K4|sk5%=s>PJHaw z_u9jk!e!v}@<4%G`P5CLaW+;dv7Aesz=y)I<7iJNCW4JcvicY1b1}trb6ocq@1j-p zuCyd(;V2#kF`ts$yj6aoEG5A{V^X;gB=^_qnLLCRLQY!d>glO`69~NS=jYl@(08*> zQoq2Hw2u*aKT`-=^`ZSmjp19)5@W&Tv%20mZ4fc@6%<>{i2cLGd3lIZOT<9Mor5P) zVJ%*eNKldz=4TaK*_U{q&AY{eUBzRuA@mOEPYLrm!r_^QCn6 ziHg}rKj}4EAe+`%mD(E-8!YzNGF03CRU}jPNT4k6_Q;`@N?Z_$nIw8f0%f+2r{y~% z2aMs5-jRt}8ktt`KISKz=Q-WC_I2m?d6M?ZXiZK6hng0;3}5a;1n?h!?3}MymImRw z$D^Z!wprCQ$nJutp7Bwue|M-Q5}sG4yY>3WY`uIaKNd;OoHS%nN5hs%G6<+F9H|nz z8E8uQ2v4{m6uipei~}4xfIK}64-_Ps67Vmf2o+JR&9i(Aq60T;?1^`a{PlGvUF0nu zyVDHjE0|YQ-pV+js!T^F?g+aYvO&O9q;$gBm0eL7KaFdGj~ zGY+6%;)v5wKGa`?(DqTxvq;x4&qq;9!O0i+N61xxYlef8+vP(pAMTOzAO{e565R}k zpW(Rai~Nl6kZ}MVJVJe9>?66Etp0jM?kG95Qy=#~BWCFQheXW$k<(GDvzw3;p6RIe zv2K8v@ehw_k~1d_yVJ!AwrAX56ga}Wg3zb{kJm(O|D-1?Sm`JaJ%PhKWUN5Hq&%lu z5%Tq#o>_?Zq1_-clb~}emSwnj)J-7cfPn286)QHIRPs1%pGeGp>kRI$y0zqexp6e; zzxIb3$+xFgB$1;IIBB73VP=WzjCNMgTOJ=Fdrnp$wMM%35N^N|;$p3)d|-bH@;L6k z)w!`f;9puihr0x_8WozrDqryOC1k$9gZ*$|Tmotz!V82a#^o+wpgfCa1p-ncJaRAs zw}w|4+7ob3!+bNX2SL@qS3%yCN-}f>LHwfF{-dDJA}K<}5&k#v66UcOKSr&QAQ*M= zyqkxf3170f{3sa-5U;2-g8&RGUY_;xIOBjqdgc;ujRcq%6^D0}9co508W82Rco+j8 zEnf2Q0!+bTmY5Cq!T};?e*a~msB^BtS-=xi9*<)Z*2gQ$9&efd)G?bG>Rd)1@4iG@dP~Sorh;JRw9{)E&MIKMY#W z5iN9k3OkQAf8qdX`O%gfdMN6AR3)iLNcs{Lof3CO2o%ph;;^u6xA<^XWSNw%|D+f1 zZ^Lb+$-8;h!^cQrsAiQYT)3xv!Mfg=KzK9}u=pJ1D>!#3Byj>B@<74Ol-BT&5+q342le!av;Y7g07*naRA)7c*?fxdD&-Yin3uQgjqse8 zM^|p~LJso^lrJsttiuz_rhG{ZmJ~I`>a}jP+Q{C_$s#OY@h66uAhJ(%^A&Qxf~2w% z#GV9WOx|Y;T#1)>B?aX_dU**+Ea@C*Vo-upqWY+${%d&hB?D1sS;AZQm&fBVq`<=U z2R>!^y!+gnjLgxAE1t&uyg!P| z5!sVjGIWAwi$?!>uf9X01>t<_k@?B_@p1SUnTQ$s6>{jzaVx(f7@C#{e;gT~6|>8| z0Zwb6ZBNYUQDFb3>d9adIh!Ccn_@A00x=T>{*kvW8xqejID???{$2`7Noqe5kB=0e zr7W~3VEdWDmygiDQVV=V)Qb<^07=?5h#Ai-E}o}6>iH5p8z?~xTeYb-b)Cf~j>V4w zd(aC9Q=oR^EVu>s1$&gA1Zg~u6XyeJWr&22x zqUjRD>$;++?{97!!4hZpe2ypu!%;p+dOn^xS@m)Ee9Wg{aNx*z9Hc#AHBWm!sgFuW z0@`zkvM8iy`mCPMI!fW;v6#8_7I$fDvSaHxd~K!2Jdzaxm&&yw0M53C%lo97-BZBuNT2=zjRA zD!lfE#1p8k1oS0NL@NeatQ0QZmxBI*pH%V{wvxgb1Sro4gy)M_8FvZ=O{=EUyoxZw zgZ&6D9w+Q#$&wo+3uNIV133-x`Wm5>E(h{vM~5tU!>8e=9|sY1wK5L5xi{#vMt31u z4wY+Zh436pvM9s7wjREsb3=@)_{KC7va3N|t$if9;xCZ<4&cL@Hb1ZCE08LlGf2~a9o85l(4 z4``kC&OumU%QK{$%_*-8&9zTc`cj^!?sNerGgp)gk_v(dyB#8FJ{Z*EcQ_?p#PP zKbN;cNTSAOy?(N_AW)G-F$%YydaWI#iz$_(J*~1-zQn6By!eJ;A0LUBiTLK=m$A)sIh;2-MIvTTpT>hZ z5;N@@UD|wi+G+K7&ybQMKd{2v_D|jvvUqT_da~e?q_Ph*9W?^XKBTC4uzyo#Sxc!M zab>99f;|xN7FF6alNAq-Uo-JEIed^R#R^`+o!iR`%e>&>D>iR`Y1IsgS!_uUi5OrL zCktYbFk*2PRc@7jTH;|Vugzm|#TgC6)jSptJpXgVnDDBb=T`6n<(-}x^zc63#j^{% zqwGO@>7yDVEqX5m%lLw#5F?6tBs*Z|-_s zUA!-2F+=xjfk#TM1o48Kq(aVQjRa8tS<1e@E}oX}9Xasz+B_CxeraSPJmcXjZa((! z-Z-$B7e(HR*T+VF)dm4s+ch@Ff0R!;<4&h@6wxB*9W)F3<;~ecvFe;b^M`vzKGP6& zoY9NKvG$4RPx9q*jH+g8nNC-rXksvX$6-0ii-J7`Xm(2k#{{ps^$ zCvTec_2gE#-|FX&5}x(0sIR>WpYNER{B&$CIB9qn`L$Qf&N^e`V$}u#S$kja#5Zm4 zjGQ7d>(|dCkZ`j$ntJi&$Ih9xarX6v z(du6uhctBjkY*kGS!qdVxR!!Q4by75oZ?Elf~LlegZqlGj;9ySEQ{GXOBL6M!RIae zt9hDnAh$;H*7nTr!!sVTknF32iGd8rLUB*S~0*e0`#) zKN}`UWJ@JZh^b7w(Z~wvw63ScM)uDdpy#hRX}p>Thnz4r-!wo5M+huxdAiCOOtUTb(~bR=-Rt!Z1^(^fA`@;z;x z7~{PN$(cnWEo$MTKqPV8>-XzB^6S=;leQ#Bf#V%>Y&@@w8zi4SJMT+Z|9aYb-t8Pj zuD6cO9!&HSX9u@#CAl;DM9f@qs6{ab$z(vxZbDTOAA?E#USc*&cN=r}+KpT=+dL}dd_>IpAZ97Ce2@ML!XMsh{_m!R@?VGY zM!j#WbkelQJU$tBXy(dQA#Wq0XCuEeif?Iw=gu)E5{HN0P;33&_kHt)FW3$^Q_jA9 zi#(Oa-_8zy2|Vb(_lVQ1DK~Cut?I!qwKqkHE!&{}Tc`D6Zxrqp+ozfw3B})c#%Oqv zWqJRsdR1$#)=Sqv$^yytTgv`dsLHUgaHY_A_{&NAU+ARyVr(%z9RFzcj?Zf^=?%Y; z3b}jKQ*Mt3E%T*VM!lwbb9>S*dq&?vq2SArY2hFA(nS@yrR|9^x;qWc=|iwX$S$BA z)my*)5`qCP|Kr_hKmU5S-|CF=ms>~u`q9?)rj`HK^F7n(8|F$U zEpixt9vhaMr^%~ch#p>;&+j`&TmDeK{t@S4NgTSK>uJC2nf<+wBlAUZ=IpkZWwsCf zq3rLL6vyso-K(2luASEc)%54&k~(P+LuScIW1Clf^OH`+tX9lk`a#U@`mO0nLc?Mf zEjCw1S9WJeDF|$Zk$kht+si=J$5uG$q1?W&{N<$mZ}igGViAkk$MfP-af6nDgNAy_ z4H2`#TPkLZv>;{-4#xP$5i_CuFKrz7`RAYC{VNI96L)oE=V)qPtlT;9et_nsM-i-Q z*M71dS0j1!aQ-|k5+9g5JN@&>>9biU-rTkObt*hbGYzBFtKR!^IWdQWp4?ZrL-4nM z2=nRk@9w0{ip2xxVV*2kn_ql}75Srbm7!sND%xL^nrSg0%e!^c9Gkll`8rX3><)`7 zVdX=txMi5FL3}%e)M&51yYJaLzNlCJj~(+O-fKN4 zA}buYk4VhS^DR2x)aVWbEM|C(>Di!_e_#K&wVgMK>iPZJLec^dvq3eBMiG(0YIa{e z#bOpZguGP0|BO>i*Q#%vyjXHZ|57K-w<2$VR2kOIPqm=^&!%2Dz4qUA%vQ_TOUT+` z=0j~*6jqCw6H~Q(U%=~@lFjyZI4k)IB9krXzq^O}my`CV_>)q_Pc0C$`gr_ly_gm5 z-?pnDW*4o_)$AU`Z2!;?VkYDm=uuS6awIrf;SVEb8=jU(GQvSgRj_p(2KFP^$9w0psA?3%KtL{ zgZKr!=p3!$X_DI{Jvrt{#sNDvI=v-Q(vH(?A35s2T>s5{GPr`D`Idf3E9>GdW05x2 z%;qKAo!(e8hYzmemufak&Rjfp(rkOyhqc}Juk%LBe4^>mP-Pjf)n{)4XCZ%NeqoM| zZVS~Abe!vJc|TK*;a3Gd2u7Ba3g!E3_WnLsZf8Y4w>U$P=q+@WKXc-Ue+e&b;vIWq z*77rsO+Wqmlu2O!i1vOf8e{MM-pSsmKAqI>{u4<}#6M{DKE8%OBrAPm5XVc?BFFW? zUG>(#_F0;SoV(}kt$b@mnv_UjVsv^_J?j@9Q$$g%-N#H!))RaB{h+lX^xmx?X?>#>ES+sUqYo$j{#__^+ejlZD>0OJehFfx(+KTI%*rvz60;A! zgZ8~xY?iNzs*AV8!|oimWhWPV?U(VcUy4h=bn&i{V*@|)j2tB6K+qAt6-~@6NTgdf z9ev)wuhjD;o>{5q(zo#|M~-EF^GG9Z7&&Nt^lokMl!JCH-G9(yZh+j!eO2o-cpLOaMmi=5@_eWSl~9$J~_C9<{MuYc4+nfBYp%~|N|H1NvxE;5wy={k!89g-*u zWLY22vZUdYJd2~w;{72+TVPi=;bU%IpghkA>8lJK0}gK*VzK1nr6pb@_ls46NyscL zKC&c2GMqB#D-Xx5Cq2y)!xR)fT`cM^5U;vVLrXY;Co3(3c;hkBwWes5 zUwH88P5foE`1BIZWO=@uZupu$n`cP*PJP&*^%R1&0$C^N^}2Xke^Oa5FDe%Avw6|s z70Nqjq9f^Kf!sn4zXl zZbmmzF~~;GUTp>5@BY>-@i8I>EUV;bsjyL>X@nrcek3rezYeu)SsK~&Rp934=JxjX zrd<$XV!7SO{H^g2Pgy&}B*w$j znpr&VnI0bE4=N&UPnG_XY)@l2z4-Lx!|PQwoNd#3q!u~s)$2yzXpLLQH#*sZrD)UE zv%Ce1(n9%G$LycOgD&lGx8D0r%B&A{CZCKt;jPF~-&hheEfP1(o$yJozK2e}eSySm z7m3;72@N8V`<7502suABb6z6btr17VzW#l|y2dR;^Q_QxGwe z*y8X>ImilZP0tp{TT+I^CnNSut`~ZKkSYZcZ`{Ag0)B_DxRhcopHr>vlalD>RmP)4 zz*opH3q0xhJUx?Vq!A@>(t@PV9wKW77mRD>@X9KFail@~<1$aYC`s2dXNj%Q>)pL*lcakDF}B1{#UZkg zm<2%0?IADkyN8Ft7&uS@c&MFJN_Z(9pp z-ku%eDE;n?1eXsG!;Ir&5*|ZHcY-+OYz3zysMrzgAxN}9LPJM0{Vz4KZwN|UK_{g-C_FSfz|J`y6;MdC%X)6fF|h$ z6l-@qL>45zmKc0wt&{V#e8MvpuUK)TDX$Qofze@+=e<1R;_+z0eOTg2IBMWI%A+Dm z=~4`0EI`O%9NiAK>Ps;wA4m8njYpC?uq0xC%(|Hp6XVFu+`vl~kKgRzl2SA%HjcN;{Pa0qz%}D&1aF6@p#UV6{*siBYlh>RFy#W& zAII&MW@)`zZQN>*DzTi)!Q=f|#o7lCp|jzD^^qMg@>#!kS{=T051dCT@cA!^OGqD? zx!exzUsk2G{^-+@Evhv1$0G@i0=JMvjHlNtkou5}1FX#}B-9Dqd@n!axacBZK@^Vu z0Q=xE&)9bw^|UCC*x>MtQqqgvZlQX5xE0#N**3`@%!t1?u21XrNpIAfnuFty`HPFr zcshqrj@lOTtvdD50dj>R@satyT3+v@X^|asaK86EsgD;!ZD@x_6LS)XXy^6L`=h;H zt1~c0r(0X#ks&b~ATjIR<@=*!za~T6$lm^1F`FaBw8hN(R8Ky8C>EP63I891{zBpk zJX*ersB(5L6Vh`aEY%ubvO+xwLbI3+P%rQSiCMD=E?JD2J>g0E0x<|5#R_HIA8}Om zS&H5g21+s3Q60Oe*jYbea2! zkt8(XEY{MXq*%<#54`@6Wj{1^v0R{MBIR2>85b6_G!^H1k+5;`cKJBt07SdMBY{w% zJTw`M1f(aE=m}IQX8Zy#IlRjliLo#9xF@T4q(NdPf~rB!1o3l89=>150kV|z0}Tiv zV*SLtV)0M}iD2*Wprjw*DUGODJ>Tc$6`SWN&(ZQ(hYwl~%4(jD1e9lKE*Xm#y?k;t z?{h{1S~J4iBMmRQMSB>q`mu}|3W|d=g;51aX|AQ_4|;ncr@xiZ`pBnkscNcZz;@KFtMi&FqG&}EM6p4g8<5i2=XsDy`w6hnAtP)rGHd!mO zu@q|MBx;ou%rKMibSs9MUPz+<@iCQCl5iwIgkbb#6nGBvJOm!K`BXAVcuueRZVpKn z!8lpl*da^kRalpV4{6jQ7q@FnD? zJv}}6Ba!{~a9Awr5Tuy$Q7AvE#1NlK3KjGb1dfi~7m%zq!7EamX|9oJ*7SCx2#V-K zB~m_E!6#Ro`XrMIr=lYzm_%Jjuxb{41fEaAbF`QmUB`23&gNr;j{=VxZzCTBo?Yg7 z*5UP{4!4BotoF2cHYHS`31D^u)4e2a&lGaupa{xy9v*HcJV&E^#mmE&7M}zjCb~(% z%d^WoM{B0KczkkJz#pNT8KgW%c@A5K%~vSTVqPVD(B@UjCxJ&bOD0p4Phy^>e1+o+ z5;D@5s(?N7$ep_Cez4?H{#U$RR{ z$+biPdke@9$+R2y>28td(J!t3!hJwhEb-)elhD6#eQ^0Kyw4d-a`Aaby`t%xXx?=8;IKQR^ZxgNU9skIF|Q zF|i+k=dJob6w)=+{Z)u_npPUsU`@|9^llB!RRwU_1-r{xdP{nyii+T{QU^g9Q)nm! z~`bP;b zAZ16w2niHaODrjGD=FcT5~a8(>P$!mH}eYc>>?k75Mir%^kocgj?Gi$#WfR_cy5`G zT0I}1X&s*gp0tmbca2ORVDQBD3C6CcudZs*Od=xRL|?m9%biM^1E)IGo;jLjpt$cIFfuBF2AB8L@?cKLHX%UdB-Hx$$HV=dnPV$q` zb~yfeTE7V6aA14&`l!=C_RGh8qu%Ko#`C08AG{BQFZzQ${LC^E?vL~9BXzv-zwUST zw&lq3{!lp_Eb1|mB@oXGaf&UHL{~2IRO0lv(F7XWV{wsRzstRvB zWG!6icJ*@Bhn#1QBnk2I5OWHb57T}8fCRKBM~-lP($Q)tTZ8b%H~}5b&~v5Nid8Li zn(YpYC3Z$qidno}KH+nqWW29%RYY2$M%iE#jo^)wXt#K!7t?zA;YwfN@obQT$9vep zchyXQXZ^IL2oFhzQj}*l^7MLfK1F2Dx%E6etBTR~bn&XqtLa)A9!0NcPl=pTB>5dV zE4`7Gz|Gwc*RtRdxH#>(1EdR!Wc#ManiB*>VuxNF|yTAj(&{+NRLEbz!!a7s!1<K3+!-u$a}2 z$#cg*Vz!;{k9KgXH*nIP*UmW6wEwtYM`E_M{H#shM&1fFUTmK!tG|%sl`ea5_XNqd zAB&GsUd1ow^qP*v>{>o843U_%eNA?epV@p0ov#G_S6sNiNG#FJAX+_Z7ggI(k%^ad zy_T*X&M&jIVX?`IB$+S1UjnZX3CKA-4`LQAHiH5V6wk3-JM#feHg)9RmG7fEyTIGZ zE|Tk&T=pOa70cdm6Y%aXMBB&a)g`{7uHd~RhhioD745-c1)t=Rm|?vo;)m)VQ>i@@ z6OYmU4ln)fk-+AC4sVxF`iqD6IXo2)t7m%nnU{wLYlMfEwUye{Ggt7cmrt$WbCkEQ z1fGrBd=B&6CO&AlX9|hg6B4sC|8ak83@asg69Z!Q7Ks_8-{P9hY>4j8nQUkDTDQIA zq+L5HB@-ZK<={*bHjEsz1u?cqf;GG~tk{FY=XpGU35-zq#t(}eO^RxN290+fRNUXK(QEP*fhO}|7Zd}CYhnl>wg=+?p6TV2U(8D)i20`$a-<@W!@bU40#Z5ok4F7-e}ufj z4TQsI{=*$(0E(VK>Qis+?wb9}NPODr1tQnl+LxVMryb)X5}M925;JX4%mzfv0)tlX zb#HRHWr^7x5wk;C4uwxc@Nn#UD>P_raMEBye8-r?=kuj79&%hSa<)C#_8Fu08MNC! zxU5{N&)xG0PcjJbAZ9oMB@#28&0bc0r6pdldGv3bB!jd+&Nv`AVpb0Ls}Bza#9N@X=>Opd(pq_-|ZWQVUG6VbT_JZ27BRo!tdJI<@aCS7xnKDTSqDtk>7r;ohaR! zUSX<-fo$pDi`&IQ%8HJ=2))C$+*2&B~khV$5i5ntyUfqVs0IEMo0K9UT9+E?WCMIq40Sh zoV390Hhi}?f9{|7FIt_0!%acb4v&pVNJdl6`kuXQK$hQkK+O798utitcl(pUZU}tC zv&#^O+3WZ#ScxIym_j%?RL`7jaMDnH--DR#gkejlOUxjx=JyaYrUD5(W%=eqx0dF` z#(wCn`b8l)Rut8I2*`o$OxaUSrsT^$)IiL{h3e0ipBPSQry1B_ogIja7H#LmWG#~fF&MwQjlMm8G z^}DocTCXBUvN0SMo0UQ);s4wHHwImavDrgZ<8aw)Evypl4r`?)O)d;yf`uj3*JY@c?Yv)xYrz#j_T((u-yIpdTbdl&t(!Z3B4$Xc^5fR??(R7ivp}!a zGDjztm}x}JG|&2riyj(85?>}}CuE;0Dd5eCUgW=zn57%9B61bPjPq3wwZGjn-{_p%iG(4f4e+<>XvUpyPZ!;X4?_7yME_&A{0t|M$E1gH`)8*r{W(#%)Z@8 z`{5pb^z@HkfBlEP_4ccsG%a%6F)l8VP|1h8#$a2@VxW!=;-JSf42Ql)4$8KpJ{gWYCKaY>M6cd zK1pbSM&a8gxk0W_okwIOKb~9!>Q%AkalELAb)S+88Y%Flw9dOf6f3^!?OWmPO+wc8 ztIVHL*Zy+Seh()Nzc)61G_nULAvto047OYA4h!3Nt#NT%c84=;O*UmT!qKKRq-&?Q zH@()UKk{<{w%HDVwrri4;}#N@!^m_z?tAu@Yg>6p;1sGpR8KC<{?T3MU_Pzi`8T|S zj2v{#XUNp9CEnNjXE>=;Wcz$~gl6p#=V90UJl`LilLK4K7PUSt*eaZL0_SI)6TuUnO|%BnLeMEfXEL;3u5%(EL>5QZ&>66&|n?vo@%>(~U@*%M4S|bFR5j?r2Bv${z;Nk*T z(ial>-Dj)*{YD$d<&;m$+@CR-%3n^}@8hKT)U@&U@k{qA69@&wVNF*{wGStENY~su z6eAboeqfW6b{II_p5vX=yCY+gz5nC3f~t#E2r01@H^+lPt8;ca8XKORnwtM|YV3vN zH#ZL-9EyufWYjV0NX+iwSy~`lEUMopMtV%I)vnSt&`S2<=J48ovnc`7 z1}6;`>ox*NhqE!s<7eqj{)@$o^yLxJN--yGN9BbD24q-!i}NaC#s*b>iM;vw)P>MShcB9G=Jh9^;Ny}T8!JGsO& z`tYfnhW(t;_8A(y0u6q~@Vv0hTlrl@-il4gq~=hYx-sZ-of8 zdEY8t;FC*y#j>QB>hSzpUb1=7%`+Q#>%jtpd2rHF{7+n^V&YzK(8F!G8rCRK=zw|Ee{|Ka7p~^`Uh!!-1_PIJL!$UjJNb71Wb>-U`nDqx&Y-r?dpcy9?v(-)m60<`4OuLpt z7o9==GDO788VO>wzeuX3>>$SWNFyw?r;B%b+KQ3sCl}8w@y&1B-TBVrqiy~7&tI{- zQ%lT4bJ@RV&;Yjb;d85Hn5H>;9}kBEi4}pik2>bwe07@!?nb7W4@ExjrNOh#h(EMv zntMo)8*$E8LeSvQA^R!Br>mDVR#v8w2f^BuJ_ z6wo8!@x~h{pYW=OC-qs)r)W@h65bw1$Y119&B(?co5z+!&$N-}NunHXHE&tcO5VN_ z4l)iv6IZM%q9(?Ttu~9WkEA&CZC9f@FG-bjecZVVxK}|TC#`cbpF`%(mEBC<7N6St zI5)xIC?xy08#7cs8K}{b9hW^ywzWt+wSR^-fiH#HliqwQRU0AsRx11_bl=w~}SgJ&O z!p!QdRz!3!Pn0FN%=1XhSlAz{x8Z`c8=o3n%?se9K^_CERJKIoro)ZkV>}YGbQL*y zK^5aybiT%H8eR)q5f-yaAJ9$#6{*fIFfLP86F2_nJI9SZ(fE_()5EKq{Y)WN z$SJ_%q){IzPl^cQKr4uc)EOd+%g6Q{Qxu%@%;r;iIr#K6><-fh30Z3gs~KKLmxNA+ zSHR)=SbWJ>79sAnt9+76fQ6c2o^^PRG@eL#DQNQ*sF|`*K1aT^c}4)96X}&$yRSJe zDpH;kZ2l_U z22mfI99JCHKIp|Xm-DH$mT~OSFHJt~oBhFHFdF1f@vfa~Z!iw|GTMds9NO8al|PiV zM268>UQtNYB~&r6JltPc(bb-~vN$rJL~2HP1zRd^GTIZoJTZHRhtLza2p2D|1j~D;_+`hj)Fm7hkz>S)0c{_Ko~p`!X?$K!op5#INl)YF)+Z`M4*4z&#UL zO-_Lh17Z_XtdEdASnUbM^(8#gGHg;pF$>YdwQ#oCgvJIXQtY0C`Bb4mj0>WIG0Y5k zX+M$NU|^pDva_p9CySYO4R%nJnJ2w-r1-Ik#B@0&tKp<4?k0ucm{aZ;Zv@W!x2}~o*Yg`Q%UhGS4nrf z5bhi`cC2Wc@8@o{(zN4|*}-CV5w>;^F3dQUZWVo|ZBNZ-2#)#}o_ecEC#`7G%OIiO2EOb1m5AIe@F}27q=N1ZX4CC;)d?mPnCug$w6wfa5!djlzjD1ABia%0d48un@4@VVZKPz}~ z15Ygp^LXZgc@FbI%==QM3O06V;?xZC;=zdo22BAWY0_|5)X|jjvH0of=8g9)UFhQo zxihBOGAF075MK5M>5{|J!=)yNUQf&)2O$JxL?H%gVXXdAK|?g8Z~^;-qm+c@2vQ_K z&7fOBeF&d|o~96c7A&6e@GNN`FOQDAJZtm3i-&|A-KUq9`B95#p`*K#O!zcn5YdPYC4SxYxA%n1>*wK9~LpCd8b4XhS3 zc)a&~=?p2?8@4N)fS7@5p7O&YIOouFP`^P(v?oK>L}U-xvPCAz+2UmPOpA}LkY`8x3l&Q= z?IGfd^a1gYmVGA4Ei55#BL(-D@?1%OY$7o$79UW9#nUfoJ*^X-b6+JKAsK;`J_5Bj zp4uCqnn4mpawehT)W=bFHxD(lcqCy-egiL9JQL%hAZDnwk;w7OBL@;Q&Q?ZrB-&k? z=x0flsQ4j?tVDUQlG-By<%t-xlqX*@0X@VX;y2PuP;+97y zG;*vc-x_I9HG+#g9UMqydH4O|toG+DJx5|TL}GRYBS-qvQ^wnEuS2f~RLtTs5i`#Y z>(fFZj>PPEV!*aDHROHFx}%xjU3;5?i$`cV#oYB$sAPvh3~w`!&UJ33RW^(EwBC9{zj zJ!LKkUj}nl`E04sZoDm&EFMydmDnJXi>6*|pkXAFeuAV0uuMsWz64W0iPT3Vp*rx> z87CuvkCe}lJi|B+w8Miuarl9+m&ezOc{Ybv5>Or@FgrZ!;gJW?)SJ8z!&y_&m}B!f zoQR>8=4bAV0D={rnUs&CIg^O}L55}o5SB6s@OH$0n3|D0=VTBNHe?)F$EViwK8I(# zyyD@L-tgy`=e-f*mw8Bt_ZhwvQ}F}zAZMk^AaT0|92cA|U8Re93a8T0i?xTq;uD_Z zd_KRklOLe&vlU5%&*Pr21DWu?KXNiM`;(7z&3}EGslF|cGYK^AIL;6er2WguAb@Ml z&RiJ^@PkbphdUQs&Nx7Vq$g=O_LS2z*YLcXN26!5RD3c%RkssJp|{RP<3Zf*P({Lh za}Q7Wv_Q2mH0yVJ^?ZEPdd|d8;@(+e#D7;erju!F4A0rDXIuUL5o~o0;9g!fx3EWatoR#(^1&zqIYs({onwyocu~ z&!+Xpp&WTtO{asac>#?nB`SW=CgicSB#+!*G=PGb4R)&4!j-y|>&4Dcfcc=EN&}yq z!(zs=4i8BON?6R$y~yapZnvlljLROJ@_zy`Blh6UI3Un7xiStUJtM(7UbMt)9Z$r* zf}aDS>qc|s7_mifMuQm^GkDvDB^4e5f*50o#68E7JU9xHCu}srzngb@+9J=nc{0-Q zRt6lx!`^>}D7(*{K|omG89FkF?vZAJCr^YZ@9N1mk82jQYUc1b+pcKmp0RoIrNfJ^ z@=0zCyFGC>=oxrvSj=FcxhmGmfrSwE^Mf5r%r4F%TZzl_xcgz67C`-6i^K$5O&;6*#mNI)|tSh+e@j7+?X|AveM?|yi)o}=MJ z1Mj{rcjv1*?3_C3^+^^KBrvb1ojt$y`A7Tbb>nVL03rGMpx=pGyQ>=6)3xG=e6)*g z&`&w+E0zQyW<~4~WAq3e#H?j~=+FC+FSg8!%RJ-e)l&N5G8C>VUETXjFOSzi=VCE| z+@6?=5`>icX-ulQ}zH{W|efCG*_WULu>7TWlas{8$i&su7+DD?z`zY^x^nZbmZQ{v_ z66W{e7urW!#iLu`HCgADAR`mV55PqDn(u7IhC-NhLW0WOyPaOYx40x8`7GyV>&|*A zb$xi-7E2XX%KMRfh%{-&mo`&U2=vsr&WoSa}dX^Ts9GO&) zF58XgdcQL^uYPU4q_3`&_O|O0qL%n*!1C5Gh#3xzc|AYx)ptI>iAjqb)y-Wkvc~y3 z8r6>?ByA3nFt z=a%{9k;c{2zG!6n0)E|<(1Q!TNrGZ~jJ3glK3?IXpF| z@i*FMm;7(dcj|qTtaH^;vz_{D{DwhGoWL&eHS5ukk9JB*$msgNXSX(AOh2@v-R{># z`w-ocgc!a%EKFPVUcXfnJ; z4S(e?jmyaBh10}JFD-I-H|Y0AqrTaicvgWzkBhu+na5k?snqqg|Fqb>zc1h4-)G<6 zr*-BJ73f7`;I&)(GI4z!ey-PhCkfZ<&I@y5Eim&3PERJS@woNr)2FAWA^NX;x}UIp zwAY>b-XWUug#zFDIXLR2RZd-cxV_8Ogv+!=Qfvj6iYv%hX}E%MRGYtd`} zjb8k>grt_#bg|I>(Crq3UlW2uWF(K6bw5na`m}Ej%U=;QMDR7v{MuQg;FH9hT^|f&fLv(CdH8XPv<$?o7g!K84Q8D0x5#GpYyYd$tDz-k z*?T=LGP!@}C47A_+jsxidV#c^FYkW-;TxQ^S06(%a#Zbf=UQmb*zqh1(d2~{FBST8{<4n-=BDiw|D{GYSy{S_zetN(Ie z?428_x1I){L4wd^BNX|U2Fcc2c`D%>1o(4;y=`r#SC55kEWN#ZUXtF z*AW^}Lz~|j7v2YH^1_N2yaEP^*=4?N=2yQH)wa%!(Fyr#e}Cm00XY&0L)La&^!3^I zNeIqch{gZ_AOJ~3K~%NUeJ5hJK{Zx5Y3Sa=f(PsKWT|=I7>!%T;O^~L2x2aKipJH@ zP2=r7H6=-Ki`iAQss1^8=3jBrzH3M48|%buehOlCFreFh+|Rnt4P$qnppS^cgX!(x z8YfuHI-mZ{V)oTf(%$`_t^fXi{%33J=`+vK);ekNHw%h$-r0+IVoA=?A6@;A7k3;U zCc+n^>E6+9=XoBnK3r(ic+coOlUPRAD>llbu_JMUe6%?JR`VaEi>ZH86DRdzt*C$9 zbF^}`3VxL>cNIN*mY?n(#{)OnFLL6M6^XuV<`rt#SNk~6EY{edpysSn`7|W|)Wtt( z&-=?s`;Jap>EUwivQF?2{JZt(<j{EO)nBQQ)dnG}SpZntddxfVI< z*H0GKl||z9{Fb&LW{0+z`LUQCp5{lrorB%Z^iWXS~XsjJ||{NP8x`rN3lNVV;4<; zRakB@6aJh%^Digudp`YT%eNcFOuOq0;>%)ow%6%Q^GEnSs2s{0y~9H!W`|mQU`{fP zhuptW%)Y@%`_Es0{_m})A3o=!t#i`C3(XNZ>P%dIEYiNoV33c))3a;8{L7&{e?93v zPmLCudJW9_ULt}gk_+2re>v%yV`JC9YCXuc9EtDb^UtHsGm$k-i;LYfeIzA`G$pi1 zGyF34M-2T)V(3R-%QGq;OybAzB7KSJ;U)SJovn&KL8xxuR^Pt0AAv>F<+IDUA6@qT z-|nrIMGjAo?DA113gV|1G=sp82eiwR>VwLQJ`t94Fyw_dGvm`}{PF(Kxg^iUEtS8C z_bv0xzre5lB{*r)auuC>BiZj*oTC-IbHBct7r!sRqGn&pFWD#l2%I!T`E1^?|HUTO z%cq-C+eJb>b7y(?q815E%$9+Bb7cF%96zH@d@ToV^5!(Yzn!_a;~g{0#=E*c>v?pP zTjZI|JhQ+sK+MKi%*-8sL<2GNPAemFe1gPm zZ=INhv6xXG&3_#(IBO}~{e=!Aw*4@hJNFWwTjoWT7p!pF%RD{;Crxtco0wv%ryyqS zHhBcbaOv{pW%v*o$NtT|B(1e0nZ9r&uz$&a{p-&E-ujQN z?hilz@NG`oe+Cv6|ES(~5~0Aha%0f1_l__f&QC5T9i!9f^e&z!lS$7o?n2?C*E_qH zo<$rdJA-;_+m6^CcMyl*vc6_!%0%$Y8phP!4`7S9L@jibyfVo)z!%7NS4)6*&*yMoao zL;~{TZK+kfyhl_No2MBE6nZ4qp4gXhJwrp&wS%Ibj;cZsZ-Y^2=;o*nDcWygJ~{AKIs%pQ_LsmX7xSKiupV9hAv_7kN=8Jgfnae!2X9$^=&SqZi z)ps-1Y_vNZKE0s7PiE^=pdFrMsg76r%Z;2A))5>WivVU{AAGw{jCV|M3lU6@> z+}B8aYK}(rDG{?XBxcVY6N%ZBh*{m(orjN(y<&zOyPf}^y?5(PT+8;prT7k>@@XSG zu^pTcp$HUlP&vev4h13>D1bl>1jI=S1Vt-}BCQSzuOj8S8T~teT^IrCn_9uE? z?N6}3#yiKH(ZN z+ckoDBxZJPH~W&KXv$-6GrRrt%eeg!@T{LN#Ce-{b{4nonQ>%lB@er`%3xBq{bwFT z&9rX*qMw17S&$`CEEP>8W^e-$lDns|$*K-d?K5p(FNSSgX1{iu^$1Od-b$y>vn5Rw z@#^RY>X~WIq{&Xj2bKQN-kCgeJlWwLdjsCC_3~hs@9=tl{8gS=$ICumUd1Du!pUq! z)z!C8b_EudX5a^LwLelFy$w5hxRz&@dFE}rJ4~$R!)tl(NDy8e2^=163F}81FE1_f z^h(Ic-l*iog$KJfjMK%A{l6k+O7Nm~O5eBohMephO*w7sU(~L;qtFIqR%=$r&#-=5 zZ#DY0E#t!nBxV9V6Lj#Iyf_l58ZG}~w_4Vmkx5we%r(4ozTaPQ;HRJd>mUE;)n}b+ zgS7wHSxE30*&SC;LvE&xF_NGCyXs`?^XG&8lUlRZ96jA`Zo}&rsla@@+B~_KG_Pu# zbI8|Zv<;+Q-}dinwQ8;VbM<8Nb23Wn7)0iY{oqClsoZj zzkWq0-01-9Koh^9cEJ8|Zc)hd-GRi5WhRVvhRsD%d73_4QaRFoNN7!4=IkFemgJIN z!9zl5+OpL=PkDZcha)*W@A9ml=g^ldm&J7wur5P(ewuMwi_zTBah~=+d`T`2-oI#f z_Bx*V;^V_>c*)Ci?v)P9l;>ExWn^b7c+KW#=u6J78{px!mw4$-Jhr?USf0q1EvN&4 z7u=IBj^pc#Iu>8w85ld!MpJ+c?l0U)yQ^)IwLV60KXDX*5-Y*v{uVe|t@^ARO7N+6 z8cMYT?Z8?2v02^Qfb#3Zo`vH=Xb-6kfb5@iHa;cXet&yZKQG!maVETrHM~f_Bs?}_ zn~y-^=f5%Wrb~&*B(5EO|yDWBQxLzbl0xqejJ9#tPIy|P)-OQ1mQ_B|4_O{7uP(e?A@b`pky)cm$tMPk;!>O#R3 z1N%Gb$>aqQv)ak#bCQ->F^HH2keH3Jn2k@!%eAhU&1mOwjwcgk!Iljl6;K!86x86E z+)7?v;wwbRd^Z;_fE>{;l_WX(>eGDAFA0ZYWMgvM?Q5;i+} z!qM6TEN6=u@PdE;qL(MN1fU{}D>jZ8czAmxAcY28Ui9(wOdL;hc&B9|2O|dx(!hTm zu_5;CdS=)jOmKTDr2k{I5Wvekzl!H5AA5=CsIogeQ%8_L(~)6CONQ@!0ZI zewl|OG0qscj(0{H;4{?3IV$$P!Iq54=0onqAWgrn(jX0s8Ps`;1d|CQW=$k!Te@Kc zPis%`XaR}Y^s!%k50lW;@S|05?B7-{QYgV4nV|D{)^3@5zSyla4^KxXb|r60-=EC( z?|*;&Hro0-X*a?7Le`SoW^)Vm5_HbSf1Gs3yGkH&JsS0^)n;wAV3@EK9#D{%?^t0qF)pR~wV(3TpP(kd@xAa}VWa;g}nya2qo$g98$ z4*$SA`(MNJU!=5#dGt&4g_z-8-fUc2XNJ;-qKILY*Jfse3DMwlXmV)}A1gq{Xc3b5 zh+>5gORzQQcdu&wY7OcK)~@>I<1a<-0R?IH{t+({UXaTYY8X1-u#^s?Ez*9}P`5o9 z4u)~{0Q{^+LiCS9H>{E(Y z-1ZA$Pyci1OLTD{bB>UXqY1x;8031Z8D>nlQ+WvIPDj<$>>Wk`GQ`I7b!UIiX~nGqdcSjB5`KQD^ZJ{_L-@SQB= z@cqZt*UQJtqS-Oc4#$~h355}ZV%9W;IP?#69^%3N1qw8zv6va(kn$lh>mxC1Zp{O!HrmzEZfI{p#q0`; z*->P}6|>JEW*1n@^b{>$kUPI@ATa}pL7uPK=c`gr$e?r8Y|qSKPYdJz7cvf?Uf>;1 zaQTd%mmFSP;Ca>(uxHwmr&Y|xfEhx)2EA@U8rY24u+GTxS!EdRh#sDkV8JF_Uo4Rz zmI7ysSrdy{v+?*#qa>6}Rf-E7Ht{s!p-_S)p%xA7x;|k8JX7d?#Pi5J-qEXLF{)Nij^@#byWG=I z=KEU*$=&2;wYt5(e|(Gj^X_ic?Vf~meYaRlK)0Tr>H2)WjdZbw!n|&6w0Wku^;C^0 zq;Q3IOp)iIKQxh)!eonue6sK-%4ixuK9WVUrFnVL;e{nWy}+w8s9m;*>uHxgPb-2@RquD3R@o_6t%ns?Dv|J-g<`N?CrPA~sZ*UOK$I-OE#GMQE z7m_o-`Ztu^8panN(Kr5~Q@myzKJw3LYOEa@g8DiziI@%w>(wqD~NGnRc;+ zi{PQZu*8t-1*^V9m2S~59i9_C{ES`_#{DJhUd#oaclfZE4=?hv{3ae(IV3!7nU_yH zykkG)%5ft50w4DBg3EU#wS<}&hhD)Gw=n6SG_`-YF@o(M#VXQ^chU?aIl7+HAPwHH zsy0W>TCH~Xe)nAfs0dITGN?u*yS=ZAD549nsN(s$};HFvD?37}q2W&}@AGIV> zXGJbbyI3orU37|<@Emk-iEq3y`Qc)s%!{kBzM(`Rj?yo>7qI*@nB3dEm{hAzNAr0k z^35q0WkeHL%(k1g&HcUoEfBK{Bxcu0%tFOMV*eTmAQrP*N6h-CyLhgz*n2RMm}!u8 z7JEV*Zm3{;VBu~)d=#ci0rtt-;EPIdn{P;B-$Pjdsi6+Ta2M_FNbT>YOc6qD!hVc7x@@pz!kq1cw3D9 zJhTjCmhf7^vww|@J}kZsM0k28US4u}et|D6@-f7-D|pf}jq=Xm3GJuXSCCxEV`eH9 zvlkzC28_h`0w<}4+-O(bT8)U=`1$NzAbDN8jVQcNIW#0>q*W)#16^i=(NE>KIQ zBaQ5iG-+G^?T@@Ib4I3u!?Oz`jfa=SUsquL*9U3u8rhsbNHdJRQFB|@Hz)8{MM0VZ z4=YiemN-7%jVj+3@&oB9xF3n4G?;|KJhWDwG)K3ANRY|@MLGLCZjL77ySrw8Yw!Ja zt#Q< zlKn$c&Ud;0@geb6+PPjY@kq57c{yXZ$NiWEgM(67xM@bI3!wF%u)+W0YJ=@2y)S8 zt>1@71W3$klYW0Iu%TOJLpgjuu8t-XBxX${W>3}b-E-o|Qz#0>Xy+(K%lITle#x@2 z%V`c@Si{fO@bTAqQRe*ZVKo%k4r2L3qa8(JX0eQH7VppOXSF81Ubu-Bu|T?CwD(^T zJ|61(2l`g?dKccmd;H}wt1WvzeOP3gC{{u00Z8uux? zP*@uI7DuLKe#OW%^LMf2lK|Wv5VO#WVivq;ZjvZXe?KB(c0t8#e^mP%F^*2FCr3`X z-0=wBu#Ik4CkG#e&O&>zb7cH2bAk)Ee_Z9#md|8~|NdmQ|LmQ#;-Ixyb0+mX>YtqU zYvZRe>Yyi@fC;~#v7&cDqzpyBZC>?HFPh`+?d{vWJ5WRYetL)`Z~yeJk9O0)O>IOr zA-AM2!AENN>9WDuYbjWJZRMIR|HhBt?Tr~^B%En)1cU;YpBOefo+@A%pu`L`B$ z=gS|$vv23u9qD)AXEh^zVh>)MYPTb27u7Ar*w81{=be_2S!Mt7clZnQ8}kz3Uh+&|7t`g9qE$X0G9i*ZDYGO zN%)qvw*$%a<$zmz$yZs%OD6K0@Qg)YqxN(sh}j??R173$kXxvN#4JR_EX-338=lzd z%zVETk(lkkdWr4kDf+!$mr50pU3baj>2!RZWwX95`8$;QcjujCwl7K^`-*J-3-HX3 ztJ?Ehk2K$(%=VuR(zt>2*M*8QXgWS_R;w5LdUCtp+;p;JwqGbO97$bN zH+K$i6KI+mF}AAXvq+%M^bXNvb)NjZd2;=%N9MQv{%7Ap_O>#V2F1!BA-@ZY=AXs7 zZlrW0n9CPtoy+qfJSS0x6<=;MmQGpdQbWnQ?+xdW@bb7{{TxNQ)-pQ<=HKn_&pc_r zU!Jr=pVfs*u5JaD2l#a zy$(flqVR9hpR8nc%!ZmvEk5vk4`MdnpC_RUqKcc}Y<-6s*N6<>?kkF+C|lK0C}Qk= zqGI-b^W@~l4R=ug1P(?`WL79h>-?ZXF+cL}&pc_rr<+>!dHbcOovFQxK22uZ zj)d+mq8szMfg_K$ay!}rG1IpuwG#!uX1Z~BH@Y>Dm^JUt-sPkp5=#8|J84Xj8RC~= zy?@Gc?P~NHMO(?qc>nc6o-j5z%ELKDrUtOaagfSo9 z3vb9+YyGiY@6RCZ_YBf{hcEly{G3^FbjWY$olyXaAX1uRn^>0zUm7Gl8CT5Cq-9Ly#XnoY(i{@r9 za+r_xf{vIOk>I4Z?H4m8G`;-S6SI{;TDdGDF{`)rJrJ{UdX_ETAEN1X`=&fwr$y{N zh*=1x3z6tu_u^0q7(2s!<}Dd(|5$4FXOQ-L{(U@4wO?E~a9XWy&uuZg!(v8X)KG56 zI1{4LJ{a8{%@fDR2YXwi>)pskqTl?i7&i?6ZyBWhhjp2~-P_+s>W%*P@!zh#v0uHq z*!>m>A$^K|3%n&rn_o0flJq4HBlUSSN<>o0d@tCx3k?P$$?%`X_jH@uL+KekjF;%TuP3y`0XE@}H8CP|IS4;(&n^kij~x z-^qI0FKdu+GaRoU?d(J$A$i+KRGUfMIXgp~{+3;JzV3A6zU&@+@k@67N3ZbgZ^!$8 ziG#Ei{qOnVstd8=di`pC`Io;5FRyReTlv-YiGwtkk_)RZiCpfr)>XeH`MM$-f!h&Y zgiYR0yXe;L&YY4)Tm8@QsMOeqUi7#2C)FnUPxs>X;P|P!see-r%bMT*3(M_)!9-T_ z>`NbgAJ4pG8GectMS0dJ-hzVd5itW@OX?fR=G9%&h``$Z)LUXSxRX`|F|!|-j{5tN zz;3U1q_|>sG`dJBp1WvEbqHdHdtkrcKgM0DlZq=Zdzv*Z%YP)##6jAtlDA$W+24+5 zep{aX?RaLDi@r9*vgMDh+&u7-m_-7gC*29DRfNRssa6{&4cp0XN4HeWp8DJS<0`Dt zuH7LqJ8hl>zbQxea36bRdtMru*td-|wsNtVAN{yIt{r-4+_kHbZ+fX8j z{v^?Uo2~^;uDTZ?g;Z5BQm0VaB^BEByi0?Ew9|m%shWD&%RXM3G%2tcr~NV$<95U< z+PTO@(WdM-wq*Mw;N^8Z`jTDz<=c2xv}cGcP$De!;5&_MK36XfBY~rqRTeHUKed9! zhhR^Ve7tB0kC!ULmdc5Dkn|FDN@RX_bwM7rDEh|??9qAm%=x7jw(~j*R*MuekZfud z@3dcXK9cN@{wbb)126e_TybFekaFC)UU9pNS6ob&mtNped(toQ>`Od7B>Ua`Z1G4g zpVra~UABgI(!-~n&YqDVO>}sV{dnzvHtU_~JL~-pYPRXSdl$7Decq`=H=9?@1L}9i z#%*ns1QQJCr?tsu?W#KJce}M_vs#@b6r&w%F&UY04nA{w)^l-|{P7ju{xYqt=fTq! zJvptpM=C7tZ07ENwrH{iN?EK|%#ecj`_0K_^0<1nseFqZ_DB0l`z>N-7^hcPcV|kQ zh*@B}c^nC(j&Ag}Cj;B)+I?V(wn9DA5i`c)FZNb^m2$afBCq8c5ARwk`vx9cDgzU-NbOYcRwTTSrX&)N_%tKFD;($3SNGRUpaEPe0(L3D-L)*l2(Z2qB628 z?EfX6`3-pXyLs^q{EH)p*RmJg&?9~;?GxT^{CM-4m<4x_uWPj@@`kMv-D+M{KS%95 zY0p(iv=3soS)H6#LCk7h+8?d3|J(m(N#@b3b}@=YLq2JRHzbqBSqKo!tEE!5aaqg{=b*{;WKJwTKB_|{aC5IQ z4v+S)GO=p+u`HU?!w-Sfd=5eDe$y^Urs$R#W(7Xx@FW)?6Mi6xAQ^#?O%X3(64ls4 znzYBulMKmWyb2rsKGDR8I7cGhlEcgVEJk^Ua<|y9YV(yCw~8lLi?$@2CtpHl#0;r8 zV0W>^!@_>-322M-`WK#NF-1JtKdjQG8J;zpmoRUY%dE{aKAv;7El{`H-tQ8j= zo}7r=9?j-w98F<}?1A#IDn0JsKf8j@czMy`?SsdbdHAwy!AB%FBxJHA7auH-*gsg3 zB=Y&Ai19*(w7ZMz@u=VIUQL3yK2k)#?smt!?Y2{xxCRl%F4O?2HM{+-L}Kf1yt(LnDFFBq} z%P-jWoZ(5LNrqJ&`==et6nNUP%xr+gtULMq`Sb0lhQzFi#jN>0VnmY7>$lxV3mD4# z+Rx)d5VM`&j+_7{OIpdh_5=1=p>+m4doXT#;z>SnCjAhjg$Z2V z841K?ex`bO;*ajgA*v4VD5>gmPJ( zAu+qdVg{83u$Z0Hx|8HLx2|{%GNhetQ!(4bVs^TX#0(ZAybHA~Y#9q9K^*B1Ik^=h zQ`|Fh#B82ZosmZKj7;R0ru?H94oGZ0k=Q%!Z$>sY^t=9eG~V9YJe^eU5{k03)!dFK zZ`lWS>`Jb&{uL?U67IOSO> z16i4}Lwp}l4;+4E2ajK~IsGON>115Kq^Z@Pf9aLgRy1&MF}~a0yS<*&wl?g139Yz> z_Ky=u6+~zv_=2Qr`7+KWEt&axwg@lerXSG3!Lit|-F^|bOoZ943S9=gfcC)AiU5d* zEr-WnF7WW>BF{NIw9MxD$^suNl{lA|2#@yP$#yj8JkVaL@_;UmNWv-=XB9#+%T;g` z3n>$MSl!CPNP&5_!XaKOfF~2)vP8_|{^TGfrOe>8T|8(h=HZtPPxg=P0m-t>^OcGU zs)3H=@DDsr!3Mm5b4jBCL#^OZU*w@>geNVNS$Si` zE*^9-T^_YeNSCb)91#|EBm1oIxc0ydZ^iL|S3xFqZua!Z`iGs#5t>MLuWA?L?g#~Q zh7vhCsWngcooGY}K6NL1pD!l0+TH2N)5WbGi9{2Lc{HSx)L4PTzveq&yr}&%=qTDA zf!G6S58T)iv1Ld&Ax#DI$kV`I!gx+V?3wbgXg|Gz=WJfYyhM3y27Vq}Dl2$+$R&yG zt%B``34^`aCN6MrN#Z4@l}PMwHcy~l(M9uaG}*r0JRQTDawGb_>MOSX(v7tLeQ{Oo zML!JlAZC%^3EW9r5Hq-wrq~Y!Zt}&)%R#mTiRQ4s5Mz{hj(7qShckz$ix?yE1h8ks zvo5dli+n-g93GS+O?mz;Ji3S(tDF|pN(GBk8hygStWV-fe5F$yTxN6df>26-ci57V zm=){6vyUXp9pNh~7e8XP46PM^%f(b{bPSA;AD!}{sr;A z%tO?|a`~27q-ijbd&IHl+m~F0mWeFBz5*mV!(zcK?Jrd z*gi3DS%Upbj~Mg3W8$zg4^Q^bE%Uhjiz8EdnTM98d1vIXN2VF@*jV653%ta6MjD*8 zj_~|4PsWg?kqPNDbRG=mC_tz7jINOY;ssn~uv;+eAK9cenuj}Fqpjm^&o@1L5RMkEqMz0_@P=}KyU^K%eh znXPRrZwb=A&ENlW)qFyny)`p>P^_$P~@tEZ!xx z{IQ%JT=vLQ4@1AHTk7CzF`rLAsJz3AQc3M?*J}S=KR?;p?03i2TEAJVP4+izN!N!T z0TW_Ed8(Nu)Vh)&#MJvJKQCaO?4RF!()LR}+w zDG&bpVAM@fQqlFrH3md-$pz8VerOpk5I`?EpO#b=8)GINS0B7Q?H>&;CgsuAGLO$( zwRsMEvX`gMBmfV|!SR>Kj3MoP27mdWLP~kq1vnp?1cT=kLCj8?PZ1?DA9rh4RS>hp z=JSz(=8dbW(617+)bZr1hQ!PmmK$d7-Og>ZxxXq%qmKnX7>Q5tOu!V<#4{gMuus)? zJ|tndvDT_DsyvGx75k5f>2gDi`77K3?$bAK4Brwqf%;Yk{hX)W5I^l4g|i zWpgm-1!*;_vwHbq@U=0`OAi9F=Zej9;of$&cG~;z)9uYsZBngbG263yGNliDVI&4Z zNhp`YW=YdZ5HbtXUKx#+qR7QQ*2}$VjI@X7GshFX6)TV#lvhD1RFRx7P6Myn?GN)< zDfl$b{EvR==Y=JnC<_@mh`x!W=88(~&BqIBhxd&%C{9G5n~khmk!*WLyFei;QC^}~ zDAdILgD;^(#-mEy!}Bh$A~7RM>f=?fKBv7r-9O=>+5Kkv7qd6p#x%;*jO`DGNK2~ zt3HTXatj%pPQ~mg=(+c196o{lO)gFoQ6y%%LP~`gcG?L;L1M;XrOv2CS@7WRj7$O@ znV@AEI&z4fkx3xIf-^D+o{`Dng&$pUU?bMAHT(T)cN0y+=cl8|s5aVzHxFO|>|Ve5 zUNPP>^-N5DuHAl9AXQMWK93yqYfneYiXe@?DzlTzetj%vA#E$0fxOfZce5NMs21=| z1lXG4NdkN%!=w~G`tqGT+^Wm@83Ug^%Jk#mB=|t5wrkB3G&Xj-cW0ZU(fImw&v`pfKSR--07(JAFmlP=U{JbtQN zqQ3;b#5sJ%;bCWMcyIsscyfKAWiHPx@x+oe$1=$6ShVrU;iZ>&xP#&6xz~6`=xC&% zoPa;FO%PA&B>0FIEz2r1PowVmebQK&)(hU??vA!nilXdaBVoHe8P%GTr-XN6WklvD zqyEz_seMEuGv8!38p@jzYCq~9e79e-+vB#Mv?px)7d)gZs5X!7hgMgtjy!W?za8>&z~{xeVw8NWv88Yx^(jSSKG13=N&bP`O7PIr1G;QVb zW~qa7>f-CmrE$qekBj0hkNptO_wo!rOU=h;UgyDnoHJkCKdt}*`XD+Z#|(@e#LVGA z{NgILH_~}ATgE{pAABzMW_Nyz`}>$6F3hUw0GX)k&?xSW>5G z-cYSKQaAN_zStNP1u5>~OXZ!2vNb|~{n5#pF+Vyw()DP-5ySJMWFb4Y?(_A-vqY|* z&-YrbdajqvO6W)#&J^;k>3PR~NjC0lf5C1~-1$gy+VAHJzVlt+*;o0(8eUrFS+m%Y zoJ)d}!q048Uf2JucmF?-pS{M5xS$)@T1SnJM@FdZ;Jv zskC|6K;5>K4uvOc-SNI%M$$tah4jFhv|vggCuKXb$8!qt)$K{U zE%SNWI$m7E1Thl${-ER)IiKQ;xBG{Tzg9|TdJd6@(OdYDHUTw8vM7TH+%KGiNuV;pVw_z#`^WY#F7xp< zJo73qt>Fvex{+xOA79PK{hbkC9tl|6%3PjVGt$g_gTsP7dnK>j%bn?oi)L+de6*W5 zR2C;phW;Lj*G&gIy3aTy{X& zNQ|l{yY_AG{eJZ=chZbVVpMy!YjGasc28>KP~_XXAPoh%StMq0M*bJ=la+bW@G_8W zmeaCk&b3zKg^Ry7e2rrE8Z4Y%6Ed<0G1GBQfjc^Y>KD zZq9O3v&fNg%>*%%=(?Ieh8Z~(2mbu~&HiL0W;=n1Ld5K@e|?zpi&-1_9TKyPAQiLC z?d!=wVELAtvg$6J6X)fN*~;(ki9bF_lbOH1gOceqF57Ny9yxM#+#ekqZ_%~e>UcMT zXJhqVxOmy^@2yB0NrJRCiqXtLR+IjSgFwkFXW5#j_&T(KmA9~82$Y&(QesR&x(~xDXy5^R!>825zjs(?|p-qy|0ZRWoA2dR_{s0 zMz?veYFzdiRAdQhbCMR%NH9w@QOxghuGpkb(J*UH(W$idoT&ofjMSLRZPOrrB&MObrQ}fv{)?8#%7_xAu~AN6dDU^Kb1yD$xE8F_WZwOOk%) z;qu1^Y5APz@dygiYLoqU_A6JLqt9>Yoc7_k`ySsdO2!^9FB`x7+_&<((N#fORQV9> zH3p{q#~fI3y1UZgQ4TtTrE-)%FO~1TGif0!9j;w&fr2zF0kSkTLEy4z>S`i^Lt&Y1 zTb)9=n0>$xc=Gj@HN(y*{YwXGe+FsaIdYa?57OB3FiMx%gp!HG?n(EmRy{fN1YnVa zT7M6(DliV~$H_#!o;%z*Y)$v(sWuR zzWyuNiPv8Y(#nY_eMbnyEO}bHsx_a^JZl0Xd)4LvSt4~*ZxJ!mL#=6Df3uh!P1R}s zBNj8H3janyT0Q7Z@CXY!M|(JSH6pur{lvx_WGzsyb`u+DvZePf9~;^D<!^b8Xv}Q8;J2% z(EC7B*}d+Lj>#vHv%BX08^o+_pgS;X|dHd@6mtHmn%M6IdU-HGjgmOX-LHZ zX-WUR`!B5R^}@=Lqp*CvnDxJ0X%D|QUs(F(TX=NQ?e{ibu;&@uS`f37ZnsuFoqNPA zh{Wu`AYzuxwe}LNRx2-Cy;dvqMllPv>cbl>W-L3KNo;(*zsRe^`(^)fc=d+|X*aq* z-`Re@i_>lxO7f&RNk-lhq#g8|$DdC(H=mld>OcPROZDgK!C#bB@1%`)ck0?cgSfMag_rn7MX zD~6i~hT;tsu1>J0wUyN2P*0uh)$8?PvKQN%zoC#gTobW*)M&iaQ@S5U7t_dH zk+d7e*=Z9$#C&~i=iaD#Z~$V~$71%6pKC2+g_s?UCdr+gd70(y6rnSx{b{dqE%=M< zxC!D_#&2)1<=Rid=EDxpeh;4k-YR=|S8q}O!y3yp60^%jU3cz`rLz?*X5qWaTYwxwR-mq5i_1kJK`kU zvPMryvl}b&G=DMpm$;S>FY&JBL3mOLh zGiRRt6Uo!8q5r1M#(uT>G-^KkrkvxeCz9_>3515hcZWG5W}j^PG+q`nW5*V=7Slsw z#yFnFdpaZS^bZXKJR^sYUf{hWhb=pTY5nNcot{!B&;?3zT-$;-VLl}8s*~IKTVAzQ z_9o4X>Q%Q|`;n_=>p93l2ZSNjhHOQ7cp&NJ{u4NEi@@kA%2*f6thW$L!Fs zACJ^~J;p5Yr4sA{+8@gnrD<+wW##73bdW`Hj%G56!`yvE%C~a4d>QV~Li=$FzzPyG z{L&gDX0zwz;eViO(B28^EvP<~DKjQ47A_Q^WtcCB&@z(K8yYJSXHv0Nvv4NZv80N+ z$QSU*#eX$lz*~rCJ6SF*sI)&tpzxMJ+XEMquiyj&0!KeeS11o*70>&4#^Gl+&tN{Y zf=~N--r;$dS3SH)Ffx|SH2ai1Ewg#q&ttE4_}S|`>*t-$Fiq*fEMdbV_J+m_mDqp5 zwtp#{4=VofVXHPt-ZuN&AxEl|=yvtQD_jQlVkKD5(VIVqiDW4HYAvL1fx7zf&@htq zURlDHr=n95oc7?<85;Ej7WZe`-~Tqxgw;hJd(Oi3!d>R)vFGE?Si!S)PvI`cQ>wJ! zYfqd>$9uZs=`QkI0D?3$;k>9$w%#IU?MPy5i`n0(n2m3Djm4iT`bG0J_b@0T^H*_{ z=C%i)oJN#IC8OXB+7I&~m@uennDQz_UGfT^{SIDS;<0DWFdw(d^m@s*n9cCx0N_Qo ze9v?mk0vdZh{f!qWtPyNMtLq<6sEaVkDL_caN5Z7tSrXLx!qho!{%G{dT$C(zv7Sy zRYOM-Tro4vQu(h&yN+lsJ7f4!IqSO_dLe+D9VGBYmd?pq9OgKL; zz0Ri{US8&HOA^vtw!=D-2cAh%ApwP#yJ5*AVF}uTEVxYEz9h`6Jims=#$H*&vx3e0 z#TfH(tkf=FpgYqf%9D7|Ru;tbgfCz|{sNEN?~XKno+!0hWK^?+Q#_LXWJKuVj6D+I z{M2GTv>;~BwbA}_AH>XExVhE5_5^K^DG2%Q2UpBO!(?dZ^>`#zPv;KyH z$!*Vykx64n+HpE^2>j}ihK@`>KAG*2b8=7!+=wJ6C`d!Wntojy@9BC_fBgZ$(J2zO zTDN(9(X3T#@ZV;&dA&bhc+u2|9#8t0mqn8k!Z6)nk;Z6YC^Wz#pAHKgC$W%_I}8aQ zS;#~f<~Wgsw7;6m3&2Y*&rv?Uz#|H631NtUZC+f@bCtMHF(1~Zv>^TQTOssgRBZMEIWg2c7 zKVw-TCZNVv;>ftrnSk)nGZAKN8um~5809t0YjHIDj!`~?&KGqyf?4U$A|mR(FJ!?h6beyJ-3ZMeDk!N4TOS zxuG+8a)Purt^SQZNYNKSj9fT2Jv6-YFvA@tluGmPh%H99)wC03ZNKL_t)HpT}1s zF0&4g{s;BHin_Q0y^h-hTQGex8TVCC5Hs9m+YqG9pK6o6xqhU-;gz(_>eUqzvx{pY zW>xgx>h<1|n5EFn^zyP{me9dbEJRu+c-kWpJwgAVFR^`cUqHf^d4YHQ%gd|W7w}Bj zQf>QDT|VsPHOy<2r}hS(sWO&^JyU=#w)GR)8;BngvtGGmHU@e7>3AxtAAK}Sq9lTU zg%PD@i^WUkaFv*arjL(BVKysu(C>G0_aFay6wJwHDa?wWRE;#TVwxQ!X2^dlNX({4 z%;spsK;x*~(a?7$6gQBp8HgF?<5>SIxc%6Ekbl9&r(#CW1h>t@P<||mtkWxE5bOt_>!-p|X#MtI>%P=3~9Uk@1jPi73B0SP_ z6U6Z_<~h4(L%Gcf6oQNyt{BfD#%zK^l~`Yg09gl6q`J%yxZZ<_$w^F-x5>W-g!@@7{r!$uc|yaXoWk z1_%FEpAKHNO zOclI^raQRK2u_|!d6w`TlxvG)3e62<;Y~ctV_vd(bfokGFW9_FimG!s{~cSwTOzKA zmNoO`Fk2dAohQLYJJ2g~(^mdV2Yv|?-0a}1wft6)5lu)qNaau*c0X4P{ZK!umy1a1 zV;wVGwxGNYYMF4KXSrAhiHL>fv6q)tC}OmgcB_~zai%HAY>d0_-OCcK!-C6Ih+K!X zUlO3vP!36gFE#j*7J6Yw&vtw~xy^rQ);u@ zPehE=ZLPW;j2Kb8j8RFBPF6hvps#wjjl(HCnzuiFr|a&Ls+5z1ND20sUI^cX3#5+f z`Fp1Hg>gLrdnU)*o`C&@_J6@X-#D}2IUG-N%)W)6E%0H6dS=DxPpv?CxQnbUv?q=C zZ#Eh&@+PdIMD)GApc36jGtLMSv-hKM(%9*hhp#^s*hFI1KOIl@hMyYQ^K9|Fm%N=+ zo2N00&N`i!wk%~n8WM-xku_Rq)-k0O?&cGbnre=JI_Dt@+^-(fO6*g8dVQsv2#-@TLoNf7sQOA7panM3@)u*MQJO6mWjoTXVV;i|1r;` zWnA|SwT#6jnmIJ)%jEhB0`*^Ba6B2rTOxdXk@xz0+{4TENP~HNBx-N&$bo+e$!x<6 z?f(k3|BgF25Q^$26UM)Ud!4H7$)b;^BS(kY^Lk!d=4Uv|u9xS&gXbwv&ICM7!@LHC zT|1!cGkYY^R`X$(_m3QS42LaMfS?wsT8WeF{?Q!!PlI@uxNNDVdkY6B(al&nevA4))~UA&OdH&Ka!drwmq#g^`J8 zNz3rau{bh$d1jdxfAr(dcM_Sfr{>XvQSRyfq@hDf4QO7Kx7j*8H4E z-c1gMa>*)}%O7u2dUAVIooofY(eAg@@Y659G%9cx9QBoe{z!#f^oOfhXV3<|r7Pnt z{I&pmxsIPQ{9+M4B>o60&!BmhB^58-N-=Gtl@(iu zXH!!Z!V*~@bQ!)`QTPHyu_b&UuGE7eI5O`+1yi(3)3iR`qt1&9DpyiPAr1$h4tv?g z&dLs_*jPX5W_-QvcE1(m$ZDM9=3E0AHlML(iv z;_#yV5&jal|2uf{WwzK!JJ$=hM?)L|*q@CBP^{Cs8&?`aSIrEK%g z#s5{jq}i6V%rkyIvxavqDUOX-##QC*Ga-DTfaYeXBU$|F5ZEU}?OCwxKWid6N;#_b zA+=rYA4iQqBzRJ5-ljsw`$xfGAhp#zdEq^c6q;7%WA-dIwKL4;Tf;fN%M?)N^`ZM_ z+F3AaPfvrxVQa>EP0IDmS!T%|Nar!On@G%(ClfyND|pwF9Uiv_8=fr&8QPvwcF-ZG zI-k$?M$N6z=eru@MoaBas@o`TyAS7HT_9$R|5kgS*uCh#A6g)0*2kN_M3Y-c%(jEx z%qH#B?x$b=(WsCY_ri|x`uqidiMui5v>)?dY`);|*tpVf=OxF}MB6@DyUSclWdyN6 z>|e7b4^twxN)C$|6VEo>G`~iwbslb=-Q-PPAbFC6>>#|n5XzVj(?t{ZDwHZ8gY9-e z*=c35m}Rk;p@9Iku@qB9F)a!eEuZ^nHZH#wbE$Xpl-@%Je&}#WsAl(x;L!~dGZ~jt zVr_rXXn$5niWTI^S{OgWgky&N%I@-+CC~Tp+S16ef(J1(T@#n=Ephq!;x8pEmVW&d zSKEU}T$g#l<=G`(VAqK8i+p(b;10iVaQOv3yy8sgNP|6-l|)DB9M7ED_6(AjJ?{k# zN6b)+wpDGuNA45}o>r?{(IAM~Q8cyHe+sN!ft^Yj?+$wpy(3%9c6(UNs5Rz>DH^Ek zATisqpB3mg!Dae_knpn|U!8{koJByWfQ&7`kj-s$^2UqA2Br=PUL^Q)x zvE{RQtJE=z4e5S5o!(my9Qq|MSW^@Qe^a2`-joqVclC+W*f3L;>}ERv@jwp0?Ux*C zMSrr)3%v9aPqsQVIWcSZqNih5TrYnszL#fhN_vr(e+9q7-oDp9-^k0zh~f^uILwp6fZAX*IcQBLS}MvxI@zjFD8tVoi#=BI)5+#;R$CoboI{zy8?PnG5JIxjR8;|67X~x^d;p_m387ySF z9*>Babx(sxcb;k&M+TZAP3y1BIE_HE`M1gEle=nvD`%xGN$f}^oW^W zzJzR#q!|UDOZYGOg1@-Uew}Am^M21+%M;6HEOEW337u?KKw?((K3Wg8EG9o}X{>F} zNX&98-fIl@1R`eq^d<^Juii2n*%A^nsJKaP&P!-kYx1lti52O-td@|NeVS4+6D6qv zVm91SzJZwC%Sg;DX3;azXYy+0`kg$JEzuMlFG`-|-&$k;E0k*;Fa3@@^AgX##!D~p ztj|8z46$6eev};Qw$_ABt8fblM$Y6I=e7kg+uXgbofzwaG&CtVL}IpkM(?EQxv7lA zY?|01MT~mxEjGn-&)Z0)hL8r5jmLkpk?F^$;4q75_8FO9Uv($f7f@|-w7WsGZX0MG zULU@DS=W@{X7{S!zxug*oxI7nTKW6(J!C6VB7x82YV+wJXup%1yZ=|uDfG6qOk$X| ztV}lSS(qOQ=JIAM(JB`#k~D_RnsqcS|7Orvm~D&c(PcPND+Ptt_s$OM7Q8*jvZ7fm zW;=9lqovsbp28MYi4lr}$ID_?{g{{W)F%JeGd$l=J_LukTz&9MV=++>td4NjQKNb2 ztGVs}%#-#%kk9DltAeg`UAAC)Xehyh&AVFjnHW+ea677XYyHV+(rjKdtJ`aXG)2$n zhdXX!Z#~hW8l#LVPrt-LrSWD~ND;sYA4i-SuLvwYsN#Vm?PSp&qZ)%e<2Y%Z%++$8elvQ_@w zyX=phC+%PHFC4yaSyasQ<4u?Yk+d#K;CVvDtlzxoS2x!NX>EA*N;eccwJnHQu4kG# zY(B=k-b)6Il}kSBf`r9P1~Ef%R^gv@+g}@`{q)mMbmM!2G~u$?JBp;PyW=xM-~YV* zw0)%DAnjH$+R?+a*WR^N^sWBYRjpsEod)&cS@5s*o6sCj{}totcHA7DlFn0x*~>i>)&;leJ87gUoOnNkqJP;z zZ)c}&(Q;{-Od8D_(|G7E_gd($tinQ0DI;1vBw)j{785VbdS~C-?#zE9IJ&xQl||8; ziB!r6ZmyehIgO<4cMjA34AOqO z-SP3awLx06m1Uf#0CcIqPL9Z0pq;vDC076NFfZ4K`p#jl-s;`oLsA7R{YR(}BA*YC zm?_3ncM?*tm~9>@BuIl9=NrUqev8Gd+kL`fHUu#W_lfo**%h-78Wx;%hW;4c2Fp_Ln}JKJ89&pVER6hLSkk%diqYi zOzt_%G8s{d)1-UTk66qEBxbTGrpvv(z1HxiWzA-C?`w-FVvG-!yp#3k5tUWe=ggx_^S%6|NZa(>;FOjzy|vJ>AQk7 zt9V&#>4DSkWEY$-HOFf__xli}1yZSZujl!NyKomLOq?*^|@gfq0?Gz zGlkuMuQBMz{~k6c@xpz)amgHc(mEPP(_)7exO_dI!DH;8Q5-x<$>7a>{pc{Hr%4o-u$&S{bS6Y&_u8o zR5rV#U8ueZ-Gl@R%{U=Q3%q+hb-4j|;Vzy>R}(B|p_?dnwmFJT4C4q^*1}~l0=dSZ z^v4jh*Ml@6To#d-oq1nj3FfosqM#u$gD2CX*#I#MCys7<^+Tv|4G#~dMH7dqmHdq! z2u>d_r@C>IpLvQ2l=H28p>4rSMC8R~%TL$ljPwF9#j1lP%)%yiy0L+T&x<`edU2&6<$0BYGyGI1YATqB-hZ z=?${26cQ_QW;an}KAr{ZWg#r(Ey7Zjv%oebz&#ywxnIp0Oz?N272d68$GD_0;vnr44Avw2yv`(M_+ zIA4bC>%}kb|GRnC;YAP6F7VEklb!1;$L(LT_K{qBki+)Y3SRyvc+tb-Anl9OiZ6E0 z#x;`L)oQ?7Xc7IS*4*6ny|fPR|FqFR^UeOGxwYO+Q%9}*a4D~lXD&*8H9C*_W4j?d z;v+hkn$LHlsp!ryZ?TSXxt@@A>>+G#6&z=Zzm=b@=NX!(pqtIRV4&F;M&Zdo`>e$;C z$0fpxH-8*uL6#SH_=4RTzZ1{e{1+0WNt#{aMYMTjZ?+hhOzjI-YQ`_ zk6rW}hev1r`|z$O7ZyJ9@}&Q*VzqjU#OxH-Ne5HkzIhi^!waz==G*;Ae{=mJsCU77 zJ~3Z@BYsKDb{51enG2?9K9AH660>M@KKxjgy^WRDjx=5+ayok87C@bWWx4X?#$MretTk)*?{7IWIuF-w{xG%jOjiu=sm8kj;sC=MDWoC~&- zZ4`@*!QS|{mqXcQYUWg$o#cQ-c_1ATMTx-V-T72nH+#*+5OW3d=tGD|bd z;>}8&v>$y*&X2^=4a3u_-#ty3$&-WFa&8h8Ja}*Pp+>F zmk@8wp!48MIW5rruizPxqgxKoIJ~@qpZWOoS{_m=VP5s}cvbHV?F_FSl+%!ZZVk`8 z#KS^ZC-To3#o>ml!c##vcPXB)whiUoS*t9V99>1o#WKW`(fQK$tF~vN z_T#l;17%N9+?K1u!pXph}8F~;E#4)PCDdqbY) z*mI2X{36e=yyH1uKD?F}ynLG4o4bGHnN}HzAIZmo#f(fTIB7>Njz>6iQ$ce@YDrULBS)M^+hRa8AC@|hN>S!Vw3?!!}$<-c4p4n0Jd#!Xf zYc?(~k(h<=t&%8fNX+)8+5F)SlB|V#Qz%G-vS-E)60`cfC3dJdIU@nu05R*N%T@)l z;1c_ZX>=8BY?1ejG<>W=EXmKyD|iUfQ2Q%npw_7PK^MCt0V(f*Br--~8`!^}hsG|B z953?7*x$-aYj{w0@+=P;yMot9m=|+K${3aL7x_5n<=F+Er@S+GvZ5_{j{TRa0P@$Mw0yJAKYuPM>9)>P=M9cla{6H&Uj zXQVOZ@4b`u(@+1{So~WVrL76l7_(z$f4Qoj9GoHDS0d4nZtOob`^RssJ+BzktLDMD zd+PPL)L|m@4nIlW-5S-dcOyqrs5C&c_i`%9@Gq&5GmpuQbR;P?3gA_Oe8^4l@iXk4e5a%%f0i*$E?{=Ay5hzzdq(tEfmGw zhjwyh74CE4Jkw~5DWd6Xws<)x7K>0kFw0AFrWms>zh0jAf|1AvVqqdrbT z-N|yIKq?f-B+oax(lV|~0FDcpDM;gd$IH0OAWC!jS!J2$9#jrm zX7gn$uBs&Vz`c$mAe@>W?6Yj$;UMj7bho<{qQUet5;^U5yS24JS};*hB!lnX5SO&f zx=+^vE9SH9)KRW%n%L7cr+-x2)51=L0>M5Ld@)^K^YNrY0VFZkRGY7Oc`jr3Kk#$WyMWFl2*egwx8WM<+1PZz%*)MG6~TUUFr+%U=6qYzIR=fRn~}Za&TDLM1){)@vv9a%ma-BR#~#v**$AWaqC zYNf%C-?tvb-YhOZe)jZace!8fEk@>?d!q34aqX;IyWH?~uu1nCnDLb-r?rze&$35W zl1CA$jFsvk52K8gu~DN9Srb!yAB?k(Ei1r2y)akP)8Lhv(@JB{Vk`rIe8!9OV~ivr&*%)KiExL3bJO zpieBd+aik81-;Zbdinj!LD7`8SR4$FALNE_IU}t@`BFOzFF#o&tB689 z(L(HIm4uXmX0&Ju`_oIiRnKLjUbDk1X@px3(0pX8gJw23Lx;kX`lBYHc+qa<3p-^r zA#!SlTB1t=ZXCsv{s+8<+l$!WaPcDUsWii*UrGszM^{4iMPmdo8tG4-^e4jWq>Is) zlAy!=m9eTgE*}`gAb9Z}c*s71@sf*&`Vjj`GrRzJ@=K_qM)0`)x(6>|iTiQ9$ncQL zj^RbXiv*tz!iyAdc<{m~Nv|aH1TP3UvxW^>Ly5g1GE+zwLw%6_rz@Su=ZA;=Cz)5> zfH2IAt}ZVwo*o{a)!t0wwaD>Bc%FxRX0!vliSDL9G@B4Cs3HoIKrbH}o-C01i*Efj zET&J|o5ubNsX-)x;RQcl^y9I;Ie6FJ5L4&`FF_ak@ZhY}Gt)`2bX5JRv$FOCk=d)K zCr_6ztG(UG{6Sj1`n*@`ulwTS1NMecd~^G>)_?U1kr^^6f!2pIg(#DnVWy~{dpPbd zlX&WB0*^*S7mqx13@`Zc;s`7+jXek9MPl|wAYQgb5Un}{XB&jf zu-GY@ssgFWdJ$ISPyv|CzVwD^(S^$@-N6jgkgb+&Xw<*3i9j?k5)yVNZ|BRBKs;Fj zm3(*Pz<5e#81IZU@>IOw;$fr#GSfhEANnUDkuG!XSrjRMN|0GjCbt~fGre*13BIX@C5~ zOE*aS@#hFR_{aP~nwEJglCtKbUtR4HDyZUmTtR~h2k~9!}LpY z@sbx0X;#U)2%de3WZv(c$K&N6d`d(i6?aUuln-KdkW(ML_yu#zda{+jq8E+as>EcCFGY{Tb5gNmb3=h8y!mGNd=$f-4q`B)Nctyy{ zb|Mc?PHWARUUgzWl^I`nc6nGmy*xR&Jl~jiGBw?SH|(p(Jnp`NM&MF{JSrjc&ZJX+ z#nV4-j#RQXiWik6j4ycc{uM|KuRu!P9G!T@$-&bctSVa0&Zt_RrR7H2+$EL4qS^g-05xo)y|4ydhG2 zl4K|K;(1M+e3szFYc4)LhSwF$pP2H1{HSO0D!L`q{<#qxP%<-#?9^3u0*~9Pq5I3X z8%K?-)izYTD6B~(p|w!oFE)y;)@#MqtP;knMgsCa848*WikQq$jC763EL*Y~gv=gp zMBH}=$ey&QX9crmOA=l|A|nTAaY$DA;@Gxr0|iwHWHsIuGZm8!?59Dp1qDLp&*@emSlR(sXM+RdsNJ(xd8yXc-Z z7UENTCJIt&KNiXB+OlEbO{{7P9pFt7DmpOm4$%=hpgVft$ib5xJkFHB_g&eVfj5M<y@rbQh|0&gVi8{4 zK(ih4rNYX`S90-+Q-7yEZcF$nc;2EJ2XL3+{tUP!JS!D{Np_St_$0%t4A1%TasZyc z3lA43c!iysiuc=ti%(AAxjXSPvp2f8&EIm;8Jyzw&&a)BaFi~gk?3}HZ?|@KcDg>{ zSqo3AweIeE>=u1ytqRTS!CSf5T)>sRRvGjhZRVK;=3fRE++NpMMw57T3f}FOF}zGW z7TYJbp8~+iUOxASh|GRE#PJy-v%~ZIkXiWM-cQd5TeHY4wscr4>XYqFv6{)QCph*t znjg<4gYgct$bQe^k~1uulNFATU&?2)W1h*#Y_Q+j+9WRylxE;ZLYw6V!1uSp9k12* z5t(ttBm2rI>8|s6>cgt2gC_k5k=X!|*&xx`h%l8HyprbCoHrNpifrH{0V!rle7c;g zw~Lm*^D<~w`pU=luR?np2N&pCMIPW;S~#@GM% z!7F#+xx4YauO)uG;lIC*eR^D4w93aTTdRwR%z6(e$!xb->pmr9HvM_#!Q3v4$ZQ_0 zxpL7eJ9^FRPN$s%r$0L}TI}aP(Py7Kf4WzY2G6Mn)w9FX#iz>~ zi~Yp~oEC8IAnh0hX|o?Z`Y4o))7v2Vh`;? z;p6wiX9wZOHiyW}=G1a) zy_IMbt+a~TX7l`K369_Vr){-vqwivi)#jT?nbjLK-`t3Wqf~$I*CVqqBC{PJvtL|- zc$+xYdWoV_jq(W_w58_iW2R-7}H>U+@I~dB9 z?J{J4$mfSwt%bE#vDk*B)_i&ROAIidgS3wuq;Wzqe;YO9k?lvD<8fGgq1W4v#p4Iz zkM)^9gfUklnM~w3{~HfX_6ObCa%Oe)cI(mV$}J+Zm3hhR%h<{D=K8EHY-`7IR^d|o z@5IdR5u{Nvy9jR`@8$2~&(d)3*tXImAhWcPNX<)TDj~B5M<%qn#o}f(^6=5^B$@Slj}e)fAC1fo%(=t4l~@Fk z+0HK?r2TWP(ZI-S*3b~p^svCs$BBZaSfFgH7(%vKw32g7J>`0x!|U0}O7`ew zVjVvu7~7MEZ1i^TIJaXPZ_BFP%5CiJZS8Gs)vxxmL^ncL>aAa3N%M1%_K}0MN-@8N zMZPBJD|)+Fdm4?0Kg|au+M=<#`kQuU+a4U&mKXb%mnVeHfXwD>-fr} z%W`zG{=I@UkgYu$yuLE_uTlb}FrM$HYNh>pzi7$4qJy&9Tx7X2VpO#+z>_DPgB zz9%hwu!6}fm9#m#^Y!t?79q1XVH-8gwOYSGl=eAD`^XtBhsmLsB z9srqf^8K1~|BM6V?atO8|8yMs(@&uv|M}->8XQxDG`zxP^WWEgdUn!;RHyjU>n_c? z-!>XPe}4Gps~JJsmc6eedCpy$_8bMAQk_%kTzLK$!58K!q5wM!OL%w1k+Rc)oD)h? zaaQ!Fw^u8^d|4E*0EksACip4kQ@m0r@KWVsE185>uO(fw27~;{JF+LuAEbdVtnKAm zL$2MnJGqUm$VIM|eL1j5|I5-&E6>T3?G0!-?>V{ykAt*;`m3}1|0Cknx$xXyY3G?{x4A11}^n7lXJ;0I84Qjn- z=T#4xEx(&n&DKOg+Ow}_1!=Ygj-k%Q6zXito(r!AdFI@B9Hh-QS=aJ7Rkj+K%%uDd zAv2~*$~zfcy?8dG7(mKD*xrxGti(?*pVX?LNQL8zauW1pbzR5~23J@D3+tr$SB|66 z2Z+q_TnWhRcn`?TdO66B2$>m(%+%B{+(Td*edd&X(%h;z!xD0h=-2=L4$D7EU9tz?N5X1l#Y(DOslJKib$>N1u(=ho?{3 z+GHF)vx2nUv%_bx>55Fz%&;x-1zr=V{Ij7+H2Ba(nP#pOu2XcuNFb`7psJLn_-kLtF;>AOd#!EzN6I7e19D7QlT9TmjNsnYI6bLT>>8w6c`Baw;z#35A?ohUCmov>sK2u=E>wz% zh1DkxnLX;Ckc6eE`(~4wX)d0fEyt!m9W`V5eMDvovphZ}(wonxMXJ3%A}@vGnn{i) z=*%7_@Vp>8Ezu_N!W{UK7caZ`0wg3)ij$NlF?*94ttqd8=~4nAv#qU*i*-b1e3~a@ zmL`NdjwcTj5Qjm;!wc;;sVypBcFL#sm)=ZX)&)zh*ORDg3{lXNN~vh9!?v{e>S=8` zJTYWPzqq&p$@NC|TFDL&nV|+2aQW@5-D+{{O0KbJj7bfV_CM#V4?A)#&pR^Vj02KD zGd#*zEYeGPF!-?Y1)4=C>A{Qc$U#me#R+_27T&#*Jc&mack%o*Jm-uwfG^M@^zkt* z0IysN$*K5}7tj0gysVKo3)B%7i*)^QR4SEoD*>U{yMu?_>XP|^LE7f+hkU{d<$WBI zrKGk%Vly>A6v3bxzQANk|A(TG`1U zAW~g+(2cGT4;Exi5I8!)Bcx^tsG>Ml2@UkPnP4F7S>j~;Hpw3KQ?5VILS!BA) zsC;CO1>}X6Wz;h(;qZe8YsX~?7hi7W5ksoBjf%Z?>LZMaKFbNJ5biHu;+-pzFH4qa zrz``DQ0r*+l0C9BQCL^0dh|@4p*yy4Y+G%s*cg2O{r4}AECmrQTv9=|xzWnmCBplV zaRA?ZGzQZ20=Rq{TC!89W)F8zlVNkHJep2f_{=`9A=Bh2Ri~uwv1Cv*GG6?W+iexB2{#aod z1gPhrFExM00h|HE!IN2265-Q+d`hD(#HW!xBsr>UP89yrOyOM5CN4nXnaX}`p7b|p z_J9Z?vn?||?NtKPT>t4s^=fN+|K1|+L1f05D^+0%|6nX{sV57hW>6m@SMTECP8S&7 zaPZ0`UY~}SC-LY=bMd^3hl~R{H9>68x!$?Y@-Z49$!U6_T-)- zL}pj}mP=+S9PL2)>0-8(yJEc}F)}k4bJ6k{US;)3F+8cPyvnAWP+MGcrr`p{gle1*uC+xSf3;_GrVzL>%IBFAZ?QfO~3d5 zVy&y;&dyGLIJ~+V=JC-LJHiL~oqV~y?~ZBr&o}_NJAeLvMR=hTQV(4G@BjWBoML@S zkfvB^O-zr}B&2WKiqgypW_<0Yw}e-oqg%VD-RjB4!d7H$+N=4?XU}V$DExSe7F}*A zmV|U#L@cbnMgPWvv!K0_2C)`3jZX=@3If1s2)|V{RZT<92)-gpX>}Ygrc{_jd-2Fi zRfT*>@fEQ7xMH5&W-mR*Lh4V7O>p!%p4))JYud_?f*6gom31)c5G4AHU=uUo}7 z;6?4NI)Wylj#X5UCr*ok0Y4Pe7*B2?Xw)efFEYGH@Tfi%55Gj^8{}q=Nc{;O>H{)* zpx85xmjyo_eVLNr;vT$$Ge!mCY0bQN)Mb!($cIOh0TuAr3|u_eE5-ZkgXZokwl|8G z(Ekma6YdF^!jHvCCHXx1fI;4d1~A3Ond9BB#h zObz-+sNj~UXygOWL8ky;nZQdFFEYG@@!dB}+ z*b@lFpi`O;5B8?|@fyLy&DSWtB2awVgLga=@R+7B9=9CGEF}s)yvW%Gu{Ua!nDSC% z{sO(OLw{;%M3$9OThQ!W_#Kd0uCs&5EEC(SchKlnF57q&8so75ToU=e3=(5J>IfNe zBIZvhKTXRA+C-5P;FBr{y9w?6Y|)b65>MvQj0BD05Tx}E-4_QQ&_R8z4vT04BC{;k zXG5LMQ@#Q+Lvv9?W;PxPG=VV-9@E}xB4ZYfjvO-XPs}X1W|a{c3B34Hwypd4P!JUr zw7b*rEC{+7eTjYu!hPc-f$WYP2|98RvJ~#bvyq0!^&wTf24?Z%N2KLRh8I;&&14Ur zG7Im=i>Q3nkB9VNsxvZq@pPoYOh@s^xX@&Yj7(nq$UitkdljGnjo80b1TxD^%4IyQ zoj$oWKj;zX+%GszeXVglkApPw@gC*#Lw1g{1jwzXf|hS^#(~*E+8_S-^D+9tKmSe? z)9OF}@jeOGISE$hMNJT_qhijP#zZ%lx+jr1q@Q`%Yj$h3)6@R$#*|%ZW^DQF#nUgp z+??_f)j@QnlZB^yX`CuXb4yxPZ)0a_|bzr{}`U8ni^j z!H?*{3)cn@>)h~5hKFDu)P+GfTph#X`H_(jiSj5KWkBpv;!u6ik$^4^a_O3wFcetV zM_&p;yEypXj;*b2zC$xV)X8WVKr@6`WUpo0<&;oLpiTxn7DmMB_+&Kq#j{eyz!^j& zn4duTA}wEo2Yn;1JgUHaFl`}1Li6PjtSKQ&DK@UQqP`ag%(dg=7)}uN<-?bQY#YtA zv{Fe*rD*xkl7yBh4vwELvTI?hW{k%^F^i-#eChx&+c z^BKNC>I2UfC-6Et!gz56&xNkNHFNP59;?WY;d!0hd@o+7cygOuJc>kkNPz%&)y1ni zt&b01QuLBY+l#w6jV(z^awDAN%F4p@bIjw+_>=14vrqQgfb-eovd~^l!5P2MkxttS zN|`*#aD&?m{RvO$(%7Cw1=fhXc+x)tRgMG+c<^L|C!RcsuTVVhVg>vKjW1jQJQJHN zQ9Vr{XL;zzqnY7n-OCszv-MuH2hy4Sr|SpP-tR;Uo@ATpDY+W{TdCLuZym{1H31 zNJb98BQgWcTUZ&w%BGOflcaznCI~Bcxcr1;{|PUigEfDQS0si9iqY`OJ{>uDNc0OM zhl7_GUc}FVMKaQi;}a8jLQZUC;+&CbgunFT4LA@r0uuK^zG&x&MZN{~CJI3owa zgQb#@NgKx#W|xRPtJMC1450Ibw$&IE>ucuNdzjnZ+HyGlfsZ;rY#l9ZeidoiL-fI6 z*$^M0sBFlN=&1sl=!n;tyyf=^(*E%Gf7U~xAOArm(*FL3`vhrandt6ol4LbH5qH^t z@3Ome8;8vG-Ni>sH|PCk_t~@{ExvN|yt}cI%jbgg%S6pi7M|{rE8&a-Z~!{cY6=dp zZgd)Iky435J5DM<@F4Ixnt|tBygUVO;KDQ_f=}=`;{d_)e!N6ZDHxT)tKe|NMDy{Q zE~&pl)rz%r8cp+F4h*}Ki+vf{GGXIO6z4XHZYd4Rsz5kMbkj+FhzPZg^9<1PVL?14 z%d$i-j`6&mziO8NuLu^J;Nq5}FC}i6zgmr&@z^;F(#-IMmhEJ|gqH$W?TV~OiMCde zZQIilsJ~#Lf*|i6@-*A#@t20v5|XnLA5lDRxnj^S3qg1z+pw@sJfJ|GnNxI)=#;Ct zr?9TS?7P2E9~aMKyaMSX;3&=TnjcR(+rg(9Ugtga8OOsj7Ii-SXadhsJWhQ$iI=>1 z&29N;5-hYIC(y<@IaUonp+B)(qLz)Zc&86E=G=96-++9ax zcG>MNPg^OAZ~p6fm5^C9SShVl6x{oTbN>370%s7QRzRK4kC!I!*wZjMQP1)DS2`F! zW^aLbqmY0HoGPO{PL`-=5`2=`n-0#G#^t9`obvJrlbIP=zes~w+nZE0j{Wh&f%&-Gd>H?b5N#6~jroBq zX=pk&B+oSIqt3viJmfb^lb2QR{dOmd(sJZk=hPVOPMtIqHfM`B>a$8q4``E?w)=B$q z=%kUmWHs!I2V)8lH?`%>=qFxDi**FyH!e-hTgBFz=Y4=Tl*~?6L9r?Jw6_@eSRlTz z{p87V?L~Fmyb^1{R%#$9CCQ;# zCB$C}PH)1a|CI3uCYy-N3??W?$t-D2l9{UJb6cyqhltGfZkmhXwY`hgi@I@y$*kCk zM9s~G`p~|M%#4bR$jm2e^I0eDH|3CM$~i`6v47Qe*Pj}cYgAv zicG{f?k{HRMrp7k?a$L=v^jz_u3a2%d7e?OK0Q4>UwZaxW6eZCT5P$y8#FqYTTi>y zTJ7w`^ON<9&g*h+%?y}%8Ukt%Wg&XhC8`dnd|HTeZeia zIUCJTQQ$U2j0Ov;Nc+tNXDTW%Z{U)@Dywv5OOk-8bbUFzKg1Zf9mW|xxL<@#1f z<8qq^lcfH;BD41m(qOHZk=fB;FlZFD)O9DBTCJ=7M$r;6nRRZX@65Gad3xw2 zOOlO(LW7VQB#ZhSr2Q7h#$w|t6ZJnAc-ZZ|dG9C-#b|3Qnb?P}q{Zr2cL!;myd@@Q z25EP%q>(3{U;jKkMw=%{6S7wu9#-0nY;8qY4rlZB&1q1O_T|>e+1cS)_oRDv)>~SC zR6h;?p{e)(jUWv#?iN&DFIkw{5Xrzl+3Q5s&MW2P`mlc7LjPSaC(B>dloS!{EJZqlx&d$2a>$%qYq-qz6(mIy% zyD_u(57IdNB((r9^}wQ<^C@C7pUSd zU5A9{s)DuON>acAtmKf{e!sbR5M7B~>>yrJxDi}9TVFvoc#)UnX=KJrVnr_4N~LYJ zHC-O={JR8c|6UKDc%e~TH^=;Kv3t5r$jm%=pCIjaFLIyfrRKW;pWi9x=U7S0CJefi z_WnT{iqifuV;yaJkfzB@vDpyHxtQ-kW<2hsJ$)Bj>IDR8W^D27Mfaxocwv3{q}M%t zx}8~@B=)G;Dy7k6YQ)xvsCFQqV%qn-%#KDfn`}+u(a}siJyKFL@Vw0O?girMUJG7! z@&-6ZGCM-`;l|1@$SjA7Is)-Wm6zLe7J3Bp!NyV1$_iJK(W+lrMb5U079^xA8;WM3 zPunUMzd!6g-m2$Qf}~3<v-*D)-up}UemQuV^))+1@%B}DG<8UH0ECgWlp@ulj*Kjr(;JG_5d&5uwEDJhh8!}z}w#`nMH431+Ao+D@$iDn){6> zTkBUqW;c&Bx8aFCHKTP)_SyqI3aXE550iNGCFP9!;=P_W1CK2a7RmWQlO3l#&yj=Y z@updx*D0By4<$28LfqAXd~=A*vX+X-%q}R`=n#=vw)lOm`)aSASK*~kM^Cn-(F-{D z7uUzIia=&)Ui-3oxVyF%+lWIur z6YM;rVCz4Fx_Y>T!Qm6E#3tY? z1h2REMHzjP5K(2VEc!GM!68Cw96^W$(??8vMXMrzU#nK1pIu( zm7Mb7;%ZXX_xE*K82otn{Z+!c$}4E@sZ^joa`wpHGtGm@MQ$idoDIpO(A3kGO0*?% zB9T-j%MwLF5RzrCE!lRvoo40JX2K<1JaIKW;i*r7_7uXSAWh{HA`y;M(+Mh~J*v?A z3lck2@tgI(I!aLb4#0yfCc_Kjh%WvmTs*1INTNcD4&GMv60r=Gmr4{bBRoHe=UMqI zLqVzH;M3FaY7kza)kb*Q68Sno<+lUyNo@9LP#cL(dlPQ|5Y<-DKao_am{|4Cj6#vq zv*!7ewP-xDwCs6J$HZd#(T}~17OB_Ao=2GGu{9t;T0u%s`FYoq^#p6LmT)o-P|q&} zc(RLU_shk*o}APeULq2<$bMYi{e&ah&We!RR(`r7ZS;1zw>voo#5bCMslCZ;Au=;F z+c(u(?_?K|nK`Z;kW-{o#bK@lV5HkQt-fpCv?Q@VaINA}T~?kk5pY z*-?W$5^WGN6NK-pwc7KuzMVicSJE|FA4MvW`t!*CJ>|oD&@$*dC)+?~oVJh2EQxA{ z>Z4~H_6C~e$1ZYth!7N#H4Vs&IqS8|BQh%inaQ>-ATkr$bfl3Ov(I88@HA&+O7JQK zX);q?=G>7$3m6F!G#$iyfR*XiI!jR;&tXZ zm84^-oS)eX6$dZ4c-9iJG(HlbmQ>u4fM@Mh#ynGE;}`0Gnb(Vn%phz_8VSFXpe}e{Ro>NCf2~rR6BhljC zKS;adGfgKAR24 z zB55DhYL|y+KcXNGv5ixIxDu{ET*)aP*UaW|eU#GRr=Pw@|9?3s>IG7NRXQ5jxd+i` ze5F-Jaeo<}6rkpo=vaVJNnX+QQmJI=om{74Y3N(Gf1E2-oR)*vsTC15PQmpNX_vi) zn(^(dkYp&(WFo0fWZcDyw|`V9UrVto;di?4#JhJ6OQ}r5;}_yl#U#mXi4TuY`SG0O zvkWXHF%nqK{CIs5FZ%H6TzGCIVtm<7IwmMX$3m2>f*O%X-g!sx^vEi}}r2MVX2EH5r^-+sikw1Zf#p66O)MQ$E*gCh&Zz5-}!NyHPNy((!hNs5$$ z`fDmX!e$JjQImMmKO^jEd@vragz+jEFZRa~R%KCR!v2C)^F=Gm9Un{& z(w2HpCxf);M)&#o7eHnQW;~u*ItMbl>_2-jM(oE|39x@ZbCLU7z!?xweXzf1tY#^U z4`42SI$pz_mu8;k#|uQ)g#B_VK53UhQ;_f#@3l8t|4FjMcpS*M_>puCf(nStWU1-tDC zk=c=*yG3LctCy9uU52$Z)V5N|%j|p#G&)LFvQzKq*@Vze5XB@`eoFJT+#P8M&H6_s zA=~DG|KApvXOh7R9aVhe1;kt=X_V~uWIx^=IpF3`;>k#Z$yM`_2Z*;x*d@qFbNuF`Bo%I>X~%%9F!x0mhthJi8Lu8yN##yvFc&WYVc|ksmtbN=#5;l$VyR zVkb7XdE>lxc-GH^HV~PuGBu8acj3rmOlHy93u&A8SV@bnUF7PWx<5!WAMABB!&ToP zc?R-cK@NIUM$-?7(omBu-k(Jn9ZkTP`Z;^lKB}1xa(tmk>TJz{Lq(a`32pjr6DN)+Z&2R?$M&O+ptNkn#<(z=N8S ztmw3hQT;`O-OLK^Px2+hqazPqN}(f$hhM^dVf`tk2woe*WBZXn;-1*E7q8(f1>h@S z8GgK$!nYOS4dpGIGQ8z0Nx*{|H&`C7S&Etgf(7I85yNZ5Y*3i(*bj7Z1$QhM7aZYR zjz-*eV}Ct*;9H;HUOaDBpDvZ@G|o8*3!(|oMI{U1^+YEFIQi` zJhDV=C#>@Vmq=9xP6G*L@>JSWZYGQn#UFFBr!oN^40Ej1;Q&M;ihH#9;9DR#fo z)IKHDpR$Hat>{*xvpJp2*88UcWcJ`y?Z(wNiAEouo}Hb&IDF>c=3z!URt55hkSl@x zW3ow)`wP@ZA(gEl%hM+CnAT9cFg`toH(2?~1U{v_CV19z2QNE#!W81jrj+OUmrf{8 zBA%c_eXys!O*ubIVNa%bIGV%@rFIFCnc$F_jgBCe}_^427<6lnT$w*TP9+}4Q?#LwiN2b?oWMU(YBmnujBMri*!C9U9 zcsz}cOmrjw&(zUhFfuumm!=~DP#$6mtFfPZXZk4SAtJNd)8&5cth*JWt7xIv6HI3P zh4@`TT4W_Xgx0{WH+`de=>34^LcPHLLx@7pMMJNOL8p z7Zae%o`9s4Du*u#>!grtj-&=l;aZ?muwsvn-l{kS-235mhA)ia(M0<$JUY~{ZaT)3 ztdR+vmke^jkqnZM>kQ|GQ*ikL!zZTU@sUAtsU;w*W>G!P85Yd=6v?u38^e7>O{FnB zE1zUoz~%F-W(LXHrnO7RQ`=TMf%66^P_uS+Fwm|#_1x;lj?%W$0xB04&UtC9e1x}- z21P`+x=c>NLWFyz06abdr9)CPjMs`d>oGjXLluK`SEP!7!aZ9_;jEg_pDFx=6n7cH z!*tEXt2#L%SwV50J(b{{`oJ$|;VDW|J$PC(7hhoYPqD%#@rfyTQW(Ok6tCi}b_vK$ zdk0={@cV{V(p6XxqV*@14Vs_0J|e!q@P=DweCD(nUg|cx&FUfYG84O9Y<00&ZT6~X zz0Ai`x{YR9o%-t9_##w(FlZYFt~Q$Gt7D$2!LAKlf4xANMN~NIX|O8b;CbemE}j$y z)Ay-(umWNaY5atR7zRhWIIY5J0vx6IQiHpgx~s(uFL%#xd!`-}7M68jOU{lK$BS~FT774}k0;Ppv7W)|W(WB8G$<+Je) z)9EEm*%wD16DKAJk3Y%%k`%5$zC^~zR~eLZ8>DNjOeY`JnOE8?%0xsf;4|1_b&d$6pxSO>bb44Eot$!x_Etsqp`a( z4xk{-+PC)i+w%L0*?vHfhTrZ?OOlj?w8X{E%2Zy9ZuC!X%aXkls+1OsgMkHkIK00!{8t*G z1F~1jIi;|g@v;}Mr%RyE@p4d1?6mSyyRAtQO%FR!zLbT`c=oVtyPYSqD+S;^EqCyv zY>{kfb5Ff>P&zwGIyVy)kxsLlnO4}BWG|VE*M0R-X=kTXe!MY(FX&z~BY1uWp4<|i z;hmPG3$(JdvmLzC5)MwKnHi)<_rOcMoF@A=eD>_OA5@?0;PvsCqHQ#KySlNux>!4n zyt~~*Q>4A!Uaj|LHS_fFH1iR6rLDzcEB?2x4$N39J7}xK7$wf9v_rM(n$H@*Nzl~NXwS;8tYya1W!3{F9X>5gR^&Yi>M zr`VNL$;T(K-VK@q~8rc$u$PD=39XaG_ zBZoXWa-^-IHS(Wwncc_F1lX*60i8aoHo+T90MJD zR-OB+_(p;>9SN)>ZGG(^kj$!Reu>F!YY~yzv%Q7g!`|#5ZEfu~<`2^1p-?;?3ZAAu zSXo&MzcWK$_?C{!X&i_-%C!MUN0`>8y$OHkTl6+JrlFw-u(5aWa$uG1N=cd_8Nj1h!bld%`QZn=t6wU9)=9hX zXHGdMIa_Q^_+%7uQRr3kbmQTh^;m4XUu&K}GDD%|+D8r2(Bx`tUER#&i$_`h_t3p+ zyRn~}KIPmxIn9J)k@bg&%+@HGnbGy;)3~{|=9!n)o?g{zkq|_35WEpGTk6%i+4Aqg z%IsgEn(!uj10owBGrKIp=8LI1dUvx7qPxPFcmo#cKxAgyx8&|!+pdTjkO>N#?D+H2+|BC2^t*lEoS>sf;7~JRx5TeEl68Gt@cm) z{a$bP(W}Q1*j*d_GMc%mF2*CRI(@g+jK67iU*&7f)ezC|h^|E*M3zrZtG(T#_1Q{2 ze3EXr>HEn^!^)Oq^*sYL;Jx9_gxDi58`tny70oPl%BnkTwyt#qxteRxkW6IyjZhcBYY8*hJwM zCA0NcZ!$2KjGAU-v9=qEv|4mypBaBxtv>5iYd~gLzhf=35?exK*8JU&*$3&Q-G|KR zYq*HaP>>@9$MO7Jbs6Tz$xKCL2HSZX4cNVX7n!M&kW7Anj^Af7+h5L3#G-N>u%pT} zpCB^pHGBPjw|o9%0hYI)HG8Xf2WjhWkQNHnzWd>u@BXJ3`T|0mFJNUY9{viB;yBoe zheO-ncG+55^tNs!%EO(xgR}$=(iATFNmtU)Bx1iaJxE(UsrF7!`_;2rzkB)^;;+3( z97S%=;>Y{L%sa|!OSQ|rdiCt`+0yd%-ulMYv-79t&BN~Hvx{mWM-}18-(YZ0a(fL}t&HA1|!0FT6UxxoI9YFPAQc*6(6H@mC7caCT0}`@|J0Z7~@f zJwY}C8?qA2EGf-*)^`*&h|E9^O_-zG(}>KZ_fK2)IY|5EJ|i@9$^`8ZU3JMUg2~K$ z+?(~db2A`FTm1Ih+WKzwQ7H7d+gwB;&QkAL$lN`B7`i#Xy{TQUgv_%aUYtJ*(YMsg znmy+_+9wavc-4s-)RNYUO@Afo&GMu5Oy<1S?KNxtC#xGvCri=wZu4@1+z=E{q zZlqp)@uF5kk=begq*+B=c=IT{xh`dsj5v5-pfcr%_tb3qsb3yn7(Z3;9C5Sog}Ly& zqWJOjOCHTBTlKtDfFvujtT4G;e!P4^$*r{nfB6MRK2c|*s={%TE#auJwJaLSL}wHx zE6WA81P5tOx?R=5tF!O#C&a6t5RXscAT7}T)iGnN6x;P+uQcPg=hgm`2z&8zqu+fT z{^gd^q8Dnz(*5?V&T=Mx(*EbcyI&S2PkB4LFtZ3joIz&c$BT%}B2N#yr_ICDC#$PV zC(GtWxB4a&X)!S+GybM}9?Shm$n50w^rTw@GTRP6I8J31MrH~(UNgsYRDK52eN_B3 zPryOi6cZe?w@J%;AH1UQL3myr?jSNt7RsN-9Gf5@bb8JFp zg3eE`KYvGiagY|k=N!*X9|;2Sgy1o>=_5g5wtY@LB^LJs$;>nnnLTaxUokQ> zH!izR%=qm02E0L9JXHPR1&M0_6J> zRTm=*8xd#NSne)GUZ4HtdG)l{ZK6+iac?Vf8;-`eSS}gfw&|KRFVp?S98WhY!j3~$ zA46g~(7L2Lcy$iE;o{Tdc;16gjo~>Do`p6}6*;;q+IvZz9q|%NB`iB%dhm=|WEY>F zz^BEZp|vr&GF%BwORSFKNM#iU|UkT6l=0LaWuKhC;OiJv*H?z-FW55L|Ynah! zJo@PLbe&1qnrn--(}&@B^q0vOWv;c3ibQFTSyEDG{-R6tahKxsr{QU@gLgf1q)zpm zNqj+;h&;SHlBgoON_UOJzGZ#FzX+L4SB*0_Z{hvb^WLkCXQznF&Z}pq+mB9byRpnh zWHampX^WBNvllNMGTU9iWERbEl*|;nOz$+h<<8AyF6#A!7Zc6NF+-v9C#o-f#l%w)?UGg~d7fQo0)l!GtX z7i&34ln3Rj%pNFH%Z$u;O;?${c}4;iC+<`Y-NC2TiIGO~;KxS-a6_DNKyvXe<faX(sTf{u6k)B0Dvk@GlQu3h*2UKS8rD-Z7Sf z9$?Rm@e-sfwC11-2WPnuJ?P}QTlqd8C$HLZUdRk4AR^^X`%3o@A@G#Y=+kV z^SiVDe}2~so&9i#f;4pY#dm+}Rlogad;PE9J%9E%gynW}3ODrS83@QYurqWHj*28m zlhcV`{q0WM5(M(@1?bIL`N+(D#AsYt?_Xx(x7#PpX0_U^c5lv`h~fGyO{y7Rs-C~; zy?D{x&g^Z#XEg>p)6kC>xGa$;mo3Yp@7^&LSzgx+;xV8LTvZ#y*ue8q$3h^8n}c?SuJG|o66F}zH*T}l5FyhODRaTm~6 zS_Rq})9|ePAbjO+yw31gCe_8Ocj57susx)mn)&ef2y55|;H7!-WgFW+5uMlQ4?)9L z#Pun>1uior?C29-qGpRm-Ae#>%H7fnx9@V**b`8r920oN>*{ckx&}9D=lT zLLlh~5c!EDFf*T?gjF)7t5)%mN}abDov7(CuHoyM%WJLMPw;bs^OJ;YH{W1!*Wiy9~Yf zp%z;GuWuGZ&ws#s(#*JdaV3>~Nd+7UThEbmuu~p1EC|w4$b!{hJ4h>7k|d^7H7SWw zr6jawETn<*M$|+>S}Y!2Tit&0Wc%R>RX;o+1ftE!^I5uyl;mq>lk5fp)f5h#M7BuS_!=m=S*gv?##;gkqp z@)a*$5~2R^WkU4fWpoM`#)FbH#)AeR`qGcTCU~_{Y&6tXr;~@}%{4TKKdygWzv|R& zs4S@u)XYlPBW9!}vG%IaUWv5VDIek6Z40-g0#}0alNhh-NsQMBUVu}$B@(p6!Sf6c z>zaG3g zk~D%J0ltFq8eB=j7njEINlBQ%<1Rq6W{jux5gA?syrGc(BzWD6*Cb{?g6PGovZgV- z;Kk$4##Sae^}&t17X0Ox5tB0efwBa!hqw4hhW-~M>X~}`Xz+S;@uZD6P>VsM-3E1;- z&E68vN3=sdpLl}ftSRW9F+65Ef){A{Q}NUj7#?70&XzG=Pf`E62A2l%6TpQ~OkE*l zNtp|waDOtqra5?x;K}{v4atjl$|q#z;)$mrynx7zYqdH%kRN(8vy}ld8+PhtVi`~$ zD6Ay6BH>62go*`Hev-5o%Gcr5pQ}QE}r-_tY z@!$;1o0Qs(fixwtkr~}P={|P!hHfA2Hk+rX=i9M>G@b!LTKxHUHS)CcyT3dL^?vv( z3esvUNb7|b{`&1QI>131`f*(|hBQX=OQd1_T6UDDU*@j{@Vql63++n#S5FI7fQ$q9 zmP!iG?Oe>D=?5|R@ly9B77ZUjYOPRwIdA@sEy&-#T&G4IE?flW@^X^`BBCpid zz6f5Au9QLyT9Osebw=|UbiXa7l`C7=*if)4BEHs;*?~wg;0*=Ow>6B{5dK=gI@4MJ z9!ydPMQFf-RI-NS2?G0bQw*0488~k>JslN?CsAIF?zszz^{^!_l?KN@VZ2h4_i# zp=MdDv$eVQb-7*gln=Vma7n=+S3-C>C6SuJDO@v*N9QzLGu#p{9$ErN3{UzKoYBRT zp3OG0pnh(U{+AU+#9oX=;jblf=XBwk+)RAuL{fi-r~RK&-um#^EENa|5grum@h>SJ z|8fRi4#MMG=;Aeo$2UJk@P-GkOvU3b@s)I9sq9LarsYX|n&Gjceu6VV9UhiIU>IOO z)L8$3{m6obkF29XCo+ZDBImtFPP#TT9$7wZ)@t4J)lmFnrdy9jTKT+nlw~zbvo1(U z%)fMK300WKEm3HHk_-YG?N5q_{)EmT87r`7CJA1nxfZA=P&`&Rhcr>(qIl$#s6UEC zcc0oD1a=zWfy_3icfckgvtBZ8pyr`?YgI{HD3xt6i?2yr^!)CwhHo zX>g@$v0_N2c1h<2A*J9P9@@Ut$_*`%)Q8qgB2kCNm`K7cNnyN@ruMIqi~|nSiC+5w zk$Q#T(U*8~qzN>Q&m--}Q(+l<8`dmAmmDlt6pf41G(+gv%m65CWhpOi1N@{<~_nFM4e zO1_Z*drpFMvFwZ-nlo}hOUCe&rji~!NUmndT}lvsmbJt+@l0GFfwUL+AGeo`1aJz- z75LnP7Z@J%zdLeNph*}H_Md<&F+Ax{QS{?eN($o>etbd;9+@h1WWqJmefYqU30s~Y zFVHd2J2FXhWb)!uAi;}o3Ay=%f}vwIOnKM%$ni`KO*w~|DHEs6)84~(Zp_BWY<-f< zg7&0!zx%IOq1g83vv2?Vap*a$q>heyTiexf9lginxhpe&PBVL?(AyS248ou)UR+??OsocC%Fq>()J2k}tsrq+La zQ#~g^S@huPVegUo^m#4!)xo%a`B0FZv~Y48a#W5~ybzrbthe<)=L(QTKID~^97}SI%V{reNwVP0*(Xop zc|RUnPCPR?i8m(kaDREnWQp?uUh~<5q;fOK%rqYpGCRDyjXO^XLMyw6r;m4Qmqee* zj4mGbw&VYLewh1WTrVz?7Zk!2l*}Z2aT$}DRL|tN_PD-K`qPJZoRv@e@Rg(&&pS;@G2`{)OC`I$hsf-m zqe2H6uUB#@$V`B5KDob^Qs3G%V=b-ZE1w*}NPx?C@j7E(*M20$i^rKl1*hfi$T0=a z!;DjM1_#5-hrH}3OFw^3;;B9R@Z8wQabG+?iC5;v^M1VFa~w-@$#{&3X5y17O=B#% zWXZNs;rbXPVd<@TxfjZQOq`w){^e{p+lY;)RVkQNSQ{`$k;Ui|f&r=b_$ z{l{Ov{q`o*|Mr^~|MlHB{m@_jryJV)k8c-I9QWTZdZA2yzb%(ZQUQP3&Y|zf$>ceN z7Y8hB-)gtzPbI;D)4TI_D>H-Bd*CN@Nve^^I?6g$Wp_2;{yKQiU78cmzXzUwU%c{Rc#r+dHs|6w z2OnS}JR(2qD0sIh3M6W${VU--7#{wEH5Z?~T3>VX>IMaA;n2qO z|NQoEFCK>$&i?l8f1HFuYiHkl`~2{4m!aq1orV_v^0%eX#*1&htA#Fxf^wDLak2~S zcn^Y)@<-W(rs;+;O@ias5wlGWFCNSe(#{v)8A0rJOyT6DTJ0_3MeL}#RPAk>@m%kD z?eW-a8PUwJl$xgHQwA~IIyZ-)*T4P8F0fuu%B}I2`pj@=FvzCIM9Rt=n+M_Ou_S&n z1*_>gX~W^?G!ucJxpmUW#@mMRb?qT0A^hn9<9LVg_OJ+eqni=|H;o*WAeHV(aKDq_%+Ar4EHy|IZsR3Rr0(m!w^v7-0`K zTSaSZbWd71X)Oe4pKM&18l;WNpM$iI5u_>EtH7uu8o#MMjYTH~)ZT3@_Iur0)3;JI zb%WMg%pa{xl(%}7ZS%jM&gIir3$xlC4WFM!Nk){hZ#-lcUar;7SL0@@`MmisZcaSz z48HOZk=dqcA~O3Nq`734D%UfclaemkecSH^d?^pp{pf}*BtKQHrv_f2CQU*RiZ8Uv z_l?nhBSD(ZPt6F$g0!cBgntmn?{K2I=51vAvUXVA-P)`-emuPNziAuITv>s<#V5l*Voh;WG3)0#x2#2Gqw!qmRw>BRfq^a=Q zCI6Y0K0HXXh8IC99MR~_;bowR+CgMvW4nKL8M`|Lff+k)<#U@e5p_ZO9d)iDcVc%1 zX~Az5;2g~drnz|=!(?`|8qOgy>#zH?=gi1(Ke#_qh|JKH&74yCP0TnyU659=5t*&$ z@ZwW}>ugP|)gm(6=XT1zZW>*;)-ah3rH?xnsPo^AsX>}9Rw|!~>th6ISI6OlxmMEH z1Ed%tv&+N&!W}^xekFS^*E*i@%24>Lm0bRJ7Nn)A7I5Y2V)MO%G?pYa_T;?Zt@cm4 z)zf~zcy(Ic^}UdG5b3lvwsz*#5$Czq!ofipf;9XU`g! zV?DF}Gw_i6q;s+GU@gaKJeTAqlK~y9J=BgY#qbrIv|2dReXP#4@`f}=eG0Ra3b3QJ zGSLNvDI(PVj02wbN~KaIiT+drMX32XPR)nsei{5nsO+>11vKNpOnYy%rn#F4ncSy{=IC7v50j-OaayUo3BSTcQjLW|(r9T0&sW4ZE9J|(H|ckuv< zH&WcZmg>(q;32d?Uv!`}A2o-`;NpY?eI;ub$M-Bk^E~ z){wbe?Yj}#^dK#k%hl^McX>Rx*tvI*HayCfaFCYz6d4DoHY6wJXU;um25IKn#;e7f zUai}|+1^_2R;#s>tvB7?6E6>%D|Lg;P|_mNV&oJ_)JLfTeqq53AD7_~f>6 zkYFK4DUp47U%WJlmnZS)6tSv;#_&mzC8d)^O<{O_tO&RKr06L>Ifi%Zql-+0{r|J~ zF28MDY1%kI?#NEvB2>v$rJ}?@5Xdnk5-w2{N0bPPAR&?cWd8-_q$0 zgV^Qb!&B$-zR!8I>#qG`FO=6`&lN4!FUR@g4uBe~?SM_i%Vvh=~<_@nCq_rlR zOB1`}g0x7iUa3fIF->9Pg^b;x{>59OFc)$?NAWlx#rHj)#&QpEylS}iW&}L5&xgEk zxX#DA7?n@{J{wPFC`j8I6{NLNGcP8W_iK&r|eA_zW|~adUM_5ZwwuyzJytI$=(>f0R5p6_Y;&_%bX0Ho$!v}!7>sV* z+s&ngQA`2ktuZ$jSj}jCz!(FbpO-2MF*ELIVawCFjONlf1Zk>gexdEnnBFbn%7$M?N66Q2V!!8uUo zmd)+c^-ND^$V2L*$i>8G!^mu^adNpxDMinj$-ekG;Dy>=?LjVUJ+zZG*IUbh%o^89L)Fed)!`XNTSM#r>^Gub5;j zR&P6ak2CTd3FqNJ%py7cUatuov08d`+ftF`No1^%Js`&w0(gUPwS|6(9ZNMU2C;J0 zhp+hY3c};v`>Mt9Pz1&+fLCaJ2p&xiBLJfy}D4XL7%nV3!#CVV-F z7iEe!@P>64ui(Pq6vK!6Z701Orz;z0z3rTA)Mp2RwDwNXaY}ecZUxGREA12*|Fx#? z<>-cT$t~Z&<-2&eINn2@$NiIJc#F}0H3>QyE0@sJ(D+JF@VSEPv(v*z=zAsZe9yx-CD`ke1pB#?w zb9`E2HN$v?;t9)`o+8LEN8^FTl!`>~g30lCaD;LpX&5xNu?&L{Tb|nkwtp-*frrp^ zHjBAfJUG!Ub+?X3u5a6s+xv&nD+FoNi__z^I_zk(-KPCdJRz;I{sd1`a7#4S60Cy~ z@EpO5?_mW^!tpS-Ge-??`pGRNZ zywyFNo!;MC4%~5yS(AnV29DBDeZ;nf$ZQdBp^7yn6)_QFiX@rIi0Aw8#50Ngn1s0u zG7A!Xp5ZMTa~XyYueo@c;=yyg_++6B{UeEKoM(x4SvV@s~-N zF_$$45A`RB1`wHP^lcY?F?Y6|%gFVCAZ-4?tq=GX#Nwj>p zQYG!HnN^X9=a5svP&|rNlZednZ05jtvm#M@^WY^zPK(*Lz?y{Gi#ku?U63c_M~Vju(lp37t7G9!F7vOouS6Sh7S#g&00r8G>gcN63sZQN@SP562rWULttOGc)-; z2kt4|IgQju<@iBQgMf_S3FQft^4ysflPk7o$Q7k!M3@PH%%b{$LF^5Gb%W+{n>)Nx zkTx5gzU=LeRid=Pq&7%w#*cD5;{ey;Sjm+SHnRo_(&Uo#@x^S_k|m3ZAjr;J2WgOW zYk%u_CKgM5GChl?1{>YLpU>2eCcSH#=*Fp-mC=<;#_&DSZp7lW=Rduo}JBtj7lLHJSxAk%02kCMx0~)GWDKpc!lJ zR^*G-JE9=;C4bF)c$2iGPikf)%%m2?qt25vxt`pv2w3+T@X%8d!@DgP(U*qoWF6GS zCT=ejVZsWU3jHa8Xf@~5kM@AfW@FRP-Sdb0sp;zJ znlDI;<%(Gt)eMZUf$LMsU@{{*ow3-4peQipq6walYxc^AmzaG*OGLtqfM+c+#8=>% zaK!Nj#}mu&<4r#vUnyKb!3cCQ@-GW|UBu)BWC`_G2!G;Um#9BhBtm9Eyy)VwO9b)A z6HM}@CRkQ^f$lKdJ*zJwGK&t*mCZ6@$pkDvKF4Hi33;Vhm|!neMm||p5XURv2?pUG zY!9?%fXDuY8kgkuGZZh&y)&y_!5I@IQ^qYfr9nL6FNAMnGNWCL`58PDXdf&5_oWiG z&rISWD&IuLTk-Qb$76d&RkRYAxd=W@jF;eL6H*W+!`PYRLlb!*DYYx<%FsoO-7cMh^-mJ*`cTS4w?<5#M-x0|w4La{#9{w%?b3DN#! zc&tQ7g!4edR>3I1SMZTJh?l*1tR)G{!B{(UJRTmO5EVy*3N^Ojc1Mxg=m?U!S)@Kp z(U0TBA$SSv1-D801P@=T3=g@{O6_niN8h8-m$q}!I0{;a_4QJ{oG}tqmbZ_uv6S^_t2)W1Pe|dwNYlXq6c#EiAwZ@gnF_5B#>)eEk>R~p z5~%7dZg~K2+levVFGzD4D_ISj;S?l5(~UWCruiIU+Lyk(tXZ8uJ&0;^EnGp4(eL z$V42UVa5fGtB8Kf9*$Qz-Ym&#o7fK~KMf}e1@fa^R^pTg^$}cqlPFmVvL7$`@PYnE zzszGY(-4^vkp+9HxxJ(hC$s6L)m}zUP-9O+&78Jpod3o8m!Kgagzw!|~jU_2r-(4-~3C{cTE^T~lSJF`zrt{88O#bf^DGY717;`$@H zHc?cgv_VsMG~T3mtVv5}ngM)!6yEUTF|+t*CTNMl$jP14OwL4=OY!bx>oS)DS)M6B ztAzZLcqVW*5t-fdk=g5L@#u8SN?K&Td$f&O$60rks4h)>jh5rHnUkQW-DsS+duBS``h3C_U_y5?nHMQvb=I{HgZ{zHY^uj zD>`|2c-YwLE+0QXE5Pbce0HyM|Mfzr@yx@6_R_ZFC>gj?A3yvt8Bq z{*vR993Q6TTPnLG$-oOo_>=`lB=_)eyv6Yf#|u6@FHDnV$uXMiG}h85Ru}O-{ZPHX z>G@n4Qm5f7p~8$iibua$zo$9IKxJiCGk$Tw?H`NP$E_JUg^2ATx+zX4Bu`-i`=yJ= z?>ku8O~>RY{Cvtp2l(M3KEgwiq^F?0FcMyT-lXLdJUss*c>GJti?0|E!kN52Bk=f2 zY2Ku$ROQBP*!qh%VdUkAr0y{-= zZ_9?Wd9Z`5WR??-Jv)DJdfHvETO*0>xO4Lyk=c3boih%oAi>ek_>9+e);z1M8s?rE z9*QTPmgk=A!)x60F;(;j@dAEK&sh_&VbC8@EZ#Hba*pSbSkd>gjxOjyt2X|v-FvN zWi%iD6|+>_a$H!Fdzy=9T^3HdcqK1#a>CE2I3H@bi<7+92kR5S`bb zGE=&`kH~CxIGMF{`y7#38uH_6)L2SFebz%}g|K9*ft8&m7mq zhjC>E@66<>kHyJp5Fcnc$IHG`N!dHuX40JUm}e4~&X^Uac(C)ZIdjgZuGaMY>pl z{HPafkl^;Z{Dn;0BvPs zW24DlM{B;>c(anD3bynyC=s*W%(hF3l8D;$_Paap{f|NGsy%{ZWF^-G@Qf|%`) z{DJY*&BMdVXOoSst*vVJ#dKVUAgy|1;&`j;zR}!z9o;S#<-9lJKyRhFyBKS=Xk-#Q z+u6)k1izy75QXz$y3wQX?w6zR!{p(IXB-%-3qAy|j>8MSU&6mi&I((nY)!{f>)X5f zsAb>9-CS63%a>Gdkhb1~glzuuubn{v{cV+CkCPHsm63|^o?mW0D*977csh1eMgU*` zTqlD7J{FQ`HLr!=GULGe!e45iqwQHKgp(W}=J@cS$OZG20<)Z93$onR<4ku~kE4wmlotAxNuDMwhp|+cWG~v$!c2T!nu%Q{DzL)9FKF zeHzG&%0dbwG7b!37HtGRJi>DVc;U(!2d?Ou+FN-}SSX22ZjFhXOt(3Fo?)pT^6~?t=+u5S{Hz}!A zDCEoAxwF;jmYcJzS*(wIh^0ps>N%L)h|*Rmx9BdV=!-q^{Rj*RmeuPeuT)k!SNv%w z{4o=;M$B4|_cdA~;>H#wA zHRsnCXJ5Nf+<7xwEd520*~ivND-^K7dZzkAEuv={I+K=tsG`zd^@8zD1BGYpd~ibY}5f z4}4tWK@4_y+fQuvCkv0a9&Fu!%>u~X<{o!Djb+s7>&uO;>SuAD+2Qr#cDv|!@(BnU z3ZZ>|t50vYOMjCwnp$2_)AfzrS?_9Def!>+S+zC0n=6EcaselVU-jgG(4$THeMxmo zg~An5K;+B0-1g?r5TvD*WJOl~rh+td%Z-_>H@`%lAKCiC{^`kRxe0se#oF=m44JiVAMW4wKZCQsSXiz-*qWkbHox5MR8hCt6KjpF+HK14 zt}b<^Pk9>zSu3Qk5Tv01bEWt*1Zjeqlw{>^OUqqQ#Ow~-b1vD~Gi`n5@U%Pf zjx*9)y0!Kg$ZU9!77G3M?@@sEKM&tnE&JYjD9}Z=+1eQso0;)|8#mk!VFVN%h$a(aBXMZjQDe#VJpM~hw z+1S!dZ*#{{1&s^ZDQYunw_3hwpzLJ+CbL2nnyY1}chC18bLxD0tN=VBw(XU&1u5z? zy>;(gV^6HSx4F)7o?p&Z{qjoL_~9QnKYEZRSe9ifzt~}as~|0$&s(LL}qUWQ?%ud~C9NxC$ZtT{I zESw-REAHZZ`gq)qMPKZ9=1?CmK0eyI9cmF!Z0TMO$V_u3>=mUM)%|3)be8=KNzm|d zgS32jd$niuc6~{pQ?t|KUUzPNF?+AMa;93a-zet~=O$L(*OVYTjuF1JD+EMli64I2 z{P;l{kXbVPH}+9Y2a(xkZU)bGt(oI$cl0}Hgv@5omuttdp+VX||NZ~L>u4xU`@6qC zN6|;9_I3B$tx&{1|04A1_uqvG^0mDVn>$xlHvaI%S5N+H@8!`SHokiD97Smxrx(RP z{Nc-$-1}ci`_T#cKcye96Qn&f`^c5Wf86TqqyG-qrlzJQ;Y0qs0So^4)6(O!H#*%p z^m9}(d^W!D(`ohDMC=py9hmdu#$@#K*ZQqSgRG>bV!JtKbLXH~lF5dnFy0iDn@I(> zALNQz@`&72StMun`C>KoRm)_;(I)#+WfL{RYe9UU<1G)Kewk!f60AWypZ=5Vhnndr zpYbzyEYsq6We8pyi8phLv1X~T>wo)u;8{&DW}A&g>*2PUSCv(NN1|v~!dJ=%`X`)Z zDFg&wvp#FwFudg4d9ErW@O_FeC{D4s`NI!cC_)IdS91r`WMB4K%QX+4mahq{|26Z~ zAYKaAA4^LP6y}!CE^e8@@pZpMcwr2l4Q6tnWWbef3UT7~%>48)5`GGGaiQ`PCbNAYvq|@}c4L0lC9}x=&f#Y<#AQoM z_-uT=ds+Y&LFm4_zZjk69T!h6S0|(T>-goYv|90<}}%2Qb{3a=D*NO%`>inO! zsoMS=isXj`X}|wBwvzV0agc`2-FN~)TIkcz)WvCtZ6TP*o#k@5X0dbn>i}?VE4*zk2XfeI>`kG=9`OD2gQGfFixc?#{da5eU-$<2oy81t$Tz)Z!0^$B%E^ zzQ5OL_&+BvV(51C{CpODUN0?IJKgT#;r_|Z+1YdZ{P?tXGam9jZG#l4i+V(l-o6dH z4D9Lov&~134mO>Vlqi+RJ7kv0dh{^yyF@R^Js+u0WGz70uRKldRkRZ7P@@9gUpTLTKu<SYa)@Vfs&mOc%+pWXUY5>$aaDJ6(pbRKmc@giOy z5KkM#-vK=#FTO7&5(*8N5)h>oa?PBxQ_ODeh*$#0Z7(Tbr2W%J^}*XqHIO*7ND-n) zzI5?@gimV}Prgjcv_4)uvxmMxf2lFN*1r-yJOrO+co2fH0(cnAG{qC)eS}X)LA-0J zMuO}b7C0Vto(HeOOE{JxVpUjNABEYo6trhUBqmGn(4g$W4+pEZ9g6NBEk`b!0$cXN zac%#_J8T_jwN}NF{1EvI*+nQOGUSE|)hx|wMm-JHAFqh#kta+2AU-jO7m2EE9(!8Q zlLzpiQOw3G5wJJb#g!j^I(|HL`x%fK;j<3;zxymUOUUee){d?bGCS}b{iO6iT1bCV_06bHpWJZQu05Z!{ zN~L+=0k1N=$&7snJ~0w6c=6n_DP9>Bh?fNTeckh0h}qERtSsbZQR2Gq z&Yhr+ksjN291W`#gVw)B)SoFH6#nswjsYUeSZ7)U5oC?(UW*(rGu>{2f5`C$mB&`0 zFpSTLE?)AK4@3pJ??hxD>%L34774?^z93W*M3kTCOyfLBK0Hn@kk5!-JSJu=4UKvyj+Xxk?naLW5 ztF1769@i{MD~oH5I|KVB#$$?B5}-4k6mq-h9ysgt+gVYOX+{IAa1Q&zHHDRrb*8a4 zP#VS;0z*xyc<^|nH9VLVhR1``N0pTfoaCUwk~H892pOh(4aA`F!N++6T)d%jyl_># zW)8tusJu7EW8r;8d}xRq?<(p)bTbaHBm@MHe(AwmD#HfH&@c+$$M@ z>5gMXbc!z^V%vFStj0pI{nO6<@oE#~8Tj$m;hf!i>nJT%cO0liMPMd{74i-6OqOu~ z`y(W=z!E9MlVR5M;Mw@1TQSMaI6&~pio`v01invC;jJ;ae3{h;#!KsqMB!g7o=rqk zA$#G*WPr@717x<($ZYRu>%JcM?=G0E?X7b%vs0gCF_{@!UMkUy5-8wyoMvFxyFJ}> zvI5C4f@wj+89FKiZ;*@tIAemr?Vn{FAU00$ee4O;Gt>B&G=m299F8Y6MevdrpDdJ7 zSYi-4e-u+2cp?SLqv-;8k`?74SM2xVABqew^8T+VjCrwQKdB-NVY^*NvureW$=2F? zx!u`8@soS2O+;pa=q=XN6k`7ZPW*((6)v7cT_;x3wEnKW!8@vgQZd|_gWy$zXG{kC1nQk!ywJlJVgQZIbdC-eq2Q=8(f)d{Xk_ zafpcL9M4Rndhz*@c&Hh}lXNi*Z}7>-#S^CEGZUE!0FRBAT|5z(16`V8_K7pFJmeV% zIDc}_#J9kh4@pLh3c(jNAhQIJ+2K*+#uaWQCziMNZ`+Z}-$_H~NRSqq{_5o#ypk4L z{{GwVzkj*~(bvk!e)XGgv?>bHHcl^2n!WAv_fL<%{Nd#T9-Hxu138>=07aK+xh=J? zFJ^o9$KMnYzWEMN`@reD+5^8~*c!)dCgEs*$CrV;&erBd#x}!Kn2h9;6xu3=wt z0tYow7b`e>1L|F{0!4s4p16D$FZl3jQxyB?k{F+1c(|lk0cjyLm=gIV#w&nV7+!Yq zz-ahN*T)+SuXylAI&GB1K1kw|!8GwNMUj;+;ldQs5*b^n2ak=5%txB3KRLz`lfsgySXoVewHhcXP5@+d7%P^mVgVXy&kX|LqlRQ@aI3Q3@~x zR8~|4V$Wzop!GpDgAs+*8<_NDGSV)dw8XVHDM|6j69kI40(iwBoNngOf=WFzBR~p=(&pJGaea`?mZna+l+0>Jr-;msTr#U3)$WJ%z!uQS>hYpZpV!&5 zyAC0Z5LhXm)MT%#h*@tXS z8JAfw-ol=P3iIKW0^DQ@gz^x-nb^~S^5l|{hU^zOivYocYCN%jj#qqmdP&jb;|q9$ z+P~-&b4!s{t96;?-Whow>Z2}OpPm>bvuLg@V)7<6L!LmG0@(v`6HNA~K54@<6JYzn zcmaD3x<^O$Qxc5~G!9hq6(1gqu_X0Y7Z&Qu9l4Fjj4?Z8gHfnw;`Txpp!z&aVEebi z3inJ4dqTn>laB{4VKT$^j|MYAhEUZ|eSpjifig9oX)20~$7CQdJT0Fvdxha8FJ5N& z%uqa?nJmUEgo(T}lMhd3f()4hW$Kv(j|X4z;Vr`Fv_2}Ye^Mlrhrc9~Co-1j#NKcf zO~a6j2gS2nlZ{$!%)S9`D4~gNb!sq38?w8T25F(#R~J)QC@u72>uBrfK?h>AX0!ff z^<{16<<^&P9$XZg=-=Oc*ZlJN)30(g>i|nffW>Yhh1o+{YPU0H__{&b-GBdIO;|_! zcX$!)$A5>lwC4XBrk6H4;{YfmJ3H2b=hgMp^!n}+^_|)E`S~0BAcMBwJvpqwUys*1 zTZiag^!9*L!Q)QWZT1(t&mZkL3Xyuo_hA*HhMaW5Gp%5@-7Kg}!>y1;@JWr~HCTbc zg3}sal}D#kvOXWcYZ;kH9}~Q&4B!n^n5JHehXq-zqim4-T2_Cos0@#`u!yt4N*#}v z$vO&AXC`>KsZgI|Md)yI@p7fnRt#rXv}f02mo10r=i810HG`)dqT#QZ#p;tL^%3Ac zlGVpzQrH}ye&}SK5>D;v$HQ6%^6IRU%>uy4Ze}ZZ(S+%6lTyijD(y1-C0=2}a_RVv zp5yzne=z&3r!d}Nc+qhja#Jc(%NUQxSq@|`J{-VXUc7cW9vx|d%<%@pW8rtaoDdjk zA3o{gONxviHRJN1<8={M|33a@OKD?L1%51Kyg$WJXqOaLr(akl+RC`S{Tg&OHF0la~ka${-$lCVn=+Tb>-m z3m&|zluTyNMv~jJpb?kDPoorWZzdLu=lEB{@qIqNrs(yTHjvruU-7#Tp#D$H0&o&kjKOF(87HgW;HTtd`>$gFLMh|KTpb!} zgvm`KE0Ec8V{$M^BRXmS z=GRGsAT1RA>f$&wF#$V{;hnTk-t@}3=AHdQPW$@he)H)!E5#>YuOwcU88(S}r z>i$JEI07+SrwthgG9xk$jCtI7_qQ7uzC$(({CI%>wJ{|3z?j{geZ>-s+3l!Dt#MV& z*6}->u+J&-8qrnbWO6=szOdIho{Oepk83B3vDkppkRCm*K3*bcKToaac6Qn%i>yWV zQm5faKtY-n7z}+eoRt7Y-sth+$r}gg0KcB9!2y1qqL1;K7vFdB3d6$zenV97XIcR`x>z9M`m5YC z^V~DTW7?bMEx8mQ_M451&oj^0n0?|mlJWrWv;JW}l#0dNlH1tn`EU_uPO~wY+4}uj zqdPelJ6}9*?9D~b&zHBl6X&sk*I{hLa*WLM)WkL-Gj0!_`lp>lKzQ0-Dr75u`|-C| z@iK+tdQN}9-h%zZTh2WvoE-2R*HXi1un772O*Y_}(0NHtt{9*8ZqCKgUn2pA0PI&JUm!4-mz(Ij7#_ZWXbF~ zQ$%F;EV|qnR4?>z9MJXG@tKpxR3vhhj02&y-<^g+)qi;TqEcTfcj-5&rt(>C5l#ym1o^cry-^#DrvI-ePy>-QRwR;r~d3 zw133^ie4{B!vZcDywp%&BGFP-{760aSEJJMb`l)kkGXSaCK6xXI$5$u#b$xEa&0{@$ZL@z7X^T!Ob}n{xkswLsGfuX!x#rVkZjFH(~WB>NBAZ;*rXK1dv779&mRYA}j?;Jp6wp#A3 ztTfMlI(l&0SZS`*4^OL#4|U5{Npr|#y;;rB+(YCbtqAxjWc6)&`XyddqbXYAiONE5Q_YKki`o)!FL_N=;$$t;4%tVP~E zJ6Vqp?jyUoe;5mqcRw+i2_wiX5Txl#XT`r5cldZgnxLHRrmkUQttd@LKi2djyDR1Q zTFd^Z$VkIvhQ?U@XhGVqAO7iQ%hMtKS))3+)EZ_6C?Z?>43pWd$W1`5tx*5~AOJ~3 zK~xlbM200;hus74@rG@mvXeA&LqQtOn+_>EcQ=|Ocjud2uDMZ%KQ_=`?>k6i@1#xB zchX|leJ70tX+oyBdB%marx%yJd&VG0Tl3BYwmsKv-2WmNrP=mO7r!E7$79<&k2Xuf z2#?4(XEWZ-X8OXztn#;JmzpYr7m8OX;PJH6!E)=9a z_Jy_f!bx>1GPsnszK4UfR(!U3@My;wr3asJ%04||ecdQ#{?>xDysDH}W0C8T*>vlQ zWL9`TYfhS}aAn2OpI?KtpXI(vs>fPOlhwxUAxmlTnKciYoiuJlMg(bBAhT$_H#7_z z|9Q8J1Mj%Iv&@V(FKrg<{7y*sJsZI*X@Tc*HyZns3&A@l{rtFd|6GqmceghWvQ#WZ z<#Z8_svK1t=XVqnYkY>LCG7AdMy`Eie+>hxkLS`9X`CfZa zoMPQ8uNIllW`#g~T>Mxv)5d#3{+gbXr$O3#GT8x3^^w{3HDk2P_q5Z|12P-utXJ}! zFnRe-^O4zbJPy+GSL&Z2SzeAG^q0JLO}ucund#@mYge~7**RO+<2M`CoAE(AnOLq- zGFv;|-`ave&KsoJSNsn?C`RjDKSo>W@gPmhyiHoDyAY&>rVsw<0PCbV*V0KVCq$|k ztP~Fl>mz3U_*5qlr0Fwj`?c_U^++2juAhY(pkO!~#(g3&S>*Qb1yV zF}ImbQ_35_YkY`RQ=&1YDvASmnU$|RlqkwF7+#Ww;AtKz#R%f_Ns(&x!KClCUoff;2%kEQTUloA91L=}%CKB`S-WB2n$^A^0%E zhto_IR#T|NEU50#p6!!;kzv^5X1yK0FS<3Os^Qu=yx_%Cvy@rS_GO9nk3oM4{W%1m z_u$KgeBP9(2__|~+A5es{6*sSG7%R{*4KoW!#R>b&sl74AKVE zlH0Ln7FLE}8@@)JiP;aYS<thOR{Gla@sy><^Y* z3eS7UthI#5ObHL*i6v=TK_D}`kdZi3NVI=AzRy~MJ%<)1(JUXxvWIxuP<*~n24kTn zmFGjE$jsgpk*c<;hQVB#;lp0M!tiwP1q(ABA+zoJd^Gi;$ZYyvy@|=pwKvsUAKnt` zkDi&J^w6~*{HD4eADlTX1C>7_Y zMY1%=N!6A?P?_pLSJ;svA$*?J#~>p9W`cT{t4r<2Q-%LK zZCTBi%engM>cng+Vt=S8E%M3iM7Lk(9o1oVe;4{_7LO}}uwR0rdjPL6yhiXSNJB+b$Sy^h zW;6(!OtBwy$4RaW6_rY|vAhzg0zAeGrc;=JXzX}#fY>Wki!PqZtAl5f zj05O^*aPYx?0g!sXA-M`PCuEOG%I_sSs$+6i-NSqvY*USu_&Vc6F-?n?8QCE-5FW1 z9_^G=RzBI~DkCOJlITlvO55J88}@Euhwg>-&Y!dciGk z_5+ex3Xxfk*&DG3sE@|#lg9NKl6wX;NEmZ5e5oY&89u{v&m@_rSwaN`X~?)LoXliK zW|Y}s@=3BU8UNE$oJj-tKI2cCB!FEq&lUU4;rI%@8yb&yXPSyI0Zapd%T5DM<#D zuVFlBYL3Gruaio$kd(DveRpDd`aJRu3h-CS5WIpt6RzYd-!LSN4WeOS=AIjKt$blB6Psfy`nboXqsdQazkZ8s3^o zv_2Bf{S=&OWaK%oN@vZUB?C56` zlgY=Dz<5pYOpI43UPLsA@dn@pmi%4OK>2g3dN{)=E`GDo`Rr;dX-o6>ru|ZU_Trh`BP(QN zk&Noq@>4moqDD@+N4@e+G26D%8FXVZJmbJ6D`|g1@LnGODqlu_{I6@Jg~Iau&|jv| z-Z@(z@r2+;W6eiksk)Jig%%ELkG)cw`b3wcv5&1547q}HQzQj6*Wr;7U?3~VP?EB^ zvg9o-n%gWP!-DY!yo{4hAUqmLRJW4TcG@u6p}SIa|Awb+OTc-c(2*C9tfB(BKF|@F zUm0F9IleD|_Ax@Cun$EcfH!f?kReu70diU(lp?5>NG3W2FHsq5*CQr!ZeUX!CnRTKZMCJA47kF6_~i! zWk@MQjzAevKzOOb`xE2)7!OATFDs-QIi3urIRsxBf~S@ZDz!Lx!+4qD4T2|yRRqw& zhF_xclQ_5nV}VEv$egxB&hU#1pcT&Wqp z!ZeRPnbZu&AD}ia;QkaX>}jO_IEhdNhpiZoZhJg<*^hTUxk8xUU`*llG|^OhwH#x=8W|Kmu6_zSI>~KFcaWN*}x|2WD6)ryVSoKu{na*g1b8-pBcGm{PVTi$&#B)#Xi5^S;k^?`b5rDAfX>* z!9{mzP(J90XW;0SCYQa*+w91^kxhqDU`6o)!3#oe`z%p{+v+s_A?Qq_n<7YlhZWiZ zuP{91|J6)50-3zNA8&f`VHdB+v@kDTCZ}+%@k+W1-w}~{^{DMRq2 zu#%%RcVn@MXiNX#ltzua9+r4ZNX7wAeb6V(j;P#L-XwPE20nZ#@mB_$JAkxfOc=>dEIbQbR zRdWnpVR+4?HMBk zPjW0e#fKBRK5<-I#*f=P>3HfTo+?U}+s(Gd|vtE~PO z&Ozy`56(%N=Jvq*v(NmC;FI2#cs!YVn&9>iyHWt3)|h{RPJfb)DluOC7>o5!9+6o~ zzsgD)1Zl7&IaTXUgj_-I*%zHXLT1sNY*~~tC@r|-rKts9CQ5tvc`;qUo`cDT;f3CI zPb?V~v7{)5pILAQ0a6&l;|u}={prD59B&TdGcMlB<45J3^1_PD>=WaYV4v8;!C5ny zEHyS>L-4qK6OozF+>OSTqN$I=WuT;4Ah~DU`pB$4F0*jYftE-mL}t77JR&o*Tpos3 zUA#MUI7P?u`eWe?ujB&dr41ihk_-X{{ZjFhCCAId@$|@xr{n9x6UrEZcRj&}7r1Bg zD-k@_`VZiRtK!2$@M+msn9J;a=8x{=jC0O%rZWfd8X~jjGdk=LI9?nev*W5~iO7yk zRd2*Em*9XPZM(VQl~1sjP>fcl0U609;Lp*y(&JzDykF*M#(@$%8&lrmoiqs3e!TnR zKcOG}6Z(7jwt?{y9D+c$@rXO=dqcdgrH5_=A9qfy&Z9}-#eQRQfj=IJPn^`&W_8jV zmV%4b!k+SBw+A|vFEnF5l5A!j2J_%GrJO6vm_?jJAM^t-M{RMHe*qm>cQH&i{QLHrx8`9ozyC{0b7xt8e z2Rl|9ti_P=()cJ{4IjQ5UVBe??dtgOSbV<_9&11O5mofyGuelWy8Zc!TIaTIyPFto z+m6S&`*ZHozLtK!akU_AqTXDk3E}8Q;riyLVcT@8Qv6g!O8GLC_QH2r3^aqG2> zmAG9p+uOhGN>ADPt7`;Sb_HoCETZ=Eis*|@CTuu4|UR#+~9mB7)8 zdy1=X;EV%1*@P^cO8TuNI3WJQdTDP$Z~lEmfOZ9)G_q48TkH*yFORLytObKKnu6$l zqk1^Gpoie4zIf_Jwex~>$MkA=w7QnM?Mqi_Pj441!=zIbC+lSXDpZ*ZLNeFfz0US0 z{XOs>jDmUHstWDRopQb2EXYzxxT?s~fKHn5tC;qO*Gbcy^r9Y#&mUG_=yp7E`^5zI z!=?F!h1>g&JrC6NiR0>A2!DBrRmFC9&s)CxGZb_DG8GK9?B?0T5Q*Q#naSWgX_Ura zG-`)yn9OuN9(hr1+_wpt&4()^FQerAxp!xq!FsA@W+M+-3 zcVztxbZy_fCox-35cb>O-u=zH1!-Zam>7`mvST+N?{%ty-JRs6Dt%_H+o|q-wlFgh zjm4gII`?PUv~V_(+7-3#eK)x^yIaVbLxVK2L^oRh(qpu8M%#^CM~>T$MPu)N_xX9O ze0`Bw6-8-IeRri`S!PAK8bAFiX8UslX=@e>$7#o{Dr!pS#;{>t>AqNBD4Kk@QxFcS$tv=k=e-{ zCbQ_xPUAlHSbM2AlFX87bK19U;9hySl5J8dmHsM%v_c_W*qu#X<25uyX6Ntaxj^Qv z$ShIc*e;l+EGusrr2YE&7(rSE@PyMPaelYuj8qWUT@>9TiqX2vu*DE)LW^S z_d9p$5T)hbG*24)1vmS^yNTI)9(vyW&ASC@T38c{g+)84_S>!1YWp{b#~87h+xuJ9 z&f&@9wY^5?1xt_GiZzA)h~cP|SG{G~v8FRTk>YPGXGV_&)}*gZ<6V)eu?G!+OYGc_nq5|4JbYSsN)qsZ*D!>vYVACcK{ zqx#I&IYX(V(hbN3Kbf76A~TOL>@Pb=E1!k8qt{v*i#7}O*>@(hR%|7G?R1x#P(fr? zu5TBVzNKF6H@^mHKgUNga}zC~s>8jd^ZS&{4i6i(YISRCEv0+NY_Cel?D71$CrJAu z^q+tJ^Z($_pa1+XArzx6J$U)@cNd4D(D9Ssz5Hq>6r1mrn?HQ_^5WY^-@- zvr+u!<;y3X4fOB&&etzrzWiqM&HG(RyX-S6NRt&BOlh)gs#dYsj0W?|bZU>E%|(ZA z`&^prRvXdVGf?M8%$wW)hOGQ;!tG(Loyr~ld0gY+Q2&+%!`cm?si zK5v0n2WvKnPY>ez!|>@Kept;0@p-^Qkd{}O$qL-WUHeqnmtl|nd-1Zl4R2h8qMgpo zn~mDq&1d&-99NI_Z`{1Gztx>{qcl4<|Eya(sx`K%_pkJ(H&KDqr&rH5cZxEvPdXf^ z8LAKYGM^muulIr<;>l`oaQfUn(+baWCtIpn+-wHYuEi%hTgNXxiw^AsJvw#LsCK&@ zOlDIl_wIeMC;7|g_EQS4&Uy-Ko#%=r*I)V`yvFPy$(c*d2kPG+DBt5b9Iq(@Egy-; zLE2E0<@VNhyO@o{Xnb1hZLeG_M`vX5>|kg6{GG|nj(NyT@c8>+OWc_NHAzNfCKoCa zdmU|vr+M%S3DWX>NQ9v?fe@GpkSFIqB>o*{rlgX;625;0e0UHa9&CvQZ*KYR$L(V8 zOzg#H%x%cp8DBc=ytuhvTV`Z7b?g2BnY}ncccF;PCZnDpEfo4cG)6;F+W!v4Bk|a2 zb#C(eCsF&`?{9Wro_^6R$j#!D?|-^;oLlj~gw|a7`sMeDjju0i$6sG;zRBh4-S3Yc zZ@ql*#*=ZNgoCtnS}uI_Agx4&|H4Yik(0^nW_ZTGl8tWE_ix6Bt^?VjnY~(V@8-ax#&i+iuvn8X47gq$C3iE|kkl2EQ_MN7e*K`!5i3$^O7EFd0qy(KFOo^z@!p3%! z>W+`YTMVyCRG}K-r9pg&;}aBbCWwMJLQxTUp^~6F&`Byph^oQ9OiHx#@?Ja>p%$rd zp?D{^zBqlIT~PK?xR_gvyz|DXR%&T|ad%swvWz9#5`{`ILbaJI1Ep<#rv?uoZRQImRy2|YL^Rn zazMJ+?H_|G@Eg>gK`EKmr@|E10UwrS9D{_GI!F7R>eP8C9uLhlPLK7F4m20>yvGs$ zbm7_5v$@G?cm4{`saha`dv84+%N-nSI?U5peOyn@%gi1WiFu}(;O!m2hh;kW$bJ|; zGY-!^IcYF`Qkm*UgLqfaen8TRlUYT5#2{*_!IO@0xpD1mf|a=+`Yx?y@|1S=H%|Zhjav~=;Hcr zvygUOD99`{gMezd_G6^;0+3nOkq7aWL3~2cAV@=$N6F7+c4J^B@OY-^;^`@5sSGc1 ze2IRUm#8W%$mYH^p6Knmc(9~l_`DyFW=b=Nml;0EdKTeX%RP8^<`}>mlq@}-DVHce z@RM29i{pK!0lYw%TEyl8 zg-J3U>7jU;;}sg+5v}d(;?V)IP{2z@o)v*@RhDQGpyn^q`cP43Tt3;L%<;}-F2s=W2aBu?eEo zZhZ`m9l=DGH<$}0!Cx}Gy=ffaa=b)a62^G!dYTR;t7Ts|=tbBZ> zG}ymPoLlp4wOT9`6M(XY;7NNE%pMSV0JCVs9&ofdi1#p8g4rj==Yx0ycV32hCc!5Q zWx-;UCveKcrOIJ1`C+EUY8@7LA;XI&Oy?AH(_=BBQ`Z0hAOJ~3K~!Jd82oN_eK+=A zREKOJv$RM}B*5${_k4GzfyT)~ppGbI^NTvJ} z#Ct~CgC|!C;BiZ^r?Hx0Jdh>%AtzTtdF+y+zyAYxmWf?Pc#wsV1((om4rxiw5a&9>*dwG)=b0R(R+Jr5Vw!&x((mL)R{OD42@ z5p+?V9jERBTd}57EJs7}eV&77%IIInf-`(bDkY^!A0jQiIBx7?MO8bsJ`d0G zZ2eiIF*y^72j0j!tWCw^V?|(educcP!w-)h{eb@1DLS&JJ_@<`b5b+x2^rc53!yT+ zy%=wj!IVWQh(}*qicEjW@DeZIpq@!R&4ULEQ!Im!L5A6LhWaCMY5Y%YVRG9UAhU`6 z;bCgap6_n)yn%N7Mb(o!3RbpR`G%+bw32aliXJkvr|XE!#I*99jGP~jNDdt_3r5|A zm?cBbQ#@%G(2)Xm;>F9@AEg1j!5GIRo>`&i=|zMBr94_6WSN8Jd=9bb21ZPM$15Fa6DLyg2@lhG!;UA*pca^A(NQ^ z)tF8pfH!FQX31*Od&;F-j~nEfTr0J{u!IARTb=6KLd0u#sg%Cdt*xCeMu)DX{eQ5M z7P3z-e)skE%IV8aum9lbPbRG6uy0Wr-`!=j}{i%@}J5b{2miSy6{u~mYsg$X1V$14qzy`oR4n9aGntMq7ZGYheG8h`1- z<4|0Lw+S){R9M1<3{U7x!o@>|l3{o;fn#?_&vYqX)xswEQh;?|gf|rY96-c*?Nke& zvPkYYk`dB^Ta|<*K<+_;hoxh(&>>*F#PLoxHzr8am&)0t_+S9sdT+coueNbZ1aJNE zk)@)>p_U{-rVtYKiIBbzXEnumfp?w$gEaCo4hBb?1UqP3|JqvmN zlnUNpGrMyog(p@ZrJUFcV3yI9?@7ql6YPUdCBO zMY6Di*Ff+cI_+XW;iI$$YXVNOFw?qHkY=Y)jCP2~jPB=*--Jvwu9VH4VuJF6$;v0= zTgn#CmOMh6xndCpQ)Ts`c<=;fKVix&eX_KLJi&txyLi)!$IQh%hvWNX^(TlIIld&T zZK>}uS&a^f207Eo!f&2@X+qjwJS0h)J_$P8HCbYxh|IJy|=K)1Xk-~$`dK&iJ0>EOrS{A7{hV`$P)EG z#rw%}aORK`bmr(Ya)KNwec$+&`{<^G$K<f=`t7$*9;`H1 znh&0w;Q#M@_4JzuPmf?%L9gEX=Hl>8j%OU$%x0ZCPP;9?rI_tIy^{t@j~Q7e>4GyE z$H}b^uA~hM(&96R)wM-WPtJEcx8pqY%4Ho?EO`(O<-fvD|IvY&EE%5ndG)2jCfN_A z$OCu*9nf^O8M=iUpX!gplk~-KagDq}EMuwdv3N9PQ@ob(mQSAba}?B{?1$iA;_?-C ziY9hvr!Zc2#=SP%iZ#z-A5!496|EN%BB`0`Yl-D=NuPDL+Y(_Mo)1pApDngCVPE;L zILc&4Nj{jke2wBW>C5o=k}|6g!6z9?bMfW?9tP9Jnhs)&!0bTbd_Pv3=zeagkNSc|+tHhWxMqc@^#M${v7$FP_d zjk$9qWWj565C3aoguU6R+1)dB=h05FU8z*0Qb}~%o8+F5|W@$Q`CpK1EO!5M|mTskxP@$xAA)#gBM&zOvpelmE) z>%;6*e*5&vlg5{C zw2kh|#+&+^T)q7DlY@;W)w0E6wxv>{1UEJBBEj(vL7FR)9+su;#a1v#Yuq0Q((Kpq zx#~&O%?X7V{zhkwrOHB~hg2FR!Y*2#Cj^mQi*52BC)ytN$rXnOPhA%;TnQie;i#jr zc)=+zj@eW9NpxcLLfd;;Pg`o13;nCrU$|y_-HZbP5&x^{#1F%3?;EdO9Up$*_>uPP zW*oS#y>Wad+l%2Ro9A=KwZnzr+^ENAj;oEs?%IsbmSt^wrn^o?Y!Z2L}g5 zN6v>eO%vEYT2+ABD*5F_78vf=vRqR4S5MIN7QlHRj{5 zhv}r*siptgFUmV#zdY$Z`FiEx;_EkeYIok8zTDq9dU^B)%hzsf?1F@CuTiU2zkYI* zZRXybJpCs3X1~)cd~aru@WEHoyt+T_VUIgs4Deb!v~;pH<$Jv)G{3)p z`?XC-FSdQh7%4;}ZgXCKr+AVQ4juwk=c9JNfU%h zZfU%D%NU+(y$>>5y4Muc57}kE>ZJV)AGwX)D897ZsUF^p=!15(ers|W-mfA;6DjmL zzdbp1SbM?A%#(2-{zYuH*?Icp+lz|_D;rxcpIkicetGl{r+;|<&BfD~Ux$4tAX&3AnhL!q$v=jS;0ruwdePI zmo|lvGn<2K5_coWE>VmYOKw=7{$73TI5S?mGa6fN=%@D9!P6&e@Y31V(ZAQpI17EvwdsFaNVsaiqPgZ*V}EI-Lv$yLVgEUU*uC0;hOZ><2`d8$I&*5>9=Bv*G_LBG4e?{KBu&n6at?GjjNfDwK zQ=RJ8qn|IL>>beKgWo2sfm^mSHTxNIMCy&~C4WQv$`5wVpC9Ns|E12gQXkY$y>FzN z^-b?$!|3GJ!OkRITLJa|@a@G%)y~em*O`T8k1NyBP-td$uF>3U+oEs#VBVSbNd$$+ z8_1a@vzd(Mww#fgst;P)*qS{ykAt*PD(fn<>vu}}c-7Vh>IROzFw^WVC%=X_i)`ma zUuQO;KjP?_!(SP3kmlph1wa2U4)_0GmCyU}UpO;;9X>y%ijUr@;2YARd!6dz5l@do z7t@`}*2AA8(IhUgelfq_y6<{RAwZ&<(9CwXsT6Wo@I(``)j}Q4T&}TNJHa(M8-rz` za;v{CosfOGrK{E4)vx%&(xgE$TN2LqI(@>aSHt}1DrJ}Iyi7BG^|cR{o~awz;6*49nOvwD^%A%d z`l6yQubB$V7R|mIj~7&hCZTqC(Z#3w`2>BR7g02^AZjAPgZ+H}Ayu}8+8@f>#a!|; zpIXk;a&xh-@+wE9CakRRA!9vBxOyV;ArRSDECc_wJOpWaI?VD+(yYUI-WhCvUK`5y($2|bNv=opia3Hd`+4CSUhC(>z(bH0X38Qejta7j=v+VZ zVYV~u=)a;8OJ>ShGn z1<=Lhe9%JPY<72RZpQo4ffb!Ru1-Z`lQj)HGi6Y-6LiCFuOnyni-nw7)~v&&sm`6p zAn#ZLQV~`zU=*)&%i-PB(_`@o;0r6*ne~qka(VoGrS(3yCMxNH@nk%5W}myvDRMWL zy|BK{CFjaYLHC&n`YnfdPE;L#qKx1{KV=l8A%BwSpD*|j=Uq*tx&Il#hnX|reBNcr z>EV2y?{xUIGBDGagS>O*T+YddXE%PiXV1HMwcpM9@nJ`wxe79u*K>Jlu}>ak$*RML zZAk56&Fxozo(PR{W^>@orY`~zq{S{?9~|5txI&FZ=DL!y!t>QGxvC5JZ7un4<=oWC zUXcW8YC8VSS9ca{yrdg1ddC^3RXf!mr0rL$yRb^i3PKzUYb=7#TgMlDgOh}+sCObY zqrJD+u4hW*bea-vAH~Wv-MA{*^>+Qu-N-_>zPGoR5pm{4n(o@+O~z~Jmt^fonkK#^ zJl@&!=gH2r#5*@GA7?ztl?XYO=_@+nI9`HGG7*M}XO!coJ>EXynTQUr?7bP4J7`q0 z4Qu9W)LAF*{xxzsS+%5>SvqY<96^^JOT3OSjug4^Lme_n9-FyrAXKVIwOB^NJU&-WOQB@>zc zkRx5obLH~k=~f?)rkONTLET{eHH|n){F)E5{ICf_Dv?v-@Jd`(l;$Q1(xMO6D)&aF z7Y$j#*{RmreSH7Onz-}i$-~Kk1Qdm0y(lSCiCG$xM`QAUy%2fw2F}!iC5tlF*hJrp2C=#Q*3``1H^iCQbnU6kHCv{IAw7TP%^f4Qf7Jd4RJS#a?% z2bNKgmS!d`%FJ1s%;iCm6_RcrGQSd&c6ii2T{z0J&N_TzkOxcd;~nSf%rtJxr}B^F zAXj>LJVCknHCKG}L*9+@w={5{^jhYy$6A^6|8 z+o}8<9W^0>Gn=kfUW18V#A4G=4yOB_HGK*kZ5C1mk~xDF6`)%_U-8-lx!eeTX=Sf& zLy(5Nl&yd3$DM)=NfROKk6}Q5Kf%lt2JWP-Ro140Aq&!&A9gDHySuySiwp0iXW-uR zPPK9;n?cu|wp~)7h>xzD=r37TMO`yx8PeH7Ol_bj?b)-Uw*Ktn$7l5>PHtq#e!M|= zkgNygN+2KmI~OltUh?pof{)ZgSL>L^DPUx@$$5ACI+Lu2kAwyTc!ZN8L}Bzh0}`oe zuq8uX4Gn)4#^qBG4s(ZChMmBxa3DD$5?(565cU>}n-{~c4w9p@zh8eJZLEva4QrvB zu}?vM5Eilo=?UBu6Wkg|4TebMM_xmR!7IyE zhT`Q(`?|xUou_al0ggl@8_wgMhQW9VPG*AhT;C9%P$bUFgx3hK65ih$$8+>De2*g zT}U#-Yq*zS37D6FM|~uG!T|e%{BmKr43?vFOQyWLePo#i-oiZW?4k1|!xreL0)uU! zfrTuYiV;To2AZKjtOA9Nut}R4VY~lMTBTCK&g|Y+<@r8wW|c=5(Z0;K4?ETB^tO$h zS;n@#?IZn3V;w}N9C{AUtWKO+y9sx_LT?T0G?QaA_1>T zE*|ZtyaJZf3uA+!mP6WCN&7^z(H8J%*bO;dSb;3Ar;tc3kL}S=9hZl;m^`A1ogbta zQ>cFs7*AZPq$IF2%WMXRYFjcH7&*gUe-Cb~#|9gL<(zFpRx^-Hme|aJ<=0F@rj~;| z*Qtc&G%`L4?a9DQ!*~r3LAaE$!N1`|9|JDWJrk%%i}4{v{FRJ(*n$f+&gSM@ zV(*BDgCqS1z6{RnCo2$oa7~bgo!MNab;lw> z+MR>e@zm@m%j3)za!ug`LM|L);o$2eN49cwi+#1^-g)BUPrQ7tyI0S|&6FxN<>ogp z3ze5OV*Y4YHSi71dVFpmNb6K~XQNSTsxlS1H?_0Ys&=Mlz4jD}O|=dVst>hidl^|S zg*EJZlv5c6pU^(2g_edb2%Aj1xQCn?gmZSuKt9CF8*Uyc4^+$oWiV7^Q4;p_!+C@A z@j)KNcrG6I92^q%LW)Fq1ullrS8?DCpd^@#(3Xj(2&8rzZWXtWE+p`66Uv{Ol$R(U zRuwg4FI&T6r|rh_7bdO^jrI5;G_z7{63I;3Uzzn6_Z)@{?opARpw6Wr(XE#^u}7mL zC81wRWM`(HA>$)q=b&jQ0)rugCQf1SloX0(P8F=8`hWbw`Q+9<68SY$)N~TduhOIP_42D3WL&;(Tp3@MUSz##;dzikxIhQd#lL9LV$1)0Dt7 znGr`{B@8@sVEvT)`IJFsCh939;@Rzb5r%;KHx;``?)+r36EzXXO<-qT`o0EX9B}xnb^M(9{YcAW|Qc@eu)Io|0!_7qn66gbMkvrecKfTJu@GvFkb;~VZja_*f&d0cT|JzkPZQYxJH z3DW-O-TxbZZf$j^%CcQU2JH1>CL8cB+T7nlSDdpGk>B<^bJ2yTqv0)bW1N=RBe~91fhMiyJice_;Y%g6U}qMrVJp^aMlKut zlBWQXx$SYTKSLMYOju>|i%fn&^NbI^0p0WV#3YZPJUtiLV31!HQIN*UWJPwOoGd5ZIV{8fSFjvvLB#Sy%de%{0DgS;Mgt3B>HJyMVJpbyF*Zw%qXLwMFc zsewrNrmA3hhzjOemvF&YujVO&Te;G#OKPzTw>01l_XpSANqexiMeBuI6L)s!p0}QR zE*MjF`z!JSB$r3?ZV7B_1g|u;g3uWDxYG*EHoBy=?B~90 zwwT)-D@dDJ$*968`JL0`9slcj(Jqz-&M)P4jh$Z@fAaRX#f2v|TN;-~^T;E3`TW;pXI{PK%^#WPG&z+^-^9-@hwnV3W&Wj#iPpL}NEEF2U-mu+3&g>*N_a$%9 zE^cm)v$g;#-iO7W+f!&>`5jN;$Uhbj&a5d8s;u8k;2r;4=e4gpGu?>K58-u9H zktgjRkSEQCw4zpYez*Gb=<0}}$;18SsAYW$h2UAi@#IvsKS-;EmG5$t!>Huv(hry9c)ss`L&RjAU zxCl<(+i7k6eQvtLg0zYM_kaKSAL#SvzfJKdtp-Wa8mqNcn!grpHdY%0F&Nt4*u;gR zR#&em*r;7C$ld$A3@qT57P390t!E@PY;f(Yd??5!)FEN_7AH2 z$FJ{A@2;)2_V3=?sZ_iR2R4#f?K_>An&=8C?(J5$s@0w6 z|Mi{OR}RvIQqdfp>}=!9RzYoyxo{wNdk*JEkoN6AYN0k`S=Qa-%G%@DXlJ&2Q0*Mw z0cVCTwO-#j+})=O2PPK(?a%-CKj?#^v>b`Fa#x-A)zz!wi{H;WI7(~8pS=J5MbTSv zAh&e2`{MokUG41s%a>8`&vuaCtGgYD-BdEt6qx7&rtm#ul~ zU(Wd%jxaRSFllB%cOL8fDEY;4d0KH`AY;F85rPpJ{;$bPEe`!^OkV$TUKp1bNAtAe zfKO8X@$^|OLy#7VKC13N9;sbcV0LO}w{lQfJ9zr^$?nv{t%LpPS?{u+WKEN9&mQwP z^jMp=PS=Rnl0W?v%iG* zFTX%54(QiwQ_8HfxR-~biQyXJ!O?C7A6$kvB-#9bD&G|2#X>QEt z$K}N__)+?)kF*!PCl&6_SfS8VwR7j1sd9PRac29E4lC8e*UR{dGdl6_Bu0ZM?cc9R zj8^#l|9SF<_VV)V_wx?=sDYq5|O36gbDxWKvVQG3}gYkkPQM*-LJWbS`l4*)rU)~tt zRkk50j8E`Gsxrw^i{%km`~AGe_(FLv6N!E`uVzKIk7jNjrEMe^PDnCarziQaOmmlu zW!V`#nh~0RmEeOHmdkm5<~Xn6Agw3Utfc7t((%z1nZ|`;nQrN-Ow(7VT)aG#7yS7Y z;|-DVS|8t2Tzq;c-*X8|Enz$!4F=&Mg;hV_E6cPnfy1ke2gz{70THQq&pYbqlu%0$ zS$_q0`;0eA_Q`fKWG(Ej-H(Q@OJuw}k6hbUwX(bOXurC3d^gZn11VNZD^z}NFFkf} zDo>tU4wpyZe2-f)=N(Ja*!hB#OPo*lTbi3!2YH%|nwx0PV8*91{Q-FdE)N++JcY*f)5D8{d=FO~a8yubyyGlY*G#~ipf$MXGn#btaw?tgrEt#2CY zxs1=TyXZRgdS{!_JHUO=C0^rTrUDhSs=xaejI5N9A8yzvf=O#JA5nTdTi5eY;=F z@p1$wC$%@fzs&u*x|C~NUHw{lyMJ|ZlI>g`{H1YzwzQe+uQ;IC1>Yd8wR?D5@1zMf zT^5V81Eg>^gkt;jC^Y}*;RAeMdt!F0@_6_&wUBFy*a*}zMK}efLKl2Pb|bP{KEc~h zqb*#A1D4{FsLO}POLy@yU>7e_Ugf;W`7q;E5070s;dRQ(9$xV9WI=ow{Sey%kta{( z$A`?r0%BYNiO54V?^MFP=#d|C^$B^k)Xq%)^7Sq~m*2!ctGtTUuqEDKNUe~EMbQdb z$}N-5p@2gowgWvOxv=q>Qw2AlVA)TAN8{PdNGUwTEDuLHLCg!!J?-Ny%qu>;Mh`A|d3`({1t@Ml;o(7(2p@KMSNpQU@=Q?8 zP-qjFhjJ-sn#R9eDI^R;;i5LCL6r+@9XeY6U#IxuNo38!nQ(@M_bP?#+x&( z$@xg&{#NyHc3_=JDAs5;nf|9p`@~*AGMU>8mM5QZ*Y`JeI6;lg9c6vmjAHW{+%$Wyv7=nQ6zjqqEGJMT4E{ouSUm3b~#ZSk~PP1Zm{_ znt42jGs}0{hb@)KqljbkD2DRzBI6T%o<$-&xIshl>KpKe4{uT)?JTU|Btd+LC1TQ` zmGo+wx;z!1Os;P@8->bv&EZS+^`ozNA8lEP*FIx8s1>Nin;M-t6f$#^X#x_Q1V^Pk zfvm{PQ;6P~rp#uhvWrLhCS{tU%=I5Nf%D>MOy2~RCH%npj6*U!{+NeDVrQvyKEV!& zrSRdoyz;pE{n%nJMuci1~zP4g^cXn%86c zPb>lVSLHLM%$y${V&WoYhqvtpIJ2p(!{C?~0E=^r7xz1@y6w=w{f-f>yx*~4V(>)rrNlwyxlGAt~9#2T%-HyYzggL zTK{lX*t$HpqQP7aDh?PZNJ~qSZ^Z!!(smASDM-^wCgic!k;;bArG=`C;j-P{Te-JW zt?n*Nz}lz#mEnFZgs#&0Tgxa2-mDiDQAd|1$Qa6+h-N0(GDS$$j@p-@eYp%rNN$0AC=hY@eYi^ahu zQJ?)HT4=WTasB8sE@ng7Q#*}>ErVoae2}onHqo3Ghn^%zPvBZphnrexq%e=Rz{`s& z8;nFb?&`T|D0aq1d{{>P#e)}y^yH$6#s_^RiU}Ag+0dYrfP^sAgo@jD@haq5XS~9A z6Z58qO9KEe;zNd|GVtgt$jL`|LqKFoQ!tdjE!Jct2&0{xQlxCzdiE*^T~ z@G|hECkl}a(#sMa0$TLLZQeqf7pWJwFYu#I@VOuKImr|>kn!F z9VsOcHViHz)oiT)I^&6Cz(ZJN_VFpghY24>Q5x-u^bRU4NYFl2sj$OK*m4w?WHNk} z;Cvd?-Y|qhxD3t-jlX8XSpxY{7#t@0tio9$E>becOrVyjGow7{+Z#E|^uJlO8^Ny^ zq|MqN*SBx(3@t0G*kL?#gcWk~Wul*;4`Je*!q}3rrh@#E!uT@h+04Xv(6=COVmx)0r1pl1kAy9a^OD4PiSj)@Gr4#&God+OM!%H6v!rq72(P$$4wl>tgNv82 zXM`ge;E6b2rahthoQD1q%LILvK;IIgM*O)6_6S?dMPgn=O*ES|(rmY-fHxI4npz>DKD!PYRb${;0k^$nE|9>i7!hs=Zo&^)d%}HE{X$8Vbl72j?$7 zT)v0M?W*;*x{9gYSLc^c8%wMTLAPDZloT~AH5FMH7NqUm(!v2Djl;}bt6wK+}3Bl%BH@r@?TOAc>x9*t*aKGc^|=%>$3yAfKjKR&w~9lM5#bIk2R zCVuMf3COP?sc{8HO@b}Bb~0fIATwgGuP0?F$3uA9b6f<@JcWt_q*XFfxT-0>YD~zb z5=m?L4xd6Jg>!AvAsfo0OL|{ka-Rta%ft9YA8(R-fNowEac#O&%9lujPs$rqQ<-Fx z56fOY%=w;&mk2K?gonl`FZABhw=5Y$oQ=C&b!R5i0hAlzHlCl0`Wg&bx zk5l~m^CsiVjE8cF)G`xpzU;%xE*=kTK8&?Saa*Q|G>P1$FyvE`QoDzLxQyA#q9L{6n||w8O+t)_JZ$634)BA|{Q#>KW{Og^8P`E-xNexH3BWmcTbi2(JoM*%dO=B(VN?W*Xj;a$ZQWnTBMM#k}I; z`5cIx8JMUj&wGKWEF2YyzJ&3%S4t&c%pf1e4O?{GBJ$(bD8;P zkmsH3*vxcVp-8e0MGZMB{+N9LV7X`aWO-KCSIrL(hD?egG{!ppb6zk2ol zumSN_O?ZFaZlK7lP-#`Gtq$BMdvf{WZwHrW4HS)i_`OS(bhgf4o}U$KEWhnZy_m^B zGFwSh3&R%<++GR}5lTzoo8@6#cu!PIA6wNsQE>m|8#m?^hlicGLI}PmodzD4BLH3# zm}EnFg+5Y;x)!F!4r$W2*T`Ekq(YHMUTARf^vRi*7kim@&9i1D8HmiyUs#{%*NkGj z5gL2Bx+_Rq$>71mccS@tLQhPQ35(wsFj-GD)^k5zzo=g+4dUdPY4=*}MKCwcNpdAJ4R;>pQ02YA8F%ZxXC`ScLJXYiiLv?stDY4TW; z=?~`<$^frB{HbQ*M+iMomV`jsC$F^WSpS(k#4L503kuDrsDHukRiqe64QA3E73Qx^sH5#zEj=8&a8TPZ^#mVYZ;tb<GmXeRyUP4IHSWrbok>p@Yfq%pP9Q>ild6m4NfZEr{+iuj^r`Sw@dBw|P z=R}@)f-}(BFIDDm4b7j&M;gTw$$ExsC$Z$u;uSt^X`VUIk2hVsk!JcshPcN(yRLBk zSEyx*eY_xwji41>*x$c5?kW-#qwTj2Cj-H`Nhgu5XW>9@Y4zY=&JLcQzpOS2)h9bI zJ`@^_rQB8b{pIdeF1OTJ|8RMJe)(dlvDA2SS^xFdvsdxPYUS<0Dhl8lt6P^(8pp5B zat&H|9bK?Bo9m^xlp40Wv$cP_dD1jkv_LYbqYt`V7c(C})@JWKhs=-FN5LWUKqxs~ zsXUz8s!YMVpP`HF`d(dv7DzT{oweH6K3OmYTV#!gnHKOwIV(NFPuUM&a-&I?>W1&_)O(|CB6 zOUKp2pxmvxpget@6K}}-bWYINFU7%~J|ioL{!MsI+EK1N{h?@o{MeYB zeu$mf!^I)XEI$3^PNi}<-KpYY>()#*&YYPzq3nMJ&8eS-<-uC@8 zTO889FRz!2<~F?@yMZQEaAra+@_Ei|W1-O~bZ3)RaydI2yGf9ieY389$xJhxZ)Tdp zpyFvhF4D(Y-hdar68}XrQ$H_ye>pzyXSMpE3()S=P-C4FG zt{|;11qTY!TECyYeE;gz)7-Cr{PE`e#nsYDGe7I#+urSr$? z`&TPhjkEK314U%;-rB=I{&;%1v+Alipcr8@^$$tG;h(s<*UW52CSv!eryorZi_y>= z(OH`gO#HUinTIQ(ZDX%qy0sL8|D``-X0JvsI~V68$&Hy>y_gMr-o>Xiv)w4Da{mwXJz;V7q?N5P-0nFqz< z-I(>6&g`hs&CMsRzvyO+S=Q*t=8q)Qe*5qX|3CR-03%NJv&|-ZFttjYZRj;Cno0iJNJ;4EqB}X z@Q;#E{-0(YYWU!^q1^@a*JQ5y*$df2kz8&WPR&g1?oEQUpK?X>N09b?1ZjHO&P_(| zu2p^>?*W0e5xmpcf8g`}nl-aoFUtAvdaQf)dMz0m9W4CZsZ1efHoLoZFJM`d-MxDG zdvIpA5TpssVr~HsT5>M8owPP4H*-gyyAEn2xVeeT+C}c(WXU?x+Tv}woF75jw+_;f zGh2wxZB_34GM+OF1s``hzs)2syg^!E;$Q#$-~Rmb-~N4x6dc%WG_Kaq4}Q&^U7o+F zUtLw-ww7M~etvoR_UWo8neFP~+2!TaZf)u5dHrgsw(|1TO09K%etx#jD;JED%=Yjb z-${ei(wni6Uztw6By8chbr=jqW)EA(!H^ZJW$Hg>>R~goTd2Wz$d%^I4W4#xB#*k8^p7CzJNc+Ka%S`Ul{>?nnbmiD=y9idxM;=tg0xT8 z#2?+~kGfZ`(w#Y>yR;PFdDFOBTIxPOSrQ891K)Y8LM>(1;f*zI1^+X?zSO7{b}~z~ zr5jcpxTQO3l1X#p>88o@E}N>5SBfX2!w4&Ozq32P{CumrHhmGY7FO!EroE$$31*5m zmhx?%ZkguI_|ypAY0Q^b>6T{p^r3vuOmSY|JeP;%QC1R6yG(5;FE~6pyGRXjkhZa% zBdh$spk8M(Mzz*Tj^9cswwbX9`^)4{nR(~r(>Q=;g%$EX`gyk{r}|Y;by=p+XPM5)#Jo~pnHha2E%~6cKfm~Jt6G^#My<&%c4nHN zXYA8duFsB$KD^+=_r~JgmZJ`8_JAd$oq5-hAV||pRqRtP(buH8=8fP*Q&XEOxVrPk z#!+K(+?VSu1MYpz5a;Y1p>dCmGi~KTqMBX|CgOkj9;N-fw)^5NocPV1W0r zWYLdTNAd5*m}y4yTz{OI$<<#+xe|lCGZPG0z7Ox~^2`DKR|oW8Q0(q}bauBo9rAT% z7s239UT4-hXzk8heRtCSlC);BCnru^g%hDQV6i57tO?r<`jC_CBp7-0311OxsllFx zE^+E)uPEUlEtQHFzIDZcf=x4c-gtMbU|LT zGdP7&ikx3r4&${)sxqW~e0~RbSOS7q9QEf^W_t6K5PqfaC^hLm}`(A?ehzEh9ZqxkgP|mZO6uau`P5_XlKZ4%QzXC zM}FPuNm-`3&XN4In+~tgbp8&H^9@0e2038;#uHP$uw2Gg3R#{=R#=>0Ok+G=>jR4! z$)X~i^S!W}7YBHvNxZQ>o;2p+Ro3%exCM(Bu^vL^vL$9CgJ31${>&0Un%5a z)fKUXupz5l{~diMuh|-`_JE5o3E7$GgG%-FV31}7v$d1viF;8=bZ)=ZYE_;uTAwU$ z@rqhatJ@`sOk65&-!xp7fF;XoAhpiMA5*DOd;;wxyg6{bygcb9EEet!T5=x`tM;7p z#XSq26<~-BKEy;nF^`;?HlN%W{U-WhYv=V=Yxm~`$jNPIAn_Yn&ZaX@q+`v-3t3f9 z`%Iob-mwJuitwP~Va}Vwc-}rbk{?eBTj&nYEls7Ki17Ks3T~ASvBC;TC^#h=k)JH* z#G~$bYTe^31(MQ@>Zf8CvhXU*#>{q&ES3HIf}K{RMx0q-xi&ZU!-Y_!TPLM$G?P`K z(L6m72jnkfO~QO{2v78_jDj?zvZQbT*5|(V!@e%Eto89>nspZQdGE}Dc$(`!%$%#k ztAo5cf*&$7xp>XXgV+v_kJR($ojJ|X&tZJZcRUqS^f+U10cIahoY}p#md~9uaAvu9 z_vj~=Gn?OS9ki-Dvw`G=D@gnF)52>SB2b@%GFf`T+; zRn5Y;ekUz&lROrXsnno(+|gE9746LC=rUR%>*uZ3TIKny6$<<`FVsu0gjd2vModYT zC2-`bBpZ0vfiuV2m!N$z`xtT`j}DFSN4lh&w)WsWwM+cWB z&MRJ?w-3wg@$H2KNFieiNgc<0Ic|`;8VN`@g6kx49>q8YF_eVt<|R9RcLV%dY;rmF z`SBTkj1`LH?A$WcBiyX##;&Onx-i-qFz-AFixcmV&VjIM9BqYh5dz88Ih=Tk@_EYR zZgO70JX9P|foGb8PPvF@4#MkcIKSZ7Qe}zcY0$kq*F3_5kHL-glP8LwcsWmW9}03ZNKL_t)(Oi#Xxmrki8C9xc=Z?Vkro(ASM5?G5)D3V?aca=vWR5YKmIK<=XwDx z`dj6A`p$0kc;0gPK`WMBub*Zh`v#F82`JNw0|v2|yuu{ILssVUg!%Xn;S-z(%W?78 zOtA5hiUTm%z~f)`M)5s5o)XaqX21M=^)Qvd`i7b%6)u2JAZL~v?aZvu1LVxAhqIv& zyckfo!?NtwH!M$CCZ0r^C`Nn9TB=V(g@%fy9RbnG=v zFJH17!BAuhywl*Rp2^0MGs`-YrWL)vwmUt2Ts@wPxr4OWc24Ma3nwQuusUH|kVAvk z4d7p$c($(Pam9g*WNIm;Bscw&*;e;akaj!CZ1oaOPYgwRL^SkD3KC}Lkwz-bc60lh ztIyc$-Ol0UgavU!y%;y-cM$uiDTusPNeZV_Nbrun!tEzSD7uk?Yci<*mqKpP&7-Kx zpGQ-oWy+htE1Z{Px)c4O!jZI|;>XLFPxSFfe?-l|U&T#G=dB`n;-X8QIFdgN zIpvX)fG&A?wA0J?;&ywJOq$l`hiHMHBEh6(g_7I$vrRPHUc7nM7(WBUj9G8Ouq*LX zB$icX+#Kqfi;{GNo{i@&xcE7-$&IS6GsI zNV%{+q{VkKKEKE>_VJ2`R|t=G!Y@I@JmJyF7bW&f#;ZtJKOP^6X!ZbKPNj^J(&IcX z!QjW^>H%0;jFQw#fMjXV)G+ReBr#sbnx~SUV_wF*M0wT4%jg2t(5QZ*=nZvAMVgHc ziB()BheSgxBZnv-y(^Iq03 z3);uMdeN3Nk?MaUPuoZGz!^dZH%OPTJZWqR66ZmGWZd6AUg_tF@kxAq0%H zXs1c|u*`Uc@gNxtwu-OO6EKQwd_Z{>5e0E!;M1ZhVSPpy32%^PGF~aw?YYref34)t zyPcio32P&Cft*s<33bx!lOz|?d7YXbU`L{6eP^O@#l#CR*X2MOd@#OZ>$IEWM zC)veKdeiHRoLK}pGb=eC-^*QWSdlk-n`0+i3q=aW61HR+W|7dn{mRc#|7CLRJz?JU#3=Oh+GAMZ z)7pP@pC_}mtl(xQt_dqAB*wyb!`y%5=vM#t4u3M7M}M}98T(X`o6U4s81}gHw(_JE z(j<33xv2peza_YcLON`>+ug`@mo||}c=zR(KsK|NDai?))a!y$0w{WxNC7k`R{`0s zb$9!?%$UP#_&T1H^2Eg!$<8v9OvPKOhYye7Q+<5GpQlO8^?n|1$U-dyTsDtQdA5s&gn(Ys>{B5zFd+ETAB5aiuUh z{zKAOA*1p$ox+l#%SRFS1j~j}EZcpdYGn2ro9=AKCW*0r?L&jvYXkUH~q%_s1qR{NPW!9?AT9&|mZpmm)d%7!498RCsbzY2(i8d1cxOC0uTm8x zWqr#YeZbBG-yt#CDaR!T@pXTq9JlLxE7#qp*|=C(M00^~L)8KpM zW!^c1%1=EJa~_yi`5eXho?_QC_<@|sX9Dc=9k9*E8GJb!D?4#`qLC652({)qaYNe_#9J zpuIc1#v~Ix`sTx%sX@!><5iC*O6k{Fnxm-#8eii49F_I49NsydJ6Es0_qC6l+2)L| zGn+~JIx~2NJTnssM%>O!h{rc;wP38VSGd>+#1RPQ(hgxe}$Q;&)$7z0!K29OC}5+i4SawPtHBhWX>%| z_wZ&)vAfH$skMib{#Q}fPc!a^>Y=&a%Ijz#G{3XosjeMApqHErn}w5=!UBRzU`=gzlH!GTQIE_Ro#>+e8sSlg%VjPiY_TKe*Z-Nmj?!i?l% zc7EWkTX+aC6Pa1e)*4;om)uwWf>Xgj`MsAmfC#!NQ82~Qesu%;>$*(}<(mTCA$ z3XYq9z9YL-FC*#NdG<3PiuC4 zWp<3GX;x^~*ej;Ln|zOjm0M_3FBQ8!#kG(#JBkfV4we<0i9{CXkTZMJoxcFp#Li5M z3&o6PHiB7gbLM7`O*ev@_U$>dA1OG#c?J$)d+~Ya-ltJ7FFF^Xzf~&tqflvgdH!ML zpfd+a!mOEwxpJ~{vedY`YAoHtXRH()JKsD=6NGfJn7#fLDl4#^`cZ1&`dOkF-yV1? z#+un&+4c@G#9kYb+KREhUT?Sep6$gq7h#EeG7y@qWskb;LUwuPZf+aE8?31cEv(m- zTkG79AnnGVFUymbvdyEwqsqg@abC5yChoL4^U)0ytwkq-zwNd<_mQtlX6?FdmlFR? z#v7bj=vsr>2+V7H?dJF6%x)u38dAT^o4J9&YGbC+opZfAWD#c;h}61o;&!nP&TM^i zA&C=qSd-c8_DQ{vU5I2i@f!6TtPl+?n75dd^GA^OjX$DoZpWt9o==YB%r-)gtDSpM zm=B|&g*%z*M?#!YyGoj>sV{@hc?Bla%&-V7(^}T0xZ6#N`dp8&gB$HOHo{L74v$Ho{ zRb_2wGPgJN{0P#%d61?Yq0nn>tn%vC#Pr%Ue$yLWl7_6=N7b$S(a>x+ld+}Lf0yyr zoAuhYL7EkseY01WzawXMJ3*Rm+nd3S!B@ODgC1uVizbg6n}zzbXUv)HA!pXD)v}A9 z0_cjhmdVAUfraIpro#Qpwvy;(X7D*0B zMGVit?U5#*`ZUG$7cNeVEK4WtizsWYKfl#8+z9LctIQyovfUdyJ{Wg(gqKlgPGNAJ zy2j$$fI`$}GV1-XlBS%Uk>d`xcQ@l1ib|$f)+QWNq`9*(ZFzX{d|jP+fpPYb9Dx&b ztq#FU1FUXjnxKJ1*dm!CV0T1%a%^^)Afe8@d#R|FnR7Jv@`rtAHG?4UMSw`d_jLH{ zbojjBGY7+DF_+bWnImh?5Tk+>{|w@NIZh~xOHPiW)BLxbx@pNArK<*J*WEnq&y_8E z7PMh^A^(yqeqT6^U)bDr%pm)CuEpaJ5~uF&yM()5y7b&tG2XOPP=3Y)y_QqWk^rAh z8-FTV29f;zD{L{&R7gUt;#BzUYjolGU35^x*MH-KbCmnp^KUzYWw2 zFH7uoHO^8KEEB5Smhw3^HU7PsPD|daaKAXd<6F?KJZimvw2(WAkgM$VLH@EK4aeHM z(HeOARaxxt{#hjreOQ%n*t8K7w!IykWz=vl8tinY@7~Z5?)FRJO9!MV@UYoJ#bc&> zS?W?whOw2QSi0f#k~?`kV&vB)|F*CkdGDutEA0V)@XrWK?-;0+n6^r%7n+nI3OU2( zv-N$i`@+>yl;bzoCk6A!QUVQLuqu4cy6* zX1&oRW*^OsybVl_JrtT>L9}&?`N$#cGZi-!)=j)^i&O;kcM{nLv!JzLiy!po{c*#t zvoxdOw}$e)ATKisl~-ldrN_9&Lm8A7?BS4L`1b5`P@=D3G;YePRo?M3@!nEJ8=0Zq zxxJi@h(lNPKt)z2tL39loEXkmlRtXkRZksqN00x(InaV6MmHME14ZzjXmWaEhH2&8 zj#Z_2M`bGz%NdyiQ%w$E6H#!_L@*Xf^&AQcoq~vP^jTuhK9s8OBvkI8BzqB<+d040+>@3iU6$J5#s(1+YZ@) z#ernb*1FEAjQN$QA8(CH>S3Kn<2Nh7>r1CSa?Gh)It%LZ$}#JFX^qHt7LF-R_KeP% z=%*HrankL)HT7`^5ePO>{a}*idAuZO*)Gpq#p`f%w_W!*LWdG zr@I^x_Fn|c>AX!An$~q^2CD1At+l_DNXD($RrG(3K4DSJ`*;YXLS!J5H$Iec!HbZ686R^E*F<{NHBIv)d2dY$s}9-!Vjk5?&C(PN5W|CXU5xLcJa>ya})f zd^_*NpjBJ`)h2e>>g~UmfAH-6TqX|X02Q$g+CVUNIY&{klnQ@8T$;=EED_|+TA)*x zCyp@VF|qqD^;7ZT%4onwVxFTVY<1wE*TA*}7_aose7=cCJ#vsDAOKDydSAxsP(44; zlj|c;u;Q5Z_V`Ya<z4R^m4X0wGH!}5~1+hU#jkFpJkh`&-K05}q{ zc58>~$uec{r3AWOOm?OJ;;8mSKBt2r&vrX}?c00!-(ldWdI`MC#_{I~9IpL{h-)_6 ztpj>=-R;MaS*7meW;@dbHz^xNXCj2Cr8pvgq)G`fB*8VOgzr!1ebeN>)t^Fm1-8|; z)$Pxl9=LOj8nC|&*P0j#m$mZ6RVK4w-?_pa*YUN@q$z4`4?c#J(7emPj?^S7GJY>i zkV-n?Cb9%KX39&M-?Q)x0ERKazn=t9W6d83uvW zHAI9|Zq25EhJZ!Vy5Qa5goMHjqf$gubCIQx0&%>%?3lh|KJOn;XJ$i3X85u5RyJw% zb@6_-qZC)>=rfwP>ZH8tLwTQ99;e}64>QSHMn(^?78z07s8Ot`+44mr#rw&*N<;2U zZ3v7Bx?15YL10F3=YIo(kw3{))ip>^uVco#+n>daziGlAK+vzY+&J#8+o82wSu22? z-ydXDy1i@?w7nle1KeF=>HnzJY65vcnldwduQU$N@Pc(U+&f`|?N6ZC@{D+WW6TS{ zn@Y@f&PpD8?8{lT7nQ$yb-Ztxt`y4JMEmdY6y7Z|edMhz8!8?xNQ|HiMyg#!=XoTv z&(P9kvZ#B7>+-FER@g!0)9ESQyx|Ai8-4Ur?1-&6@#5CIlVtaINmw(5(`ouU`zOSY~|{&Z=hJMALs zq1@^{l;6J;T;@oO!-^`l_^P!Z>13s=owKu;&^9ZDU5e5RVoF)G)s&eT)cibBzYKRS zC46x>`ZNEv%YYTI35y?Q(@1_^<=1FOM!pi!)%B3aM^mEqPl=kf=fU&M= zM-JmRg5Gz#dPu(U*XyMRq7M++iz?@Oe?KFHH)vkmSv(lzq0&I6P>IQ-bF%f6zBeM+(`z!M4$W0!p2MGMbGA1cJLHPm?U}fP?t;@DsXoO% zYf5wsD<`PO9c!H5NcaZvkHf6tBYYmo97_c^J1YSqv=0u(7I=t?T}u4a2ntZr)8W7~ z->C)8{UEOYgyG*al(_gC%gzsolu3_&Pf2U`*F2s@AyUF|WA`)JlRsZ)U0Wr;g?iFY z8#(@|(0j(ezpho?bmh3LM4Z|)t%ML-XId9Hf42-cyGVHwBR!n_U5aB~yiO*E`Giz9 zuP5v3egeG^XukGOGW#o8k{kpq6v_}>Lt6^zRAPLYcq^A_v)?rQz0|_Onq*D|gf_lM>vabeJnBVXGsF`KQKP(JK^VJ5D z;-<=;Vh)yc78f2x}a>Q}y_iD&*0XWI1p-|p^KO1xbzb#}Sf@^|h$*-Umog<5ee?+X0bw5e4nm|*wrYp{Ob>E$vmaRl`p zfzX?J)|=Q5k>_-d)vRLrxmyjSad@5BDEL+@?D*Z>-yPQl#!N+4->_ccfSmzZsQ(Xa z^7?@}3;-~Avw>|-$L=PKMl>lyjU)T{#TB!G_e;zjr4(hpc66y(aAD)}d~vl`o=?EC z`o_mz_ERY)aV%dy!hKc;eu=VpDv$FIJ39;WrV27Xtss@%cJ=SKK3MP~wBN za3!xZpzcx|wlVOvX2dSs&z^_H`M*p)`)@{BSfecTTRQ!_`o8+draV|U!Iz*3bn9`G zs2&|mI0Z`#Wr)T(_Y8a$L{4@yr%R*66VjxIwO<7+FZFiHuzV*>d3j)3k`3*TZzp&$ zw#fi!^;5ddZJ%V`L-%u&ZYm#I=HUGwI8@^f-fzE19lae4Hx{Ewr{JL$=zjjX-$LPX zlqe;?lt-ByFF8BbMBgsY$r=ArV`jw5t5x--zbXl7v|V=c)vlybP7yZal3@f>xX_!D zN4xylAFgo_rVd(Yv_5koPDzg57H}Q4amG($&~3rD>zB1!xETO?|30*T28{Ama%;iQ zTS#f2ShviS*;^ZmT-@#aC}r+q&1%7}+!Zv%E-A5eE}ers{=H*9Gv5>`ElXYSU2^KX zz)|Rj{=BQQaEAM(;+Ebx|4*M8pr?q)a0)|nrIufIX9x7?b{D2fVn_L}1u~2?;)JN* zF8SGKKO6vSKU2w?9zZTLORgthiv67>?K3&* z5V|ycvfV)Jsn&Y;N-BZ`C307o>Oij}#Hl)RUlvsa&*mv;OAM_6HH{cw)QYi=l8sm) zv*)7kC?n;^yI1ZwHjs@5{~!Q}z>R;!IQn_^dhRW_^~H>zMB12y?TQ9hzc?uF$*K`-&2!Z!iO5Y$v6~%&FPYZp9T(mF&~eN#^iJ`OO&hjJ|s$EB;*k;VF07Q`m%S zR3@(r=g9MFaZmEeIosVr4E(jt`GmCBL(7x3(WrgC4ScA9!4i5X`&d2f<-a-cTQ`4W zyLsZ6+GzV7(4Pq*)C=1yXK^fpgo8hxB$h0TlrYO$ME6SXVZxNnPY{~Ji`6lg`h{f} zJEbhL@9+tFU`7_~twisqTyj#k2ntWKu;H$ec$h7@Oq8AjnxPeA#(#Z)D4QRM#NF3<5t-EN$bdTLIw~p-6!C{rk#MeE? z0Y@vAHVR8i2c1h2aBG84@#Q38OJmTCo?oUxK{{p7zNQ8_edZD<%t;?sDV)C=`dNDx z-BmQKYWQ)#cmTttJ~~sq#XDVvkL{(z<&(O*81 z5f_kw&lkDO5ZiU4&CY%j@CMXI5&9cXjZEJ@v#jx54Pq2yl)WweI(_=s{C7rh%`kM9 z!GDUDTWt4ehg1fs+}J1vyiQ~Oy{I`)6)QUm#S9o&Z!eY}?X*!kgv_pY!o)1umT#XQ z>bzr85_nuU3TMLV&Y)Xg#Rqe~4yhz!ZwnJkLB^98wO$3)ge}xj4YDSqFlW4~CP|=H zVZs;~aCD6#@0X`YGOU_8XD+&BAtwWaTq_&YS@1qF zr&q5>(yfbWyOYDVP-tei+QONkbm$_XY<4?tL$$belD;C2c}&klDq?HbcV7)r$qZ`} z1f}{{JR$$elWCEol>h&^07hNpBM3Hc`Yfs^n%9l^X0e-jZKJPqmLDIwQ}*iJ35l5L zU7x$0>+L)5j_rX5rkvHfae`8lElp1kd+Q?U8$WhL9{C5jmHsTK5hto8t;&^yKuYwSKr?Q7g9857EllHE|ZjhRAKz1`pL}YsrKi| z{&RXN!SM*J@b#(9{;pDS`62$~c968t3I1I!?$EQi+Q97pk$sWnm8OAajWf;A^7Eyu zEj9tHaB_)Z3L2vb@jTw@bX~d2Cvz>TWNKM4Dg9+4&z4K3u6FAA-tQr#L(c;u+FCWM z+HlGFWp_&aPDEimIte@A{AiHk@QYN$$dgxRC6?y*TA4m;XH87SxI_i)!Y}+uf0Gk+ z?XWO*9a^SG0uM8`qXlwa6!RpT!#VGQ=Kl{(&4e&wk#{c@QyDq{m)SE3-JT zrJA;WbNVRTVt*jJZT@{!sda?P`edd;R?Gvbh(XbGA`b4{{pmo&o>mqK$7PtTS7%HU zk>1%L8f6j-fGYN+yKZ^z^swGvgf7bb&Z7N{s=MN;{$PjQc*?oHyP(T;Oh^g3xw6Di z-i_Mu*~s5c;mm8%@}RTFR{{)HvE7rBwF$?EVkap;OT?sQI>WUC4)5qv@GtQEdaZxK zs`2kw*MkxJ^-P1wiRy`_z#lyMosGVJqGc$EsUZD!z;m%zY^Q~;d6K)`E|oaonsvEI z$^)hOdcDQxc}X+7QG<%`b+BK(b3@$t59&(kh9g(o0c^(aEbaMIQ`chl)hZ&_5eQHh zz%Es7Z)|VvT^>=W7Y)xXAXow7$Z}&bdWt*OG>%j7o3QG_Ki__dFd9!uL>xVkK`QJF z91oB4c-ps}Kw2RJbY$7qjUv*o(x*XcY09H31I}LQzaOWK*z3Hsal_WbT}32v#nYl; zRUvvk@cT3Wvn36}Wq%g`!o6{E(&cVHLHtM-C{(}Uo07)V;@pm}UntM$2FSj_-~Fue zXbIIg1BNsORT<2lm-!swFMoOY){&MQk-*sNof-pYWNV@2Gj)K%^v3y81qCycz6=RO z`pxdAOWSHPrwnuu);B~VS&5oYQ0IjAiG^hz3TO= zu1F>)Z3D*=&C0b(A_L)LfB58GaEfiZUrhFOE-kb^L4U^W(O^FZ>}MWr3BnvSytVU#-pPSE7>~wkcMM_bct0R4>ktE!0Nv zZ4WK!I+cI3QxQ>Nud&ZpdRSg7zgSo^(+zO?v|&6CbZyjVHtXulO6nxg>5nYEvTVNQ zt+kyKy8`nR0W+EUE=-!(GM`l1?xp)X7v@#m&gQGmkw^5b4MYS4gbpUjdDwHW4%n^^ z?06~*{_;|;vIGqmp*J2=RSwmdpLc<=>RAvUJu#of6j#O8SQWd&m4H`ZmTYdQfxF&< zL{d^a(_rMoy*<8J@x=jaHR8Uq(;;)n4SR>@8F{jsH@Wb!(|=CTjl)4oeqH%UJ=&ng zYe?cn@8JjWLH5!-cYe*lAOHKR1tizz-m)v#@Rm$AS+7-K>=5r*+Msq5N~-51Oe?pZ z2+7ANI?W9Cn(s`)EKE&amQUh8`1luP$F`cUZ6;_2=7>&C4WRu(UAOLFvqPU3mkJuJ zERN4EoH!L;VBNQO{+=H%PA*TcofR5JUw*bnx~w8vz6^o0s*jiOsQT1^v%h*y5{A_8 zLvLx>N3z_d8hOjt2~;nrlQpPKXVw1QgrQ|>$_($6a`En27es>q^d;U6yUV(yO+dW` zx$j-0E>?S6Z$70RH6BT;Ux?i|x`^S%(xn#CjAXy<_gH;n4o$`3*@das;_SpQ?%W0;W3Jd5L6= z(Dzyc?fkNuN2`GT?!#SeUb5WLz*Ek42126aX^N2Mq*T6ebyW4{~UZ*=Pjq;+{q%p zr-UH%<3KN6gRP+gvAWt-KJ|)8Mza{K+14ysiS}qv0VsC zNFhK-SZW-n#EB(~cUwj2FBdF(Y1u>hk6PnWcT>PN?n)S8Fu4`}a)2UPgUN9IQ~(rw zHdvf6o|KccfN6#WDmff4rDVd6&N8yPHk`-KaRVEXP=|*(jm|f?*uXdM8v{|2K~h`D z&jTM9_kZ)w)6)O&$;-gi3VBU0_ouDkkf7tPm4sqk?<)rx%#70#Iw3|A(%{1(K=n|d zU?{;Cn*hAT#ir0^Gk)(JeIsAp*(Usvw7N%TP^uMJ%!dk+BU+$}t;-7yG`(58&-JX6 zukx9+oV3|QAJ_hk7T|q)o;bMUGd4yXs}U;ggU}Rp7lAgk29|0VGqC!tL@8T@?tI^% zQr=Pi_;;1Db0OCdfJjeBP1uZN5I$I1)1a}eiZ=YFA18M)U>NI>GpWfmf zy`Hh=Z}i^q2?TpQz5qpj!BQFD)P4$c=jyX5d2J%rnde(LD+|5oD!>0_aI~E>Q^%AZ zAv=}3-TqL1ITHGf@aoUCjA!;1IIk^04#b`5mkTDr8VyR=!+s9U+F^Q}doP&wjUZ;& zf>oma#Wy>M>@d9aTvS^nibGkT&CZC*<1;@6gdNbDw)c=#Bmj$UcZ$5yKE#<7!cH%7 zM)EfRc^f(KomfkT^OL@-_A@C>ylwt;$(VCg24L+0pf#&^90%qaDqJ}`9Uv|?n|OA6 zxH;SB6F}6z&*87?5tRebCiczdJi*cGQ1P@oPqIWGEIf{Sc@v7G15;dd_dck+=Cp&i zM4q{bDAED!U%l)V=@7zCgq|9k=AzBK&W!QCQ=4f@<7-Q&zp&(q$Y4T_C--9b7+3&X z;B@?&)In;~1F?lNtCVQ+%ufodcP;HtpLWcf2fe-;PYMm9p8|M`uzI7;uOWp&IeZWf z`beK>=E887CS;3Q@%`-O?x}Xwew7;%68YhJ^;X~m?WIiSkveNvqxRyJT{(oX;YUZg z%+fnO6lbBZ_2hzd%73Q@gXyO52V*x(tcScuJN&}j{pz98-WUdSQrg3$(pdD>C=& z+iu+`;>-KshMtRv8g9_mY4GB-G@Y<%hYd6eKPwTj=pL-_Sy+sfX5Z^k`OPi1%x@=F z>n<6*RF2WPm#s6|4iuOW&RcBTC{q0Aj$t6(3ay%Nys__ywb8F)^zkk!qI%xVQeKv6 z`q4h{b1OU4^FV#LIeMi%w!`laAbEA=HgI!~a&jU(;d|FBrKYc7_vEIXkkdzIEFFBL z^nKI?3AQ)4l&bjfFV!)x10SM{77MyAR55>-lvIZF0ZXY&Ee~mPGT9mNw+@0GQXrpZ z<=76sq?{@RpF{#uqUgc)j!)N*NeY0<g)r6`;^B0&6($JIj&3EJ-dVrr`fDOH-a2PORTDNcH zaujixphNHMW95-KY2Bl7s;xB7_aAU0lX42KL)WI1SvwhwaVHtn@EC0zl}A^2Ey-#+@e-$kukJGQ%y}l~HcmL}>xh+bvQx(JmuPENEcdNC zBJA|m%jvdJ@76wuxG$;PL;+65px^Dz#UGx>GDS81DJk#0&p8riC7*eXyAGg`N5-a{ zw7{>tg*;}|lm10{vqW|i1{11Wr5ew#v_C+ZsoTrTa$~a9$i(-vEewB5Jkv89 zvc|c5w3cP1Ur=WCo>S2&BE_~^uq5n%{XU>z2exze4G_o>H5- zKVy685Z&@PZP8cUj?xSVE-oZAY7A|O=8b96@PHzqB>h)o2U3-{$()!gu1PElDFu|< z_B7(X8%ekPq>M`Z)P#I^hJjSC7YnY1b{3XasMjuP0ntpDJdMfPIz?yhTZXEY9@*OD zbYz0s{FEdVX}1f2zl9HP?b#~}gz*2M@8bk(;hI*3qN)D^l29h=j=@HsoWrILBB1$> z{4pSS&EugGe`4$h0X&LO$;R4rJ{IjT4+7p{l_KRc|Ex?A+2Y>c(Ld9{s(khN=w$EO z;~!bcNs6oAYc)UMf^5iNrYQ#6f2(BFoy7nawzjoNp}LN|%dlGq;9D+EC}xvtIji2R zK&7Qh8aF3sR2rg?lMbTzR`0_%YEciIAu!dPsgE9WUcFRf^MWH$ydRP&E52RXapEi} zoO3uxDOhRyJf2f!;Owy*U5LFv(_-Bz^uvcbayInxZ*wXjtv!@s*`@xHkH zT0NMvYdf~}8!6!xC}2!=A{cB6SFRF!2dS;xnX_Ebjel9J{j5lP0ItMi6oGd8ED-FS zTuakp0b;Q}9Ls)Y81ew3g%_!)LcLpM7C(h@zYKhh7+7>D(mo($xe$^Hdd&3Fs@vq} zRy|pLQ+-h8aBUAB<0@J=(X?Fibc?+LB{qas;Nr29swR*#J^ed%K~&nH-~RQ7)=X0N zg0bF>jm*pic_;4CFjVA(Yd`tzKXEnH z5V_~WZDiuVpY_#5=xEp6Uvj)d$F_+QF#C<}ro)Uw@YAoc=;|f5{w@_d0jznv|VlW%Z8V`)A^56D)l}l}pQ;tk!qo zXL~bMoKI?*zG>P->!(Im*zTIuQSQBE#iN;FXAGFq?wD{#I zP*y|T^<}LrnBg;RJn>p@RK^p!z;zJc8%Jf$%sRUWY*0KpdT@QD?_A!m$#Sf;*!cm7 zwq81eN4FeSGt*os5a4=NkZ8pyjkSR^d7TyYrAb1IaE?iS*^M12^Xex)ir1I2&j!6V z0X?)sYmTA98$*JuWbNbYlW)?LHFB~)IY#2V@9u9v&D%#4e{x^(_3an-cJLZiY+a&> z?z0DvrTMU?NYB%A&0oS)!Nk-n<`Z5bA1edaJ8jMsOT*-}VrA->Up*p2Fw7l0Xqf-9 z_96b|3#v|LB6oEkIBL%IDJ(0xxuBmg1K}*0tQqP1@KJzF*3Zs=7vPuN#IiHT2sC;D zGL11?BzDZ0DPplEzmx4W3OVF@*AaX9Nv_&F29wD0zQW{MJnv&wVcPnh`DZtfS)*kZ z+3&rm8u=x7CD7cnGx#mPy@Em+_^FNV);cWOuMj#fy>QQssS3}GG>vrecY$gmsboXt z9Y?d!y9CU^oRv%LB_Y;!fH`wn7b&enMa2?w##tFbB91lMZd0&gdyxjCJxBdl%1>46 z#nYCrF|s?-3#P-U-Ym9W!ORXBLauVsT%=Px2#R1a+xWWwJWFGD7x7eiEFASs} zd=9?tm^74Pn{rIm0v8HASiC*tDmV|gcbn7awwv2lzc(`FLbiFi#cn~P;ruc}@vCg* zoBluEB23Xk4d>37y_)pNH0Mt;3>+U+H(;JISt=@!VrVJB5xu;c&zw=!Ept|s*s~k1nUZ=rU?SwZc**bspX8n_R zcPWGN{hp>zhg17DL19Z)@+qk`U18XOB=+Jfd@l&70GVz|XLkugR2H)DZe=OH(C{Zo zufkL|dZRNc*N>5_N34pUo<4nG7I3BOPnUfqsFVt4opXLsTomNHKe`|!$#CK%5PLrH z?tGJ2AZ2Y}$JW|LGt9Dv=tHVEnB&3=X*6Q|;5Wm15+8KKuYLhvUzn<&pR+Q#Ud7}! z&!dRk(Q+tnSrvP6m=!*a+Jph zOBc;Ti?OOGqg8!E5(JVxw#S-&;^p8qr!%5@Ui!%9F6cGctL3MMc3mt}-<4AT%qjQh zSN^>c9!N{+Yw(G;V2V|mDcpeVC|V~pHC-;E1DGSN0$%KvLdUu%m#{~fXvy#O8S4W0 zO=wWHZHcT}=C=KL8>+77@x-3CaQ^hBfLU7`;4X1X)<;4{`qv8uqQ~WAu)3yRjz76d zA!}vzWUs=VGaia}i>MP#cqWdUA7(bm-Dp|B=_?s(rc|BhJ}RF#2=Aki{`IG=4gQ zeK2|f`eVHlZ^@K2zMVg3J7Uc5Rus=<1i}76344;!pS4NTu_c|NB1zBOMG=~q?>V*+ zebx|hKyu9tL7)FnnC8(Zs9XYQ9L=#muu3WU*5n0Dj4{*i=$2Bd)!u>uS?MOwK;8+= zW3t5+eS8Xb=K7#m@i4otd_Pge+wpf~gnfQSsJ{O@Oz~R5YM>-smRKdaZB?)*O&n4a z*4-M$J}A7={B}COXeTW9#&E@*^h@QC;wLHL#Yw3!+UL($yT*hzVHjAxAd=nWsa5rA z;snlHiVcn37Bm6$^X}&4yEVPpY7^?=6u9>s^A2jT_=ZHMYBT8+b)7!LDLp4mZ3CtjG+B8g5;#_=S#M?rg<;wdKr z=WxR7BqIT}e`^~3-@Q}vVu9NWRYkk8CO>?)`^ltVEDt0jsCe)DAdXDcFvg15W>V1^ z*kw1Y?D=kU=7GEO{&fbZ%ekDXTCq`_$;)}}`tTW+!erbsMo}Ik$Lbd7k4;zt7hY_B z84B8osUi2d9}`;-P|xxxCFEMMY;aL(py5A+LL#ibfNUU7LyX}sEbAlS-W+Cos7 zXz50tYU6@epK^?9bsM(lmJT?0ft$pu$KFc_`gn3=$)K8stWY>64ifR%&39{=gW=Wc z`^EhrEtJJ#aXo=9o_jvQ?#gf`=-TLc(d1=7!kMJ#6ZpW}4Js9mP86)?L*aSmp!`qg zj=gFlqZClRf+9G<@_`bQHqU-kH2Ki4y{^BiDlcA3b1DZ-rU0B%JDHJSf;qxec8Jz0 z1+0c0*RGB4Zbkg>GIBt=4;qy^x&JMU2Z%zmYV|LjS?ZW=iKoY}q`&k(J~E?LG_kDL zi>jXF{+Ze|2iwxPQtOwUX z3=__#?37IZ*{KIct|iLH`y~M-ieK+ddnF0sx&$#9?O9KH9PAV~Sr>``YVZrm=d|^* zy77q86F0+)A#RdD!^{7&F6TyW-{y7jnXNG_tui}Z)?Y1m^m(TKrPtuf3rlvsqwdf< zx*J}dudv9E89zOE2hNHq#XZg=#gvq2+p)e4N<6Ks6&pWDE+vE+nZV6CgiM4Gzi!&j zG;U1F7R-YtR9O%#Qljb?#KZmznbQ4eo)76 zDE9UJJB|Zd+&iA_{Ruf3dM4BkL9WIRQr%;@C~PV!xUUKXFSr z2YDg1a!*@AcSaBnUtXL|d9ruXNZgHCk}FzLDzO#+s`F!MnnfMK!ImoPmI#UPdC-UA z150D);efSETe%S1!Op0;Ez*MZ_4Tgx^_eVPX(dd~U)bYhi|zL}thUplB;!EVUSWLh zDkb{ji|ft0KjFX3xqI?~eJmOysi(&U*kBj2s}C73Ii8XW(L5<(fq~CVqnfwPR5A7_ z0k9FCs>8dbo5!9I4u6l@hmb@|+Y^4U4LMMP1Ihrz6ZbK4yh->KaLMJN#|xp zvbx?d;FBPi(CN5uWl%P%UcrPT(8~pP=vP3T!zAuwul+_w8=sQm3z0XAYtpiAvyYJ4 zy?M_NEZ8M=d)Hpsp`AAe&Vx$5=DiNimo7hPhe5}x_9axSW=Od0FSj2r6JI9tEqxcu zg+%1_gy${>b{DUi)R45!u2%LizxenmI2@|SBgfnZ@#T_gex$ihF^GnM@CdX+6Z%5? zMwaa(K=Upjz1J}={K;TH%PPsoa|caH`|=WM0gb;B!KY)4YvVd~|NDQeYw*2B=k64?$8c^wLT zKA{AjKK=I4)Wz2La#DeCVF=N}re!sf8UGqh{Z;%0Av7rqQEDP9RyXoo(dvF5%A%XW zh>DD_xdq96XO2hmYyYdE7&NE)_$kAYtSw4%)9nkbS>5p(Zy`fn-0^d{t@9;EPRFO* zW&k+j1;Ol5R{8T?=I1OT*R#@U(Lk7dU|U;7c-Gz3S59or(1XF6*x%&0cwV==v8DsA zk7t{!yV{3fr|G!)`R)bi`Qr7*C_Wd+b>(sIzx?rg9G{MMdIxN)t*qYuNS>jpr;r+n zAq-ewe+%W)-3Yd^M$iZ*Kcv@}jr$lH0<;5E8EYNnQ5=ZM@l=c3wmw`@hayt6o^NltyV~5)K zJM6K%=MD@stCdQ|3_WHoW<(&%O@N3A?D(r3B(ExTwx8a~>j{Wk{e2U*Xr`96w0_@^9&9r2B^nT-B#X{SYzl5i)!bLD! zJncE_7wx_?+dg6KirWU^enq5dS7&jYdt&{1UK}Fi?(Pp4MbCOm|ufS zRrnbUUM!x!5}NBUm8xWlsxiIGQ)Z_$lTwp%%y9HcAdPG^t3%C(ZiVEkea=Q;T`j(^ zM~E@c+*B+I7MjwBd5PgCEJK6C-EOnpM`$Y63=lVVS@JL!8@T^&ze*wZqZ&2(@9qJu z!IVjtzoHiJvh)d!#?%HTfiWD`SiZh?2>;GM8o&jQ5J7cFIW%t=oY!J@t}Pz)Ia%YY zLNcUbKrKDRfkOu-_W!v6%O(c?5x0u*+G4(B6emJag8_4=jHrgcq+_4Ct?9 z5pU4}s@I8-xBhPs7chzYmEA92DDFVv;>>PE(mCQzFP>J{oQ<+vXwAXPWze}fNnL$L zsV_g?Es;eU@?<#3P0cd{E$S7V{f6NgWkS9AoobH`6LhFl8NQ?A)9%bN{z9q*zOIQ% z6I6shy2x5Icd7DZ-}lhEyRx3l4(_KojXO+weIQa{_zEAbUoHkg8s>8BpZ2u(Ee)E& zoy*16ps#SDNxcc@cl*E*0Au^CTZzVeUMXZod2`5sR682kCto@mDbdbr6DgUEFeQhH zik)7|_?JJr`fsBy+hJ=;Gccd7Zb9{npp(4r1*!7|g&_QDZ$Is?u5Q@XwiTfGCA}*yZ8<0a@SA;%O<04A8 zm)*l<2X7gee(*gUc|)+a?0Hp5$%u%A-eq_rcZ2G&5mgaPFkIG97!qA9XJtOv3jq}1 zjWq_0pvJ3bj&E0Ym2Zqq7$LC>>I`;-GBC^Bfn)&>HHHMy&3wbb*000PxQmGHnypD? zZVn$VnntamJ}$bfBn>jRPDe5To4}$O>XtrXcH;&&F;YYd0myKzTstcLyeUpkw6l5qE*!JVNRTlj}0va9dvNxWWQMZuWWB{HF$iaE<~ zBcL4WIz^IL{9YZD*k?J5^aR8=xFCjK@6q6!xSC3^LU&T1(XH4Y`R>FI}l8g{@+m&OU7qEht=Xy||nz*rIW+ zQY+?~*5aX+yVymS3QLlzsTAaEQwv>xrE>a~dTgB#oOZgxS=u81PSGu+Kc&fW;$RPg zlK&#C@mdGs>6xiy*Zg0{SnH)Kn#vZvDoM*Q3^2Sb8EX-L2;4ABbILmd!H+98&)lT*34=!=+YP$EMfUxt~ zxZ-qaNeuKI@mwU)@ZY`xM1N&4^t7mNC2lS~7Vh3>`Jh+df(_3n+Nmq8LA7Mx-nYej z!m4NiPhik#yjN9G;Y;Z9D3sK@QhPU;aODLNvp_&lzcYkk8;SvTihr?=+G{dFl*WAcUfd3r@Q^U;ZU)aQp5B&qjjYhm0n=yLM~s7AY{k2gU2 zfXVY{I|Jl8NQ??N8(%-48Jw5$vj6%(_ZcYlugn1+cqH#=X10<7J6~dh$wNG`v->xf zM&O4oPEIF#(pFSA$EVztv7jmJ&*l#;A(f35*aqM}mDvIi<9~T|0=zsJH*Pd(5ulPl zjox}@1Q{t&WVrbGW7=0PHO6#T&8dH7?@i72{59CcM_QJNo8-;!6(88h>U(5e^`$q= zk(PDcC9V+QSc->K0UTY$7MmXeu2#?vUKmqY{dcz*k(26r6u`TF^xrDK#>`C{DDTF} z+n%i$!&H+yUqT2XY~riCGvHo~5TTV>Gc~ zNM#-~se|wQdvuZ7Q{D%a0LK*%BJQ@&{vhCNTsm{%VsB`rL2!}j`Ydg;zZi${gE0Xw zuR&DpC)fD-lLZ(7Owk0ygs>OiTxI(CH7qEw)?Ap)HwO}W`yjfugTd^kKIIq@ftRoKr9TI%ljba^ ztv*Qs&+(WPFt1DVx=GAcG;=sJvy&6E6SFimqAJ&ch#1~?O|Ghc88gtN70RGa`GDVY|F2b}*~>f(_@ zI+5M-v(GiVKT?g@aPxDeR9gUCZ{}UxfDhKFPci{#TWMqs!hZW#2lER}7kjhK-d!sW znZWCup020&SR?95@rrMCnpTa;kLt?0%buShY7OKg7~>yOo2-J;DHBF)d(iWJ zapbC`bQmx1uJ1+mf+I^t#?xq;n=QqecR!8=-0eHIxZB`I{>A^s8q6K+e_j!vuiC?G zmm@EbR|>v2SnvfA0fN( za&;CMYqfW|5_HqhobKIpg9cY4Yy2D>u!Q{^PX?N~J;iCe8*7i-ti<u+xew zN7(j~-@*>1@Z;=V=<&hQBoNdYtSa^+vpp@Pz2QdA4ZZW{IS9dEUO956aW**FokxMw zRll_Klhdp?sB`m)osxX+qihpQP{_Ms!f40Vun7qZ70+8*nmlC=m@mmNV#&8XmBwP{ zGxZ-WCP7w?@Lo-4rMN%KFLgd$ot?ArqO)RCF!eq#tb%rHxj(q}P2HulD^)@kl9N6& zBSWV_C{2!lmTvsjXf6djNpp1xyYbHLtFKBuB;Y7M9e19c<4ON4w{TS14p2-WOcJf! z*B(;x9%z)xGjU5CUfq{L8nRf<^mzmBI8^(4)z!)E?D*iKgFQQMy<5tW>%gY(7ZM_i zS(=NIdW+3K*jWml^mZPubqs{erZO*GiE?!4HLTemk6%l;mWIs;y|ZJBy}5MRUaQ5WxHX?G;as;H+?sBd z(gK9H1*m>j(UD=AaJw}N(3ANSA{#@}89_1p%{fkMWX+`gfi{HWwM3cSQj|lyAE3AU zr{F+K5npAP^g0f|7=Oa$rjE&95)Tkb%di9x`TAR&BihCKV59)hG zfgcvcDW2EX9WGswu@#BKs(n{hf29@#!U)H>jcOkyh5o)j^5 z;21ij%B2b05M&+TN-64SkVMrz7uG~Ph75H&j96=%@Eoei+Q1VRSnpx6Ygbx|FAltU zKorS>*~4Ic*-3ukyR&@i^l6I&+9$HBq?)F*TMzi59yyGwP6kb4?-W!ifxo)L-AWfD zaRU3i8w19PT_KfYRbDU|y<|RJ-7`W6vIyU0jxe|^?h1dWSYjeO(ASq}b{pQyi~%6N zJxgm1e}~||lFsQ*;N`7&$sj16h-c3POQ#ay-@x<5b8t%_y2PO;`V%g!h}{nI*?yHpiOkFR`UnyywyRB?(TJMePCW4`|IW4oxp{J1t zj0+t;_bu1fx9;J+eC}ZU?hFmpbfjSkQVX(?yy9SRFPyOctB1P9_gsmZp#DZGQ~|Nr zO4{qm+W7K0WZhSA;4MWm=S9uh>KEH4ll1_N5k^eM+a7_~cvrE_TR=yXM^xo}7$lo| z;FI?^GRAZuQY96ouC`|-GML=p0=~bx$frtgE zq9Pz&iUg$hL;_K1(xgcziAYzPRDsZYjna`0fq=9?COj)SOn4K=S=e(s7cX-82B3!#>o&DE#k4kK|&?#R=;8ifW1 z6l>ITIR9qFFDkz-oZ(dMjxwb;Rp?7v zDZ%waeZ!}mB2(Id+X|-`FAsUqO}p+@%q7%SIU$T$(65-+4|GzWq<=Vg^g^(l-Iv@@ zu>9q#k2hGyv$S+B6hb5MAp#)*XHLKB> zk+4N5WE@F4yI0)mS(x8Y;65*Mb>0W?ph~>SqrLM-cE%+Sx0C+K{{8-&q~pPK`5?Q2 zL%y2@wYe+rdp{~U*D6Y}!A=*rsmHVOa-zC^$?t8#8_GeIl>d?y9tL^=#-bDzPcm^Z z&&KW1a7oqmfI9aP#cVnJqy0oJi-X*yOvkI}c%YypJ(3N(j?%?5sNG6rg)e5t}Q@#*F*1e`h)|OAz}Q$nF0iyQPaOTm?!J#5ScOt5j0dm^|HE4=fF;;fDq2f7~` zc+Gk+s*j27KwE%4B@F1NDu-=$)>`tDWrOBR<-VW83fTor$&D z;YM+_o@fTJ9`ND|i2L?7>+aJ_6f6aoCV3jw@1&9H^f9VGDOs%+n8HfDO1f~kw+W2s z=edOZDr$hV`rKoc)2qn6%Ko;Lw;1Ej!>pYm^BeGFBb&y`JxpIFJ*GTaklQHQYk&Rq z+;8D{Ij|Tg@~Wzb{WbmpfP_OUy$6K_aV9L%3(C%%+}k5D2!3HW?45%4{r8VsBn5pX zjl&g4ui)Yu!!)d@K2+U#)kI=og#~xQ3T)!`rKHPUcmDWI>+I3AK}3)Udw^ODS{Ca6 zv~M=K{+<_0a93)i1}JAJ&cJyY8=D##_}8BOj3%ANTB9@!P@j~UAT6Urhc{J^sl^zi z&GOm+?VweL%v5UBWEV!3=OmaH%ft~A(y&tK!QXsWmw&lNW_>T6!HHe8bxd)mA9P3})6b?yHtDZgE0%%S{*-aQd%H=91@6lFW$Ccpl zm3QH3dlq4zkWUX{=saxw|9dEBEAqbn4y#+NjKEIaUrFMCDnsi;nyiJ->%VK9Ok!Os z3lIy5j}6z2e?App@iQ)C499E_oPFsAmt1ok4E@}W-;|_3P7V@9*?(&`8G`W)V<}RY zi(cKU9-nf0?`z^h-0v&HAB+@doEB^aqqhK;dKiQR{ zk*1u$)X!*QOny;?AjYo99)e=Ys$xGA1JcGZjaD8V zIGzN2)gdCRsSzPjnTbi~9s=FkP;=g-adIBg-0yd30_fe; z3Ux8$_;n{JdK)x(3O4_#Ovz3LFJghyES6$q>svBv67Mc!bIGrZiLX}6)RFla1tzOw zQhO2$U;5LGWGebi2cDl^#rLZ&KbbM<`{H^zt!Jl7a;O?{!*gfaEeHmD@DF? zeK65#h2JLYhVdeKpRyxn;^PaP36+1c+QOJ`B+qo%46)iE*Iug`?8+E@JA)IKRhLc^ z284+>p`NZ;)Ot5)UfUL}FIIm1KuPn^|0Rxw9MM^K@=Sakh0+03eFvvRG*DBbgHUJJ zaSkbI>^=+f?_t4#Z}0^Y%7Bx7J0(FSdkZkvaI$L+K7J1V`_T#lr54ssWrzf)^ebJP zaeh2$am~xMEX$~usDX2DL05+W|J5x)IAU$?k2ATl%h#^FXJ!E4*Y8?CUb)Tni`lCj zjEp*(&e)BXqKO{<-0LMPj)>mulWzkV8*z&>^iX^{=kyITC|HiYtQ+#32x)`AVA99` zek_EvT}}9kk9jBt|L^0T3?6GOxQE6p?Jp?f3FKT$HL3C)fWC3K^QNodU zLp53wn>9RG{m>q0a+H8!ZtvHQTdmHuv!vn|M!crB_<1pB({nfL8#NsU&iBDu+l!eK zAj`sAGSywZXpyhmL(kG=px+>59(As6TQFhTB2_g&YYb91Hb|j6kK@x1Sz5&aDqq`$ z-+KD6Vq-`ji0FQ3uxWM0OJ7jN1mDur`#{j@pkw9>(ePaw0or)gOJ9pyMO6FU034bM z6Z==qbp$Ay>+mwq<`QbU|<;ms(IxQn~ey_z(DPA9DBRo;hOzGZP`4=*ma1#M8U2`}nsu^wlV zN)Ld&XgBQ%e{ApAF#S!D<@Lr?#opYRL&0QbuBw}sKwTrpx6SM=Ro-UC4^DNYFh|H> zToG!*(&``B$YU(6#g&a6(-d!+(r;T~{}^PhV8vu>xx_P`8{uVpe=t$@{AOXkT$=_h z>pK+^#OQ_W%{E2ul^#Tcsl!Y3m;F*KWQ+gU>?nq-jbF+OFZ0vm-suGI`pyaq;jS06*)~( zpRRAxEWo58;F{nI@2eR0Z_s{sDkOF2IR1?nDIjK833Zro7DD>x_nK6p7X2Iy`+WiD zd^opLd$i+}pPXm2rq_hWaT4+^5S_Kd1@#NfCwR+Yj=I6wPTF4Sp<=EQ*)tJm9TMsR z9rd+ye9`L1Du3Vc((8L7p~DTMr>k`9QnZ_zo3qB|Y&(A*t#AAqNI5PPo7r-&kd-Z? z2I2-!K;^bRw4Pm{wa0nL8^_sVrvbmW2l+PZ;14l$>=gqKY#3Z|(jgU~Il(%O5+8KH z9sUzLzr^*NIdtItTLJVus^(_Kh0OnxdmxFEwxMUz&!BIeCXm8wn;Oy**vcQz2)%T8-$FP*58(+ z?q)#!)OYiosCjO1{{=ti&Zlk%(w9cd-v-$-xUxu4oT{2@PF?1-rfqEI?`^l*(%Q=@ zR$Hp4R;!LHtc$jqH{(C~aOO8J3k@6ob@QrE*$E12oE;o~o2b$eo{+cc|2L+hhxm^m z%{KaO;du5()M{DS&RT74r{h_zS)@YPYIbX@&rps9md!k!orZ;dppAsr28YpSb5(ZU zPIwcc|G2h*qMtbVVx-g{4yB>XN6FFtD|EGCckaHeLB{t2UY)DaW?u-}5eaewg9v5x z&zpNUAbu*e?-8I{Lv>dWF_W+QOk4p07g3$q$LK|1E*1@C$FS?k!Bg4e4n~AAfPl?_ zDCyz&iM6$&Gim84L_e#RDK7g2z~I^de}W6cVkb|BX=m6~vr#}@(Uaz!UZHrio<&ni z)60RqQC*MkL*^q-)BrCbmc7|5`+p1<`dqFU4=UO$t+iuThpQ^v920f?*1rEsICb#M zOq%*IQ%Id)t)E2yb%`~TgPcpUE5|RC5^>}!3Ap{)YSgx4ema|E5Omwbw zN-RVQ%}OarWpgc9%=iO$EI-gXr6t}Dg^KO4Q*p^OyiH^z;~)w&`NTb&k4psEPb5ER zFE<}VN#64LW34p-F`>l>tnYh<=4(e7-+F!p@2cQ2=TctD4%BGb67i$iRoBjq zdYII`=!tT#omo-krDf%+v-5IIXf<98@6S)~nr_5=gn8LE6F55qpNXQT2U4u_wKj ziC;~tm^vT`Wjtzg^G^xe0S8Cf(d-r_>mkL%9*ZNTyO;ib>ATV@HyU9;IY+t%M+=(g9m$SvgPo`8RWD4pa{>Z}6lw zO*&O0kVZ2z-cfI)?B8Nf=BZJ%_9!nacjp(G%S^If6w+ns+QKw6e|-}f=?gv8ZzF17 zslYBj&#LpigfYdEbPJSeGpfQOQ>n#U?0+}gK}v#C5-q;t_{W1KJn&`mgH5u+hABQ} za-qG_ukmboK1k(X&P=Z2@`%iTrlYc`Dxu+9dMCxT%6q9sA!BK}p96hD2k-q83l~V% zOY&bhL?|gPx7<)v#RJFih1>6a>o@oP|9lX2V17Hpsa5w6>dlJ(>yf1TM~8uZFV3$s zA}CZA8&b#ojepW@WR@ZHE1_!zm~MD*d>_4Ijnx}zDuy1x#@l_Bkg5AOdmmnTlQpcO z{r!U9Z#)DMcQx?Tx?0oLNj&}4+5cw&VhF!dJU;qAOPtd^@b0^C;NAyepue}MJ<^%< zsbJqZsh9r09DuH^z+8?YM!ibsD*I?+?+AZ<)FVxuw|e%j4|DYXSuqHXIr<@Q?#!FQ z)|`*>C$b(4dkzVG0KVk^N@pA=&QMYymg~_`o6>&iYPtI<$`i!^l z11GCi!eOZkQ&1^LFx%c5`F)IwHeLn$;l8SzXy^W;{%4_5cVQ4t-Xi;bT`090Vuh2$ zogsb`el=HC&a9s1=!b;GND20+z%JiL8ujQOBb7f}CTO8MS=hd4dF@rLB^)|E{tt8g z=d-2$^XN+X@%jhUx3I(_iA?N%cJa1L|LeUCq8pK{+n0B~L4J?(*?;srHz&O(Ce3W= zd9}x~q_rr>^uU|b_$OC-6iW%qNSHbOf8a^*z0XQ4%av6tjlWY?5_QQ~%xD+r1%Rc5z3yjlg=G^2Y*fL98m^(^(lO_|kH* zQlmGdQ&w)*DlmiVYHH@5hAXBdUy*pp|NcV+P-%(09hr4q$rV6W+YZmkT4=l06OMkq z@(>Y~hJDOHzuA$98<`%3Y;LP1417XbTDktx^0ReONkH82+K}duFvublgFdVOdNuZo z+&4=a$luSzDyp^K86$sZHNSYz?$`aJ%451}d7rX&qMibDGD9qCYA^KQJd_qRdC2PR zERskGM#B@HxE|gx`*!{+UwM`E)->tA)PuNm?&G)_CU?{l zGjbYOrJa0OqL;E{-dsxnXg_rZ|E|uv)Un=HMgCM(P#qb?XL=VmBk~MevP8Ma{#Z4m z`c_U+0J`}Sl@*drP;tLJ-Cl+>UFcsg=GV2$W`Z$mlbP7~NrVR z)q7@T&+64r@z#pL?!2Q1z8*E2{^bF46_i;zi5^Omyh_$GtnoxJpho%#@$7%cGT82Yv5Q4}*bDTA6BH&wSo%vNx_e;q41=cXx43 zRM|6c^9#hQG9QlEPZ@82ru257OQt{BXhps7lxI2UN`m!46Sfphkr&zIWIiP4)N^9K zATAjwI(DO^Z2gb<<+t}E#a_OV7;wzfI_t~6fcGAbPm6@P+@_&i15oj2;^_oi+5%-T ziH-INO$ri0o$>;P*FzTIF1OhUR_hVx&o)Xso{aoAe-T%JyAH!b<_O7OO5$hQ&$R_N zQFJO@SZKH~8ixTOGg z?o`cXO^qLkvoX3m#rSZ0Uov`|aSZGaz0-AN(%~G{X5-*;H<)?)i0R$&MK2$unt83S z_ktWAqTkoMlbGy1yV?hSb}HtS5rnjuyC1Zj&8=4sLBSEPK=luV#ZUi|%X zB{hJ?hZljy_r%}Gf2W#wmR{IsjUO1StDaP>p}$_+Tb8%9#IC`vRos*k*r~tKmcW3a zi1)Fl%~W6dd7Nx^(mk`^o>nX_bne1^{=435;{0wbCP=Wx*3fFc>-MqJbu=l44v~S| zc z7qbSRZokAIQesgra+v))8k7<=6A(BO`_YTd{X?wN0z-cHOFc{h`P)qioIQuF2%6W} z4PwI251mts#jQHlHSU-S=6lo>*|g)HTpj?5aDAaLO|l9ec#Dsy(7T=))FbkqC#W%X z4q?LYCwm68(4|b7&3W-#(fNl?(b+j&FFzt3T(Y*Nf4?e*M)bYB#(NiBH{_>SAsE;AMk`gC!+fD* z;E~%IE{(k&UKRaw7;e`zpZQtr)t>&Q72}!-zDUhgUhMm?bPY#K|DF%xFVi#z??d0l ztAh72>-&EP+MyK#!POAsRXPu&+ayxU^@`6gzeEL>U-$*Ay&hio+qmU=+m~=H9AyOm zJL74l;#vM~jNh7Bu!7pmzl_fnM+vK|#$x^Xcl9jC0C0DnkY8&PdqL_UE{IA-w+AeI z;*}H&hWfFT_e*mH8Z~i?jr=%c(NN z_#URMOo(Y|(VVvXFZW3#xt=0~-Ve$RFNkb2z=$J0Csv;Vkc&8;hCVr zfl3<@*?f9HigBvQnCG*)SNWNr(;NVZSM^=U>Eu3SDw>;syb}ZruRaHKT=vSLF=N9z z{R$LA;_FIzzJEjACUxIp=dO=mC6JW+`YY$(2DG4qPJ)KBVlnIg?&wC&>U4pHCzLRy zn|Adz=F2vSptx_MO^t5~2S&fco^|5Va=6yCDREy|K4FQ!VdKhY!=#!>+SOSqERkUG zd{O^kiPWMF(C;6?m1y+(j%VVTYNv_5xT0ANOXorv*-=J$e`RBH$IPTc3;|l-u{z=+ zD1X?i|94ROo7``SKfscnDT~4d_(S*lG6naa{pp&|vK#y9I?Win%&2Px;jnx_J^W*W|BdF>cS;>1?@1bSr= z^2dAHrcw^#dDQ?abQ1-zGqh4stCf{F(Ox9R(wWmzm!5<$GPkDGRlWPI|7~ijLf$jK zj6d*6%G;iAKW^}IQ_(Ljf3~H5O{t08+lHN9Vt@bh45WvThMhY=ii-BtERoc>usn86GeolH3&DxS39y@r|JK zkJnvJkTGn+JSb^eu{$?D2ZcP`(Q3X$z1&;{r`3se|B=}IIe6`IE!T!Avc~Sc-5KYg zU=4a_m_ixOX2RII&5iSvA548SF4QwJ>!&%yI#A|=DU)t?piGg~pupY5V(Iw?-`NjY z2u;FUScR6bt^vHZ>a6T_um^l|XO?LMd35?hv5B&*U>1oEQFuG?YJdjDL~8j2Lvloz z_U0SlANWPoM&g8qnGvsFi_dTVAD~IxPu42k;s!s-n-sj}I=W8pYG+5I zb+rGI0OCA6KfKE3-d6W5hI;Hj`n#}xf?L=d7uWlrKJqM4Co18oSo1y;YMY$9yEBry zwwkZ;@2`1h@Db^V$#p0*z_UydJo(nBZ|m}?VP3rJ*OTmo(>$|nnrZ@?>K*O@AVgC3 z;iJ-nS2&A2X&E}2;-;9i7bSh&g%(eNb`GQ1?!>-((OyN_IMNCBfKW%)Q1 zAm7GzXGF;^)|BR2`=`>Zj*{!(192=ujSgDPTGq1z(2nssv-MM2{{(B_jkx_oHPm)q zfmQmgExGIeyTdyAvSOESJl|kBUX`Xiq}e_LeA5e_(~aw_4{aiBGEIOzvW=tkRDY7u z;Uf`8vWUDY?(uCq4eC2t0&dCVT0X^4>b&A_p4!cTsCskI-|WB?{LvvQ%k!*<*V?z;|7hisjWP!`KxdKG9kw@ewm6Up#t`OFc4 zU)Z(%!Sa~-^C9NYMe5vc;l;Fytjbp1PqD46ZkJ$9jZ6IGTED==7mcK5{V8VNga(LM=O+M3GWj5_mGR)JX%7=zxBXb-m)1My%{>QulhX zq|tZQaW7v%ZG^VP2!bs zAuz3X+6$)1oTLvlY+Vx5^%$xig`uS(4OhI%;^T_^TFM@|i1^%CMw^cw@U=Ucb+9qX zIB<6|?%2+YG@#HO5>*<>E(O$RFvltn22BtLNt~NQ^WVjN9bX`?s|tUpz6y}*0tHE< z?K;h6)LLK*vilHUyrHH2Cngg4VE<*zWgG0dHeOo*V4V>Zpq1WQ?Bx(@Vc_Q+%*14~ zJ~YHb8ydRmzpZr&YC5>39;p_K+7_+tI;W>L9<)+Uzb^8z#`1mt<u_YX}-{W@u)I~@33I%j0Z>1WA3Le-novTN$qM_WO= z@L!{)le_MB!0W#|^snBFI2Y*6t@*QYL_0$LV9C7^TG%~VJpO&ge_`Z#{p{NvqvU+; z&ORUOl*0w$ECP|=E;2{SUZY zfnPCbrQ83u#J?b7=E&t0{&+!dzh*$=@xqGN^EIHz3;mxf|E)G$nYof=pN+UK)}vgd z-TCdC@O?UtT;aVf*gtM!q&!puXM!ktjLc9sz5#OSi}~-${&3t4k~Vv?;^)R_)Ad;J zH;9493PmGsN@Rc}m|vGwAnzb5S`KLsFmLe(0vJ7of0n^cXJv~!+vLFJ!a#7n zTjuAL%;ryr*xx+x*ve^;SH$CmWVEQ%MG2(7An>t_h@0+$G(Oy1LgFCoIv}SP>={B$ zY#2xv=@3h72{3s@wtw(8>B^u9x`LQU zV@vMqT$0ROYR5Vgo~JSy^g-8HZ+J0W%~!)fs@VF5Z}o6kBS-5QQ_tsC8@*ON2Cn5QEKg9i^`VXc_t^;MK8b2e*yY5=e8v z7oAq3$g-foJSN`RfBTnj^*!{xx9-fW7BP~s=DpCD7)7?32H~&ajQZYoO3dC{P`94# zGQg}YE0R65dctBAquh(S*p8PVLdIBi#+@Uf;oHvXktCyA&y$BS{Jp56xsMjLw+$~a zuDTwy_Z$*g&=N+-Vx&?)ub$K6-2awh!|D=e8Wx072O(38b=;RtnnL^^v7m zmVXQLQRb~z*Mwqa?dy10FK}J_4=M1iFFS{OL=5*FrMB0AK2ARH7c2!a*lvPEl)4}M zr;eHWQQF30EKZx|$RgsH@Lo@|FuSNk47!Y9@d0y>J)4-MPI-Tc$`~C=f>g<0#uXWU z{2`;RSdQ@(y^ph5(R<#_y_^aLukLNolBZit*CPs#lezqyQ$Exw>~qD~tcQ3M@VEds z`2pMIp1YmwZbO;zZJ9p9|6x*do#__cj4ob{vjII16VtTy6xIRj-5nC@@GUj@__*-v z21AhZt-pg`X?s~hCP2+tdEo)gEjp(-klMq6Hdq^YiRI(nBM58K8)OuxO5&BKgr|LlDDwVnksnL5kfKzZOa>Fb4b{>xEuT-8Oo~HwW$70Mr{r$_Q@l6_g5_l(h%#RXlrIjWn$%}c*$NtmeT3gdHR}&?pHv|t&XD98ay>GZJJSoV=j7Hw@x2@ zY0BFmuh&7TuH2F>zYAsJvs8uDGhmWS_&BZb{_(`?pDMW@Z~p_Bb#-0#d8QXt%b07i zHa~+l?;I0mk5u~2CP)0x->ft)$U$yf28NEAqoWADM95vFflh}Mz-Qt3BFAM*ZE3|@ z^kFxLlp4}2>Bg`c%v*~o*%!NmxtH@IAhlz8)(R3yA0Cg2co9Y& zVH*3`ZI?*I!P{%VSmx%XCH!ATExAhgnbYY?w}tBFGUOllA_-tYeU|(CX~q@e=bI~r zF@2U=RAJ?x3`OCb^F*Sw79WE! z!&>S1gn~D|3#*DxIOSzrYN*`K;fgNX54(;D)N-5xrx~RZ23eQM zFf~!S#V%9Mw^sU&M>cCR4dk2?=L2V1!60k& zA zz0zmxN51qttGR30rdnTM?^D;_7bW9TPn_|gSG*b@RMDo!GNrRwN|?=dU7$U=NhqkO&ZpX7@4Y7+d1m}pUgqJHN z?ib#eL4C2-jIYiWgt z9B+dm4xb|4tW?lXw|Zsh1-*@{pzQ9Bgvpy3eD;7-@HGskwW0|Y>H))@=h6HCISf#% zPuA|>gCxmYFaamMlVqhuuDNL{+b;58G2AJWA46N2Tq2XCccec89KLAjrl^cxP2Xl9 zJ=_1_EeIp~IZi;r2$_E+kBTbwRt5Tt^1HY-T?HymaU*eWky9M2v;>86FNnwl+$Nfr=6CR*R*zFL^~H(C_=jpqL=NcrZ;Ox*S44&~ym9 z%zvaMqIVdzcoL?rbrC$taxccp~*7&PX9_%Iu>8z!b_4FPWJW4Dq;Yei|*8+}&KB z;{RlXxXyGEB#5>ObT*Jq$VuxynyGkqj4S<9DI8TL;UTX#9r62X)P;%HcPj7nWWAze zvFdlaQwgnnbA=I@vGo&?Q_r(V*J6(K;W%J5IOZ*St{XjZ-}r9zO50R=*3hIse-vnh zLH7Jk!JJdEk(~QzP!{wDQr>^P#dD$fpu9(;qNnJaeepweUehtEd|HtI!mpc)fC1l~ zvnh4(yr8FY?FdmdrCc=liekuXf<-{B!WWP3Yh?J=33n71S)Ah&^rf!!OKZKvbs&*zKK3?G8Eem<7RYGS;PqdBNrrC`fFG z*Wh;)@rbaVy)kEac>F`^nDO%#Gf!mLH(HNt>XG-i51v^*m0{ zN$FGCGS5O9wqHmnOh5Fa`7rd)@yh!ZKB7W*u?gNVF23&HUrR4M9uN?Bz5@9>!0gz- z9LNQ6cLmZoX~>gjJ~AcuUdZMvA$7Vo67_^~X42~iwErrv(|WEbQKix-dYK`?>G+=T z={k?2>E5c`G>sZ}7wtS;zY&)k!qR~QN0?+?sOF82TssTBFEh(@w-1x}aaGFRK&|%o z#8tfU*{N)Rh2KWay2}7fs$hZJN*eRtJ$1Ka>)8uECgC*p+z-w!qS4C(W3vE+VUzhf z?C4LKn*FQuy zELp|V#w$)|J~~*r${h7WsO&&(CiJ^t;NL|pBmPymNuthK0une1GM2Imjl>Mks-`d6 zQZ_mlZSBs7ty=p*UKLvEK%g}m)oDQal5mVwHGh*^{;|fcqj$T;Yd!Oqmex%uO)0?$ z^6%3!kUJ?9p}%^7*0fWdj#fvgHGb8XAvB1)*q!gp7d-g&6~ zG__A?r@u^m(6|OZ18@V`?1GGuU)aC1c)LMKlmGUn;MIYvJqKQsx9(X5pPjUlhEIEp zxB@l5Q;y4&Cn%N+Q*dx@yMk1B{y5an`^iO=Tudf z3>vz}CNKRkKXzX^c>=E-=J5zS~lfXLhE#|til*D=qM)nNXXYmN zej8HH;DTDNn6wV0EWDQU8bJ7(cqN)aehg{UP4}zJ2=~`cB=Qg^+GEib`!c$#G;O|j zq#%%c>-(9obcy{tVU};&!G^C&@BP=H_(!zIms~wIK&(a-DaZ%NCEVPOyP;%!kQVS< zOL{-kbTB)ad-0`)qS`d$wdmW+hTq9ur{=^^@izm)y+!tqJ@u%XC8!U)A4T>p^HO%! zjAKF&*APt=na-G-+JP?t5+a8csnW5d_C`?yv$CBY2CRW7QaXxqca+*b4AGW)n80dG5L8J$W59`VdVjyi@N;mwKDg`r7-1#pa00yv9U%>=fk&QE4QDZ) zE|HXFMU{jgVtfNygREFc{kR!q)db1i3GxP&jm04Z1h;Wx^_|F{h=`d2Fe7QX^XJpn zyxCSQ^59psc3S4%A3u5Z8KsYGDt8@b*-gewzK4mkwIw~AzhFYqkQ?ITTWRH=#g5)Y zd7!4M=0nY%l~t$A@0|pl%{LLFGT<#^7!bd59Tsb1pmz%BLsD|x#a$5k;?0fd^{<1EjA~jA7H-G8{4>jqCqZ73|^XfrS>K8C{Eu=lk{_C>fP8cUw16QAGZFa&_e5UOkyZgV<{X zauOpD0Dc|!plq#cL7Dv?B!P1R;`~UEdUF;~WN|&?VhV#Bne1W1p0D)Jnqz=*Z=s)JOI3Qboll%T94Yq*>83^ddfJl7D0* zt7qP3Y;v=5NHZZEGF|G`3~8cc9ULauy?4DRX@B7dRIk#I&X8)Ft(o7G{RL z3%fP4@=aC{epo;}?s?2I3Jms+rr>ouX9rldum&)B6)un2Hal*4#&+Up)s7M%j;lU+ zq-*DQoO8%eic#ZO&?TAGeaZvgwONEvnSZb4Xb=A#$*;kob8G&chl_+=AKX1kLd#m< z={$a!3~aXaAA9D98G{5i^$HwzGULZAbI0}$5<25zdQ`8p4(_anK0yJ}{)STJLhBdT z{v9>taD;?1&Ck%Dl!`vH5eQaUMnJ!PT1gb)>rU6kU=K& zHFXAacNe!$XaCwG`F}3}hEAW#*HAn&PA-vGVQ)M@n!KynfHQIONN8)`;GPo29n(l& z1)k3!Gef5pxv1N)Kq5s>(Qi7f7|u-YQ5B!mpp=V`Xdou{x*x;{${TvLV!g9k<>OaK zJ~%*ItJ1%grSl_sxZf`B2PkC8f66g8bpNj-Mw4_=gTcVF6SE5MXm%=vf9wI-P_Li) zyrzVnul~MmFW%HkOL<tE7|eD0I3BO3Tp*d`U$H2(CzZZyHaR8r#$2n`@*NC3VX>RC3!QcxG_J=6@%4Ln zx_0ypi6Z-(L&2!UiB!@Mm8lWDjh}xyxc92+xO8w&flS7#E%zbV?(ytsR+C4T#jQ*8 zj~`xA7bosN#TP53Sw9U$ugbiK8ofS^AM(GaK|XvDRR%}rt^Ws-e$$&t{n%RV9gra! zoUmBT+_twZ6?aB?ruc{G6L=czCT9L*xJyfk?0GViiIXqynf{Uh7KHRu2mIuJ1;73L z6eK-VTEAg|1ue%7%AhEdlFqo^`JbR6%&I+O3$z`729{~99^3OgLlgo+A5e#WnU49N zHN9oSk7;g|XJ)iEt$PF8)izh^JdE_X=_Fid$+-pFGH=m8jxV%#%@YLlX=`^Ts={G)psOzRpK z0$ch1Obs~A%{yp2w>V#AuYMBQfkb%iSehnV;`Zmfc4j`G z7wPn(d=JD6@u;r88jHy=#>_xLUfoyZ>fRrJ1}T5+v^YYCT8U#+(d_P_bvpjh(EV6D z^zjxq%D;wEU8>C>?3$r@9w*meAG#bUMzdWUtie!lSZObYEgFSlqi%#!JPEozuhw6M z9{(zU4z_lYD^T?ct&1RxAYk1oA&*yi6$hji44Z6+w>X|W4aL!B_hwEcyrZ3kPO&vD z@PwV`Jiz7M%K5F^Ra46)pFi8S28+|?CdjR)+UGz9#x93|rM>Io~FWdD@8#cLR6d#_1;4n!ts#F~!09ZhEwS~NIB?}qsr65M+3)9Ka2 zexiYd?c(4WP#Ip>5*(A0$^UM@+fV*xW zVh#BlcXS&}jk&sHeV&9SS(SYBj|p8EVm-ZA$bIQgs9pHl_+F}ZV%=rk>gL9u_TpVF zK0dP?-{A7euuh%rLqPV%k%VORV+cB z(MsJ;k#9KwRRB*OZGT{r)6$mLOm8%s+=|j`EL)8@PbXAZ?JF+SgB&N5*8sE@s)hab zv&G{kBTzy;i{2*eW^YXw1 zIMBM00bR*VT3R8r#!)Kf1+Ruvq5X{&j{p8d`|UskYZag_Q84@V&;{VaOei({$Z>ZQ zFgpx#BF$?!(a@l!A!}7*odkG|wB1OjRVf^drb3vAQH`q~*kiWjH%n2KxDx@|^JqBr zJ;VitwipWtWr7D4-UV58lP+ZL`J#e`cCWHmDrvbPR_<1#cg~v`iBNmRIg8Lb)fvBY zaMRn5g47LLWuqqNzbF*tdIf5)RIPYWYRC*j-d-7_jnJ3DgQhd`!*V}kq(=q3`9~k$ zu9O$kj&VI|C&6^VmpZyc0lf5kl?i(W_gZho({J6a>1No6K9}I)@cry=UBh9-bg3Ar zpK||~4EC$CWY)l=OOo=BVluB?pRuHiah>KUE0kZattd_Gck zv3?D}$ETIi3a50|pSKlXSB@8ph3`5cKr?jVMjaD_|>=&K*w8y@>(b3_-W7c zTyCWQVHf88l`F(s$A|2DSU{63^*xdNa}`dB&aH#HM4|Hi%JLo>1GyTALyEB`bzmg( zjfjD6yH~2E3@BVJZo18D*NYNN45F-ioc6N)1Um+wXUr$5*WnVNOytfy4d=f?)M>d) zs4n$4$JR-R^XJbG?2qT9D~8DHs&L5uW5{Hi=Q;O~`gqXa)`Tp_=*4*+ zyJvJCZ?fw*pwT~@b zt{-#5-(r%}uBEVe`Q^jWs<$7C-#s*YR5g70Q8!=z zxPWv?cX!tU(hW;X!y+Kfl1g`Xvy?2-OE)YiEutU|OGpSP(k&nzzxDHZ?&rFn?{)qD zTbOyzoH=vO%$e6~!pBFGJ>R_E!Ap~IF0j5IE0unvnwG8W2kG#8Y7H5A=bHH%QS9b# zxDsD58of(nfZbZD&mE%EM_HmzRHscT=q~=GCiDNcreXZL&@0D0A}m zYyLFMW(|c@@_IRI);}4-w)<&Vs|6)Sua@L;X8F8aGuXy@&&gID{Z(I;#U4j(+E~_G zBPsK|nztl>%tc}{vT$+g%d76HF(bH*bRDUBXFv?8d88Z6n6WK3P1w@9^Jn>fPJ*s( zdSXthT+K+kO^=hV3yMBubQuFSTEAV|w-=U8Ko|5K0s7Jj>&d&lxlLq9!G?i#8=Qy+@!dM%YtbUYL$EhR-mXm3? zoJ$$uM8zn(q(*~OJcXGK6M|9$o*}flLm%?q_@CE#P1ayA9Zo1gm#=4$>Xw_-1GZWO zS3}=P-9LKEruc7M4~5imI(H6Z0Vx13 z#|)d5F1D@t&j!{gfr9&7iqbr#7bF_eo$|r;sOX|Xx#aD{<2N8rwLuzqp+027_T4UM&!E2!xx) zF}V^w=l5_itIANs_5I>*^%cw~{63q}uEyxxZEjw5ti-{-#J5JLr83dQ<&?a7;Fb7@ zZHop%vKr;6J`iTipWV3cySx$s7ZPzElFSLDz~DQaJT83x=?~$`o5!~(;3)cSQKxE; zp9I%&gQ4DiF0)}5b+(^mB)`t}fH1&8g$o6tcT!snQt!fchE7C)%QDJ=IWGm?$y|Q& zpbz;mCNQD3tv^%QRRp931z+S1%@dM8V&1-XEy@V-e_V(V-o{D{FIl-$io$7)qC-r{ z5`v2u=xu)CAp}L@EY5Pl)?%_!-S3MOmKM^CTOKJz<50lA9ql~ymQ1rW&==c#fW(!i zjf~R(M0i7=qRjibEF-hzcuD)HnPhw65)9Xc$=u+pxMIxIS%{Nfkud|f&y z)jyt7yY}2%J?~{nI=codFnH+^+a`FxOQniyU1V8|0F2+ZvSMa}-bTiT-PXoNolZ`a zKR?F2Iv?3cmT6b2&RQaxm_p7qupm-8%sTD#n}*%kOEBE+r(wkj30bNe4mFAOAqdLq z^Za#sCtGz*7N|#x4;-w@Y>b+xS*E##w|&IcN)kN$?pwh8-D`oqW;=qCgY&MG4m7Fz zEkyC3{Lq`94G-6rk5wIs?L|k6*DH6nc!=2gwg!Q`nK%Kyf@2BG&Np6zJ}&j|e=)2~ z%h?rFql5;&mbzUYlKLpung3YrCD7|n&VE@gH-lUfZ2ufXg{APBiNN!3<-~qmx~au> zO|Dt)FEBpp7lo|^yELtZJbw&l2s3#M*uR6{?;mEaY*%W!3NJUby2t)Ffh^MfI(oi% zkdyP<=UXEK9k$Ggfw`zreBpx%M_GZy*~hHI0IwQ^Z*QG>p2U3qaL@kn@EFR&HJ!-W zT{y(XBrIrB@~+EHc66+PM2c}WcI%cU?SXYW=+3t5y8en`!%yP&&e$%QkMGYlrk$b` zL^85=O>XVD=cStLDJ=q@Q$x`!rY{DYf}4%hhEygIoD5dfDUxi7W zmRWk9a9La;-)sM*+@O1s$8wE#w@=`Oar!&&;(;df<)oy;-Tm#_K0~jdt=6{OK7hUB zXqDl}Z?ef8j(Ibg=68dHBCq3CLPKBg57xCS+2(|K7q301I;xzI3Al)CZXNVK(D7p8SGT-w!Lqd_(PNDab2+W{a%x6@dx z#U$Z4Ui7{1eb@r8>tIeH^$x=e;;8QTBA<~5nz#m>awclusa(na%yNQ##nsl%8! zV`i5#^xM!A#17Ziq%oBUE)986nX$Em>tNrXOt?r2MNSTbb0lt0=#c!Q>wAWaA(`3S z;qQH+0Thp}ep>@}?Si8VzRKib%&@(*zf-YfsQq|%o(VokaE4y;#U z#Q?j&=1ws~ zpXVAWr*RId*I0fqMR+dTuuU-5AL06wSW;%rLxx}ObG!l9YC+6LiAJCi#;m>?IN3VQ z*a%{C6v#u*7L!jN+}W-nl$%;&jysOpT-jZF2JIDz_gC|dS53g5^$nld_o;uL^&p?$ zs|A8#uer&HL-kW!$<)`g~yg9b*L;FhoWWPn?B%%ZeInzUpr>l@f+B%ZW2C8Ll6oKd{*0DiMpR?N1{6ghe$Xk z&F9J*RZq-M;?F?g;pp*p=tAqC66*!Xz-}n2LvBS7hIn4rBJp_J^c&L;Pc*&z3BUY4 z;q68z1SDiTei)$d$X&-u4)}B*q5Yj_u0|L zvmdm)ABX(|#coUB>Yidpe3Ad+=G)?N+w86tLnSW7(gXIW+{ne+c~`QPyMOVT+yW9> zIad-_mZQygR8x0}X;ui8OM;!zJ@{0j-3{D7=!t2++pX+lk{PQkqKuRG88`nefpPZj z8r&(Gc#QD3+<+{j@dHzK(JoIbI3t&Un4R*E$O#CrAcE z(|GIhdNG62Jkq>xx1;MIEW{s+{awW_{%@sm{&?}5Ac>T#pKRZ5rYPT;QH*^P$GFzH zx3vge7)qe;n>n4~o7OV7isVc2yBX@74=Wjx>+NF5N%r?rkUn9FxZ67)=%>p2aeUEg zb8-5dkpHS;v*^{?Jk3KuucNN?p+mol!I8AUDWme(y>(0x1G9&JBt@vLU>+KunADx^ z;n~bZn)Zp-(Fx)2V5*Hc{~w|#cfAzF6%n6)AsM0kzVB6e*CC#~6wQ{YD07YPs4OCvA~_XDG$QJ@R1QslU1#c|d3}v*kv=?u4dg?_+3T z-FL!QJ7V`rKQ65(f4p~&^wqY#E-)S@cqoLT-R(==#NFQUf14S!YyYi=uKsLeZ2f{c zzo!q@w#SE~sB8@Njz}L?)yzb5{b=%1J+ouUxTjn}e1j`Mr%a0^%bc1YWj8MmDcN z&CE}Ncd6X1Drv$NxSui<&CN?JO%g8-jr@=Lb<&M{3^ErbQB0f?t$b5c5gLP=o>Mp^ z5WK|cfFIOC7i!F*{oxoi zc$ez_xF2;V_@03_A%BbRk3sEE$2ISp@%!dGeoUz!Z?+ix#*))M!S1}tQn6#b&P5(M zS%oYpWaQ35+m$aJKPkB7I=+l8vZT7WL9tLp(t}MPIhj_G*Fd_50E~)|P&MRujj0o1 zn;sUK{k&;*H%{hkvMF==(69a8eL#1TP&#XJb3OD|Rtl=p`3+sJcHh}|ukCjai+aW~ z61z+(`ZiHYkw!1YjI9g8K9b!G2=$@ekyI49pZW~Q$w?l4`2Jhd$`>lfe%o_#t_1#a z|E#-A$7@onFQ{n^d}Xm!IPQCk(z65k>6qcS7+}4Mr5Qgfa~~c#`#3wbV{nk9vw!#D ziYvC#`Q*xM-Q$``L_jJo^!|KuQs!bIDGi;Z+O>%S5qgs}H#8vw4xRaG$Ma!K%b|Z? z*y7{|TJMG@C4=W<^5}vH$7Jvp^zcN$Olp)Mc+lRiVuqUw3{ByOZtp3+yY*d<_KR>hIaqF~9UVv$j~?%x z%Qdut@hGpI7wE(gL$Gb(Mm#(kIEq{dC{j(PUAo+34Or)SZCeLM7 z3tZN{9>b%H{ph47EMaC1zTQOyzwfKudJXO0^gX}5M{}lD>szbIyOWyJDhLHp^`1lv zMLd4-cM>rNrFvMsw9}(i6_hcR*tc&zQmaTv(Hn3G zm*M1wnA(MvekNzOOAM^o@pDaRapYEf!w)sxOp94+l7n7t`o5m)B|5Q8_UJz6TuJ(> zNz*>pk!u+^?E8jAtfQN@=)5^$ywu+O`xes$r^U>dXaOgy5U!Ty&Yt_xY|qz0dRoM9 z!^KI>EG-Lhm#s51va#|CSqe{azH>e!Olu0E{Y{-l7e7$@gY-Tvuq**gTmY(`R3UjS z@4Gev5BMej0siTzxCyi2qjf8`>#s38TeXoRMM`yLYvJXU!so9m3s2(GK*^7VLwG_HD(0u2<+WcJPmpJumz`i(uw-sZv@P2W|BiQLW zS8{Fd_v8n^->unyuIiCAZl}$>W2e~aulMuE!pIGlEY>r|zKv_s7p+YJryX7gb{{k4 z7FAB0W?p{TpRklm6Cdi{?Q25Hv3$H`@mAyj{9|D2xXY^V`u22a%jfpnxCrvx0>h5D znETCQ9-Ws&@(ov~yqoU$>mIH2+NYrR&~HVE!Q zUFKk8E;)qTTH>och|{On+8r}STPQfX?ZflI_b>jAqznhnZ!xbpI`0m(eq|3dnMrtG z$K9jdIjSvBPT{$Gc(iWwSsVltRPfXNEEC)Y8J)e^FkD`CO%&<0pjlxbgITv)yo@fu zis5{=m{W!qD2;LRac$Q zuRp8|I*s_4uCoMIU13!;5ISC)qMp@TkFMR1qdZJY9XM*{^lj%4Y{h+-TiZNdLAVa} zrx5rYPC8ve{(M2ZT133Q6b}PDo*>a)emV1{VY#J42HD#U+-;z2HU z=;3?2Y)&mA(#K)9{2N@jp1S5|@>sPihdhr}mqynX<|O|3I(Kd5P|kx+J!}haWP{-G zPyWaBO{@39i>GNmxyfDEjvi}r%ZDDhylBqIS<&h8 z`sFeA7zSy;;pr4N^U6I_SLWl1=#bmh&&7fe(8>v%;cZ^Svq`-KWf3oLx5{6^Qb}m- zJ^sJf2Z6lg$w3F1qcayrZbhj3n_a} zKAFv0OnWs-Cvg0HCF%Dw+{*uS7)f=ElaTzxoER&Q-gB`?zexIVHhJIoc(yJfUC*JK z%ECQHOG%2!KUOFOjys3#uMd8aRq%pVA08$psa3l5?j?0O`H&T|?Mcw#StSg1b#T#l zUm-N_gGSSST=?RFPTd{Jf^|bTgusQl^daOio!T-tc(K!Tazkmdw>w`Pt#Arb<4hhr z{*3KT*c?{&I~Ik}heeT;=bn(hvi3EMJJ;tVT{^nWeQka{q$F=x>CstPEwp0MLK0H@PB@kycnWGct)IV zIZ!d-$0+_y-lJ3iadIc1k||Onb0YsUD-;O`Ql9a)Xk>!@^F0d?SJmKJzdF$t@!t|l zQYm2Nwb+dm|67c|!qT*k15Fa2f8_~Y+5gn5Xb=%&dN85YPn4t`G~ger_g^UpN}BvS z(GVJHOOSR-zMuhv!sq|3n{|dVWm$kNh|>l5bHrU(ebBY_*m~rWK%WcA}lZ<;lFs|4sIJmOYw3Iz2~}e@M^< zQ;2i)4wU?#q!`Kgipnx$$L)e}fCf0JwpQ=2vi_<-0p8iU-~g9G0f+yixT+}b`F;bx zr~fG6#rw*#zBf<)5e|?Z%lA*#p=XF1HGHrFDbAPK{MX1Pw_?XEITkbgX_d+=9rfZQ zP2@&c)G817YrLpZa+aLW)~W{`xOCgb=RvV&lZDmtKDqc(83B{zxXxz&ZPq>}(=W z8_XhGM5l|j7tMW;vQ&pz=jfTO(eCM;F1C&TlS;Kj>w2W!G`V~b{w=l=Ev6Hn@2P6C zYhqxTza&y7gNP0>7+I!E$M+>YMG)$q6D%b(#70^aj#;7 ztApDOB|jZaphp8pou9#Ch!8KTmZJd2r5V~p(STX?Sa=Kpur^C$jwK47v7q<_X=!`m zfCtugQ#|C)P79#aB-$cSykTvYZ zGrAEo;rm$0FJb*VBQ@gmuW$U%zv$$EQcFT$wWr|U>D!hP`Gt%V)$un(Oyi;930N{E zzlh%%JP%>sqf~^3^ofoelInA{2OhuU(ZyQU)FFVaROi5n)@puV7PFm0XA7$Z5AdIk z^vZvvk*FbgRfNkr;w?U~sAwasvySUM-ar0ig+Q9$TH@811U2&Ew|Z(D2J{iHsK`~G zpvASF#Bc8t`(u_EVA?ci<+=j2=bp->T~-3@z7q{K2P~Pp1w|;3ugChSY9W>a^;m8R zioU5wuID)SR?p=(|7d4?3GbMH&FE}gd{WXVEzG(3nYr<~7)b*{)CETa|jIfnt3g*LKCt8O-$;_~rO<_C#}=MWK{UAF*i(!}92L zx4;gQ0>gN@I>Ts(if|ivR_*haNKL7Fp=WP|k*)ETIaKFqFbk#Rr7&#s_@ySOWMV(F zu4RfUK0ipe+tP5!n!_nj``aIAPS^M^g8Uy8;2p`8*5nER86T1%2Sxb11lCvZP_1X| ztCYpgc=xX1;;i(p8g3}?F`3nWCNu^+qvP?6wWq{;peU?HRwOv9( z7KWQn_6PIQwbWOJ#i^tSglb-ayD}0Y>!HC^9$#(Ns(k{&cglX?HJ)t~g*q$p>(yOK z?=hB5Wle27<<-35&o-wN9yHNCJTRSiNt9QGb*|1r^@yt+vDLwK4j`ud@y-m8iZ%{) zHbHIPUS0$r9Vonrv|QCiVzvh#>{r9a_pL_6wc4p5o!tHEqPG{^PGa4fRkhb5uGcf( zA_IeF&%v2rVrRazIN`Sw$+v4}f5B`Z+?$=fNBg_#4|N}ecz=YwQBrfxSu`C?hFRYZ zGf7GM;3^Y`G#(CE8!3jJA_Z)7qsOGmH;6pn$6C!p<&xOke(KDNSk&0o(66@7d6nmP zm1QmOl|CRXNfZa%0tMC?_8735iI>XMwk2~j%g=l^*FRUtZymi09B*x6oUah#exZf~ z9wzTI)R~v$!S=8{29lhM!Ll_IAk1zJSvM@t2TDP)vt9ao;1F_WBP+3$DvnDn&MJAu zMGJa&8I#HA0c8Yalcz%~-hZEru_ZBgUMmS!_uij41+cFg)bCB^%w8><-j5^M=){sA z6Ns*aX^y~9f;O~}3lV^S%QMN7*l?F^2lq<&%YBt3uPnK>ZOO87sA`qx$tI2in132; z_RpMC>Tg-e{5rH_q7ksu!0N?vA>TjR!V4W2h+bzER@*w|aS*WY$JM+*r#{LC8gtzQ z*9l3MZkP^I`D_8B*maG>8}!#}zT2hH;^KE0A3b;T6v1dqPNPFV@MG(8Qd}|&Uw>(; z1XMbtKu{-sX2LHWKH|#)JE@irCLU{0t@G}cosbJCL3vI5>xoj+Uo(AV;)BNLrC@Pa z(%-%mghPsK2i5iYn;dsgVT%-082l#O`Q8R%9wi#B{G6PN9|72dj7*W(^fT?~x^*Ka z{d=TNEu-cXKfgG9w&4TOaU-vNCUyzj_6d%#%2nYuTfJn^+MwVC+B!1MDFc=0gkYjB z+Q@^1eBfTxp5$Vo1`||!hL>-Kf?v$=$~&pGkdcRF2+eM58EY)fhK8kLobmZfV5ECI`|MXTVs86g0%hd2f*pig zoIU)+XscY4+^i1WV~F(6jmhcqvd>x=`E>Uc$F+p#A;z;QHUk`^)U~YNygOPAD(jk- zGIE$?EiYrw=H6n1nFM5Zkdr_(oQ~10e%Jo@AR`|$R}J%`I!KQiUm=<}6u&cAdWuN@ z#d$3I)C&ujEGYCd@@Vp|JuX6-K7~yWtQ=ol-4>Wpk;s}D*vg;s#CFawCg*`mLTR`O z<*<9^yb%%3H!7i*nWSC5xKaO^h;7_CcSjyrYj1j}oahPK4~N^}@55OAd{kYbx9!rKPoP0InJ_ zr`N??EHje)Q@~;El|3mUBWOCCn;Rpn9NHoIvTBlR*P*$UE1b$xqjiwjxdG*N<%N&}gzN1As#L#eA zCBed|m>G8z-bvCAoi;4@{SppP(3Gd(QC#XFK#q1@UfN79^^qvxmK-bx(TL9?ZThpB z)w-F;J>#N=(Z)DDK0>tGiqK6^U`@9c?x{L++tAY6^a`%X}sf~jIPx_VQINm+t}Teh;H_GzpMkA|n6~?U4UOe zATC}_*Es75yo#*#&$#c5#IYd+p8X2@YwHVv!3ukOsNxb1(qdGxkln5XRkj7EDnZre zLP}7_qu#>!bq8S>Syvx50`P5ksPK~nsa2}P&v5m^;lO&Z7%U)LlzBi!1?YyI;Y6g` zO=|A>N?5nihZ2Tf97znSe$7b3ny<3v+{>SlQA!^_7(dlC?dtTDyf%@#l0pF_yq5`A z#)K`-1uo6U0@MlOaw(j$AvNQ3#UQPH+&~(Hv~aDUM*TXocB+Ih!u85^I1swk2_y%o z<{*V-iGyR*>lxz#%Z7>TT3qN?Xz+1Hm^Uy&sETu?;R~tC!h(syX5VJ=XJ(ZYJ%gU7 zqJU=-nFB|CTXK^4f#>=w?0cKL!!6vZrL0OOPPMypz`3s^Xo&c#1@MGchQ5VB&Ni@} zzfP5{bMKV_mr9N0dOca0wI_P#8`k<3)0{SK9I($D{&zxgKEl8vcdpMbCjAXZy9h`sXpW>ki=A%6L~~pDK)*~3)U-Hd5}>Q|E-pc zhNt|s5u0u>ezh@s0Gomf6=zS5>0x$S#BN5Q(SpvZkmef8dm4j zQFX->WgJihazu9WZ^&?}#~3IJ30%G6j{|gWc0$FO_)7LuR9kn;(~ViD==Bh#bm`>I z^Nf7m2h68#u2>d>*Mtm$73kGvl1Oy$9r9lJ5(C=UX}bodc*>+{&7G(l&onf@fEzp<`+RZe=9NfA+KkGC`F$4JZwKrG-1_stybY%n-A27Z%R%j{wD-cOOb zgPF4lvztxZymkXOn=uAXJgs75@FTpgG}_M>aYH7o?XIoLbgi!_qjZYj|6x@T*tN}6 z59*9cR~4=gH_2zI?qp4baE`qJvgo57WtTkG5Z9BN?p=Y{ATt#KU%?=UC$MHsNK>6U zY8=3rL;mvF@Q4rf0Koj`?bID(Rr+UNb>_?ioLKonUnT0Ua{&k?L#D$^8Wb2C2&F5B z1sxYbtg2~&c%JC=VLlu^!`L9v0q^{8)PjXLXrYe^fO77)RwW`slU+riF0l;B+{`&@ zoM=&b8&;3^kF`3NPSH`7_J+BApA?8$x)KOtS&mg_-KoX05Dj-7b>am&YiB4zhav$| z84Flrls%B&{a-bpDZ~6g+mxvr;PG1k=nP>0p@Y#*0gBoAXck({D{%@BEe%uF!y-;N zY9mCh6Nea6*asD36hRZ5Wuu4Y!bTBa*Gcam$zqJq*~T@|{1HxY=WiHv>4UGpttG(7 z1x&CI^Dfe!e`phcpY6<~uxm!r_IzNLNzc(+SdmB%s6mE*tLR|(v-G{WRUxowpmwD| zgHtbZP2P4TE=(=uJl$LU)s;z;8|naHV1!v~E;Xc+yH-h{gAij~gY(W)3)zM|DYW-t z?aitOcU$A!J>RWYkCE~F`888Mxv(K&$e?v7+1 zKLie&n&ulb-l=XODS2lWcG&QE)92$;R9^j2uT5Yfw8A^|y^|Y+)NFI3{F^j8jLlz3 zu)3uSm32-@9|MNY1#G4%|AXg65Df@?LoCRsjl6?dwYFBDMXB*X8>mUcC1qprs#(Tb zd_euQrA7_u8h&^Po6dKJC2Zr4Dr?9mZtGeU6P?v-p?K{Tu81d=o8wlSHa$y(V2K=y zHha$bTXV!yws}mj>#QdY!p4DuUG!`it1=(yCft%P-7a50_maRew4ufrFqLKGq#+Pb z3|3l-6e8oQw@R7+!;_fN3oACn32vhKI}J6Ys}h4!ELSk=BBd(jU0!#TAQZzIn9y3V zc?ncNr8Ma|;Dz|_N3*+;aK^4nIl{|99|h|A2v30VOq~wbv}Dc4kBzSsp}LxW3e@>2 z0~PV4!;;5GPl07T;dX6|eD+$nz;D*ZK+kdD46*hHo7!lkz6D_!hCS?y;A(f(imyu_ z5!~m$whgl_!I&=3ez6E%x1fLlJKLnTh3Dw9Yz-F1yV(R<#}v`k?jm*b5gA~1nD$v7 zx)UQuaXG;ttoa~P>^-elsoP-%q-$dcWu!{pXa9hPUES(R(p)&V5u?y6LAS0ot0?^=Yg&pKVN6)rX6B1#Wb zI_C(%9f2hx+19D~CY+PuW5|_z6wzSmAK6amp1S!r0+Ho!pTNGwMSM*Yg86 zV5_F&cmG$4pqK8H_8Omfl@4m0uW;c@Wcw)5@E`^Rw_ih-$oRGce>!6z7xl5{&wfu+X09i*`N|^Z}b!JYcXL-$&eeS&{ z;B@R^#dJHs&Z|h;)I17)eN9f*ncd{HbyF7I%mK}P(m*>l>lFX+BTv^Qb0k)#rv!@C zJr{se6H&ez7;&P}ED**P`{@86to4Z3%^hWM^-Au-balw8C zHU%nSObSOTt9Dfq?u8%e?0)i4T`l`s7Yz}O?iWAF_Nl6ZE7av1<$pbe6U1ZWmzxvU zw;`&DvzSykl@89UHeE{@`7__GM@bMcV}UP2H9;2>GH=4I>OOBQ(XKe_>vJ=H-Z5j3sg~JX3x{DR+MsqdVtcdOB`Y^I6R~$ zxNBzt&w2o-u%Dc-Ji56iovOwi=`L1VETwlnn0fn?UTA4NxWQaM6nj6 z7#7$6>DXgJ%)1;#6E$r1$^M(MCPS<|3+|aVX1y=WDdW;26;J?hcfMu(3Dakle3z%8)M-msv z3qIq30a_0h!jW^58uD?cqMBXMFPu8_X)-7Uz4|LHDtY9bDFb6O!v$cAm#i|nNM=pb zQ+g4ae0Qx81g$k))P>jah+>_2r}+7am6#9i*Bu|D_Z^k)unjPlUSjKKE}h)bFmq2)Y2A`S3=dEm0UJRL*(mo0iHDI-`Bv?xd%lh#8;+hGobPnKOLZu#$b*_UWpZ`xIw-gX3w6FC(9AFGkeSPvcW6W55*zzOA0bOXemiIrs98;rpscE=|)MPDMN2O3WrIHcw{S1+c3nR-uS*^&(Vzf`CM?7T;?~mz3E=uCbVWMto z&4YEX)flz41_ilaV1dy{`EU>!N}!y1Eqgq=X!tKwFjyi|PH;~)8lLVt&Xu1L>A$Ln zMCxaU!{G;XK_71{()pZ+7$|)h6rqj?XW1m}z?1GWQPz{>SB8Ly^S6`?6_U6tEF(W~}4|PRRAjT&+jQ+3rWeB<8=p78Y_b zwY=7MKkZoH5%5RiFGV#Y#UOXLl}{KJRM3}*y&4r_@j=Q67ukf=HfaNeuF7qhTN9JD zz>|K=M$7wcd0^&WyNOt|JDy}eUA**=JAbwb*U`}AM1nX$X1`xFH40tbtgQvV-5ZZ< zY|gE9Zogl2c1N;SF_KNLy&CTI=_~K{0xxT8359$9kb7vhDv1r|4LPt-;eZW3w+7;I zVIfBp3bIbfc>N}K@6pul!J!`mYLAQF(k%CHem9U&3gEMVW&qqRi@W$BVV^^lZ8{m`P*k`vvyo~jcD+N`yu$VSO z;XEx4gP7e^zelhjbvgXl=0vpyOPzi3t6{|=Zz6Luu0-?v*S|bm4l_DS{ye$l>iwO? zgi{t`_5NLtfxe4P4LQ3@9;pSC#ZJY!MiJ>MK8>8|vB1g_%VwYM+va{`*4~(JLerY4 ziV8K=X6tU8HE{XhbCrm6<-yu{=0zLOTscoPFZmqwr3^nG*bM21bPN^hY%?9sk{#_i zTE4S9Ry}`;Rls#z+K}Bx&%_kceRL~55@1yc+h|@Oa+He^&SNjoYBciV%||_aFBf#n zWYEpUSB$;+t|3mnnJthfQTY?dp(FjT#jMbrX6f(R^(qg9@a37et+rDm#wy@dIUGEE zZR^?D@s(93s2B14(ITJ(yEavXram8+Ud=E)G1+`Dg!l{6)oaYH1NpL&AmgmFJT8ZJ zw-soJg(?7%Y6+S1n;;P-;0rQ!V2mrVJ<_2PT|84NW>E9CzDZl}BkyK-&v@vD0ahH) z0cv1pCM$aJFS6qP+4~LCLE0Z9y8f>B7gb~ZEQEeQ?a`@|+yfJKU?YK$=^-YgjKpHLp@n&x7Z2!Nhp z7b~~8k41l5rKl>JP~U;Uhk`trF@>%m>;4l76n1KIpShxH;Ql9bqpY3&(lTLlKH36j z1d?%^uF>E@I=~V7BF{N{+ z3c|RO6x8@qLM%P!3uaweYJ$d#`l&$lPC@aRUEemv2k?ufx#Nd1OOE{xClx(6Wkcf3 z-A-VI9bX@`mZ57|3JG`lH3vjE7}RJaZGfRhY%ZN}f#hZ68}paAg?@iF>`GPl`4w#D zvfX_6T+I!-hmO*bqY)Y)TT`iuV`j?q9k62g@?C+D$8qr4@;6EtS3nD@(u8p~YDa0g ziA;Xtv(=ZH>50hA_3D{yB`WIL?;2`Ak?}*eILP(=?C(f8-pfx&z*`Y?SL9*Qqw#ou zq6JzU<^Qo1*nU4Pi7<+FGd0Y!=oYaz9h6^OOT4fHIN>VIr zcq+D1x0(JLQR*k&{8M;N^XAWs3C|%%dYiPx;~pjCY>$u7Ag07$nkI*wd$Kz2-<%it z9d)1~6X*=kORjlcgg_5Z=74n(fBl`i2&75wG_{DsMQQBTb(w~oD@1`rAI8UA1eZY0 zn}u?W-Cbwy@6HcX+!PBtuH)nGu4m-#uP0ghi+-x_nlKJe;oV5?W=|{7UrA@LDFdaz zl4naU$K7WWfBfRNy=qKsn}3iNX5G6m<>_px0tE>()yh#he#AdRNOEVTIIj8s%CPcC z_iM1|3%xJ!v%JmQevqLPWMfomMHl-vwzScM+->z1&Y)YEB2M2Cus@$dBhJ6VykYYA zFef&4{b$8*E%mm1WmD$+X<0V%}Y90}LlPG{Mg61o$d-7Qx8R)I#o!#xR zkWTP72czl%Zzua62N)0eYHEw$_ugWd;_HoPg|Ovml|ukChzOE5@>pQZ88p&K*$Sr% zDWA}w53W2RnFsn9 z_>c$0#WfMzfb<(@jm6{Q?(P0YvK{habIiK!EuD`)&wc!CG?y}xDrWeiCi$uMqTv_k z*B_ldWUhYrS>2z_P!@_A6CfYtv6D1Oe3v|+09<}=*>&+?H7pedSR6xA<}Q%CILg`{ zO}&&z5SH$8Lt>Vxn9-IF@aO9_#ihY<8iuAEk>XYzs&t2h%%y>_$BWF{TJ74T^1$muB$8mt9xmP%XIL^M2r**Lu6}ouM%&@~_wZ4b<$omjZ z;~p6+`wmgz3h54|OI;pek4I_@A+g2nwKg-jKj%oi(EY5CBT0sNF8y&?D;?u_us)kg zTVL4SpZm|?-#e$@&#}2|o7oO0h?i0(E?RYf%k1L5;Q$?HlSbLA@!ZEdk$D~tbu4hu zep_GfaKWT&1QxF#zDyTTI7_KzQ9h^S{oPya+P;y*t;e9ut& zF4mEl=@2&D8nTZ;6M1npv4oDm)49FK+;AsNj!IZTl0;eD)YRtB{zWWt>15ll7&3RF@*Yuoy3=W(=#1XlKP7a$nn-#g(HrF2ga{$5MD3-9LhoP*gjX=nzi(!R62 ziA`_Mw2V@P^DCF#^ef5AlEUJQBs4$!7A zzCj$sDno(~L-GEY-=!`f4~(o#b1CACJkZ}tmscJUz>MB#ExB2qNqgFQC`wVngmi+Q z3Dsv#Un#STw=eETd#AyxnPB+yd42cgX;bq34^o&&$fi!>uuR~@VX}v6+^O&GWK-c! zJ1Zk>#iBWMV(79mM3K7d*V(bvnxDwZs-VtBYL*zE3Rd;(g&*3vp-2KB_>xubfN+}M zA~5^A^b;6Ug^$w!_2DIoW_y*P`6#-2mHyb%cyU_JiX0-u5tH^|xYO(Hk8N`F)Cf~A zY66{Q&BpsL(w7VmF_S)CY?kT|);|kR3M4 zbxTuDTZUeHY!o1AGqLCR$A7*Xg}D^n5k6vgY&b(;Iq_4Z_5lP;hewuas|#|abaiaw zJAdvrLObJrpzRy>UZU&=4ezy7%{-YD^4ewSYY75Lz}E zjO=F^HmIEUg_uFYN;Dv?PB+s?h0&T%MWNnDoU#4`@>-lTEN~p;o-rOH{o?C!sE<5w zU>>_XB-7UNBXY?M1M=RP6(Akr7Cg64D;agMJcCHS`o&e2zQJFI{#Dr^#pU$ef~ z$-AH_E?LZs6Rt{8mi73(1_oV?i}&?dxik6y`h6++CMP`@fA9;Cm3?v$hYQmaWJ+15AyU?l2*P#MxKWFPzc2)rS3g4#kfGetB|Gd8osKavrdTh@ z5g~5O5w2~taR6XlxUniw>Y?+Yapf64hI-G8c)=kuQ;PP0>?GZJ8llv-bP03>@Q0OY zMzLNGN&E$ojg+G?FO`503w%!*))+`UyO$Or7{BZg!eebrBQTh+0to-;h&0KUijlX@ zUy2bQxolBssX(kt8FtawA|Q*-KImOige58Fm`VUA)WAO`aS?!z@W!L#L3loc_bMx{ znG%zmhBlJYk|`GnTc(@7Du(Z?p@2zeR`2mV&S_aEt^Pl@-aC-$`1>DMippvc*9zBO z$<3y+ubB$DRwd(wYi}W0WyQ63a%pf0*PbPWtScAS&dRtpne}^mf5!Lo$FINc?Y^GR z=Q-zj&f|>d@qE?UFxZqWT>TJebe8u;oL7oaBI_GYwtjkQh<0E#O8%UfXEZWoXrv9{ zjO>z17K|~tTKK`>1>&HS$M)43vW;~)ukKAQ-HS*IOJ2CoH57q@aQXEaWfIrtX~HRh zlIWSZxZSCcKfYF^%E81oR)Qw#y|stI8%%YUCQMfWshAxc5l8HguIze@k1fdZ_A4k? zgk!(-;lyaJb?sCNB!S!g2S!0Vj_uOP2-e9=7Dr*q@kty0+TLBUGvwa!%h zGq1BCdNEeyWJ~QAz@j-}1div+xWihB?$nT(5C*4>q3Hr4ofw4u>4t+#w`v3&UeDCb zoP(HP^-bQAFi!Z+M*khy^47OS8LHnEoYB67z{lPPXVnCG2J0`GhmYgbDxN4>CfL0>3d?-*|N|TH`2qB%=C@3L;-}`)S^@XX4FQ z)vVPMPO8=Xb&GjVq%-vDErYmaZ>yW5&nnZKS9>^fSz=DNiGm(^?D!hb07caF1_#s8 z)iAZox);)JUWyV{-bn3f4vw=~A~77^K}>}|TFau0h(JU_3<1G9#1ikRCk&j8M{flG z5=^f~Sv)N{r)(1&_neW7tU+YuWV_t&L`irnK~`c;^SY89bTBbv)M_AhLH68XJT~=p za%ZUO&95Fl)^a?vk3CdBH!oji&<(%yf`H<>V`*5v9psx^eQyT@MGaqRQs{X)H>*xT zf4r^I+ph%8%y(z>(jTlad-q<)rlF+|?bRjKkpTf7aa245>qrC2%|+7W#J|xB|5d8t zg!53g=^M`E{)syF6Z4H&3lZxjXH+?jk5#vO)v^+_Kxp@qCxyPfinyNE#yE&twh}3Ax1;*b7>oP42$}p~=0N;PnyPI9N z75dy4n#syA58tQBU_tE>=P^A=657jqQ><5iy_VCIpcgk$?Fy6|rb(&A`h~gCJ2Xyx z;`YV7h9kG==f~|lVThGYkO36B7NWIR(M_ry<(|`R- z;pEZz5N0lNcK>bqa69p)=P_pTPc>DvR5azY89SYwuk^=K5CjSWj$q+L*KqvhN-Wt_ z+Bu>>mX^R#e?Yt~5eeKTUBhlk$W2n$TEb8)jPUp|Oo{gb7ddq?e$)p4C-yXfBXDbN z?Xe^Kax&;4QWj@vy(E0a_vdGfiiSqOC? zC%*eIaQqAVO(c7GTD(kqG&4&KI=8?1ug-60$<)l}kV2XC+6JG(@WYM*dM-EmFa03> z+ikzmzPh!>C^YDJ;Xg%iQVR4@_wSACAK&L2YH{ZHyL+m>V@pN_rsO)McN6CS{AUa+ z(3kpsDy~u1P>@#X-#%VQu?*ZFG@djd)%wZYuRGAa$io77T0Y=njtQKTs{x*8gWobJ zfJ~}b9Z>79f>E$V#W_uY%YGqQuce~6VfrqCG4V;uV+gMp=!NVn% zb-O!5InR&&M97w~FYN}GNYsDkCI7WT*eTYz&djrpZmf>l>TRWDUk|&bW#9KXJhAe< zMZoMl&nV!go}G@vcw2h2hkvN}wo9$8XWXsqf!yAvy_LK-9DaWet6YU*NBiW5O3bUm zquRgz`FeNN-gTN;Pb zrI|mn*WV>C8Q-qUdFOT5RucFJTpiy2{ER7ANSxQ{(S9WmuW|m}sA|X&kU5LpT^*%H z>-qoj$0CYLawYdo%TYbI*5dmVWaGSM8dNTloW;letkw*38vk}wMNI!^IsZr5Ava;X zc+)qI!+%Qcz3685w{AE2t>Y*w-{3`lZ(Ej?{ z7rUEH6HS$CBNPS9@7Za8#u2KO_Qg53|C|r1DHz>TuD)Z1sJFRYd>C;5dbj&M^$N9t&rFHmFIEk{m3r#fFMgM{o~j~H{+z|dmn=xTv&!gu zqBTo~pQs`q8nj(jmM#y!!EE`XQOfz|2xsi*Vw%pFFaLQCTe;YBx;Dr!Bkk51{WYW9m!U8552Y*zW)vM;&*j45vuF$-~YL#upp~0g1&c+L%&&r&Fg8-+mIgV z*}R-m`R_02Fl`}uS!hdsL%g#{XkYBj>I$XWdRlGyx;%EL%t0Q=njy``CfVr2!L!0` zhQq5HIxZ<^8U!$2>Kdk|hqF;l@(v%{(c=T3{il>QVN&$?o1qH~Jq30~PYL{wCx<8G zqY6aLIkf%%N~-h^|64v_?Y;E0%kY-qlwd(?8MBCBIzn4h1XVP6nGGG#P=xW4((vC~ zAF`adJ+vHJ*^|6$X41AA+(NnXZ~5PtG+b0DiB}p4rQg>vx}`>&f4RfnWL`oq+f{bbQR@=U1XL+f6xC@E!%X%?ockT9J zM{xdPE+SX!)rb7AP%j?URn2RtrDlKm*o@a$vyd&TIuOZAo@Zf;VSJ}3`){pn!!cl+ zHodaUZBdlG_~cscKZ2y$NaVu{#)Z3gb5TNPqO>M--!b;Hd=$*&RT2-!D&B6%K6TJ1 zuB5O=L&q=~=vjb1^BJMXi#vmqoNJNX{v05!Ht=tGWmQxRwPs)EDi~fgGwFF(@^4=u zA@Z`Tz2L6F+snN0{DSjo29&DUP4#!12sp0l-b6Gd+=(+$&m zN~AZlMk1r)KBKO?zW$q{8MXZ;RZ9ES1F^dVQq$W_n;D+KX;MKy)5I~qu(N8`{$4X+gluh z7myBzFP|P~23I&(;-B2*`on3;Q1FG|lZd}e$g&x$Sg~VJ3JlCsELj{GulfW<9sUvf z5_dd(?Y1Os%<=vcbHXq6Ns1CSu5Y;NSWS`$9G9ZtYiH8m81%DXNFk)ad~<*pw6{d| z;2)K_!`rQP`EtNvtk!NVmQG8eQSA7%CMky6A(@dpV@mdEou1AqL6zv5`UISf{bmlQ z!`QT4V<=+E3vkT~D3SZDSY}soDPrbw^aw6QlhpLLu0agq?e-Ob2G!xZ1WL+Nnka_S zvFqe%{o4*Rk?W4*wfW{tj8k3%ZNa1A*b!P}l;Msh={i?wSqi;{>{+CPBxi|9kB5@; zkOTd{=X--RUCFywW4~o#bNRZ@6n0C47pK%Wh}S>4wcsmQ>7&ImrxkpfDV#O*REvBHw9!#*AtMky))PFK1 z1s!wdExerIM;m!2)XPb#j@f&?fD6Bz6i73ubXlu#$pyKWs3S1p z>G*-t>e8(*?c$?>kNXo_ACu+;v=67da*mgK19waQ9V8s+@e_X##giTGHye4~XT+HO z{MmVm`_;>L=h-~9>OwI#t^;=tZ)Qc9SymCH$YstOX1DZ8O5|Z3LLPQhU1Cprq5CiT zZii#Eicv;BYGcJ&G2`1QG8zDJOO-Rr^6?r&^qTU&_~jn6SQIItrvy>c7BVsZV_ z#LL-@+Vy8>|CJoRu>@7f>Qd%WMS7`#Vbdz_*uRTeyysv0gp3`>9+(rHOh$)myvWvv zDgD#a)5gS?5Y3w>$mdAZ`EE!3R@7ZmND8~$pTlFcHou=m>{f1|=IVr25mq6^OX3q3^xS3gK6v}bn*5_brBn-I|I-UlW}SbNj-Me_ zeBrea9Cu99nO@Pznq{iuY^vq^PJ|9a3$%<`Pr=tm$E zX?9(#VmW5hjDzk;ZDy=IC9uSdnk0J2AxB~Dx0*u5Gf3R&=>-=asN)>UC9`cj1*c6Q zk$h(0RNf+wNWZeFXVUe>(y%5%n#($}s4GK5Dg6;M+=NMt4evGEBM4fk_(n2^k>s#9dJ29sVkqV}gE`B!jb@xJ_vyrYG>_QT3B(1B<_e(Y22 zX-=B6gJ_U5DThpMS^Bl!vh)PGnb!@Jaro7~gC9K=Z|ZzxgV3#n&)zSnky|lCSCP$a z!B%WW!J=Yhy{xM`%LRE7A}bts%E4BMm-ca!k=`YCTe@8hltU7#Tu|2g9p8Hn47ISq zihC)Q>%T6jo2~J7UwM_12`Vv}1@q6eqx}EGI&ZC1=9O~SMcGR!wm5vOd*P1By{g(kgFmL86>6;XVsNya#ntj*nRTY@ zs-CBEMrpfKQFY@@LhW8rqS;Z0!}1i!Wk%6nn9rUrL-CS{uy#ug5KGU1P+X-K*>|V} z^4S|aO>$Wmhjw2`{iEqWi!urF5)m zbw7)ixel=x7^Eh5~eG8JRf5n)rM^f*aEC4O;Vg+JCNKP=D)rUxuLC>WX-U zU5hJq3oC|rg`>i;v6PhIU1yXWeh&u64d7|94J+NA=DrOt?!neD^IO{I9oc*`5~7;u zD}9xG*2`>-PacfXMo|%J8=xtQ_IbCcPl!+gAR*uSIyuV1+@!D!@i2eKf}jxW0l)te z%Wl2!jPYirFUeAA?`zL!KD!zBC-Au9^rfH-Di~(o#IkMrUL2l-z#Uh)+kwkACka2y z-w=oTAIh9Y%70xPKaLqtxV6mVPu z{sJ~&tSgE&u>OSwG^UMW#(0Iw&*y&PX#a%To_>V-T6&_p152NS`4t;#nZ^l5L~02= zpozc2_djMi$)Z8?ZwgeiJ@I6+Ldp<3^M^P* z{l*3?M_!(F3~`&oep(`&9UddhHc$WU%WemgC_3e{Ck2LRtRgp>b}0p1&mQ-C>IowDqS-`vVzM#T}A%gc#*;#dcsXHQG zsCBtR@cW|OLkWe-T-2H|CtO52%=f&iIW;0%t^VN6HzJ5Nsw5_*`s$dVZV<|uvNXiT zUqCLO@#ZW_TZQdOP!H{WQo9zL!R*tJgjay$ShgJbInm#xP#)9G7bCEq35QLAcC`-8 z?Ja8Q(%Po#jaM+lOWBq)igD@?P;FCcKM~08OMmn@LaU;>MI*R$k?LWl955R({U23y z3cqHAbX6dkW-yAS@zG56v3l0@p>h1$tjT{U)w4u!Im9QZoy@A+81&u!FovqY5E9Pg zqBYb+9ZEQ3+K|_AY8s}q^8TXGE9@<+bh6pl%-qfHnE<;aD&#VE;ru97_PT2leQ)i@ ze6C3Vr4-`bl#sMc&5uL7q_!$77l!!kwst`O_|q1V#J2WTDi;$tS#sbGsifw-LE5gC z%E{X2buzF!^>4^r^SOx3vI$dU7Z1kk6~y5R1-(dF_DJoV{mxG721L0Y(ChmKPgT%B zNRD3%#a85SW?0J)`AzbWUl@P)b`ya#y`@SUe)2=##(B5P!?3Pjgcc&`*q$G%}d8mkGP>&l~D56%EnwqrnBoMjW|@W;I&zXZf-83Y2U1+ z4q?O)=ktk0a5VXpenm@F_u00A)0m0bg$P7%o{KA@&fPyEIxIQf;?FW&6-ekTCJ z2OAx2f(%Kj`O&Q;yfL$X9AdTA_O;}O#HifoYUx)`=#k48-W*KhgQ*Jk^{xVgB1M}Z zVfv#~%*H<|>ED7G+NiS?%M}wccQ&NEy(mNo^Dw#Tx@$ba85}*`D?RYraHnqI)*79QIt1JK*#V(^oaPoV7pE|RI=L?+z zkpS_~bNP!CdaDJSg99oM&9H2rDN^_@;lRLOs!tFw?!Y#WbFA^Vm0q@udI!9pzXZB@ zMV8sU=RYb5)0OVv@22tOyy~YwP!nqN%FDGAD*Xx_K2tOE1ESr0R zE&ekCL$sw9O)Icy$KV~R_Ub04jfW>XK4O#leh`~y z?|o=(XsmmT*9Sn9eR!K(7(f|Hs|=nt|GIMTgT9lC&zHjgJkEu&`QqzCt0Q|LvQ3Sw z^TF77x$)b+FJyiGIhF(H>}vh(AjeAQDY2ky3eW!u(TD%KPuPsZA6&fE!Le!b%i0LM zyN8;R9Yb`@KEmhpus%-JN@th>Dkrv@?m4xW+AiFPE^`N{t%6jciIwA$M9#RD&rjP_Wo2FkzrafMBH}W_jqq!JVH=x*JYDt8Uo~2SK}BK?ZNlik+)1 zCk8;5przFP49`G60W?EU_gulT=*c+GFjE`ME~ZO6kPbO>A7Esm6|pN>e~twakND5; zr}PCpf_C~7dX)}0Gn^a${XMk&SBo483`l69@lr6Al5MyGCU;=%J;YH`bG-qp^MzZk zfz=Tz1RXYXXzzs*MGpW>8`DZ{xf0TACB;g9+p`^4gwT^g9dk+PND`|i@VWsQFIa)~aT6K|5m5K>?1#XDS=DkP^t&4AmJf8;qWYe;2-Q69QN6MFTzue^2CP< zO_nnzXu@LIUSKQ8jjgH#qEb!k3@<~57OZw;SBDU{>L?0nA3hf=kq_{UWrUM|AxQ@r z;af!|&Nr>{I@_@1h$F3ZWFF!_bkrjf@XKZvWh0lCjr+TqFm2^n@(341f$_p%aYgsY zxk1Guto6R-Ix#UqtT}D&>?fj)#in^o?aj7>4Ow3rJgW&y!GvF-7JG-CHWL7GJ{-M2 zo7b6ExG~anvJ)ZLte3B`qSwbqw2>+xnWwrAkrNOtKlc*x7f-$-<>RLZ3qOG8?gF0U z@H8QL47})*g}}&HQ0hhZxJr=N}+h zMmX`(v7QhFI#J=c8QN?o1z};+W3P@lfFg%3samiUQJIU#86%(pA=p!zB-!kus5d^_Ig z!pW_=v`rI8fK47he%;qL6Y4E~Z3s$GK;hbT2Iqp^93^{F@R$ccOK?50 zud(Evk+WN*5ju=lu8V@?qTFtHJ2~rtjfQtI!_#_Y0x8@i4^Pe3c$;BTdStX_{c2u` zEhaevJ19Y?<67OQN8ZUWR3?bQh7NTJIt*-&+Fio1o@#_*^O@2k*FkI&`KxerV>S|o zazVU1T^C^VYcNR7BMu)G?%dFuXSALO36w0%_0&eV;OvDX%r4T)etktV|%dFmgvYhq8_ zfi?;g25jk$hWhyc20F1)x_NwOb$k5Md0-Lk z#EkwxIp$7VuUJMo5R#HQaQXn)*Q@l>S6O{FluiIp^o=Hp{jkx*{n2Vs`%l3?)F+-T ztNn@B)%goSYEbWIXMnG_e!%k0598{(0_^#q-_891Z)>++WaS46X^q}^(5Z;H0zxFp za&ngNveJau(8?@`PC&Sl>a;dnBG6p~r(*}1m6__3XuOAmM6%U)|3N<2F#QTiBD*4uoqm5>duP8icCv4 ze1J*R8KVZ?AtvPV)4Y)WF{RYVnP1neDlIWpyPpecMif^boWv@)BqcdpXuu<*<*GV} zyKv9P^!N1=0eT!zB!uLC*jull9?=mnI58Ne?Ebk%S*vl$T7og1%AFwX^cK7T`HOk6 z7_sP7`(U8}FuIN4#c*Wf{Z}@&%DE?stN5d{eqz1i2|;8jVhi9Jx_#xxDG(d^)xI#Q zJkkQic7)S&o#pyH(j??J)_hJ2*x2~f0enwX;c-^MC{00J^IPh;RAzQ5V^fxASO?R*qx3wZ-~U; zIkZvd7kemIV^TYM&q?q1$QKN~76aJ5I(!Y1jzF=&*ZtFfEF*#z1}H{ zrWI$3lsg2r0-UJNM=ePPEY~PVd1&YN_4JgX0!B#2>Fpnkkuqp(l}g@Y$WL3n+d2U< zh^i3;-TjStB%-?`w)n9#uyUT%1^InDyU};tk%&=X#Wh>&QF-@ zJW_y@FK*Qy#pfT(D_F9p14H$D;oDd~lq!=7>D=I6CMx2e=vmps#c_+hozIFb2y2`59R>f-<2$e7_KCs$b356` z>jm$PxZ;30%7`jM4P(lNBJM(L~w`4 z-%*wW1TiYGRkrv@lbv@WxQe`7Zh)-5DD?VD$9!;d2GvE)85MBH;B)1R*CA)He^O=D zlXIfkA^xJ`5OrNX7u3*F-uN{mA6+r*-q||6HuXyzwM>^iR69Y~HSCgs(X&pe5;iY+ z=Td-mjSQici@n8SH8^%UMj)RF!aGirKcZxlLRt~M6Yzoh(XK1aA*QqQddNhimuF3f=>eNdnNY!Kz&tlb9#$Osr!jqsev+N)NA^F(G++ zOK=s#Y!Z^HD6P(5fKU5L@{=Fv~+Vvk*xD<%r6dVjs5eFZk z95h%1Ld-$3EVj{_-odi$Z4&lK8u!7IjlA^rLA105yjzjS_&U^HElH3|CgN%l!Zms; zFrcWJ$^O)-`R3DY{Vvz9!f_5`ilWmsmAhdr!%$6M#dzY6bEdK+2U;+LC|j}7MWlRi zvUx|X4FoFEc1@>{GZd4xjM`hCt^Fv=3tn`02({n0DhAkM;zre_qn%m_A~GPPe-loYp%=FQ8AI7EIxDA!T1YPLKMpp;Cp}D!YzK&0E z=>#iv*1x(d+Wz);`{Pz-H3%5!u7C{}#NX!^VQVacvkpQW%f+pPVmIzAvuEqX%1sP< zxz|+WJsAS=c;T2_u1WfY-^|}9!NXq%jk6k~88}Q`@z;!RkbL6tc7a~Bw%*x4R-Za( zFZ+lNx4mN281?0xfnnNCanYRb?VqDxjn~{tXI+K&)`q!o^Zx*6|GaD0p8iCn{`a#M{NObsHo6YIMj+nTcL;iIT3_9tL9XwuG*rVXMbB*Y0hMm+ zuZv0wD#>4+$rBbaFwJhWrF=UWj0?uzm^34FQ+0!GLOEH$2vw zE3xgufL!8ceHFDv2zH0X$jfI5jh2TaO@)&!g3ihVXf|Ka)E*51)UZL*i`4AC`=ce- zL}X#4;Z0uXqYJ3s3XLX+Qi1U9*=uv5W*{Np#Hq^ zqmIKfm5OL*<2MV)g8IGlACjI4I}mqIh4TRfmQk{Buy5G-`%&$P#yF?4?k0JD=4@1K zxTL)7Ni?lfV=J28Dl|Y^(xM#ICbH3G0L7^nRW&8PGZF5}%Rq}xOqMaLvzl{&!YZ)0 zvpXTw#9{-DI_UnlrqAo|8j_$Ai$@Reg)}9ulr34H@?_JN6`)=GjT<$J9ze9O{(U!? zq6T^~Va~~wkZ5)*0$qsCLgQ@Y`ndqis1!?T4~*uGOAQr-NzE&;7m70#$)Pl)Q(kUq zqB!Ca?o#R^ON9G%2y~}?!Icx*o|ifG6Vy{Ci<~Rw*m>{}?kauzU4Wfk5kugtbU!Zc zP*lZ~#+b88Ej8TO($o;)2%9oENy@`2M6&@!hiyHWIpc5fpg75K-bAXPe{OCEH|QSHuOHJ@VPu9?x3*J5y-Hh>NnVrvyc&k;)aFhXd*px&sPz z#5}v7{kwf};0S=Hx5zZT7+QNswdLr(9b>J=8c-fP-UoahiWJdqI-LCpGUhC491#0m zE&vOtF=l?Ipas)ovulm@)E>x#7Mz^q?=X^SOTuDK>ZYZ{;-YC?;pL14(YZh16^?5C zAM*BZ2m!GD_N0L|JbwGR=fp%=m1Toc$h-cbmwBKJoI*P}EFU6UYDel>Z782S_K~Xm z)B6t4xB3_qN2)9ElBoloo14E6h_c*fx!pTSbCUHJ*??i3Dq-q*tG8V$o;`89?)~`l zoz%d!G&Z_!>FdyOXV!7~_kr)2X~@<$jFolNU)xsGW2r{(TmN`Hu7c|)CRFFZ=pbFF7}m;M&MTnM%VNIYsM^f1pqokkq6 zKm3`UR+DJ8K0=g>s?XXP(MZvlwu?h3$&}|WW_#^y3=AIHT&fr?)amPSvU`>1DhdtD zJmwW~Sy)MK+svkWP&Xrc;9ojfS5^9Ck0qdQB!|TnX!SqG?D0HxW24kST#2)jlYz0k zoWqAKG}@`SQyF8~b5fO1$)j3nm0D zaJYv`FHL$&AC#&n?L- zva-cEAX`SVm}*Mh1GOE5Pc~-q8?Zu+nyKzu>by%BuO}k7thW)O;7~`oc7VHOH>)*& zLKyTB(Yt{K0;flQv(jHhpS1;+x;L|UngO&PF~+v}f*j5!?F%_S+mu8gNcFsYiQQqy z-I*{YZQeXl%;|uCg@p}O_^@j-B?;b072R~tz(xteOya_??_%LM;JA_rmx=rv^hz0t z|I-VAQ;ZE4r3Bkr>ek~I!A{;m(~3--q%gKqC2K1?H|J{b)e&xh{-)BJvax}O{FStK z2tISi?TWg-Vj>D^G^U!QvsNy3-pQ5t>X0Q{pn?5eWXhlYeP2OwPW1Mgb?22iy8y0} zvWg;4U4xddm?+w6PnmEKzr5`1m$+$WG4d^bDGm|4zdV?ouW-#`to^MroXkzgNL(QN znxIk_2hrw6*1pL0ZfJkw*OQKeJ^L&96e-H!*2kCm@IYns=0}tqx)(X zhyUA$KOCR9{rN=?>np6e%f#gP+PebLSVyaN;Mf0!KwVwtKRjZcND>qv0po&NZU^nW zi%M6wTv|M2)(0aT+5ULdCT*Fa#_rD0X_D05`h)(B59+`RCcPhDvFLH1Ua~@HEc1hU z5jit?{=g;e~47o!jVe=I> zYm^YER6V|t3FPv9mx4+ZPX78M-S**tQQYF0IDC~TI@N<~q2}}YX;!KOQIJggQ?H`m zc-$XIW=i?|1QZ5KMbP$z<@u1Xv$}MDBgi09K4&f{M@04ac~fG%(wNvHW-J!oLE2F~ z^7nu~w`NFzx#gJER3w0;ob#Zn9IqSc>Wp-)b^!vQLNdk9GCaQgjp=1;>oM8`uxYMI zB|VfPKLrVQb>$6KOF_zdbI9;L~ z`T6T!#(_zQO^#QV44Fx1JyY;AOqv%_?M<@!bu~tF%_4GqW35`R!Yd4hiWb*5pGoS&4rp|4wVW-oNV~ zUY>IuN(mGGW2qR>ebl8o$h2KzX&varsxf52h7{%+ACWZxs9##wP+sL6+C?vcM+XHt zJ4YO_B*QdeA7+>lI=J}W=k9lSShaQ>w?-s60}bQw+S0O4B}xHD2WmWKURMulu8DIz zxLx;#f^;?k9LakoKB0EKXFNJi9FZ8Fm>3@)u6FOWYIml=Q0e(3Y=&hkj*>{&TCeZ( z^Yg@V+mKWQm{AC7!??}OlLw7UvXugl4tAmr{x$g=Z7&uMj!Iurs!Kho?KmyM0&m43 z*6Cf(99=jm=eICgr)KFzdz`m*!an;CqD*Z!aex^ z-^wS;0U919fJ#5b$&`RBwv*G_6SDq`mXlHc@6&%C`Cn>CyudgA|BY+TJt@Nd_ax0Z zps=R*-@H!g6SOqFPyau1(*KtO1H!$8|M2x+MA-jd3c!+JNb}2+13RYw6%2@*|C=@- zu`ZSW^F@V*{(lzyzk;FX#o^-d_XK`#PfODRBI!c6ty||kN$blLQ|#wzBceyH!rq(# z->xy{$bVqirgvmJ7j~p49@s+h^Sn$u6|5^#{?#Nk#RC6qX2yr!f)|C4+r`hA-K*CN zO2E#I!jKu~u4Y=~SY4o)`b?c!d?&z!h53T|OAZ}6iXPdF@Uhj6HpldA4<^UG{1-H` zgogOj=F)PBt8A&eb(v1rD4OTo{+r*Qc@GMlN8s(U5ar*)`j;F6(_Wr_ZCxdF>!v*lu zfA+ci*sYl28r9o-sq8cer{kTE(^z4*Uvv|5HDTI5 zR7Zj06wPbSD8n1KD16>8hK`&OYp=Z|qv_?PO!z&UmYPjZK~eCYpMC*WKt-|E+_&wq z4}g(%J+>@esUzj)R!eC)pj{{brpE35wVnFU z$3Bk#=sWoQ0vtD0fV<)-D6*>f*(fN=&r?KEHjLYPFP-6Qr=UpO$Sc%pjHK=(NwFQ`)}9sCQWtca{t@-mQMurhmoA%_xy)mBv%dJ%E%i1zqXee1vzZpB zDQ>*o`cl2mFcLoIz865@5~$o$sxE+To-3QVc3Mop!nT=dNkgo@BV^&#-c)_FaQ=lVgC>X1zu;)p!P9M##g?e_n ziQdH^O-=~Pmy#-{8+i#(K@Wovhts|APCzWE21v!I5SrDJ@sHngLzKC1Sus?160j`% zrD4k8$q7S3vyYpNLd-fpghqdnxB)C^>J?TOn6_O4mhLX0IX?~` ztfvNQqW^8FeN6uccdAd$YJ~TU*aN*M)FJ4ja0m(zmcJccb`)HFE2-`#IYY z&i9i9pOAyp^b3CHOBc6hUA)+eOtuBD=R>qb0{xzY?Xg zb6#TMX7Ts}fj`t?1-ro!S9UPTCAV?BC(cj{haQMk68fG%M9p!Dj1K0I;fzjoDz@#0 zfcpLA0T1MQ&JLf|cXG7Oz~bVMg0>awh_W``djEFBY^2+fOe6s6V!DgG#Rg$!GCBLoEKrTIBtHvmP zsWAORGPwEujOgDN%5wf1q$_@yvQkUIYWU zshh7$t&qR;^{3;#_nlfV;16qrj5nWs(z5&^>for{Cx7wD#3N}oT1}9B$c!AgmusVq>bJxM~YGb0eM4O1X4wfHb_N{Nq_{4~OmFt7%0r_qJ;yuP%T* z%?r;bI#!yFm#7G&k+|1+b@*BVf5)Cq;K3aNB4FhEkAaMI3AOtJJDRA^mmM0Ps@+s} zRKMdOk}y<$!|K$pOqM)h3n-k3w>hH5NU^Xy15I$0L|$Fa!>yg~>mEvZ zwo;T9a?iALRgm)0SnFF}f8vU<6Um6cY@~UQOBZ9wPe_p)Hul_dC zv;5^XQ_Y~HjfeI}-#f2=-$6Rq>i;fQUHW%9h6UM%__*XmKb5p|_GYRe%k6$ui=2z$ z*zPiKinAE1T3+bjQDzBEvM8os--00~{*KV#2fB02l40C~unlS1A-2oz>|_4dZeEfy zY5UmTJsZOvayJ>aBMYwf(C4RoCW2N_FfPAz-@YF4x?B@gv7x1=CZUvgm3Q3Z<49y< z^%t~pim_%`jbOM(rS;yjBa*ks*&MYxoumlYQ-mLKSUGN7??A|{{^L$ zcpQ$6F^+8KjZqacs8zmdm@iT;f5ku`xy$~Cp=j4ZlcYWFQ>4e#LMO-Ngv)cEIxPgQ zcWko~Jdsudd??o}0qCiLK>0}g$JRn!Omem@3!jFb;jEBp)O}PTfO1l$~fXI+?4&>Q=FL~RZ>}j`c6e2 zs_@))x8*%HxNz$yL#wZBTInzuZfH6jI~Sela6if@kC z--48RugUO1Twb>Ki@s4>)Awc13_s4JOU<42({GX1bR>Y6`E3ik(=^5rAgqxV!rKPyc-yMn5%H|8Skj z`qniU!J7f`4;|eUz8GE3UAZp#DfxU~zDOS&%GbI@5P>?l)`qbW!}+R_gSFUFtzOj6fjE4b8IIU#!UwgDM@v1h!yxWve_P3<|cgIm(E%dYCVGR7?N328)4^;6J4n0#Z7I4%Cf4*R!ru*tf0v=)# zr7!GR&&BS4f@O4Hx#>?%On*PrQyFT1I*Ug#>>w7@3V(-Td50fiB?Wad9V`3Je#pk8 zX?^(g8=?G&(Rv<@quf4adH=uRvK(@@j_mXx}X6JqFhOGjGC!B%gYp@3(eozIq%xmX9{M@W6=jMB<|u zo0RP;$Er*|!3OTh;`183q9rz-NY*0z-PfNQgStgO*dKhrj;Os>jm889i=nwCc`}r) zY5Se7h|`;$t;Mz?3XCLCp^ZgsTO3J@LOfoOLmc1>+NU! z0p^17QRh9v5@uD!Qtml?Gq?ipRsj%mgt3uaGTPjv?dWv8#9~*(-i?vs8G@s;WyfA) zY#ylox_R@)>$03#`|ZkaE$3CeLD zc}y_vFu#1;_uAt+RO%bxboHS`vi7;AR|7kI8n&TArSd6l;r}J_MTgT3-Ld`BE8G3S z%p#rY`R>;Zim#HLkua7Yno0J-p~5efifn(Q|5le0hCgo0B8%>0X_O}cnjPL!@7iv?YLFO1!G6-b(j7y& z*b*l2C^kN^ZOOa<=GjVz)HWKc#a^<_mwAMfW;rKdKm7`O_V+Qeb66rlnEKWC>~95= z``|AESwucX-unr|80`-6#zZp?YJK%qC2ZG;PCwF3*F636Ya%ye9dHR<>inVgLg!x! zoLdz{S_RQa{E8E@A32MpT)Pehr#C*7Sse92S+$HCiE*UhMY8yx9DB{GB54Tno39E| z(s(OOW)vs#Zf}Sr;ZNO7ij2S%*y?4uEuk|ajorSv;`w55|BcR$alC(;@U+k3(=RDQhBjtfP`!%Hz?U9aHm#Trr#TIx+nA5|xl5xX3gmlhA} zKQK5*zg}A8#N<{T_3a_YC z4u9Yb&B|&%l5k;(_H`-omfz#`p~2y4BTik=d@ZQS%e7#nP%N{BQxGBJvq@u=wM>6)7leiXOtyu+cUaF?K2$|m$fTB>4@x4W28 zr3hcd@n|5=lV1~-)et{}QRj>^-g>rrhp^P4cNtuPFT}tmB4W|;+mZrw6gBWd`LWul zcQ>`8@3Z6;4}Z|H;{07jU&-Ay%Zy?A)L8*fb7P(fEHEK#GPY_A@y7oY{s!_}ZgXwT zdx}Ux^!+SKq-62E`)utz0M(K{y0B}aKApUFBV@$l;c|r=eeLtwm}+nta^?de4;1PW|!;aDIKY!jI}uu@H$~Jx<&;^s;P;eDDHqhkhm3;K8{KpN);!AN&(OWX9`ji>K>0HvBW<4zPPeT^AZ$7Ms0;spq@86z zRA0aERZ2tz0qO2Wx;uyNE+vPQZV-^}MmmOW7(iO2L2BqBrMp3zyZ_I5o^#K6abMln z8)mKjTWhcQetzMwK5Y;q$P^kufEH;GgB9kqLj`<_W+2RwcZ=dg+pUm<0!?$HS%sL) zM6*OoUq=bIj+vm~5L(J|+J$#CqfBJJbvX-miY`2XNE}wwk`#bgcAULTz$LS$+9#C>b3RhDsQpg0lxkX5aJLiMwB;i-(?BSu}c2}U~e9SG>U?O$H zPSYQe;*h4x+>VfAz~c_`?-zde&pkyGCZDb7F`M+wSbS;|-$++|rW7)yZnkO(p&hAL zpXQ8A;->OWDGbt7)r?WDm%)1{o-$LP&Mo60Gie^eLJ*X8BgGbdjem{CmQ;_6Sk zOZh=dca2ZWq7mt`(PebhuCTs*$l}`Ou1+K_W}erA;pd3!RCZih0Gx>Eh!+TDydli3mBkv{xv z|B<@xk1l(GuDe?5Oh!CAv|5TzCgsEO<~;osy|+?^kfdEuc}hbcG1?nGx#D5Q)ukBi z5N~Rh5?FqfDqcgwzFKoXEusO7l;2k-?88^lok$Dl8cpr--Q$A1$>XHBohk^V9@OJj8zDE}Nce7M2y3?z+THQa5lf3MGsCdrWz zk?!i-;Jecmy!T;LO>ZC(iW%TB6@=!M<;~HTUGJ`L+4{zrwSN>V-lap?d-mm#-MDD_ z)g9Or3V9zlXOUGjLb`Wa%Y@;zuVVdoch17mF!!a8cw4inZXuQGX?@M2?qjeY92taQ z1-O2dvTOA3T(Ut%%&0v#O`XT*H%?s=_ry7-r2h8E1}U!q|7oJk}eJXj2~6W4q^*AhYrqXbGv!1ccgn@MNB_JWo|aQ{yF+PA%YqzjCuTCBX2duV zSE1q{?8rbKQE(nT0JXo!fCNM9+8Rda%T7l!}wz#}nL_P;5?O%fMG@ZV(P-+{4dD!UzY!Oum1De`p0oMI5-_u!Wx3+bs#s$lDFf#)<*bI}qpgQos@dUyY2gNhiNRMK!;xTmmhO}6*2S15S(lHZ{MV_A+xZcuSl zCe$~~@m3QS*=uH-A%52;h>AWvhlFwelXKbPAK#I$WI;o^T!b;QW_kfrR%A0IG5YZ4 zW(?7z2oN`et(<0^8IK2N-iOC{HL^9Do<%wHQG0Nf-N0Ie9 za6W@#dt}A93QSvNyp6J(BRMLJ>s*`^Rr@Td6O9F3K>5cHFMbMtf1Q<(glbDyLiBPZ?}h z|1m9b4}t>~kISO6C^p~PruRso;p5zT0n$!%X?c^v1&V1cNZAd9q)Z!9l)(bXaN>wE_12Htn&%FFwIws@ zOna0dZsWl+PHNqCu4C5q zYsynQyO#f~>Ym*SCn398=`rTk;&QJ1%CG{3nHOcade!V8o9V{>MtV28 zyXB%twFTmdqjE+pj}W9D#9~uD`_%c0AaZ^=^-S{jRV|&g1GDkT9Huv!)bGQ75i6_i zC-NvsT@yQb*~pENmS@X7#B=>blLQH52lYBGT@cUO``=y#Lj3NEM3ySt1=%gZ`yy401uub#N4W0&nO|CCs|=OZP3NAKQ+J(JDKLRj%Lxft(L z*kwskgG0Lnor3o0gzVssJU+nJhMb_fLLz2VfAAZjy4&P*&L@SmATurSLVfOh5&icn z897jfzb0P^))?WRm9Y1FQ0u{!D~jaN3jpMv z9c05YNp)C{V$D$9r!}b-av*<3T}&s5jBepUJVjn>QNaSOCKb+r7A)% z5=TYMGI9yn3*Jq$A?r|dH%o9`|4k8-G2<&-V7&J<&d>fUc#fy!|A*U$(yOp`|aW}^uKRKZcCKK~1=6xMbZ#Ef!4R(_GL*ekPS02<;;}(dV+XM2gR0iQ1E^0|!2$QFo=O zh>58ZuC5I~TmU@5O7mV|ZnyQ9b28Gt?PM^IVnx@jPer8o1mUrT4(RRXD##qVUfHz#y|Dw^+& z6_9GBb5PsMji1CP3+!t3w9X7^0A3u`^!N=CdKqbV`j_On0nerzKj&6g=45Nu$$P7i zOWwKsWmpg_vnIO3`m1wFg5d>B94ZW%O4*5WHAJ~&1^Od3+Uvk+DqGG=Vc^`WU zoYYZj$0sr|1$q}Aozs_>dG)FJ-7$FI*%2K`IQf3XPfRW6p#*O*Cu$d;tU1MeC{e0g z>Pn08ZZ5WRsXr74B4Ng8(l@1!Ua@@U`V5|X&F?I1 zpQSx&gFjDvmlujp+nZJ_EsAgr0YvHI602!M)NlrY;DNH-zLK8GS^a6skl&{5iMfiJ zi0iVsTtC%31ILPW!I5sPQL+~(N3fh}mZK>ZG6Dg*ombU_4Q%|PJR2CrbR}kRUAbAx zrt}OtP1o6oAHv0P^82t zCP=U-Iud+FFb`d3i5~Gvv~axD_X@|^!IpGTB9Eo)=)oL0Zc+SM9scALctoX9`lnBK z6292M`5uIjCJ)0pyza}jOXNDgpzFGQaJhS4<)IS9=^`K*mJ%Dr>TlC_&)$`mBxn}EU`M^*WxW2{z+b5@b4QDwjYJ}37-HVqDi z^qEzv7f&#Qza9GiUCw>FT=wvhNrC7TNH#Oy(bAN3YW|i^rqI4qFEC5(*qZu4rGt}P z&!=Q}SWQE2t<@*}P@taj#uY1^2bZoGn{jp_wHZ+NF+d3Is<5;a-5lkhd{?f8C7!h! zGQWS77SM|;yhUap6-529z@FibVc?Ja#>|^0x(btcI*BO>Mb@sqA0MeH`?n``_DqAn zY@zs{7ug={!lIlaO2}@z_@r#};ZLRk-LgWxI!a0WxKg?2i{Z=toofu!!TV3-Bab%& zgUMlhb{fFGh{Wp0BhBeL@5SND6N1sTsrz_d;n;O|ei}Q#tF!t*kWOMMx%i<#zUaph zQn5s^ckqNNg_w{=?+#Ug7%_Ee@q*}HaIpWi#iC(+XMBxF|6_v&DNo;EyvWHQ^hrv? z&V7EtgFxdoaGVGf#ugp?iI{Ze*}jLEQMTOi_}FoD_X8q1r)=mvi{BdfYYm4e{9Q)^ zzt2dC<704aSqtcT#>wy7?aqAL{j|C2$xNk(v&c=MPr^U`aP7=Y-nm4$({FZ1vty?t z5;B`b`Chv+BvNa+(5h(Jy_3D)s@*$K=7FzEQHQPz`Pa-^oBM2&p#r*iuuiTLf%m}Y zk=mo|Q51WD!IZ_SScfEEU<}H}mL_$#G;YjRT z`u7_H_|r-NIdGvV@zlLxc3ZRlKJ_ln>4*HEFMKB)NnAxxs zUQ*RUlXRngiW!`LAPo$HyoKY%57IY*gJze)KTgWZVZEbCJPCF|xZLtdX z_q7&#su*qSm7Jy*O@aPfKte=HaP~%U=3gDa{qr$BJ}uYxe5mVTBtZ0sLZ|OwhQHta z5m0I4Vl*vRxHZ59zpF$t4PCadPB(cB`r}^WpFX+FFEq%ih}>fg$I(Ausyts3wA`)$ z7uCBJA3Kv~Hh4PCf*Y7D<^x+RiSHADl?T+GH=k57Wq1Lz8geN^^uE5ECXMn9g4gn-MVlZ{Z zVrdnc!R~*latOp5oA^Dhln9t;q*wd(X&yZ(J&gS(7(ZwLTOJ0r^Bd}eGFzPvny1Io z(`RmdHl9l%b^dn(t99P5Mk1j-grL~Ska6d$v!HF)zScg>*Kn*u0kJ}BhxsPEKR-yut ztl%&@f|EGSzRf- zLt(2faESdG$tzA+I|)dJ0cW`MX!@J_bjucSJMx-B#ZB5Q0eW8|uirCMTKc%X=qTdj zN;EPY@+#3X@E}h2;Sf<&Pzy#_4x|e{@w=j-9kuv_B@bW5_@4JTbFxz3fS?=?4K4Tk zTM~EO#Oq)>f7$g<=A|aicLuu5a-yt=Lg<^ucd(h z^oO1~vd4iqrA?eL0`a=nV8rAzU%5?do{QJL^+MiXj-=sKE^5q zTu?w$0W}5(2jA>CCCwfz(v}?g;5Ehx2DsEp#|Hmhe-mq zl1(OZcPRU8ESL(JRpf7w zWGfIqifeu1W`YIGc?+6QOZG%}Ox1hq6OPcSoTt$m{J1z@SVgB_dOtMeg0I~s=l9^s zhRJJg440a`DV=pd8Xt3n6PgzNA3Ab13ce8wUVtKS%!iKhFJA z^Ytyg%xB41mny)^UL0~BM7r~UrlxYzxmcLj#zPAqfhA7zF(*u!Yy-1Nj05iqTSX*| zIbPMAGD(3~xzSB2;q=CiQvAf@+@d>Os`G7B&Q?t6Hv@DsdHs*6UnciTBKF$P>|FIu z`<)Ll--;?1*=DZkf_j)@ky8PJ*puPeI4Q-I^_=fBhqm{c2VC@o3B|%X{o`Yq5(X_f+(#0% zgCN-fjSGgiTko3&JBqr94~cc{-^R~<10dh!7_sP$^M{e)6QWodaOUBW#4CFHc_XNy^^o zRxvWZr(_JGgg-`7PcB$gQh(2gnNWEXNlYuPhZXay;oCMH4R>Jx@!UHq@K`-Hm>^O0 z1I6(~?r4812dLOZ1u|91I8|gLlSDm9mY1Z=JiEK(Cikl-4zlMp#z_x98KVVzV>HG! zvBed4h$KS;rlQ&}GN>7+@-w9H-Z6+3f6LI-C@w+L!-@8ZaaF>R=9iZX6p^XkVOeM| zZM6d~>ChLbFefIu-2#n5GaaQ#y}WRz#0u1cb&uqW-bK0WVheFqTY~i(28r*=FR^B% z)S~M0*wHHNbl=rwpUCyS zvnq{|CQ(z5RwI+VPd**d#yQY)k2!L}$ES@_9fbC~l=B;i@O_-6&F43dRPtn^TjT|V z5R6B}*&@6N4jiTyZ7C*y+zG^4Le z>`fBaq5ZFb40zJ3bKl+3vASrz|f(&Y}SAj zf6$IFOVQE;c-&r!c^1J!9*CMSGfQ&EN*?wuWnpE|e-MKirdU&FX(-%jp6Og!xs0@g zbLxZM3mc~<$r;a%R6XAP?HhTSsG(m?0u)&(EqI*K`*7s36Av_d-!e*EPH{H*n!~=TWOTU`@`4OAc<5q@~sfXu$hbmyv^jKJ2y8CQq%^gq|EC zM=eN3C*34XYgF`?$2I-Fmr)_Ml}VjXSJQ1P(^N8ZEEn{+=%ST4AxpGyT|8y50nJ~TzMavV=f!mweY5s5$q}8dWE$&hEw6e65}vN+NcZ#@{+>M)_hAM z;gvj96V0nAAp697)Yk73nA8+D6HEuW<=r}@EjEgMS{h1er7UtQZv8`}Xbo*|-4B1S z@;KOGdvLr{erPUxEavQy!1HOC{u5I$P(z< z5!%_fH~Zo;5-(G}6w6=y_~RucA^K~cX4CI5Sq6RYo+K-*I9o3@oJrc>d*z3#_^_bX zMi0pqy#Agoj#7)1kd}1Ik)-PrsZ1DFopysW z=O-oq)2Ixbuj%6PF}&L3F>gnjDXQ|m4^wwO`j?O^X*jr(S209My-F>gKC=@k-NW)4 zm1QBU#nQBZ-`n?>s+CB-RBYNwiTeoYSlN-;nH2`lR`2jO59Cn}FscwbRqa6XLJSDj zkuAHa)|8A!4C4E32{E*gWTh^J%yB@Nqh2EfswRO@)8CrmMhq`iQi*1GAl=M0d+3I_ zh^Jp->|nr>K8K^J;l(P|;8J z1oG8#a~9-8if)0-SdcFWEr^fN5b;l$LZ_WxhXd`@Q-AsTQOrQ=muJ)0l@--}F@2Cy zr5K@cP`2h#LI~G(!>WDAMAI(F)(pNi**vq%4i-ybTtNbRt&P&V+0zUiM&J6f(;p=D zCTSymr($^NI>SL{)hYx=ZOFb=nJKpWIGap6GdFz;BA|$2ufj_V9o!(KtxRATV+;>B z)hh-|uUD*ykpE*Q9cACAm5skEJ||~|6I0dDoz{$Z#3n<;eD>TYOaHtaPtzwJy41gd zqEBygf}oT*pc{NtPdy|sw>o+ls)Tk#m}?zLk_--0t>JKOsZye86C#8FbNXW)2#m;- zPR$P1PjBZ%rQD|oRw=~PbmgVBj{-IvN;nUBj43=@8gDqqy~yoa@OgPSg|*^>8ucf_ z8ynQ5ck5DDLkr{)peS2nMJr)kh!bw``(>Mk5Q_M!OdJN0-82`>Q4aI3VfcKG@dD^y zvslP^#pyD3^a7!X5goB&^Fdr)1+P2Ud^IVKeg)VKMK!sp=%Y-@_!Z~++qVQ<>$tY$ zZG&7FI3Niiot`-?=aNnJt=FtdkfT05`4~0Zh@_Zlyl^ zL>tk5*2owywLfC;$;!AuTU;p2q~B#u6>nHQuHKFnVn0>ovN37)%UTZ1`y$5x4ScVY z@op*9jL9#*nrxmFlAtsmmexO0Nem>r+R%zdR;srb+5r#bP1)zlA)lM*T&B31?`~awG^A6&2xNO zgp7%SkhXZ4tuMI**$6?nu>&XOx4zQj_~P)%=OvB;zj|~zs_!`_vEBtc zI=DrCr`!h+H9bw|11}GJnD;K>QfL53sE8KP4^? zT~NE_Pjk>jT!~e^U2(=)onNsi&%`CQc3+qa7J;H=V@eGgBW!fnZy$(zN0M%o zS*NLE8xvK}wwahP`_3Ay@jRQ}y-NGzrG8VE9<1v14o_4or_f>=n|Yj;V)#vwRB)h8 zaomABMa-b~ITA7g7;y@BX}`%aY{!xWdNNWgsI`w2Huy^ML& zYA6aMmr7tAKdNdH@)nOC;-yufXo{G=aEb~9U053UQh;uW; zaeiS^jf6?%>{Ps+mgBSRAb#nnL|i83dDc=>`Oi2u(R(F z8md}p@-QKWI+_p*s{9F_p$h!Pvh}R8RTxYp0G`qWb6qPrG39qzW8xEdA-CA}cYVdF zk#DaMPo(YC``)Qcl^OSbKfgsLaT76Qz1%YARTn}UP;g4j<`YqPlf9hFU!l3SIFgPp zeRtZ7tu z?KDx?pR`0NRQG+-Rl`JN@4Di=*+u=Pl|Niii;%W2LAZ4D$sii&8w?Dv|9{*VKw$60sKfQWi$6Cr&##(xg30{Zdo%ED+&%mHW-&T`Q2qry(8bZS2P1D0dpAaFXB_GNyUIB!%C z1qtl)*SOt#Xol8m&{I<1e9-|aE)Fz#%-Uj*qnwry1f5d&drTtWis87G>vzs944(de z9kTe&BE46Mcplb#J-OkAf7CG$hkxT+Sd2j3ak0n)Im-9TM@9tu)U+DputLzg3>P|y z>`mjh9lToOc{H8(FewQo;Q3Q)%l)A{V&v%Tqi)6MY>*j4l?;}Jt{k#a=b|Gohu~ra zQNOff^LM@h(eAorIFO@dpR+Nr2V+}2&vgCGIXOP?lh+U5+nTR|gjXTZPw_p?$7(W? z@&>Ow!4*U~xo_XVj5`9Jn*_T;XOp%i^i{n6;QZVn5`$Ce9>^cq2z(*#w9yd~LFPqy z1NK?|$%O|CUDEmpWD_EWB(SJ>fHx%In1c&NJOw21R_xy)Tm!=@W~$d>)1Jd_Bu>D&lQ7^{+*><{gB@_AfD?!o37K z);}}j$0l-dOFT~&NBS3Npya=11wStH)~bRqz_I#wa}7(Pw#>x{#xw#&}4V3XslUflIK(49v>p*I#oA0guY_>D`&Z5 z|LhyIjED^*dJ-8848aYvML4Yvg+mc8*gG2TxUu4!toVuTzr%1}K3ybP9f61@^@%kG zlygPy*Wo(Bf2vX>qrQ1;u^vn42iTpmauBM+*|NLGY%mJO%2VxQauOWFdFBJ@I-LMUQOrJ!HW_wZQ`8G*Bj?VEcL#rs z<}sCXnL-JFxLy87Pe(MpRXAF}Lo>={K)$_BWs^1it7f5MFtdjk=Z_e2drTP!d24(Ve_=K; zc_BI>EGOXUINPZv{d&9W@y}e>(-lzB*m6-=Rnd+oqj{ChUZMi{>#{7rjLAy$aTd2Q z!dki**9gM0%fK?T=SR`5Tl8+|M#bvs-W5ysm$BbJ;(5%^KV?qFW2^`?il6_SQUfz7 zp~N4snk5l8tpiZ(qH(KBJUQHXz(CPf6%ZJP=W zdcvZ^rX!UT9&sxSIIH%vEWdt-p3)1WP7P;R5|@DlK9%gTq9=t$nC=h=PZY2p@On{* zi?B+l;AJ&xWOx%(*nf?7Pkb!_?`gAAMV0|$3}nJqsKaG8F#^B_mDHXQzv5ZQLx10g z7om3}e!uC)oGE@SH8=u3?;$!1@(A*-CSZfS{#Z2FfZ8!VTXc=~Q)=)#mDC8FMOd35 z)+#86#on(rO`HZjmIG2XVr>9FefTyg>UVDN<6-mZ@g4yJR9TFUCyU`A?1rwYrqE&A zr78lx0OTxE4u{jt&Jrh}+9;L6{sRO8zQ53$b?0%h(i!^LLDRVA)Z z3iKYwLQ4v!NBc8Jzu+w$QH73LPwfw@r)x$T%-x{M{0q-q%cvI?(g{*dO{|cgZ1|z^ zkoehn*I;z<># z8zY{@v|=G<YWxHr?yklbYvlFRgr~BMRVkn3zgQDr-IJ#@iHq ze;UB)ANhR6nq;wqz;D>UVv$jMYljgSvr9pvr8Tq0w6TS4aEr@m&yd2;M8xf*KSHuQ z8(0fTT0M3?wmVel!s&3c{mzF@o`MGhNWX0W<=#mGnSR*>=QYx;5)*$fdz#}Zq$qk! z5z5`F2&&d(k-PZfX~y)1yc7-a_oLnQrO0V3c|iZ9TX z!wpJ{+T_DlLBjUco1hUTt+J~)s{(d0tU?O1c7!h$%PXp6Rc=K_fg@Z_YbB0rX{-Lv zb1Evi($Lf5Pd0Cgzo546oYt9Hjk6l->$Xb%dS)|THtxBafrD!&9@mY6v4E#$;66EzjnTWHeuh?`Rf|eF7MEv8Mlw=NS7k(A> zG3itTGP|WIMmrz38(#>c%iZPrFP3lI^0td_6p5_l4cs9VMG2>YTYnUfMg0DZ7w$8zWzlL%PY&!7a+YIn~2E}XrJT(C$K07 z#h|MUTXx+q2R!Up;raVq?sj9p*wrj684&ls5#VOO3GCX z-Qw4b8AKPKKRH`^>B`RzmkP=Em837WEZ2lUi_yRbQ6AiddN0)uLW_huU*12TWIT>N z-|dxjJ?^)$y|}ikXX5!FuG!{hb<)IV|Cavfh*hpo4csn-8ZUl{<+aBBwNyVi5jVnm z)>{rd070ch+_fRD?(hMkMpq(nNqKR z6A!(Z-g>)99X|5mh0Gr#IU@Q(ihMm!+aa>h^Rs)OK?s^P5O()VT#Fv2cl&E z+nSz_jCYhIZ;Z3Ip^%Q}BfYV&-+r$Xb)#dr$!HPR*M_b=tb$X96vdAq8%K}zXbvXw z^}F`G$y;iCJ|;KOQ!Hmit*GLNEAoouNK#~(VR0-9bc`_6<%}|{QPa$Lm)Tl!{w|e1 z{v3OaB~$Xzqve*shudyO8LCgmXzO+FI70mYKcAr1NpBV)099%$p*Td!;nGnB9A3Bhp%|8&t@Qr`oi_#6&^1 zW`j`mrd|)i8@)riO-oH6Y(LL)=j`VTd`cuot&>?GWF`NbmrA4NSLKr5z`0lROgw()L7v83&Ea>6X%W#z4xR`A(XNxIE zwH-2#Y-3YU$xQPag5+99h=~fx=Rqzi08qtlDA%OCL7^S)bfmqUq?-kVRgP)Uw@m6f zaPSsezX1)F9F7JK{sc{;GkN+0i|O&ZX?g!D946GIrAo9&GF~QHvv4fM#0`3QQRLjR z9*h;iuRx!o6_31zt@Uo*S;oAZ`HWKPLlN=X2e$CuoRk^oBEu?nifnvwP5IR70P2^K zSjs-45u2de`gIU=UcCh_cO$KK$px2H!W1Q@7ozsj<&l+y?~OiKXS#(^vO>p=_pvi! zCGk_oqAjAc$=9Ff+;;-V3<9~3C|FRvVwkih$PuqT8#YJ`N)*tpGlAcLlbl(UDXK~l z15>15Ipe^jrjwDcdXYZp=k%|V;-cDEn^?-Nos0b=P#T!b9=bK5ehSWLsxSnP`?;Fg zn*7=e5!`8NI`KN*wr1HwTnjsFFWsTYQH}UQ_yKQ zxEpLpOKl1VdyvJJu^mmwj} zokdlcR7>{K#x=GLUha$66(WD5Lw2*U25sVaXAleb}8T!2jjhh3qhDGd>m{AHhZq&TmBamSm z0+t}%a?2^GvcB}FEJ6!^X=IYBcGRQ{ZW#AoEjZ(w>1?>5X?*;4KV-oQif#*UG6E)d zXVgSO3j3NE8`ycjUN5zWU}XRGed+PaGb@GA&!Un5ENX{}S)mt}mOXTFbrz z=!gF@cuj5M>IEXslvrdrNKQ3LJ(w?gNM=ij!7@`#70;&kZ^{5Ky5@_}>AWGd_n2T! zWy6UNdS73o(~*Pv&S=SRrN*4?rKdZI9)S4gW zL>|HGt}%{k{_C8jy^%L=n!GTdg#wqlg1+@*#44FBy#SV>ZsHj_I}WW&YdKNzHbV6W z8Uhq#eiNVhZ)%i)UU#AIM+E3&8R(*CZ3mqCizye@emZd3Tv_C^KVf)jV@697VWnn; z_Bu~D$8C;XQ{WfGXT@e9eQRtXc~X39;)uWjG(~2yYay`TuhX{(@8wX2qTj;muK2#i z*AysHOCg#>QTJ?;(DF-;5x#MY?IRPR*)E&byHMO& zB0ak2ha^0O7%hWEf9eCtBpsH($aMw~{ zV|-h+pa|qK!4UEnSPrz&2>+!aL?A9~H}{IBB;2RW8+tWJl+%oF3lmkiWD~}&bv17l z>2dY@lC{6{5Iq+)yq~XS-&3mb=TbmmOIJ>?X*zTA-Ljx7u5zWFr^84@Q{)upRMVQ0 z&-oVp{JF5nBkyp@k@eg+?O^W$;Tj4KUht?zYd#sOq+x{w;Ty)-*Q3pNSV_~bF?T*r zZ~qSV=akNs0;KUjE#qQZcKZQ4zTTNWJq1zd0);3U2>eCLHB)r*zfs?Ig7P z>L-{|g`@0VEl{5}sm%U3?)v*nJeYgpq;k%~pJ6e!KYe|IerE7xg|$dDu%MkPt{r>E z49R{&fDIKP=Y#^^O`iww_%UI(X~oFSsop5R#(*$#scb9_*EKNhw_64h&g9^0Z~x|M zFK$3Qlk<^ZS&9Zcii|3HV5D8V=`mwkHvxNNeJ+0L@bp%shZbLcfzt-sa#TFnp+Z-5 zXm}IfuI)|Q^sgQf$*KO-;ARm+t*PrXAF?9% zHI8D+wBySi#WwFTH?+4TVzFotmg^4*GMM&s51lJ!%{eD*Tt~mtc?~=$><5Zu1EGyX zId~$so1z}%4bE?1C7p*;-`$_vf{!6Sxa;09p0pS&L7h2hjO#BLsp!-0u(HwcpOA{3 zB?;nxw8ld#(*UwgXcC)Ai@Vt*x}^t_$Dz>u|W%r^vFhS3x|`Cs^I>L}CATtBBX( z)uCRkUXa;Zw{->jd&B+l@9uw71(l5C7TLX=$}nUKiE;!P9tEaksF+93;K1P2j1-9h#g0Jcb(AF<=aOZ&JJ*u_FOL9Yk|nG~=o$K8hHu zHca-|hpo8yO+%MA#+-nEQM>M%3x)Dl|9z_{cze#uU)4U4dN+UW$}0pIm7rw?qmboL zJzv4GHg^!JRt7#Wmva$(S2>vJPHo(ZRMAH z{`6(#>C(ZWk-l_;{0P?Z3BG^mTTdBTj11R-@36o~1s-~yZ!hI@(7ia| zarWzJYd+ClzRlYK2YoE&FDbScRD3yy9PBKp%V0y~gl{Vbhu(S>Vt{#9cd^c&UCboq z1zTz>h6aGvS4fV=npFr`M{aLR+01it=3NV#eVfL6_sw2`t?ov*%{A~4XiV>u<&FWy%EGcf-pU}$VzT@3*lx;B`{Z%Y)y?Ex#dDq> z@ujScEm6ynb0VG%J07g^`8%&RDyWFR$=?*tbCPUOm*8>SN|bZJ4nGgjAxlo(X3Ffy zwwW&}Zs(wlw+v{wSb;gzV6iTqh_0=nk1HJQM%gd>3*A4fXW1!E2+KUB-XJs|STL}GHB!<=^h$Z7ZJ>(BaAsV=kwDQ8*S zpg@7*Hu-#KezRt+`8O-;y?5_>_ujMj*=HZHPF_cIqP%&|qmF}NuI~+ClV@V5-;!8X-n}P) zSshf&$UC$PcphBHA#n@4esy+)vz756GI!g2mS*JLAZy{~^aTy^Y#rgM z9y;T>`97ExPb(LJZELMRN?Evilk=!QjUoE_7lWEV`#}NkC%H4;SEZ=brU#~^=SrGt zSCAZLPP-eCVyi*rD>R@JVFwp zP0@-WZ%nPCKABR^A`Wl`mX{_m*6#zjWy zCvTjjGB^Y8!ucx9qrtkSTGAnB=6X|hs4vPX{6OC3X8NzMZ@(8Y|6`4OEt#7*ArCwfpI$a)GATdRCmtQm)H*M=W?U_~MSCRYc zrl!vDV9zKG&J`8cmHqW1l}%Auu@?%7zhFkZA?R>OjIvaXMQL%YFgvY< zj{}l+BzwPQTYg^Jn2=AE4wN@6N-V7B1bC@3(_y_R?)1jWc=k?EYZRO7qY9cyk@5pn znS%nL!Hh_OB$VJYO}fZ0XCDc*T@@p&?THjzXkijVTtAF88>+!8MnH3WH;rkVMFA=~-ofJ?JG!#wC-yypbdGGs^mD zl!tYQ2HE)KbK@!+u%R4orG040M<}N0ld7w}a?E((wvC;EYeE{lp)53Hj(!ni$m}d{ zIKJP}RTd_nltpECS^odS+~Dy zteQkK^1-$zCO3fpA1weQs>%60>T3o5wJLCQS8s`SW=|0tTP_Zh0Ci%nK~()c$h6VS zzg_#Z@)K}G!^L(UZ)d2@KEy zY3elFZ!i*G17DN8-w{oVRisBsu?|rq8~Z*-*VldsJlksYTm_|0H6uEL$9!9KD3bG-rs5^OYD(iRAi}!b(4Qg9#2%oKvw;^{1cv#ieuf~ z3%}DDXZ&yg;szDNYYO?^fh$d>m6$)j^#g6#OZZ4~+d1(d;rhQ5;8@?V5jCxV1~4!N z7T4hT`oVa5criXk?VNPYJSnc?`2}S6&uAuh8#w5FYaT=8N0)2I-QAo7B*fIi!n4qJx`NCSu^F$}(UDw-tDq znk*wQpgeT#t=?5J*!mQ|zz2L)lrQ~hiZV;}m)gjd zKUFaC9*w}pau4tGc29Ng-&#gIFHJUHTTP1po_CH>i)GpT{VAD)vqDc7RH{Ng6TVw0 z8jOuxEQ*F#b+4&!&syl%ihKZlQUjZ+@dRyrYvw_q+%2sK!{DXz3Pthi4TMNCzHmKb z!dDslacyiOa8%U$$#i&LqirlJ0V1Z2F}5j$E0yGL;#UXIX0A}iuHpl_S-fwB_}(+dF4*H%ps(|NF`;G|z0@e^eHkhd%$I$kf0VV)luTjE~e|B$mX{2+P`Z zv*UU?`&G6m5&BELL`cFjO7^a7VntUgpk|pI4Z}E(Z+ct{KI!aKGs;_z9x2hxNp*w!Hm$v%hYS<_~;1%bP*N*!5Y5?8q~Z2AUx;4esQ+E+sQ^SOy2!`MeJX>W@gR_ z;`vnQK3fKJ>)05E`ciHZsN;O#_?*X_dA)5UjLplhLi3!HNBwNU&vu7qgVB0+5b{p} zI5hoiBB1zs_lyy!c|-&26a*Wsf9_nm*=;EfZ0BDdXQbhdZTVRaA1WeX$ja`6lxS~bQ$(3A1Vi*O%V&%x>&Y@1e7KS>~dyT1i9S@NRAhlhgM(x|89e1%Sx;216} z`hD*R)4h^vT5B{2I7?lP-y11>okaB?Hv}M@{+sFE9iJs9;}y>T*0gKbdESXa@0AZn z)hw%BVVWypq{gfc@PxH>=ZUtg?%!MdT~QIrDh4es47JR=h-Nb&kfVtPM57!+MfZ^n zsO@sV(zG>NRlb>7RjLD-Lrln{NK2fyFd~`j*OT`eHt?k|Tht1NAobSodd^o3cO}Ut z8Q$DDbzrRvExFg0RfP~>h|fHe&$KypbCm2&y+YN1ez zHW?p5`!4Sk-|#}|3k~`QuFbl4_Kus2{H^4Yn8trMqb`ThusXQ1&o>*LaKU zz_QwXmPs;MqB5yT=Lm>HNO{His!aAG9>u861#Ib$sJ9p1fC2x?A?eQ4YBc?8NCM^< zU#x8Wvxz5-9KdTHJf0;CeBLptDs@SOl#Zai_&tM7l8KVuuNxV4hmkX0EsAU3@{Aab z;xdqY)d|B`Rwnc_%lh)6Bb<8a;D7U-aHeLF4#$mTh|!eo@t?N-89nXlKe&2*e|~s( zCk4yqp-Sl-t$I@~;$yq#5C=F?B~cCA`b_yj>{;vmrP`t_JRO+a! z2orqC0PgoV&7bNhA$f7yYtZ~5vkS@$>VmpP>{jglJAdiUGdm<3^oWMVlNG75j)6cymAW;c=sNQ1A>fwTcwEjn>#XnGn!QDhJc ziqQ=93|^;ibfK_#D6=$O7LG=-BsfDyut2%%F>fn)5z%B_m~QvXT0Fc6f`Ag$H)e|& zY4|NPy!ztC2#(RT^u27auRgvVCT02;(Di{Z1~ zB!z8D>R#w!VP3(-epV>f;wY7|nGz!AzxMcN_Lsy~qq`+=CAaYD<}hL*iBYE8+ofUy zURK-tnZ>4~5e|qK3FP+WF%~_9xBDz>DkGRP}IY)UxdYX>sUmWtw#o&?R zah!oKoOkaOmszDDfp73~b{h+%KGkb;4_URcG9TSWW7<63U)&VHQjniD5BEq{=?8M; zZ|S8Q;f6W|!s`_aO)u6ka3SsVi~|xmgF&H&%X88b-Orl@GA5r+ zP=)i=ds2ZV|4E>D5Xk#`<-M|Rp5D+n1JIp;S*>imO?bpw#nSPFJFPZlsLhp&;K`_H&cX9>8W^!93nNjawrExe>hve+m_v-lKLY2{=2g{K^lJy6-~86ig-h3;Yupjp zRUR770R5Th=r3Y4KIF6tAU^2&SgZ~=hQSxVzXcSLaQvV|dP?!P_?d%`mw}9n!Uw5s z-e=om0)63U+kxJ*hUutPo6aEn_aYk8L#sP5yTcdgz3i&fEnavSB~YAd=~YwlbbIx) z;{M@Emb>BL1XQ^-@Wpnq*M_q$miUjiEVypFC^Bs0UGKr+yR_A4KUOl^89Vsvhmo_& zQ!=dDtXIH5`PftDEp=h0%@Umqgl4=vC^T0_OZcl6=peT^4qW*eMC+cnb*}nDE>~*!7&%ZWI-xQ1G@PE)`z6 zzD7kaoHT#q*-geJq!t0&AB0rO*5Cok&Gzwn|D-{vW0VE&yI%aItkOj9Y03SeWgu&> z7t5mj9Y_462n{SADL0kT)F=1pq>#DeS+2gJV(1!+fk*{rj zf1-6|`OTwHnJP?G{VHTr#n8Yg=4&ut7*Z~Q4j))OjTKiCtUbiE1tf zmP=Sr8*ETNQvw_z4IHnWxYu0TTIb*2&Khvxw(T$&_-OJJ$^)!0}S zdBGr$pXjhWcq4?hTulgU25^)m==$#a#KI2)n{kMVcPe$4xN^k~tZ*B9Rue?-Bd|*r z;>-(IFzCpO_sCuRzA*=fqz{5^40cZ?bp^MBYq zcJzhumRUXTy(pRae>*YBl-F-~FrHkh%HeVMCqjP6^H1ih=A?3gaFlB?u7m9{-f0g* zrolC%P!_$GZ`+jG`0`k3RJw>Fc>9u6A~XKeDysIJ$JvCrtQF%`g|Ui}z-a{A ztN0(*w<03ashPM6gbtk?+i+J~s>N{G$ZyEnC|<0O>_!Z4ds!+lpssd0dTGA$NHWYW zUtIa+3**!TMPED}Gz7rKZ~2QIpU|=F+)B=F&BH|Oo+Q7RDy`J5}iIV&+g0X1T^ILcQbulS<8pP#P<54c3EV3^cj1l||9zdhSe(8Tel2 zqpf+`&DpofVD_xaR|vjmt#lvEj@PPS{}=QN#XakeRrvQu9te1O4TDJ%<}y?*!Ls5q z0_n;N(R*FYX(;yKjE&!c^ouf6aGJZ^d?`$Y1xhJe1%HFYdajKN&HrQ)U(Udh=&uB_ zRy)+sDbSnxE31GxfhMCZ^KO;HtQNl<1CqJ&*(DfcQ-=qK=|J)QTcWoUT(#X^l(5Pg5 zh{)p=pbt5mKhD6HG;R&CJRjT0kh*!3iPr*(RitYYCY|jarNu1e)7T|bMK z$Ec`tr7@e965^-c=bZz_C1eoXN$mm`hN zx0s6nnwr3=Is1zL?rUl85bJ&nSKBr7*r~bia%wSrlX?Kpmnr_wzuCF3C@7-MDUJN| zk5NJxS&O;e3c=~Y!zdt6lJnlSGY7b3XA0_5M1VfBO*Y2BB~{*xgeLO3e;vXvcRvc! z@OS(+6<~lIk18IzNQ=9C`I5x7&+i&=^zEh^;Nd~skDR)Me?sYpH%lKTD*B%8=zuBZ z#;^F==iypr$vLOt5fH^ zd|M7%A04Q$utT=lUMH(Y6qWXI?7Tnac@cU4e$wTY!{5Q6_0UhmHHSBPE-y<{=AwWo==s!YFfGMq=dVP!G*!kffmNx` zXWIOX>G#~2i*dNE!I*Fv9;ywDV3xcQk3LX%N~AIukXB!~E9OU$$^u&g(g%xt%Zr>> zRawd4$B3vUL{iln3u1=Ke!TJF&YH$BVD-FKrgFNVn~XKu<$WDJ`PTx1)BiDPagMDR z-prfrIv4%BffRa!30@$n7kCH0d#maEvq33E>DgZ~OYl!d|8Xtd zAdjF&p3XmANhS)PIR3#@Kc$KfH@wF5F-YPrO>(r!<3z-W%-;gIMMbdXxH2B{;&NM= z`Rc_+SgMJ@f@gIw0n{*S1!b-s3Lx|Uk;Z?vOsy5P!ggLzb5%3mog1zcEByf~nM*8m zkKLwBT*0i&?cjUAv9?5U5D6eo2-Wj*pMlrxJpb4MEpb&fv9xm;%TyTP5Judax#Mz| z!WaS3R*p}}ISrU0f{9Wp%-R$t5{;}BNGB6!#PTwCt&fWlz-(Mmg8D@SuzS;8jV{=u z1F0I?=ND6ki zuk1h&4hJOkknFc@TGmKY?>SVx2Xdj4Sq7BqSuFVmO0^jOWpJU&Ll276Wuq*-!2`Dt z*wl_=ia6-P4ocidRSY=OvLf_#D8D+B0SyU&#{aLlMpwG&tVO*tC%%K@N9GQhzA>4x z#-+1HLpXdXPBn!H_w0yFihx9$k)-$)9xP*9TvWUOU?-kH@QW40=x0-^9Ly@nSD7y3 zdvP(mTl3X`Q0rn9Ds$RiB(-@bad@uwj{VpB4S#+(kbTlu^Hkm>=Yeg3JO)aUM$jN+ zq)`)!F+R$RETkgDQ%im&;G|Ex=+c01E-C(N1`9}@x6JEG5FnO{4`Z|pYWItusb`3> z%Pqz)zABNZ5j6_6sm2-#Id~cyLvW>-09dwd4LHOP&8?vCjWa${2xd&wEpaW7oi^Yg zE$ERhQ7r?CR=b0K9b{gl&hnQ0Wv<(tBU*_cmkTebLKp;`GjnM0LT#yZ9n*LZv5;-l zS@R5AM>;3drnx&??_WO-y;oD0&7zjOe|^I56($!P*6|d#j$h20@$+U(tWwrlknR&k z({FQZ2zwFs=DXruq9SKWJfI&Qm}NN`YR6S?7Gvoa64vZMr(vy3 zo|)~h#If$CQ^a{!V_t5VkW~HgcQSvw+sdZz%epvq7>Kf5N>Wor-=FCye-c+q7(dCt zbsOMu09A5>@s0f|ZbhOn>(RXqOoW9|m9>o!(m33!lS683z}^L63mJQ^gAIS5($d*}K#+#gsZlI=^ks8?DOIy(@=+ROA zqn0Ty@M-R(*Bg>{b$lnCb56w&HuVyZmxSB=8@4jSm-Uc9UDfktC_8X{H~7Pk_E9oS z8E!e&-IdqP$>3q*8t!jdP9hEYI<8(=A=)1{TFpOD`74cJ4ASBx)zxO49Z*{C%UiD& zb9xlMLCW1-=a_a$9_2(@mKIW3HjbWd2q?Yn{t_C%d$6RlcKy3^ulTM8;X?X9HH_*1 zPYsi_@;^1q%m7?Ls*Q;=UOHBvgN!AnDdYhEP}ZqRXRrdSV%e0~lMU6J>U>r5XNr>B zNpp;96JSkJw2$gKIPzNoTBOl-mw2aZ_IqDLT9_=yO)Qt5@b&%Q!GRpd0{Lo=xom#y zPj7M5+2q4>CoZ_+^jbEfX%D!yuVXjTRHBp6$k{7o{7(NR>yUmqL%t|hkTgkTLW->) zS?XN$h;18gjos0cFK3oJr$>pRt*!aH;J= zAeiUuy)ne;2DM2{)sCK`?W_U3-qP+b^`Ea64Q__ zT6G*x$HMapi^Sx&{U>Lm^_!ffvBM0W?^#`bQd-{aF3M$KJUh9*L@^Ujj}M$bBYX;= zKd2|Ac*buw6o$0_D1O;dAtP-y?z&r9GlTvH35(E3MX~k+rU9g&b$) z)(4u{uK8M3CMb~xq3_HR7}F?s;vesT&ofIOK!Z&zl6<;%UHs3_)7q2cruLB=#L-xG zz-8g%zq=Ew9aK3~`}TlTs*~L^PYEM?!D1PSF45gj@5^6vK6n}{6mh;c&QpIvECCHy zo_iH#eYpR07-?=Ei%@|68%9+%>(ODE&DXDay7Oeq;x_A#ku^Fm?hcxM_FeYlHWdX{ zZ#F7|{8Cev9y{b<=B1bKC)1@i-*?Q_5e$8|IEJAfSkL#bY+^N$-W$KY@nCUA)Z?f* z*a!gcZts)Io-)0D_VqQ7B*k5R_W+f+9Q>*N`SyKO!dZXyvC*nAkp7MCa#E!GGw_iJ zhST*^@^?SkSfu3%9Hp!!qsNwLeD-AX**mDdfVczFCX7?*3|yY7CW1Jch4r0}WSNd| zaI(Xxbs{yaTyn$zHb_$jkt1E-JOelNHFt*JpAHdwS1}&X1#BG5sRYfV3fq`F_pjmT zUCsMz0bkdUsF~HhIf}NXlpwYY`r59gQMnd*c7U1!IiSIkbU`7bvJ&v_5j%+gm<5*R zho3(7;;I}T`K-^6?(I@b^xk*P<9gKSUu{N+V00I?X;gOJp{DermR>yUBv9(BOqIaT zNZ+S10e*|TuI7UZ^=u!!Bb*KbZ&=X`3iQFP9$;m3@{Blxsq z1pI%4C2wvr&4D*HN&d2syZC;zHJf^3-a4|R4Yuj@^PvWK6v~2MU&g>q`K5nNO5A-~ zc)K^KkEbCWaC3G#MI5Or^Z7P}rFTs@oesA4`^!qm0Dk09WpPp2aYxlaJiHecgt~U* zVd2Sbt@eZ`&`)nS>gu;w(+evl_VMx3lkY3-6a|XQi=oI5k>N6^(Q#>hxs+~_dfm%$ z{XO#G-^|ZmdZ5=&d%KDtEGGL^tp&gSc=()e1Y4l=G?uK)Or3Ccf#;SY$i^3rdSfAp z*~Ud6udEh&WN(0$-tyrc@%{aIbVOb3n0iGs&H_EE>787`i$OxnF9#@L_M1a>>E*Ha zm#6P1rfTA?Z;B=+8So-v-(9x%q3+Dg_~wegSncdZv*c>~I`*&M{~7!!D6-vc@GFRrA0 zH;(+nX3L>Y$dC}d!FJT)6!5Z8%cA0gGHfhsmz`0b7H>Mk=pv?gZWK5vnk2CK4m=sG z0J@!a`4fm?*>#xP5&-Zh^=;vVt@#gM-A9lpqY9!D>us%HKlyPswQXqalEdPip-s}kTouj;5Fs7 z(KAPN>W3O;NtL{hHNGexQ-N)t5DGgY!%-A1{}HBHNeL|2d&9$;bYNWhcNBNm*lH7f zG}$RPif@B+XJ!iv%&A(AhMO_tDQQ8C#OcoLnQuWG(ww-4ekr+(6G?O+t{3TfS~?io z`K6_Os>KX54uLh4mnR9@OPDE9lYJej8c;M8p(KWfuF zONcCF!g|;df;}8nlXO$@Bxi6N_g82}*K>zNd-()>Uc9FgCDXLPO}ia{f0vp362 zVPXHn`QX_*mQpE`!=A!;_x~t@5GPt>GpJNpNRheWV{SLUgU)lzw_NbE-sTtCRMIvk zOFl7h9@gd+^=7NDP^pr;>>uF}uy z*k>b{iPGp-TIWa-`mr~d)Ttti>?~8Rs2z%~TGU=PayF0@9pHmYB)0|fyHLYtV8W8U zu%d=Vd_D`+PtUNCWD~@5AtKGD_?Q^|k7KWNX>>EDI?YUh^?k(y8l^{Zsi`IVXUAl` zXcNq7%_d$Y=;U7|^B><0lnMs-0y;Ym43vut$C1iP7|3;52|38_QIYtkpWKm}O)LyS zc|HGWEZcT2Fj>hmalGpn-c~DxqOyR#W&v@Su4z3wZPMo0JyPq4!v?ayp?D|T8g%dW zcq^QE56g!Xnwj~g&J3LhhqbY|vJ!=2=;B(1Hr~`g73>Y6%_PiC(;hQqpP8@IMeE-w z)2OYKsYD4%QX_AtYEkv7{oIkG`__WsFh(YkHBFOW=#QQEeOnQSu;z zHs7}t;m<^cB~^>z#UYp{lHbjzgt?AVSF};mzqi|!#n=*_QoAXSZK%!nY9dyodBM`8 zs+-y4hY^;7J0l4#o`<18;h|}HcPtLx3`qlT`&M&NwrfEi(WO1vy+NHZ) z7fwe*Aqk+bC=$kamq%MT@pnAh^H*FjM{d{-`!Jnd6u5GLd3er*xj{B_M)^$unOG9A zzyce5yGo<5T%nKZqIt5JFYNh-3$lrvJMsG0l6;%~i_} zED-P1=maHOBvfcIr-e@3$Bf37`Z9RE41p5r<*>(Iwb8zphb~q%!D@k{46O*YaV z!a^&fCc)OE{;`_T)F)>HGWlL_LnW4@UM79YSC)q4G$&os(t)}uy7J^15n^?jRuf=` zHk2T-gM-+TCc~gj+4CYs#2HsXS36>wyZ^L(%c^NeRB+b~#;FB(o}0>yz(adZnGTSY z;;Ut%-o|=2nrh=t3DBJybH@4o%KA!sZ60!#FDu}oQYc4I zanJ;H#GgBB$ZqPt3IA%tg~>ZEfN-*bZZ0c+Cw_hY5Bd;xD1wt0$OBc_5b1Mnq|>A{ zt^;u-sq_4Orf5>Bc>J?m@b%aTI*{95grB+A7-bM3rVik1;CeJ`#jutm0T@C_L}H#x zJ^O`NJ6?r`iwTVsp?wLhx3LVJKFwC$=`#^OIODG34`$}(<`{ulU&1QCGtBy13yt%B zEp$0xut|s+Mr$zET%CC4%;iLxr=>x`%-*UwOTd5ylcMNW!`XIfZe6XgHJQbdF%urg zfskUQT`5{pGFQwq3ruFx#6M4fua6Xo7oHFCt_4`sqXIdJr3FIdrQ}}9`V0>jf;+9O zXQB7;=CCR9F~nwNONiSwS&&h=8L(OM&b$zLP2R07vDMjXw znGPC)fAJFRAu-xM`hrsi@(N;8*V(^mos_LIByER@HLZ{Vf}dqlS;K$e=O!&-z(j}0 zkv*@|HGDZoD^tF>dKY3RjvaZuy{NN^2pJ6}!!N_ifPL70*1$)fk`ba-M+AD!qK9;n z^~+BA;7~}_z^;qzhl^s61&~DO_+G~xd0*+hBQ}#oW}T_Vt~1{Z>(L?4*(yW?#kKRy z&-H!HW-;Yt302-~){f3pV1rq+SMj~;OefLXaS{o^5x_|T264uJ+E;P#KB;XIJI`b3 z$j5ucPSLKv1T9t*=NiA0w0?=*?}!&_WQJd7w@5$UNq?7^PXFqT5&S%o6Xf70V%<)# zR^^--Y^#11OO1tz+&1=_)eV%{a&WDB^LgX!Roz>uhv)FQ$mOFo^__3O*@80vP1IEs zt*dXx8y0nb|C`LF{$tlIGqaFpBQfvUy>dKnvWfEN&s=oEz_9H?QuGegDU@4f$?FS1 zTz>51M6n@L;t%^Svm2kZ9uyX>MH!nEbJqiI_H(1^HITCGc2jvhI7sML=i0vPVhi`I z{+`xgi)<*dnl>aoQcLFNIPm9q6Oj59Erq5E{ahdEv z-`n2&T3m^^l5Q%tVCbd~?dX}&n;k}F(^L!L6@K+86Yx3}S z4wqFw_KjX9*KSJm#X4T@q9ypRc%V23f&(V$vWMe&G0H&m8c0t}%LnWh(|`naP{U;X z0f=~!72hwMsK3mSREH@-Ee=9(zo)6U;DdDz2(}baS>Zu6aEbKq_e(Q%VSDF|jJ|*d z65ye6^q@K<@KTf-i7G>w_w7VoVE=V1C#+Mn1eJm9m7yyV0;36B#=%>T?*jmcs^G8? zWbgVAN-kA=F!$v=7KITPWr1$#V8InaR%|dKKdckdwnawE4J-g1d|unXj7Pnq-qk-l z>fO6AuUqdXs>3GKKf)kljm2<6RwIT*8CVNL@QnHvc(ATKkP;Oh*MI7Zvtfb#AcbfL5iKAqlB%)*;2!UCzEC z(gf`CHE`lc_U}3LksuMb&z)0k0^vO}U>(;ra775Jw&K56w(A1y_CF!b39EZ%Yc}yU z+^;AiGdxcL|FGQa?GIGk*%q<4e5A9GwR`<|@Tyf}xftHk6!EF*v)8AA&u{e>X>+wV zXOhSYNH87zKigioYFu-STCyv8{!wXM?yn$~C7?{khy69rsbfh{i6A!?a>!gbo5T9% z>+V4{3WBGspSiah;48ugC^wBF{VbET{u$--h$Ra*aw0N{QH2YrFHr^P*DhTWeO~^b zW6BZQj9D>{lH!@+4oFd`ma9|j9g;ce^8!kTkpqI;pDkxWB&6dJjVEk z*3;kOLa*_a@So4y5R%s7y_W!~akcgQ_hguJvZVsLsMT>Cxc5mjsM`iq;%qXj!irnY zO^}>0nklZLeu-YKZlBNeOITTd3QGV>1#<}W++}879}lc=sgV&R0>GeUcsa`AK&idW z$JKTq=qe_61O76Y2N&)0Z(e-eF` zSX?t41FR`h+?hb7n6C|heO9H*OlBM9J^R3opA5nbF4Fyi6O9511hQl-3_nG$Y9W0;?+xL&GSlWEKDD?&YJYrjS7 zPagm2dSfPzYfX$vj-isGsHgA%WMk(00Ev(LL+v(Tci_pC)Ujq;7W-=1SBr?>XuZQ8)hDKsZmE9&V!c9hJgokXI~;2 z=Y`_vyjl^zlC+nnU?QVStWx2hiNv!iJd`hYwF8yJ-22cU$%gF!-^V#HFt5SBU>fJ5NuaE4MDe?WznI5`y z+^@1~YecR%_{`OQ)%h4P=)2B0f5bAM75!j5s%Knr4c^ggJ&E-Miv@k$xNjB47qBLG7RY~hBqie$q!&fvi>fjFj4=mH6TD+VVA6V z=^z6GkId&S?X!2mDevjXJ~Q^_W~-llY^`28o8IXT=-@KouK-Mc!`Sif`YTX32g>!D zCgF1V=j27C)ZL#&Qu>|(4@Uz!6d2k8-o!mWlY;!%CgLL@moop0XJVwNWS1hPmWamx zX}~-Ot7?a$=ULfHbtcrJ9!|$Z9X_f5&sMN)-!^0-1HR%ywJx)zh9L?FplG!Ye7kiX zz}OIdlY2byurnY{s+UIL<$2c&g5;s*m)Y&|WX#SKXTH(P*_N7YWE>}-r1&U4$)s|Q zl!$n0qfVz@h5-6{X*HCZ7Z~cS_qkbuGMC@9w8lwKQ13a6L0*RRZ&NT**^#QsQNy|H zQr|-tiVTzy$A@XNM(0q{T}@=q$5 zSeLrbL)wE-8`|YgXw!Pp9g_IAN(~mY*U4RlKa= zbD<7-3C1|Vta)yzz+!!t-Alnl{YYkWffT0L&Y=&VID?rFvh@;y%m14j4-D``AVK}A z&~H!9gSgysL9hpK%Q1>J?HepWs0{Pv%UGKRy-5EHAf{7+f{bf9V-{6j%h%Ci)3PZ7 z*xYsqFw7f+hs@iFfWx1O<9P#=z={#QT6>d|exBdWYy!XovM3_Yr-*9-vo%jAh|q8Y z!#<-9Vp*6KuqEw&fyDh-1f&1cqF0@$0p9w!LE}A8D z+Fw&$iIJ3@>`9tm;~c!nkc@8&hux4^aoM?S_;OrdY|xK^7|%Su0gjfr zP>yNRU)rSKcbcJ?rwCop`-h2hTvT*ga`a2h!tj%?i{o@TJnU*2hm*KCmDjnHSE1ygP1<`ljVWjT%dz=y9%qyncjh9R%P>ZD(lei&Q<=|lX}R3$ z?vUUG=BDHxetG4=p~9E%?88H7%$F^ug_9d%Ts=3@a$-@4P+e*c6WM4TAOY)N@=_m+ zUXVMI(cMOw9y&Hx=htqICT?M>8?jUY%zT{9xwE$X$gee$oVT=J&)(DoWWUg0|4RX6 z0Ojuy;^XD{nAKR~zVi)VoII70JoMMGCGW`IBzvwowbpSPtqqMLRga<0C3YtF_(xl_<-6WJiD^@e#)#`>0`z5(muMuOIqdKa-~&w)6(o~b$DBUauW3Lw&LxRmhfrw zqcEQ#;@hs(2UqCnotpVxw8hqAEwN&iT9UJ)zproL8*3|x9G*@PxVGmxZ=d|tcJ0_+X-87nTBz({dL#cSEq}&=S$#24Iz&uc`v4E? zZ~j3APTpRvX+BVOtF1}cCOgfW1;w0J`b~Tci$(m1HrCDHT*%A1G?Z0XPUnE}VWyyg zyQs4_QBl`qU!4ItFK>d<6k-Hi{0N>OH zlxx{F>eh1;Y4497@46C2V(CC$f`^q1nvc1;wXNsE|BxnAf_qlxe_SYlcNJ8yhZ4|o zf1oKV>(TmiW+F&cq*cUUKLwe)2UORMo&H!lU*v@Q+$af{+I4Rbp3~iXyRf?_Luj$r zjXmy_+73_UMSPI^Fx72Hf*S5EJW#dF$+YGwEf;gGdC_^DvLO1U-m3pXrL9;m-b>q(#2#P)XW7>Q|D(gA5q z9@Ib^ocLD689N3{RW5d55%u_B(d?k}P0`yrOyu~?)$6+8%e%?Q5J*)^R_ou1Ayi^; z##uC*&|85V**oY0*Be&X?8JaZl)2X645i2t0b{w*fWitTPm@v~`+Z>O;HK#=a)=Wa z^6iu4PEkZS-4cB5`d9Ty-_xId>XVw@Pjll*>o*r!QZ8%euOaiLl3*x8x@msma^kUK za3a)m4Ij9ryv&E|I>fg)&6O2+b0L=?z^vWZ_~3m9+U@PVnb>>r^!EYff!C{d`e%*W z=%lx%s0cHtmF9??A`}N^-n3%cS`UZj8(yWbg7$s^w9w_Dw8%L4)5rXq$Sa{PMRcUr z0uj~H{bRI-BdyF>O`!YkiCk?K0mB74I2wn~Nz;>I0WlHXO*cI;sPh3MN<ZnS^+0%T41CgcN5-wq)T^F=VJ<<$3xyp` zh|=psTm0nRetuooXG~q8M-AA=ld`eVBX;NjAe%q8)z`vSzQq1 zve5*z@>q@!Zf&mJU4H#|)MWH@xnQ3yM#<*jsQi;qYWz^Vh8{_`s2=w5yUY8MxgWUG zFCACR&kLkIN*;>2cZ)h{8QqVnh209DiG6;)P;c_+<;lT+K~kYWPiS#jovd)>(Re4^ zG<)C~__-v|0fgO=V2D1!aaEblAylroT={E8KYS!&|DRnf0=AW$_Mm<8s!13)wk-M8 zV9H?c6CdsS1S|yzThb$sHT{e2`1#)GvAZZ1dFbp9 z_$j|!#6p<1N3jWn7_2SbVGp4F?VXWsi-WvfQj`}sX`BCdu{;OuTC_O;yLz%rH01u- zQL+ky>by|>SsKzI*}|NU1136ztxeVU`&gpxn1=qztO+~;Nc3Da8I6rdbO ztqWP%NG(Z1@$;EVK;|~?07FeT9zq9CJ3qhZfWOaf)n;^{VRnw}9TJ)+MJDs6W<#P2 z*Sojnu{z1mFH_=q44)yLey2zn>i(u#v;65U8S-K9^>fRsZcecUYX8RP7dYTrszcs^ ze4X_amG624lLndJpw|o!C#}px1s-VNAO3f`Ad}_TWnk&Fj{03?yBN-RpFaVma;MW{Jh60xXXQ0+NC4ol01PfUPp zyyT>htO}cv9HtNHwP>;M=rlB+#`K?O0+Peuer!VCxTU}aaAd^=Jo(2F?}KK*?dn1h zD$5f;cO2Z|;e*B1>zCi9o{;`y0|qbh&5QQUOJCDeK*ai_L{VnLt=c74MZW0)l`jIb zg8PVZI2Q7#7|!b+6XH;tImOi5o-&N(Ql8vJr{@#o@`eEI+NAfLk>)(h=64~5QSea> zzrC;2HnXY=B1hS9x+QUM&NnbYp0v5DzGk@CTysa4(23bnk8+Z0xuXw4TXkNS*~1^~ zYikF7Ct>p7CtSDXj{O0A+9WlCNHf2}dr%mgXTYydzu;>OsMG!HIWARQ=wKP~A=aO- z0U;4n*AL#CH=zxiB0U}l`t8Yke3QPq5-~s$zjys|wh_wfwx>1DDEhNo<_fM!z9(c-Rykq-ej=Mv$s9`s1>3vvga{Gz>*NX zr|_({W}wt>tpjU&>x+A`qI7qbG@OxdAZgm4zQVvm8v=e_e$N`6rK!-8(Dv+*54YE~ zw&V|ERlRqx&{&a=ZNZAG6Kc+2o(7J~AXm}jo^aYb95gUaWS% zt0j=$8d?^#!Gj)ZXANa-Q-9jrgmTg&?+ZMIx%0f#L>>T?J4@AVaB5+3w{;o#+&;t6H6p^IpXR zs81rY1RH!{X^}sg0MCgZsjc15HClcx{LKi+D!ZkrAavUrIp5d3^TPJEPh%5Stku6` zZX$5{TrovN#>VpIu8bW-tVimw2%2xY&x>*bbMsW>h-t)0fY+4cHCw)$`q1WP$JkZh z>4k>CM+d8>6$l)Z;|-B(vmPxFwhCI~v2i)j_Lh{bOl@gg`;7CJcK2yf)* zLeW;}yP#t?N7&Jqri+Uom#6r!hevrv+x~b%pdaKrTwg4d3i-RxlJ1=MnwkbyE9@ln z+o97bPi!dy`G;WNoB(D$PFZ+hhrP=UBWf%$8Q-@yCae!|W}-4P05oJ2!Cmy_>vDpt zO}eAUuF|Kx&>&9#q%KOCHjBoVrzfEM;(!16Z+(rdAskqii4~bsKLk7RFE+INnz-D6 z7aWZl4HiWkU$OsRbbSXn)!+ZP5wc}(SF%UNwKv5@D6+0mW^VT0L`Jf%EhFI?Wfj+6 zm5}UfUwdzo6{7$9QlHQF`~5xt=kfG(-|ur?>zvm-=Y3AfTCUCL&$BIiI&NYw$Jp#f z#l4Y|bpk8a5h94lDSt_X_X-mbRz4))?Uz6M<>u@5EFg5{^(xqFCLSX1myvf+jlND8U}`zW4qjzf)Reo7X|&qfb@} z*AR@RFfOWMUDMYeJcZZUZV=nO4t`a(-zsC3An9bu?_Lq>B+7%}Y=y%0ad&&OIC_%6 z`%Hk}9eHv)GwvQ?Y|y0IRF$?aWWoYeg}ysNSC7NLUm;hmwsQpJ8!oZJ zW2^iA4e2!_>xOwzbE2Eu-A`C7%l-##^cZ{pGKf%kTwvsWDAC!*_>!X1{S|sc>ZQZ)}cqF3p&X zr{DO}P|a#$#Kf&zvheZi$ufFbu%b3FzLs`GOgxL5ocO(Fwn&taO`YgdEp#;(f_L%} zE;7A1FG&zoittnGaehMjMOu`9eB_=wqlozL1$n)E`WO-?UqXhfzE@uvZvX|Bp3(ul zIB2)0OUONkE2~>)`nPKDriOPWCwqK*jPOYjqDk7U57GEEd!n=_IO6g+q)gmctKuUL zf8Ktd?w6FnG{30k!%`Y<_E;JTn9b_pFgnibsX@ioWcl;1%B_e#RvGW_XRz4WwhZ@> zTB#SMk#&P*&2nNn^!TLpV-%a)96eK7UMHVeQdgDhzjo`3e~1UURg`z<-~1sfzD6}M z`UE1vVCqIigE(2KmtIx&9h#YWD&<2DbFBE__2KOSITJOC5<1Y!SoGvng$lJj#Yq9` zSq=GdcWbnAxXkLbr(E=*;G5$)`Sab;AQ=tSFZN~2`z=G)SIdlBOK_x&#aH{J>LD}B zGNxB;4A#hnfaQSK3$OE1&p*A%CZX(jms-@NG1wzlk1%=2cH4i@L6@yvthu-=zW$16 z!#4$XduEAYm!1yk)Ho!_q1>#(ZhMl)%Rcwsw9MbV0LQ7T-HaxZkLJ58Kly4L8+7kv z83(~>fs=D6R@mmYtu8_D4w1F~+@^7FSGid}*d`v?D{D1sHB?hEf8-=|n4L{UY)l+j zT}%Kk2rzzQtCJ32JmuJYsw#aOh6UqVIlD+8&+y2 zW8?jsWttCH;h5C+BfMbB@@&^dWHei$5&~Uet+3M?0?W(I_ne0Ls;Jsb(l%PMjHnUA z9Cwm(O@f{UZaLuEP6E4I@dyI@!@<2ZWUD+0hiWVag$xMdPwvw>!{WkH!v-H(6?S^5 zV03e{lj;rSbq;STsqnJj6-k96i?|SkM5Co=WXKp~`py70r1+(ytylO-h!g)-s&AC% z2p9kBFr)%Ug!I7|={U*rI}Q!$4$?={CLhxX5U+~TJZp7leK$Tb^*G}4e8h(Et5xsV zO{x!?BZk$ri=;x3;k{}c+Er1`CQD<0?Ww>%ysMNgMldu3EcH=q z06rqQsBe0>BDo+BzQv89fUkH0J=fd8<}K^ZqQZCxJh_*8c&-&F?k&XDG*XsO9T!Xt z;n$R3eFk={MD5eVT5>}kw*lkzwaq><*0=f>6ozKWkvh7c1f;(8^HSAhJZJu_r@>?@ z${0%DIr`^t@W+gjzLttcI=y~Oug{EPoK&k^Tb=1FPA+gjcxG4In z)uftbY}g#p)Nv@P0PQ?cj7x5}Cg_X9Q2W`sOadY5O-Pno_z*qZ(IGQ^+&BOkBVehVPTZ zHeh5Z4#FtUfkjUuls>5AY+m#w0vlB_tStrFntH-K{c)AhGY}`W?gt#7TT}Hdm^DLr zjnH$usRKhV4N8|!6TQ3*eIKMf0cjvOVu0(%rvKhA|^eACoI&rp(9@qMu(->Q>Ey)61CwACU}rN zvBt!LLG=ZJ*|*$dk&d{}z{N@ZR69u$8`5vM$9#5**z#xroQ^@ecen6lyaLbgr|>1h zz@gF}9xSthvv2c8u_nZx4Uj=9RXX3ZLWtdH97hN2unxqrU`rZ+V2wW@xo-iIV%`WB z;@{#^m6l13bH9b2o0C(K2K8JY_b`H8i;ex+T=s{^q%BKReKZ}Ln|t@o0}xugW$YGy zF%FD$+U1#Ac5?fJk8TD8d7mJ-2qPX@J&B*d5qm0qy;?&vScv4Crg{?7vbC*!q|vV* zuW--2ad?spBGpQ74yiU^lV4c!CO;%Qpoe`gz=n-<7IvvG6q0oWv#K=sGbG}}^{eI1 z=S?+}k)|UZwk>8KDXt*&G}u@lmF6IkXUeiFjMczgFG)bOa4N3Rq5ErW+s0Hz00rC?UHvfzd-L7On@F)%@Z+GhVs{%$`kz{o&}F&eCpuJ(?T ze`^~MrbGnTp82ttoWVhUK8u0;=w6tR%JX=9NG0^zTYWL|G54zH_5S26QdqEM$P9j8 zpZA!Q^CRv&c8*eCV2;J8jpA!pw^gFEosI^~FW6w_;aWu?-;E-thHGH6tk5Yys}np+ zkzU=Z4bI>D_}FYC$~19{;`Q|)#8{{zN0VU<*s!dYDU-Cc^w9;e21?urLcIdy^U)*s z+vs>=Tw1uzOZ%ECG4EzeLYPCt%=yTJVO-PmyKH$m;|ikeJ-84{-=9C9l2Xr)jds{# zCJ4>_^4wI^JLrpr*=bpN*fS*2MxhsDmHl`@@J#dBUQJ7tUgCiJiS3Mkh@j~3b0pU1 ztha-%C4=h4Htey_RsFI~qQUog719q-bzX1Yo#oh{N-=C5JRoT22lWVu%JZnecFy;2 zvuEq7oQmWl1KhPbaok8o15tKyQPRiH{CS=Wm4>^N~|x+YDQy*3r#;NYwx7YUv`YDJ218pC61bh#cbND;c0;~cXmi&C`%Row+ z^Ns`tR1GzDrh}jA&G+}%`tfuULW<$J3DYkM?HpSOTo-sX(4mSmqSZ@EGI6^PyU1=cO*7s{6S%5gzcBZk_VR}VR{pP~V zR2rfmbAx*9mu95jq)bb++Un&ZclL!Dzd1c*K;iJ%WDI0kHYIr;?Cw?(u}u;;MTY~; zOG91~)^kSE$W^lh1mII_0){uwKY(D!A&aG9{6&EdG;AaPV0+bJJkk_bF9Iw9EA;gp z#>&@2#;sHYs!T{Ljk_yA+pIJoC%l3W2jKH(900W>fSEf!`K7(nD}p8u-3J0~+a%Qa zFUz~Uvz>dyiyQ%>sOICg@Eik8$Q}-=V*kE4;z4HdW8T;X)p`cfPg)94>vHZ1d>)5} zkPI2pTa4-$u-hnC(q8C~qD#;@rx3p9sssh|p~w2!&AA!_$Xsq zelJ%Aswi7}D5T%5cPl`Yq8|kOp7<55U-t!>nysUf_dDoqVZ({I_O0z%gbODw43bjmvPej=^$PjAd>iQ7F4wNqp9nZzUUd)Zod`A66-%9<)-|ahCY%l zpir1G4=hFXDDb&(^)F?{Or(e~Jf&UfHJiZn(zs{;Tlpb11_wG^X1G3Vt-Lj!$cL*L zdFbtFHaX~&XWIOWQ5>j_cDYl2e<=M=&gmf= zs?izcnpsS)!qf9qWNVuVSB$Z^dG{K=1gLc0jf;yu7tCw1bdEjIe2s~e5C+hhT-KW7 zxZ!@LPcopxuC3waBlN@`Nu4hXKnz}IGLZmOzEU_TrJZN%xpkO>mzn!Eg9Vb~1~8oO zK*})K)7FDK<tef(lv7EQlSCx%PKXN-pxIRl*^aDVmF8nWVj(d_^M=$w} z!Ehm!-ikS)DeFb&PaIS#G3 zI&cEf-0bRrSs}a1#6-s`K0Z2Kvc3WElJitK9H~Jlo$85%~ zr`w>NXrsSX#`oH*^FMrnOM?PNz4%ExNYi2YxPR#NMs2o-gG>K$l zTa`s+jD|CingV4CngOS93c=^Ff?Ak^^h^Ns>VR;V#E&G6)^;rg#+j4H67xRyzACP4 zpSkV?dXmK+MgvO_dCCZK0ImkCoyg@rZ`0!8L=Be}k%^z@S@DL~*Jed-QYOHo(&$9E zKy+_!z1d{F;&2po9a=!qQRfO98|%D=FkeuRo01H)AA?k~$ojhfv}s{h-PqnfRSn0@ z8UtfN7O+t-29%f|_=@Zwo=nt?W+&@Xq7V054{AosTSV>io5GJtAjL^38ad#Xu%L5? zmgo(YiQX>mY+6oaq7t*@5@3t+Nf$`97-xi`LR&w{Bqd}vW&Dv|?)P)wdiW<&Eh@h=fVp_kYfh@wY$L({o&5apM8M@`i-EntH_>yiQ|EMZ3Is zb6B>M=W{=);v!tGXYeq9Q4gEzdnb__Y^-J?-n+HC`{N%@hKB59Zm_5xeYAZB78*Y6 zqvX}B8uUDp7f+E>GoY?EQXtP=;{CGQ!=1(~qsZv%MceOyyM$t8n*p72Phs=eZ?QB< z)D|C|ubh91%4<^fi{PxYeGFD$lvjtG#2~F*Pfy-X>!76q4<9-Orf(g#l6N?1U)8Ka zjp1ugMSC)IQGiMl;QCVex3%)#c)l+`>J3_1^3s02frlKT?c1p!c6p<~_y|s`P+Qp_ zDctWnyIUC@@2R8}$Lhh_G&a@JV6sWJ`uXhaIi1t=jx1k~5^f$g>S;0x5t<(Fsp8b) z>-TG}wY6|Ged1+zmvjxA+^MtwS#h~*_8D9NNJzSDi?Hz^#o+w2IxBSzrl&1i+rKOG zO2=}C{eCYcu0+?9fS?5?=qYeM`$%U-B0hxQzp^Y9#rmj8ar^axz&F_blbxAHiLn;H zqw}+@EVATLeCZS~PtWa{7QgqW%P+dBju&^{0lGN0w2APt*d3)o<5)jh*C8hL1q@$klg|o2fn&svGmeuxk7&4mpBKus4T>STl>0`t(_^+)^ zE%-d2+!4?+<~6iL>*@(*X8p7!phrCemm!?uo+M22L>qIDCC^usPcK*X_R5~%vJ)Kb z4^1n4BL$T*rX5CP{on;GH8rA1s#v>AFCEaPB^-P}S5gqgW@yWLiAL`sBRpB9Em8%> zpd>CkCfIfMzUF$z>emTNM@LAzu|vzpIH-4d=M?~$fQr3Ff37Zr7p*FCCrhbj(IV3z z!DklLZM>S=JHZo+=ci3iZ!vxrdxnJWqY%#b;^J){zDq8+w$pfY(xytE`V9FF27CZ_ zdZr5O;Hbk_)I82IRf_k#!W$UQNOZY-~IHX@{b2gF-X;&quVLiFlM)O9<{sC$Yo0n(3Zmk{w+~1Qcw&*@}U2- z=?r6R*b9%(YQ+vyyqReQ)%r8iCGJIgS9`&r7^l0$oCRv^N~};zglS7)%w&syxq=j< zs{}U8WHs)Lle-|mPoWw4*lnd)`;mpe3o*<$EBK+X;<9;bPp{=Bh#T$@lj zd~_Ilc-tQvR<%l3dxw3iAU_(pk)p&{iQ2XnBbjZ+hqsI5S5*Zx+hGkh%ibbKndNi< z(S#Q7R&Ql7>|XI>yMtEM9de4bD~REB9ctqIBOevQBM+w%nkaQ&{AcX?TzJT?E7s`y7@SO+Axl5;SZ`~F_@eM$;t~364iUkub z|5**{C>2Ku>!VL`lT?5~{rYY)=ne58W(c~S2jtGk_|>-*pjdGImqRR9wD||1XWs|r zh!=;kQ0s~V_Y)?Y9c2+L6JO7T^w|}lq%b4$f)7N@)=u002kXaPFS>>(5jkE@B9m0g zWQ!H-JeG5(?)E7vKm%6e9B7@k?kS=T$X(t6;w&KBdc$4(@qvw>$4lFr!M37!Fzit2 zu7M0yKfjdiRsR-ZI#Rg4w(rSYeX=!bHL686&>MFJsQo;5WNbw`MLBH?5Cb<+p6nlY z-MpRfv|9}qk(`%xCY}{n@)@Zb7fVqIs7sck@e7z!Oa1xW980F90@PtW?zH8s?rK3m zgLaBW1o)+`wi)_X>{BunJW)T^elf41LDi4;imcHZ8rK~IAkR@oruxbteeRTF>oFc; zxCD(3oD^g}_;sl2`g_oTvqLf)B%qrJ56?vY*g`%Rk0@|O&rRpG9yuMxzXWt>q6^M= z;BV)cwkI_YEX|?|k=09|J<;-=T_~)WSGGlU*buvikUT28-)*N&s$4GUxxA($Co+l^ zV7k;e${;cihm8kikPA<=uYCi^!Of4a?j!%w~@n zCz9H0Ny|+7?VsaaC54YjWFC$rHR1F*a!>)Xlt-x8%L6VQtk2bBi$_KQ?Ex|)@E#IK z?0WoY-w8;5t@FC7go_Z3wdd8cOggBxlJoP+qJ)ZQae+#whj#k{Xoi}5%08N7p$y@B zgWNMy5uZ#3;mdf4SH)RpbgEf#tiVyZdCv}u_Evj@F!-J8cfXJC?jDp!yD<`{um*X1 z`%$b=!1c@DqzDh`ylLliUJV7~+xBJq6Ofl4vXgR3bdQEL5CE=RXCe>bX_z@oCcVZ% zc67+<(d^^$KJNGm#Ln=(-^usZ-H94s!Kxu#hBxeA0q^4mC}7K}@ynsZ&e-MUUIUVT zvj++dQF!@6nBv#nCq66N%`cz6Q$6G%wU2mekr> zK@cEVNK7@nzfJ%oFh){!DLc9k{dSjo1_lOB!DX`Fe%kHCO*f9ozVY_N<|cyUzh!v( zMa+BUa4@2er{qDt&sK3c3fUfb2n2BvHBMlT9(?$S_eoLAX5+8z&P49MYVACsKG+u zs>NoP1u|G`9X3Lg4`Izkkab1+$kOYP&Q#1yOq<1#D+*F{Og{1C$s)XHi^%JO?R21uGe~uz?M7_=?ZKS8))E z_c<|UA9VHd!8`>Z4MhqNX$ThVvIFClKMntRi2F|iD_S6L!McKty6DcV1WZf}NK8wK zP$bsBP|iW5P15Xtagd{Mu6il`f%kL0Q;iV0Gb*9VgM+{(1pOo z6ncpN(iH^M2LAzY4(cJs@Ojbag*;F%A^Vpkps@3oDFC+fCD{PbdCLFb`U?xfXYL;s zG2~4W{zdhNBYlLV>ZQIXl&)x_R zt=Mb!6r8ihF%{yzGw_f&9SU~*)E<0(E~F~md+SR6lBfHlZUO#YxlHn_e5Ply#s;X$ z&MD#1XeylHw`dmAC!n5t+*>dGdIzS>nLai?wS!&X+D7EGvx#+aL)0@hOSPV8 z+lY~pODv~5>%6IFUfX&tS?_422>o~m(jYN8JnvksKrw`xcbAwj9!%VtckW{@z`v3# zm%)t7UAgx1l*@+dVL3-rzTHoY7SSeY-u$|Wl~t<{(APQJHMu(W&qDwoPjvg7eZ@pg z-Mywh+lQ>{^wxQLg%3Q05U0^^TLlLD&5ke|(uY8o9X%UFYR=b(Y+FPl>aZ0#dkbER zRK6`HuOxie8Z77K_EFaV!`sgEOt9$e+V=X>2vAWmzn$JE07XRsl?~Mp{YLodjWJlD zR=Si=83}m<`&CBPW>=}vTcV&Mk}5LtCw&D4QFIXz#xBq|Qjf&%^{Hu;-UaT?w!X=i z#z+C2)X`hOl}S-_K1!+q3@7L+@W-dU-i}QbHLgT)MG^SpQp8N;i&wyOvXev9U9<`T zm|NMDh_wu2onUw=)*pQM$BP4Uo^U^-Gf45=6NK-J6Q+P){dcwmM6h??-v5wqA2#`A#Q7SRs&}Cu+)jDXmsTmg zgAro)+SKrS-w7Qp?a9ihD3h-*T}TwMZke0>j`1FCV1k?H?OKV6+~0YAYja5WC*BjA zz?1smadRau+O%JqUn*~<2mbyL);YvhF!bn{?niUmyw18?tdKx-jfLSQfx-wp0U|Fk zT}mQHdqE)~vsaU-5afp#&X%Bnvu|~e-06am12MyQf6uq4jS#S=_x$Q?`A~aH^>@?K zBSX_0R-VbMqu<)E>&i16pV-Bn6qV(-6lULMwQ7N$`GID-gzT+B4goN%R-y~BB(nE> z%S3JuzZG%Hq8gAn-bk)`EYg-$HrZcL+As3TrrFG01W|7|dsGOn3d8}f8xEBaqYn{1 zxc|*~<`sOjOdlKZ2&^$!G2n&=ro~ z?4YGP<9It}F^FD{++8jxU)r&m74wU{wNVn$tbMv~(LbXqrIIp2ODj_d7ps%X4n!M4 zm>2P}2iOj^UJ_(^`)oBie|v~6{dw{E`0y;Ja7}eB>;9vszoo+}bMg-!h?cC) z7^a!3ao752FJ#JQFrANAalUjTF77s9GId}VeB@NxEo5Kv=tkbgMrGg%FQTd(-}D&d z0A4kCsrDDjZB28r2okydu@m4ITNnFsV}{wmfe2G)8mtWrrZ*eMKD>I7TAf}-U`2ntHz znw1wyZw%;Ce-$&xG;?~q%C%;e{#60JxLzA^-v6oML^g^kinsrVeKaC_#Z31%xQ-E` zjQ+~_9NF1j-mA=r+cw-hnTagbe;H>GLX23uf~wd3q=l-io+b3geJv#10G7NHH!=Q+ za|I47_fTBgnw2NtFA^ao=dGC^`OKBkOh*+|4hSFfRy7;LYa+&8eqxCDHd6AX8>$h-ZFj%+ zkBTrrjbZF!1{(6OEKbQYOESl)D@U1&?WV@z)wM&(WqAck=*-IJZ8t~LwLn{x$(mtc zgYO$}wy05DVg-b{D~xZJ&piaU_XAWH|A0MTTFWg}BlLZP>Btt1q93N1#Hq)H3c0?N(D-#cz{o&o)>4xhMJHBHZe>>jnXw_R=)}xybN=XyP_4H>_M44>@letxM|)Y|a*v!e#c&sS2C&>bY&sIQI5A?f2<)TQ^m=ul+7*l^s;i z{;KX<+s^a(TDg1!uq8UY`P)@us8svO+NbEa*x1;(+858O$Q+)uIBSyR_YMtx5aN@3Ro!Gt3ly*>I2CQ{n%$=KEgJQ%4$rwbKQ1ik`|LgDn1PEU(Ag%4#7sPH5{RzJ@ttCP)!g35OlZy=E0>m~D#{*G4hA#{af5^ea)EE8No`c<)pIvbMCuPA9 zgGod#y8PwjBG18e_>-wzbdI>l7cL+xW0ol{`}}+k-ro+rg!m^x!GHwh@>je-R0aRb z75hcfa?$!9lAa;4Uj7LofnJ#G0z(S`_vW8b_>+!YP)NpJ>Z*m-jEFg(SYjat5B{!y zQn38p^in!BzzVD+tcUD3{pn73sHIgp{Pn=`M_b}%k_(V;l;HXd+zyU5t_82)#vGc9 z^R{fS(%BK#o0QF@mn|CM%cbzdrVIHg`T+Qu2%z)` zpC%F%mpun=(nLZ1uEQmMJqA=JH(X3iSOV1xDvdj9>|Ar9Paa&G)tzLe(@GnlTK+^> z{QTPT++pah47Y4rVp<}p1a}X!IqQ=aAGrS8SX@2?-twzNF-?^ddca*~*JycqF+7ap z?jLN+@jYn_@MlfyXk8=BSlkcAlW`P^v+JFhZd(c_m8|`BeabBn*M!wDb>jAy6>%TC z*L{-XZ5x@5Yb>*Fp)S6|UVS}Ydy=0U$@WwX{oWL-WPv+EW8l{a7>Ft6S?#Rl*~sW; zfDK#WZkW7t2X|r0%lq-2S^he#CfpC^#bzpS?6Jc@|`& z2on@YAV_fjmBVF|+7R%(p`l?~#acK8;QaPROf91j$1P^xxGPM5&{C|EHkfZutu>Le+Btp%rQ(ycTz5-N>FcSbHN|g{~ znt+6yVhy zp)@&cm#A_612ujKGIW!;^XmmIPjOJd$8vwju%m~#g|!l9Gh<&+S%n2l-kg#go0h$G ztKTD%#Eaa$#tSpi4Jj}z5b?7|+<9RwKb{Fr?Yiq2Ta$2mDhQqnbzWdb^*?6$tFpK#3shvhN^(uWrLqG`CiAb3U_o?mobnIBhwHsj(G*I={Nr&v`Pcn1%>E@Q9qFXy!|T({lk#{o)s5tR1vk2z!lia#Gi3}jj3i|VqRL; zmj=ZcK%%G)$DD1;|F1-;{;}pue0;>8 z$v`n00F-zOc*?|I2Co3&>V?#yb(HxpsDW)cgs_(nZ*as^?T}ph6?^7OBp$@D+sFQe zjtY!)a9Y8qh%Bdn32_R`LfWJjM+%BOcci-*`(ipsA~4`e=n4>xHPY>`u(jd(bIyf+ z_Er|5y;XCs;y=({NM4@}&h;&bs+ReblpF?CLD&7!iqc^At>v%J8k(}l+6zp3cRew! ziIrp(0I>F5CXPGy?vM>q;x>jYlfOLEA@q<7&n(T(`br=8vZQ4a01|o+8p1`~wdTAL zh6Vej2vzEW=uUW%T`G_S?4Giv>DE5w?5pYlNpb88PgFzziGobzIM>p_+ZhmTpDR-0 zZH|`yjvnxhQUKMSh-JW+)_dTNpN~7?%Zo{pGMP%~(u_tO!E$1p!qFOYA$A9DX0ouK zC7%YQzVIVF44z3|pL?-5n2XFj%sOjSN>3b=^Z`Ooij0OfUId;*K2(G~X2>xMxxB2{ z_mfj}eT}{*P8aC)pBF@ezo~dvLabr@%XYknb@B9XJ}KaNnm1+vexINs~beM zwWrrJ)J$I5NBAc|YNf?cBI92ck`SsR^R|xFzSF0n@2M+JkvGP*Ri$0}YSP6HdwzxX zu*$70K91X^DG}!A9{;@J;-PuC=RNGyOkE3`{@Sv*`c@B;R}Y>R6(7FG?!f24M)@6| z z?9~=Lsmn}M4&LPzQB9kWffTQ{V;@c&?na$0;C>OKf#5mgn6_@~EC1dn;3}^rl`EwD zZNi-9*z$SKrOJ$%u^#npg^;QC>w>tX48!WmZf)6Q`VMSq>&-UFRrAxsYSZ|W+KiMl z@hA1QnF-rm+K4%0v zEFws5EeqwAP1#qQw>e&3TzGfwMiuGn;P7#|HhVxE8#leWX`EVhK^kDPg9f-zP*V^-y8-QBd2qN&p|JdkKt4QIy zz?az9$TG;lK>Hg3D(F{-S<8xOS3@0y_f(%6psPJl2oomn0s0_O`4GYeBADE(mIB-u z64-6EC&;~fr&@a;L3UNjgj&w{5+H4lOz z8tUc`NID5G4F@eI9l!8p$+0+;OCmHV%F7Oeo29R70t#Vp+W3H6*&IlxRCeNjxGo@l zBT~kG;DPej38~4mdkl&CK+00@UJy`d1bF80i6~FtGGL%`8{muY4uzUn?P)Cr6!^JW<6F`_&ya{4H!3XO79`DKyanUGSWwids8}^d zRIQy<|9e2R$||5OWI!PUFfRT^PFkvWuUw8E{y))C>78SgHLEZX5nkZXy`ijvhMj6r zfdqxJJ$6^4IySttFp>gx^?bezo=S(J)Fdh+ZjxSfc?i*1FSE*MAgJ_*oC*s>K4I4c zTPhR&2}v%U8b^wn6xwGVu{+}a<^g+8|8%d&mULGHc%}|gOfQ@xMhvtbd4t(8eJO$) zceRKF5$rueMAyo+4D*!IbJVM!puJK^VaMnPk>)uyW|s+Z@YrDSR+KZ02mb6 zdpLPi*aZihEA1h=2>*aWE9w6v2lRoH;I0H9JT1>DG-=I_03B-HwYi42 z)wM+H0{-7HhFJ-{M)sMCJEo=pmy`&`-sxz#c9>(m2!FLc}D-)V7MvjWGs5WbukfSE|?3A#nykkj5DAVHJ&;X?UGcTE5G z0E%uGq@|l%t4de8qJBP=>W9Nqs6P`fNWw5IC_*0!HJU2|w@dqGV)Qk=4IV!IXOxrh zB$GPS7E0C>l$Fv4E(ZV?_8~D{;MlCCyS?mE?f!`cZ44dE6}vYOF2n9`*x7rW0hQ26 zS07zcNWVVOW|2Sk?XwqVcHhQSG%;P3m7v1xDIzA8uAb({x{!t9H3beOw5x;(B_hAt zKM5Q5KvGAboA0F#g6!{LU)mnKJ3z>3UHYnd6G{vO?Yl$nZ?3WTcwY!PUm386t)Hlp zT|Lh+lNJ~)njW==Az{&F#BYz@dwuuBF3lsKB2?gdM6&S9>-(=w<15)?3IQ{D6(-kd zMuhlqm{six>M1k&shsqUCzs$t{YxUi9WN|hQ+lgD#CO7gN+Y00#YBiUN^>JhgzHP| zFTG=;<67xc+`Cje_6iU;Le9I=z$DiQM^^6c;4~F}<7veNJEB|&JU(c5b)-^v|CKOg z@E|+c1$e%zun(cv)#hGk?}v3k7HK)NWm^*4^#+6SLy@)2yrd`{09F`s`hD!YedK%i zWk9R~D*eGJ!K{n$K{Uuf++4pgvud$#jcA&^O)-Eh?4O942q6Sjd2@u<%w zJc3ACj=q>MiWhpFPKG1{%<`1}ZB<05di5&=I39jZ$u5{v*cEJ>sxH(zx9F~A=He{% zW!ce%2!^focH|y}V_7l1W*$BwGsj*w5V`iMP8hR;=+hbzcd6Vqy2}mayCA2Sk_1mP zYwO~{Ve3-Ul3zf$03)=UiOfRrjlV|j2n?uA4A5E8XxwbY=I&V)Cgkpc-w)x)JASKZ zvEjJ3*ITeWnf$E7{C;ob?ZQ@OA1Jf3AXigLD+4{Dgm;qL({G(iE_fr5z`N5DIC+NFF~WLZWWM5IpEmwXr#ty$%Ktm&&74un-yy8f)AixSyxC=p@H>8pEJ zCPg<8nsHX!gE+b{$i}uX&(Wg4cB*9k?oQC@%;9fGRPn)NW}Wp&@GCyAk6lYHAE=g> zfg%7mP_#&Sg`L+|=ep9K%#__x^P5X!4)T>wieIhn!RP*;joL)n0r^{7B`rUxdF8r0 zzB;{HUv^y`l$3Lv3rX0>1 zkkfU$GZUn-w{B(|1k?bL?zo)D(9`KCpUJ9qginE1<9^QDgw`y#QL?oh-wbcf>a-PLh=U|he2B8ps!m9|ug;%(P2RZrp-f_8dpg;jy2!ht zd&imyj&|XO# zgWnh#&Mdj3g?@9Lsbxn|EB*Fvdg5|vQR2w$4K@}wHV^Th=-BA|srP(JP$#7Xn!Cc~ zY+yi*+nEq;OK^doUzC{6zuf0lJMWwn*cI_W4He*~i?Gwu^7SuN&Ve+O{H*~?#z~;@ z43n11olQ_7tYmvS)fLdOC84BrY`~600)(E}B+RW&NQX4Rrbc>CR*xJtZ*FvzlhU&j z%#Se`3nVBDbE5<$!o&u%Y$ur{T$mIf*&9G9?p5iuaBkMydERz*K?Z|pc+P4f#{rm| z9~PR5Is_=JXqt@|Id}x?iDS~}*C2;m*CV!aRbaZli5B3A{NMg-!f(d@?gh{+VTKGkO2MgbC{_ph zDFTS@RHtIYN&;4BTHS=1A6!v}>qDs0GCiwX(!51N!!m% z`;F4>OlIW%0hKFb@ZIO)q8PvBpp@RFdQFh~28eI@iW!CjM^I0%n8$jhHpwCS9!lCT zCKFu$hI%TN%7Biw-jG;&}=iuyzw7?AmIYA5=iPXDPxeut5loFwD)9D+{+kT83m{lSRg{#XGG{hhvP+5 zY6B9a6`OVX$-~d^_U60H8oOR;SX(+7317tyqOGB-X-os?{z=_GSziHq4=qH8qJ~wB z_e-Zd3v>T?ms-;NAalR-CG&@0FPY=7BeL~EZRiv+?*wrYr(-ZNVqqrL!VV4Ib!J>yXouF|Gzr?Ug@ zRA4=J#cNjQ2a=o9Z{gr$Cw!%+LW+Da@waJ^(3pZW`m97xqpSQ0!=&Hl6K)uZhjK{L z=%pR}ig&#C;HOC}A2zIM?uEtB>>?cshZGxD<}Fb0RR{5S&SQY&2{T4-u~C~R%30j6 zCQn*p3D^8z*Lt&}h{Rc5JW>66$F9bkF#-t4AvCsOj|mYB{9*C(+?s?;FBJG)i;!OX zANU<7KT954hdMaWDu{E3vn|3P?U1dY0*Av^5J<=Z<@9aZSC3{V;6{qiq*H? z!)mEuu(qI5`W*hoHQyz{Xj>RZ-6jtKW?lq9291337A;^tYO^v38ha^)(W;Wxyr?Rx zIliaND2s&aopKv)uLJ-)#e5qV^|`*-@`ZI{&fLxE{>*!PZ4%&m?E;G~6g0R-k|uHbomI-HWU- zI@O~MLDt@{IH2N_Mt44ShSbM=sVzwwp8j~Bu`x%IK|1S7Zd20oVm(6-cX)N_hv%t# z6G^$b+#*kI-G~Ug)ihza{QbJkZJ!G4(ok zj|`B+5h+`nYRtIGP#1W$v1d~b43r=yb2VeIVD>X_J~fCeZ#|?!p-Je(#i>vU=4!Vc z8s5+XVO(^CRE+4uP12Pp&t(@BQR8FQqr1`cjvBT!2u_jhFdmi92^24btj3GF$ziuo z@N^J7k>p*aRvF)D_8cZ?OpP7AJ|{Fa9_2l1v}nt`x438pkZ+>@upw3{eduE!3l^Vl4p^#upS-OHbXPP|ORuHwK~X*+ zL8rmsw9JkGwLAM;aZ$W4A3XX3>NoN-uISmiX-Qa@Ti$h)F@9yub7X$-YemMWDRmp2$A=JbdQVN>`;;bk zEyu#256O0`1dOi294vab6$ZFhg?<2MgAk)uHA9^Iq}fmC3)R%Y`l~F752S9kUTX-n z%-MYQ1XlqnAfSPtcw~VSpnmRq7htJKfW8{i6N0?CU|!wx6`7ef4{sOfO29RXgbV2q zEmdj%kbwETy(!MVg($BndsPTrU6dCNa#-2?_Wzpt%CNSU=V4k3v{2gO#Y#zWEiOTd z1cJLma0yzxcqvfa-6;fjFJ9a&I6;cLTk$vj-Fu(^yI)Q+JDIaPXJ&SHW-10k>j@WM6>W0Tj~<-;V)#Ascc2u5M)T7K$*!!aSl=a z^Rtt#*(~2q4RJ?g&hZ=KN~kAsUUOl^1RqO>nZ~JCciM#PxDJG7l4* zuM)IovW!-x3fYShk>x;z>t<(N)`O2YLXs+l@cnBv#b0bWzImA&w)gfP?KI<*AG($L z3V)Y!-57Y!xf#Jo6@W&`L>#&(j<&cZNVCE5LTfViRhBrE1DJ=eOFk-^5^}~Dtm@)o zgGGB@b{DK{m9W7N4SS7CsdZho-Ope*@yUgxxiy*i9#Qwon2qHHsKX!WcrqKIo^q{v zq{fEsqQ7-CTDz9aE*s{qjJ*N2zJ%pot5#o$+6ge-Zhut~4Ysg0pKGimB@`iXd~+5d zwMi}EGz5T94(oVOW5-=Ppq9VSWMW{Ck>jZxQgY&q^d60Azf{x3NMt0{ z*uDn5I#17!y%cBq=J4R%!waLPGPY4)vo3y}Yez`W@fEruHZL#Qw`=#K?DhC*lOU0Q zO%zicxi`Gp^%w2+K7V@6nH+{uKxwOg`IoPy%nUI1D#ohlmz^RZeEcfPMgbvP92%kC ziI;DKyTe#IDEaqYI4KXFVueU{odv6&&(n-8ZzB|JM5z&+jzK%HhmN&cjUTjw<~@j= z#ka}$=aVYnv7VdyK{YmFE~!BUuR2kR@QlgjCg$V~ zIaKvq*0gBUGisyAp0&#K$&h!UwaIlP$VA*0CeqShatuv3yA{uszU4&SJmy}J-h$&) zT&3o6Ml)V`7U?|ei0SzD45xCkNq|jvM12<-1WWJRsUzmzy>RLdHJjQuGSj9~M~6|b z1wYpt5_JGyy*D1WcONohz|vKBGWShH)-;i#a2&@qXV)AKazieBFe>o@1yUk3W?*ss zry7+ZEGVBGhHiHqD&gYloJ*s5XojQ|kL}SP6L-TgvLd>{1H@AL80!;Qz-iUlQ;p~>gww*qr`1%T4wTkR;Sc?QW?6ZgUgp7{5q!_(deLT z{{UpFDsk!c&_2Wf4K|J-%YB=n@@y*N7cXK3M!?&|Z)c+^T0l2{_DMTrVjl;T;Cb#~ z&e|EsGf9#E<2|$a+Is||~=6jQ9Osox@0P-V0aThKLo-(dmP<~GuL;ug`B;|kHPdV^J$$~|J5JaYfF#^vq5XxQVWJ=i=I5+eKS^;VKvdbf&mv5aieba=LdXQ?(>w?%IY_o zoTNbtl*4gG?AjmLLgCq4tmAVti0VO;5QR~%eTX_NWC`rQpAUM|HAF#NisaT#>rCM* z7;~Uz^{UZynPnbzZNg8RvpVm|_*jXV>Yybw9?Fb1P~Qy+?zyc-MPhuS3MBsm8R7Kj z#~QIlpTrbSQ+BS~@kUp1647RtZ_`XBhFLF@-rro%pcD&be4(-K{wSvqU+?gqSz=U{ zcR3+mb*Q?eLIeU1EheZN*31Uw7DO)$7M<+5!W~jx;Y))j7FLOerMPjXlJeD0nqYmc z=)e}$?TU|U^YrSw8{I*~0}dwpLYbCwiUZkMED9!~PcgG*cfb(fo)f z_}8$?pNA%G3!C}-xaoZ(X97*KRlZ3G55qt-z741NBF}mZdd;)BPN!`wvkPesayX`0 zj;W7(f}M)>sW(1WA`b(Te~l#&Dy=y_LC?xyjy7^CN}?i8j|gDR@9fQeES9Ha&ReG! z6ensMlk7GdakHZ}&AZq|z6?u~b0dpBI(9E8NgidI1S+-RiLT1f1fFcwM`oR@Uh8sB z7-b+gAB0k9gF`QbrB*sd6axh|5U;OR^vy?PAVfz~{2QunEh(@dN>! z?fcU#whChtPJf=J)x+Kgxp1fnBp35g7N$nl)vG|Up2~cZ-{gDZj`%SiNnqGyZA6`S zz4b+JF3PMR58P@+h#1#V=GH&GW46!us-ix0#@R=2xlA?oqa6J%$IL02ofuBnf#u%n z=5m6)0eomTNn_zKbdP>6lNS%-Ee`|=y+c%QGD2z1g$v)qsN=!bv_U9bUTt-pVjL+<9s%` zQ>dYKA#!caQDkb68XE~Ft|3Z!z4g9yhGh^(iPOGesIBL`N}IrkfMq0o<|Hc9 zjM^*{pLppIduEHaq1HKa_ZEY@@qPropWU!o+)~HS#gh)r zV2n<3O_uEz_z?YtiLtM6E38n%z$I{xQFvGD4SY3Z^fw&%R!#KV5)ES!Dh2T9ssEHX z33bQnGi6@)Co3b4l%nMdvd#mH&7WyH&07OIqRa;P31Vb81$Xx2v-`iA^;q#H{DL znFV>Gg9`*rK=h(|)IT;^ti~kwC3?U~tFa2nCt5`Z9lgP4>18eM%EO~XghA2)WxtG8 zypWaZx#Lvl{k|x76$J$lb1Cbyh-iF4mWN{a#JK4v-~n#A$nt-`^*V&8KT*wzwh&p z6Aczv?E%%=H!4J|)Z&6QLQ2Ba7tQU$JLFjlYY0p6D~9UP{g6h!Z>L&dJ+nG7YkT(m zez2a%eD~LF;7;6(dLMrOy9OaEN;y}e&V~NeH|uX&ocueJhX?B#zt$K%@tJlK8#;^c z^#@!=q$CqEK8FH#Y2?+}>I-lbSh)i@I*eD0Ts8R1xE}R0$0zVjxtgB|=BeWt7+g)1 z{7!yDKh}D}1nUOy2XK#zH!peyY)z^c&Kh^ zPQTE?Vg9+j2}<2~cF)40k38Wg#pd>g+!qmPaotbNCJ%LGX@TU}%7jB)%Y?ooLyzv- zR+s>gzaj&@eyx365GE$VPz>QSs~65(Tgw)SNb^a?$8!pZ3D>|8eBmjr3@tTPIDdR7 z{t!B>Dl3a!UDR44Gp0h4U13iCE#E^0egZ&=-`(F@0B^!Ih5lhi zKeYmx=X?->s?qF{*`k@>-0tZ5LR~C{?(I^4Rjfhc%bN>{x(S4#@+*eiT3B&nS>AU< zem6m7BC@p5waE`nKV0dWEuLL-+Bcgmvi?+jlc^YR-5t5KlBkeP+yuJkz!#-dXap1M zU{1j1qqZ&rozd=fPcB&8Zh=jo{A;^+Pu{l_^0EqBVkV5=ch-I1IW@oufb2Oenhn^# zV~Q+JN}f(41zbMm)wUeh=;3NZPC(YRQSXT=U#P$Zj`F6J9Ylg-_jZ;*tBOc-))g?X zA6gKxh+8i2LahMZEWoeokdo2Eu3nbqsI6EJJ-jxL=X2&Wi+prpamreT&j&oGVnMqO46caIA&(`dzU07SkaE&e zKqgZ}QDBk~!Omlbo-lRoVa%I;fB!iZ`H_r81CS|2r#8LOsK-+M#C?sbEaQY+F$UPm z`F#CT%6*N>QlhzS-iQ{1x)_Ngo)fK4k+a#P+>pz7qBA0c*v3-pQ?i<2E^0X3hnI_? zTRbj6eC_;Q6hKRWL@ubXx9aveH@|6}FEf7lg*qNwGxEvsMKZ2s_UEUDI2^+>h_oV; zX0p)l9p*gtyYgu9u(Sw4`*ecNNf!9G`3He3ipFPEz)5jkkBlM@m}-@3TvRk=PYFI{ zTF`g-Q}v1Xkg5(gYcaJyk9J345K^gA0pVwoqnt&aG1zcFFw`H+>tFTB>RE!p%BhrO z%wSaS3YFb^4k>>}e-j=J#p9eGnrUD!VRPMX`NZ zUuC%LcMY&{pYW~r=yl7}nHEahNlQKRbiA6Du9q0&;~QO(q&f2cAl%^iDyYwCseDIX zUKlif+{l;F;Ma|q+IVjVg4;@bUrGxL^mx7Q#A8P`n0GX6!oL+-!&Js0^e}nxh5dv+ z0qXUqd6lQvQC)qB5Q=rFGp5M4#%Pw0n_0uXWioC#`ud>!)&wLs*dTwIAjd1X6_LTu zZG(|x`1veBdJ)mg=PlnWz7h$VwXbrMnPGWUiXh61Q=s+W&{|Aa(DuCIcmt(obtwe` z4i3{#S$bVvaj_{Nu*KURRJ(jk8`f0+k>vdTGw2A7xl;s3VMXD~4_p$W&D=L~RM!$NArGOPJ(?>7y`)Iv+S!)f)jFkeuY-H_e#xP_ zlYhe4lIz!25vV?n)Zz*B2^OT!*wGr+;Hp9z1t zL)_Y0XlV5~JC6oJhYH>$hjH0+1%YzFa%e_aj@oABHw9QnSy;BnFoDfY20@o@5LyOW z3Ll2zFKekgm#*elWeF>^!8O*mgZ)!KJQ9nWP=6hON!0qM^u{#4M9Yt5UnlsK$Du_kuV!OMIr?l~=3{O~ixPs=>Dt_0N|HLFI?Xz&jzLZF9_G&>YZ~>Z()3_qpRmm8^LA)eYN3D`#eGy0mMzQ zW+#4CPW#4)X!auzEw-&UUt&^76n1~SdC)JYp?ahT$=q!2RlB(VE{G!w>_5cgA@;VO z)W1t9PTOi3Oq2T-=yA4!`m~&y*ig8s`Aa>WJ=;9r?QBde$s8ZCt+(Q`-g4_nAaS&W zl`}UhMbSyDC`n{*v!VXdqaQOa)M>(ZV?-$4u1%adW`RQG&^@9A(bQyMp+2P`w6pHX z_eJ;m%OVOXsROMHHF=`&Zm zpu>pgJdFVSWc_aSARQEVmO4llO@kiAwx@VMx`JwvC3`PS;9 z0y8#FVN798TN)WF@ng0x678&=FMWS8j4+~?f_Wn2p~p8S-JD5&E4ZduV07+eSe=dtgg|6L-WGTPQXma6A=~-oV}2p%g_U$)W}-3 z0)MidgM(*z*wXoB_}vHFdktnF&Bc>mX$Z5ULe!ri@ciayPPf*Dx%_5kxdh$WAx2}~ zjH{THw2!^cBWKrhfA&?*Ow2VV4nlLMKl)fw*^mrH0mqjj)M+!mBeUa)nnTltXY+iE z>sJ`UW5RDX7dT!K1=kR;3@zX_R9Fj6zB*IWt~y!$8> zbLM{~pxrsz!fVs#DP+ga=pufQCYx9_#51eFbs>kAw&YN3L~%7I`A%rb=cMZc)OWBg zw_O#sD6&9rCmX%RCroyF$bYmG-_Zik<~?j$Stma@BVsHv#{z7sUfmpMX!NVC3fosc z-!;)*S#`U0P%67y{n9So$P)|Vp>B$zIL*vxyIw(-GhrPWE!TLG7RGaRXje9zeliz@ ztKe}}o+791CD^=hJ2`+)yMCw}@@yB^^c_oC$sS={@(ZrYg!Mb}CSKqpZS+rGoZ!%5 z1;#5cNErQYH2yb+w1SfUx_@;BXSP+?&QRvd%-HYfyxx<9~zPO?>g48nTpRi?ux<5(@D!hC< zrv*@+-5rHek7YdQ9!}?{$BCLV^T{&Q%^XLxb9bBdtc9L|o^T0~4UL8gF9Q$CLl`_>b7DZoP-s@s-E#uxCfpc%>d$Gl;ttdH)0i>=sZ32| zUkpdg+e-w24gW!Z(`!U7sC+j~*mzFF}c3}DW z(jD~G!LNQyuDj&}X+vW!v7U+eyLtUp58{9vw!=4%`ND6iPUbe0WR( zr;y0gp5a2wSBHGh8c^wSQwgyf%o$}}%fw*VbTQL7(KWWmw`j5vv~BvN{hQm?0uSz- zH#Z|Qf7ZXOmldimFf`9aZV~M5wS@)d1W-ecW5z$c(yq4c{RwL~@#N+|ynA?2$-|G}lYgh*z@HB^Un7_@ z-inhjZtFlnAvco}7g3Fv)YYkV;-=p^9<$3F3tV{l?xyp&VP)IC7T@wiYCi2+f6M`I zQW(wN8Npta8eoWvZv!3p?%wp&@y{PAhmP7`7E66MMEu^aORrlu#SZ%i#I+j}kS0E1X3s6u@Wt?R5zk}uPqOflN8U#+%z=yE(Dd>30H(on8BdQ&FMc7R zW|or+0@e}9oWTZGzV+;!hu!*BqPA6i;x@fj%{%G^>Wdi-{qm7s;8yv&8#(VmY_n$V z<-oLKiR;~NypAl~@@i7nDwE9DO+7_IR7Y+XT;6^CU$)wHx{EtwPj)(e;?B~?m)0!X z+v3T6c3ke7_^${M|_xvT4PBI(A={xw2}x^+qJ zwzE0$qq~%cGnz+!wR86R0pcj5{7S6VFf!WH+i+0du~<{{!Or*5Q@FzHV_d!d@Bg_hV~yRB5R!b=WdJlm@f7>DknleA3aeK41>J4V<3BTRaRuEzJ$su;QCrcRni` zkC&UnsNr1_Yz|}#>doj_ z$#~&eExQnwlPh0NCn;%$L~s6VJraUM=V1d*uu@%4 z=9|62!crZ&m*VX%=nGhO-E}(3rrmiuM1t&><-(sUXH2*lozmR76$2s=i5sD+*oW>+ z*e(`!`lREV=!`vOM5cs$v)sfbq`*U820wy>MyBQ8?gb3)c^|X!274v8|6J^0s+m+6 z)Ol8E%%k?))a^9}R&_g*0apa;app0xH@W@IFV^<9;O~e_@DZrjv*!Wrr_G{xYQ|F% zblB<+!&X;E*qWVNWnFb3ya`;}3U1<|lX^Acp(;78R+CM>a_W@WbQ`MjTNiNs5ivqe?ij-^td{tP7?V5jGiOmE0Ine_wUDAH*d;mpY639H1>ySvQ}qgTJsFl(h=|#!&O>+91uhtv{q`_4 zt7v7k<|$R=s_77!rsdF?1lY1cN^{39*){kNV$C*9ra0N=XmwVcVt@Zw3!&-JEK8i) z;4T*xi;(tZxc*6C<^}J!tJnJzw6uV?Dz;0t!7s04F}Dg?bB zyeP5iMPNxq^SN+K7I+M64>2x8USw-%OzPQ0F0>N6FHK=AIb6Ng;wiKYu8)W2%=_9L zk9+G7H7Y;R-TdjcBJUnJBWNmYqOA>=qm7C5xKQtVBz;wrZCsRGPvsK1F2{A=QQTf> zg*Ds`_kyOU0O=B&(HY$&SjY<4GzHI%#wl%%+)1ML&s-JOzAFuz8o~RnUraRMRSIyS zGh)<$r5-EVv{u^?V;&4m-7{rkM&6Gp46&5KS)?UG5WI%cg|!bG#e9LMnK#m_2gMomP0 zm@O{Igt|m_X0o`~gO|AkKn$hG)Bg}CB9<#XPmiZgPT53IxQWg|dqJ~Vl$rUM3xs~=u9_8dB$xk0 zX|jNXgfUNtZ^m|zMY~{J>HrmJK980+5d5O)v*EU>W%g-bxP4gch^g%8%ArkRIfFCgnwq)RNXMwCxS5_mI=qWvh;Q+Eq z?W{|mN1(6)_mwZUzTDIDWmd)5aTzml0+R7##gKwe!C?coKb;A6@Kdab3d=BpQyT2s z!=%i3ZqYO>xGeYWSBX7Y-qX5^4CQ+@3m4-6`@=TYFa**4^$Ml4RBJ4jPehc&$yS z8`|jy%Wt*0c|RrXi>VlDnDdUIF)ua!l%FIFaz)d>>|x~3t>mtm>?+2rLchJB!iQw1 zx#k+lUaw)>4)Ge$XHu>=MCOK}%qazfIe_csLlHQxrm+mBko(_Xb%kfB8pyi2L%8d; zGIkz*#5g$1VBiy3B!-Cs%uxA5%hz@hkN|$a?$9C+3@(y8naXSfo9cN=+Dg-8oMF_M zuf!a7!^N(QoNvoP)93RY3S9#?u+QrEyM|qZ)x)GW21VyG_Cr=kwdt(rIdutCQfxRZ z#u4jA4ZSfbGr93%bEwY#fSu6CGWPq7sQ%NpG=hTu>ku<11-2N8RxuI7Nr#t2fYKFm#nbm&QqgAoG*|-a@AK73ET|F(TC%gh zap`HHiX!)Gn-+GiT>>&krzdIhZ}Mbqm=}a#=6L!_4K+-Li&W9mSy`ea8w)l|Dhmff ztY*8XlyO!O$p1Zb8IPzD#IS_yE5G_Lh=Yt{{V_T_W(1p@|^ zWFG!tD+lKuxNkpg9>}BETM@6mO>SEfs{N|IFzq{oUq6isAtrFsFJ>jlmrSB~1l>n< ziXJZoOKxR(6|B_2T{Q`U{_^+~n|JJI;+JSL$hwYuNQTa~r-+TNG`N}5wv!Tqnb7y= z6Z1N1y~Ozb_wsxkjyp1_l~6FxpsG_RGi@PVX12qID6#8{f)q@7`Ra-9O0jtL0*O_& zLl*B%MSN$dDMUPq)U|S}WYk3mz<*xY*&`4RZc*D_7$b!B?>E>S`af+vx8zk8)1-n+ zLn5wy$NMG~eIrj-zM`Gy@Y*PfHym!_6NJ^YZpX5@$w8n97atu?JGt`XlX0hAerjUp zW&E?RV5Qk~3HyNGfxTPUm@hr0T@47Y zukf5S8BynovzZt$2eyTAe1k$C6~?Pep%xlG*El@5>WzSR9uP?Ied1q9QfE zMZufc(bHv>E^l6WvV;MUT#Rk+vK;T4&o)(`VpT02k}^r;3;?g?&c4E^93oeaiqzIz zUIAEqC=2>oS8DmJ)C?dOhB#nHD@6BZic8vw?-HV`G;oZXq({@ainH0;>Eq79itb@H z>rpZZeP6%qcxJ*D>mEp`9$;gvCRYMvgr6=LC5)yf^>em~6{4KhqdL%vSbt~ME^;d< zFxUwL=LkW6Dy=(&8=jC{$T1XE+6B?f;;c}r$y@t^&oU#xITF43blphzj-v`CJS7>d zf^XPL5C3xYS*C;rH2*76lnn>KJQe`n(+VlN`VPkP1;~Zelv=8=6i$;Pe*ikQ5tU*f zf~sP+DRcymhM%!#r^&@)8IF|2fcF>~X0f9ax(TIV8(gJiSfJ@sFzgze9&W9Mo=O0P ziR{zlfJsUt=?0x?I%c$?5#rje`td$Zl<>Y~(8T9CL%ThOxFL+N@6_Tc41SAmpp(BB z`8gWE91Egc2_o1yFzIZ}(pU~b(-dQMnCXNALom+G&aXVe>8zjnox@Vmc?>_j#9+Zf zidHkLnm5`ClLd_8+J=4r=#-Zl%O1g3<)RLO71 zI$jP+(PUGtCPmi6Av<*!*RCXT`sSsbn!r0(Gz17gR*#Bo;O}=Ez6h#mw$dSQn!zzv zouVn9xeVC+xLecxUUB2MZD>u0w-L6x{kVPU9mP6vI)ePq!64pJnltRuJz*Db0@&U zEdnR)FB#zvLKGuShu^ouE3>~D*>P&3wb zy_nU4_RlgS(Vzgn+Wg+aRUnm zIEfGi9J@_|zPh>G@~NjJESTF=ML&J>waN|hShFpyR{U-&m=k~?@_t`;7&Nd{QD5-0 zh;VuY2b%rqA%RG{@F0G>AD7wT1qN4R)oO7H#sadZRwjC!2)kvU6S`GMgPWt|51tnU zX_rn5)s%?tYi$&Q8La>)j=$p^VI5*>uMX84W1VG?mA3!*PlR+mwUsj`C?7dBl(aUZ zyHI6T_!)mV#M98e0HLSd%48lGf)`A=axRuRwC7o3z)PKIIk40zFS2RkSREbCHO=L5YST&?sNBV1wSy%h=x69= z;vbaXDp{H$mW^~E`Y_W{#VKMk0}wuKy}sdY!{*<}cY34R6Va=q>o@vBm8&v! zN4|xbDdD@@5*lXRg!Newr*3TRmknj{s^7(@H$37bL^!Lw-9t>MLa5Ul`!V(PLKMMH z3UhOiGXV7R0}+(Eo*Pf1Ef#%c|C=&1FMN5-DyU*$k?`Evs zdq#M$fW7~1uYi9bKSAzP88am~9JTp}QctiB{pxTCJjhoCvtim|R%BjfQ-X<4bFXI4 zxbZD>vwZejPjv08Z~o|0UCh@%iaerJ-KS)o6?k4L-Z_Sne^H{ZVa(>}vh`*Ef=w$G z&+Kl33e92fS7QdE2Lfg#`m<{;xLIA}iTdU?RfOwJinUq0kP51R(_-A-zmYA^w#qT+ zLPk_zQ1(%?Kl0SmJrO;lYNEDk4B|(K5AX3+?qa6iPnb0_vUX@gyr9!3zedy1ip$B! zJ?nNsE7KoT(hhSoykq@F_4X|%UO|ANuY4zzKV3Y%T@x@PyAwzCBOG=3r(%VeSx>t6 z>UfW@nEJ)j@lCv@_1mH}O==w#Ma=G=C$ZSyR)0lTE9^$13Xe+W<96S@WXNQvO&~}8 zF&-9#EGV_6+#Z3@jtgQ@Jm6~hfTbLg2b!cMcvt4l6SFCF>SV6AnXVaZqDX?JLo9ky zQ$j{P7wSY;EYOwEgr`PNk-*w#+AEPYzWRI|zgEO=?{MtOMjNX<_-S-1+XwyhH+CjK zd?u2q(*3OIR}+}63hl_V)|r;?JQ|O(3sW5-Si}s!&wxEyOWxFLikbgP)Hr1W1OK$R zYaq{kAzhj;slGrIgB`iKu+Xohuv1xzcL@IB^S#aN3XN@LipC zqne(qyoFOzl6%%k_w@#|WnpSufZ%-|yB~q6@iaen!=k=`M)sS)*=5Rwf(RGbq-c?ZP`ecS^ z=RVg_Ap|Qds?ITEFlZSIWnt!;&}6E-lAV_KJUm~_+kVMs3uI7Se2s02ZhX%aXRcJN zfCuqwwVTpx=xp(hmFO$7I1ALuRIS_NOzfjkXEy0wJs0B{*;mfyZONyF({_Fqx{fK7I%b>J9XN zkVq*Qbn`0HXKs&j@x@=rUouy>qv@}vVMq@h(nrT1Jsn!vgolE{e){nV%5VFi8cZT6 z?>AJGW5>>+SMO>Qgc>Foez~K3mHYsIBZZ1`*W4$mKjwRWJ$reu8&e)GHv1aom`*(9 z`hE-YMifajBMaZSByF)0R6Z;;5)ds0C^ep0A6Dq5zPX5BcwN`k=|E^&Pc5XfwEO6?oMGR@GffaTMi+PtkUn%AJOi$ zw+25!ULv`#Sq`44zkEbI-ff1y`8&q-+2f+H46;e- zat*Vtw*R`+>Ni6g_#M`={w`ZNW*0y#S2d%av|Cl9nD)@&$5fURtkY#WGi~v|({u-= zG#ve5adCZ$lJTCD3hp47vr=25+u()tN$7^|9M*Z}5nK&Oxa2PXFn_6#Nc6&f(+t2I z@uyyQ!A}|$r9=-l$MTm$^zdDKoavolS?Ys><`3|gsLB{x<;3-*w1_C1JL$pxvm+9; z$sq_A9+WWDi)Hr`<8<{IIyy>;4vY^eV_#{d%FJD#mUn87lRmSL)>^t4b&uO&YO)7B zBWt4qe^^d~6gGLY7gQCcx`4ynYOIH4G-qCvnh0k=kgi}W0w{LSUnZCia>Fa69y$Cz zE*gZxFGi&aZXkzU7yI*F6g5?h^*>2#I^-h;o2l|<62ta&7=uW9o*;e`+5KuoisgH_ z=U*Bs_)vK?2^5q&PY?+_9p!7jbp6a%9268`{pjyttC@pyxX3`rW9bM zxW539|6lv0NCQ74mb$gQs`dz~Q7_giXh#Npkc~p5bke#uftS{XKH3bwsN&;a;4eu< z=C>RG<_2@B1IW(Ebiy2~s?|03-!2r*@6GD9H=F8K!5*&C(JtlTsHNd$N=$Jf|LZm2 zlMcupU$kJZra9PfeZ1ViIP{A6{hML9UB_*$b zL)?jo?G!|ymxbY9tgoiqSFh`a4<%UY#ijQ9KC`^1T`sX&pFFTv1U6vf> z=5enM@fmE25nTT>pugCinsjDJ4qBsYOvOq1|0gae6-=eXf)~+%gL@3n|JaW5hf}D+ z{`cC4e^_sT2C(s_I#8epfgSv{naCzk0hU2V+83`V-atp+|7*{+VZ$x1TZb5`^Mi}# z|M#%r*E=JN=0}g`iCU8{jAKE1lST0gN?tT9e zJIxkw^}l!c_wq|2w8rVdu>q%Tv2Y4(tCdH5J;?645n}XVAM%?0+HB(Fw@VJ*&R`gIoJ@=FP({0n>k| zghD{FQ?b`~`s@(rA65EF5>2Q&EWMG4g+z(; z8O^)9kNi&~F~>-jy>F3k_E_;@!i7ruJdihSPGv^^_gphPFKP{Z!N41irv694{}%Mm z4|zAl(3(+X(oznEkE;yq-qyAU?>{TDUYw~PT$9M^<9s$cxcGR1wJQ9OsIPm{=6W4a wUv@iHt$&}de~0_O8JC3Ub0YTve2-_3D4L4;cKxEm1b;iEK=R_qyy9>F55b|_cmMzZ literal 0 HcmV?d00001 diff --git a/filebeat/module/zeek/_meta/kibana/7/dashboard/Filebeat-Zeek-Overview.json b/filebeat/module/zeek/_meta/kibana/7/dashboard/Filebeat-Zeek-Overview.json new file mode 100644 index 00000000000..aa21435d3db --- /dev/null +++ b/filebeat/module/zeek/_meta/kibana/7/dashboard/Filebeat-Zeek-Overview.json @@ -0,0 +1,859 @@ +{ + "objects": [ + { + "attributes": { + "description": "Overview of Zeek", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 20, + "i": "1", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.0.0-beta1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "2", + "w": 16, + "x": 0, + "y": 20 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.0.0-beta1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 16, + "x": 16, + "y": 20 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.0.0-beta1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "4", + "w": 16, + "x": 32, + "y": 20 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.0.0-beta1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "5", + "w": 16, + "x": 0, + "y": 32 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.0.0-beta1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "6", + "w": 16, + "x": 16, + "y": 32 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "7.0.0-beta1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "7", + "w": 16, + "x": 32, + "y": 32 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "version": "7.0.0-beta1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "8", + "w": 48, + "x": 0, + "y": 44 + }, + "panelIndex": "8", + "panelRefName": "panel_7", + "version": "7.0.0-beta1" + } + ], + "timeRestore": false, + "title": "[Filebeat Zeek] Overview", + "version": 1 + }, + "id": "7cbb5410-3700-11e9-aa6d-ff445a78330c", + "migrationVersion": { + "dashboard": "7.0.0" + }, + "references": [ + { + "id": "f469f230-370c-11e9-aa6d-ff445a78330c", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "1df7ea80-370d-11e9-aa6d-ff445a78330c", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "466e5850-370d-11e9-aa6d-ff445a78330c", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "649acd40-370d-11e9-aa6d-ff445a78330c", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "9436c270-370d-11e9-aa6d-ff445a78330c", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "bec2f0e0-370d-11e9-aa6d-ff445a78330c", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "e042fda0-370d-11e9-aa6d-ff445a78330c", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "f8c40810-370d-11e9-aa6d-ff445a78330c", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2019-02-23T05:05:18.205Z", + "version": "WzMxMTYsNF0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Destination Geo [Filebeat Zeek]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "destination.geo.location", + "isFilteredByCollar": true, + "mapCenter": [ + 0, + 0 + ], + "mapZoom": 2, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "colorSchema": "Yellow to Red", + "dimensions": { + "geocentroid": null, + "geohash": null, + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + } + } + }, + "title": "Destination Geo [Filebeat Zeek]", + "type": "tile_map" + } + }, + "id": "f469f230-370c-11e9-aa6d-ff445a78330c", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-02-26T00:06:27.634Z", + "version": "WzMyNzUsNV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Network Transport [Filebeat Zeek]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Network Transport [Filebeat Zeek]", + "type": "pie" + } + }, + "id": "1df7ea80-370d-11e9-aa6d-ff445a78330c", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-02-26T00:07:08.521Z", + "version": "WzMyNzgsNV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Network Application [Filebeat Zeek]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.application", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Network Application [Filebeat Zeek]", + "type": "pie" + } + }, + "id": "466e5850-370d-11e9-aa6d-ff445a78330c", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-02-26T00:06:41.868Z", + "version": "WzMyNzYsNV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Network Traffic Direction [Filebeat Zeek]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.direction", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Network Traffic Direction [Filebeat Zeek]", + "type": "pie" + } + }, + "id": "649acd40-370d-11e9-aa6d-ff445a78330c", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-02-26T00:06:55.885Z", + "version": "WzMyNzcsNV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top DNS Domains [Filebeat Zeek]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "zeek.dns.query", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Top DNS Domains [Filebeat Zeek]", + "type": "pie" + } + }, + "id": "9436c270-370d-11e9-aa6d-ff445a78330c", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-02-26T00:07:23.763Z", + "version": "WzMyNzksNV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top URL Domains [Filebeat Zeek]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "url.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Top URL Domains [Filebeat Zeek]", + "type": "pie" + } + }, + "id": "bec2f0e0-370d-11e9-aa6d-ff445a78330c", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-02-26T00:07:49.910Z", + "version": "WzMyODEsNV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top SSL Servers [Filebeat Zeek]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "zeek.ssl.server_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Top SSL Servers [Filebeat Zeek]", + "type": "pie" + } + }, + "id": "e042fda0-370d-11e9-aa6d-ff445a78330c", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2019-02-26T00:07:36.653Z", + "version": "WzMyODAsNV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Number of Sessions Overtime [Filebeat Zeek]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Number of Sessions Overtime [Filebeat Zeek]", + "type": "metrics" + } + }, + "id": "f8c40810-370d-11e9-aa6d-ff445a78330c", + "migrationVersion": { + "visualization": "7.0.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2019-02-26T00:05:56.379Z", + "version": "WzMyNzQsNV0=" + } + ], + "version": "7.0.0-beta1" +} diff --git a/filebeat/module/zeek/capture_loss/_meta/fields.yml b/filebeat/module/zeek/capture_loss/_meta/fields.yml new file mode 100644 index 00000000000..de9ff078f0c --- /dev/null +++ b/filebeat/module/zeek/capture_loss/_meta/fields.yml @@ -0,0 +1,29 @@ +- name: capture_loss + type: group + description: > + Fields exported by the Zeek capture_loss log + fields: + - name: ts_delta + type: integer + description: | + The time delay between this measurement and the last. + + - name: peer + type: keyword + description: | + In the event that there are multiple Bro instances logging to the same host, this distinguishes each peer with its individual name. + + - name: gaps + type: integer + description: | + Number of missed ACKs from the previous measurement interval. + + - name: acks + type: integer + description: | + Total number of ACKs seen in the previous measurement interval. + + - name: percent_lost + type: double + description: | + Percentage of ACKs seen where the data being ACKed wasn't seen. diff --git a/filebeat/module/zeek/capture_loss/config/capture_loss.yml b/filebeat/module/zeek/capture_loss/config/capture_loss.yml new file mode 100644 index 00000000000..7e1f631776f --- /dev/null +++ b/filebeat/module/zeek/capture_loss/config/capture_loss.yml @@ -0,0 +1,20 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true + +processors: + - rename: + fields: + - from: "json" + to: "zeek.capture_loss" + + ignore_missing: true + fail_on_error: false diff --git a/filebeat/module/zeek/capture_loss/ingest/pipeline.yml b/filebeat/module/zeek/capture_loss/ingest/pipeline.yml new file mode 100644 index 00000000000..3c6171bc045 --- /dev/null +++ b/filebeat/module/zeek/capture_loss/ingest/pipeline.yml @@ -0,0 +1,21 @@ +description: Pipeline for normalizing Zeek capture_loss.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.capture_loss.ts + formats: + - UNIX +- remove: + field: zeek.capture_loss.ts +- set: + field: event.kind + value: metric +- set: + field: event.type + value: info +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/capture_loss/manifest.yml b/filebeat/module/zeek/capture_loss/manifest.yml new file mode 100644 index 00000000000..5349b0581c6 --- /dev/null +++ b/filebeat/module/zeek/capture_loss/manifest.yml @@ -0,0 +1,15 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/capture_loss.log + os.linux: + - /var/log/bro/current/capture_loss.log + os.darwin: + - /usr/local/var/logs/current/capture_loss.log + - name: tags + default: [zeek.capture_loss] + +ingest_pipeline: ingest/pipeline.yml +input: config/capture_loss.yml diff --git a/filebeat/module/zeek/capture_loss/test/capture_loss-json.log b/filebeat/module/zeek/capture_loss/test/capture_loss-json.log new file mode 100644 index 00000000000..d45d8bcd82f --- /dev/null +++ b/filebeat/module/zeek/capture_loss/test/capture_loss-json.log @@ -0,0 +1 @@ +{"ts":1568132368.465338,"ts_delta":32.282249,"peer":"bro","gaps":0,"acks":206,"percent_lost":0.0} diff --git a/filebeat/module/zeek/capture_loss/test/capture_loss-json.log-expected.json b/filebeat/module/zeek/capture_loss/test/capture_loss-json.log-expected.json new file mode 100644 index 00000000000..14f20eb3189 --- /dev/null +++ b/filebeat/module/zeek/capture_loss/test/capture_loss-json.log-expected.json @@ -0,0 +1,21 @@ +[ + { + "@timestamp": "2019-09-10T16:19:28.465Z", + "event.dataset": "zeek.capture_loss", + "event.kind": "metric", + "event.module": "zeek", + "event.type": "info", + "fileset.name": "capture_loss", + "input.type": "log", + "log.offset": 0, + "service.type": "zeek", + "tags": [ + "zeek.capture_loss" + ], + "zeek.capture_loss.acks": 206, + "zeek.capture_loss.gaps": 0, + "zeek.capture_loss.peer": "bro", + "zeek.capture_loss.percent_lost": 0, + "zeek.capture_loss.ts_delta": 32.282249 + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/connection/_meta/fields.yml b/filebeat/module/zeek/connection/_meta/fields.yml new file mode 100644 index 00000000000..73cd048d1bf --- /dev/null +++ b/filebeat/module/zeek/connection/_meta/fields.yml @@ -0,0 +1,59 @@ +- name: connection + type: group + default_field: false + description: > + Fields exported by the Zeek Connection log + fields: + - name: local_orig + type: boolean + description: > + Indicates whether the session is originated locally. + + - name: local_resp + type: boolean + description: > + Indicates whether the session is responded locally. + + - name: missed_bytes + type: long + description: > + Missed bytes for the session. + + - name: state + type: keyword + description: > + Code indicating the state of the session. + + - name: state_message + type: keyword + description: > + The state of the session. + + - name: icmp + type: group + fields: + - name: type + type: integer + description: > + ICMP message type. + + - name: code + type: integer + description: > + ICMP message code. + + - name: history + type: keyword + description: > + Flags indicating the history of the session. + + - name: vlan + type: integer + description: > + VLAN identifier. + + - name: inner_vlan + type: integer + description: > + VLAN identifier. + diff --git a/filebeat/module/zeek/connection/config/connection.yml b/filebeat/module/zeek/connection/config/connection.yml new file mode 100644 index 00000000000..f91d24f8020 --- /dev/null +++ b/filebeat/module/zeek/connection/config/connection.yml @@ -0,0 +1,101 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +processors: + - drop_fields: + fields: ["json.orig_bytes","json.resp_bytes","json.tunnel_parents"] + - rename: + fields: + - from: "json" + to: "zeek.connection" + + - from: "zeek.connection.duration" + to: "temp.duration" + + - from: "zeek.connection.id.orig_h" + to: "source.address" + + - from: "zeek.connection.id.orig_p" + to: "source.port" + + - from: "zeek.connection.id.resp_h" + to: "destination.address" + + - from: "zeek.connection.id.resp_p" + to: "destination.port" + + - from: "zeek.connection.proto" + to: "network.transport" + + - from: "zeek.connection.service" + to: "network.protocol" + + - from: "zeek.connection.uid" + to: "zeek.session_id" + + - from: "zeek.connection.orig_ip_bytes" + to: "source.bytes" + + - from: "zeek.connection.resp_ip_bytes" + to: "destination.bytes" + + - from: "zeek.connection.orig_pkts" + to: "source.packets" + + - from: "zeek.connection.resp_pkts" + to: "destination.packets" + + - from: "zeek.connection.conn_state" + to: "zeek.connection.state" + + - from: "zeek.connection.orig_l2_addr" + to: "source.mac" + + - from: "zeek.connection.resp_l2_addr" + to: "destination.mac" + + ignore_missing: true + fail_on_error: false + + - rename: + when.equals.network.transport: icmp + fields: + - from: "source.port" + to: "zeek.connection.icmp.type" + + - from: "destination.port" + to: "zeek.connection.icmp.code" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + category: + - network +{{ if .community_id }} + - if: + equals.network.transport: icmp + then: + community_id: + fields: + icmp_type: zeek.connection.icmp.type + icmp_code: zeek.connection.icmp.code + else: + community_id: +{{ end }} diff --git a/filebeat/module/zeek/connection/ingest/pipeline.yml b/filebeat/module/zeek/connection/ingest/pipeline.yml new file mode 100644 index 00000000000..b660079324a --- /dev/null +++ b/filebeat/module/zeek/connection/ingest/pipeline.yml @@ -0,0 +1,187 @@ +description: Pipeline for normalizing Zeek conn.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.connection.ts + formats: + - UNIX +- remove: + field: zeek.connection.ts +- set: + field: event.id + value: '{{zeek.session_id}}' + if: ctx.zeek.session_id != null +- script: + source: ctx.event.duration = Math.round(ctx.temp.duration * params.scale) + params: + scale: 1000000000 + if: ctx.temp?.duration != null +- remove: + field: temp.duration + ignore_missing: true +- script: + source: if (ctx.zeek.connection.local_orig) ctx.tags.add("local_orig"); + if: ctx.zeek.connection.local_orig != null +- script: + source: if (ctx.zeek.connection.local_resp) ctx.tags.add("local_resp"); + if: ctx.zeek.connection.local_resp != null +- set: + field: source.ip + value: '{{source.address}}' +- append: + field: related.ip + value: '{{source.address}}' +- set: + field: destination.ip + value: '{{destination.address}}' +- append: + field: related.ip + value: '{{destination.address}}' +- script: + source: ctx.network.packets = ctx.source.packets + ctx.destination.packets + ignore_failure: true +- script: + source: ctx.network.bytes = ctx.source.bytes + ctx.destination.bytes + ignore_failure: true +- script: + source: >- + if (ctx?.zeek?.connection?.local_orig == true) { + if (ctx?.zeek?.connection?.local_resp == true) { + ctx.network.direction = "internal"; + } else { + ctx.network.direction = "outbound"; + } + } else { + if (ctx?.zeek?.connection?.local_resp == true) { + ctx.network.direction = "inbound"; + } else { + ctx.network.direction = "external"; + } + } +- geoip: + field: destination.ip + target_field: destination.geo +- geoip: + field: source.ip + target_field: source.geo +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- set: + field: event.kind + value: event +- append: + field: event.category + value: network +- script: + params: + S0: + conn_str: "Connection attempt seen, no reply." + types: + - connection + - start + S1: + conn_str: "Connection established, not terminated." + types: + - connection + - start + SF: + conn_str: "Normal establishment and termination." + types: + - connection + - start + - end + REG: + conn_str: "Connection attempt rejected." + types: + - connection + - start + - denied + S2: + conn_str: "Connection established and close attempt by originator seen (but no reply from responder)." + types: + - connection + - info + S3: + conn_str: "Connection established and close attempt by responder seen (but no reply from originator)." + types: + - connection + - info + RSTO: + conn_str: "Connection established, originator aborted (sent a RST)." + types: + - connection + - info + RSTR: + conn_str: "Responder sent a RST." + types: + - connection + - info + RSTOS0: + conn_str: "Originator sent a SYN followed by a RST, we never saw a SYN-ACK from the responder." + types: + - connection + - info + RSTRH: + conn_str: "Responder sent a SYN ACK followed by a RST, we never saw a SYN from the (purported) originator." + types: + - connection + - info + SH: + conn_str: "Originator sent a SYN followed by a FIN, we never saw a SYN ACK from the responder (hence the connection was 'half' open)." + types: + - connection + - info + SHR: + conn_str: "Responder sent a SYN ACK followed by a FIN, we never saw a SYN from the originator." + types: + - connection + - info + OTH: + conn_str: "No SYN seen, just midstream traffic (a 'partial connection' that was not later closed)." + types: + - connection + - info + source: >- + if (ctx?.zeek?.connection?.state == null) { + return; + } + if (params.containsKey(ctx.zeek.connection.state)) { + ctx.zeek.connection.state_message = params[ctx.zeek.connection.state]["conn_str"]; + ctx.event.type = params[ctx.zeek.connection.state]["types"]; + } +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/connection/manifest.yml b/filebeat/module/zeek/connection/manifest.yml new file mode 100644 index 00000000000..0acad34d69c --- /dev/null +++ b/filebeat/module/zeek/connection/manifest.yml @@ -0,0 +1,21 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/conn.log + os.linux: + - /var/log/bro/current/conn.log + os.darwin: + - /usr/local/var/logs/current/conn.log + - name: tags + default: [zeek.connection] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/connection.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/filebeat/module/zeek/connection/test/connection-json.log b/filebeat/module/zeek/connection/test/connection-json.log new file mode 100644 index 00000000000..ea58b37315e --- /dev/null +++ b/filebeat/module/zeek/connection/test/connection-json.log @@ -0,0 +1,4 @@ +{"ts":1547188415.857497,"uid":"CAcJw21BbVedgFnYH3","id.orig_h":"192.168.86.167","id.orig_p":38339,"id.resp_h":"192.168.86.1","id.resp_p":53,"proto":"udp","service":"dns","duration":0.076967,"orig_bytes":75,"resp_bytes":178,"conn_state":"SF","local_orig":true,"local_resp":true,"missed_bytes":0,"history":"Dd","orig_pkts":1,"orig_ip_bytes":103,"resp_pkts":1,"resp_ip_bytes":206,"tunnel_parents":[]} +{"ts":1547188416.857497,"uid":"CAcJw21BbVedgFnYH4","id.orig_h":"192.168.86.167","id.orig_p":38340,"id.resp_h":"8.8.8.8","id.resp_p":53,"proto":"udp","service":"dns","duration":0.076967,"orig_bytes":75,"resp_bytes":178,"conn_state":"SF","local_orig":true,"local_resp":false,"missed_bytes":0,"history":"Dd","orig_pkts":1,"orig_ip_bytes":103,"resp_pkts":1,"resp_ip_bytes":206,"tunnel_parents":[]} +{"ts":1547188417.857497,"uid":"CAcJw21BbVedgFnYH5","id.orig_h":"4.4.2.2","id.orig_p":383341,"id.resp_h":"8.8.8.8","id.resp_p":53,"proto":"udp","service":"dns","duration":0.076967,"orig_bytes":75,"resp_bytes":178,"conn_state":"SF","local_orig":false,"local_resp":false,"missed_bytes":0,"history":"Dd","orig_pkts":1,"orig_ip_bytes":103,"resp_pkts":1,"resp_ip_bytes":206,"tunnel_parents":[]} +{"ts":1551399000.57855,"uid":"Cc6NJ3GRlfjE44I3h","id.orig_h":"192.0.2.205","id.orig_p":3,"id.resp_h":"198.51.100.249","id.resp_p":3,"proto":"icmp","conn_state":"OTH","local_orig":false,"local_resp":false,"missed_bytes":0,"orig_pkts":1,"orig_ip_bytes":107,"resp_pkts":0,"resp_ip_bytes":0,"tunnel_parents":[]} diff --git a/filebeat/module/zeek/connection/test/connection-json.log-expected.json b/filebeat/module/zeek/connection/test/connection-json.log-expected.json new file mode 100644 index 00000000000..35a539b1493 --- /dev/null +++ b/filebeat/module/zeek/connection/test/connection-json.log-expected.json @@ -0,0 +1,223 @@ +[ + { + "@timestamp": "2019-01-11T06:33:35.857Z", + "destination.address": "192.168.86.1", + "destination.bytes": 206, + "destination.ip": "192.168.86.1", + "destination.packets": 1, + "destination.port": 53, + "event.category": [ + "network", + "network" + ], + "event.dataset": "zeek.connection", + "event.duration": 76967000, + "event.id": "CAcJw21BbVedgFnYH3", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "connection", + "start", + "end" + ], + "fileset.name": "connection", + "input.type": "log", + "log.offset": 0, + "network.bytes": 309, + "network.community_id": "1:Z26DBGVYoBKQ1FT6qfPaAqBnJik=", + "network.direction": "internal", + "network.packets": 2, + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "192.168.86.167", + "192.168.86.1" + ], + "service.type": "zeek", + "source.address": "192.168.86.167", + "source.bytes": 103, + "source.ip": "192.168.86.167", + "source.packets": 1, + "source.port": 38339, + "tags": [ + "zeek.connection", + "local_orig", + "local_resp" + ], + "zeek.connection.history": "Dd", + "zeek.connection.local_orig": true, + "zeek.connection.local_resp": true, + "zeek.connection.missed_bytes": 0, + "zeek.connection.state": "SF", + "zeek.connection.state_message": "Normal establishment and termination.", + "zeek.session_id": "CAcJw21BbVedgFnYH3" + }, + { + "@timestamp": "2019-01-11T06:33:36.857Z", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 206, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.packets": 1, + "destination.port": 53, + "event.category": [ + "network", + "network" + ], + "event.dataset": "zeek.connection", + "event.duration": 76967000, + "event.id": "CAcJw21BbVedgFnYH4", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "connection", + "start", + "end" + ], + "fileset.name": "connection", + "input.type": "log", + "log.offset": 398, + "network.bytes": 309, + "network.community_id": "1:77KJyeznYjdDxCSKdZhW89aAaBI=", + "network.direction": "outbound", + "network.packets": 2, + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "192.168.86.167", + "8.8.8.8" + ], + "service.type": "zeek", + "source.address": "192.168.86.167", + "source.bytes": 103, + "source.ip": "192.168.86.167", + "source.packets": 1, + "source.port": 38340, + "tags": [ + "zeek.connection", + "local_orig" + ], + "zeek.connection.history": "Dd", + "zeek.connection.local_orig": true, + "zeek.connection.local_resp": false, + "zeek.connection.missed_bytes": 0, + "zeek.connection.state": "SF", + "zeek.connection.state_message": "Normal establishment and termination.", + "zeek.session_id": "CAcJw21BbVedgFnYH4" + }, + { + "@timestamp": "2019-01-11T06:33:37.857Z", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 206, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.packets": 1, + "destination.port": 53, + "event.category": [ + "network", + "network" + ], + "event.dataset": "zeek.connection", + "event.duration": 76967000, + "event.id": "CAcJw21BbVedgFnYH5", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "connection", + "start", + "end" + ], + "fileset.name": "connection", + "input.type": "log", + "log.offset": 792, + "network.bytes": 309, + "network.community_id": "1:9xAq+MIBct9Is73ErTrU/RZ+Nq0=", + "network.direction": "external", + "network.packets": 2, + "network.protocol": "dns", + "network.transport": "udp", + "related.ip": [ + "4.4.2.2", + "8.8.8.8" + ], + "service.type": "zeek", + "source.address": "4.4.2.2", + "source.as.number": 3356, + "source.as.organization.name": "Level 3 Parent, LLC", + "source.bytes": 103, + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.ip": "4.4.2.2", + "source.packets": 1, + "source.port": 383341, + "tags": [ + "zeek.connection" + ], + "zeek.connection.history": "Dd", + "zeek.connection.local_orig": false, + "zeek.connection.local_resp": false, + "zeek.connection.missed_bytes": 0, + "zeek.connection.state": "SF", + "zeek.connection.state_message": "Normal establishment and termination.", + "zeek.session_id": "CAcJw21BbVedgFnYH5" + }, + { + "@timestamp": "2019-03-01T00:10:00.578Z", + "destination.address": "198.51.100.249", + "destination.bytes": 0, + "destination.ip": "198.51.100.249", + "destination.packets": 0, + "event.category": [ + "network", + "network" + ], + "event.dataset": "zeek.connection", + "event.id": "Cc6NJ3GRlfjE44I3h", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "connection", + "info" + ], + "fileset.name": "connection", + "input.type": "log", + "log.offset": 1181, + "network.bytes": 107, + "network.community_id": "1:gzTID87+KHoT4RFDSqb5aInTPeg=", + "network.direction": "external", + "network.packets": 1, + "network.transport": "icmp", + "related.ip": [ + "192.0.2.205", + "198.51.100.249" + ], + "service.type": "zeek", + "source.address": "192.0.2.205", + "source.bytes": 107, + "source.ip": "192.0.2.205", + "source.packets": 1, + "tags": [ + "zeek.connection" + ], + "zeek.connection.icmp.code": 3, + "zeek.connection.icmp.type": 3, + "zeek.connection.local_orig": false, + "zeek.connection.local_resp": false, + "zeek.connection.missed_bytes": 0, + "zeek.connection.state": "OTH", + "zeek.connection.state_message": "No SYN seen, just midstream traffic (a 'partial connection' that was not later closed).", + "zeek.session_id": "Cc6NJ3GRlfjE44I3h" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/dce_rpc/_meta/fields.yml b/filebeat/module/zeek/dce_rpc/_meta/fields.yml new file mode 100644 index 00000000000..77316f81e8d --- /dev/null +++ b/filebeat/module/zeek/dce_rpc/_meta/fields.yml @@ -0,0 +1,25 @@ +- name: dce_rpc + type: group + default_field: false + description: > + Fields exported by the Zeek DCE_RPC log + fields: + - name: rtt + type: integer + description: | + Round trip time from the request to the response. If either the request or response wasn't seen, this will be null. + + - name: named_pipe + type: keyword + description: | + Remote pipe name. + + - name: endpoint + type: keyword + description: | + Endpoint name looked up from the uuid. + + - name: operation + type: keyword + description: | + Operation seen in the call. diff --git a/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml b/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml new file mode 100644 index 00000000000..0ba1b0fc673 --- /dev/null +++ b/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml @@ -0,0 +1,58 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.transport: tcp + network.protocol: dce_rpc + +processors: + - rename: + fields: + - from: "json" + to: "zeek.dce_rpc" + + - from: "zeek.dce_rpc.id.orig_h" + to: "source.address" + + - from: "zeek.dce_rpc.id.orig_p" + to: "source.port" + + - from: "zeek.dce_rpc.id.resp_h" + to: "destination.address" + + - from: "zeek.dce_rpc.id.resp_p" + to: "destination.port" + + - from: "zeek.dce_rpc.uid" + to: "zeek.session_id" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + category: + - network + type: + - connection + - protocol + - info +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/dce_rpc/ingest/pipeline.yml b/filebeat/module/zeek/dce_rpc/ingest/pipeline.yml new file mode 100644 index 00000000000..1ecda252cc8 --- /dev/null +++ b/filebeat/module/zeek/dce_rpc/ingest/pipeline.yml @@ -0,0 +1,63 @@ +description: Pipeline for normalizing Zeek dce_rpc.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.dce_rpc.ts + formats: + - UNIX +- remove: + field: zeek.dce_rpc.ts +- append: + field: related.ip + value: '{{source.ip}}' +- geoip: + field: source.ip + target_field: source.geo +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- append: + field: related.ip + value: '{{destination.ip}}' +- geoip: + field: destination.ip + target_field: destination.geo +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- set: + field: event.action + value: '{{zeek.dce_rpc.operation}}' + if: "ctx?.zeek?.dce_rpc?.operation != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/dce_rpc/manifest.yml b/filebeat/module/zeek/dce_rpc/manifest.yml new file mode 100644 index 00000000000..21ba27eac96 --- /dev/null +++ b/filebeat/module/zeek/dce_rpc/manifest.yml @@ -0,0 +1,17 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/dce_rpc.log + os.linux: + - /var/log/bro/current/dce_rpc.log + os.darwin: + - /usr/local/var/logs/current/dce_rpc.log + - name: tags + default: [zeek.dce_rpc] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/dce_rpc.yml diff --git a/filebeat/module/zeek/dce_rpc/test/dce_rpc-json.log b/filebeat/module/zeek/dce_rpc/test/dce_rpc-json.log new file mode 100644 index 00000000000..aa096fd53b5 --- /dev/null +++ b/filebeat/module/zeek/dce_rpc/test/dce_rpc-json.log @@ -0,0 +1 @@ +{"ts":1361916332.298338,"uid":"CsNHVHa1lzFtvJzT8","id.orig_h":"172.16.133.6","id.orig_p":1728,"id.resp_h":"172.16.128.202","id.resp_p":445,"rtt":0.09211,"named_pipe":"\u005cPIPE\u005cbrowser","endpoint":"browser","operation":"BrowserrQueryOtherDomains"} diff --git a/filebeat/module/zeek/dce_rpc/test/dce_rpc-json.log-expected.json b/filebeat/module/zeek/dce_rpc/test/dce_rpc-json.log-expected.json new file mode 100644 index 00000000000..6128801caa7 --- /dev/null +++ b/filebeat/module/zeek/dce_rpc/test/dce_rpc-json.log-expected.json @@ -0,0 +1,43 @@ +[ + { + "@timestamp": "2013-02-26T22:05:32.298Z", + "destination.address": "172.16.128.202", + "destination.ip": "172.16.128.202", + "destination.port": 445, + "event.action": "BrowserrQueryOtherDomains", + "event.category": [ + "network" + ], + "event.dataset": "zeek.dce_rpc", + "event.id": "CsNHVHa1lzFtvJzT8", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "connection", + "protocol", + "info" + ], + "fileset.name": "dce_rpc", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:SJNAD5vtzZuhQjGtfaI8svTnyuw=", + "network.protocol": "dce_rpc", + "network.transport": "tcp", + "related.ip": [ + "172.16.133.6", + "172.16.128.202" + ], + "service.type": "zeek", + "source.address": "172.16.133.6", + "source.ip": "172.16.133.6", + "source.port": 1728, + "tags": [ + "zeek.dce_rpc" + ], + "zeek.dce_rpc.endpoint": "browser", + "zeek.dce_rpc.named_pipe": "\\PIPE\\browser", + "zeek.dce_rpc.operation": "BrowserrQueryOtherDomains", + "zeek.dce_rpc.rtt": 0.09211, + "zeek.session_id": "CsNHVHa1lzFtvJzT8" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/dhcp/_meta/fields.yml b/filebeat/module/zeek/dhcp/_meta/fields.yml new file mode 100644 index 00000000000..d90e6088d1a --- /dev/null +++ b/filebeat/module/zeek/dhcp/_meta/fields.yml @@ -0,0 +1,133 @@ +- name: dhcp + type: group + default_field: false + description: > + Fields exported by the Zeek DHCP log + fields: + - name: domain + type: keyword + description: > + Domain given by the server in option 15. + + - name: duration + type: double + description: | + Duration of the DHCP session representing the time from the first + message to the last, in seconds. + + - name: hostname + type: keyword + description: > + Name given by client in Hostname option 12. + + - name: client_fqdn + type: keyword + description: > + FQDN given by client in Client FQDN option 81. + + - name: lease_time + type: integer + description: > + IP address lease interval in seconds. + + - name: address + type: group + description: > + Addresses seen in this DHCP exchange. + fields: + - name: assigned + type: ip + description: > + IP address assigned by the server. + + - name: client + type: ip + description: | + IP address of the client. If a transaction is only a client sending + INFORM messages then there is no lease information exchanged so this + is helpful to know who sent the messages. Getting an address in this + field does require that the client sources at least one DHCP message + using a non-broadcast address. + + - name: mac + type: keyword + description: > + Client's hardware address. + + - name: requested + type: ip + description: > + IP address requested by the client. + + - name: server + type: ip + description: > + IP address of the DHCP server. + + - name: msg + type: group + fields: + - name: types + type: keyword + description: > + List of DHCP message types seen in this exchange. + + - name: origin + type: ip + description: | + (present if policy/protocols/dhcp/msg-orig.bro is loaded) + The address that originated each message from the msg.types field. + + - name: client + type: keyword + description: | + Message typically accompanied with a DHCP_DECLINE so the client can + tell the server why it rejected an address. + + - name: server + type: keyword + description: | + Message typically accompanied with a DHCP_NAK to let the client know + why it rejected the request. + + - name: software + type: group + fields: + - name: client + type: keyword + description: | + (present if policy/protocols/dhcp/software.bro is loaded) + Software reported by the client in the vendor_class option. + + - name: server + type: keyword + description: | + (present if policy/protocols/dhcp/software.bro is loaded) + Software reported by the client in the vendor_class option. + + - name: id + type: group + fields: + - name: circuit + type: keyword + description: | + (present if policy/protocols/dhcp/sub-opts.bro is loaded) + Added by DHCP relay agents which terminate switched or permanent + circuits. It encodes an agent-local identifier of the circuit from + which a DHCP client-to-server packet was received. Typically it + should represent a router or switch interface number. + + - name: remote_agent + type: keyword + description: | + (present if policy/protocols/dhcp/sub-opts.bro is loaded) + A globally unique identifier added by relay agents to identify the + remote host end of the circuit. + + - name: subscriber + type: keyword + description: | + (present if policy/protocols/dhcp/sub-opts.bro is loaded) + The subscriber ID is a value independent of the physical network + configuration so that a customer's DHCP configuration can be given + to them correctly no matter where they are physically connected. diff --git a/filebeat/module/zeek/dhcp/config/dhcp.yml b/filebeat/module/zeek/dhcp/config/dhcp.yml new file mode 100644 index 00000000000..97c45a17920 --- /dev/null +++ b/filebeat/module/zeek/dhcp/config/dhcp.yml @@ -0,0 +1,120 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.transport: udp + network.protocol: dhcp + +processors: + - rename: + fields: + - from: "json" + to: "zeek.dhcp" + + - from: "zeek.dhcp.uids" + to: "zeek.session_id" + + - from: "zeek.dhcp.assigned_addr" + to: "zeek.dhcp.address.assigned" + + - from: "zeek.dhcp.client_addr" + to: "zeek.dhcp.address.client" + + - from: "zeek.dhcp.mac" + to: "zeek.dhcp.address.mac" + + - from: "zeek.dhcp.requested_addr" + to: "zeek.dhcp.address.requested" + + - from: "zeek.dhcp.server_addr" + to: "zeek.dhcp.address.server" + + - from: "zeek.dhcp.host_name" + to: "zeek.dhcp.hostname" + + - from: "zeek.dhcp.client_message" + to: "zeek.dhcp.msg.client" + + - from: "zeek.dhcp.server_message" + to: "zeek.dhcp.msg.server" + + - from: "zeek.dhcp.msg_types" + to: "zeek.dhcp.msg.types" + + - from: "zeek.dhcp.msg_orig" + to: "zeek.dhcp.msg.origin" + + - from: "zeek.dhcp.client_software" + to: "zeek.dhcp.software.client" + + - from: "zeek.dhcp.server_software" + to: "zeek.dhcp.software.server" + + - from: "zeek.dhcp.circuit_id" + to: "zeek.dhcp.id.circuit" + + - from: "zeek.dhcp.agent_remote_id" + to: "zeek.dhcp.id.remote_agent" + + - from: "zeek.dhcp.subscriber_id" + to: "zeek.dhcp.id.subscriber" + + - from: "zeek.dhcp.client_port" + to: "source.port" + + - from: "zeek.dhcp.server_port" + to: "destination.port" + + ignore_missing: true + fail_on_error: false + + - if: + not: + has_fields: ["source.port"] + then: + - add_fields: + target: source + fields: + port: 68 + + - if: + not: + has_fields: ["destination.port"] + then: + - add_fields: + target: destination + fields: + port: 67 + + - convert: + fields: + - {from: "zeek.dhcp.address.client", to: "source.address"} + - {from: "zeek.dhcp.address.client", to: "source.ip", type: "ip"} + - {from: "zeek.dhcp.address.client", to: "client.address"} + - {from: "zeek.dhcp.address.server", to: "destination.address"} + - {from: "zeek.dhcp.address.server", to: "destination.ip", type: "ip"} + - {from: "zeek.dhcp.address.server", to: "server.address"} + - {from: "zeek.dhcp.domain", to: "network.name"} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + category: + - network + type: + - connection + - protocol + - info +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/dhcp/ingest/pipeline.yml b/filebeat/module/zeek/dhcp/ingest/pipeline.yml new file mode 100644 index 00000000000..49df687ecc3 --- /dev/null +++ b/filebeat/module/zeek/dhcp/ingest/pipeline.yml @@ -0,0 +1,27 @@ +description: Pipeline for normalizing Zeek dhcp.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.dhcp.ts + formats: + - UNIX +- remove: + field: zeek.dhcp.ts +- set: + field: event.id + value: '{{zeek.session_id}}' + if: ctx.zeek.session_id != null +- append: + field: related.ip + value: '{{source.ip}}' + if: 'ctx?.source?.ip != null' +- append: + field: related.ip + value: '{{destination.ip}}' + if: 'ctx?.destination?.ip != null' +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/dhcp/manifest.yml b/filebeat/module/zeek/dhcp/manifest.yml new file mode 100644 index 00000000000..7cb434b1955 --- /dev/null +++ b/filebeat/module/zeek/dhcp/manifest.yml @@ -0,0 +1,17 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/dhcp.log + os.linux: + - /var/log/bro/current/dhcp.log + os.darwin: + - /usr/local/var/logs/current/dhcp.log + - name: tags + default: [zeek.dhcp] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/dhcp.yml diff --git a/filebeat/module/zeek/dhcp/test/dhcp-json.log b/filebeat/module/zeek/dhcp/test/dhcp-json.log new file mode 100644 index 00000000000..b7afea46737 --- /dev/null +++ b/filebeat/module/zeek/dhcp/test/dhcp-json.log @@ -0,0 +1 @@ +{"ts":1476605498.771847,"uids":["CmWOt6VWaNGqXYcH6","CLObLo4YHn0u23Tp8a"],"client_addr":"192.168.199.132","server_addr":"192.168.199.254","mac":"00:0c:29:03:df:ad","host_name":"DESKTOP-2AEFM7G","client_fqdn":"DESKTOP-2AEFM7G","domain":"localdomain","requested_addr":"192.168.199.132","assigned_addr":"192.168.199.132","lease_time":1800.0,"msg_types":["REQUEST","ACK"],"duration":0.000161} diff --git a/filebeat/module/zeek/dhcp/test/dhcp-json.log-expected.json b/filebeat/module/zeek/dhcp/test/dhcp-json.log-expected.json new file mode 100644 index 00000000000..ec36a36c503 --- /dev/null +++ b/filebeat/module/zeek/dhcp/test/dhcp-json.log-expected.json @@ -0,0 +1,58 @@ +[ + { + "@timestamp": "2016-10-16T08:11:38.771Z", + "client.address": "192.168.199.132", + "destination.address": "192.168.199.254", + "destination.ip": "192.168.199.254", + "destination.port": 67, + "event.category": [ + "network" + ], + "event.dataset": "zeek.dhcp", + "event.id": "{0=CmWOt6VWaNGqXYcH6, 1=CLObLo4YHn0u23Tp8a}", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "connection", + "protocol", + "info" + ], + "fileset.name": "dhcp", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:HsGjbon+HsK9xnMq+1A32BR9C4Y=", + "network.name": "localdomain", + "network.protocol": "dhcp", + "network.transport": "udp", + "related.ip": [ + "192.168.199.132", + "192.168.199.254" + ], + "server.address": "192.168.199.254", + "service.type": "zeek", + "source.address": "192.168.199.132", + "source.ip": "192.168.199.132", + "source.port": 68, + "tags": [ + "zeek.dhcp" + ], + "zeek.dhcp.address.assigned": "192.168.199.132", + "zeek.dhcp.address.client": "192.168.199.132", + "zeek.dhcp.address.mac": "00:0c:29:03:df:ad", + "zeek.dhcp.address.requested": "192.168.199.132", + "zeek.dhcp.address.server": "192.168.199.254", + "zeek.dhcp.client_fqdn": "DESKTOP-2AEFM7G", + "zeek.dhcp.domain": "localdomain", + "zeek.dhcp.duration": 0.000161, + "zeek.dhcp.hostname": "DESKTOP-2AEFM7G", + "zeek.dhcp.lease_time": 1800, + "zeek.dhcp.msg.types": [ + "REQUEST", + "ACK" + ], + "zeek.session_id": [ + "CmWOt6VWaNGqXYcH6", + "CLObLo4YHn0u23Tp8a" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/dnp3/_meta/fields.yml b/filebeat/module/zeek/dnp3/_meta/fields.yml new file mode 100644 index 00000000000..01c71a916eb --- /dev/null +++ b/filebeat/module/zeek/dnp3/_meta/fields.yml @@ -0,0 +1,24 @@ +- name: dnp3 + type: group + default_field: false + description: > + Fields exported by the Zeek SSH log + fields: + - name: function + type: group + fields: + - name: request + type: keyword + description: | + The name of the function message in the request. + + - name: reply + type: keyword + description: | + The name of the function message in the reply. + + - name: id + type: integer + description: | + The response's internal indication number. + diff --git a/filebeat/module/zeek/dnp3/config/dnp3.yml b/filebeat/module/zeek/dnp3/config/dnp3.yml new file mode 100644 index 00000000000..d059b4c79f9 --- /dev/null +++ b/filebeat/module/zeek/dnp3/config/dnp3.yml @@ -0,0 +1,68 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.transport: tcp + network.protocol: dnp3 + +processors: + - rename: + fields: + - from: "json" + to: "zeek.dnp3" + + - from: "zeek.dnp3.id.orig_h" + to: "source.address" + + - from: "zeek.dnp3.id.orig_p" + to: "source.port" + + - from: "zeek.dnp3.id.resp_h" + to: "destination.address" + + - from: "zeek.dnp3.id.resp_p" + to: "destination.port" + + - from: "zeek.dnp3.uid" + to: "event.id" + + - from: "zeek.dnp3.fc_request" + to: "zeek.dnp3.function.request" + + - from: "zeek.dnp3.fc_reply" + to: "zeek.dnp3.function.reply" + + - from: "zeek.dnp3.iin" + to: "zeek.dnp3.id" + + ignore_missing: true + fail_on_error: false + + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + category: + - network + type: + - connection + - protocol + - info +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/dnp3/ingest/pipeline.yml b/filebeat/module/zeek/dnp3/ingest/pipeline.yml new file mode 100644 index 00000000000..ad4670dc350 --- /dev/null +++ b/filebeat/module/zeek/dnp3/ingest/pipeline.yml @@ -0,0 +1,64 @@ +description: Pipeline for normalizing Zeek dnp3.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.dnp3.ts + formats: + - UNIX +- remove: + field: zeek.dnp3.ts +- set: + field: event.action + value: '{{zeek.dnp3.function.request}}' + if: "ctx?.zeek?.dnp3?.function?.request != null" +- set: + field: event.action + value: '{{zeek.dnp3.function.reply}}' + if: "ctx?.zeek?.dnp3?.function?.reply != null" +- lowercase: + field: event.action + ignore_missing: true +- geoip: + field: destination.ip + target_field: destination.geo +- geoip: + field: source.ip + target_field: source.geo +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/dnp3/manifest.yml b/filebeat/module/zeek/dnp3/manifest.yml new file mode 100644 index 00000000000..98de1c3af82 --- /dev/null +++ b/filebeat/module/zeek/dnp3/manifest.yml @@ -0,0 +1,17 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/dnp3.log + os.linux: + - /var/log/bro/current/dnp3.log + os.darwin: + - /usr/local/var/logs/current/dnp3.log + - name: tags + default: [zeek.dnp3] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/dnp3.yml diff --git a/filebeat/module/zeek/dnp3/test/dnp3-json.log b/filebeat/module/zeek/dnp3/test/dnp3-json.log new file mode 100644 index 00000000000..7f1949d970b --- /dev/null +++ b/filebeat/module/zeek/dnp3/test/dnp3-json.log @@ -0,0 +1 @@ +{"ts":1227729908.705944,"uid":"CQV6tj1w1t4WzQpHoe","id.orig_h":"127.0.0.1","id.orig_p":42942,"id.resp_h":"127.0.0.1","id.resp_p":20000,"fc_request":"READ"} diff --git a/filebeat/module/zeek/dnp3/test/dnp3-json.log-expected.json b/filebeat/module/zeek/dnp3/test/dnp3-json.log-expected.json new file mode 100644 index 00000000000..fa386feb1ce --- /dev/null +++ b/filebeat/module/zeek/dnp3/test/dnp3-json.log-expected.json @@ -0,0 +1,35 @@ +[ + { + "@timestamp": "2008-11-26T20:05:08.705Z", + "destination.address": "127.0.0.1", + "destination.ip": "127.0.0.1", + "destination.port": 20000, + "event.action": "read", + "event.category": [ + "network" + ], + "event.dataset": "zeek.dnp3", + "event.id": "CQV6tj1w1t4WzQpHoe", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "connection", + "protocol", + "info" + ], + "fileset.name": "dnp3", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:E57Z1w3RrSdR+fi6rSZblbQVhzY=", + "network.protocol": "dnp3", + "network.transport": "tcp", + "service.type": "zeek", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "source.port": 42942, + "tags": [ + "zeek.dnp3" + ], + "zeek.dnp3.function.request": "READ" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/dns/_meta/fields.yml b/filebeat/module/zeek/dns/_meta/fields.yml new file mode 100644 index 00000000000..d3acfdd2675 --- /dev/null +++ b/filebeat/module/zeek/dns/_meta/fields.yml @@ -0,0 +1,107 @@ +- name: dns + type: group + description: > + Fields exported by the Zeek DNS log + fields: + - name: trans_id + type: keyword + description: > + DNS transaction identifier. + + - name: rtt + type: double + description: > + Round trip time for the query and response. + + - name: query + type: keyword + description: > + The domain name that is the subject of the DNS query. + + - name: qclass + type: long + description: > + The QCLASS value specifying the class of the query. + + - name: qclass_name + type: keyword + description: > + A descriptive name for the class of the query. + + - name: qtype + type: long + description: > + A QTYPE value specifying the type of the query. + + - name: qtype_name + type: keyword + description: > + A descriptive name for the type of the query. + + - name: rcode + type: long + description: > + The response code value in DNS response messages. + + - name: rcode_name + type: keyword + description: > + A descriptive name for the response code value. + + - name: AA + type: boolean + description: | + The Authoritative Answer bit for response messages specifies that the responding + name server is an authority for the domain name in the question section. + + - name: TC + type: boolean + description: > + The Truncation bit specifies that the message was truncated. + + - name: RD + type: boolean + description: | + The Recursion Desired bit in a request message indicates that the client + wants recursive service for this query. + + - name: RA + type: boolean + description: | + The Recursion Available bit in a response message indicates that the name + server supports recursive queries. + + - name: answers + type: keyword + description: > + The set of resource descriptions in the query answer. + + - name: TTLs + type: double + description: > + The caching intervals of the associated RRs described by the answers field. + + - name: rejected + type: boolean + description: > + Indicates whether the DNS query was rejected by the server. + + - name: total_answers + type: integer + description: > + The total number of resource records in the reply. + + - name: total_replies + type: integer + description: > + The total number of resource records in the reply message. + + - name: saw_query + type: boolean + description: > + Whether the full DNS query has been seen. + + - name: saw_reply + type: boolean + description: > + Whether the full DNS reply has been seen. diff --git a/filebeat/module/zeek/dns/config/dns.yml b/filebeat/module/zeek/dns/config/dns.yml new file mode 100644 index 00000000000..7b4c332f5df --- /dev/null +++ b/filebeat/module/zeek/dns/config/dns.yml @@ -0,0 +1,210 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +processors: + - rename: + fields: + - {from: message, to: event.original} + - decode_json_fields: + fields: [event.original] + target: zeek.dns + - registered_domain: + ignore_missing: true + ignore_failure: true + field: zeek.dns.query + target_field: dns.question.registered_domain + - script: + lang: javascript + id: zeek_dns_flags + source: > + var net = require("net"); + + function addDnsHeaderFlags(evt) { + var flag = evt.Get("zeek.dns.AA"); + if (flag === true) { + evt.AppendTo("dns.header_flags", "AA"); + } + flag = evt.Get("zeek.dns.TC"); + if (flag === true) { + evt.AppendTo("dns.header_flags", "TC"); + } + flag = evt.Get("zeek.dns.RD"); + if (flag === true) { + evt.AppendTo("dns.header_flags", "RD"); + } + flag = evt.Get("zeek.dns.RA"); + if (flag === true) { + evt.AppendTo("dns.header_flags", "RA"); + } + } + + function addDnsQuestionClass(evt) { + var qclass = evt.Get("zeek.dns.qclass"); + if (!qclass) { + return; + } + switch (qclass) { + case 1: + qclass = "IN"; + break; + case 3: + qclass = "CH"; + break; + case 4: + qclass = "HS"; + break; + case 254: + qclass = "NONE"; + break; + case 255: + qclass = "ANY"; + break; + } + evt.Put("dns.question.class", qclass); + } + + function addDnsAnswers(evt) { + var answers = evt.Get("zeek.dns.answers"); + var ttls = evt.Get("zeek.dns.TTLs"); + if (!answers || !ttls || answers.length != ttls.length) { + return; + } + + var resolvedIps = []; + var answersObjs = []; + for (var i = 0; i < answers.length; i++) { + var answer = answers[i]; + answersObjs.push({ + data: answer, + ttl: ttls[i], + }) + if (net.isIP(answer)) { + resolvedIps.push(answer); + } + } + evt.Put("dns.answers", answersObjs); + if (resolvedIps.length > 0) { + evt.Put("dns.resolved_ip", resolvedIps); + } + } + + function setDnsType(evt) { + var response_code = evt.Get("zeek.dns.rcode_name"); + if (response_code) { + evt.Put("dns.type", "answer"); + } else { + evt.Put("dns.type", "query"); + } + } + + function addEventDuration(evt) { + var rttSec = evt.Get("zeek.dns.rtt"); + if (!rttSec) { + return; + } + evt.Put("event.duration", rttSec * 1000000000); + } + + function addTopLevelDomain(evt) { + var rd = evt.Get("dns.question.registered_domain"); + if (!rd) { + return; + } + var firstPeriod = rd.indexOf("."); + if (firstPeriod == -1) { + return; + } + evt.Put("dns.question.top_level_domain", rd.substr(firstPeriod + 1)); + } + + function addEventOutcome(evt) { + var rcode = evt.Get("zeek.dns.rcode"); + if (rcode == null) { + return; + } + if (rcode == 0) { + evt.Put("event.outcome", "success"); + } else { + evt.Put("event.outcome", "failure"); + } + } + + function addRelatedIP(evt) { + var related = []; + var src = evt.Get("zeek.dns.id.orig_h"); + if (src != null) { + related.push(src); + } + var dst = evt.Get("zeek.dns.id.resp_h"); + if (dst != null) { + related.push(dst); + } + if (related.length > 0) { + evt.Put("related.ip", related); + } + } + + function process(evt) { + addDnsHeaderFlags(evt); + addDnsQuestionClass(evt); + addDnsAnswers(evt); + setDnsType(evt); + addEventDuration(evt); + addTopLevelDomain(evt); + addEventOutcome(evt); + addRelatedIP(evt); + } + - convert: + ignore_missing: true + ignore_failure: true + mode: rename + fields: + - {from: zeek.dns.id.orig_h, to: source.address} + - {from: zeek.dns.id.orig_p, to: source.port, type: long} + - {from: zeek.dns.id.resp_h, to: destination.address} + - {from: zeek.dns.id.resp_p, to: destination.port, type: long} + - {from: zeek.dns.uid, to: zeek.session_id} + - {from: zeek.dns.proto, to: network.transport} + - convert: + ignore_missing: true + ignore_failure: true + mode: copy + fields: + - {from: source.address, to: source.ip, type: ip} + - {from: destination.address, to: destination.ip, type: ip} + - {from: zeek.session_id, to: event.id} + - {from: '@timestamp', to: event.created} + - {from: zeek.dns.trans_id, to: dns.id} + - {from: zeek.dns.query, to: dns.question.name} + - {from: zeek.dns.qtype_name, to: dns.question.type} + - {from: zeek.dns.rcode_name, to: dns.response_code} + - add_fields: + target: event + fields: + kind: event + category: + - network + type: + - connection + - info + - protocol +{{ if .community_id }} + - community_id: +{{ end }} + - timestamp: + ignore_missing: true + field: zeek.dns.ts + layouts: + - UNIX + - drop_fields: + ignore_missing: true + fields: + - zeek.dns.Z + - zeek.dns.auth + - zeek.dns.addl + - zeek.dns.ts diff --git a/filebeat/module/zeek/dns/ingest/pipeline.yml b/filebeat/module/zeek/dns/ingest/pipeline.yml new file mode 100644 index 00000000000..db603d93dbb --- /dev/null +++ b/filebeat/module/zeek/dns/ingest/pipeline.yml @@ -0,0 +1,52 @@ +--- +description: Pipeline for Filebeat Zeek dns.log + +processors: + # IP Geolocation Lookup + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true + + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + +on_failure: + - set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/filebeat/module/zeek/dns/manifest.yml b/filebeat/module/zeek/dns/manifest.yml new file mode 100644 index 00000000000..0c81ed95c2d --- /dev/null +++ b/filebeat/module/zeek/dns/manifest.yml @@ -0,0 +1,21 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/dns.log + os.linux: + - /var/log/bro/current/dns.log + os.darwin: + - /usr/local/var/logs/current/dns.log + - name: tags + default: [zeek.dns] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/dns.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/filebeat/module/zeek/dns/test/dns-json.log b/filebeat/module/zeek/dns/test/dns-json.log new file mode 100644 index 00000000000..7c6cfced331 --- /dev/null +++ b/filebeat/module/zeek/dns/test/dns-json.log @@ -0,0 +1,3 @@ +{"ts":1547188415.857497,"uid":"CAcJw21BbVedgFnYH3","id.orig_h":"192.168.86.167","id.orig_p":38339,"id.resp_h":"192.168.86.1","id.resp_p":53,"proto":"udp","trans_id":15209,"rtt":0.076967,"query":"dd625ffb4fc54735b281862aa1cd6cd4.us-west1.gcp.cloud.es.io","qclass":1,"qclass_name":"C_INTERNET","qtype":1,"qtype_name":"A","rcode":0,"rcode_name":"NOERROR","AA":false,"TC":false,"RD":true,"RA":true,"Z":0,"answers":["proxy-production-us-west1.gcp.cloud.es.io","proxy-production-us-west1-v1-009.gcp.cloud.es.io","35.199.178.4"],"TTLs":[119.0,119.0,59.0],"rejected":false} +{"ts":1567095830.680046,"uid":"C19a1k4lTv46YMbeOk","id.orig_h":"fe80::4ef:15cf:769f:ff21","id.orig_p":5353,"id.resp_h":"ff02::fb","id.resp_p":5353,"proto":"udp","trans_id":0,"query":"_googlecast._tcp.local","qclass":1,"qclass_name":"C_INTERNET","qtype":12,"qtype_name":"PTR","AA":false,"TC":false,"RD":false,"RA":false,"Z":0,"rejected":false} +{"ts":1567095830.734329,"uid":"CdiVAw7jJw6gsX5H","id.orig_h":"192.168.86.237","id.orig_p":5353,"id.resp_h":"224.0.0.251","id.resp_p":5353,"proto":"udp","trans_id":0,"query":"_googlecast._tcp.local","rcode":0,"rcode_name":"NOERROR","AA":true,"TC":false,"RD":false,"RA":false,"Z":0,"answers":["bravia-4k-gb-5c89f865c9d569ab338815b35e3acc56._googlecast._tcp.local"],"TTLs":[120.0],"rejected":false} diff --git a/filebeat/module/zeek/dns/test/dns-json.log-expected.json b/filebeat/module/zeek/dns/test/dns-json.log-expected.json new file mode 100644 index 00000000000..0c01c52e428 --- /dev/null +++ b/filebeat/module/zeek/dns/test/dns-json.log-expected.json @@ -0,0 +1,212 @@ +[ + { + "@timestamp": "2019-01-11T06:33:35.857Z", + "destination.address": "192.168.86.1", + "destination.ip": "192.168.86.1", + "destination.port": 53, + "dns.answers": [ + { + "data": "proxy-production-us-west1.gcp.cloud.es.io", + "ttl": 119 + }, + { + "data": "proxy-production-us-west1-v1-009.gcp.cloud.es.io", + "ttl": 119 + }, + { + "data": "35.199.178.4", + "ttl": 59 + } + ], + "dns.header_flags": [ + "RD", + "RA" + ], + "dns.id": 15209, + "dns.question.class": "IN", + "dns.question.name": "dd625ffb4fc54735b281862aa1cd6cd4.us-west1.gcp.cloud.es.io", + "dns.question.registered_domain": "es.io", + "dns.question.top_level_domain": "io", + "dns.question.type": "A", + "dns.resolved_ip": [ + "35.199.178.4" + ], + "dns.response_code": "NOERROR", + "dns.type": "answer", + "event.category": [ + "network" + ], + "event.dataset": "zeek.dns", + "event.duration": 76967000, + "event.id": "CAcJw21BbVedgFnYH3", + "event.kind": "event", + "event.module": "zeek", + "event.original": "{\"ts\":1547188415.857497,\"uid\":\"CAcJw21BbVedgFnYH3\",\"id.orig_h\":\"192.168.86.167\",\"id.orig_p\":38339,\"id.resp_h\":\"192.168.86.1\",\"id.resp_p\":53,\"proto\":\"udp\",\"trans_id\":15209,\"rtt\":0.076967,\"query\":\"dd625ffb4fc54735b281862aa1cd6cd4.us-west1.gcp.cloud.es.io\",\"qclass\":1,\"qclass_name\":\"C_INTERNET\",\"qtype\":1,\"qtype_name\":\"A\",\"rcode\":0,\"rcode_name\":\"NOERROR\",\"AA\":false,\"TC\":false,\"RD\":true,\"RA\":true,\"Z\":0,\"answers\":[\"proxy-production-us-west1.gcp.cloud.es.io\",\"proxy-production-us-west1-v1-009.gcp.cloud.es.io\",\"35.199.178.4\"],\"TTLs\":[119.0,119.0,59.0],\"rejected\":false}", + "event.outcome": "success", + "event.type": [ + "connection", + "info", + "protocol" + ], + "fileset.name": "dns", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:Z26DBGVYoBKQ1FT6qfPaAqBnJik=", + "network.transport": "udp", + "related.ip": [ + "192.168.86.167", + "192.168.86.1" + ], + "service.type": "zeek", + "source.address": "192.168.86.167", + "source.ip": "192.168.86.167", + "source.port": 38339, + "tags": [ + "zeek.dns" + ], + "zeek.dns.AA": false, + "zeek.dns.RA": true, + "zeek.dns.RD": true, + "zeek.dns.TC": false, + "zeek.dns.TTLs": [ + 119, + 119, + 59 + ], + "zeek.dns.answers": [ + "proxy-production-us-west1.gcp.cloud.es.io", + "proxy-production-us-west1-v1-009.gcp.cloud.es.io", + "35.199.178.4" + ], + "zeek.dns.qclass": 1, + "zeek.dns.qclass_name": "C_INTERNET", + "zeek.dns.qtype": 1, + "zeek.dns.qtype_name": "A", + "zeek.dns.query": "dd625ffb4fc54735b281862aa1cd6cd4.us-west1.gcp.cloud.es.io", + "zeek.dns.rcode": 0, + "zeek.dns.rcode_name": "NOERROR", + "zeek.dns.rejected": false, + "zeek.dns.rtt": 0.076967, + "zeek.dns.trans_id": 15209, + "zeek.session_id": "CAcJw21BbVedgFnYH3" + }, + { + "@timestamp": "2019-08-29T16:23:50.680Z", + "destination.address": "ff02::fb", + "destination.ip": "ff02::fb", + "destination.port": 5353, + "dns.id": 0, + "dns.question.class": "IN", + "dns.question.name": "_googlecast._tcp.local", + "dns.question.registered_domain": "_tcp.local", + "dns.question.top_level_domain": "local", + "dns.question.type": "PTR", + "dns.type": "query", + "event.category": [ + "network" + ], + "event.dataset": "zeek.dns", + "event.id": "C19a1k4lTv46YMbeOk", + "event.kind": "event", + "event.module": "zeek", + "event.original": "{\"ts\":1567095830.680046,\"uid\":\"C19a1k4lTv46YMbeOk\",\"id.orig_h\":\"fe80::4ef:15cf:769f:ff21\",\"id.orig_p\":5353,\"id.resp_h\":\"ff02::fb\",\"id.resp_p\":5353,\"proto\":\"udp\",\"trans_id\":0,\"query\":\"_googlecast._tcp.local\",\"qclass\":1,\"qclass_name\":\"C_INTERNET\",\"qtype\":12,\"qtype_name\":\"PTR\",\"AA\":false,\"TC\":false,\"RD\":false,\"RA\":false,\"Z\":0,\"rejected\":false}", + "event.type": [ + "connection", + "info", + "protocol" + ], + "fileset.name": "dns", + "input.type": "log", + "log.offset": 566, + "network.community_id": "1:Jq0sRtlGSMjsvMBE1ZYybbR2tI0=", + "network.transport": "udp", + "related.ip": [ + "fe80::4ef:15cf:769f:ff21", + "ff02::fb" + ], + "service.type": "zeek", + "source.address": "fe80::4ef:15cf:769f:ff21", + "source.ip": "fe80::4ef:15cf:769f:ff21", + "source.port": 5353, + "tags": [ + "zeek.dns" + ], + "zeek.dns.AA": false, + "zeek.dns.RA": false, + "zeek.dns.RD": false, + "zeek.dns.TC": false, + "zeek.dns.qclass": 1, + "zeek.dns.qclass_name": "C_INTERNET", + "zeek.dns.qtype": 12, + "zeek.dns.qtype_name": "PTR", + "zeek.dns.query": "_googlecast._tcp.local", + "zeek.dns.rejected": false, + "zeek.dns.trans_id": 0, + "zeek.session_id": "C19a1k4lTv46YMbeOk" + }, + { + "@timestamp": "2019-08-29T16:23:50.734Z", + "destination.address": "224.0.0.251", + "destination.ip": "224.0.0.251", + "destination.port": 5353, + "dns.answers": [ + { + "data": "bravia-4k-gb-5c89f865c9d569ab338815b35e3acc56._googlecast._tcp.local", + "ttl": 120 + } + ], + "dns.header_flags": "AA", + "dns.id": 0, + "dns.question.name": "_googlecast._tcp.local", + "dns.question.registered_domain": "_tcp.local", + "dns.question.top_level_domain": "local", + "dns.response_code": "NOERROR", + "dns.type": "answer", + "event.category": [ + "network" + ], + "event.dataset": "zeek.dns", + "event.id": "CdiVAw7jJw6gsX5H", + "event.kind": "event", + "event.module": "zeek", + "event.original": "{\"ts\":1567095830.734329,\"uid\":\"CdiVAw7jJw6gsX5H\",\"id.orig_h\":\"192.168.86.237\",\"id.orig_p\":5353,\"id.resp_h\":\"224.0.0.251\",\"id.resp_p\":5353,\"proto\":\"udp\",\"trans_id\":0,\"query\":\"_googlecast._tcp.local\",\"rcode\":0,\"rcode_name\":\"NOERROR\",\"AA\":true,\"TC\":false,\"RD\":false,\"RA\":false,\"Z\":0,\"answers\":[\"bravia-4k-gb-5c89f865c9d569ab338815b35e3acc56._googlecast._tcp.local\"],\"TTLs\":[120.0],\"rejected\":false}", + "event.outcome": "success", + "event.type": [ + "connection", + "info", + "protocol" + ], + "fileset.name": "dns", + "input.type": "log", + "log.offset": 909, + "network.community_id": "1:QIR5YXlirWwWA18ZyY/RnvQoaic=", + "network.transport": "udp", + "related.ip": [ + "192.168.86.237", + "224.0.0.251" + ], + "service.type": "zeek", + "source.address": "192.168.86.237", + "source.ip": "192.168.86.237", + "source.port": 5353, + "tags": [ + "zeek.dns" + ], + "zeek.dns.AA": true, + "zeek.dns.RA": false, + "zeek.dns.RD": false, + "zeek.dns.TC": false, + "zeek.dns.TTLs": [ + 120 + ], + "zeek.dns.answers": [ + "bravia-4k-gb-5c89f865c9d569ab338815b35e3acc56._googlecast._tcp.local" + ], + "zeek.dns.query": "_googlecast._tcp.local", + "zeek.dns.rcode": 0, + "zeek.dns.rcode_name": "NOERROR", + "zeek.dns.rejected": false, + "zeek.dns.trans_id": 0, + "zeek.session_id": "CdiVAw7jJw6gsX5H" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/dpd/_meta/fields.yml b/filebeat/module/zeek/dpd/_meta/fields.yml new file mode 100644 index 00000000000..c924c27baf8 --- /dev/null +++ b/filebeat/module/zeek/dpd/_meta/fields.yml @@ -0,0 +1,21 @@ +- name: dpd + type: group + default_field: false + description: > + Fields exported by the Zeek DPD log + fields: + - name: analyzer + type: keyword + description: > + The analyzer that generated the violation. + + - name: failure_reason + type: keyword + description: > + The textual reason for the analysis failure. + + - name: packet_segment + type: keyword + description: | + (present if policy/frameworks/dpd/packet-segment-logging.bro is loaded) + A chunk of the payload that most likely resulted in the protocol violation. diff --git a/filebeat/module/zeek/dpd/config/dpd.yml b/filebeat/module/zeek/dpd/config/dpd.yml new file mode 100644 index 00000000000..0a31b70f6bd --- /dev/null +++ b/filebeat/module/zeek/dpd/config/dpd.yml @@ -0,0 +1,57 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true + +processors: + - rename: + fields: + - from: "json" + to: "zeek.dpd" + + - from: "zeek.dpd.id.orig_h" + to: "source.address" + + - from: "zeek.dpd.id.orig_p" + to: "source.port" + + - from: "zeek.dpd.id.resp_h" + to: "destination.address" + + - from: "zeek.dpd.id.resp_p" + to: "destination.port" + + - from: "zeek.dpd.uid" + to: "zeek.session_id" + + - from: "zeek.dpd.proto" + to: "network.transport" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + - {from: "zeek.session_id", to: "event.id"} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + category: + - network + type: + - connection + - info +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/dpd/ingest/pipeline.yml b/filebeat/module/zeek/dpd/ingest/pipeline.yml new file mode 100644 index 00000000000..f30ff172fa8 --- /dev/null +++ b/filebeat/module/zeek/dpd/ingest/pipeline.yml @@ -0,0 +1,63 @@ +description: Pipeline for normalizing Zeek dpd.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.dpd.ts + formats: + - UNIX +- remove: + field: zeek.dpd.ts +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/dpd/manifest.yml b/filebeat/module/zeek/dpd/manifest.yml new file mode 100644 index 00000000000..aeba0ef31fc --- /dev/null +++ b/filebeat/module/zeek/dpd/manifest.yml @@ -0,0 +1,17 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/dpd.log + os.linux: + - /var/log/bro/current/dpd.log + os.darwin: + - /usr/local/var/logs/current/dpd.log + - name: tags + default: [zeek.dpd] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/dpd.yml diff --git a/filebeat/module/zeek/dpd/test/dpd-json.log b/filebeat/module/zeek/dpd/test/dpd-json.log new file mode 100644 index 00000000000..d2110bf9fb9 --- /dev/null +++ b/filebeat/module/zeek/dpd/test/dpd-json.log @@ -0,0 +1 @@ +{"ts":1507567500.423033,"uid":"CRrT7S1ccw9H6hzCR","id.orig_h":"192.168.10.31","id.orig_p":49285,"id.resp_h":"192.168.10.10","id.resp_p":445,"proto":"tcp","analyzer":"DCE_RPC","failure_reason":"Binpac exception: binpac exception: \u0026enforce violation : DCE_RPC_Header:rpc_vers"} diff --git a/filebeat/module/zeek/dpd/test/dpd-json.log-expected.json b/filebeat/module/zeek/dpd/test/dpd-json.log-expected.json new file mode 100644 index 00000000000..0d6173e172e --- /dev/null +++ b/filebeat/module/zeek/dpd/test/dpd-json.log-expected.json @@ -0,0 +1,38 @@ +[ + { + "@timestamp": "2017-10-09T16:45:00.423Z", + "destination.address": "192.168.10.10", + "destination.ip": "192.168.10.10", + "destination.port": 445, + "event.category": [ + "network" + ], + "event.dataset": "zeek.dpd", + "event.id": "CRrT7S1ccw9H6hzCR", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "connection", + "info" + ], + "fileset.name": "dpd", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:b+Szw+ia464igf5e+MwW1WUzw9Y=", + "network.transport": "tcp", + "related.ip": [ + "192.168.10.31", + "192.168.10.10" + ], + "service.type": "zeek", + "source.address": "192.168.10.31", + "source.ip": "192.168.10.31", + "source.port": 49285, + "tags": [ + "zeek.dpd" + ], + "zeek.dpd.analyzer": "DCE_RPC", + "zeek.dpd.failure_reason": "Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers", + "zeek.session_id": "CRrT7S1ccw9H6hzCR" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/fields.go b/filebeat/module/zeek/fields.go new file mode 100644 index 00000000000..87fdb0fbf00 --- /dev/null +++ b/filebeat/module/zeek/fields.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package zeek + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "zeek", asset.ModuleFieldsPri, AssetZeek); err != nil { + panic(err) + } +} + +// AssetZeek returns asset data. +// This is the base64 encoded gzipped contents of module/zeek. +func AssetZeek() string { + return "eJzsfW1vGzm25vf5FcRggaSB2Jn03p7d28DehWMnHaNjx2O7Z+7uF4GqOpI4riKrSZZtNe6PX/CQrBdVlYoqUXKSHQPTk8QS+fDt8PC8POeEPMD6Z/IHwMOfCNFMZ/Az+b/2bymoRLJCM8F/Jv/xJ0IIuRJpmQFZCElWlKcZ40uSiaUihRRpmUBK5mv8+tv3UvyJkAWDLFU/43dPCKc5VH2ZH70u4GeylKIs3L/09Gl+PmI7ZCFFXjVvO6YLDZJwIXOasT+o+aL7VrPvZv8KlGKCz1ha/cojeYD1k5DNfx/AY37OSMnZ7yUQlgLXbMFAErEgegW+i07XCS10KWGWCaU6nTenYaRrNx3wXAip7aSbbs3MtPowU9T44uaMNKFpNUsh07T1Sw+NcQ1LkBu/awH8r41fEnK/AqJZDiSFjK7JHPQTACd6xRTJgapSQg5cE8pTRJ9RpU+rVnpBFtABMbRwAQAvOfYLjwaFXlHzH5BAqASSl5lmRQbEbDTGlaY8AZzPpdnzWth1pjmQlVD6jR1WypRmfFkytQJFgCYrhEyemF4RphVhPGWPLC1phiMaGe6SFireelyX+dxu0ZwpBSk5O//VHSkzlkLCIxNle21MR/KRZiNAafIQEei90GZ+KriIU5m9w/jeUAuQCXBtjofuhZyKcp7BbohvbKN0CW28T7ifDOSUakrmYPbO2fmvkJInqvgrjR877coJwTkkuilChqXEgpaZnuHZ/pksaKZgfyFyXgHYQYRkIqHZTEi27J3YuRAZUL5tZv+j54ymLKEalJlLczyb8pUwRUx3jFMzAOw/W49sAItSgiqOiNJ0J3gaDNKe0Nl8raH/YGWCb87yCMYre+ixSbzAGxBH0ChN9eaJCJa7XSTnIgWUhAnVKEwNENPFxvUZgmqWg1J0GRHd/TQ0LMn7N9TmgSUDp6jZmPlm55fbZWrAyMzP5fnVDXFzhu0NDIu0pFF6DDSmm5FJXjGlhVzHW+yPGV2qzb3oetlt/R+zjtAIvgK7uP7++ey6oVeO7T3OQc6OjcD3niYwk0XyQjfVxfmH2e3N+Q7XlNT9F/8kXeVWlEZ9laywum6lTkn4vQSlvaZoLwAFp+RyQYBVd4T/mJDVR5qqgdMrn1iWkTkQXmZj+o35bzorWEeA7KEo30IuNBDTaIjaCjwtBOP9szwJwAfXInZAMiEeICVlUc92WbJ0BJUoQNINlWpPWF98ky3t1NzvXZUuXSXFSx2RT+c3O5yPVOSUTZ6lriS5wPbIkj0C97gUyEeQZsYEfo+8+2lk+dJyy+pN0dkvXINezOMseZVNQiFBGeHn7oT24V4w2Xk9kPpaFdV79o0ZooJE8FSN3W1CafOneBN/bQ5LNe1JxuwziXxyPVVz/+MINPvV2eL3NOK2+Pi3i+s+dOf2T/hrB/B/vhvT6YEqmJk1incBXt4QmqYSlLLNVw/M8CV13w9WC0cQndnmoPkYZspuXHhOVpQvG6LZ/oxpmlQptuSwuXaNudsEGQB0Y/p8H+3DH6J44lbYA1r31G9Ac2ffdoR3MyVaUq6offyaBybP1oT6DaqAp6zz9HLtXn/8cnvlxYAyLXNnUmKKcFHto4WQuZU9ftlSogSuZm/DTJEVZMWizIxseeDiiTythMGCJquqx1PyC2gUWZRXQ3TbpLdh3B0kFaBQEWForLB2sGrAopQJKEI1wtdEcCcr+19e9qdUiIJwwU/mUtA0MV91kAJWPqfJ4LL3SxsSti2tdHmlyIrK9IlK2AGU09UOe1iqTvxpcXtzHJ49VofE1r4ptxziahlVvylo6pu4bxdH2BSfmdnXi9a2tv21JW1XyA6itWap6KLrtVNLCFuQQmQsWb8tpNAiEZl6a1TMt7lanpjOT+dSGMGRCZpC+kNva/eravvbc98wpqHx2s9FpfjkanlqJwaXa38ZHrhu/bNxVS8VQ6saoUki8oJyBqk1ulNc1NnFh/PPl9cfrJStZFvSeTA7aJBlTTX1abUmTBMJ/4TEzE0tXfc/lkeagOuzX83dkUFLuJurpLfhzRE3nqpjVjmx0EauRjv3h9xA48fJDyfkON25z5rXQ+sVViu35m+PwFMhZ0lGjUhFfC+8jb7yaajMXJvD22NTMZmU7OV2VTk/EYVWIdN5lqZ2CvF2kuhLpUvgWpGnFUtWRIPMUWgT9cR0soKUCEkKkDnl/SeH+PGrU3KpCfBEpEbF47bhE/RR9Li13bfwOhgQGwaQFTluuU+0OHFitKDJA2jyRI2WkwB7hPSU3Feiq3c5CFErUWZp/SInlEhRaoNKuhHbp9mCJuC8hkHKXC40zHDA38Q2IMtMzHGiumEH1O+R1vbQwn8Gz19vs3Ya0PhAgKcbKx0il8q5mYn5C8qmHWYRnTsVYnJ5Yb5AySPNSnRJQQHcTJmfh2K1VmZ7Eg76SciH/sMk+IItvTkJVQxqtmlSKi1ykK/cG739uYRyMnf2mX4tBHWVnCRCSkh0tjZPyJxqjRqJcyyvMVrBw8zW3nUMaY8Jkhf//U+bi3McE+Td3acdLJCLkm86v4cBDzVGui+3w+xQs6esOc3uGY++0p7dhbddf2rDLbJNJ9fRwRajTuqB+3hysJB3gLxSVqBztLVZ15zgw6K93t8HC6q6uL7bJZZKUq5mA9MzzYZ+fde2S4W6BoecXeMW8y6Ijq/LBRH8XoJcYxhX5eXaDgq/EG9yzN6xTgu7tVH8MmVfcOXcPGEq08X1ne19DCGqpb0Qd4+8MPj+dv757O7OXTSqgIQt1t634FTgRT2ZQehmcb0FZ/UHHp2M8Au8O8CeAIaps3dG/nb/f24+9E+daXRnYMebuF3hyZ5Qi312XeVSNu1WWg6egupXlfE4ANrxZq4H+QjAs7NeYAHxXP230VmpV0IyTRHcGVdPIMncvH6avvrK2G83JgNVW9Bd0FefuwDH6p2g9uXlultXU9AUae5WRgXC+puTgAfz/fnUKenfTvey5O4yNhPRM2SvRZg3nrafhjHH/O1F3IW7haSU6MW9AMWkuckZWh1oFW1RKzs+bm/D7dFp+ImaF5W0TT/atWOJ369MBR3v28hbtB7p2SNlGZ1n0Bxre4v2DbbnOBO/LVVZGEWoOWgzRjYqKSgelf7Lc3pEHuAdLsH6o5pfUY3TgXqI6X7sZNx/7gc4RS+6x6CPZGUuJe8krq5LqpRIGJrUb2+Va2peq5dutrba0+t3gTXHxjvV/YGrlZbkbDXOCBzivq1UYKFpNtu2FSY55TGnYCM8vNoTEhIhU7XLE8bCNJ9kA4G2x4HpD+mYcZ0+zYaV50k74B+NdV+UWdZY/BVVZA7AN4LUB5H1PVtjI7OzNYCseggW3dSeI4Va3Vzs8E6knGbrP6antPRvPN+qFfNL4CCp9+E8MpHRAM1hQVlWSphJoGp6xNzAwYBnXdKM2LYrdQdhK6Z832N5HGhMnilY5t37eo+Yvh5740LSHJ6EfFBv0yJ9a3s+cT2fuJSgMevjGUlWJX+oDIt0bT5p1ygXSpOMPUC2NmKizMxyVbku1tjZt3TVarEMDmb6+GgaN5v6NHBXL8qYlo8zHF3X5j0m2J9nq6EMn47zPWDTooHc6k2ScrUAKd2RMvDG7u2DgfF+lFAkde5jdP0MG3a65Yo+glWLQzDhtRjvBJ/V5rGkFeHp7l9v+TTbKqWanpIPp8tTwjTJMU2RUG/trw5fpw9hwwJYsjLfs6+dalu8IUISajN9bDcF1Sv3catRUfshJXIgwtxynR4YL0offTUWGguFXk2yGvRMnrMSaNHwuOFr1HRi584tq5FQEqxMQl+TVh4vueTk7ur+5k2fU89Z5hoNArm6vPpAqNY0WWEyn+DN5yS29+nettf3/U4f/qH3xPTKCdJ764HhQS9nf4dGPCVn/g1TXXQ2kCYVHEhaSm/Swqn1nxlNE8thNmhrmwTziuVtu1XACTYfOUDocvOgsgWh/o0blOC3TxpiT6pwV4JUp0A1BEa9wd74j0CWNp7ebFGlg3aFSh19VQVcWSHimxeScDEWgcPUVz54981OPzY9FiWOU0D8jIg6BKFOTG1ZCtNRjWDPBIIBt4P35lbjMvLdSY/U6Lan5Fo4CbqRcBCY5QjAo+aB1mngNhW0kOKRpUaFEF35Q4AvGa/NsgHCwD6pYyLezAe3uK2TXYI1VCk7gETkhWQK6kdjAOKcKcX4cg/M/ea5TcSssU2UlkBzO4gnkIDIM9DmCeDS8xt3QiFF0k0kIM3bZCz76RHkIhNPLztILjRJIWOPIO16uU/Ue87cuZs5DKYjpkiCcUBzwLFktCjM7NhOhWxuCvwgf6XNZ80jU0E+z0bN0JrlkIqyX0vf34DROlXYFxGlbobVJzsds4JKzMnZ47HVI+kbIUW13dLFkSaCa8o4SDsYvKJcBNoK8ySs8INnLakNk1UGpdF5Oh3trOikP0XUxDi5uviJpGwJSre0DDNE4HoMjVrRdzEVw7tPZ+/2g/PjT3+NDOjHn/66B6RqE8RD9bl6Tvn4lXqnBZyX6sOzpNRisbklI9jQWyZ0nCyr0NQwzfFISjOhC7ICc+CNQKx/X98BwYNR7I+YDuNNaV5j04KkTD2Mpv5qKYp+I/BUHauZL5UCV0yvG9og7sb+t0r1PNEvlXn78X6XxNtSxWQ3+k2B3AjjKKXE1Mr7m0Dls6BK9fS8B6ob1+I2UOad4Fisxi7tROQ55RHxndsG29nKW1OwKpOB7H9yTbNhyWWJhpBqmhwutsCLlimLMOBh3gtqShBlj6gh28RNwDDNzx37o/PUb424ej5S+3tvaQtJIxywj5A4wZR3nC0WkGI3lc1ky11EtlvJI6FqejDmVEEjXnqhi7foLAiJlf7YsLtfXoy6pod8f5PSMyIwzvRPzi36DzGoqLKx1GQEVcyEewu7PRiy0zqZjiTOat423cP7Y66sIVTTWbKinMOmdTswP72HpeO5sIECRpYj4ZnrYNekdHPtsMfhHdCvpgVOqH+V3Zzd/Z3kSEWliBbLZWYNNqhUSJF1wQ/i9WYqxpd9jh6yd9pn2+nj2WAYZ5rVtEV2xscs3KR1aO3WOSZomiRQxMBs1K3DyAgD3LRuHuf+geuBC4zXy5jSwM0gqmC9oIFU8u0ppsriNKgnIR8MpJRJSJDAysV5MdWkomP8lLxfk5w+VItgdV/n+Xl1+uoNeQLMT/F3r22p5BkohU4rjcFOuUDDFU8kaDxGKVOJcMYdH2MGz5YUk8xL08QDF0+8gZEpIh6M7CpHw8aTPB1SsiZIK6/p+Whxp4hma/JEmfZrS3ti2u3P6B2WH+h+Pw++lLqzFQnCmHpqHrrb9FPSMnD/fphjfC5Krs1zXBiVMXkgK/FEcsrXHq2yfmoMJIJnSMrxWNXC0n/MfAu9m3FSAszfSijB3T8OXe1Kd7FOXOMh4kKTNegGqaQWaAnHYUJKVhAQPtN3xe7jJNr08rREDqEJhlEL6XvGq3fswDsq463P0EloL8BmzdZwfR/VReVfoHWIb1gCfEaVntFSr2ZDfCF7yPrtqv1SsnShi7Zy37Wmf0YullKvgGsXIvFWQVJi9HkORu9hypvtqTKSuSebcKWDzCqT7Caf7ncynNh8q+EwiEkxnLc+/MGGGxSsgIxxSF3gAeOVvl17JBetjfK2Vs3r1K0AUtNSzYaIUyZZTu+wzeoNIUGXMpSOqaaYXIjZYHbKpAnGbYj8Ku+en5tWPowNrJ5p0+FGncRxtHvNr6bLybEmfVE8LtbEKXBCoon0kUqkzaZaSzYvjbBuaGw2gS+jztpL0XnDkjKj3Qu4s8MLysaGuK8xsbsmlTHRikOWnBipZkRfAdIsEKSNhKIQ4e2F/t5XTk8K5+GunEKKZxbT13KWZd4ktwKagnTKSE7X9ZvAjQJldRVvRZVHM2YwonwJs/7E7CgJDawtjPE9Q5UqcyA//uWvdnPTzLsQmpaUMDZEOzGYERfx5N4jM0riIl5wbm1H2LlqRcd41rpr4T+DL7humIDRDRlPsjJ1yuEb8s9S6cb62tZHQ1GMIPsKBu4k6tEGLiRboqc9ZjggJ0KmKHjrYS9aJtdGcYY6ECoEamX2PjTeyvA9Gar35x5jZu1G2h2okQsvu/yhMW6I9EVXfyekL7j4oTjr8xT5eeGtdrXHHWOgzZNMszqOqnW7eg1zLtLRTPJqJ7wo7o0U1DbwWlnXLSfEMT30l6bvseyWgduww9sz3eFV6emdT0QhuLRhFBqyjC0x7qTqL8BAV302iid1GKB3oKIpXa8aIOtUhBDCxa3OjL1QukDoGhdCNjovbqOffz67uLh9QxzvbxUA7dV7N4agiht8mDs0xhBwjg3wxvvP5UrQjTjuloXD5q56TralIJaHSqC11+rSz1XNA0yuGR8sclkdZrT/aNdfag84ABrf5ofee8PzRpKD6alRLiqn2uUK7YQ3QkzBQbZNyXbaM74704JPIqgD1TdqYtBSi5xqR3+2YFlmQ2tDYjAGJ0sga9Dh5spoJG/qkJfBY+XGPPFkxYgxiTbG/j2wbYC+l+YULeLshN4bHQ9dTDPKB1tZULTIK+3RdmpS61LG2UQN1V2Bzv4ekn5vWdrjQb9ztO/W/63KosgYpA6it07hUMZC0KJmAyNBf51nsxGjjqBaU7pivjSjyxo0u3CHKHvzkdkBsuzOGjFjbNHdCiub59gyxyJcfyb+26IrGPeSi60RG/TxBvsR3y/oWsfgM099WXOh+MuAIn2NDyswAiFgwG0la3zYlV4rX6pm1eXtLvWqOEs2eUf3sLNds+SB14Vhagd+YOhK/CDlfdB8RfG/aIKMB+TvGIyzGV8xISw5TfsD/Cbm1q9Ni8w5vhrXQXDgYdIvWaa8mnvCm7c3uK3RZsO9vFjNxoeVJxIWnGJ+bgad+Uwmb9MkOVHA0zFvvv+5OD+vs2Oq0IMtWiIZj+0mY/HdLzbaZtS4GbkPCie0KufY9MBusfSR48WLD0dv7DoFvZHnoTpN1JTB7WPqCTbvDmgo0NwDfgA5BylCGG4OcVv/6rrfpcSkPX6RlcZbX1LSrPcJElTWETzkzjESvj67+4EISe4Zsu3/IqmtYlf9/v6Xux+CXJzxkLuabny8dqTjVYz4kHHDDum7THqyrPdwRvsFs5xOY6lzUnbMvy+bQdH/9P9gcG4r1kvipkVsQxHGmvdIs4ilQwaKX7gcx26h7MABueOKWLGPEHMf16zLTRQZC3YSACal6+HyXHvtuJqxwvSBgllbhEz5CRt14ias6NIs7UN6ZREAT+S6sBQgw9W0q70j5BOVKe3mwe4hZT7Wjfp5GVP/6nuKw1NcNLe+yV2x2I9HO6a07Hg9SRzR84kqyztlx1c66hFH4PxHpXy/HY/6bALm0FeKKz7ezfDEXy/Ox44OdDJt9riYtpfz2ufV1vcCb7e+w7Otfy5JrcyYWbEUc9suQjJujo8Mr61Nm4VPasChz8FyyP8RGexdXZ4h2WVa2yFp3/JuurOJnN/OblJTAb/EptoGttJRRTovX+pxaTvfjV51S3GkyaGXfFtNoIYnatTeCM+Y3xkbX9Wsd5dUsUXoCAokDcYEqdm2styTcrdutpQoswv8Fns+ySHP6Wh+zpXdEzZprVNotNq2a/X7S0VNXa3v/vZ5l03bTYbccz8kzexNswWYUuWojhmVowO5tn0ipO1+txz8Pe0NXURNwjE/QdgJpONPAfEU8US0uYToYmGJAUwnb5DLk4cEMJrzHW+93E3rhFoXRh30o9sWqKipbdfY+k5np3KGRS0pdtkp7+m9zY3AnTCaIJbkxZGwXZ5fhZIXoSk8KhU5b9Xc7BDkKcaXmQtX8VnlDQ8+Oqvt5gpB7gj+DjSt+9P7hYzhX9Tee1J74yweJ/7E7sz+qJOQg/Yv1uHBufnmOHwX+Jlvj8nXHZfvn84XB/ovTt/RS+iApUguL6oU0+mik4uOj2Yfn8RGyckgZSNqljxyPpU55XgRohugoi5z4icIlCrnBwWlyvlJmPOw344xoYxprXAlouTaaRKW72GbO7WmnnFJt/EmxldZcEXgTQ+urAxlyodXBq0XgsPeetFpeN60+42tmSsS1fhYtYP2wGm9MZFr37hGnRZYE/ZQFzS9k+4POWXZbC7S9cwV+exHOzalXcn+3obu8aWtRGVJc+FZeyoToylkkAPuTbQj2OZsvC48F5SnRHA3jO7tVV3jjvbYDGRUQtvhppDR9UyLB5i+Nj2vBTtac8js1Wvar1ZDgSOlS2jp1Ix5yTJ9wrhFhRRgzhRKM6a7Fdm1IIgcA8z85Y7fJcAqS4zttipZZw7bI6RekcSPd1quPo3tN2gsfM3V1Jbg9jUlxh7o1cMv5s6vde2GBvq0Mju/cSXWBeiq81tKo+ahQx/SssjwMceXfmeN3g1FIUGp2WIgXmYa0XTPy8GAzYAvXZ0h5muL4/5xaoAbqMtsmUMFb3Trp1IUxSGKeVYMXPbpdHnjjcg2Vcd2i3QvKXCzlfxTiqI9sgd2dRnqrBn7ckyT8/X956tdrGa2enK87X7RqMa8exT2Sigd9+7+5FqcACZ6nFuHAd/WKbK0me0oRfQi2f4X5VBYUTPXIO6sbeQb7DRrfa7m6XEQAyHm+/ut084V2m47iov14vqu5yjUpMSUnH86+/z5w/UvHwK9wxz0nIkjQL8G/f7yS2z4WsIRggXuJcDuwCsui0TFLYTwX8HS+8v53SahHyFfeMY4kPPaOe+p6m580dPX5os/nJqPrkkiAfWIys3qFNR+X+pWHzrLYA/LelfVxDAJlvqHNw53o/50s/8VVf2UHJMi3bKlkEyvhqNS90pawPCxqo8q3M2rddbzKc1T0n6Sp+6ffoW1+ZcQhgn8/EGk4XEyeaoQu5Wfj1eYE2202hLUyuhYw/Hnm5gfoPvUOA7kopxnLDEdjF+GjGYzayiMd4zusNmG/RE1CO89Hg85arNoRsRlxdJ0QBIexUO8UhzmKTJ4XELivgeIz80Lp0V63hihc2+ZcYRQUfRWDidxRNJtXTl8KtRKxSx6pmuPhVn1eJgiLAyGvG8ujrMdOgfWSjxhlrslWNeiYYhKhJSQhDBi8K5VKRb+zDyp9cYwODy16jvRuSh1c3DeAddcXJ/pvaUebG2XfKHnarFbiEfkfKv76lHzSpFHkEjEba1go5aieChaShFTWFMBre+WbB3/GFKekyYrxmO7SahcgvZt19UKKm6JROQFcyVBxpPQzUdnPVJ58OCEQGzYm5rAnBZMxx6sncfUnlMm4feSSUiJKIzmh0JnrTQMZSo1fDn2c3HhVM02Ym0cQC2ILHlwAXqmZvAcMQXmUjWd8I3djj4fJCCl3FEM4af+9yi+v/7bvFNJPRZC8td/O5kz3cA5gqdUoGZUZf2K3zRyZAENSBgHIDU5c2bLu4ImQD7TtbkcbilPRc7+wAsjBGkKm7d4dKAXVFPyAefPSNobCY/AQ/ElIoUZRlnKrpMhGlQwt2wCllO96o0kK0geVAhMBf1P1gjYSoVxBWVi2a/rWO8VRb/KCLwVVTOWm4WY6bjJbG2YqFBRTmxfJOSoGGhWPzgONNtXMDSjVh0HWEU531LlQnGmMC+Xs56i+ZFxEuwoCJZzzu5Hgz1QhBWpaqsq8dYJ/IYwR227Rd2VNGUvlspyi53vovbua9/vj17yrWKE93bOzYaKGQ/D1dm5d7jtAGEhaQ4p5qb0QulUYQvJTnD3pzUWu9jAtrPP2Y5bQK0zFGN+szWhZMW4rpmTb88uLn+78zZnm4Mx0CqxQQ8txWwluHMDdzJbeufFxqbMOsOfNiu3NtKldon2DzwRWWZNPNWw70vOITuxyZ8nH3haCDMtlVwbfSNgBOnMPHbjbbVz2yo+oXfYa2iZ3qc8St/EbitTmaxolgFfQj3Fi5oUTq2cxUK709tyGo4+WS27Rryh3FXuSaOuLzCKZcONOZZmpvsptyan0vgwDzIH/QTgwzGlqtLr8SA2gk7+fIaDODnDqoV/rlZGSFQTpBSywa/pgjggL/T6DYbLA+Uu8rLRqO8LGZkb6XfmjAeQVGZiuZwe77At3YkpjJihmQSarq3Ry/aG8+L4BtmSC9lXykqmL1Ug/PbiZrdUIPHAIl6X59ieK/yInp2WR9ybR+pTq9eFY1ak1T177ONpDYO22T7GQHKpXylCSc6eq/Ni5pnDUmh7jFy2qD8VCnfJL+fnlbxCG0uHv368QIotojYbSC7ZyzPi6rP5pkmyEmrTBTyC7wHWc0FlOsvwKR0P3a+uYWIbJq8zypclXcIPlQG3vaFGLsthc+gUo/y8ZNmBanGafeWG5s2sW45R/6i7I+8L840E+LqR570zukKKtEx6ctIigbux7TuigZ23TQrqQYt+RXHKvnli6RYOmb1qk15YqLaLyeuxArZcHagIskdo+5gMMRGZkL01SEicPWOTwTMhXV3Gim5o4wy6HJYVW65mDVB2ExyTAKcnkS/SVFx2ktWY9w46miqf7ckpVmM10qsmsGoTZfs8EjN210g5HNPami1RbiH42bsydx0cYKA5dnTyn6c//eXfUdGrmUA5VqWRbZNTsqIshI6pAJlTvo2qaK8q9J1yuVUAdROskF3srryhBYdR5JAXQlI5FrNRr3S0vZzBIwwT0O21mT/UxGrYSzcVM4R+EPRKHOiyagC03QQjrEOUB7yak15D90gXUrvNzfvHnFpUUSpIoyqs6ldaJ0F6XWwhRpFp8daH2s+UytqsKD90GvuY0WVHvi18jjZWZsXU7bu7zz0vvMX8pV54H9/v8sJzWmS0E3pAurWc/rO3XhWJG6h2ZbqptOuWHhIYT5czfhSgppudgR6ByewlF2rru7QD9AUXKugB3UMqOf1o9qdhkDj6xT/amRhTsjDIkS7SNtnLBlJ3tW5RPavpXFEJs0VGI3JQtAiV7DsC7YycwHOSlcoo0TaN13SeBhLTuHfqXsm8PYU9Gi97lUhrJbaBMT5CkA5XEdv25t3DeP2P5vt2Oqreh+4esD61HrVBuKptxl7KVnx3uZOtuME+G7sG6G1VjtE+XVgBGeOQuie4yydu06a0q3HXhePHSXLrG/L3EvgAndAUARxHqPVn6/wd5NyaAp3hwaye95+8vrz+++X9hzfk9sMvl3f3H24J6OR0iJS/Cbk34D4S5HNbCb2KPDi/g99/9mWyK49eUK5cKdlUwdaTs3d72ZrJsJr4g2Hd0woYbMzNBdUwcW62lbyPzkcfdUP47ftRirwa/LUwM2FDapf/y7mSjCh9pUipSusrKgrgDXoiW4/FyFqlJcNsZLFYoBPGKCvWcxdwGvSmK/1AA78XfrghhiN6KOLx+4YB1jOzGumJhEeCY89vSJOjrd6aFn5I+VyknrBZ74PDGKgGNEXI2L+ffMYOJx+pLVyRX/uZcvfg/3eHqhr5V3S6VIsi9Ps/XUGPXhst1NkWEW9TDB46Gd0HlU2LZllUXszOtNEsO7m8mCiN+nnOI8Jz/OZTdTMFckaXces7bSD8TYE8OTN9TJ3D4QTOr6sa0l3N39WprDFq+xqmYCNxZJpD5+XZTgAriwCVnHUEUsTN8g/bQejht9+OzIc6JDjvsckxsVnt2nw+azOdH9M+4HrfLZ4scvnUJjV7k1I1VHDODoJIlfNhUDvEzXq293jofLnZikd+AN84X3r0lHerCuHlX9Ha+5TSMH57qftnapyfqye+WJQ8JUaxtXmR1Vn0j1IH0WuVI9C2udmmleutvQl3V+93rIkbPw+iURsS0nZGxLa0abKd0WYPQJeLKrqkxZFqetkIPJHQqDiChp9qNkspsUZQ0KyahmZ71pPslyc+Ngahvk6ZerDm4jekkEabkP6vBkiK9tE3W018TV6aYKUnjD/bCz4JC5DAE0gdM+0borSQQJgmK2hWTrE/e/FX7eUP+uiLGLNFxTq/Jbq8CYr2VcaJBOvMGrJxq2ZiSSQkQpp59bbwAHz9JZsigPutDplsLPSW3GeyQU43CGsfx7N+7v31YPLODgMmlt8T05vcwN1rXWNmuhlToNdZHhWlhATY4wjEhkL5biYWZkHTWcpoBomOeMcPl+RW+dz8791JThkfq1d04YARh3Q3pS+f/xg2xL1rM/WP8ceoY2w+BbD49Qs9BowSYgTpTvmYveJzj1fVVJFZX4f9D4FJTsvLi0o0WqreMHKIffSyfkqUHe62LVbPPUDcUL0iRZllTROmU7t8iY2NuidGWRNyW13iOkcAHpkoVWSq8ksvPXH27EatZs8pkJ4YyCd1v1IVGhKQqKTYH/2Adyd7f7/WgO3tUJbfPGvCLV5jaeSmMU3zQvUjsD+jzIIYIdRJ2SM7MUINW9vdGrmUYTP+kOjyFeXdLMLIkGwnwZAsI8+BIdmUtEBIuUiRJfywmLCX9TZMleIbtRDHb78NCXMjVy/OP7y9vTnvv5NzW2Pk5W7l2ZWrcrLDvRxX/DcDxVDqm+YDyI/3eEZvL1UioV2+K/qz2qa7oD42i01FhSRnjoiqgT8oWHEfG/ZWE8vd1fsf3/iwRDvP/nJkPMlKo+KSj0KaD75708r3wa902vbfTiEtE5dV7VsiVJEnyLK+A6dfLFju6v5riZY7sxlRyErmNV8EaqPlfGRcy+nsFBxkdHZlBRvBdE8rkEDyMtOsyBpZzFiPqaG1jUZVZgd06n6CTIS5dLAESE/IxR5gPmARDsfxAYos0HzsAsiuzi4/k4+3X67C4Mmk0FHd31vB3Z7f3JP7L2HQBoPcdmcc7ItwCwMRd+U2cXw0D5QgHIeMULgP3MrJZB6hAJ/keeB+PU68RuiU5Gp50GCNK7W8vAiDwvjs8JNzyU98PEsYqmPFi4SheZ758peML4dol6LA+s+TL3VPJ5c3gdKGSaVn1oo6QCYzlUqphc6y69y6fgJXEhLB0yOAsx3tiC6jOHFF1s8xOdkbZtqttRfPV+tC6ayyI8LtwYNvnSkEaJED+eKFUPU4kDHGsxM/NS18SmcRq8pfNuphucVt6KIrqoh6YjpZWSthadRVcv/5btROiDVQq8MyrADuCdrl1//ZHxarsPzZL7Wv3KW0e+I4YOPaM1UzR9ditPXHPbhbR+C7mG/fS10czto+56XGCN81jET5ViK0ZGlEL1Izy7vjYtHFW3SDjGV3nzlyS0jJIySu9HK73KpL8qZaU7/ZdH3Gxzmen2DeU2sv5h7z4sbapfGVJ0W5XBFKXOf4gpQL2iwDWd0ePH+x1/L11U6vZc9H1//2mFR+DwjN8ZnsK+11qe4KmjyAJnPIBLf1HK16Y8C7zMuKj9JVGxAcQvwre4YD9Y+nkWCMEEdJVJpReSUfkifTCwL4Zn09zJamgxDdDNO6Vi3Sxdj73Ka2VlRwGJlDFSmo1H6MrxR5/fgOF+Hxx+QHQtOccaa0RAPcW8+PZslOn4R8OCV3AOT24zl59+6n/0GEtH/+97+8G5mjJcTLoHIhZMOZ2HtFCLc5ax6pZFj4YM6Q2hqLa/8C+tblRf4C+hqe/V/JzcVvTuxVBUC3phiTFu1Z9jD7Gsb2vsweYgzIx/a98EJZEG/9H3YeUv1a+I628B1M3rPVpcJUkdH1zEqneLLvzJvnG5+rnsZG6tl9ZbRscLS+Y/p/MVNsKBN5j2Ifreo+A9BIklGWK8L0K6cFlgVBND0ahUgeXiwA5cv5r3exmG8mRv44pszmRWxQBbzu4mnHVcVRXzivIuw1k8Mq3uNCiuexGO+CKtWDYJ8IMNdiDHQHikB3jFZellCtIS+0OSv2qRkKL3be9daoyb2COS3HeIPJ0J4lz5dOzn2pacprGnOKsIwGNReD7twmfnNm970uAvGbrkZWZy7KgayPr2tt3KZEuN/OirRQB6xGQgtdSphtFTiT3swXoEHmjDeID70I8j5m17kP+69JQ3ouuFYZ1aNeb3efvs0CbymTsFeYZ8+a+iZ7GBCrNAQrE56owqsloRke0oqlkPGevHPkWdLm/rSf9nF+/rR9+e3+/Zffri9OyeU1/qH+lYKKG7zTrCgKoRhG6OkyhM/f9D3rVmXdc/2shfyVMi0QvSrzOYa5BETiTNdPRpDstJP2VNi6UMyZylskcq/fGfH541h8z1AF5Mnhk+esWIGs21UNAhqmuu8Z+zOahYyt7nsvDT/RaoLXRr1mhozkIVGMIi+kHdjhIDY6mYJx4CBGBOjcViibHmD9StUwA/A9wHoGzzZ69HAYjbzwvUyZxW61o4jgFFuicfb11dn5D6HoqoMck1/RvRT2tomEUFFvsBbarhV5AiLmuKXSU/MNifHO2RNdK0L7dD1CMqDWbv3GvuqJErnflorkyFvnyw5y0e2Y0GYkXvMHy2LY2nXUOmW50M5jixyRmSdZVkCoBF8lQzWR9Lbs0bk6T0Q/iZMFRS+OwUdew+nytFb0zq4vSFHOH2AdQnkWiSazf8eetafPFhXp0zOzF9MzP8cyokxSD+7uPr+9/3xX3chVYm6Qp7H3xouAxrZLVMk07AqplI8R45g/ZJn5ZWLb3cRCnlbAnZ3iw/nFp7fmPx/G2azKPGadJMucLYhn2/YvL+8zs9XSsVMiobaqmHsmp9rW5PcXDmpBPccNqMwYyHD2cw7Peu9COT3R7fCs6yI5ulmDTCho2IxoUWT+3Gd0DRIR1V81Lw8eYLYGpek8Y2o1fcl6osp7l8yoniqr1q2KA2hAaND6ZmMWsUeasXTYjzuJ07jPBkjiaBe3tuKTK/zgayLUg6jtBTvVCNjKDXR0wG9csUaqyJcCuBH/jS8YrCFRXjQbqlgy6Ux9NioJtlkLOHTwpKX0xyn43G95wE7ZcYfjIWhFZDkLGubOuLgPIav7qJYV5FJXh1Y1xc8ATtIIqqpNJM7gNfwGb84AFvHF0iCH2cbnWHWkvYs7edBulFr47QqEaVtFPwNdPwtCy6/Ug5r1hStFGlpv1FHzsNqcsoqgvHZDjM9FwCCZUuUEzv8Q4i8X8uvjRdmS24cKBt7aWjnNOjPbB1D/hLA+JCLPXWHk3s+Nr1zgIIkjUBLcWdqjDHZkbCXXss/+EH1c2JElljvCwNAk2w05OsDIPruejjEqIZeUsz/6dJwDjOxLo7djj45ms5KzfpPCwQZJM2I6PcZYjWJ5BHFyp13ZLSzHxRM4qGTZngFCDnARfOei/zsS9t+LeP/eBPr3LcK/Q6G935ACHPiTCIm/hjebe3D+6822S522r/XNtjmA+udbuLj3HOzXe40fcmDfzJttp1G9/BV/rNF9DRf+Icf6VVz/sQf4Fb7Zvm3R/x0J++9FvH9vAv37FuHfodDeeUhN9C+V8YR970TrBzETjW4AC9VSTZbAQVqKfce8e0quhNLZGp9CSVYqPU5ykUMuOoJ0j3Sssyq927bs2fyztYsNNP939X40BSp5gAGC6CkP8YrtYfAiD6nG1e9Avq7CAx3qujcXUac9fYrdO0gO8EhDCjKnUhTFkVC7vrZjJmxBJNAUqS3ZI3KuLBYsCcrr7eXLOcxgMG5BWFqBjPGHqKOqspnWegcu3/Hk3iPMD0KuujrIrNQhIvHmRid9SvZ2FTxEK0ayle334HD4MAmbfPNzf37TnJe2ULSCchfN9/iA8TzZ3TJNkpXpt72Cv118Yyu4CXjvFWRJ/m0v4eX51Te2hh3EkxaxCmF9BH5UnWqvzIv6zrK4I2pVv5dQHg026uor+gg2iNf2PWkI1WXIcpAxq2b27+Wok2ExE5WsIC2zagKmrd+gwIiR1e6Kj9VJPzVmO4hR5sosolJ4lMVByPtfEMddFgva9pmtHe1WAAlYytUQXdJXvkwX13cVA9C3tlot7PSJMizfRS2L8WimDFUK8nm2ng0Wb4n9qIgyfF8axijTKdXUqBn1YALWqKdQ4IEgYn2DaRglHS5rHBWjo60zHWIR1UlwS/7AxdNwPEZUxK6zHqTktS/iIHi2JjeXZ2ReLhYgicTcTy6extLhtS/+M8s6K7CHAe8zXbZIGZ9olpEkE8kDEv65RdB15aFRK0FltV2rTLxUTRbb+S522wVNWI9jZp+8RovBN1xFrIRxmyp4BHkIPL7hHfG4T8WDc78CUmSUcaLhWXdRVBu/5BxeLlN3J0YYHbV+easqLc7CWKZ95FJ/TQAVUTG+cESCr+m0u1xPwORLFUv/h+l7l/Xq8Y/v4axB9oCGwwunYmi++hcwTZnzQDK+mFzPoMdPUzVMTMMyd8wCSSLygvK1T/izkINqk3Ohh4pH7UW8XGXFWixILpQpQXQpOSYqY4lp2/uYXymqLw4FVuWP8wUVvEMO0dZEuivIikVpZtu75kgKRSbWOZoJzAwjyS5LyoxW7jvCRQr4dYrVZLVE2mWiBTboAyDXjlGy/9NjpNlVEGXMqcFSbZClWPBbOMr1R5b6dHnqt5ZqeDL9DVSUshAKz00KaelSuPnSfkchy0YDt6c6diTv84pO3LRXlVZiXGnKk/ZpPN2A6hkSU1gwDh2oieAJFLqkWbYmlHhoViDWdSht0x1R+PzTX/79hSSh6XoXQRizlstHG6pb1cBqePzHfEn1J4OffSNg3lPFkrbMm4tSb4YO78r61E/JQXZ9V/SHUvzd0XLY93RI2BqyOQyC2Ssy+84yRYRjOXgI3fSYuCNHkVUS0FUBa4a+qM2xjEB/oXC+eEN4gcC3eOBfMNrtMIN40RC3eEN6sbi2/YZw+LSTS2z5u5CUdpIs7m9ZXE4Yx1cmMyeM4CsVnHuO5KuVnhPG9VWK0MBxhJ33CEowciW9zoXSRBWQGJg/uF4RQgBGzMY8hKg/36ShQiNdZbCfeAX0FG5rIx6oNR8I2vzce4xkDgsh3eu7vQ2QwxJHFbidS6471cAOB5wuNMjJuBsEsztvjKBIqwEG5XYPUY53s/z8A6yD+HXJdsP5AVD+Cmts7g1hC4RZUKnAlr1ZE1EAVyojr4HpFUgiFX1DUkWN1IJkG6tpcyQZ8GWH77Y9lh2CxbaPxfZlBOic6aFIlSY4xZacYhGAbXsjgsC83kjWw053Yl2G50LwbnZ+JHwfXOu4E27vzk7GjVRkhG80ErJz0zTC+nAegKpa2Y65fbLJzGcq0gxZ+jV7dG6NihCvKgkw3YCWdsLFI83fZ6a0D0EBriUDW8rq7DokXECyw6L67fZyd1TQU+EyMi7sYndknfK9NazeX+2A6PJmdzjCyG1rST8QtfS9LCum3eaNnwiuKeOQWgxv8P6XkIglZ3+Yf5X2rkntSbIQx/JNqGLJLBFcaUnZLrG8QTbxRsNRT3bjqzNa6pXoiWKItBrnZ2SR0SXWBRHSzHnAJimoXs0Gb+kI5vsr+szyMseO3BU9Ru8qlrNkiNx1kjP1pq7eW4iMJetm/V6Vvc3E8mQllDa9qhPBs3W7lm+nwc+upMsGLQtTyFsvbaQ2W+BSaEE+nv7p/wUAAP//iySAYQ==" +} diff --git a/filebeat/module/zeek/files/_meta/fields.yml b/filebeat/module/zeek/files/_meta/fields.yml new file mode 100644 index 00000000000..7abe041cbb3 --- /dev/null +++ b/filebeat/module/zeek/files/_meta/fields.yml @@ -0,0 +1,138 @@ +- name: files + type: group + description: > + Fields exported by the Zeek Files log. + fields: + - name: fuid + type: keyword + description: > + A file unique identifier. + + - name: tx_host + type: ip + description: > + The host that transferred the file. + + - name: rx_host + type: ip + description: > + The host that received the file. + + - name: session_ids + type: keyword + description: > + The sessions that have this file. + + - name: source + type: keyword + description: | + An identification of the source of the file data. E.g. it may be a network protocol + over which it was transferred, or a local file path which was read, or some other + input source. + + - name: depth + type: long + description: | + A value to represent the depth of this file in relation to its source. In SMTP, it + is the depth of the MIME attachment on the message. In HTTP, it is the depth of the + request within the TCP connection. + + - name: analyzers + type: keyword + description: > + A set of analysis types done during the file analysis. + + - name: mime_type + type: keyword + description: > + Mime type of the file. + + - name: filename + type: keyword + description: > + Name of the file if available. + + - name: local_orig + type: boolean + description: | + If the source of this file is a network connection, this field indicates if the data + originated from the local network or not. + + - name: is_orig + type: boolean + description: | + If the source of this file is a network connection, this field indicates if the file is + being sent by the originator of the connection or the responder. + + - name: duration + type: double + description: > + The duration the file was analyzed for. Not the duration of the session. + + - name: seen_bytes + type: long + description: > + Number of bytes provided to the file analysis engine for the file. + + - name: total_bytes + type: long + description: > + Total number of bytes that are supposed to comprise the full file. + + - name: missing_bytes + type: long + description: | + The number of bytes in the file stream that were completely missed during the process + of analysis. + + - name: overflow_bytes + type: long + description: | + The number of bytes in the file stream that were not delivered to stream file analyzers. + This could be overlapping bytes or bytes that couldn't be reassembled. + + - name: timedout + type: boolean + description: > + Whether the file analysis timed out at least once for the file. + + - name: parent_fuid + type: keyword + description: | + Identifier associated with a container file from which this one was extracted as part of + the file analysis. + + - name: md5 + type: keyword + description: > + An MD5 digest of the file contents. + + - name: sha1 + type: keyword + description: > + A SHA1 digest of the file contents. + + - name: sha256 + type: keyword + description: > + A SHA256 digest of the file contents. + + - name: extracted + type: keyword + description: > + Local filename of extracted file. + + - name: extracted_cutoff + type: boolean + description: > + Indicate whether the file being extracted was cut off hence not extracted completely. + + - name: extracted_size + type: long + description: > + The number of bytes extracted to disk. + + - name: entropy + type: double + description: > + The information density of the contents of the file. diff --git a/filebeat/module/zeek/files/config/files.yml b/filebeat/module/zeek/files/config/files.yml new file mode 100644 index 00000000000..74259307f41 --- /dev/null +++ b/filebeat/module/zeek/files/config/files.yml @@ -0,0 +1,39 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +processors: + - drop_fields: + fields: ["json.x509"] + - rename: + fields: + - from: "json" + to: "zeek.files" + - from: "zeek.files.conn_uids" + to: "zeek.files.session_ids" + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.files.mime_type", to: "file.mime_type"} + - {from: "zeek.files.filename", to: "file.name"} + - {from: "zeek.files.total_bytes", to: "file.size"} + - {from: "zeek.files.md5", to: "file.hash.md5"} + - {from: "zeek.files.sha1", to: "file.hash.sha1"} + - {from: "zeek.files.sha256", to: "file.hash.sha256"} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + category: + - file + type: + - info diff --git a/filebeat/module/zeek/files/ingest/pipeline.yml b/filebeat/module/zeek/files/ingest/pipeline.yml new file mode 100644 index 00000000000..0d5abf9bdda --- /dev/null +++ b/filebeat/module/zeek/files/ingest/pipeline.yml @@ -0,0 +1,66 @@ +description: Pipeline for normalizing Zeek files.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.files.ts + formats: + - UNIX +- remove: + field: zeek.files.ts +- script: + lang: painless + source: ctx.zeek.session_id = ctx.zeek.files.session_ids[0]; + if: ctx.zeek.files.session_ids != null + ignore_failure: true +- set: + field: event.id + value: '{{zeek.session_id}}' + if: ctx.zeek.session_id != null +- foreach: + field: zeek.files.tx_hosts + processor: + append: + field: related.ip + value: "{{_ingest._value}}" + ignore_missing: true +- script: + lang: painless + source: ctx.zeek.files.tx_host = ctx.zeek.files.tx_hosts[0]; ctx.zeek.files.remove('tx_hosts'); + ignore_failure: true +- set: + field: server.ip + value: "{{zeek.files.tx_host}}" + if: "ctx?.zeek?.files?.tx_host != null" +- foreach: + field: zeek.files.rx_hosts + processor: + append: + field: related.ip + value: "{{_ingest._value}}" + ignore_missing: true +- script: + lang: painless + source: ctx.zeek.files.rx_host = ctx.zeek.files.rx_hosts[0]; ctx.zeek.files.remove('rx_hosts'); + ignore_failure: true +- set: + field: client.ip + value: "{{zeek.files.rx_host}}" + if: "ctx?.zeek?.files?.rx_host != null" +- append: + field: related.hash + value: "{{file.hash.md5}}" + if: "ctx?.file?.hash?.md5 != null" +- append: + field: related.hash + value: "{{file.hash.sha1}}" + if: "ctx?.file?.hash?.sha1 != null" +- append: + field: related.hash + value: "{{file.hash.sha256}}" + if: "ctx?.file?.hash?.sha256 != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/files/manifest.yml b/filebeat/module/zeek/files/manifest.yml new file mode 100644 index 00000000000..bef3d7211b6 --- /dev/null +++ b/filebeat/module/zeek/files/manifest.yml @@ -0,0 +1,19 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/files.log + os.linux: + - /var/log/bro/current/files.log + os.darwin: + - /usr/local/var/logs/current/files.log + - name: tags + default: [zeek.files] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/files.yml + +requires.processors: diff --git a/filebeat/module/zeek/files/test/files-json.log b/filebeat/module/zeek/files/test/files-json.log new file mode 100644 index 00000000000..bd50ab4b5cd --- /dev/null +++ b/filebeat/module/zeek/files/test/files-json.log @@ -0,0 +1,3 @@ +{"ts":1547688796.636812,"fuid":"FMkioa222mEuM2RuQ9","tx_hosts":["35.199.178.4"],"rx_hosts":["10.178.98.102"],"conn_uids":["C8I0zn3r9EPbfLgta6"],"source":"SSL","depth":0,"analyzers":["X509","MD5","SHA1"],"mime_type":"application/pkix-cert","duration":0.0,"local_orig":false,"is_orig":false,"seen_bytes":947,"missing_bytes":0,"overflow_bytes":0,"timedout":false,"md5":"79e4a9840d7d3a96d7c04fe2434c892e","sha1":"a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c5436"} +{"ts":1547688801.566262,"fuid":"FShtIS1gydeSFf8M63","tx_hosts":["17.134.127.250"],"rx_hosts":["10.178.98.102"],"conn_uids":["C6sjVo23iNApLnlAt6"],"source":"SSL","depth":0,"analyzers":["X509","MD5","SHA1"],"mime_type":"application/pkix-cert","duration":0.0,"local_orig":false,"is_orig":false,"seen_bytes":2089,"missing_bytes":0,"overflow_bytes":0,"timedout":false,"md5":"b9742f12eb97eff531d94f7800c6706c","sha1":"b88d13fe319d342e7a808ce3a0a1158111fc3c2a"} +{"ts":1547688801.566262,"fuid":"F9ip9a3MDAq3XLBOn2","tx_hosts":["17.134.127.250"],"rx_hosts":["10.178.98.102"],"conn_uids":["C6sjVo23iNApLnlAt6"],"source":"SSL","depth":0,"analyzers":["X509","MD5","SHA1"],"mime_type":"application/pkix-cert","duration":0.0,"local_orig":false,"is_orig":false,"seen_bytes":1092,"missing_bytes":0,"overflow_bytes":0,"timedout":false,"md5":"48f0e38385112eeca5fc9ffd402eaecd","sha1":"8e8321ca08b08e3726fe1d82996884eeb5f0d655"} \ No newline at end of file diff --git a/filebeat/module/zeek/files/test/files-json.log-expected.json b/filebeat/module/zeek/files/test/files-json.log-expected.json new file mode 100644 index 00000000000..6fc38a5d22a --- /dev/null +++ b/filebeat/module/zeek/files/test/files-json.log-expected.json @@ -0,0 +1,116 @@ +[ + { + "@timestamp": "2019-01-17T01:33:16.636Z", + "client.ip": "10.178.98.102", + "event.category": [ + "file" + ], + "event.dataset": "zeek.files", + "event.id": "C8I0zn3r9EPbfLgta6", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "info" + ], + "file.hash.md5": "79e4a9840d7d3a96d7c04fe2434c892e", + "file.hash.sha1": "a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c5436", + "file.mime_type": "application/pkix-cert", + "fileset.name": "files", + "input.type": "log", + "log.offset": 0, + "related.hash": [ + "79e4a9840d7d3a96d7c04fe2434c892e", + "a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c5436" + ], + "related.ip": [ + "35.199.178.4", + "10.178.98.102" + ], + "server.ip": "35.199.178.4", + "service.type": "zeek", + "tags": [ + "zeek.files" + ], + "zeek.files.analyzers": [ + "X509", + "MD5", + "SHA1" + ], + "zeek.files.depth": 0, + "zeek.files.duration": 0, + "zeek.files.fuid": "FMkioa222mEuM2RuQ9", + "zeek.files.is_orig": false, + "zeek.files.local_orig": false, + "zeek.files.md5": "79e4a9840d7d3a96d7c04fe2434c892e", + "zeek.files.mime_type": "application/pkix-cert", + "zeek.files.missing_bytes": 0, + "zeek.files.overflow_bytes": 0, + "zeek.files.rx_host": "10.178.98.102", + "zeek.files.seen_bytes": 947, + "zeek.files.session_ids": [ + "C8I0zn3r9EPbfLgta6" + ], + "zeek.files.sha1": "a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c5436", + "zeek.files.source": "SSL", + "zeek.files.timedout": false, + "zeek.files.tx_host": "35.199.178.4", + "zeek.session_id": "C8I0zn3r9EPbfLgta6" + }, + { + "@timestamp": "2019-01-17T01:33:21.566Z", + "client.ip": "10.178.98.102", + "event.category": [ + "file" + ], + "event.dataset": "zeek.files", + "event.id": "C6sjVo23iNApLnlAt6", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "info" + ], + "file.hash.md5": "b9742f12eb97eff531d94f7800c6706c", + "file.hash.sha1": "b88d13fe319d342e7a808ce3a0a1158111fc3c2a", + "file.mime_type": "application/pkix-cert", + "fileset.name": "files", + "input.type": "log", + "log.offset": 452, + "related.hash": [ + "b9742f12eb97eff531d94f7800c6706c", + "b88d13fe319d342e7a808ce3a0a1158111fc3c2a" + ], + "related.ip": [ + "17.134.127.250", + "10.178.98.102" + ], + "server.ip": "17.134.127.250", + "service.type": "zeek", + "tags": [ + "zeek.files" + ], + "zeek.files.analyzers": [ + "X509", + "MD5", + "SHA1" + ], + "zeek.files.depth": 0, + "zeek.files.duration": 0, + "zeek.files.fuid": "FShtIS1gydeSFf8M63", + "zeek.files.is_orig": false, + "zeek.files.local_orig": false, + "zeek.files.md5": "b9742f12eb97eff531d94f7800c6706c", + "zeek.files.mime_type": "application/pkix-cert", + "zeek.files.missing_bytes": 0, + "zeek.files.overflow_bytes": 0, + "zeek.files.rx_host": "10.178.98.102", + "zeek.files.seen_bytes": 2089, + "zeek.files.session_ids": [ + "C6sjVo23iNApLnlAt6" + ], + "zeek.files.sha1": "b88d13fe319d342e7a808ce3a0a1158111fc3c2a", + "zeek.files.source": "SSL", + "zeek.files.timedout": false, + "zeek.files.tx_host": "17.134.127.250", + "zeek.session_id": "C6sjVo23iNApLnlAt6" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/ftp/_meta/fields.yml b/filebeat/module/zeek/ftp/_meta/fields.yml new file mode 100644 index 00000000000..3c36e53e301 --- /dev/null +++ b/filebeat/module/zeek/ftp/_meta/fields.yml @@ -0,0 +1,128 @@ +- name: ftp + type: group + default_field: false + description: > + Fields exported by the Zeek FTP log + fields: + - name: user + type: keyword + description: | + User name for the current FTP session. + + - name: password + type: keyword + description: | + Password for the current FTP session if captured. + + - name: command + type: keyword + description: | + Command given by the client. + + - name: arg + type: keyword + description: | + Argument for the command if one is given. + + - name: file + type: group + fields: + - name: size + type: long + description: | + Size of the file if the command indicates a file transfer. + + - name: mime_type + type: keyword + description: | + Sniffed mime type of file. + + - name: fuid + type: keyword + description: | + (present if base/protocols/ftp/files.bro is loaded) + File unique ID. + + - name: reply + type: group + fields: + - name: code + type: integer + description: | + Reply code from the server in response to the command. + + - name: msg + type: keyword + description: | + Reply message from the server in response to the command. + + - name: data_channel + type: group + description: | + Expected FTP data channel. + fields: + - name: passive + type: boolean + description: | + Whether PASV mode is toggled for control channel. + + - name: originating_host + type: ip + description: | + The host that will be initiating the data connection. + + - name: response_host + type: ip + description: | + The host that will be accepting the data connection. + + - name: response_port + type: integer + description: | + The port at which the acceptor is listening for the data connection. + + - name: cwd + type: keyword + description: | + Current working directory that this session is in. By making the default value '.', we can indicate that unless something more concrete is discovered that the existing but unknown directory is ok to use. + + - name: cmdarg + type: group + description: | + Command that is currently waiting for a response. + fields: + - name: cmd + type: keyword + description: | + Command. + + - name: arg + type: keyword + description: | + Argument for the command if one was given. + + - name: seq + type: integer + description: | + Counter to track how many commands have been executed. + + - name: pending_commands + type: integer + description: | + Queue for commands that have been sent but not yet responded to are tracked here. + + - name: passive + type: boolean + description: | + Indicates if the session is in active or passive mode. + + - name: capture_password + type: boolean + description: | + Determines if the password will be captured for this request. + + - name: last_auth_requested + type: keyword + description: | + present if base/protocols/ftp/gridftp.bro is loaded. + Last authentication/security mechanism that was used. diff --git a/filebeat/module/zeek/ftp/config/ftp.yml b/filebeat/module/zeek/ftp/config/ftp.yml new file mode 100644 index 00000000000..3e91ace4831 --- /dev/null +++ b/filebeat/module/zeek/ftp/config/ftp.yml @@ -0,0 +1,86 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.transport: tcp + network.protocol: ftp + +processors: + - rename: + fields: + - from: "json" + to: "zeek.ftp" + + - from: "zeek.ftp.id.orig_h" + to: "source.address" + + - from: "zeek.ftp.id.orig_p" + to: "source.port" + + - from: "zeek.ftp.id.resp_h" + to: "destination.address" + + - from: "zeek.ftp.id.resp_p" + to: "destination.port" + + - from: "zeek.ftp.uid" + to: "zeek.session_id" + + - from: "zeek.ftp.file_size" + to: "zeek.ftp.file.size" + + - from: "zeek.ftp.mime_type" + to: "zeek.ftp.file.mime_type" + + - from: "zeek.ftp.fuid" + to: "zeek.ftp.file.uid" + + - from: "zeek.ftp.reply_code" + to: "zeek.ftp.reply.code" + + - from: "zeek.ftp.reply_msg" + to: "zeek.ftp.reply.msg" + + - from: "zeek.ftp.data_channel.orig_h" + to: "zeek.ftp.data_channel.originating_host" + + - from: "zeek.ftp.data_channel.resp_h" + to: "zeek.ftp.data_channel.response_host" + + - from: "zeek.ftp.data_channel.resp_p" + to: "zeek.ftp.data_channel.response_port" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + - {from: "zeek.ftp.user", to: "user.name"} + - {from: "zeek.ftp.command", to: "event.action"} + - {from: "zeek.ftp.mime.type", to: "file.mime_type"} + - {from: "zeek.ftp.file.size", to: "file.size"} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + category: + - network + type: + - connection + - info + - protocol +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/ftp/ingest/pipeline.yml b/filebeat/module/zeek/ftp/ingest/pipeline.yml new file mode 100644 index 00000000000..7c15dce3ac5 --- /dev/null +++ b/filebeat/module/zeek/ftp/ingest/pipeline.yml @@ -0,0 +1,68 @@ +description: Pipeline for normalizing Zeek ftp.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.ftp.ts + formats: + - UNIX +- remove: + field: zeek.ftp.ts +- dot_expander: + field: data_channel.passive + path: zeek.ftp +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +- append: + field: related.user + value: "{{user.name}}" + if: "ctx?.user?.name != null" +- geoip: + field: destination.ip + target_field: destination.geo +- geoip: + field: source.ip + target_field: source.geo +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/ftp/manifest.yml b/filebeat/module/zeek/ftp/manifest.yml new file mode 100644 index 00000000000..cf51575cf84 --- /dev/null +++ b/filebeat/module/zeek/ftp/manifest.yml @@ -0,0 +1,17 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/ftp.log + os.linux: + - /var/log/bro/current/ftp.log + os.darwin: + - /usr/local/var/logs/current/ftp.log + - name: tags + default: [zeek.ftp] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/ftp.yml diff --git a/filebeat/module/zeek/ftp/test/ftp.log b/filebeat/module/zeek/ftp/test/ftp.log new file mode 100644 index 00000000000..88c2841bc12 --- /dev/null +++ b/filebeat/module/zeek/ftp/test/ftp.log @@ -0,0 +1,3 @@ +{"ts":1187379104.955342,"uid":"CpQoCn3o28tke89zv9","id.orig_h":"192.168.1.182","id.orig_p":62014,"id.resp_h":"192.168.1.231","id.resp_p":21,"user":"ftp","password":"ftp","command":"EPSV","reply_code":229,"reply_msg":"Entering Extended Passive Mode (|||37100|)","data_channel.passive":true,"data_channel.orig_h":"192.168.1.182","data_channel.resp_h":"192.168.1.231","data_channel.resp_p":37100} +{"ts":1187379105.01948,"uid":"CpQoCn3o28tke89zv9","id.orig_h":"192.168.1.182","id.orig_p":62014,"id.resp_h":"192.168.1.231","id.resp_p":21,"user":"ftp","password":"ftp","command":"RETR","arg":"ftp://192.168.1.231/resume.doc","file_size":39424,"reply_code":226,"reply_msg":"Transfer complete."} +{"ts":1187379117.579203,"uid":"CpQoCn3o28tke89zv9","id.orig_h":"192.168.1.182","id.orig_p":62014,"id.resp_h":"192.168.1.231","id.resp_p":21,"user":"ftp","password":"ftp","command":"STOR","arg":"ftp://192.168.1.231/uploads/README","reply_code":226,"reply_msg":"Transfer complete."} diff --git a/filebeat/module/zeek/ftp/test/ftp.log-expected.json b/filebeat/module/zeek/ftp/test/ftp.log-expected.json new file mode 100644 index 00000000000..e6a47bd369e --- /dev/null +++ b/filebeat/module/zeek/ftp/test/ftp.log-expected.json @@ -0,0 +1,148 @@ +[ + { + "@timestamp": "2007-08-17T19:31:44.955Z", + "destination.address": "192.168.1.231", + "destination.ip": "192.168.1.231", + "destination.port": 21, + "event.action": "EPSV", + "event.category": [ + "network" + ], + "event.dataset": "zeek.ftp", + "event.id": "CpQoCn3o28tke89zv9", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "connection", + "info", + "protocol" + ], + "fileset.name": "ftp", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:Szmpl33Czo3dQvU2V4/SrHfmBC0=", + "network.protocol": "ftp", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.182", + "192.168.1.231" + ], + "related.user": [ + "ftp" + ], + "service.type": "zeek", + "source.address": "192.168.1.182", + "source.ip": "192.168.1.182", + "source.port": 62014, + "tags": [ + "zeek.ftp" + ], + "user.name": "ftp", + "zeek.ftp.command": "EPSV", + "zeek.ftp.data_channel.originating_host": "192.168.1.182", + "zeek.ftp.data_channel.passive": true, + "zeek.ftp.data_channel.response_host": "192.168.1.231", + "zeek.ftp.data_channel.response_port": 37100, + "zeek.ftp.password": "ftp", + "zeek.ftp.reply.code": 229, + "zeek.ftp.reply.msg": "Entering Extended Passive Mode (|||37100|)", + "zeek.ftp.user": "ftp", + "zeek.session_id": "CpQoCn3o28tke89zv9" + }, + { + "@timestamp": "2007-08-17T19:31:45.019Z", + "destination.address": "192.168.1.231", + "destination.ip": "192.168.1.231", + "destination.port": 21, + "event.action": "RETR", + "event.category": [ + "network" + ], + "event.dataset": "zeek.ftp", + "event.id": "CpQoCn3o28tke89zv9", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "connection", + "info", + "protocol" + ], + "file.size": 39424, + "fileset.name": "ftp", + "input.type": "log", + "log.offset": 394, + "network.community_id": "1:Szmpl33Czo3dQvU2V4/SrHfmBC0=", + "network.protocol": "ftp", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.182", + "192.168.1.231" + ], + "related.user": [ + "ftp" + ], + "service.type": "zeek", + "source.address": "192.168.1.182", + "source.ip": "192.168.1.182", + "source.port": 62014, + "tags": [ + "zeek.ftp" + ], + "user.name": "ftp", + "zeek.ftp.arg": "ftp://192.168.1.231/resume.doc", + "zeek.ftp.command": "RETR", + "zeek.ftp.file.size": 39424, + "zeek.ftp.password": "ftp", + "zeek.ftp.reply.code": 226, + "zeek.ftp.reply.msg": "Transfer complete.", + "zeek.ftp.user": "ftp", + "zeek.session_id": "CpQoCn3o28tke89zv9" + }, + { + "@timestamp": "2007-08-17T19:31:57.579Z", + "destination.address": "192.168.1.231", + "destination.ip": "192.168.1.231", + "destination.port": 21, + "event.action": "STOR", + "event.category": [ + "network" + ], + "event.dataset": "zeek.ftp", + "event.id": "CpQoCn3o28tke89zv9", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "connection", + "info", + "protocol" + ], + "fileset.name": "ftp", + "input.type": "log", + "log.offset": 688, + "network.community_id": "1:Szmpl33Czo3dQvU2V4/SrHfmBC0=", + "network.protocol": "ftp", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.182", + "192.168.1.231" + ], + "related.user": [ + "ftp" + ], + "service.type": "zeek", + "source.address": "192.168.1.182", + "source.ip": "192.168.1.182", + "source.port": 62014, + "tags": [ + "zeek.ftp" + ], + "user.name": "ftp", + "zeek.ftp.arg": "ftp://192.168.1.231/uploads/README", + "zeek.ftp.command": "STOR", + "zeek.ftp.password": "ftp", + "zeek.ftp.reply.code": 226, + "zeek.ftp.reply.msg": "Transfer complete.", + "zeek.ftp.user": "ftp", + "zeek.session_id": "CpQoCn3o28tke89zv9" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/http/_meta/fields.yml b/filebeat/module/zeek/http/_meta/fields.yml new file mode 100644 index 00000000000..5369d458582 --- /dev/null +++ b/filebeat/module/zeek/http/_meta/fields.yml @@ -0,0 +1,102 @@ +- name: http + type: group + description: > + Fields exported by the Zeek HTTP log + fields: + - name: trans_depth + type: integer + description: > + Represents the pipelined depth into the connection of this request/response transaction. + + - name: status_msg + type: keyword + description: > + Status message returned by the server. + + - name: info_code + type: integer + description: > + Last seen 1xx informational reply code returned by the server. + + - name: info_msg + type: keyword + description: > + Last seen 1xx informational reply message returned by the server. + + - name: tags + type: keyword + description: | + A set of indicators of various attributes discovered and related to a particular + request/response pair. + + - name: password + type: keyword + description: > + Password if basic-auth is performed for the request. + + - name: captured_password + type: boolean + description: > + Determines if the password will be captured for this request. + + - name: proxied + type: keyword + description: > + All of the headers that may indicate if the HTTP request was proxied. + + - name: range_request + type: boolean + description: > + Indicates if this request can assume 206 partial content in response. + + - name: client_header_names + type: keyword + description: | + The vector of HTTP header names sent by the client. No header values + are included here, just the header names. + + - name: server_header_names + type: keyword + description: | + The vector of HTTP header names sent by the server. No header values + are included here, just the header names. + + - name: orig_fuids + type: keyword + description: > + An ordered vector of file unique IDs from the originator. + + - name: orig_mime_types + type: keyword + description: > + An ordered vector of mime types from the originator. + + - name: orig_filenames + type: keyword + description: > + An ordered vector of filenames from the originator. + + - name: resp_fuids + type: keyword + description: > + An ordered vector of file unique IDs from the responder. + + - name: resp_mime_types + type: keyword + description: > + An ordered vector of mime types from the responder. + + - name: resp_filenames + type: keyword + description: > + An ordered vector of filenames from the responder. + + - name: orig_mime_depth + type: integer + description: > + Current number of MIME entities in the HTTP request message body. + + - name: resp_mime_depth + type: integer + description: > + Current number of MIME entities in the HTTP response message body. diff --git a/filebeat/module/zeek/http/config/http.yml b/filebeat/module/zeek/http/config/http.yml new file mode 100644 index 00000000000..584160639cb --- /dev/null +++ b/filebeat/module/zeek/http/config/http.yml @@ -0,0 +1,93 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.transport: tcp + +processors: + - rename: + fields: + - from: "json" + to: "zeek.http" + + - from: "zeek.http.id.orig_h" + to: "source.address" + + - from: "zeek.http.id.orig_p" + to: "source.port" + + - from: "zeek.http.id.resp_h" + to: "destination.address" + + - from: "zeek.http.id.resp_p" + to: "destination.port" + + - from: "zeek.http.uid" + to: "zeek.session_id" + + - from: "zeek.http.method" + to: "http.request.method" + + - from: "zeek.http.referrer" + to: "http.request.referrer" + + - from: "zeek.http.status_code" + to: "http.response.status_code" + + - from: "zeek.http.version" + to: "http.version" + + - from: "zeek.http.request_body_len" + to: "http.request.body.bytes" + + - from: "zeek.http.response_body_len" + to: "http.response.body.bytes" + + - from: "zeek.http.uri" + to: "url.original" + + - from: "zeek.http.host" + to: "url.domain" + + - from: "zeek.http.username" + to: "url.username" + + - from: "zeek.http.password" + to: "url.password" + + - from: "zeek.http.user_agent" + to: "user_agent.original" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + - {from: "destination.port", to: "url.port"} + - {from: "http.request.method", to: "event.action"} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + category: + - network + - web + type: + - connection + - info + - protocol +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/http/ingest/pipeline.yml b/filebeat/module/zeek/http/ingest/pipeline.yml new file mode 100644 index 00000000000..62ffef0db45 --- /dev/null +++ b/filebeat/module/zeek/http/ingest/pipeline.yml @@ -0,0 +1,82 @@ +description: Pipeline for normalizing Zeek http.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.http.ts + formats: + - UNIX +- remove: + field: zeek.http.ts +- geoip: + field: destination.ip + target_field: destination.geo +- geoip: + field: source.ip + target_field: source.geo +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- user_agent: + field: user_agent.original + ignore_missing: true +- lowercase: + field: "http.request.method" + ignore_missing: true +- lowercase: + field: "event.action" + ignore_missing: true +- set: + field: event.outcome + value: success + if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400" +- set: + field: event.outcome + value: failure + if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code >= 400" +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +- append: + field: related.user + value: "{{url.username}}" + if: "ctx?.url?.username != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/http/manifest.yml b/filebeat/module/zeek/http/manifest.yml new file mode 100644 index 00000000000..ddd253bb218 --- /dev/null +++ b/filebeat/module/zeek/http/manifest.yml @@ -0,0 +1,23 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/http.log + os.linux: + - /var/log/bro/current/http.log + os.darwin: + - /usr/local/var/logs/current/http.log + - name: tags + default: [zeek.http] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/http.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip +- name: user_agent + plugin: ingest-user_agent diff --git a/filebeat/module/zeek/http/test/http-json.log b/filebeat/module/zeek/http/test/http-json.log new file mode 100644 index 00000000000..733495725a3 --- /dev/null +++ b/filebeat/module/zeek/http/test/http-json.log @@ -0,0 +1,2 @@ +{"ts":1547687130.172944,"uid":"CCNp8v1SNzY7v9d1Ih","id.orig_h":"10.178.98.102","id.orig_p":62995,"id.resp_h":"17.253.5.203","id.resp_p":80,"trans_depth":1,"method":"GET","host":"ocsp.apple.com","uri":"/ocsp04-aaica02/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFNqvF+Za6oA4ceFRLsAWwEInjUhJBBQx6napI3Sl39T97qDBpp7GEQ4R7AIIUP1IOZZ86ns=","version":"1.1","user_agent":"com.apple.trustd/2.0","request_body_len":0,"response_body_len":3735,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["F5zuip1tSwASjNAHy7"],"resp_mime_types":["application/ocsp-response"]} +{"ts":1547707019.757479,"uid":"CMnIaR2V8VXyu7EPs","id.orig_h":"10.20.8.197","id.orig_p":35684,"id.resp_h":"34.206.130.40","id.resp_p":80,"trans_depth":1,"method":"GET","host":"httpbin.org","uri":"/ip","version":"1.1","user_agent":"curl/7.58.0","request_body_len":0,"response_body_len":32,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["FwGPlr1GcKUWWdkXoi"],"resp_mime_types":["text/json"]} \ No newline at end of file diff --git a/filebeat/module/zeek/http/test/http-json.log-expected.json b/filebeat/module/zeek/http/test/http-json.log-expected.json new file mode 100644 index 00000000000..ee72065d771 --- /dev/null +++ b/filebeat/module/zeek/http/test/http-json.log-expected.json @@ -0,0 +1,69 @@ +[ + { + "@timestamp": "2019-01-17T01:05:30.172Z", + "destination.address": "17.253.5.203", + "destination.as.number": 6185, + "destination.as.organization.name": "Apple Inc.", + "destination.geo.city_name": "San Jose", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.3388, + "destination.geo.location.lon": -121.8914, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", + "destination.ip": "17.253.5.203", + "destination.port": 80, + "event.action": "get", + "event.category": [ + "network", + "web" + ], + "event.dataset": "zeek.http", + "event.id": "CCNp8v1SNzY7v9d1Ih", + "event.kind": "event", + "event.module": "zeek", + "event.outcome": "success", + "event.type": [ + "connection", + "info", + "protocol" + ], + "fileset.name": "http", + "http.request.body.bytes": 0, + "http.request.method": "get", + "http.response.body.bytes": 3735, + "http.response.status_code": 200, + "http.version": "1.1", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:dtBPRfpKEZyg1iOHss95buwv+cw=", + "network.transport": "tcp", + "related.ip": [ + "10.178.98.102", + "17.253.5.203" + ], + "service.type": "zeek", + "source.address": "10.178.98.102", + "source.ip": "10.178.98.102", + "source.port": 62995, + "tags": [ + "zeek.http" + ], + "url.domain": "ocsp.apple.com", + "url.original": "/ocsp04-aaica02/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFNqvF+Za6oA4ceFRLsAWwEInjUhJBBQx6napI3Sl39T97qDBpp7GEQ4R7AIIUP1IOZZ86ns=", + "url.port": 80, + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "com.apple.trustd/2.0", + "zeek.http.resp_fuids": [ + "F5zuip1tSwASjNAHy7" + ], + "zeek.http.resp_mime_types": [ + "application/ocsp-response" + ], + "zeek.http.status_msg": "OK", + "zeek.http.tags": [], + "zeek.http.trans_depth": 1, + "zeek.session_id": "CCNp8v1SNzY7v9d1Ih" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/intel/_meta/fields.yml b/filebeat/module/zeek/intel/_meta/fields.yml new file mode 100644 index 00000000000..e43f5951a91 --- /dev/null +++ b/filebeat/module/zeek/intel/_meta/fields.yml @@ -0,0 +1,80 @@ +- name: intel + type: group + default_field: false + description: > + Fields exported by the Zeek Intel log. + fields: + + - name: seen + type: group + fields: + - name: indicator + type: keyword + description: > + The intelligence indicator. + + - name: indicator_type + type: keyword + description: > + The type of data the indicator represents. + + - name: host + type: keyword + description: > + If the indicator type was Intel::ADDR, then this field will be present. + + - name: conn + type: keyword + description: > + If the data was discovered within a connection, the connection record should go here to give context to the data. + + - name: where + type: keyword + description: > + Where the data was discovered. + + - name: node + type: keyword + description: > + The name of the node where the match was discovered. + + - name: uid + type: keyword + description: > + If the data was discovered within a connection, the connection uid should go here to give context to the data. If the conn field is provided, this will be automatically filled out. + + - name: f + type: object + description: > + If the data was discovered within a file, the file record should go here to provide context to the data. + + - name: fuid + type: keyword + description: > + If the data was discovered within a file, the file uid should go here to provide context to the data. If the file record f is provided, this will be automatically filled out. + + + - name: matched + type: keyword + description: > + Event to represent a match in the intelligence data from data that was seen. + + - name: sources + type: keyword + description: > + Sources which supplied data for this match. + + - name: fuid + type: keyword + description: > + If a file was associated with this intelligence hit, this is the uid for the file. + + - name: file_mime_type + type: keyword + description: > + A mime type if the intelligence hit is related to a file. If the $f field is provided this will be automatically filled out. + + - name: file_desc + type: keyword + description: > + Frequently files can be described to give a bit more context. If the $f field is provided this field will be automatically filled out. diff --git a/filebeat/module/zeek/intel/config/intel.yml b/filebeat/module/zeek/intel/config/intel.yml new file mode 100644 index 00000000000..2896ed72db9 --- /dev/null +++ b/filebeat/module/zeek/intel/config/intel.yml @@ -0,0 +1,72 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +processors: + - rename: + fields: + - {from: message, to: event.original} + - decode_json_fields: + fields: [event.original] + target: zeek.intel + - timestamp: + field: zeek.intel.ts + layouts: [UNIX] + test: "1573030980.989353" + - convert: + ignore_missing: true + fields: + - {from: zeek.intel.id.orig_h, to: source.address} + - {from: zeek.intel.id.orig_h, to: source.ip, type: ip} + - {from: zeek.intel.id.orig_p, to: source.port, type: long} + - {from: zeek.intel.id.resp_h, to: destination.address} + - {from: zeek.intel.id.resp_h, to: destination.ip, type: ip} + - {from: zeek.intel.id.resp_p, to: destination.port, type: long} + - rename: + ignore_missing: true + fields: + - from: zeek.intel.uid + to: zeek.session_id + + # Expand field names containing dots. + - from: zeek.intel.seen.indicator + to: seen.indicator + - from: zeek.intel.seen.indicator_type + to: seen.indicator_type + - from: zeek.intel.seen.host + to: seen.host + - from: zeek.intel.seen.where + to: seen.where + - from: zeek.intel.seen.node + to: seen.node + - from: zeek.intel.seen.conn + to: seen.conn + - from: zeek.intel.seen.uid + to: seen.uid + - from: zeek.intel.seen.f + to: seen.f + - from: zeek.intel.seen.fuid + to: seen.fuid + - from: seen + to: zeek.intel.seen + - drop_fields: + ignore_missing: true + fields: + - zeek.intel.ts + - zeek.intel.id.orig_h + - zeek.intel.id.orig_p + - zeek.intel.id.resp_h + - zeek.intel.id.resp_p + - add_fields: + target: event + fields: + kind: alert + type: + - info +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/intel/ingest/pipeline.yml b/filebeat/module/zeek/intel/ingest/pipeline.yml new file mode 100644 index 00000000000..6a2bd6382ad --- /dev/null +++ b/filebeat/module/zeek/intel/ingest/pipeline.yml @@ -0,0 +1,81 @@ +--- +description: Pipeline for normalizing Zeek intel.log. +processors: + - set: + field: event.created + value: "{{_ingest.timestamp}}" + + # IP Geolocation Lookup + - geoip: + if: ctx.source?.geo == null + field: source.ip + target_field: source.geo + ignore_missing: true + properties: + - city_name + - continent_name + - country_iso_code + - country_name + - location + - region_iso_code + - region_name + - geoip: + if: ctx.destination?.geo == null + field: destination.ip + target_field: destination.geo + ignore_missing: true + properties: + - city_name + - continent_name + - country_iso_code + - country_name + - location + - region_iso_code + - region_name + + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + - append: + field: "related.ip" + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" + - append: + field: "related.ip" + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" + +on_failure: + - set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/filebeat/module/zeek/intel/manifest.yml b/filebeat/module/zeek/intel/manifest.yml new file mode 100644 index 00000000000..281f6ed65fe --- /dev/null +++ b/filebeat/module/zeek/intel/manifest.yml @@ -0,0 +1,21 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/intel.log + os.linux: + - /var/log/bro/current/intel.log + os.darwin: + - /usr/local/var/logs/current/intel.log + - name: tags + default: [zeek.intel] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/intel.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/filebeat/module/zeek/intel/test/intel-json.log b/filebeat/module/zeek/intel/test/intel-json.log new file mode 100644 index 00000000000..ce29b924b0a --- /dev/null +++ b/filebeat/module/zeek/intel/test/intel-json.log @@ -0,0 +1 @@ +{"ts":1573030980.989353,"uid":"Ctefoj1tgOPt4D0EK2","id.orig_h":"192.168.1.1","id.orig_p":37598,"id.resp_h":"198.41.0.4","id.resp_p":53,"seen.indicator":"198.41.0.4","seen.indicator_type":"Intel::ADDR","seen.where":"Conn::IN_RESP","seen.node":"worker-1-2","matched":["Intel::ADDR"],"sources":["ETPRO Rep: AbusedTLD Score: 127"]} diff --git a/filebeat/module/zeek/intel/test/intel-json.log-expected.json b/filebeat/module/zeek/intel/test/intel-json.log-expected.json new file mode 100644 index 00000000000..d9de4e04efd --- /dev/null +++ b/filebeat/module/zeek/intel/test/intel-json.log-expected.json @@ -0,0 +1,47 @@ +[ + { + "@timestamp": "2019-11-06T09:03:00.989Z", + "destination.address": "198.41.0.4", + "destination.as.number": 20172, + "destination.as.organization.name": "VeriSign Global Registry Services", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "198.41.0.4", + "destination.port": 53, + "event.dataset": "zeek.intel", + "event.kind": "alert", + "event.module": "zeek", + "event.original": "{\"ts\":1573030980.989353,\"uid\":\"Ctefoj1tgOPt4D0EK2\",\"id.orig_h\":\"192.168.1.1\",\"id.orig_p\":37598,\"id.resp_h\":\"198.41.0.4\",\"id.resp_p\":53,\"seen.indicator\":\"198.41.0.4\",\"seen.indicator_type\":\"Intel::ADDR\",\"seen.where\":\"Conn::IN_RESP\",\"seen.node\":\"worker-1-2\",\"matched\":[\"Intel::ADDR\"],\"sources\":[\"ETPRO Rep: AbusedTLD Score: 127\"]}", + "event.type": [ + "info" + ], + "fileset.name": "intel", + "input.type": "log", + "log.offset": 0, + "related.ip": [ + "192.168.1.1", + "198.41.0.4" + ], + "service.type": "zeek", + "source.address": "192.168.1.1", + "source.ip": "192.168.1.1", + "source.port": 37598, + "tags": [ + "zeek.intel" + ], + "zeek.intel.matched": [ + "Intel::ADDR" + ], + "zeek.intel.seen.indicator": "198.41.0.4", + "zeek.intel.seen.indicator_type": "Intel::ADDR", + "zeek.intel.seen.node": "worker-1-2", + "zeek.intel.seen.where": "Conn::IN_RESP", + "zeek.intel.sources": [ + "ETPRO Rep: AbusedTLD Score: 127" + ], + "zeek.session_id": "Ctefoj1tgOPt4D0EK2" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/irc/_meta/fields.yml b/filebeat/module/zeek/irc/_meta/fields.yml new file mode 100644 index 00000000000..5981bea032f --- /dev/null +++ b/filebeat/module/zeek/irc/_meta/fields.yml @@ -0,0 +1,60 @@ +- name: irc + type: group + default_field: false + description: > + Fields exported by the Zeek IRC log + fields: + - name: nick + type: keyword + description: | + Nickname given for the connection. + + - name: user + type: keyword + description: | + Username given for the connection. + + - name: command + type: keyword + description: | + Command given by the client. + + - name: value + type: keyword + description: | + Value for the command given by the client. + + - name: addl + type: keyword + description: | + Any additional data for the command. + + - name: dcc + type: group + fields: + - name: file + type: group + fields: + - name: name + type: keyword + description: | + Present if base/protocols/irc/dcc-send.bro is loaded. + DCC filename requested. + + - name: size + type: long + description: | + Present if base/protocols/irc/dcc-send.bro is loaded. + Size of the DCC transfer as indicated by the sender. + + - name: mime_type + type: keyword + description: | + present if base/protocols/irc/dcc-send.bro is loaded. + Sniffed mime type of the file. + + - name: fuid + type: keyword + description: | + present if base/protocols/irc/files.bro is loaded. + File unique ID. diff --git a/filebeat/module/zeek/irc/config/irc.yml b/filebeat/module/zeek/irc/config/irc.yml new file mode 100644 index 00000000000..4d5783b8087 --- /dev/null +++ b/filebeat/module/zeek/irc/config/irc.yml @@ -0,0 +1,72 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.transport: tcp + network.protocol: irc + +processors: + - rename: + fields: + - from: "json" + to: "zeek.irc" + + - from: "zeek.irc.id.orig_h" + to: "source.address" + + - from: "zeek.irc.id.orig_p" + to: "source.port" + + - from: "zeek.irc.id.resp_h" + to: "destination.address" + + - from: "zeek.irc.id.resp_p" + to: "destination.port" + + - from: "zeek.irc.uid" + to: "zeek.session_id" + + - from: "zeek.irc.dcc_file_name" + to: "zeek.irc.dcc.file.name" + + - from: "zeek.irc.dcc_file_size" + to: "zeek.irc.dcc.file.size" + + - from: "zee.irc.dcc_mime_type" + to: "zeek.irc.dcc.mime_type" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + - {from: "zeek.irc.user", to: "user.name"} + - {from: "zeek.irc.command", to: "event.action"} + - {from: "zeek.irc.dcc.file.name", to: "file.name"} + - {from: "zeek.irc.dcc.file.size", to: "file.size"} + - {from: "zeek.irc.dcc.mime_type", to: "file.mime_type"} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + category: + - network + type: + - connection + - protocol + - info +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/irc/ingest/pipeline.yml b/filebeat/module/zeek/irc/ingest/pipeline.yml new file mode 100644 index 00000000000..ec04f4e7c93 --- /dev/null +++ b/filebeat/module/zeek/irc/ingest/pipeline.yml @@ -0,0 +1,65 @@ +description: Pipeline for normalizing Zeek irc.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.irc.ts + formats: + - UNIX +- remove: + field: zeek.irc.ts +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +- append: + field: related.user + value: "{{user.name}}" + if: "ctx?.user?.name != null" +- geoip: + field: destination.ip + target_field: destination.geo +- geoip: + field: source.ip + target_field: source.geo +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/irc/manifest.yml b/filebeat/module/zeek/irc/manifest.yml new file mode 100644 index 00000000000..3bf899fd2c0 --- /dev/null +++ b/filebeat/module/zeek/irc/manifest.yml @@ -0,0 +1,17 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/irc.log + os.linux: + - /var/log/bro/current/irc.log + os.darwin: + - /usr/local/var/logs/current/irc.log + - name: tags + default: [zeek.irc] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/irc.yml diff --git a/filebeat/module/zeek/irc/test/irc-json.log b/filebeat/module/zeek/irc/test/irc-json.log new file mode 100644 index 00000000000..70b3b834b2b --- /dev/null +++ b/filebeat/module/zeek/irc/test/irc-json.log @@ -0,0 +1,3 @@ +{"ts":1387554250.647295,"uid":"CNJBX5FQdL62VUUP1","id.orig_h":"10.180.156.249","id.orig_p":45921,"id.resp_h":"38.229.70.20","id.resp_p":8000,"command":"USER","value":"xxxxx","addl":"+iw xxxxx XxxxxxXxxx "} +{"ts":1387554250.647295,"uid":"CNJBX5FQdL62VUUP1","id.orig_h":"10.180.156.249","id.orig_p":45921,"id.resp_h":"38.229.70.20","id.resp_p":8000,"user":"xxxxx","command":"NICK","value":"molochtest","addl":"+iw xxxxx XxxxxxXxxx "} +{"ts":1387554250.706387,"uid":"CNJBX5FQdL62VUUP1","id.orig_h":"10.180.156.249","id.orig_p":45921,"id.resp_h":"38.229.70.20","id.resp_p":8000,"nick":"molochtest","user":"xxxxx","command":"JOIN","value":"#moloch-fpc","addl":" with channel key: \u0027-\u0027"} diff --git a/filebeat/module/zeek/irc/test/irc-json.log-expected.json b/filebeat/module/zeek/irc/test/irc-json.log-expected.json new file mode 100644 index 00000000000..245d1154e86 --- /dev/null +++ b/filebeat/module/zeek/irc/test/irc-json.log-expected.json @@ -0,0 +1,151 @@ +[ + { + "@timestamp": "2013-12-20T15:44:10.647Z", + "destination.address": "38.229.70.20", + "destination.as.number": 23028, + "destination.as.organization.name": "Team Cymru Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "38.229.70.20", + "destination.port": 8000, + "event.action": "USER", + "event.category": [ + "network" + ], + "event.dataset": "zeek.irc", + "event.id": "CNJBX5FQdL62VUUP1", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "connection", + "protocol", + "info" + ], + "fileset.name": "irc", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:YdkGov/c+KLtmg7Cf5DLDB4+YdQ=", + "network.protocol": "irc", + "network.transport": "tcp", + "related.ip": [ + "10.180.156.249", + "38.229.70.20" + ], + "service.type": "zeek", + "source.address": "10.180.156.249", + "source.ip": "10.180.156.249", + "source.port": 45921, + "tags": [ + "zeek.irc" + ], + "zeek.irc.addl": "+iw xxxxx XxxxxxXxxx ", + "zeek.irc.command": "USER", + "zeek.irc.value": "xxxxx", + "zeek.session_id": "CNJBX5FQdL62VUUP1" + }, + { + "@timestamp": "2013-12-20T15:44:10.647Z", + "destination.address": "38.229.70.20", + "destination.as.number": 23028, + "destination.as.organization.name": "Team Cymru Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "38.229.70.20", + "destination.port": 8000, + "event.action": "NICK", + "event.category": [ + "network" + ], + "event.dataset": "zeek.irc", + "event.id": "CNJBX5FQdL62VUUP1", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "connection", + "protocol", + "info" + ], + "fileset.name": "irc", + "input.type": "log", + "log.offset": 206, + "network.community_id": "1:YdkGov/c+KLtmg7Cf5DLDB4+YdQ=", + "network.protocol": "irc", + "network.transport": "tcp", + "related.ip": [ + "10.180.156.249", + "38.229.70.20" + ], + "related.user": [ + "xxxxx" + ], + "service.type": "zeek", + "source.address": "10.180.156.249", + "source.ip": "10.180.156.249", + "source.port": 45921, + "tags": [ + "zeek.irc" + ], + "user.name": "xxxxx", + "zeek.irc.addl": "+iw xxxxx XxxxxxXxxx ", + "zeek.irc.command": "NICK", + "zeek.irc.user": "xxxxx", + "zeek.irc.value": "molochtest", + "zeek.session_id": "CNJBX5FQdL62VUUP1" + }, + { + "@timestamp": "2013-12-20T15:44:10.706Z", + "destination.address": "38.229.70.20", + "destination.as.number": 23028, + "destination.as.organization.name": "Team Cymru Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "38.229.70.20", + "destination.port": 8000, + "event.action": "JOIN", + "event.category": [ + "network" + ], + "event.dataset": "zeek.irc", + "event.id": "CNJBX5FQdL62VUUP1", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "connection", + "protocol", + "info" + ], + "fileset.name": "irc", + "input.type": "log", + "log.offset": 432, + "network.community_id": "1:YdkGov/c+KLtmg7Cf5DLDB4+YdQ=", + "network.protocol": "irc", + "network.transport": "tcp", + "related.ip": [ + "10.180.156.249", + "38.229.70.20" + ], + "related.user": [ + "xxxxx" + ], + "service.type": "zeek", + "source.address": "10.180.156.249", + "source.ip": "10.180.156.249", + "source.port": 45921, + "tags": [ + "zeek.irc" + ], + "user.name": "xxxxx", + "zeek.irc.addl": " with channel key: '-'", + "zeek.irc.command": "JOIN", + "zeek.irc.nick": "molochtest", + "zeek.irc.user": "xxxxx", + "zeek.irc.value": "#moloch-fpc", + "zeek.session_id": "CNJBX5FQdL62VUUP1" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/kerberos/_meta/fields.yml b/filebeat/module/zeek/kerberos/_meta/fields.yml new file mode 100644 index 00000000000..6d247788950 --- /dev/null +++ b/filebeat/module/zeek/kerberos/_meta/fields.yml @@ -0,0 +1,123 @@ +- name: kerberos + type: group + default_field: false + description: > + Fields exported by the Zeek Kerberos log + fields: + - name: request_type + type: keyword + description: > + Request type - Authentication Service (AS) or Ticket Granting Service (TGS). + + - name: client + type: keyword + description: > + Client name. + + - name: service + type: keyword + description: > + Service name. + + - name: success + type: boolean + description: > + Request result. + + - name: error + type: group + fields: + - name: code + type: integer + description: > + Error code. + + - name: msg + type: keyword + description: > + Error message. + + - name: valid + type: group + fields: + - name: from + type: date + description: > + Ticket valid from. + + - name: until + type: date + description: > + Ticket valid until. + + - name: days + type: integer + description: > + Number of days the ticket is valid for. + + - name: cipher + type: keyword + description: > + Ticket encryption type. + + - name: forwardable + type: boolean + description: > + Forwardable ticket requested. + + - name: renewable + type: boolean + description: > + Renewable ticket requested. + + - name: ticket + type: group + fields: + - name: auth + type: keyword + description: > + Hash of ticket used to authorize request/transaction. + + - name: new + type: keyword + description: > + Hash of ticket returned by the KDC. + + - name: cert + type: group + fields: + - name: client + type: group + fields: + - name: value + type: keyword + description: > + Client certificate. + + - name: fuid + type: keyword + description: > + File unique ID of client cert. + + - name: subject + type: keyword + description: > + Subject of client certificate. + + - name: server + type: group + fields: + - name: value + type: keyword + description: > + Server certificate. + + - name: fuid + type: keyword + description: > + File unique ID of server certificate. + + - name: subject + type: keyword + description: > + Subject of server certificate. diff --git a/filebeat/module/zeek/kerberos/config/kerberos.yml b/filebeat/module/zeek/kerberos/config/kerberos.yml new file mode 100644 index 00000000000..28c49507406 --- /dev/null +++ b/filebeat/module/zeek/kerberos/config/kerberos.yml @@ -0,0 +1,104 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.transport: tcp + network.protocol: kerberos + +processors: + - rename: + fields: + - from: "json" + to: "zeek.kerberos" + + - from: "zeek.kerberos.id.orig_h" + to: "source.address" + + - from: "zeek.kerberos.id.orig_p" + to: "source.port" + + - from: "zeek.kerberos.id.resp_h" + to: "destination.address" + + - from: "zeek.kerberos.id.resp_p" + to: "destination.port" + + - from: "zeek.kerberos.uid" + to: "zeek.session_id" + + - from: "zeek.kerberos.till" + to: "zeek.kerberos.valid.until" + + - from: "zeek.kerberos.from" + to: "zeek.kerberos.valid.from" + + - from: "zeek.kerberos.error_code" + to: "zeek.kerberos.error.code" + + - from: "zeek.kerberos.error_msg" + to: "zeek.kerberos.error.msg" + + - from: "zeek.kerberos.cert.client" + to: "zeek.kerberos.cert.client.value" + + - from: "zeek.kerberos.cert.client_subject" + to: "zeek.kerberos.cert.client.subject" + + - from: "zeek.kerberos.cert.client_fuid" + to: "zeek.kerberos.cert.client.fuid" + + - from: "zeek.kerberos.cert.server" + to: "zeek.kerberos.cert.server.value" + + - from: "zeek.kerberos.cert.server_subject" + to: "zeek.kerberos.cert.server.subject" + + - from: "zeek.kerberos.cert.server_fuid" + to: "zeek.kerberos.cert.server.fuid" + + - from: "zeek.kerberos.auth_ticket" + to: "zeek.kerberos.ticket.auth" + + - from: "zeek.kerberos.new_ticket" + to: "zeek.kerberos.ticket.new" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "source.address", to: "client.address"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + - {from: "destination.address", to: "server.address"} + - {from: "zeek.kerberos.request_type", to: "event.action"} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + category: + - network + type: + - connection + - protocol + - authentication + - dissect: + when: + contains: + zeek.kerberos.client: "/" + tokenizer: "%{user.name}/%{user.domain}" + field: zeek.kerberos.client + target_prefix: "" +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/kerberos/ingest/pipeline.yml b/filebeat/module/zeek/kerberos/ingest/pipeline.yml new file mode 100644 index 00000000000..05005491115 --- /dev/null +++ b/filebeat/module/zeek/kerberos/ingest/pipeline.yml @@ -0,0 +1,90 @@ +description: Pipeline for normalizing Zeek kerberos.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.kerberos.ts + formats: + - UNIX +- remove: + field: zeek.kerberos.ts +- script: + source: "ctx.zeek.kerberos.valid.days = Math.round( (ctx.zeek.kerberos.valid.until - ctx.zeek.kerberos.valid.from) / 86400 )" + if: "ctx.zeek.kerberos.valid?.from != null && ctx.zeek.kerberos.valid?.until != null" +- date: + field: zeek.kerberos.valid.until + target_field: zeek.kerberos.valid.until + formats: + - UNIX + if: ctx.zeek.kerberos.valid?.until != null +- date: + field: zeek.kerberos.valid.from + target_field: zeek.kerberos.valid.from + formats: + - UNIX + if: ctx.zeek.kerberos.valid?.from != null +- set: + field: event.outcome + value: success + if: "ctx?.zeek?.kerberos?.success == true" +- set: + field: event.outcome + value: failure + if: "ctx?.zeek?.kerberos?.success == false" +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +- append: + field: related.user + value: "{{user.name}}" + if: "ctx?.user?.name != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/kerberos/manifest.yml b/filebeat/module/zeek/kerberos/manifest.yml new file mode 100644 index 00000000000..4a94434f1d4 --- /dev/null +++ b/filebeat/module/zeek/kerberos/manifest.yml @@ -0,0 +1,20 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/kerberos.log + os.linux: + - /var/log/bro/current/kerberos.log + os.darwin: + - /usr/local/var/logs/current/kerberos.log + - name: tags + default: [zeek.kerberos] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/kerberos.yml + +requires.processors: +- name: date diff --git a/filebeat/module/zeek/kerberos/test/kerberos-json.log b/filebeat/module/zeek/kerberos/test/kerberos-json.log new file mode 100644 index 00000000000..416f2a09c3e --- /dev/null +++ b/filebeat/module/zeek/kerberos/test/kerberos-json.log @@ -0,0 +1 @@ +{"ts":1507565599.590346,"uid":"C56Flhb4WQBNkfMOl","id.orig_h":"192.168.10.31","id.orig_p":49242,"id.resp_h":"192.168.10.10","id.resp_p":88,"request_type":"TGS","client":"RonHD/CONTOSO.LOCAL","service":"HOST/admin-pc","success":true,"till":2136422885.0,"cipher":"aes256-cts-hmac-sha1-96","forwardable":true,"renewable":true} diff --git a/filebeat/module/zeek/kerberos/test/kerberos-json.log-expected.json b/filebeat/module/zeek/kerberos/test/kerberos-json.log-expected.json new file mode 100644 index 00000000000..e01e42a4036 --- /dev/null +++ b/filebeat/module/zeek/kerberos/test/kerberos-json.log-expected.json @@ -0,0 +1,55 @@ +[ + { + "@timestamp": "2017-10-09T16:13:19.590Z", + "client.address": "192.168.10.31", + "destination.address": "192.168.10.10", + "destination.ip": "192.168.10.10", + "destination.port": 88, + "event.action": "TGS", + "event.category": [ + "network" + ], + "event.dataset": "zeek.kerberos", + "event.id": "C56Flhb4WQBNkfMOl", + "event.kind": "event", + "event.module": "zeek", + "event.outcome": "success", + "event.type": [ + "connection", + "protocol", + "authentication" + ], + "fileset.name": "kerberos", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:DW/lSsosl8gZ8pqO9kKMm7cZheQ=", + "network.protocol": "kerberos", + "network.transport": "tcp", + "related.ip": [ + "192.168.10.31", + "192.168.10.10" + ], + "related.user": [ + "RonHD" + ], + "server.address": "192.168.10.10", + "service.type": "zeek", + "source.address": "192.168.10.31", + "source.ip": "192.168.10.31", + "source.port": 49242, + "tags": [ + "zeek.kerberos" + ], + "user.domain": "CONTOSO.LOCAL", + "user.name": "RonHD", + "zeek.kerberos.cipher": "aes256-cts-hmac-sha1-96", + "zeek.kerberos.client": "RonHD/CONTOSO.LOCAL", + "zeek.kerberos.forwardable": true, + "zeek.kerberos.renewable": true, + "zeek.kerberos.request_type": "TGS", + "zeek.kerberos.service": "HOST/admin-pc", + "zeek.kerberos.success": true, + "zeek.kerberos.valid.until": "2037-09-13T02:48:05.000Z", + "zeek.session_id": "C56Flhb4WQBNkfMOl" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/modbus/_meta/fields.yml b/filebeat/module/zeek/modbus/_meta/fields.yml new file mode 100644 index 00000000000..3a8e70f85d7 --- /dev/null +++ b/filebeat/module/zeek/modbus/_meta/fields.yml @@ -0,0 +1,21 @@ +- name: modbus + type: group + default_field: false + description: > + Fields exported by the Zeek modbus log. + fields: + - name: function + type: keyword + description: | + The name of the function message that was sent. + + - name: exception + type: keyword + description: | + The exception if the response was a failure. + + - name: track_address + type: integer + description: | + Present if policy/protocols/modbus/track-memmap.bro is loaded. + Modbus track address. diff --git a/filebeat/module/zeek/modbus/config/modbus.yml b/filebeat/module/zeek/modbus/config/modbus.yml new file mode 100644 index 00000000000..6dc8c3004d4 --- /dev/null +++ b/filebeat/module/zeek/modbus/config/modbus.yml @@ -0,0 +1,73 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.transport: tcp + network.protocol: modbus + +processors: + - rename: + fields: + - from: "json" + to: "zeek.modbus" + + - from: "zeek.modbus.id.orig_h" + to: "source.address" + + - from: "zeek.modbus.id.orig_p" + to: "source.port" + + - from: "zeek.modbus.id.resp_h" + to: "destination.address" + + - from: "zeek.modbus.id.resp_p" + to: "destination.port" + + - from: "zeek.modbus.uid" + to: "zeek.session_id" + + - from: "zeek.modbus.func" + to: "zeek.modbus.function" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + - {from: "zeek.modbus.function", to: "event.action"} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + category: + - network + type: + - connection + - protocol + - if: + has_fields: ['zeek.modbus.exception'] + then: + - add_fields: + target: event + fields: + outcome: failure + else: + - add_fields: + target: event + fields: + outcome: success +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/modbus/ingest/pipeline.yml b/filebeat/module/zeek/modbus/ingest/pipeline.yml new file mode 100644 index 00000000000..d053a541ef5 --- /dev/null +++ b/filebeat/module/zeek/modbus/ingest/pipeline.yml @@ -0,0 +1,63 @@ +description: Pipeline for normalizing Zeek modbus.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.modbus.ts + formats: + - UNIX +- remove: + field: zeek.modbus.ts +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/modbus/manifest.yml b/filebeat/module/zeek/modbus/manifest.yml new file mode 100644 index 00000000000..e20412fadc6 --- /dev/null +++ b/filebeat/module/zeek/modbus/manifest.yml @@ -0,0 +1,17 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/modbus.log + os.linux: + - /var/log/bro/current/modbus.log + os.darwin: + - /usr/local/var/logs/current/modbus.log + - name: tags + default: [zeek.modbus] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/modbus.yml diff --git a/filebeat/module/zeek/modbus/test/modbus-json.log b/filebeat/module/zeek/modbus/test/modbus-json.log new file mode 100644 index 00000000000..b86198ae943 --- /dev/null +++ b/filebeat/module/zeek/modbus/test/modbus-json.log @@ -0,0 +1 @@ +{"ts":1352718265.222457,"uid":"CpIIXl4DFGswmjH2bl","id.orig_h":"192.168.1.10","id.orig_p":64342,"id.resp_h":"192.168.1.164","id.resp_p":502,"func":"READ_COILS"} diff --git a/filebeat/module/zeek/modbus/test/modbus-json.log-expected.json b/filebeat/module/zeek/modbus/test/modbus-json.log-expected.json new file mode 100644 index 00000000000..ba9034a3621 --- /dev/null +++ b/filebeat/module/zeek/modbus/test/modbus-json.log-expected.json @@ -0,0 +1,40 @@ +[ + { + "@timestamp": "2012-11-12T11:04:25.222Z", + "destination.address": "192.168.1.164", + "destination.ip": "192.168.1.164", + "destination.port": 502, + "event.action": "READ_COILS", + "event.category": [ + "network" + ], + "event.dataset": "zeek.modbus", + "event.id": "CpIIXl4DFGswmjH2bl", + "event.kind": "event", + "event.module": "zeek", + "event.outcome": "success", + "event.type": [ + "connection", + "protocol" + ], + "fileset.name": "modbus", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:jEXbR2FqHyMgLJgyYyFQN3yxbpc=", + "network.protocol": "modbus", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.10", + "192.168.1.164" + ], + "service.type": "zeek", + "source.address": "192.168.1.10", + "source.ip": "192.168.1.10", + "source.port": 64342, + "tags": [ + "zeek.modbus" + ], + "zeek.modbus.function": "READ_COILS", + "zeek.session_id": "CpIIXl4DFGswmjH2bl" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/module.yml b/filebeat/module/zeek/module.yml new file mode 100644 index 00000000000..4d55536c0c6 --- /dev/null +++ b/filebeat/module/zeek/module.yml @@ -0,0 +1,3 @@ +dashboards: +- id: 7cbb5410-3700-11e9-aa6d-ff445a78330c + file: Filebeat-Zeek-Overview.json diff --git a/filebeat/module/zeek/mysql/_meta/fields.yml b/filebeat/module/zeek/mysql/_meta/fields.yml new file mode 100644 index 00000000000..d779391f0d8 --- /dev/null +++ b/filebeat/module/zeek/mysql/_meta/fields.yml @@ -0,0 +1,30 @@ +- name: mysql + type: group + default_field: false + description: > + Fields exported by the Zeek MySQL log. + fields: + - name: cmd + type: keyword + description: | + The command that was issued. + + - name: arg + type: keyword + description: | + The argument issued to the command. + + - name: success + type: boolean + description: | + Whether the command succeeded. + + - name: rows + type: integer + description: | + The number of affected rows, if any. + + - name: response + type: keyword + description: | + Server message, if any. diff --git a/filebeat/module/zeek/mysql/config/mysql.yml b/filebeat/module/zeek/mysql/config/mysql.yml new file mode 100644 index 00000000000..b28262b5bd5 --- /dev/null +++ b/filebeat/module/zeek/mysql/config/mysql.yml @@ -0,0 +1,72 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.transport: tcp + network.protocol: mysql + +processors: + - rename: + fields: + - from: "json" + to: "zeek.mysql" + + - from: "zeek.mysql.id.orig_h" + to: "source.address" + + - from: "zeek.mysql.id.orig_p" + to: "source.port" + + - from: "zeek.mysql.id.resp_h" + to: "destination.address" + + - from: "zeek.mysql.id.resp_p" + to: "destination.port" + + - from: "zeek.mysql.uid" + to: "zeek.session_id" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + - {from: "zeek.mysql.cmd", to: "event.action"} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + category: + - database + - network + type: + - connection + - protocol + - if: + equals: + zeek.mysql.success: true + then: + - add_fields: + target: event + fields: + outcome: success + else: + - add_fields: + target: event + fields: + outcome: failure +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/mysql/ingest/pipeline.yml b/filebeat/module/zeek/mysql/ingest/pipeline.yml new file mode 100644 index 00000000000..ca2c6c57172 --- /dev/null +++ b/filebeat/module/zeek/mysql/ingest/pipeline.yml @@ -0,0 +1,83 @@ +description: Pipeline for normalizing Zeek mysql.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.mysql.ts + formats: + - UNIX +- remove: + field: zeek.mysql.ts +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- append: + field: event.type + value: access + if: "ctx?.zeek?.mysql?.cmd != null && (ctx.zeek.mysql.cmd == 'connect' || ctx.zeek.mysql.cmd == 'connect_out')" +- append: + field: event.type + value: change + if: "ctx?.zeek?.mysql?.cmd != null && (ctx.zeek.mysql.cmd == 'init_db' || ctx.zeek.mysql.cmd == 'change_user' || ctx.zeek.mysql.cmd == 'set_option' || ctx.zeek.mysql.cmd == 'drop_db' || ctx.zeek.mysql.cmd == 'create_db' || ctx.zeek.mysql.cmd == 'process_kill' || ctx.zeek.mysql.cmd == 'delayed_insert')" +- append: + field: event.type + value: info + if: "ctx?.zeek?.mysql?.cmd != null && ctx.zeek.mysql.cmd != 'init_db' && ctx.zeek.mysql.cmd != 'change_user' && ctx.zeek.mysql.cmd != 'set_option' && ctx.zeek.mysql.cmd != 'drop_db' && ctx.zeek.mysql.cmd != 'create_db' && ctx.zeek.mysql.cmd != 'process_kill' && ctx.zeek.mysql.cmd != 'delayed_insert' && ctx.zeek.mysql.cmd != 'connect' && ctx.zeek.mysql.cmd != 'connect_out'" +- append: + field: event.type + value: start + if: "ctx?.zeek?.mysql?.cmd != null && ctx.zeek.mysql.cmd == 'connect'" +- append: + field: event.type + value: end + if: "ctx?.zeek?.mysql?.cmd != null && ctx.zeek.mysql.cmd == 'connect_out'" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/mysql/manifest.yml b/filebeat/module/zeek/mysql/manifest.yml new file mode 100644 index 00000000000..1b7ec4edb19 --- /dev/null +++ b/filebeat/module/zeek/mysql/manifest.yml @@ -0,0 +1,17 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/mysql.log + os.linux: + - /var/log/bro/current/mysql.log + os.darwin: + - /usr/local/var/logs/current/mysql.log + - name: tags + default: [zeek.mysql] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/mysql.yml diff --git a/filebeat/module/zeek/mysql/test/mysql-json.log b/filebeat/module/zeek/mysql/test/mysql-json.log new file mode 100644 index 00000000000..5269c836f2a --- /dev/null +++ b/filebeat/module/zeek/mysql/test/mysql-json.log @@ -0,0 +1 @@ +{"ts":1216281087.437392,"uid":"C5Hol527kLMUw36hj3","id.orig_h":"192.168.0.254","id.orig_p":56162,"id.resp_h":"192.168.0.254","id.resp_p":3306,"cmd":"query","arg":"select count(*) from foo","success":true,"rows":1} diff --git a/filebeat/module/zeek/mysql/test/mysql-json.log-expected.json b/filebeat/module/zeek/mysql/test/mysql-json.log-expected.json new file mode 100644 index 00000000000..bf68cae48fe --- /dev/null +++ b/filebeat/module/zeek/mysql/test/mysql-json.log-expected.json @@ -0,0 +1,45 @@ +[ + { + "@timestamp": "2008-07-17T07:51:27.437Z", + "destination.address": "192.168.0.254", + "destination.ip": "192.168.0.254", + "destination.port": 3306, + "event.action": "query", + "event.category": [ + "database", + "network" + ], + "event.dataset": "zeek.mysql", + "event.id": "C5Hol527kLMUw36hj3", + "event.kind": "event", + "event.module": "zeek", + "event.outcome": "success", + "event.type": [ + "connection", + "protocol", + "info" + ], + "fileset.name": "mysql", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:0HUQbshhYbATQXDHv/ysOs0DlZA=", + "network.protocol": "mysql", + "network.transport": "tcp", + "related.ip": [ + "192.168.0.254", + "192.168.0.254" + ], + "service.type": "zeek", + "source.address": "192.168.0.254", + "source.ip": "192.168.0.254", + "source.port": 56162, + "tags": [ + "zeek.mysql" + ], + "zeek.mysql.arg": "select count(*) from foo", + "zeek.mysql.cmd": "query", + "zeek.mysql.rows": 1, + "zeek.mysql.success": true, + "zeek.session_id": "C5Hol527kLMUw36hj3" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/notice/_meta/fields.yml b/filebeat/module/zeek/notice/_meta/fields.yml new file mode 100644 index 00000000000..8a9fc977e14 --- /dev/null +++ b/filebeat/module/zeek/notice/_meta/fields.yml @@ -0,0 +1,133 @@ +- name: notice + type: group + description: > + Fields exported by the Zeek Notice log. + fields: + - name: connection_id + type: keyword + description: > + Identifier of the related connection session. + + - name: icmp_id + type: keyword + description: > + Identifier of the related ICMP session. + + - name: file.id + type: keyword + description: > + An identifier associated with a single file that is related to this notice. + + - name: file.parent_id + type: keyword + description: > + Identifier associated with a container file from which this one was extracted. + + - name: file.source + type: keyword + description: | + An identification of the source of the file data. E.g. it may be a network protocol + over which it was transferred, or a local file path which was read, or some other + input source. + + - name: file.mime_type + type: keyword + description: > + A mime type if the notice is related to a file. + + - name: file.is_orig + type: boolean + description: | + If the source of this file is a network connection, this field indicates if the file is + being sent by the originator of the connection or the responder. + + - name: file.seen_bytes + type: long + description: > + Number of bytes provided to the file analysis engine for the file. + + - name: ffile.total_bytes + type: long + description: > + Total number of bytes that are supposed to comprise the full file. + + - name: file.missing_bytes + type: long + description: | + The number of bytes in the file stream that were completely missed during the process + of analysis. + + - name: file.overflow_bytes + type: long + description: | + The number of bytes in the file stream that were not delivered to stream file analyzers. + This could be overlapping bytes or bytes that couldn't be reassembled. + + - name: fuid + type: keyword + description: > + A file unique ID if this notice is related to a file. + + - name: note + type: keyword + description: > + The type of the notice. + + - name: msg + type: keyword + description: > + The human readable message for the notice. + + - name: sub + type: keyword + description: > + The human readable sub-message. + + - name: n + type: long + description: > + Associated count, or a status code. + + - name: peer_name + type: keyword + description: > + Name of remote peer that raised this notice. + + - name: peer_descr + type: text + description: > + Textual description for the peer that raised this notice. + + - name: actions + type: keyword + description: > + The actions which have been applied to this notice. + + - name: email_body_sections + type: text + description: | + By adding chunks of text into this element, other scripts can expand on notices + that are being emailed. + + - name: email_delay_tokens + type: keyword + description: | + Adding a string token to this set will cause the built-in emailing functionality + to delay sending the email either the token has been removed or the email + has been delayed for the specified time duration. + + - name: identifier + type: keyword + description: > + This field is provided when a notice is generated for the purpose of deduplicating notices. + + - name: suppress_for + type: double + description: > + This field indicates the length of time that this unique notice should be suppressed. + + - name: dropped + type: boolean + description: > + Indicate if the source IP address was dropped and denied network access. + diff --git a/filebeat/module/zeek/notice/config/notice.yml b/filebeat/module/zeek/notice/config/notice.yml new file mode 100644 index 00000000000..32ab849b6b5 --- /dev/null +++ b/filebeat/module/zeek/notice/config/notice.yml @@ -0,0 +1,102 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +processors: + - drop_fields: + fields: ["json.actions"] + - rename: + fields: + - from: "json" + to: "zeek.notice" + + - from: "zeek.notice.src" + to: "source.address" + + - from: "zeek.notice.dst" + to: "destination.address" + + - from: "zeek.notice.uid" + to: "zeek.session_id" + + - from: "zeek.notice.p" + to: "destination.port" + + - from: "zeek.notice.conn" + to: "zeek.notice.connnection_id" + + - from: "zeek.notice.iconn" + to: "zeek.notice.icmp_id" + + - from: "zeek.notice.id.orig_h" + to: "source.address" + + - from: "zeek.notice.id.orig_p" + to: "source.port" + + - from: "zeek.notice.id.resp_h" + to: "destination.address" + + - from: "zeek.notice.id.resp_p" + to: "destination.port" + + - from: "zeek.notice.proto" + to: "network.transport" + + - from: "zeek.notice.id.orig_p" + to: "source.port" + + - from: "zeek.notice.f.id" + to: "zeek.notice.file.id" + + - from: "zeek.notice.f.parent_id" + to: "zeek.notice.file.parent_id" + + - from: "zeek.notice.f.source" + to: "zeek.notice.file.source" + + - from: "zeek.notice.f.is_orig" + to: "zeek.notice.file.is_orig" + + - from: "zeek.notice.f.seen_bytes" + to: "zeek.notice.file.seen_bytes" + + - from: "zeek.notice.f.total_bytes" + to: "zeek.notice.file.total_bytes" + + - from: "zeek.notice.file_mime_type" + to: "zeek.notice.file.mime_type" + + ignore_missing: true + fail_on_error: false + + - drop_fields: + fields: ["zeek.notice.remote_location", "zeek.notice.f"] + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + - {from: "zeek.notice.file.total_bytes", to: "file.size"} + - {from: "zeek.notice.file.mime_type", to: "file.mime_type"} + - {from: "zeek.notice.note", to: "rule.name"} + - {from: "zeek.notice.msg", to: "rule.description"} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: alert + category: + - intrusion_detection + type: + - info +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/notice/ingest/pipeline.yml b/filebeat/module/zeek/notice/ingest/pipeline.yml new file mode 100644 index 00000000000..c4dee6b78f2 --- /dev/null +++ b/filebeat/module/zeek/notice/ingest/pipeline.yml @@ -0,0 +1,71 @@ +description: Pipeline for normalizing Zeek notice.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.notice.ts + formats: + - UNIX +- remove: + field: zeek.notice.ts +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +- append: + field: event.type + value: allowed + if: "ctx?.zeek?.notice?.dropped == false" +- append: + field: event.type + value: denied + if: "ctx?.zeek?.notice?.dropped == true" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/notice/manifest.yml b/filebeat/module/zeek/notice/manifest.yml new file mode 100644 index 00000000000..e2bdf695027 --- /dev/null +++ b/filebeat/module/zeek/notice/manifest.yml @@ -0,0 +1,21 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/notice.log + os.linux: + - /var/log/bro/current/notice.log + os.darwin: + - /usr/local/var/logs/current/notice.log + - name: tags + default: [zeek.notice] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/notice.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/filebeat/module/zeek/notice/test/notice-json.log b/filebeat/module/zeek/notice/test/notice-json.log new file mode 100644 index 00000000000..bac408ed58f --- /dev/null +++ b/filebeat/module/zeek/notice/test/notice-json.log @@ -0,0 +1,2 @@ +{"ts":1320435875.879278,"note":"SSH::Password_Guessing","msg":"172.16.238.1 appears to be guessing SSH passwords (seen in 30 connections).","sub":"Sampled servers: 172.16.238.136, 172.16.238.136, 172.16.238.136, 172.16.238.136, 172.16.238.136","src":"172.16.238.1","peer_descr":"bro","actions":["Notice::ACTION_LOG"],"suppress_for":3600.0,"dropped":false} +{"ts":1551393388.426472,"note":"Scan::Port_Scan","msg":"8.42.77.171 scanned at least 15 unique ports of host 207.154.238.205 in 0m0s","sub":"remote","src":"8.42.77.171","dst":"207.154.238.205","peer_descr":"bro","actions":["Notice::ACTION_LOG"],"suppress_for":3600.0,"dropped":false} diff --git a/filebeat/module/zeek/notice/test/notice-json.log-expected.json b/filebeat/module/zeek/notice/test/notice-json.log-expected.json new file mode 100644 index 00000000000..a5838e9f3f1 --- /dev/null +++ b/filebeat/module/zeek/notice/test/notice-json.log-expected.json @@ -0,0 +1,89 @@ +[ + { + "@timestamp": "2011-11-04T19:44:35.879Z", + "event.category": [ + "intrusion_detection" + ], + "event.dataset": "zeek.notice", + "event.kind": "alert", + "event.module": "zeek", + "event.type": [ + "info", + "allowed" + ], + "fileset.name": "notice", + "input.type": "log", + "log.offset": 0, + "related.ip": [ + "172.16.238.1" + ], + "rule.description": "172.16.238.1 appears to be guessing SSH passwords (seen in 30 connections).", + "rule.name": "SSH::Password_Guessing", + "service.type": "zeek", + "source.address": "172.16.238.1", + "source.ip": "172.16.238.1", + "tags": [ + "zeek.notice" + ], + "zeek.notice.dropped": false, + "zeek.notice.msg": "172.16.238.1 appears to be guessing SSH passwords (seen in 30 connections).", + "zeek.notice.note": "SSH::Password_Guessing", + "zeek.notice.peer_descr": "bro", + "zeek.notice.sub": "Sampled servers: 172.16.238.136, 172.16.238.136, 172.16.238.136, 172.16.238.136, 172.16.238.136", + "zeek.notice.suppress_for": 3600 + }, + { + "@timestamp": "2019-02-28T22:36:28.426Z", + "destination.address": "207.154.238.205", + "destination.as.number": 14061, + "destination.as.organization.name": "DigitalOcean, LLC", + "destination.geo.city_name": "Frankfurt am Main", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "DE", + "destination.geo.location.lat": 50.1188, + "destination.geo.location.lon": 8.6843, + "destination.geo.region_iso_code": "DE-HE", + "destination.geo.region_name": "Hesse", + "destination.ip": "207.154.238.205", + "event.category": [ + "intrusion_detection" + ], + "event.dataset": "zeek.notice", + "event.kind": "alert", + "event.module": "zeek", + "event.type": [ + "info", + "allowed" + ], + "fileset.name": "notice", + "input.type": "log", + "log.offset": 357, + "related.ip": [ + "8.42.77.171", + "207.154.238.205" + ], + "rule.description": "8.42.77.171 scanned at least 15 unique ports of host 207.154.238.205 in 0m0s", + "rule.name": "Scan::Port_Scan", + "service.type": "zeek", + "source.address": "8.42.77.171", + "source.as.number": 393552, + "source.as.organization.name": "Longmont Power & Communications", + "source.geo.city_name": "Longmont", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 40.1559, + "source.geo.location.lon": -105.1624, + "source.geo.region_iso_code": "US-CO", + "source.geo.region_name": "Colorado", + "source.ip": "8.42.77.171", + "tags": [ + "zeek.notice" + ], + "zeek.notice.dropped": false, + "zeek.notice.msg": "8.42.77.171 scanned at least 15 unique ports of host 207.154.238.205 in 0m0s", + "zeek.notice.note": "Scan::Port_Scan", + "zeek.notice.peer_descr": "bro", + "zeek.notice.sub": "remote", + "zeek.notice.suppress_for": 3600 + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/ntlm/_meta/fields.yml b/filebeat/module/zeek/ntlm/_meta/fields.yml new file mode 100644 index 00000000000..35b383c2579 --- /dev/null +++ b/filebeat/module/zeek/ntlm/_meta/fields.yml @@ -0,0 +1,46 @@ +- name: ntlm + type: group + default_field: false + description: > + Fields exported by the Zeek NTLM log. + fields: + - name: domain + type: keyword + description: > + Domain name given by the client. + + - name: hostname + type: keyword + description: > + Hostname given by the client. + + - name: success + type: boolean + description: > + Indicate whether or not the authentication was successful. + + - name: username + type: keyword + description: > + Username given by the client. + + - name: server + type: group + fields: + - name: name + type: group + fields: + - name: dns + type: keyword + description: > + DNS name given by the server in a CHALLENGE. + + - name: netbios + type: keyword + description: > + NetBIOS name given by the server in a CHALLENGE. + + - name: tree + type: keyword + description: > + Tree name given by the server in a CHALLENGE. diff --git a/filebeat/module/zeek/ntlm/config/ntlm.yml b/filebeat/module/zeek/ntlm/config/ntlm.yml new file mode 100644 index 00000000000..55a6795b6fa --- /dev/null +++ b/filebeat/module/zeek/ntlm/config/ntlm.yml @@ -0,0 +1,86 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.transport: tcp + network.protocol: ntlm + +processors: + - rename: + fields: + - from: "json" + to: "zeek.ntlm" + + - from: "zeek.ntlm.id.orig_h" + to: "source.address" + + - from: "zeek.ntlm.id.orig_p" + to: "source.port" + + - from: "zeek.ntlm.id.resp_h" + to: "destination.address" + + - from: "zeek.ntlm.id.resp_p" + to: "destination.port" + + - from: "zeek.ntlm.uid" + to: "zeek.session_id" + + - from: "zeek.ntlm.domainname" + to: "zeek.ntlm.domain" + + - from: "zeek.ntlm.server_dns_computer_name" + to: "zeek.ntlm.server.name.dns" + + - from: "zeek.ntlm.server_nb_computer_name" + to: "zeek.ntlm.server.name.netbios" + + - from: "zeek.ntlm.server_tree_name" + to: "zeek.ntlm.server.name.tree" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + - {from: "zeek.ntlm.username", to: "user.name"} + - {from: "zeek.ntlm.domain", to: "user.domain"} + - add_fields: + target: event + fields: + kind: event + category: + - authentication + - network + type: + - info + - connection + - if: + equals: + zeek.ntlm.success: true + then: + - add_fields: + target: event + fields: + outcome: success + - if: + equals: + zeek.ntlm.success: false + then: + - add_fields: + target: event + fields: + outcome: failure +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/ntlm/ingest/pipeline.yml b/filebeat/module/zeek/ntlm/ingest/pipeline.yml new file mode 100644 index 00000000000..9f76d461392 --- /dev/null +++ b/filebeat/module/zeek/ntlm/ingest/pipeline.yml @@ -0,0 +1,67 @@ +description: Pipeline for normalizing Zeek ntlm.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.ntlm.ts + formats: + - UNIX +- remove: + field: zeek.ntlm.ts +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +- append: + field: related.user + value: "{{user.name}}" + if: "ctx?.user?.name != null" +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/ntlm/manifest.yml b/filebeat/module/zeek/ntlm/manifest.yml new file mode 100644 index 00000000000..545bef85aaa --- /dev/null +++ b/filebeat/module/zeek/ntlm/manifest.yml @@ -0,0 +1,17 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/ntlm.log + os.linux: + - /var/log/bro/current/ntlm.log + os.darwin: + - /usr/local/var/logs/current/ntlm.log + - name: tags + default: [zeek.ntlm] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/ntlm.yml diff --git a/filebeat/module/zeek/ntlm/test/ntlm-json.log b/filebeat/module/zeek/ntlm/test/ntlm-json.log new file mode 100644 index 00000000000..f5573086fd1 --- /dev/null +++ b/filebeat/module/zeek/ntlm/test/ntlm-json.log @@ -0,0 +1 @@ +{"ts":1508959117.814467,"uid":"CHphiNUKDC20fsy09","id.orig_h":"192.168.10.50","id.orig_p":46785,"id.resp_h":"192.168.10.31","id.resp_p":445,"username":"JeffV","hostname":"ybaARon55QykXrgu","domainname":"contoso.local","server_nb_computer_name":"VICTIM-PC","server_dns_computer_name":"Victim-PC.contoso.local","server_tree_name":"contoso.local"} diff --git a/filebeat/module/zeek/ntlm/test/ntlm-json.log-expected.json b/filebeat/module/zeek/ntlm/test/ntlm-json.log-expected.json new file mode 100644 index 00000000000..c85d3127476 --- /dev/null +++ b/filebeat/module/zeek/ntlm/test/ntlm-json.log-expected.json @@ -0,0 +1,49 @@ +[ + { + "@timestamp": "2017-10-25T19:18:37.814Z", + "destination.address": "192.168.10.31", + "destination.ip": "192.168.10.31", + "destination.port": 445, + "event.category": [ + "authentication", + "network" + ], + "event.dataset": "zeek.ntlm", + "event.id": "CHphiNUKDC20fsy09", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "info", + "connection" + ], + "fileset.name": "ntlm", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:zxnXAE/Cme5fQhh6sJLs7GItc08=", + "network.protocol": "ntlm", + "network.transport": "tcp", + "related.ip": [ + "192.168.10.50", + "192.168.10.31" + ], + "related.user": [ + "JeffV" + ], + "service.type": "zeek", + "source.address": "192.168.10.50", + "source.ip": "192.168.10.50", + "source.port": 46785, + "tags": [ + "zeek.ntlm" + ], + "user.domain": "contoso.local", + "user.name": "JeffV", + "zeek.ntlm.domain": "contoso.local", + "zeek.ntlm.hostname": "ybaARon55QykXrgu", + "zeek.ntlm.server.name.dns": "Victim-PC.contoso.local", + "zeek.ntlm.server.name.netbios": "VICTIM-PC", + "zeek.ntlm.server.name.tree": "contoso.local", + "zeek.ntlm.username": "JeffV", + "zeek.session_id": "CHphiNUKDC20fsy09" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/ocsp/_meta/fields.yml b/filebeat/module/zeek/ocsp/_meta/fields.yml new file mode 100644 index 00000000000..4e98f4c66f2 --- /dev/null +++ b/filebeat/module/zeek/ocsp/_meta/fields.yml @@ -0,0 +1,68 @@ +- name: ocsp + type: group + default_field: false + description: | + Fields exported by the Zeek OCSP log + Online Certificate Status Protocol (OCSP). Only created if policy script is loaded. + fields: + - name: file_id + type: keyword + description: | + File id of the OCSP reply. + - name: hash + type: group + fields: + - name: algorithm + type: keyword + description: | + Hash algorithm used to generate issuerNameHash and issuerKeyHash. + + - name: issuer + type: group + fields: + - name: name + type: keyword + description: | + Hash of the issuer's distingueshed name. + + - name: key + type: keyword + description: | + Hash of the issuer's public key. + + - name: serial_number + type: keyword + description: | + Serial number of the affected certificate. + + - name: status + type: keyword + description: | + Status of the affected certificate. + + - name: revoke + type: group + fields: + - name: time + type: date + description: | + Time at which the certificate was revoked. + + - name: reason + type: keyword + description: | + Reason for which the certificate was revoked. + + - name: update + type: group + fields: + - name: this + type: date + description: | + The time at which the status being shows is known to have been correct. + + - name: next + type: date + description: | + The latest time at which new information about the status of the certificate will be available. + diff --git a/filebeat/module/zeek/ocsp/config/ocsp.yml b/filebeat/module/zeek/ocsp/config/ocsp.yml new file mode 100644 index 00000000000..f6298a36d1e --- /dev/null +++ b/filebeat/module/zeek/ocsp/config/ocsp.yml @@ -0,0 +1,62 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.transport: tcp + +processors: + - rename: + fields: + - from: "json" + to: "zeek.ocsp" + + - from: "zeek.ocsp.id" + to: "zeek.ocsp.file_id" + + - from: "zeek.ocsp.hashAlgorithm" + to: "zeek.ocsp.hash.algorithm" + + - from: "zeek.ocsp.issuerNameHash" + to: "zeek.ocsp.hash.issuer.name" + + - from: "zeek.ocsp.issuerKeyHash" + to: "zeek.ocsp.hash.issuer.key" + + - from: "zeek.ocsp.serialNumber" + to: "zeek.ocsp.serial_number" + + - from: "zeek.ocsp.serialNumber" + to: "zeek.ocsp.serial_number" + + - from: "zeek.ocsp.certStatus" + to: "zeek.ocsp.status" + + - from: "zeek.ocsp.certStatus" + to: "zeek.ocsp.status" + + - from: "zeek.ocsp.revoketime" + to: "zeek.ocsp.revoke.date" + + - from: "zeek.ocsp.revokereason" + to: "zeek.ocsp.revoke.reason" + + - from: "zeek.ocsp.thisUpdate" + to: "zeek.ocsp.update.this" + + - from: "zeek.ocsp.nextUpdate" + to: "zeek.ocsp.update.next" + + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event diff --git a/filebeat/module/zeek/ocsp/ingest/pipeline.yml b/filebeat/module/zeek/ocsp/ingest/pipeline.yml new file mode 100644 index 00000000000..63a878825d7 --- /dev/null +++ b/filebeat/module/zeek/ocsp/ingest/pipeline.yml @@ -0,0 +1,41 @@ +description: Pipeline for normalizing Zeek ocsp.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.ocsp.ts + formats: + - UNIX +- remove: + field: zeek.ocsp.ts +- date: + field: zeek.ocsp.revoke.date + target_field: zeek.ocsp.revoke.date + formats: + - UNIX + if: ctx.zeek.ocsp.revoke?.date != null +- date: + field: zeek.ocsp.update.this + target_field: zeek.ocsp.update.this + formats: + - UNIX + if: ctx.zeek.ocsp.update?.this != null +- date: + field: zeek.ocsp.update.next + target_field: zeek.ocsp.update.next + formats: + - UNIX + if: ctx.zeek.ocsp.update?.next != null +- append: + field: related.hash + value: "{{zeek.ocsp.issuerNameHash}}" + if: "ctx?.zeek?.ocsp?.issuerNameHash != null" +- append: + field: related.hash + value: "{{zeek.ocsp.issuerKeyHash}}" + if: "ctx?.zeek?.ocsp?.issuerKeyHash != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/ocsp/manifest.yml b/filebeat/module/zeek/ocsp/manifest.yml new file mode 100644 index 00000000000..35bcfccdcb6 --- /dev/null +++ b/filebeat/module/zeek/ocsp/manifest.yml @@ -0,0 +1,15 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/ocsp.log + os.linux: + - /var/log/bro/current/ocsp.log + os.darwin: + - /usr/local/var/logs/current/ocsp.log + - name: tags + default: [zeek.ocsp] + +ingest_pipeline: ingest/pipeline.yml +input: config/ocsp.yml diff --git a/filebeat/module/zeek/pe/_meta/fields.yml b/filebeat/module/zeek/pe/_meta/fields.yml new file mode 100644 index 00000000000..b862b77cad8 --- /dev/null +++ b/filebeat/module/zeek/pe/_meta/fields.yml @@ -0,0 +1,91 @@ +- name: pe + type: group + default_field: false + description: > + Fields exported by the Zeek pe log. + fields: + - name: client + type: keyword + description: > + The client's version string. + + - name: id + type: keyword + description: > + File id of this portable executable file. + + - name: machine + type: keyword + description: > + The target machine that the file was compiled for. + + - name: compile_time + type: date + description: > + The time that the file was created at. + + - name: os + type: keyword + description: > + The required operating system. + + - name: subsystem + type: keyword + description: > + The subsystem that is required to run this file. + + - name: is_exe + type: boolean + description: > + Is the file an executable, or just an object file? + + - name: is_64bit + type: boolean + description: > + Is the file a 64-bit executable? + + - name: uses_aslr + type: boolean + description: > + Does the file support Address Space Layout Randomization? + + - name: uses_dep + type: boolean + description: > + Does the file support Data Execution Prevention? + + - name: uses_code_integrity + type: boolean + description: > + Does the file enforce code integrity checks? + + - name: uses_seh + type: boolean + description: > + Does the file use structured exception handing? + + - name: has_import_table + type: boolean + description: > + Does the file have an import table? + + - name: has_export_table + type: boolean + description: > + Does the file have an export table? + + - name: has_cert_table + type: boolean + description: > + Does the file have an attribute certificate table? + + - name: has_debug_data + type: boolean + description: > + Does the file have a debug table? + + - name: section_names + type: keyword + description: > + The names of the sections, in order. + diff --git a/filebeat/module/zeek/pe/config/pe.yml b/filebeat/module/zeek/pe/config/pe.yml new file mode 100644 index 00000000000..cf5f54396ad --- /dev/null +++ b/filebeat/module/zeek/pe/config/pe.yml @@ -0,0 +1,31 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true + +processors: + - rename: + fields: + - from: "json" + to: "zeek.pe" + + - from: "zeek.pe.compile_ts" + to: "zeek.pe.compile_time" + + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + category: + - file + type: + - info diff --git a/filebeat/module/zeek/pe/ingest/pipeline.yml b/filebeat/module/zeek/pe/ingest/pipeline.yml new file mode 100644 index 00000000000..6a7fa7dca87 --- /dev/null +++ b/filebeat/module/zeek/pe/ingest/pipeline.yml @@ -0,0 +1,21 @@ +description: Pipeline for normalizing Zeek pe.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.pe.ts + formats: + - UNIX +- remove: + field: zeek.pe.ts +- date: + field: zeek.pe.compile_time + target_field: zeek.pe.compile_time + formats: + - UNIX + if: ctx.zeek.pe.compile_time != null +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/pe/manifest.yml b/filebeat/module/zeek/pe/manifest.yml new file mode 100644 index 00000000000..16dfe2e4634 --- /dev/null +++ b/filebeat/module/zeek/pe/manifest.yml @@ -0,0 +1,17 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/pe.log + os.linux: + - /var/log/bro/current/pe.log + os.darwin: + - /usr/local/var/logs/current/pe.log + - name: tags + default: [zeek.pe] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/pe.yml diff --git a/filebeat/module/zeek/pe/test/pe-json.log b/filebeat/module/zeek/pe/test/pe-json.log new file mode 100644 index 00000000000..ace64a88214 --- /dev/null +++ b/filebeat/module/zeek/pe/test/pe-json.log @@ -0,0 +1 @@ +{"ts":1507565599.578328,"id":"FtIFnm3ZqI1s96P74l","machine":"I386","compile_ts":1467139314.0,"os":"Windows XP","subsystem":"WINDOWS_CUI","is_exe":true,"is_64bit":false,"uses_aslr":true,"uses_dep":true,"uses_code_integrity":false,"uses_seh":true,"has_import_table":true,"has_export_table":false,"has_cert_table":true,"has_debug_data":false,"section_names":[".text",".rdata",".data",".rsrc",".reloc"]} diff --git a/filebeat/module/zeek/pe/test/pe-json.log-expected.json b/filebeat/module/zeek/pe/test/pe-json.log-expected.json new file mode 100644 index 00000000000..3356f0ef793 --- /dev/null +++ b/filebeat/module/zeek/pe/test/pe-json.log-expected.json @@ -0,0 +1,43 @@ +[ + { + "@timestamp": "2017-10-09T16:13:19.578Z", + "event.category": [ + "file" + ], + "event.dataset": "zeek.pe", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "info" + ], + "fileset.name": "pe", + "input.type": "log", + "log.offset": 0, + "service.type": "zeek", + "tags": [ + "zeek.pe" + ], + "zeek.pe.compile_time": "2016-06-28T18:41:54.000Z", + "zeek.pe.has_cert_table": true, + "zeek.pe.has_debug_data": false, + "zeek.pe.has_export_table": false, + "zeek.pe.has_import_table": true, + "zeek.pe.id": "FtIFnm3ZqI1s96P74l", + "zeek.pe.is_64bit": false, + "zeek.pe.is_exe": true, + "zeek.pe.machine": "I386", + "zeek.pe.os": "Windows XP", + "zeek.pe.section_names": [ + ".text", + ".rdata", + ".data", + ".rsrc", + ".reloc" + ], + "zeek.pe.subsystem": "WINDOWS_CUI", + "zeek.pe.uses_aslr": true, + "zeek.pe.uses_code_integrity": false, + "zeek.pe.uses_dep": true, + "zeek.pe.uses_seh": true + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/radius/_meta/fields.yml b/filebeat/module/zeek/radius/_meta/fields.yml new file mode 100644 index 00000000000..a71dd2f0361 --- /dev/null +++ b/filebeat/module/zeek/radius/_meta/fields.yml @@ -0,0 +1,50 @@ +- name: radius + type: group + default_field: false + description: > + Fields exported by the Zeek Radius log. + fields: + - name: username + type: keyword + description: | + The username, if present. + + - name: mac + type: keyword + description: | + MAC address, if present. + + - name: framed_addr + type: ip + description: | + The address given to the network access server, if present. This is only a hint from the RADIUS server and the network access server is not required to honor the address. + + - name: remote_ip + type: ip + description: | + Remote IP address, if present. This is collected from the Tunnel-Client-Endpoint attribute. + + - name: connect_info + type: keyword + description: | + Connect info, if present. + + - name: reply_msg + type: keyword + description: | + Reply message from the server challenge. This is frequently shown to the user authenticating. + + - name: result + type: keyword + description: | + Successful or failed authentication. + + - name: ttl + type: integer + description: | + The duration between the first request and either the "Access-Accept" message or an error. If the field is empty, it means that either the request or response was not seen. + + - name: logged + type: boolean + description: | + Whether this has already been logged and can be ignored. diff --git a/filebeat/module/zeek/radius/config/radius.yml b/filebeat/module/zeek/radius/config/radius.yml new file mode 100644 index 00000000000..38338b1c84f --- /dev/null +++ b/filebeat/module/zeek/radius/config/radius.yml @@ -0,0 +1,58 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.transport: udp + network.protocol: radius + +processors: + - rename: + fields: + - from: "json" + to: "zeek.radius" + + - from: "zeek.radius.id.orig_h" + to: "source.address" + + - from: "zeek.radius.id.orig_p" + to: "source.port" + + - from: "zeek.radius.id.resp_h" + to: "destination.address" + + - from: "zeek.radius.id.resp_p" + to: "destination.port" + + - from: "zeek.radius.uid" + to: "zeek.session_id" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + - {from: "zeek.radius.username", to: "user.name"} + - {from: "zeek.radius.result", to: "event.outcome"} + - add_fields: + target: event + fields: + kind: event + category: + - authentication + - network + type: + - info + - connection +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/radius/ingest/pipeline.yml b/filebeat/module/zeek/radius/ingest/pipeline.yml new file mode 100644 index 00000000000..c69dfaefbb4 --- /dev/null +++ b/filebeat/module/zeek/radius/ingest/pipeline.yml @@ -0,0 +1,67 @@ +description: Pipeline for normalizing Zeek radius.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.radius.ts + formats: + - UNIX +- remove: + field: zeek.radius.ts +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- append: + field: related.user + value: "{{user.name}}" + if: "ctx?.user?.name != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/radius/manifest.yml b/filebeat/module/zeek/radius/manifest.yml new file mode 100644 index 00000000000..f881f404d7a --- /dev/null +++ b/filebeat/module/zeek/radius/manifest.yml @@ -0,0 +1,17 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/radius.log + os.linux: + - /var/log/bro/current/radius.log + os.darwin: + - /usr/local/var/logs/current/radius.log + - name: tags + default: [zeek.radius] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/radius.yml diff --git a/filebeat/module/zeek/radius/test/radius-json.log b/filebeat/module/zeek/radius/test/radius-json.log new file mode 100644 index 00000000000..c4b8bc4e562 --- /dev/null +++ b/filebeat/module/zeek/radius/test/radius-json.log @@ -0,0 +1 @@ +{"ts":1217631137.916736,"uid":"CRe9VD3flCDWbPmpIh","id.orig_h":"10.0.0.1","id.orig_p":1645,"id.resp_h":"10.0.0.100","id.resp_p":1812,"username":"John.McGuirk","mac":"00:14:22:e9:54:5e","result":"success"} diff --git a/filebeat/module/zeek/radius/test/radius-json.log-expected.json b/filebeat/module/zeek/radius/test/radius-json.log-expected.json new file mode 100644 index 00000000000..894b85f435f --- /dev/null +++ b/filebeat/module/zeek/radius/test/radius-json.log-expected.json @@ -0,0 +1,46 @@ +[ + { + "@timestamp": "2008-08-01T22:52:17.916Z", + "destination.address": "10.0.0.100", + "destination.ip": "10.0.0.100", + "destination.port": 1812, + "event.category": [ + "authentication", + "network" + ], + "event.dataset": "zeek.radius", + "event.id": "CRe9VD3flCDWbPmpIh", + "event.kind": "event", + "event.module": "zeek", + "event.outcome": "success", + "event.type": [ + "info", + "connection" + ], + "fileset.name": "radius", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:3SdDgWXPnheV2oGfVmxQjfwtr8E=", + "network.protocol": "radius", + "network.transport": "udp", + "related.ip": [ + "10.0.0.1", + "10.0.0.100" + ], + "related.user": [ + "John.McGuirk" + ], + "service.type": "zeek", + "source.address": "10.0.0.1", + "source.ip": "10.0.0.1", + "source.port": 1645, + "tags": [ + "zeek.radius" + ], + "user.name": "John.McGuirk", + "zeek.radius.mac": "00:14:22:e9:54:5e", + "zeek.radius.result": "success", + "zeek.radius.username": "John.McGuirk", + "zeek.session_id": "CRe9VD3flCDWbPmpIh" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/rdp/_meta/fields.yml b/filebeat/module/zeek/rdp/_meta/fields.yml new file mode 100644 index 00000000000..fc7566a3b7d --- /dev/null +++ b/filebeat/module/zeek/rdp/_meta/fields.yml @@ -0,0 +1,103 @@ +- name: rdp + type: group + default_field: false + description: > + Fields exported by the Zeek RDP log. + fields: + - name: cookie + type: keyword + description: | + Cookie value used by the client machine. This is typically a username. + + - name: result + type: keyword + description: | + Status result for the connection. It's a mix between RDP negotation failure messages and GCC server create response messages. + + - name: security_protocol + type: keyword + description: | + Security protocol chosen by the server. + + - name: keyboard_layout + type: keyword + description: | + Keyboard layout (language) of the client machine. + + - name: client + type: group + fields: + - name: build + type: keyword + description: | + RDP client version used by the client machine. + + - name: client_name + type: keyword + description: | + Name of the client machine. + + - name: product_id + type: keyword + description: | + Product ID of the client machine. + + - name: desktop + type: group + fields: + - name: width + type: integer + description: | + Desktop width of the client machine. + + - name: height + type: integer + description: | + Desktop height of the client machine. + + - name: color_depth + type: keyword + description: | + The color depth requested by the client in the high_color_depth field. + + - name: cert + type: group + fields: + - name: type + type: keyword + description: | + If the connection is being encrypted with native RDP encryption, this is the type of cert being used. + + - name: count + type: integer + description: | + The number of certs seen. X.509 can transfer an entire certificate chain. + + - name: permanent + type: boolean + description: | + Indicates if the provided certificate or certificate chain is permanent or temporary. + + - name: encryption + type: group + fields: + - name: level + type: keyword + description: | + Encryption level of the connection. + + - name: method + type: keyword + description: | + Encryption method of the connection. + + - name: done + type: boolean + description: | + Track status of logging RDP connections. + + - name: ssl + type: boolean + description: | + (present if policy/protocols/rdp/indicate_ssl.bro is loaded) + Flag the connection if it was seen over SSL. diff --git a/filebeat/module/zeek/rdp/config/rdp.yml b/filebeat/module/zeek/rdp/config/rdp.yml new file mode 100644 index 00000000000..b9b19e79dd7 --- /dev/null +++ b/filebeat/module/zeek/rdp/config/rdp.yml @@ -0,0 +1,88 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.transport: tcp + network.protocol: rdp + +processors: + - rename: + fields: + - from: "json" + to: "zeek.rdp" + + - from: "zeek.rdp.id.orig_h" + to: "source.address" + + - from: "zeek.rdp.id.orig_p" + to: "source.port" + + - from: "zeek.rdp.id.resp_h" + to: "destination.address" + + - from: "zeek.rdp.id.resp_p" + to: "destination.port" + + - from: "zeek.rdp.uid" + to: "zeek.session_id" + + - from: "zeek.rdp.client_build" + to: "zeek.rdp.client.build" + + - from: "zeek.rdp.client_name" + to: "zeek.rdp.client.name" + + - from: "zeek.rdp.client_dig_product_id" + to: "zeek.rdp.client.product_id" + + - from: "zeek.rdp.desktop_width" + to: "zeek.rdp.desktop.width" + + - from: "zeek.rdp.desktop_height" + to: "zeek.rdp.desktop.height" + + - from: "zeek.rdp.requested_color_depth" + to: "zeek.rdp.desktop.color_depth" + + - from: "zeek.rdp.cert_type" + to: "zeek.rdp.cert.type" + + - from: "zeek.rdp.cert_count" + to: "zeek.rdp.cert.count" + + - from: "zeek.rdp.cert_permanent" + to: "zeek.rdp.cert.permanent" + + - from: "zeek.rdp.encryption_level" + to: "zeek.rdp.encryption.level" + + - from: "zeek.rdp.encryption_method" + to: "zeek.rdp.encryption.method" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + - add_fields: + target: event + fields: + kind: event + category: + - network + type: + - protocol + - info +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/rdp/ingest/pipeline.yml b/filebeat/module/zeek/rdp/ingest/pipeline.yml new file mode 100644 index 00000000000..d6b70dd92e6 --- /dev/null +++ b/filebeat/module/zeek/rdp/ingest/pipeline.yml @@ -0,0 +1,68 @@ +description: Pipeline for normalizing Zeek rdp.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.rdp.ts + formats: + - UNIX +- remove: + field: zeek.rdp.ts +- convert: + field: zeek.rdp.ssl + target_field: tls.established + type: boolean + ignore_missing: true +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/rdp/manifest.yml b/filebeat/module/zeek/rdp/manifest.yml new file mode 100644 index 00000000000..b0c76c9f3a3 --- /dev/null +++ b/filebeat/module/zeek/rdp/manifest.yml @@ -0,0 +1,17 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/rdp.log + os.linux: + - /var/log/bro/current/rdp.log + os.darwin: + - /usr/local/var/logs/current/rdp.log + - name: tags + default: [zeek.rdp] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/rdp.yml diff --git a/filebeat/module/zeek/rdp/test/rdp-json.log b/filebeat/module/zeek/rdp/test/rdp-json.log new file mode 100644 index 00000000000..7a523f9ba68 --- /dev/null +++ b/filebeat/module/zeek/rdp/test/rdp-json.log @@ -0,0 +1 @@ +{"ts":1568132339.668952,"uid":"C2PcYV7D3ntaHm056","id.orig_h":"192.168.131.1","id.orig_p":33872,"id.resp_h":"192.168.131.131","id.resp_p":3389,"result":"encrypted","security_protocol":"HYBRID","cert_count":0,"ssl":true} diff --git a/filebeat/module/zeek/rdp/test/rdp-json.log-expected.json b/filebeat/module/zeek/rdp/test/rdp-json.log-expected.json new file mode 100644 index 00000000000..878eb3e2050 --- /dev/null +++ b/filebeat/module/zeek/rdp/test/rdp-json.log-expected.json @@ -0,0 +1,42 @@ +[ + { + "@timestamp": "2019-09-10T16:18:59.668Z", + "destination.address": "192.168.131.131", + "destination.ip": "192.168.131.131", + "destination.port": 3389, + "event.category": [ + "network" + ], + "event.dataset": "zeek.rdp", + "event.id": "C2PcYV7D3ntaHm056", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "protocol", + "info" + ], + "fileset.name": "rdp", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:PsQu6lSZioPVi0A5K7UaeGsVqS0=", + "network.protocol": "rdp", + "network.transport": "tcp", + "related.ip": [ + "192.168.131.1", + "192.168.131.131" + ], + "service.type": "zeek", + "source.address": "192.168.131.1", + "source.ip": "192.168.131.1", + "source.port": 33872, + "tags": [ + "zeek.rdp" + ], + "tls.established": true, + "zeek.rdp.cert.count": 0, + "zeek.rdp.result": "encrypted", + "zeek.rdp.security_protocol": "HYBRID", + "zeek.rdp.ssl": true, + "zeek.session_id": "C2PcYV7D3ntaHm056" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/rfb/_meta/fields.yml b/filebeat/module/zeek/rfb/_meta/fields.yml new file mode 100644 index 00000000000..16e11029736 --- /dev/null +++ b/filebeat/module/zeek/rfb/_meta/fields.yml @@ -0,0 +1,67 @@ +- name: rfb + type: group + default_field: false + description: > + Fields exported by the Zeek RFB log. + fields: + - name: version + type: group + fields: + - name: client + type: group + fields: + - name: major + type: keyword + description: | + Major version of the client. + + - name: minor + type: keyword + description: | + Minor version of the client. + + - name: server + type: group + fields: + - name: major + type: keyword + description: | + Major version of the server. + + - name: minor + type: keyword + description: | + Minor version of the server. + + - name: auth + type: group + fields: + - name: success + type: boolean + description: | + Whether or not authentication was successful. + + - name: method + type: keyword + description: | + Identifier of authentication method used. + + - name: share_flag + type: boolean + description: | + Whether the client has an exclusive or a shared session. + + - name: desktop_name + type: keyword + description: | + Name of the screen that is being shared. + + - name: width + type: integer + description: | + Width of the screen that is being shared. + + - name: height + type: integer + description: | + Height of the screen that is being shared. diff --git a/filebeat/module/zeek/rfb/config/rfb.yml b/filebeat/module/zeek/rfb/config/rfb.yml new file mode 100644 index 00000000000..f9a2618b02b --- /dev/null +++ b/filebeat/module/zeek/rfb/config/rfb.yml @@ -0,0 +1,73 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.transport: tcp + network.protocol: rfb + +processors: + - rename: + fields: + - from: "json" + to: "zeek.rfb" + + - from: "zeek.rfb.id.orig_h" + to: "source.address" + + - from: "zeek.rfb.id.orig_p" + to: "source.port" + + - from: "zeek.rfb.id.resp_h" + to: "destination.address" + + - from: "zeek.rfb.id.resp_p" + to: "destination.port" + + - from: "zeek.rfb.uid" + to: "zeek.session_id" + + - from: "zeek.rfb.client_major_version" + to: "zeek.rfb.version.client.major" + + - from: "zeek.rfb.client_minor_version" + to: "zeek.rfb.version.client.minor" + + - from: "zeek.rfb.server_major_version" + to: "zeek.rfb.version.server.major" + + - from: "zeek.rfb.server_minor_version" + to: "zeek.rfb.version.server.minor" + + - from: "zeek.rfb.auth" + to: "zeek.rfb.auth.success" + + - from: "zeek.rfb.authentication_method" + to: "zeek.rfb.auth.method" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + - add_fields: + target: event + fields: + kind: event + category: + - network + type: + - connection + - info +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/rfb/ingest/pipeline.yml b/filebeat/module/zeek/rfb/ingest/pipeline.yml new file mode 100644 index 00000000000..8cf2cebdf4d --- /dev/null +++ b/filebeat/module/zeek/rfb/ingest/pipeline.yml @@ -0,0 +1,63 @@ +description: Pipeline for normalizing Zeek rfb.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.rfb.ts + formats: + - UNIX +- remove: + field: zeek.rfb.ts +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/rfb/manifest.yml b/filebeat/module/zeek/rfb/manifest.yml new file mode 100644 index 00000000000..2b9daaab107 --- /dev/null +++ b/filebeat/module/zeek/rfb/manifest.yml @@ -0,0 +1,17 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/rfb.log + os.linux: + - /var/log/bro/current/rfb.log + os.darwin: + - /usr/local/var/logs/current/rfb.log + - name: tags + default: [zeek.rfb] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/rfb.yml diff --git a/filebeat/module/zeek/rfb/test/rfb-json.log b/filebeat/module/zeek/rfb/test/rfb-json.log new file mode 100644 index 00000000000..934ef34e915 --- /dev/null +++ b/filebeat/module/zeek/rfb/test/rfb-json.log @@ -0,0 +1 @@ +{"ts":1328632534.517208,"uid":"CXoIzM3wH3fUwXtKN1","id.orig_h":"192.168.1.123","id.orig_p":58102,"id.resp_h":"192.168.1.10","id.resp_p":5900,"client_major_version":"003","client_minor_version":"008","server_major_version":"003","server_minor_version":"008","authentication_method":"VNC","auth":true,"share_flag":false,"desktop_name":"\u00a0","width":800,"height":600} diff --git a/filebeat/module/zeek/rfb/test/rfb-json.log-expected.json b/filebeat/module/zeek/rfb/test/rfb-json.log-expected.json new file mode 100644 index 00000000000..83b5544b655 --- /dev/null +++ b/filebeat/module/zeek/rfb/test/rfb-json.log-expected.json @@ -0,0 +1,47 @@ +[ + { + "@timestamp": "2012-02-07T16:35:34.517Z", + "destination.address": "192.168.1.10", + "destination.ip": "192.168.1.10", + "destination.port": 5900, + "event.category": [ + "network" + ], + "event.dataset": "zeek.rfb", + "event.id": "CXoIzM3wH3fUwXtKN1", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "connection", + "info" + ], + "fileset.name": "rfb", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:AtPVA5phuztnwqMfO/2142WXVdY=", + "network.protocol": "rfb", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.123", + "192.168.1.10" + ], + "service.type": "zeek", + "source.address": "192.168.1.123", + "source.ip": "192.168.1.123", + "source.port": 58102, + "tags": [ + "zeek.rfb" + ], + "zeek.rfb.auth.method": "VNC", + "zeek.rfb.auth.success": true, + "zeek.rfb.desktop_name": "\u00a0", + "zeek.rfb.height": 600, + "zeek.rfb.share_flag": false, + "zeek.rfb.version.client.major": "003", + "zeek.rfb.version.client.minor": "008", + "zeek.rfb.version.server.major": "003", + "zeek.rfb.version.server.minor": "008", + "zeek.rfb.width": 800, + "zeek.session_id": "CXoIzM3wH3fUwXtKN1" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/sip/_meta/fields.yml b/filebeat/module/zeek/sip/_meta/fields.yml new file mode 100644 index 00000000000..09e40c632a1 --- /dev/null +++ b/filebeat/module/zeek/sip/_meta/fields.yml @@ -0,0 +1,122 @@ +- name: sip + type: group + default_field: false + description: > + Fields exported by the Zeek SIP log. + fields: + - name: transaction_depth + type: integer + description: > + Represents the pipelined depth into the connection of this request/response transaction. + + - name: sequence + type: group + fields: + - name: method + type: keyword + description: > + Verb used in the SIP request (INVITE, REGISTER etc.). + + - name: number + type: keyword + description: > + Contents of the CSeq: header from the client. + + - name: uri + type: keyword + description: > + URI used in the request. + + - name: date + type: keyword + description: > + Contents of the Date: header from the client. + + - name: request + type: group + fields: + - name: from + type: keyword + description: > + Contents of the request From: header Note: The tag= value that's usually appended to the sender is stripped off and not logged. + + - name: to + type: keyword + description: > + Contents of the To: header. + + - name: path + type: keyword + description: > + The client message transmission path, as extracted from the headers. + + - name: body_length + type: long + description: > + Contents of the Content-Length: header from the client. + + - name: response + type: group + fields: + - name: from + type: keyword + description: > + Contents of the response From: header Note: The tag= value that's usually appended to the sender is stripped off and not logged. + + - name: to + type: keyword + description: > + Contents of the response To: header. + + - name: path + type: keyword + description: > + The server message transmission path, as extracted from the headers. + + - name: body_length + type: long + description: > + Contents of the Content-Length: header from the server. + + - name: reply_to + type: keyword + description: > + Contents of the Reply-To: header. + + - name: call_id + type: keyword + description: > + Contents of the Call-ID: header from the client. + + - name: subject + type: keyword + description: > + Contents of the Subject: header from the client. + + - name: user_agent + type: keyword + description: > + Contents of the User-Agent: header from the client. + + - name: status + type: group + fields: + - name: code + type: integer + description: > + Status code returned by the server. + + - name: msg + type: keyword + description: > + Status message returned by the server. + + - name: warning + type: keyword + description: > + Contents of the Warning: header. + + - name: content_type + type: keyword + description: > + Contents of the Content-Type: header from the server. diff --git a/filebeat/module/zeek/sip/config/sip.yml b/filebeat/module/zeek/sip/config/sip.yml new file mode 100644 index 00000000000..c94dbe5e40e --- /dev/null +++ b/filebeat/module/zeek/sip/config/sip.yml @@ -0,0 +1,95 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.transport: udp + network.protocol: sip + +processors: + - rename: + fields: + - from: "json" + to: "zeek.sip" + + - from: "zeek.sip.id.orig_h" + to: "source.address" + + - from: "zeek.sip.id.orig_p" + to: "source.port" + + - from: "zeek.sip.id.resp_h" + to: "destination.address" + + - from: "zeek.sip.id.resp_p" + to: "destination.port" + + - from: "zeek.sip.uid" + to: "zeek.session_id" + + - from: "zeek.sip.trans_depth" + to: "zeek.sip.transaction_depth" + + - from: "zeek.sip.method" + to: "zeek.sip.sequence.method" + + - from: "zeek.sip.request_from" + to: "zeek.sip.request.from" + + - from: "zeek.sip.request_to" + to: "zeek.sip.request.to" + + - from: "zeek.sip.request_path" + to: "zeek.sip.request.path" + + - from: "zeek.sip.request_body_len" + to: "zeek.sip.request.body_length" + + - from: "zeek.sip.response_from" + to: "zeek.sip.response.from" + + - from: "zeek.sip.response_to" + to: "zeek.sip.response.to" + + - from: "zeek.sip.response_path" + to: "zeek.sip.response.path" + + - from: "zeek.sip.response_body_len" + to: "zeek.sip.response.body_length" + + - from: "zeek.sip.status_code" + to: "zeek.sip.status.code" + + - from: "zeek.sip.status_msg" + to: "zeek.sip.status.msg" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + - {from: "zeek.sip.sequence.method", to: "event.action"} + - {from: "zeek.sip.uri", to: "url.full"} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + category: + - network + type: + - connection + - protocol +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/sip/ingest/pipeline.yml b/filebeat/module/zeek/sip/ingest/pipeline.yml new file mode 100644 index 00000000000..9982cb82d87 --- /dev/null +++ b/filebeat/module/zeek/sip/ingest/pipeline.yml @@ -0,0 +1,83 @@ +description: Pipeline for normalizing Zeek sip.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.sip.ts + formats: + - UNIX +- remove: + field: zeek.sip.ts +- grok: + field: zeek.sip.seq + patterns: + - '%{NUMBER:zeek.sip.sequence.number}' + ignore_missing: true +- remove: + field: zeek.sip.seq + ignore_missing: true +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +- append: + field: event.type + value: error + if: "ctx?.zeek?.sip?.status?.code != null && ctx.zeek.sip.status.code >= 400" +- set: + field: event.outcome + value: failure + if: "ctx?.zeek?.sip?.status?.code != null && ctx.zeek.sip.status.code >= 400" +- set: + field: event.outcome + value: success + if: "ctx?.zeek?.sip?.status?.code != null && ctx.zeek.sip.status.code < 400" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/sip/manifest.yml b/filebeat/module/zeek/sip/manifest.yml new file mode 100644 index 00000000000..8da0cc443dd --- /dev/null +++ b/filebeat/module/zeek/sip/manifest.yml @@ -0,0 +1,17 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/sip.log + os.linux: + - /var/log/bro/current/sip.log + os.darwin: + - /usr/local/var/logs/current/sip.log + - name: tags + default: [zeek.sip] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/sip.yml diff --git a/filebeat/module/zeek/sip/test/sip-json.log b/filebeat/module/zeek/sip/test/sip-json.log new file mode 100644 index 00000000000..0442b80670b --- /dev/null +++ b/filebeat/module/zeek/sip/test/sip-json.log @@ -0,0 +1,3 @@ +{"ts":1361916159.055464,"uid":"CPRLCB4eWHdjP852Bk","id.orig_h":"172.16.133.19","id.orig_p":5060,"id.resp_h":"74.63.41.218","id.resp_p":5060,"trans_depth":0,"method":"REGISTER","uri":"sip:newyork.voip.ms:5060","request_from":"\u0022AppNeta\u0022 ","request_to":"","response_from":"\u0022AppNeta\u0022 ","response_to":";tag=as023f66a5","call_id":"8694cd7e-976e4fc3-d76f6e38@172.16.133.19","seq":"4127 REGISTER","request_path":["SIP/2.0/UDP 172.16.133.19:5060"],"response_path":["SIP/2.0/UDP 172.16.133.19:5060"],"user_agent":"PolycomSoundStationIP-SSIP_5000-UA/3.2.4.0267","status_code":401,"status_msg":"Unauthorized","request_body_len":0,"response_body_len":0} +{"ts":1105725482.965944,"uid":"ComJz236lSOcuOmix3","id.orig_h":"200.57.7.204","id.orig_p":5061,"id.resp_h":"200.57.7.195","id.resp_p":5060,"trans_depth":0,"method":"INVITE","uri":"sip:francisco@bestel.com:55060","request_from":"","request_to":"\u0022francisco@bestel.com\u0022 ","response_from":"","response_to":"\u0022francisco@bestel.com\u0022 ;tag=298852044","call_id":"12013223@200.57.7.195","seq":"1 INVITE","request_path":["SIP/2.0/UDP 200.57.7.195","SIP/2.0/UDP 200.57.7.195:55061"],"response_path":["SIP/2.0/UDP 200.57.7.195","SIP/2.0/UDP 200.57.7.195:55061","SIP/2.0/UDP 200.57.7.195","SIP/2.0/UDP 200.57.7.195:55061"],"status_code":180,"status_msg":"Ringing","request_body_len":229,"response_body_len":0} +{"ts":1105725487.022577,"uid":"CJZDWgixtwqXctWEg","id.orig_h":"200.57.7.205","id.orig_p":5061,"id.resp_h":"200.57.7.195","id.resp_p":5060,"trans_depth":0,"method":"REGISTER","uri":"sip:Verso.com","request_from":"Ivan ","request_to":"Ivan ","response_from":"\u0022Ivan\u0022 ","response_to":"\u0022Ivan\u0022 ","call_id":"46E1C3CB36304F84A020CF6DD3F96461@Verso.com","seq":"37764 REGISTER","request_path":["SIP/2.0/UDP 200.57.7.205:5061;rport"],"response_path":["SIP/2.0/UDP 200.57.7.205:5061;received=200.57.7.205;rport=5061"],"user_agent":"Verso Softphone release 1104w","status_code":200,"status_msg":"OK","request_body_len":0,"response_body_len":0} diff --git a/filebeat/module/zeek/sip/test/sip-json.log-expected.json b/filebeat/module/zeek/sip/test/sip-json.log-expected.json new file mode 100644 index 00000000000..79b38a0717d --- /dev/null +++ b/filebeat/module/zeek/sip/test/sip-json.log-expected.json @@ -0,0 +1,222 @@ +[ + { + "@timestamp": "2013-02-26T22:02:39.055Z", + "destination.address": "74.63.41.218", + "destination.as.number": 29791, + "destination.as.organization.name": "Internap Corporation", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "74.63.41.218", + "destination.port": 5060, + "event.action": "REGISTER", + "event.category": [ + "network" + ], + "event.dataset": "zeek.sip", + "event.id": "CPRLCB4eWHdjP852Bk", + "event.kind": "event", + "event.module": "zeek", + "event.outcome": "failure", + "event.type": [ + "connection", + "protocol", + "error" + ], + "fileset.name": "sip", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:t8Jl0amIXPHemzxKgsLjtkB+ewo=", + "network.protocol": "sip", + "network.transport": "udp", + "related.ip": [ + "172.16.133.19", + "74.63.41.218" + ], + "service.type": "zeek", + "source.address": "172.16.133.19", + "source.ip": "172.16.133.19", + "source.port": 5060, + "tags": [ + "zeek.sip" + ], + "url.full": "sip:newyork.voip.ms:5060", + "zeek.session_id": "CPRLCB4eWHdjP852Bk", + "zeek.sip.call_id": "8694cd7e-976e4fc3-d76f6e38@172.16.133.19", + "zeek.sip.request.body_length": 0, + "zeek.sip.request.from": "\"AppNeta\" ", + "zeek.sip.request.path": [ + "SIP/2.0/UDP 172.16.133.19:5060" + ], + "zeek.sip.request.to": "", + "zeek.sip.response.body_length": 0, + "zeek.sip.response.from": "\"AppNeta\" ", + "zeek.sip.response.path": [ + "SIP/2.0/UDP 172.16.133.19:5060" + ], + "zeek.sip.response.to": ";tag=as023f66a5", + "zeek.sip.sequence.method": "REGISTER", + "zeek.sip.sequence.number": "4127", + "zeek.sip.status.code": 401, + "zeek.sip.status.msg": "Unauthorized", + "zeek.sip.transaction_depth": 0, + "zeek.sip.uri": "sip:newyork.voip.ms:5060", + "zeek.sip.user_agent": "PolycomSoundStationIP-SSIP_5000-UA/3.2.4.0267" + }, + { + "@timestamp": "2005-01-14T17:58:02.965Z", + "destination.address": "200.57.7.195", + "destination.as.number": 18734, + "destination.as.organization.name": "Operbes, S.A. de C.V.", + "destination.geo.city_name": "Mexico City", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "MX", + "destination.geo.location.lat": 19.4357, + "destination.geo.location.lon": -99.1438, + "destination.geo.region_iso_code": "MX-CMX", + "destination.geo.region_name": "Mexico City", + "destination.ip": "200.57.7.195", + "destination.port": 5060, + "event.action": "INVITE", + "event.category": [ + "network" + ], + "event.dataset": "zeek.sip", + "event.id": "ComJz236lSOcuOmix3", + "event.kind": "event", + "event.module": "zeek", + "event.outcome": "success", + "event.type": [ + "connection", + "protocol" + ], + "fileset.name": "sip", + "input.type": "log", + "log.offset": 805, + "network.community_id": "1:U/Makwsc8lm6pVKLfRMzoNTI++0=", + "network.protocol": "sip", + "network.transport": "udp", + "related.ip": [ + "200.57.7.204", + "200.57.7.195" + ], + "service.type": "zeek", + "source.address": "200.57.7.204", + "source.as.number": 18734, + "source.as.organization.name": "Operbes, S.A. de C.V.", + "source.geo.city_name": "Mexico City", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "MX", + "source.geo.location.lat": 19.4357, + "source.geo.location.lon": -99.1438, + "source.geo.region_iso_code": "MX-CMX", + "source.geo.region_name": "Mexico City", + "source.ip": "200.57.7.204", + "source.port": 5061, + "tags": [ + "zeek.sip" + ], + "url.full": "sip:francisco@bestel.com:55060", + "zeek.session_id": "ComJz236lSOcuOmix3", + "zeek.sip.call_id": "12013223@200.57.7.195", + "zeek.sip.request.body_length": 229, + "zeek.sip.request.from": "", + "zeek.sip.request.path": [ + "SIP/2.0/UDP 200.57.7.195", + "SIP/2.0/UDP 200.57.7.195:55061" + ], + "zeek.sip.request.to": "\"francisco@bestel.com\" ", + "zeek.sip.response.body_length": 0, + "zeek.sip.response.from": "", + "zeek.sip.response.path": [ + "SIP/2.0/UDP 200.57.7.195", + "SIP/2.0/UDP 200.57.7.195:55061", + "SIP/2.0/UDP 200.57.7.195", + "SIP/2.0/UDP 200.57.7.195:55061" + ], + "zeek.sip.response.to": "\"francisco@bestel.com\" ;tag=298852044", + "zeek.sip.sequence.method": "INVITE", + "zeek.sip.sequence.number": "1", + "zeek.sip.status.code": 180, + "zeek.sip.status.msg": "Ringing", + "zeek.sip.transaction_depth": 0, + "zeek.sip.uri": "sip:francisco@bestel.com:55060" + }, + { + "@timestamp": "2005-01-14T17:58:07.022Z", + "destination.address": "200.57.7.195", + "destination.as.number": 18734, + "destination.as.organization.name": "Operbes, S.A. de C.V.", + "destination.geo.city_name": "Mexico City", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "MX", + "destination.geo.location.lat": 19.4357, + "destination.geo.location.lon": -99.1438, + "destination.geo.region_iso_code": "MX-CMX", + "destination.geo.region_name": "Mexico City", + "destination.ip": "200.57.7.195", + "destination.port": 5060, + "event.action": "REGISTER", + "event.category": [ + "network" + ], + "event.dataset": "zeek.sip", + "event.id": "CJZDWgixtwqXctWEg", + "event.kind": "event", + "event.module": "zeek", + "event.outcome": "success", + "event.type": [ + "connection", + "protocol" + ], + "fileset.name": "sip", + "input.type": "log", + "log.offset": 1654, + "network.community_id": "1:0hvHF/bh5wFKg7nfRXxsno4F198=", + "network.protocol": "sip", + "network.transport": "udp", + "related.ip": [ + "200.57.7.205", + "200.57.7.195" + ], + "service.type": "zeek", + "source.address": "200.57.7.205", + "source.as.number": 18734, + "source.as.organization.name": "Operbes, S.A. de C.V.", + "source.geo.city_name": "Mexico City", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "MX", + "source.geo.location.lat": 19.4357, + "source.geo.location.lon": -99.1438, + "source.geo.region_iso_code": "MX-CMX", + "source.geo.region_name": "Mexico City", + "source.ip": "200.57.7.205", + "source.port": 5061, + "tags": [ + "zeek.sip" + ], + "url.full": "sip:Verso.com", + "zeek.session_id": "CJZDWgixtwqXctWEg", + "zeek.sip.call_id": "46E1C3CB36304F84A020CF6DD3F96461@Verso.com", + "zeek.sip.request.body_length": 0, + "zeek.sip.request.from": "Ivan ", + "zeek.sip.request.path": [ + "SIP/2.0/UDP 200.57.7.205:5061;rport" + ], + "zeek.sip.request.to": "Ivan ", + "zeek.sip.response.body_length": 0, + "zeek.sip.response.from": "\"Ivan\" ", + "zeek.sip.response.path": [ + "SIP/2.0/UDP 200.57.7.205:5061;received=200.57.7.205;rport=5061" + ], + "zeek.sip.response.to": "\"Ivan\" ", + "zeek.sip.sequence.method": "REGISTER", + "zeek.sip.sequence.number": "37764", + "zeek.sip.status.code": 200, + "zeek.sip.status.msg": "OK", + "zeek.sip.transaction_depth": 0, + "zeek.sip.uri": "sip:Verso.com", + "zeek.sip.user_agent": "Verso Softphone release 1104w" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/smb_cmd/_meta/fields.yml b/filebeat/module/zeek/smb_cmd/_meta/fields.yml new file mode 100644 index 00000000000..820ca0e6d69 --- /dev/null +++ b/filebeat/module/zeek/smb_cmd/_meta/fields.yml @@ -0,0 +1,95 @@ +- name: smb_cmd + type: group + default_field: false + description: > + Fields exported by the Zeek smb_cmd log. + fields: + - name: command + type: keyword + description: | + The command sent by the client. + + - name: sub_command + type: keyword + description: | + The subcommand sent by the client, if present. + + - name: argument + type: keyword + description: | + Command argument sent by the client, if any. + + - name: status + type: keyword + description: | + Server reply to the client's command. + + - name: rtt + type: double + description: | + Round trip time from the request to the response. + + - name: version + type: keyword + description: | + Version of SMB for the command. + + - name: username + type: keyword + description: | + Authenticated username, if available. + + - name: tree + type: keyword + description: | + If this is related to a tree, this is the tree that was used for the current command. + + - name: tree_service + type: keyword + description: | + The type of tree (disk share, printer share, named pipe, etc.). + + - name: file + type: group + description: | + If the command referenced a file, store it here. + fields: + - name: name + type: keyword + description: | + Filename if one was seen. + + - name: action + type: keyword + description: | + Action this log record represents. + + - name: uid + type: keyword + description: | + UID of the referenced file. + + - name: host + type: group + fields: + - name: tx + type: ip + description: | + Address of the transmitting host. + + - name: rx + type: ip + description: | + Address of the receiving host. + + - name: smb1_offered_dialects + type: keyword + description: | + Present if base/protocols/smb/smb1-main.bro is loaded. + Dialects offered by the client. + + - name: smb2_offered_dialects + type: integer + description: | + Present if base/protocols/smb/smb2-main.bro is loaded. + Dialects offered by the client. diff --git a/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml b/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml new file mode 100644 index 00000000000..ada63493d6f --- /dev/null +++ b/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml @@ -0,0 +1,101 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.transport: tcp + network.protocol: smb + +processors: + - rename: + fields: + - from: "json" + to: "zeek.smb_cmd" + + - drop_fields: + fields: + - "zeek.smb_cmd.referenced_file.ts" + - "zeek.smb_cmd.referenced_file.id.orig_p" + - "zeek.smb_cmd.referenced_file.id.resp_p" + - "zeek.smb_cmd.referenced_file.size" + - "zeek.smb_cmd.referenced_file.times.modified" + - "zeek.smb_cmd.referenced_file.times.accessed" + - "zeek.smb_cmd.referenced_file.times.created" + - "zeek.smb_cmd.referenced_file.times.changed" + ignore_missing: true + + - drop_fields: + when: + not: + has_fields: ["zeek.smb_cmd.referenced_file.action"] + fields: + - "zeek.smb_cmd.referenced_file.uid" + - "zeek.smb_cmd.referenced_file.id.orig_h" + - "zeek.smb_cmd.referenced_file.id.resp_h" + ignore_missing: true + + - rename: + fields: + - from: "zeek.smb_cmd.id.orig_h" + to: "source.address" + + - from: "zeek.smb_cmd.id.orig_p" + to: "source.port" + + - from: "zeek.smb_cmd.id.resp_h" + to: "destination.address" + + - from: "zeek.smb_cmd.id.resp_p" + to: "destination.port" + + - from: "zeek.smb_cmd.uid" + to: "zeek.session_id" + + - from: "zeek.smb_cmd.referenced_file.uid" + to: "zeek.smb_cmd.file.uid" + + - from: "zeek.smb_cmd.referenced_file.id.orig_h" + to: "zeek.smb_cmd.file.host.tx" + + - from: "zeek.smb_cmd.referenced_file.id.resp_h" + to: "zeek.smb_cmd.file.host.rx" + + - from: "zeek.smb_cmd.referenced_file.name" + to: "zeek.smb_cmd.file.name" + + - from: "zeek.smb_cmd.referenced_file.path" + to: "zeek.smb_cmd.file.path" + + - from: "zeek.smb_cmd.referenced_file.action" + to: "zeek.smb_cmd.file.action" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + - {from: "zeek.smb_cmd.command", to: "event.action"} + - {from: "zeek.smb_cmd.username", to: "user.name"} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + category: + - network + type: + - connection + - protocol +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/smb_cmd/ingest/pipeline.yml b/filebeat/module/zeek/smb_cmd/ingest/pipeline.yml new file mode 100644 index 00000000000..838e9f2e8bc --- /dev/null +++ b/filebeat/module/zeek/smb_cmd/ingest/pipeline.yml @@ -0,0 +1,82 @@ +description: Pipeline for normalizing Zeek smb_cmd.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.smb_cmd.ts + formats: + - UNIX +- remove: + field: zeek.smb_cmd.ts +- remove: + field: zeek.smb_cmd.referenced_file + ignore_missing: true +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +- append: + field: related.user + value: "{{user.name}}" + if: "ctx?.user?.name != null" +- append: + field: event.type + value: error + if: "ctx?.zeek?.smb_cmd?.status != null && ctx.zeek.smb_cmd.status.toLowerCase() != 'success'" +- set: + field: event.outcome + value: success + if: "ctx?.zeek?.smb_cmd?.status != null && ctx.zeek.smb_cmd.status.toLowerCase() == 'success'" +- set: + field: event.outcome + value: failure + if: "ctx?.zeek?.smb_cmd?.status != null && ctx.zeek.smb_cmd.status.toLowerCase() != 'success'" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/smb_cmd/manifest.yml b/filebeat/module/zeek/smb_cmd/manifest.yml new file mode 100644 index 00000000000..a4ad3a78ce1 --- /dev/null +++ b/filebeat/module/zeek/smb_cmd/manifest.yml @@ -0,0 +1,17 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/smb_cmd.log + os.linux: + - /var/log/bro/current/smb_cmd.log + os.darwin: + - /usr/local/var/logs/current/smb_cmd.log + - name: tags + default: [zeek.smb_cmd] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/smb_cmd.yml diff --git a/filebeat/module/zeek/smb_cmd/test/smb_cmd-json.log b/filebeat/module/zeek/smb_cmd/test/smb_cmd-json.log new file mode 100644 index 00000000000..e27e6c536c9 --- /dev/null +++ b/filebeat/module/zeek/smb_cmd/test/smb_cmd-json.log @@ -0,0 +1 @@ +{"ts":1361916332.020006,"uid":"CbT8mpAXseu6Pt4R7","id.orig_h":"172.16.133.6","id.orig_p":1728,"id.resp_h":"172.16.128.202","id.resp_p":445,"command":"NT_CREATE_ANDX","argument":"\u005cbrowser","status":"SUCCESS","rtt":0.091141,"version":"SMB1","tree":"\u005c\u005cJSRVR20\u005cIPC$","tree_service":"IPC","referenced_file.ts":1361916332.020006,"referenced_file.uid":"CbT8mpAXseu6Pt4R7","referenced_file.id.orig_h":"172.16.133.6","referenced_file.id.orig_p":1728,"referenced_file.id.resp_h":"172.16.128.202","referenced_file.id.resp_p":445,"referenced_file.action":"SMB::FILE_OPEN","referenced_file.name":"\u005cbrowser","referenced_file.size":0} diff --git a/filebeat/module/zeek/smb_cmd/test/smb_cmd-json.log-expected.json b/filebeat/module/zeek/smb_cmd/test/smb_cmd-json.log-expected.json new file mode 100644 index 00000000000..e18caef3fd2 --- /dev/null +++ b/filebeat/module/zeek/smb_cmd/test/smb_cmd-json.log-expected.json @@ -0,0 +1,51 @@ +[ + { + "@timestamp": "2013-02-26T22:05:32.020Z", + "destination.address": "172.16.128.202", + "destination.ip": "172.16.128.202", + "destination.port": 445, + "event.action": "NT_CREATE_ANDX", + "event.category": [ + "network" + ], + "event.dataset": "zeek.smb_cmd", + "event.id": "CbT8mpAXseu6Pt4R7", + "event.kind": "event", + "event.module": "zeek", + "event.outcome": "success", + "event.type": [ + "connection", + "protocol" + ], + "fileset.name": "smb_cmd", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:SJNAD5vtzZuhQjGtfaI8svTnyuw=", + "network.protocol": "smb", + "network.transport": "tcp", + "related.ip": [ + "172.16.133.6", + "172.16.128.202" + ], + "service.type": "zeek", + "source.address": "172.16.133.6", + "source.ip": "172.16.133.6", + "source.port": 1728, + "tags": [ + "zeek.smb_cmd" + ], + "zeek.session_id": "CbT8mpAXseu6Pt4R7", + "zeek.smb_cmd.argument": "\\browser", + "zeek.smb_cmd.command": "NT_CREATE_ANDX", + "zeek.smb_cmd.file.action": "SMB::FILE_OPEN", + "zeek.smb_cmd.file.host.rx": "172.16.128.202", + "zeek.smb_cmd.file.host.tx": "172.16.133.6", + "zeek.smb_cmd.file.name": "\\browser", + "zeek.smb_cmd.file.uid": "CbT8mpAXseu6Pt4R7", + "zeek.smb_cmd.rtt": 0.091141, + "zeek.smb_cmd.status": "SUCCESS", + "zeek.smb_cmd.tree": "\\\\JSRVR20\\IPC$", + "zeek.smb_cmd.tree_service": "IPC", + "zeek.smb_cmd.version": "SMB1" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/smb_files/_meta/fields.yml b/filebeat/module/zeek/smb_files/_meta/fields.yml new file mode 100644 index 00000000000..c41211edc71 --- /dev/null +++ b/filebeat/module/zeek/smb_files/_meta/fields.yml @@ -0,0 +1,65 @@ +- name: smb_files + type: group + default_field: false + description: > + Fields exported by the Zeek SMB Files log. + fields: + - name: action + type: keyword + description: > + Action this log record represents. + + - name: fid + type: integer + description: > + ID referencing this file. + + - name: name + type: keyword + description: > + Filename if one was seen. + + - name: path + type: keyword + description: > + Path pulled from the tree this file was transferred to or from. + + - name: previous_name + type: keyword + description: > + If the rename action was seen, this will be the file's previous name. + + - name: size + type: long + description: > + Byte size of the file. + + - name: times + type: group + description: > + Timestamps of the file. + fields: + - name: accessed + type: date + description: > + The file's access time. + + - name: changed + type: date + description: > + The file's change time. + + - name: created + type: date + description: > + The file's create time. + + - name: modified + type: date + description: > + The file's modify time. + + - name: uuid + type: keyword + description: > + UUID referencing this file if DCE/RPC. diff --git a/filebeat/module/zeek/smb_files/config/smb_files.yml b/filebeat/module/zeek/smb_files/config/smb_files.yml new file mode 100644 index 00000000000..8ab5ee36395 --- /dev/null +++ b/filebeat/module/zeek/smb_files/config/smb_files.yml @@ -0,0 +1,61 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.transport: tcp + network.protocol: smb + +processors: + - rename: + fields: + - from: "json" + to: "zeek.smb_files" + + - from: "zeek.smb_files.id.orig_h" + to: "source.address" + + - from: "zeek.smb_files.id.orig_p" + to: "source.port" + + - from: "zeek.smb_files.id.resp_h" + to: "destination.address" + + - from: "zeek.smb_files.id.resp_p" + to: "destination.port" + + - from: "zeek.smb_files.uid" + to: "zeek.session_id" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + - {from: "zeek.smb_files.action", to: "event.action"} + - {from: "zeek.smb_files.name", to: "file.name"} + - {from: "zeek.smb_files.size", to: "file.size"} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + category: + - network + - file + type: + - connection + - protocol +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/smb_files/ingest/pipeline.yml b/filebeat/module/zeek/smb_files/ingest/pipeline.yml new file mode 100644 index 00000000000..b2c7f52a29b --- /dev/null +++ b/filebeat/module/zeek/smb_files/ingest/pipeline.yml @@ -0,0 +1,135 @@ +description: Pipeline for normalizing Zeek smb_files.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.smb_files.ts + formats: + - UNIX +- remove: + field: zeek.smb_files.ts +- dot_expander: + field: times.accessed + path: zeek.smb_files +- dot_expander: + field: times.changed + path: zeek.smb_files +- dot_expander: + field: times.created + path: zeek.smb_files +- dot_expander: + field: times.modified + path: zeek.smb_files +- date: + field: zeek.smb_files.times.accessed + target_field: zeek.smb_files.times.accessed + formats: + - UNIX + if: ctx.zeek.smb_files.times?.accessed != null +- set: + field: file.accessed + value: "{{zeek.smb_files.times.accessed}}" + if: "ctx?.zeek?.smb_files?.times?.accessed != null" +- date: + field: zeek.smb_files.times.changed + target_field: zeek.smb_files.times.changed + formats: + - UNIX + if: ctx.zeek.smb_files.times?.accessed != null +- set: + field: file.ctime + value: "{{zeek.smb_files.times.changed}}" + if: "ctx?.zeek?.smb_files?.times?.changed != null" +- date: + field: zeek.smb_files.times.created + target_field: zeek.smb_files.times.created + formats: + - UNIX + if: ctx.zeek.smb_files.times?.accessed != null +- set: + field: file.created + value: "{{zeek.smb_files.times.created}}" + if: "ctx?.zeek?.smb_files?.times?.created != null" +- date: + field: zeek.smb_files.times.modified + target_field: zeek.smb_files.times.modified + formats: + - UNIX + if: ctx.zeek.smb_files.times?.accessed != null +- set: + field: file.mtime + value: "{{zeek.smb_files.times.modified}}" + if: "ctx?.zeek?.smb_files?.times?.modified != null" +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +- append: + field: related.user + value: "{{user.name}}" + if: "ctx?.user?.name != null" +- set: + field: file.path + value: "{{zeek.smb_files.path}}\\{{zeek.smb_files.name}}" + if: "ctx?.zeek?.smb_files?.path != null && ctx?.zeek?.smb_files?.name != null" +- append: + field: event.type + value: deletion + if: "ctx?.zeek?.smb_files?.action == 'SMB::FILE_DELETE'" +- append: + field: event.type + value: change + if: "ctx?.zeek?.smb_files?.action == 'SMB::FILE_RENAME' || ctx?.zeek?.smb_files?.action == 'SMB::FILE_SET_ATTRIBUTE'" +- append: + field: event.type + value: info + if: "ctx?.zeek?.smb_files?.action != null && ctx.zeek.smb_files != 'SMB::FILE_DELETE' && ctx.zeek.smb_files != 'SMB::FILE_RENAME' && ctx.zeek.smb_files != 'SMB::FILE_SET_ATTRIBUTE'" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/smb_files/manifest.yml b/filebeat/module/zeek/smb_files/manifest.yml new file mode 100644 index 00000000000..f59a04153a5 --- /dev/null +++ b/filebeat/module/zeek/smb_files/manifest.yml @@ -0,0 +1,17 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/smb_files.log + os.linux: + - /var/log/bro/current/smb_files.log + os.darwin: + - /usr/local/var/logs/current/smb_files.log + - name: tags + default: [zeek.smb_files] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/smb_files.yml diff --git a/filebeat/module/zeek/smb_files/test/smb_files-json.log b/filebeat/module/zeek/smb_files/test/smb_files-json.log new file mode 100644 index 00000000000..b6355ef2f8c --- /dev/null +++ b/filebeat/module/zeek/smb_files/test/smb_files-json.log @@ -0,0 +1 @@ +{"ts":1507565599.576942,"uid":"C9YAaEzWLL62yWMn5","id.orig_h":"192.168.10.31","id.orig_p":49239,"id.resp_h":"192.168.10.30","id.resp_p":445,"action":"SMB::FILE_OPEN","path":"\u005c\u005cadmin-pc\u005cADMIN$","name":"PSEXESVC.exe","size":0,"times.modified":1507565599.607777,"times.accessed":1507565599.607777,"times.created":1507565599.607777,"times.changed":1507565599.607777} diff --git a/filebeat/module/zeek/smb_files/test/smb_files-json.log-expected.json b/filebeat/module/zeek/smb_files/test/smb_files-json.log-expected.json new file mode 100644 index 00000000000..c7d5ab98b78 --- /dev/null +++ b/filebeat/module/zeek/smb_files/test/smb_files-json.log-expected.json @@ -0,0 +1,55 @@ +[ + { + "@timestamp": "2017-10-09T16:13:19.576Z", + "destination.address": "192.168.10.30", + "destination.ip": "192.168.10.30", + "destination.port": 445, + "event.action": "SMB::FILE_OPEN", + "event.category": [ + "network", + "file" + ], + "event.dataset": "zeek.smb_files", + "event.id": "C9YAaEzWLL62yWMn5", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "connection", + "protocol", + "info" + ], + "file.accessed": "2017-10-09T16:13:19.607Z", + "file.created": "2017-10-09T16:13:19.607Z", + "file.ctime": "2017-10-09T16:13:19.607Z", + "file.mtime": "2017-10-09T16:13:19.607Z", + "file.name": "PSEXESVC.exe", + "file.path": "\\\\\\\\admin-pc\\\\ADMIN$\\PSEXESVC.exe", + "file.size": 0, + "fileset.name": "smb_files", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:k308wDxRMx/FIEzeh+YwD86zgoA=", + "network.protocol": "smb", + "network.transport": "tcp", + "related.ip": [ + "192.168.10.31", + "192.168.10.30" + ], + "service.type": "zeek", + "source.address": "192.168.10.31", + "source.ip": "192.168.10.31", + "source.port": 49239, + "tags": [ + "zeek.smb_files" + ], + "zeek.session_id": "C9YAaEzWLL62yWMn5", + "zeek.smb_files.action": "SMB::FILE_OPEN", + "zeek.smb_files.name": "PSEXESVC.exe", + "zeek.smb_files.path": "\\\\admin-pc\\ADMIN$", + "zeek.smb_files.size": 0, + "zeek.smb_files.times.accessed": "2017-10-09T16:13:19.607Z", + "zeek.smb_files.times.changed": "2017-10-09T16:13:19.607Z", + "zeek.smb_files.times.created": "2017-10-09T16:13:19.607Z", + "zeek.smb_files.times.modified": "2017-10-09T16:13:19.607Z" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/smb_mapping/_meta/fields.yml b/filebeat/module/zeek/smb_mapping/_meta/fields.yml new file mode 100644 index 00000000000..64ffaadb848 --- /dev/null +++ b/filebeat/module/zeek/smb_mapping/_meta/fields.yml @@ -0,0 +1,26 @@ +- name: smb_mapping + type: group + default_field: false + description: > + Fields exported by the Zeek SMB_Mapping log. + fields: + - name: path + type: keyword + description: > + Name of the tree path. + + - name: service + type: keyword + description: > + The type of resource of the tree (disk share, printer share, named pipe, etc.). + + - name: native_file_system + type: keyword + description: > + File system of the tree. + + - name: share_type + type: keyword + description: | + If this is SMB2, a share type will be included. For SMB1, the type of share + will be deduced and included as well. diff --git a/filebeat/module/zeek/smb_mapping/config/smb_mapping.yml b/filebeat/module/zeek/smb_mapping/config/smb_mapping.yml new file mode 100644 index 00000000000..0d0934c62c8 --- /dev/null +++ b/filebeat/module/zeek/smb_mapping/config/smb_mapping.yml @@ -0,0 +1,57 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.transport: tcp + network.protocol: smb + +processors: + - rename: + fields: + - from: "json" + to: "zeek.smb_mapping" + + - from: "zeek.smb_mapping.id.orig_h" + to: "source.address" + + - from: "zeek.smb_mapping.id.orig_p" + to: "source.port" + + - from: "zeek.smb_mapping.id.resp_h" + to: "destination.address" + + - from: "zeek.smb_mapping.id.resp_p" + to: "destination.port" + + - from: "zeek.smb_mapping.uid" + to: "zeek.session_id" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + category: + - network + type: + - connection + - protocol +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/smb_mapping/ingest/pipeline.yml b/filebeat/module/zeek/smb_mapping/ingest/pipeline.yml new file mode 100644 index 00000000000..b5752120267 --- /dev/null +++ b/filebeat/module/zeek/smb_mapping/ingest/pipeline.yml @@ -0,0 +1,63 @@ +description: Pipeline for normalizing Zeek smb_mapping.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.smb_mapping.ts + formats: + - UNIX +- remove: + field: zeek.smb_mapping.ts +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/smb_mapping/manifest.yml b/filebeat/module/zeek/smb_mapping/manifest.yml new file mode 100644 index 00000000000..7382e529b27 --- /dev/null +++ b/filebeat/module/zeek/smb_mapping/manifest.yml @@ -0,0 +1,17 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/smb_mapping.log + os.linux: + - /var/log/bro/current/smb_mapping.log + os.darwin: + - /usr/local/var/logs/current/smb_mapping.log + - name: tags + default: [zeek.smb_mapping] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/smb_mapping.yml diff --git a/filebeat/module/zeek/smb_mapping/test/smb_mapping-json.log b/filebeat/module/zeek/smb_mapping/test/smb_mapping-json.log new file mode 100644 index 00000000000..c1e78940093 --- /dev/null +++ b/filebeat/module/zeek/smb_mapping/test/smb_mapping-json.log @@ -0,0 +1 @@ +{"ts":1507565599.576613,"uid":"C9YAaEzWLL62yWMn5","id.orig_h":"192.168.10.31","id.orig_p":49239,"id.resp_h":"192.168.10.30","id.resp_p":445,"path":"\u005c\u005cadmin-pc\u005cADMIN$","share_type":"DISK"} diff --git a/filebeat/module/zeek/smb_mapping/test/smb_mapping-json.log-expected.json b/filebeat/module/zeek/smb_mapping/test/smb_mapping-json.log-expected.json new file mode 100644 index 00000000000..71efd1e51ac --- /dev/null +++ b/filebeat/module/zeek/smb_mapping/test/smb_mapping-json.log-expected.json @@ -0,0 +1,39 @@ +[ + { + "@timestamp": "2017-10-09T16:13:19.576Z", + "destination.address": "192.168.10.30", + "destination.ip": "192.168.10.30", + "destination.port": 445, + "event.category": [ + "network" + ], + "event.dataset": "zeek.smb_mapping", + "event.id": "C9YAaEzWLL62yWMn5", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "connection", + "protocol" + ], + "fileset.name": "smb_mapping", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:k308wDxRMx/FIEzeh+YwD86zgoA=", + "network.protocol": "smb", + "network.transport": "tcp", + "related.ip": [ + "192.168.10.31", + "192.168.10.30" + ], + "service.type": "zeek", + "source.address": "192.168.10.31", + "source.ip": "192.168.10.31", + "source.port": 49239, + "tags": [ + "zeek.smb_mapping" + ], + "zeek.session_id": "C9YAaEzWLL62yWMn5", + "zeek.smb_mapping.path": "\\\\admin-pc\\ADMIN$", + "zeek.smb_mapping.share_type": "DISK" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/smtp/_meta/fields.yml b/filebeat/module/zeek/smtp/_meta/fields.yml new file mode 100644 index 00000000000..48894bf04a1 --- /dev/null +++ b/filebeat/module/zeek/smtp/_meta/fields.yml @@ -0,0 +1,121 @@ +- name: smtp + type: group + default_field: false + description: > + Fields exported by the Zeek SMTP log. + fields: + - name: transaction_depth + type: integer + description: > + A count to represent the depth of this message transaction in a single connection where multiple messages were transferred. + + - name: helo + type: keyword + description: > + Contents of the Helo header. + + - name: mail_from + type: keyword + description: > + Email addresses found in the MAIL FROM header. + + - name: rcpt_to + type: keyword + description: > + Email addresses found in the RCPT TO header. + + - name: date + type: date + description: > + Contents of the Date header. + + - name: from + type: keyword + description: > + Contents of the From header. + + - name: to + type: keyword + description: > + Contents of the To header. + + - name: cc + type: keyword + description: > + Contents of the CC header. + + - name: reply_to + type: keyword + description: > + Contents of the ReplyTo header. + + - name: msg_id + type: keyword + description: > + Contents of the MsgID header. + + - name: in_reply_to + type: keyword + description: > + Contents of the In-Reply-To header. + + - name: subject + type: keyword + description: > + Contents of the Subject header. + + - name: x_originating_ip + type: keyword + description: > + Contents of the X-Originating-IP header. + + - name: first_received + type: keyword + description: | + Contents of the first Received header. + + - name: second_received + type: keyword + description: | + Contents of the second Received header. + + - name: last_reply + type: keyword + description: | + The last message that the server sent to the client. + + - name: path + type: ip + description: | + The message transmission path, as extracted from the headers. + + - name: user_agent + type: keyword + description: | + Value of the User-Agent header from the client. + + - name: tls + type: boolean + description: | + Indicates that the connection has switched to using TLS. + + - name: process_received_from + type: boolean + description: | + Indicates if the "Received: from" headers should still be processed. + + - name: has_client_activity + type: boolean + description: | + Indicates if client activity has been seen, but not yet logged. + + - name: fuids + type: keyword + description: | + (present if base/protocols/smtp/files.bro is loaded) + An ordered vector of file unique IDs seen attached to the message. + + - name: is_webmail + type: boolean + description: | + Indicates if the message was sent through a webmail interface. diff --git a/filebeat/module/zeek/smtp/config/smtp.yml b/filebeat/module/zeek/smtp/config/smtp.yml new file mode 100644 index 00000000000..fc8c3b0074f --- /dev/null +++ b/filebeat/module/zeek/smtp/config/smtp.yml @@ -0,0 +1,67 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.transport: tcp + network.protocol: smtp + +processors: + - rename: + fields: + - from: "json" + to: "zeek.smtp" + + - from: "zeek.smtp.id.orig_h" + to: "source.address" + + - from: "zeek.smtp.id.orig_p" + to: "source.port" + + - from: "zeek.smtp.id.resp_h" + to: "destination.address" + + - from: "zeek.smtp.id.resp_p" + to: "destination.port" + + - from: "zeek.smtp.uid" + to: "zeek.session_id" + + - from: "zeek.smtp.trans_depth" + to: "zeek.smtp.transaction_depth" + + - from: "zeek.smtp.mailfrom" + to: "zeek.smtp.mail_from" + + - from: "zeek.smtp.rcptto" + to: "zeek.smtp.rcpt_to" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + - {from: "zeek.smtp.tls", to: "tls.established", type: boolean} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + category: + - network + type: + - connection + - protocol +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/smtp/ingest/pipeline.yml b/filebeat/module/zeek/smtp/ingest/pipeline.yml new file mode 100644 index 00000000000..4424d3674ff --- /dev/null +++ b/filebeat/module/zeek/smtp/ingest/pipeline.yml @@ -0,0 +1,69 @@ +description: Pipeline for normalizing Zeek smtp.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.smtp.ts + formats: + - UNIX +- remove: + field: zeek.smtp.ts +- date: + field: zeek.smtp.date + target_field: zeek.smtp.date + formats: + - EEE, d MMM yyyy HH:mm:ss Z + if: ctx.zeek.smtp.date != null +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/smtp/manifest.yml b/filebeat/module/zeek/smtp/manifest.yml new file mode 100644 index 00000000000..6d69b3b5e3e --- /dev/null +++ b/filebeat/module/zeek/smtp/manifest.yml @@ -0,0 +1,17 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/smtp.log + os.linux: + - /var/log/bro/current/smtp.log + os.darwin: + - /usr/local/var/logs/current/smtp.log + - name: tags + default: [zeek.smtp] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/smtp.yml diff --git a/filebeat/module/zeek/smtp/test/smtp-json.log b/filebeat/module/zeek/smtp/test/smtp-json.log new file mode 100644 index 00000000000..d0265fa56c4 --- /dev/null +++ b/filebeat/module/zeek/smtp/test/smtp-json.log @@ -0,0 +1 @@ +{"ts":1543877987.381899,"uid":"CWWzPB3RjqhFf528c","id.orig_h":"192.168.1.10","id.orig_p":33782,"id.resp_h":"192.168.1.9","id.resp_p":25,"trans_depth":1,"helo":"EXAMPLE.COM","last_reply":"220 2.0.0 SMTP server ready","path":["192.168.1.9"],"tls":true,"fuids":[],"is_webmail":false} diff --git a/filebeat/module/zeek/smtp/test/smtp-json.log-expected.json b/filebeat/module/zeek/smtp/test/smtp-json.log-expected.json new file mode 100644 index 00000000000..61e1be27bf6 --- /dev/null +++ b/filebeat/module/zeek/smtp/test/smtp-json.log-expected.json @@ -0,0 +1,47 @@ +[ + { + "@timestamp": "2018-12-03T22:59:47.381Z", + "destination.address": "192.168.1.9", + "destination.ip": "192.168.1.9", + "destination.port": 25, + "event.category": [ + "network" + ], + "event.dataset": "zeek.smtp", + "event.id": "CWWzPB3RjqhFf528c", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "connection", + "protocol" + ], + "fileset.name": "smtp", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:38H0puTqOoHT/5r2bKFUVSXifQw=", + "network.protocol": "smtp", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.10", + "192.168.1.9" + ], + "service.type": "zeek", + "source.address": "192.168.1.10", + "source.ip": "192.168.1.10", + "source.port": 33782, + "tags": [ + "zeek.smtp" + ], + "tls.established": true, + "zeek.session_id": "CWWzPB3RjqhFf528c", + "zeek.smtp.fuids": [], + "zeek.smtp.helo": "EXAMPLE.COM", + "zeek.smtp.is_webmail": false, + "zeek.smtp.last_reply": "220 2.0.0 SMTP server ready", + "zeek.smtp.path": [ + "192.168.1.9" + ], + "zeek.smtp.tls": true, + "zeek.smtp.transaction_depth": 1 + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/snmp/_meta/fields.yml b/filebeat/module/zeek/snmp/_meta/fields.yml new file mode 100644 index 00000000000..0ec5b677d24 --- /dev/null +++ b/filebeat/module/zeek/snmp/_meta/fields.yml @@ -0,0 +1,56 @@ +- name: snmp + type: group + default_field: false + description: > + Fields exported by the Zeek SNMP log. + fields: + - name: duration + type: double + description: > + The amount of time between the first packet beloning to the SNMP session and the latest one seen. + + - name: version + type: keyword + description: > + The version of SNMP being used. + + - name: community + type: keyword + description: > + The community string of the first SNMP packet associated with the session. This is used as part of SNMP's (v1 and v2c) administrative/security framework. See RFC 1157 or RFC 1901. + + - name: get + type: group + fields: + - name: requests + type: integer + description: > + The number of variable bindings in GetRequest/GetNextRequest PDUs seen for the session. + + - name: bulk_requests + type: integer + description: > + The number of variable bindings in GetBulkRequest PDUs seen for the session. + + - name: responses + type: integer + description: > + The number of variable bindings in GetResponse/Response PDUs seen for the session. + + - name: set + type: group + fields: + - name: requests + type: integer + description: > + The number of variable bindings in SetRequest PDUs seen for the session. + + - name: display_string + type: keyword + description: > + A system description of the SNMP responder endpoint. + + - name: up_since + type: date + description: > + The time at which the SNMP responder endpoint claims it's been up since. diff --git a/filebeat/module/zeek/snmp/config/snmp.yml b/filebeat/module/zeek/snmp/config/snmp.yml new file mode 100644 index 00000000000..3431a990e0f --- /dev/null +++ b/filebeat/module/zeek/snmp/config/snmp.yml @@ -0,0 +1,69 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.transport: udp + network.protocol: snmp + +processors: + - rename: + fields: + - from: "json" + to: "zeek.snmp" + + - from: "zeek.snmp.id.orig_h" + to: "source.address" + + - from: "zeek.snmp.id.orig_p" + to: "source.port" + + - from: "zeek.snmp.id.resp_h" + to: "destination.address" + + - from: "zeek.snmp.id.resp_p" + to: "destination.port" + + - from: "zeek.snmp.uid" + to: "event.id" + + - from: "zeek.snmp.get_requests" + to: "zeek.snmp.get.requests" + + - from: "zeek.snmp.get_bulk_requests" + to: "zeek.snmp.get.bulk_requests" + + - from: "zeek.snmp.get_responses" + to: "zeek.snmp.get.responses" + + - from: "zeek.snmp.set_requests" + to: "zeek.snmp.set.requests" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + category: + - network + type: + - connection + - protocol +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/snmp/ingest/pipeline.yml b/filebeat/module/zeek/snmp/ingest/pipeline.yml new file mode 100644 index 00000000000..f0070ef790d --- /dev/null +++ b/filebeat/module/zeek/snmp/ingest/pipeline.yml @@ -0,0 +1,69 @@ +description: Pipeline for normalizing Zeek snmp.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.snmp.ts + formats: + - UNIX +- remove: + field: zeek.snmp.ts +- date: + field: zeek.snmp.up_since + target_field: zeek.snmp.up_since + formats: + - UNIX + if: ctx.zeek.snmp.up_since != null +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/snmp/manifest.yml b/filebeat/module/zeek/snmp/manifest.yml new file mode 100644 index 00000000000..b980b6fb82e --- /dev/null +++ b/filebeat/module/zeek/snmp/manifest.yml @@ -0,0 +1,17 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/snmp.log + os.linux: + - /var/log/bro/current/snmp.log + os.darwin: + - /usr/local/var/logs/current/snmp.log + - name: tags + default: [zeek.snmp] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/snmp.yml diff --git a/filebeat/module/zeek/snmp/test/snmp-json.log b/filebeat/module/zeek/snmp/test/snmp-json.log new file mode 100644 index 00000000000..95b6d578537 --- /dev/null +++ b/filebeat/module/zeek/snmp/test/snmp-json.log @@ -0,0 +1 @@ +{"ts":1543877948.916584,"uid":"CnKW1B4w9fpRa6Nkf2","id.orig_h":"192.168.1.2","id.orig_p":59696,"id.resp_h":"192.168.1.1","id.resp_p":161,"duration":7.849924,"version":"2c","community":"public","get_requests":0,"get_bulk_requests":0,"get_responses":8,"set_requests":0,"up_since":1543631204.766508} diff --git a/filebeat/module/zeek/snmp/test/snmp-json.log-expected.json b/filebeat/module/zeek/snmp/test/snmp-json.log-expected.json new file mode 100644 index 00000000000..65345db7957 --- /dev/null +++ b/filebeat/module/zeek/snmp/test/snmp-json.log-expected.json @@ -0,0 +1,44 @@ +[ + { + "@timestamp": "2018-12-03T22:59:08.916Z", + "destination.address": "192.168.1.1", + "destination.ip": "192.168.1.1", + "destination.port": 161, + "event.category": [ + "network" + ], + "event.dataset": "zeek.snmp", + "event.id": "CnKW1B4w9fpRa6Nkf2", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "connection", + "protocol" + ], + "fileset.name": "snmp", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:X15ey/8/tEH+tlelK6P+GfgwBPc=", + "network.protocol": "snmp", + "network.transport": "udp", + "related.ip": [ + "192.168.1.2", + "192.168.1.1" + ], + "service.type": "zeek", + "source.address": "192.168.1.2", + "source.ip": "192.168.1.2", + "source.port": 59696, + "tags": [ + "zeek.snmp" + ], + "zeek.snmp.community": "public", + "zeek.snmp.duration": 7.849924, + "zeek.snmp.get.bulk_requests": 0, + "zeek.snmp.get.requests": 0, + "zeek.snmp.get.responses": 8, + "zeek.snmp.set.requests": 0, + "zeek.snmp.up_since": "2018-12-01T02:26:44.766Z", + "zeek.snmp.version": "2c" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/socks/_meta/fields.yml b/filebeat/module/zeek/socks/_meta/fields.yml new file mode 100644 index 00000000000..31e80f4990a --- /dev/null +++ b/filebeat/module/zeek/socks/_meta/fields.yml @@ -0,0 +1,56 @@ +- name: socks + type: group + default_field: false + description: > + Fields exported by the Zeek SOCKS log. + fields: + - name: version + type: integer + description: | + Protocol version of SOCKS. + + - name: user + type: keyword + description: | + Username used to request a login to the proxy. + + - name: password + type: keyword + description: | + Password used to request a login to the proxy. + + - name: status + type: keyword + description: | + Server status for the attempt at using the proxy. + + - name: request + type: group + fields: + - name: host + type: keyword + description: | + Client requested SOCKS address. Could be an address, a name or both. + + - name: port + type: integer + description: | + Client requested port. + + - name: bound + type: group + fields: + - name: host + type: keyword + description: | + Server bound address. Could be an address, a name or both. + + - name: port + type: integer + description: | + Server bound port. + + - name: capture_password + type: boolean + description: | + Determines if the password will be captured for this request. diff --git a/filebeat/module/zeek/socks/config/socks.yml b/filebeat/module/zeek/socks/config/socks.yml new file mode 100644 index 00000000000..ddbcd51d0b0 --- /dev/null +++ b/filebeat/module/zeek/socks/config/socks.yml @@ -0,0 +1,67 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.transport: tcp + network.protocol: socks + +processors: + - rename: + fields: + - from: "json" + to: "zeek.socks" + + - from: "zeek.socks.id.orig_h" + to: "source.address" + + - from: "zeek.socks.id.orig_p" + to: "source.port" + + - from: "zeek.socks.id.resp_h" + to: "destination.address" + + - from: "zeek.socks.id.resp_p" + to: "destination.port" + + - from: "zeek.socks.uid" + to: "zeek.session_id" + + - from: "zeek.socks.request.name" + to: "zeek.socks.request.host" + + - from: "zeek.socks.request_p" + to: "zeek.socks.request.port" + + - from: "zeek.socks.bound_p" + to: "zeek.socks.bound.port" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + - {from: "zeek.socks.user", to: "user.name"} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + category: + - network + type: + - connection + - protocol +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/socks/ingest/pipeline.yml b/filebeat/module/zeek/socks/ingest/pipeline.yml new file mode 100644 index 00000000000..04a84b13177 --- /dev/null +++ b/filebeat/module/zeek/socks/ingest/pipeline.yml @@ -0,0 +1,82 @@ +description: Pipeline for normalizing Zeek socks.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.socks.ts + formats: + - UNIX +- remove: + field: zeek.socks.ts +- dot_expander: + field: bound.host + path: zeek.socks +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +- append: + field: related.user + value: "{{user.name}}" + if: "ctx?.user?.name != null" +- append: + field: event.type + value: error + if: "ctx?.zeek?.socks?.status != null && ctx.zeek.socks.status != 'succeeded'" +- append: + field: event.outcome + value: success + if: "ctx?.zeek?.socks?.status != null && ctx.zeek.socks.status == 'succeeded'" +- append: + field: event.outcome + value: failure + if: "ctx?.zeek?.socks?.status != null && ctx.zeek.socks.status != 'succeeded'" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/socks/manifest.yml b/filebeat/module/zeek/socks/manifest.yml new file mode 100644 index 00000000000..68fea837fde --- /dev/null +++ b/filebeat/module/zeek/socks/manifest.yml @@ -0,0 +1,17 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/socks.log + os.linux: + - /var/log/bro/current/socks.log + os.darwin: + - /usr/local/var/logs/current/socks.log + - name: tags + default: [zeek.socks] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/socks.yml diff --git a/filebeat/module/zeek/socks/test/socks-json.log b/filebeat/module/zeek/socks/test/socks-json.log new file mode 100644 index 00000000000..3b011d7b7c3 --- /dev/null +++ b/filebeat/module/zeek/socks/test/socks-json.log @@ -0,0 +1 @@ +{"ts":1566508093.09494,"uid":"Cmz4Cb4qCw1hGqYw1c","id.orig_h":"127.0.0.1","id.orig_p":35368,"id.resp_h":"127.0.0.1","id.resp_p":8080,"version":5,"status":"succeeded","request.name":"www.google.com","request_p":443,"bound.host":"0.0.0.0","bound_p":0} diff --git a/filebeat/module/zeek/socks/test/socks-json.log-expected.json b/filebeat/module/zeek/socks/test/socks-json.log-expected.json new file mode 100644 index 00000000000..c8172d23d1a --- /dev/null +++ b/filebeat/module/zeek/socks/test/socks-json.log-expected.json @@ -0,0 +1,46 @@ +[ + { + "@timestamp": "2019-08-22T21:08:13.094Z", + "destination.address": "127.0.0.1", + "destination.ip": "127.0.0.1", + "destination.port": 8080, + "event.category": [ + "network" + ], + "event.dataset": "zeek.socks", + "event.id": "Cmz4Cb4qCw1hGqYw1c", + "event.kind": "event", + "event.module": "zeek", + "event.outcome": [ + "success" + ], + "event.type": [ + "connection", + "protocol" + ], + "fileset.name": "socks", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:1Hp/o0hOC62lAwrV+a0ZKDE3rrs=", + "network.protocol": "socks", + "network.transport": "tcp", + "related.ip": [ + "127.0.0.1", + "127.0.0.1" + ], + "service.type": "zeek", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "source.port": 35368, + "tags": [ + "zeek.socks" + ], + "zeek.session_id": "Cmz4Cb4qCw1hGqYw1c", + "zeek.socks.bound.host": "0.0.0.0", + "zeek.socks.bound.port": 0, + "zeek.socks.request.host": "www.google.com", + "zeek.socks.request.port": 443, + "zeek.socks.status": "succeeded", + "zeek.socks.version": 5 + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/ssh/_meta/fields.yml b/filebeat/module/zeek/ssh/_meta/fields.yml new file mode 100644 index 00000000000..5097e8769c5 --- /dev/null +++ b/filebeat/module/zeek/ssh/_meta/fields.yml @@ -0,0 +1,78 @@ +- name: ssh + type: group + default_field: false + description: > + Fields exported by the Zeek SSH log. + fields: + - name: client + type: keyword + description: > + The client's version string. + + - name: direction + type: keyword + description: | + Direction of the connection. If the client was a local host logging into + an external host, this would be OUTBOUND. INBOUND would be set for the + opposite situation. + + - name: host_key + type: keyword + description: > + The server's key thumbprint. + + - name: server + type: keyword + description: > + The server's version string. + + - name: version + type: integer + description: > + SSH major version (1 or 2). + + - name: algorithm + type: group + description: > + Cipher algorithms used in this session. + fields: + - name: cipher + type: keyword + description: > + The encryption algorithm in use. + + - name: compression + type: keyword + description: > + The compression algorithm in use. + + - name: host_key + type: keyword + description: > + The server host key's algorithm. + + - name: key_exchange + type: keyword + description: > + The key exchange algorithm in use. + + - name: mac + type: keyword + description: > + The signing (MAC) algorithm in use. + + - name: auth + type: group + fields: + - name: attempts + type: integer + description: | + The number of authentication attemps we observed. There's always at + least one, since some servers might support no authentication at all. + It's important to note that not all of these are failures, since some + servers require two-factor auth (e.g. password AND pubkey). + + - name: success + type: boolean + description: > + Authentication result. diff --git a/filebeat/module/zeek/ssh/config/ssh.yml b/filebeat/module/zeek/ssh/config/ssh.yml new file mode 100644 index 00000000000..e33f4e0e29e --- /dev/null +++ b/filebeat/module/zeek/ssh/config/ssh.yml @@ -0,0 +1,76 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.transport: tcp + network.protocol: ssh + +processors: + - rename: + fields: + - from: "json" + to: "zeek.ssh" + + - from: "zeek.ssh.id.orig_h" + to: "source.address" + + - from: "zeek.ssh.id.orig_p" + to: "source.port" + + - from: "zeek.ssh.id.resp_h" + to: "destination.address" + + - from: "zeek.ssh.id.resp_p" + to: "destination.port" + + - from: "zeek.ssh.uid" + to: "zeek.session_id" + + - from: "zeek.ssh.auth_attempts" + to: "zeek.ssh.auth.attempts" + + - from: "zeek.ssh.auth_success" + to: "zeek.ssh.auth.success" + + - from: "zeek.ssh.cipher_alg" + to: "zeek.ssh.algorithm.cipher" + + - from: "zeek.ssh.mac_alg" + to: "zeek.ssh.algorithm.mac" + + - from: "zeek.ssh.compression_alg" + to: "zeek.ssh.algorithm.compression" + + - from: "zeek.ssh.kex_alg" + to: "zeek.ssh.algorithm.key_exchange" + + - from: "zeek.ssh.host_key_alg" + to: "zeek.ssh.algorithm.host_key" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + - add_fields: + target: event + fields: + kind: event + category: + - network + type: + - connection + - protocol +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/ssh/ingest/pipeline.yml b/filebeat/module/zeek/ssh/ingest/pipeline.yml new file mode 100644 index 00000000000..019a44b89e0 --- /dev/null +++ b/filebeat/module/zeek/ssh/ingest/pipeline.yml @@ -0,0 +1,71 @@ +description: Pipeline for normalizing Zeek ssh.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.ssh.ts + formats: + - UNIX +- remove: + field: zeek.ssh.ts +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +- set: + field: event.outcome + value: failure + if: "ctx?.zeek?.ssh?.auth?.success != null && ctx.zeek.ssh.auth.success == false" +- set: + field: event.outcome + value: success + if: "ctx?.zeek?.ssh?.auth?.success != null && ctx.zeek.ssh.auth.success == true" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/ssh/manifest.yml b/filebeat/module/zeek/ssh/manifest.yml new file mode 100644 index 00000000000..60249e25c21 --- /dev/null +++ b/filebeat/module/zeek/ssh/manifest.yml @@ -0,0 +1,17 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/ssh.log + os.linux: + - /var/log/bro/current/ssh.log + os.darwin: + - /usr/local/var/logs/current/ssh.log + - name: tags + default: [zeek.ssh] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/ssh.yml diff --git a/filebeat/module/zeek/ssh/test/ssh-json.log b/filebeat/module/zeek/ssh/test/ssh-json.log new file mode 100644 index 00000000000..423c5d41f8e --- /dev/null +++ b/filebeat/module/zeek/ssh/test/ssh-json.log @@ -0,0 +1 @@ +{"ts":1562527532.904291,"uid":"CajWfz1b3qnnWT0BU9","id.orig_h":"192.168.1.2","id.orig_p":48380,"id.resp_h":"192.168.1.1","id.resp_p":22,"version":2,"auth_success":false,"auth_attempts":2,"client":"SSH-2.0-OpenSSH_7.9p1 Ubuntu-10","server":"SSH-2.0-OpenSSH_6.6.1p1 Debian-4~bpo70+1","cipher_alg":"chacha20-poly1305@openssh.com","mac_alg":"umac-64-etm@openssh.com","compression_alg":"none","kex_alg":"curve25519-sha256@libssh.org","host_key_alg":"ecdsa-sha2-nistp256","host_key":"86:71:ac:9c:35:1c:28:29:05:81:48:ec:66:67:de:bd"} diff --git a/filebeat/module/zeek/ssh/test/ssh-json.log-expected.json b/filebeat/module/zeek/ssh/test/ssh-json.log-expected.json new file mode 100644 index 00000000000..343aa7392e5 --- /dev/null +++ b/filebeat/module/zeek/ssh/test/ssh-json.log-expected.json @@ -0,0 +1,49 @@ +[ + { + "@timestamp": "2019-07-07T19:25:32.904Z", + "destination.address": "192.168.1.1", + "destination.ip": "192.168.1.1", + "destination.port": 22, + "event.category": [ + "network" + ], + "event.dataset": "zeek.ssh", + "event.id": "CajWfz1b3qnnWT0BU9", + "event.kind": "event", + "event.module": "zeek", + "event.outcome": "failure", + "event.type": [ + "connection", + "protocol" + ], + "fileset.name": "ssh", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:42tg9bemt74qgrdvJOy2n5Veg4A=", + "network.protocol": "ssh", + "network.transport": "tcp", + "related.ip": [ + "192.168.1.2", + "192.168.1.1" + ], + "service.type": "zeek", + "source.address": "192.168.1.2", + "source.ip": "192.168.1.2", + "source.port": 48380, + "tags": [ + "zeek.ssh" + ], + "zeek.session_id": "CajWfz1b3qnnWT0BU9", + "zeek.ssh.algorithm.cipher": "chacha20-poly1305@openssh.com", + "zeek.ssh.algorithm.compression": "none", + "zeek.ssh.algorithm.host_key": "ecdsa-sha2-nistp256", + "zeek.ssh.algorithm.key_exchange": "curve25519-sha256@libssh.org", + "zeek.ssh.algorithm.mac": "umac-64-etm@openssh.com", + "zeek.ssh.auth.attempts": 2, + "zeek.ssh.auth.success": false, + "zeek.ssh.client": "SSH-2.0-OpenSSH_7.9p1 Ubuntu-10", + "zeek.ssh.host_key": "86:71:ac:9c:35:1c:28:29:05:81:48:ec:66:67:de:bd", + "zeek.ssh.server": "SSH-2.0-OpenSSH_6.6.1p1 Debian-4~bpo70+1", + "zeek.ssh.version": 2 + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/ssl/_meta/fields.yml b/filebeat/module/zeek/ssl/_meta/fields.yml new file mode 100644 index 00000000000..604c9ab6f4d --- /dev/null +++ b/filebeat/module/zeek/ssl/_meta/fields.yml @@ -0,0 +1,226 @@ +- name: ssl + type: group + default_field: false + description: > + Fields exported by the Zeek SSL log. + fields: + - name: version + type: keyword + description: > + SSL/TLS version that was logged. + + - name: cipher + type: keyword + description: > + SSL/TLS cipher suite that was logged. + + - name: curve + type: keyword + description: > + Elliptic curve that was logged when using ECDH/ECDHE. + + - name: resumed + type: boolean + description: | + Flag to indicate if the session was resumed reusing the key material exchanged in an + earlier connection. + + - name: next_protocol + type: keyword + description: > + Next protocol the server chose using the application layer next protocol extension. + + - name: established + type: boolean + description: > + Flag to indicate if this ssl session has been established successfully. + + - name: validation + type: group + fields: + - name: status + type: keyword + description: > + Result of certificate validation for this connection. + + - name: code + type: keyword + description: > + Result of certificate validation for this connection, given as OpenSSL validation code. + + - name: last_alert + type: keyword + description: > + Last alert that was seen during the connection. + + - name: server + type: group + fields: + - name: name + type: keyword + description: | + Value of the Server Name Indicator SSL/TLS extension. It indicates the server name + that the client was requesting. + + - name: cert_chain + type: keyword + description: > + Chain of certificates offered by the server to validate its complete signing chain. + + - name: cert_chain_fuids + type: keyword + description: > + An ordered vector of certificate file identifiers for the certificates offered by the server. + + - name: issuer + type: group + description: > + Subject of the signer of the X.509 certificate offered by the server. + fields: + - name: common_name + type: keyword + description: > + Common name of the signer of the X.509 certificate offered by the server. + + - name: country + type: keyword + description: > + Country code of the signer of the X.509 certificate offered by the server. + + - name: locality + type: keyword + description: > + Locality of the signer of the X.509 certificate offered by the server. + + - name: organization + type: keyword + description: > + Organization of the signer of the X.509 certificate offered by the server. + + - name: organizational_unit + type: keyword + description: > + Organizational unit of the signer of the X.509 certificate offered by the server. + + - name: state + type: keyword + description: > + State or province name of the signer of the X.509 certificate offered by the server. + + - name: subject + type: group + description: > + Subject of the X.509 certificate offered by the server. + fields: + - name: common_name + type: keyword + description: > + Common name of the X.509 certificate offered by the server. + + - name: country + type: keyword + description: > + Country code of the X.509 certificate offered by the server. + + - name: locality + type: keyword + description: > + Locality of the X.509 certificate offered by the server. + + - name: organization + type: keyword + description: > + Organization of the X.509 certificate offered by the server. + + - name: organizational_unit + type: keyword + description: > + Organizational unit of the X.509 certificate offered by the server. + + - name: state + type: keyword + description: > + State or province name of the X.509 certificate offered by the server. + + - name: client + type: group + fields: + - name: cert_chain + type: keyword + description: > + Chain of certificates offered by the client to validate its complete signing chain. + + - name: cert_chain_fuids + type: keyword + description: > + An ordered vector of certificate file identifiers for the certificates offered by the client. + + - name: issuer + type: group + description: > + Subject of the signer of the X.509 certificate offered by the client. + fields: + - name: common_name + type: keyword + description: > + Common name of the signer of the X.509 certificate offered by the client. + + - name: country + type: keyword + description: > + Country code of the signer of the X.509 certificate offered by the client. + + - name: locality + type: keyword + description: > + Locality of the signer of the X.509 certificate offered by the client. + + - name: organization + type: keyword + description: > + Organization of the signer of the X.509 certificate offered by the client. + + - name: organizational_unit + type: keyword + description: > + Organizational unit of the signer of the X.509 certificate offered by the client. + + - name: state + type: keyword + description: > + State or province name of the signer of the X.509 certificate offered by the client. + + - name: subject + type: group + description: > + Subject of the X.509 certificate offered by the client. + fields: + - name: common_name + type: keyword + description: > + Common name of the X.509 certificate offered by the client. + + - name: country + type: keyword + description: > + Country code of the X.509 certificate offered by the client. + + - name: locality + type: keyword + description: > + Locality of the X.509 certificate offered by the client. + + - name: organization + type: keyword + description: > + Organization of the X.509 certificate offered by the client. + + - name: organizational_unit + type: keyword + description: > + Organizational unit of the X.509 certificate offered by the client. + + - name: state + type: keyword + description: > + State or province name of the X.509 certificate offered by the client. diff --git a/filebeat/module/zeek/ssl/config/ssl.yml b/filebeat/module/zeek/ssl/config/ssl.yml new file mode 100644 index 00000000000..88bfcc4b53e --- /dev/null +++ b/filebeat/module/zeek/ssl/config/ssl.yml @@ -0,0 +1,79 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.transport: tcp + +processors: + - rename: + fields: + - from: "json" + to: "zeek.ssl" + + - from: "zeek.ssl.id.orig_h" + to: "source.address" + + - from: "zeek.ssl.id.orig_p" + to: "source.port" + + - from: "zeek.ssl.id.resp_h" + to: "destination.address" + + - from: "zeek.ssl.id.resp_p" + to: "destination.port" + + - from: "zeek.ssl.uid" + to: "zeek.session_id" + + - from: "zeek.ssl.server_name" + to: "zeek.ssl.server.name" + + - from: "zeek.ssl.cert_chain" + to: "zeek.ssl.server.cert_chain" + + - from: "zeek.ssl.cert_chain_fuids" + to: "zeek.ssl.server.cert_chain_fuids" + + - from: "zeek.ssl.client_cert_chain" + to: "zeek.ssl.client.cert_chain" + + - from: "zeek.ssl.client_cert_chain_fuids" + to: "zeek.ssl.client.cert_chain_fuids" + + - from: "zeek.ssl.validation_status" + to: "zeek.ssl.validation.status" + + - from: "zeek.ssl.validation_code" + to: "zeek.ssl.validation.code" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "source.address", to: "client.address"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + - {from: "destination.address", to: "server.address"} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + category: + - network + kind: + - connection + - protocol +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/ssl/ingest/pipeline.yml b/filebeat/module/zeek/ssl/ingest/pipeline.yml new file mode 100644 index 00000000000..bbeaa24d1bd --- /dev/null +++ b/filebeat/module/zeek/ssl/ingest/pipeline.yml @@ -0,0 +1,254 @@ +--- +description: Pipeline for normalizing Zeek ssl.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.ssl.ts + formats: + - UNIX +- remove: + field: zeek.ssl.ts +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- remove: + field: zeek.ssl.client.cert_chain_fuids + if: ctx.zeek.ssl.client?.cert_chain_fuids?.length == 0 + ignore_missing: true +- gsub: + field: zeek.ssl.issuer + pattern: \\, + replacement: "" + ignore_missing: true +- kv: + field: zeek.ssl.issuer + field_split: ',' + value_split: = + target_field: zeek.ssl.server.issuer + ignore_missing: true +- rename: + field: zeek.ssl.issuer + target_field: tls.server.issuer + ignore_missing: true +- rename: + field: zeek.ssl.server.issuer.C + target_field: zeek.ssl.server.issuer.country + ignore_missing: true +- rename: + field: zeek.ssl.server.issuer.CN + target_field: zeek.ssl.server.issuer.common_name + ignore_missing: true +- rename: + field: zeek.ssl.server.issuer.L + target_field: zeek.ssl.server.issuer.locality + ignore_missing: true +- rename: + field: zeek.ssl.server.issuer.O + target_field: zeek.ssl.server.issuer.organization + ignore_missing: true +- rename: + field: zeek.ssl.server.issuer.OU + target_field: zeek.ssl.server.issuer.organizational_unit + ignore_missing: true +- rename: + field: zeek.ssl.server.issuer.ST + target_field: zeek.ssl.server.issuer.state + ignore_missing: true +- gsub: + field: zeek.ssl.subject + pattern: \\, + replacement: "" + ignore_missing: true +- kv: + field: zeek.ssl.subject + field_split: ',' + value_split: = + target_field: zeek.ssl.server.subject + ignore_missing: true +- remove: + field: zeek.ssl.subject + ignore_missing: true +- rename: + field: zeek.ssl.server.subject.C + target_field: zeek.ssl.server.subject.country + ignore_missing: true +- rename: + field: zeek.ssl.server.subject.CN + target_field: zeek.ssl.server.subject.common_name + ignore_missing: true +- rename: + field: zeek.ssl.server.subject.L + target_field: zeek.ssl.server.subject.locality + ignore_missing: true +- rename: + field: zeek.ssl.server.subject.O + target_field: zeek.ssl.server.subject.organization + ignore_missing: true +- rename: + field: zeek.ssl.server.subject.OU + target_field: zeek.ssl.server.subject.organizational_unit + ignore_missing: true +- rename: + field: zeek.ssl.server.subject.ST + target_field: zeek.ssl.server.subject.state + ignore_missing: true +- gsub: + field: zeek.ssl.client_issuer + pattern: \\, + replacement: "" + ignore_missing: true +- kv: + field: zeek.ssl.client_issuer + field_split: ',' + value_split: = + target_field: zeek.ssl.client.issuer + ignore_missing: true +- rename: + field: zeek.ssl.client_issuer + target_field: tls.client.issuer + ignore_missing: true +- rename: + field: zeek.ssl.client.issuer.C + target_field: zeek.ssl.client.issuer.country + ignore_missing: true +- rename: + field: zeek.ssl.client.issuer.CN + target_field: zeek.ssl.client.issuer.common_name + ignore_missing: true +- rename: + field: zeek.ssl.client.issuer.L + target_field: zeek.ssl.client.issuer.locality + ignore_missing: true +- rename: + field: zeek.ssl.client.issuer.O + target_field: zeek.ssl.client.issuer.organization + ignore_missing: true +- rename: + field: zeek.ssl.client.issuer.OU + target_field: zeek.ssl.client.issuer.organizational_unit + ignore_missing: true +- rename: + field: zeek.ssl.client.issuer.ST + target_field: zeek.ssl.client.issuer.state + ignore_missing: true +- gsub: + field: zeek.ssl.client_subject + pattern: \\, + replacement: "" + ignore_missing: true +- kv: + field: zeek.ssl.client_subject + field_split: ',' + value_split: = + target_field: zeek.ssl.client.subject + ignore_missing: true +- remove: + field: zeek.ssl.client_subject + ignore_missing: true +- rename: + field: zeek.ssl.client.subject.C + target_field: zeek.ssl.client.subject.country + ignore_missing: true +- rename: + field: zeek.ssl.client.subject.CN + target_field: zeek.ssl.client.subject.common_name + ignore_missing: true +- rename: + field: zeek.ssl.client.subject.L + target_field: zeek.ssl.client.subject.locality + ignore_missing: true +- rename: + field: zeek.ssl.client.subject.O + target_field: zeek.ssl.client.subject.organization + ignore_missing: true +- rename: + field: zeek.ssl.client.subject.OU + target_field: zeek.ssl.client.subject.organizational_unit + ignore_missing: true +- rename: + field: zeek.ssl.client.subject.ST + target_field: zeek.ssl.client.subject.state + ignore_missing: true +- set: + field: tls.cipher + value: '{{zeek.ssl.cipher}}' + if: ctx.zeek?.ssl?.cipher != null +- set: + field: tls.curve + value: '{{zeek.ssl.curve}}' + if: ctx.zeek?.ssl?.curve != null +- convert: + target_field: tls.established + field: zeek.ssl.established + type: boolean + ignore_missing: true +- convert: + target_field: tls.resumed + field: zeek.ssl.resumed + type: boolean + ignore_missing: true +- script: + lang: painless + if: ctx.zeek?.ssl?.version != null + source: >- + def parts = ctx.zeek.ssl.version.splitOnToken("v"); + if (parts.length != 2) { + return; + } + if (parts[0] == "SSL") { + ctx.tls.version = parts[1] + ".0"; + } else { + ctx.tls.version = parts[1].substring(0,1) + "." + parts[1].substring(1); + } + ctx.tls.version_protocol = parts[0].toLowerCase(); +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/ssl/manifest.yml b/filebeat/module/zeek/ssl/manifest.yml new file mode 100644 index 00000000000..0b3da1331ff --- /dev/null +++ b/filebeat/module/zeek/ssl/manifest.yml @@ -0,0 +1,21 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/ssl.log + os.linux: + - /var/log/bro/current/ssl.log + os.darwin: + - /usr/local/var/logs/current/ssl.log + - name: tags + default: [zeek.ssl] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/ssl.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/filebeat/module/zeek/ssl/test/ssl-json.log b/filebeat/module/zeek/ssl/test/ssl-json.log new file mode 100644 index 00000000000..78a57e42b16 --- /dev/null +++ b/filebeat/module/zeek/ssl/test/ssl-json.log @@ -0,0 +1,3 @@ +{"ts":1547688736.805088,"uid":"CAOvs1BMFCX2Eh0Y3","id.orig_h":"10.178.98.102","id.orig_p":63199,"id.resp_h":"35.199.178.4","id.resp_p":9243,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","curve":"secp256r1","server_name":"dd625ffb4fc54735b281862aa1cd6cd4.us-west1.gcp.cloud.es.io","resumed":false,"established":true,"cert_chain_fuids":["FebkbHWVCV8rEEEne","F4BDY41MGUBT6URZMd","FWlfEfiHVkv8evDL3"],"client_cert_chain_fuids":[],"subject":"CN=*.gcp.cloud.es.io,O=Elasticsearch\u005c, Inc.,L=Mountain View,ST=California,C=US","issuer":"CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US","validation_status":"ok"} +{"ts":1547688736.80509,"uid":"C3mki91FnnNtm0u1ok","id.orig_h":"10.178.98.102","id.orig_p":63198,"id.resp_h":"35.199.178.4","id.resp_p":9243,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","curve":"secp256r1","server_name":"dd625ffb4fc54735b281862aa1cd6cd4.us-west1.gcp.cloud.es.io","resumed":false,"established":true,"cert_chain_fuids":["Fue9H32OmuitQk2zR","FpbiBP215tk2xftxM6","FEdROj1vUzTGw3BIUa"],"client_cert_chain_fuids":[],"subject":"CN=*.gcp.cloud.es.io,O=Elasticsearch\u005c, Inc.,L=Mountain View,ST=California,C=US","issuer":"CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US","validation_status":"ok"} +{"ts":1547688736.805527,"uid":"CfGBt82PzCXzHa0iek","id.orig_h":"10.178.98.102","id.orig_p":63197,"id.resp_h":"35.199.178.4","id.resp_p":9243,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","curve":"secp256r1","server_name":"dd625ffb4fc54735b281862aa1cd6cd4.us-west1.gcp.cloud.es.io","resumed":false,"established":true,"cert_chain_fuids":["FiFLYv3UjeWyv2gcW","FvSsiB1Xi816EMagI9","FWpPS4mjGaAhTRXLf"],"client_cert_chain_fuids":[],"subject":"CN=*.gcp.cloud.es.io,O=Elasticsearch\u005c, Inc.,L=Mountain View,ST=California,C=US","issuer":"CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US","validation_status":"ok"} \ No newline at end of file diff --git a/filebeat/module/zeek/ssl/test/ssl-json.log-expected.json b/filebeat/module/zeek/ssl/test/ssl-json.log-expected.json new file mode 100644 index 00000000000..526a43a350b --- /dev/null +++ b/filebeat/module/zeek/ssl/test/ssl-json.log-expected.json @@ -0,0 +1,144 @@ +[ + { + "@timestamp": "2019-01-17T01:32:16.805Z", + "client.address": "10.178.98.102", + "destination.address": "35.199.178.4", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.city_name": "Mountain View", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.4043, + "destination.geo.location.lon": -122.0748, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", + "destination.ip": "35.199.178.4", + "destination.port": 9243, + "event.category": [ + "network" + ], + "event.dataset": "zeek.ssl", + "event.id": "CAOvs1BMFCX2Eh0Y3", + "event.kind": [ + "connection", + "protocol" + ], + "event.module": "zeek", + "fileset.name": "ssl", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:1PMhYqOKBIyRAQeMbg/pWiJ198g=", + "network.transport": "tcp", + "related.ip": [ + "10.178.98.102", + "35.199.178.4" + ], + "server.address": "35.199.178.4", + "service.type": "zeek", + "source.address": "10.178.98.102", + "source.ip": "10.178.98.102", + "source.port": 63199, + "tags": [ + "zeek.ssl" + ], + "tls.cipher": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "tls.curve": "secp256r1", + "tls.established": true, + "tls.resumed": false, + "tls.server.issuer": "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US", + "tls.version": "1.2", + "tls.version_protocol": "tls", + "zeek.session_id": "CAOvs1BMFCX2Eh0Y3", + "zeek.ssl.cipher": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "zeek.ssl.curve": "secp256r1", + "zeek.ssl.established": true, + "zeek.ssl.resumed": false, + "zeek.ssl.server.cert_chain_fuids": [ + "FebkbHWVCV8rEEEne", + "F4BDY41MGUBT6URZMd", + "FWlfEfiHVkv8evDL3" + ], + "zeek.ssl.server.issuer.common_name": "DigiCert SHA2 Secure Server CA", + "zeek.ssl.server.issuer.country": "US", + "zeek.ssl.server.issuer.organization": "DigiCert Inc", + "zeek.ssl.server.name": "dd625ffb4fc54735b281862aa1cd6cd4.us-west1.gcp.cloud.es.io", + "zeek.ssl.server.subject.common_name": "*.gcp.cloud.es.io", + "zeek.ssl.server.subject.country": "US", + "zeek.ssl.server.subject.locality": "Mountain View", + "zeek.ssl.server.subject.organization": "Elasticsearch Inc.", + "zeek.ssl.server.subject.state": "California", + "zeek.ssl.validation.status": "ok", + "zeek.ssl.version": "TLSv12" + }, + { + "@timestamp": "2019-01-17T01:32:16.805Z", + "client.address": "10.178.98.102", + "destination.address": "35.199.178.4", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.city_name": "Mountain View", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.4043, + "destination.geo.location.lon": -122.0748, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", + "destination.ip": "35.199.178.4", + "destination.port": 9243, + "event.category": [ + "network" + ], + "event.dataset": "zeek.ssl", + "event.id": "C3mki91FnnNtm0u1ok", + "event.kind": [ + "connection", + "protocol" + ], + "event.module": "zeek", + "fileset.name": "ssl", + "input.type": "log", + "log.offset": 635, + "network.community_id": "1:zYbLmqRN6PLPB067HNAiAQISqvI=", + "network.transport": "tcp", + "related.ip": [ + "10.178.98.102", + "35.199.178.4" + ], + "server.address": "35.199.178.4", + "service.type": "zeek", + "source.address": "10.178.98.102", + "source.ip": "10.178.98.102", + "source.port": 63198, + "tags": [ + "zeek.ssl" + ], + "tls.cipher": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "tls.curve": "secp256r1", + "tls.established": true, + "tls.resumed": false, + "tls.server.issuer": "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US", + "tls.version": "1.2", + "tls.version_protocol": "tls", + "zeek.session_id": "C3mki91FnnNtm0u1ok", + "zeek.ssl.cipher": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "zeek.ssl.curve": "secp256r1", + "zeek.ssl.established": true, + "zeek.ssl.resumed": false, + "zeek.ssl.server.cert_chain_fuids": [ + "Fue9H32OmuitQk2zR", + "FpbiBP215tk2xftxM6", + "FEdROj1vUzTGw3BIUa" + ], + "zeek.ssl.server.issuer.common_name": "DigiCert SHA2 Secure Server CA", + "zeek.ssl.server.issuer.country": "US", + "zeek.ssl.server.issuer.organization": "DigiCert Inc", + "zeek.ssl.server.name": "dd625ffb4fc54735b281862aa1cd6cd4.us-west1.gcp.cloud.es.io", + "zeek.ssl.server.subject.common_name": "*.gcp.cloud.es.io", + "zeek.ssl.server.subject.country": "US", + "zeek.ssl.server.subject.locality": "Mountain View", + "zeek.ssl.server.subject.organization": "Elasticsearch Inc.", + "zeek.ssl.server.subject.state": "California", + "zeek.ssl.validation.status": "ok", + "zeek.ssl.version": "TLSv12" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/stats/_meta/fields.yml b/filebeat/module/zeek/stats/_meta/fields.yml new file mode 100644 index 00000000000..c043adccecc --- /dev/null +++ b/filebeat/module/zeek/stats/_meta/fields.yml @@ -0,0 +1,163 @@ +- name: stats + type: group + default_field: false + description: > + Fields exported by the Zeek stats log. + fields: + - name: peer + type: keyword + description: | + Peer that generated this log. Mostly for clusters. + + - name: memory + type: integer + description: | + Amount of memory currently in use in MB. + + - name: packets + type: group + fields: + - name: processed + type: long + description: | + Number of packets processed since the last stats interval. + + - name: dropped + type: long + description: | + Number of packets dropped since the last stats interval if reading live traffic. + + - name: received + type: long + description: | + Number of packets seen on the link since the last stats interval if reading live traffic. + + - name: bytes + type: group + fields: + - name: received + type: long + description: | + Number of bytes received since the last stats interval if reading live traffic. + + - name: connections + type: group + fields: + - name: tcp + type: group + fields: + - name: active + type: integer + description: | + TCP connections currently in memory. + + - name: count + type: integer + description: | + TCP connections seen since last stats interval. + + - name: udp + type: group + fields: + - name: active + type: integer + description: | + UDP connections currently in memory. + + - name: count + type: integer + description: | + UDP connections seen since last stats interval. + + - name: icmp + type: group + fields: + - name: active + type: integer + description: | + ICMP connections currently in memory. + + - name: count + type: integer + description: | + ICMP connections seen since last stats interval. + + - name: events + type: group + fields: + - name: processed + type: integer + description: | + Number of events processed since the last stats interval. + + - name: queued + type: integer + description: | + Number of events that have been queued since the last stats interval. + + - name: timers + type: group + fields: + - name: count + type: integer + description: | + Number of timers scheduled since last stats interval. + + - name: active + type: integer + description: | + Current number of scheduled timers. + + - name: files + type: group + fields: + - name: count + type: integer + description: | + Number of files seen since last stats interval. + + - name: active + type: integer + description: | + Current number of files actively being seen. + + - name: dns_requests + type: group + fields: + - name: count + type: integer + description: | + Number of DNS requests seen since last stats interval. + + - name: active + type: integer + description: | + Current number of DNS requests awaiting a reply. + + - name: reassembly_size + type: group + fields: + - name: tcp + type: integer + description: | + Current size of TCP data in reassembly. + + - name: file + type: integer + description: | + Current size of File data in reassembly. + + - name: frag + type: integer + description: | + Current size of packet fragment data in reassembly. + + - name: unknown + type: integer + description: | + Current size of unknown data in reassembly (this is only PIA buffer right now). + + - name: timestamp_lag + type: integer + description: | + Lag between the wall clock and packet timestamps if reading live traffic. diff --git a/filebeat/module/zeek/stats/config/stats.yml b/filebeat/module/zeek/stats/config/stats.yml new file mode 100644 index 00000000000..c77c9c1f750 --- /dev/null +++ b/filebeat/module/zeek/stats/config/stats.yml @@ -0,0 +1,95 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true + +processors: + - rename: + fields: + - from: "json" + to: "zeek.stats" + + - from: "zeek.stats.mem" + to: "zeek.stats.memory" + + - from: "zeek.stats.pkts_proc" + to: "zeek.stats.packets.processed" + + - from: "zeek.stats.pkts_dropped" + to: "zeek.stats.packets.dropped" + + - from: "zeek.stats.pkts_link" + to: "zeek.stats.packets.received" + + - from: "zeek.stats.pkts_link" + to: "zeek.stats.packets.received" + + - from: "zeek.stats.bytes_recv" + to: "zeek.stats.bytes.received" + + - from: "zeek.stats.tcp_conns" + to: "zeek.stats.connections.tcp.count" + + - from: "zeek.stats.active_tcp_conns" + to: "zeek.stats.connections.tcp.active" + + - from: "zeek.stats.udp_conns" + to: "zeek.stats.connections.udp.count" + + - from: "zeek.stats.active_udp_conns" + to: "zeek.stats.connections.udp.active" + + - from: "zeek.stats.icmp_conns" + to: "zeek.stats.connections.icmp.count" + + - from: "zeek.stats.active_icmp_conns" + to: "zeek.stats.connections.icmp.active" + + - from: "zeek.stats.events_proc" + to: "zeek.stats.events.processed" + + - from: "zeek.stats.events_queued" + to: "zeek.stats.events.queued" + + - from: "zeek.stats.timers" + to: "zeek.stats.timers.count" + + - from: "zeek.stats.active_timers" + to: "zeek.stats.timers.active" + + - from: "zeek.stats.files" + to: "zeek.stats.files.count" + + - from: "zeek.stats.active_files" + to: "zeek.stats.files.active" + + - from: "zeek.stats.dns_requests" + to: "zeek.stats.dns_requests.count" + + - from: "zeek.stats.active_dns_requests" + to: "zeek.stats.dns_requests.active" + + - from: "zeek.stats.reassem_tcp_size" + to: "zeek.stats.reassembly_size.tcp" + + - from: "zeek.stats.reassem_file_size" + to: "zeek.stats.reassembly_size.file" + + - from: "zeek.stats.reassem_frag_size" + to: "zeek.stats.reassembly_size.frag" + + - from: "zeek.stats.reassem_unknown_size" + to: "zeek.stats.reassembly_size.unknown" + + - from: "zeek.stats.pkt_lag" + to: "zeek.stats.timestamp_lag" + + ignore_missing: true + fail_on_error: false diff --git a/filebeat/module/zeek/stats/ingest/pipeline.yml b/filebeat/module/zeek/stats/ingest/pipeline.yml new file mode 100644 index 00000000000..c0347161190 --- /dev/null +++ b/filebeat/module/zeek/stats/ingest/pipeline.yml @@ -0,0 +1,18 @@ +description: Pipeline for normalizing Zeek stats.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.stats.ts + formats: + - UNIX +- remove: + field: zeek.stats.ts +- set: + field: event.kind + value: metric +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/stats/manifest.yml b/filebeat/module/zeek/stats/manifest.yml new file mode 100644 index 00000000000..f63ad40bf33 --- /dev/null +++ b/filebeat/module/zeek/stats/manifest.yml @@ -0,0 +1,15 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/stats.log + os.linux: + - /var/log/bro/current/stats.log + os.darwin: + - /usr/local/var/logs/current/stats.log + - name: tags + default: [zeek.stats] + +ingest_pipeline: ingest/pipeline.yml +input: config/stats.yml diff --git a/filebeat/module/zeek/stats/test/stats-json.log b/filebeat/module/zeek/stats/test/stats-json.log new file mode 100644 index 00000000000..e15f79c118c --- /dev/null +++ b/filebeat/module/zeek/stats/test/stats-json.log @@ -0,0 +1 @@ +{"ts":1476605878.714844,"peer":"bro","mem":94,"pkts_proc":296,"bytes_recv":39674,"events_proc":723,"events_queued":728,"active_tcp_conns":1,"active_udp_conns":3,"active_icmp_conns":0,"tcp_conns":6,"udp_conns":36,"icmp_conns":2,"timers":797,"active_timers":38,"files":0,"active_files":0,"dns_requests":0,"active_dns_requests":0,"reassem_tcp_size":0,"reassem_file_size":0,"reassem_frag_size":0,"reassem_unknown_size":0} diff --git a/filebeat/module/zeek/stats/test/stats-json.log-expected.json b/filebeat/module/zeek/stats/test/stats-json.log-expected.json new file mode 100644 index 00000000000..bcb5f24f2a2 --- /dev/null +++ b/filebeat/module/zeek/stats/test/stats-json.log-expected.json @@ -0,0 +1,37 @@ +[ + { + "@timestamp": "2016-10-16T08:17:58.714Z", + "event.dataset": "zeek.stats", + "event.kind": "metric", + "event.module": "zeek", + "fileset.name": "stats", + "input.type": "log", + "log.offset": 0, + "service.type": "zeek", + "tags": [ + "zeek.stats" + ], + "zeek.stats.bytes.received": 39674, + "zeek.stats.connections.icmp.active": 0, + "zeek.stats.connections.icmp.count": 2, + "zeek.stats.connections.tcp.active": 1, + "zeek.stats.connections.tcp.count": 6, + "zeek.stats.connections.udp.active": 3, + "zeek.stats.connections.udp.count": 36, + "zeek.stats.dns_requests.active": 0, + "zeek.stats.dns_requests.count": 0, + "zeek.stats.events.processed": 723, + "zeek.stats.events.queued": 728, + "zeek.stats.files.active": 0, + "zeek.stats.files.count": 0, + "zeek.stats.memory": 94, + "zeek.stats.packets.processed": 296, + "zeek.stats.peer": "bro", + "zeek.stats.reassembly_size.file": 0, + "zeek.stats.reassembly_size.frag": 0, + "zeek.stats.reassembly_size.tcp": 0, + "zeek.stats.reassembly_size.unknown": 0, + "zeek.stats.timers.active": 38, + "zeek.stats.timers.count": 797 + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/syslog/_meta/fields.yml b/filebeat/module/zeek/syslog/_meta/fields.yml new file mode 100644 index 00000000000..8f5f9f0e757 --- /dev/null +++ b/filebeat/module/zeek/syslog/_meta/fields.yml @@ -0,0 +1,20 @@ +- name: syslog + type: group + default_field: false + description: > + Fields exported by the Zeek syslog log. + fields: + - name: facility + type: keyword + description: > + Syslog facility for the message. + + - name: severity + type: keyword + description: > + Syslog severity for the message. + + - name: message + type: keyword + description: > + The plain text message. diff --git a/filebeat/module/zeek/syslog/config/syslog.yml b/filebeat/module/zeek/syslog/config/syslog.yml new file mode 100644 index 00000000000..a8420237af0 --- /dev/null +++ b/filebeat/module/zeek/syslog/config/syslog.yml @@ -0,0 +1,57 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true +fields: + network.protocol: syslog + +processors: + - rename: + fields: + - from: "json" + to: "zeek.syslog" + + - from: "zeek.syslog.id.orig_h" + to: "source.address" + + - from: "zeek.syslog.id.orig_p" + to: "source.port" + + - from: "zeek.syslog.id.resp_h" + to: "destination.address" + + - from: "zeek.syslog.id.resp_p" + to: "destination.port" + + - from: "zeek.syslog.uid" + to: "zeek.session_id" + + - from: "zeek.syslog.proto" + to: "network.transport" + + - from: "zeek.syslog.message" + to: "zeek.syslog.msg" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + - {from: "zeek.syslog.facility", to: "log.syslog.facility.name"} + - {from: "zeek.syslog.severity", to: "log.syslog.severity.name"} + - add_fields: + target: event + fields: + kind: event +{{ if .community_id }} + - community_id: +{{ end }} diff --git a/filebeat/module/zeek/syslog/ingest/pipeline.yml b/filebeat/module/zeek/syslog/ingest/pipeline.yml new file mode 100644 index 00000000000..7fd848682b1 --- /dev/null +++ b/filebeat/module/zeek/syslog/ingest/pipeline.yml @@ -0,0 +1,63 @@ +description: Pipeline for normalizing Zeek syslog.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.syslog.ts + formats: + - UNIX +- remove: + field: zeek.syslog.ts +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/syslog/manifest.yml b/filebeat/module/zeek/syslog/manifest.yml new file mode 100644 index 00000000000..8db76ab5b36 --- /dev/null +++ b/filebeat/module/zeek/syslog/manifest.yml @@ -0,0 +1,17 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/syslog.log + os.linux: + - /var/log/bro/current/syslog.log + os.darwin: + - /usr/local/var/logs/current/syslog.log + - name: tags + default: [zeek.syslog] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.yml +input: config/syslog.yml diff --git a/filebeat/module/zeek/traceroute/config/traceroute.yml b/filebeat/module/zeek/traceroute/config/traceroute.yml new file mode 100644 index 00000000000..8b4b40e0234 --- /dev/null +++ b/filebeat/module/zeek/traceroute/config/traceroute.yml @@ -0,0 +1,43 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true + +processors: + - rename: + fields: + - from: "json" + to: "zeek.traceroute" + + - from: "zeek.traceroute.src" + to: "source.address" + + - from: "zeek.traceroute.dst" + to: "destination.address" + + - from: "zeek.traceroute.proto" + to: "network.transport" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + category: + - network + type: + - info diff --git a/filebeat/module/zeek/traceroute/ingest/pipeline.yml b/filebeat/module/zeek/traceroute/ingest/pipeline.yml new file mode 100644 index 00000000000..6fa5a0bc993 --- /dev/null +++ b/filebeat/module/zeek/traceroute/ingest/pipeline.yml @@ -0,0 +1,63 @@ +description: Pipeline for normalizing Zeek traceroute.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.traceroute.ts + formats: + - UNIX +- remove: + field: zeek.traceroute.ts +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/traceroute/manifest.yml b/filebeat/module/zeek/traceroute/manifest.yml new file mode 100644 index 00000000000..0761e9b3bf4 --- /dev/null +++ b/filebeat/module/zeek/traceroute/manifest.yml @@ -0,0 +1,15 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/traceroute.log + os.linux: + - /var/log/bro/current/traceroute.log + os.darwin: + - /usr/local/var/logs/current/traceroute.log + - name: tags + default: [zeek.traceroute] + +ingest_pipeline: ingest/pipeline.yml +input: config/traceroute.yml diff --git a/filebeat/module/zeek/traceroute/test/traceroute-json.log b/filebeat/module/zeek/traceroute/test/traceroute-json.log new file mode 100644 index 00000000000..b3595d55a6b --- /dev/null +++ b/filebeat/module/zeek/traceroute/test/traceroute-json.log @@ -0,0 +1 @@ +{"ts":1361916158.650605,"src":"192.168.1.1","dst":"8.8.8.8","proto":"udp"} diff --git a/filebeat/module/zeek/traceroute/test/traceroute-json.log-expected.json b/filebeat/module/zeek/traceroute/test/traceroute-json.log-expected.json new file mode 100644 index 00000000000..8fdfd983c94 --- /dev/null +++ b/filebeat/module/zeek/traceroute/test/traceroute-json.log-expected.json @@ -0,0 +1,36 @@ +[ + { + "@timestamp": "2013-02-26T22:02:38.650Z", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "event.category": [ + "network" + ], + "event.dataset": "zeek.traceroute", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "info" + ], + "fileset.name": "traceroute", + "input.type": "log", + "log.offset": 0, + "network.transport": "udp", + "related.ip": [ + "192.168.1.1", + "8.8.8.8" + ], + "service.type": "zeek", + "source.address": "192.168.1.1", + "source.ip": "192.168.1.1", + "tags": [ + "zeek.traceroute" + ] + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/tunnel/_meta/fields.yml b/filebeat/module/zeek/tunnel/_meta/fields.yml new file mode 100644 index 00000000000..bef9c6e9da8 --- /dev/null +++ b/filebeat/module/zeek/tunnel/_meta/fields.yml @@ -0,0 +1,15 @@ +- name: tunnel + type: group + default_field: false + description: > + Fields exported by the Zeek SSH log. + fields: + - name: type + type: keyword + description: > + The type of tunnel. + + - name: action + type: keyword + description: > + The type of activity that occurred. diff --git a/filebeat/module/zeek/tunnel/config/tunnel.yml b/filebeat/module/zeek/tunnel/config/tunnel.yml new file mode 100644 index 00000000000..ed9af2117ad --- /dev/null +++ b/filebeat/module/zeek/tunnel/config/tunnel.yml @@ -0,0 +1,54 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true + +processors: + - rename: + fields: + - from: "json" + to: "zeek.tunnel" + + - from: "zeek.tunnel.id.orig_h" + to: "source.address" + + - from: "zeek.tunnel.id.orig_p" + to: "source.port" + + - from: "zeek.tunnel.id.resp_h" + to: "destination.address" + + - from: "zeek.tunnel.id.resp_p" + to: "destination.port" + + - from: "zeek.tunnel.uid" + to: "zeek.session_id" + + - from: "zeek.tunnel.tunnel_type" + to: "zeek.tunnel.type" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + - {from: "zeek.tunnel.action", to: "event.action"} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + category: + - network + type: + - connection diff --git a/filebeat/module/zeek/tunnel/ingest/pipeline.yml b/filebeat/module/zeek/tunnel/ingest/pipeline.yml new file mode 100644 index 00000000000..402bce5fa5d --- /dev/null +++ b/filebeat/module/zeek/tunnel/ingest/pipeline.yml @@ -0,0 +1,63 @@ +description: Pipeline for normalizing Zeek tunnel.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.tunnel.ts + formats: + - UNIX +- remove: + field: zeek.tunnel.ts +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/tunnel/manifest.yml b/filebeat/module/zeek/tunnel/manifest.yml new file mode 100644 index 00000000000..a0618a12b7e --- /dev/null +++ b/filebeat/module/zeek/tunnel/manifest.yml @@ -0,0 +1,15 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/tunnel.log + os.linux: + - /var/log/bro/current/tunnel.log + os.darwin: + - /usr/local/var/logs/current/tunnel.log + - name: tags + default: [zeek.tunnel] + +ingest_pipeline: ingest/pipeline.yml +input: config/tunnel.yml diff --git a/filebeat/module/zeek/tunnel/test/tunnel-json.log b/filebeat/module/zeek/tunnel/test/tunnel-json.log new file mode 100644 index 00000000000..139a6591c75 --- /dev/null +++ b/filebeat/module/zeek/tunnel/test/tunnel-json.log @@ -0,0 +1 @@ +{"ts":1544405666.743509,"id.orig_h":"132.16.146.79","id.orig_p":0,"id.resp_h":"132.16.110.133","id.resp_p":8080,"tunnel_type":"Tunnel::HTTP","action":"Tunnel::DISCOVER"} diff --git a/filebeat/module/zeek/tunnel/test/tunnel-json.log-expected.json b/filebeat/module/zeek/tunnel/test/tunnel-json.log-expected.json new file mode 100644 index 00000000000..1e00e616e36 --- /dev/null +++ b/filebeat/module/zeek/tunnel/test/tunnel-json.log-expected.json @@ -0,0 +1,46 @@ +[ + { + "@timestamp": "2018-12-10T01:34:26.743Z", + "destination.address": "132.16.110.133", + "destination.as.number": 427, + "destination.as.organization.name": "Air Force Systems Networking", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "132.16.110.133", + "destination.port": 8080, + "event.action": "Tunnel::DISCOVER", + "event.category": [ + "network" + ], + "event.dataset": "zeek.tunnel", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "connection" + ], + "fileset.name": "tunnel", + "input.type": "log", + "log.offset": 0, + "related.ip": [ + "132.16.146.79", + "132.16.110.133" + ], + "service.type": "zeek", + "source.address": "132.16.146.79", + "source.as.number": 427, + "source.as.organization.name": "Air Force Systems Networking", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.ip": "132.16.146.79", + "source.port": 0, + "tags": [ + "zeek.tunnel" + ], + "zeek.tunnel.action": "Tunnel::DISCOVER", + "zeek.tunnel.type": "Tunnel::HTTP" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/weird/_meta/fields.yml b/filebeat/module/zeek/weird/_meta/fields.yml new file mode 100644 index 00000000000..72a0791a7b2 --- /dev/null +++ b/filebeat/module/zeek/weird/_meta/fields.yml @@ -0,0 +1,30 @@ +- name: weird + type: group + default_field: false + description: > + Fields exported by the Zeek Weird log. + fields: + - name: name + type: keyword + description: | + The name of the weird that occurred. + + - name: additional_info + type: keyword + description: | + Additional information accompanying the weird if any. + + - name: notice + type: boolean + description: | + Indicate if this weird was also turned into a notice. + + - name: peer + type: keyword + description: | + The peer that originated this weird. This is helpful in cluster deployments if a particular cluster node is having trouble to help identify which node is having trouble. + + - name: identifier + type: keyword + description: | + This field is to be provided when a weird is generated for the purpose of deduplicating weirds. The identifier string should be unique for a single instance of the weird. This field is used to define when a weird is conceptually a duplicate of a previous weird. diff --git a/filebeat/module/zeek/weird/config/weird.yml b/filebeat/module/zeek/weird/config/weird.yml new file mode 100644 index 00000000000..1256f96902b --- /dev/null +++ b/filebeat/module/zeek/weird/config/weird.yml @@ -0,0 +1,54 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true + +processors: + - rename: + fields: + - from: "json" + to: "zeek.weird" + + - from: "zeek.weird.id.orig_h" + to: "source.address" + + - from: "zeek.weird.id.orig_p" + to: "source.port" + + - from: "zeek.weird.id.resp_h" + to: "destination.address" + + - from: "zeek.weird.id.resp_p" + to: "destination.port" + + - from: "zeek.weird.uid" + to: "zeek.session_id" + + - from: "zeek.weird.addl" + to: "zeek.weird.additional_info" + + ignore_missing: true + fail_on_error: false + - convert: + fields: + - {from: "zeek.session_id", to: "event.id"} + - {from: "source.address", to: "source.ip", type: "ip"} + - {from: "destination.address", to: "destination.ip", type: "ip"} + - {from: "zeek.weird.name", to: "rule.name"} + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: alert + category: + - network + type: + - info diff --git a/filebeat/module/zeek/weird/ingest/pipeline.yml b/filebeat/module/zeek/weird/ingest/pipeline.yml new file mode 100644 index 00000000000..e0325d9a1c5 --- /dev/null +++ b/filebeat/module/zeek/weird/ingest/pipeline.yml @@ -0,0 +1,63 @@ +description: Pipeline for normalizing Zeek weird.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.weird.ts + formats: + - UNIX +- remove: + field: zeek.weird.ts +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/zeek/weird/manifest.yml b/filebeat/module/zeek/weird/manifest.yml new file mode 100644 index 00000000000..3e91c91c64a --- /dev/null +++ b/filebeat/module/zeek/weird/manifest.yml @@ -0,0 +1,15 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/weird.log + os.linux: + - /var/log/bro/current/weird.log + os.darwin: + - /usr/local/var/logs/current/weird.log + - name: tags + default: [zeek.weird] + +ingest_pipeline: ingest/pipeline.yml +input: config/weird.yml diff --git a/filebeat/module/zeek/weird/test/weird-json.log b/filebeat/module/zeek/weird/test/weird-json.log new file mode 100644 index 00000000000..5e49a4b9849 --- /dev/null +++ b/filebeat/module/zeek/weird/test/weird-json.log @@ -0,0 +1,2 @@ +{"ts":1543877999.99354,"uid":"C1ralPp062bkwWt4e","id.orig_h":"192.168.1.1","id.orig_p":64521,"id.resp_h":"192.168.1.2","id.resp_p":53,"name":"dns_unmatched_reply","notice":false,"peer":"worker-6"} +{"ts":1580227259.342809,"name":"non_ip_packet_in_ethernet","notice":false,"peer":"ens3f1-4"} diff --git a/filebeat/module/zeek/weird/test/weird-json.log-expected.json b/filebeat/module/zeek/weird/test/weird-json.log-expected.json new file mode 100644 index 00000000000..cc9f7f49508 --- /dev/null +++ b/filebeat/module/zeek/weird/test/weird-json.log-expected.json @@ -0,0 +1,60 @@ +[ + { + "@timestamp": "2018-12-03T22:59:59.993Z", + "destination.address": "192.168.1.2", + "destination.ip": "192.168.1.2", + "destination.port": 53, + "event.category": [ + "network" + ], + "event.dataset": "zeek.weird", + "event.id": "C1ralPp062bkwWt4e", + "event.kind": "alert", + "event.module": "zeek", + "event.type": [ + "info" + ], + "fileset.name": "weird", + "input.type": "log", + "log.offset": 0, + "related.ip": [ + "192.168.1.1", + "192.168.1.2" + ], + "rule.name": "dns_unmatched_reply", + "service.type": "zeek", + "source.address": "192.168.1.1", + "source.ip": "192.168.1.1", + "source.port": 64521, + "tags": [ + "zeek.weird" + ], + "zeek.session_id": "C1ralPp062bkwWt4e", + "zeek.weird.name": "dns_unmatched_reply", + "zeek.weird.notice": false, + "zeek.weird.peer": "worker-6" + }, + { + "@timestamp": "2020-01-28T16:00:59.342Z", + "event.category": [ + "network" + ], + "event.dataset": "zeek.weird", + "event.kind": "alert", + "event.module": "zeek", + "event.type": [ + "info" + ], + "fileset.name": "weird", + "input.type": "log", + "log.offset": 197, + "rule.name": "non_ip_packet_in_ethernet", + "service.type": "zeek", + "tags": [ + "zeek.weird" + ], + "zeek.weird.name": "non_ip_packet_in_ethernet", + "zeek.weird.notice": false, + "zeek.weird.peer": "ens3f1-4" + } +] \ No newline at end of file diff --git a/filebeat/module/zeek/x509/_meta/fields.yml b/filebeat/module/zeek/x509/_meta/fields.yml new file mode 100644 index 00000000000..bc08ad5c973 --- /dev/null +++ b/filebeat/module/zeek/x509/_meta/fields.yml @@ -0,0 +1,199 @@ +- name: x509 + type: group + default_field: false + description: > + Fields exported by the Zeek x509 log. + fields: + - name: id + type: keyword + description: > + File id of this certificate. + + - name: certificate + type: group + description: > + Basic information about the certificate. + fields: + - name: version + type: integer + description: > + Version number. + + - name: serial + type: keyword + description: > + Serial number. + + - name: subject + type: group + description: > + Subject. + fields: + - name: country + type: keyword + description: > + Country provided in the certificate subject. + + - name: common_name + type: keyword + description: > + Common name provided in the certificate subject. + + - name: locality + type: keyword + description: > + Locality provided in the certificate subject. + + - name: organization + type: keyword + description: > + Organization provided in the certificate subject. + + - name: organizational_unit + type: keyword + description: > + Organizational unit provided in the certificate subject. + + - name: state + type: keyword + description: > + State or province provided in the certificate subject. + + - name: issuer + type: group + description: > + Issuer. + fields: + - name: country + type: keyword + description: > + Country provided in the certificate issuer field. + + - name: common_name + type: keyword + description: > + Common name provided in the certificate issuer field. + + - name: locality + type: keyword + description: > + Locality provided in the certificate issuer field. + + - name: organization + type: keyword + description: > + Organization provided in the certificate issuer field. + + - name: organizational_unit + type: keyword + description: > + Organizational unit provided in the certificate issuer field. + + - name: state + type: keyword + description: > + State or province provided in the certificate issuer field. + + - name: common_name + type: keyword + description: > + Last (most specific) common name. + + - name: valid + type: group + description: > + Certificate validity timestamps + fields: + - name: from + type: date + description: > + Timestamp before when certificate is not valid. + + - name: until + type: date + description: > + Timestamp after when certificate is not valid. + + - name: key + type: group + fields: + - name: algorithm + type: keyword + description: > + Name of the key algorithm. + + - name: type + type: keyword + description: > + Key type, if key parseable by openssl (either rsa, dsa or ec). + + - name: length + type: integer + description: > + Key length in bits. + + - name: signature_algorithm + type: keyword + description: > + Name of the signature algorithm. + + - name: exponent + type: keyword + description: > + Exponent, if RSA-certificate. + + - name: curve + type: keyword + description: > + Curve, if EC-certificate. + + - name: san + type: group + description: > + Subject alternative name extension of the certificate. + fields: + - name: dns + type: keyword + description: > + List of DNS entries in SAN. + + - name: uri + type: keyword + description: > + List of URI entries in SAN. + + - name: email + type: keyword + description: > + List of email entries in SAN. + + - name: ip + type: ip + description: > + List of IP entries in SAN. + + - name: other_fields + type: boolean + description: > + True if the certificate contained other, not recognized or parsed name fields. + + - name: basic_constraints + type: group + description: > + Basic constraints extension of the certificate. + fields: + - name: certificate_authority + type: boolean + description: > + CA flag set or not. + + - name: path_length + type: integer + description: > + Maximum path length. + + - name: log_cert + type: boolean + description: | + Present if policy/protocols/ssl/log-hostcerts-only.bro is loaded + Logging of certificate is suppressed if set to F. diff --git a/filebeat/module/zeek/x509/config/x509.yml b/filebeat/module/zeek/x509/config/x509.yml new file mode 100644 index 00000000000..49a670e46e5 --- /dev/null +++ b/filebeat/module/zeek/x509/config/x509.yml @@ -0,0 +1,65 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags}} + +json.keys_under_root: false + +fields_under_root: true + +processors: + - rename: + fields: + - from: "json" + to: "zeek.x509" + + - from: "zeek.x509.id" + to: "zeek.session_id" + + - from: "zeek.x509.certificate.not_valid_before" + to: "zeek.x509.certificate.valid.from" + + - from: "zeek.x509.certificate.not_valid_after" + to: "zeek.x509.certificate.valid.until" + + - from: "zeek.x509.basic_constraints.ca" + to: "zeek.x509.basic_constraints.certificate_authority" + + - from: "zeek.x509.basic_constraints.path_len" + to: "zeek.x509.basic_constraints.path_length" + + - from: "zeek.x509.certificate.cn" + to: "zeek.x509.certificate.common_name" + + - from: "zeek.x509.certificate.issuer" + to: "zeek.x509.certificate.iss" + + - from: "zeek.x509.certificate.subject" + to: "zeek.x509.certificate.sub" + + - from: "zeek.x509.certificate.key_alg" + to: "zeek.x509.certificate.key.algorithm" + + - from: "zeek.x509.certificate.key_length" + to: "zeek.x509.certificate.key.length" + + - from: "zeek.x509.certificate.key_type" + to: "zeek.x509.certificate.key.type" + + - from: "zeek.x509.certificate.sig_alg" + to: "zeek.x509.certificate.signature_algorithm" + + - from: "zeek.x509.logcert" + to: "zeek.x509.log_cert" + + ignore_missing: true + fail_on_error: false + - add_fields: + target: event + fields: + kind: event + type: + - info diff --git a/filebeat/module/zeek/x509/ingest/pipeline.json b/filebeat/module/zeek/x509/ingest/pipeline.json new file mode 100644 index 00000000000..e35b8bbbafc --- /dev/null +++ b/filebeat/module/zeek/x509/ingest/pipeline.json @@ -0,0 +1,231 @@ +{ + "description": "Pipeline for normalizing Zeek x509.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.x509.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.x509.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "dot_expander": { + "field": "certificate.exponent", + "path": "zeek.x509" + } + }, + { + "dot_expander": { + "field": "certificate.serial", + "path": "zeek.x509" + } + }, + { + "dot_expander": { + "field": "certificate.version", + "path": "zeek.x509" + } + }, + { + "dot_expander": { + "field": "san.dns", + "path": "zeek.x509" + } + }, + { + "dot_expander": { + "field": "san.uri", + "path": "zeek.x509" + } + }, + { + "dot_expander": { + "field": "san.email", + "path": "zeek.x509" + } + }, + { + "dot_expander": { + "field": "san.ip", + "path": "zeek.x509" + } + }, + { + "dot_expander": { + "field": "san.other_fields", + "path": "zeek.x509" + } + }, + { + "date": { + "field": "zeek.x509.certificate.valid.from", + "target_field": "zeek.x509.certificate.valid.from", + "formats": ["UNIX"], + "if": "ctx.zeek.x509.certificate?.valid?.from != null" + } + }, + { + "date": { + "field": "zeek.x509.certificate.valid.until", + "target_field": "zeek.x509.certificate.valid.until", + "formats": ["UNIX"], + "if": "ctx.zeek.x509.certificate?.valid?.until != null" + } + }, + + { + "gsub": { + "field": "zeek.x509.certificate.iss", + "pattern": "\\\\,", + "replacement": "", + "ignore_missing": true + } + }, + { + "kv": { + "field": "zeek.x509.certificate.iss", + "field_split": ",", + "value_split": "=", + "target_field": "zeek.x509.certificate.issuer", + "ignore_missing": true + } + }, + { + "remove": { + "field": "zeek.x509.certificate.iss", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.issuer.C", + "target_field": "zeek.x509.certificate.issuer.country", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.issuer.CN", + "target_field": "zeek.x509.certificate.issuer.common_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.issuer.L", + "target_field": "zeek.x509.certificate.issuer.locality", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.issuer.O", + "target_field": "zeek.x509.certificate.issuer.organization", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.issuer.OU", + "target_field": "zeek.x509.certificate.issuer.organizational_unit", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.issuer.ST", + "target_field": "zeek.x509.certificate.issuer.state", + "ignore_missing": true + } + }, + + { + "gsub": { + "field": "zeek.x509.certificate.sub", + "pattern": "\\\\,", + "replacement": "", + "ignore_missing": true + } + }, + { + "kv": { + "field": "zeek.x509.certificate.sub", + "field_split": ",", + "value_split": "=", + "target_field": "zeek.x509.certificate.subject", + "ignore_missing": true + } + }, + { + "remove": { + "field": "zeek.x509.certificate.sub", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.subject.C", + "target_field": "zeek.x509.certificate.subject.country", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.subject.CN", + "target_field": "zeek.x509.certificate.subject.common_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.subject.L", + "target_field": "zeek.x509.certificate.subject.locality", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.subject.O", + "target_field": "zeek.x509.certificate.subject.organization", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.subject.OU", + "target_field": "zeek.x509.certificate.subject.organizational_unit", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.subject.ST", + "target_field": "zeek.x509.certificate.subject.state", + "ignore_missing": true + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/filebeat/module/zeek/x509/manifest.yml b/filebeat/module/zeek/x509/manifest.yml new file mode 100644 index 00000000000..5d3747af787 --- /dev/null +++ b/filebeat/module/zeek/x509/manifest.yml @@ -0,0 +1,17 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/x509.log + os.linux: + - /var/log/bro/current/x509.log + os.darwin: + - /usr/local/var/logs/current/x509.log + - name: tags + default: [zeek.x509] + - name: community_id + default: true + +ingest_pipeline: ingest/pipeline.json +input: config/x509.yml diff --git a/filebeat/module/zeek/x509/test/x509-json.log b/filebeat/module/zeek/x509/test/x509-json.log new file mode 100644 index 00000000000..ca7bf5a8615 --- /dev/null +++ b/filebeat/module/zeek/x509/test/x509-json.log @@ -0,0 +1 @@ +{"ts":1543867200.143484,"id":"FxZ6gZ3YR6vFlIocq3","certificate.version":3,"certificate.serial":"2D00003299D7071DB7D1708A42000000003299","certificate.subject":"CN=www.bing.com","certificate.issuer":"CN=Microsoft IT TLS CA 5,OU=Microsoft IT,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US","certificate.not_valid_before":1500572828.0,"certificate.not_valid_after":1562780828.0,"certificate.key_alg":"rsaEncryption","certificate.sig_alg":"sha256WithRSAEncryption","certificate.key_type":"rsa","certificate.key_length":2048,"certificate.exponent":"65537","san.dns":["www.bing.com","dict.bing.com.cn","*.platform.bing.com","*.bing.com","bing.com","ieonline.microsoft.com","*.windowssearch.com","cn.ieonline.microsoft.com","*.origin.bing.com","*.mm.bing.net","*.api.bing.com","ecn.dev.virtualearth.net","*.cn.bing.net","*.cn.bing.com","ssl-api.bing.com","ssl-api.bing.net","*.api.bing.net","*.bingapis.com","bingsandbox.com","feedback.microsoft.com","insertmedia.bing.office.net","r.bat.bing.com","*.r.bat.bing.com","*.dict.bing.com.cn","*.dict.bing.com","*.ssl.bing.com","*.appex.bing.com","*.platform.cn.bing.com","wp.m.bing.com","*.m.bing.com","global.bing.com","windowssearch.com","search.msn.com","*.bingsandbox.com","*.api.tiles.ditu.live.com","*.ditu.live.com","*.t0.tiles.ditu.live.com","*.t1.tiles.ditu.live.com","*.t2.tiles.ditu.live.com","*.t3.tiles.ditu.live.com","*.tiles.ditu.live.com","3d.live.com","api.search.live.com","beta.search.live.com","cnweb.search.live.com","dev.live.com","ditu.live.com","farecast.live.com","image.live.com","images.live.com","local.live.com.au","localsearch.live.com","ls4d.search.live.com","mail.live.com","mapindia.live.com","local.live.com","maps.live.com","maps.live.com.au","mindia.live.com","news.live.com","origin.cnweb.search.live.com","preview.local.live.com","search.live.com","test.maps.live.com","video.live.com","videos.live.com","virtualearth.live.com","wap.live.com","webmaster.live.com","webmasters.live.com","www.local.live.com.au","www.maps.live.com.au"]} diff --git a/filebeat/module/zeek/x509/test/x509-json.log-expected.json b/filebeat/module/zeek/x509/test/x509-json.log-expected.json new file mode 100644 index 00000000000..fff83c5969e --- /dev/null +++ b/filebeat/module/zeek/x509/test/x509-json.log-expected.json @@ -0,0 +1,110 @@ +[ + { + "@timestamp": "2018-12-03T20:00:00.143Z", + "event.dataset": "zeek.x509", + "event.id": "FxZ6gZ3YR6vFlIocq3", + "event.kind": "event", + "event.module": "zeek", + "event.type": [ + "info" + ], + "fileset.name": "x509", + "input.type": "log", + "log.offset": 0, + "service.type": "zeek", + "tags": [ + "zeek.x509" + ], + "zeek.session_id": "FxZ6gZ3YR6vFlIocq3", + "zeek.x509.certificate.exponent": "65537", + "zeek.x509.certificate.issuer.common_name": "Microsoft IT TLS CA 5", + "zeek.x509.certificate.issuer.country": "US", + "zeek.x509.certificate.issuer.locality": "Redmond", + "zeek.x509.certificate.issuer.organization": "Microsoft Corporation", + "zeek.x509.certificate.issuer.organizational_unit": "Microsoft IT", + "zeek.x509.certificate.issuer.state": "Washington", + "zeek.x509.certificate.key.algorithm": "rsaEncryption", + "zeek.x509.certificate.key.length": 2048, + "zeek.x509.certificate.key.type": "rsa", + "zeek.x509.certificate.serial": "2D00003299D7071DB7D1708A42000000003299", + "zeek.x509.certificate.signature_algorithm": "sha256WithRSAEncryption", + "zeek.x509.certificate.subject.common_name": "www.bing.com", + "zeek.x509.certificate.valid.from": "2017-07-20T17:47:08.000Z", + "zeek.x509.certificate.valid.until": "2019-07-10T17:47:08.000Z", + "zeek.x509.certificate.version": 3, + "zeek.x509.san.dns": [ + "www.bing.com", + "dict.bing.com.cn", + "*.platform.bing.com", + "*.bing.com", + "bing.com", + "ieonline.microsoft.com", + "*.windowssearch.com", + "cn.ieonline.microsoft.com", + "*.origin.bing.com", + "*.mm.bing.net", + "*.api.bing.com", + "ecn.dev.virtualearth.net", + "*.cn.bing.net", + "*.cn.bing.com", + "ssl-api.bing.com", + "ssl-api.bing.net", + "*.api.bing.net", + "*.bingapis.com", + "bingsandbox.com", + "feedback.microsoft.com", + "insertmedia.bing.office.net", + "r.bat.bing.com", + "*.r.bat.bing.com", + "*.dict.bing.com.cn", + "*.dict.bing.com", + "*.ssl.bing.com", + "*.appex.bing.com", + "*.platform.cn.bing.com", + "wp.m.bing.com", + "*.m.bing.com", + "global.bing.com", + "windowssearch.com", + "search.msn.com", + "*.bingsandbox.com", + "*.api.tiles.ditu.live.com", + "*.ditu.live.com", + "*.t0.tiles.ditu.live.com", + "*.t1.tiles.ditu.live.com", + "*.t2.tiles.ditu.live.com", + "*.t3.tiles.ditu.live.com", + "*.tiles.ditu.live.com", + "3d.live.com", + "api.search.live.com", + "beta.search.live.com", + "cnweb.search.live.com", + "dev.live.com", + "ditu.live.com", + "farecast.live.com", + "image.live.com", + "images.live.com", + "local.live.com.au", + "localsearch.live.com", + "ls4d.search.live.com", + "mail.live.com", + "mapindia.live.com", + "local.live.com", + "maps.live.com", + "maps.live.com.au", + "mindia.live.com", + "news.live.com", + "origin.cnweb.search.live.com", + "preview.local.live.com", + "search.live.com", + "test.maps.live.com", + "video.live.com", + "videos.live.com", + "virtualearth.live.com", + "wap.live.com", + "webmaster.live.com", + "webmasters.live.com", + "www.local.live.com.au", + "www.maps.live.com.au" + ] + } +] \ No newline at end of file diff --git a/filebeat/modules.d/activemq.yml.disabled b/filebeat/modules.d/activemq.yml.disabled new file mode 100644 index 00000000000..1c6728dd8c4 --- /dev/null +++ b/filebeat/modules.d/activemq.yml.disabled @@ -0,0 +1,19 @@ +# Module: activemq +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-activemq.html + +- module: activemq + # Audit logs + audit: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: + + # Application logs + log: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: diff --git a/filebeat/modules.d/aws.yml.disabled b/filebeat/modules.d/aws.yml.disabled new file mode 100644 index 00000000000..7a0da775c8d --- /dev/null +++ b/filebeat/modules.d/aws.yml.disabled @@ -0,0 +1,207 @@ +# Module: aws +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-aws.html + +- module: aws + cloudtrail: + enabled: false + + # AWS SQS queue url + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + + # Profile name for aws credential + # If not set the default profile is used + #var.credential_profile_name: fb-aws + + # Use access_key_id, secret_access_key and/or session_token instead of shared credential file + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + + # The duration that the received messages are hidden from ReceiveMessage request + # Default to be 300s + #var.visibility_timeout: 300s + + # Maximum duration before AWS API request will be interrupted + # Default to be 120s + #var.api_timeout: 120s + + # Custom endpoint used to access AWS APIs + #var.endpoint: amazonaws.com + + # AWS IAM Role to assume + #var.role_arn: arn:aws:iam::123456789012:role/test-mb + + cloudwatch: + enabled: false + + # AWS SQS queue url + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + + # Profile name for aws credential + # If not set the default profile is used + #var.credential_profile_name: fb-aws + + # Use access_key_id, secret_access_key and/or session_token instead of shared credential file + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + + # The duration that the received messages are hidden from ReceiveMessage request + # Default to be 300s + #var.visibility_timeout: 300s + + # Maximum duration before AWS API request will be interrupted + # Default to be 120s + #var.api_timeout: 120s + + # Custom endpoint used to access AWS APIs + #var.endpoint: amazonaws.com + + # AWS IAM Role to assume + #var.role_arn: arn:aws:iam::123456789012:role/test-mb + + ec2: + enabled: false + + # AWS SQS queue url + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + + # Profile name for aws credential + # If not set the default profile is used + #var.credential_profile_name: fb-aws + + # Use access_key_id, secret_access_key and/or session_token instead of shared credential file + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + + # The duration that the received messages are hidden from ReceiveMessage request + # Default to be 300s + #var.visibility_timeout: 300s + + # Maximum duration before AWS API request will be interrupted + # Default to be 120s + #var.api_timeout: 120s + + # Custom endpoint used to access AWS APIs + #var.endpoint: amazonaws.com + + # AWS IAM Role to assume + #var.role_arn: arn:aws:iam::123456789012:role/test-mb + + elb: + enabled: false + + # AWS SQS queue url + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + + # Profile name for aws credential + # If not set the default profile is used + #var.credential_profile_name: fb-aws + + # Use access_key_id, secret_access_key and/or session_token instead of shared credential file + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + + # The duration that the received messages are hidden from ReceiveMessage request + # Default to be 300s + #var.visibility_timeout: 300s + + # Maximum duration before AWS API request will be interrupted + # Default to be 120s + #var.api_timeout: 120s + + # Custom endpoint used to access AWS APIs + #var.endpoint: amazonaws.com + + # AWS IAM Role to assume + #var.role_arn: arn:aws:iam::123456789012:role/test-mb + + s3access: + enabled: false + + # AWS SQS queue url + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + + # Profile name for aws credential + # If not set the default profile is used + #var.credential_profile_name: fb-aws + + # Use access_key_id, secret_access_key and/or session_token instead of shared credential file + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + + # The duration that the received messages are hidden from ReceiveMessage request + # Default to be 300s + #var.visibility_timeout: 300s + + # Maximum duration before AWS API request will be interrupted + # Default to be 120s + #var.api_timeout: 120s + + # Custom endpoint used to access AWS APIs + #var.endpoint: amazonaws.com + + # AWS IAM Role to assume + #var.role_arn: arn:aws:iam::123456789012:role/test-mb + + vpcflow: + enabled: false + + # AWS SQS queue url + #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + + # Profile name for aws credential + # If not set the default profile is used + #var.credential_profile_name: fb-aws + + # Use access_key_id, secret_access_key and/or session_token instead of shared credential file + #var.access_key_id: access_key_id + #var.secret_access_key: secret_access_key + #var.session_token: session_token + + # The duration that the received messages are hidden from ReceiveMessage request + # Default to be 300s + #var.visibility_timeout: 300s + + # Maximum duration before AWS API request will be interrupted + # Default to be 120s + #var.api_timeout: 120s + + # Custom endpoint used to access AWS APIs + #var.endpoint: amazonaws.com + + # AWS IAM Role to assume + #var.role_arn: arn:aws:iam::123456789012:role/test-mb diff --git a/filebeat/modules.d/azure.yml.disabled b/filebeat/modules.d/azure.yml.disabled new file mode 100644 index 00000000000..0c7eb3d6e01 --- /dev/null +++ b/filebeat/modules.d/azure.yml.disabled @@ -0,0 +1,35 @@ +# Module: azure +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-azure.html + +- module: azure + # All logs + activitylogs: + enabled: true + var: + # eventhub name containing the activity logs, overwrite he default value if the logs are exported in a different eventhub + eventhub: "insights-operational-logs" + # consumer group name that has access to the event hub, we advise creating a dedicated consumer group for the azure module + consumer_group: "$Default" + # the connection string required to communicate with Event Hubs, steps to generate one here https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-get-connection-string + connection_string: "" + # the name of the storage account the state/offsets will be stored and updated + storage_account: "" + # the storage account key, this key will be used to authorize access to data in your storage account + storage_account_key: "" + + auditlogs: + enabled: false + # var: + # eventhub: "insights-logs-auditlogs" + # consumer_group: "$Default" + # connection_string: "" + # storage_account: "" + # storage_account_key: "" + signinlogs: + enabled: false + # var: + # eventhub: "insights-logs-signinlogs" + # consumer_group: "$Default" + # connection_string: "" + # storage_account: "" + # storage_account_key: "" diff --git a/filebeat/modules.d/cef.yml.disabled b/filebeat/modules.d/cef.yml.disabled new file mode 100644 index 00000000000..3da653da87f --- /dev/null +++ b/filebeat/modules.d/cef.yml.disabled @@ -0,0 +1,9 @@ +# Module: cef +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-cef.html + +- module: cef + log: + enabled: true + var: + syslog_host: localhost + syslog_port: 9003 diff --git a/filebeat/modules.d/checkpoint.yml.disabled b/filebeat/modules.d/checkpoint.yml.disabled new file mode 100644 index 00000000000..9bb681447fb --- /dev/null +++ b/filebeat/modules.d/checkpoint.yml.disabled @@ -0,0 +1,21 @@ +# Module: checkpoint +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-checkpoint.html + +- module: checkpoint + firewall: + enabled: true + + # Set which input to use between syslog (default) or file. + #var.input: syslog + + # The interface to listen to UDP based syslog traffic. Defaults to + # localhost. Set to 0.0.0.0 to bind to all available interfaces. + #var.syslog_host: localhost + + # The UDP port to listen for syslog traffic. Defaults to 9001. + #var.syslog_port: 9001 + + # Set the log level from 1 (alerts only) to 7 (include all messages). + # Messages with a log level higher than the specified will be dropped. + # See https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs-sev-level.html + #var.log_level: 7 \ No newline at end of file diff --git a/filebeat/modules.d/cisco.yml.disabled b/filebeat/modules.d/cisco.yml.disabled new file mode 100644 index 00000000000..2b2ea2461cc --- /dev/null +++ b/filebeat/modules.d/cisco.yml.disabled @@ -0,0 +1,56 @@ +# Module: cisco +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-cisco.html + +- module: cisco + asa: + enabled: true + + # Set which input to use between syslog (default) or file. + #var.input: syslog + + # The interface to listen to UDP based syslog traffic. Defaults to + # localhost. Set to 0.0.0.0 to bind to all available interfaces. + #var.syslog_host: localhost + + # The UDP port to listen for syslog traffic. Defaults to 9001. + #var.syslog_port: 9001 + + # Set the log level from 1 (alerts only) to 7 (include all messages). + # Messages with a log level higher than the specified will be dropped. + # See https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs-sev-level.html + #var.log_level: 7 + + ftd: + enabled: true + + # Set which input to use between syslog (default) or file. + #var.input: syslog + + # The interface to listen to UDP based syslog traffic. Defaults to + # localhost. Set to 0.0.0.0 to bind to all available interfaces. + #var.syslog_host: localhost + + # The UDP port to listen for syslog traffic. Defaults to 9003. + #var.syslog_port: 9003 + + # Set the log level from 1 (alerts only) to 7 (include all messages). + # Messages with a log level higher than the specified will be dropped. + # See https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/b_fptd_syslog_guide/syslogs-sev-level.html + #var.log_level: 7 + + ios: + enabled: true + + # Set which input to use between syslog (default) or file. + #var.input: syslog + + # The interface to listen to UDP based syslog traffic. Defaults to + # localhost. Set to 0.0.0.0 to bind to all available interfaces. + #var.syslog_host: localhost + + # The UDP port to listen for syslog traffic. Defaults to 9002. + #var.syslog_port: 9002 + + # Set custom paths for the log files when using file input. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: diff --git a/filebeat/modules.d/coredns.yml.disabled b/filebeat/modules.d/coredns.yml.disabled new file mode 100644 index 00000000000..d4a871455fd --- /dev/null +++ b/filebeat/modules.d/coredns.yml.disabled @@ -0,0 +1,11 @@ +# Module: coredns +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-coredns.html + +- module: coredns + # Fileset for native deployment + log: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: diff --git a/filebeat/modules.d/crowdstrike.yml.disabled b/filebeat/modules.d/crowdstrike.yml.disabled new file mode 100644 index 00000000000..a51bf2818a1 --- /dev/null +++ b/filebeat/modules.d/crowdstrike.yml.disabled @@ -0,0 +1,11 @@ +# Module: crowdstrike +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-crowdstrike.html + +- module: crowdstrike + + falcon: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: diff --git a/filebeat/modules.d/envoyproxy.yml.disabled b/filebeat/modules.d/envoyproxy.yml.disabled new file mode 100644 index 00000000000..a46cf279282 --- /dev/null +++ b/filebeat/modules.d/envoyproxy.yml.disabled @@ -0,0 +1,11 @@ +# Module: envoyproxy +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-envoyproxy.html + +- module: envoyproxy + # Fileset for native deployment + log: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: diff --git a/filebeat/modules.d/googlecloud.yml.disabled b/filebeat/modules.d/googlecloud.yml.disabled new file mode 100644 index 00000000000..9bf81802677 --- /dev/null +++ b/filebeat/modules.d/googlecloud.yml.disabled @@ -0,0 +1,57 @@ +# Module: googlecloud +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-googlecloud.html + +- module: googlecloud + vpcflow: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be + # configured to use this topic as a sink for VPC flow logs. + var.topic: googlecloud-vpc-flowlogs + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + firewall: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: googlecloud-vpc-firewall + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-googlecloud-firewall-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + audit: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: googlecloud-vpc-audit + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-googlecloud-audit + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json diff --git a/filebeat/modules.d/ibmmq.yml.disabled b/filebeat/modules.d/ibmmq.yml.disabled new file mode 100644 index 00000000000..0acfa0b0bce --- /dev/null +++ b/filebeat/modules.d/ibmmq.yml.disabled @@ -0,0 +1,11 @@ +# Module: ibmmq +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-ibmmq.html + +- module: ibmmq + # All logs + errorlog: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: diff --git a/filebeat/modules.d/iptables.yml.disabled b/filebeat/modules.d/iptables.yml.disabled new file mode 100644 index 00000000000..833fd91537b --- /dev/null +++ b/filebeat/modules.d/iptables.yml.disabled @@ -0,0 +1,13 @@ +# Module: iptables +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-iptables.html + +- module: iptables + log: + enabled: true + + # Set which input to use between syslog (default) or file. + #var.input: + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: diff --git a/filebeat/modules.d/misp.yml.disabled b/filebeat/modules.d/misp.yml.disabled new file mode 100644 index 00000000000..0299a64eb6d --- /dev/null +++ b/filebeat/modules.d/misp.yml.disabled @@ -0,0 +1,20 @@ +# Module: misp +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-misp.html + +- module: misp + threat: + enabled: true + # API key to access MISP + #var.api_key + + # Array object in MISP response + #var.json_objects_array + + # URL of the MISP REST API + #var.url + + # You can also pass SSL options. For example: + #var.ssl: |- + # { + # verification_mode: none + # } diff --git a/filebeat/modules.d/mssql.yml.disabled b/filebeat/modules.d/mssql.yml.disabled new file mode 100644 index 00000000000..5e03b661da8 --- /dev/null +++ b/filebeat/modules.d/mssql.yml.disabled @@ -0,0 +1,11 @@ +# Module: mssql +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-mssql.html + +- module: mssql + # Fileset for native deployment + log: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: diff --git a/filebeat/modules.d/netflow.yml.disabled b/filebeat/modules.d/netflow.yml.disabled new file mode 100644 index 00000000000..522307d7e71 --- /dev/null +++ b/filebeat/modules.d/netflow.yml.disabled @@ -0,0 +1,9 @@ +# Module: netflow +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-netflow.html + +- module: netflow + log: + enabled: true + var: + netflow_host: localhost + netflow_port: 2055 diff --git a/filebeat/modules.d/o365.yml.disabled b/filebeat/modules.d/o365.yml.disabled new file mode 100644 index 00000000000..af65cc45d22 --- /dev/null +++ b/filebeat/modules.d/o365.yml.disabled @@ -0,0 +1,48 @@ +# Module: o365 +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-o365.html + +- module: o365 + audit: + enabled: true + + # Set the application_id (also known as client ID): + var.application_id: "" + + # Configure the tenants to monitor: + # Use the tenant ID (also known as directory ID) and the domain name. + # var.tenants: + # - id: "tenant_id_1" + # name: "mydomain.onmicrosoft.com" + # - id: "tenant_id_2" + # name: "mycompany.com" + var.tenants: + - id: "" + name: "mytenant.onmicrosoft.com" + + # List of content-types to fetch. By default all known content-types + # are retrieved: + # var.content_type: + # - "Audit.AzureActiveDirectory" + # - "Audit.Exchange" + # - "Audit.SharePoint" + # - "Audit.General" + # - "DLP.All" + + # Use the following settings to enable certificate-based authentication: + # var.certificate: "/path/to/certificate.pem" + # var.key: "/path/to/private_key.pem" + # var.key_passphrase: "myPrivateKeyPassword" + + # Client-secret based authentication: + # Comment the following line if using certificate authentication. + var.client_secret: "" + + # Advanced settings, use with care: + # var.api: + # # Settings for custom endpoints: + # authentication_endpoint: "https://login.microsoftonline.us/" + # resource: "https://manage.office365.us" + # + # max_retention: 7d + # max_requests_per_minute: 2000 + # poll_interval: 3m diff --git a/filebeat/modules.d/okta.yml.disabled b/filebeat/modules.d/okta.yml.disabled new file mode 100644 index 00000000000..19e2a1ad8f2 --- /dev/null +++ b/filebeat/modules.d/okta.yml.disabled @@ -0,0 +1,17 @@ +# Module: okta +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-okta.html + +- module: okta + system: + enabled: true + # API key to access Okta + #var.api_key + + # URL of the Okta REST API + #var.url + + # Disable SSL verification + #var.ssl: |- + # { + # "verification_mode": "none" + # } diff --git a/filebeat/modules.d/panw.yml.disabled b/filebeat/modules.d/panw.yml.disabled new file mode 100644 index 00000000000..a16d9580ac1 --- /dev/null +++ b/filebeat/modules.d/panw.yml.disabled @@ -0,0 +1,13 @@ +# Module: panw +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-panw.html + +- module: panw + panos: + enabled: true + + # Set which input to use between syslog (default) or file. + #var.input: + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: diff --git a/filebeat/modules.d/rabbitmq.yml.disabled b/filebeat/modules.d/rabbitmq.yml.disabled new file mode 100644 index 00000000000..c446834f99e --- /dev/null +++ b/filebeat/modules.d/rabbitmq.yml.disabled @@ -0,0 +1,11 @@ +# Module: rabbitmq +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-rabbitmq.html + +- module: rabbitmq + # All logs + log: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: ["/var/log/rabbitmq/rabbit@localhost.log*"] diff --git a/filebeat/modules.d/suricata.yml.disabled b/filebeat/modules.d/suricata.yml.disabled new file mode 100644 index 00000000000..d710dac848f --- /dev/null +++ b/filebeat/modules.d/suricata.yml.disabled @@ -0,0 +1,11 @@ +# Module: suricata +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-suricata.html + +- module: suricata + # All logs + eve: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: diff --git a/filebeat/modules.d/zeek.yml.disabled b/filebeat/modules.d/zeek.yml.disabled new file mode 100644 index 00000000000..3d6988701c0 --- /dev/null +++ b/filebeat/modules.d/zeek.yml.disabled @@ -0,0 +1,84 @@ +# Module: zeek +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-zeek.html + +- module: zeek + capture_loss: + enabled: true + connection: + enabled: true + dce_rpc: + enabled: true + dhcp: + enabled: true + dnp3: + enabled: true + dns: + enabled: true + dpd: + enabled: true + files: + enabled: true + ftp: + enabled: true + http: + enabled: true + intel: + enabled: true + irc: + enabled: true + kerberos: + enabled: true + modbus: + enabled: true + mysql: + enabled: true + notice: + enabled: true + ntlm: + enabled: true + ocsp: + enabled: true + pe: + enabled: true + radius: + enabled: true + rdp: + enabled: true + rfb: + enabled: true + signatures: + enabled: true + sip: + enabled: true + smb_cmd: + enabled: true + smb_files: + enabled: true + smb_mapping: + enabled: true + smtp: + enabled: true + snmp: + enabled: true + socks: + enabled: true + ssh: + enabled: true + ssl: + enabled: true + stats: + enabled: true + syslog: + enabled: true + traceroute: + enabled: true + tunnel: + enabled: true + weird: + enabled: true + x509: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: diff --git a/filebeat/processors/decode_cef/_meta/fields.yml b/filebeat/processors/decode_cef/_meta/fields.yml new file mode 100644 index 00000000000..64b0a32cd02 --- /dev/null +++ b/filebeat/processors/decode_cef/_meta/fields.yml @@ -0,0 +1,758 @@ +- key: cef + title: Decode CEF processor fields + description: > + Common Event Format (CEF) data. + fields: + - name: cef + type: group + description: > + By default the `decode_cef` processor writes all data from the CEF + message to this `cef` object. It contains the CEF header fields and the + extension data. + fields: + - name: version + type: keyword + description: > + Version of the CEF specification used by the message. + + - name: device.vendor + type: keyword + description: > + Vendor of the device that produced the message. + + - name: device.product + type: keyword + description: > + Product of the device that produced the message. + + - name: device.version + type: keyword + description: > + Version of the product that produced the message. + + - name: device.event_class_id + type: keyword + description: > + Unique identifier of the event type. + + - name: severity + type: keyword + example: Very-High + description: > + Importance of the event. The valid string values are Unknown, Low, + Medium, High, and Very-High. The valid integer values are 0-3=Low, + 4-6=Medium, 7- 8=High, and 9-10=Very-High. + + - name: name + type: keyword + description: > + Short description of the event. + + - name: extensions + type: group + description: > + Collection of key-value pairs carried in the CEF extension field. + default_field: false + fields: + - name: agentAddress + type: ip + description: The IP address of the ArcSight connector that processed the event. + + - name: agentDnsDomain + type: keyword + description: The DNS domain name of the ArcSight connector that processed the event. + + - name: agentHostName + type: keyword + description: The hostname of the ArcSight connector that processed the event. + + - name: agentId + type: keyword + description: The agent ID of the ArcSight connector that processed the event. + + - name: agentMacAddress + type: keyword + description: The MAC address of the ArcSight connector that processed the event. + + - name: agentNtDomain + type: keyword + description: + + - name: agentReceiptTime + type: date + description: The time at which information about the event was received by the ArcSight connector. + + - name: agentTimeZone + type: keyword + description: The agent time zone of the ArcSight connector that processed the event. + + - name: agentTranslatedAddress + type: ip + description: + + - name: agentTranslatedZoneExternalID + type: keyword + description: + + - name: agentTranslatedZoneURI + type: keyword + description: + + - name: agentType + type: keyword + description: The agent type of the ArcSight connector that processed the event + + - name: agentVersion + type: keyword + description: The version of the ArcSight connector that processed the event. + + - name: agentZoneExternalID + type: keyword + description: + + - name: agentZoneURI + type: keyword + description: + + - name: applicationProtocol + type: keyword + description: Application level protocol, example values are HTTP, HTTPS, SSHv2, Telnet, POP, IMPA, IMAPS, and so on. + + - name: baseEventCount + type: long + description: A count associated with this event. How many times was this same event observed? Count can be omitted if it is 1. + + - name: bytesIn + type: long + description: Number of bytes transferred inbound, relative to the source to destination relationship, meaning that data was flowing from source to destination. + + - name: bytesOut + type: long + description: Number of bytes transferred outbound relative to the source to destination relationship. For example, the byte number of data flowing from the destination to the source. + + - name: customerExternalID + type: keyword + description: + + - name: customerURI + type: keyword + description: + + - name: destinationAddress + type: ip + description: Identifies the destination address that the event refers to in an IP network. The format is an IPv4 address. + + - name: destinationDnsDomain + type: keyword + description: The DNS domain part of the complete fully qualified domain name (FQDN). + + - name: destinationGeoLatitude + type: double + description: The latitudinal value from which the destination's IP address belongs. + + - name: destinationGeoLongitude + type: double + description: The longitudinal value from which the destination's IP address belongs. + + - name: destinationHostName + type: keyword + description: Identifies the destination that an event refers to in an IP network. The format should be a fully qualified domain name (FQDN) associated with the destination node, when a node is available. + + - name: destinationMacAddress + type: keyword + description: Six colon-seperated hexadecimal numbers. + + - name: destinationNtDomain + type: keyword + description: The Windows domain name of the destination address. + + - name: destinationPort + type: long + description: The valid port numbers are between 0 and 65535. + + - name: destinationProcessId + type: long + description: Provides the ID of the destination process associated with the event. For example, if an event contains process ID 105, "105" is the process ID. + + - name: destinationProcessName + type: keyword + description: The name of the event's destination process. + + - name: destinationServiceName + type: keyword + description: The service targeted by this event. + + - name: destinationTranslatedAddress + type: ip + description: Identifies the translated destination that the event refers to in an IP network. + + - name: destinationTranslatedPort + type: long + description: Port after it was translated; for example, a firewall. Valid port numbers are 0 to 65535. + + - name: destinationTranslatedZoneExternalID + type: keyword + description: + + - name: destinationTranslatedZoneURI + type: keyword + description: The URI for the Translated Zone that the destination asset has been assigned to in ArcSight. + + - name: destinationUserId + type: keyword + description: Identifies the destination user by ID. For example, in UNIX, the root user is generally associated with user ID 0. + + - name: destinationUserName + type: keyword + description: Identifies the destination user by name. This is the user associated with the event's destination. Email addresses are often mapped into the UserName fields. The recipient is a candidate to put into this field. + + - name: destinationUserPrivileges + type: keyword + description: The typical values are "Administrator", "User", and "Guest". This identifies the destination user's privileges. In UNIX, for example, activity executed on the root user would be identified with destinationUser Privileges of "Administrator". + + - name: destinationZoneExternalID + type: keyword + description: + + - name: destinationZoneURI + type: keyword + description: The URI for the Zone that the destination asset has been assigned to in ArcSight. + + - name: deviceAction + type: keyword + description: Action taken by the device. + + - name: deviceAddress + type: ip + description: Identifies the device address that an event refers to in an IP network. + + - name: deviceCustomFloatingPoint1Label + type: keyword + description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. + + - name: deviceCustomFloatingPoint3Label + type: keyword + description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. + + - name: deviceCustomFloatingPoint4Label + type: keyword + description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. + + - name: deviceCustomDate1 + type: date + description: One of two timestamp fields available to map fields that do not apply to any other in this dictionary. + + - name: deviceCustomDate1Label + type: keyword + description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. + + - name: deviceCustomDate2 + type: date + description: One of two timestamp fields available to map fields that do not apply to any other in this dictionary. + + - name: deviceCustomDate2Label + type: keyword + description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. + + - name: deviceCustomFloatingPoint1 + type: double + description: One of four floating point fields available to map fields that do not apply to any other in this dictionary. + + - name: deviceCustomFloatingPoint2 + type: double + description: One of four floating point fields available to map fields that do not apply to any other in this dictionary. + + - name: deviceCustomFloatingPoint2Label + type: keyword + description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. + + - name: deviceCustomFloatingPoint3 + type: double + description: One of four floating point fields available to map fields that do not apply to any other in this dictionary. + + - name: deviceCustomFloatingPoint4 + type: double + description: One of four floating point fields available to map fields that do not apply to any other in this dictionary. + + - name: deviceCustomIPv6Address1 + type: ip + description: One of four IPv6 address fields available to map fields that do not apply to any other in this dictionary. + + - name: deviceCustomIPv6Address1Label + type: keyword + description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. + + - name: deviceCustomIPv6Address2 + type: ip + description: One of four IPv6 address fields available to map fields that do not apply to any other in this dictionary. + + - name: deviceCustomIPv6Address2Label + type: keyword + description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. + + - name: deviceCustomIPv6Address3 + type: ip + description: One of four IPv6 address fields available to map fields that do not apply to any other in this dictionary. + + - name: deviceCustomIPv6Address3Label + type: keyword + description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. + + - name: deviceCustomIPv6Address4 + type: ip + description: One of four IPv6 address fields available to map fields that do not apply to any other in this dictionary. + + - name: deviceCustomIPv6Address4Label + type: keyword + description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. + + - name: deviceCustomNumber1 + type: long + description: One of three number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. + + - name: deviceCustomNumber1Label + type: keyword + description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. + + - name: deviceCustomNumber2 + type: long + description: One of three number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. + + - name: deviceCustomNumber2Label + type: keyword + description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. + + - name: deviceCustomNumber3 + type: long + description: One of three number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. + + - name: deviceCustomNumber3Label + type: keyword + description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. + + - name: deviceCustomString1 + type: keyword + description: One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. + + - name: deviceCustomString1Label + type: keyword + description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. + + - name: deviceCustomString2 + type: keyword + description: One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. + + - name: deviceCustomString2Label + type: keyword + description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. + + - name: deviceCustomString3 + type: keyword + description: One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. + + - name: deviceCustomString3Label + type: keyword + description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. + + - name: deviceCustomString4 + type: keyword + description: One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. + + - name: deviceCustomString4Label + type: keyword + description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. + + - name: deviceCustomString5 + type: keyword + description: One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. + + - name: deviceCustomString5Label + type: keyword + description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. + + - name: deviceCustomString6 + type: keyword + description: One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. + + - name: deviceCustomString6Label + type: keyword + description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. + + - name: deviceDirection + type: long + description: Any information about what direction the observed communication has taken. The following values are supported - "0" for inbound or "1" for outbound. + + - name: deviceDnsDomain + type: keyword + description: The DNS domain part of the complete fully qualified domain name (FQDN). + + - name: deviceEventCategory + type: keyword + description: Represents the category assigned by the originating device. Devices often use their own categorization schema to classify event. Example "/Monitor/Disk/Read". + + - name: deviceExternalId + type: keyword + description: A name that uniquely identifies the device generating this event. + + - name: deviceFacility + type: keyword + description: The facility generating this event. For example, Syslog has an explicit facility associated with every event. + + - name: deviceFlexNumber1 + type: long + description: One of two alternative number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. + + - name: deviceFlexNumber1Label + type: keyword + description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. + + - name: deviceFlexNumber2 + type: long + description: One of two alternative number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. + + - name: deviceFlexNumber2Label + type: keyword + description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. + + - name: deviceHostName + type: keyword + description: The format should be a fully qualified domain name (FQDN) associated with the device node, when a node is available. + + - name: deviceInboundInterface + type: keyword + description: Interface on which the packet or data entered the device. + + - name: deviceMacAddress + type: keyword + description: Six colon-separated hexadecimal numbers. + + - name: deviceNtDomain + type: keyword + description: The Windows domain name of the device address. + + - name: deviceOutboundInterface + type: keyword + description: Interface on which the packet or data left the device. + + - name: devicePayloadId + type: keyword + description: Unique identifier for the payload associated with the event. + + - name: deviceProcessId + type: long + description: Provides the ID of the process on the device generating the event. + + - name: deviceProcessName + type: keyword + description: Process name associated with the event. An example might be the process generating the syslog entry in UNIX. + + - name: deviceReceiptTime + type: date + description: The time at which the event related to the activity was received. The format is MMM dd yyyy HH:mm:ss or milliseconds since epoch (Jan 1st 1970) + + - name: deviceTimeZone + type: keyword + description: The timezone for the device generating the event. + + - name: deviceTranslatedAddress + type: ip + description: Identifies the translated device address that the event refers to in an IP network. + + - name: deviceTranslatedZoneExternalID + type: keyword + description: + + - name: deviceTranslatedZoneURI + type: keyword + description: The URI for the Translated Zone that the device asset has been assigned to in ArcSight. + + - name: deviceZoneExternalID + type: keyword + description: + + - name: deviceZoneURI + type: keyword + description: Thee URI for the Zone that the device asset has been assigned to in ArcSight. + + - name: endTime + type: date + description: The time at which the activity related to the event ended. The format is MMM dd yyyy HH:mm:ss or milliseconds since epoch (Jan 1st1970). An example would be reporting the end of a session. + + - name: eventId + type: long + description: This is a unique ID that ArcSight assigns to each event. + + - name: eventOutcome + type: keyword + description: Displays the outcome, usually as 'success' or 'failure'. + + - name: externalId + type: keyword + description: The ID used by an originating device. They are usually increasing numbers, associated with events. + + - name: fileCreateTime + type: date + description: Time when the file was created. + + - name: fileHash + type: keyword + description: Hash of a file. + + - name: fileId + type: keyword + description: An ID associated with a file could be the inode. + + - name: fileModificationTime + type: date + description: Time when the file was last modified. + + - name: filename + type: keyword + description: Name of the file only (without its path). + + - name: filePath + type: keyword + description: Full path to the file, including file name itself. + + - name: filePermission + type: keyword + description: Permissions of the file. + + - name: fileSize + type: long + description: Size of the file. + + - name: fileType + type: keyword + description: Type of file (pipe, socket, etc.) + + - name: flexDate1 + type: date + description: A timestamp field available to map a timestamp that does not apply to any other defined timestamp field in this dictionary. Use all flex fields sparingly and seek a more specific, dictionary supplied field when possible. These fields are typically reserved for customer use and should not be set by vendors unless necessary. + + - name: flexDate1Label + type: keyword + description: The label field is a string and describes the purpose of the flex field. + + - name: flexString1 + type: keyword + description: One of four floating point fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. These fields are typically reserved for customer use and should not be set by vendors unless necessary. + + - name: flexString2 + type: keyword + description: One of four floating point fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. These fields are typically reserved for customer use and should not be set by vendors unless necessary. + + - name: flexString1Label + type: keyword + description: The label field is a string and describes the purpose of the flex field. + + - name: flexString2Label + type: keyword + description: The label field is a string and describes the purpose of the flex field. + + - name: message + type: keyword + description: An arbitrary message giving more details about the event. Multi-line entries can be produced by using \n as the new line separator. + + - name: oldFileCreateTime + type: date + description: Time when old file was created. + + - name: oldFileHash + type: keyword + description: Hash of the old file. + + - name: oldFileId + type: keyword + description: An ID associated with the old file could be the inode. + + - name: oldFileModificationTime + type: date + description: Time when old file was last modified. + + - name: oldFileName + type: keyword + description: Name of the old file. + + - name: oldFilePath + type: keyword + description: Full path to the old file, including the file name itself. + + - name: oldFilePermission + type: keyword + description: Permissions of the old file. + + - name: oldFileSize + type: long + description: Size of the old file. + + - name: oldFileType + type: keyword + description: Type of the old file (pipe, socket, etc.) + + - name: rawEvent + type: keyword + description: + + - name: Reason + type: keyword + description: The reason an audit event was generated. For example "bad password" or "unknown user". This could also be an error or return code. Example "0x1234". + + - name: requestClientApplication + type: keyword + description: The User-Agent associated with the request. + + - name: requestContext + type: keyword + description: Description of the content from which the request originated (for example, HTTP Referrer) + + - name: requestCookies + type: keyword + description: Cookies associated with the request. + + - name: requestMethod + type: keyword + description: The HTTP method used to access a URL. + + - name: requestUrl + type: keyword + description: In the case of an HTTP request, this field contains the URL accessed. The URL should contain the protocol as well. + + - name: sourceAddress + type: ip + description: Identifies the source that an event refers to in an IP network. + + - name: sourceDnsDomain + type: keyword + description: The DNS domain part of the complete fully qualified domain name (FQDN). + + - name: sourceGeoLatitude + type: double + description: + + - name: sourceGeoLongitude + type: double + description: + + - name: sourceHostName + type: keyword + description: > + Identifies the source that an event refers to in an IP network. + The format should be a fully qualified domain name (FQDN) associated with the source node, when a + mode is available. Examples: 'host' or 'host.domain.com'. + + - name: sourceMacAddress + type: keyword + example: "00:0d:60:af:1b:61" + description: Six colon-separated hexadecimal numbers. + + - name: sourceNtDomain + type: keyword + description: The Windows domain name for the source address. + + - name: sourcePort + type: long + description: The valid port numbers are 0 to 65535. + + - name: sourceProcessId + type: long + description: The ID of the source process associated with the event. + + - name: sourceProcessName + type: keyword + description: The name of the event's source process. + + - name: sourceServiceName + type: keyword + description: The service that is responsible for generating this event. + + - name: sourceTranslatedAddress + type: ip + description: Identifies the translated source that the event refers to in an IP network. + + - name: sourceTranslatedPort + type: long + description: A port number after being translated by, for example, a firewall. Valid port numbers are 0 to 65535. + + - name: sourceTranslatedZoneExternalID + type: keyword + description: + + - name: sourceTranslatedZoneURI + type: keyword + description: The URI for the Translated Zone that the destination asset has been assigned to in ArcSight. + + - name: sourceUserId + type: keyword + description: Identifies the source user by ID. This is the user associated with the source of the event. For example, in UNIX, the root user is generally associated with user ID 0. + + - name: sourceUserName + type: keyword + description: Identifies the source user by name. Email addresses are also mapped into the UserName fields. The sender is a candidate to put into this field. + + - name: sourceUserPrivileges + type: keyword + description: The typical values are "Administrator", "User", and "Guest". It identifies the source user's privileges. In UNIX, for example, activity executed by the root user would be identified with "Administrator". + + - name: sourceZoneExternalID + type: keyword + description: + + - name: sourceZoneURI + type: keyword + description: The URI for the Zone that the source asset has been assigned to in ArcSight. + + - name: startTime + type: date + description: The time when the activity the event referred to started. The format is MMM dd yyyy HH:mm:ss or milliseconds since epoch (Jan 1st 1970) + + - name: transportProtocol + type: keyword + description: Identifies the Layer-4 protocol used. The possible values are protocols such as TCP or UDP. + + - name: type + type: long + description: 0 means base event, 1 means aggregated, 2 means correlation, and 3 means action. This field can be omitted for base events (type 0). + + # ArcSight fields. + - name: categoryDeviceType + type: keyword + description: Device type. Examples - Proxy, IDS, Web Server + + - name: categoryObject + type: keyword + description: Object that the event is about. For example it can be an operating sytem, database, file, etc. + + - name: categoryBehavior + type: keyword + description: Action or a behavior associated with an event. It's what is being done to the object. + + - name: categoryTechnique + type: keyword + description: Technique being used (e.g. /DoS). + + - name: categoryDeviceGroup + type: keyword + description: General device group like Firewall. + + - name: categorySignificance + type: keyword + description: Characterization of the importance of the event. + + - name: categoryOutcome + type: keyword + description: Outcome of the event (e.g. sucess, failure, or attempt). + + - name: managerReceiptTime + type: date + description: When the Arcsight ESM received the event. + + - name: source.service.name + type: keyword + description: + Service that is the source of the event. + + - name: destination.service.name + type: keyword + description: + Service that is the target of the event. diff --git a/filebeat/processors/decode_cef/cef/.gitignore b/filebeat/processors/decode_cef/cef/.gitignore new file mode 100644 index 00000000000..e92895af780 --- /dev/null +++ b/filebeat/processors/decode_cef/cef/.gitignore @@ -0,0 +1,2 @@ +cef.svg +*.dot diff --git a/filebeat/processors/decode_cef/cef/cef.go b/filebeat/processors/decode_cef/cef/cef.go new file mode 100644 index 00000000000..e3bc284cd9c --- /dev/null +++ b/filebeat/processors/decode_cef/cef/cef.go @@ -0,0 +1,183 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package cef + +import ( + "strings" + + "github.com/pkg/errors" + "go.uber.org/multierr" +) + +// Parser is generated from a ragel state machine using the following command: +//go:generate ragel -Z -G1 cef.rl -o parser.go +//go:generate goimports -l -w parser.go +// +// Run go vet and remove any unreachable code in the generated parser.go. +// The go generator outputs duplicated goto statements sometimes. +// +// An SVG rendering of the state machine can be viewed by opening cef.svg in +// Chrome / Firefox. +//go:generate ragel -V -p cef.rl -o cef.dot +//go:generate dot -T svg cef.dot -o cef.svg + +// Field is CEF extension field value. +type Field struct { + String string // Raw value. + Type DataType // Data type from CEF guide. + Interface interface{} // Converted value. +} + +// Event is a single CEF message. +type Event struct { + // CEF version. + Version int `json:"version"` + + // Vendor of the sending device. + DeviceVendor string `json:"device_vendor"` + + // Product of the sending device. + DeviceProduct string `json:"device_product"` + + // Version of the sending device. + DeviceVersion string `json:"device_version"` + + // Device Event Class ID identifies the type of event reported + DeviceEventClassID string `json:"device_event_class_id"` + + // Human-readable and understandable description of the event. + Name string `json:"name"` + + // Importance of the event. The valid string values are Unknown, Low, + // Medium, High, and Very-High. The valid integer values are 0-3=Low, + // 4-6=Medium, 7- 8=High, and 9-10=Very-High. + Severity string `json:"severity"` + + // Extensions is a collection of key-value pairs. The keys are part of a + // predefined set. The standard allows for including additional keys as + // outlined in "ArcSight Extension Directory". An event can contain any + // number of key-value pairs in any order. + Extensions map[string]*Field `json:"extensions,omitempty"` +} + +func (e *Event) init(data string) { + e.Version = -1 + e.DeviceVendor = "" + e.DeviceProduct = "" + e.DeviceVersion = "" + e.DeviceEventClassID = "" + e.Name = "" + e.Severity = "" + e.Extensions = nil + + // Estimate length of the extensions. But limit the allocation because + // it's based on user input. This doesn't account for escaped equals. + if n := strings.Count(data, "="); n > 0 { + const maxLen = 50 + if n <= maxLen { + e.Extensions = make(map[string]*Field, n) + } else { + e.Extensions = make(map[string]*Field, maxLen) + } + } +} + +func (e *Event) pushExtension(key, value string) { + if e.Extensions == nil { + e.Extensions = map[string]*Field{} + } + field := &Field{String: value} + e.Extensions[key] = field +} + +// Unpack unpacks a common event format (CEF) message. The data is expected to +// be UTF-8 encoded and must begin with the CEF message header (e.g. starts +// with "CEF:"). +// +// The CEF message consists of a header followed by a series of key-value pairs. +// +// CEF:Version|Device Vendor|Device Product|Device Version|Device Event Class ID|Name|Severity|[Extension] +// +// The header is a series of pipe delimited values. If a pipe (|) is used in a +// header value, it has to be escaped with a backslash (\). If a backslash is +// used is must be escaped with another backslash. +// +// The extension contains key-value pairs. The equals sign (=) separates each +// key from value. And key-value pairs are separated by a single space +// (e.g. "src=1.2.3.4 dst=8.8.8.8"). If an equals sign is used as part of the +// value then it must be escaped with a backslash (\). If a backslash is used is +// must be escaped with another backslash. +// +// Extension keys must begin with an alphanumeric or underscore (_) character +// and may contain alphanumeric, underscore (_), period (.), comma (,), and +// brackets ([) (]). This is less strict than the CEF specification, but aligns +// the key names used in practice. +func (e *Event) Unpack(data string, opts ...Option) error { + var settings Settings + for _, opt := range opts { + opt.Apply(&settings) + } + + var errs []error + var err error + if err = e.unpack(data); err != nil { + errs = append(errs, err) + } + + for key, field := range e.Extensions { + mapping, found := extensionMappingLowerCase[strings.ToLower(key)] + if !found { + continue + } + + // Mark the data type and do the actual conversion. + field.Type = mapping.Type + field.Interface, err = ToType(field.String, mapping.Type) + if err != nil { + // Drop the key because the field value is invalid. + delete(e.Extensions, key) + errs = append(errs, errors.Wrapf(err, "error in field '%v'", key)) + continue + } + + // Rename extension. + if settings.fullExtensionNames && key != mapping.Target { + e.Extensions[mapping.Target] = field + delete(e.Extensions, key) + } + } + + return multierr.Combine(errs...) +} + +const ( + backslash = `\` + escapedBackslash = `\\` + + pipe = `|` + escapedPipe = `\|` + + equalsSign = `=` + escapedEqualsSign = `\=` +) + +var ( + headerEscapes = strings.NewReplacer(escapedBackslash, backslash, escapedPipe, pipe) + extensionEscapes = strings.NewReplacer(escapedBackslash, backslash, escapedEqualsSign, equalsSign) +) + +func replaceHeaderEscapes(b string) string { + if strings.Index(b, escapedBackslash) != -1 || strings.Index(b, escapedPipe) != -1 { + return headerEscapes.Replace(b) + } + return b +} + +func replaceExtensionEscapes(b string) string { + if strings.Index(b, escapedBackslash) != -1 || strings.Index(b, escapedEqualsSign) != -1 { + return extensionEscapes.Replace(b) + } + return b +} diff --git a/filebeat/processors/decode_cef/cef/cef.rl b/filebeat/processors/decode_cef/cef/cef.rl new file mode 100644 index 00000000000..a34ced7d87f --- /dev/null +++ b/filebeat/processors/decode_cef/cef/cef.rl @@ -0,0 +1,159 @@ +// Code generated by ragel DO NOT EDIT. +package cef + +import ( + "fmt" + "strconv" + + "go.uber.org/multierr" +) + +%%{ + machine cef; + write data; + variable p p; + variable pe pe; +}%% + +// unpack unpacks a CEF message. +func (e *Event) unpack(data string) error { + cs, p, pe, eof := 0, 0, len(data), len(data) + mark := 0 + + // Extension key. + var extKey string + + // Extension value start and end indices. + extValueStart, extValueEnd := 0, 0 + + // recoveredErrs are problems with the message that the parser was able to + // recover from (though the parsing might not be "correct"). + var recoveredErrs []error + + e.init(data) + + %%{ + # Actions to execute while executing state machine. + action mark { + mark = p + } + action version { + e.Version, _ = strconv.Atoi(data[mark:p]) + } + action device_vendor { + e.DeviceVendor = replaceHeaderEscapes(data[mark:p]) + } + action device_product { + e.DeviceProduct = replaceHeaderEscapes(data[mark:p]) + } + action device_version { + e.DeviceVersion = replaceHeaderEscapes(data[mark:p]) + } + action device_event_class_id { + e.DeviceEventClassID = replaceHeaderEscapes(data[mark:p]) + } + action name { + e.Name = replaceHeaderEscapes(data[mark:p]) + } + action severity { + e.Severity = data[mark:p] + } + action extension_key { + // A new extension key marks the end of the last extension value. + if len(extKey) > 0 && extValueStart <= mark - 1 { + e.pushExtension(extKey, replaceExtensionEscapes(data[extValueStart:mark-1])) + extKey, extValueStart, extValueEnd = "", 0, 0 + } + extKey = data[mark:p] + } + action extension_value_start { + extValueStart = p; + extValueEnd = p + } + action extension_value_mark { + extValueEnd = p+1 + } + action extension_eof { + // Reaching the EOF marks the end of the final extension value. + if len(extKey) > 0 && extValueStart <= extValueEnd { + e.pushExtension(extKey, replaceExtensionEscapes(data[extValueStart:extValueEnd])) + extKey, extValueStart, extValueEnd = "", 0, 0 + } + } + action extension_err { + recoveredErrs = append(recoveredErrs, fmt.Errorf("malformed value for %s at pos %d", extKey, p+1)) + fhold; fgoto gobble_extension; + } + action recover_next_extension { + extKey, extValueStart, extValueEnd = "", 0, 0 + // Resume processing at p, the start of the next extension key. + p = mark; + fgoto extensions; + } + + # Define what header characters are allowed. + pipe = "|"; + escape = "\\"; + escape_pipe = escape pipe; + backslash = "\\\\"; + device_chars = backslash | escape_pipe | (any -- pipe -- escape); + severity_chars = ( alpha | digit | "-" ); + + # Header fields. + version = "CEF:" digit+ >mark %version; + device_vendor = device_chars* >mark %device_vendor; + device_product = device_chars* >mark %device_product; + device_version = device_chars* >mark %device_version; + device_event_class_id = device_chars* >mark %device_event_class_id; + name = device_chars* >mark %name; + severity = severity_chars* >mark %severity; + + header = version pipe + device_vendor pipe + device_product pipe + device_version pipe + device_event_class_id pipe + name pipe + severity pipe; + + # Define what extension characters are allowed. + equal = "="; + escape_equal = escape equal; + # Only alnum is defined in the CEF spec. The other characters allow + # non-conforming extension keys to be parsed. + extension_key_start_chars = alnum | '_'; + extension_key_chars = extension_key_start_chars | '.' | ',' | '[' | ']'; + extension_key_pattern = extension_key_start_chars extension_key_chars*; + extension_value_chars_nospace = backslash | escape_equal | (any -- equal -- escape -- space); + + # Extension fields. + extension_key = extension_key_pattern >mark %extension_key; + extension_value = (space* extension_value_chars_nospace @extension_value_mark)* >extension_value_start $err(extension_err); + extension = extension_key equal extension_value; + extensions = " "* extension (space* " " extension)* space* %/extension_eof; + + # gobble_extension attempts recovery from a malformed value by trying to + # advance to the next extension key and re-entering the main state machine. + gobble_extension := any* (" " >mark) extension_key_pattern equal @recover_next_extension; + + # CEF message. + cef = header extensions?; + + main := cef; + write init; + write exec; + }%% + + // Check if state machine completed. + if cs < cef_first_final { + // Reached an early end. + if p == pe { + return multierr.Append(multierr.Combine(recoveredErrs...), fmt.Errorf("unexpected end of CEF event")) + } + + // Encountered invalid input. + return multierr.Append(multierr.Combine(recoveredErrs...), fmt.Errorf("error in CEF event at pos %d", p+1)) + } + + return multierr.Combine(recoveredErrs...) +} diff --git a/filebeat/processors/decode_cef/cef/cef_test.go b/filebeat/processors/decode_cef/cef/cef_test.go new file mode 100644 index 00000000000..fb67afbe657 --- /dev/null +++ b/filebeat/processors/decode_cef/cef/cef_test.go @@ -0,0 +1,419 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package cef + +import ( + "crypto/sha1" + "encoding/hex" + "flag" + "io/ioutil" + "path/filepath" + "strconv" + "testing" + + "github.com/stretchr/testify/assert" +) + +var generateCorpus = flag.Bool("corpus", false, "generate fuzz corpus from test cases") + +const ( + standardMessage = `CEF:26|security|threatmanager|1.0|100|trojan successfully stopped|10|src=10.0.0.192 dst=12.121.122.82 spt=1232 eventId=1` + + headerOnly = `CEF:26|security|threatmanager|1.0|100|trojan successfully stopped|10|` + + emptyDeviceFields = `CEF:0|||1.0|100|trojan successfully stopped|10|src=10.0.0.192 dst=12.121.122.82 spt=1232` + + escapedPipeInHeader = `CEF:26|security|threat\|->manager|1.0|100|trojan successfully stopped|10|src=10.0.0.192 dst=12.121.122.82 spt=1232` + + equalsSignInHeader = `CEF:26|security|threat=manager|1.0|100|trojan successfully stopped|10|src=10.0.0.192 dst=12.121.122.82 spt=1232` + + emptyExtensionValue = `CEF:26|security|threatmanager|1.0|100|trojan successfully stopped|10|src=10.0.0.192 dst= spt=1232` + + leadingWhitespace = `CEF:0|security|threatmanager|1.0|100|trojan successfully stopped|10| src=10.0.0.192 dst=12.121.122.82 spt=1232` + + escapedPipeInExtension = `CEF:0|security|threatmanager|1.0|100|trojan successfully stopped|10|moo=this\|has an escaped pipe` + + pipeInMessage = `CEF:0|security|threatmanager|1.0|100|trojan successfully stopped|10|moo=this|has an pipe` + + equalsInMessage = `CEF:0|security|threatmanager|1.0|100|trojan successfully stopped|10|moo=this =has = equals\=` + + escapesInExtension = `CEF:0|security|threatmanager|1.0|100|trojan successfully stopped|10|msg=a+b\=c x=c\\d\=z` + + malformedExtensionEscape = `CEF:0|FooBar|Web Gateway|1.2.3.45.67|200|Success|2|rt=Sep 07 2018 14:50:39 cat=Access Log dst=1.1.1.1 dhost=foo.example.com suser=redacted src=2.2.2.2 requestMethod=POST request='https://foo.example.com/bar/bingo/1' requestClientApplication='Foo-Bar/2018.1.7; =Email:user@example.com; Guid:test=' cs1= cs1Label=Foo Bar` + + multipleMalformedExtensionValues = `CEF:0|vendor|product|version|event_id|name|Very-High| msg=Hello World error=Failed because id==old_id user=root angle=106.7<=180` + + paddedMessage = `CEF:0|security|threatmanager|1.0|100|message is padded|10|spt=1232 msg=Trailing space in non-final extensions is preserved src=10.0.0.192 ` + + crlfMessage = "CEF:0|security|threatmanager|1.0|100|message is padded|10|spt=1232 msg=Trailing space in final extensions is not preserved\t \r\n" + + tabMessage = "CEF:0|security|threatmanager|1.0|100|message is padded|10|spt=1232 msg=Tabs\tand\rcontrol\ncharacters are preserved\t src=127.0.0.1" + + tabNoSepMessage = "CEF:0|security|threatmanager|1.0|100|message has tabs|10|spt=1232 msg=Tab is not a separator\tsrc=127.0.0.1" +) + +var testMessages = []string{ + standardMessage, + headerOnly, + emptyDeviceFields, + escapedPipeInHeader, + equalsSignInHeader, + emptyExtensionValue, + leadingWhitespace, + escapedPipeInExtension, + pipeInMessage, + equalsInMessage, + escapesInExtension, + malformedExtensionEscape, + multipleMalformedExtensionValues, + paddedMessage, + crlfMessage, + tabMessage, +} + +func TestGenerateFuzzCorpus(t *testing.T) { + if !*generateCorpus { + t.Skip("-corpus is not enabled") + } + + for _, m := range testMessages { + h := sha1.New() + h.Write([]byte(m)) + name := hex.EncodeToString(h.Sum(nil)) + + ioutil.WriteFile(filepath.Join("fuzz/corpus", name), []byte(m), 0644) + } +} + +func TestEventUnpack(t *testing.T) { + t.Run("standardMessage", func(t *testing.T) { + var e Event + err := e.Unpack(standardMessage) + assert.NoError(t, err) + assert.Equal(t, 26, e.Version) + assert.Equal(t, "security", e.DeviceVendor) + assert.Equal(t, "threatmanager", e.DeviceProduct) + assert.Equal(t, "1.0", e.DeviceVersion) + assert.Equal(t, "100", e.DeviceEventClassID) + assert.Equal(t, "trojan successfully stopped", e.Name) + assert.Equal(t, "10", e.Severity) + assert.Equal(t, map[string]*Field{ + "src": IPField("10.0.0.192"), + "dst": IPField("12.121.122.82"), + "spt": IntegerField(1232), + "eventId": LongField(1), + }, e.Extensions) + }) + + t.Run("headerOnly", func(t *testing.T) { + var e Event + err := e.Unpack(headerOnly) + assert.NoError(t, err) + assert.Equal(t, 26, e.Version) + assert.Equal(t, "security", e.DeviceVendor) + assert.Equal(t, "threatmanager", e.DeviceProduct) + assert.Equal(t, "1.0", e.DeviceVersion) + assert.Equal(t, "100", e.DeviceEventClassID) + assert.Equal(t, "trojan successfully stopped", e.Name) + assert.Equal(t, "10", e.Severity) + assert.Nil(t, e.Extensions) + }) + + t.Run("escapedPipeInHeader", func(t *testing.T) { + var e Event + err := e.Unpack(escapedPipeInHeader) + assert.NoError(t, err) + assert.Equal(t, 26, e.Version) + assert.Equal(t, "security", e.DeviceVendor) + assert.Equal(t, "threat|->manager", e.DeviceProduct) + assert.Equal(t, "1.0", e.DeviceVersion) + assert.Equal(t, "100", e.DeviceEventClassID) + assert.Equal(t, "trojan successfully stopped", e.Name) + assert.Equal(t, "10", e.Severity) + assert.Equal(t, map[string]*Field{ + "src": IPField("10.0.0.192"), + "dst": IPField("12.121.122.82"), + "spt": IntegerField(1232), + }, e.Extensions) + }) + + t.Run("equalsSignInHeader", func(t *testing.T) { + var e Event + err := e.Unpack(equalsSignInHeader) + assert.NoError(t, err) + assert.Equal(t, 26, e.Version) + assert.Equal(t, "security", e.DeviceVendor) + assert.Equal(t, "threat=manager", e.DeviceProduct) + assert.Equal(t, "1.0", e.DeviceVersion) + assert.Equal(t, "100", e.DeviceEventClassID) + assert.Equal(t, "trojan successfully stopped", e.Name) + assert.Equal(t, "10", e.Severity) + assert.Equal(t, map[string]*Field{ + "src": IPField("10.0.0.192"), + "dst": IPField("12.121.122.82"), + "spt": IntegerField(1232), + }, e.Extensions) + }) + + t.Run("emptyExtensionValue", func(t *testing.T) { + var e Event + err := e.Unpack(emptyExtensionValue) + assert.Error(t, err) + assert.Equal(t, 26, e.Version) + assert.Equal(t, "security", e.DeviceVendor) + assert.Equal(t, "threatmanager", e.DeviceProduct) + assert.Equal(t, "1.0", e.DeviceVersion) + assert.Equal(t, "100", e.DeviceEventClassID) + assert.Equal(t, "trojan successfully stopped", e.Name) + assert.Equal(t, "10", e.Severity) + assert.Equal(t, map[string]*Field{ + "src": IPField("10.0.0.192"), + "spt": IntegerField(1232), + }, e.Extensions) + }) + + t.Run("emptyDeviceFields", func(t *testing.T) { + var e Event + err := e.Unpack(emptyDeviceFields) + assert.NoError(t, err) + assert.Equal(t, 0, e.Version) + assert.Equal(t, "", e.DeviceVendor) + assert.Equal(t, "", e.DeviceProduct) + assert.Equal(t, "1.0", e.DeviceVersion) + assert.Equal(t, "100", e.DeviceEventClassID) + assert.Equal(t, "trojan successfully stopped", e.Name) + assert.Equal(t, "10", e.Severity) + assert.Equal(t, map[string]*Field{ + "src": IPField("10.0.0.192"), + "dst": IPField("12.121.122.82"), + "spt": IntegerField(1232), + }, e.Extensions) + }) + + t.Run("errorEscapedPipeInExtension", func(t *testing.T) { + var e Event + err := e.Unpack(escapedPipeInExtension) + assert.Equal(t, 0, e.Version) + assert.Equal(t, "security", e.DeviceVendor) + assert.Equal(t, "threatmanager", e.DeviceProduct) + assert.Equal(t, "1.0", e.DeviceVersion) + assert.Equal(t, "100", e.DeviceEventClassID) + assert.Equal(t, "trojan successfully stopped", e.Name) + assert.Equal(t, "10", e.Severity) + assert.Empty(t, e.Extensions) + + // Pipes in extensions should not be escaped. + assert.Error(t, err) + }) + + t.Run("leadingWhitespace", func(t *testing.T) { + var e Event + err := e.Unpack(leadingWhitespace) + assert.NoError(t, err) + assert.Equal(t, 0, e.Version) + assert.Equal(t, "security", e.DeviceVendor) + assert.Equal(t, "threatmanager", e.DeviceProduct) + assert.Equal(t, "1.0", e.DeviceVersion) + assert.Equal(t, "100", e.DeviceEventClassID) + assert.Equal(t, "trojan successfully stopped", e.Name) + assert.Equal(t, "10", e.Severity) + assert.Equal(t, map[string]*Field{ + "src": IPField("10.0.0.192"), + "dst": IPField("12.121.122.82"), + "spt": IntegerField(1232), + }, e.Extensions) + }) + + t.Run("pipeInMessage", func(t *testing.T) { + var e Event + err := e.Unpack(pipeInMessage) + assert.NoError(t, err) + assert.Equal(t, 0, e.Version) + assert.Equal(t, "security", e.DeviceVendor) + assert.Equal(t, "threatmanager", e.DeviceProduct) + assert.Equal(t, "1.0", e.DeviceVersion) + assert.Equal(t, "100", e.DeviceEventClassID) + assert.Equal(t, "trojan successfully stopped", e.Name) + assert.Equal(t, "10", e.Severity) + assert.Equal(t, map[string]*Field{ + "moo": UndocumentedField("this|has an pipe"), + }, e.Extensions) + }) + + t.Run("errorEqualsInMessage", func(t *testing.T) { + var e Event + err := e.Unpack(equalsInMessage) + assert.Equal(t, 0, e.Version) + assert.Equal(t, "security", e.DeviceVendor) + assert.Equal(t, "threatmanager", e.DeviceProduct) + assert.Equal(t, "1.0", e.DeviceVersion) + assert.Equal(t, "100", e.DeviceEventClassID) + assert.Equal(t, "trojan successfully stopped", e.Name) + assert.Equal(t, "10", e.Severity) + assert.Empty(t, e.Extensions) + + // moo contains unescaped equals signs. + assert.Error(t, err) + }) + + t.Run("escapesInExtension", func(t *testing.T) { + var e Event + err := e.Unpack(escapesInExtension) + assert.NoError(t, err) + assert.Equal(t, 0, e.Version) + assert.Equal(t, "security", e.DeviceVendor) + assert.Equal(t, "threatmanager", e.DeviceProduct) + assert.Equal(t, "1.0", e.DeviceVersion) + assert.Equal(t, "100", e.DeviceEventClassID) + assert.Equal(t, "trojan successfully stopped", e.Name) + assert.Equal(t, "10", e.Severity) + assert.Equal(t, map[string]*Field{ + "msg": StringField("a+b=c"), + "x": UndocumentedField(`c\d=z`), + }, e.Extensions) + }) + + t.Run("errorMalformedExtensionEscape", func(t *testing.T) { + var e Event + err := e.Unpack(malformedExtensionEscape) + assert.Equal(t, 0, e.Version) + assert.Equal(t, "FooBar", e.DeviceVendor) + assert.Equal(t, "Web Gateway", e.DeviceProduct) + assert.Equal(t, "1.2.3.45.67", e.DeviceVersion) + assert.Equal(t, "200", e.DeviceEventClassID) + assert.Equal(t, "Success", e.Name) + assert.Equal(t, "2", e.Severity) + assert.Equal(t, map[string]*Field{ + "rt": TimestampField("Sep 07 2018 14:50:39"), + "cat": StringField("Access Log"), + "dst": IPField("1.1.1.1"), + "dhost": StringField("foo.example.com"), + "suser": StringField("redacted"), + "src": IPField("2.2.2.2"), + "requestMethod": StringField("POST"), + "request": StringField(`'https://foo.example.com/bar/bingo/1'`), + "cs1": StringField(""), + "cs1Label": StringField("Foo Bar"), + }, e.Extensions) + + // requestClientApplication is not valid because it contains an unescaped + // equals sign. + if assert.Error(t, err) { + assert.Contains(t, err.Error(), "requestClientApplication") + } + }) + + t.Run("errorMultipleMalformedExtensionValues", func(t *testing.T) { + var e Event + err := e.Unpack(multipleMalformedExtensionValues) + assert.Equal(t, 0, e.Version) + assert.Equal(t, "vendor", e.DeviceVendor) + assert.Equal(t, "product", e.DeviceProduct) + assert.Equal(t, "version", e.DeviceVersion) + assert.Equal(t, "event_id", e.DeviceEventClassID) + assert.Equal(t, "name", e.Name) + assert.Equal(t, "Very-High", e.Severity) + assert.Equal(t, map[string]*Field{ + "msg": StringField("Hello World"), + "error": UndocumentedField("Failed because"), + "user": UndocumentedField("root"), + }, e.Extensions) + + // Both id and angle contain unescaped equals signs. + if assert.Error(t, err) { + assert.Contains(t, err.Error(), "id") + assert.Contains(t, err.Error(), "malformed") + } + }) + + t.Run("empty", func(t *testing.T) { + var e Event + err := e.Unpack("CEF:0|||||||a=") + assert.NoError(t, err) + }) + + t.Run("padded", func(t *testing.T) { + var e Event + err := e.Unpack(paddedMessage) + assert.NoError(t, err) + assert.Equal(t, map[string]*Field{ + "src": IPField("10.0.0.192"), + "spt": IntegerField(1232), + "msg": StringField("Trailing space in non-final extensions is preserved "), + }, e.Extensions) + }) + + t.Run("padded with extra whitespace chars", func(t *testing.T) { + var e Event + err := e.Unpack(crlfMessage) + assert.NoError(t, err) + assert.Equal(t, map[string]*Field{ + "spt": IntegerField(1232), + "msg": StringField("Trailing space in final extensions is not preserved"), + }, e.Extensions) + }) + + t.Run("internal whitespace chars", func(t *testing.T) { + var e Event + err := e.Unpack(tabMessage) + assert.NoError(t, err) + assert.Equal(t, map[string]*Field{ + "spt": IntegerField(1232), + "src": IPField("127.0.0.1"), + "msg": StringField("Tabs\tand\rcontrol\ncharacters are preserved\t"), + }, e.Extensions) + }) + + t.Run("No tab as separator", func(t *testing.T) { + var e Event + err := e.Unpack(tabNoSepMessage) + assert.Error(t, err) + assert.Equal(t, map[string]*Field{ + "spt": IntegerField(1232), + }, e.Extensions) + }) +} + +func TestEventUnpackWithFullExtensionNames(t *testing.T) { + var e Event + err := e.Unpack(standardMessage, WithFullExtensionNames()) + assert.NoError(t, err) + assert.Equal(t, map[string]*Field{ + "sourceAddress": IPField("10.0.0.192"), + "destinationAddress": IPField("12.121.122.82"), + "sourcePort": IntegerField(1232), + "eventId": LongField(1), + }, e.Extensions) +} + +func BenchmarkEventUnpack(b *testing.B) { + var messages []string + for _, m := range testMessages { + messages = append(messages, m) + } + b.ResetTimer() + + for i := 0; i < b.N; i++ { + var e Event + e.Unpack(messages[i%len(messages)]) + } +} + +func IPField(v string) *Field { return &Field{String: v, Type: IPType, Interface: v} } +func StringField(v string) *Field { return &Field{String: v, Type: StringType, Interface: v} } +func IntegerField(v int32) *Field { + return &Field{String: strconv.Itoa(int(v)), Type: IntegerType, Interface: v} +} +func LongField(v int64) *Field { + return &Field{String: strconv.Itoa(int(v)), Type: LongType, Interface: v} +} +func UndocumentedField(v string) *Field { return &Field{String: v} } +func TimestampField(v string) *Field { + ts, err := toTimestamp(v) + if err != nil { + panic(err) + } + return &Field{String: v, Type: TimestampType, Interface: ts} +} diff --git a/filebeat/processors/decode_cef/cef/cmd/cef2json/.gitignore b/filebeat/processors/decode_cef/cef/cmd/cef2json/.gitignore new file mode 100644 index 00000000000..17a45d0177e --- /dev/null +++ b/filebeat/processors/decode_cef/cef/cmd/cef2json/.gitignore @@ -0,0 +1,2 @@ +cef2json +cef2json.exe diff --git a/filebeat/processors/decode_cef/cef/cmd/cef2json/cef2json.go b/filebeat/processors/decode_cef/cef/cmd/cef2json/cef2json.go new file mode 100644 index 00000000000..30b40bf5fbb --- /dev/null +++ b/filebeat/processors/decode_cef/cef/cmd/cef2json/cef2json.go @@ -0,0 +1,64 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +import ( + "bufio" + "bytes" + "encoding/json" + "flag" + "fmt" + "log" + "os" + + "github.com/elastic/beats/v7/x-pack/filebeat/processors/decode_cef/cef" +) + +var ( + fullExtensionNames bool +) + +func init() { + flag.BoolVar(&fullExtensionNames, "full", true, "Use full extension key names.") +} + +var cefMarker = []byte("CEF:") + +func main() { + log.SetFlags(0) + flag.Parse() + + var opts []cef.Option + if fullExtensionNames { + opts = append(opts, cef.WithFullExtensionNames()) + } + + s := bufio.NewScanner(os.Stdin) + for s.Scan() { + line := s.Bytes() + if len(line) == 0 { + continue + } + + begin := bytes.Index(line, cefMarker) + if begin == -1 { + continue + } + line = line[begin:] + + var e cef.Event + if err := e.Unpack(string(line), opts...); err != nil { + log.Println("ERROR:", err, "in:", string(line)) + } + + jsonData, err := json.Marshal(e) + if err != nil { + log.Println("ERROR:", err) + continue + } + + fmt.Println(string(jsonData)) + } +} diff --git a/filebeat/processors/decode_cef/cef/fuzz/.gitignore b/filebeat/processors/decode_cef/cef/fuzz/.gitignore new file mode 100644 index 00000000000..45ef0afd007 --- /dev/null +++ b/filebeat/processors/decode_cef/cef/fuzz/.gitignore @@ -0,0 +1,4 @@ +corpus +crashers +suppressions +*.zip diff --git a/filebeat/processors/decode_cef/cef/fuzz/Makefile b/filebeat/processors/decode_cef/cef/fuzz/Makefile new file mode 100644 index 00000000000..5e928e83034 --- /dev/null +++ b/filebeat/processors/decode_cef/cef/fuzz/Makefile @@ -0,0 +1,7 @@ +fuzz: + go test ../. -corpus + go get github.com/dvyukov/go-fuzz/go-fuzz github.com/dvyukov/go-fuzz/go-fuzz-build + go-fuzz-build + go-fuzz + +.PHONY: fuzz diff --git a/filebeat/processors/decode_cef/cef/fuzz/fuzz.go b/filebeat/processors/decode_cef/cef/fuzz/fuzz.go new file mode 100644 index 00000000000..506e861fb02 --- /dev/null +++ b/filebeat/processors/decode_cef/cef/fuzz/fuzz.go @@ -0,0 +1,18 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package fuzz + +import ( + cef2 "github.com/elastic/beats/v7/x-pack/filebeat/processors/decode_cef/cef" +) + +// Fuzz is the entry point that go-fuzz uses to fuzz the parser. +func Fuzz(data []byte) int { + var e cef2.Event + if err := e.Unpack(string(data)); err != nil { + return 1 + } + return 0 +} diff --git a/filebeat/processors/decode_cef/cef/keys.go b/filebeat/processors/decode_cef/cef/keys.go new file mode 100644 index 00000000000..232d9dcbf9f --- /dev/null +++ b/filebeat/processors/decode_cef/cef/keys.go @@ -0,0 +1,699 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package cef + +import "strings" + +type mappedField struct { + Target string + Type DataType +} + +// extensionMapping is a mapping of CEF key names to full field names and data +// types. This mapping was generated from tables contained in: +// - "Micro Focus Security ArcSight Common Event Format Version 25" +// dated September 28, 2017. +// - "Check Point Log Exporter CEF Field Mappings" +// dated November 23, 2018. +// - "HPE Security ArcSight Common Event Format Version 23" +// dated May 16, 2016. +var extensionMapping = map[string]mappedField{ + "agt": { + Target: "agentAddress", + Type: IPType, + }, + "agentDnsDomain": { + Target: "agentDnsDomain", + Type: StringType, + }, + "ahost": { + Target: "agentHostName", + Type: StringType, + }, + "aid": { + Target: "agentId", + Type: StringType, + }, + "amac": { + Target: "agentMacAddress", + Type: MACAddressType, + }, + "agentNtDomain": { + Target: "agentNtDomain", + Type: StringType, + }, + "art": { + Target: "agentReceiptTime", + Type: TimestampType, + }, + "atz": { + Target: "agentTimeZone", + Type: StringType, + }, + "agentTranslatedAddress": { + Target: "agentTranslatedAddress", + Type: IPType, + }, + "agentTranslatedZoneExternalID": { + Target: "agentTranslatedZoneExternalID", + Type: StringType, + }, + "agentTranslatedZoneURI": { + Target: "agentTranslatedZoneURI", + Type: StringType, + }, + "at": { + Target: "agentType", + Type: StringType, + }, + "av": { + Target: "agentVersion", + Type: StringType, + }, + "agentZoneExternalID": { + Target: "agentZoneExternalID", + Type: StringType, + }, + "agentZoneURI": { + Target: "agentZoneURI", + Type: StringType, + }, + "app": { + Target: "applicationProtocol", + Type: StringType, + }, + "cnt": { + Target: "baseEventCount", + Type: IntegerType, + }, + "in": { + Target: "bytesIn", + Type: IntegerType, + }, + "out": { + Target: "bytesOut", + Type: IntegerType, + }, + "customerExternalID": { + Target: "customerExternalID", + Type: StringType, + }, + "customerURI": { + Target: "customerURI", + Type: StringType, + }, + "dst": { + Target: "destinationAddress", + Type: IPType, + }, + "destinationDnsDomain": { + Target: "destinationDnsDomain", + Type: StringType, + }, + "dlat": { + Target: "destinationGeoLatitude", + Type: DoubleType, + }, + "dlong": { + Target: "destinationGeoLongitude", + Type: DoubleType, + }, + "dhost": { + Target: "destinationHostName", + Type: StringType, + }, + "dmac": { + Target: "destinationMacAddress", + Type: MACAddressType, + }, + "dntdom": { + Target: "destinationNtDomain", + Type: StringType, + }, + "dpt": { + Target: "destinationPort", + Type: IntegerType, + }, + "dpid": { + Target: "destinationProcessId", + Type: IntegerType, + }, + "dproc": { + Target: "destinationProcessName", + Type: StringType, + }, + "destinationServiceName": { + Target: "destinationServiceName", + Type: StringType, + }, + "destinationTranslatedAddress": { + Target: "destinationTranslatedAddress", + Type: IPType, + }, + "destinationTranslatedPort": { + Target: "destinationTranslatedPort", + Type: IntegerType, + }, + "destinationTranslatedZoneExternalID": { + Target: "destinationTranslatedZoneExternalID", + Type: StringType, + }, + "destinationTranslatedZoneURI": { + Target: "destinationTranslatedZoneURI", + Type: StringType, + }, + "duid": { + Target: "destinationUserId", + Type: StringType, + }, + "duser": { + Target: "destinationUserName", + Type: StringType, + }, + "dpriv": { + Target: "destinationUserPrivileges", + Type: StringType, + }, + "destinationZoneExternalID": { + Target: "destinationZoneExternalID", + Type: StringType, + }, + "destinationZoneURI": { + Target: "destinationZoneURI", + Type: StringType, + }, + "act": { + Target: "deviceAction", + Type: StringType, + }, + "dvc": { + Target: "deviceAddress", + Type: IPType, + }, + "cfp1Label": { + Target: "deviceCustomFloatingPoint1Label", + Type: StringType, + }, + "cfp3Label": { + Target: "deviceCustomFloatingPoint3Label", + Type: StringType, + }, + "cfp4Label": { + Target: "deviceCustomFloatingPoint4Label", + Type: StringType, + }, + "deviceCustomDate1": { + Target: "deviceCustomDate1", + Type: TimestampType, + }, + "deviceCustomDate1Label": { + Target: "deviceCustomDate1Label", + Type: StringType, + }, + "deviceCustomDate2": { + Target: "deviceCustomDate2", + Type: TimestampType, + }, + "deviceCustomDate2Label": { + Target: "deviceCustomDate2Label", + Type: StringType, + }, + "cfp1": { + Target: "deviceCustomFloatingPoint1", + Type: FloatType, + }, + "cfp2": { + Target: "deviceCustomFloatingPoint2", + Type: FloatType, + }, + "cfp2Label": { + Target: "deviceCustomFloatingPoint2Label", + Type: StringType, + }, + "cfp3": { + Target: "deviceCustomFloatingPoint3", + Type: FloatType, + }, + "cfp4": { + Target: "deviceCustomFloatingPoint4", + Type: FloatType, + }, + "c6a1": { + Target: "deviceCustomIPv6Address1", + Type: IPType, + }, + "c6a1Label": { + Target: "deviceCustomIPv6Address1Label", + Type: StringType, + }, + "c6a2": { + Target: "deviceCustomIPv6Address2", + Type: IPType, + }, + "c6a2Label": { + Target: "deviceCustomIPv6Address2Label", + Type: StringType, + }, + "c6a3": { + Target: "deviceCustomIPv6Address3", + Type: IPType, + }, + "c6a3Label": { + Target: "deviceCustomIPv6Address3Label", + Type: StringType, + }, + "c6a4": { + Target: "deviceCustomIPv6Address4", + Type: IPType, + }, + "C6a4Label": { + Target: "deviceCustomIPv6Address4Label", + Type: StringType, + }, + "cn1": { + Target: "deviceCustomNumber1", + Type: LongType, + }, + "cn1Label": { + Target: "deviceCustomNumber1Label", + Type: StringType, + }, + "cn2": { + Target: "deviceCustomNumber2", + Type: LongType, + }, + "cn2Label": { + Target: "deviceCustomNumber2Label", + Type: StringType, + }, + "cn3": { + Target: "deviceCustomNumber3", + Type: LongType, + }, + "cn3Label": { + Target: "deviceCustomNumber3Label", + Type: StringType, + }, + "cs1": { + Target: "deviceCustomString1", + Type: StringType, + }, + "cs1Label": { + Target: "deviceCustomString1Label", + Type: StringType, + }, + "cs2": { + Target: "deviceCustomString2", + Type: StringType, + }, + "cs2Label": { + Target: "deviceCustomString2Label", + Type: StringType, + }, + "cs3": { + Target: "deviceCustomString3", + Type: StringType, + }, + "cs3Label": { + Target: "deviceCustomString3Label", + Type: StringType, + }, + "cs4": { + Target: "deviceCustomString4", + Type: StringType, + }, + "cs4Label": { + Target: "deviceCustomString4Label", + Type: StringType, + }, + "cs5": { + Target: "deviceCustomString5", + Type: StringType, + }, + "cs5Label": { + Target: "deviceCustomString5Label", + Type: StringType, + }, + "cs6": { + Target: "deviceCustomString6", + Type: StringType, + }, + "cs6Label": { + Target: "deviceCustomString6Label", + Type: StringType, + }, + "deviceDirection": { + Target: "deviceDirection", + Type: IntegerType, + }, + "deviceDnsDomain": { + Target: "deviceDnsDomain", + Type: StringType, + }, + "cat": { + Target: "deviceEventCategory", + Type: StringType, + }, + "deviceExternalId": { + Target: "deviceExternalId", + Type: StringType, + }, + "deviceFacility": { + Target: "deviceFacility", + Type: StringType, + }, + "dvchost": { + Target: "deviceHostName", + Type: StringType, + }, + "deviceInboundInterface": { + Target: "deviceInboundInterface", + Type: StringType, + }, + "dvcmac": { + Target: "deviceMacAddress", + Type: MACAddressType, + }, + "deviceNtDomain": { + Target: "deviceNtDomain", + Type: StringType, + }, + "DeviceOutboundInterface": { + Target: "deviceOutboundInterface", + Type: StringType, + }, + "DevicePayloadId": { + Target: "devicePayloadId", + Type: StringType, + }, + "dvcpid": { + Target: "deviceProcessId", + Type: IntegerType, + }, + "deviceProcessName": { + Target: "deviceProcessName", + Type: StringType, + }, + "rt": { + Target: "deviceReceiptTime", + Type: TimestampType, + }, + "dtz": { + Target: "deviceTimeZone", + Type: StringType, + }, + "deviceTranslatedAddress": { + Target: "deviceTranslatedAddress", + Type: IPType, + }, + "deviceTranslatedZoneExternalID": { + Target: "deviceTranslatedZoneExternalID", + Type: StringType, + }, + "deviceTranslatedZoneURI": { + Target: "deviceTranslatedZoneURI", + Type: StringType, + }, + "deviceZoneExternalID": { + Target: "deviceZoneExternalID", + Type: StringType, + }, + "deviceZoneURI": { + Target: "deviceZoneURI", + Type: StringType, + }, + "end": { + Target: "endTime", + Type: TimestampType, + }, + "eventId": { + Target: "eventId", + Type: LongType, + }, + "outcome": { + Target: "eventOutcome", + Type: StringType, + }, + "externalId": { + Target: "externalId", + Type: StringType, + }, + "fileCreateTime": { + Target: "fileCreateTime", + Type: TimestampType, + }, + "fileHash": { + Target: "fileHash", + Type: StringType, + }, + "fileId": { + Target: "fileId", + Type: StringType, + }, + "fileModificationTime": { + Target: "fileModificationTime", + Type: TimestampType, + }, + "flexNumber1": { + Target: "deviceFlexNumber1", + Type: LongType, + }, + "flexNumber1Label": { + Target: "deviceFlexNumber1Label", + Type: StringType, + }, + "flexNumber2": { + Target: "deviceFlexNumber2", + Type: LongType, + }, + "flexNumber2Label": { + Target: "deviceFlexNumber2Label", + Type: StringType, + }, + + "fname": { + Target: "filename", + Type: StringType, + }, + "filePath": { + Target: "filePath", + Type: StringType, + }, + "filePermission": { + Target: "filePermission", + Type: StringType, + }, + "fsize": { + Target: "fileSize", + Type: IntegerType, + }, + "fileType": { + Target: "fileType", + Type: StringType, + }, + "flexDate1": { + Target: "flexDate1", + Type: TimestampType, + }, + "flexDate1Label": { + Target: "flexDate1Label", + Type: StringType, + }, + "flexString1": { + Target: "flexString1", + Type: StringType, + }, + "flexString2": { + Target: "flexString2", + Type: StringType, + }, + "flexString1Label": { + Target: "flexString1Label", + Type: StringType, + }, + "flexString2Label": { + Target: "flexString2Label", + Type: StringType, + }, + "msg": { + Target: "message", + Type: StringType, + }, + "oldFileCreateTime": { + Target: "oldFileCreateTime", + Type: TimestampType, + }, + "oldFileHash": { + Target: "oldFileHash", + Type: StringType, + }, + "oldFileId": { + Target: "oldFileId", + Type: StringType, + }, + "oldFileModificationTime": { + Target: "oldFileModificationTime", + Type: TimestampType, + }, + "oldFileName": { + Target: "oldFileName", + Type: StringType, + }, + "oldFilePath": { + Target: "oldFilePath", + Type: StringType, + }, + "oldFilePermission": { + Target: "oldFilePermission", + Type: StringType, + }, + "oldFileSize": { + Target: "oldFileSize", + Type: IntegerType, + }, + "oldFileType": { + Target: "oldFileType", + Type: StringType, + }, + "rawEvent": { + Target: "rawEvent", + Type: StringType, + }, + "reason": { + Target: "Reason", + Type: StringType, + }, + "requestClientApplication": { + Target: "requestClientApplication", + Type: StringType, + }, + "requestContext": { + Target: "requestContext", + Type: StringType, + }, + "requestCookies": { + Target: "requestCookies", + Type: StringType, + }, + "requestMethod": { + Target: "requestMethod", + Type: StringType, + }, + "request": { + Target: "requestUrl", + Type: StringType, + }, + "src": { + Target: "sourceAddress", + Type: IPType, + }, + "sourceDnsDomain": { + Target: "sourceDnsDomain", + Type: StringType, + }, + "slat": { + Target: "sourceGeoLatitude", + Type: DoubleType, + }, + "slong": { + Target: "sourceGeoLongitude", + Type: DoubleType, + }, + "shost": { + Target: "sourceHostName", + Type: StringType, + }, + "smac": { + Target: "sourceMacAddress", + Type: MACAddressType, + }, + "sntdom": { + Target: "sourceNtDomain", + Type: StringType, + }, + "spt": { + Target: "sourcePort", + Type: IntegerType, + }, + "spid": { + Target: "sourceProcessId", + Type: IntegerType, + }, + "sproc": { + Target: "sourceProcessName", + Type: StringType, + }, + "sourceServiceName": { + Target: "sourceServiceName", + Type: StringType, + }, + "sourceTranslatedAddress": { + Target: "sourceTranslatedAddress", + Type: IPType, + }, + "sourceTranslatedPort": { + Target: "sourceTranslatedPort", + Type: IntegerType, + }, + "sourceTranslatedZoneExternalID": { + Target: "sourceTranslatedZoneExternalID", + Type: StringType, + }, + "sourceTranslatedZoneURI": { + Target: "sourceTranslatedZoneURI", + Type: StringType, + }, + "suid": { + Target: "sourceUserId", + Type: StringType, + }, + "suser": { + Target: "sourceUserName", + Type: StringType, + }, + "spriv": { + Target: "sourceUserPrivileges", + Type: StringType, + }, + "sourceZoneExternalID": { + Target: "sourceZoneExternalID", + Type: StringType, + }, + "sourceZoneURI": { + Target: "sourceZoneURI", + Type: StringType, + }, + "start": { + Target: "startTime", + Type: TimestampType, + }, + "proto": { + Target: "transportProtocol", + Type: StringType, + }, + "type": { + Target: "type", + Type: IntegerType, + }, + + // This is an ArcSight categorization field that is commonly used, but its + // short name is not contained in the documentation used for the above list. + "catdt": { + Target: "categoryDeviceType", + Type: StringType, + }, + "mrt": { + Target: "managerReceiptTime", + Type: TimestampType, + }, +} + +var extensionMappingLowerCase = map[string]mappedField{} + +func init() { + for k, v := range extensionMapping { + extensionMappingLowerCase[strings.ToLower(k)] = v + } +} diff --git a/filebeat/processors/decode_cef/cef/option.go b/filebeat/processors/decode_cef/cef/option.go new file mode 100644 index 00000000000..9fae32f011c --- /dev/null +++ b/filebeat/processors/decode_cef/cef/option.go @@ -0,0 +1,27 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package cef + +// Option controls Setting used in unpacking messages. +type Option interface { + Apply(*Settings) +} + +// Settings for unpacking messages. +type Settings struct { + fullExtensionNames bool +} + +type withFullExtensionNames struct{} + +func (w withFullExtensionNames) Apply(s *Settings) { + s.fullExtensionNames = true +} + +// WithFullExtensionNames causes CEF extension key names to be translated into +// their full key names (e.g. src -> sourceAddress). +func WithFullExtensionNames() Option { + return withFullExtensionNames{} +} diff --git a/filebeat/processors/decode_cef/cef/parser.go b/filebeat/processors/decode_cef/cef/parser.go new file mode 100644 index 00000000000..cd765873527 --- /dev/null +++ b/filebeat/processors/decode_cef/cef/parser.go @@ -0,0 +1,1043 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +//line cef.rl:1 +// Code generated by ragel DO NOT EDIT. +package cef + +import ( + "fmt" + "strconv" + + "go.uber.org/multierr" +) + +//line parser.go:15 +var _cef_eof_actions []byte = []byte{ + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 16, 16, 0, 0, 0, 0, + 19, 22, 22, 22, 19, 22, 22, 22, + 0, +} + +const cef_start int = 1 +const cef_first_final int = 31 +const cef_error int = 0 + +const cef_en_gobble_extension int = 28 +const cef_en_main int = 1 +const cef_en_main_cef_extensions int = 24 + +//line cef.rl:16 + +// unpack unpacks a CEF message. +func (e *Event) unpack(data string) error { + cs, p, pe, eof := 0, 0, len(data), len(data) + mark := 0 + + // Extension key. + var extKey string + + // Extension value start and end indices. + extValueStart, extValueEnd := 0, 0 + + // recoveredErrs are problems with the message that the parser was able to + // recover from (though the parsing might not be "correct"). + var recoveredErrs []error + + e.init(data) + +//line parser.go:55 + { + cs = cef_start + } + +//line parser.go:60 + { + if (p) == (pe) { + goto _test_eof + } + if cs == 0 { + goto _out + } + _resume: + switch cs { + case 1: + if data[(p)] == 67 { + goto tr0 + } + goto tr1 + case 0: + goto _out + case 2: + if data[(p)] == 69 { + goto tr2 + } + goto tr1 + case 3: + if data[(p)] == 70 { + goto tr3 + } + goto tr1 + case 4: + if data[(p)] == 58 { + goto tr4 + } + goto tr1 + case 5: + if 48 <= data[(p)] && data[(p)] <= 57 { + goto tr5 + } + goto tr1 + case 6: + if data[(p)] == 124 { + goto tr7 + } + if 48 <= data[(p)] && data[(p)] <= 57 { + goto tr6 + } + goto tr1 + case 7: + switch data[(p)] { + case 92: + goto tr9 + case 124: + goto tr10 + } + goto tr8 + case 8: + switch data[(p)] { + case 92: + goto tr12 + case 124: + goto tr13 + } + goto tr11 + case 9: + switch data[(p)] { + case 92: + goto tr11 + case 124: + goto tr11 + } + goto tr1 + case 10: + switch data[(p)] { + case 92: + goto tr15 + case 124: + goto tr16 + } + goto tr14 + case 11: + switch data[(p)] { + case 92: + goto tr18 + case 124: + goto tr19 + } + goto tr17 + case 12: + switch data[(p)] { + case 92: + goto tr17 + case 124: + goto tr17 + } + goto tr1 + case 13: + switch data[(p)] { + case 92: + goto tr21 + case 124: + goto tr22 + } + goto tr20 + case 14: + switch data[(p)] { + case 92: + goto tr24 + case 124: + goto tr25 + } + goto tr23 + case 15: + switch data[(p)] { + case 92: + goto tr23 + case 124: + goto tr23 + } + goto tr1 + case 16: + switch data[(p)] { + case 92: + goto tr27 + case 124: + goto tr28 + } + goto tr26 + case 17: + switch data[(p)] { + case 92: + goto tr30 + case 124: + goto tr31 + } + goto tr29 + case 18: + switch data[(p)] { + case 92: + goto tr29 + case 124: + goto tr29 + } + goto tr1 + case 19: + switch data[(p)] { + case 92: + goto tr33 + case 124: + goto tr34 + } + goto tr32 + case 20: + switch data[(p)] { + case 92: + goto tr36 + case 124: + goto tr37 + } + goto tr35 + case 21: + switch data[(p)] { + case 92: + goto tr35 + case 124: + goto tr35 + } + goto tr1 + case 22: + switch data[(p)] { + case 45: + goto tr38 + case 124: + goto tr39 + } + switch { + case data[(p)] < 65: + if 48 <= data[(p)] && data[(p)] <= 57 { + goto tr38 + } + case data[(p)] > 90: + if 97 <= data[(p)] && data[(p)] <= 122 { + goto tr38 + } + default: + goto tr38 + } + goto tr1 + case 23: + switch data[(p)] { + case 45: + goto tr40 + case 124: + goto tr41 + } + switch { + case data[(p)] < 65: + if 48 <= data[(p)] && data[(p)] <= 57 { + goto tr40 + } + case data[(p)] > 90: + if 97 <= data[(p)] && data[(p)] <= 122 { + goto tr40 + } + default: + goto tr40 + } + goto tr1 + case 31: + switch data[(p)] { + case 32: + goto tr42 + case 95: + goto tr43 + } + switch { + case data[(p)] < 65: + if 48 <= data[(p)] && data[(p)] <= 57 { + goto tr43 + } + case data[(p)] > 90: + if 97 <= data[(p)] && data[(p)] <= 122 { + goto tr43 + } + default: + goto tr43 + } + goto tr1 + case 24: + switch data[(p)] { + case 32: + goto tr42 + case 95: + goto tr43 + } + switch { + case data[(p)] < 65: + if 48 <= data[(p)] && data[(p)] <= 57 { + goto tr43 + } + case data[(p)] > 90: + if 97 <= data[(p)] && data[(p)] <= 122 { + goto tr43 + } + default: + goto tr43 + } + goto tr1 + case 25: + switch data[(p)] { + case 44: + goto tr44 + case 46: + goto tr44 + case 61: + goto tr45 + case 93: + goto tr44 + case 95: + goto tr44 + } + switch { + case data[(p)] < 65: + if 48 <= data[(p)] && data[(p)] <= 57 { + goto tr44 + } + case data[(p)] > 91: + if 97 <= data[(p)] && data[(p)] <= 122 { + goto tr44 + } + default: + goto tr44 + } + goto tr1 + case 32: + switch data[(p)] { + case 32: + goto tr55 + case 61: + goto tr46 + case 92: + goto tr56 + } + if 9 <= data[(p)] && data[(p)] <= 13 { + goto tr54 + } + goto tr53 + case 33: + switch data[(p)] { + case 32: + goto tr58 + case 61: + goto tr46 + case 92: + goto tr59 + } + if 9 <= data[(p)] && data[(p)] <= 13 { + goto tr57 + } + goto tr48 + case 34: + switch data[(p)] { + case 32: + goto tr58 + case 61: + goto tr46 + case 92: + goto tr59 + case 95: + goto tr60 + } + switch { + case data[(p)] < 48: + if 9 <= data[(p)] && data[(p)] <= 13 { + goto tr57 + } + case data[(p)] > 57: + switch { + case data[(p)] > 90: + if 97 <= data[(p)] && data[(p)] <= 122 { + goto tr60 + } + case data[(p)] >= 65: + goto tr60 + } + default: + goto tr60 + } + goto tr48 + case 35: + switch data[(p)] { + case 32: + goto tr58 + case 44: + goto tr61 + case 46: + goto tr61 + case 61: + goto tr62 + case 92: + goto tr59 + case 95: + goto tr61 + } + switch { + case data[(p)] < 48: + if 9 <= data[(p)] && data[(p)] <= 13 { + goto tr57 + } + case data[(p)] > 57: + switch { + case data[(p)] > 93: + if 97 <= data[(p)] && data[(p)] <= 122 { + goto tr61 + } + case data[(p)] >= 65: + goto tr61 + } + default: + goto tr61 + } + goto tr48 + case 36: + switch data[(p)] { + case 32: + goto tr65 + case 61: + goto tr46 + case 92: + goto tr66 + } + if 9 <= data[(p)] && data[(p)] <= 13 { + goto tr64 + } + goto tr63 + case 37: + switch data[(p)] { + case 32: + goto tr68 + case 61: + goto tr46 + case 92: + goto tr69 + } + if 9 <= data[(p)] && data[(p)] <= 13 { + goto tr67 + } + goto tr47 + case 38: + switch data[(p)] { + case 32: + goto tr68 + case 61: + goto tr46 + case 92: + goto tr69 + case 95: + goto tr70 + } + switch { + case data[(p)] < 48: + if 9 <= data[(p)] && data[(p)] <= 13 { + goto tr67 + } + case data[(p)] > 57: + switch { + case data[(p)] > 90: + if 97 <= data[(p)] && data[(p)] <= 122 { + goto tr70 + } + case data[(p)] >= 65: + goto tr70 + } + default: + goto tr70 + } + goto tr47 + case 39: + switch data[(p)] { + case 32: + goto tr68 + case 44: + goto tr71 + case 46: + goto tr71 + case 61: + goto tr62 + case 92: + goto tr69 + case 95: + goto tr71 + } + switch { + case data[(p)] < 48: + if 9 <= data[(p)] && data[(p)] <= 13 { + goto tr67 + } + case data[(p)] > 57: + switch { + case data[(p)] > 93: + if 97 <= data[(p)] && data[(p)] <= 122 { + goto tr71 + } + case data[(p)] >= 65: + goto tr71 + } + default: + goto tr71 + } + goto tr47 + case 26: + switch data[(p)] { + case 61: + goto tr47 + case 92: + goto tr47 + } + goto tr46 + case 27: + switch data[(p)] { + case 61: + goto tr48 + case 92: + goto tr48 + } + goto tr46 + case 28: + if data[(p)] == 32 { + goto tr50 + } + goto tr49 + case 29: + switch data[(p)] { + case 32: + goto tr50 + case 95: + goto tr51 + } + switch { + case data[(p)] < 65: + if 48 <= data[(p)] && data[(p)] <= 57 { + goto tr51 + } + case data[(p)] > 90: + if 97 <= data[(p)] && data[(p)] <= 122 { + goto tr51 + } + default: + goto tr51 + } + goto tr49 + case 30: + switch data[(p)] { + case 32: + goto tr50 + case 44: + goto tr51 + case 46: + goto tr51 + case 61: + goto tr52 + case 93: + goto tr51 + case 95: + goto tr51 + } + switch { + case data[(p)] < 65: + if 48 <= data[(p)] && data[(p)] <= 57 { + goto tr51 + } + case data[(p)] > 91: + if 97 <= data[(p)] && data[(p)] <= 122 { + goto tr51 + } + default: + goto tr51 + } + goto tr49 + case 40: + if data[(p)] == 32 { + goto tr50 + } + goto tr49 + } + + tr1: + cs = 0 + goto _again + tr46: + cs = 0 + goto f15 + tr0: + cs = 2 + goto _again + tr2: + cs = 3 + goto _again + tr3: + cs = 4 + goto _again + tr4: + cs = 5 + goto _again + tr6: + cs = 6 + goto _again + tr5: + cs = 6 + goto f0 + tr7: + cs = 7 + goto f1 + tr11: + cs = 8 + goto _again + tr8: + cs = 8 + goto f0 + tr12: + cs = 9 + goto _again + tr9: + cs = 9 + goto f0 + tr10: + cs = 10 + goto f2 + tr13: + cs = 10 + goto f3 + tr17: + cs = 11 + goto _again + tr14: + cs = 11 + goto f0 + tr18: + cs = 12 + goto _again + tr15: + cs = 12 + goto f0 + tr16: + cs = 13 + goto f4 + tr19: + cs = 13 + goto f5 + tr23: + cs = 14 + goto _again + tr20: + cs = 14 + goto f0 + tr24: + cs = 15 + goto _again + tr21: + cs = 15 + goto f0 + tr22: + cs = 16 + goto f6 + tr25: + cs = 16 + goto f7 + tr29: + cs = 17 + goto _again + tr26: + cs = 17 + goto f0 + tr30: + cs = 18 + goto _again + tr27: + cs = 18 + goto f0 + tr28: + cs = 19 + goto f8 + tr31: + cs = 19 + goto f9 + tr35: + cs = 20 + goto _again + tr32: + cs = 20 + goto f0 + tr36: + cs = 21 + goto _again + tr33: + cs = 21 + goto f0 + tr34: + cs = 22 + goto f10 + tr37: + cs = 22 + goto f11 + tr40: + cs = 23 + goto _again + tr38: + cs = 23 + goto f0 + tr42: + cs = 24 + goto _again + tr44: + cs = 25 + goto _again + tr43: + cs = 25 + goto f0 + tr69: + cs = 26 + goto _again + tr66: + cs = 26 + goto f20 + tr59: + cs = 27 + goto _again + tr56: + cs = 27 + goto f20 + tr49: + cs = 28 + goto _again + tr50: + cs = 29 + goto f0 + tr51: + cs = 30 + goto _again + tr39: + cs = 31 + goto f12 + tr41: + cs = 31 + goto f13 + tr45: + cs = 32 + goto f14 + tr57: + cs = 33 + goto _again + tr48: + cs = 33 + goto f16 + tr53: + cs = 33 + goto f19 + tr54: + cs = 33 + goto f20 + tr58: + cs = 34 + goto _again + tr55: + cs = 34 + goto f20 + tr61: + cs = 35 + goto f16 + tr60: + cs = 35 + goto f22 + tr62: + cs = 36 + goto f14 + tr67: + cs = 37 + goto _again + tr47: + cs = 37 + goto f16 + tr63: + cs = 37 + goto f19 + tr64: + cs = 37 + goto f20 + tr68: + cs = 38 + goto _again + tr65: + cs = 38 + goto f20 + tr71: + cs = 39 + goto f16 + tr70: + cs = 39 + goto f23 + tr52: + cs = 40 + goto f17 + + f0: +//line cef.rl:37 + + mark = p + + goto _again + f1: +//line cef.rl:40 + + e.Version, _ = strconv.Atoi(data[mark:p]) + + goto _again + f3: +//line cef.rl:43 + + e.DeviceVendor = replaceHeaderEscapes(data[mark:p]) + + goto _again + f5: +//line cef.rl:46 + + e.DeviceProduct = replaceHeaderEscapes(data[mark:p]) + + goto _again + f7: +//line cef.rl:49 + + e.DeviceVersion = replaceHeaderEscapes(data[mark:p]) + + goto _again + f9: +//line cef.rl:52 + + e.DeviceEventClassID = replaceHeaderEscapes(data[mark:p]) + + goto _again + f11: +//line cef.rl:55 + + e.Name = replaceHeaderEscapes(data[mark:p]) + + goto _again + f13: +//line cef.rl:58 + + e.Severity = data[mark:p] + + goto _again + f14: +//line cef.rl:61 + + // A new extension key marks the end of the last extension value. + if len(extKey) > 0 && extValueStart <= mark-1 { + e.pushExtension(extKey, replaceExtensionEscapes(data[extValueStart:mark-1])) + extKey, extValueStart, extValueEnd = "", 0, 0 + } + extKey = data[mark:p] + + goto _again + f20: +//line cef.rl:69 + + extValueStart = p + extValueEnd = p + + goto _again + f16: +//line cef.rl:73 + + extValueEnd = p + 1 + + goto _again + f15: +//line cef.rl:83 + + recoveredErrs = append(recoveredErrs, fmt.Errorf("malformed value for %s at pos %d", extKey, p+1)) + (p)-- + cs = 28 + goto _again + f17: +//line cef.rl:87 + + extKey, extValueStart, extValueEnd = "", 0, 0 + // Resume processing at p, the start of the next extension key. + p = mark + cs = 24 + goto _again + f2: +//line cef.rl:37 + + mark = p + +//line cef.rl:43 + + e.DeviceVendor = replaceHeaderEscapes(data[mark:p]) + + goto _again + f4: +//line cef.rl:37 + + mark = p + +//line cef.rl:46 + + e.DeviceProduct = replaceHeaderEscapes(data[mark:p]) + + goto _again + f6: +//line cef.rl:37 + + mark = p + +//line cef.rl:49 + + e.DeviceVersion = replaceHeaderEscapes(data[mark:p]) + + goto _again + f8: +//line cef.rl:37 + + mark = p + +//line cef.rl:52 + + e.DeviceEventClassID = replaceHeaderEscapes(data[mark:p]) + + goto _again + f10: +//line cef.rl:37 + + mark = p + +//line cef.rl:55 + + e.Name = replaceHeaderEscapes(data[mark:p]) + + goto _again + f12: +//line cef.rl:37 + + mark = p + +//line cef.rl:58 + + e.Severity = data[mark:p] + + goto _again + f23: +//line cef.rl:37 + + mark = p + +//line cef.rl:73 + + extValueEnd = p + 1 + + goto _again + f19: +//line cef.rl:69 + + extValueStart = p + extValueEnd = p + +//line cef.rl:73 + + extValueEnd = p + 1 + + goto _again + f22: +//line cef.rl:73 + + extValueEnd = p + 1 + +//line cef.rl:37 + + mark = p + + goto _again + + _again: + if cs == 0 { + goto _out + } + if (p)++; (p) != (pe) { + goto _resume + } + _test_eof: + { + } + if (p) == eof { + switch _cef_eof_actions[cs] { + case 22: +//line cef.rl:76 + + // Reaching the EOF marks the end of the final extension value. + if len(extKey) > 0 && extValueStart <= extValueEnd { + e.pushExtension(extKey, replaceExtensionEscapes(data[extValueStart:extValueEnd])) + extKey, extValueStart, extValueEnd = "", 0, 0 + } + + case 16: +//line cef.rl:83 + + recoveredErrs = append(recoveredErrs, fmt.Errorf("malformed value for %s at pos %d", extKey, p+1)) + (p)-- + cs = 28 + goto _again + + case 19: +//line cef.rl:69 + + extValueStart = p + extValueEnd = p + +//line cef.rl:76 + + // Reaching the EOF marks the end of the final extension value. + if len(extKey) > 0 && extValueStart <= extValueEnd { + e.pushExtension(extKey, replaceExtensionEscapes(data[extValueStart:extValueEnd])) + extKey, extValueStart, extValueEnd = "", 0, 0 + } + +//line parser.go:883 + } + } + + _out: + { + } + } + +//line cef.rl:145 + + // Check if state machine completed. + if cs < cef_first_final { + // Reached an early end. + if p == pe { + return multierr.Append(multierr.Combine(recoveredErrs...), fmt.Errorf("unexpected end of CEF event")) + } + + // Encountered invalid input. + return multierr.Append(multierr.Combine(recoveredErrs...), fmt.Errorf("error in CEF event at pos %d", p+1)) + } + + return multierr.Combine(recoveredErrs...) +} diff --git a/filebeat/processors/decode_cef/cef/types.go b/filebeat/processors/decode_cef/cef/types.go new file mode 100644 index 00000000000..6ef0b830622 --- /dev/null +++ b/filebeat/processors/decode_cef/cef/types.go @@ -0,0 +1,141 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package cef + +import ( + "net" + "strconv" + "time" + + "github.com/pkg/errors" + + "github.com/elastic/beats/v7/libbeat/common" +) + +// DataType specifies one of CEF data types. +type DataType uint8 + +// List of DataTypes. +const ( + Unset DataType = iota + IntegerType + LongType + FloatType + DoubleType + StringType + BooleanType + IPType + MACAddressType + TimestampType +) + +// ToType converts the given value string value to the specified data type. +func ToType(value string, typ DataType) (interface{}, error) { + switch typ { + case StringType: + return value, nil + case LongType: + return toLong(value) + case IntegerType: + return toInteger(value) + case FloatType: + return toFloat(value) + case DoubleType: + return toDouble(value) + case BooleanType: + return toBoolean(value) + case IPType: + return toIP(value) + case MACAddressType: + return toMACAddress(value) + case TimestampType: + return toTimestamp(value) + default: + return nil, errors.Errorf("invalid data type: %v", typ) + } +} + +func toLong(v string) (int64, error) { + return strconv.ParseInt(v, 0, 64) +} + +func toInteger(v string) (int32, error) { + i, err := strconv.ParseInt(v, 0, 32) + return int32(i), err +} + +func toFloat(v string) (float32, error) { + f, err := strconv.ParseFloat(v, 32) + return float32(f), err +} + +func toDouble(v string) (float64, error) { + f, err := strconv.ParseFloat(v, 64) + return f, err +} + +func toBoolean(v string) (bool, error) { + return strconv.ParseBool(v) +} + +func toIP(v string) (string, error) { + // This is validating that the value is an IP. + if net.ParseIP(v) != nil { + return v, nil + } + return "", errors.New("value is not a valid IP address") +} + +// toMACAddress accepts a MAC addresses as hex characters separated by colon, +// dot, or dash. It returns lowercase hex characters separated by colons. +func toMACAddress(v string) (string, error) { + // CEF specifies that MAC addresses are colon separated, but this will be a + // little more liberal. + hw, err := net.ParseMAC(v) + if err != nil { + return "", err + } + return hw.String(), nil +} + +var timeLayouts = []string{ + // MMM dd HH:mm:ss.SSS zzz + "Jan _2 15:04:05.000 MST", + // MMM dd HH:mm:sss.SSS + "Jan _2 15:04:05.000", + // MMM dd HH:mm:ss zzz + "Jan _2 15:04:05 MST", + // MMM dd HH:mm:ss + "Jan _2 15:04:05", + // MMM dd yyyy HH:mm:ss.SSS zzz + "Jan _2 2006 15:04:05.000 MST", + // MMM dd yyyy HH:mm:ss.SSS + "Jan _2 2006 15:04:05.000", + // MMM dd yyyy HH:mm:ss zzz + "Jan _2 2006 15:04:05 MST", + // MMM dd yyyy HH:mm:ss + "Jan _2 2006 15:04:05", +} + +func toTimestamp(v string) (common.Time, error) { + if unixMs, err := toLong(v); err == nil { + return common.Time(time.Unix(0, unixMs*int64(time.Millisecond))), nil + } + + for _, layout := range timeLayouts { + ts, err := time.ParseInLocation(layout, v, time.UTC) + if err == nil { + // Use current year if no year is zero. + if ts.Year() == 0 { + currentYear := time.Now().In(ts.Location()).Year() + ts = ts.AddDate(currentYear, 0, 0) + } + + return common.Time(ts), nil + } + } + + return common.Time(time.Time{}), errors.New("value is not a valid timestamp") +} diff --git a/filebeat/processors/decode_cef/config.go b/filebeat/processors/decode_cef/config.go new file mode 100644 index 00000000000..361a66672da --- /dev/null +++ b/filebeat/processors/decode_cef/config.go @@ -0,0 +1,22 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package decode_cef + +type config struct { + Field string `config:"field"` // Source field containing the CEF message. + TargetField string `config:"target_field"` // Target field for the CEF object. + IgnoreMissing bool `config:"ignore_missing"` // Ignore missing source field. + IgnoreFailure bool `config:"ignore_failure"` // Ignore failures when the source field does not contain a CEF message. Parse errors do not cause failures, but are added to error.message. + ID string `config:"id"` // Instance ID for debugging purposes. + ECS bool `config:"ecs"` // Generate ECS fields. +} + +func defaultConfig() config { + return config{ + Field: "message", + TargetField: "cef", + ECS: true, + } +} diff --git a/filebeat/processors/decode_cef/decode_cef.go b/filebeat/processors/decode_cef/decode_cef.go new file mode 100644 index 00000000000..dc63c9cd195 --- /dev/null +++ b/filebeat/processors/decode_cef/decode_cef.go @@ -0,0 +1,257 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package decode_cef + +import ( + "encoding/json" + "strconv" + "strings" + + "github.com/pkg/errors" + "go.uber.org/multierr" + + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/common/cfgwarn" + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/libbeat/processors" + "github.com/elastic/beats/v7/x-pack/filebeat/processors/decode_cef/cef" +) + +const ( + procName = "decode_cef" + logName = "processor." + procName +) + +func init() { + processors.RegisterPlugin(procName, New) +} + +type processor struct { + config + log *logp.Logger +} + +// New constructs a new processor built from ucfg config. +func New(cfg *common.Config) (processors.Processor, error) { + c := defaultConfig() + if err := cfg.Unpack(&c); err != nil { + return nil, errors.Wrap(err, "fail to unpack the "+procName+" processor configuration") + } + + return newDecodeCEF(c) +} + +func newDecodeCEF(c config) (*processor, error) { + cfgwarn.Beta("The " + procName + " processor is a beta feature.") + + log := logp.NewLogger(logName) + if c.ID != "" { + log = log.With("instance_id", c.ID) + } + + return &processor{config: c, log: log}, nil +} + +func (p *processor) String() string { + json, _ := json.Marshal(p.config) + return procName + "=" + string(json) +} + +func (p *processor) Run(event *beat.Event) (*beat.Event, error) { + v, err := event.GetValue(p.Field) + if err != nil { + if p.IgnoreMissing { + return event, nil + } + return event, errors.Wrapf(err, "decode_cef field [%v] not found", p.Field) + } + + cefData, ok := v.(string) + if !ok { + if p.IgnoreFailure { + return event, nil + } + return event, errors.Wrapf(err, "decode_cef field [%v] is not a string", p.Field) + } + + // Ignore any leading data before the CEF header. + idx := strings.Index(cefData, "CEF:") + if idx == -1 { + if p.IgnoreFailure { + return event, nil + } + return event, errors.Errorf("decode_cef field [%v] does not contain a CEF header", p.Field) + } + cefData = cefData[idx:] + + // If the version < 0 after parsing then none of the data is valid so return here. + var ce cef.Event + if err = ce.Unpack(cefData, cef.WithFullExtensionNames()); ce.Version < 0 && err != nil { + if p.IgnoreFailure { + return event, nil + } + return event, errors.Wrap(err, "decode_cef failed to parse message") + } + + cefErrors := multierr.Errors(err) + cefObject := toCEFObject(&ce) + event.PutValue(p.TargetField, cefObject) + + // Map CEF extension fields to ECS fields. + if p.ECS { + writeCEFHeaderToECS(&ce, event) + + for key, field := range ce.Extensions { + mapping, found := ecsExtensionMapping[key] + if !found { + continue + } + + // Apply translation function or use a standard type translation (e.g. string to long). + if mapping.Translate != nil { + translatedValue, err := mapping.Translate(field) + if err != nil { + cefErrors = append(cefErrors, errors.Wrap(err, key)) + continue + } + if translatedValue != nil { + event.PutValue(mapping.Target, translatedValue) + } + } else if field.Interface != nil { + event.PutValue(mapping.Target, field.Interface) + } else { + event.PutValue(mapping.Target, field.String) + } + } + } + + // Add all parsing/conversion errors to error.message. + for _, cefError := range cefErrors { + if err := appendErrorMessage(event.Fields, cefError.Error()); err != nil { + p.log.Warn("Failed adding CEF errors to event.", "error", err) + break + } + } + + return event, nil +} + +func toCEFObject(cefEvent *cef.Event) common.MapStr { + // Add CEF header fields. + cefObject := common.MapStr{"version": strconv.Itoa(cefEvent.Version)} + if cefEvent.DeviceVendor != "" { + cefObject.Put("device.vendor", cefEvent.DeviceVendor) + } + if cefEvent.DeviceProduct != "" { + cefObject.Put("device.product", cefEvent.DeviceProduct) + } + if cefEvent.DeviceVersion != "" { + cefObject.Put("device.version", cefEvent.DeviceVersion) + } + if cefEvent.DeviceEventClassID != "" { + cefObject.Put("device.event_class_id", cefEvent.DeviceEventClassID) + } + if cefEvent.Name != "" { + cefObject.Put("name", cefEvent.Name) + } + if cefEvent.Severity != "" { + cefObject.Put("severity", cefEvent.Severity) + } + + // Add CEF extensions (key-value pairs). + if len(cefEvent.Extensions) > 0 { + extensions := make(common.MapStr, len(cefEvent.Extensions)) + cefObject.Put("extensions", extensions) + for k, field := range cefEvent.Extensions { + if field.Interface != nil { + extensions.Put(k, field.Interface) + } else { + extensions.Put(k, field.String) + } + } + } + + return cefObject +} + +func writeCEFHeaderToECS(cefEvent *cef.Event, event *beat.Event) { + if cefEvent.DeviceVendor != "" { + event.PutValue("observer.vendor", cefEvent.DeviceVendor) + } + if cefEvent.DeviceProduct != "" { + // TODO: observer.product is not officially part of ECS. + event.PutValue("observer.product", cefEvent.DeviceProduct) + } + if cefEvent.DeviceVersion != "" { + event.PutValue("observer.version", cefEvent.DeviceVersion) + } + if cefEvent.DeviceEventClassID != "" { + event.PutValue("event.code", cefEvent.DeviceEventClassID) + } + if cefEvent.Name != "" { + event.PutValue("message", cefEvent.Name) + } + if cefEvent.Severity != "" { + if sev, ok := cefSeverityToNumber(cefEvent.Severity); ok { + event.PutValue("event.severity", sev) + } + } +} + +func appendErrorMessage(m common.MapStr, msg string) error { + const field = "error.message" + list, _ := m.GetValue(field) + + switch v := list.(type) { + case nil: + m.Put(field, msg) + case string: + if msg != v { + m.Put(field, []string{v, msg}) + } + case []string: + for _, existingTag := range v { + if msg == existingTag { + // Duplicate + return nil + } + } + m.Put(field, append(v, msg)) + case []interface{}: + for _, existingTag := range v { + if msg == existingTag { + // Duplicate + return nil + } + } + m.Put(field, append(v, msg)) + default: + return errors.Errorf("unexpected type %T found for %v field", list, field) + } + return nil +} + +// cefSeverityToNumber converts the CEF severity string to a numeric value. The +// returned boolean indicates if the conversion was successful. +func cefSeverityToNumber(severity string) (int, bool) { + // From CEF spec: + // Severity is a string or integer and reflects the importance of the event. + // The valid string values are Unknown, Low, Medium, High, and Very-High. + // The valid integer values are 0-3=Low, 4-6=Medium, 7- 8=High, and 9-10=Very-High. + switch strings.ToLower(severity) { + case "low": + return 0, true + case "medium": + return 4, true + case "high": + return 7, true + case "very-high": + return 9, true + default: + s, err := strconv.Atoi(severity) + return s, err == nil + } +} diff --git a/filebeat/processors/decode_cef/decode_cef_test.go b/filebeat/processors/decode_cef/decode_cef_test.go new file mode 100644 index 00000000000..710bb894064 --- /dev/null +++ b/filebeat/processors/decode_cef/decode_cef_test.go @@ -0,0 +1,337 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package decode_cef + +import ( + "bufio" + "encoding/json" + "flag" + "os" + "reflect" + "testing" + + "github.com/pmezard/go-difflib/difflib" + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common" +) + +var updateGolden = flag.Bool("update", false, "update golden test files") + +func TestProcessorRun(t *testing.T) { + type testCase struct { + config func() config + message string + fields common.MapStr + } + + var testCases = map[string]testCase{ + "custom_target_root": { + config: func() config { + c := defaultConfig() + c.TargetField = "" + return c + }, + message: "CEF:1|Trend Micro|Deep Security Manager|1.2.3|600|User Signed In|3|src=10.52.116.160 suser=admin target=admin msg=User signed in from 2001:db8::5", + fields: common.MapStr{ + "version": "1", + "device.event_class_id": "600", + "device.product": "Deep Security Manager", + "device.vendor": "Trend Micro", + "device.version": "1.2.3", + "name": "User Signed In", + "severity": "3", + "event.severity": 3, + "extensions.message": "User signed in from 2001:db8::5", + "extensions.sourceAddress": "10.52.116.160", + "extensions.sourceUserName": "admin", + "extensions.target": "admin", + // ECS + "event.code": "600", + "message": "User signed in from 2001:db8::5", + "observer.product": "Deep Security Manager", + "observer.vendor": "Trend Micro", + "observer.version": "1.2.3", + "source.ip": "10.52.116.160", + "source.user.name": "admin", + }, + }, + "parse_errors": { + message: "CEF:0|Trend Micro|Deep Security Manager|1.2.3|600|User Signed In|Low|msg=User signed in with =xyz", + fields: common.MapStr{ + "cef.version": "0", + "cef.device.event_class_id": "600", + "cef.device.product": "Deep Security Manager", + "cef.device.vendor": "Trend Micro", + "cef.device.version": "1.2.3", + "cef.name": "User Signed In", + "cef.severity": "Low", + // ECS + "event.code": "600", + "event.severity": 0, + "observer.product": "Deep Security Manager", + "observer.vendor": "Trend Micro", + "observer.version": "1.2.3", + "message": "User Signed In", + "error.message": []string{ + "malformed value for msg at pos 94", + "unexpected end of CEF event", + }, + }, + }, + "ecs_disabled": { + config: func() config { + c := defaultConfig() + c.ECS = false + return c + }, + message: "CEF:0|Trend Micro|Deep Security Manager|1.2.3|600|User Signed In|3|src=10.52.116.160 suser=admin target=admin msg=User signed in from 2001:db8::5", + fields: common.MapStr{ + "cef.version": "0", + "cef.device.event_class_id": "600", + "cef.device.product": "Deep Security Manager", + "cef.device.vendor": "Trend Micro", + "cef.device.version": "1.2.3", + "cef.name": "User Signed In", + "cef.severity": "3", + "cef.extensions.message": "User signed in from 2001:db8::5", + "cef.extensions.sourceAddress": "10.52.116.160", + "cef.extensions.sourceUserName": "admin", + "cef.extensions.target": "admin", + "message": "CEF:0|Trend Micro|Deep Security Manager|1.2.3|600|User Signed In|3|src=10.52.116.160 suser=admin target=admin msg=User signed in from 2001:db8::5", + }, + }, + } + + dec, err := newDecodeCEF(defaultConfig()) + if err != nil { + t.Fatal(err) + } + + for name, tc := range testCases { + t.Run(name, func(t *testing.T) { + dec := dec + if tc.config != nil { + dec, err = newDecodeCEF(tc.config()) + if err != nil { + t.Fatal(err) + } + } + + evt := &beat.Event{ + Fields: common.MapStr{ + "message": tc.message, + }, + } + + evt, err = dec.Run(evt) + if err != nil { + t.Fatal(err) + } + + assertEqual(t, tc.fields, evt.Fields.Flatten()) + }) + } + + t.Run("not_cef", func(t *testing.T) { + evt := &beat.Event{ + Fields: common.MapStr{ + "message": "hello world!", + }, + } + + _, err = dec.Run(evt) + if assert.Error(t, err) { + assert.Contains(t, err.Error(), "does not contain a CEF header") + } + }) + + t.Run("leading_garbage", func(t *testing.T) { + tc := testCases["custom_target_root"] + + evt := &beat.Event{ + Fields: common.MapStr{ + "message": "leading garbage" + tc.message, + }, + } + + evt, err = dec.Run(evt) + if err != nil { + t.Fatal(err) + } + + version, _ := evt.GetValue("cef.version") + assert.EqualValues(t, "1", version) + }) +} + +func TestGolden(t *testing.T) { + const source = "testdata/samples.log" + + events := readCEFSamples(t, source) + + if *updateGolden { + writeGoldenJSON(t, source, events) + return + } + + expected := readGoldenJSON(t, source) + if !assert.Len(t, events, len(expected)) { + return + } + for i, e := range events { + assertEqual(t, expected[i], normalize(t, e)) + } +} + +func readCEFSamples(t testing.TB, source string) []common.MapStr { + f, err := os.Open(source) + if err != nil { + t.Fatal(err) + } + defer f.Close() + + conf := defaultConfig() + conf.Field = "event.original" + dec, err := newDecodeCEF(conf) + if err != nil { + t.Fatal(err) + } + + var samples []common.MapStr + s := bufio.NewScanner(f) + for s.Scan() { + data := s.Bytes() + if len(data) == 0 || data[0] == '#' { + continue + } + + evt := &beat.Event{ + Fields: common.MapStr{ + "event": common.MapStr{"original": string(data)}, + }, + } + + evt, err := dec.Run(evt) + if err != nil { + t.Fatalf("Error reading from %v: %v", source, err) + } + + samples = append(samples, evt.Fields) + } + if err = s.Err(); err != nil { + t.Fatal(err) + } + + return samples +} + +func readGoldenJSON(t testing.TB, source string) []common.MapStr { + source = source + ".golden.json" + + f, err := os.Open(source) + if err != nil { + t.Fatal(err) + } + defer f.Close() + + dec := json.NewDecoder(bufio.NewReader(f)) + + var events []common.MapStr + if err = dec.Decode(&events); err != nil { + t.Fatal(err) + } + + return events +} + +func writeGoldenJSON(t testing.TB, source string, events []common.MapStr) { + dest := source + ".golden.json" + + f, err := os.OpenFile(dest, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644) + if err != nil { + t.Fatal(err) + } + defer f.Close() + + enc := json.NewEncoder(f) + enc.SetIndent("", " ") + if err = enc.Encode(events); err != nil { + t.Fatal(err) + } +} + +func normalize(t testing.TB, m common.MapStr) common.MapStr { + data, err := json.Marshal(m) + if err != nil { + t.Fatal(err) + } + + var out common.MapStr + if err = json.Unmarshal(data, &out); err != nil { + t.Fatal(err) + } + + return out +} + +// assertEqual asserts that the two objects are deeply equal. If not it will +// error the test and output a diff of the two objects' JSON representation. +func assertEqual(t testing.TB, expected, actual interface{}) bool { + t.Helper() + + if reflect.DeepEqual(expected, actual) { + return true + } + + expJSON, _ := json.MarshalIndent(expected, "", " ") + actJSON, _ := json.MarshalIndent(actual, "", " ") + + diff, _ := difflib.GetUnifiedDiffString(difflib.UnifiedDiff{ + A: difflib.SplitLines(string(expJSON)), + B: difflib.SplitLines(string(actJSON)), + FromFile: "Expected", + ToFile: "Actual", + Context: 1, + }) + t.Errorf("Expected and actual are different:\n%s", diff) + return false +} + +func BenchmarkProcessorRun(b *testing.B) { + dec, err := newDecodeCEF(defaultConfig()) + if err != nil { + b.Fatal(err) + } + + const msg = `CEF:1|Trend Micro|Deep Security Manager|1.2.3|600|User Signed In|3|src=10.52.116.160 suser=admin target=admin msg=User signed in from 2001:db8::5` + b.Run("short_msg", func(b *testing.B) { + for i := 0; i < b.N; i++ { + _, err := dec.Run(&beat.Event{ + Fields: map[string]interface{}{ + "message": msg, + }, + }) + if err != nil { + b.Fatal(err) + } + } + }) + + const longMsg = `CEF:0|CISCO|ASA||305012|Teardown dynamic UDP translation|Low| eventId=56265798504 mrt=1484092683471 proto=UDP categorySignificance=/Informational categoryBehavior=/Access/Stop categoryDeviceGroup=/Firewall catdt=Firewall categoryOutcome=/Success categoryObject=/Host/Application/Service modelConfidence=0 severity=4 relevance=10 assetCriticality=0 priority=4 art=1484096108163 deviceSeverity=6 rt=1484096094000 src=1.2.3.4 sourceZoneID=GqtK3G9YBABCadQ465CqVeW\=\= sourceZoneURI=/All Zones/GTR/GTR/GTR/GTR sourceTranslatedAddress=4.3.2.1 sourceTranslatedZoneID=P84KXXTYDFYYFwwHq40BQcd\=\= sourceTranslatedZoneURI=/All Zones/GTR/GTR Internet Primary spt=5260 sourceTranslatedPort=5260 cs5=dynamic cs6=0:00:00 c6a4=ffff:0:0:0:222:5555:ffff:5555 locality=1 cs1Label=ACL cs2Label=Unit cs3Label=TCP Flags cs4Label=Order cs5Label=Connection Type cs6Label=Duration cn1Label=ICMP Type cn2Label=ICMP Code cn3Label=DurationInSeconds c6a4Label=Agent IPv6 Address ahost=host.gtr.gtr agt=100.222.333.55 av=7.1.7.7602.0 atz=LA/la aid=4p9IZi1kBABCq5RFPFdJWYUw\=\= at=agent_ac dvchost=super dvc=111.111.111.99 deviceZoneID=K-fU33AAOGVdfFpYAT3UdQ\=\= deviceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255 deviceAssetId=5Wa8hHVSDFBCc-t56wI7mTw\=\= dtz=LA/LA deviceInboundInterface=eth0 deviceOutboundInterface=eth1 eventAnnotationStageUpdateTime=1484097686473 eventAnnotationModificationTime=1484097686475 eventAnnotationAuditTrail=1,1484012146095,root,Queued,,,,\\n eventAnnotationVersion=1 eventAnnotationFlags=0 eventAnnotationEndTime=1484096094000 eventAnnotationManagerReceiptTime=1484097686471 originalAgentHostName=host originalAgentAddress=10.2.88.3 originalAgentZoneURI=/All Zones/GR/GR/GR originalAgentVersion=7.3.0.7885.0 originalAgentId=6q0sfHVcBABCcSDFvMpvc1w\=\= originalAgentType=syslog_file _cefVer=0.1 ad.arcSightEventPath=7q0sfHVcBABCcMZVvMSDFc1w\=\=` + b.Run("long_msg", func(b *testing.B) { + for i := 0; i < b.N; i++ { + _, err := dec.Run(&beat.Event{ + Fields: map[string]interface{}{ + "message": longMsg, + }, + }) + if err != nil { + b.Fatal(err) + } + } + }) +} diff --git a/filebeat/processors/decode_cef/docs/decode_cef.asciidoc b/filebeat/processors/decode_cef/docs/decode_cef.asciidoc new file mode 100644 index 00000000000..dcde727efba --- /dev/null +++ b/filebeat/processors/decode_cef/docs/decode_cef.asciidoc @@ -0,0 +1,41 @@ +[[processor-decode-cef]] +[role="xpack"] +=== Decode CEF + +++++ +decode_cef +++++ + +beta[] + +The `decode_cef` processor decodes Common Event Format (CEF) messages. This +processor is available in Filebeat. + +Below is an example configuration that decodes the `message` field as CEF after +renaming it to `event.original`. It is best to rename `message` to +`event.original` because the decoded CEF data contains its own `message` field. + +[source,yaml] +---- +processors: +- rename: + fields: + - {from: "message", to: "event.original"} +- decode_cef: + field: event.original +---- + +The `decode_cef` processor has the following configuration settings. + +.Decode CEF options +[options="header"] +|====== +| Name | Required | Default | Description +| `field` | no | message | Source field containing the CEF message to be parsed. | +| `target_field` | no | cef | Target field where the parsed CEF object will be written. | +| `ecs` | no | true | Generate Elastic Common Schema (ECS) fields from the CEF data. + Certain CEF header and extension values will be used to populate ECS fields. | +| `ignore_missing` | no | false | Ignore errors when the source field is missing. | +| `ignore_failure` | no | false | Ignore failures when the source field does not contain a CEF message. | +| `id` | no | | An identifier for this processor instance. Useful for debugging. | +|====== diff --git a/filebeat/processors/decode_cef/fields.go b/filebeat/processors/decode_cef/fields.go new file mode 100644 index 00000000000..d885d6210e1 --- /dev/null +++ b/filebeat/processors/decode_cef/fields.go @@ -0,0 +1,23 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package decode_cef + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "decode_cef", asset.ModuleFieldsPri, AssetDecodeCef); err != nil { + panic(err) + } +} + +// AssetDecodeCef returns asset data. +// This is the base64 encoded gzipped contents of processors/decode_cef. +func AssetDecodeCef() string { + return "eJzsPWlz28aS3/0rurQf7FRRiuTr7dNW3paeaMXcsmyujmRra6uSIdAkZzWYQWYGpJBf/2ouEOABUgDoxGL0wQlJoM+Znu5Gd+MYHjA/hwjHLwA01QzPoY+RiBEuP1xBKkWESgkJY4osVi8AYlSRpKmmgp/DP14AAFyKJBEcPsyQa7gSMiEaXl1+uPoOYqLJyQvwd5/bq4+BkwQDTvOn8xTPYSJFlvpv1iAxf//MIcYxyZgGPUX4NbaU/hLh+NcSqXNJNSogjFn8MJYisddffrgqQCWoFJkgaAF6ShX8aoGI0f9jpE9goCESXBPKVbgTpkhiDIIAwmPzSwEPHzVyRQUveDZ/Zb7LvM9QmmuL74MMHjCfCxmXvt8gCfP3kwMCYlzQqFKM6JhGxFwPmcIYRrn91fN78mKFlhhnNMKTGfJYyLYUGRiBIAcY9JRoo504izDejRZ3tW5HzNABaU/NPpTlOWxCDppt9kvEiFK/0LgdVfec/pYh0Bi5pmOKhe4sEgtxDSEKZyipznfAjY8kSY1R+QllfvyRTqa7ETZIUiE14RFWKDqBuynCjDAag9KS8on5kJndLhHu+QMXc96DT2Leq4C7xphmSQ8MAT27dwt6yiAp1zhBWYZ5evzmhxVwb4/f/xBA/u0Y/v2HBdy/H5+d/rAAvio88287pd1OhdTlC6oiWkVZ2Ca1grhsdLegvRSMYRTwPWB+bMUEKaFSQUSkpGhEWBijhUm0ZvCkgsZa8V/sD+cwJkyVhbJsNsvMkAlyfRHHEpWqXBBYounS1xWejLIHQyAOQJDchYxu6WRqrT7HSAtZ7ExzqPituSzfFbL6XPVFQihfS9iqktdS1/98C7GFYkF3TOJHofTn6hJ8MoVTofQeSBssI34SURYEDPodE3VNorrFtiNx1xeXe1pyn3WrFVcD+QYjpKm+oxsWS0z08g8rfGuaIBAN8ymNpkD52DqHxiSQkch06aiZEwXSYJwtfJZVEdVJwhD6v4K3WtluEVmqfxe86wV+JwlXjGiMG9uvnaAbKXx41Cg5YYN+9yujiun+ZrAHFHnahSLztIkOa+j6acUXfDJps6on2NHa2rfO96LpNGU+VhlKoUUkWFPBXixAAcMZMiM/C7EXfNCyV/fx7m7Ys//e9uD29uPsdQ/ukHHUPRh+GfZgcD28MP9emAuMX6cECL5BASOi0Aa/lyLjei0LTPBJLf0QmXuBKCUiarYWzKmeutjUu74fxRwSwnNrn5S1mPZnZY5iZ0XFSKGcYfyfYEmBiHAYIYiEagOSjoFqoArONnGSa1SD9ct7Gwufs2TkAggLBbSxEmOU0nqFI5HxuAcSGdF05uNuBCUyGdlPMSpNudOgu0pwNaVpDxIk3Hj6dlvYiN6wPmZibr610f1aMHU8fsma6amOSZFpy2UDJk/gSsiwUHv2JgMfeIHOZTLKPLugdgGvgmwD71GmtEhQ7slSBPBdG4oSm809/0EIctWK6IJrZlfYwieROEapjGApB8JN3MBRz4V8cEGj82bMfrI/zt4GQBukX0LZdaSQEllkOiJhVpFGGGeM5fBbRphhO65EFa+u/rv/+bvthP6I4hPRVGfxBi9QZCO21Q9kDgTlhDkz7JawcwuXtPFSlQO0EZotuYNEDaGCT1pT6mHsk9S2MVjNSrYrmPCnLWA1FRmLzUFBdlgza86oKg1cxNiD+RQ5EPvB7pAZoYyM2CbLVALQPuS6pY8QCSb4scIUpSV1io8kxogmhHmzuoOmWkZXVsg/Ux6LuVoX06+xQdtpGgrZ7Oxa5LlSIXUQgvWHRqjniBxOra/z/t27N+92IMR5qBvC9m3UDKWY0dgv4UXYXhaJd4HXLjjvE1WOTTpeLP0ifR+ADPpwdvquB0dnp++OzIr0aVj/487stk2elPVvSX2p1jG9nZ5blDMaYVt6lAMDmsgJ6hB8F17nVjI6CGqXDZouQK7atp1O5ycQ3Xg3mRuBjDVK41NbZ7wA+h/Gsi7WJYExlTgnjJ3AT+s34KnhY8d991UC/Y34mvt2drnd3wyscIweF4DBQF4ouGIXlUINU2LOV7Qf6YSbqNjqPUTP26V2r1A2zzDWHLmZQmk2zaC/bI443H8e/I9z56UQ2l1KFUyQoyTmoF02bfaKQR9Od2NoT15EYMngNJ4CVcFg2l822uOqKTuBDwmhLJxsPvQWY40cEpKmNi70UUtgxqf+nXsiMaIpNXvdOBAmmI1pTLSNpNJMh7upCg8YdhHZUNIZZTjBVgldnac0Ch6iY+zoIk4op0pLooU86sGRQXfk0gdHP2ao9FEQZr3oX5pTK1B5AoOwjqpGJdJ0RnUO+IhRZnQh+NJKmwe3rsDnFbYkEljIxJxMS4xsF+vXMUMdG5+9WRxzml7Y52SNk1nuKZsmD8hDLtw//K1F2l1obD2CSlS8S0xRR9ylTQ1cMUE05ZOhoFyffSIjbJ7xY8znG0JJxpTMTAQTCSlRpYLHlE+AGRzePsAHEk2976WCqXG2xT9MNlvVYRl5WaSZTIUqPLYyxqfy++bA+H37/PntE41njZ6OffFPl+bCpXM1SdKitijEymaXJaT43iVABXChbe48N78TnoPQU+NYcHcYxtTaDyLzXTk4DEW9/uYV9fr5K6p6QjRM5HmdjUUmYewBQmog/hGaq7C0YRF+0ywd2Kp88/xU+PZZsDQYzt57J3i95aj3gsvMGFCFA/wHs/L8t1eJ2/X28ZtU3AHYxRK3663iN6m4AwjUStyut/3fpOIOIOJ0BSjrj7dtjyxCKDOVWJSWdK4wuFcIKiWGe5a72inEByCQCIlFh0qvdA+oLE0ZxdhhdY+OU6EUrXtevCKTQ1H++iPysJV/AGetY3T9MXvYyj+A8/rWgl1v9nfg0etf0UdP4Deudy+OQ9H7eot/sHo/AGPvGF1v7A9W7wdj59eHZAer9wMI6xyj7/7Se0Uch6L393/pvSKO56z3PpW4uTpoa58Yz9e00c6tbgNgS0/oBINIJEnGQ2/clChXVxQaAJhvKSoVshkdCqkxhmM4Oj2yFVO+gQuEhKMz91Vod6rn9k/e52JodK17RONEyLwpnTeYSlTItVsdkQe3qB7zdVxC0oktNOOTUNMFfftf5UsjM4XmSipBzHkARH93+lPRFBNitq4dAELHeaiE/+C7HI++vxacaiG/71P18P0NknhzCZ9lP1TuNS6OvXCithYmsxNFWL5a42hrylzlq3btfFuLzM0tVySirDps5MkLaOxhbEBfLdu9zRUTE7tTCAd8TBmNqF7AWK5+xRnKfBdGGD52kb2dCyDMqsz2GD6LbE5JNs/Z9i/YbJfDfd5L4FmH913MX+mybc9a5YYde+begXMMBlyjHJOoeTdCAACCl5otUxI9oDZuh22ARnOVH4mwQ0V0x52E5OmdhLZDa99NhOVq7VpKvniX7Stpi+FY76qqIcmZIHFzJ2R1lFmo9E8d6Jo2wlrC9tHlGPoOvbO+zjl6Am1t7IkH4VZUTaPlBS/maCR2XMkIK5ws0a6cE4Vcyzw0QtWy0v20oXKnoGsy871GRedMeebQckf/9fU1xDHkeZ7Dx4/nSXJu1CUhoYxRhZHgsQJFeYSAqYim8Oq/CIczpeHs7387/a6O1S4GFRlW7YSisMibLqF9t2+udpK06uCskrzXxqNVVF+n9dFJrH0P0t6F014k9R1Z7QWBPO7YoBS2Y8mmuAWNPO7QklhDUrG8RUOfxFTIxS7nsTlYCChUavPgG0tjw3Ms9IASH+Cbs8yqqhhf5TRjdzMad7rO9NjfvmQ6Es0Prj5VKSO5MznCwepBpjLfVwsvVRaZo+mlEfbLMaEsk/hyE0WtkyB37oAPM3cJX5vquZtibpNsgVDKI4lEmWu8L9lbl2HgepNnN6YMLyUSjc2Xulnm1vs3sjQA7dEYWaibwhlz2Ueipk3lZe51q9ZAqkHSIi/FjUaWpekQQhT2kuGZmqCnhoZrERdjlbsWMyNKQ2IR1Aqbt/DyPpfiBYtYcJbDKyMPkWmgWkFK9HRTntTcMiS6sa6vMsYsgmAuDcCeWfsss9G4pcm6oFQrZOM6OlAmVLUZwreAoMoyqcF5S39fL/ptZtPcuCOOVhMP/ZxDK8ZXKU2xB0qYWKwHqKOTDe7omOFj8w7Gi+V+uNXMEyld4tNPqDYloGIcU3uyL0HdlJgijFkOQr6my0SVsdOLTJCx177hn5mT3z9ZMX5LmHhms/YWr0vKGB5HCMZ3GeXgZqsryDizsRaac2lzdXOhl1aJMDd3q8hyPS2ftRBsDY3dFKV9leahzlOZf/wK6aY07C/pt5H+t7FD2yXU90ulf91BCxePyBHV0iyZ8E6PCZ0Z4uzailETytTyvOkTuM6YpseMcrRZKooqTEstXscwyiGznvn/mcDT3sxxDvYenw7eOJJasPiqS89csHhXz9yj7sI5t7GVx1yPrWsvvYx5d1/dE9Oxu16R/S7uuiejTV627LHvpoFOHfSAsuykF8HDdkc9kLQPX303aXTisu+GqgvPvbLcd/fgJZnb6pVOs3s3SFS7EefSQgDCgWQx1aUR/z4/jXGl6AKORiSGlChloB/ZKqPMvczFTrIKc7OcHSBMCfvUkwNKKaS5XKLOJIfImIZFKczp49nrN283lb9I/C1DpS8ZRa5LA8Rb5XgVyuMLO3x+nUXzKLcQJLjGx6Y6hf7iw6JSimtD0tIkW4+vSFRhDK8qM8Y+3t0N4QbtfGu5aQkGosUDbT5Tzd/eXGjXqKeiVfLOMptYMC6LZ7zayA0ghfubT/X472VjB2vAfcmYc5sId6R4wL3ShLvqS8nubz55AkPS2XzjHVx/ZXhGZ0fhGydmjoxt4MRNDu/sMVCYet5uepiD8ucuI3Q0tp6UvQ14u+nWddDbFqX8Y+lHaL0WluF1W/biySmXvaxgTFbKYMK5os7h5VQo7R4smP87cXhPIpFsesDgUDYqSCneoXZ0enp+Gp+/Pz0n4/Oz0fn7s6N6T6ZN7YojeF+1K+GZn9dEffGKu2gfc6+3jt31qFvVgNxVSj88x9tnW+9A0D5mUVfpq6Wi6wnUU/fA1FXp2USPXSdPqRl2hO23qKFszFoUMyyT2nh9X5TXtR9JPUIrrgXRo3x5fmwHQ6mXWdhjycE6VN/UKGrHQKdTqP1CLA+g3mlWs7+v+mLNvY+uXgigw6nVSyLgdmD1urHTNmjcaeq0Qh47XhuPnF6w+gdPmx7o5T6MksAajpn2jSw7jJnebZC0o2jvpmOv46ODG9PKQGgiO6h/LAoMCs0tnVHSEWTRfaW6R3sOmeOl7Wvelnb/J5KjPH67CHCzIhQOj4rKeyZcpkBl0dREw3eXQ8PcfX+4QSl6U25v26F8al9bpuy74Zz0e3DmvyOTicSJsZw9eO2/s90J7oVgbg+/CRfbJ2LesvssQPWtbmZJLtAoeGUohNPlaPXfFrVa3tyt5Th0rrmmtDa5zb5/43aelmInOIahFI95Dwb92x78jCMwbiTK9fIP1HyxL2ZvSom7e9ljo/6pUDUVSYu35hEOIg2ep8o1Jj1b125k3fPZcdTRhpUTKP8nTsmMVt6s/iTa/TB4IYHAyMNarWni4RgfGB9+7j1p5wXG1lT5vL57wX09yXcYTW2VX2NjGQB4Cmw67RWeTE7g+7643ZRHqS69H5deTf0kCn50bkpRFm1gAaMPCFfB662n4ZZOuH2GxJt3SVxOiSSRxqJ703tcdMPLzbdsgXb1kv726gvenU5UZkK9HvgayZ5dbFpjkupNqkoIJxOUbav2fw6H1YWMlDVNH26vF+8BXhZN9UQ/8YHjSakybp04Kh5CION2Kejc5BdXEZffbtI1dvcCpiXs/woAAP//C9svNQ==" +} diff --git a/filebeat/processors/decode_cef/keys.ecs.go b/filebeat/processors/decode_cef/keys.ecs.go new file mode 100644 index 00000000000..e8056a1ac32 --- /dev/null +++ b/filebeat/processors/decode_cef/keys.ecs.go @@ -0,0 +1,120 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package decode_cef + +import ( + "strings" + + "github.com/pkg/errors" + + "github.com/elastic/beats/v7/x-pack/filebeat/processors/decode_cef/cef" +) + +type mappedField struct { + Target string + Translate func(in *cef.Field) (interface{}, error) +} + +var ecsExtensionMapping = map[string]mappedField{ + "agentAddress": {Target: "agent.ip"}, + "agentDnsDomain": {Target: "agent.name"}, + "agentHostName": {Target: "agent.name"}, + "agentId": {Target: "agent.id"}, + "agentMacAddress": {Target: "agent.mac"}, + "agentReceiptTime": {Target: "event.created"}, + "agentType": {Target: "agent.type"}, + "agentVersion": {Target: "agent.version"}, + "applicationProtocol": {Target: "network.application"}, + "bytesIn": {Target: "source.bytes"}, + "bytesOut": {Target: "destination.bytes"}, + "customerExternalID": {Target: "organization.id"}, + "customerURI": {Target: "organization.name"}, + "destinationAddress": {Target: "destination.ip"}, + "destinationDnsDomain": {Target: "destination.domain"}, + "destinationGeoLatitude": {Target: "destination.geo.location.lat"}, + "destinationGeoLongitude": {Target: "destination.geo.location.lon"}, + "destinationHostName": {Target: "destination.domain"}, + "destinationMacAddress": {Target: "destination.mac"}, + "destinationPort": {Target: "destination.port"}, + "destinationProcessId": {Target: "destination.process.pid"}, + "destinationProcessName": {Target: "destination.process.name"}, + "destinationServiceName": {Target: "destination.service.name"}, + "destinationTranslatedAddress": {Target: "destination.nat.ip"}, + "destinationTranslatedPort": {Target: "destination.nat.port"}, + "destinationUserId": {Target: "destination.user.id"}, + "destinationUserName": {Target: "destination.user.name"}, + "destinationUserPrivileges": {Target: "destination.user.group.name"}, + "deviceAction": {Target: "event.action"}, + "deviceAddress": {Target: "observer.ip"}, + "deviceDirection": { + Target: "network.direction", + Translate: func(in *cef.Field) (interface{}, error) { + switch in.String { + case "0": + return "inbound", nil + case "1": + return "outbound", nil + default: + return nil, errors.Errorf("deviceDirection must be 0 or 1") + } + }, + }, + "deviceDnsDomain": {Target: "observer.hostname"}, + "deviceHostName": {Target: "observer.hostname"}, + "deviceMacAddress": {Target: "observer.mac"}, + "devicePayloadId": {Target: "event.id"}, + "deviceProcessId": {Target: "process.pid"}, + "deviceProcessName": {Target: "process.name"}, + "deviceReceiptTime": {Target: "@timestamp"}, + "deviceTimeZone": {Target: "event.timezone"}, + "endTime": {Target: "event.end"}, + "eventId": {Target: "event.id"}, + "eventOutcome": {Target: "event.outcome"}, + "fileCreateTime": {Target: "file.created"}, + "fileId": {Target: "file.inode"}, + "fileModificationTime": {Target: "file.mtime"}, + "filename": {Target: "file.name"}, + "filePath": {Target: "file.path"}, + "filePermission": {Target: "file.group"}, + "fileSize": {Target: "file.size"}, + "fileType": {Target: "file.type"}, + "message": {Target: "message"}, + "requestClientApplication": {Target: "user_agent.original"}, + "requestContext": { + Target: "http.request.referrer", + Translate: func(in *cef.Field) (interface{}, error) { + // Does the string look like URL? + if strings.HasPrefix(in.String, "http") { + return in.String, nil + } + return nil, nil + }, + }, + "requestMethod": {Target: "http.request.method"}, + "requestUrl": {Target: "url.original"}, + "sourceAddress": {Target: "source.ip"}, + "sourceDnsDomain": {Target: "source.domain"}, + "sourceGeoLatitude": {Target: "source.geo.location.lat"}, + "sourceGeoLongitude": {Target: "source.geo.location.lon"}, + "sourceHostName": {Target: "source.domain"}, + "sourceMacAddress": {Target: "source.mac"}, + "sourcePort": {Target: "source.port"}, + "sourceProcessId": {Target: "source.process.pid"}, + "sourceProcessName": {Target: "source.process.name"}, + "sourceServiceName": {Target: "source.service.name"}, + "sourceTranslatedAddress": {Target: "source.nat.ip"}, + "sourceTranslatedPort": {Target: "source.nat.port"}, + "sourceUserId": {Target: "source.user.id"}, + "sourceUserName": {Target: "source.user.name"}, + "sourceUserPrivileges": {Target: "source.user.group.name"}, + "startTime": {Target: "event.start"}, + "transportProtocol": { + Target: "network.transport", + Translate: func(in *cef.Field) (interface{}, error) { + return strings.ToLower(in.String), nil + }, + }, + "type": {Target: "event.kind"}, +} diff --git a/filebeat/processors/decode_cef/testdata/samples.log b/filebeat/processors/decode_cef/testdata/samples.log new file mode 100644 index 00000000000..2c89563571b --- /dev/null +++ b/filebeat/processors/decode_cef/testdata/samples.log @@ -0,0 +1,23 @@ +CEF:0|security|threatmanager|1.0|100|trojan successfully stopped|10|src=10.0.0.192 additional.dotfieldName=new_value ad.Authentification=MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 ad.Error_,Code=3221225578 dst=12.121.122.82 ad.field[0]=field0 ad.foo.name[1]=new_name +CEF:0|Trend Micro|Deep Security Manager|1.2.3|600|User Signed In|3|src=10.52.116.160 suser=admin target=admin msg=User signed in from 2001:db8::5 +CEF:0|Trend Micro|Deep Security Agent|1.2.3|4000000|Eicar_test_file|6|cn1=1 cn1Label=Host ID dvchost=hostname cn2=205 cn2Label=Quarantine File Size cs6=ContainerImageName | ContainerName | ContainerID cs6Label=Container filePath=C:\\Users\\trend\\Desktop\\eicar.exe act=Delete msg=Realtime TrendMicroDsMalwareTarget=N/A TrendMicroDsMalwareTargetType=N/A TrendMicroDsFileMD5=44D88612FEA8A8F36DE82E1278ABB02F TrendMicroDsFileSHA1=3395856CE81F2B7382DEE72602F798B642F14140 TrendMicroDsFileSHA256=275A021BBFB6489E54D471899F7DB9D1663FC695EC2FE2A2C4538AABF651FD0F TrendMicroDsDetectionConfidence=95 TrendMicroDsRelevantDetectionNames=Ransom_CERBER.BZC;Ransom_CERBER.C;Ransom_CRYPNISCA.SM +CEF:0|Trend Micro|Deep Security Agent|10.2.229|6001200|AppControl detectOnly|6|cn1=202 cn1Label=Host ID dvc=192.168.33.128 TrendMicroDsTenant=Primary TrendMicroDsTenantId=0 fileHash=80D4AC182F97D2AB48EE4310AC51DA5974167C596D133D64A83107B9069745E0 suser=root suid=0 act=detectOnly filePath=/home/user1/Desktop/Directory1//heartbeatSync.sh fsize=20 aggregationType=0 repeatCount=1 cs1=notWhitelisted cs1Label=actionReason cs2=0CC9713BA896193A527213D9C94892D41797EB7C cs2Label=sha1 cs3=7EA8EF10BEB2E9876D4D7F7E5A46CF8D cs3Label=md5 +CEF:0|Trend Micro|Deep Security Agent|1.2.3|20|Log for TCP Port 80|0|cn1=1 cn1Label=Host ID dvc=hostname act=Log dmac=00:50:56:F5:7F:47 smac=00:0C:29:EB:35:DE TrendMicroDsFrameType=IP src=192.168.126.150 dst=72.14.204.147 out=1019 cs3=DF MF cs3Label=Fragmentation Bits proto=TCP spt=49617 dpt=80 cs2=0x00 ACK PSH cs2Label=TCP Flags cnt=1 TrendMicroDsPacketData=AFB +CEF:0|Trend Micro|Deep Security Agent|1.2.3|30|New Integrity Monitoring Rule|6|cn1=1 cn1Label=Host ID dvchost=hostname act=updated filePath=c:\\windows\\message.dll suser=admin msg=lastModified,sha1,size +CEF:0|Trend Micro|Deep Security Agent|1.2.3|1001111|Test Intrusion Prevention Rule|3|cn1=1 cn1Label=Host ID dvchost=hostname dmac=00:50:56:F5:7F:47 smac=00:0C:29:EB:35:DE TrendMicroDsFrameType=IP src=192.168.126.150 dst=72.14.204.105 out=1093 cs3=DF MF cs3Label=Fragmentation Bits proto=TCP spt=49786 dpt=80 cs2=0x00 ACK PSH cs2Label=TCP Flags cnt=1 act=IDS:Reset cn3=10 cn3Label=Intrusion Prevention Packet Position cs5=10 cs5Label=Intrusion Prevention Stream Position cs6=8 cs6Label=Intrusion Prevention Flags TrendMicroDsPacketData=R0VUIC9zP3 +CEF:0|Trend Micro|Deep Security Agent|1.2.3|3002795|Microsoft Windows Events|8|cn1=1 cn1Label=Host ID dvchost=hostname cs1Label=LI Description cs1=Multiple Windows Logon Failures fname=Security src=127.0.0.1 duser=(no user) shost=WIN-RM6HM42G65V msg=WinEvtLog Security: AUDIT_FAILURE(4625): Microsoft-Windows-Security-Auditing: (no user): no domain: WIN-RM6HM42G65V: An account failed to log on. Subject: .. +CEF:0|Trend Micro|Deep Security Agent|1.2.3|5000000|WebReputation|5|cn1=1 cn1Label=Host ID dvchost=hostname request=example.com msg=Blocked By Admin +CEF:0|Citrix|NetScaler|NS10.0|APPFW|APPFW_STARTURL|6|src=10.217.253.78 spt=53743 method=GET request=http://vpx247.example.net/FFC/login.html msg=Disallow Illegal URL. cn1=233 cn2=205 cs1=profile1 cs2=PPE0 cs3=AjSZM26h2M+xL809pON6C8joebUA000 cs4=ALERT cs5=2012 act=blocked +CEF:0|Citrix|NetScaler|NS10.0|APPFW|APPFW_STARTURL|6|src=10.217.253.78 spt=54711 method=GET request=http://vpx247.example.net/FFC/login_post.html?abc\=def msg=Disallow Illegal URL. cn1=465 cn2=535 cs1=profile1 cs2=PPE0 cs3=IliG4Dxp1SjOhKVRDVBXmqvAaIcA000 cs4=ALERT cs5=2012 act=not blocked +CEF:0|Citrix|NetScaler|NS10.0|APPFW|APPFW_SAFECOMMERCE_XFORM|6|src=10.217.253.78 spt=56116 method=GET request=http://vpx247.example.net/FFC/CreditCardMind.html msg= Transformed (xout) potential credit card numbers seen in server response cn1=652 cn2=610 cs1=pr_ffc cs2=PPE0 cs3=li8MdGfW49uG8tGdSV85ech41a0A000 cs4=ALERT cs5=2012 act=transformed +CEF:0|Citrix|NetScaler|NS10.0|APPFW|APPFW_SAFECOMMERCE|6|src=10.217.253.78 spt=56116 method=GET request=http://vpx247.example.net/FFC/CreditCardMind.html msg= Maximum no. of potential credit card numbers seen cn1=653 cn2=610 cs1=pr_ffc cs2=PPE0 cs3=li8MdGfW49uG8tGdSV85ech41a0A000 cs4=ALERT cs5=2012 act=transformed +CEF:0|Citrix|NetScaler|NS10.0|APPFW|APPFW_SIGNATURE_MATCH|6|src=10.217.253.78 spt=56687 method=GET request=http://vpx247.example.net/FFC/wwwboard/passwd.txt msg= Signature violation rule ID 807: web-cgi /wwwboard/passwd.txt access cn1=224 cn2=205 cs1=pr_ffc cs2=PPE0 cs3=POousP7CIMW5nwZ5Rs4nq5DND0sA000 cs4=ALERT cs5=2012 act=not blocked +CEF:0|Elastic|Vaporware|1.0.0-alpha|18|Something awesome happened|very-high|eventId=3457 requestMethod=POST dlat=38.915 dlong=-77.511 proto=TCP rawEvent={"x": "y"} sourceServiceName=httpd destinationServiceName=chrome requestContext=application/json +CEF:0|Microsoft|DNS Trace Log||Response:A|Response|Unknown| eventId=12345678 type=1 start=1322004689000 art=1322022474516 rt=1322005087000 src=10.0.0.2 dhost=www.google.com request=(3)www(6)google(3)com(0) cnt=2 ahost=arcagt1 agt=10.2.3.4 atz=America/New York aid=NpLHzDMCABCBBTXAZqYDUA\=\= at=dns_tracelog_file dtz=America/New York requestUrlFileName=(3)www(6)google(3)com(0) _cefVer=0.1 +CEF:0|Unix|Unix||arcsight:143:1|Started Session|Low| eventId=31 msg=Started Session 21 of user root categorySignificance=/Informational categoryBehavior=/Access/Start categoryDeviceGroup=/Operating System catdt=Operating System categoryOutcome=/Success categoryObject=/Host/Application/Service art=1500404470493 deviceSeverity=info act=Started rt=1500404461000 suser=root dhost=centos7 cs1=systemd cs2=daemon cs1Label=Module cs2Label=Facility cn1Label=File Descriptor ahost=centos7.as agt=10.2.3.4 agentZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 10.0.0.0-10.255.255.255 amac=00-50-56-8E-C0-90 av=7.6.0.8009.0 atz=America/Argentina/Buenos_Aires at=syslog dvchost=centos7 dtz=America/Argentina/Buenos_Aires deviceFacility=daemon deviceProcessName=systemd _cefVer=0.1 aid=4SNQXV30BABCAIi+-ZH3gxT\=\= +CEF:0|Check Point|VPN-1 & FireWall-1||drop|drop|High| eventId=23985829654 mrt=1459367145678 proto=TCP customerID=124 customerURI=/XXX modelConfidence=0.6 relevance=high categorySignificance=/Informational/Warning categoryBehavior=/Access categoryDeviceGroup=/Firewall catdt=Firewall categoryOutcome=/Failure categoryObject=/Host/Application/Service modelConfidence=0 severity=5 relevance=10 assetCriticality=0 priority=High +CEF:0|CISCO|ASA||305012|Teardown dynamic UDP translation|Low| eventId=56265798504 mrt=1484092683471 proto=UDP categorySignificance=/Informational categoryBehavior=/Access/Stop categoryDeviceGroup=/Firewall catdt=Firewall categoryOutcome=/Success categoryObject=/Host/Application/Service modelConfidence=0 severity=4 relevance=10 assetCriticality=0 priority=4 art=1484096108163 deviceSeverity=6 rt=1484096094000 src=1.2.3.4 sourceZoneID=GqtK3G9YBABCadQ465CqVeW\=\= sourceZoneURI=/All Zones/GTR/GTR/GTR/GTR sourceTranslatedAddress=4.3.2.1 sourceTranslatedZoneID=P84KXXTYDFYYFwwHq40BQcd\=\= sourceTranslatedZoneURI=/All Zones/GTR/GTR Internet Primary spt=5260 sourceTranslatedPort=5260 cs5=dynamic cs6=0:00:00 c6a4=ffff:0:0:0:222:5555:ffff:5555 locality=1 cs1Label=ACL cs2Label=Unit cs3Label=TCP Flags cs4Label=Order cs5Label=Connection Type cs6Label=Duration cn1Label=ICMP Type cn2Label=ICMP Code cn3Label=DurationInSeconds c6a4Label=Agent IPv6 Address ahost=host.gtr.gtr agt=100.222.333.55 av=7.1.7.7602.0 atz=LA/la aid=4p9IZi1kBABCq5RFPFdJWYUw\=\= at=agent_ac dvchost=super dvc=111.111.111.99 deviceZoneID=K-fU33AAOGVdfFpYAT3UdQ\=\= deviceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255 deviceAssetId=5Wa8hHVSDFBCc-t56wI7mTw\=\= dtz=LA/LA deviceInboundInterface=eth0 deviceOutboundInterface=eth1 eventAnnotationStageUpdateTime=1484097686473 eventAnnotationModificationTime=1484097686475 eventAnnotationAuditTrail=1,1484012146095,root,Queued,,,,\\n eventAnnotationVersion=1 eventAnnotationFlags=0 eventAnnotationEndTime=1484096094000 eventAnnotationManagerReceiptTime=1484097686471 originalAgentHostName=host originalAgentAddress=10.2.88.3 originalAgentZoneURI=/All Zones/GR/GR/GR originalAgentVersion=7.3.0.7885.0 originalAgentId=6q0sfHVcBABCcSDFvMpvc1w\=\= originalAgentType=syslog_file _cefVer=0.1 ad.arcSightEventPath=7q0sfHVcBABCcMZVvMSDFc1w\=\= +CEF:0|ArcSight|ArcSight|7.0.5.7132.1|agent:016|Device connection up|Low| eventId=1 msg=File Opened mrt=1410524600502 categorySignificance=/Normal categoryBehavior=/Access/Start categoryDeviceGroup=/Application catdt=Security Mangement categoryOutcome=/Success categoryObject=/Host/Application art=1410524502535 cat=/Agent/Connection/Device?Success deviceSeverity=Warning rt=1410524500502 fname=C:\\Documents and Settings\\XPMUser\\Desktop\\Logs\\NAT_Log fileType=Agent cs2= cs2Label=Configuration Resource ahost=VirtualXP agt=192.168.131.65 agentZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255 av=7.0.5.7132.0 atz=Europe/Prague aid=3Pz6paUgBABCAAudQNx1w0w\=\= at=sdkrfilereader dvchost=VirtualXP dvc=192.168.131.65 deviceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255 dtz=Europe/Prague _cefVer=0.1 +CEF:0|ArcSight|ArcSight|7.0.5.7132.1|agent:030|Agent [NAT] type [sdkrfilereader] started|Low| eventId=2 mrt=1410524500493 categorySignificance=/Normal categoryBehavior=/Execute/Start categoryDeviceGroup=/Application catdt=Security Mangement categoryOutcome=/Success categoryObject=/Host/Application/Service art=1410624402535 cat=/Agent/Started deviceSeverity=Warning rt=1410543500432 fileType=Agent cs2= cs2Label=Configuration Resource ahost=VirtualXP agt=192.168.1.56 agentZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255 av=7.0.5.7132.1 atz=Europe/Prague aid=4Pz6paUgBABCAAudQNx1w0w\=\= at=sdkrfilereader dvchost=VirtualXP dvc=192.168.0.65 deviceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255 dtz=Europe/Prague _cefVer=0.1 +CEF:0|ArcSight|ArcSight|7.0.5.7132.1|agent:044|File processing started|Low| eventId=6 mrt=1410524500502 catdt=Security Mangement art=1410524502535 cat=/LogFile/Processing/Started deviceSeverity=Warning rt=1410524500502 fname=C:\\Documents and Settings\\XPMUser\\Desktop\\Logs\\NAT_Log ahost=VirtualXP agt=192.168.131.65 agentZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255 av=7.0.5.7132.0 atz=Europe/Prague aid=3Pz6paUgBABCAAudQNx1w0w\=\= at=sdkrfilereader dvchost=VirtualXP dvc=192.168.131.65 deviceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255 dtz=Europe/Prague _cefVer=0.1 +CEF:0|ArcSight|ArcSight|7.0.5.7132.1|agent:031|Agent [NAT] type [sdkrfilereader] shutting down|Very-High| eventId=7 msg=Process Stopped by User mrt=1410524535833 categorySignificance=/Normal categoryBehavior=/Execute/Stop categoryDeviceGroup=/Application catdt=Security Mangement categoryOutcome=/Success categoryObject=/Host/Application/Service art=1410524535843 cat=/Agent/ShuttingDown deviceSeverity=Warning rt=1410524535833 fileType=Agent cs2= cs2Label=Configuration Resource ahost=VirtualXP agt=192.168.131.65 agentZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255 av=7.0.5.7132.0 atz=Europe/Prague aid=3Pz6paUgBABCAAudQNx1w0w\=\= at=sdkrfilereader dvchost=VirtualXP dvc=192.168.131.65 deviceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255 dtz=Europe/Prague _cefVer=0.1 diff --git a/filebeat/processors/decode_cef/testdata/samples.log.golden.json b/filebeat/processors/decode_cef/testdata/samples.log.golden.json new file mode 100644 index 00000000000..3f1a1c38398 --- /dev/null +++ b/filebeat/processors/decode_cef/testdata/samples.log.golden.json @@ -0,0 +1,1313 @@ +[ + { + "cef": { + "device": { + "event_class_id": "100", + "product": "threatmanager", + "vendor": "security", + "version": "1.0" + }, + "extensions": { + "ad": { + "Authentification": "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0", + "Error_,Code": "3221225578", + "field[0]": "field0", + "foo": { + "name[1]": "new_name" + } + }, + "additional": { + "dotfieldName": "new_value" + }, + "destinationAddress": "12.121.122.82", + "sourceAddress": "10.0.0.192" + }, + "name": "trojan successfully stopped", + "severity": "10", + "version": "0" + }, + "destination": { + "ip": "12.121.122.82" + }, + "event": { + "code": "100", + "original": "CEF:0|security|threatmanager|1.0|100|trojan successfully stopped|10|src=10.0.0.192 additional.dotfieldName=new_value ad.Authentification=MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 ad.Error_,Code=3221225578 dst=12.121.122.82 ad.field[0]=field0 ad.foo.name[1]=new_name", + "severity": 10 + }, + "message": "trojan successfully stopped", + "observer": { + "product": "threatmanager", + "vendor": "security", + "version": "1.0" + }, + "source": { + "ip": "10.0.0.192" + } + }, + { + "cef": { + "device": { + "event_class_id": "600", + "product": "Deep Security Manager", + "vendor": "Trend Micro", + "version": "1.2.3" + }, + "extensions": { + "message": "User signed in from 2001:db8::5", + "sourceAddress": "10.52.116.160", + "sourceUserName": "admin", + "target": "admin" + }, + "name": "User Signed In", + "severity": "3", + "version": "0" + }, + "event": { + "code": "600", + "original": "CEF:0|Trend Micro|Deep Security Manager|1.2.3|600|User Signed In|3|src=10.52.116.160 suser=admin target=admin msg=User signed in from 2001:db8::5", + "severity": 3 + }, + "message": "User signed in from 2001:db8::5", + "observer": { + "product": "Deep Security Manager", + "vendor": "Trend Micro", + "version": "1.2.3" + }, + "source": { + "ip": "10.52.116.160", + "user": { + "name": "admin" + } + } + }, + { + "cef": { + "device": { + "event_class_id": "4000000", + "product": "Deep Security Agent", + "vendor": "Trend Micro", + "version": "1.2.3" + }, + "extensions": { + "TrendMicroDsDetectionConfidence": "95", + "TrendMicroDsFileMD5": "44D88612FEA8A8F36DE82E1278ABB02F", + "TrendMicroDsFileSHA1": "3395856CE81F2B7382DEE72602F798B642F14140", + "TrendMicroDsFileSHA256": "275A021BBFB6489E54D471899F7DB9D1663FC695EC2FE2A2C4538AABF651FD0F", + "TrendMicroDsMalwareTarget": "N/A", + "TrendMicroDsMalwareTargetType": "N/A", + "TrendMicroDsRelevantDetectionNames": "Ransom_CERBER.BZC;Ransom_CERBER.C;Ransom_CRYPNISCA.SM", + "deviceAction": "Delete", + "deviceCustomNumber1": 1, + "deviceCustomNumber1Label": "Host ID", + "deviceCustomNumber2": 205, + "deviceCustomNumber2Label": "Quarantine File Size", + "deviceCustomString6": "ContainerImageName | ContainerName | ContainerID", + "deviceCustomString6Label": "Container", + "deviceHostName": "hostname", + "filePath": "C:\\Users\\trend\\Desktop\\eicar.exe", + "message": "Realtime" + }, + "name": "Eicar_test_file", + "severity": "6", + "version": "0" + }, + "event": { + "action": "Delete", + "code": "4000000", + "original": "CEF:0|Trend Micro|Deep Security Agent|1.2.3|4000000|Eicar_test_file|6|cn1=1 cn1Label=Host ID dvchost=hostname cn2=205 cn2Label=Quarantine File Size cs6=ContainerImageName | ContainerName | ContainerID cs6Label=Container filePath=C:\\\\Users\\\\trend\\\\Desktop\\\\eicar.exe act=Delete msg=Realtime TrendMicroDsMalwareTarget=N/A TrendMicroDsMalwareTargetType=N/A TrendMicroDsFileMD5=44D88612FEA8A8F36DE82E1278ABB02F TrendMicroDsFileSHA1=3395856CE81F2B7382DEE72602F798B642F14140 TrendMicroDsFileSHA256=275A021BBFB6489E54D471899F7DB9D1663FC695EC2FE2A2C4538AABF651FD0F TrendMicroDsDetectionConfidence=95 TrendMicroDsRelevantDetectionNames=Ransom_CERBER.BZC;Ransom_CERBER.C;Ransom_CRYPNISCA.SM", + "severity": 6 + }, + "file": { + "path": "C:\\Users\\trend\\Desktop\\eicar.exe" + }, + "message": "Realtime", + "observer": { + "hostname": "hostname", + "product": "Deep Security Agent", + "vendor": "Trend Micro", + "version": "1.2.3" + } + }, + { + "cef": { + "device": { + "event_class_id": "6001200", + "product": "Deep Security Agent", + "vendor": "Trend Micro", + "version": "10.2.229" + }, + "extensions": { + "TrendMicroDsTenant": "Primary", + "TrendMicroDsTenantId": "0", + "aggregationType": "0", + "deviceAction": "detectOnly", + "deviceAddress": "192.168.33.128", + "deviceCustomNumber1": 202, + "deviceCustomNumber1Label": "Host ID", + "deviceCustomString1": "notWhitelisted", + "deviceCustomString1Label": "actionReason", + "deviceCustomString2": "0CC9713BA896193A527213D9C94892D41797EB7C", + "deviceCustomString2Label": "sha1", + "deviceCustomString3": "7EA8EF10BEB2E9876D4D7F7E5A46CF8D", + "deviceCustomString3Label": "md5", + "fileHash": "80D4AC182F97D2AB48EE4310AC51DA5974167C596D133D64A83107B9069745E0", + "filePath": "/home/user1/Desktop/Directory1//heartbeatSync.sh", + "fileSize": 20, + "repeatCount": "1", + "sourceUserId": "0", + "sourceUserName": "root" + }, + "name": "AppControl detectOnly", + "severity": "6", + "version": "0" + }, + "event": { + "action": "detectOnly", + "code": "6001200", + "original": "CEF:0|Trend Micro|Deep Security Agent|10.2.229|6001200|AppControl detectOnly|6|cn1=202 cn1Label=Host ID dvc=192.168.33.128 TrendMicroDsTenant=Primary TrendMicroDsTenantId=0 fileHash=80D4AC182F97D2AB48EE4310AC51DA5974167C596D133D64A83107B9069745E0 suser=root suid=0 act=detectOnly filePath=/home/user1/Desktop/Directory1//heartbeatSync.sh fsize=20 aggregationType=0 repeatCount=1 cs1=notWhitelisted cs1Label=actionReason cs2=0CC9713BA896193A527213D9C94892D41797EB7C cs2Label=sha1 cs3=7EA8EF10BEB2E9876D4D7F7E5A46CF8D cs3Label=md5", + "severity": 6 + }, + "file": { + "path": "/home/user1/Desktop/Directory1//heartbeatSync.sh", + "size": 20 + }, + "message": "AppControl detectOnly", + "observer": { + "ip": "192.168.33.128", + "product": "Deep Security Agent", + "vendor": "Trend Micro", + "version": "10.2.229" + }, + "source": { + "user": { + "id": "0", + "name": "root" + } + } + }, + { + "cef": { + "device": { + "event_class_id": "20", + "product": "Deep Security Agent", + "vendor": "Trend Micro", + "version": "1.2.3" + }, + "extensions": { + "TrendMicroDsFrameType": "IP", + "TrendMicroDsPacketData": "AFB", + "baseEventCount": 1, + "bytesOut": 1019, + "destinationAddress": "72.14.204.147", + "destinationMacAddress": "00:50:56:f5:7f:47", + "destinationPort": 80, + "deviceAction": "Log", + "deviceCustomNumber1": 1, + "deviceCustomNumber1Label": "Host ID", + "deviceCustomString2": "0x00 ACK PSH", + "deviceCustomString2Label": "TCP Flags", + "deviceCustomString3": "DF MF", + "deviceCustomString3Label": "Fragmentation Bits", + "sourceAddress": "192.168.126.150", + "sourceMacAddress": "00:0c:29:eb:35:de", + "sourcePort": 49617, + "transportProtocol": "TCP" + }, + "name": "Log for TCP Port 80", + "severity": "0", + "version": "0" + }, + "destination": { + "bytes": 1019, + "ip": "72.14.204.147", + "mac": "00:50:56:f5:7f:47", + "port": 80 + }, + "error": { + "message": "error in field 'dvc': value is not a valid IP address" + }, + "event": { + "action": "Log", + "code": "20", + "original": "CEF:0|Trend Micro|Deep Security Agent|1.2.3|20|Log for TCP Port 80|0|cn1=1 cn1Label=Host ID dvc=hostname act=Log dmac=00:50:56:F5:7F:47 smac=00:0C:29:EB:35:DE TrendMicroDsFrameType=IP src=192.168.126.150 dst=72.14.204.147 out=1019 cs3=DF MF cs3Label=Fragmentation Bits proto=TCP spt=49617 dpt=80 cs2=0x00 ACK PSH cs2Label=TCP Flags cnt=1 TrendMicroDsPacketData=AFB", + "severity": 0 + }, + "message": "Log for TCP Port 80", + "network": { + "transport": "tcp" + }, + "observer": { + "product": "Deep Security Agent", + "vendor": "Trend Micro", + "version": "1.2.3" + }, + "source": { + "ip": "192.168.126.150", + "mac": "00:0c:29:eb:35:de", + "port": 49617 + } + }, + { + "cef": { + "device": { + "event_class_id": "30", + "product": "Deep Security Agent", + "vendor": "Trend Micro", + "version": "1.2.3" + }, + "extensions": { + "deviceAction": "updated", + "deviceCustomNumber1": 1, + "deviceCustomNumber1Label": "Host ID", + "deviceHostName": "hostname", + "filePath": "c:\\windows\\message.dll", + "message": "lastModified,sha1,size", + "sourceUserName": "admin" + }, + "name": "New Integrity Monitoring Rule", + "severity": "6", + "version": "0" + }, + "event": { + "action": "updated", + "code": "30", + "original": "CEF:0|Trend Micro|Deep Security Agent|1.2.3|30|New Integrity Monitoring Rule|6|cn1=1 cn1Label=Host ID dvchost=hostname act=updated filePath=c:\\\\windows\\\\message.dll suser=admin msg=lastModified,sha1,size", + "severity": 6 + }, + "file": { + "path": "c:\\windows\\message.dll" + }, + "message": "lastModified,sha1,size", + "observer": { + "hostname": "hostname", + "product": "Deep Security Agent", + "vendor": "Trend Micro", + "version": "1.2.3" + }, + "source": { + "user": { + "name": "admin" + } + } + }, + { + "cef": { + "device": { + "event_class_id": "1001111", + "product": "Deep Security Agent", + "vendor": "Trend Micro", + "version": "1.2.3" + }, + "extensions": { + "TrendMicroDsFrameType": "IP", + "TrendMicroDsPacketData": "R0VUIC9zP3", + "baseEventCount": 1, + "bytesOut": 1093, + "destinationAddress": "72.14.204.105", + "destinationMacAddress": "00:50:56:f5:7f:47", + "destinationPort": 80, + "deviceAction": "IDS:Reset", + "deviceCustomNumber1": 1, + "deviceCustomNumber1Label": "Host ID", + "deviceCustomNumber3": 10, + "deviceCustomNumber3Label": "Intrusion Prevention Packet Position", + "deviceCustomString2": "0x00 ACK PSH", + "deviceCustomString2Label": "TCP Flags", + "deviceCustomString3": "DF MF", + "deviceCustomString3Label": "Fragmentation Bits", + "deviceCustomString5": "10", + "deviceCustomString5Label": "Intrusion Prevention Stream Position", + "deviceCustomString6": "8", + "deviceCustomString6Label": "Intrusion Prevention Flags", + "deviceHostName": "hostname", + "sourceAddress": "192.168.126.150", + "sourceMacAddress": "00:0c:29:eb:35:de", + "sourcePort": 49786, + "transportProtocol": "TCP" + }, + "name": "Test Intrusion Prevention Rule", + "severity": "3", + "version": "0" + }, + "destination": { + "bytes": 1093, + "ip": "72.14.204.105", + "mac": "00:50:56:f5:7f:47", + "port": 80 + }, + "event": { + "action": "IDS:Reset", + "code": "1001111", + "original": "CEF:0|Trend Micro|Deep Security Agent|1.2.3|1001111|Test Intrusion Prevention Rule|3|cn1=1 cn1Label=Host ID dvchost=hostname dmac=00:50:56:F5:7F:47 smac=00:0C:29:EB:35:DE TrendMicroDsFrameType=IP src=192.168.126.150 dst=72.14.204.105 out=1093 cs3=DF MF cs3Label=Fragmentation Bits proto=TCP spt=49786 dpt=80 cs2=0x00 ACK PSH cs2Label=TCP Flags cnt=1 act=IDS:Reset cn3=10 cn3Label=Intrusion Prevention Packet Position cs5=10 cs5Label=Intrusion Prevention Stream Position cs6=8 cs6Label=Intrusion Prevention Flags TrendMicroDsPacketData=R0VUIC9zP3", + "severity": 3 + }, + "message": "Test Intrusion Prevention Rule", + "network": { + "transport": "tcp" + }, + "observer": { + "hostname": "hostname", + "product": "Deep Security Agent", + "vendor": "Trend Micro", + "version": "1.2.3" + }, + "source": { + "ip": "192.168.126.150", + "mac": "00:0c:29:eb:35:de", + "port": 49786 + } + }, + { + "cef": { + "device": { + "event_class_id": "3002795", + "product": "Deep Security Agent", + "vendor": "Trend Micro", + "version": "1.2.3" + }, + "extensions": { + "destinationUserName": "(no user)", + "deviceCustomNumber1": 1, + "deviceCustomNumber1Label": "Host ID", + "deviceCustomString1": "Multiple Windows Logon Failures", + "deviceCustomString1Label": "LI Description", + "deviceHostName": "hostname", + "filename": "Security", + "message": "WinEvtLog Security: AUDIT_FAILURE(4625): Microsoft-Windows-Security-Auditing: (no user): no domain: WIN-RM6HM42G65V: An account failed to log on. Subject: ..", + "sourceAddress": "127.0.0.1", + "sourceHostName": "WIN-RM6HM42G65V" + }, + "name": "Microsoft Windows Events", + "severity": "8", + "version": "0" + }, + "destination": { + "user": { + "name": "(no user)" + } + }, + "event": { + "code": "3002795", + "original": "CEF:0|Trend Micro|Deep Security Agent|1.2.3|3002795|Microsoft Windows Events|8|cn1=1 cn1Label=Host ID dvchost=hostname cs1Label=LI Description cs1=Multiple Windows Logon Failures fname=Security src=127.0.0.1 duser=(no user) shost=WIN-RM6HM42G65V msg=WinEvtLog Security: AUDIT_FAILURE(4625): Microsoft-Windows-Security-Auditing: (no user): no domain: WIN-RM6HM42G65V: An account failed to log on. Subject: ..", + "severity": 8 + }, + "file": { + "name": "Security" + }, + "message": "WinEvtLog Security: AUDIT_FAILURE(4625): Microsoft-Windows-Security-Auditing: (no user): no domain: WIN-RM6HM42G65V: An account failed to log on. Subject: ..", + "observer": { + "hostname": "hostname", + "product": "Deep Security Agent", + "vendor": "Trend Micro", + "version": "1.2.3" + }, + "source": { + "domain": "WIN-RM6HM42G65V", + "ip": "127.0.0.1" + } + }, + { + "cef": { + "device": { + "event_class_id": "5000000", + "product": "Deep Security Agent", + "vendor": "Trend Micro", + "version": "1.2.3" + }, + "extensions": { + "deviceCustomNumber1": 1, + "deviceCustomNumber1Label": "Host ID", + "deviceHostName": "hostname", + "message": "Blocked By Admin", + "requestUrl": "example.com" + }, + "name": "WebReputation", + "severity": "5", + "version": "0" + }, + "event": { + "code": "5000000", + "original": "CEF:0|Trend Micro|Deep Security Agent|1.2.3|5000000|WebReputation|5|cn1=1 cn1Label=Host ID dvchost=hostname request=example.com msg=Blocked By Admin", + "severity": 5 + }, + "message": "Blocked By Admin", + "observer": { + "hostname": "hostname", + "product": "Deep Security Agent", + "vendor": "Trend Micro", + "version": "1.2.3" + }, + "url": { + "original": "example.com" + } + }, + { + "cef": { + "device": { + "event_class_id": "APPFW", + "product": "NetScaler", + "vendor": "Citrix", + "version": "NS10.0" + }, + "extensions": { + "deviceAction": "blocked", + "deviceCustomNumber1": 233, + "deviceCustomNumber2": 205, + "deviceCustomString1": "profile1", + "deviceCustomString2": "PPE0", + "deviceCustomString3": "AjSZM26h2M+xL809pON6C8joebUA000", + "deviceCustomString4": "ALERT", + "deviceCustomString5": "2012", + "message": "Disallow Illegal URL.", + "method": "GET", + "requestUrl": "http://vpx247.example.net/FFC/login.html", + "sourceAddress": "10.217.253.78", + "sourcePort": 53743 + }, + "name": "APPFW_STARTURL", + "severity": "6", + "version": "0" + }, + "event": { + "action": "blocked", + "code": "APPFW", + "original": "CEF:0|Citrix|NetScaler|NS10.0|APPFW|APPFW_STARTURL|6|src=10.217.253.78 spt=53743 method=GET request=http://vpx247.example.net/FFC/login.html msg=Disallow Illegal URL. cn1=233 cn2=205 cs1=profile1 cs2=PPE0 cs3=AjSZM26h2M+xL809pON6C8joebUA000 cs4=ALERT cs5=2012 act=blocked", + "severity": 6 + }, + "message": "Disallow Illegal URL.", + "observer": { + "product": "NetScaler", + "vendor": "Citrix", + "version": "NS10.0" + }, + "source": { + "ip": "10.217.253.78", + "port": 53743 + }, + "url": { + "original": "http://vpx247.example.net/FFC/login.html" + } + }, + { + "cef": { + "device": { + "event_class_id": "APPFW", + "product": "NetScaler", + "vendor": "Citrix", + "version": "NS10.0" + }, + "extensions": { + "deviceAction": "not blocked", + "deviceCustomNumber1": 465, + "deviceCustomNumber2": 535, + "deviceCustomString1": "profile1", + "deviceCustomString2": "PPE0", + "deviceCustomString3": "IliG4Dxp1SjOhKVRDVBXmqvAaIcA000", + "deviceCustomString4": "ALERT", + "deviceCustomString5": "2012", + "message": "Disallow Illegal URL.", + "method": "GET", + "requestUrl": "http://vpx247.example.net/FFC/login_post.html?abc=def", + "sourceAddress": "10.217.253.78", + "sourcePort": 54711 + }, + "name": "APPFW_STARTURL", + "severity": "6", + "version": "0" + }, + "event": { + "action": "not blocked", + "code": "APPFW", + "original": "CEF:0|Citrix|NetScaler|NS10.0|APPFW|APPFW_STARTURL|6|src=10.217.253.78 spt=54711 method=GET request=http://vpx247.example.net/FFC/login_post.html?abc\\=def msg=Disallow Illegal URL. cn1=465 cn2=535 cs1=profile1 cs2=PPE0 cs3=IliG4Dxp1SjOhKVRDVBXmqvAaIcA000 cs4=ALERT cs5=2012 act=not blocked", + "severity": 6 + }, + "message": "Disallow Illegal URL.", + "observer": { + "product": "NetScaler", + "vendor": "Citrix", + "version": "NS10.0" + }, + "source": { + "ip": "10.217.253.78", + "port": 54711 + }, + "url": { + "original": "http://vpx247.example.net/FFC/login_post.html?abc=def" + } + }, + { + "cef": { + "device": { + "event_class_id": "APPFW", + "product": "NetScaler", + "vendor": "Citrix", + "version": "NS10.0" + }, + "extensions": { + "deviceAction": "transformed", + "deviceCustomNumber1": 652, + "deviceCustomNumber2": 610, + "deviceCustomString1": "pr_ffc", + "deviceCustomString2": "PPE0", + "deviceCustomString3": "li8MdGfW49uG8tGdSV85ech41a0A000", + "deviceCustomString4": "ALERT", + "deviceCustomString5": "2012", + "message": " Transformed (xout) potential credit card numbers seen in server response", + "method": "GET", + "requestUrl": "http://vpx247.example.net/FFC/CreditCardMind.html", + "sourceAddress": "10.217.253.78", + "sourcePort": 56116 + }, + "name": "APPFW_SAFECOMMERCE_XFORM", + "severity": "6", + "version": "0" + }, + "event": { + "action": "transformed", + "code": "APPFW", + "original": "CEF:0|Citrix|NetScaler|NS10.0|APPFW|APPFW_SAFECOMMERCE_XFORM|6|src=10.217.253.78 spt=56116 method=GET request=http://vpx247.example.net/FFC/CreditCardMind.html msg= Transformed (xout) potential credit card numbers seen in server response cn1=652 cn2=610 cs1=pr_ffc cs2=PPE0 cs3=li8MdGfW49uG8tGdSV85ech41a0A000 cs4=ALERT cs5=2012 act=transformed", + "severity": 6 + }, + "message": " Transformed (xout) potential credit card numbers seen in server response", + "observer": { + "product": "NetScaler", + "vendor": "Citrix", + "version": "NS10.0" + }, + "source": { + "ip": "10.217.253.78", + "port": 56116 + }, + "url": { + "original": "http://vpx247.example.net/FFC/CreditCardMind.html" + } + }, + { + "cef": { + "device": { + "event_class_id": "APPFW", + "product": "NetScaler", + "vendor": "Citrix", + "version": "NS10.0" + }, + "extensions": { + "deviceAction": "transformed", + "deviceCustomNumber1": 653, + "deviceCustomNumber2": 610, + "deviceCustomString1": "pr_ffc", + "deviceCustomString2": "PPE0", + "deviceCustomString3": "li8MdGfW49uG8tGdSV85ech41a0A000", + "deviceCustomString4": "ALERT", + "deviceCustomString5": "2012", + "message": " Maximum no. of potential credit card numbers seen", + "method": "GET", + "requestUrl": "http://vpx247.example.net/FFC/CreditCardMind.html", + "sourceAddress": "10.217.253.78", + "sourcePort": 56116 + }, + "name": "APPFW_SAFECOMMERCE", + "severity": "6", + "version": "0" + }, + "event": { + "action": "transformed", + "code": "APPFW", + "original": "CEF:0|Citrix|NetScaler|NS10.0|APPFW|APPFW_SAFECOMMERCE|6|src=10.217.253.78 spt=56116 method=GET request=http://vpx247.example.net/FFC/CreditCardMind.html msg= Maximum no. of potential credit card numbers seen cn1=653 cn2=610 cs1=pr_ffc cs2=PPE0 cs3=li8MdGfW49uG8tGdSV85ech41a0A000 cs4=ALERT cs5=2012 act=transformed", + "severity": 6 + }, + "message": " Maximum no. of potential credit card numbers seen", + "observer": { + "product": "NetScaler", + "vendor": "Citrix", + "version": "NS10.0" + }, + "source": { + "ip": "10.217.253.78", + "port": 56116 + }, + "url": { + "original": "http://vpx247.example.net/FFC/CreditCardMind.html" + } + }, + { + "cef": { + "device": { + "event_class_id": "APPFW", + "product": "NetScaler", + "vendor": "Citrix", + "version": "NS10.0" + }, + "extensions": { + "deviceAction": "not blocked", + "deviceCustomNumber1": 224, + "deviceCustomNumber2": 205, + "deviceCustomString1": "pr_ffc", + "deviceCustomString2": "PPE0", + "deviceCustomString3": "POousP7CIMW5nwZ5Rs4nq5DND0sA000", + "deviceCustomString4": "ALERT", + "deviceCustomString5": "2012", + "message": " Signature violation rule ID 807: web-cgi /wwwboard/passwd.txt access", + "method": "GET", + "requestUrl": "http://vpx247.example.net/FFC/wwwboard/passwd.txt", + "sourceAddress": "10.217.253.78", + "sourcePort": 56687 + }, + "name": "APPFW_SIGNATURE_MATCH", + "severity": "6", + "version": "0" + }, + "event": { + "action": "not blocked", + "code": "APPFW", + "original": "CEF:0|Citrix|NetScaler|NS10.0|APPFW|APPFW_SIGNATURE_MATCH|6|src=10.217.253.78 spt=56687 method=GET request=http://vpx247.example.net/FFC/wwwboard/passwd.txt msg= Signature violation rule ID 807: web-cgi /wwwboard/passwd.txt access cn1=224 cn2=205 cs1=pr_ffc cs2=PPE0 cs3=POousP7CIMW5nwZ5Rs4nq5DND0sA000 cs4=ALERT cs5=2012 act=not blocked", + "severity": 6 + }, + "message": " Signature violation rule ID 807: web-cgi /wwwboard/passwd.txt access", + "observer": { + "product": "NetScaler", + "vendor": "Citrix", + "version": "NS10.0" + }, + "source": { + "ip": "10.217.253.78", + "port": 56687 + }, + "url": { + "original": "http://vpx247.example.net/FFC/wwwboard/passwd.txt" + } + }, + { + "cef": { + "device": { + "event_class_id": "18", + "product": "Vaporware", + "vendor": "Elastic", + "version": "1.0.0-alpha" + }, + "extensions": { + "destinationGeoLatitude": 38.915, + "destinationGeoLongitude": -77.511, + "destinationServiceName": "chrome", + "eventId": 3457, + "rawEvent": "{\"x\": \"y\"}", + "requestContext": "application/json", + "requestMethod": "POST", + "sourceServiceName": "httpd", + "transportProtocol": "TCP" + }, + "name": "Something awesome happened", + "severity": "very-high", + "version": "0" + }, + "destination": { + "geo": { + "location": { + "lat": 38.915, + "lon": -77.511 + } + }, + "service": { + "name": "chrome" + } + }, + "event": { + "code": "18", + "id": 3457, + "original": "CEF:0|Elastic|Vaporware|1.0.0-alpha|18|Something awesome happened|very-high|eventId=3457 requestMethod=POST dlat=38.915 dlong=-77.511 proto=TCP rawEvent={\"x\": \"y\"} sourceServiceName=httpd destinationServiceName=chrome requestContext=application/json", + "severity": 9 + }, + "http": { + "request": { + "method": "POST" + } + }, + "message": "Something awesome happened", + "network": { + "transport": "tcp" + }, + "observer": { + "product": "Vaporware", + "vendor": "Elastic", + "version": "1.0.0-alpha" + }, + "source": { + "service": { + "name": "httpd" + } + } + }, + { + "agent": { + "id": "NpLHzDMCABCBBTXAZqYDUA==", + "ip": "10.2.3.4", + "name": "arcagt1", + "type": "dns_tracelog_file" + }, + "cef": { + "device": { + "event_class_id": "Response:A", + "product": "DNS Trace Log", + "vendor": "Microsoft" + }, + "extensions": { + "_cefVer": "0.1", + "agentAddress": "10.2.3.4", + "agentHostName": "arcagt1", + "agentId": "NpLHzDMCABCBBTXAZqYDUA==", + "agentReceiptTime": "2011-11-23T04:27:54.516Z", + "agentTimeZone": "America/New York", + "agentType": "dns_tracelog_file", + "baseEventCount": 2, + "destinationHostName": "www.google.com", + "deviceReceiptTime": "2011-11-22T23:38:07.000Z", + "deviceTimeZone": "America/New York", + "eventId": 12345678, + "requestUrl": "(3)www(6)google(3)com(0)", + "requestUrlFileName": "(3)www(6)google(3)com(0)", + "sourceAddress": "10.0.0.2", + "startTime": "2011-11-22T23:31:29.000Z", + "type": 1 + }, + "name": "Response", + "severity": "Unknown", + "version": "0" + }, + "destination": { + "domain": "www.google.com" + }, + "event": { + "code": "Response:A", + "created": "2011-11-23T04:27:54.516Z", + "id": 12345678, + "kind": 1, + "original": "CEF:0|Microsoft|DNS Trace Log||Response:A|Response|Unknown| eventId=12345678 type=1 start=1322004689000 art=1322022474516 rt=1322005087000 src=10.0.0.2 dhost=www.google.com request=(3)www(6)google(3)com(0) cnt=2 ahost=arcagt1 agt=10.2.3.4 atz=America/New York aid=NpLHzDMCABCBBTXAZqYDUA\\=\\= at=dns_tracelog_file dtz=America/New York requestUrlFileName=(3)www(6)google(3)com(0) _cefVer=0.1", + "start": "2011-11-22T23:31:29.000Z", + "timezone": "America/New York" + }, + "message": "Response", + "observer": { + "product": "DNS Trace Log", + "vendor": "Microsoft" + }, + "source": { + "ip": "10.0.0.2" + }, + "url": { + "original": "(3)www(6)google(3)com(0)" + } + }, + { + "agent": { + "id": "4SNQXV30BABCAIi+-ZH3gxT==", + "ip": "10.2.3.4", + "mac": "00:50:56:8e:c0:90", + "name": "centos7.as", + "type": "syslog", + "version": "7.6.0.8009.0" + }, + "cef": { + "device": { + "event_class_id": "arcsight:143:1", + "product": "Unix", + "vendor": "Unix" + }, + "extensions": { + "_cefVer": "0.1", + "agentAddress": "10.2.3.4", + "agentHostName": "centos7.as", + "agentId": "4SNQXV30BABCAIi+-ZH3gxT==", + "agentMacAddress": "00:50:56:8e:c0:90", + "agentReceiptTime": "2017-07-18T19:01:10.493Z", + "agentTimeZone": "America/Argentina/Buenos_Aires", + "agentType": "syslog", + "agentVersion": "7.6.0.8009.0", + "agentZoneURI": "/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 10.0.0.0-10.255.255.255", + "categoryBehavior": "/Access/Start", + "categoryDeviceGroup": "/Operating System", + "categoryDeviceType": "Operating System", + "categoryObject": "/Host/Application/Service", + "categoryOutcome": "/Success", + "categorySignificance": "/Informational", + "destinationHostName": "centos7", + "deviceAction": "Started", + "deviceCustomNumber1Label": "File Descriptor", + "deviceCustomString1": "systemd", + "deviceCustomString1Label": "Module", + "deviceCustomString2": "daemon", + "deviceCustomString2Label": "Facility", + "deviceFacility": "daemon", + "deviceHostName": "centos7", + "deviceProcessName": "systemd", + "deviceReceiptTime": "2017-07-18T19:01:01.000Z", + "deviceSeverity": "info", + "deviceTimeZone": "America/Argentina/Buenos_Aires", + "eventId": 31, + "message": "Started Session 21 of user root", + "sourceUserName": "root" + }, + "name": "Started Session", + "severity": "Low", + "version": "0" + }, + "destination": { + "domain": "centos7" + }, + "event": { + "action": "Started", + "code": "arcsight:143:1", + "created": "2017-07-18T19:01:10.493Z", + "id": 31, + "original": "CEF:0|Unix|Unix||arcsight:143:1|Started Session|Low| eventId=31 msg=Started Session 21 of user root categorySignificance=/Informational categoryBehavior=/Access/Start categoryDeviceGroup=/Operating System catdt=Operating System categoryOutcome=/Success categoryObject=/Host/Application/Service art=1500404470493 deviceSeverity=info act=Started rt=1500404461000 suser=root dhost=centos7 cs1=systemd cs2=daemon cs1Label=Module cs2Label=Facility cn1Label=File Descriptor ahost=centos7.as agt=10.2.3.4 agentZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 10.0.0.0-10.255.255.255 amac=00-50-56-8E-C0-90 av=7.6.0.8009.0 atz=America/Argentina/Buenos_Aires at=syslog dvchost=centos7 dtz=America/Argentina/Buenos_Aires deviceFacility=daemon deviceProcessName=systemd _cefVer=0.1 aid=4SNQXV30BABCAIi+-ZH3gxT\\=\\=", + "severity": 0, + "timezone": "America/Argentina/Buenos_Aires" + }, + "message": "Started Session 21 of user root", + "observer": { + "hostname": "centos7", + "product": "Unix", + "vendor": "Unix" + }, + "process": { + "name": "systemd" + }, + "source": { + "user": { + "name": "root" + } + } + }, + { + "cef": { + "device": { + "event_class_id": "drop", + "product": "VPN-1 \u0026 FireWall-1", + "vendor": "Check Point" + }, + "extensions": { + "assetCriticality": "0", + "categoryBehavior": "/Access", + "categoryDeviceGroup": "/Firewall", + "categoryDeviceType": "Firewall", + "categoryObject": "/Host/Application/Service", + "categoryOutcome": "/Failure", + "categorySignificance": "/Informational/Warning", + "customerID": "124", + "customerURI": "/XXX", + "eventId": 23985829654, + "managerReceiptTime": "2016-03-30T19:45:45.678Z", + "modelConfidence": "0", + "priority": "High", + "relevance": "10", + "severity": "5", + "transportProtocol": "TCP" + }, + "name": "drop", + "severity": "High", + "version": "0" + }, + "event": { + "code": "drop", + "id": 23985829654, + "original": "CEF:0|Check Point|VPN-1 \u0026 FireWall-1||drop|drop|High| eventId=23985829654 mrt=1459367145678 proto=TCP customerID=124 customerURI=/XXX modelConfidence=0.6 relevance=high categorySignificance=/Informational/Warning categoryBehavior=/Access categoryDeviceGroup=/Firewall catdt=Firewall categoryOutcome=/Failure categoryObject=/Host/Application/Service modelConfidence=0 severity=5 relevance=10 assetCriticality=0 priority=High", + "severity": 7 + }, + "message": "drop", + "network": { + "transport": "tcp" + }, + "observer": { + "product": "VPN-1 \u0026 FireWall-1", + "vendor": "Check Point" + }, + "organization": { + "name": "/XXX" + } + }, + { + "agent": { + "id": "4p9IZi1kBABCq5RFPFdJWYUw==", + "name": "host.gtr.gtr", + "type": "agent_ac", + "version": "7.1.7.7602.0" + }, + "cef": { + "device": { + "event_class_id": "305012", + "product": "ASA", + "vendor": "CISCO" + }, + "extensions": { + "_cefVer": "0.1", + "ad": { + "arcSightEventPath": "7q0sfHVcBABCcMZVvMSDFc1w==" + }, + "agentHostName": "host.gtr.gtr", + "agentId": "4p9IZi1kBABCq5RFPFdJWYUw==", + "agentReceiptTime": "2017-01-11T00:55:08.163Z", + "agentTimeZone": "LA/la", + "agentType": "agent_ac", + "agentVersion": "7.1.7.7602.0", + "assetCriticality": "0", + "categoryBehavior": "/Access/Stop", + "categoryDeviceGroup": "/Firewall", + "categoryDeviceType": "Firewall", + "categoryObject": "/Host/Application/Service", + "categoryOutcome": "/Success", + "categorySignificance": "/Informational", + "deviceAddress": "111.111.111.99", + "deviceAssetId": "5Wa8hHVSDFBCc-t56wI7mTw==", + "deviceCustomIPv6Address4": "ffff:0:0:0:222:5555:ffff:5555", + "deviceCustomIPv6Address4Label": "Agent IPv6 Address", + "deviceCustomNumber1Label": "ICMP Type", + "deviceCustomNumber2Label": "ICMP Code", + "deviceCustomNumber3Label": "DurationInSeconds", + "deviceCustomString1Label": "ACL", + "deviceCustomString2Label": "Unit", + "deviceCustomString3Label": "TCP Flags", + "deviceCustomString4Label": "Order", + "deviceCustomString5": "dynamic", + "deviceCustomString5Label": "Connection Type", + "deviceCustomString6": "0:00:00", + "deviceCustomString6Label": "Duration", + "deviceHostName": "super", + "deviceInboundInterface": "eth0", + "deviceOutboundInterface": "eth1", + "deviceReceiptTime": "2017-01-11T00:54:54.000Z", + "deviceSeverity": "6", + "deviceTimeZone": "LA/LA", + "deviceZoneID": "K-fU33AAOGVdfFpYAT3UdQ==", + "deviceZoneURI": "/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255", + "eventAnnotationAuditTrail": "1,1484012146095,root,Queued,,,,\\n", + "eventAnnotationEndTime": "1484096094000", + "eventAnnotationFlags": "0", + "eventAnnotationManagerReceiptTime": "1484097686471", + "eventAnnotationModificationTime": "1484097686475", + "eventAnnotationStageUpdateTime": "1484097686473", + "eventAnnotationVersion": "1", + "eventId": 56265798504, + "locality": "1", + "managerReceiptTime": "2017-01-10T23:58:03.471Z", + "modelConfidence": "0", + "originalAgentAddress": "10.2.88.3", + "originalAgentHostName": "host", + "originalAgentId": "6q0sfHVcBABCcSDFvMpvc1w==", + "originalAgentType": "syslog_file", + "originalAgentVersion": "7.3.0.7885.0", + "originalAgentZoneURI": "/All Zones/GR/GR/GR", + "priority": "4", + "relevance": "10", + "severity": "4", + "sourceAddress": "1.2.3.4", + "sourcePort": 5260, + "sourceTranslatedAddress": "4.3.2.1", + "sourceTranslatedPort": 5260, + "sourceTranslatedZoneID": "P84KXXTYDFYYFwwHq40BQcd==", + "sourceTranslatedZoneURI": "/All Zones/GTR/GTR Internet Primary", + "sourceZoneID": "GqtK3G9YBABCadQ465CqVeW==", + "sourceZoneURI": "/All Zones/GTR/GTR/GTR/GTR", + "transportProtocol": "UDP" + }, + "name": "Teardown dynamic UDP translation", + "severity": "Low", + "version": "0" + }, + "error": { + "message": "error in field 'agt': value is not a valid IP address" + }, + "event": { + "code": "305012", + "created": "2017-01-11T00:55:08.163Z", + "id": 56265798504, + "original": "CEF:0|CISCO|ASA||305012|Teardown dynamic UDP translation|Low| eventId=56265798504 mrt=1484092683471 proto=UDP categorySignificance=/Informational categoryBehavior=/Access/Stop categoryDeviceGroup=/Firewall catdt=Firewall categoryOutcome=/Success categoryObject=/Host/Application/Service modelConfidence=0 severity=4 relevance=10 assetCriticality=0 priority=4 art=1484096108163 deviceSeverity=6 rt=1484096094000 src=1.2.3.4 sourceZoneID=GqtK3G9YBABCadQ465CqVeW\\=\\= sourceZoneURI=/All Zones/GTR/GTR/GTR/GTR sourceTranslatedAddress=4.3.2.1 sourceTranslatedZoneID=P84KXXTYDFYYFwwHq40BQcd\\=\\= sourceTranslatedZoneURI=/All Zones/GTR/GTR Internet Primary spt=5260 sourceTranslatedPort=5260 cs5=dynamic cs6=0:00:00 c6a4=ffff:0:0:0:222:5555:ffff:5555 locality=1 cs1Label=ACL cs2Label=Unit cs3Label=TCP Flags cs4Label=Order cs5Label=Connection Type cs6Label=Duration cn1Label=ICMP Type cn2Label=ICMP Code cn3Label=DurationInSeconds c6a4Label=Agent IPv6 Address ahost=host.gtr.gtr agt=100.222.333.55 av=7.1.7.7602.0 atz=LA/la aid=4p9IZi1kBABCq5RFPFdJWYUw\\=\\= at=agent_ac dvchost=super dvc=111.111.111.99 deviceZoneID=K-fU33AAOGVdfFpYAT3UdQ\\=\\= deviceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255 deviceAssetId=5Wa8hHVSDFBCc-t56wI7mTw\\=\\= dtz=LA/LA deviceInboundInterface=eth0 deviceOutboundInterface=eth1 eventAnnotationStageUpdateTime=1484097686473 eventAnnotationModificationTime=1484097686475 eventAnnotationAuditTrail=1,1484012146095,root,Queued,,,,\\\\n eventAnnotationVersion=1 eventAnnotationFlags=0 eventAnnotationEndTime=1484096094000 eventAnnotationManagerReceiptTime=1484097686471 originalAgentHostName=host originalAgentAddress=10.2.88.3 originalAgentZoneURI=/All Zones/GR/GR/GR originalAgentVersion=7.3.0.7885.0 originalAgentId=6q0sfHVcBABCcSDFvMpvc1w\\=\\= originalAgentType=syslog_file _cefVer=0.1 ad.arcSightEventPath=7q0sfHVcBABCcMZVvMSDFc1w\\=\\=", + "severity": 0, + "timezone": "LA/LA" + }, + "message": "Teardown dynamic UDP translation", + "network": { + "transport": "udp" + }, + "observer": { + "hostname": "super", + "ip": "111.111.111.99", + "product": "ASA", + "vendor": "CISCO" + }, + "source": { + "ip": "1.2.3.4", + "nat": { + "ip": "4.3.2.1", + "port": 5260 + }, + "port": 5260 + } + }, + { + "agent": { + "id": "3Pz6paUgBABCAAudQNx1w0w==", + "ip": "192.168.131.65", + "name": "VirtualXP", + "type": "sdkrfilereader", + "version": "7.0.5.7132.0" + }, + "cef": { + "device": { + "event_class_id": "agent:016", + "product": "ArcSight", + "vendor": "ArcSight", + "version": "7.0.5.7132.1" + }, + "extensions": { + "_cefVer": "0.1", + "agentAddress": "192.168.131.65", + "agentHostName": "VirtualXP", + "agentId": "3Pz6paUgBABCAAudQNx1w0w==", + "agentReceiptTime": "2014-09-12T12:21:42.535Z", + "agentTimeZone": "Europe/Prague", + "agentType": "sdkrfilereader", + "agentVersion": "7.0.5.7132.0", + "agentZoneURI": "/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255", + "categoryBehavior": "/Access/Start", + "categoryDeviceGroup": "/Application", + "categoryDeviceType": "Security Mangement", + "categoryObject": "/Host/Application", + "categoryOutcome": "/Success", + "categorySignificance": "/Normal", + "deviceAddress": "192.168.131.65", + "deviceCustomString2": "\u003cResource ID=\"3Qg5paUgBABCAAwIZ-kC0dw==\"/\u003e", + "deviceCustomString2Label": "Configuration Resource", + "deviceEventCategory": "/Agent/Connection/Device?Success", + "deviceHostName": "VirtualXP", + "deviceReceiptTime": "2014-09-12T12:21:40.502Z", + "deviceSeverity": "Warning", + "deviceTimeZone": "Europe/Prague", + "deviceZoneURI": "/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255", + "eventId": 1, + "fileType": "Agent", + "filename": "C:\\Documents and Settings\\XPMUser\\Desktop\\Logs\\NAT_Log", + "managerReceiptTime": "2014-09-12T12:23:20.502Z", + "message": "File Opened" + }, + "name": "Device connection up", + "severity": "Low", + "version": "0" + }, + "event": { + "code": "agent:016", + "created": "2014-09-12T12:21:42.535Z", + "id": 1, + "original": "CEF:0|ArcSight|ArcSight|7.0.5.7132.1|agent:016|Device connection up|Low| eventId=1 msg=File Opened mrt=1410524600502 categorySignificance=/Normal categoryBehavior=/Access/Start categoryDeviceGroup=/Application catdt=Security Mangement categoryOutcome=/Success categoryObject=/Host/Application art=1410524502535 cat=/Agent/Connection/Device?Success deviceSeverity=Warning rt=1410524500502 fname=C:\\\\Documents and Settings\\\\XPMUser\\\\Desktop\\\\Logs\\\\NAT_Log fileType=Agent cs2=\u003cResource ID\\=\"3Qg5paUgBABCAAwIZ-kC0dw\\=\\=\"/\u003e cs2Label=Configuration Resource ahost=VirtualXP agt=192.168.131.65 agentZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255 av=7.0.5.7132.0 atz=Europe/Prague aid=3Pz6paUgBABCAAudQNx1w0w\\=\\= at=sdkrfilereader dvchost=VirtualXP dvc=192.168.131.65 deviceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255 dtz=Europe/Prague _cefVer=0.1", + "severity": 0, + "timezone": "Europe/Prague" + }, + "file": { + "name": "C:\\Documents and Settings\\XPMUser\\Desktop\\Logs\\NAT_Log", + "type": "Agent" + }, + "message": "File Opened", + "observer": { + "hostname": "VirtualXP", + "ip": "192.168.131.65", + "product": "ArcSight", + "vendor": "ArcSight", + "version": "7.0.5.7132.1" + } + }, + { + "agent": { + "id": "4Pz6paUgBABCAAudQNx1w0w==", + "ip": "192.168.1.56", + "name": "VirtualXP", + "type": "sdkrfilereader", + "version": "7.0.5.7132.1" + }, + "cef": { + "device": { + "event_class_id": "agent:030", + "product": "ArcSight", + "vendor": "ArcSight", + "version": "7.0.5.7132.1" + }, + "extensions": { + "_cefVer": "0.1", + "agentAddress": "192.168.1.56", + "agentHostName": "VirtualXP", + "agentId": "4Pz6paUgBABCAAudQNx1w0w==", + "agentReceiptTime": "2014-09-13T16:06:42.535Z", + "agentTimeZone": "Europe/Prague", + "agentType": "sdkrfilereader", + "agentVersion": "7.0.5.7132.1", + "agentZoneURI": "/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255", + "categoryBehavior": "/Execute/Start", + "categoryDeviceGroup": "/Application", + "categoryDeviceType": "Security Mangement", + "categoryObject": "/Host/Application/Service", + "categoryOutcome": "/Success", + "categorySignificance": "/Normal", + "deviceAddress": "192.168.0.65", + "deviceCustomString2": "\u003cResource ID=\"3Tg5paUgBABCAAwIZ-kC0dw==\"/\u003e", + "deviceCustomString2Label": "Configuration Resource", + "deviceEventCategory": "/Agent/Started", + "deviceHostName": "VirtualXP", + "deviceReceiptTime": "2014-09-12T17:38:20.432Z", + "deviceSeverity": "Warning", + "deviceTimeZone": "Europe/Prague", + "deviceZoneURI": "/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255", + "eventId": 2, + "fileType": "Agent", + "managerReceiptTime": "2014-09-12T12:21:40.493Z" + }, + "name": "Agent [NAT] type [sdkrfilereader] started", + "severity": "Low", + "version": "0" + }, + "event": { + "code": "agent:030", + "created": "2014-09-13T16:06:42.535Z", + "id": 2, + "original": "CEF:0|ArcSight|ArcSight|7.0.5.7132.1|agent:030|Agent [NAT] type [sdkrfilereader] started|Low| eventId=2 mrt=1410524500493 categorySignificance=/Normal categoryBehavior=/Execute/Start categoryDeviceGroup=/Application catdt=Security Mangement categoryOutcome=/Success categoryObject=/Host/Application/Service art=1410624402535 cat=/Agent/Started deviceSeverity=Warning rt=1410543500432 fileType=Agent cs2=\u003cResource ID\\=\"3Tg5paUgBABCAAwIZ-kC0dw\\=\\=\"/\u003e cs2Label=Configuration Resource ahost=VirtualXP agt=192.168.1.56 agentZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255 av=7.0.5.7132.1 atz=Europe/Prague aid=4Pz6paUgBABCAAudQNx1w0w\\=\\= at=sdkrfilereader dvchost=VirtualXP dvc=192.168.0.65 deviceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255 dtz=Europe/Prague _cefVer=0.1", + "severity": 0, + "timezone": "Europe/Prague" + }, + "file": { + "type": "Agent" + }, + "message": "Agent [NAT] type [sdkrfilereader] started", + "observer": { + "hostname": "VirtualXP", + "ip": "192.168.0.65", + "product": "ArcSight", + "vendor": "ArcSight", + "version": "7.0.5.7132.1" + } + }, + { + "agent": { + "id": "3Pz6paUgBABCAAudQNx1w0w==", + "ip": "192.168.131.65", + "name": "VirtualXP", + "type": "sdkrfilereader", + "version": "7.0.5.7132.0" + }, + "cef": { + "device": { + "event_class_id": "agent:044", + "product": "ArcSight", + "vendor": "ArcSight", + "version": "7.0.5.7132.1" + }, + "extensions": { + "_cefVer": "0.1", + "agentAddress": "192.168.131.65", + "agentHostName": "VirtualXP", + "agentId": "3Pz6paUgBABCAAudQNx1w0w==", + "agentReceiptTime": "2014-09-12T12:21:42.535Z", + "agentTimeZone": "Europe/Prague", + "agentType": "sdkrfilereader", + "agentVersion": "7.0.5.7132.0", + "agentZoneURI": "/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255", + "categoryDeviceType": "Security Mangement", + "deviceAddress": "192.168.131.65", + "deviceEventCategory": "/LogFile/Processing/Started", + "deviceHostName": "VirtualXP", + "deviceReceiptTime": "2014-09-12T12:21:40.502Z", + "deviceSeverity": "Warning", + "deviceTimeZone": "Europe/Prague", + "deviceZoneURI": "/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255", + "eventId": 6, + "filename": "C:\\Documents and Settings\\XPMUser\\Desktop\\Logs\\NAT_Log", + "managerReceiptTime": "2014-09-12T12:21:40.502Z" + }, + "name": "File processing started", + "severity": "Low", + "version": "0" + }, + "event": { + "code": "agent:044", + "created": "2014-09-12T12:21:42.535Z", + "id": 6, + "original": "CEF:0|ArcSight|ArcSight|7.0.5.7132.1|agent:044|File processing started|Low| eventId=6 mrt=1410524500502 catdt=Security Mangement art=1410524502535 cat=/LogFile/Processing/Started deviceSeverity=Warning rt=1410524500502 fname=C:\\\\Documents and Settings\\\\XPMUser\\\\Desktop\\\\Logs\\\\NAT_Log ahost=VirtualXP agt=192.168.131.65 agentZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255 av=7.0.5.7132.0 atz=Europe/Prague aid=3Pz6paUgBABCAAudQNx1w0w\\=\\= at=sdkrfilereader dvchost=VirtualXP dvc=192.168.131.65 deviceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255 dtz=Europe/Prague _cefVer=0.1", + "severity": 0, + "timezone": "Europe/Prague" + }, + "file": { + "name": "C:\\Documents and Settings\\XPMUser\\Desktop\\Logs\\NAT_Log" + }, + "message": "File processing started", + "observer": { + "hostname": "VirtualXP", + "ip": "192.168.131.65", + "product": "ArcSight", + "vendor": "ArcSight", + "version": "7.0.5.7132.1" + } + }, + { + "agent": { + "id": "3Pz6paUgBABCAAudQNx1w0w==", + "ip": "192.168.131.65", + "name": "VirtualXP", + "type": "sdkrfilereader", + "version": "7.0.5.7132.0" + }, + "cef": { + "device": { + "event_class_id": "agent:031", + "product": "ArcSight", + "vendor": "ArcSight", + "version": "7.0.5.7132.1" + }, + "extensions": { + "_cefVer": "0.1", + "agentAddress": "192.168.131.65", + "agentHostName": "VirtualXP", + "agentId": "3Pz6paUgBABCAAudQNx1w0w==", + "agentReceiptTime": "2014-09-12T12:22:15.843Z", + "agentTimeZone": "Europe/Prague", + "agentType": "sdkrfilereader", + "agentVersion": "7.0.5.7132.0", + "agentZoneURI": "/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255", + "categoryBehavior": "/Execute/Stop", + "categoryDeviceGroup": "/Application", + "categoryDeviceType": "Security Mangement", + "categoryObject": "/Host/Application/Service", + "categoryOutcome": "/Success", + "categorySignificance": "/Normal", + "deviceAddress": "192.168.131.65", + "deviceCustomString2": "\u003cResource ID=\"3Qg5paUgBABCAAwIZ-kC0dw==\"/\u003e", + "deviceCustomString2Label": "Configuration Resource", + "deviceEventCategory": "/Agent/ShuttingDown", + "deviceHostName": "VirtualXP", + "deviceReceiptTime": "2014-09-12T12:22:15.833Z", + "deviceSeverity": "Warning", + "deviceTimeZone": "Europe/Prague", + "deviceZoneURI": "/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255", + "eventId": 7, + "fileType": "Agent", + "managerReceiptTime": "2014-09-12T12:22:15.833Z", + "message": "Process Stopped by User" + }, + "name": "Agent [NAT] type [sdkrfilereader] shutting down", + "severity": "Very-High", + "version": "0" + }, + "event": { + "code": "agent:031", + "created": "2014-09-12T12:22:15.843Z", + "id": 7, + "original": "CEF:0|ArcSight|ArcSight|7.0.5.7132.1|agent:031|Agent [NAT] type [sdkrfilereader] shutting down|Very-High| eventId=7 msg=Process Stopped by User mrt=1410524535833 categorySignificance=/Normal categoryBehavior=/Execute/Stop categoryDeviceGroup=/Application catdt=Security Mangement categoryOutcome=/Success categoryObject=/Host/Application/Service art=1410524535843 cat=/Agent/ShuttingDown deviceSeverity=Warning rt=1410524535833 fileType=Agent cs2=\u003cResource ID\\=\"3Qg5paUgBABCAAwIZ-kC0dw\\=\\=\"/\u003e cs2Label=Configuration Resource ahost=VirtualXP agt=192.168.131.65 agentZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255 av=7.0.5.7132.0 atz=Europe/Prague aid=3Pz6paUgBABCAAudQNx1w0w\\=\\= at=sdkrfilereader dvchost=VirtualXP dvc=192.168.131.65 deviceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 192.168.0.0-192.168.255.255 dtz=Europe/Prague _cefVer=0.1", + "severity": 9, + "timezone": "Europe/Prague" + }, + "file": { + "type": "Agent" + }, + "message": "Process Stopped by User", + "observer": { + "hostname": "VirtualXP", + "ip": "192.168.131.65", + "product": "ArcSight", + "vendor": "ArcSight", + "version": "7.0.5.7132.1" + } + } +] diff --git a/filebeat/tests/system/test_xpack_modules.py b/filebeat/tests/system/test_xpack_modules.py new file mode 100644 index 00000000000..566850a4720 --- /dev/null +++ b/filebeat/tests/system/test_xpack_modules.py @@ -0,0 +1,20 @@ +import os +import sys + +sys.path.append(os.path.join(os.path.dirname(__file__), '../../../../filebeat/tests/system')) + +import test_modules + + +class XPackTest(test_modules.Test): + + @classmethod + def setUpClass(self): + self.beat_name = "filebeat" + self.beat_path = os.path.abspath( + os.path.join(os.path.dirname(__file__), "../../")) + + super(test_modules.Test, self).setUpClass() + + def setUp(self): + super(test_modules.Test, self).setUp() diff --git a/x-pack/filebeat/module/checkpoint/_meta/config.yml b/x-pack/filebeat/module/checkpoint/_meta/config.yml index 4408a7ba5f2..57f45e9c54b 100644 --- a/x-pack/filebeat/module/checkpoint/_meta/config.yml +++ b/x-pack/filebeat/module/checkpoint/_meta/config.yml @@ -11,3 +11,8 @@ # The UDP port to listen for syslog traffic. Defaults to 9001. #var.syslog_port: 9001 + + # Set the log level from 1 (alerts only) to 7 (include all messages). + # Messages with a log level higher than the specified will be dropped. + # See https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs-sev-level.html + #var.log_level: 7 \ No newline at end of file diff --git a/x-pack/filebeat/module/checkpoint/fields.go b/x-pack/filebeat/module/checkpoint/fields.go index 769c892e0f1..313ae685659 100644 --- a/x-pack/filebeat/module/checkpoint/fields.go +++ b/x-pack/filebeat/module/checkpoint/fields.go @@ -1,6 +1,19 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. // Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT.

s3G8e`;5GxP^et}h2CmDisht_o{tfjQCof$k7*D7 zmo1uj92`|@jxIB%1(#NucSJz8*eM%n<-xb1M;?9I#|pu+Pg0t09V zhAv(~8JrFc*sAByThn--J{XQP>>bWPo_rN~bG!D0PV|2I^H=Y3tIZKr$2(Q-Rb|7V zB2Rpx*SPoP?}sz8JbWU8g);y_Ec4GVI7CZ+GYEa3d9fN}?23TQo|6;K_r%yWA!>Nb z(v0<70pLWjCp=-X$&Ey?2r)fWZ1>T|zvj;EIID4AYH{4-1N$K-=f=jeE=SB!VB-vw zfq{V-ezG3T_~BX9Qm=4CdPa}xg;#A@*kz;`zlJT{$Kj@?+JYYZ8ci)N|FS!DZyG-1 z&bT0ydET1@!wWxVN_`j>oY3Y1QID31Lt(c}zZ&E29gr>-gtNnNK>jZaZDl-bbqr zc-fgp&iy4@B5h$YO zIFi{)Whwa!TAWz(>lY>ZWFXszn!RVghu?3iL3-ks0|MBFWY;qpeH{=Ub+7m-*Qd%F zeqxY+Jedib7xYJbQ+1*_@MSOcP3Qadkva(WxtT~d-Tu$cEa3Ojz!d?y+|SDRs!Uo} zvc~)tsAH_88PYTBvt<_g-KO`sS7dezjAJg6yoggnIi0lT(Ub<6WyogTsZh%`Tf!%; zX4`p5H^kKdb?i0*k{_?g+ZJx~U!kcZ)8`v)+)Qb7G6dA@sqJb5103b3y3zJ_n-Nix zhr~qS$s+FcPg1=V(ZHmDa|L&1T_na&uJI?d18T*t5JvA`42KU=N-Zoo?(haj z>C9~}V+IowZDd?+q`yI7u&_D+Y+XfzDQsGjNQ`+%*xiFbkU;fN91qehm9e$Cn5QB6 zFIK0I*emU3!O#biQnN4qVKD5bmNQ&@OTB{bNk^b_(ze`s%294RP*cO86Fpmc(s1eR zYb%#EX4Mby9hBbiBxI$e%vVOuNcFZUngiJ2*?KVBkvxlm zff3VkVesS9P#_Q~NfVJYjp0+TKTY(gpJzM@{wF->abF4+k)f%x+9ZDTQx<2@PH*M< zOCw8=gM*`NB4G(sd&d99T?iu0aAOM~{5iTyzEi(x1k6U1DwaR)76Qn?hWPn;wO-hi zSYeypD}3WcSFEg>f~9fQ4SW$RvQV_(P;WqH$=8{fZS2%bk3i@f8=H?$8aM&uyf-A& z`^1sj2s6YTiRv3$A=MMaNoG+gk1)Wi!WUjNOm(j;#B(&t!;K8q5XdtXSh`nvd6qY7 zJl!7+LBoyFsLXe{E}tr3qmE24Xu7stHuvnAYJlp|(cb?4VK5v?K%xBh!*EO1U{C(f zk&)wsyF!rtv(ZF!eR;jkiM0Fc&0@A}Y(+rNS-hTLBcWVTJ$3RdN*KNWFAL45{uuRc z5myYG%2|z{u@ikRRdbC-BC1)sE?A{fh?L@C@)RSqBK>f?IcbB`@?-|v?AOL3x~8dh zQd&+Qu+oB92I{4WC$R~bY=`d2?tn*7^e?_HkNfxa^4Wk5&ix^Xq-Zpxo#38Hkx00B zn=n!v*>!o>Y@>H2)!asf4A_mUH?To+eR|;6O(^ExHi_E=?Rx_1HN5)!f}=i-(Qtl{ zBf0s^?X=G0i_ceyIJvr0$4y{u%+b;C@X=!HoqE@qJ2|;fXk;!7Ad5Hq4*igiT<4bT zWW=q+JwrLoEG-P25(O?TG8EJu0sNW?;at?Dq{bY1tlIk->PfMYd#DMWA+;eFz_aOk ziWt0$uC1-zAB?iUNHKWh^Y=;0=j@m?oSsE-BkH!# zci0sM@@i@pa!9nJ_y^h|-k&wrBo&nJs6tLCT|CxR6cI~Hr(W$p#U}u5lg2@|>Jx`fGD(iq-RT4?(=6j;#m>0GU9^5Dqd)&jce<^f( z%ks?J)qE({6q3s6X5QmvB&&#_DpD;Fk#wp087B;$B^{(=ybpWXe8Ef7E~;&qUkT4- zz%@3`A|0e>H01Kz2-JdPh=syuAV_?vUr-81Ki?_~*#`_%aNGUxo&Al~)j=+(UtAna z5pH@A2r_q9?!^d{H?CFXx|y#=#7?KmWuZfB;`I`;H)d9&G$HJ*r zJw|r!V5H&!VRlZA$I0R%UCCp()(@B;s#6aC#;$o6TQg9$$dyk{0-x}^XkBik7~;Re z!7DjJp)Y=&&tI$Ew(Olrt;%car^cw>4X=*RuHGjKF&>F^P2Ubx@S?V`c6O{XG7N3m zSj1cF^X0#Oz0P2{G@>4=4(f0|6WyO+tIHyDhjKpRb{SJ)^5~N)<3oh5yScQikPruw z3u?+}Su>w4!O$rAg$?&po5A!w8bfVE9PRre$zQQT$$0h9yr$7WCvYjNpeA)c%y70% z$yaZfOy(sMlW?>8(ZBK0eY-jIfrxBG!3Cs3^k_5t>9&`4$uNzHNV7A)XZLWbki7v1vq1JazbqFKag}ANsTwX<-g#3(EtXhYofZMQ^j(n zIsxZ{8H*k;bZUG(ZIcZ!SD~=7WV1R25u8cG!vVt48*i~x9jJ*SK!25V{+6SNOyb6C zV&9?qHQu~i*O6|!tzhSPBwYh&ee98!c zv+j+70!4rJu#DclC6wFw@p0LqRrvUHlD(cQzs$y2}3=(>)nx`y3T zm5Cib{zSb~!{B&WSmus`2@*Fx0uG-Li{x8SES1o}v&fGhr z^SzhW!Fn_kygWF~CtSG&iP|ArJ=YsEB{Lw^DOdPhMU!7i5}VpRPa8zs__1| z*}wO~^cooL{w=R}WaQ^$dAXh&{u&V>1&>xNJq3T9J| zEnJN6XyC*J&bKvP&GGKF#AdrDN-Rmf z1svKPzdY}H{~dTe(WxRq<938I9`z~tWu<<8iJarji1dm`y5tF3vGuhN~A;S4P+Q}(sqrh1T}CI^I{>QAi^+uTD#LnY}M zM&wRT+}&?G{w79OG9f~a+nCBG%e!y$_N|tA>&-jVt7}ug^5WI`Wp7UkAJ19Z&Sovr z%TmkmDQIe*&pHX$p%9~Gg>2pT3a?*#nWx@V-9?276lIB3ONG*s3#-CN^i~FgsEJO? z&GoxnA20)^WkRQ+XJltaNCl4vS%U5x;ruA$w!I&olxNzyg<)0hqn{(YcaOs|wvJdP z5nj6Owj3doXbLfu*Ik^x9vYNIAuW`{I}yb+YC^?mD5>@MHB7^4tG{YUcT0%D|df7`Q0k2tS)L^ zFdX)@9PO5(DI20dKrN|_TrBu@S6mKIOkyDVDj3(bi7PhcRB!w# zO8JQV(_puk+k(b$#&UphHxGnVosiJt!ctsD#?rx|yLcJqFjmvb(-Li7}Pv{=knQfY?3{ai<1+e2tlXG z)w`eT6sUmqP#~=*X8+K~WErd?)Q+{yUGw34{elHYhugzY*6o3@nVHL<)o8kt(9r&+ zH$O(4_9qQ*U4Py19`}Yi*C2PGAx6cFXm+Qo><4nomZ$d*tv_9c)DaL|uvN4CI23JY z#C#`>*e$qnm2aEGNf67VpIl214 zK;bLF#j5Uv;phv{M^L@y9xCCkfZM2d??u(JQ_kN0VILXXsdon$zEdFsPt+{-XX&_~ z1)SWa;$!3rW!&HMu^Kh&1&FOnl;`ZtT6(6D%ax{fi$N(PZ$B#wUwo?k6>e+yziLw`P%&# z;@6()cI|2DcLVR$bNq%x?66$Dkm0LNu37+&`7p`(xllvz_+exVkQ_9W;C#b9j3H$o zDH$=af{lll`WV1gjx&q2fh^>oL+IrsJt;r@}V;vv*R&qZ5E}%RJ(LGchzWQn%mov6LMbCs(aOxejU7jU1hT zs4FMBaxSbrrgr7w0T?Ft!{gYcfAz)qs3tg%wV7+V)m|`4b~8qD>=mV`FIr>F9gqgN z*76;7pM>?jP@T)fWmoC;&~+84Zohae4Pj)m?B)^QIjwpB$DI#o2Q+=79}G4~lwT2=ZO&9fmIPG;Ao8;EQZ z8iee}qpH?-rLKzN;=uNt-X!L-W$XdMYv#n+V7DFb{QmnR%q=tju%O9raksV-(p;GR z{j2%d%pq$1dmZ~-u^WUW<+>#0_v+{Ltf(}j*5uu-gbr%;+mXuMKS4aMj zAG(H^jI@|LejAgKiro+9gi(7q4?I^=n|o$w{3VE-)WnNiUmAF_cV5zIbdqb(`}8H* zITB@N3Sj!U|1hk29TV^F@9*wgxQaR6G)EMX0+r`~co@L%GV1_O8;PcZV+eQ}PO)b5 zX}h6b8?_5HR+ahHUJ2`%-69tZy5{;2@q$k38Kk3&^H$3DoxivMdXgM2$}_M^@g0~H z-7CEeU@W+4n34=|=QmWNM0zW%&@SiKHYYf$|E6re@5Sr*!DEwB6f@~f%>B*z1BB2h zW1TEdJx|Y|s6{y1A7CitN@lw%m9bnSfn*_FfC0gLmC_Af3*Uwy()!+j*tyN6;n0?n z-`ujfO1iT@f4%i>EiSg(+}MbFsA_*C;31quC#Uc?2DAS;d1WS%KIm}Wkp%^C7i-VG zv~He#ZRVonsuB%CE@8V}xW+TP_*np*Hh;!@E5t8^&p)%tT^bCju^1L3WWjZ1lcJHu z&v$f~))!Hr`*A>kB|fT*8K177pBeztIwrtkzFy zxtQpC2b|h3|NYX*X*j2cRcQvKB$zkeFxX@>f3enSES^6dym$6vP>nYtnv-D;$oAT% zYhwjOF*wXVM=xEKdRUdLR%lJ;_FJ{d8^Y<9)z4kSYguLw;bl&VsQ;X;r;yjLwD#C6 z6w1}**-S$sp&!*H~X)k+@o)RgqrdZ*djl^zrfQtK5A%(hDx(9~^S zJaN1uc-wRl!(W2l@WSi-+@*AJ>1NuB)=MqHbc}-hKDPh$TfB;A`s-EN)N7cJMWk_M zDUlYd-!_-kg5j;1DX-yi2?^U@`d=gJ`3{$}0A?FRmUBl(rwuz*RBvFRElwGbIg8z^ zsBJauIhGZRZfnd`jX00{y8V6o_r)w9KH{|q=4%X>)E|2Je_^E*Nv6fPg?GMxHak~I zp0h}?cF6=g8aC4(TUI)CPE+K4?#J##o6Uh-geXmr#hG1T@XpDJi( za5Jp@TW{s_squCfwDDp2SN8cQ#=;wePZxlc`<{uDm+upAywm1VWFfKe+=;0MvwM&Q z=98<8#3Z6Y|L)An^70ccU=iQx@q!!>&Bi8%WE^$1by*EZbN<%2zY99kee1$dx8kcc zja~#q*?A0|0;Od+3}k`Z5Sc^;!Tj}s?U&;8a^0^|ezH1EJ%ns8_cM*A=bZ|brk5xm zt0kEt~O(WHNoI@LVSBf4_)7k%fPk{Ih)Ir1Yx%Q-JOwI#J12iLY^a)G6e`^vVHOMa-|*k za+OIAAt>Lsuh*Szh!zs!$odx3|5**#jjS5o5Kt6F!6=|6uVtZ!+^EaJA=-X34qNvdN%oIS=n(c{x^cdu+@PlBLdUwzbT_<`&%LTn->>MBc^IAw){P_gKeybuK&AnOv9bq;h zvzMKEPyV{`zaOWr5tgG-nRX=5FbCelM=U~!dUTxbZYq@N-~Ss1&J@>ssnd5lbA(&Fai!7Et{( zm0RAh@K?a=75LyeE5mlhPtt#KpIs>>vm_?G`AeK0;3$SgmAj36`*sdAquMyCMjf<1 zuJG}=m;{niZMgK#F6LK1b!k2^1=KMj!o0Q2?A5D1+jkX{xuz*}brO+2e_$y;#T1F$ za9f`d4@wZRvYEo#p6{7WT;&+v1s7j1fIXdZyU=-Uc^2X3exM8CDWN0Ldh28$HPh5SH^RxM7 z=nu_2);b|sZq4Z<*opXztycLT@a_*T=sZDS9<;Qq1(QbiF<=31fV;J4Cp@Ryejvfw zN7}5T+kTIk{I`+Q@k(E0=ta*?RzDzE0qB~3LGQ2@C`OXy$O$D5)D5ze{YP>C>uy#3 z|A)*ptt_%z(J*@*>RXm z59s!okAOSc+hMSRlf7eq#PniEr;%A{zaUWjMa?a;g~`RUvas0M+TOt@h!qBljb^h} zvDB-f7V~TIZr%E^WS;GHSr^t4M8@xuZ3Xx5+5(z4%7lFYYjJgTrI^?k04`MrG#IR; z|5?7lsBEDTru=qL-HS=lfJCSS91F@Dez>xYMrD1i=Dy5(f$$9I=1uy-J2oks@Thnx zK#xsepj-!ha0A=HvAEjsK6k{3OBnCFKY+MTbqMv5U*l4tZ-9HD)qj?}2c@GZ4H@{2 z|0;a!bvM#|SQBVtOY<^WPMEibmOB93J3E;em(|pjGr6|p>MfiB_dxhUT|sQbCR*-0%o#KZ363=I2ZDCLDVd)Y9)&s4v!^^$Z*dqv<3K3`Klf zyF1#Eu4hoNa^9$!<5OCYVpk%Mv-(rzf5Y-`zLme~5i1Xqg{1RKHiB(cGM&7|mg~!NewDJ2^{SRaw<$=!33B#~A2> z`17@^=jA_!QV@{cLr*<85j=0m3(;y^vPOODma3iD7Y4h_tEjB5t(}%{7PuZYx8~Q_ zXQmtGWoNsd9W|Sg1D(8oan!(oDo);h>y;~L5b>Jw@4kL);Z_d)G3BO#KsyW%`G<4i zA9=XBr27x?_iV=aEYR+4h?0DfA{-gHJ3B9kg-R%hrtF^|e1VBAb%Pr&*4lRnrb=Ij@UFfo-2AM{Z!ZGuOoG5~G(5+)}41>)?Y={(+*;*FGC?$JWpPcm_dHq(Zx zfI1FVd!k>O`uq9WArhyl-F9E`^Ygc7R2iYz%vuBLw}Wki#-hm!5)hkos&j_ic{yIf zsT>}o_5RmRetk19&n{Z?fit%%Fcx8QTjJM7hC*10Ij@zNuJO)%Xzc!fI+#~4Pqj|u z_53(;S~@#Bs61-q8}@}8t$`BIcgpVLo1AC@xSs;*Eu*yUjAgE2@d9MfQHn92I4f&vY;LP) zzEZNJ>x^c1OQp!nG<N$k=PEape00e@ zw$xn&1kZE)<|E;cAn)uarfBm0J3%oIrtLz~26>Z$+q3k!+5FY4O_!WD2kO-$Vs+&6 z`ity-U?b1{$u?&HQ*`Nj>1C?dG@1eK&22MRvx8X;>kjTJwe;|YEas_ubpws6h?_$o zViJ0A4l9qAQmm4S*3Q}vV(tDK@yw`TO?`muotTL6LM@zJ1rfqP#>q&W>@!?Z_qqU6 z@nLagS#1Z00Nb^Vi4prtw3~6x9ioS8!ZuUiBVZ#i_;cKwrV$k&2AvmrB`XZRnMWrF zArG_K>16}R*i{e06(c_>F&uv1hB}xHoQ43H5|)DO4;w+W3E`is_gAiNM`LO0|jH$cw>Q$(tT`wbGoZ@ke+5%)V9n; zZeF#YZ$a?#?^p?Ql9ji^M;`8UXeMbp3KTp|OD!7$3YxRD=~=Ud+Luih8qRq8i}Z5n zI&&Q{<+3=~=1{wSwU|Q=6e<+y`m)X`zLKfP9p}9a(BV*mh^yYkXe||1PJ1W6TZ(C` zO2;6#wY(-8qAA$OHM+R6V%;3yCT;AfR?of(C(0UlIT1T0YPYK#vAu1HsLl|FRrO)k z8@{OXOvsxqoi?iZRLD-}+3Jkz-ZRC^ZyTQ%;Fw=<;Fx}892~J6h(vj-BO?;0o^T7w zld$!}6j|S2D7;Z|L-y^>}+MvW%BV;c>`^5Xa#R0)6Dd&U`EVS#rc4R^B5$SQ}Q2nK$ z!=xN#nZlQ8^hA(DgJ64WOH(tRYcpfZiOz(pAXy%!&CASUS>r5iE$=xpp54}Bew#3W zF-d}#pI=fwm%_!_*^Dd902V5vJkeG_LTgf5R<;*q@Gj~_UZkEeVF6U3P~Dgpvn+1% z1teUJ;F7V&D8bWyoRY0Y|4bv zdP6U&&C6(!=_2JZ4_Lg*8XMRI9k2(2lV`V1TsymHKX+1Z zzhR4~s9HXml8elukYr@PjHR`H#hjj(W9VORVFW}*Ob;Kek&O11BQHNcW151Pm&a?U zor=%+;`3yi?XYyp(~?i%?v#bm5_UVgszO`6V* z9!ve?xRuYe_)GQZ16e~*#0M#5iEgDUauY8A62jWk(-8!ck?9_xge>Lohr?jf+yT4F z)7Q_jima#uCuv>JBxPyCG z5TeWtQ(f&W0m>f94;I>f#+cdB-(reD9zQRY`bLOG(0+?u+rfI`qJCBcz8O_Z%mp(Wgja#q=22Nn}@oaM`&|1*I4W})Jdt;_48R+ zqth4Zv)+@X@zPVuREkS{t z)F>B-Fj`{vt`0e$<;U-}ZV!@7O?X!$J*x6WJ#QWo6tRXShll)7PF9ckE8II>q z%U3CK&HFB?WwHu>;9@SZO)IaFn6$S!$>OUDGRp1XkAW{P9>>>;cv%B?usB>JXc1ipBbs+*OJ{QjQFZP$nBb5!(r!NZG;W=a+ z(DCBJZ1z@YR+f)ZhPtDJO{A^+{5Ug%nVY4h{=-~>rDKo%jqPoQ0<)*XEe|||7@5cq zxS4!Epj>MsHsYr~3->0Wz}oKmGGUdvrRugL!9{OPq`*h@6r^A~0jr`7fX_S?giy=t-E5*^;4nu!Y z=AGsVO!lnh)tSb2%EFYAn!m^KiOL1%i;2@rh~Bl@qmucn9#$RJ_@q#7f!XxznO~sQ z;dinPV#ilEUxz`WAf}W;p{~#OR9(c%zI;B~=(ju#z9v%^E;0DlS2FY&Q0QV#m0lZD zc(wML?1ND--`1n*Dw!5KnD%nSvR;d<}7k~JksD#xN~$lz?Pu`By>AFJ27gN z#^O9-RG?IajF#5P!RBVQn?N-U7N$cMItj9STA7nXaef|;Pd_X`Yk2prlWA~V7G+6n zOhj5q_;p43kBZV#ai?yo4s_LKfbSWYnVHevZv=KLeZfh}Q`lG@4S%SqNv?0;K+Vq1 zUKJ6`mHu&fDEV(51rrWD-5u^%=`j1Do>9c2?|^Qw5xj_%m@Y=>E)=CdXq8J;ynb;$ zS*o~ua1g_3mHzM*c#<~iwo8jc7QPhge)r^U zy1?W8Lmun3wZvLH7!(SC0yKxiVHB|e5yh8&NdsbP8udbg`qkoSo71sCE#%hrwip5V z7|rn(E}mK!qWV}eQ?=5O@8g(A{GG~ zQ@rihJJTs=*>~JX$xW8{A#)qff$4DTMtfF!ZyNT8MbQwwtA?PFQ}VfYQX7NlfgbPTi#Tcv3-=0>i7$Rx za<_QH?t;{@WC zY{d%*zJ_semCB(uk1j6i>nN%%TN9UOb0a$GYF+GA#3DCSZ9|kgfKGg8WPvjHxELKo zV?KhiZA$G#ww`<#?F$7&NL5Y4)btFG+9Si&O@(ne)!aH6{ow9w92ms6#i1dfxuUZZo zcoz?$N)0{e-U$G7)xm-QZae%th{V|V=7Ay>Xjy$@(odMbJg>V0w7LAI@SSJ-vI4Et z`?{Ta*X6sRk3=lbR`{u5_hE$eS=w&|ZMRNaJL?qU6aX8UcC$p~7nFHS^0Qc+%X3Ib ze5UQd!F#$7XELbYj)1DY8A;Z>R6cR0w&yUJOB8 zV>m={ICK>LL>cnssMQ|F>-fWZFwv~UE-XHxHP|b_Ig>V~#Na)zQvYdaoJz8Rdadrl z^D7kj|B8VyhQCBq*ZiEZsfxO1Qb9f@W0E^xL#2{{L4_tlNiovcqTFOUvU~VqGXl+U zA7)Du3t&^0pZdCDE9dL2keC>MK>-N&XLKM|NJo@cLPEU3`%0fKfcG-IO~nD&#d9%L zdg7^R7y+ZT1v43b$&Ih^5IPHem)qg;84E@Ghe}RV#W0Z0z~F5s;NkC}b=H$Gg%KK^ z!wAZp?&pvDUISh2?Z>L$FnwTVr3Tl5Tr(tz0b*ir5v1*2yLdjkI6p0OP!g6l-DRpr zB8QK1(Ade+$)ez&`4xcXoGedw1^Of`refq61B8RSWwA}{SiL)oC(Qn{G-fDtgKWcb z>5~1)X+gX;U8w*urUCzmSw04-qV1(jFd!cT8E8VqYv?o40N5*?b}1f*{jqTpIR!@H z^F#Bq8T34jq%G+ORveg}{K&yQx|0tjINW|<{yB3e@uSW6A^nEY8eka|hzpMBk( zsP8qB8rg!hqU1V#_(oZxxlKfB)P)ZkZ_gl2)QpsOe5l!UN^}zephCK__SrO_>ErSi zC2&6dwH&6N4^kCSpX#_Ng5Jqacy`57Dcb$C7kT+4iLkv5?S3Rk+q5|)oyoM=Db63t z>mb+o`i$jaKkfUS0{SD{s0IK%t{DB&#(&_wwy_qc^WX~QzTZv^$?T^?uSpqE7cKuTe(^uQv$*S0RQs?8%LIiduI5Tr#LV+u^viO$LgWw^Wl2PX7K)n!8kVn z^$U@{79?bC4!f>Xvn0JNCZ{icw|0L3?)-kaI7{;)d@~+g2VdIr+3BN@&sXS*;j--b z)i1TY3HEq)CbL}i3n)!iTAM9KS!h7^l&*&}7lx99&WVYMgfF{1p50R3A*Y!=iip#6 zc6O0K0sAJS+{+Yik-xGEP_wUmxU@GV4QAj~2G{NUxQ23Jim<(Da!{s4*vqJ5xZ0bL z@?rmnh&a&YowyJ6#{d9Sb3Ms*6svE2vT_bgk0`d(=r-!CUoWUNvwHU_`X?)OMf}&l&axeX31J$;5kS=}n%d&Z|!(_CV67=?d8Q}e; z0xrIVjP4c&OD>8tYAu0M^^LW8&Z@bDC1uyDsa=!@!k#Ccw`F`21qcrBlnVZ{!1Ut% z;{rwGF_eXxzThQ%IY47f@hlP?H1>$=BZ!Xx*oXO1j`m!s&X{SGBD`9b0ULm;DA6cq ztWa~aR&4$>epYj2KQZoBdc2UO`Bna@vLPomxWEgAY!fA9=p?a;_zq$Sdc?O2B;xH~ zW4ERRc*A|BD8%ZznQ$x5ffMeS2OSuejVdjnProU z1z;s>TRz=JwUq!w>Pxp1s%oQgYbc4FY@_5DSQmis3p#?Jh2OG1qP8$TQTYH<<`DGZ z)}99Ss>x!CJw{Jnu-T@n<-+Yq&cyqDQ#TyjdZ#O^bsYgY5s^;LFII(RF8g#JMa+FL zyjNK?ROfAM_e6qu6aWI0JXOw6b494;kz!xCW@M%>73frk659YJR$7JB0mb}{%y`+( zE+KL&7-WdYw)}0Vtm$L}kdFX!d z>t`PAG$*r9xnfzePxJiMb5SO#>5^z#XyXJpe1t6vK6ET%Z`8h2O zyM1S8(m?zy7G?|5Yq8%B8eWQ2k|H^yD>RxFs_m&fU0++9TUlYm-#V5l8MNa*nuXz0C?ZlOmn>(1*O!|}{Yfd^_Jx3{RsEjJPe zUdUaN2Wmu}n5Uk2J~y|bq4aSM;el743FdjMBH?jrqXewl`Vv-maA{0%eEj5zmp9&F z0*}>~u&}g|&)65J60`XDgmkgSe$Gu=DTnQ#IN5}r;H@C3=-3rC0Fa{Vj8#x~s%jS( zYLU4g&ivSLd0FB9y!w3lz~<0;OEM_$xpRBuc|jI+aBt+&U>e}Bxd^n)iO;x>cHPjy z9fLWf$H$I(tL_ie$3FqBjs5Tv+Vz<6;ycr`;Mf2LOgsO7=kK1L*RW<}uQ^8qpu4!| z=C>(yMc4$j2z$P`OJP?gNZWOXhAJ(=;2Uaa;d(jP2oKMgbmdH+UlJ8nKzX((R>pAfUD z9ii0K7P?3W!Bu8*Hv@Li17ve#|v^_otX6newXq5 z;~u*-y1+Z%?^>Jk3Bb}w8cu=d7iqo8^9kn>Majn6{jsISB_?FAkb5s07(QX`?^u?t zq;@h>&lFH8n6}>R#-v+=TN&h*na;`#^+z-GK$UnnH%c3*W`Tx>|4g;t;y(LB%ZiuV zXz1P1w7M|%LHz*)RgP5Z2J2fDp6?Y<@z<33=)nCe$|sdEXX1#ofEPqm#4I$XCvvW9{Jf< z^P&sMQ3Okj00ugNI?~yUf|brS8r-}(ds~sRXaX5xz?{y;yOa~z?}EXNH;q^rYyyS zT%$^eN>B=R?B$pDe=2_iGmaSE5qe>%cRb?Es7QU0d7yd5)N$#w-wTDMB>}ahur&hq zy2#$MzP+OsV$&AvyS=4_Rn0xBP&e*zk~bMP%)*sDW2x`PqjPsBPH@)#*GV^tfIN6!Z z2iuZ5I+odz$6)Y;BGoq@F_<_U#X1xNMcO*1g4@J1%s#QNVduSNokFBnn}L!8u!v)f zK%>vt>>%1JL_(LSkI30&0AdFBf`?6S`868L+?}l8S_MdLT9rCDdl{F>Nq(&P>7?#CPbZiu?KrKP3!=bsQ(K})X_+<)=eGvsoNh$PC)Dih=rOZlf+ zvyb$Qz{z8*`Ra^xvZ|OF7OYuK#;Zjw(n{8Mu+Bb@<)o8H1n9ijG@M;d>adQ&)72=2 zzU$HrW3ctApBuge|I|smsI18Jec>iOHgk47XR>N7`KyBcHOgBHWx;i+V_oMSkAbIk zX*A3Xw{jT0liZI~wrU#5Iw@JHV!mAS`=#Gn{pIVF!={57`OOcY&&tCPg`BKI5=KT~ z7PdAa0S*tFP~6#o+noqq4fooA@l1c8DD3nNC^7ACl-8#k$JgQ}zEn|AXa};+demi> zwqR9v-KQUtwAyYvzDPc-FYJHeTz*I54Q*K3vX|bU=@1?2vry+{rNq7aQDsnRX|m2E zN#~9zNEC~XVDc=lsU~303iTGt0EGCcChue`Qb6ZuG`~dp z?bB@Vn7I%MEj(VQbm}I8b8Rxv^wnWGZu4u}rFGX->;cQoiU3lp=RRioDC1!xpausV z3!ijy$@9vxmG}Z``w=OBUa+Xz#LVo@spXM>d`SRc&()OxY~qQB+_A^W^3MmYIOF55 z#7eb2KuA|7Df6e8CAMC&53LJJlZe>M0Gq_1#6Qm46A-_fl;XrfdGHJ9tO6N*oWE)w z49pX*c|Lv;a~HL$s$goF#T+4t`ELTk8)WVQX~y!f>nGGNT4|Ft?6iOtNdS-`kS-yZ zA|S%}jcgDF|7Bw*T4^GPnj^O|P-f)B5By&D@d+*Z^dRD8ZaBwFIFR?`eQsQ!n^Xc) zgKgHw)J+0Fx4u`{dA9Hgs=0mk;j&+ROGZ>AGX(g*w%IeSNT2i#k14eS`Ok5mxtyfZBH&^vz}wZhsY-{ zxGYXPl;S$f$lrcuM$VgTzM%PdSdr|NVkIML6m+V(pQ7Lyb{wy%uKlIs(1c2E9vogB1`qa61n_J-Q!n}CP+b3`a*}Dp~ zCYNAs9k()En@SHfiq$6`>lTWL8>*vB5Iw%sb+iguvlK$v%(73FxG!s@64md+x)UM- z2eht-q}-XI0_JBh@ucWuZhgCIfBg~fXFF#nU|43-drd_Z7|IFQk`iUk>i2SUy66)S zDJAn>ljL{NJ8fI(Q5UK8&hs`1b8~J>kZu*S5j_llQSQ0252cc2MY_tY&=kuQ7&Ehihu$t5`r{JNh{KgC`jin9n#%M zH;RaW0t?b0QoD3Fh;(;KNOwxtH;cEu-#`2S@!fZ3&YXPCa}M@*+-DMh_8hy=$J=tsu6s+HU-o21g(?!zJrM#VR3IcSg9?&xypaZqzle?K|z9ea9J zy?y$&&o1UEY;>kdMq_fi0@fb6HbJvacvo`2r>N4Ji|PV9U~%C?HMmItWzSeij+gBNG? zMft2G-XRnI4i&xNhmX15pViKq_q|kx zH3lZM$Sl@r?mD@*B-soL@3Ed%Y%1t$4~Ea5;7Z|!oWfKfrO}#KoWF0V(lw{CqAr!B zBfC}}68gNZSn>5Ue;abHsG*%yX;j)H2x7q8iu4#nYdb4{d<;vib4p4@%lz;{OmSXK zR@Nyn-^c<$vG6A)p}2ct=haNyK>l)zNGZxAm5@+ z_ex*ZN}pl+*?qaGqpr1=BhyUxzj-3)7=*Ug23lh4^FH7`L3gyp z>U+1-rE@{7tXd~r6B@;lI_3b?zy+W05OUURimQ>|1WNm_8}+z>MyD#dSvr9ZQL+X+IqRkZyLz8_~5 zI(?4|94aNn2G6$zjJxB;_WAEu_$mF_Wc61XoSjbB*qnmmp?X3mM-rG4A}ybE<_8U8 zU^Gmuz(H&>YZt7XH07m7KTex+m@QT(aP49crT=QSci9jioRorug-Hg5@wyTel25TZ zm#O6@HX;onGtQQs0|f=!*5W%YW>X7ZOAAYj^w&2N@!6>B1ysGVR`Q!v2m3t4CDp@J zid%1zOR~T|s_<1BQR&65UG}hCMtY!NP2xFGV%FIWrWaHIj!ifqI3g0z1F(L_ONxP? zm*k&Lw3g34w)$YasM(~)X3D{&4m{4)X*=xo>({Z?>Yqynyr7n1mqXS-_tvX&jHbka zDxf;|4eQ0iwd_vG8>{b@ z@wBuwi&l{NssDO^M#6`RJu535tEk7}she%9zOT62lZ|@d=Y`PoTlpT~zW@lZ-D6It z4HRkj{r4@)w?fE&M_XSn3KC8V+RR9*0kDbEb`!EkZyMmTm}GV$OFbD)U{>8iT84F= zgjokdJ&e)?!nhJ+ZX|r>qfdjHO*}1zY#~6t(nBSmv9U1$jB9&Lo;}`&AD6EG-qHA% z*!=k&^nvc@q`{dPMVW6kFE@@U8VhK z;i%U#4FIU01fFzLAY4B`t%r4Nfd%2J;5N8yoD6c`}cTCI2r} zMb^#R_x#dc-w4{jQ8*l{!f~VwtVuN)0RnCXFDqikLm>yHx@R;qh0 zf;gD;i0!B_+v9bC-GmK{UB|6~|3f0xw zDY@euc+S`%A2Hd0wd+XBZWEj~ktOOg93vo@7%+*Ea;v+3|M=VA=$CYfPyh{9Si0fb ztN#blU&Or2YEo=}(7JZ1eY5X?M3$n4(%6{xP=5kDVrW;pPzf+5;M)}0-z6Jy5?!$B zY`euAdSi_-A3jk{oeTG{$CJ>81VUt1$e_S?eTc6Y_RT@OO?71Dro)3U*eog zCHA*3-kBI6`@wOK>MT=dsD0t&l|QHW?d5ehc!qA5F@?Y*+ZFGgyoDGAB%KSTE-3)N z?Qw%ffotN}zu!RBJmEMMgZDw!FAYV+*KD5)cN2Zr*At*3UHdT);rOBof%qjsV7|XL z#Q*K?T)s~dO;5fE0vAz1{bG?T06Ptz)ARHC{Mt@$9AhywiM+~o2))YLL{8dBw@0}WpKqA8ADVWC~&SKX{BNB zp{=D1auU7Ay_1FX>ab)3RllgG;z*J88N$3>1Q&nDj&QX>_KidDPtPw+PO);{yU2KP zvc5R(0gcKRs7m?K3{Q~G9x)dL^ONwK725(1c89W({{+nd+`g#j*AOiXKq*lQn)*M= zj^TlTbl7?>>Uo%iSDr1(K&CN|K_oslJ=d7IVXVME=L6%6TXZ z@U#LZS{0rB_K`|pW4&S5rLPkWj3o^M)TGq?roA5_f^u1A>aVCF6XvuokXZLh40X$} zSCYSfeBKQo=5Z&l{duQErjrsk>4EuOBmdW^YE3mG{}{gWmlWI;M>-)ieMNZ%dZzU( z7@W*-_+j@eWc)##M?^HYK~bYs;1u;ki(B{2m+f41X&I#Hs%t|tGj9XVNET^w`MR64 zlano$=?2pt@|E|l-`Lxn-%GTLdfZko{XH7^izjf{N$ETKKv=l`|w zS!!`7$K$ADD!TR#!^|usIm4w*G|8@8F1oR-sH5Y>zWh|%^PUJI8|@M>`Y&MxKSEi0 z&P5O?$GzVeX&u&SB@}7qet-l+p<5$KQq}g;0*3>;mmh2(eObi6J->YMO9wj{D=;o+ zk?E3WXcZ@~w3vc~-^OyRWTAvf0S=s`Qn}&X26&njc+YAA90Xi3B4W^RQRUhZPbSCD z924?QgK(CH(-*BZUNVf+GtXA?66`h={I?vuqwWEVD0qqSnCv$0dFOW|&zoCNRMxR) zc3cdP{;>>~HlkQ)qOfm!8$-$HV1_7$gb{>OI z;1@qfKd77QGhn@fZA*~Wv|3L`Z#h9U@;z|zxXzYZ?R=rJ5kGYQnF$yoTM-EBln{W1hsl!})?cR^jco|F}`;=eO%&L|vH$8q#o=Cxht1F!)fZ%s> zF)JR7ejBBu!@2wUz5?>h-q8v7nAs0qN!BMN75IbY$`VC^{GP(bJ$l3Ff^F{HmQkG9 z@I*gkO2WN zu;1Az+sv%l7CR(f;59K+iU7%h4{B zy(Oe}oKwZ3>Rd=_hMo;7K0KF=UcdQ-5d2iLD@$q}4yV9#FsiVNL~_14ystA<2nRm( zj7LRz938Zn?OuKZu^t4ns89cmL8US251}NWdGAc^a>ON+p#jfEj8|^Hcg;{+8ZK3l zcJMbsvf*9|_rJd&JsHri6El>}JFxcrGCc%5eL&n1mp7++^E%nYH?>QSsa5>DxII$c zO>&0pP4EpKgCn5UaoQMH`wJ2EzHyFn3jYys{IwmI-+^x0557=iZGOv9LPqLlI0|z> z%*=7OS;nj5Zyp#Zrx2wN6HaHd>tnJy}@xv`?OCdE8NmrHy` z$x&!$t+zb+wGm2=fS47{pkAiPnR(7whu@ePgIC;7U^0fKP2x%9WSUOREFjWl&>A~E+>5Ylkfv*@SUBvQ%;-RU9F7t z%&Yx~6F>{%HC|vpx8-x|mgdWncTOMw+xhD`N6{3p@KO>(20I-p028?|$p^MLJQ)O= zw{QC#s)9+ihVo08aa~#WO(0RPe)5+B;fVbwz@K0y2?+Jth27&lEI8?%P=WO z_`^&I*JYtm>+LnFO!mH0g_J01XfUGjoHPzkZGJ19$~tKIvx)X^;skaZFfg|ijfv#l zKsNAxOa)z@vF_v4op3*@ZB>~ud1MBQ9n;y3*8#&;wlm9DRBBpTEEReasYkteFag1< zQG&V-)V=BxQ%XtNKqK==BXa|*$w#l2ha@CdYj1(ErXEa32JV~O_NXraJ=50lxRh*a z+A1$T0W1Rs+9h5rC3#-fqW*n}LEe`E3o~rUUFUs-a##XXOK}DVcLs-mTu{#-N+HE! z{YI7RD9)+@00;EogMdKE4=IbfgUBumX!XSc7pn-OGjZ;+16(*ocuG~y7YN9M=RIZ~ zqJDrJW`q8+hqLf@MoycY;9>0=C}Zq#toYKnLfSyLO-0!&u_i4d0s$p~K}``{7Rkey zQ%-l#*pVt@XgKH*S|zWeLqWQ9(eTxYa~RR;nw=bDAqvPV9E!YA;~A9z$4%2yaq2|w zR8rTn%JRzcNEjDwEGsiJpChjT+kI)C#y<&b{t^OEhPmTX&Zpyb)*vS|G<@o~r}#<5 zF!HO8=XWB4NvH4i79MwYe%`1EIg@C~KsO7BG zWJq4DP7&?RgVF(~NDpKNDVyK{v)So53AWaiMDOzo*w5L!CYV2hX{d_Rnn&$qEJa^V z>JUoCn26j#Ze%^kE}XoyETdoj5gLPoh*`~M>gJBwYNMzXQd7~$QOng}VPcBhDh}&o zn^!h^8S*qsl838SzBK=wI6L_V*8-S*;^1GmJaA)PTot|cq-1ro{0!ZZfRJ!;F|kVL zz8WkhJY8{6=`Yj&=hgRliQn?A@MIiKh3+Cx?6Dri-d&=qVo!(lbf-JOtgTBsa)94F z&Q1&(qDd&z-7yr$0>HP*oJSqprKv`&ZJ+}m*{i&E(~u7-q~DPm*mUvxgqD@(*c|=O zE2Qj`M`_H8eKOO>Tm0Jhz70dled;=lo8T4d)=+l}oi?V9-v`U+n`EAg%O0n_-FYW6 zJ6Tj{KQN^zKteWZI5K@M(JUt$-5_vN`3~mwkHK}5XI>A?9c^E3kmC*Z^dyx#h>KsN zuTO0pJQuDUQbRtFkp)|plv;nwJMXQ zePzHV0m#5xA1AnN@GK_mR#Mlu@@-aEmTdTK%W%pwVxR5Ut2N~ZO?pg?536~qrMQ>q zq+=2DmeumgrQW_hZLRe69?AyNL8_co8$yD1i`0PHqivnRP3KgTL-MnDdk5FO@wtcK zA{;-lghC7#+?fzST=Wx4`ozMKa^eq@Y% zFbBcfMCJEJ!Y=2f7j$X`y{hz&mlMC8j73Lrw?=$KM~PnE#+D6 zsBlnM*q*KYajc2t{IMbO`QqUV0AlW?)F#EYG{{*@-r-oEtzymL45t0mg}0akWk24< zd7K8T9?Alc$#AYbuc>>E%cuZDK5Y4IWfc)``@Outw9;j@3k+8o$&$x+@D6kC440~I=&sWdm%wh-uw!m7>9%2G5Nh#b0k zS$+HalELEFaa2z_9>ZuFEs0-DIZf^J8rvQ8%UKsh?JXGCN-S60)adWS1|UG=Z>A{@ zB0hb9Rn2H|V}N=5C4`vqWPh3CDC;phvCM3;ftOu>WIP}nPQLeLwkaf{v%AUCAY;X> z-5yI{|2|1#D*Baf97>Zx`wb38qzj^s+Y_bgS=-(&RwwjOw#I_tXR6OcG09rby9uEo zp!P57CMm`Il^-$H`zbnMWzY?f22=sA;) zPDXiOsMDs5M!s3RW|8rM{}EP=d~OZBVRIM-^mH~sgNmwtpsfkbbpH#Tj#PDG?q<31 zZf0TAlL5-<=RP=J(c4*#=2V#2meQE{6ie0>#pHw>e$)hh8R+vjb@3%P`wZA?yUploDRW`Cjm*CN9 z!O6JCcRq6Pbq9idHoKqEV&h1>(>j^1fQvUXZ7F~Bng zW8R$XXY3WKUS98KbtWyZKjjOn4!mjlUCpx7C++o8J7SycM9`^7a*G=!%=55TA$5TY zP78n8NKGceoW(<8S&Q~Du9iv)PkOSiU!Umde~NHGOEo+$ojfag)vH*tp-cs(IIFGv z`b1RSqytb5nbdlhmL9k)#=W_v0t|&}cXMu{_W;_?|!7`1ZU-FDjca?e?Yt&7h(W2n% z*p~b|L+h1OCrh=8o2v*9gD$NCs&8dC!Ns1o@e$H;NEi~YG#GumAeLaafoj_Sdj#-L zeSGBvb;oJ5Bv-$5Y|OXX&0%|+*&(X4HDKdH;{dh2P*vz?$IE;;y(PdAWD;rPUB(hw zE1xqkG9su~%@k|{i9a#Ggw9W6KO4fHxNCL@oqGn=)+R<^f2Q!9??f9M98@gv1ipi@ zy2ruS+<{|#BDE>j6G-)2b-627xCkiw;UrUjp<~n z;M_`&;Yo1W-n(W)Pg?w(IEV(v$_SDBa@z+hJJ7SOtPQqyo zBbMlLozmh$zRgIfTrML^xv;6}Swgr<61mt@|GkYt(U&5y7>GG1llF0tE5IylFbk(a z4r*$%kn|QN*}#C4NG(4JKfB6I@oDC=bEHSoM;qf@a8i3=Wei$!@ZJbD+qEUwDEfL? zuy-JRKcfWR@PEG)lE9l@~&$YuBkNo0R(GZ&7l!Fig|X`~dF(bH9`sgq{#TvgIW2-qpb^rPMDC+xizL>)4#F zP}Y(F$NC%mcE5r*R|UKfnKH%(kosh5u1 zorlDB9kd?i8g9~+c^No=ii234#w_exkk|8ZJ)=dHp@G{i=I!;5fShD|TMI`_*zfL^ z*5=yvE@fO_MYy@SF$V0AvaGrSl;Z~AqBiu3!M#IdWgiK!nP5J<%k9aEU=5)YGljOH zc%wo!7HSERu0(#HH-jOMk@GeF<+{kDqNJ?qi>?2L@h-%wJgW2BZ1swIyYWJ{TjsI~ ztPL}z7dRn2nJU<;Mv`jjg=g8(YhJQJz*JgQ?c1eFwUuZEHz%WCIl$w_ z!PxLL*MD}Yz_alwJI%u7f#25pc_h&ffnX0j1%dA7S=?`#NP1iOEf163-$Z>aG`^}1M0>%Y>OPL zoKpAh^E-5{jXP9O5~^QU`Zew*ywgL|5M@YOXuVV6k9xve(!)r{rNcu))Z4JQ;z5F5 zRr0WF>4WIh#i9A=?zepN+|MSK$u#M=ZLk3YOhvPY!5y#?;Yz^sZ5hVOwDNT4f|lem zn4;`aP4dFs#tep3%;PI_C`cil?db@VQyx7$Aq-5KIav+=(d? zKi(5vUmbsv+d#hOlNS)mjw5NF@vx+4ctP2_HgN#|PSn_d{Tpu$kj!0)EQLKoik>Cj zgRZHel3V0G>Vz?CDT6L`Pt@)sUsu=1|L&Bq*E#G3B1TExRHG4y9p!Wu3Wh{~RaMpc zM=ghgK=oSMK8%q^%H|dPJJa!xS@=u6?5s^S)!|;V@u3?1L4avax3mtRZwxtOW7k-4 z5Z%@MxvfgdzhFs#>A=5hvrVHtxzDe{zZ}S_j;|wam#z? zg#s17E{q8Y6|kxDZfZy9%KHHr^kf%5l~rn)9Jl0-~H4_M|?V~s;eog4sye~g_|^sei+Ak zyttv2$+=2sKU1AVCwrz%7il0eiX$h&4vSR=+w zavT`SgaYLuWWIu1JxQf%{?UV~EVP1M5(C=8%du6rZJu1Aur6y=y73YV|1#-HV#2t~_clnCf6|&C&TL zHotARpIpwlN6LUd>Z(N(5&uJ%H4~`^zUo3p!GXTsm-|>Dx9D-ZfQEh!`H$O*J=*lX2EfO?3~e@G!BkD6E2+P5(H4N+TpnOWW>W5pw>&nkmgyV*xRbvJ+V9?!wr_F}w% zwhMWL-5r-F12V%}IAnM31x((|6A?i{f^i&bU_TPArWK)@`(W7N__kqQ$Lx(Ydxlq6JR& z%q+X=(FJ&r2C+gmDXn71WGss48lei&E=l)&epd&*3&htHagNJTY}}fV%3PZ~=@3{`1w6BD0y%wFVaPn=;3=|5C`q8<>>HeC{% zn=kmRJRW6vdAYp2JTNeDowQkDqFCM1!J#NcOh0Y`RT2~ADYjkhjkR*L6AUBx=Uzs| za^n4?fjA0ex7asM=fXXvnAqp$ITCE@Kjw=XcZMA_rSoQpp|sv2YkfdZFY_ieI5dc7 z86r))dww;5Iu89n&ERF+u+~xxF*%Y zdcHy;2u@8NGze<;*heItco%EZ_WmlzbVbAYF#cQ?E2{(-ae)lP@Z2YVhj8J|NWM=+ zLRT%S(XVs}mrj5c{q*{x&`ervKzEGekAtb8{Y}<(!0W|0*x0x_gI5vCCs3rKNSCWF zXd3q|U1gOOK6reC+#cjZV?T`uH6hG{@&Ja zyn!?V!&uZ!C%IEyyDvz-T?aKkn+_xy&NMHIw)Uig?d*KJV_JtaAX`X5m6U9=sy*nX z6`$H}7K~N0H=2qZd7RwZ^qK`|>#*P)E*t%% z3YrrxpX>a_`*gi41a|D~Hr^Y=^0x>7?PI4WQ3N-t`JsSg5u8uKZ>CU^6VS5x(`MD( z@@Y8q{u(XD$6H|=m37LX=Q444Ucmm-5&fpB+vQPOzP+OQf5-|Q(m?#crxa_BbYf)b zl2|3|D|j6D{Odo7Iqcz=A$jPgZ=nQk1KRECP_#zcafXmzlXKwu|6`-&a6yJ7e1p>* z=`0dse3UsBb4<`q##&!pM$JOb>ap<`KDa9+eq$D@j~^91VJ5)zX940L5BmFaO;UiA zTB4@#AYVxvrSWL|o4LrkR&XekPG_C$)lbIo2|$2h@*)rC0X9Kzu=Cm3} zdAbgr85Lh{Ju}wQlW+~IIyK}6`#>=d4^8fWeWPKS^ek-c#iI{~zi9>!bLkfMd{I zF_m?RO+qFc)F>1QfG>2Uk6Z}1JSA;kw@*s>7x_lRG+;5fRIf|@c`h;dEgfz2%>7(0 zZ~v^PAPvBue*gg0I9pf#z)&b(xu{bumcFc^CB>uIeyCX|{nA-6JmAnzV&>~tHDRH} zbnW;5&M#l5o8b(6-o5$PUIOl+OkO8B)tk(ReVSU#^Ptf-C_P@t=*L5BgBPv;eN$`{ z!6M`&pI!y8Q)dZ6!?DAmFw^3E3=qS6drzQXJOW432#BzN;{9av2cRN{)@G?CKT7AK z&VbFuO+zr4DjBgWbofb3FiGivfq_M9Yq>r_0Cz?&Mbpx-?(io-`~PRo*)xLKDlQzg zt6x@)z>PT$WA9eqYK4*zaLgFUa9<*rdN_SDY=ATU=1vq&MelF^mrDjuv*Gc%x-1^S zW6mBUPF|(dhMNc^vTnuIN__*@19XC=4MIy6Bzg%l!b3g%anT@}GDb(Mzg@MbsZ*JfN{!*9@%l{R) zkls~g?~(@5DgV$3-t8ENCr9-5oW#M3hmL!^ju>a*VDye|hP+u(jrtxw@CpBRLH^uW za8;&NT23X9|HiK(tP{3S9%OAcFF2Nz2G6|YoXpdqWcv906}l^pVH$e#A0PJ{N)GM& z+Y~9%Jhe$nFAd)IyU9fE9bHv>BMp3!J)YxjQmz9`KrIy7FU27S3fr*kgX*9nC}(a_MT_od60D;Td{y-HmA`M-^& z9P*NeZwi_NC_yN}L*fDf*E1$$>0LOf5Vc;ksQeWq-jRc_O!n1>BnV-djPxbsADqAX z?H)8V!M&w5j#b6|4XNGT13r(AHzHTVQmg$Vk57*F*2A60WmG_7tn^{Mgq*~0OIW!b zTu>+jGXjAqwBI3QKI7q|vmVl6Dcm^U&8_t+ToNx%%P9L%S{xff+U`D`ph455oLx$P z_r@K-i>PjD>hUcbwS`xsiX7mD@C*t7vKq-SC7j{EuEjBov? zp!7uRiM8qP`t~|*atoQtkt7WJYkXTRN~}U4SMnnH-VpPz-P}kqnnqSLT@NXKi@a1& z@~lA8&L1G}IvMqCf*BCu7h66vbX4U!zh@-#z zeIIKFb&1qy)NFFWuzM16xz#H(3pwXw;}js#8zn8|RZpaEFn1ty+$R4bVzuUUO{jS6 zxHg+vt>j6dDjA1f3&=XED=2LD8c#_+UE8^1etfX{*g1(tS;eLL^!NlfA3kVi4HAPG z-zV}+#|g2bl$G!5xb98RQAB%G-MRQRONZ1yK34p&Fda?WuDp{#EB1HI#Pb6B%{9atGGql}Ob7^f$ss8w;WAYIj zav+zweG%>;AKhwI2ItEWX>FTbT|sEVqoqB}x= zl_o!f&CA2ZMVyJ6o%*mqNT!%bt=<6UJPIn8jOlYH$}`YZ_YJk#Y!WF-Q!uj?bpYJ7 z&#g(2KrYz+)#JUA4Vrm-+Tidci0CVY%&Eke&oM=OuH^TAkPO}tv|4Kc)5{Yz)%%Ji zF;z2}=m*rMmIng2G&HW9+MFw>(CYd`vSvUV`5TS-Zl zC>kWYAMW(#5|GG+@6-}F}vE1 z34;EuY4Dpk^`yLvm33_FtW$wugA)H&^sIr}u=-M|$6#Kkv33}@hh+WsZCkL&ZP-wx>dk<`AfBEzxcH0#_wIe+?4%xr8~DIDM|qAUd*I-9aSFJN zobyX(NQolEzKp#Cpa*dJ|8Sg&#FO$0R@SwyL5=2O%(7mxO0B+R?SDLT^~`u*E-t~~ zBzJFLGyheM4$G;a;dqY!;YT;C+T>S8aR7Jx3tBcT)llg>YZj}^k+6ch%Q z-r5QhAo@ajTHgJb78fapfrL(k1R67aG46)*cNc5oV+vB1eE5K(89Bm13&c?R)Eraw zv>m2VvVQDwMxZ4>eREiQ(ypDLt4n9=Rj(?CX}#%JS)wG)@zRSVMZx!;PqUFDXWn{K z-%IfPK1U;z^$-eOSh(}eJMqzsvEkr@3pQeF5ECleOFNgGbl9j<}|D&>{hFBcLY42?|EYtBi-{UL`*c;;3A~Pza_UBHmOS61spYTmV$$qCbTRk=krnG(hIHhQ;>pY@< zquSJMKUE^EaUV6?YCK=OfI+hU*=o|DsZzI~!{NvLK4(xDm6a97Lgkm%-K@E)<8|Oy zVFJ`3C^8Rk?eXt2Uy@ZTdEV32yjPt2}Y21j~g_NS~V5np-nFBogU0r|Z1nX5P-K9_=K<}`-vPV)%&g=f8 zm&ZxU(4mM1NtbHoaW;c16*4%j8}FE^erxOCakTWS#zwPX#fP!X3VAzkLxUp^dgP@l zpd26I^9|cky(SXpaB4+R#fQLmcY;7n8p4%-TAGyid@{BJ&3xkBCCc<48&RZ9nfqyH zxzkM@FCYFcT0P6lvHAQ&tgL&(a5dW`5L_w;vmP@eC{RN}(xU~;j0iy@y9-Z`beUM* z^?LeFOG;j5QoKJ2@R5GR5Hd0lYgILEZD~Ztj5bC-<<_Z@5rcHMEav&6n7U)QSzJ4= zkBjS%J9M)?P|r8Bl(nicpdb}Am@exV8)eTEjBtN@tq&VewOm6#K9JiG`2OyZSkD_>6@qeiFSc0%>_eNBZ|t({B{lW zDdIO2*ytru#}~5sQiJ)~HN#3m$aw}_Y0cCMzFLizNDJ1mr% znz3a<*<0AyXP{;Vv?BnVyw{D#RcFZ5o_8B+M~KuwOes@d1q=p+kG;$4N0ab7MHx>T z1VodmsqF84al_TqN^cnM!n4|Q7$jm~uGZF@D=UEYmOnOWu?`gu;?GqT-_NThx@Z@wu;t zbu`CrchqRy<%}6{&|NrNy`1sxsrETt5TwOCKw>XC&$1tuocGsqYF&bzctt6x5PBYx zK4dD#MiOG}B8bEbr)_IMlf4BeJJCV3_YLV$>yiFHilv`a>4UGr}mBV z+1EAIc&UndVk#Fk3IdgSgS_-ocQYJ&R;mt!rfTd%$Bf$dg=#c*`rl#EB?`ItDwZ3J zVq!Q$+KAM6c4!QvLs7FqKtTN&a;uWAfnEe5<*8~rJ&jY|0Op@No#x9e)4Y=#-KWti7mxcDlExHzgKGYiI_Go8I~-5;#4#}lzz<+S+lYyz;i`=M`*Tr+2A z>tgBQ%S?Bt8!FL@Nxl~;o%*th`cqLx8TEsQ@)#r#@w;BfCK&24(LhZKwlXhGEkR|T z2puK~<%%)snqt_N5(c{pV>Z?YoELx>-%SZyRYlTep12*GARCGpaFTlidmmMUsC;TPFF$EG+WMm2+2*qs>*N*VtsA2Oezh;E7^>PnK!!QZM}pl>dk2&BkeY zkgJ-gKfE#T^KQWxI&Z(whMpqRV}=#$Uw{GN8jlR?iK2PHz_NwOUi2&GK3&(B^s)8t~=)<0!lJ=OpNM70ZYJkJ~JnKeqKmdwn|#`Ht^O$2xVi2?E>9YVZW zB6M(_LM{_Ya`;=jgU`nhL;f7jZ)Bg*h#<)A5Nfn2IShG+&C(}nH7}$@WD_27j@7nq zFnWzA0W8B>)MqMY1_qFL`mnAQyN@dY;A?wVlETzEc-g9wGM*-kGT+ldcUiu}dd%S_^YVse7}d(RqEahqvv5j#bRw))IR zGBjJV747q%*A`bvh=^D&zAEZZ4VeMzR*yOEie?+ zM$)I+G^V9oKs;NbL`G*Q&Fd9nu3Q_F%#>d|>L)$)iyoRL=c;vhY;w?oOk>$PCrIR z$*Hj1+tu7!eo}tCx-01J&^5uV8KrccyWHE~GmVTp?i*dcb)xpI=#>F`I^fY6LI#6! zYxs6|Ov83nQ5uFVM~*x7+Wo4Yi2Bj&XqET;!0L*xoyH2(fLSybp4&z9w^$Ev3|JGY z#q3GRh8;SmM!QQ%l9or%XhI0_M=DjYTTwI=)%O#*0POzcf`EdMYF6mt?Yy{uQTdO< zl;7r?gA8OR3M`}iCl1y=BsEmBo=z29T@FYcbumuNyuq>=*60Fa3*5=$Is4o*5Qopx zy=y2II;$rEgr+HCHxx7!|0Xs+1;}Ur`WkbA(?NkosYj#XEui6!RvkpJzu6-?sr1GQ zS&r{do1&1B7aezGr)Uum+?%J!TL6S9dKm5c&EFnW-ZGF@QL63O&BQ~c}k<5K=>kCK=r>Bv9 zD>7^bjt5PL@_q67EWkwSwP$En2polZy02<@vOoOH*~0CSWih9L<%<>;}6s>vHvPqpFaYIG)F#qE;6OlxNCCF^d~Zvj_2zE*q5}qvN}Vg^ zkLuJ<>xo^Z`ESfhAC#axf_KvB!?ojB&3zG|zci!H{m<|@00TB_F1*}50GelR9 zxenu>h7XlavaOz^w$HC_i!ZW|djG7~UBg_G>LcYQ7X4W)>GAc>#TG%(IfoeE=Ti_x zVub+GBjfp0hXr5%ou|(RgaXHno=M`HS~x_=RFgI}iWwUijSs|18?^>LIFbiq_O3}X z_C0rO6K4PfLOXwDD(s8H`fFxRW14AcGqwUdixmx*rB#GwL27L+jdbVAAZ3K*c$YvM zy~L`?V46t&M(;{Bv9c`)zObH4_8JOhTfOj=ip+k0*bAI(tK?1zx%kJnaqg|$%K;&h zt^JZXm)a=&*uT(=RMRvOdx4l7=&49Cm@>7%N zd3$QbOjC#06Bk@O{H{#x;~G?^v4cvSXsuV7b>`<^cdThfi`ff3vT(Ki6=0D~_y%*U zld06{ps#j$qJ2n5%d{0Qe2hWN4V4(n!J=oSZP0u!EJZxn#Ql2{2QZ+(ly1oJQ6}f4 zh?l~pW<~zVS740SV?x}p!9D(i*F})yY4*zk?kLgUd^j;18c|2ciiinkr{)GD9`w;t z)PuiFKkWIS&su$)5XPcFCZktNO$-sRNY*8L5BJaDw9-^i=q)RlHDhC2)i;QZ4b`kD z%F3Fht!uf?4HZ78X1!=ESVh!OKUZc8lgvwVd~+09d&;@)Yfs!93a?gIdyfx4JEkp8 z%STNRa|$vknE#-!rs&m{bROK@wi#`qSjuUYGVo&!XX+dMs%x^zynnXa@1x!Sax{>k zU;`TZ<(m)u*f2EDkpdkYHd(^rXxST5GHx@ii;4#n@0V{aMSW|NV63e!TMrrSXNh4u zN#Kh)H56kE_(b&gWD<9v_v@z!sME~h*H78-2gur07xhC6o25vyXD>Tinw!nHynAT* zRvdg%Q;*}moi-Tdk(&!btxvzcf{fd6``9{KR#_rjK-H~0kH!`zL0fEga zZL}d2Zet(QgzzoTdbXOVxT|Q(0C(VFVx5$SZxo6!R)wQ=X!u)dXgRG zn_LB1R-mER*VXm@B7aYU!tG$?g}@UPSilYPB+W5-g-4%sHgjUoho99cpb)8zw#o0T z?*oLq`l2FPPi}XL{YJ$Jh1>&r6`I}raMbK$GY?<=lv%wL(pPode<`rvzw4nv=?}vd zoOCLySjR4o9TDLDmJ6630& zI;Rth{pm869@ER-=dGbayyC8VQX8=_nEm+rK_o1m|J7^#XLpg{&OiMcQe>LeynBpz zl?oZk0N~Hl*C(_CqF! z--eiJbW+MI#wwZ=b57*_4eZ%tJBQLE;^&#iFCNe{7v>1rY_(L|C%A6RyM*27tI%$H z^=kjKaURjkKnwH0pLaE-n=^i?ba{1DGT3Q136g%CuBodD&D@ zm}H;F zZ;W%{SO5OtU}06|{?MD2GCE_I-hP}i7!o`56rd)CkV9L#=xq*|&v0i}3bBgpUJqaJ zn9A2qFA&S|+GpkF(gc5DWgPY_buLGROA<8Qj4iDO_<2q(YV1#;q4VX!wK>{}k)EoU zwBbmXba(RNTUsjVt(7V9O!te~TpFw=A}{jooR{Cx<36X0az0(Yuo%zRU;rh?Qmd)6 zL@vS>?cMKGL_cy>&nzPS^IaV5>R7^H~~$VJlkYY1CBY zd6^GC@)Fr%8J#k3f|`|45(d$~-3-SL&MlY>TL`Bd76y@iYC8uCES= zYU|#<5-N(IAR zwPwyad#}CDisyOO2zb^4Pb?9uQQ0a_gPzn)6K57sWS~!Ji?RyAOks=+tIgLytWVSE zg-h@t>~kC>{_>f}V63}rJ7qDK!;yWAE19fX1$MPXa%`DsoXPgL7681g-EQjZU6hu> z9~-TdMy)fF11$7BYN6%nZr)zp&cEV!aykw73lwjWONierS9zFU^B_B$ZP!sm#0Mlg z+r{>i(ZZm@GSD0|!u^21q#*05K;)O~hyJ;fB^^er9nduasy$U63tcsHaU3DBkD9c% zvhd>Q^}j3KI(IuD zZBsEZpGzrwdIkzx^rLPrZ5^czrH&XQsCLb7KP0?x{RO*Tl9y6u&4W0#q`iShj{)iM zj^sK#VgE;Vm_QxFscnTLbOzZULp|Xjw-Mnfm}VO0f<<|{xNSo@n9bV^dW;_)e5uo| z)@dK7^TkF{Oc-3ZG&lAHwRf$T7=u_!&aqVYD*0InPB(C0FRaTaaKX{+;6 zuOM?oa>yat!?9xy^-hH(O(RZPZTkjb2jB`U{5r{kwP~G^Y=d9lDFdmwAHKSY4s98 ztYxdr_6=`_5tKsu9rnd7ye2WENdWE8i%AbNuRU2`{6Wr!ysq#xKBxGu0OQGW8=l0C z>*^L-D%{cUqhj=LlaTb4Ie(~}>oIED5tT@PxqmP;AtgX1h-l%IPRD?om@G6liOYc6 z14ztHJ`%+NS{gusRnmM#*nVq}U}M*dCmYu`H)Ja(^)Fh1&T5$G>7_lLq~2R)R)RWV zKOyY8J%kXFxij&Q^J}K{Xit&xl5s#t>B+(Y%yYY_w85E0M!GH8V~<1h&DKGb)%m@< zQ|F84)JmfFtm!@&1xQ8F$IM|2+=t8b4ZPzj?U^%P)3$NoTc4s^Vxf4sH>f+j65ob5n0Z^WwSQH|FmB@Zy)|;e86hX5 zr(NqlaB^v@VUP%UWcxGS23?`Z{5!;1nXg`<9q-C1-OqYsCTV*B-t6% zfc2!>d&hDmv_U~haV*m)m+R78X1<+2xynLDc0!9A!6+qqW6zwG; zn+`{GH{D*Lmr!{TH!0WB&l+mRfj4%-uJ4fFyZ2qiv}>KJE97P0_%jj=tvj~1-8rw* zO-vUeqn3OVj_%fA6i>Ld|#K_2AuCVbHw4`x}#`Kd7 z=Z<8IFn>F!-^)xfg@!hvr#Cb6VYUr(zV$Ykz*z3>3)GSrfuy#IO0Rer*~=5W(sNzc z&H5bC=-0W(_{hHf+zDtD>&DOTa)|P-rG&$nI~-A|xx!6~vaDU*y!*X599N8gy?tyo zF9pbw0#2|;#p<=#|GMRiC3WyYU6)3VxXyTG@7pAc#p4$oYXMP0bQaK^-0iDcYp+H- zsV=gA;%l*Ta{S!|&+tPpyv!=$qd1GTja4TB4!zkV$Et)@K*dDm51W)eeWzE1PAt=M zx#{VD08x_?O*co!T|nt|+|kIG)q^764^Kb4&w1mbxBl}(|L|bAgkZOpftl8_oi}X6 zFvmQxe+erV58;717yU@SO}0MGyf)vLO?tQrpC3)B zTKxD_aP_b#@BfQ-q1Mrw(SUWZd~126lKqw1C@O{g`B=7>eNJ9|05u~cYWMw2hV91* zFfQu}Yk{&6Ys5XS4MhuV0`XrE+P|eF7q32TWbp z5#^2T3j0pYl(8;!(tuMqc;RRgF+pVVi`ChpH5C}FM#$4Y|&**SpF~-!& zXHgjLnQGV{`wR8FK6!ZEZ>R|uY*un$_PQ4<5QYc3O1o>+y+GCek6o%?3K5SO%Z#bY z3w8Vj>-=*tekDNTXry>0^u-ms(VD#(a!}B~Vm%FD_XHXEg!2ZeQ~PcypUJ;r^;6hr z)GBZ`*#@ckshOEMO15Xjzt0_*hLI?AD66k;)fCdz{QFP;dC{p4D1|zDl5k6ia-LQd z#+4Ot3ZLnU{>G18Z0ML?y^dV>azH}v?)OCQ)Sta&@IB>kg_WQ0zui=fv#dz_P*fxx zhfp@GL1SUb&uV@vWg1HQ*s{P;;P(prV|l?k3Ex_*2bwx>2`$HWrUyD&hgT$$c`asR z=e3momK6dkqcC9YFaJyr3L^TfaNfZ1m%k2ADn6!o7zw?;-DglrXE|_4yN!l+lH#^g zE1!rKb0Glt?@Ru5$@%8utJHo`u{SUrQpHVbs@<1Y#0D;wf9eMST9yXodoQ8Rm^_og zgWjC}Q{Y<&E{pxPYXP6xS}DMf3U`$d^Q)RzjYE+ie{SACmem0vOo#y&^z6KSxV-$v z9wmGVtV|vZrgHo83J-jy`x4kSt1H3FIiltWy*ysWd6YKRPv5k1=N8$~;5}1%JPr3L+pZh}5v?r6Je|=3N>K2^Fp5Oh)RwgRe z%Vt1eRX=9r7X1jW{CP4tAJES9Jee!YT^$=4F%e33IG?mxisTwN$Gth;Lq81k4QLisgH*F-Y1w*wp4o)7AdxzHhm#t>M1>uQmMKmsR}5PqMI&5@ACn zo^PNkpHTcdZ!kvewO9y>1bgct8}-k<89;MGk5hvSRGL8#77fsE;`}nidIUybpiJ8h zf{=yW?=Q?(^z2%}YyxWf2O3S=vc!DuXQ1L>@{TE&Bpo;BIw5>vY_VeA01y1Agb-hyHlgBPkb&Zm|VxC_dbc?fnB6qxeg*97*ML;+N1 zXejKlF6@c$Ca{`$v|^(`@Nd1ZUjrl-E0;kBAHf?8+<&~1j+DV>y%G7w5$-ezzejFH zMuz(nsCmDbjF;zZO9ftgPA(1WgR!VPjXHlbj=vdjstU$|qgm!7dz31aTdQ5Os{x_`pOV+Go%4JE8jTL1(K@VX0FmhGZz9o@78-HLd}48@ z##x(9Ye`K_jRHBFT~{r7i27qA+w z!)4UU-@}TGyamdMPUh_6CmtL$p>%&HEx~ko6|5$I{PI87fRq7jdD9UqFE9wel*Ah|V>ja4#*V6ZBX%PO4NE2I zT>dc%l$l!SU0784p(x{JP169zl`VxwVKs-0C>U68ca};0lf7pF@AqYR6a#=oJ>`oTi0G3MsK_4(Ub98?~ zbC?_wqN{10N1K<;2xH_|*40#dUsIMtSzMY?xixq4&>fH&VlNc)QU%a3zh&$>IM>x; zz$+&OjDHG2Ty@D127(mV1y3_7E44m;&k}*Pspr0DfvdTLMj{TMvA1b!0g5#9`yBu6 zS1(Y!$Y>}x%E-!#y`P5iI=Sk;e+2oU0Hb8>|J0TLm`IK)ZXSsiAvpLBQ8l75FwhT) znkzy45~S9;L(6#o1;XbY^E*4fHU?QV^#e@*=fDkqF^Vy+h zCBrH+cIHA1YQR7bCE&JW-v$l2JUHCS4#@JbZ`5>=0b+fC0Dios@ITVdpUVo6>gI-K zOFomZz|i;|*M7)lE5%Q0grq~z7mEAS>eO^?^PWnR8!L+VI3pEkoxL$QVK zno!qGKBA~?s7Ax`9j44YaUAhF&kwhTw&a{=IeYImeQ;w_@>y80Eg)y?ODzv4r&%7E zEX>v+8;>~<2(PL`fC_UPLSea_3BX%LcY|>SQ<3oM#IwDjdbtey=9B;^Fyd~!*eSj=f{`%f#>Zl(olEn@1c=C&Vo~KFv<1Hj&nez0QLsZkYaAF)dg9<9AtZ!{ExjmxdD7 zL)A4I8RF)jfSzDfN=iOT1?OK2hRXGQ0uyUAVH5Al`{yr5euY)6+_}r@+!R`;`El1K zPm^H<=x;@mb|#K_T)7Otb0>=b9LaBJoG$yZdaS#(r5pPa*G;fWH>@9Aa2;1~Z{h}r z$Rs|vpJOhZgO_5yU`w;2rmeyhpag?0<7LDLM`2!pF~~3!slcRJsT6mOYWQZVvjHir z({>)D6jMszxQ~ok>r$L!6kl*M6ID}fM>9wjI+xT4T?df2w+Hfanp=o>+gFI;rE}4` zj!vVY0^vK4IjI9v`|~O>bp|^yoYp5Y^A>&Ft>sqZQpxoAw!>d$hQuF_xJ!5BjUR(( zJ|{W-e>fZNr}ghD*k%?8wIfcYy<9#@rHpQWk*H?xM7Y!8W{wnEOh#K(X?eznh?d{Q zxI}Y%iYr6jMJ4tk(w0Jd8K5%PR!9hg=jFgT6I!oZ$oefKzvT2Vs%R#AG`D=}a$bGI z`<%TvO>%x?PL4P>wA&acOKvLqcmUjc^>!r%_}}em5Vs~OrxsDzbd6jfv{v3i(pf7MSO5xxQd_`{F(?)C=8f}z{1p&Z z7*>o$9Klf#T=iT=?#Qy~nb?)L<<1n=hV!N{R;3E!0Yz6oR%)NqPF%!EES6! z?D@cO;)ueW&3B*1@|#EXA>j}!#+4#7p2aT^;|kAb0wnBr8&D@PnHh{=)78~oS-N&( zF#kFbzDv6*0X8)fE!(DpBZ}i#2Tq-ti13iwDG#{yP@bQvy2V79F6{bb(PTJ5! zu@;h{eqjoyo`WEkT4`&G(!o6L#qm5H$7TIeVH$>e{l@#&Z$c*zeA}K$7FeV7>$IIA zYHHNGMY1iEllfZ+&}$tlwGZPzZ)<9*a(}W~VH$#qja^_}YBD~*nppiT6MHo#ai=Ny z6#34<#wLWH2?|vAq>I6jFOU&trjrK-26IDKnJ8_Ejva!%$EGyc8);L9h9na z#^L#5L_W;7-)&ILEmKF(u`$rx7aVY7y@E>)#-XOON)j4D16lujG`l^0#vIA}RF_BD z<)xOTb@LzlU@-~Y6z60IRIUQ|jkEULvF`3E5%i;Er{%ZQ`49M9s`fLa!uwdEu3cnX zAZGu#9<5Q<)yASzb)SlXPoY%NNJ!C%)VNB)YH9_xyR{b@7A9anwumcqDh|&C>?RPr zFW={iH%7h0t?=I!^ol< zRQblB$BYS^9s26|F@LF04XF~hnQSdja_uRsL%T@1vY_b(ta19Dr>CM4q1jQ|WgB`$ zmfsSGz1F@9=+UR=UhXnBnrn_x#UUF~;Cv7ABD@}Ye>|K0Z-X-JCdI7Hp+b91r(1&w zCa10k?|h^~s!fd-YI)A_v3MXBPG^M*l>lfm2C#*y41}I#xnO`=K3DbmmX}Q1@_q-E zGzTXyve5tR3{c5HTWHN?2E7hGPB}UZk`mAAMx;Jg4|G~+qm{W-xq^#Bm)6J+rSS)f z6f4n@w-%rH2-e{D!-V*pCjbOjfka5n^ZSGQOQ1G%3{bRv#nAY`cD1hmg2=#p0D1%Z zHaelw8hFho=vML^6M$@aFKx4QMF@yG8VwH|JAFrHk|n`CpXl*G^sHkA7R-h(tK!Vf z>=Y@u41ZJUisP1FV@L=ox(@Kk_YoP|Ty37I9=xX;WnIej`mXD@(ka}-)H-M%Owj>P z>(-iNl7xz4Lxgp|sM^CdpDPDh$Pz@q&WNKX$EbV4fR639DEalI7Mr= zI%$;giSYoHAw^%2vZ}18=6Ifuyl!*nJe!HiatE+)AvmWV(9;vBj11GI)NHdWlc$@o zg#0>XtHX8~8z~bNo=6?|%g0J$ROy#R-#pDeTj;>-5;#odPt{?qP*c52h5xDKecFSE z4KNABihqFOUAQ~Es+mF@N>-MMBSx%4d!v~O}+C6@CJIhr-6|_g@ zl|)Ds#O^*1P$XJ7C|{fwy+W56xeq8ot=`C?oqFN(aJ;q#T07*mvyCmnPmC&of!Hj} zbWzy($}GoynIS~qX|gkWl=4~B0hF#vC#$?%b^hVDm(%)am(XEqPp~sar49w~(OyDA z;KkYgv^J5-C})i`ddA7n?Q!F*a7N|t9he&#p_6*G>LrXK0JYqdp#;daF`~tA;0eQ*}*#z z(2bXF`zf)w>>v`Zf+%Q48o*EhjWeJXnqN8OCfo`_;lJu0@3tRz=740-$68O1n1y_@ zL52)Y-|||N;N9yY^SFxuLYNPe)qZ8heS{};)FJFDRY%U~nCzWb-h9_1Gu9CHt_Xy& z*|8RmR@D2Av(a7j9DXVMVFhWebbd6XimDG+tW#sETiv_(JKsw z7a6g*9ERY2O6Rw;a1A>E=(Bgy9}ATOG{A9RPdm1WA$GMIEj&)bt$lYXhFPD-YMBRx zT2-Aup;oznp;im>Aii9~;k8DMk=vbQ`F*uV186Na^x8c_=SRnw3ku<_0I84xBm?k2 zQ_f_|%F^SKceq%u^V8*?K_le4bFjIMY`x6rOpQm6zSHPO(`p20L`7nU$KI#ZpxFh< zwQGe%5TfzvMu(xLs@Hs$7D9|ieUQ)W1IRCeHX9rbff>bow9NmFfH zb*QKh8Pwexs7h&dRBcyS72EE9;J4GJ$H z=*hzIxiVE^VT|DRZCc~uX^(?|nAwl3ph|!L1te`|yaAJ)tk&~_==l9ZUA}^nRtA|@<-pMQhA3j!7>%x# zyxQ5%!(LG#hKQoMC(pw$0H{#wY;C?yvLNYps7W86WY!|!V)6kvag}wI9@vNC8aF3g z-0Sb3h)1u5Q%Rw4hNeKN6xE`?h72E412@x}8Ag=7sWzI5eeGACtk+fPTgGl?fo!xd+EixD- z-mo3qD=x4THX0=$oE`J()AOiT$Shja4Y(8u_udOiX8baOs=b8ab^CpF>2p)49HM81 zC-=R*4BWCX4711%)OEZGh{S)B`RuR7N(ZhbYe1xw+Mo*e*m^2O09Ft0a(sk3c~v&` z{ksBoS&nT$ptI0WTrvbn!9+(%<)lu`c=qg@0>c1pTAuR5tyDavoJ8}EV>;g>O|D*Z z=&Y8qiiXPEm9p>C6dC-kOgC6ey8hKe;Sq}f9JfLsxzkOSv z^w3YTCUI?K>80bpm-(ix3`kJ3$5+hrKuEXM8r#(gbwAEKT2O4E8Kp^a^h17jTwwrh zKLb7`c`>oqZSIObnol(u6+P9)3~U zQoRJK`Z;$TF^dKBOEX4f3|)WFu%K=N;I>uo!erWDqinB^cd1_VpRUs}JgH~G^mzC& zcsOp4se|P~&Ri%U%5vVQuHitgGVR`<(d3DSk1mRLd;+oekC9!vp7PWJjaRdj7G~$O z6L_=ctZ}o$+CZa#j-J({+k2L7LEf@D%FnDm)`Bd2Rl6|kEI&I9rN}FS4Ds$Xr!vFHwyKZe_VRH>9yltgDMwp(LN>EHW#7a^}#Wd@J0r$dJ_%hI6 zG86ODBD>je!F{vy@s8!L@>M%E962U5quPGq@_*WEkXSlZhr%K^5gmnGKY^Wk~d1k_ssl754vtKBGEYNO`;yVqpGpRQe79C81w z=fq^OUtES*$uoA;RoB%WEZTd8_CZz5Z6k>t?bH4Qb)1JyIX5<2!~_sBkE2O;KRUcY zk?6Wnk*T?7z#$PTTM%#4o(s$OI-B!?sHzg#Q>KyJ91R-nzzcxwOv*pC)O5uZ0rOSS zmOSsg%hww@Jbm)jT*!+A`$BB$Z>goX{k3wpE6#i`AS+Ny-|xZl$z3g z{Eg6`a^3?{5Ob%!AB>&HoyNOoKWFTY4wF4rbKm#vnv;@il#!BT;DVQ?748npRfBF8 zYOP}~*18W(OI{0caB{CT6i9NVJpuR*if&_{u@8n_eCu{HO;+_%u+Zb-B329%>3SO% z>ETZJxJGzuf4@!hrZqde)sLAqs)c|%x1(ZB=$Cvohozt3XmCX9v8_CDMM3S048f>2 zGwH>JlQ(r>KA$|Fadn}V0^Ww#K@@Pjk6k0cfC(N(9%jzg@$t2~6pv!ZrsU)u%Mni2 z2PLTmL;d}`XI1A$@iwxs{+#ky+8HV=j3X5amb%T9^RrJyMQ)0gI}i6KOAQBW&(AhS zJ7uQ={MX<0YVfH<@cySr;SKmU{0)8sb8Bm|a@)M-Aq5& zV=w7=k5n>0O5z$PSKaQ$dCkemLu7a6B!kn*q%p$)5RkB&JbwL>4)8am-iAeym0C}Z zw~$7KHl{(tK;vW@Rf5JvmJwmwdj~2(JMhQUzo<4&bSu?X5Os%-qpR z_+<8mIol-A;IsJDndrAk*v!z$YsombpY<;;1`lHdpK`nX1Xe8`)T4|WjjfM0eFHNcd zhy_=Y^8j|Q`C8_jlYTaZ1gv)NhaqoLRUvYEmESNP1MO5i)sJP+zhs=`<0ldrU<`$t~Fu!!*;B0$qEbsrUFsvdrDvGmh+^5IL2NB^94! zWZK&8cwL9b`YO?xCF_ncj$a)WTSdA47jWZHj=%k!A06M|in!Cxyu| z+(m~(`SZoyL8Pcz|LD)^M;1^Uc0@-<%V}$EV9bNEOdt?iJCQ~$Oroyv%Dwqj44S;U zTJDeO-)x_gsbAQ%?ww{PUb3<7xyH~T3QBK7HPS76W4Wu`S;9T={pBwYt4hj6)F&1r z*mGs%a@CS~4~^z1`sZK+GGjTbS66oB>fk!(jicoByDU|UL-TgV5Qvx<#L=-sd*f7L zm^+##*6U>0lInx?&c@@^p4O&JjtPg2GY3~jbtn0lE;i5wh?xicTR)5FWMh-BqCk}2k1UJ7bVzdd_J1NLEzBo0dilFcBP}{2hRokFajk<`xatZ@ zOPM)Nr%o{I2FRh-?LH;#bv0+n%I787_#@^oIE0L6Z?@Q&Tc54MczWQUj3<#mqm+pu zzeFoV79&x`yD5ZcVc}#7wRW<9aL6ILdsJ2h+P4aZ>5NU;vnFLm{2`ApYo;2-P;IIm*kvWs7!-X6+zEPcFs^XgUCC)Cu11tN z|Bq5f@Dwcs9%f8N)GSi@*6ucL;OOgpH$+!qHqRV^#3Y^1SCPxSc_X9VJnAsX!uo)b znK~z_G+L}TBRIzYY0LNq$ZBHB3b_ow6k+jP2&2}+DKN9YK zi;Iq%y(qRj=uO$`WtL*`PNt#vVIzgkZr{D4frBdk`V(%30?_ovhWj@vhw`2wnS7$d zgCJ%Jg=dzqqDDxs+IwS9@4AhK{c+-{4O1;j8a_R@X-zP%md(U%(Lq7T(?<1c;S~wm zTd<;ShJUk5<9^sWYX>=(Q=gSrbt}aF3!XU8 zf8}wDg=s-^wR@>E%tGd0PXvn*J6ia+E=5Uav@4=H;a?`Lf_C2Zy+?NEK%nc1k)i$hPkc-DXZ2=sP0&{;j~a-OHi@m5-p=&bIV z+piIUdE3>k>z3)VggsG~j^gV#W;1I28gYhf)>TU=iJ;?)=;HUx4|87WO_@#Kxr0aI zGAw4wz>`N~9bH*T#`m&^Q9rv~0fPjR8q@W%U3-As;Yj;J=a+1(ea znC*K1F@HcvG5*G7p6!QKsk@8w@1<_-)!NPj5KAYcVnofu{lUQ`&3e1FTB+WKjFT4D z6fpc5?4kU%lY$c4x#%K!HK%ZM!W1%IsE2n1V>Br8c{g0WOMEZ1{gm2t>!h*gd7BvK zr{JKP)p+m72*w~cs?3tyAKlZ58S@#N-S1)-IrsGdy&2bZp*5oP!57iFSzjkVK?h0+ zxUz)An|oz$BiWXkl%}bz_MbhVP(RAXwt#|Y0yhSUWD#l=aDq2My)h^xe6fCFInHxc z%fMMHxm}32UA?yD(Yhwtcm+Qh57ctID1G0VrI)n`xgAuAk);fyPUaVf%}MF&KIcob zGchrF_UxIZg+}E#PV~-tlvLf@K1U6o=^N(Pp0$H56NULT5IPfPM3;w*(iC^7HZ=5WQi}`yS>=Hp1xEv%+B6VfokA# zfAmhUao1nr{rEOW23k0Ca@@-!B%%iX3Z2>ZQKohMf`JA8Rpj8vNMtN7Dq2hP9_bLU z9=K5$qpMwH4DCp3KlUX!nc~~PJo7fGCTfE+x6_A;C@n| z-_rE6bUTt))qIHxT?~s3>!RVjf-|KH=-<)Nk_Zp1JHME`euT^HPWFnsb9~!PeLMcdkhQL0& zx)3-RK0L+I?>ccPyn7r(J&JbSj6pKL?A>Utugsw+r&m=4ruzhq z$E@E>(B@*k#XpbpzoJa5tF}Gn_Z}IcBBxHusrh>Ys=BkX4C^lN-ETx>&qR6iBv8|v z{<*;@A_%lVKfZT_Hg|Ew@$bNxEv&a%L``RCK(xV|443|mYnMzy5J>Qoz(|n_s zPtNgN(pJ&ijG^aWPyhS3-dD4fF0L;uEU$(6Sr+`{Xq)~y1ULdMZWxi2yTsrBKy*CG zv@rMgE1yI=^+S;~sL&V-ZgnR$zJ*i-hXqBG7$07b$<2c0J6m4+DZ=}=yy#c!b{zB$ z5%*rOqck>2LQ{qD-o8+i$5B{=Z@7K)GI8G{^o~YvYeYDfHGsS_4U&Le-lmoSx9JQE z3gHp^X57gB6Owab9{>0ueCtsi0ol*7;WW3qkNm2#*qNC+#@F3SRmzfFGBgEv0D)Le9?d<2kERBV1fv z1Md_~>X`p)t%=coe!){=Le{%i*nAoTb)a(Dzdx{cb(RoFBHCM*RVW%=6@krD>-@@G zymhbZfarj<^SmgibG-nE;HS^}X`2_@@pDhGfaa*<7u+N&)aTSN96n>I*(C|WI8Cd1 z@BM{Z2nP`ZeG^AQb3QqUyq05pSp0>0J!ncYq5(!+^-AeVzxj%LTOM(T@BSFS@eira zFQ0jT8Q1^6&c&}%8PM`{vt@sxZ~Y0nG3|SDqHxQoO*8e8vJ99;7r-A4{Gk|4L#EN; z?FXU`o$`NRcffkYv1Q!m4kescC+aqY8{e;vEiV&$dDRWYHs6=pqI>A?ws>$H)&QMl zM1dFo{iJ{S=mC%$B8FlKB~Ddfe+jOTrM2>`dvN%W*A1}aDyp=xFGKG6H|-z|98hJ5 zp$cIYdzr>*Ek6CH8w&b!Kk#n-7&t!ddHCC|9(AMXfuJXmo+bxpXQBS!e{SJW9Izgz zJ)g&@r%v6#a7b%G@bDewdAYAvq-Ph_ZhA``JaSLuw@00kBh4vcHLK#Zl%^8j=_hF8 z?8E^&a~HF9P&>h$0R}J|s;ETtBV66wvQ$sRnsaWT-XH%upQwMD53bsIJX~xCu39f! z|Bw=>2(sZ<~oB=Rw(Wdi`0ud7G>q@J1K)>Wd{KQ83sz+hM7V(^k^7dQ{>% z*(16?9{-58aciJ6@V|?STIf_7wB=;>3@}>^eCb21#aCDOdhFaRnD9zQv~|CuUer@V zXveG;BK=tWartw_V8c+dPosGNudxih`WZ1djq0m>l z7E#x^fmQBLInr%uX+j@jED^uVU}eH9ivl+mDES2DWc*;Q36ZxJ&WyUb_BeHh?GM4A zyA2J2a0G6CX-<9#HOc5dW&+YraUczsd6=b13+|))y?0}W$_oC75|b%ozCck2QA`I) zbloTK>Z&Y!UE0w!8>UwARot#8r`Tic_c&*oTSGNmi1hSt4u$3jEyJ~RduKMd_@DR9 zzb<<7lKQV9i;u2>)mwpG3yGn;?GvA6aea(6Q3e+zB;PJ zG0`Ro@li~&8NjzNvk%|-MLf87d#JXq=d!8sbrtDgP=L}tAc;l)^$0r|fV(fB!0I^{ zAJVfFGuc^pzAogpctr2uxaJ23l>>c6jj^$@)s+?SM2MOK5as2IR| z4P+KxLMiVX{B@w;Fijj8S$2;y!UT^wXQti*H^s$e^;Baqx2-cMET}Y>XFoGNp=^zw z0rn2zkAd0FZ`E3&(x|Q0*2Z#jlHdv^$$+AcUNTwXTYT&zyDvej=`iD z3^?y@Q`g1tShh=1BmDx8O4DXjH3ehvN{HF_?0zyX7%|OP5>$%KnYLT7kb`cnu@b8F zDBjS;?hRFWzcv}@AG~t;ASxPSv@k1haG;NVa>~yXrUS`duimZv%WKj)-+7`-hVZ12rTFfl_$a%xJ_q{xAo0tYeNj$#@z-;Qymq2bHjR4i4S0BRjO}bdmx6D@X;oXay8upuhbzqQ=R zWf2l=eOYT(TKmNAccesz8EUj(HB!{;uw*<(faL5@>IolSOYIMC7nT0HoOMgoy8I}7 zr1Iz+fGO0Oxtp0CN~CzY1EE@a(dNPo>96K5B)iG;>vX=Ddg<*X0Eu4S#E1ULdS3nC zqKlR7&UPmMSPy+PMm!_~N`eD1+dn{6~F$Qtqm1e@>73 z{O5k34Kxa7%Yr(OeT`Zz4s&iG?Io4JFmZK;zy3NUcvPQ~9{+Ww^VBT+@e9ZPcscN& z@^s;qGm=|m^Z{m>!TY5yf4`0DbA&~d0$}27&vXLKvJ)%mW9-Os!iRyprx1rq51va70HGbK z>$xRU#>XcN=1qQ>jXgbiDYDX0+4D3&10sET>JdfJ*Kfhaz;mp^W^S=U3GF8!q~$@X zq$?*m?_o=UBTkndu2+=n*hIlhjmkVqs>Q>IsS8WP-)#BF5bxV%l+W&M5X{<`FTN0NwV zC;WP6r1y6m!dqm-W6zRG>G>Ttn4-l1UQ0Sd4F&uF*vrzfY2sHJOHAzaT+xJk@?pFayXWy;W5R`%|t%v;?{W9N_T z&Cgi|4IZ78PZ1Jv2{LOD34kHbcp&V^Fyc(9|0n{ZGM+OzY`xC?()70$KspJ6BH&R_ z>`3_#ZA;9HK0iNkXJ;;~z$h6oGCMtLE0d&jc|IeG_Ym_N5ElaxXCxSvO}s)I(7dTA zb@!t|hjhh%I{iM$*B2RfUE8*Ea3O;P104PAORpR&AL(|-rcM=ph93TfOjf8KbbD9j zGF(XQKAFs8dn-hV`^fjXhyHP<6K*=x)A3|-~ZCTve6 z#X#rWv7@CuV6#s*iNyUg#Wn?8P-~ZK^1Rykc)j^;_j%QJ7?d4j{DHTyHd>sf#I>Nn zQF=r?%lo96#$fR3M|g>xZ%?L3CT2Ofw}li(-nxEWJ9BpL_%ke{cXQV)gdLt+;^_~u zvZ{%cHh`JoOSvyPNXzSqOs5Vl_I!Mt55{4d^v^1PF*0Tq`$iR>mzNEpe~ob^z8@Rs z+B=eLGgNQo;*|XD$Bs^FVfEv+-jY`wm`rj_&MW}x?bfOHZtd3mE$5dyeQ|K-ET?0{ z^Ig9bLKf%V%G!e+-|_WN3imvZ`V)cNYs=03iI+2=7YgOQlk~7V2(6~nY$(W{)rrHi zNA{ut1?oR_ST3(|?T0z)CjE*(`e273IEF`S3_DWxO(kRua=_gPvs|+r*B%bY{Id7M zd#?}TQQ|Kk7gK@q_yZVDw_}9r%<{j&wHPcr+F)=mL-*zAFGUja#LG)LW-u+Axwe_= zxywt5I@V_EOiD*0sn^l;yUwIMah=jWf6ux9Sp>`XdF4o}`6)}?Dd-Ex1e)l&o6O2=ULY3=bHedLA7j$Og^%B@u|JeRU|*momy% z6&?K~a`nTHqRF#3p|ewAD$kV%nwO<42AYkQ8v0&R@!-`QelIv z)PM_3%<%?`)x_W-bgU1#T;`M^z-{t&JojAysJEY9&DE_lK6|BaTq_!ZpI3R}(Hp>! zmM+)PVHcS#ZGDf`6{3a^y!NR6T!TAXO3FgH(>&_hH>!CN*deBvwA|bybt-Dm1w}9v zt2cb_g)}_zjq*ToHpg@nHExqRF-o+s&@)H9?)=ChK7fpR_s$^BEWSZ0H-q@ozn#A# z2C+1;Q(eVqdhciqBo2~Io`F*X%@Re!k$>wxA8<@!XU5oChNVbIg{SNU`XC9>(uuw9F#A+A6Ax`K@w=n*}XhJm5qE_(j8{Iwe-hS2?8P?;qRcW;%&lMC>1jXQ-LU`$EX)nJm-{7ghB!EE9YHLB& zF!*k?5l`UK0E|ChoKsv`99vF4u!}db=H)hyrjmov!EC@x`+6zInm;?*DPy;n2+Sli zYj2yE=%TccDub4+WLT*>nN6>5l6U__f41PuJAmyJjb<0$pD|7leK<>tCW-|BDF7Eb zR4gnnH-7Xg+&Xv4KRB`UmD>Kgf_~}qq#d(6C0Z)lK=)O;B`gqI{gs-RRypI$)O5YD zSHLN+3$1pX-)ajewuC6WroOuKp;U5 zomIGV8deKPBPmTo^&h5_RmlK+7!Eudp-|PQ62k#A~7H~;u=Lwbbgj>>B(D6yz zIcTscBh&rg$f)seZ6>w)>PNQQcxe>ab%-0sh_(!u8~f*n?XxM2t)%tR@iZz0Yv)gP z>GpLG(UwhlZmsbfTRbsu&HDx_Qi(kF%ijnSv)N~9(9jtS$WjFgik~@L80x)S-ENqb zhZ3XBMwV8@yJAE~IZw0`2)0p0_#+imEPLc9FXWUiWNLzL=<537foQJKrGd*PO{gM| zPblU*dHY&p8S#$9T0>!V9h!-08GH-9PiF$q=0qO09x-!g?uyXjl^t!F7N-||a^8?j+ManXMM;IzvlMy?m#rO-6L3ze zhFO@W(+V<=bPY=2oqH_IRG$oZO|_{%WvSb$CDD7ZB;zH7uXPzBFRxo`?n^RHFNQqw zocI8e+3Fk`H`OMlS4dwpZAn3;T zS*2>ScGxhdp&FH54jKV3R>W2)u;iX%vX8j%r zz|P&#tjJW)piGZ~^m~C3sD_AAynAJ1hT8jEXOgCcwL=f$iuG@H^9g-)pNnB&nua7&}i*HCTrq(p*} z>^R0NfrA$HqPEmF@X{Pi{>xe?1S5!)Hvif-f2o*7`-a|=QVa6Kx>4CKf<-+c6wZK; zzy$zbC@-s0>nkZaPCjIbh5r~~U{MZLBjs~*v3u@ee)L&R+u3@eROX9plo}qr+YCq3 z`7kr?HqatoV?q`@&206CC|p`yxJ3wrRvJc`QrR} zkF5^=7WG<&@a;6yWX@p?xetac+zUJ8geS_N5qoaP0&; zw=5E+(6iAy-dA&C0l>Q2(`nPVu#=#(Y>5rEJ<7R8^#BHVZZ2oS!pN@n z?2bxHq(QI$`35Hynd*7~bdG$Z4P8U<)J|UYsf(<`Ycqyna+e=zd`4^{tU~7|$vYII z*F!@5dNbs!kwpU%Rn4RY05YKIDrT+c)1$b@H7l$p)uz`33eK#wrMq7rw|MM!oRhS4 zMx0(Tdr(C#Z447KetTaEYk$ns*N$ehC~C!|OOuwPE~QE_!wP{FcXcOI_&lj3$MYx+ zXY#bduJHox@j_o1$e!d+wWmid!Mh$^)YG{$h0Wdwt|_iyL8?LWC9_%dGiEekL30)0 zX5y&3V%6dCR)Yf_wC+stU-Xc>^CmOuger2l)4l%~*m6F;+k{0E1}cEc65!l^l+bfo zzSKL^3(8)~nzf%E`+cFI{wi=bwbn`~10ZG|ERNF^rtOtGIx6No8;9RA$=-$rzRQm> zQgoG~dFW3gbO>D45_My%>G^b@g^BLs`oNLnd%VKsxuuuq<6a<&;ZS?{r)cu0;3{w{ ziy?Q#Y5VBO3JpAO+;-KaZ`7uCq}-9hxkhlWel6M%&JBc%kI``_+=I3-df#q#gTEKg z&Q*P6gh}{-d9wLq3iYgkWlqxui5rEm5uT_EdUIc zrrI7W4uy;svp}*Z2NZ@E9|39gq_|9ZwNh!yDFmE)_F;DlT4Kpa%1AJ(wm%f%%}l8| zw>;3(cl3f^&jd{lVeE)`EbzrIe$M`41hj9xTd1bhz9AX$#;`Td8}OF!hF_25`hSdl zbwHHc_VximMFdm?6a!w^86zn&PS9{W#`cmUz|3>UMf6PNT=YVIwPHlLjDQfGiIS z!Cd5!{GtLr$AHN&(9F?BRsMCjlO9o*oeh8;<+GpR^)TA}HERfZ*stv1eOy-B;`T#y zBz=UwAFy}?WDzF(AaAhtIH;quhqs5BnfVjqEpNQgW-b*Nh@z6@@%{Yayn_6gdn%IB6(8AN4von__(p3842xjmD?7D`FpYoB zFUYLIr;k*jawp9)B&u*6p>_^IN<8fcW43!A9v`}VSh<=R6$Re@jM0E9esS&qGJxk$ zFEw-+^3B%}NC*$!>QVy=Gm)4dVqy*jssEc-0>-4t8Ksv@1A zilZWK5}3iFJgyC54$*V7=ictK&iLi$HeqQ3A2in45xUR*Vfb~#F}HoU9kHhcEs&sQ z)V86>+tSp_^Y3pOhMGxHf94VkU{8mH_u=@^eb=hJjHk&!-#E<&&!1ad?3tqAlA1u?@%p*3+}<|puyc{h{=vEW zt@o^nNnB0(YU2gfKLYv#pk|xD;nbfm9v6U2r+o<7^Yo}^kp{`uOM{Ekn0Sar1%~hqdkx2Y-~aOwuyuDn=W=N zOYS7^gPV+ejKBOq%fZ#1f-wUxcay77>x~RN>5{Sx-Hk{iFW{e=12GvyywpE-$#!oH zN5iDJ1)GZ%A>PGGZ{MD}M_i%f56|aw*^Y-exSv+$55GTh_=&C%uET63qKNfyw5x+` z=Jj*73>n6OWa6&lf3yg--p0C1@O%=PJS`m!>*5_B&G!S48is}yb_kd%HsAa(7d;QZ zLXBWjvH+c7wdto!`+ap$HISg&_ckv;ydRbFdzj2iW{A_!wjo4~GOq-7yeBL)SnrpJ z`(EOzLBJRC0m5ie*Cl7X)_4brKCs?V5PMPjfqYYliS`XhCMyA{eW058g%|Ug8g4ln ztj|v!uC9`5>p#gmnK@VkTc9cct7iA`JVbv(CB4mMT1OxL6SHlU;%C{AJ2*Dr@A1&K zZ;yG+_V;k9TSP-nfuamYwj}zmJ?Vc8a*|ui98a$v0L+;GkY(T>u3t6K-a8D)^(!Z+ z&oUbyy+Upipkb-&DQi?Eyn1s?d%?ZbdbvF`!soSZJ>QYsz++FHVS;n zO8I06nzxJf?sZcE*T|&3!@35Ep%@?O;v16NCyTP{_GV(8rAKhN;rUa8!F zWQPb3x*&4I)*MrN6Bj*~xM-eLoS~W{lU!mjp5G>RQH&Th8(xne$~kdyx11_l7-Cyd z;i)-jDc8Da_cnm-PZKo0yh;KL;$!XE{vVS;j?&)h)X_lvY22M;Hl7dTQ=|)xe6C`8 z_=R43))wLT?2GRMA%UHoEOi$Lh%!T-H4O8D1a1by?EdMVf-sK5f3Fy6P1|YFKAG6) z{oa*ehR84HLD9T%s*Wy21F)Mlbe5LwL}ODc^kxF}wZq=f0LcchE;PW05XZ$-Gc}QY zuMsk7mY5(=zS;R*WR!q>SXL%PjB_8}S+>IDXi%j*Bej(IRm5~nb&D(WmzW7a*w~3| z4jsr3f8?^rS(+AY3~w9$==`!9+n#u&6LYk;=kX&&UCV0$g!5Vx08Z71pn-N$2*%*p zh(A6C)*favUG49Vx;1zKSf3?JW(W)!2C@mLip_bEGZ{FS<^wc`4i4^}zneGKa#Q5H zFYLxiS3Av#cfaI5Mny=spXv2!jb;0sXSFlA!7Y1x#Ec-dXU1glI74V}93`8US7UfM zQr5UJi{TcE?|gi;m?C`ZghmyJsGkr@9PE2}qdIXK$paR&BOjj4fBi&m#jXj|&y2fY zzCN;y##rp|9mx1F?Y0ozl?7w!W1SnN__c^QNHx>X7`K=c)-Tix6p%YhYIJ2Vu##J9 z1DWwDyM^fOZL4hZt{WM$iTrQvXv|u;yx(;F0DL(U==f;+S)+jU9RggQkzsi0N}fV$ zf1-l+hTEn9-RLY~AINq#4d~iY`fN)3eS6tyrEnC8OwBAqJ}YrvGbg*GN@0dx9o#9$XMLTNFLb8*lkKa!-#pk zwfK-Iw#%z%^LwRY02P45csQ0ELmxk&+qjqPZ`-%G+Pk#7!xw6)RaxS0x@H{97at%0 z{{8#X(o!A{_d+Pyg9m!lk+yTD21cV7KRzy;FEG6r*`JS3$3J&1<-+1;laJM|+Bnoq zF1B9a22l%&3$YKj(RUu8gX$DqkN6rFWmmDjv(ir#Mb{`*_W+rR4#D`FK>il6(fBF_UQ5FIIC2uqh7;<&TRLFJW2TOD zi(va=>P}#wqzq{%2nxKtlBx_U&9t1o<6v|==y0>a<6-y%3p0Kn!%)*a(^~iMh1sC+ z>ypnZE=J#Kspmi;^`UB|@iP%v=z(t;F?v@X@wQYomKt8}y+TmgJ@hSY^+-p{@)Nmc z&5TA}iK&Xt(hXcG4koib^9>m3p>9g8joh?fj?n5FPuiJ`9+zFNgn76&id%kkaDF_{u{{NlIqk$gp{Wt$H^luzd_uJ2lu=xre2 z_#7Q$ZK?^c6bX4MG@CA5@b2WDdrA5><`q+n>f}hh_+BdvE=-n9F-7Ay$nTgaW0G8v{zl{i@}$^hJ5ogK^~Qe@`CCLC%{=bTZG2KJ`PqVXB!VfB4Vf$p5D+Rv2e z$NKl2<6qu3`(h6_)bX&fv8|Ql=hu==ld3N*FG=tJ_)%iz@QUzyTN>~E2qv8-ndVnW zg*-M-SZ91<`nmuc_*xTb;X-H@jeC=W^}MEXyG?!W=imFy)SJ{gt|yoL&!2vS?Z#)~ zI8{B8n;k&uDTO1*O`ey0;JT7xYC(&a>iwOl=8Y`Hlq})T!$&DLgPzYIIn%)6@VZj9 zyD~&)-lcV>oVvgQ(?orFwSs1%*(88Smp57J*8OY1;wXQ8*;0&|?T{rw4ODLS^=@ zv*bX6IZNS`E=8@@UJD#%uH72Fb4B}f=~cytYT7f@R2+a4gVTps6wfzTD&&2tZQx@3 zvNA>XKsJGbj=nIVG7x_hblxuVo;GCmO2K7LC&ctqWM=!_L)(bxGJx;pe{LV}*a4Ug z9)o5Ezn{dWdfTk$DYmq>*79<+fDrOFam zKBbcxt#+N5UyLIJzPA6hFPz-at~p;dW4^w&@2c^*J#4Tqj(ZjUQO`k({@kx+R@wam z`+jW7{aOdh&L9~>7NZdIT@IdCBy)(zlc6UAWpw}7o~_>S)e&Pv92z!FYe*V zx}T(SGTHX>dPzD=Kj1#x?5OiP>G0=~{OT1PVBRxJ5@gf${K<*L&3_gj9Nc$09(wHlo6E@{S)arZ9ns}s9p$2!pB!idT`g$sB$ljg< zH&ewiV(hl2Pw~i%@|W}ft|9$JlzqJj0fg#o?qjqsW`l(>`!z4LBv?pG)DX4)p^Vy7 z@b)xXiF!V_(J^mtFG#?%W`|p-B%Dpjn9sOcn73`)l`B-JMMrF2%!B-PYU$`YW^F$U zw%=WfgOrCQT*Lc;FaFEV{_C?e5YUt`Ih1}E{Rw~?<>YvsK`q?==G$IbmJ6aPrsf(X zbwu@JTHsbK2$^jDQLDkeb#`Z_+T8P#Dm`Pgv_ip(Vimohi=u`@b#KA&HYkaY{k z;+%FzLe0>foBwT0W%=foc%_i{klLCIzAm@BOxK@;zCBHO>FnEpe{ zqIGb8BY<+ z)^u#~j;G#8&}(gjkx{OA$L*brhVAn|Vz;G}UObaGgc`NRYEdM73Uu;#Q-C+b!TrC) z0KG3Z2EZPWpAH#XqAxxr&Iw)eh&V_uHdawgmQiKn}ipBJA?Q_{LUw1_O-2q%n z=pz;MDU75Jps!8c!yl3_zrB8)Dchc^spx3?dc7=k<1M;txCGCa?@H3Vz;B_CzskZ8QFOe}ujt#7G=bbNcb|}6nb;u1V_K%TL~z5v z9=gU(V$rJ9${}WYK|2TnnrRQ!sMs8sY95P5+w1jLH>NFg>AJ6f;eT#M2^+8(TO0d& zm1vPHynR9^TM?Z%b|iQ=gxk>Ft8$BvLjWz6khu-sS4{_G28My)Z^u>4}F|Ac=EV}y}-gX(FALSvM}ahCJyTcc2G`40^da~|d%Zmz`CQ&RHf%YGSKxfx4vSkDh*r1~|yNh{LvhP08o$FuAM_zz>kldUsRS5+hrzyZ`L&bH~cmmiH- zc>2 zBtLG;I2|s3I!?Yw!{zlH(9lMXPYk0OBv8_6^|@Z#w@fd%)r{L2SaPq{DbFaHJifK` zac-C;bSIpiR%_X7ooMe!C-J?I&*EU(oJ9PlJ?d`~)=2L6*HNE;k=AxJ*P|_19r^({ zw}S>B%78*A((!(IP52r@RyhZq6YZD7ymEJS7S*%|;xxugfw1@!!fmYJcc zpQ^bWLC<^6S6Z%5*FHafM(POuRwN5zXtp5L_`jv$wu2VnL-eY@MWZXx*Ok{b`(w~m zbX+;yQ8T(Go5x#QJ!=tdSuWU0EDgWR$k1MZtzyLriY?X7m%ac_#Ob%$W8$UZgbK%@ zeB(EFJr2KQ!umpNMvu0xB52s1^n!}Vv8w+9dqe-)e{RNVz3{A8;pC~S{LiIOU~7QR zJqYP07rJkm^}aV3GBF(?7+wuV)1JoN>A-+#H+-8Q>&Lw#J8q_}Ld1ZmXFcdFe}5){=Hgdw%zu7X$qX94jzMlWl!W`_^B!Hd;?&t#vlisy^rx6)&Sz z2n~6&=k?slYR8v zyVr3yBilb;soj`*?aK=axl6uhIceV$-=7BTZ-m7jJ|((8FZ8@C;}&^8y0NZA-`C9Z zbordNhC80t(bZ7~iBVhfRP&_28K?CfU9Lv0lYoQK$fuA*=S8B2Zf-6~t|&M_UIz5Z z!GjAvwMK3|`Xdi5E`L=*&A;I&t(!xMEWk>U+A7-6NhOlaZOYHMkI3V=c-U2!^!Bh7 z>V^<6UB+hnc%Sz-O{+Zw(1pclFr#^t1G-u5WufrgANF4-R!4#ag za4&nqgk{iM;ECavzLY`YTmgq`Bk-j-kE5FQPb&WqnK9NT1Ah;`U9s$67?8_;e9J0` ziP7@>GPdO+o*Sgm7q9rvZR|!5S{=AQ%(Y-nPTifUY+34Iaa%awH{+mfU^JEuXVo*> zL@H9Tu>))jCqU6(JGPj6Brqf}_%^QVYG)JBpjQ%}W}H$j7sO*ZeL9`=e(x5FiA~U~ z;BV8$?1ay)3ofbb2WmfS%CPjbeQxE(j?hY~6H+3v(d~wFQqev7I3eZn6Q3x#*5Ew# zlFQWwNUwmdTCY6apI*$RjpYhhHx!Ku3&iF2 zyeUoRf_cp9CC1|u0`Xc7p~@Zvy8Xp0K-EbLdf3jkh1RT17d9%hHXh2aRCOfMCb!Bz zr`Eau@PF$ytyPvEkDqiRzN82ZX@hWX_$kJ5-}=+aU&63Gogf*Qt~*PmP?cYkpk z+V732+x{3}u`XtuvLY=ttL5TzIczcoH`W|))Gpr~@<2F@q*F^R104`CS)Q?x%JMYs z={2YCHOcihj;62Nc80>hiPOjr!{W_O0C`PCa^Jgn^c6p1OjF2PEP=QuU;NfnXE15u z2^sheueSv7$%Zj$PaVOY5#L>~vak=en`(A;nV_sETp5+Moff_i9Nl_czk6RaeI265 z&X;`|hAjAeh!|?Sm0LH^?Ph$9NIQCFljblaFiDwf#=K=yD-Z;&Z`it|Yu(LIDdbTt zxB3|2y^p6{4=}_OH~z?#T@iZD7pT=n zNOruu+5=F;`_`dv1nQkeUhmQ50+-OfFUcywy4)0}Xc_?cAdaSa1VrgR2nS#mk&mPS znO*erlizWnPf~!Nl8I8UJad$AEO;ed-l)@aYrq&hFn;se=(&leWqn&}>f3?~hQfJK zm4QNNn{&bIxf`pRqxHzXE!x&gWIKCkZ`hPIj>2w)LBzZgat^Q09q-pun}DiqxkQT4^my%4I~S+ zs`#4HOicFX0Hw(?nXue(im^8Zix{*sP2_rMHF#2*oyEe!vQKh3F_sI~Z)0c_nz;tw zRo11a>&k0%1DzX7O3FiBQnk6&=n1Z_r?1@_gkC z%%l(G(#t&(pkWZnql+A`b`^Isis4G-(k*z>rZb@-iTDaFo=!?}&CRb>L&-hn8y=e~ z<3M*i{z8%WH#U0@Ekn4GmD=qE2cz{pgnr`LSTqSsOtE}5*DNo$x`AGs(iM@%yf-5w z=K-MAbd9^Wtz_ONhHSEjoyD6>q%42;RBA%0=>}^})hvLtI(lR%4lkqws3obhvnegC ztnhL1Qd}pZe)HDO+WSsj1K^Y7kJRvPwr z|8#s$$kpg%e3b4h&1qbbX2x5YM@#N|5~-e#E40s(l+{Nq)XWlMZYvK-qx;u=T5%ta zE^V@?&W0Ekb)SAQ>tDBK8qLZk=W?pH_{J|;S7REThTK_UH8ZhbW@a>{H-Qve1H&e( zq@=@UolAkn2!KIp+M|`I^}~}%lcKyrb+|*;0nom4bhw$CkPv#&YOs=W1DE*9XJbQTNnrLxacm8X6o>fDiV2=JB*^P)Rv-WCNiOG@26W}W*ky5GU%i-=>Xi@Cr8P^R*K>cKM zOa9tu1Ipvn5x}G=3KSTr>gx7R007G+D_6sz!AEd63;mL8Cjdtn5W09iqn?dbj!&83 za-3>?0?JXmik_SRU~kh?^_cowGU`sD6x`h|rU?K?1m^fFu4RdiO`tT0CStKGZZs&G zE^!3<2ip`3C+s4@A^;%u!4Xw+pvcjlSr=}n2*HKqn{^cDOI#bR{bCwsWDck?uZ> zBeg&LDNZxQOlr!^Xym^BKF|XR;QhE_Mej$Qb{xSAI#fdbws~|ewq7Q=z!YlfZmRaS zb+>N5N2*Y(Dk2r}rH&TfBJ}8_06TM5->GY*@IzcjqBS2w3IL*6`8<3(+cN z@oPZ_{qzM>&h1~x>bCOY?h&kvk|DCgR^lMkHvyQP4Y6-)^jTfiFmY@QHRKkigRW6e zAIQA69(?6i^yJ3Vw<+k}w(>h$+Ly=Pvy63BL$Z&(50~0|Uqmm+f=}n&`99BW9bX+E z=pQE>J(c@byVz2GX>%}#(doT0o7!=j{h$qnur}}I+vn<(>=UF38;S6@-~wNafq>rh zh@!ka&%M)8GP1)mRgVh@iFD{LEqND1i5*Y=VwAFy&_xTF=1%43&j734;kO)0`O3Ia z>xrYaSo_SDvL$mut6Bw9rgr-0#sxD+?Xb4YyUHB2+0b77a2M$KM2h2@s}vph*Oo4g z6Z0`-JUP!uRosb<0J`K~eWp%a5lubm0~AW-1RZj|hDni+54nGjt^z;!Q>3&kDSayG#Htvluhpy$gW5oY!<8)dtVR9j9LqU3uwEa*h^jRXxwC$@^A- z$dyO?+wOaPyVN(UW)?{wbU=Kl2CZ} zLJz`9pCstEz8FdSNn4&7BQM)hKZ82tJ}kl;=z;Al#fo?tVQ--sh+``UayyO+qz3`e zWdJr9C8c-JF>=eU6QigMn;B<88ebAXz0$VN0!;X;_oY4wHcJEGLxki)JEJBMaTSHj z)8fzb3ghxI{=a7@Y-?)+OoWDE>f=5_YO$1mV*wd_TTo@P$Z}{NndMI7mYX5394bDXQ#pFuHV;!lX9J2hy-3khzZtZMdO%cT=>8q;G>(O!o4QIe2;HkxZ z4OO!zD`3rwj*BYQ5&BygXGC+Ekh6=;I6kx!{}B^|y0@rv#_A(y`4-<&@#RxioA43( zua!BSn}A+q#U@=(yxQ*$CEh=IQ>P(qEmJ#Z(?jn)4chTL;4G%#Iy^VwO>Tp)g#T8h zUi?RXffXZ6@Y$U%I6mOA2m|%H{KKVbElo%LMflm_#Uw-AX3kt-{TC4-5 zMyG$1tPnoKj1DQ(O`dj#tk#V{Q-)~JjwVJqO zD!<{oy{Vjt!8@IjkNK3G7-V3{Ze9L6%gkH?77%+e!x`IucR8|Km30Hu1el6{j&ModNy6iD`bH`X#j6wJ(2|9!qw-^B^AR zlp2FKk6LdtF$rGQyCRW<>MsBgjHyE6~1@gojhi(ltXp$;Oxb(OSm%014D(CWfwMx*Ulcy`f zFXblv*OV9f`AH3C<4I3|Dz}fd?iOl6e-G_EvE0E573B3sx>vsBoJ>&^T}zKBoW)M{ zh_;lA9Djzc8*FN*!<|Gnnu1&_Xyq02u6A1wzG*)J`q$&Y8hjmW9SwyE*9j?Es(Y*V zXMjd>VNI7E#-&9Hfl^_d1NeliArdFCrE9;YV1&!4@$AbA(CtdfM*FOA3O@0nO>C$; zB~#i9JXVn$9~-R<1Pg=)6Tb?(UM33v(c1)|8K3bpiR5nmR$G&7GZm=7**vTKplpp^ z?hiXh$7GJ(%(-N^2DEqYlUX6G;qi3INR)?h_JhwXhYH8uN#7czED7nS7h zOCT=3@7v(nr(up9Frb0)hzU*q>E+aouFRLb#n=%c)U5ItQkp~%+^iTt9<9T>j+lQ0 zKVjI>+KTQ4?yD;{qcoY2r)$-IQ4D=N5oieob6mjA}NN=AR2F?kW?JMHe=2C z&FoDl(@XKtj}v{vxm=QsrCXyfm6^=UCQ!qd<_s7Et?3$+6niu9HOot5P(f`f-j?<9=%2PR+%K%9~V_79(I4hsy)nm>sZY4q3iQuzUvP6Qpo5-DDt5j-z_AtLgsbpTq+KwC;`1TZ zCo9VDOzg-@0W+aL59bxa$cB!VtphINpkqM0jYii%esRM|oUHS?&sOWWYc|p?j)I5g zZK!bg0zCeM6O7P&Fy=-jNlS&ktOOlH# z+n9o5!&e%8`Rx7vb@@W>oZ!Xh4OWk@E?T&&efVG&s2<&PHgUui5475i`8IDl;~Q)< zRQUx?%siY1ab?g2jLp=?-3JU2kc4iu5}|*eGK2i0#F{^($GT$%!{4Z@tLs$HM|Y)^ zcY#^dj+*t^E;btE5KN3cK@&{{FzfI;q!nsws(H-bH-HgK;%9huN(lf#iNaMzpHU+B zdHWIoWUPW_uotBLm0=AM-mEdcbfIIw+LQulZ0bC2 z)^g)Tr#!qYbU-@Ni58s@FP^n+HRJ`C$H#tiJvFNvk26ARInmo1F%H(@Mdr6;Q@K~$ zR8n<4OHt*rU`Q=Q_F;IAo}?Q7GnKuKeC&_0qr6;CBoGJvYqeZfT^%Ds>W1y7KzE9S zazu<3I)EzME5dH71n1iFx}Nnm?0Eff)%4uRXaqXP8HfcTDGeU;BKVU7=0BVk zfUZa;a3x?3lVyLhvqsR$=(C)I0MP_v!twqfz_?*%WfgPL@LF1#v1$Zynzxe7ol!_< zbV`!qyy@fPe7Qfq2O&E^Ww(hn9F*IZpRycKP}Bl?E>JX@?64f)SQ?DvuE32g8UuRR z2EXgJ_o+XQNlFW*;_XJvWIqr$=V6V#Jyz`l3+W46yQZlc%k#M^xia1nYR+IBxfz;s ztR;b=;M4EE)4%|Ei}m{ej4CKiZ)fz~#b-UyUAGGhoeb&d(1RIFfBy%A?mL~wtm62H z?C>&4C*CX1qd@!R?s(UgDw>u>kiA&;2P>|@xed@}#H*fSxGVbSkc59UBpq(4)8{+0 zD0lL}sB^Fv&?yZr8w>%a_Or>R%e7DK`$1()q659s zEo@ZV?G;EG10&;}P7WmFBHWLML@TN3>4D*2&;~e`#H@3yk6%vW=OJ{Ao79<-0p2PUi>su z7h~uWdC6j5p2++{RZUfjzN}VFMA=TtG<(PhrAdf7USoy96^e}t`1$x|y!*&oZ_b|Q zX~ihBDV;eu+Inrhuj!Qyl?oY5XWo=eU{}j4ttHK$(8|#qSfAL70^{Nve$*xj|920Igguco=dxho+v_;Z8X z>3O|sGCv$DrW8x4sgY#BSE_h6vTl$Ci%oGI9vBeGla!TIlzS`Otb%1VmfWK9uBhQ< z#(YEp&>U8{7~psQp{3>3%wFW&1e?<0=p$wA1nuyLL?nn0-OBS^a-rsw^UChe2GB5f zoq9}c)lQNtm#zZ;uX$ZwA4X(D&I7=P3td-GMkX0=oE5lvK4PBsT-S_n_@_C%by>+|eUD*xi7bP~o;FqMI4%}7>EUNCnh#bv zXl+d=$lZPPT-$M-$^K-~-g;?irOJA8Zy+EW;fBcTFByg(v|ToeV1yu<%eoFSro{%k zS+zo?q@|CK_jmUTS1F~ivEP^7OGrpqo}Zr*d?_q238@ohK-@8Qu&7TBtD5>=Y#$_w zwXTxJ0gIh@RvHjq`Hvado_ACP+^Va{Zg9!S%|{!SW;O+{@7*bhfkdx{Z>eC zkVJ1t4?~Ad)&6eDzU9_H`KMN}`yV4AADMf*2+I}=i@zH%y`z}sUx!uQL6w%5TN2sr zgUp#$eHH)1N&q_Xr&da%*3s7mG1zo`^$`(|=+o*AlJ1b{WbEE8bKI}A-&wprZ@rT> z)aVuvk;OO;L)Jmh7;6Y>UY84RCG2&Lj6fq`YBQ=^ZmQq!no?w<2W{)$e`<TjvOL1jIE<<-DUQ|3>c;X zl=K9Bhi*m0coIQpRM)K;bu7*K?9BRQ5(m(3l!*@}@p8;o1FEwQqc@r1*Evj|XSgZ} z>JG;i)YhW-5o5qK1M%ipD{<&j7VsSh&vi@}=4NyYC zT3ReDDi{*Klg=j8RBc$kCX@6S2vWST^;ivA-PR-|Z3DgPEae;UYCz4M$ZQdr_`jJ@ z{I3lL%#S0p@SqvFALkRaUp0p{H4$0{w>PyJDw^`QoJzbI?2Rb3y;b2VDcSkyn|87L z$+Pl#y$ZWCCN}yMp+bu5>0J(397B8Hc<1MART4QVtzEbsJg|&xY)B)B<<}nhKYh+O z3e9b8696IG$jAtdaeL-Hb}S4g(cAAHUGK#kmFAYgwsJ(~3FwORJ0H~AOje}91JwsF zfkWBY7@v>5TqzxE4HzcPl4m{)>x=)f&=)Es#GmsLeYkgUgGhwzU(!A!2}-zqx3Q36 zvS0)&-28v8XXu{GPS464eX4Fu3_l{k_V`_x+(u^?*~u|tiTw&RJ!Fi9xKjda-e)-% zyIqOv%!1olZpIrlE-O`mby^vZWiYHTG^rn5j>}t((a>e8QON{ zAPs?*-03=Ra(i|KT@Dm|>dyHP2(3Ge%DHc4dl)+s?=;KYZVeg59gJ!5No( zFJgZFg3=ql8(3o|gZ+N>;_NEr3W|;Q68LX;QaV@Jao{VqdJ&l#9=eTXLjeyv9m|6^ zeZY5 zJW|bmsO6L!CdYDmn%#r$yr*NkXUlk4=PVm{&b6WQuBy+>)UXHqaa}m!*{=-me}2a4 zC4iv3W^MK5e^7F4y4GK})^o4XJd-vf8GTsPJc`|C)Y|6T)WCUEq4d-}%c8j~;x zXRMaj(Q2eB&k5s#{xm?qXMDlfM64Ums#mfsmCdXsgfw z`cTDK!aqe^eV@9K7w9Sm!o7jhC`!2#lMK2`^Qh$)zR!Pc3+X%b8onzUg#v5v!N75G zY8dLC8uY=;?~xZ2kg*Uve=JQV?il`VbCYN&+rLmPZ$zmsJTeLHHPTwcz<}KL#RW3| zt5|mBxFmwMPhZrkC32BXTbT3d*xLi>LG{tSrw#yd{C`Q^U*6jI0n6aEvAGsd`AN)? zPzo!{52HuV4`-SHFZ8OP9>hOuMW_09RI78PkByv9keg~=?X}ERqSM;oL_9%6m71b> zk$AHN)}6hNBto9gQLnN;eKlXzJt7;*e5-#;G%Vuezn=UTZ-*WLmJ2QH#wVZO8N(_~$%N>o4ib^_N2#X%dez?2>i*{pp?h11?HFaAHkp(g~ zI@m!Ur5atnOPq8n`GxdXW0seeC%xqSTCGQ?_TLilmo+qFVM(ZQ`x1O&KwncaIvvxE z#R1)`m?95mK$pQF(=1ostTq$!x&wLR)438%u7eRwbf4*$))-1jIOZFDl;kX+&ElJDtQg1vel)GfXcSd z>EgbDoT3(+%!gyoH2-hoa9c@1xKE&vF$3xjQ);jnR_lx(y2g8_d0}h3x|x$Q9+gT8 zY0_OabWjg_+LSH_czd}G(SU56e?Rj}^~@g`77^)GZ*bi8woFP|*LnE?zaQ?DOKz;tDZ~ z2TFcy_o4pXnQ(oImyM=6OeCVA;eb!~uV4D-D?-8&cEo-a8_$eneBu(B^^f1Lxo&?N zJs;gW;c&CKRNS}dqsM#QT#iVNCpjiDBGcB3iT10T?Wd>Nfu3aqfgEh6Gs5DcqfC@X zJmc$;wY{zM{p>u=X&Y=}}q9l+R zYn-iiHMXTE0niszfWQj`O7(w`#j?WDIj{ ziw&jE|0?=VOUHdQA`AOw?J?F5zK5P^a+^yKqrHth>784b7p#rL@%X69%`w@+$m^ml z?DP3~i2ce}3Lyh|#qfIMVL9dFi__Q?q3Fo6N?EcL_eaH~T(~&1OlX5(3A5fRLk-AYOHMpLI zcw4r%22!MpagA2;s$D%haOlylw)c-iHV3*)zz;yQUoU8W~DpL z16ke$ot>Q*eJ$2A9)>9s!I+r5L^hov+sQSD**(EozUsB-qMK0tz?hf+COLrm`aoCW z*gi8n4A&J!)w~qohSzY;qKMcFGLfhXoomh~U(|yi+k7B_bpu=9bZcBQE5n6J?-)fL zXUp6I{}Up`?XJF#{vxh$yZJoD#X`~!W06O_&5}rP_doo9E#{c2-vKi`1-YX zNvp|7_l0{xvUV3I+wW5JOW%p`LhadyHJrC$j!QcNQ_u+8g2SbNNv}0>jg@yykLH3q z6>OaCU9DzX2bpQPEx#qmm<_J?HW54|CYJJBSpjXXz+63k_;`UdG?E%oPLc|CW=akg z`rfVu>}*(!v^tvMmd?AvSqY?~)B^3YZTIM2{3!xxYmTQRJi>eD&Yg)$oM)yLzLz+; zO{SxO^8N;sGw+ia2Um#iq)$X6nJCBVvfN1Qh_1CJ5Xg?#xjLpkXj)Mh#UGr=`*igq z$3o)*?iV~&vrwFK*RB0wr~1YI7w-_%fxWw&+*St=6Z?qZXz)kUJ%;hACd}IJ57sqz z(rD-_v$k+tEMe2qgbz0V?okHwPB72p2dU;@IOhN*ZbQB2A(l7se4^;x-Wyw2>!wB z{!eZGPct%ySrGxBXqJh;rX&#N#?ny7mjyRb^NQ^EgKl{6ajk6%%-xqJ>)8QTCTY7n zLjZoce`Y<(c=x!8VWqFQ)*1Cj7>S#||0AoY-#-Z7AbwfHt2=-Y$KCr#RwBY8J3T#V zwHa(w@$xs#Ka&Z=*}{oXmTooEo8g&|WZMUk3N+Rb#sGrt98akSk|5BO!N;K=xUq;g zYSA8wrn8JRDrbxg0BwMH1hm}#(iJ5#cKT6aZB=Jy!LwB}&C|{4bS*ZT18y;zkJH!9 z%mPwu#9wu9^;6Bv);}9@KOzqekq+koq=+HhcspWYs4gM|uPMHwq3QcAN&mmN1@i5f zZnA0+9tev){xg<@fMkNJ-Lqo#iectO$YEA&h#HLl`OkZ^uF#w_D;f)J)Pd^hn5r)? zrzF$6Iz(wgx*;JgNl6vuMs)8#X4OC*)Kl(&~T-@Amn*hP^m>UEgffb^5I3( zDZO+Mca!-FgbedoaI|+~I8T~R7AdF@e^Q(lH`}1 zPqDq@%|2}k)Z@9XuBVliJP{9>0$5pl`Fjk?A!KCcri5g%xip2u#AYe+{qR65yObtt z>OAFg9Y@snd%hglgSZ;bNtT++4EhBYraJ?jj~3{R{$*|c>1^c6V1Vcgq4)Aro5E-c zQv{qF-6UZ|2i*+Ue>rro#P)E1lk3^qs$FY*==%!4+3*^CFUty1sj%8IyY;A+DQ_pO z0U^VVC3JKp*S&St^0AO^#;C*g0U0{Jo({Xu)QE2`uUNFu>9jtZt0_0F;m;rH`yFld z2=8@BvfQ42lz8t`G(}`&tm^8f{>r*J$=DEeZca|kd!ZHjQ{A=4@jdSn*2{rP zy7s>q`nBb2{H~65FPGQ%1m<2mp`soe+Wbv5(lj9@f zT=hws4_&9Sy;gGa6UT(k^vq7FL9ZC=*3K&o(t9rb|L$U&W3&P7aW|4 z3udrFlW$+FPtw|L0XjK*<{1Hh?#Ae`bj;4Q_wQoKXC1*KEQuS=C&yqE{|mk>xv<`< z5X!9Clr=mc@RyfQ8=oC+nMc{bRl+l8>d`uT4a~SkWT{;8TNxQys%}qI50=~2Y%b7Nt1xY{3B3Bacma9A~|vPw3$e(Ls8kUZJGdm!w-~uKL#}h&i}7!x8s| z)ABK2zo*r1aywXM?P-1EicD#?B2 zIbAr;N*gDBm37q-U%-k~N?fK>9kxp4^l~v^|&!0=k z%0SGcUg>@ZGcb4w%_uCa=Z_abrX?VCwpLatPZ-Ja+^Xvsa~?cU^zgK*-sNWCdo3GX zLsBp-{`>FGN%sEHxjIB#!ocbz^J3nSJyCBP{9+57-hE9s+N^@j`b7HTG-N1#saT7y zeX&TzhV@*&E7Mqg66$=Y5HrWY$*o#)^K9@eKYK=iONAd3rtQmNMOd8WV-RRF5hXcz zx?$ZA`{|RabVmQraW18}W4w24E%~Y`jGqOT&omgF;KyYpmnNh}S8Nsu$UN1D_=e2X zIrlVeBP0g}+rt4787>tTGrJ71M|;zgn>~|tcn#G5kFmFain3kXh93}AP(ejnLg_{j zkVa8r=opaBp-Z|$1w=q{=#qwEh@l%%iJ^yXq#Fc=9N@dbXaC>c``hoo-?dmSVlC&s zuj{<7vyS69ORJ>6`u$mWPAZuTlbHd09*yDJU|Xf*^G>=qxDb2ueExb%qs`SPd)#)N zM@jr17zN5vsSou`O2FK^y973l8y(*&2byQjVohuM%U70CHF|IKqs5+5JvFqz23c7e zsi>^Mu z3GTr&{+PCf@edPPY?tc6LV5S~Sm7$$OW{rL<09#F-GiUfOVew1w9h|Ymra!ou+yfu zkqzG2%mVQ38>JO)Xv)1BpcuOKHKs3B$LTUG^Sxi%QJxRdz3X57{0{r4$5>fJHI8B? zzj%XD(a$G&eiw>j=?Hh-GT1QHZ*wxXwwJ#?Lh>M5-Y53cnEq%`-q*JDuBj?+n=v)G zRp#8B;pJuwuQf{YUWx4t`)(yEO^FecE|5>Uu*`Y6h^v#o>${-y@p1tJu8dOyrF8B? zSpc2DRU)ijO{n2rX{}_-X|NsjJ+ZPq?~~M|I6Lbw($9G5Q?IP9P9Lm5 zamE5YJak2DA!oe^UDo@hY#9R=nEE<2-9`~k=E;24xzjbyiSV~_$;$se(?ml1)eNez zNM9C`wA=d(=qSc(~^@ zUFT9fd%`Pp9baPMznyr&zwV;ceb~4Df?v2~+4p-|1)~1KP+`1i=>WxWCa$gA9yQeC zFph_Zm|ZVD61SPkQ<@IzUoBOt@f z9&tiF)Er+OpPOE8^ngh*m7}COR{`V9Ia_%)ck)RN!IYV9pY>%+ry9RjmOnwUPi3Gi z`pC@APRz2^Vri&Y^cKSo+@yYlL-IYBeiPzyuB_(x2jfMPkEhF^2X>93CNWJK{=FEH zs*gYDxs)P+m=<|~u=4Vl8mmh6T5{-U5sOyO8(|AXC%c-OL1g3ft2wtu?Zz0xp{LDN z7>+c4{*eWHs$w5m-B&1J5;VP;$3stLLn7I=!QMJG9Y%&ckjP4}b@Z<3WXIPJr*-vu zmjY2&8P-i^LkNUnHmvMjh@b6rPHIJ+#~JlW038+~`B;5-sdNMxy|_LCf%wj)Ye)S! zqasRZVv(X7Sm64gv=nnImDg}AW^8CTjzAXI*WnpyW`w2s^6D z%332e*2WSmjj3NihHuL8>=}#J2>;p98g>7Wffq9NL4JcoDkB{97N}}^{)`T$@lY+F zUElPWu5+ajHglGd+1KE(9~&&*Bg(iQ2mmwzUf`mgZ(FBR`5=1DRz}RSH6sd^my?)I zSxV+xTWw1koGtg4t%(_rXa6<2dp~Fbx=j{#RW3!^_m-SJYc+hzvm~MI@|*0%*8-Nl z$l9w?Q6+mM1=PvNUX|~rU>$qm`)qLMlqWFr1c7iGN@KX?d{P*0-zcOM=bxjhD65+L z2srDkvM@wg{bm2N%0|VPJi|lT!)z+gXuS6nzEzsjr3jLixwPv8BaozNlD2>8AKnZW zYV7>A#=BB&GfRidXNis=-q_#UhXnsj_th&fP3zQ>1x;3Q^E;&)O|raT3!Q_FTrdRoQcWU<`0Xd* zX`;>t>3#y1OmJWHRxT?P;I)zBUA=S^!d^gFs2WLyT7FO3N-ADEh(!*IBoakO14RZ-xj z(O2IB6m<1c22s3XCm262k@HWcb)+ODO_#roPedatn$NYD>oA!zu8L3tDj)?fu_U?_ z6RqzU7uP5zjHsaxd?0zsmfEFxvK(zdE9<$DyyJ7aR~|7wF_E2}+jlwVB*?G?R6SrE z*LCuL$&dh6XmqAyuZA^xZwI16%mn8=u|@Yz-x?ZQ^c}6Ftgf{6kqpZB)G+_ObzD%6 zs1h_ghkhD65-~yR-Du zwyg-8Id$q6cFvLTT2M|=eBBG-#>07CuX;aMdll({(Lys1Dl;>P+#*oQDh|xknzWg$ z`)NWr>je+Ge5#BaP^YL3?Tr^H=PAA0}qt3l_Uo93YR`K_X^)9O! z8-yHDn`7^)0Z6dpc-?X5%4~G{8xTdKx6`!S5t@6*o%vt8uE0J^pm7etZs@(KrtF~_ z-D-pe7sJC^BXG}KXdZEA^MRTw$`ro2(-;hDuRS>8Tc1xZkI7=^T3lQNm5YzsL-P;^ z+XHV_9?AwoDYPDTBfI0;RP}+{AiRhjBKV5rhOKQ8MD!)A)Baxe#ge%>TYOjJ5>hg8 zQMt<6#mOb=Y#rjFLP9)yF&8RekeK(JZ3jlJ$p?KxKqFXy!?h6}82H9@=**EkTq6 z9^A!lU~+ zRq!N6OEFG*D?S!}wRTybei7ND0kOvFNYTjC>e&yDPT&?AOuCvM4)W!+q|@SSNaliQhz?o%x=4 zIIecco(N`P@+}v)P7W3bEzKPbnlfeE<9Cc*s-sDIunpX;M)E?N;%V4{0;*}!43BaD z>Vq4V(orj?jc8;8A*nB2M4K84oI^DJ`ZfRS0Xs%WZGUIy%ki&TCtnv=4KH_Z44TrW z#y$Smn&y=uSK=0{14+|1L$f1)R(Ceo<4a7@Q;-be#V*n*f(3R9;d(T3mY$Pmy=^$^ zyEWq_<0=lN=v0C(y&OMMM?Ne2z2kEL_VxXCB+g~OxiVQ1l77hGsJ0QRB>vQ`1+)Zo zJYuO$qn?O2yDMMnyD3o6K@nC=N0_|q+|H+Ij$hf|b%Zae#sz-Lqw(WrmMB+bhVJ-b zTo$2ZvW`%>SO&2ipS2QC-C=d1_%JZ}Z-Bf7rjB8dD{*8h%`OHtl}xD=adyXj`AC6- ze3YM_4Q6;Gt4Af^TG7xI76$rLXwub*=&q>|7Z59oV}6X8JR?Z5wOq(Q!v9UJ1 zLUJiY_URfTF-Rg4F|diR+^DH-Gd_yEcLWOle(MPAmG*4wFgN^sv0xmjkzwWIfqPPa z>UF0{l?O$g>=9w(PRjvt!|E)LeLvMx(#Xw984ps-OMy0YQ_QS#$qiez72bXBY?#h5 z>DtA42YGR8>5Y#5`FBEjFpow~fa#DZ-_f_xWj}Vc$=a2S=n7UrC!}vAqH?|HRxZoA z?w2qPSL@a3EGG|97#g`WpJi5rWRZ1&X6twM#r#~7lvX<28V0jMAX-fzt0JIl1Mx6C zozmiUbaWD~vgZf}tdki_mgaIkO8|LS)|D4p?cHS#F_$B##<0rdC3+LdhW9E_p6CtK z+l#P~!$`TLJ4f$gi7_r_FDp5g5e|6e_cu-YW-kDK@>73WZWpQF0k|1VUV8 z{+^1Wu?dS z_bko2y!RR4x;h!4P*DaGFh$4bboM0<%-&@-`@P&*zL#f(Ks>-q4pS98snR*x6lUKD zP;K(TFy|!FfA~T!y4aq>wy3;kkRwq0;Ji^FZMp)YDHCc4{7;IqOYp29Z}e<>jyLN; zN>LGOeEbQx8J2{+k6?wF76EVfK-hl!gMCA}^77N8MeCBDIC4Vh?bX{u=BPqN=D!bD z1|4m)`5vXn3JOUYy6+o8_WmMVas4H>V|$Ho7Sdd+|oG?eX&P z_xcoV>8aKAC0bj42c?8~7s+SoUjei(kN2kHX1RvDR_{3}-!k7gGZ?W^ZvP{l8-zVx zfIGbXgo&ZK+nPZT-STz8aUJmC+YLVQc`&@Fz3Ou#ZNVale!gDqalL_QIaWc`mZnY+ z4qIOAxilo)eb--qB0Og*OQ*e(vI=6p!i*;6GB^QhazeI?%EoMsCYi3h1~go22K7>^ zBlMPhXY0Jpv7WLbJzV`R<%o(Q4^X^K{a78uX{*@ufe3SHXJBYlSs5Ov(FUM}1J#J2 zw8jhd%zMdh%;wVfnvDo$wu*-wbzf!1LWIGP2ykVS0*oX&rLeQF-uaEJHgwowJo*Vc zCeub<*r?lqT$=(`wI2BBJ~s*02|T1aQ95xzzv&?zdTXMB-AAK|i?x=#u$Pl1r(V@+ zQHLelL)pW;;E(cT#uNN(_htB&T>}x9<(gTW9;)r^fj&ve)j%~PH-ET_du z#6(KUq$M$U(+O~@rfMFipIsr|-qDX;Ek=Q11fyMb>Ff#}9F-vZi9Ao&oos5PXfeW> zRv_l=`5vOGDXnT{C(q+~Ov7R#H&S5-WiwwB1%*w)x3Q$qcj+@_bm-RXt6zNOfy8191!M7WpT<1RFBKo?n z`Ov&bx$^?$o#vPtyB_m5BbziBl^jelsof}@KjmmYBCsM}#5 z{XS&1-Pl-wr&h4C*?XKM{j8pA$%XL8xwN9>0@J7kitt$pKSiY~S9&p@Pmu|-0UT6~TX&l(SA`o~c^?DeDf~G{ zynR7ol(Q`?31Zk_;umF1M!%aQmX;oY(XS>(UuQU7N=*l!jAY*`zDBSqnmMQS;r zs5?CnvsKR;%aNi$1_6P-Ud0#!wg}QomvQaH0RtU3S=4%M=^bSBL4SZiU$q*MYEJr| zyrbjAxR2|PNZ&)(Dz;G@WL+H%d~@Dmam>=A+HQQaEO=)a*!jdq1`oJZu_&$C%xUZ! zy_+cu{xbT%J-Veb)z_O9!-^i0~dg$mfD!H=G- zUIpS7%Glw;byC!d1#Ph$McqD=b#ZQA8&jua$}hn{@sTo@T9lf?^U&K>vG_43;QVHM z7PQ6}${X%580?GRxrA*#-u9Ri)g7Ko^%F^)VH7 z!ZR)SsQs^ESrgVlqqq^*LaVcmd@>dtZEaS-fyUXWc)UHS-6w5r^ZC=a>2)z8rp)OdH%CQ7uc4M&xwt9*~uCyoM#_5PfaJnoB>YitzvqpMa-^EW3hxO-D} zX%ZnTA8+;Uy4cUgEsHG{;^if{pR-152+;&Iwi1`q?t<<2LBW%qrk&y3a92@aMn?Yw znUKEo&6Dq%z45>Mjet0NU9)AX6%%!mN|kc#7VfLJ2FQ|8R7eDuU7Y#VsOzeGDxs1~ zKi)lXb!Y}=GvshZ4t3iBg+LueIL2u(sQLL?g0LG68LyShS{tYb&l1taT_vw#`Jr6T>)Gydr8;UC$HD5Cnu%rZ zshEoONf|;VS0RVh8q~`7%cO~d@95c~uAY^gc6f5q@$u_%EeZ1w)wC#vEbCc%1A%Yc zpYd+LO=x+XaIJtOA$h;l^RJjfH(r<0@hwHODBlSv6v?5_Tm*Ge$oE-JkVzCr!A}`jl{SXdq1t3es zP8tZkbU*YtO?^(ccge1Qoe@xnE6GGB<&N@OD))ju7b5aDQM03uNQh;Z z5(er#8kfzMK?`FwI5`>K(7Wm^kHuU;hbH~Sgv|~oK-Ix>C#$44$dcOVN%C~lMQ>|u zU&B|^9##%W*W~gyEY*=wweE@=8UOE;j;l289&U=Ltq|A;jhdP&GB|<7b0p!)syosh z0WcfuV7I*k!P<76dMV_^h1eb+5M&`ba?|vhEv4IrSJ(re6RNVo^g4PwRf=sFw+f~^ z0oYq5;Rb>o7E39xgQ9*nn)U&S0t_qHl@fV7mI(k}d+-ch-@Rlh{s25^bmTjXA`ULC z+;V(!CH_6!&#l zFJB>8F(pnql)vZX3a|4FOPlHDHlbs^YNO@j-t4>g4qXjHJ@V|ky=Uw6UH|JueAkCE zM7fjcMn5q6d1cwEN&(6+?RHTvW67KEr?k~(b)s%DW}tH!Cpq3?c(5CQxLIZxx{$fsl`BM&+`^^?mfD`E*w9ko%jdQk$z!SKl%J%r{@qlM*EarS}5 zA>;*)iQH1QYwfA`v+=5z6fedm`R<^4@CceT$~~v!I@q4AbKU_MeSqFb)hz(lA5z+} z#FMfqebz}j+lf58f`v`O)R9ie#VB)x>=uy4H@jzqKeTi+3%!BDQBga zy-D_*G}LdR0&TD55Tnz+RCqOLHRpiW+u{1gf{CWMdpuVYh<1pbvk-* zs)6fKCSFV9T8J^`uF~jiwxdb86@)v?PAQ|kY!$hPTO{urB!68TYKg^Zs8{L=!Rt{9 zEnLjj)wze>7Mz}%KfT-meGWZpINBax>S7(g(W4$PCK(*3lqhlxuRgDH(_~|z?T^Im zrINkaNp4po;!6~0Sl4eE_<8zEK&T5|)^Ht;9dH_MSnwU951U1O>BV)*+gB6}zWIoF zO%tiVEN6*n^Th<3C4)OdVymN73n~DD7oN>TO}Dk5-eI09muy`0+k(M1V93TGp+OAt zZ%Ste3cl&RJ9Njs>uEuBEK6QCrX{RXh;(G(YkjgD$f~Z$fK6`9ivF^0h2WhsA+#09 z|29P()LGm%P%l@C9&799oVa_nG0-zGmF)lmH?kVGeC*BH^@KJbQg-)@MLXhSnZk zR8%S|zVm=d`c`G`1TL478zG^9)=_Ao`}+Gr?R?k1;imp?-}LzzBOAaT)^1NJ zn#A-c_<&YTSPPmy4OvmV#SbJNdXs+-+wxZdV944h_k1vWh4FHq_t?@t(HHWspZUw} z`%d)WJ2_r>?;3O(83EpqjVm%arQu>gi)y>E`pm?M&5xMl0k>#CLrNwjwAWV0cl;pN zjGZ@H7Ysl=8^9)b3D=OsETUbzU(dH-+t&KRiDXgWce~ShxCdUeV-2n5Clz<`(nR;E z$MGaQQsUSzK=s-U{qSuXWXGVU#qRDlRY{y}89MqJ!N`&}+xCNN2^o?hx8iYI# zIp=ZH?m-p}r>-{xs|G<%-)h1ONRysWCGps7d`Z`^XU)ejJ`0HwSt2Qzo~XF}$mpex zBW6*nR>Q^V-Mggy-Nx{9pJB6qhQH;9NTk(5f(){ffDulk%gK}@JA)gVAO2R^<-U(~ zNun6xGkl&ms@OII;7Ix_{G$YP8e?TUr>7Bd$LG-ygj1nVJJz|UyGIR|L8FQW?J$VN zd3(%tV(~WunK%8G8jsS-h7jp zl{4;EzFvr2y!%A(@h||ayoPRP&_%v8vfuo|<;+@12!A|v9xMvkc#xr&==rO4{mlH4 znYp#5YH^ys++ePcfqMvtCM>TV3`BvxPa(fI+STUylxUX02H05uN7U9##wWbD=E~E3 zf56<$CUzjV_-UGsUynR*??9yaI&B{gBkv9(G5B?fqhMT`etTv)$#2c zT%s!alm+p`g`x3TQvg)551f~{`Qtu0F^AHo)%*^dNB%lRyleUU_pJc=R!waXK$a%o zx}|Bi03OE_dB^vJfxvVK@sDimN*h-G|!P`1b^f4WO#SL$Pj3$pGA_TiD{#HZP(m z^l#l5?zumhJdNt*sIhA^euT3w1&{{ZSGc0iG^BIlD?P_Elj}{3s`8QRIUju(SQ(!@ z`#C0jH|Q{es_ZkKJc35_x(U!UQvI+=5UfcI1cGLY&cR( z+$tyvlJGRmwyB-)KHv~dPcdI9K7;+Xa_(TbO%^EOYd7%ur;(0tvng4RuG#H>XaQ9F zkOykPama@zT;@M;Smjs?T_?*mDlN#7%+baG(QSg78UdCkPuWEI1-P$LL zg1rV=#aEGo-xX#A2r{ebgoP*Z<22Cx^5MeK(5Wi8{e?IJ0PO&^M5(L9=%)z?-z3y5 z08$kNr>bysV=fP`tc0?Ei}(2acWL_nmLaacyQ|SMF=D*h81P|-;6=Rv3*%EZ27Upi ztd{93v>#`7Ua;G+CKn_ZK%R8gN2|sC=$Y^}jAB1`u`!pZ#zs!$nwDswg3WHL(;6}Z z0LqUYe*ly?pgZnIX;DNp8j%n3oRC@H-}Z63C0L54R@CHMtZbCLDKaP-jQ$Sbe@YD8 zmUf!!dlCn&T3_?Rr+utuctvRq{jo_E^EfV!%Cg5E-w1=h3|yQuJ@3HuLc|1fUJ7z+ z0ijw3CoVgCPcnKx+D(sO!mvGBPo*zNkC~J6V&|wC|9vWa3uw(z6x}5HkHcXyjIp#D zZ3g?~W{3qA038pqSb$J=6aDV~-K(OV1O%78$mTpqjJo!;GI}0+iNcAEa`vJ;1-stb zEh;^+c0JAOn!CiZ0VqY%`5aB|f7gI-ULvjSzKN*5j;L^kNMMhX;{qVi$uidHdl~>^ z&SSUoi`|TC(0#mTf1I;2CHAd|l;h^~xB^jeA*Z^WoE%S?{~yJA6Vg)dL%jQc##4SE zE_Jb#a*#*~0Sb!8>r49opmEd0{JLM&hAk5^jEw8~moqZ;24SxUsDq^I{% zY>j-*xnvm_81j5i*IHU5*d`xrS+OhYzIDf3HieE=6zuGCJ>QQzh{NDJUd&XDYY5Z!VlTcBbKP+#{ zWXGklf~RC=N%xwe>+k;n?}eZcnM%dS>$wyEZ_F*l%6$|?E=3_|L|G5mVA}=W!>cXs z@5goK(Qr~z)#$5X;^nXUT0gXb;lfn1SnZ_QmD5;@u6^;m_wn0<{4XuvILeyYMPkxY zG*d%sb6s(Yia3@VW{1bOf^;5PnKOI-cV_AR{5M$98rBcui?7lC>u+ffJASzk_7yF> zBrlc^z;t(u?le+Xd4ezF4P5L8GQ0WJuh4<MgyTUDHb~ z3d!U)H>@YCZc3R&)|3h{A$HH9y z0l@Ln!!^KRhu04q#AXOF7nqL;++4COO;=XYp9!I9y0mSrp$l#1?C9kmdx6)zhzkOB zAKHEL^+0|B!t5n8;v|fBxbypwsyL_Fo#jc9d0o2s6Aq4;S{W4IIQ$?J-5FI8Tuij zmXf*Fz4lF0_*B4&C-sE;dTQ98OW|K$^Pd-imp5ADMD6IhK37mnhIaNa zafzO{v?}?gzqsh8X(lB_4Ci$Ev;+x!ou7~PNzOEA^cn@Yv7z-T5O=JH1NX4Ab_ljb zG6wE}AOEKm>)(Dy)_irMFUfgsTs>KUD)zVU!EPQFW(8KPcNJ-cpS|nz+PUyO`?2qL zp{1&8e!b+*alsTk`d{j%wNjKy@1)4b#pMlspk|KXndr{bzzb7dZci3RbQ4hU{OF#VI$rs4 z_wK8V{8H1MpnSgBK&JL3iq{f2DtK4`;IDo<-=5QIS$tzcFffI()xFrss11Y|!A}uk$VZrlF|* z)7rv)vF%^;MrskyxS#(o>>G|>8lnQ zv3Z@{3~u?z_QV0Ra~v+m6+|Uh@LDH{EYrWXcKkz$tIfc`^!*QX|7p}&0LAU>pQh=j zgP(SItL@_e!q0~jr)%o&KiqIEK##9{ghzaBn2b#KxgC^`#v`aO7~Ys6isGh&jwzf!;ru7- zR~8L0E`MJ%wXSD%UlSTj_L>ampQJSW@$lXz^y?|@M(3$30vR904+N2H+2u7325va9?|Ak3XSPF%1*N1-5|84{RFK+`u z&`a;Te;xtIg>LBka0oC6dd@Zpk%d07Qpw1scU&RxsK0r$Dpd&nlcQQ2F#mZ6XIn$; zXF4YIPn)0kf^?})-6`Mte^lcOP&}tl@XNIwF8<2*zxecls}O9!*BR$JAy$5ab%zaR zM8mne-Cy>3bYMyX7saVJvA-=WXHQi9jmLxh$Jw~Aox+39BqF1Mz?@aqD}&(=Gg12AuIoO+x`2G%C=ap+HiiVKh##T zbbly(D?c#3*zX_;xC+`xMIXd7C`YDJHQB)%Y*Y2#2i?0vEr_bN7I3;_*Tr(D>-L5t zkz-c1RJ&bxPe`B2_jtr+b)j9A&}Oecho7!$pDNI(-)SR=xXi1E^3B5A_Cg*o{nv-e zxCLBJXnz^f>!+8ZH{4o%u{YQ^B6c9L9=MUrN1=lGsGTOEFLgRj+_khdw?zEh`}OXp z2jOGjY7zDiC0yN{@?-J$%Q+aAOhJj?kSu(b!(FrAy86VPEqiKMC&nvVDr0})9J#tT z=6;Av-CZ|%LiRuUrGNY(V+8kD^c|dt_fKf@70~vmnL?~?@DWa>zgznJ^{12wA8Ci8 zyhx*SNJA~^Hn zq+4-%apw4t=-%_!t%YS0X7b%-mp*LvqyGM8S@w9;f*^dpZ79J37wuXe-Wd@+A-GAS z>8OJ*>dDb%%$KRAYRx6CY{)tO*o2PQ$-4-~p41J2yHfu-$pBa)x|j=f{Z|@2XU`(3 z-|y^LEPU%Zyt!w2|K{JjoqzzYy+HJ}L+nF_pZ7zD zc&=ov{sNS-{tHu(DJmg0IxT9PJ-aueXwt|Cn+&KQR~+CXRjOYyf`_5J$pp@h>1$p(SFBnsl^~z9a_iS;aV7- zpXA8Oz$BK(xIk=1+-4L0n{qzSna5NWSZu!EMIWr;w(QHk{ctVeizj-w#_nF-xT^}Z z;(`L+0|Upl@pAZ|hZW18qOu=Xigfq(Ju|eTynM$oq()47@wV1?ziQel*+2Ipy5jU( zy8#n@&cV*0Ee8I5SnZz+n-VRiIF9EWygU5!(uPX{##rN~7u-A#u2)Bm=$~nS4_)j+ z9wc$JL~uqpqRThL_%goNY&6pXGla4nHeau5&T>ZG0aOv5p})KvUi}&r@7-*AGIK7S z9a9_8Z844TxaT!kivf!0it>tUgIW8w3({*T^Y;U^AI@=&SK`Q3UoTO zbuvNpa=b`zWG+URH?rHi(nZ?5$}lSeK;*>nv3JS)bv(a(3F+(VYko+qGsEmzV1Sth zdUBYTH#}WzMnPOuD7=5Z71dQUI(pgLcnbi|aH-bUEi^sZjk_f?lAkLa6soJ>N8AU* z5?v4FgniI&#IIkvlHFnH?fQg(qB+w_ynv#%{5C+-;iLhP|F*HFyw$ar1V&ugjN#@$ z+A^fPD8u6TV^Y5&6O^VG|RhFivCs2y2e+CBft$zx=r_<7kM3$Iy@kxzms{yU_wIv^q@MQzi=$7^2K{>~_OYo{} zWl=1Jxb=eA?mJ1&;Bn$g&s249sOh(5#>EMb%ks}JmO}W`Mcr!V2FD{zSG%*-n`TS8|!94oH3d^H@7R#_IS*={GIohUOHhrZ;kVbkoRYe%VWVMgt&$?Y{;*9m2;15+ch5TZ z_3)5dLA0W_FPl$Vh%OPiqu(c#Nqw3=AnC#&padT<|Led-4Ztky2hXlfeXTxH&_P}2 zS1k@Wdk+zkD?7#VZG{h=mTO~61B10ihqK9d$6 zB~ri`-ZMr~gz4)WXw0r@apn>2;rNV9XEVR98QgvIH`xwpTEzOG{U2;QK2Mw&(@?Rq z#coe}i@&LM?SGL`V4VYkErkY3o>x=(?sIDdZbDdA*dY;!8!F)Aii4;L3#KaKjst%JS&#*5~(KNK@Sr52^ydhGL4h~+K~DkAv|Z1o4U zcYRuK4;4#!h(KnPN z8f%!-wbOnH%@itQ%>5~`(?U&6tP2LjQ#|=G2Z^Pt3GSMjEBx@JqxBgrTdq4{fSz(( zCGzFDmxq_-sURiEyZIrl$^gZ$mPF#IU2a=q?qc(*Qf9eD`mQ#!bzm9ZR5@0$u+Lwn z%P&9G)}CbJWkKWW4l+o$VKd;2u7Zo}V~=e_#= zC0!&YGJ)P2?&IZl58on_Ur`=3UgcEsn1Fl?DAX&!HSv+4qLK)=|HiuW5}wRxVFVbM z&~C%6n;=0JLGZkw+r=vtl_(LA^=d}bw%wG9`b6ik6(Fe9)ED;Yx)Nq3n=ziRa*~(` zBr17vr+Jg7#1@&*ilkEUub^+tctz_BhvAzHUc)S7vOHR;A5w?g2VwW*E0q)Um=g=4 z)00Tk<6|P#%qI&p=Cl&PWaWHq_Mg&GX2+({8f^WA!D?>e)5S;3m!4z^PyT!!Z6pyi zu|lAZg6cJgu%;PmeT2%ZH_*}*p{cJ^wG;KeNJS&Eq7LALb#j7v6mrVgNp_CC{JKcK zDRnnprt249L6`(f`P-5 zu>0>bdjmlDHch*l+P-ECl$5^ZzXBw6H^T&TW_CkD?gvafkO@cDmI@S5_|WK)fM22t zr^qfZqzxdDm3&b-f>l5W8o>IcL7|Mbir3V(#Su>iOBaCocScC1Ho5VL-d0^f8!Egn ze!NIoyQFXF1PF%|`JJAfh@AF26CNQiXoY;18xV*>M)*aUv5&s5ud8dXQgdmt zSKOEIV*47GUq>63M8mg1ha}Ky*JYTOms`x#XYigHgll-}cq%NEJi3^bJac%ia7)g( zN>54K1zmB^YRmJtytXYN=o0!MVefS^)5_f-p)SK25Oa{(*D+iUxA) z!iwo%g0brxKZ6I`madN^p}(!}FkIHXu)AH666dbs+>iD3DSNKLno=$nQO?ny?ZpSN zi@8SvGw163d$DS+RaN@>)QArSQ{3rkQ720R;(duO_G@z4ZL=j&&qoBI2Fe*zuXZ*! zvr~}W-KxAAa5x;uX!!W_q7@)N_x=M>3=pqi2ml+$QS;l450^Ht`dFs} zI^`mB$%RcX(#CTYj%K`+nIW;$h$CujYyx#0Vr48+&ig-_Db*jneDvlK)&rGy0X(KV zjoKMGUOQ2}7^Ty7YxzNb%faO(^pV)fM<6RdnsI90VQ84a%+&UNvH8F)ANAL3Sg!lX zecs#tf8F+%V0*aw+$2|`K%~;lh3zmPcQVD_eAd?{eaT}92^u~vy*c$CiP*t&QC)rzlms!T)An-74IJ>oc1%Pobk)rncV@jzLs`;r_IuhlnXU za}YhPjB3M?DHC$Xhvx*|!;$z4N22B6_M<5a#Z2ts7tr^u$+hS=FcT?)%u#_!R~lgt zMf!)0dzkl98U2|m>9(g|9{(`@y&t+fz^ZLZN*Z5uvM86-ChGPJsn6xMZ0V&f7iy-m zmR||=9!D`P@x`Pqp6nryETNo92d1xKeIkOv-X!c=iu+gheYzOr?w0Wltowic4`1AG zuq_4flgO)7Bj1%P!z|DTwQ^y`P)2H|aLV3_%i(HqWyJ7?fc-!P{r=-7spiF^D3Vz9 zG_Dfmoc5=9YbJz!rkGiGH>wyDmznRp%y(GSWO$T8#-Q~+s(Rm4F-VbAm*-aWNKEwC zXhdADe!={O-osV6QL z#A?kgtt=0Ua6^eqL3^Mc-|B@GfUupIoUHO|%_)8@)v(xipMi0f16T5+Wru<7_(^MY zd&14%c9}S|+I#~}-0jWxemID1>TAT^jTqZ7S>sYWK)23>&)kJ}M_#FHS`xNedJ-a+}ToB}x#F@*EDFcb`yR!V^^zyE;kZQx_{1b&mxw_91N4C(HQ zN0_B$24a=i;wGx(2)X6*=Z&r`@yZyvaXw-v@&4*zRF}O|8sPs~A_(di_)*-WcQa6x zMUnmbocvXd_b9ti!^vtUE88{gfn5Y=^%FvzY^QmrM?lye{Q;%}Y65Aij>Y6?F4{|*|CYP!Z@;sJ!2uG=a;HSqaTJmRjAuQdj zI)Jj1EkZh1=(iCuOg%8Wn0{Ta{=zy5OU&yRsCj0(Ao6wNfg0SIhm|iQFnSW`})ykXRRDdHK}8WFu4Q>PoX@E_f3w z!;PP3n!{-#K%K0k4Myb~rtR*_dbYa};jJ~V)MTN+!9R^NO+nt~#51FBej4S_O7~LS zhZ<&2w<~ZP>l6(+3{5@zvd1lBZGrP=-I;M%_bQa8*B{Dz*d=n>g&&u8swE04kHj!O z^FnWWZvN0R!)4A*SytLfe-?uN+Bx_!JGLTBKKG-D`^WA?r#oSM^${IQ#y9QEs zTT1ohY?)6qYK$gdTQh zzd#?1%Q>&Yhd1&R$R~58?#s%d2*HD;R`7iNn%}UkT8|U;R}oXeIA^@U37D({i}Q?& z#^Kb?ZF2J8lj*nC#=UYy#GY76_TZ~i*gcxW)E-$sD%`276|xkmQ^HnGqTpbGCoePn zvh)aK6bN~XIfcm$B}eOMJKx4r=lXgA7B?sXR3a)WCS)~1G!mk@Ip%uJ9?59T{*E7+ z7XaS1F_M(>G$WzPbS{+t0v_RDfBxx50Tc@T?G{5ez`CT9GX*QFUSN5)^`q>2LN_kE zPSw-9L<|`P0o(&dv^IY)759sP7L}|VlDM;Yv67-f9`^-{QVu-#qa7tbb#76Oc+Hje z!V7I~Xm~{)T5?I+bLe!z$`!BEiC4+2j!=VxMqX#=h0-St@<+B9#q@H)uBV;^aM1_0 zQ^IwB?oKBS4h~pbCBrKoMa{#36_w>eoSSR{;M`Q z0n^?ji5F5(aYz!=mch`N#rfx`0bXg6NEtttco>uDokh-Ea9g~w^4!G~Ta-jy#_!>q zM2U>Lz*S|-kp$;g)lze~*T#Eo!acNxOQvz@s!Z)eFx=XhT8+ymH_k4acJ43XGr(7Z zxT>O)277u05!Nf;Zk#40uEl;h+Z`Ar<+^wV%#!>k-yiw@dcX~7?~20`hENz%JBg<-{Hc_{#BF!!H|0Oy;Pt2*mU6VrF$VlFAkrErgny_t zxHWl9nVYS+%m{AGd~Xcq(sj6bjm$$Q!Wk zqd6n(t~a1Nu{bA*Rzp>tmj)wQcvqtXorb7Ze|wq5N0}7T7~3NIK&@&Z3yN{RhKozd z*pXPYP1Q5*y6U?1Sj*s^(;xgW@YfB)JXOR)lB8N_r@G_VYLlqz=4rUp!Ds*-y>@s= zI2{Wsl#skX*tYP=2jc8#NlAH-ob_c1x!4QjE3=EiG@qY*Cl>#QuCD-!^8MPD6_5}? z8tLvvkVd+@yE~*yN~8p&rKFpsyGsS>?v`G<8@>n8-@o2(hS^z$*xma+ah>ZFwN3kF z=;Y=&F`53d5whiKyiLAXtm78|czxx44fp)F_47r8=J7atRc(8_kcX*?j^#)~1f4+% zl_9>GL!l{i#VaugyJY(cnu^>;;eAwG8V1@P@3GK=52VWC<3KzWq0T~17Yav980^Xe zl<{+sX=Cr;JlEc>-0|>3krb}M*WwDWv?0$M18pTvpEiCDEp3iMgjXyssRpJZ0M4LS z{Pa`U<{UL!+hR~^4L^XUHj-V(NbL9!b| zEzSy-#7A3v8{9&3;uw0}133CMVR$7*?FR4L_2Otnm|gFat@T<}KDo-zNGfE_>(_){ z?L22?=I!6IwN%be-nmK){>)U_$6|ah-2Am#gd_uiIlG$O^c#Jt17C0_>dsTk8`#u~ zzR1R%%1O(TC$H<{{Ggf6#zaCm2(QP$^1No)-JADGpx&8n`{tXk+wAEw z4%yMyb4?N_k}4gm3S-@1)NAw(otV$0;V|5Le>BY@$9I=L0ij~U0HG8o^&|>@eUy7q z(xs95#bvB1P^IWJtU>t&J>sA^Q30{G(oD2m5x_wKZy$(11_w?8e-EVPvBc75S*J~CN{WTa_uVe`MRpnn@~y@kP*Y5d(yvw%18KP z7;R()6scd(mEKNQ^mB8(4{`y~!>=GMB5AU{1+9&%PL2d6=`YO))l^0aTkwBS1SEhD z?O^IWRE5Nct!MqE9by&z$Nmka;BvnwjBri_8}^pH^Om<}jQ-EwXw7g$5q`~1jGE^f z4VAw=*>2&#SL|j+CgkRISzQWTD!z1!$uu3G08A_Ek&^RZ*$`3Bb4?A6t=%or5tUOR zysAovBdY5HQP|P!SHp!V#nm2dSz^!0hG{}P22)$56IHk5&EE;!juk^xu#@3NcWfmj zEbQ$=T1(Zuo)wet*)pt%A?IL`Yw6r|J~J^{tKG{#shE;ZdNRq6Oo4>e{&<`RfxbfT z4yI)E?$}*FlhkrX*c=A>Q@{Am-N27qL!#3@!*n4=w4yBfPNM9)qO*^b9Jy=~?#)Wz zeGyh)E3u=2@Yz7c4=azlt12gEbA~V&=HK`MjtROCk6t_QDtAA85;<6YiTAZ~E6q%k zMR_rJ(#T>aN;M$~h&Q&Q6Jk9MkC0}ZT{4};RkR8+!xny!M0uQnJjAz7rbAzMRX44z zE}7~gVxs%~w(7pV_V7Q^M}i5JLjo?!yT6)z$gM;?G%CUl@P__wnDIeu8XgQya@&b) z_b+7yDzfXdG&beqw>?j_X(XvO*~c3*Q26dGufwOfbqQ=^Y2r?aGiXRP0hDQk_&Q97 z|GsTESu^+3Ix*~x|B#Mk2nKC3} zi)RFQ9F}mn-?~|`SS&Gr9GxBMBX$#o(De6=(Cq=kt7yQ=we?0~77&jB5U~sHK0-_jknbE$JyFaD~0u6fF9QJ%MWj-M&Ei%h`xRxIcRL<}to@Y9!$Cp6t+>dCA2- zip_)Hehp=iljFH-muNHZOnYKxTI$+xr5X&9aftHGZ|E4#j1G-@O-nI*Pv<#XL~)@~ zP$8+24Fnj4H_=wC1lZ)E_W4Y?yf@$+sj!V+!?7n_rZT7$(}=j|Jqt$XV=Y{qX#UR zD2x+D-pvfyh>d!AP-7qlX zH!?lVKoq&l zz9(ioe^Tk!&V>F42!%Im=$kdp#^b&}8+BZ#_aAbR*9eum|erv{} zx$r_vGl8?iOg>vu>4OZdUr$FzVTD6+kaW4cr4cEMm0`KH5+0Tz0P&VMpd9Os=RO_m zr}63OX7(ITudXjnmY+ZM4zKI4Gn;$1-9q-v<7=ue1TBnUuLPnYIF37AzO7~&FZ_k9 zNSR-_Mx9RgdclFkoaU(d-YX$7PAFoO|M=Iv_;OD$%NEMCqp93vzWH|@Pi~;U?x1(y zXH<$eOpG8w5^qfECjqMiQ-2Rj0N^LA@N#qtlz%~X5>gXWVq(tMuhUS+E3q2_-Bdu|Bi?;K&o%gc-h06DsIFNQ*Jtq zjuJ7}`6&g5lwT2)3rp_~y*FGb9#%-g_1fF2-)@~sN>-b!R;Iz{_YiO8i?VjssUFy+Q6ypRkIbS>gn)uerV=DW11|SRbt1&J?l8 z_C!2@e$a?4ly@&GlBzShQrFZf_VU+Zai=}{jzW@F7|~zy-5$38Ui8xgXBcn-7sAb5$*etV4un`mYR!0+Wo_)o{5A zbs1EWu~ZoCMqV78lZ$L2^WV0k5c!0t^BC+f6(=cEig{{jZQtAoI^eQ8L{4<-y?43u zB(#y1l+DT-GnKUDVqF0Gg;A$c`0q-nz}J_lSFfg8&w0_r%4O(vjxNmfyu~Ec3mAI) zJ3ArWT?8j5?~La46R4nqRb@`T6aNWmvtBaQmg5{xZv^RjZ|$`|6-5N$Z;Q6&`S?sQ z@4sTPtzf#aCfk#Eu7%whHpDTeN`|R=Y;MBv`D=YSGOVnd@@W_;`=b~2Mk_n0_^i!A zVt*aJs%IN#R`A7rWNL?0$IH~YYQN+%vN;g9lG_pD<}uD+wZ5wc!5U#bv7_?=Mj5B6 z`WF@zIyu_sMqk;oF<+f+GooX~Yd6}5QZNV!fyBEdZG~XZiuZxeJ&BWs-A$l9l!-N(}^z z&-v2WXozSyCJXRB+%sy~aYaHo!_m&!cd1q~EHjI4zg;v7xlbx-duI(Fr>W^KisJ^& zHde_gaw7Z21}8%kEsVDT)I3?N(Y+U4{%cJH(ilEvYC2+;mI{`S9bP5l&9}2LS=(Nb zKw?+SxyvAadNm@|ti9bw!^!i;3ZZ$7H@Rx@eo?Aua0$w*WU(nFCRq%m#7`)Px?d5* z7FJkjNt3|?dR3&(@#;cqa3Jq>^)IyOU27Y2u6W+DQdd`xoE$T9io799O#qo>3yq7r z3p7UXvVb!)S%|6085tKlJGq7y^P=3QIt>z_A1?eC8?pG~HQByIk;)NT@ZOlal4JC) z57CMue)Sq;=;&BWz&j1ne3M#jaF8I-SrE1qtuN7^bQ;@Z(>ZFOrKY!X=r-$SE*N#- zx4|VEermbmJ&gbRczw&^g8P27AiEsZml~ag#Qx%T|5WwsQ-?z$SbLqqb#u*jt5`9( zW?^05PO6k*HolkMQ&f~~tMd(8RYLsd@nzV*{Db~G(72#NPT#;%|10p@jQa5M2GLeP zmqp1?mcMQdF;53WVb^Rw(Yn$a6zO9BF)(2|{+Wx*ak03;_Q#98XI3BKcwwe<#&7D! zOt^|*ji7rrQGxK65QOTeu>Z`HzkjEdt<~3)b_+Cx8XzkH<YfX?3F>aG zC)lNThAoDD&y+kT+6&9?qfy!18?+zPtwExQF(QrF+K$8SNz)71nOiF+A25t+{~Z&n zQV47_zzTB?gX6B>9@BtgF-}dbwVj<$vGn$V2EO`BfWY&Eg-&|=By-$UKnUYezEJYX zQP^CH=EhI=H&P3z7+}#$ULNc%rXdx)c}W=@(C$NOFGoTP6m)$FbaAY6Cx~AAlIm*3 zU75GIzl=ZEfOD$(iX8HfV}C?^2OoS@{4Q7bJq`@13f}_RlMkPpaKe|L8LH~8S8Q{C ztF_9;ES{T($qK?PaCAZh5$UsmC}H-lX)j|k9dp~dznRm?q_5yvz121efQK&B3dUHM z*>-Zag4cZn#k(Kc5|86Kd>TXXAvf;lp+9cw5e>UwvXI~es%Bs#hhZMgNE&?I`6jdX z@uUw!g5KBEferhlrKzSXk#YsI)IMVy>?TV2B!wi;*OM(VysRSy$3lw~19kKo5=fApi1{N0-6b2Q&9 z|M{|Zg||>Go#D@#lNlb=`+Sbr;qmxOP|8jZQ_9w6o8{>HTI~I4nX9kg;0X$@F)%!b z%~8Z@rEQrfwa|Mq@*=w&U;rT20{uo@ ze_&_pTo&JqA}%R$IZxR z3t?JP)-WBEkO=G_gb?TzQtze*LcoS~B;cUk9ch?R9uJxnEixe)+0*BAD}t}C!5JJS z^!6O&=j!BxDRg#eJrOwU4VO(IeoC<2A65%6O~I~q3yHCRZr3V7ZD0L3K)SPkrEQ2qt7C4cKb=G-;ApvR+zSIJ|5!)Ko_4cJZR`p>g`0>|d>+r;E^^2ND7|7Sl9 zI|0E5U2q)^E>@@|2fTwYW23q<<;A9;HTm%=tZGrGMLD%Fc{bXo{!CiF6$4cy@qBLoobSe=Jv z)vttzEs=L)O=H(}`>XebLzxO|ED(j%`Z))t-0Z&k3ezMtW=a9V(K-JP{kNq3bKXEY zF62o8HvQ8St%AcEJ5`AJ=vhjVe8jkeK@a-pJJs>$VeIQ3VdSSS!;Dr&$-{^o;0v*- za2=HI{Zl9ya8>MnFE%2Q3Ax5*nyWOf`9^aQd7M*li%{QCiKy6MYFW7|YtUQnG7Rzk z`}w^bT8Y?TUlI8<-nGG)yEjp)^%SVMG!PSeJQi5MJydRdx2wIoonxKmu*ELZV9Oze z+RrziVCBagF~AgUWPMcIQX*U{&&rOuBNwr^gHYUcJ?rL`M`?I2 zmafQ9$3rssZWpJX{8?gAYn0HE)A_ojfv_z@p3oTOo5Y;@y**P@zdQ~f#h95{`$G<~ zdAVmiZ_~-4g-uK{J3f4=YAa~y=s}oYnZ6xdS{+lIzvbMk&-4$+7_qd!AtUDbWBH#z z>7p#n5k`g?zNR>1Unbw8aRN8h^)bOc{MSco3%EPk<1soNu#n_@j(N17t(?ev%(r04ednj(&~dP(V4zh2|| z%}${_f{#bS=Rs5b;1j4}bjTNAZO7dDH9qZxO>%myvq2&Hjj*v&GGE9P2M9%hzD89|9 zoRkOjAD1f}Na`IKwSP0ah-tvW{ddWDc#a+Kt4>|kFU4m29Ck;?v_Pzd>*-l&Zk?Qf zrP9*KIRikFFbg7Lp)Lh(Za(KgS;F!AB@QN0yW_D{cvU1eVxF2JsS~(T5UVV4Q7IqS zq*>6Lk3+~x>nH)^V;cDb^)5{0JO)ng&s8nKLA?l3)%aogPF{b9UL{wBC0%RnXTS%h zKc7;D$h=RT``))T%`=ybG;2CMJ#!DbX?&!JW(2)K?IR^4JP;HZi-1j8?9bnpY`n-l zcF3m3i4FI^Tmd)029lo3Nl|6~la6}4B;R&8^thggg#^>G^|1NK;&7g(_;P=N`>$j~ z(XkS>(JyZ$TqUC$DjaFDy#Z3({OC2;GPH*L_MR|vSn0&E2 z;m^n*!|ND``|^+z!FkxS6CN($@_mUjj+TX}#d?AChVDSv@pmzQV$Ja-%#m?}g&u|p z7xfOgr_WvfOTEHG(+f2nb}@Yjz>bauIw+my0`>Fu)rw>&obR|rc{9P75c{q5km6ro zNlwjEW=mAR3{)R8&V5E3_7ku|DN~A#HKVK&?G?2c?a9zS_x5_aTa>caaP2s!WJzJk z((!SHnmVtPZOfGAMYFcpPhM$q_3!Y1@p2m>$OcHN4E9dHzw2wSo5dQ5KF0V2iQ6wA z9g{E8)SBcA7KL>JL(=~cB?$~riN*6jBPLUTIXpT2dWm~fb%gbCL3zccgt%rMr8kLG z#?N4c^gspA6alx8Tst?=&BF+mUKDlPVnj#i8|AFcoMgb4~H zlB0_2)6xYE8mAW?p%Ob8>sKM7qQ*+4UX9S7l(X(8gefW6K=CG$ml7z5Mfix>)UH5} zvdxE?Bd@Mf+{iu28^C5Zv$}3&q`Nkm9bfQ9d6uns^mSZ0k?cP&hDI_3$y7ltEO}FQ zE`PHtn*Np7)o-K#_8CmHFi;P`atCP`->=#I%5k0{I@3=4=kJzSfXonjy?%yNJVTJK zS59W#xn11Pzq0@mdNY!2t@)l_Rko|4E5~j?4u#)ny@VZvlh0KV$rW7Jj+qjrN_fLz ze4Kov;ZZtGDP>EVa;+I(M)0}c77F9PMB-6}GzHseNO|3Q1Akjj+xZ4~50^D%aX47$ znXtAHE8a80LyO8i&Bm<67_T`VtwuC7TmEV#jWDrXc;uzljAxu%>7%!H7(4$a;Jxrw z4d%|n`;Ck_IWq~p6afLFR*^pGDbmNBm2aPBEqZyH7@wEC`lMp&7G{g_Y5Yr?b=9Lg zZG!^nO=V{ zEO7~otWD9w!~PE^2AHaIxM1?kgMk|fehVx5H3B1HKqL(j%d1OiDFvB@QPu}00?lD< zfZe{R?;NT(@s^FFGprD2ItR41nEyhQM@QVI53Q+F<#7;oNr-oCrqBv?T3rb7Cz>z3 zDhZTnP+3(U*Z-jNc!Q(l`YUU%0qjk==)(cjQcJs{m+`0Au-nKyT}a-{W<$MLT7$mlnpC>Dtx6_C znJi!Hth=gfq;ObmBVL0Hqs9`ec&4u6=UbvO^KpiuI*XTYyp1-)vG3krm^EB-)opsf z4p2D%6sH*;Pd@f;SNU?|ZX0-9^^)k1+crmGYBE37pWBU)#mlt?R8c8OCH$@oh&>-Q zE?rh&55jKxtrJo2z4u}0VB9#5rhvFtq>YIuGWJiGxHGv|R^OgLkq9KJVk9CYI))o7 zQ6=1{|BScOw&gd5l{rhSVNw?4&(Z&%V!Ht}c^VqWGfGE3X`QF&^;&S9?wb&#)-&Ps z3eDJ1JxAs(m&dZ zgGYp%IO5D_`DC@8A$q#r-6R=h46b0>$l>yScy!xO;11$^mqoy|FLub)dts4+4C6|% zkUAf$M)cJ|f>HUibMC2LR|IbM780Tj2DoH)1awtSB>8924Enq?Xxq@u}M%s~Z17=jrayilZzo(|1aemL3`!^>ZT~U9(05 z{-gBtQ4<;NZxj%rXJDYDXf1-^C>NfOkAk=Ccyi?R_ub++gfK%k%_d$p;kB*Y zagsR^JWQ|Y*fv+U5NExolr#(7?z0BC%|_wKzTt#OH-Hh!jnby0;tdG|cmR=w=eO9PK}vTbdd>;_WLx zjW4CQ{oK=WE&vh!v87AAev$BKa}BPG_Z^P)<>gI;MH#T>wpQC?<)pKkb0u#k0-->V z2fSYaRA>o8mS}nwQ zP;n`_Q{c6+E@HR7V&JA^w z|7Gx(c%g(sRS6SIxhpnw-Qpa83v>RKXGJwyxQDU)7dGBdJb2P&aOt4;(P7+v4MMD> zH}V8g)-euKq)lE!k!HIX4hgpaHa+nl+f*55vAU4g!RK}PUh37VrcQ`5+g?UnROO9` zA({HxO!r%!KQ`~T@HUZ`x!xPRN(L%RveZpFr*j+=v~4xCwJSUaTVRd}mUfqznNZA` zp>i@uNXpB8^uNo2suX0M7h+}{M2;uh253pSYe_4=^bnKkI7x+HYqofV!F$Ug5>>A< z8o7D?7iw9;W2;vc#?hK6lY2pai69CJeNYd=C~fsRn-i(mZh1eAC|^{euK!3R`aTg7 zAd5TGu9|Y)EE6hiQH)ux7Y6Z~I^p|79V<7zvH%1v*N6CD#te@NDsHaQ+eiheJ z2wqjkYxPtt{6EWkp7>3WM(W86hoA3H3T1@`AH3+2OO=uu9HZ(2VxKl2I4T%-R~14M zZ|h$yi1W`BHLbnR(#2hUK6}EtGH>%%gkT2bts*|*_e#>>NL81QRVgA13 zc(|$n^V3EfZi%$3i<=+Ylf?#3;B58zMh-$JJ5d*Vo2eZn?Ae^ z7-ZMJGYze1n7M$mX8{3)QPZ`IxSBl+=nv9*`e2O>e(T>)-WFgWt=3}ysw4$JCJThm zCk7E0>OX}Q8BSSMb%d&^nTM_O*K%&p8+FCPA*x9)4&G&1_qU(-?usGQU&N!=`h7%Y z)#*1!I0{urg&&Ac3IPFXs!|p|CgoCH~viKY_lJN~aeFAFuPpMkk$Z+j;K$ zyj!SHON|I=9aS#kP)szN&ZIL?M{Z4XYTt+gqYkE@C{4hTc=z?HUzSv$Z46#{H7;j299S@-mZYhyq0HbI*E_fRqInMA zvmR0Sir3VMlJ9UVF|=R{=L;q#Y2exU`6-L@n_xodH&O!m$}~vWb4GG>e6DxD8tqE) z*qAi4rYBWfL>g3TfSd6M zEfP@tz8*E5*47gAz0u83CVx3LHD|)W>eU%>j-9JuTQtwezF+4~J22SgcsF+)j`8#g z22i+n;&K;_w#-z1a9KXEYcdq?V9TP9vr(3h&J~ZMW3(RJwUCeuGwWuXK+5;g_ zEA8?=n#SakNh{LL&>fg^-J2`W3;r)fe&mAve0`tj5XEj#*_O6O+B3b?$S~WTG{vSQr|c<3j9pKcQB94*V{J`zK6?c@LbLG?KGT$?~^>ZO%~4r zf->E~CxvQbwqh=7ymWvy3b+c=)2eYg%)FH5T+=EpwKM@on#b+H?l&Z~ezHi=W?Kl>U zb0=TqaLGpeI~B`h0m3>i8RV^W(z`M!{-p9svyjBdxeu#U=Qch26Iz5%cCHz)PdqPs zIdCYulp7iulq=TOzVHQ}i#gMlEtUI3Xf?Fb7MBexsc6 zUvxddnnNd7JV7jSxnE4*&v^wXL#trw$?|sswFT*vP?BYuDk^cQQCsU*Y5WW{O;RO;rWT6<*qOWzfM#;)K8qA)losjLijwF+ zAd0r@oV&8UMpicI{srTq^6{}j3n&)j06C~l4yV}$Ut28}yar3Lu+GjNOdl48sveha zRIV`zq}zkye#8N+*Zi|aR$Kr5!|7VymO~m*eoGrW_O-*vmMoqC!K|(iPaZ*|o2)*d zPL~(~9!L&ykUOY>W=}3*Hbrnl!_`&)?4<4Ykxb2+nhAppzh+OT;(Z?u=F6Vy1aA8f zmc+!`ysonLTQXGoV>J##+cZAcMAH~x)7SMGWP+Hi%v;I2yBfE4K&LJ`C1ztu9}91D zHqVUXEVAM4<@3*Y+>YA=^BtKat{m|I*2rjwg1i9ssddSvaInV6VzbgQw)%pCn=!l|P?+*^(uRhT-mZq1&nJ#He*GuQBToG9DQ!y$23qt<6 z3*c{TK!92+uWrY8Q#lXXY(Oo%;H_SjYjRtIl{o||TJ$^amhwLmSW!l+=i_~?; z&*v$?ZBWqa0KvH}4E}73xzIilQhrt7IF+k8iz4+gR@1r9ABsil+hTLA%fX)-$F@~C zviRJTpL~m9Wv=A+!@=fp6lRMWl@B#~HkW`y=D%xl9j_nWQehfRW*qE3uOagv)+l@Vb z^ORDc#J48$d6J>``L{ufy#(r}myR24{FFR%Ivaz{i|sA!QUGytPRJ$u0vO?p+d3!8 zqTPAfkz>Vwe>GVt#}C=w?T%f-2jWAWmkCU!n;E2(;KD*(AJ1LdK}I$Xj^2J+x0QK0 zIMDRZ;gJ#s*you4W8~9S;A1JUOw#hTXOUDY6qhRpiWrr}Bkwa|kSlj16@Y-<<#rNirWr@DBjj^QN{#XHxD%2lmhrA| z4C^k~I>|ixjQ@dHQ^g-PCJkD+n7PP3f)5=J9UILvSvWtIMBH!hVP#cLs-Dj;AOr3^6KuQ=gHRSg0I`zF6|XZii)#{vo{?}aZRmMy2wg@b2Rv; za+%B=D}QV?r-@UDgS(9s+nRcSVVu$iO#5$a9RYt6edKy9>dJC0*gzs>rIX~Qb2*_Y zT28~tK?y@cs!UHscXe`HY#qn3cps}!q}Zb<=c*0zk}JBx1BRPDi=rH&CIJRti*Rn>t@Sy53ke06nVo_8b`9sCf_mN3Y! zo0_gl;42_nTNSlasdjh$n2yrSbwC9d>o$hW7_;$Bh`KL0nk^Y{@a+C zEV&5NCkQW2z>6Ryhb>4yuxc$_p=jhJJzU0yr7JyS_^clisEKTdrapakVgCIpD^`$muoIi? z`Q~FKL3%T4ox;0DcOf-|SPsPfx}L8PHGZ!>R12~ff6JsH;#Xy%zb(!FF{apzGqcE<@_M5 zE98drfN#0byVRU zEolkI;SAPYw4U|aS>^QLx{cew$|oEztE_P3pFP3H7*RSOWK7!F&Cw(%tgAEbr_>uE z+o(rWJM*X?MW@18XmE@-E;3fv>W-)PQe>z#=F!u=~|*cKo3KICM(oxoxZqBim0_&Je}T1mWbgp*Jo>G7OxRkvLrAArGx0!#Eeu(@jC8&TLT` zsliP02C5A!Q&m~-x5W4)CNyC6oOz8=O8J?mTpm|*CP>4D;L0qIWT9uLSk_dwC9pdKXAa^rqXy*h z)PuaZ^n83%m^{qDj}RjLOlalp`052wlCjgYqCEgkb}OFWTy0biwn~Pmd7j}2GP0P* zBP2qD7vJCFpo5EDNrqT{i=)6bF_0VI=5k$F#pm{deZF*_pYrXSiHl1g_EvW#fW$9( zb;C+tKXw-=n>ZQOY#!>~Cy8FGQK7#0y4h^0bx*A1m7)H6#zLU$!QKzGz^|&Hv*8NZ z)}J+y$(qb$3uj|leaxly=q3fM4CiBJZlO#d;mvn22p7Wp?n%YbL?dPU)bbVLna@U zXYS&bgB7D@T1kIlS~WOD)*!Ja7%K+*Dng! zquC9VS}?E=2ERDYB90szXWCiFSgi-_0R)ahL7y=(F@G#5(z9aWp^HzeKYJ0Dc>)F? zeG&gZNZRiUTG`nF_SFKU%F#@&<=$J?TDli^RUdHyDDc5ZkcrAbQNC~V_jwBxM256d zG$5D64Nq|;T|1YBwW%JSFv~iSG-rf!Zn|5kh1hmXSe}F-fR9kl+Uyk3$0vYx# zW82bkv!87(t^3@{nuX~FQ%HK&IXnfnwgXW*+{gq&LF3NT>RJKNm!nmT^x)eSMo-uM z>5Wx$Ld;ie4pUE5r!))YnL=%^FD>22K4Pv9462b!o75n_R#dJ4W{~vy^s?PQv?i|c z)V<6~DkMqV=`hnBJsFdd+tj8rzx$(s=AIzic~VO6 z37WIArq3K1*2~zRqYQ-#7-$gwU6NcbF&oVgMpG&toJd?3C4KVJg9@alEl$@H3W_1#+7 zzJeJ&DCUa2K)0fm}0XrOe621rFY1e#JZ3$OfAzo$;{= z&}uXT#uRy}7H6o2&3q zmLp_D?%cH%RIFvde|?n+J1#|4+YSKi0^{MEpd8ct;mQiz)V&g8&$`A)JXMk?I^7F6 zPw{z_kdG}3sSxr43mo0l>h76Dhv?2|!#HdHw0pP0$qzvK^*3|=e>@JMf@)q406hwX zs*_;+3}NHhVTn?j)0E=k)hZGt4^x+0A^SrKX<~Xxk9^PTf;BS$BDDRr}@M0TcMOq1CBhTV#OiJHipKb)}u z7!`Yi*|>L}5FG2lsQS9CzP5R+=5WgV6MKc0nMc&DTVE2{B&d+uThR}!G zEfI3pUucWh??`dFWK&3oX-urEt0JS`oVvWvY~Y_JC(rrugB%jDjBk}@PeV<=t2vr< zrQpmBz|LIwQ1_2ESvM z+ttXftJ2nZ=i-p#RHvf9zkgGt6KF+bd+`vzM(5ZS>D)W(wpbE>0Q_m#H=w=oHP7Vx zCX1~K*Ba~DVg>Jm0}09E9!wz93v8PAo6bp?cEJ8WMES3X!;<8VK9v@`W|*bis-n=&&si(@8i)XAdUPPTf_ zqC8L{vdWqC*N_Mnl4F1daWWu_woUQKpO8@F$1PK$9Ywzm3i?VJL8`C zv6CMt9|#e!U^O><-F1~qaF!QRQ5<2RLbL2EuG90r)>2^Ak#d(rlLi?RolpYMNby>*vYP!(lX|7ol&-s=E!bscHHJW}n9+e)oM^>d(S z;1=lgA`1s%)lUHPLk_`}k#4=ZdUcf1q2;>QQn}9h>8rKoM(7A-zGuhpNd^A`kN@r| z0b9A0M`A*t>hXG$gL{svNL98_O$2EJXy8u}E_{ZZMl??&V>EKJ>gOX{ba#Q+d7K(T zibG1GofB1DR5)`qAHhZ`!QL;|a=6zp$1|>U@+!Hy`m1Ege4X=}rnDl9_w_`Zzm7NR zkVQAE_Y3?i&>zmvMY@fT>D@&VGAn~l!@;FlH>GR>Cj5D7^LIsRG*8!>*JlNHkyp?{1==k73Ib$=Z>XRdpZh;^U0!2Qtdr)KxX zy5~MAIlk3;{M9LYN(x@8+X)|%+|K_I&i{49*pa@%3`lw}o$t0Mg+hw--QHY9}ah|uzPKd ztLlD>V&FTb_Z~%#6UGUB)S;Z)gI;3^Dm?_WT^j=nq9V>?ap`zS?mZ{p+L4p1i3{N5`j?}#Pl2AS*%|dpgXg$-uiw8zS22?U#$0`U zmKS9jD{0e;Pu;~02ee@UbB+j*70)xs^US2kQ42nL@1!$6iwf2~ zi96U=L-q0>vo0)+E`(Sr_EYA7quGO=HEu7!{7sVkCPTB7>gE)IftCsfR-V)R-2F?L zJ;g>{o4Ip)*P3|+egs_TBryS!c;VuRX!QvO;dlCK9W}@$9HrDXnDdfn1j~G;F6p6p zgC_aMbSVlh`hKP{`(Lhz+3IoJB!|Ecul*Nf_dEF!5jD-Wxt|711O=PTu7Q=-v3ZI3+GeLc0h~WLdL`IpzI5 z(;a-t>D0(b!IjK3dtg7xsagBX)KA$V+MSyN`bU5C6(LON2_2%cjA5P4s8S!b$ z&k1IlaLuXLm{1L#H&=~>EBh1*5U=smoplzE@9Dv^h2$FJ9P^Bx4b(cPdz2V!7>xX_ zkxuZCaO~BJJlMtS&Eu-7un?o5^9V@6Ld$1DgHxJQn+D%n?|Z~%G#t>c<#jI0?`>BC z`G%x~2Uq=>+5K=;Yvf*=KfALi2ZqPRr{~QRL(>Ho>yi7@dqqpzA$Q9ohf;Ni3-$pV z13@cdt@npOzpdSf&v$gnkXn!PP08Nuv53SLYk)SRVr5PKh;wr9?AA4uINCYsniU<` zB8%j_Q3jNN0FyyB*4IZD^#(ql0X?0g7YnADl7oE<70zl7{kPBO)!uMV^S{4mvtzuC zC2P=|i*>mkJwpM3121GjH}(d59I+=o8TQ=K?f6+ zoa9hP(lpnG@@#H~q$+qMcyn{n*zk|06hLM^J`dMxqbz_)ppEQzhL#T{SasY2j!5$s z`Nhs7I;-LbX-t;tOw}TPhn~#@BxN<{gUSgL zIO~BGp{KpoUt;6cny!~SS7X`2v$8jJYEC3PXng4>nQ0~n1MT5~k$Nq66Eo3@0ixIs z5mWZHb;e#i?-ufcMy20LsdBt3tbA)KlEd^UOsmVcN#=6L!-hbLchj=fmFYyV@%PA0i50PYEDEyRA>P2w+vl7-z))6ALTvfc-kINm z_oD{LGrP$NXyo+qMJc|gl#5c;R#5+^EQ7vzd&2hD|6}aCqng^6aE~Y=C}IH-5fJGe zM7k73iu4wcE+V~m30*)`1XOxQN+1cn_b7-+McTt0Q?#j60~fPi7p6As<5SnB&h=T!q&Y`zTn{+skzSYE6G}N_SZk|^Z$I%H zx2e|-W!}J5>@Gc~zcN2!U9OI{IBzbEIyIp-`Qyo#%=!pMk-FuC7$&h40@wMA+piUr zW7QOoxPOycdmkN@cfB+Y0&no_Hh)6sp7M+=B0;|2U7W9gvgt`(AIQ2W1x# zscFvrepukt9(BKJz1X6OhfOrymn)7%1T)K!;Ii9Ylb*nZS&QVGQ*P*59&A0Sf|%MS zzGo{ex{E3R#?rB!e*4imA=_vAv)dQQb%$ZjxK=m(DZHNEJOiw_87%7yKut%|;#-() z3Ar1Q6qNZ3a^9GeqMXAw(+x6jHn=Zen^ZOQ-H>sT%X{A2*SFE+M>a38v+E8_E7D#z zFEfuT2<55eY=lZ3PWQ{sX>)R@viZ9jWHT2~DFIN(OD3KHaB{zuGh5^R4(WDb>99Jq zWp=WqYNd7KE9OQFvkC>FdbjucJH75X31@fOrVW^2vMl8T`HA{@0Cd!!v9vWinF}^H zH5Kvg5en#DJ)XTAh#=s4i?2ia6hg9rT3*t7!1|6NTJOqRwjPkc_;C~CE|zT3)z$zm z)a0aIx8Sv}z~l}U8kVBQDEpO@76{{nYK}1Rru?`}Ny3k;pxd{BC`E-iL;0ZAf$3#> zg~x8q^#Hys!C)qplAfsOv>~E;{o7!`ER#hMqH2#eS3CH|c>1^Uq67oi!Un(n0lpL3 zO2gAq6d&I*hR`0<+1{g0Z)KC9x9g0IlUMEErB;Rw0y73oHuKe=Qb>>Nk3rvWT*n?( z9F2DY!@s&5>E*DGfH{cYF`V(mhrVXd5ZMybWM5fPOMHG4t4>SdivHhubVY0;61$${ z_Z7SY>Yg#z#6u6h+hj0;$F@+A6=`LpjtV!$35!cNJdz9IV$A933%RwEKgzKi)hsV@ z*N837KLVObzVV+3vJ>*bi)K~jDLwitfh@WEp+Yh0J*FgUcN&{h@#DVZ15T4Xp`gj# zSQsIQ17niaikzh(i@5+yrRZ%jsl#sVa)IJ48{KZHcfEnO@*&pcaW#S)tu^wtOBPI7 ze|_%XKMdX@OE7p%OEdDNt8Y^S?4npAd4PosogYzTomV6`Fhz-_58hAU}o#R?#mBc0iK6Y z$QI8ndl4tSyJ91)$_E|lV?`0Ss`@jevqtCH-(I1-p6YX_3~eBr+~zE;yjLbe61#Px zQT&$UsT^Rc%rNLaPZ(iuLn}F|*Nj77(gT0za&~Mou|&pic&MsK(|^?roBsx)&0>!A zmK}zC)ar~YR~CpdA2QNCWPbzRsj-uZIQ1?md8kj0_(^e2c^=5cA009tg*sKgoUUab zOiJGU$W~}?zgzuBP}30d-jUOrenM9#Oa47Q>d^r~XkvIQiy#dCBe{IkV*H-jEI*b0 z?NW=l_vJw?vd5StT8s4~DgP8T<#u6Pe4$V|8~&I`0GXue_R;JIXhZBL*BKb@Mivg3 zJ(;?8BrP_Q+5WMe3o3JIOz-AHU^|hYLzsdjbytGj+q80fUMZm> zYol2C{Hk^w^`P!hNtO=dwI5}B=ABOID=SwMM=f;D{Knd*SaS{*FZkV5WdBPMK65-` zxjG(l;4~aOb6JGID$1wDy_xUXpgva0pA?aO`Is7dH9`Ru*2qB?r0Ambc-;Yh8}GSQ znbE+#wr+kB69hXsaZRP-Phj)L2S&1L0}6!0nV23 z3Y}39Z@xLFr6hy=5murl{^1jyBNWovehlcL$%j9=F6H}t#(`1Z_RLEeqt?p(Swi70 zjui|*0jysA_DIFyVBE8tI(OHuhf(D8ecUzaB6LJW`$&+ghk8>&V!Xh}Z`aPwUNCs`6+7KE zx%v%bzeYPR*n?1dFTPkx?arR8`?~s^ui1I9O>WH(L(BvaYs-yHz)Y)>D=pZTdEeSJ zC;FxRi=`|n;FsxeQS-%wM~S;l&Qd|2uF|>bsqyNM?^9%yoXK0K1j0>Csh19+z$ks) zBgUv*|5`EnMQByc%7@RaOZ&6A%HD^UT$^RgW@C0{_rDJ5kx$3J$JJ&< z=&Ikk5|n$HZY>E$Zh#!S4cu^A4CVk70pWG(-IKGjgX!PKPHpr%kxHR)VON$|e zSS49JP}8!B)!PCb(NbpC1)Y%oC^%13wVwBw2bPIB^1S4%R*{D)bLr?o>BJOu) zgeWnPnR4N8NZjwtLun}`!H47XZ>2(huCej)3bIC0(BTijqEV{0ca`nSc`H)!;!hr-f$@^u zJ`DOrCY5&#Y#??|piLs;^L(;FSUn4iyU=@gyAD#?;_VC^hE(Og2&R}Ka={OR?_ONT zVhRt?PWPWi9oG*Xc|CLHLzkz4oxd%D6R*XSPZ#OV3<{PAnH>!l@WDRCYqWwEiehz< zZd4q~tO~h{aWkeCh}E_0NKfemx;Ux)A2!;_f;MTz=xh2z+dWxwOu%Gn$D$x0=A#DL zbpx}7mkVa&vrlOB{r{C)ACnh-T^xfp^{Z)|j>fCBNL|7O#Fo*rdo&pRvj>_HwpZ6N(HA(E^_-fq(bolsUi`BWT zH&q93{0q=fo$&!bfGAMr?z)){sV*u?QCnFgZtrd7dtS0iNK8ymPZygJ6JXbLd3SE3 zU~Fb}LiQPZc~o4sRRry<6>H3xP24Ro4+ae8iA(zgFAf~-8IIXy@z{Fltn|4aERghi zdz&g|o72ysWJXVEVoQI~*kLVasWHC_@YYX++=Xw3$sb8;92|20!5J^eFx9ZO*P(aB zRvd74*H}wS6AjE;X6uJ=)bi|AZXjp7n8-@JAH-ja+t#pb1cw_s7_m63!FU&Kw6e6M z*wVIU9S_wX%D(&Ta(tLYUgq&YmqjXI3F8S%X_P4s8q_92Y;JkQu<8W+T`I9%TyRJj zLyLXMJlSOjwP9rJD;`fUiDa+xJ^+T^ytS{XUzlZ}+DFBVYnu8R8X4)AAkJUssIv;k zYi0>o20ztIy6x$*dKDCJ4iLS5$?mn*AGx5sY_d~-LeQLwp@#SNSfpQDEYk~`9r&uZ z$sY}3uDUR^7@%Oo?S_$M`#k8pJR0vZXo5$X+yo-OFM73!v(C)iCgiOgl#PTDDbEzZJ6?9TkiFD zvS&#Gw2+poQNT=b+3jz)NBse0UG-we1}VFR@W<<1jU&mdX=f^)h%2f~O!x0!;K_aQ z3XHAFw3ElIfmbr8kBm3?{gSFO){E_AwPkxInx2`zUm z%~oS3BmMhDJA`KCD^p1A4Of`b}6S<=;dPO}JAM?*FTtp_HXKJ#_YeX=CA zeeS+5$BU3Ne$9NMpf!LHgh?zPSbDo)qSqiM6tGBcYwVr98XxQ*Vg9=O!mf&B8!3_e z0LDmi^vgfYq|XXSGtVDFd?V^Xnnk`Rr3+>o0BH0c( z#v)h*?V^Ga5j9Q1As+kB^^e-k@hy@&Y-2ZPhkf_h*6eC%-U;2znP-$dzRkLj%t;bCk1$O48sS|OMS}D zm)iLZ_n?awd!=fss_N=}=!ZpV+O7Mae{5Y3FbK-U**4U&T?c(jf!_VOi{S?9)ESeQ zTG6(r7k)0W1qd3l%5kGrl6+3f>2CZ%gpzGd8Pem`eijg}MWwSaKP5O}hb_Pa+mCxd zbLJFP!h9l~0QX9BA?}BWtX8Y{IMZU#qGuB}D zV<37aaM3zOO`-_2o5f^Nf>HnCQNb$D3RJgiW7=s+q;LA1)5$3Al`r{M(q-Ld=`Dlh z_i`TCDk>H8=4DxOab82(s>Vd`u)Mr^r}|}sOgYu%&X{0Ko{%>jebkKY-*pQ%NI=4n zPKh(UzVH{I#OP>sGF*Y$WbYMeZ`JaXqvdw}SqL1^q|S-@qGA(}cL79}F7DQV`&j6+ z#ofDy5$O zrA8e@w_{$rM-sxS zOO%L?_{o-|sm24aPF|MyT?!D`Hq&a!kW!F48ivVs3BD({{k|>wBzEzOlf- zp6#jGFom;}bAfNI!wm`NmY{3slQA{`Wf7oC$KnViUqAQ6cyw^K_Fr z_@i+@Nrs)1JKDnPL-HFqeAOBx8jvqDNg*Il_`bSY)r{sgJU3OLqJ<3dOe|e{-qt`vOYyY16t+U@vc-JHW4+m>EhG2k)5B^OY(nPe7g0-gJh zCet<}h2`5WV#{RZ0x{V&$$h4;EQ8n0BR{MxD#@D_W<2%YH?I;0pEAL}>+f9(?xR~o z6F*$W2h~5GPoryP8^i1b;TZPTaiZ}-XbK(kef3gGc{8hEN+&-n(s%c)Yo+dm%BK8i z!r(A?Am^>6_r`J~?K*3Ip`WhQW?d1lgbQ{@>P^F+vj7$zYHF5fyFQknqgB#r#xm(Fa-*~FvR{XM8h z*In1dA%5$P^)n^{8BObOc;Apz=8bQ(Lt1$$8T>=cDs3uPLadDG8NEC!On0c zCPH_U7zHtdth)1Ya>VXxBO|JX%>b0}@c2Ww?&_)Lz~S-M6-Xm5m#=EMn3}HdV#yfq z<;nVrywm5G0(vh-O$G0OI6rfUu+H4p{{ltFR;MJ;Zp##1`&=KSJpFVXQ`0a6(e zc3^u>GdhDHSoua+=S&FF+efOKbdJ|)4^V70ZmkV#57JcveEPy{&nfddi$Y{B&!)z^g>#tdqB+t77Rdykqd5Ysz|zDwu^b(T9=gQvpytMz^Vx`ZbI*i zoTV2kD=PLDhg`2AD{+6YI$k9{myndSw~;8~F?Ch8J!Qc{nV}h4rWm$N;|VSa6Q<%-(D3*nvSd5o4(p)=;qv8=LD7>szlWU zN80)?4#MqdeBcPXt00uOiXNna3`4UoZ0J5 zRIIx}7*YS{+NV&3YRWebVyONzKYls;9GA0CFI|qh9xzogAQv*VBXnMdbV@tw%>@57 zpNybFjf(X|vZ}{x|0A3y8@y z$qf#d3h?i8y04EGQ~?ia+^^Tdq{+UEYSBDY;tFl520V({jOEKV#%Koo?W>))8RtRv zvW^OVhs^CE(nCd)y6S9`<6hdH-!yKY33tb&+9A5c;I0Q(foYGyRq1*JG|t@sB2uP% zbMph+K*}S?PO#T2(aMSQLV$Q>@^d0pgCoLS?fF=O5B<$o;$(^MN<<>*;G@tt*QIgg zmH}7%N)-6ahNM3bSp1a{<}Bbf|HY3heAFEr1ypS^hi|(2@jCNoLh5fGaa?y)fn@RB zY1ZB?0|{asfc;n=T4|Elee3gQub0n!c(S``D@@#tF3WV1PbX#iGrDhvUC!LQ+tat* zZ*@4{qPe~2Cx1BAkn9&2%_IZiempq>FK(l^94&N~NFQ;l-sB&kXbC?hBv$eQMJc#%9~Oi0EuB;lu)HOZ_|x=r=~{Pk(OLv-ir1TLl3#Ce)nCGnpJ_r!6nbt}1UdhgA47*Fo* zbGTq-1#NH(&C=N9)b0UG+?~9pH%=u(5MC*G7lrS4p}0*a7Vio>hy-!Gr>uoAQSC-& zTUgl$Ug#LB474gHXpSdU2rVr@^tK?cqHnc}2N*r=1VooxqjtFo2)QAtl-j!N8|`t3 z9QFj*$f{-?y6hXB(zoT{QHb&W*n7p(DeRSgGlYSIR`zF(Wo>|$cHSye>Hg{YUO%C5|!0OQem(YLPR{CSFJ%H*F}W=*8#K(n=&1 z4!3SA>r=o@BQjKH{Cvb6c zMxX{qC3<9lDTudHztP#i-=_ClhOD;J@r@M)j(?;WpU(7ng?pGJXt_58cS~pCpeA9P zSPToKCwg$Cw)-;TWe?5PEzo>7Yc z+)`1mqHq6@gqN|r542`4KG~<&V&mE6Pl6X;0JGY%k1)Lx^64MPmnm>lv@}58+4}`2)RKZ%EiPHO;7NhvW!Z-_ z<{226(bWrMHTOAaK$)kIGT{ki>j<}2H^<&h=M_VafMLy7E0`do`hAJtdu$L>|F|aKMz?ITpg0?tF9;uLul2&jAx{{1&Ed#fkpZG z229dusoj;-tq>#2wL7l@n4dmIrtR6P_Dd)wn|u34pi5sKqGAILl3tMgTDDqp<3iV3 zf!EcGnhcT>Ie*Fg_T3v$)4I2X*&b78kK|?(jZ`vsCg+%EoUdP$1FzR*$2=@4fpR<+ zyC;zrc}bP&jr3fdBKByJlvm2A^vRK%zNmNJ5wTNQs=XuFpQm&rAyqItQj)y{{ z9verWqBbe1G5ezZyn%0T#QxJ7k&AG(EPN;WsGp$%26}Zc7!;xD{o>_AO?7opv+CSM z_{x3%vC`J>fnGG0k^M{W)mY6uNvZuWKp6KVfg(XEMe}nYjYy!geUbaU3TUHMF&VyMMrIZtWXE zjmWPf3?G={Xp%{W41;^?v^ByP;nTxSGrq%#VZgPEZjM2D)8{i4Jw1okCCn$9j3A$F zXQb>c*;LLEhsBa5Rp8U+J5gtMIZlaQ+JO{#6;_`ekde>76;5oBwmO!%`>A))POtsYsrQ%YH z^u(ExXgy)^1K|XLTM|McgQ3B%>g+wa)EH}7xymfFEoNo9`n&jerlre6Sja1H`&*)P zctqhaxQ~$&BIhzfj_rCP+K^wlL1EVnD?kl01X!PY_|_IteZ6<4V9Q;^S#n>}J42lu zlHiNDX#FSH{_Co9Y%e#H-SW23NhK3Y!VRp12KLWVexFDHs``4+K;9xfO~XBXn;6 zTsZvmK)kRGQ-uUkn#3%Ke)%);`U%wh^@zdMD& zGj1>RnToFOAhSa((&DY7zWRT;z*qt6M!FT(!nto;P!4^F6qYQ$_t!`MbrgSRdVjz1 zDEZ8V>PGeP37+5km-o-sPi-*gsjNzoXpDe8idm;2Cm4tYnStxJrVYkjE=s!pzdrS+@p|*eUAW8A6A^=7|LyA+ z_WIcnmIforM=tdAVYgtsI$|{;j)iYC4eaSVKi&P85Bi_)DsMUq zs7aIMiR<#elhn^PR*ERm9!lRND9^*dsZltDC*ri#~m+=Y?2niX3zEfNG331Ul@nvgX zE^xeOKnF*42iW=j&tv$7sQqpFj(;jYdwc_t`)k*J#%w1}`G$o)>Q=t9-bM>g)W8K>-7P0;P-}d4sv@2B(xWMCOz$*%jkuTt8dV#7n&G$D&)lw3*f%JiKbQxE-q+ky zJ7FHR!9<&sHYCqc(Ig>RqX?#;LoK`)cKm(CX9RT`YTP?;aq|M%hDN3~rU_R{4Wyh% z=`W$FL7f?+UY{y_k^QvY-92s%KUh{~bG@`##t{Sk-t$ww8;2c7!Se!kF#=8IrK_dQ zfPagv{Y;w`yn*ECF``}@BjoP%Z<;1%#^bPr>=KhI*Pf(Hah>sB*@Dm_Y&6-@6J-q1 z|1QJ9A+lZzJf&#BGDX|t+kkFg>$8ihVErZE52f^HG&*1+pkzb(GC@PD;X_R@$XE<% z3QsKX8H=lLP{|23(0-?K0!pPGqZupKrJvd0kRA}V8}(Z=bXm(C+NUD3r%a3uuR7kI z@0d_WG?&>EduJ&u85xslVa5@AVq!Hw3yEV!I zTOp#t!`Gh2Y2@K4kvqR-@9%WgTiSB&xwW}CJy)1KEZgkwQr2q3-|dVVTUm@ zIi_`!vR3GplbwS#UR?SO6*)^yEOx}(t9HY3VNd74JI`rEzAbwP%gAlfn6Gv)8JJ+}h7i%dkVZ@Srpu1O3!nH8rhQk4EYiaEKrL%!Pi-M>`fSga;4XpY?rZ-f)YEl%F=LZ45J2{eL4LkHv6G@=|i}INP%6D4rRse(j zJi_3a02j3Mzi&|D0AprqUmm1fajI@0~WR##;bKq#k0RU@7nF%`j0l+=Z1M;NXxV}31R^kGm zY}PuYP))tg!k@@QmzW4CxTh+AIM)*&EC2n?NnF(=P=S@-9pC9OEUpz35#eja`+f#O zyt4Ya>nb)H{{E3y02pzu_#FSy_EP)q?Y*;C1kO5_FET3*HTf{fdFP;EC=)k4NEWD2 z^+4Qs{r|i6@mtkwX&+(VP4w6{XDm6=Q#s?H9|W&cG%5e-W&WYPVT+(2Eyu80GP>MAQ8fvTeOAncxXjanSg-u0DsH!az6 z6Dc8jOSBRFbiIH|yk<|6+n${&9{F7H^qyPWg7dTg^w)ptY0UAhc?#MJvDM|;te&km z4M|@6H*0!Bn!G!@D*aCR_VrTRljF~;YX$UHNrdI*W=`B_(cQh#-K#4PRJXuHA z`7LTO^#Luv%}p#%+Y-{Tu-g?hve@QYpQh=>%$-$;Pn+RCOi6WhsH?~3K7!;mzvp)c zKNn3$mnhI8gID=e9wr8W|32fN+Vc9sE88YDAoXif%Od{E3DxD&0o6jgtYQ3oRE;j# z7OA4P{lhQ-%U?6%Vs62GndRl{SvF8P2cLGId%;@kOf}u;4Rm-32nts0b;pAjpq-OS z9CqeS!HQZIK^Dli+`j2X-%-?Cw&z)1pC3##_ydV5hq8>~x~Z)Xqm|oYPF0W) zVtc|#&hg-zLQCOCG8@79Fqm5UA^uaIe&B=!8#*KDA2%CusR#xmtu!$(iqEaMl=#zR zq@@iNc%gE_h@7#E(-8sWfty?2)3FLo=?M2_Q%q2T|e|)@n*)Pt>PBexA-;P2dr!_MfRre#`yUc8m&$Zk>n|GQXVNKfeCP1tqeruIcVN zXM0rWrFTu_)0=O22tk`&yOoumK^vs~VIiRUAbM-4Gj?Y6+exm^ot+0RLnTi1h_t7c z$HTg%SI3Hb@SE|=PGdHFb_$xBFLWzB34yG~O@B6gc9 zQqV{eb}vg8AkhjRHk3RlwPguvpc-6^hl$C`L}BJ5qtpuuRrS6>!x;D@8Rv#Jln>(! z7^6RYwE6xdjm%tV(j>hs=3ZDCg5Uu3`P=>x#eByh&MJKU5n!Rz0*^-YVxHAfn$+B) z{rM1!|ENk%x@izL(W7%~L?sajR&{-(ub%tghgi->E}d_CTgqNcM2u}|aM~5OE@62v zJ}e|)S)uF&L5hj3R(b9Q0t1GGTE6uHzErC26}w-8t26AjZm?-bX9vhY*}HBy7Rsa6 zk%p*npT!Sk&dzK56?s^c*Z7AMLCE%Eshw=_2J!>;u2ZA$a()i7a{E<| zQ@erO!CDWWVF@VQLRM4|v7aFx}m-H9Lr;C^>st*k1KO4ekVwuVMIoXpJ!rco;2hnJF)T2ABZ zuj|ubbqdE_fp^!f7_kIzAth!+{VGPDOPKlS?td=+hv&X=DU9BNlr8$$XSe7g7fVR~ zGecr6(x~wG#7H$9KuCRla?HncMLF4;{g0i)UOO#yWWqE-5^KO-#GLKmADv5ZL#Hv9 zeUAk*0YShyecEIN%D{%kn9sl@E0C)C>Qew8cAGYV$kYm%w>o}eR>Woti?gy?z;_3= z5Jan_jUl<5kZhTrAS%mMQk^OasqH6E`|1;A6#O8`2QS`6aaJ+xlS4 ziXUmvnTB#}tCLv_bdt2uX$&8GvbQ?96H5F{o^?&emae$AJNN3XqNCTwI|<9RzmGYgDO?C3GXZlrESsfRdCa_b;Z zm8=Zgn=(B3n6DD!)3mO#j8e}$+lYw?@7uORC>T{?fB2@qH1og zboXG7I$_-_8`Dj^CI)wd!IO79rtHbZ921wZUkfdocZ9}Z#qQeVFjSC(*L0>rbR$#P zGebI*r1ip`D#J`5{M|7$OMKO{_9kWXxKwl+s7Z$a;h$j3x8l1e@iR|XTN-7bL5*@p zfx5`{EA@VcaYP*SE8N$6EGVwb9Px3qH?2v*MydXo&(NRJ0}#X()^Tz^=k@yJNQbMh znWsw++Q}OQ6u(0HYu62aimW^3c5kh8nLl#?$#=kQx7x#+6+fg@BRM>*H*Nyn}`@!1;opU-qNk zC`yVKYx|wAa=xawafU52&%YJYfCz73T zv>G|ad^8qf=zsYZUCS0$r7<05;s}~+GL+-8;TN9hp5 zoq3G26I~?SOy0v9@$yGOoo;%Ec%U+^|ev7*4rs zP%smPIKZj|UxY&{wq0kyi;BMO!jUY&X*=Kf+@#nHU96S5XMD%neZOAuT^Q8hl0L;) z;n;-4ecuRLa%j2=5%$6cGB!EL1a1^a7?xVt)$s~Ug9+v|GHizHyySZ%Oy&(s&V>A! zhoB#C*_w~!sCLE~qC#IF@kH+SRTn=wTF3EVl@gbkgKwhdy;i3gyc0_mfp56BlpUrm zM|gFhVl$}u+i++e8;(0)f#f<(=kh$+6O)+j%bzy?#U&ZiZGPg4yK^X1g>KA+I6AS* zY@pl_B;MvhF#_5RN3Tc_s_y8SA z-|}E4fCR~_R-CNqGXol>Jz7IXr!Oh5OEu?|e>v^yI%9SRn9%(3B;IycRmjkF=y^n5 z*7!pkDdYlk9PY;&z_kgp=u^x*w=`zTRxRQ3rEjum320c(f6h50pUGCY_x5_4OYyUe zJ-4WlgeTN}S>#Id!9YMBFFi6bUgmsy@V#R0O3yXVQCNJ)9sHX7Mr+q?!(LbaNL)bB z!dsv|bpF%xvwW@~E)T?(^|euogPkSI>$Lf!y2vL{omu$09a_JQ5fM4T{?qx6Z|Y|D z-gND)j+<%>sv3$tT}JwmFe}kMN7UvS_Lp=*y#vq!$H%b{ z8o$Ep!m~9;{_kqP-Kv*!{dp)>AKhni3zrBC9mQzqr5UQ9SmnMpkXt@>7MLmjc6j$D5ET?4oxgy9(DFXb#<<^?liW1 zAkrN5VDld7U#^x8nZ0ES#e~OP7cq!#qn2_7+(=_rD0-~Z#Xn^tuDVFU2^yyS$qMsDpCUBA{{=s|ZutVmY35Z68S$uvx z4+6{iG4wT6j!qJO#+nGf|I$++w$;OLQZr;NVN};;S5tmEzwI_@X;|oFxM2Z48X6xb z>8$2z5p1jMH+-wtY54jTehXK^NMg?F-Dv5OIC1tVx>nD5-Wim*Xk`2OnInKq>dMa@ zxLL7Co8Zh#2Q6;f55kS^Y!I@`Um6vz$GyZNEHxeKaz za`{wy7$Ns3R+rO9DIBou*9}0GC#^*AKy|?7xmQ9qqJjbJ5J(R$EDiAmvP2Gc_9e?( zF_=(+f3Z*B$e4z}ak5)qeY`BYO!l>G9Ns|V`ddC@rx$noTd?bIdscv?dtB=y|#`XIx-pOC57Qh zR(-6OxTsAKgj9zx%d_P(D)H(3%*&^ z0;|6$ep`Rps56!UI!XI9PbzL#*-Lp_hYC6A);Lr<5)h!&xq>F^=$I+1NR4_|B2HUJ zoQP1ItgR@!?TXfY^$?`1BI0qF;$Ru%c5Tjuf76MfzGzU7G1eadp91&0lEs&o2hJv4 z5B&CNV&@8~1i#yD0PMT~v3Z%g>CFIq;*{G~EW=(Hi_~EFGePl>AN^k;7aw#oS%D3` zD?Rg2-mt1gfkCMEhQV04Z{aniVP=n|u(D=SmNERBlUZrmd!_ zxdpcqc^yi604e*v{GP^vwvJbpm@cjnVE7w0{yWF}gY50udRa>1=PbZpF_1eUgajTM zTV&{ibTd*=Y$9TL>e*WlGV%9k5*;RL)VX9Cn?OZa{1SL-T=)Gb9_iHo=}E*k-0mMx zSeQA-BeuJAyHFgw|H9|t>wfa`Yi~{-J~IRe4mD4qxTG_QAdrmwev8U^iOk)NM5}<+ z?@!UCnAa2U(@s|{j6~5m>VABIliRJH9yI>a)n_yaYrBphc+^72I@8cclBU`Myv;tn zGXbQP2sXN@l z9_#N{E0Cdk0X1$6OnhdTyswoD)m`|S^BOPtaO-36M0D(qjhl}zbL-S8ibbALM03LZ zu8mwbOjdMqsc)z?06R%4nO$I0TXq!dZ&c$YLP z(iSo%=C9)X5BTP{pqdgxdzdCmj!57QLzTXd|G?&e(iA5f6#FhEC1=d0$0%Lacj?VI zTML|L733#SZi9Gc$)ATtC7BxJ4y#HF@l3#M?J|Au*?{%{`W3+?w>_J*N8`01&^)^m zP4{7?Zq#iHAlzG4KWVVE;p68$0h?AI=-sF-z6VreW)bg_N1=IDEssN724P)vFy;*E zdx?pKwfZPu^VGSr_b3VV7Qh3eNP-LuvW*it$lP2!ZL@FT!ejC1Mw_A%w|lHo4dK&{ zM&>KNfBbq(xyAsnW-ll6nmSB}OlD6@#Go*2kFnCLv;hk#=vhH{(~T>LQQ3l)R;rgR z<*`e|d^2h_+Sba(#>VRE+hRUV>8p|Gh?@U($p6&vGdBkDWEIp5$~{4TT6J$-0 z7aq@Z*Q^6*M=;Qh5E8J^Rm)laCf)Me>xZCGZ4P&)aYWg6;tIofD}$45U#44p$uTIg zZp_6I2pnqHFEfJGe(R0YzB?AOEe~8oMTcCdCf|osJh64Ar*&fF@)^I<TESHHG|%Lm$IPb7UnKt6?vYqW#jAB2eI2dwP1dpVOkI9S2WQ z77_`OTmiPOO(&I7G#}2>4pK|Ldv}PrFzc+q@LzcS|NQFP5W105@N#nxz2}iC`fdy)hCAC5yhip8%cBo2f93{*1d>Z05_i4IQ1`3UlS-=7C-1rR z)qWUtuncxvrP#%I0WA{gN{k?fG4TMa(F}5N`@O=6nJQ~$C{Gu4$D5Fqc8^T8$Z=St zC(XnUwGdRv1T@9PdGDD*z~tnL~OYH}IK;^d#f=`iDUBk=hDe301VX z-?CXq#YA9*NfS`W@$)=-H_^pBe*Ld!kt0A=Zwej+ruB7Kz$E4sPt$;xBe~i!TGS&N zF*OhNlZvT%b3!7Ml8sK8D{=g92KWy_0Xlg9WoQi92t^ z^Zwe|vI%@KbpzwsSCy5k@u&9Ihlh(jKa26|t^y#!!xrC`Y1qVBo~{SJaou$I?6Db< zriTsS>1o_*e_GiL;hVn1v@aTlTm{mkfKJ&sx&48~tY8x2xD)_vb@%*|L+U@5$;9Z& z=0Gq=Uz-Y?4wrLMjO}jlXVg3bucxFv?xw=^?nEAbvIDoa3N0H~TRV?- zlLK7RNBP+~d{ke=)dd`O<_#nyCa(?+`FlT4jb#vPt9{vgfxb?lY*f1{WEAusF1_97 z@HaJV@cgOT7B=Vi;RgdfWjy{cy&^f%070LTM0e5A(lN)jFx#h9-2Z!*osi^FhK>M~ zhC>GgVz^x8n@Ki$eA8qE4&;u#fj&j8Bj2x)7(VD84Gy1N_9RjUc z{a9Y@BRqwyX2HEX+LBmzeM4I47LJ z6Bowvh2OCG%KPTr#O?iNAaw?(wM>q&(WF1_v7$O)JnPo9YK1u6 zax1`FRl}g**4LFcM#W~<*Y51JISDoI+Pau$%ErO`p5G$u4G%?kG6fa2konv&n%*=* z$T~WAb!i?LG}_tH*i4GG(7B*;;rGNOECQgGNB_VEs;$G4`l^9>a!3C2K3l{C$g1zv z3daPbMhs~5IjWgyxNh)0$jA-oXgRz7%=I53-oNre9@(A3GRiBzg+M4Gb9v47j!Ika zi)4lcfgf9+OTTByKMD zPZYiZ-#rjl0eJRNi>2nEKJ*-9jI?!cavRpuzdkH8EZ98=P(RI@5wbf^nraizQm{yF zrLdi+tQiI<*~h(A??<1PWdjAffcf+!s#nwq%74Ijs8ofX(9R{v9~=5rlCpxtg)p+eEXjX>kAH{lxyB#nJ*gRQeTdzh?aVfMk^kM0?!xkG zWhTiSOlF-$`nz||rjUXHUV&A)JQdV6y5lyYU}LE&uboV4gWC7ms2VgcLdj0!ebt(? z@1aN(PtjNZ%l=iqOW#h^O}YDHEcPl=j-!28&wxHycd?dt^--MM_eTZcpa{5ef$lK_ zG{Jj#!gDXpM;a@CNb-|*G%ZVdEVWStt^Ir@ZGO<%O~Qf@pcISh07wh~F~)Q0BVjU4 zm|Uu;f+_AQVQ<-|9Yo*R;c`}NbYaZW|E*RAOQi-jy?j7G!pw?sGPrH+YlCCddS-xk z5-=4IsM!Yl?^*@FZF0Qh+iMZhyzAGWRO?(OVtVyBqIhUpJgCfqLnCRQG+8R}IiT*>-+StItd5aJLU7g9gBtG|jkCGMJwBRmvsJ({BV zQbqzItfr$d6`DKlLoI&jjj>84`YO+}yI2V=48&TNxn&lqk6B_QP5k1)n2ZT?Rq@|9mW#JKkPSd)rMWcj$1I=Xkh_C-9tt4I21 zqUWt*Z2{)hg7p*UU%|-Q^PkNErhC32dKZLz9;r^)d(4l_#gFZuwSvb@dJT-s(=m4@yFG|sTfYum>x zb4dFCu=kc>QLbzMut6xPB7&qrDAFknQc{vbr*sb8AtE4+gfv4)4nub%CEZ=p9YfbJ z|J(JfwYSTydq3Of{rDcoe3&_A=DM#q^LNIDLo_zpnuCTT`hd7-KhmMZu@{TDG}~}q zt=6!1dy>;wV737k2VD;5pE0lg=HY?p8S+)?Y`PmR-6N@o^Dxw$fI1Art^^~cH6EI9 z6@$4*Wkp}|;ybyPvXSuCNAAyIfK9H+g}UXb3|haN-`kk@>*r)K40!cJ>3WT^XuSs;TiG$%gYu+EURDm z5%cl9$Aow6@T2}_%nGRAHU=zd0iXM`o@6TG|2ciOfEYuHQ|I%S+f8IHo0T;eZ+HFb zO}ndhu~h>9HaX$?Z^Fz_|KLk|yJnHyX+erNu|bOTkXAg0=`*7Lq)e||vye9bOhDYdwp=gC)JmO{gySVrmUpF`*><Pp%7xXIrc;Gb&aZ|?vK{A$wg zm64H=;IS?)!-u$V$K}}@OFK5R_N#tIPk-9E<(M7I9`p%;!yOck=10ag9I{y4%U5n- zR13pWu(Bl1xDWl?h`(CmcS_7F>yGib6qIWSvxnd4%U40kXjsK+I6ut;wu?rnSDb;- ziYcB2VV(7)n%VZOu2$k>#}P4k2TRHS=yv=#5#wjq=%=IV(%W)mhx9`EVSuN{Qrt$z zp~c~_xti>nz>YAZ)CV=2+Su%IBhP#3#f#&j)Nif8n}OU4J>Ddha&;MPitPIZxo)9^ zwIf3#K$cg2?{q4Nm#YPpH&qi9n>1sgycPGe6qj%ARWW9l_D2{WP{OndmsXGCl-wtE zs?Pt1m}j;i#`qhH{*$c)_A!K+UDu}c0*%ywG*yqYfj}7==bUTu3{?jbOY-(14Ur({ zZhMY+5~yj7w8Q5LJ`O+RN}IRc$}&B@%rT8PQ*z3L$3cXc;MSll7lfS zCRZ!&vwzR=|9HZ`+in5kI}eOYu@h;11AaceU;nuTbX7*3)JdJ#5lDz7E$Un<`Z+7V z&)y6As~5mud+D`|U!Xudxy%;lh<@Pvizl;+H*mOS6No7)MV#qAM!97STvmyrmIz0z z2!_&p+iZ)%y>I8J>v=TJj$%}6aVz8N6uT75&mhI_N3td9>k;I(N`_H}VA^L-q1*kG zOlfBG6}L58cgESuP%Y;aw6rSSmev7BK$O{OpLA|H(a+MK?=k1SiJxyJkQ*A1!|oZr zf7mflI&R=hIjrtV;n4kZlP|9`3$7{F)>_hVV4&BwVw~^aww%~*cOZQmNb>EQ0CM7k zGEaSpX@pF(&Xy-xcz=R{O5c7mrg3@_|16`s3z}1=s-$F|OvV!mgKd47IsAyMesqxxc*4iC9Q=JVJ5^g%yL6AWxs7H%M_-m zK=K``)6C?#_tKJo4i#)^B_|iH!ts%@ACEObnx(udBKbKNh9hFJ{?jrWuA5A}xE8JB zlGV{ve1b9DO&^mLE3P?UyydPJ<2le zq}`+fCT6*!?}X-2>)yGR8kengKbsM@%&Q>m;as^xPUq7Am0>DkOpbAEqwZK__i?d& zc!Y=RNPC&Qk92%lWTew$<9N8-P@hqvc*R7J=HQ=s-#^kXYeYkWG$vU6L`QdNSr%as zy)s>Xuof$_pMT#&(8gRo%MhjnNsP~L@51JEhLwpqyc1x>3}bo}*Nda~&myRQs6+>^ zhEPn*{3_2^G4Da#8EeIR`8A#npi+(jyA^W8`4Jhv!%kk};48k%8eFDfq@)sW#pXEFH?jUa+(N0qsO9&RqrR8 z-N)*MuBBFGU>2o!^tx@j=2-g3OK+epc=b-*TI<`?-b~N<`11Y*_-5@W*?BOz0#F}s zI=`?G!o4nAyfr$Dh>VEmcUw&cxG_(&d=3CYmGiWqr?;e2YL4o0hcb*rkHzuY;#wV& zJ^@KUK>v;XWrhIzHXxB`CAl3B(7IbXMeK`i#|!3cd~4B@cPdO_XKpLry)@6D86=Dk zYt<27Eg4RZ{-*Pz@G|Y}&0nfDaG=9ghN4um%p=}7r z5~-0~VYRJM8)jl#TJe!I>Q2&@lk2aCDAO`AHI9cqT>;Zx9QnnLbDjd}>_GOZTya;> zc8}q*3J~IU`||Y?$nZX&%LML7w@e(@6+(+MBw7jO@7AodDP@N|_vm`#QJWYaU(|YW zSk6zUU71nwNf;4I#5rY2HWowl6FuTJt@_m~T?U*@W8GqoSvQf=>N>7X62qsf5iO^y zCilas z=m*&@PTaA=>F#Y)YGc#ZBM7A@tG9Zeyoe_v>OyYqrlFZe6$@ZHOd6vHJAOe@-eynTF*`K72))) zKGijIb7DZU{d_CcUNmq%TuaEpnj#Q{dQov_-OlPQr?1(>anWV_g{9L+cy;#Or{g3w zT|=taTJxYM7C%P^lbul>#n!UAJ~A%#pU;c2c&Z#fh8q79J^aUlgKxjLQe*yX7(CAM zi}9{_SzWvRO7cz#5e`#x6_>YJno<)5`;GqV!@t-ufd!PVcb~vE1J3z$^{+0B7!XRu z{~BfcpFgu!3+NX|&rIJbnNW074oV~p3HB+>4l@6%TJ2ZA*iN`3`}Ji^O@?e|ES(#Ye5yEtiU z(t|+_O`b;s-ux0DQ!nm-KhzRUsucAh1BanPMvo_lyv9rwc7vKFrN?wKp z@6C^Fs)5a`A{9IF@%^HRSGsNyANI9>V>vwF-Me?YlSO|O9sW3m@mqnp40(&F)%bt| z%WZ6#!^>Gl%{ACynr^@6QIXZY(%_qaX&m?G7|G56*VNi=M<#%S#gFcdsVP-vS4ee7M9kMjgrDW>1~3=kR(F7pifU46 z3Yggb+T0)P=Z2metfof;+wYS>l7-%HAAvTAEDO^chJn52Ze4PymJhG7hME;~P*P@w zgYD7Z=l=Ytz22kRnZZiOMNE_85|ZzWOTRQ#laGj~bM7FNR(7e^+HrjcsnsY>$tudB znx7uH^~1*h^>NHgV6iybgVcG)vNz58S{&v`ciHQ^JL+jQXxZX$wo-e8B~a(+vZJ`< z_7oGWEF-6=Crergb05Pst{2 zJO5BqV*6!pA4zk;40*W>w%i~=DnNg*S#P8T(XwD7Z?P32?#y> z)=NNqJl-5&S-5EWhzn*_ypp|C(5ResZlOI{c{LTis33HCE>Ub`v+y_y{pX`S_{yL| zg{v8-H59$*j_Z@zS~Z373drDbvg627Dd%X)InI#9cpcnN?qYl<*Nr$2&^=;)^A6*u z+jPq~N1(VzYXtXg@~|ibd&j)MkxvCVY!dKX6t68WhA5FFnkvjJN`DxJG+kGKjhMuZ zaX99Fc5t2WFsTOp*%9IIx)gw1xbKbejSTgW$GugekpMMj*D-?1Q$c#}x1l)$(F+^I zeo2}@SsII?)`B7e+ee|wQg=e63YOR_ zx)W=>pe|2*hl#7#gO%*hGwyG&-dsEC;T#dm9|7-N2tlQ$Xo{m>-TSk>+rRM46R(dk zwXD|xXhM!UwXQJsbQq=3&?9O$nTm=^={7V^t-NhPIzNXHq#Ptx2t7>6nMnqTRpg|N zMJ5*i0>3J`?scZBJxh@a?vdp%vpIbv?~V$#9IoPO$u*6WiwMIInbvL25!3|^RfB}& z&lV#;97eTba=Iady)1C3@UDqiZSBw3?dKDjk1{x|TFz_;Pl{kJc)9Cx5Y$HHWz?Sw znpSZJe{2iYZ9hO% z5HF~Xq0!Y_dD^l(15Yo~07Qu&X$UF}X*GHZ5bV`E?8*=5!!q=P6w-v$Tnt2;ya45g+`A6$)y-1h@!*n-{1 zZi*W+5KD^v0_NVuGtT?=FoaHg#cBf5V)fApPZ0;@vp-wJ{79N(wWw~D3f^~~G!Mlp zm)>8-1L`p_q<>+81MqnNx3RtBIBExaknFXXW#3`)-`S^LNA$POI=8xSr4wO<{!usf z^HX~B$AIP2*#Eo!AAdIj)LsH5kKI^imeWfctWKiu`k20S^W3TW3I6coqW?Y)5v8m$ zL5?#bAh9wNPY{}7MXbCN2s#waj*FO6$MTqY0qJSo`tS>p^P@=orW~6!6o@kLJrp=)R$-GbU@GVANsI-RZ_4>GV{R$wTBd}a4(h`=Hm751UOv3n= zR);@4i|DM#o`_>rqTENFCHLY|b4_#|h`4^#<*)xi{hvksaCzb%Yv?dw> zy{8ORK;2adsU0~)_Cuu#MM-e$!r+a_|DF_wFrTQ|=*fxCEyJqV+zl+HXM^Zx)Q81L z%GX2At_M|Jolq>Jdd*gztg`Z;XMt>hftRKB@olJ_<7dKK|0Q*@`n`Ee;p!kmJjF1L zw~?2XrPKjRzdZ0&IO77p*TSx(2ISztJC!-+x*05}eJO@A9X*|Lrw4B}MRPFT9nwul zD_RuT_LVPrN;bo1L#3Z#utP(&VdSrT#h=&Wgd)d1_Ll6^8v7%lNIzVH_g#&`VjcNu+aj1J}QtF=8}rL$|aO{7eM&^fz{ z5%EFg1)ECz+a%1l#=y`1d+_Oq=4&tr7A$9+{#yCaQ>efotclW??S{mA8tnDXXtfeq2YK`8Z55Qz}O_gw8)wsg3z*JGFnsC(OGqQG^A4 z^R@iQ>rNC+dWo9pQvBS+2aBP`_vIRo9$fp)7bE%2pe&^jrAiWAxey7c*{DN^zAXLi zTUUSg~RYqw8#e7SZR({c5D$M);hb25*yhy87&?=H419H)+|xzmv0 z(^?KEy7`oDl9ILukwPd`5;{&!6-8k^N5Tv8PQN_|drDbMmW%iK^OMCrwnhC+i+j?n{LQlS zlu2hVPh#Tln5)SQ5qVa15Qf+5llOajAES0nlHA!Bgirm}Lab0yISnGLxxH!>Qfil=p(h3|-R4sYe~ zA-b4{wDM2R*xpfe-Ou!#KlH0-7iG2&S(8(9-_6Gb?gxpMq-_zWcGoZ0bUbbFC*R)Q zo(qSSP3(2`CTh)>8W3(SKu(7CmU>-UFZZDYWu>LBB&g2M&qMj=ghNf|J_jQa7q-@( zmzdf$^BvHsea}m)bHn&rWBCD^@|RWB)!@rDI*!?k;x@ALwml<=W{uMZ@9~)XN}}VG zBg9>R2~nw8X|p6I!^M_Sy_OMJXSY2LXIvA|J6u%YD}3F8xefF)wO^yuwlFq+>H9(b zx7aS({HBzm2^-rQrQrAwo6^2%Tc}RUZ zQ&*=#;IW=4MqWDjihCJlVK>Qj8!>b28FsLjtlOT>{?)tH-q;<%5 z$CpRt^^cWfa;A+SwHY|03?9}Sl+jw-aB%q+`(Q@N*)0Ew?m&jgtE>I`yn9)W?q>>+ zi$3&Oh^=WHZoTdF;YyO8VU%r|Sv^9VlaK4}@2#QKu0yS1KG5MzImXE2|)-H(vn9Fv>w)HNKjb0_$&JhrdsW?VM(Usg&| z7tDH`UvA|e^Y3>RS(K@2oPmldDa!OBh@eqXQIqut>D-$Ii0R`gZ@S63IbDV?oGVFU za9odWs9}M|Y}FArglh{A2BT}|;Xz*P^PkLNi<4K1{FdfeX7_4WR`VI1^COkVU@MW6 zyg4#3;5PIDT)Uepxg0dGE~&LQ-XZzZOD>|Y2|DV*P~-f>@F%dD<;Et@dKj5IE!h?6i->uJK}-z%@@ zzc^WtY2M|pgfEALgtP>f&*+{OihW#TBg=Y(gX?D9r?N73YAnA8XJTK*ggnpBFVD9oXJ+m- z-D*k;<#U)t;D(){k&<%nlq{4@T2A)Kl3y1V1A}KZ^_SbJA=>cI%kdUf-SaK0Z`j${ zU9NncIz6x6u19(iULJ98Z*Favfz75pk%&|yuEe^PB-fN$w^Q4#Eg0(?pl^J2T^&7I zgPa76vI$~;R0%JrtUL|qr04tkMk?U$77XcfS1pC?>%~697df@`6HnxM6YhnU%9eXT;GF66>dUt|P#EQI-T5Y4nds}27a`<`6Y92_jn&0*a&^@zb!Rie_x#pQVB9DlOjuDZrY!cfTaw-lx_KUgE9Yd5t$Tn0m}_)kXtLip#d8@pB2@7%oT25Wc~nH+5H?C|egVA5A# zbgVAmL<%!h?RKi0!|&iQrJi;}>!YxC*Lo8g=fsd(O_VgSR9V-F%vZ;Rb^BXpb#9G5 zqli&Qy?3kAS}yI%+V*|V(quf54PuvDdK}XigR8~H5z_Sa7xPYpq}tUd1H|ACl=snuxwh%wMJ83bhnL4npP42Q<+qN>0p`l&*wWbM|o3)k464ny-9H7lp?U^&^ zs*p!&D@~H(yfQ=8*HuT-jjNYO$Mt{;c8id{cQ%&;g7WV+hE92$lX|SW?%B>M_waA_ zjZ*SrdY$#5%Um2}@+Dz$<`Gkgr-SS=>Msw$_v%eGPBfCtc~+8akF@D4X~&(ivcZ~& zLrn)~RrotQrQcF_IxaUB3t<&}H~C2-l_DmxC|ey4A=`Cly^aJJHTv!J3432KePXFE zJ0b2zylu4%*@Y5~p722RUapOVLX;bB9od;8NKf8*x(X!xWI?QUA%-LvbnMxATP*c9 zaT9VNmH@ed9s+uuIsLmUh;Ewk_)pMGkkxr~{7 zCypgM)jvJ$zG+PzG_10e!;oN)LsYIJa!8nWI#Mpfc^JV-1Wow7@+EENu!&d-;W&jo zAx0ME$G+r(MCZGJY9kHJv7F85sK>zIbIpTslT6YGiQ4T@oQ)mJ>Oao+!(RFSmct-L>?N+Grn%y#Z9B`0g!^f9Ml+RVLYNTj zL4u+X=M90%Tf8rGz0U4&y6v3vJI(tegZ;K2FsiegQ#$Y}=V_dlm6MX+#Q5We@XsP&*bhRux2G9APm`GL99SdWW)bi{Qa#|buK3CDohlyi?7l%nRQMK8 zepELX?7vV}P*|9=4L}~1lNRpqxwduot0M*>JH*7{M4V@&Vs&$eel1~0_;CJ`%2@EJ zI2YqKF>XB~aU<<~9jv)wsn&DE;BIo@DCWOwoA&}Yep62D;x(TMVO#x9b3)kfnhdwE zWw%S)$G52S@2%>2dY<%em1%0Ybn&|wuOai)#GOdM6CRm`1bq7?Phqc~^b~&Rx=%jz z2#Kh%WuM#>S&gbYg@HqtTn-A`%Esm?f%P+Zz?UJ&DI;92)rJ*_c45CLajG8?od((I zktgqtq_$MLyfLT8S`E;3XkM}sg|Z%koR0>(cg9E4c^=v4bL+S4KV!T&_34Gc*Of_| z$Axe>PreG_?8khwr;$e=aBG*k!SjxQ?xWQ_OFoAwY&!pe4r1FtX-3nP{8(?AbD9^;R71rINbk>0rF)(7?cp z7;WTo`3~3ebKHx>jl5YvaECvH*Ppf$-(#2|YV$%Tv)X$K*$pEUa_=o{tEletXhOxD zu^yV7zCwf1X5@CHU`)t=IHWL!b|g7-R94OhY$|7T^o{!3TDq0bU^j$~p9~%Oc@o|Q zEnP$$5%KdCHPV3JlLc&l$bzCpgD0>Vz>}V|IG?Lgtp|iKxWBH^OFizI#?-DIN2}64 z4Q$4#`2L|rk$Rq`c9513!mk>Nc&P{GMea0`dREsEM- z^jvb9iQ#dKwn`q&dTJ}HwIGk{>oL=ZN69^&@Z-o8>G!tH-@Nc9pL#P{-bU{EXd|Jd z9zE{Eri+z zgK$FKkGYxZC;0n9t1~mB5jcR|J0N+9=SSeFqjQD#)m@OL9=>OpLFY$&WuJ>d$mQn4 zadPYC_0=exXn z!n$)95WVs#Rp>WuDXMR_lo+XV^WiLFPMQNr(v}g(eqTMN7um{6OU{4F0w2PIYMr#t zc7+(4X(B9Scv>H-!Qi>vWF99>B!1+V6C}t}=ZaoF*Os?C#m8E5CTxkX#E`4c5A6Mf zIYO#0S3=>8aj8Lk+wWTi0XMrJR&zL_t@jciGncb5WB!&<64L~wq(k8LrPtLdUS8h* ziZ$1*)sWmfv{a3@C7!3YUE-{#yO zt*Z1@tAMb94pp2%c&s(Pp^v9Z&7UX+H`g29LIj#{;$Q%HUgH z>_d=2M(S~au{T6M9DE9O=K)#^<|JdPai+{un^4=TXlqB8TnBoJ?a`HwJu<`+dj+GE zsdNQkl{BLPn)Oypj>~~cqw{RDdiUvp^bDMyk^cThK2r_H@CoS=+cgHQD zu(BWtDCb$x_=8H%S;V$u(oyyxT!j2AA~TT;KRJ|hIk8f(30~DWYd0tzQD{+jx(v5E z-COFX^ZPAuv_a}Np`2$zE=j^(A#QmI>q>BUcdiXaTVeHfzZQ6eGQV<%?1;p&zu#+M zJrr4H2LgveBt(n!+uy5pf2yCtd-TS+AMlQ*8BW(dHDp1tVk@OESn!omEmzGUm8I$< zu*<@RBVd-3I*wh^iIJ?$et^hUMcg?NVIb<4pulyzARU$oJ*_+6W}x&Zb)1@Ogv&^}tm%17>I17$YisJbm1t>j(IZFNrp$FViPQkdHz*YA&sm z)hN4gJ)FG#gttx#g!U(2X>ptYN%{Sh{?$8$AuZ)Cfdod0XU~2M2WHg!2HTW|wdTaD zx?8KGcVySQ&XcPs)~@z(T&||1k7>2+H_(;)HeRZmw>*6z%AL!CW*9M&+mZBd&{cuQmlZ%MH$8o>DGPm9$($nIZUhRo8c6ufDoPC8ksAc9`M?hXIkZm+1U zyi<4{4mbd#X$T1a3~7|o&ILj<{Zr{i-s7BJ4nW^c&N{r)K5WL5*({zF-1Zn2%)c06 zQ=SHZhS%>#wf3=*2NwXy@Hmr)2(izFhK8PsB&*&bGnoazFkF`;d-At+LvgCaW3PSr6dDXE~AE<)B_`O z(!iiE>oEN_O=@a(R$Ey9(0elZDV2dzS!zX$pozWXMiloG8?;ja^%`x;j> zEf1q?>s&^+sJCj#&$8dO%_*lq0|wUH`Ok0G*T6s3?=IC`?$Lf|09EKHHY1 z=;WIB^vj-ZhvE4eP9GpI>USkq67Z$HUf;%BdQqZ=j*iYyeG%Z~JkT$zO^)kn)f75& z;@iZry4s*)bdW%cZW;|J{M_Q+X`4!3SmS_z%i96g|6?#}l@v~D$rGX5t zJJxM{#hdq211`}??H+6c=dOKJXHhYCEg-MCQ`olwe_--pPm?{Dr8yg4^ zraX2%WE-tJ8%9sDs|IYz{oeWqzGA`8tEd-GhN$^Hrr(++`6h~DiKGM zd8)-nZTxji@{bx^LwM166-fa6MnUTBqxwy4hZ$$1eZk_RZ!UIb-}TF;#PY40!5dlU zJDy)Bz}m+lX)_@btFaK|>mc1;-eW85{#AwM#wE^gn)&eP#T+#X|NWcNXM>P46h3V( zRI^j`DfdtnBbK176&~-1j@Xu39&Xzaw>O98>NvfzrI4tV% zbT2Di4B$?74v9B`iV-aUsh{2PaO7r69$;cch@4C zilMRgP)S_`LJU58%6}l-%eT>0d+gEDnD2bZ;NkqtNbq>MyoL_Vw(T2~2uM4{5F>v- zKa#yTM-ux*d!&7>AN3`m{@pf930VrB;~Gg`B^FfW>)Li{Z` zsS>YDxGHNpul4Wn9ECd0E_`6nJkyavm2PI?2O2x%p17R|Q70V~DroZFHIN=16^<^< z%fqqgck<_E>~Wd)bRWH5-HSLz8qh>4wNK(lYhTnIdp?Q1_f&McFCi$H_u{Mnj&`NZ zaC)?sWrl(n_%3oCtW`N~$ncrCGg*8~CM+Xd{jKF)mh%T1? zS&&mdqV^y>zwUf&0YE^H;fi+V6?49`)tB7F;2ODu*sO&q+q%A)83({WTkP9)`a)M# z4B_7|{su8FE6ALxC@UZ1D{C$B0dSu&kH`r}?HV?KF&ZDA_M!8?=~t2(Lwj7z6v=tx zG|?=7MlW<)>@>ttz>p6S%fd6n)K*jca`$FqD15VYv~#CwBb4)rY(L*Vmi^P);UvFv z9E=etq9x-QECj~cspacWMOmPOv0gTkm~;&lOWnkf_~R>C!Bp3iLkStA(wS+#_*^^p z2@Vb()o>qn4Rz&^YcaDBESu50tw9X#kFb#Fbt&I88QQnncM#UiFLB(b%@{5xJW1^Oyx_F0 z62N;ActKsA$L7+o>hpxpzN@iD9{1P=oo+s1EO1$n@mMufx+$dUaWXr)Q?vhy35zdU zYY*Z_b~drPkX;~Vd)E$~vZxt-+t1hcxrkvN5TV)OzN{db0DJ5cd#zy08pjpc2F-xU@s+MAY!lHb1gOh z!nFwF)%jw!k^7}oS0mNq%=@xq*Kx)es9E3zIn4c3W}-j?+7sW=h$nObH*mQRN}1f4 zZF;xfeQk5na{bacTd^K6_F87k*@tzfdNCxC{bju2yj(-TI`>5(_ehE#7!Vv z(|WBLxloP4ob31A9JA)6@p)tlV)z=wWijrg94aYS2oI<9BYZ9}P^~;^9gFaB z@p`!ioMP;fRnIbI^0$J4B^T3G!}DoS>{p(rh* z6vDN4gLPf@C89%wpzSX1l+A{oWYZf)?uv7z(V`eYqx0QUI#ZW{$6zcfBqFSjFKU4f-efh!%p@j8SH9@ zG3hVV!qtXUD6cezXD)sVx_Z4pAtEAT@3N$$qw{&&uKinUN+!9Xh=YqOW5l;zdt8U> zwyH1Bvv43&bGbV@Ujffhud_NjeNJC}@=WsMCUau!{rHg|lN_|uEy(UD=|Xk*BVXa- z;P6$tVP`r_81|24Ek6DoBj|r<+cu_QKrAW6E}qU@8Z}*Vv;ylqXx`w}xB_RJg8O?l zn)Mvx?5b3n_R8zM_eWI{*NdKc{1(jeN7y%}93?~D1i#Nxhb_CD2$t6~X)4?Jd(qQB zD8v#kEAGR5O1aD8d|Ov}-InCc~2U9c_Fy z4i?mwB!jZAC?Ed*UO!^=MlqB!iDHI0x0^<)0QURz6}>uADsf8B8!UYG6hwwIjL#_#)Yg0lYpWgoLYWYc2hK zvf2s?EZ!|gITY6mO~d(?WX+Pu<5a*%0mmHy8RH;<76=+yUyHfg`SEVk)Rj5?8y~M~ z7;s?dE^9h5@C#R@S=;)JjC?Z9F$n_g7OGE98n3c47ZiDpK&Y9*4z47&H(ZI5kI1pK zFdfrxV&Cf<6iYlBZ0wu7o6XRRiNNw&vjoTOM z#hk+@!~r%|-j*SUqCx}_iB$g9HgKVvb533k4(U^=FX7s+j=nr_O{GL}*L0QC(-YFn zsfugR*L`j=O&eSc&4lpWc}UP}?7Cm=T?3LMTL^Q16vkAKzMG%HqiZXxr2|yN+p}f& zMJRi}dn*vj7^`DvwsxT7lzVW5E3cJwtt3^xL(-J&=DB&twvm_z4P$vtbJ%iD))UH0 zeHK}#WasNijhBo@Zm-?F4mqb7j;ucE;gY^^SGU#UcC^=oad^wl*;P4HEk$6Fyvmm^GvpNa^Zi;QrHM15jEu<)6;zpV(}F*>rA${UNJ%2klZQTcpMSy^UNyLEfC3+JDw6xO8iD=!-B)dc$ua4mhw_xd+g4CI@APwCdKgiL};QVAdhJiPA0_h6xioRK@h5t z6p=9ROWv@!lec_(x5*Ok(N{aqD6l=g2F-pFOje~J2(s>BzJ?|3-G?X0_(FWL=8Dt& z*RX1vkN75ahNI^)JEr5K52Es5#R2Z`x* zLt8;LA7iYGacL-Dc1a6i`cRzNQA`+9ShJ_yjh7C4F8v`8OHqk+XmXEG-h%+{x*@Tx z_hP^MDvBjXL#u1wOEekBF4|i*pFeWoio9CF<`+py!oE@T())-cyYD$KEX=mI4*%ge z-&HJIqEbl6oRIlF2R`5OC85WHJG~Y&ZP!#LQ11Jbwa>Q;wVgeMhDh9FUVEe#x5g;N zA4%3#mD0FwRi@%TUMXv)loo~0iZ+5d?uUV0s+xS?b#0!P5b#^`$X?=Rq75#3*U?`L z1gUC@MQjf26!yOj+YFO%iFt9QAmFN{x}=^fCWb?X<*RpPKHL-Jxtp+Fk}lT4u>3VJ zSU+eARYhs4Yr2seCpJZ3w}etw0>8>V!2ddUPiENa2Hs!?Y}+U_N1{)aXCK?1{u zp(A{^QkVyHhItZ72&^~Ja5)^0sw#IK?TT@aJ6Pepp8T)05Huc#)Pv)YtXgSp*R*IH z+_Nsprzw*d82Xpt`tzrGmlO?ia%|IEELiK#HH<|?9H%EK+Cg>Xug9n&FF#j6YT(fV z=6aBf1kw%81-=qqtt+;gyhXeX@g)eX`vZ}TSo{&*a@KgJ#wfo{RkVFD5-I@9~Q(;g^9<$kD+So!U1Uxyaa*d zy`j}E#_zo?*w=+@BMHCU!lRroW9xKq57bjAk$Jw_zAKt-uYxyjn&E|`wC+{?`aqeCQ6A`q# zTN=0&P{AnfDy@D@Exu_*YF&?|(Lq@|K8qFuCZFi6)?HTeWo<$F*XfuHgoYBrMsG0l z7p2DK78JCN@*fusGgm`%KYejx=0*Rs^3W#YdpA|5_2$@FovO{+&aw}~46=N9j8#a9 zAd6W^Dw9d_^$s7r1JC<4`IB%9-1Y}yjpRGbMFEYg;MTx2tUrZ80~g-cYyygxRM(g* zMMXniiye7J)=W^O&k0k`<7kaB>bYjf-a>ig|BSBhE*P-#UN;2PZQgva(fsx?%@qU! z5u~~yi<^@@XW1N#JDv}NQA&+R3*9FXd2sMKV_Sh>CIt#5RcSgCVDyT397k?{zf*Y_ zlzVUY#Z|8l?hM+6L}pRM;J!Fh!eO-cv8C7VimANNp}RUrFelBUFx=rEmcY0#C`%Tp z+Wn-(cdPq}O@H5o;0HX98L}6Td+@z(&Ao|>zfDeJaD#fe*liDuIxYb=cp~df>+2;l zL*lEjX|r~(Npd{Z%{Q|w;lRtPP|>=V`>b%pRI;^fhy=Lk=ScYc<_hiE zi-(ALtB=!>`%edE!dqlL?i_}rL|Ds2;zp}hV_e4~c~X=n+7R3%Ee6$l|Khsf$Byn* z2EJu+n|m&&L2(%};tLA2U{0zIg*j5auVH>!C+}s7RI_-cvUnM@_tANp?h&j}>dxQm zy$KIGpn}%#S%(LIeR~r`#xO*n=1rKhIGmH5N-)SOmSQJ{N)vkBH;T6THR^z&r;thO zup#q}g%24GMw7WuFw=EtyC-bQGBQjq$lJe?ryRLAa?D39N=!#ef}JsOju(f4w`jgfn0?hb{rQfZliqKHN7UB0&4K_anA zOBJdV)OY=yH7sCkci1PKW}r7rBo7|GQcohp%gt#$1)m&G=xrRwrT75_RF^*X!-H|NFrnDZGuG}wW)2^WV!4hk(0xx+pN<<5%*5*I zZHeuq^d)!S7QGN{iw@H%-ld|;JsO>0NjVhz4oFGnxxv`i!c~VYcV7S(ci)9Dje~e? zd{WE-12cDV2;Dsa!&{4`p^=6$pPFe(Z`#58h>9=t%>+%_>(-VfIp(Doe~v{ZdgUfs zC_5SWJ+IT9dsSn?K<3Kat&@UW@JP;Q8vPV#Mvt}xRH03YsTb#(1Kvoi8jbJ#t*>#F z&x=uvxE^Ft%nM8eO;W`AfH%kGhMXfL*Sk6cyn6`SnfGrO=QC<}Iha(*B1!1y?<`XY zHwdFz^K_zuK($?pHP}}7&_5JYQ*pUd9KQczJ=tZ5HP>~HA(SC(ykgQGZ6fm9=THRk0d|l*gu7(3E|_nz#NQJk$K2m_05yPZ?s?n*GO;(wbzL<%LbX z<3G>@caZxS>-*-FzNJ(a7Ss<{(2uZ;5ThQ)u8Kcgzt4f2!E~WQt8cFk#ZH!BC5p)0HlpifV!k!^h}kThA#Dv+qP7rK@{vTWK6x~^~wSC97Z9DnLwr$(CZQHi3j&0lMbl9=c=_GHS zy`TN<`+LVb)l^&@2FaYCt@VBN^?iNZYQwwc4UbwUa1?KolWMZA zdH7@&xPaxtut3{7?$l`*Chr!*l0RxH;N`Wck%6g;r#4OX^t`*G;?bPk4EX;n!lZs5 zFDva;)9!FlVOZ7WK+~98E!~Qt1XVj{`FfK8iRT65vLpgkB2Z!xjPp-eoeJX`Cqb<_akZ9u*ZVSv3$-rC&}X>jv% z1Iurt4=$IBDpB!sXU31A0O8V-yjr})!IKog0f!T@t`O)`jn>DsP0yUy0?lH8tjUDV ziqW`=_MJr*ys(eHXKBtjc1jrun?A?M_+RW?AR)r0h{l8J`55fH#2!pmorH7SO6X`0 zGLZ#HB78YrEf9eUAJ35qrKPoQe*!PxB$Q>+BMd96DQSiH)39&ZfxFsiC|GzfhWN9c2^)~+1RLjZ3V!mT?*oY``+6@4Ima$N`4NVy4v* z?YjHnwWU>U{dAfR%QgudW^#J3E51GpnKi8gg%)airh=k1Id72_Uv9aI$sR{8K`~vr zx*z_2N@b1EHqY+*_7C^j?6jISLEB+?OjfoZaHX{B9#1UrWHd9Q*?4X2W;S1PPbMyD za$dck!pWD+aN=&;wM+5#!d^b6($Zs4lNjgOYFTa#7f(~Y4FA+WX(EEaHNRy8hv?|H z3oE1r)!WpvtQ~$(pNPkzU^D!QOiF-YdNlJrxCdwS3HV@SRWcYfbb`PU7oBMFkm_S`6*m`VX{*Yp_}v^L$WEx1j|00Q8vtFX z@bZ(%5w_MI4qKu94cJ^hEx8lI*rRLLuz=3BAABmq>y*e2hD3c`E2U=5sk=z%rUzCx z|8RB)g#Yp7T0wzOJz+sxO=L<)?GovARQ^JD0nPMr&;#NlPFW`mIek-V0FI?4?z4wZ z-<9`FBwdr@qHAUX6E?2BiEey8jDdVC5zf37et zc!s~zW+>}I=5Oe?AOOwbP9RpVa1oL~^jPEfb!N5jP6pK+v^mi^=-3BqEk+_?ekE(G z%2pbz)t`kxLNX<2y#LM^LX$3gr_V;4SId4wvS4?D&W&VbW?}=Obt3F!hfb3L z5cZZg%!S8^2U&GvOt-cz~oH{7wt*1^vQ(XdpTNSTQp(x7M3P;$z)1^_8;){ zKvBgH*0eX9E6{_t^ALf)yTx5FPb&UL2%Y510rezgK4j1p^n&_km0V#Y@dQLx2H*m|J>~qcV1-=Jobqa)h~X;JT~L3EYzLpC{mT z(hw|(EsX61l?2qRKUCc%~D2W(v%UD5*%5@0PaP!+nAV{bdDy) z%#V$Hlc<0ijtK;xBq^Y zv2E-zbd-AJMON}v7EF!T-u;St2-lOibiKPOI@QsL#XRS0gHaBSPGCcny0z34t1||v zu?v=#K_6U9c@1{U$(BXa8%Ru?-*Z!(QJFON{%Z}`2uz*HM#kI_&~Xg6(3ez zFyY50_j!7H=1~`f30$mfWO&R+{w-U+TU;evJt&VisOwYhi7>(R-cCx*`m7t3Zi~S9~u<2te|O55H%+%pCmg%(e$gOh7LVHzNCmackz2IwEc610)z)5ZrRNd zaBAQnwcgBr&b}r_DeJg^f;x*A)7`v7LSEA5W(DmtIXE)Qk^>3*^uZbKqyAi_v-{tV zG!lRzg?HEnrx_C{^Lj+mov!|RitH=#Il#LyP&#azHl_{1B!NkIc9CUSY_u8=G;)1eGr&kl0LjNw<9IaefEDrAw;J{RJbEN^_cn zK1F0r@DuSd-vKP3^7C6xi-=hODKt;wP{lc_yH-qvYM?z* z9oqQI`6=AS%kEp0NRTiz56o}5;>owQ%;XAHN%hm5Hv~Fx?F0g>u|8k8?A?zQmE+E| zJjyZ4>hFLd&G?_@tp_~Ic`=;mbB(7QTLNoDYs8cd0#DB3k}=mFn%TW{fSzeCj;SMi zDoaXfq?sI3j_itP_W>x>CkQlS^oGdVFw(TA@xH05%4xf;h8mH9q3S?lOHsS`LM>mRfb{Dtx4~-X83K}E8Z(NL+{)o zH6`kvToLQiV0UH~k`wQ;}P$@z@#)HG_T$zfFd+0j!H9|FMNV>!M zuR2YrVmND+5;%fX`;{43TVHd^ zpwF+Zr9VHn|M|l`GrEKZEn_>;w}3*FQr~<214T)0@no~jFVW5O{jT?&>|;^{A}lMv z?k8!pE7adVHjwaHwl;D~6?dGj1WQ1LPPu{cs)(|Rj zLO)#)jfr>vFxI5KUZmSTWg+{6TQX=84VVI%{uc$m9JhP41dXv?&+0Bka!@X7tS z-7eVnDeL+9S`C4S9`GHBWb$P--P+PX*9<-D975VpZoLia7h|602k_#9{s^1pf^4Oz zY-54I*#^h00;{)cqSAyZD}v0y2}@gj!3c!^p-P}W7EuVZBcKyr9FCQ4yA{%eZ&Q$6 z!Y#7{vb}L@GM&imxD^9~ z1-z4FE6^91jY@RNgze9Muk`6c!+P2XMR<*jv4UK^lzwibj9({5A7=@b`MR2_zI+f; zDN93XqMDLYW5sVurKX_*P~=(J9@nsu@H=aRD(J~leeKaKu6Pwi^TPj?f+_QeRuDw2lpI{j0rDqsdOE1Ple=h0Ntd73}ERK z3kMZfm4t*?B$qR3Te;e7Pyp6qGuYmZIg5H0&M}&k$5$e?blJj{P)oDv@~)|=*2&Jc zw3+W~T*HL0^sy{qIWqYvAz~Ijzb(zFwPk5nd#W9vhE52wAuQRxn~g`)Y6lTR7X4Xi z(}6(^LRvrOos!`8l!!(jQDu_WOJ~I~L6jCmX>Uwqe@(=LC!D$VqsPXrnnX{-V1H>R zG)qmi{MlV!41B7&tqoLxzr zztT7u(0a1IxhumjxBjEYA?pda%;vxFgyA)^Vd1Q3d=ibAiQ>3mx)GCkh<45eF7{@a zgCdh80=FQ0p_o8g5mAucD=uEHS%VWX|HvJ=r&>jZR$lFyjmC-LIG z!A>dVPEG7XVGn2NR)G~s!wGaERPD<#D2%eNLlH4sl;jxA=f&RRAv~&Y&bJlM72Rt( z>;eN2>-7r057s8#SWBu*A+=j?1G4(C#Mu;}tJO;iQyz`J?_nsli z?xHCmD!s56jdYN0%p746A+d3e9ymfWR23R-am#Kb#|02fKI38J+jfKoP+u7w#JnJ; zj8QTpmDxYk=emkOH=?COEDud9yk}^b z?e7siSLo5MDDLAmr|2@$+6~lL+d2)z)&Q%jVat*2u4dJ`vfV#>kzJUn%~KBZ8I(zN z>5t{{S9w*=$LtEQn12xasCxoC)-_=G_247@p}_Shz$<16*x_1pYz#9{8zmtZ7|Z1~ zl4WGfZ3#yYH`n(#;m}1MnSIW-(d@6C6HUUe-_C^eFc!5)ni)CqDi<9rr=j42q((ar zvF-V8?L}lwtc)y?J&dJoNmhXVygLS{I0YnGo#Rv)U@dgvtE}PM3I+#E`~sU20~J|J z^^ndAdn$&&g)3p{F6ukCQ8|lZVIy5CRE;fL_14x?Om3&J+V4Pwkd~UKcs;;u*3dFp zjn%GW3=UP#nLw*h#3LV%E%AM}hUd$aH3h(7A*>K(o|1A&^bpxa6n-C| z^?2X-97lanA}2Q+j+g_290jwo@E|mk7!AU;SaL3p{3m@@o)0u^D86n)V^l-jp7xa^ek|;(ey= zDEbe7N0_P*fl~a1(OGlo`jW;2?2c3bdOcz5T#8xe-1^)Z^di%(U0hI=7y1m3s;jD+ z+SRKg%=Cu$UVo=JEpU-CoFXbj-l9MGKl5@@30nU26`bw*)pXoMD+2bM2#p96jGTUP zE66$L4Xp8YuF+`BIWrutx}YxhmoObQJR+R7alKJUN5#kGuvU`;XWGczuM)q1*Kx*H zehT2WrWZo-=os*2IC^Vnj+ac(R(ZqqL);eEZeK#~@JB$Hg{@X;KqfbTQNFFLETu_! zp=`jkchkZb+GRuXn-OxnH)4Bmc$fG4S@~9u#2Wr|HM0relRUH*MqxDj1 zPXEUr6xujB2Z|d5RhL^WyJ4(3w}#XkHpjC94&$P|tGOhn@B%7VDLvEzhw+3U#ZuP} z*ilToPwj(p_-GFIJNR627Vh{g?&sH6CdGR(c}=xhYHdHTtsI(;Bl};+#{xyJjB=lW zh{qUl95C|@A}ClV=f^ihQ?62wNrsG1E-$gu?>Z$YE^7^n7ozw=h}I|D($6zohy{L? zBJtYUEKbx^3Be($3>uXz8%D7F<|4h8wP{I)zz+4x+U-L~_4vz6%0-u439UY4KJ3-) z!n+Ote32Bacq;0Z`DF)}|4z8CipFWhg+24fpu&Yk|Bfh3Q8=O^R$x&SI5^TJO0^B~YYflF)kNWtZyb{Zn2$&ujOar#;ymn!M3GgQYUoE@ zx6A|BHj=98AIspKH#V1L5GJ#zeTuK~_~C`5{PIAEMOff16(jj$YoA@!${}&jZML?YsP&^HD3(rozV@#*6_CS_ULC*79q2d44ijirV9{BYRW(fbEQWLi?H43nm7 z%9m{~)Y~F<;(HbO|Cu(J$pi+`9_o)d!)0k9TG?3t)X6Y+tL8niF`JgdM*SCOMIp_6DT71`rW7lsov2ORE7X>H3X4gS3EfPGY95wC;XH8Vgpv%oeCxwGMENY-sZIDrg(%c>=;iw6&e>|_xs+F2Dl^}nsxD)pwnl7a zr;^m)v)D!CMUzas&6)JRzM2)so$?#P1$bx7F*AZ{sy#j#8_>iit^e5pl>i@LP84@K zxPZ&wioeZ{V2#@O?IUsP`IqkfHgd97+ll72Mc?cN7m*4_?|xZ4v^TCK6mAD)VACY|LG2_=kLBps9!qw$k^>Y3C1&0wu0-xRDchO){U~2i@pF z2%JUnbbV8sY#wQCi#mzE@ghdq>fm5?I5&pP?{TXlBj1$8Z+%9@-d{I<@$sVq7vV|cAkG$MM$FgW3(1DJ(fT`LNuPoY|iOk0khIa`UyHU}g^c zh6-0euqa`dX=63T!`p}|TxjZVSpkYwrRG?p%*cmsDt%Jf^lffflJ&O1{*5P z(pg~JcCP+#UY2Skll<4~D2SS9z!5>_O>`!|ZFB9!TiiO?1hfL5Y=+P| zlTWm7uAi*fQ(sH)?9wi+mk)G^kY>(Sr9)RBb;{c;pFzkrkIo#*!7cA`se3cQNtx%sYkkI7L?Mh_wgnD_Jvk^T8)6C$7aRDL8k zP}AooW30tg1z!qVDxs$_)7&YW!?kqH&@I_LUxe2^A*NOfaj)gE!JaJtxKDn%o!@Nq zU%=(ha`}h2Uxp$z-33ldfHf!!4Pmh}^biQ#Jxjxex z?*-^rfOgi^jB{Fc2)zHv`T-jRSf1csHEbg0C+3t(`ug~_)iP`=<<^V0u=6V7DW*%u zLp==P+vKC>@1H#how_;N`tM9907ykIv)xG(&MabhmdWROaAbWaC~m^>SMe;3((S;sYe! zE0x?#k42^n$HG|(eX8}|bHut{;gMj4jFlKi2*>AcLaks~I$r1szL4>O#=rBsp-i7LdE%!3H? zSeWsqgjDWWev8A8A`iJ->5<6FKT*8q&gf4YC7qc8Wd_P*?ah40Wg;?Z^ETkPpq1;0Y^*EYUpovw zo9fbgv0fpiZ6!rvNkbd_e2siYJ2Bj_fAF$Idz8s!?=UM^dL_s*$;k#`Izl3Uu^8G!t`pkMam#nuuL_$KM+mq$brpJFHrIORbT2%~O&}JD*R9T)TzML)i8g=fR`}#j4}!2E8fA zXz3`SvD{vQ3%9?>xZc1ET9tZ7I3-&Ee4sNp?!ZA7atC8wn9wwYLMQxpk-Um=R%({4}%9~ zw$~H=gx# z4teW1?)b}U$0;eS;1lGh9k%Gav-=D@%ULFV5pG3QO8*)~MO8u^R9=0qG;56Y3sDuX zj(ypf&6hLrtJohec)G+E0JzpNlO~yG1&wViFApPIhrP-MjE%`9RU4u$$57k>5$XcK zXP3V7F1LU%E4pSVZ4OB*tPPmaN1t3Xo-5^O^Q+k7xFTW@_l`4g#TZ`VHJCrzX$HF*(RWn=)^Rq6&Q1)+x z0hGQ9kH8+J@Z`qFp<}q_#y4quN#+#A4qgm;)6J8TR8VTr29@U*ql~r)p7Jb>=51{q z?QC2e9AnR5W(T(q6K9E5IF&3P@AL_D@M^4+U6NzdEZ1Q3~HmlgAqBJNgqU&PHii- ztfsA>;_l=KQOI4vPj1vdD%Gg!tZo@4?v7c}y5W*1Sg)5{e!<)C+=2%av&uGHpC8kK zaB82!)^v9OGXqV=+_<$pgCCgAc#%@`PsC)PA*Rckt#u-!l0Hg6Y<0G$=n!f#H6L>6 z?rCWVyHxL@_MG^4&YA_1yd=gHD^;-b4n=3TOhHObK6k6<-OU=D$kpTc+TBolQvDU60+E zNY?96GyAC$Z4(p8pr7;rJYwn5>t}ZT}X&0H`Ow4#HZe%ij z0J1m;)nnccbza%aBBa{SwH645;E2;1Za#*zV8n!mb%W;>;DieiTI5X#@LCFc&`f{L zFS}g^pv+P%v%~N7Ln!0LM-^(&G`c@BhRcjUie6KAA~FPZ5AfUcHnxkV znfgoJ$HD^Bz}cYb7kGFoEQV`p#S)FOTVGs=J}CgL8f0!oq%s$~*FZ39^RiBW#fqk; zeRCXDy2?a5T+b3`$=03xdSQ(U^G_A1q*+p*b9gW+hfnQ{im#}2q|l5q+E&>?8=nG0 ztX*B4vt&sd?4plcMHXeUio>FN@UjsIItG_*9%w{O9D*jqOtGCJ0s+ERo&%Ux^hn4? zphn)%YPuvlehs+u9QlXuOL0FUZq4t(&+_u{I1cT`gJAgci*sI|K987Ac7Is!`eAkB zR#my1lv18H+wc9F$z7-*0;TRkqU3p%{+Jhv8=Iw;J zbHnU1YS%T9H1N?i)BnG}C=~z%4g{Gnnc7?=Hg1~EV=De%T9$!JA|x_;kxU2?=OF?i zxu~}j=1|?yBgDI4qWmZcPN4A6s)nMY8lY!ehTSJMK2XVmUbn%VXsBu==R z-Ld#7mQnewByC5q4rL}pCfe%yw{dil;+omlHODoo%I^<)D z!s4x_@+*Wtna4{&V_EyKh{l%3vFei<35l^ro1Jj3GK&se4;AUl*A+|T)kYigkE6)4 zq?3HcLeQZTQ);waC5tqnnU>M3tS`h951t>0TUej4B1T=Bf3{S{PgK{TZiob1j82%4 zXn{45J{Q$B|20g2wCDfy>HZO7OJvXsBZHQE#DS9Eo!&+avP816+!7H6onpV-$+5E9 z%DVbM-Rk`gmFvBggwr_g=)FPs)t+lICJdpa4aBqM_Qb|EdCHS9xO|$+DQ=uZt65_v zIwVbKu5BAc^#(_XVS{Ot&N;o14&PbslF;YCKkcz_ffKayV{L z`i0Hm-*2$7%%=vX66+dU>v;cU2T@f!<}@W&moYpmYQFJT{-p>RycLpR*wuUERvIX# z9Bt6sC>Vk}Wh%h<Z7x}M}W>aJiT!gl- z#gEAzn=jUoyFUtZ3P0bd@_%uu9Y!pCC-Ya@=IOCtEBtkbG)$jaTkjcLKNppCR8+LW zc3|y>jP@Q)EUg$J!VXFidFs}N*h#Y6TG-)+dEQn=#!KN2?ouBMv^cU%H)h1yHQPpE zD0)e}zmM0oO&lv;Lu+e)HnV0cDy|=~CW(-Kp0ak@Sds(wzd2^nxbBhtF%s0B+N=$8 z!iPKKO_Z>>{qRMd(NdbbJ9mUK32F>3loQ7{b_JD?9IaVaCT)UsQrrVResjn^SD|am zRtz@p*0gdg>F}hgL?ji8CE+z;;pcM`HS#1#LR{Ks(ps4C2)&YgVdh^X1oFs~yBG-5 zEF|E%Mx()+kWC@m>+Ad5dRYXb1FLIGD~o$;D=TMSL_sHs9x z%hJ{*>Kc2;DEuNLtPyW|C~lH2z3vpLH7(s~&dmGdql$tt%hAVCn}Rrq7o~MOMfIC5 z)Ox~QQ?;$d-ZG3qVDoeg5k6DJ3l#q^?HIXrpKhA(J-DBzT%qBUliWlq|5{ z!0DpF%LyT-z!p#@&WLyvwvrQsf0-t9hN4E|2kK98$}lEekZy>qjAX#*PL8z6m zK(N0Ie@ngszqcn)H{QLGqk1`-xAKOX{6IA`&NJFOI?VyFX=*<;k|N7B$W*H?PxF+9 z=g#Ql`whV!!dJ$3ed=!Q1uB?Roi^T5JNzX*m3XXb@h20uDM2Q|JbA8ZXgCJ<)Au@c z(KuT*a#-DyZkP=KWCpIbC#fc5yGR+Z=gk-(Ccdc3PiT2Wj`Ww5?2a^9e!04l4wZ3O z+1U-&j^@(cTvihWbS(^h$ltqX+Q#WiIL%WNkRMc;g3E=&DZ6g@!r5F2Am{6(snqis zpOZc>veI$GA-3!_Ittmyn1s~mG!^K1v`>V3D%r|;9=i2B`UlZ_!? zge3n%_(1rhk4|v|%L$;zeiQxI{h)lHqHMkyRq6cXy?iU*{ON6KUMG3n{upW{ zE8_iYDmrMlR6Hz7cg#Jz3n=Xkc6mM1I1asBgw09(tlvUz6i zn#y`E+>jmZVYq{%Naz_Foo{+JNY%O|4x_N<&$r3R%j2W51Nt4|ea+GM&NSJ4R)k-> z&x<(A;fLBpAiXxxrzt`h6J;%~=DyC9IA-7w6)9^*{!%K|;9_Q@7xD-`>0Kg{!%d#QXq4ZdGY;hTi2Wa6bKn&WDfm{)FqL1+Mr3&Wh%t+vQ~_Fo!CA0L7v&fb%H$;00f7(T?~3BX6lErkPj)|I^9@;dmTP6+_h)vx z?_#>A$e1I$ANHDVFfig`TIS%DefwiGWx&Kh{Z<7{R<>Gopv|go)4N6{i(;QF>2Sh| zj2Gq3Rvu?YBKMlWy5FQ-O|T{62rbteKTlAEBqYLa!-|Dde}2&|gZvlPhgqfO6xK+Y~Q$gfNM&oi7g#19(1kjD=j9A%;e9K6pN*H1TSl`fIG^`FG%9!qh(fAO=g1&p5#k72=+?&PTr9( z_*$JHlq_qz{BR;QQD@svFB46`RFj^07oQt$#d%t?0H6f|TA!%r3itPTQK%X_6gUAL ziQV!2N9!dAVT~laCbHJt`1wCFMHI4!nHuYbf>2FvW7WRpW3RR*5S$fuq?f6;FB=tH z{`N+qwp_SrYUufLE)6{?p8YeDesT_8JJTMB(| zq%Y|nLtXvS1qP@1hz$V&$LLCS$_!&F=sh%1;zWyE7dz{?QzPami*tRuqF;Uv|4?&yPC_; zaw9Go9tzZ%`47U#nBGw{ED>%9S_jr=sF4$-q`5T?B%s8fTU}^f6`5M(_@Qkx-W@9{ zVrL`2Knv<#W^SPi8bcMM6f>xxL%sw4dLuFF^%jvHGio~-UW@f8G$X$ju3!#3tJ}Ow z0Lq0e`7zU|AY^zIkSq)TI6Y( z47d4>g|7VH+%+1>(DYck#we46<&(}i>OZc+Kwz0Iq@|8=YTtF8QBm9)X#PV1El(ig zWM;dLBePFUnC6JkA6(E83m|!zqF@a5Mn;HU2m+6B<+GTK}V2Ta5pHV?occV zN=8xz=ps5gbCih0m6N@?{;2xB;`||zu44u}X-nso+PU>13$6e;_fl*~DRc4eO>$kX zw@L4K-DKo)^WnEBTc(FNdh||w_!ZD+RrO+K@jvu(ZaWdae=A#>fAnES5#yMkU#2j> zl7q!Jjf&C_3+-7{G}mnpkMn){+dXFCB9zu+H3=HWlm!uO&S>f#=Z~FNC#0QMfoYDNp(f-Hb55S16q2qp=#O47f?n>Mk_0t+t1GJ_0MyXU9b2KA9gf1# z;e%`zDHIkxY`F0VzM>VQ{iPhJs2u`O8fgy3jz(j)H)7ej%_{9#Lw{aM+abc-U|BFK zILDJn<1hcNW(8R1SJ1Azs(f6{#;v-QIGirT-?QhiJU-$S5%JDr;WN#TF<`5QTln}< ze@%{+e@a{lT?x%!WO;usJ!6^O715d+PYf>T==B-P85j(Y;kFt^ux+yJ#yMB_W@~39 z<%d=(oa00z-9SbZ;bt;jkoU+!g&tA`v&>DVQDW_7i;@*th4ouc(56woRbN|M zq0n$XQuE12q*}!GoEw;`uZFlKB}J?j+Bg@lvKY)n#6o8yR-#mwN_xjIBtHyS)%xt2 zvG(4@)C11~bv-3PeEOUc30W}xI?{K1gh#Yh^ya^!i-NMN51tV|+e(_GV}8+`m{H}2 zt7de0~42n*{YUh8Tw_PEJT~SKJf-a z@N7A&2}6fMj_<>jkth|*3#WP)e}tr=C?rmrHx^*~isIL?LqDx-{f7`iqwcDR0JD{C z{#98qN=%XIzw{TC3kZAp>VJ;BsANBvP|80esdgr|&Y)z?QOW|L;Kd7O@xTMzg(#At znC)M0iH-Lx+F@;!pD6&saA-3qPH3*q=-TbjS+f3G!JRABR13;3-t)~FsuC*R6He!Qi=cc$l9^z_AEU+OEaNr{6L z*0C-N9zsUsxKM`0jNP+NO>EPkM4mbN@mPAdx7UT$F*Vs0_1|W{iH3$OKY8b#|B!t7 z#-%hbiZmm}tUV@y7s$C3_H0JeX^zy9|HJzITejak@AapIhw#nMcATj zq<8NYRie-8Hnb} zSraDx1xsPSdj#BNquJbBB$SY*I!QMSCXn0XdMjgn73J-0ZADcO<5uhI87}LRxqb|A zA3m!e=!dS%v~#rB;HWYs@g*vNl|Fm54`G|D#|x94SDbM+8!m(hT2sZTvPH(&Y9=@t z@UNT@T;D7bOAHMF1(!UhL#!xdWotd)2)0JgSz~>ToM2eKT@KLK-EX0^l$LY%NifTH z>0-{*ZIKx_T2~eor;{)}P4~TbM=b7gDl(MVwv2rf# zuj}YB@2n^$j9E)a@C@NN2!DV+Z{j7lFa0T`AHg@CGw4LBY#fcS26NK|qeY%ay{s)%d@*u{Udv1A_n1q&RHOb`8P001R_6Re(ekIX=qs+ zrFf}Vwd&NQIptvoNWZ`q}a1->U0?@m_;OjcnQ5I!0rb*U>S)VN=|V;XWA;Wtu? z0~%(YQCvf5LJ&eJ?P8KQ`NDPez*-?LWUWPe52VcYH z)plkHw`1J6#D|UxM^!ryuP66E9#{7$KbdEn$zO0jNMzz*w=BxoEV+So_>N<;La>Z; zr!RaTBj_Ym(m3zcD|y8NEh=pk4SBM3aC?F6ADA_zad_f7Y1W6u%?`dQQJJ~+Tpl2o zDwi+(1x-`UoF$wt@^SV4w>A6@eJcx{tP5sy&`nhrht+1vGGB`yw>{~IlO_J zDv2>g+Lb5?SWpui37UY?!PM27FC{;(TwyKtLKSz1#?UgOcNzoFJGr zG0_aT4ikDDi5ZFH9MV}IWu$UU50(8h=rf)6yvAVel$hK46E`iX~``3@;* zgPVYx{jN)wk2fm@Q+B%0q0s;$mJuoOV8}70eju;_kq&!ED1_|^@EBkMM<8%eSQrW# z8jk%QYcg;UR1<4vC*qoa_cZsK-)*j{S|v>_En}j?;`TjYKR%C#l$3L zTHpJ!W#f0z-|x2h^;GAeHZI!VH7%5(i@#=Z66z0UMdq7zR~D5mT#y`D|CrI3ZF2RR zWu>nScBFdEMJK5lw4WqMQKDuaCTnY=2SCYXFg!T{fh6YO>RD-J!RycsTf+Cwfz=(V zLBYRulm`xE+G^cu+&GfeiK;ibj5N-IRHNs2Y>oPDgrkmQSzbaEWOKO2VfcV}p6M`_7L z00Xf{3aXHd{q`tDd3)5Ds_3b3H(yJHtN?EEWmt=_%VJo3xTt9Di~#aoxf6`Qw$Rtz z+G12up1+ZY)_eyM3?xX92nhG+Q^dxC80KLyJO$Too%Ein{m%yVM2D7jGM+89eZ=JK5+tVK_%ke=b z&>xE?v9!Z9ImpGOpvWU8re%nUN{s9MQ%%Zzwr!hN60{fG+T@Z)pUV6-@I9~{I-f~N zt<&Q6zJ+Npwu2M|)aZiDS_F0Ye#vYbaLt-@yYp6#BR*t2*G=*{k4tZ?JU8l-DOghI+HBhig<{h;+eFHmMcTOiy8VA2G2Y<` zg7g5xH=0>^U#}*6Pj3Kwn2yILXe^OY$GTE8EDKXU#J2ovD*tyz|2cF(fQ_IG^y$)5 zAIAo1lI1iss7+^LH7#w<&WsiPw1sFT;|0Y-BLhuHi19sfW0v6bUuED|%)5S+9-*!U zH?^87&dr*eAq|aMogvQS7E&@EPg3eQM1}ng6Fr>%En9KZ(4f<=QtcBjo1C)BVW?}> zmIFftwIavKtS7mk2JEP4G*{8PW=_rG0bQ1A$Lt|j;KAw@*I?#DcziWN``)f1jdVlG zReIS9H9_j>&@Zd5;o7+qn|uVO6Js6TEQ__Ctw4FY_}4|x2)Zv3Q`Q=Kw+8{jpd;yH4ZLRgUP8ixd;yYHn&IZyw$U0r$sXat*a z$ZanudFb1kr!G9SxVkG(=!Z|9ve#ZD*+%X~kG~Tc@K2`e!2@vMP}(E0`&i!}zG*G< z30fr9{XQ+4W^l_EN%aq6;-vUZy|@UF9m2__2^=cz)u$LVVE8PmmcNXmrvxLVpu|0P zj-Q&CvJEsDZ3zsn2#qOcSHPH!#yTWhe@!*vlVJ}wCB9k~MclWj(3YE%Q-KHLvu8i` z?)o>ltXvrH_XMq;|H0v{5Qqk+gdJ_`PFk-~f|l)6jOjwfPOxA4(r*hA8J3Q z9XHF$oqP1Cx{pnaLbR8Rg0h=xgEG_%pPXxcyC&?4R*3Q z+39+t#jo`%JU4rgA=XoBM>EEuoxGv83k-i``#n>HiS;*crs26vZCWfwF6O8X(9*)n z<7P|f#j5P4fYmXs0x!eL)*&>lhDZx6jR0XnJ4GA1(#w+G!DNzfs>l~GEj&gdj1s<~ zVOK6I+xv0Dl|we_jQXnINyzI`wQy!FUxYc<2jPFnQFa>^%{yfCOL*Z2 zrIn13G9KEW3x70@I&^E6`j{a@k&^gHR2KNf;mD$>HqOw!+my0BD=F+>iZu46!HR6nGOO>qDnKd_CjAa>|MwF9*EU^`2mHklL1L)HOq)20pPRDJR1Vx( zaV*k&HwoVrxZ|~#&VX5%OkwyFFRVq1NeODk`Hb~b)1NfXiRI@VpB&ji;A3ET7HWfU zN+73JB4-Xch{#OFg+%t?Pu27Ixt0N30!#p3CjDcS-|2Fu3yNT=drep&3I4&5+Sk}t zoi~0a>ZAoN1OPZSezsLI-Q2!Csvo+_C?ynePQ0%-V57J*6*mg~33CSh;0EVJ+mw5Q zf|msYSC=M`OP8g8sf*xmGaj^j`1D>pU^IJx3ty{>JhvIj=Kju#z8*nsZ+U(!4S>8L z!$t=DAj|6|)Q7t}!Qp1E&p`*0Z6^aFk9HyJ$B+Df=z7QK%EE4IFg7Z-ZQHhOI~6At z+fFLBZQCcQ*tTuEbG!TA(fy74j{WES-uujFtvT0R&*ZVnCO`EXQh-dDx7;k)^%KA6 ze0VxOSnxR@i%&~^7dR$81fYz zGHeINAE1C9fK!NQ=N;NAQ?>LG_D6PNcZGpW1D725MeujCS?Gx#a&)j(`>3YFa~|+L zP&J&WL>M#rkY}9xwEh)J-wMJWanzP>2-A|yKuOcOCPBkA4{Y_ZFfWS^DjK0;K9AA# zQNcHIxoHrR={{&M-da49mtlS6^rpB@%B1ART!Zy%L~RmGYpeCeMd&KoAI2+F5%&dX za*p>l9NI)qXp35uP#5Dzq*g+imm~W>CrgJcYLy92#@JY2?Tl&NV@{}O3xHjhw!mAO zwRL~hpnN>QA9%A#D$hA<{1%+BZaYZGfj`$99X>Xls??sc(mpem%9KgDwxinn9C(GV ztbWv=VsHn?g1&`Il*MBqWv_Oz1&UdvJPT7xN7`zz0Ib8F&;sIJ;FP*e{M7)Zzmb!o zNq4E4;6=hY^KZlJq@l1dGye3ip|f)1tWSR5O?0l2{0^c@3iRO5pL;fBbg%od8ppO+3oXCsfORfapkZPCXY?9sP0vhpN=y zqkgzg1$=_Zsa>nWTR6{Zisl{@_%c5fJWO;tqsEDbE(S2q5=lahWpcjzg3k30Rj-is z)`(8$I~C@ypX6GpvV>ajDmtEYJ54bOG7JG3HqeC48AAE3f?5-|aD0E}H`J@-j*yh4 z6f)^T{>IYQh3SXY+{j09U96nga!=P^lN`=3=Y{{~UHI^->i0R^V^Gn^P`W#a4GQvg zTRv)7syc^W_M$_#V%q+Uaa?gs3Fr1JdJu~7gjlJ85M11h-^(w6bp%=v{WKs1c&mkT zQry>Mn}JaD-ObY*|7{12bl7W4I+#D0U-rIxTA~XItkCkMKR$+TQw4UxHcmu>nr4t) zJ(Mz4w`Q)%>@eS4VCcm2yeFPGS2=EpL=${eM3&<{8p9)3HscKt>1S}9DLi9`m< zE}EU_w<84qTb0vnl0d!a-rhq?ib+q^zNO4b|LHMV`b&6tkyLC?5VTN|j}FxdHO2#P z1_XtfmB?SQtOK+BBkK&p>Fly!+&G$kr`@+E$Sst}6Um~Lm!3oqciVbmi%u|^fd#Rs z((!*k>p=qg(1?K$`+!aQKup3xpae_0S&Q8w3DQFCQ9GH&dMF25qcgUV2#BZpO;7hZ z)HVv+5@tn#ClH-7nlxpslpe576`1^BK6oKj*~1apQ4YD|pe+fJbONdESs?1izgDwAlyQ@}bPhx1j~ir< z(IbWXCDo}fa*JJGkA3;^8NpT%Y@2mOoi#aTboc`;AvCY@1hlyMqf#o-V<~Bkjnk52 zc8uogLE(#0=Ge}`P0h2_Ou0pmd>o_t z{z2I{P2YY3$#OE@_p_Gbxdg4{vz)@O$)(Uw2=!l^i`@+6vrFxMFT4Z-x+`(U<>f8bIuDHWc=wqvpeKM#L=6;Z zc?xUb+QtQt12ckV0R#3^ax)wA)V%;YbsEUEcJCW|= zoV0p#1K0GK80m5+dA~*tXlQu$nh_CkVg@}cX9-i+TU+e5dk(!ei*B*L78P@n(Yg>a zVKt$dF->B3=0AjF44C8$^+Z&s<_DZYSfegNEWXTc@$Q^z<-sph%TwUOOqF*^}xfa0aw*f6-7+Ek zvi^>zWw%adn%4Vp;%*T3b<%K6S<5*olJp^3)2X%RP~HadQyIWn&l!4;c|MQfj9H1X zwLc~6CLrB0EBZ4SJ0p|*RUs0hwiA?WU_uJTloEZxW)u!1!LtTGZ0Vn7Oq4x+PEJK-uo48t_*X zLQ~-MU*tT}O-ZGnGy7d^H7n>)n7?dv`FB^_(EbC307(r1aseLBko7XEmj?RTytI`P z2ATBV7PM9Pjk|59`x6JAPbCUke+d_ro}L)whq)(c$X=&;NWMOoCZTCjF(sLcEVpCf zP*Z^=_{4N+U5KN8W>=+_1=J4LH=TJTMwxbhgmfE*#Mr$Dxj4GT%!f{L#?rQje%aC{ z_sSQDCd^c(+K$hT3ebp(Ufhqr-#5U$!O>6Dxm(1dyJ@@Z3+3u%X z#BA!tjDTMz$!IuGquPN~-`<5{G0TQYLR{Z+StQ3u)JmUqqZV}+>h%Q8V*tzvg-rm) z<{RAlFJ?KKa&ZLBm6`2(G^1*D&++lfGd{qJoTstGP~6)dHR@aZ&acZ-V5GMj^RuAT zjA;+lzQGS^tc&GZO^rws(CPv9Lcw#jxF*8jPxUsLR!Ih_W8tuHu}$y;9gVsfK{v3%&`$0< z`46z$2I?nNJJgO;7P#5hsL`9(pQXXUkjd@rpt=LJ&9{<9qPPE}XbJ*0VPl0uqT~)t z0xH_YIGUmiRy%56B<4Wf=aJ9qcokV)CpJYx;{Zks^UJDs%fBxGxxLXf5Of#a>j>9a z&*t7Nr^JGZ$cK|^3<5R*rqKIR5Z@hH6N8g@VA1LH>k=L+{&f|eJX*cc{&H-f2LFw1 zPvI5$>B0yJI#13Qfa;F5evE&hqtRmE>_v!Ax-o_{-h}AlL%%3?9f30QsW-6SeZ5SqqhB9#8=zj8ZMGW?`wS ztTn@=Mi6IYE>j^TKXxB&&^jj80CcvTgzK32g0JUjR!>ygE;Aujw`SO^J-`=%A8o=5 z(uKmU(dH}Zr;i>3q>;vKgiPG3e3+_|Lk=|1XJbV5^g`-tadSpK(((F7NMR+z5kJkn zG(bFd`G@m-zwVdTTHGYoXyx25KHsPQ$)78IH-xL`a32~D<~mw_9qBp})<8p@l(@&- zp9NRsr_>Ole})Szt{0jkj6udBklnGy7tvHE#mv8^Z(Dnb#V} zf6*p)in47>0)N7F{*}{$ouE2zULyW%gh8>an2OdW5GHZ*9mqi$1a7&jev{E2IEoDO zp`-WE89t^m(6@ z+Q&#$RO5`h}Y$v6j4mh$#45DBz*P z4``{IsB$Wb+8xPM&$pF!VY8~Sm*>dFM*$oZ_`qyl(%3gL0pS=Dv zU@vorYNf#f97z$FGN&qq)zI7?nEZGAkP_c@Eyjphi3`}=ewUQk$A7}2yBwIQ?ku16 zPIFUrNJEji3%qJ5CF(7d+acR4ydy~wi)421uu_(+0e;C4q0snESUJZD)P-ew&Y*kJ zxwsC!h$QhD(RlPB61owa6}#FS$}5(rGy-%yivXMRfiF|EI%Mtf*f%-KfW#dkCugh_ zQzf1F=jen^5}}J>Esa|4df{@&Td>I@8i7h6>WwH8Wl2U5j^oVOPG^BK zeP#S!t)oC5R^T!fVT@u&HO{3*y=D(nziXc9%y4H4I5vraT zdp13)xDwvU-Tn^8^S^HYAyc##% z*?^vrBETDEkP5_-Jna0*-KQj6D$CZ$0@olt%W}~o>uYpqlx~ioNyDOd+fKnb%Mwnd zQq#?@T7$!8vHcD_d2!-&FygCINS}X15dR&twf=r>S8CQ+(GC8Ytx5rP@i7dFeOTeH zOVO{tG1Z_~_!MP^Z_Uxmu9g_Yd-C0$86tDMEYlQ4qhg-noadI$sd9gvCqh_D|heM9x*SR zeS*jES%cD;Yqq#BH7X4Ak7>h|WfQ}Yu`r5#Bi}I0vImyGQ{e>>0gZ#|E;D?ObEO3N$TWUX)$ab>d-O#yOy;@zmSh;j&`BhS4TY#=!~Hh=wR{&%gHtw7%MlZVC0ID= zHESKB-?5-fqS+G|S|Fo{b%rXjME2ihD^&k3k~CmYJG!H}Y-@a1t{-Ab7gvm-d)OYC z1Mf}UdncQ%mDbI>m!#?Z-s%6Ik6MvQk;V%AA1v&Dkm!&OC8)PEgNh6)9^!2a0VCaq zL3ZD5chC>*MP#fu<_)G5@y=Kxn3%?wh{TzltpVwtzqVB-WV3+t+xsW9_|TZee9bb$ z1ghx%&Z<3Gx4ujZqIl!_nxH|=B(}M;eGgjOiZYdk2flETCW!lQ!flQ|bQ`xKb3*Jp0;WE6Fc@8TT8IL-0bB9%J z9>X7$qwD+@?O|iI8eR{|uV`VQnG@dAYoBtMa2BcoFn=7aK+-~BY#@CsCY@~DdyYr* z%vG!>0~2av)x=RYFFa2PFmln(+g8ksyz92ULLnfyWDV|0fdypWOM({Z!iQ}(fjx$9 zp_diS6n!i;qu=T|=+S<%zv(^Ygi_}RsfC5Mr!7f6o6 zezNDM9{0ZjN$F0@3}$mAQ;&2AWVMQ~!B``is>Q}%FNO@!P#`=^yreO^gpWD zk6{pJ_Q6M0RVMj-1wD|yuC;rYNe5LS@7{%MK}4pDT6GI$Q%z%`FM-EUS0BTKun{Bg z#)|r&*{hDS)XJTrZZY>+Wi?(Sh5qJi!7$bqlO?q)5BOc(JmZ}@CJd!-6Xp*z5NnEY zChi@vGMhffkYy3?n7Fp*(xldDZmz8*#Vra8wdZhmiAu`*8>mJJOaUHEQ6nvDnSAFt z<7p4uQ_ez3z#z)1e9RMAWM|X8mDDv;|FY?NKOK3^QFeo<{03XPKs8O8e0PXhchlGo zH4H32*KVG$jiE@Cd(t(+r{Jf2RY6#5R}TO8pFnu?26eM|{Q$*cwx?zbg2n8g1W9mR zfRIJh7WfJ^o>ES53qhYri8hN)OyjU(A zwRHaxIL8cT@L`E|KDKF?m@tPS|Bdjy$>VQD7=fjvXQJ-$hHROf4dm_7b?u@HdEZ|U zLhp*}RpH6poyHW&WL@!&CKeGX7VrV{-*pqXJ0gRIEHD{BQe1L-4yl%$|MqU3q+$iz zBsnW7M5wmwRM?V($TNY!A%PkADGb47VxOUGnewig#`AJ-*Mx8%Zmk|jnEvPZO`SGZ~q1<61;`1sn<`!{B z>75bq%K4a1Y}$W3vdzKot)mh5P*YpsB8E;AnLZe8xJE83tP2w4U{tO2oT4NT+ji~R zIuqf34L)rVFN(sU+Y3zQ2e5z*&+37zNLhg6ro>>Bj+UZp^IT8}d;~k5L_O@R_kjRmWWwV3u0VG)bNqomGd=NT8v1p$E};O;MQrE_*#- zlg&4lCRfRH0TZYMuE%S4HdIjo{t>->a&6bcUr5T7i3gfCSCJXiPo1A( zb&UI&>O^L?J6QJ@s8Ic+AZU=>!1+h>gTeeQ%_FZJV7^MxoZ`&GXliB%M;9`UOeur<;&w4j#lCLT8K~rtXgIATDr$TA#NfNP_$Xc4ke{SY0zm0*f%zW+BZ;ilj5#(*(> zI%&mt^eLfQPN2KTtB7NpaJF(pRgR`q+@P~g(mhrq!3liokAga%@wPvXBIi$+-C0CRX1Gi#9# z3h ze95e(<{`-Xl>gW)-ntMv6q{hm0w8YHR*i-nVhB-4zI>7qS(a&9mWcR2j^fSiI1WLB(D=o2hj`W5zHSZ zjxWE`Zgm|v=OP(UmudMcDf=w1`nY3Tjzq$c8D!?F3Iy2s%{NnhrVAuIkhjs5ciaW_ z8cNP$DZug}euEoC62?tw_qqxMzq2lmc8CUYJ1dW2!X`}Ne?8w7lk&GV=2eaq{* zrl!UT1N-=Xy4Ss6|8zW+AwsYf$}33h^z;3B+w&YaVR?D^q;1EVQG@L6PtX0P#dOX+ zZTq|lx{R2t*pJkCz11xT6rtbce*1at7tD2fx!&sW@%g+xIG6NN^qtxJx*kU$P*U0B zb$zAqxghYi(+@gaGvxj8LWRul`4DdTlbrrE7=}o|+om8CfBcix{r$Q94LY>HRIRga z@V*8q+U9zWp1n6UHB~5)>+>)>qS;9dwA_0eQ%l0dM0JPg_d-(S^K^l=4I6G`<^cr^ z*sSDzh@CKBwBC-$x`Yu}p6NBAE>GqQ0)^(3m*H#^xHORF{;fJs5GO#t?YJD)5RaUZ zO;gT9uB%6{g#M4ow*HU7<>lpdVaEwFzk0onYmXUa$Y?348a=w?yxVO40CdF#$^Jpp z`NuB-oX;08=`P&bfKA5Oq2PUxU?t+g8As?GNizrG^m(`jL~BhO6K!S+v9*9l>VM&I zrkHS8Jd%d&ehIy^E#T__kloLYs)=TB=~G;4CLAT=&i0f)dINuv7Bk0KXgCyN_ZY$mVIuG=^iA{VT}E6xW5Uc zN>%QFifB1SEzw`tTuY#i6*vlBC!0_OR-H0F5^q(Mn3o1D_;&OavoFQ9rCU^mVio;9 zwrv2X-wrJdy(@_Y98>yf;^oJX6+ViUvudis`k<*dP&R1y8bf6$ml*j{nAcD_$x0SU9Zo-c^pPb0^le3ooNS_aKdZ(u~3*=O6c{<*2NM=$O#+%tN8VZ7+L~!)~{*4QH zD#NG>@V=i{5CDjy&?sEoBOsoq`P9@_?;4_JfMS#~=>J51qE@O5xRV|t4TstVzwL$* z7{5scdv?cq5M-mefI!q5_`Z@Im1fK1peWM{wa2@6XppO=AUSsk{4e{KJp0@7KNGPwR-SEiM1T zLnfzl1-^HGfYyEO)2m2n_!?UgZ3vde3D5AOG z_x4w%mZpg>{1ev5;gfIRwi;XA2mt3G%(fG5TJ>j&;bdo=d>?Sa9G#uWal_%UHg?>a zYFzS&RwTJ|;%b~TCrNl=VqV2zfuCn~xS1T?NQ2l7?v&_!46UKJdPcOhs1=M(PoYAF z{om^_Iw&v{Yl%PGZE$&sP8I%id@SVvtGC!w{c^ay>EB{-$NX}RcD=FwiI*lXH*&aoRHTHH|mcskplXaKcc^~UvLcvH=(GG?_t=nZkX zJT5dWH5s-pMk$$zkOr-)P{ej~L74gkkx@f(BR-o>g z(0F&;&x9Q@0h;4hVtH_VXwJIX#io#bx~PJ!(~v|m2Bihtbme}32`3dskJRp;OxUcZ zeT6b!ik(j9hz)T@F9IBsV{GN*>{N!K^7%6aLEor!9?|ooJtMx-!#$DUrHSPfD=BaV z{_vi=b~4ra5b)dUoo4*XDtbgs45I(ViJuS*k}(8`1)+bAN;el~S24H1E0#9I8rWWz zE&2yduu_@%l9f24Uv?6q+=L5PVmJhJkUe(Q+3NeEdM5(C96HAp#DAMqRS5H#9BRW_ zXDygne6;G+`meShsv)2Abx+o?Cm~X@)13Ak7X-MNls;ef6?#4|uRosbzv)ZL95`R} z0g*}iu72PCF8DrAucf)Zp_f$pGQF>p1PXkOSG?Q1SDQS4+=Fv!R;~HHzCLCPr}ebFkEZS6nqLQo~|>*jk^@yT_@!gk~Z-`sRAWna5hq*TGNHi5XgsXwkURljHB8;PFy zzas?1ITk4Q;L#i>iXuGZ=MrHXH9GS}T|VH;)bNQ~0SkCMqI(=JyTnngX4O7wphACC zuqEn!6E$^P=ixsgv(|61HO%ou!gM-1gAD6(Qx_CSp)|e@u}6k$=^JU|0u8)uz>vxW znFZYQ{y;>Y6I$CA@SHI5?evhzlYcd$W zWpIimP|&cvl_WEu*DfxV1-^V9>b5WY74j-`KL6os|L?m1qz%gff|pn4i0XDJ9b#4` z!h$4vp&jh!((uLErUMFtJFoakvT7~&qIY*7V3sqTw>W5Lyf0!K071jIbkyv|Ax?6W7UObEV)VNqt|LFBz~_&m;zDCF|?+tUn}bLx=gE#h@w z5#iHj%DFA}W1^lb%gQ(gz2OedVK6ZM8tOu;)XJiWCsz-`j6=@eKtw=r`}2%&7B*=v z)6QWwI2OQ0Bwh*A?J1^Q_`_!aMFNt0(aNasR^_9WkD3*LBvgeZw<7^;Sx~@JC;I{#-**?rGI5n;_J~RBPS^_qRX$bZ{19XBTIhQsCjP_>CXgh3_7G_^R+I!#*?`@SvQ9=jV z$$#++SE*UKBE_tgIumH0;3y>os&J9%`bnFi)K1-Og8ECEw2)w#dKoJn(X>dMOuhVL zw;;RQk#(c$`~wYGlD#RqNw)!$_e{i{#g#CqUH-amc7US9eK8nRK!jlL2`3!LPK86A z<{{7vQtru721(LW`2P153r#fU2}49&L-Fh!kRt-Nd*R8P{|=G4UvF&gKjH4~7Hyw- zUgZ_2{jzyJQaHb!uX~RjQ|c z96yGvrDZ6?*SDX}>HQt@p&Bzk5sBaI`RR#KgKuT~`(a*Tv_QLhCmxNVI(XaTIJ?&O zvGQe2)I5S8NNAUa3)4yv+#eY-Gtw|Ee3WcI;2`Qy+LSXJdf+7(SOgn^*BC^Wi2*s< z&-eU6W!VWlZ|7u%EMjB1!c6sbb=+s5mBU6>ED!nLG*A>x9la$udZiuR=7r18DIwgx zc7f}Pkl`@ZW330;Q%I7iZNRtvC0}@wwHz4S3Uo-BW4S78^?13|Znwz!C!z`!btuwE z;XLwFp-{vT$a~BuY%2Q??|=CFca=j4o-$H|^d_s1hxgKyc9nqTw7(6#?j|A1Mnk}o z${?dpx;00|Ubn-Hf@c5tn^@3eW0#ga zZBJ20AyZ6pZUmLN3N&KtXT`y$y55 zb9>BLMl0v{t*IYQfV_k!Efxwy;9_4^>_&|=ocMxs-h27>#4>kEcNl=^P68Vps9qw^ zudi9uU(f*lO*v0la#`=I$bXpC%q@ATdRGq~=9N0d^zq;$@O{6Xkothnx%2WsKmh;# z0a-79YNWO0b|oaVW8Q9adRIl2F8_OeU*OT84!xiRRRK7&y>iQ2S-59kMRSWK&y|gx zO|ic1Tqd@1%?}YoyA<#v^mbVK9jW-q%Y?Mt6OF%%yjroI1fNZ!(?J+v!yj$8%h%3Z zHgJn|$EC2d>F}xzqBiT^Aw-<72(V_j?A!8WVpcmPAjHsRU@<<#da4sRx|UAk*=45$ zN1Yn+ z=CiZ2!w|OWY5*;ZfP1rhtqpn}*&b%CNfG1*NpVnw&+UY4GRDNt zra3kh3yRor%Wpn8)j*?IQy$@HG=41iKh+zNaC|&`E#Cb|<$iof$HB6x9tA?FO29eg z{Kld)WWms_zrZ_ocIrY#Vu}_19d*U>nFZ5CQin=XjEaB znes@@q#+-budIJFL1k&tG8KfHy7Bu~g@txEL&KS9EN`x2S#>{z?ptK0x zCy9iT-S2$Gw3foE3^NwvQr(Gttx&efW@+dsH3gS1KMe7i*RZ<*WNwoXY!4WiH2lay zIS{Eet1Q^#WS^Vw*RbBl?eCc0N5DSCPv`k{{QV;E?)-f)ZF;Rw$otD)kWMH0-UHFD z{0!?AN=71K-tz>j7>PdqI>s+}6xy65?S7;c@}BbiWsY(EeHA@RL(n-?4+Ou~a&w_> z)y-sUI3X3)HLtjFl3Tgc2&zs1?@K+sdj+6pt%E{@YnkNk!J=UZtpcXPq@ukzTmV6;*LUzH zzhs4(TJ9xZ@`cIx3t8smaq;fytwNzw9^!y}(`;r+lvXVg&8>-Uo|R;a00bnVG`+Li z=*{_PJ?>6E)Y9=*Xm?Si7WHBt|Jb?vm;ur4p2kd;eIh3r%H>SAR9GvSdk@9ETivWx zg%%GNT|7xsXeU@L;c`FyJgt=+6bJ|N1%qulf(1+Vik?14zbW4Djt0RSB$pN>A5n`{ zJ`6N>KFze|1eV!|^#OX7E_Lh&X!QHNh(C1(J67r3e5I9)RqbcgOnfo9{MfQq0?2DvP!2bUiqGu?u7JLJ=o}U#(>po93zf!0GrZ+w1viPa;L-0)a`Xc|qUEcw9&yk$~U(dGk+wGueFhF%Ljl z32RY(+vgdt=H9kkRkgq7`lcVEjoGeGHCdSuaVaqxn(_i{lwRTc)vlp6dmliAzrAY? zw>Bcft1F;?TzOdD17!|HeRl&b5(roO0!k2A=qYaSVg1W>!LMG2LXb6@M=L`Tj8tMW zttcP+ziptq#RdF2B2{&%!NX`Pl{;43gX zMD&X{c%@@8|MEL=11CY*FX^U+25qX_xW2Zb<0tOEvpS{gdS)G{i&wZmu&3?G0$~41 z4uAsIMCQyAF)!*kqA-IQJJ?govEFYpk5G9o}KPVmZHOg`pn_G|NYVF_k7*2>U+#XFaR_)V7VBq ztIcnOXtxMkVpnvqPz?N8L3TXhjUpE-iV>fHtJRmTYib?9h2|e@7U~(=jn-*3B0EQ6 zwkGfsWx{|%=b`cRQUoVKi=4$_`t>?7qj<$=o@hnt6oe$m;|xGclF(O{HLye}+x!qo zRU{>6KVhETiy$o1c*;rdB^_)`>t$WLG^U9&xzF5`RMe!#FNCu`I6cj^#j!zBlM0AB zqf(%$=%HBJ7X9GBB4`Q>!VhAifjmpnF?yS863w_P!KLo1LSMlR5bE;KF19JeOE2hQ zjF1U}h=#k`O%q+kcjw<2pe)Q}Uc3yyfp)8HhC@{44O1A{u9%Z_Or{v^;|Kmmfv$!&AHl%{Gr50hcJ*|xy==;`^Z_L+PhlLaIk*FdxU$0f zOC4`nPfx*S0h5mu(Hg26qmB?DIhM=EHMiekmw=Bfe?${5&Rxb~A`hH1U9Bz?FCfSl z!s(0=LYz1MwMWUbofy7y3I(~K4_kjMfAEX)e{UW&F~PEa|FWOw8!%Doh9;sI5S4L; z91*@5L=7H1x+*=<%`Nd{AM#WQ&8o))-)UZc3U}BxpF0I6QKj4{f$mU2a ziFqu$Fx2h&m+@-5&Rs?Z5BQhA0X-_r1WljdAU{jyKv9VKvxQ@xk#ysHHAfR7&qZCS zbddZCl|83%n(+pmr8rTn;0`a;3>2e8{}}qELhHf^_<8jtb~kzEd5mo63vL+)EOL7CCj|E`luoO;03rFBMCt-76uh3iu}iTY-MPq`6R6X`%6RYK!(n5Gbn$N1g@AD zduD!1Xq)OfO|#)T)iHbf1$G-W_ILhj3XVsZx9RwxIJ8IWmFe4FHir2Hj2z=VRk_)@ z#0zx^*B+(bt%En$jwRX-ensM1!mUika)Z|$&FZe%U$j?dWc+>F$Yhgm!Guty^|MiT2`Q94kz&}(C zX*zO^@Ojcind*#GJKR>qm@ zhEh=fu3AjzE}pyERoC3vCs(^VGAq#iQj?Dnkj||ImOQ?c*=*>WWmT-$qE3VSX$R zFy5nCJUL?!&{OBy$`q}NkRSnbOP8)?+SXX!yj%Q@P*ShVzzv;5w|uvf#NSA#{is{F zVnte}HK%%9g`SwK=lvuj{4LIx)M2hhAh^w!QZeb2SmIkvgP{Xi$ZEnya{{Q>v$uJ+uUvQ@o z=NxH2zUgKq0*QiB+}G2i{oa30wWlg1S{P#u*uTez$ktLqz!NcE*40mPG{EJSWLI$+2V#m*%s`n6U);B~K^bi_7-@)=rS8RS>8nR!eJvPYI?b&o)>gQE z@-^;J+ibGSESfglrZWT1D+>#?!;%%HBR4j~F3soo#DVEI!RyOpXBij%ee&Kvci{fv zUm%EqZ*s6#$IKNn5bPZ&x7+UCD@KiR&Pvp%$x%~_7(_*NUC_YP5o;(s-h$U^K{x4- zAz@&6plCd*ShW?t@YD=@DvMkqfo0dTJ+l=uDD)}>lDe@&O**xoOelC=tTLZTOy7+N zfC0?gB$$TX-Kex)U#82(3!HT6mc(h-CZXRFnaM7Txiqj0fi}&#Sy}{A+i~HD2>yn> zsnv)HJ>{RMpJD~s`f|j+C&z+BM=jk2)lcTZHR!UB_VZV>zJTAkf=A=q+fX*@zbnzJ-MK8hjIE=o zb8EkyINwG(H%R_5Q`eIgD#H6>4yVy#{$Vakpn?4wo#YK7!U36t;b|ZtQ4VS+hNFOU z97}fjcYx&><$p8g9`-n!QPcQkhwF6=7O>KHlyf7FEyrc|f6?`h&6P&o8g6Vm9ox26l8&8@ZQHgxw%IXPY+D`M zPRF)R-d(lpoT~HgFY6aPbFMLOTqEAjkuUbYpE_ccR%$Q@R0odqSbVE_vWq$?=~t(g z;99^U&3R+*N^84Q@nr+bfD-%ciU4SovPk zUb$FK#Q8a+;NxpI5!)!=rb+T#pmzfHrL9qgUkc|9QW6KYRjAY#g5EjsN5#A5GW{JG^Q$%Vn5+WSFNgfB}^ z4B||L0o$$7kFk@CJqGgh1GH0P>0g}t=qdf~iTd}B=Np*@Cu?I@XWtad@UgL1li&C@ z8oU;OV7MPhdZyk|^WiJGa`J|=S3!8_KVFcQ-X*y43U0mMGE$>T0tSTD26(w!Mc)F3 zCEk0Xi*f!1S229khNy?}`1p<})c;DowqWG3ox-cqi^Z6OvI#t7noH?P`^uhjUq$;c zWc}xm>gINvKH$cP+~9hwUEg_N;(MAn5~rX6i2{FK^M_s+$@in4I(b^0+I_m0T9ch2#6E5M#8|7)yV%AA@c|X}z4|ns%&$fvd2F}vD*X@$g zT;5{DIe&~Lm3}8U0NiCQ>($#YIoogFBj=y2VI53sbra&L`BHZ`clWlRG~9=dJ{?=_ zO&@zhQQ{51KhC~`ATP!0B{2M?T$RgS*H+y3P4;vu32;^KaOvt3@hURsFbjua1oKb& zj}$JKH#`|QgzwU{Z*XZg5#&*8{Z8FL<*j5h(aei9?{Ha!jdi_BRr4{Xmm+vv;eHad zgK+F^lX(TNNW~Me4#q<+PgenT>Z)pcA)3+L%>LT!6)Wf#en`HHW0sLACinLDGbK{y z6+Qi&L>4jvQ3I6GGNh$fm)A(*gv0@;$if#mr?eKR29;rsbIy&~9~-mufdrC{eLcxT zPnW$lY0T9W8YDMxl+EV@TsW^K<;J6tKcbKtM!EUNfCh1V5){&6G5^O&u62NM>5ym@ z4auuZ>GmlemU(pm4<)sYI*gMWfj4xFyVm)_T<4|qA5 z{=)Nz5>MIgc_sQfB0kp# zn0&Tq_TtX$cZ5au!-eG2?^k>CO*~QQ-}R@mV)DCSGq5I>VVH=2*TOL5oF@E^Q^J+6 zzs1F=j?A}j=DU9I;5PV<(eX7}*CS~jGm^_mqz0ri=f9jBnEzH8{D|gE-*<;K?_zhy zYl5@sUcO9-OM>KMzRkS0HCA&&>x0OLO~}3VYZLJ%`68N^Vr4CS>9N3Ms#6*0ATV9- zX;gL9d8c)quP_J0a;%{TaJQ2?lTLT;vO$0EB}>O#09ru;JK8iKL? z1Hsh-zot#f-%HKca3ys@QzV(+?c^b$S#4XDJxJ}bsQNC=Bj&*u>0Z-zNAv1zZEYYc zG%gLQn2pQFBO#ITPtp>6R?C8(y|--&DCWdu#cfbZbh(AL0h|YdH6faz0@f?+(T(kt zUYACBFINn|{467CUqxY;My39Z-=d!Oka{7(gTSfxzu*}5(sN+p#}gAcNBNFf%qhmj zZ!Cl?x*)RdH%H(KQFQw7UPcK&@YOPgTJXo!i?DNKmtL`!=k*f!dy3!f7_#2^`A%B$ zCrkyR^{>bv0sT4^PO{mDCba>Odl>iM)x%SF#|n9X&Gq$xo)g~T z06e_GlH4tbxw`Rlci4utn zaPajdu&)vo!nxfme-$Qp#|1UomG;>)=#Au{Wi_^&05dx`{o9(#`Z(rpZJo5>5i84L zAi&LS@C?@!Ax1x~2YMH^R;Z1=%ade2Z-_74IW?Q)iVlM3>Zt_`zi8?S?Q z9&2H;uK#}gcMyd@kOGVHyTgBWqq!Isum_Pk{E z3=9cA!S_TYSig=Ym(;8-90^8)^|^dMS8flZ(!Ae{vUjT$nc$EHprg7#8M?Z|B%mCO zmznJfE}5r>_KN8S&+?B?Gvkvit8w)CM6V*7=aZZ9g4yn3q)2wVz*8_@ncl0Bx=?K- zGfa0#0}Hf){?f)_&h+_DX;7O8eeD`*a{pwzR)-IMiMFvE%CgKPq7@k^PIhBrPatVH z1+0fjOEu3rMvH(f1SEF=ECa*8159t+&Zj>c$U^an=iU3)j4PE|88Qi>`^Y&8mQ5%P zT4K2jJ(U;vMDYIVg@H`7q(vOkD|5%Vl`f3W8)ehLA~XIY$yp@1`DJFUT>MvLXjV3v zfD^treNbp0NDY|F#yH75B3*~=|M3ehT2gCAL{NqoJrT0(eWRl|cgwh4HtA#|p zzuhn;RZK1|?D~3mz!JYY2CCRc%X5eI;2S{^A=g*E#qS+r5+ChbkB_G}M2*Ot(Q_;D zSJ*xlEQ;nrV)o8oSh3qx<`N>%){_?6k4RafdivEUS2uU+Ay?aG&S;4GJpbBWBzQw~ z%V8CJzEvoGCxMU6#r?066Ybq%T-7GblCDmqq#QJ|d-JbPkS7vPQhMQZK ztnQKsow>G}KPPx%R3xQC$INcjP^}l9w*9}Y`dq>7zITi_c^IsAlJQs`Dz(y4_-aDLFJ3Y5w zuRTIXyX^rJ&5yq_`ZL2QCQ`+v@2d0TansxVa@pe32wA$uvLMeKb4hNr*p-C_2wqpl-eSEG2MMQy~h8V#-}MtlI4XR z4DX*JB!#d@75U*u(dx+~7pXJi8(<825k}CLXpcrYVu=xR z9Ee+RX4V1U$vtbB$@kMb0I73`)+?&Ta$f?pjvz7mNHyfjq<#u90j#9FvFJ0H-*_q9 zfzI!iMZZmR$G89aGLAb)w(1xUXcc-e$Qg4%r9o!RIQ7=)&xj_c@UQjK{~Vt)sp093 zq#tgf%^W)cg8%c-PJaR0ulyLcD)z80gc?hq)|Rol3PN*ihq`O6?_YK|w9L3+3k{rT zKOz--{Quhi|F3`3+fND--1qcsSb6addsvI?hKdjmxBr}H<5;?zcEkX1fryTwX1aUV zs7zgjNw7uAnHZPmTW2QL|MRPS%uDm66sywzJ@3u@v%lxf{wvh~OYnXDYya#1&i{3q zSIGZV;WJ9Ji2K9(>%~7~OWzXs=46>A3N@-7k7i58HJO?&6122p~44ENNC{C&*)papD!?i zaJug`VLgkWE>xd$|90{QvUEL8Gg^fAvI@du+@6?wBzJnKL^B%D@53p7ME1;{3Q^!y z+7EV)NqzI1gW$evgqS8lo+>U{{!`;DOncn9_df51h0yFfL&+Gjb$mk_Ei2Gj+VvK*2WWto2G2t16W6HCIvcn{|d&6 zO>#vlGC3>S&xx%lCI0a$LU<^jKbv2O3}U+l#+?LP!ASq?D1BW_IwqtPm9e!#PO9Q+ z{EVi>s)kb?iMw0IUZnZKt}68Q{Ohox*K|SRHo?#U7`uFgzVETWa2?dMhCk^Et z7-a{-oi5!b$RXemG7!E=7t)esQve-H1D%)(@vnr zJG^7iT$RVI=9$~~?IQf!PeS^XtD_srRzYkLO3EPE*gT>%D?8JF8GlPJ{?G6M_<8jE9uL$+fewGlHD(_Ify7Y%rf@ zmOo7Je!B9zuqNufo8sdiVjv%?qq`Z4!vD6FVg)Y0-vy2p(k6ltW~`@Iodl8*lKIC$ zjul9=NFbqXCMjRPNTz3S6fVvEwr}Xc(YoDnq>>hT9n_gu;*DkBO3pFFZeky{i;1NO zvajiu#*pL_G-*wVR7^(NwHf8xYSpAp_J4lGr|N4ciYsbq!)))aB8F)&O1w@qU@Z~( zkWm?|QVb+26*2;v>K`YKCZ__M3y$sD9oL!QHbH2`yu{3g#TN)L;Vuu32GoK{MC z@yJHc<%-Ykrpv9174Fe5#%}9Dk~LOuj)g?$KvntPeLcV74^ge1@oEzL+Tv{@e+(Mo z%wFvVNbG>69BXZdr_!@{s-()KjOC85!4|UWcU-CcKftKu!Tihia!KSN>}-@7ef2 zH-rp?M~Hq#`xbYH>N|^&Qp1-zI$EtG4Ca)VZ8Y$@wYT$P*AV>leS)b+bbE%AUgw)} z0yjiTuTePbG&uF}*3t6>{k8M;>2FvUp1VgXTd=&j{q|x1bqjo7Q-tv0_c<&5sZFW;jV3h7^Mn>H|7~?5-(Qa4-_ZOs`bNRC-f7K8E=?+4p$lOy;_9+>B7)yl;Dv4kLwC| z+y~Svsnhz@*i`3_#FD^-RcB=$9gx@4vMV7++-He5Pp$2M9|H84noX9*L4}7@eBM6D z_6rqFez53>-MUXV!i$%4u(LD#-fg9h%V^fRkvJ8ZkepaGrv*ND3p%k0{{Pro#r@^7 zur9P4k5AYB2s}aU!o9h>y0g#V_isbtWVF7&n?ohZ33wX(jQYhVOvqoyr*T{hR#}jZDAyn~`VdP}mTg)eQ`y=dnKIT9Kgy+FOV5 zKJDJgWVtjL1NX?Av$v}*@3SRNX}7IRu%1(J*SBv`{b0 zX19i>VEl3j-;4kMx;}(C7|kb{`7l*=t(e4)uFz@ zV@nFJ*S?WTl4^O-dQiH^F{lK=eWNSOMbzd|=uUIdiJU#ndu#Da$hrJ3<{XEWGV+#` z*~ReIldn`GY1X5~jQF3m_&?q3my$oXd>;7=-1dcbMif&njUKWdEDL|+J9=mUxvt%t zyX&C1pt~O6m@KL(i>RYtUXOSo*dGwq;$e5-lb@D9$MrwDw!gl_(M(Rn_*vc`zApW_ zbDqE6d*1E+_kmyPrNFp0QnV-^*c~8En19miY6L|8TtdC3R3(WD^^opmVe^tc7bn-$C(OSQ%whQb{hCqXFIAIX)g zHW&7)1#ZSxP4Xp78!kbGApIWt0B~s){eXV86!{2D+UJ*@UTDxy1blNHf6mk zm;m^5FI*?tKb{0Zt43M{A3@`>bCm(j@I+-jBsUx^rH0fU?3CdK^`6qerxI*?MgX`k z3K(%P5m9-Juqns$IW2#$Yr8g-*mQKB~Mrl0=Uz! zs1jgfYC7t&0W3@LPAX${z=Msn_E(SitG)ai^UN1lu|Q|gty0E}1XONKN;HH?vO~y_ zc$Ak|1nsa}Jp$g0;wTt{3(sl8WP_6QhMXo`{dIm+%WmMg;Lp55f3BFw$CyXJTBYV= zX<#X>s*`M){vh#>W+V2|bBhF$E*AY1=QJg)8Lpd*19(loko`wkmh| zzF|F<*cnFx)fxnJM=(-0)YU7Wh&Hx2*Y}el32~MI9u9ftZKm$(H(>Ay&r==t+g;x7 z&O0F~>?EOt0H5z@fNyO>LqlELu3EF#?+F>34VR}&f=P24nxp2$3Z?zjSkKoV+^OTD z`xv2(v;C}Y3DLr|roIyvf%U#8F+T*U5gXI>S5&%i5IA49Z44!bsE$A)ZyrMJG9m88 z452|Gc8nwY5NflAPFcxF#Q`1Ah>6CqjAQaEX<=Z@R-^zIsQnTw06(<;rxanZ;P1&` zIsFM9r#(FG*Php*6XYzyRiK1b%6fvA9EnFLLqt0_oozAI4Dv`jGnN@UEe zq+RTq5|smnUu<)r@}yMD)YNIHh<4#rI%>H_ZH&lh4qi#xm8SUTR{7ji(DkoRIFO@} zgRTbZH)%VKn(lwQ4QWk&jBH2t)~264{P)Q6_uHix5@n|_i=qhyLyI-*1>~uSaX4J3 z@BPPK7m_|hCS*ODgaoI8I`t9VA?epOD;q@^KY+1hJE)I1NCXZV>@GM1ha z&8K{sS%Yv0h;UhMjiQcjvpVC>mkMegy|l?Jx?R(730bY(n_x57jJoCIaghRAXEgH} zT!=V-71d$(i7A|_~c|qW`IIpQ405SEqm+EwRMH;{tx*qI?eucrt%j5Uo><>IVVOk^FadmM0 z#u+>7m$i%j_tIA^c?X9)7=i%j^N1x-N&n?1@s9Cj8 zEnCFpQjJVBB5kEGEB;tany^y;gSdCuN{YDB^j@c-*6yb7kTl&O4>xyj4aR_4kKcDn zPN{s9$xa#eyI^4GXGP3(!~Lo0I2sv4vlM^e^!8}0Q#ZH1)!~jTvh=j&9Vc%psLL!*Y3)KWX;kCh`)M zf~9?{G!92YcDJW4K`SF#mMS##Ca%)#PEPA|*h?yYA(4NTlr ziwGpjsAEZD-#t4TWJ}@qpX@K=2;qz}Wl92y;`xgR)i&f+KAsDtT-q5j^KYIX$cCA{y{{(!imo-ujqt}L(l1{MP}K zam(wO|JxORtN&Fa{GuiK=k({Af8Tz5Gr3sMJbyj4BQe#kB1wS^#a7p&Agv`IXQx#G zrtd!+NoSXzRC^CA3p(S0u%(WN$Bc*S-M3p$g0DsMcE|!W?x@4LFAwu3jM>ls36K<& zQf9mH5&XN2O#`Q7qJm0$re!2u7HuH9^QPcHUrq(XHRF3IE-@Te@I{TPq^c5 zHy?;_1rnq2j9F$Ux#>9P)kZC;b=v6SMd0R;7EGKle~sdWK6e8xK%=nBaVJgDCd6BY zC}%}TC+=eU0)t2_$?IW6f4EAic-3g&U-T8Mm3s7#8zDuY%Nx`aA4TbUU*{Qta87?D z4}_K2#A`f7W$k{`lhIQ1{(VQ12tNamTtVfcIdt`jgUy)8zD?+0F*>s^l-#xXz?gZ_qk4v z+#!RaEi=<`#PjfY$a3HW%(-tIQMZWhP?`$b58%R=u;@A8BYa~CT`Zzf=_k)C8}qZ{ zRE`0okN&oEe+|8MY8BRs`C5%UMihAllK+XhI8tjx$7yb2`uNS%8oJ5di62Ni{E74~ zW3BlE5JSDKx%#q$kW~S%c(>#}F0oh?x_x=!+t1<CBqgv=^LNjw0~TI?M`^kL*aFuRB9^t4R+Zm$0lv z)P$A`U!=KICmEk3!3AaG-yCjC?w*k+xi^uQE=g}e!^JMmPUMcei=wH(o!xR14>H+A zrgJ0)A46?W?R#k53w)FktTM#c}*Q(VhUSZD!XB~vnQVWagzOv zp1eG6A-6&#t2jacAp*5g}@Oy_pLc$@Dye_VyjGytOJ!NQHl>M9ZM2(6lnwk93 zlWmt;x#~p72!_R=sj&I5U_2(VloCEOUhlti3>O4P;wtX&>^=+3Pq=J}B3IZn#vuz# z9u~HbxX(GJkN3RKhMpJg9&eU9|9$_jH-1S{u1TYmpTf;dhn17z zwN3=8t+*s!t zx)`%0wSwi)!z&{~n1Lx_)JZ)zT&|(oc${ouK_^|&qgyy~26>Zm`1T>GmJ4m8r*;Xt z4?TG-uTAm7r=j`FN~HoVwCb^bU$N#FkYZz-lHviE)@Ecfi5_^eX_}VSeqqFWq(wCt{n6CX%d;2vk-%Az*u z(Lw2%(q)J7mT2T)csm^14~YM48xPGs$s(O>DB70_WPm|G`a_lVXT(+d*p$TP>IP@s za;~6qjn4v~^G2oeRB~7v{m{UzAUt>G>4}d{W>X#){NXd`aJ|C6cq0!nwTW z9CgeQv&GLd^J&-hhco2PB7ATz8;4|`ELq^%6%i+{HS6l%)<-PAfT=c|v(v*ofW+`d zhf1#7-u!GP^j{h)Ge>5)JU~-r+}L_SN}=%l20tfyF`60{dv{~FY^Yure}XYFGcKqm zCI&n4O&xK<34B>V<0Ey$+iIc&J68TqQd0p-w7(?VL3*~+2IBwv35;PN0!YC$?RbxN zBe*5vfoA8URQ1SZuPJ|gC6d*g+OwDGC+{~bR{b+?ZXOPcaBDeZt~Gv%EJ8DdXs z(sbi~2#as7oO`A}7k%5r?~Zl}FotL$EjQe$RTj84cZMm$EfUe34H7zNMvmgI;H(E}WB83I>_8p;R=JsAX0|Y(O+cZtLyNp0zXdvH3 zZfly9=%&TSf8vjamTJg)U>}BtW&d~Owf7G(NI3}Epih!o5+h-?t8n@*QSJO|fNVhtAb;+$7Szf(vlv%^%AVLk)Jj-0vQU#!zH2t5BS9?CwuRgE7KnFK zAFY;9*{rtz6g8qCKk>}fa|hk?=>I{~b2AXv_TYT=wbJvV@P6KN{WlLkvbiNr%sg>) zrdmvJNKt|D-r#v~iD7{BZqKmF^l=~BpQMl>T5IL!I~Hdoe-nQ=>5l{l0g!g z=^-Of!Bb;Kp~%Hy@IjNsW|_hcB=MctpIF%3zg-GlV9jO4`=@mduWvIhnFw1U~bz7P=W~=H94n=1*+WF9fgZuJ9LMojd^ z*fswQNwMJsat_F#%UQ1`u&TY)YeM|$G6SdRxNFjMm=VudiK721f|&OuUiFH1ET|45 z4~4^mxz!qz=2gb1E3Mc{r4j+L>w}Z~v(1cKc*iqw2tj7$7&^RT(0ky5Re8_W#*Di)Wp3+PinKf^^SHAhwd%fswI| z!pfsK4Ma+V{zsKPbXHX{<)x2==gB{T^~5tpzdUr=F$;#6eDPw`rZmu@zc=_3ZYnTx zKBXcSHleM6d+W6;{Ee)JRi#n)d-JovRMRN55?u;wQKme82Udn{Of`q4dZdW8$+a8@ zdn9BjZCYDCi8u+;qU!U6`H;rh8y~eNWLi~*OU(N=b^XKi2gXXw)}MNsedxno>v&n# zs(@c7k*g~{N?_Sx_cxvQC_U=GINb2$0MYJt_Qs8C-t{ug?k&p&Ap>ZepXn%!dwH5z zv-R&|WKv4W$rDBg1M=ATbB;^dVWRe(p)Z(5U~+u+8d;vtm*`O58x?z6O=<}p7-CIH;#v5!J>r>dmz46txIE87yiT>35&xbon1R4U!K&W3% zsFx!O8c&HqFSE$tyB6U__4utxQo&;)dc;ciA>E~9;*ZTs2Wt}C*pAzs*aDIGVyVpG z?XDHF>yuO}8#H+#xj^<~(w@${lcxxrpnqzL?VioX$Lq4Ki5I zoWun+TPh>r&cM#mQ-fzQXFbx)R?QHZXqt-=2L%}0{T8D0lRX=A4B}VmOnuwm)Wn)Hg?!B$xI1ybPR|% zUrl)6LoRdz4_yyXKlcOH#nB0^oMqYLH08B~s1K}@zFZ8wPI+2dxTT66%PnoEsp0BT)3%d$+ONPMj zAps}{;_8`H6&fPt=o16mBu57*4l5H4N+fSIsLC5mGp*aJ3{Rp6rDPIF~U6=mgy-;fW zShy>J*4p?&ea2_i$wP{!?occ;p8f_6E^Y-cPapOemqofrry{1=T=gfeqN$kB4vN>H zI({XRi9<|fXt2E)U6)gBt5!|0kAB*mb$`-ds$5YP^G&_gcW4e2isWjyPRAwV#==;{ z?`-bP`Oyu1ihCfT_@4)iQTK^%ovkHJpOA@bj_F6%Bi1P{LUzBTX~GKdG-8;ON%+N| zI;JL5S^i;lv-A8nnvIWeUc=WStUry$d-ZSijPv=<_RiwN)+ToHhH(9Z@g@YG`aN%1+j{6mO^oPsmuol?cv zTytz@<=Y~B#@E}r`i)%efqnXwi$?zZapfhb-!G$4%K~9|)(K;*^t1XTx;}r@S9tCL zB|wYxiIjc)q9BvtG+TFx%#mL(<4@i3!|%r262f*&+X=x!=%>-8SaDN{*h=*va5>?G zt-5I=`v=Uw4m%=d`{E%Tasi7xMm{iZsMNo9Z5vj>du zZC9A?KQWplSe1CLK2@hMPjxW($R@T(@G4kon%7uT5*NS81X+muw>)TFlzeFhRvF!vf1;#%OR~FWrXK;SK0Ya~pc@W`yE`vu3RB zdMcW$M29m3a}_WGcJV!W{95C@GCXU{)6c5Fn;Lq~DM@_baRkV|R$USJ`5dTSZ0PpN zACM%4{`X(SI^E)1zcvTSS=b$wDCZ{>x>Ruxugk~Ne@Etl-fdMQM(&KByXcynQZUMf zNuceXkZZDe9{gV7XT;U_F|t!Dhy-GSk%A$>Grr%HO=HSv`BsD8t=@)_1p#I1$b;#N z(Wh_1f0L1E57n!TdHyr`Ie}(Z$>)@~VCAk6uX2XXL$%rIA)}axPEK7n>YI&zhghxF zc)hP7RhCFa=vm{Qs^-HMNdX4Gn#v{!Jp-poU!8zeXj|q~IS+A{ttK+owVpEV1K18h z&-;*-3_Y-ml9iGvMifVy0WRKLf~I!x{z#-ntdZFh96cKJpPnRAipIa*Z_g-f31j7u zuYq8i#c9@qF}dCEUO(v72(~BuI2?5Q(K*_j))cV@5wu!1XvD$=(f{HZ+f~cPly2DD z8zt4_8ZJB}|IDSm9pR5(gclfx*u-4#OBOraz2C%f>@Zl*1;0!bEEw0a60~RFx4!?QD_tRHr>F+(NG~RhmdWy`ps9EzVilzr2a5LaNR_H@EL`RWItb z9uGf%#zn5ThYK^eO#Q!8dYDnc{$ZwTa@jcfN(Y55wq&ad2BSfyfZ-XKTFmMjO5D6^ znOYY%tI-sC@IVG8sFxXYdsonGr{T@HINZqV=G@dY$Ff!_)xYz{|XjeeZ9Sxg`u7`jL*?pLK?FcfZ-^JoeVP3O}<`*z@i z3!qL*fDjSuP8MUx)B(k%Lg&unQdt4^-O4Y?O&GMqM{@oSl>FgmN$KfPhdhL^Z(SLK zRYQ&82pw3yk@P?rr2s&>jwPF9X*C`Uqs>5ax|!-M9?xR>WgCnX%#XUmGTHcYT|Rt! zb>^yRNCTgHFUyQ#%8)T+wuk;FuB1(rlum~fRY*xQC$p*Lkme@L2sVw{Ofw0OWJctM z{Csbu!@OP{5a(HmpvC}*a*doUGdRjD-t?yvJ(<1Pwtm=6c>Mmy zatUlAh^a9HRbQnfPgn3D9^)qDl!Q%)PLr^63&-@kmlB?2t4>3s9B{V#}j1U}|e zUYVkvjpvkIe{<71c3_Zy?5^{}HoW9`qxuZ`zV@|9w7SSKxK81XuroGi=$for14_q9 zLxPSz(dzWg#0boXZDpZ7`Yz0u-+u62|7WJo_L&QBM~C;jot<6P@|iWhlv1^W0esM5 zzmlI}zXf)d##mNO)C@f7^Z+-^F>_W0XF{jT!!5Fbm6k1bPRQ?q$CS+1P-%l2+B@Y1 z5eQ0We_IL)Op*ZLm@}h#H8UGPOEaJEP$n{olV#O8k|1u_3&u zWUAYLHh-9Q3h8>c(m+R;p^grNOmQ;-r#S!r@vfJYte1Rqf!>CTgCS~Gnm7&U&ZcYn z%H*4=4W%>NiMgk^!BQHwMxVPZDacds8JVdh+%;C&Hlv?hu;5%@Xq}{gYNxyK%sIbRz;)z(27!|LPPXXRpR zGpK<+SWyxhN?GbCGru~Lhj&WXk`?H!LH4tJ#KK{#{)mW3i%Fk4We8C2QuYA;Mke$T z_W7GYAcyU-P@nLi`~bwczs!V!F~(XN21b?bD2uH^l8}3>m-0SfpeY8#H{^Z2*cE{A zRR_Zi$QL!BqLOWF)Z4woDccZb&Dp=z4k6u;5ETH(8#xa-6API z(m=GmTdkNeIds>06^XKFP_6O~f$G4`jS9Z5$qE+NHBW@u@o1bi>s-h5my8SbzV!qW ziu7*S&j%~jSZ}T+Yb`dmnqg*?9~Gumjp~`zNS~cqMK{hrFRBKbXg?pV4~-HOSVeLY zsBm*w;<8PJD`kRmD{R6)5p6FdhMvQX=!wZtV&GYmh+slLW6pDKWMd~BRR4WRMKwj@nq3aTP#tnbJ zhXlK*l7|grCei&FUF44)b_e@)8 z3|qZ^^ol9;t9SDl;hPEyxn8wu;j1=_5+O;)wY9gmwY7B`5JP8zNl+#a{;d4H7}#8& zb(lvv4o`th*03IZXYrX*{dxVIG<6G<&4r$9E@@cX*QCK*s+dINxt4zWmmYU5;qG89 zZ6(azWRz*-l#Q`K9ylwXA>-wn(L-$5CMjwCB8QcV=YuS5(OjNyX4jUz1g54|t7Ix2 zy9P?QMb|tlZ)0Dzo0Yn2QQq6ucR{H7Ux*?*?ZmxKFfuRn^=vYWUV_tQa;E7d-V&Fy z2(_`3-D=4o|6okoTrty>DZ*uIwuwptg*xo|UyY7>8~R1)xQprt4LJCu+A-bAb z2xrd{9T*3r=*UVEV@6j2+ClB?I)%Rmgd)B@Q6sg?4O;WoO{$r5c|(HDf@WAZW6Jn- z^+CzTL%+cWb1n-!6KtnTQxXrLgp5Q^3G{n6z>>#o>9M zM|rV>Q_iIwAuN1EiLITALYd2kqyS=)Ug%%ec_DLzkIWfEx!TrF;g#V$>mvQ9?mg3L zNoEcE+(J|k=ouqsKoKN*fx0>A#DwB-OfK)vDvZZp;LPt#mpXDmk$f)9liesaj`C@#cmIETB<^ZDt3X$ZOygA@a^@tCL$wo%XjS0SRbp zt~Q~Q5E&KmJV$o2o^wjvYkyWv26VI5QYH>Fbx+oZ+EC9kbtu*lW{vj%kNXH$qRKbx5z5_EdkV&q3H8T5#s10*pg{gz{ICQ%Ep^%e$SQB92RTLPbxD-Rk|qvl?%5U(-wXp`uEH*J#cf0M1m1dW8&Iq zfX06gz7O6jCV*fJOldl7vHSc1{8#l*Jro38MGzTcUvlYgU4v__pkz`z3L-o9qLa6ieY<^j1-ePpH4!zqti#+zfhI3G}1$p zH^ko5jKBqGD@gk9*%VFtY!)XUP1aiAB_?yOntCDnouGg#m9TW48gpUwISJdVE}e}< z>*JXU0Lg(b^N{BM-t#=E|1m~y>i?nejw4>_e@6F(;P){W_u;7bAMJ61j4SUAIc`!z zU<}*uMdm*WM_gBzIA=JXL!1oH>s@uVE4|h?618AfW%l|v$xwjqAWR6Qz>LP&LjC;D zozibw`|x(76JP4|v*W2oBRY7QfHA=%;9e%@W8(0_4u7MpZ!;m+2@1L|iAu zDFdu6!?=#Cle$|YJyL1R1u@{#fKF{^Qr$L`fvM9}0Y2<%ekdqt4&ep=<%51Osxg_( zKHir$1umq{BN5EWtO5@ukTy#rAFF^uT&r(Ox_g&$0s;cnHSDI^fNEIW%=TV5(ufa~ zo%j4bc$O9_A7P`)t!^)rnbIwhPHJ^a_};H2YLhm&^Nu;?0CTrW*oaEYO#dgqUd)n3 zR(4yz5AN|M$=nCbqpePDs5Wlzz{ORcxfbTH7v7l}+F^8z=IUnMvJW5k3W_Jvow=Hu zAvrw<&D!l%haAIEY5D-bcPXFIq-L}Y-%n-Rzd3xBZo1w%C6rFHER)_#83|8rQtXvP zbg9C0^oT&Q^XUNBWmh^?UOHmu_Uh$*{d?BD7jU&)Ui#e^m}$05)&*(*2*gsil=(5F zW!n5Ocs~>%dm@*s4~-CTCFoPY7Ail zYO*w4?fT{5-ZgriyBxOfx=s7+VJ%?~vdz!kJx;)X(aO};_HT)+_g!Y>j7c%2 z1)V&c1qiHL3pA*gAu;ERh7adWMQ1NVQc$xq_e|2WQVDXuwi!i&Qn-`1US6r=v_*LeMI^xr?{AP^1l^CuTll)EVHnE9}w7pj)x8qZIE z-KJSQ|3{9rWca)zdhW}6cK>=#^Z#=HI`sS9N(Q#s z|A(%3Y!WTnx-?JPwr$(CZQHhO+qP}nHqJ@gc4p^W5mj-!>vrrf>ksU;CdPOM5bg3K z`Snq+oUQrMb*xoqh^Xy}5Wj7ZOdaNxJ@4*p_>5V<5p-uCEdL4709dGA=N~EC9By0c zGvIeq_}LmB-Aa;Ed1K*%QHEgua)S1vXP7lQsxcEHGpn0_9>de(a94%_2d<_O8@o9FvY>YBe(?elR#2Tnz*YH zr;HcKd&in7^1LLZ;sasc@AmzXJ9-{2CL$Skd23ito2EUgHObuZ`{PK*_5b`YP4o(T z*VDIO4|u5B(Nhe;sod&Oksf4U>y7DQ!UFWRY7qV zkIEs|-Zwp5`I#M$vu0zF$qT|31$7Z5TwODWYep5Q5F_}ip2WR8jCD)a&hE(ez!vnu z7$FO{AzMysCwUR|5j+aGX)a3tf!lYrFZ6s@qk!sIh<=IGNOXK=ulN;2rt^{oGwm_D z$Mgz;1sr9&Uu#IwJ}2IF=s2P_3C>Rb5c_5Y`;iv#-M{4aIJ;wdaV1^6tiOWdZ~7ev z;r_UX)n_%_@l-K=NZoEF-fP{)xshBbCHd(U_6hrCOt@#o9@3t(PtqF3B-zz@f4X@l zj3!JqKnE$>R5caNnaompNqR(-uT7c^Gj+4Cp=pu|z$DlKn_JBcF+SAn=Cqx-7|}rHZ9DF%qUh9HSzH?okNM-8 z!l~4Z&&uc1LIeXgLLMKMHN)G2pnCWgXr@OJM5W;ae0PY?aovYlqXPg1o9FnFSd&7Q!_hC=c*s55(^%YOOGW zn5z78hj&lhQ&y9lGj-pycBRX{4_bDgDS5A#bw5cv>wwz@<$(8)m)LqKx*Cu%6VfnX6x+swNJ;$j4%ajGI$XSX;T zqTU(Of@d#ZJ5hX&q5>v){e7kGKYv}Z!e=*+kpT-MfUjTgZ-j~azA`HbfOV80@ZUZ) zl<2rF+?E!p!#+Zep(-=B1)fLkG>6Tm$ka9$!dbP0Fe*-lA3MmLE{z+x+*cw8q6L|p zU+OMt-PA#o#3=vBNp8j7Vg8IZq>NOS1STXpAn(Y45-ducfc0Y0hHOHKl3$Tlgs*ca zo^P{95OiP{9t1}1QamSTt9rt`unbNbo}oq2Q#N=b6MI1xX08DS(5D?kL(SUMOmSL+ zI#S`NH1)9urw zsabQd3ocs$WI!3%FW0G7sn(R(%K4|ukN=YKg+gguVH2W=;USA=p=UWJiQb|Q5bbHR zTs8mc+$Qoj?dqX|(#g^c51pj;0T{XIg3g%7;M?5l zgKl2nkS6`q8E zH~JOUK?J%RG#{8BC;h}t!#D0LH4^XgQ}mr*!z+L#u`$7{QI*-p%>5-?<*7dnDFV3u zqx;rONZCZl`b@~52W=hrurNjJO zrsML2DBw!u{VHH}4tM^ulP0o#C4qf;A5v%K47$d-S$41(b89_gmXQc4frTR~mGl-*~r859*85n4C(oW@-^DG54J>_pQB@BBiE7FZjxIn%Prn5gXV5?J@ z$1F3spNOZ-sX9asv3#*J=kCo}IE1!r+YJd~Zv%LftnWZDQN`zF{YNKOYG&rIq zM2B{}*N*vRD69!4uP8q#g-6!Bz#xAD@b?`PEW~I&DScIk`bV6F1{nQb-Xke%bg8{G z*xyI|HE~@~gl~)y?%0{U(E*X7d`5yRkG5BvyRpBt1dFMXi+y=8OKFd0zYme38MeSK z%11ABECXOe_~5?mkrxJIIP;}17PQ1u=UC@+CFO*MBIFl zDx%DAj+}RUz|T90905y~4YbA{*xy*mXSF&*m@-XWJT#FyxA70@1rG^Zmm;u%wdz}l zj)b_aY%_!rri6N#!C_e4M~5yioxlj1Ed@H2VlT*%V*(*Q|I^$aaUZ|Hq&A-96Vxz0 zA<;?%a;(zLDK>5l&>5rX=tZk6ioZe?b@v)Oatss%7L8ee6ygavmz z7KBGwkji$oVMAqh0vS@*zu||5N>e;{aGs_faVd@o76EU=NP6>qTW#-lFu>qqSiu!f z?sR^#28JjTX>?@QhaZ>tUHv}|pm(Xxt4PsgfWZQ_O4B^L&FsTUG*o8_X3W|&U-D*tO*nq$*%*6xk6=I1IDA1n%&+v<>wlb& zUoI*~=T7?;{EB`?U+y07!rlUk4J=kTEcwIe#f?wI@w$1DT>uetz$fC_ZxIt!Ui5bk zJ+=uazbKagld>s{anXkD1<0ttYl(x=l>rttqVqkl+} z^hAB(c|#GEG{?d^0TH73YftuQb~%{brNy>x=AAkR{1XlbvpvMG_O)_ap#!X(&3HBE7e*IeF`7$gZp>x{E)&-eu)91q#|R2?_PT6 z#1qqoz2Lnj@Ultpx=ZgXJ4S?mH*6WqtU=?#O>RVM>qz7)sxG-=Cvuz`R#RxGUZX z&&WcpY3t7@dHY=ECPvMXne(~N%Q=CGz84}sZ(PsVecyYz?~fhd1Gw=+zpp&MvrrDL z5mL-4#&jSfpf}H?z)4D4FMOAlWQWsrMI1x*K!*tA7O_|AeVk9KW0}wz3x#o3XKg$s z59Nwo)p5H&3DOVN^tq}O33DUxyI!M%a26dM>aYpt?11*|s7UMr)lq3P|8%QUCn6~HX=6|V^a+~J5hWIxog2vPomDDkCw$0JS?eF*0`3y5Ni1!>wR z5!yf45hIwNx;ZRVU4y@Z31Z_T4CQ_P3lT|8AYLmD_lT|-CPQ+EgHmt@k^o!ld;R(M zubK(p=-Oh-=MV=>AVo)2yiB~X+i=}90exRW#1Wh*kf!@N!9+p?->!vu3JND%3<1%| z#)Rn&-?HKvo@foQ)l)e~`q4^P8G;OoJv(y|M;oxI|MU46^NnvSrF`2{8jRxa#=rg} zN(%x|%U4|hl!|QJ@*_CIabY`x6gN?h1&Y|$cu@g->*ETl?0;d);N%E4YEMaeHPhX)Tp2vX45gJ{C|`KGuO1l8Zs;F#YkCh=cz5Xj9G$_RQsb1i1XW znL2(70!c@6x)_nkX6sp}0%Vxq+HP<6v8k{PiAP6HRg{W6U$s8N*= zJ(^0FH%Uu3A)?-z1h;I^%;6w>zizLxCmIT{d4xX#p>q2`Q*@TKVQ zt(Np?AbIcnO<0U8p7^_XwonCbFw*|C3q6pg8l zA)X)_zOu$grHB3uGe{)et{Tz?bHg#fyFz%1XL{51PnOzE!n>N3R!~@XFpuknpciH~ z7eZ}XO{PWID@Q)QgyYV*!NGO@{p!iVF+`=b3Q4Ti->99Sz;;RBW)HLGVdxlU5dr33 zQz3U&maR@G9SX%9%Hqh+JtMbVGxG6{G!|CJwv2hL=lm@8q0xAM49&>OaK@_Tm=RE_%b>tt|OxId!TEmXLNa-3JM$JdRfo>XU8*UmGN6cu^!c1PBbjerc|fIkAI>q$152sbRZA5*7h z%4gK1O|yCX^6m@0%wQ%4whnGyIXE?@&IE?Et_mO(3(XRG?J+B8IaWTOhQ`vlmZZ;+ z>eb(Cd{0YWUNL+hd7o$h(^e-bCB;Y#e!$^=AN)$}CeA}QY8I1@6s5%UB&aOT$BQbr z=nKR;gp;f|b)Y#zx&xN=D?$P)@ck{COzXm)Suqhk3ruteA8zxEN5{t@QdNy_;zGaS6(q02F;%Y z#Y&v62>=o;o}o7Rg}{{C6z3FA6vvJ*y&J_1<<`*qFJwDmax9TrVm6#J^$iA8*?N{r zS{Hw8tE@{8h!u_CK8rYzaX%98CV*`dYZ|-)UcLFMLKt}&f>K3h>->_-fKoawcxJxIJ2hx@t%}Eu1)T>%gjc|7A5V9*A zS4#@sQTsO_ zW?(pmU0SC>O{Xe(gRqi4W9k4IinCn6Da077_5;OoksI`(ebHWvq8WvEmn1 z(N;9sKmpWBkeHb5B7=TaZJm0`6JFrCo91e8JPI=-@PP`InZ9IC4{#2F=76V_{tM4*RZW0Wn`HXoHV5h2_0xHlpO zpFH|b8m^4d9vO)@K}T^yQ^^RV(Z-@M{fmeZO3L5}39J}#3Uem#Bhsq8z20_64n?7Q z>$rqJ%uaG0!iS)fbliI+V9vtiqShdKoJoRZTQ_@$E61CvkYhuNkZZy3860(MaF0wI zPueXIKV2P^Gg4RcKi0Ks94?=Uys9{mjAeUCrHVxBKWXZ6kJe_7Tu4OYd2d*JVI${I zblV@>b3blr1zCrEFD-R^?ziF4KMQ=HD^tcT@)iry_hvvC-hyx@@C)pPy2RJP>jewb zojsSUa5i>df-59a&_=*>iZ~()$jj;PbTA@AAUT^T-aR zKTNRB4p|HT%qk4)Kk0jcdzU&4YvDIbWLsk8GkhRO7dNzIse4Zszt zJsa|+z#Zdgn!|ODz7X!>Wn_ z5DCyW5NYp0U+>4g{q+tl$_pvSozbC6wKAzwjBRV6pFhTTuhCX{cNme%u90N`V3SvL zMBD|ojp?8c$!PdII9M5PW>NCS=l={ewzJr^Ddz>TRB#P`C2mwhs>`n)Ii?c$&~nd3 z{dDXvk>SfEO#_CGcw|-uLGAh0D%Ko3eVIN`%qFa^u8uEtq2rdNYweq=_!zQ&I?=vI z{6_5t1HhgwEzIoSW-TE<8r!p5mOj$nLU=2h?vlO|{C<0yQ&`S>hng$7oLq1`cVGV8 zA;KZvA<%L5Bh)|yxOi1s?m^`$>9fXJzN;_O80nl09*c(qv=OzwNg4I-;Cu znC))!G_}vaJod}+z3lUY#-PI)dLlVsLY zm!$wD^=cPKR*5c^lU(^D_bIqI2R-YM2xin-IkY^C_!+UyV0>c~H(6Oydf9LpxHC2` zKr%b%iWM-o^2uP;qH)xBuujjR#4&$>?g#~evENVq->c(gRH4y!(NHnG%Df~tWMjC8 zI60C048BxP1(3y9x7G{ncjgo&#XYeDNerXtntP86FYJc1(CJ^%liklg-KU!0RT%^8 zS61IG-{%Y8OOxzf-S^G^LKXe&e<%6f^Zl<~SAwPYURvK{%Fo9S!R_2v$ImI<*GS*4 zorEkY^yC@2EkwZ>uO$De|M zN#(*cG8GrT6Mm03L87n+!v3)3tm-+x!8a+%Ya-zMdQI1@BqsXa}_J{ z+B(++qJn7FFdrDsUP2K?)FfEXk)S|fDvetSX@b7uHIKC*+!&=v{w)3NfW3vN`vg1FLChA92!lD^fG)oqoIeuOl@sy6>I!9-W;S)m zv&y%Wg)Q9hFT}=4lSkHX0F5;|!XX(Ea<9HW{ePAh>9Q-}syS)`1aFxsiOU@lIEoiV z;Ex&tuhNc+!bPmu3P%i8aCMcLK~SLcz_jZMmetWB~S%2-c@JM5f72KR&?a>rN8r*WS!0sTx< z;1fQ#Tj=tP0>9zb(F|}M^$EvWaZ>*^=@4_xxL4pRf6O6EMmVdg;i6v}WM*PgMF`n30X(L|=y0JK6 z5*(kj8MD!#?FyRubc>MZ9E>qMj6?GNIFnQgnt*68{Xv|tY}6_-EkYB@XiuckyE{G& zw-Xy+hGv2>d2UG=eyOQ@@nM8lih;&k@l+x9mo}QO>I24LrtnKM8Hx=wv?^5^d#f%gX}95k<2ax!UAKOXH_& z`pfDb;=Y9{_`I=2)k2Z}y+#W1+y99;{m-&q8VG=NxwJK2a1;f-oRS+p2UHW5363ZE zSB?nOp+1rQNrYE^ND?*8TNS*Wh*Gs%ovVcUB44D}c@tOr5b7nV*f9Yqd<=Vp4f+0(iE}C%5gZEf1x5*_j4tsR z4SHFAxyMz8I$1*981;fH{;iSAk@^(h-8kNceEH8_>P&ukD26L zQq$Y2D0GApa>C#b?Kdz{ha!zq7jc{P`0qvG;3+G|fmF0|^KlyX)An zj{8e_T;@A>(AN6}X1{F4_i&cnIOn$)rT3ab_i?cER`PSEwc|-76F5Stkzj!N2D(ij znD1Qb+YtIlz2TBZsV|`~1Q&i9OY= zSi&lz!|J0Xg%J)&%6&I3AN^+-4Jsf^Y?b-)q+HaS+UEym@5%D*e>S6Rd5#zRLe{2~C9K1ll`w7Mq>4TsY--GwC8s+_w)X9(j zy@7?5iVwSMn7qvh#TQ2q^${M^h4Ht?5O>9}UY3cdDq>^zXA>t}sBTdm>xnPIYsr3d zad?7!j{Y|GUbFGb0s$(#+e^Dl>dWXb_D{36K_#lvU)})m<1wmP(0g*jhKdO_C(+d6 zw%NmB0++f?B9!~^NnVu_v%i+7GSWo2GZRm(WSUBN_W4Ry9_5yX8=RJ=kbgorjpd5X z^Hzujl)fZsY%t4#&`AK5qGGEUkYe{QDf2EYA&b)Vi^rIMke@ZHFY!*7Tufq|fB}o@ zTX{2cfTzb{B^e4jItIzJYe1hmf2|ld9-$83`rV(D6t>Ce9>L<<|2Y(<=K+pSC%z|0 zIB;v+F-yyo&^7IfSg3?%>*^NM6lL-DvZ|pK8mwZVXo?VF{LNUsmZs=)tRJKt-_xxM zYAEuiP4~^)Nb0t>ybDZ0j8>gXcf#jlyfZ@y=0E|LH<^#;=7sgqWq57h}HA zvG^k^pT;!AZ!sYJOQCsb^ufs4h zZ`p#|hM9ekq<6+Jv)()6mnGdvr({_Ce~h~S@4>h&E8z5z3Fzb=YwMoIbuzeM7xS&b zM3FKjP|2jpJU_>7?2!CjK9Bq3D+ZWDz2gic^N6XFs6pVf=yO)PY$Mc=JotbB(gHYY zOomlFldt+wDf5G=YFm8CRmYodLs(ZiFVzR5j!iRFN}+1`6p2$-=6X$T6u4y=U?j11 zU210qm6oou^mbdP2PM1Wi<1fO$@uB%eD}uv7vu>JkDHZ|Q4DCBp&4bG0mv9E!<@2X zt^%o2)f>2vM%RkpombxttkTbz-e<_)o}Qm)Ge6wADvcr)T#4U^%uf&BzsoE#jt|tT z6+{P6ea=|l?d^HDlj=Nj>4von&(D|_7cQf{DAiG*YaNvAYK}$q6a@5nblb_{I@{K# z6wu(N4VxoA#87hK==ZH|5mDF@H3g!1XS_a02i#09jB{y297qBUU?lH-;G*xNRCqLK z2~az7y+!KJ6Lh7;490;$IXoEkh_aN}%|wyVCq8dw9^wjVWsZ>?;0{Q%JsPFy4?G}p3v5aEv!F7no6UH*q!c~qOEPN<0{ltu!vr~*MniN^gqZHZq5WqL_aA;9x zw#t;Tj2e;^&VnWxCh`XZyo%ZFo7i87cpSOJh}#bNeDS^HvF7lQ3gCOm?#B}y`XdZ<AhC>T1 z21iaSAp+4wdvdF{&x9H#IO&)UO1m#YZEjPmMa;MwE#hof21P=Z|6IDVp#UH~G6zhY zor1Pz-AyH@>JO6@8*918_o*CGv9j7MQ(f8_`Z|!f<9}qBlTFM*#24;BOFT_R3s(RV zkj`1gTHhNGGH*iPGY?JxH!OJv(DPtQXM<9tpEZ1BTg1&3ukV1Uwz0LiSYDQxyPjj) zNfgb5WN`OD0&bKBOiPA??q&8G=xQWZ2Hmd%$n>=DDIhhgtc0h3CI;zo$B^h#1{lk* zs1&Ana?259LzEcgQzGRD4=Fq*Mm}6HJWVBcl-XDt7e2v0b94f*&}=bOt(;$JX8e7{6RKkkk}>>?if<^G zSFI9Z*#!Uzn-~I&6>^;%hgZhi&5*I&xOAgol&a?5{-9tA3T=Sm4D*qb7r;D{JyThPGlI{ zUT=CoaL?zx=6KYot&gBau+3tmUZ&|Ct}SO{j>%6G!Ee8eCBme&7yKr+Q#m+xpxe|( zydXuZs7ohACsO5TfuMq*L4EJBhjfzw#j;N>R6H`54c9C5C?GgWL&i?$YD6a^TeDWw6C(0R)e7_9b~g1aSi67|1BMne(^?PnOrJTD z)scrlT?g7Vv=VC_S`KSChGJQ*u>9L^3Ts0aZvFTbHiFk3MhH`b31oNLf|h2j=UL)( zs!likja;HXIs;?p`JsU%PrDtR%*eu*L&&Oc%z*2JQ`>05wcJy!PN!x=om#Kiw8U$^ z4{Q@Gjwd4lWMfFu)K;hhAlO=KrrZ&;q}$%q9-25+@rdapgdRnMB62__yJ5cK?jvU9 zU3v)HtdG;8F745*3X?EUxwdb1C;C6_e5XNuS5~YizYfMIG)zLeSs#K>9A}i&8hw12Z9ntdCIUsp8+CR zdCD3j3oOW;MabMZ77>ZRLPSLfLr94jlY!V*h9m=A%CWp7!z>qR&1;dAR%UFGSP8xh zYOzW%a|}`6n831ANG*bYv6%t4=>!f#eiV>-hEvne9J$$Y)T-jLN8{}IZArtV{}iFl z`txfJslkye6Xny@Kq!*xzfTR-4+W{1PfdmGU=7mfK$Z%;u?<$AqOdCNHo046Ub&>!B3U#l>`(4BHc8En`PKq-!5NaRuN$^ zHt}jM>LjjUoLHLvBGtM}P@8%H2dD3@vNAVZ5AZ;@vd7=8WR2wwCbG3#g<7H4)WPiy z&-}lN>;4%5{}Q2Umiln`UyqFaGm!>q2*y#y8@j1vHwTjayf@qbkGJQ=WdEljq zwas~jg$dV^x2btEIcC zyfJn5rjonx!f0FO%wK4tNKscyPe>8u1B|GPLIbRG=|Pg{sf&pJ4a^Ql`AgisOU-D? z;uTI#9K&Lqcd-#rB%VZ&vvr$+y1%X>$BI#coND1AijtR^zvnJ#8lnYft&o{X3uz^aQ=E6B69;Q2z=};lEsggD7 z&-4}*h4}i+R3!>#J6NosE>uVL;zUK9Dp<>D6gByYAZoy8PQV%F@D5$QtqqA~8JZdO zq<-ht$Xf&O_+X^9Jq7H3!Q?8AP0Opl;8TN8?Pbb4vM_cXqj9{D=S*1-IWlL497DQ1 zGkDVtmZfz6Bp<#OuI^zh2a7sH#JLd_(i@xH~iBs4Fj?jq9_t`~HFMor+HKoyJJnn0YwW>)H8}p%Z$wHb z8Zsiy0Kv=9Sb}xUpE&UWXuu$#!ZJX833r{Q9>;Jb$1KS4k_?5t&Tz2OO|q^|v=1+! z5vz3RYJWLp&FcB9h)dSsK6%-^HKU641b}s%e#nH!k)tV*h3H?Ae<&4IJxTfsH>1hi z(43CzCq0_!gp%L!r{S|`Vx_V%{xUM!vs^|alXimxZu;AscaVAJAy6HmkS7?sn!vAW zJ8NDFsY3oQ_66yu~dW@&4B^bx&$cKoddAOk<44SPH zc78DC(e&_Y9)1>iMG51tRsjwTfjir4KgrV1FRxlZ-LZq3ZE({iqcIXgPt!y>P2h|Y zWV0r~`9=*iLtx(V>w>*YQ+gA?$V)R*3wIz;Pt(z?4ubCwb9A%=$IBFm(lYCR@!48M z`OnOIsaxqo1^9+~>?FkQR!ho==GMtM{Tztv zj{iruIn&msA%^jbKD=SU@?vE2ymsx;WwWvP7p+=RQ#FDXbDMv%4_>Yiqb7HJ6lK;+ zO!0=8zjk~uP>a*s;$4f5ian<^8paIBD2hssOYE{MHAMXe4@eJDobb9veS7HecU3D? z(ZuPNwdFH~4bOM9!nZAM2Z{HG7UmXJP-D~nf!A>qJ5{B;#WLc<+E%Fp4+FF;@np~x z5a>_i9<uT@M0?1P7JUx)>Tbfb zz_#3BRh=46or!Su()YYYvZ?}#FKW5Q^&%1u5_&r!+?Z(@TdI#DfTST02>1vghYSm; zFk|!3y7&SovI$}5a`Z2-7DQtoigjp!jZ%?Nb~Qr~E(t@UOfxF1`yrw2y2j7LNBpCs zNDgV!lrk5U4tP%KR8WLW32+!S8-pC<{3KIyoo&C)*me z0qzom3_Ek%+X5MbO^M^ICM&v9%X%Ck#vU+Vwl$4S*!CXXhZ30sl9)g6({)b0JLZN> ze)E^kdnPm7%gg^FM7LaBAH5_Je#rNS<^tyEaf{>v=Ew>E|IcjDcn~`4(4-HsMU|4i zg9xP%3an!i( z)O2DzjBb<_vj$Qi*R;5^Y#F2};YS>C>AdvC_T5hK5qkcUPH^WBz*LL>1uX03H&JoolF|kO*H9LMmQq!3VRK$C(vf`Xap*MFtVD!blHC{ z-&^JqS}ZNXqzgX<7zQQD`?j7iH<1M8;R~qm1vAXEQs|{}GPTMM5n|X$Y*JI1sHHU* zdhO+~m&J#TKG^!Y@0q8k%LM%-`|q-(j^XY!@Ty*H?WEVnDChIH1SuB!4>d)riXdAK z9-*Y0-U=ESYw26mH1DiGne9c{3nKuA% zc(!R&e<1^U@GH4!v6Z3$#Qy2p-nh$Y^&~8L=hc-NV6niA9DsX%4=X34Ro;5YLcFrK z>jkHtq%=Qfsr=kMXp#s)s3SYk`$WXIVVgKT-CLgomhgZ%v}X3mT&uyK4adUQ5G;3d zA@KP#2t?D{^P@j0DtaYKRIs!@bf9ayUIp-*%DLLo;29#`dO->lA`Zz-@YPeAXpM0S z&2VD_UYNHHxyW7@^5SNc=+Ph8Rb1)eoK~4t;`_Ie+wJPyAuW$M3~5i31P)|Pbxa7= z@=ri6pgznH1)JPj0+bOcLcS?|(yb%0`^r&tvb@P!L>h&fXhiD|C!~2d8g2@Zb9vTD zuck=iG35R!e1t-f9!X4g#?O&n1YFk3kSX5O(ub$YDo7PUR;yPce%n+wnL2xxT%Wy_YTsQ8W($cH_ zv_1hpC(NfEDf~3m$$UyBPA2S{j!(w@To2xeKQUgxz8P|FQ}n%KzW4DmcEd&v!O}XN zBFJq9bH9YWOtzwQsW-mXy(O7UxEgTU+u=v!tC@-FAy_CF5m%Y*68^>SlP5LCzvf=G zjO)niK2&Y0n=Fy_4gzDs+>01siFWZ!yncLKJyUx9kx~I3Rc&ffHL%kRs9<--D?=1O z2m$KrF4WdmmT$iLODMb{)n@lF#$3}3IjT;X#sa)bV``VYVfHsL>Mcs9v|9#IRQ9`JSQZ)NPWY4Q=xXVpN_d8x z;r)`^=l-zg1=ol#6A=PlxV&!VhS$yPH%MEZ{`xnk{^ge;et)?^OIjQcaF6ckXk%-O z-`)2cUeeWNeE{ZYCBRh({7fWQ8T$94Mr#XYBTJRS+|4bmsWLZVjkaR~7`163Cgv$7 zCg$pjrdn#Dk#UMR+Yyh~`|dNGk4{WZj+yPbz{74>ud&iajplaus_A8J;9XL}SeX}v*3 zdM!3hS`?pEo$B7rR!o*5=RCAmerHGJ&|+*%=A_nwjD*rqIBsEenHoFK7wLy1(`(fFBMaE%&dK{vR}nH} z5RCXOZFO(|#N9hAvrTvS(zmYP{Hdz%A*-osu4O!9RU{>XSL(|x-B1_7HgtC%zya0I zl?&SeA&=eMvPf4;Pw#>;pDpWDccHM5(nT{Si$gVvOvM_33Z7X9Jb)uw39aw~leo~S zYsB*02&J&5kBRY=4+6mzK?&5}wH<3G+Ok8wGT9z0Hi6s<&imRT#9GK0_wnlSCAFn- zZuIeUNiT-a^l`L~g!o1!l!_IlAq0dGy+hILvO4zfX1T*L`)V-u1DPNwa2bZ|(J^vh zS>lhNi6BrwlOO1-hlo|F9L33+UYERErY$c8L%-+E?a zEeHoiG5nCwyR_!MIRO$L(`bV5anLx;a@3Y}g^C0;*gb*Y#`Oe1jrUwRy^4m0r#I!4 zNqz)sRGt>ghh0XMCwiYKl7ylm^)C4jwwWBISBXT`?%fh`w|+{R5?HlaWofWHL81Uq zf(AXS<0Ecn4lZ4|SC@E#ywP8i$tw`$*5nyWHeLrc4jO=jwn@hZ)PXT-BQ6`MCn=x` zmuZ>UmXTKi2i_}?t_9j=nQQzo764G-YX3oedK9VgYKg2OQXGLnc{<*kC(9PfE~Gch z=FL`g*n)#iJK4u7u<7``8Ya4#j?FjJqjS4#y_md$uuWNh9tNGKHvw_#M5B2k zSbpY6%{k7xS2v9NjXLa`7mv?~w#NY|22eS7wnZ`8N>#~|?f-<`c|*-mx2Cp#yzL8`L$SZYFDl)LJ_KbVkMe!Zr-9wnQ zG$`!5p{U*5)9bL0OYSb8=*wDQV#o?j8k)~ygH`pCzc+^_JOJBS1m>=lDCPKwd_#R* z|K0FzeONa zhZ99WO=jZrvE_IBRQEIW@q)+yhvjPl?+X~%NJEP<)=JI?^#EP;HfQ=>>3rFBq9E%0zkqz}cfs4ggI(GN2Cf~cqDdC$SPl_h@ZCHIl=Qb8SK}4&XYUW+WajuHDzQS>wD|XKO z{#I~djFHkIw#wr%JuBQ6>T)ojlt?zLTC_c5#<)TmMZvz$D{pbNH!w_kcq>#PI?IIn z`xKY>;W1wapQZ9-J{=DmvK$zt=zk!(`?VFV_(cDqL!CK%QN9ph6s}5*M2||9^xg!Y zXITWsWVj^U)?>JrURSh0+;5UKrZsEU9wE|j99jo~X}3!T6O%SapfWXu17pbTSOdhg zeHLNS02wf%=}Q;IloGF z72<^UaBDf$#m-ymRqLc)4ued=Gvxua!+3JI?-U|ZceQ6EuRQ*E`|{1E;8(0Yjt@YD z%^gIgZHETx`riA`wM)I)5n&d6N~F2@s(o#p4oy`8U4!97Aw+i9Z=b_QO>yVoi|6z% zwMYRP(yD_a_9Vb>H}A{$e?-5)eDsidCpSgv>2Q&LO4_WqAFtoAadzHLBr+uY8$g*F z!VI&h1lU`$q&?#1hy`j?NvFdSF11mGC1|PLp{W{jOiYoN-Jryo)LDkdq%DD2jA&jX7QDo0JlNQFg{RsO2Y^F8JxO?oKy=T9IW za<9Hp2X|%;I7&4 zZ_%!eANq6rss=u9wl-inAAEacO+`{!s~m9E zdLj#fBjz)PZoS&9L+XbuG7kgULU`h}w-V!7U?(yV3Aw^tDDjV;r-y%%=YhZ>1Ci(| zg^1s(Ff9z)YL$xYWD~xh4FUi>Ed~Rx>faO#uDaQpzWw@H?XI63PG$cZ6qiCT-shZI z^i9ttsEy22l?;-x)|ZY-xX#mdbBnaCZuQFt7`KzNQR^v>sn}!-VI-edl-aQ#cl5+6jw- zP=o{Gm>~Ppi%)b#NH9v|5on`SGQ1gi#tzN`=H}Thz}U4+V6Qo(@6h(33zP>rPo&pv z`5Dc~DEnAD&}?LLqwLEc;po*an;C+&XX;kZFNnD>`BE@U%0#-PoT*db5#r=B5}1(K zYHMH87&AMMb*}Ov!-;m#%&=rWj}B9U*2z(`7f%lc@Kcm>;o&M>A@-C`?z^AZ$B(dS zmiEAzaNx!eK{3wbq6m>HP4RCq1}Fz55x!R}k6Pe*o+<}-9Z#8tSG&|8wC*z)?aNu&sbhvU2UyxcSG;{ zQgnO0&Fa*KaFKt{f4hwjy1wtadXySfN;>YJ&#Jnf&XyJt4fSf@6S%%0nlr2&-yrig zyPeVX$Jrb%(cEbNJE;1$wwJ@R*)6-BF&1j!-p~6fSVnRKqA6f7#RgZO>+8QYGcwW^ z5CcW$S6ptsr(u4lVc$7;-A*U8#_6Nq$-}xD&vlV0)?1v{TvGMVpEEZ!rA}zS{qkK9Py$eO}CtmaarVOr#ZEFXAGZ$?% z)1d^@hp#0z<5W%<(wR{d@eA&;l6!Oh1Oi#@*nF!g)WXUrTLy0477%>$h%{1Ot@4_S zN-SC4AdS^Ae>;cGc3~5%Dmk%?c9+$LH$qvRkdf_7GLw zcqKdX&akiSQ04~BwQUI<5;^~uDwLh;La$D(!LZmr!4;HpERUp4g>+n}-lBTQF)T-+ z0q=?JpG+yX2YHu4#KY^HK2V8Te3qMa!9pzSS>-T!|LqTb&mm;16f3m>nm?d)(Lw9X z6c20sf?Nc^rA3zs^MkIUnP|2sVpP#{u0rO&_=Z@Y3SFUHjd#(%GtGezJ;7+eqf8TC z^_G)CX}_bnA$M$+x`q-5=XCfJf)1Bf(|e1~o%T(;Rpol2Pr&iR1YP zAD^*_QREsvb;&dSy?tung_BEn(=~h?+o^P6r84inPh7w%lpj1JM6g1e;Ln1*lJKwy z>}_S;hQduEmJ(qF9wb;ZWO7lXIw}1OFG4x>U|rgvks@x0q*MWRe&pd{C@P>ER0V5L zdNAC2j7tb{1y*aRNYXsrF_HFmS)FWWfeO4u1^jX4JC=K%%KyXHTSY|{MahC#;ZEW1 zg}XZxUbwrvyOX%PyA^qPL}^-T9ne%!V4Cx7yuvvf%GU=cRqHtJaPG2+FX98Iq!UZ5c*uT z9p~Yx%xvrKe||vO?eu*ASR~*1_wDfpE^zbVcC~p#$6m0AB3Ff#XqYlih+U@Qc6$DHsnTJTC?cxVsf!uHNyeQ)U}n@D z+Dq{md3wT_Mz3x4c{_mde~I}Ho=y=5w_@78)9HoI95{1^Jww`G!|3y|R%McBD{dro zh)#nF8Z1AGOP=nx4`9wB|D|d0+8c@UKi~;_1Y~{okp~1(1gOP40VbVL8Hl2XxCH%( zH>ga8w?zdHCmFRKrgI`4hmZ_s&RAa6adr_I7U>|d!dcgxv)8eE%gOi}$n=IppQ+&E$TJ6ERLpzhx-`s?iMV-0vwT}a$~ z{+vZ{!N}!soY+IbjhW0nS7l7CLGq3c1Ke9>!HFMeDqz4H~@$lA%ccC zjwn^L;0vnPcJiiZ(e0vytHQpqR>&M= zEwdR{*PJFz8=zRytWQQ{0DSzi9P^BW7e0#qqE*Yfylw^gGW$v$MruiVPT3MZ4`P(p zB~@KE?1Ns^uoN~q+kUrJrKxu%#o>EPpdHMPqda-ycND|i_JLm}WP`@MBMxS+>sNc? zydAB6saz2Xy%JB-h5N@KXL;nYfGjsIyaKEl+-Pr@CACTRZ%PS6^Wly0e=iq_hTDbq zm9yq<85`7WFXm*CL?Y;iUQFgbK2l`6bAQ5r?L|^FM9FQ7&&R;F8+wL>YfyV4GifB4 zf`Eem-u7zYaA=5VEmPIFf_v?l+a4i}k&DhUQgVo}1$QQbu!ZkGlVPuZt7Yf$eX;=i z;kobbaLR`P=B#i$)3+BZn(4$-me2FkVxJe4u%+r3%8UM(}9xbcn_D92)c!fBLUGtB9 z69$QRO*?94GbzfnFenb`!o1Xv4b4fFsTaDLI#`-E;JBs#?_|rz>8dHM4cxGRK-32Y zVFpV0Gz(gIj%gYQq_n}^-1)qy$e!RX=@6Y zM8p}ile8AF)Q6w0`f!a}8b;}JEIe<)V7%$9>-fK2+F0Wgw#c0t&l7^$Ovml0hbAOn z*E^*jkl;k9O}=>7;>skdf4=oSc7G-+m*UOpvK%E2AY zCatH?pl{Z9-;G0!Av7$0Lxa7ypA@~T505JX4O53P=MZE4W$QEB)ZaYJi zG_O3ySSS-QDGeIb=pp{sKG$^9&HV#3MH}0qfzsY0Mn;KU87spr2iADZ;$?$F(w2UK z>YeTUo-g*tYlzE@2mAMtlybSk1Y*?}h0UXAO$CW=1HKj}?uy-F+-FrFh${=3f-@k+ zq+#M+%MT#Px@^;V&nQs;%#pOKzY#b>AZ0n)e^JZ)XRFcMBo2c9yJNw|=>pCzJXQt! zy^Un=?(LUp)V)>>;iTMxYC8SLq;@ZR=4_|dG!4DJ#4TT<(Zi9CU8=_WVHB>4()WBE7~=?CF$cf zJCUrmHZDgwI2>?(x`3Zl^aA;>v{JN)@1&g*EXo^G&ig}&`HJP`osc=Ys=>StSsmH= z0Li3QLXcy{Ombw~A`(VKAie>F=!XaY+g|lQd>@yph&jt5+epE|hdRN)Af23)jrdIK zoYYQAE1!B!?6@l0A605XfqEJ^)3ifD;Y@Xkdn26_5TFuA7F4#NZH463+Uq@7I^_DT zrH8%b?3SpwVHSX}Knh2RpOP3=KR*ACV9NDbpjz9g{&e2j#yJ)~x`_(JlpoO@wjqF)ZJ#_ERMenO7g_02@~ z&y?aRq4e8T2Lb^IJL0YhFUr*Vd1HMh#RXah8<@DgH!R!%XXJ!bNz4xJ ze)7~E9GQ)C&Ze^zp=g$D(a3L-ha9$!S>1{^MhmQ8b65d@Rn)z6sWL^49rcmPIXV<2 z*fHEO%$lME7@1{qrx_1MhKIe;Yjgf!`0&;6`hWxLP(y0}G+6#Za)<%7wd6B0jC9@% zY(1n?50fHgx=7y{uAWe@O_Wk3Dne-UWq0zS7R8M?y+lq(fHCafXS2}M+zi}-wj z?#HLo3ng;#U*xN}@CTCoOB?9ZalN09vD==wc9jr@kTOCCc@v*M=z2OWULM7J2d^Pb z%VG)lIZ`G&IPqJ3-r3>M)8@P1=>@J0944+fH)z$6m5RB%J|`aF zc7`wUaoR11c)C{)Z>0IaV9m0KgtLXPHs~i*vFy%qFzB@1Clni80Iir-cJU23wE5~R z>))E*w_j`X*4SpZbALJHH!@miQ|09hxH9#E9~Fq&rD>DGSZizXZS;r*erU=~kwmG= z1)H%mR4w#VF84Bqy~S~ws7&L};-l%)8u`SI`e?|%5N|2%|I=86rz7z3-v*&sv9!A3 z=9tO3{0nv2$WzNv?)q6^?t=OO;?F5ieI5x?U^Cb0`69mirh3qyRFGgA{^MPlLoK+X zsF3}5qqMw2^Mg5Oq$CotGclh!7ow1mpLk8!24BK-$Gr3O@v%v>OLcp@*CsS7eSRWw zlF$a>H^2H^Vw1D$RZb>F3GCC7h2FnA#W zC-9QHrqR7JIBNcWleLx=5#_cR_o6XKataHUMU(5b=Ik&k=(T4GB0J5&Tr?mz$-A+K zB-`cfE4AIaRi_IK6VmFUyz#nV4&e-9>&ABJZ!uE|%;rQE#9>Z-Vy!X5j>?d*?Au^O z32*eWxlbq-5>8{EqA-$u2Y3lCE@ z#M`2h1ELZ%28I*ScF)f}-sXmJ_{vt#N;6BRsnst8W6tR3^lUd@urJTEC*IQ<-bet~ zf4ly61qkeWu}0oT%*hdYxG=ug)j^g9?hM~$0%)~+2Nsdc{ytikY15*{{E|SW(1X?s z3)+;s6{fdoJ(u=Dw}Ao(biqw?r_JvvNO`052+dpLZVoQS6J2` zO=XNVN6MZO+5>|^O~ii#se!KMZ85#|j2URB8qO50oR5;|F$;2v5_>CpGNWJPS^(9M z!`haWmua`{!8|m(;?dns@7F+vuaj6`u#Wju{u{-DIroQ?>`)}a&rHCF-Bpjz*HEgi z_hGV{F5p9?m1ig?8GKt2XVvA@4;d`P;^Sb@ux4)6>IOq(wTZ1#!-};+98z~ur4Hi| zo%pA?aa4G0{n?}Y`*=l-eK~r&D!kU$4N{K?N-NC26@`VU^)uGel#=4VmY(!a_Xal+ z4wemTh32%XdfvA`pc9uITi!q4uZ`H=`{Cr$9AX1 z+-SVC9P;vcNfM{5EYLaLQd2d>^BE3E=VtR*XlI1gUfxq4iF^~`Hl?8ZFYpg2;ESaf zL8NjqG@snQ70m(1N$tXK< zLLFvSQqo}y1Y$5NQ0N>|`B+=!hJg{B7caH|1^1k7)yUP7UG$APZ+5t%S$Q>R!!TAj zG;+=oRZVUmn&}TQuP9#V{vspMVguSNhpl^sE`EnfGuz)lAu6F*&iIGc9d05AZx7j+0!O5jHX1- z8PT(D&RfO(i3q$Bi`w{v*W3=YX%kbTmv7JB%o)opc|i^>$1FVs8w{~(%RD(vm@&2C zQGy%geG>BSE%+rG8x#_xQE;88O_$^a1>%0?#&D=CejidWAr2X~Eib~0mv~n#Iatx0 zEY8KbypNPAyq6Tp7X$Imo-F#NXu+aPBo8{ia(vM0XXTb+@IsU-LN0IK)}eq|I-aWuAfT> zW?AVY)Kv(kH-zNb!_W9sCXwnlp>{{y$;)%&b&WYaMj?yf_@oGjs>|5xbxv@{M3ufRk8O0%8K zJ@wd(1WIlZs|U0eQ~YU%W0aKDUK%<~4#mAX^1d*CO_(4n33!1xh?t*fNd!Q3TVERv z;rV)E;q051kOCI|Dob{*DUYu+$_G4-{OIFU9x9`LaMA`R-lLgnEvmL)*ZN*$pg*ep zCOgYjt;E-;PaSm(5kX7Ee!heVY`xZ&IO*479=i}!87njH1!(3*$11^&P7vlNnI!Kc+H-N8Z9z)mReOAP5Fb{p5}w zxiT|0XC;i$q9?vI&qC|=1Y;rH@?`{x{o1I#dWs;Jb(EUNF+0TXdxP2K&e)V)em!}M zu4D!39Vdd|RC7q-W zR%ZQeSDJ3jAu#}p5R`fc0~r0w9u%IN4Ps647y7{w*p#@AYv!GXgyofs8KJCq%jR17 zN;xwX50%z!+F0bom=Q<}P_af;pMVTW64s^%B#YV=hYsM zu@Kx#aX^DpfOJmI`lM{6M9yC0SiMMW<|)G~y7@IsIn>cr#J9g32`S;+ij#rfe$i{3 zPN{@)iYpK|SR0!kZGQiu4g)gB{b40yKe+u&!eQkD>Y&o}7vg@b_vE=kUsL|r-P$jva7%?-;INJR?aA>r8QpILiS*lStzf<6Ab zK$oP%0_O+b)<__JcrRrjxIV;J6lT`n9^)5d#xUbg1aGih_-|haoc*!zJ1%wqX$L>( zvHrAet(V&q$|JzQUIR*u$C9P)Qp=MwVuu{-P4UtsPV@(=0`8Fa9j3LW# zKm2hwC+;}1q5yoy#+Fmb!AasX1k!jIeQhJs^PCM?EH7WetU06#SXDXTl@_9hC#rw4 z72FN{ATnET%UeUCLbyK0JeL?8Qj+v(T91TZ+30Xg1(27@Uz8+2y*{UWiL^KLU^KvHxaz>r_p=mux`)3|>J_K4%YSl~Yp`E_Run~i9 z0WHbCOq8i*50?dYbPf`Q@YYk`Zo*NU={H>`&$af3_7EOVS!1DcCZWb zix=N}#{@kZtU-{a08Y(}GD-3FmJ-ZDLp)BnYer5c?-IeRD4z)66``}E|(WyLx1VDIrMx$nxJcgpr{+HQx zcM7dm!UJQ;c3DGtj5!-$xf#4)eBSQisPy)2j5o^m{0j*LJo~{zFFXrh@52LEk)oAv z&&YO%YlM_a88yxFScB!IIx+9(P1w!%r>RR+iMr5(_XpZYwU(9^5vCBU!)*z9Z!7wT zwvOl`tdy&p>(}S=SFag$G!0z?&3Udu879*pHLOY2_~K)Uz{de=)+0?hl8wTr#r77CJ9!PLV% zR+QTI@mO1_94F!a#kC#X=h`~pjm>|cL{Khq7t;mP?C)}H_)D%$!I-ifZqKRpX`d8! zN=@NvBzMn2I#_7;wEr#MZ-(rR*5zX&n}=Cb*2~|`<&;k`xCrQX8rBTM zU#Q~@GG1cIt`<=Q?$^+rnp(FebkhgkV!&+{KtKE~H!e&>=f{WRy!@Fvtj74}$%SkQ zdkg!{C(zZ+>^QXtsKD8xZ&b96marB1i3-tpLGo^-`dXCokxz3nuu(G%RRDoI(~_CiIu!zp@p+8B~gUv^-jDp&dD7O<_f!| zI89#Z-^XzDdhXBp$5JUTVaZo&Q$?H;tJ1Wu;1ZmeTb{&aV&(O`zkGG{wEcGGFNnez z8&r(aMJDFu#6QVV)N*PI6Kj$OqBP&y!gfWbOp)l}cfc|+muU6DGTs&YK3&p!zsV)@1@pq_VhS+wfT zwpYZm|5OyufB+vl6vK-qWaPLE!fb;4k0+rCFGjTaJ0rn?3*C%a7HVch1L;zi2bd_! zJOi_A-&={ohG^2#){tV69m$#4{qz%A>Y$Zi1wV&k$wdfN}BVD%SG<_(t88Z?jCsllk^}RDD=%<&bze6Xw;0}ihP&y@Rqt!-=1dgGk{et`cqsQz}p}aAW z*rxC*NavzztP<$?+I>%6N>;1Un{)l#+WFW500Ey1BeC%O0*vfi?oD%1sw4j@-rW_b z(S~cH40k#`?&ZE7Lc6;7bY<5vZLKRCTpv@izLa!ysnl3g$$VpkNP+iH)WC0b<@wgu z7T|3_z|PL@>z?pagX?c{{$=gf%o>K7|HZc*QisH$#N%pm{i_+M)Tf!VGwAreA*WwFR`C9w$=hhj501dPqabt?d1}VCGk7?q{#D@j?H?Atc za`G~+Yty^PgWqfVIasLCwF3%qe13nEapuMp_E@v?#cDp9p&X_x1f}!qM{)XPtmOjbz?vy`fAJk zw2S}_G=^ZJZ-c`eu(^u9!ID{lU!zVG9gJ&zk?QexaZN#eK}OoJryqd+_yG+RR8$ zX9(Ad7(5s504Ml_YrqndMW{Q&`EXtPIEz zLM$0JH4}HDU25l!YTg}EY?Xqlwb=qG_Aa{WQV^Zx#6Y&@MTpgTID}n|X(#0$h8N6Q<|`v+p~q*o31+bi|L4E%4J2axxk__QgPveCmLHEY zmS?;VU4`Of6emR#J{o7FTFvtCCi*}G^LzMm#RVEdbcd}hww7gfgNGN`+BFe{zWBQ- zf6yCo@BFUwMb}n_-Kg%2HJvRccznp*4Q_5PT9B@K37ysL?R2t)w*gN-dVH#1LSW7v z2EZC)c@B0CF7S*L3tjv@fOOb)*I6t7SG)MROW9KncBm1R9tc2=RQKxR1IK|7d%(94 zI68NF);Nu}XxBO<>5}x)vB12>96Vxw^bY%EHpYiW|-rHIhBM zYkus3WWdn^_kcbUSq`7aL@OxxR0&*I%E65PyXr z=7OY|EgEqMVj7l~^uFHIqD+QfO91O%`-ER%!rcm~DTaE|ppl<8)2L5R9tur)PXYp9 zQA+V|3o`=W(x=aplbep~Zlj!zdgh1wa(UMlU~RqSNBHj9hMRA7P0iE{1EV{i8CXS9 z1;Y2er#KM>&aRmr8G;lB z*zMRUUe4XHOED?a9>~zzZb6S zZhwg6u&S64DOgH{7z*RLx??c4>@?n(2<##>%{I;+R;C+SA3>Z*HyW;VPwgk5kx?O2 zHgk&$&W*idYR}H5Ixb89x?&$u zs303;i!s>#UPgvAD=yAve;d`9?aL=w4Y~J37?!bnd} zmPYbF-g}8lAnMi7;TA)JXJ#H}Gx}sVdGnS>3OKcc0JbfOP_YG!sH^^YF!tPR4Z{Lk zT%Q$sf*j0DqugJxo!&AphSZc}dy3R**!Rk5Qjpq=x7(4RDu$PEG?k9f(;w9SYoEmd z@ppK#GRK0C|4tg?u>l74uyiZb(iG#!kaU%nhIA-~-l{BCt4;>@#{-~7h=`~`xhmFI z{_gYkI9ArXOIJ^qSTb?Ka?C*nL#=x`4{6t^DLGtneTlPh`Y}7d*qiP`>nRR%1CA*^ zDEqf6*TgS4N!SQY0M{+Y)CjdsP`lh9(t9u+WlHiLafp=YfN_LSY38(?MQa>)UBvVzR+`FaPqKY#N1 zYjcXse0=y^NodrUBY`UoXJ1)s)KufZDVrAeye%=jYJCh4e%?F-zTTg&cfL;L1n$qM z^Z$PBK7ZYmlV}IrMCiLiX*b zsMjzO3LG|oHux&iFMk_}20*8`)g?65F?WU_*na)%XOGBnQtntA?Uq!X);or;FU8(H ztZlLANRcn=3B%+yEdv7q1A;Zwlh~v8MUUJ&m~s+`bM8hcA^2 zO)q1Y;6g!(AK5)Gl!@?&)U2e`V$ca7lR*qb3hg(`aBDbp2E_*rh9#!%2u*HLgvzIb z)2ZgLfC5RtqbZV}D2%R`N-PPu`C(_TZ3!!~dHNp-423-L8jdvigUqbYR^JbdVHwg` zt;=BR(3(5kZXBE_WofM5#U0^dVznrJO=Fk3KI72^J5lwfr77W_OiWfHHrChB5m|MV zfs>+=aR+jdGgG&A&dd%VaqS%>Xd}=si`_i%s&Y`Rzxo(h9Zc~>25;ckvDhe>o0GDoPTF80oQ-~Ek$J!aXoLwgDX!@SCPaZgV|5Xmr z7T(Ax3>HyuI^d?ItJCN8tya(Vr0fZB_H|eCg&56OBaga^4w4~(3DF`x zlTn*GULyxLot3N54KxBskFT+n`m=j8$QNb*J07%PKq;hK%v#7`t?Ql|hU@ zGW+WypTd^dG^L+LMojf_QmTC|E;Q#T%@$ja>b9HvrZ|$-(2{br3`Z@EBBa4YA?9uT zelO4ULYY3I5Y+T)v23`<^D~rkq>O@awk!`LAxPsK^Z_;e`Rq;hh->mv%DbD4-%Dw^ zlm`y(j{vq`{W?Tr#CQ8V%q>-=k@^W-n1L5GGc`*|P4OFRUC2f`%l&woai=qR<6_rr zA~UVH}!Ss6iY2q7tA4_^~Y3OJwW9cpBU^pj9>;krT8|@t( z6|;T%eIMVzxe%1h80WmZuI~02@Ocb)Zvni2uO?*-RUH7~Mi=_i*s5G_7j_uFub$*& z$A&kHTjHz3R7Lx+CYb3yP1+JI-mHClX5R;=N6yKorZnqvl#E+YRk_Q0*vuPiAOC`x zTNaFrOqSm>wU0-igK{s8ybR*Cp|1Z=Q2oD3{s-}_YMC;LGP!p*r=~>}_w=Xq1IzxO zVWi{bz<#e!BYR$NxR=rb6#+Mw2eSu>pHb6Z@0pE4St`V}@1W-7$_ z9N2oA>TL)ZNnotb1 zJoR*c{OiyFDxXA5A6*mT+Y)A7u&n8*8yElPlIEI5*jBHo!00ug|Be5NXSrz6iUA6g ze5YMk8!TN>JwrsfFiCTtM0jOUTQoT`Um1eGytS?z)E)~&yxTu-ZHg0#q)LuPo*~d2 zooL-C+cSximmq@_G^|U6(_*tQ3{Qas&*GIJV_7X?Q)0UC zc9FGL!Z^*Id3iq+Kor$R&8wAzNty-caq?m#+o-RvP;Oqi%Mvp6q7__CGn_!7{Mb0*3 z^7iKTK+;Z+<0@6i{#r~`4iN9AjqdYAyt&&*JA*4Dg_l2ioP2(LoMbmGGOgURM<*7f zx(^OW&F0#cLYQac&C+ke($TqHO@9ongSWK|y(8uu>Rnsl8xcUPrY9$Dm`7Qu@kGNd z+Yv;wLaYF1Hx;?$0n)!p2gn@Gp?No(+p(LN;qz_UGPA?aoe@@I;O58Am4x6H`19A{ zwr$@DC2=fHYZvX6c-a?aZ4A6x+UAkso@0dN!O=1@$leo-Om#fwZiBGRLp3}vxQwsfI5&a9l6uDY%+DjDg)`HLBg1UX>3R>jAk?*OzlT7qN} z#dFG2Jkdp%iQc9r0XU#y*4Rg<*RhxkEu9u5LmzWAZ9d)}vaji?nSCDGefJ}&M((M2 zV%E1*HkHW@uW^^5im(gjOk8fUxPhBEa6VGE7daPyPwX6S#naW=PquV$=0uL?VtrDq znW)!4ymO-v&h>5IzMY%(y}XX6GFdYClV@ULd{qQ_JEU9#=!O2RH5`$%?l{GDiRe9Z zYt%N0Dkx}>F)MEC^iyvmo3JGE?#c&jp4`5#;T@ZRK%=drEHwt z!FTZ4HHcRX-{$`O_6TUQBcsS^RISUW4S?ULH#hivc?sLfuc-Aj^tRp6tuirc;ns`l zD~Vq}aT6<8z8-(WOj#MNG4g#$A?)WpOosJhU4GLBprGw&h7C@>9ei(WAMES9n9LRP zcUv;b+FlwBWg5`{)R@?9qZ0{u_O7blJ5q0gLrGUDaRO71Y}*uJyb(V>o`85v>O(vq zMyei@w{0ye$8TO%F)?x@CC?-L{CY{bEE=gpmXZlE(nHLW`ui!7x8nPfqEteEC9R6@ zO!3(Wz99~yoJT8j-(EygMrtok3u>y`fZv#jISt5ZNC0{8isYjScE6dC30pB6@ z_yo)r*}E%At!w-Exn`L_Yt2V-0s=gm?%$K`xU9uT=+*HJNcXJ%&D;5=)PppCqow3u zx&a>50Ci1GL)t2!HM%yyz0@B4((zSgAT{5WY^0MR{n+@LoM@8IS&jO#Bl)bmUxDh< z>!lr_qp4}i+{MJ?#|O0wVw^M}=5)Xc;qt9vLZBKx?zpWLaBidaz*>tqCoSvefoEHoj8?+9p?f_Yp+G&u3 zEUVsY#fbF2z<}WNmlT53m%xIy7qMb=hEChK0u%$H^OR9FoO!QO+gwqzrxeTRUrf37 z@RkDgj~%lhKcQ%D0wI}^kEmZ>+KT2`GF(4z*HV?8`KR#iIW28?0d#c7Pra~9tBGBV z$}YzlQu}&?PQ(Lsj?LrR*tgWPTGZYh=KIl&A+ek*B(L?PgLyrZc?0U?JNk8zwY_6c z`99JC?r8sTX#Z8g-GnR$q5q|R`?Hsj$Ek zP5yp&ojV3yzJXiZu!BcCGOjF`~(@?(zo zIF6vqPg@#Ojvje^n5Jj$YigoSB^5(UIlH zPmzsSEw6f8)xv2RjXOqIYg(pm4n#lUD)I*AgoD588^a>;1H&d*(e8L5HC3dYE~;_e zT@YJB7Q7VVvn(_FlP(bbMM1vDEc7>-#_k;_h%R%o+M{G=d zPPeX>*raiz*=H0sR@;V$riQlP@$|OAPlSSVCm{S8E9irz;w<3Ws=-p(@vG&38qYaH z(2M)^N3~fxm6+(LPBhRaR7FZt8QQpocb_<&^H^;V5YFP~M!r)m65$!o%_$bIVfZ%G z^;e)olLTWGw`K9z5lVH%O`VkL{7j=+hwRKktzPD!sQ%JQ=Lp+rm$pa>d7o&Zd}gO= zpF6XeZSQG)8SOpk8E3vwradHh!nu#?-Bsb`hyVbbH?3redGSfd<;%4!IUl9jN=~l! zg=^TA_TW7%EEs(p{}h}hs%*lrl3N7!`>Z-F=v05bEOssDnYm&@u-@t+3Jj`4^AF{?jGfb#q{p}Kk%A`UF!%E$+Ljf`B zf&FHAwQ&Ez8q|sdjSz|%GHio87q;Gc4+h1;l}8$CSiT#_HH}OYVb6)F#%;5V1*#66 z`iDPe6Gt@Xcv4HW^vLphLpk~PGfwWn;%*X(!E`ZA!*!c_CH*}*D^KKR*N3-^Vq4Be zJn_%MiNyn=KHW-bIZRBFC9IS|l?g)rIG(^Ic#jgihm@XC*7DMoIf5?O9i#Zo zyB7waPyf`%O!;HPnVSx4i%vdikySIH=2voraik7!T}jU+poUSAOLmFTldNpx+&wD| zkUmW4$u?4D+*=hmA|4BQ;Oy3&`P)B}VuOvGH7vmeb>+-J$c2vzY`S&w>}$=iKY0KL zB|;M5hk8|&8u_9+8j1P(7{|q*i7^waAHf!oX=i$j9QZux*^<$LwB5TXx+A-CHYuO> z&K6<*9pjG#t**EXQ+-Rs`%0w7oPBT6Y0Vy~QbtM2tLf9T{b~*$55?@Hs;(e-xZ2ob zZHkw8j%sM2C>{qKCqLLL5^dZ$_O7%vM4?v69K06F5kl~Y4RUkF`Fb;69146r>7`cCOvd4^QnjZV)u zDpbs}ma5iUiacB2OR641X$p?L5kcYmI*B)RRM|{wHQ%v!uXbyZ6SL;XHCroDqxy69 zdqkL(LLU%3IZg4E3rZ+YxlV<{nfO{bTiWaQHmvM+x;M7AK3)tGUx)7I4ZFF}>Hd{O z2#iR%W=xa#(Y&T3AMIXb+FfBn)G}!Ch*LO&cK(@lSiwF6xA)fET+9zRc)}uDZJ&?y zS9Hl!CeZ4qL&#OGZ#M2^#yb0Q4H)0ERKHG*7`Dko|Ei=zC^Td^z8>LN6SFj}Jg%qS zZsoZr)147!F#oO*tB3IomNK3k*EEVXJE$A zZBY5k)%E$YM5voYoxfsyCn{YTb#3)?S7B77czI#Lv^+F>@ad3m&bY`?oqjBG2jUKd z#f7t}s{<-U4VPv@8eCFXEL*<(XQgj0JR$2&e%G+guS@rz0Rzfw9PES5uFqXy_&e+k zTRUf1^$kdzkUVSN)>%gSp*fFL$UxJmJIGP2827-`Mz!gK8=j`gzO&xuhGdu!p3HN5 zWr3Bg=^?IXrD=G$7pJ}4Z5BN#6K)4FKfBF&2^aB{n0;g9=l19?t*_6s7mY3osA5^b zK0@+J8Wk%TD@uRB`SwVQHQbwXYFYF@vcVrG~&{sE7gMa#Q0E z&3ePG-=vTI6ZK-cCT-X+a)DO0<=N4^6o+p#v*P}%YkDQo(AdkiD%UUqisHHewz#Kx z^r||N`K*=xE_^P3J@gKU5~ebin}yG?sjl@T2^tDMB3bPNLZ9Dyum>`~7rJTIoBP{D z97}RqRE4zM0d&^z*>wMJy3L|n50?fA+ z+x2#LvZaSh@+<8~wJKwl&%vLq(Zwe8&>SE~`*2${*xj{p(Adq><_lrO)NMn%w13pz z$HC@XDpUn2z}1ONQUF`+-mrLv;WwRTa=F;Tg(|U!JL~a{UrJ@XK-2QKAD+TTP>{hz zAh&TE3(S4AR*v2Wx9IWS>HHDii`m=GbrrxXwj8qOkA$3HU3Z z0C{(w&B(JOmMo-Pn5h8T{#WNDUngE#IIBNV1IYbbrQM>9WLdrW0{l4s@!tFR|GCgC8O6 z_q2uxGUc)XwHG=d(lJd;cB4HSoVy~{8n=fH1s~cBZ}OVi$=toP8ZQ&M--^i`&!Pok zBrTdorXaP~$7s0syy+eE=jc8l7q{hKc^l^lt=cmCOiJ}S#m^eWA6M*wjZkBuH4)$} zt*}xR#?0e-aHYM=@+*UcBi0&Q6aX^g3<r8?Hdv&S#_>#-~<-cX#(|O6T3{wnVDP_OoWJ+EeNdDgun} zMImU@mlykR$5i2co%H2rs;A1Q%5Q4V5nvJCfWy>_>VtMvt|@u$Q32R`8(ZTa(ivR- zeli#GQ9Y6p0+aVL4mS?E@koyZLUu}U1O9N>g{!bS0%Z(IdYLiIxQ76K5422S=09n z56e6B>)m7V;3$fwKQ;{dKn|@HXPvKNu>p}}@(ZRRQm%@+afLg=kr1>0*E6YLsrYw=4 zMxw*gY~OT;^Ry*C05yODb?bqNHF?gm-s*vm?Mq&XJIH6$#HO!^hnVg{-b`?JIZD;W z!Gj|H{NK`=R&pYAqYU04+|-LwDJME<@B7XVre}qshSt^f?S`8m>ZUpVk%GGOsU=N? zgB0*l5v4Tuz)<;IUi{K5o;HbTOs2a`pNz4|5P&Ak~!E&TgZH zx7ZF?I7813({S-d-;Bur#n(G{#})AJzD=7pX`3`^)VQ&2HMVWrwi?^EF|nP-oJ?$M zVr!zgdDlJX+`HC&fA@cwJ^Q;Ke4baK@>u+U+@7pQfYYHUKyCMi(C$ixgB{Z<(_SG& z7@9h!5Pu~Yr;u3BR0>%J9nOR+W$eJ^AMr62$M4Pj*mrUwcVa~yWu5|;N6k)4g_*&VHhW67IADJa8>`FkSWlCKTvmlys+)Q94;9m7t3&sK0{PxGn$>E7qK z`!N7>CxU* zq}7>lr>6M>Jbk|di3ya-1>0WqHEkRNt5TAi@k2{un@@W7Ulv(}thrt@iJnhgWL`+P z68AD5(c*y)bb>gB(xFY+Xap(107ONOBFU5C(P_pSlBR6TW{Ez7ausJ8Mud^Hre*SX zJ7L}Oc`Qaym~5h%0Cw%{j8X=^LgUWn;?(5ABPaiq$5%)U?XFX%ljO&Yx2Ng!ky;y!eWZ0q7J@9_=ymvt#^j+7c2XfWHI(dnozbPj4Beu0@pXNI^vhjQD zLUbhj%+8&d?7nn4Es7*nXK#t|aqW{(Vyggcs5AqAqTOpN%cWuCD6+_<`MGU#wi$&& zdMt5X{&GWeTvUQszBm7QZ#^$BtIv$IDRPAG^!dhSWUfmEQ&x7QTRvAN%C9k(tI0|H zB&N#JywzCpcfKqnof>PJo2N^EC+>zVb(|C9M3Oh8{~uQ5f|G!DF~2snD!}SjuvGW@ z`-aX52Mn?+k)Qp)Hr2v2#^>k$`G*Gg5|nd}w-!;a?Z>RoV#!`U%y^p`8;9I%}*1?NFt@2oixxmtWp@%OG3bpJ&1WT;*xC4O9_O!RW-Hhc%0f2y|e9#!lGVSUEc7;i{>34-K(KC@rFHR$$I)bO0jP7g)t`z2qku+mez7(x!F7-v(g|f1z&{ za|vqd`_9cjI^CX3^t^iw~cQU0;r%5rTkV4fo#5HRcA{Krb!>AN6JmV_;2Dp9|>na;6&R*~8Pn_-5 zcc^Xk=4#sVFO7hAQ~Rmw+t6(&WRi3n12uJFxCmtU@plsEn~tSfn+-@*!@l;f!taa0 zH1OS1M1MhAv!aiW7V6UvHrbBF;((~7w~E!z{}whp#b`#6lQKaE5=di^QMT= zT&g+!+Fvc8SxijRpZc7>(o|XC=YWg9Q4|H4@H6@`)x;F56i*lCXJ+tcXI`s&+C@m^ z)@f?#CF-*;=EQE$(b7(XasU|_W)lj~??Rxqv{!Hi|IislNT?O$7MYuFE!`Gr0{PHlgf_Ms3u6U>+Ek;75@&z=EkVzD?h8`7xPn` z061wRbUh-A9_({|8Qd%RC1Y;1AVrk&!^k|Y+T$D~Mxvv_ z|K{sjuf)h%7Y{ksE(rxI&sb|NQ!x~(a#(J%ZGTLZ;dY?`2@3_%f*oFSF$k(I_a94b zP9%j=Mmf|8;f?hQZ!Hky&0+m$1^e$ayR?Q@lqSedrXBd&IzY%ox~U9AW~Nx?>m|1L z+RVQ{*R5UiV^s-UCNzbaEf!-n$G98;s6Q54Vyg}jhhGYQoJNjSPC8+8sRez=d_83p zIR2~84&AKkp~ldo+fyoH%oT~o-M3?KT@3!7MGxF;BfD?=CfGw)-Y`r6J*_;LVnKv< zOy`cZn6@fG6O`MREC)J$@!22GW~&`dhU2fSIf&6|h_3R7Kwj7cIrc9Xw>|!l;u{cV z47rc@hpp5JG0-=^hUB)<7vtY-^l7B^%9KcJzqka2$oAq+p`(y-p7?+5nRn78rWlsM z2?80IJqu?Qlzk&s3;<(b!qK70Ta}*Kbxrso{@!Tn`X-SN%;{F{tgY;V$WLtFh~9?q z9H6OjeElhIyXyW$b9O1V1*BrSA7N#Gd>`_#= z>fzcxqLUaE^vK05?!&8jXVrycQ2m6;MrB;0MEf6cr zkC`?*sr1OKu}6p>KuBGnNGWqs!E*?;!un16?i*Cq5xTe`s^Mb%A|IY57n>apEe-AH zxN%zOERuF87j+8yzCdb3&dXnEaRYyU-oHlwGOHWDYx$&dP`j|=bQ8GzWEs#@ufh;R z+G4nePJlbw!d^XgBS-}P^wV-piC&t?Z>K0dcXrACjYC(IFhA&+Pb0sEcDR<{qhoJ5 z_{MXi2dDF#?#^bQZ?bj^w=x$)NEdr(ezBl3C$J_(TT7?l!0`F46R=eN-`xn_j|wY$ zMRi?ZBxzJB zC1Clc<{MFda^kN^neD%A-Qy!EXFD{5ZD5D#pZfcW{6nMSzmQrEPzcYG7hs!62pQ3X5YTMeDy=xSwbEsJgTY#xwv$xvdU%_a<^?i$vME|K9JqHc& zcuc!DG1{YXb_eBz9H;JGR?hr75D&>6>bj~%YGJ8Fw@MsNyEOH=0|L;Iq90MIL%o7_ ztj|u3nxY8F$)VTGyYsIXdR1JteQW3AFn+4`I+9V40v|LUv|$&ux*Y`Kty43hx5uLU z{NEi2gWFGHEv%UHe4dWhU9E%e??0{aEU4*ntZX_*BaInzR#Cz7kenvJt%NqYH4N*m zV>;6?t+Y&@VzW-?dRJj=W|Y<{Iex9i{ZQT<-}J_DvV~hK&1g)9po-Fc8gL;#tIpi% z?@llEBE@#%wh{}A;JK`vwZn-bURzmn`2w@@tIyi003Je<#+Lp?wAuXM0#nwEKghwG)LV9cVs({fF0fZGJ} zUVp}9Wp{a>3m<)Kd$H~sRc(A#NYdatQX)0mDDG)N5f*7^UtQB%5(ZIs+aSzTej-*wC8 zhbrfR&2(Q#Bg*~vgW;6nMeZB~@>Iq>nTgAWuOPBlp6BYR(WB6__2u=K%KM69)xd7l z_w>Khd?;apMMk}C+a@_5ExU{;n(UV%Qa980Dum5oPjzfcUh|;9;$yyf=bNfZ;#h97 zW;$k$Y~q9W)&yjRng_;@?&LOl$&A<-J~~bBbB|B8XdiLZLjBwg);5N#t&dLnKf-x8 z15`DMd${3HII)glFC}sc3ApJZTa45~(`X%Dxv`Auu~ zkAUC$8s6GD{tri{IyHs{%F-1=za;g}^NPHMijt(nc*FNnr4;zF`Gs$KS{8K0M#)+_ z$7r@{DhH4*A-@y7Uv>Ev;kv+;G_Lnld8w*r#C-4lc|cmvqitYceih-?%ZueK?of&C~hLB;7-jjnbe8wIF_k4~&#xo@F9gzJ_QNrt~T!p2amIt`er;_KZY zioS)GaCLt()o~^?uemzw$K&gJXi#7!jsI&~>YCuVv0tPuKuHA zxU%7#cX4kg$uJnjxPz3Nj*+QCi?T&2b}325gxrtI_f$DnWN>TC+?RnPyun}NfarqX zTUjVWgHu~EGi1OV=_mo7_wWdLDo;-B(TP%nz@{jQAm_V@oDAH3t<%s;WYy14R3Om? zIbl4cXbnVLHa681xbZ-WTP;}TF3O%t<<*=q1GL~yQaJ02YyCRgDY@`6XJ@`Vs$kce%joyy{`N zW5z7XzG=;Oi>COJwf$fiFAi701Qnx@^||bIurTJfor}k4AR{~=Z&r8|IYpzyVAP^y zB~GequF|8V9Be%|3e3{XVg@b6_(^h7JFCB%`O6VM^Q}+=Y8<*uo!CrMRx>~S@c9v| z!Eb$j*}{c~S%8_9-J-nNxBju8p~=l%eRFlcq_IxO+iH7wit=0aoj@dH)*7Yu$YG#!{|H4sEJo2iLEITj=;J|Ks{|ln76NVr3 z^@Y_7lu(+`sWWKZ{}SX~-6O?tY?y*HyYK=*K07*^F|5C$s<*_Y9IVnFr)wM3P}UuA zE~p;BmvBCwp{qB#D&N2}az)|zWLj4NA3osFvNMZ&T%{Y&YJ@+BJaSp47h5l8p*vb@ zLO0(U7|DvlNjZ>3NG?IP8#z@$26YW+JjkxhN05w48`RU&${{~i_5HxI$MToN0&#u} zS?MjmD+ksS02{CMRybnlaU_XIrBFN;r5TLy73nJ1szx$LYv*9h=*>@IcXf6`4-ZtD zOu+Sq2Su=PL1*TPyaJvkFWViPx6Uvgn9eIHO(b78W5>S4eQp17&6zCLk{(Ftf?S}& z%q*ZSjGKu@e^;l;aeH;?d%(?1yCm@K=3f6dyBN}H-_z|tLE)N>>P_=y!vl-Bl$K25 z@QdFk-&PfGkAmo=V0p(M@y=Fmo0J5(blB1&l0-qRoA*?%-R@n7KNK9BkpltiqgvJ?>BIXZd;0%?gzbW0Z|$WDHj%0k#N7QuZ#@~OFq%G zu_T<`jBd zKLnDBcCRoED!ajKoZSexR+%$vCV*ArW##_AIqNAD_jq{qcn4{t-V=e(RU;uSq0^v7 zbiG;RqE>MEW~(B3h&&g_r+4XAZ#f2Y~06M#AV`H;P0vQ{-hCcGY ztol9Mz1@?=4?A3s?oVZGm~->7S%!+4c*u_(m6aAop!aL}j+Nbbd$>W}JueQ8!KH4E zWp*2#rY&5P_AkgEN+>3lgR=xoar60kh(6A9$*I4M(>x94S-MgA>KT3;GSjULnPg9! zg2v=lP_w^0PrOGH~Tr%#Lejny@r!k|)C?CF?pKnzm|BV;u2dVZy}-bU(lq*A}@9*PSQga`>7K0TYq!poam#xKMQROQkpvm6>r z6Ka~PrwJvn8iu!1it7XJ(x}j_5f(%nP#@3iOTPuCQ2?9nEw{u~RKljI45xB62_W}< zrRUm@h<51bY+r43?;a8JVnDDz&aNi9c4x2Bjl(99T6W-=6=Z%4m!S5yb_6`mlCa~3 z26(bH_Mvg*24pCkF6?%#8b9`*uqKYQijWW&FHB(d58SkAr$adsM?*Kd)mkoOHe`1= zAyL>vh{_yt-MD<4^lwYY1H8-yYdILUo8GL%3A>s86+;@sx z!wiq*9e+QEjm22;RoK7C1f!ay3speCbEO<@h!H~vP9xf5vTom%gAzeMxf|UEw{q*T zllh+9ZVz5An74H+dMV1@UbSDCdXEAIU-0^$Udt3B-vxB}Kc;D|LZ9+Gpi%<`MV#MTBq&sU7)q|J? zC1DK~uJqt~>Mwxy{kjGr=RO0gkN23~V(+_vxN!d?n1=gr=ZK~$ZxKOfwSxx3VqH`j?{Uz6<%}V!(qQ{g@xVFxbG9MLJ)VeZ|`cc8tA5={BAbLp|IV$b(U7amQj^N0W zcLfgzXaCfo^mAmD!qf(vV%E0|JOtVXdQ|d*>n*I;Bg`maE8%V|8(hcu%?h=@B&mF} zJj_7g(5Y5M)F5e@gt{p>-g2-YxaBSazd~*iMMm!XsKhPaJM2N; z+1tX!#l^vaLHBbO8>289u)`|1$#fPi0 zYraorfl+v#pZB+g5_jtZQ?s3)9rsPg#SBv6`p>pkB%-)tnEVGfZCFjst~!qBKPUIs zQ-0ekEVrhQsVPA&`fDB$7LI`}2DxRpx^I4gQYJq8v=4Ay`hGub(-9`DlyTuuHrDZm zqK6iJ8s1naExGmwxo&X>18$nKaRq; zjY8mw3z`0~ERx@3un%Wp7#K9VS^cqD)i<$sMdGGQUDyYFhlOor3Ftu>1)a`#TPL6l z=2caG0$E>v7vrA{=QtGCP6sUPr2}OH)(G(lh9f5SXTh}H&#f1YFR!=r_iWOXG5O4X z8Lh!Aqk0F|GkGG^={HQDU^u%603qk@btZRkS~F+EXF6URR@9Md>b%{;Bq1)p4_Bjx z!?itr`8B)VyQGm4nS8ZjMGX|jI})9F4%`Y_OifL_=A5qIe^_gMItV_ZSxI&2A<2sI zz5KjOzNN~mD zlgCh*BkR~hVqCMjV2N+V1qeYnb7f_DH%M0SpwPjC8*>v-o%p(xT+nOc%@M_a5SDU% zJ4^C+>+af}qzV(-v;|5q;@1P2q?9I$>EO@cPi6l8KsAd``fBKZSl zr_FSPc^o_7mfR=ZiMC?XGiZcJ<0`mClG4rWkFkHWL?3JxQqr}O(g}6s3AL1Q!s#pX;QIeO9^>FkA~o94~J5g+culYw5Gi`v=|-$T4mf5-|F zu!ZYr%zWJZvKv2o8M*Cn@ab*@KB$MFZDjQ!h5l5#>hDu6t>1d_>xA#yWxYsZ&8(`L z;T;FNx~AdfA0z<1&*buPq0z$kPJEbtfvjH9(T=x}4eiy7ji+ zw-fX`0H;@LI1U_x%}&;2IC9~~4g!lz&0L3A{tbfNur~EbT4hIkZ05QMOKz3?M6Ygd zEUp9N@Yx!akMei$81>(sTUB9J4)+@#TO59Y0+_{SOH&~~e)i%TMCa!NGY{QZXLwgF z0Pu{eyA*RY?AQV<{IRjJre;RhgHB{6hTt(mYqL}%g-vWd{l_oZu3nXEeF>nC$-{(w z+Lc(gQ#QhA%>sa@%++U(;P0f9qFpvGH&}B#u}tt+2-wqx45NI04xe^MxKDxn^1)I6 zzJF&dS&LLK!Yyg;2zB;9zEEq)Ao6MUhO&HX825XYLZQu{VNM{(9T>N8UCtyfm0K5= z#)~R0ZmH_Gy*R%(KjZGoQ@7AUM<$4rUY;CON}H}gJP3gtKena1JhQ|r1pE@$Nw119 zcW}2)(;V1v;_6nI1tO(2oIEm<4@0&ncNO}@t?3*Y;}?srz{lu9>KMf#*!0p=*YRs7 zOaZ_IP$yX9^IiyP6#mYzcDJm`w_CFUL5C>QNc*OH<&eiyLphTXN!8b^rDPOt3fERus9Z7Y)bLA6w`9<(a$9g_PD792D09snB z-3(h33oGAvPf!8#y?uSxJAVh81jL=HX-pM((mVM#u>)%2$uG2*b87!vc7O*Bwt%|! zt8<1>g9A4z`)_Y^pA~>7nX@ZX4)e!4ZU^-6Mp9rnN-{!r6&??_v-Zb23|a#1R4XI= zQdbs12!{E+djBpPnuU7?S3!A(ieaz9(e?1p*PF#zly=8s2lYc~O5z-Tw6I*!cXPV$ z;$#?l)dRJILinNYuqG|`QF{{;$mVN@pHpHQc&BX8U2a{ddHHN?7~Ti#DiNcGCvpxx z4oR7ot`eW%-0$Tve!f4G-R@9{f3UI$#wKgLP4O92D&$}7W#=XbVcC)s8V>gWPi7Gvmt)py5!o5K0ozNB(Q3>~ldDqRyma6ks{YWCdP+`6kMB z|Id(+jk%$%0Ta%@@QlJImwF_QnSX7(oad(4J)HqbQ%Cnbux7YJeAVW#ixJd4RrVo0 zH#>S7i{B4q4bMue??PszUQHHrW0Q9@INGIycJVo>GMUzo4WwqBo5KOqL;x2-z}B*y z*R$dK%;8}9W!*z zfB`uCyPniGlvSX_{>Co($jnpA`?{FRPw|oTtcuk@qY$6EJiA-pC9)u$5=?QR@a$kE z)*K~oViJ;|HJvNhr@3icSv4Y&2e9NdVkwkX2*#*V$&VN>lqOU>pum6rKkvNnFo6)@ zSEd{#$_!Yb^XbP_Oz=tA%O!k-gn_p)R69p+9R=ca`;dzi`i}%|;p6eShyi~{#Y|#e z7=Fr9&Q~vuvQ3L<`Ns8vKyAr(U7^rF>II(&w@|tyy`N^R>1j_4K4w2>7#6j+zePaG zKgsa1%ZHRE%D8nK3xZcxsAlKi!9qwE{GC3}lLX5eLR0VJJSPH8(8@bJNEE;~efj!e z$6;Q)ODdO`r2{J!{Txz+i#J}?1__jy z%&fwk)Y}tso>YEC6>qCG$BzQe^z7USEt;CsS%{*{a;2!${T?RX`th~DCwQ0b*wNCb zi1dcKg2&E=I!yMO?|-uZp871EkRJA6H-r3b8$HpI&N*YUPxHsOR=m5*%%WLamNk9N0a6u>4@ z-rm(D^T})4_AaB~`Gj21pXE}Rv}ezdS(0ZbS)vlbP zBg$VnSfKY`;#YUe6>?CzIIi6AjfqeDt9h;cgg2VJN}=6;h}@7$jJ+e&X!MmZoNXv| zNDvN(fuU_Q$62^cTuI0%6(E&x909L(18tR?FH0-mto_dZdRj{s<*<+@oFyzX=3QDP-LJceDzFF7RXby^wQa;`1BeHhDXC09Nx&SIytZG;ci0V@ zaXW^V8kZBOOiU~sEGz=Zc`1$miZ@^_RwQ7>&8bu7AjQP8wYU|3{Pi?QbpQ8b{Hflc z#$EKfB@=1zA1B+5p+suKse@QEnn(k`oM?lLXYCW6b=|7�Pw+(~XEw`MVr-^t%7! zT0P*Nb(9}zdXxS>8x&1W%fsxR!g_ZVW{zs+6lBC#dQYBi{~|5Tx}HWhl=#R&-~gK; z)FeQbG%?yX#29*41re&?B73cBS;Shp>Ibh_;cl<>e;T6Kpt9l0xNa($p}$@tk=Q|g zA5~9-)jK=Ii^FrDH7-bNbjgkKyJIHH!1G28HgR!z0c=v?@$1U;&AW%#h3XJ?{i}i3 zars<4Bcc-xnuq8WK@DFVvKHu!#I@QmclC-&1xw7DicE$kPNyxp5#+6w9X3*Vk{Iwd zD`U#aZGz~pHzdOt9eJeDj;X!ZPf7oJ& zNdG-F^DbP!!A~L9s;`f#UDu=WZ4|eQLu3{%63abbBA=pDBanPF8!b(OQO(#Ox>h{X zEO<%Lf}U(zE{XGgeP+jm&y^gTAx1xi8GXZ?)SoMIZ2FjT1UA(D=EYwfeSN2>_%ZDX z8WZ%44xD4|2`G$jE>(260{Ny&f~+H^(qev|n;qxprrv}k&T9B$gAlChqF7*0n z`r2&1hN;31g4>ECFTMcc%CZ9HnV@($q{geK?ca~}jJ#)&t9yALgX}H((ZTv6r{di- z1~KWHmAQ=bBwzF_e1=utxr&!CBQ)@1zJG5dwixO%+jYbUFgFPBF<@-w`Oqtp9c(oi zuetY$uMO@poy~5Ws;4VO=o7p?LzPi9pvFfa0j8U<<<@o7zo-VSWhN9Q_Wd2myWn9U zp3(EuF{+f(38}-an1h=e(oePYfr*b6Q3748ea}&m`zdkz#l1rrnV>Y&1^us7Yq<%6 zNRB1U4eCs*5>ofQ ze>d&W@4>*z%u^2+S>j`tY3CR?2a+wai^tRBVqI;;yxpa&G-Cj zSYG>S>Z8q?6Db+Y^s&1B>N#z}?iNB(JK*`9<1>dSyneB|Cw zg&591n~%}Al~O)~h^x$qckxU_*8Q_9r_pb7KY3?KcFD?xlv0EK(~f{Me(#>tU%#uS zJ&YD_zYPMc-23)#7~cv8T=(WC*b{J!(xQ|*x1TiGBtsAw*i69h z#N@-o>o>-9_GoWqrFHr~e^EDWdCYojFQ+xE`@{)5vov3S=6h}fg}k6J3?0T=M`H~z z(5{4cw5by}rBAq~#uWz!tI=0Y%Zrtu?r)shUM)V2wstY-M*KK~GFqhYa&pY-f{OrS9@-QLzO*?O>{~h|Sv!F?wj>YRJnh<9y zN&WYbQ?iwTAObaqRf{QXvs_UZcleAQpn6Nlw4ZV(pn%$^BrzWWUR0kNs+xZ@IAq^N z*u(wzfTV~5(dr$O3G*&uDX7OZ;QoNjNwmSUZ&PqEVuultVT0hcMXjWBOMqKD8!d8i zUC@se_&3GtB5U@N>ZWi23?3ePpvKMp&N$%q1bPIWoMrmXK(Jw5TzuW%UZyn16o>nb zy|Am9X_+L(xhVP}Kg*q+(`hC+4(R*a#bXe#AwV)rUQIUGJ>y?Y>0^InOZ2}2xzgA7 z&ftaH)LmwX2-F$2lcy^h+m+5kG>h^MjfbG7{n8SopIOFmbP{hDx7LQi!}z(G+VKnJ zC9~bz1mBNN7OXVo3qg}vVb%c+4Q{946V}KBNJ$P(-Nx(-PCnJnWcrL&xqsT z9c=Sa>r8Go(NFZ$irfdJ`kZ;>=nw0NucY`~EI6DfFu%xOTX^i(ntK|pwH}0Dv9;-* z^PLl@Zf2v^PSS$9=N`(_s(*d6M7Ot8h>JzRy{cvuGDSCYb5jdzk>W%4KLoiubXPXw zFZ@4v#Q%-3{l6Wbnols_onpkZZkq$`luV_a7u{GXYymZoDZA{&xG@E#`Kg7k`G&<% zhiJ$#geU2Mq1nyBK%Pt2S@BI6%9e~M8RNdDazOUff^(l5TK&fQyoRLn(vr^KJ_A9fJ93v( zx3b7|d-g@s)5bBIRKVHU*@3Kd*LOh4!4HZ=@jaEhKVI~S+piD@WcbhpwP8@x_-@jh zqSV)lK~SuJ#n+`DW&E>howBBy_~#%BUf9M9)>VY66J3T>rSY}b2uSzf=*F=`dJm?F ziDmM3kll^i2{lf4Ee}+qN7$`UwT-dSu(l(WUPkPgmcEwF*U~F0T(Mh4=NaTiy{(`W zU;cvaCzhs$w#cDrRJtys!r2k24%_Yjh!sjKwl0A_FTsk_vu))hfsK|H72-7Zz06K! z8{=#|0fuI8Nib}En=*&pD7TW1mn!zY?>xvqrJ1&B+DOc!7)s($DT^yu>&YJ06z$i) zVqC|*?Z-)oqyb_)bE;9xoG?WaLjHTNrsv{z8;DLb~lb|@t zYT!XBj+`0!w@rWQJ}_$x+Yyj75mlhlwu^s81nMKbLQ+z8E%+;*+(E;;i#$GN<7&d0 zQaDi`ee9_FD@~|=uM*vS!g!zXkHL(mY>6~s!dbj>1&_MDr2{_Vdu)oi;VE)hpQ6R| z8$*#Fl{_4Q-XX;^5z@c%ecSLGQc%V9h&S?4!qUdkRD7~!9kXVF}r@s ztS`;MYm>v&-}#!Bzvf21k{`zS^GtxOOTjg$C zXLZ^38``j!6<;Gdqc-=K zlchp+NHaJmKfK!5$I)hyFiS0IMYfmo2+^i*1Lv-r-{rt`Nw`Kc*H81aU?Iz&CTQW% zt!qt@(~ZqerJRxl^9W?EM8xtfdjA`cw!!*NxZL|@U}t^@G%unmKf1k|c(Iu1QBA?d zM%dZ4Jaz`VZ%Vy=`Vt7kYQ_9n+y^0!nADAOm-%FFO=%X1zN)bM0X7*L64~ke1P!@r z4Xp@lw4voeZf?h?PFvCAY+4u08s{v!-dQMPUveLL8<%$-afo(4^(tE{rD6IQRjHPo zOxqsyt!fEbe%D|qLiF=0aY+d5=dC5WYYp&xaexj$j&oyHNt6O#MNanN-lsCXP2~$s zDza9%yuMMe<03EmC|hucByu%e;@4sFhzT!yZnxUPz;2M9g$> zKJG7pSUd1MrMz$SIfiYUCz#;v)3FO7kXhU9N&})a0U)w9>3qU~YvDGarP9p-t3#=ibAv=C|&X z%X3qxrivr5DV$@{+jeQ&CeXPcCMV1LodVWs7UtDPNM8np-kYu1A0`x}8@u54!qT72 z>EY6R-aFjf*oI zSSlbZ+x&1pp5zf1fpBNKOU1X*4=We4uiTW(Tk)$1XQSWVZuLU6In^-f(wz&F|820} z4DzD%;fo6S@BJ^xKI{?D5h zgbYLNpe5KDU8~-7CW7Q>TIDn9$wU3n-Sgq|Q$RJ6b(VbyK>;-1J%f+4I$PMw+ZDC# zcdJ>8#lu=UMHm@9O*M61mgsnHpJq>MQFr1~OXgjw7ul-*#Tkpzk0&sjxWA_c#a z`unayvo9wUK;`qVz=CdX-WI~F*ytV zQF!{*j(%S463)X(4l*I*l6#zna41~sE#KSEah7OAb8GW3x3{0kF&UAkDLLAi>6{t~ zK;_qa@6rxp2gEN5iSwa$io~*n$dCf!j>={)Gl^VADnlJ-N5kC14mIkU1y!E4 z_`lSN$s!8(uS^?JhL(|EKICy2n1~zy!Ff+kLo@W1#ky7={#YGg&s37mDXr#Otu4T& zyJigcDxmkYKf<$*Hm{&VJu6G_=F4864UfH6?>~lQ%a)IM#&TrF=EEVUX#e)W*WS1~H|(3Q~JlQ5B`WMV@5nyMT*XvI!4+m2oBe)x1X79H4}G{+5kd2go=c7_8^r(%s!>^R!QXHQ_(` zp@yD5;s@at&HOTg#(2*`o_H%Fd%O;!#6yU2$1~;I+}hlW1O_V^1;sNOU$^nhwS(Wm zV^7grK|q8-A9{wVOL$u1;6KKwnacS$7n@+=J81^;xKmhJFs5CR6P40U6Su z+OFI!f>O|G_36b=0i$BYs9?>Y*o)Rx1F8#q#n;eF7XzQfhF7%{De6cX zwOK%NHS@FqRYq;dzf7=S{M%@|_VX#n;_-0=_lb(4p+@C1dOdPUi71AwI&@#}ZRGoh z&`QB~zg!r3_NEE)0RR7^Rmo>spAQUEMN2jtodz^jrOZUJ?k}}s=(c6}o*taMD}Nhz zw3^$?J8~+&KFuE~<(AIe!ewR9;&Qd{92A&6{s9SX&%#?p$z>PI4Mb%MR(T4)m7k15 zAo(cn$dS3BWKUKg{$Hw5OpSkRY|HyNc69=8mrPZNAC1lX&}D4u7H_J2cORy(pG8>Z zDYLV*sK(s*)aKJ&TXc&f7#TR~-O#!!x`i<--Dv41XeS(TF1O#WuJ=U^FE6j|fO*r@ z_S8CsyUs|C0at@Pf|H$9{A)t^y(NKkfb1kQlHyED@=@S9#gZz~&{aF8!DQ@+rH#5J zvzqTW7j{7Jx-O>J$XbMP>5Z(~Ngu5R&Tvqfk;}e?YXvc;f4;eTpL-`DO%kK3+Pd{= zf<+_$3~N2SzzQ{gB6r7Hy~(Fel**{EywLgsGxRqy&i)Q+jZ1)4z4zGSVWrO5(If7} zmi8wLl}c7`pqNKun}qut!6f^CO6#2lFRKU8!7HUgCO09AD-YwHMmpqk`Azx~@Gl+$ zUZ^S|i>945o*q97{V(>Z zEyb8HXhU*-qz|fO)?C5k!c+u2=sOyej_eK$Z&%Fo6QOBlKGiB3g4#pe=y-_=_2x_% z6fx@ETUl9h=^JEKYE069r{_m5rPw}*J-ufZ8VD?hG)E3A02JaukVJ2-ys(ILkzOBj{bN(U$w;{JzcxVVQelu z`ho6z%z3=t9>#Oui8bW-6wK2IzDWO&u+xV7Padb;GusMu((_*+*{#(XqAymLv6X`l zY?$Fr8fH~=^r}%eEo?Ap<|W|bil)(U5}{~GFKXc9wzlWCxPx1?UV0M`Qn~cu*;TxF z_pVoc>mpo}${ksZE-^Mp zxzdEa=(lmPcl5NlHga%K=D(pKkz5<;yt?NT7gYD)aNNq$MI}_xslfAPEs4&GhkZS3Gc`pN@Oh<&wo=frDB}y z{7c`n->9rJEhRrkL-VMjU*x0JJeg2u)@0YaPi1iZ`i#`~j>tUmMwD^b=e~)~?y5W$w^^X4_#$gT(-v7Egi3bFTK05vr~YN(3NYL7ju%%55AM_=jzz1nxrYJm6g76i}k ztUT#^m!@*%R9254T?@%l*do&RPCF*j>5fCB_yNw2J;-Fqh#B;y;2GSX+hciJYQlgx z1|7Ym91F1W+kPq1Y4v+MrMcZ3sa9KZ$merK#c!jFw+U$V0bG3Yx zi;8z$VsGh5#-kar)WWVG%9~z{8HWJzKqZ7k4-Hricr%C2f3eYE^|oAlyOlG&0`IrcI+Fn^3Dnx7LxG1VymR z2ptf)1)iA}D;7j>Y$YkX>`5?&^S}JDj8bKE8k^J`p{fw_ponszZPP^G!}Wa6Vewg? zr=4Tn)dwfzHjbFzHU=pEpsjxlWBF`tdvT>!O?XQzaj-)^uMIEsckTXOrck>WpI~wy zk9(2o@bT{H_*zkWZg@P0YH#;b+gh>6$KQ<-BNPKF1(()M@#nL5ZTFHb_zQ1J#&Qq1 z{K2sES1uq(E>N427dixro$JPf0`_xbKrPWA;pfHM9ky=;du8ZK-3?P~Yn{(f?`<)Tc*4-&bnR>R(zu&4d<*6=@_=6c^h&cVEQmdm*_ z5QQvO>m3-Jj9w)yKr{mvdbyXJucC`!_H)n4$EjmszxN#~Hr;Gp-EyUUJ*ggZ=NUpp z`Q_fq^LRT~nHgyCqnzm-GU)vzCz9_XljC|Xf5o`gpZ#BSy;F2$@wY4-bj*&`L8oIo z>9E6&ZQFLTqmFH3$F^i+@n16Z>xcO2O;yr}k=3J2e z=wMK5adC0w(roaVvT5+5^HP&`(=J>H)Mn;ig9Jh{Go(Nx>0^sP@wRVU@Hs3HA}L!Z zAyu6E_j7N|nMlb*S8q_|DJN8CF)=xQ8CIR?*bNhN;LRu~ekGeNH}1Wgv02t#qF$ial2!BpAQ!hR_?_7zph?DInpQ^=h$S_}4l+zuLS$G$N@!Nkp+lWV-X8;JhPOV+&QzUS=GrJ($EHTDXUa65HP$8 z5hBUSEO(r95aB&_+ECY4YG|WsL?^G?h+DSbwjWlqsdnpM5sj!#|l7J@~ebSX`?;%18_KnmNChav3@iVi>tx`DT0-SjpR`Kj`6Pyk{I#@ULfD|; zyboD`?P9(x8J13=45{PdjH9Y(OV$yQ*vQN4BVxuPeEw<*3_Qc)UFh#%r}qXrM0B`C zd7xF|O@&z*tEre(LSn4^S==Bg`|k^ui6^BlmX%*$spc+%5~2E2#|3`5qH)YyQ@+Q0 zu8+}$u6L233!03Qn5ZQe6Pi&)Y*0O_PX0pN`Zj(gqhr^ySz2?9Csy0sRw$26Rnu^&9!o`?)$v zX2{#KNae$nES5uIamEf#JBXi5nXJzzAB6)tQcMwyeW_$w(upaU2}(6r;^52}b7^v` zz)fp-3zD-kNl|V0(VqGOHPPbB6f8VM72_hgRAq1FI_AYht;s?D&FX1eJJUY>0M&r? zbx`6`_fIYl0#R7padBB`pBe$<@@(Ns9Z>X)FjmC})j|(-Dvb<$iCirs%YH4B?DiUGx?i$(X)Uo`9FN=fg7?!#w^YI33T- zQQK*0rq6Hw`i)978KT2V?Mt8q%<)n~MU;xwhV^mKlw%4*3U5Ay@B=7Q7*Rw}3zC1nz@C z(O)s|*Cu-ltMDWl0y3qk>C(-XtUksCiy9TN9w%-x{Xb32EK_5mPK%E+*gE5d6ITqk z2wYb0^lST?4;e}hRnDYi_v)KZC707?b@?vO=QOH2k~G2p1v;1Iu-{C+OUaOaN4tZD ztUZXZk(85BbzTpN;08j97@jkR88-kKwVg^IpN-t9V2b;3wPT$r&XwX>8>)3tfh|k~ z*tv2q-1z0${l${V7rIm$e=RQ`0T&%)$wvAnE`~NX_U0!GXR7&=Xi2hy!u7SlQ)cSR z)d|bL+^b~coC-UV#oNLz!?^v zR6R%~hOJhEwyukKSLXhHQ=PmzBbaLQ#PDk&`TfNxB3l*p%0|8N*xT_M^2&&mtwoRd zp>)^T-RPI51|TmzJF^6U13)UujnmK1&)eHtyHLY+m1U$ljNkSmOj?VO==vWw;NOeI z$zD9&x(z%QpTc~5`t!LtQ|B}@&|{nGurDE6TtEk~3-?NpxU1K2*@11!HJR{TaYX_X zzPs|0l4Ajy{xoJ7GlU+8rv1~T6Wx&1MR2fH$||zD1TAIli>nnk^_#pu7j$R%ax|Oha)QDtJmubB=4s?W*+U2p$rXpr{2C3w|}o(T}#oHUKJ) zQxi3Qh}TZcV}hT1h=h~%zw;24S>zD63<5TB zY0o5YHsX=3E*nCD{{hU7DZ3MrJAS|Zs&l2_bs*EsS~kpriRZ5`d8;Hr@2O#5s zypR>?NBcC7*ay1bX*uNE)^7pnf$%GF%O{sBn4(j?r@i&j_V2LeACjXx563H*@2xy7ml75oWTbQz zb-ikzKDgcE=o48G!+TWDX?q2(LB^wY^V**UT1uG)->Mh3M1l_rGq>gzw;FlUA(%wj z23h0?h}b^YZCF*f$QwA!%^V!`e(II~QZ;JUwQ7^mvh0VGFADPI~aF&6r5^Dfh8)ft2IyTJGRU~;10CM2~fleGIaGtx3q?v!}b zwG3O-(5PrO z(5O5#lUn2yPKsZOi}vL_P(DvWX0{%%hlkfpx1q~XcvF7N^=6vhcI1$W4QfifFuK=H zoVHbs{4y#tNRz)R_m+p-W7&cSf4e=pUi8g(OaYkVwy%rnw&QidmX*D4g##2&;;7uh z9GuI8ux!pcWPeT50`E<$f(VtK}U_|F#tmvyoPPsYja1l{{Y63iBVpTd>djShH_pDjN7Ew;DP@OFu-(fl}Fs=>j z&;ek8B9V`OMJ*2I(4KKvT>->IpSf<(GWEreaK%opOZ@kJ&P^(KAI~Fcs3-j))0>FE z=x8Kv*JPHuI9=g*pr7wTBTsxFD9t#|pSc+> zeeBOFYFa=>Mn49Vdw7r%EKyksBH=#Onwk{`O09Hi!qmU;eWH^ngpw#-&uH9BthlRo zi}#O(-tnV}Tu39jwnje8JiBD+`uF{@7rpep-DMDAS z&FX)*P=Clh&ogvrUFdEe0fg0YcyJ~;|AoY@Yo)ZYax1Sd%pnQIvL+9i4NfV}i>@7YblP^aM^iw4!1HmBKM*@P32_Yz z3(Na%ZA+`oWg^7J+Hh~CPfRw8&;8|=Y^~7NUhS6NHcZHnxa9%B#>I6~#?aO7`SHrO zZJgyYU<&2+`982WBumKaQD0xbPStcvJ6Rx^49cH(1WZm&#>HiR$pZO4+PdD}OsBHk zX|5M5(vulrB% z4*OLfQ94qe#e|-gzq}&&M6Ox0e1oGRwMOFyDEw^o?q_zM5odRPHq3eFOIJ)W%BSt; z$T(y}+XnA9X>I+#xzr<_plMuJ3AX9Sth`mxD74XUTvIm3`VBsML=9 z!Up9=EcoGmi8c+9#XS+7LHvM>bd`!+Cb8&2>?vA%&hys_z{*a+^>TUrTdpcxh?Il< z_qmnnm>@w>z+8urINDzVyA(^?Bn{e=m*6F#?^{2!VOs#G{&9AzXp#n@u3;hvYGM*9 z)xQ|A-e;XBp7(Jg=J$mOh@Y`eI=YIPNo@O1bIJ!Xbw(X~OyxQ3S9kLK!D$s)i7h0C zZnIrCk3uLG+j#@p1&zdXewb&PMS}dd6%t-@U2oxj$ZgIja;S3_szsaDc6z~}$z3!y zHm=WM##^jXHyX~_h}|*rv?Kg1p#T%ym~J*MGnHAi`6hQd-z1ol7IN%}^v@?)agH`5 zMwJ~Cm5ZquA%=pZJTo$oec*`9yKr-!b5iVuVSxshU-VsTa_YNLJ--Iw{foGCzp0hZ z>UJY_E&5w)|6rG@6izB&dR!|2;6xm%iIiXNW39bJ?-4~s`MQf5)X1mF?rQ#mWuxpv zI(AVNHcUoG(ycwT zQhov*x@3K!)yG}NeWdH8nxU=i{nVVX=^bz{C@Blb_bFe+YsM=2lO;Y8ma^b^wY*l* zj949Wd7Mc+Pl??rzvN)E-mS#REd(X<;@!mlD)PQiM9$1#3rvcmRN^`f@`v-muuu`4 zSI{zi-S0(56Y=kM&Uas5Vgn()ph1FQe+i@PSqj;#&91M#r>!rr)Y4&_txm6l(ZrQh z+&zIUkQ*SM_xp3QE+IVwT~0Q9ZwvL|G9?d>AfW`z_dMBeAgl5L5lc1P++uh$XY|MW z&5pM%ucwdE(Xhx5=#IhEoepQOzN7K{CjOWGQ)RUk8gqsfZ52GgSs_wdXxf8^8zQsqc%&*FSo( ztS^2P`h9=oj4#G~?U4^Dt{&*o@-1UuOqxcW^x7#%4Q*IZhF+hDoB-uygu)fBeP`Fg z;x6guu(q4{bcj&(uSVvE(r)-N{&1c|tA_72h$;?tB>(sx&w@cCiNMPyE5~8(myAr-MBs)|USk{HAz)T5ar@l@(DJ3g)YZBjC z+pu3kIst_)Se-MW9$!;I_bXA_hv=xI)&&i&-m+6-rd8%vJMxb3mz;;rfRS>WI>%NV z0@B7ZCGFw$quTh;yw^}Er*@$Kd>*B_5HVGeeD2$&6r=PN!Elq$C5j;y6DTx2IvQtN+Z_%+9e*i=A9A7A+_WSP&rv>Nz zH>rv&v6Q_R(kb4AO8;wbp+(9%DlSH+rlvC|kD+5he#YYYMM3~bNE$$(MWx?HVyKd6 z&S`0741rglPx|tS8Bm6@w#EKNahhELG{k#2gSN zekcO^)=g!B{Ld#nAXf_k67Re8sz3&Y@VAIyRmBHx*GnADp9Y@%C0J8cjI}6)Ja*Xn z)?PpElg<|LIczwWse@K%sox~>EGI3t)yc9s)duB5E0(D2$P;6_M1eKGOAmW~Z$|0r zh`b*X!29{fPL1k*bpD4I4fOJLk;&2ivc%V<)lktiplj7phB%`0Q%kq{p~U^0xnBq7 z?MCOlEtA(2yzxw6CL?p3yHM^=*_GP1ZKhU{hk5kHFG|z#4z?UZpKjz!t2(s+eN}vD z5o7NyO%MGfq&Y3ML*Wtsk=a*r8Fb%KxJB}1VYjJS6t=}6*TyF3Ms{4amBJMZE<`<` zahOPhxw)6nfF-G&N5)-r7N981`@WY`4E$cp4^zu@rNgs{##$efy}V8;BC>zGyJr@L zcv^jBPN@nh6k7NV&AMkLAV80RsRP|Rnw75%x=Wx8ui!qoXdw&(5)AYBr~T}YNz|rm z)Up9=8EyoxH)2nFr(Wo%K&I^I!e(cYMP`2ph5W@<16<6gi4-dr3&1~YF&Q0)ih>9E zcOmS$Mv-HWnp<=sn)%d(3_HxniT*0?b)VW z>WV|}y5AaCelaL9wCMC7p7!aLV7ce6>1zyzjh2h7^<#P_g=}na)vX*A4~zZQbY6o* z#BVD6j`>6Wp7{qrcbjuCB1f5F%~-CcVPm5eE=*-onZMdP5vn4O)1^Wb@ApbG&D~q8 zwbtI|=Hg+NmS?9Hs)GGze<|&haTK^OKCD<5v9Pg8By2a`dS0mVj@Qr6L9?>HI0ZSy zAC0Cgo2trkYM)Md2JJMMFynoUi^g9B#v zH!m;L8g<3M0NK`Rx68>anbY9lV2T0c{_8mx0o@^)X^5?Hbd?H@I=}Hypu@4Dz~R|~ zCEPR++U@4{mYL3A{V>qg!U8^}8AI6gR-N5HvLWbp^qE_W{W_bb(`MK1ebV;K@qhih z|Hp54Foj=r%(V+POyu?N2dps#qAW^_s7Y;z0l@)-B)&O_?L*@J6Oii7Tp;oACiE!F zOct&dzq+1@zi6kZNc0(?yK&(glUS&=P5cL~kGF_SzI{R2sCa zX}ua5C?l))c~+lJUsPN>6f_oJ_nqjmZDElFc=G?H@}0N4 z>1epKaJP1FdcI8z+_;bqQ9j&WSP)P0f?2KYkRU@prT34qrk`^1(H5GLg&4I201!Lw zaqYaF_-!Nt;OL)g#4#Zh5cJ%m`?`AkcwK!~`4G5P1^)~{S`3@A0%i#Y6+07m&0>>O zmLgo)B!aqH6lsX-RvD~eWx9FM6Iv<;(o!Q1jBHeX90X4_NgVTvCIv3hAbBSWNOG^l z{2{rqwG79(2&8No6PW|c#{&ie+9GYfDaw9#8>S$uk37wo+}{2}+HUp19bYCpk&(p|Wr+VNZL*l|{%SXzn6-{B zJM+OPPXFu5*eOD@zZ7JBpVEB%WwHC`5WKj7VDPq9ae$Og2MuLJax9IE?VSquVuvP? z>GN9YSt+Lq0#p0Ohm_@5PG+e&9!i&N-V_>`p6Ld zc&|LV@BGXLj|jQ1$MU|QTpW|3O!!29M`97ixhcLktDRH9%_{GY2T(qz_rw0koNea| z7T?1D%bYC#e}&%Ny&M52CMTa?E}FLZeLnx8FRC)=`gKF3{DiVa1j74;@u`*o0S<3x zRbBsNq5J~X5--Qc?=z<^0XG9j#MSSOyQOa417MQ-I& z`dO8*e9cuZm?!_0_q);cMf%Rve+v9O0m{K~8iFm#u+an>9A($Ojdi_8gA7rMAh##K z?t!1^H-CVBar~S+^N7lDO8=n<{_73kyo;|ZsZ;+OC7IXx7DCo72tkH+9C~4=$9RaW zFwWwh8tdQ(%^XYH8h(`yL+$=xuS}YHIODDNe8q5O$VD+H+dILp?D^4C$+CbcKNGS) z5F({SiIlle!(<))t@)S{2bjKp>5itKhpP?G{*(*zH2`8*#v8a11YE3nLFWU4-$Y}R zugXO=97k^42Gm?e79NKhoGRzZ@xi=!*B;6NmFRt2TO<5AGU6ILF;JLdthaAu?k}fQ zA~z&+TZoaYrdKuWBa60#MK+nYWR6`G1V``;O_T%M0+b$suFJ*M>Mu=Zh6!gU3^s2~ zPQuMdz_EBfres4)FnI=&tAjl7O$MT1cr%O+Xa*0+ZEa01@fMteVS|(Kb~0W5HbG-; zqfq(4G%#)N$?+f$r}X0b*XycgwCge2bM?CNbx4DV+j#Ru>um4jH1DRSBoLgdFKBal z`fc_+fhx$}t;lWaM*Yfm97q*pyQFlo+C_wM-EvkZuOii80P@(VS`-!d@KkF>Y%)+t zLcW@q%jMBfO-hCg3A3D<<&8AEUCkxM#E*cVR3)>y5Abq}*_CpgEl{i%7$T6+O9hctSzf6{)XL7m z&&|z|mp~#W;&!t;u>9Ptu*3dvIDxP0?T+mo>#0;YncigcFN3`M9+$rgq6h0Ez@Xj> zI3#_kYP;S%*;Z=%N2z5}WSYf@+B73jv+V;2*3t=JBdjuUH$mDeyRK%?>22wiRtSxa zb$a#Oo#mpP!gFwdi+Sk_M!DK(D`Nc69_Slg5ie!A-AUQZV!G8&%lyW@bhn_-{(Fn?xtc}nq2)hx zRNIhA0;vcA^2U}!x4e5JH+(9x%v)C&s*yg+gSRy!MaN+NKLmuD_g7ch@eg#JZA=VI zEZX^HxvyyR46__}n&w8`7%x{IzK91LKeYdp9Z^pzen*&l$U#vrhv-gAnk%fp`)y}; z{V;pWAe*&y$+CXh0VL|u(8>a4nqVelBJL4&`Dr1gsH3m?LA%%AyD67p&dJYWZ2uH7JfqgSwjT9EBMA+K%GS*J zvbsj+n9le7eji7+Y%!7U*16gRoRBSLXT`(K%mSdKgPn}8Wa*M71k_)V;u4F;udr-Y z;T3s2|6O}uKt`dgS{_=-Ri)439YB-JLF7zr@QAfSo~~=m?f@6a<}_;@UVL2^X{5?f;4TG} z0wjKvzfOywOUT*%hVc7eUH}ygVqxUEN-uzbTPBS|<2lxT$n4X|K(0=9?jP2K4DpKX zY@bKT|8n?EcxR?8Yc0MOL}HHAh{mK?uvIdIG1i#JFqq?EQ#6tUu?f@utdwPB60tuS zXs+RgU8IpWmYv~~&zxT!pcdtEaZYi-Ft26!5T-e1@pcWde2BiDLi_tql=hv-=WQP$ z*R&+VGExFaj!Hmhib@Ny*azu#kt`6rLNE$6u7~dhJTdAapUeGwR&9)G82&pjaB}#* zP9Q)Hu=vyCu-#f;|E-n!+a^XPjVe9pOhTHi0nGjcgKCEP_RX<>e2z!UTYm?hKXb`e z3;TA%wG9?x>EF17rO_|s$Qy0P&80$RA`fD}^2;`MEgEiO!-DQ6`uCe25ioq;rbdh; zG?*Z0-6-ceq0X8_@9Pwa=|3cr%)EL|Dor67Uq>E7!SrPTxVQyqKG9ak1D`2Y5Q5D3 zo->c?ZjTDKw^+ivOyh7rv_w3WbO=1!fD4DgCWMuqj^ytgX&@ zW_;V^+~U8skMt2BhVl0Pb*n!z;@DN9sb)4trN-MZO&D|6^2O?E>bPp_avC?RKH7xP z;)qn5z2Jy>G!hc151WFXR)qeAAqh(tF5`#v&58J(-tD_f38PMM>&Joa$41vD!{@-f z5dq%<%2HWDqR-RS*WBB~zwylu28R#a0d z+c)|OJ#}Sh2tLf|u<8m;1N*2SZ}daDWo1aFg;&?qU=B=J^Q|WQ{rG5QOWbh+n2+3O zPEAJh-`^tI{qXW%g8%&8;5*G@e0Tjzql{C8RCYr zHqty?nYFojL&eU`*q<8wlPT}`@O`^_ErBu#9#QMu*JR6p4;7*YRgJ`N-g zyEgW&q%7NsunoKa_55=!?r;-c7r6|sTg>nRHp?A-vJy|a|m!X>A0Nj2mm`}{4 z$qyZeB2xwm$?EO|5@BnU^xxBIwy*9wcd_IL1Tir@zADJty$;5{1;Pr?^OJ@=;akp} zt}fp2_Hg)ziTBra?X~3n%d)xdTlf-~lb%k|>w~dW6YuN=^N=sVO0T~39@`|5?$g`% zB2@X<9sSgV>u(i&F!I`(nlPgKf6)J8Orow|-|SIT7lC3_HPqEj{)C_#I1K-QTxmxJ z^$n?=E*GnbG|}05UMG&;3M8r|DlO_FJEsd!-@%9qJf9s&s5y-+^t6Co+trRq=?nNv zHNubQWs!rca};3lQ<-wW$N5TD3q9Fi*$`1tQ6LbVdPo?BABN#l*a)jau2$msU@SSs zmrf;nv~ohuOk2v@pmqHNR@=n>Pi*L|McYlb43*TO=`-zEeIWCH1c=Hxj?HZ z{VLgZ;#JdVa^h3*#e9@KqU@@t(}VoQHA8$r;K)oD8ERX=!!*abOt*@t_mx$O{cYUq zsQ9bnuzN(x7XMP z`mmQx4f|pMlinlsO5!d1+w8a-WA!Ir-ZvSwDmu{WA!|Mx2X6^HuXoMy%V1(l>_|9x zmC}$d#n&C(XQc4j;vG(wja5Zol8v>x3d`W^@}HkZdp!g*}k@h8xGuj^I_B2(3R%5x)2^;LOG4Ka^xDpqwN*n2TpX4B(F z3huc87NB^tJ!h%&b$?a+?srmzEHiv{S@I--Ww z7fN-$ZDy78bmbe`rOmNcB5(*^#OL$4F6VAyV&dUpVPk{5ADylo+oKHRJy^Lf@ZTP@ z>!1+{#TuRVM2sDtqgy|zkW_r+s)%pQ;Ga)r^ys-&PXFxt}z4kRgS&K@y6(h>+L|kLm zpyE#?$B8BgS${mILcE`y&6OdR&yPO_-GE~`x{`JLr)Tyz_5MGaM4W9}x_=Ix?stdt z^Q>v(j|xM}An$EgO-(<$3#lLKa?6pCY!-tyvT%Wb+mQ>929cPK)EaQT4gM1yJw7ma zWP}Rzq}#F|9~+pJkg;c(k+xfC6S3u* zK-peiqc=+{$+B9enxS?&guz*5N2re3-I`*_eGDfXY_Qo5IvqV#OI=ZXUE$pZEn~(n zPl>wYtl;?mDtnoq;Jx!z;qDPiRQ`DL%hg+y$f1Sk)EWezo%nK+Bwhs+!H(MX8uVyl zn4aq8MG$eXT%3ezF2Lfe0fvCE?upa;{pIud{^yj#!~2O$co7?|a*0WPE2BJoGm4QC zi(gYb^xsF!mVUw3Xb5NrJI+jzi1d~gXt@H z`^OuSu5+cC#5fk}uGZfYJh9^!2n&93tFR*UsjD1#Mf!Z+nwJSmu6_PLxEQvd=^4Z z@Ih&-J|W8QdWcTg@z$7h)*Fu@%}gGbG@olw^Axw`@AIDpk3|I!$H9*ki$l?+e5V-^ z0S{2W*$f?cx$c5wTFfuyS?a!iSG{xw+`oCalwb^7oDc@Km42cNvO^hfqdz$oM~g!k z=Y4m~&X8G+-dHE0YA43-K&xRHaG52nb^6!#%wL7*es+UHs3j`h$jL-{VRO+-k5Y-$ zu7hje{B%BTRE6@rhaD-RG;h^;-VTAzH)Nix`9;{X?tO{yCfa)W@15p96`Fg+&b2qtF90;O7n{Yh(?1 zrK#3@iu~sGyoR<*!=pE{bIVDkqv~!x;IB&0r-e<(J4jfc`^Wib$XM0|kzdn(mV zt!sAFe8L1&RCjlGs?3KV3T>dKZyt({Je;mPSZv@N>v!V(9Fdw|0gt_1v+$ou(EA#%R=$E!1ZL|Qo}Z^Cy8&3mFB7|*XCpKn(n$SJ_I z!|RRxst#P^2f@57<}UxoJvwq=+oa@YqRjsRo&Gmi-5nSsFwT5VwXq7JHle5x-a<}Z zVM0%o_)&eRn)B4FqvV7L50x=km*>SWAu};01@1>+Ti=4pMrk3TL7L;wT%>Pm5`PEK zxjkrt07I?bOkdS7J0aHe5W#{Y@d~{;ciQ zQ2&nob)`E1FAM-bO&g>KdLY9Tjq5VPK|SKlPgAP$yl6`e(wY(eGe{ZJcw*HF(&pMN z97*cH9}_aD-g#y4jgKhwJKq&^HbV?>veR3Ookl}(MN9SgskJ140IfF}Rx3^q_{6LR zM}L$cl^L4D1O?qIp;CU6WRo*kHRh|km!vt)E`&2Y}er{7%ligrK<&r(?8uG74`N^YW3W{h4Vu}Q*pu*;*@`41ozsb8l$+}R)tCVL zhI;LQ^J3DA&3RNqVoa4IqlQr&R!ww{lD3h;4aL<*=xrF>>Li2AA4vr5gDD9~k;j=@3+OUb!MY)JY~ux-fcC;iI} zV@HfzVze%$DUZKaa?O>u9!E$pFW2AlGAe^E$~ezihZQ=Z^%TYmlGX#-e-zA(NY$B1 z{1`r2!yRH#ad!BN!R?drjgT}Z1GY;`D;Bmcu4Z2!dXgz%6Srse= zDMf7T4;bJdJ~ahy#445~l=jS=b8G?176n$|TO5z(K*XvZp_d;BwN6F=;p=C*c??@R zm?ZO_|LKDR!vG!xX(sqpu8XeIc|3V?Ys?RhHCbAj*{Val7EOAGy(&;g@+S= zS)_Brs7DbLwHn!z;`Q{I>@^%`sXFZBOQhOXL=YMEr`(A0rlI>(fnN+#^8(i6$NjoF zV(oW960m!`ii?dNHJV9dkrK`B^ejAAi$|k>DtX{9#FcU1U6Tv*y!f}qNy4*#Dpu0- zR}7ft7yRXKfe7Ui!0>Wwpo>E#dUUh}Y7h9{L*^^GOlS>EA|G92#y>ncmDoXEz=VKIzKmAXL$$mDV5z z02e*$MtYF%Ia?Z4$JT3#h@OC1%*YV+p)^%wpvp6jENT?$%j#;FC>_4_(D#0|x)2e) zeQoum8Pj^|Sap!EY;B0VDKz{NX@By>^UCKr8_$h+Px^7)u2@d|KHuhJ>EAl9s*5|Z zN|Y7Wh0oR~Qwhmz_egm8wcwut=O*bUQ5%ew$0ZU=`+BJXcU(RuV^)6|G874+Gf+26 zs%~45X~sXYV^`k9uv7BVX2V5rGd*}hmBjM~%>*B-nSFcJZrg#o$K{MFCDHTCt~iI?mUf#k|r3Eh{2*_h~7bA$sYwd4XGt|wUi$Q zE^CtS?^(x=&tjq04NNY~x3m&CPu>P`yAS^l!gGW|LxugR+?2L$(;>Kn`u7AX{>CoLEj=v(xGU({R_1W7b#x3W~=W2gF zNQ8LWG0ovA}|aYpu2moTT(H zMiP`>k%JaFXv2W|=1%u=VXZ$|2D@n5Ky-dhaD$zmGkoHWU) zK>bgcQ~+_fz__EmT_Z>o=KCLcfNWbbInmDu3M*LlPG<6e5$ex|!t$ae9mw*-QCB^ zSYpwZGuDPif*)F1+3LL)bQbfGGS+1 zX7>JsX~!#jjjD%Sc-*?4X8gN;ea-2Vu^qy~_>KR}?Sj*4e8hFnYQDVvIG@cr89Z?y zqfWTx=of;cTvfRSVaoE)1}D~k{C>Z{IR2p|sacO4f(>n_<6A}!Y-nTgZXz5Wnj9T* zk*4U|BX}Q-eg$Aagwl8;4v^>`C&$Eio>{ZxGkl>Q@4FdEK$bSQ^bkiT4*s@p)jXJu zyM=t&bXT=N%v?@MO9Nbu0~irwEYz{75Hz&!3Oqo=Ynf*NM%>4!NMfYqSo>qBn`!$I?Z}$cjM07m-t|-tjSU5dj3691rTIR zpGzTXm}<(^t|=Rw*U6Nv{AEBSK{Q`gci33(H?bpLAAHe3KV?ec?F*4cU-kpqD<99= zO(&O13J%Tc(Ne>kj37rRaQ85=CigzjqA0#6Bkf$aaPTS=pfD_o8kQ@xS>atrdfewZ z57D7xK74w<-%Qq5#IW~wB2bbg<_xN7RaIR@zydSrF?l}JjrDz$mqA94HElJBq?%B@ z(@GKKbZr^%x(4%5(@iTX=B6=#@1u=c#-PJ6RC>DKFJ+Y+RtJmmb0QL)eA`^-d8yXy zW;?o~G^wYElbOu$6;B(5Aezd;+z|jVt%49U<}%j|MrLSnd{7rd&J4%!9K|r8Q40k z=++X}Tu0kD;bv&WtVc9?{C@r`_+@k>19v=Z?T&8vsG+cHF3_7?HaBGbey3VRe{Bbc3inQdh zqbApewmzizVPA+_*ph{|YouzM>ItEO@S=`0a0?s%IU!u9h3 zQ?@wd9mGT4Or&%4>$`xXbhuu9>V7@wlD=*CK!!QJJz9@K;)i{j0=--9joW_{Ew;)ERugYh%^!ASC)l*i#<}QSh#d!QDbpU_>jghHI zp-*K{V=(OJT%pLhnrVYB+tI71AfW3pIA!~y3lyg}=sig=%4jTlemjn_sKLZzmA9%Z zh<%}&I?2*u|C?&62BHicrDmaqlgRvNT@ln2D`oI?| zs(}|8?Z&z^#ubzxYFTKZnJPbFQ}}^zw>JoY|70ho^iX-ySLq1#SO2Jg2X7etuy}5P zPdH<=Ekh#=EdT{S=i`@*6ja6Kxyg{W+M$3OW1{IOk`~4Y91CvPpx7`q1t)sqymr5c zZx+JQW-yo9m1~rL*+Y3?=HW!s6pPXCR(b05r$Cs0Tuyc2kSoRL)h2%D55@RR_;WM1 z*%vp7qm|aK{ce1lF8w*?iCgwvNQSXB#;|G{#!{PV6j|Di>E~ltQ?(`#O1elk>=Kg !l2Sl(!=WsRYFmN0%y^kAF?z|Mb63*ws zNA|lw@m7gAA?=Thi9kpGWX*p>%89qON^lw}ghPauRF;%^%jGM*pQ##98#eLR-aPCZ zvM>P{03uAwZ#u1*(z!XQ0c)d_rMg;H8OTJ;ebQhM0Q`vIJPyr%rX zzMOT;5BGeySMbAwUARpJ?E_ZdHaI+nh(_Bw7K#>>FtMh zgC?ow`uCg9XntO|>-T{%&+u96-2?K% zm_ID!5D*!aeDX2Cp*A4=Mt8%gPk@{UEq(Y}-Hr=zU=#>Kkv}5FQ{!!*cjZ^Emk@Zl zJzwY8c0KPRaLzMyJ_Gc3N@2+Z87FoDPaCd!Rr8o??)v&9=nW^bqsb**A1DWE1MWTZjJ2G;i}@VwE5M_As2!&>rr#izX$^G`B!#EA=;A#(OHfcZGd#Y7wH!>_aKUMwHd6D@*-0F1j-J%r3FGd zBfcOLSK$YPg`Ck9&wbaD0f?2>k!(irf}NhvC@w3Zrv9sDTlfF5bxuLH1zol-oU(1( zwr$(CZQHhe%2lUq+qP|6xBl+FaU*VY?5Fjz*GsO$D6j{M7pa%#t$`tXOmX90S-`vfu=MHvh7_G}B|6ANM26 zCM*b+IB-MrDyK8v^V&RvqM>;D+Wtcr-@~qj&Ngir_{zims6n(rvh6qUb7yBSVOYpq ze;aBfsGz1+1iH1`Xc(K|mOdQ=@|f2Fp*}#x4xv3uE8lm-N6d?K7_{cNhJRhYUEqzL zN8?9pZ5q7);uBZw4K}XE4{1SdQ~1S43qv-w#{VrcaIuunfNCD$0~eQSeQ&#Tu=_@?uhs zPfG^f#bawZV4UD{B2@Z{vL&T4j2I^$-l}tY9{xlWn&u%{W-B}@H4+scmw8!eNxIFw zlUx$T>>x@xr<~B@DduF`CmXwe-rqzl5UDL6o00~Qy?(9t6yt(8&(U2Ke<$xu&g+j` z2SnRz=x74l2=p8&IF+j?+hi+M)X2yV&()9_E51cu;`XX!(4V56iFl~sadDjT#;jyeuZhC83AK67KZJ|$KnPE}f z2gOx8HaoUX#)gsqx6i9Rs;iTkgX&~~QbA>^VsIE`@RM;YMzV745z-g)ClVg^!TvcO z-C)?6H#9R*(gtoMqK5R&y5POI2Omu3-o9q<9Nvx3sStltMq9C zd1s)ms@~)NFtzYzEi3D%>`e&!r{eJ?npcZGZ{(_Iuw}NT5t--mtD--@_JJAv zCdWP~YEW_}QUmqhaRkquCL3x6x3l9qS^!T4|EmKnjo)F}w0v4oWz14m4Fkz=-9gk# zJmc*-;!EI~l5dDm1eu}ITkXiI+aeQ-yj>mFB)_4up?8cod%WcSucUQ^gDP>9J-*Gp zIUNTZpq!G^9Pdl|O`hO)7pm&7yIHee=QNCy*``@@gZ^M1=8jx~5>nkPc$UD9L+!{m z<$_7H{GQ-O4iFrt(4L43c!Maw)Mco?`>Ze?Phqh?OJ}`B=qfNmTny46j)ovy*q(uS zA+Zr#Pf{^rMEbe5lY@MrnWXPBW%%@=LUEzbLXfRhmAbO{<9 zQ$jwxX!3>j?FrZ}gy)4YUeMQ!i~wkWs0b-(mWkWUrfQ`8u@l6fp1%Lzd@AN?J{7b& zaQLFb`W2*ZMCD(jM&Tgp)N$BDnR>(A*iOb{@jd)JU63df#Ht%ebj|o!dB*g5tq~)TIO1kGnICgn| zIw;K%ii^8GmuxEE(*0GpvKC(>>@v^L!|jd#NYHI`nnJ-57yF zbhsh^;Wpo93rV(hr5T`*1z4_pJ`E4XCNAvEznqeVDy5uY$D5gtYCVo*Ds3<`NnwaL zoQA5~-g7$-ERYhcMHJ83W^_`)g7IYdBxWH}a9j~-<5J6ho%q^O`?spUNWGZpE5qx< zk^}jSng1ARMP^&TEtj0zOU_f2yF7dDDKOt1n#1t4KJ*?c+fynvPMoOmi_iUV=t?Am zX&=jY(Y4Ro4CN7i43q30b=s_GV^|F27I{+I;ClC0)wAE^8^40x@_@mI=}DjCFnUr3 z776*buDq4kr(T_rxe- zYuwfu7;p!W^#D>SMAi+0jo^{!59{7oq!v!fKS_3D-tn60JooPl5Rj8H{Tl13u*{$b z%W@(@T2?LSYTSCrk5 zJyASwj$vvP?0OF!v@05im?3G%8n~{tBiCkx)4i zf(t;Z^zzoicRHOYmGwSkP>OK(J{OQ?&g>xzX}KRUTWQ&Z`(3T8*!Oa|@dgxixqfAW z1HIiNgPq<^(A@~mqP|kQC^JLyJsktBikKV<>Miz))Z#Nnp|1IXgF?@)aeUIXM~Gz*ISjV2g0`@CZ#6a+aKDM!yELDMbQ;MrO+O%5fN%Xu?!hS6K=3cLlII|%MpXkXGacq+DOWPu?HZUaaycy>Baxq!eDan1 z6bT%7q@*IzlTb-{8us{nKZA2WAatt3yF#>7(5RKQPZ4V;)&3V3dbTi7DGN2uGGPEl ze<=JyJWtVx#wF7v+%c&QuAwAqn*V3d`Uo%Qn{ithY%rZDZVQmvash#jN?SM_rGhn% z8Nhldo>Erx3P$)sS^y>KjK3?RFYWt|(wp+ErQFa)4*QaL6qSmEl^k=zP&(F~kl!an zEi?xDl_iim;9`FrI%)A0e`x8EmzS|wFhs}h08$qx_Ha)AW+QQlol5fjlo0W3yX1l% zs#K=IoHz*`Mh1+s`#t6jFwriHVnAdND2y6Ge^t9Z8lp8TodZcG_+kKm?v*|Ah5FJX zMWRAr`ndx1VQ!%3h>GC)9=SPJr``^9=kz`#{Pu3j-Pzll16J#Rb4T+u^RZ#H(GMa! zAK%3^X?PQCzgHYZHoP65-am?)pdyFTYOt5q`B}TI{iDL1(~dN=vTZtahEU`)1g6F| z-4kNKe&xmRE`v=BA*Skpeuh!t1&>E>gxBNu-(YBYi`F-HSrxWK zsZQSpT%jphd!-i0SVQD+2c@3p0B{HOr3k)QqSpjkPDJ-n8H*@(bJnMeyg zC~c{oxfqGPnpWOfp$lr}`M;B}NXkb+)#tddgVBYs>~Ypx+f{Yz#HQ zpigHz#hm5IgwZltMKh(Kkavq^tq+wy&*PBsVYw#JYJCv_y8$oAfV1Od=H2q5fmf1a zv_31XgPR_LI?%8cs9l3<9Cu$>1CmB5)-E6e|8zj_;^FdjbYa4=R6stvs?ple(70)T zqN5^B91e?vGyCfWJxT#prpn37$X!I2sI*{^P(VqMO%-(f!q1y_to=l`D8}XlS@5p8 zFTX!ij;erD!P_q3MJF11L$kh_E4$K}Bg0tX7$l{}tv~1|Hotiq%UvajS-x}-p$1Qd z;job8jO1VXA0so;F%5ovTbFpy&OLI=N#Sk*K&dQBDp?;Wb49cp z>Z$ca&f{^i4_Dgw>zPOo9(?}W&ih98h8LwT{i6YYl#*cHS6wl--M<=;0U7Z=)z+I& zh#Lg;2;p5(a8@GqP&#~6Szd0jO*{9J`lCFpQF5y9Oezz=AAHJxxz**Rrm0`59R4Al z$DbLwTg|RtMVGwwW!y#8WJPidEtB1Fsc^mJ) z*Z7m#`n0VDK`tOKs|mOO!T0`n#)Pl%j5Grh1q}!Ttn>T9t0q&2D7@$ZA#mthAc!N0 ziW+7XhoZ$ZPksJ&CBeMD4t}d!-%oUBl*somylV)s=HsZB-%L&6y7MX-xqMyvTLlO; zG|pBs>;?Zh7=4qDQksCIde!5e;HRy77uLj2N@P< zS~@9Vd@}rCv+CwTR9^k~ihK7O#X&EYldb zKh$75YxIdpH0Q)NM}xs&65FTg0qRIbx29#C`Eh#Qcn z1tq0#3lUt5?fUSP$xv<@Q$RC-<=vHrbif05xmEmfs~rbL^lLH%U430}B@>Paww0K4H>(9J5r1Z3CR-rm>Mkx-89I?QnWfM7krzD%+OMtTbddANV1Le|;c z))Yu~nqWFR&f3yO}xAr6V^xJ3?VfENBQ$*R>RqXnMqDWh`Z5K1K?=LIzHw zYz^O0k?tVdae@XnCBkRWfL*lR9BoNMBO-4}D;3o`${Zt|CIW%uNm)Xoto(6w0>5%f zt4_z9a!CV29(WutIaA#<+nXbBbgt3OZ3rt10nnFQoXh^4^-lcgST&tz!Vck>W9=hX ziNkB#_(`2Kr%;7A=l}okc6e_QSLS;i;N`>0hwg^Fkd(N^H^9lE%YGh@LdAKZKKbkgSvuxOh_j} zvbN+70CP+H5b|m{vgvrg&XAa0Jn#GZh@7a^nE^c-=tX)hhEj|n+*A=o&T&lkd-NZ} zv9Y{Qj9|lcvU)Z$xAdQbH+C;?bj7MY_QbbQZn<3ol$*Oe%^bn-y{a20T6JVuLl;vBHSIJA)@!Y~yk z7~A6&{JMRBGF0BA76FP(9QS8Pa};5eBgbzqQ6n1cqumF#o;Mb?v@9&FqWlFSBFsGh z^-$Yu7BrHEr)?q#f3dRuNpe_7U~x&Le9<$1LFHxqiO%!XdFu!M5Y2V8r4h0kMN8er zq7)t|5=xa6c#+KP>|1^kc4vR=5W=JRCStL!GZe)TaYCaaP<-+~Ux?eJ>b{Y2ONr(X z6f+-6a5J^aI+}5~Jc%-`DtM6@9@${hA!DZPXt5ZabQ2;#w`;91A+?qo#9BB1&!a6S z&i`8#U6ojrCJ0LE$L$*UJ=a1uTo0-WKHqK9>apHp!&uLdwG4y>H_CoOS*+vMZcrus#-%!gDzxqeR&xs>T<;zPs?(p1faB(g*+CuQAhYq43jE)pf;!L%AV}c7c zV=A!CTo#OFmZJf@JO?)Hgprum3w02ScE`Zg5#=;3z$m^l(%<`E(DoA3Em27gI5 z=%^=7GKgdms6p=RU}9nnF^c27+BB?Gy!(N_xf?>7Lc74e}d6fmc*c zO3QZmhstvpWl12*Hs)UXYAU>K%(8^_m?zjI@KlNQ%BZxQzyeftO4{PJVBS2POUU2rcf@B1mk!Dze%+c^G>PZ9lY_f4!dK-pA-{n^JKP1xr6CHXm_zL`Fk}DKTy3M)I^b zQ1quZPc~m@t7{(IHUp^Hah7tuOVCdh^F_r%&B_L}D0#22y!Rd_mYUu&%Gb`u&dMED zqfWnnlM9?E=flsa@RWSzN=OI%f3G2GV(Ux35m@G(7&bA*IB0_A-^(H$migG2NPuK= zGpTvCft>&-=5h0%KYHuQL=+-a|EEC676oc2PRhJ5F;nwcE=W^I&9yLg9yNtn!0VdX zC=J*hovmX!u{oG6s-{o7d>MIb{$us2B$W?6@2xwo?hsZ$eQ9)jEYPI$es{212`%KK zElS}~wW2{L$*|WC;A7M(IwOy!MrL-V?)##P7zpKntygu2*bK2Yxcu$Sbue&=@iDN5 zTx~L_T92*I3dQV%!IsCL!ze;3%o3WP3S0%zTOsvN*r*w=}Pp>#ZKYJS4qVmCV3@$OpZV zG)a9q^R5!ij}$EG?K$NK9HiQ}(_+Q3T9(m5wn~2QXJmDYzv29H0iXg$kbZ*)@~G)J zzHfE@%GG#OCB%*H#@pHQuAKS5GyiX=Q2`PG5?wc8u`%2PH%JRuM2){ywf*p^S`6mG z@>5kEfEeokWG?!vU`Pl0((1Ff^6KOTn_n~?kh>L z6Q2G>uM-uq7~V6Wa-1Ysb|gxlO{w>*kE$Q(Yn902NFPh@o4&T$yYnF2h9yqm4s~LQ z!0}yDBe)*}CaDh?n_#43E+1Eu=El5GF9FfSzNNdeR-0}hC(KeXZ@Wj(D>13F`b+`? z<;yTH@V;&ibnzHhC*>q zZ(o(2+e`^w%+V@dZdAb=@fz1{?^a=UH!S&G*+4G63|EvY5wI#*)Y;eLiIzvgT&_@? zS{FprUT5ChKVUR%kwnM2H?uLqB*=kU)x*fP+|H1Ffy?VTl}d@BT(qj-IsK{yMcjB{ zIqJ@yy&`XDcXN`MX3!?u=KYM2hvXQm)(d3ls%5pj3($+d=z<7)(X;;nq z=fK@>Sw;mSqY~f>Lyf`%0~dcW$X;(AV=fM>6b3(brO7aVt;CQc2zO5Qf0uAqnm;TF zyhPYA%9MhtbwSJ)GN{IPj^XPb(pUc1J%-bL1D!o`lI-O@+lm3SX~;ei@A<%462 z{R|kP^A`qiCqPOljx@&m_`VEAzjMq_XfLW#IeY<9V@L}ANGI8T+3d|CDe)II0eI@j zz0zT#JoeQH=Qrr_`$dz*YS;`vZMWx|eoJ;n z&K?$0zJG_Ro5P@W6xwBNhT}*cV%eWYqjyrU=WB!NC4iVXIRMH!v8oWe6&BW1My`u| zWxTkg-dyXKk@MuAZ#Es@2c`!KKPTw!hl#?no{Fh2uM5a6retJ`WBW{*p zyyf4f-!EmV%l(c}`&m}j6NP5@xwN;Wjrb=|R`{fZ3Mo1Ka20&pLLIJw>T=j#Q- zPofaMMlp?r^igdOz)&F{g0BnW)pa_@{C;uKnaf3eL-{p5)m0`3vjdWMsRh4zHC5i! zV0(+{JCEBVup7BcWo41km%P|Eahx<6a#O^gS)Rs z=&aO^BpAL5{mNhX9Burc!k;Y%`bAYDIY8By0b9FIoctyFA*Qh?BkVC|x>&Co>XY@D z*yYp;b!j-FFOYE;lcwK4{tuq&II22m0AYko%}f+e_br!Jj2hoGvz`72tx}>O>EZ75 z#?a?R`FYx~Clb(UUZzrJ;n0y&b>~Cv-+m&|FaOnHyr1Nt*X0-FO3>%@UgC zZjC@WhmURjqBQPKTYi5t7XURQ_iV6c^T_x*jtezCT|8~40ZcULR4*#~E{ki-2StAp zT2$^*OWRpF7SsdM0TF8%l*Gd7`ToU9mBppWr0Y~L+?N1Yb-WRtUV5;Sp`HGR={FhD zLld2m!oldl>&- zeR+98xR>N4740i?4QiY})P0!ISlEtnQtf%7FJbS7PBT=k{%rEJXaUcZ z#fR3upD4Z{|M5>zl>#yTR7+4XNdvt~&)neCU=Kx#(nVFHW;VBGnHw3re6L7uC4@bQ zG>w#h?-01ojM4>5ggX-t$ry9z5nWh&d1lrTQTm?K-D1!tQpPjaM{nj-r0aB1@u)E(AM3XB8vl_9M>4XAQdX29SsExRkixe%0``QCct2Mh;{S-T z@gFJz%-HpKtftxuz@`vLp|#u&K>NB=!Vp1f?=o5qBU)#f**hOxeLR1iA78(hJb1dM zgs(6^56P`z#@}a}6#Siy0NmNu*1CB+Zm;kJDBcwuXd@d0n;+o>E$;6#IB8>?T*e92 z6v*{ajK+^0Mtla+xwI~uQtttw%G&*f zDVwjQQP+I6Cqp}_iebKnKbb>i{5##mL=H!$qc-Y@rFErk9xKgR4fLWYtA2^Qu?Vnw zAF-SeW!)S_>>MVTA|>`Fv*9z2BP9ij=Ks#HCV{C z$(Ph)*V59_DZ%8*_}JzWbGR#jKHQ^}+yn4Ql5hvr1I>9x1*SWOVM6|6XJeZv+?LhB zZyq|!qk%T=jZsm~*0&w13r~W6>k#S0;wbD{)0AQShkw&+2GJtn>V9q3NP; z^i={T`!2%oIYCG$sjO?^cvaJ1S9%a$(SW{(xTy> zCX+m`AHXZp+3O|Z6CE@jg37SUzZ69_UxB~IV)z+FYq>g`k-OX$4G2^BH|C<0PDH_U zS^=ZLcdvMIufbCPyW8w2qi%yo{lGB09dv4 z{CZ`Lx!g9MAgma1-zc7>z1(c?3%J{wLuArpvC}9AA~^s~??A-V5bq2GYhzW-$R-8+6HHI)VOUICTywF|O!=fem}d%VdOhED5?;N#U?ms_{j&de&s zu5z?~&BLR8`_`Dw;kCJi^YG=2nMgx@8_bp2=aoQ){p562zE2Vh%j5i{vY(?bw;H6# zLZlx}#YAGz#j9MbXJs7ypB#VIjWvxOa1&n2(pyzOh5cZ~iy+?7*XnFh96PmF{w*A> z6fM239B;yi)YY)U2Rf}appNqLy$Ho%@wT;ynRCGYuByGl&El_~BO-w-_%SQ4X3OcHswWtj^VjFU+U{EZ zH=Ki;Sny1%*7?{AnOD;2W+P+)0HI<1IJdpeue0C;qEVe)Flm{z5`-iHr&jG<@(9Bt zLGI-d*Az)?4?9+G%I`O7e3hS-pIliZ6>xaXzXQ3C^q}K2lPVaotzHH^V_eIya}*vZ zx168RJSKKcg%_by)UAcxPJ?41nhcGTL(|`nE?*AvQ&9V8{al=cNaZA4+|2->X)cAe zv}}C67mgPi4&$ewL7G$>`z?c8*YB993c>g=ob(!})3=8^SleRtz6s0J%Rg+r@AtwBY931Is`0JE($HD`zS94dZ0Ry_szo{^!EH~Knp~ScWXU%>7 z;FS7weD2_KM}HtKCVx4b>)~X!`p6Q(v962zDdCRI*!dRpC&9O>TDz)hTlIH!y_2du zJk5LN`WPQ+;byo;&iCn#DqLS=YOhUseh90Xd2+TL6Lz zNW?yYsd>giO}jJWJ)Q{lz9g2oQ{)_NTG3&tq{otPrTthN0B3C7wQ0N%j~~Zet($hA=d_9%wn?xs*Z#sd!L}| z(RWF`+1@<*mHl>=hjcb`0t-Fi%?$R&qtNKucuQ_aC8g&33G_tl6;ft+txCVomnv_% zKVZGWl)}1c+D3^xQcDVRXN07EYliojoXJJ`J&7*$^a&* zUiJW%fqmJ>X^W`^%;20g#BPv*9GniN>1^@;LYvQ)A=2Z=rI3E--rIwANA%}r9rXSC z)_O(NPc{69A+&(qXhkB8fUgrHS49*iRP;Yy+)g+M^h)zu>tz`>Io0-cDTTf%g@>0S z_Am5(G_6z*)s1cQKdY$X((D82NCp=1=1-6q2S8(D*VG`Ic_tAFL~nqRi4dfUd~4L) z1M2L3AL$qNz8eWh{%Tbn;Gk2_l~J$xH!ZFfq5zGU>WUuhaI2D4MSrl$`xJ5tEQ%5) zGjR$6_pyFJzKD_OgVZB9Y^y?@grn66Q!(M{=Pnh{!Kc{6c*UPF-mn>9nL9Jojc zrEwsMD**OL=t4=ew&Qmnh~o_S(@L~8gpk0WH~6P?Npq}ru2<3srb@RlqddYY%?yA& z{LMKd7SUqwMNX{1*F_zuc-$n=9xiMLb0EX`Jh-!D19E-q=bAF27hEpixHD33(_1u7 zL`QKCF3FpZU{3O|fA4N=0^oWmB3rvx>g&jiF*>5&A4Nl+0SO#sEiSO*@7p>xmF_PS zE=sovYe@+i0ppa9bOc7ckOv}!H&xP7HUjZ$rQYG-XecJ{DQ(|uYdVLR%%WT_K`-wV zlejDfUs1=>8Iq$Bq(B_w`hIzL#{f@XtcjAd=oShKCl%K02jAD8<>c}7$&#DiI~cW@E}`j#RES55&JJLveTvTPW8noCgOftE;Avs zPnBpK5xwWe)Ko-$c_3PZFKcb`7})lAvg3`#n`GfUog?qL?vYcnv7~#7T#8)TAI}Q7 zchuh*DTEBxxLH2N7(*lKG+f|ty5Y;04gJLlsHv%K@B;`;d`zcD+Z$w~fW>QfMrU(C z#ddoTLyuJpkwMvptzMhxvmNNe7^5&wwJZ#bhy(46H?tIkC=jT+3pxC*5e&T#60iV9 zd7=>%^aD)3!m++gVNN*>eC#vj&*%iyr~=}FdwTlOF|E1iMK--~WHq(7ldS8O7sR{_YoF@+ z_J5uK8jaQe;**)0+G=+=dibW^(Yw0ch*i0obrB_77q)JOg?0Z-{1kMyIlm2?>3zDI z9*-|Czt7KC+I{cQwXhyM`g{G{`E}mye9{q0f%x7$Uu98IRf@K;15$z)Ll!&wqKUdUL3Tg;A-CiOmtdPE-V&)sf( z9e!D)cMP#QQ!ip)^8M%okAOpd^`QgV#&o#9<_od4J2mvvO zqjxG83eBLJb68wjD`l1m*SumyAMHhs}~(Czm9BAg+o^EM|}-!q0URj!V`6s+aotK#Mw z?1XmyC?d3ZP+de)F!1=~Id@kQK}9->7koBQ_~B?2lnkU)KzNkM@T4#P=XMJ>(j%b# z7+X?uzW{vXtIm79ww>2`_y%(i8<@)c2|L6?QBi@7pA$((v%5gFep9z<%;3jX&jJaR ziJ+{|L)?g=>7F7?u>-IL+gO3ofX42XYYIvF!Dl{BjvCEb*%VJqU047yCpa3jD>beW zcB)Uu6iF}mA}%pf528arsvQ-QJ^`k( zBy&=$_=13U0UAYOkgevG6*t{BrdowQPis12A+&*G8C8ow9S>t!x3(szI@H6>$vYY$ zUSkT)+M~9r-r;37Qb_6qW`%0bc0api!@6<9kL7pdH1+q8mYzryx{i_)n@Gf?!C;!08Z4Vl zW~^!6F*wCj$>YjNie6VRZ?d`(%9P@~Is4vno4m?cN~~@^htP?Cw|yYhtpMZ7jPT4p zrFBWcX0wfeXCaHs@;Rn=ajj_>Dd$;Z;YyEPD!^Gvg!$YbE~q7xfVtO`CsV{QLt%*i z0qc;m66^GY$vfR*mf}xuhwgV(=RX^ERXsri{3XLI0|n|C3#=c!YFwX#J(CCYg~lzb zg?P1{2WlwJETSoE-YAd~GyJS#=`uMep~BS9=w_JY87O4f!3T{7{8sgylxT!xdwlGX zet5oKONo|KcH;X!OKBB$c<1i<%eB7dc1uwy9&&KMYYme;q*TcvnF*~ z=rm$*__B9zI46k0a>!skC&xlQ@^`#=2UHs#{dOe`bqU+oqq5lPM%JOS>aMOCr33Ui zXTvh?3en=6HR!ew5vu4R^w)!7cZ9X4*WAKASQ>k>i6A0{gkX%eR$N4Btqyc|Yd*%Z zH83zFr?cRsbF5Q{Tp&c-w*UuI;;zXF)^!D0%XX|8)A6oAH!_q6qFn8m4zPN=!00>Jt*&M4HWhG3AII~%LQ z6V`M85rB`kK`*eiZhp>uANehjGWwmZPi5tO z4dwmZ^a4@Q^?2Qe{aiKhz1bCw4v+lupTkUujl-9op6E9Q2^XJXGmu&n3Fj9l>-N%= z*Nt~x@#DssQGA7JEI>0sFr^rhzXu0f2a(AYHCzkCGjrsNTapK`GTK@Z#6wly?vluU zn_`Pb-}59QrI)c3u)Q+VVnaY{kJ`cIg)@`WzqBJ8MzdPffLf(jS?9lnznXJHp0DSK zmiRJ%ZAC*-(Pz4$|I0#seb^&$mTgVWz+g3_Zinj7eDS}|5Os*Zuajk5Tr$NSt+!`u zog)nS+DXAjw4i^VDt^_OSAODrwz#FuO%+2))n)I4x}ar70gT9zS#DEi&zsf>Z|U)V z`9cZ$;c$-_0Z-ZvZ~Vmawf_?R)Dg+6F^J)Uf%OP5n;9R?z%`6N7!My4LeqvW5KCKZuFmB!Ls&J*9Y zlGWC$AaA-2{bCXv#}vZgX=jUM^Xf<4`89&POvd0EdHHWpHgYVW39MQfT?5{3nYW|_LBPi22K7iZ^Ji&aL9;EO|e zW$iQ9$pjmP^{WJ02Pc{-7O0>HbH-4Vwc7(=?@U|s>gHIqGa^KhZm#UhlIE{+F-tQI>ipf>Pi2Un$-)dATN-u zQ^4)@(!;6XIs*zI0DhbNs7r4A0b6mI7j+7rD+Pdqt9D+-}pr^RDez^ zr|5kF3a=;Q$Ue2MM60O^+e4Paxf;qWA&x^f|KSo81EMySnRNzYeFgOFx!h{6;6c}u z97`Pk)B0kbf3Fxvz`|4xXCe>Ly{WarFHu;QX}$h@K!POSYINwphNqUW;aPg!L}t#? z{ES^z(#nrpCaFB%ufi3>-}EccC^li>yY=pZ`rY;ZoeC$ite=jS?a>ghd=!w-g^@&S zUeWq&9Y{7OU(x-Y@jDt&@j5+{bY+wR;LeB}LLg}nV4h-C`5bYdRF4q@TevB#Tt^_lDt5lzAm`O0R@W~x^54)?+<#V^J0%<8>?H`GEI zqFz4uWJqVEjUUJW{S?l4Eaz>AoT8;Tq(I26zHKjgIeMU#8~!vvn{<<9@JZ6HFe+iq zA2lS%tHb-C2ixim>KucZFmo?u3vFS67mSMvoH)h_K@B}sODd(Ca$cwv9!*Rzfyw2Ctc zy9tb}d+MU=i7uGxs%h#8ZAS0&b^tE>6J=~v3OZLdKkB(;-l_RYlhumf zLzW(s>kv8xi+{|;i{F1ui6Q_e5B&)l48PkAk6nUB?+*WZH#!1;qx((wY;Jo0)msI8 zsUctQBm{=!)qQ?&kKo!!h&WrDRgmAVhv1Z%_Il%3T9|LJn{e~4!o{a&jxEKV;|V<4TQX1j+%!*?aO2nrPOPe$BrkUkTQ?DP#ZLj|qnK$Zn@Qo#ad+;Jwa$Ni0QR1)oQPAf8bnvO1KYv2OVl=f6kv%owxHO=qs2n|KpCWKIh zrx9RCbBRVT$oN&v?@>!$ZE32ZR#-^V<>Pm{^-x54AqBr8C;q06^ta^C8sCT6xQGxz zsc5R^xs~l!dx@eF1R4^XFR=}5cwi*7Y(<&;p!3=L6PDkznNXhJw+GPF8(n02rejG2 zkgWFDSnT2TX4}BaIhvj~pirDjSM+FUc4D_Tho<0^w>Pqj!0o@#Ru*`?f5RKCCmq=W-kU(xZMDDWpt~I6Z06lZYy0$c z3TyqBbvnf%3TOx;&8e4He>e1F;14}oDd0$`pw0LFIcECoxFvODMst~WKQR6zTp7)D zGy|S>=<#5~WWgBqP#kRj-frvYNkjKz8-{|!BZW4LyrhEse?O|K)#SQWOv({02)ShS~Gx-OwU&~W1 z)MR>l^hEZjwG^JUK`h;@fgF!FifT?1cGCicGW*@A(kwF~da` zl@)IYFNZZG*5Ep_kGQX8l}RWkBB!PeM`4V8q&i5KCW*or;o+)gn-_xCp+#KhzM1Qo zY+hOofg{_bJlg28o7UZOzzeDI1?Wsz9reb4TT+xa3bXZ z2M{sDdPlpK-GPTs7iuj(AWu|4?-|p~@h9BcjioF^o-Y@i2F#8&jx#Njz-W!uGLfah zwTRg*tHkp$HtdX&;$kW=#d*c?T3?M%n$EJkDvka!((|PRM}N%D2x!O1R66gE(e5xT z3ztgym0LIm{z_6iOmb0nw`L`vMbI%bV$(+>ZD{$QyABJxU?G>v3}su>Fb3L5y(R~$ z!pQaSzs0Kl9 zwfb&>WfFL$WBNxPAD;{lk60yKak!kKdz%Z`~;_rON`dp_TO zH_Snpy^@Kv;}cWCfqwAJ{QQyMfgzNEz@(NxCwYFP8EV}>-(o3uoIRy^es4qNN@o6D z#c+UOv1_pa2tlYW%41seW{Uqw-anY&8)G(@_}pCU*aS$pw1V|lt##L#pk_DTmCbnE zbUKmcL4jF=(AT8i7mf8CzxMZYUv3>upaHHhLz?OK_zFoqr3Dh_W(RuvcpkjN;K8Q> zcZaB}43O(&xFB_|R>5DZD4Hh}KKvzwlh5<6=8a#1>|{X$Ts|{#!kI3A^*yWGSa z1@LVT^>gNwU0`Telp7Pv*Z8Ju)O>9s9Q-qKt=g|D;O7>xUYrg>fcwfd%Jav zDZed8A~JEPdQ0JW^kE`>wtB!r8)|$(CyQuUauIYkM;3~?x?J5y<=O<6VPH%NQJ|pU z!sbUG<2qyCKs(8*Sx^&O9vcL97Kl#{5mF=_4AMOnenS-dqW;T=YUdYIcp>kN`52a^Wk`-J zs8Q6Wr%37Ks1#!HIT1jnBEc_9Wc#h4`m#D&XXI5dNc}}naHjfpyXP9li)U7o=YmN# z6A9`;qSl+EU)pPMz2=&~8=Wr6&ZFZ?RS~~f0FgK#Q!Pun(bAiokFs4nyFQ>dRcb!izYYcL}$k~aJNWj?i>i2D@OHHZ3G3ruO&2e5wm&a9>sope|160H1pIO7Xz%#O_rsiJ&_p;Bxfyu`oNw|H-mv?PxiY*!xC-CyrBPPOdmRc;Ey32wO3Lq1^I=a+&ZI&0w-_r3YCdc+h zL(M_tRu1;z5rEyL%Ahcjle9S-cQTd=c&2ZqE3`jk?0R-`a=*}C&W=kItn(mG|7}SE zQXAAAU>!8qD@ZM*7p0emVVN&yuX+WN>|Rl3502t$3mDOUqEyB!OwDRWXCU93sf>#q zu}ZqB{T~1eLG-@XqofX3Zb+Eql-F>n*DHUu>er_-^I_uDwRTS;rYb!*A{(GvV>^CW z1B{b0*NC$Ug$Pg^t9z-4seY9rvl8M>#4C`i@bg1s?LDcCsE8pNcKc!Mfmf2DQnUp) zyaDupnzcMLG*fiMEA5=zanowy+S0J%3H=84pB{-DgqpDC@cowp?>=FBG&5CaHTh2L zhB(=S2NSU`GL+mBLb0VPtLo~p4nOH!ro8-yRvJ`tMP3= zQ@w@_va6OUH3KI@Gh^M*i7?ldi7b;kejqB$^6cpznZAaeMr`nFhsoR!m- zGN`?EJid+^eX<<>8-1h|%m;eMc+_{4qr+eAtu>^M+VLWIZMfKk(1Y5tHQ5egutCcT zi3so6$ua6D#f#qMYX){i8)LU?MB7FfoKH96@-Ko5M>l<|xh7}}1>b*d*ozmCt7LyD z(eA3bJ83VrG_wM;%gX%1tM}aW1OcOzmU+wH{To76iT~7mYjy3!@XFJ5r~TG>hjoHG zpPjYOcP##fCq}2neX#Tdkn0mI$80y@R$D-NGgX~$2g zj`tqMFB-ilQfq45y=+a0ST}~@`wO)AyX65!bh_I`y! zK%e)eXP3UW{@Uon{QCj{=IZA_){QkS|fByL=7*(bG<3Ikx$%T2Z04DzM!;b)nz^o=I zwE`-d1woyig-?QP`~CN84<0^LhbG+GRkk$kYC;^R&d$w#cKOoZ{O#Y+?f?D1|EH^0 zf0LUzG1_>kn600{8LwRV^4o8}0lNf{`tG~${_^MVZr{1HytD+Qm8$wH3k!#xz+3Q1 zyyczYp7Ycx=v4^-qRh4cops-e}zW&&-0B!h7YA zHgs2`1COWrMce&R!bO4%A`~QX`zAPIwkE)e(Lb#7ERibB)!(lEu2G9ii+TjLh0)PC zwT1WfS#99ga&CIYs!$#vW%uvh17>})xF{?A^jClN2RLS6NIo+YFbYm8{lfe_ z5E!6p5udN5XNyms+`fJ1_uqcMe(f6Y8C^(CWcAHAUpJK-Ln+-yy47D+SjAJXtAHv| zBlQ=zuOd~fmV0TbChJNL=(P@x?N5LD69#~11y_~xxpQX$+SJEdg-WHKf>MNbb0Gb@ z(I?2C@b>z|zv=k!NIXupGvVH1Vew*Rum=~1r;Z(agQ4tA1!;~>IddkcXk#B#{noA9 zc#OYQBW|R?)^DvMmcD!UJ~8rCUyqIwN8pV8b$8RU7Z;bX4SoRH9vvGUpBU#d;PK-p zM*ZVQk5$7f*8U+5FU5tGbdNvPp;coO<=S5^%Nv~7kFf&wn{)X9?~bzF%2ysa{O)o-QTj&PJZio5BKvtWbx5GStK3?tcpf}xXj_+LVudq0wy^~e4?Xc^5G#F8CRgHG zYC(<;4;$3ll5DHGNv{=tSNeX=q>vJ}EnQ^F&oyWNK%_NOOxhk3bRkwft)}&!DlX>h z*st5`DX0q_1r8YnXk3gWDrI6dSbd zqd-T2!%TrTzp}Agb7X&ML!B`EY3nutJz~{A?)=~h2l(S=)ztd*d6YM53{AH}U;&!x zA`gG&-^1MMu5KL#ItqMD6o58-yyP=Bu~-DT&=W@#naCv}cNPq_EIJzYgaPZ>{?)%N z_AHhH#aZ>?LHLgKSzkb%v~VBw6w!))G5Voms2j9bAgy4arUP)H%p33tz4&Bl!KWjh zFZp~&yizm`qLWXLB`ri~VFohWBHc!lO^%6a_crM>ZW{bdd^D`nFzSsqt>&0fh< zTN0D62ghr;{W$rnXG@%BKF!%tk&<~?7BbPIr|U^Mb@5va?` zax~LTquWuuY6(}x{$j}qF*1G{LBbFIFRs{#NyA(8>-y{6>ABzJ>Tm=5P2p|w@9Bn7 zF0Cy~Pjo4+Do%<8-^j&TSgLr*et>@onxv1RC$`kM0!WhhK7GzPfOnexJy|B}7>Sw{ zIhj{s$H{-4Jq6rB^@@F17vcV0J;NVF1^OldhWMmYM9{GwxvX)TeH zd)J=032_s=p3l8Led;%Z9FaF#Hra^66MN%Ip%t`G*U&wL4PddFng%ur>spdFBtoB7 z0puAS&zB(l6mK`gd+mT-a%kO92Gf@FK2^KRc6Su$kCd0$=r2M4;#<6IFEV=zadKdh zne@6_z}>~*&kU0GK@i-Nl(nw)1xT}U@7v!m^Uj^I_G(1$mqNFV-%VsS<=wM=_msP- z)E>W!o`Ydi?)yR2O-1bCPYuCZSO^>86bfvtAf>SGvXnj@8cVo3Sim>aFb%dQ6gF7g zZC(lw=YyWO^yT~&md&h``80pU!!5FLb7gY$(l^f0wh)A?@<{H?ZvFT&N@qfsB3}n zD5b`zz9F-+dhg!dt5<*XUHB)DpM3kxH{eH7LJ)GlDhD~cr<2dm&pm&Bp+U!#t8QSm zS@#vhN*W<^;?$JHngC73FycebON+2rOB(Y1_dl2s&37JA)Y8-n8l`$%FnX%hcW&Q- z)`FVlnui5J9nV3?(KLCZwobjA&Z6p zoWW_$&W<4?DnVyHeDIJvRg{!aEZDGs61SLi+WR$HU=q|bdK?o(<3q57I92|lJ>Q+G-xHoD&1x9XMx56v} z9qMJw7Jh41Y5LFFn%dsIdk0s@9O_iHL1W>VSC*F$y~nkcQhV_d&?*d~pbocg-olXn z^gi6G7BwD27PVC$dBW*7FRd`XdR*I2pFXp2@}&N?E>jZ$zX=E4zilSpI(}7qTlp_C z7(UuBIvsl!OnNW0JbD9R2mj2R{PxMcAH4YZ(fyg(&CXVrmvfj(kgVNoy{5vJR~2xk z?oc)8Qhy^O572v>nmZOnS29mq$HkOd!RsyH7QCUap;5UFp3W!Sr#2NQB}A;TFW_YC zfi1BX1)7lX6np4j`$_U43Otnq0pMI0jAJ1kY16wsLAR+^2m7;;vGKnF0KMuSkqtNA zkquI0L6gz3vGQIVSEj%fF?U@z%us3baSO7Q4}Wk(-~s%<%y3j42zLt=g`ZoGK9l#%n-ma{zVfiaZ#?D)K1KK<7((TKcx>6pwi*}LBO}}vOw%S|Y z;2H_w>BzOHt8hnwkBVR;!RJD+i7Lb$Pt8+en|kxSSQlOTcX1vX{%ioGI`mDZUa zjr!bb?M14O`AE)cD@GdMT3lRO&emkupm)S#d^jX{wwklzX)UIBA3T7zu$k1GIeeR0 zvY-v}JaQq8Pj`nD3={?buDKp5Yktq5sLrd1(5=Q>zq`_X9_@I1?Kj0b=)itcc>DbE z4Y}N`H-n}n?BY>v00flDPe+Zuo?LEPmlXN0v6>tFRqAH=Or|keRxY?T3>gNke{vy& z@G=2!1`Rjy?a`H?+|{3mgQg5*H4fe8h8TB>r2maML^zSX-aqLTMs zO#T(*SVIfCKb2;#;?!zkZi-^<#40z}YHcj3tK=n9l1&7P4;+lfPn&A+HflR&Y-Dt3 zgc*0e^zwYDh$&&Epbe>8b^>fjEINWfpaC*Ge6qCk^tnPv_VcIbVJil$BBAR1Tu#)*X?BjtBb^{Y^um_Wti6oN?y0-af zV?N!OzXq!Ga(+BI>HC8dg_}N*CU1mlN1C7i>%l;CW3kFx>6*9D$7AEY{iRQRPIPMA zYKM2p5dM8S*Xz2hH2-uQ2M_$Js#R5FXm%=onAq{LzdjwTZFj#L3ZS{2V?#rC=>lOl zx#=Sdw#@0HCq`GfaRq}|H_(-`xU@>WXu@k#5%11#?Zx*^k3TJm)oNyH0;1H<78+~e zayM!iwXqPZwaU%fn;r;hszE2F!`McO7uBH+55LTknJL@C?!~e3<3onP>4jNEcq&`% zl^)pImA0fB{yg=lNS*vXO8L`zs$JjGUlJ8n`>(tu{i}(+)uj)&_11$Q$^6x4hOU1< zb@}k|jrS7%nSIJ2Vh*4f18)Iv(SK@gdPO9PDacnae?Cjn7VP~2V&(z|1SS&$PxkXq zKSL10dd|NQRp7GI<3iRscr;H2_LgfINJ<`n3EYu0TftO@96LSCEma^ytyZ z`Sa)C(!9v4D`eHfM~~Fg!e0VtMX&o*B-|Q|rXy(Fho%)zp&|3_=CkL{_5p1sS-?lh zn#({!s;wopOMNbXc1czy#Pzjx2+Mc_y>Sx)^6IZwIpdV(>t|mBwvLTY49A@)S*J-a ztx^Xi|C_Q(aq7=sRy0%7)1QC-+28!l-^|U=Ek0TN{rBH^$<-XbOYIGR_0^S;;SuKG z)_oI`6BjOC;DYt?<;&=aEWRQzKR*l7iY)d6bkpqY9Ph212wuB(9rZr@EGgae8DP_m zQd-xbn;K#Xz*!hLgaefWV+D_vJDlj|OkU&*@3(K==J(ONdXR5a{PXLtS0PPhgZ+3C z?H8v{d40u2Uw{40=U;rzI`G2}-~aUEkH7r#D_E+a_vO=1??wfn^fUyQs@os__y^(Q zrHfp;Qo>jsL}s0KIQqAiFYi5{*7%K<*aGP#X5-fm|D8Gg&Gql|?w|kp-=97A*~p3L zll}1P&wpz7lJz6sa03|1?XfFn0Gqyh_nv++z5s|hvdmy#Ss@TS1u@T>y-sRn?Nwe< z#NeEg0GtZHQj=C_$(B<((U{J9ZDfR4z{5k2AvKAw=Y$6EYV-EmCztg4Ud~)W7mPbj zI^WQWqxFbzYp_u+kh#acdi6I0N_$a;#B0OEz%=Sn524}3jda6SGrd@gg|xWGOWSc& z9=$HU-pu>kg*W6mnEV}+^*K{0 z)dNOkS9jq5V7+O6faZ5aynzBZfz^N^y&Qu*JH8TYgAFFOga?n8occa@a>kd;-jKt7 zJW?wX$yJ~&kV3A)ew5Ya*-@aQz+s?3?FO>f4%_u3j!OTIzM54P>t#>`@$cRYp;_!~ zC?Qlke?#lG7eI(2E3)lg9@=Q~4(T6;*6pSa79xcL$m-dOgyPDA?H;XWCMSkRcV#Ny zO~tx*I|_6Z=u?2E{b-SCtZl_K%!&a^lc^+IRs;uSFWQ+sVe5)!Z|l!DVHCcEG7}cj z2==z*jL;M6E1KjX68j;kO|kkUz;SzIi_0sIorvrf23t53~PZH){kSuP>4DBUs_il=VAV@H~pK}DwFmg-|lf}D)LK&aa(D_ zla+rMhm}`Gda-TQCs7eqsYumE{=Gt~Y;}ud@q%iR6Q24}z?wX7IlGqM)?}4B zwURdSm!C0ZT-DGj2XA91e3BR_foxJ!qIB5@U0WlPGDA>2sY*(g5zzSn00KK7$vet< zIp^bYOQb^^jsg&)Wn2nqmG#!nkfcZgesOFy;3rswY(ETm6RBz*(u)QPZ7RYYNTC-- zRvkWw7^;3xk7SmDVI<{!7bZ=KQ-s#NtzquPw0w5oR8=wq$;Zv^bL(>GQ{W99WQ5d- z$@HW2&L_40Z9Q9RN^m%K*XSAWsaVA$s!Cj^XDDHoHX{3_^=>>fa6C0<EhzCSO5>I0-MS7{=ZwzUE9skYD?oQ+O8dK_cG4XNPhZY=o;zq8d3aRPXJQpH z$@hX^n?~=B+bf^QgG?W+TEpgFv+%^25&wRgVJcX|GgYm7DnF}G`{~*Y=q=4gJGy`O zfC6aS#*5`>^tJjv?~e0rJtdR!gqxk1_0bV0E^{2_xvx#drYUp$CS^+bP~*!mSE~{^ z@j0Af+^b1$$N+!w{FK8^dC(Z!PfxR+9e_%=flp#cTV@h_?U_c`hEfD&Fa_0FDeqQp z`C^EsvIqC(&%U~zQF+AVNhyW+BrU4HuKvYKjiEmjKX>$R!w?G!8Ot60yYYBL^fwa( zZjGp@NwB7gn1&l-pg8*FMUs}F?8Q=LO3EZE)Ia(8B7Vf74C&R7rSOpg(B!#u=kh7} zjgy4Zm9aR7lAURUDfAXEn7~p$|MH9cpi!aOzWCyESXIC^P&Uvsuqu-`WZREF{0L7f z8K~mLix)0lya->#;iBVbGu&-XPWmu?YX#4sAgW(}`Nf$tXEfF;S_+OP^OFk;;H_2X zEI(~6`2X_dOJ3oT(RBIv@nd*LO;F(^x{EAIxWIWd89EkljU*gsHtt9)UjGjgwP zkahrPmoHyFS2P4Wd-#x@e(~zn0C3?!#qgq<{-@SD=ruMbM&C_M$73a8YHYG9_DHu* zO(LVjH*ehFos@4{`JX#?wgg}b-4qZ=Kgt9%cndZTPL-=#$sUyBRV4LDp}w>YBv;nC zS0)nEQ}|K1Im zO`rT)vUkZ9Q|UEbta{Sxm*$k$jWH;OwKHy$eNv~sEg*)3k(k+!Dh$}l#i~)+hoo;R z6n6=Ok=_Mu*TuZ>5-e>L%O7vy)i$DW3l{Jcvtc1&a`L&SYCD+K5xqAO(S!tp&qjQ$ zgHYSFd={>-}Wi&5@vhE(YSsin5MwK5=L>%gmhHoE&?8?8rlU zjzlLM>Plh^rURegG`8^x{}HZGV0K=fJ)b_1s*^KhwQCDaG9O4yxsDjgRdH61OtZsy z?8qu^T4APcGTE$6P*dambfpK|_XpS-JNAl-TV(1k9R)fHd3w)ZWig-p}3h{gN-93LMpZyHow7s9yeNEnQ1tpvFxD7G_z)dlhxEd^YDPv}6 z_{C84&p=UY_ap3OI7XBMmz+L12WY~2&64t(()K>O$+bsMmhRkpwDQzm|d*EHRm*$;Xi zczyx!B5K>n6fM1 z(hTlAc;emp*-5Sia2I~tT9Yp34HT#jdPOoln7m`{i^r?whcqZ?nhl4 z#aspDwj$iS!F`n7@v(NsB4>$!svV_`>(ysbQU&bl+R~Tg^J4qunoJ}x8fu^%_VlT7 zcBI>sm}a&5i>y}cLH(@|vTm$HX_f#Bvy*evzH_?6VXnHk!nJi=sy`4?-7f4k1&l-+ z)%Hp`IHTbhAT~{RQwY}bx_;web?*3NMoXD8ou{KF z)VzeMVU2*QYTac`t`Z^)7pkY)X-1Z|Ygxj1%fnax+Zat*+Tqw^$0(C8R$r_Ffh6?u zZzcF$IV2P5OOtIeM@gO>b$Qs;e}gZN#{AXwSJz)9t9zpIqv40xYpXH(SKD&k2!6G{ zw7K`Ff3uP3)qg#9v=F9~gHLnTukmwv=f@v^1bl)!bj^gbB{XOhge8}XJYRxNsuBz; znAD|97dZqq^)as$l8j!k{?kuCKYZ}u=B-9KmoFA&KxeQXb_oG>p#>eO8=Pz8i0ET<@>Q#7LE=vLa^jCvg zk6{1+KmbWZK~#GMWdYZ2+_(WD*!)Ur;}>6iMk_;n3Wr|cIrZ$>Gj4!ZAxHHr`pYB= z$#y|sNUT=exLR@pt=_$Jm*-uP7y~_7v6?H^Xe^C4stqhzD=W*lZ{PBYKH_He{Q2{i zY%0e51w+hzDnGI|EH)LZ6`BTe2rvzah#xp)#Zh>yb-nZ$NlWGS!}mYXHqV?r`|Y>i z2#CWkZ#d2WbfdC{*AOW6Ftlw1b`5D&_>ix^ENk(9w8v*r_H5BGeN2vx?h>Z#$Bl z^y;1GcB_C^{RwZ#eA6SPOioVdclnf4=T$jy;Vif|&abfm#|g~IZH~_#tO7&(Qeb)0dQ)?B!G#Owd0+m!zx%r{zWBl`UTn<2DP{NbNKimu zM`)F#b)U_LBT?_JlKVyh!#U?*OO0tWTr-8ZnmcHRuj&;0R*zRRRx6@jXwjX_d6hif zuZ{vAAq7lKW+jR>%nzI@(PLZ0pGj(bEaGVBX`n^E$!Xqd8|Zd#=wucq4rHvJ$bK=Q zVHIfcDy99D)u$(-@gCX0R=mjX72l0L?2hH_vn52ykw%BYr6T?Vz6c7NdZB2{avfJ0WFA!`yIv^qMJ$xc|VRjmnUp%yHAJ1bhV5u{qNX&`@Na{~tF*%%` z_wAq<5P+<1-+LqyLIf;;-kWW@iVO%=jC%S&fg4$gc?cT| zTlREa*-c_wbt!j#W=egeQRjRVRO`lgYz@S;&q7gxdmZ(z{S{cOst0bHst=nV3yD_D zc*HIU6;MP$z*QYFYB8c&FYRvyHs0W7iR#g|{e|J**Iu{Z^xAB`-0$+b{EI{IPt1r$ zW8)-|`O(IDSj+gyCD9zM9-~eYAiz5Ag9tIUuUtMiKYK8zIjzYF3x5~Sp1S|=$uGa( z;+bzH+=wW)tBgEB@d1@U$7b;kd*N+O>HIhz&N3+Vri;Lu~jlc8BJ@97Frc;L;OP? z8fjIvAGF$x)NA-!*hO2L05Z8C%-pbPAn&!NwHwq39YWP!{2_06SG`RX=y#kOUCAVF z2rGNjCQraiAy3~-TmeJpuX1rF+Gt7N}9 z2UU%CFBjPx<+pt$a;a#mH;@=gShBb#*)Th9`__kyYy?+Ni+@2|!aEiAsTxJFhD!_6 zsz58K#k;njV(G1s{N+nHh_>2JAlq?oduQVnZ`2T|Gen$G=l7QRw<6mchbMg-wy9O> z^s@d2cyB1QN1i4@FXT4=zf8YPd%chKu%D~<9PI#1FNv`$$RlwiXBoDun^v*@)lC=n zkOBx!SHko<9Onl);3QA!HoGh(Bdg#njn#rwALicv#qpJ_4~uP-(Cgvcy^-HqQmGq9 zyk~ld()hjdRw-<5TBSt143&8+pvV82?rP3^V|qCZ$<`MEa-^fC$hW4?JNww)w~yac zpciu6)u$Mu$Bw8Gf^_sjg`+gzwGKfK7D=CJnz9ujc2=P~2Nj z38h}*ji-5~LLyo=S;P&&mYt3F%@?3G0I@Q5?0ZjAu?b|nR-aLKnG(aSzqqbPx$jYhWMu#2g z14ZFo%LldC=!%Vh`|WpAz7-)yL3=e&3jG4H$Lnf2Rn3HBQ&hV&2VM|uy@aF-3v<#_ zC}O|Qhbg$fUC`$F->>m?%GoNUA6K|geU>a+`Nu10D1Cg>j*mCbwZMSjhKMN#SV5Xt ztY6fX)H8hKm8Yw#PaZ#kuZ0?fSoOVlA8PkH0IS#45SaMF`3oacFa18Q#d+#O4sq*D z_nMxvQJ}UQ@t!=nkQWyh(@qArl~veT#Yv;RK(rjJE}UGzBn)v`f7O{FR6+;AucE0- zRZ%r}-Cq>ImYp1vX)ok9|L;-$8mrD#Ru+@|=lOG&B6ks{Pk#H~{SW`kfBwJzXZ}_< zWy8lR#Hs|F;@|vJF9?kWv{pV)0gkaKa5-eT0MZH@O|VF&A-E-cRlb3NP~V*Srl;Pr z$^cZA8=hCFd$}9$1V|sW>PF5A!rRMB%dKwYK#OlbH|2a(ezwY^>S+zM+4krW4ELQo zca5)2O)zRm!Y{x4^75rir%#0_C%2GWR5Wg$KoO-5A^m-xL}@Ar#1qWPm03ExaXHt9e=Q5d?^ z*@H(`fF^_^tf(o?*G;umQsn|kH8b$xDTQnew<8gNSv4<0=! zWa{$~^1DuV+nM9~TM>Y{Dk*p1mdW}msDeoMmR?)@REkW>hVznzwyn>`{z%NVt?l7G zIn+-vM=sP1&eN)CuxEm6P1tU{ywb=w(&zo?xvxZfKhxE|R^`*l9COsj%Ao3pSAO(k z>!#8hM8rduT*m6RUtDZM_tk_4@N0o*wu!O7{Bn)#YfQhj5`*pSr-@uC$s#?8bMN8e z!^g`6-Q@V_!t4}5nR8&zUKn~3OpFJy&=-UBPR1iL*Z7o)SDX>>DJ+5;@QZpX5{R_{ zH=AsIS#CL4Z4xT$*8(YQt@B}yX>C#U(G#JfIY3}aLla(S{X`ZX(Og5B9J6>OcwKr? zZeDq?qaQM9n^=32+m5R6alZ79^duJ??H(C^?&HvHI2cupE9e0R(NZ0qX;yOy%w(lf z$o`ey$4+zzBa4RMK}JT6I3v+n7F^`!014e{Tea$$j}NdidsQ^Gf^I1{rVrnku`y1emCIrY4|GQ_^rF=&U7zlQe?G`gOf*sf-wkUnacQ+-|cUxmxhw{BOH#EeT{S(H9*aKe~ zp8dBfhxSH4E;n0qZjZb419WJ&uUtF&bo3cyh>jmRe(3n&@aS)YebML4LK41dsj_J{ zWXFX)HEYAF!WV)DPEJj6)HgF5JZL2j1afOxuf}Yj!0Tl^d1VSV&o_%o(}P{xO=UPl zi{KXY#`PO)1*|C|nG&Gj8b)?IwKQwS7?@vh5jx5D>ca;Q|MaIn-@A7o&=cD7?%g}* z9-ZTQQ5%JPA!LiD(b`h+E(6tRb=vFn+EvzR-PB6nd{u)ir7Ng&EG&WkEnLH0MfL7xXbCyTSD_6dRMdtDJhaY~peEFgbK}GY{K=FB@)?Cau zr%s)ctu8=4(9+!BxB(;w6FfaLt#_7|)*DNx4QSxf;**CD?%%(6Kfu%Z`Sa(_&dtrp zY-W0DX>k$2?#9iV->xiA`htAQOq;t46Zco7u?NB??uTMz^pN2a;mby=;Qw~o{3D>!)iR=v*0+RPWvxHfY4zP9G;DqqeC}1*b8l4+D_0WkZ)+f-Y2BI+CDD4@ePNgMh;B@gz~j*!~u4=4}a*uA6 zcfd0XGb0l_w38n-!gTfRC~zn!U`Rsg#K-Cetb9|o2&*zG5Jj&%srXl7+K*2?eIZ9< zsaStzOPnv#@lnfjUtWx3RM=JKi&-bz%Y_-4h-en=h`YMF=BX9D7^ba9`82hE?Fc__ zAKGc3arP92$&tebm2-t&RI(8LAjj z%uY5{{*pXWD+kG065PnA3ZMd-7(Hp$mQax{J;L^%Z=2ZD_f6l=aG!4W0Hd%^HT#IO?LnR~!$2b& z2le@ARV*J&GdnOD@+HKWYC;2>lv4+loFU*9~I!h=VfPRb(HsQi+^8 zc8vIj+=AKlsdsH+K+(W{{pHZlq#wEC8(Fp9*~2_{T$zvNMZ`?E_9l!sHB0|mj7i@{ z1a6P|vgT+_Lf$M_0c$TZsb?n3kja@F)AQDR6)HDr>S)d}&KG$qj@$PE{@ME0e#bOw zs8w1Mm1vuq?{^*cHh)@|&LEwZR+z*oXEBREe7uCv(-XYzZ{u2NZ!7TD+#0pj)Al5d zPZ^7IgR1$vN*g}W@%85J>*&+bXOIFNKMYc1>wQO`tuz^o z>F6^^jji|lL7$olU$+J+^MQ&ja>Vw^ItNg73Ac8jDzIE&B)vGY9 zqhn*uO52i}dTS-rdvVi0^!BE@55{j)_%+q2i8_{;3d(Xy%_ru6`st^orA4ZRY2OoI zwa-4geEj&?tsfSbe|uNaRD%;E@hy7#^l6S5Eg9e}g?NHoT$-7k1<#c}PJp%x`_W&6 zmzmFsQ+L}_i0z0f+T2~1%^csTam?iOKG`5%K}KXCjh`F^3>_m@jZDW`=c$5 zH3^DAk$(31=Lmb7$J5()u3r5OxNUW1Rec)ms@qt_(z)*C26yNl&h_ELNB8dCMKeHE zuV4w)-~$yxu@xZ)Im4dbyBpV!^=L^CUMt_OfP)rs3e_o|!qW9Yx2?alE(lbPH&$1< z(mZ|o6x5yWPB(3|qPi^JI9lmG0uNfvJ1+#S4lUG2OI&8W!_mJzrff8N&2^9;dL2=4 zRmMV1MjtwLsnyj#jU`@_)jLM-2BNyPh{l1Ge-Kg}h5F#3{3siG>Mv}4Wydji67x(? zzi1~{6+M{0pF*ufVllE5G2}s<5pH^V+BOSAW{9+5((*hi z*ET7evTdtDUuDuBn5G*!iYhsS$41U)hnu6)x~`rb1&%re+AK^8QLT;8xcMv$2o zi`Seqp70SBz*mbU#O)anhAgS7yI%OVGq;JfCcQ~|wyk#kLVtpPm0Y~HUTfcLtK*>| z6)3yPa}{7OU@;?&OE>G8ELzjFPv-J$tG3eOl1|lXd3_u>!5?1I*hHL99P80GVk1d=xTRRE6ir-{ zM@)(?V`JmYR}v6(x9&fhSQ?$3%9oKhfjj%f9r7Ep+sBrM8oD{327i0QXrF23Oi!U;Mx^ zwnF(y!U^`ONmTm1i-cd%Lf)T10iqgny;*_iFXrYL1zY;91lLjW)09R)fH zbQI_)&{5!1rT_(7^XadkW?z2!B~{F~r$H5e{P8CU$oYl&0!?OVUn{(~lj?ofO7v%T zT5rjkkp$`y-f?wh1&Fr4=DKwG5(OLn3~){2?JH4$OS#ZSz#rk~0O_nC)E|5eCX#(- z`xg&iY}&}~U!MYp^;C0hnV#0BDLvKdt9L&C;`495`TF9;OUNQp%(=5*$7}sGm2wCr zFJHcFz4!CazsT*k-+qT=U0GSlsq|Xa_LlA&&|w6GG1VjTSy^7@u+}}6z#9t-^PV=p zr+Ozn!P>L>^wzE0H*Va7W%cdy@4x?ne^w4LIkNzOMtlhYOaWWxX6H02FAk~I#HEWD z7fzm(M}b^_R|;%mDU&b1bV0q;@GrmoLK|`B{reBNnf&30ANkWojnik(FsY3^&(^q5 z?fnQYJ)@--8J=xX88hP{4mxgrepFBCKApSgHN^&?u?XTu*fxLVdNeUPac<;{#5Zr= zHgF95)m5Io4ypBE+lIU$l0#y^a{<&_qliRTWYI_iO{7N>kORk>%jNCz+S);H9y{-w ze!DV1i8$M2--EWqrefTfHBU}4yD1nn{iB*+701YjI1zEPEU@XKQ+s) zb;MiQRllRa1_iMAfC6YL^tDp+;qpqbVmI$TYWu=ewU*2*=dZofbloGW$ZN&6$brNM zCKb%OWvq?1$%&nRj%m$2PaW!m4~Uwt{!1z}}`K;7M$MSTS+;O9xpC0Ew4UVT=p$Z8ctibOMvvP4@4&Rc=E}IR7Xb2X<(A-uU6qU zBedmD&?6_}_OGlW(W%y+#+u}Hk2cm*Z|YfP$+o5RA_G?giYiQ=Y@F@nXFY-@^RMIq z=DMT3(cJv@Gu7VkGE1r_wCcX+RiP=@$;Nnr1r0l@AA~^!S}qWsoA;!_QA+-iSdoqr z$+y&X>sT{5dt6tau`p)Cg~sRlvomLWDsD>_2OXhGXBK9!-nawFuQ>*P22H{JORm0B zzX+EN{kRDv>4_gAh`tF|=O|d=M@5&oY7K6!-WZILF)4ze$=gMuoS;G|e}XGfoAUur z*N-22E_1?>G~|s{e&n6EiNBQ<9;$=T4~3779~;f1R_-g6KEyxL{>&C54075}WmkXG z7`4Dxd{vx+u2BJXy~fbI%f_MlE_3K!-$VfniBm%n;tL zfnhjgZjN8!<^$ptIf7?|O*tI~xavmJ)I1Go^>p2cKVtv34yCa<4@!gglN4I^qjiTLE&iWMfCAzoup!v5=!MiAE`&YMSOM~FD z-M8-hvph%^TS?qiy={q-TE^Z&!AwwO>@F27Xl1yyxb3TTK(ST~KB~scELG~(ty{le zy9W2EQ$RN77Z&sgTv};Wj(CppNP6bXS@2ERV)fPL_`H9z=02d;3YrX}3hleRvU2YH z`GU3Gu|k2E(zA`8h}u#&(-s8_CwQa?NH}gy-8+&5{5m%`FEKNxA3S)lw6x@D znZ;5L!0ySDC#AF`ymsx{eW~x=`{kEkAoeDwoP8T};+4}3#ijQ(_-#zmDt`#C&9_9e z0=j<@ezz9RF?j8=%shm3)@%Aj#h{RDy0$==t~5D?zn{ObJJaxstLgIdNt0>1gJ z!~eA31UI$;`Aarf42p{vFP=Mh4%x8>Jhw4O;u&ZXNY)Hit#ug`1HmJMt1cz{YX!F{ z%|P;40+U`bMNAYXYNYR1Y%uYsc8>@G${45h{i1vZgi*W)TCHQu5*XAc%AZAitTiNh zfmV?#ol!Y7(&-Y}xfjV)BDWg;$9#^)$1&kupkO~WB6scGB?ZD@SkcD-*YbU>CMsQx z<#u%=?6Q>Z^{o^jGNCJcG#p~D?e{Ub$D;=+F)}4H?##&Ya@hD+@p++a%V$f&!%v#M6!qL{`v7b$Wi--EeoP486Aa?=2zRBjx<>1 zdX%Z$jr~u~0%5bPSq9T|_ZF$KD;Zkzic;;lu#|18o*UK zb}fh8GWQi94@goIi8=&vQrW&kM?_Y)WTdbX1wT1df=o3jX_`NIQjo2~nqpj_OiwjD zB}z}C*L+u#+&h%IDM{u974c7fjsr+4IH{Lp+LZiI|E#w3=D0&$(cM+91Fi0ke!G4< zV`U(0{LJ_zEAqrYVp+0F7R*fTvFogX!gqD6VyUJ|4iA$7X+T5~Z>wz)o`+2;rA-z3 z>vQpBP1@nDRYX#y+?~EvoJHc zAK$Vux7p1?I*wJg?V2uf2Nb~dwJ~O|$j9P$63n~C6i&w88DAsEjZ7w8d1Yw&|L6n* zmRM*ij+*!7#?fiP=9(IhCCA#GgytR$MZJ+S^3>E@Ok%HO0q zN}7>qw~Nc2KgeDu;kulzs}&5%Ff*CYKw!8-*@s=F-kSmhV;iSULQ;5|s`K6%z3qjp zBmIA*CXu(bse9g0prb%XfsO(l1rCe?@P(j(5Qo41@+$}w?BLa3uL4AZOIi=IVeHeK z+h+2XIkf>8>(uE}UwrX-0FD(<#MkQiZuj(^>ac;&ply2BTLP>0fYtoKi2T-qd2@L3 z`0>qSLk}N5`01yg|Mbs)f*z(>ojG$FK<(7YQ+My(?PXHUgh7FDWnvd;5x2e;7pfLe zy);EY-%gvFo<4o%%#|xwo<3dGtxujTTHVji%&?hntx|Nk@|P*i!v`~lym1p+Zf1Jw!ufNbfAN{VldXkwVPtRr^FRL?_!X#b4$O9Lwv|YY zla5&zj$P5yGo|*TD_^^28m3h zH!y`JDD;~13I_OAX<*<2Dy;s(7QeA!;*1`~CJ#BSfI;8~1YZV$0DH-_r}zPWc|D z!~93S?>?Od81^prgPZQoyw9 zh=?h;Dd$Af9%lZ@W<`z#GcY<*kfm(nim4E2sdG^#fm#7IPo@$4FGXY0c_GA;3HX*T zNVGYD{G_S2-1694?Vo`=DR~5Zvb4Oo>{$EIXn+fmr}gg3Li+D*y=mnus6tAR1I3J^ zJzpzHp3#c!+$CAR`G#yS1S#O?@h8bR>Srh`HsZ9CTGeiNGPYL;1;j{l)VUCan!aRTXl? zE@r<~y~xzP~7@OodMP81k& z$kz#xGy|j!wq4M-hH2zdru^#q#sGs?+0!|&BFL=kj!TPdDB*x6nzQ444)#Tqi5M?m z$i^t6LK`qGvgmdwMo>5=KC0u50^RL42?tBM_bR>d3Uzn9=1P=C+ZqRrbHYh)oPT>h zHZ~@#k0HG#qX3r6WcuR8*ohIu;W7XgLFvB4{)+{`dy)48ByKW9LG7k>sEUgrMtZW~ z1Jq-uMX0u5_}FMvTWc?3aHpBQ$9u}6=d_|-{cP9w$l@K6$}@}M8dfbixmGvr`Z0`` zPfb2_?Hy$Nj-NYz==kAd(tq}tpG|?W&@?Mevt5|=GVz)8BRw|O!o5UM{7sHEKbn;* z3^G{%9)4kNe%|xTpIv_N@Zrxt{lqoqufP5Z6y<1W8F1h5c0Ze)+#pdJP)jz|n4g=w za^=c}3m00U;&~GUsO6HAj!_A>xu~4yC5_RTG@#f8&5ANSrZRoTwzWn0!=~EnwJ^&-FK3-W__1Uwjy=I^=_gjO47{vznGbw zy?6H>__F?)oSM=F(=*dFOI2#G$ONgO-|pVKhu~P{v(GO5@sEEvefqQno~qGy6+rZsoiMpZ7U-UyI(?%(Y9SumXVTxpQYZ z9{%jJ&%XZZD`QGaPn|renZN)3JDEUEN+z+G!762d)Tn&?_=$lg=rJ7?$?*B-#(UZO zUu8BQjagfJ{P^+x`v%;75>=k_^YhFyBaup)d;KKm(V-AOhIF z#EZCk8l*->^@bQUNi`HpI;gf5JR%b0bbRc@_~?kAtR)buu7jC$_Zvjv^R|XgOcrUZR{aTKm?EjrbEWgIMd>9 za{ZYdMx=Lcf0`AvJGy@eyRECzjwoPd0McUtVJ2%cpsUI5_=};j6T|DrhcJK3ID;a% zd157&YWo64ip?prVteIqepp~zs%T)T@UQAl14#+e$kKXVA{U7?w+kHwItuI;1){gq zXGMWlbNb5=-LjNEJocYPg`-lRSZ{`dbRx&-h3&(wbQ(Vix|NluG)*gTI1t~3An{86 zMf|xT_;OY%r+1z?%rjwyGkpBTv6>h1Ns6q7`aF?>5>ko}SpXFI0d?hG|3)1x%&Kf- zL#bl=@20qc{Xq}&N_|+HSpY7?PY5pBEMd&e>XXG~$W+_YzTczVR8{HaWKia2F6=~+ zQ=(N`CaEehh4zpk5$W%4@6CJOta(8xvelF$IxlEB!WIJzlK&O@mp$@5=(Dr*uN1%6 zKRVFrUQ_ga@-tutlh@A-xfsL&hMHX&%RyuM%962lEMUaJR}Rm;imBeS=OkNX0AZ?b z5jm&b%0aowLj{&NYt=6OZLiJeZq)W0ge;D@8uS{YOi( z@m~{FVhG&SAwI4H*?c}aJUek>==td5knxp|RW%`7(n_HxSPTv=h5OCl_C~ACGAf^i zIMgaq#^1GXw&i=!taXvg`w&uY!JgdgL-wC&mf_*uQB}`df|}6j7T9|{W*J^5b1cSB zf4l6ijM)u`|1?p&m6$f1YL`dR$}pgOJJ9#XhevlVxa3n7It;ciJp5sp%m4%gUFDT$ zr5!jc^}T$o7WIx9r*yJ?8mI5xMjh9Ts+3w}FUr6B+lM73p26`9z@$3P^brH0Di{6x zt+lMgjoChi^v0#**A@dts9v3$o-icYYE7fW!dt0vAPEcvwNUcU&S91_O0}6tk%jCtGiK$cdz_gQxf(J5dO%je&Ua8y!6}kx|^=O zucJ(h@95LfXOIFNKMYc1>wQO`tuz^oIc)SXs|s0;#Jmv`tlFw1=onyudo!+SSDL2A zcqEvIv-rvhzO29o8`$nW3?OM?;j6E{;%W8vty`RO@yZF|)G(1-U)igeR^fhb6O(~3 ze*MkY>XX(L1`duBssf@SZQm|v6N~TK+H(*qpO1&KvXp?tnx2`NpI_kO(+=sjuOiOI z;_e{zZ3^4(zx{sq&fV|7`(DEf?8LZ#;=;uXfB3^6{_5LrVMZ;8dVTleg=YTgpa0A) zF0ZI

zP!CM16FYU8UFa0^sC6P2=Dk{{O4(YP1yEOJ3gFcH12^#-P>*`>y?UU-ObVPm%ceT8 z)n{)@4EwO3yaGJ-(5dpKg-E;nF>fT*p*dR&l(hr_Bk8$2h!FV* zHxXO}7n5(LZ^w3vO2&>Rf0`aTaEO~l2r&o0M)Vh-+SJ#|T*n9jruMM*UK9DQ&ZEHn z7yR-cJWH+6C}m+2%3B}ix=6!bPu4jZ_9*S51>q2a_S}p=e2`}{>=FyWqV5yj@F?sYU^I(jMyL*M?&@gdDH%RbPch09 z6IjZy2y%Yl%~W{`L=zTE(6QVXp``Djxr}iDyhW?)1G)@7m55sOFHuH!mK&suq# z-ex%U^QDG{V9qX+(oc$Vi2mF@JyF9M-8!qc+%CiCxw-71m(ahtF7hC(&dEZa6(qGF zXgL9^*(|LdJ@~w`bkaEi& z{=B>&a%udmG{*Og*Hr2bWKn12+a}i*H^iD!3uW{v!YcgTH^jRPaLaXK!O{NDBHuPTnKf%3sB`? zT|br_Zk|G7jfV?YIf91u_C0c_)2BFcdOm|?!_p@U;XkpGZJ3zxS@1}sf389CG|`6Q zuOl&QokP+YQvCQp@61Wg7iMO<-4lGbuH1iF#sW?S^OVSA9Ethc*z=IGw8UXJB3Yitg#5oEUpk!{i?s3YGRU zVv+4;BFV=3&+@{OYvPMa6{5kcjT{8iHXaBIF)Xj8WaU85#yF@}nib{0kj&U4Pux8k?CP6Spe#mNi z;9RbvKGPFu&^qioQJ(>J%y?pX7}Ms2b|Dn;m@0VN0y%0ZNQb)5#Ljt zehu#)^1k;*^{Cudesfa_PAgNVQ_#?5W~prJ-ay)-wEw+gg9dA|I^H=dX^$;dH6t(` z7h={br?^ELcy*Ze{G(IS7e!u6=C@n7nS(O~M@z!QfTF@e+Utc{N}aYU0=f_kqq6f5 zrt^?vGjAFe9eJ05)9T?5mKwqisbr1TZqo-0mB(*)_^BdU5ym{5I{2-1TvwNnLVNak z{H|ugSo*um*cCrg-Nx4DV(h$f+VH7jbL;dz`iPLH+x#Rb4hf6`pnM2OGcWOF&gD`o z1F39@Y#@x%l#No19gtF>Xu1=*is2A|M<=YxczCD(p?5ES=@xG=q1dd(Ge!&FRr@I>*yBDpW2 z``G|T0DAIp)Km23*y`Yt&Dte~EmkQShyQBxynmk0|K~^(R;9nI5Dd*lzpZ^j)-6`F zyeVjuMG-3|gkP)FLa1;$=p{OO8^RdgCHtkTGIp$|*#MN_i6JD6* zSr`cmDA4}2`Q;6FqzoykX*uapK9|>q+T71=1qvQew*6^y$6JT6X+gr)?VM6dB z8)wV*zpse<2c8uG)N0n;ze~>lDTX$iB5@qB;_~Ri?8|z9j|}7-h(Ko`4*LwS7pB^!ZUybJU^$jz<-AgXgg`0XEe(;V&fV0TJmkL414v(z)! z?S01mlY%~Pr~CRQ7>ntQw5jaW+F&uEU}EW86C9GM1780iu=4w5m1&4!{SE`2YmnBv zd)_79j~GNw>3Q&TNtlcp&sdo3Hca%7g=gf=HSQS?`wkZ7#C8w<=BNGRRoq;QNOrH# zbFTI8v?18A7(rqIZgZexj&G%{&0?(n{5QWDjV-ZHb;&j`jrT8eByKyuI-$Lzz96?7 z;hRApuPuSgRmV5i7I@H2-F;(a-{HUH^>ya>mg>yZb)|9op?XcwxwGN)_XhYc=osBF zG1dcJ+_&{QTtppo7xNo3%8%-U>Ysz4jAJFGGRH9J`W9?em%r+tI*R`>^kLs@K-QgX z31C@h4SZtdG<|PyTpAjV za-e~Nf&om<@Zz6`ZT}_Tb3MhGa>4^!CU0jf$EpZ~D7K#ADyZ|0`?PyA+d5JGW=b&Q z&`asji~#Jz4hXkkq!Y38>R_HGZ7)o>mjafh}}H;e_xN@ae5 z0-zA}_W0lvJt`aK-x7Pv;peh@`L5nxYRY>9n;uep7nAFty?Z~e;XP`R^QMFU0w&f0 zaONz6!>$sPE4!d^dvHIK^OsM*P+9y1^40+RgjnHal4UZpkdL)ftueb zz;P{5=1mjj4`gSi?gzSiOmj5>A)U4fVcR6=VZuw>Lsl}CNQtI@jkL9@kcE~@#n4c&r z#4UV!d)zM&$7(ZgT970@vK$go6q9q|L{p8r_cO|#&?|4Z2{!$lMn|k=r+zlCUJ9D^b}irkM*LkTBnn1#6p} zwlpn<$7;Py6q0^t=4cuHPNDIMh7)N{9>;*T%=rv-mj9B7^%EI~+A;P2BX4>r`ooY+ z|FJx>N9SLJ5?9X@C$5+}0$}wsd=K*2j3uJ5VDbw&$>Uk%Znh2SURl{< z+Z}-SdTru=N*Z^$- z+W~%YwLq%M@IVqd9=bU|`Luf^1$^}*jNxklX=%)3>bn_JFnrS588D^sc`Mu3=S^Km zn*ygU0OAr|xgj#YW1B**eX1OjefU70*~KHeEY}s~*3#zb_%yNl#?41pgE`dXEqm*B z1S{5&)$eP@#`=Bp$>5-KwYAS-V<1KV9ev@{S!$bp z@`dS6h8rgjKhdV#%p);2^%1^uB=E}Iv}v7EA&;+1ju$_+w(0He8Ij;K&up^H+pb6U zK8*2OIcR7C?gE;2|I+i_{5)l+x;5{d*#u1k}j6y;hz~5~Q zweElVYOw9}L*0Ph=j-iF$vK&Rz(g__Tad5^+r)6Ka8D*2q|RS-2{d7NPi2ydmsl718n-|bxgz&GF*^G^w%XO>q`;(PRxmy%w64Slb5pZTNh!Uj5)wx-zafAe^8@s6 zEIORsU^|DuK(I%@KvzMdIsZNJ1gvBo%Cm)#^OZ@^YTMuM@u2hJOZmZ>ZR9hP3BMF_ijjgq1Dpf5r0?0w zxavO01-##23ywk5HaIRg@;l3-bk;Ljh-?6 z{tMLc7@g3}3i!8XEL7DVa1ZHeqYsumtn;4sd09Ny=gnRmUsiYqy|*2A^tFEvk2hY8)#KOQvFJTz!qQC&yLgbI6M={pvLiIN(3j6h#W)r z4-a9CJr?ICyRfKs1wl8+Ndl~OT`R=0U6_hsk{+EiROVvrjESAo!dg4E%B0qAD<(92 z4D_Tw+{vs;8gl4*jR+dr4h5}YXvkhzilb#}TeARxjVx9_IXlEf8J9;@c)HjUOkA0YvAjy8Cf@DLVq_N_UHt*QFerH24To&alWF}Qr+)~* zYq>(=n!*-T@|;T1Z&A-ln3#+Kvcf+V4-QC$6a5)TD4o(oIX8h6Tq71F=XQVicj+O2SC^u)dPboo)84ne77BbEA zM6#J=vKFgLjhg(`FGFHE75F?g%BJdc7?fd?#<-UU8z%EvkGgIG4y+4u zkD;{IYqes&vOlK>*zHv{ztj*wc27wIZ^Ge_aZ0?lW@>D01iF1A@BwUb-zym1k- z)wHNLFmL@dvbS{rl&EiZc*wS`nzT`d}OnQ1_JC>ignAnN`LPf-Lj6!W7CdL2y=qkLV6^|nT;8aGRF@@>>?S_(T#eAtLbvW z=s;#ON+Q$UM;FD!bL&K+W{s(DGp-|D2S8+-C>**CnTTQ7mD08kp8vFGEVIe#F;OB> z_w;7e7dFA6Fkb1pUf(yHtsmuLq1@V3gp6Sv&oiXk+_OoprtR3xsuP1`gLzW#r@JJR z7mL%p3ylLWmu{daLp zHO-mVMm86Iilj`M@wk7nzfq<^Rm-i#NC;&k!f@au7#O1F8hVZ}7qdHXk{IkzW93&0 zz8MVD#KBPl(@`?aS6^GbIN{>iB@ncSWP~d%q;~>J$ZQ^BIU%T`6v%!&BboyUo^k-xr=J{a{$(Q|d&rd1cU5LCa3%Na%!X?Q4u=uSK z9ZYc)D0Xgt@47td5X-|rP zF*Tn>Xg33C?Xtv%PM-AUv%|Yd9208?JeD>gO9=}bDf&U1*k@mZPFB@GcAnf$JurQ? zS9;%T3e}~_Iewt5UI)Rz*irP4qBHtpgyC0DT=C{G_ zlg@7x-5*sq^<71uO4)&=E8XppCvSoFxK@C;oMZmbL1U7|I#M81VO3RCRdens*d)Sl z{Zm2h@DHAvewOIIY($x8M1G2w>=pZ0(kn8KSktEv6@(D+U?D_Rf$?G)oE`^`kw;uX z=&|O~Dz19@3N&=d<>IW7LFIIVAnuNjKBSze$Adb1?eqvbdi3QwDb zgIXi_d;JOQ@Z{Ex87Z&sHD^PfPsB;#fGvrn>%mFk7>Ul<&bVecPyIOOG+*XzD41Fws+){=h*}s32e>)G@B^H}CI>D-0ax~c35K2k z-;BEUZEH?Z&rPVxqA!8j#odtGr1a^>#DXz0l2D6NXrG%Xz@{fvQEW^UI>wLB4_AHo z(Cc!(q*irjMpszRq_{^dU9iF+;aSRsCo;oiC127#po6{!rrSkDJT{G&{O0*J{T;DM z#lzNCzbfWhK*jWTW75#z+Z(-2OeeY|e>_}XP;2!{XjUik0hZr3Ip2w?osTVJt2}M( zQcZVc`g( z9@Z6HEYmAlGYNG0U~At~aoYoNPDIwbP_eLJsqKW1!loo1F!2Rwf1#&40za&eEp%e0 z`X77xYur`Ee4j)(SXGD}>paUu23KzX%&y+WY$oC7I#FDqj00E&Dz~}GjLNl1=Py%- z_^BTr!)xcs@KWF(Ku&{n0t$e^erm=8l^HFpb+R; zeCc_mp7N&zYc5+2aq{Pg2dC~UO>Tdh)Bw!ERo`J1CTsWo@v5oC?$Gb2SB1r@GWg0C zQ#U=F^DEj9G#;3WoD&ER4@As(MBy>dR4`NYU2~@pw{Y9M@TXVsfltYogRoGxRbjzq zPaOw)s9V~8099ib@&cct`d7%>{Lw%Rf{CEiiK^oHoD`=95!Ccd49i>h#2F@RRux=r z7^zy|w_P;kU*J$nZ{~Df@cCROq%B9%JqBbMrx6|@`1BTUgdyHCNyWPHl5F~|r$!A! z{vMdU`6^PHp_7QCJN})%rQ59J6p|im9E|1y!k`kDnWsZn7*G^O_ap;d$c;R527Iw(}buX!}lZnh;tEe5`@U!2MOmntFJ5Uob61F*A$e=$dpihc7x0l%YaBVQ&4 zVZCC7x$E&saiw}4S)Zp9KUtUlxDjB&G{2Fo)Uu*~@q`gQ7|Rx=jl?R@7eqnMc&Hvx zHY3`fe_uNl#omAC-4(h8c+Z7_`K{I|(OAgLv!RLS7JU;Taiyy@<%+3gES ztxr^cgP{NX|DW+4ENcUJ`k6BHFOY*T5EMq&tcWfNm4U~Z;FH<_xGLA$#h69LsG*_G zbv#)1d}rUH)FSqxx?uL`As|O!X(2(8gJ!<~=GBRx$cPX+(=;4Gc}Z4BO&q1?yUWVf zc_a5y&Ij?bqa(2WP1u=Vpf>N&fw^5y0LyPd06Y+~8vO=fEpgEpNY&!$Kjzv%emG1g z6Vs=Efx1a-n-9QbGAw9slxs)fFI#dV|FWke%xmO8OvnKFDan=|ATROEhWP6t0NCg+ z=Lp76gDVdxClmmO6&S!RIY$40{lvk5YZo~l1BN*R9S5lYH>b+^r!$3Ce?Y4abv^8&+e`-9(!vyuq;{<_U7c@*8G1@m%h|yLQhRcr-91B%r&|CIY|6 zwqxLTIhAAzAaI>Jx;e3gfg~`uXEPI79Ye_dTpQ?4n4GY^ASzLxsYR0~8F%UOj;?8t`-6K8Ehw65J| zbgrsn;=H~wbvg3q;)$1Wq6rlk#TuQpH%itj{N{I67o=s>(DJMHGEH-y!UYMY(bCFG zW^Zy*V*`z^duEP)_dGy30hF4b2F;vN`EsIf*?#>a%@g5s?FzA)wULd+@8LWx*}_N; zc#>I73Tb1`-B?|2V?ly>=nFQI2~S7o9rTq7w12g0q)`h?xql_oYFKtVFCie;ZmLV^ z+}>yTys(U)=m-qwLqv#A*^13pltL8ZBDM${b@OA2bDbU!V?Re;H| zVkSYx8n0h~onr%HHVOdgXpBUIu?Mu);BG`^w6RQ3idX^TV|I+){0-V{8lrJ7oTt56 zf*^$c?i})X*WNZSz>TUr{_HTj`u#8Ei}ND;XlpcJ*AN2{frp_D614$nmEqMBy?sYY z5ncX%3JE|@3(a@-?}i@C&U9UNh|>k2Xx$Tk29ieqNr3qqj`C+r<-hxTINPT6FVNX< z1moilIRJt;azZcO$CPgOw6HooWKhx2& z7YOv8YqJl=xwIUXG%9dRuhq-#@^@5MIVxViVi&OVeK8d6)kpygg0Soa;9G*FN1F^y1?I)-k1*d9K$8Ikhn$S&q7T!pjs~tXf+Do!hVTcv-WygmGleGd z)g*HSJE3X8Jrx0NBB&*OKOO?c25E^G(FS_YRP_ z1-`1AfnG)VC0^&OUq5O05)sAEr}8ZnZ6>dcEgx7~bknRIDepU>Ac)Mgla zyn53IDyZ%V;ONxF-W4Mxi z!)vBcj3!Y1vqLTp_N-BcAb|4%DwrtV*_FwJ#H^q|HL_u2N1eBZyL3KR^mT=-ALVQ-k;0A_Yt?)NN6nyrot0=*Aczxr(3aNeM^*z_Q! z{Q_m)QVt=>H%@zzu4R@FYr6=KmRs9clADp^)0m+rDz5*W-2RW5+~dK2*R>+;=Bi!D znFbvSB+lw2ibM(~IfGK!x_zKIhl3@r&WHXcxQD(C063-pGBN{R!IS+_WcUVQ9( zq5v;U6r`(vh@yRRebkO!z?){vooq~L)aEF2MG8D@g!wZ^851O`OVZML`|cTAiPfeF z?lL!9J<<{6uXj@`I)X+7slr|_m$&_pRxhlRYRZ@JkeoAa@UN-2)8-(-5uSs4-M@F^ zi8GPyhJ16ADB-SP=vnSbn^oWcD8v*coP%*fh~Y{Fx`cU$we7Ko*Cqo>J%vUa&QDH> z^G&wBQGD}(6)+y`>+|W6jpMv(KOJFyGo>95qA5Cyd6)FPvZa3DNhm$hv~^Y_;oXR5 zsdxsC4?>t7;?~=$k&7Cwc%~#QXejoezeme{^r3{fQ{=$ z879*q>eF~E*@L(~510*3>O?F@i#Cn=o47ApyB?i=dFsVPN6Nf)$vC2F@#RBi!+2=~x&Ckz@~L*S-v|0c6ryvL#nq)hFHZ?j*}5CYI-H-Itn^ zT7U)-QC(2_QiwF%^7E{ihX7h|PGaPUldgMa*0wV_Ekp0+J!FN<8Sv}u^VsW3Pm{8K zf$mL++6OO;4!vdXAy~o^P~Z!!Z9y^04jR8QBQ)OUsxGODy=7uI~H5WO+`drGFJ1??`v=Op_ zhPqz|O@g{Qyoe6Xl9ZR|V=2UCV(r_NY`$@ANILf{*Px%RSLJl(r#9P((#49PwZn6X z9!_jKThCExWIQ1?UjJ;P7SN))QE|D@1kXu zeg?*1V}E}B1uB0K=zbQq$;PS*POjGyxPNQl9VjV3*mAQlT16qu62x`^B0~%U+*hLM zT*PU%Zin8kvxt^I&`|@JBAaSJZyO1b`$+V82M@L(jK`x(`?22;P=;(+T`_ zN=yZXH9X%IsbiRt9w-L#bz&xct1*&wy&fFHVOrNXQnDB4U!8tE?fVN}iA(L}$$U-* z*NXH7pFY=a!!~1p1JHy{!T5Fo{RBMtzZ4en(7M!f~<>l=dhfG z8jc)-i1&3AtxjP^LK2xXVA6}u!DbEoJ)0(@&8)7hibW4Co3}PVXfjC-Hw9x;hpmn&kg#@h%_}G>lx&A z{6h@ZUhN65=lMzaepgBUs> zF`R{LH@@dZGv}Itd8+N0qhC4W%1=HsyIG0?nKBG)-=lqEOC#`N!9!Y`KKd8vLDN|< zr$;tF(PN&Cn|#@n`Ro2-k?Q^Z;&Zyu*;87^t!$)PhjJ|TyxTbcH2d){&?#c&Lf1wXcAL>-GAU8nG!D#K zrchF~ZtU^Fyk_jU|9m@(i@1s8r1dEmU*&lCp|_DiciEsl${b-qdG7~{a!{)w!mxA9 z9B7a0~$A4-tqvNywRW9*7MOQxA0cIt07qz34xlWd5lRzxG=uU*ikpNtkohjmTp*{E{0_M{AjdFe3Up0$WeYm=Wkd55&gJqvJFm zCV0}-=9}EF9UIR;e!;&!^FnIHak}@1=Zz@$3)53DP^cJiNl>yJG#t#kQRUHO&?cdr zWonK;bSzl&c7NV0;QhV*OY(Dy=B8A>q0*O9@48hO7u0Qlnk++9$R&G@h}4ZJXCd5{ zO>1f{#KnBgJ)H%bZFy8KqvT6Iize$+ayo89qB&@CN_CSEd5BwPSE~nohh#_%ac6KGtC$;%$PP+r{<5M1sqnu z42XvxN9kU=6uR1Mg`KY*Q)amju2>6@*T3DvZ8SmDvQ4~5OMSuN1WDap(;|jsj6mQq zF=u1J-0n6@W%;gWsWl!}Ii4n|#|6rN{7~qb7ynVc5W!ODmVK7eNDeNApLH!$Zj$*t zmT@2B^H8nrY}vRJLE2y7S`76AN%4gEri)D4AMVtZ_A-gD=&pJ zRig@LYT~WkSY$gd?8hZ6@ulfh)}xs?sBJZ9T-xVqR1;hlbX;1&Y}zMrm}ocbYi7;a zeC(9or^@Qr5VExB17pQUjEFjs2*8a6hQHoz2K{c(mOx$d$Ry~4mMY{YrNW$fM(N4h z5IPx!vEkNiKmI1C5k87asjGJasjBJ@K0>9G3`P?wz(5uf$n9rw$>tHDq9@;l<3I`{J&iZR_a%yuCAa= z^$z(&f!SRjP#e2J{~F-|I1;EV%#pZNk|<(nXaoQ|q$tdTNnE>L6tUPs^1r{n$r{;> zKAr>c084pr@Xif#U9xcZ-Ge&;97yJSsEO=f$V)!a-te*Q? zd{Q&zy`FFUytF#5xwfgPa`?gWh(F&#b#-;jkL;i~27)*BnY0=%P?_ImH&Um`zz_WP zl|?6DST=1tgvF|bxl<11MMpfV89cGUudXCN`-ytw^w8U~%%J-5p^)2MLRGm5#HzFK!YBT$LA(bG#z1rQxfzJ-=MCTHs>9smMq~Lv7qFk=6t7w|~@c^$KLx${A z0m(~1l=P1V!@YiXH*TqFCd)uka|pRI?| zhkiv>L`LB@Ic)ITaSQdMB`N~O9~hvu4}Sc7`0k|x=g#P5$TG-Nu=b)unV3v3Oc`rY zU|9<7{~4;PJ;|2{oq4u8yjlg|K)pme(hyLXNrk+SX1i*08Ax0kq>zN9U2~rNzQce0 z|KFeBWSL05K|sgvnpn0qvk`*}CTG?|#nP5Nzvf7gSl)0)3mcu?`S|^g_fzfXkKfR2 zm@h)0#H6?I!1fHwC)%bzR>wkRsv2W;95<;arJSy`B=xCFi!!U87h|>*9HgUfgGEDh z8VOr<_%@v0`%FqvzI9t+OGsW&&X`A#p`GRzW7#JkcfYdIf$kqn5*y|>6XUQ7NsqT9 z$R|pnF}t=D7KJ_I)uq@Sk6>cK&d}Kgy%YGTXOd!p+C}IpS3s^YkUe{BWQ}dudA@LR zNyahh*1v`H&lUi{C=e!b!YxDH**HI7w)KauEntT!DO9N|@ZY_-{(tWI!`R6tl)OgY zd5qB7G4IfZ-)qkY5?2zoM6>cmb1k)Ezs6p-t%xQ3EID9$c{2fFizuDa3wbcN5lZR8U!0ZI1dwo`_Fr7or&v5g)}Ok59+2}@d)qRZ;5 zUFe^yKr@)$h63RKUm&Cy;Phh-s1hTmUD5`7^DS}%3Wsg{s$;twHNX0#qV?k)ADbjwH!f1aliPc#ah$?lghzj|+w^A_#gR zY=1p25FV3{Uk3OR$hmGH2WAvZIQ1xT2e>hpk43?!et~3>c!^_!0ZvQcPT-3W0QV2d zGk359JytRJyVE#LFSQNaUFiRwWA5eO{Y^BS+v|bup0-%4e%|p06c9tda;_h#(=^bY zF#?PU{_E?ambJ~XU}pG&etO%n{IFcLr{+Dr(yd(fvr8+z+2)aOXOYCtdQBn-9GgC=ZckRIKUXc#8#A@togeZZ-;Hk|}zJGeps|v-dZzEDP z#GF&qK+pMj1=*FtJsNXT0wxx;!C2@;KMVcaJ3;OAP9Y-h&{@S#~0lw?e`M}n_81Th?vd!s?5S8Y4bJ2RRT zQ%HT}(`r>V6oYZZL*SlBgiR(8aX!mps#rFb|iV!fF5LuP;C8y5F^R>dsw%T2D^ zPrFsH+|Z9n8z1fl1qJbh;ZirtO_=ml_BP6|)G}IJW>jf8twF!!-zM5}=@Zx94ChG3 z_lP99Ped8~*R|dj8^0sfb!1eMmt^Gdrlr`1f(L)c>FyVNH91tIg|j}XsXdbfK%j7f zd?kd{ly`M*k_FpjGi5h4fKrCKjL0c1_LE+7gwAv=hI9uPmEmG7?;tLau1$9+#LGQs zmL#)$BBsx)Z>U+jAA_Hg3~VYJ1BCrNLFaoouTk%$+}UKddQCTTG)X&26No?!m`@#Yhs4kbGxeIP(AxQgf5 zAmL!d+xw6Gho`R|g=TT*j9(mfW6w;V{(Ajn^6NMA)IKnSo5rsrlHyB4L7_t*r`v$+ zh$@Q$ZMQR(?Ff~7??wb)cBhMp#gCs1Ch54sxPF1$y#VV!e08HJBp+*Hpg+i(72?A= zcxl`MpHo-e5dV%{^4ziQGM@!4yUgyH*wAkgNg{xMn*i3}b1zc^Tcjqljo}C%|BkPC zEe{W!_6D2s*Ddovp<;#`Mk3VL5$o-9<$)W+03Fz5A|R|kRWs5YC;{*Kvq@2?Ko z+4jo~-V~iuYW{ple$=G+mB6L(S45?KIZ6hC2It|$1Gp%Zvs~{qRqfx}+S+!k@eZU* zl!?iUSFG(Txm{6v?jpL#HTU%alUPfrY-k^fHdNK!;%K}b#$tdhn(P!!JmOofth+#M zXpk~%*cYql4Gx%o<9N0K8HqZ1EJPL_gkpJ#p6{ks9{U>JPZm`WPc_t6>s2n<`7$xj zb6*5RPs6q1XZ9oD<3`XxR46-H8;?pLUnGFrCbj=B_P#T$sV!|gh>D7cbg5B6iZtm6 zNNjX50s>N_A_CGZlmHYBO`&H8)uf|Y7vY-~>!3HJZER|KM`)JIh$8xmIm zgc1TOcMkHM^qTb9XkkNqPq*DE$o7gqHw71o7i_OzY2vM}#)*)_w~wMb5L_B&bY)WM zgY?Qi(XYTV$}Qhjv-?{B=ckfY?RN(u{9!|tf^d#={9t~0G0s^? z+2KK+vA)MOrVM!6wpXX?(AESU==Cy!-LE`ZU_)05rTT&@5T!;7lS0{~+mhjC-C6z8 z>->5i^@g{6Y;eY=Cw85aIB?O_#@8Fdi~w}A*17ja1pi;su$@`djM=m zl{!ALNY_dp?vjDWr31x1-2H5ITu;SkvSe<*kNa|*@HpOY?Xb`&0Vus#)%4-)2{xh~ zdVyvvM=j4j+=|-GaQ8X)VXze22qFPI3}2j2RUbAnAxAoqcDLW-vodh7b9PM3PmKyF z&aIld-TLs0Wa-FY-;yhl6Qk6GWp+$|J%%ExMzg_v zl#Ru#m{$T$8iEbrMNj5epWjr;DceFdh#PG_Qvl`@5GHjS8owI@?AfRot!^BMfx zzy9}EB?7yU3!q`uV<<{|7Pr~VhO2CfxBnoMRwkBP@QpJ_&7oJ8*^s` z_L+$pV|dP5hwftW4ZXLE@yf=$BGGTX%2oGg@4Rt$PqStsJTg1D$++IsJnBX&y)tHh zH;ab$fvkOQ?RuH0lcXlXW!;2I8vHs>qO|4$oi3j_j|~6U>e%h8;ZP>N$yeXFK?&gv2N==#_h@)J`h8D4vs{i5#?{ zL0)&JMQ4x=#&^ZMNJqMDxvyPW#{gY^d+niMu50g23K^pwh>@A}H)Vq{g)*g?$T`_a zD6fW*SQN_CCDo;WzqC~Qo}tugsmmO1cSdu@4;oyJEkzCq32~BGIdfDS(@Q_JY5ILt z&*LujUVO14xi)Npvwd_ zs$f_Ybl}o589Seq%I|*^e+RV8mPktK1K*zx%61av((b&UxJ!Rxm;dMAzjC?$smB9t zgz^Ib>xXeTg$xkE^G%4{;w>%GGF^W&95z1=qj3nL?Z$D`NC`|dW>y}CAUe>sd-3yw zKrb%c2V5E=5ZiU+C-p<7ejz3RaGoavR*$t37MM#SV%E3W#xPro@bJ;~IzUJ7Mk$e( z5xv$Npx5OBj0}G|#=5!CO~+#vUxD?IlCkzS{V%dsjFbn3peMnFj>Ez$4Yzei$h#@yrkxs42Rp9deBB4F{;pg--HS6emAz4=nOA-L zJ8xHM(ek3NILKVd9Q1d2Q?y#4-6P?rcNbec%8GG;ea#)mhFvFS2WoiR`Q%!|5_aX) zt0=SH5xWt(c)RwP-PcP6r-J>Z5%pB#)}6044s^EgGwGZ)O?W(cQ0H*a=l=DCZ6VZI z5^Dqars^~mk~Qv5uI-gJcW;f#mfIUV3YI?YensgA7yJ@MKa9wY%~=?VUq7+x#_~1W zIr}EX$`E?aT3gUW@1?)A7T4DNw(%EaYXhPvyCyc&mYZ}lm!OK$au^rK<$JszkU)2^ zyp6XBQs3El%roL_X8nSo&yK2nauo%QUnyK#=xgXswUE?pS+YVcY`2EOM4o$HAMBuK zYelp}gXOc{#_ZR#6#sIo$VV=ueDcWIW{&GbgSfzk&c5<{)f0w@+dE&*&kz2D?lD57p+!2WTHBZC zU7Cty=U2#V;1v>3#WUzs(B|~qMk$JtmX)J5ebeW(OVc48!?FoS$)ZAzc9aIOKSq-q zJ?IPcm4L&rv#kiR94WJG)H&XpKj8Bs&^ZKg+-u9sA>zv9%B1~}u)Q@wO9n1CM3YUg zlA%Q?phpw#inOyq9>dDGx9c{Axxd68Bd6=a8?cjeI?ydq|Swl`N;Mc&hYMmYht@#psKV zc;qP2ww?r8AOcD%jYI+V#y*SD%S6+LyplKX&Kt2C6gdg6d?AkI2*h<&=>xnCM%-9! zP|MFC!Y5>2jCU|0W<{lS>eTXjl9D!(j0KJjvC4(`oryUxV|C9#y4Gc7`D^T$c}O0{ z$vv_?r6UYWKj`m%Uir+rMd~8jh2#CUHSg@m~TpSmMad)+90NObi z7L~wtr!^b1<;E1HH!7EOTY|)&ia(Utni%1Hr)*l#ti)#SwcG!L7Wy{TzUvq*x{8Gy z*+ds4#o+Ui_y*%Ij@W^bV^w}L&)+9!I?1G$UapltFXCyfsVrUxsj0d|Le#?pf$D`w zng&^E`wTMImYk5K!DFnItM{toTK-8-jvA%Pl2*RP>VnfNf@L+=Z_lS^`Cob(J2W7< z%DRzFPR+UHjoDKi%Q>$pOpL7=<(LgM>0gKM--=Wj$iHeKoj08#;>0fd41Hc=1dv)$lQ6T_!Kn z$PUpY!S#ZT#k*-INonE4)mpyN7!CauovfJ>oVQo!k@z#5sDjG^1sk|V_kAccvMed+ z!Uu9J36wKQ;V6X(K})}+g3hA7p3GKI*6NrRw>S~yE|J*cbA?R&LD#DMKlw{gO})3z z(`(b@`Zervqqlss>ss^7K1yF~bdq{>g}XqTXz0n!*&KgP?VG?3{cj-)z1xy*GIr~j zI@`nDl@^3H$p$rb^()TGW|ZJu-3oykPrg=OdyPQT5FI-!&sEt4U{I?=WUA?4LCpGw zBAsl$37#fa zE_6+mBnkQe=f3_O!jHU5nbt1qiMna1?W}sU)S>K4&9mv4E{7VImd8T|s*@YO*49mP z_FP-1h}^8fn&KptpmluEsE~#ZYxI$_@M0QIL()APLE94#hOPKd4nVr5mo$v^L8r#2 zkB407J(`k%tOJ^@bub|fqj4<2Y5fnVbh#<+P8(_8HuDy`TA4PYa@WY4<;k%f8K{T_ z>kZ#8-Y{cvTn9fal#*7kEsfIo4D|FZD#`a>R^GcM#EB1C#F};ww3tm^Y4hhC%ye+9 z-6_GQb$8D|wQL;Kja)nt8;u2vd`$;4RjyaYwbFFLnR)m+#hG_9#02y*_CCP7gthSQ zPq!*Q{$AtV{f?u-7injw=S{h`lE;@L%KMuPSvQ=Ch>&&lRD%w|;hKDMh!yV$4|j@y zYR?ge=!8H6*{2yA+))mn>B&7Gm4`S$nVos#YiLsksIc`#N_@c3{(z=oU$Y0kMw<-Eh~7{9msZ z6_o0sl6P${Io_~1q5mYXFztY;{=+j$^OI~*g?#&NPg}PFXatS*nR2*jz+lm6jZ2vS zvT_QxA>Nn&=0zC^IKHuUjO4W2kZMENDS6ZINnKVaGB-Hhu$@_g2lc2WlqFZW|mxedsti}Di?B{s*Jr%jBWBa zAtXkR+vqfC3K{Y&_6r-AZ@ZM+6Q3LoZLc0osQKD7vNP(n*!-=nrm?iwV~aB92&{Wh znk0B|Ix@uvSDYuE7flY6Xf7YkwBN&yFFPg80X7o&tKP+Oc#7*;UOXx@d*WcgPDA z*q&Ae)&L70<}sLBopDymK3hP~Igh29LWyzYAbMaDp3Elp9m1tU)w2co@i{dNc_;o8 zY~1~fe*rT`os^KkdlMlO5f5Fz#fnMj{!JbtN6up82^_j zvG^K2e>f^AXc3VNCTc3Vn;t~TrtdZcQ@r0$O8u$(y@|pl z+3dvY=sdNHmSTQ`ep^1!Qcm-67*&)G*cs31ufYTG2t)F~)Vfc=DXeo?GOr3?SX=rV zZfYRN;hdQ1y6yh0|I**+^o-sHjYDxdbQJ6ZCT{zV78A0Zff7(42*GAX7$~n)=Mp ztexCO8@XHVdAO_-L90Fo2U=yOg_pwjJI^^&xQVRysi%njHNGkVC<$h(Sv9VwW@cfF z?>ElNy&q(}_r6vAs(rXpzmaW>U&EoH!G!CUMlmgtlA8dlP4;yDm|f4cf~&`ej3|)z{WI#SxQa;vz8|Ks`}~t}3u*j!zG*~CrA{73FY>#aRZmsrq*wW5IuR7rb$|2FTHRl1haM7Usl1G^poTc*QZo;MBKe~5t&%^x~R^MB`x41Qx ziA@hMw{QVMYM^Khr5_^8>XMRz0WF5PgWV}5q3<B=*Gm)eu<9 zcr?v4^*5HobGI)ct?KA|d+Ge5k0zLhk7?k!XM(SFhrG2tX1wvpaAhz@bA$OIytNL} zJZfTOfNhpS`-1)&BhtBs(V~RVrco}cMmL(nX+Sy2^ZJ12v-J<(mWoexmG6}?%z5Ky z$MUqyLgncGa@ugDArl~*R^tc6#+hPWG$f(nXd&w9B*Pw0X)|W>)%Tw#y03bcc^9J$ z?gX^g9Nlkmc2T|M+-3sjz2I0t?IMf;gKOIEVmOr@^dpcWTF9Mu#1<`xm|Dx}>UpQ) zR%f6t?%lmb@R&AmJ(i&L-*!&K$@t#G1q1*()iTFMj{;I4?@NSC z@*AyFRau#~x)l?lm)_kGIo8P9Jd|;8FGF}uBWt^graY~*(lGlgS=NvYPeL|-~EYORj z%@E=4kq!iLDBfx|>E6)O@j3qRpyMxgGV-)Vu@#r@hKmDq3*O|7;iH<9Dw@*vcG3A} z%a;N@4pF7EZO(c1Yg-7%TUER)*}?MZb!osGy{*Rw4QSh10+cIKXm>JHhX&UAo6mM* z9%yor?d?hD>IOVEnd*F3=K4}xUc28DzHszI$Zd->6|WZK$k@knhlGc_3E7QMA@rva zVX{BT%D4*%LmIpsZK$ec+m(>{==HXSjGam45s2Q=*Qz2cU-pk)?mYLbwy74us;M@Q zhtN44%UKs;gz!pkMR6C6Q&}TlFO+`-ZPzzSj(6`_co6OWAY6~NM!IG$<9RWy3Uf2J z^@;1@K2HUa6)DF9(I^H7Re>ibPAYA7hndLEm7qRA=HQfNGA7!*tY%sf5!{#uce|1Of11ueT$g2cYD zTuWyLuJu%nUYBbT(mab^<@QrpuYkRLdNN!ONX=(d>+BArQuQ#nS6LmCz^#TBU&V~< zCoC0`n8sP7J*3rZVkdIv^%hZLnV%jF%-$Z5%1v~{-@Wm;C0BPj86|*W4Yyj>{BX0e_;6-;#wE7O2IG-ygAY|{Jn1psz{_Qt zmIS-WDu9wAlO|+2$t8myiB*xiMjnlwb_l%E`0Ukao6iy5bT4Ge39r&8IeG~J%>w?{ z2zd?@{vC}7&KbJcXO9YasB($d^7C77;pLRM*$3!b2GEpxanTEpIQ_g{8E*p&+2~xV z+X8#RYIYz>Yg>PW%+sVYqDssUzc!xB|LhD(%--Fze1LLjLiF>HYMSAT$t^u;4z|sB zne0wF#~hSx9TA!$^MZ8mLSbj6jiQXFI{)6CCB$Zt+o@MHGNccgT@|b?I4sAgH1qg! z>Fs@ghhUH``1xPD&ucPv&}>kM{T6UDuAa*|zeuX5Mh?U8`ll5iDrooPheW;SHFf557#yaZu8-E53=rh1|al~=9 z5#blfxq#!pZBo(W?#X!F!}*+W>$g}1+A-bx*pKRvDa~wN;ho#b$M&C>>~8Fg?zx#% zpD;4(Jp18|4{xz0dxpj_3yY7^3nQs2+4+NMDg?}6H4FCuj2FpcN$-tOvIG&)jYy5{NuG&3ECMQ?<~jJ75o^A4wX+*ytdxA0k*N>2<)7H2FNU@ zvj>BZ%o^xAGX8vkJ2*Eu7{yuOf+dP`yfmqQ(f!3C*J)r7Jsr1`ORMUJtfe)<`=wFjI zs2{jS?<+6wDk}0Sd-g#5;nmDI`J9tdO~~4yo*S2#z7(0aK?}FYXPkV-StJP{JHk;V z^3QB|_O5*}&E~mgekZuLO|d$={mbz)liY_Su~{CLeY11_HSHMN|+_JMx;~0Z+l9=e)&Q!_OYarI> z5o>~Gi zn*gNdq(Avzr3?O@mG)oXVDN;7d5*PX8c&~6?&;`L!NI*fXHV<%got|XXV@7Pb6bb& z8@@2R-rsK=U+XH_NEeM6kUqO%RTSsSmJxaoF5(>QeOJ?zcPmzD26hm%5}qch(C#mT z>2a=q%6wrfo!;+_Wmc?+eL&fWwIjStoL_ir)5LfoU+j*I!9ep+OIcLGM0b|Irg=hF zgMG2RL?gRN><2MdY02Eo%}#1;+NXPbPh9*}Uwt&XlNe{-N9y-1okPFtMC`!S0;p#f zK)hb$){Sn?0SxqEE~eI(X|awq!o#W3YTRa@KZ_ExSvB+O>Bo)yI9O4|A2pHBYV9gBen%TMi#s@9I1)bdtENOY#oX+&k-gx~mVv zHfw2c+^J3D+Kuwl4M!Dr%LOzsdM)fUzzHx{|Fd1MlxVlvDet=59d1e7 zrEgStua&uM-QWAg^hzMl;d}4>mm(lr{RC_<%K0_Q5Kv;4`DdL8n>|ujyF3bQ#HK40)u;n<50bPhqz=>TwPoN3TW@ZWBA+p%@P1&{Q zES7(xFa3Wt5d7zSey0=gH}41a3@sZ!S&6KmSG@qsBrij1@{X3&Q}qtVcG7z9L?4*Ie0kbYN(?-0Yj-mPK8-+uQQ(VQB! z>P`WQ3MCn{g`=C+P%_L6ETZTzRP#?O9Ruyqz;{T~8`ydq=Hcr(W(0XXl>Q#K!gUJs zw2+)kQ!W8lmkAcIOFu8_|6Q+{+VI5~YTR}Qg;ogC+4+@5ya^tF8C$}efMyRa@kRf) zXkR2efND|?-QvX&acv+Suo0{KbzFR5HQ?jN(|{w-+qNWnwB>5V8YT#YGE)sOOxIFn zX?(>BWQ(s!m=8clo}Jq9H3j&|nozF(<1G-CxN)ZXy&6hKoh*$dN7X{T?<9o7FRB+% z1J>JYR8Ll2d4?2Vaj~)2j;L_RF+#}BVz^O8&K~b>$t1nySZ%b^9dzH83b+cg7QNa2 zje)EvzUWl95W>zdI1^KWVAzcR+}!5`SlB|F{Dq4<+KW^C%|>5%MM&17l~5RBQ_aoK zYq@O-rX*-sC0y~XBZWKMeIs?S5Mm-3pr4a@E$NP!#^er0ws^yt*u$H*B&T6PqeVAk zN$~oC(f}pQ0cTC%Z58d7ROnc~V8GdJ(LAWx>GrYSfc^cxwgCA$UZxo4dTfbitn0YH za~%+6s$>EZF=kb~3D5hK5UiF`8_KJV3Lw)fk7KU1!ijyl-^>{${%){bm3zPt|^S}i11 zQRKQr`(mQ;0s>S1=%fQ*UJfo?70XpE<9Xxa{&uM%#CuCUIx~Tc#LbFtz$N}dkMDInSz1^8%7lk_) zv!*ZYwl~o+->Pv$k=S2{-#3R=A_cGcdc|f|_w$&udl^-mGA4Ro=i;)?yh+op*zk2{u9&*b(YZ{l^CQl?`?>B^9=t36{GoX1TkGwZ z2+}eK^+uc6f&DUI&mO+ z3=?jsg<=t#vP$m3$t&u%dEu;Dx!EP=euqO-#{rVR#|<-m>rUnB>=2 z=G9zZ7G!-YRW|>ubI(=Y|Lc+Da~ZKWjrZjCGX8FL{P!;4*o})DR4r}IVL)G z>rFg6;^Eov>ALHD>WHh5XK9Moz~#nv&_;8lUH8yQ#XCs}@2uGdLv})pn-5B?O(@~m#3^7AdqAuxo zD&8%yzWYjd(jm{$=rk{40C1%{cmciO>r2Na5rfx|!%Ck*nF1AJivOdt{8MN9Kc3(G zbF_&{l9)EqK$8k-e3?QC1-+c(xWT#KCDWU%3?LQuM$kXNXfjMS$Y44FPIX>!2m}@* zv@7V-KchwHFe)QxQh||^zC&z^L6eG=`LyTXe$%@Kv7*q1pWmbp#J=pn4By6#(XJS2 zaZ!$}9{DK+W?HiYEFqz{AP-lfpUr+HjhX0!Ql{|Dm)GfcJH{Q>2EKsdj{~Xd|43gD zRGHojGF+Wy*!%|Ix17VZ^3g8R0GdA;JA&z7#L`0%iAu8sO-2&@AO<)<)Z&%Fcz9s< z|1v5+JSUmJ$8(Sd^g3k(Maj8cvXjmVT3;^{lV~9>__bR-9R!D)HuQA^s=+GkrX$du zgU<$}|AQRI9a6IQ1rLGH`sTO2y~i*_NZZ zuKY<}ebvpXTx~oK_a?uty4S`=jPiMWhs3CLEX@koZcTP;-&i)Rvf#09kr{bS6zFB7eDUq2QIc3KkBQ+9ZE zKXCf#%`$u#5E2FwR3wsBeK)eM5zVQ$?w5zZ1teR_->ImdhI}enY0UouaTC5%J$>I& z;)Mm40oh$Uz#0m><{q_KB|xGj)r%{Qau3XT`-Whz(Xj5^FJv;ZnZx={EIm;-4f!P6 zRiQn^M~U13M~YA0R=|Augjq{DPPq=acko&p9fBW~2V3XWiIh2W(EoU!o~u!mf^=;` zJX4Ho;|=qhqwhOL#KhF;N6GeM7_K=qZ=VuPWzjtC!29i+;bK?~j6K%TaL_K!44!bh z{(e)5<3^a2cf#uOq8{ny_81lTR$??zg zS04;jlpgSF`VQG$rH;flP+}?w(CB_TSC>qRf@?1@xGEE1>IZp(91Dk3UJwZ^qN#OPAI zWr+d-Ixw$A9(3MT9Y#iucQnxWC>>^MP6fo5;h9$F9DEeuoB`*2trq2he8S^vx6ke$ z*Un=Hu$kUkK=rW(L@5TeRQuLLvPU4xThSc8F}KI39*qX4*DnjPV}BpcrHqn_(=_&br1UJ*jhK- z=iWE=z31b{_4pK3c`py}GoGx@0TQ$J?)Ra5N?$7BB<4D{(OaF`Z&RCP+@!uG9-E0z zb+TK92<)hS7sIgQCFzSV_5{5rO_c0IlH9N+SKJ}0ER-5MmFJ}+6Q>Q|I^Xd;l{d*g zRDf-bcDvxT-IQRdwX))Uu^PQg)-sem-0eJwaeHR2 z+v9-nL9+>du_H6zsOIla)+Y)$Xu@X z2+5xKyym(rVz~ZJT^39R21k?WM&|ALGmKq8s#fj>Q?aIMz1BQ_oivzok`Hakuy%x60~& z;F*fFJj-_DF|XD2M*&uj?P~o))q(Po%~ev=J%H8J*w|h-j=q23UHQF=0fVVl_d5)a z_-hRrn+}@~sE97UIW5A@Aarh=H2@>%<{9}KB}nQvCQgNx$zU_{gPoC5d7pRbYSnjb zy<24DADueYqS52n)#E3CrE;n@nN`xB-AJi*Kib}E+vVn|r`fUbJkdbHc#%ivaze)4 z%!6mg)^U<#{1_~JV7g{77aM^o%6~v-=ua=veh=Csj9XjY>)p@}Z9$64b5u$)LXYoW z0_gZ1Vh2I29&Q2;`a8(EAwIWsbTl-z+{%I zoG->0Y3K>-aX$RWz%ZW3t!L-LexQ$6Kp;jkgqXBYNMx-}i485r>_zI2Ui?5T+Vobl zsW<1*)}5*fKk{r+T5kJ{W9Ma`k(-}T6?!N2onKwqf>+ZulL+1*{yQVWE?og6%GT#| zeWh^&>}NmDx{6<#+;R5Cw`KuxrKwRaJi(WY-7v$GUyxYGM}pFk4%S49wH4C*Os8vA z$6dDx7WeC=@h#K2lR0Wl6>j|TJW3S1Oq3Ye=fxP0#H*{%W+4 zki@eIQ}Kl?Hd9@VAX_%O?LG95B|J$gaW(t{Dh98p-xO2~(t0u3d?Fn_I(V7G<@VG#4q$x`Vl zH@DgL2>kfK*PVAnw|JkGq~A}x-t=0eZ}`UW@JCSm{uPG1%Lm`ku_adiLpON#yy-00 z6adIzlWB9K8$h)PoU4w9Sivf$7PcjB38#S>GOJO%(SU*zW9jMsXL9w=ESTG$LtJVSOjd%T15RQ3RY#KF)P}Y zfHZ%-5hMVacYBuuVJlica^&k((cq0crqI9l3G-apEwEP$`og!Jrkm*6(2Z&Okgq?` zACjB<6`K8X_6z-k?T@DL2hkFaFjkT7H!_Rv>#kPj-UckP`az34kG9U;du#Y{$KmZy z@XrDQzNV;t2|bwe6>hRP83nZ{NC01WO(6yIor{~Uncs8_z6YPLUm#e#Co|R=~-?tP=^;3Lb z-SVvmpU0p3mVEGG&Rws`n6f6&-?Se}dNg`4rIn`JxfbVBnmynpn^aMPdNZLhUZg2O z7OS^aASVzcvCKe~sV=FU<>iZ$#sx!jnl>|6Y;|2Tcj+Gt-XEpibx|Jqob?=$ryfqe zIIxZ(93nwO(e+19_P^1r7hCnlyrxYoe=VJwjc%Q{jYOzY>|`QkeIFui+p#a6=xXf0j(5t2-|Ljynos*VHlN?3Xl<5=a{?~vQsbfqnY8c-_I z-@p$4jQYXOqd~Raf~6V&n#KT-Rm#g2|;`mBEPUHy~`$ z4sJdCsr+Q5$Q1*jh%14^q=)-2e30*ulMW;WimMA4dfnRpAwCUjD(1J_ROoE< zZ>#b(B9?)i9R>rMzXU`o7?N^$$gczQyKSoJ-<9RJ9EgR5fQjRqML)KMEmQ>5vFx?# zpLXvcfAnkfRH`+o=KOLogQfJxTDEb&>8t%Gu|e!%M)8xz7)8hqS0JpE)x>-htG#<5 zo#FTyC^5=$BG$;^AS}=K9atz4G(6ZLP4mD^UIVB-X0hoNK#(ScUj00c>6#8! zq;s9xa_FM$`pJB%{xP+*Vx?+VV<(Zb_v;5wygbnaOgl0k1?q{Z*TWc#PPq-%bqzSH zH74aDZ+5!46z5tc@N}K#l&}hsD7iG0xTPbqAp&*5$&iyt(kMvEMQpayJ!h~}93~U} zGAXO(Xl?g9NSC_)*qb|zdxq)-+;)=UAyDEr!8VjgnKtQtUWxBhdgj!LTQ@YmcB-fL z$b$>Prk9O6PtOME?JHZGBXxw1axPO1#|`1tX(vA4044-Qt;l7=t@Z=Rbdn zcoA@&D@4=ybjy*zZ9&M7K>8Q|cuBLLNQjVIom!lK_@nUi4EfLN|G)7!A7@=W1&kRc z8b;UGS?P}&5T(7pTY#2?Kx*2&gs1spDAufjBxYJImfSztu?zTQQ{GYoek8TO{Lt9Q z0N518kYwo<&M=Bw39fzaZ@oud4#ZD7q+ zrtv3&;U&wzkR|4+->~%^v&BCWap7OX`hPP&M$`4Tz%J$4HlSv;KtXYU8-&pg;H8|q zYf((&X@|imwPAwME?_WbH4ptVB)>&=`=6R;P@y1*zb43T@BfOK>3xl@ZU0n3n@b`m zO`$)5_&1L2{>K>}Tygo%6xk4u>E7b)FD}x;hZPIUOox2MJC4O(m4|0(>Bl{=o?1vU zvr)VE`q;i(iwlW)DQo7*Nbd=;IvCfSWaf;B9p9Othy`?=gE?A@MIKQY$*Rwx=+7yrKBx^lh-!-*1`SoCYK8_$+e{I6IPF0j0?U37^zu#k?{<#-S&cb!)^{%3dHp7R_Qj6c7K3A1GYW$_cWjsJp9CwV&L$d9k zz|?+V9gj|YCi>_=iA==TR`KNVZKY2oO)@#pm*lu-R8?`7FMEr?NlW}L%KbAe$ote@ zK685Gl;o>L@kuQGtmi84F)WZ{6gs{a_o(s+khcOVH6u?og~*Y$d>zqLrI+j}qJ@Mn z#!Jf!T2C@nl;1~%AKl4PJr=Y3P6~w{v0Q6sDy|=`D^c_H>+r1-r#zG1EzMUG^#nn^ z#=MiNZBCwF*PNE{xmXoU9Xy-Hjs@ROzKGe>f)cxDfvQ>dIEK!FrF9~7JFWbkLF_mU z7((julqv-}*n*sVwN*jq^M}nmrosW{bq_rH;y}_G3#S}|ae)5Yr{5t<5ftqR&Eor@ zwH8Bt7TQa~u6~DrD5cXj`qxL$p(;`^of1Eq6dp`}hj^HGDH^T6VWoj%PA+KTqP|1G z|7;!Cbo<=_V1(>$dN>^5$5b)cc6wD@dTicR%nW!e#jdTR9H>8z*J8Bl{hI@rMj{4m zWU{Zo2xe4+NH4Sx>QwRW-99kKiR@{_`L39vG|4|-uL57)1Z;Yft{?kHOAv!)dKFgh zlvuYBLALUHts2vA<$tqpcqky!TZ+MJ67VqYCtUUv88h$ZYDV@~qdCZ-8GxyUtg4Y+ z;*uXFuYHDhXV634!$Ok6q8Zzk^)82C8|HzZygyYgIJvdz@KfXt z&L3ZlMh|FFmwkAhOAG;CaA}M6;W!E!E9HP=5c@O%JfI z{KKWx**|rGj^OuR8t#5N5mWp^3u2F{U!_08kSI8J*Ed!^sVoJnH=GW5ue+6PT&VWLBH2m(Wt9ti}s+JI}!$) z2dI=91orQCwGHiW`=xK~Dp@~0NhQ~)<_&y|rJs`r8@{{f9*|$|^RHKZs}m3te!0)F zf4;|-ML<;Zm;0RY%jD_H<77zqbpp-&I(gP}f0}@Q@E7Mc+X%6HufB}bmtieRf~Ox^ah-|ZP3_4U7!<#@Va#;T{(cIjm{lkfXzLkby8n3 zs{gxOb?y82ebRR9&C+2~Jl{s2rk%=Z`ZdOb9j@3jfMjH{)tC2|Y~l}@jQ?ZH&mohc zdG4uWcU(~YZ22ndnw4w0zpe(+aGE`qhRR;gv;4P7gHB|=?>m~t@5Md%a=0j(%&&d% z)~`1>eU*OJ3~GU2pWZ$<)1d`L~Pg|Uf?6rYh$bDxI$YX8YW zY`I$h@MH7$4@shS@%@Qn(yv=i%9t(kWObKTrVI-Qo%l%nGIuNSxJHZmQXgJ4whc?Z z%D+qz90$0D9cIN4N~~5HT~lxP4haPEO_M1!(ex@D{pct+<}-q>2TGxb8kltzF;KF= zwiNN7s9!!`_;H zF1Lb{4KqfX5wNeJhnS$N>t?^Xd?m_Juw}v*OaB0NP0!|8u3`S_;u%x_X~u5VfqrQB zHa!%HCtex-VbA!R(aHF$S;P9%q-hLSDofX0z2zltO{I=q&-^*LMc*A>*L?ani=~JE zbHU5t-kVdc1NU7&aLU0nPyF;GL${cRF#RI`PJt`^eV=IJmB&_$dl?GxOu`zbza)-Y zu~hUZrvE(XuyQv0r>;y_;1L*BPfYj-TT*TOsFhQz)aSP8H*h&269;|+G0a3wEA&MdZjOa^IRepUzI_ ztT$0~^Z`-guaA3o7U4Bdugat+o8L*QtX4lEF!8cjQJ{MXerLklcI9++hq{lVX#rsl3yy>DrSt)pogl@rid z-vX^a?GXLgCHm7&(N^BJF*3=dhkguB*qXd!mvL^#8E*91)%y6#Cv?&Xk7mR!^yB_d z7(x0@IEfuuX-G)63$+N5+yD8KSJOSdX(yJT60P==gb)T{F49w<#BtJBldPaVy_a2c z32WO6i>>H_+9My1<3?FI|o!$E<2X3pUHMuX5t zdr;=Yjx+sAH=Sgr?oT9YZ+9tG;ts6NS&NSQJwmXNoj0t=39skw)Qs;r()s3Gtg?5S z#85Uy`lxrSuiNoc^J@mDKd&wCpDD529Ur1@u*Z1M$=L`-r_)T1n%ZOpamy zV682B;NY#kTWuA2F58mx(=Rrvq(}$Mqw6~Bt{vCT(vlpJR!m4K?n|j~`i47ai$8^N zW91@8p6*8rU2!gN3ImkkoQieBUWG>^X!~#} z=##ggMGm2!G^TnylZQX7QByEPVywSXR^#)PVe2HO))fBtHKxqiWXxBn!mX@BJ&(5gzv1d#^RuTyq}OO?NI2#P6Jo zotcwZJbs^!Ebl`-W?kM~_waA(_;S0BDf0lHBkwpUeYOWV{IC8wIh+}#*Y>9<$aj{y zf023u&S5=L$j>3exH;@aWy;VK$1MkK(VP*QDx+<=to=EW=qC37f|m zD>wzCATjpkz^}ls#G6KQ2Vy>^E)cTENRplH(=l!k##bC`x~Y3v%qxh7&}PV#yp5KE%9dp{AFDsPcFu9&S9rssqh!MIJ>3x3_?SmQLZ|tzWleplVZ{v~_@RRSFO4mtnc1ET2BaYEEP)$rG zc?y1ID&i{YGI1cijFc9?vTYs2co9I`B-zwDMz3G5eEI85D4;MgoG$BX9ae#n z>U<2!j^#SLGY*&0D+O*EbGuKehQv48L8U{+OLD2xl|vqrUuBV(URLJw#VveJ{#lD& zNuR|HEVG03^$ig9|QxIM)~od|Qq8#8qKMY^FHPc3$+>=#8Y3&`BqKgbi)qqG$5 zPmdLV141OLm4SFT7nr6;H3KCfek*_cja? z7de4Lvx9PAIlZbOa|%lrkso64?YqTc`FptTDDaeh;gdnQ~a~*gucDq9=rv;5-+gIt5|R zQO|qeWhV7sZ3(W*On-x-9sebaa#Fj+$`YU{RjX*sgbZ70Ix6wUUjL3#;6m8pk~wEg zJ|#JbtzI?ib5@eox@=Js@fFKO&4riXt1H|fqD{!9&xH4Jrg`Whbv%@!yk;;6W0rq%j}nS$=Fv4 zNNhME;Y_ua$9yajsen8&3vc=HRCnl96KLqNb?wQc4QH?y2@Ip1mfmZ!S@&OZYgKyp z{;Vn`ljEi-+583VStU;Mkxu8%XaT+ka928+89DVypVN{a+S%w`t(4FStYJedZv6u? zH1xAqU35VIoJo(Q-Io*D2;C*Cvcc76{8;27HvXK=zjF1?Q$MPAi}LgS)%@RR!|`o4 zrt0Zk1q{FpG5si=)P&1l(TC|Q%OtAyW2>Yw93@okzqKXrim=QXBwjrkhG-pYUQT9- z`GOK!M$giM1k`vE#W~advsvFheQ+a7d=0ouQu(&4aQcen5R)8Mr%u=JC|pllZ`kls zG-SxCt)qYR=LiI4M~Y93d>EOsshp^2Wa)chOEoU9css{fSoKY={|Tedgvu31S-Kg? z5Xen*8^Q<$`BShONe6`C)6?30@pVkdJbU8&!)3$DR%<)GN?Wmm-Q91Rh|9b*tC{yh zU(u%^2V$@gR2b$@!MQrp9H*+-j+G;=cSKf9mz6DGW)7)8$~73VDon?z@X6`C!L9hU zP#}sl=mS%=!M(tMk|^9Fg>r&Ap5?aoIv){31++*)M#yCs@9I()1M2!KZ~Z@vxV$H1Hpkat}@Xj~rNl<5MMIp#P|o z9uA!askz3kE$Umcvtb8O~g=yss?o# zQ0E6~evY4+w2dKbGu?yue;XQ0UT}K&Jtfwt-h7P-Nxg1yi85#p&JTE#((xb{hz~G7 zidKCTA3%^(u=ROe*3UMe(<~%gJ)s+Xe~>TFE)FKMG~|d1yMsPj_y;7`BZ6!mptuva zC#BMOnb2E3m#6ix{*_M84Bg#{SC3gmB17W>O*3x)iQjs%v_lPMtQpHP$3cicst#7u zFMqo3#4m#*@X~+s+l7{m`9Tou(RQxw7Wv-Pa1voierbLf-TrhnwSg}w!t%y2qhQkS zyC2YfxPLD!@h^O`|1W$R{wHMin_s{x`S#dxkB>+_u>9vlwr z!Fam+Jc*-%(@x#iM_kTM-%=2ZOSx%$dJD8OA zOToYW_bdIcAtJFb_vhWLVfb7~iYxcPiusit9fuZ3#J#P*rRq;!vsO2|!t65>XE`i? zd>8x={4KE+D!V*HW201?ZrC@o1`6q8SRH_31-h3;&*_6v_PFTabc~BT>rDn@cCyZVA+)-vgN|5lc z!K!RePkGH{GZ=c3T4w6V?!_hq-@q%Z$9UGi^{CWWW>G(Ek(z$G=V?ZdHn%>c3ZrJO3w!bV?|S`g|m z=0Hs>??0CXsYwI<8nm$RFpj!PAkcQfb}K`(8Fw(et4vN3{glpq`R?My8yi0BlfVSQ zml=t;JNirJ0+-X&nZ>*AGMoE%i||d1KMmC`Q%7c(lw(72G}Miz2t{Nh0!Uq!Nov*T zt>fPw#CK@)TUwdBPpyBJ;NIQaxi_eA=lNL;clz_Ycl9YCeCxJncL8)HiO?ItIHjOW z#3qKgSA3ExZNao<{sZzkHR5!Lnd>8Gu8W&nfh#TzGLd6DUTOvs)g{RT{X zjCCAMA=2R?^~_sq1EaG{712uuuw4_zvLAmrCb3@M1c7e^&}%SlNNegXQR!)s0>><> zrc9)FD}Zf5cy15!MSn?5F27oCNjNH8R0pL~bQTCC;t^!Xu$vRBjp;bsrG#1-Owl6M zxry0^GShQ1nHS33nnLzIzmKeEs^~|AB=8iRN52!v2n(%3bJ}kG*1?sPEe^Qw*Nhf? zkvH^S(|Q^HsqDqUOc%c!#pXK+yp*TapQ2xNaTst))|ainWFG7~zg3Q{ZLBDcR&$co zdAgS6h1WHs85uUX#KoF1Ge|%uAlTaxt}8NRTP58`&8<{vP45;JtF5NU!wp#Uy)8s~ zD(-n@FBgP=AUm{RUjc`uVcvKI6O;wez>W6@)FHLal$1H2<1QP15~eCd4k@=8*8iwWYS$rU^@GNA zSRVD9r0R1hnq@QRcU)a~fVVG9%=^1y$`$)J4{elp$a){7+3}q&^|(xxPt+-@TjA;J z`e^O4Q@wqpBx}5dn&tL>aw^rX%wVLoAJi@dXbLp_<#=U3NX4IplHL?ZkfhQR?Ydfn zlfy#1ORev3nlgt_<*wQrNqvrEzN5;-ttU**xeoc=ngop82EKyQ;d=4s{67RZbC+(C zsFMkuXw%8|*cL-WZ@JaP)ufBp%gUWU$K5bLIG$Gx=Ntg%;@dg#P|h89?1P#JeNfgNI17^6BE7d?A?N#{{k=K85OGbH1E)B#)f0;B zwZsiia>mcvkZ^h()HZQrpg=9{bU=WNWLusH(_5aPYi^j63^saaw|L7XiXAUj+C`Rr zNttYT99IW+7!nXnFa$|{z*Z)8C$ipLKlzT*tj25hff@K1@5igi_!Z0QnjlFo=P);F`b*6x>ZXXLTz-G@UTW5}ll%M{BRe>tz9T%p2aL6Db!vbyA&VrsvYtq=iuGQbeBi4pJp8SIn}<7iH4F1a zS0eMS++dv?iJ^nUJAh_8jEpa!n9AyDjg0l$eKgrb=F0x-=faXq9^LIMR25fxrtU?- zG%YU3@7qbBdgxSNC*Kz6gQ}iZSyq>TvR~e{G`i|0xtjJhh^e+n)G~{?|0As&zw8@` zwHP7_3nO)=?zek`rdEA7KNAeUM+`B%d8P|NF(p z54Hvs$cN!dyw>AtA2h}YFBsLnCI|DT&a)U?0yj&i4(graNKzy_To7o}A^Ika+z*H_$xQlKK=ooN#_j^Yzogug4a&83Q(9x(0| ztWT!2KJ8kpuGS<76H-j5>;F>C+RXO&$WrG|S zgxmmTg%h~^z0(ari&6psiiuieEw5q17b|n5E#Y<&mr!)*H;(yFt9OMjbv^eJ1w9Q1 zA*azvCqCdH2{ZN@aIoD2r}(ZH)A)z>_QZaZL~}#Z@3pK#h|xQb_cw{PhcB#{Q)l1wb8nmJOH_>J12pPrzvL)@Pz6$lEIl zlUX~mO9tT)Y>jPaOCR}MX=Ar!pKL&&CSwRSfD=CedW{h4K_BLol3D<5+?faJMVxxR zs-D>8=!<`0p#1rrZjUBq^fU!|&G|4^f#jNY#{14wK>oQ>5l2V3=bCt-9g=YHDK;3w z?IfuwoT+E#MzQ2pON$R~z;{r0{eD}v9In!2A7pl8$NQ!7x`FdOX)B>CiVrtLseR~C zXS4hLzVQfV7;lkhgmN<}7n!?TeMm29V>kQNGnT6MitO3>eNL@511)^ASv*tye3j=|0&<>85l6Tl@Jdf>h;n^WJXHKk6Y$>_ z3071jjXwBgVqMf>cu3C^=UH66FH24S8>Wul_7AN%-k}su7o)jp#uf8V+X$HFe{=*v z;C;nd6U=wG+?nOKGsHV2W8Wy!^)~T)nP16f^IIHmLxufJ#ZQ4y7s^tfFXS(%$y#0D zZeCb1lo5blt|LQ}^#q1%_x-f*uin~r_StPLn@D8gujNtnjAnfCK_Fr;1l2{cZ7Z=V z0Zmv`1*`~YCP025cN~cuFedg7Bzo8OH(G|sg}=!-3Z=9`pt=VcTn+caQ(ut zet3&x6pc6ZS%fsH4-63-VmWTM+CeBwGj4ou&N6L5DnE1O-mAB1S4?E*!6Si_&Ok5) z5`I|+*@;8*B9nW52ges7WqSoW@imt8;-B$BjO-PWxi&L2YG+OS>OY5Nkza-SI+@S; zQAQIm3PQf`IV&wA%jR*8syBYR-z9*3A)4DI-dRIJNbqx}!Mr9H1gt20k^n?MTnr$s zARwLnXl4L6p*xA{&xc+1E1#>5&>pFO@RRFg=M?Uhp2z3I_x{w^=wrdpyG?B$V{6_P zaII!?tQCit+=d2;vXKS<1$jF72PAp+I5iMTJmWB*9b&2c>2zQqqAWWc zVN#gl90!5gm?F4r{-d=bP1z%-@UH!rmxnas{fAca)$GR^>Z&{=9Zx;%WKXEx7>g&| zDR|(u8b24u1&M?Fj!Od45UFrD@Su|!CWjvaU^d|^c6Qv2Uv<34XG(KSrqB?hU5L(LjEm}dV0ab0k@CfCtk4;jD0 z{$Q@_6Qb?oK_U1gHm$>z-bI_7v)|SuM#|@mf}~Y-9Y-GD(94W#du`(3+up9Jo~Zu~kj>4Ru?NbKhGa$zu4(He7LCx!H%OE;3JpPlmpm$vwoZAkZzbq=o;+dXx0b>hl& zwMMUnazV2~sNMNkXx34RgmfN&ci_o>FFK*MG2(LClqRTL-dZ=4Ic|xGP4Vwl@I$?( zE3M>PF%VrR(}d?0W1)a6-Zw!&xnXoq8mr>|*rWA@-^kUtR?F8SUGx5qp91~Y^aKT6 ze&Mmp{{nX%$RxLR_VF4@aoz-cSqCaTb6*5!c|)TZAeBv8hrhnwdYzPS=ZVhhK14ynG`-LcD=6z$X!*JB-~ba{AF`NaGA4E>wb zLg*b+1oI5aA4q%)$Rmh{^VzMP$<-(;&S!yNO&?mcjZyRpi7rm2ru57@Mi2{zzQlNY4t1w zUx8v?UU2Q7=-;S)=_>UpIe1BKEaKKeOzPLCZ}=WzZ6{GSq&BedjR{1gV8u!N*qXQY zgDy&SD~A*KXf;DMJo$-y-Ts{nPSd#M`qlS{R}{NE5*z$JGAWB{q@&IfWPn{>w*ddB zQ&ZYFans#@wyck|AEMiG>Fo_`FJGzm$l(CoR2QQFGJPO|dD1v(HG0E*G$^@-$8*kv zQaNr~=;8}88fEHpCN_c~-7+MsjQ!_vpD!!0WC^5}fSy_xN^|M^ae2~B?>uUJa?G?J zec&>^l4Sh6;j^s4=5wv(7*LDrK2TQe5g`Ytyh9dCAXwcH58Ecr3_0@Y;=&~IYv*>R z6GAHf%m{+DA@26x1I7xsy5#oTXn|kGJjlqdCwl#ttG9XD@{$uYR-pAyB^#$3*6nW- zz6f&g3f-sQea^)^GOO^{(L@IclCcSp69mejc1JQS8eI#DZ_P5F`kFI$Wn#Hm^K;8% z$0Ze!dver*PTZdkJY|yLHvl_)Cl{bL@TA>ACPte`Kqh_urOlt;CBDfs`=y?|u=H7x*P;X8&9N!NZA;?L^>nAg_DicElVxo+`}ulfj*xSh?l4zDo`umdULMbTUHN-uj5z&IgILL?9oH+r;Re+u)X(_Sh z%&-ikHetpNCFC6G>yE;|;j?(>hM4HDT(+cdr;9ypLyMCgzGOexoz&n*g;oPqrV}vz zbBggmwax0lys%Vp75KbVob8^0v?l!4>l2%h%X|d!kSC&DXo0Ox7A)5$Tw>~qe%-pf zwn}2~fY98hv6BRqt_L3lAM*(l^ z5;LU*KVs-E@^y-*qUC(bGd9tRlWU5vGh0V`1=1}_>5Qz1mM>EU;UaEyL#B4J!!S3k5TTD+*s zG=7yS?+y7g8uq~FcjjL^auR(Jq7G+wCsC&0#-&8TbM0B?Obqk#%@L=JvxKH3CRmI4 z7Xjnf63&hZKF>l%p3k1ylRA6;I1OM~NyFuw$)KFhSn+pBMKa3ZOpezjiBh#JGA|7c zt}h?VX?Z>G5~H4ZVKtx{pNLgN$&aB_NHRFANQ~|Hp<30ArhG1U;#|!$<=(hBw|_v8 zyB7tS=H<2vnr611qdZ9asb_jFh1(NIUQI9pz5izf9{x)N?q_Pkvx>1-M$c7Iw@5Nk z?dnDD2ex_yDc?RT0Rf(OxDU1o)zJouTRN%f2@ATA>AQHyisuAO05MLg}1+eU< z>0vTTeli6_b^B{BD{11R)So1soDz=H&o2Yep4QlrXcT-(zgb3dcIM+#p^4$!*&GKh zYe9S|^dE&(y4lBu@cVqWC1c&7NTcJg3PF z9BxT~^aNJ~ClE7$xD+_TiY(sPeUdtP9BrT^>BKy*|E|acLS6y!D^MA%d;Blg?8#i8 zJ1HHcTrnM{(*sV{dEMZ-QB!l?Yf=)+zICi-Tn&x8t?iH7~YbwHaLhtgC) z;Y%sO1nPoFsTThvT{hC-FUWx{G#M_4f&*F5-Vp(hjsEYg*bKi)_mKJ-Jt-o;BiPg=y1Ym>+~X z&)vv)5iS2S^JX07YIw{_sxy$>`@}ebht&&o8}#g@X{L!P|~he;?5(qY0JNns4#R<5!Zsr+f7s%>dFROQ)KCLyr5Yr&OG~A(Ge0@pxhrt zNi6f06xldPeZ|$)HNCT!DmAG%An4>Ahm{F$z*5L*HUtI6bWn3d&;E1yR?<@Pxd4!5 zk0E*2#g7krhI`Old5XDTdG(?ti@E)W9441c(t+(&a#^63?t`#hkJ4!w-yPl%vV&Fre4G>72xB?oYWlV{BQ+jf{#XE$1 z-Mdf;srKOC){K5Ze4=7IPA*-iu`x~%u)J!}LG=~^BcSLaDzXBlO2QVS9yGYIdgiLH zDtUT`NX&7t*m6CfR8tzimx8%l_8uFC=l48{C1QGg0ejVrq?N{&l>Q*F|DaG&6n#T9 z-_-j{+AX|h^+jryNQRx1=Zr04b=i9`dlD}moh}X1N7S8>YR03DHSkljHqRS%wGR8{ z3C46}S9{(`x~{`mwD@TT{6N1}_!W{Ry7q^_b+@vqvujnxrHl793+{&)LgnTuA(THa zM3@e6cMU_Rn@t_)Nml(>S-3Q@v*#ZW$YOu#R>b8~i*Mg6B_#rmBqVMPvBjQShVsTP zbP4evv=<~3K>T-+mc*ER&JVmbC(v6NjPmxW@=tO+q)q-2zlR+W=2%W$483%Tyw67z z1|d6?Vkc22ooSJ_SIVFM8cD_qk-U^^B(pO;1h~*fao-ivcG7<#*C>X6K3s?+givPQ ze7@v+ZNBKeuI^*xl_-v+6IVMRkEEoLx=2q9Ur#vaC!UvtRQ9iT^mj~nRC-?&pVs_J zUMb$i!nL4bMpbt3(pWI3xNGI|3 zD4(kk850so!JR9+*A&B9)@MhCa!isQFgs-~&IhGEvQSeI@*9CnUB>4}66$);3~o>s zP&#P3>1kMqD@WPNVBim_=$cW<(e5i`*RrMa$%K8pV!+@ZL9DbJAKtqu^0}g@!+L4&mrCJ>! zaIF-JdAId;R_&u1g-jNooSx_>K8&QXnl%%6OeVzObNan$b%CeLRmqXSZIt`UwQ8q{ zT5riur-3{Lbmj)WG~zYnEPEGNi?g~Pk{#}{A8^!Ep&S7Nd?!_B63mG)*$ZX zTKyS^FCB);Y8c}d6>L4YA;|EW+Yhrn3jw#10yJ@nwJ9>~H{uz}uvjCu@pWKWRoVMY z{NjP(Tiu>72Yn1*m>UJv6NOiuK9EM@;Np>P9udOh=VAjZ`4_lA*@+K>MK%i}r6xES z&VB9i&h_fmg4Y9@ViXH*b?8pld_%l(0!$I42?}f*Rn2%G|eGaV9)6MYf)Aj$d})vIM!2!p{diW-Q44$8RF1Kp^6CQ+DQJlHHGf3R`?$^-+tWGDLM40I^`ht1h9Dkp|#3 zOYbpIj+27vRU`i7s?C_zMRV0WG|(MOosoQe`wb~YmipT-t4~J=cKEeTEIa8qcC7(y zhi454(6=`>Hsy|gtq)@;4WR0s>!C5rhzp^hfj|nXAAW1{P0_drvs%WG^imv2-swp} z)(T-m)bFFeu4FI2JNdrL#4yASTP2$il2(ce57R-Vy4Rk$0;Mnu{5}OTn~~A|3ICr( zbjfDtgSh=ut(|*5q3h2%bY8dE7w!%c)~GtBRy5L#!J9l+G}VC}lVkd{{YRFXCDPf= zWiIpXk{nm9!Ht2dQR*y7CneTXaN)CC02&XaM6&kD0miq9sU5G{JM6^jHrhHmw8aH& zuokIoj`hR$VxITKi2Yy7YF`|2r5Axi$UIKEHCECIZ%XSbq? z-jm%&SJaiaG}pI$Y{Yne#3wGQ1-j_I{$_BGu1`!7N%@BErzS^5-Kz-RGjM0)BU5uX z;!sXyXoeY^AAa}eHZQpOyta9(!`e<_u<2!PU_*=&L)QsLSTIQTs}&Fy~F>XPPJ-Z<}E8*<@iH&2i&;bX`Y12-sQ$vo3)lq zv6*aP3#w!lGELB*0|Fi!P!hcDR1?X%vVg&bNA^Eg_}J9aMr^|6u(w~MpHHgt629@q zkjt-~??yLO+EU)AFU)`>ijV9w^6YV-oSFi=Cb2s^0tY{)`@;hQ!Xlw>GIsOU?xiA8 z0Uz~M=)j=S&_TujM@wa{oOmvR5&^OB5qe;x-sZic3I z&fd7h3t=CG{GLq$3S>A@!QamL>`_nNlc;LSQXC?Rd{-X5Ptv!$gLx5W~*4q|OQ*BKfi$6U!5My`@BHOtV;OGH07&$UA=koo;60iqk z%xUA1tF{$96*n$nn5UOI?VaH$%=Vx>d)VMUb2MWu%96yG1d~}-H?|~N=1JGoiX}-% zxD|y(JLl@$Tw`Lf1e*^qRQq!=iZQXe=S|*r1jZg?c0lUPl)#0ubHe9a(hD4P?+7*^ zU0TGkL2b7vKH!X1Ac3ETQd^hU;aAU$N83YJpp4UQ=_PKQ=hr40PlDoGFmJY)?<~V; zFL2{6&HCzlQ6*GiQQ^ja>F57nP^bR=&rAjCNbj)gncamHQvan@_J1#IN7knWI;QH@ zfYOCazolCp$3MRME4Ay^?!25EKJES>(9v-rP1|8HvRVv>ok^33^I9a!vrh6!s@c|2SR9M+=mjFPr9 z2Zh8GhcQ)4l4g4JA5J`^2u@du7WZf*CW8j()8C78c`rAcfhzd7zgRyrDQxgJ<{t^r zguX!&Ti|>s`)|@sj41^&IflgD4g$SKPqyXp!)q%E>C&DvD~Ty73&9ffrOw`~Q1ebw zdQ3Yv$+s8EQ5Y%FvI}b z-HW`Fab)|h_?agAy$57nkYKhg$cgk)zp4ffkuJde?TlW+Lsc}|tBE)7kCszl%*bRh z(*Svng$QnRBklDbgYuaxsB5J{{CVEZGjN{l@%tu?U~`JLH;)dNaIDUy!mO+=LYCPm zbp~ksmex=Mbf8SV36V_h*?7ZHjSn@V79aX9YuUF93(w^o4%WSBw;{!JFEO{f*C9jj zRw*vTrI^OBO-aYGUq7U6y%9S*7Hc0{;;zZjzQ@aI3I3we#{95gBRc>)wm4|~lM7j3 zbHm^RCTry`#yhNZq@t{&N5@mr!+bFF`qQ4FOxo*fiH`=m6~CgG(|fcDci%5j_ID8l z$1H;6^J1KXA~jYIP(NE*k|);Y+W43eZiZ~;xY6O{E3&;3kk5K8Ff(mRjxk9kQmJX( z!Yz|`@F+h`ma%`@#a3ON%vd?3FHVE0X&(Yi;aC8@?%#Y%4-1xzqeEpB6LTa~+etd2 zFE7c8Spfqk0WVLtz&Lj8dotDA0Uuhy^zFxP9;H(uS*_Y9nkYPdZz$DoG2aq?{rw(G z^Ov{~!E9H)Y{k*9gj5PVHO@{Zp@92!UAr7{yZ86Yh4bQyP1^hS`8S9=P}SgSV|s}w4zr`e^#?A zqtQ^^BS$ku&nGEeD)c5Bcad8BwoGj|A)W3_37Dw{M*2doPJs0mQ=`4~@$GMP*Yo_3 z9#=mUdM24NmJbL%U?0B7ex#_a-p(oa%E!sT?2PCxY19#g) z-){5N#qP9Q)y{o=>tKz(vW_3Po2G9{BwSHRdEE_JQ&;UL*b8hdFQvi-kf(i5YRl_> zw3>U^23J)%#Q3Sd@4T;h;6-`jIGqx8_kxOu*6H=!&$VTI7c991Q=%E2G@%lJjP-k< z{8V!RrA@34tD^_PdV6*4wVi~mIDg)KlS**MTn+;WEL#dxw=~mrY2g5KR3$4 z`Pt;OczVet{R(@EA@2%oBUq-#}US>cIg z8Od;9Q5=Z$JTj(OlzPGORxFp+uIfk5@wgVZ1?2J~F9lRqod~ZlSfs5;QI;#M$J`5| zE8k*dzj8&lNXX<}34|<)`u$(;BCCx@ZKU|FB{r0K_2v>=yOVUx@}KMHhKB0Y#?e2p zm3;K+@V#{!^szs4-)&v>r1;1&RWS;Ds%O6d4RI+og8$5!2_I7K^^u2=B zBz20NZP;z^*9NcdiWXc4&M&*qruP~1pu)$5JeTN^<~``?W{e~cSKWRJp5W~Dnb$2~ zt$x<8g&CwwjRzW-mSkv`kaJr*Gd+n`8`tA|jH|zyln^EUE=7!@5L^*RL@=O-x9VPE z@lcKIV@wlJR>gIYaVq6rw_bevvh?HS=u!g;$q(g_HhFSA(k`O|x)9jzjifvmLupN% zU%n524bEJ(9PVBvtz_!gmSix#NiwzGPfajsS&i96*T3VgS#G%`nkqcqJ@q7Rwzr7; zhaMPJ{AV(N3*MI-sdU`8U$-4WAISowTaf5X-4AG7GQWd_SEj_L)P*S@!r);^;fG)A zy7p6_L?*QRR@l$G*-phdjSaU2*T_e@*?xv{(nURYP#pFfRQXY@H+{%9svW?p<;OF` zn{xdIU1?Yh$U%F3e(4U(l_Z3x?yrHXaNhjx{C?us>owi`dwmS%qZM^ofxbzIOXpYZd+{Ub5i*kX_Z7awSul<5=fe#&eM0vY z9=~sWp5|}ICCpbT)>#^8Lj46HfVx>AN{oMY#=PQLTz{rFDY0fR%gHGob`+Sq}!bou!8BY+Eg4#6Ohgv&`;XTGbYBCbxb!iXw3UMQnx`%5G)LnvQVj44YK}?Vig6QH z{nb;?_Y2BA{0yZ3bh>@LIyq9dlrMjqc=FLQ(bpMcfeF2tU;B_j`$&>PTAL#M<9amj zt6b0$$$H)~qsv8TUVvU7V#2NqStgr}f?omx2)@xFi((TX-H>+RI+v&Jek z`!<%f{X=8^p0~o_Ey0e3z8s3LW*2`lJJaYrl)JYBGb};T0~7cO(uD(0Z~6Y#h%CSI ztz+i)N?5D&g^L-pioS~tD*kdQPH)$!cW%dpA*IcSKBkJ?iJRTxatWoTZc!Jb*f5@1 z{Jw7v)&V1U*!P3kS!Aa}?!J*tj&r8Uj;tcM}ov4z_;R+l=H`&JFRlsb#|f7)nj5{=I{g^u%=WD$laB$KTt57)#^!0aS`li9;Dzl z{C0NzC@j2u)3zX^vfZqam(z*C1Ndy!v zWky*(921!o@_xU$Rnz=i{{^SZC0^RbH_IziWSyEDnCLZF+pF<=pS(e#Gppy1!(ztY z7BVKBb8an>EAl_F&ccPjrAfyLyX*C;WrsEMUa;x8z~E2BYD?17H}o?UYxFTm>o66P z@hxI}m%8!tdUFmFu>N_;bW~_8dr`L_EP3kX17vfh<;{i*!=c@{5b6C<)n{{Eu69{G z+%IoS#_AHwE2wK3%OI$Q;xh)4AaNj0awN6s9}q^Pw{Az4IZCQ7JvErwEB8M?;miD@ zrA|ZMvUCZYw&+Drw1<#5!4?m*57f}e&L*$#iA%4xaAGLckNIt89j`_&azdLkLmYOn z!UcnQQ&gbv9M?VC`hOhk;r$S#=+0Ep)-0lTJKxE+IZOi0x^+DJqxrcbK8^H3m+Q#~ zLEjR(D9<;4-c*-PMhGB#jpNqsu1U8W*7RUx`3!0GnQtW+la0QqYpJUgD`d=7%$LWZ zDNrI+$j`mD-`k&%c%2lptK@P%HCbJ8cchX3Xz^hoI@*}L-45~XoDImsBc8Qu5!u)B zaJg|ERO?kzxeLO2M$a1@c+0Z9JQ#F|5HDAC%T7)4Mvma%>RnID$FCXg}dV9rd*spcJwEQNhME$!7!3ql-JJp2i47HqVUM$jKXY9_SH)ivJO!Nr3{l~1lhC8 z-yBJNw&MVy59*jYnJRd~8a4WCJow1evTtmYQhox+X-1bmQ((S>7!C5Vu9PMYgXAB?saM za&vlo=>b--ThUs;5UOyiV@mNU#lpO;y?| zr6&y+Rc{MOH4q09zV4OzMJ&027-3uLm5di+>o-zD2kb{SGbKF)WH11jK=#fa_be+` zX^^|CHmzbL)9D*?W>Y^VEzSizQ%e@FA0TeD+&JYZj;4_+VVcv;(7kxs^k#+dD)GkZ zDD?)q&p09S0(e*pdoEsXDj34&chuK^_|Rb3*V!~#l#yauVZv7NV(;WYQvf;;GdOY_R@v{>ku-nx%T1Kjpgxw-9c)CFKV{6!7)R( ze^v*l=!?)eGyMpdE^F*|C};-pp0+fe>V2de?G=7EJlaU%5Z@QU1|%=T z&Lv|^CSjg_1R1EO;LJdUgROm^kUaTY3H@2Bqy-vb27fX^ri-@!6P%#!MzaOV#6?mC zrN^9$u+9M^x;zChz2DM^g!;O4WLja6w~H)Ozw}b8h+ik83X$)F!zQt;NZ&3rrO)9c zF<`J*Wbb1&jldp$?2)U6D@Ok%>DqJEoO9+lvl}BzM!pnxa-?{;P1tQNMSte4pst|q zFw%sgdHUmf5X@&#l4u;3%Kj^!{>f)UqY#tOqK}^2KfP~A9}Fs(o}@Otd8RdW<9@wp zBMH+NNqhFBoyZw;E-)lr^f+ivD&U@gdEvxPbqx2dFQ3`q2#@9G)(@bs1CH{w+1r^K z)9KuKZ_llY7jpW%_6mZpN5QDA0VzCfKZ&w;K=tsq$9L7T#wYfxTVD5;x+V47G(TCV zMAf|=b0Ck9_%VfOz@r4BCDH+7p06s?`r)K8XD+{g_Hu z@M!$*4PFQr^u)tBF(K;*I%x`A_dxiCp^E_m*5#4>o}H8+N4Dw?5z~{( zLId**QqOeH4bN|=EprOa6f$1F&&Cie-rCUce1N_{nQ_cep(SmcX77!GDlS@&g6s`h zOL}FQp`G=5*sGOPk*xhs?QUwlsc7+P!iw+{m4T#Ep9N5c5Of1YoBMBBx;J7xb_xf1A?sbgZykV|-rw~4jWXP3UWJDk&x!sJWbk8=kcFHf>V~H^mwfDnKhBBymv1C zo5DW5kzb9+R3%$RzZV?{30~E?=^R4o&6l#lrv&e;aKuE<+_uAINXR{8z8U>>5Ei2T z6@sbf~(;OmFY?fCG9XH*~ChAEHXA}=f zE4P?%H~$*k@|#m2BZ3i^{F^f&;)*Af9%YI@f$=W?q0{pY_=BcASlXJno~|ULDpq=M zC1s7vX??#%d2oA?Zxqx%f_7!ABD!VRwjB7!6x1pO-4z_A8V2Qbf^Cd?Bs2MLJRDFF zt@|JBeFs!iZMtp{5v3zdI#Q&A^iD*iiwH_@N|7cYy%Rv`O+Y|Eh|+tcOAWoMNEeWj zfYJmK5C{;$-E+^Gd;kB={AZmrch=mwbF!9uElsi^zWe*W_kG^-JSF4x_lXCXdel(h z72fDJ^A#oa!_(W7!4kaDPiBB~XCpB4#)fVW=NtF?m#H-;X^A#X%^n{s(X0sA2Qr^@m~x*;tm z2*^rMfC%3MffLx_{o>6Iw0plfy2JhIW~%ANM~#zqK|SS%0?ixE;fus%gOp|`PkuiT zPxu`=$Gbv46W%~h*k$&lhB%sg=0)w2i$Uj+Ysu_D7} z&Wt4rMWbiDmTIn|5i!}M+2&37T zpI5JbTuJS3v7hqZO#(AZZd-RYO*F#GUh;xeGmQ~ZUn51{VykfzZfmj1KdHBB*D{YS}{M~!zo_d*? z59GVo$5|#2ET(Zb+Y1B${6U^x*(aR9@xICGau;B5YBFs@A7D2M{b6e3(=%o*8ZUMH zif%XVaaS?D(Oza`PViJxduGsA;Ic@HNk{ATG0~j?jDw1%)w9e-jUO4FeKm25Q_@x% z{`gL3jVSN}v*4Sv9Xx3EHmmq2ItQ_>@R0|bR9=?NkP%fD-2OsTQsQ^ ziZU_yvFM9n_IIBS`L};zcvJUHvOMc5MrjQK?iXB$ge3S7%UQQyU0men&XyhHe)XJ7 zAndaSp$E&Gpvg%B)M(5BEIKeGv&TJliF9I{jRbWA7Et1RX?pRQtL-FbjFv=YDUWLw z*^Y|PXE`C4VoT$DKnGOay(uhdh=OAW-Is>TPo`Z{3IHkLlzP6GS#)09j*E|EIjBE{ zgx=yJe(5aB5i!RTH76M-by^xnr}2e?k8ouv4t^;Z=-mUR>%L<3sxjSrH|jbfMh#x- zCD#BwrTh==Y7%NXhg{zhyfFkb2Wz0<0~MnL{$Rw<+D!&x%i0+!mGAQ8%EN1S$+ z!YUOHNENjO-Z<4P`r665AugC`4`x_aVj>Ny#v@3@3G>zLPmaPo*pUu546XuuW`)*7Gvgt$C9b z?ueUR?;C=315jhZR}iA~*lUR}tO9Dk_pm9u()Y`~+DbARJ&7x0Y#M}4LY^R{+hqfP zI(7$+a1yAse#(Rnl1W7xPakrcuA9#C)v(f-)uhY19|c|xWYJwo^R%m0-T*H=QgoX@ zuJyRb8;`p{SrjdKl2YgouHbhT#0Z$o}XX37lZOXkcUrFT~RqvB5I=_`fjeC zazn>ejYRyOR_BhMS@wT5ZFm*Ke7hCX3bd{)QF*gIF!&-F66h*EpgAS9PxKMJQA!`c zwMekH@Cu~4dR10HE#$c*)wkX+7V5SAD`ZK8{A|l8=UW%T%5M^b033-1a1hBRl*B!l zaOKR}bgE6i7zlaWT<;xXbK>L8bq%h)U3$T|moMh35>RF4KJY1!p9o|*`i;netphNZA-fRD=rbE<+~gxeM_YS;(3mY5E6 z*7#rG;@g{5B}!K}p@zQxwP7_6jM;4G#BEvScbj{#UOF^An^ z%aE%k7IO>EZnZ4~-l~Kb^KbeVro1HB^wd+cQQFDRzUIc|=*DGg`xporUL`;Cmn1;L zJMW+dF%3uwl(!{ibb)q^g_}fQ&GxTcPWPSXsuz*8 zj#}i2Sd@zUpJ3wFAz?UBbsg|kRzQt*!xODUW`Zp}r{#&0>(2xqj7!PH8AVvv+_LqL zeJI3o92t?)y&^00whm}>Jb=Z_X~YLRI8{31u0HRxx)Gvt??a6{=VplfMgM#e=9j5i zq>qwHFAs7+-#h&EbYWt!amfhE9LXDo^+F~-(4VeX2ogMFFqn2%wa{}rx~lj^ah^ay zN9#S6?8AdjDO*fri8Gj5(FuKYClMAbh0r5`*vx%kcdxAspE5fH<~fv)V~Z! z2Ayh+@u&l1iwT$QAHP)Dyu7Q$;?cv@MXk5||S>Xky=9Z;ht(fx4LYbcA${+!Ze zrm99j=1&5ig_uTLWiz*94J)F+16qQ8>%Qb;5y+);(AJ9eIcVI(8Qz;rh2{GaDr^FD zQ}(=9XV;u9#zY-k{rHq+Z!_I-uRoT@@+0y#>7($J6ljS6I!{|&nsj@brehfUt}zdJdDhLoDKTPO7oZPh3CGH^n;Hm| z^F1VZNCuJx8GQLIfe-N->ruaGG@Slm;SLarC$xYggAuqqK zh3hl@ss1=FzL;K)Y3d54!=x`KCj{ycVIZZLKnU4D2vL0*QJVSZT`I>zVznnk4Bv5A z1IcFQ9uCT6r%_%XBss$#VC%3G6qtwo=jtj@w@ZI^_P-(09}6a z{T3(vuQ!&jaeg$sGH^Yd?VDdj2Pc+c`XEFGC|>KaNVg;X<3=4yLZZ-;pExyoE=KW$ z6$~+Uii>f)q~uYBeyP6`OD{Xg$wy$Q4kCO@*dQOKERBLC1C*Ew0}$$9Fq$6mtA45> zt4*WWLQ-5a^QBed=Nek05%o?Hg~nU!PCy!8nHEz3Xt>)~uL=#K<6HI-Plnw%$O z4kIhyp`Q(2AzHCmV@b=4>-E?Rz6YUz_fgKV-)Y#dKeKWbRY$E@Rt&JNW(=*4NKZ6; z)K*7-X(aisDSJBXc)dCH?T1AB#C}GWO9o0^%adV51P>okfLKcj5!O*`Vwme5$TOMV zj+^L@z_tA=#cXawDSg#9Bh5m(FX}UmTTQQw^ul)1_MUyk`YtI}Y`RSW8HJ`>N<28T zxg-JUZ9MS_Qu(oV?LPQ9ShQGh#t}eQKqmcI9!7c&`dSfm4l2llp5FPk;F5yTLkK4% z()iCCYr31tdKAyPW^XyMQjkEOT~=fQC=Wmp)6O8MYXZ^LJodHWguwG4^PK?O+}BO5Z1< zH^#y|(JzEuVak0M)O*#BJk_q8-hC0g6hx@>{MyV6b3c$k4nmi8Tz8(xaVPfQ?a9#4 zow|6H)F=C!$Y9p(on&v0n?&m3vRlcu0{qJnKW;?*kj#+YOnUd~Oa*{2G|!Rt1Cf%W zan|)BSx!I9FaRBq?nIls$W(zjtVSKE)jA69HOE9)P`=8I^rX!L*y z6up2eD1_Unv3ArxfVHS_hP>u+-HZ835AshPHPrJF7yu73a#rZEDm)Dld6n`_G-gUp2sv((DFhn2R zWKWc)$Xd83t|S2DIo34MZqHE)E5u2zq1P8iY)de?LQ=w_2HE`FNvrdB3=pL1mBF3c zM;`Ny--*K;F!5EvV!)6odo2Bz8@WMf_I?J54f0YhYL~~)NQJ-Ea5y}QtGpfNmHt%x z4LiITIM#1lsHc{{f5xf`8X4qL8nAtEpSTZx8CX5x2ADF3=>AMAVN7^6*F3q=-t?v% zZSB<|XBbJJTNq)z14nRk*SyuivS?Jxz;h|B16EZawvFY={?;knpp~I%YcsrP6GlLB zA$_!f=^zdWGpi_Z_v(6~hx}%c^RDtD~ztxfcl79;V-EjH>?aewWtZtxXJ zjC&>Y-iOH@5g*=$GzFwibg#hdnzDAW*Wm7FmvxfgFvvB-82vNmyEaL-sFYGxH{h>y$t)O`WuQTcl4W!yCv&16dW|Qlu3(drESbE!kD5l~mC^Mn zXe8I$?Pirz`ghrjr0G{Yn6%5gI(^6pML80VSQA0Pgf3_XGmI^2v=@9;_^qz|5fYpr z;xNv9U!8Nhdzs$6+2+>gE;^G)(3-$kds&4%5FA5SZEgKkWkn&G9+>9SO`Oh_(m6H% zFeuTzX|P~Mm$b+s5&kAT9iT$*SkDgwgT0sHnWQsM!4_E7wy5ul{uzGCj7(G!s?YYn zNpvR^^55<--{tkw4}X(z+Mk7b&?~l)$CBW`Vm0KmDNGgf*T@;E0L z-=(TRoI)$!-ySZMfMw9GhJQ$brq^_u1Drq*q7Ev5Tdn3iQ3@9;#VOGP#$9)gpyZzw zTC6%ctDJR;t!(1u#u1wKgR*CrGZwF8%VbNYnozlmz){o ztHYO*8J1kwq|rR-y?$l~y~a9aH^2HR8t9S?P$eKzR7QuJh3l!mU|P0J&fehITyP@L z-no)^m|J31Bb1_9CW}^v?4x+=GmnP&4;SgF!&4?hv;arWkLu|MUldWaF2-c`v&jLM zQb($wxv4{KThjQrOVro*v)!)KvQaLO&R_Y&g@F3rR|N^3G%M6~XmCp#}#`li@oOL>3m*rQfp z;4)J-qf?v8R&L+eX|0KFhwGC>Lo#ho0Vetm>Q_eX$CG&rfxE9~DQCZkEu}$od@l)R z&fs{-WlWpD)C&_onAxc`H2XQLuK2-^EK+FTN3b`@YeMcK#Seh$Fyb8aaNKf)-LS`3L$GqXMlxev5kf;8G59bI`ZuRwv39e|8hNjZZ}9r zGyPMyg~;q9e~g{aMQrB^$U*MfXSHV;=O9KKVe%gZh$;uYu^m7dqZ} zWBH5-nSrbz^;1RmQm1JddKtf^IsLn6sq9!S$4-H8Pg2Pjkrp0lLxkB2sOokIl2vZE zft77nE#-;h^y0qz>p{?UR7sdu0-Go0y8D(XUq3*1fnOT#tnQ4 zQioW?+Q#4CQ4{(&0ODIs4FSPuGglto(JD3Z2cYEGI~!P;21(4|gNV(_&h%??+zEbt zK|Wr7bHWE_ZH?}soQ+vbGI4xV{KgllQ?=HV>jixXWsK1M(BiJQmh)Z0KiN3in(8Ao z-*=caf46(~_4=(%`BTGDI{#vJl7ZqOsmdnnIkOi`fiX3wjZk0KT8&}p{Uk?a+B#`@ z-B?JPR-PPEA@KF*TU&jOTk=9o<8wmW^=6hD-fa%TY#!K?vA1kjkjc#ci#;ospyW}R z<(~@YO)Yv)f^R4_joWR1xC?FRSY?xc7z%C);a$;t-e&DVzS8Gfuyp6?_NyVGx_g&3 zy9pbh9w56g`Bjpm<9bKl>FtAlaC>7ULO*GA2HKyxrrOvt{qtZ5JY!mre?j7?>*89I zS+yNkB5J1h^+CHg#>Hr?ft=)QMZ&yjv($9V^WL;U=pzDd@8x}f>#BoWBOhQ4M!u8df zYsAE|Csel(#w%tPPO%jm9Sqa%uKF?yBeYuI=MRQ=gk)+H=m&-gwx-)TM|yNz{YtI% zJl1qedpWb(8t!g0t8}BD394$2Rn;eQDzTAWvo*GQ{drGo1zm7U(Pf1=QK~GIA@@P& z?E{`Eu0+ISRYX}Wsif&Xp(km?*fQbs?4p&D@!$ZI?fq!LAs^hSQLi(t3Z9JnfymI* z9!|Jo+4@=2UA5oCs;%Q{EgOR}{Sqz-67PN{xi9Z9vsmAdcy-BS462sf*t^A)26UlR z*gqb?UdndVkgCSiX`)18i|6}Xe1arv2HYP%eyX^Yb(@cHm*r&v^XoTfTIGxMn8Zu) z@}}qm-5Y?u($vLJPxB>pP}U_+TOV#|vCp@56P8yh<>~6Sj7}zU$IZ=i{9nNqhU6Xv zU8PV?FFgbzIM&IR{rjpZED3L0+?KbW+S&Q^-FvQBVu-2bnB4ibOX=@tI5XW9XK7*D zulUO6bhz+ME9G6X!@+_+HpLtRjCBywo!D&glhi`hN3m<^20@I$W#AAFUeN7jn#9@V zgt%WWIppfbwywd#hDn-9MBJyTy{o5FYCReo}Ro@y*iBe(LHxiW5n6MrD^;Pm~PM~@9lqI zBgXknsP)RHun6F_JfAwl=D+kV`akBa|LubmI;w!0!ejG>$ajECdS5j+XP)&IAiBLJ zP&IneSYc?ic4ltK!H-eEsg3BJx&Uy7sm1w6Fe^|^`(APe#HwS7mQuRbi6`llkpOY8 z>8t3`}$qW{8p)$b{7eqYzXzlXQS|Eo3d_Z$0r zOL;zn_pbjsr#Rjt|8qXezoU2kg7>a?&-4Gv^Za-Cy?%!7IWHt*nHntwlhw@lwX&@5wfl9`y}9_({s@K>T(_b@28zi<=$JKq3hTR zE5~*-`iduBK&tqSCFG0HIcRAY*PV>HCjwumhwL5!&G44QhpzA=h&H$mPzPu|(LaTM z2bh{Z1|G?sgMRxt4J9clE2W%2|&4+0uCO&w0oW?o}xM7QDsq3kJVm{`aYZKQ8d6CEi)!eI-6r zz(-2>KoK7&<6#0GCE;-;9#-SC3izbT|4KdKK_VU`;z1%FB;r9L9wg#HA|52-K_VU` z;z1%FB;r9L9wg#H;=i?L;4v~DBjYjhe@~437BgUwd)If)F-dhS&vID#t-#uT^}n}k zX=YGeAJo@I;jBNJ9f{W~@ITVx{a~~IO)k|~>FY@l#nf1wbE$s#z0$PS55VAL*>Aau zfA{wyRwsT9Gtl|O-_n5kC-PVPg|`8I4gB#M0CtzQ{^Wh)^S?zmE&un_w7=WA`1knm z_Q0ig+04?zRr-gLIn$Oa!B&I8_MlMlwc65`26N5L>zf((N-YYAmR2 zK!~K1!g%TA^t0e^e~{$wZfrHuA?DHNpfDB~{NU(~F_tHr9Sd}mugaW*kdFVyy}tGOqZCWYSkU*7 za}cZz2}cNhIR~w+orA8!&p|XAzq{F`AwS9A7YkV?7Ti4xS))4#U3n6H4g!OZ$$>WY zZ1C^zwXCA`>S+SV`ayEmkgZ)=*zYU_5FP#Q=55D(w7#>#RVKp9B<6$)(R{uAK)q2T& z@+=9|ZehHq!^2?lx5oDRx@0oc^$+p~6K)ztsbI-P{%4N>>7RNP_EK9ukQGv?s}OU< z`FNS#J_C9e?vGQ)Mor&w3}15|Zf!gx@@{t;GL0bN%P+j}AIe1h&Ajt7#FwX@lz#*C zMw}fvehui0%{HLi{gKRq zK~nvzf+|2I0?#|I|If))j^~j7*Lg1gfAY>-1)%+UPckEvY5gbq1Njm*nTVqsEDgTg zEkf@9+_ukF+Puu;$1ylKxN98)p#ZzVFnoG_^9r9d5YUKvIJMcvUZsqL$@+w%hxW>| z+e^-bzKhQ&ZgDB8JE^^I2HG^$Lb)M5>X0r&@cOH+b5Mj9mgN;z{=J*cr(9~Z5B~}ux{ZHMubJ@+ zMVWF;o#m^p;`K%u`NY-ogzv)JTu%0n%1Om87cO7WQ@O?LZ5)lga`vu+DReB4ZBkJW z)xEj7*>ku3l&HtjT&eB~wmy@UtWA$TH5koh|m9Ti1z=>B60pR+l=R+8%Jm` zu6KzFve6NU1zMRS6wX0IJm|HvglFfV4Nl|rwZHfj&}AJFgqvk220wukUHl9o&x8!_teMgV+z-ih@f)mdl`*!H7q=&r7H`8>oO5SeU4>K3PSke8}`yQK~>t zaM|l~kS~o@^Ev1u4$}l^*ZLh=qpA+RE&5gFRf%sa$hnNfN&`*Gv?bCy%}@6z}KI)z6Jf~c+T$_~pn_t5O`>sr2k?O(8Q z31|NFY%2_qm`$e{#f#{Zy)8yx`MgdZwiQRNhEAQdiGdZqMF<5#m+Cr#Z&ICXkR`LH2m| z_a*Ti+#5sRRgvJRlf1V!=b$`s-I77OnA3q9t4aZ^y1aA+w~~x+0ed0_H=142HH4Gg zdf=?gK0#yrVa(Ngemy_L;AC^|8ZV@-%U$x_OX2PdKR3%m(H7OA0r7vb_}xwAhd2_n zwh3g^`;=z%92BbC4a2FyQsB$k?6t5+WjU)YFtsv&rxcV7W3VACxj^sh<)U07URXOK zeu1taNh;ym@zo6Gu7^FLYyLUQ#9i#y{N1cCW1e@m5cQ`C=~9JDVjl0Mw|1ii6ourY z6Vt<2shk>Ue=^mwM?lz>>2Y5|>Hjn|frxsaoj^^eGh)nUxSdcy0f9N#DK}I5$poQNG@lAHL8eVkF(U zeg)aVaRv*S6Fb$SXO zN*rdQU{O-m5$x0liF%sv+u)5T-{#c?Jy+Vgf$v{G57nw0j5Ne@5kDWyAJU}kfqm6E zT){Y;3S*Vf#4m!~^IckUr>iQ@K~AbS(pl^JYtHic8sSh6(n|}BiWhDM&g>3!!Q%qi z`$wY!8Tv%Y=N4w2TCn1}?nHa}-#7;ZyH#Tr?+|<2C5Wxi9eV(KKMfWA0;`5{=$EnL z81vq~=ZL*$t0gMT`N2o8W=ce!O zqo=IX@ZnUIOt}cUuKC@M=$Q&5%b0@9BXc$>bOnyY@>BuKF|*UgYjYBv;1k5i#9TCX z^+tVD`W15KZ=bjwKbAcIeg&j>^)g2QECRAz1qsd2{o=Re$0(P-io0j#us@xIwM}3L5cPFr_$dyV9lZ=ieg|s5I3%nUM>WCKx z+SL|Ai61LzsR%}aA)AqGVf4H=quc4fW7j`H#{=tW$}L-}<}n+~1~O z&et58+ZrIgNSUs1spLyGeQSX~RJ|6>5bgeGvc6sW@=le=_8T2C)bP8Mv6<`X;e(tF zE-R3)$%hb3`l&RQ4~kgp)uY-tSw0QUY^2)gHj3)vz5gWAKFiiY{S_lR z9i<20Ej9lzU-n0NH2mv-Rbduy$KOcu{y$hF6r8_T4*m!rHZFBwH@hvJh_pN&Z{hv3 zz)RhKoOCJ$#16;*QQ~R(E7tW6*qo)_bI>VGu*x~8_;_ni19!y*rHUZ#14o5QOyamO zU=1|SLPjes{l2qN$~Q%QW;>fWi>tIXylf383#aOkp?0j^IjBaam;J;&4=#HST249# z?P&!EoP%sxz$cpNE(n_-XaJ;#9XA5`rK2baxY9u|CVL&r3mh1PDE1g(MbqU`kUvCi z`YBn|+{th^pWAiuf;*?Ix41kN_y_K5!k*?A|9rw8i^hroPDV=f>sTB8EDT^W6 ziu%j(kQdNeBlxoD6%jNd8MJ9+Cw`6}8SmWbb^OTnnqP>~o9$$5Q)M!i2pp6Nck~IBcG<_I~-M^_1s}aBM2z!}o>9zuk!6;olYOE3_-klW|Bk4})U(8%;lO;k;hnwf-&|>6U`r!Tf3J5*d z2yvmD-$xw%{8YJNMORak+^>B71Jt*yc+RS-)v56jd!Fes9x4GgaSx|4pgjYf8FJ;bo0 zY3|ml3imBVN`1Jl#wg6)_&^{`NsHq_$i?K(dKj)HY>FropolaH`4zVaH*C{IwA1t} zvrb}pk>+n>A2w83U3i^lj)cdwoeX#0egmVI@)L;-VCIVfy4p3RzBG|MzR*do|x|(m|=x zt5m*gp6^-pwt0}?$VDa$KXL?~Kvw!UE!s^Vq#lcj!C+mB@=Q@tuZ`D*?gfh)BWbXu2eajrEgJpf6<*fJ>YS$y9^|O zQvNVY@Yga2_}Bh2n}WB=KZQ+L?)<*4mh~K`o@kC+fd8`e?kV!tE6K+uysXz(dvY`X z4~QcEOrG#J(fjVjfG>irgJw3=sOnoA3tu1|z?IMr)k*~H%E`cI;i$CrrW1{MMHu)e(8>^w*blBkALq!p&A0p6GDn;3mKLtgw=(XP{Cs{Y z4(Z{?N>Ae0&OzNkfOAFTFsWI&?r`)y#Njy9r=bC!{{1X}%~yG})fb)nb-rJ3%3EL6 zZz>!$lLWUpK$mRWBY^lY9!Epya2EAc3vjx1ic7MyT)fzjvodM-1?Yirg5M~+C)MSy zRVFjOr<8-D3G67XB{ED}{{&`qc_zUQb;mE0+~YE1Yp6OM zNQU3?okkz}oIyo8sIesMM9SB&T(-L0bNwww7@Z*VPTu30Z zJCjqBxiJ-KiyrNVqO>r-;IvxEnzg^oJ1YHR{a`feyKObAjp+cvkSzcB4w8xGACJS>k39apgn zIO;wJMJ^I!WR|PIfE9W^Nh^t}PrUk>sO7|+(i~v_5<9NFmhnVRNftz~E~$V25BKgL z?P>h$cw(S`(ltOB^E(gabrUi;RsorB!o^p=_O6cob6ZGd{~tCN6jbr>ZSoQRO>A1_ zP2kPBDnoPVf$PJtlI7iF24V0v442@%QIUo6!^USo4*@`+F6BKX6)Lm&P?;9^7Eb`p zWZJ({zQwH&-!**>7Zcpu+jg}2GS z*c$jdHgrw@!*bz!qT32c=86!n&JNNksR|gmzh19#CV$nYFYLSY*E>)6?tVQRZ?^pa z&14rNdKhOD`gzRX>PQO>{dtDG;(hv}HO~Bl$nNTg2`Od?T(e2}UDKrmHscR-T_%CB zUN}>*c(m0Rjv-j9#uR~;*E}3wQe$?)*~uN7X*@EpSiVmB^5X}N?BnMvl;Ocrr;5sH zE8ypW?LZOMa?=O}i#FP>7H*JzgWY_bl6||K;K>vHmzSmmT#9pi_02->4jZ+9opm{EG~1NV`hYTpu~QK3G70BfN}@dMe$>li=`TnyS9jjTUlCR`&RFkYl3E9klN5 z^I&#Fl}mqiMk)b-s%zfvzpHyPy0g%~@`JoYFu~#b=jBc_>p9+TV+d)3b?lsO`u4b^ zXC+hKtKk%9`cy_EX;bRg;Z43jS0mmYkr9)hidcVj`h+I!G3!NZAYI()on_48hF)Zt zKpnNB0>tQzxl%8AVO3?9C?uE|RE>12b zmN<2@bNRVex4`E7g{Oy*SZfxnC~Ce_-nf_f1MlS1hLT2e*{ZlJ+~%*%d?2sG>p54U z2E>75=+VA2%C2nUXsNGN4pVT1Kzm*7gz&cZ6&{yKQD$r}`G-#BpGqzWSQNdVHKR{5 zNiZ||;l1mafI^oq&WNr#hm^VD1$9W=MaN;Nq3muVB*L$yq}M&hnzD_$`pzsyw`5bV zwBmWwc8UeFxi?!ew+W+Od85Kqi7T14 z)1sU5q#J2UBNVZfbhi{**cb@q)*hWz)mQ2Ctn@KaMg;4WJNXV;KWJ@geBf^1#4|b6 z>QXDhh>kSm$k3t=xpsGCFV){1$JRy9otfOi)ZsYZZZxt za%Hb<(idApRgGr@@-k)mMhVTa(t2@wORgwvM)!B_fnAfd`r9;$pMDUseLGtY=)BRU zzIE6z;T^)?uuFqs@0}CL@n8&*-rV`hZJd}ma?LhU-DiYXsPKYU-0_C3JH~c5x+V9U zs8^wrvVeKJ8IQqnjrn|Ea8izrd;;4QF7yfMVIk%@>gYa(x_sW;g`Vj}OJ_aPQ=|O> z!NDy>Pxt$UFH7Te*g&TxsRYii9#*+*ia5CBwU!0Dppp^;mJ<~o#2qR?*(!BQgq|J8 zGG^Hb+<4T(GF+}5HSi$vM|)^nU02{*l;r3o45i*QtkTte_g4<>#N*}+$-Drf`o}Lw zRwZtd5zL=0E5sehuchkP-U+^fX4l5llwch(?iHBbUiwUFF2D}4G8U|Z$9(r3zXT`%EvyOY~!k0bPPNzPD2Q?3VmBN?_!$`=i*ASH+T zgeyjnpq}EsK=<@<ylv~Zu&7zdGal){>f1{aey+7zkt@Y zR(P~`@e|urt@?QGyw!26HYNuFk8B}v3FVNudql(2ke---MPyfmWm$vFE^(llJB+v) zRJXi~O$A?sd~GfS+QYaF_mj63C~DYymm;$h8=D!TwlmfYnxc(9H0XQ~g7Ij!HKy?N zI(+Oj6jJ}lfMfbBW>EG-dYhF}7nQk9TH>P2_a5aJkCmwMmw7Nv$a>R-D&W~dIwK#f zpSxe#pk32qM}X36c`1&`JsxX~gkOvoOavRCiavVW%Ovvfpq)?fQmap^Nmun6Bx~NX zmhzwPToiJr!3c~Zqx(sjb6(5{i`KhDV%p(R{sMOqmR=*g>Ur*P&O?0T=gB zxrfgHGIfbKcRu>|yAHFxZQgD+PU~6T{!pP;G)PhA_+)CU_tsfeMOk(NVnara#vU6# znCkK!!BkSB5sh=LSo;ZAMWz#h`B552dUw|Lrc|z=C)b-YRbCH=w>5$6rUagCt&2FZ zt6^_r_LrBU1FfSPwx*!>$FX`hgsUsVQj9p`Invz8x}KAPB(m4MDd%K#JJ3m4%jY0k zjIkB!Rm&FbxSLeG2brH_GC#HpZdwkj-+1l z4Q?jX_ib5c+6>GDQeg3O8om8fl86%Pb@|0uPK{D0`NB}ckDU4~GK669o9oXgOS=pf z8?42#^q7pf@mZ^j+$C=ZSy`NMRqDmA1&jscmoYlbeMH zyo%G&QEgm^-OK)N^WDm<^`|$|9Ftk3adxTOT8z0-$Bb{jzs@r`s7{TOd;Qb@M?1n6 zwTn<&iVCI0*i0BjP0P^>Up)-qj`DZo7Jc^Oqn#5eu_yIw!Z(Ctdi@<-UnHUQj!hjj z7;BVfp*uZLNL|weXwBz}4-tgAQ zRXtB#2TVn`6$`o}+5<64_f@TQV@7tLBa(EB@ZU+ z&p~n`7uB^mIZgKHp7*XVhxI<|;dtpUH8ZCBS$Cnv^r>N8ZNvMz=lAMjZ5kV6ugCGQ z3#f+)l(L198HX=~4li90m5Q1!LiM@`4y{Rwefy^I)Eek)F-Uzu3Ppf;pW1Xp?1O0g?V<&M*Ae>-xcJ6UCpEdn1A(9v!Bp ztB;x$RGy050}WO0#qmooRz6mvHNeY0{6RJUpS0?Oe_sFldHww=U|;@Gc{zLq3||5K z?^pr-yH>#dp>v1$3fI5RXg>Z~{^y_N-?8fT51RnNdsn=7#d}v^K&$yRc-3(VzC8~R zZ_M14H@&Gsu``E^j^+T28q96U2kalVa7&8?E23CIcZ|{809JVSm=-<; zsRysD;X-ZpAS)9`=b$YtycvUShTS{|CAb2!e85$%a}M%gKe-G{Ecsy}5U5D|8y>k9 zDraGsW5%l$o*>tc2WjV^68D9mJR^ZZI;RpIluVTdt0-JxO!UOR!JHT?0H4#r#b@Ho zr zR-l;arDK3kAgLX^JcAYE#R}!J7)JbmC~MGvlmyYzSI456KJ=Oh{7sQ!FGf@nEcuM z^JE(8LsFNV%pOaxC8WN~`NZNC%cY9ln(Cm$eLV*ehu*}*=@FS}mHIpMuFo^5q3K#? zEk7>XX9#I=DiD1B)P2{h3AD1RN4N>E_Z!HC^qJ}XL?DH^5Pm(d=$7Z}*}{d=`h%IN z^Q)J9_qcieFKCRCaO*d!e;ep*7}<@nX220(H82fm@O>?1F6?!*W$K1mQA2xs;b8?` zug9mS+)YV9`82^U*%w*;+=)?cX?DQIZFFWgeu*uV4NHXs3ZXCdf=VF>u2vU8_B!+W z(_+gk^7_PrHJ0q&vv)Y&U|ozkqDs&RW4){cWwW;0^f0rSGiQ`=C#<01x}5Uu(j$fd zW*RxSPMjI;8xyJjj1EQ&of_iuU_X?@)TzTQ&+fwbr^3d@SD)P3zSy7Xi73iP|$!)KNY&*u<&9b9tkFSf-9p-yVK}P+0~E*y=heK&!r0p-h<4EWByuwJ#_U!>MtbAC~hJjXv&Mi?YvtkJQ=AxtSwIg!;*<1ov_uiVv z`fz{vKt=q}DFbxZA&R0@l^>KWrgsVJiwQZ^Z~6&Cz~i&`os?y2%*%XS%Ixy?<`!&H zcN|_QmJGFkpQMUPOB)O?=Xo>;m{}n{hA!$`r$Xy0q14KkadYxVKaVRg0}s%~(IWL_ zqFk=`{9Z-h)bL}OxAWWkZqerUFl^-q*G}YdO{k*3@yc4SD4joSCAl9=6|6ii?4}4K z*-&PS!{m1}9^OSR^4}LPf9Lr%Rl_zSuDm{o;|Ca03LDa!eSVmLX+XlBL#_q$6gp4% z&-bzsyw7td*-EBO4k}f>*=$nixJE8i9mSKuoo=SS$Q8UyatubmV!bI@9I0Fa&q3Sd z$mC1G=BGgnmY&F;j$2HhpLGOYGGw#n*4zxQ&9hp{j#S%v_5#tQV_Z2)htk$mJFU+!AODZ2VC#%{v0?9#MR6iDmZWR~lj{AHGRp4<^^hssJ+G4%&ek)QhK9IeO zk^!UI3nsux`a=i&hP=)}bV5vFExO7+>d69So~7JcQ3qXD={g^CJY_mrIjjQKMMPRDETQIYj5s z3lg(*5tv|7@;eNg3VvLMf%VJ;nlGx)y&2_S`~s|xca}>d>3)iC_rsQVfc0@NBPUwy zWJ)cR8TZ)=gef`I@&~ACA`if^p*&xLMc-|H656u&;nMw6iIU%)DrM<=lw{(Fy0U@x zsvSSO77plaqgLi#2hIY{(2tO-4X02V@QZ|*z$fp5_jEkJn2)lM?+@g6&>j(B&NTM|?mO?OXGYjgiP2(O`1ZqU z98i|&bu~nKK<4TVX0Ki*3@XTfmDo^z^zys#CPEhOKa)p#Sw!I_$rNE=QN81>npe9U zg6ECCsVxjR*iFZzwa#(k&ZWH+jl5>z@DA#6W_=PU?5=nI3o;L94g&+G`CmgE20q)( z>m3*?yaT3NHLBw6bcU4zC}KJlwNsmI9I%38j9U4O&fMAg=<%~X-5@qbBmDVIe*2w- z(v(z%FQlYDbkYYsAmZss@UNUZ6f0^b(zP;zrcF(x$xsXkF6l~?Th8LO&7LcUl6A2g z>GHlDZ$1!z3=NG0P}+C2{l__t?PF?)j6ERnwlky)?tMKvn%`>oc7kCQ+wl3H=yAo5 zqZwB{o!&wipP{{1UOJ>u>+%z%XxtnPc1UO7k3@PMyxv}NnMV&F_|^>09Y9CE`@XXR zX1|?~P%taShRg`-!l9yTCqi(g9-d}vqvq-Eto1R49N%v-EmS!kv9Hb_Kqc@3qU+sY z5mNOGjkzD+aI2=d(a7G_Ve*2~M;nc(y4t2MZk|u14}{KIvxnYfykWKddQ90DRK3VU z&DCKdZP|&7;FA*76s;^=IzAQ=g(+_txdj#zb4%zY$W}XGywM6OjsnFGt~|nrG$ef(hig5CR>1CU zTF*EiGs`qtMqiDwScDw8u8ECN2Kqy-Y7(YD1R&B$Jh-H;${3 zd8gLOR6j5X-7}uO{GGwu=V4I{+O0B7hkfP=el&&>n7e@~P+B$iP~Ubm013@sI(4Ma zn7>o`@(&A65Ba@9S?Of$u?!R^EBvg8mK?u?#| ziPJu{s1qbe8<`eY8K+&QaGJ!}@=t2-_&uQ$qTP_On*3ZOKzXrsz7t$42gqKC zdpLC=I0$VqpEeT>631C;4+_t#zzd~?E?qg&^chA3ky?7u)sLvL+Sk0yd#rR=v#o=J z*|=H0W#vw;9LT0J7dSfYJ6?Q3lOB{hpN?Vt3aPb7uf&!@qZXCFwJ~$N3~2Tw+3Oq| zt!Ce!l#Lrqm(sR#%ydvv3OM4*R!pGA2wRQ4Od)Trpkg2#G@*^LO*E(Wts)p=+T}^a z-Yz%2>bb!Scl!L|PxLb}pKMytTtRn~1EO2HcQl~cV&oA^TICuucM|ZwX zt%xu1KgD^yau^j&6Cb0g0vnHpiU=`^*)4zUuz*oQ?ScwUpVQ&ZL=V=&LW*u^cb9R= zI-p*kZxDWiWU~x;^@k3Be<|`RxNFNmZCJ~k%usmo{WH74`li692;v863I7NYH>p$@ zz0jSkt=Wr+D$*fty$cl4@AZd{lVbAGjp0CcQEUEHqD?ryM{0yWT6=R8?RCGg7h@J} z7zs2R=VVYhZ65ob7<$_-Xylt z#SK9J3&QMvRi`LeJf+aRCqHt_bpKJhVMW%J{0l{gJ|CZ(pUx1CB%;DVb%EVtj6?}S zWj7n*sIHQebj#cxWYCP34U!fJpL(QPBQ_x@9QdqiP%`35-_?QiwvF@lqchD41V?Zv zNJNhM9z-la#^uP0tI_(Q{4A!ynsbQuPhRk{y@kekHuBA*>$E+WrL5+q1W+xi7b=YC zqH&Q>%NrGb!zK?VA@>OP@(UPZjr{6Vdm2?vPH%W`h}3+rFMRbVbXH+5;PDXRi&eY_ zM7&M>CrHo_8ulXo&k#YXMG5AxrA$(DvO5FOyl|Nk3Mci0 zztNnF|5czpgS&X$#v}&RR@wDpAEoLUlke0fiO>z~4Evyj5U2Z!X-gP^Fp-``iD+0a zOS#*o>4M|oJxwr%hnh8h7qQDkDUWW%TE{+3{gTb@bjTmuhbJbhvC$iUix`?g&((X| zhJ0LY7}ZP>F3OY&44hBD)~|jfN4Nuu(*aZ4>MCCW@^rnWSYxo+xMKPyZaPTN)>iSA z>d-VHD7r+g>;wG=)|SB+YiHRXH#iZwV=1vD@g*Lx>*%~E*mc;h_XR2ru8Fh18eDv@ zNG&xb&JfCNpClbFpSGMT`{Z)UJ=_V5KsISZ?o|<~5LY^yh^&oRdnb`Op^N`R_p)tH ziRfcC@7S2g3o|pAlz^uNiD7;v8Pu|nMCqImEzI7R@9IH|)pAs1n*z)i_a(iB zz_SAB+vA3*_6ca3zZbYW_F-}a^;qz}qqN=a&8l>n+dfwtExwP8^a*GQL~_VT)+$17)F525|&a~^PwUPkmUcCLXP ziYxm#Flb!;hh?-ViIHfZ-PauTl5)1dZJHa9H?BuNMVUAHh`wZhw4ikqC;W~zGSzeZ zWU=xvoSU=m)ZO@u+>C(0m-MaWt)03CK z{wNLp#&Z<~9k9Gqz^Utxs@?{3P2d`OL9++Fi)vH96|c@1wgfBMc!74(vt`3iXHETZ z7p9lCGFZDdRJ_$Og6k^u`Y?ouh0Bu;@dqm!<+uca4xR;Le=JM!_HSh$uW#p#6oz6s zQEi&nDM>fB97Z8A;LjW#v%iz#k(}yXI8U#+R{9D|Za7QA=gs*a=p@apq{Wm~FVWvF zzbohEW4Nw}auyw#mGBlmQQM6if9mIsvyNa{AiI?IIJY54Hibj1WJ;tJw08JhMxB$i2{-Ns$dESoz-3WFqn7wf! zhPdIk<&SoUx)@rlrlecMNIx3+@Z50S|EfY`Q_{j!1;U;owG1H*gAh;F5+*U(_N2BI z+l_L>PRrPlDTLb)#P;HTO-}qa zb{tsSwJDcQ+&7rYJE`wWlwM~CNf5& zMf^jlZXpZIi+>@dFg&Os{fYN=&XoATtv)a>VtlD~uN%w<7bB?`z}4D386l+R6p{J& zI{J|w?p)=|ut#q+Glj2B4r$V(pTI_#M@NzMXh6DR1sR59)z;!gbNZtNNxl!Jd3Mq< zT|%eZ%K2K?u9OdIy|Hl$>XHpU*)yWiXlC`WeRY<)Fj2|yp$N0|XpX(dkJp1e zP&}jz18OPSl`3aARasW%&*m_8ai@IuNvueOr{01=y4s_PGpS6EV3$jXPEEhiFVXJT zw0Zz(NLRqr#Pw~he0fEyVo@D=Gr_x(7i(NRE6F5ea(w?s6}gQPq7He3JmarmFG4$` zNhq>v^Gu)C;csrr{2~=amY=232_I=*Crx216K&Datw_SbN?>%G_-2Bic^5__jQxX5 z`I|eT1*o5d=4YqFJy}zmEM1^)g&XdWS>DoK7FULXmr+PDZ5u)`mWIxS&6v{`CgEa8 zzJjYQj0cs^y!hfdlwY&&)ALZa>8p1ZSt6Ydsm|vbTa=5u^J35I{qrTy!^*@~bI)bu zDbmZ{jJP&7dZX6K9}d~+BLZ&|uieCjUj3wSw1%JQfwIG`s%H?Aa1Rm{XTku(t!?_| zZDgrk&79blI>UN9&h5RWN_TOhoYk3@%(>Z>xiwNI!JPPt8c_!k(y1x7BQ;%)V0 zbZ|!Qzr{2zI~|Do@?2aqSiiWAPH8C>-Tql?qD*$yMckx~p=vbGHMq~<@ltLttgh0+5#&mI@(|j?C?Gw`ARK8 zxYL9OmOis%z8T0amHc=}qzI|(WFD40Zrps`f`PlB>n$}Y56w+uh6hd{L=fXTym*ez z%9!K6ZdBBw63lPD1jwPIdRlnfPd#?L3Qib56t8hKaQ`z#Osb`$QQc^Vmb=&$J8Wk z&lO{c*+jWtc0=`4I+ix)UhO7fQ|_RblB=TYm+16;AhA_+SFsb(4rX+k)={QhpW%q9 zYjMG|w>%AJx~S1r3QeVHFI9kF=%+RMPGwIgxugaH)!Mx219kg5^LpcZ>cL(0i@l3> znFc$e=k3uqAc>%w_3$=T#9UMlSOjiJ(C-%KNgcEdR^*;A$kDB>Z8XS#8xb{R!P#4V zyYM=joXq!kuelN?o_V5jQ74e@*T5@9aR>?6z0sT52FMdnxvY)U8d$C_WXd$hJukj} z?nIs3DOBsVE5}dKqR8bOGg7kxphF|0 zr<2n+TC5h($N>B4$Wu)4MIEE3mf+V3wXbg#xbL03Mtx&^Ve~4j|RA zQUk(Fgj$l&Pu9JUTj}>97`0+2-_xDUoYgrGcBG{05W2K)n!@XS9J3&x)DeZ7Ry^g} z#Au7_E|j;FS-vQ%-ZZtYo$)z$W(4heU@mxOcUCM4O<^H>)KdA+`2OPuirD(^C1TA+d?^yf!_-UG?JPiG+lu6z!CcltD{OiUpI!WrzO7jv>U} zOgvnG^c#P;vi7>f1IZ!RoHKK$nLm(WbD@0p&i%`Dnx?hCD@On{O&`aACX6rPthNVB z;Wws!?+8zy{sPp^@e=Okb*L&C4CCot{dbyPNoSU;Pi_jmc3HedV@|-At7n%R;lc>) zm2Qi|Q-!s{*ILPH^J6|w#`c=xKw5IyP3*AqZEvVqhD*7=pxQ}OUB`co3i7`Rqv%uG z>IAzk6yJ8;QZ!1K28O-v$hq9q{O)J7O9J~xKQdG2OD;)_oJD-qd8wGG&Wg2wfXm~& z-|Kh+z#p;{2pZ5B6d%~lWY*4t@OtZN1Ue2OxaB6-HnA&Rk20NbiUcdKE3522NqoK= zd?eCbHR?mwqm7BnlETQUaM3Xeeew4jxV@ML%jCO6b8S^M;%UzcCk`Rj9A|Q_=zeZu zP#5tYQ9$|lw=Uu`VhVte>o`u6*4x3=+l$vGwLw@mDZS6HyBB5Z$PbR+cSZjY^kvvs z8nT{Texml;E1B;`qQ`PZUx+5QVMhvULPt3dV9ansQV8xa%DAPTa4OJ4=Y5c>nvbCI zkPjWaGu~GH%vT$+!1LF{`!U!d1jZB+C(el7e%? zx@Wa>YMd9QE2Rv+2}w5VEAKk%JFo}xiz)cCJN+`pn)IQgP(nZeacg7B+4QJnve$Pl ziHi#eGqZ7ca{m>T(9HPb1&1y11;vmWieT?6gFBJJDnL9Q0mI8;0aK?qA9_YvF3C`W z&<_#6k`%nxOErP9OZ`rfi>6cjui^74rfJC&&HS+x8B$dU_N@}-aRuc8weUBaQEzf~ z#<$v0Mv=aW3y}7pS@TQM|+@Sgf+KCO5nFA{dtOEZG8^N zGw#Rle{v5DOX^-7m4&5RKT09iylhG_+C6FjKiSD`N}AauBqe~vY2tADalZu*ob=&+ z+sy{Ok?)xKx-KCLmgJ5XZ29GgV7EVX)sP)Y9Z^y+ZYB(IachF2JLy<6w<;Xm z_naRhleu_(P3Cdyol4QSQf{ZL0J+Z75_p|9Z6)AU!|BKU7AgL{a7W8t;lbDk)X?~& z)=0)w_wpI~HCGq=zE3CGi-dii*L5^F{i-2Gk=_$DvCzocayu+C>>@lUB)Fu<-Piru zli^nOvb*t;`rbmJ_CKE8U2UP?8~gtcwXA+niFsdD>YG|moz7N(|%e30q$ZoPs4A%l( z7}e^v7qZT?>pYYDNZgQtM%S^uo7UR7zVVyyNbH%8B&`=*+ZRedg0D^|#4dJcXxyzTZQRd(?$d;GxQeyNpuu{($#p@>)jbGPxqJaFuFSYx5GS2O!I z-|vjF#mhhHQ8XXA!P2j)SNJWQ>mBESjZLu9HTt*I^gOg2(m6yQ2LbX2X1!;rMn6W| z28sJ}hE2Uvu@If|LtZWo>dPA~oqCH)`L3C+dEHz3S*tC++baXT?*XvCkZEj4$xBz1q^_heTk2VhMw(qYC4NKf+;#t7R_jO#&tNy=EP-Qtv}`kr zRuWvYs9*8atwA7z+eGD)?R?t(ebq~JsnKO?%pysdUvF@5uCZHvd1 zZ+E<$(~Y)DJuD;J9~yFI41t>?et0u3TtVd35pC<92PI*iD&R%1vgO!4-Z_%fLwwPW zSS8677oVZ5QRIPZs>r^Z79-J{s`1nLbbV;eozCm`EKKM(lIBq>BQ1q+eSBbh3>=~v zR?9N45MthQm6o2t=3SyNkn_NC$&akjZRbcmkc4X8__(1pd!@GNxJwry4nI#K&7_m2~;6NbEtwSI6k%Lv^cSf+ezkis|g zpc29L;2vZ|mRz^JYiHK!mO+1nXHmKy`GU&)r}_D!tZ>CWiGDKyH;G7){I&m9;_-D; zH1W2;UYTsva>S%pop1hJ-?N#+it&dJoA>vxxHxJmOJ6iFjSxKnNrte(&k_Px_I6kZ zXe_m|yF9QsV z!0%0Is}^i5$`L^EVD|*4ZV2~>^q|^c2+OsN@xzZAx@*08Ot*COcMEREKMGygF$1tC zP4mOeSc)a-1EB_|8INAh$>Aal(;9*qqoZOb?lw=B%LTjdI@OaM&jv)7$fTGf!KxQm z`YT*la>59Q%N*ftAjCKXU+4ec+RS&#+{YuJ5H%{{2B>k$&8mD zF?gRg8oHA7{a67{URjEyY0?HU=&sQOGq~A|w$Ue#!!EMp^rk!i%t+_GZ~7c>$J9#| z3_#hVO{;0qJI6VkWs7*gI8 zr5EQuV>=tj%6HvifDGVI4(BR+&~sZWUy8zz?g{i*WEV8XwxPQ+N=Gr;?$S)^hF9(2 zLh6wRS99V8_-4V|DJQ?=@Rl)KwEKBic1yM0e{~3V^8Xpw^$=u6%3ZMwW_#Bg1YW%3 zx8k<3t7=bQm2%?dnN z=GV_|hfNmmb4xJrHCrYZ4HsuuQF%-unV{O4UUV$v4B7?oQXoNZ5S(+qtbj$nHoFn@ zGWN@R^5V0zt;}u?O7@@0)W12hQCFWvSc(VOHaaSZ-bMazI+saCxWopW0@;r2;fd&a zkYn@gA_i*+ZgFQP8C~qG%w$*w9IzrwmWm%zGxN|2vAF93^Ylb`+c$r^Eqjh0 zVe#yeFK;weWNQ0^WV&OYBv?zmFVwRZrvr*@%z8IXW*l%?0Z1=~Yv zf-@x}v38~nW-9Wx3v?G?6O-51yAR+y3V}(8l3-~cOa#3w^`)uoHvR55W zKg+!2p;W)WYDuzzsH84yq9i+CgCzf%#-i=ko*_iT7z71o1G`pYc$Oi(p0Y?L(%NA! zn04>${_kuhPKTO@^EJ@Zxd{y)e|V-c#((f>668Dq=79~aj7I6GQ+x?;kV0(=TPSvl z2)3mJm(!v=aGCTtW$6UTU0K}+XCEv-*!}g`_Yl##gxibLwpxZp z9s{3T*o{_;3is(PnVb}cJ(bn?*z(Y@_w`b05fAtuwOFMpETd*YE9hvr9qtdEFhyhv zZUs*K6>@?-AG^otP_PkvE#sY}fA$WzP3kZu&1z6D@SKZrHX@r^``h09HuWt$@RM6Z z2EV{(TZ~|Zr?Z<&eBEmE`-)d8Ke*XBZpA)K&rlHi)davftlCC66G002TdT4Nd(I%~amYq!s+mU0ghdv%)&H4E*o z2qq>@!1aqaj(IVHcw%lnd(A_|j(HNK>RF7l;3D8ab+vz}lSePT%)wmFo0OZ}XOejlQQ(~pARS{BpCxyB*g zpnMxh{&j)C^ep?b7s;Pv#@_Zk9c9%qi|LFPTyTuOZ1zfibR3vGBi)k{b=0X*+NuPe zE-L{`;V->a7gKNvc82DxC8s~9nOz@Cn8qz1=^1k7a_nE^>m2v91_t43R->rux|v8N z#0iqwUdQonInMsP+n)F}^M_w2<=!mbbLDZBQyy(oUybY$bO9+JvsXVI=>bFs4F1z> zBL3k``d=<<=PRx{1vkutc^#PJBY}I%e6gG(jToY|<1-8J{h}*rDd)~*bJpzZc(&+E zTPXn-SaqXFmP>emSJ=r0G+9vU86f--mkthAk$to!DXRY7F|z8gbmC`4tp5kW;%4{S zy};oBbcSBq7w(MAS3gJ0o|}6Z+1Tk*Fdz3eG5b1?0rlDvvLSK|_;G_R_W-!ne-ao@ z{Gk)^M|0b3|IkVPo;SA<>)ec*wK-hSovZ=j-)6Wa}QbF!}j&&3;T~X*y#YJRd?IC3s3E| z>f>I$E57oxfbKHgnL}h4y2iD0Z*FbI{3Uj{?#J^jasBzC)|OQ4I{!SStVDr(=K%CZ zS1wSRknsLN`m24^6~ydPjb=h?2)?r2R<7f%Qwy3Dq$cm~?4#!0I$d=`^qlFcJXZ?q zxqueQWV?5v94E;4;3`yrM+r1#b1NP7S*Wm`ZHljJrHTJ1cgqZ-&kernKEM$(>Ds*9 zNLi+d`de-oebMGMzO3S@*ebk0_h>khr}YLI3fCZ^3*466@QGo0x~|2W;HUK_lKxj? z6n?ap0uFbTNpBLOhG$;JPz>>QIA`F<2w0N@%Ph^zEm1GWQ))H>mCX}!;ctD zy_dAVs#K+n_=XygF|mM5TbR=_3~`2X*JOTeWyRcW7Vq>kZ_FQDXXmRqn=aO-pG{2q z9U6ZG+k5Bhpjbc=pcbN?mqbVvqsyb=evoJyGeLa}U7dJr6dd$xBU{V#)$7}{_X9K* zzHY|0_s*xIt=)=t1g%L$Sb;F`Q!Kuw=Mc=PZB*!{b7jT~8TFxhqL%nlSH7w9?zi^- zO95I;PT=&H-Y$+lguZT*S4;JfUK6IuE|X}`nO3F13Tlb=Xf%fgift+NHFQyUQTLJ1 zbvxQFUrKod>_%!F6rG@PFpxG(LGaoV*qiH0wpPu9Vq_zq)4?{1m90__VLzh0jw{? zUxzsHR%?B*Z1S8akmr5+f&0>;%fnQ`N0n2+*yRkxm;l=8!>_NfC*+6ZcM7v7h<*G} zO#L*cotak0ZPg!S36PH=AbAmv>`F!ud`!R2aaD(zAlCtn$pCnzeGxk9wr-2AFVz;f z?TpGzb}YLF-898zGGlh@z7S%A^*ZXm-YPoMrH*XX9w0;d* zbwLZBq`3pyIw7=ASh~E{M#{^mMMgw9;RA`bXlj0|`ifGVjsod)zI)EO1a)-v(_`5W zm%_f+&Oo8QENY+SmANFV_xd?Ht5y*|sEI%lM8@RM6OaiAO^T-m9@f`e-QV0fH~!dz z^?)U&!BFHX+x}^b1feu; zfecnVD^*Rl#$W3*i|5zP4nM!S`I%ybEvN6jdipSeV(P?RRIuq?_hq55b2rg?zF4YQ zVxOtQ?8GTfHZOn~f-oah5?!gE;4%b-4t@}`dhj)?&NjBILkQt%|Cp4DUn2G|<~(J? zv0^X3$KAG{?%^UcoVcz_K3MMSNMeEW;%nS&d5l7eA$Oqa?_KbFZBtN`tWjJH^94i4 zfC_`_!Kp)wUvwXS#C$IMSGxmN2)8>3p9~9p@D09H15^z*4{eTG0*?@IPw|~5`}sgu zA)()V2cQo0oCl3h4iJNYvjX&G6xoW#edANoj>+c`6i}~W0!lprLJAOIGLRV!fyYw| z?|i1)>hrQ**M;}>JDi}V1A_UC)Xd+Nb2Bt1FZ>`)>T+*Ct`$lg4 zvY?G^nY0W@A&Zc%pk0EM=Fq)aueZ{V{bsBJvbr@oM}mX#zsr3JZ66KXHfE ztDaBgEq}4z3rM={0|Jimzm#H@*jjCZ@P|D#P)%azB5?#%dz<*JRQjpYfupmtzS|(f z*?cVc<80IQ#8;3V#I2C0zC^Iez za@9P$`IXLdcKz2#tOFn(50}F2%_?Bmn(%VBNXogJhs}3s;$L1rsGZJI&v93BJ$3Kk zHtUU)-fw(1XI|Y^?pRo(X#$LSBy10t^Zp~adnw_?$1kNDDoNGDzJ)Q0kLo3kQVLG) zaAZrJQdEW~huz6xqH5%2l}d{iQ!1%-o@mz+nhNX@Z0jKb+=UWmQI^Sw`;~o@D9NX| z8Z;^r6W1eaYRf64Nh5@NDjb+}q1a)72~~YjS2sx?7vh04A-br8xJmgBR0sA)8Q(X> z4ds?8cUS4f8?tWms&b!3ER*s(0J2<9=s3mw!$$M(toq*#lRJ_vF?Ju9Un|gsv=8fI zp(jal?bDUc%at4(FHW~Ms^}KZb-5&3UA}PkHmjZq#J13K>~oX9juEMaEM^ZY#RXGb zN!M25_97P*0r;V0)Rnn0{K$Z=Mj}hGtiuYXl@hDq$<88<0t^D)Y}1%XQ4dKkaVESF z*i!GJ)GfZK;JLtcK4<>&42|CMe1{}>4Se}$s0 zlvg};4y^EAUkWzHjvB0*omX4Ac3IkN9{cGIa^_#S-Y>!adt&S+J+5-r4lCEK^b$qC z2L}$wbeSv)vC#GHjb?*xOFOth~NMw>=AQrDhNBH_oBgD?irlg`vcCxDX>be54?< z8Yyv!?AxX1I*DzrubnGrDGDlj;L-TQIy&>~b^8np=_K(iL)k@$CrC2Q~}uJcnS^& zg31gr1`pj4!>j676BHLCiY}rwvi-I1^ZI!tk96APa)_opOcMdU_&lOK@hdg%a0wO!BHp+Ah(y9-;n(#sY?(3R18rUg1d z%2-BqFWe%M@kPCZ#v;h@U&G>dcK^~9W`nMwIXa$P|xT2WSWq~BP zvn$pl3L#2(lOx#{1T^b{n==8+m=gCh1K0uqL9MPq?p(*^<;IT6*{kxODj%(arGR~z z!6k8Rd9oJV8!r&!Cjq~OTaO~k@E`X_kk5MVGujN?7JP@Zyfu1{N`*gj zkn!cu{Gy#F5HnA+9i}(0$cP8uRUDZ#doC^UOGw)aOfVr@kTP*ezzt$huVj+>g6c*^ z2s>ou8@0e37B{V(>Q%0fN4gp5UI1N$40w;QJPHRJ{rvFYvC{#hi->Aq>_&;fUMNC4 z9mGf$*z&8+Ay09Femi=0qz-dQy;P9~%d-YaZr594T%XZ_@0`o~Xx1nV0xh*BUxS zP%MaVR}&J^xDyhUlzX|XPJL?S2HqgMbGhdtykIRb*8U@N*76{ zA8E5X8l<|%xTNT2{wVx>hp?kdi14_W4src{N+93-B>|q>Mk!6*DRi+XOB`*{*MUk| ztc+iWk@~(3D9G`0JJ*0AuUu>`^fL+BV`bi7;1Kc&1F0=tRQm)kE(~%S5Ty|WCMx+r zoj@Ssfh&`}C`Kf7h1-$~J{?_P;!*Sz^tAr)2n z*O&W`v#~wvJ4(KUjJ|XvcP&+eBg!XAT%fT5c6XnKXKK_}IbdJWd{-KCNoruN?QLF^ z*5)^91Psv)K1q|ONRX6Qkj#|ZW8i9kdxvA3hXS$=^Zlsm%R3+WC8%0)leeBw*xp2z z>vld~0aw%onX>~rUN(wn9?}(-WY;wPqpF&0Uq*Yruu)IMqcnsHVgd)^(W>!Ia`X)7 z+r=L@HNC5joR>kf>wO3*YFs6PiF7;-W+Q!43|O(9I5lx2ko#UJ6TGiJ)q?qarj%ou z4ZRn}raAtayFgU49fW{MP7{aa{kA=p@ao zvU{Z3=<{v{n013_f`~gf{Kvu%EME$gFN}L#uxWe5aI)$LD&H;dLrY6MU^jOi2v+};z&>9b&Yq#G z$3biguJozIL(y>n*SV^v^0+A>&u2vcd~ZEqP5QO+G(hJ7vb@WVlnu#z8FT`M#4$wA zm=AyOm{GCSRcu6&3Bx`--rh93c!l(n`gczpx^^f#v~x1L5f>3iEQAu}5StE=Q1B z(8hq7-2(25Vk9a!cT-j^oH)j1~J2~rynG8D*+8ngyx1R0mBo2cWcvol;D+TYj~=r^?W!!cihO~Stf2^}nj0gm?W z;5jlef#A4-5dJ((6DJ+m3RoR~Z3%O!t26X^5;3lkbLDmnF z>Oih*4(UcUUtvu8g^F$V$^>-*Vu1J`pVegDQ+}KYeHD;`=VeyPI*b6`SZE`!sJ>+q3+bq^$(jYhde=2b&J>5bRocomd~stITM&oZTW z2XHb`3-U_mm7k;DTY_pJ-62ro$p+HtlKEQ&uz_>VZ)``k&AMgdEK`r9+;fAZsN2>j zUUHUo1>RH`%_ChQo5Al>Q~aS};#cvj8Ik@F){jYyQD0lbUR&3Fc2Q#8W9#Y6&npPF zex(=krGbxXnU_)LR7I-7Edgal-C+`f&KfQ{(Z=&roTvI*Pjr(;#?8hv`bD)pf21%E~n3Ds#um>m?)B~Ig|dN0bJ z4hT;Y4U>ykN&ea$OCFCEvzonP(vOTn)|s$qxJDon?KWtmzQ>RF#^e4Xcr*1x zAuRZAUA1Y^ZR?i3#`>EhI-7ZFRnhKRDZTG-mMR#Aok1vXJhXe5(T%5DHbt*v=8Fxg?;i zOg4nG)m2Tm8s*xt=^Wmeyz72?r(Ra1>kc7b*$|^?=`V5WiB?7i{M-cc8At?f`x#&+ z+Oymuc`hd?tLh}Uv!jB2iw#<0ciytZie8=+`C^+|*$rFEIhN2wXBkJC!h>+!{Zl~? zXQm$9Uk|aCMyOImNkU{>iYR_5hQ^Ucv}cmji35etz<|ZZbVmbOwwbJM`6+=-trt<-bC}oy2C7xiVDmrKgw5Cv0rftlMA} z4mUNAo?Cn&cr93J}@Qs3Q= zQ)@`Qyl$06NQPcKVRGrS_VSruXiPAW{8~`4ZQRsC1f62}Uc9!dSGwj^-Fbc9K<{&J zy*Q+Li~M|BRZ3ErZx#w(TK^>(d+i@(FM@-lO4f(JpymS8FcdLsHJBi@`rnJ7Ar`M+}*c`a5c4VS&|sp56)i)tfO-3T6I_E#f9 z{kL_THc&Mt?O=>67P>vW0%F|Y?plU`7PfXuHdG#7OU!5e%o6*F-COM@P(8)-dBxs{$a z#_~B`H^pYMy3JxLnf_Q2s2QW=kGAkLCe$iQ5CLK^L-ED#uwawI{mN4vHm1LA93Be4 zKC4*wq^EnVM&pD(ETBlCsi|Bk9P*DSp-=20l@d(4Z8hh#m2gHj`Qv-EDNi|!SW&&V z_S;qW*9sz__X0(Yqf5MI{({@^X(hBfgyin)=ttG0@$M15uz_u$x{%VZBg*I;gh(3sgPR7hE~(dXuCD#lEL0)e!79eK(e%RU(SaP2D*` zjhvw0ar-eWz7sE#o>Qx6rzsCerQ|Clo_55^F>sywf-w1R*73|vKt0XOZeyb3?15a? z<@slcr4f$zo~x*M{JI(IFtvysKm^mi|DmIAJ4bQC%Y~^yqlA@+U)B;zLh_Emb(r}e z)1wobUX58Y(Cm15IZQT?C{B^87<(lyXsoufKu$v?H82K{J7b^BX4C!eV)929O^@xShI zg-aT?4SN5)?Hlx*L4W^yB&I#GmxJ#}WMwG|Rlk(jDql)bCZ*uJIv1}_DM|a)5V|Wr zc3i7fOv>R-^7{H!_4C^m@5|>_Dz}aKd{F1InvSvoI6AmTxN{q3a3yAf=s_wifn{LPJ>a=b zCa5|ps-8&XavvY&Wq(wiZ1`-z1(xRrx;hXsS)I%)nylSmN0K2wf!`1_ zB&c13n4}WB44Uc_ffe47UHQ!KMuAep7n)Mu-X33;3=KL1w*N<0TP9l6zQjTU=3)4~ zoj!ud3VTg{2&z+}~J^^bWNW#jEe_rF0Hw7h!`>L4WtJsYw$VibUJC^rZKouFEi zcFX!kLeVQHJFAI{nUab7Q{qN*e_^C`L(R3_+R0@0#TRDfv@SE#^{+=@$s=6S-pSyAFnhM$)}SN z(5|EGh)InXkT|$KA=a3G&~h>_gT}STZfj>#pusJ+n-`q@Kt;`&C|Qza#>+iq9q(GTl~p_1W0XVTE&M(g%;T6~exG>ipj0L(J%U_6#_}JZ@A0 z-d<{ztnQ)ZIZ4jY$6o9zXX_Ij@4X9|;%m_5i@EVnR>uGS-TSxit#f3)J%d|dhpjq~ z-^z|!S2uocq!+sMy>|@kptB`BpBD<20z3#5s7+|sI7R3(x~m)naLTTfLWZwJ#VTFQ z*PWo?tJK@0c1}8LaX|+5pRmZ@IeK|z8|@64)9Pzx>;T6inRPB%Yecsxqxx$bZFVXJ zd(WP4IQuB;{u#r%&L%ShipQ_x*s-Z+4~u?SMYKwh{V1|{1qu%y-L=H-VLDqo-E0z< zVYyDVvyhM{Y0-2CO~@X9=<Z~9kX}L&5EM{p(vjYzcNC;cXi1PNfrJtw3Gvy#=hc}r=bm%_ z?|IIdJ)0MqVJ6vg?RBlSuJ!$VIm%?c&9bkzsYCI&NvdGFjl;r@<#SI#IAIC3G+2L6 z`MT(BNxxPb8-D?7;mBJOmGc9<2VRJ}kT}QbYS9-E3~w_`qABg?m>;I1JqE*{(TWp6 zGL{3Q_XTRWu&p8Vi>RdSvE28ae5-9HpYH0z${uD=g~mhTnlpO!=>T&>Z- zUHGLDT840jnUhVaKdIdZ9R;MfXW6)Xy=^nZ40?YxFYnfJ{_Onx<+bldWXaxaR4j3b z$e8&H5Frokc0D^#yPrrcWsIQgZV&Df%VYba<)ZXvI;XK+oE`wJOU#?h_Y;A&CqhAF z@b|dp)7^-_G!x`AlW$L3k?~!^T0C%}JMMtAlwVl^hXC(7!2P@Oh`tKnhcboM+;Vfq zwN6BSmrgb+G>~fgZ4tzw#fSl-7%BTj_9%7Y@TnZNU99Vn`j_TmJ%7z>0Mf<-Q|}Q2 zBC*>l4_rG}9l`D~A0eGiweeor=2c=%k9?Xe74qlpbB@#5gB43^6IYm+KFN*PdiK7< z3CqIH0`nRqTA`}T?%3JdNvX+BeZSoMS>eKGsnb-@*3KUVObt$wdD`c3=1#yL-K#>Z0~#viw-Qa`GB_l;+(96Reo`L4& zaCg$n&|g+Px$}ee2yEAG1)**e9LWsJzG!)f7JCiM%kB*IS^^qU%p#NW@_DnA4R45L<8+nzrJHFN29f?x73dr@ z)?Jnse&tVSx1J)b^Q8z^qR?jyEWS;d-Gl85OOBlL<=ho4v!KA*@F2Rbkp3C#SWNdgXb^C;dZoom%0WXo zVDkeZcN!)z2v*N#RoiE36AZcYs>DNM?t|{Ps}fo_LTF#o(m4wl+1==jo$eGQn7mqJ zXZuNN?h7dkFY+{%o2^2{JWA*Nb&HMr)$zFw)m38GS+0DCX+B#sDXOTm_|;le8zpRjbsDZTR@JW=qSpyO8iShx>u$4C%pLuavX_!yEs7!`_mQcAiEj2 z2X_Aam*#1!`OhuJyIO*d&S`(ZC>g5*E#tzokj2jFNaZ_B3q+ z7#vju!hDgeO74cLAS#CJ+6*A@8R*8Tf-A(R)BfWBT@*#OaDbU zX8fy1^}=23HHU>1lC$J<8>i=Wdi}yLcbKbHeP6C{&uFQACyYT;cTnjbobIPVc}r#^ z-lcje_QkQ{X`rlU&88wR(eEkqcU|xhL+}dhj@r*UE`AyzOlz7p7J4*iH;M> z644*Q3ov8**;z>wYt0Fj-a#+Iha9A5#+H_Q>-ihDg!OqE9Q(YJ;0xyk?92T*9(K8j zuxhXpYSvD=*;!3cuCKgQ^D4I{yE{Dgt8Dh)jXdnO9{YzgjQ#q<=eET^*AS6q$)+(qs*%SOsU;N>h~dr5n=X z(_NlBxeqT1-?$~KFTTmY(Wyva@9TQGS~s-YSLyC>t*&9F!TtK4Io4=P!fV-;`a3k4 zdC(!`DGw94-GWi}v%#OWK{NPW5|CEXq4ArM$0N>l^AzptNBTB8Ts>|T4kNPKXmlB` z^FKSGruUBpN{91%0&w<1#4kV$)4>i?I15Q9_giN-GM~h#c<>4o2cyb(`ox>la#~E& zxeWPtl#VpvuLy<2=Oicq-s`J@YfLqOKrp!GhsR6X4=b5u5{QEgS+~EvWK=ZRCeMvO zR$>_Unnt)H_&v2WN%Uw4&+kh@iR5M8CHn`fVK!(60g*0L@ZF)MnTD!BrW4si01TB3 zW(@rLXv?-Bg`(n7#(41k{pr`D5ZWR9Ta+o9?4)w2kE4G9_zbQJP}IqCTY^<{u^%Bt zMp$2gm7lE%JNDP4Z|J%S7j$3Ah}X2pzHK_Xs-chVin0{tnK@pKfz}s+KD%_ZL|b{QwJosa z7Zz_)^?%GJQ2Izl6^j%p0zl&uq^KwSHUxNq4PT3>ylw4XZv%}zgFL)9>RrWT#~&4n zckhJK@_>z0ypEmg`^CFhItA&oT0E}wZ9&w%;S1>k5BH_&b%h2lT|>tPiT@JS4L{DraV+X1UA zLhtC?J7(uL44qg5f-k2C@85m-#XPQ}5hk#!MZdku*U25xj}nA|jT;EQ$#U17+ov1m z+Ea|&QVx!bt@{c0xpY`NihC;y{h)Hze)l39e^kFHuJ&qEhzU&W;(#Tbt{P82lklka z*(w%1KPdXDAvs$uO%tUiH9Z!p53z!aZdOV|0Hzb(HD-KwPe@JI^cG> zZmpPtHHB#2t_Hq7@J077e(&mr&~$q>+u4Q}cQ%w*9C}2zuWzIlMcM_W4L^C!E6Wt2 z7{NjMLr_PT4kCB}gj7h6x}7!LsSwurO}{MB`si(-`_cCOrRxf}UXL!ATJlFRE~I5K zG4o$hotR^^+ zLDsw8GMI_PXN`#@&R^lWTsnU1gLmsI9~Sv+F$=iRhYBBD>*9@Ig)w4X%P=*(l)Gwb zmJSTLzaPdLfAcL}8Xj&9ZxNL7==hMMd$CX|lAjBNG3=C~TsGasL@S#P1YlSa zzv^4hq4r0Pg`al4fE9(LBO)K5gT!x8RPr^hz@QiwDqOy63P%gNI z%ctdK@pOwO2cW*TOBfI*6+W_d3}%()N*~F+b8usho7W^8T4wz zxGhCcHG`}R55n`rO>2oQEj{)W<&PRUsM>g^*U+MtZQA#$N#GZgHVxYa$NLE{zPoXYLoPmNO< z!rNQv{H|bm^dOe5;<8CuQZ&pp0Aa^5bguz=0j^DgT;KO|!ygXWj>ncLzs|CwOI7wX z97n*MeM!6^C1S$VGwN09445H;jg-v$yU$d&99C#nn--!Qq*C;tsaG53Vx>n9p|^iU zCzuZj>v_RmNEM*|Sf%g0vHI8pfNNQ~RIZ>34du$?#alQF>D{bL4VF{6XoLP;grFMI zD}q8d^uiICWT$0t<>FX%=6jZbNhH)|RIjAXFCayaX4BL;?Ib>4qQFp8{3bH->Wk zqpum9Be~NpEu_xfO=Ygh(z*c)Hze7S?EookB1XtMa0Kq5T8zmHQ+Mz82p7^9vTI0a zp`X*EYf^+ajPzpP;aU1l!2|3l$eP;#ly~u7`3fw+4%vI>YHN}~mg;F(o$)&87s#N; z@QG4739Nnro*3~eV0Zr<{2pGvA4jhNL5sLfKb{srDKyw>q3h(;B+L3FU+Tzq3v>8I zg6e8sXP@Km_ls&bMtuDQ$GFSQ4VDjLZq zO&1(yk;D=};4?{ZNkA!c={X~1(F)&6TQn?suI% zmbERO;(Sx8sQl8#;LBfS+xeNl8xIjfh`3V(;5&m_CCT(zw#6oNn3bVO2<_=AY|65H zBk1djX>Ev;5mWF7EH(X_cn04QBmaf}Y-wEM>vQ4(tOuRjnF)EC$QYMk*Z?ReJ|*>~xN_ zv*XQL9U*hSYGyR}VDmbg-+uh_=-XRQWuM7MyfTBnn_m?I+!)Tmt-b($sV|gzMa2p1 z$#SgoF^!2gLwrkZLm%LRh{F^6&IXs07d^dwTMs+2eA84efOEH81P}d6I!{<~4~t%& zi-hYJdZM`f`-HQ8-+uKeQ<^HzpG0HjCf#?A(RhzfE0GjH@WKG@EbqK+_qzo@&r19_ z76`1^;22}i4q~Ez!)(S<&2)KQHe8f7Of%y7c0q$$aznww#F}savh0vv{hWr-S~BE* ztzGzKo{lfNDoIa`;wEF?DKRew{NlYeVe)VQU|E5m)m)$`HJ^Qy58P*Bzj)6ZkbT0Q z$c@azyz{F+Nq_uHPX>i~D~@`3HZS|A%e8lN>x}2ns((KYET{ryhTT0R2IFV*O9R%p zW7ZqJU0sa91`YY#IZ`bNx9RrAYYyJd&fb3?BW=;q*Nxz#-hs)it;FL&YyB(2bFqmH zzblr7EPj|;d7pMQjIrBBj0Pr)vv`>QFJgxGi#F#WkEK%g8>)Y46~GkZ(N~Nbt7Yf zr42Vl3v^(=0YdnyDBNK#f;D1-V+#et2lCdD-u2%(HB`Pa0nc~&T2*PrWe=2Z*NdDL z*Ht5N(}yetZj(?6iYRGqt&8-a1B#Dbo6Udcge_q5sHm1NEc_D%nP~_{FG<`tD%2aW z=-DyE1Rt*FUj&@0pHjT0jQ+ixYJ+bG}!cYpcZgff?7ZF0*rUl zoMepg!%lFGT(=}j%Qu6kgw)t+OhH?>Z8)VkAPwb@ii2q1nS z39W(8%M2MInY=oM37w7JA4b~*AM1paEZe7Z&Wv&!UU;z~ZJm07QtAQzs9Y>`&QUkw zISjm}kAo7j0c<0e20I=FzUaZ*$xJXQD-{W_j10c#eQ|=dxYAG04*r*>EhP6Y(}l5@ zrLu! zB?D0`1$k=@j&I5>c!ICf*vgm zd2toLm0#O1gY6R!M1elVkZ2S}^PX{Qikvp=$_l6p_o{T%B9qH8)u*Gd_06V8p&YsV zHvi+Zi=R4mNM8tx*sC+}OZYMLc+>?Lc}Vd2oPfqZ>AGGYw}(HBN&j;Hr_;0b=4%?v zn_oA3o4~KNu2TYmu0d2^7gLw}ts_nI#lauTBIo-B>HNDt9gNVWFFx*5cu@AoM*COI z%Gk5pB9WV@8LMto_8=6+0@yD43Ipn5ksu71&4xsaZqE1Rs61TtR8y?ra!R-XZx3>j z{a%}@TI;&p2pF>RQ-46YBQ8BiVQThjG!6VwPRp zdP}BLJ`+hHa&PIifGh+RBxn8aqN3a;)sr3I&u8IIr6ev0vwIliHN~dPgSFB#_;5_R z*RGAJ>QkhuWT4;rdRpA_hPZvZ_56q509Lyb41YxWh=tHZOn^RYovOVmF%t3Z7Zp#i zp-z_7F3ruQ{R0`}$KD-#znOLrTjM$qu)7Skm_8DbJ$XF4Vdo`sXT`3)>@C+9opXF? z!!++@BVly2K*zCAn@|&5sbPf)@1If5GvV~}2;z6KdFqpNKH71*g`rbnDnb#URzlgd zQ~{I9))E_!&O3O8*qVXg+b-h;2)A%Y<*bt%p|9Ka&Tl-NmW4@u>ccnpckyj8(carOefE#fOZgkbJ-;wCp^iLHf8fribzE*-<}vbFK7HPl zWixTy&PgIZSKO~dKX1VQ=6fd|2!}5H~4f;A438b;x zC!>5%>wp*eQhWLNW|?%G`#6LQVIzaA^PL=G+lToc-WPn@-^teT&LDqhG^9D|p4#DV zWT55JiB8*a(KV6Jk0`yHJDEHOi~|LU1$+vfSFI^@Bo>ciwfMrRdE5EMuinmgB66H@ z>w{&&|Flnlj?9^8Qkbq!He;Xz6NznVg92LT;4d1d+-CO!o96;qL+;v0Hgq*bHyLw( zxo;%3<-bI89ZGmPOaZz`Tz!&uo2A|-ys>1o0a1~C1u4~AzKg71RQ&tFEVZ0t3)_a$C?Wo zw3_k$(y7X>~cgd9*X12hB8x( z*AQac-o?Ki81mO3^9{fKFT5LOvf$u#I{5ajy!|bvPO+Ooi|WzWc-5*5!Z!29Wz2bB zI>de1qbqAd-xU@b5pL4RZ&K&yqcQI}8ElnVkX>MGF;QBPLjWhimC!#M{&W~eWHFbo z_LbOVTl%UVpl_yJZnUFs$~R#Y&i%s+0R-QcE9_uCx9N@>r*{|sbs~tdkZ1UyjO%nf z+lOfAA97|;w|$rA08@Da!$f}p1C^g*gkLXee!fKN(wo6mPK+rhrP_m2gZF4peD{ zG~`w{m;Ou~w#3o~1#z=VK_+JmMh&zYH?VbWGmqSOONzs9weK`Ll>grUvER3$T;8f% z%3D>G*$@uS%W(o4+&|z#AMJsi|0LeA#Jc?JK>w>8C(9=wcn4Ej4eh9TA^B&ck`u4=BP+<-nMPf+_cUo!uLT?#t-$qfePTSDfe zt$2J{gw5^y3OPmTNl*7{Dk#^hT^`>2RddyrV3s&(-?V72$+t7{>2pm6g&A-U?uw<} zT%-t+I!@(_92^`%P9&DR#CdssbxO#5p|miLf}E_p4bFj_qm-bK7sPkI}V z^?J8#bl;b42wUZ-!V=h=YCrOsE)kw)U^4T%X^K1YIlBhIe7N|6O1VX@iExwM;Wf`( zueL=(ZQ*;pAdiQo3^V)dt_>bF@?FsrU$53A2KvSU)~(>d;F%5^ydPZi6G?As$Ikxd zaYL?Ao>|rSe8!1mriAM-e-E8gzCn8cS(lW4NDL?VB0o$!PHDKHe;4dlnfC@MF7_d~ z@k5u*y8M!}?pn#Eb|*C{K57Z)F8c8ParLLEuz@k%?~C>#HExA7UK)KZtqn8JP{C7% zp13p69`cKOP24(R73b)O{@khX(}OB#%x^1S3b-)rCaQZXZez}8D<)md%aG^bY!H4@ z`!k{%&zICN5$C`=l1#|Lq}3WMC0%$g>}(~kCR-5`+wkU1=I$T+ zT{3vPbTW_s!DwFSfz)*4>}+*=&CaI1F1OX&u>TD^_)j1S4)?HN&a*`7C3aFJxE=vq z;0=MzzckK&$cP272ifEWrGso$WA)z)zE#p8XCX(3`K1R$&9H!ls5DW<9_ ziO`LJNvC8ZC9w~5^PBsz5!WJqb_pJ_Oe7*0cj4DQ!3@_6sGMh#&;-n}h$U)yL1Q8R z%EG1lqjzbBThVzfnIHAm!1vs1A|vD@rlGuWNjw;{+V8E!I09mqT*I*ZC4;cb@I$YdenSwIHrhB1_5kjp72_`4C zc~kx4c5E8ap?(b<0%3>xKp|i;38jb202q4XwJucY0OEp*P`EoqOlT)dRHWS?N4jN3 zS?S!0%vnc@ zzHC8^2IM1bqK^oGc?VF?ZQCM{pNIdeOqcl68*Dr;wa|i;HBvklvFIT73V1kCYZdIw zk6{Qa{MpuwhT79?j-6cZ=;Mmg_g7vFPc1TQj1;>1ec?afUIOI#LsldnGB;diPUE(V zTSyftMovL{`ki^&r)gYiyCHODL0|$Q@<{ zxw{R-ZHb02i~{CcZ0i?q3!GOu80z~DAvR8GAc{Spmv9|w*i~k);AunoFPLwr&Wt-( z0}r{@rzavG;GlB$6D#U|F@M4_yg(HRv~OJ~#tFuVJ}63+0Q068UHwup(l-5#lYgz= z_)mfv!=w6iwZkN{kx`~KXxukO;;u1;UQ4IfuJ z2mM0h*^GSnwBF!-krXik!|KB}d~mU7DQ|MwWA~Hqf^C2Jh#w!+=IyjPv$aY}<}+9K zc3lI$O9*fh*TWu*;4aNwvG?jn%@0g)*^t8fh@oEJO^yreF2t1!WU0796(4YXcu5;< z;roeVMu=S#>*6vic* zoi)|^{l%mx=m!;fRhDP~vUKB9!d068;66VL*T;gtAbK5v0w9*?3tVoLJ`LcUqX6tn zmcfBNCc3fqHh zm)4n@B2GKoe-6KGei{YvEMP7u*T7~6{cI`6nl=>GXJZucK1^6^BHFGs}4NRcCuoJH%7%A$ckUoqh#gDqw`QbYa!bN}E6-E~ zT0cONU;LkhG6yew0kMpr2H1Rf7VuE6&UoVr@o?XAYgjN&!Z~Zr^v5?ASia*^Df=p^ z9GWNIzu!lt0b941n$4W@D!cm$idugMwSDT{FrOVzEB!Q*PSN1kRjFtTnU@eAg8Y9N z?`m%TPl8n8qh;WSZ~niAz?GWs%j#<>HFyy5DhW~v^B*1Gwqw7LBFahGLaGPakZ3oc?B% z4bfs&YJ@k2fMK{n{^yPXJFrH%JK;d%RsKWz!3+rElMXWC@XM5cxo6s!ma1gsbx`pi z1v9Ji|3P%(xD(+R@ViV)4h~Ml20|I7X0-`{D8JcdjOuhi@d?!xPD-CDta#kLws8r=|UCAR5M)Lh*AWn*;1I z{lvma1$n@V#Ac{sCoC^7JKOKdCk0z(OM$ohcIH+f0g=#K8tl3MgBa$N0qi0>13ZN6 z1g#qsCz2Z8$#5=0a=`-yOeO5|dp4cw#eUfK3*|N4;Y0u7Js5UzlIZ8oab}}^CXot; z!M^^dG0X^9(?10N9Ae#Yns_7zl2{3+#~P8_ksPZ<{v~-OHs8YmL#N=vVF`1Nn_JAw zDSkCO(+!AUoL8bzSlTJd+8C()>XkWj};4~saTayKM zte`G9Tqmr2ErzR3!&T5VEL%wubu(~1+r2gG7e#;4s_O55(Keu}SXqd_Z~6t{BghPX z4+n5cc7!mffQ`*hVALZWN(#3$)?C=#$e+Y$1qvnJNbW72yZgY#8S#IqW zW}jbQ{6PMC4LV^5jrJ`U@dMh5WBg{kmJ$i@)x8+OMo}eM6x(@;f(aY( zjtuG9>(SB0U-RCu2LuIt$s8R_PA#nFKWz5$B`FLPH2OwqNxOHllLiX6MM3!0I7=4@ z2gw$-4z8<~H138dL}pwsZezTS*5*wQEFc>h~g$oww(Y5OFIkr0imwZ7?TQ z(9TfqU}4W&m3Zw*x|h-C^ItNY6JFM3OunJCCtL7>_fqu$Mwa?{$|7DYNw>D)()%hA1@5OJ$IlZ-#yZbMpJfBF*_}D(grNTyD zh04WYw5lI4F8`q%t|U`YQB8tZKs1NvPds`832rLw2ft!mtBIA<5b`c@ zZgObd&x_!P?ls@lSCL(f*$JJT zhUEJsNr3;3ME?eP1aW@wl-O8%)cU1vbm`kPQvPOkie9{xNE7=!uVbryicFN`--QF|~O%`D^sM+{K>(RR3DIbt6 zVSTw^QN4n^#Ud+TFm6pq>qd*`#AH|!p5gjOlVd$e56#;H@bHfm`?HS`yc93IRWC49 zWF^WsAGjYUu?J$o(O+rKA3c~;d66#lfgwI;mT!H`Ef~{KhSj)MPU^Z#Y9vFwI%zq& z;sS>?)Wb`M`~-4uyEfIfXOCSK@OQpo>VI2&n&=pCRFXhq!7AYFv0m&8`aNJ?IHRvu z=$e?&Sjl#iWv5~Or83q1rceF+T%UhDNX+_U_;?PP(&e$rU9d2ZDNX4VEq;@)2uxQN zx)V*m3*@3ezbmUYhXt&Q%m)d_=(>&UddGmhQP74$V(uzVJ!p+pp+}7F$Q#Jv(#LSN z$iyJxp`5w);sXvl?G30J|FbslXQ?;18~y*%&}u2eA+r%Oun9C|5O!pTyaY2JUwqg! zt1KyjT3J}4A14+4NjE_K!`gdbuy_y~@V`5CwxB~KFsbx~>=5xIU-$<+5Q)(|-*>}P zORrFQ?rxMEa$EI?%8~lW2Bat=k`UWn@LH8B8nb9H z-LQB(+xT|-TB(qkK?oZ zBNRGE-RH77k-4|z%&1c~ahP1iQqW69s=fcs$EQ;Xq(1b-AULsURp=P8u(^gL@_wwe z+lqott0dDIaz9)Q9b?heF!!&cEXJIB$#I6ZK<2 z9l}n;sG(w#D?R2+#=QLyPG24k4t;lD3wd50;oWW%qemaG!T><&amAJHotH?Ja&Q6c zJ}WF9cclYQeLcZ?mY2N3MymFawia}^=nAU>U3F}5c6mbtPDWn>XJqhaq%p!BaQrE_ zoBd^$;4|ut8RhwT6*-74TObZ(WaXZ@@Khb8|At-+M88yUZS~D4DTshr14mJBZvUk@ z2SC{qUx@DQ_Y*_-@&yPCFVl6sgP&yW%jpVSm9;)y%d(7jWnd6N!zZJ6g=FhXK(e9VU&p#Z0Bl!}# zh@B)d=FC!ob~}O#Us8ttT^5+^zh=RwG=!+s#&rt)V~k~*y3y$vaCv3T<9zDBg@4f- zt4+CmoC`sIjc7NerD^Mtr5ctMjWr1D60rVbtPFKYKrcQP@?G&s&dKL$bz5jjYNFK? z!+DS`VMugA9Gu+^?Jm~{68bsbidA#B4Nknr$BUOr!?`SOG*o}YKi9@0-GGhZ#l9}Q zmB6ybnBd*z4vv8`!WriL?S2!pQJZmYS>W5Bro87*SUE4A`*R?b7Sr>qT7CZZ8Y`4I zN^na##(^+R?=Us=Fz7#yJXwWU#rY7yKAgmQ;SL3TVeEag_+8WzO7o49am9-qIrve&A(XSQh2frHL8if7HRq^*dkn=q zf3^V_@mW)Z1WcEzOp-Lgr{rPAKEE@a)KK^=-QSi+eXlr~BcsPzIju*FyjUJ`F}kKI zf(dRh4V;@?|94n)S$4TfV$OS^xGA8eCx9;bBEhG7iOc#Y=!wr`RR+KNrtb1#jsHcF z_}?uAvCkE~{+k=-5IOlsrE)IubgQGQX5d@MZH03raD(S zRL9|1-Y(HfRKP2X{6RG}Lx`W_e`$#21io%{5fHi?-x>AEUCnAzdOwZ}8`@|$;^q}= zJtqy~=B!MJt~GrA?`c6V=>^$Rdb0<>66=x*3RRP_VlgLbw$S*73iAtjcYl_DXp+Yr zn2eXddy9LP{OyDKwTJaTxRGBfkOU;M<1(5lupPTmqFaBhYCIFY`6GRv{1n1iZl7!xnAhnc8hn$O#{SL9Z#yr# zE6BQ_Nq+#u&P$;ssT0C`gCDNit-$vCP6zU$9Np5UP(+<)!TaZocbwEiSeKRVmR14o z-2X0sHE2Q?Ag}7iDNbYO2fW0Xe`{T^OAMNCNM@GjGn?|>doKq~IYK z+BHr*#WPhcF1hS0b;8`%qFLDY8EeJwNFB-dPPtnuAnBQ--&MEQv*_Dm3@+A!v#&qZ zm9-Jdt5(X?M5^FRUq|o(K5SOFfKOXgL9dbMlh+Cg)qB2swmTbG%$_|TXTNUz(SpB#OPKQc2mstx-eOmHAy{jYcRCF2NU{Nz8PF zRM~lOEb&_Z)1Gg5|6+4Cx961BQWEZA64K1F;}U_f2f=w%GS|UbvFJ&3r#?oW7n$s& zU6i=NmK^n7F)HCtLC+n%JOUr_Gbs@Z;nEQ~C5g`8pHhaE>PQ7|?5JgV@YqShg5au3 zvC4JZcMyFDpvL+K!m2A0jqDdWM^IrgFqKkt@F165qJMnVKaN(MtupLO^|s3`7e*aJ zvI|?p`!05{TvhnzS-5>i$kVrwtcK10Ey}c9Dy5^X`RwFy3_?*HxLjjj({zLC$o(f%L z5-ssdd)Vu^Y<&n)&IoRpHeOM^KVmoWV*1BnUB^brm9}DetH8zkC(*fa>_6U|tL+dW>|@ybS$)8)B=!ER)BNJ=zOr^h!lMI{0#4bAwx_BFaFr~i@^1DbPen8||I$R+L8YCY zS=>>5xOY(PEp3R&aN_o^eqGjgj*Xp;bFRUI2Jr5r?brEBBdJ&Qm&RxHRKCq|s`V}S zm-}oN4mi5joqur0>Yvjvh2aqvU2aP!z&hvU|Kn{om;NT`1N+~}|G#C#JVxd-4QFBy zVAj|!uIf5Y!lN|bm08&A!m@;QQs5 z32>Kzb1vF0>ecpLl;yg$rqgI)p?#s8fkv3t(yLG`g}8U4RMggwWaWeFtU5+~GU%g^ zB3>K!&GlcVCf3>W?JNRMz2mR}luFnrK1;(G;qH;0$md575LhQ7v?)}mSQn7|MRi34 z2d)K&TS09EkMpZOdnlpY!;nPd-FF%l6PM-TRn;sJ+rySiA8Is}@@LJKA48nP{(I8I zPViarrvwBlo9LC`Y{OYYG0uF#FLvZ*@?n0FH#n?8u&FR40xNA<(&3-WN=_+k!eGy~3@Xg2n|TEgbXjyvn8A2h!2Li3L0K zW?Y9AnjO_=Fsq#GvuM@PG1(Z@GMhhbJ>{zY0hSz}&3tOufFA?=f3)t0YExK8_z^C7~4j)B2POH`j#(wh> zQ;mMD=w)-M|C1!`^PbCKY0+PSB6HTj{I2nBOc$V(e#;=+2S~ zpU7T!8S8JN7Bdlc3~m=$gh5Z-j!r*@dxc6H#Y^aAUEd8hwF#JK{5;X96?mfKv?2C$ z8Z#8H#TPM=FADs?B)RYT&4DLjdAKr-#jm^jvU=Lxde#ZPIw#QQIEMnlj2jx+FAmyMwd&$$&%8U-*fIn4@~R9vZQe+|@|H|lag`Uj zI~Fa#6e?Cf%O4}1R`SS9l189gC{Bb{(}3rG_!g@e2YCs8Jga-$6s+>bCKvlS|iJ?E_xv7BF=mIUY>sT zD;H#0+y1J^pw>0l#x+JI)c#!nmw!M0W;aM5 zP6iGiFXG&K+v;qL1H3+aG?)7Km(XQ!eSBOi>Fz3PusBgj{dOW)JXc1DA~q5>-i2V! zKm!MT0VSyAUfroJTb}yz#|>Ut-@edB4_#5T@~`_sURX;prHiZPjuDD^u77XB5At#R z?A#DGB?=hE<{*s_5LDhF981ke@m2&+D+s;Hcows_cWdbhP^>#NaE!2wn_T$tlqW`O z2k?FKp!j*q0D|1C<2(pD^H*-=zO&^DYdQaZV zZS$ZQQp%{>`+4Bw(>O%Mdd$JUMyq7l*D*ZeI1Szxo@K( zmrg>;SqCDvNFem>2!6OUKD&>c!)uq!ZrIe=8c42s{`uknVnLC2s4?tG!p+NXBx0Y? zK4a}?dzs(DeQKWGn9d@`NP1&S3LviY=KiX3b0UC%b78H#;004uX7OZ5q}mq0_W3o* z>!Wwl3ZzH~0ti^u7dz?fBgRn8Kv&kDqBFhQD932bYa5`2{LIpN#oCwmIN_hBQE3J% zI2-f0AB`?7y28) z9SB(xKywchU@NJzT7j_W!t3xfvBEaU}n;T7b=ezmyyB}L?slCbJ zfOPxa>W>S*oML4^D3(3J%)USpZT_v|9Wmf|p!3Bl>;a4kWR@>`-H}iG93?ttAmLXk zJ$RvR-%b2T{YKxu-w9|)IQl_crRm<|B=jlr9;9S5;$1Xy!boAU5RKb>y$6>Ax>UMf ze{?u<``hm1UuvD)lOOoD;Cz5)P)nZDN$&I#-xQEcj~Ktx^pUJY9kJ~~Ql+*|tFp4$ zD#EL*-OYwJp+7xB4s}I3grtHN55HtKXQHZYY6GAjaNH)pK@!;ya8GGL`7N6D5OEG2 z0mjcCM{GyvkvTxJ=}&Nrrt-q9)@1tjFWAEpb!HrT$+lnI?SqVrc@HjwCWK{wD)tvK znA_+)G5jeII|O(W4nban8^L{KXiNd!(eHg;_`Mm0-FHT?qY+%mq{Fqzja;vs!sMq9 zx!P{(y9hPkr1b||?q(a~pT5(P?gp0!3H#|@*p27mlfr19mq~{m zD_<*~HgzX_*I&zyZkR|BwCXn84bqzrdU3`0sZc``BgES2P_ah-tfwn*Y4=)sMSH;0 zE_H;*J}SJsfTL6Ham2(5h#)c%MHPWXtY-{_{IGj$6kcU-cWb${TW&3_@FkdSkLD?} zz=co3UBr(>Fi}DqW{!{oB&j89lue(L^6$#UKS{(Y582Cc z`&LZF3*2bcQ1OUQ4+U>6XD;*PFv}W@n8R*qwiM=gd!HNX5v#`y*5HMRa6;D*BC*Z* zxVjJvm^Tuti;L~6o zzzUn`$F+bKif|)Vf6kHC%{@x^t=bpwN-MvI?XI?6x=eIW4p_PW9Dj`*+5q?aCTfYC z)pfW5uMEbwNB8S21zbdmndtAlHkUu@ub5@U;Kcn%PooB%her$^L zBA4tr!`_z+5Gle^t{+X3s7_&Cpe;ReToXJG#mO))(S}R*1KH?scm7mATh6 za=fYOl@l8LviUT2s0Q`0zpLSEeqM+Z`m0*sBn;BW$5;DS?BPQ|tlyd}w82@iPm>lY zbzVJlHsUWZDUx%4mjkGyBrlL4#6dcW_E~tNdVuB!{Dd( z2UqCv%?X8*J{^XoB!&JPp1CU-E})@+fI=Qn$gj|6)h?#okwrY_-`E+!;zmwn8d$UG z5BN=dcF!Fku8AP*+GAveatABS#b-02jv&3^yL-+Gg}iQdQY8Q1X>##3@weMUSp9#)(jc z`1K9!QA56#J4DU&2qMl8b^TH7;#{M?Zb2OV6LdVwy{!G^&ox4}ZNURPVt3z*z-Kkz z0FG*o;H`&pF1yQVxYSrdUN7nf5_hITO@cAn(lG~x{xJ^hm^$i27k)vE$&TnZsUX*( z+1!6_)2@YY#j*mXynRw>95JXzzBPDoE_o_&3xbnM8&dY>E*BBz80`~}`WZDBx0b>` zch$^{!_h*I=6vn>SH>1~wXKlxH zq)5`jCYzdcWHiKko_>6#B~5sUneSeW?P_RFKAu3u>d)v$Ydk0BX2(!;y|q5bIkp%y zt=K+hVPq2?4&awvG}A$=iPh{2`_o97c60Pe-je)yI_(-M6!%Syv+_%`#d873jOaDl zEFt|3-`#yQa$z6KP)6YCJO`7po;rHh#kNceRuF(fq3`Vf@x1!U`bi{iEK2BuG@&&( zDSC+(iH6{yXebc7Se{WYz#Zyml@Vg3t42lDu?z*8-%u4&$wVht{NSWozJP^MTMYPy zw1LX0e_Wb)iV9Qt4IVuj(cZT|w5O{2^kN>-fime|YHDlhvU%(QZjgUzB7-K%?J07E z*_BrJXDR~J%fHR-QTerxm3dta{?ee?Gbx~wv-TigLHE@QM|L&rt6qZ8SY+JprGXO^ zt;>w}5ik2@htG%q#ol`cH5qpM-k=~BdhbC65ow|nsZpwch#2NIAFNQm$4KKs1$?0xo`^E_wHoDc8oWcYA143oL<>t5Gd>stTc z|NSHMoG%61sQ2!99N-&xw)d<$8GJ$M8h95e-He&ho&M4GbiC^NYTCser5p96QBO5{ zYo6>lxFKxoht0WrUGyl07tMa#?4oG2^+8eQ!>9b{80F~nTr%N|%YO=y0qll9rZf{gixIGa0%X{7VVXUV^-3%eDl zu0gf+^as%8kq0HG(zQT9#206u;L`ZWK;A%*3BIaW=53|uwdMAwfw8>~#V<#myvpPM z$pL?P;l$$I#p^@6U{?TBW7JGnC`k|n8ILImc2Tg>EQOZVg<-a}tA(x|!op*$X_Bcv zN@IV9ooH+ZDvK^Lam909`T)H{$<=$xG|B9dTXzMNjHuEG`XvN7D1!0(*u&P8QT(0# zHoeVs!PnaLHAxNNZ>|aJLZ)cg$DB|r`-qSCpN4qv-z=hP2^7XDVgPO-MrvJmVy8e4E;Pjjz6u-xowXE1dGG zg=_fBBUbD#=QH=m8hRJ+aj+ql<6>d1*`#jXt5~XzlFQBrrUq%RTJ*0SMN{yKv)8hn z#EG%bm234iF~@Q!5i)A_YXx+pj!^W*%~90^_8)5^8Ief6^suj4Gr}fDU{*;U$kI`G zhd5d8u3#}f=}1w<3OJj1^SW(Qd{#A1-5owIFtd=``{bDm_0l=hhp*m{M#pZ?&d%-~ zTzhz2y*`!U-c{T6^r=CwF{cr*SBEyQS>l0zU<+wSo{IfwQpF0k#ZAvHyLRcmOx!snXSVClkOYSgFk6*Z_PpJZoa&Hx*2>O!~LD-3DvG(cKy@5F&d?`7SdS4~v+ z6TTK^r5MLNu44{(&w?&WB14Rk)PTix+fqufSKxUy;QQL^j}|qk>RyPWy?p-;%plhKl$3pszT@D3dX@2|73nPqr;pp{46CfG&yTAU!YWqceT z$GNpQYb8)i8gclVmL1*Y#7m6sLwUxsFq5M=db%c&JVaoqaviMUD3VL%@z}D|tjQ_QphM@cRaupnJy^mMP z+h(`n4tTO{37EAi0%3(}`9?576Wmb}m#UQUjVOank8q@Hs(r4w8TDvf)R10e$7bhd zqyvlAlJvT)A-}9uGtO=VVcY1l`pK!eVlhN2s@|1$>!8ASBmk{yqT%+c=!%<e! zOOiz%B!;ct%;_i-(gOS3CyS&zZTS`Gz)|g=70LSNgjvSai(Wk z3YRby%akSIN&;02F;P+VMK_jA2NmRE>U&#=xe?r#u6>ZZ9r%SNR{=ZXfTV7KV6B&s z9nFjgJDsnK#E0V-in1IJOJj|y%93tW)6%k-y~uHY#TE8rga#h2O~Dk()R{o}td~dS zdARc3g`ASF?QZ;vl~@xqiz-0@K|f1JF`I<)`Rw`GgR;Z1I~;_Y&#^4B8SFI$!ivVi z(D~isk?By)Mv6Hx32#6Y%AO{aCYdQ)dwM z%ckp2{+)@Kx*Zk0Z@Sr)JzU$utorg_gH8Kwm7#hG@E2d6e}IQQ<&Tw(&rDLuqP|nw zeSMB|^ZUj~W@dgzPp)9V&c2$4`e=nwo&PEO>K$9dp3#Izr&|-F^NGoMQl9&El}BJP z5?kCGDqIc*FrXh1gDNPVAqy^y<+24xam7PrJ`8^>bt zt_*feHNeF@&*=2AIz6cItg6)Yd9fAyc~`-N*xtS9B2ZrlOYKUtdOWMt#UP;iAbUop zNa-8i+8laX65{on?5$jSt!UajDyrduSdlZgz~^l7&mt|u_uV#g!W;cP21}<>z2FtB zll<29@;x)K$#u6ytBKLQ!_`FNwjapS1l@G~5$VVVQ5SP`Zotm*iAKwn6VffB3)Zy@ zD&4y>+9sOwV0nOZ=T7H+c@;kLIP16ub}_cy#g(EfZFRrNVwEWIdAXwv zdf$9=&6=yL5;&e%OzUtmi0GrIL*gsMuM3A+;0W=C29*CTb~A_4*Sz~SM^3i-j?T)t zw?oCNchyVrF%WmS?yz9cDSDGK+& z@A=Xh;y++I_oBCnHvs=lE?ABJD%n5942TL^6c(uQVl`A&CrmFgd*JGJ*n*kgIqCtpMXaF>c}3;WB)z>dm=Or28Lx!>rM*!y%T0KftIu7yOmSGi~?5I z^&`gpFwQVcH|rUFce6GQWdX ze~!W3x^vUdwBG4%%`4+DnztTfvov|VW&hi;!@$iRvwkS(6QoimTH)y`kjgBc11LY@ zG~hR0qEAgWI-5XmFrAf7^3)C@ zo_@l4VsB&s6uE=&<<4+dfx*bCD_2~ZG_N2REf#g$Q{TL6g8ypLJTTxbE=XKxesnVz z4ft>OBi=Sw@3$e}BFPmrmg%TxoP5CaUd^j!!zkRsEes;G`2}5=C|2BDyqxa01qNAZ7HSiW!9^(Z};Md(l0DCbA@LvJvj61@|IZWrNzpx6SJg};Sq=KJce z&C5hr7R39XvLq#cAFh!pE9jDV(V{u0jefF|Y=nE;5V#CfxXmcG*su85NlwF*_9Adw z^#V_$^r$w}%Y(wrOj7;fa0n{(vF3>Zb(uvpDMH1SvfR%bo2{APof*oZ_?S|5HTIF~ zli7#Q<3BUZ1q^Ll7%5%Fi~c4P%q6HGCQ)w?zvgZ>{U&=K0Zba=w77ngJuaV|lhpT^ zSS`aBVES-g<1oJ*qAq?C(}Y{q#peKw(1_FJp~ZoYs&;9(MTx`k=Nm3cL))e`FKPEgqI02&xyo~sd_RBks>W9md5zkY)tQbNx`NsHAYC;HZtsH^*gRqETYWnI| z-P>RjhkRV|F`E#+L^N)fd}Utc0j8@JLIEHO=)KNd_SlhH)lCycX1%N{ntS}U?^G!S z_n`v!*GjE)(RZ$OMn(+-jaUUb5551Qos_q2uk<|U8GyRJ@UNnh{pj8jHE`niN8puG z(g5)3|4sJ69(k6yfd*RrXSrzEeJ1CTO zkxEI*e47){Dbq05+2fR_24%$BL77+nIey36F#(X8><@!9FASY z#zi+sk{HISfOx>0R_T}PxQ=>zR;adqSM8FqCwVV3rO&g2i=gZhSBiw}eNM^v4eKPz z6vbEm(PLvC1@l*@PUvtW7~M$NQ%r?678LSpV?xT69G|FzwK02XztIr)_>iJ3e;HNX zbA^(uY(_cc;nOAXzaB>5X$B1cV`RwT$f>&!_oHNHv`r4xf_wwH+$4;*W!*Qzi+g>Y zsejl7v^D58tmW=5RSU#F*MF!Wac_{SQ^9d*kb!vl?0pj*%zb$I5IBTxe7H07J`uCe z7IpqCPvF_zde2g2cX^L=phxKW)KH{Q81(TF{v(}#47`;7gm`ZVy;h4g%6JZ4alGn5 z*!i?o{Palz+u%YRP8 zm)Q<0It*&}0j8sgAJ2>6#LJy_J+7W0zB4C?O_#&xdcX9%Eq&G9twJvo)7p@`d?5!z z>cWL%9w!pmeZ$*Rb3?^+Mt%FVYS~IMOif?XaJ>%TZ17+eVNPpr8mFzbb)7sQXIFTw z_di4huw#u05gpaF0Ky9s+?l;SdeZo|21}NzO$@uRU-lX@ z>3$ze_aGEwPSVxIg#rCn*NeZ&wrY%L2f5v?{ljKdsH2x+R~L}l$oplOqhn&Wt}XzP zc(QovmE0taw~)(i5D>`?R{W6%WWAXZG$#7fD4Ic)Vz>EStq28UojLC z+kY?l=;E``iZBhm4MqU@%qu!338Ds0K_53`sUQ=3%Mrf{oY79>g&8jV=_}eFDef!7 zaU%w_+LUXgF#`s(+57wa^j%!N?z{QSWk>v8M92K#8@=bjb<;*e2Q%T(=kak(QNMmJxiw1D~Gfoj z_=RhaUiMzOs;HH42YflT5|{ZCe3$5ZiflbTLn0iFMqRwX)V`2b>=y40!ZnVs0Jl}- zg-LO;1d*X$B0l_C0a1l_d6^Cvn`vESh2PjrKaanfW9i$hohE>UOwP#1C=F_avU&QM zqF?Lqhu>maxzmSahOn~0i#68hbc$_>rG4uAxP;!VYw>I7T$Z3%8XEc|#Bk@+^Q+(cv zZY-#>(jWTc<1&H)A3$JgQ%672Uz{;9t4ZGNeB~{l`C$t8qPf-imtBB!K=#4j3(a@* z-rX5t8Y-{Tot}}gbCc^Li>j`Gu9CXI2M)YffLC8_pY-0s2ts7qAnAy=K#oR@f0K=- zjR$6^2@21N0DHv!*2tUxrH8_~KfiAXZ--weun}*7uqFt*f8$-)A^PtQl6nqtz>0^D z;yx2j{BR{!#VY#44aOd4WoO70@v=bFZu9iwriAtx@~8C=Lc1Rc0Y-4$?XZ+ioIE9h zj*gjxe@VeK0lS4gU^vyv7<4LHurxT0An8rhokgVsg1?bQt!5R6>>S${af1*_M6Xma zcsJb{e0pOYzJ$=}u`2)w>7zhEg?!a6VxF#|-Ea9uhea(!!&vGAkK3IP=NxR_Eb?iP4j*)qL^{fEAthW6Mc>baob3=eW^J`r2=CE^=OEp7X ze9UlRrw!kc-L9-|kP-!!0$KG2aY4#N8V^}=$y!nL(6aJoKbj0JyzbR0!(t(%8l|tP!!y9$$xGXS#N^0e-DBV@eo~E?yrvdl5 zhoHj4+1YuGpBC*2UmwhDbGXY=QN`YJ`FvUNYw{H*7|?g5*!xYEsE=tr3*25jwUmNM z0ohwPvK-Yi$lzP@9aI$-pYO;yUtQwom*uqMR-pK`EW6+5K9-A0c>P;RJ!_)6`@%F*+(UKnt2n7E1W11RD9;eXE0)<9M16vjdF>WLSx2 z&ev;ZmLRZ~SynfxfLr9*s#H(veshkjN3XPaXoTrBP)~<~O+r$JA-fErCoxjsX9%Obcu!d%|*`jG9c2Tw68Yf)Om)MB|*`>(Pd+Vy$dqP3+8rVwoU^ zzb>{`KxXTAQxyvnsCdoq-r0T8dyy=G{KVdBl5}3V?nV)T(Mjpn5L{^67+0tuoO|WC zVs7{Aiu~rDVTMHe9oimFJ}Tjgb;!J2n0$b5w%>~ghM%(DhGb>D*?)GCx;cy7jr|TV z19*3Xp#K27+BsoNx1`JFYb8$Sn_>&c;Wdi4hEKN`tJDr;tQr9KHJ{*c&Xr( z10P?k+;3ZChKYr&AGd%muZ+7&@xV<4D#KO?`k^l(XUOmHM;o-qeh*F(jStFcR_9?< zmFUh$3cFm|&4;`8iTd_zXX$KbS!ctoFPF16shDd?*eQG>4mcT0h$B1zcu>mqBpp3? zTk`=O9?(MBnzutvX&M82)CA?{MBr|uzVr)K_!Pn|m@0;HokeP&-Z!(uGW@jGmQPJ^ zLRPxwm}Lc6BZ%Mz6@m)>>B{3AfUwZ>r>&jaS|s&Tel2L~yOsBgwzC(5Yg+!q_6<8^tT7R|1)@c16$@^MF!~}_>0*{77JLIVMwED`s07m3w8Nwu79JAzuXSAazgv2& zr1otGLQw+01=B1)Lmjy?>K4!VMs5Lg@A_?P?Lanfk%9L{x3Z332bm_BK&?~mNWn)8 z?wHT^@w@ji%C~FAe0*Rdn5VC&7KQ0 zt;8cd$|vr(m-@0Xl=8nbPK0D@w4^{7z&7=Wb5r+X_bo9rjWHD!EP4tv?uBY^Njz&V zxPic{YC?}!9}-0{+2B&3WQUz+4aMfRo|00q;0Gweg?HeqjjXs-JQtVclL;AF9? z)Ij=j!8xiL#iGhYf%bQuBVEV*x2}i}tzOH`^pbri0Mt0b5`S9V|9Ld}pKN`D=Ug+2 zwf~t-%j?M9sdsT=0W!Jr(}L)876lLn!0O&qcfUkjE#yiOzR_6*ynV_H{H*9diOJ$JvZ?Bm7r=3VlD$|K;$Y z1HZm<)(^cD(V#`)4M(GraZPm5o^nyY=1q0lj4^3;&+B|kab~G`V-s7HaRUK^vlYwZ zK;Cjm;W{*Ty9lekqa}A6gTUDi&KMgefcP@3FGls5((c;(J%|aeDY=V3T!OH`IL_jg zD15=YH-KS>2I=%3EkU0-v)Ryyl~G}`ADa_A`J0c@sVdxf)omgD-lvykv{pP zPV{%_bbC6K&;LuM>;wVqZFv~+uE8)i$oVE}b0@RKSfazksZFZtDGXQc2x-))b?!=) zih#WfWzVY1;_0Z)lRAB{tVjcsShnP9d$?{m;z=;4UrR7CS1nsh?D;WwXs!u$tr91nyJnL+k4Mwo0=X?BG!Jvq!HWdwLtb#>%1c; zTtFFpTK}o)B(ZpbH+H z9|RP8&%&-U_p#fPkJX=JPOyMdIVaU(2&RdvDD)+^j>ZcU>tIT}ipHl$qvFNS9pH-y zZ{1X^aL_EP4BuxPs6}x7c{J<4=Q|WO^p5v0pZoTmn@o5l*^5fE*`6>-``CG_&&B*; zcIBs0Bl@Supy{J=)yCYtvDy=8(SG1QO1ip=xa)@qRuc6^tWZS|&6jnqjXpuuVZ64d z7J7WhA~|ectlloQ6RC|pTguKeI)9OvAz^P=$Na63#e@fSYcoKMDpwH4dx=9 zYv&};k$LV1XrtR&9s`3TmZYe!tJ& zs~Z6MsAlf+x&G)tKAkqRKyD~4M}VaY-MdhK)ZEv9@|$dBvJ&C~ef&x}^75A=l#Bs_cC9D$A;olE^49t_zw0weX7JU7=p$;R;uvd79sx z%gq}rjTs@TFJfoJWesO3+@)WK!SD4DKK!{Sqk4=|mpDTW*@4_bF%%lszxgC*PycLR zBx_(GCp#6|IXgWY;8m6eYpOC!KhvE*6f&EcmmJY=nlzpvS%3S}-ZuDG+uQ&6_x}`^ zr@omLuhOQZfH_(WRj~frQm}cv0GWBYXAILnxg(NS<1>3rnC{iB^qef;;tfED0PMss z2(HtJisqpgDFkqDSK9I0Lm~-IlD3cB+0m4;b=`6OgMQSv{{hByBPwLhm|}oxiu^a( z=`TdvRZ{=rug8+&M5^CpJCnm>28VsMMjEoq;un4Gzr%SeF}bfRrzB%|yZQ-IY2~|- z;&SRqxY*fjZ|glBPftDlKP)yX1}b6=>L)MbJ-{5LRJgmQLtu?va3 znMan70&mY08JZ)Hpawy?OZz8mqF{6hDcWhP;3LL|7?q5~0eC}oDbH~!xXiYJ5;IUL z+C2fpH-7{;e}Deoga1FRf&Zg|v(f*Xg0trfzOHIxVpe;5i~Y%uT%db*gUFU{^H3TB znY(-&@(^f)#M=P-NWs_4B7@Z7JAT$v>xgAq%m(okv1SU!=Y#+8V(VKj+I~KqKY)9X zcy)pMHyKiw7$pdl*&6@x(o%{!!1VZe4{sMxF<zKA?P13Jje9@ ze!IW-?(e$$`&RsoDE|4#d&S><_HT~zH-q|{eg4hd|JD_MYqI}dKK`v3|5n?7 zI~9NXD1UoUfBScTyNmy^Q~S4K{97^ptr-7SjDIV}zZK*ES1LxcA3tVwtF^UN4_4yj zjrmvk6MOiNr0gPvrS}VN{uw%1;rowc7#97Y14*Yv9H4;8-1*8QoEfOdwq_IhKN~&# zw^78KJDOT@kz~Ke{;y7D7z>o(_gk%4Cp>lO@ZtKAoxqHrhoFOtKKWZ_Y$wn!< z#eS{Y0r;Yy&Po8jD3|~uAO--ws3oqX?1W&e{+rA)zQRuCXv0N*T*J#vF(yiWz%0;Q zud;r$X}}h`78rXtsHrr$e)SG%lV;dY=YTjpKjvn3)a@|iI^AHrBC0|F{TctGBR+zU zuLGk~etIkbvlKb!2lDu`_<6D&R4o`LqTqvFT%rm(s@+>1k?Lz^R0-fo>rXDZra|+m zWRQd6dHCT`Zto}5Q7J^_mt5qDMk}~1r3FEOM?S)Ohe-{8bCi*oH$OS;7#sGB{~Uv@ zPqICtcs8!fL7F&y9KRZ9{2fB4z_jA}7PY{0)vJ~$?^I!CqUHXGM(CyFDwRa=aqtsu zVM+@WUU_3u(zp{r50~`SU6t95!ZLO7Qqmp?X$c?J)HyNjIVjGDYvzKUFgiq~kSA1_Qo$Mw$Z4^J&Tl%oD zyj$y=Em(qGARqdr_S9I-V}S_^2`73i7s+>!m>c8tMx>lQYb$Ht63f*|U6dx=VfyEV z&t0TofQZ8<)4B1BD|F<}MN4!nTO@W&QCxV{l>vKt%^O9Y6T_N9AsplekwSXPcP|)o zC~92LuP+@e{Z=yg2^0ZP0<8hL!Tt#8ngbnw-F!-Dq0x*tL~%8B&lmk>O-aSi%Jt)+ z4Xh#LUa{cQvpAw+29fF0%293%QMsA15>4I!c=}y(-maiOX1MRtdnZ{K_cSD{fKoof zjwd3x+VsN%fjY<2VK~a3oBa+5T}{hLD)9eIuGvZJl1>>ZN^`cVwg;Ic#i4w zvx5iL7WuQ08;ie;*THS#p%aj5my%Ub6aX*t(yHc{gh2%2)`%mJnuJMx>%paIKMT_SSZk^0k` zVU?=ToZg}WHtrFPa4{BN?(7p7SajgUK|>Z5$!si!tAa}Ov~ zvspxPuf~ock{VP3F&?c8LMd$^Mubx{uV75k=b}}|$$iJ17WdkPu!Sp{Mb}!EGyOE# zyDo%Yd2PR)!-9!x*^gF|#vo%Gq%emoRBxBDi*J8g<)kW*aKl&oF-9zR zb#caig*D4B@|*B5E+RB znt6PR;p?utxQJh8N;2oioVL6J)8pAD>>B~?-re5s2@j#)lMV0ZsT5p6 zew8$C0Y>(HB4L`CzD^K}61nfHNh6jrt}O>OA*rK&(vE^=St;8e@Oy-;lUJV8HF_qU znI9*L7sp(tn?be6fIv#p&Z)bpgOPjt_CtJSWBgU&_sc^}MVDBIyWT8FGbQVDyfR@E z=|2&zzk>W`U<{~a$_8TRzWfFWjD($&SD0^jgu)Y}pTDWx2t{uID?;f&W_QJbZA z?`6fUFgrUDXArI&O9kLkR*+$f6(u1@0Y&FrBRE5s$E)OTT=Jle&uPC=8!Nb7ax38h z`(R4tPm_>Z#l0s@DN0kB%@U*=M6vR-=qdyi41!n7cfvR@IZvd5qdc8wx5PzDpi&pE z7MDrL+Z#a|z!C3b^4Vnqu<5fF_+x^$BcdV~*O`%p7jGkh04(4w$BIvmRYG>}RVWLz zn(xJ^2s3=9?{}-!OFHn%j4c*WL_(9b&7Y0wWc!+Uc-29D<+B?SYfr?=FZjl?4)x#(DYeGD*7 z1?z#~CgnAywFfp1*#|Dx4oK@f>KMQRiu-kUNiS&TF3t*Xi&^bxzUUcuMW?t83MiL2 zrXA|?`wHf@Y%0=*d|bgr|q$|xkmW-41dgxt4c8QmPQ$2zJ$c0`b% zN$Y6;z|eL*tpAQC^8M}WwR|4h@r_R`0H*Z`WMvU;xeR%OU_`^27w|q-lT~PK^*E!^ zqDphGx@7Fnngq(~Sj84pFmpn^G>f%L&r6{;tS&k<3#K%xK<9&HYEj}J+9$s9vZ)@4 zzNARJ>-h3*JiFm*g_JmcM=~;-8WF?Cj^8vx2g`1jgrgBIu2i$mYzqw7xL~5~ax*Lc ztAQLmd`IU{{3x_0u`dS70&-SzH+M52H>d3|q0_)C5*}?XGB-FEz$7OWB#QBZ9jS&T zxZshaO;#bn@`dY%nYR45sr%AzdnAdFU%jX4#HKN_y?Ju8rBv%P_fl-uw$M0+trZyo z06u7my!cwIOiL;+iudF4BIouKXK9qNrkk6`w}P1t{^XxXr*_z{&ei72K8$W=Gf4FK zvgM7=!H(nfbJzr5+HI2zB~hq?SUPnfvsNUe-&cnF((Nk@Z;bfQoqgJ5)0q2Z989!1 z%WR;*xM~dTyFP2i0`6!ZDa>f&GL*&ktF9?mZ$5oRN#@yS559ew{he?M-khMfWu=70 z;!RgdF8YRlx4M-)P<2I^$A3yaWum7~l2Pa+GDw@|3#^b_z=X0J?KXFs5J{ZEl%R#N z`a8G+tZryAjAf;-h#9a4px+GO`|-g_Rbxzm>pOif?UD-9>yf5+fYsZhO)xF&xieW*Os>kDxa6-Q!c83b}P`EJJ^cM@$3pCwTG>kF!s1046^fi z;nsw=TuL}hWx3W!)c(Q55-SR4_vpR1Wk073*}Ly&_qzw9=SZ_nTy^7Kjty)}U^ZV= zt3PGmtP_Ax-c>zyVs~3_5cIZ-<@1r?dc64IT#iYx=1VrExy&Y}vmoOAbRm2I_Piyk zA>njne?_`h>hlPjY&8JLPX^2&x^Q~ZdC6F)bI|!3( zA^J5OQ9OOI$felkUM%Y~9}SUc<^1JZz>kG*a$54U*__X1;T756WYD5>hwWDU7~>Ek z72w^8Pi*7-k(Fb)b*fXYQ!Og@fXT8UxH?>N%|2*+))VSa_qc*6BRVuzTxZ4AtFTHH%lqL< z=dqA>ZC4sC=uzO)w(1uvotH+rR$?C^rBw&}$#^d58!+ik_dTmq`jOd?@*TlN;)1E- zZIr|u{3~DK-ERt{;+)G%8-r1nqg|f0*JQ78m-bN5_nMk&o)p3tc-don6rTHG4m&3n z>DE81fTEB(7uu{JUT34u=zDvGm)$mQ{z~)D>@QQ6ARj#|N~}FD3M1H>c3yd$Q+|BEqyvST;!>COJ`)SqLl%g`5{HMlK-Sn!Oq z9TlS0q4~}e5i~jD?XM-2cey|0q-2WsYhJ%cC500ZWJU3`M&kWPakHba2ZcMl92mAX zB%5!E$&go6qxcilsA!fibhYZ8s$haU$t+?P@jiTA$((iOwyqym7?(5Lz_FTww_RGi zv;z=mV0w-&DP~D2;a^M>bs`@zv*{tV*s!r}@xIeE(*3miGKZ%pcsx`cl20Hl4Z_vG1mwc^`^$=ivd_@B$VAsWT=fsLgZy~X+S*Fph?GsrtsXQ9Oto~Q>=fV}|TBNzY z-k1V>Ne78fJ-MwdmHFH{z7+{~RKFi9(83k#ZdiJ`AjuU-!)Ac-d6ovXd|yVu%W6V_ zYn6wSrLJzsYZJ&yojUH<1Qpy)7Ad8yk>y*ZV65dSX44p!)Kh!--)Rf9D*6*JW9T1V z!t!GES=1k1!q%|bS;qS655o5oUJWn;Fn;$sT2s1?*_cHv-v<0F!31sKbC>i2u7N|v zqs}sLt`*j^{avuhB5jc;s)vtuxZU#Xz3&+sa_}d9C-aiZPAEqmp+1qCehMA)XEr^k zJuC4vz1lR{AhQ(5;=I5z$}_P8si*+iOtZpzuFti(^HG$&_@p5kYzTI6Wi#JS5U5FGSNcnxoiA6IDMoKC@lc7BF; z3uVfawC=3CP0U(aO%E3DR(Jk6gI}}3$i@M?o#skX612prP9ubPbw!-h+=20fl#YgKwQ13_BskGw zw%LD+c>md}hx{HUg_(_->XO&ySF-nQolh1f&=r9(R*vcn?u8@AsYdmU4Mhk`^xSDk z-kc=L;-v>zkb!VqSBt#VL?H?E^_TCs7_#(8|kDH6|)W<7zP} z0v&xkBKZwI8sOP;neACEyIy=^k7963`ywq|X)FC6*7G+R-O(cLjuHb_#0cpc*=F)a za0aRZy`#MSYD&?aN+ra*T8>vQ3ir6~^(*7a9(frkdVZ$6#m?8&;ahFMj~Txz&yp%4 zO7S%EL>V$uuTeK~w0POqyoGcX%Ub)zDWxuOAUW+^U$s2j!OYLk5(cpvy`8isNwVjo zkKy$A{Y>A(7XQJB28pcg6uGA0tEe#r8GdcnBAV~eCUez+;LnWN?`S8es0%Z<*FJ3P zZR9=fdpz&mR3|vxsL+%9>G>_~1g84QW*zj`B5$+wEj5@uK?r7r?TY=?*Lb(XU%kR7 zM&-%#V#|x99?s6b@}YMsei5IoT@-gR0EM(u(N(WN{lOMqTC8C7uX$R#*LvfX&U#V_ zT0v|kNS}SJ^Mmv3C&9vD@wE|e z^}B(_YQDge?~0>T!+5W*TE*Ipdz$;|8->vnxEGIP>o67EzI5#_@q79-MaZSYE6ACB z<&a?oZMG2NQ@3TB9q#n&v0c*I2`t$brFIeKw;<8+L6^SY8}5-9ckR*HoP+54c}^DB zyPR?w4q!adgL+OSiyD)U)9oh>3~7W7Mym#-CrwAhtQ*Q2L&Ze*u09*?V-C7g9zRC! ze(TH+D!F^C$UJKNK#f_S{a;b(8DGtFRuZlzO_2sM`?K&49AtO@*JdVZ=+JE=a0wQ7 z9od|QU#UC&BgOPUH)B2^IzVSRz~|#{G70c?f_e8WX^0>*U4~w_ZgSenUTB_NX)bB_ z2+7zP(`RI6d`z~M2w`*vRqu!E6HIF{;GhP`sw*|#+fVdJoMF>jQz^ZK?#>7Hn!^N% zJ|#nC;`DUboy>&}3xa#(iANW>s=0NL5+)4fhMoaw#;psY=FOeTHicHW%zG{eCLfGvGu)1%hPc;0bHA-D z!E^JKgIItl%VF+ou%j!5@8W7nWYf7V?_;4tU$gn#vmBQ~X= z%w`!lAAH8lH3H6r|B8czlkN^Fh!=0BCdDSM6wJ~j-?6YX>rO80l(vhN&9*gJqfGH2 zkMH4)!?dmHhLWh^T?jgu&+12Uu{WoNF=qd1qA z{a#tW=-2T;KgU52f`pVew<}Ts%^JX$ezxnhv|>ckHDZDP&fHwRQul=X z{djd+(~lp}562k$@9QO6t=bcGe9b188WwqAUfE7o3`6W2y47QEG@gtx>K&*W}4 zS1Qc;E&774cW>-(!0#0|{UJVa6I}lgpELj;5riWG06ytp0&F|a^PHRa?%|#6WBCSQMrqa0GzYATzJk~Vf0;2;`Yy51R5>L8zpmw`IPl9f4 zL0kXV3t|du(e8suPnxB@pT~KuB4-wt?L(Sa@VcvVia!dLU0JuQPc7Jt^1`a`6r%YP z)u&+hp=+iL4+7iBIAsNdN_q2OfL3ggcAilA9hxw>mtNo3$4-zw1lxTc|6) z5YD{M=$&e-h(uuT&*1Ksi|wAp_ASUtREUBrcCrIP?pYu3enLUiWwg)ds&0kFhiIWY zYGI;Hf**vaFL;-6U$!Xp`IGM>hMFA)DV$CR+w09MQyvYI*d8U%R9AU+i>!UJuFPW{ zv8WWdd?!Ak1Aq>er2Ox^;51KP8f$E^umCW6x)>!kyaa&q&ORTH@b8h(&X)xev$ItJ;D7z4<^!z8<4S$L{w5QDwHPz&@k7yV>v2icFCO#d z{kI6GK{}^XWZ2O>*9vbIW?j*wXuh|oD(%grI7d}Fr8|5i*4&4S%B{i1?O%JvHEslZ z{9=tfDIUb7Vya47{F>zOI}ZWh&o2@`kkGt~u^Hd^k=xX_)i>5Z|0XLidZrb!!9YCf zz`No)N5o(nnGO&J80E@fcr{6|#$1Q%>Ev#^v=1BOGY#rkuG>8~;7`8Ct_2T>0hM5P z;efW;aOHD`@qP45Rdo4vk2@-j&2{zNJvf$ZUyhQ_0!zEaRabQIitv6U=#qkNiN;qm zhh#H&lqVpZm8&RxbZqR9c#GNFF6ou|&lg&2)c4ev=HsTFgxBae;gfah@vAZRz+2E( z@~4s&%U%9DU8K28cpzF7UBllxlHl`5x^#*yS^rBiHI)$7det=yE=lS{(!+d~>>JCa zCuF2$yeA!T0XtWAeBSm@U@u-FXM@(C16FsnE z_Zhd}^(ZAlSFSu@mJ3nMnSb_ClX9G#pPr1bSldlIeveJ5Fth0iK8|3#*~EYym~4Zb z$E&mh_gN*UwPJh7*L})DEmt_iP%s57l1=^Qd@-ARlNlP$0Uze2!sjgkrnRZmGSw+c z9Be{G4ykXH7Y#=DL=C4iQyJTZpfRNz6d|-6rUq-?H5SMD!b_hZvx5&NVAlX1V{V%( zr*j=k_6?}@lk#%)s?qAT9*(5XBIT+<3iWVRBMvyNQV#|ct00RNY?;xGZ4mIl60su2QZ*Jk4*$;W|IaX^|M%LRGr3}=-W46U3-sa7P`eOY z(hq=M8!3*ali~GQpz1!5C7dkA0`B5hv7m4zzzOwII1!j$nt{wfrjdtC2jHrPm}WFx zMc^mi1v~lm;#8fTGq~_6p(p8-w^7ZYxn4)9b)BRpQa#krpOwdu_kyan1IAzvSUFN) zz7{NP5(6_}a@gX6FEinC<7a8n?&glRmR%|QU)40;UCS;CVPI69Bb1-hbA67o{&hJL z?*lojYhcTD+~{cH!9b!KG?xPW80DK;rW|KIr=lnqp7eI_U9$rK&5`_+4+J@INZ?Gb z(zOj4x^RA2Auv#MqRe$A@nsXJeB?PnZ9V@uKH@nmHlda}I+s64hP>}i9EQhc##;b1^>r>x0t*CS9iVq&Imws2s;=Wdra^Q1J>5FnU1-JdQ9{luiOSL!%=qKr zrmKCJ!&Py#PA!Xk(kL5SWq34(0a z5}mbz=$#-45+ove?^f@_^7tJsww(}@TQe7N&4SO>#|Qkt`&eUhW6zX~{4-f14ts{j zt?!tRWS@|@G|=Z}5xMe8QcMCqrkcJ!8-h3_syc6AIj!SzQNXN`+hg@kF2#Dmd3MNcF2?It z#^+Z^A5PJsZKXfr_iqibw7@RSe&>)(!3FJq;^1Z+(;#8g zByXFofs^T6t8ejKKrDZ6Q4C;mga*~5MPTiF*pXd_hFwi-p`cfJOA?2pF=g$18Ha4C zAiSk69qXINK!#(mZCB>$EmdeMzjZ5?ENVR{0wIO9t3;I=|23GF@GO3kslZ?57UGkI z7#D`3S$lUmhTes-3T&ozcm^Uhed#^`J(Oy=9SE=ali*z6*f8a(Pvfdp$#kIU`sci4 z8dNdF=s1ulCh|NhhRo)@yPZ-2Vwsz}F;`;-uD4Fd>TBPzD$o$Vq>nWyev{-fJSY5D z`k9&5NnSc{{#K~eu*!3tM*=J=>v=828{k8F6gcFsqDrt_RuORVRPH(f=}(^bG)KR= zC56}-XK=i>E!^HrroBPA^&WBidWxGHpNlR&j__X%F2Qs3n%$zB?e?!j@L78tZc2GD4E^4y_i_~ zezZhg>o7IW&B5DPF1}WM4!4W(iI%x_mJrTOj*W#;SZk zty8;Bjx=lj{YSg97QQ! zwo}rCjg|i{&y*=&%xY)<+urK2(H7_ObEpvSF&6V;ay#nfG_>q6nnI#L>vhOu0kg|Z z=&RB9q;z4qwWReut#9Xj1KO_zsxbvP4_o;dSuxL=$>3ml1#|DAukU_fKUi?fg*b1% z^4NPThAJ*!O7ALbN{9sD%gbInUW`hLOp>i{wPA(X)S!BgVJDnntTZBwYt;39qO^3SV7Vm9MS_xOBY$m{a?O(H^ z|M^Y+|0ZAnnf;N;;cSOS&ECs1J~~qW^(!`6cb({wz|4Tyzlk$IEI~->`=??kjKEMWhi@Oy z=CmKP`$}Ky%9IA6&BG-nwqsj_to=3`p=E{C%51D|TDSVYz3{2#8f*LeUoGV-*_5 zNPzT9e}n1Z6li3m8G`lm(!OGO#JgGa;Hnp!Z+_rfTe2#em^eg@_f5R^xMX0ermsQz zr4C$h20^Xb_p>&LzccCaiN5%6`-XVur6I_hn4;X_PEnD&^C90;gH>b;5KC6KTPGz! z0YHiC<-UbkitR*piJ979{cyv1bp-}qoSQOwl+#|w+;N)O8yaU z?O!YTgzHJ*^{~DzKMF&*|kS=p$P?4|k-tk~n+lJa?Hyn4;4X7P4az zH^CvfHA)2PDOpIXVdpjPI1t(^vt+$He6pMV02GYYc7@mLWLNfK{*u%?RO$ROn2|D7 z)9+n;Uz6Jtcy7B`+hn)H>EWjsjk#J%2}wO`f>#o@*-@!IR7FS2b(P+(xSEnl#%gNfjX&mb12d%|#i##^|A-XA7>Q(;R zj(#pKJmKf6?#|QKFGmC$)32@ksEI~{VqztUdViSfzS=TNwR2I^9I!U@AJPSzWmQjj z)gC|%AN<_!O??XgrC)GdmOWFWFCiN!1{Hu3btIdxn#VqlRaf9U9}oa^hY ze%$q$c4c3cPwZg`VOH4Gq#VBWDrMTujUa-(3B-dQ`26rak7{V1YLRD5%rLl`lTKn( zI(ctC;#ub9Zgdk9QxN;?KP?`D-c)5LKoYn#+g1 z7iqs@&^p&WuSy|SZ~mT?7JSl{nD&d8U)`;DH#IIfFlQxe7Tu&bbus#GcJzL0R#FxB z$7eesCjlz^$i>OnbI-KMU{LfzS8o$n(^6~a&jU6BX9e8>w#?vAf1dCbAB<`bOFg$_ z>x}s8+9F`)>B^wNS(g|Km8C0*+&eiM!!^Zp^ZFv@^m2 ziMj$85ixBP`$5cYLT~554CStd!QxOTYWz1~L)WUeID*&sMR+v8p<5?O&tb;b zVp&k!DaCdW1QX_D-o~Q#V9g~^1-(U)HvY`dan!AV(0r@+aPx`{%WnY?q5@Dm(X#7H z2HE-Gl@P^HYT6C%b53(1DM?RvF*-JIR%&5gvTmuOvX{022j?%;il3NuhHP6URN23j zb~2h!jaOPfUI+kVd?F-T+&6^5%x{^CC6a}{&FoJ(;=1=TvSK0j>HE^41+ zsD3!G^?A-+eAo}PAzT^=vvai%z4#&O>k2t(21By(oaVD`m~x1R*ir?ML)+~Y_P_9~ z{lCV%|LJ?2;onQ}WlR4$7Iq<_mn{D}7Ea~GTxyH}j)lP|pm@Z!&j#RF*bmo6jnx6X z?N|R0F$Uq%ftM4Zn~-n_wMA6LTW1KB39<`TtyB-u$0U<3D*7 zeCKi|{%7X@Pj|Ebv!a3s>$zvq!c*^3)l{AYq^??4 z4VJY0P%P6Z*J2JSHGT2k$gp@J$hJN};+Z>Bwy5h{NqtXir|ny zWyX1Lcr?HI(U9?BO=c{(O}kI{D=QHx5iPpul-f}-DV&G4)PSY-FLdz`*P0gdq~&N$ zlAKE6k$KtG`66yXu*xodtvoFX_|yC%zB2Xup6XxEVZP&XuM)11+vloS$xHKj!c|p% zP+9*%HOIwiJ=cDDnMPkG42KMps`-cLAP5jE$OB$$Q9g@peLIJ#99Q02BcIpivKx*~ z>7ppD$>M%oW%VHVrd2DidvI$NfKZ_C&<=)+NTmm#J-X^k`m0EDJ^~lJeB;a06?6xo zf*3=PV*{)0oG)tEqFyxzJNoM7bvdk)$ED6~KlkNp+ncCatM)DLwu->1&bKY$c<`UE zibt-;Px8dB3soCVRCd&mkA5Kp@Gk2BE1|f{P7ceQg=>X$oY?B+t@xd4q*BWqDf6i8<|siZdsXXBElg*xU%7O60*6CaYIYMHwR%u~RWyGjYE@`;22?MzhpF1I63nctR{{jSElPG0P~X17D? zll_=qaCRV!)r@L>g3R}8;k#IEoFSe9o6t?%V+X=?+CoT~MWmo*uHxS_7@;@8)kCZ) zlsCg)T1XKE_s|y+x}5PlI+(Pquh(M$Xz`=o3Cq`qmffx=C1loIAU-#}lWY2N|C#W) zy-(C|^QWU&QYDYHmCOrkoE!FU7ZrGcp)>QU=PH()X96V4R93q!?dNV|tx<=2^y2cE z*Lz-TXZ04j+gObYnB-ty^DR3EJD!s{4e8FRZ>H#v zO1WEpR>c@DaRCw2)|d`tyw1zU#u-WRyPs}j7lr~JJlmuWSIV|#b$qE!E_o0R8$ws_NZ2|ApAR!=>c6Qof} z;EmC{v`a_1ya{KM%yr6u{TOg75qvjLNz_C5F&ws|yWk-Rj{|LJ4v@Stxs3Su~ zWmwT+FQ(i{^^WOeet1%;h$OT%i@(%YDDIL8F>FO1J=N>)6kN(+6z%SDN7vm$qTmJD zGMj`$##dH_yWUV6ny;os#g#I`2Ss^mm>8TbMlO3pEGCd+U}|J*XmzkcKz^MJ3#aR(zmjHl`UBOAi4vf-FF# zeC??ZEIJoxg1mJX6MKo7Xg>7ls*2Vrf)|$7+afUFE*80}w=w1T=59dK<&00aPBxSd zR6nn>*i7!cH*`PFu;{h?LsM8}Zk5!*DHh!0W2b-xYWF`xwX)6AQNm5v6VnoZOXy3C z5+tcU=W`f6MrpaHq?om_T@QkZ0GIR6z`QjUhOCke3(as~Ikz?M>`oY>(`q{vWk?R>*rwIGGbKcV$kBmjVlld#RQ#5@Lii(dchWrj2H56H z;xG4sz=b!qR$XYiLk8^rhDwa6KB_pTm0ztAX+}mBF$sO*BN;c52#xFV6yxPZw{D;l z4r(zx8*;Tgk=J+e##|aEad#g2(e(6unbgYla)h|NmL^glJ$bx-o77(=6*JWC&+=gt zZ=dHpi{oZZ8x0_zDy@GK2YX+Va&xa!f07J3*6b(jeQ>Hj^7b+;A-qK&ErwhI_nzX3 zyA*?`t|@)rV9mSPYmCng(bn^~+@0RGhd@8ASI5)Q(p{AN1qOt_VdmFt{#z|fjtthm zlE+V{4-X~W_~NJZQ;kwheJL29>2jqSet#F#g#?neU>CRlAv&on4myDb(qJx8<{wm; z@gQIF_Qj_z7esz*2gZ7`iw_zFh8oKpQs-6tNF)1LduSnglw(C3JnYv>aODWxODtV? zGmYJBpsF3_YMR|l(D*Nl&$x{HW5zr19-o_g185AU7 zAIiL{7YRP@k!XKdC7&;nLgLNOH28b1GU#9cn4_8dHf*KZ>)iLAKdZkTk+W@W@#95< zqSe4d>mqUzI;ppba=~CDlYwGOYP=On^4nDlNR9oIt-)WE0`!hH(J!WHxvJB(5z>b1 z+mLP*T72=kT*@W&zQ26T&Ls3KD^STgrd!dqU_$cO#gcMoVFn`-DNox&BFvHg;g+cT z+412GjCQx3@-&e6E06Lngnk2p8ceDNzOSt0%YHvB8GJG;Z><6oeTHd&@T`J(M*w~y zNzj0yBjFG%G444Fw|rc8gxSQKDXDKcy9S!QSMB+Ch{Xolo~*kHm__~g=m!h0J!I(4 zr3!L@QTxK4*EP+(#OjAlCoT<^gUm7=Jg!<4Lo6S&(j_XI@8K$6HkG9We6L)TlK5UP zJpMGy<6>?s_XdIy|4_49^>zVX?>j*T>qtl!k^SD1_BTbtbyWRb=8dgh!N(;Ny^O>s zNj-rgMvrWN%fLAXvFV>sL|4Xu=K(c|ZP*(Enih5sPn*oD4rs+e}DYMeaW@UtnwM8&nhIO7j5e=qT#iABQ>g0XVP7FS@)BF&Q6~38d1*hzSyMAw+tCs7=X}1M(=D=5xKvKssgKxAU#_flxQ(SE<7iz3*!r( z)#*m)Y9-j`Ri*NVJj~=wEfMp&ufj+0z8V#YV@jCa<~4s9l)A?SmHTfdIj~Sf4OB3yii1axZfcl9g3FQ=jPRoZpyfV)kONZe`Gq z4Ulxn)cy|BNyCzB%ojGnZCi#`#=kqWF^r7Mlw`^S;*d zd(`>G;;Q1T^kFZMQuYv|r=FuU5@3Yw%`RWI?%bPH`{7a~lIcS9=&`Yur!dDyXzcpj zf{HReV7)w=nRFDgJUWC z1*$y!?&R^&c#p(pilLAD7DEdAfQLXyqz;>jC)*o-Om+6ds zRCW1$Y8V^jd=-NLbuh!%gnjqp8p~sXUdO@oF|oM}h+F&BJ@#liYTqG~R_1D*Vu3~I zc3(J(_+=GWLGr^e2Vst|K<70I1h;B;5599zM!RSC)m3IwdWIwlIySU*d{X~1b*&n) zmhP=kCWbCQ=)pYPFe@T!#PW2G?^%7iRVlIgV%c(Z;%>h#_o78?wDe=T?6279PqXdt z0Zf$`EH0>q<&bp4kVYq6g(p|52IH9ajbocCE46OP&E5-@%7wu6FAl180PA56d>Cr$ z>dQO0eA(*Ku7CXp0pyhIrFD@pOC=;A!v^#%axq+v&Ew>VTKZ|`#aah92_~W|h}H_P z-M(lF2uLiCPD-Jl!l?Vihjqn|`qJJACV1G%0*9C;kj;J1_Zz`!!;sv1WuHO1wWnKN zUM|~C68@xEt z3?cquaWijgVepsmum&?fsReh&FVz~=Xo3Y*6j=e6XUk1IV!^K`+a*vc%a(Wc9#dm1FykEAU|@$Hk*~Ssb2y z>Ajz69!=m{2l7CzB)ZL4d9gcDe}0x8@+N{}967T#8=(cMQ3eyp;1C11!aFN_I92L@ zh+rA61Vd4a-8Fgw8_kalKc$b+`dXcyWNRKT$sQCEgQ~x>iHohYu^@)PH?FDojeQe< zx$W-MnJ)bXONxz+ojxb*Z<j$|sLSOb9QwP6bup?I75Jb_D}YB0Lq9U^J?%+XghhF(KI*(`B9H1u z^UW{!AIIejZ^5ZWWd9&LgFb+7U6U`Zs9}b>DqQH`jJ7s@$;->b41%UVvNuzl1rmcp zLPzi6D=}0ko<6Do3l$-}H;wIq298;Wds4_YmBXh^vaQpH|orOFlbZpl! z3MBs(-=*G)>5CTUo&Hn$R48O`a*Mb}96BHR+mGb^Et1=hWlxbIs`hliDSaGO+5$$E zllL}d$3%&5Ha9o5#xHa%vn!MdCEp)hE(SEEsk}42E_Y@8X8r*Akr*Qh!9ps5M1sg0 zGqDL^aNIWTDx;v*9#1m3%Hs{+z?ENR@n;kNY{u$+=;HVEP8%-VE4jgqZYv84zotq- ziw80D7>q^dO&Wx!U&EJOwqK~GY@X+6U-U{Kht`(774o}PX$UOna%McFPZ5`mD}{B^ zcwflQ<;ny(LN+aSRBYahzlS|By6g#T7+l{@&P4WmtLWj2ArPs<6^w!9Yi+Ob7Ih6K zl905i!=0<_KJE-zST|)caOEj6%|E+TyOdI2D<(?q@bY|cd+Z^#|bjyaQCn9^G0ARo&>s32egwZVB{nxzsUvT*3+3HBA|JGfz7*HI@ounZ8>r@^0PeT`vF@rM`$z)LM-E zS{-?B9C^n-M0ZLE#AR=#cjd>seDbW{zTazlzeLYqUEB4I>g{*q#~CC!h~2)GHToc@ z+|V_q7VQE&vQLFO{?dAaU9M`HFDF3nSFtoA;BC^2JU-bN6?^JD7Q(^B0F;L_u~6W^M>0y3C3 zbI_=CCHTO$pP*Z#l1bgnz#^HxA2JGQ4_>J6xqg_{2ZV@*N*u{Timqqg8>6>5AW?r^ zr6g+Jmq=PR!hdjXHoW^1@AA8|FD9r%L9!<6_#;BLb=>~;ZaTN>tYB5FWP92e)L}w$ zbzYrJ$-E3Pi)10_VRAd#xFR~4t!yrkF)iBms7vcsw+B<=+&dmIQJot~lnxFbS{hfX zApt=jRM>nuP_DT@ckOOYPU+Un)QZK~9Wka^njX7`h*#YZYiob<_NLJEa}`r2do+1h zIVq5J+%p!6;B~nVQPi9;3-GHKq0RN$NTM9zC^O(T%Nf z)Fl%>qBDtLe)SC`;}jxAubOaXy%QH{`J=)*V}i|NsKD4St1>ZM?Tahh7^W=$hi@(} z@~VKKw?1H>s}|as*5q|Hf*c|3Ev3mXW^zACixfy|dw6=&W9$K3iSC|Z3toLw}RD34p`}C438ePusBJ4AmY6d{V5sxjlV1Cb(SRqP8$PaHyd)_QFfg!h3ltA)jyXh=YWMHz3)rA>L;x*Xj_ z3i~k#{@o*$H!yBJh{V?()fWaRIY{u*LzhaLllji267U75lZllA{^5+xq^e=V;qKF2 zJ3%Z5PW38BMa(w`%;r1Q8RcHQe0XWvQ@b*g)VN4QW?G*q>)lS&CjW&xhtyCSy7uz` zenYVA8ydNgk1N2kbj1RLglvg#Z@{7OK>_&A`utlv@nG_eq~H&~v{@Cd7_0GF z81+6}0B{XUz%DVEzn9FD%$D}nF|WwelBiy|{@PkG;J^P-oE0jT6pb^a^|kKGp~sx% zek8~iTJJ6@e^hm;y*^CR2UIM{}2&hQ@%}sAnD+;Txmt1H$rUh?~hM0}#(+Ekp26pb?JNEt9lexC#q76Ely)^ZG!|U;2OCKf0 zsJq4;e-#CCAGwtg%|G~x&t8Wu%Hu4t$`OYg9`@_|0d#ke5t3eUyw&r%MOHN)U0!e9 z@7+6?hxVj~Z!~JqAfFMmuaZ=q%A>CZQ+l~&F<*QXTYD#fAXG0ehq=3tiAR~Io|MfK zx$=7xv9&Y(u7tDTP071{;PqI-WzI06+FNz0TW^@pLyrZrw{6!|Gp&bLlm||*R%EVKIZ1V^Ep_F;Yq&xW3(*32QzOULTbZdy(Fk8_&&!@#)c%B8Eit zq_cm#fQ|-3i)`$6PtyXFB3DsKgo3b;1KYt2lH4y07v}3=ptZt7V8x5R!UoqPF}5>h zUL$Jo^TN|ws`e0fN>72muR+Y)~IMVK36DF=FArkuM zN>FA3qFft0MBM)>>DwFn;=79v8}8dT>XfYTpaDY>9>fSw^>GM+f-H%-cB7gs3;Jt+ zaIA25gyCit6YFqK0a#4nq>$3!!C#+H6%v9FFs8?8qvk?el*qEa?%y6E`$qEqsbjNV zveiiY{QDEjdUfw%uC16^`HCE0DI{Uf?Iq23?C{SRTGA3{xDQh`-k6<7y0RdI}$jS zEKlscec-LWWsolL%{B(ShA!4D40TM~0V%{UT4#9e2T5Dr!K~y9{PJmL)G~ibFPC?u z^mxQc|56Fgo{M@0CUL}UI(4{JB+0DR*xVFgVEcQHHgazn)MGxCey_cP&R^j!tX2cb z-|zE)@(oe{D(8&sNSX-O5aGP7%^P1UVKgPP#KoasGbz(xwm8^(>#!81_A#2(gpco1 z^aH6~(Z9O28~>T+^&39j0{CCwE(RD?%fN=f(#Fn@{^}et#-Us33#wbDrIX#s`A@{N zWs2g_M(vI-)qu22{}3@JLEpx=NYsBxTHZ`m>uDkU)Jh0od;-S$IX=IX@MHqShSFQ& zIJbT}>Dl0_>XkwN)o&+oKqi(lG2`_}@Id%#j1tKC&Y(_;T~ zuXBY>-vQg1w}dbC+n>sgSprS-YWyWyE_@4g-GvXol?vuZ?!dz5qvjpNvhd!?$~OwG z;$#CU$JRX+Wll9+ik(>&WBmy)?#DYz>JOK<1$NV4mgal7pCsje+St8Cpg}pez@)mJ z58TlrHK>Btoh&IibpISa?yMHoIk zx$oEW)T>CbsZ%<(WR%;>?>ZT{49N3kLqJ1U8^+S+*0v!!Qx3 zKbdApKllA9-|{S3)d;y$_EEgxD)FP7V$$k=G?+B*FqgG!#w|2~e5XpXi@1-S#LrnK zXiv9IPRw__Of#x&Iph>lU<)^tI(=0c8cPobu)#?@9c{nywmGOq64E zfEOjpTYZj_EFGg%agEy)Bp)Ec9mwjjjy0mUi>|FGRoXuLA{RZky1CbA)Yd;lPmPl^ zs0KTYO%g%vOWIV?XUOG@-7 zht^%OdyD(2l4gJW>;H1IT#D`6aT!Lgv3oLzKiG$ENN61Zy1-XI5u*ET%t=BM=*r0wm~h1BH`94GcS;l_ShcnG$7BcKN>|w+;fpGNXZ3MPUuMsCx`#r}po@gCqbODyH1k?U&%A}*rhQTK+YUXUjJ#?c1}2Bw(0;{arYrlacxLn`XQ z!$M6HUG+Pknod=ttY)j$%zc6~PI(S~oZ7-Uux2UW4U+aMA&Up19|@RI{DULA{A4=W z@=I>WDoZ_{`1`yzh*{o>F?|B^e6&*pTBg|@KcaHLG$@^Dorm%`Sr1@N!kDAdf;X0O zqcVje(^T%ZSZekRGdxS`cj`#WB)T@(;TQLIs2@hSLej7a2VEGAz8t=+9u)!1qJEK0 zML@>O#)dk}`5?w9>d2D5W_$M|eGjz9Gg=|je4_!a{Me&psIE|Ey>!!@wkIJDbB>Vy z=<<|O^0|Q=v|y^*fKWE3Z<RcaEwv}EH0Hc!% z<-8uv;lr2*%lM=WRoB*6OnLsMs_Q>`rDPv{-vXs3Oq4^Ryf3AD_34^yPyai<&>9m9 zUMz(`C8i|=ujF;^i8KvM{$d_4WTyQPk@HA4*4OQ>w3e*!h+O+j17YT0YAs4V$f?Kd$$) zGE`H0%(iOa2nj=YLsXoTQS1n6g{Sv|>u+QpeFpI^AY=~yL^gQr+21k1{~M8kCGS`Z z&k>#gJwmlwtAE(Fqn{Q((`O!C*s2a6JnFE7t}w5lN$qLd`5kHfUi2zu+iOp@sC~C{ zw%RI?zwrJ>k~U{ne@h_T+0nQxzT}qUOC8>+9V^m=Bvq&sD?v3EXO0z5PoFi%_=b<( zl97#?gw@#&h{If=oky!iA5z37Ouj^)(8a@w;CB*mfmh$)T2-xMAHUXN=Ast`1Xq`g zD=GM!Vw3Nt3ch@FzUW4i+d9pH%es zKOza4o}8c@CM1r3ZNhV`Cwv6gF(X|8w<9ch+j_EUdv=>EMo*T}9Z{lcg?U zy}E2`Gc6S87%*OFEvm&xQ6}>^UTUg0b1ki)W!&!VeZ2p&G- z>!d%etI=aUq&$wa)(Vl0EOrvBfOd>(TOp<&8K$c|0zCRq(7A&kbP&Cz-8?e<3`VhR zA>yTXPLlwHcYp#&fPAm9>E|<;Gh()a6Exn+SOE0)8?K=eL2_0)hoG zxOStBW?#Fz?IxziEEAbFA$T^@({q63rzvpve|GJ*2EyL{efxr?jbXBM7tQYd3 zKP`tr6AteH8>+YSsGB(b7PUS;*U8BRm@?mxfA%E;U*r+wG2jR|1T7Wmuab=my6syE zWiW3!-43cL{fIDaI9b(-R*vdBn(*;@m*e~&?otZ2%TKrxx}mD=;M;|D*z(@U^@yI; zoA^L1#0ohBViIkWe0r|6cV35bxZnBeRvDKG1#4W^%yrXMMT=7*K^O0Yu}3F-Xwf9g zMp=TKeyp@rOZ-~t`tfvdpJrsHIs0>sJKqq;I@!4)hzALx$4qtb&_ZQn=*V_MI@iE6 zuC=9F4`t?V23(HEfC|Tw^}luAn{R$@AIA1*iy(Wc3g^Zogn1nkJ9Be{)6wG7TqI>B zL@moC#S4;+!XI>isW+Po3)5G zp*n0(cnc5vp0}hxb@I{C9!|-L+|3!?kg3xp_P)fVD#s)gY&314dms}MeedUg%ZlVb zAOCEzv}5Mepc`li9bKiq@s2h!eBi?Xi}d4t`u6<@zQ+H=s{}GvY}v|kHsOcdKQdw} z!Ui2!Z}1Q;T@U7PCsQpc-2%zFc#yRvH$8b*hECINkQa4(-Uc7b`cf9D==fxzN^Ojm3m%N%MdG~Eh)VE`VXC;X%pXgNzoXeEgb5840%?(l-#2(7P5~m3VDibu z;5FUtg$}atN=1F#P@`bn;Yfq+(%}6&j{c%4NnqQ3c9m2#jp(WRoWxz^RP8N+x~AF& zHGzj3qN$!Uy4#1BL?IO`s`&l21D)x?Et~IYODYlPo^n7uBPVl0G<@c2E$Y<_uB$ zZe%qqj(EAZN`loaCosUeSMO!B>-+Sv>~848hK%i;rDRzJm+7A8Eh=ogw!7{Rs5-&l z0~E^6rSf@z*LuxY)mj-uv$x97P&3J7=?(fT_d`j6-!9K2@#|9DM5;h=&BmURGL?44 z_&R2$v_S8>wUuD3cbHGNM7|n(w`q0iyxjT@e<^(EzfnEZcMRPsPnWq_@!$=^`L*@F za0H)kDS;*E(c}-zX!&iy_1S!LivTD;?ZR?D`Rej_HLf=aSdNXI4se_uG2RsGV+**G z?Apl%WGT@YkIuaFDi#hiZ5jBQuzA0N_aV^&QKg$X-PxOBj2KF;5i>fqeqD~5mjVeE zc5%vO!Y7|?ue>7R*M5{ZntV@yf+P#0GbYps4qL0LZ-<5YPhh1!v`8@hDBr5l4fJq# z4*={zpK^H<*_DT(>4eD#^Ir=)?(R78OkM!8?h5dg@3h6zGz$9e`u za!X?V_}KA{e-D93XtC|oW?L<)iCYif(GtA1Au2!<9~z=|AoDLij5&^jYhvlNr`pEQ zbWEjrZ~x}N$8f0?34`_A*8LOOl?qpjl1HT}Ba&XQ!~=L~AV5H1m;$KypX9Hz9m_|r z{+mVQA0k&U3K_DAkKyTwn5stqtV#I>xK8EDv-^D-+dNlsO1iF$0gQ2QEAb*Zw*Xpw zLWEpqPeiC^$17O*UcJ?9K3gUvSo!L=X3mS90ikge<2&1*4?1JN)EakIVt5Y2Hk4J- zhFz+mJdA)J#XXs0%7G1Kxx=#zsM!&hw3)eut83}oIjjW(!W zFO}ED&t2*`?|$7^jLVoxAn?^y*8Gk3X&={xs%9NG-m>8~pi_0jLvRSZGKzZ@d6;m&C#K*q!^t7?m zVY!eYWwphmSf-JpmY8Rd$XT4Vr=XQXy~H-_3El7wPHta?b7GVfA(yT%2%uR4+;yG& z@lsDLg02jJjA zA4ewRS$Z?cJCU?_)ovDl&W|n+-uid1y*jtr{%tGW9o-Hu?Om4ks1ATHV748yaJpB8 znKbs-cUY~v7qj|`p%%SgS-WDsMx99IJP=|D{z6Ms4k!+}5Pjh4-0lPx{fz`>UoDZd zfciVOL!>h^1wICkR%C!m;@TZs4W-^WX0S!1Up^wROn~m9VMM#!?9pRg*Y_Kf_bn=DYspw#ZSj>-7nm6syHpu{M|Dt`9RgoHdtm8E zFZ1G@S;N#txRq~qSNW^W7Q%p|pelPo%YF*TlQ^872}C6fy07MZv^4SxuOk=Dq)0DbJ?`bF}w z@4maV;=T4n1q4!F7^K~qyAZJM)M0CE>x0?}=c}9%itU6I0xPw!xTXS_yFiWwe`qyu z>qhjF?Lj;^#p#+-exO2gws4^-@*;X6SaOr;vPm0l<=!ke#>HpB6;|8=jvaTIIuxiM z_WR0RKEq1&0ruzJ*ObYRT0l7*)l`Kz-x2ccb+!Wt*^j=RRMI2TAt65P(6~lR}Cke<~ zZP{|kp2sx?3)Kx~mi(ug8mhxwZLo)KVKdDpWM40v`+KAk`nX>KJM{U87xnn+UrmCXC=bU@HMfUOqoT37sjeW|)wO?AY zJi?s~{ci07`Mx+@S@fFM+lPg^*`%Kg#nz{h8-Qo}VF>}(AP+V2-x^UI9B*TKYP~M|!D^V)Y))&)_}81+dQ@ z0%0V{fuUVUfQE)rWx}WTUh_<~4VC(K916^qwVW4RzOcyeyK%Cal%MdrnQrBm>!`Ib z*PRmbTrcbo1mokeQQhF`uzU>f3aB_6FH8Vu zw-znzrY3zHm*M)_EE^2fC-n?1J<*=F5TZhc=AIQ-rJ-9J717`(LY{8ja2WT(&hsEo0&&Nx04__j} zeE0TYUy~1KHGTOdZwR32>%~{=IAr`+hW2(bHY?&4fHtYU{Azp7Qg1<7yuk3#8=_rK zeWFWALSt3Rb2GiGrLiWFPn|?4(ub&keb}p=+4@Ie*rGJ`=;BT}9~s4GtEUa1Lg%30 zmk=)h_3pZD;O5A1o~wA>6-{e$D48~~e?&CHICyF(b=5{2EfD@ILqk9zJz_mpDk!Ma z*SeE;2D~iT1!e$1_ebqlyh@l&@>*&e>VG8L>Q-L~91?x?Oo*Bz=tc7-DrS#jgl1o&XTBRP9lp`jI%yC=hq<<2&E<6c}KZ!bhxm?;3|) z`|l+S>u6pkgy^nywRSv^y9>1p6U4k>@@L20AH346Yb`z{*wDw@&@gh{ooNVhcthKF z>Hr@oydt|OzzmYn*bIT?n*o5c4?T`ZdkKnhIzPVql_QbL=Cv9oGj9Y(5 z>QThXk(v#pP^=_uOMd2*^;eH#wXmR|x9w(Dx$Q;hOF)|(l|o9A zM7#ry;K248XzFEUDw(YAxXgoi0)H)$A((e3GlcN)6{u&7(U5k4xWeZ$H_OyX)2n3y zrnhaAW`@qDj1nEGxtxo*f#dQ(F1*A_DWcqIIbGpgR?Nq!VM>PLXd`oQT;kG|f?uQR z`p}rbC$k~fg?jrxjZJItW*}+MpzHH^HeCKFNO(y$arr#%L*shO#khZ!bJee+1XUJ+ z(@DKhkSfmZ*Shfg+TwpJf4j`T=fO&zIUId5QtJWc1iwWYJwjk<;e^CC!DIe1DT@8D(;eE)_4 z_b20cyfIGb;tPxmWe#U`%%BNJ<2-1htZOV67Fx-()+8S(j;bUne!KJZBlU75V2d*@ zI&?2UM-%ghgur~&3O_PBMZCrvUTKE6_pe;fN)kUAdL6wak)hl(-NUE7w94VrdGYue zmI_^oQB%Wwt<)-q22OR{_uFlape;*#SfQSI?=<&($^S+N3>`JBH~Zpy_Th1b~goI0XrPLhm*Z*j$6qH;z<$D ztwZ}rh}PYgBJVYHa`3%=Lr{S^bm+m5jAB2KI|9K%9JvTq0TE!WRoSO`rUmx^$4R$yF{a|MAOGU5; zcuk-SoI5tZ5T-D)I)bk8Kb2AF(6CSY)tF>x8kDL*EzV35Rl|liu-#}W!?DB#A#IUt z3xT8H>v{NzqLMhsGK6f4$Q6;N$5IouCS~3CWxwopbjDVnFMC;T8&TmR3k1eDp#%^V z*n%KTc{_q0OR*Tv$N9`Gqw@ZApix63+q24>6}%$ubyvUcEiO62Wbhi8gB8lOA}3xt zPtTE38S_&ak@``mf+O*KL)91d3ChJa%;b8E@K9B4Sb4W~<<#CLmcMfhy4sn+7#U!N z?nrst>gDCcJr?Vu#muC}Rmm?p_gL<{V{|j7ZLoVYy!}f8WJVB|;V2V_SAPj%a)$7f z*4S{qv!N3Y7VJSlJ3d=czIkv7L7c3P(L2Hkrai&rsX*-TjumE)sR_TdKT)M{mSZ3E zl_|tq1?3Y5;S|4hE<@9P%BzLtQ~`4&THLmAQuIbcgL+}IWmD}d*I{vH3iW4>Sud4X zcFknt3%58`Vngy&)=ai*hiA@-R%rc}c{go{% zYCP%602$y171d=X4G9oSE~O}*=@#`^(Bv12RP(k>kowj;_-NV4Ap-nLXC|>TL$Ds} zUA5d3bG){(v+jBzjxH_uoX|OY*8{8ABci1%b8by$PbKv%`~`F}ui{udQ8{wOpIs^6A66-nE)NXx6; zh&)%c4ut&Z7(I1qJq~8j8zA;P+dqh>lUoTU#7~=lewZSSI`z7_IAOFMmG{QoRrm zYMXfD$L#5%a!_WH@@p&Vq8m12#<&2yGJ+0+e8;BL6|y{_&F%2G`X9mnt>5&b@%{e@ z{+rC4=w>X3_t(|QSkU~#-VTG9{P9f8a|lECD->XfqE^fHGRc&#kaAS*4IQl@feC;I zViv;pR;a@F9fG?pFkQKTI2S6;{VHR2Z}Hjr{$mEU{iou%)isf?-?}G90PL0pn9&|z z$(ml*Y0RlUyf&_Q8jDtZT6GH2NbKQlem>XXkMG)Zw^G5<;2r_mTw!Q|H79haO?Sch zL?LkEVavkA=f-K0e;T-CyqE1h%)gP;(vfujEYQs4UE!7O(xl z2fYMU!JTrejoSN-oH|oHf#G^104vM0@~~$H$k#Zhrwu29EkMVnEH4 z9|R%PGor=(sNyYDi!qSIceF@pN7y%o3CPaoe+}ZGO5qQ!zZXnN zs^865d#PEX?SRw?5U#bjf2InOc zlYX8}q10L>!gyI@sxuxAqsHCDnDf{~1Zqz%hYLES(d0_nCRRo~*LKfv$;Jr&(-I&x zf~-)a&1=t_PLXVUV!Ehtnandm-Asdv+TXN+Pputs z?mZqp=iVDT2#zr0j7(~C5VQu5J!mF1RF{&aPVvzQ;lnD3>O;;(6n1Ti!`f1A# z!?xAl#`i2V-^mH6aWOnp3Gm8--NW1uCD2Q>$Ixh+Thk5E4m8)kGBt_gSj}jzm zfy1p+@I6TYlE$VCD^hw(-$OZ1eKg?FxhPw4k$_;EcAov(D9s}@E?VvCU_uA$cV+cS zvpH}x_WHpmHs;8WFW%mU+wsoeTmzcb1Vc(eqx*LEt~juU_6`R22^`)d4h|sqrfOX> zxP}$Aax9<_>oN4f@1`QcH`m)rBa(C>5Z8JN^;SJn_M0sn4$~%sVjklbgoD&s$BE>! z1M^z6zZl)+wdn|Djli{5DGT$v;n*zK!B39H{&lYv1Y2Dr3JwNs|hpBHS zt&;N?p!+gZ?~07N1#&@eA9W{ZGP!xyFLg}H#@Imut(1Dn!pUFLt|zzu*uP@}c+$CB z_$J$hb?V2+Cw`sx&6G~qXsXG@g1w{{_D@Fm3rSO^+6VOuFFyhq_Oqh%55!WMCmKB` zGN|(5y?ZX!IGr2-$Fk+(uo~V)>!3M~4rCw*AC?jP%L>oB`S;Fba_Lj|*Bhvnk2pX2 zU!yY=z-<92eiKF4`yD1F-uSRp9ZrLkjMs%;pX2QqPgMxnM@0(3ZfF1mV2v7@fiFA6 zDysOSkj!`obYoc#N;564Zb@ZBvPj8W<;@3>Az3K%^IvzFI`oSp_1xcIt4VB5*l9>w zot&C_IoWDsqwI+pu+n!saajmRPtWYv8jMy<+=^8d2)Qgq?v!#OTW%-16+ohY?rJ5QL5X*;h}L5 zf)mfXQXA)$g%^Ap^{k?~Az>fNl40nZPim4VBG)xR&CH#3l|&?p79L#uW8z7 zp{3Jur>6^YuJ9*bD_c{cLL<+kUnLr8^)1vry@0?wPUpJJ?(dDEcxN{Cv8?F@Te5+? ziBD5egZ}bKO~Qzo^>^Vsi3@VizH(Xql)}?I2z5ghVuNlfn?VyHgXPL z$)<{VH6`!ZpT?#Z9A)C{UoD@h$mFFT&!hV*M%!1iRsHi_FGUKKE2063*}H%BrTDMe z4eTKJ@Wy)Bx{zb~t4=&O#uX)e{MSzXYLolwk{1nnMSSh*FHqSr$Qc`p@_#L&o%kOS zY~(l|N#w9b>0Ge=A>oBDZNb~(@OJPB@Na7ZaFz$p2D&)Tl_N8qZtl6m=@mu3K?PgS z;9)Xw24^1OrXNSm1Lg*IrhGuJhwhw)LN8|PW8gEomif#EcmElM2Oq#|juS{Upmb81 zdM0lyMMa3=th;D}Z#8a*Ki$gIQ90${1Nh&+Uj7H9)qf+eK9wKUi_Lil{xf-T&MoZt z9}lja7(MY}sM{oKI1o{^)wwvi*#qi}ZzSLAz&o?0hUS^at_JT4mk&b{aJrKTpS-f@|4jYgL?OOhG;z_lXs%5y zpUHXc8nw4|{)Pm6Pfkv8!g>!0w44q@{*c__2kgVPi;DH(qfZWVzYzPeycd)JYf2A{ z%{`asfdA(DL(;1bkcAtah0oR2Pj0NMNnNC%z-P37NY?V;t7{ThaPkWBXf&{P#uNzqQ)G z_3VEu?*Gjo|7MW?pUohRsvM;y=@VXz&Uxzi>Bl%&D^bM(II@0jZv7!X2rQOgKkSgTM`7ETTek*`F*=Vb6v{3JR zsOe$h;7D4T_^an>WV=jM4TG31W9&KYcf=d=RRYhow=?zD}mrNadEr8;RDyCDtw!c@W zj}c4GWhQ{}wb)oO<;1n*;T<$GEv5v|Ws+)#WG&-vFWqaC=nMM1{+W)n)Nf7E_Z!?6 zs(1dJI8FR{*qjO2fTf@_RJV2EFEy^GA4A5ovt*Aq_O(p5{sN?W5b=mUjR)V z@9QX=I1#jv75MYJ(gxK)J@+M+a*ME-ZvlmXQ5n!lT??ASNmKy($fiAnF%F)_2sxg< z06L;i&eA`3!s^bS!ye<2Suia?hCj6;-r}@!O7H^J01dJ0(LOx|T?(c*6)djZ?V|g!wIGyi0@jS!^#%C|h3neI+H|1#%Y9G+q^x7#uYQIbU256LC-wN}~XF#*Y$G=?Jozn@;pcevb6Fp8(01A$t0U0n&Z?s*KAGf%?2!(0k)u8144+$dNkgO&98GG`AP zgH;^ML3rKOX^;>>1~b*6;BWuKn!%~|WZ?BLleWVm3HDcPZ`68dgX*s?+qY0=XNR(2 z%VV3(&y@+P_|{T@T65pmX*q_it=8zrj+NlJ=UCv0k57+4ESFIJB`TAtn~xL2s06N) zm11a6bscGdNgt0ao*Vmldn)iY=C!xaunVUdyX!GG=+uY5S@1)C+#U9-WKAS5eI6bv zSQvwmpwq_GlFzjJP?X$g~_FqMNBb9C{qQG*FhNY`F1d!KD4_`)KyA z_4E2y`Ds%in!pji!e}BRw5o$BI}%eD4dT`;+9uu{+4E5!UEHor`9q?n+fwOX{at9` zD46sGDSyZ#kKH>WN15kv+#&++biaFjs#z{yDHS%m7D!n?8Vjx(d4`fJzh1KY_Jws* zl4bW*gH1>!z8_aG)+~2^cRRD1A~xAgqUK!T*68oI>(QzC*lDqoJ7HcC?Ui@38dbgD zsprQ3rpYuLvHl7el*ge{FuZNaOPmP)U3s>sYAz=+TP$zrp6BnHH0|1YyO@~LQQFaJ z?H%?8JF1N5ti0KNpwhzKS*_%zykB*!@-fxM-eVFA2^__G zW#k8WauN4{TnqK8c6aB2O1Hf-HkyYGuP-T`nyh9NZi&pzS;`Ks>LQX})Ye37q#8dk zh`nq2Ia7)BcA}QTz2u_uLC9t360YSU`}f1gsDrjrkH;8DXzIqcqD;=x_O6d?DQ&T| z`F`1T)^{2=D=6*-U+x;_XbJhrTf-c9>mp4C&^Y)l#^YRFS~1Q>XB#n0ANeOdJNuQ{ z!)#4GxNO4?0rRq1jY6$#i?fYL!c<}>uu#RMv{78-3u3K9H^z`Z^gH5~R|+WJIXw&B zymStNXW~54n?4MYM(pAM>JCu|@6f?Z3zNZ088+4p19sCTqwT%Ns`m zLM7*Ej@^s=K?8!6!JBy_)_ef)nh|juZ*7iuSeAG{TUr)Vir=+LZY|p{)x+}F2HzOH zpS+9-Q?ZHWxtHPM4~WWx!Oj7Koo9jBSbCIER5{d-Ut-Sl+>%Z~qmY)V#NS^3(;S}> zD2s71)>52m?6+|zm?=;g_6j@HHTRF%0ShiYODoH%(i!mC6uYQzkyYIygSb*Og>XIX z>G?w<`<4su%{_&jM{xtZZ?yxYs9x- zVDdDmN<-;CU_?&7)bFJ^zFGcI<_lyxO6oA%Q;cbVo2KJTz6(NzNVyzcKH z&UoublK?Ob84*a6xhfk`x&@-EOL8mwT~1-WZROGLLUT6;BECi={kC3Nb@;o_C1nTd zPi}1B$3^9_*0|cytcyf3q?76IpW<$4SdnKuziWyC8?D1yF?wPBv}fR}LqGYUOD{nO zH8ke{w8#hF#ILW$m@8p-CVfW`L%{ETEz?*)CW|+)>;$@x+-Rb?NhSwqm!om%B)YKoH>-erDA= zG?P*WE%9?!qJ5$wTyNq)luf^-xdj>B_wD+%AkHV305H`NF?_BeuuP(mN;nus+zA|As-bKsb)0#+78G~sQEa2@Y?&h@0iFe@7W{0X}+Mu5SE&<%G%1jwyRfQzYjSW_2D`WR?!Rr1mtPMXPBWFf`>1Eosi;;Y^TmiYg$9-h_a1+Y73l^s;{{RN zTt5+<7`mKU?yf=~+s1b@LGeS`kGBo{0n9~EK=A^9f{U)K zmPPQ4A!}V>E(LR%klclt8$6yK3R#f~A5=|0u_!!-)m!e(bJAp*>RR&>XfDc{8L{v# zkRayuS#rFSza5HZK&ri>^{s7+NkyHJS5u71TMp*B{w@l?!3Mw^;3{U^N77|cZbTH( zT{Q0`l~?B|pt-A@1NFXS(R^#_*H6Ctw9~+foL<7FRyATRHVXvtvIu#64HU`XS?ZxZ zDs3VmjijA3e`geM(=gQP$q|!LhF9ds zc%_n&+8r(r+T!Sa#j6uKq_7uwORO524Di~PZVA-9%ZU;Z`IO+86hWGy7;Y%=;vW0M z7?HaVc_Kwt;B)$`OC9h~Z!0cLN^7VF%(@hC%1qK~v}FICesgBC0V4h^y7s%zyh$`ciqpRhYvTqag?1sO)UQ=+GgQZ zUK;4`Q{n<9@SAIi6VWpnK+aWv)MQJ$GI!JMx}6SXQkZA8@sKqW-0=@dxYcF6ZaG0? zRAxa$mpE|0R`y;^52NL-Y(;ZUhvd;lfUBe%{_k*AMW%F!yA4uU-9VRxqlx1+pI zFHqxYy8ByL6gyuOhbWggw4;wupXQY5hB!%M*7%}lFWT&Cm0QUM8*Xif)%^8rp< z4rU+Wk0Kr&a26036l|FJ1Zy2p-NJJ=r_EVCykx27HZsit3sQjGxcqCWi9EwRXn@t9 zbV=9BW4SzPiH68;VzpyMiB_2twnErao92 zlwobl>Vj0KH*0F%l|o0H5w_DkOSPXrAY*-)(#LBS^s0MJEWW;I3UQH5q;Sd*f>Z2( z6o(ar-+cvIF`XX7DX}L!M~lFRZwW7A=Obd zcEfT>I~nuMEyVw$*LM@0vwx>765!VgJE=aKU)nZS{7SMOcaRXINJC`yKZ+n?PkBQLC1Wf|BZ{g z#Yvw?H%$Lr8AgxM`9L2EGhdCNe>(B;d#{s+FQ>+pmmhC$GTJf(zHMgkBWY z0vK@a+1vr^=MO5*J*^;_=?IO}idzfa$=U>L^iw@@;%8TrPb@+>blykKc$+~#lFJG`1-Nh-dhqnT%@$3-5C&ukrV?M(>UtXjE*Oxye zcZa~|fQ78~7dSK!oMsf#YISF{CO7*IA_r$IENZm1^1(Y^dm!8f)*6ZN zMMd3xcqbA&bTx1oN!ILyV!;%KDtct^q*h1wvy|5CxgALctA~Gmszgo*ttbCowm;W} zxYmrd+YA!(axsNHE}XlCo=p8g=D|`Os@&H*&L^7tP>$I&Xk6DKHhuMgVuvU?PN2!( zH8Qs18_CtEp_LUjEOX8MC~Oo@b>}ib96*F>=0lg-@H@G_fnQdb7<4(;Y1eqgXAaKI!z+4*$MrYW~QJd2hb8}B5wOk$ECOoSQW=8zl7rH`HPw`ew zF%ly|L7V}IJ%-q(4&>GR$!c{^e~G<%Pg-5^6WLNC-!9OCBXBEbS}S063&6s(PV9=x;7pS-Bq^J|!&Pa&%RT2)Swr~y+n_44m> z)}6pxcyyj6)CZ*+@3TUy)28{|9B(AV??0EHY-BL5=ZbJh&}QbIgNjrM)Lbv|0mbJa z%r8BEmbNLNdP$ffc8|1I`m32YP5K1O8saMc2mrP6 zR1kSEIx*6&4*E(1I8F0vr*!=TX{V32y7L7}b7UcLUqAJ|! zQbPR>rSt1P`9_fe7#}un#X4?dA`4?2SzYS5^|ZXGC8&Vg>zi^fS4!rUbz^hEBlkYMGKYM9wN_+u80gBcSj`T1WtA`|!%l{!+QjWSSzax@7+6-CY_OPB* z6v=a*tV>0P6Ee}74{T}0GH02qt={myX$)5NTRt-m!;j&<;-4=Ski1?BBi_L;psd66cFhFjAEw|eC(nWEfvXOf8`-t^@Co8dWf+pZ}(TF+dh`D*t#+ms(#h?yT@?7<#PE)kxTT$K| zY)Ig%kU}lS*j~f=*MDWIT`!xW$<))ekocEpoXikjYIUeJ?t@=D-oF(jJyMgdMRtEi z%x$E=OQ(6H;8DEV+b@@rJ`b7Ygmm9ViYY!iSFY;<&&r>)^04AZoB$8BtqP~&f`NiO zCXMnPwltcKgx)C^x#*ye)N!8@)ZL?Ay}r=QX)f-zzK)M-?(A~RJ2S_Blj74al`?t45f|cH52{$`@6_5fOBze>5pt!%e&5 zJN3LK{dVoW&UEw!pU9!BLc^*0jpazu6SBOV=Eu)3@)0CXx=v%xUftbhHc$duE|Tv_26f8Ea1#Fpj88e=Q7^yISE z|7y`Id#s1u43&;U$DwHsM9#_fkh9>1q~^FC6U>Wx^#u6P~NT_MWB3S>;4xOO0_K@GLpd&v*qR>_(7N zN#2q}!l>p}NVlx_>09nO8`xLZw{-pnd5fJq{VKLDjl}SkfSa2gJObll)h&{}iv3aj zy$P3ZJ_|~T?=d9*NU0-$s)t{KIpejk@*DoV;Y88Vnz>@TC9#(DKE<6c0EIz`lHMjGzXHYEEXwzidB~{NgcU zpVyWOvf@4$BUoYuyLBSX!lPl2u=Wp<#f%N2p5guNm}#yz8Zdr}^yR&9A+dPyK;TpF zYuSl%dtjr!kjRNVLh=yI@phO-pNjQ$J zPsU=vmdk|)qv#?5M+#7tP1$zY#yyXh@;dDCZ%o;<6)Y}E76L%aGX4&LZAjlrPl11r z*XazD8?G+3ynJoe(prV9&BXS~+vyMS!DLCxA;TjM6+Epf4)e}uh8Zch8+`mBlxfVA zJDR<>RO-|(9Y|K^y}!)1F|U1Z(A~;qc_@yT5-1?h12si*=$Oi+m&{d_{L*=d!uP9H zs$Ujv7OnlTr3W7DlLbo#w8aLgiGF5@P{vko%I|py4 zx@8tG0T7=@VPi&glX_g^AiqxjC;M5~=2)NDiN!PpaiHoDH(-_kYzo1#K+wuG9m~{| zg~+CPPTg^puy_1|UX3-lWj!bodPmz|x9{iiQ;|*h%no-lLHcJ3mdy+hz6S6?er+@c*x$&eWzn=PIcUy>#%k2A zy2mOWylCM10F-hvR9x|pu0;lH>^sCAOh%PWiR0e&s5#+LDA?zu)l=Zo=hL7ypG&~g zwj)&L(}obk48)^PH#txCr38%Z6g) z`%&SouHIclkpZ~QSS~Wirl~GL*zKy+_k9Wtil>`JH&dhBegb86caR)DahX2M&(p8G zgPy@@k+&xO*PE7$w#SRci`#ZYxD$ZA=yoP3bJ2ppwi9Juv< z_kO~ft!O0O)^x1Wi!0ZE=R3Fr&5fuq|C6hb{I6bXG7>yceRbeCa2RojtN`_2V>e;Qky%#g)-qW9b=nP_y z+XBasEQ-dMxuF6Xbz%bBa#571D7 zvXteb3NG>_q`k5GU&P;MaG2*~OzPs!RfQGT;?P}|2#2J4^x#FqizZ1jW3^RYU{Zj1 zU7S|Rxqvw_Qlm!QHM)QJU_-?{$%#!4C@j&S$vyM?y8I?s(jmp$_xY zCmhNdmd;*k>d1NS%{+JHHu%ppvtEJB(kzF^)L>U2SMaNkC%o)$+0@jw#H@WT7wp@- zw(N1px|;FHG-yxSIGo^)-~Ok%( zsk=e)OF8pSi0MU>m&ufANc$44r>0MP43}=pc$pWuK7rojHE5vOz3-dFnZ7PW*W#Qt z@-%lvq8qK#$s^f}SHbGH>)}PZak4|OWK~^{m*1v~_s+FKd&quST&(fGJsK|#{SEY; z6M*s)rhZPa1I+B?N1l?E1}%4Em9u;P#*}~XFbiXHm27;}-KS#TPlY99rJNb>(&Z=3 z!-q-!=1{WjqtKkz&oPRkntk(A(JtlABXWlu(L62#4i~u~vRQlr@1BB2pFSYJRvHpacUR@jqQFHCksSZHgMJ0V z1U-5*R%4RcmpbV`-Tw0r$-?JNMqXV$3u@7yI6sjjEPbpZ?~2wn`fJcQld7@b#oum3 z()1SSl9#_#de6T}yJ73vZ8gyi5IT7fG|r3S!2V4042uZ&LXimvy}pTvSa%x#I3ms- z_KD$vm6G z6Sn*PYejRLWrYE=NeM=0qXQqO0_hO6lzDfPXJooJZOo81Ei2jgoG$|L?Oa+?cWw&X z+dnYW?G?x%xzr3GWUB>#F0tYxV7FGvfr?#n*&%yQbsZvN?Mv6&3c~cKWu_1PZ={r; z(Z9-Rkl?@{wZiFsd!XpKcfIB5(wm=%OKhq$=DkpVGXKcu#x<6=Z?1Gx7D4Gz;qAys zRw-vNJxrw#8cbtv@O66dN44n89RVdDz87@&Nxxp#b*SfFXIYa!=spO}U^m~uQpHqT zDsI;e6=;PoNieh=&sr$&)80yh>v*`Xp?WqyT zg$^z!sCT7!m}lT3oL25F7j$0s*5c>lv?V>J$JVN@5&}qR>#{hr^af^ zhM&$t%nbh1)m7wwV@7HD;7EZ<&}ORWyIInz)0x-AnR&nG4 zrxz=YDAdbWFuPLcN26WBWDKv%0FRrYxcT{fdD-Mlq08dzbemj@ zpz+LMlXXh!;(_FL%gHFN=6Ay}1zt?%4{COt>Qj>T!j%OYo1qdKEfuO@AD!Dyf+;AwuU{x?Itb!T+m>_|;Z4N|Sq zxHcR)VyyrR#OGtlesYRU)U_{Nv2wZJtySORY7)xnoqnA!s=1_tDxOiZ1m?C{z90|y zQ|AkSt2WZGkZz_cc5#o1V+h9ynda>$Z_`dnIZUD-lM{dg~erO-S)f z0PIvHu-q>@ZoGE-Vf;hpCjuCWU!9n6fe#-DeY_+-)rW1O+Fx&MlUI} zxE%Lj5W7lU@4sl=jSzshDTu{I$msl-d7S4gEC9A27q{qolHCSQ z4mC|txL>wt?5(EqEb_-!r?IcL^9`>vM)&qp7R##V+c-J}uW0AlF{j8Ddo7s#A@Qg> z1SRDl__6RPuw!`;5bOcj7Ljj+V3^f{u0d25n48dOydGV9zu+QCJGy5>un~+)Ax}E@ zD3|Gv>0b|zb`};^HLi+5d%2YA`B{4IW{+_H>k8Ca)Jq~D2_!G1Vjl_e1vo6nMS*U+ zoLQCT5KKq7o=thuOjg~mXcaJ$&r{rMs1?6dp`eW}65{QdxaEo^cnyfbs7JF^mS@c4>q}d-8HPYvzgKCU3Uw zcj4YDmWcYA-t27^6yy+O=YYaeYn-2!*fFpBu-BD*@~KVUI&sDg8y=Y%d~b9U%eS31 zyNyHC?bK>7=u`sX+#&t5|5Z@;AASCRF3{74@uXKAW)6dHn8A~^Oy|K$ABwQ6&NGMcJ zlI0EKVLQ>J@Dp5m^j@zRb>HR|z5jPV!v*wn>cA*U%D$I<<%%Cj;-ts7pBY!9g2Nc0y z!(aGX=@6a;_Tz^5J&TY#Z+s302fw-vITyjy^`@m=HPIjuENkXPC2pxQAe?w>$?gzY zMVO9)mvtWy{*WNY_qs$@tmmYjVy)`1M>zk{X8JOTu$s9j2t_50x(~@cJSlWdWQH~1vzDNLWD2vc-ydS@?HZ` z!`s^M#h5V^1UEDdUa_2a_PB`JL-@=gt6zmF`XZctLDorM_Y%F`yX2Z?jSnv<8s&7t zd1=8;<@C_5Zex4|Hi4dXi{VP>Fa>-wICG6P13pnV^1y6DCPv0;QOHEK5%$KaoBzp2i9TgayW{!ytiXQb&a;y} zB$iAGo7{pbpE*Fi2F$9(V1{p}X1n5UCsCH#o{V1A@NlcDU{Fjq5$XkZFjJ7**C3Bi z$kYZGSux-aB*2HNl0eh{Q&N(`i?mPG&c=RQY2k5IUD7jGcSElqEk~+zSH%C|Bl&)@ zFX_XCUaC6To5LtrUnIlC@^?X8V>0x34cJ51fTA6J^R5%5bIUu0MvEU``2F9m^WSOj zrzSbD1deo(_LqNygF%vbLod{Vn#rW17t4|J;?42rgB$y&)Y6r+r`dWk0(Hp(y#ni} z?1v)O(^IIWZ~`|~8P$`AR;a*`nQs)mBL78I2bcl}#tJJKSrTWK@Itn&QH=p~FUutPzts}(K ze}Loe?847fWIVxi1k#nvPz3d;BI)uu=LnQ^Rz!gh1?4r$B;~LWbloZ3;8& zR2Y0k2BY=?#_1N=ebJI{wVmlSvvCT39lCNP>!x*nf75M!@Lv4n4_7%0?_mI4JY%gt z<_Vc`S=rAoUTC#(pbT=ht8a*Z89}O`y7`vb7N|$*TiKoK!I^RU=%Oy7 zeBSWOmb!E3U5yM{yLVSmB>Ytg=>TjKa?THPtQh86=}N;MnT7vUC9`jIabg`R>b8ps zo{=HD5pSS&xNd07EA-6WD0RbaW%y)h#=m=(x1;tee_9n1o`+uz3sshe9}^`t6{*fScj%bvJ|{K{cYR#whM{^|8qp*VivwU)Ijc zULlWumsO!+(?d|Zh)3Ll4y{HnT~`ES-K)7(*+XmNA@{>yjCUnL*5BI(m5B#m>h@7Xi0OyU~ZY;G+IKB-;S#GyKg=cX<||FoK~eH z9P1kA#73LVA4%W^JJ*xC_i|Ub%wH+)UO9I0uO($rn4z5$qm@3|$Xz?dZCHLH7 zu{IwXWQ(v{V0WUV9Om#2ea^)%;3kh)h8lN6c%g}_Q_+Cyrkzf3)u(qwI=s--dx#~C zinmXabt@kDfBPxapYcWKbZ5jqa2muh9LNO|#>?bwyI-WVEi&MPRz7{PSbz1SCf4)l zmd6(8h^J&maRMH0U0K)-em^UU;Klo6_qK4xY}YIYEAgN{)7$llTzSc+WqHY}H%L=# z-jT4Au^h8(wuWQtTICQ7FsG?}Y{}GcKR2E`HwM@4-zkq8BvJ0J%RXQC}=~^RvaQa2_ZyxU)8mw=V9y?i*aQCu|5r<^!YQdx+ zu9+Ra;#YX1me^&iIiOUJGdNyguwywt z61H8D6KX!tgyyOo4BbV?v0h9t=;Vp|h)s-g&b#m5?*i`1-0zB#5`J*b6R^z_n^hOz ziSmTU8Pki-nRFnY8Nu+CkCeYW%pU$m=w(QbeS3xpwC84@igpH9g$FlloZnsw9BCvr zl`O*4#}&mqP^JWxi+o81Em1MKABRcrMW{fJ{vX!fGpMPy{TD?k7LW+iTToD>BULGh z#;D=aGblI$q);ownS#)z)8a`E*? zuU&6xOZ!-4207Ud4EY&UzqI8XepVfC1>885NzP?g%9kl#zcc-uvgFE(Mpl9kt@m%o z%;xzg^Y?BKhK-X_$NmB$22i3*K-xI2*IOo%B924byHvt;= zS3XH)I9k9Us>IHHiH$z-u)cm==BFcEGFFVsFH5y+)cZwY|C;yNwLQ6JfgvB;i#kBX zul$7at{&Nr5~}*XZ?v;0Cqy-O6>%f=&b^aE?i$!tptvXk0J+X0xlT*y;#=7PFHa(? zAfldAA0UaN3^Av5h% zD#RJBvL|pCIvp~Tq9gb$;>`V5So7HF1}qd32%5DfXVjnOU9>^!=pK1`a+K);cmMtd zYf!Z|JvD&v`Sio$`wmBkE`x}T{DGRuD7D(Et6v)pi;1<@0<|1 zum!PyS8Dh!^}O`KyZO#gwZwlJT&a161d-Q3<&AdSv0)S-lxwI#$Op6?*yzGNgp?H( zG9-L%A?#A#Vu!gN zU&D;0z;o66+}V(r29fVzs2$~jSa2nFO+uvR>W3V*GvcKhGS`K_~agg5W^ z;JU4M`CC(}(;4<$%+H|mD8H#tE1Hvt$h7h>2aKZECBm6)Sqr;taWmw(+Ql+OJsw9( z$K;!RdvcioE%4JXbJ5sjYEwsi3Tvr~ZPn(cTe@eF|pVE{YUK_WnVdPCVL=!(Y<04+h@X z?(DFvag0e_o!)ln{58Gv-f(BR25P90K0@dZvc$#7G8b$;W zD_-|wT3*!JC?jR}+S1Y@|J2QsYpIOScWsy%nKrDWQhs4Ts7pvqigg(RV?%uO-b-H7 z9(`I=rsI+UQx6+cm=ky5`0VcV{0jr~(Crqm8lZ3CqCF*@>lj1zL(e*2T7{dP#oe5~ zBI`pKlzJMYrfgJs5qQc583kbXAf)66mbi8lJ1OYZNrh-{>a2i| zx}^@^C7FYe#Ji0CLhN^|%Fym`ZG-C5Je2qntmn;=;YAOUG|w3;y*SHj(TrOM>JcZ` za^OTCBa&L{sWt)H4dR3*4V8cE4k+B zi6y6)2Bl<@k}OEj_An_65hy!wMRdAqb(nSVeQ3ZZnq}*ZGk(@OV;j%)TKVL87>Fuo zwPXp@j9mJF8_w2LDz4*u{uaTV%(3$pAQohi=EUGuAI4?MN!PU9!-VYJSgzLmJ;LjQ z-Ie=~{y2%f9$~PIHWl|r^U%2vajVRk5#>n1HGS=t6hyFD9WE;%{i+ZAxge^K;1tc& zr67nzFC{c|C(uWr->MQIs>sJ95YgW-&YX5%gu~6D%wqkIonPkXm!y@nMl35GV?Oz$ zF&8*AafP>ZRGRJ09D`=t3CoEz!!=R* ze=BOSe5Q@#Bt`>LP6;HY0i0NOyqC(b5Y0QY^Y8WgJaQg?vyyX3T$LiP&Y>^Y(C_u0 zehJ2n`C6jBKSb*Ey{4n%+G6mkL<=m&9M4{bG?7}^24eAB%iT|cAKb~aZ+KpGrA^3>TdN`BX0q)^VaBAH7dAa!H@J9ruO?HmHXhGSA4a`~JD>>!0NN3ds+=BU1UIPW%=b z2zMDfWdCJw^ofRC3bSs~%opI+&Y{kt`3zRSz;x@%TEIa!YMP0ii42Uljkp-J*uUj8HB7ZW zro!;Au8$f$`u>IW&tTq3`b_d)iAf|jwP|vRLutklr;;Wo_6Pu#B)L@T8>^nJWkN^ zx;AmtpVcegm;9u!`i@L@;Yu}Yt&nNgRLvF0r%A{)iu6NLeiHG}c+w%N<0Z|+u*7}d zb|YUp&?SX#Di!_uz}ct>|zl@v}EAI1tb@Rsa-AeVhuI3r>}v#r2X8K(mJ%{Tn;o ze}~h8PabM~%6n=GP_vo{F|>6PufKUPRr=mkr#+RKGYDQ33PCRiOCrJuAZRuY!Q$C`h5nS z<{6v1NpQ!lgU_rxP)@W9=86Z5V-F`syG&Z|ZpU2NB9rE}oq<<)2dn({3|Ff4Kr4@v z5erR?@zn(v@1_;l4)t7{#$sqEU5vy$9Z&OJEfouM?BGo~FQP**s=mi2HB|l2s{p3W z*C(dj?!8tg+(|=PAd?Bmbs9g#lPct?Cf7J&2c6JVS>=vjefkOEoP7|6Ut|@kmhnOi zXqTSjbk838NCFdr+n}?orkO*NJI!I}4~W#Oxq0$!-md8v^JC!~N%opoIJzGs;hJTs zG6-}VFk}r!vJ$kI!xAgqh2Dm${oDjP(Cb5)P4*2 zpd86Vl%_C}ghBlj=vDdAC5`qu?;?SPd8^h?Z`TY2Az9fz`ycj-_^S7zE7Q;dq$Uy8 zUPZZCQBm?n27c58cWg=9$}}^J7ORil(u;~1@U7&$b*(MY^sZox7jkkR3^eF1`UBz! zjt`V>Vt7{#O^fugRsdBPEd1_eLS2ztPLK@wpz)*A9D@VjbO^1G8xwMD>a%0nm&|pWenc@xOnwZDgAQgc7_jmjoG9^NiJq(YP8Uj5 z1!@phD_fjWx^48!)v9_*xwf;oq`0|Y5#UA{WZqWyod0tFt8_y7F?M*?up1>r8p5w7 z&2FxSEw>X^%ZhQ6M_ETRDxnwT#qWfC)SZ!e(orquD3mKL#ZWkkxG9ImAw zSv`!k`HklUno*0b-8wQx-t@1xwfYM@Pr<%W(D#Rab8SnCvb#xnOkeP(v=CQON9p6p9DW4*Q%Q~ z#pyfCMl?^IpRaJJmUxaKER+GH#Aob%Dy6SHAVg0Vd+)xqq0aA+MSxmW1 z*>9h-O9`oXKzR70e%wpm+kW|?&lN`2id?tyYtnBj&G#})4CY%g{3_@qU>Ute@mW!) zDJDI_d1|4^?N;OBk^8!htb*lJOzhh8>DTT zw7;jaYJCE4zHCW=v{12Z@5cF=$oU_^j{L%&egCOS6$oyDM*IzK&k-a~7S&~JZ0tWp zpoUH|)f8)L6GZ-~5*~jLoY}pXs_%M1{QVq650FiuC_{Q0XkjG#gz}*IeSrUlnP-}g z94!VdR;cg=*gl2a`mST(oWm1G_T z_#OAdZVXVtvAyGafE|Nos$St=G<2gzdu|aFw>ME zIAc+k$5um3g zX?3GNe*egxEU|pp&Umf%$=xKjv&;;>fa81(%84kmJWT*5_@wg>9RsVZC?z)4W5<`& z1xFp`im~y^6r|>lqf_1Vcsr zByhI5;Lx-DM~KIs!3(kNMXKAja$b=8T-KXI+YlR5Nm*h*WJOm!q6nkdh*TT;( z`~TB>{#CC~_?Ma$wZUQ0zxzp=7YM)|gJ_h*Zb|9Zk2018;iB&1jhrB?SWu!gwNfkNV2e8yIz!b#-1no*kxnm z0$bv(VFC>>Tdl+JfXm-5G#UljvK#eU;^e0eQ8N3ymby|A2se?;%6s_sK~pA2sNp}Wo22dVynW1iYb(}6qw2wig-FaZUwWdSuttL{73NoKEa z;s&m-GGwi;V|y_j{REwd!IO?`%;@3 z8g3u-3|Xg!Dpbqwo+&|IA%de&Tr_EtdE_ym_ZPs%Z$K}&DGa%$9`0~_sm*NRt0;=S zNiJ16+`=mQJ%SK}|0+2kz<-R58RP>a%UDm#y|;u7Nj7eS|+SEoeKXd_w7@ z+&{p#S^fK!iq_!aFQu}h+kNG{`U4sL~SBsgYkL_6KQp%~HY z;G5xR8qQ%;97Vl>_`A6}9gb3_=~K!AR|kXJ#uj<%;Wq>|)atXvgnX^L+4?fp`SU)d zd1m>2h?q^CNUvwfdc9(J4)GB0jgR3O{P??A5XR~@ZS)9!ZI)|iG)?MKgSkX%J5&C# zLAUvYCX{MM9~B^{apY6=iIB_?IOl<#o6JAag_=&^UfcDq?axkkWaGO+4T0;OtvL`H zu9D?daWv>L^PA+M+L-r_v;6hN9@6`TFK^}4gwE94_j=E_FEcxi(A6l@YeI9Mo0GcK zT`es8S$o=a{eRJ4d8k%T09B+3iV z1Nt>>@;$k?#A>TC^dIh|>(6>xp2Ha#9QnYOpjpsra5x5N0d57yo6|240eVKZbtEzK z5_RVE!^X3k#?*%y;u3p1QvDM(s=7z=9Q0lkSJP>hH{PY{oQL5@i$zxRFf%vEyk_QQ z+xB3YgYJ#{!W(X1Uu=Coe^K?b6)qrePZ}7?^l9gT>UZ?a@-sMV`^&KOlc<0}$U(Pp z9&-7rgJXQxXo-nHT-Z)AWEMO#x1 zXt5lkYLjgfu$g)Fu32Qnlor)*J{Ufv=)2`9Aze`J{q!L>zh{0y zPk=8_c0&`mtFW*>d{vfEzUw3W!n;tw941=m!5Lpltm^ zMbARrsRm)RW~y0j`ttGe=)VjwU!|EHBpQ%7qg(RDrjI_yPd9p}g#GV}MKpxt5u(@m zEKc$C9f}DFsAP7Q3%5~n|4EME+QO;5`Cp%71E!`Q-y0jUf#Lo)C*w6`?RDewi;bB> z2NtKhGEWV!v?|J^^b`s60ZRYpZ$L&5kynB1ErO)f=2?a?U+M0WebAcEIOUojG-8m+ z{_%SBckzDV^o7*&uZ2##GtWvjVqE&Ud5fy-YXGdz10Rm#BAT}>hyTmKQaeBR;3<(v z$t?WcH$8pUItBi+etwO!tD5jkr|&((mleiWw-)I$`JBY**ANf__y^C9RcJ~UQpP*y zcq6e*2_olrqQ};ilr9KdXU>#P$`Orx?%xo3GzcT>5PK=E#5F?j+d%h#Fb%?f44^jU zEFYhb>pi~UH83po*i7fF=KdXr6@@3yZz!CrN7_AD5CxWJ~>#qK^Z7TqErPUk(%4gBHLh7uV^%739q%?a!MGa1ky zPzw~0*QH-{SXJSyPH%7+(DegrwAlAks%#pGu3h+7&{{|%3kH-((*Q?kJ{i0G=FYxs z#@@&su-uy8rUbRxaa`CM)dRaid#=393V0B@KO=@)vQ0ab63)B7n9)PZ4ml+5?cK4m ze0EvQTV`;A+lyl#TnlT_mmt5Qn5eZ&`eZ(k_ID3-d|6lU8!nFZLISAO-X&H|8}$`P zNZ0vK840id;E6t_&BWkN%sJFlzS#HFc^yiB6{YGi-ZQ)!?p5?+?ioTWzOICSE4E>n zTR9sObF@4YwL0D1?*r+#0xWjA@^%DWU3hKQF;k6BjL^=U%foJB->q&~6XYhnZwX9E zpsN1@qywk8($jR2aQ62Z0v~I6Z``Rp=BOta)kAmm-G@O?TjAn16LW;L!|79p+PRd0o13T~8Bj~JoN26I9 zVNh-Y5!$Y1l^$7fso5PlouOK6vFVxqRJwWKm2QT{WbBcsdBzeFOe*Ozobe<;l2)G8 z{=khsN~_TQ1nXV5+8UYr^kpg)@{D2QF3QDJh?u^`!m+g$Rx{iH(73UooGH0h@W+(nyjG1A>0-S00PmOqOrh% zZnTGvpmz@!KWNzLnMj()r(THfPriG#@s0m=V9EvbkvKWZbJT5$k{+dq=)Fzg?RfZR zYq@>e%-Q5I9%7;U{L0LqTQ+b54sl%$HOCh+P4y^Fz@R5h^+tNs+k*5t+#Au665sB* z^US+jjY-H~o{wJmx?uT2ce5gRi4&+B4-F+1tATS;=D8);7i18yS1195U^lehu=|p0m%2(mRxZk&Q0*v8llEmY3@&+q zyT|o9xrgbl^ySBIeB-ls^wab6fSvr@nDQy)d<7hi;)s6!hKr+<>*-di)U|5>hx&nm zf#J++yW$WtXbPKBshD?CnsTfYuv{$r{W5Y z{}At%gHFQF^Brj3K*|G-NSnRE`NgopT@fE}s88m4(9qsQ?j#+kA75JTqAS$YkTC7L z?tx%-+SMtX+%^ZIz0=BLKLLfN```qYJe`j^vvszO{ZAWr}4%jOQv{5bIxG$b>IEG=zy8z9t+N~l`3VOAv zfoAdv0VI=USN;fOtHZlo?k+8t{>i2%=@Q+>@50Q!bNS0N0m2bx_M!wuLak+A5Ycwn zA>fjOl5dtMt*Dw+(LeKX0p9kcrssx&_f>-#VtEgP?Q6-2ggt4c^{Ut&{+F1&-|+zW+n{^#5C@*?)?u|G&MgK@jNVJ`K8J$g%zR*(1+IH62`YT}+6) z@@38cJq_9f|5ug}?EmRF^Hg!dSH|_CVWH7`$Sc&Fz>K5~U>vh}?J1h=hu?I`Nu&>R zS5c)$WA26EQ2#(*Wgs_fOq}H(x1_!z3+_Pqyr0#FRdZE9JG>@0Q4MfhwN|Je8ciTI zA=iKX^}`;wWc;+Ys~}T4s>>0koQlN^QVk3%Y%g7Dio6}e7b+_Vuy8OR7Q})8S>}h# z-&40yf17dbXPQiqx!>b&Z3$`h_Qs#~uII>v{`eoCYs~)Fr5A!Uhshnp%*f^o#L#v+ z6Okv~ouCiy%9k5yR;gHUBWgQ6%9PA{uQPg6=DQ7YmPv^*uR{ethhO1s{g;82KBT@> zPk@5lalDgAZa8~Ufk&frqm|vf&HUqtTfPD@7JUo1T*SYF@>Uf7;(^ets*6Z>B1S@4u;+zI6l*!Zlq3OgcI)i>S8pGaE{^l#0@dm%s4>z$)J*wKgDi?ADfu67fd5 zFWcIE0UK4$Wmf<9g-uO~W*MeTm*(S?0-3Fuo;cM`2;4E`-p;gRqf8Uek)x*XjuS}B zQI5otnC$zPwYAp2EzX@2TVL?D`S~wHkjzWR7Tl$+`h0du&C34Vct^0JwL6#}us3u6 zHs5^_BwO*WQt)xox$2CGHLa)S{Hu5!s2l!Ow&Cs>VzE!8@v>Z`*~Zvb*D?Iz*qpA% z%pd#1s|x}=h=#xx-1 zhYtPv{K;zjENpLouCctE#Ij@&bN>e?X&L>0e$0*b6Jf3XG~Rj&Z`u55eS5WA-CvnF zdc{v2G1Dt&FU-pwb4K>I9}Xfv|I1Ka)d@FmJwQs547+v>pAwl=HlCmnzhb)lWJu`P; zmG!vUDfx+u&6_iqCWMwRpayVSKPWN4oCg-h-LOH>x7%c88in6lnc~u1ef*`~D)oG= z38{L;_u`YnIdQh9L*>V;LZG()ETd@naDv(P$KM6AYKDNKPDl3IJY3r9pY>HiU%?E) zIJpa&$K^>3G-aY%BHA01C@>r!;Hl+d%Rb)j(4|2!TRoq@ZxDriBguF*`TQ$0(R8LY zewDp^>C-%9$4YW4$?aXgzr7+jMFL|9u!(G*p4V zTfI`;Hw=KZZ^C~IpfF5kb#?gj9SZj@o?nff>D$9Z9W3>fA6@QOxEcIB!uZ3uiH-oo z^YmNoy!=I^4CN_M$D1EP#$WJUk{mAwYmdwGbjcczKI;`unu`$)tDb>occgANr-ne_ zBXihnQhW%pfmW$$+v7`h?P zxzpig;gsGgk&iv17ZTe$&GAA3Rk0(8&1ZEZ0jD?g)qO6ALT67*?xgXuBU_pxkD*&} zdkJU+ue2%cI?)MXy%v>7S3-M*mC&zv>Pt;i)pnL(v(Oq*i{KEtX9&(^VXa^PhvK5A z^4OEYHC+{a)XNiqi7;PgMxC`qT1?G9OEV;~f3LKi?<{7Wxu^R9i!q_zeP*-kl<@R% z#6`_2ndt<#7 zpmUtYuM(45@iEZzqNMb}BlKnY&1QXrgZ_c>)03(|=>tW-?CuzT zh31f;_qu%>YB@JN2`Nab3O5p$Q#?<^6*+f15;u1K`mqRG(l8`CtU z;w^KW#5nfCG3$1Y+j>**VM(HFnu4PC&ucf6>;)h1@j2)o<7dQ-ag$J|e;F9{(MpEm zlAq_rzV~tfzM5Md_tP{EKx=S_xMI(q zoHLW`fb7LOo(JOATxSxC@b-cF>eCkEaz}A1gYYn>x^X6lc*pd|s{A@qFAUD#5iVQ# zbeaTFu%b9@6AUn<;b%#N&apx7zt84WYX8Q3`!3^Bryi~&K1Z0j@(KW>$)v}*sS9us zXX+Er44mWy-W6cCHAm!-!7E|jOZ#TEBQRstxQg!Lxw~XvL;sfp-8~6$JvHkX4Z%$n zP&D!iDXjy;2~efOt>~Hw^d&6l;`WrEoySXW?5B4*4;|MRt@|?ku7KMt~(z1(P z=i0*53?_l&)@M%MU=nWsqc(fG?W~2In5DxD~RmzE`04u^xH3IFPz;!e@@Up-h2edN>KvPVssZK8VwYK*Fk`u>s?bBQc`?dhMJ0LjRV@&mXLz^hUxt6go&aQ2T|Z4Kql9{g zW-*~@uhxZ*M5&`AP&Y}%StaN;+d^T;yloBD>#`JB@~5-@NM3(~;!H?3SZ9qS9? zLqR)*L@_{54ZORjU~3?Fsf1EuN^0g6$oT$c>&5lO-NDI@F&_XpN#^G$fJ&u5H=V!* zr*@B_nCJsnXhI}>f+oBi(Y4=Y4pDtGC~r{cRz0}cQnA^jb3HI1eX;J5*i)`h6WMr- z*1rsq_bFKfmC0slqT?FR$CcqT+e*V4ZW4M?MyVY(sm_Ugd%9*8Prn82NIlEzsBuoX zBT>WTiw4t$+;EJP5TYyDXAEm=3}f=7->DhHO788o56Z^%9J2Cet0etQ)jpl+?qB~* z=YRq92ib~py>giF<8k->I%4HVf*#d#SIKDPTDal&M_7$iUSAH*`-a!~M6{WlHYJQs zQ|Um^1oJrVtQB^#5>u$S_`C7TZTd*vBuD-|WaUTgY&-29hD+to;C$T}3sfJNQ`2M> z#J+??Qfh+Nc0p~KU$@jz@!9&gEUsy@)?>Sis@A)?lSw+sQ+Uj-E zB~Gj9;xO>re;J5%XaZa9=+UlJ+lfg{P2DJ=ss2js_NCQkKdph+dA8=a5=&&H$59Lj z!PUwL>LW^Aw<1!;CxXsKl88d)Y3oNlt8T7Mv#8Iql71IEQIcVGZ5!*@WjT|J4MlhQ z%#K@=U@!>j0cXK{w$pYMDReKLyP;Y89h;S*iXfiF-)8VlHc46|DjIha}a-NAl!SoBi ziRJ_YJXH&Hg_71j2a8tG@}rYkdsQ?ns@ROId#hzf9+!(f0V%vr82EE%jR$r9SGFC7 zxJHhrJpNi)LVz)QS}nX}3x3}iJEB!SG(`$&`U+q4&u?0&^V5acQiYLhl$vtdnXzU| zV(4nc@@w7>bKd^)8QtQ0U#xpoehegE@5E>KO&z>{`n1oF`fN||Au1LrN?|5|-on`S zP=d3%kT2QQ-*c=dS=3^AANhOPq9O*;Jo>Ve~ zp0wb(nx#qL)x@S!q*@xG>P_?00@lyUZzp#4cO51xCdA%5*4eLz^z3z#DtPx8 zBY+x0sZ1h0P`7|!u<~U#P5VlV`3I{Sfi+R)zn5JQ8$v(N zB7~DQiO&wzKfUO#P>we^%RDKsD^70N{0+PKd-)&%&+;$B%qEDQ=UVkO06c@~u;Wt4 zgd=Z}Ty4had>-|FHiiTpS;xb-CYYu98wE~^-B;qvLfnep<;^-+?9J1=mR(PC08iF7 zo%3{gR-n)0UxqmV6?%UdWcy<}o$P}}eqXK+&VK1Cw4!peB=ndm>oxW6Hu_>EO3SVB z379QVJ`ToN`-8hA>WQT`*)$?PRk+4Rc3h?0j~6PF|5VIx558mvATxe|`XER5v<_+F zT!G-}CS*-(UR04zV*fpzaq=}J#csY^xc$eMPuI)`-bOqQ$}hqZpjekNow-?_DI94v%s@NAevwu*VsH`X0>c5f%erE?~6Z_>H(F}s@DryoxNBpeK=AhWl8 z#DJ{Kz2LAC!IR#E?{ogIk)%ByR}HoU;G@@iula#LlfGs$P3(~KI(1BO>&4~5#pq6d zbhT^Sa1@ji!VHQ5;)HG0I`eOk*6F3el}lSwq@{tO%(T1Jl35mAu_5dGa#C$bGeEM;um7<oXvZ=2Op1LO?S zyonM=^4QtW*Vn z1G)g=t*ats@@K_R_g?5IR)Ri;~2*1dwl!(f$dd%hHFg1&* zX}hSW`HRZaShcenh^yKh;v6A&)!{wu%u)*H#?avA>uYGhXv>9^r0UU>M)#T@1!yT6 zUZP;`*PPXBs$gC$v6M|u+|0P33lEpsbR|YrrPto03V5ncld}!G^3ZKd=O*{WnG(FcJmvmw!;5c@eD1#k&gnV6hX|m0M3lo%8V@K*24in`bhF9> zZ#(O?z%rz<_e4qCc7;?ZLcR^p15rf60n$b3aosfbhjeE>gl~Ko>y~<;1$|sC=y197 zrqjLK;;H9u--ZHORH_P%kpe4y0LYe>I4Dt7l*2X@$M*?GVtQghfuKIbH7M3q%05;% zkDVZ>_~r8*(=KT|X@6&Ub()e?N;9KeA+f9xhOnzQ9phlH+<~Q3AiO;}?Y+eF81?Xk z8Lxv!V?&mAWQ{C-0u~DuU<=#K`q{>^KeM}(A9^CS zCH)vLGkMmy8A) zXKAmz{&?akCe&LL*A^5X36-`c{CKTf0N){z(rof&>*iJXJzHBQJ%L*X4i8i6Zu&i| zZe?_XT>-{TRZ8`_s81Br66A}?3OZkp$bwtRvMt82+RKlRqr7nIi9*mKwQ&rK~i@GJxdI7d29 zeKZQ}xjYY^MHAm35k-_z8?o)4F*+wZ*c_B1B~!-v86GDV(X%2Hz$moYW*CWLBz5mrlcw!R zi8=0Ni*BHTN(?-V)9|8TKWu5>+KWD0CaEtS&JS_}tEzwrQ2>}~B1jShdRhM&UPQ5Pb$ z1l#D>DKF>f--~CHu62!VjqMg#7sYCdqnqL@FP~+LpZQbPQOgW~Bq%TgzM)^sd4}*inPG5FlfcS^`8I5sL;> zraQ@9?a!vXkA`DO6|-?`K17E|(BT*PTT9fVY(gi)1xS3!&je}j=g!*eiqCAX6)p5M$9?A`@$ z(-hB$Wq`iN)p)-UT7RYTyO%1mbDE8WQZ;}@(i*cPYZ+(=L^&)U&-*wxAJ7NMRcWW* zgG-(Pi-|9^%E(a^;QLs&36KgRo(iLasK$D_5CD_G{y{r8BqBrXyfo^)=1;nm@_pZ^ z$8IgQ&4JZvFHDFfFI$IjUbGUMlfT`e}cZ37~QDK82Z7Q@9#sBNpbu>SM5{ z(hnx~MbWYqN7P=!{7!sBE0dS{<)4@DU2Br(rT1VMkoqf4pmXw(yUkFZW-&@iGTcf8|p%#z&K@#ae;|20U-DxSgJzxCR$xT029{}AC)7QV`= z4DD=F<3iuCo$d{03&{&Ao;TPkR>7>l@H|j&o#v|~5$>q~C=-Q8%S2}k%TQxwYiF}i zZoH()6k>e&o0n*%+O^A&r~0Jfx6J^hK<=U3E2SxouZ$Wd$sX@2b*Q^!3CvsDwmN&) zJk)6Cvp5m!vCUzq&rm zi(Qb*e8S+Hkh8cxiZ0QU&g~il5v7C!`OSv(EBMR(RUuFpzd0;hjSne_ca!tI@ZPu$lv^)O%$AHvNCh<|Be`k?{`LMsknL(&u-IBwA6m%6Z zYOSl{&-y64WhE4+tmb+5jq=BZybve6c@sh%>fX|=YLMWMsc|b|J~E6sH1MCrpL3GHTyG2nRU7?3p8u5y&AjTr#6>Hv z2cHHXp{Ey~khNaoo=ii39wF5L2fE5IJ-r`hIh_VW%29o~64U_Rot!_sb9&L1mkR9} z&f0i9_6HaI{#L@w{Ce)1Mw5Avd34DmQ(dXw8s;8 zFIh$#N}5Xi%QlJ!`FHIPg)IAVWuns?z9o~B#r2fDq$eriZx~LJqA_Pw;KAK!Vl9rJ z(zwI zxz18pz9brxeG~Unp{*$6W@hDxq4$d~=SF1aL2P1~n$Bv5X#|f@t3jG(sn>M#PTCeC zNv1;cagwx=$tERJ?xYdMJ--MIw8f5;k($;7Xv*Ui%20MIVIVm4sw4cP8wp5guISFY z$pn9+)X({7$5GVVxrQiDuw8Bkvo5Md`#`Y(m?T&aFmv>=CH>xiR#1DI1O)#bFScC~ z=x5Xbnp1E!2um`&PxYp*U%XV5tIS|LXn2m<3X3A~O+^mk`ex5V5D=VN_ z0Xa zkb`8q-S3XLzdu5+Pe0gJxs_OVEk3=nu-q#X9ea{7?^e6FtWOH1>p~OIJGPVPqYNv` zcIWCYeg(tRHoyt&_1U^%g%bU|UwLU~HzBiCrJ8EQCaWxI+9)yP3f41nY zuq)J@!C7(}bf+)Ay+>qxtjoyH$l!(0CS+uNKuUe3m{dG&9E`wa1T44Vb9|rsb5hHlYs}+)Dw|+66Xj;?byCLOn#~jI!cz%H^jGM&>BO~BFk!u_ zGtW+*;alwkT~!6_>RdGdlcVeQKY;&uGL7EHEgJx4o3;07Z-30&@m{&)Lq| z!4N3&9k^IaV2rb6s`0e^mD^G-jPZag()!5p$;5{#-A*|Y zQ#k+xXFJOz)~=M+4@gT&33}Cs^`5dHE}bQZCHusIlb>gGl~-=<1^6`jmKEM^;3Y-f4UH&bhBbQbMjieedY;lzEs}3bB5to@lVW zTGH;01qmTaY_Z?IPE_vf1XM`v@94sB+slj(Vs%3Xz9E~U`WUv(vmSNt%mPJ2-KCU$ zf?;f+JMHcg)8y5^rHCd~?sdodPHnZufktDNS8s@GA52 zo2w+DjcwC$Tr2xWk7>}!#%m|1%T0l|nbJmIF|fx0jC#!}{w;*pbBUQ)6{8|3>)!#t zK6nx{lZj6~Fk>2cv30j)J|gh8_}-G9$j-D%yQA3Cp)VeVaq%Iry~SyzmqCpu)_y-` zyEE3Y#BaqP^-GxkU=&Y|PK>925xx&VX%>-Zo9vY*FJTdd_5p|i%!-!JTT3td8juqS38N~9q zrt>GgukjL0&#ms3@tgnN4|Iuj(nU!k36+57BO-83&j(}+#BmjOmb4bloqiFcmbzH* z{V966^7@yqacc&na@%P8{Y*gu?MNW3av)B*#mlqD6$XmaHX|t0v~1! z)aU(cM{MNN!1T2VvO0NL{L1`*gN)VMMBBIhuM5GH5X+a>N_aY#mARry2M5$6E zH538q5=uy-QUeJ{h!EoY{Lk9&K5LJ$_C9OxvBn&i$yFZW&?id*q9O+71mr+)fftc6k-|||(K??5TVVm}fK8b_Q=2Z^-a+MTdcU%Daq)k38C_@kYe>05vO|WN-f%6i!uUsF~<$l!_Fa4JBAN{@bD=rb%WkCEM z|6lgU<@&GmhJQVFgtL=5O*pB$29siXTlRPF&7I_c8|84b z&MT^Rdv2GJS5R4RTy8fvhvx1jTq|)@?0+Y6Um%UESwlzkQKRd>k56{kP>~7BsCLmqgFa^v3|Eh2Lue{E`XkKz<`aSW# z3G{SWgsk74Z!^!fz&x_`%p#u1sXd~7fuB#)3_>(H^PAxdkU%_70QQ8d<(2pCP*(yW zKCkJMWYFOe?QJh@QqjTv9>h=P-wXpEfpklY`-L6kcSy>w7@18UZOmW!owrhSV>F!$ z;SNiohvxrM1yL=Gb%oY{SrF(Bg9mR$DP_QhXoclBL%R20`@_F`4flkpzB=6uFbR0| ztYca6umZ2W&xrUokHG2w#~1ldnvS3{;MzZgkj;M;^8EWdnf~2t?3B5D{(Q8*YwAC( z_NTA?T?_mfp?@Y1`kyKH&oKBi4E_v*Kk?e1P!j!T82lLqe}=)IVen`7{wJ{jq;UT1 z4gTy6{_G9@41+&G(Vw8`&uZ`|DEbo={RxWx6(@V&J+68=HyU~^9Vk`jjzKw^n8SA1 z+4Ys3<7HI-@=N^Jc_nfk`91l+toVTC_f?zVo1%XnD)xcc#8VzLjX9@zLa$%0$iG+n zu=%us*=xy|Q=JxBqh!w$3w*X3NV9v!=MP#HP@`T88x5CxEFQSERI6lpLKeQG;OItE zTRoG50O6)eS%rQ#Eu_`Y)41CV_fvixZwKxbmh%Q2d8KmUG1ri{V-(%?!wf5!6{SCN$!O4EdsGEvlA z0t_xd(*%&stO#qUm>L*ukzaSOY^mFm+pBdE={3g7UdGqi%cYJ^4mraHJX00 z<=TMPhH!z+%2{vzhYXJjNOz8Tk0-c2Ro|CJGE%n=3}{yl^L;P)aqzF5*ssbQ2Im)D z_X!Nvxmdud9*kg(oT#425Rii%+ z(=bYI60(Cu{=N5Lws~D0j)*yno|Lx(Ju%}uPmM{_~rSk6U!7a-(?QiEY z6@DCL9Z(x!)A?X~FdpAULdW?6u3kR3$u2SSM;EiItZ#(4s2vUNm%6qxXL;=2gT(M7 z$HR|QV^X8Ix3_wL`p;X-T^(A`D9|YycLnVRIjSKIi=DL`7S3phJo~W6OTP3}?D(;x zdJ~<({oE6@v(&v}+M_JU7cXBs{jLrfQWaUJ+Eu+U%-eH0{7Zi_O7?>RSB66}06*`y zZWgYQ$=lNnw!w2?)*rNxol!V!L_V7`Ds~!vw%J3==fQ_;4I5W4@zET%rdP=`_w@8m z*08KK+f^+RNN7SEDh}AKe4U7c#tP(O(M5>+Yb|e+sGbGC*V{`Ms`nxP&U=jnvhZi4D9#`u` zPYUeyL1H?DsCTgf4Q#g&T~dd+K=B_&oF`lGZO8TE$H#UgT^>9T6-FNyT6*d#|2%`6 zlvGBnE_Z``rJth~keYf#PLfnmN|(M;Gq+ur00P#`mu_V!4(g{x$6C%bMm2fYLMx%S*GuA8L2grKk$kFpJx*SK@Yqs`W51&&HdZ zB}GX$R48{Ngjt!!lPx@wmnVK&e8%#j+)jXnsNKd?hb0uNJ6MZ6UFkkUUTN{EVub<~ z)y6(PqK~8aUxszArYF{{V*w$HE1>lsX{dpLY`!Q1#8nzbTgu*(%B*$AMN_t?;dX~54Dkk`>?SkDM+_`AJmvyZlaAptA z8m`FvP>4h|VE_6W2!3U3ls!YZ$GR5htq`Mw0RJJ6(s)-f7%uMR)w>gk1_o^POWYTG zrJLRfk5;Z!nVhAj=#pY$c0pX!?ejJ5-%>4H@&w#7>WON10WqYFj1v&P++y))L@-vB@ zvG&Z%e=9kt^DN!{uF_aVDnTsPvtrLevXj8=@d+!`ahaOm``kYQuMqwm8(lv)aMISj zNj;-yr{qZO|2_5%DHdFmjLTbY#Uv9>xR@uLQWYgVsck+`o( zq<`YxMsI8#SWrDENo4&*C2iJ~Jr#3%Ue{BqGiM_xR4);;WZi^E^*WhypDs(CQXH1# znL_)l?MoNF_**r(MW2Y=Au^ZdR~f8M6ICM<#p`w4p4GbTk+YN#?j4g(BnEPgS^+RFaGT8q?s+Waj&xp(mlB)1R=QTxpyrAM zgY1X!PcA17G(u&DL*#B4yP}^K#$Wh1WhktpfSf$uO_Qhz6vjCe5JCRV;8fQ)E!z>NuIXGT=%*ZPLrKFO0} zU^(~b+6dP+yGm`^FJS7=zd2^_v!oplKTAzT;6qfq&yGsaPftsIX}GMUC)(7AWhA1?yohRcg{NBJc_yCCOm<5nQT zXy;DBEd<>Lko={v{F|?A-S*qx@J^>Cr|CRPknp5dGTCs2O4s=GiCi29c;d#8zUK$( zZY{zu_oL=+M(dxp5lbB`{~l|mCcOS)3M{jd39wP1B`G=a*t>+>z3crLAHXp}UXY3%nU9DnSqaWcaz+vO-+Gk)l#}1N@5dsE-e)}J%M$umZa&oJiJe-sJR&dE*$q*xjYYAj_};<8T>0*d zg9{PPKA~5!t@*9>UZpQYs&!#ao!W_+`TPJWoC}L_d*Pe&n}&jY`a!T+nZmw81-#TAht5y}8vZ6Y>hHdo!nD_;L8+F^L=I(?LFQukO1`U z`wGdLUio})NsKW0?=-pdFQC}oN8jNiSq_7TFFWh5eiGVR7+t`qn!Eh-Z5oVx+Due3 z)fGJ{jeMc$eV`L;ltpk_?$i#avow$;H^bcALXc|$$!}$=iQ;W1#|q`I5WlxH>PUPG z{dmu~T1^J?fIp1!^mTb^9t+DUP}R`)If4KDa@1PgyeQ-X%Y_zMZ{UQVtkhfHO+b zqA^6(y_~jsx08)im_(C7!#=f<8@D$5Is6LSW^i{tkhN_|mZHIx)&bcQ%*jVal~*4qKRhY@?s?Qt0jH>u5?_Ppaek>69 z*YM(yJtl0ymL$E`+`W#-wI>Bt7iRh0C!i8r1Zv4mT$>I&okXnXQ zh~g2@E5ZMAiD&b%tp8Gd>I{E^{bJ1JV@#VB+jDYXEVRho1mUty6Asr7(Y6VRsr!~Q z8%mPN7jB+c>5ykG&Ug|zJ4k-B%Qb0fOL_i(;|Ok{@#52M+aX^kTOG&rj04L;!7?xe z9@*_mKTp$&C)|JE8c*DKn*knH?rBVs(9_gDVQnxN4*MqZk~qm>QrI?!Q%IoM5s-|Q zuq-r~JHPXJ@6eq(*FD9AI5Ep_kM-owD#mdgV<=30^X!sI@t3Lkf1BQYNL%>)$PQ_a z(@jy5c{;cxudVL=nA|f7p1YY?<@?%!$H>t_0zch7E&uU6@jsaZ>=npm1j(|_Ruh&5 zyVW#z$6mPfMB8Nnv~)s$$hBKHi5Z@Qd60{j?mUk-gxpjFq8I5Hw1{dtfg2qvL9+V{ z=SeWIq0-E~9?T8++daU<`n#w}SK!d$9JYs2it?Q@qZaQ2>=FG&J*%}pd;>uYep=$d8ZYNY#>&*iYtr~ z+!zP=2VbxV-eG6yM4A;()jI-6@qddJ|3PieKV{7ESA}wSJ}|3BcGIN+T%H0^VPo`H z+%FJjQ4dRrne7-(fhr2`nDLeFa{6mMk4Fahc{+M16Tej)ZEy3Gt?j>Fs25tN$oYxk zRQf7JgQ`u*Au055B*>9ao$mX^reBBr_uHV2UkA4lQPRlK#>pP?1EoPz@ft1ltTy*9_6OF^Aj77 zEzi|Q5*%%9)tpk`I-m=m#MS1TrvMB>?GPSZ_Ks>|F$N8m!MC&BGa?G!y*MJ4F6b1m z`zaHwXXDzZ|A+-+bw^$aT#MVp98}J(2H8_~8WJ5}<8q;u6+ttNBQwMxYq~}ACYQzV z;)TPv%7O@fclc4N%Tl!wS|B<69DODY1KS|ViP)y{=1Plw$0*jbn=pJ+Sp-VW^m{{i z@qGyaQBA6cL|apemW%?@;T^RS zcfQ>0Q6gimY`VT@nI8#t{2?=}a#Q;XZ-uoUuIVTTjhg~(B1Lq(dA0=l-C-R(8o zNWUIT{b+bCC+F#O_47Fk{hjl7*-iEBk4OkT=j{R|U^x2N7?;h*t841#h$^cae#TdR zso2ii>F=eYy;tUaMWY@LDp$Y6ubS@n8d$6QSy*7!_AFL?Yg~*JyB}0;h$#fwCy&g{ zVn!C8{M33Bzl}`*@hE9Wws6-}yt7_#w`j?oe-3|L`nBw}Pf&ouLeg=aiL{W=q0=0> zR4654a;{InBD_NiCVr2kwH(VoVUUN1ZFzc?*gg`My>{ZeXv)io@M}`38TuD{&5DSt zUF4Z}t&J3m)+QUNhn24#R;MV6S?y)|P9Zf!CwP|o^7tgMm@Ys4Z~6}WZ72B8g|^Rk z9~7nmLD>4HVHChixK#MJ$~C6g2)bU94SfOi)6TcM#OKm~sF;lV`4f_w#sj2+`~K7L zx~N)Gdi@&c_tgJpDbn9QjqULsWSl(@;CbVb!VP=3gl2Xb3O_-b;SD$iHgLG3s^PeD z%qsS-v727v+VH(%q*S57NVVm?hziqLx!E1nK4S$s|4y&@ZwA2*kcn`W`eqT-0S{tJ zkM;AnUH()Uwr{19H#Zkm!yJWPqLQNmr#oo6fA6CM^n*=A5d38u?$f zlDMBVZSkNhY$t+=QjiQ+S!9Dl5y!#9Dms$2>D0{o+mW_IYoh$F2-6?Sru{2z~ zOj~I2fkJbp-WSHpbZb5RXLId#A=;yWFcM$cOUoQ<}d(M?7$l zIYn!Lk_iXHN1x9`Djg&1eeejtThx#9tjZ?My?PR+qZvOS!j(C2yi{Xm!CEDU0_CPA z+@+%rc<10iu8I@X5QxHvJkUilp3LXrbA0%KL_t`AKH`e5B^8?GZ^AIMTm=$yTk`W$U6kySj`LE z9hE)~I3zpuxy`zbhcS4b7{93>j(MDkcieH&JnfTlF_k_wvmBj(gJOADW8Xy>sqF|dE5(%h zYiSP4X-LpOFn?X+$+n1A~`>b|^HHb|d$hR`=7bSF-_IinkL>JY(g9CnDiK$1MEkecq&RascKJpuYS% zXpbE)-mWGy*bZMQd`nCG`Zz5%t?vR}=4e%xMkc?+DT77Za=xK7LlL8;^{u%G!0$K- zw6vH`nlqX9V+D-uv^08ItF3$4-=y6vaBOaP6g=?6C@?6^L|%vQqQtib2;B5}zA=3O z#qBqmn9oSlCV;p$=nMCK%GRQlzl!`AbcyVL@KoTYnLpD>{#b@nCs)AQRA_e->ZGP0 zUT{HvkYH9vN^TNv_}NHq|1AAvS<>-kh3`E>HD-2qlUXe8EC46f#sQ$Q(hbP`>W3k@ z@8dO7*_&$?dH0HHdR@LoZky@_4*TWvC>fjd0FWprT>Dv2y}No-%&w83LBPAfEMApb zeF3j$?^<(#>G=4)YgIY68166I+Ort9{Ke6K| zMYw>d*Rz%^!bPb8<+(Q3n#SdbM5xs%6OC({&94a(ufFYM?3Lc>8(fa3v{3c_0*<2r zk{UJ|%o9D)lfC%?@1f29A^)?1eTcPDLPA`sSp+fpI=3QC;;j12!ql70CIQX59(^3N za~;7Q>^O6-ZcJdC@BED4Jyb`FjqWyatffBr$eEt_D?L#RZ!Cteb=4_}ZIG&9{lhB1 zLv>>z>SCXCuwwB*nEI-^uT+1YmjU*v89zKKOnS&Z2q5h$QeIP2$+dlMbUuY7FfaAq zG~du0nHwEc@m%YwnT|zP{KzMn(XBY8c)mth*1aK~~z>ql>nYozs~UJX33@F{j5*h+ZrDZho~Z zrKP-b7tzZRZLfS-f^Z2dfT0ajK7rK~lkW7*5i82i=ahe)H;{WZKbKT>K4$9*qvP2; zR(V#cHQPuQrD?o=0YY)5rntS+OF3nIbZT5CF-)uQ7wODqZC_+in4QbUFGSEg+A*q6 zg}dyipAXKM$I5Qxhrfqf+%uDVzZrta$mBM+Qur(i)CM}5-{(}yb7LQa}EkSCczMz z_>}#~MfLpn`>v3a+HOP(GitIq`V&Y{Q(jXwuu>y-seW>U;2J*P%9skA4L1mX92odz z+CS7ly?kIjL`s9s_RUz3g7a9@O|ov+lf4eIQ0e+l7ats(y_WLXb+E@)xbh4xH=6L= z>a0F)t`fygvp>v-U-=s7-;~c!yCNIx#$9i8N_DTyIDUU|eefEW(Q@-Vwf`D#^XR-b zpC2nx3MZAcYpf73_k?z}($;1}4XQ3ee#)o3E!71IM+hsl-6z!|5-9s3S#N0q z<2AmAa!Qp=tvTi`9uGdm2kPirrb*uqxV!jJTVC+{!Hntqx+&j-T!p)_#vXyEGIx3w zL@qq2te{*pD9^Fb75|a{wa#dwK7Td{_fz1}MKt)8SFsH3{`{~+ZCX(7hCVJi)M60D zf+OkWlOUA0q^!g(8$;k90)*2_?(;2MjP51N)Q2hJK1H##dLfM$8Z%}~xg3=C!yMYx zAd&~LUWEGsCPnH;8+yk`=-Bg9)f>i%yz=8wZH*Zj-?wvTW3Pv9zw7a2Y8pd57Tlsb zfzAY~6dQS*O8j9;9|F-Fld;q9zzB&&649AJ@2u2OD)z^AF6m zH}X2TTB%T3@KJh?@i`NoCy8rJ-44tkH+8k+hQI8@8;cOCS2b*%;_t9+KIfDOCuEE7C^+W)6VN0R=Np z_>S_z5_IzxF+bhYa)SKB12R3Di?B*|=bv)ler-7*W*I7-zHy=iz^;l?N6E+02v(X6 zDR2EoG=zD6O;ypbrmf>{9#Jg$Lh!4*uTSX+hn_0(=0EBKptfT=w4D?{bF?-thtiWolhZ+Ax~tHsCIhITVMG;Q8&oO$Sk4fQT9JAlB)1QrWhksE^D z)*%&eYZ=vs7a0)U7u|xVH4^jcQK!!tD^RFZD@1AOToSY^dn&p3F2S$*ow24Q`nu-) zk*yS+xDLtStJG1_D4}7Q$V8I5Sx@#u#r^yWoIP{FoP&BMe&pF);$i(Le;#bCy$i%!o$7+=cK?|(xLE0p$&#Q8w^oMu1D~=-!pM2SyLJG{JGAe`Dr>wxY$BZ z|AEuV4=+Naj()WWg&7%5C_$*wJWZvp(=RNoI!U$M@rxMAXug?)JM7%2kDC7E{%O%w z?LzRcsG*K?Bs^!&DsuCG-l~fWtp7!uRq);Dka!bV>*-mjm?r+{^QXQ7z2H3~swV&) znp3o-B2{vmx|-}6Q*?pAe>8FvWwYXZIq;l`8k}f2@5s`p>Jo3b1@G3JAlNO85+%uL zLzKr~BoWk`no86A*dC3KmQgQ`ak!Km2ldJ@Y#-?tifB0x(8)KVJUkuA9E9DBH-<;s zQ7Mw~(nWVGgj}P{%=8${{({QXWZ4}?cQC>tdiG}$w&WUK`6--+%)6^@c~shdsoC@!1;2iFz-;VjN^8U1^?3?5r zMaID(L&21f9xI5*j&szVpd~FIbLtSzPQANlIx7o1n{A)uCn)#5*r3`=b3iIhDe&=p zSl&%O%t*!X)BM`3E^S^a=S?ywg)Y;T3J7QDl`0k0?*@eM(-O`$HaF8$eJ}S!zCYQ+ zcJS+>99^4O17PW%nw88xN25IL9!2r>f52b2 zc(z1j5`FW`8qu4N0WG2bIvf(GgoQBm*b9;umMP}1k*+V=i>F)OLs{*7KYOWvUNJEx z|LH|SV=GGzq<$vWFF&4sc?|IJO<}OpYDdS4+v)dZCkp$HviEiS2Chi9s$DCi-ij8K z>_;EwwrLf?j3^(etGE<)OiAYJ5;yp%`ue6shey%Em$|tD)R@u&rP7C=Ba#u0fYH+F zHt0K`U5_?awJg?-HGG?Xp4(fC$`H8uR`vV@tTk7>~W1A6=*W>dcb)&i&rGAFBTzB3&ZhrGIR@?q6SFx}9fBEl1$m9k=qIjo> z*i`-J!`h)+?H`-a5Orz02@pwC<~xKcwHR0AhN#_&R@PF|mt1U8DGI5ueTO&P?3h)8 zv}p%ss}T&g4g2lYkoAv~B=zFW*ppAzzV8<$=^QUt{xt#k%frV}wb7MTFdy9UXgRo4 zu*xJi2k>-xWGD0%mtvwXy7+5Zeo9!1dyj zurhYUVOiW}ARb1}&3u_Z)*k!E8~WEt_ielZr9WhwqJKuP(cDOTrqnv^M5V0_D$SUD z+-gRtXt`Szqjb=Cp9|ZZI_Sl;37!$2yl;}BbrTi|xKaUVmC+=7@R;%_&wBRp?ycyo zR2Uq6n{>E7YlJ9&=ZyDgj`fks95mBY48Qas=8EppusAwTh&JH|} zvL{71mD{$uQ{1i|T!`DWaD!fa#(z1KQHVj%eK${(gg_%gfwRLlE3)9yOq3j54CaVu z?GAe98ci3L-|W60=FeZ0`EZat$RZczEU^^IrRaw}0_LaPYp3Sp5g2iTUv5ntUh8?6 zFo)3>x${OP<3C?nImt+NokdF2mOIwJxO4~pFwS`O+wmb@EKi#^nS-K2^&{k(bdYP& z0~U7lW-X&kquA;L!X8>Eo@aRBG^w!p1!*0SvL!vnQ_`;CM+avO7~J@Z)g?UTa<&mRBxJ+aa~-V7ye!Lt}o~)n2!dTfvb8z>I3?S>fPPe z8GZ2`!sD7+4o{nsJRVD0VT=-DzoI2_!kCzsz18k=-3zh{!$UsAbf$33(oCr(c!{aq zz5LEat*QDUwa1g+J%V0k*o#Si3z2v3{?@wlk!cb*sveCLz@oPVgCC`%!CE(DxazYPM8qj`R-{lrM#ruB>+nDDNW{5g(=OGKDrK@>@V?2Y? zZr?Hm5sLbc=++viOGah&WdpA&Z|{9VB-)Eo>qv9By^RD?j1_S9^^CS^ai3b*BfDtU zTb&KW4c4oJx9YPLgyOAcHY?QBEFK>~bg9N<#tDK8@i=}xNya&yki=_P|HTVD<^`Ws zZhSSpUDJ61);Q?@!|dAgaDC-(*3gX@dNGq7l zn3{pWXL3?mtR4ZLa-UB}I%kAFZF_V2*@@YokYr6Z@?NhDX@?R$)+XoTNLKAKZ&LSf z!pY3FS~N__Zo;k1SwH^Blpfg_I1%tGfQG&hv#xm@NuQ*Hsp&;nYRso>mo7kzL#9GQym9+sCSsOUi99 z!*V5QEjPVfZpsPie0!{Wjy3pVZ*_82deNvd!cc#kgyS9FG5Mq2fZjZrLddp zZg+2F^g$+n%@2)7R|&R|kg;!)$dyF*OSOG#S!DNlG`8n+jXqKkUf!d{SM1c>PP=+(=^q z!Fh-A9ehotGfmH{87WWo1`I*!~3n zV@BIGX9yR6E~51*`+DMosx1c*Xwga&h!gSXH$#GYOngJNvquU$HKw;EsuGR3_?j)Z z^~BPvwA-23tDmL5|AjN<#MPuMrF^~7Ll>K9V6)yvaM9$0=E@sbSLLgT^KP8rAr1(`ZBYYHbMoD27ipCym^XD}I^4flQzUs}A%nO+}Cq*p_T6~y3bK7+~ z-`-*>A2wd%U=I$OL^y5n2eXl9!W_pM>;ya0sUFu_BFq|^6KqqfYUGM8a(`;<`>J#0 zJ#(`}%?YmWv%5^an#T`R*7GC}GwPwSd--Q*HZJ%e2F z+W$f;??fRtCdlUj0`~)|2QI<4=?h(grqYpOKT*92q=Q}B8uJ2p>I_*2_>&)}8eZ)2 zI>{H-%KBOr`Lr<`Bn?X^aC9QVBW{xSHhwdZ%X;V+r#Jjqou=!x{B71NJ>9$X7?)DD zsxIqaNj9r{0p1!;JTxKu=#ddUkU2+vs!uU&2td2XAmPF#l=2p>Ih$c6mh$<>*XFCP z^y4Mn%mRMtq^r5FJt9Mhse}cKo20}1ZZ>gTZky`Uf$H@cOj70tp-dp@R~?VRh_&$_ zzxeEH-}w4oO3^~FD!Dkn(J#L@a-t4r*#Qz}+oDlnlk5c&bd&TSfxj8nzN!HE2^Y^< zd`=p73NJ}2+7A^DYPgMH{yEC+(Si+cgW@#W?`Rl5+TC29*m{_nn$41PR7Y1$^l|2| zS~KIP*gDWB6q_}D9L4)uIsc3{O>}=c_DRHAohpX*Rmz95^=rS=R-PUq-VC6sO-Y2l z=P5*=B~(1ma|CcOFV%%f&It?wY75LJw>9+gOkdodi{N;Dw|rCgX`ToP+J}q;ba#7+ zZTfFv_dr}Q5I$rxRcowwj;#`5V!1%57CPDr_;(FaByNCuvsG z9iTNpBy5oc^(vjT=u(eVbj!?2HaujKT1{^CUt(yDT^+`p4!4$r+5p}ZSW>?eD!@k(pj-UfFdJABn<_e~}zYKmOynK01hlyR1v$gd0HG1uIwu ztDP}C1(uooS^Mzgw3YZT{KSv*QgOwYk^UE8pNU7@h?n3q!A2zBNQB!KBg|w8)MLU4 zLwA8?jP=lv+L^~Kc^Hjyxz8_#p6uQ2((GDNe0iMVOshwz)&Zdm5UT~$(LmG`4@XBb z0Ot13GOBSCh?x7T`))W$$YJv#dmNNM{-*5P8ojUm=1!tG?I>+GWIU>#w+kBAafuq@ zwzS1U1rzQ=HmD6AHglEA&0%I`Z;JHzT^t1Tg`_{{+3+%OOO{q~_#~4|K7m;0;d5ZM zF_0};I!14-zS^Ci*W$HvcA!)84X$mDY@??z%ap<6+#49FWF!!$ng{!KOd)HW$J&%} zY*P1)R9_FbofFhiDpebhj%s}K;!4mIikGTEfOKzRl9z!6dGw?X!Gr_Ws`p{c&+=H& z(WvQc%J^HwFfenhxNVeerbPJtlQw0fy)FeVBOn20MMlKd4|kj)r^NWSU!2|=jq3Q~ z*koD5IcVW_A1W>%&+%m3>wv=aiOwC&NDd&1ktiI=+MI9+YSS&UYCLW3@H`unsfU(^ zUgHj*jl?BS2~t50dvT?s#*X+i@D(bW%-Mr@kLYnGpRbk$E0cI*#YiReG6(UwVa-PM z+_b>CFO|pAuBtTiE#5eL%mArNx(R7KzCp&tP~~tYF`3$@>#MIA;z`&zR0Hwn&*X6z zmn5j%W3kyn*=J0m=)tN_j3!+4q5LyS$gg$1h?BmlptufEYSaCunO(?51JA;blVy`~ zQq3$9#8W|!;)RYqYNe!cJ(doznE9A&L4bB51cR?oFDMX?m(uQ#J<&Z{$5`deH{BX| z)SWuBEh8xdj~S9R{B}69_y%$Q??uV`W;jm=+6`QiI3$(Xv%=EG{tA1%OWb2oztxtu z8EW-g;Pf$jq(JATV)|VM-5A}3JDavnhr%Qy*xJ<1Qr3>R3WRCYNiZzfL zlfX?uM|*oNaj^+k!Jm``G4t6bF1^WnZobPky&s{eLFdIrYp-x15lg3kGZ0=Px(-O_ z!y~&}G)55ZS$kjnOkVyrUBcRKRGPHadw9I3Ww}x5TrBbMt<(~N~C$R7O zlJ|5w;3a%j3ENV24|TUN{-WN0DsA{5;A6P~?_ARI90GR<&m27kql0JuAJ2(@LeXVC?vI#3m>q_E8+AmH?NJ^$ZPs;>3+?<(V^#7EEHNev zn4a;bl~R-joQK9tP9gG>)@)5c51H?MoqwP*;a#Ul$w(ofqQJ~FpdDg0 z?S$Z(IrwAgCB`+Ya_73Wv$Mh%ek5foC^8LQ=^Lumzh}@%aKVp8?Lud5aBr4zP4P6H zYAP1*+)xZN$37s-zugZD-&`MA@Hy+rD!8#QBFHRd>(F8nhdK_|gjM2Py4XNH0dWK% zH-|vCXvb>m2eDdP-QX@h_HA&if~S9#u|Jlv?Dcuoqu;_dLG`1ZL=%EVH@~J9Zs_NP zrfxBI&Lf+9{+)o@t_)+J98HD0`wCCzT&w>ylUt2bA$LkT_#%9?j!f-=-42A8C3#FW#g0I%sb3j#;@B51sW?b>oLoN-cV z2+LmOa|0@Eb60NmW?j8E!w1z@H!iV#4;%O-e<&dmGmK)S%TNiXhgDvhel_j^SEzz` zz_%~X7sNi-wn>QtjDPoLKXbn0{N6W?78IRJ`V2u@+ldnb5&?4xM*@;)>WEOD%o8Om zP)s70np1x?gbyw{)rG?xoG(Yjy?%8h1{TQd_Y)GYU3WbB?O|Fl(~?OP_(U`BtC6@N*^Xu3eD-S>z`0&oKNUpz<&4Zw*BZLHt zWV80P8}-{sFhPIzTbDaazYF(PENP!XIdO1P#g{DNXn|0&YH!n`dIM>9ce8#ElVH1= z9SL#r332tbGugz5i$-S3rZm)jVp8a#i&GPD`CmD4QOlvuQ?k{i35F3p&!c0bb_M0m zjNkWG;_DVac0#q{sLudHnmY1~9eoZk=jq^F%Rj0NjZyc{LiiOAm#m4%hImaIC{*`I z3hB5OUm1qIee3Kkz$+Q)xVi8D8mEmh!eKWiNb7o3M~{bj@}znmqiR>)ahvz3##oU0 zv_|#tsb`#_LTY?c>?imYupdQ&4piN+tbogOi%Tq>f#x~Y(5}58s7LxH-SvU3EBG9h2^V=-OFzHzn_(_b@)A`~fo;t^*)K40=E@NB z{g-X&Tedg(JWrsHfbBEpRQ|Iz*`H1Sm0toZe}TO4igbq-yKNbT@IjWosQ^8hR#H z$9}njerzu>4{o26K6~|E;9ZaLpVA6#Vh0|8!oM-U(mg_B*6FY$cN{7b{t8o5oN{^PVDLzhbWKx&@Y z)8fGJo7e5kV()&gFz&-o{*vj*=YzA-xCEq9P%c3F5G+MDZ*nZRk#8tiuf^Kgc$lBP z#LFB%tpus!$_7s@Z;$GWNPW}%|VOEX=UVMt0pd9$(*1|P*mr;tuY2!&^Y1kK`~%p zEV9JVOo3fD1Ou7P-{IWWZfHwF5jpBYazqxLHGZ@Lk@Y&IgOk+p0iQFL6C%*He)pB{ z;X;+M3_RW=^q;y$yW)SkB3cixplT9E_i0@EK06UO=qD3Cz^{$HfQlpY;!P5i^0}!W zoF|oD)e9SL{3PEdOj5w3l9fT2J_6eM zN12a8SjPn{HA{y?Y#rHh%_pUVyy;Xg0NZ-Xde^djobTP=MHZvn0c|6ouZ-!0a;!p* zz4gJPj<^drZN->hEogcvSI)ChXoXP=waob}_UhR7r*BIjMPOOK1Y6^nmHGr`rb0YZ zM5rh2H10PT1ulhU@82cdWmOt^LA+vXcwwFz68h}Ui8r29rsid9{k|kC_FEO!`woj~&1?wHY)U;Si3A2|Xe@6jI zLo941 zFI2sN*u>sa3m-FZ$|mbv`;1qTH#&h{aJOEO3AhU31S*OZq7e^GqIvU<)x(w8-rQ1(k6ZVT=Fr$YIe%2(Ik{-ym1D`2+?q7P|(O@6m`nH6oRb zd7B`sW@kma=3>{JwmY#U6@yhpk@a0Zx5H^q{sOfqK6r{suwt93X5T$wsjFU1ocs6JrHQ&c$Dh1g-EtDM#xfJ~jZb=0mCQyxSd zlUetH)`CWq*U9E9E*Q<^XE?l-C1?Jfg3~WwIS5X(WZeg)YQ&pAZvD~-dzD)C!pce$ zoFl@TkV+97!BMLqlsM%&veSd;R>V4--*e%lQo4n`j2bj|35m&5#8x9n8elUfsy4-D z7D0Km-k*`r)1?OYDDO&$bVe!A>3#{UjUq^=W5ye>b=kfUVWvK0e%CJ$l!i5Ih8H?= z44DAq%}Lib_YXQ0jia$Vn7cUxAru5be+5L;>ukn)1P#|Nfg6RXzWVXbO6SAWpr{?& zaJ47-xG&FqjTR?*GpX*qei=8BZ;U*w3_KTvP@snT@HB&dC>JHEc>qQYVcGp)VQsaf zd_A)p7VD>wpWteOOn$BZ04lW&miX_$fG!mfVSJ&IFofaDerKSaOCjzt_GzuT^CDxZ z%s|&F6hZuiS#2snQmS8!KKZ6bj8;WGIZK8t;=hOl#>X4Y&~zAP8c;_IA%8E#o8VsY zg`?i`^QSm%)G6jDb`18)6(<+sBsj-^uKGD`X+T12B=|@F)2It_M8Q@Wr+I}{IJabE zQbvJOJ9U)jpk5GUu z(qKYopCgU$Pj*Vcowl29-+%b_0)ox3)1h_KM4^K5e8BfZ!HaG{F%G0HW7x0@#V*;i zr!fVnYC?Xo)60?)W@`(l&>jq+C_MrD+p)a?+LfCmg6B;;1Ui)Q!Nv1C5EX1FgaZZD z#>O%wbgBeY@2m>k?ka(LU9f6K199l(Z>o4RulWl4dKMj?dEq!vWXM_A{uz3^H&0@+ zdJ~tEvE%XgpUkc`P zY(MSO<#PU+98qFgfaZ)qbdB1^ z1Ho(&aO1G=-r3q(I&zqoV}~tLVmt{NsaHufki21R3=^WM&1}=kKNREpl&I%Jo`bn? z%4l#r&IUn6^D&PGO|=&3O~uofHC9^m;VaSBs)g+Q2?ws<_SUcf7a)w7h*aW3uZ8*O zCO{iX;~^>mh->R(SN1sB=4x#nW}rG<&3?yQIr6?OzN*IShbsv;RDr!aI0ODY%pRcd ztxC^y(_$rQVmT?$Ta|J#+A%Zlr)s`e8|{G|*-9vRR-b^9fE|wL zad!CZ#^jh_QEU$K21EtOz2c7&X)@(*oQ|w&;JsLAogKhyCn}Nv|5SI^*ii;!ydQz4 z=?4Ram4hys|HMFgPPNq*MWst+#A&GuTY0sS+K{n#tm%X=e(e^H-VE#QFn z`(Zu5`VgaV#DMjj9w4yIKqNvu{G8m&m%17oOvdNtB`OoH(pR4Fyu7(#ye+=Zh4Sj_ z9Ubfzch$8B%vBgvy7p!2>#jaNNy~#>;_O53P0sab`PaCGkNd*kce^?9d5Uc4%Jr6h zYewAdS%@HY;kq>~Hp>Xj2aQ{wc|yA2PW#aJc%hl!o?k})Zf^&>o9>$%FrWOc38=St zyb=IQpYubEv0fFse)E8q#37~@!c@AfsnCTV!t}#M1vE`tj`|xE)qU>`%I1L>s+2_i zw}D371I-3si;)qooZ!Oh_8SM2Hn*N^1a@T23XrlOGGep%S?nEk{D_zbZ%XXKXu)=X z7zi7U8TvxF=H$Boknxvyl&+z#QpD(in;S2=*)&iQ-+FsYX>+4E#DBA0A94?$g>y$( zFA3boMm%-xfX^O`XCUqbbx)F)VpbzA_RBt5YKVQ8Vl!fJ<9>2Ss+pJi4*~t!*hVmi ze;+~sm`iLbX_$7~`BULX7nKn-OfIah(_eRcttpl3QB7mwW%p;ZZb#y7&xHBPAt!Cxfg^(Rmbs^GTDgTP|&sBbUyMz5yAiN>AQX zXY5*|P+SW+ga|Vz;j;TL5O(Yd&I-oWl-#FF;<84}onz5BsdRluu4NFe_6}|Cv?JJ> z?h1cZr!4uR&3@t&H8nr&Yug;s!$fc*l*Stxy+$rg1JDwC;V^*Jc1uQ+%Xr3zVjgNf z1ApBZH8*#*K_^Vqv1ziw=aJgPV!b)>%9;)cmgiaw?8&=|B?F-SRS8sb+_YZ({C?Ad zSZQ<8E`=AbqpNcqHF#?l36d-TXiYw|N4*XP5 z;836PPSGMKC62Bj#bs-=kfE`a(a=>JQl3#{KIjQC>`PVf1>D^!z?R|!$epic-wozP zeSSW_$}*$>)3NEBYrcAFb*&qT%hru2@1MSrJY-f~jDU8dN{1#Eju0&gI73wQM_}cp z?c_p}o}AlnYq7p&HQahzrF4Is^T{ahW3D%F&2Q8zMI-wmWYW6HW|(NiiZ1eCv+30; ze=1_CQ^5ukQ23=P?)Gz+Hz_PzLF@IB8n7EYZd-byn3ornjPa@8tC`l<_9Mg(h%c^| z29}9O%jC34pLgu=POB_fS~O~2Y`J_nwZPEcO7of5NF{*?{|4uRj)rGK(eVQSdlzSI zgC-uxyj)|VUFxjuTH*wKuB$Xh-()x(t2h1G&}S!dh!+#m(9*{hpRL|&>4GuE_Q7ve zL1bKuoELpc!){0x?Y`d63ht0H!IO%S;fO|Gxc>T z3`jbD;Sj!uPTR%I%~jgI)e3OOQOpx7KZ1}YemJfMaMSLvBskT^i+|ty$3y9-oQ>BnG>q=aTi)T?5WD7(>LSh~7NRuk-qZrN`@f@ugN!CY90_12+Sh>An4 z$?nhBy(X@&rkbWLEH$bjP?6qQ(J?kqqhoYiBY!NPQ zbC`6?h6iO9;dO->Z0e5(9_G##=pRm)){agjdEl-kBcfvtfvO91W;{78Ge2Tj{1khLfwc_n&j)xh6tRw%*ygDw5>3{Iifj;#L?>zc zAHC{iI9Cpyu)adz<|2a#Ob1_AMT%cpb$RI*J6`Kly4;gh-D$oOuxl@TnJ>mN&hlNk zLbpDx$Fg=_;5t`4U>6|1uZPa%NAs6gjIAH2KbrQo^xWBqew?nusj}2KuJPs}v8)zH z&z0!I`T3A5K0#(n7@(x>2waM3V!#G6^mJ-kx{(ZiWFF=v3&x#v$WO>1p=7{9FCK3U zB@33rUPa8vW?OZkuUgEyyB=|8%O4129^M@FjKA6$OQ9o2k|L6SyG&-#g_9NE(rJSt z-&>~wn*PQ_K5sm;lc!6cadWn|+2W@=bst^bcrOUL-FHmWlB&39uVC0pwa}#yt&)H* zP^54{Oe~yWywT&el`f*?yYA~jjN5j&aHgcgPntz-Upq!lw|* zP7e5}mJhnN58EkTK_$86KPO-7?IJ-rH)vN2$@UDl-hAPmeRk&J4~ArRd_gype=^1i zH%8$DSMr|uv)S4=Vy;9i6heJjlWnoC-=Ft z;!Lqb)&2r-LN30t+Hz&*SjA<#&%KSiO_TjBi%y-nH$32J-hxatdK3=rKM+97MW3re zSf=)IT2&@H;_wxhKEHHzM;Q*$O}R^7EHsbRr9Izmwug4z75XHpGtZ{}nTv#Q6U+2* ztuZ=Mi4(_!&8YMTA|_>8x|+MEeOlV{EV&*vzZxU?qUA#=+8mT4D|Yv6)OLSJ9q6yK zVuBTLM%bki?9huLj_i5Pv(!b!?ZaV)uCmwFzAY4-Y$!S9`A)+E zh!Z|XF#u8RXENPMQ*EwZvUlMJd^Ykmyyj_S&FiCU4?%LzSYAK9S($N847oMcn7lBx zgve+vu52!?*vVdbmzid*vFI(xvHxC?5#}im_AF}M=7V**eB%mVqlDPOLlQ#R6}1qS ziVNQeQZwI28Us@mCE4CQX~~v1w{<(>oO>a0ywrZ) zQ5?t`T|>RaX`*>ouQttz+XlwR>jhS$)dvL=Z`IJb}d!b@8m$H!}e8VF?3BMEgI0$`ZK(JD@_Y zC2+BL3*TWCXK|Oo)f=a$R~$Jxzwp8unx`7ENniQh`4?@|5XvV~4)}F{gLCus_79~^aT~2h{V-yF;HH9+5vJKwaYnZN9%@StXW)f z95UNOEYkhxi}?L{iLX0)*Huavl@u%OQzaX2du5G!gtf(p1l0h_<9&U=A?BY9$H@LQ zzZa{9Td(`L!{+24G!OZRReW9l5MC7eGOGZDUU12LtZyA*JI%ohmCje{@3*!X2k`V+}DbcIBRePDx=Z(KW z_v^#Aeroca0IB9e+Lh7{&vg#{UKB+nvfX_-+Y&1yth+Q}IV~>3mNDrX%ox;FO*!tW zZ!q(oN-iTer`OhPaNi^QnClf6d8g*NIaUpc-0lzI^sl_1)o+{yMI|}qam-}*&Z{>x z^REllDIv^SFAAab@W!-+FMAw0RDb3I=bx&mt-_4T1&m}ef z3uI8`$Bgk^$rJAHq$&uW3Hd5zpf+2Q2_(1xv~H|oP_c!%uFunItuhOf zz2T{X(TsH6;3?R^wyAtr{j7?CsfVB&F| ziOmx`N0Ag3us<2O**&5`1Kcj+%UhK}zuVxUkj04JY^J#Iv2}N1e?i3nnOAFfn#S{A z!mr8ErZ&wno7|4#c*B+PhW!rEPcVWW?3jp%7P;76yuf4RSF@a+0B;QPw@#bMJ#qp4Z+V^CFoi zE*KID4gIca%)1T>I3kB|bX6$$~YwrrC#mMa}%!yBexDW zd)y@=XgAScLT?hSG4B_r_Y+d2IE_ z`#Q74qn-zS(dD>v8mR=heS|P{Iv{FaDbciG69G{(ODUYg665O#c3f zp}jvQ!&76KbYQV^Ytel_ABlH|zv7~IBM4zff`wLhMr+i)I7=QsOgh%UeQ#jQztzG* zTSvxjdqa0+{sX`QfDRtT!zhEfzgaih=erj}*?E?BZZm{0Evv)#?5H-=6(3Obui6hi zAKp8@P^`sZ&C@swb93c_@8YPNv3?~MyRsPY*UZ)1th4Q=6so#>Vu|^r?h?;FZm0F} z^PE1=ZJ42^K}-y~bK*?!nS@LJ=Y20bup#{fUi4~4$+E=)W74$%uBGaCoyv8n#>vZ+ z+OK&)8~P9jtTCEwT|J4wUfM?!7cAz~&9jT_ZC`F*&By0wb{RhZMAgDKTQG2xK;m~x8$;;l@M%2jRUgrVFQ!EglW%+8ceZ+X zv*-C$tKxHYh%CA^8DfX>GeYI%V)m@bu~XAVvl}Py=>0jpgB3BpRMv+!hl4C#7s)kU zoAYgY#c;G$!DFz-iQY=_%h-wjpR2KGMoV+uIbagJ;;dc9qvhbvHgucOurDh`;<+1} z2AK;(jo*C~Sv)~5cs7K!^I9c#t^c-qxVJ(st4pqeCM?iNpfzvu6>Sw%A`V0{Cd7R~ z?W?ZPrJr6%KS2B84@3HW1bA0|y60A@a1LGL);Tvttj)QIu@S0B`-3LK#`3Tlk1-E> zsPM)S)$T74D@63%0_Tr*=yj(y_aC2{+P>E`=S|kFeS6EUt5gQMt1}mwu22a(ygB9EAbwVc+6&IcHA(8Hg_2(xEQ|m5%k?Hh)`lv~QQ>-Z1Js zh3h~n@TP-qfW$x|8#ox6s+($O3Y&I<@H^l^XuBg+CVUqiQAMYkPi++K60WGYIA%!< zL=o9q-|-l}Xu$+F#)$w9Wxw5O=x~PUZKP|0)sz8Hl3^S(Zuk~Q&RKRwjnFaw%i&|3LJxi;twE^Ro0~xQgP@kTp1&E4oHyNcC zE~VaxeHc+l=Sk(w)o9&Y%Sadx1_4Y$MNu@*KzmC(1YGu2tCGrCh_q)*Myyq%lcHf>uzm6U$6?-$DQ z?0LBQuz$7nQbgb6GGW5lN<41&j)EDA;V>7Wef>}+jN{!yE7Qu!Kni$h3y6E=MN>o+j4 zgF@iPnxdjyjz|WdMvuCBGu1sodfg++U;C2ul(8sT3Vhz4^b4i(MM{jhsF)18-H z*MsEXTSWq4GVZLoI-`2c$IrM&`HI6#O{9A`Dpu`@79U(~v+y>0$O6#e&`^LRAT)vT zsYi3>!*$8AA$_q3Fx|4FF_n8rpqFBvfsub#wD!h&+6zD_XxTdrwb={#0s=k)DY23lq7YP)Z?5y^lM$qB|Vc3!{ZV zu*GPYHrgQ>XIPANzlToTY>I*w>}osrBJQmzbcno-Be{QEFxWGYq`(eaIESkz!5qO< z*p~a)YP7<@2Qw_ObvG(0WzneM`9^?vw_5b7Jl!sP)(cC&H_k63 ztrN^(ag9fHi~f~^#;i4|0#HhrQ^O12k!C@T!tvn!F!RN?=R!DH0Biv|3O)a69m2T# z70BJWrmkB7sEO^J(`U4lYi()TIn8pz=N2{@^vkDpybgqZz%<4oL5Z|CPkN?g&gTxX z@l2!aj2Ls{slR+4nx%8 z6U{)^{S+woLNHmt;ehMMB_Fu+xSy-+uh|c^yiGc*c2WTE!72#d#}4&-QXenQ(3vd{ zrmILwd#YcLQdeWPvs1jHPQrPqHl@b9T3i)h50NN!ob$yn)?-=sY#Ap-B*fe{$7w-& zSn_l7?tobc1tJH!=ye|(eKGThX3<|iNYVu+d+o!)A+JyJsQA{qO5)aQ)-S&w$4y35 zlnM)6{;{&8`*v%~``xS@^Gf;9VKQj41<;{y%M&l+0+|ko*OO!AIHj?H4gfK2B1*>Gq@WeGf4XCjVWI_5HXq4- zV(8sKdWamn?x7Tg2%@<9MIR$L%h9!ngX)^MRm)%bQ;Qs%8z?fSpA(-YciZuCnsSv} zMJR?Y8GkbpdiCN%|IDVRcbiyo%_l)mw`}v4!^WB>hbYvK;usTuuNxKb<~*kT_|Gs- zU0DNuH8Dpx(`tw;_A0zOWGD-zT-+DvdD@b9moqp&MC?Vy<+IHc)NPQY4m};v2VtJ0 zO5_uHfxjNcAqF9KOBH1JM z-WgA3zQ7rvvw9L;bg^MYW=;f&S?NTh>3v51{8u9)o2lHjcCl`s0)eF}+VN+VzKSUDXV#ryi5 z8XnI3Y}Y;eX3($WS;*M7qbXeJd|-PnHP8rf78k?0B7K7;zI1-WoTzcdfJ*Awo|%2zj~ZC06y@uTMxk+c=&_0vJZvD_scphWK1G!7w(;D$t}d3 zbWU=4N_A`Nn;y9f-YS4L->G(DZY`N-KNZSaI_~=eL>28{=9F3nwLAd(}KG zT0306J0_^wc&l63KExV@zn2=Yl{p9C+hRZ11ZBpoMqSVA)F|UnMFacDw1=ePZLim< zhBn-%HnIh|&0|b7*|@!J{j^Izw4ISg z5qip$`XWV3O9Ro%1EiAX)1J^bfd?IsM_&lnzgf{uHU_dNu`hlr5Kh!FJqhAi78+r_ zD0!hLG9jdrJIY=>g|YMV>dngNQf<$BdfSltG>_(_)6TB#rkd|s_x(20a&OP_pKY>u z);Ot_TU(0S9abONbon&!8$4_L99>TAHu=T2 zPUP-491-yTAx;5t>P76)(6MsK?%LJPr!Qn^>PQ#tXrqNMw!E<<4sbkFvoz)vJEVZB z+^UQo5Soq;f9$c*V6oT~9ORZ}43pH9Zu7qNq1^{{_?k86h5mNC@1%m~j{Qz(A(!(_cFO}w?sN>5sRUHjC{3`RN_;X}@%mJ*uQ`4wIkLBQrSl@%uipi= zjld+@mDDCfcqpsO96d+l6_Q)}>z7sOix>2!x5%|XAW2vP@svvhw zY+FX*u+HoTovGOlnMs>+qjIaFf}(ftSmWY1Gl2TRae8u(gKiS~93W_*1Q!3E0rFpS zb>{q+k_ddPui(5&aI&c2e59q-#3NYabSG4DO{>|ZW9Vc{!+11OLo_Od@%tlP=gog< zovyX2w*PKDue$XMRNHpnPe~l`VBEk0meTj4lVPZLIe;3ukieD>Z^4su0`#I@Pj`Y? z_m_ea^uARo6Y6B>wtGL6Y=*zL-_4K+01(D0#1qvDUEun_Ba1wMEf61>Wev?1l9Eb zW7)a?UxV0;`D(FDy?`Tzx9%1H2*6x@vlZ3VFDW>L5pqfi# zK8=Rc<+t6lsV7D!)K9A~<=z_e9J35KbB0|3gk=^@+hI%;L!paTF1q}3tYN&XwrO+%JSW+M5*RG5#;9=;+(agGs<&a z@MrqX7=Z|sV!1wMM)j#pO-{|Nlw_{IPhC{QZ;T(yT7EqqV(IDWscHW!(1!jW!8ZT* zeK!WoQfPX!VVEIIWO5E*{9=8;wf3Mpqthvwz~)X@AF?~|v}>ItR?_FO$aXN_|`0IOVg472R0YLJGFq(6*Vh1# zB@{Rr;)-U{$i`^v4t>};adz^!F4O5+GQg`BKwe*YLzstgc_KZ*rubzB{a+C0_O6=ru7FI;K6Xpw0b8s^lZR5=iD=NJR)fFl9 zIF4VS>zk!`z$s}m(Ne}s3Gj(c^_(Uw{sMg)tjR8^9mGF~?hOb0+dthrQq(NiITd&E z^Vl5aloJEIwn;qclcFkswcZ9kad!R-G^`(jmYLQwdUv~ah(IKp`uU%KBpveaeo+Ut zPXGveL{5H$?h_y==G9Oi^yKsxD5VIfJ01Vsxl2hwd|w0bzpP&@Ui*1I?m)Q8MIAD+ zM!1&_=uZp(>8vI@PMmt;=ocuIF)L*6NFIuP2$BB<0*9QD>k{~r|LLsV`9`M#7)Ah@ zSpt&SKEBN!2|GMUXuJT{Q%r|Q{iK3W@UJiUv+-LcnPqQ#j`UbED|*aU)Zhl6NB1xbQqCKO@iA1mIxbvAtAWJ2wt^0AqrYu_dJOY+Z~ zHLturR`a!GbEt9`mxC%=z`KjphUU;8t_Go{>qloyqTqvCLW1*7( zmJF4W|Dmg!jp@^Dej4`F){CYlbSx(9;kT|=&526yk3H@#`#W>%cbt6|Mm$&^aZh*H; zcl6=RdV%m<6*g~kN(foo^|fL64AI8IQI+cp)9U>bS3c&4xSah0Jv%{W;Eoysg54C$ z*4Pwh#yw73kF*C?d*1HO7>_Hl;A=u0#F??-eZ8x!=&lS*Wra@WT;>SXr^W`27Znt} z6_=HY$ba5W*LJ&EP!Cw}++pgyO`4BLrd<(D$|_zO@d@yRzkL>Ut!+7yvL7VX!(Z~n zXH2+%krRs0CWpIyUoo3w+f#T&A~JV+i8r?A$tB8!OT%P&s@yV;fBSpdWFLQ0oyOvH zgQ#Dxn=v}l7b0wIQ30c1qBQ0 zsW?<^3}C9?lN_1H4XDgc24z{Ts?O!iXhn|i^Rm7E%$=lsi6_N&@uu=OwV>$xbKgVg zoEWo#xXPm^Gu}(s%s}%FCq@(d*g?b8nG|JAerYS~Yvb`OXj9AnN-4IylPLg+=f7jf z=g6Ve)}m?HOz-kOYQaQ~goSADo5y#Cv4h;)ckPkO=#MUxuF?&|@ar0{-5eZvZ#*K^ z6aaatXuDm^7T!L(96W2?FrNf5$RkJ9CP^4DZc7@~-lM>!-wTuYsPe!7)p z{*3QU&!*qSTtwp3)o^NFyItYs=RO?Z$J6VxjeBq0s%i>M*V`iJH0)w~?7V&WOigu^ z$w<7kOIj`*Fr2)yZd%))1;>#^AOOiqbBW!Ruy*C=wxV@6+66Js{5%LBx|2z0Q-K%H zM1G_8Rs`ax&!skI8pqo_UtNs$Y2GFC?#pNCWX42MQpvW~Y0yWObhQcfaXmM;hOBN<^~F4x4tLoJxuhF;vS-vc zVBDM>M4Cw@HR#A;wi?d5iNmA9O~z|=0kfew%dv7Lwoa7$+v6GB%Jb@ zuX4VM1zl5B-x}BqIG-O~f(5Isw2pgCGap&Yn-J#L8jOk&jVQ~kPES2ECe`1x_i-S~J- z%{1BQ*@dtXUeINkEie_pK?S5rTueTujpEV4V)cN$&v2z0l)37wG0rh1KP8*07GO&$ zG47$72lrY67OA_yOb?>hvl2v0VG^)BsF#>KQh*y%m3RD(o-Lz)+SWIopm|5pDN{Z3 z2FcJDFZ`va+@IX3iCgdH!s%fH(Z&zb&9Q#93odgnT9X_a)4lF(xKUhZSA4F{Eg7!r z2aI1Jp5^aft!KC(IE6L4IYbt!pQxx6P}*EhnrDa`YEYMG%x~WB@!`4HF!TVlf1{QK z`}SM~!iZJy;fU@}W;FSBny$vLrAB9A$^12i{o@7A8~VybaqH{I{F;UyuB(bfXk9he z5cpPyU9E|_Kn8Dfnwx}X=n}6=bYh+I;yOF~_fiL!uoXRnY8g?5M}aZ>V(;4mO&>~C zNs2@X8du!X_pLjmrm`#|QVsCUMHj+rDiKHYSjHh!~h zQVLv&R<0NrJ%k9Abw9d4gtnxQ_%(0xvXs)KVRJg7EefmgCtEMHz4g&4!GNf1f z=O|AC`SD09ou4-v%_#(Z*y3lEY&D%I?Tug4Q?=c@uy#Y9L+UPDqmf)RM5WNbMR^*h z3tuYkn)+exc({M~=*owWl2PhJp-(Q!ZxEYH|AS7i-#pW}H=2{9pj9T&+F)lMQ60Rz!lu@F5t&E?(7ph|z)9g(I=56XIcwx8IAs8j~q zvjQJJ3Xnm>l2WpY(cd)$TpwMm|$R=Xpgxxx)z%-~S>x|7Z2r z|JeP%gL=?hUtxa>>ghX|0}d&|)4ULjF0=)oj)69AuZ>PL89dwAf3=cq_0KUushX(( zYuDc8_V`;kke*{b=U{FL)^5%|KJ+E2dUQ8RlRc6orJ@LR8Bvb48DOPJz=5A4YALPw z2pJXkS{So#R8@-TPKLgyB02?qA;r_bWq2U^SUV3BBumlC+u1}uy;Kx8)z5CH^NpC`< zUeJ0(2Dyt0>8A+N+55Qo?&Ui(*FW(XxegCenB<_^J*ny%XvvaxfS!FNsC$T_uH#i>QZB1r7dl&8f(_{9r z?y=q044qs+hhpxUpn}|C&$xuyDm6Cjw{Z&N&)oTlrdvO5HM%}Ps&_li&JTAtk=wmG zG92ah8DU{ZIW2^J{oBjqW{i6ncXo!c1y1bI)k-+LCSI4CcJlF!TaPKsR0~%ZZmw;D&o=}%ISabTi)XIuR)hPXw zu+~?ULut2xWi%>oVyej!Y(6dWBUk9Dhg}GXvC;GmZcWNh9LyJp`UJ^RsI32fY5(au z|33N8nCySMzZMANh#>&pn?M+c5!V6?IG`t#CxD0of`{!x8}X$|1goHmLM8!Q{{5Ff z==Jpf4`P-i(`VrVd449yM6HfC@`?&cO@UC*uH%IV!lFOAu1N<#?uuVa*N(a@X12>u zH?Yx9p%A6L6bkx2@n8ZK9gmYku2Fr(!g`rT${l~Ev52}AQkDw|)AN#%_fZykl05+J z{Izsd=sBBtpEm5&St|2wmKo)(@ET=uBZVx9mh+=|xb0irX>exP5CoLdKN_AFSrHGV z#hPAAH*7ez)4k?EloHE9;`yS_chI#c^o4)vlRK<`o1+*sn?&VhE>4;45<$=bqt9*i zr0!G8#hkR(s7WQ*hl)+A{)-x>-!9Iy_;|uq8f+D~Ap|(UTP)ka=i=-|?us}Ml7hb@KA>(@%b=?f$rBa-TBpV0&$aRN`I-L)}Duoeooy zMtR+MZ`?^tH!!K^AiUSeuFoo?eY)StnEswH^y2jm+)jK0_`2s5gs`*3WIEr--L-RA90)voMpZCb}GB zorT_>y>O(@4T!vabU>Yrf^NpX1=VTjRy(4M8ljMjWh`B zyzi=ggn5}ZRo#jVeBx?tL3f!Q$vzz^KaPvT%>MM__u*mlQn1#2J2z<+fIN!(1)}a| zTI%ycuJ|r#FcD=lZ>;c6y&6QM^w;u)rKZvUsHP!-sGxNF6GfY##Cwd3T?ODQp1b{u zx-%lFb;b#)!<6q+hpVlq+lzlhlZ~v7uLTdfFsROAgj}FavxI~3@wnp&4xB625H)@* zsxZXK(>N{8Z|L3p?l&yyghr;xe(SkO z;;>9Ux-gNxXuh(D7hl}Un^IiPnh*4;uUGYVD?WdKBcD>dzsfKJu_^5<8xmHzPC(}; zsk&Buun=OtQoerZk>vGdzTVn-(duo9cD1wI3v(w7Dks*hI8~oMQVjvf`YDpU-aTus z4)53B#568$E$&qQ^ph-(&wre=Fs9&cpW7A4N^hKiHOE9^#gUc)5Ggp6VZqATjbQPJ zmRHSz_*QK3eN!E9t65ieDQ#r+J&TNW#JTkRmLa98(BxJjAK%6_EaNR{oVIgPm0)O4HY%ouUS;Ix71 z_>$uZHe!G^viohRS*TrGn+Ll~>pEp#QFQ3W_kw=TBdU(k(h0PYSm+ zU(m1@il!V+zb;jFXh56vQjd}^VA?026w%_OAZ}cz%b>=PCu4T4;Eq+?jT)~P z|ANl%->W-81)b6T!93?oIDRg)NeE!V|NCFaXQ>Io$O&NX{2_Q6^X~jC08?vK@!HIo z&JO^}{xTyZqx~m@Z0iZ2FDf(wLQdTAOqMryEU)f-gYoc+{y$-ke@(l8bq;YLL3OhS zdUF6`Hi_R&`{W>R3Y3|k3BuT;TuETn93B1z>IR<+&2tDko!pcFf2aX(Z-lII;WMsH z{rx74@TuiS>F3@-F3kO3pp#?p(HbBeRR6ap=CAesg`YG3??0GzE`%fmtK)&EvS74A z?{%|2NqRI4h|lFAU;+Qj3WNH$Iu8L{DKzBAo=%*_XKI?h5AIEmcZEwyTh}P%ezFD$ z*F82LbGDD|h|tnL(5dPXs-F1STxs|>br!cER)L^8s(bG83slJ3?z{#0XPK6^b>hzq znn*w=Y5Mwi567UTKkbdT(QTb-GWW09KSVe>gxk@u*SGcw3$BM#Uy|`HcQ(s}7Vey~ z)>L{h6z3LcOP_rH$P*{cVsEbq0*&xjurH5hc|4edEOD`!k5m&z2-l)@S_6K7Uzx3} z$1SSc@C`*B9@FU1cMXDd~eO*rrErJ%Qp@u_gF z0~J7!O8n_K1Yv`*ZVq58R{aHf903dV^+x&z8mb`fWqvGlwst~W#{f2F2g%L&_|8tp58diF$NPdqw(*2gdkO1HgheYMlwY`#0%4+C2pcBtOW>TY!D;c~J}h-jiP*F8 zkqoeE9G%=;zxJcHqtR9CKuH+Q2*uZ9*6M?z34CjI$FK(6*Z7c{p(ETc5Nu|DP#6i= zbC}&I#g~WJx0a};vi<_~FBlO414XTIm&&nQJnNfSv>$37lZsDQ;sxw~P$7MZk9E4x z4Dd{?8#Z4K57=}3R~>{!<~*)vB(k)<@JGHQUq2uS1y8N93D(q8WAhb!=qZ^~Kyn=RE~F2Zca%Vpdc|6&^RaU=XP zLW$l#0yEo*C4+;RakuMH88wmlSl?bMxw|tqZ8?u;tG)LOUVXN`S6{gNCjKL{?U|{c zY=AUGxDawvcYzJ*5FbpBy=sWEkFR!m`O5cXw= zQ5}}uoSfmqRDP=dktXh^?%+}6B2E7aD_LW-N#y6u4_C(AJxCHM(Hk}|O!dN>NjLkR zI4~f=O|?BxQrtt7K#Zabq9fPL0R@X{GS3l}W!sL>cF740D2WSr^3Xk%i&-JG2NW(z zJ+$wHLiR%`U=9;B{vm^mTNCE(fn7S7nLO83j9&&1_Y)owRk`>7i?;U+YAS4_ML`rq zs#F01Y0`U>me^<_q9VOS1f&x>K|?~3-UI{$1f+>dlU_}vE4@icfRG?XYN8SYgn0IM z=gj$Y&&>VK+JG%QP-JMN_^mTv8&wKSZ^b`kriU@$XpG(nl_}&C9P3>93%15(7xXxt{B;sg`BkK7Y@6)Cg8DLK59;A+ijWuqsofNKCh8t4NU> z#pH0rg%abAte-7>snv$u8b+Ed%1dFPnb+BxRR%n>HxOl8k!eJZzJiGt08S{>CnDD2 zP-|>H>8rRenQoZFpdkNCGVxC5pi1)U%bpud1&70w=c_|WKTh+&fF+tPbg%_&evf>p z0rMrKIyw#newYX}sBMxB%uwRwNu|EVrpxaO4x2foiSSlYnThcwq=bIl<og)~{w65dliDVwC{_|LDxknB$#^c*4- zUmALS@P6j2FmI!^g;pBPm3rkuom@5@%BL-eHXi^E>4`&RFBIuAjg?s0VL>t1T=3g0 z-X~l&%s$Z_6H7NbWB6DyGs-fH-Rh3np$8zpLTVy=lJ<*B&Y>7_5xE$p49S=tU!}b) zJ)V$wV>QRy(aRP2W?TcyuNx+=HaEZW9|#Q|1H05G0CNZMm!BwE%Fx}WIruG-{DbeI z!rt5DWofUxz3l5^M}3IRzrJ`~_c3?cXtBU^cOVa)X#6b587wN_vR@*4ao_rF@ote4 z!`xaU^-Uo0>iPs}J;Tyb`O8Gc3jb-QzWfK;1X5&eHsm>=9PiD)_ttU9RkL4rqbO8w zf+u(HLT7?UX8PriQNxw7308;7i>L!jqI48Wjy5aG+q_fD4i@kZ2T2J&A1G|s@VT~t zsg`CMbq~A1uBO#S-yVdj-#=?lnOZH0#x)J?=Deq{SWoXByp2@+Q>3M%xTcM%YY7xm zP^;@ z#>3^W*Ttg6OxSuZ)<7Q9rXo(u(H_F0gp4omvYpzA`h zc@ke?Kicu;cKDEDuczpiYc=c~`y?!vUu%}pU*2HHl`1*_{OIEq(?|r}WEJyaf=a+51 zpf7=a&=;uBC=Y^(&sX1-eB3VKghMZQse4W@jB$IJ>YUlDs|>Ym9TNGol0ICq?<=Eu zEDh-N^uDBUd_i0$8g`>X5F*pQA*!oiXIh0ODq*lhsA?9W3lD)V zk~gh8rVt`9vzvg44#CINygQE;ILgN%v+klwuo+r$Iu*E|akiT@-)pY@B@dxNoZqeT zs;0^{o5rD&+>-~C_8&5O&aGlc7*@^;Bpm;Jne))}2XDRm_dlL_Q6hHmprWo@D+~a;%gR*xjST_E{uZ^1}Q0i_-|A> zzie~xV*Q2NWSpNv?`=Qso7x{}ItVL;^TB0{V!~}b=7uOXswu^Fa6dq5V}8`9kA3@ ztN7!!TeyI8&e0Sx!}>cynNmoG5mA}=G3dQkigEeyid@%sjU(UE7&7)=@}Ll`*y@a_ zh`Yk0APK#OU!O!P5%QCYR2zJxYwx`8L$)WqI~F-n-yU@)mAR%<*rv8e6dm?;l94=p{|)LLVV*f*d(m zvW8B!A2>)}pMK=qVfMW6wcGQ%ZoP76?;*eM0E@iWSjBfh_Rf(sI{WVv9VvZQm1}xH+N*H&k z;E1aoSCd1&c5`-04Ph-Gs_Z`K`ugj3wU+1@yW7M#JwkqoDn{a3Bb%STqKPh1JsZB) zx12Yu%hYTwIFFX>Nq@=DDODsJLVYZt2r4ufCU_ad(X3cy z>-{Vcm26=2G<&q`*FxNitLnL>igKe%kLO2p4`R?>3us?aW-t4Mem@Z;?>D@BM{Ve% zDOU$iU%rU5FE!Cd;l3}A)-nce&NaF|FEZZaB}w$EA{IK?Q`W|~{?QHc6<;J`mSN$2 zf_|l+i-BTOH+5}ORdhL%xA7<+*|i=|*T##b>XDdwMUzCETT?#ltXw4V_d=6_L3FTG zYku%$zTD2k)NkS_vh4(>yJDqJ#O{lv`jPQS_L@T1qV+Dd?O{a%^(%jM`;7ySagmRxX2~$$gZ(wS%~@Pgsh0->tSuO}(z$ zw!4R5&WdmHX6%!^qYs#jL$^)*Z$}p zxde*llO0S}jWah2)U>bBKT>f_?XU}@&}R)0t|$+5ay(8MMEs|ae9=?TyHP3`B7s-WA50+g8g5Lt$+X8OiQXLq)0GV zyt?Lo<2p9+GdsT%CDlQ?-miHFI*~* zx!)Moi;DO^FD7LSV;daS)(;XvT(lmL05Pnsy7n`<(zO)kb03|AniOkozdtW8bldh$ z5>#j)XZ+7M;T!cJl0`pq@xX>+?z)=60~a9KBp|pPQ+xpNcdvK1SRD34FGAwwrUx5e zijM1H9{2M^4p^AgBgT>3EjWtwcpP!sTccaog?{!T$_i!sjR>94|G+B<} z<*Jb?W?}$><-peuOvDP-_d@7ApP?$(4tRdW)L;`0+B#F#S^v3pBXRM4#4-ZP9%M$Nu2*wv5A(eX~-fg!z11Ec-TM}MBDsd_A|HB$!l)s4_+`aWDN=Qjy|dl zY@0m2SC%Y)22hQ8%c{(?~3|VGx7IRuj7?Cx%$(tz$%7Lx&?*UZA+WJee`PUu zG|f$StZ1m=8a%OkZFE9Tr&k!-oH!46IIRODu7?Q9akR^#7d$&5G2IRyy(H|uzb!V( z6^cj=BRBM23~;-B^Y@*;vnJ6uUj}deqhq1z0@mgLEHEhKXMt}?+sG#(Z#Ne1Vcu1` zeL}UpH&NvYLwTyzJlMBUczaovqb=w{`3XNDtpiy@pXMMr0bL$1tB)41onyPLNYJ(U zerSr|K`(f5+knHOjdBH|f zQ~HEga`2GEf&y5^P0|?$^9bMHoteQt(l4`2>e6v?dwP#N;@qV_P?$eVkS55vB#S+% zGOxd3hzrfcCD6smdZjg=u7+~-$u?FIaK zjB6>hF%vy_(LENIs{U@jGZ@oY*|S+=SH56-;c`G*?{@lWX4U);m}Cl}RZI0O z{@9+vf&jOM^4(vm+Rvtpkzb_Kl< zs%O*T^`tXN>S%48oHqL>OG|<-O4q=0sMBJ%>ckRwiv}P(E*%X-ivb5exgCr7@)(D9 zzk}xXyJ`-1#f)F_sp+LM#4SeMkc#+^YCCVpK`O4TID5^4&2D)B-$ImHPS1=C_b1~p z0X;znQnRKqcKYQCwSu_}dK`2==oPi5`((UUiR_FqRr9NxFN2|NSc7EKSC7ds2XSUiAG?&|da9O} zy)dY(0Ew5E=I{kK*&z&%mp|==x;QHDjxffpWnf|laFn|tB>k57!2rd2*@3Y{BmP!Kw}PAMnd@mcn{;U|I}>THA+U)sCM z&;Klbo=vKd56gPhyh46oFGzRZ9M6%0Y#ADaT%sBh(S5OabAB_TO-iV_q>pYh_t)t@ zsA~Gk+_fi4tci)vUbc^uIAtEPLr(N4Cjj@573~R00W-ma<^^pMsUB<3_n_C)9lW{= zPxLCX+&wqWyI#7z-G64tJL^j{76HsdfALcQ#VU75KloVCGS7Pc@$K9aPR*ilLe<{I zRiP7eRmE<=j7+5`+{aU_yTfN$cKzj&Sx0KLZRRC#AZ(-i*6QXE_8%PsVid=M;DalC z%IHV)=$lq8v8kJlKW>Oxp6EQL#^|?8(7j|nM~t|@EIgEe{P6?qeQ?4bB6_N>2_GOP ztR5sGxB<6o(Y-*Tu3id2p|rDKF(WJs+S$$6P8F=rJxaQMBzQK?RxbAMt+erIr$q;d z@>ivaE`&7ImeRNC31=gQ_dfXPe3jC&CbN-cwupc3#5cGy3+?F4(hOG4&BtE)rr6wY zu0hC^5>7x5O~m1Nsft7_Io6!XZn`^U#(oR)H-S)q+dWQY?#3<+$oAOLpHchBelG~| z7!CZZY{VwQN(ZrzTsilr`X3!PRj$yieOmu|$Wc}Lj&Wwuiom;cjA14`zi8U8HX~0| z%a!#YPSanGRWD9ZLEr zbHg2BEZc~t`3>|Q2mTUZ)(ORc=2t~AA_h!fiZ7wRA9}eyIpZT(12T_k1*db8?!Da% z$~*hG;FM=xvsSOK;A$yB_=yYDr4lptJXAg;oh3xgWN6XKw0;D+h$V;3q6|FkH~07n z$jh+#p3eGyMepNdJt*sT%Dd8;(wwqZ(D=2fY9z6ERvBDYFlykGv&h|&tItxIiouT9rJO)KmfuWIf{{d%TM7f=L#kRB5 zjHZ}W&Fhkz4XpuFH+jdgxl5`N@NN-#pD(#!?meUn2lv?8XA4u*v=WG45B7`=v|{3~ z=m&1RI=rmcU?(Z_MBqN1+)DXnEDtzK4blT+g7SQRNNW@cE)YcyWci* z7(Xe|9nzv|{DxP?;u4+Q#-HjVN4Qvae=S88%jU$UTc$%jQI zeh}Geak))h!@Fd{w_lcicEY#$`pe8rCRWp@9z7aUP>{520P#okG)Nq ze|`d{dJFRISH0g-+d&D>YrrbwnQ!~MdR8Tk2UVzwUB9ACVmu2&?haML;Sh`s;V z!SV8QpNlttP1T`B)Nj_{dTYhsyKb3#QKZT1l<-xH7X^U1r$v=_CftHJUc{Ir9ZTy8 zYSXsQd1H1)?he31zdTwRtzc)>Zgh?H8u|L-ADax21ROSt5QZ5)q!_HK6ibmzsZQ-)UTlQ!u(Cag^|arVNjygaR-invrH;j;{@xAF`fr^m)0P!86LW*0?=vjskCg z75T2JeP^JJ;$|mg+3K9$o1(^`bggQW}9{{c5c5n z&o(DU6(t)F%MZ5T5oO z7<(=`{_K_~O;kkj6p;D!RKCz0FIGd5H=P-cdTF_5{X}u`a;pEhp>*A8R29BH8Qf|- zq{sz$Bllpz%v&Oy5mkbWdG$j9$LZBj-*wh(eYXmPm-TsuD_;l02-X;&iuS0-A%-vq zLr7+?DKC)RqW2K^AB=ZYepLVzGae4{v9ta$!ceF5MZfpc~(=x$)TK%KU5CNKY}qGp2I? zC6pw0dsUg10}9momi#FW=C7#afNkB{gdCwdepf&9e$Gpb^idL?@Q-Al_jS)RGEgeC z1qgdL3)9f@b8})g><+kb8A5U9ZTGu3Z_$;>%d*UMv5v>2>}KqfhOb8Vef~(B&hCZQ z%1zidN@8)?fna8XyTLM{&jNUEg6fH_8KfYdc*-nmUIB_pb>&y~3IuePCU!Y&R8x=JfjI zWk1&Fgt_~u8(8Y$c|0;1+e0^Fje0veK{2NS&DD)lWuR^n1CAchp}oNMApeL?|Dz+S ziPDrha1=|RmIK-@2%wQV1hfwy!FUU*`ail-1h6&(07Qgp$Z|yHL6H;i;FRAlRTh`j z*g7tm7G>TF<;l`wyvJ*s9mRZXeHehT=!2ZudiFxMF1y?T>x9j6&C&LM_~pZ(ZTb!I zu7YvLw!e35wt;!RNiWbjpZWjl`mf0w{~a+80Fw`n4}j-X-=4qwtmyQxF5fly1H?qU zwK-`sf5I?bQ(+Vl#SJMz2~#Rho=|-zl>ru{Xan(G5?(qNNiqJDhLBH~4R!Ddcl-Sm zR_JCfFMFOrd@}}k-A_seQNTe03^MVSVu?Pw?i(c=XKq-u+$8yb{oxuGq*Fg$9|KrP zl|+H)s4}e-9nweK{Ym}MRnN*9a3kMf#P~b$Fs)zqW?ULlPal31Sf=;=BxNFX!>g=I z$bg@)30S9l^nw{^!c?Pas?gOmLOmC(ZsgW%w`TQi(kOhO6UU=)av`$x?Jb^~3b|`v zr8S!f9LYEl0Q|Z(PZNWOLOFIYanxKskiaBd{VZwiQJ0!>reu@wcuB~5xatMUrYFed zB(J@x$*RS<17psg0tlf)xpJ1OMwW9x10uCYk%Z%duatJV)+T zuA+G;Rrsel1m$x-Cu+P`7)VzO316ERCMLo~iZ+;Ct$J3lk_tR$hP*B?i<#Sb7F=8h zD(uper*O_mKY)7e)JV)l<7M7OQDRLdUE9sg%v#$6irtjOe*IA8qwfh9SknuZJCPI> z(l=(>GpK;8qo13?g#rIlq#wl}FD|RM(i?8Zt>b&`7w`JuRMg0P!O_r~@tz;?WDVEb zg^R_V^E(vfgslxu8CTZ5By(e1-$;f2{?VEHh%+wk#<|SJN2^&pT-rz*o z)qax4xn1BFci2?*Mk?~Fdn*_7)wKM-vRt|hVDmbhM2w9-O2-~5^B zp5Gm#}0&y>~d6GZf7M@oGa{ z7L5FoXOU&*kxuq{=Q&4z?qgmM_II4XgK=dnth$HBcbbT})Ye~e)?&?q2?CJ%FbgmE zXd|t@C2eZ&)t=~IR#W5bXWQva@%p&U)JfH!{YU3x&OL;&&Le@aeF#NjZkwM*){e;K zvFe}dW$_lO{=)iOlH=cheP23VYr6!^LtO+iu{Kr9rvGcjJXQ0w9LgV$>u*dEpcdBZ z_gqZZ)4;v12tuFNR8Am^HiKhAN*0FtL6YC~0fQokL3^vO-H{iDM;?1F z2`zkId)@H3VqdEFy-Th&Ik7tu;K;?`+BnkRQBvmxt@8S7!F{bO!k@Kf%=|)w&j#9S z7@17Pv=!VlJ$l62ARwUVgZ(6Uyb1II7!TmqY|*a_&~BK;i0ic(@#WM0{C0EVIk|&E z)iN8I7jE~D>Cc#*bicoCvY;XvqxYF%$oX2+=?Az0v1(vyD=!a8td;nFXmD?OWTZX& z0e>xPHS1`2?Fads)aVImrsz1LV+O@f6vI#Z+${wd+TsmKqC}D~nD*@!^5>j=Ztlu0 zefib!A%HA=krGZail|+m>o%)}JCLMG61u@2x!tn|_Igr}4DXLNRIB`!?748Bj^Ew- zSbjkC5=fPLnWA2?1HM?(yoV$}Q#BnTC2mcIw0Eb-Ko5F;DXza99yCmpRr`AR%!1(+ z1d(b?oFIpN*AK4*7WTdqdym&FD3y4Qq+|T#(nyL=qA#_>d8!{Sj;3swc$0uhW zavHCzq2bnB`s`w+j+$+GThB-yw+ESaz@qAZwhsQ^-~T(ZuyYkM(&wG+(zea?`Py3X zh>hSW*EBPA(YI&kb72|%B~O6Tp^qldv5Nyf6G!n805uSVz>zI5h?x?kyyg;Yrf+Qk z#XjFH=k_bU>7BC|?Xe`!$s=XH-E<>u4~c>~AH&lSXUIH(pa<|u!wDICDWv)v-INw0 zVx+e~`bDuF;Abp4tx2g9eem6{b~$@2pWv6NQB!e+HCEprnyJ$aKm=U?@5r}BBK=ym}&61G9kf#TD)<| zTTmd{e`ZwSc1lY{_7zsP&(G#nPwXf@))Y-*3LY{5W&OCkjbl`5#@cweCN&?erVoaA z^!S>I_jX8>bI-@FiD(d^iKuh5VI&jk+7>AS0B)TtLig^NQo>UPTxhddp9GdWZN+q$ zs&ottdFEHyO3b!!E!MSOWmG7omf-2qP6YRzx_R24)oR#n@9t`IVeQ&@`gla)S6@R6 z_2ZA#HQo)#MSXyhdW)#nkLHAjy5RLPIJRk`pHGnSyAKJ%mgb*Ots%c()OWD9_TG@3 zYPz;iL%%#difgJ*JmjEAzX7vr=tU^Ot=`)@zzR&9(Eq!9T2JC8FH?d^9IMiaR55(D z`Mpg7dmDadPwSvB)}o#3=Py%V(#n{|nBbQyEf4n{5CP?KI(=r4P?p)b8PqlJe{^Sn zW$uzV!J!0&-TlLQPQ%JA-C*yB8rFO>%N6yTON}|8hYB7NL5Jf3Y|q2{#w^IqQ-Eu= z7m|CgTbqDm_6eIYRcgSGVo=$-GH$>5@H68vclRKQP7^D7f$_v@C@&1$i)-NM5sg;Vsv=`)YT^a$v{kYd)|f8cstv`&wuv$b?aX|Gu{IhI@xkaYOjA@{|hF{!Hi#=l^A+9V6L$0>%^{stCNoWq{xRc~9 zh`3WQ%eFiigr^!1e2Z##`|WRrLX57ZJ|oEq+*<a!3 zdI_-DQi}ewqX-ZDKTdJCb6S3JcaS%eK`L-p3b0LWI){+3^TGfm3EU;`)?=fDw?6|T z`0nFyu|FI}#Bx$oI3K#dymszW^7T_Z;qV|C*P{JJq6{{%)L&vnY0 zQ3zJDN(Zkr?w)^K*c5O4U{h@o@dc!ao`kCc95G$srwJn+y5gm$YwKI8tsCRovwV`2 z+-##>obFY;znsf5c0v9lOG$IpwY6Hr1FF;{fIsA&Hi9Jc4}n2rYn!_l{yT|nenDDg z$?MlGmKtjlNQm;f46AL968%8r&qxxwx4>d>S$dTxSGU~f*}KfEwdXJn@iWusyL(zT zl)JUWp@lBy12$nB1HelUJu>)5mp;@+wuwXkN!A_bH$CPVLtpa7wOS-o!|S~uY|S_} zihS>}#QB;Q(To0F?Q=r@@UL@=m9}pskzCauU*2;Fl1_zXuQ`7vm6MeyUCODxHM{!e zcvEGnLG{(*_1%r)DLg1dC`Bc$@9~+j;Vky^481MF(AA=Y0dNu@q?KGtFg?Uta4st+ z{Nazh>jf>_AINV^9(aWK{Z?VPMyp{YU+_I#g^z)J>+~ICPQ}<;J7lln`^ZAm4%Q|w zB5l*XCOSn0#((jX}j?WGfNe~Cc1)2ebjmX$a{hjerF0UN=h)9*0;fomxV340GqRz&xx3eU+x`Y8 z1=pg?F4fG0$JNwZA~?J#=A;+Lhq$^`e3l|s=>$XHEs`pM%r7cwoEV7kI8Cj4w6bYr zU49RF>6Xg<+b_O(iv9RaYc&Z9Y`*jX&dvzV(<1J^W90-Y3k-9wst%T{^Ui0?UU9{j z@7wtRF7Y!R@^6F}f5>iwxT$c`IJz8eM1=HzmYXo8WDut@rqJApV6V0Yv$NUuPS=G~ z3nd?&dsUoTwZ7b-55^x1l&~O%XkbbXac2#RX*QScFP1@*pb46#J_hS8hplBi8d7i5 zjk)^P#aoS6r1gxZF~|#*vjBTFdo5v4UZgPi9SqWs5TOkar@Ab8+Q_YZbyA(GZ-mpg z-f0=Ut|u1w%eO}5-}(aKL;7W;Kp6J`N)U*H$!qSD{gOFv(Jnui(~k1fUkan8w#HB) zHJ&6E#-~oBc-xC)=ofHu1Kf{t3y)5k!ldxe`TbDGp0Rt<(VDZjX(gRi?0eTze{ay| z>pwcz`XdcdMvmhb&j09s8V)=~_J9%r81gO=avJjeAKjnLP)j|#;~3Bcz-ADSdBfpq zUKS-;Rv?)7pXJW~4MOw(E7J0`DO3>{*gj{}A9?Ooc{erfYh1kXJ42YoZUYGngfI{t z#e-mxLK{16sAjvp6q&2e1Kw(z*ZSGQqADtBRve+Dd0<~zI;%0#bkguef9bIL+?JSK(7v61+=B=$cI~E~%Q6H@;FKAR) zxarjIx75|f@qnn+aN^=6qC#9k=_m9e)QK61L2dIO0Y#`%x}CP<_Pny-k^@8P9!`RF zPvC;+hD9_=dI~Q6A5Yk+P!3+02yi-|`Q15YbG;iSuc2k}{+|8r2Wy2Z?$$y9!wY`H z^zL}L&9W|t%?ZMhk_DGMP!?({b8|9DN*nr3d=J$G zf(ma$a=gF^futq~^#W8u%81K52N=yxj94q1pH{m?Z`SL-SV@5q+A_4y=1DA z4&^tYs;@p8&4KiS3hk7%uxGr_xB$cNX)3c(k};9j?fU{U{kogm`PeV(yxdT+YAuWX z;%@*UKb=N;e75K>)+2d*0Wg%D!^OoFkSq?D214+eKuxJG%e6yR< z>V-hZa@0Fu7YRqwBezqI@HiIu?e^^6XB;nR3sc+Y_BONr(b>eaeBi>ry*{WHdS3t4 zi2v^gZ`MuhPg(2Jz>iH`6UaA-3NyMxf^6>jucJOPRzJ@&U8RQrG1VAo#*Z%m{mANV zB-P5plHkSW3(FV;s(RXFE+#z|4~e1)&v;~8t80}K6#XHTyq{j2!yjU#f3KLT1oQ|P zGq7b@jsl^_h4QT&4r@OxM(Bc~KYH`q3(PkcL2lT&a0uRU_4F6ZE`M3mM;{hPQ~6S# zftUx0Pv@;cWA;EQJI5Q@#Cv}YOGeu#*V`S;iUQs9RGkgVnp2A(zWeU@Nk=|<D`l3XRl&T5dUodv$)A_2J6mq)Sr0m(HRY|oD@mr@fy`A^|IvkS)17t z9NCRhPpD6^H_lLo+mNB^eZ{(S`g-nU+tgdT*0TOn&~t?$`I&9n0&B@636kC#{{T9! zM7ZWp%9vp9K@Uxq#2(GCWdC&vmEyvZaFh3&wo=uZdpsiFH;_ySeV8Q~LP{8b#)jwgd09Ebu?exyQ zNU*~^+?C*-ZSg9N{I@M^q?1uXBFN-~{o2>k!THDe4JWd8aEn;--K?Df`{L|id{Vbm zx%rnW>%Zmv@uM{UPR=HIxO6ZV#X1tvCMI^vD1OY$xca0 zlg+DkU)rls##-iLiE4khs{6Nqn)83^7hMTeF90NbG4?*im?uxGScPa2uX#=L^VMG% zpNLu$?F-CG(f44(F?P&-bUqmLlZ+!x4tnH*F3|Gbsj8B8+wY9g*+F8qF_1+MBg%27 zgrkq{PF;?B+4Upt9jJb8HCKbqMUBknBJA*?H(vh%$(YCM?$!2Z{yvil^W9fyJRBfVhl0KC1*`B}> zLj3%BqXinyt;eB0p5+CP{_(r0W-VZwU#a${Ht!-CH+YaNA{~C?};Xd|d398%z^^w@5ZRh};tl7WuEA@O$N;&4cQ`VDK8Eu0IYh7(^Al4{PJy6@Z=_uvxQfQt?+L-W zwP;eWY$tv!du^Og4P1Oj9gvBYv->7=G${Xbf{|*MkMvYdx93Cqy<6NuottUa!#{_5 zOMK1}s9_r&+;|+UlEL)&il4Lm*C(XE3A78eC1>42f}W$7HG~V;u4Bi-!v0{*6x10;5j;M7;g*d`Z8^<;jr#mszEPzl}U^ajAb% z%9nnltFuZnNOiiYaqFQ-SnZgCl`F|DTuTWElL_ zvoq>JdK9c7Me4)_rnkn?FBa^+dV)T;?8)>f8RPT16y@-t?##6~;l|;SD0*p~L3;68 zkFqWK;!2VSVRK;QAej$L4?2VKGADTcX_;%;gF4u;m%OvniwOK^d{OE5@F`CWokR?a zh9AX-6inDpBgI=pm5BO<HcW$qw@fo!06T1B!%gS1WP9L|!{h8Z~S9BAoxiWJ_7k^Q%q;I%;Yi>#t=lT$+$u z7ij~VdzK}CdHesc70vJ!ZcG3-AbVW^LPY`@3Vb}MeZcC^ZV4EABE1Lpnn353cprW! zDvSGJf_ZAFAaS$wP4vt1K&x+CYS$0NyYv351?sw;L1n^us#u*VUZu89sW1%lIN(Cz z6iWnM%=w}GHXYuYxs>Cr?!3dl?J2Vq9|);_4+Gb%r&`j+h#oIOYI&9RSBZnw8%wwe zACHdLK-G2xa!W4hS`?S(0$etL$@3gh@A+cz#Zgu_K9%>Kkw$fUG z3dN~M%7|{2i|GbLYD;%$cc_l4-q}g%FIFJU4{68KWHp5CT0A;4tSrUL%8b{s6{=Cf zu}x}MbR5%SXZ8lct|g1H;6IklC8r9rJI)U0Cc1VJV%}M_#b+gb{7o}9=4}*2=htq& zkDA=tSVF>x&zpUfb3yQK*Ko}r#iEp^lSgm_ZH~10#e^zf3KJauT;qct&3LYH^woP3fxf`;3&O9M{sTJ^bBh~Dp9@ji`zVeQP zzqsb16u9(>etrK$B8chpRJZrvk+(hgZ@g>#&$=hpzqoj*m^Y($w9hQuAFf#sg0BsT z@*sVcql-mbC=H}!Y_IOYi?#MvL0Vp^aUd@(2O26qC>d|cY^>HFU(|3BDTiGD4bL_#0q9_H`;sXad1l55HQ>2{_0%NOY*-|{Hf${x); zKvJaVnq1%gM6yvY5&#SLdh7O>WqoC6M6JVe|9Ic%?}`G*l?eS!pKD9HaU<2KHZEF` z*(99JJV*;*JfU}|@P1D=jfv~D#1(lGqV(~GQ2rmJ`nQ;AS=C<(2hq|W8#mdkTx)E=g+lti+5IS#qnmG!{0$?mEh(Wrelx*g_Zxv(;?1e}Q1q;(`^S{ng)uh+>L zhnG$P@x$ivOE&fvy@29K<(@RLX zp?(0&O*J?zDxYjlllamomD^HJiI;uqkoF+j)yL=ZZE8bw5{uG}O^J1m-yXdqr%*zA z5}>^&*hFkg)Bqw({IgxbiDZx2=AV9wHQ)y82Nwj~>FxFf1_wk{_8Hj?qGTkry!jj><$$DQMgg^=p5;r_z1TQ{hi_$t@Jn7?2l6aA{nRw zlngvNfu=VHU^o*j!W{Q0&m?nw_LOvxO`2Vg>!wDknkgfy_v6fnqm`|EGALE1ekiv3 z5%CJ;XVp(<_LLi03p<>!o3}gt9-7O0Wd^HU(pKaXun8Cs{-nKM{oy;+fnb4^U)3HE z=I*8Obxi#+dyN{wn;RX6#hX7f^Y~5eVHpt3WHIFuZwP1Wj>lNV1sq%K%@cPFDYuwn z4~4;28HD(f%DPmz*lB){Kg23tS?s<_V!uQxv zU$q_8VzN%zMM?BqG1=iHH%0Ew23Xq#WAgQy^oL_1^5=haSqUc~PdJ-N z2n5h=Y4+$trWdnQ{791&SDPu6SnZ!@z?LzgJ$kop*Tv3WoBK^8*KoOB(vnaBX2g*S zV0u9PoFPO-Qc{Szy8*gK)X}fRhZ0I?N zk?oh+uMViyn&zQSt){v~%U5HowwY!iXAx@D2YCeN&qR*3!ICQJ)R0v^&_TUUGy%l4kot`#fZV})-uv>`fRNeS1LlEzVQ|} zJO$4_417MIfh6 z!kS;r!O2)uF39=n#q2D40mep@1og>jErRK10Th_(CgnPFbr2of<|ch~`Chd#-Jjm8 z!+Bo}7Gu`<&@TV!9P8@~h4wXO@>EKLB|Ha5~PuPx3g0{{$aH zpvH3M@}Z(;MHOg%Dg=m4m`>d4-z3ymxFP|~-dc&TP9(^Jv3siI!tm@sF2tT>UYyX4 z8{?*xGbklW-vGGf=?7v)-_2Q=MGxkzcJY;>GG#sQylyPEqVQAfaA@}ao817DI)3ux z4d|D*v&%oobqHcE7`^=b@L?ATX}&ty<P!H~Xr8m`X&0QS>L-p9051W86Q#|py@2~8 z%%N}63F*6dONW7P)U2YO55M7F!Eo6Deav!)eYgNSZ1>t;y^klID%=*V473 zK9MiXovIVjDQ6b?n&of48*SJ2lJ1E1;K>1*MhUI^Y42P}%)b2{?y|OQ?Ws85`*ejc z{M_zRv^K`yo>|N=$|G1TGe}3S>-Dt(>|@`3ggVuWQh?)XwunO0HJ^eY{M*kQd@$*i zbu}@4rqi*nb5^eXql39eTzBNv3zv}#Usp#7!y%LjKn*7K8S)DnBaSof>LM8w4Q$54 zZ@iVvbZ{z^@={XVOn2nXadld>qI2UY43LPYR1$Q+9u}B%jtr1?Lp$gk2^m*Lq*Z-b z9Q^B3=^gf)`Tp1U@fK3knpV9ryZvkOu|+OxwesY;(<+1rr5qo^uZ=oSvEi$Zc)#$*{AmAAD2KDFpp&jSd=5AtA|ilv)x4Av_wvH-vZ6n(q<0 z(%FzkxlgUl|1^#cm7>~GAk}0jxpOicY&$$w_kj}hHs|3E{)#& zgu$9=O`9w&d^=`GiJwLff;fB@0p8mT0GCdEfcVc@T4$S7{D-dw2)A7Szg_?3RQ>aR zC1GaWoP#^WP5q;T1gb9_3g7t_YM{GwFTy?Azch7eIS-WT&g}B)7Apz5RLK&HcUTqW9%dOd=hce+S_CbwKyLMe+Sd zH=7pxkFGLkz9o|&XQa6`=)6;eFtufH)m-ce*kMvc_?ZD1 zx`2Do`rCv34B}wa_B(GrY-yBZ)V`IbOBuo+mh@ZVGcek{e7|8@W{)Bn`U9~`X5yoG zI7Jf1oXNiKnm8WzF{?uBw&)oRQ4ZJyVTNi{tGRzPy=eeLI>-B-Q`HFep6Ei+xHgxLDI@`MTk=HvQ& zN!aqdp@+NtVzs=;|6uPupqkp+wb39=>7euysY*u#K|}%~O+s@`Wo2cqx#oP^eBb9e z%YpHup`pMYBs1*ZtX<5}9yD{WO0=FQ)+Ob&syo>&>QtsN54BHMmtIr&Lv~)d(XYc4 zFo{t@A2L_>Xs}N=$AsGu{4CN62@dOt@lOR^2p*q%AsE`wCb;g~zd{JRi+u&@N@R3; zj`i)};AruhnP(E=*nZen_uR?2>REzSD35Nc^iq6x=98dMU_tnH{s1vx;d-%a1w)Hl zc-psWeDw|0S=4-Uw79yMo7@`x&iCmJZ(mz(y7p4GE0SQajhA0fyS4UnoPM)D%GItY zchU#75YcNX9D=Ho(`B^*7=`468 zy|;4ze2rRC(oM8BfUAbKxaR*7mD8u0>A5904O68oqJ zF+aN?{i2#Kx!^n*sKfZsEv}t%V&g2iLL!^MvELAV^qe6(=u%7kqE-e<{KDNZ#@FRn zn{;wW=xbt{ggZBYb>avCZLN?_u6^!{E$Lr3F=Mh<>B^p){9gF^@~PZPbL}7`kZ5nN zZ(`9vGrk?L)4L(Hq}}nP^oDPRAVXK<>B#7 zx2JH1U}~8AxGX1nWsNs3!1t-`w2*NZGSJWK^LR2H^U>gE?F>T4URsM!?x|$dTU(sU zMrcx=*-fc_>R4d$woAfpYDOZ+>b4VUu$3E5dJ{q@uYrpEiO&i8LK|vacOwkM-uE(9 zUKk)x1sgxaX-^zL!C$~clEvQS2wHP{ry$;w&WtPj+NpOY7#7KyUT!*=rkDX(G<_f5 zdhnwB z1jn+lBmFXZ8sl5L;a#YpU+C)qM%;P7PXO+-)@sjT!P08L| zOQc;`-e$3$=mpQevCzAu_RzrL;zo}mZ#RwdV$x@sv>s^W3Oil`CsB`8Wb>JiiaMl5 z-B#31y}AQFm7^h_>r19j_IYMaukR9)EWNCvkLiBcfT0K6N9qK|dA^)7m|V^E6-OVw zh2hkxy<|0@bfFl%AZ*uUs%3Ag44l9t!mDb_Lvio%aL}wm-{_epWWHZHV*3p zCP+Ewl@H%+(xo#VeK)cAuBJsGTyHe^<({l>GPAFM^fkEUf0@1}DmT4^1rV>9F`H49IR16^8=MokuG&Z6L`;qq}{M)+jL4c*Gu289M-n21f5%z`GW)+CM;wMNtT}lM|3WZx5in zG^6wIQJU27)fpgvK4JFN4^THJet6~JfrKcI^ap4gQ1TQ}r`O@*(qjlT7|1i%-DND< zYcZ(G-=3j$Y+*+Mb!>8b0vi*0SH`=z-jh@*<8oQC`{H-TmFQpor_bkwcYXo85(xfd;_Q^2-#$0wCq>9V|H+PaZJtre zrOZ{hn=||XB}$x-q3BwQn$v}-B46`|zmxSUe@U$0`~ze#?O3|_161Z{PZkU~CrKWY zcpy9FOJ8Mrb2cgbeKQa&a)BRM8EWVnt_K$=t|wo7{K**31m8VTUtzv6 z+ugwE;$7+>CNec079rLzl#`Myy+|id>I07mdwX~y2$SP0Ad9KE;vk%TI9t2b0#J33 zdB54xH;mmn3l^*#y;Gl(l9gdcl3movUSCn?L?PCd!<`_(s;_TIpfBG+7$Puo$w0Va zcSNTl8bEARBzr$we(0j8mNlt31+Q_lp8IU>f5G#!%VU${2X`7i6Z>zyKB@@dFLIH8 zUt2rdphM}Cw#~s|0#GNc-+ADhsOQPv3QX}#2h@HljC>PJY$(otp(s#8~ z3(M?K%?aUddM`V5paUv4pI=tfL8>Md#NJ|m!C-pW`Sm(V_b>ZX<+IX;{{rJMd1EjM z>YaO5(}<#@! zD(NcM+!)_40F1Z}K_Z(6y*O93VzbBf@UOQigvKO@WphMvEyPUN#esbX zrAq|JY?gK+tjfAi+9QT~_rQE7W42N6T&EVjz7?%WS2l_^9Z`LkvUk*^ps;d6YTocQ z1S%z8KHV&_cZK@v7!hqOO1;}sa0+B`1hR;v=%qDrS7V}Tdx2J{Jv9mbHDI_e7! zCo1uW7-YQ15)_sGwl<-|wD$dQzDdt;5=!SHng2r8^_cB1x%pNs(n~2z^sg=ms1E4( zN#AZN8dn1SV_+8kF)&5XsEL3In+o-x3A9QePEZ_&LSaAK)xWZr*nIYieHv*|DEY$`-ec-m?52>a*9e)L40ambnDTg~+45TO%jL@C1 zP*XQyn)mM*#(JKLlwC|k@z#pdrX-{seffVb6|Ssh@|VMg*Yb-4%8G5Ik7V^?N=xbG zK@=cq5Sj5GBYuuQClYy`zQ;*`qjXj5=P4l|G3j%uF`zKy%=|7yV3%p*et3ftmADKW zjXyo)0r4d*LJId}YNL>Bv$ip2HxrT#wEJXh6jS!v~6X(tf~ z_~VyAg(#g)v=l)|;Ob=Yn{zL#`{F*765b?^X5vY>c~~_5hnGX6q%x8C+xM3biF7Svu5ue$C?!ZR>C4m0AAlYU+`Ia7@_~2&RI_ewY3`hpN#OdI zljr9j>Nr@cBtx2Z-qf63U24{Z)Kutm>{Jgjf*iifkoIrQr`WkH!OA~+v(Qwoe1ujL zc!0@MyzR*|aX3qwd!G9nQth8- z*b_|C{fB|mJ!X+&0lEKN=fydVVRN#reiJ+cx3urXWfh&v{&}zGWZehizp^?|h+hx8 zl^75t^|vb$88nRD8X&sXxBt3TAVMfejs36RB<}bSI5Fw_^Xduef&SJ2G`ou5(`&U? zg`OM=sJ_PuIQ}`HmubVb6^Vc+X7X=OY&Br=k6tANItAwM?^>!oqw#s46RDyYp5*JFa^>L-EpYXB6^{#a9E`EH~t6H z$bvk-%1rd_fsZ~rr_w6 zk?X3c7B%K}Tj>v^O!Oa1ORwG~&{qZ#f(W)AI*T2sD7Y!PdC2$hUEOZp~Jb5 zkq{%Q2Qt<_MF?4_u#4rZUG7MURL%CUZ?0Pbi%$1XsYcM>{qgapLA2BX8=-h;D0F}d*Y8H(+A$pP?9r9JVT@VOC0$o!_4$Uz ziy1j|7h-nAU04Sb7FvFaT);$$RQKcaN;Vo_=5A(wL02?&aqLXM@hYg8Zf1r*3n^`- zX8ltN-MFpFEP4A9!KZ8{Jh`9LIy`a>z*dYUo^G3A6bvf(8UX79Y_bP!@^>`du6|&$ z%R5&TrYz6hQ;uiEe>7*UPgEOk7qd@CYm}y>HZLIE-HX9}CxxZ>9gscAa4Qj2e zmp>C~^#tpd;hBH!L%TJ&&7G>+Lwo%yE&oT>n-&DzH!EkH z{6utzn&Nryhu2Suz5nvq(NVyaKr1NyW1jn5juy4Z%S924CA$29hAq)S3^7#QVzT?O}?c_kVY!S z@ScwmE6oEDd?dJkDv8KGs^XVLwaSj<1ur)(&2mgj{^YWW0ex3LdIIe0SFPWEkM+;p zZs7|>kLoqlYxr2C(fNhhCaexfXu%M6s@8GJ%~yOB?F4+X3+v3l4*&v=M{n%W!u64_ zTqrZk`HwBbh-mx5=YSbeq;%upt&u#i?8%-AuO_IZOONwBXPwg{arPQudmT76r9)8p zl#A(;)?hcWku^;qtwto1%eoQpZ{3_;i&*=BFedpQbVL97|APPh*);h!y$Rs%i4<2| zPoeNA_Hr%lzKkaUti3<@2|%C@B#;D3;_v=F%XJ*V>T9*pZ)!L3^W)wG30rHeav<8? z$rErg`SyC&L7f&MhxDiZmpKj3{!r)~$Sh?)3BYQ-#+@K`*YOga8rikvfb5dLOpN~! zO#N2@)_*$2_TLnCxf#CnVE_xoKUg&gqr>sa@h12s#DSStcY&wa-@Kxy2M5rkWFXzO zyzi%-_%HwRDtNDM%Y%PRp5bzzc@_Lox=j6Ajth7FEC=AiYt4jqfSG|jB+79c)l_zF zJgo~vZ~q~UVB@@9k~REVr!(#TCSj;41ji4ZU&kjX{s0NN012N7v+fwiwQSS{q$d61 zS3C$i3WRE0V+HQM-2$Uy9Zrgp--nvDPs+w}e@`H{NKBJvBLgC!YxnT8-~$ivcPj@7 z&ZkaOV|EFEi+}!Ql*$;}+Qk7%05dq&U{|1%E>}{KN6UlkaxVAuM7el;#v7lrrYx|; zchHHe4ph3WBKi=dK%GIYUu@TiaQ(>Z!b$xJH^xE4q$tg^u|=in2MY5`OoWSK974h5 z_?f{Akh%oWr{}AG_IwxsuyhM=zr2m8Z?DCODq#>fzGc=);VTn34Wz1z(lV1euHPMxVT`QO` z*$QT*@Ca{BAKTb-uVr+Vq`k`J|Chnz4cIp$56td--rYsv2CVxwme-|0RD=X$`cSN5 z+sz*!x$N%@ns|YVtKRS^9Gx3?VQzEw-#$tFTPrhX>1+jkXCHMI)UToB2|-8sdE$d0 z`$E|`eekahhA7`-cqjQ#V4-wyzsvl=)?5B|57G5ZSe2#G{RR%REy zrVN47`}4k0kj=>-Ag%!b1Pcf-{Jm}O3-`s*w6(&a?vvW4qd3lGwjZEuOZTjIC1rv2Nz{Atbq4;t_~ zU{dU3_)rmE={dknnLD z=Aie(OV);hfY+7w>)roz`*+9x@Ogia`0uImFJ#Z}#re-p=KrUpipXBTXUG~Idh;I= z{BI3ms=ZwR0E98kZF^T{q%X6j`P$l_68xvuh$(`1aj&iXTQIBQ7lA(=zV(1|+w>)% z58!_Uu+)G6mTvzO*sbNC;jEu6z`poHjch6OdgOI+{3+|70--BL%|CQi)IW69uL4~4 zW&xl^Xn+dLf72sHiGNd@zbcZ+$xxIj;_rd5|H8e|SMnt6#Ir&6|DkeA;A>R>J~V$D z4aYw;>fiM9f2pr4?eH{v|K4e!I`Ws+ucpBNN#HS7vGo+O8u5AI-*zh%Oo@tWT=;s2GHAW)x~ z*^up=n)>u}FNaU1TA$jLWVNr3BeuAhpGo!7(U4E}(+JeU50KLAeHp{+q_}vN#$3QXn=+P6*m6%;` zfENbHihd%cl)`1?m55cUJJTJomaklK$Wlte^%K8U8G21c3`8T*1#qXtlbh7I>bh+F zEvVJF{)Zo+d_gv;$Tr~$mDQ_loEUCnDAS6D)9u2d;`-MC9xFVbyKR?A_-Xb(a+3M? z1*CsO14Rl_t8i)~tZtW#7mGnsVGn10U87lbU-Q7RP*3u(nysZ8PqI@Ekk<#~-CX`T z2D05i3dqKvDIo5_zmyZSURMfz!2V}BLC7!ZAiDCpXkT1xYW5LOZJ{jbH9d^Ig;yE^ za9ja;1(p`abOh_60GJH8cJ0-liCtH7n}y;1!F1?`+FU<)kIV}LDLi+&dXPB3q9xKO zELDE(9{=|#P_Hi?XaHH6d2=dFh<+t4wF=GU%}qQaWwW{AU8k+2@aH3-PpUF^oDY6} zdpW8I?quFyJ6QW|Vqs))Rcgohj~Gy6>bUuGfwXW2>r6UTKGb8O{1YStf#4dVI9 z^Y|NrP4^zswcqrCgN!!t#Yj$xE_=Q_zL0aC_l37KY>S7q2#0jZ^=wKazMRvU$|yZ| zuyjCR=gnH$a3VEEoH^xMy0Dey;kJKFiCt>smOkt+0GTc+f30Yb|L4=btjII?YPXcR zKauM!)e0aRiUT&mBQ(;lP3~>}6cQE&8wc1#b>)?rjE3S2hOSC>Koq zt7Dx1c=O-wVbLbv50L2NmG}jZ>xrfTy2pQw$-muf`G|_?_<=j^^j<~zlaU&3PjRJp z?->1=<+?(or2dQ1$SJKn(K;Y-mXwv$qt+pLL#|M=iYy~3QPd(1aacvZA;~8Rxk4(T zOHedM6tWRxA#nooI4sg7CCUD!KpRNpcajrq_?gI$-UF!T{z&Bil8Ybv=Dr!U3QOe9 zMr2}<>4q15WKOQ;KI{5dSeO6X$3964|I;MQ{P#&no%H7I853a%Ne+L z-F~bMo38`bC;qXb{;K==r&P%Q>*zc0*Oe2ImPZrKFaNG5 z@16vRz8@g}H_9A9jr?YSzG#s{8+vqK5i98mKx|)GY9EGEI!U$Pj&-*oRE8Fz{8b_Sj^E zRJ}|MsI(FCb-qI1B>T`sFQjO7?>nO~1XYEPbKEL>^>nXR{iWca1 z>?CqiWOili`Kqo~W)`@*?K7OSXP>+U@0c)mF zi4rR)I2qL82k7Gu&;s5KaK-5M>VpzT7X+kEcH%RxA*ybkWt%;D53E)~j*s!?X5 zM^WDns~Qhnq;>$bD2AM~#3Rv$vnV_t#PJ)vPPQ0;&?y<+l}&6ObNk@523@$`foH`& z$9y{qL_=ax>EBeQD{<cr!?O-&@=L zVmF^vs;%;{Yxgtv*9r1fF$kNg^Dv*O9hmnU?5%amsPIEG!QS*TrxqbRYh8PbNzr2# z)Tb<^7yV+;7ti!u1gI|w-Zr7sEN#Dxvqxw5xy>;muO!G`aQ8ePt}yLV=~8L9b37lk zBbJPQ5SlQcdl}tBqd*k1PaO$qu!)LjC-;*>Qb*w>Fjt~*H`kWCPkbxmrqNmdw^Zzf@Q4dWoleX|>^W)GP7 zF5;?Ndp67leU;B;HV?Uu1PPx?`<<>uRP8)n(+Ec5`>3hEWU<7|8h>M!ZK@Q`SqNk+ zIXixK%bDAAkBG3zrY?D*7_8x^*&7VTj7HY&F=BO&ZmXzHS4?b7Y;f-nu%5EfTX-<5 zQk0*+Orr#QcWUnExekw(C9Z4?ku@yBT6HzZaZHIyzEMx<_*8T&&#w`8G}OHTiUx<=o-1-T+KZuTT$9 z++cztZGCN=W&0y++UYec^%}f09*Q*Vfkdc{2Q;pG+w}XJ zJB=6>V+>?xZ56=|GoEtUIlQfW(`A1DNEH<^o8~TLuz;CITYD6j zKplA~nh3y-90s{QlvOG*PbB|12Yr_>!yEB>!ldVsDqdH-rAeqGywRQb)zd@xTx%bk zeiIAFK-Sn%*x5EubRYg$X+o0q7-ZguxjD(xWYv`YiVC@qFihAS%18ZCurHl26HNgy zdsPV^px|qLd1VeQsDhpn*7@v)QOL{Hq-cbnE_`V*?)o!F@Eo}TfU<%_Bp}$iQ(SOT zNXW(La<`&Km&E7nt5pj(g+sUmMUa~b=dTF3>$Eo#`2%rwfUV$+y9QgOy-X(~IX==RNZ!%l!>ce@&U+KEvtb(D!X#5K}vYu}M?H7RC) zb>rnwOYu74qYu8+64|Z?liV0lM>ZW22Hk+=m3NyKyLyoG5lv3A3Am_Cyxex*%Jj^j`pbV3`OL|E{@SW+|rVHF{Ao zq|BR*NNqp#WuJ+V0>m7fVOEcBj68I^2<3Nj;p*GK+vtW_HN+QKTv(UZg=TQD%^W~4 zIzg%%;@4W=i`JW6S4c(f?bHY*IykxIDo}Qf)MX3FMq71T2}K0NoKa%a)&_8o(CfYC zboI;`CgYOqGS^z&Mt$9Q)JI)SsvJK!nC1ru!r0F;*3Sxq*%K48SzwBlh*+5Uv0=;I zRK|T1#WxFXeiaersy@~Nk>4Z9o}FK6&S=JJV&KT$6#%DRL~!8Kv>X>qI1P%%yc6I} z-B?$Tt24Z%>Lz~IppWUIpvpH_A+;TZ6?KdpUGv#12~{8@uyDT_tyF$u`;Kz4jC>1a z#T`Exc{#W4k;#>*gg3Lpa-^8XINbG90a(CUP8;#1hFNnlOlnz~{qq#o^~qgPuExLu z-SHgi8{*RT`wHjkd|iqbRc?8rS5`l#?X-eX^bQzq1290lT5UBQi8y=5ZPwnPch75` z^rc>?`%53^WzeEpr{r;J&goqT#03ClAB>FZ`%?Aj-K@|-Y~ZKr`ft`O@u;dyPWw&; zmiUC>>-+1DkFg>h1eSyp?ih zVUSx_SldR^+ncapj5(zh0BH#6fyAGrX67$`ZFtKwYh3qszT5pVuUBK5IDO)9lj@8G z$xWV+Yh5Yn-@|S<_6OfWZ+0gVJ1#>o8vS!#nH=Mln;v341pB%Co#LuJT%tNVq`J^F zIH(eTbsO3Mj%w$^sW+$3uOq<`^}@lEN+Njkj3PI&hl+KX&HGk{r*Cj`kJ{=3p{ST>D6+$&jVqax^6gc4&HdRr1v&)3TkPqIj+5;D-S-D&r-gfT?o(F>-{ z(UJHMH89*b75RH{YRY3+wLrvPVYoF1%UNDKr#)b>6=27a%+^g9Qy))<8N=Grv@FAR zCswB-116t%RUaYhms-y=rxkm^)%7b8!L*AwjR{#3q$GAAe=ELXq_UwvDBGdEQPGn( z@9wab*maV4g+tVWM={?L6IL$ZFXOB+ zMNe=dlChcKwSpScC2Wem>+ubKZH-8t%Y6d?6*3-g9{#SC&4<-syE^Qe8IB&y3KvL&eWm0z|k;2dL!C5B43GjukU^Pk|b^Pr5 zWcUg^E3iIa_tig2blR{bI{Aas&5#%GMapUN&^~`gT8dLUdwmFxgI}t@?X(V#{sf_P zE?*5-MDM;T*0ip9Feo>9cn_&yq zW!1{fg<`hss3|$J9SJxe#X3eVbkl=uv<0ntIry-&nByKffwK&l|HVb9y~mtJV1fAv zU)HQiM;5b-b)^006unEf^U6{pYa_a@$9H5+jvh91Fkvx(6~-8XQ}RW+MHv%UW_#Nn z8`_?Ey}P$+sV?nGh5T}--O&BKRpv zp@-)Nt);GpP#$tYv;{;RoA_fxgx`IUoPeB1&p;4d;I~1xFK=9Oq2sA-rAzp z#_p9i0uQobT5M#PRI44DkFVF){xD;}t5>akI34UCJRpYky?^!wf6E?Db{~qaL{%O< z70#=-bmp8kXJmA;C%6{zjj+tQgMeFmpQvhVez5SfFi@3S%&e|EB`gsyvu%KYi_8yR z5aEN_IlJ@wNFRY_H>A3#pZKmc6lMluR@Oh%mJY2gneTrElVeRZ-zCrV4GzxOJsG$v zFE#RxY}fQ+T`j|68F&j4bD)V;g9(@WdHThk8fv!GEC-0rbJ>6EmvtS1X`Ye*WVl>d zeQ*a5dianIjc*4ptvIx#rg#}J4+fP!q*I+r+Te=%IQ)*;!_P)I-!*rBQ8Va4;#yRf zXe@-F{hEniV3$ln39{-53+lz*PF9Y%Q4Kh`L2U&gb#O<*02m~ zbzj&h3wPyvt%RE_EYJ!(BpRdWD3m?`EXo3t#YDx`p;(RTW?&awZud2>ncbnUpK*CY zTUT`a;3Ma>$)oo?B}631w$`J^Q(o^b9;IN9*Wh#-m*fPe>W9qkjol~mShC;XJB6gQ zrWxr2Pz%aNZ2E4*Be{N)M<~qMUW73~l|9svIuCiu^W=i?<}`2fout~T!4C~zwf0p% z4ouNd>A&SzKqk(+b#gGCWdX<`_GPh7W$`TdiM|bTrZ~8hgJ`}gF2P7;YR-uV$L z^STJe4Rvi5aREm(84MY4@C_{ZdUWE|5D?Vf?a$K^%M}e0x;Px`=|+GEt@`h zG=?E%mGVkA%Sv3EOUbh8Bwnmbm!)*AYnrAbLcn@~Ch?e6F+ed=zp0R30! z?UaP-weJU`gis^Ld4_6o6Vo}Uir2nNvg`|&an*!`{9R>sD*0VGy00>}p{H&*r|~vJ ziO1W)oYm;VnXqrL$n^(}^>gC#CVMWPOg5xK|gR|V^p<{mU8cU?b3UJ*ZUJGX~CB)iZh@J!QSmDp62XLn|kqr##)8Z zRxk@1eiZAFI$BidW3C)+<@A)VYv7rhzI&_33-W`;uF)q@8id_DtKOA4me0qrKZ_J> zB#&ZqmX~fXH@cN{w5HE5Wl6?$%Y@PR=TSEbChxlMO03M;9d*vgssSYobl70QL^`b8 zi3`_vQI(_MYT5?N*7f9Ns3a_1tOJQ0k8Q&EV-G<{So0S;I`cJcZ^Rx%>P#hp?=e)-D7o#B$}F z-$H+y=i-oL{>+hqJ6P@qNT)5Zr020o&P`u8&j_|;P`MkBsypyLczWeXasH|cyZ752h(SV z_Q|tL+i#ua9Y7+@3C3jg*Ift=>Sx;?Y?Gv{vFas!Gih!LPCB0#)S7bdm015Hi`UI$ z9&#-BsdUjeoHuDVnAuOa2TYCAg*(p%xTHl3&+trH#xcNa@0BaI2qX{6caRc2lmFg$ zlq$zL4RHjAw{xSj6NF&gkIKHtM6`z^nRhs+g?e{7U!}k{Xg0oH;8I<9e6xdSx7TqS zK%Hp=c7Dmb*E|3g#BT-LEW6K38wzs1l&qBn3YHa^Wjn;FyNG<5F`9L?{{G+sLCk9v zA!kOrEy`f0;Dr_RE1Wr|C=vn~5|NF`3y#`b0oifhQW0~i>e9RkT?|(h&iNlJduEnn z+Np?xpSR}QPpEd%64=@Tr~>&}9fqH(I@eCs0c6EY4Ea$yRw#=SKZ3bYz!y=Zj_gBR zhudt~&~ZCA#MX1a5MY*Kd!>aIQ`eBJ=ojf<&aM^h1!GO2gl+umuRhT^GBT(;l^k(v z)$);tsc5&~6?p^P7TE&!3MO0`ySAE*eIOyonkhGnn)Tt(m{SxvRoS0wSGMWqP?5y+ z?}T4TkfVh;VxvwWI4u^N_Pk1~ei`e4Tlc&c%^_(%sqF#f8JE607I$+G1{+aMH=mMW z7rNw_vD8%`v9U%qlUD#rfch$wS8FEc4X2G)gzwqHXeu8sT_B=Txb&I0;>oKq*xj?@ zy~Dk^(LMxCJFB0sDPus;a_t(%-R;vWuYvN4rG$bjALJY3!?MKZxMO?w8B_4kq$>O*&DY}3?VzgsF(?rqqW|IVqo$H-V|Kz)9^n5!V%iV)b zyN4#R`tQOuUM!kc)PEX#?;|Vrs8Mk3!JT8!>r%}P#u~W|^a?6I-xQm8cdVTYOWvDJ z?Sj*M+>m~wsA?|Sc~^v|BY~Oi#-rr>xSUY-0mAexyg=|Y$0e*jMs9ZPHa@h{DPT7* zx4&#_=0vh(Nj+eHQO&hsT;-j~@Hu{7TbJVMoLjXa!KTbV~vz%MR9jwV8A+O8p~NwI}NB4#G{!j|W~!-vpq9!eq@-^lNG^GR9N zUyHh4U%?L0L);Ki6K}}&v5b20A0I!Yb9kt52uhYeECsx&l%;ZTJt>O4NK>HSo3Cu` zdotrKv-KOb@q^Snuf)aOeZG~m84MT=~-__1KS!Yk#dsI4^+v0!inqmmMlxwF>r+Zt3>}84+19Z=mfjRw85Op?P1FcGtjGr-{JGb@7_H6-Ia6 z`>YK?3NToHNIjuSbiiCTTilZQP+c_OX7$Lyfu$wGWz4izHE=YcAj(bUQ6j^OJx$OMOSA`FnL>j-C27u_q^HtXCwZr zBb=xSWwMEK7aEU{^~XAo-6xuzOm0K9&PoyXWt0Rlj%jkllbkgc;!4A*oR-q;k3VTm z1o{wG%|Kj$hY0k0o6e6Euv21jo@=Aj502*3qU&za-pHzAkX_*%vb2d~tF=*H$+&gi z^DCYo2q1ENfr2*9a=ol>Al91J>z}FERlBO2F7`WG*(AN-NmAqEF}TU9X?`8pyR4Rq z#SxS4)UI_p1lko9MY-%+%<9;wYGficxIfGiH0+4B4i9-7u+4VQI$i-{ufZ^fnS-Wb zIo26ipzv{&)&8(!i`Ccp0F}2iO&VW1C@5%xLyMJKiRX?I3Qj$+x+)ADT+=Y}b#e&7 zSE&nbq_LZmJprCiO`JVT)4ox*o_+El6yGn_q(9ox>6KNJrK(Zkic--{v3c}NfsIB* z5eg2TW$;PD_hkvys%j~aL={D^cg%@8>+8a-c=rnnr zyMg&?lMPy!7XY9i!auj;%fT1zkByJw<byU42s(h z{F;2pAvCYaFaX{m))R$5zl8U4o)rKupyu`(g!|Ow{Q`dMRBEmowPDrnG`ld-7TyyK z#Ko>Xn`@da|!?OdXJ0Dvw* zX}2K_D^WVf4*?eQ5S-b%8wJ+KU-(dz_KT02Tvipe_)DgyZ^_q&mgxl_65*8336e#uLua@{XQ`B6t*1=b?hfF0YZ{}n$cJv7mz8qxBxy@- z>2a<^rm8ea2|U(nhmB@18;}(88}B%8%X$J^8^UP2t`#zvwMz3eKpXPTVC8<~*J-ht zKK;!6Wcvl`Xv(%&uB)O=7KGYZ_)*rRNE<&A3dSCH$#J4dBfZE217C{5l+G=v74!C? zpAvDtiYs^l3TaR;f{0bUM%V|z*P`NsFX9+xg6WMHt~{y23)+`Cr=A2l%QGk3KBpjnWjBI?1~g$wmLngH`ATZtf#FwO0dn zGc-$oG@v34ytCfAU$_%(UD|EM) zP?Pcm-*Lz`}46C{l z8XeO*Ub45`ywM;!rC^UQ)n>4Zz_t^7e%-tg-mtyQIV;+x`-$H+eYRJSd!g06Dc^xi z8USNHeQjr_4C!B(Bv}-bLn;R#8Q}iuX;9K?QRBCe{UJ6;7O?K!c z9<>3;Zc>W;p07cl?(w1-c_xo+)(ijaUcx$gI+a}!1w=w!eoaRZ8 zG{6yoo?MrT45ki#-wwhc;`3WuE;{%aq|O`_yNbG1*-==9@$!%)bya_VNkKT`0&~Xf zbqiL_3HG#{Wqt-|74*^NN9p&=hvWQ#~~>Zr0lkmUnY!6Yz=J5lJs zZa9ss4xXz0<(3E5%^;c%y-izIejB7Cwt4Fn=yc&l<((QQ*Ed15tD^G>-932Ow^+}0 zO%lJv4r5@qvynyW=&Yre>dj?>`~)e=p1~;hJ5(}sOvP^Jv2LeoFs&JgLn1TQNgM4J zQ#irH!rR6o8%v5)B^vLmSu%Zu=FV_W6Bzb68l|tz$KAzlqdnKbp?D^k;jDyav7Us0&*CAK_b1E7?2M3Fgg>%hgAJSKUBX%MZA~@hx4i3wI=Z5`AANm7S zYP@pdl^V;NyF+qi2Z5o!gO=(}jFS_`Y?K|{7F5NiAh~&ahiaYUb;fw?Z`#^g)pMJs zT7_JYL^WjBRYeL1Qw?ES`%WGdtZ7_Ga27tKWu6ip2lz`~TBtxIHqVS}&*?ErCvH{^ zE>IKsojAEM;U1|z!azgYNHK;F5mPu;fd-L#-<7`}Hmq4+yK6~S$*xCgdBe@{r2D7= zlakm2jRKS6`TSUWXg>Nq!aXW7ldIw_UFt3z9Nebt9j5ZJobHJga_ew=@vYM%##tmV zDhlp&Ca~EfBk~kO+R-k6rbIloGcg0}%vKN?_%hO2s9Z{56?^~vyW+W9$)u8p$FHC- z;cV^9IHeg`)}k#4Gu%FiR|2p$>SX+Z{A=@>8(F9aSQgTTm+E`Xsz1$ZNa6WmTE)y^ z&;TK`TodZyh)B57sCc4y>0Vxt{E)c~hmHP<@(HMZLwiHt?7-~}`TxC#s6{ahVWRLg z5n!KR{Zs{bN#QMnRgS8X8W)2yc0L|`ySDt!dJx3(nqVp&vqJL);tbqZBc5Lr1xA5) zR=z*=2hX=FuN+0qwT~paU1#4e!<@APl0=iv=!=l9Zu5j_ZY^MI4RvhOc5Fv+)n~Lo zXO%Y3g2}j>zul-hb;JgVddDUb`!V*mUq{bIZ3YIZ^vLk0Ygkk`f<6l9uEaW#`?zpW2V?PwiLwR`L_Hj^rJBvM-wqPw50Ecd2;Zm9}!} zK)+EvkYp0|sk1G?@~x~k8#CcKpGOG+fX*6oCmMH94@~y38-586yu^ z{X`zU!%&dBo`jjYoqu+R`Q_k4`STYByf@QV>#7#)5&X`_6&>vF+fG?P6#iz$c=PUfwMUa zvFM>zSgR+i*u$6Uz5H#RLw8nRCMuooH+kdDGX42&YvtIEM*L(fOzq|dS|c% zb_od&4RB`UFY~ipDoWl0wB%~fqld||*IY2NovIes>!Vir-W>7y06f$weT21iDjA5c}ESiE-R>(y=d>&y-VK( z9v0SP?z}(RU3BGVxsw1{2o_fz($XLv9bdY56pc2oD2J)kx2Sn7aj(4|a4X%G5(=A8 zYq)hU$%S|5j#k+@aib6d9>d{f*|VCuJvx{m=Juy{LQF!$TBfJcl(SdWC3B;lnq=h0 z{M`oItHa~{5^-g0AvL=e;y1bbB%#E9>9hC?3rJ16`|*5@>rS6A3H6^#L?xsGp3u3H z7Hhk)c}iJGd4I}&iCsBh=OzwA%K(w2m$FzCrC*E3pD}3EeZV2{=ReO&b>2d?wmVw=lvs-{Iipt zz4yDGwbt{j!kNunvNL*gcYv;21=vQK%i83*j|Dw+Z;ThL$db9RyAsSV^Q39{qou1F zRs{8cGSN2xH}Y2*949VLu@koTH%ZR|ub0M*U$%u_IuY}@uCWV_5l>8} zKfX`-(O1Mqg~VW@0$2hx5L>j+6!EK98O_83M3Zwl$Z=wiWYlgi>EcOa2}Np0na7++ z1o?CdynALsTm{a){`I7bxSM8Z+;8Fyu^%DlAd$hjr$QYpdo9y(rw!Bq2q}>e6>=ST zS_TYkD=UTS!fZZHKU|c(``!Fhv}F7f(WHe;7L~K4e!gu%HLU3IIGj&2gXrFe7MVne zk}I2%nUfLB8B*OKrF%jnsHVkE2zBQBH_yRF@y8^{9gjn{X zwxok~`nXKkRW!xcl|`I|U`7eMJhqib-Ccg8u3R6V1&3U;{b1AuF|zjhc|L6Gi>9`Q zvU``rxuXg?wA$B2d`2T9NhA?JyKkhj&CuM`@PhPCtMO`$CGpNsz>4d(_OtX$2XG*< z1Sv}D?*lo@JsX-tZYk;}l{=ffHrITk(wj#^tnrc>F{=)y)^#d>{{P(jaL`RX?v-D) z9q!clbBP2rGX+9$26@H1l!qy^pA^?btEcDVGYQ;D3az2H#gpbbolEmU?cA#As0^j% zM+t+cEozU4s-E?}6>=X@ku+L@&Nwc`pVawV4qcym$@At@Z?t|8R{W^`cXct>&o=p9 z$Vs5O3yi-m^nVlub7|tf_sz-diI~;phj{59Yiwt>O~qyskEa*a8^Cs;74Q!39b-hs zigL0+pJ{BAPpx7cTOZBcbH3mD>B;D@Lu;028o<6=gw#Ompe_NaHArpCakTpJm&2Rh z5!e#%M|rOK6 zEDBa<@}Bs!*;Yhz=sdVnL_Oec{I(!R*NkcEgbWw6q0;RMRt!vIHP-1_2V(afWSdp8Mwps zd4&D79(p--DdVLVUNo6 z@HAUZ^)mFMO8I*q0}Wt?q#WU0LXDwrmsdK=w5I!|U0LzLg$Hl#{)XHJ)em4=miIf zdXgp;7k?~{9CG@qEV+k?r0Ht-`9lL>eV$&dioLCmwdhGT>U6QF=w-MVGLozs2UdcB z?aG#eZ9_nd);Kq&`E_hvr_I+Vw&E|j;p*tmVa=5^DZpaR?G7K&<;}Ppv(QjTuv6Aj zkh~`6CfAQ+VY}`sOOvUX12FG1_iLF(&89}w8^C`m>&n6R-X|T9tJbcocb^a#3|@2k`tzNT<%{|L;y+s;b|L?Zn}GaZ zxQS{o|C=-hBBFlBz8Ig#ks612+ZRR#EW22u-*vqY|HX${P25b6}{DG!DG3%aav*b zGp35UHus~hbxFv5pwRfHR31eF4_~rng~)I;h;g(AD}tlNW?T9UPP825>gme}HivN` zeaFAEN69`)nsX*7WdsITFPEVH7HiwMMotnGozsduX$~kiN@5b0lP&>tlA^%hKoV{R zK;?1hF;|w5!+aU3^&a;PdY`-Jqi)^j&qVfFq4V0;TBt5h-U9Po2C9^REOK?lW>XZx zsR0&wue=~>`nJr2MD&eI*(bhrTl46_4^n2(0>BRvq}$w`WL{f^ymkj@cq`ix_HT9~ z1|j{jww=I&Hx=Ujz^t?3QVqthG8jV{fB#DQOQJqVl<{AHjNZ?T6yv$H;~-O*8yAt$ z2PfL$!Ax)CG9=H~wP}?53cIhsC(M^etU*DKng>nyz7I$^U9V;c>|c|Kd6T8xjUZ|p z0^PM6XtuU5p~YvAE%-{YmP3j5fOD-}H?Nw#J(o$%Hj%mT_X$JgslW2Q;I$Mj*kMC6 zk?(@U5z`Zw|8DB(X%^IT`A$a%biU9jwYfOkvwEY8r|ik{mYeA;BXXxJ)jS+_)Tw7y zhAilRN)~AJTRxq7XNqT#U0?b&+yT;fM)}n{2`hg2*V}F!XG-6EGCC~6d(r}b9!sZM zXLP|iQ10aREuP)=d8?eW4q#h;@;=3 z;7v9Kmc#QWvHFuu{_a*sSx_H8PR<+K&BgqhuvfLqPB~uwq2&Ww476$y`Ir44CCdi{ zHe)vrzeXb*Qm=Qul$~03P&xVo}|F`xKfgV#)b5zL6P*gBjt|gYP4%wM`py?hyA+`4>!|m3qpI?lO!9s~N>cDG7QJk9ooUzVI3$ zUp@}hg#-z3j#cXQx9mK7y;`xNu=a#5Q`UsxyE^9-)c4Qvun5!6;x3}KP>MiS<*y>) zaRbfcuMsA*s{2EtX(G}jNBh#&Nh#Sk7dxAJ3@6jN;{L|Se`h!@wlITl;0Q*z>LPlfNTj(TgYbo}Pc55? zp%YRN0@upDEN_7<#oAMiGpm(3&p!0T266_`LZSyMQCGp#GZ^$prRBX3jtk9aLKB-u z<~t5?lQbv}b9#-CzoJ zGaH+5c=RS^5$I`Olno5dj+a)jW5}$zrk?OOwP%SJEkjp4dWmKLP8&VFnbBLM-{z-l zez%vqpz7_A{oN%L&SVa zy*(j^aUK)Z=BasN&|3>9QvZz^K|lWzXHw9 zruHZ9cLK)y&)?>J-jLwIv*lcV#!)$$1WnBkCuGFIg+S?N!pbMYx#j7$oykmxA!$Y0 z=MU7+Ez9X@m?;WaOAFR&8NM5=a?^UZnrU>#^r%%&Kg1xh3drk{xJc=L+F=&N-dsQ~ zv>lO}cvWY)?eVfEZOvH4&}4`i{u1>jYbW2bFG|n~n6E>z=J%|R*^O(YMg@qzx*1h; zIO>)(!Xb)w&pOar);TS9768GG9I!@{qw9k1`)8Zl_2X{VS2=M&9HzX|lOsKydyw7J(8+4uBl$!rf;iyH?&I6Zc>Z`t+? zOl##Z*ETsS*E>;ROjWg=oQ{&e3bj~K84muPqW)S6m~q?}PeW%ea3wZnw3{kZ)nN^}I;NyOd%&FAX2D z_(?3!%aN*5umTn2RBBwfx2~-_5O^AXp|-`teNB&JWFpDwFvsGkP49}__&!1irBBU^ zqeE&(#I#(_Pt}}?2$Pc@%noBiRg|9McXi_aJQ!Ym!E0{K{&F|uueN=-Ap@1!SCWMH>zLNWo%lwEJo*JuN zG0n5P8&88|zSB)HYdF5M%cK-|Lb@k(MA7C0@QNnvBcWh^SXh)+WrF;uA{^j4{;;uC zBK%#wd>yIi!g<1m>*S%-#zED%o*HHF581MJ=?pTlyG&E9>{q^A$=PT>-wD$sYN|cs zvlncJ11D~_$n)=>-qNAnasuW_#~CDXM0b%Q5MH|oB${+i zyenhD7lW_A`KOpTeb|p*5{dR&5(FB?Ratx%r6*mnFYeQlRJTjw?1!YeY>cj43b=fh zuQ`xKY>Cci(p$tM!9dY^5)_2c!bFpg)b}isogMCjl#Th7n2@#mQ!HXU8^C4RN1JR% z0${%7Nzm2!-*$?g{IAddm1LP{F#it&OCtRaNSwfl@VVkW-d!lBBMrC3*%(zIvG_pu zd#A5YNpt+Rinv>ftjhMPLRH0pOc4WPw)tb#B)ZPQ5^xJj&Nv z4>wTnIBM_ESH_l+5iBSjYB}gyd^aGqh%D;qM&sAIi?!@q+IG?}vOI7rxH{x7HpNLS z?|1NehKA5NsO3*pS95O8U}ceRXLN#8a-%Qg&0Lxll+j6}~xMmg^J}-T}iK^97g3_nRryNV(1KivZHS1XMM#oge$CIAqv_I%WQ?MJ1 zjf3UXll&i&uuACin?=cVLa&`FCF7wAUg4v-1$$}wvY3b^Ab;FWYUiBm;pF@_#+3ev zlxAX^+Dmb|LeR&|b-eoXE#X|ox984V{h#f0?k4*HA8SFqTS=V2?7wn25 zxQ;mgQ+8prx9BkVJWkZ z(H>R{nvHmoZ&enQ7rHkG?E+R}6_)xr6X86X^>GvOeU?PfJa&2}|LdtOlA~MJXI zHg(6b@7lv9EjN(2%_I#qCZ#7;4k0&>zrY3QAtgW#9?E3Eiuc#f=y)Joq&qaVr>x-y$z{CIKsfx=Ix@(4{2yvcgiw7=f?KX|;sjOw^Wpl#q?(MUz3Z7{~Oo zq>OR2?C~T~KDHx79DaUHIShr*eSAu- zPrz*P_7<~7dmz}5h}+F=Gp4+{Ul}F_LvGx0ilpV3#vA%5mxGFR%i7N{NSh&^USZ*J3FCxVY?TveZC>t*)g4 z?8dDStz~z$t#4x>6;@=^8S~RX`ClL!%?g|nZqMgX!<)wuorH!ZGg60vVVxJ33s#R0|&h^%5jS(C%R+fF0AQmtzA3Rv` zI&HXQ4t5?Y3oG@V#x;y>j+7${Suy>+wGzfDHhOc;PQL0_YdCLzxso;S!?=j8IciY$ z55P*I$6~+Bg^CKI(UF0cp zjWylMeIN*CVSn2#@g`IL<$9TO^Jgv|yYGxlFy@}u8NA1H2BKe%rNPEBi8PQ=;|B5w zSV+;LP}7mrg1q17?}?+?f%7pbLMM!~icddEZQ{;W!}-X<0UyL%+bz_JJ@sV5P6DRo z^P!lXI7Qlp(wVr`P2Dh>d><_KodMR@_sv*y9S(j9 z8e{?&XvV>|_wqgRsyp zXwIkT!qh{7CCl9J@`G8ExL0CU=NG{cL(7+M7*@!3DY`g7&MRiC&Tb^dl27Jg+UN7c zsaeI}=Vpk}l-qzC^kZU*dMd5DR;Isy0UGcG`FlC*x5i(o!r1K@{YCtWOL8c6%nD!+ zFJGARJ&4e7*ed%*Fc^vU-b^~S5NiIp>Q;JDc(yn2d@C^Zw!R+*kD0y_HML!HD7`V$ zlEp_;PWuodqV&n1ws63}@N+$KX0#adTpguLwd<)T27FO3kJCi{&fvQ84}(B*O@^FF z4y{MP{X;a`iIyDg!3{|Zg(l-L5=}#5=*!dZo5#IgZ*qH!sJO;|oShY_7Ue%?~|i!yX`Eb;QI(&>4sz(u}aZhgZsO&c<900OcPZ2c;vuE zl`^tlpVT4mPd1m@vn{a5QuW_{^jYOrNCh%gl2zr)LZJ0i_%#qfzoV#L2i#AmqNUca znD4~y!y8%Ml^Cs>JNNE6oL~nX0}r}SBux63go`oBoK+yc`BXryK1imNcc-R7jPfid z>37J*T#f9Ccp{(F#_d+qZq*C7(i&7I_JS=qPMjqKW4VqeBqV@ha`jGP#Nv}0K(x=6 zixr&clyCx}KT;_pT>Db&W{Qa(hmP=VQ_wl80cSs6`nrJp(C;OHqil;>vciIkZuwFd znDeLgmzfG!rTs~{7T-|I!dTUH5w9eue@5&TXxv(ge zP-k4#lO*CeW5#RG-P-t&lBsBaeGXM#puQUfV1lW7_v!(d)u)Ee#;-NgKe&jQwZWq` zMmM%{(*ixhthCZGMl%P$DB&p@XZAA^Bu-Nk(*h)0XcqNe?|r(k>3V&Z3R^9?dj;<5 zGA<8RMUx#6n;EARsk#U8pRDgF6?3Ubd-V?w7Tv#X`9`TX%G{8~N}M-zr>2{_na&>z zyubu&_Tp#d{J>jA{^dg|g5S@JiZ+a1 zvFkyzj$`G$;h5%EoV{Z_#&z&@7rwUk-I{kuC4YBb4L`O!4Xf<&E&Ob-kemV9ckHbh z=<08j_CE}6nq$YgLoU-M_bO(}JiRO&=HSL(x3MM}1>+XhzRtfc?@!pxSN3lhh(;4x z4`QhqPdfZ6mkdeJlSCgX{;h+>baj+g30Lm-*ClN0t>+^7x}84w6?2@zF+sh<0pa() zGZDq{bi)!b-qWYKW#ZM^go@i^#@_UAe*>~~-7`qrEI#yb(#|R5(h6ZMF|Na|iVg+x z-urx2nhESpn73}sls>n+8rZ^o@oJX>a#gF#E*@}RR+d{jsEsUyICW4%!GJrn?^J=# z$cxXhWf8Zy<|~Zu=(S#o7oJbB3T}m5FJmFevJ6xxT-Xinl=bvkLPR*cFI?E1%3$fc zO}G)55)$e^HqzGK;g4$<7x5jO(SJZ&W`0M7^}EPY1^Wu-hYBTCY?ts?%+u(Zj*fGL z*G{G%HVq=1MYBy;dGOvgM|l{38x>Ua@{OrF%n@tP73znt`=SGSzi!8Akwu*{7=K|frk|DbqVN$mXT;8l0FaQRl0 zHpS#AxECwT_n?K4D-*wGiTAc;vS34!qGhdxhXHQtmJBDJ#4~Wp3ntfqO1@XhqOV?N za~5ptvChM`!7XgwZ%S)~rTAC^QSaOM@q^>BVwI!ZY-j&9cvD>>)%_j?T?fjQiu#QB z>3rp_>B=PMebI!Lv{kk1%kk+t+(wNjg~0J1V$idwtF55aBL1t$z%4-K_YONjM(!>y zbhy-*gZ?^q&pABOt`21cJ|cNhd{i`sG-5PkJ+ZB)Tm9G0HbjPk9rCehZsRFuJEKRr zq4-@Hfj`Vkj&_ClUouO3|H+bb);Z~mM^l)cniCA9(@jLV^o{-UDyDkA;@za4+jy6k z73PPxFYU~ZiALC`V18jf}fq!bPpb@I#YB1+# z=5J^BMnVXSS|5(Gv4XR{#Mf;a66YtCn*6=&IZ#9X0^tSjI{|i~A0?G1yrqHaIn-?a z?}Co!3d9MsNB$La-ZfZOT?3aN&ubIk-SK{1xkyE{x$H02?U2XUkK%#cW!y=+=oh-? z3hv4A`Oa2q=ys($e+{gvfJA0`9iM5={on>$x$Kk?+lsJa#<*oIIvC{#s8aHlP4J%$ z6i|xTJUsUN*R|#xScl_Z6=+kwiT!HYyQ~EnyX03dZ&bBHv1HJ$~bw?o1rSLeb+4ew^(ICDWgE3l-3^2~;On3IeH-jiUq!$IG9sZw-Y7>u!>V1l&du`FAzd;FO z_h_aYFN##Cs(97Jy!@XNbjFp(+hvpcqOdsodaE-l*~AlpEO*3)yEulOO=*}OlqC?d zjF=nhT?EZx-S<4l^$e^0UgX~*sxO)aw_)NZ+-`pz-Mx%gVCaft!voEko@OSjChT&P zpwS9SgMsVPzl~NcSuIB;2Z%=Z`Qd)lOubzukby4-8J{@( zF{qz!scxxmj{Qyk3n4E4ZziifXK*Ia*>x8!3c7@pCfzHN7{9%PDps`}pR?VaAABW? zP-=m6SgWF|smmNKFK^)San}jsI#exMwf*kp?~SmA%yboSQt*WJQ4&I z;OM2F(LLoa^oI<-ylurL7V%GZ@Gc)g@gle+O-{arxyOqSYODDD+KaWka#1}U=q;xk zxXp^X@sb$uRQ&%M;MTFU!rAMuND}N>;zPlv%S>xK^xr$Va9-N(7;KGI{Zsa`)bDuW JEW + Meta data fields for each event that include type and timestamp. + type: group + default_field: false + fields: + - name: eventType + type: keyword + description: > + DetectionSummaryEvent, IncidentSummaryEvent, RemoteResponseSessionStartEvent, RemoteResponseSessionEndEvent, AuthActivityAuditEvent, or UserActivityAuditEvent + + - name: eventCreationTime + type: date + description: > + The time this event occurred on the endpoint in UTC UNIX_MS format. + + - name: offset + type: integer + description: > + Offset number that tracks the location of the event in stream. This is used to identify unique detection events. + + - name: customerIDString + type: keyword + description: > + Customer identifier + + - name: version + type: keyword + description: > + Schema version + +- name: event + title: Event fields + description: > + Event data fields for each event and alert. + type: group + default_field: false + fields: + - name: ProcessStartTime + type: date + description: > + The process start time in UTC UNIX_MS format. + + - name: ProcessEndTime + type: date + description: > + The process termination time in UTC UNIX_MS format. + + - name: ProcessId + type: integer + description: > + Process ID related to the detection. + + - name: ParentProcessId + type: integer + description: > + Parent process ID related to the detection. + + - name: ComputerName + type: keyword + description: > + Name of the computer where the detection occurred. + + - name: UserName + type: keyword + description: > + User name associated with the detection. + + - name: DetectName + type: keyword + description: > + Name of the detection. + + - name: DetectDescription + type: keyword + description: > + Description of the detection. + + - name: Severity + type: integer + description: > + Severity score of the detection. + + - name: SeverityName + type: keyword + description: > + Severity score text. + + - name: FileName + type: keyword + description: > + File name of the associated process for the detection. + + - name: FilePath + type: keyword + description: > + Path of the executable associated with the detection. + + - name: CommandLine + type: keyword + description: > + Executable path with command line arguments. + + - name: SHA256String + type: keyword + description: > + SHA256 sum of the executable associated with the detection. + + - name: MD5String + type: keyword + description: > + MD5 sum of the executable associated with the detection. + + - name: MachineDomain + type: keyword + description: > + Domain for the machine associated with the detection. + + - name: FalconHostLink + type: keyword + description: > + URL to view the detection in Falcon. + + - name: SensorId + type: keyword + description: > + Unique ID associated with the Falcon sensor. + + - name: DetectId + type: keyword + description: > + Unique ID associated with the detection. + + - name: LocalIP + type: keyword + description: > + IP address of the host associated with the detection. + + - name: MACAddress + type: keyword + description: > + MAC address of the host associated with the detection. + + - name: Tactic + type: keyword + description: > + MITRE tactic category of the detection. + + - name: Technique + type: keyword + description: > + MITRE technique category of the detection. + + - name: Objective + type: keyword + description: > + Method of detection. + + - name: PatternDispositionDescription + type: keyword + description: > + Action taken by Falcon. + + - name: PatternDispositionValue + type: integer + description: > + Unique ID associated with action taken. + + - name: PatternDispositionFlags + type: object + description: > + Flags indicating actions taken. + + - name: State + type: keyword + description: > + Whether the incident summary is open and ongoing or closed. + + - name: IncidentStartTime + type: date + description: > + Start time for the incident in UTC UNIX format. + + - name: IncidentEndTime + type: date + description: > + End time for the incident in UTC UNIX format. + + - name: FineScore + type: float + description: > + Score for incident. + + - name: UserId + type: keyword + description: > + Email address or user ID associated with the event. + + - name: UserIp + type: keyword + description: > + IP address associated with the user. + + - name: OperationName + type: keyword + description: > + Event subtype. + + - name: ServiceName + type: keyword + description: > + Service associated with this event. + + - name: Success + type: boolean + description: > + Indicator of whether or not this event was successful. + + - name: UTCTimestamp + type: date + description: > + Timestamp associated with this event in UTC UNIX format. + + - name: AuditKeyValues + type: nested + description: > + Fields that were changed in this event. + + - name: SessionId + type: keyword + description: > + Session ID of the remote response session. + + - name: HostnameField + type: keyword + description: > + Host name of the machine for the remote session. + + - name: StartTimestamp + type: date + description: > + Start time for the remote session in UTC UNIX format. + + - name: EndTimestamp + type: date + description: > + End time for the remote session in UTC UNIX format. diff --git a/filebeat/module/crowdstrike/falcon/config/falcon.yml b/filebeat/module/crowdstrike/falcon/config/falcon.yml new file mode 100644 index 00000000000..9382953fd37 --- /dev/null +++ b/filebeat/module/crowdstrike/falcon/config/falcon.yml @@ -0,0 +1,19 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] + +# Crowdstrike Falcon SIEM connector logs are multiline JSON by default +multiline.pattern: '^{' +multiline.negate: true +multiline.match: after +multiline.max_lines: 5000 +multiline.timeout: 10 + +processors: +- script: + lang: javascript + id: crowdstrike_falcon + file: ${path.home}/module/crowdstrike/falcon/config/pipeline.js diff --git a/filebeat/module/crowdstrike/falcon/config/pipeline.js b/filebeat/module/crowdstrike/falcon/config/pipeline.js new file mode 100644 index 00000000000..6ef77376175 --- /dev/null +++ b/filebeat/module/crowdstrike/falcon/config/pipeline.js @@ -0,0 +1,187 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +var crowdstrikeFalcon = (function() { + var processor = require("processor"); + + var convertUnderscore = function(text) { + return text.split(/(?=[A-Z])/).join('_').toLowerCase(); + }; + + var decodeJson = new processor.DecodeJSONFields({ + fields: ["message"], + target: "crowdstrike", + process_array: true, + max_depth: 8 + }); + + var dropFields = function(evt) { + evt.Delete("message"); + evt.Delete("host.name"); + }; + + var setFields = function (evt) { + evt.Put("agent.name", "falcon"); + }; + + var convertFields = new processor.Convert({ + fields: [ + // DetectionSummaryEvent + { from: "crowdstrike.event.LocalIP", to: "source.ip", type: "ip" }, + { from: "crowdstrike.event.ProcessId", to: "process.pid" }, + // UserActivityAuditEvent and AuthActivityAuditEvent + { from: "crowdstrike.event.UserIp", to: "source.ip", type: "ip" }, + ], + mode: "copy", + ignore_missing: true, + ignore_failure: true + }); + + var parseTimestamp = new processor.Timestamp({ + field: "crowdstrike.metadata.eventCreationTime", + target_field: "@timestamp", + timezone: "UTC", + layouts: ["UNIX_MS"], + ignore_missing: false, + }); + + var processEvent = function(evt) { + var eventType = evt.Get("crowdstrike.metadata.eventType") + var outcome = evt.Get("crowdstrike.event.Success") + + evt.Put("event.kind", "event") + + if (outcome === true) { + evt.Put("event.outcome", "success") + } + else if (outcome === false) { + evt.Put("event.outcome", "failure") + } + else { + evt.Put("event.outcome", "unknown") + } + + switch (eventType) { + case "DetectionSummaryEvent": + var tactic = evt.Get("crowdstrike.event.Tactic").toLowerCase() + var technique = evt.Get("crowdstrike.event.Technique").toLowerCase() + evt.Put("threat.technique.name", technique) + evt.Put("threat.tactic.name", tactic) + + evt.Put("event.action", evt.Get("crowdstrike.event.PatternDispositionDescription")) + evt.Put("event.kind", "alert") + evt.Put("event.type", ["info"]) + evt.Put("event.category", ["malware"]) + evt.Put("event.url", evt.Get("crowdstrike.event.FalconHostLink")) + evt.Put("event.dataset", "crowdstrike.falcon_endpoint") + + evt.Put("event.severity", evt.Get("crowdstrike.event.Severity")) + evt.Put("message", evt.Get("crowdstrike.event.DetectDescription")) + evt.Put("process.name", evt.Get("crowdstrike.event.FileName")) + + var command_line = evt.Get("crowdstrike.event.CommandLine") + var args = command_line.split(' ') + var executable = args[0] + + evt.Put("process.command_line", command_line) + evt.Put("process.args", args) + evt.Put("process.executable", executable) + + evt.Put("user.name", evt.Get("crowdstrike.event.UserName")) + evt.Put("user.domain", evt.Get("crowdstrike.event.MachineDomain")) + evt.Put("agent.id", evt.Get("crowdstrike.event.SensorId")) + evt.Put("host.name", evt.Get("crowdstrike.event.ComputerName")) + evt.Put("agent.type", "falcon") + evt.Put("file.hash.sha256", evt.Get("crowdstrike.event.SHA256String")) + evt.Put("file.hash.md5", evt.Get("crowdstrike.event.MD5String")) + evt.Put("rule.name", evt.Get("crowdstrike.event.DetectName")) + evt.Put("rule.description", evt.Get("crowdstrike.event.DetectDescription")) + + break; + + case "IncidentSummaryEvent": + evt.Put("event.kind", "alert") + evt.Put("event.type", ["info"]) + evt.Put("event.category", ["malware"]) + evt.Put("event.action", "incident") + evt.Put("event.url", evt.Get("crowdstrike.event.FalconHostLink")) + evt.Put("event.dataset", "crowdstrike.falcon_endpoint") + + evt.Put("message", "Incident score " + evt.Get("crowdstrike.event.FineScore")) + + break; + + case "UserActivityAuditEvent": + var userid = evt.Get("crowdstrike.event.UserId") + evt.Put("user.name", userid) + if (userid.split('@').length == 2) { + evt.Put("user.email", userid) + } + + evt.Put("message", evt.Get("crowdstrike.event.OperationName")) + evt.Put("event.action", convertUnderscore(eventType)) + evt.Put("event.type", ["change"]) + evt.Put("event.category", ["iam"]) + evt.Put("event.dataset", "crowdstrike.falcon_audit") + + break; + + case "AuthActivityAuditEvent": + var userid = evt.Get("crowdstrike.event.UserId") + evt.Put("user.name", userid) + if (userid.split('@').length == 2) { + evt.Put("user.email", userid) + } + + evt.Put("message", evt.Get("crowdstrike.event.ServiceName")) + evt.Put("event.action", convertUnderscore(evt.Get("crowdstrike.event.OperationName"))) + evt.Put("event.type", ["change"]) + evt.Put("event.category", ["authentication"]) + evt.Put("event.dataset", "crowdstrike.falcon_audit") + + break; + + case "RemoteResponseSessionStartEvent": + case "RemoteResponseSessionEndEvent": + var username = evt.Get("crowdstrike.event.UserName") + evt.Put("user.name", username) + if (username.split('@').length == 2) { + evt.Put("user.email", username) + } + + evt.Put("host.name", evt.Get("crowdstrike.event.HostnameField")) + evt.Put("event.action", convertUnderscore(eventType)) + evt.Put("event.dataset", "crowdstrike.falcon_audit") + + if (eventType == "RemoteResponseSessionStartEvent") { + evt.Put("event.type", ["start"]) + evt.Put("message", "Remote response session started") + } else { + evt.Put("event.type", ["end"]) + evt.Put("message", "Remote response session ended") + } + + break; + + default: + break; + } + } + + var pipeline = new processor.Chain() + .Add(decodeJson) + .Add(parseTimestamp) + .Add(dropFields) + .Add(convertFields) + .Add(processEvent) + .Build(); + + return { + process: pipeline.Run, + }; +})(); + +function process(evt) { + crowdstrikeFalcon.process(evt); +} diff --git a/filebeat/module/crowdstrike/falcon/manifest.yml b/filebeat/module/crowdstrike/falcon/manifest.yml new file mode 100644 index 00000000000..b3d3edbb641 --- /dev/null +++ b/filebeat/module/crowdstrike/falcon/manifest.yml @@ -0,0 +1,8 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/crowdstrike/falconhoseclient/output + +input: config/falcon.yml diff --git a/filebeat/module/crowdstrike/falcon/test/falcon-audit-events.log b/filebeat/module/crowdstrike/falcon/test/falcon-audit-events.log new file mode 100644 index 00000000000..d23985338fc --- /dev/null +++ b/filebeat/module/crowdstrike/falcon/test/falcon-audit-events.log @@ -0,0 +1,277 @@ +{ + "metadata": { + "customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "offset": 1045, + "eventType": "RemoteResponseSessionStartEvent", + "eventCreationTime": 1582830734000, + "version": "1.0" + }, + "event": { + "SessionId": "6020260b-0398-4d41-999d-5531b55522de", + "HostnameField": "hostnameofmachine", + "UserName": "first.last@company.com", + "StartTimestamp": 1582830734 + } +} +{ + "metadata": { + "customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "offset": 1046, + "eventType": "RemoteResponseSessionEndEvent", + "eventCreationTime": 1582830772000, + "version": "1.0" + }, + "event": { + "SessionId": "6020260b-0398-4d41-999d-5531b55522de", + "HostnameField": "hostnameofmachine", + "UserName": "first.last@company.com", + "EndTimestamp": 1582830772 + } +} +{ + "metadata": { + "customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "offset": 0, + "eventType": "AuthActivityAuditEvent", + "eventCreationTime": 1581542950710, + "version": "1.0" + }, + "event": { + "UserId": "api-client-id:1234567890abcdefghijklmnopqrstuvwxyz", + "UserIp": "10.10.0.8", + "OperationName": "streamStarted", + "ServiceName": "Crowdstrike Streaming API", + "Success": true, + "UTCTimestamp": 1581542950, + "AuditKeyValues": [ + { + "Key": "APIClientID", + "ValueString": "1234567890abcdefghijklmnopqr" + }, + { + "Key": "partition", + "ValueString": "0" + }, + { + "Key": "offset", + "ValueString": "-1" + }, + { + "Key": "appId", + "ValueString": "siem-connector-v2.0.0" + }, + { + "Key": "eventType", + "ValueString": "[UserActivityAuditEvent HashSpreadingEvent RemoteResponseSessionStartEvent RemoteResponseSessionEndEvent DetectionSummaryEvent AuthActivityAuditEvent]" + } + ] + } +} +{ + "metadata": { + "customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "offset": 1, + "eventType": "AuthActivityAuditEvent", + "eventCreationTime": 1581543577147, + "version": "1.0" + }, + "event": { + "UserId": "alice@company.com", + "UserIp": "192.168.6.8", + "OperationName": "twoFactorAuthenticate", + "ServiceName": "CrowdStrike Authentication", + "Success": true, + "UTCTimestamp": 1581543577147 + } +} +{ + "metadata": { + "customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "offset": 2, + "eventType": "AuthActivityAuditEvent", + "eventCreationTime": 1581545677554, + "version": "1.0" + }, + "event": { + "UserId": "bob@company.com", + "UserIp": "192.168.6.3", + "OperationName": "twoFactorAuthenticate", + "ServiceName": "CrowdStrike Authentication", + "Success": true, + "UTCTimestamp": 1581545677554 + } +} +{ + "metadata": { + "customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "offset": 3, + "eventType": "UserActivityAuditEvent", + "eventCreationTime": 1581546248000, + "version": "1.0" + }, + "event": { + "UserId": "chris@company.com", + "UserIp": "192.168.6.13", + "OperationName": "update_group", + "ServiceName": "groups", + "AuditKeyValues": [ + { + "Key": "group_id", + "ValueString": "3c80ce30b9654cb4bd15beec6a517e65" + }, + { + "Key": "action_name", + "ValueString": "add_group_member" + } + ], + "UTCTimestamp": 1581546248 + } +} +{ + "metadata": { + "customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "offset": 4, + "eventType": "AuthActivityAuditEvent", + "eventCreationTime": 1581601312140, + "version": "1.0" + }, + "event": { + "UserId": "alice@company.com", + "UserIp": "192.168.6.8", + "OperationName": "requestResetPassword", + "ServiceName": "CrowdStrike Authentication", + "Success": true, + "UTCTimestamp": 1581601312140, + "AuditKeyValues": [ + { + "Key": "target_name", + "ValueString": "alice@company.com" + } + ] + } +} +{ + "metadata": { + "customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "offset": 5, + "eventType": "AuthActivityAuditEvent", + "eventCreationTime": 1581601341730, + "version": "1.0" + }, + "event": { + "UserId": "alice@company.com", + "UserIp": "192.168.6.8", + "OperationName": "twoFactorAuthenticate", + "ServiceName": "CrowdStrike Authentication", + "Success": true, + "UTCTimestamp": 1581601341730 + } +} +{ + "metadata": { + "customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "offset": 6, + "eventType": "AuthActivityAuditEvent", + "eventCreationTime": 1581601520236, + "version": "1.0" + }, + "event": { + "UserId": "alice@company.com", + "UserIp": "192.168.6.8", + "OperationName": "changePassword", + "ServiceName": "CrowdStrike Authentication", + "Success": true, + "UTCTimestamp": 1581601520236, + "AuditKeyValues": [ + { + "Key": "target_name", + "ValueString": "first.last@company.com" + } + ] + } +} +{ + "metadata": { + "customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "offset": 7, + "eventType": "AuthActivityAuditEvent", + "eventCreationTime": 1581601572362, + "version": "1.0" + }, + "event": { + "UserId": "alice@company.com", + "UserIp": "192.168.6.8", + "OperationName": "userAuthenticate", + "ServiceName": "CrowdStrike Authentication", + "Success": true, + "UTCTimestamp": 1581601572362 + } +} +{ + "metadata": { + "customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "offset": 8, + "eventType": "AuthActivityAuditEvent", + "eventCreationTime": 1581601814754, + "version": "1.0" + }, + "event": { + "UserId": "alice@company.com", + "UserIp": "192.168.6.8", + "OperationName": "twoFactorAuthenticate", + "ServiceName": "CrowdStrike Authentication", + "Success": true, + "UTCTimestamp": 1581601814754 + } +} +{ + "metadata": { + "customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "offset": 9, + "eventType": "AuthActivityAuditEvent", + "eventCreationTime": 1581601820289, + "version": "1.0" + }, + "event": { + "UserId": "alice@company.com", + "UserIp": "192.168.6.8", + "OperationName": "selfAcceptEula", + "ServiceName": "CrowdStrike Authentication", + "Success": true, + "UTCTimestamp": 1581601820289 + } +} +{ + "metadata": { + "customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "offset": 10, + "eventType": "UserActivityAuditEvent", + "eventCreationTime": 1581603262000, + "version": "1.0" + }, + "event": { + "UserId": "alice@company.com", + "UserIp": "192.168.6.8", + "OperationName": "detection_update", + "ServiceName": "detections", + "AuditKeyValues": [ + { + "Key": "detection_id", + "ValueString": "ldt:5a6fd0b7347440cd74cb84855a8aee18:17180539745" + }, + { + "Key": "new_state", + "ValueString": "in_progress" + }, + { + "Key": "assigned_to", + "ValueString": "First Last" + }, + { + "Key": "assigned_to_uid", + "ValueString": "first.last@company.com" + } + ], + "UTCTimestamp": 1581603262 + } +} diff --git a/filebeat/module/crowdstrike/falcon/test/falcon-audit-events.log-expected.json b/filebeat/module/crowdstrike/falcon/test/falcon-audit-events.log-expected.json new file mode 100644 index 00000000000..e5466024247 --- /dev/null +++ b/filebeat/module/crowdstrike/falcon/test/falcon-audit-events.log-expected.json @@ -0,0 +1,497 @@ +[ + { + "@timestamp": "2020-02-27T19:12:14.000Z", + "service.type": "crowdstrike", + "input.type": "log", + "crowdstrike.metadata.customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "crowdstrike.metadata.offset": 1045, + "crowdstrike.metadata.eventType": "RemoteResponseSessionStartEvent", + "crowdstrike.metadata.eventCreationTime": 1582830734000, + "crowdstrike.metadata.version": "1.0", + "crowdstrike.event.SessionId": "6020260b-0398-4d41-999d-5531b55522de", + "crowdstrike.event.HostnameField": "hostnameofmachine", + "crowdstrike.event.UserName": "first.last@company.com", + "crowdstrike.event.StartTimestamp": 1582830734, + "event.module": "crowdstrike", + "event.dataset": "crowdstrike.falcon_audit", + "event.kind": "event", + "event.action": "remote_response_session_start_event", + "event.type": [ "start" ], + "event.outcome": "unknown", + "message": "Remote response session started", + "host.name": "hostnameofmachine", + "user.name": "first.last@company.com", + "user.email": "first.last@company.com", + "agent.type": "falcon", + "fileset.name": "falcon", + "log.file.path": "falcon-events.log", + "log.flags": [ + "multiline" + ], + "log.offset": 0 + }, + { + "@timestamp": "2020-02-27T19:12:52.000Z", + "crowdstrike.metadata.offset": 1046, + "crowdstrike.metadata.eventType": "RemoteResponseSessionEndEvent", + "crowdstrike.metadata.eventCreationTime": 1582830772000, + "crowdstrike.metadata.version": "1.0", + "crowdstrike.metadata.customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "crowdstrike.event.SessionId": "6020260b-0398-4d41-999d-5531b55522de", + "crowdstrike.event.HostnameField": "hostnameofmachine", + "crowdstrike.event.UserName": "first.last@company.com", + "crowdstrike.event.EndTimestamp": 1582830772, + "user.name": "first.last@company.com", + "user.email": "first.last@company.com", + "fileset.name": "falcon", + "service.type": "crowdstrike", + "input.type": "log", + "event.module": "crowdstrike", + "event.dataset": "crowdstrike.falcon_audit", + "event.kind": "event", + "event.action": "remote_response_session_end_event", + "event.type": ["end"], + "event.outcome": "unknown", + "message": "Remote response session ended", + "host.name": "hostnameofmachine", + "log.file.path": "falcon-events.log", + "log.flags": [ + "multiline" + ], + "log.offset": 457, + "agent.type": "falcon" + }, + { + "@timestamp": "2020-02-12T21:29:10.710Z", + "message": "Crowdstrike Streaming API", + "source.ip": "10.10.0.8", + "input.type": "log", + "event.module": "crowdstrike", + "event.dataset": "crowdstrike.falcon_audit", + "event.kind": "event", + "event.action": "stream_started", + "event.type": ["change"], + "event.category": ["authentication"], + "event.outcome": "success", + "agent.type": "falcon", + "user.name": "api-client-id:1234567890abcdefghijklmnopqrstuvwxyz", + "log.offset": 910, + "log.file.path": "falcon-events.log", + "log.flags": [ + "multiline" + ], + "service.type": "crowdstrike", + "fileset.name": "falcon", + "crowdstrike.metadata.version": "1.0", + "crowdstrike.metadata.customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "crowdstrike.metadata.offset": 0, + "crowdstrike.metadata.eventType": "AuthActivityAuditEvent", + "crowdstrike.metadata.eventCreationTime": 1581542950710, + "crowdstrike.event.UserIp": "10.10.0.8", + "crowdstrike.event.OperationName": "streamStarted", + "crowdstrike.event.ServiceName": "Crowdstrike Streaming API", + "crowdstrike.event.Success": true, + "crowdstrike.event.UTCTimestamp": 1581542950, + "crowdstrike.event.AuditKeyValues": [ + { + "Key": "APIClientID", + "ValueString": "1234567890abcdefghijklmnopqr" + }, + { + "Key": "partition", + "ValueString": "0" + }, + { + "Key": "offset", + "ValueString": "-1" + }, + { + "Key": "appId", + "ValueString": "siem-connector-v2.0.0" + }, + { + "Key": "eventType", + "ValueString": "[UserActivityAuditEvent HashSpreadingEvent RemoteResponseSessionStartEvent RemoteResponseSessionEndEvent DetectionSummaryEvent AuthActivityAuditEvent]" + } + ], + "crowdstrike.event.UserId": "api-client-id:1234567890abcdefghijklmnopqrstuvwxyz" + }, + { + "@timestamp": "2020-02-12T21:39:37.147Z", + "log.offset": 2152, + "log.file.path": "falcon-events.log", + "log.flags": [ + "multiline" + ], + "source.ip": "192.168.6.8", + "fileset.name": "falcon", + "service.type": "crowdstrike", + "input.type": "log", + "event.module": "crowdstrike", + "event.dataset": "crowdstrike.falcon_audit", + "event.kind": "event", + "event.action": "two_factor_authenticate", + "event.type": ["change"], + "event.category": ["authentication"], + "event.outcome": "success", + "crowdstrike.metadata.eventCreationTime": 1581543577147, + "crowdstrike.metadata.version": "1.0", + "crowdstrike.metadata.customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "crowdstrike.metadata.offset": 1, + "crowdstrike.metadata.eventType": "AuthActivityAuditEvent", + "crowdstrike.event.ServiceName": "CrowdStrike Authentication", + "crowdstrike.event.Success": true, + "crowdstrike.event.UTCTimestamp": 1581543577147, + "crowdstrike.event.UserId": "alice@company.com", + "crowdstrike.event.UserIp": "192.168.6.8", + "crowdstrike.event.OperationName": "twoFactorAuthenticate", + "agent.type": "falcon", + "user.name": "alice@company.com", + "user.email": "alice@company.com", + "message": "CrowdStrike Authentication" + }, + { + "@timestamp": "2020-02-12T22:14:37.554Z", + "log.flags": [ + "multiline" + ], + "log.offset": 2645, + "log.file.path": "falcon-events.log", + "fileset.name": "falcon", + "service.type": "crowdstrike", + "event.module": "crowdstrike", + "event.dataset": "crowdstrike.falcon_audit", + "event.kind": "event", + "event.action": "two_factor_authenticate", + "event.type": ["change"], + "event.category": ["authentication"], + "event.outcome": "success", + "crowdstrike.metadata.customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "crowdstrike.metadata.offset": 2, + "crowdstrike.metadata.eventType": "AuthActivityAuditEvent", + "crowdstrike.metadata.eventCreationTime": 1581545677554, + "crowdstrike.metadata.version": "1.0", + "crowdstrike.event.UserId": "bob@company.com", + "crowdstrike.event.UserIp": "192.168.6.3", + "crowdstrike.event.OperationName": "twoFactorAuthenticate", + "crowdstrike.event.ServiceName": "CrowdStrike Authentication", + "crowdstrike.event.Success": true, + "crowdstrike.event.UTCTimestamp": 1581545677554, + "user.name": "bob@company.com", + "user.email": "bob@company.com", + "message": "CrowdStrike Authentication", + "source.ip": "192.168.6.3", + "input.type": "log", + "agent.type": "falcon" + }, + { + "@timestamp": "2020-02-12T22:24:08.000Z", + "input.type": "log", + "crowdstrike.metadata.version": "1.0", + "crowdstrike.metadata.customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "crowdstrike.metadata.offset": 3, + "crowdstrike.metadata.eventType": "UserActivityAuditEvent", + "crowdstrike.metadata.eventCreationTime": 1581546248000, + "crowdstrike.event.ServiceName": "groups", + "crowdstrike.event.AuditKeyValues": [ + { + "ValueString": "3c80ce30b9654cb4bd15beec6a517e65", + "Key": "group_id" + }, + { + "Key": "action_name", + "ValueString": "add_group_member" + } + ], + "crowdstrike.event.UTCTimestamp": 1581546248, + "crowdstrike.event.UserId": "chris@company.com", + "crowdstrike.event.UserIp": "192.168.6.13", + "crowdstrike.event.OperationName": "update_group", + "log.offset": 3136, + "log.file.path": "falcon-events.log", + "log.flags": [ + "multiline" + ], + "service.type": "crowdstrike", + "fileset.name": "falcon", + "agent.type": "falcon", + "user.name": "chris@company.com", + "user.email": "chris@company.com", + "message": "update_group", + "source.ip": "192.168.6.13", + "event.kind": "event", + "event.action": "user_activity_audit_event", + "event.type": ["change"], + "event.outcome": "unknown", + "event.category": ["iam"], + "event.module": "crowdstrike", + "event.dataset": "crowdstrike.falcon_audit" + }, + { + "@timestamp": "2020-02-13T13:41:52.140Z", + "source.ip": "192.168.6.8", + "user.name": "alice@company.com", + "user.email": "alice@company.com", + "service.type": "crowdstrike", + "input.type": "log", + "crowdstrike.metadata.customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "crowdstrike.metadata.offset": 4, + "crowdstrike.metadata.eventType": "AuthActivityAuditEvent", + "crowdstrike.metadata.eventCreationTime": 1581601312140, + "crowdstrike.metadata.version": "1.0", + "crowdstrike.event.AuditKeyValues": [ + { + "Key": "target_name", + "ValueString": "alice@company.com" + } + ], + "crowdstrike.event.UserId": "alice@company.com", + "crowdstrike.event.UserIp": "192.168.6.8", + "crowdstrike.event.OperationName": "requestResetPassword", + "crowdstrike.event.ServiceName": "CrowdStrike Authentication", + "crowdstrike.event.Success": true, + "crowdstrike.event.UTCTimestamp": 1581601312140, + "agent.type": "falcon", + "message": "CrowdStrike Authentication", + "log.file.path": "falcon-events.log", + "log.flags": [ + "multiline" + ], + "log.offset": 3858, + "event.module": "crowdstrike", + "event.dataset": "crowdstrike.falcon_audit", + "event.kind": "event", + "event.action": "request_reset_password", + "event.type": ["change"], + "event.category": ["authentication"], + "event.outcome": "success", + "fileset.name": "falcon" + }, + { + "@timestamp": "2020-02-13T13:42:21.730Z", + "event.kind": "event", + "event.action": "two_factor_authenticate", + "event.type": ["change"], + "event.category": ["authentication"], + "event.outcome": "success", + "event.dataset": "crowdstrike.falcon_audit", + "event.module": "crowdstrike", + "fileset.name": "falcon", + "agent.type": "falcon", + "user.name": "alice@company.com", + "user.email": "alice@company.com", + "input.type": "log", + "source.ip": "192.168.6.8", + "service.type": "crowdstrike", + "crowdstrike.event.OperationName": "twoFactorAuthenticate", + "crowdstrike.event.ServiceName": "CrowdStrike Authentication", + "crowdstrike.event.Success": true, + "crowdstrike.event.UTCTimestamp": 1581601341730, + "crowdstrike.event.UserId": "alice@company.com", + "crowdstrike.event.UserIp": "192.168.6.8", + "crowdstrike.metadata.customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "crowdstrike.metadata.offset": 5, + "crowdstrike.metadata.eventType": "AuthActivityAuditEvent", + "crowdstrike.metadata.eventCreationTime": 1581601341730, + "crowdstrike.metadata.version": "1.0", + "message": "CrowdStrike Authentication", + "log.offset": 4506, + "log.file.path": "falcon-events.log", + "log.flags": [ + "multiline" + ] + }, + { + "@timestamp": "2020-02-13T13:45:20.236Z", + "user.name": "alice@company.com", + "user.email": "alice@company.com", + "log.offset": 5003, + "log.file.path": "falcon-events.log", + "log.flags": [ + "multiline" + ], + "event.action": "change_password", + "event.type": ["change"], + "event.category": ["authentication"], + "event.outcome": "success", + "event.module": "crowdstrike", + "event.dataset": "crowdstrike.falcon_audit", + "event.kind": "event", + "fileset.name": "falcon", + "agent.type": "falcon", + "message": "CrowdStrike Authentication", + "source.ip": "192.168.6.8", + "service.type": "crowdstrike", + "input.type": "log", + "crowdstrike.metadata.version": "1.0", + "crowdstrike.metadata.customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "crowdstrike.metadata.offset": 6, + "crowdstrike.metadata.eventType": "AuthActivityAuditEvent", + "crowdstrike.metadata.eventCreationTime": 1581601520236, + "crowdstrike.event.Success": true, + "crowdstrike.event.UTCTimestamp": 1581601520236, + "crowdstrike.event.AuditKeyValues": [ + { + "Key": "target_name", + "ValueString": "first.last@company.com" + } + ], + "crowdstrike.event.UserId": "alice@company.com", + "crowdstrike.event.UserIp": "192.168.6.8", + "crowdstrike.event.OperationName": "changePassword", + "crowdstrike.event.ServiceName": "CrowdStrike Authentication" + }, + { + "@timestamp": "2020-02-13T13:46:12.362Z", + "log.offset": 5657, + "log.file.path": "falcon-events.log", + "log.flags": [ + "multiline" + ], + "service.type": "crowdstrike", + "input.type": "log", + "crowdstrike.metadata.eventType": "AuthActivityAuditEvent", + "crowdstrike.metadata.eventCreationTime": 1581601572362, + "crowdstrike.metadata.version": "1.0", + "crowdstrike.metadata.customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "crowdstrike.metadata.offset": 7, + "crowdstrike.event.Success": true, + "crowdstrike.event.UTCTimestamp": 1581601572362, + "crowdstrike.event.UserId": "alice@company.com", + "crowdstrike.event.UserIp": "192.168.6.8", + "crowdstrike.event.OperationName": "userAuthenticate", + "crowdstrike.event.ServiceName": "CrowdStrike Authentication", + "message": "CrowdStrike Authentication", + "source.ip": "192.168.6.8", + "event.module": "crowdstrike", + "event.dataset": "crowdstrike.falcon_audit", + "event.kind": "event", + "event.action": "user_authenticate", + "event.type": ["change"], + "event.category": ["authentication"], + "event.outcome": "success", + "fileset.name": "falcon", + "agent.type": "falcon", + "user.name": "alice@company.com", + "user.email": "alice@company.com" + }, + { + "@timestamp": "2020-02-13T13:50:14.754Z", + "input.type": "log", + "crowdstrike.metadata.eventCreationTime": 1581601814754, + "crowdstrike.metadata.version": "1.0", + "crowdstrike.metadata.customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "crowdstrike.metadata.offset": 8, + "crowdstrike.metadata.eventType": "AuthActivityAuditEvent", + "crowdstrike.event.ServiceName": "CrowdStrike Authentication", + "crowdstrike.event.Success": true, + "crowdstrike.event.UTCTimestamp": 1581601814754, + "crowdstrike.event.UserId": "alice@company.com", + "crowdstrike.event.UserIp": "192.168.6.8", + "crowdstrike.event.OperationName": "twoFactorAuthenticate", + "agent.type": "falcon", + "source.ip": "192.168.6.8", + "event.dataset": "crowdstrike.falcon_audit", + "event.kind": "event", + "event.action": "two_factor_authenticate", + "event.type": ["change"], + "event.category": ["authentication"], + "event.outcome": "success", + "event.module": "crowdstrike", + "fileset.name": "falcon", + "service.type": "crowdstrike", + "user.name": "alice@company.com", + "user.email": "alice@company.com", + "message": "CrowdStrike Authentication", + "log.offset": 6149, + "log.file.path": "falcon-events.log", + "log.flags": [ + "multiline" + ] + }, + { + "@timestamp": "2020-02-13T13:50:20.289Z", + "agent.type": "falcon", + "event.action": "self_accept_eula", + "event.type": ["change"], + "event.category": ["authentication"], + "event.outcome": "success", + "event.module": "crowdstrike", + "event.dataset": "crowdstrike.falcon_audit", + "event.kind": "event", + "crowdstrike.metadata.version": "1.0", + "crowdstrike.metadata.customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "crowdstrike.metadata.offset": 9, + "crowdstrike.metadata.eventType": "AuthActivityAuditEvent", + "crowdstrike.metadata.eventCreationTime": 1581601820289, + "crowdstrike.event.UserId": "alice@company.com", + "crowdstrike.event.UserIp": "192.168.6.8", + "crowdstrike.event.OperationName": "selfAcceptEula", + "crowdstrike.event.ServiceName": "CrowdStrike Authentication", + "crowdstrike.event.Success": true, + "crowdstrike.event.UTCTimestamp": 1581601820289, + "fileset.name": "falcon", + "service.type": "crowdstrike", + "input.type": "log", + "user.name": "alice@company.com", + "user.email": "alice@company.com", + "message": "CrowdStrike Authentication", + "log.file.path": "falcon-events.log", + "log.flags": [ + "multiline" + ], + "log.offset": 6642, + "source.ip": "192.168.6.8" + }, + { + "@timestamp": "2020-02-13T14:14:22.000Z", + "agent.type": "falcon", + "message": "detection_update", + "source.ip": "192.168.6.8", + "input.type": "log", + "event.dataset": "crowdstrike.falcon_audit", + "event.kind": "event", + "event.action": "user_activity_audit_event", + "event.type": ["change"], + "event.outcome": "unknown", + "event.category": ["iam"], + "event.module": "crowdstrike", + "fileset.name": "falcon", + "crowdstrike.metadata.eventCreationTime": 1581603262000, + "crowdstrike.metadata.version": "1.0", + "crowdstrike.metadata.customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "crowdstrike.metadata.offset": 10, + "crowdstrike.metadata.eventType": "UserActivityAuditEvent", + "crowdstrike.event.UTCTimestamp": 1581603262, + "crowdstrike.event.UserId": "alice@company.com", + "crowdstrike.event.UserIp": "192.168.6.8", + "crowdstrike.event.OperationName": "detection_update", + "crowdstrike.event.ServiceName": "detections", + "crowdstrike.event.AuditKeyValues": [ + { + "Key": "detection_id", + "ValueString": "ldt:5a6fd0b7347440cd74cb84855a8aee18:17180539745" + }, + { + "Key": "new_state", + "ValueString": "in_progress" + }, + { + "Key": "assigned_to", + "ValueString": "First Last" + }, + { + "Key": "assigned_to_uid", + "ValueString": "first.last@company.com" + } + ], + "log.offset": 7128, + "log.file.path": "falcon-events.log", + "log.flags": [ + "multiline" + ], + "service.type": "crowdstrike", + "user.name": "alice@company.com", + "user.email": "alice@company.com" + } +] diff --git a/filebeat/module/crowdstrike/falcon/test/falcon-events.log b/filebeat/module/crowdstrike/falcon/test/falcon-events.log new file mode 100644 index 00000000000..7842299bacf --- /dev/null +++ b/filebeat/module/crowdstrike/falcon/test/falcon-events.log @@ -0,0 +1,68 @@ +{ + "metadata": { + "customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "offset": 294564, + "eventType": "DetectionSummaryEvent", + "eventCreationTime": 1582101000000, + "version": "1.0" + }, + "event": { + "ProcessStartTime": 1536846339, + "ProcessEndTime": 0, + "ProcessId": 38684386611, + "ParentProcessId": 38682494050, + "ComputerName": "alice-laptop", + "UserName": "alice", + "DetectName": "Process Terminated", + "DetectDescription": "Terminated a process related to the deletion of backups, which is often indicative of ransomware activity.", + "Severity": 4, + "SeverityName": "High", + "FileName": "explorer.exe", + "FilePath": "\\Device\\HarddiskVolume1\\Windows", + "CommandLine": "C:\\Windows\\Explorer.EXE", + "SHA256String": "6a671b92a69755de6fd063fcbe4ba926d83b49f78c42dbaeed8cdb6bbc57576a", + "MD5String": "ac4c51eb24aa95b77f705ab159189e24", + "MachineDomain": "CORP-DOMAIN", + "FalconHostLink": "https://falcon.crowdstrike.com/ec86abd353824e96765ecbe18eb4f0b4", + "SensorId": "7c808b4c8878433287eea53d4a8c3268", + "DetectId": "ldt:ec86abd353824e96765ecbe18eb4f0b4:38655257584", + "LocalIP": "192.168.12.51", + "MACAddress": "00-00-00-11-22-33", + "Tactic": "Malware", + "Technique": "Ransomware", + "Objective": "Falcon Detection Method", + "PatternDispositionDescription": "Prevention, process killed.", + "PatternDispositionValue": 16, + "PatternDispositionFlags": { + "Indicator": false, + "Detect": false, + "InddetMask": false, + "SensorOnly": false, + "Rooting": false, + "KillProcess": true, + "KillSubProcess": false, + "QuarantineMachine": false, + "QuarantineFile": false, + "PolicyDisabled": false, + "KillParent": false, + "OperationBlocked": false, + "ProcessBlocked": false + } + } +} +{ + "metadata": { + "customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "offset": 1824, + "eventType": "IncidentSummaryEvent", + "eventCreationTime": 1583295476766, + "version": "1.0" + }, + "event": { + "IncidentStartTime": 1583295228, + "IncidentEndTime": 1583295470, + "FalconHostLink": "https://falcon.crowdstrike.com/crowdscore/incidents/details/inc:8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "State": "open", + "FineScore": 1.2 + } +} diff --git a/filebeat/module/crowdstrike/falcon/test/falcon-events.log-expected.json b/filebeat/module/crowdstrike/falcon/test/falcon-events.log-expected.json new file mode 100644 index 00000000000..fddd89e4fea --- /dev/null +++ b/filebeat/module/crowdstrike/falcon/test/falcon-events.log-expected.json @@ -0,0 +1,113 @@ +[ + { + "@timestamp": "2020-02-19T08:30:00.000Z", + "process.pid": 38684386611, + "process.name": "explorer.exe", + "process.command_line": "C:\\Windows\\Explorer.EXE", + "process.executable": "C:\\Windows\\Explorer.EXE", + "process.args": ["C:\\Windows\\Explorer.EXE"], + "event.dataset": "crowdstrike.falcon_endpoint", + "event.kind": "alert", + "event.action": "Prevention, process killed.", + "event.type": ["info"], + "event.category": ["malware"], + "event.severity": 4, + "event.module": "crowdstrike", + "event.url": "https://falcon.crowdstrike.com/ec86abd353824e96765ecbe18eb4f0b4", + "event.outcome": "unknown", + "service.type": "crowdstrike", + "user.name": "alice", + "user.domain": "CORP-DOMAIN", + "rule.description": "Terminated a process related to the deletion of backups, which is often indicative of ransomware activity.", + "rule.name": "Process Terminated", + "log.flags": [ + "multiline" + ], + "log.offset": 0, + "log.file.path": "falcon-events.log", + "source.ip": "192.168.12.51", + "agent.type": "falcon", + "host.name": "alice-laptop", + "message": "Terminated a process related to the deletion of backups, which is often indicative of ransomware activity.", + "fileset.name": "falcon", + "input.type": "log", + "file.hash.md5": "ac4c51eb24aa95b77f705ab159189e24", + "file.hash.sha256": "6a671b92a69755de6fd063fcbe4ba926d83b49f78c42dbaeed8cdb6bbc57576a", + "threat.tactic.name": "malware", + "threat.technique.name": "ransomware", + "crowdstrike.metadata.customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "crowdstrike.metadata.offset": 294564, + "crowdstrike.metadata.eventType": "DetectionSummaryEvent", + "crowdstrike.metadata.eventCreationTime": 1582101000000, + "crowdstrike.metadata.version": "1.0", + "crowdstrike.event.ParentProcessId": 38682494050, + "crowdstrike.event.SHA256String": "6a671b92a69755de6fd063fcbe4ba926d83b49f78c42dbaeed8cdb6bbc57576a", + "crowdstrike.event.SensorId": "7c808b4c8878433287eea53d4a8c3268", + "crowdstrike.event.LocalIP": "192.168.12.51", + "crowdstrike.event.FalconHostLink": "https://falcon.crowdstrike.com/ec86abd353824e96765ecbe18eb4f0b4", + "crowdstrike.event.Tactic": "Malware", + "crowdstrike.event.ProcessEndTime": 0, + "crowdstrike.event.Severity": 4, + "crowdstrike.event.CommandLine": "C:\\Windows\\Explorer.EXE", + "crowdstrike.event.Technique": "Ransomware", + "crowdstrike.event.Objective": "Falcon Detection Method", + "crowdstrike.event.ProcessId": 38684386611, + "crowdstrike.event.DetectDescription": "Terminated a process related to the deletion of backups, which is often indicative of ransomware activity.", + "crowdstrike.event.PatternDispositionDescription": "Prevention, process killed.", + "crowdstrike.event.PatternDispositionFlags.Indicator": false, + "crowdstrike.event.PatternDispositionFlags.Detect": false, + "crowdstrike.event.PatternDispositionFlags.KillProcess": true, + "crowdstrike.event.PatternDispositionFlags.KillSubProcess": false, + "crowdstrike.event.PatternDispositionFlags.KillParent": false, + "crowdstrike.event.PatternDispositionFlags.OperationBlocked": false, + "crowdstrike.event.PatternDispositionFlags.ProcessBlocked": false, + "crowdstrike.event.PatternDispositionFlags.InddetMask": false, + "crowdstrike.event.PatternDispositionFlags.SensorOnly": false, + "crowdstrike.event.PatternDispositionFlags.Rooting": false, + "crowdstrike.event.PatternDispositionFlags.QuarantineMachine": false, + "crowdstrike.event.PatternDispositionFlags.QuarantineFile": false, + "crowdstrike.event.PatternDispositionFlags.PolicyDisabled": false, + "crowdstrike.event.FileName": "explorer.exe", + "crowdstrike.event.MachineDomain": "CORP-DOMAIN", + "crowdstrike.event.PatternDispositionValue": 16, + "crowdstrike.event.ComputerName": "alice-laptop", + "crowdstrike.event.UserName": "alice", + "crowdstrike.event.MD5String": "ac4c51eb24aa95b77f705ab159189e24", + "crowdstrike.event.DetectId": "ldt:ec86abd353824e96765ecbe18eb4f0b4:38655257584", + "crowdstrike.event.MACAddress": "00-00-00-11-22-33", + "crowdstrike.event.ProcessStartTime": 1536846339, + "crowdstrike.event.DetectName": "Process Terminated", + "crowdstrike.event.SeverityName": "High", + "crowdstrike.event.FilePath": "\\Device\\HarddiskVolume1\\Windows" + }, + { + "@timestamp": "2020-03-04T04:17:56.766Z", + "log.offset": 2063, + "log.file.path": "falcon-events.log", + "log.flags": [ + "multiline" + ], + "event.module": "crowdstrike", + "event.dataset": "crowdstrike.falcon_endpoint", + "event.kind": "alert", + "event.type": ["info"], + "event.category": ["malware"], + "event.action": "incident", + "event.url": "https://falcon.crowdstrike.com/crowdscore/incidents/details/inc:8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "event.outcome": "unknown", + "input.type": "log", + "crowdstrike.metadata.customerIDString": "8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "crowdstrike.metadata.offset": 1824, + "crowdstrike.metadata.eventType": "IncidentSummaryEvent", + "crowdstrike.metadata.eventCreationTime": 1583295476766, + "crowdstrike.metadata.version": "1.0", + "crowdstrike.event.IncidentStartTime": 1583295228, + "crowdstrike.event.IncidentEndTime": 1583295470, + "crowdstrike.event.FalconHostLink": "https://falcon.crowdstrike.com/crowdscore/incidents/details/inc:8f69fe9e-b995-4204-95ad-44f9bcf75b6b", + "crowdstrike.event.State": "open", + "crowdstrike.event.FineScore": 1.2, + "message": "Incident score 1.2", + "fileset.name": "falcon", + "service.type": "crowdstrike" + } +] diff --git a/filebeat/module/crowdstrike/fields.go b/filebeat/module/crowdstrike/fields.go new file mode 100644 index 00000000000..f434d28cb91 --- /dev/null +++ b/filebeat/module/crowdstrike/fields.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package crowdstrike + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "crowdstrike", asset.ModuleFieldsPri, AssetCrowdstrike); err != nil { + panic(err) + } +} + +// AssetCrowdstrike returns asset data. +// This is the base64 encoded gzipped contents of module/crowdstrike. +func AssetCrowdstrike() string { + return "eJy8mc1u4zYQx+95isGeuzkU2B58KGDYDtZoshvETtvbYkyNLTYSqZIje/32BUlJUWw5lmymOQWm+OdPw/kgR5/hhfYjEEbvEstGvtANAEvOaASfJq+/froBMJQRWhrBihhvABKywsiCpVYj+P0GAOBBJ2VGsNYGhM4yEizVBlo6QFtSbG9vANaSssSO/LzPoDCnQw73x/uCRrAxuiyqXzqWdX93Xs4v3V7vDjOhVVgWUCWAGRmGBBlvq7ltkDZMTozuuWagscxDNVJNbT1wAs7bhhihNcujEoq0guMUGaQSWZmQf22PyzIny5gXt22MI6OEtddYZvzDy49gjZml1vDha7Zf1RMs9wW9Ga0XeqH9TpvkYOydV3V/U2K3/VotyjxHs5+5JX6BuRIyIcVvf32iXDM9kS20srQga91ERsPvPTBTSTU8LjkdC5Zbyftxmch6mjbwbMkcDzW4p80xMYSOfynzbrMkyIcDZ2yyTMlvKHAqbbXtWojSGEpAK+CUgFRSaKmcK8DzcgLP3+Z//3hYOG/JkW/fB9frtSXupJWKaUNmGPB3rweqzFdkgoeyQfFiPWqmhbcQ6HVA9y8kFVg2hPktLN1rSgulpQRYg995ud5DqeS/JUFS+0grLbzzdqK0rHMy8+mCjVSbeM46qZRrQtkyVCfKlozzwHgEC5FSjke6R0mJ3nhvk5G8Uw9KR2HGO/moSZaxMk+3JR+NFmStD/bIoVYEabBOOwTeJUFVEc5U8kF8TCaXKoTStZTzQ7+7IvorSZhPXe1HDkHsIr0J3HNQaEjxR6B54caClxNOdF6UTOYbntjai6LZqdVZUVQrwC4lQ2/hmux/htIVsbiETtGLA1qrhfS220lOB1kvFPmPs90wjumrcMxzTDM8lGpBWzKS9/HcvlYEK7QZbKV6dtz9OmBi+nkuVd3JjOIyOMXgzZVJWk5d5whX3oZYy2k+IqfxKJ1ac1b6SaJkXGXXBeBE5zmq5F6qiNacvbIVDtlTibASZFIRoNmUeY8T2+Lr+Ncvv8U+rQVVsGV+uTW7eR+mX2LDPky/XEfaDYoilYqmOkcZM9l5vSZU8rDKVaThAv5VW76X6iViAXu6d7V+K2l3UFOlqhY9mw6V1ebEqeQypnCtmU87LVa1IqxftldB+//Y+u7mvRaYzR/jYc0fAZPEuARdRUiqLV8XG+PJOEhGjOLxJDrnEgVLEZFxvnyaAXtVEMi00WY/9IywJJF6T4nOVQtfjPZ99Y97bhsTjTjViQPpf6NhJqOm0hbaSjfhQ06d45DKGF9IwWrfL6Eds/2J2YmdvOj4eTqHYIt3MOVdhpvuWNV+yweeBZ0aSJVIgb79HNhsL7gFH9/kr9jGv1LilEIxlVXn050GcjR7kBZ0Qco3WrTaaMeqDYhM27MXwqaNGrltsnhtldSHgIa71ZXo15KoIeN2TmZVVzwC4J1UtHC3lk60daZxoO95MQ9WQ/W42Mes8rMcZfZaqQyU7p5/ouj7Pl8fwOJD6n0XksM9VwYKMr5XFvcKGfqhtlw5jbMnR7OVIvIdthLtMEv9reAcVSnEqUPPSuuM8LBAndurkEO1cQVyV6UybUBpbn/B2KEFG9Zel9k5f1pOlvUnrUgJodF7x3TDc4P/VvQH7X0J7TaqIss0uFPhe+3+U8qODIFIUW0ocYD9dzp8/4qZOCpJlyqqY5nxn9zAVN/cwIYnzqC5i577z79nPDwn+6bBU19N6yJQ0faDbKpmTDfsKJ1voYb7YFU4Y1IeVc8ejP8FAAD//637dzY=" +} diff --git a/filebeat/module/crowdstrike/module.yml b/filebeat/module/crowdstrike/module.yml new file mode 100644 index 00000000000..62cdb7d5863 --- /dev/null +++ b/filebeat/module/crowdstrike/module.yml @@ -0,0 +1,3 @@ +dashboards: +- id: Filebeat-crowdstrike-falcon-Dashboard + file: Filebeat-crowdstrike-falcon.json diff --git a/filebeat/module/envoyproxy/README.md b/filebeat/module/envoyproxy/README.md new file mode 100644 index 00000000000..11f08707f8f --- /dev/null +++ b/filebeat/module/envoyproxy/README.md @@ -0,0 +1,125 @@ +# Envoyproxy Module + +This is a filebeat module for Envoy proxy access log. + +## Download and install Filebeat + +Grab the filebeat binary from elastic.co, and install it by following the instructions. + +## Deployment Scenario #1: envoy native deployment + +This module assumes that envoy log entries will be written to /var/log/envoy.log. Should it be not the case, please point the module log path to the path of the log file. + +Update filebeat.yml to point to Elasticsearch and Kibana. +Setup Filebeat. +``` +./filebeat setup --modules envoyproxy -e +``` + +Enable the Filebeat envoyproxy module +``` +./filebeat modules enable envoyproxy +``` + +Start Filebeat +``` +./filebeat -e +``` + +Now, the Envoy logs and dashboard should appear in Kibana. + + +## Deployment Scenario #2: envoy for kubernetes + +For Kubernetes deployment, the filebeat daemon-set yaml file needs to be deployed to the Kubernetes cluster. Sample configuration files is provided under the `beats/deploy/filebeat` directory (https://github.com/elastic/beats/tree/master/deploy/kubernetes/filebeat), and can be deployed by doing the following: +``` +kubectl apply -f filebeat +``` + +#### Note the following section in the ConfigMap, make changes to the yaml file if necessary +``` + filebeat.autodiscover: + providers: + - type: kubernetes + hints.enabled: true + hints.default_config.enabled: false + + processors: + - add_kubernetes_metadata: ~ +``` + +This enables auto-discovery and hints for filebeat. When default.disable is set to true (default value is false), it will disable log harvesting for the pod/container, unless it has specific annotations enabled. This gives users more granular control on kubernetes log ingestion. The `add_kubernetes_metadata` processor will add enrichment data for Kubernetes to the ingest logs. + +#### Note the following section in the DaemonSet, make changes to the yaml file if necessary +``` +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: filebeat + namespace: kube-system + labels: + k8s-app: filebeat +spec: + selector: + matchLabels: + k8s-app: filebeat + template: + metadata: + labels: + k8s-app: filebeat + spec: + serviceAccountName: filebeat + terminationGracePeriodSeconds: 30 + containers: + - name: filebeat + image: docker.elastic.co/beats/filebeat:%VERSION% + args: [ + "sh", "-c", "filebeat setup -e --modules envoyproxy -c /etc/filebeat.yml && filebeat -e -c /etc/filebeat.yml" + ] + env: + # Edit the following values to reflect your setup accordingly + - name: ELASTICSEARCH_HOST + value: 192.168.99.1 + - name: ELASTICSEARCH_USERNAME + value: elastic + - name: ELASTICSEARCH_PASSWORD + value: changeme + - name: KIBANA_HOST + value: 192.168.99.1 +``` + +The module setup step can also be done separately without Kubernetes if applicable, and in that case, the args can be simplified to: +``` + args: [ + "sh", "-c", "filebeat -e -c /etc/filebeat.yml" + ] +``` + +#### Sample Deployment for envoy, using ambassador as an example. Note the annotations. + +``` +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ambassador +spec: + replicas: 3 + selector: + matchLabels: + service: ambassador + template: + metadata: + annotations: + "co.elastic.logs/module": "envoyproxy" + "co.elastic.logs/fileset": "log" + "co.elastic.logs/disable": "false" + labels: + service: ambassador + spec: + serviceAccountName: ambassador + containers: + - name: ambassador + image: quay.io/datawire/ambassador:0.50.0 + +``` + diff --git a/filebeat/module/envoyproxy/_meta/config.yml b/filebeat/module/envoyproxy/_meta/config.yml new file mode 100644 index 00000000000..c0fada4e3ae --- /dev/null +++ b/filebeat/module/envoyproxy/_meta/config.yml @@ -0,0 +1,8 @@ +- module: envoyproxy + # Fileset for native deployment + log: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: diff --git a/filebeat/module/envoyproxy/_meta/docs.asciidoc b/filebeat/module/envoyproxy/_meta/docs.asciidoc new file mode 100644 index 00000000000..ae036ce7249 --- /dev/null +++ b/filebeat/module/envoyproxy/_meta/docs.asciidoc @@ -0,0 +1,24 @@ +[role="xpack"] + +:modulename: envoyproxy +:has-dashboards: true + +== Envoyproxy Module + +This is a Filebeat module for Envoy proxy access log (https://www.envoyproxy.io/docs/envoy/v1.10.0/configuration/access_log). It supports both standalone deployment and Envoy proxy deployment in Kubernetes. + +include::../include/gs-link.asciidoc[] + +[float] +=== Compatibility + +Although this module has been developed against Envoy proxy 1.10.0 and Kubernetes v1.13.x, it is expected to work +with other versions of Envoy proxy and Kubernetes. + +[float] +=== Example dashboard + +This module comes with a sample dashboard. + +[role="screenshot"] +image::./images/kibana-envoyproxy.jpg[] diff --git a/filebeat/module/envoyproxy/_meta/fields.yml b/filebeat/module/envoyproxy/_meta/fields.yml new file mode 100644 index 00000000000..ad019cd56d9 --- /dev/null +++ b/filebeat/module/envoyproxy/_meta/fields.yml @@ -0,0 +1,45 @@ +- key: envoyproxy + title: Envoyproxy + description: > + Module for handling logs produced by envoy + fields: + - name: envoyproxy + type: group + description: > + Fields from envoy proxy logs after normalization + fields: + - name: log_type + type: keyword + description: > + Envoy log type, normally ACCESS + + - name: response_flags + type: keyword + description: > + Response flags + + - name: upstream_service_time + type: long + format: duration + input_format: nanoseconds + description: > + Upstream service time in nanoseconds + + - name: request_id + type: keyword + description: > + ID of the request + + - name: authority + type: keyword + description: > + Envoy proxy authority field + + - name: proxy_type + type: keyword + description: > + Envoy proxy type, tcp or http + + + + diff --git a/filebeat/module/envoyproxy/_meta/images/kibana-envoyproxy.jpg b/filebeat/module/envoyproxy/_meta/images/kibana-envoyproxy.jpg new file mode 100644 index 0000000000000000000000000000000000000000..ebdee56b99eb1ceec042234eb0e4e5092d924d2d GIT binary patch literal 482070 zcmeFZcT^P3)-T+{kfUVDIS7)o0t1poK(c@`l5#p^FcfEhz`xI99ud8?M+Iv@Z_3qj=5xUGZma0LJ(BR~uQ0CIo?!T>-)1Ofj52s=RX8w0>)2*=;p3?lj`4G{n& zcmTwI(%6FM(*$xpt^Mbj=n2tZ6g1RNpnqYq-_(Rv3O@JXVE+qJQoccw4$gj#E|N}u zK2it=e<>MBX(>PzhVXZA@^T60b#!s_@KxjAZSUsi^>9|>w^lHcHuBeUare-V2y`)z zFt%`t@N!ad=7*{Csv<5ReEfY}f*p7fKHk1T7Z7UvznNbE@oBLXKksjnU@tZPYerXj zwfq8Icoih&C8hbn+JVll7tFME|EvpMsqz0QWLQ|3WSE?!U!a?mjEahil(ejrtgHk` zArTbr8|;9P@C_39i-WdHkW-+Cf3Sz2FYhTw2S>kXx9}E0rfqyLUj|KkUv%tT+9T#8F#R&s_8Gx`2C|`B=3-$|g_w(nKlavOOFBupS zpE_M&`i+Ht!!uJ{sk3RoOXAJj6pywrm!b(Mx@rS0E%;S46J3KVI=}rsy2lRw{@z4q z0KmsLIM7V*67Mw|TVAp?&|zZ-m;qiu)WIppU-RnKE2ljFI{)VX_u+8*w|fUnN}Tfg zyZFBc=$%2g2=ouHg5-|QK~6p(ZUg}0SSSC$U;rRh2FnG)g8fhNbr3TJf&zlr{}j9Z zfn!gx;~)6ZZyF0TEs&-f^kAtS90J_{fc6zw&Kv6F2J)f(1Y&7lXAfThpd$ydx|6$u zGl=y;eBQ^$?-YY{fT-iY@p1b%?BL+|H%|u#x4-cpx_~vohP6F{{JkB*e_#Ah9(=q* zKzsd8!r+nGJy72aJTrlI`{dC{e4>Q=<1S~t-pNXHz+Ab+CA zfqrIxwng;VHBd|Q&$_h^fgt*WzAwbf^0fSv|0j1BgTMIyjBvNG2FpR2p_HK>R>mNv z1u;vIm-(qYpbSvK2zRa1^4~OpA!euY3xeerTzvH|ff$qrYVR7Td#d{>eV|Veha(NQ$E#B4!`9;3*uKUzM6m91ZwXRbnR5O-+DQ_XzPF&)E)Z4 z#n#G@Y9N1*H!%w_J0L+U54NO93W;gItuMP#ecT1`@0w2{%+0ecOQF!J>&5=&0qRD zfF-AGo{obc=_=_>Y3v_df?W{7;J5{}{QScMJ>1-bc{RbA--Xw}*Gcj`udK9;3ILqG zM^0$~;0Md^_XC7w_+Mo)KLJ3^nLr?P{HyE=_)Is(0RZLaf0c=Jfztsi0K83c3JDDT zgCFtfi3Feo=)fn64d4a@08vmMSwIoE2xtI0z-7P$umEfTdvMgbgX1|62m_*kJ3u^; z0xm*i0eL_XPy&<#HNZ=t1?T{JfB|3x_yBwa=E2dk0elD0z#(t~fk4P0G!RAz8-xcU z1QCbGLX;uu5FN-Bh#ABNauebP@r8syq9Au6DUb|E9^@&c0#XlYh4es%Amfl($SPzL zvJW{Xf)Y^^F%fYQ2@^>XDHCZD84_6#-5_!!3LuIgiY2;F^oXdKsG6vmsE25T=p)ez z(RZQ)C;+8`vOxKu5>RER7Ssf43w4DCLZhL{&}?Wiv=-V1_VXlk1-b?OMNCS}NX$zt z0ghmOVoPEt;sD}k;#A^1;&S3<;y&U@;#FcaF`k5mgp)*^=U6y2&QUHpnpKROCG5vgEqtw&cF#G343gmE>LI6XajWPbkh%2vJ<1Frjd! z2&YJ+ct+7iF-EaLaY9K?DMG16X+h~pd57{5Wi4et^|DitbIDi5mLRF9}$ zP`#yErTRt9KrKeCMSYz*g!(>p8TD)GS?V7&G&I6A8Z@>v!8G@2DrkCXmS`}vjI@%p z2DHw!NZNebX4(nb9Xbj+Av#Sud%6g^Y`O-zF}kfY6la9bXq|C56MZKCOzWAMGY9mH z^fL4&^gi^d^p*5O^j{gs7=#&g7@Qem8A=#>8P*t~i~@{Wj82Sq8J{usGj1@EGKnx5 zFnKbiFx4=SzTC@SZi4) zSdY$foYgq%ayI#F-Pw<4kJ)(HblAMu(%D+r7TJl}#n?^R!`KVi``NcRm^dzSIB_I% zyyTeUB;pj~G~T z=Nm6GuO_cI?<3wmUNj#kpFUp*-&4N#d?)-O{FeMN{B`_`0+a&E0Ojt1$hLG z1fvA21m}b(gp`Hcg>r-jg^q+pgsp`Wgj)o9NzSXB_dQ>Henx^?LQ^7CqDo>_l11{0 zWQ=5s&NnHZTinSEI?Str?i*(o_1IbAuV+$*^~ zd2x9c`9k?m3XBRy3JD5t6mW`4ih+u?iknJ;N;j1rE6pe~DPL7iReq~NqH;+EsnVhH z>w@Bi;0rG=>|T_(=ykF3;#XA>RTtG~s%vWeY7S~o)mGGb)o-dlQD1@a!5m=4FqDRX zhO@?VjW3$#G(9z|HFqvaUkbd`bm>Uzg4Qjq*V<5RJ?&)e_c{zZmO6PlOS=5JZn{;v zXgvkJNWItkB>IN>>H0GUTn0`C6$a?bN|$e4?lYt|G&jsML|qZP5_qM}h{))&QKr#? zv5>K^af=CHVqlVKvUpYGYQWWYQ&Q8brun9y&1B4?%m&RF&Ee*i=7$!SEYd9IEk!Lu zEZLTr*t1x~aKkx^23{+_T-cJhVLWJoY^GJ&Qb#yiB~xya?Xb-gQ3YJ~w?@eHnbc zeEa;k{SbcR{^I`e{wo0&03KWGr&yw%+aXJCt|4 z?!1eUj>(AmdDr@GTP#=X?bx+Ay|}7)+W5funS_f8MTx|T9*OUh9F+j4El_SjI~Uo%;tx@50fAM%z|eP zWy@z5)@Y-?(lY%lBJ>&Wk9?o8{V?27FobVqa_y!L;+)#KK)_6GiDzV}-1 zRG(?z`+mdzw*$HZy@Q&A-EY<2b_`t@Y8_S{ZW&P=X&zM=ZF;BhuIatv`{psFu~#2d zKD3Rij(1JKCVD2dCkLhsrba#*e;l8-oc=U(eP-p8^QW(~-m`mip>rqmw--njk{8b` zW-oCr6)&G#u3J%D>0H%b9YvX==GUCozOM(ZV>eOts@OKDw`0Wdvh9-zy!GOhn8354O0083$(0{P| z<2&y+#qYqyp9uUE`i=fL{~P|}Tk!WiMF6M;!Ku5h^%?+PfLZu9$Xf#dPF-~i4S+~a z?(YnioTeaGIoaO;LLCUYCKv+Y2NwX4wE+MwkU%&oAP{iRz;A_F0C*kn$M@waH7WRA z@kHYkeLU-Y`}F+piSQbrCnvL|p@u^E0U~+`lpaFp19(8$NkGR0On(tWh@iwIq-5k2 zlvE%=(;0vW0)-M0LrF+Z7X=`_7CP2lXN%CWaD|o$3W4 z3Ij8go|uGBhLl0ml*}Q3kze)>In$-|r}aG)0&-?(X2-yBN)|!+RiV98)qZRC-%~8+ z|46gH75kT7^Pu}o^gBU`z+Qqv!JZ-p6A2l~X(A&B-6}AV|CuO%C(sR|q5?gfKNA6D z0s(n|l}W*WG!$eMf8F};p9za#oNb&i2Y{mq986Gp00!W&#mS<;KlvXU{4)mrkH-L% z@ZtA!1YPgOco)UPep1bJqq*k^Kt?$Mh#$f@5de+ONCE)a?*1j#E&sJH=o?eo76HJ- za7tk_3Bc>wV;cfMlZhV0--$TFL+6qEmOSWL7&Y=MYaMb$t%U#xS${5wNO*&cn;Yvl zVbm+}Sm|{kot4@pAGUjAvhEypCS~Er2L|D5Vlvl9QKPE7D_B}~LV+eq5xug&u6e+W?uk0Qf0-;=q58VGN+;Y$Ve~Lvebc8oyedZV*In_Uvnt$Kt|@?p5-ZE$1A~wdF)eCQ z=M00h{QROru1>FkK!Z(l>;9tVw4?)?i@oe*aXy0XE7Lo^!mVNfT^ISd1=K5Tul7Zh z*LIN7qr3)ULRoPVCp78{bRxYh;x-Jse{4!@1ueXQAKjgf; z{!4m_;fFc$Bt2U1y9ri-=XKpNTlfB@69SO_73|#-3^M`HQo`%Qk^5@VhNdPs^EXKO zt^>R_vhPCx3VF%?Fjppr=fVTKYT(8!#x==1HMEY>!No zT)F>kT04*Jp=zLRPx^SgmN<0``8xe{HyJtc%^&dM<@zwtDtf)_M{&OE9=zj{J{wKv zgI-=7=aWf0)Y862XQi37pNt=wObFqvxn zw=*;6q@Ew+m>ltah4Z5kfQoRo3WNLfwM1usHvO-f>+I*DUyG9g(SPzkHu%3`3{;NW z+ZhF^Ju_*u^C|RPxz}}bcwd)RuhgdaHIu0hz+`F<-=kZz2Ip=1Dy;UNRqoRv{`mV# zD1YB)X8H@+n{95_?_Yijoz64bA}cqApZ^MP9^7g|i62Y`?~^w{q9(b3Og+=?)8-Uxo**&hoF(nN;2Z+|^Q)@jJ?mqVKnM{oQnG1iBnX#0B(YdAZTl)mF1dd#?Q zcR9^(_zWdW%!(7+3>?mt-v2!RO7z(KjIJKiYGUTV0_~ zFVEbYk;}9;_E3|@m~YnIU`ZCOh36#Qiq^-5qQXvJCtL);p8)*a zqKg$T+Otk>guVT7`<*w1U0ENj$KXxY*as#| z$ORYyFx>wB)BA??<=Ah7!TBfY_-J&qwV~|$7vUkHQ(_;>NT)Y1UzVIPvL7=n`|7#L z)0o!76}W$qijLW?dP3UrgxKS zuN86J!{Y3gUb>Z~w(mC^C%n8oT$iK2R6W`Vw~T6j?vf?;;Lto(gfb&_=k!H0EL}ED zqx|Z?NU5gtxN8@eKmevO%lK8;@J`p6x^@EKKmZQ9lnB5pll}Hub$-x>w@h+Ar`4h9 z@P^f_xIO|fX|DdOI9dD$BaU6AKnky`7KC4f{j{mgYyB@*jTPNP(b|JIK~mW?3Czc} z8pGAHUap{lW9>87mpqan$>I+Ngyl>)Mf`QGc*#U!RG5F*r|pFuc1{P2!|~{tq7wkD zddw$Ytawk|3vRBMpH&-xBq0FqYT~G-?W4GZ8}Vnn`;N;t#xcO0xiJ8(~rrpZ>H*&}Qj7dRH$5_$U-Rnt5C-@-&6# z696dI;3-1Zf?+Q}{O@#9OjNz^^Zo=wDUuRuA%Yqcr96E^44@axva-)d{_mHc& zgTdqutty+ZENzcJ%x&g*k5D$vWKkKawy&kziJ4mXyqyalB)+F?Yklj^(4u>E`OH{1 z6ffyj#CYJxam|Y*G`k+-W$i^}?#(Hm?w6&R8TmpgaZrpY=!10ze)OnN2o3LB=EPD@ zD;OO3z%(q{C!Jq8ZZlmOd9z;dbi)19lV4gy8f+@)qF5gCTD%nI2ql?W`8_W_XElY! zH{5qS_!qI6{S8C;?<}a{@68HUB7rSSZ|-DhSrk9aywyaeRGRitO#BA{c+*_Si_62S zy2ELnPS+{;5n~2qvtKN=JUW~qep$QVqsjYFH1LjPhOx!V3c9IA9P;ofW(1W+<{8oS zIc>#{Xw>_8_ve~y+c}^OfGPbq3crtSlGvC ziReildR2iC6pfz2hZ32EZ|9sOXML>{?khhfX%VZvUO)U2`^4uxujlGDf zxulG0{rGdlaJD3to_$F5^41v{M<&Jr1LYmB`Z`IB009sT>ft#ACXqi2#HYL{stii> zw}PV2h59IXJ1J)zyKm3ni33g6#h>0|5xn-n;VKFA11(8V7;>{vq@np+_SMeb2w!A6 zl76}^qQZkIw#nzQR6iZ_4GiOIQA(5_IP3M#Bs5AGTE?(7Y#2ynHD(s8PjGn20{)tV zm$4IQvh7!~auGuS4pa7;-nSKTt5UhGe63-a+Pvp^f}faRi&|OUWL}QfL zcybE{7r`pwo?-P+yK#7BOy(Lg;lkh@(Q__^5~wqiLuJDwHsH!p@b z59@AsL86HE2*7rcOC=V8Y2Sm|OyJ!8P26{x5O)u|_T09%1D;>gDaIf#+hL?K-<>#Tob`UzyD=IW6xbU}1_VvF zrNycX;7UW_$z7_G>gO?G#uHdpmjE%0=l<-65miUW7r0qx59V$3&ineTXvNelldBazY&102AEFn00hr7@ZXfl5r^t$+HEppZGR`3&hM#k{`uF>}9ts&Qgv&ZId=DMmxu*}eb3x-Pz z3aJs)LK3O94rak4q$t&G9vP7`Goy3n2952sU%oLjV{W0xRtZ2K&;9Nuk%8R=H0HYv zdM0igt5tdZ+n{kl+~_9h(*WkCYU4qAy^}##&I)pfRu5bQqfm-iKD5O(HIB{V>6qYN zc$z)m0*NW<<%=@+j5_pJ$8iDRmdkjua=uMHB0=T^suQh*DI7zQZ8x1* zAO=^RyF|Lt%e}h^6AQNQ{2cqjU)mZTS~=d1&G7ibAlq>}5p^B%c;`o2DgmIz^Wn#q zxz%Yg5LKUQ%-x^Q`6eY?pea$&l=_@Xp zC(0Ug@!6?28FL4#g9)g*GF@})sis81#5ykTkc+#2`Z;l@Vo@ocl9+l~h9 zMJKBpM@DY=u3b6vDZJ2JkD6saUfrwRSJ;tG`8D%?*w)9rmOe!|T@>;}4106YZOsJw zHKM62|4U}uu1QOC=8@Q7f;%G(Bi%uEzl|pOXt>FzAE**66E3!kH|k2vqU27nAN?XO zn@w(`^W)TokVX!)rl?Ss;cZPZTJmo^FJF3?IK2io668Tujmm1z^-b5Za;L#%&&H{FO0D!tFv8SBJW># zt{49q$3C|t(O1ypx9Y1Y@a60`*#cJA-bc8Yx*Vie-Tf{;TwyfR;My+r=AmuYdR|j) z(fabQLVbe?D~Xd9-38V9`vLF5Td<7nZ}OTGPA<$M((GGbwRP^qb)7D z{wf`1LqT<3_I9zm0g0iHmDOriU}>k}N)9%?2!i}nUxM7^wEWfUzqE<20TpQi`66s$TQ&&`en zmjuL%Jb*5{i!fshD!rCCF>5EfSWWccw&9+X9a`dkTE&750%;Tve>uyqrCOQ1uj=Q= zn!`RYzX&M`@RPpj_LJw(1{1VLw>lQrVeL{Gr89}=N3eX=$FsIJw?}T)pfpzQ%8)8p zU&=4OucsX%q`xp5SUTKvvoxp_cMp8Em@r09@X&@J*$`z$^^=mpINuwx%8dj-Zp6K$ zrR9-acJoA<8(uo9b|)Ej}$XD3{$%2_T~kq#SGnYx27pGs7^Qo zbus_sZU7?Ne@B)0s$1v+TOjGxjOxM}^a-AYY|HHgG~~*?b@w>8&BzTt&Ijgs}~Iz=6U#_&*R1o=|EU$ zd0jsNxHreshfG{XU!_`(=cd~8Apmh})AIT5zJ3xLL5Gn-lhcuD63|+1jeOmSGKnD| zZwB`y7=v-plvYy^+imicK6gueAF*90}tqM<%zz}vvM+G&R~Tv z-7k0hxBb@2dhT(ctP{O!yrr7h>YOsDB=DC~ymI->x|}WsmQxIUhZn+`kdA5WSY`|t z3eJNtMCmpl>v~HTkZ+7!#NCXhsznk9BiTzBX7y(mxsBGhh>4?QaUNhNfsS*gDY^xB z%X9hoh8jbxg=E12@#0vM<-z0zzOatr+rEUu0S05DL`+T+>E-&;dj zZ?mG7xe#;fb~aHelTyaHPi(3DTLRzh4|UmuF+RNObis+E4B!+|FFJ8V#C++6HSqKq zT^?^9625<^^7Dq~#5e)qYT)Gl_!;>kKF;q+^jmK3)|RxP){l%xcyHac^)L$|Pf>VAO~+dq9ApT`8l%ZqfBxj~JKk#f%NznHdWq zfdk)UEXPOiJ1r^zR}#&OaXKu;V$JEwWN&PbMo1_ zJ@%^Qk+j?~*NI4!GUh4zyT+bGCRTT%iw~o|Ig8~B%n5|&-^zc@Ff3ce5tENf*0XRC zB43ylGR*Sqx%_2r${JOd)J2N0-?g4ONSm8KOlwT*PYM$GwDr@-(v`*V_OShgHpAc$ zuU$Wr=M(?+43gd1%o~`v6TRqB9#(Za&$ffZhDwBoL>c<<*`&U2?()0BIfxv}iNnaP z(eGEb%H>-hn79WG7gW+_hsA$59U9~AJkTJ|((j=^YY4AluYX8!Qu#~tC1Q6_6fmJ*GA+Z6Wh^_(?Cqn2rBb9bCw z&N7gHaE3nU%={R2_Yv+%aW|=|zzR=%p*&g}$A~XcipH^ zFoQ>7#5o$RO~o+UH(7ivZ3eUb4tmG8c^XanOy;0hG5xF8B!X+mOwl)9PyW34wj|qG z&iH6tM`&1oi&Makk1uqc<#2F>hXm;aPed}|dBEq4Th(CCq|eqbElSf5SM_W`=VF^( zb&*1A!EDD2gQ%4_n~n~jhPPDWYWPO?X&(HflN#t`>;tEgEMmoI6|{ZvVZ^hmyh(ydOFDYw6p)e(6@LF` zcbe>A>SS{YzZB5*=C8Za=0%C>oRbzh9w;uw@KVhqTf25IHDkTOqmFGX=#$*?I>;`r zG}xSS2LnW-4mwO%A^+rmZ16ug2FT>V#mcvXwaEE0e2T)P^?$vz%2N6z_4d&g7`kya z-M0q4#gYL$>15+>JOLnS{81fcxaVyxQTqB0=d7(QU-&MU;4cb*DOR2N8UAqM-mm_X zb5TBM$y{8O1F9%4Vk`}>sQy$uzxnQoF8+t4R^!AHix*wP83wbev^JBA&G^`;3wQAh zJoDzL!}jv*@D731UFxs4VY%ZHA^L@QKPg?lKE8g(>($0lx^xWQ&Q=))unVohP`><0|C9%?->>%9BPoVpj|KVd85nk zX>{K>ziMhr5{_~IBx}HVTlPYFkChp@KzWtI{@|8j9UPMhI^?&?zZvh!+eRJo4jpyW zsDF#pPxzoid1pKMxUfE>!MzdeH(nTF;*W3_=5up%YiDcn`}ZP+;fs#RqEqc}cl;|W zWepkpf%QDxE-tIv&5s&CR76{=E)!*Kp)NZmaoZgeI*EGda{dWh@AYAgACLWI8qXxZ z$2*)*&b(sAL4qFz|8RR@0XNXh&OuFGz$h-H0ER zA*-nZ`Qh$4WC(J7Z1INeMzkPSXC_(%QHZ4fZuEj@ac=(HXy^x`%L84Vf$!3ClT?Fw z%%ewPT(vhlS}m=yiC+?V4pon}`x(>A?A3v2;p9LDqU{k;oA98AG{Sr1oY zREW9ztmhqH&MBY?fVJn4&pMLAe~&+oTncCcC2wlzJttH8Vt zhjv6S)8n~3<~Al1rX+s2AnzYZL$cNP`D|o9`1VI^M_b#cR#;@6+bKx<*(>tS|5qXD zeW%#4GBYv5@v85io4rcFaO6uhf&UD${pa=nHt0rS3Wj{bf z;&qwu$V`~f-aKC4I}FzghK*jR)7Ej|o~WLy!z{0Icdn*U+u~ZxJ5PAh$#OaEuvM>I zkcC#-XSJP1sMny6DGx7;|E&C(WgA#3k>|Aw8{^EEugd<+B*#vnGV$0obM{q}P^A2J zNKM{>x?9H{-8Kh`MjC_EL+j+k3FYxYKKeB!N@)Z4N+-la7CUIIRe&|#nL4ZzS|Xtr zNwV2RH@WUHJ)kK2evL+czdqbqK!l^+BmulU3ve z$nPQG%0F&ha2VS)5YEhe{6)lhF-IY5G5aYz3=gXKJ<1P^F&1rv!O5+cVD&`O zejF-f9v7~X)$`tPj%H*262OX0`4-hJf9uO_FTC92zrtxpr{Oe#{~zJB0s`Pg2QCJ) z5P+GBQaFj0I#Nv7iDQ&F8rfS%gK<3`vu*93XdE#-moYadY<^xwOmRAVQaruq`!@WE zyw!LGGq;WS1JrKtSe!Zw0y((M9xbQ2w>B7|+D4jCJbzYRLVcY__R?_ASyD?^%OAGp z=dQ91$G$ah8NwPVfr?T@k4H;S!Q2-mkIY&+Ly9zVOTxYTYmG;rID95Cs!t`=aq;g} zO`Ez<73SnpuCorG?+;>GnHSbc52H<>CV#taQT4q!pJDTBv~!f&o?cwkjT1YBmNi-_ zezMn=>@Z|Yk-qdeEpLQLpHwQ0R(S7o=StC>-0OO~ zUdMj<8#)qmpKZ3GD%2uyNlP1bE4b)3wGEua02X>c{exbQ_UW9m3>(%MaAPPqU8~)2=?I>g!$_h!wUE}Ytu&= zHq`a{PE?skePZbqy#??4NUqOt?Ln~gt7&s?eYP#zG|!hjBNVnfjGl~a=pT9}*Khw~ z&WRXM5&+nu-u2a9lg7!nG`BRy`D{DtI~p?!T&+~U?SC#O)G8uYcn(iq>mbO;`Bw0f zp7B}we#$oEA$QsWoXMyO38t#2PzqOtrLT-qLr)-rdiUmT%+JL(-XGhp;cEJl8}O2s z2|GAKc0SrzU&ZpU`)<*G$TGNX?0YQym`UOAO=WSc2D8OY$ZNoCTPzI4a={ zPU{U1owou~^P} z(`~OhzrEGN=GvD=o}X2VCKjqmZu?HKtxGcLTSmbLS;g0y^Goe!hmOVrF<-towYKgK z)!2q`Z9FM%R1G@>;}Drh3>czz4DANv$BZ-UgIo7bf}(^mWa!Z4)!kJ2B6@pI8Bf+6 zAIV%F4~edkcoGedI=)-IoY+T43MZL5%I`$?8x`A%SfXIKVs#GuoH`BW4tlwVC1NRK z-`)Jv^|7k?`M%1wYB{?Sz4hx03|C`}HMUb{dW#z1+jeAIcb|NRL-1+{H@l{;@dLIU zZ`%R#b;kzWPjUGdcR4QX#$TJw(D?EMXxVPE&VD};?pTNr$hcmEmslfp0+j0(ixQ z7Ii7Rg|$rc`gw@hQi&RkfmT&ydoUGGR(CzPJtegjS7L(GlL9xYd=D|lT7AJ&hM-$` zeo7*@xoo@5zLsu>c!$Ec6so{)$mqW1CfL0$!Ef9wQyqHfBNXQhYsQVu@m=YW5Sg}t zEpLOHS*4nssdv_VUhfTNg3E+MsImJzJa{Th*Y2B$qPQp_ocajQg5C;56!nrD%}DmL1@>+nes)Ki@gQs~W9Ug+>DNU<%!S zyR*yYdx|MMgS+uw5-lm%bH2T%EV0!sZMIc@-gKQpZF0^$-H?!r&BZf`_#py7r9gL& z=Y>)qEP?$>67ADUM8;=B;fLE=L2fMhK@4&?w{5t2^xy z`5FSS)aeO=ap|4oVcB#QkLU%0UcHF2^OYm?RLVC<-ydiNu@6F;cC<`dejwvi>Nl!EcOVa zmzTSgQQ7-B+&Jp3Q}Uu}V(i_hJGo=7$jLUbMIE={7UuS%+v+?YyJ({%a8J~Q4NhDU zb{1g7Q@u*)eR{xongB0BVVj}Mx8Wr=0=d-onhyM8lH(1W$5LA*H6DdRxQ+wAGw$k) z+!PZEG?d{#7nyy`#@^N|P8TnkQ+t-jf0k}&UWjoPl!Ly)&n#a1wDb$<(~`V4?6dc) zyso~}ns?%HcvzBA997s18JC`6EbT3-=Ul+&uXgq;D#w4%p9PpG-lc=P!WgF90@ zqPrxooU^80jELnpw${yfRdI-KSa!A~uLzKuiiyWLd`P`}ch{=oLRIz9A6>LR0eWpO7MoImd=lCZxTaD?1=Y5zexj30!93E(X zBUe4+k$rf0_@Jh<+JIVLx`I8gDt&8p}Y8p$#OJfprIzHmL zu)22H8M`J|_chfU42dD;vB&#;b&ucHT2%S?NzGtg(DQ@HCXpT^x0U5P);)Ndl)gNp(t@{> zs28_vQCydy0W$P%5&f+KW}~Chfto_rN5`M1rw>`0JK|MP$WG2mE?PCsm8tYWPMK;` zv0`4z$`Szb0Z=B&t8sY|Sd>)`Tk`~81vhzceaYL%l@b^g)(hoFfq|jQZg0DGPpNZ% zlUp?M^JB}lY-yENc}3nWcb>scc%>uGad5*-Z>Ory&+hPeB3dzuW(G@w zUVdXckEpWxuw(pE@V@Yi$zaS=sq**21~%(Di5H$ar|lB?f6_f}z*8)Pd+bV9{f>`6 zcK>XPI5DHTXlRwb{p3DNZp&LIjnes#FGx*VtC%hqZ*1s$cm;hS0CQDu!t51s1?s$r zh<Qc>r&Hh7!$-5h9v2{%lCDW~i9gVf?p&;a`@1KB!mZJr6G@uU-ol z04KMPmA;it8La2982p&J8ZN7g4PmvbgXu;On(vA9D@)Z%EDayOwyzl-FnVG4jFrJV z?&FJ>q_>A&WhkLbHg_>Xb4!x#dyhR?&OKkG(b8v})s2yFeyCpB#jN=zaejmH0wfvd z>P5xcW_Q$*RBIYq-Ou#4GLm#aqsroo?PirPrO1!=6FmfM5Juf~0rCAX60PkJ?3Xgv ze6QSg-pO-Rq%GWM?TUW|^LmEf z^Qz?|Y_Y-G55Q65$61z}vR+%2=PoydwrH5b$gnhf%ZIvX>s~`YYV0-4`7)G9LiLPs zdvm72?OV+|i;98`hH~fARZF!@+GL0OldI6;n>BK)CW+BX(fv!3FD9bTZo+Ar-i2Ok zqLI2XS*$o{ihqZAo~(CY$Ld}gm7pn^_sxX2y2SW`AqNMAH}*z8RAW2~S?Pv#|S{!VyiBKnTs;u$*d~S(?5xF;}M$4uM8jQ5lE6%7PS5jo0U+XJY437 zHTukc@#c12Hv05lt-)qVplQ0U16E;!2;5h@XjwRcsP+?18N0u<@gcF)y+smzUyFG` zF4Z-`RDQxPE^Wl*4ty_=0IZb2nYwtdi7OVYw%esZmDx-h=WDtiRTUO>oVoHXGEU)m z2rh#kDQXBUI#I^JOedaAz3;61-tz8NmFGLQq*}H>K8@0X=7H+L&#pp?^UAz*Wn!KN zN>8SHbeOE1PItfmlmD^7|Ku3>Z|_6Dt1g8o9yxT!6|Z16Q91=tRBN5&?iUvOJB(x+ zr{xzXZ7zRJHel4C79}-a>06=vrFCeAs|ukb`^K%>)`aFsl#FJ$j)_?_Yi^zNnZujV z8ASJwn#DqFNv~E9*E}-8{*)y`+IM)YbW>rq(Opkh#@IIZJo6MQSTjSs6fd>Ku<5(- zrH|is4&lqX?ZSK8YmJ90iVs)P?HVbJUVc6MQ;HkGERqp$$g651S?G!?br#1-NmF#nLt0x|91z z`%4+5I}WMof=M~?Lfq5MFOK2^*P`$4aBkrzW}*yf%e;813w2`7_eIc}lq=Mu;fLVn z4w|)FT5BeK_jILLu!hqV;Ro8yhK7a`n;UI5uWtia5L$9+G7pioU#KTz&D*d#Rcbja zb-i!#j93wLU2mgHh7sMBm?e~sV0DhR->ZVe**l)X)=v?I+%;^LZ8t9#6?FTox+3)+hVI9!feUX- z>A%JZz(Cc{}PR0BeQ1{hHtS|i5={#9Y1(fN90n!nB559aLyhQDmHwH-H8U5 z|9e?6NBFxDdSAfbeXy6{&vp-X|Kyl}ser!@{TQ8YdV}Y?K(O`rPg8qcaYj`g zYpds5IP(PMNV4>epZgs|o)4v*=Y4K8A4KeYGSy*zADQr9Lt+1$$QT#~U{`0Fi?Tx} zjk7y=l-mwVdP_d?z4jT1sU^F}Wz4}v%RzQly#NT6f21LjXGA%AaePm}FivDd6$Q;QS1Ll!JsL=bf20*b+7z!YP?e7{I+5nG(kZSD@c87R<}jyRjiHgjW& z)5m<8-qdV^28lxNNHYtId^TBHc;e*zE5Wlk{w_!d_hV=_etJIdyHsM6tR_r=S6Ela z%tVE$^1O@k`zE>epZU?P?!!guTfrH`x8%a4ZjKia#Zx3k>Hh?*IE0UhZ-Nu;TSl z^ivGbU?!JwN~DQpkNKNX)$#M)zT?se zRK>V|`(K|k#!7ZjCdW5Tk!%2H^09%#PJybHUN zsxDj@aIFDnRGzAr5AXBdcDla$@@#4Y!!8S?p)z2YAPyikrmvm4U+diaxnJ}j-PJeX zTK)fJkN8hL|5rEnXF2}gmE5bDyPCPbGPb}%^w*>RGuHA-=B{M!uchot=Kh)YHdoqu zrL9-m`lrqRzijre6yi!Dt`y=*A^sEM23Mx!%9LE0k}FekWlH`FgSS^k_{s=h8R07< zd}V~MjPSpo-n&{M{u`|jgny03+H~B}nam?ORpiCn{j)S+WKFb3s;P>p4nOw&j#0+{ z#Tn_5%gH|#i~T)+2F{3xx};RI=h|nRPnVz{ZFfj-&!mOZP&b9Lsc*|?I8D^0nw8&_8J zYE8LXVXt-tS9_$Z9plyh`O2HP@~y5s%`5Nt$~*o~@{U77GO>How)coa2|aXPY7Mvd zUQYe{L7~KWtb#s+4iFH!=@6X|^*7NV{U3vzWp6J*PO$J6VWi#{xaJLS<>!(F0ldju z{J%vkNO}nC-+A&BB}U!(TvhzpzYrwOLrh$TZKqBTf=>gG+#~e%6tV)fwdXo+RR!1W zNH__KNc)(DZ(f4lr5jMNI=vL^*m+%0nU@k@n{RP67LJ64(DR{^f?5dM5N5MHZC~wXrQM?RwpCwx zFADpYKMfc>P;SxXZoIpe1J@zPHx;4SJ3p6GExrUdb z=zY6Gh|4c?QxB#OdE1<#shRtVbCpI*9#cK}Mqz@xGLr7yIy$Lic0wnXWeYMTm0Rw6 z$>6pYW-QQ`Lx80$3+D5acXgM|K&CnnTrmVe56_H+cS+q;rFC7 zpe>g7)OuvOd`O;-jnZ4-Ie+}Z`XW}#O>pqnS2tW4`>?go)w}!ZSk$bfpSqNA(|+cB zfV6w=BV7w+Ba1=^%7k#!x*Rm-U^A zjyF`WFrQn8b%I8_!fD8?f7x!Fcz@2=;M)3YO2X<``ThdNTXI@S$csD6E75}j zcnK1s*}v)~jJ&KIDSY=2Wc39Q+{o?${sEU?)han_`<$FhR-Wl))ipcKFwJjeK-cR` zr3rc(xq(Q`KbOO(8(nxQR)s5%iEIQym`y?}nJ;qR-Qr^Az#Hu5q8PxXB{oB6pPOMQ z&|0Nx@U&OQ`#O^)DUOq+382(DF_Q|FeNy>m9SJKeBbY#w@YPD>S>8Qgqg+;ap{uVP zztrx~_a?3PiTFF8Yj+*y4b!7kotiKu4YHY8O}=o79_J7Sn%CzMBiEOj;%6MsO%evJ zX^Q+$XAOuHz!t$uRwGm+WUEPLH7BjUlpaaV&9Gp9>cd_3$r5*&iTaNu*TJb-r#9~O zid4^hUV;RkY`^?x};Itw^JM#bL@#(wsJ#R$F->+mzJ=Uf$TF zK=!O8%`PKN=26?^oNO7IEfKv9FI4eZK|e=SNlA z_y>tx%L!Dzy2lRtJ6jvyHDv~}gI;Xu$5cS=wx{=Y*6NQO$yVg<1ju3@peMo# zpjNzg#Pla<-~jJ{#Q?s^YDzyUq*S|G#vYVxTT7D_!lWb+a@UAu1E#Ox)-IR0Uq|!VV=aZoU|q{1@r@nioT<^l zq3I=PC~whA_KCEC;zkVn>K4jO!`|I(c4?qwf6ZdQ5ZoWY;|Bq_Z1j~v3{dM|9b2Xb z6Ft9YCU0;3xZcj$V|ByHlRI4H<~u9g!=B@`ivn31KN~cdJz?2*V24g`$)GY(4g3>3 zBAp0lzd6x;!1C=?{j~#eRJ?=Xvlu+}fTSYmWS~NwoznzFpn~6={l+u^tvQ z2kxv(Mjq7wf?hy{mMIe)N{6-pAj4ZV@w_{_&*C6w9nIDl9#z}@=98A)x~lL1C+O8jCq~I4?Dp-5>)OIG>&Bw+ z^ne)dUI^krMb8SDTj%*&b81RLnH8C1;;+rq;-ye-bJVlem)|6-lh>;!w4?UCIQ$pG z3^IyI_1EZvPC8?LrXZF=Fkl4n-5~@+@FK@YMH=Ho-5QhaxQ6aQ?Bkjt?#2&N?2(5+ zTdDpDN2l4W96YAIjAjda164BF6}6aYagkLk`^;XY}M{np+ihllZ=v>k= zL%6gmL-5oYz#b{o%N%&3RdaWyclV*zI#2XypypzNma-c-{GvwAHcbH@kYcgyd}CXz zK|g|@uqOZbvw0L8J8WGS_Ngi5`?^ZcHA$kTSgl~V^l+(Y`t{eT95VIsPZrFww)Maf z2MsT%zXVAZx&&iN!~!DxmozpOwFgM=Ngp=!(ApU+^y=zr#i>ezaGyV|X{c$gjs7*P zlYR%FH12F0ojBs|V0^y~hDV73oQC`{a+T2V;wCMR5?1P4A^99(PMN{trG^Ma0@Ede z-t)Ymirc!3%aPQ-_h-iT;k7|fn>0XWYjV9??pFq4clKsyRPuDA*PW}R!$St59*3Xn zLPMwq?mx8<#QSMTlHkFnE%dCGFS+N7{lbyn-1DatcSpMrOw>etsRi|i?%*vxy?V!r z9q@kUQ4ksG5q2q~5;X;@7(8pOITVFLXmE~A>box*v7@!Hv$Vy@qnIdJZg08POAwKh zEVms6p)Y)ssiw~02w8i}wsbX`GnxO3?t9@v_t+khp|D;dTIsFvvPW9(o>AkIEfFIF z?nU^W64vZw+~zyoPw);Z4cR77eRki7kfG8m&%H3$M_0aEHB6MPHV1Mof~6Eat4TOr zDuq-En&oK{sQS~18Q&e%2FtQ|gS)W!F$nsgB6R<4j^L0%m@Q8T#Yw1ITcN>BJSf_kPML%7i zbN_&mspOtxV=wCJ37TWNM>Gsa&xE3WdKvVeAedd}s{Os-Blk7~_p6w-wJzYM zQh6%evTN@PB09(0$Iy9W`m=jKR|f^EkluEm8kGr@(s+Qj_;{k%d$LTK@(fSwK8Zhqt8Pj}F8NSNjve zh=_>ExrN4);*;vCiPKbK5)1Bwk$dkyL5BIX;^N{)-F>G_*QTZ$T0$18^j86(!?yEh zenMygq^j^ft=XcfT`hIj?&!}M<>Qoh*Hj*Q@@04 zyyH)X^IG0BnH!-BUY}K>(qg7Xb|hHw(}A?WDydhW+>N$_e+C__z8>qy8f21{Mn2%B#UZiK|SIkMRl8O{CZ zPa?6>Ws>~Zso2dW`l~p87MtHVY9{K(bx|x!h%uXDL2iVI;79Pja@o5XoQpfN_E|}A z(FiR4v`t^e2+b&!LtDrdaxo8(BGV&z04Gnj*-mmK?x(uw!Ppzm`X#iO zSPKY>`{fI@TC(a-=*Uhl;B@xKrAh7NP?8oZKY8Rv_dd}=mzMks5xHl8M>q9K$XNz+rntD7zze^*%5@`3qZ;!*s2FqqqF&l3TYcG? z3iEI@`-in|;I>Mr0pH8benWiD^^f;Dc%t8(iMrVzrPFplN+J%=nDr!}Di~>wU=Be_Qh(AYFUZ2#W~%kVa)Dt8>CVDY;0}w*uGNP zt!&R!<83KRWueeEF4_nt`C8YgNB#%-Uhz8_AgBX06ib`}--u~)%3q8Q=SkHa6Ok6wrFsS2VM=0pE+1YymY$XHXRcYJ z34Z1HN3*Bqa%pL;=TkfO>v=s-tyY!tlaz5R=w0x}a|RH`k(x3%T8cv3rsNc})s?P| zy_GEu;jc$bitG%&OMafJXNZ7NR5L^|TyG)vd+=j}f}RnjKA|@oMFHFAF^#1(FCn)i) z&6UWw5Mei+>=b2~zymZ)gq?JoG*rRqBpqL-_Y;QZ_0pv7jx$u`~S+zO&E zNfF*cgrWaYwI$+6^0cZZc;w09Qx>g^;pmCSzjDl1RoeHr^Yj>_y2~&oDSmo5|=C53!mMHy{2Rwv?1P0c`kMQ@gk$RMatW$k7r*a7GZ*? zS2tQs`(0(BKPmcQhG@^v96`)xKc%IU-f58mn(Q3nr&3W3FlX~KY>Boo1lpz}5SVgxUi)wb zfr+#epFqC0&JO3da}kXxt+loIWGC{PD2St%>;Rg~0?`ZxFik&HWzfv^K}udgKF*pb zfWf^PHiMA*kKb9l3sw7Mo7S6Oea8rVZG%IJw$f>;>*^XJo>m7>+BAL~a^(zrw4X4- zvlm&uY>5ORYQYDCj#ftZvmjwrXZF zJ27o+FAlhf2=6;%pg42WIbymUM&M_ORNn}c)`{fZuu8@cE#EMl@5$h^jku1(ry{qg zXC+NyMhIc3JlV@fZfH2)^piqI-PkUb$oipHXzw-uliI#0|h z<=TAw42o6Vw!V1>`i4Ed1!4VIS=i5}a^I6c!RO-_(3=FL- z;~mLq!?C`+#|bZckEcd>j@@rQihGjLd1togMr@CKa&iMmBRkRtZQWu@E!hd(`3}aaOMfmwV z%OJm1OM|_SwRKe1z0l4uMs3zUlYG0?!edw^N2?~KAH_75(XNHFY1}CbWwKX2l>Ado zIEq?87PAYp*W#avTAen9D7rkVxUDVB zLPNs+fQIZy9*wg?a&AN%W9Bd}2WKEpSDtB_X<2C8Ww06^;pp$iLZ>bkXApJ#p#c42 zmmC2`2ZnAw7xfMtf80FPSyl)+S^b<2ne)qgFse?IQ+D{tMO5~Q=xyCE8{*RH429g= zLIokY^j^MPinW}5CHjJ+6`64>E|V>F$X~Cw5ZnW?hQ9>EwLU!`J!saJ+3q>^MH^*d z%p(x%AK1q{01)KKU5DIo8ZJz)A%$1Xoj3!HmFl;AnY{~f&uL@=a+hm=YVetc$ZTrwq9EDbkXlu&3(o9o%2Ufo7HZF-OpFeFoY93GeVZ zGn7GSmvtiJ>D|*O{pQSSgG=$U-P{<{FyZPh9Oa_BTg$D~ek}PNhgQRjyFy-tG{4)wzjrf&}iy#l;3yC4q zOr-uYLpPxq!g7f+K-|0MT>r%bO5URjQGKJQ!q$w|TD12ZqtqP3SinuELA5qgup0o| z7Ytt8?HtB%&tq;#)L*QdqE=s2z)($SUMYT2)g{Zy+d`3v7N>gNMtUVVa$K@QBbq&; z;MT<_#(JOP*|go%6t{|EbB`ai^d=c7W&_>Ge<;j z?FE!&lG*g(3YS?`EM&w;p7c19ZydKwwD8)US)GKwh7t^j1jjqSB-g@5Mmdvyakxe! zkqGzQH;+a)BJ)=?Vl2)9!DIL&x0c zBAcSNdf|T37kwkvSw=K7 ztLW|$!#!iHe(io@xME}>opoAd#b z5u{CF*(;+mWY1@1>9#s@2O$TLpuy*)Ue)|~+^x#b$D4f#QZNcj9A)>uk@+-=MGDhc zBXpA`iSVQl9 zsZ2_B{a<57+%AFufWEmS;Mxcu@l<7%#R+emWw9ttR?p{4Ei+frpgx4 z$9h9ks<+Wl1@Y?9_hB9PovG&87K+ev(w+6s;S*^qTz&Zqq9ZVPlgtw;4eB5(h|)cE zPYC!c5ZCCI$zIW%8&Ge7U8H-^L_Fx?5uw3Pc?&!2?OSu-rB@W$m8*=d&qcpqR({9- z`U|9`f&ABY*J#u1XyK=afAj=VwpMDCOk#h7H zWrhf8O-IJWe#$RvHGw)KNnq&$Dt4ZA&M{$?pSP%5d%^;yWl0)PBYUpP{CF?y1R)e} zf`hCRr;)3Dj*<&YP1>b+soCG8AIN^7x8FICw!TlcxmIU4tpm|>%F>ulEK4fVs=3gN z9QppD9=@~gT_{~zZOAP=r@!{TVtq5UtX5$L>QokDdeiJ(ymvI6V1LK+AHRyT$Jc7# zF}c%LgqqHi;+*(Wwk*E=%G{K3967-+0{iI;U#~2>elpe)TA|J%C~l-WAz;zR2eR1K zu=naTt7O7CM2llt)O41g!qmbvERcf5jBRN4DiGx>wUVs+>)h|nMV&}%^P8{EKprO zoaK{;zWP4_%3ARGV`B_43P_uVHekcPrKE|Ds38YB2U%*u=LPH1A6G>yJu0G9GG{@$ zM_-5ro%1Ue1PmIQwL(L^MEAZyy0;N@3K}+vVEaD4Qubh5%tTl!w|euXhk?<&Vkmwm;koeOkWoeON6U2CB;HtO;9KUPgY*RlzhN~!x* zvXKsXstV>?3$f!aa=fN5ezO2xj(&PQh#Ot4JKQX>AUa_|Wzw&nYdy7PoT_0KF-W`f zto=!N5Z*^fPHHaajFPC+mPoeeeD6hi3z_$=OVF|2Sk>Ic{eHNge2%fP-Tl7nRC$RO zOhlH9HR$dej;VR0wUlIs`@2!g7n%s0-Aoh({8!o=o>CDRy>&1o^Rd$%&9q? z@fjDA&g=JYgA0nJ4C8=fqk3#lb=%*9_cY%v-4R|2gc21?-^rg(*<$o@;@hW^u5@)5 zvRZn{VGH8s>|@fgjE}RAaP_ACsmwVUQN(pExq%#9)Gc(6?{$8hW0QH36D^yM8vV z=VacE?XosuayG=(@xwbe+waw@nHZ+UWm3*kFTA7dld;=xhej_-pd*ky zi2V*|cx)E{_N)K?NL`Q1$wEgdO^+tj+CW=i&F5qPXP(dc1hUU`DxZx8;9(c&3CEa` z6hSSFw%PKvQ6+me3AL)uPO>@=4}SK!(o>|*Q?L%#)6JKOwMQlZlgfDP4 ze2?#z4Upb7SZe5rQ4AM-DRa}`6e$Dm{)~e5=FbZq$+F3K%#hp zl2thS!sp=tdIc_y3mQYK2AjwM!KO7&=V;<*eG;E&A~ z;)tf5-nb6At++RdI4D6z43XcG_!?)`oE6Kb-}RR3xXfs>(P*Uj%^FTeG+&r*3`2=p z*lYooAHy}+ZUK_2T1~28_RjA#C4>S&4j+Nzanu%`V9h>w4?n@7f?z_foa1=-3yNXo zR#4$gTh8#uzT*YaAMYLQJ)B)7DYKYXZ!+<1e)gpCO|SlmRy+2*D8Ul-K$l@3S_FT@ zcTk+T8TYt)P#(f~ith&jV@E6(BN+Q7w64FN$TX z_O&+(T}@r+@79Bgu33iOu)*aaSCxI`BcoaJW!=Ei zTU?7Qe>7LC^?cPKF&Z6Eot9^0rz8o)QEbUkE zm=lNMDB7^Mo_lQdES)cuJH;ESxjFD+T|cBGaW_Pj*^5xvi`GclbiAnU_$;ZjRW0cj zxj~vexHshM&OyQEn{xzpJt*sP#{Z+RkJQf!4yAd4VWg*+!pOXikJzF4Oprux9NQ!d z;dy_;^PxbZ^_8UlPIW-Q<{!Z^mX-ZbYK91`G`#|Us=`;Ux)xf# z$_xlM_T7?z7p&QHMV@s4F9IrL?k1_$!>iBL9Q-rO0K?^vKV|lC5c{)vGkzW`0F#Ow z4u6XyOE*1p)1-*4dr(6qa_xJgy$v0Kn^0hfM1Pba1v%tSR1*g^EFD)bq_PN(WX*S*Pb7-`LhzQQ_ZQo5@!vqt0m=D$ ze*F39k+$Ryl6kR(k1CDkAI;pLFYG8(3E|#s6@0+mdRNi7g_JLUJ!#kH+z308K>)Q` zy6q>98VQe1LdZz`ruOmz4L^M(p2bH%@|{MMT5LqY zxXL7Ccqnbvys`zmj9!2>Vngy#IOo^vSD&jn_`gU7h%ZO~WbdxsCb-SQh?Fmj6@krw zHOEEHm&p7GQR%hF+Gi8FLZ*fgS(D)i>HK|_S%=ogw8yjk*%i~%pPp;mzbr=qS@;TA z494YVQjc8ZA~PyFT15yVX_W>G;rTT|Z&7a~IK*mc!A+&%bA$S9po5+QxgU5$!;g=C zu2DNyl_tqVSe;vV8xe*3l}=THr-$uxoGNSbVpdALZ#Y0drxW=HXUjjbA7FZQCFG)} zJ;Y|?ltxS}nPfjQ`gZnSa?b@0^gvRZE-D<%@aK`%@sI`f9qg2j6Q71uPi{^m<_vIV zS6~0-@Mq+roW;-@dxj%`QlxiF`7cL&<#EsgDsLU8`XEA zhu9^EC70nZhrBH>SG2gO1pf8a8LRw6_AiHAvv?KWb8cOJ33|AMiT>0*A);fYH2&6x zmGk_OH~eYH$P)_W95PL#ktWC@yRVskY3kyJnr;N zuVWesz8dG5+O=V!I9y`}!~DPOasMMHLF&KQdFZ4LE;PxecH#MYU-rir&;~;~q1>Nc zoc{_B=F0Y5*`6!g^B>xtzu1$1JL1Y`{)@)^gUHItg!9c+@>t&F3cAY+|5?ysd(`Cv3#Pn#aj>#YdWZG7)A$eQCA1p`RH;p+^)HRKNJFG2I9(2ha5?NsQR`z5H36S$H`r`!?oB`6-aejM@DGhe;u zKPiX4Z2Y-QH0nHJ&$HHIf)!QpVu}M4T#cuHaBmyXw>Be;a0!VTcOC~Ku1Sw zW$?oCu6!>`Ah#WQy(C+9QffQqa_s*Rcu?@k(pQrG@*_;pnB-*F=TN%eo zfW0LvGoS#d!YRh(_F#Ynn7;eG2pHdwkAcQH;tN81&+kq0K!0FF3>p_3T;2GmDu{ni zj0lVvP6_Ow$NNCCfO@w0Z$|&^C+yFu)Bp9v{h?toU*sJ8^-h#8QZP2|`TegFU-0r8 zd|Lioy3ZJ>yHcsl!gVZyxzOK_*{i(-v5zD6O9A5Zd>TUxQQ4;Roma35Znd&1=-E@v z^-B`bQ}sIZ%e=>xw0w(%B)^rQ(qp}!WeTi_33_wat=(2=7)fW3~Z`X(e@cu9-;DW9sRAOIp-2|ln1qT8BDG4 zW6gzChG64jF310m*eLxq{+IyafT?uuiy~=rq|kC+bFP7WwgTBgm0?tFOXpi7!=^6@ zUlV2`<5zL!wsa{EZ(kT@!Q?QwUoSyzkCsuTA!0F2s&M-l!rY5SyHTT_+sSH-E5k4P zXPFkCOSyEU|K7shuSHK~R8xd48KD+Kpvz{vNQWj7g3+36hc5Gj0izH1A8SPj^^ZO9 z@L2iC;za+_-$Kz3_nbB0$D$}Y0l^=E^3$5)=}uT)(3@Ip*AK_%-20krzxh*@@iyfv z%2qzrkpTOWi!_-19>t1txStJt=oKA*#}YEePIOB0d73(#;|t>fcS_rYDVd%Vu6Oj9 z)Aw^Md6TW@vf%?$9zzrzHN=JJ_s^=wd9oN~hF1HW@#4q%nRKa6goh|PsfojQg0tZZ zPsVksEZ)g{Ld`$ctn40yl{}uJG1B zCm=$A+HjkxiNi7ch$1c#egb=P>aHBVQB_xS53)g3W`c^!&cV#L(t&QA-)WBYneu?1 zZSvZ}n)lh>@hY&1ajD`G=jG%z&&bryXycb|-lZ*X@w!?7Ytaozu`>hEcwP86!>@#e zoB#v>w}jP;S3Vh17TP_usn_Doq`ZBk9Z|YYzfp)gufdcX59A%K8eL{_=(-H(h@yBbRIrqSJGLyE8};`{C6n_lH6#g@3YRXj%2 zds`ojI7HhK`gUQdk;7fnBDYIS4xLN+kP}@e)UeK$avHo zy=TEFZXEJ-gC_Q^c`B`?do);bzh{y7yYJ6^5%Da4S;cVp3sF6#g&-WK7nuB@VFAU@ zbpB)`iii=Sq0F){y)%(<8c#mfK|9ZKZIBC%)H{#`>rtU3e~cd!f~M^I7Io_LdD^|u z;HWv;w9HAhm+sx(S%Z8YNBWWIkWPI`{jO%dsf}m8Cg5}4^>ndMIaCa`r=Lk`<+u;0 z-=Sx#4GZgBCo3GGxMrm$g8THJNF zaMkKC-+skf`ZeV|VZ=+xkB}^nXn3wAr?bO5+352Vp4c|T_PGwd))iN$h zHh~(V&(9fm-e}aX@RQABRM74PCb_wo>B1qX4QuMJTgr)wFAKZn7OR{Ci|>7*ZYKV% zWIDc`@gii37bD~Bf9g{*Ftp}>RKEc&6*z_(d;44%UV=JL9PQ^)5;5~Fo^wVFxx)IL za@8X-7&Z75+Q@ae#BIBM&JaZamijq7TCz}is;C>zkSvCBhMf52ue>q2mJ{NtU9aVcJ=QkV5laX>L<;{}g{E1CxQ@C`rG; zJMo!D2`aL!)l;wOa@P*iY3(<57eDKTYbIw0Ohz~)2U{{fB(nF-blGP$2V(5zHgMrca`*O8^MZ(L(QxhbU6B z+tTJ%L}AAxV(PWXx~CB z+lFQzrog?@_1X$+jpR7q+EG2+o%%n=;gQ5L^mZPO`J%B{n+;42fK3+=(yfC?g;tjI zX-EBDoigh$89yy+ZrRfuCFJN?yfM8`q4A?hIcHnU37>~N>4zp4{=^4mYep|b!z?Ba zy@1FFtT7{Y`kfKHg#Y^zbPJuW*6_V)TqOSojavAWZE4oLWt!33UIU#6jP<5yk+V57 ziL}+Cn@`eg581@nAgmdU{rlN=BVYUn&x~WFy|=4v)e`DB8@p;s_^ceYy^PEDr zYiHY~8dW$e`jeNO@fCAV<*RdOtD5AL?iG#l>m8eDjD>R+5B-Df|7qiK6G|*pn(ka2 zJ=d8|KEW~e+X$@YS=&_YPCH7`5JZ_xB+uPx`DWS?iLXBifM&c~BK|$(v~9Gf@C-SX z;O^lrMUe=}t&U1th~XLRjMIFsJCNJ@yMeoUZ7nYiB7)77_MEC2t*TTP3SEg7rn2#T zb-nOioN6oCVRh}^yK^CvosJF{KZVhu6}d#Jw6TdA*RFBKnzmiPLHdOP*2PwTHbon| zhL(g(h?nGIwa?Aq3@Z{%R}XjQt{Vc315%B53%|OlikIC5z+JU~*2L+~QE#~pS&4Ce z5#O*I59Gfvll0GXE3kfx?cdcP)B0S#Oz;Nr1I zf(6YdH6B{YNR7KfjENS*51b>hQmBlM5nMvAR#U=8)NmQ^yk7ZMV%#ZD5p%szW9Vw9 ztqxA>FuZrii~`$}aW6m;U9_^)MNI7H+?*_C&@fW-}BTrn5cX%OFA_3m6f)F z5Pk9B4C^yTW8$%7@Zs~7+@3DyaE5AZ67o5GzmwOjb=I-=gT59lN!`YSBrN~c(EWki z)*jyaY;`~58%d@3fm9ZsPJ`kZWiu3vw^@5To34V z{1seOO}@+aXN51fFk-aOzQ}wPb$0|i%r*+{@rN$}DY7&E=?17PB zL|%oT)Uq7q)>-;D1=7lkwWfm)H&gmm$3&Ct0()LMaP}b@9a#`wZ>#rd>;N=C;WTUf znERVrJZHhlIK{}v=MPo|-|C-)^~cGY?>reKItX8Gazx3sni1KI@%q^px8EHM^L!DL5!IzyU*fF6?3}Dt!$x`^S)CBGzl*4#lGrgvr>v35fc@RSr>GBm~ z%%}9E02I5;S&1{wStf~gN7=(`yMX3GF>U1MlSkb{UqI-ajKQWL++9W0pu?V`>IN^7HY;+eQL&J zJF;N1eriaD<76~6%NV`XCP(Q3Bi(uP+IsKEe$z5;5vhDA?b3NT&xg2nJ5aiQnM}M0 zT4mNH7p4`^|3)kt)2!Tz2OY^3lU1X>Lmklzsd9bG84^~%`#BkMV{;} zH1t^wvKzLdE=g#h%an#M9Y(qg+7a$8A$?l%v2DRKb%Ro5|ADc*#|BYwtmp?u>@aw4|Om%<#&9RlPFCM49Oc9mTxpWO9JL=G+yh3Qbq%roJ zYNe*S(Q!ewhpBlzzL{~C=3{R_%Nl5UTEUg*ioYw&~(a1&?;Sg52QoT8Rv_$^MgcFRtQ;# zgkm^0v?8$g0EC1~(4JW>X3^{?1|~MtEoNaO-u>(62-)EG$y72$T?7x7kJzh6f&y85*XVs6~@viM?kwpH^565u4X$VdTpq-n~YTyYJvz@y(`NI51 zw6gP)A5$JBEFBG2-L++=b6d0iSw8U#CMw@M?!O+8`uNrIUEfaE({B?|nwE&uGJ7MV z<60>5ieYL&VR_tI^}auE^Zwl6cvg!d(3LHLOzDCW`8k^-m%2a7g%)FE3XKgy{dUx1 zMDZcCGL27S_g{DKFT_2hX}GTJd@h2{11$ALI))c9Lb)B|>M|upvbargXt@{eBOhmA zDMLn)XwgcW{M(g^oI99gM;C!O{p4c^*-p{atqF+@89{!IG@Eoe&^9hL?#ru!h~%4S ze%&m~V7w@jvx!KvwY}%Pp?;G@SYc~c%~I#d;Z zPTHbCG8q&ETS(nVT;KokT7=~X}oRis9GCv>Ds zmrg>Ho**Sa2;X%-^UXWYJ@d}Y`evWN}?Pd!N@nkMlT=^T?M!1M$Vs z;gIR%bD}%dO5&`Fd{bvbahV!J(Cd1cxZ>g~Hv%6rzOFO2pGvp?TpIBop{KEb*7dkn zz%#By_598SQ?YZ9hGZ3<-MrbndI5mfJ~Y?c5kEOQVkJ@8azKI*E3bKi2jI1j;DPzO z0AYJI`ONR1;Xaz)i{bop!I7&4{;r?xzc+P`&lZqg>k{2lU3iYaI%h*$>5S);}*X+Fwm@@t2ni3@rVsSEM%6ByB)cdZW(IDuVrcT5~Wij)tNx&1!1nY+eccp7$ znBLkirnxeIPNNRWi&UE5ui#lvEJ5E>7eK|cvI+%N+GXA+;7a>*B%&p?qlPchNdWXv}$F4S9MQ>WX!;#ySqMPf^g&r~_@3*WD!&*ywi(ecf6?)fm zcqAnJ%m#ZT0z%8oL%zDVjd$48A|2KRdWETJk`C(|?5B1DJcrG?v3-kVov05uHSa|c zngM?slH=F&D%@TZg-fhjg8kuJqM`+LZ@6xy;lvifov3%@jNQ?V^76sCTiOEO=4I3L zU3zWbrqf2-ye@ulpM&iPUiH=7@Fc%Fx{_#SGjQYr1y8Z;7WupX=$nE|39OuMTlH*h z?MkqJDfYng)YYX2DpKCDj{UKJwUC_qUYsnji->B22+1*zUFT4RDM zOJWfW27GL$8!+aPFy2Lx@Dsgqhm#=Fp3L=$cq3(cpETG)hV<0sVV2g!Bdhzox0`(t zjBTaPa+mlXPmP-Ge;Pk@-YadaJ}TXxSR2trvn9NS+A`+oOzQ@0>0VDN5VjjlC2l9x zdn??^Zq5cu$5xut0%q~gqGsCWl>x(hXRhb-CQr)M!SjY6`@%qjQU!dUBBw}c__0!e zA0&dV>U4+-%Jm4L+ccUU_p9&a1cjHrz-eEoXYgy??LNW}S@-axf;A)9lJuiSw%|_) z(emcWNi_sShpXSd_gV(0{osZ`;@pg%fTLCa7bF}XdMW~YjW^Fly_YjWr|77C;B;Qe z{XVaFO@3wX`n1G#3Yp*`)@6ejsCiok7p}U_8I2@gpJXe|ht613SF7***wD1mRR>Ex@Fp_#8CcTRlra0VJU&hIjB=*6u8T{IlkMIh02Ji9$f9y!jIwF z5u5{^xo7Ok@&Fu@?ei80%w)UCTY!A;_9z-$3e-vS*$YqVo3+luAj{J*u7fck4lj9{ z8yM_?0ouX0CB}1*IWJ&WEp{pbDBPFT-<^Yyug*auTIXYD6MzMwY&+uDIuOEvG7aX- zzZw^P&aOPH*y&l0wgRB>|Ljkr9Tm2uxqhs|(bU*A!U=rY2!bz!{QY1ZXy`lCK>hSk z8i9Y@D18o6KpZn^68WS5GOBmD1N_tWIQb|$;e|D>O{e7RBgqh~z_*?D7M<R^TJG9D_j>^QiBB{+(sn_vI zLnQB*nj97Xo!AGlmDbqulJ{DY26A~&O4?HdgTeh#MtWR0%VedfcEmjjMkU-5p6M#B4Z zV(OzgiGX#wHfy{CTfpY^o=Orv(!Zy{%W8Eow#E{+lRsyD(tqoiedg(=D=nA2Q-*1 zH%EVD`-Oe!R(?uOoPJxkn6Qne1kV*6M>!XUZTBC9`}m?$MS>l^JzEV85B^S2z+TSy zc2d>-UVL`wRrqO2W+JA>RXTw*(vq6X(oD(X4MmZC)jQY`fQa%$ckSZu41H(@ZyE>B zg?#X|uy89BO32Wy(Vv($jR>UbpsiY^jgNW7%td*DbLP|#MjO8vy_NL^4>|N7J)rRC z-!+c{5LHLgk=f_X2%d&+KCd3HH*&AY$!^?MqiTqB!P~VoO9c_HKE^Cu*F>M`L#Sq7 z#wt>OJ=76K2nMN_MPxru*fR>s5hkIpd%8j8&wHx5VGgc@gcbmu(VxxCJL((U+;z&U zF-cjg;P+;?aj(i%npS<0r0qp$xtz=k&6NcwG+)CeZwcYV+M8KM2<(_`6SP5eiEU-< z!S!desw1=Ak>{YMU;2Zh*6oV7R4!;=m>PFHa#X3VuNW!b+AWS9Z}(xg+{Te`B2Q`!%d_r4Oy&ZrXR%020q{x}HEgtAQ@`f7Ae_b$4;^QY#Jlo4M32JSQ) z_OoX^OYDs3eCK^nPD2+RSj+#)kAn>>bZZ7v)83J$R5qGDS-C5bI`1k*DRt^Pn^Q-6 zjr!Hx#?ta_k7jz@LKt&L!6K65M_zS~pskt@`ZTVvz$u18ktiztQ#d~~aRL80Nsa-WYK7pX_Go27vu`AV3! zSVWA$8;8&|qcf=#~E!MnUY@py5$Y)Ae8?B zM^KCR7`1n6O$W?OxpFucOE5TmEily^BC4lbjZM?NV;kYY@=c*CYw;XJ_44GXW0&dq zCe!d-Nn-o4+aFm=a{^xlb+H|nTFAIQ9bBx0$)b_(nZa~IjTV>>_p`$mV<7STqBDUJ zVVrX-VLw&aLkA{HWssMkj>aQ$c9?XNXEl2zo_y^yDoyPD&vx8{E&E!*(5vjG7r0_@ z`YARgFtzV6DsIQiVUA9dN`u#Kh2@@Ye&Szzu}u>7Kq$g`(g#Tp#!h^l@MiN+$uTuj z<%#lRiMxI519}6xf8&~ObjJj|1AN6XIkgnA1i4b4ZuQ4S2+udYRF0ayxCcZ1ErCk9 z84pS12z@xmE`ubmWUuaa8JK8jUBJmL+z=8$7J5Qtxik4zq>LPlSx^i zLGzq#`v5}iCOjQv13{z-8tLj z?DJER5x^Zzx%zGdd0%-@4+r&2?eR;|x_~R+t-${R733d>`u%^Wsr+AgZOwjXMX2RD zg8Mn>#ll(9b$@a*>C=Z$19Mz=D}oWP*>;F>9`_Ug-=0|Lj}o~@=x}mPjAee~V|%el zFg4fW&B&&VK0p z&>gOk;{Ck{g_?=G5#<{WzAGV0JKUv`}iM6NnW zNse~@;-1(umZfXj>xqrZ#7$)34Y1?cXNY}~-~~GIN~^Po`hWrpuG~Vgn7-8~{dKID zjM(`f@IPcla-L-n*$B_^QW$4A`gTLUBnsQMvX-nozFb#r<-}t;Kv}(gC(SxDF-Fku zNlSTToES~*pcqWjM%(b+5-WOjR&SfN9mv4u>UN82I?@lyuqndoVSRkvlw*0C^rU$L zX1W`%XXeXMJe3A`w(79-(5;|?m(_?0ns>XzVXCV1^pexLK7nGlwqes*@d2)T7eLaM zCLj@c>0*%?`i>0d36u?re#6){%dTL0uE&BZ_b^^rPFo}SJ00BF)G((P%~^0~n#* zEzLsM2?TCawHX@N^wFtFXhBSKiI* zIqTr)d$WpI#No^EpQ8QIS;cQdSngI;l3w!*nn39|Vuq$q(V-o#U_&SqJUErxx3fD` zLI;NR&z_$Ue>x$?a<>09Ft_w>=nY>z2;K-@13sg>4kS2aOejLS8Iu%sg)z$QCQ4qCidX4Q(h$iy!X}IBChO3hgMbXe?hGKl zeZS;5q4<~Tc!6LSj*Ji}3|R!9uuW`RK!b=6nZf_WKzwuc*aS04__Wqye)kmLq)^U zfFE=l>mia1_yH6ca}n%3jhsTzdTEs9{|?ZE&!QKfq$ZkVmFkg zU>!cSFg0XTta3XQ@iHaOwWinPo(<^Qi^$y=$2=gpqv?cTQ2@alV9LK!ZaoM6K<(eP zG{-+Z2Q9UK+l&@Dv)idZ2Yoq0%3v4T%)$0V5H2ay8@q|_Oy4OvOFmRr=&>UXpiafN z_WV%-4M+UI^B5v6jkHX-%Q+~uj1m%_`K91m)zmB^bnGqXP|+`+Tj#SqU~*i&@*HL7 zNKo)|cd`i>o?dOjKz`J8$V`T<46lyuD0Hqh2fcEs9IY^VOW%_iCiG5^W{9TN3t78~ z22Ybb9EXXW(rwl=Rpq`sVcfsmuaf`rLP$Doym9d4H);~tM(YCCZql~7w*j?N=GVIb zp0QnIJYzgo;=F%c(QwDz=iQvzFF!Ws=A$OZ1?PaLd0*D21IjGi@*F0<&rg|leIIgt z^+8a(Yl$){;%a$pE9r~Lj*-q%V)x0Wsj<*t3D!=(uK#=F=q%oN)$6oxJY(R;o=hMd zMQqq{DDtFCMcE=PX@x)Rx{udGih`t|;e2wF2QlN33K1b^9To=CVn zVbWeWdU+>JbF_c2Gi;?u^?9Ndwy!4M)ba$GTA_kW4-g3WE)($9E)THzwrmBAx!Lfg z5;BazxgP{?@m*G2X)kCq$?UU^Z6J%uO7T*-N}vlxx0ykUI=vCtSm=?tf>%{Zzi4MP zp<%|FMtEL<0mSTe`N0J(;OMtN8o&q>Y-}2Xk)UUsZ*M;Pmf>N~6O$zyE}*(&6@BCS zd%f3W99Iuie|Fl6^9@7)Xp$hqsZ6Pw##h)YdTAOI{Y;jm7eZ>+ciE~-ccUX*mN>Uf zZ!e!#7FU{@0PZ2!A!sL%BFA(Acm=R3Pc8ryyMHwX9jhIp0ri4D?i_UHGYwyNZt|ts zngno;U)WJ%r#xWyp>nGjF`W-oyYR7Ck}ghitZDLLR8^sgNw>Y@YA4yp9#6^$xt@&s zlULpm`em$2U?sq2>NKy(Z$AfJ#KT*v%`bWQH2}xRq*QC2KBQrBTwbmkUBd=v%|eV$p5z(UK{o>KroxRlz zvF7H4mv|H0pY0P&9E9k6(;cT_~6-pXau3*h+Fc9xP*zBlSzkkkEF& zMe|Wtu%39MA1K5^c`@GIB6!~9x8e(=MH|LdKr22sPs=FM`rxSawFfs%J6t?Fw3lv_ zMN=f*;Jg{Y9q>&-viiFM8^H>1^##T_DdE4Q6M3TY8#=3)HaCBmnNdsBjgyAli3Xg4-ShOUMRUOB*Q}#<7 z=<;S|oX&%@GKhmKwIP8Y2XDX5+$v+=6zHsMR*wqV?SYc>Y+I>hD9%#P-iY_|N?}yF z`T5NTWHED|1>0x8K=z_Hn~Qw_6h?QuGcGNXV}xMRf}pDt(R^$KLz?{U4Wu6BCQLQKfx5aYLW1k z>BNw{d_}*zI?(F7jS5C_kLU-SibA~fc%E|Gam_Z9d^2~ zVpG4jmYPcetIBvzoM~1{x>tqW^3Wsl0hA}@!3JR;PjL?7?Z*8gHhCb<7#RbCCxN=f z6(R%vv>jY!(76yMvzmP9N)64Rk`_-Js(i>hZG2_P2;vbZUQk(Z4l?|ZF_p)hLqdXa z-Fk+gCrWIbgP2^1Hyu+MORH=y1rMfW->9s;`;dWerscJ?V z{ZAPP{#cq|@m(edGeMx%E_&wSW>u_eo6+{OkMfox7j2QibETPK-KS~e@%+(d<2bt( zNF@T;Hjy+DZd2{a=b~791e}*DhMV{7Q*v>G@skR(xn=+#BuT30O=Ixt{ zsfB!zIL6`H7ZoOaQ;)gwA3J2opqFu+<# z(iHvpF6^GH0r*M4lmVhbJtS*!Kxb(zwYtFn^Q?+nF4R@kN_y>HF1PlfeEJ^CdX=no`bZfju%v6m)X)QlW7?0{L&x!WOzorZ_Ewj z!f2+4f0h#S0}9My*mw*UKfDN^hAa-oT4B-++NyQzlZ~(Mual)v1}@P*v4)PmVivvl zIFyp>=5uQ*k*XhHYJwN;DC7W43ljyl5;8Cq)qXP@pV2boSX2M#<*;cfcHN2VE$QoX zP|-YjY%c@n>SfteFqEM zs6~I?Zg7QW1iem@fRBfOMX8Y{UrW?#yD%esCRG%RY)p_Wjp5`f0ah8s(&6c-M-uoY zcCFP}(5#_=AaXFqY@Hmvm`j@O*tj=kMl0Ia1+9O}*6@;d47M6`X)B!l<$S zqouv`@Z3$2@7H&1KhkzhDVpQc-A*k4z^?rZbP_%A&YTWLUO3&!2K6=h;Ky27_e^++ z9W3-QiBhjSCGmA>ot}e1W$~N-vt+r)rvlJZjNSW2f2^^<5EZ^~uhn84CLu#5!xJL) z%+BP_2a^idtJjyjespsSJXJfxnIp_E5@`r8alG3!1wg|XHV+}GR&O#j8Plk+e2w@% z=@&(7vpp2wqTlZ+*v^}{_GVp%KXjByYJLM`%U@Wu6d6GOsF%Sz7!*&29*Ua29+{En za7bvZ&4AT;7bSGx<_rUUW|2mI*yTVGvOwY+S1(}X)$;Sd+^dWa#y&V2hVvA|uZmraPx+Kw3Ohfhd z@x6)_WJ(p}ee-SX5rMwFJ>Jl?KiRixY?|bGsH>#xJs53v}_+PPn#DU0@gX@D<-ikE7Ef!7Hlbz8ZOVD@YwEb+q;X` zRBijμ-EGU~lglq*N@N^-iX3kdvroG1nS#`MT83uy&79>e z>&GJ-)xW5?-Ll!?s^_=XpI1{3na;U-d0qfxe(~q@LPzuz1;)HRQs2E`mLNBN8=+kL z+T2?I>g{_^`~t&dGJ9GQ?krv~>(0YRAEL3{LG)-CCuuoqY-<};QB2S}%ewIJB8{;0 z6sH~yKQI4KW!wemk7cP5NJV}tivl@8!km0zRyeQFK}VigrXZ!rGxqb#@Mm;gw&H`# z8bR-S6b&zb7JQuO`=VPE)}d59_f&%^F1c+cp%TUKs3t2l^Ee~JL|L>$J1@9hHBmzK zRlxumO&AZ$MzYw4iH&vdF?@V?hG5-Uj>2^U30~dKW5E%pi?W}{)2W9}Dk@iISjz6s zxbX*#WtPgUVQfoiwhYceR}+U(=-cKDQi0Pm@Dru6wCzxePuuIx>(fnrhn8o_1V=1t z$qR*nGfpvn7l(>C!S1>7^oxm?%|5>#SE$U@XkNQeXR5oZvmilF>{Aed&(IK=E{p=T zzd$x5fg5grstehp-FuSj!)cdRJ0B6hvSjCbG+`G%QjC37z^t0Qi`l6{i06H)8sF=^ zS97G9;bZ1*9NwkzDbZn}Hm+iXqbyo>RB?b+^&B*>fW^bn0_GQ>;D=b#6#Wm1qb0>P zU#7WVT3y|F<>t={?M=(*}oLctvna^tCytU%QN1C>%XQHYSL4Dv2X+tzu8%js^KV`NDc7rdsXtX$x&1 zQ~?q)N^G0HgzSve-+YQ)K6Hv7u;PnaRk^fW!r}JC;1}yhlCL?!mknRg-GzBToE9R9 z7snJh9XZKI8wDtnMw+vHlgpUKxT`sx^s9fmfcu!~_;c=Aemos4it&aipGx6RI~U5< zLIRjnNcA}dv0Lq0Can39IY}>b>o^~#NX)GPbA?7(X5YcFwuD4>NJeH zSMS6x-I0Aq0Y8DdEEV4Brw3PrP@Y^Dhm*r445pP9r3dWs^S=%U@HLCqmC+RhxluXc zxT!{&;EjbxOzW1WZPVj&tA>QLY`G*4&|*Eca>-8=3BjP4*c}UFnB-FD?GVXpye(~` z!WF(DP~m>HF($>pN;K0l_$&E_l0XIHM+@x!*O7wz1xk(9+XmBWNz>K46&uMz?jOjL zE$=b9-Obm~5N+?}-)~CrLFQ^ZdX8)#%U|)B5+4eNm+c40V{Mad@-|;X>D6oF_68^J zy<9Tp1ZCWpd9rr`l=fYAKpORf{Y;PS7n1ocU#)`C4k+fDT$bWa@N%RmhG*xz4rz{<0dfDH4 z7&!H#)r(H|={IJMAFBH~9QurdqJTX+6iHRC{nO{}yhuwO@ z;F|{~mzr07<22vHVMW?%P*f;;NRR=a;HV~L2A9c|(t+OoAM7sNGgX!>R}M#| z9y|)|f%w2U0jl^_7#YSVKoFYc+^B{D%U6DR5k)@w$cMJ=tBrO!Ef?S3(YNp~Stf$x zXk++$i1RKD)L|3dT(d|e)s?Kl8z|(pb4XTG8~AAI*YM{sYZj+FZnXR$8(!&=49g-6 zPHXM+65pf4!o^*dnN%@*J|3jRXv4U-&v>61nCx9#u;QJrJfw=Qegd+G-@b-vf2Bg- zSZdf`=Tu>Rfm$3DY%HJO7OA~tfc^f_x2c)iAjV~bg(QljOA@i0o%@v7j;h7uLB~GgB3_y+(9~9 zl-sIT{M;srz?r{p#8y~-!e1q!@w^acqO6{r?-Bw~<^FvwjhWHrp9aj)3296&aKRXOqkE(Hb7&|InJ2ix#< z9YBbNdIq_3^+MEAf~Fr;kz1E z*ekeI<@e4sd$r3wk?tGw>ib_A4Q|aEN{}Dj7-HI;dfajJ!aq{mqs?Ovk z4(ht;XIhLqX+z-smQo%~NH=iTsFm;hMtjsntSoiqMi7ml9~7 zSN3sDzvoXIJ%RB^)q{9d?M9v9FH=08!_}XP4-6{Ce!2S^`ikalml+?9he4b9rAOx2R7&`){0AF(gpK~72 zYJj(WM&P5M9HTpUI%9=Reveu*PXvA&zcRuMpdierhB;&LSoQ1O!cbdUs>wHVE@cr>D<@L0A z`jYM{)hnteQ#}nv1T*Dv2y?(Sf^!Yt5A7PfP*GZ7g>C|?RPDL$1dIzMZuP%?^e*ns zT*A}N<=D5>gFg2Mw}wIyR}>^6tqbfh(X&iX0TFs5b3@3XV!LUdpC?1Zb(D`_Sq?2j z5ko9pzusHcF3=u=4Qe}dxQO>eBUuU3IHA(SC4cJCt?ANacd@QugnjIDCAKG8H*7;5 z1e=y5-@O9`hS|$(?sYBvIFu1upAjq!wZ7?cYe72p8{M_HRu43` ztfM2^v@|I=m~J;(nNK@{t>?@F92e43q!!X#OlfMm4B#e7vQ(i7SmKb1Os{yIv`}AP z@5pu^O7ipM76~Sr-rOERE8Z|?c7o|s8x|UfY^)KLlgvNk`l$7>*dOxlDxgJriL(oD zG&)tmUxYJk%7j!1HSLGdZ!l}mi93A%_EbmU-ZM?^t49z#Z(nvNPSYKb=+WJw;pMpC z7LPX=fS0RK0Q4V*_-OpcyKD2TjynR+K9@=NC+LlFjW$V}?{2`Zb0{jm>$$bOwIT0>yQDwfcW!6LcS^}hX6n#N zqw>=R#GcI&kx20EqVryH5l|CKjE0@1H!~1N<|)Px)Y+Gmn(Q&CD;tOI%Hqtv?@kid z#TH?oF>=S+H*I32oTUfFJ`pBQIUN+pfL^Hp1kgUGf4HF98x4>;t!3YxKJt(4s$cS^P`m$~uQMlI5>D+NIY`i~6G>DVC_QR3$O3{~BCZM;m zLmDB}&Fo-(z2o)XyV@S>dtK{u;-zD$r~2!4A2N$CZ#6nvNsZjC&4l=*|pFx zLEaN@!XAun!!G5S47zM9%*j<(EGZ`(FGl>0Wcd!c)C}$)X zpVJ0xvyAkD0f$pnpQ*aaxjXu;oQ{{{Nl8MMNn#CkyShp#z#1Hhbh#)$4Pm}bY>#t5 zy$3-m?`l2Gg)Of&keCv&;r3dMBu5w>M36a^c z3>o?M>17#-Sj{NNvL}x0ELa4-?>;%dP=f?C3aM`-V>OsoKUh&eqJ*bH zS%H^IjaFs2guQboWv_-HW(VwopXG!Hz?teDoZt|Rw;iHC2Mycc-va$(t^k&6n9^g(s};F2FX z@4FSYmvIuJ&T?;SsWX@9XvQkFp0o6K(|&NA={=mWPVO;s9NTTRsdc)QJig?(bKpGV zSUoeE3A9}5@c#2a|L2RP8nVX%FtfM+^eU35GW_fCKX1we3&t%RKA#Mb$CvU|0lMdt zuH?m#kO=|QRYS#cilpk;++S=uk^@`))W(;)#&-&pCo6T-^F1!xe#o)UxIVlEgJhfJ zWu$*Ld2DCz%F_0j^a`E0xs4vkUqBGr)Izv1;?yUnm&g z?*g%scJJR<5m6x*ME;F_X_ym;|KBq5&tQN%5zXo@3w+sKjo5@d7yf2w z$nfm%f09ldNioF>b><=|3wj%!v_ii}DJpF2?GUZp{pFJBYK(YZ?*!z9Nf?JeFFe{% zuyZtjkR8tVp0Bq*;ySs$_LUopfilvG_iF_l+X9FmXE=9?EYc)>F z@%alU7SH{dvY%c}KQug0qwsImTNX2v{F$^U=A?307uo;HaY}(MVE8+}uTu=hk5A5= zg;HQ7a+R#I=f71vgkN0qIPo8OlT1s8>7fiVF98OqMn816?e{RT7;u}Yox}pa8M*?-FTP|`ah|9_k z_8m%U4Tt0ujNmz_dx-d06Pu+NvGt`?svpNpAi$T!0U$QZwE!C8x7l!0k_wre^dr>! zW8Hd9M1X`Ur7>raqFb}wd(;|`p5M&JYpp^*5Cb54Z17-VeX;WF+6A!=^IrhXA!d|t z=a-z~IS2wirh>FZ>66*~dmrQ|rtS@2f(_Bahr0i~o}9nC5^2NhiHu#x8Nj|kL=!>~ zXyp`)$T6VD`({sMc>PtD|1WMv#qfXm?|c!SM>bxcm>#Jjgha_%mZBdk3y@U(<1bJk z^6#c0`d_Z^&dLifT?6)inLp0Io7LWyfAx*X{mbkmzMax~?)rDr;PZF0BS7*$@E!cV z#oyoJKZlOr3-y0Rs^5F@zbEAX4mZEU&F^sYw-eCsNB@8S3G;Wj`5kWluM0O7=O8fT zpAxgnO@FD}mimqiJxkhQZ`h0$`!-kQb?J18EH?b7!-K!bKWsN7LrwTRUh{1(iRl##oj$rs;7VB9wh^% z_jJi$`e&bDR*n{|NxFd}D+%uJOI&Yc=${C>Re&wbhtA+yCwUQUkqOn__j14XM{>k| z%K|L_u6~uf_OO+#B)|rLdI-YKXBDgaFAlgYJ*rOZOH*;~+}B#eTUrTfFnCc8`fnZ# zQP;MUB%wE6lno_HyYt!}sfcfT51VM>A<@vpRw!YVUi12!=L5=#UF-7f_C-^kfa&kC zief-CyuHbj=HxnL4=8ueCH!TScw#_!!VyFagzN$QpFLgx&BjsR|3Cz4KzlFYd&+B6 zj3@Gd&E>%uzh&$lbuzAh`cGvVVF;tTPVA4l6 z;J=P=*Iv_{0QIUKI{>~7B|MG-K;29@Ar(xBJ#PPx?>+(E@$ehuC)YWM2XPL%1^#{O zzrXeW&4M@ZTLk|gY4;5%qdJN>Xo&Qh=A{<8Rl{^oB^sUhuDniXR^aAQaS=2urj6RI zq<>P8)%0v#q$zb6JNn*1{gJMZ&c+J6NL|el*M|9z8TG~yxE+|xc%jQOaj~IJPtI1L zsAny#Ig%s1{m0}OV|w0?)_fyHJ7+e)VXds2!-0{O;RXNO77!&!Mn4iRX$$TC(52TY z;o>80GCoVp=)3Dk7L@l+gAg0xx{%0o0zRMoTaAhYy%3h_0p|n+CUfA$iNZgKSMh#% zotWrrM(!)-8#N;3ZPRYUIZ==WXNbVX-WFVR)vkz>M+09K)gx%}*7hxX+YCEHpi1Q_v2MShR=d!N*G@;sV zsq6VFW1sAin{~@;MkR6$mvmTlwzmC+=flhgs@CgxJECXI+hiDv%LpRF$VS)KHGGyL z&X_nM9^qBYo#v5eDb`j;+7hxY_uV2UHBTSG1aUMSB7uiQ?sQB!K5elN&}Mu1Ki1F= znbE6$C|-?S`Sj8DhvjsC>(_`Wf#+-Q_-#*#!`{+g-O61=@2iY+mD85!VR_EH#Z&hT_jad0hMbAnFc-$357s7vD ztX5VX-xs^~#$Hk+PbU0XG{)D6~y{1 z`Qh(QnyQk#z(?Lj{>VrG2A&L{xv+Jmj{SVC2UNe``aKiB*TnCw@Q)4(=6{BvHy6|Z z&8LoP!3N*hGZHV}Ja+n#bVU#l+O*2#f4}v6CjPc2nEzZ8H$d9Mil9IFFO2k$**!sH zmCr~awxOrl(G`!+hIOPIzj#a7*ac_j8bk z*5ONdJ-@@9hKt}oKc+mDMf_RtCHsH)v;6IB`yky)EiZtarA>1F{htnoE2wE+w0ERL z8j#4rtnmt#oDi&FTvb(WKUa{^s0-*+A0g&;)Y7l`{_65#!HW$Pxq>8t8ef6D?slu{ zdjQwNtM=1T(WSQl)}9cp<;1s&V6RBikE`H>ol9+X(+WAroA^X5&Ei@oL8`-*eEp<< zqk(CAIIB^Y__OY9&Zj$DB#Zj78A-P8`K%@>X48bzG<^tDGusARKwVKcM)ryzOrmh^ zrEkgjZ1xC+x>BDjf}{tMRHwcfN3N4Wj*M<}T%vk>I55`T79D&WBNALa=?00Ad#CfR3kt(2yh6_C)%D4xl(FlUXslj#47EWG# z3PuwI4SM(;2649YbQbTatGbW0xu@iORIJ*n!8&D>sJonzvfXA~JF5;Z*2;&@DIKZq zd8r6AnH9O5e7fKGizK+@!1q8%!9c*MLGkvCm$48h;7qR2nB5GUfZIbZK;dZbkN_cv ziTYe)zHC(cNTaAk?X2uaP$1BP7#}F&F+kRw2jpWR_ou!DP}#B$#k= zU7kVfIWP3T$WHw~ojv>e`u>4_8UH_9Ll@46|4aH10gP*;3^J@)gy1@ivPF?YL!V(w z)AH?6*aT>i-iUBOUqK~5M%F~lNSeRvQTfxEr=Ws0d;L?}W}36YMkL+@autp?S|b9= zr^DnEviN9`Kf9|Swil-5i9L}sVuQP4cCv*9J7hXGK$j{3wB7s4b5I1BKHxSWg_7i? zR12&8wIrl1@Ij5-CE?L1E8G3Prw^}w3Tj}vR6RDG+%Ys2eTc#y7GPbU;vx)cnBQ_o z-Y_Z_SxO!6=#fB7qc!g>@zs88k4zcrRd+{KO&&rByZ|{Fg0=)YyaWS4Ir;V7!=q{V zQupcOt@cxaZKGp3q}0G1YI&x?yDzo(tQzn*|I;(C9fE!DA4Fu*Byh875&+oPa*sH7 zh^p*v=-VT@Rvh~*Am(v`0Pyi72~HP>MvWLXn&?Hz38 zeK}?(Q-Md<)SSw?GJ8O;sEL{!cCXLUuru8<-W@0q9^QSTDz0CDh`6-(gixuZcPYne zHpfPVgYG^u8SVn!hT|W~$)4pOBJl>`nF$0o18!%xjhHgCbn24clbiLK32<$Q5;M1e z!cS>V$<%?%x7u3x0dxxpI)!Zc1q>W&3c(P(c6}?yeqPQ?F84bBNXMkHA{7l9!ZD8C zQ4_8ey>8X&S%-@eg#4h`PD`Lk7GR*g&kBImhJf*T9`{LDMRs=G!qyy|7z8;M0OKdd za}BP|!tK&xn_l|}K`>8E3al``%Hb_tadk2nW;`axi5*&hZ@hg z8{qW*6$4H64a$wxd(2#0JGU-KdH1HCG2*4LCTe&wivmOY)SZe_;e2s-*-d7OSHmo0 zUud_VOjG-8W(aInY$1i(7r!378b|U{5QN5l;fzo9~S2w8{Y58bC{& zUO(ABV1{XXdV-m^=N1Sd3RUFx{bY8nlEo}^p*{rMz&9^|P37+LHddH)(`3}l3h&smR!Zv_P3pYO*-M;jx$n*=%*s9_Yij`h?c8d~EGHru+qXdz)n z>nQ20Sh-pyd|wtuyu}ssjcW@zEwY4&Xk^7es9{`q<^1+9_@&MlJ><38IHT#6m_H0| z(5XJ1`Iw*>mhzSbNpe;}yb0BOj(>}7X!YeetIqneezI>+gR+gaITckABxjT5yCL_{ zcIMNY%-E3U`*2pzG@1}ZH4@NmyjKu*b3|{eJ&FIr%+V);(w|Ql|}OaVsoO{+{@YDJ%pIQWM%1`=(vX4!^V{^<@{;ljHjlhqovDh~WqBH@ zc^!kwqONUSp}{dP-H=ph#{(EFcXu23@WLo$KUL;<>#%au+R(S^PNDPv!`^#GHNAH0 zq97_NA{Kg!Qbn3bhXA6|L_|6Q0TGc7(t`wI1EfYkKx$M(M4EJ|q4y%amxNvd2?zuU z@%*A|t`RF>%UERabu70V`T`CNJ3CKE z&|j7d)(gysb@=vpRjv6hPZlAbDowp&1f3YIxo2-!mK*{-b0xJ1aJKOnJx8@7S^dVHc=C3&nefz+7@|M`BYg(}$~`c;VMb+78YPS{S)>A#+0SYf30UeR{%9a!Z(w0ujCpo0l_R*AdO z@0omTb+(&P($4xr+1)er2X1IA96X@6S5$}!)xwKbmmGIswO=T?znNvu@}M5JtZf(%bW{;Zd{=#VKH*&I7C}<+J#Q6q3~QP zIK1Et{gha>qJU2pX~Kj*kdKi2t^?g7gvEBIDh2p=g}%T(ck!qWQ~Z1_3Tbas-6Xm` zkdB?U2V3EkuHr=l`B`(~-#C1Nm}{js7jT)rc>AQSl18+J`~7^Lvjd`(po4R*pa2wA z5k)Ye3bIdAPh4!!%I2OPA07YQ4YA#~9Oc`vH+L(>-Ugny^(r*;I(YM(hKAgAJClJY zx+T18{%dcWG7|?I!5%mdd(EgAnU6&V%HzCeKiZ~|q;aCw!N6S#it#2`ZY4D%8L;55=wJ%FMwY=@P0~aCe(l1sHCj; zV?Wn=`q4rAsFxNZXNvBqvQRv7Q|3acg8|i?qoUo)dsUN*O(ZK2(CH~yVng=J30*YzJWK7f47Llg+VhldxWd{ zGlY2SW8)0-W*99`>qoj#QYtrM+qOFBRfgyyfY*Yy76)K@ct#`+j&Z3|Iz_l&*J$T@ zET!r~52mCL71e(w`*8Rhw|ojJ{{4ZYkJy|vGk|&}FM#qGbaeJe76}BkinZ&VlQI+3 z2_%w6&WlUWhWGMq)+a9Qs)xNCP9nY>%p`geVIT86XEsH+(2|?7O&PYA%M%tz=vX<`=9?r6wXx3Zb-e1ZkG7C zD(ckTP~IYBq#b$cgHu-6p;r9Igl@@+YM;USNd)Rd6+c008!i1<@i<}fG9DCmW1$6( z;o!CG&cd!yY6j1i(w*j$p?Q`j1KtSF-tw+JB%s6e~!H{p8|NNd6CR6l7G^rlGDc^%6_g+M@yteD}eIFc3flUN14NN z)XX^TXX*8vD(j<6*}KAEAoL^%DAQQWDFhTq_=gz5`UYVahC1O2Tw{o?ZG zU_jT#w5`hG%EHpP{zYF4m)26O!>Fl?!;7F-nMp1 z&$x6ox>MXdQ^iG1tU>pl$NLsHi`b4F(>3S8Wv6yQ>yKAk?X%BT`MN{+JDhSS#zjjm z&ns|mX#sr-o8ZUN**m;FY@}}-RmF-Xam2W(hap9Il1q7z2Kend#D3z9 zPlm)XuJZeWS4)efvegGNOs?znOY?gW zlRxjU^t7Ir$haDCPV7c(_}MoJ8-{~(u$DLeP4I#$MB0+v6?2B0n0~7W!FUl-krXR- z-8Zcn{0XdQD(RzHbgM0c*^Rmr%;T+IFUH=Nif4+pvD|MsfM2~kOn>eKll#f0BNQz> zDRa5qdZF$37rEQ-^N|qK`&d6%lm*uZA9K3Hq~)vUdnQ(Ndwp%oi%B-8@Koro$Npyt zFoJ2*efSo@u}4hR%xk&q4iyxYRO3-BVCR}OqYAAlpnY9a?V$M)JO^^*v+0oTgs+Q~ zdP#l2)!cZttj7n`&OF4Fg$OcZG8RLd3@;QxA}c;T=b05y23nlk7MU#U zW}73*SAEP;IBhf{n8@;)s4ytuQb>T;^_aH39o~CCr*sBuW&2w3_SO8VJ}+kPTkg@( zk0JaKFv_X5V1H0t?SyO(y1%dmVtu~#=2i9h5qxvNo$zWNXH~sNs`u0t0vO;H^%EDi zqAE-sj8g9xmrM6Y?jZwapZg^_@kDpq#|A4d3P*Qyx=(38nb=2gMY9lT&`uI6ug1aa z+IH?jadrY9Z$t%d46jF|9#CAIkGKxILjvgH0@r?ckrJBG(Rp&qrDS{$>E*r+UYS;^ zORmg|5L{{%d>i5YLN{qiH&;@CsHO3C&$DkfJJP!U)e(bxIM<-sBt6Yutz*;;7Bs{I z)7l4f>n4vc;I+_0^)#G-SYb!+;HVr7q^_`?dwX!-GkGh9;UVLZ#aO8krw|{*fk>X? zZ#A7FB#)#DX~+Ovv6kuUk2X&;&-%)0d>k*g(5xIUFBdGRVz$>w%w$gEi>i!SDK=Wk zSt&CEZhrmHpC;hm037IQN+cK0 zs;L4Img^IM`W7gEvnEl#co@M66yYq+f`=ayx{noC>blC zx1Q?Vn&M)$?;|vLa1;!x%Rw@F_L7Q7~CV&x@nr#Q6TvD9j(Vol@|oJ{$74nv zCepPo!$xNPFdbZ%3eF;6uFr#6V%hJ0s{$WS?4eckhU0eo?E~@Ckfqkyhb%mjFs!u|u{(V{SrVPB|v6be_+Qz|#ZsjAX3Kaz|gN;4^)2G=zb^G|r`qSldaP)7__&bpJ9Z39+yU0QLZ_oJKGyVoae|R_fi>Wa3 ziqj#evS8;`q6BXHi5T4RxMdLY@bsfY+}XZ#HN#aWCkZFJObPsUX(I$9y(pjT&d58( zj2oKl;rnxE4`JjV*Xu`>%KM3#YvSIkqxarb$&OyD;VTWT)vFD=*Q3IivatGcy)~;w zgMHt{Wr*5JF0QT~d9aEKYK1NdO&H#E0_|SL(%NuqQtoPPHnci<>GRLTxUYw?BknKN zudO3UQ3$F)pfcTE)FRepPeHu1>Ik4wkCA$mwt-S^i*HRfK_H^R0GJnFj@GWD5!AHH z0{a0E4w*)sc_-&<_QLPPiTTJIi*~kOUZrii#+r_sM+XIi1@ZHkuN3vkTGvs`m{=IxR#$ZI^+RyHyxo)B;Vdj+toh(3<(_0ZKVT-bmie zUu{!N+V2S(-o5PUNt;$U=uMl?%x!na@l?@qYXlXTa?uPP=+8yC+$a}TW)!$dR}8s) z>iPm#?0IfOec`ez21??THC>Wcb^d%G2fz@F1#QcI2bb5`v4b-efva3I>`Aw*I0QdY z9NG7dg7N|NMS*fP)uR2m@46(CM_(c zdO2x5OyXh2}jufcV5mNIbWo2jQBNE^i_uL9PD}?b> zwG$E_QwHm#QI4_0`=fHBg-i`1DBGVt*jUsjs^OJt{7>~Is^Jf&ZkZOTJZqZK;&0tM zwlHlyzighWq6oEcQh-lU3j!}<1}EIMzw}4Mziz>>EyA)D&tAbw4LGV+A0O3cT$O2b zpsAfa4i=u)493F5eYaYio@t!hxzJE#JjLGpluj{bp-^`|ytq#m(j|fi0o!_jpsni! zs%J$EJNGkQCNHqyXZh6dIApfRNJ?e;!WT9|v`$=0Z)!N7U2%aW&uM{?mniul<_=E} zy+7vnZ8s;65H{)*C8IE+N6r0;viC{UwZ;m+T4&m`=W~DDE18I)3o$>8E6(5x&9%3% zu6QB{HovldOXes_!Zm-LF8h8Oy?f)X9q^EqLKad&s@jO_-^}EoQH!(azq2lMS|v)u zs{n2G;8_2G2n~({w+Ti~DJ=M`xD(LZ8`x~y6K^^7^PK3Op_X;TlQ`pZFTIYFD;^0F zES&|OL8eV1Y3!qH%eKjgoTa(tr+9)5 zJbDwyYpt?#L!7;UvU=?w)0_eeOe2m#N3j;TFmu0>6>|&ZZU)!z-0Co?NKbZXTs+Ku zByV#qWa1#MGg~nz#~yySvUqr|VasP`bndk0PLz~h%q^%=_WjC#PIs^<6LfS@d^uqT zbvGaQNL$gH(K(qvzsH^+cWsIcZa%!K|0~6zhWSzdhFKsZrYuT0#TkoSHV{t^@0Dp% z$VB}$@%w`fqWcNHH{BBk&K|u8fzaXL5>ZC<2+&1%LNWqlaTKyw8Ubn+axkfB_ z;REk&WE8|9So+fbZ^u}$k0b!)R~rP?-H%9{SrTi0R;YLd8}w{ns#~L8a$ORp%;f|j z^cpTDVWjCP->&fMvc@|@J+Q7%PGREipL5DWVEA6`<<(Q6RVLC81}+H}~kc zU%sHtiPj0TNT<6jR431!YD%-TAWtzqTLV3c)o$(MesS^BUW!+J*hQLBD}gchB%{o3 zHLy!@3JOORGYVf`lLh@`*x0xgtwhU$MP|+$b|RxNFVqL1u-jUX+?_Q>BMLFJ2@XO)FzR!G&Cj z&E~4*8Cr*}9Hu&vDSevLHDtv$y^BMFNH!lN6uOhUmL%K_wy_cZN)edjKfM2>&jqDe zyd{o}Ir2uzp_!vbN=gkbRHhE$=+aGvvZ%4p%XGu@N+{t1XEbM5WurUd{^tF&^Wj_H z{@^!z&hjZyiRp z4Q~@Vv6UMU4ykyh5D%AwLu&7#QPV44J?$U3SA5*L1<#wQX5AN%ZIsFB32}BU>&1Vi zc)*^E+T2dE2n6e;LR)LK^y<7pj>RE&A5K~|1Tz?fU{v(FA9jj$xFc~z6}05XriYrg zki=`G;VnAu6(BXOsVjcgadLKLmuTZPvC|~E^!Y|QTcr|+K-s$cmBPZOfq-m~lYZ>T z-4E7q-IBMvYkXo0TpAhkLWJ8;fj()PT?dVzUzoV?AzB|d-ZU!wI{u~i5dOA`!R?Qc z`k!yPhq*)2{yfWPA7e@$=6E*X##mFZ8aY}ogH|>WlYzq}t_YinY4Tokp2a%{PqoS9 z5;fhoWcZ_7!ignuqK}5^?Pu=M@!T%IFR;#y|30hC#zg~n;%{gXUhj&*I78$`ak z;0PsoQbYzbm_AUGX>dOeGsH=Deyn19tT&z^*;06XFU55iH!8I%wz4~BBeR`r^g2Lh zIenUJmMwrcuE$(|@ddI7?)4@%p%VQAU?u61Y?cu*zDC5{^;E})rie7pKHYi4(HpaU z>!EajiR{~aN0hh9*eQDw&CCcY=q!!YIN&W|DbML1GLF{{^8g(ft?|S-i^Wn|eweelZ$w zp!Fik$gY~~%Fr;qX%6ZdFB}A#u)N}GRvN*#J`?ADwuL#|EJDGa+yNY`)F5Yef8ep` zNYIycl~?gDv5F zDh21;;tGRlZ93>Vc^{az_ZDxt$Ooi|hBtkU%jQ)=qneqKuZpzH` zCPz{B1uyd7l$(H`^P0{+6Fhoi(JUnrZ(2RFn#cG!&EDUSxZ2&sG(3MTf1mnTcK|cR z=C^ap;X$gJnuQM%Wow|BjVYWseXn&w%G!#i7sOK0ENWHY(d1GLJ}ly6HiX(F4=)vc zu=G{iR-#}sNx$4gVZ!veOHA#DIstY>Pg#h7d#2MnwBs&m8tm^&{6<=Ym8>9CN&Pbg{PEKF&H-Mn~$7zHw8!IwJuBjuBoe`(V(k zCAeK>>EtZnbEd~+^w;Yn)7UX zx{6|vgA5D$dVme>9VAh>mAmZu&5OQqFqB(GFrv~l=7+9_^SEK}w7xo>oJDo?`2CQX zUksM3|2hJ?oW8mJ&BAxd;kE1OXrLk(8jDlrdl9D3FI=g*mcMEs!!MTluq)en2pB3Q z6!g^5dc$MKQao$)raS8+O{ZIIdDARFgbqZ&-$JJeb^>w=#b~dYN`UL^8jNzQbFcFu zX0NAvM83ywW~K-b9->_ij43-{947PH+yd3(T4Eus>HFs-?#XWEs=P*mMSpOGzO?pD zdfird+OR5Tq!6EHqJxOl4GpI(Dlf2=WE<2S1Aj!knIVEe@2O#p9K%lov9?l-Tyl?U zX462WYRFaBL9&xJ^g)Fvo*`)0#6=oIV|Q2FyFkgTJ{Q`ax0uaI+>)h!5YsA5nEl+9y^pOVT)g!$(;TpCJY#{r;0(=K@fN$|GnZK?qXk_(?lNfo>NcH`5 zR}7{i8{PGwsTj}`B8v}0P_Ro?6BxhKogOVzdM&2YN|ovvlwWd@UT;3&$4xv~Waa)U zH~4h4SHeK!idIq3>b|w{!tk#Y-bq%9{hd%NjM5XBHJmRFT@F+*Hfx}{zBtpt$ZcpK z9DhR1kcy>Ca?wL~{<|qE=m2ZuLA8psD1;^+C*0kLG?irVT&Y*7<=NG?Q8#ilKwjiv*=mC=2G_#9jrT zWN*$X@)F{v)(+WoYv37QZE2>mwgU$*dgk^;*>D!0)A*!8EyW@$r&lGx{L#({#kDIP zMTpfSz&g|ZvCe%uYG9AvFT0OpQe4pRr~aq#$uq^AtW~>raBB1FDcABWFEGhQ(sQa$ zvG@IQtaKgi6s8|0oAy)Cmk0YP(lZZL5rK|6U5*)BUpqn6##ubsf90A zIi<0Vx?CnR>;vEuc((Ckf>6qts<_r(%#-WAPIv1aDQSz8ou|X@mW7;k|K9{H6Ml;M z?m&NuyTDGxuUc1qES@R?QF-min*@={48Pd*<5_s0Q!NjsE)csL+nN=N2J8V08<5(T zyOi(4c$}++r~D=^=OVTJqb8n+M}TwLXwp*3{rElR@L3Ch`Jj=kEv`&~qKYE}4_Pf| zH5otc(2$Bw$<{0;bl|DUSjSX9T4k_EG=Jg}Ly9Pu&w2KP774&wQV&$>hR9C)6$0VQ z1NNLza?IB1V6ufoV_7YZFQ42)YClo!k{W;=zNzD{f3!)c`kws8O@DfPQxMn*DB`3l zsyMnOD%!Qz7wNd+?f8|#BqM3XIlfUA3)%ZCZX2uue0`l<;TO)*jJ<@dQJX}-`9{0E zcsMwxK78Ha;S{N8aCxL35$F-W+2LkUaMRRr!+NC0X@i}M_>Lvw=7TB!m_8k?PC2_h zzsb2j02kd6DBv}vc8!SKOh~6)rnq_1l6tXEc`-a&ztcTtL@h|9Ys#^BF^x99$o=|dlz_Y#HETCyE__F_9vzF)`Moi_`xh&|u#rk!?| zU<8B)_$=>}gxhP_Ok171iU0-@jY0u169CsaTOnpkqxJwp@*IeT7%FIAIhZGZylE7_;TYZeHV}d)GUJ4akp9!^t0ZtoO@Tt!ockJQx6{k{{5$H-a-E~jq z8Fdp7msedgr49hTI?J*|RN-1D4OkxL$$p8+rZ}$Ds(>Q%>S0(RC#w$e4F(=O4b> z1!IGmA20#<^5eWrPI|pRS1*|VZE+sva8;XaPF}o}1XBDno7K^=J;9vUiAmpW(YN4( z2JOPUpeRw2vRo%^;TSSp?^Y7WV|p|2VtvRH{GxFQd5TuKprhmVrjnA$PGOu^=C^Y$ z8cc8tv~VX)PyENNY=XwsmuWwdKxaZj;Q1znp@*WaS~foL997L4d*IV}4n#vJxq?ql zDj~6!?%p}BG1E*kZ3wD%ysdHx%Kc0XQu)^rMgq_yyQmR2_9bOp!&&7O06mbCvBM?z z{)8UCKzS>+Z|DCX!AyX8Fs+^h?jtS?ZU=CxU0CF;b;T|vB5Wtcu!CgYg=+M6T1#>_ z&jt3i{6{PoOa!o;RIP$ueH_TDIM(_h$f_-#<>n)dq*b>@r&t3gGyZz`wBTV$ZQ3!v z{1Jf!YCi-ckAb0JFoU)#wM>)b$aioJm|+CLWa1!cl3avsSDVBKcig3p-17NKF+JbD zUhJ~I$r*CpHA1iu*lFj& zZ>V?;2f5&0a&y|RWRv7il{_!eB6B)XVyva?_xrn!K|`lJzsB`sm8N}-@d=Dx@vPaRn|A6Hq1;Na}I6hW2fT?jPt2a3old-eC zQLe^rVUv8J`7pP;D*Y|0zJb9IpepOy0W}xV;8jw6iS@uKU>z|pgh?3|%+1RoYru_V z!=~pFDQ3OM=gUHQAPc7TrY6VMZSQUCJUj*fw%)O`Y_s>W&bO*@f6lqA446WfQ}&;1 z?{lVaC5{5H(84A~VZwyTC4Sm~*?>R#%V1{rr6f-v_(C;*ci#6n1<9WD)RqN7V@JCRp?t$a&}TMz%o!* z7L?{m|D8GT2B-e|I}GH8Q~>e90Sya-r;4+E!-E;|nS?+MJj6 zb!=#`=2F}rd=G@1-e>o~WJ8rg96 zV}1@^btZXzpN)x^twa;k+YTq+9cg>fchb~>VjKY|2J|{zYyf9ao&rI41(Rs-ci)sL z1#Nrx#Sg!stYn+5jvzA1nzJCp`XR6+{{es( zbrJ2DEMOze%Z!#6i#OaNSYeo+R9Jxrs@PGxcZwJ1)T{LKVy-FdDWigA%6SQZJY<8R6QTRQXD0!;DW+DSv+!S zmq3nXfqcoIRD^D+X1z1@c>3P|F4f}{`=&smmTMNYyuOMp>d?TXim7mJix2IXO0%p? zb)%foOA4U=9t9P}u?IJ>9ISnI7WzK9!6cxPV@(`>(Vqvk%hCQJ^vMqk^$J+19K^1D z(=HY1BwU)ri?rH>Ba2Yeqiq}BD~(?%N;{=iv0-?K3WJDiaosoeYmUT32tq5dOlVr7 zGuMi>_xpPU&$Ka~I^!OHLU|^Fvg0zw0yr|bz}FJU6ZW7xWnx*iN?dk|sytLLy5pkg zz8#qz^xrT=TUWO6sI3!5V`lVi_J?wDC#&5@<=akF@bP)(t|Iqejd))LID<|oz(qj1 z#D1lGmdRK8YUh2@4$es%ek(-dW;4>XeVx*9h|*t~-Knd{(?bVf{K-_GO)}IJLmg0I z=c1`mW7WzjctV2LVwv+DTW7$-J+s&F7FIv?6$>`W}nF?X>j_$Yk>>S|LsdlmD1zHB_&OlO10&fB)l zzrz~%M4W?0N&CG&zs46swE(ayx{J*(lXN1qt9UQ84G={f4w%ril(k6=%Ovd9mZBQdo8MD+PeL@7=#!KJuOSE>AJaAnM|- zBXX1iH#sz0`m7?)*usKG=}sR|oefKu50Y*0nBc}U#-kM^ix9`PwoFw#!&>s*>>yu` zGT)tFgn0g4T(zKqHYwxNDz?p8%69JUu zld<)Q!hpch7`rhJy}OK!G?j@k1faIV`DU^Ls32JOJ-!r4j~NGMs1;EG6Zgz;>>Kbb zKJRl1IZ;Y!1Px2)i2#Ja1)?Sf!e7gJufIY?X;|1q<%ve#%+AosgWQJB7s1mELjX#U zv-=KU$m*(E0MYa{w6oLnD+R6DUj8AT^*eB3Ox=_e8FHU!X3p`41AKn*AX}aLlCLLk zDPtg@3c>wN?~d0hAbrE;IX9O+10e+V`(Jb-XM9Xo{QN7>{c6aGzt{|T?Ep?1U@wW> zpb=dQU6b#1z2e3fAz+qrUU(gK8K!py$zkKs-r)6_tZ4kG3jZ99&fNm;twXXaO!{DYxvoRB?U`Nh^ftQK zY0PSP`(vl;8i4zc0IYu#Ad!$|Im|D{zlocFTG+*Cmzf3icPTOvFTAZ44r)(U9o|<0 zy1M-C8}x0M$B5ntI+4{)snW;hRobOr3%~tbyPHdTbTN4A8~hQJT*eJpfmo? z{>akQBj+iX9LT3uZgJ1ArWLrc1ouaHBOtS5>K%3#uP`|jyHZvQE9D*2JAmpJoMz#0 zH7WZyv0&eNI5jYEg;u8WtA+c>5f^9g9UZ?E=(dk7q{=2--%>wCd)f5gfu8`8`;T31 zTafEV1Q))L>^NpoIBd4Io;K3Gx;~Z)%V7v)QJ?XTX|`1YJT1n_gqH4dAF0>Z9n}iB z9iZL7CF};+KK00(^>3c`o2=};^Iexyz#9Rv!&HVa2Cpzbl&~Uy37la)c8U_!&rP1V zsflWlRn7w5;fsEX-;;$NHIad9?@t~csXkvr{f?~5eP>-`2yimxtM^{*^@3d7NG{*e z7N$tB&mkJ=4j%go%4HLPTmZr$2HpyD{)*jGkRV&N7@_h~$dY2BE&>v90 z`aqWFIHxfDYIN6!WLEXrk(QWC%JRksnNM#rwESYQZ=CBlWsaOalj4a%KILS@LFyT+ z_$qhVOU~X2hQ(Wty}x(eN{tF>GX4P=N`X=7_)y#2;(D#k&Eoty$^Ee-)zVgt;*f6v zFgXjPtwNTZ4=2jk+bP&K0X?(A4FNj&K`{v zjTS18xqi6acFKJj&{+PFF1N+nACdmL3B$$$8&@>Gwk$PZ*7!1N)cD{Ew9z3JH~%dQ zu0R(8s{4W%$r)x<2D0Gb=RD=#gc~8U?}yVr{~yAJuK^k2&j=qkNX~6U>BwmZdD0b) z9~!YD56boIaQoBD8t$;Uw|KRBrNe{^>wy4-r~PTB3D;=(EV(11sSsQ<)xCO7(o&(t1f)%*S##RZ@*T>&^@5SV{Y~%QNUW(wm*FiGF zw%-K}aPR*FD9+Ucl;t0jtl-#8&%TfW{am%WeNy=yyOM_FdBe zPu2o8(uw@j@-2>FNx!X@DMV)^IR19+9T9h~v*5^T*>}GhEBE?8M0B6cOg1Ol3Jq|g zM}INXU8gMgJtKeY%kSJnmM9JEBCaG{gue*au{O$Etjv=MfZBem2ku;_!C#DCcWb6d z4gDL5pPte`%P%GG=pQp&{&}jYc0K$QkqND!Q3yY7uVh`WfAgsSl^$5`r&Ry}`4=ro z{9Qd4$XFinN4!D>OR~U{|MvQ!M=G1)*0 zzt?!ZJQ6qTa^^@EU?5){qY~|4cdU5447r<|ZM3^po|LmY4Sy_8boevjisOcpO?6BR)9l4|w{~hOlw=%Qn;q)jI0+$e#oI|A*P9|4a`wbP0d~bTw;}t7xDIX{0!S(FzdcdUgcKskMO2yY`oS zp_)tP_8Id;9=~7mS0NtDYXQ_&nD~Q>V|g*M`#mHFeyVQ*iOYYe=j5<*szQ*QhBY7` z3={L->MuN701{Czj%%?XFE-t^0o8N>#>**wB(e2*it_73TnTu!&hH3*z`z!JA!(Hz z&@P^nA<4h|soGEEz;no-=9hZw|CJy2l>$IQy^2mSnB)lV}`L%o3+O3C4I9Rq0vdN&7#YG$s(@6Q~7U@jy@$&z)b zf1F|OV3_6`!sY9%B~R0Lc{9~N1WSRD^7}5<+jlfmC*6L9Ljl?m%WxYUorx?~-k)*} zFStoC1#Xn{%sGufq}uxfLJ$QIN~4$CB*A_j`%IZX zntR8E5k#36%y4)r;$nk4AT<{Kn>n7qp8oI3@dT>704fUhD+NJS31EOQHd|dEd_Xox zk|L~2@a|U%QJcwW`Qq(P*&IYY34m{GmYf+FO+?+SU6(5fve|{a zZ~hc71%}H#P_GZkuI5gKmB;uFd}x`5A$Kl3@y5xIeNXRe}H*ZGXSd zpChl2IDSbZj0V8bX3cLNl_#7}M#wfe|5V!?^aNtpzwtQ#N0UB9{~de@ha#{kan7rCaTw7+_r{dSLm8PKOM<{&-4(`$|F1q)OLEsC@DiEi%8x5+%w7T|ds~lAzuX zr5ea3q?6SICf5VG!MXlT!mTV^7JN6o&n2CD(Oo@1P|5foT zBv7A!zgKh5A!2aqj$Xz%0G<8pyMB>dY99GdXo+($l$K*9L>-p4%XW0GA2s%$64@J7 zpWOCo6vvu%1y=DA z1HL66Z+WvD9G}+i*#4@3_59KsD_KmY&UGM>>W|lEp2$%t&=3e09sgfum_7!wO3hE= z!!}F^ZeJ+?-6uVsYe%=y;KD&TG_+Bj-GH^y%1YK<09-cmj*Kzp+Wb$W`aro4lA<)vS^~?1TxJfo~ZS5|6X#l8f za}fvzaEHE9M0P+g18u}`pdcr(0NTN(uxAC<#l@6j8fzh^8neN(#uFarr6kU7Lq$O$ zXL2^n)M-4W^4yK|1J@I-3f$yGB80+c7`>ippeX$C(H!O#r3&ie67I_ZJnb&FC{ zFL43epo`MpP1?Jlt(4oO?sXWd@Ushl*XYJx`^qFyK_(}nV!Bq58P!v96N5Nura@!s z5Lmae5Z0)&%cIS<^WdFMl)o9{bdF&6(mCFa)N}Io^hV)C55oKua(KQv9Dk~5`TmIR zc+DLZ;I-d`QzI5BD0dW=&M!Gcl*bPQ@Rv*SYXLA>DFNICg$;>)csbjdK(Nk zF4R_vqbI|#z?)f`x+=x|g3?|rQRS_Py{pLtU)xjNCEn*ekKfMHhJ`)uyJuT+L;f7O z$2Psr#RK$4PlAeA7sBl zU7}-=BqvQ|P}|b(7fmgws2nT=8j`)8+t9olAU$z*VLeR zvM;;Hk6ZVtwwyihvw*EZelwgUJJmoKSd!v?6n9>3Xb9EL%`viEV#cp}-hrDh?=z-MeDy zYhn4CaN)t1vJf0-xM?dCXM>fW(nLK~JouqsVo$M4KT!i(WQz`QmpE}* z{QPk(xfMaV2b#cxi3M%cjs6G!f9j&)1A)!sskdTqT@Q%P6O{S5`QQr6_ai34b7@Qg zpMm?v*qizsA&8|=51`309li&DYSbNrx2TpyqDvaJpIXqsyjhX-&{X}z23F^yM@%NY zcbbg{Wrqgf=hq*eQFf{jnVS%>AByi-tfK$0mt7?UA)qi!0Ywf#V|YDHEhUv+&o-aJ zMHflI#*+}U7(=?JF^u4YH9Ojn+HkenSWv!EL!velOaWJw?Kwrqu;`M$Y~mc`B9$tf zl6JRI)AT_=JpNp{Dy8E-fa&!xN+ql{!5N4?cq3hcD9-doK5mf6ZD?4M!j0#^zMs@^ z5?21wkEWv7XI#?a4ae>GK+&P>ERGU38keWoCXYcAYrbTUr<&X4K~uF! zoldGU!5jXaMxi?@m=BECIa?H+MeRqrAWmi!&LzN+DE(do=#6$4vgX|0jg&Ha<|OofoZaTMJA{bx3g$_(&PW*5 zjdbc-4kp`Ig975e^yld z(NVGUY5N_E{403Wiz5Ln{IfOAa+pfaf_HIJVIQ&Ybj%OzDwBFZ$AB-2ptY+KBt#@U z9=4C09LCYg9rzgCxjtbLZ=zledFRtIUj&N=?BngdSol05LjCf6 zE0-f=CFf{>-?ZF|WqI_X;`+;Hhvn`VbIvpIko4U?lzy>Rfud?GM(EI@*u$^JfUxmM zQD6V7wnnWDda$dLEC7|K?AL=Qc<(uKx~*H514)$vs@ z`8)*V#@m=?*X_KPik_q8fkNK73AK+_dk!V^CkD-S8zF@z8IyGlctLa=7}_8kO_!-p7MUNu!8bD3JSrE z)(z5;>|FtqWo+tYrKiqVh7h19Yh4Tq z*J>IOR90D4^m>V=j4ja(YPp>nd5DhvDHJ*;m@)MbQbZ0;&H|xAbS;Qd5o7_#C9UJd zi1ap>qqU8^34VhYvNWF9TvVN7+4)FMx%AoS01kzb4yqD?QmYUm(aQJAu2;HjB`SL} zhxk1lR`fVp&7QI9Q2A%T)V7sRXv>9B5NI$;AtaXk!ah$9md~4kBLsCPV1hM{qZK7; zXlowJpwl)Hf^&4kyIYlnP0ZwhWjL$9EP+P*lOnSniM?zfYcrgoVl=TdJ3T^4;B@S| zT8*|0u{r7GPAN+oV}I@ZqBX-#{C~KPgLcy>!das_?W4rwpA_YxE_G#dm9GhpA<>ru z8P&18A?j2Tx!jB~)Q4b2oo0af-KPvhLzAD4+ERG-a;g{z+L*~F{zn{cIGljSHO7|t zO{6^PxFVMGW;If1rAJV8sr!THkk{^Dp9gS(^TEp5HwiAveHAM2f}|24Z?+4bHqNhS zPuqcPd8~^ws+;F3Y_?!~ZxlI5JtWq?3L_j^a({l$8meHPHH^lEKY8{I>ReXTzH&47 z$S!*!>Z)!Pda^60IGZbiw`t4`P~4CAM@)g32nlsp@pMm*(!8}BJa%PUbdm>*}U!8_Q-{ zba}R~L!SNDy<>AbAf}`vkvM);{On-eaxN{QVsgZOeWB~Zi1A)>dWgF-#CVcgY?X!D zRtB3Q@MfagKSt-zx&F~6^V_`tFaH1avYjpr9aa#Hq$G@2P+6n9PC@Go3JXm;u8Ptu zex(=@PFEA)G#a6ZJi=sFk`LJPb!+w#X zw=K`|a@_N>NS3qvEA5V>iE~0w+Q;iD0M;n*$_Qi2qH=m>76J=P?~fV zBo+`55d;CL5vc(~qz4I!qVy)HAfTWiB2pr~O6UlPNQY2Df}jF{1T}0-@!h}koco^V z-g%#Mo;l~vd*|M{e=wO$_MU{j_ji5QTA#A0J0#>i#jE5DzO{!yvE9_WOW#^HVuCOfeYS`Vx{MS%+tp!z|b!(|a2PP5H1J*T=y=%k{UA2J?>R zPV{7euM&Nl`s<@X%V^%5?YPI6C-*iHkjNZGj!Q|0TK4r1_K0*S;I-H??9b3fVh3n* zhTTH~6wB6JvNO28|2BCSRz4ROd+5q=-~5@%{zuOglf(?-h^<+}YJJ_t<#a8YUm}{1 znnSOkVIOS4u1x7YSG&?&)0(PgtgGIVF3H2+EWb2uPqIlaq}qb89=0~Ha_@jq4nk6$Jt79fYs( z;b}%aIeC!OqQ=q94VC*>^Q_99r}kR;ozvB;IGf6?Jiy_nk0_tFlvg1m=Tw#vwl6SJjPMmGY#1r0wqo3KI3mcGq&;(*_ zMh8WuBa)5GU@LtSkK7>)_3}?2V>C$!ou}2AAm+z1+o}#7;Wa$ry*q6MDAEd`fQlw= zDax3O97mJIi;UY^%YK`_ZyTuX$rDW*j06uG|-e zHTd{8tzvN9pQ(BYN%YQJB|3~NS_a+7o;_skqn9;zQHm$8>Or~qVba~bPGc}}ygwxM zjv%F;3M0MFBuAGc`B52{K!N1zXGsUr*Q^FM#UmoLbGRo(WlwzXQzK#L%9joMN76kG zQf(61Dole`0QnN`6VcM5$Bu%r!L z0&vv(^n3tHDkqAmB>X%hd<;>?aMmh`|8Y5Y)7EKLouxq2+lXDuDfHpTsY$sid z;f8jhjZlu2G4}w@G`{nIHHpZl_b|ZY$dsmMgKPO4&Zy;2*@ix<8#j~pzx(L$d=B{= zuLRtC$)3W>Vgs=E@lu#0O!X-}ITH=n^XW21GJHd?#`PE)SADWvca4iQW^=!Uu5Nfr z#}0~e-WehA(4%RQolrt84442rsQrD|1h!suep%g6G(5=T(;6+yd3H**)Zf>6^0|_B z9a1(CwXMzMRQ)CBK>i*sqpT-Puo_9z9#S=;Q6t|K0srb2SB*NlwUAi zy1gdh+PLvvf@5jPY+H#};DS$S{q_asoMM*0CscKFV~^5T>^a~UBW8peX$tUA8A}oM zFRVRZ5P)#~xnUjlqNk|%I^wHRjwKSYx1#*{$B&1erJvRRDba-kRNBi)xS8dC$bRE< zk$#Z$_QQP9jNB(FgxUG;W9n1luN|a((k6DRUZf6^B2~EyhHOo|#+V=&%*{{3byV8Z zyT?sH&GNTwy9M{&7rlu6f?j^7;v>_!Zc(3-!abAZo@YvCYosk!)4J)?z#}q##;cPk zi-D|ZkhH|yQSEYEE(Uv)Y; zV@(vA-#0UYo*;2%$Z#d?>ub7owSC5|k&U@F`Nu2BUoO7sK1@0F6Ou-(vFX{0CsJ*; zc$n&=OlS-lCNaF6hz7G>fAL2FI%jvp4XdA3wixMj#Yz^OH9&r|IBqreJ8`*PiHT+5 z+eH91Qa=Sk#!A44Niebgo9bZ}3dv^vF0(4<&}p|`z5l6Q_u4e~xs}1V#9-0aJ|aPo z4giYbOV|t(9hznym0vw{fW`%R5?NGx;>7prNe%IE!T{= zLXkFW#sTyJDmK1Nv1;u%Jp)Oqp9pIeFj!rsf9!lYz+Z$?NPCqs^!Nc{&7g5Gid=#1 zJkORuU#8(UzEiy}P>~Pn7ox9@72k!;e$PV;uk@Blqb<4EY^^&e!mJsR|pE@e4V`OmBHuQ(h zMlr(~eWRLHZch)P5qks-$&Cs6=k(v_B&ypPrUf0T3G78_Dq0XsjV|jX{NMo<1Cv1OO}DF{jp{z@m0vA}TZTj!8*J3N4AFg}Zaj3$JU0KfCRRj+ zUjnj(>_R55GonyxYBs~ZCio;Q^YU0R42F1LhBFAN^(EiPAXQ|El)fB$*MZd%tC z*u*$Ri@cOTZ*$29jvTaqY20-|nk!(c4jN`1#yuWsQGplm;((f8L1CfKoFk zv$TjE`aT*@pXCj(Vcjn;H*Mc79Dv~6AAGVA_3OY52caCk+lmB^3#yK4bx&|2fEDdN zy`L6S8plLXmzQzz#t5>U%NMLaAmPwb{jNDKgs6BfEPK`LByZnDIcK-0XSV!(hAO}X zUbJY21d3rv#dm*uMKkM9Q7V85pyn(J^e6R_)HQBCzuDLn=&2|!<=#`gH;kiNa+j+Q z&w~!9y@ehGB1t0~163eWHxa4YvWVkc6ThQJJm!`X{b6cxz$)`7dh0P~G3MOCp{tPb z_74wd-C{lY{r4%z^a0mG3B z@P1h<`A)~@pHan=w}ijUxw-qUI&Un9_|)0q)nsHT9sMdLeg}*Fq!>2nbDvE>-F&CD zzLq>t*i9i<>Rw9j7JUDHFxi72Ad8s17>jUlsG%`JKYh<>ZUIlKBwf%Pz;+b;P zEF12CmWZV2x7}}tec<9mm7&Bwoam*_r`GGSdw42Q6GXxG!vRF9144z|_nd?X!E(E~ zcI#n|xEp+d`x;WmO5ho2AX;LFKSRU4D<+A9iN?;i_au@M^sAoSvC ztS<~u(YjlO7L!%!1s$pC=L8I*@75?kzP&hayyIcdSyLCCdG$JCp7ivDj7%2mIh&X1 zH462D5M;W3kK8l1_N-XkiBWI9^8An_<*F6UC}%Fo4BE@YcdftF3&2b zDL#zL?2!@BhDVy%SGXVTJYMhmfK8w_$u{b?$1&|QlbbIirV0XLP29&cNqMoKAo9!$`Ddxf z?va@xQ;@%q$o1+@Um4k2nhH0)SD(L=Ih%5AWNSaX1dV8RBFF{H1C}NG;9d{=6c<*^MQ<1l9`HS|V?5sP zAb5q1Eo;R=>Vt}DbRy|I(~ByY5@{7()QQme*wCnBCjHU>+Uknn>XN2Kt?Fm#yiG~W!GTu@P-HDB*(rH4a%vs_(Rl|{mxvX(k}ykBbX zDTNdtQQtrJ6)MSAV$WtTD$oiOnZdM-PS8M6;j>rX)&*)&KudV<3i)tkI(Iyz&du`J z*_U~q@tJ)+d|f+Wa#VO9ql_9Sx0ftaw3Z~|O#}cx>zeoM-uL*isw2~0Z3UAQ^7W&c zFMf#DrEU+VX|-KZv%ay0HzY&~&^n#jC&Y(65|qIo%$Y7B|b1@7tHs zaUmPDGbJ6ug?d)2s~5I61}pQc6;FPLiJT`Nky4NoF!O8T>;F=Z6^Ek`x-IFlVJ&9V;z2-0Qj3TK7?P@ zua&7`oR*xN1}}X|NeH$&vICnU$bg_jfIu7y=15(APxfw3xKux_{(9VH)%@L@JhAQ- zR?&h}g7Ko@j?*hJB zOrzzL+0FfXmqgrFGZ`W5X~LC9J|$WkjpSVJCvA?T;q(f={SP&RL9fVXzHt?{;m0tu zkU9uOi29Y@L4|dV#J1pb5EXD~H-kH})#mgAxUH(7%3^rCHCbOlXXXZHsb?N344aN` zh}>9UID@H|ABBfJ1e5sQZqPhllxO6>9H^z}&}-&$E&+pFC6*6QLL(R+i>2fJGV z3b@G0Ibe1T7IfTfrCF4g`y;c)@wQW%rC8+a`C%{5;|p#>dZF_b7&pZJ;I>nCFJjLQ z2Vmxi{A?vuEqxdOfmlA2z3Wt%`_Y&~Ytre3rEc!dg#GpR)#Iaz(uxz6utrGFxG%I} zUc!+)d@ZEEFy%K7C6^{c4+a*<UuAfv z+Q#V^77n8Ul@ZONfLt|=( zQ2V|zMIS9i_P$|jqMVisJ1V(cCV#n`o40@dW&dKvI_6BXkTIWbh0urfuY?85Lm?-O zUw&RTnWl=+&%Q^_@Yn&`RdaF@J#1)Q)8v+uZQOFS`$h9~E3u}ugj}gO1clk71`=Nlh(5COR``s#h#{d4gIWv80)PeCq{c?65Rljq;b zht}e=8TltQCYi3RDz-8DA}ga!g<;0jod%_jZBEl& zA??|P-FyD5? z)G(6IgqVXuyvlf*K6KkSgFe7|hdBb;5G*~zbLl(R;YFEO(ghsad#Wu@T;LCmc_du^ zh8P~&c<=e=%x8YaS`;(dG`$44z_4KI0)|vZ@AjHY+*X1yG*JKjyluX_y=!Yhv{O@4 zk7w-A@$wUPZ#g{<0QDWoaEMk<&EVeh}Vhc=dwnV8^J3wSJxRfcy=7 ztIqxDTi0b(`|B{ojAaY#(hKOppmy0g<*j6mu=o4cE$TCS;Gt1SY^1tvt+=hYqkDq- z9-h7ThK-aqc)Z>)!&%jMZ!H3(b5Vr#qRrE1xsVSSv=Hb_J~_6a(3Fc<$&xY|+WT(E zzsGXr-pc7i`?+f}nKyu4hQ}JD5t3rU!8}AW=tSMD9jn+ z=i}MU;O+OXitJ@evr6zmVBc4(V;W-sIKM?3ffg7mNm_q6>WiAL3oGaPwR-ANU3bUk zk1GZDOUt55@`J8NBOkD(m=+)*D)ucXxlrzp({E}!rYExh*YtRm#O07M|C@V)K4Ppy z4j=1gEtz|$j#n*(z+^GTY_JW$fi?uA1+0-~-QG$|>C2G^dtZrtLl0u*&aTYBrS+Zu9@ zWPHsvZ0$e(+Pl+@vsrBkbBww}5dhQ6{lNN?D_#<c}2mKelv)8>J z%@J~ap5L?>(@Wjx`-*5jqIO--6{u%eGJRO-_&~J>0IqTkD~aX!+AFOL4|Ftegl4tuShjq|+@@s;fgA5|L9{up^MhHi z)a>#{n8E^3C_sxMVk3y=12biFPxhbd)gC-VAf!zjNfX7kl zRxTKK#_hqBbE{o-0$S&KCEX59tbHUcs)^UC z`GOU~6(3ic%9aL6C@Oeb4oE_=d~43{WEk)MJ*c8OfAwQ)bf00nC^*iFrPH-GUgH^aXn& z`}l41p}TG2!*|Yv=0WH@1P}~n_p?f$f>j2(P>XU#X5a@M6sLt68G_*U6}94uHT~ft zO(V$`Vm$K<*%d`GHZPeCcxTGKX%>x?>rz}w8>~^|xNY&_>puKJC2CHbIaB-~lrK%j zhTV5Ov@|ALs|Newwf7$m`^F(K|NZfkG5-sO|JO+)(0w%4ha#&0@He3XSw6f5cMa!-Rm5@DQv0*wB|{g}@MC+fk* zj-b?Tpn9hR=99cnJX|67MY2QIbYE!+9D-*_vZEeFw}rg*y)4$DmetNfE)>LkCQ@xP(%ZRPX$f5{ zD-u4oO)egf@X<7WowjNj)L?n$eOb2ilv0|a#ix%!5p!7@E?s_RH2Y;D1zv_(lvidI zwhI8&8aMH%jj&e4dC7wQD^6pi=7MiziIC54vdrdXk^O`7T;phQ)(fz7A;x0sS8_J` z8Rn>DVxPGD5$#?$MqGdURcl&FL%{)4p-bPDQob15rK*KI;NE550dhgBd1?+*jIY;2 z3$T9Cm>kX$Hfv+|Sn?yWzIqmRYf6er17D1EI4UCF5Gp#3{Q`xHg@Wx+_9UdC>Jh`7 zX-frn)4OP0lKtLygtgBje1aQ4JrT$~P03O!59gbo%wJ4=ae~xPhENOO`4&l;1qs#} zG(&bL*B=h^Uf5%7jUZE$=N!OIg<1iA(MuYUu)MC#-@fnPp?U=9xp}rPbRInsxDTs> zHAE)-+7e|C5f3q;q%?yqr%A1_YPtHf2ZEuYM!TbO)xFZStv5vC_AWW)gE#E7u_77I z#U47%lh6h)T9e*ae(>d6!9hb9osbp zqHF$@rVQ(+0|?GHRu4nTY1Pq& z(G5R*-bu43W4UsN&3&vt76(fXaFvN!Gd`S#xTAT2sHOcTLV$?f{qEDoks;vt4PiIs z2YhO~bnS}PXGfP;)lQ%bp9&ug3H;&5=3M}n0LqUPd9Mm>`0{(pwc5ZRud=QaF5KFT zo%}SV{WeSYlK|!&Q@;BB7+VNXw4SJ3scWsHu0G=KZTmJl#9vJ?tx8YjQd8rUve+wh zA65XPI%Fh(uwN2&sM8T5$keSs<*kjo=fO#%6)N~F)!|yzNY}8Cw>DCT`Ds@rwzy^( zu@Dh(olv&;TwIFmDBY^ERZr5gi#Pj}y zCV~{%I^!0QCKh0l!+L)3W${qCRB=+!gSA+rz`MnocjE~M&2I#=_<-|cYjdRbB+pR( zOt;=5mkUaoCEk|e3)hN|eK}!#C~6;G2D_ABSmP7N%E&m%DmD@QSleszi1pCexoCKg zTEn-IFBO-=A z>x4o<*R4U9_GKpL&qQ^X(_SKp2vr6&)g|p^lr;T5vkp!4P+fhxE!>)7R4^>qj z%n*3wa;8OLzO;aI*znmo+vJMWE98)3llA370w4Jg$3_Z60WAp_7T0`-9csJk8Ll@? z$TOGCQ@+2DdnAqA#4T)_!zcdz;!L*6;AW>sKE0cj{!0q%I2wZRrfydVyxBt*k1&Xi9>O2@pQ&@qszB1~gTM8;@7k59eC4!doxhk)d^9I{NmQPnD%iYviPW9yyz67d0}3=>pj ze*|$qTFp!D?J#b>qeguz)L*lGRK4B)LuPg`=W(&K-C?PxX1}(}jT(E>GWtQW#&mb# zELV5?zITff?h|e9#S6o5>8#c-mQrC$?Jk=N$~u-u6eT-Hn%T2hYW*_MDGjb&?h>X4 z;P&vrI5Nyirg!>AyhS`v(q5P4j36A_F)*%AHtpkWR(8zcYGV}|M=~4;fFc#QXv*Lc{e0$3bXn*o>K+MBXRYR)IS{J zL2XCMnFdtuomi$B+~?)G@L-THyhz8j%PuS(Za2#XsWT4DI_tKHj)HDj(^~0CfFiZH z7vy2`VWbw(=Rf}%wk4S9-z|vJtGp@WZQ?ye|2(YNtrTL`DHQKbP~wTDyuZsZr-SUS z*!!q*2UecRQPeW|qjsRY3g9VMob)c+@0xT)26x`2OodlLjeIK~MqljmK5wmY?fi*{ zU^_1u2U69pvEKb0NfMvBqx`thDcE1z^*q?hCX%XjCDkDheDe$(8~`=WA+S7a1J z7t@Is`UR>2$)7T43Pc89FGNJRo1r;pH?LBUkdJJMx2oWz#k?ln4PS{>RgRkTxbPBK zr*}~y8^pKl-mgobN(mW+nJaN!A9Y=@Qg}Xf9Az?N129y-k)TGV8{l_9gT^Cfz<_|ZWCGL*BuEZXnQbyn+@A6y({;<0Gi%=U%Bwb436 zA7t|fR3fa9AP7daTE9+f>3-6_Cp5(_m&mxE*W1iV6nl&2rs`M z*=DWwUnC!%bWl#Z+Li4nVL#fg#h%7Wwx7U^Vw3=T>NGhrfqf8V-dXED+g@I=a4w)F ztv8izntn7(C3DeIccoW;Lg<*Ea&=)0D;6JEn1~lEb3HGvJ)-;cL5>SN<+Y_wfID8W%_let zTiOdpXmrE3J=~ZC+QZgz4~|-pF};_oYP=YuWfYh#T88xy?+13dj>av;n0MxBR^`1;2|QYc4Tp<1 z=HwWjC?9|lF6G)L+`Or}JSaJv%9~GLV&zqVsV4ruFbZ}yTMaAxtug8Cw~D79yUBnIrsza)Lt3&5@qS0OD$6Bfl>U@mfTD*}M1PBuz7Cc?(eWOT%yn6gJ4`(i8|IrZw4Xn;QGn{Le|z) z7Ps*DpkSd!kJjFXV2dl$PY!E`KChx7?9S~4Y{_m4G%*7pyF7{^4>muw;@k9t z4O1|3Gw$YPfG>N>0#}6ysuH&@^nIvU+cWy5E28#QTB8!T@zj&oz#Mrx*%(TK#lxzn z6PVJyv4MATQo^DK^nhqduf=-~Cf)$JWCwJ+RKu&18|omn+tf(fz<#36N6xm3l@ zMS}*wiFC29rT{7IcDAOnf9{4Z>*cHMSD8obOnJ-RMcvDt(K_}MyWvj85+ZGBCiqwA zOEhePi7INJDv_bpd&i)}GhAoBT(if!Ucol&NX*dbs3e6Y;rcI-hA^1;EfbaR*=!9! zpqL2*t|Ab!j=FH^7$SY8NNBZ3tQ( z03Nwi8A!r*H>+<_D0S|>&S^d5kOH%IO}kU87Ku8$Ba$3J!883_U)VKCNdg3};mA4VM| zLdG&hcAQy-7>LJwAW=v!gEJt@-Cx`#=1b0DnQU7{6Z0Hh5#t-`S2iNUmdIXIX6Gil zkfF?;hVfzq(8@O4s9KWjqV9y(L{$~+TJqS`4M#+rmxlV~-Lt3tUW)zdr`%&$p>W;U znys#_BqFCBGT{(_b8Lc#0U*m@*<#GTetb~-{;E0t_=}(VKO31MPMrlOs45%7$QQu! zg^9K^Woe;yPiF%fvS!^9=lknF+8;mZ*xA`97_f~8j`w$uK$xb0&r-Qy0$Xaz*g71J zv(}@2n-U=oi2BY>7*)2Ma?t3r;4*e_KgCOcoMPU7-!g$;DuUH67RMaPTU|G$rv9*) z85&R?9@mw<;hkj-O0yX5%$q(nyYIw5@5$v+TY**kn9!yJ`TmQL6(c{+%s2T~&8R<^r|ibb9H*+)(8w&$7qe zq_U#pQhP-%?$?yNXL~U?ZyT2c;V^b$oMex+YttGUspf16WcQYon+NPW&BfK~HUXWJ zv+wqUUhd9V3oAWu<7l7MGADtD^7sAfFdxCb|40uk>5fe=Sh+(be#IE}-T_yHHqPVw zqRNKNxn|m7v8Vc*RDDZM% z-_G(j8cmIVe&>;ux(9a_xi_4rKHXkMDMHxw9nZ?gfKNWC_83O;=8ny5DP0iAtzds7 zivQe7G9b=?xInI4;uxa-#6a+^-c2bE zB^OCQFRw~trEa^rq6&5{HMcfAQF_`Gl`Y91$$4T<{920z{qA*U>FwsA4W92He~_X< zBQ6_mL>4n$08oW-+9vsz)a$yb&3c(R*FfvT&b9q|pY<89lmEgh9zLM;4an9=yR{(I<9NBvxmc+U;Y4_Dpu7`yGB3kTQT~K6Zi(L zkKCX!E)dy+SpJ_2G96RWXac6VEC8cQExboj)^@dtUP(E{-C}in+*rFJ#pt5Dqos-4 ziv^e_Iszmz@sa-;TWL-b+~_9@CbaC!|2n5Lcikhv<@HOWM5&UNqw{WwUcBNGkHtbh zIV7pSH9H)6#)|%xitPRNha<>_dv+dZIHnH~B7V17Vmy2*Ei1By5PN%a_J?H9p2yEj z&h?+{#n92}pP7LqTtbU@98Jc>MhKNXIALBEkXhB+S{QuvY^%NOA(L<4VcAgXRb(6} z8FpH3>>?6)Ncacgf|AaF^{tQe7H{DNE4fd(7-X?WfCgi-;9Tp+1_I>aHlKt1P9)j+XfxUh*xnS-4>SqyIJ9 z3zX4;8(HJBN=lpG(pOsVlTSFZwaJ;&CvQG4&U3d`5~1X}V;qul4*PxmJ-sHlL1EaU zje!wJ`da9&L57SZ=VXb2(qB6npXb%M`gbu209U&YE{ZYj=8~ zfGU=vMcwH=#5_ssZLk-~jy)?}$Qo1i>*Ee9;9`}7 zNg_4{Uybj92*W*8n;K}1U6uCM6Gta+QI;%!2?+o4O}8k$Ae8vjpsjcE+LN?%1M{%& zSU?%tjZcIeWXqry`^h}<;TimH3+oT9kOyl$&pgQLYZxpU4HA-iEU&XiirhwI9|)(~ z_q7PdVYERr^qu?Rm0UKoGwqpPUjpwS`U0^sm-g7h9WDul45^HQLR1n0!9Lb1Nei z3j#?LMd}cV*jacN1DTTlO5W*lKizLPso(l-DKOu@(p@j20WOr-l`fa6ape5fo4e8{i_G)Nax#MoVay3 zTPDh@@G}HZg>JBD9w4;tbQjD;v|?LK3l2{*MQ<&)jZqY%f@a{;)=>zZ3y={VWMsO7 z%_2hWu9LErnbE$|rwjiHOcmEfOovJtgZvV1UYg;?4$Z1(=T3io_?xX))Om@krb+vA zC9c*T|1O<98doFI#^LJ>`)yM35R4HjJ6#daRmh_BnKi+)p%(} z?&`SnSIdm^C??ZJ{uBL?N8gDv#UvG`THy?&PyQJGLH}FSmf5s^E+7Bt*^+1PoL@(m zrSXIKg?q+lv@$~k9mFca>}RUdK!Cf87#~@9sP0VYHG@p+8!83XYS-gu1#|V^*XdeN z2V^sEn|kINB<)!OC7vK3ix-R7O2G?5y^txtU)Ptha>x?h<9)F08>OV}rEPU664mS^$pBf7+>Aiw|~%(0xfE9UP?9Sd(p) zl0B1MRrOS1VlzwGA@#94DYpss09u3WgK%QN?OvuHFNTV~`lt_b2oVOozis$-dk$gm&N%cZ|(zGk~4;+)#egRKZv+)CFUu!lfole&4JOS0TDH`3+fU% zkz8NneVlA*?M{lI%v4&&(umVU5{RL}=*z6edQi{@YK2Eq5$zBlu=`5V>+hEj9q`F? zFKX1~i;{P~bo6_{c_HWN0Pd48FIL_k4*!vKXgzLYYZ*jvX98_rpgpLUBetCb4Mw~7 zOt@T7GktV+boXj)o#5VH+vA(&9J0x~#3j}a#T7iBIf)LY4i1q_%4iZ-rZ$CRR2;@g zt^NR#PHK^#mX z4H-$*3tUuj%=g}T*pd1Hr@jh*xLw`zB2#gL>z!gJ_~T;lu|I=Qi8%>-uRtt|4NY^x z9E~};W6#jDGR}Ux{J}c?o?=tft8MQ=PsMvFH`>idq4lsHB0-C8MN8;(kF=w)OR7*V z;EWBVSa~Oxc}$Gg?HXd^p?I_ASVZ;VPKU&$tOK|#1l9`#sscN(2aWX^?*0)i6k@Lp za7k$rhlbLR`A&>2!b8P+8a@>IM=3wGnAScNx_7AA=~gaFi&brGXh>0H2zUUWcFy6c zo6W^DX5^l+U(xVeTk4u&lfg0knIAI;diIfQpKzY5?mH*CfO`=Tl|iwg5y|XE#to(c z>luazc)e`eFmbpp$2G6hGc#993BGdEJKg4&_@UjQR6p#p$6uNO80b!sLX}|S>up%7 z<7yAV>*I_9XGa#(V7>S{r*t`7m7d1&?(PUfoz&eNh;K6I(yt#!KxEF~Ob;;!ly7if zZ>wtoGN?y1O4A*a!J$D1g}TL{{^KW48i$>MYbZSogWmElO6~!n`v0^s(EliD`(OQ@ zYj7P@Ti(X^6oP6?%rVsFSrDO(u|x8GZ_%`Lm$1%I_I6v2_CWU!bL`vGK%H}We-k`^k8J)x424a`c%U-r&b9oe>ftlGMTA0!Kur^p6{p- z@D$V!a>H|4>GGB5UL-tlaU-ar?G$N9t)x90)LYJmhK7a|wnn1ZX4gJ+?u}FXvD=qV zZWWwWA@>p=m>dC09b2h9$v^8R^xUo7n)0t^kJ#0E%1u_^E~!4=GVriT>gsfGu^r7F zEC6UX$Gaec#`fhdD6XzN*EQ*>l9%(=rB+d89@^hE^>xwz(W9LHyUz&-R0I(4Mi^_>5&x^_+C}D);Iz&!08iK5bulQ z2L$_ume;q0fc!q`%93K|?=?WNEqfGk`jjQ;G;!JAwuRX~l*zou~GyRXSL}zyHmPGc!8esvh$eyM>AU+b0fpRBQNZ`U$1rsmH!YsX`4TF%IAW zOj-=az#qG7-IfIl3ktFONwIt7P*(GUJ*!{Ts!g%7Fu@`vN$Wd9`e=N^|V z*5Gt?F32$GmiX-iG7QL8Nk;+^w?T%1(9;ii@1$ky2{B$Bo1xhG@ZLLTqWb?ijp)QA z-thg(t{9)|*`j1Mo!Ec%KN8Hq-qM=Yfe?neJs{Md?W#yVP)bU)zH`)d5B6(R^=`C5 z?$TU(^T2PXDQSaedNK0-mcmg*g9I7RqXt{s507qmFQ5FR6L={(a_nDik&5pALlHS` zA(D;)c*rpx>pk*H0FrdZ>00~4;qd6_B4;-@n1=>HvefEyxMj^gCfV9tUW9xDjVv z-}mGgd>5^*uNIo0(32_SB-h2(A_6tQFmcYO_(c#8}|#-U$gj-B+z+ z^LE|vP=)aP(|gy8EGFs^d=`mRtdgi5A88mtp@*Gl|!4#P@1GH#o*xCT2uMscQ z<{)}2+t85yn!7Rcp{XBIhrDL_`g%f+jNV;^M{!EWV3Dk1tT!m5suwMQJR)Bv)R}kR zq}>8R0!^>R5AECN5nZ&-<{u8*{NU8kY2%o4W+r~oaTx-vLcHGyCuX>Sw}mRvJ)nOe zZ0`LfgyY4D*Ose4R+A;K@3SE9iRfyQ34QkC`{uQ)mhb-I-BB$Wp?X4~6Cu@%#LienMIf2vdPRKi%-6;_T--5Y@Hg<`~I}0GMWl06y`q;X- zkXvkW3wM~{?9g)Z)7jP5T@2+m)3*`m;5!HBta^-n_c$K1*fRV57e%a9=au ztGp2Sq?D6KL{UNHla6y23?P1Cj>3inaunpFa`H2w?IkU_P>&4fzXb`2zY7wA$zjNu zH33C>`ve~B*aBAa&ieZop&MEo)VKK?c014svK%RM32t7gg%$p#G3tB%p%2Ty#R@L2 z9=0g8KdsIxLjW~o0gkIrsfj0d+clZ@s6w+kc-4JpNjbk&=2Mez}>sAZkRds(K9jyL=9!?0I% z_STiL{bE&s;^m2UxizT3&$tW=P<-V4)5;U{su!d~0m=)FI{74Og*L7J9aR#}%;ZJhx<@m~GQ zKLC@!Ov7q&lCc4*KjpNp02xtB?`1BhubsJI(@+!rre3SAPMyCqi1OqC#$u+bYL8NC zB;#T-eC`@g8j~B4TN;`DN~(HJ9q-&vf%}h~8J;I$Mx!GQjOUV)@A5Tp-W$E@V9u+y za>j~%Ad_(_pxvN__G_4!6ki(kcA&ySm@Ono@Ok>FLu=OZKpWN2PmVGDElxD_#Jm5~ zEJc1$%&!!DirhVrnB{QyLqGn#FBmx-KJq*n{cA)>N0j?tKI!0F=1D48WZp-s`H|k+ zS@<;9>TE?v_@?gGwB3jMIDT6`#g+H-(hvN9$aM5ba&^G#uFek{)PUDg>}l8kYlQgU zuT$_r_*cK5fB#kR&nWB5zh+8e9u@9b9I|_t7w1};=xK(w$DvA>i9N)04`TpHZSBqT zi~WgDc;{cPmvh=KAQU!SF{l6eruPk@o4nV!`^!F|ra+HxKgLb$sQ)O4z+^Xq^Ms$2 zYUQfTh&qAr9JK;e0^9u7kcP5_!6TU=c|-x|t#G>mTE1BX*Adq)`r0e{-UKDC^<=kp z?DV|u#&NZ7s4p(*H@*)RD=z_L;LZuO7nffMX|xRD?eVE=&YOIGPU%hPK_-~R;6h(b zKEFEyme;oUj34?p%L#ut-oW~I^QzspLQO-)upa`J*9w1gR9a$Idt^uOj^R#fCh&?)}w266vaoJaoex&ORti!3Guyn{Y} z4Yc0C&gPn!&luxt!*}UXFcsp$Gpu;%r@$ass~gXM=p9qVhPAp5Ya*nwKtsF#sZYh< z9PR${s6BV?pV?^s?=k=JX8a#qBOXZ6U)DOgSdt{@_UmhtNf*@GSir;-I1TLV_(6J~ z{mA>K_K7Wv0vVH??P9gm#WE$G`Ptma_pQ1Y(X$@s>T1fvf}h<3OIoBJu2{!40K9u= z|LZ|_>>mVOzpsV;F-D|eTrbPXjyj##uJEn>L|aX@{E>_f3*UGP@_BW_FWy7SLb4Yx z+&bp1lmFv4glkt3P9bmcN zM4WoLKyM5kd@yxzDlb($WOk@zuD=x1kmaOG^2ZA^{$gAeok4+L7Jr234eOZHzJ99*}K${Ddy{K32u{M2l+ZAGe7 zU-GR;7Tn26kvp$L`|}FO=6p?J z&aKN=_NXY)*WJ9H74zZcF`tV#_diZKCpF828FV+Mvs$Ld@PbUEV3Hugz8fRbnt8O) z4AAy0wNi?j*@BlTT^@QSE8Hwaf%!RxJ~`>^0s{Cizu!2%`gG-V!KD4lqYN!&iZ>2t z7&_3-4aW?;Fc;YLnzEBGj$f0Yv3)E4 zTf0ElQ7vur&W9CH^7?lzf}#K3JIbTa4=e^mh->X&F%ZA07>B6S^`u9dc`C+Ksbn&{ zu9tN}G&yP0`rm$i^2g3V0^8Xmf7w@i{eRk57Ztk^6#nn_^Z)1eDepvG?%4tD+$#%{ z^esrqtJI1@wDk)njw&MDq*l2@@!LA96aL4e` zSIRDXH3G?&f97QFJQ0|0>J|Z3_b>iW>KOm8?pXhO-_JD&ZY=+EdZmr|PNPy9^?%(x z&;MY{`rh*+-twg!fQVp~=vFpjMX`txt1GY7--WdqER_QVd&!3nIw7%K41*`{gJP z;Plsv!zXM-Ij=uE82FQ`@Bd-%y`!3n_I1%%K>-nwUZMgbAkvEnL`0g1NDa~=(m|Sl z^u$K*K|m0RbPyr*4xx8Mdhfj_)If@Nx%b`Uowv_@d;8wr?~MD#JAXh1ivTT;lAD_##Y~=^+(oc?ztqn8f(LQ5ofgCN1j?`(WdPA!0obrah615 zv+_vI)pX^DPQ$W+T`WAeeSz<;&tymLga*9|6@jhkHn`a1J<`JBMOEmVCJOs?rrTMo zy6@x^&{_Po85x-TlnLCmMW>+4zfO37~?y!y^G zh}CuWz;K(h9WANBu#$p^L7@d=kHNRY|GC^ixhD7fx&YsX|FEx#=OqT@|E8>cy*L=Z ztzR4VL+a0R4St(6&-;*|fJrlUs@XZOEC4WRUj5GPRNA}?`J~Pu&9zi-DzjY6nVEN7 zyCc+|Z8#20w$DEP30D8#=loeu;~!loFW4V#V}9>;=x6X!4<0alJdVo0ywyB!k-p&!TPqT%1ayVTKPTgb7$fkx!Ks^Nq&05m?d5)~S|;W^WN z?m<}0?rb@Si)o~(%O4giUySyAreV>}r6s`BRebAD6}kU?9$+y1FBt9a0zeY;KlW`m z4L0@o=Os&@Kx*DGN^)7NH1=J{t?#Y>Xi)yi?-0KR|HI;wXL|ig+~!RGw_)690Pu8? zzg28(e=DMOg|DmXX~J+hxfGSD|E%YxqDZbMm>eA=D`WYIA@+dm+ocUL6Jg{JZWdT4+Uk!{WhLbHxk6zoZe_n9abx9*8uWK-ua zS7B*qA3+FBzEoNv79%@M100aj__HUHoO4+W1$|8gGChWh!JSuj(L+qre%ac5A-vxEo+-B)V7Z$RjGWFaDA@PLpT zc?o}WZgc-rM}&Gshgv?aVSGxPYm{2-QU!(0Qp*D0+*}W&0$aR&t#L_QF8}&eEpqA? zs2=E?%thwbKyj{fNAE3s9L)8DrrIjljGjB*q^{L_cbcv?DbI5{i(uesdL>P@PiQ+3 z#}*hdLos3d8Is}4r{ue3yk3KA(yMs?FACFo zS8HEj9!8GPQsYM&>qN`#QPk_suy1|`5A+}I3$ppUQxx(8sp0UuYbOyY=~HdlwjQG6 z#*MD*Kkr5;$#D(%hXSx9M5dgHk~6`DA+Y2GXQt5xM=UG|I}mW2XZ)wZ&nG43 zlqV*{i2 z^7Te3S5{!1-dSGop%XEk$)`omv|N=_`6MHTIMoi866g(XZv1d}+3VR4*MKhJ9r|Ez zHxr}H$ge~lK=@}$#pbJ$t6(q0{D%Ja3fHw`tpI1*qoB50&z7Any;)U7!H6&4j4Pzi zrG;?IABz?v7D}-iEiEmRyCx=&_A~^TkZR1;)gm3Y+qjY5F;7Q+4E@+pBLwptp&}P* z)Vu98NQNRG{O*t)*6?7DarhAVibu;~cy?o5A#(;KMjY{@mZ=HFNoMhk?ms&SY~=FU zqizh+x3A4~FW>Q@Iqr2#Aal~E)P1hn6 z&c|Uy<(Y|=INqk}?5)RsX|8>brn>9>HF{}=8{@Yd zebh^)!+*a2nR}@_>w4e|ftd#LwRy%w`L^}RyDiej(?F<2DI*S%=m*^&ZXLR+Wzsg_ z|MwR0499>IJJB+xm3$rOD%dy0bK4j`46Czv@_K5DI#)fq;o*|`I;~)m@R?;)*)*cp z3$as%?k}3TBrq@Bhc-lW#g#49R>Snr@rw1$)<3hf8tJM`0MiZ-=|^e>Dj;IlR~nm+ z6tQxke{#Ed5$Ukd!8=@SM_jKJvewq!DYoC18&yx_H)#awu8@oTrCVFcUu-4FDYCDJ zhgbX6#lK&X?o(D5V+VoOHGCCt;KQ0->v(m%tqn4DTPJ5a%`B2jxG7ee{c^wis?Nwr zr>LxzrB2KRstJ!GQ}l`T9bOi7TDC#!sjJY1Of(KPUsit4*c6|oqipuBthhAY^A{-J z*~|6>Dh3YswY*yAYj~K6be}GdIZtd_uA4^%Fvo-8H9ET*KycrpdXVjms@P#`2=T+u zI$2*MEOFWa9qi<&Foz_O$G?ju!HIXlde;aeK--V{7sy_Y&9ov=1^?E8Gu-|9#d0k2 zWkT?RccCEVsuZL9x|)`$ylws6g>4#{x@!l(b@~rg8nKO(Mi%W@KwJjO35mHbq`2S>Wtb@MJ;&_;y^QwR z)K`TE6mdV8Pwi<=I6+owFh>*6wP#L&3^-<+kvwR0m(i=~DfG9Iu9VpqVyimYbCgqe zfOh5^_==XXW|N8+z=G3OV=k5q&SHG=N=*{C7_(tg3U@b+FV5lj7%M&E+~nzDxHG48 zRbT0EMeV=y@ejIPU(xsQE_0#4{EpY}ZSqc!>Trqvj8cMcAK0TS=2z9 z85|0^RZVpRGxnUkvu;DU4W1%t7^H?46#dVWk_sLM@~1(*Xecq6Jx>kcJN1tdjj6vN z8oZbxUm&TGW>V$igpF0x=5|P-a;V&O3SIa|`+QeH%$Xe}M|*NBl^rL&%ma zFgg~G5w@$-nyB&>Lc$mZ@9kp3p`=_{qND=+UH*&z>ZSPa=l|JIl10z81@90ofolGW zU33#e&s@B>QSNQ?&e#PuMKP&|EFH4HtNHI5OoTI=Kre=}4cOcji~2?ucpO5{*Aqq;%vY&s^Y(}Y0D6wx4~%2+2?dX(g=CBR#t3k zEE*PlmD1uB#VZEQtNjjRblT~*4L=+^>}I0(AX{t%)p6qW5C{$a^({0}!;9$?qvEHR zFJx~cvzMlh$2e8axUxIY9_!7|fbk=39tZ~t^T@E!g+wav!wM(Z8X$hYwSM5QRHS5LDPh25$Sr^yOT6Za! zWS0$co!#mYaGd_aR$Wvyv6r83V8?V~GU;(***)wbT;RF3NAbKJ(`t+>U_r&!vk6*WSs5kiAMZLWy42T&&wvEgieO+)#m_BN%V6W3K15p*yoj7ZdoZmptSp;b%e+Cing% z8V@7u(DFf1{hMp$t)PF@P;-hE=fR_N6VJ||@Mh{?Vz7~Cr>IQPV>W#82O(+e-Id*eDa zO9JktLur1Dbs@u;+19u7u*-OTlDj629n{-oJnTZ=O;4EZ`h^FgSrxLJ2PYx~S@>|d zJlEiD;su=C$91V!K`-6i^uljO_jWKe-qM5eE~(rMlpB+|F@c#hEc^U|H{>T{XaYOQEFmJN#;?*4L77X)=&VxHcJaVPSN=X1lOZgd>J!{i#Ix`w}*}%T)|gOroXxotnyF4j~d;ef